summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2007-06-10Update security/caff to 0.4.10tonio2-7/+7
signing-party (0.4.10-1) unstable; urgency=low * caff: + Fix syntax error in example config variables (Closes: #413020). + Fix perl warnings when calling pgp-fixkey with unknown keyid or with empty signature create date. * gpg-key2ps: + Add '-1' option to only display one column of slips, for extra wide keys (Closes: #399474). * keylookup: + Fix perl warnings caused by empty lines from gpg output. * Drop transitional and now obsolete keylookup package. * Remove no longer needed dependency on mailx.
2007-06-09Replace a patch by setting the proper environment variable.wiz3-18/+3
Info provided by the author David Landgren.
2007-06-08Added support for installation to DESTDIR. "root"-permissions stillheinz1-7/+11
required because of "chown" and "chmod" commands. Enabled tests.
2007-06-08The package supports installation to DESTDIR.heinz1-1/+2
2007-06-08Update to 1.06:wiz2-6/+6
v1.06 - instead of setting undef args to '' in configure_SSL drop them. This makes Net::SMTP::SSL working again because it does not give LocalPort of '' to IO::Socket::INET any more
2007-06-08Update to 0.55:wiz4-76/+20
0.55 2007-06-01 17:34:22 UTC - Added a blocking() method to Net::SSL (and bumped version to 2.81). 0.54 2007-04-12 22:05:26 UTC - Rebadged 0.53_05, since no bugs appear to have surfaced. 0.53_05 - Fixed up incorrect LIBS key in WriteMakefile args. Thanks to David Cantrell for giving me access to an OpenBSD box that revealed this problem. - Added the list of modules that depend on Crypt::SSLeay to the README, as per cpants.perl.org. (think: improvements to the test suite). 0.53_04 2007-03-06 09:39:01 UTC - add diag() info to determine possible reasons for failure as per http://www.nntp.perl.org/group/perl.cpan.testers/2007/03/msg428964.html - Tweaks for Strawberry Perl detection. 0.53_03 2007-03-04 18:30:06 UTC - Adjusted the typemap shims to silence the compiler warnings that occur when sizeof(IV) is larger than sizeof(char *). - use XSLoader for faster loading if available, otherwise fall back to DynaLoader. - Makefile.PL heavily reworked, lots of cruft removed. - Ask to see whether the live tests should be run. - renamed net_sst.t to 01-connect.t - added 02-live.t that performs live HTTPS requests. 0.53_02 2007-01-29 10:02:34 UTC - don't proxy hosts in NO_PROXY environment variable (CPAN bug #11078). - don't send user agent string to proxy unless send_useragent_to_proxy is enabled. (CPAN bug #4759). - Net::SSL bumped to 2.80 0.53_01 2007-01-24 22:21:09 UTC - patch for CPAN #12444 applied (Jeff Lavallee). Net::SSL bumped tp 2.79. - example scripts moved into eg/ directory and the documentation updated. - added a TODO to remind me of what needs to be done. 0.53 2006-12-26 17:21:22 UTC - 0.52_02 deemed stable 0.52_02 2006-12-20 19:29:01 UTC - improved VMS support (CPAN bug #19829). - add a test to see if cert file is readable in Net::SSL::configure_certs (CPAN bug #8498) and Net::SSL version to 2.78. - known working platforms list removed from documentation. Too old, and CPAN Testers has the up-to-date information. - minor documentation improvements. 0.52_01 2006-12-17 - add call to SSL_library_init() in new() - maintenance taken over by brian d foy and David Landgren.
2007-06-07+ Bastille.wiz1-1/+2
2007-06-06Imported Bastille from pkgsrc-wip.rillig9-0/+563
Bastille is a system hardening / lockdown program which enhances the security of a Unix host. It configures daemons, system settings and firewalls to be more secure. It can shut off unneeded services like rcp and rlogin, and helps create "chroot jails" that help limit the vulnerability of common Internet services like Web services and DNS. This tool currently hardens Red Hat (Fedora Core, Enterprise and Legacy/Classic), SuSE, Debian, Gentoo, Mandrake Linux, HP-UX, Mac OS X and Turbo Linux. If run in the preferred interactive mode, it can teach you a good deal about security while personalizing your system security state. Bastille can also assess and report on the state of a system, which may serve as an aid to security administrators, auditors and system administrators who wish to investigate the state of their system's hardening without making changes to such. This assessment functionality has only been tested on Red Hat Linux (Fedora, Legacy, Enterprise) and SUSE systems.
