summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2003-02-16Add and enable kssh.markd1-1/+2
2003-02-16Initial import of kssh-0.7.markd4-0/+38
From Juan RP in PR 20346. KSSH is a KDE front-end to ssh. It can work as a standard KDE application that launches ssh connections in a terminal or as a konsole session. This means that you can press in any konsole "New Session" and then select "Secure Shell".
2003-02-15Update to 0.7.0. Changes since 0.5.0:jmmv1-0/+27
seahorse 0.7.0 -------------- * Add a user ID * Add a subkey * Delete a subkey * Change a subkey's expiration * Revoke a subkey * Properties shows subkey status (good, revoked, expired) * Key Manager shows user IDs instead of subkeys * Sort keys by user ID & validity in Key Manager and Recipients * Subkeys hidden by default in properties seahorse 0.6.2 -------------- * Bug fix in GPGME check * Supported languages: cs, de, es, hu, ja, nl, no, sv, tr * Interface fixups so buttons are not sensitive when they cannot be used seahorse 0.6.1 -------------- * Correctly check for GPGME 0.3.14 and GnuPG 1.2 during build * More and updated translations * Key manager updates all keys when changed * Preferences loads faster * More HIG compliant windows & dialogs * Failure to install schemas does not stop installation * Better about dialog: shows version & lists translators seahorse 0.6.0 -------------- * Key properties cleanups * Less passphrase crashes * Only one window of each type or of each type per key allowed open * Less memory leaks * Preferences is slower to load, but keeps track of default signer better * Updated help manual with figures * More translations * Migration to GNOME (missed in previous commit)
2003-02-15Update to 0.7.0. Changes since 0.5.0:jmmv3-22/+61
seahorse 0.7.0 -------------- * Add a user ID * Add a subkey * Delete a subkey * Change a subkey's expiration * Revoke a subkey * Properties shows subkey status (good, revoked, expired) * Key Manager shows user IDs instead of subkeys * Sort keys by user ID & validity in Key Manager and Recipients * Subkeys hidden by default in properties seahorse 0.6.2 -------------- * Bug fix in GPGME check * Supported languages: cs, de, es, hu, ja, nl, no, sv, tr * Interface fixups so buttons are not sensitive when they cannot be used seahorse 0.6.1 -------------- * Correctly check for GPGME 0.3.14 and GnuPG 1.2 during build * More and updated translations * Key manager updates all keys when changed * Preferences loads faster * More HIG compliant windows & dialogs * Failure to install schemas does not stop installation * Better about dialog: shows version & lists translators seahorse 0.6.0 -------------- * Key properties cleanups * Less passphrase crashes * Only one window of each type or of each type per key allowed open * Less memory leaks * Preferences is slower to load, but keeps track of default signer better * Updated help manual with figures * More translations * Migration to GNOME
2003-02-09fix compilation problems on systems that don't have ldconfig.dmcmahill3-2/+19
2003-02-09Updated to p5-SSLeay-0.47shell4-20/+34
Changes from 0.45 + Added patch from Pavel Hlavnicka for freeing memory leaks from SSL_CTX_use_pkcs12_file() whose functionality is triggered by the $ENV{HTTPS_PKCS12_*} settings + Set timeout to 15 seconds for ./net_ssl_test and lwp-ssl-test sample scripts for better testing of timeout behavior + Added alarm() during Net::SSL->read() to honor socket timeout setting for more robust applications. read() will die_with_error() which in consistent with previous semantics used during SSL read() failure Thanks to Pavel Hlavnicka for prompting this change. + Removed code that supported versions of SSLeay before version 0.8 I believe SSLeay v.8 was released back in 1998 + Added patch from Devin Heitmueller so that initial random seed would be taken from /dev/urandom if available via RAND_load_file API
2003-02-08do not disable asm on alpha. fixes recently noted compile problemsdmcmahill1-2/+3
2003-02-08fix some format strings for 64 bit systems so this can build with -Werrordmcmahill3-1/+41
2003-02-05add newline to end of perl script. while I'm here, clean upgrant3-15/+21
post-configure target and whitespace. fixes PR pkg/20210 from Jesse Kempf.
2003-02-02Set "USE_LIBTOOL" even if we use the bundled "libtool" so thattron1-2/+2
buildlink2 will do the right thing.
2003-02-02Make this package honor PKG_SYSCONFDIR. Bump PKGREVISION.jmmv4-27/+25
2003-02-02Make this package honor PKG_SYSCONFDIR. Bump PKGREVISION.jmmv2-4/+15
2003-02-02Add and enable "libgcrypt".tron1-1/+2
2003-02-02Import new "libgcrypt" package: GNU's cryptographic librarytron5-0/+73
This fixes PR pkg/19732 by Juan RP.
2003-01-31Updated to p5-Digest-MD2-2.01shell3-9/+9
Changes : - Support UTF8 strings in newer versions of Perl.
2003-01-31Updated to p5-Digest-SHA1-2.02shell2-5/+5
Changes : - Make it work when there is a mismatch between the sizeof(BYTEORDER) and sizeof(long). Based on patch Allen Smith <easmith@beatrice.rutgers.edu>. - Support UTF8 strings in newer versions of Perl.
