| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
* authpam.c (callback_pam): Call pam_end() after an authentication attempt.
* Makefile.am: Renamed authstaticlist.h to courierauthstaticlist.h, and
added it to the list of header files that 'make install' puts into
includedir.
* Fix gcc 4.6 warnings
* courier.spec.in: switch to systemd.
* Fix autoconf warnings.
* courier-authlib.spec: Make rmplint happy.
|
|
Parallelize signature verification (-n option)
|
|
|
|
https://github.com/krb5/krb5/commit/ca2909440015d33be42e77d1955194963d8c0955
|
|
* Noteworthy changes in release 2.13 (2012-05-31) [stable]
- Updated fix for DER decoding issue to not depend on specific compilers.
- Updated DER decoding check to apply to short form integers as well.
|
|
|
|
This module provides a Perl API for the BSDs' arc4random(3) suite
of functions and adds a few high-level functions, such as the new
arc4random_uniform(3). The Perl functions are ithreads-safe (only
if threads::shared is required). Scalars can be tied to this pak-
kage, yielding uniformly distributed random numbers with an arbi-
trary upper bound on read access, contributing to the RC4 entropy
pool on write access. An exported global $RANDOM variable returns
15-bit unsigned random numbers, from [0; 32767], similar to mksh.
Furthermore, Perl's internal PRNG is seeded with entropy obtained
from the arc4random generator once on module load time.
|
|
=== 2.5.2 / 25 May 2012
* Fix for Net::SSH::KnownHosts::SUPPORTED_TYPE [Marco Sandrini]
=== 2.5.1 / 24 May 2012
* Added missing file to manifest [Marco Sandrini]
=== 2.5.0 / 24 May 2012
* Implement many algorithms [Ryosuke Yamazaki]
* Key Exchange
* diffie-hellman-group14-sha1
* ecdh-sha2-nistp{256,384,521}
* Host Key
* ecdsa-sha2-nistp{256,384,521}
* Authentication
* ecdsa-sha2-nistp{256,384,521}
* HMAC
* hmac-ripemd160
* Cipher:
* aes{128,192,256}-ctr
* camellia{128,192,256}-ctr
* blowfish-ctr
* cast128-ctr
* 3des-ctr
* arcfour (has problems with weak keys, and should be used with caution)
* camellia{128,192,256}-cbc
=== 2.4.0 / 17 May 2012
* Support for JRuby + Pageant + Windows [arturaz]
|
|
|
|
|
|
Collection.
The is the Perl application bundle for ClusterSSH (a.k.a cssh), formally
a GNU tools based project.
ClusterSSH is a tool for making the same change on multiple servers at
the same time. The 'cssh' command opens an administration console and
an xterm to all specified hosts. Any text typed into the administration
console is replicated to all windows. All windows may also be typed into
directly.
This tool is intended for (but not limited to) cluster administration
where the same configuration or commands must be run on each node
within the cluster. Performing these commands all at once via this
tool ensures all nodes are kept in sync.
|
|
The OpenSSH LDAP Public Key patch provides an easy way of centralizing strong
user authentication by using an LDAP server for retrieving public keys instead
of ~/.ssh/authorized_keys.
|
|
from 0.52 to 0.57.
Upstream changes:
0.57 Dec 21, 2011
- quote equal sign
- do not quote commas
0.56_01 Dec 8, 2011
- rsync methods were failing when user was defined (bug report
by black_fire)
- detect when the destructor is being called from a different
thread (bug report by troy99 at PerlMonks)
- support for Net::OpenSSH::Gateway added
0.55 Dec 6, 2011
- solve regression from 0.53_03: rsync methods were broken
because the hostname was not being correctly removed from
the ssh command passed to rsync (bug report by Mithun
Ayachit)
0.54 Dec 4, 2011
- release as stable
0.53_05 Nov 23, 2011
- scp methods were broken when a user was given (bug report by
Andrew J. Slezak)
- add support for verbose option in scp methods
- implement parse_connections_opts
- solve bug related to expansion of HOST var when an IPv6
address was given
- move FACTORY docs to the right place
- add FAQ about running remote commands via sudo
- add sample for Net::Telnet integration
- add sample for sudo usage reading password from DATA
0.53_04 Sep 2, 2011
- add default_ssh_opts feature
- getpwuid may fail, check $home is defined before using it
- add FAQ entry about MaxSessions limit reached
- move FACTORY docs to the right place
0.53_03 Aug 18, 2011
- handling of default_std*_file was broken (bug report and
patch by Nic Sandfield)
- keep errors from opening default slave streams
- add Net::OpenSSH::ConnectionCache package
- add FACTORY hook
- place '--' in ssh command after host name
- add support for die_on_error
- add support for batch_mode feature
- typo in sample code corrected (reported by Fernando Sierra)
- using { stdin_data => [] } was generating warnings
0.53_02 Jul 12, 2011
- add support for custom login handlers
- remove SIG{__WARN__} localizations
0.53_01 May 15, 2011
- quoter and glob_quoter fully rewritten from scratch
- quoter was not handling "\n" correctly (bug report and work
around by Skeeve)
- minor doc improvements
|
|
security/p5-IO-Socket-SSL from 1.66 to 1.74.