2007-06-06Use included opencdk for now, opencdk-0.6.x is not compatible withwiz2-5/+8
gnutls-1.6.x (the stable branch). No further PKGREVISION bumps necessary, because opencdk caused recursive PKGREVISION bumps and afterwards gnutls wouldn't build. Addresses PR pkg/36448.
2007-06-06Update to 0.6.1.wiz4-7/+36
Package change: Fix opencdk-config and opencdk.pc. Noteworthy changes in version 0.6.1 (2007-05-12) ------------------------------------------------ * The opencdk.def file is included in the distribution archive, fixes build failures on mingw32. * Some bug fixes for the mingw32 build in combination with WINE. * Now the decryption code uses the name in the literal packet for the output file whenever this is possible. * Take care of absolute file names in literal packets.
2007-06-05opencdk shlib major changed; bump ABI depends and PKGREVISIONs ofwiz18-25/+36
affected packages.
2007-06-05Update to 0.6.0:wiz4-12/+21
Noteworthy changes in version 0.6.0 (2007-05-XX) ------------------------------------------------ * Dropped all internal random, cipher, digest libs and only use gcrypt for such tasks. The library should only provide functions dedicated to parsing and packet creation for the protocol. * Adjust code for the new Libgcrypt interface. Now Libgcrypt >1.2.2 is required to build the code. * This new version introduces an API change and thus incompatibilities to prior versions. * Lots of cleanups all over the place. This also includes simplification for various code parts. * Better support for larger files. * Map the libgcrypt error directly and remove the invalid CDK_Gcry_Error type. * Add more regression tests for the various code parts. * We do not support ElGamal signatures any longer. * Merged patches from the other opencdk branch which is currently used by GnuTLS. * Provide user callback for the stream. As a sample implementation, socket callbacks are implemented and use in cdk_stream_sockopen(). * Drop most of the rfc1991 legacy format. This means we do not generate any rfc1991 data, but we still understand it. An exception is the packet header output. * Removed gnulib interface for now because the lib is currently not in use. * Interfaces changes relative to 0.5.x ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ functions: cdk_stream_tmp CHANGED: is now cdk_stream_tmp_new cdk_stream_new_from_mem CHANGED: new argument and return error code cdk_stream_control CHANGED: is no available any longer cdk_stream_new_from_cbs NEW cdk_stream_mmap_part NEW cdk_keydb_new_from_file NEW cdk_keydb_new_from_mem NEW cdk_keydb_new_from_stream NEW cdk_keydb_import CHANGED: second argument removed. cdk_keydb_pk_cache_sigs DELETED cdk_kbnode_write_to_mem_alloc NEW cdk_lib_startup NEW cdk_lib_shutdown NEW cdk_handle_set_keyring NEW cdk_handle_get_verify_result NEW cdk_subpkt_find_next NEW cdk_subpkt_find_nth NEW cdk_set_progress_handler DELETED cdk_userid_get_pref_array DELETED cdk_pk_encrypt CHANGED: last argument is now gcry_mpi_t cdk_pk_decrypt CHANGED: last argument is now gcry_mpi_t cdk_pk_get_mpi CHANGED: new argument nwritten. cdk_sk_get_mpi CHANGED: new argument nwritten. cdk_pk_release NEW cdk_sk_release NEW cdk_pubkey_to_sexp NEW cdk_seckey_to_sexp NEW cdk_armor_encode_buffer NEW cdk_keygen_set_mdc_feature DELETED cdk_keygen_set_algo_info CHANGED: new argument usage. cdk_seskey_new DELETED cdk_seskey_free DELETED cdk_dek_encode_pkcs1 CHANGED: not public any longer. cdk_dek_decode_pkcs1 CHANGED: not public any longer. cdk_stream_tell CHANGED: return type is now off_t cdk_stream_seek CHANGED: argument is now off_t cdk_pk_check_self_sig NEW constants: CDK_No_Data NEW CDK_CTL_TRUSTMODEL DELETED CDK_CTL_FORCE_DIGEST DELETED CDK_COMPRESS_BZIP2 NEW CDK_MD_SHA{256,384,512} NEW CDK_MD_{TIGER, MD2} DELETED CDK_CIPHER_{SAFER_SK128, DES_SK} DELETED CDK_CTL_COMPAT DELETED structures: cdk_md_hd_t CHANGED: is now gcry_md_hd_t cdk_cipher_hd_t CHANGED: is now gcry_cipher_hd_t cdk_sesskey_t CHANGED: is now gcry_mpi_t
2007-06-01Update to 1.6.3:wiz3-7/+9
* Version 1.6.3 (released 2007-05-26) ** New API functions to extract DER encoded X.509 Subject/Issuer DN. Suggested by Nate Nielsen <nielsen-list@memberwebs.com>. Backported from the 1.7.x branch, see <http://lists.gnu.org/archive/html/help-gnutls/2007-05/msg00029.html>. ** Have PKCS8 parser return better error codes. Reported by Nate Nielsen <nielsen-list@memberwebs.com>, see <http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001653.html> and <http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001654.html>. ** Fix mem leak for sessions with client authentication via certificates. Reported by Andrew W. Nosenko <andrew.w.nosenko@gmail.com>, see <http://lists.gnupg.org/pipermail/gnutls-dev/2007-April/001539.html>. ** Fix building of 'tlsia' self test. Earlier some gcc are known to build tlsia linking to $prefix/lib/libgnutls-extra.so rather than the libgnutls-extra.so in the build directory, even though command line parameters look OK. Changing order of some parameters fixes it. ** API and ABI modifications: gnutls_x509_crt_get_raw_issuer_dn: ADD. gnutls_x509_crt_get_raw_dn: ADD.