2003-01-28Instead of including bsd.pkg.install.mk directly in a package Makefile,jlam13-33/+31
have it be automatically included by bsd.pkg.mk if USE_PKGINSTALL is set to "YES". This enforces the requirement that bsd.pkg.install.mk be included at the end of a package Makefile. Idea suggested by Julio M. Merino Vidal <jmmv at menta.net>.
2003-01-25Remove (hi hubert!)wiz1-14/+0
2003-01-23strip leading path from $CC so we don't try to run Configure with argsgrant1-2/+2
eg. 'solaris-sparcv7-/usr/pkg/bin/gcc' :-)
2003-01-23Put back MASTER_SITES.seb1-4/+4
2003-01-19s/INSTALL_*/BSD_INSTALL_*/ in patches, remove unnecessary MAKE_ENV.salo6-20/+16
2003-01-19Update to version 3.5p1seb4-211/+19
Also mark this package as conflicting with ssh2 package. Changes: 20021003 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/10/01 20:34:12 [ssh-agent.c] allow root to access the agent, since there is no protection from root. - markus@cvs.openbsd.org 2002/10/01 13:24:50 [version.h] OpenSSH 3.5 - (djm) Bump RPM spec version numbers - (djm) Bug #406 s/msg_send/ssh_msh_send/ for Mac OS X 1.2 20020930 - (djm) Tidy contrib/, add Makefile for GNOME passphrase dialogs, tweak README - (djm) OpenBSD CVS Sync - mickey@cvs.openbsd.org 2002/09/27 10:42:09 [compat.c compat.h sshd.c] add a generic match for a prober, such as sie big brother; idea from stevesk@; markus@ ok - stevesk@cvs.openbsd.org 2002/09/27 15:46:21 [ssh.1] clarify compression level protocol 1 only; ok markus@ deraadt@ 20020927 - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/09/25 11:17:16 [sshd_config] sync LoginGraceTime with default - markus@cvs.openbsd.org 2002/09/25 15:19:02 [sshd.c] typo; pilot@monkey.org - markus@cvs.openbsd.org 2002/09/26 11:38:43 [auth1.c auth.h auth-krb4.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h] krb4 + privsep; ok dugsong@, deraadt@ 20020925 - (bal) Fix issue where successfull login does not clear failure counts in AIX. Patch by dtucker@zip.com.au ok by djm - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray. This does not include the deattack.c fixes. 20020923 - (djm) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2002/09/23 20:46:27 [canohost.c] change get_peer_ipaddr() and get_local_ipaddr() to not return NULL for non-sockets; fixes a problem passing NULL to snprintf(). ok markus@ - markus@cvs.openbsd.org 2002/09/23 22:11:05 [monitor.c] only call auth_krb5 if kerberos is enabled; ok deraadt@ - markus@cvs.openbsd.org 2002/09/24 08:46:04 [monitor.c] only call kerberos code for authctxt->valid - todd@cvs.openbsd.org 2002/09/24 20:59:44 [sshd.8] tweak the example $HOME/.ssh/rc script to not show on any cmdline the sensitive data it handles. This fixes bug # 402 as reported by kolya@mit.edu (Nickolai Zeldovich). ok markus@ and stevesk@ 20020923 - (tim) [configure.ac] s/return/exit/ patch by dtucker@zip.com.au 20020922 - (djm) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2002/09/19 14:53:14 [compat.c] - markus@cvs.openbsd.org 2002/09/19 15:51:23 [ssh-add.c] typo; cd@kalkatraz.de - stevesk@cvs.openbsd.org 2002/09/19 16:03:15 [serverloop.c] log IP address also; ok markus@ - stevesk@cvs.openbsd.org 2002/09/20 18:41:29 [auth.c] log illegal user here for missing privsep case (ssh2). this is executed in the monitor. ok markus@ 20020919 - (djm) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2002/09/12 19:11:52 [ssh-agent.c] %u for uid print; ok markus@ - stevesk@cvs.openbsd.org 2002/09/12 19:50:36 [session.c ssh.1] add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@ - stevesk@cvs.openbsd.org 2002/09/13 19:23:09 [channels.c sshconnect.c sshd.c] remove use of SO_LINGER, it should not be needed. error check SO_REUSEADDR. fixup comments. ok markus@ - stevesk@cvs.openbsd.org 2002/09/16 19:55:33 [session.c] log when _PATH_NOLOGIN exists; ok markus@ - stevesk@cvs.openbsd.org 2002/09/16 20:12:11 [sshd_config.5] more details on X11Forwarding security issues and threats; ok markus@ - stevesk@cvs.openbsd.org 2002/09/16 22:03:13 [sshd.8] reference moduli(5) in FILES /etc/moduli. - itojun@cvs.openbsd.org 2002/09/17 07:47:02 [channels.c] don't quit while creating X11 listening socket. http://mail-index.netbsd.org/current-users/2002/09/16/0005.html got from portable. markus