| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security/mit-krb5: security fix
Revisions pulled up:
- security/mit-krb5/Makefile 1.70
- security/mit-krb5/distinfo 1.43
- security/mit-krb5/patches/patch-kadmin_server_schpw.c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: tez
Date: Mon May 13 22:42:34 UTC 2013
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-kadmin_server_schpw.c
Log Message:
The kpasswd service provided by kadmind was vulnerable to a UDP
"ping-pong" attack [CVE-2002-2443]. Don't respond to packets unless
they pass some basic validation, and don't respond to our own error
packets.
Some authors use CVE-1999-0103 to refer to the kpasswd UDP ping-pong
attack or UDP ping-pong attacks in general, but there is discussion
leading toward narrowing the definition of CVE-1999-0103 to the echo,
chargen, or other similar built-in inetd services.
https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322ccvs
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 pkgsrc/security/mit-krb5/Makefile
cvs rdiff -u -r1.42 -r1.43 pkgsrc/security/mit-krb5/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/mit-krb5/patches/patch-kadmin_server_schpw.c
|
|
security/mit-krb5: security patch
Revisions pulled up:
- security/mit-krb5/Makefile 1.68
- security/mit-krb5/distinfo 1.41
- security/mit-krb5/patches/patch-kdc_do_tgs_req.c 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Tue Apr 23 22:09:44 UTC 2013
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-kdc_do_tgs_req.c
Log Message:
Fix for CVE-2013-1416 from:
http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7600
|
|
|
|
|
|
From PR 47705 by KAMADA Ken'ichi.
|
|
|
|
|
|
|
|
|
|
|
|
Packaged by Matthew Bauer <matthew.justin.bauer@gmail.com> during Google Code-In.
PAM module to authenticate using a PostgreSQL database.
|
|
* oathtool: Base32 decoding of keys are now more liberal in what accepts.
It can now accept keys on the "gr6d 5br7 25s6 vnck v4vl hlao re"
format, i.e., base32 data delimited using SPC and without padding.
The old proper base32 format is still supported.
* liboath: oath_base32_decode now ignores SPC and adds pad characters.
* liboath: If password in usersfile is + then ignore supplied password.
This enables the pam_oath module to be used with external password
verification. Based on patch from Ilkka Virta <itvirta@iki.fi>.
* tests: Fixed expiry date of some certificates used in the test suite.
The last release would only complete 'make check' during a 30 day window.
* API and ABI is backwards compatible with the previous version.
Version 2.0.1 (released 2012-10-24)
* libpskc, pskctool: Support sign and verify of PSKC data using XML DigSig.
* libpskc: XML Schema validation modified.
The entire PSKC schema is now supported (before the XML Digital
Signatures and Encryption parts were removed). The code now assumes
that the schema is available in the local XML catalog. Thanks to Liam
Quin for hints about XML catalogs.
* pskctool: the --check (-c) parameter was renamed to --info (-i).
* API and ABI is backwards compatible with the previous version.
Version 2.0.0 (released 2012-10-10)
* libpskc, pskctool: New components.
The OATH Toolkit now supports the Portable Symmetric Key Container
(PSKC) data format specified in RFC 6030 for dealing with key
provisioning. There is a new low-level library libpskc for managing
PSKC data for application developers and a new command line tool
pskctool for interacting with PSKC data for users. The PSKC
functionality depends on Libxml2 <http://xmlsoft.org/>. It can be
disabled unconditionally using the ./configure-parameter
--disable-pskc.
* liboath: Add manpages for library API.
* API and ABI is backwards compatible with the previous version.
|
|
* Fix a bug in the version check to support major version > 2 (neo).
Patch from https://github.com/wwest4
* Give ykpamcfg an option for specifying path.
|
|
* Fixup of broken release.
Version 1.11.2 (released 2013-01-09)
* Fix a bug where writing a NDEF with unknown prefix ended up writing invalid
data to the YubiKey NEO. Wrote prefix as 0x24 instead of 0x00.
* Don't allow opening a YubiKey if there's more than one present in the system.
* Fix shared linking of ykinfo and ykchalresp.
Version 1.11.1 (released 2012-12-21)
* Implement ykusb_strerror() on windows.
