summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2008-11-22Add a MESSAGE explaining that procfs is required for policykitjmcneill1-0/+9
2008-11-22Add policykit, policykit-gnomejmcneill1-1/+3
2008-11-22Import policykit-gnome version 0.9.2.jmcneill4-0/+116
PolicyKit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes: It is a framework for centralizing the decision making process with respect to granting access to privileged operations for unprivileged applications. PolicyKit is specifically targeting applications in rich desktop environments on multi-user UNIX-like operating systems. It does not imply or rely on any exotic kernel features. This package provides a D-Bus session bus service for bringing up authentication dialogs used for obtaining privileges.
2008-11-22Import policykit version 0.9.jmcneill11-0/+242
PolicyKit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes: It is a framework for centralizing the decision making process with respect to granting access to privileged operations for unprivileged applications. PolicyKit is specifically targeting applications in rich desktop environments on multi-user UNIX-like operating systems. It does not imply or rely on any exotic kernel features.
2008-11-21Try to deal with a bug described in security/39313, when the buildahoka1-2/+11
against recent openpam headers produce non functioning pam_ldap.so on NetBSD 4.99.47(?) or more recent systems. There's something really fishy in the headers...
2008-11-20Properly give up maintainership, as pointed out by wiz@ [hi he!].cube1-2/+2
2008-11-19The patch from upstream to fix man/man5/qop.5 symlink. This has been sit inhasso2-1/+18
PR 38622 for some time.
2008-11-18Update from version 1.30nb1 to 1.33.he3-14/+13
Pkgsrc changes: o Adapt patch-aa, still needed for non-hanging tests... Upstream changes: 1.33 2008.10.21 - Fix open() calls (rt.cpan.org #40020) - Fix non-shell problem (rt.cpan.org #39980) - Allow full agent forwarding (rt.cpan.org #32190) - Handle hashed known_hosts files (Greg Sabino Mullane, rt.cpan.org #25175) 1.32 2008.10.16 - Add IO::Handle to Perl.pm (rt.cpan.org #40057, #35985) - Minor test cleanups. 1.31 2008.10.02 - New co-maintainer, Greg Sabino Mullane (TURNSTEP). - Prevent t/03-packet.t from hanging due to high file descriptor. (altblue at n0i.net, rt.cpan.org #6101) - Skip some tests if Math::GMP not installed (e.g. from choosing only protocol 2 in Makefile.PL) (Greg Sabino Mullane, reported in rt.cpan.org #25152) - If ENV{HOME} is not set, use getpwuid. If both fail and the dir is needed, we croak. (Greg Sabino Mullane, expanded from patch by dgehl at inverse.ca in rt.cpan.org #25174) - Fix incorrect logical/bitwise AND mixup (Peter.Haydon at uk.fujitsu.com, rt.cpan.org #31490) - Allow empty stdin for SSH2 (rcp at rcable.co.uk, rt.cpan.org #32730) - Adjust terminal dimensions dynamically if Term::ReadKey is available (john at sackheads.org, rt.cpan.org #34874)
2008-11-17Add p5-Authen-PluggableCaptcha.he1-1/+2
2008-11-17Import p5-Authen-PluggableCaptcha version 0.05.he3-0/+58
Authen::PluggableCaptcha is a fully modularized and extensible system for making Pluggable Catpcha (Completely Automated Public Turing Test to Tell Computers and Humans Apart) tests. Pluggable? All Captcha objects are instantiated and interfaced via the main module, and then manipulated to require various submodules as plug-ins. Authen::PluggableCaptcha borrows from the functionality in Apache::Session::Flex.
2008-11-16Add support for user destination directory installation.tron1-11/+14
Patch provided by Aleksey Cheusov in PR pkg/39905.
2008-11-15Update to 2.6.2:wiz2-10/+9
* Version 2.6.2 (released 2008-11-12) ** libgnutls: Fix crash in X.509 validation code for self-signed certificates. The patch to fix the security problem GNUTLS-SA-2008-3 introduced a problem for certificate chains that contained just one self-signed certificate. Reported by Michael Meskes <meskes@debian.org> in <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>. ** API and ABI modifications: No changes since last version.
2008-11-13Update EasyPG to 0.0.16.minskim2-8/+7
Changes since 0.0.14: * epa-mail-encrypt now skips unusable keys. * epa-file now uses canonical file names as keys for passphrase cache. * Fixed a load-error of epa on XEmacs. * epa-file bug fixes. * Prepare auto-mode-alist to strip .gpg suffix when choosing major-modes. * Don't signal an error when opening a nonexistent file via Tramp. * epa-verify-region now decodes the plaintext with coding-system-for-read or one saved as epa-coding-system-used.
