| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Applied Hasso Tepper recommended fix. Thank you.
|
|
MITKRB5-SA-2008-002. Bump PKGREVISION now finally.
|
|
will be bumped again once some other patches are in.
|
|
supported yet. Don't bump revision as the package didn't build before.
|
|
- telnetd username and environment sanitizing vulnerabilities ("-f root")
as described in MIT Kerberos advisory 2007-001.
- krb5_klog_syslog() problems with overly long log strings as described
in MIT Kerberos advisory 2007-002.
- GSS API kg_unseal_v1() double free vulnerability as described in the
MIT Kerberos advisory 2007-003.
|
|
- Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake
which could lead to a silent crash.
- Fix double free in TLS server name extensions which could lead to a remote
crash.
Patches from upstream.
|
|
Noticed by Hasso Tepper in PR 38822.
Bump PKGREVISION.
|
|
|
|
last commit.
|
|
getpeereid() .
|
|
changes:
-Fix importing keys from hkp keyservers
-build fixes
|
|
changes:
-minor UI improvements
-bugfixes
-portability improvements, in particular for credential passing on
local sockets -- unfortunately a bit of the patch I submitted upstream
got lost
|
|
|
|
|
|
4.24: fix security problem (properly reject revoked certs)
4.23: WinNT bugfix
4.22:
- A new global option to control logging to syslog.
Simultaneous logging to a file and the syslog is now possible.
- A new service level option to control stack size.
- Restored chroot() to be executed after decoding numerical
userid and groupid values in drop_privileges().
- A few bugs fixed the in the new libwrap support code.
- TLSv1 method used by default in FIPS mode instead of
SSLv3 client and SSLv23 server methods.
4.21:
- Initial FIPS 140-2 support (see INSTALL.FIPS for details).
- Experimental fast support for non-MT-safe libwrap is provided
with pre-spawned processes.
- Stunnel binary moved from /usr/local/sbin to /usr/local/bin
in order to meet FHS and LSB requirements.
- Added code to disallow compiling stunnel with pthreads when
OpenSSL is compiled without threads support.
- Minor manual update.
- TODO file updated.
- Dynamic locking callbacks added (needed by some engines to work).
- AC_ARG_ENABLE fixed in configure.am to accept yes/no arguments.
- On some systems libwrap requires yp_get_default_domain from libnsl,
additional checking for libnsl was added to the ./configure script.
- Sending a list of trusted CAs for the client to choose the right
certificate restored.
- Some compatibility issues with NTLM authentication fixed.
|
|
|
|
many packages used to use ${PAX}. Use the common way of directly calling
pax, it is created as tool after all.
|
|
Addresses PR 38744.
|
|
patches to add it). Drop pax from the default USE_TOOLS list.
Make bsdtar the default for those places that wanted gtar to extract
long links etc, as bsdtar can be built of the tree.
|
|
And also require opencdk>=0.6.5.
|
|
security/p5-String-Random. Merge changes from the textproc one into
the security one.
|
|
* Version 2.2.5 (released 2008-05-19)
Fix flaw in fix for GNUTLS-SA-2008-1-3.
* Version 2.2.4 (released 2008-05-19)
Fix three security vulnerabilities. [GNUTLS-SA-2008-1]
[GNUTLS-SA-2008-1-1]
libgnutls: Fix crash when sending invalid server name.
[GNUTLS-SA-2008-1-2]
libgnutls: Fix crash when sending repeated client hellos.
[GNUTLS-SA-2008-1-3]
libgnutls: Fix crash in cipher padding decoding for invalid record lengths.
* Version 2.2.3 (released 2008-05-06)
Increase default handshake packet size limit to 48kb.
Fix compilation error related to __FUNCTION__ on some systems.
Documented the --priority option to gnutls-cli and gnutls-serv.
Fix fopen file descriptor leak in PSK server code.
Build Guile code with -fgnu89-inline only when supported.
Make Camellia encryption work.
|
|
Based on patch provided by Eric Schnoebelen in PR 38692.
While here, marked as DESTDIR support.
Also fix CONFIGURE option for GSSAPI implement (I don't know from when).
* Version 0.2.26 (released 2008-05-05)
** Translations files not stored directly in git to avoid merge conflicts.
This allows us to avoid use of --no-location which makes the
translation teams happier.
** Build fixes for the documentation.
** Update gnulib files.
* Version 0.2.25 (released 2008-03-10)
** gsasl: Fix buffering issue to avoid mixing stdout/stderr outputs.
This would manifest itself when redirecting output to a pipe, such as
when used with Gnus. Reported by Enrico Scholz
<enrico.scholz@informatik.tu-chemnitz.de>, see
<http://thread.gmane.org/gmane.comp.gnu.gsasl.general/123>.
