Age | Commit message (Collapse) | Author | Files | Lines |
|
Major changes since Sudo 1.6.9p9:
o Moved LDAP options into a table for simplified parsing/setting.
o Fixed a problem with how some LDAP options were being applied.
o Added support for connecting directly to LDAP servers via SSL/TLS
for servers that don't support the start_tls extension.
|
|
be installed at the same time; also speedup build by disabling building
tests and other miscellaneous cleanup
bump PKGREVISION
|
|
|
|
(for qca 1.x), so that kdenetwork3 works again
XXX these should be renamed to qca1* after current freeze
|
|
|
|
|
|
having both qca 1.x and qca 2.x in tree
|
|
|
|
|
|
|
|
is not available, but the project now depends on QT 4.2 and was incorporated
into KDE4 too
|
|
versions, fixes PR pkg/37545 by Ondrej Tuma, and makes special handling
of Darwin unnecessary (tested by Matthias Scheler)
|
|
Changes:
Update to version 1.7.1. Changes:
v1.7.1 (Amy) 10jun07
--------------------
* windows SSH agent support can use the 'ctypes' module now if 'win32all' is
not available [patch from alexander belchenko]
* SFTPClient.listdir_attr() now preserves the 'longname' field [patch from
wesley augur]
* SFTPClient.get_channel() API added
* SSHClient constuctor takes an optional 'timeout' parameter [patch from
james bardin]
v1.7 (zubat) 18feb07
--------------------
* added x11 channel support (patch from david guerizec)
* added reverse port forwarding support
* (bug 75370) raise an exception when contacting a broken SFTP server
* (bug 80295) SSHClient shouldn't expand the user directory twice when reading
RSA/DSS keys
* (bug 82383) typo in DSS key in SSHClient
* (bug 83523) python 2.5 warning when encoding a file's modification time
* if connecting to an SSH agent fails, silently fallback instead of raising
an exception
v1.6.4 (yanma) 19nov06
----------------------
* fix setup.py on osx (oops!)
* (bug 69330) check for the existence of RSA/DSA keys before trying to open
them in SFTPClient
* (bug 69222) catch EAGAIN in socket code to workaround a bug in recent
Linux 2.6 kernels
* (bug 70398) improve dict emulation in HostKeys objects
* try harder to make sure all worker threads are joined on Transport.close()
v1.6.3 (xatu) 14oct06
---------------------
* fixed bug where HostKeys.__setitem__ wouldn't always do the right thing
* fixed bug in SFTPClient.chdir and SFTPAttributes.__str__ [patch from
mike barber]
* try harder not to raise EOFError from within SFTPClient
* fixed bug where a thread waiting in accept() could block forever if the
transport dies [patch from mike looijmans]
v1.6.2 (weedle) 16aug06
-----------------------
* added support for "old" group-exchange server mode, for compatibility
with the windows putty client
* fixed some more interactions with SFTP file readv() and prefetch()
* when saving the known_hosts file, preserve the original order [patch from
warren young]
* fix a couple of broken lines when exporting classes (bug 55946)
v1.6.1 (vulpix) 10jul06
-----------------------
* more unit tests fixed for windows/cygwin (thanks to alexander belchenko)
* a couple of fixes related to exceptions leaking out of SFTPClient
* added ability to set items in HostKeys via __setitem__
* HostKeys now retains order and has a save() method
* added PKey.write_private_key and PKey.from_private_key
v1.6 (umbreon) 10may06
----------------------
* pageant support on Windows thanks to john arbash meinel and todd whiteman
* fixed unit tests to work under windows and cygwin (thanks to alexander
belchenko for debugging)
* various bugfixes/tweaks to SFTP file prefetch
* added SSHClient for a higher-level API
* SFTP readv() now yields results as it gets them
* several APIs changed to throw an exception instead of "False" on failure
|
|
- added USE_TOOLS - it should build now on NetBSD, Dragonfly
- new maintainer
- PKGREVISION bump
|
|
|
|
* Bug fix release
|
|
bump PKGREVISION.
A little bug fix seems to applied.
