| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Bison 2.6.x+ handles the yydebug functionality differently by predefining
YYDEBUG. The yacc logic is not expecting YYDEBUG to be defined without
an value, so it breaks on an "#if YYDEBUG" macro in a few places.
In order to make this work with pre-2.6 bison as well as current versions,
hard code the inclusion of debug symbols. It doesn't hurt anything and
it fixes the package.
|
|
|
|
dhbitty is a small public key encryption program written in C. It
uses elliptic curve Diffie-Hellman in the form of Curve25519 to
establish a shared secret between two users, and uses that secret to
symmetrically encrypt and authenticate messages.
There are no private key files; only passphrases. Never lose that
pesky thing again.
Both the sender and the receiver can decrypt a message. In fact,
there is no distinction between sender and receiver. Both passphrases
must be strong.
There is no signing. A similarly useful form of authentication occurs
using only DH. dhbitty attempts to be as simple as possible. It is
not optimized, but achieves a comfortable speed for most uses. It
does not use floating point numbers, or integers longer than 32 bits.
It does not contain more algorithms than are needed.
Example
This is how Alice generates her public key with dhbitty:
$ dhbitty generate alice_public_key.txt
username:passphrase (this is visible!): alice:Keyfiles be damned!
Done.
Bob will do the same thing:
$ dhbitty generate bob_public_key.txt
username:passphrase (this is visible!): bob:Bob's Spectacular Passphrase
Done.
Alice will publish her alice_public_key.txt, and Bob will publish his bob_public_key.txt. They can now access each other's
public keys. (But they should be careful that Eve cannot surreptitiously replace either public key with her own!)
Alice wants to send files to Bob. She packages them into a .tar archive (or any other type of archive with timestamps), along
with her message. Then she uses dhbitty:
$ dhbitty encrypt bob_public_key.txt files_to_bob.tar files_to_bob.tar.dhbt
username:passphrase (this is visible!): alice:Keyfiles be damned!
Done.
Alice sends files_to_bob.tar.dhbt to Bob. Bob will use dhbitty to decrypt this archive:
$ dhbitty decrypt files_to_bob.tar.dhbt files_to_bob.tar
username:passphrase (this is visible!): bob:Bob's Spectacular Passphrase
This is the public key of file's secondary owner:
0002f02b318c307bac07f3148a33c975cea04b79a870f0a5c7771cd38cc1986e
Done.
Bob can verify that the public key dhbitty just gave him indeed is Alice's public key. He unpacks the now-decrypted archive to
access the files Alice sent to him.
In practice, Alice and Bob should use a system like diceware to pick passphrases, in order to be confident of their strength.
Seven words picked using diceware is a good choice.
|
|
|
|
DragonFly users are referred to the security/racoon2 instead.
|
|
Note: Nobody that uses git from pkgsrc can install this package.
It conflicts with security/heimdal which is sucked in by dependencies
of scmgit-base. Since the default way of acquiring pkgsrc on
DragonFly is via git, which is provided by the releases and daily
snapshots, effectively this can't be installed by DragonFly users.
Solving the conflict with heimdal, if possible, would be nice.
|
|
changes: bugfixes
|
|
Fixes PR 46779.
|
|
|
|
Fixes build on at least Solaris.
|
|
|
|
changes
-DTLS improvements
-bugfixes
|
|
bug fixes.
|
|
URL should be as HOMEPAGE in the Makefile.
|
|
|
|
Bug fixes
|
|
When this package was updated to version 1.1, it stopped building on
DragonFly. The main issue is that DragonFly doesn't have bind in its
base. NetBSD does, so it zkt finds it there, but otherwise it needs
the configuration switch --enable-binutil-path to be used. This was
added for DragonFly to point at ${PREFIX}/sbin.
zkt requires bind to be installed in order to build. Unlike other
packages like python, postgresql, and ruby where the mk.conf can
define a version otherwise a default is used, no such mechanism
exists to hand the four separate bind packages (at least I don't know
about one). So the inclusion of bind99 is a hack I'm not too proud
of, but I don't have a better solution. With it, it builds in clean
environments like pbulk chroot and Tinderbox. If an individual user
is building from source, they'll be smart enough to comment out this
include if another version of bind is already installed (zkt will
fail on a bind build conflict).
I suspect DragonFly is rather unique in not having bind in base, so
for now this is left as a DragonFly-specific section. Something
like net/bind99/builtin.mk could possibly be used to determine if
no builtin bind is available and thus follow DragonFly approach. I
shall leave it to others to decide.
|
|
GNUTLS deprecated gnutils_transport_set_lowat function in version 2.12.0
and finally removed it with version 3.0, breaking any packages that
still reference it.
The lowat feature is now disabled permanently I think.
The patch uses the GNUTLS_VERSION_NUMBER macro to appropriately conceal
the function reference. The same patch is widely seen on the 'net with
other packages that use gnutls like OpenVAS.
|
|
|
|
|
|
is starttls's implementation is incompatible with emacs 22, 23 and probably
24 too, as a result sending emails with ssl/tls authorization fail due to
this
conflict. emacs-21 has its own starttls.el too and I believe it is also
sufficient. I wonder if someone still uses emacs-20 and its smtpmail.el for
sending emails. This change was tested on NetBSD-6 and emacs-{22,23}.
starttls package now DEPENDS on emacs-[0-9]*, that is any emacs flavour is
good enough
Set LICENSE to gnu-gpl-v2
++pkgrevision
|
|
It seems that I386 DragonFly (x86_64 is okay), invoking libintl's
bindtextdomain causes pkgsrc's libintl to segfault on a thread
locking operation. Anything linking with libgpg-error on i386
will consequently core dump.
