summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2004-03-09Don't build and install openssl with IDEA, MDC2, or RC5 support.reed2-8/+5
According to README, "RSA Security holds software patents on the RC5 algorithm. If you intend to use this cipher, you must contact RSA Security for licensing conditions." And "The IDEA algorithm is patented by Ascom ... They should be contacted if that algorithm is to be used." The openssl FAQ says "For patent reasons, support for IDEA, RC5 and MDC2 is disabled in this [Red Hat Linux] version." The FAQ lists patent numbers and expiry dates of US patents: MDC-2: 4,908,861 13/03/2007 IDEA: 5,214,703 25/05/2010 RC5: 5,724,428 03/03/2015 Now fee-based-commercial-use ACCEPTABLE_LICENSES is not needed.
2004-03-08Enable tk84 and replace x11/tk with x11/tk83. Packages compatibleminskim1-2/+2
with 8.4 will be updated to depend on x11/tk after Tk update.
2004-03-08Replace lang/tcl with lang/tcl83. Packages compatible with 8.4 willminskim1-2/+2
be updated to depend on lang/tcl after Tcl/Tk update.
2004-03-08Handle some shared directories by depending on (or updating dependancies tojmmv1-3/+3
the latest versions) xdg-dirs, xdg-x11-dirs or gnome*-dirs. Bump PKGREVISION.
2004-03-07Updated to version 1.03heinz3-40/+24
Adapted to buildlink3 No INTERACTIVE_STAGE anymore Changes sinces 0.17 =================== 1.03 2002.12.09 - Makefile.PL now uses ExtUtils::AutoInstall. Thanks to Autrijus Tang for the note. - SIGNATURE file now included with distribution. - Added --version to bin/pgplet, which lists supported ciphers, digests, etc., along with version information. - Added Crypt::OpenPGP::KeyBlock::save_armoured, to save an armoured version of the keyblock (useful for exporting public keys). - encrypt and verify no longer fail if there are no public keyrings, in case lookup in a keyserver is desired. - Added Crypt::OpenPGP::Digest::supported and Crypt::OpenPGP::Cipher::supported. - Fixed bug where signed cleartext has \r characters in the header. 1.02 2002.10.12 - encrypt and verify now support auto-retrieval of public keys from an HKP keyserver, if the keys are not found in the local keyring. - Added support for the SHA-1 integrity checks on secret keys used by gnupg 1.0.7. Thanks to Chip Turner for the spot. - Added a --local-user|-u option to bin/pgplet to support using a different secret key for signing. Thanks to Joseph Pepin for the patch. - new() now accepts Crypt::OpenPGP::KeyRing objects for the PubRing and SecRing parameters. - Fixed a bug in decrypt where passing in a "Key" param to decrypt a message encrypted to multiple recipients did not work. Thanks to rdailey for the spot. - ElGamal self-signatures no longer cause an error. - Added LWP::UserAgent and URI::Escape to prereqs, for keyserver. - Added Crypt::OpenPGP::Signature::digest accessor. Thanks to Bob Mathews for the patch. 1.01 2002.07.15 - Added Crypt::OpenPGP::handle, a DWIM wrapper around the other high-level interface methods. Given data, it determines whether the data needs to be decrypted, verified, or both. And then it does what it's supposed to do. - Added Crypt::OpenPGP::Signature::timestamp to return the created-on time for a signature. Also, Crypt::OpenPGP::decrypt and Crypt::OpenPGP::verify now return the Crypt::OpenPGP::Signature object if called in list context (and, in the case of decrypt, if there is a signature). Thanks to Erik Arneson for the patches. - Fixed a bug in decrypt with uncompressed encrypted signed data. Thanks to Erik Arneson for the spot. - Fixed a bug in Crypt::OpenPGP::Message with clearsigned messages, if the text and signature were contained in a block of text containing more PGP messages/signatures. - Fixed a nasty, evil, stupid compatibility bug with canonical text. Namely, pgp2 and pgp5 do not trim trailing whitespace from "canonical text" signatures, only from cleartext signatures. This was causing invalid signatures which should not have been invalid. Thanks to Erik Arneson for the spot. - Added Crypt::OpenPGP::KeyServer, which does lookups against an HKP keyserver. 