Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
Describe -K. Improve -i description. Sort options in SYNOPSIS. Remove
superfluous .Pp. Add EXIT STATUS section. Remove trailing whitespace.
Bump date for new -i.
|
|
the improved ALLOW_VULNERABILITIES support. This now has the ability to:
-p : Only check a single package
-i : Provide a list of vulnerabilities to ignore
-K : Specify an alternate pkg dbdir.
Bump the version to 0.40.
|
|
|
|
already enforces a "secure" version of zlib via dependencies.
|
|
* Version 1.2.9 (2005-11-07)
- Documentation was updated and improved.
- RSA-MD2 is now supported for verifying digital signatures.
- Due to cryptographic advances, verifying untrusted X.509
certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
GNUTLS_CERT_INSECURE_ALGORITHM verification output. For
applications that must remain interoperable, you can use the
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5
flags when verifying certificates. Naturally, this is not
recommended default behaviour for applications. To enable the
broken algorithms, call gnutls_certificate_set_verify_flags with the
proper flag, to change the verification mode used by
gnutls_certificate_verify_peers2.
- Make it possible to send empty data through gnutls_record_send,
to align with the send(2) API.
- Some changes in the certificate receiving part of handshake to prevent
some possible errors with non-blocking servers.
- Added numeric version symbols to permit simple CPP-based feature
tests, suggested by Daniel Stenberg <daniel@haxx.se>.
- The (experimental) low-level crypto alternative to libgcrypt used
earlier (Nettle) has been replaced with crypto code from gnulib.
This leads to easier re-use of these components in other projects,
leading to more review and simpler maintenance. The new configure
parameter --with-builtin-crypto replace the old --with-nettle, and
must be used if you wish to enable this functionality. See README
under "Experimental" for more information. Internally, GnuTLS has
been updated to use the new "Generic Crypto" API in gl/gc.h. The
API is similar to the old crypto/gc.h, because the gnulib code were
based on GnuTLS's gc.h.
- Fix compiler warning in the "anonself" self test.
- API and ABI modifications:
gnutls_x509_crt_list_verify: Added 'const' to prototype in <gnutls/x509.h>.
This doesn't reflect a change in behaviour,
so we don't break backwards compatibility.
GNUTLS_MAC_MD2: New gnutls_mac_algorithm_t value.
GNUTLS_DIG_MD2: New gnutls_digest_algorithm_t value.
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: New gnutls_certificate_verify_flags values.
Use when calling
gnutls_x509_crt_list_verify,
gnutls_x509_crt_verify, or
gnutls_certificate_set_verify_flags.
GNUTLS_CERT_INSECURE_ALGORITHM: New gnutls_certificate_status_t value,
used when broken signature algorithms
is used (currently RSA-MD2/MD5).
LIBGNUTLS_VERSION_MAJOR,
LIBGNUTLS_VERSION_MINOR,
LIBGNUTLS_VERSION_PATCH,
LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS
version number, can be used for feature existence
tests.
|
|
- http://www.sudo.ws/sudo/alerts/perl_env.html
- Add "PERLLIB", "PERL5LIB" and the "PERL5OPT" to the list of
environment variables to be cleaned.
|
|
|
|
|
|
|
|
specified.
|
|
|
|
odd case where cyrus-sasl2 attempts to load /dev/null via shell "." command,
which won't work on Interix as /dev/null is not set as executable there.
|
|
check in configure using PTHREAD_LIBS / PTHREAD_LDFLAGS and use
them to link libgpgme_thread as well.
|
|
openssh-portable team (elide the extra cpp macro level).
|
|
specific cases.
|
|
|
|
instances of setgroups() that are not usable on that platform.
|
|
appropriate SUBST_* definitions.
|
|
|
|
|
|
Use traditional recv loop over a stream socket rather than depending on
MSG_WAITALL to be available. (Interix doesn't have MSG_WAITALL.)
|
|
|
|
|
|
|
|
by Ruby 1.8.3 updates.
|
|
ruby18-base packages.
|
|
ruby18-base package now.
|
|
(They merged into ruby18-base pacakge.)
|
|
PKGREVISION.
|
|
(The presence of this sync(2) call is somewhat suspect, given that the
call guarantees almost nothing in today's virtual memory implementations,
but it is left in for other OS's that do support it.)
|
|
|
|
|
|
|
|
|
|
|
|
${PREFIX}/share/examples/smtpd, the spool setup moved into a newly added
rc script. This also handles missing configurations files better, since
the old post-install would fail e.g. if no local time was configured.
Bump revision.
|
|
the necessary headers.
XXX Ask upstream, why this isn't a #if / #elif list
Reported-by: walt <wa1ter AT myrealbox DOT com> on tech-pkg
|
|
* keychain 2.6.1 (10 Oct 2005)
10 Oct 2005; Aron Griffis <agriffis@gentoo.org>:
Change "unset evalopt" to "evalopt=false" and run through *all* the regression
tests instead of just the new ones. *sigh*
* keychain 2.6.0 (10 Oct 2005)
10 Oct 2005; Aron Griffis <agriffis@gentoo.org>:
Add the --eval option which makes keychain startup easier. See the man-page
for examples. Get rid of the release notes from README, so now this file is
where changes are tracked.
|
|
Changes since version 2.0.6:
Version 2.0.9 -- This is a bug fix release
What's new:
* support for Cisco FWSM.
* Print comments on objects.
* Add "commit" menu item.
* Spanish translation has been added.
