| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Updating package for p5 module Crypt::Twofish from 2.12nb4 to 2.13
- Setting gnu-gpl-v2 as license
Upstream changes:
2.13 2009-05-11 Abhijit Menon-Sen <ams@toroid.org>
* Relicensed on request from the old Artistic License to "the same
terms as Perl itself" (i.e. new Artistic/GPL).
(No functional changes.)
|
|
seahorse-plugins 2.26.2
-----------------------
* Autogenerate ChangeLog
* Fixed unportable test in configure script
Translations
* Greek [Jennie Petoumenou]
* Spanish [Jorge Gonzalez]
|
|
seahorse 2.26.2
---------------
* (no significant changes)
Translations
* Greek [Simos Xenitellis and Fotis Tsamis]
* Spanish [Jorge Gonzalez]
* Ukranian [Maxim V. Dziumanenko]
|
|
pkgsrc change: add LICENSE.
What's new in Sudo 1.7.1?
* A new Defaults option "pwfeedback" will cause sudo to provide visual
feedback when the user is entering a password.
* A new Defaults option "fast_glob" will cause sudo to use the fnmatch()
function for file name globbing instead of glob(). When this option
is enabled, sudo will not check the file system when expanding wildcards.
This is faster but a side effect is that relative paths with wildcard
will no longer work.
* New BSM audit support for systems that support it such as FreeBSD
and Mac OS X.
* The file name specified with the #include directive may now include
a %h escape which is expanded to the short form of hostname.
* The -k flag may now be specified along with a command, causing the
user's timestamp file to be ignored.
* New support for Tivoli-based LDAP START_TLS, present in AIX.
* New support for /etc/netsvc.conf on AIX.
* The unused alias checks in visudo now handle the case of an alias
referring to another alias.
|
|
Changes since OpenSSH 5.1
=========================
Security:
* This release changes the default cipher order to prefer the AES CTR
modes and the revised "arcfour256" mode to CBC mode ciphers that are
susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH".
* This release also adds countermeasures to mitigate CPNI-957037-style
attacks against the SSH protocol's use of CBC-mode ciphers. Upon
detection of an invalid packet length or Message Authentication
Code, ssh/sshd will continue reading up to the maximum supported
packet length rather than immediately terminating the connection.
This eliminates most of the known differences in behaviour that
leaked information about the plaintext of injected data which formed
the basis of this attack. We believe that these attacks are rendered
infeasible by these changes.
New features:
* Added a -y option to ssh(1) to force logging to syslog rather than
stderr, which is useful when running daemonised (ssh -f)
* The sshd_config(5) ForceCommand directive now accepts commandline
arguments for the internal-sftp server.
* The ssh(1) ~C escape commandline now support runtime creation of
dynamic (-D) port forwards.
* Support the SOCKS4A protocol in ssh(1) dynamic (-D) forwards.
(bz#1482)
* Support remote port forwarding with a listen port of '0'. This
informs the server that it should dynamically allocate a listen
port and report it back to the client. (bz#1003)
* sshd(8) now supports setting PermitEmptyPasswords and
AllowAgentForwarding in Match blocks
Bug and documentation fixes
* Repair a ssh(1) crash introduced in openssh-5.1 when the client is
sent a zero-length banner (bz#1496)
* Due to interoperability problems with certain
broken SSH implementations, the eow@openssh.com and
no-more-sessions@openssh.com protocol extensions are now only sent
to peers that identify themselves as OpenSSH.
* Make ssh(1) send the correct channel number for
SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
avoid triggering 'Non-public channel' error messages on sshd(8) in
openssh-5.1.
* Avoid printing 'Non-public channel' warnings in sshd(8), since the
ssh(1) has sent incorrect channel numbers since ~2004 (this reverts
a behaviour introduced in openssh-5.1).
* Avoid double-free in ssh(1) ~C escape -L handler (bz#1539)
* Correct fail-on-error behaviour in sftp(1) batchmode for remote
stat operations. (bz#1541)
* Disable nonfunctional ssh(1) ~C escape handler in multiplex slave
connections. (bz#1543)
* Avoid hang in ssh(1) when attempting to connect to a server that
has MaxSessions=0 set.