1.00 2002.02.26 - CAST5 is now supported thanks to Crypt::CAST5_PP from Bob Mathews. - bin/pgplet now supports encrypting and decrypting symmetrically- encrypted messages. - The PassphraseCallback argument to Crypt::OpenPGP::decrypt can now be used to supply a callback for symmetrically-encrypted packets, as well as public-key-encrypted packets. - Fix a bug with encrypted, signed text--the signature was being armoured, which led to errors from the process trying to decrypt and verify. - Fix a bug with symmetric-encrypted session keys w/r/t generation for PGP2--PGP2 doesn't understand symmetric-encrypted session keys, so we need to leave them out when Compat is PGP2. Also, we need to use the 'Simple' S2k rather than the default, 'Salt_Iter'. - Fix a key generation bug where GnuPG will not import generated public keys, because the self-signature is invalid; signature needs to be on key data *and* user ID. Thanks to Joel Rowles for the spot. - Fix bug in ElGamal encryption and k generation. 0.18 2002.01.29 - Added IsPacketStream parameter to Crypt::OpenPGP::Message; this turns off armour detection when initializing the message, and can be used when you *know* that the message is a stream of packets, and not an ASCII-armoured stream of packets. - When unarmouring, remove \r characters from the armoured text end of lines. - Added Crypt::OpenPGP::KeyRing::save method. Thanks to Ben Xain for the idea and a patch. - Added compatibility with symmetric-key-encrypted files that do not have a symmetric-key session key packet. The assumption with these encrypted messages is that they are PGP2-encrypted, using the IDEA cipher, MD5 digests, and a Simple s2k. So that is how the fix has been implemented. Thanks to Ben Xain for the bug report. - Win32 fixes: use binmode when reading files that might be binary. - Added --symmetric and --digest options to Makefile.PL to set symmetric and digest algorithms when using --sdk. - Fixed subkey IDs in list-keys with bin/pgplet. - Check for errors when reading keyring.
2004-03-05Reorder location and setting of BUILDLINK_PACKAGES to match templatejlam14-77/+97
buildlink3.mk file in revision 1.101 of bsd.buildlink3.mk.
2004-03-04Update gss to 0.0.10.minskim4-22/+51
Changes since 0.0.6: - A command line tool "gss" added in src/. - gss_display_status can return multiple description texts (using context). - The Swedish translation has been updated. - Various cleanups and improvements. - Implemented gss_export_name and gss_krb5_inquire_cred_by_mech. The Kerberos 5 backend also support them. - gss_inquire_cred support default credentials. - Kerberos 5 gss_canonicalize_name now support all mandatory name types. - Kerberos 5 gss_accept_sec_context now support sub-session keys in AP-REQ. - Added new extended function API: gss_userok. - API documentation in HTML format from GTK-DOC included in doc/reference/. - Moved all backend specific code into sub-directories of lib/. - The gss_duplicate_name function now allocate the output result properly. - Man pages for all public functions are included. - Documentation fixes. For example, all official APIs are now documented. - Fixed typo that broke gss_wrap for 3DES with Kerberos 5. - Improvements to build environment. - Autoconf 2.59, Automake 1.8 beta, Libtool CVS used.
2004-03-04Update to priv-1.0-beta2.simonb3-25/+8
Changes from previous version are: + Fix a single byte buffer overflow. Can only be a NUL byte that overflows, not believed (at this stage!) to be exploitable in any way. + Avoid null-pointer dereference if getpwuid(getuid()) fails.
2004-03-03Update opencdk to 0.5.4.minskim2-6/+5
Changes since 0.5.3: * Added versioned symbols.
2004-03-01Make build on m68kelf, and honour M68060 variable for quite a bitwiz3-3/+29
of speedup on m68060 machines. From S.P. Zeidler in PR 24579.
