| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
* New "--gnupg" option (set by default) that disables --openpgp,
and the various --pgpX emulation options. This replaces
--no-openpgp, and --no-pgpX, and also means that GnuPG has
finally grown a --gnupg option to make GnuPG act like GnuPG.
* A number of portability changes to make building GnuPG on
less-common platforms easier.
* Romanian translation.
* Two new %-expandos for use in notation and policy URLs. "%g"
expands to the fingerprint of the key making the signature
(which might be a subkey), and "%p" expands to the fingerprint
of the primary key that owns the key making the signature.
* New "tru" record in --with-colons --list-keys listings. It
shows the status of the trust database that was used to
calculate the key validity in the listings. See doc/DETAILS for
the specifics of this.
* New REVKEYSIG status tag for --status-fd. It indicates a valid
signature that was issued by a revoked key. See doc/DETAILS for
the specifics of this.
|
|
an operating system does not have a 'make' (ie only bmake), or if the OS
supplied 'make' is sufficiently broken (Irix), this will cause the build to
fail (interestingly enough apparently only if build as a dependency, not
if build from this directory).
Patch Makefiles to use @MAKE@, which then, after patching, is substituted with
the actual ${MAKE} (can't use "MAKE= ${MAKE} -f Makefile.ssl").
While here, tweak Irix configure a bit.
|
|
No documentation is given for changes.
- improved portability; proper checking for libwrap.
- add hosts_allow, hosts_deny and hosts_ctl methods.
It should fix macppc bulk build problem. This packge was broken since
ruby-tcpwrap-0.3's distfile's contet was changed.
|
|
contains a static library. Patch from Todd Vierling.
|
|
Instead of using the number of bytes to determine whether or not the
file has shrunk, use the number of lines. This will allow for
spelling corrections, login name of committers being shorter than
others, etc. This is a temporary measure until a better distribution
mechanism is used. Suggested by David Brownlee.
|
|
|
|
|
|
The search for a small Secure Shell server to fit on a laptop with 4
megs ram and no hard disk was fruitless, so Matt Johnston decided to
write his own, and Dropbear is the result. It implements various
features of the SSH 2 protocol, including X11 and Authentication Agent
forwarding. Dropbear is Open Source software, distributed under a
MIT-style license.
Features
* A small memory footprint - Dropbear can compile to a 110kB
statically linked binary with uClibc (and only minimal options
selected).
* Implements X11 forwarding, and authentication-agent forwarding
for OpenSSH clients
* Compatible with OpenSSH ~/.ssh/authorized_keys public key
authentication
* Features can easily be disabled when compiling to save space.
* Preliminary TCP forwarding support (-L style only)
|
|
changes:
Fix build on NetBSD-current with OpenSSL 0.9.7.
New in 2.1.15
-------------
* Fix a number of build issues
* Add a doc/components.html that hopefully describes how things
interact better.
New in 2.1.14
-------------
* OS X 10.2 support
* Support for the Sun SEAM GSSAPI implementation
* Support for MySQL 4
* A number of build fixes
* Other minor bugfixes
OK'ed by chris@
|
|
|
|
Previous versions have a security issue. Please update!
Thanks to gendalia@ for testing.
Changes since version 3.2.2:
2003-05-09 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.5.
* Fixed a critical security bug with RSA signature
verification. Mitigating factors: DSA is used by default (not
vulnerable). Also, the attack requires that attacker has the
public key and the attacker needs to precompute the signature
data so, that it looks like a valid PKCS#1 signature. This is a
non-trivial task to perform without the private
key. Nonetheless, all users should update their servers and
clients as soon as convenient. Workarounds are to not use RSA
keys as host keys (though connecting to existing hosts with RSA
hostkeys poses a serious risk with a vulnerable client), and
disabling publickey authentication. Update your clients and
servers.
2003-04-22 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.4.
* sshd2: Binary (generated by us) is tagged as a "supported
binary" for SecurID. (no actual code changes)
* Previous: ssh-3.2.3.1.
2003-02-06 Sami J. Lehtinen <sjl@ssh.com>
* sftp2 (etc): Fixed a bug with readline jamming when pressing
backspace (etc) on AIX and some other platforms.
2003-01-12 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.3.
2003-01-03 Sami J. Lehtinen <sjl@ssh.com>
* scp2: Removed broken special handling for SIGHUP, so that
"nohup" can again work.
* ssh2: Check whether we should ignore SIGQUIT, SIGINT, and do so,
if necessary. Thanks for J. Schilling for pointing this one out.
* ssh-add2: Make sure fgets() from pipe to ssh-askpass2 recovers
from if interrupted by signal, i.e. SIGCHLD.
* ssh2 (lib/sshsession/sshtty.c): As entry above, but for tcsetattr().
* During "make install", use default size of key instead of hardcoded
1024 when generating hostkey.