ok - djm@cvs.openbsd.org 2002/09/19 01:58:18 [ssh.c sshconnect.c] bugzilla.mindrot.org #223 - ProxyCommands don't exit. Patch from dtucker@zip.com.au; ok markus@ 20020912 - (djm) Made GNOME askpass programs return non-zero if cancel button is pressed. - (djm) Added getpeereid() replacement. Properly implemented for systems with SO_PEERCRED support. Faked for systems which lack it. - (djm) Sync sys/tree.h with OpenBSD -current. Rename tree.h and fake-queue.h to sys-tree.h and sys-queue.h - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/09/08 20:24:08 [hostfile.h] no comma at end of enumerator list - itojun@cvs.openbsd.org 2002/09/09 06:48:06 [auth1.c auth.h auth-krb5.c monitor.c monitor.h] [monitor_wrap.c monitor_wrap.h] kerberos support for privsep. confirmed to work by lha@stacken.kth.se patch from markus - markus@cvs.openbsd.org 2002/09/09 14:54:15 [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c] signed vs unsigned from -pedantic; ok henning@ - markus@cvs.openbsd.org 2002/09/10 20:24:47 [ssh-agent.c] check the euid of the connecting process with getpeereid(2); ok provos deraadt stevesk - stevesk@cvs.openbsd.org 2002/09/11 17:55:03 [ssh.1] add agent and X11 forwarding warning text from ssh_config.5; ok markus@ - stevesk@cvs.openbsd.org 2002/09/11 18:27:26 [authfd.c authfd.h ssh.c] don't connect to agent to test for presence if we've previously connected; ok markus@ - djm@cvs.openbsd.org 2002/09/11 22:41:50 [sftp.1 sftp-client.c sftp-client.h sftp-common.c sftp-common.h] [sftp-glob.c sftp-glob.h sftp-int.c sftp-server.c] support for short/long listings and globbing in "ls"; ok markus@ - djm@cvs.openbsd.org 2002/09/12 00:13:06 [sftp-int.c] zap unused var introduced in last commit 20020911 - (djm) Sync openbsd-compat with OpenBSD -current 20020910 - (djm) Bug #365: Read /.ssh/environment properly under CygWin. Patch from Mark Bradshaw <bradshaw@staff.crosswalk.com> - (djm) Bug #138: Make protocol 1 blowfish work with old OpenSSL. Patch from Robert Halubek <rob@adso.com.pl> 20020905 - (djm) OpenBSD CVS Sync - stevesk@cvs.openbsd.org 2002/09/04 18:52:42 [servconf.c sshd.8 sshd_config.5] default LoginGraceTime to 2m; 1m may be too short for slow systems. ok markus@ - (djm) Merge openssh-TODO.patch from Redhat (null) beta - (djm) Add gnome-ssh-askpass2.c (gtk2) by merge with patch from Nalin Dahyabhai <nalin@redhat.com> - (djm) Add support for building gtk2 password requestor from Redhat beta 20020903 - (djm) Patch from itojun@ for Darwin OS: test getaddrinfo, reorder libcrypt - (djm) Fix Redhat RPM build dependancy test - (djm) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/08/12 10:46:35 [ssh-agent.c] make ssh-agent setgid, disallow ptrace. - espie@cvs.openbsd.org 2002/08/21 11:20:59 [sshd.8] `RSA' updated to refer to `public key', where it matters. okay markus@ - stevesk@cvs.openbsd.org 2002/08/21 19:38:06 [servconf.c sshd.8 sshd_config sshd_config.5] change LoginGraceTime default to 1 minute; ok mouring@ markus@ - stevesk@cvs.openbsd.org 2002/08/21 20:10:28 [ssh-agent.c] raise listen backlog; ok markus@ - stevesk@cvs.openbsd.org 2002/08/22 19:27:53 [ssh-agent.c] use common close function; ok markus@ - stevesk@cvs.openbsd.org 2002/08/22 19:38:42 [clientloop.c] format with current EscapeChar; bugzilla #388 from wknox@mitre.org. ok markus@ - stevesk@cvs.openbsd.org 2002/08/22 20:57:19 [ssh-agent.c] shutdown(SHUT_RDWR) not needed before close here; ok markus@ - markus@cvs.openbsd.org 2002/08/22 21:33:58 [auth1.c auth2.c] auth_root_allowed() is handled by the monitor in the privsep case, so skip this for use_privsep, ok stevesk@, fixes bugzilla #387/325 - markus@cvs.openbsd.org 2002/08/22 21:45:41 [session.c] send signal name (not signal number) in "exit-signal" message; noticed by galb@vandyke.com - stevesk@cvs.openbsd.org 2002/08/27 17:13:56 [ssh-rsa.c] RSA_public_decrypt() returns -1 on error so len must be signed; ok markus@ - stevesk@cvs.openbsd.org 2002/08/27 17:18:40 [ssh_config.5] some warning text for ForwardAgent and ForwardX11; ok markus@ - stevesk@cvs.openbsd.org 2002/08/29 15:57:25 [monitor.c session.c sshlogin.c sshlogin.h] pass addrlen with sockaddr *; from Hajimu UMEMOTO <ume@FreeBSD.org> NOTE: there are also p-specific parts