2004-03-01Bump PKGREVISION due to libtasn1 and gnutls updates.jmmv1-2/+2
2004-03-01Update to 1.0.8. Changes since 1.0.6:jmmv4-17/+15
Version 1.0.8 (28/02/2004) - Corrected bug in mutual certificate authentication in SSL 3.0. - Several other minor bugfixes. Version 1.0.7 (25/02/2004) - Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection hack). - Some updates in the documentation.
2004-03-01Update to 0.2.7:jmmv5-11/+11
- Added versioned symbols.
2004-03-01Enable and note addition of srm version 1.2.8.cube1-1/+2
2004-03-01Initial import of srm, version 1.2.8 into the NetBSD Package Collection,cube4-0/+38
by request on regional-fr. Srm is a secure replacement for rm(1). Unlike the standard rm, it overwrites the data in the target files before unlinkg them. This prevents command-line recovery of the data by examining the raw block device. It may also help frustrate physical examination of the disk, although it's unlikely that completely protects against this type of recovery. Srm uses algorithms found in _Secure Deletion of Data from Magnetic and Solid-State Memory_ by Peter Gutmann and THC Secure Delete (the overwrite, truncate, rename, unlink sequence). All users, but especially Linux users, should be aware that srm will only work on file systems that overwrite blocks in place. In particular, it will _NOT_ work on resiserfs or the vast majority of journaled file systems. It should work on ext2, FAT-based file systems, and the BSD native file system. Ext3 users should be especially careful as it can be set to journal data as well, which is an obvious route to reconstructing information.
2004-02-29include mk/compiler.mk before testing ${CC}grant1-1/+2
2004-02-28MAINTAINER should be tech-pkg@NetBSD.org instead of packages@netbsd.org.taca1-2/+2
2004-02-27add ike-scanitojun1-1/+2
2004-02-27ike-scan, IKE fingerprinting toolitojun4-0/+47
--- ike-scan discovers IKE hosts and can also fingerprint them using the retransmission backoff pattern. ike-scan does two things: a) Discovery: Determine which hosts are running IKE. This is done by displaying those hosts which respond to the IKE requests sent by ike-scan. b) Fingerprinting: Determine which IKE implementation the hosts are using. This is done by recording the times of the IKE response packets from the target hosts and comparing the observed retransmission backoff pattern against known patterns. The retransmission backoff fingerprinting concept is discussed in more detail in the UDP backoff fingerprinting paper which should be included in the ike-scan kit as udp-backoff-fingerprinting-paper.txt. The program sends IKE main mode requests to the specified hosts and displays any responses that are received. It handles retry and retransmission with backoff to cope with packet loss. It also limits the amount of bandwidth used by the outbound IKE packets.
2004-02-25USE_LANGUAGES= c c++.markd1-1/+2
2004-02-25Regen. Noted by jmmv@.minskim1-2/+2
2004-02-25Not used any more.minskim1-23/+0
2004-02-25bl3ify and add explicit dependency on pkgconfig.minskim1-4/+5
2004-02-25Not used any more.minskim1-28/+0
2004-02-25Enable p5-Crypt-CAST5_PPheinz1-1/+2
2004-02-25Not used any more.minskim3-92/+0
2004-02-25Enable pkgviews installation.minskim3-3/+9
2004-02-25Not used any more.minskim1-27/+0
2004-02-25Bump BUILDLINK_DEPENDS due to library major bump.minskim4-8/+8
2004-02-25Update libksba to 0.9.4.minskim3-10/+8
Changes since 0.9.1: * Support for Extended Key Usage. * ksba_cms_identify may no return a pseudo content type for pkcs#12 files. * Cleaned up the DN label table. * Fixed a bug in creating CMS signed data. * Interface changes: ksba_reader_clear NEW. ksba_cert_get_ext_key_usages NEW. KSBA_CT_PKCS12 NEW.
