Age | Commit message (Collapse) | Author | Files | Lines |
|
security/libgcrypt: security update
Revisions pulled up:
- security/libgcrypt/Makefile 1.69-1.70
- security/libgcrypt/distinfo 1.55-1.56
- security/libgcrypt/patches/patch-ab deleted
- security/libgcrypt/patches/patch-random_rndunix.c 1.1
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jan 5 21:56:16 UTC 2015
Modified Files:
pkgsrc/security/libgcrypt: Makefile distinfo
Added Files:
pkgsrc/security/libgcrypt/patches: patch-random_rndunix.c
Removed Files:
pkgsrc/security/libgcrypt/patches: patch-ab
Log Message:
Replace patch-ab with upstream version, see
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=817472358a093438e802380caecf7139406400cf;hp=8c5eee51d9a25b143e41ffb7ff4a6b2a29b82d83
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Feb 28 00:14:25 UTC 2015
Modified Files:
pkgsrc/security/libgcrypt: Makefile distinfo
Log Message:
Update to 1.6.3:
Noteworthy changes in version 1.6.3 (2015-02-27) [C20/A0/R3]
------------------------------------------------
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical].
* Improved asm support for older toolchains.
|
|
security/gnupg: security update
Revisions pulled up:
- security/gnupg/Makefile 1.128
- security/gnupg/PLIST 1.28
- security/gnupg/distinfo 1.66
---
Module Name: pkgsrc
Committed By: wiz
Date: Sat Feb 28 00:13:25 UTC 2015
Modified Files:
pkgsrc/security/gnupg: Makefile PLIST distinfo
Log Message:
Update to 1.4.19:
Noteworthy changes in version 1.4.19 (2015-02-27)
-------------------------------------------------
* Use ciphertext blinding for Elgamal decryption [CVE-2014-3591].
See http://www.cs.tau.ac.il/~tromer/radioexp/ for details.
* Fixed data-dependent timing variations in modular exponentiation
[related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks
are Practical].
* Detect faulty use of --verify on detached signatures.
* Changed the PKA method to use CERT records and hashed names.
* New import option "keep-ownertrust".
* Support algorithm names when generating keys using the --command-fd
method.
* Updated many translations.
* Updated build system.
* Fixed a regression in keyserver import
* Fixed argument parsing for option --debug-level.
* Fixed DoS based on bogus and overlong key packets.
* Fixed bugs related to bogus keyrings.
* The usual minor minor bug fixes.
|
|
security/clamav: security update
Revisions pulled up:
- security/clamav/Makefile 1.21
- security/clamav/distinfo 1.16
---
Module Name: pkgsrc
Committed By: hiramatsu
Date: Tue Feb 24 07:28:59 UTC 2015
Modified Files:
pkgsrc/security/clamav: Makefile distinfo
Log Message:
Update clamav to 0.98.6.
Changes from 0.98.5.
--------------------
- library shared object revisions.
- installation issues on some Mac OS X and FreeBSD platforms.
- includes a patch from Sebastian Andrzej Siewior making
ClamAV pid files compatible with systemd.
- Fix a heap out of bounds condition with crafted Yoda's
crypter files. This issue was discovered by Felix Groebert
of the Google Security Team.
- Fix a heap out of bounds condition with crafted mew packer
files. This issue was discovered by Felix Groebert of the
Google Security Team.
- Fix a heap out of bounds condition with crafted upx packer
files. This issue was discovered by Kevin Szkudlapski of
Quarkslab.
- Fix a heap out of bounds condition with crafted upack packer
files. This issue was discovered by Sebastian Andrzej Siewior.
CVE-2014-9328.
- Compensate a crash due to incorrect compiler optimization when
handling crafted petite packer files. This issue was discovered
by Sebastian Andrzej Siewior.
|
|
security/sudo: security update
Revisions pulled up:
- security/sudo/Makefile 1.145
- security/sudo/distinfo 1.82
---
Module Name: pkgsrc
Committed By: spz
Date: Wed Feb 11 09:11:59 UTC 2015
Modified Files:
pkgsrc/security/sudo: Makefile distinfo
Log Message:
update of sudo to the next upstream patch version (1.7.10p8 to 1.7.10p9)
Upstream Changelog:
+ The TZ environment variable is now checked for safety instead of
simply being copied to the environment of the command.
This fixes a potential security issue.
+ Sudo now only builds Position Independent Executables (PIE) by
default on Linux systems and verifies that a trivial test program
builds and runs.