* Fix a bug where a YubiKey would fail to be recognized if there was
another device from Yubico (vendor id 1050) inserted and looked at
before in the device chain.
* Fix a bug where you could only set 8 bytes of the public id with
the command line tool, now all 16 bytes can be set.
* Documentation updates and fixes.
Version 1.11.0 (released 2012-12-12)
* Added version symbols and functions.
The header file is "ykpers-version.h" and it contains the following
symbols and functions: YKPERS_VERSION_STRING, YKPERS_VERSION_NUMBER,
YKPERS_VERSION_MAJOR, YKPERS_VERSION_MINOR, YKPERS_VERSION_PATCH,
ykpers_check_version.
Version 1.10.0 (released 2012-12-11)
* Support for the new productId of the production Neo.
Has ProducId 0x110, 0x111 or 0x112 depending on mode (see the notes about
-m and device_config).
* Add support for SLOT_NDEF2.
Use SLOT_NDEF to emit slot 1 as NDEF or SLOT_NDEF2 to emit slot 2.
This also adds the function yk_write_ndef2() that takes a slot parameter.
* Add -m flag for ykpersonalize, set usb mode of YubiKey NEO.
0 means pure YubiKey mode, 1 means pure CCID mode and 2 means YubiKey/CCID
composite mode. Add 80 to set EJECT_FLAG.
To use this with the api, see the functions:
ykp_alloc_device_config(), ykp_free_device_config(), ykp_set_device_mode(),
ykp_set_device_chalresp_timeout(), ykp_set_device_autoeject_time() and
yk_write_device_config().
* Add -S flag for ykpersonalize, set the scanmap of the YubiKey NEO.
Take an 90 character string describing 45 scancodes. See man page for more
info. To use this with the api see yk_write_scan_map().
* In the api add ykp_ndef_as_text() to export the text from a YK_NDEF structure.
* Higher timeout for configuration writes as in particular swap can take
longer than 600 ms.
|
|
* Added ./configure --enable-gcc-warnings to enable a lot of warnings.
* Warning fixes, build fixes etc.
|
|
|
|
Description:
stud is a network proxy that terminates TLS/SSL connections and forwards
the unencrypted traffic to some backend. It's designed to handle 10s
of thousands of connections efficiently on multicore machines.
stud has very few features. It is designed to be paired with an
intelligent backend like haproxy or nginx.
|
|
|
|
latest 20130316 sources.
Changes since previous version:
+ this version is completely standalone, and relies on no external
libraries (other than libc)
+ updated man page to reflect reality
+ minor configure script added
|
|
|
|
- Fixed problems in low level read_data() function triggered when an
incorrect key is used with some Tacacs+ servers, resulting in a 0-length
read(), causing a seg
fault on some platforms, and a very slow exit on others. This problem
appears to have been in tac_client ever since I inherited this library.
|
|
* bug Fixed bug introduced by changes on inc_soa_serial()
zkt 1.1.1
* bug Error fixed in zkt-conf in parsing the version number
* misc inc_soa_serial() now returns 0 on success
* bug Fixed bug in inc_serial()
The zone file wasn't closed on succesful change of the soa record.
Many thanks to Frederik Soderblom for fixing this.
|
|
Noteworthy changes in version 1.11 (2013-02-25)
-----------------------------------------------
* New error source GPG_ERR_SOURCE_ASSUAN for Libassuan related
errors.
* New macros GPG_ERROR_VERSION and GPG_ERROR_VERSION_NUMBER. New
function gpg_error_check_version.
* Interface changes relative to the 1.10 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPG_ERR_NO_KEYSERVER NEW.
GPG_ERR_INV_CURVE NEW.
GPG_ERR_UNKNOWN_CURVE NEW.
GPG_ERR_DUP_KEY NEW.
GPG_ERR_AMBIGUOUS NEW.
GPG_ERR_SOURCE_ASSUAN NEW.
gpg_error_check_version NEW.
GPG_ERROR_VERSION NEW.
GPG_ERROR_VERSION_NUMBER NEW.
|
|
2012-Nov-25 - v1.6 - Hide passwords (red on red) in the show
command unless the -f option is given. Added the --readonly command
line option. Added support for multi-line notes/comments; input
ends on a line holding a single ".".
|
|
Changes from 2.20.1 to 2.21:
New Features:
Generic CSV importer: a group separator can be specified now (for importing group trees).
