| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
DESTDIR support. Simplify. Bump revision.
|
|
move to code.google
PKG_DESTDIR_SUPPORT= destdir
|
|
|
|
|
|
|
|
Enable PKG_DESTDIR_SUPPORT=destdir
Move source to code.google
|
|
|
|
changed runtime dependencies now.
|
|
|
|
* pkgsrc change: relax restriction to kerberos package.
What's new in Sudo 1.7.0?
* Rewritten parser that converts sudoers into a set of data structures.
This eliminates a number of ordering issues and makes it possible to
apply sudoers Defaults entries before searching for the command.
It also adds support for per-command Defaults specifications.
* Sudoers now supports a #include facility to allow the inclusion of other
sudoers-format files.
* Sudo's -l (list) flag has been enhanced:
o applicable Defaults options are now listed
o a command argument can be specified for testing whether a user
may run a specific command.
o a new -U flag can be used in conjunction with "sudo -l" to allow
root (or a user with "sudo ALL") list another user's privileges.
* A new -g flag has been added to allow the user to specify a
primary group to run the command as. The sudoers syntax has been
extended to include a group section in the Runas specification.
* A uid may now be used anywhere a username is valid.
* The "secure_path" run-time Defaults option has been restored.
* Password and group data is now cached for fast lookups.
* The file descriptor at which sudo starts closing all open files is now
configurable via sudoers and, optionally, the command line.
* Visudo will now warn about aliases that are defined but not used.
* The -i and -s command line flags now take an optional command
to be run via the shell. Previously, the argument was passed
to the shell as a script to run.
* Improved LDAP support. SASL authentication may now be used in
conjunction when connecting to an LDAP server. The krb5_ccname
parameter in ldap.conf may be used to enable Kerberos.
* Support for /etc/nsswitch.conf. LDAP users may now use nsswitch.conf
to specify the sudoers order. E.g.:
sudoers: ldap files
to check LDAP, then /etc/sudoers. The default is "files", even
when LDAP support is compiled in. This differs from sudo 1.6
where LDAP was always consulted first.
* Support for /etc/environment on AIX and Linux. If sudo is run
with the -i flag, the contents of /etc/environment are used to
populate the new environment that is passed to the command being
run.
* If no terminal is available or if the new -A flag is specified,
sudo will use a helper program to read the password if one is
configured. Typically, this is a graphical password prompter
such as ssh-askpass.
* A new Defaults option, "mailfrom" that sets the value of the
"From:" field in the warning/error mail. If unspecified, the
login name of the invoking user is used.
* A new Defaults option, "env_file" that refers to a file containing
environment variables to be set in the command being run.
* A new flag, -n, may be used to indicate that sudo should not
prompt the user for a password and, instead, exit with an error
if authentication is required.
* If sudo needs to prompt for a password and it is unable to disable
echo (and no askpass program is defined), it will refuse to run
unless the "visiblepw" Defaults option has been specified.
* Prior to version 1.7.0, hitting enter/return at the Password: prompt
would exit sudo. In sudo 1.7.0 and beyond, this is treated as
an empty password. To exit sudo, the user must press ^C or ^D
at the prompt.
* visudo will now check the sudoers file owner and mode in -c (check)
mode when the -s (strict) flag is specified.
|
|
The GNU library ends up being empty and "ar" complains if you try to create
an archive. Simply skip the directory during the build to avoid this.
|
|
OK by wiz@.
|
|
* Fix crlf self-test under Mingw+Wine.
* Fix build problems on platforms that lack stdint.h.
|
|
* Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
This functionality has been in Libgcrypt since 1.3.0.
* MD5 may now be used in non-enforced fips mode.
* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
* In fips mode, RSA keys are now generated using the X9.31 algorithm
and DSA keys using the FIPS 186-2 algorithm.
