| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
pkgsrc notes:
o Tested on NetBSD/i386 (Jukka Salmi), Mac OSX 10.5 (Adrian Portelli),
Linux (Jeremy C. Reed), Tru64 5.1b (tnn), HP-UX 11i (tnn).
Because the Makefile system has been rewamped, other
platforms may require fixes. Please test if you can.
o OpenSSL can now be built with installation to DESTDIR.
Overview of important changes since 0.9.7i:
o Add gcc 4.2 support.
o DTLS improvements.
o RFC4507bis support.
o TLS Extensions support.
o RFC3779 support.
o New cipher Camellia
o Updated ECC cipher suite support.
o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
o Zlib compression usage fixes.
o Major work on the BIGNUM library for higher efficiency and to
make operations more streamlined and less contradictory. This
is the result of a major audit of the BIGNUM library.
o Addition of BIGNUM functions for fields GF(2^m) and NIST
curves, to support the Elliptic Crypto functions.
o Major work on Elliptic Crypto; ECDH and ECDSA added, including
the use through EVP, X509 and ENGINE.
o New ASN.1 mini-compiler that's usable through the OpenSSL
configuration file.
o Added support for ASN.1 indefinite length constructed encoding.
o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
o Complete rework of shared library construction and linking
programs with shared or static libraries, through a separate
Makefile.shared.
o Rework of the passing of parameters from one Makefile to another.
o Changed ENGINE framework to load dynamic engine modules
automatically from specifically given directories.
o New structure and ASN.1 functions for CertificatePair.
o Changed the key-generation and primality testing "progress"
mechanism to take a structure that contains the ticker
function and an argument.
o New engine module: GMP (performs private key exponentiation).
o New engine module: VIA PadLOck ACE extension in VIA C3
Nehemiah processors.
o Added support for IPv6 addresses in certificate extensions.
See RFC 1884, section 2.2.
o Added support for certificate policy mappings, policy
constraints and name constraints.
o Added support for multi-valued AVAs in the OpenSSL
configuration file.
o Added support for multiple certificates with the same subject
in the 'openssl ca' index file.
o Make it possible to create self-signed certificates using
'openssl ca -selfsign'.
o Make it possible to generate a serial number file with
'openssl ca -create_serial'.
o New binary search functions with extended functionality.
o New BUF functions.
o New STORE structure and library to provide an interface to all
sorts of data repositories. Supports storage of public and
private keys, certificates, CRLs, numbers and arbitrary blobs.
This library is unfortunately unfinished and unused withing
OpenSSL.
o New control functions for the error stack.
o Changed the PKCS#7 library to support one-pass S/MIME
processing.
o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
o New X509_VERIFY_PARAM structure to support parametrisation
of X.509 path validation.
o Change the default digest in 'openssl' commands from MD5 to
SHA-1.
o Added support for DTLS.
o New BIGNUM blinding.
o Added support for the RSA-PSS encryption scheme
o Added support for the RSA X.931 padding.
o Added support for files larger than 2GB.
o Added alternate pkg-config files.
|
|
From PR 37760.
|
|
|
|
All functionality in this package is now in pkg_install>=20070714.
As discussed on pkgsrc-users@ and OK'ed by agc@.
|
|
Noteworthy changes in version 1.4.8 (2007-12-20)
------------------------------------------------
*******************************************
* A decade of GnuPG: g10-0.0.0.tar.gz was *
* released exactly 10 years ago. *
*******************************************
* Changed the license to GPLv3.
* Improved detection of keyrings specified multiple times.
* Changes to better cope with broken keyservers.
* Minor bug fixes.
* The new OpenPGP standard is now complete, and has been published
as RFC-4880. The GnuPG --openpgp mode (note this is not the
default) has been updated to match the new standard. The
--rfc2440 option can be used to return to the older RFC-2440
behavior. The main differences between the two are
"--enable-dsa2 --no-rfc2440-text --escape-from-lines
--require-cross-certification".
* By default (i.e. --gnupg mode), --require-cross-certification is
now on. --rfc2440-text and --force-v3-sigs are now off.
* Allow encryption using legacy Elgamal sign+encrypt keys if
option --rfc2440 is used.
* Fixed the auto creation of the key stub for smartcards.
* Fixed a rare bug in decryption using the OpenPGP card.
