| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Give the audit-pacakges a "-d" option to download the vulnerabilities file
with downloaad-vulnerability-list before scanning the installed packages.
Update the documentation accordingly.
Get rid of some inconsistent style problems in the audit-packages script.
|
|
* Version 1.2.8 (2005-10-07)
- Libgcrypt 1.2.2 is required to fix a bug for forking GnuTLS servers.
- Don't install the auxilliary libexamples library used by the
examples in doc/examples/ on "make install", report and tiny patch
from Thomas Klausner
- If you pass a X.509 CA or PGP trust database to the command line
tool, it will now abort the connection if the server certificate
validation fails. Use the parameter --insecure to continue even
after certificate validation failures. Inspired from discussion
with Alexander Kotelnikov
- The test for socklen_t has been moved to gnulib.
- Link failures for duplicate or missing "program_name" symbol has been fixed,
patch from Martin Lambers
- The command line tool and the examples no longer uses mmap or bzero,
to make them more portable, patch from Martin Lambers
- Made the PKCS #12 API handle null passwords. Based on patch by
Anton Altaparmakov
- The GTK-DOC manual should build with current released tools.
(But a copy of the output is included, so the tools are not required.)
- API and ABI modifications:
No changes since last version.
|
|
This is a maintenance release - all updates to 2.4 have been rolled into
2.5, along with some new exploits and minor features.
|
|
Solaris.
|
|
|
|
No pkgsrc changes.
Changes since version 0.96:
===========================
v0.97
- Writes now correctly return errors. (Problem noted by
Dominique Quatravaux <dom at idealx.com>).
- CA paths now work without passing an empty SSL_ca_file
argument. (Problem found by Phil Pennock, <phil.pennock
at globnix.org>).
- IO::Socket::SSL now automatically passes Proto => tcp (if
not already specified) to IO::Socket::INET to work around
/etc/services files with udp entries listed first. (Fix
suggested by Phil Pennock).
- $socket->accept() now returns the peer address in array
context for better conformance with IO::Socket::INET.
However, if you were doing "map { $_->accept } (@sockets)",
or similar tricks, you will need to use "scalar" to get the
old behavior back. (Problem noted by Nils Sowen, <n.sowen
at kon.de>).
- IO::Socket::SSL should now properly block on reads larger
than the buffer size of Net::SSLeay. (Problem found by Eric
Jergensen, <eric at dvns.com>).
- IO::Socket::SSL should now send CA Certs (if necessary)
along with certificates. (Problem found by <roy at
momentous.ca>).
- Timeouts should now work, but be aware that if multiple
reads/writes are necessary to complete a connection, then
each one may have a separate timeout. (Request from
Dominique Quatravaux <dom at idealx.com>).
- In certain cases, start_SSL() would misplace a socket's
fileno, causing problems with starting SSL. This should now
be fixed. (Problem found by <russ at zerotech.net>).
- IO::Socket::SSL now requires a minimum of Net::SSLeay 1.21.
|
|
intended. This automatically leads to a PKGREVISION bump.
|
|
0.9.7h include fixing a shared library upgrade problem where openssl-0.9.7h
had a different ABI than previous 0.9.7 sub-revisions due to a changed
constant.
|
|
|
|
web applications (or a web application firewall). Operating as an Apache Web
server module or standalone, the purpose of ModSecurity is to increase web
application security, protecting web applications from known and unknown
attacks.
This package is for both Apache 1.x and Apache 2.x
|
|
|
|
SecPanel serves as a graphical user interface for managing and running
SSH (Secure Shell) and SCP (Secure Copy) connections. SecPanel is
written entirely in pure Tcl/Tk and does not need any extensions but
it requires version 8.x of Tcl and Tk.
|
|
|
|
DIRB is a Web Content Scanner. It looks for existing (and/or hidden)
Web Objects. It basically works by launching a dictionary based
attack against a web server and analizing the response.
DIRB comes with a set of preconfigured attack wordlists for easy usage
but you can use your custom wordlists. Also DIRB sometimes can be
used as a classic CGI scanner, but remember is a content scanner not a
vulnerability scanner.
DIRB main purpose is to help in professional web application auditing.
Specially in security related testing. It covers some holes not
covered by classic web vulnerability scanners. DIRB looks for
specific web objects that other generic CGI scanners can't look for.
It doesn't search vulnerabilities nor does it look for web contents
that can be vulnerables.
|
|
|
|
Collection.
The Net::SSH::Perl Perl5 module contains implementations of both the
SSH1 and SSH2 protocols.
|
|
|
|
|
|
Changes in version 0.4.5 are:
* Fix a crash in some sync functions.
|
|
Collection.
