summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2014-01-16Update to 3.2.8.1.wiz8-85/+47
Changes in 3.2.8.1: Note, that I've realized that this release has issues with the assembly files in win32 and macosx systems. In these systems use gnutls 3.2.8.1. 3.2.8: * Version 3.2.8 (released 2013-12-20) ** libgnutls: Updated code for AES-NI. That prevents an uninitialized variable complaint from valgrind. ** libgnutls: Enforce a maximum size for DH primes. ** libgnutls: Added SSSE3 optimized SHA1, and SHA256, using Andy Polyakov's code. ** libgnutls: Added SSSE3 optimized AES using Mike Hamburg's code. ** libgnutls: It only links to librt if the required functions are not present in libc. This also prevents an indirect linking to libpthread. ** libgnutls: Fixed issue with gnulib strerror replacement by adding the strerror gnulib module. ** libgnutls: The time provided in the TLS random values is only precise on its first 3 bytes. That prevents leakage of the precise system time (at least on the client side when only few connections are done on a single server). ** certtool: The --verify option will use the system CAs if the load-ca-certificate option is not provided. ** configure: Added option --with-default-blacklist-file to allow specifying a certificate blacklist file. ** configure: Added --disable-non-suiteb-curves option. This option restricts the supported curves to SuiteB curves. ** API and ABI modifications: gnutls_record_check_corked: Added
2014-01-16ClamAV 0.98.1 provides improved support of Mac OS X platform, support for ↵adam3-30/+6
new file types, and quality improvements. These include: - Extraction, decompression, and scanning of files within Apple Disk Image (DMG) format. - Extraction, decompression, and scanning of files within Extensible Archive (XAR) format. XAR format is commonly used for software packaging, such as PKG and RPM, as well as general archival. - Decompression and scanning of files in "Xz" compression format. - Improvements and fixes to extraction and scanning of ole formats. - Option to force all scanned data to disk. This impacts only a few file types where some embedded content is normally scanned in memory. Enabling this option ensures that a file descriptor exists when callback functions are used, at a small performance cost. This should only be needed when callback functions are used that need file access. - Various improvements to ClamAV configuration, support of third party libraries, and unit tests.
2014-01-15Disable autogen detection.wiz1-1/+2
Addresses PR 48523 by Kai-Uwe Eckhardt.
2014-01-14Add support for MirBSD to OpenSSL.bsiegert2-11/+16
2014-01-13Use upstream way to fix.obache2-14/+47
2014-01-12PYTHON_VERSIONS_INCOMPATIBLE cleanup.wiz1-2/+1
2014-01-11Revbump after updating tcl/tk.adam2-4/+4
2014-01-11Fix PR pkg/48510 pkgsrc/security/libgcrypt:ryoon5-1/+1681
Add blowfish/serpent ARM assembly files to Makefile.am * Add patches from upstream git repository * Tested on NetBSD/evbearmv6hf-el 6.99.28
2014-01-10Update "openssl" package to version 1.0.1f. Changes since 1.0.1e:tron9-99/+69
- Fix for TLS record tampering bug. A carefully crafted invalid handshake could crash OpenSSL with a NULL pointer exception. Thanks to Anton Johansson for reporting this issues. (CVE-2013-4353) - Keep original DTLS digest and encryption contexts in retransmission structures so we can use the previous session parameters if they need to be resent. (CVE-2013-6450) [Steve Henson] - Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which avoids preferring ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. [Rob Stradling, Adam Langley]
2014-01-09Needs zlib.jperkin1-1/+2
2014-01-09Avoid linking statically on SunOS.jperkin1-6/+1
2014-01-09exactly specify base directory of using packages for configure.obache1-2/+4
2014-01-08change to better URL for BTS.obache2-4/+4
2014-01-08Note upstream bug report.obache2-3/+4
2014-01-08Use system supplied bswap32 and bswap64 macros on NetBSD.obache2-1/+26
Fixes build on NetBSD-5-i386 with builtin gcc.