+ On Solaris 11.1 and higher, sudo binaries will now have the ASLR tag
enabled if supported by the linker.
|
|
security/openssl: security update
Revisions pulled up:
- security/openssl/Makefile 1.201
- security/openssl/distinfo 1.110
- security/openssl/patches/patch-crypto_dso_dso__dlfcn.c deleted
---
Module Name: pkgsrc
Committed By: wiz
Date: Thu Jan 8 16:58:25 UTC 2015
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Removed Files:
pkgsrc/security/openssl/patches: patch-crypto_dso_dso__dlfcn.c
Log Message:
Update to 1.0.1k:
Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
*) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
message can cause a segmentation fault in OpenSSL due to a NULL pointer
dereference. This could lead to a Denial Of Service attack. Thanks to
Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
(CVE-2014-3571)
[Steve Henson]
*) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
dtls1_buffer_record function under certain conditions. In particular this
could occur if an attacker sent repeated DTLS records with the same
sequence number but for the next epoch. The memory leak could be exploited
by an attacker in a Denial of Service attack through memory exhaustion.
Thanks to Chris Mueller for reporting this issue.
(CVE-2015-0206)
[Matt Caswell]
*) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
method would be set to NULL which could later result in a NULL pointer
dereference. Thanks to Frank Schmirler for reporting this issue.
(CVE-2014-3569)
[Kurt Roeckx]
*) Abort handshake if server key exchange message is omitted for ephemeral
ECDH ciphersuites.
Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
reporting this issue.
(CVE-2014-3572)
[Steve Henson]
*) Remove non-export ephemeral RSA code on client and server. This code
violated the TLS standard by allowing the use of temporary RSA keys in
non-export ciphersuites and could be used by a server to effectively
downgrade the RSA key length used to a value smaller than the server
certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
INRIA or reporting this issue.
(CVE-2015-0204)
[Steve Henson]
*) Fixed issue where DH client certificates are accepted without verification.
An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. This effectively allows a client to
authenticate without the use of a private key. This only affects servers
which trust a client certificate authority which issues certificates
containing DH keys: these are extremely rare and hardly ever encountered.
Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
this issue.
(CVE-2015-0205)
[Steve Henson]
*) Ensure that the session ID context of an SSL is updated when its
SSL_CTX is updated via SSL_set_SSL_CTX.
The session ID context is typically set from the parent SSL_CTX,
and can vary with the CTX.
[Adam Langley]
*) Fix various certificate fingerprint issues.
By using non-DER or invalid encodings outside the signed portion of a
certificate the fingerprint can be changed without breaking the signature.
Although no details of the signed portion of the certificate can be changed
this can cause problems with some applications: e.g. those using the
certificate fingerprint for blacklists.
1. Reject signatures with non zero unused bits.
If the BIT STRING containing the signature has non zero unused bits reject
the signature. All current signature algorithms require zero unused bits.
2. Check certificate algorithm consistency.
Check the AlgorithmIdentifier inside TBS matches the one in the
certificate signature. NB: this will result in signature failure
errors for some broken certificates.
Thanks to Konrad Kraszewski from Google for reporting this issue.
3. Check DSA/ECDSA signatures use DER.
Reencode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.
This will reject various cases including garbage after signature
(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
(negative or with leading zeroes).
Further analysis was conducted and fixes were developed by Stephen Henson
of the OpenSSL core team.
(CVE-2014-8275)
[Steve Henson]
*) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
results on some platforms, including x86_64. This bug occurs at random
with a very low probability, and is not known to be exploitable in any
way, though its exact impact is difficult to determine. Thanks to Pieter
Wuille (Blockstream) who reported this issue and also suggested an initial
fix. Further analysis was conducted by the OpenSSL development team and
Adam Langley of Google. The final fix was developed by Andy Polyakov of
the OpenSSL core team.
(CVE-2014-3570)
[Andy Polyakov]
*) Do not resume sessions on the server if the negotiated protocol
version does not match the session's version. Resuming with a different
version, while not strictly forbidden by the RFC, is of questionable
sanity and breaks all known clients.
[David Benjamin, Emilia K?sper]
*) Tighten handling of the ChangeCipherSpec (CCS) message: reject
early CCS messages during renegotiation. (Note that because
renegotiation is encrypted, this early CCS was not exploitable.)
[Emilia K?sper]
*) Tighten client-side session ticket handling during renegotiation:
ensure that the client only accepts a session ticket if the server sends
the extension anew in the ServerHello. Previously, a TLS client would
reuse the old extension state and thus accept a session ticket if one was
announced in the initial ServerHello.
