| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
need them, for example RESTRICTED and SUBST_MESSAGE.*.
|
|
|
|
(mainly those with PAM builtin, as it was being seen "accidentally",
bump PKGREVISION.
|
|
|
|
include:
* saslauthd/lak.c: leak fix from Igor Brezac
* saslauthd/krbtf.c: updated from CMUCS
* saslauthd/auth_krb5.c: log the krb5 error return if get_creds fails
* saslauthd/auth_krb5.c, saslauthd/auth_krb4.c,
saslauthd/krbtf.h (added), saslauthd/krbtf.c (added),
saslauthd/cfile.h (added), saslauthd/cfile.c (added),
saslauthd/Makefile.am: Kerberos V4/V5 alternate keytab
in saslauthd, plus common code merging (from David Eckhardt
via Dale Moore)
* saslauthd/auth_krb5.c: verify against the service we
were passed. needs to be made configurable.
|
|
|
|
fixes a security vulnerability where the realm wasn't checked during
DIGEST-MD5 negotiation which could be the basis for a DoS attack.
|
|
* lib/dlopen.c: log the reason for opendir() failure
when loading plugin.
* lib/common.c: honor log level setting
* sample/sample-client.c, sample/sample-server.c: Fixed several
64 bit portability warnings.
* utils/testsuite.c: Fixed several 64 bit portability warnings.
* utils/saslpasswd.c: Fixed typo in an auxprop name.
* include/saslplug.h, lib/common.c, lib/saslint.h,
lib/server.c: Added sasl_server_plugin_info().
* lib/common.c: initialize path in case caller didn't.
|
|
|
|
|
|
hashcash-1.22 - 08-Apr-2006 - Adam Back <adam@cypherspace.org>
[BUG FIXES]
hashcash-1.18 - 05-Jul-2005 - Adam Back <adam@cypherspace.org>
* add a simpler minting API to make it easier to mint stamps
from VB scripting
hashcash-1.17 - 30-Mar-2005 - Adam Back <adam@cypherspace.org>
[BUG FIXES]
hashcash-1.15 - 12-Jan-2005 - Adam Back <adam@cypherspace.org>
* make "Hashcash:" be accepted as well as "X-Hashcash:"
suggestion by Simon Josefsson <jas@extundo.com>. This way
if/when the X- is dropped from hashcash headers we will not
have a backwards compatibility problem. (Well not after
version 1.15).
* implement the -Z option to compress stamps; in fact the
usage changed so -Z takes an argument: 0, 1 or 2. 0 = not
compressed, 1 = compressed but not so the counter + padding
is split, and 2 = very compressed, but slow. (Due to a late
discovered bug 2 is the same as 1 for now until I can fix
that.)
* added -O x -sv to request benchtest of core x only
* make code work with -DOPENSSL, think this slipped during
integration of Jonathan's libfastmint as it uses some lower
level openssl APIs internally. I fixed it but it might be
a bit openssl version specific, if they changed the state
fields at any point. (This change coincidentally I think
should work around the linking with openssl problem that Hal
Finney <hal@finney.org> reported).
* add libhashcash.a intermediate target to make hashcash more
convenient to link into other software on linux. (A
suggestion from Hal Finney who was trying to link to his
RPOW system.)
hashcash-1.14 - 14-Dec-2004 - Adam Back <adam@cypherspace.org>
* make hashcash -cX accept continuation lines starting with
space as well as tab
* add library function to wrap lines and use it from hashcash
command line tool.
* fix long vs time_t prototype mismatch that was giving
compile errors on BSD; also cleaned up some warnings that
can be obtained with gcc -Wall.
|
|
PKGLOCALEDIR and which install their locale files directly under
${PREFIX}/${PKGLOCALEDIR} and sort the PLIST file entries. From now
on, pkgsrc/mk/plist/plist-locale.awk will automatically handle
transforming the PLIST to refer to the correct locale directory.
|
|
|
|
- Remove the "ignore vulnerabilities" stuff which was backed out from pkgsrc
infrastructure months ago. We are back at format 1.0.0.
|
|
|
|
|
|
|
|
to security/cyrus-sasl (to make PKGNAME match directory name).
|
|
|
|
USE_TOOLS+=msgfmt.
|
|
|
|
|
|
correctly working on all platforms.
|
|
|
|
|
|
that they look nicer.
|
|
check for MIT Kerberos 5 when inspecting /usr/include/krb5.h. Also,
bring this file more in line with heimdal/builtin.mk.
|
|
|
|
This stops the "gnome-vfs2" package from pulling in the "heimdal" package.