Upstream changes:
v1.74 2012.05.13
- accept a version of SSLv2/3 as SSLv23, because older documentation
could be interpreted like this
v1.73 2012.05.11
- make test t/dhe.t hopefully work for more version of openssl
Thanks to paul[AT]city-fan[DOT]org for providing bug reports and
testing environment
v1.72 2012.05.10
- set DEFAULT_CIPHER_LIST to ALL:!LOW instead of HIGH:!LOW
Thanks to dcostas[AT]gmail[DOT]com for problem report
v1.71 2012.05.09
- 1.70 done right. Also don't disable SSLv2 ciphers, SSLv2 support is better
disabled by the default SSL_version of 'SSLv23:!SSLv2'
v1.70 2012.05.08
- make it possible to disable protols using SSL_version, make SSL_version
default to 'SSLv23:!SSLv2'
v1.69 2012.05.08
- re-added workaround in t/dhe.t
v1.68 2012.05.07
- remove SSLv2 from default cipher list, which makes failed tests after last
change work again, fix behvior for empty cipher list (use default)
v1.67 2012.05.07
- https://rt.cpan.org/Ticket/Display.html?id=76929
thanks to d[DOT]thomas[AT]its[DOT]uq[DOT]edu[DOT]au for reporting
- if no explicit cipher list is given it will now default to ALL:!LOW instead
of the openssl default, which usually includes weak ciphers like DES.
- new config key SSL_honor_cipher_order and documented how to use it to fight
BEAST attack.
|
|
from 1.45 to 1.48.
Upstream changes since 1.45:
1.48 2012-04-25
Removed unneeded Debian_CPANTS.txt from MANIFEST.
Fixed incorrect documentation about the best way to call CTX_set_options.
Fixed problem that caused Undefined subroutine utf8::encode @
t/local/33_x509_create_cert.t (on perl 5.6.2). Thanks to kmx.
In examples and pod documentations, changed #!/usr/local/bin/perl to #!/usr/bin/perl.
t/local/06_tcpecho.t now tries a number of ports to bind to until
successful.
1.47 2012-04-04
Fixed overlong lines in pod, patch from Salvatore Bonaccorso, Debian Perl
Group
Fixed spelling errors in pod, patch from Salvatore Bonaccorso, Debian Perl
Group
Fixed extra "garbage" files in 1.46 tarball. Patch from kmx.
Fixed incorrect fail reports on some 64 bit platforms. Patch from paul.
Fix to avoid FAIL reports from cpantesters with missing openssl
Use my_snprintf from ppport.h to prevent link failures with perl 5.8 and
earlier when compiled with MSVC.
1.46 2012-04-03
Fixed a problem reported by Atoomic:
When bootstrapping Net::SSleay ( with DynaLoader ) if you override the SIG{DIE} signal, using
Net::SSLeay will result in an error.
Recreated META.yml, added META.yml to dist
Fixed typo: the word "corresponding" was mis-spelled as "coresponding"
throughout the POD. Patched by kmx.