to this patch. ok markus@ - stevesk@cvs.openbsd.org 2002/08/29 16:02:54 [ssh.1 ssh.c] deprecate -P as UsePrivilegedPort defaults to no now; ok markus@ - stevesk@cvs.openbsd.org 2002/08/29 16:09:02 [ssh_config.5] more on UsePrivilegedPort and setuid root; ok markus@ - stevesk@cvs.openbsd.org 2002/08/29 19:49:42 [ssh.c] shrink initial privilege bracket for setuid case; ok markus@ - stevesk@cvs.openbsd.org 2002/08/29 22:54:10 [ssh_config.5 sshd_config.5] state XAuthLocation is a full pathname 20020820 - OpenBSD CVS Sync - millert@cvs.openbsd.org 2002/08/02 14:43:15 [monitor.c monitor_mm.c] Change mm_zalloc() sanity checks to be more in line with what we do in calloc() and add a check to monitor_mm.c. OK provos@ and markus@ - marc@cvs.openbsd.org 2002/08/02 16:00:07 [ssh.1 sshd.8] note that .ssh/environment is only read when allowed (PermitUserEnvironment in sshd_config). OK markus@ - markus@cvs.openbsd.org 2002/08/02 21:23:41 [ssh-rsa.c] diff is u_int (2x); ok deraadt/provos - markus@cvs.openbsd.org 2002/08/02 22:20:30 [ssh-rsa.c] replace RSA_verify with our own version and avoid the OpenSSL ASN.1 parser for authentication; ok deraadt/djm - aaron@cvs.openbsd.org 2002/08/08 13:50:23 [sshconnect1.c] Use & to test if bits are set, not &&; markus@ ok. - stevesk@cvs.openbsd.org 2002/08/08 23:54:52 [auth.c] typo in comment - stevesk@cvs.openbsd.org 2002/08/09 17:21:42 [sshd_config.5] use Op for mdoc conformance; from esr@golux.thyrsus.com ok aaron@ - stevesk@cvs.openbsd.org 2002/08/09 17:41:12 [sshd_config.5] proxy vs. fake display - stevesk@cvs.openbsd.org 2002/08/12 17:30:35 [ssh.1 sshd.8 sshd_config.5] more PermitUserEnvironment; ok markus@ - stevesk@cvs.openbsd.org 2002/08/17 23:07:14 [ssh.1] ForwardAgent has defaulted to no for over 2 years; be more clear here. - stevesk@cvs.openbsd.org 2002/08/17 23:55:01 [ssh_config.5] ordered list here - (bal) [defines.h] Some platforms don't have SIZE_T_MAX. So assign it to ULONG_MAX. 20020813 - (tim) [configure.ac] Display OpenSSL header/library version. Patch by dtucker@zip.com.au 20020731 - (bal) OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/07/24 16:11:18 [hostfile.c hostfile.h sshconnect.c] print out all known keys for a host if we get a unknown host key, see discussion at http://marc.theaimsgroup.com/?t=101069210100016&r=1&w=4 the ssharp mitm tool attacks users in a similar way, so i'd like to pointed out again: A MITM attack is always possible if the ssh client prints: The authenticity of host 'bla' can't be established. (protocol version 2 with pubkey authentication allows you to detect MITM attacks) - mouring@cvs.openbsd.org 2002/07/25 01:16:59 [sftp.c] FallBackToRsh does not exist anywhere else. Remove it from here. OK deraadt. - markus@cvs.openbsd.org 2002/07/29 18:57:30 [sshconnect.c] print file:line - markus@cvs.openbsd.org 2002/07/30 17:03:55 [auth-options.c servconf.c servconf.h session.c sshd_config sshd_config.5] add PermitUserEnvironment (off by default!); from dot@dotat.at; ok provos, deraadt 20020730 - (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de 20020728 - (stevesk) [auth-pam.c] should use PAM_MSG_MEMBER(); from solar - (stevesk) [CREDITS] solar - (stevesk) [ssh-rand-helper.c] RAND_bytes() and SHA1_Final() unsigned char arg. 20020725 - (djm) Remove some cruft from INSTALL - (djm) Latest config.guess and config.sub from ftp://ftp.gnu.org/gnu/config/ 20020723 - (bal) [bsd-cray.c bsd-cray.h] Part 2 of Cray merger. - (bal) sync ID w/ ssh-agent.c - (bal) OpenBSD Sync - markus@cvs.openbsd.org 2002/07/19 15:43:33 [log.c log.h session.c sshd.c] remove fatal cleanups after fork; based on discussions with and code from solar. - stevesk@cvs.openbsd.org 2002/07/19 17:42:40 [ssh.c] display a warning from ssh when XAuthLocation does not exist or xauth returned no authentication data. ok markus@ - stevesk@cvs.openbsd.org 2002/07/21 18:32:20 [auth-options.c] unneeded includes - stevesk@cvs.openbsd.org 2002/07/21 18:34:43 [auth-options.h] remove invalid comment - markus@cvs.openbsd.org 2002/07/22 11:03:06 [session.c] fallback to _PATH_STDPATH on setusercontext+LOGIN_SETPATH errors; - stevesk@cvs.openbsd.org 2002/07/22 17:32:56 [monitor.c] u_int here; ok provos@ - stevesk@cvs.openbsd.org 2002/07/23 16:03:10 [sshd.c] utmp_len is unsigned; display error consistent with other options. ok markus@ - stevesk@cvs.openbsd.org 2002/07/15 17:15:31 [uidswap.c] little more debugging; ok markus@ 20020722 - (bal) AIX tty data limiting patch fix by leigh@solinno.co.uk - (stevesk) [xmmap.c] missing prototype for fatal() - (bal) [configure.ac defines.h loginrec.c sshd.c sshpty.c] Partial sync with Cray (mostly #ifdef renaming). Patch by wendyp@cray.com. - (bal) [configure.ac] Missing ;; from cray patch. - (bal) [monitor_mm.c openbsd-compat/xmmap.h] Move xmmap() defines into it's own header. - (stevesk) [auth-pam.