* The transient-key flag is now also supported for DSA key
generation. DSA domain parameters may be given as well.
|
|
|
|
|
|
- Bugfix release, forward and backward compatible with 2.0.0
- Ability to build as a Mac framework (and build this way by default)
- On non-Mac Unix, the pkgconfig file is always qca2.pc, even in debug
mode
- Certificates containing wildcards are now matched properly
- DirWatch/FileWatch now work
- Keystore writes now work
- Don't delete objects in their event handler (prevents Qt 4.4 warnings)
- Fix potential hang with TLS in server mode
- Windows version can be configured/installed using paths with spaces
|
|
well over a year now. Sorry. :-(
|
|
|
|
build (although likely not work) on Solaris too.
|
|
Pkgsrc changes:
- Register required dependency on package security/p5-Digest-HMAC
|
|
and MD5_* is in libmd5.
Fixes build failure reported by PR 40434.
|
|
Do a workaround here too.
|
|
Upstream changes:
Authen-SASL 2.12 -- Mon Jun 30 21:35:21 CDT 2008
Enhancements
* GSSAPI implement protocol according to RFC, but by default,
remain compatible with cyrus sasl lib
* DIGEST-MD5 implement channel encryption layer
|
|
|
|
|
|
Changes between 0.9.8i and 0.9.8j [07 Jan 2009]
*) Properly check EVP_VerifyFinal() and similar return values
(CVE-2008-5077).
*) Allow the CHIL engine to be loaded, whether the application is
multithreaded or not. (This does not release the developer from the
obligation to set up the dynamic locking callbacks.)
*) Use correct exit code if there is an error in dgst command.
*) Tweak Configure so that you need to say "experimental-jpake" to enable
JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
*) Add experimental JPAKE support, including demo authentication in
s_client and s_server.
*) Set the comparison function in v3_addr_canonize().
*) Add support for XMPP STARTTLS in s_client.
*) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
to ensure that even with this option, only ciphersuites in the
server's preference list will be accepted. (Note that the option
applies only when resuming a session, so the earlier behavior was
just about the algorithm choice for symmetric cryptography.)
Changes between 0.9.8h and 0.9.8i [15 Sep 2008]
*) Fix a state transitition in s3_srvr.c and d1_srvr.c
(was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
*) The fix in 0.9.8c that supposedly got rid of unsafe
double-checked locking was incomplete for RSA blinding,
addressing just one layer of what turns out to have been
doubly unsafe triple-checked locking.
So now fix this for real by retiring the MONT_HELPER macro
in crypto/rsa/rsa_eay.c.
*) Various precautionary measures:
- Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
- Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
(NB: This would require knowledge of the secret session ticket key
to exploit, in which case you'd be SOL either way.)
- Change bn_nist.c so that it will properly handle input BIGNUMs
outside the expected range.
- Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
builds.
*) Allow engines to be "soft loaded" - i.e. optionally don't die if
the load fails. Useful for distros.
*) Add support for Local Machine Keyset attribute in PKCS#12 files.
*) Fix BN_GF2m_mod_arr() top-bit cleanup code.
*) Expand ENGINE to support engine supplied SSL client certificate functions.
This work was sponsored by Logica.
*) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
keystores. Support for SSL/TLS client authentication too.
Not compiled unless enable-capieng specified to Configure.
This work was sponsored by Logica.
*) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
attribute creation routines such as certifcate requests and PKCS#12
files.
|
|
according to Joerg this behavior is wrong. Remove this one again.
|
|
other packages.
|
|
v1.19 2008.12.31
- fix verfycn_name autodetection from PeerAddr/PeerHost
|
|
scrollkeeper is nowadays included in rarian, so the omf.mk file should
be there as well.
Adapt all references.
|
|
|
|
network security scanner with associated tools like a graphical
user front-end. The core component is a server with a set of network
vulnerability tests (NVTs) to detect security problems in remote
systems and applications.
