| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
against -current.
|
|
dlerror returning something valid.
|
|
Here is quote from 2.0's release announce but changes from 2.0 to 2.1 are
unknown.
New in this version of RATS:
RATS can now descend through directories recursively, analyzing any supported
source code it finds.
Ability to output results as HTML or XML.
Result output can contain the line of code that caused each problem to be
reported, along with the column number in the source file the problem was
detected at.
RATS will now report various statistics at the end of the reporting phase,
including total time spend on the analysis, and number of source lines analyzed.
Various database additions.
A new database file, rats-openssl, which aids in analyzing any code that
utilizes the OpenSSL C API. (Thanks to Ben Laurie for contributing this
database)
|
|
Changes :
+ PKCS12 certificate support, patch submitted by Beni Takahashi,
author of patch Daisuke Kuroda
+ Fixing compile warnings on Solaris 8/Sparc with Forte 7.0 about
implicit conversions and implicit declarations. Thanks to
Marek Rouchal for bug report.
- Removed unused dependency on URI::URL, thanks to Ric Steinberger
for pointing out this problem under perl 5.8.0
- fixed Makefile.PL use of dirname() which could error for perl 5.8.x
Thanks to Chip Turner of RedHat for patch.
- Fixed a runtime error with Net::SSL->proxy for running under
perl warnings with no proxy defined, which t/net_ssl.t test case
revealed.
+ Added t/net_ssl.t test for initializing a Net::SSL object
+ Added build auto-detect for 0.9.6+ and only then use OPENSSL_free
instead of free() since older OpenSSL like 0.9.4 did not have it.
+ Added ./net_ssl_test -CAfile documentation, and root CA file from mod_ssl
distribution at certs/ca-bundle.crt that can be used for general root CA
peer certificate verification.
+ Plus many bugs fixed and improvement... see CHANGES for more
|
|
Two recent changes :
v0.91
- Added support for SSL_peek and SSL_pending (peek() and
pending()). Updated documentation, tests, etc. to reflect
this.
v0.901 2002.08.19
- Fixed the warning that happens when sockets are not explicitly
closed() before the program terminates.
For full log, please see Changes
|
|
Changes :
- Additional SSL_peek patch to ssl_read_until from
Peter Behroozi <peter@@fhpwireless_.com> --Sampo
pkgsrc changes :
- buildlink -> buildlink2
- perl5 module
|
|
* Use bsd.pkg.install.mk and install the example xdm config files.
* Rename the rc.d script to "xdm_krb4.sh" and make it use /etc/rc.subr.
* Remove redundant MESSAGE; the INSTALL script says all the right things.
|
|
Fix compilation error on Linux
|
|
|
|
|
|
|
|
|
|
|
|
* Improved the default output so it creates multiple formatted lines
instead of single very long lines for each hit.
Use the new "--singleline" (-S) option to get the original
"long line" format.
* Removed duplicate "getpass" entry in the ruleset;
this didn't hurt anything, but was unnecessary.
Thanks to the user who gave me that feedback, wish I'd kept your
email address so I could credit you properly :-).
* Added a short tutorial to man page.
* Fixed initial upper/lower case on many entries in the ruleset.
* Allow "--input" as a synonym for "--inputs".
|
|
Allow fromgroup and rootdir to be unset in the config file.
|
|
|
|
|
|
headers in ${BUILDLINK_DIR}, simply create BUILDLINK_CPPFLAGS.<pkg>
variables whose values are appended to CPPFLAGS, which are automatically
passed to the configure and build processes.
BUILDLINK_TRANSFORM.<pkg> has little use in buildlink2 since packages are
now told that the software may be found where it really is installed, not
in ${BUILDLINK_DIR} as was the case with buildlink1. Eventually, these
variables will be declared unsupported by buildlink2.
|
|
extension Makefile fragments, because they really don't have anything to
do with the buildlink[12] frameworks. Change all the Makefiles that use
application.buildlink.mk and extension.buildlink.mk to use application.mk
and extension.mk instead.
|
|
|
|
script handling and using @RCD_SCRIPTS_SHELL@.
as discussed with jlam.
|
|
|
|
exists, then use it as the default value of DEINSTALL_EXTRA_TMPL or
INSTALL_EXTRA_TMPL.
|
|
|
|
|
|
|
|
RSAref is used, then the library may be found.
|
|
|
|
|
|
|
|
|
|
OPENSSH_USER
OPENSSH_UID
OPENSSH_GROUP
OPENSSH_GID
OPENSSH_CHROOT
Use these to automatically create user/group if they do not already
exist. Assists platforms which do not have an 'sshd' user by default,
while adding flexibility for NetBSD systems.