2007-06-01Update to 2.5.1.xtraeme3-16/+16
This release adds checking of a number of archive members to improve protection from runaway dearchivers. It fixes SQL quarantining of mail with a null sender, and recognizes PostgreSQL error S8006. Parsing of invalid header has been improved. Calling 'finish' on a SA message object was added. A nonstandard SMTP status code 254 is no longer used, and enforcing of option 8BITMIME is avoid even on 8-bit contents. Checking of eval status was improved to recognize additional failure modes. Disabling of MIME decoding and invoking of a file(1) utility has been made possible. An AV entry for ArcaVir was added.
2007-06-01Fix PLIST -- it assumed that the package would be built withwiz3-7/+8
the gpgsm option on by default.
2007-05-30Use the macosx-bind9-bind8compat hack. Gets the build a little further.schmonz1-0/+9
XXX This should probably happen by default across pkgsrc on Darwin.
2007-05-30Removed some code duplication from the buildlink3 files by using the newrillig2-16/+6
pkg-build-options.mk procedure.
2007-05-25Pass PAM location to configure script.obache1-1/+2
Pointed out in PR 36386 by Ondrej Tuma.
2007-05-18Update to 1.3.6adrianp3-9/+10
Lots of updates but some highlights in brief: - Added base64 encoding support for ICMP payload additional table in base_qr y_alert.php -- Juergen Leising - Changed input type of the password field to actually be password in setup3 .php -- Nikns - Fixed Time error in searches -- Jeff Kell - Added FQDN to display -- Jonathan W Miner - Fixed issues with graphing -- Kevin J - Updated tons of HTML for complience -- Marek Cruz
2007-05-18Add PKG_APACHE_ACCEPTED=apache13 apache2 as this package is notadrianp1-2/+7
supported with apache 2.2.x
2007-05-18Remove myself as maintainer, I don't have the time anymore to keep thesepeter2-4/+4
packages up to date.
2007-05-1811 Apr 2007 - 2.1.1adrianp3-16/+11
------------------- * Add the PCRE_DOLLAR_ENDONLY option when compiling regular expression for the @rx operator and variables. * Really set PCRE_DOTALL option when compiling the regular expression for the @rx operator as the docs state. * Fixed potential memory corruption when expanding macros. * Fixed error when a collection was retrieved from storage in the same second as creation by setting the rate to zero. * Fixed ASCIIZ (NUL) parsing for application/x-www-form-urlencoded forms. * Fixed the faulty REQUEST_FILENAME variable, which used to change the internal Apache structures by mistake. * Updates to quiet some compiler warnings. * Fixed some casting issues for compiling on NetWare (patch from Guenter Knauf)
2007-05-17Updated to version 0.14.heinz2-10/+12
Pkgsrc changes: - Added support for installation to DESTDIR. - p5-Digest-SHA is a new requirement. Changes since version 0.12: =========================== 0.14 February 14, 2005 FIX: The introducion of the keytag warning triggered a bug with RSAMD5 keys, causing RSAMD5 keys not to be loaded. 0.13 December 9, 2005 FEAT: rt.cpan.org 14588 Added support for passing (a reference to) an array of keys to the RRSIG verify function. FIX/FEAT: The Net::DNS::SEC::Private function will for RSA based keys verify if the keytag in the filename is actually correct. Since at parsing the value of the DNSKEY RR flags is not known we test against the currently defined flag values 256 and 257. If we cannot find a keytag match a warning is printed and Private key generation fails This inconsistency was spotted by Jakob Shlyter. FEAT: Added support for SHA256 to the DS RR. Assigned the expected digest type2 for SHA256 type hashes. Note that this makes the Net::DNS::SEC depend on Digest::SHA instead of Digest::SHA1. The default digest type is still set to 1. NB. The code makes assumptions about the IANA assignment of the digest type. The assignment may change. Do not use SHA256 in production zones!! FIX: rt.cpan.org #15662 Roy Arends noticed and patched the label counting did not ignore an initial asterisk label. FIX: Wes Hardaker noticed the default TTL values for created signatures to be different from the TTLs from the data that is being signed. FIX: Wes Hardaker reported there was a problem with validating RRsets that had ownernames with capitals. The fix depends on a fix in Net::DNS::RR that is available in version 0.53_03 or later of the Net::DNS distribution. FEAT: Propper dealing with mnemonics for algorithm and digest type added to DS FIX/FEAT: Mnemonics were written as RSA/MD5 and RSA/SHA1. This has been corrected tp RSASHA1 and RSAMD5, as in the IANA registry. 