| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* keychain 2.6.8 (24 Oct 2006)
Save LC_ALL for gpg invocation so that pinentry-curses works. This affected
peper and kloeri, though it seems to work for me in any case.
* keychain 2.6.7 (24 Oct 2006)
Prevent gpg_listmissing from accidentally loading keys
|
|
Version 4.20, 2006.11.30, urgency: MEDIUM:
* Release notes
- The new transfer() function has been well tested.
I recommend upgrading any previous version with this one.
* Bugfixes
- Fixed support for encrypted passphases (broken in 4.19).
- Reduced amount of debug logs.
- A minor man page update.
Version 4.19, 2006.11.11, urgency: LOW/EXPERIMENTAL:
* Release notes
- There are a lot of new features in this version. I recommend
to test it well before upgrading your mission-critical systems.
* New features
- New service-level option to specify OCSP server flag:
OCSPflag = <flag>
- "protocolCredentials" option changed to "protocolUsername"
and "protocolPassword"
- NTLM support to be enabled with the new service-level option:
protocolAuthentication = NTLM
- imap protocol negotiation support added.
- Passphrase cache was added so the user does not need to reenter
the same passphrase for each defined service any more.
- New service-level option to retry connect+exec section:
retry = yes|no
- Local IP and port is logged for each established connection.
- Win32 DLLs for OpenSSL 0.9.8d.
* Bugfixes
- Serious problem with SSL_WANT_* retries fixed.
The new code requires extensive testing!
Version 4.18, 2006.09.26, urgency: MEDIUM:
* Bugfixes
- GPF on entering private key pass phrase on Win32 fixed.
- Updated OpenSSL Win32 DLLs.
- Minor configure script update.
Version 4.17, 2006.09.10, urgency: MEDIUM:
* New features
- Win32 DLLs for OpenSSL 0.9.8c.
* Bugfixes
- Problem with detecting getaddrinfo() in ./configure fixed.
- Compilation problem due to misplaced #endif in ssl.c fixed.
- Duplicate 220 in smtp_server() function in protocol.c fixed.
- Minor os2.mak update.
- Minor update of safestring()/safename() macros.
Version 4.16, 2006.08.31, urgency: MEDIUM:
* New features sponsored by Hewlett-Packard
- A new global option to control engine:
engineCtrl = <command>[:<parameter>]
- A new service-level option to select engine to read private key:
engineNum = <engine number>
- OCSP support:
ocsp = <URL>
* New features
- A new option to select version of SSL protocol:
sslVersion = all|SSLv2|SSLv3|TLSv1
- Visual Studio vc.mak by David Gillingham <dgillingham@gmail.com>.
- OS2 support by Paul Smedley (http://smedley.info)
* Bugfixes
- An ordinary user can install stunnel again.
- Compilation problem with --enable-dh fixed.
- Some minor compilation warnings fixed.
- Service-level CRL cert store implemented.
- GPF on protocol negotiations fixed.
- Problem detecting addrinfo() on Tru64 fixed.
- Default group is now detected by configure script.
- Check for maximum number of defined services added.
- OpenSSL_add_all_algorithms() added to SSL initialization.
- configure script sections reordered to detect pthread library funcions.
- RFC 2487 autdoetection improved. High resolution s_poll_wait()
not currently supported by UCONTEXT threading.
- More precise description of cert directory file names (thx to Muhammad
Muquit).
* Other changes
- Maximum number of services increased from 64 to 256 when poll() is used.
|
|
|
|
|
|
This fixes PR 35400.
|
|
|
|
database, for use by unprivileged users to verify their own password
(in particular for screen savers)
thanks to many people for comments
|
|
|
|
pam_af is a simple anti-bruteforce PAM module for authentification
services. It can be used to prevent brute-force attacks on services
like SSH or Telnet.
|
|
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.