Checked by Stoned Elipot <seb@netbsd.org>.
|
|
It should be fixed in error of bulk build, too.
$Id: ChangeLog,v 1.43 2002/07/24 14:46:52 gotoyuzo Exp $
'OpenSSL for Ruby' project
Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz>
All rights reserved.
$Log: ChangeLog,v $
Revision 1.43 2002/07/24 14:46:52 gotoyuzo
* lib/openssl/buffering.rb: typo fixed. (Thakns NaHi)
Revision 1.42 2002/07/24 12:31:31 gotoyuzo
* ossl.c: should include <sys/time.h> if it exists. (Thanks Knu)
Revision 1.41 2002/07/24 09:56:17 gotoyuzo
* ossl-0.1.2 released
Revision 1.40 2002/07/23 20:23:30 gotoyuzo
* lib/net/https.rb: follow net/http.rb Rev: 1.41.2.18 (ruby_1_6)
Revision 1.39 2002/07/23 10:49:19 gotoyuzo
* ossl_ssl.c: should raise exception while SSL_write returns 0.
Revision 1.38 2002/07/23 10:45:25 gotoyuzo
* ossl.h: include <openssl/e_os.h>
* ossl.c: workaround to convert into UTC time.
* lib/openssl.rb: fix string embeded expression.
Revision 1.37 2002/04/07 16:35:32 majkl
* Macros fixups
* X509ExtFactory cleanup
* fixed strptime warning on Linux
* X509::Certificate#version has been changed!
!!! WARNING !!!
x509.version = 2 -> defines X509v3, (0 for v1, 1 for v2, ...)
p x509.version -> 2, means that it is X509v3
!!! WARNING !!!
Revision 1.36 2002/03/11 21:35:39 majkl
* Cipher IV fixup
Revision 1.35 2002/03/11 17:20:22 majkl
* Big internal cleanup (all structs with only 1 member rearranged)
* improved getting time_t from cTime
Revision 1.34 2002/03/06 08:05:05 majkl
* build fix-ups
Revision 1.33 2002/03/05 15:05:57 majkl
* WARNING! All to_str methods are not used any longer (use to_text instead)
* made an aliases to_pem as to_s
* more relaxed params checking - everywhere where string was needed it is OK that obj implements to_s method
Revision 1.32 2002/02/23 07:28:00 majkl
* More benevolent checks (Check_SafeStr(x) -> Check_Type(x, T_STRING)
(where we don't care)
Revision 1.31 2002/02/20 08:43:54 majkl
* Fixed some memory leaks
Revision 1.30 2002/02/13 13:09:49 majkl
* transition from rb_raise to OSSL_Raise (where possible)
* some mem checks
* preliminary DH key support
|
|
Checked by Stoned Elipot <seb@netbsd.org>.
|
|
* OpenBSD 3.1 SA 010: Receiving IKE payloads out of sequence can cause
isakmpd(8) to crash.
* A rewrite of the CRL support code, also from <Thomas.Walpuski@gmx.net>.
Some style mods, and checks added for OpenSSL version 0.9.7 or later.
Currently CRLs are not supported for earlier versions.
Manual pages updated.
* Handle configuration lines that end in whitespace or ^M.
Also avoid a potential memory leak.
* Start for support of IKECFG in SET/ACK mode. Server side only so far.
