| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
openssl: security patch
Revisions pulled up:
- security/openssl/Makefile 1.140
- security/openssl/distinfo 1.68
- security/openssl/patches/patch-ax 1.1
- security/openssl/patches/patch-ay 1.1
- security/openssl/patches/patch-az 1.1
- security/openssl/patches/patch-ba 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Wed Jun 10 13:57:08 UTC 2009
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Added Files:
pkgsrc/security/openssl/patches: patch-ax patch-ay patch-az patch-ba
Log Message:
Patches for CVE-2009-1377, CVE-2009-1378 & CVE-2009-1379 from
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.9&v2=1.4.2.10
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_both.c&v1=1.4.2.13&v2=1.4.2.15
http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.c&v1=1.2.2.4&v2=1.2.2.5
http://cvs.openssl.org/filediff?f=openssl/crypto/pqueue/pqueue.h&v1=1.2.2.1&v2=1.2.2.2
http://cvs.openssl.org/filediff?f=openssl/ssl/d1_pkt.c&v1=1.4.2.17&v2=1.4.2.18
|
|
base: security update
Revisions pulled up:
- security/base/Makefile 1.24
- security/base/PLIST 1.9
- security/base/distinfo 1.11
- security/base/patches/patch-aa 1.3
---
Module Name: pkgsrc
Committed By: adrianp
Date: Sat Jun 6 11:26:19 UTC 2009
Modified Files:
pkgsrc/security/base: Makefile PLIST distinfo
pkgsrc/security/base/patches: patch-aa
Log Message:
4/03/2009 1.4.2 (chandy)
- EmThreats_link opens now in separate browser window -- Juergen Leising
for Micah Gersten
- A new reference "[rule]" points now to base_local_rules.php,
which displays a particular rule for a given rules id (sid).
Prerequisite for this is that "local_rules_dir" in base_conf.php
points to an actually existing and readable/searchable directory which
contains the snort rules. Please note, that a web server
is usually NOT allowed to access any files outside of its
document root. Feature request by Chris Ryan, cf.
https://sourceforge.net/forum/message.php?msg_id=5310420
https://sourceforge.net/forum/message.php?msg_id=5311517
-- Juergen Leising
- Update of base.spec; works with fedora 10 -- Juergen Leising
- I have applied two patches submitted by asavenkov
with regard to the oci8 driver (oracle 10), cf.
https://sourceforge.net/forum/message.php?msg_id=5795641
https://sourceforge.net/forum/message.php?msg_id=5796556
-- Juergen Leising
- The "email-the-alerts"-variables were defined twice at different
locations in base_conf.php. Fixed this. -- Juergen Leising
- Emails from BASE containing one or more alerts include now a
"To:"-header, as well. Bug report no. 2234733 -- Juergen Leising
- $sort_order, once it has been chosen, survives now a possible "action",
even in base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
base_stat_class.php and base_stat_sensor.php.
Bug no. 2234745. -- Juergen Leising
- The refresh-problem, when an "action" has been taken, is now fixed in
base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
base_stat_class.php and base_stat_sensor.php, as well.