[ch] session.c] pam_getenvlist() must be freed by the caller; add free_pam_environment() and use it. - (stevesk) [auth-pam.c] typo in comment 20020721 - (stevesk) [auth-pam.c] merge cosmetic changes from solar's openssh-3.4p1-owl-password-changing.diff - (stevesk) [auth-pam.c] merge rest of solar's PAM patch; PAM_NEW_AUTHTOK_REQD remains in #if 0 for now. - (stevesk) [auth-pam.c] cast to avoid initialization type mismatch warning on pam_conv struct conversation function. - (stevesk) [auth-pam.h] license - (stevesk) [auth-pam.h] unneeded include - (stevesk) [auth-pam.[ch] ssh.h] move SSHD_PAM_SERVICE to auth-pam.h 20020720 - (stevesk) [ssh-keygen.c] bug #231: always init/seed_rng(). 20020719 - (tim) [contrib/solaris/buildpkg.sh] create privsep user/group if needed. Patch by dtucker@zip.com.au - (tim) [configure.ac] test for libxnet on HP. Patch by dtucker@zip.com.au 20020718 - (tim) [defines.h] Bug 313 patch by dirk.meyer@dinoex.sub.org - (tim) [monitor_mm.c] add missing declaration for xmmap(). Reported by ayamura@ayamura.org - (tim) [configure.ac] Bug 267 rework int64_t test. - (tim) [includes.h] Bug 267 add stdint.h 20020717 - (bal) aixbff package updated by dtucker@zip.com.au - (tim) [configure.ac] change how we do paths in AC_PATH_PROGS tests for autoconf 2.53. Based on a patch by jrj@purdue.edu 20020716 - (tim) [contrib/solaris/opensshd.in] Only kill sshd if .pid file found 20020715 - (bal) OpenBSD CVS Sync - itojun@cvs.openbsd.org 2002/07/12 13:29:09 [sshconnect.c] print connect failure during debugging mode. - markus@cvs.openbsd.org 2002/07/12 15:50:17 [cipher.c] EVP_CIPH_CUSTOM_IV for our own rijndael - (bal) Remove unused tty defined in do_setusercontext() pointed out by dtucker@zip.com.au plus a a more KNF since I am near it. - (bal) Privsep user creation support in Solaris buildpkg.sh by dtucker@zip.com.au 20020714 - (tim) [Makefile.in] replace "id sshd" with "sshd -t" - (bal/tim) [acconfig.h configure.ac monitor_mm.c servconf.c openbsd-compat/Makefile.in] support compression on platforms that have no/broken MAP_ANON. Moved code to openbsd-compat/xmmap.c Based on patch from nalin@redhat.com of code extracted from Owl's package - (tim) [ssh_prng_cmds.in] Bug 323 arp -n flag doesn't exist under Solaris. report by chris@by-design.net - (tim) [loginrec.c] Bug 347: Fix typo (WTMPX_FILE) report by rodney@bond.net - (tim) [loginrec.c] Bug 348: add missing found = 1; to wtmpx_islogin() report by rodney@bond.net 20020712 - (tim) [Makefile.in] quiet down install-files: and check-user: - (tim) [configure.ac] remove unused filepriv line 20020710 - (tim) [contrib/cygwin/ssh-host-config] explicitely sets the permissions on /var/empty to 755 Patch by vinschen@redhat.com - (bal) OpenBSD CVS Sync - itojun@cvs.openbsd.org 2002/07/09 11:56:50 [sshconnect.c] silently try next address on connect(2). markus ok - itojun@cvs.openbsd.org 2002/07/09 11:56:27 [canohost.c] suppress log on reverse lookup failiure, as there's no real value in doing so. markus ok - itojun@cvs.openbsd.org 2002/07/09 12:04:02 [sshconnect.c] ed static function (less warnings) - stevesk@cvs.openbsd.org 2002/07/09 17:46:25 [sshd_config.5] clarify no preference ordering in protocol list; ok markus@ - itojun@cvs.openbsd.org 2002/07/10 10:28:15 [sshconnect.c] bark if all connection attempt fails. - deraadt@cvs.openbsd.org 2002/07/10 17:53:54 [rijndael.c] use right sizeof in memcpy; markus ok 20020709 - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms lacking that concept can share it. Patch by vinschen@redhat.com 20020708 - (tim) [openssh/contrib/solaris/buildpkg.sh] add PKG_INSTALL_ROOT to work in a