* Multiple fixes to sshd(8) configuration test (-T) mode
* Several core and portable OpenSSH bugs fixed: 1380, 1412, 1418,
1419, 1421, 1490, 1491, 1492, 1514, 1515, 1518, 1520, 1538, 1540
* Many manual page improvements.
|
|
major change.
Reported by Robert Elz in PR 41345.
|
|
|
|
block). Uncomment some commented out LICENSE lines while here.
|
|
seahorse-plugins 2.26.1
-----------------------
Translations
* kn.po [Shankar Prasad]
* el.po [Simos Xenitellis]
* el.po [Fotis Tsamis]
* gl.po [Suso Baleato]
|
|
seahorse 2.26.1
---------------
* PGP UIDs display in order reported by key server, and fix
parsing of HKP PGP search UIDs. [Adam Schreiber]
* Fix problem opening preferences window twice. [Adam Schreiber]
* Set authorized_keys properly when sending SSH keys to a
remote system. [Andreas Moog, Stef Walter]
* Fix crash when entering hkp: url manually. [Stef Walter]
|
|
|
|
Collection.
The Perl 5 module Net::OpenSSH is a secure shell client package
implemented on top of OpenSSH binary client (ssh). This module is
implemented around the multiplexing feature found in later versions
of OpenSSH.
|
|
New in 2.1.23
-------------
* Fixed CERT VU#238019 (make sure sasl_encode64() always NUL
terminates output or returns SASL_BUFOVER)
|
|
Changes:
- Bugfix release, forward and backward compatible with 2.0.x
- Fix compatibility with Qt 4.5 when QCA::Initializer appears before QApp
- Don't convert to secure memory when Hash::update(QByteArray) is used
- Use configure.exe instead of configwin.bat
|
|
|
|
|
|
|
|
Pkgsrc changes:
- Change run-time dependency on p5-Test-MockObject to a build dependency
Upstream changes:
changes from 0.03 to 0.04
-------------------------
* changed fatal behavior to throw strings instead of objects
|
|
4.1.2 on DragonFly).
* Make it build on systems not having nonstandard ENODATA (like DragonFly).
* There is no C++ or Fortran code in this package.
|
|
|
|
specification that makes it possible for programmers to create and
validate signed XML documents.
|
|
file in addition to sniffing the wire directly.
|
|
* For ccid, etoken* drivers remove polling loop, review the force_poll
configuration option, this reduces power consumption and CPU load.
* Fix some issues caused by newer udev version.
* Handle T1 abort better.
* Some build system fixes.
* Some minor fixes.
* Re-add api documentation (pre-generated), like we used to.
|
|
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html
New in 0.11.8; 2009-05-07;
* Fix security problem in pkcs11-tool gen_keypair (PublicExponent 1)
* fix compiling without openssl.
* updated and improve entersafe driver. FTCOS/PK-01C cards are supported
now, compatible with cards writen by Feitian's software on windows.
|
|
|
|
|
|
|
|
Pkgsrc changes:
- Adjust dependencies
- Whitespace fix in Makefile to placate pkglint
Upstream changes:
version 0.007; 2009-04-22
* in XS code, use the correct "PREINIT:" instead of "INIT:" to introduce
variable declarations
* test Uklblowfish with long keys
version 0.006; 2009-04-21
* in C::E::Family, new method "as_class" to work around Crypt::CBC
brain damage
* use simpler "parent" pragma in place of "base"
* in documentation, use the term "truth value" instead of the less
precise "boolean"
* drop prototypes from method subs (where the prototypes have no effect)
* in C::E::Family, abandon use of the "fields" module
* add casts for pointer target signedness to avoid compiler warnings
* use full stricture in Build.PL
|
|
* Version 2.6.6 (released 2009-04-30)
libgnutls: Corrected double free on signature verification failure.
Reported by Miroslav Kratochvil. See the advisory
for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415]
libgnutls: Fix DSA key generation.
Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All
DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory
for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416]
libgnutls: Check expiration/activation time on untrusted certificates.
