| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.144-1.1.146
- security/openssl/PLIST.common 1.17
- security/openssl/distinfo 1.72-1.73
- security/openssl/patches/patch-aa 1.23
- security/openssl/patches/patch-ac 1.38
- security/openssl/patches/patch-af 1.24
- security/openssl/patches/patch-ax delete
- security/openssl/patches/patch-ay delete
- security/openssl/patches/patch-az delete
- security/openssl/patches/patch-ba delete
- security/openssl/patches/patch-bb delete
- security/openssl/patches/patch-bc 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Feb 26 03:15:14 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
pkgsrc/security/openssl/patches: patch-aa patch-ac patch-af
Removed Files:
pkgsrc/security/openssl/patches: patch-ax patch-ay patch-az patch-ba
patch-bb
Log Message:
Update openssl to 0.9.8m.
The OpenSSL project team is pleased to announce the release of
version 0.9.8m of our open source toolkit for SSL/TLS. This new
OpenSSL version is a security and bugfix release which implements
RFC5746 to address renegotiation vulnerabilities mentioned in
CVE-2009-3555. For a complete list of changes,
please see http://www.openssl.org/source/exp/CHANGES.
---
Module Name: pkgsrc
Committed By: taca
Date: Mon Mar 1 08:15:40 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile PLIST.common
Log Message:
Fix broken PLIST.
(I wonder why "make print-PLIST" generated wrong result before...")
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Mar 26 00:20:49 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Added Files:
pkgsrc/security/openssl/patches: patch-bc
Log Message:
Add a patch for Fix for CVE-2010-0740, DoS problem.
http://www.openssl.org/news/secadv_20100324.txt
Bump PKGREVISION.
|
|
security update
Revisions pulled up:
- pkgsrc/security/sudo/Makefile 1.119
- pkgsrc/security/sudo/distinfo 1.61
--------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Fri Feb 26 01:08:38 UTC 2010
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
Update sudo package to 1.7.2p4.
Major changes between version 1.7.2p3 and 1.7.2p4:
* Fix a bug that could allow users with permission to run sudoedit
to run arbitrary commands.
Major changes between version 1.7.2p2 and 1.7.2p3:
* Fix printing of entries with multiple host entries on a single line.
* Fix use after free when sending error messages via email.
* Use setrlimit64(), if available, instead of setrlimit() when
setting AIX resource limits since rlim_t is 32bits.
* Fix size arg when realloc()ing include stack.
* Avoid a duplicate fclose() of the sudoers file.
To generate a diff of this commit:
cvs rdiff -u -r1.118 -r1.119 pkgsrc/security/sudo/Makefile
cvs rdiff -u -r1.60 -r1.61 pkgsrc/security/sudo/distinfo
------------------------------------------------------------------
Module Name: pkgsrc
Committed By: zafer
Date: Tue Feb 9 00:05:48 UTC 2010
Modified Files:
pkgsrc/security/sudo: Makefile
Log Message:
update master_sites
To generate a diff of this commit:
cvs rdiff -u -r1.117 -r1.118 pkgsrc/security/sudo/Makefile
|
|
security fix
Revisions pulled up:
- pkgsrc/security/f-prot-antivirus6-ms-bin/Makefile 1.2
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Feb 14 10:56:32 UTC 2010
Modified Files:
pkgsrc/security/f-prot-antivirus6-ms-bin: Makefile
Log Message:
It was missing to replace user in scan-mail.pl.
Add FPROT_GROUP and FPROT_USER to proper handling that user.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 \
pkgsrc/security/f-prot-antivirus6-ms-bin/Makefile
|
|
openssl: security patch
Revisions pulled up:
- security/openssl/Makefile 1.143
- security/openssl/distinfo 1.71
- security/openssl/patches/patch-bb 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jan 22 03:35:10 UTC 2010
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Added Files:
pkgsrc/security/openssl/patches: patch-bb
Log Message:
Add a patch from OpenSSL's repositroy to deal with CVE-2009-4355.
Bump PKGREVISION.
|
|
build fix for Solaris
Revisions pulled up:
- pkgsrc/security/opencdk/Makefile 1.32
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tron
Date: Sat Jan 16 11:23:04 UTC 2010
Modified Files:
pkgsrc/security/opencdk: Makefile
Log Message:
Fix build under Solaris.