Internal data viewer: added hex viewer mode (which is now the default for unknown data types).
In the 'Show Entries by Tag' menu, the number of entries having a specific tag is now shown right of the tag.
In the 'Add Tag' menu, a tag is now disabled if all selected entries already have this tag.
Auto-Type: added support for right modifier keys.
Added special key codes: {WIN}, {LWIN}, {RWIN}, {APPS}, {NUMPAD0} to {NUMPAD9}.
Interleaved sending of keys is now prevented by default (if you e.g. have an auto-type sequence that triggers another auto-type, enable the new option 'Allow interleaved sending of keys' in 'Tools' -> 'Options' -> tab 'Advanced').
Added '-auto-type-selected' command line option (other running KeePass instances perform auto-type for the currently selected entry).
Added option to additionally show references when showing dereferenced data (enabled by default).
The selection in a secure edit control is now preserved when unhiding and hiding the content.
The auto-type association editing dialog now does not hang anymore when a window of any other application hangs.
When an application switches from the secure desktop to a different desktop, KeePass now shows a warning message box; clicking [OK] switches back to the secure desktop.
Added 'OK'/'Cancel' buttons in the icon picker dialog.
Added support for importing LastPass 2.0.2 CSV files.
KeePass now shows an error message when the user accidentally attempts to use a database file as key file.
Added support for UTF-16 surrogate pairs.
Added UTF-8 BOM support for version information files.
The KeePass version is now also shown in the components list in the 'About' dialog.
File operations are now context-independent (this e.g. makes it possible to use the 'Activate database' trigger action during locking).
Plugins can now register their placeholders to be shown in the auto-type item editing dialog.
Plugins can now subscribe to IO access events.
Added workaround for .NET bug 694242; status dialogs now scale properly with the DPI resolution.
Added workaround for Mono DataGridView.EditMode bug.
Added workaround for Mono bug 586901; high Unicode characters in rich text boxes are displayed properly now.
Improvements / Changes:
When the main window UI is being unblocked, the focus is not reset anymore, if a primary control has the focus.
When opening the icon picker dialog, KeePass now ensures that the currently selected icon is visible.
Internal data viewer: improved visibility updating.
The e-mail box icon by default is not inherited by new entries anymore.
The database is now marked as modified when auto-typing a TAN entry.
Enhanced AnyPassword importer to additionally support CSV files exported by AnyPassword Pro 1.07.
Enhanced Password Safe XML importer (KeePass tries to fix the broken XML files exported by Password Safe 3.29 automatically).
IO credentials can be loaded over IPC now.
Enhanced user switch detection.
Even when an exception occurs, temporary files created during KDB exports are now deleted immediately.
Improved behavior on Unix-like systems when the operating system does not grant KeePass access to the temporary directory.
Improved critical sections that are not supposed to be re-entered by the same thread.
Improved secure desktop name generation.
When a dialog is closed, references within the global client image list to controls (event handlers) are removed now.
.NET 4.5 is now preferred, if installed.
PLGX plugins are now preferably compiled using the .NET 4.5 compiler, if KeePass is currently running under the 4.5 CLR.
Updated KB links.
Changed naming of translation files.
The installer now always overwrites the KeePassLibC 1.x support libraries.
Upgraded installer.
Various code optimizations.
Minor other improvements.
Bugfixes:
When locking multiple databases and cancelling a 'Save Changes?' dialog, the UI is now updated correctly.
'&' characters in dynamic menu texts, in dialog banner texts, in image combobox texts, in text box prompts and in tooltips are now displayed properly.
|
|
|
|
|
|
changes:
-support for PKCS #5 PBKDF2, SHA3, GOST R 34.11-94
-bugfixes
-minor improvements
|
|
changes:
-licensing change: gplv3 -> lgplv3 + gplv2
-minor fixes
|
|
the certificates with a single command.
ok gdt, wiz
|
|
Upstream changes:
*** 200?/??/?? Version 1.6
Fixed example output in doc in MD4.pm. Reported by jbwaters@gmail.com.