Similarly, ensure that the client requires a session ticket if one
was advertised in the ServerHello. Previously, a TLS client would
ignore a missing NewSessionTicket message.
[Emilia K?sper]
|
|
PR pkg/49499 by Sevan Janiyan.
|
|
|
|
While here, fix interpreter path in installed file. Bump PKGREVISION.
|
|
|
|
|
|
|
|
- New Features:
- donuts: - Added the ability to summarize information
about a zone in the output, such as the upcoming
entire zone expiry time, etc
- Added the ability to query live zones for
records to analyze. EG:
donuts live:good-a,badsign-a test.dnssec-tools.org
- Added a -V switch to dump records analyzed
- libval: - Add support for conditionally checking all RRSIGs
on an assertion even if one that validates is
already found.
- Look for zonecuts based on NS records, not SOA
- Added initial support for TSIG in order to enable
libval to query recursive name servers that
authorized recursive lookup for only those hosts
that used a particular TSIG key.
- Validator.pm - Store respondent name server information in result
structure.
- Owl - additional sensor modules
- additional data analysis on manager
- logging to the Owl sensors modules
- optimized sensor data organization
(requires software upgrades on both sensor and
manager at the same time)
- added -restart option to owl-sensord for
restarting sensor modules
- improvements to the installation guide
- rollerd - generalized zonegroup entry in rollecs to be lists of tags
- rndc option support added
- dnssec-check - Ported to Qt5
- dnssec-nodes - Ported to Qt5
- lookup - Ported to Qt5
- dnssec-system-tray
- Ported to Qt5
- Bug Fixes
- Fixed bugs in libval, rollerd, blinkenlights, Owl
sensor modules, and Owl manager
- Use rlimits to try and limit file descriptor use in
libsres so we don't run out of available sockets.
- Eliminate a few hardcoded paths in various perl modules
- Fix various compiler warnings
- Update autoconf and related files
|
|
upstream. Thanks wiz@ for advice.
-------------------------
2014-10-26 Werner Koch <wk@gnupg.org>
Release 0.9.0.
(.. ommitted ..)
Remove support form QT3 and GTK+-1.
* configure.ac: Remove old qt and gtk+-1 support.
|
|
-- This will remove pinentry-{gtk,qt} by next commit.
-- Touched files on this commit are Makefile.common and distinfo only
-------------------------
2014-10-26 Werner Koch <wk@gnupg.org>
Release 0.9.0.
gtk: Aboid segv for opaste keys.
* gtk+-2/gtksecentry.c (gtk_secure_entry_class_init): Disable paste
key bindings.
Remove support form QT3 and GTK+-1.
* configure.ac: Remove old qt and gtk+-1 support.
* Makefile.am: Ditto.
2014-10-26 Stanislav Ochotnicky <sochotnicky@redhat.com>
Check if we are on tty before initializing curses.
* pinentry/pinentry-curses.c (dialog_run): Check stant stdin and stout
are connected to ttys.
2014-10-26 Werner Koch <wk@gnupg.org>
gtk: Allow pasting using the mouse.
* gtk+-2/gtksecentry.h (_GtkSecureEntry): Add fields insert_pos,
real_changed, cand change_count.
(_GtkSecureEntryClass): Add field paste_clipboard.
* gtk+-2/gtksecentry.c (PASTE_CLIPBOARD): New.
(gtk_secure_entry_class_init): Set paste_clipboard and create
paste-clipboard signal.
(gtk_secure_entry_button_press): Call gtk_secure_entry_pase.
(begin_change, end_change, emit_changed): New.
(gtk_secure_entry_real_insert_text): Use emit_changed.
(gtk_secure_entry_real_delete_text): Ditto.
(paste_received, gtk_secure_entry_paste)
(gtk_secure_entry_paste_clipboard): New.
2014-10-24 Werner Koch <wk@gnupg.org>
gtk+-2: Make current focus visible again.
* gtk+-2/pinentry-gtk-2.c (grab_keyboard): Return false
(ungrab_keyboard): Ditto.
gtk+-2: Implement the SETREPEAT command.
* gtk+-2/pinentry-gtk-2.c (repeat_entry, error_label): New.
(button_clicked): Implement repeat check.
(changed_text_handler): Clear repeat field.
(create_window): Add repeat entry.
Add commands to allow implementing a "repeat passphrase" field.
* pinentry/pinentry.c (cmd_setrepeat): New.
(cmd_setrepeaterror): New.
(register_commands): Add new commands.