2002-12-18 Sami J. Lehtinen <sjl@ssh.com>
* scp2,sftp2: Print progress output to stdout, to make it
distinguishable from errors in cron jobs etc.
2002-12-17 Sami J. Lehtinen <sjl@ssh.com>
* apps/ssh/sshchsession.c: Fixed a bug which caused sshd2 child
server to jam occasionally after logging an event, if nsswitch had
been configured to use LDAP.
2002-12-13 Sami J. Lehtinen <sjl@ssh.com>
* sshd2: Previous (by Tomi Mickelsson): Fixed a bug where
specifying a local forwarding endpoint as an IP-address which was
unresolvable would result in a crash.
2002-12-12 Sami J. Lehtinen <sjl@ssh.com>
* scp2: Fixed a bug/missing feature from scp2. It now reports
information also when run when there is no tty. Also implemented
--statistics=[no,yes,simple], where "yes" is old-style, "no" is
analogous to "-Q" command-line option, and "simple" is the way
the statistics are printed when there is no tty (no intermittent
reporting, file size, transfer time and full file name are printed
after the transfer for the specific file is finished).
2002-12-11 Sami J. Lehtinen <sjl@ssh.com>
* ssh-keygen2: respect "-P" and "-p" options when converting
ssh1-keys.
2002-12-10 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshcore/sshdebug.c: Fixed a compilation problem
manifested on older AIX and debugging enabled (as is default).
* scp2: You can now specify the newline convention when using the
"-a" option. See manual page scp2(1).
2002-11-08 Sami J. Lehtinen <sjl@ssh.com>
* Removed ssh-pubkeymgr and ssh-chrootmgr from the distribution
(they didn't work too well).
* apps/ssh/lib/sshproto/trcommon.c: Fixed a crash if hostkey
algorithms or kex-methods couldn't be negotiated.
2002-11-05 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshapputil/sshuserfile.c: Changed to use
lib/sshsession/sigchld.c, instead of using wait() directly. This
fixes the bug where the number of connections would slowly rise to
the maximum when using MaxConnections and tcp-wrappers (it was a
race-condition).
* lib/sshsession/sigchld.c: Sigchld now keeps a list of recently
exited children. This fixes a race condition, where the child
process could exit before the mother process had registered a
handler for it.
* lib/sshsession: Fixed NetBSD 1.6 compilation. Also, NetBSD 1.6
supports openpty style ptys, so fixed check to actually detect
them on NetBSD. Don't use utmpx on NetBSD, as it doesn't seem to
work (at least not in the way we use it).
* lib/sshsession/sshunixuser.c: Make sure we have room for the
NULL pointer in the groups array.
* ssh2 (ssh1-emulation): Fixed a bug, which in some cases caused
an assertion failure later.
2002-10-29 Sami J. Lehtinen <sjl@ssh.com>
* configure: Added /usr/X11R6/bin and /usr/X11/bin to search PATH
for xauth to ease installation on pristine systems.
2002-10-22 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshnet/sshtcp.c: (by Tomi Ollila) Fixed a bug with
SOCKS handling.
2002-10-01 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshpacketstream/sshpacketwrapper.c: (by Tomi Kause)
Fixed a latent (in ssh2) bug, when writing to the stream from the
received_cb.
* lib/sshutil/sshnet/sshsocks.c: (by Tomi Ollila) Decode
ipv6-mapped-ipv4-addresses when doing SOCKS4, as SOCKS4 only
supports plain ipv4-addresses.
* scp2: Implemented --overwrite, which controls whether to
overwrite the destination file(s). Default is "yes",
i.e. to overwrite.
* scp2: Implemented interactive mode, i.e. you can make scp2
prompt you whether to overwrite an existing destination
file. Works by giving --interactive (-I) on the command-line.
2002-08-15 Sami J. Lehtinen <sjl@ssh.com>
* sshd2: Fixed a bug with originator-pat with ForwardACLs.
2002-08-02 Sami J. Lehtinen <sjl@ssh.com>
* scp2, sftp2: Fixed a bug, which caused file transfer to stall,
if trying to transfer a zero sized file with ascii transfer
(newline mangling).
2002-07-21 Sami J. Lehtinen <sjl@ssh.com>
* sftp2: Added option "S" and "r" to "ls" (for sorting by size and
reversing the sort order, respectively).
* sftp2: "ls" works much better now. Tab completion understand
directories (appends a '/', for easier directory traversal).
* sftp2, scp2: Extensive rewrite of SshFileCopy, and as a
consequence, of both scp2 and sftp2 core functionality.
2002-06-13 Sami J. Lehtinen <sjl@ssh.com>
* ssh2: Fixed a bug with one-shot forwarding.
|
|
|
|
|
|
snapshots)
|
|
snapshots)
|
|
|
|
|
|
harm on older versions, so bring it in explicitly.
|
|
|
|
|
|
Fix PLIST for missing info files.
|
|
|
|
|
|
set PKG_SKIP_REASON and move on. The package only supports to 0.9.6g
currently otherwise.
|
|
|
|
3.0.0:
- Cleaned up installed header files.
