summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2004-12-19Fix build on NetBSD 2.0 - configure script tried to link program withjdolecek3-2/+21
libssl without linking also libcrypto, which fails on 2.0 since libssl doesn't have recorded the libcrypto dependency; fix by disabling the checkLibrary() call when QC_WITH_OPENSSL_LIB is supplied PR: 28576
2004-12-19ick: openssl builds PIC static libraries and then later uses them togrant2-6/+23
build shared libraries. on Darwin with xlc, this fails because of the way xlc invokes Darwin's in-base libtool to create shared libraries, meaning that the -all_load argument cannot be used to import all symbols. work around this the same way as UnixWare does it, by listing the archive library contents and linking the object files into the shared library individually. also remove some other assumed gcc'isms to make this build on Darwin with xlc. XXX maybe this pkg should be libtool'ized?
2004-12-19this won't build with xlc without some work, mark it as such.grant1-1/+3
2004-12-18add hack for missing socklen_t typedef handling. fixes build ongrant3-5/+24
Darwin.
2004-12-18minor whitespace nit.jlam1-2/+2
2004-12-18Always create a ${TOOLS_DIR}/bin/rpcgen to wrap the real rpcgen.jlam3-6/+3
The wrapper will correctly set the CPP environment variable to a stat((2)able path to a C preprocessor, then rely on the PATH to find and invoke the real rpcgen. Remove NO_EXPORT_CPP in package Makefiles where it was used just to avoid problems with rpcgen. The build system now just does the right thing automatically without needing package-specific knowledge. This fixes PR pkg/27272.
2004-12-18ignore getopt_long() on Darwin because there is no prototype for it,grant1-1/+10
nor declaration for "struct option". fixes build on Darwin.
2004-12-18Fix a typo that caused us not to check the correct header for the presencejlam1-2/+2
of "des_cblock". This fixes PR pkg/28703.
2004-12-18add a comment regarding the -rpath filterjdolecek1-1/+3
2004-12-17Update to 0.9.6mnb2: Don't install (deprecated) der_chop examplewiz4-8/+16
script, since it has insecure temp file handling.
2004-12-17Add work around to fix bulk build problem on Solaris;taca1-1/+2
one Makeifle.in lacks newline in the last line.
2004-12-15Convert to set USE_OLD_DES_API=yes, and remove unnecessary patches tojlam5-372/+4
teach fressh how to use either DES API. Bump PKGREVISION since on NetBSD>=2.0, fressh gains a library dependency on -ldes.
2004-12-14Add build dependency on pkgconfig.minskim1-1/+2
2004-12-14Sort buildlink3 files.minskim1-3/+3
2004-12-14Change the way that openssl/builtin.mk handles the USE_OLD_DES_API flag.jlam4-81/+57
The idea is to prevent needing to patch source files for packages that use OpenSSL for DES support by ensuring that including <openssl/des.h> will always present the old DES API. (1) If des_old.h exists, then we're using OpenSSL>=0.9.7, and <openssl/des.h> already does the right thing. (2) If des_old.h doesn't exist, then one of two things is happening: (a) If <openssl/des.h> is old and (only) supports the old DES API, then <openssl/des.h> does the right thing. (b) If it's NetBSD's Special(TM) one that stripped out the old DES support into a separate library and header (-ldes, <des.h>), then we create a new header <openssl/des.h> that includes the system one and <des.h>. Also modify existing packages that set USE_OLD_DES_API to simply include <openssl/des.h> instead of either <des.h> or <openssl/des_old.h> (This step is mostly just removing unnecessary patches). This should fix building packages that use OpenSSL's old DES API support on non-NetBSD systems where the built-in OpenSSL is at least 0.9.7.
2004-12-12Add (unsigned char) cast to ctype functions; taken from the NetBSD trunk.kleink6-1/+117
2004-12-11Create directories before putting files in them. This should fixjlam1-1/+2
PR pkg/28480.
2004-12-11Provide an SSLKEYS variable that points to the location where OpenSSLjlam1-2/+6
private keys are likely to be installed. Patch directly from PR pkg/28477 by Jason Thorpe.
2004-12-07Remove as maintainer of this package because I've not used for quitetron1-2/+2
some time.
2004-12-07Fix libtool calls to include --mode.wiz2-15/+15
2004-12-07Fix previous (incomplete ALL_TARGET -> BUILD_TARGET change.wiz1-5/+8
While here, fix libtool calls in Makefile to use --mode.