*** 2013/03/14 Version 1.7
Removed defunct code that caused incorrect error message when building on 64 bit platforms, patch by
zefram
*** 2013/03/14 Version 1.8
Fixed a test error in files.t. Corrected the comment to do with the reason in
verison 1.7
|
|
openssl will be used if not builtin. Fixes problem with incorrect cert
hashes generated on (at least) SunOS.
|
|
This is a bugfix release.
|
|
|
|
|
|
|
|
|
|
|
|
ZoneMinder is intended for use in single or multi-camera video security
applications, including commercial or home CCTV, theft prevention and child,
family member or home monitoring and other domestic care scenarios such as
nanny cam installations. It supports capture, analysis, recording, and
monitoring of video data coming from one or more video or network cameras
attached to a system. ZoneMinder also support web and semi-automatic control
of Pan/Tilt/Zoom cameras using a variety of protocols. It is suitable for use
as a DIY home video security system and for commercial or professional video
security and surveillance. It can also be integrated into a home automation
system via X.10 or other protocols.
|
|
As mentionned on the upstream page (https://github.com/bitprophet/ssh):
"This library started life as a fork of Paramiko but has now been
fully been merged back upstream.
As such, 'ssh' is defunct and will receive no future releases or
attention: please change your dependencies back to Paramiko,
and file any feature requests or bugfixes over on Paramiko's tracker."
|
|
F-PROT Antivirus for Unix, version 6.2.3
* Fixed a problem with multiple connections in fpscand.
* Startup scripts have been tuned and improved.
* fpscand now overrides the loglevel when run in foreground mode, forces
it to 7 (DEBUG).
* scan-mail.pl had trouble with multiple instances and temporary file cleanup,
this had been fixed.
* The installer now has the wrapper script option for fpscan as default.
|
|
(per http://old.nabble.com/Re%3A-build-problem-p34365918.html)
|
|
Upstream changes:
5.84 Sat Mar 9 17:36:08 MST 2013
- untweaked Makefile.PL to remove dependencies of SHA.c
-- dependencies were breaking builds on VMS
-- retaining dependencies provides too little benefit
for cost of portable workaround
5.83 Mon Mar 4 08:12:00 MST 2013
- removed code for standalone C operation (no longer used)
-- eliminates need for external symbols
-- consolidates SHA and HMAC code
-- reduces size of object files
-- thanks to Marc Lehmann for suggestions
- tweaked Makefile.PL to show dependencies of SHA.c
5.82 Thu Jan 24 04:54:12 MST 2013
- introduced workaround to SvPVbyte bug in Perl 5.6
-- module behavior now consistent under all Perls 5.6+
-- ref: new test script t/unicode.t
-- SHA routines now always croak on wide chars (5.6+)
- removed "static" message schedules from C code
-- default "auto" is now just as fast
-- thread-safe option (-t) no longer necessary
-- still allowed, but ignored
-- simplifies source and header files
-- eliminates SHA_STO_CLASS and SHA_THREAD_SAFE
-- ref. Bug #82784
-- thanks to Steve Hay for initial patch
- provided documentation to describe Unicode handling
-- ref: Bug #82378
- updated documentation of NIST statement on SHA-1
|
|
This is a bugfix release.
Fix null PKINIT pointer dereference vulnerabilities [CVE-2012-1016, CVE-2013-1415]
Prevent the KDC from returning a host-based service principal referral to the local realm.
|
|
Fixes db name extension in DEINSTALL script for other than ndbm.
Bump PKGREVISION.
|
|
This minor update incorporates the "--tgt-known-iids" option, which
can be used to track systems across networks, even if they employ the
so-called "Privacy Address" (and yes, that includes Microsoft Windows
systems).
|
|
Upstream appears to have no changelog or NEWS; the included README is
about changes in 1.8.0. Browsing github makes this look like minor
features and bugfixes.
|
|
|
|
|
|
timeline using information found within various log files and other
files that contain timestamps. The tool can be used to augment
traditional timeline analysis where the focus has generally been on
solely the timestamps found within the filesystem itself.
The tool is also capable of outputting into various formats that
can be used to either import into analysis tools or to read directly
using whatevery suits you (spreadsheet/vim/less/...)
|