Bug no. 1681012. -- Juergen Leising
- I have corrected the way ICMP redirect messages are displayed
by BASE, inspired by Bruno G. San Alejo. -- Juergen Leising
- Several preprocessor events that did not get stored in the acid_event
table, so far, are now processed and displayed by BASE. This affects
all those preprocessors which have sig names that do NOT start with
a "spp_" prefix. -- Juergen Leising
- Fixed bug with archiving IP options. -- Juergen Leising
5/14/09 1.4.3 (gabi)
- XSS Flaws fixed in alert groups -- Kevin Johnson
- Possible SQL injection flaw fixed in AG -- Kevin Johnson
- XSS Flaws fixed in base_qry files -- Kevin Johnson
- Multiple XSS flaws fixed in citems -- Kevin Johnson
5/30/09 1.4.3.1 (zig)
- Multiple XSS flaws fixed in User and Role management -- Kevin Johnson
|
|
security/cy2-anonymous: security update
security/cy2-crammd5: security update
security/cy2-digestmd5: security update
security/cy2-gssapi: security update
security/cy2-ldapdb: security update
security/cy2-login: security update
security/cy2-ntlm: security update
security/cy2-otp: security update
security/cy2-plain: security update
security/cy2-sql: security update
security/cyrus-sasl: security update
security/cyrus-saslauthd: security update
Revisions pulled up:
- security/cy2-digestmd5/Makefile 1.12
- security/cy2-gssapi/Makefile 1.14
- security/cy2-ldapdb/Makefile 1.4
- security/cy2-ntlm/Makefile 1.20
- security/cy2-otp/Makefile 1.12
- security/cyrus-sasl/Makefile.common 1.14
- security/cyrus-sasl/distinfo 1.18
- security/cyrus-sasl/patches/patch-ai 1.8
- security/cyrus-sasl/patches/patch-al 1.6
- security/cyrus-sasl/patches/patch-aq 1.6
- security/cyrus-saslauthd/Makefile 1.38
- security/cyrus-saslauthd/distinfo 1.10
- security/cyrus-saslauthd/patches/patch-ab 1.7
- security/cyrus-saslauthd/patches/patch-af 1.3
---
Module Name: pkgsrc
Committed By: obache
Date: Thu May 14 23:00:47 UTC 2009
Modified Files:
pkgsrc/security/cy2-digestmd5: Makefile
pkgsrc/security/cy2-gssapi: Makefile
pkgsrc/security/cy2-ldapdb: Makefile
pkgsrc/security/cy2-ntlm: Makefile
pkgsrc/security/cy2-otp: Makefile
pkgsrc/security/cyrus-sasl: Makefile.common distinfo
pkgsrc/security/cyrus-sasl/patches: patch-ai patch-al patch-aq
pkgsrc/security/cyrus-saslauthd: Makefile distinfo
pkgsrc/security/cyrus-saslauthd/patches: patch-ab patch-af
Log Message:
Update cyrus-sasl to 2.1.23.
New in 2.1.23
-------------
* Fixed CERT VU#238019 (make sure sasl_encode64() always NUL
terminates output or returns SASL_BUFOVER)
|
|
opensc: security update
Revisions pulled up:
- security/opensc/Makefile.common 1.3
- security/opensc/distinfo 1.3
---
Module Name: pkgsrc
Committed By: hasso
Date: Fri May 8 07:02:37 UTC 2009
Modified Files:
pkgsrc/security/opensc: Makefile.common distinfo
Log Message:
Update to 0.11.8. Fixes a security problem, for details see:
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
New in 0.11.8; 2009-05-07;
* Fix security problem in pkcs11-tool gen_keypair (PublicExponent 1)
* fix compiling without openssl.
* updated and improve entersafe driver. FTCOS/PK-01C cards are supported
now, compatible with cards writen by Feitian's software on windows.
|
|
Security fix
Revisions pulled up:
- pkgsrc/security/gnutls/Makefile 1.80
- pkgsrc/security/gnutls/distinfo 1.54
Module Name: pkgsrc
Committed By: wiz
Date: Mon Apr 20 13:11:57 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to 2.6.5. Update commented out LICENSE (needs two).
* Version 2.6.5 (released 2009-04-11)
** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to
specify the client hello message record version. Used to overcome buggy
TLS servers. Report by Martin von Gagern.
** GnuTLS no longer uses the libtasn1-config script to find libtasn1.
Libtasn1 0.3.4 or later is required. This is to align with the
upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script.
** API and ABI modifications:
No changes since last version.
To generate a diff of this commit:
cvs rdiff -u -r1.77 -r1.78 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.52 -r1.53 pkgsrc/security/gnutls/distinfo
Module Name: pkgsrc
Committed By: zafer
Date: Fri May 1 13:49:07 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile
Log Message:
replace non working mirrors with working ones.
To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.79 pkgsrc/security/gnutls/Makefile
Module Name: pkgsrc
Committed By: tnn
Date: Sat May 2 20:04:33 UTC 2009
Modified Files:
pkgsrc/security/gnutls: Makefile distinfo
Log Message:
Update to gnutls-2.6.6.
* Version 2.6.6 (released 2009-04-30)
libgnutls: Corrected double free on signature verification failure.
Reported by Miroslav Kratochvil. See the advisory
for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415]
libgnutls: Fix DSA key generation.
Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All
DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory
for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416]
To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.80 pkgsrc/security/gnutls/Makefile
cvs rdiff -u -r1.53 -r1.54 pkgsrc/security/gnutls/distinfo
|
|
mit-krb5: security patch
Revisions pulled up:
- security/mit-krb5/Makefile 1.45
- security/mit-krb5/distinfo 1.22
- security/mit-krb5/patches/patch-bn 1.1
- security/mit-krb5/patches/patch-bo 1.1
- security/mit-krb5/patches/patch-bp 1.1
---
Module Name: pkgsrc
Committed By: tez
Date: Tue Apr 21 18:58:18 UTC 2009
Modified Files:
pkgsrc/security/mit-krb5: Makefile distinfo
Added Files:
pkgsrc/security/mit-krb5/patches: patch-bn patch-bo patch-bp
Log Message:
Add patches for CVE-2009-0846 & CVE-2009-0847
approved by agc
|
|
openssl: build fix
Revisions pulled up:
- security/openssl/distinfo 1.67
- security/openssl/patches/patch-ac 1.35
---
Module Name: pkgsrc
Committed By: tnn
Date: Thu Apr 16 09:50:37 UTC 2009
Modified Files:
pkgsrc/security/openssl: distinfo
pkgsrc/security/openssl/patches: patch-ac
Log Message:
NetBSD/sparc64 build fix. Reported and fix tested by Michael C.
Vergallen.
|
|
Changes between 0.9.8j and 0.9.8k [25 Mar 2009]
*) Don't set val to NULL when freeing up structures, it is freed up by
underlying code. If sizeof(void *) > sizeof(long) this can result in
zeroing past the valid field. (CVE-2009-0789)
*) Fix bug where return value of CMS_SignerInfo_verify_content() was not
checked correctly. This would allow some invalid signed attributes to
appear to verify correctly. (CVE-2009-0591)
*) Reject UniversalString and BMPString types with invalid lengths. This
prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
a legal length. (CVE-2009-0590)
*) Set S/MIME signing as the default purpose rather than setting it
unconditionally. This allows applications to override it at the store
level.
*) Permit restricted recursion of ASN1 strings. This is needed in practice
to handle some structures.
*) Improve efficiency of mem_gets: don't search whole buffer each time
for a '\n'
*) New -hex option for openssl rand.
*) Print out UTF8String and NumericString when parsing ASN1.
*) Support NumericString type for name components.
*) Allow CC in the environment to override the automatically chosen
compiler. Note that nothing is done to ensure flags work with the
chosen compiler.
|
|
mk/dlopen.buildlink3.mk until very late in the proceedings. Fixes build on
Linux. No PKGREVISION bump required, no functional change on platforms where
the build completed.
Addresses PR pkg/41080.
Ok'd by wiz@
|
|
in Darwin and also register the installed header file.
|
|
infrastructure supports this properly (thanks joerg!).
|
|
|
|
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
|
|
files, not over and over again.
|
|
|
|
|
|
|
|
|
|
seahorse-plugins 2.26.0
-----------------------
(no changes)
seahorse-plugins 2.25.92
------------------------
* Connect the uninit function to gtk_quit signal [Adam Schreiber]
* Only use 16 characters when generating a key identifier for notifications. [Stef Walter]
* Fix reference counting to close windows properly [Adam Schreiber]
* Fix exiting of gedit plugin [Paolo Borelli and Jesse van den Kieboom]
* Don't print replacement text to stderr. [Adam Schreiber]
* Remove deprecated GTK+ symbols [Adam Schreiber]
* Removed unused screenshots [Adam Schreiber]
* Update epiphany version checking automagic [Christian Persch]
Translations
* it.po [Milo Casagrande]
* pl.po [Tomasz Dominikowski]
* vi.po [Clytie Siddall]
* zh_HK.po [Chao-Hsiung Liao]
* zh_TW.po [Chao-Hsiung Liao]
seahorse-plugins 2.25.90
------------------------
* Don't prompt for signer if only one private key [Adam Schreiber]
* Bring name of preferences window into alignment with desktop file and
documentation [Adam Schreiber]
* Finish removing libgnome calls [Adam Schreiber]
* Fix display of error meassages [Adam Schreiber]
Translations
* ko.po: [Changwoo Ryu]
* bn_IN.po: [Runa Bhattacharjee]
seahorse-plugins 2.25.3
-----------------------
* remove calls that pull in libgnomeui [Adam Schreiber]
* HIG Fixes [Christian Persch]
* Make epiphany plugin work again [Adam Schreiber]
seahorse-plugins 2.25.1
-----------------------
* remove last of gnome-vfs. [Stef Walters]
|
|
|
|
Changelog in the source tarball for full commit log.