Updated META.yml to include repository and bugtracker
Constants cleanup - removing non existing constants (perhaps from pre-0.9.6 era) - kmx
Automatic constants.c generation via helper_script/regen_openssl_constants.pl - kmx
Future changes in constants now under better control via
t/local/21_constants.t - kmx
Added missing new files
Reordering @EXPORT_OK (constants first, functions next) - kmx
Adding missing 51 constants to @EXPORT_OK + test to keep it in sync - kmx
Instructions "howto add new constant" added to helper_script/regen_openssl_constants.pl - kmx
NEWLY INTRODUCED CONSTANTS:
- Net::SSLeay::ASN1_STRFLGS_ESC_CTRL
- Net::SSLeay::ASN1_STRFLGS_ESC_MSB
- Net::SSLeay::ASN1_STRFLGS_ESC_QUOTE
- Net::SSLeay::ASN1_STRFLGS_RFC2253
- Net::SSLeay::ERROR_WANT_ACCEPT
- Net::SSLeay::EVP_PKS_DSA
- Net::SSLeay::EVP_PKS_EC
- Net::SSLeay::EVP_PKS_RSA
- Net::SSLeay::EVP_PKT_ENC
- Net::SSLeay::EVP_PKT_EXCH
- Net::SSLeay::EVP_PKT_EXP
- Net::SSLeay::EVP_PKT_SIGN
- Net::SSLeay::EVP_PK_DH
- Net::SSLeay::EVP_PK_DSA
- Net::SSLeay::EVP_PK_EC
- Net::SSLeay::EVP_PK_RSA
- Net::SSLeay::MBSTRING_ASC
- Net::SSLeay::MBSTRING_BMP
- Net::SSLeay::MBSTRING_FLAG
- Net::SSLeay::MBSTRING_UNIV
- Net::SSLeay::MBSTRING_UTF8
- Net::SSLeay::OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
- Net::SSLeay::OP_CISCO_ANYCONNECT
- Net::SSLeay::OP_CRYPTOPRO_TLSEXT_BUG
- Net::SSLeay::OP_LEGACY_SERVER_CONNECT
- Net::SSLeay::OP_NO_TLSv1_1
- Net::SSLeay::OP_NO_TLSv1_2
- Net::SSLeay::OP_SINGLE_ECDH_USE
- Net::SSLeay::OP_TLS_BLOCK_PADDING_BUG
- Net::SSLeay::X509_V_FLAG_CHECK_SS_SIGNATURE
- Net::SSLeay::X509_V_FLAG_EXTENDED_CRL_SUPPORT
- Net::SSLeay::X509_V_FLAG_POLICY_MASK
- Net::SSLeay::X509_V_FLAG_USE_DELTAS
- Net::SSLeay::X509_V_OK
- Net::SSLeay::XN_FLAG_COMPAT
- Net::SSLeay::XN_FLAG_DN_REV
- Net::SSLeay::XN_FLAG_DUMP_UNKNOWN_FIELDS
- Net::SSLeay::XN_FLAG_FN_ALIGN
- Net::SSLeay::XN_FLAG_FN_LN
- Net::SSLeay::XN_FLAG_FN_MASK
- Net::SSLeay::XN_FLAG_FN_NONE
- Net::SSLeay::XN_FLAG_FN_OID
- Net::SSLeay::XN_FLAG_FN_SN
- Net::SSLeay::XN_FLAG_MULTILINE
- Net::SSLeay::XN_FLAG_ONELINE
- Net::SSLeay::XN_FLAG_RFC2253
- Net::SSLeay::XN_FLAG_SEP_COMMA_PLUS
- Net::SSLeay::XN_FLAG_SEP_CPLUS_SPC
- Net::SSLeay::XN_FLAG_SEP_MASK
- Net::SSLeay::XN_FLAG_SEP_MULTILINE
- Net::SSLeay::XN_FLAG_SEP_SPLUS_SPC
- Net::SSLeay::XN_FLAG_SPC_EQ
A number of tests were present in svn, but missing from MANIFEST, and
were therefore not included in the dist. Added.
