| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
major change.
Reported by Robert Elz in PR 41345.
|
|
|
|
block). Uncomment some commented out LICENSE lines while here.
|
|
seahorse-plugins 2.26.1
-----------------------
Translations
* kn.po [Shankar Prasad]
* el.po [Simos Xenitellis]
* el.po [Fotis Tsamis]
* gl.po [Suso Baleato]
|
|
seahorse 2.26.1
---------------
* PGP UIDs display in order reported by key server, and fix
parsing of HKP PGP search UIDs. [Adam Schreiber]
* Fix problem opening preferences window twice. [Adam Schreiber]
* Set authorized_keys properly when sending SSH keys to a
remote system. [Andreas Moog, Stef Walter]
* Fix crash when entering hkp: url manually. [Stef Walter]
|
|
|
|
Collection.
The Perl 5 module Net::OpenSSH is a secure shell client package
implemented on top of OpenSSH binary client (ssh). This module is
implemented around the multiplexing feature found in later versions
of OpenSSH.
|
|
New in 2.1.23
-------------
* Fixed CERT VU#238019 (make sure sasl_encode64() always NUL
terminates output or returns SASL_BUFOVER)
|
|
Changes:
- Bugfix release, forward and backward compatible with 2.0.x
- Fix compatibility with Qt 4.5 when QCA::Initializer appears before QApp
- Don't convert to secure memory when Hash::update(QByteArray) is used
- Use configure.exe instead of configwin.bat
|
|
|
|
|
|
|
|
Pkgsrc changes:
- Change run-time dependency on p5-Test-MockObject to a build dependency
Upstream changes:
changes from 0.03 to 0.04
-------------------------
* changed fatal behavior to throw strings instead of objects
|
|
4.1.2 on DragonFly).
* Make it build on systems not having nonstandard ENODATA (like DragonFly).
* There is no C++ or Fortran code in this package.
|
|
|
|
specification that makes it possible for programmers to create and
validate signed XML documents.
|
|
file in addition to sniffing the wire directly.
|
|
* For ccid, etoken* drivers remove polling loop, review the force_poll
configuration option, this reduces power consumption and CPU load.
* Fix some issues caused by newer udev version.
* Handle T1 abort better.
* Some build system fixes.
* Some minor fixes.
* Re-add api documentation (pre-generated), like we used to.
|
|
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
New in 0.11.8; 2009-05-07;
* Fix security problem in pkcs11-tool gen_keypair (PublicExponent 1)
* fix compiling without openssl.
* updated and improve entersafe driver. FTCOS/PK-01C cards are supported
now, compatible with cards writen by Feitian's software on windows.
|
|
|
|
|
|
|
|
Pkgsrc changes:
- Adjust dependencies
- Whitespace fix in Makefile to placate pkglint
Upstream changes:
version 0.007; 2009-04-22
* in XS code, use the correct "PREINIT:" instead of "INIT:" to introduce
variable declarations
* test Uklblowfish with long keys
version 0.006; 2009-04-21
* in C::E::Family, new method "as_class" to work around Crypt::CBC
brain damage
* use simpler "parent" pragma in place of "base"
* in documentation, use the term "truth value" instead of the less
precise "boolean"
* drop prototypes from method subs (where the prototypes have no effect)
* in C::E::Family, abandon use of the "fields" module
* add casts for pointer target signedness to avoid compiler warnings
* use full stricture in Build.PL
|
|
* Version 2.6.6 (released 2009-04-30)
libgnutls: Corrected double free on signature verification failure.
Reported by Miroslav Kratochvil. See the advisory
for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415]
libgnutls: Fix DSA key generation.
Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All
DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory
for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416]
libgnutls: Check expiration/activation time on untrusted certificates.
Reported by Romain Francoise. Before the
library did not check activation/expiration times on certificates, and
was documented as not doing so. We have realized that many
applications that use libgnutls, including gnutls-cli, fail to perform
proper checks. Implementing similar logic in all applications leads
to code duplication. Hence, we decided to check whether the current
time (as reported by the time function) is within the
activation/expiration period of certificates when verifying untrusted
certificates.