|
|
* Card/Card.pm: type: prefered -> preferred
* Card/Card.pm: update copyright date
* Card/Card.pm: typo: prefered -> preferred
* Card/Card.pod: typos
* README: release 1.4.7
* MANIFEST: remove removed files (merged)
* Makefile_OSX.PL, Makefile_win.PL: merged in Makefile.PL
* README, README.OSX, README.Unix, README.Windows: merge all README.* in README
* Makefile.PL: merge Makefile_win.PL and Makefile_OSX.PL
* PCSC.pod: typos
* PCSC.pod: typo
* PCSC.pm: version 0.05
* PCSC.pod, PCSCperl.h: update copyright date
* PCSCperl.h: reorder the .h inclusion to have a default for Unix system
|
|
1.3.10:
- add support for MSI StarReader SMART, Noname reader (from
Omnikey), Xiring Xi Sign PKI, Realtek 43 in 1 + Sim + Smart Card
Reader, Atmel AT98SC032CT, Aktiv Rutoken Magistra, TianYu CCID
SmartKey, Precise Biometrics 200 MC and 250 MC
- add a patch to support the bogus OpenPGP card (on board key
generation sometimes timed out)
- disable support of the contactless part of SDI010 and SCR331DI
(this code was reverse engineered and hard to maintain)
- some minor bugs removed
1.3.9:
- add support for Aladdin eToken PRO USB 72K Java, Cherry
SmartTerminal ST-1200USB, Atmel AT91SO, SpringCard Prox'N'Roll,
CSB6 Basic, EasyFinger Ultimate, CSB6 Ultimate, EasyFinger
Standard, CrazyWriter, CSB6 Secure, KONA USB SmartCard, HP MFP
Smart Card Reader, ACS ACR122U PICC, Gemalto PDT, VMware Virtual
USB CCID
- MacOSX/configure: do not overwrite PCSC_CFLAGS, PCSC_LIBS,
LIBUSB_CFLAGS and LIBUSB_LIBS if already defined by the user
- by default, link statically against libusb on Mac OS X
- IFDHPowerICC(): use a very long timeout for PowerUp since the card
can be very slow to send the full ATR (up to 30 seconds at 4 MHz)
- SecurePINVerify(): correct a bug when using a Case 1 APDU and a
SCM SPR532 reader
- log the reader name instead of just the pcscd Lun
- some minor bugs removed
|
|
pcsc-lite-1.5.2:
- SCardGetStatusChange(): return if the state of the reader changed
since the previous call. Thanks to Thomas Harning for the patch
- SCardCancel() no works as expected. It got broken in version 1.5.0.
Closes: [#311342] SCardCancel does not cancel an outstanding
SCardGetStatusChange
- log TxBuffer and RxBuffer if the SCardControl() command failed.
Closes: [#311376] PCSC_LOG_VERBOSE via -dd; print details of "Card not
transacted"
- add a mutex to avoid a race condition
Closes: [#311377] Race condition in SCardBeginTransaction
- SCardGetStatusChange() may not return if the reader was removed.
- some other minor improvements and bug corrections
pcsc-lite-1.5.1:
- Extended APDU of more than 2048 bytes were corrupted. The problem was
introduced in version 1.3.3 (2 years ago) by making the code compile
with Sun Studio 11.
Thanks to Eric Mounier for the patch
- some other minor improvements and bug corrections
pcsc-lite-1.5.0:
- correctly handle up to PCSCLITE_MAX_READERS_CONTEXTS readers (instead
of PCSCLITE_MAX_READERS_CONTEXTS-1)
- SCardGetStatusChange()
. now returns SCARD_E_TIMEOUT instead of SCARD_S_SUCCESS if dwTimeout
== 0 (conform to Windows XP)
. add support of reader name \\?PnP?\Notification to detect reader
insertion/removal (conform to Windows XP)
. if a reader disappear also set SCARD_STATE_UNAVAILABLE in
dwEventState (more conform to Windows XP)
- SCardStatus(): add support of SCARD_AUTOALLOCATE for pcchReaderLen and
pcbAtrLen
- SCardGetStatusChange() now uses asynchronous events instead of polling
- more and/or better Doxygen documentation
- SCardTransmit(): correctly pass the pioRecvPci parameter
- SCardConnect() and SCardReconnect(): correct a bug when two
applications were calling SCardConnect() or SCardReconnect() at the
exact same time
- pcscd logs the command name sent by the application (when in debug mode)
- some other minor improvements and bug corrections
|
|
pkgsrc changes:
* add net/avahi dependency to enable key sharing support
Changes between 2.24.0 and 2.26.0:
==================================
* Searching by key identifiers now shows results.