The Perl 5 module Crypt::DH implements the Diffie-Hellman key
exchange system.
|
|
the netbsd-2-0, netbsd-2, and netbsd-3-0 branches on 2005-10-11, then
for the purposes of satisfying dependencies, pretend it's openssl-0.9.7h.
|
|
from the netbsd-1-6 branch with the 20040401 fix.
|
|
vulnerability triggered update due to CAN-2005-2969. Changes from
version 0.9.7f include:
o Fix SSL 2.0 Rollback, CAN-2005-2969
o Allow use of fixed-length exponent on DSA signing
o Default fixed-window RSA, DSA, DH private-key operations
o More compilation issues fixed.
o Adaptation to more modern Kerberos API.
o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
o Enhanced x86_64 assembler BIGNUM module.
o More constification.
o Added processing of proxy certificates (RFC 3820).
|
|
Hi joerg! 8-)
|
|
does mkdir or mkinstalldirs for these needed directories.
|
|
shared linking the noexec wrapper is not build.
|
|
|
|
Changes in version 0.4.4 are:
* Translation updates
* warning fixes
* require gtk 2.6
|
|
BINGRP to the MAKE_ENV to make unpriviledged builds work.
|
|
|
|
|
|
does not affect the package in any way.
|
|
|
|
when the base PHP is compiled with openssl extension (e.g. ssl://, tls://
stream support, and couple others). These don't work when SSL support
is loaded via extension.
For this reason, make openssl extension unconditionally built-in
into the main PHP package, and g/c security/php-openssl.
|
|
in July).
And remove CONFIGURE_ARGS for --mandir as this is now done
for GNU_CONFIGURE.
|
|
for GNU_CONFIGURE.
|
|
|
|
|
|
Noteworthy changes in version 1.2.2 (2005-10-05}
------------------------------------------------
* Made the RNG immune against fork without exec.
* Minor changes to some function declarations. Buffer arguments are
now typed as void pointer. This should not affect any compilation.
* A bug in the definition of gcry_cipher_register has been fixed.
* Interface changes relative to the 1.2.1 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcry_cipher_encrypt CHANGED: Arguments IN and OUT are now void*.
gcry_cipher_decrypt CHANGED: Arguments IN and OUT are now void*.
gcry_create_nonce CHANGED: Argument BUFFER is now void*.
gcry_md_ctl CHANGED: Argument BUFFER is now void*.
gcry_sexp_sprint CHANGED: Argument BUFFER is now void*.
gcry_mpi_scan CHANGED: Argument BUFFER is now void*.
gcry_cipher_register CHANGED: Argument ALGORITHM_ID is now int*.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Makes lsh work much better. Bump PGKREVISION. Problem analyzed by author.
|
|
thus were before 2005Q3.
|
|
|
|
|
|
optimization flag, as was already described in this thread:
http://mail-index.netbsd.org/port-sparc/2004/12/19/0001.html
Thus, remove any -mcpu on sparc.
From Geert Hendrickx in PR 31463.
|
|
|
|
pwsafe is a password database program for unix compatible with
Counterpane's win32 Password Safe software.
This is a major release. pwsafe now supports PasswordSafe 2.x
databases, exporting databases to text, and merging databases
together.
|
|
No pkgsrc changes.
Changes since version 1.10:
===========================
Release 1.12
Fix documentation typo. Patch by <steve@fisharerojo.org>.
Release 1.11
Make Digest->new("SHA-224") work. Patch by Mark Shelor
<shelor@cpan.org>.
|
|
PR pkg/31405 from Todd Willey.
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
* Version 1.2.7 (2005-09-09)
- The GNUTLS and GNUTLS-EXTRA libraries are now built with versioned symbols.
- Certtool now complains when reading out-of-range X.509 serial
numbers, suggested by Fran
- Certtool now uses the readline library (when available) when reading
X.509 serial numbers.
- Fixed build problems in getpass on uClibc and Mingw32 platforms.
- Fixed compile warning regarding socklen_t on Mingw32, reported by
Martin Lambers
- Fixed examples in doc/examples/, suggested by Fran
- Gnulib is now used for the core library, enabling future code cleanups.
- The gnutls-cli tool now use gnutls_certificate_verify_peers2,
suggested by Daniel Stenberg
- Doc fixes for gnutls_transport_set_push and gnutls_transport_set_pull.
- Minilibtasn1 is now 0.2.17 (removed optional use of C99 macros).
- Disable zlib support if zlib.h is not present.
- A number of internal cleanups.
- API and ABI modifications:
No changes since last version.
pkgsrc change: do not install libexamples (looks like a bug)
|