This changes the semantics of gnutls_x509_crt_list_verify, which in
turn is used by gnutls_certificate_verify_peers and
gnutls_certificate_verify_peers2. We add two new
gnutls_certificate_status_t codes for reporting the new error
condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also
add a new gnutls_certificate_verify_flags flag,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
behaviour.
API and ABI modifications:
gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.
gnutls_certificate_verify_peers: Likewise.
gnutls_certificate_verify_peers2: Likewise.
GNUTLS_CERT_NOT_ACTIVATED: ADDED.
GNUTLS_CERT_EXPIRED: ADDED.
GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changelog:
pcsc-lite-1.5.3: Ludovic Rousseau
- SCardEstablishContext(): check we do not reuse an already allocated
hContext
Thanks to Daniel Nobs for the bug report and patch
- pcsclite.h: add missing SCARD_E_* and SCARD_W_* return code. They are
unused by pcsc-lite but defined on Windows
- reader.h: add PIN_PROPERTIES_STRUCTURE structure and
FEATURE_IFD_PIN_PROPERTIES
Thanks to Martin Paljak for the patch
- remove powermgt_macosx.c since it is using APSL version 1.1 instead of
the BSD-like licence like the other files
Thanks to Stanislav Brabec for the bug report
- avoid a possible crash due to a race condition
Thanks to Matheus Ribeiro for the patch
- change default log level from PCSC_LOG_INFO to PCSC_LOG_ERROR to limit
syslog pollution
- CardDisconnect(): call RFUnlockAllSharing() instead of
RFUnlockSharing() to release all nested locks. The problem occurs if
SCardBeginTransaction() are made without corresponding
SCardEndTransaction(). OpenSC "pkcs11-tool -I" exhibits such a
behavior.
Thanks to Marc Rios Valles for the bug report
- some other minor improvements and bug corrections
|
|
|
|
Packages Collection.
The netpgp command can digitally sign files and verify that the
signatures attached to files were signed by a given user identifier.
netpgp can also encrypt files using the public or private keys of
users and, in the same manner, decrypt files which were encrypted.
The netpgp utility can also be used to generate a new key-pair for a
user. This key is in two parts, the public key (which can be used by
other people) and a private key.
In addition to these primary uses, the third way of using netpgp is to
maintain keyrings. Keyrings are collections of public keys belonging
to other users. By using other means of identification, it is
possible to establish the bona fides of other users. Once trust has
been established, the public key of the other user will be signed.
The other user's public key can be added to our keyring. The other
user will add our public key to their keyring.
This software is built on top of openpgpsdk 0.9.1, but provides a
higher-level interface, is autoconf-ed and libtool-ed, and has had
some significant bugs fixed.
|
|
approved by agc
|
|
* Version 2.6.5 (released 2009-04-11)
** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to
specify the client hello message record version. Used to overcome buggy
TLS servers. Report by Martin von Gagern.
** GnuTLS no longer uses the libtasn1-config script to find libtasn1.
Libtasn1 0.3.4 or later is required. This is to align with the
upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script.
** API and ABI modifications:
No changes since last version.
|
|
Version 2.1 (released 2009-04-17)
- Fix compilation failure on platforms that can't generate empty archives,
e.g., Mac OS X. Reported by David Reiser <dbreiser@gmail.com>.
Version 2.0 (released 2009-04-13)
- Optimized tree generation.
- ASN1 parser code re-generated using Bison 2.4.1.
- Build with more warning flags. Many compiler warnings fixed.
- Compiled with -fvisibility=hidden by default if supported.
See http://gcc.gnu.org/wiki/Visibility
- The libtasn1-config tool has been removed.
For application developers, please stop using libtasn1-config for
finding libtasn1, use proper autoconf checks or pkg-config instead.
For users that need a libtasn1 that provides a libtasn1-config
script (for use with older applications), use libtasn1 v1.x instead.
