summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2005-11-16regen.wiz1-45/+67
2005-11-16Improve usage. Add -K description.wiz1-4/+5
2005-11-16Various improvements:wiz1-25/+21
Describe -K. Improve -i description. Sort options in SYNOPSIS. Remove superfluous .Pp. Add EXIT STATUS section. Remove trailing whitespace. Bump date for new -i.
2005-11-16Add several new command line options so audit-packages can be used as part oferh3-19/+135
the improved ALLOW_VULNERABILITIES support. This now has the ability to: -p : Only check a single package -i : Provide a list of vulnerabilities to ignore -K : Specify an alternate pkg dbdir. Bump the version to 0.40.
2005-11-15Added an empty line at line 2.rillig1-1/+2
2005-11-14stop openssh from complaining about zlib version numbers, as pkgsrcgrant1-1/+5
already enforces a "secure" version of zlib via dependencies.
2005-11-14Update to 1.2.9:wiz2-6/+6
* Version 1.2.9 (2005-11-07) - Documentation was updated and improved. - RSA-MD2 is now supported for verifying digital signatures. - Due to cryptographic advances, verifying untrusted X.509 certificates signed with RSA-MD2 or RSA-MD5 will now fail with a GNUTLS_CERT_INSECURE_ALGORITHM verification output. For applications that must remain interoperable, you can use the GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 flags when verifying certificates. Naturally, this is not recommended default behaviour for applications. To enable the broken algorithms, call gnutls_certificate_set_verify_flags with the proper flag, to change the verification mode used by gnutls_certificate_verify_peers2. - Make it possible to send empty data through gnutls_record_send, to align with the send(2) API. - Some changes in the certificate receiving part of handshake to prevent some possible errors with non-blocking servers. - Added numeric version symbols to permit simple CPP-based feature tests, suggested by Daniel Stenberg <daniel@haxx.se>. - The (experimental) low-level crypto alternative to libgcrypt used earlier (Nettle) has been replaced with crypto code from gnulib. This leads to easier re-use of these components in other projects, leading to more review and simpler maintenance. The new configure parameter --with-builtin-crypto replace the old --with-nettle, and must be used if you wish to enable this functionality. See README under "Experimental" for more information. Internally, GnuTLS has been updated to use the new "Generic Crypto" API in gl/gc.h. The API is similar to the old crypto/gc.h, because the gnulib code were based on GnuTLS's gc.h. - Fix compiler warning in the "anonself" self test. - API and ABI modifications: gnutls_x509_crt_list_verify: Added 'const' to prototype in <gnutls/x509.h>. This doesn't reflect a change in behaviour, so we don't break backwards compatibility. GNUTLS_MAC_MD2: New gnutls_mac_algorithm_t value. GNUTLS_DIG_MD2: New gnutls_digest_algorithm_t value. GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: New gnutls_certificate_verify_flags values. Use when calling gnutls_x509_crt_list_verify, gnutls_x509_crt_verify, or gnutls_certificate_set_verify_flags. GNUTLS_CERT_INSECURE_ALGORITHM: New gnutls_certificate_status_t value, used when broken signature algorithms is used (currently RSA-MD2/MD5). LIBGNUTLS_VERSION_MAJOR, LIBGNUTLS_VERSION_MINOR, LIBGNUTLS_VERSION_PATCH, LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS version number, can be used for feature existence tests.
2005-11-12Update sudo to nb2 to address the recent secuity issue:adrianp3-6/+16
- http://www.sudo.ws/sudo/alerts/perl_env.html - Add "PERLLIB", "PERL5LIB" and the "PERL5OPT" to the list of environment variables to be cleaned.
2005-11-08Include devel/sysexits bl3.tv1-1/+2
2005-11-07Skip two more setgroups(3) instances on Interix; openssh now builds again.tv2-9/+23
2005-11-07Fix typo in Interix-specific bit.tv2-4/+4
2005-11-07Only install the authldap.schema file if the "ldap" package option isjlam2-3/+3
specified.
2005-11-07Revive hpn-patch distfile.taca1-1/+4
2005-11-04Use LTCONFIG_OVERRIDE. Besides making "configure" faster, this avoids antv1-1/+2
odd case where cyrus-sasl2 attempts to load /dev/null via shell "." command, which won't work on Interix as /dev/null is not set as executable there.
2005-11-04Don't depend on -lpthread as name of the thread library,joerg3-5/+34
check in configure using PTHREAD_LIBS / PTHREAD_LDFLAGS and use them to link libgpgme_thread as well.
2005-11-04Change the __dead patches into the form I'm submitting back to thetv3-14/+14
openssh-portable team (elide the extra cpp macro level).
2005-11-04SETGROUPS_NOOP disappeared, so we're relying only on HAVE_INTERIX in thosetv3-39/+40
specific cases.
2005-11-04regentv1-5/+3
2005-11-04Add more Interix fixes: Need prototype for strtoll(), and two moretv2-6/+44
instances of setgroups() that are not usable on that platform.