2014-01-07revise recent -Wa,--divide usage for SunOS to allow only SunOS x86_64richard3-4/+92
and naturally non-gcc/non-gas builds by patching configure instead (adapted from configure.ac in the works upstream).
2014-01-05Run autoreconf to avoid issues with automake version number mismatches.wiz1-5/+7
Fixes build after automake-1.14.1 update. Make automake a build dependency. Bump PKGREVISION.
2014-01-05security/keepassx: add support for dflyrumko2-1/+17
* change one ifdef to also include __DragonFly__
2014-01-02cipher/sha1-ssse3-amd64.S suffers a supposedly "infamous" problem whereinrichard1-1/+3
expressions containing a '/' (divide) are problematic because according to the SUN x86 Assembly Language Reference Manual, '/' should be treated as starting comments. To get over this, gas has '--divide' do not treat `/' as a comment character
2014-01-02Use the correct path variable in one marino@'s dragonfly hacks.dholland1-2/+2
2014-01-01Update py-passlib to 1.6.2.kleink3-7/+13
**1.6.2** (2013-12-26) ====================== Minor changes & compatibility fixes * Re-tuned the :attr:`~passlib.ifc.PasswordHash.default_rounds` values for all of the hashes. * Added the new :doc:`bcrypt_sha256 <lib/passlib.hash.bcrypt_sha256>` hash, which wraps BCrypt using SHA256 in order to work around BCrypt's password size limitations (:issue:`43`). * :doc:`passlib.hash.bcrypt <lib/passlib.hash.bcrypt>`: Added support for the `bcrypt <https://pypi.python.org/pypi/bcrypt>`_ library as one of the possible bcrypt backends that will be used if available. (:issue:`49`) * :mod:`passlib.ext.django`: Passlib's Django extension (and it's related hashes and unittests) have been updated to handle some minor API changes in Django 1.5-1.6. They should now be compatible with Django 1.2 and up. (:issue:`50`)
2014-01-01Lower the minimum required OpenSSL version to 0.9.7 for MirBSD.bsiegert1-1/+10
The MirBSD version contains fixes so the comment in Makefile.PL does not apply.
2014-01-01Recursive PKGREVISION bump for libgcrypt-1.6.0 shlib major bump.wiz62-114/+124
2014-01-01Update to 1.6.0:wiz7-115/+11
Noteworthy changes in version 1.6.0 (2013-12-16) ------------------------------------------------ * Removed the long deprecated gcry_ac interface. Thus Libgcrypt is not anymore ABI compatible to previous versions if they used the ac interface. * Removed the module register subsystem. * The deprecated message digest debug macros have been removed. Use gcry_md_debug instead. * Removed deprecated control codes. * Improved performance of most cipher algorithms as well as for the SHA family of hash functions. * Added support for the IDEA cipher algorithm. * Added support for the Salsa20 and reduced Salsa20/12 stream ciphers. * Added limited support for the GOST 28147-89 cipher algorithm. * Added support for the GOST R 34.11-94 and R 34.11-2012 (Stribog) hash algorithms. * Added a random number generator to directly use the system's RNG. Also added an interface to prefer the use of a specified RNG. * Added support for the SCRYPT algorithm. * Mitigated the Yarom/Falkner flush+reload side-channel attack on RSA secret keys. See <http://eprint.iacr.org/2013/448> [CVE-2013-4242]. * Added support for Deterministic DSA as per RFC-6969. * Added support for curve Ed25519. * Added a scatter gather hash convenience function. * Added several MPI amd SEXP helper functions. * Added support for negative numbers to gcry_mpi_print, gcry_mpi_aprint and gcry_mpi_scan. * The algorithm ids GCRY_PK_ECDSA and GCRY_PK_ECDH are now deprecated. Use GCRY_PK_ECC if you need an algorithm id. * Changed gcry_pk_genkey for "ecc" to only include the curve name and not the parameters. The flag "param" may be used to revert this. * Added a feature to globally disable selected hardware features. * Added debug helper functions.
2014-01-01Add p5-Crypt-X509ryoon1-1/+2
2014-01-01Import p5-Crypt-X509-0.51 as security/p5-Crypt-X509.ryoon3-0/+24
Perl 5 module to parse a X.509 certificate.
