| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
PR#45765.
Bump PKGREVISION of cy2-gssapi plugin package.
|
|
When an encryption key is supplied via the TELNET protocol, its length
is not validated before the key is copied into a fixed-size buffer.
|
|
|
|
actually seem to change anything (with gsed).
|
|
build dependence on gsed.
Bump PKGREVISION.
|
|
|
|
Note: pinentry may need INCOMPAT_CURSES to be set for some platforms.
|
|
When an encryption key is supplied via the TELNET protocol, its length
is not validated before the key is copied into a fixed-size buffer.
This is a remote root exploit that is being actively exploited in the wild.
|
|
|
|
with it.
|
|
|
|
|
|
Remove line from distinfo for non-existing patch.
I guess the non-existing patch might have fixed it up, but as it's not
there....
|
|
|
|
|
|
Bump PKGREVISION
|
|
Bump PKGREVISION
|
|
1) Update two configuration files to include DragonFly, which results in
additional generated files.
2) Update PLIST.DragonFly (it was wrong in any case)
|
|
Drop ${PHP_BASE_VARS} from PKGVERSION by default.
It used to be required to support multiple php version.
But after PHP version based ${PHP_PKG_PREFIX} was introduced,
such trick is not required anymore.
In addition to this, such version name schme invokes unwanted version bump
when base php version is bumped, plus, such version scheme is hard to
use for DEPENDS pattern.
To avoid downgrading of package using such legacy version scheme,
PECL_LEGACY_VERSION_SCHEME is introduced.
If it is defined, current version scheme is still used for currently
supported PHP version (5 and 53), but instead of ${PHP_BASE_VARS},
current fixed PHP base version in pkgsrc is used to avoid unwanted version bump
from update of PHP base package.
With newer PHP (54, or so on), new version scheme will be used if
it is defined.
This trick will not be required and should be removed after php5 and php53 will
be gone away from pkgsrc.
|
|
DragonFly in on OpenSSL 1.0 and this package wasn't building due to the
missing MD5 digest that no longer builds by default on the latest versions
of OpenSSL. FreeBSD already ran into this and patched qca-ossl, and this
ports their fix to pkgsrc.
|
|
Bump PKGREVISION
|
|
(seen in bulk build)
-fix obvious typo in asm code (fixes i386 build)
-don't install nettle library to avoid conflict with pkgsrc/nettle
bump PKGREV
|
|
* liboath: Fix build so that OATH_VERSION_NUMBER is actually defined.
It was an empty value in the last release due to a bug in the build
scripts.
Version 1.10.3
* liboath: Allow strcmp callback to return negative to signal errors.
* Fix bugs in build scripts for generating version numbers.
* Update gnulib files.
|
|
|
|
|
|
Bugfixes:
* Signer: Use debug instead of warning for drudgers queue being full,
also sleep 10 ms if it is full to not hog CPU. This increased signing speed
on single core machines by a factor of 2.
|
|
|
|
|
|
Version 4.50, 2011.12.03, urgency: MEDIUM:
New features
Added Android port.
Updated INSTALL.FIPS.
Bugfixes
Fixed internal memory allocation problem in inetd mode.
Fixed FIPS mode on Microsoft Vista, Server 2008, and Windows 7. This fix required to compile OpenSSL FIPS-compliant DLLs with MSVC 9.0, instead of MSVC 10.0. msvcr100.dll was replaced with msvcr90.dll. GPL compatibility issues are explained in the GPL FAQ: http://www.gnu.org/licenses/gpl-faq.html#WindowsRuntimeAndGPL
POP3 server-side protocol negotiation updated to report STLS capability (thx to Anthony Morgan).
Version 4.49, 2011.11.28, urgency: MEDIUM:
Bugfixes
Missing Microsoft Visual C++ Redistributable (msvcr100.dll) required by FIPS-compliant OpenSSL library was added to the Windows installer.
A bug was fixed causing crashes on MacOS X and some other platforms.
Version 4.48, 2011.11.26, urgency: MEDIUM:
New features
FIPS support on Win32 platform added. OpenSSL 0.9.8r DLLs based on FIPS 1.2.3 canister are included with this version of stunnel. FIPS mode can be disabled with "fips = no" configuration file option.
Bugfixes
Fixed canary initialization problem on Win32 platform.
Version 4.47, 2011.11.21, urgency: MEDIUM:
Internal improvements
CVE-2010-3864 workaround improved to check runtime version of OpenSSL rather than compiled version, and to allow OpenSSL 0.x.x >= 0.9.8p.
Encoding of man page sources changed to UTF-8.
Bugfixes
Handling of socket/SSL close in transfer() function was fixed.
Logging was modified to save and restore system error codes.
Option "service" was restricted to Unix, as since stunnel 4.42 it wasn't doing anything useful on Windows platform.
|
|
platform files except Darwin. Also add the *_sse2 entries to Darwin.
Note that both *_amd64 and *_sse2 are conditional on x86_64, so this
division of files per platform is easier to do by PLIST tweaks than by
further Makefile conditionals.
This fixes the build of botan under OS X Lion with ABI=64 and should be
a no-op for all other platforms.
|
|
|
|
|
|
|
|
|
|
that makes it possible to build one-time password authentication systems.
Supported technologies include the event-based HOTP algorithm and the
time-based TOTP algorithm.
OATH is the Open AuTHentication organization which specify the algorithms.
|
|
|
|
Remove it from the default list for the rest.
|
|
|
|
Upstream changes:
Gisle Aas (6):
Less noisy 'git status' output
Merge pull request #1 from schwern/bug/require_eval
Don't clobber $@ in Digest->new [RT#50663]
More meta info added to Makefile.PL
Fix typo in RIPEMD160 [RT#50629]
Add schwern's test files
Michael G. Schwern (5):
Turn on strict.