0.12_02 June 6, 2005 (beta 2 release for 0.13) Bug: new_from_hash would not correctly create the RR since internally typebm is used to store the data this has been fixed so that the following works Net::DNS::RR->new(name=>$name, ttl=>$ttl, type=>"NSEC", nxtdname=>$nxtdname, typelist=>join(" ",@types) ); FEAT: Introduced the "use bytes" pragma to force character interpretation of all the scalars. Any utf processing by perl makes the code behave unpredictable. 0.12_01 April 18, 2005. (beta release for version 0.13) FEAT (!!!): Changed the symantics of the Net::DNS::Keyset::verify method. Read the perldoc for details. The requirement that each key in a keyset has to be selfsigned has been loosened. FEAT: Added a "carp" to the new methods of the NXT RR. Warning that that record is depricated. FEAT: Cleaned the tests so that RRSIG and DNSKEY are used except for SIG0 based tests. FEAT: Changed the name of the siginceptation[SIC] to siginception. Thanks Jakob Schlyter for notifying me of this mistyping. An alias for the method remains available. FEAT: Renamed unset_sep() to clear_sep(). NOTE: To avoid confusion the Net::DNS::SIG::Private class has been removed. Use Net::DNS::SEC::Private! DOC: Added references to RFC 4033, RFC 4034 and RFC 4035. Rewrote parts of the perlpod.
2007-05-17Updated to version 5.44.heinz2-6/+10
Pkgsrc changes: - The package supports installation to DESTDIR - A C compiler is necessary. Changes since version 5.43: =========================== 5.44 Sat Oct 14 00:42:44 MST 2006 - removed SIGNATURE file from distribution -- spurious errors from CPANPLUS can break build - eliminated ppport.h header file -- significantly reduces size of distribution - modified C functions in src/hmac.c to use ANSI prototypes -- thanks to Jarkko Hietaniemi for patch
2007-05-17Updated to version 0.24.heinz4-20/+24
Pkgsrc changes: - Package supports installation to DESTDIR. - Removed patch-aa (missing includes when using OpenSSL 0.9.8 were fixed). - patch-ab corrects wrong test count. Changes since version 0.22: ===================================== 0.24 Mon Nov 13 2006 08:21:14 - Fix a bug reported by Mark Martinec <Mark.Martinec@ijs.si> where encrypt could segfault if called with insufficient data; it now informatively croaks instead. - Fix a bug reported by Mark Martinec where check_key would segfault instead of croaking when called on a public key. - Fix decrypt and private_encrypt to croak instead of segfault when called on a public key. - Add an is_private method. - Silence a few compiler warnings about ignoring return values from certain BIO_* methods. 0.23 Wed Apr 12 2006 00:06:10 - Provide 32 bytes of seeding in tests, up from 19. - Stop relying on implicit includes, which disappeared in the 0.98 release of OpenSSL. - Apply patch from Jim Radford <radford@blackbean.org> to add support for SHA{224,256,384,512}
2007-05-16The package supports installation to DESTDIR.heinz1-1/+3
2007-05-15Update to 0.9.14. Changes:shannonjr2-6/+6
- Implement TCP keepalive settings on platform that support it, check client.conf for details. - When reading prelude-adduser password from a file, remove newline at the end of the string (fix #221). - When we fail to read an IDMEF message, provide more information about the place where the error happened. - Fix an issue with idmef_path_get() on empty path (pointing to the root message). - Various bug fixes and minor API improvements.
2007-05-13Add a cast to appease gcc4.agc2-1/+15
2007-05-13Remove some GNOME1 packages that are unmaintained upstream and/or inwiz5-78/+1
pkgsrc, in preparation for gnome1-libs removal(*). There was no feedback for keeping these packages after my HEADS UP mail to pkgsrc-users a week ago. (*) More to come before that can happen, though.
