| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
0.10 Sat Mar 18 21:07:22 2004
- adapted behaviour to Digest
|
|
- If SSL_cipher_list is not given it uses the openssl default
instead of setting it to 'ALL:!LOW:!EXP' like before. The old
value included ADH and this might be a bad idea, see BUGS why.
Resolves PR pkg/34392 by Martin Wilke
|
|
Noteworthy changes in version 1.2.3 (2006-08-28)
------------------------------------------------
* Rewrote gcry_mpi_rshift to allow arbitrary shift counts.
* Minor bug fixes.
|
|
|
|
|
|
|
|
Made the "perl" option work and tested all four option combinations.
|
|
build of imap-uw package with the kerberos option.
|
|
|
|
be sure not to use them (NULL pointers) when showing information to the user.
Fixes crashes when clicking on saved keyring items.
Bump PKGREVISION to 2.
|
|
protocol (it's more likely to be accepted and is much easier on the code).
Bump PKGREVISION to 3.
|
|
This fixes gnome-keyring under NetBSD which, AFAICT, didn't work at all.
There are still some problems remaining in gnome-keyring-manager, but I
think these are not related to this issue.
|
|
Makes this package build on NetBSD/sparc.
|
|
- In case an IDMEF-Service object contain neither name or port
attribute, set name to "unknown" in order to avoid IDMEF DTD
validation issue.
- Normalize analyzer(*).node.
|
|
latest version.
|
|
accessible to prelude-manager running as non-root user. Bumped PKGREVISION.
|
|
2) Bumped PKGREVISION
|
|
PKG_SYSCONFDIR: 1) prelude-manager and 2) prelude (install by libprelude).
Consequently, PKG_SYSCONFSUBDIR can't be set to prelude-manager.
Corrected and PKGREVISION bumped.
|
|
2) PLIST correction
|
|
|
|
|
|
|
|
For OpenSSL 0.9.8b SSLeay_add_all_algorithms() does not setup any
algorithms, wheras SSL_library_init() does. The net result was that
SSL_CTX_new() would return a NULL pointer causing a perl coredump
in such cases as:
my $request = HTTP::Request->new( "GET", 'https://<some_url>' );
my $ua = LWP::UserAgent->new;
my $response = $ua->request($request);
Tracking this down was an entire flaming evening and change of my
life that I'm never going to get back, but at least my NetBSD-4
retail machines can now run NetBSD-4 built perl binaries again.
|
|
Changes include:
1.5a
* A typo in an assert caused Honeyd to crash for most services.
* The subsystem support did not correctly support
getsockname for sockets coming via accept().
1.5b
* A crash when processing ARP packets.
* Correct default action handling for UDP packets.
* Fixed --without-python flag when using configure.
|
|
from the courier package.
|
|
- Use preludedb_delete_(alert|heartbeat)_from_list(). Require
libpreludedb 0.9.9. Provide a deletion performance improvement
of around 3000%.
- Handle multiple listed source/target properly. Separate
source/target in the message listing.
- Make host command/Information link available from the Sensor
listing.
- Always take care of the "external_link_new_window" configuration
parameter.
- Make external command handling more generic. Allow to specify
command line arguments.
- Allow to define unlimited number of external commands rather than
only a defined subset (fix #134).
- Avoid toggling several popup at once in the HeartbeatListing.
- Only provide lookup capability for known network address type (fix #76).
- New address and node name lookup provided through prelude-ids.com service.
- Link to new prelude-ids.com port lookup instead of broken portsdb
database (fix #162).
- Various bug fixes.
|
|
- Implement an idea from Lex van Roon <r3boot@r3blog.nl.eu.org> providing
an alert/heartbeat deletion performance improvement in the order of
3000% (preludedb-admin already benefit from it, next Prewikka release
will benefit from it too).
- Fix --with-(perl|python|swig) detection path ordering.
- Verbose error reporting on logfile opening error.
- Various bug fixes.
|
|
- Fix checking for swig/perl/python when full path to the
application is specified.
- Fix OpenBSD getaddrinfo() AI_ADDRCONFIG issue (apply to
some other system as well).