Fixes PR 35265, although I did not use the patch provided therein.
|
|
Changes unknown. The homepage seems to come directly from the year 2004.
|
|
|
|
|
|
fails to detect native openssl on Darwin.
|
|
or USE_X11BASE set, but don't include mk/x11.buildlink3.mk directly or
via buildlink3.mks
- introduce BUILDLINK_PREFIX.libXpm as alias for BUILDLINK_PREFIX.xpm
in the !modular case
- fix some cases where the check for libX11 couldn't work at all by using
C++ for compilation without including the proper headers
Verified using a full X11_TYPE=xorg bulk build without additional
breakage. Discussed with salo@, wiz@ and send to packages@ for feedback.
|
|
|
|
|
|
|
|
|
|
ok <frueauf>, the MAINTAINER.
changes:
2.2.9:
======
- nessus-mkcert-client:
- Make sure that the user calling nessus-mkcert-client is root
- nessus-libraries:
- Fixed a bug in the PCAP handler which in turn should fix synscan.nes
- nessus:
- Fixed a possible memory corruption issue when creating a list of plugins
to launch
- Fixed a corruption of the .nessusrc files when receiving some plugin
prefs ending by a space
- nessus-fetch:
- Make sure that every request (including the proxy CONNECT request)
is done with the user-specified user-agent.
- nessus-plugins:
- Fixed a banner encoding problem in nessus_tcp_scanner and find_service
- Fixed a possible deadlock in synscan
- nessusd:
- Avoid a deadlock when waiting for a sub process to die
2.2.8:
======
- nessusd:
- Make sure that plugins of type ACT_INIT and ACT_SETTINGS are
always enabled during a scan
- Display more error verbose error messages when it's impossible to
load a .nes plugin
- Fixed a harmless memory reallocation problem which would truncate
a very long preference name
- nessus-libraries:
- Fixed a possible memory corruption when forwarding data from a process
to another
- libnasl:
- 'a = b + c ++' would not work as expected
- fixed a memory allocation problem when split() is passed an argument
of the wrong type
|
|
The redundant parsing of bsd.prefs.mk is mostly avoided now and
parse time e.g. for x11/kdebase3 gets reduced by up to 10%.
|
|
|
|
This is maintenance release to fix build problems found after the
release of 2.0.0 and to fix a buffer overflow in gpg2
|
|
Dirmngr is a server for managing and downloading certificate
revocation lists (CRLs) for X.509 certificates and for downloading the
certificates themselves. Dirmngr also handles OCSP requests as an
alternative to CRLs. Dirmngr is either invoked internally by gpgsm
(from GnuPG-2) or when running as a system daemon through the
dirmngr-client tool.
|
|
of the do-build target. bmake does not like that.
|
|
Mostly bugfixes, see: http://www.ijs.si/software/amavisd/release-notes.txt
|
|
* Version 0.2.15 (released 2006-08-22)
** Changed libgsasl shared library version.
The shared library version was not incremented correctly in the last
release, even though new APIs were added.
* Version 0.2.14 (released 2006-08-19)
** New section "Requirements" in the manual, lists the external components.
Suggested by James Mansion.
** Update of gnulib files.
* Version 0.2.13 (released 2006-06-14)
** Update of gnulib files.
Further improves portability to MinGW.
** Various improvements in the manuals.
** The tests are run under valgrind, if it is installed.
Use --disable-valgrind-tests to unconditionally disable this. It is
disabled by default for cross compiles.
** Various minor fixes.
* Version 0.2.12 (released 2006-03-08)
** Update of gnulib files.
Improves portability to Mingw32.
* Version 0.2.11 (released 2006-02-07)
** Ported to Windows by cross-compiling using Mingw32.
Using Debian's mingw32 compiler, you can build it for Windows by invoking
`./configure --host=i586-mingw32msvc --disable-gssapi'.
** Update of gnulib files.
* Version 0.2.10 (released 2005-10-23)
** Work around bug in GnuTLS that made the command line tool exit after
** failing to write a zero length message to the peer.
** Don't use GnuTLS if gnutls_certificate_verify_peers2 isn't present.
** Update of gnulib files.
* Version 0.2.9 (released 2005-10-07)
** Update of gnulib files.
* Version 0.2.8 (released 2005-09-08)
** The gsasl tool now support STARTTLS for IMAP and SMTP using GnuTLS.
** The --client and --server parameters for the gsasl tool now work properly.
** The --client and --server stdin/stdout modes now use the readline library.
** Fixed build problems in getpass on uClibc and Mingw32 platforms.
** Kinyarwanda translation added.
* Version 0.2.7 (released 2005-08-25)
** Fix build problems when cross-compiling to uClibc and Mingw32 platforms.
** Detecting and using the readline library has been improved.
* Version 0.2.6 (released 2005-08-08)
** The gsasl tool now try to connect to all addresses for a server name.
** The help-gsasl@gnu.org mailing list is now mentioned in documentation.
** The license template in files were updated with the new FSF address.
** Update of gnulib files.
|
|
|
|
Add IGNORE_URLS code from agc@:
"If a URL is specified in IGNORE_URLS then all entries listed in
pkg-vulnerabilities that match that URL will not be reported when
audit-packages is run. Running audit-packages -v will display the
details of all entries skipped if IGNORE_URLS is set."