2008-11-13Update the package directory for gnupg2.minskim1-2/+1
2008-11-10Update to 2.6.1:wiz2-6/+6
* Version 2.6.1 (released 2008-11-10) ** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] The flaw makes it possible for man in the middle attackers (i.e., active attackers) to assume any name and trick GNU TLS clients into trusting that name. Thanks for report and analysis from Martin von Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989] Any updates with more details about this vulnerability will be added to <http://www.gnu.org/software/gnutls/security.html> ** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits. Reported by Kevin Quick <quick@sparq.org> in <https://savannah.gnu.org/support/index.php?106454>. ** libgnutls-extra: Protect internal symbols with static. Fixes problem when linking certtool statically. Tiny patch from Aaron Ucko <ucko@ncbi.nlm.nih.gov>. ** libgnutls-openssl: Fix patch against X509_get_issuer_name. It incorrectly returned the subject DN instead of issuer DN in v2.6.0. Thanks to Thomas Viehmann <tv@beamnet.de> for report. ** certtool: Print a PKCS #8 key even if it is not encrypted. ** tests: Make tests compile when using internal libtasn1. Patch by ludo@gnu.org (Ludovic Courtès). ** API and ABI modifications: No changes since last version.
2008-11-08this also depends on gnome-keyjnemeth1-1/+2
2008-11-08Ugh, this was worse than I thought. Refactor my change to accountbjs5-17/+85
for all autoconf definitions that pollute namespace. Additionally, I've prepared a distribution patch from FreeBSD ports which fixes many memory leaks (see comment in patch). PKGREVISION++
2008-11-08Patch out definition of VERSION in mhash_config.h. Code couldbjs3-2/+22
rely on this--and *not* define it in installed headers! PKGREVISION++
2008-11-07add p5-Crypt-Eksblowfishabs1-1/+2
2008-11-07Added security/p5-Crypt-Eksblowfish version 0.005abs3-0/+46
Eksblowfish is a variant of the Blowfish cipher, modified to make the key setup very expensive. ("Eks" stands for "expensive key schedule".) This doesn't make it significantly cryptographically stronger, but is intended to hinder brute-force attacks. It also makes it unsuitable for any application requiring key agility. It was designed by Niels Provos and David Mazieres for password hashing in OpenBSD. See Crypt::Eksblowfish::Bcrypt for the hash algorithm. See Crypt::Eksblowfish::Blowfish for the unmodified Blowfish cipher. Eksblowfish is a parameterised (family-keyed) cipher. It takes a cost parameter that controls how expensive the key scheduling is. It also takes a family key, known as the "salt". Cost and salt parameters together define a cipher family. Within each family, a key determines an encryption function in the usual way. See Crypt::Eksblowfish::Family for a way to encapsulate an Eksblowfish cipher family.
2008-11-07Changes 0.2.29:adam3-7/+9
* gsasl: Don't use poll with POLLOUT to avoid busy-waiting. * doc: Error codes are now extracted using official library APIs. * doc: Included cyclomatic code complexity charts of the library code. * tests: Add self test of obsolete base64 functions. * Update gnulib files. Improves Windows compatibility.
2008-11-05Add some extra install docsadrianp2-3/+8
2008-11-05Update to 1.4.1adrianp3-19/+21
Some highlights: Bug #1680965 sans lookup fails -- Jordan Wiens Fixed index.php redirect -- Kevin Johnson for Terry Burton Added Worldmap feature -- Juergen Leising Added Vendor MAC Map -- Juergen Leising Increased memory limit from 50 to 128 MB in base_graph_common.php Fixed "Select Signature from List" in the query form -- Juergen Leising Newly generated coordinates file world_map6.txt. -- Juergen Leising See docs/CHANGELOG for all the details
2008-11-05Update to 1.17. Add dependencies on p5-Net-LibIDN and p5-IO-Socket-INET6wiz2-9/+11
for IDN and inet6 support. v.17 2008.10.13 - no code changes, publish v.16_3 as v.17 because it looks better than v.16 - document win32 behavior regarding non-blocking and timeouts v.16_3 2008.09.25 - fix t/nonblock.t with workaround for problems with IO::Socket::INET on some systems (Mac,5.6.2) where it cannot do nonblocking connect and leaves socket blocked. - make some tests less verbose by fixing diag in t/testlib.t (send output to STDOUT not STDERR and prefix with '#') v.16_2 2008.09.24 - work around Bug in IO::Socket::INET6 on BSD systems http://rt.cpan.org/Ticket/Display.html?id=39550 by setting Domain based on PeerAddr Thanks to srezic for report and support - remove tests of recv/send from t/core.t. Might badly interact with SSL handshake and cause crashes as seen on OS X 10.4 v.16_1 2008.09.19 - better support for IPv6: - IPv6 is enabled by default if IO::Socket::INET6 is available - t/inet6.t for basic tests
2008-11-05Add .py files to PLIST (Why haven't they been there in the first place? Hm.)tonnerre1-1/+25
2008-11-03Add script for munging locale files.wiz1-0/+18
2008-11-03Remove superfluous patches.wiz6-164/+0
2008-10-30Fix hydra-gtk/src/callbacks.c to put server and service last on thebad3-3/+52
command line as hydra(1) expects. Makes xhydra work again. Bump PKGREVISION.
