| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
from 2.51nb1 to 2.52.
Upstream changes:
2012-06-08 Gisle Aas <gisle@ActiveState.com>
Gisle Aas (3):
Wrong version number in the changelog
The t/threads.t was missing from the MANIFEST
Update expected digests for files
Andrew Fresh (1):
Remove double the
Lyle Hopkins (1):
Digest::Perl::MD5 OO fallback didn't work [RT#66634]
Peter J. Acklam (1):
Fix typos (spelling errors) in cpan/Digest-MD5/*
Shlomi Fish (1):
Modernize the code in the POD.
Zefram (1):
Makes Digest::MD5 work on Perl 5.6 [RT#75032]
|
|
security/p5-IO-Socket-SSL from 1.74 to 1.76.
Upstream changes:
v1.76 2012.06.18
- no longer depend on Socket.pm 1.95 for inet_pton, but use Socket6.pm if
no current Socket.pm is available. Thanks to paul[AT]city-fan[DOT]org
for pointing out the problem and providing first patch
v1.75 2012.06.15
- made it possible to explicitly disable TLSv11 and TLSv12 in SSL_version
|
|
|
|
|
|
|
|
|
|
This switches to the gnome-3.4 branch
(Seems to be source and binary compatible to the 2.32 one, no need
to keep the old version.)
|
|
Treat MacOS X just like any other UNIX system.
|
|
|
|
This switches to the new stable release branch.
|
|
changes:
-fix for pipe servers
-build system improvements
|
|
changes: bugfixes:
-Fixed memory leak in PKCS #8 key import
-Check key identifiers when checking for an issuer
pkgsrc note: This is just a last checkpoint on the 2.x branch, in case
it will be needed for the Q2 branch. Will update to 3.x RSN.
|
|
|
|
* libclamav: Scan output at end of truncated tar
* libclamav: Fix handling of tar file with malformed header
* libclamav: Scan chm with invalid handling
* freshclam: give custom dbs higher priority during update
* libclamav: detect read races and abort the scan with an error
* libclamav/pe.c: drop old header check
|
|
Upstream changes:
-----------------
## ssh 1.7.14 (2012-05-07)
* #15: Implemented parameter substitution in SSHConfig, matching the
implementation of `ssh_config(5)`. Thanks to Olle Lundberg for the patch.
* #24: Switch some internal type checking to use `isinstance` to help prevent
problems with client libraries using subclasses of builtin types. Thanks to
Alex Morega for the patch.
* [Fabric #562](https://github.com/fabric/fabric/issues/562): Agent forwarding
would error out (with `Authentication response too long`) or freeze, when more
than one remote connection to the local agent was active at the same time.
This has been fixed. Thanks to Steven McDonald for assisting in
troubleshooting/patching, and to GitHub user `@lynxis` for providing the
final version of the patch.
|
|
pkglint. If any of these are wrong for some reason, please revert/adjust.
|
|
|
|
===
F-PROT Antivirus for Unix, version 6.2.1
Compatibility for older Linux distros improved (glibc 2.3 for 32 bit version and glibc 2.4 for 64 bit version)
Compatibility for older Solaris/SunOS version improved (both 32 and 64 bit versions are compatible with solaris 8 now)
64 bit FreeBSD now supported
===
F-PROT Antivirus for Unix, version 6.2.0
Scan engine upgraded from 4.6.2 to 4.6.5 with improved detection rates and fewer false positives.
Multiple issues with the mail scanners have been fixed.
===
F-PROT Antivirus for Unix, version 6.1.1
fpupdate fix to prevent crash on certain 64 bit Linux systems.
|
|
|
|
|
|
* OPENDNSSEC-277: Enforcer: Performance optimisation of database access.
Bugfixes:
* SUPPORT-27: ods-ksmutil: simplify zone delete so that it only marks keys as
dead (rather than actually removing them). Leave the key removal to purge
jobs.