NEWLY INTRODUCED FUNCTIONS:
- Net::SSLeay::ASN1_INTEGER_free
- Net::SSLeay::ASN1_INTEGER_get
- Net::SSLeay::ASN1_INTEGER_new
- Net::SSLeay::ASN1_INTEGER_set
- Net::SSLeay::EVP_PKEY_assign_RSA
- Net::SSLeay::EVP_PKEY_bits
- Net::SSLeay::EVP_PKEY_free
- Net::SSLeay::EVP_PKEY_new
- Net::SSLeay::EVP_PKEY_size
- Net::SSLeay::EVP_get_cipherbyname
- Net::SSLeay::OPENSSL_add_all_algorithms_conf
- Net::SSLeay::OPENSSL_add_all_algorithms_noconf
- Net::SSLeay::OpenSSL_add_all_algorithms
- Net::SSLeay::PEM_get_string_PrivateKey
- Net::SSLeay::PEM_get_string_X509_CRL
- Net::SSLeay::PEM_get_string_X509_REQ
- Net::SSLeay::PEM_read_bio_PrivateKey
- Net::SSLeay::PEM_read_bio_X509
- Net::SSLeay::PEM_read_bio_X509_REQ
- Net::SSLeay::P_ASN1_INTEGER_get_dec
- Net::SSLeay::P_ASN1_INTEGER_get_hex
- Net::SSLeay::P_ASN1_INTEGER_set_dec
- Net::SSLeay::P_ASN1_INTEGER_set_hex
- Net::SSLeay::P_ASN1_STRING_get
- Net::SSLeay::P_X509_CRL_add_revoked_serial_hex
- Net::SSLeay::P_X509_CRL_get_serial
- Net::SSLeay::P_X509_CRL_set_serial
- Net::SSLeay::P_X509_REQ_add_extensions
- Net::SSLeay::P_X509_REQ_get_attr
- Net::SSLeay::P_X509_add_extensions
- Net::SSLeay::P_X509_copy_extensions
- Net::SSLeay::P_X509_get_crl_distribution_points
- Net::SSLeay::P_X509_get_ext_key_usage
- Net::SSLeay::P_X509_get_key_usage
- Net::SSLeay::P_X509_get_netscape_cert_type
- Net::SSLeay::P_X509_get_pubkey_alg
- Net::SSLeay::P_X509_get_signature_alg
- Net::SSLeay::P_PKCS12_load_file
- Net::SSLeay::X509V3_EXT_print
- Net::SSLeay::X509_CRL_digest
- Net::SSLeay::X509_CRL_free
- Net::SSLeay::X509_CRL_get_issuer
- Net::SSLeay::X509_CRL_get_lastUpdate
- Net::SSLeay::X509_CRL_get_nextUpdate
- Net::SSLeay::X509_CRL_get_version
- Net::SSLeay::X509_CRL_new
- Net::SSLeay::X509_CRL_set_issuer_name
- Net::SSLeay::X509_CRL_set_lastUpdate
- Net::SSLeay::X509_CRL_set_nextUpdate
- Net::SSLeay::X509_CRL_set_version
- Net::SSLeay::X509_CRL_sign
- Net::SSLeay::X509_CRL_sort
- Net::SSLeay::X509_CRL_verify
- Net::SSLeay::X509_EXTENSION_get_critical
- Net::SSLeay::X509_EXTENSION_get_data
- Net::SSLeay::X509_EXTENSION_get_object
- Net::SSLeay::X509_NAME_ENTRY_get_data
- Net::SSLeay::X509_NAME_ENTRY_get_object
- Net::SSLeay::X509_NAME_add_entry_by_NID
- Net::SSLeay::X509_NAME_add_entry_by_OBJ
- Net::SSLeay::X509_NAME_add_entry_by_txt
- Net::SSLeay::X509_NAME_cmp
- Net::SSLeay::X509_NAME_digest
- Net::SSLeay::X509_NAME_entry_count
- Net::SSLeay::X509_NAME_get_entry
- Net::SSLeay::X509_NAME_print_ex
- Net::SSLeay::X509_REQ_add1_attr_by_NID
- Net::SSLeay::X509_REQ_digest
- Net::SSLeay::X509_REQ_free
- Net::SSLeay::X509_REQ_get_attr_by_NID
- Net::SSLeay::X509_REQ_get_attr_by_OBJ
- Net::SSLeay::X509_REQ_get_attr_count
- Net::SSLeay::X509_REQ_get_pubkey
- Net::SSLeay::X509_REQ_get_subject_name
- Net::SSLeay::X509_REQ_get_version
- Net::SSLeay::X509_REQ_new
- Net::SSLeay::X509_REQ_set_pubkey
- Net::SSLeay::X509_REQ_set_subject_name
- Net::SSLeay::X509_REQ_set_version
- Net::SSLeay::X509_REQ_sign
- Net::SSLeay::X509_REQ_verify
- Net::SSLeay::X509_certificate_type
- Net::SSLeay::X509_digest
- Net::SSLeay::X509_get_ext_count
- Net::SSLeay::X509_get_pubkey
- Net::SSLeay::X509_get_serialNumber
- Net::SSLeay::X509_get_version
- Net::SSLeay::X509_issuer_and_serial_hash
- Net::SSLeay::X509_issuer_name_hash