2005-11-04Fixed wrong use of WRKSRC. Converted explicit ${SED} substitution torillig3-14/+11
appropriate SUBST_* definitions.
2005-11-03Fixed wrong usage of WRKSRC.rillig3-15/+14
2005-11-03Forgot distinfo in previous commit.tv1-1/+2
2005-11-03osfinger.c forgot to include <arpa/inet.h> for htons().tv2-1/+30
Use traditional recv loop over a stream socket rather than depending on MSG_WAITALL to be available. (Interix doesn't have MSG_WAITALL.)
2005-11-03Using MASTER_SITE_GNUSTEP instead of hard-coded URL.rillig1-2/+2
2005-11-03Delete removed ruby related pacakge's entries.taca1-3/+1
2005-11-03Remove packages which is part of Ruby 1.6.8.taca9-124/+0
2005-11-02Bump PKGREVISION of packages including ruby extention librarytaca1-2/+2
by Ruby 1.8.3 updates.
2005-11-02Disable packages used with ruby16-base only or bundled withtaca1-3/+3
ruby18-base packages.
2005-11-02Remove ruby-digest and ruby-openssl package since they are merged intotaca13-221/+0
ruby18-base package now.
2005-11-02Delete ruby-zlib, ruby-digest and ruby-openssl entries.taca1-3/+1
(They merged into ruby18-base pacakge.)
2005-11-01Fixed spelling: SOURCEFORCE => SOURCEFORGE. Removed empty definition forrillig1-3/+2
PKGREVISION.
2005-11-01Fix build on Interix.tv2-1/+16
(The presence of this sync(2) call is somewhat suspect, given that the call guarantees almost nothing in today's virtual memory implementations, but it is left in for other OS's that do support it.)
2005-11-01Fix build on Interix, which doesn't have S_IFWHT.tv2-1/+22
2005-10-31Use OWN_DIRS to make sure the PKGVULNDIR is created as part of the package.erh1-1/+2
2005-10-31Fix build on Interix; it seems % has special meaning in Configure now.tv2-4/+4
2005-10-30This needs msgfmt plurals, according to a recent bulk build.jmmv1-1/+2
2005-10-29Fix for darwin, reusing Dragonfly fix by joergtonio2-4/+4
2005-10-29Kill the post-install script. The example files are installed underjoerg4-18/+49
${PREFIX}/share/examples/smtpd, the spool setup moved into a newly added rc script. This also handles missing configurations files better, since the old post-install would fail e.g. if no local time was configured. Bump revision.
2005-10-29Fix Heimdal's LOCAL_PEERCRED on DragonFly by includingjoerg2-1/+16
the necessary headers. XXX Ask upstream, why this isn't a #if / #elif list Reported-by: walt <wa1ter AT myrealbox DOT com> on tech-pkg
2005-10-28Updated keychain to 2.6.1martti2-6/+6
* keychain 2.6.1 (10 Oct 2005) 10 Oct 2005; Aron Griffis <agriffis@gentoo.org>: Change "unset evalopt" to "evalopt=false" and run through *all* the regression tests instead of just the new ones. *sigh* * keychain 2.6.0 (10 Oct 2005) 10 Oct 2005; Aron Griffis <agriffis@gentoo.org>: Add the --eval option which makes keychain startup easier. See the man-page for examples. Get rid of the release notes from README, so now this file is where changes are tracked.