* Fix RFC-4880 typo in the SHA-224 hash prefix. Old SHA-224
signatures will continue to work.
|
|
changes: minor fixes
|
|
changes: translation updates
|
|
Pkgsrc changes:
- Requires p5-Test-Exception and p5-Test-Warn for building and
p5-MIME-Base64 for running. The modules p5-Array-Compare, p5-Sub-Uplevel
and p5-Tree-DAG_Node are only used through p5-Test-Warn. Opened bug
id 32172 at rt.cpan.org for this.
- Needs a C compiler.
- Specified prefix for OpenSSL in order to avoid adding any search paths
to inc/Module/Install/PRIVATE/Net/SSLeay.pm.
- No more interactive questions (PERL_MM_USE_DEFAULT).
Changes since version 1.30:
===========================
- Mike McCauley and Florian Ragwitz maintain this module now
1.31_01 02.07.2007
- Only bind X509_STORE_set_trust #if OPENSSL_VERSION_NUMBER >=
0x0090800fL
- Removed %Filenum_Objects from Net::SSLeay::Handle so unused
handles will be freed.
- Use ppport.h.
- improved openssl path guessing, forcing openssl path now
requires the -path flag (caution: incompatible flag change)
Path guessing works on windows too.
mikem, with patches from Stas Bekman
- Added /usr/sfw/bin/openssl to path guessing for Open Solaris,
suggested by Igor Boehme.
- Fixed a problem with X509_get_subjectAltNames not working when the
subjectAltNAmes are the first extension. Reported by Achim Grolms
1.31_02 14.07.2007
- Fix linking problems on Windows. Tested with VC++ 6.0, Shining Light
0.9.7L on Windows Server 2003 with ActivePerl 5.8.8.820. Also tested
with OpenSSL 0.9.8e compiled from source.
- Unable to get working systems when compiling with MS Visual Studio
Express 2005. Contributions requested. This may be relevant:
http://www.itwriting.com/blog/?postid=261&replyto=2542
- Fixed a number of minor compile warnings on Windows
- Updated README.Win32 to define building procedures on Windows
- Fixed incorrect test failure reports in 08_external.
- Add parens to function calls in Makefile.PL to prevent
warnings with some perls.
- Tested on Sparc Solaris 8, Sparc Solaris 10, OpenSuSE 10.2 x64,
OpenSuSE 10.0 x86, FreeBSD 6.0 x86, Ubuntu 6.10, Fedora Core 6 x86
- Changed type of SSL_set_info_callback args to stop compiler warnings
on Windows
- Removed auto_include from Makefile.PL
- Removed build_requires('Test::NoWarnings') from Makefile.PL
- Testing with Strawberry Perl on Windows XP SP2, added doc to
README.Win32
- Testing with Perl CamelPack 5.8.7 on Windows XP SP2,added doc to
README.Win32
1.32 03.08.2007
- Don't let the tests die when something unexpected happens. Just
BAIL_OUT.
- Some Win32 improvements.
|
|
|
|
Pkgsrc changes:
- Added explicit licence identification.
Changes since version 5.44:
===========================
5.45 Tue Jun 26 02:36:00 MST 2007
- extended portability to earlier Perls
-- works on Perl 5.003 and later
-- thanks to Jim Doble for testing on legacy platforms
- updated META.yml to conform to current META spec (1.3)
- minor documentation fixes
|
|
Pkgsrc changes:
- A C compiler is necessary.
- Added explicit license identification.
- Removed patch-ab (fixed upstream).
Changes since version 0.24:
===========================
0.25 Sun May 20 2007 12:56:11
- Add a LICENSE file.
- Fix a bug (reported by many) in rsa.t - we were incorrectly counting
the number of tests in situations where use_sha512_hash was
not available.
|
|
Pkgsrc changes:
- The package supports installation to DESTDIR.
- A C compiler is necessary.
- Added explicit license identification.
Changes since version 0.03:
===========================
0.04 Sun May 20 13:41:04 2007
- Add a LICENSE file.
- Better use of types.
|
|
Pkgsrc changes:
- The package supports installation to DESTDIR.
- A C compiler is necessary.
- Added explicit license identification.
Changes since version 0.03:
===========================
0.04 Sun May 20 2007 13:08:23
- Add a LICENSE file.