* Fix keyed HMAC where the key was longer than the blocksize
|
|
libcrypt-before-libcrypto into a section that is protected by something
we can set in the configure script (check_for_libcrypt_before). This
should fix the latter part of pkg/18091 by grant beattie.
|
|
|
|
the proper message.
|
|
|
|
This fixes the first part of pkg/18091 by grant.
|
|
support may already reside in the base system.
|
|
Allow options to be targetted to specific directories by using [dirname]
tags in the config file. Requested by <norm at sandbox.org.uk>.
|
|
msudir allows enabled users to easily manage 'setuid' scripts and
binaries. A directory containing scripts or other executables is
created inside the basedir for each destination user. Any user is
then able to invoke the script 'bar' in the directory 'fu' via
'msudir fu/bar'. The script will be run under the uid and primary
gid of the destination user. Some effort is taken to sanitise the
arguments and environment, but msudir should not be used without
an understanding of the security implication.
|
|
msudir allows enabled users to easily manage 'setuid'
scripts and binaries. A directory containing scripts or
other executables is created inside the basedir for each
destination user. Any user is then able to invoke the script
'bar' in the directory 'fu' via 'msudir fu/bar'. The script
will be run under the uid and primary gid of the destination
user. Some effort is taken to sanitise the arguments and
environment, but msudir should not be used without an
understanding of the security implication.
|
|
* An experimental interface to GnuPG's --edit-key functionality is
introduced, see gpgme_op_edit.
* The new gpgme_import_ext function provides a convenient access to
the number of processed keys.
* It is possible to use an outside event loop for the I/O to the
crypto engine by setting the I/O callbacks with gpgme_set_io_cbs.
* GPGME_ATTR_OTRUST is implemented now.
* A first step toward thread safeness has been achieved, see the
documentation for details. Supported thread libraries are pthread
and Pth.
* All error output of the gpgsm backend is send to the bit bucket.
* The signature verification functions are extended. Instead of
always returning GPGME_SIG_STATUS_GOOD, the functions new codes for
expired signatures.
* The current passphrase callback and progress meter callback can be
retrieved with the new functions gpgme_get_passphrase_cb and
gpgme_get_progress_cb respectively.
* gpgme_op_encrypt can be called with RECIPIENTS being 0. In this
case, symmetric encryption is performed. Note that this requires a
passphrase from the user.
* More information is returned for X.509 certificates.
* Interface changes relative to the 0.3.4 release:
* gpgme_op_encrypt does now fail with GPGME_Invalid_Recipients if
some recipients have been invalid, whereas earlier versions
succeeded in this case.
* gpgme_op_verify now allows to pass an uninitialized data object as
its plaintext argument to check for normal and cleartext
signatures. The plaintext is then returned in the data object.
* New interfaces gpgme_set_include_certs and gpgme_get_include_certs
to set and get the number of certifications to include in S/MIME
signed messages.
* New interfaces gpgme_op_encrypt_sign and gpgme_op_encrypt_sign_start
to encrypt and sign a message in a combined operation.
* New interface gpgme_op_keylist_ext_start to search for multiple patterns.
* gpgme_key_get_ulong_attr supports the GPGME_ATTR_EXPIRE attribute.
* Interface changes relative to the 0.3.3 release:
* Fix the Makefile in jnlib.
* Fix the test suite (hopefully). It should clean up all its state
with `make check' now.
* Remove erroneous dependency on libgcrypt in jnlib.
* There is a Texinfo manual documenting the API.
* The gpgme_set_keylist_mode function returns an error, and changed
its meaning. It is no longer usable to select between normal and
fast mode (newer versions of GnuPG will always be fast), but
selects between local keyring, remote keyserver, or both.
For this, two new macros are defined, GPGME_KEYLIST_MODE_LOCAL
and GPGME_KEYLIST_MODE_EXTERN. To make it possible to modify the
current setting, a fucntion gpgme_get_keylist_mode was added to
retrieve the current mode.
* gpgme_wait accepts a new argument STATUS to return the error status
of the operation on the context. Its definition is closer to
waitpid() now than before.
* The LENGTH argument to gpgme_data_new_from_filepart changed its
type from off_t to the unsigned size_t.
* The R_HD argument to the GpgmePassphraseCb type changed its type
from void* to void**.
* New interface gpgme_op_trustlist_end() to match
gpgme_op_keylist_end().
* The CryptPlug modules have been renamed to gpgme-openpgp and
gpgme-smime, and they are installed in pkglibdir by `make install'.
* An idle function can be registered with gpgme_register_idle().
* The GpgSM backend supports key generation with gpgme_op_genkey().
|
|
have been converted to USE_BUILDLINK2.
|
|
buildlink2.mk files back into the main trunk.
|