jumpstart environment. patch by kbrint@rufus.net - (tim) [Makefile.in] workaround for broken pakadd on some systems. - (tim) [configure.ac] fix libc89 utimes test. Mention default path for --with-privsep-path= 20020707 - (tim) [Makefile.in] use umask instead of chmod on $(PRIVSEP_PATH) - (tim) [acconfig.h configure.ac sshd.c] s/BROKEN_FD_PASSING/DISABLE_FD_PASSING/ - (tim) [contrib/cygwin/ssh-host-config] sshd account creation fixes patch from vinschen@redhat.com - (bal) [realpath.c] Updated with OpenBSD tree. - (bal) OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2002/07/04 04:15:33 [key.c monitor_wrap.c sftp-glob.c ssh-dss.c ssh-rsa.c] patch memory leaks; grendel@zeitbombe.org - deraadt@cvs.openbsd.org 2002/07/04 08:12:15 [channels.c packet.c] blah blah minor nothing as i read and re-read and re-read... - markus@cvs.openbsd.org 2002/07/04 10:41:47 [key.c monitor_wrap.c ssh-dss.c ssh-rsa.c] don't allocate, copy, and discard if there is not interested in the data; ok deraadt@ - deraadt@cvs.openbsd.org 2002/07/06 01:00:49 [log.c] KNF - deraadt@cvs.openbsd.org 2002/07/06 01:01:26 [ssh-keyscan.c] KNF, realloc fix, and clean usage - stevesk@cvs.openbsd.org 2002/07/06 17:47:58 [ssh-keyscan.c] unused variable - (bal) Minor KNF on ssh-keyscan.c 20020705 - (tim) [configure.ac] AIX 4.2.1 has authenticate() in libs. Reported by Darren Tucker <dtucker@zip.com.au> - (tim) [contrib/cygwin/ssh-host-config] double slash corrction from vinschen@redhat.com 20020704 - (bal) Limit data to TTY for AIX only (Newer versions can't handle the faster data rate) Bug #124 - (bal) glob.c defines TILDE and AIX also defines it. #undef it first. bug #265 - (bal) One too many nulls in ports-aix.c 20020703 - (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com - (bal) minor correction to utimes() replacement. Patch by onoe@sm.sony.co.jp - OpenBSD CVS Sync - markus@cvs.openbsd.org 2002/06/27 08:49:44 [dh.c ssh-keyscan.c sshconnect.c] more checks for NULL pointers; from grendel@zeitbombe.org; ok deraadt@ - deraadt@cvs.openbsd.org 2002/06/27 09:08:00 [monitor.c] improve mm_zalloc check; markus ok - deraadt@cvs.openbsd.org 2002/06/27 10:35:47 [auth2-none.c monitor.c sftp-client.c] use xfree() - stevesk@cvs.openbsd.org 2002/06/27 19:49:08 [ssh-keyscan.c] use convtime(); ok markus@ - millert@cvs.openbsd.org 2002/06/28 01:49:31 [monitor_mm.c] tree(3) wants an int return value for its compare functions and the difference between two pointers is not an int. Just do the safest thing and store the result in a long and then return 0, -1, or 1 based on that result. - deraadt@cvs.openbsd.org 2002/06/28 01:50:37 [monitor_wrap.c] use ssize_t - deraadt@cvs.openbsd.org 2002/06/28 10:08:25 [sshd.c] range check -u option at invocation - deraadt@cvs.openbsd.org 2002/06/28 23:05:06 [sshd.c] gidset[2] -> gidset[1]; markus ok - deraadt@cvs.openbsd.org 2002/06/30 21:54:16 [auth2.c session.c sshd.c] lint asks that we use names that do not overlap - deraadt@cvs.openbsd.org 2002/06/30 21:59:45 [auth-bsdauth.c auth-skey.c auth2-chall.c clientloop.c key.c monitor_wrap.c monitor_wrap.h scard.h session.h sftp-glob.c ssh.c sshconnect2.c sshd.c] minor KNF - deraadt@cvs.openbsd.org 2002/07/01 16:15:25 [msg.c] %u - markus@cvs.openbsd.org 2002/07/01 19:48:46 [sshconnect2.c] for compression=yes, we fallback to no-compression if the server does not support compression, vice versa for compression=no. ok mouring@ - markus@cvs.openbsd.org 2002/07/03 09:55:38 [ssh-keysign.c] use RSA_blinding_on() for rsa hostkeys (suggested by Bill Sommerfeld) in order to avoid a possible Kocher timing attack pointed out by Charles Hannum; ok provos@ - markus@cvs.openbsd.org 2002/07/03 14:21:05 [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config] re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@ - (bal) Failed password attempts don't increment counter on AIX. Bug #145 - (bal) Missed Makefile.in change. keysign needs readconf.o - (bal) Clean up aix_usrinfo(). Ignore TTY= period I guess. 