- Modified the API so that all keys can be passed as arrays of bytes.
- Modified the API so that all key sizes are given in bits.
- Modified the multi-precision integer library to work better on 64-bit
machines.
- Modified the assembly source generation mechanism, employing the m4
macro processor.
- Added multi-precision integer vectorized assembler routines for
Itanium.
- Added multi-precision integer assembler routines for PowerPC 64-bit.
- Added multi-precision integer assembler routines for Alpha.
- Added multi-precision integer assembler routines for Opteron.
- Added multi-precision integer assembler routines for IBM zSeries 64-bit.
- Added multi-precision integer assembler routines for M68K.
- Added Jeff Johnson's python bindings.
- Added new unit tests.
- Added new benchmarking programs.
2.3.0pre:
- Modified the header files so that the library now uses self-contained
autoconf-generated configuration files; a program employing BeeCrypt can
now use the symbols already tested and defined instead of having to
regenerate them (thus also eliminating the risk of inconsistencies).
- Added the AES algorithm, with assembler routines for i586 and powerpc.
- Added the DSA signature algorithm.
- Added PowerPC assembler routines for blowfish.
- Added Pentium4 SSE2 assembler multiplication routines.
- Fixed the RSA CRT algorithm.
- Fixed the gas/i386 mp32even and mp32odd routines.
- Fixed a bug in modular inverse computation; thanks to Jeff Johnson of
RedHat for pointing this out.
- Fixed a bug in testing the result of a gcd operation in the mp32prndconone
routine.
- Fixed an ugly bug in base64 decoding.
- Fixed compatibility with the latest automake & autoconf versions.
- Replaces CPU optimization mechanism in configure script.
|
|
|
|
BeeCrypt is an open source cryptography library that contains highly
optimized C and assembler implementations of many well-known algorithms
including Blowfish, MD5, SHA-1, Diffie-Hellman, and ElGamal.
Unlike some other crypto libraries, BeeCrypt is not designed to solve
one specific problem, like file encryption, but to be a general purpose
toolkit which can be used in a variety of applications.
There are also no patent or royalty issues associated with BeeCrypt, and
it is released under the GNU LGPL license, which means it can used for
free in both open source and closed source commercial projects.
|
|
explained in the "Advanced Topics" part of the SWIG documentation
(as currently built - w/o python version dependency, it is broken anyway)
we just need a build dependency on swig-build
|
|
never gets included and nothing links.
|
|
using RCD_SCRIPTS to handle generation and installation of the rc.d script.
Convert the rc.d script to the rc.subr framework too.
Bump PKGREVISION to 1.
|
|
bsd.pkg.install.mk to handle its generation and installation.
While here, switch to buildlink2. Bump PKGREVISION to 1.
|
|
|
|
|
|
XXX there really must be a better way to (not have to) do this.
|
|
Bump PKGREVISION to 1.
|
|
|
|
Otherwise it gets confused about the library hidden by buildlink.
|
|
changes:
-bugfixes
-speed improvements, added benchmark tools
-support to RSA key objects for blinding and unblinding data
- * Renamed cansign(), canencrypt(), hasprivate(), to
can_sign, can_encrypt, has_private.
-* Many randpool changes.
|
|
|
|
m2crypto-0.11, a crypto and SSL toolkit for Python.
|
|
|
|
was commented out because it didn't work with recent openssh, is now fiexed
and commented back in). This support is conditional on ${KERBEROS} being
set, and currently enables support for both kerberos 4 and 5. This should
be refined.
This has been tested and confirmed on -current and 1.6. Testing on other
platforms (if any? solaris?) in which we support kerberos in pkgsrc should
be done.
|
|
COMMENT, and add comment to Makefile explaining why we copy, rather than
source, files from ../openssh.
|
|
20030430 of the GSSAPI patches from
http://www.sxw.org.uk/computing/patches/openssh.html
. From the site:
The patches on this page are concerned with adding support for
authenticating users via their Kerberos credentials, and allowing
authenticated users to forward their credentials to a remote
machine over ssh.
These patches are against various versions of the OpenSSH portable
code. SSH has both a legacy protocol version 1, and a newer,
protocol version 2 (which is being standardised in the IETF).
Techniques exist for performing Kerberos authentication over both
protocols, and GSSAPI authentication over protocol version 2.
In this package standard ssh support for kerberos versions 4 and 5 is kept
for version 1 of the ssh protocol (openssh does not support kerberos 4 in
ssh protocol version 2).
These patches, which provide a much more thorough implementation of kerberos
5 support than that shipped with openssh, are pkg'ed here with an eye toward
evaluation of their usefullness for inclusion in the base os.
|
|
|
|
|
|
|
