| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
security/libksba tracking stable releases, and the distfile is gone.
|
|
|
|
works with python-2.7.
|
|
Bump PKGREVISION.
|
|
Bug
* Reload interval staying too low on reload failures.
* [HTTP-Redirect binding] [Message encoding] There should be no '%0A' in the
SAMLRequest parameter value
|
|
* Fix: wrong namespace in encryption DigestMethod
* Fix: RetrievalMethod handler
* Fix: support for >1 CRL per KeyInfo
* Fix: buffer initialization issue
* Fix: vector index bug
* Fix: stylesheet append bug
* Fix: header guard in XPath transform header
* Fix: string release crash
* Fix: improper c14n of XSLT
* Fix: setters for Reference Type/Id
* Fix: skip comments in X509Certificate elements
* Fix: more header guards
* Fix: NSS verification of RSA broken
* Expose algorithm URI on Signature and Reference objects
* White/blacklisting of otherwise registered algorithms
* Add selected XML Signature 1.1 KeyInfo extensions
* Add elliptic curve keys and signatures via ECDSA
* Support debugging of Reference/SignedInfo data
* Clean up tests for SHA2 algorithms in OpenSSL
* Updated autoconf script, added NSS support, removed pre-automake material
* Add methods for Reference removal to DSIGSignature/DSIGSignedInfo classes
|
|
|
|
capable CPUs
|
|
For changes from 5.5 to 5.7, please refer http://openssh.com/txt/release-5.7
and http://openssh.com/txt/release-5.6 in detail.
Changes since OpenSSH 5.7
=========================
Security:
* Fix vulnerability in legacy certificate signing introduced in
OpenSSH-5.6 and found by Mateusz Kocielski.
Legacy certificates signed by OpenSSH 5.6 or 5.7 included data from
the stack in place of a random nonce field. The contents of the stack
do not appear to contain private data at this point, but this cannot
be stated with certainty for all platform, library and compiler
combinations. In particular, there exists a risk that some bytes from
the privileged CA key may be accidentally included.
A full advisory for this issue is available at:
http://www.openssh.com/txt/legacy-cert.adv
Portable OpenSSH Bugfixes:
* Fix compilation failure when enableing SELinux support.
* Do not attempt to call SELinux functions when SELinux is disabled.
bz#1851
|
|
|
|
Bump PKGREVISION.
|
|
ClamAV 0.97 brings many improvements, including complete Windows support
(all major components compile out-of-box under Visual Studio), support for
signatures based on SHA1 and SHA256, better error detection, as well as
speed and memory optimizations. The complete list of changes is available
in the ChangeLog file.
|
|
* header file location of libbind is differ than SFU.
* treat all Interxi as same, not only interix3.
|
|
neither getipnodebyname(3) nor gethostbyname2(3).
|
|
|
|
|
|
|
|
* detect recent OpenPAM correctly
* catch getopt(3) with `int' for platforms that char will never be -1.
Bump PKGREVISION.
|
|
Bugfixes:
* Enforcer: Fixed a number of build warnings.
OpenDNSSEC 1.2.0rc3:
* Moved migration instructions to the file MIGRATION
Bugfixes:
* Bugreport #199: The previous DB schema change made the zone removal broken.
* Enforcer: When retiring old KSK, use TTL(ds) and not TTL(ksk).
* Enforcer: Minimize the set of DS RRs sent to DelegationSignerSubmitCommand.
* Enforcer: Replace tab with a space character in the DNSKEY printed to syslog.
* Enforcer: Fixed pontential format string bug.
* ods-ksmutil: Log to syslog when ds-seen changes a key to active/standby.
* Signer Engine: Don't be smart with RRSIG TTLs, the hsm will set them for you.
* Signer Engine: Set notify command for zone when receiving ods-signer update.
* Signer Engine: Update TTL of NSEC(3) records if SOA Minimum has changed
in KASP.
* Signer Engine: Now logs to the correct facility.
* Signer Engine: Also remove NSEC records when detecting changes in
signconf <Denial>
* Signer Engine: Dropped privileges before starting Zonefetcher.
OpenDNSSEC 1.2.0rc2:
Bugfixes:
* Signer Engine: Use the correct TTL for RRs after the $INCLUDE directive.
* Signer Engine: Also create new signature if TTL of RR has changed.
* Signer Engine: Drop old NSEC/NSEC3 records.
* ods-ksmutil: Fixed some memory leaks.
OpenDNSSEC 1.2.0rc1:
* New commandline option for the signer: ods-signer running.
* Allow connection to different MySQL ports in the Enforcer.
