summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2008-06-26-pflkmpeter1-2/+1
2008-06-26Remove security/pflkm, it's outdated and unmaintained.peter9-392/+0
Approved by agc.
2008-06-25don't pass DESTDIR in CPPFLAGS, from Stephen Borrilldrochner1-2/+2
2008-06-22DESTDIR support.joerg1-3/+5
2008-06-21Add p5-Digest-MD5-File.he1-1/+2
2008-06-21Import p5-Digest-MD5-File version 0.06.he3-0/+29
Get MD5 sums for files of a given path or content of a given url.
2008-06-20Add DESTDIR support.joerg50-109/+191
2008-06-19- Switch to use vendor_dir with Ruby 1.8.7.taca4-21/+23
Bump PKGREVISION.
2008-06-16Fix shared library build on various architectures. This basically fiddlestonnerre3-20/+20
with the number of colons between the fields.
2008-06-16Add missing directory.joerg3-5/+9
2008-06-15Add detection for pf 4.1 and 4.2.peter1-2/+10
2008-06-12Add DESTDIR support.joerg52-200/+286
2008-06-10RE: pkg/38922: security/libprelude fails to buildshannonjr3-5/+6
Applied Hasso Tepper recommended fix. Thank you.
2008-06-07Add more patches, now for MITKRB5-SA-2007-006, MITKRB5-SA-2008-001 andtonnerre8-10/+421
MITKRB5-SA-2008-002. Bump PKGREVISION now finally.
2008-06-07Add patches for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005. PKGREVISIONtonnerre4-28/+132
will be bumped again once some other patches are in.
2008-06-07Remove parts of a different security patch which slipped in but are nottonnerre13-47/+46
supported yet. Don't bump revision as the package didn't build before.
2008-06-07Add security patches for 3 Kerberos vulnerabilities:tonnerre14-3/+932
- telnetd username and environment sanitizing vulnerabilities ("-f root") as described in MIT Kerberos advisory 2007-001. - krb5_klog_syslog() problems with overly long log strings as described in MIT Kerberos advisory 2007-002. - GSS API kg_unseal_v1() double free vulnerability as described in the MIT Kerberos advisory 2007-003.
2008-06-03Fix two Denial of Service vulnerabilities in OpenSSL 0.9.8g:tonnerre4-2/+35
- Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a silent crash. - Fix double free in TLS server name extensions which could lead to a remote crash. Patches from upstream.
2008-06-02Missing to add bin/chkutmp when updated to 0.47.obache2-2/+4
Noticed by Hasso Tepper in PR 38822. Bump PKGREVISION.
2008-06-01Try to fix build failure on Solaris, it does not have LOG_AUTHPRIV.obache2-1/+16
2008-05-30Restore NetBSD specific part of the patch which got lost in thetron2-6/+14
last commit.
2008-05-30Fix build problem under Mac OS X caused by broken code to supporttron2-13/+16
getpeereid() .
2008-05-29update to 2.22.2drochner4-12/+12
changes: -Fix importing keys from hkp keyservers -build fixes
2008-05-29update to 2.22.2drochner3-26/+15
changes: -minor UI improvements -bugfixes -portability improvements, in particular for credential passing on local sockets -- unfortunately a bit of the patch I submitted upstream got lost
2008-05-29Restore PKG_SYSCONFDIR support, lost in the last update. Bump PKGREVISION.schmonz3-2/+18
2008-05-27Make this package work on Mac OS X.agc4-5/+59
2008-05-27Update to stunnel-4.24.tnn7-35/+28
4.24: fix security problem (properly reject revoked certs) 4.23: WinNT bugfix 4.22: - A new global option to control logging to syslog. Simultaneous logging to a file and the syslog is now possible. - A new service level option to control stack size. - Restored chroot() to be executed after decoding numerical userid and groupid values in drop_privileges(). - A few bugs fixed the in the new libwrap support code. - TLSv1 method used by default in FIPS mode instead of SSLv3 client and SSLv23 server methods. 4.21: - Initial FIPS 140-2 support (see INSTALL.FIPS for details). - Experimental fast support for non-MT-safe libwrap is provided with pre-spawned processes. - Stunnel binary moved from /usr/local/sbin to /usr/local/bin in order to meet FHS and LSB requirements. - Added code to disallow compiling stunnel with pthreads when OpenSSL is compiled without threads support. - Minor manual update. - TODO file updated. - Dynamic locking callbacks added (needed by some engines to work). - AC_ARG_ENABLE fixed in configure.am to accept yes/no arguments. - On some systems libwrap requires yp_get_default_domain from libnsl, additional checking for libnsl was added to the ./configure script. - Sending a list of trusted CAs for the client to choose the right certificate restored. - Some compatibility issues with NTLM authentication fixed.
2008-05-27Mark as not for bulk building on HPUXtnn1-1/+3
2008-05-26Second round of explicit pax dependencies. As reminded by tnn@,joerg7-16/+26
many packages used to use ${PAX}. Use the common way of directly calling pax, it is created as tool after all.
2008-05-25Improve previous patch to still build on NetBSD 4.0 branch.wiz2-6/+9
Addresses PR 38744.
2008-05-25Explicitly add pax dependency in those Makefiles that use it (or havejoerg1-1/+3
patches to add it). Drop pax from the default USE_TOOLS list. Make bsdtar the default for those places that wanted gtar to extract long links etc, as bsdtar can be built of the tree.