- Net::SSLeay::X509_new
- Net::SSLeay::X509_pubkey_digest
- Net::SSLeay::X509_set_issuer_name
- Net::SSLeay::X509_set_pubkey
- Net::SSLeay::X509_set_serialNumber
- Net::SSLeay::X509_set_subject_name
- Net::SSLeay::X509_set_version
- Net::SSLeay::X509_sign
- Net::SSLeay::X509_subject_name_hash
- Net::SSLeay::X509_verify
- Net::SSLeay::d2i_X509_CRL_bio
- Net::SSLeay::d2i_X509_REQ_bio
- Net::SSLeay::d2i_X509_bio
- Net::SSLeay::set_tlsext_host_name
- Net::SSLeay::CTX_set_next_protos_advertised_cb
- Net::SSLeay::CTX_set_next_proto_select_cb
- Net::SSLeay::P_next_proto_negotiated
- Net::SSLeay::P_next_proto_last_status
Fixed a problem with multiple Safefree of GLOBAL_openssl_mutex when run
under apache2+mod_perl on recent Debain distros. Removed END and
openssl_threads_cleanup() since they can be called during thread
destruction, and not necessarily at process exit time.
Added missing helper_script/regen_openssl_constants.pl to MANIFEST. Add
MANIFEST to svn.
Fixed reported errors about try to plan twice in 21_constants.t on some platforms.
Removed MANIFEST from svn, improve possibility to use Module::Install in Net-SSleay
distribution in usual way. new target for make manifest
Fix 2 issues with CTX_use_PKCS12_file
1/ leaking memory - missing EVP_PKEY_free + X509_free
2/ pkcs12 filesize limitation
Fixed problems with regenerating scripts in Makefile.PL
Added missing dependencies for SSLeay.o to Makefile.PL
Added missing test files to svn
Fixed calling convention for Net::SSLeay::get_shared_ciphers + test + doc update
Added coding guidelines to SSLeay.xs
Fix for serial number issue.
Major patch to refactor callback code to make it more extensible and
remove duplicate code. Thanks to kmx.
Fixed a problem in t/local/07_sslecho.t when running on
openssl-0.9.6
Fixed pod parsing errors reported by Olivier Mengué
Better prevention of leaking SVs in the new callback stuff
Debug messages in SSLeay.xs can be enabled by: perl Makefile.PL DEFINE=-DSHOW_XS_DEBUG
Fixing X509_NAME_oneline (calling OPENSSL_free at the right place)
Fixed a problem with crashing when run under apache2+modssl+modperl on
Debian Wheezy. Now detects if it is running under ModPerl and uses ModSSLs
thread locking instead.
Added more debg printing. Enable with
perl Makefile.PL DEFINE=-DSHOW_XS_DEBUG
Added NPN support, thanks to kmx
Added t/local/40_npn_support.t tests for new NPN support
Fixed some compiler warnings. Courtesy kmx.
Fixed a problem with Win32 detection. Courtesy kmx.
|
|
security/p5-Digest-MD5-File from 0.07nb3 to 0.08.
pkgsrc changes:
- Digest::MD5 distributed with Perl5 core satisfies dependency, CPAN
module is not required
Upstream changes:
0.08 Fri Apr 6 19:39:52 2012
- Address rt 76174 (accept a filename that ends with a space)
- Address rt 44106 (Documentation issue)
- Address rt 39898 (Inconsistent results from adddir)
|
|
from 0.17 to 0.18.
Upstream changes:
0.18 Sat Nov 12 23:09:05 2011
- added convenience wrappers for 'cont', #70672
- fixed few issues in xs code, #70674
- added openpgparmor support, #72387
|
|
This is a new major stable release. Brief changes compared to 1.6.x:
* SAML20 support following RFC 6595.
* OPENID20 support following RFC 6616.
* Added SMTP server examples (for e.g., SCRAM, SAML20, OPENID20).