2007-05-12Update to 0.9.8. Changes:shannonjr3-7/+10
- Initial implementation of the 'thresholding' plugin, allowing you to suppress events after a certain limit/threshold. - Filters hooking to a reporting plugin are now OR'ed instead of being AND'ed. AND is already possible by hooking filtering plugin one with another. - Improved error reporting. - Minor bug fixes.
2007-05-12Updated embedded libassuan to 1.0.1shannonjr3-12/+12
2007-05-12Update to version 1.0.1. Changes not provided in release announcement.shannonjr2-6/+6
2007-05-12Update to Version 2.0.4. Changes are not described in release announcement.shannonjr8-48/+61
2007-05-12Update to 0.9.9. Changes:shannonjr3-7/+9
- Pattern can now be used to specify file to be monitored. - Fix an issue in the detection of buggy writev() FAM notification. - Add bonding.rules, by Paul Robert Marino <prmarino1@gmail.com>. - ModSecurity ruleset update: remove unnecessary fields + ModSecurity 2.0 compatibility. - New Cisco IOS common ruleset, by Alexandre Racine. - Avoid duplicating information in node name and node address. - Add rule ID and revision to the generated alert for each matched rule. Fix #206. - Handle "last" keyword even if the rule does not contain any IDMEF assignment. Fix #218. - Various bug fixes.
2007-05-10Add and enable sbdagc1-1/+2
2007-05-10Initial import of sbd-0.5 into the Packages Collection.agc6-0/+123
One-time cipher based back door program for executing emergency commands. Secure Back Door(SBD) is an alternative to leaving SSH open all the time. It is based on a secure one-time keypad method, that insures maximum security. Since SBD is very small, it is less likely to have security exploits, as compared to SSH. Therefore, you could leave an important computer up and running with just sbdd running in the background, and if an emergency came about, you could simple execute a command to bring ssh up, then work on the computer as regular. It would be as simple as doing ./sbd domain.com "/etc/init.d/sshd start", and with the proper key file set, the remote computer would have ssh up and running shortly.
2007-05-10p5-Net is not needed anymore as ghen@ reported, bump PKGREVISION.xtraeme1-2/+2
2007-05-08Doesn't create subdirectory, premake.joerg1-1/+3
2007-05-05Update to 2.5.0. Too many changes to list here, please see:xtraeme3-7/+11
http://www.ijs.si/software/amavisd/release-notes.txt
2007-05-05Add and enable py-SSLCryptoagc1-1/+2
2007-05-05Initial import of py-SSLCrypto-0.1.1 into the Packages Collection.agc5-0/+74
SSLCrypto is a package for Python that dramatically eases the task of adding encryption to Python programs. It provides a unified API that is almost totally compatible with that of ezPyCrypto, except that it takes advantage of the OpenSSL Crypto Library to deliver massive improvements in speed and security. After using ezPyCrypto myself, I found that while it performed ok with smaller public key sizes, it proved impossibly slow with larger keys. This slowness, resulting from non-optimal code in its backend (the Python Cryptography Toolkit) meant that on a 1.5 GHz Athlon XP, it was taking several minutes to generate 4096-bit keys. Completely unacceptable if you need real security. Performance is absolutely critical for an encryption API. If slowness deters people from using adequate-sized keys, security will be severely compromised, almost to the extent that there's little point in using encryption in the first place.
2007-05-03Fix typo in "SUBST_MESSAGE.dl".tron1-2/+2
2007-05-03Update to 1.05:wiz2-6/+6
v1.05 - make session cache working even if the IO::Socket::SSL object was not created with IO::Socket::SSL->new but with IO::Socket::SSL->start_SSL on an established socket
2007-04-30Changes 2.6.5:adam3-13/+27
* Added all of the patches on Sourceforge, plus those included by Red Hat's Fedora Extras
2007-04-30Changes 2.5.8:adam3-13/+17
* Stuff from the Fedora Extras crew
2007-04-30Changes 0.9.9:adam3-8/+14
- Added patch for sigbus error on unaligned data, when doing rapid copies. Changes 0.9.8.1: - Another round of bugfixes
2007-04-30Update home-page URL.tron1-2/+2
2007-04-28PR 36233: Make libgcrypt build on NetBSD/hp700. From David H. Gutteridge.tnn1-2/+3
Also makes it build on HP-UX and Linux/hppa, tested by me.
2007-04-26Also link with the "dl" library when creating the shared libraries.tron3-15/+24
Another attempt to fix PR pkg/36086.
2007-04-25Bump PKGREVISIONs to chase update of devel/libevent.tnn4-8/+8