20020702 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & friends consistently. Spotted by Solar Designer <solar@openwall.com> 20020629 - (bal) fix to auth2-pam.c to swap fatal() arguments, A bit of style clean up while I'm near it. 20020628 - (stevesk) [sshd_config] PAMAuthenticationViaKbdInt no; commented options should contain default value. from solar. - (bal) Cygwin uid0 fix by vinschen@redhat.com - (bal) s/config.h/includes.h/ in openbsd-compat/ for *.c. Otherwise wise have issues of our fixes not propogating right (ie bcopy instead of memmove). OK tim - (bal) FreeBSD needs <sys/types.h> to detect if mmap() is supported. Bug #303 20020627 - OpenBSD CVS Sync - deraadt@cvs.openbsd.org 2002/06/26 14:49:36 [monitor.c] correct %u - deraadt@cvs.openbsd.org 2002/06/26 14:50:04 [monitor_fdpass.c] use ssize_t for recvmsg() and sendmsg() return - markus@cvs.openbsd.org 2002/06/26 14:51:33 [ssh-add.c] fix exit code for -X/-x - deraadt@cvs.openbsd.org 2002/06/26 15:00:32 [monitor_wrap.c] more %u - markus@cvs.openbsd.org 2002/06/26 22:27:32 [ssh-keysign.c] bug #304, xfree(data) called to early; openssh@sigint.cs.purdue.edu
2003-01-18Updated stunnel to 4.04 (upgrade to 4.03 provided by Juan RP in pkg/19310)martti5-52/+61
* New features sponsored by MAXIMUS http://www.maximus.com/ - New 'options' configuration option to setup OpenSSL library hacks with SSL_CTX_set_options(). - 'service' option also changes the name for TCP Wrappers access control in inetd mode. - SSL is negotiated before connecting remote host or spawning local process whenever possible. - REMOTE_HOST variable is always placed in the enrivonment of a process spawned with 'exec'. - Whole SSL error stack is dumped on errors. - Manual page updated (special thanks to Brian Hatch). - New user interface (config file). - Single daemon can listen on multiple ports, now. - Delayed DNS lookup added. * Other new features - All the timeouts are now configurable including TIMEOUTclose that can be set to 0 for MSIE and other buggy clients that do not send close_notify. - Stunnel process can be chrooted in a specified directory. - Numerical values for setuid() and setgid() are allowed, now. - Confusing code for setting certificate defaults introduced in version 3.8p3 was removed to simplify stunnel setup. There are no built-in defaults for CApath and CAfile options. - Private key file for a certificate can be kept in a separate file. Default remains to keep it in the cert file. - Manual page updated.
2003-01-18Updated keychain to 2.0.2martti3-33/+24
NOTE: The .ssh-agent-* files are now in the ~/.keychain/ directory. Use something like this in your dot files: [ -r ${HOME}/.ssh-agent-`hostname` ] && . ${HOME}/.ssh-agent-`hostname` [ -r ${HOME}/.keychain/`hostname`-sh ] && . ${HOME}/.keychain/`hostname`-sh
2003-01-17Update p0f to 1.8.2. Changes:hubertf4-14/+26
1. Developer changed s/Micha³ Zalewski/William Stearns/ 2. A lot of new finger prints. 3. GPL -> LGPL license change Full list (not so big) in ChangeLog Patch contributed by Dawid Szymañski in PR 19896.
2003-01-13add LDFLAGS to ld arguments so libpam_misc can find libpam.grant2-4/+13
fixes build problem in Hubert's bulk-build.
2003-01-12Update to ssh version 3.2.2.seb3-79/+14
Changes since 3.2.0: 2002-10-15 Sami J. Lehtinen <sjl@ssh.com> * ssh-3.2.2 (on Unix this time). * sshd2: Fixed a security problem with setsid() use. Now we call it every time, if we need to run a new process on the user's privileges (command, subsystem or shell). Previously, it was only run if the user had requested a tty (for a shell, for example). Special thanks to Logan Gabriel for finding this problem. 2002-10-01 Sami J. Lehtinen <sjl@ssh.com> * configure: Previous: Check for /dev/pts was broken. 2002-08-08 Sami J. Lehtinen <sjl@ssh.com> * ssh-3.2.2 (only Windows client, no *nix changes). 2002-07-26 Sami J. Lehtinen <sjl@ssh.com> * ssh-3.2.1. 2002-07-24 Sami J. Lehtinen <sjl@ssh.com> * sshd2: Fixed a bug with setpcred() usage (on AIX), which caused that chroot() was not done.
2003-01-10USE_PKGLOCALEDIR=yescjep1-5/+6
2003-01-10USE_PKGLOCALEDIR=yescjep2-8/+10
2003-01-09Update from 2.20 to 2.22.mycroft2-5/+5
Release 2.22. Added clone method. Contributed by Holger Smolinski <holger@kunterbunt.bb.bawue.de> Release 2.21 Minor tweaks sync up with bleadperl: - VMS optimizer tweaks to the Makefile.PL - MacOS support - Added alignment test Added example to the MD5 POD that shows how to calculate the digest of Unicode strings.