2004-02-25Bump PKGREVISION due to the update of libgcrypt.minskim5-8/+10
2004-02-25Update libgcrypt to 1.1.92.minskim4-16/+16
Changes since 1.1.90: - Included a limited implementation of RFC2268. - Changed API of the gcry_ac_ functions. - Code cleanups and minor bug fixes. - Interface changes: GCRY_CIPHER_RFC2268_40 NEW. gcry_ac_data_set CHANGED: New argument FLAGS. gcry_ac_data_get_name CHANGED: New argument FLAGS. gcry_ac_data_get_index CHANGED: New argument FLAGS. cry_ac_key_pair_generate CHANGED: New and reordered arguments. gcry_ac_key_test CHANGED: New argument HANDLE. gcry_ac_key_get_nbits CHANGED: New argument HANDLE. gcry_ac_key_get_grip CHANGED: New argument HANDLE. gcry_ac_data_search REMOVED. gcry_ac_data_add REMOVED. GCRY_AC_DATA_FLAG_NO_BLINDING REMOVED. GCRY_AC_FLAG_NO_BLINDING NEW: Replaces above.
2004-02-25Not used any more.minskim1-24/+0
2004-02-25Enable pkgviews installation. While here, update the MAINTAINER emailminskim1-2/+4
address.
2004-02-25Respect CFLAGS and LDFLAGS. Fixes the case where the preferredschmonz3-9/+14
OpenSSL is in ${LOCALBASE} (e.g., PREFER_PKGSRC=openssl), as found in Krister's bulk build. From jlam.
2004-02-25Initial import of Crypt::CAST5_PP.heinz4-0/+27
This is a pure Perl implementation of the CAST5 block cipher.
2004-02-24Adapted to buildlink3.heinz1-6/+9
Taking maintainership. Needs Math-Pari>=2.001804 and Crypt-Random>=0.33 according to Makefile.PL.
2004-02-24Added HOMEPAGE and adapted to buildlink3.heinz1-3/+5
2004-02-24Updated to version 1.50.heinz3-13/+33
Taking maintainership. Adapted to buildlink3. Shut up warnings during test with patch-aa. Updated version requirements according to Makefile.PL. Changes sinces 1.47 =================== * In ::Key::generate() calls to ::Key::Private::write() and ::Key::Public::write() have been fixed. Thanks to Lars Rehe <rehe@mail.desy.de> for pointing out this bug. * Fixed some documentation typos. * POD documentation for ::Key::[Private|Public].
2004-02-24Added HOMEPAGE and adapted to buildlink3.heinz1-2/+5
2004-02-24Taking maintainership.heinz1-4/+7
Adapted to buildlink3.
2004-02-24this package doesn't use a compiler, so USE_LANGUAGES= # emptygrant1-1/+2
2004-02-23MASTER_SITES and HOMEPAGE are the same URL.schmonz1-2/+2
2004-02-23Let the rc.d script start kdc detached, as is the default forwiz2-2/+4
the in-tree kdc. From Jukka Salmi in PR 24489, ok'd by lukem@. Bump PKGREVISION to 1.
2004-02-23This package uses X11 includes/libraries, so USE_X11 must be "yes" forkristerw1-1/+2
it to build.
2004-02-23bl3ify and use zlib's buildlink3 instead of using DEPENDS.xtraeme1-2/+3
2004-02-22Updated to version 0.50.heinz2-11/+14
Taking maintainership. Adapted to buildlink3. Changes sinces 0.49 =================== * Patch by Dave Paris to fix a limit problem in trialdiv().
2004-02-22Updated to version 1.13.heinz2-11/+14
Taking maintainership. Adapted to buildlink3. Changes sinces 1.11 =================== * Changed the die() message at provider contruction to include the name of the provider. * Updated documentation.
2004-02-22bl3ifyjlam3-5/+10
2004-02-22Updated to version 1.02.heinz4-28/+14
Taking maintainership. Adapted to buildlink3. Changes sinces 1.01 =================== Patch-ab has been incorparated into the distribution.