| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
on alpha as seen in pr pkg/28969. libnasl 2.2.2a needs nessus-libraries 2.2.2a
to compile properly.
|
|
NetBSD 1.5.4_ALPHA (missing __func__ definition).
|
|
|
|
|
|
Changes:
* Updated the ALTQ patch, now works correctly on NetBSD 2.0 release.
Thanks to Miles Nordin for helping and testing.
* Write struct "pcap_sf_pkthdr" instead of "pcap_pkthdr". Fixes
an LP64 specific problem with reading the pflog with tcpdump(8).
* Applied patch to pf.c from OPENBSD_3_6 branch:
ICMP state entries use the ICMP ID as port for the unique state key. When
checking for a usable key, construct the key in the same way. Otherwise,
a colliding key might be missed or a state insertion might be refused even
though it could be inserted. The second case triggers the endless loop
fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel.
Report and test data by Srebrenko Sehic.
* Applied patch to pf_lkm.c from NetBSD HEAD:
pfil4_wrapper: clear M_CANFASTFWD which is not compatible with pf.
* Applied patch to pf_ioctl.c from OPENBSD_3_6 branch:
replace finer-grained spl locking in pfioctl() with a single broad lock
around the entire body. this resolves the (misleading) panics in
pf_tag_packet() during heavy ioctl operations (like when using authpf)
that occur because softclock can interrupt ioctl on i386 since SMP.
* Applied patch to pf.c from OPENBSD_3_6 branch:
IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6
header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing
the header chain. In the case where headers are skipped, the protocol
checksum verification used the wrong length (included the skipped headers),
leading to incorrectly mismatching checksums. Such IPv6 packets with
headers were silently dropped. Reported by Bernhard Schmidt.
* Applied patch to pfctl_optimize.c from OPENBSD_3_6 branch:
&&/|| inversion would try to merge IP addresses with non-addresses into a
single table causing a ruleset load error and eventually a double-free.
* Applied patch to pf.c from OPENBSD_3_6 branch:
Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN,
prevents a possible endless loop in pf_get_sport() with 'static-port'
* Fix to if_events.diff from Miles Nordin <carton at Ivy dot NET>:
Call free after removing the element from the list, not before.
Fixes panic with "unaligned access" on Alpha.
|
|
changes:
-IPv6 support
-client added
-bugfixes
XXX dropbear wants to use /dev/random per default now which makes it
unusable on systems w/o entropy source. I've patched it back to
/dev/urandom. There might be security concerns.
|
|
when other source files depend on fd_set being defined in a local header.
(Required on Interix, which does not expose <sys/select.h>/<sys/time.h>
automagically via other system headers as some OS's do by default.)
|
|
because:
- its behaviour changes between releases
- it uses build-host specific instructions where possible,
specifically on >= Solaris 9 update 6 and Sun Studio 9 (sse, sse2)
this breaks using the binary pkg when installed on systems with a
less capable processor. instead, just use -xO5 so the binary pkg will
work everywhere.
|
|
|
|
to regenerate some documentation files, but the regen is unnecessary.
Fix the post-tools target that created a dummy perl -- it was failing
because ${TRUE} may not be an actual executable (it could be a shell
builtin) and thus symlinking to it may not work.
|
|
add USE_PERL5=build.