(cmd_getpin): Print "PIN_REPEATED" status.
|
|
The second part of the commit after Makefile.common updated
This is the last version pinentry-{qt,gtk} are available.
|
|
Another commit follows for other files.
This is the last version pinentry-{qt,gtk} are available.
-----------------------------------------
2014-09-18 Werner Koch <wk@gnupg.org>
Release 0.8.4.
Add missing build support files and move them to build-aux.
Use generic autogen.sh script.
* autogen.rc: New.
* autogen.sh: New. Take from GnuPG.
* Makefile.am (EXTRA_DIST): Add autogen.rc.
(DISTCHECK_CONFIGURE_FLAGS): Disable qt4.
2014-08-12 Werner Koch <wk@gnupg.org>
common: Fix compiler warning.
* pinentry/pinentry.c (pinentry_utf8_to_local): Use cast for iconv arg.
(pinentry_local_to_utf8): Ditto.
New pinentry-tty version for dumb terminals.
* Makefile.am: Add pinentry-tty.
* NEWS: Add news about pinentry-tty.
* README: Update.
* configure.ac: Add support for this pinentry.
* tty/Makefile.am: New.
* tty/pinentry-tty.c: New.
2014-08-06 Andre Heinecke <aheinecke@intevation.de>
Check for MOC also if pinentry-qt is disabled.
* configure.ac: Call QT_PATH_MOC if pinentry_qt4 is not no.
Add fallbacks for SetForegroundWindow.
If that foreground window fails pinentry-qt now tries to
attach to the current foreground process and then tries
to set the foreground window again. If that fails it also
calls ShowWindow as a last resort.
* qt4/pinentrydialog.cpp (raiseWindow): Add fallbacks in
case SetForegroundWindow fails.
Use raiseWindow also for confirm dialogs.
This should fix the case that the dialog opened
in the foreground but a warning / confirm dialog
opened in the background.
* qt4/pinentryconfirm.cpp, qt4/pinentryconfirm.h (showEvent):
New overwrite base class method to call raiseWindow.
* NEWS: Mention this.
2014-07-30 Andre Heinecke <aheinecke@intevation.de>
Set some accessibility information.
* qt4/main.cpp (qt_cmd_handler): Build buttons with accessibile
Description.
* qt4/pinentrydialog.cpp (setDescription, setError, setOkText)
(setCancelText, setQualityBar): Set an accessible description.
* qt4/pinentryconfirm.cpp (PinentryConfirm): Set message
box contents also as accessible values.
* NEWS: Mention it and the copy/paste change from last year.
2013-07-15 Andre Heinecke <aheinecke@intevation.de>
Lower paste length limit to 300.
This should be more then enough and avoids possible problems
with libassuan cmd line lenght or percent escaping etc.
* qt4/qsecurelineedit.cpp (insert): Lower paste limit
Limit paste length to 1023 characters.
* qt4/qsecurelineedit.cpp (insert): Check for a maximum
length before allocation the secmem string.
Fix contextmenu support for pasting.
MOC ignores preprocessor definitions so we can not conditionally
declare SLOTS. So we now move the ifdefs in the definition and
always declare the SLOTS.
* qt4/qsecurelinedit.cpp (cut, copy, paste): Do nothing if
QT_NO_CLIPBOARD is defined.
* qt4/qsecurelinedit.h: Always declare cut, copy and paste slots
Remove check for RTL extensions.
Our code does nothing RTL specific there anyway. And the
qt_use_rtl_extensions symbol has been removed.
* qt4/qsecurelinedit.cpp: Remove check for RTL extensions.
2013-07-12 Werner Koch <wk@gnupg.org>
Fix for commit fb38be9 to allow for "make distcheck".
* qt4/Makefile.am: Make correct use of BUILT_SOURCES.
2013-05-29 Andre Heinecke <aheinecke@intevation.de>
Add pinentry-qt4-clipboard option.
Enabling this option will make it possible to paste a
passphrase into pinentry-qt4. This defeats the secmem
mechanism but drastically increases usability for some
users.
* configure.ac: New option pinentry-qt4-clipboard.
* qt4/qsecurelineedit.cpp, qt4/qsecurelineedit.h: Activate
clipboard and context menu if PINENTRY_QT4_CLIPBOARD is defined.
Remove qt4 moc files and add moc to buildsystem.
This is neccessary to conditionally enable signals/slots
at build time.
* qt4/Makefile.am: Moc files automatically.