2004-12-07Fix buildling problems on some machines, PR#28562adam2-1/+15
2004-12-05Update p5-Digest-SHA from version 5.27 to 5.28.he2-5/+5
Change log: 5.28 Wed Nov 10 15:33:20 MST 2004 - provided more flexible formatting of SHA state files -- entries may now contain embedded whitespace for improved readability - minor code cleanups
2004-12-05Update p5-Digest-MD4 from version 1.3 to 1.5.he2-5/+5
Change log: *** 2004/09/13 Version 1.4 Fixed Makefile problems on some versions of perl 5.8.0 *** 2004/11/17 Version 1.5 ActivePerl version adds hexhash() for compatibility Contributed by Gisle Aas
2004-12-05Update p5-Digest from version 1.08 to 1.10.he2-5/+5
Change log: 2004-11-08 Gisle Aas <gisle@ActiveState.com> Release 1.10 Added Digest::file module which provide convenience functions that calculate digests of files. 2004-11-05 Gisle Aas <gisle@ActiveState.com> Release 1.09 Fix trivial documentation typo.
2004-12-05Update to 4.1.1. Drop maintainership (I don't remember why I added this one,jmmv3-11/+16
and no package is using it ATM). 4.1.1: - Fixed shared library version info. 4.1.0: - Added SHA-384 and SHA-512 algorithms. - Added HMAC-SHA-384 and HMAC-SHA-512 algorithms. - Added generic SSE2 optimization for the above algorithms. - Added more digest algorithms for PKCS#1 EMSA. - Optimized swap32 and swap64 routines on Linux. - Fixed missing definition in mpopt.h for s390x. - Fixed nostackexec configuration bug. - Fixed problem in Date::toString. - Fixed deadlock problem which occured in certain cases where security or crypto SPI constructor called getInstance for another security or crypto SPI. - Fixed a bug in the generic CBC encryption code; when called with nblocks == 1, the feedback was set incorrectly. - Fixed a bug in mpbsubmod; sometimes it takes multiple additions of the modulus to get a positive number. - Fixed PowerPC 64-bit configuration problem on Linux. 4.0.0: - Added a C++ API interface, modeled after Java's security & crypto API. - Added the new GNU noexecstack feature. - Added more x86_64 and s390x assembler routines. - Modified i2osp, so that it only requires as many octets as there are significant bytes in the multi-precision integers. - Fixed a bug in the creation of rsa keypairs; code was not correctly migrated to new calling sequence. The code now implements the method described in IEEE P.1363. - Fixed another bug in mpextgcd_w which sometimes returned incorrect results. - Fixed a bug in mprshiftlsz, which didn't work correctly when size = 1. - Fixed a configuration problem on Tru64 Unix. 3.1.0: - Added wiping of private key components of keypairs before freeing. - Fixed bug in mpextgcd_w which sometimes returned incorrect result. - Fixed error in PowerPC 64-bit assembler symbol definitions.
2004-12-05Follow template builtin.mk file in bsd.builtin.mk.jlam1-11/+20
2004-12-04Switch to use RUBY_DLEXT as suffix of extention library.taca4-12/+12
2004-12-04Changes up to 20041204:peter2-5/+5
* improved cleanup routines to make sure that no memory is leaking. * applied patch to pf.c from OPENBSD_3_6 branch: fix a bug that leads to a crash when binat rules of the form 'binat from ... to ... -> (if)' are used, where the interface is dynamic. * added (unsigned char) casts to ctype functions. * added experimental patch for ALTQ support. * applied patch to pfctl_parser.c from OPENBSD_3_6 branch: do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.h * applied patch to pf.c from OPENBSD_3_6 branch: The flag to re-filter pf-generated packets was set wrong by synproxy for ACKs. It should filter the ACK replayed to the server, instead of of the one to the client. * applied patch to pf.c from OPENBSD_3_6 branch: For RST generated due to state mismatch during handshake, don't set th_flags TH_ACK and leave th_ack 0, just like the RST generated by the stack in this case. Fixes the Raptor workaround. * applied patch to pf_lkm.c from NetBSD HEAD: pfil4_wrapper, pfil6_wrapper: ensure that mbufs are writable beforehand as pf assumes it. * applied patch to pf.c from OPENBSD_3_6 branch: reset anchor pointer to NULL when stepping back into the main ruleset, fixes pflog attributing states wrongly to anchors and pfctl -vvsn/sr showing wrong state counters for anchor rules.