** Fix non-portable use of brace expansion in makefiles.
* Version 0.2.24 (released 2008-01-15)
** Link self-tests with gnulib, to fix link failures under MinGW.
* Version 0.2.23 (released 2008-01-15)
** Improve CRAM-MD5 self-test to detect if challenges are the same.
** Improve gsasl --help and --version to conform with GNU standards.
** Use gettext 0.17.
** Update gnulib files.
* Version 0.2.22 (released 2007-10-08)
** Development git tree moved to savannah.
See <https://savannah.gnu.org/projects/gsasl/>.
** Fix warnings when building the tool 'gsasl'.
** Update gnulib files.
|
|
tech-pkg at jp.NetBSD.org => tech-pkg-ja at jp.NetBSD.org
|
|
changes:
-direct-tcpip support
-bug fixes
pkgsrc change: disable use of Python setuptools
(gives unpredictable results)
|
|
|
|
so make it only end up in the PLIST if that is the case.
|
|
Major changes since Sudo 1.6.9p15:
o There was missing whitespace before the ldap libraries in the Makefile
for some configurations.
o LDAPS_PORT may not be defined on older Solaris LDAP SDKs.
o If the LDAP server could not be contacted and the user was not present
in sudoers, a syntax error in sudoers was incorrectly reported.
|
|
|
|
Stegtunnel provides a covert channel in the IPID and sequence number
fields of any desired TCP connection. It requires the server and
client to have a previously shared secret in common to detect and
decrypt the data.
|
|
|
|
|
|
|
|
this heimdal on 3.x.
Bump PKGREVISION.
|
|
|
|
EzCrypto is an easy-to-use wrapper around the poorly documented OpenSSL
Ruby library. Features include:
* Defaults to AES 128 CBC
* Will use OpenSSL library for transparent hardware crypto support
* Single-class object-oriented access to most commonly used features
* Ruby-like syntax
|
|
Stop lying and drop maintainership of these packages. I have not
maintained them for a very long time already, so leave room for
fresh blood to take over them.
|
|
Synopsis: Support for DragonFly to security/pcsc-lite
Incorporated fix submitted by Hasso Tepper.
|
|
Synopsis: Support for DragonFly to security/ccid
Incorporated fix submitted by Hasso Tepper.
|
|
HAVE_STDINT_H generated by configure. This is required for
compilation on Solaris 9.
|
|
Version 1.4 (released 2008-04-21)
- Update gnulib files.
- Replace uses of alloca with malloc.
|
|
Noteworthy changes in version 1.4.1 (2008-04-25)
------------------------------------------------
* Fixed a bug introduced by 1.3.1 which led to the comsumption of far
too much entropy for the intial seeding.
* Improved AES performance for CFB and CBC modes.
* Removed build problems for the Padlock support.
|
|
|
|
This module can generate both LANMAN and NT password hashes, suitable for
use with Samba.
|
|
* Enhanced gpg-connect-agent with a small scripting language.
* New option --list-config for gpgconf.
* Fixed a crash in gpgconf.
* The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the
pinentry.
* Fixed the auto creation of the key stub for smartcards.
* Fixed a rare bug in decryption using the OpenPGP card.
* Creating DSA2 keys is now possible.
* New option --extra-digest-algo for gpgsm to allow verification of
broken signatures.
* Allow encryption with legacy Elgamal sign+encrypt keys with option
--rfc2440.
|
|
Builds without 'enable-maintainer-mode' being set
|
|
- Let the user choose the type of sorting (default to time descending,
available: time asc/desc, count asc/desc).
- Implement Prewikka Asynchronous DNS resolution in alert view
as well as message summary (require twisted.names and twisted.internet),
see the additional dns_max_delay settings parameters in prewikka.conf.
- In the alert summary view, handle portlist and ip_version service fields,
and show alert messageid.
- Fix exception when rendering ToolAlert.
- Fix double classification escaping (could result in non working link
for alert with classification containing escaped character).
- Improvement to heartbeat retrieval (heartbeat view speedup).
- Correct typo (fix #275), thanks Scott Olihovki <skippylou@gmail.com>
for pointing this out.
- Polish translation, by Konrad Kosmowski <konrad@kosmosik.net>.
- Update to pt_BR translation, by Edelberto Franco Silva <edeunix@edeunix.com>
- Various bug fixes and cleanup.
|
|
- [rulesets]: Remove successful/failure keyword from classification
(use IDMEF completion). Analyzer class sanitization.
- [nagios] Handle Nagios V2 log entry (fix #283).
- [spamassassin] Fix incorrect AdditionalData assignement.
- New Suhosin ruleset, by Sebastien Tricaud <toady@inl.fr>
- Fix invalid logfile inconsistency alert that could be triggered
in a rare case, after a renaming detection. Alert improvement.
- On logfile inconsistency alert, do not re-analyze the whole file.
- Remove the 1024 bytes per PCRE reference limit.
- Minor bug fixes, build system cleanup.
|
|
|