Recognizing this treating the symptom, this patch disabled NLS on
I386 DragonFly.
|
|
|
|
This is a bugfix release.
* Fix an interop issue with Windows Server 2008 R2 Read-Only Domain Controllers.
* Update a workaround for a glibc bug that would cause DNS PTR queries to occur
even when rdns = false.
* Fix a kadmind denial of service issue (null pointer dereference), which could
only be triggered by an administrator with the "create" privilege.
[CVE-2012-1013]
Changes 1.10.1:
This is a bugfix release.
* Fix access controls for KDB string attributes [CVE-2012-1012]
* Make the ASN.1 encoding of key version numbers interoperate with Windows
Read-Only Domain Controllers
* Avoid generating spurious password expiry warnings in cases where the KDC
sends an account expiry time without a password expiry time.
|
|
Add LICENSE
++pkgrevision
|
|
by Obache.
|
|
0.4.6 (2011-10-16)
=====
* Added write_certificate function.
* Remove support for SSLv2, which was dropped upstream (thanks Dario Teixeira).
* Added support for compiling under Win32 (thanks David Allsopp), see
README.win32.
* Check for pthreads in configure.
0.4.5 (2011-03-01)
=====
* Use pthread mutexes for locking thread-safe version of ssl.
0.4.4 (2010-01-06)
=====
* Use SSL_CTX_use_certificate_chain_file instead of
SSL_CTX_use_certificate_file.
* Added support for --enable-debugging configure option.
* Don't link with unix library and don't build in custom mode.
0.4.3 (2008-12-18)
=====
* Don't use blocking sections in finalizers since it causes segfaults (thanks
Grégoire Henry and Stéphane Glondu).
|
|
|
|
Bump PKGREVISION.
|
|
from 2.51nb1 to 2.52.
Upstream changes:
2012-06-08 Gisle Aas <gisle@ActiveState.com>
Gisle Aas (3):
Wrong version number in the changelog
The t/threads.t was missing from the MANIFEST
Update expected digests for files
Andrew Fresh (1):
Remove double the
Lyle Hopkins (1):
Digest::Perl::MD5 OO fallback didn't work [RT#66634]
Peter J. Acklam (1):
Fix typos (spelling errors) in cpan/Digest-MD5/*
Shlomi Fish (1):
Modernize the code in the POD.
Zefram (1):
Makes Digest::MD5 work on Perl 5.6 [RT#75032]
|
|
security/p5-IO-Socket-SSL from 1.74 to 1.76.
Upstream changes:
v1.76 2012.06.18
- no longer depend on Socket.pm 1.95 for inet_pton, but use Socket6.pm if
no current Socket.pm is available. Thanks to paul[AT]city-fan[DOT]org
for pointing out the problem and providing first patch
v1.75 2012.06.15
- made it possible to explicitly disable TLSv11 and TLSv12 in SSL_version
|
|
|
|
|
|
|
|
|
|
This switches to the gnome-3.4 branch
(Seems to be source and binary compatible to the 2.32 one, no need
to keep the old version.)
|
|
Treat MacOS X just like any other UNIX system.
|
|
|
|
This switches to the new stable release branch.
|
|
changes:
-fix for pipe servers
-build system improvements
|
|
changes: bugfixes:
-Fixed memory leak in PKCS #8 key import
-Check key identifiers when checking for an issuer
pkgsrc note: This is just a last checkpoint on the 2.x branch, in case
it will be needed for the Q2 branch. Will update to 3.x RSN.
|
|
|
|
* libclamav: Scan output at end of truncated tar
* libclamav: Fix handling of tar file with malformed header
* libclamav: Scan chm with invalid handling
* freshclam: give custom dbs higher priority during update
* libclamav: detect read races and abort the scan with an error
* libclamav/pe.c: drop old header check
|
|
Upstream changes:
-----------------
## ssh 1.7.14 (2012-05-07)
* #15: Implemented parameter substitution in SSHConfig, matching the
implementation of `ssh_config(5)`. Thanks to Olle Lundberg for the patch.
* #24: Switch some internal type checking to use `isinstance` to help prevent
problems with client libraries using subclasses of builtin types. Thanks to
Alex Morega for the patch.
* [Fabric #562](https://github.com/fabric/fabric/issues/562): Agent forwarding
would error out (with `Authentication response too long`) or freeze, when more
than one remote connection to the local agent was active at the same time.
This has been fixed. Thanks to Steven McDonald for assisting in
troubleshooting/patching, and to GitHub user `@lynxis` for providing the
final version of the patch.
|
|
pkglint. If any of these are wrong for some reason, please revert/adjust.
|
|
|
|
===
F-PROT Antivirus for Unix, version 6.2.1
Compatibility for older Linux distros improved (glibc 2.3 for 32 bit version and glibc 2.4 for 64 bit version)
Compatibility for older Solaris/SunOS version improved (both 32 and 64 bit versions are compatible with solaris 8 now)
64 bit FreeBSD now supported
===
F-PROT Antivirus for Unix, version 6.2.0
Scan engine upgraded from 4.6.2 to 4.6.5 with improved detection rates and fewer false positives.
Multiple issues with the mail scanners have been fixed.
===
F-PROT Antivirus for Unix, version 6.1.1
fpupdate fix to prevent crash on certain 64 bit Linux systems.
|
|
|
|
|
|
* OPENDNSSEC-277: Enforcer: Performance optimisation of database access.
Bugfixes:
* SUPPORT-27: ods-ksmutil: simplify zone delete so that it only marks keys as
dead (rather than actually removing them). Leave the key removal to purge
jobs.
(Ok'ed by wiz@)
|