Add a sample audit-packages.conf detailing all the options we now support.
Update to 1.46
|
|
|
|
|
|
Noteworthy changes in version 1.4.6 (2006-12-06)
------------------------------------------------
* Fixed a serious and exploitable bug in processing encrypted
packages. [CVE-2006-6235].
* Fixed a buffer overflow in gpg. [bug#728, CVE-2006-6169]
(already fixed in pkgsrc)
* Fixed a bug while decrypting certain compressed and encrypted
messages. [bug#537]
* Added --s2k-count to set the number of times passphrase mangling
is repeated. The default is 65536 times.
* Added --passphrase-repeat to set the number of times GPG will
prompt for a new passphrase to be repeated. This is useful to
help memorize a new passphrase. The default is 1 repetition.
* Added a GPL license exception to the keyserver helper programs
gpgkeys_ldap, gpgkeys_curl, and gpgkeys_hkp, to clarify any
potential questions about the ability to distribute binaries
that link to the OpenSSL library. GnuPG does not link directly
to OpenSSL, but libcurl (used for HKP, HTTP, and FTP) and
OpenLDAP (used for LDAP) may. Note that this license exception
is considered a bug fix and is intended to forgive any
violations pertaining to this issue, including those that may
have occurred in the past.
* Man pages are now build from the same source as those of GnuPG-2.
|
|
versions. The diff is 500k without manual editing and I don't want to
push that into pkgsrc.
|
|
F-PROT Antivirus for UNIX, version 4.6.7
Version 4.6.7 is a bugfix release which addresses the following issues:
o Fixed an issue with multipart zip files that could be reported
as invalid or corrupt
o Several fixes to the scanning engine to improve handling of
corrupted files, mostly .chm, .cab and .rar files.
o Fixed a potential endless loop in corrupted .ace files in response
to a vulnerability report.
o Fixed an error in f-prot.sh that would cause the wrong part of paths to be
substituted. Reported by Patrick Diddens.
|
|
|
|
|
|
|
|
Python != 2.4.
|
|
Bump revision.
|
|
in Makefile is a really bad and stupid idea. Kill it.
|
|
* Major changes in 0.0.8
** epa-file.el can now specify recipient keys from the file local
variable `epa-file-encrypt-to'.
** Always encode passphrase with eol-type LF.
** Allow empty user IDs.
** Support handling notations on the signature.
* Major changes in 0.0.7
** Fixed a clearsign verification bug.
|
|
|
|
While fixing a bug reported by Hugh Warrington, a buffer overflow has
been identified in all released GnuPG versions. The current versions
1.4.5 and 2.0.0 are affected. A small patch is provided.
...
2006-11-27 Werner Koch <wk@g10code.com>
* openfile.c (ask_outfile_name): Fixed buffer overflow occurring
if make_printable_string returns a longer string. Fixes bug 728.
Bump PKGREVISION.
|
|
|
|
been identified in all released GnuPG versions. Exploiting this
overflow seems to be possible. Apply the following patch to GnuPG."
2006-11-27 Werner Koch <wk@g10code.com>
gnupg2 has been patched accordingly.
|
|
of the package when specifying package names for the -p (one package) option,
and to make audit-packages more consistent with pkg_info behaviour.
|
|
|
|
Based on PR 33317 by Yoshito Komatsu.
SASL is a method for adding authentication support to connection-based
protocols. To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating protection
of subsequent protocol interactions. If its use is negotiated, a security
layer is inserted between the protocol and the connection.
This is the Cyrus SASL plugin that implements the LDAPDB authentication
|
|
Name service error for name=ethmoid.org type=MX: Host not found, try again
|
|
- Save/load user configuration when using CGI authentication mode (#181).
- Show Prewikka version in the About page (#177).
- Use Python logging facility (available backend: stderr, file, smtp, syslog),
multiple simultaneous handler supported (#113).
- Fix anonymous authentication.
- Fix external process going into zombie state (#178).
- Display correct alertident for invalid CorrelationAlert analyzerid/messageid pair.
- prewikka-httpd should now log the source address.
- Thread safety fixes.
|