Bugs fixed in the GUI:
* bug #1254775: "RCS checkin fails on Windows when data file is too
big".
* bug #1226069: "Segfault: Drag&Drop between two instances".
* bugs #1233165: "Illegal Logging-Limit string" and #1287755: "i18n is
breaking iptables script".
* bug #1240205: "Iilegal --log-level Information".
* bug #1277129: "script is truncated when installed by the GUI running
on Mac".
Bugs fixed in policy compiler for PF:
* bug #1276083: "Destination NAT rules". Old restriction on "rdr" rules.
Version 2.0.8 -- This is a bug fix release
What's new:
* Improvements in the GUI:
* Included updated German translation by Hans Peter Dittler.
* Print RCS Log".
* Code changes to make the code compile and work on Solaris.
* Improvements in policy compilers for pf, ipf, ipfw:
* implemented support for subnets for backup ssh access for
pf,ipf,ipfw.
* Improvements in compiler for ipfw:
* using rule sets to atomically swap old and new rules.
* added "established" rule on top of the regular backup ssh access rule.
Bugs fixed in the Standard Objects library:
* bug #210518: 'Incorrect ending day in the standard object "weekends"'.
Bugs fixed in scripts and tools:
* bug #1200902: "fwb_compile_all does not work in 2.0".
Bugs fixed in GUI:
* bug #1072842: "fwbuilder: Solaris and forkpty".
* bug #1201406: "shutdown messages should be suppressed".
* bug #1204067: "incorrect timezone handling in RCS".
* bug #1207983: "incorrect size of "I" and "L" buttons in the group view
dialog".
* bug #1212121: "sudo shutdown doesn't work".
* bug #1212123: "executing file below /tmp as root".
* bug #1212179: "tool tips for TCP services cuts off some services".
* bug #1213361: "PF on FreeBSD-5.4R".
Bugs fixed in policy compiler for iptables:
* bug #191423: "Weekend Time restriction not created correctly".
* bug #1205665: "Error with summer time when compiling script".
* bug #1215279: "rate limiting rule logs everything".
Bugs fixed in policy compiler for ipfw:
* bug #1155351: "Remote install of FW rulset fails due to race
condition".
Version 2.0.7 -- This is a bug fix release
What's new:
* Improvements in the GUI:
* "Close" button should change is caption/title to "Install".
* "Search for IP Addresses".
* Support for SNMP operations has been added in Windows packages of
Firewall Builder.
* Improvements in built-in installer:
User can specify additional command line parameters for ssh that
built-in installer runs to access firewall.
* Improvements in compiler for ipfilter fwb_ipf:
Added support for dynamic addresses in ipfilter.
* Improvements in compiler for iptables fwb_ipt:
Generated iptables script sets default policies to DROP in all ipv6
filter chains.
Bugs fixed in GUI:
* bug #1151052: "Not external interfaces marked as external".
* bug #1151212: "Collapsed sub-objects shouldn't be added if they are
hidden".
* bug #1151243: "Maintain format of description text".
* bug #1155163: "print does not print group contents".
* bug #1172620: "Add tcp service object for icslap".
* bug #1184791: "can not copy/paste multiple objects into a group".
Bugs fixed in API:
* bug #1158870: "mutexes are not properly created on FreeBSD".
* bug #1151219: "New Host creation window is not well dimensioned".
* bug #1157976: "patches to make fwbuilder compile under NetBSD 1.6".
* bug #1173801: '"&" character in prolog/epilog'.
Bugs fixed in policy compiler for iptables fwb_ipt:
* bug #1123748: "busybox grep -E".
* bug #1160186: 'IPTables Compiler - Multiport Issue'.
* bug #1176890: "block IPv6".
* bug #1176890: "block IPv6".
* bug #1179103: 'compiled rules can not be installed'.
* bug #1181359: "Missing traling space in "INVALID state" syslog message".
* bug #1195201: "getaddr function return error ip address".
Bugs fixed in policy compiler for pf fwb_ipf:
* bug #1173067: "support for port ranges in NAT rules (ipfilter)".
* bug #1173064: "support for dynamic interfaces in ipfilter".
Bugs fixed in policy compiler for pf fwb_pf:
* bug #1176051: "incorrect rule generated for TCP service ftp-data".
|
|
in a publicly-exported structure was renamed from "private" to
"opt_private". This allows <krb5.h> to be used by C++ compilers.
Bump the PKGREVISION to 1.
|
|
for the "db4" option and just rely on the appropriate BDB_* settings
via bdb.buildlink3.mk. Also, we tweak the builtin.mk file so use
krb5-config, if it's available, to check the version of the built-in
heimdal. Patches patch-ab, patch-ae and patch-af have been sent back
upstream and will be incorporated into future Heimdal releases.
Changes between version 0.6.5 and version 0.7.1 include:
* Support for KCM, a process based credential cache
* Support CCAPI credential cache
* SPNEGO support
* AES (and the gssapi conterpart, CFX) support
* Adding new and improve old documentation
* Bug fixes
|
|
the environment before letting the user execute bash scripts.
Bump PKGREVISION.
From Debian.
|
|
changes:
* Fixed crasher in seahorse-agent when used with GPG 1.4.2
* Now works with gedit 2.12 [Mike Gardiner]
* Many crasher and smaller fixes.
|
|
changes:
-added sha256 module
-Add PublicKey to Crypto.__all_
-bugfixes
|
|
header, which is expected by heimdal. Now the package builds on Solaris 9.
|
|
|
|
|
|
|