2004-12-04Too many (un)signed char problems on -current: turn off -Werror.wiz1-1/+3
2004-12-04Set USE_OLD_DES_API and replace custom changes to work with NetBSD-2.0'sjlam4-148/+55
OpenSSL, with patches to use <openssl/des_old.h>.
2004-12-03Attempt to deal with the differing DES APIs between OpenSSL 0.9.6 (injlam1-1/+56
pkgsrc and in NetBSD-1.6.x) and OpenSSL 0.9.7 (in NetBSD-2.0), by creating a new yes/no variable USE_OLD_DES_API that flags whether the package wants to use the old DES API. If USE_OLD_DES_API is "yes", then: * For OpenSSL 0.9.6, symlink ${BUILDLINK_DIR}/include/openssl/des_old.h to ${SSLBASE}/include/openssl/des.h. * For NetBSD 2.0's "special" installation of OpenSSL 0.9.7, symlink ${BUILDLINK_DIR}/include/openssl/des_old.h to /usr/include/des.h, and transform "-lcrypto" into "-ldes -lcrypto". This makes it behave like stock OpenSSL 0.9.7 where the old DES functions are part of libcrypto. Software that wants to use the old DES API should be taught to do it in a way that works with a stock installation of OpenSSL 0.9.7 -- by including <openssl/des_old.h> and linking against "-lcrypto". Software that wants to use the new DES API should simply depend on openssl>=0.9.7. This change has no impact on existing packages as the new code is active only when USE_OLD_DES_API == "yes".
2004-12-03Deleting patch-ab because it's included in release 1.9.13.shannonjr1-20/+0
2004-12-03Update to release 1.9.13.shannonjr2-6/+5
This is mainly a maintenance release to support new options in dirmngr (to be released soon): * [gpgsm] New option --prefer-system-dirmngr. * Minor cleanups and debugging aids.
2004-12-03Update to release 0.9.10. This is a bugfix release.shannonjr2-5/+5
2004-12-03reorder: commands are specified using WRAPPER_REORDER_CMDS, notjlam1-2/+2
BUILDLINK_TRANSFORM.
2004-12-03Rename ALL_TARGET to BUILD_TARGET for consistency with other *_TARGETs.wiz25-62/+62
Suggested by Roland Illig, ok'd by various.
2004-12-03Fix typo, reported by imil on tech-pkg.wiz1-2/+2
2004-12-02bump version # in binaryitojun1-3/+3
2004-12-02upgrade to 20040818a. staibility fixesitojun2-6/+5
2004-12-01Update to 0.10, prompted by César Catrián C. on tech-pkg:wiz3-9/+21
Version 0.10 * Fixed bugs * Moved project over to sourceforge.net * Change of project ownership
2004-12-01Fix compilation error on LP64 due to a prototype mismatch. (Arg changedtv2-1/+15
from time_t to long, but prototype wasn't updated to match.)
2004-12-01"the the" -> "the"wiz1-1/+1
2004-12-01Remove part of the builtin version detection that doesn't work properly.peter1-19/+3
It can't be fixed easily because the pflkm package uses different versioning (dates instead of 3.5, 3.6, etc). So just disable it for now until I've found a better way to handle this. Approved by wiz.
2004-11-30Correct the location of the config files in the man page.jlam1-3/+7
2004-11-30- Honor PKG_SYSCONFDIR.taca9-39/+137
- move store directory to under PKG_SYSCONFDIR. - add missing fix to top level configure.
2004-11-30Update to 1.6.8pl5.xtraeme2-6/+6
Changes: o Added a configure check for systems with a 2-argument version of timespecsub (like BSD/OS). o Added stub struct defintions to sudo.h to quiet compiler warnings on some systems. o In sudoers Defaults lines, tuples like "lecture" may now be used without a value, restoring their old boolean-like nature. o Invalid values for a tuple are now handled correctly.
2004-11-29Update AiCA package to 0.81.taca10-20/+161
- Changes are unknown. - License restriction is removed now. - Try to keep configuration to ${PREFIX}/etc/AiCA.
2004-11-29Update from release 0.6.8 - a bug fix update.shannonjr2-5/+5
2004-11-29Include bsd.prefs.mk before adding to CFLAGS, just in case.tv1-1/+3