To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 pkgsrc/security/opencdk/Makefile
|
|
Approved by agc@.
Changes between 0.9.8k and 0.9.8l [5 Nov 2009]
*) Disable renegotiation completely - this fixes a severe security
problem (CVE-2009-3555) at the cost of breaking all
renegotiation. Renegotiation can be re-enabled by setting
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
run-time. This is really not recommended unless you know what
you're doing.
[Ben Laurie]
|
|
|
|
|
|
|
|
|
|
OK'ed by agc@
|
|
be setgid polkit (apparently). Bump pkgrevision
|
|
* Not only interix-3, but also treat all interix release, allow to build on SUA.
* Gave up randomized image base, use 0x5e000000, as in mk/platform/Interix.mk.
It is workaround of PR 42369.
* Use -D_REENTRANT flags for threads.
* replace -Wl,soname= linker flags with -Wl,h, for Interix
|
|
|
|
|
|
Major changes between sudo 1.7.2p1 and 1.7.2p2:
* Fixed a a bug where the negation operator in a Cmnd_List
was not being honored.
* Sudo no longer produces a parse error when #includedir references
a directory that contains no valid filenames.
* The sudo.man.pl and sudoers.man.pl files are now included in
the distribution for people who wish to regenerate the man pages.
* Fixed the emulation of krb5_get_init_creds_opt_alloc() for MIT kerberos.
* When authenticating via PAM, set PAM_RUSER and PAM_RHOST early so
they can be used during authentication.
|
|
|
|
an "idea" option, but that was removed more than a year ago when it
got updated from 1.2 to 1.4
The patch was was used on gnupg2 in the "idea" case was just a four-line
memory initialization fix, there is no point in LICENSE restrictions
due to this, so I've pulled it in as regular patch so that it doesn't
get lost for the case someone fixes idea support in libgcrypt
(which isn't hard).
|
|
From Rumko <rumcic at gmail.com> via private mail.
|
|
noticed by OBATA Akio per mail to pkgsrc-users.
This makes most sense to me since gnupg2 doesn't install a gpg-zip
intentionally. Since possible clients of gpg-zip should have a
dependency on gnupg1, we can't take over easily. Once we are sure
that gnupg2 can fully replace gnupg1, we might consider to install
eg symlinks gpg->gpg2 etc and make gnupg1 obsolete, but this needs
careful testing.
|
|
|
|
|
|
bump PKGREVISION
|
|
changes: many fixes and improvements
reviewed by John R. Shannon
pkgsrc notes:
-since S/MIME support is the biggest difference in functionality over
gnupg1, enable it per default -- my tests (with the s/mime plugin
of claws-mail) worked
-left the build against a private libassuan with GNU-pth support
alone for now, just updated libassuan to 1.0.5. We might build
pkgsrc/libassuan against pkgsrc/pth at some point, but this needs
to be checked for side effects. (As this pkg doesn't export a library
which might propagate the pth dependency, the possibility of
pthread-pth conflicts should be limited. Other uses of libassuan
need to be checked.)
|
|
changes: misc improvements
reviewed by John R. Shannon
|
|
changes:
* New option --url for the LOOKUP command and dirmngr-client.
* The LOOKUP command does now also consults the local cache. New
option --cache-only for it and --local for dirmngr-client.
* Port to Windows completed.
* Improved certificate chain construction.
* Support loading of PEM encoded CRLs via HTTP.
* Client based trust anchors are now supported.
* Configured certificates with the suffix ".der" are now also used.
* Libgcrypt 1.4 is now required.
reviewed by John R. Shannon
pkgsrc notes:
I've left the build against a private libassuan with GNU-pth support
alone for now, just updated libassuan to 1.0.5. We might build
pkgsrc/libassuan against pkgsrc/pth at some point, but this needs
to be checked for side effects. (As this pkg doesn't export a library
which might propagate the pth dependency, the possibility of
pthread-pth conflicts should be limited. Other uses of libassuan
need to be checked.)
Beiing here, support DESTDIR.
|
|
changes:
-misc fixes and improvements
-Support DSA
-Support SHA-{384,512} based signature generation
reviewed by John R. Shannon
|
|
-don't pull in gnupg2's "gpgconf" if both gnupg1 and gnupg2 are installed
but we are building against gnupg1, this caused a build failure
-fix a selftest to work with gnupg2
|
|
|
|
Changes in version 2.28.2 are:
* Add license to reference documentation.