* Disable interactive tree search in key manager.
* Add libcryptui documentation.
* Remove use of GTK+ deprecated symbols.
* Allow creation and deletion of keyrings from main GUI.
* Only autostart seahorse-daemon when key sharing is enabled.
* seahorse-daemon registers with session manager properly.
* Remove bits of libcryptui that are now handled by the gcr library
from gnome-keyring.
* Tons of other fixes and changes.
|
|
Changes between 2.24.0 and 2.26.0:
==================================
* Refactor PKI code to make it modular, loosely coupled and easier
to hack and test.
* Add standard widgets for display of certificates.
* If login keyring doesn't exist when changing a PAM password,
don't create it automatically.
* Overhaul the secure memory allocator to have memory guards,
be valgrind compatible, and also be sparing with secure memory.
* When importing keys, prompt to initialize new PKCS#11 tokens.
* Fix export of RSA keys to be more interoperable.
* Make the gp11 library multi-thread safe.
* Rework initialization of daemon, and the way that it
integrates with the new session manager.
* Close open file descriptors before starting daemon from PAM.
* Don't leave keyring daemon running if PAM just started it
for a password change.
* Register environment variables with session properly.
* Remove usage of deprecated glib/gtk stuff.
* Hundreds of other smaller changes and fixes.
|
|
* Fixed PDF XSS issue where a non-GET request for a PDF file would crash the
Apache httpd process. Discovered by Steve Grubb at Red Hat.
* Removed an invalid "Internal error: Issuing "%s" for unspecified error."
message that was logged when denying with nolog/noauditlog set and
causing the request to be audited.
* Fixed parsing multipart content with a missing part header name which
would crash Apache. Discovered by "Internet Security Auditors"
(isecauditors.com).
* Added ability to specify the config script directly using --with-apr
and --with-apu.
* Updated copyright year to 2009.
* Added macro expansion for append/prepend action.
* Fixed race condition in concurrent updates of persistent counters. Updates
are now atomic.
* Cleaned up build, adding an option for verbose configure output and making
the mlogc build more portable.
|
|
can work - bump pkgrevision
|
|
|
|
|
|
Added security/engine_pkcs11 version 0.1.5
|
|
config file or command line and will pass any function call by openssl to a
PKCS#11 module.
Engine_pkcs11 is meant to be used with smart cards and software for using
smart cards in PKCS#11 format, such as OpenSC. Originaly this engine was a
part of OpenSC, until OpenSC was split into several small projects for
improved flexibility.
|
|
using PKCS#11 implementations easier.
|
|
on some platforms that lacked shared library support in the past. The
list hasn't been maintained at all and the gain is very limited, so just
get rid of it.
|
|
created various interesting issues on other platforms as well.
From PR 40016.
|
|
|
|
|
|
|
|
|
|
Alliance standards: ID-FF, ID-WSF and SAML. It defines processes for
federated identities, single sign-on and related protocols. Lasso is
built on top of libxml2, XMLSec and OpenSSL and is GPL licensed.
This package provides python bindings for Lasso.
|
|
Alliance standards: ID-FF, ID-WSF and SAML. It defines processes for
federated identities, single sign-on and related protocols. Lasso is
built on top of libxml2, XMLSec and OpenSSL and is GPL licensed.
|
|
|
|
|
|
|
|
(CVE-2009-0544), bump PKGREVISION
|
|
* hide_empty_slots now on by default.
* pinpad supported fixed for Mac OS X.
* ruToken driver was updated.
* openct virtual readers reduced to 2 by default.
* link with iconv on Mac OS X for i18n support.
* Security issue: Fix private data support. [CVE-2009-0368]
* Enable lock_login by default.
* Disable allow_soft_keygen by default.
|
|
fprint-demo
libfprint
pam-fprint
for using a finger print reader
|
|
|
|
verification from libfprint for authentication instead of asking for
a password.
|
|
application developers to add support for consumer fingerprint readers to
their software.
|