(Ok'ed by wiz@)
|
|
|
|
|
|
* misc Release numbering changed to three level "major.minor.revison" scheme
* bug REMOVE_HOLD_TIME was set to 10 days only (Thanks to Chris Thompson)
* doc Improved README file (Thanks to Jan-Piet Mens)
* misc Fix of some typos in log messages
* bug Fixed error in rollover.c (return code of genfirstkey() wasn't checked)
* misc Default of KeySetDir changed from NULL to ".." (best for hierarchical mode)
Default Sig Lifetime changed from 10 days to 3 weeks (21 days)
Default ZSK lifetime changed from 3 months to 4 times the sig lifetime
Default KSK lifetime changed from 1 year to 2 years
Parameter checks in checkconfig() adapted.
KSK random device changed back from /dev/urandom to BIND default
(Be aware of some possibly long delay in key generation)
* func New configure option to set the bind utility path manually (--enable-bindutil_path)
BIND_UTIL_PATH in config_zkt.h will no longer used
* bug If nsec3 is turned on and KeyAlgo (or AddKeyAlgo) is RSHASHA1
or DSA, genkey() uses algorithm type NSECRSASHA1 or NSEC3DSA instead.
* bug Error in printconfigdiff() fixed. (Thanks to Holger Wirtz)
* func Description added to (some of the) dnssec.conf parameters
* func Adding a patch from Hrant Dadivanyan to always pre-publish ZSKs
* misc Config file syntax changed to parameter names without underscores.
zkt-conf uses ZKT_VERSION string as config version
* bug "make install-man" now installs all man page
* bug Bug fixed in zfparse.c. zkt-conf was unable to detect an already
included dnskey.db file if another file was included.
* misc destination dnssec-zkt removed from Makefile.in
* func dki_prt_managedkeys() added to dki.c
zkt_list_managedkeys() added to zkt.c
zkt-ls has new option -M to print out a list of managed-keys
* bug Bug fixed in the config parser (zconf.c). Couldn't parse
agorithm RSASHA512 correctly (Thanks to Michael Sinatra)
|
|
|
|
* Add an anon_fast option that attempts anonymous authentication
(generally implemented via anonymous PKINIT inside the Kerberos
library) and then, if successful, uses those credentials for FAST
armor. If fast_ccache and anon_fast are both specified, anonymous
authentication will be used as a fallback if the specified FAST ticket
cache doesn't exist. Based on patches from Yair Yarom.
* Add a user_realm option to only set the realm for unqualified user
principals. This differs from the existing realm option in that realm
also changes the default realm for authorization decisions and for
verification of credentials. Update the realm option documentation to
clarify the differences and remove incorrect information. Patch from
Roland C. Dowdeswell.
* Add a no_prompt option to suppress the PAM module's prompt for the
user's password and defer all prompting to the Kerberos library. This
allows the Kerberos library to have complete control of the prompting
process, which may be desireable if authentication mechanisms other
than password are in use. Be aware that, with this option set, the
PAM module has no control over the contents of the prompt and cannot
store the user's password in the PAM data. Based on a patch by Yair
Yarom.
* Add a silent option to force the module to behave as if the
application had passed in PAM_SILENT and suppress text messages and
errors from the Kerberos library. Patch from Yair Yarom.
* Add preliminary support for Kerberos trace logging via a trace option
that enables trace logging if supported by the underlying Kerberos
library. The option takes as an argument the file name to which to
log trace output. This option does not yet work with any released
version of Kerberos, but may work with the next release of MIT
Kerberos.
* MIT Kerberos does not add a colon and space to its password prompts,
but Heimdal does. pam-krb5 previously unconditionally added a colon
and space, resulting in doubled colons with Heimdal. Work around this
inconsistency by not adding the colon and space if already present.
* Fix alt_auth_map support to preserve the realm of the authentication
identity when forming the alternate authentication principal, matching
the documentation.
* Document that the alt_auth_map format may contain a realm to force all
mapped principals to be in that realm. In that case, don't add the
realm of the authentication identity. Note that this can be used as a
simple way to attempt authentication in an alternate realm first and
then fall back to the local realm, although any complex attempt at
authentication in multiple realms should instead run the module
multiple times with different realm settings.