* Various cleanups, portability and other bug fixes.
See the NEWS entries during the 1.7.x branch for details.
|
|
* libgnutls: When decoding a PKCS #11 URL the pin-source field is assumed to be
a file that stores the pin.
* libgnutls: Added strict tests in Diffie-Hellman and SRP key exchange public
keys.
* minitasn1: Upgraded to libtasn1 version 2.13 (pre-release).
|
|
2.6
===
* [CVE-2012-2417] Fix LP#985164: insecure ElGamal key generation.
(thanks: Legrandin)
In the ElGamal schemes (for both encryption and signatures), g is
supposed to be the generator of the entire Z^*_p group. However, in
PyCrypto 2.5 and earlier, g is more simply the generator of a random
sub-group of Z^*_p.
The result is that the signature space (when the key is used for
signing) or the public key space (when the key is used for encryption)
may be greatly reduced from its expected size of log(p) bits, possibly
down to 1 bit (the worst case if the order of g is 2).
While it has not been confirmed, it has also been suggested that an
attacker might be able to use this fact to determine the private key.
Anyone using ElGamal keys should generate new keys as soon as practical.
Any additional information about this bug will be tracked at
https://bugs.launchpad.net/pycrypto/+bug/985164
* Huge documentation cleanup (thanks: Legrandin).
* Added more tests, including test vectors from NIST 800-38A
(thanks: Legrandin)
* Remove broken MODE_PGP, which never actually worked properly.
A new mode, MODE_OPENPGP, has been added for people wishing to write
OpenPGP implementations. Note that this does not implement the full
OpenPGP specification, only the "OpenPGP CFB mode" part of that
specification.
https://bugs.launchpad.net/pycrypto/+bug/996814
* Fix: getPrime with invalid input causes Python to abort with fatal error
https://bugs.launchpad.net/pycrypto/+bug/988431
* Fix: Segfaults within error-handling paths
(thanks: Paul Howarth & Dave Malcolm)
https://bugs.launchpad.net/pycrypto/+bug/934294
* Fix: Block ciphers allow empty string as IV
https://bugs.launchpad.net/pycrypto/+bug/997464
* Fix DevURandomRNG to work with Python3's new I/O stack.
(thanks: Sebastian Ramacher)
* Remove automagic dependencies on libgmp and libmpir, let the caller
disable them using args.
* Many other minor bug fixes and improvements (mostly thanks to Legrandin)
|
|
* OPENDNSSEC-228: Signer Engine: Make 'ods-signer update' reload signconfs
even if zonelist has not changed.
* OPENDNSSEC-231: Signer Engine: Allow for Classless IN-ADDR.ARPA names
(RFC 2317).
* OPENDNSSEC-234: Enforcer: Add indexes for foreign keys in kasp DB. (sqlite
only, MySQL already has them.)
* OPENDNSSEC-246: Signer Engine: Warn if <Audit/> is in signer configuration,
but ods-auditor is not installed
* OPENDNSSEC-249: Enforcer: ods-ksmutil: If key export finds nothing to do
then say so rather than display nothing which might be misinterpreted.
Bugfixes:
* OPENDNSSEC-247: Signer Engine: TTL on NSEC(3) was not updated on SOA
Minimum change.
* OPENDNSSEC-253: Enforcer: Fix "ods-ksmutil zone delete --all"
|
|
* Increased performance by adding more indexes to the database.
* Describe the usage of SO and user PIN in the README.
Bugfixes:
* Detect if a C++ compiler is missing.
|
|
its name.
|
|
|
|
Bump PKGREVISION.
|
|
|
|
|
|
|
|
AuthCAS aims at providing a Perl API to Yale's Central Authentication System
(CAS). Only a basic Perl library is provided with CAS whereas AuthCAS is a
full object-oriented library.
|
|
Fix seuciry problem of CVE-2012-2337.
What's new in Sudo 1.7.9p1?
* Fixed a bug when matching against an IP address with an associated
netmask in the sudoers file. In certain circumstances, this
could allow users to run commands on hosts they are not authorized
for.
What's new in Sudo 1.7.9?
* Fixed a false positive in visudo strict mode when aliases are
in use.
* The line on which a syntax error is reported in the sudoers file
is now more accurate. Previously it was often off by a line.