2013-12-29Fixed broken checksumpettai1-2/+2
2013-12-27This has been using SPECIAL_PERMS since 2009 and exhibits no signs ofdholland1-3/+1
needing NOT_FOR_UNPRIVILEGED any more. XXX: In fact, most of the permission settings seem bogus; and also it XXX: shouldn't be using /var/adm.
2013-12-26Fix for CVE-2013-6890pettai3-11/+44
2013-12-23Reset maintainer for resigned developers.wiz3-7/+6
2013-12-21Update HOMEPAGE, comment out domain-grabbed MASTER_SITES.wiz1-4/+3
2013-12-21The syntax of the Configure architecture table changed recently. Ouris2-17/+17
entries for NetbSD architectures without assembler routines and Interix containing ::::::... need to be updated, else -fPIC ends up in the object-to-build list of crypto/modes. The correct entry snippet is stored in ${no_asm}. make test has run successfully in pkgsrc-current and -2013Q3 on Shark (arm, asm-less) as well as i386 (with asm routines).
2013-12-20Update netpgpverify and libnetpgpverify to version 20131219agc5-8/+8
Fix a call to mp_radix_size to use a pointer to the BIGNUM, not the address of the pointer, when accessing. Fixes a problem observed in other software when using the same code. The problem was obscured from the compiler because of the use of __UNCONST(). This makes the BN_dec2bn() and BN_hex2bn() functions (in libnetpgpverify) work properly. OK: wiz
2013-12-18Update to 1.4.16:wiz2-6/+6
Noteworthy changes in version 1.4.16 (2013-12-18) ------------------------------------------------- * Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer. See <http://www.cs.tau.ac.il/~tromer/acoustic/>. [CVE-2013-4576] * Put only the major version number by default into armored output. * Do not create a trustdb file if --trust-model=always is used. * Print the keyid for key packets with --list-packets. * Changed modular exponentiation algorithm to recover from a small performance loss due to a change in 1.4.14.
2013-12-17One more file installed on FreeBSD (same as NetBSD).asau1-0/+1
2013-12-16Take MAINTAINERship; I more or less have been.gdt1-2/+2
2013-12-14marked as SUPERSEDES py-amkCryptoobache1-1/+2
2013-12-14Remove py-amkCrypto from pkgsrc.obache7-147/+1
It is just a old version of security/py-crypto since it was re-imported as version 2.1.0.
2013-12-14FETCH_USING must not be put on pkg's Makefile.obache1-2/+1
2013-12-13Include config.h before testing for things it defines. Fixes SunOS.jperkin2-4/+15
2013-12-13Need sys/file.h for FNDELAY on SunOS.jperkin2-1/+18
2013-12-12Always install into $PREFIX/lib not $PREFIX/lib64markd2-1/+24
2013-12-11The p5-GSSAPI configure script assumes that the output of the SunOS krb5-configjperkin2-1/+26
will produce an error message. Since we installed a wrapper script to handle the builtin better, there is no longer an error, so avoid that check.
2013-12-11On SunOS, install a wrapper script for krb5-config to strip away argumentsjperkin2-1/+41
that are unsupported by the native port of MIT KRB5, and add any flags necessary to support the builtin version. Fixes various packages since the change to support the SunOS builtin. Based on patches by Richard PALO (richard@).
2013-12-10Add socket libraries on SunOS. Patch from Sebastian Wiedenroth.jperkin2-2/+9
2013-12-10Fix inttypes on SunOS. Patch from Sebastian Wiedenroth.jperkin1-1/+3
2013-12-10Add socket libraries on SunOS. Patch from Sebastian Wiedenroth.jperkin1-1/+3
2013-12-09Fix/Update DEPENDS paterns for perl CORE modules, with some trivial fixes.obache17-52/+56
Bump PKGREVISION for runtime dependency pattern changed packages.
2013-12-08Ignore missing return value when building against PHP 5.3.joerg1-1/+7
2013-12-08Fix build.joerg3-5/+11
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-02 11:27:06 +0000