2008-05-24Require libgcrypt>=1.2.2. Noticed by Steve Bellovin in pkgsrc-users@.obache1-3/+3
And also require opencdk>=0.6.5.
2008-05-22Remove textproc/p5-String-Random which was a duplicate oftnn2-7/+7
security/p5-String-Random. Merge changes from the textproc one into the security one.
2008-05-22Update to gnutls-2.2.5.tnn2-6/+6
* Version 2.2.5 (released 2008-05-19) Fix flaw in fix for GNUTLS-SA-2008-1-3. * Version 2.2.4 (released 2008-05-19) Fix three security vulnerabilities. [GNUTLS-SA-2008-1] [GNUTLS-SA-2008-1-1] libgnutls: Fix crash when sending invalid server name. [GNUTLS-SA-2008-1-2] libgnutls: Fix crash when sending repeated client hellos. [GNUTLS-SA-2008-1-3] libgnutls: Fix crash in cipher padding decoding for invalid record lengths. * Version 2.2.3 (released 2008-05-06) Increase default handshake packet size limit to 48kb. Fix compilation error related to __FUNCTION__ on some systems. Documented the --priority option to gnutls-cli and gnutls-serv. Fix fopen file descriptor leak in PSK server code. Build Guile code with -fgnu89-inline only when supported. Make Camellia encryption work.
2008-05-21Update gsasl to 0.2.26.obache3-9/+11
Based on patch provided by Eric Schnoebelen in PR 38692. While here, marked as DESTDIR support. Also fix CONFIGURE option for GSSAPI implement (I don't know from when). * Version 0.2.26 (released 2008-05-05) ** Translations files not stored directly in git to avoid merge conflicts. This allows us to avoid use of --no-location which makes the translation teams happier. ** Build fixes for the documentation. ** Update gnulib files. * Version 0.2.25 (released 2008-03-10) ** gsasl: Fix buffering issue to avoid mixing stdout/stderr outputs. This would manifest itself when redirecting output to a pipe, such as when used with Gnus. Reported by Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>, see <http://thread.gmane.org/gmane.comp.gnu.gsasl.general/123>. ** Fix non-portable use of brace expansion in makefiles. * Version 0.2.24 (released 2008-01-15) ** Link self-tests with gnulib, to fix link failures under MinGW. * Version 0.2.23 (released 2008-01-15) ** Improve CRAM-MD5 self-test to detect if challenges are the same. ** Improve gsasl --help and --version to conform with GNU standards. ** Use gettext 0.17. ** Update gnulib files. * Version 0.2.22 (released 2007-10-08) ** Development git tree moved to savannah. See <https://savannah.gnu.org/projects/gsasl/>. ** Fix warnings when building the tool 'gsasl'. ** Update gnulib files.
2008-05-17Fix MAINTAINER address typo since initial import.obache2-4/+4
tech-pkg at jp.NetBSD.org => tech-pkg-ja at jp.NetBSD.org
2008-05-15update to 1.7.3drochner4-7/+35
changes: -direct-tcpip support -bug fixes pkgsrc change: disable use of Python setuptools (gives unpredictable results)
2008-05-15Fix build on NetBSD-current with openssl-current, by adding a "const".wiz2-4/+13
2008-05-14libhcrypto.la only seems to get installed if we're building on 3.x or older,jwise2-4/+7
so make it only end up in the PLIST if that is the case.
2008-05-14Update security/seudo pacakge to 1.6.p16.taca2-7/+7
Major changes since Sudo 1.6.9p15: o There was missing whitespace before the ldap libraries in the Makefile for some configurations. o LDAPS_PORT may not be defined on older Solaris LDAP SDKs. o If the LDAP server could not be contacted and the user was not present in sudoers, a syntax error in sudoers was incorrectly reported.
2008-05-09Add and enable stegtunnelagc1-1/+2
2008-05-09Initial import of stegtunnel-0.4 into the packages collection.agc11-0/+264
Stegtunnel provides a covert channel in the IPID and sequence number fields of any desired TCP connection. It requires the server and client to have a previously shared secret in common to detect and decrypt the data.
2008-05-08Supports DESTDIR.joerg1-1/+3
2008-05-08Supports DESTDIRjoerg1-1/+3
2008-05-08Fix build of OpenSSL on NetBSD/amd64 (4.0 and current tested)tonnerre2-4/+4
2008-05-05Add missing library (libhcrypto) to PLIST, allowing sudo to build againstjwise2-2/+4
this heimdal on 3.x. Bump PKGREVISION.
2008-05-01Note addition of security/ruby-ezcrypto.jlam1-1/+2
2008-05-01Initial import of ruby18-ezcrypto-0.7 as security/ruby-ezcrypto.jlam4-0/+60
EzCrypto is an easy-to-use wrapper around the poorly documented OpenSSL Ruby library. Features include: * Defaults to AES 128 CBC * Will use OpenSSL library for transparent hardware crypto support * Single-class object-oriented access to most commonly used features * Ruby-like syntax
2008-04-30Drop maintainershipjmmv2-4/+4
Stop lying and drop maintainership of these packages. I have not maintained them for a very long time already, so leave room for fresh blood to take over them.
2008-04-30Re: pkg/38549 (Support for DragonFly to security/pcsc-lite)shannonjr3-1/+29
Synopsis: Support for DragonFly to security/pcsc-lite Incorporated fix submitted by Hasso Tepper.