|
|
- Complete overhaul of the Framework payload collection
+ Win32 ordinal-stagers are now included (92-byte reverse connect)
+ A handful of new sparc payloads have been added (sol, linux, bsd)
+ Reliability problems have been resolved in bsd, linux, and win32
+ New udp-based linux shell stagers and shell payloads
+ New size-optimized Mac OS X encoders and payloads
- Includes the win32 version of the Meterpreter
+ Dynamically load new features over the network w/o disk access
+ In-memory dll injection of the basic meterpreter shell
+ Current extensions include Fs, Process, Net, and Sys
+ Extensive documentation is available online:
* http://metasploit.com/projects/Framework/docs/meterpreter.pdf
- Complete rewrite of the 'msfweb' user interface
+ Generate and encode stand-alone shellcode from the web interface
+ The interface is skinnable and includes three different themes
+ Streaming HTTP is used to provide a 100% web-based shell
+ Ability to set advanced options in the web interface
- Massive speed enhancements in msfconsole and msfweb
+ Snappier response and quicker load times on older systems
+ Optimizations made to various sort/search algorithms
+ Modules are no longer reloaded after each exploit
- New exploits
+ Microsoft WINS Service Memory Overwrite (MS04-045)
+ Samba trans2open() Buffer Overflow (Mac OS X)
+ 4D WebSTAR FTP Server Buffer Overflow (Mac OS X)
+ Veritas Name Service Registration Buffer Overflow
+ AOL Instant Messenger 'goaway' Buffer Overflow
+ IPSwitch IMail IMAPD 'delete' Buffer Overflow
+ Seattle Labs Mail Server POP3 Buffer Overflow
+ UoW IMAPD Buffer Overflow (sparc, ia32)
+ IRIX lpdsched Remote Command Execution
+ CDE dtspcd Buffer Overflow (Solaris)
+ IIS 4.0 ism.dll HTR Buffer Overflow
+ IIS w3who.dll ISAPI Buffer Overflow
|
|
- Use options.mk framework for python and rrdtool support
|
|
Added dependancy on libconv to fix breakage reported on NetBSD 1.6.2 alpha
|
|
* Portability fixes, memory allocation fixes and other minor things.
* Support to build as a W32 static library.
* Changed the way the RNG gets initialized. This allows to keep it
uninitialized as long as no random numbers are used. To override
this, the new macro gcry_fast_random_poll may be used. It is in
general a good idea to spread this macro into the application code
to make sure that these polls happen often enough.
|
|
- Add bl3 and openssl support
- Fix paths in man pages
- Install extra documentation
- Remove un-needed options from pkgsrc Makefile
Lots of changes/bugfixes from 1.6 including:
psk-crack.c: New program to crack Aggressive Mode Pre-Shared Keys
using dictionary attack. This uses the output from "ike-scan -P"
together with a dictionary.
|
|
in their tests for built-in versions of the PAM implementations. The
MacOS X case now collapses nicely into the linux-pam case. Allow
pam.buildlink3.mk to use solaris-pam as an accepted PAM implementation.
|
|
|
|
|
|
It includes the correct buildlink3.mk file from either Linux-PAM
(security/PAM) or OpenPAM (security/openpam) and eventually will
support solaris-pam. pam.buildlink3.mk will:
* set PAMBASE to the base directory of the PAM files;
* set PAM_TYPE to the PAM implementation used.
There are two variables that can be used to tweak the selection of
the PAM implementation:
PAM_DEFAULT is a user-settable variable whose value is the default
PAM implementation to use.
PAM_ACCEPTED is a package-settable list of PAM implementations
that may be used by the package.
Modify most packages that include PAM/buildlink3.mk to include
pam.buildlink3.mk instead.
|
|
|
|
package from "pam" to "linux-pam".
* Rewrite PAM/builtin.mk to check that we have Linux-PAM, and re-classify
MacOS X's PAM as Linux-PAM because it _is_, according to to Apple.
Also don't use BUILDLINK_TRANSFORM.* to rewrite header file paths
-- just use a symlink so that <security/*.h> can be used to find
<pam/*.h>.
|
|
associate it with a PKGNAME.
|
|
|
|
to do the right thing on NetBSD-2.0.
|
|
|
|
|
|
OpenPAM is an open source PAM library that focuses on simplicity,
correctness, and cleanliness.
OpenPAM aims to gather the best features of Solaris PAM, XSSO and
Linux-PAM, plus some innovations of its own. In areas where these
implementations disagree, OpenPAM tries to remain compatible with
Solaris, at the expense of XSSO conformance and Linux-PAM
compatibility.