-rw-r--r-- 1 taca taca 578259 Dec 3 19:38 sudo-1.6.9p9.tar.gz-prev
-rw-r--r-- 1 taca taca 578262 Dec 5 00:27 sudo-1.6.9p9.tar.gz
diff -dupNr sudo-1.6.9p9-20071203/parse.c sudo-1.6.9p9/parse.c
--- sudo-1.6.9p9-20071203/parse.c 2007-11-28 08:29:59.000000000 +0900
+++ sudo-1.6.9p9/parse.c 2007-12-05 00:26:40.000000000 +0900
@@ -90,7 +90,7 @@
#endif /* HAVE_EXTENDED_GLOB */
#ifndef lint
-__unused static const char rcsid[] = "$Sudo: parse.c,v 1.160.2.14 2007/10/24 16:43:27 millert Exp $";
+__unused static const char rcsid[] = "$Sudo: parse.c,v 1.160.2.15 2007/12/04 15:26:40 millert Exp $";
#endif /* lint */
/*
@@ -202,7 +202,7 @@ sudoers_lookup(pwflag)
return(VALIDATE_OK |
(no_passwd == TRUE ? FLAG_NOPASS : 0) |
(no_execve == TRUE ? FLAG_NOEXEC : 0) |
- (setenv_ok == TRUE ? FLAG_SETENV : 0));
+ (setenv_ok >= TRUE ? FLAG_SETENV : 0));
} else if ((runas_matches == TRUE && cmnd_matches == FALSE) ||
(runas_matches == FALSE && cmnd_matches == TRUE)) {
/*
@@ -212,7 +212,7 @@ sudoers_lookup(pwflag)
return(VALIDATE_NOT_OK |
(no_passwd == TRUE ? FLAG_NOPASS : 0) |
(no_execve == TRUE ? FLAG_NOEXEC : 0) |
- (setenv_ok == TRUE ? FLAG_SETENV : 0));
+ (setenv_ok >= TRUE ? FLAG_SETENV : 0));
}
}
top--;
diff -dupNr sudo-1.6.9p9-20071203/sudo.c sudo-1.6.9p9/sudo.c
--- sudo-1.6.9p9-20071203/sudo.c 2007-12-03 02:13:52.000000000 +0900
+++ sudo-1.6.9p9/sudo.c 2007-12-04 01:12:03.000000000 +0900
@@ -730,8 +730,10 @@ parse_args(argc, argv)
while (NewArgc > 0) {
if (NewArgv[0][0] == '-') {
- if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0')
+ if (NewArgv[0][1] != '\0' && NewArgv[0][2] != '\0') {
warnx("please use single character options");
+ usage(1);
+ }
switch (NewArgv[0][1]) {
case 'p':
|
|
Major changes since Sudo 1.6.9p8:
o The ALL command in sudoers now implies SETENV permissions.
o The command search is now performed using the target user's
auxiliary group vector, not just the target's primary group.
o When determining if the PAM prompt is the default "Password: ",
compare the localized version if possible.
o New passprompt_override option in sudoers to cause sudo's prompt
to be used in all cases. Also set when the -p flag is used.
|
|
|
|
|
|
|
|
|
|
|
|
pkgsrc-users.
|
|
Changes since 5.2.1:
5.2.2 - added SHA-224
- put SHA-256, SHA-384, SHA-512, RSASSA-PSS into DLL
5.2.3 - fixed issues with FIPS algorithm test vectors
- put RSASSA-ISO into DLL
5.3 - ported to MSVC 2005 with support for x86-64
- added defense against AES timing attacks, and more AES test vectors
- changed StaticAlgorithmName() of Rijndael to "AES", CTR to "CTR"
5.4 - added Salsa20
- updated Whirlpool to version 3.0
- ported to GCC 4.1, Sun C++ 5.8, and Borland C++Builder 2006
5.5 - added VMAC and Sosemanuk (with x86-64 and SSE2 assembly)
- improved speed of integer arithmetic, AES, SHA-512, Tiger, Salsa20,
Whirlpool, and PANAMA cipher using assembly (x86-64, MMX, SSE2)
- optimized Camellia and added defense against timing attacks
- updated benchmarks code to show cycles per byte and to time key/IV setup
- started using OpenMP for increased multi-core speed
- enabled GCC optimization flags by default in GNUmakefile
- added blinding and computational error checking for RW signing
- changed RandomPool, X917RNG, GetNextIV, DSA/NR/ECDSA/ECNR to reduce
the risk of reusing random numbers and IVs after virtual machine state
rollback
- changed default FIPS mode RNG from AutoSeededX917RNG<DES_EDE3> to
AutoSeededX917RNG<AES>
- fixed PANAMA cipher interface to accept 256-bit key and 256-bit IV
- moved MD2, MD4, MD5, PanamaHash, ARC4, WAKE_CFB into the namespace "Weak"
- removed HAVAL, MD5-MAC, XMAC
5.5.1 - fixed VMAC validation failure on 32-bit big-endian machines
5.5.2 - ported x64 assembly language code for AES, Salsa20, Sosemanuk, and Panama
to MSVC 2005 (using MASM since MSVC doesn't support inline assembly on x64)
- fixed Salsa20 initialization crash on non-SSE2 machines
- fixed Whirlpool crash on Pentium 2 machines
- fixed possible branch prediction analysis (BPA) vulnerability in
MontgomeryReduce(), which may affect security of RSA, RW, LUC
- fixed link error with MSVC 2003 when using "debug DLL" form of runtime library
- fixed crash in SSE2_Add on P4 machines when compiled with
MSVC 6.0 SP5 with Processor Pack
- added support for newly released compilers: MSVC 2008, GCC 4.2, Sun CC 5.9,
Intel C++ Compiler 10.0, and Borland C++Builder 2007
|
|
|
|
accept it.