- Add -DOPENSSL_NO_KRB5 to DEFINE to keep redhat happy.
|
|
Fixes PR pkg/37699 from Aleksey Cheusov.
|
|
637) Fixed a compilation problem on SCO related to how they
store the high resolution timestamps in struct stat.
638) Avoid checking the passwd file group multiple times
in the LDAP query when the user's passwd group is also
listed in the supplemental group vector.
639) The URI specifier can now be used in ldap.conf even when
the LDAP SDK doesn't support ldap_initialize().
640) New %p prompt escape that expands to the user whose password
is being prompted, as specified by the rootpw, targetpw and
runaspw sudoers flags. Based on a diff from Patrick Schoenfeld.
|
|
|
|
noticed by Zafer Aydogan in private mail.
|
|
Also change HOMEPAGE.
|
|
Switch HOMEPAGE and MASTER_SITES to new location.
|
|
Switch to *.tgz, no differ from *.tbz.
|
|
|
|
|
|
configuration files are installed in the usual pkgsrc place, not in
/etc. PKGREVISION++
Ok'ed by jlam@.
|
|
27 Nov 2007 - 2.1.4
-------------------
* Updated included Core Ruleset to version 1.5 and noted in the docs that
XML support is required to use the rules without modification.
* Fixed an evasion FP, mistaking a multipart non-boundary for a boundary.
* Fixed multiple warnings on Solaris and/or 64bit builds.
* Do not process subrequests in phase 2-4, but do hand off the request data.
* Fixed a blocking FP in the multipart parser, which affected Safari.
11 Sep 2007 - 2.1.3
-------------------
* Updated multipart parsing code adding variables to allow checking
for various parsing issues (request body abnormalities).
* Allow mod_rpaf and mod_extract_forwarded2 to work before ModSecurity.
* Quiet some compiler warnings.
* Do not block internal ErrorDocument requests after blocking request.
* Added ability to compile without an external API (use -DNO_MODSEC_API).
27 Jul 2007 - 2.1.2
-------------------
* Cleaned up and clarified some documentation.
* Update included core rules to latest version (1.4.3).
* Enhanced ability to alert/audit failed requests.
* Do not trigger "pause" action for internal requests.
* Fixed issue with requests that use internal requests. These had the
potential to be intercepted incorrectly when other Apache httpd modules
that used internal requests were used with mod_security.
* Added Solaris and Cygwin to the list of platforms not supporting the hidden
visibility attribute.
* Fixed decoding full-width unicode in t:urlDecodeUni.
* Lessen some overhead of debugging messages and calculations.
* Do not try to intercept a request after a failed rule. This fixes the
issue associated with an "Internal Error: Asked to intercept request
but was_intercepted is zero" error message.
* Added SecAuditLog2 directive to allow redundent concurrent audit log
index files. This will allow sending audit data to two consoles, etc.
* Small performance improvement in memory management for rule execution.
|
|
created in unprivileged pkgsrc mode. PKGREVISION++
|
|
base OS on NetBSD.
|
|
|
|
* Install config files by CONF_FILES instead of install directly.
* Correct path of tools and config in sample config files and a manual page.
* Add DESTDIR support.
Bump PKGREVISION.
|
|
|
|
Honor PKGMANDIR and DESTDIR ready.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
rc5, and replace with {idea,mdc2,rc5}-nonlicense. Because pkgsrc does
not yet handle multiple licenses, set LICENSE to
openssl-patented-algorithms-nonlicense.
|
|
PKGREVISION++
|
|
|
|
|
|
|
|
|
|
find the qca2.pc file so copy to where it can.
OKed jdolecek. Bump PKGREVISION.
|
|
the removal), rather then revision 1.1 of all files, used for original revival
test compiled on Mac OS X 10.5
|
|
be installed at the same time
bump PKGREVISION
|
|
|
|
Major changes since Sudo 1.6.9p9:
o Moved LDAP options into a table for simplified parsing/setting.
o Fixed a problem with how some LDAP options were being applied.
o Added support for connecting directly to LDAP servers via SSL/TLS
for servers that don't support the start_tls extension.
|
|
be installed at the same time; also speedup build by disabling building
tests and other miscellaneous cleanup
bump PKGREVISION
|
|
|