* The #include and #includedir directives in sudoers now support
relative paths. If the path is not fully qualified it is expected
to be located in the same directory of the sudoers file that is
including it.
* visudo will now fix the mode on the sudoers file even if no changes
are made unless the -f option is specified.
* The "use_loginclass" sudoers option works properly again.
* For LDAP-based sudoers, values in the search expression are now
escaped as per RFC 4515.
* Fixed a race condition when I/O logging is not enabled that could
result in tty-generated signals (e.g. control-C) being received
by the command twice.
* If none of the standard input, output or error are connected to
a tty device, sudo will now check its parent's standard input,
output or error for the tty name on systems with /proc and BSD
systems that support the KERN_PROC_PID sysctl. This allows
tty-based tickets to work properly even when, e.g. standard
input, output and error are redirected to /dev/null.
* Fixed a bug where a pattern like "/usr/*" included /usr/bin/ in
the results, which would be incorrectly be interpreted as if the
sudoers file had specified a directory.
* "visudo -c" will now list any include files that were checked
in addition to the main sudoers file when everything parses OK.
* Users that only have read-only access to the sudoers file may
now run "visudo -c". Previously, write permissions were required
even though no writing is down in check-only mode.
What's new in Sudo 1.7.8p2?
* Fixed a crash in the monitor process on Solaris when NOPASSWD
was specified or when authentication was disabled.
|
|
|
|
I can't test it though right now due to some kind of JVM lossage.
|
|
|
|
|
|
The Cryptokit library for Objective Caml provides a variety of
cryptographic primitives that can be used to implement cryptographic
protocols in security-sensitive applications. The primitives provided
include:
Symmetric-key cryptography: AES, DES, Triple-DES, ARCfour, in ECB,
CBC, CFB and OFB modes. Public-key cryptography: RSA encryption and
signature; Diffie-Hellman key agreement. Hash functions and MACs:
SHA-1, MD5, and MACs based on AES and DES. Random number generation.
Encodings and compression: base 64, hexadecimal, Zlib compression.
Additional ciphers and hashes can easily be used in conjunction
with the library. In particular, basic mechanisms such as chaining
modes, output buffering, and padding are provided by generic classes
that can easily be composed with user-provided ciphers. More
generally, the library promotes a "Lego"-like style of constructing
and composing transformations over character streams.
|
|
man-pages/Makefile.
|
|
OpenSSL CHANGES
_______________
Changes between 0.9.8w and 0.9.8x [10 May 2012]
*) Sanity check record length before skipping explicit IV in DTLS
to fix DoS attack.
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
fuzzing as a service testing platform.
(CVE-2012-2333)
[Steve Henson]
*) Initialise tkeylen properly when encrypting CMS messages.
Thanks to Solar Designer of Openwall for reporting this issue.
[Steve Henson]
|
|
contains OAuth spec compatible fixes.
|
|
|
|
perl-5.14, and perl-5.14 is pkgsrc's default, depend on at least that
version. Bump PKGREVISION.
|
|
- RT 56454 - Win32 compatibility patch (kmx@cpan.org)
0.27 Wed Jun 29 2011 - Todd Rinaldo (TODDR)
- RT 65947 - Fix RSA.pm break with perl 5.14+
|
|
It turns out there were a lot of these.
|
|
|
|
|
|
The Google Authenticator includes implementations of one-time passcode
generators for several mobile platforms as well as a pluggable
authentication module (PAM). One-time passcodes are generated using
open standards developed by the Initiative for Open Authentication
(OATH) (which is unrelated to OAuth).
These implementations support the HMAC-Based One-time Password (HOTP)
algorithm specified in RFC 4226 and the Time-based One-time Password
(TOTP) algorithm specified in RFC 6238.
Because upstream does not provide a distribution file (yet), I have
pre-packaged the sources myself as of today and uploaded them to
ftp.n.o under my own directory. This explains the 0.0 prefix in the
version number, because if upstream starts providing distfiles with
proper versioning, we don't want our date stamp to be "above" all
official versions.
|
|
|
|
|
|
tool that, in addition to basic syntactic and semantic zone checks,
includes DNSSEC signature verification and NSEC/NSEC3 chain validation,
as well a number of optional policy checks on the zone.
|
|
a bus error on sparc (since 64 bit time_t).
|