* qt4/pinentryconfirm.moc, qt4/pinentrydialog.moc,
qsecurelineedit.moc: Removed.
|
|
No any changes on built binary. Proposed at:
http://mail-index.netbsd.org/pkgsrc-users/2014/12/08/msg020735.html
Thank you.
|
|
Changelog for this version:
pev 0.70 - December 26, 2013
! Missing full/English documentation.
! Missing valid XML and HTML output formats.
! pestr: no support for --net option when parsing unicode strings.
! pestr: unable to handle too big strings.
* libpe: rewritten, now using mmap. (Jardel Weyrich).
* pestr: added countries domains suffixes.
* readpe and peres: output enhancements (Jardel Weyrich).
+ pehash: sections and headers hash calculation (Jardel Weyrich).
+ pehash: ssdeep fuzzy hash calculation.
+ pehash: support for new digest hashes like sha512, ripemd160 and more.
+ peres: added new tool to analyze/extract PE resources (Marcelo Fleury).
+ pescan: cpl malware detection.
+ pescan: undocumented anti-disassembly fpu trick detection.
+ pesec: show and extract cerfiticates from digitally signed binaries (Jardel Weyrich).
- readpe can't show functions exported by ID only.
- readpe: fixed subsystem types (Dmitry Mostovenko).
|
|
|
|
- Add comment on patch-ac (from cvs log)
(upstream)
- Update 0.49 to 0.50
04/30/2014 - Version 0.50 new tests: linuxrootkit-AMD-64-sound
Operation Windigo ssh backdoor detection
Minor bug fixes
|
|
fails when no valid public key for the signature is provided.
|
|
ChangeLog for this version:
Wed, 12 Nov 2014 14:30:39 EDT (swebb)
-------------------------------------
* bb11176 - Instruct OpenSSL to allow MD5 when in FIPS-compliant mode.
Patch submitted by Reinhard Max.
Mon, 10 Nov 2014 11:03:29 EDT (swebb)
-------------------------------------
* bb11155 - Adjust the logic surrounding adjusting the PE section sizes
This fixes a crash with maliciously crafted yoda's crypter files and
also improves virus detections for PE files.
Thu, 6 Nov 2014 14:51:26 EDT (swebb)
-------------------------------------
* bb11088 - Merge in fixes for clamscan -a crash bug
Mon, 20 Oct 2014 11:33:18 EDT (swebb)
-------------------------------------
* Revert "bb#10731 - Allow to specificy a group for the socket of which
the user is not a member"
Thu, 31 Jul 2014 19:11:22 EDT (swebb)
-------------------------------------
* Add support for XDP PDF file format
Thu, Jul 31 11:50:23 EDT 2014 (swebb)
------------------------------------
* bb#10731 - Allow specification of a group for the milter socket of which
the user is not a member - patch submitted by Sebastian Andrzej Siewior
Fri, 25 Jul 2014 12:26:04 EDT (klin)
------------------------------------
* bb#10981 - applied LLVM 3.1-3.4 - patch submitted by Andreas Cadhalpun
Fri, 25 Jul 2014 12:06:13 (klin)
--------------------------------
* clambc: added diagnostic tools for bytecode IR
Tue, 8 Jul 2014 19:53:41 EDT (swebb)
------------------------------------
* mass cleanup of compiler warnings
Tue, 08 Jul 11:30:00 EDT 2014 (morgan)
------------------------------------
* 0.98.5 beta release
Mon, 07 Jul 09:00:00 EDT 2014 (swebb)
------------------------------------
* 0.98.5-beta1 release engineering
Thu, 03 Jul 22:14:40 EDT 2014 (swebb)
------------------------------------
* Call cl_initialize_crypto() in cl_init()
Thu, 03 Jul 16:28:10 EDT 2014 (swebb)
------------------------------------
* Finalize PDF parsing code for the preclassification feature
Wed, 25 Jun 16:26:33 EDT 2014 (swebb)
------------------------------------
* Finalize linking in libjson, a new optional dependency
Fri, 13 Jun 2014 16:11:15 EDT (smorgan)
---------------------------------------
* add timeout facility for file property scanning
Tue, 3 Jun 2014 13:31:50 EDT (smorgan)
--------------------------------------
* add callback for user processing of json string and json scan result
Wed, 7 May 2014 10:56:35 EDT (swebb)
------------------------------------
* PE file properties collection
Tue, 6 May 2014 15:26:30 EDT (klin)
-----------------------------------
* add api to read json to the bytecode api
Thu, 1 May 2014 16:59:01 EDT (klin)
-----------------------------------
* docx/pptx/xlsx file properties collection
Wed, 30 Apr 2014 16:38:55 EDT (swebb)
-------------------------------------
* pdf file properties collection
Tue, 22 Apr 2014 14:22:39 EDT (klin)
------------------------------------
* json api wrapper
Mon, 21 Apr 2014 18:30:28 EDT (klin)
------------------------------------
* doc/ppt/xls file properties collection
Wed, 16 Apr 18:14:45 2014 EDT (smorgan)
--------------------------------------
* Initial libjson-c configure/build support and json file properties work
|
|
Several small bugfixes related to six/py3 support.