* Sent output of g_printerr to syslog.
* No error when can't unlock login keyring.
* Fix assertion when comparing attributes.
* Fix freeing of unallocated memory in test.
* Don't barf on certificates with unsupported algorithm.
* Fix some memory leaks.
|
|
[Changes for 0.61]
* Added "=encoding utf8" to POD to fix author name display.
No functional changes.
[Changes for 0.60]
* LICENSING CHANGE: This compilation and all individual files in it
are now under the nullary CC0 1.0 Universal terms:
To the extent possible under law, 唐鳳 has waived all copyright and
related or neighboring rights to Module-Signature.
* Updated Module::Install to 0.91, prompted by Florian Ragwitz.
|
|
0.42 Wed Sep 30 23:20:58 JST 2009
* Support for GPG2
0.41_01 Fri Sep 25 02:56:33 JST 2009
* Beginnings of support for GPG2
0.40_04 Tue Apr 21 19:50:12 JST 2009
* Use Any::Moose instead of Moose for Mouse celerity (Sartak)
0.40_1 Sat Nov 15 12:35:59 EST 2008
* [rt.cpan.org #40963] Replace Class::MethodMaker with Moose (Chris Prather)
|
|
Noteworthy changes in version 1.4.5 (2009-12-11)
------------------------------------------------
* Fixed minor memory leak in DSA key generation.
* No more switching to FIPS mode if /proc/version is not readable.
* Fixed a sigill during Padlock detection on old CPUs.
* Fixed a hang on some W2000 machines.
* Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
SHA-256 went up by 25%.
|
|
Apart from infrastructure changes, there are the following functional ones:
+ Update to version 1.99.14/20091210
+ provide a new netpgp_match_list_keys(3) function to perform a
regular-expression based search of all the keys in the keyring. If no
pattern is specified to match, then all keys are returned.
+ provide a new netpgp_set_homedir(3) function, and use it to set the
home directory from the library, rather than individually in all the
programs which use the library
+ provide a new netpgp_incvar(3) function which will add a constant
increment (which may be negative) to the value of an internal
variable. This is primarily used for the verbosity level within the
library, and is again a movement of the function into the library from
the individual programs which use the library
+ move to the specification of an ssh key file by internal variable,
rather than the directory holding an ssh key file
+ autoconf infrastructure changes
+ take a hammer to the _GNU_SOURCE definitions problems
+ don't rely on strnlen(3) being present everywhere
+ add rudimentary support for ssh keys
+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions
|
|
|
|
The seccure toolset implements a selection of asymmetric
algorithms based on elliptic curve cryptography (ECC). In
particular it offers public key encryption / decryption,
signature generation / verification and key establishment.
ECC schemes offer a much better key size to security ratio
than classical systems (RSA, DSA). Keys are short enough to
make direct specification of keys on the command line possible
(sometimes this is more convenient than the management of
PGP-like key rings). seccure builds on this feature and
therefore is the tool of choice whenever lightweight
asymmetric cryptography -- independent of key servers,
revocation certificates, the Web of Trust or even
configuration files -- is required.
|
|
|
|
|
|
|
|
- Added DESTDIR support. All permission settings were kept as before.
- TEMPDIR is now changeable in the Makefile (see patch-ab).
|
|
collection - kudos to Jan Schaumann for pointing it out.
PAM module which permits authentication for arbitrary services
via ssh-agent. Written with sudo in mind, but like any auth
PAM module, can be used for for many purposes.
|
|
|
|
|
|
and "root" user-less platforms.
* replace one bash script shbang (for safe side, may bone shell is sufficient).
* fix PLIST for PR 40993.
add missing entries and back plist vars replaced for Darwin-apple excessively.
Bump PKGREVISION.
|
|
* should not to set SUBST_CLASSES, add instead to avoid overwrite.
* need to runtime dependency on gettext command, Bump PKGREVISION.
|
|
* no need to hard build depend on bison in pkgsrc, USE_TOOLS+=bison instead.
|
|
Should not set to USE_TOOLS, add instead.
|
|
|
|
|
|
No other functional change at all.
|