Reported by Romain Francoise. Before the
library did not check activation/expiration times on certificates, and
was documented as not doing so. We have realized that many
applications that use libgnutls, including gnutls-cli, fail to perform
proper checks. Implementing similar logic in all applications leads
to code duplication. Hence, we decided to check whether the current
time (as reported by the time function) is within the
activation/expiration period of certificates when verifying untrusted
certificates.
This changes the semantics of gnutls_x509_crt_list_verify, which in
turn is used by gnutls_certificate_verify_peers and
gnutls_certificate_verify_peers2. We add two new
gnutls_certificate_status_t codes for reporting the new error
condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also
add a new gnutls_certificate_verify_flags flag,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
behaviour.
API and ABI modifications:
gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.
gnutls_certificate_verify_peers: Likewise.
gnutls_certificate_verify_peers2: Likewise.
GNUTLS_CERT_NOT_ACTIVATED: ADDED.
GNUTLS_CERT_EXPIRED: ADDED.
GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Changelog:
pcsc-lite-1.5.3: Ludovic Rousseau
- SCardEstablishContext(): check we do not reuse an already allocated
hContext
Thanks to Daniel Nobs for the bug report and patch
- pcsclite.h: add missing SCARD_E_* and SCARD_W_* return code. They are
unused by pcsc-lite but defined on Windows
- reader.h: add PIN_PROPERTIES_STRUCTURE structure and
FEATURE_IFD_PIN_PROPERTIES
Thanks to Martin Paljak for the patch
- remove powermgt_macosx.c since it is using APSL version 1.1 instead of
the BSD-like licence like the other files
Thanks to Stanislav Brabec for the bug report
- avoid a possible crash due to a race condition
Thanks to Matheus Ribeiro for the patch
- change default log level from PCSC_LOG_INFO to PCSC_LOG_ERROR to limit
syslog pollution
- CardDisconnect(): call RFUnlockAllSharing() instead of
RFUnlockSharing() to release all nested locks. The problem occurs if
SCardBeginTransaction() are made without corresponding
SCardEndTransaction(). OpenSC "pkcs11-tool -I" exhibits such a
behavior.
Thanks to Marc Rios Valles for the bug report
- some other minor improvements and bug corrections
|
|
|
|
Packages Collection.
The netpgp command can digitally sign files and verify that the
signatures attached to files were signed by a given user identifier.
netpgp can also encrypt files using the public or private keys of
users and, in the same manner, decrypt files which were encrypted.
The netpgp utility can also be used to generate a new key-pair for a
user. This key is in two parts, the public key (which can be used by
other people) and a private key.
In addition to these primary uses, the third way of using netpgp is to
maintain keyrings. Keyrings are collections of public keys belonging
to other users. By using other means of identification, it is
possible to establish the bona fides of other users. Once trust has
been established, the public key of the other user will be signed.
The other user's public key can be added to our keyring. The other
user will add our public key to their keyring.
This software is built on top of openpgpsdk 0.9.1, but provides a
higher-level interface, is autoconf-ed and libtool-ed, and has had
some significant bugs fixed.
|
|
approved by agc
|
|
* Version 2.6.5 (released 2009-04-11)
** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to
specify the client hello message record version. Used to overcome buggy
TLS servers. Report by Martin von Gagern.
** GnuTLS no longer uses the libtasn1-config script to find libtasn1.
Libtasn1 0.3.4 or later is required. This is to align with the
upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script.
** API and ABI modifications:
No changes since last version.
|
|
Version 2.1 (released 2009-04-17)
- Fix compilation failure on platforms that can't generate empty archives,
e.g., Mac OS X. Reported by David Reiser <dbreiser@gmail.com>.
Version 2.0 (released 2009-04-13)
- Optimized tree generation.
- ASN1 parser code re-generated using Bison 2.4.1.
- Build with more warning flags. Many compiler warnings fixed.
- Compiled with -fvisibility=hidden by default if supported.
See http://gcc.gnu.org/wiki/Visibility
- The libtasn1-config tool has been removed.
For application developers, please stop using libtasn1-config for
finding libtasn1, use proper autoconf checks or pkg-config instead.
For users that need a libtasn1 that provides a libtasn1-config
script (for use with older applications), use libtasn1 v1.x instead.
Version 1.x is still supported.
|