* Avoid a NULL pointer dereference if krb5_init_context fails.
* Fix initialization of time values in the module configuration on
platforms (like S/390X) where krb5_deltat is not equivalent to long.
* Close a memory leak when search_k5login is set but the user has no
.k5login file.
* Close several memory leaks in alt_auth_map support.
* Suppress bogus error messages about unknown option for the realm
option. The option was being parsed and honored despite the error.
* Retry authentication under try_first_pass on several other errors in
addition to decrypt integrity check errors to handle a wider array of
possible "password incorrect" error messages from the KDC.
* Update to rra-c-util 4.4:
* Update to C TAP Harness 1.12:
|
|
|
|
|
|
so f-spot can use it.
|
|
* Added libpam-runtime support for debian
* Added use_first_pass and try_first_pass option, thanks to Luc Ducazu <lducazu@gmail.com>
* Changed e-mail adres to jeroen@jeroennijhof.nl
* Improved accounting, added cmd attribute for command logging
* Added tac_acct_flag2str()
* Renamed tac_account_read, tac_account_send to tac_acct_read and tac_acct_send
* pam_tacplus.spec.in: fixed static library path and pam_tacplus.so location
* Debian packaging improvements
|
|
- Bux fix release
- Rollerd's -alwayssign flag logic had a critical error that could
have caused a zone to be signed with the wrong ZSK at particular
points of the ZSK key rolling process.
|
|
* Only use libyubikey when --with-cr is used.
* Set correct permissions on tempfile.
* YubiKey 2.2 contains a bug in challenge-response that makes it output the
same response to all challenges unless HMAC_LT64 is set. Add warnings to
ykpamcfg and a warning through conversate in the pam module. Keys programmed
like this should be reprogrammed with the HMAC_LT64 flag set.
|
|
* Implement option -ooath-id to easily set OATH token identifier.
* Fix numerous compiler warnings from clang. Thanks to
Clemens Lang <neverpanic@gmail.com>.
|
|
* ykclient: Add C++ namespace protection.
* Add multi-server support with curl_multi.
Enabled by default for YubiCloud servers.
Settable with the new library function set_template_urls() or
the urls parameter to ykclient_verify_otp_v2().
* Remove extra % in ykclient help.
* Add ca path option to ykclient, --ca.
Patch from Jay Kline <jay.kline.ctr@hpcmo.hpc.mil>.
* Make the nonce unique for consecutive calls to the same ykclient handle.
* Do url encoding of OTP before sending.
* Fix segfault on curl error.
Patch from Lee Hinman <lee.hinman.ctr@hpc.mil>
|
|
* Updated ld-version-script from gnulib to silence warnings.
* Fix out-of-tree builds.
|
|
|
|
decentralized, and highly reliable synchronization. That means that a key
submitted to one SKS server will quickly be distributed to all key servers,
and even wildly out-of-date servers, or servers that experience spotty
connectivity, can fully synchronize with rest of the system.
|
|
|
|
|
|
Bug fixes.
|
|
|
|
|
|
|
|
|
|
* authpam.c (callback_pam): Call pam_end() after an authentication attempt.
* Makefile.am: Renamed authstaticlist.h to courierauthstaticlist.h, and
added it to the list of header files that 'make install' puts into
includedir.
* Fix gcc 4.6 warnings
* courier.spec.in: switch to systemd.
* Fix autoconf warnings.
* courier-authlib.spec: Make rmplint happy.
|
|
Parallelize signature verification (-n option)
|
|
|
|
https://github.com/krb5/krb5/commit/ca2909440015d33be42e77d1955194963d8c0955
|
|
* Noteworthy changes in release 2.13 (2012-05-31) [stable]
- Updated fix for DER decoding issue to not depend on specific compilers.
- Updated DER decoding check to apply to short form integers as well.
|
|
|