2008-10-30Hydra does not depend on arp0. And subversion-base pulls in the correctbad2-4/+2
version of APR by itself.
2008-10-30Add security/pakchoisbjs1-1/+2
2008-10-30remove --enable-dlopen from CONFIGURE_ARGS; it's unnecessarybjs1-3/+1
2008-10-30Add pakchois-0.4. (upcoming new neon can use it)bjs5-0/+87
-- pakchois is just another PKCS#11 wrapper library. pakchois aims to provide a thin wrapper over the PKCS#11 interface. The goals are: 1) to offer a modern* object-oriented C interface wrapper for PKCS#11. 2) to not hide or abstract away any details of the PKCS#11 interface itself except where absolutely necessary. 3) to handle the details of loading DSOs 4) to allow the caller to avoid caring about where on the system PKCS#11 modules might be stored, or exactly how they are named. 5) to avoid any dependency on a particular cryptography toolkit. Existing PKCS#11 wrapper libraries solutions differ in at least one of the above goals. *: "modern" being a euphemism for not using process-global state, having a sane symbol namespace, etc.
2008-10-29Add patch-ag, patch-ah, patch-ai (hi, shannonjr!).wiz1-1/+4
2008-10-29Three patches to permit compilation under Solaris with SunPro compiler:shannonjr3-0/+42
patch-ag and patch-ah fix void functions that attempt to return the result of calling a void function. patch-ai conditionally includes <sys/inttypes.h> to pick up uint32_t
2008-10-29Add patch-ag.wiz1-1/+2
2008-10-29"return _gcry_rngfips_deinit_external_test (context);"shannonjr1-0/+11
is incorrect because: 1) _gcry_rngfips_deinit_external_test() is void function 2) the calling function, random, is declared void The unpatched code will not compile with Sun compiler.
2008-10-27Remove seahorse-gedit and seahorse-nautilus, replace by seahorse-plugins.wiz7-126/+2
2008-10-27Import seahorse-plugins-2.24.1 as security/seahorse-plugins.wiz5-0/+453
Seahorse is a GNOME front-end for GnuGP. It can be used for signing, encrypting, verifying and decrypting text and files. The text can be taken from the clipboard, or written directly in the little editor it has. Seahorse is also a keymanager, which can be used to edit almost all the properties of the keys stored in your keyrings. This package contains various plugins for Seahorse.
2008-10-27Update to 2.24.1. Please note that seahorse-agent and two otherwiz5-109/+102
tools moved to the new seahorse-plugins package. seahorse 2.24.1 --------------- * Fix problems with seahorse crashing when searching for remote keys. [Adam Schreiber] * Build fixes on Solaris [Jeff Cai] * Fix selection of keys in libcryptui. [Philip Withnall] * I18n fixes. [Adam Schreiber] seahorse 2.24.0 --------------- * Some tweaks to the password prompt window, including allowing minimizing to release the keyboard grab. * Fix compiler warnings for gcc 4.3. * Return a 'cancelled' error when from the daemon crypto dbus methods when a user cancels out of a password prompt. * Show revoked subkeys properly in details view of PGP keys. * Fix problem deleting SSH keys. * Fix dialog prompt column widths, and elipsize long text in key listing. [Adam Schreiber] * Fix problem with 'no keys available' when trying to sign a PGP key from within the key manager. * Add 'exportable' flag to objects/keys and don't enable export UI if selected objects are not exportable. * Build fixes [Joe Orton, Adam Schreiber] * Crash and other fixes. [Christian Persch] seahorse 2.23.92 ---------------- * Fix crash when changing a stored Gnome Keyring password. * Fix certain crashes on syncing, searching and other operations. * Fix dumb 'Couldn't import keys' error message when success. seahorse 2.23.91 ---------------- * Fix copying keys to the clipboard. [Adam Schreiber] * Fix double free crash when importing keys. * Fix crasher when deleting a key. * Don't add extra null bytes to SSH authorized_keys and similar files. [Adam Schreiber] * Documentation fixes. [Adam Schreiber] * Don't repeatedly load gnome-keyring items. [Adam Schreiber] * Make help button in 'First Time Options' work proprely. [Adam Schreiber] * Better wording for options in PGP key dialogs. [Adam Schreiber] seahorse 2.23.90 ---------------- * Icon makeover. [Michael Monreal] seahorse 2.23.6 --------------- * Initial PKCS#11 certificate listing implementation. * Internal code