* Tone down and explain warning when converting M or Y to seconds
* ldns 1.6.7 is required for bugfixes
* dnsruby 1.51 is required for bugfixes
Bugfixes:
* Bugreport #187: ods-control signer start will return non-zero if start up
failed (uses ods-signer running).
* Narrow glue at the zone cut is allowed, do not consider it as occluded.
* Move zone fetcher output to correct input adapter file.
* Enforcer shared keys on zones with ShareKeys disabled.
* Make names of key states consistent.
* Signer Engine file descriptor leak fix on engine.sock.
* Set explicit "unlimited" repository capacity to prevent random integer being
read. Requires "ods-ksmutil update conf" to be run if using an existing
database.
* Fix issue with key generation creating too many keys Ticket #194.
* Bugreport #189: Auditor did not handle white-space-seperated substrings
for base64 text
* Bugreport #190: Auditor (and signer) does not handle case correctly
* Signer now silence stdout-output from the notify command
OpenDNSSEC 1.2.0b1:
* A new signer engine, written in c. Zones are maintained in memory, instead of
in files on disk.
* Removed the python and python-4suite-xml dependencies.
* Remove separate autoconf for libhsm/conf/enforcer.
* Add option to disable building the signer.
* Signer logs statistics just after outputting a new signed zone.
* libhsm will skip processing (and not create) any public keys if the
per repository option <SkipPublicKey/> is set.
* Keysharing improved - keys can now exist in different states on each zone
that the key is in use for.
* Backup prepare/commit/rollback added for 2-step backups without taking the
enforcer offline.
* Standby keys are now optional (default to 0) and should be considered
experimental.
Bugfixes:
* Fix semantics of refresh value in Signer Engine.
* Auditor handles chains of empty nonterminals correctly.
* Recalculate salt immediately if the saltlength is changed.
* libhsm connected to slot 0 if the token label was not found.
An error is now returned instead of connecting to the slot.
* Bugreport #102: Removed the obsoleted python-4suite-xml dependency.
* Fixed Known Issue: KSK rollover requires manual timing.
* Fixed Known Issue: Key rollover and reuse of signatures.
* Fixed Known Issue: Issue with sharing keys and adding zones.
* Fixed Known Issue: Quicksorter does not allow certain owner names
(Quicksorter is removed, signer now reads and sorts the zone).
|
|
|
|
What's new in Sudo 1.7.4p6?
* A bug has been fixed in the I/O logging support that could cause
visual artifacts in full-screen programs such as text editors.
|
|
|
|
* Allow more hash algorithms with the OpenPGP v2 card.
* The gpg-agent now tests for a new gpg-agent.conf on a HUP.
* Fixed output of "gpgconf --check-options".
* Fixed a bug where Scdaemon sends a signal to Gpg-agent running in
non-daemon mode.
* Fixed TTY management for pinentries and session variable update
problem.
|
|
|
|
|
|
|
|
|
|
What's new in Sudo 1.7.4p5?
* A bug has been fixed that would allow a command to be run without the
user entering a password when sudo's -g flag is used without the -u flag.
* If user has no supplementary groups, sudo will now fall back on checking
the group file explicitly, which restores historic sudo behavior.
* A crash has been fixed when sudo's -g flag is used without the -u flag
and the sudoers file contains an entry with no runas user or group listed.
* A bug has been fixed in the I/O logging support that could cause
visual artifacts in full-screen programs such as text editors,.
* A crash has been fixed when the Solaris project support is enabled
and sudo's -g flag is used without the -u flag.
* Sudo no longer exits with an error when support for auditing is
compiled in but auditing is not enabled.
* Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
being honored when the "targetpw" sudoers Defaults option was enabled.
* The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
* A crash has been fixed in "sudo -l" when sudo is built with auditing
support and the user is not allowed to run any commands on the host.
|
|
|
|
* only use the last 8 chars of the key -- it's the more common use, and
the wotsap urls only use them now
* convert optional "mykey" to uppercase before matching
* print correct date (misuse of non-local vars)
|
|
|
|
changes: bugfixes
|
|
run dir in VARBASE... Bump PKGREVISION to 3.
|
|
configuration file requires this directory to exist.
Bump PKGREVISION to 2.
|
|
|
|
PR#44333.
|
|
|
|
* On DragonFly, rmd160.h exists and required functions are defined there,
but not in any library, so ignore it.
* On DragonFly and FreeBSD, MD5 and MD4 functions are in libmd.
|
|
OS X and probably other machines. pkglint clean-up.
|
|
|
|
* need to include sys/socket.h, PR#44313.
* same signature as Linux and NetBSD for PAM related functions.
|
|
* not have libresolv, but required functions in libc.