|
|
amavisd-new-2.6.2 release notes
MAIN NEW FEATURES SUMMARY
- bounce killer: improved detection of nonstandard bounces;
- bounces to be killed no longer waste SpamAssassin time;
- tool to convert dkim-filter keysfile into amavisd configuration;
- compatibility with SpamAssassin 3.3 (CVS head) regained;
- rewritten and expanded documentation section on DKIM signing and
verification in amavisd-new-docs.html;
COMPATIBILITY WITH 2.6.1
- apart from small differences in logging and notifications, the
version 2.6.2 is compatible with 2.6.1, with its configuration file
and its environment;
- virus scanner entries were updated (as described below, most notably by
adding a regexp flag m), so be sure to update existing configuration file;
updated virus scanner entries can be used with 2.6.1 too;
- the %sql_clause default has changed in detail (see below), if its value
is overridden in a configuration file the setting may need updating;
See full release notes:
http://www.ijs.si/software/amavisd/release-notes.txt
|
|
|
|
|
|
|
|
Fix PolicyKit build on OSX.
|
|
Correct settings for file ownership (*OWN, *GRP in patch-aa and patch-ao).
Added missing installation directories in patch-aa.
Sorted PLIST to placate pkglint.
Adapted filename in patch-an to the way mkpatches generates nowadays.
|
|
|
|
Fixes PR#39223.
THIS IS A FUCKING HACK (nichts für die Goldwaage..)
Don't read the man-pages/*.pm's (they are dummy), check t/*
and fix OpenSSL.xs
Don't forget to try -
print OpenSSL::CRL::new_from_file("crl.pem")->info
- it's the only CRL stuff that's supported :)
OpenSSL::HMAC is dummy.
OpenSSL::BN is untested.
|
|
* gnutls: Fix chain verification for chains that ends with RSA-MD2 CAs.
* gnutls: Fix memory leak in PSK authentication.
* certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier.
It needs to be invoked before libgcrypt is initialized.
* gnutls-cli: Return non-zero exit code on error conditions.
* gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.
|
|
Should fix PR#40189.
Upstream changes:
2008-11-14 Gisle Aas <gisle@ActiveState.com>
Release 2.38
The 2.37 tarball was infected by various '._*' files.
Thank you, Mac OS X!
Applied warning fix from Geoff Richards [RT#19643]
Applied compatiblity fix from Alexandr Ciornii [RT#30348]
2008-11-12 Gisle Aas <gisle@ActiveState.com>
Release 2.37
Sync up with consting changes from the perl core.
|
|
Fixes PR#40188, though the dependency bump is not done
(is not reflected in the module's META.yml).
Upstream changes:
v1.18 2008.11.17
- fixed typo in argument: wildcars_in_cn -> wildcards_in_cn
http://rt.cpan.org/Ticket/Display.html?id=40997
thanks to ludwig[DOT]nussel[AT]suse[DOT]de for reporting
|
|
due to GCC 4), though those aren't mentioned in the upstream change log.
Other changes:
2007-06-09 gettextize <bug-gnu-gettext@gnu.org>
* m4/gettext.m4: New file, from gettext-0.16.1.
* m4/iconv.m4: New file, from gettext-0.16.1.
* m4/lib-ld.m4: New file, from gettext-0.16.1.
* m4/lib-link.m4: New file, from gettext-0.16.1.
* m4/lib-prefix.m4: New file, from gettext-0.16.1.
* m4/nls.m4: New file, from gettext-0.16.1.
* m4/po.m4: New file, from gettext-0.16.1.
* m4/progtest.m4: New file, from gettext-0.16.1.
2003-03-08 17:38 nmav
* Makefile.am:
Honor DESTDIR variable. Patch by Andrew W. Nosenko <awn@bcs.zp.ua>
2003-03-08 17:29 nmav
* src/mcrypt.c, NEWS:
Made the algorithm and mode command line input case insensitive.
2003-03-08 17:08 nmav
* doc/mcrypt.1:
some corrections in the manpage by Michael Mason
<mgm@eskimoman.net>
|
|
avoid that warning, the ints are first cast to size_t, which is more
likely to match the size of a pointer. Unfortunately, the intptr_t and
uintptr_t types are marked optional in C99.
|
|
* skeyprune is perl script, need runtime dependency on perl5.
* Fixes mis-use of config.h (patch-a[d-i]), avoid to use a mixture of
local hash function with system RMD header.
Fixes build failure reported by PR 39872 and PR 39953.
Bump PKGREVISION.
|
|
|
|
|
|
|