|
|
|
|
Snoopy sends every executed command to syslog.
|
|
* Version 3.2.20 (released 2014-11-10)
** libgnutls: Removed superfluous random generator refresh on every call
of gnutls_deinit(). That reduces load and usage of /dev/urandom.
** libgnutls: Corrected issue in export of ECC parameters to X9.63 format.
Reported by Sean Burford [GNUTLS-SA-2014-5].
** API and ABI modifications:
No changes since last version.
|
|
* Version 3.2.19 (released 2014-10-13)
** libgnutls: Fixes in the transparent import of PKCS #11 certificates.
Reported by Joseph Peruski.
** libgnutls: Fixed issue with unexpected non-fatal errors resetting the
handshake's hash buffer, in applications using the heartbeat extension
or DTLS. Reported by Joeri de Ruiter.
** libgnutls: fix issue in DTLS retransmission when session tickets
were in use; reported by Manuel Pégourié-Gonnard.
** libgnutls: Prevent abort() in library if getrusage() fails. Try to
detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work.
** guile: new 'set-session-server-name!' procedure; see the manual for
details.
** API and ABI modifications:
No changes since last version.
|
|
get its version number.
|
|
Changes since 20141129:
+ bring over lint changes from src/crypto version of this utility
+ add a helper function to get an element from a cursor
+ added a small compile and test script, which uses BSD makefiles
+ change WARNS level in BSD Makefile from 6 to 5 - changes to make
WARNS=6 compile are way too intrusive and distracting to be useful
+ bump version to 20141204
|
|
Changes:
* The patch for SUPPORT-147 got integrated upstream.
* Regenerate enforcer/utils/Makefile.in diff
Upstream changes:
* SUPPORT-147: Zone updating via zone transfer can get stuck
* Crash on 'retransfer command when not using DNS adapters.
|
|
|
|
2.007 2014/11/26
- make getline/readline fall back to super class if class is not sslified yet,
i.e. behave the same as sysread, syswrite etc.
This fixes RT#100529
|
|
+ enhancement to tiger.c (from apb, IIRC) to use the union rather than
dubious and probably unportable casts.
+ bump version number
|
|
PR pkg/49312.
|
|
|
|
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
https://github.com/krb5/krb5/commit/3bf9e33f9d66c0eef486cbd83f9e4f13a74d12c3.diff
|
|
Noteworthy changes in version 1.3.2 (2014-11-25) [C19/A11/R3]
------------------------------------------------
* Fixed a buffer overflow in ksba_oid_to_str.
Noteworthy changes in version 1.3.1 (2014-09-18)
------------------------------------------------
* Fixed memory leak in CRL parsing.
* Build fixes for Windows, Android, and ppc64el.
|
|
|
|
This is a client library for accessing resources protected by OAuth
2.0.
|
|
|
|
Python-RSA is a pure-Python RSA implementation. It supports encryption
and decryption, signing and verifying signatures, and key generation
according to PKCS#1 version 1.5. It can be used as a Python library
as well as on the commandline.
|
|
|
|
This is a small but growing collection of ASN.1 data structures
expressed in Python terms using the pyasn1 data model.
It's thought to be useful to protocol developers and testers.
|
|
2.006 2014/11/22
- Make (hopefully) non-blocking work on windows by using EWOULDBLOCK instead of
EAGAIN. While this is the same on UNIX it is different on Windows and socket
operations return there (WSA)EWOULDBLOCK and not EAGAIN. Enable non-blocking
tests on Windows too.
- make PublicSuffix::_default_data thread safe
- update PublicSuffix with latest list from publicsuffix.org
|
|
|
|
patch from Бородулин Виталий in pkgsrc-users@.
|
|
|
|
code branch fro SoftHSMv2: ensure created pkcs8 file is not
group- or world-readable.
Rename patch-aa to patch-Makefile.in, and add a comment.
Bump PKGREVISION.
|
|
|
|
|