2003-01-09Update checksum for idea.c.gz.chris1-3/+3
Changelog from idea.c file indicates: * 2002-12-11 wk __ppc__ is used on Darwin instead of __powerpc__. Used .sig file to check download was ok. Closes pkg/19749
2003-01-06Split up installation of directories to please SunOS /usr/ucb/installcjep1-2/+3
2003-01-04Instead of using -Wl,-R use -Wl,${_OPSYS_RPATH_NAME} (and pass thiscjep3-5/+6
value to make).
2003-01-03Pass -Wl,-R${X11BASE}/lib to cc to build ssh-askpass (instead of just -R)cjep2-24/+24
2003-01-03Change my email address to the NetBSD one (hispabsd.org -> netbsd.org).jmmv2-4/+4
Approved by wiz.
2003-01-02Fix distinfos (server holding distfiles replaced and original distfiles lost)abs2-6/+6
2002-12-31Updated to p5-Net-SSLeay-1.21shell2-5/+5
Changes provided, but not clear, I guess should be a functional improvement and some bugs fixed. - Patch by Mike McCauley mikem@open.com_.au - applied patch from Tim Engler <tim@burntcouch_.com> - perl-5.8/gcc-3.2 patch on Makefile.PL from Joern_Hoos@@notes.uni-paderborn._de, lucho@@galix._com, bellis@@saberlogic._com, and simonclewer@@superquote._com
2002-12-30remove entry for "lib/nessus/plugins_factory". Reported by Bernd Ernestifrueauf1-2/+1
in private mail.
2002-12-25Use automatic PLIST handling.grant5-12/+9
2002-12-24Make this work on IRIX.jschauma1-2/+4
2002-12-24Add PLIST for irix6. Same as netbsd and solaris -- maybe we can combine these?jschauma1-0/+7
2002-12-24implementations->implicationscjep1-1/+1
2002-12-23Update security/PAM to 0.77. Changes from version 0.75 include:jlam29-747/+875
* Numerous bug fixes for most of the PAM modules, including several string length checks and fixes (update recommended!). * fix for legacy behavior of pam_setcred and pam_close_session in the case that pam_authenticate and pam_open_session hadn't been called * pam_unix: - don't zero out password strings during password changing function * pam_wheel: - feature: can use the module to provide wheel access to non-root accounts. * pam_limits: - added '%' domain for maxlogins limiting, now '*' and @group have the old meaning (every) and '%' the new one (all) - handle negative priority limits (which can apply to the superuser too). * pam_userdb: - require that all of typed password matches that in database * pam_access: - added the 'fieldsep=' argument, made a PAM_RHOST of "" equivalent to NULL Incidentally, cups-1.1.18 will once again do PAM authentication using pam_unix.so if built against PAM-0.77.
2002-12-23Whitespace fixcjep3-7/+7
2002-12-22Update gpgme to 0.3.14.chris3-7/+7
From NEWS file: Noteworthy changes in version 0.3.14 (2002-12-04) ------------------------------------------------- * GPGME-Plug is now in its own package "cryptplug". * Workaround for a setlocale problem. Fixed a segv related to not correctly as closed marked file descriptors. For full list of changes see ChangeLog. (distfile checked against .sig file)
2002-12-19Update nessus{-core,-libraries,-plugins} and libnasl to 1.2.7.frueauf14-40/+88
Based on pr pkg/19438 by Adrian Portelli. Changes since 1.2.6: . changes by Renaud Deraison (deraison@cvs.nessus.org) - The 'cancel' button of several file selection dialogs is now working - Optimized several plugins : - Web-related checks now use http_recv() instead of recv() - open_priv_sock_tcp() has a lower timeout - RPC related checks now use get_rpc_port(), a function equivalent to libc's getrpcport() but with a much smaller timeout - Decreased the default value of checks_read_timeout from 15 to 5 - Fixed a bug in the plugin selection GUI which would not refresh the list of plugins of a given family properly (bug#3) - Fixed memory leaks in NASL - Fixed a bug in nessusd which would make it leak memory when receiving a SIGHUP (bug#10) - Fixed a compatibility problem with Nmap 3.10ALPHA (bug#11) - Nessus now accepts nmap's U: and T: notation for the port range (bug#5) . changes by Erik Anderson (eanders@pobox.com) - Added CVE and BID links, added urls and removed dead links from the plugins . changes by Michel Scheidell (scheidell@secnap.net) - Improved several SMB-related checks . changes by Rodolfo Baader (rbaader@activesec.biz) - Quotes and apostrophes are properly escaped in the XML output report
2002-12-18Add and enable gtk-systrace and tkpasman.wiz1-1/+3
2002-12-18GTK interface to systrace(1).wiz5-0/+81
2002-12-16On NetBSD use /dev/urandom insted of /dev/random (PR#19275).martti4-8/+30
Bump PKGREVISION.
2002-12-14REPLACE_PERL's working directory is ${WRKSRC}, so packages needn'tschmonz1-2/+2
prefix REPLACE_PERL definitions with ${WRKSRC}.