Version 1.x is still supported.
|
|
changes:
-DBus now automatically starts the gnome-keyring service properly
-Initialize daemon with LOGNAME and USERNAME environment variables
-Add DBus method for getting the gnome-keyring environment variables
-misc fixes
|
|
4 years ago; remove support from the bl3.mk as well.
|
|
|
|
- updating package to 1.24
Upstream changes:
v1.24 2009.04.01
- add verify hostname scheme ftp, same as http
- renew test certificates again (root CA expired, now valid for 10 years)
|
|
- removed packages p5-IO-Compress-Base, p5-IO-Compress-Zlib,
p5-IO-Compress-Bzip2 and p5-Compress-Zlib because they are
merged into p5-IO-Compress
- Updated dependend packages to depend on p5-IO-Compress
and bump PKGREVISION
Upstream changes:
2.017 30 March 2009
* Merged IO-Compress-Base, IO-Compress-Bzip2, IO-Compress-Zlib &
Compress-Zlib into IO-Compress.
* The interface to Compress-Raw-Zlib now uses the new LimitOutput
feature. This will make all of the zlib-related IO-Compress modules
less greedy in their memory consumption.
* Removed MAN3PODS from Makefile.PL
* A few changes to get the test harness to work on VMS courtesy of
Craig. A. Berry.
* IO::Compress::Base & IO::Uncompress::Base
Downgraded some croaks in the constructors to just set $! (by letting
the code attempt to open a file and fail).
This makes the behavior more consistent to a standard open.
[RT #42657]
* IO::Uncompress::Base
Doing a seek with MultiStream could drop some of the uncompressed
data. Fixed.
* IO::Compress::Zip
- Fixed problem with the uncompressed & uncompressed fields when
zip64 is enabled. They were set to 0x0000FFFF instead of
0xFFFFFFFF. Also the ZIP64 extra field was 4 bytes short.
Problem spotted by Dino Chiesa.
* IO::Uncompress::Unzip
- use POSIX::mktime instead of Time::Local::timelocal to convert
the zip DOS time field into Unix time.
* Compress::Zlib
- Documented Compress::Zlib::zlib_version()
|
|
From distribution NEWS file:
Many fixes and improvements to the ID-WSF 1 support, new API to load SSL keys
off memory, documentation for ID-WSF methods, general robustness and memory
leak fixes.
|
|
|
|
|
|
- Added a "lookaside" mode to cvm-qmail, to assist with proper chaining
to cvm-vmailmgr or other modules.
- Fixed failure in cvm-qmail when virtualdomains did not exist.
- Fixed client.h symlink to point to v2client.h to match the library.
- Fixed cvm-vmailmgr to fail with OUTOFSCOPE=1 when the virtual password
table file does not exist, instead of failing with an I/O error.
This should improve its ability to chain with other modules.
- Added cvm-sqlite from Wayne Marshall
|
|
Changes between 0.9.8j and 0.9.8k [25 Mar 2009]
*) Don't set val to NULL when freeing up structures, it is freed up by
underlying code. If sizeof(void *) > sizeof(long) this can result in
zeroing past the valid field. (CVE-2009-0789)
*) Fix bug where return value of CMS_SignerInfo_verify_content() was not
checked correctly. This would allow some invalid signed attributes to
appear to verify correctly. (CVE-2009-0591)
*) Reject UniversalString and BMPString types with invalid lengths. This
prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
a legal length. (CVE-2009-0590)
*) Set S/MIME signing as the default purpose rather than setting it
unconditionally. This allows applications to override it at the store
level.
*) Permit restricted recursion of ASN1 strings. This is needed in practice
to handle some structures.
*) Improve efficiency of mem_gets: don't search whole buffer each time
for a '\n'
*) New -hex option for openssl rand.
*) Print out UTF8String and NumericString when parsing ASN1.
*) Support NumericString type for name components.
*) Allow CC in the environment to override the automatically chosen
compiler. Note that nothing is done to ensure flags work with the
chosen compiler.
|
|
mk/dlopen.buildlink3.mk until very late in the proceedings. Fixes build on
Linux. No PKGREVISION bump required, no functional change on platforms where
the build completed.
Addresses PR pkg/41080.
Ok'd by wiz@
|