|
|
Changes unknown.
|
|
changes:
-build fixes (not relevant to pkgsrc)
* Don't print out a warning message in applications using
libgnome-keyring when non-pageable memory cannot be allocated.
|
|
Noteworthy changes in version 0.6.6 (2007-11-15)
------------------------------------------------
* Slightly adjust the stream code.
The check for fflush is omitted because the return
value might be undefined. This fixes a problem reported
from the NetBSD team.
* Don't use __inline__ in src/cipher.c (breaks on Sun CC).
|
|
0.57 2007-09-17 20:45:20 UTC
- Honour both $ENV{NO_PROXY} and $ENV{no_proxy} in
Net::SSL::proxy_connect_helper. (Bug #29371 reported by Jan Dubois).
- $@ construction used in Net::SSL::connect was messed up, which could
lead to sub-optimal error reporting. (Bug #29372 reported by Jan
Dubois).
- Ensure no proxification is used in t/01-connect.t (which might be the
reason for all the spurious smoke failures). Bug #29373 reported by,
you guessed it, Jan Dubois).
- Silence a dubious fopen() warning in SSLeay.xs.
- s/Netware/NetWare/ in Net/SSL.pm platform check
- Improvements to Makefile.PL for dealing with platforms where openssl
is installed with ./include and ./lib as sibling directories rather
than child directories. This should allow the code to configure and
build "out of the box" on Solaris (and probably other proprietary
platforms).
- Don't carp in LICENSE key addition code in Makefile.PL
0.56_01 2007-08-09 21:59:47 UTC
- Various improvements to the Win32 configure code in Makefile.PL,
based on CPAN tickets #28431 and #28432, by Guenter Knauf,
notably to allow static linking and OpenSSL living in a relative
directory.
- Net::SSL: alarm() is not implemented on Netware platform, so don't
try to set one there. (Guenter Knauf).
- Should build on Solaris correctly (bug fix in include dir
specification). Based on fix suggested in CPAN bug #28680.
0.56 2007-07-10 19:08:20 UTC
- Purely a documentation issue raised by CPAN bug #27935. Users
of previous versions do not need to upgrade.
|
|
|
|
* fix for BUG 312: pam_ldap does not try to reconnect
when LDAP server closed the connection
|
|
* Version 2.0.4 (released 2007-11-16)
** Corrected bug in decompression of expanded compression data.
** API and ABI modifications:
No changes since last version.
|
|
- Update to Spanish -- David Gil
- Bug 1750697 base_header() is undefined fixed -- Juergen and Kevin Johnson
- Bug 1680965 sans lookup fails -- Jordan Wiens
- Updated Chinese language file -- Randy
- Added Sean Muller as the Project Manager -- Kevin Johnson
- Fixed error in contrib/base-rss.php -- Dan
- Added INSTALL and INSTALL.rtf files to docs directory -- Sean Muller
- Bug 1801192 XSS bug in BASE fixed -- Kevin Johnson and Sean Muller
- Bug 1760615 Sort order ignored -- Kevin Johnson and Jordan Weins
|
|
|
|
|
|
|
|
pkgsrc-users.
|
|
Lloyd Parkes in PR 37391.
|
|
|
|
in DNS. Mentioned by Zafer Aydogan in PR pkg/37331.
|
|
- Reduce patch size.
Build problem on DragonFly BSD was noted by YONETANI Tomokazu
via private mail.
|
|
From Zafer Aydogan in PR 37332.
|
|
From Zafer Aydogan in PR 37331.
|
|
From Zafer Aydogan in PR 37331.
|
|
From Zafer Aydogan in PR 37328.
|
|
From Zafer Aydogan in PR 37329.
|
|
* Version 2.0.3 (released 2007-11-10)
** This version backports several fixes from the 2.1.x branch.
** Fixed PKCS #3 parameter export.
** Added gnutls_record_disable_padding() to allow servers talking to
buggy clients that complain if the TLS 1.0 record protocol padding is
used.
** Introduced gnutls_session_enable_compatibility_mode() to allow enabling
all supported compatibility options (like disabling padding).
** Corrected bug which did not allow a server to run without supporting
certificates.
** API and ABI modifications:
gnutls_session_enable_compatibility_mode: ADDED
gnutls_record_disable_padding: ADDED
Add LICENSE, commented out; it contains both LGPL-2.1 and GPL2 code.
|
|
|