Convert tests to use Test::More
Untabify
Turn Digest::Dummy into a real file which exercises the
Digest->new() require logic.
Close the eval "require $module" security hole in Digest->new($algorithm)
|
|
|
|
|
|
|
|
It supports ticket refreshing by screen savers, configurable
authorization handling, authentication of non-local accounts for network
services, password changing, and password expiration, as well as all the
standard expected PAM features.
|
|
* Noteworthy changes in release 2.11 (2011-11-25) [stable]
- qa: Now builds without compiler warnings with Solaris CC.
- qa: Added clang analysis. Fixed cyclomatic complexity output.
- tests: Added self-test of bit string functions.
- build: Added windows/libtasn14win.mk rules to produce Windows binaries.
- build: Don't hard code path to perl in doc/gdoc.
- Various minor fixes.
|
|
* This version will be dedicated to Darren Besler, thank you for your major
contribution!
* libtac version is now 1.7.1
* magic.c: magic_inited is only used for linux
* Finally got rid of all goto illness!
* Changed tabsize to 4
* Fixed missing xalloc.h in authen_s.c
* Get PAM_RHOST from PAM stack and use it as rem_addr
* Added _pam_get_rhost() and _pam_get_user()
* A long list of things done by Darren Besler...
* A list of bugs fixed by Darren Besler...
* And other things done by Darren Besler...
1.3.4
* removed encrypt option just check if there is a secret (key).
* removed first_hit option because you can get the same behaviour by using only
one server.
* added multiple secret support.
* connect.c: improved connection error handling by using getpeername() to check
if connection is still valid.
* properly handle multiple servers when authenticating.
1.3.3
* pam_tacplus.h: changed bitflags to hex.
* Added gitignore for build stuff.
* connect.c: removed ifdef for sys/socket.h, it will be included anyway for
other platforms.
* connect.c: improved connection error handling.
1.3.2
* Added autotool configuration files.
* Added pam_tacplus.spec file.
* Added license information to all files and the license itself.
* All AV pairs are now available to the PAM environment.
* Rewritten attribute loop in function pam_sm_acct_mgmt() for debug and
future use of AV pairs.
* Fixed attribute buffer in author_r.c.
1.3.1
* Added custom password prompt option.
* Removed password logging when in debug mode.
1.3.0
* Released version 1.3.0 based on 1.2.13.
This release finally includes support for TACACS+ chap and login
authentication. The default is still pap for backward compatibility.
1.2.13
* Changed spaces into tabs for pam_tacplus.c so make it more readable.
* Did some minor cleanup.
* Added login option so you can choose which TACACS+ authentication you want to
use. You can use pap, chap or login (ascii) at the moment. The default login
option is pap.
* Added cont_s.c needed for TACACS+ login authentication.
1.2.12
* Missing network byte order convertion to host byte order in function's
tac_account_read, tac_authen_pap_read and tac_author_read.
* Fixed potential memory leak.
|
|
./src/.libs/libgcrypt.so: undefined reference to `assert'
|
|
The majority of these patches were inspired from FreeBSD's ports. FreeBSD,
along with at least Debian, have removed Kerberos4 due to secuity concerns.
From: http://web.mit.edu/kerberos/krb4-end-of-life.html :
"Serious protocol flaws[2] have been found in Kerberos 4. These flaws permit
attacks which require far less effort than an exhaustive search of the DES
key space. These flaws make Kerberos 4 cross-realm authentication an
unacceptable security risk and raise serious questions about the security of
the entire Kerberos 4 protocol.
The known insecurity of DES, combined with the recently discovered protocol
flaws, make it extremely inadvisable to rely on the security of version 4 of
the Kerberos protocol. These factors motivate the MIT Kerberos Team to remove
support for Kerberos version 4 from the MIT implementation of Kerberos."
This end-of-life announcement is dated 19 October 2006. I think it's a
good question to ask why this package and the packages that depend on it
are still in pkgsrc.
|
|
signing-party (1.1.4-1) unstable; urgency=low
.
[ Thijs Kinkhorst ]
* caff:
+ Correct path of ~/.caffrc in informational messages (Closes: #582603).
+ Be more verbose on unexpected key ID (Closes: #645792).
* gpg-key2ps:
+ Apply patch from Uwe Kleine-König to deal with latin1 characters
(Closes: #596377).
.
[ Franck Joncourt ]
* gpg-mailkeys:
+ Correct path of ~/.gpg-mailkeysrc and ~/.signature in manpage.
+ Add new environment variable SENDMAIL_ARGS to allow user to pass
arguments to sendmail (closes: #599409).
* caff:
+ Refactor import of own key and import for keys to sign from keyrings.
+ Also automatically import keys to sign from the user's normal gpg
keyrings.
+ Use --no-auto-check-trustdb when importing keys from files or
the user's normal gpg keyrings (closes: #539643).
.
[ Peter Palfrader ]
* caff:
+ manpage: Refer to all of /usr/share/doc/signing-party/caff/ and not
just to /usr/share/doc/signing-party/caff/caffrc.sample
(closes: #568052).
+ Fix horrible &function calls used because of broken prototypes.
+ Even if all keys to sign were found in the user's normal gpg
keyrings we still need to import them (again) from any keyrings
passed with --key-files - the keys there might be newer, containing
new subkeys (for encryption), uids (for signing) or revocations.
+ Make importing of keys to be signed from the normal gpg optional
(--keys-from-gnupg).
+ refactor copying of command line options into global config variable.
+ Create the mail files in ~/.caff/keys even if mail is not sent
(closes: #590666).
|
|
|
|
|