refactoring. * Fix problems with reference counting on operations. * Use base64 functions in glib, rather than rolling our own. * Don't use deprecated LDAP functions. [Adam Schreiber] * String operation fixes. [Adam Schreiber] * Build fixes [Jeff Cai] seahorse 2.23.5 --------------- * Fix importing keys from key servers [Mackenzie Morgan] * Factor out seahorse-plugins to a different module. * Add XDS drag and drop support. * Remove gnome-vfs dependency and use gio instead. * Return key id of signer from DBus service even when key is not found locally [Adam Schreiber] * Refactor UI code internally into modules. * Remove hard GPG and GPGME dependency. * Replace signer drop down in key chooser with just a check button when only one secret key exists. [Adam Schreiber] * Set sync button insensitive when no server is selected. [Adam Schreiber] * Test for secure memory before using it. [Coleman Kane] * Change trust model used to match GPG's. [Adam Schreiber] * Remove libgnome and libgnomeui dependencies. [Saleem Abdulrasool] * Grab keyboard focus when prompting for password. [Josselin Mouette] * Use the vala programming language for some code. * Add initial infrastructure for PKCS#11 key/certificate support. * Save and load window sizes from gconf. [Adam Schreiber] * Build fixes [Brian Cameron, Saleem Abdulrasool, Alexis Ballier, Christian Persch, Rodrigo Moya]
2008-10-25Also supports apache 2.2.xadrianp1-2/+4
PKGREVISION++
2008-10-25Might be good to actually add the patch that fixes the problemadrianp1-0/+13
2008-10-25OpenSSL is not JOBS_SAFEadrianp2-3/+5
Pull in a fix from the OpenSSL CVS: http://cvs.openssl.org/filediff?f=openssl/crypto/x509/x509_att.c&v1=1.14&v2=1.15 This should fix PR #39767 opened by Wolfgang Solfrank
2008-10-25Update to 2.24.1:wiz3-7/+9
Changes in version 2.24.1 are: * Fix crash on logout on Solaris. [Jeff Cai] * Add missing 'server' attribute to the NETWORK_PASSWORD schema.
2008-10-22+py-asn1tonnerre1-1/+2
2008-10-22Import the ASN1 Python module to pkgsrc. This module allows to dissecttonnerre4-0/+107
ASN1-encoded files (DER, BER, PER, etc.) in Python. ASN1 is the Abstract Syntax Notation version 1, as defined by the International Telecommunication Union (ITU).
2008-10-20The HTTP MASTER_SITES entry is no longer available, and has a text filedsainty1-2/+2
indicating that ftp://ftp.gnu.org/pub/gnu/gnutls/ should be used instead. The replacement site also supports HTTP, so make it our HTTP source.
2008-10-19Bump the PKGREVISION for all packages which depend directly on perl,he63-83/+126
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0. The list of packages is computed by finding all packages which end up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl, or PERL5_PACKLIST defined in their make setup (tested via "make show-vars VARNAMES=...").
2008-10-18Prelude-manager now can send alerts via E-mail. Make start depend on mail.shannonjr1-2/+2
2008-10-18Update to 0.9.14. Changes:shannonjr2-6/+6
- Fix log file permission error, that could happen thought the user Prelude-LML was running as could access the file (#291). - ModSecurity ruleset update, by Dan Kopecek <dkopecek@redhat.com>: provides much more descriptive classification.text, add regexps for [file ..], [line ...], [tag ...] fields and fine tune targets/types (#321). - Deprecate Gamin/FAM support in favor of libev: the previous implementation had problem on SELinux enabled system due to Gamin server startup being triggered by other program, and thus using improper role for Prelude-LML. (#326). - Improved polling architecture by using Operating System specific backend when possible. - We now monitor files that are not immediately available for reading on startup: once the file can be monitored, libev provide us with a notification.
2008-10-18Update to 0.9.21.1. Changes:shannonjr3-8/+7
- Fix an assertion warning upon sensor start in case the address for the local machine could not be found. - Consistency rework of EasyBindings IDMEFCriteria API. - Add refcount support for prelude_client_t and prelude_client_profile_t, and update EasyBindings destructor to use them. - Fix a bug where EasyBindings would be built although they were not enabled. - Fix path issue in case libprelude was configured with specific path outside of $prefix (fix #319).