2005-10-27Upgrade fwbuilder and libfwbuilder to version 2.0.9.bad12-81/+63
Changes since version 2.0.6: Version 2.0.9 -- This is a bug fix release What's new: * support for Cisco FWSM. * Print comments on objects. * Add "commit" menu item. * Spanish translation has been added. Bugs fixed in the GUI: * bug #1254775: "RCS checkin fails on Windows when data file is too big". * bug #1226069: "Segfault: Drag&Drop between two instances". * bugs #1233165: "Illegal Logging-Limit string" and #1287755: "i18n is breaking iptables script". * bug #1240205: "Iilegal --log-level Information". * bug #1277129: "script is truncated when installed by the GUI running on Mac". Bugs fixed in policy compiler for PF: * bug #1276083: "Destination NAT rules". Old restriction on "rdr" rules. Version 2.0.8 -- This is a bug fix release What's new: * Improvements in the GUI: * Included updated German translation by Hans Peter Dittler. * Print RCS Log". * Code changes to make the code compile and work on Solaris. * Improvements in policy compilers for pf, ipf, ipfw: * implemented support for subnets for backup ssh access for pf,ipf,ipfw. * Improvements in compiler for ipfw: * using rule sets to atomically swap old and new rules. * added "established" rule on top of the regular backup ssh access rule. Bugs fixed in the Standard Objects library: * bug #210518: 'Incorrect ending day in the standard object "weekends"'. Bugs fixed in scripts and tools: * bug #1200902: "fwb_compile_all does not work in 2.0". Bugs fixed in GUI: * bug #1072842: "fwbuilder: Solaris and forkpty". * bug #1201406: "shutdown messages should be suppressed". * bug #1204067: "incorrect timezone handling in RCS". * bug #1207983: "incorrect size of "I" and "L" buttons in the group view dialog". * bug #1212121: "sudo shutdown doesn't work". * bug #1212123: "executing file below /tmp as root". * bug #1212179: "tool tips for TCP services cuts off some services". * bug #1213361: "PF on FreeBSD-5.4R". Bugs fixed in policy compiler for iptables: * bug #191423: "Weekend Time restriction not created correctly". * bug #1205665: "Error with summer time when compiling script". * bug #1215279: "rate limiting rule logs everything". Bugs fixed in policy compiler for ipfw: * bug #1155351: "Remote install of FW rulset fails due to race condition". Version 2.0.7 -- This is a bug fix release What's new: * Improvements in the GUI: * "Close" button should change is caption/title to "Install". * "Search for IP Addresses". * Support for SNMP operations has been added in Windows packages of Firewall Builder. * Improvements in built-in installer: User can specify additional command line parameters for ssh that built-in installer runs to access firewall. * Improvements in compiler for ipfilter fwb_ipf: Added support for dynamic addresses in ipfilter. * Improvements in compiler for iptables fwb_ipt: Generated iptables script sets default policies to DROP in all ipv6 filter chains. Bugs fixed in GUI: * bug #1151052: "Not external interfaces marked as external". * bug #1151212: "Collapsed sub-objects shouldn't be added if they are hidden". * bug #1151243: "Maintain format of description text". * bug #1155163: "print does not print group contents". * bug #1172620: "Add tcp service object for icslap". * bug #1184791: "can not copy/paste multiple objects into a group". Bugs fixed in API: * bug #1158870: "mutexes are not properly created on FreeBSD". * bug #1151219: "New Host creation window is not well dimensioned". * bug #1157976: "patches to make fwbuilder compile under NetBSD 1.6". * bug #1173801: '"&" character in prolog/epilog'. Bugs fixed in policy compiler for iptables fwb_ipt: * bug #1123748: "busybox grep -E". * bug #1160186: 'IPTables Compiler - Multiport Issue'. * bug #1176890: "block IPv6". * bug #1176890: "block IPv6". * bug #1179103: 'compiled rules can not be installed'. * bug #1181359: "Missing traling space in "INVALID state" syslog message". * bug #1195201: "getaddr function return error ip address". Bugs fixed in policy compiler for pf fwb_ipf: * bug #1173067: "support for port ranges in NAT rules (ipfilter)". * bug #1173064: "support for dynamic interfaces in ipfilter". Bugs fixed in policy compiler for pf fwb_pf: * bug #1176051: "incorrect rule generated for TCP service ftp-data".
2005-10-26Pull in change from Heimdal CVS committed on 20051012 where the fieldjlam6-2/+231
in a publicly-exported structure was renamed from "private" to "opt_private". This allows <krb5.h> to be used by C++ compilers. Bump the PKGREVISION to 1.
2005-10-26Update security/heimdal to 0.7.1 (approved by lha). We drop supportjlam15-149/+477
for the "db4" option and just rely on the appropriate BDB_* settings via bdb.buildlink3.mk. Also, we tweak the builtin.mk file so use krb5-config, if it's available, to check the version of the built-in heimdal. Patches patch-ab, patch-ae and patch-af have been sent back upstream and will be incorporated into future Heimdal releases. Changes between version 0.6.5 and version 0.7.1 include: * Support for KCM, a process based credential cache * Support CCAPI credential cache * SPNEGO support * AES (and the gssapi conterpart, CFX) support * Adding new and improve old documentation * Bug fixes
2005-10-25Add a patch for CVE-2005-2959: SHELLOPTS and PS4 have to be cleared fromcube3-2/+17
the environment before letting the user execute bash scripts. Bump PKGREVISION. From Debian.
2005-10-25update to 0.8drochner3-8/+9
changes: * Fixed crasher in seahorse-agent when used with GPG 1.4.2 * Now works with gedit 2.12 [Mike Gardiner] * Many crasher and smaller fixes.
2005-10-25update to 2.0.1drochner3-9/+9
changes: -added sha256 module -Add PublicKey to Crypto.__all_ -bugfixes
2005-10-25Solaris 9 has a <vis.h> header, but it is very different to the BSD <vis.h>rillig1-1/+6
header, which is expected by heimdal. Now the package builds on Solaris 9.
2005-10-23Use "+=" instead of "=" for PLIST_SUBST.rillig1-2/+2
2005-10-23Replaced $f with ${f} to fix some pkglint warnings.rillig1-3/+2
2005-10-23Added RCS Id to line 1.rillig1-1/+1
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-15 00:34:16 +0000