- Fix workaround for system with broken libtool,
that prevented the use of plugin (#168).
|
|
From debian changelog:
signing-party (0.4.7-1) unstable; urgency=low
* gpg-mailkeys: use right content-type for attached key,
thanks Wesley Landaker
* gpgsigs: recognize rvk (revoker), found in ksp-dc6.txt.
|
|
|
|
v0.998
- declare socket as opened before calling fatal_ssl_error
because the SSL_error_trap set up from HTTP::Daemon
needs this
- accept_SSL sets errors on $socket (the accepted socket)
not $self (the listening socket if called from accept)
so it can be queried from SSL_error_trap
- note in BUGS section that IO::Socket::SSL is not thread-safe
Note: The previous update from 0.97 broke all https:// URLs in p5-libwww,
will address that in next commit (to p5-libwww)
|
|
- call fchown on tty
- Rename log() to log_msu() to avoid compiler warning
- switch dist to .tbz from .tgz
|
|
|
|
host monkeybyte.org[69.16.221.13] said: 550-"The
recipient cannot be verified. Please check all recipients of this 550
message to verify they are valid." (in reply to RCPT TO command)
|
|
|
|
make generating random passwords and such a little easier.
|
|
|
|
new MD5-based crypt() function found in modern operating systems.
|
|
Bump PKGREVISION.
|
|
"A security issue has been reported in Heimdal, which potentially can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
The security issue is caused due to missing checks for whether the
"setuid()" call has succeeded in the bundled rcp application. This may
be exploited to perform certain actions with root privileges if the
"setuid()" call fails due to e.g. resource limits."
http://secunia.com/advisories/21436/
http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
Bump PKGREVISION.
|
|
"A security issue has been reported in Kerberos, which potentially can
be exploited by malicious, local users to perform certain actions with
escalated privileges.
The security issue is caused due to missing checks for whether the
"setuid()" call has succeeded in the bundled krshd and v4rcp
applications. This can be exploited to disclose or manipulate the
contents of arbitrary files or execute arbitrary code with root
privileges if the "setuid()" call fails due to e.g. resource limits."
http://secunia.com/advisories/21402/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3084
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-001-setuid.txt
Bump PKGREVISION.
|
|
|
|
|
|
v0.997
- fix readline (e.g. getline,getlines,<>) so that it behaves
regarding $/ like written in the $/ dokumentation.
v0.996
- removed links and comments to inofficial release of
Net::SSLeay, because there is a newer version already
v0.995
- add support for Diffie Hellman Key Exchange.
See parameter SSL_dh_file and SSL_dh.
v0.994
- hide DEBUG statements and remove test to load Debug.pm
because packets like Spamassisin cannot cope with it
(at least the OpenBSD port)
v0.993
- added SSL_cert and SSL_key parameter which do not take
a file name like SSL_cert_file and SSL_key_file but
an internal X509* resp. EVP_PKEY* value. Useful for
dynamically created certificates and keys.
- added test for sysread/syswrite behavior (which was changed
in v0.991)
v0.992
- _set_rw_error does $!||=EAGAIN only if error is one of
SSL_WANT_READ|SSL_WANT_WRITE (patch from Mike Smith
<mike at mailchannels dot com>)
- Fix Makefile.PL to allow detectection of failures in PREREQ_PM
(http://rt.cpan.org/Public/Bug/Display.html?id=20563, patch
by alexchorny at gmail dot com)
v0.991
- sysread and syswrite ar no longer the same as read and write,
but can return already if only parts of the data are read
or written (which is the usual semantic for sysread and syswrite)
This should fix problems with HTTP::Daemon::SSL
v0.99
- just upgrade Version number because I've screwed up upload
of v0.98 to cpan
v0.98
- Maintainer changed to <Steffen_Ullrich at genua dot de>
- Better support for nonblocking sockets:
. exports $SSL_ERROR which contains the latest error from
the openssl library. Exports constants SSL_WANT_READ and
SSL_WANT_WRITE es special errors which will be set if
openssl wants to write or read during nonblocking connects,
accepts, reads or writes.
. accept,accept_SSL,connect and connect_SSL don't block
anymore if the socket is nonblocking.
Instead $! will be set from the underlying IO::Socket::INET
connect or accept if it failed there (usually EAGAIN or
EINPROGRESS) or if the underlying openssl needs to read or
write $! will be set to EAGAIN and $SSL_ERROR will be set
to SSL_WANT_READ or SSL_WANT_WRITE
. syswrite returns undef and sets $!,$SSL_ERROR if it fails
to write instead of returning 0.
- Bugfixes (http://rt.cpan.org/Public/Bug/Display.html?id=Bugid)
. Bug 18439: fileno 0 should be valid
. Bug 15001: sysread interpretes buffer "0" as ""
- peer_certifcate returns X509 struct string if no field
for extraction was specified
- get_peer_certificate returns the certificate instead of the
IO::Socket::SSL object
|
|
|
|
Patch via. Debian
|
|
awkward.
|
|
to idea-license, and also set RESTRICTED and NO_*_CDROM.
(Note that this doesn't change what happens if the idea option is unused.)
|
|
security update, recommended by gnupg.org
(fixes CVE-2006-3746)
changes:
* More DSA2 tweaks.
* Fixed a problem uploading certain keys to the smart card.
* Fixed 2 more possible memory allocation attacks.
* Added Norwegian translation.
|
|
|