This fixes PR pkg/29946 by Juha-Matti Liukkonen.
|
|
|
|
time to handle PRs and update this any more.
|
|
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
"unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related
to the randomness generator, which allows local users to cause a denial
of service by truncating the seed file, which prevents the server from
starting, or obtain sensitive seed information that could be used to
crack keys."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0353
|
|
(There should be a pkgsrc-wide variable instead of a Ruby-specific one.)
|
|
(no functional change, just more effective because a compile check
is skipped)
|
|
Noteworthy changes in version 1.4.3 (2006-04-03)
------------------------------------------------
* If available, cURL-based keyserver helpers are built that can
retrieve keys using HKP or any protocol that cURL supports
(HTTP, HTTPS, FTP, FTPS, etc). If cURL is not available, HKP
and HTTP are still supported using a built-in cURL emulator. To
force building the old pre-cURL keyserver helpers, use the
configure option --enable-old-keyserver-helpers. Note that none
of this affects finger or LDAP support, which are unchanged.
Note also that a future version of GnuPG will remove the old
keyserver helpers altogether.
* Implemented Public Key Association (PKA) signature verification.
This uses special DNS records and notation data to associate a
mail address with an OpenPGP key to prove that mail coming from
that address is legitimate without the need for a full trust
path to the signing key.
* When exporting subkeys, those specified with a key ID or
fingerpint and the '!' suffix are now merged into one keyblock.
* Added "gpg-zip", a program to create encrypted archives that can
interoperate with PGP Zip.
* Added support for signing subkey cross-certification "back
signatures". Requiring cross-certification to be present is
currently off by default, but will be changed to on by default
in the future, once more keys use it. A new "cross-certify"
command in the --edit-key menu can be used to update signing
subkeys to have cross-certification.
* The key cleaning options for --import-options and
--export-options have been further polished. "import-clean" and
"export-clean" replace the older
import-clean-sigs/import-clean-uids and
export-clean-sigs/export-clean-uids option pairs.
* New "minimize" command in the --edit-key menu removes everything
that can be removed from a key, rendering it as small as
possible. There are corresponding "export-minimal" and
"import-minimal" commands for --export-options and
--import-options.
* New --fetch-keys command to retrieve keys by specifying a URI.
This allows direct key retrieval from a web page or other
location that can be specified in a URI. Available protocols
are HTTP and finger, plus anything that cURL supplies, if built
with cURL support.
* Files containing several signed messages are not allowed any
longer as there is no clean way to report the status of such
files back to the caller. To partly revert to the old behaviour
the new option --allow-multisig-verification may be used.
* The keyserver helpers can now handle keys in either ASCII armor
or binary format.
* New auto-key-locate option that takes an ordered list of methods
to locate a key if it is not available at encryption time (-r or
--recipient). Possible methods include "cert" (use DNS CERT as
per RFC2538bis, "pka" (use DNS PKA), "ldap" (consult the LDAP
server for the domain in question), "keyserver" (use the
currently defined keyserver), as well as arbitrary keyserver
URIs that will be contacted for the key.
* Able to retrieve keys using DNS CERT records as per RFC-2538bis
(currently in draft): http://www.josefsson.org/rfc2538bis
pkgsrc change:
make architecture-specific options really architecture-specific.
|
|
|
|
Used patch from Nicolas Joly in PR#33135.
|
|
2006-13-20 Gisle Aas
Release 1.15.
Improved documentation.
|
|
Version 0.3.2
- Corrected bug in asn1_der_coding() which overwrited some
data in the original structure.
- The asn1Parser, asn1Coding and asn1Decoding programs are now installed.
|
|
|
|
Ruby/Password is a suite of password handling methods for Ruby. It
supports the manual entry of passwords from the keyboard in both
buffered and unbuffered modes, password strength checking, random
password generation, phonemic password generation (for easy
memorization by human-beings) and the encryption of passwords.
|
|
|
|
GNOME Keyring Manager is an application that manages user keyrings.
The default window shows 'default' keyrings with its items and allows
to remove, add and edit them. It also lets you edit your secrets and
copy them using drag and drop. The Manager window allows to lock/unlock,
create and open other keyrings. At last, items can be moved between
different keyrings.
|
|
PKGINFODIR.
|
|
for the gss_* functions.
|
|
INSTALL/DEINSTALL scripts. Bump the PKGREVISION to 1.
|
|
INSTALL script using OWN_DIRS_PERMS. Drop the redundant targets and
PLIST entries. Bump the PKGREVISION to 3.
|
|
variable.
|