* need to include <sys/socket.h> exactly in some place.
|
|
|
|
|
|
|
|
into pkgsrc/mail. Part of PR/32554
|
|
Part of PR/32554
|
|
Changes since 1.1:
** gsasl: Add --no-cb to disable use of TLS channel bindings.
** build: Use silent build rules via automake.
Use 'make V=99' to see the command lines used.
** Update gnulib files.
** gsasl: Support for TLS channel bindings.
Requires GnuTLS 2.11.4 or later for the gnutls_session_channel_binding
function. Used by the SCRAM-SHA-1-PLUS mechanism.
** doc: Mention new property GSASL_CB_TLS_UNIQUE and SCRAM-SHA-1-PLUS.
** tests: Added self-tests for SCRAM-SHA-1-PLUS.
** gsasl: Avoid fixed size buffers.
This caused problems on Windows where the BUFSIZ was too small for
some line lengths with GS2-KRB5.
** tests: Fix error strings to be more unique.
** doc: Added section on how to build with MIT Kerberos for Windows.
** doc: Added PDF version of API reference manual.
See doc/reference/gsasl.pdf.
** i18n: Updated translations.
Thanks to Benno Schulenberg.
** doc: Explain GS2-related changes.
** doc: GTK-DOC manual improved.
Now almost all symbols and types are explained.
** gsasl: Fix crash when getaddrinfo does not get a canonical name.
** gsasl: Improve error message when server rejects authentication.
** tests: Self checks are improved.
** gsasl: Improve application data throughput.
Patch from Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> in
<http://thread.gmane.org/gmane.comp.gnu.gsasl.general/256>.
** Improve MinGW builds.
** doc: Fix doc/cyclo/ output.
** tests/crypto: Also test newly added SHA-1 interfaces.
** tests/scram: Also test GSASL_SCRAM_SALTED_PASSWORD case.
This code path triggered a crash in v1.3.
** i18n: Added Finnish translation.
Thanks to Jorma Karvonen <karvonen.jorma@gmail.com>.
** Experimental support for SCRAM-SHA-1 added.
Please test it but don't put it into production use, the RFC have not
been finalized yet. For this reason, the mechanism priority list is
such that SCRAM-SHA-1 will never be selected over any other mechanism
(including PLAIN, CRAM-MD5, and DIGEST-MD5). When it has been tested
further, we'll make SCRAM-SHA-1 the preferred mechanism after GSSAPI.
** gsasl: Fix libintl-related build errors on MinGW.
Tiny patch from "carlo.bramix" <carlo.bramix@libero.it>.
** doc: Typo fixes to manual.
Based on report by Marco Maggi <marco.maggi-ipsu@poste.it> in
<http://thread.gmane.org/gmane.comp.gnu.gsasl.general/222>.
** tests: Rewrite basic self test using modern API.
** tests: New self-test 'crypto' to increase code coverage.
** gsasl: Fix out of bounds write when in IMAP/SMTP mode.
Reported by Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> in
<http://thread.gmane.org/gmane.comp.gnu.gsasl.general/230>.
** doc: Rewritten introduction material.
** doc: Improved sections for the info manual.
We now follow the advice given by the texinfo manual on which
directory categories to use. In particular, libgsasl moved from the
'GNU Libraries' section to the 'Software libraries' as GNU SASL, and
'Invoking gsasl' moved from 'GNU utilities' to 'Security'.
** examples: Removed unneeded 'ctx' parameter from client_authenticate.
** Building with many warning flags now requires --enable-gcc-warnings.
This avoids crying wolf for normal compiles.
** New configure parameters to set packaging specific information.
The parameters are --with-packager, --with-packager-version, and
--with-packager-bug-reports. See
<http://article.gmane.org/gmane.comp.lib.gnulib.bugs/17791> for more
details.
|
|
alternative from mk/jpeg.buildlink3.mk
This allows selection of an alternative jpeg library (namely the x86 MMX,
SSE, SSE2 accelerated libjpeg-turbo) via JPEG_DEFAULT=libjpeg-turbo, and
follows the current standard model for alternatives (fam, motif, fuse etc).
The mechanical edits were applied via the following script:
#!/bin/sh
for d in */*; do
[ -d "$d" ] || continue
for i in "$d/"Makefile* "$d/"*.mk; do
case "$i" in *.orig|*"*"*) continue;; esac
out="$d/x"
sed -e 's;graphics/jpeg/buildlink3\.mk;mk/jpeg.buildlink3.mk;g' \
-e 's;BUILDLINK_PREFIX\.jpeg;JPEGBASE;g' \
< "$i" > "$out"
if cmp -s "$i" "$out"; then
rm -f "$out"
else
echo "Edited $i"
mv -f "$i" "$i.orig" && mv "$out" "$i"
fi
done
done
|
|
|