These are some of OpenPAM's features:
- Implements the complete PAM API as described in the original PAM
paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
except for mappings and secondary authentication. Also
implements some extensions found in Solaris 9.
- Extends the API with several useful and time-saving functions.
- Performs strict checking of return values from service modules.
|
|
Spotted by latest NetBSD 1.6.2/i386 kristerw@'s bulk build.
|
|
openssl on sparc64 and amd64 in the previous commit.
|
|
fix the NetBSD/sparc64 config by adding -DMD32_REG_T=int to the flags.
Tested by martin (at) NetBSD.org. This should fix PR pkg/28858.
|
|
|
|
build with FreeBSD too). Patch stolen from FreeBSD/ports.
|
|
OpenPAM (NetBSD/FreeBSD), so use BUILDLINK_FILES to right directory.
|
|
so that the appropriate OpenSSL sources are built. Also, explicitly
mark the endianness of each supported NetBSD platform to avoid potential
endianness issues when doing the crypto arithmetic.
|
|
by HIRAMATSU Yoshifumi <hiramatu@boreas.dti.ne.jp>.
|
|
|
|
wrapper functions with the correct parameters for CRC-CCITT, CRC-16 and
CRC-32.
[tv: This differs from p5-String-CRC32 in that it is a generic Digest.pm
module plugin.]
|
|
* nessus-fetch would not build under Solaris
* the detached scans in Nessus 2.2.x were broken
* improved http-proxy support over SSL
|
|
|
|
|
|
The purpose of pgpenvelope is to allow easy use of GnuPG
to encrypt/sign/decrypt/verify messages using Pine's send-
ing/displaying filters.
Simply make the appropriate filter entries in one's Pine
configuration, and run Pine as normal. When sending mail,
choose the pgpenvelope_encrypt filter. Additionally, one
can use it as a procmail filter.
|
|
|
|
object-oriented method for interacting with GnuPG, being able to perform
functions such as but not limited to encrypting, signing, decryption,
verification, and key-listing parsing.
|
|
* An "stunnel3" perl script is installed. REPLACE_PERL and add to PLIST.
* Regenerate patches to lose fuzz.
* Format DESCR.
* Bump PKGREVISION.
|
|
|
|
Dirmngr is a server for managing and downloading certificate
revocation lists (CRLs) for X.509 certificates and for downloading the
certificates themselves. Dirmngr also handles OCSP requests as an
alternative to CRLs. Dirmngr is either invoked internaly by gpgsm
(from gnupg 1.9) or when running as a system daemon through the
dirmngr-client tool.
Whats new in this release
=========================
* New option --daemon to start dirmngr as a system daemon. This
switches to the use of different directories and also does
CRL signing certificate validation on its own.
* New tool dirmngr-client.
* New options: --ldap-wrapper-program, --http-wrapper-program,
--disable-ldap, --disable-http, --honor-http-proxy, --http-proxy,
--ldap-proxy, --only-ldap-proxy, --ignore-ldap-dp and
--ignore-http-dp.
* Uses an external ldap wrapper to cope with timeouts and general
LDAP problems.
* SIGHUP may be used to reread the configuration and to flush the
certificate cache.
* An authorithyKeyIdentifier in a CRL is now handled correctly.
|
|
0.24 2004/12/24
* More secure programming style.
* Adding GnuPG string-to-key.
* Adding a missing key flag.
|
|
|
|
Version 4.07, 2005.01.03, urgency: MEDIUM:
* Bugfixes
- Problem with infinite poll() timeout negative, but not equal to -1 fixed.
- Problem with a file descriptor ready to be read just after a non-blocking
connect call fixed.
- Compile error with EAI_NODATA not defined or equal to EAI_NONAME fixed.
- IP address and TCP port textual representation length (IPLEN) increased
to 128 bytes.
- OpenSSL engine support is only used if engine.h header file exists.
|
