Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
USE_GNU_TOOLS -> USE_TOOLS
awk -> gawk
m4 -> gm4
make -> gmake
sed -> gsed
yacc -> bison
|
|
|
|
reviewed by wiz and agc.
|
|
|
|
|
|
|
|
seahorse 0.7.8
--------------
* HKP key server support.
* Reworked drag-and-drop. Now works between Seahorse windows.
* Added a dialog for adding key servers simply and correctly.
* Add option to agent 'Authorize' window to turn off prompting
for authorization [Adam Schriber]
* Handle empty passwords properly in agent [Adam Schreiber]
* Keep agent window on top [Adam Schreiber]
* Removed libeel dependency.
* Better keyboard handling in the recipients dialog.
* Fix some rare gnome-vfs problems.
* Many smaller bug fixes.
seahorse 0.7.7
--------------
* Working keyserver sync (including upload) support.
* Compatibility with GNOME 2.10.
* Nautilus plugin now works with Nautilus 2.10 [Fernando Herrera]
* Cleaned up and simplified columns in the Key Manager.
* Fix problems with entering expiry dates.
* Remove 'Text Mode' option. Clarify 'ASCII Armor' option.
* Removed lots of 'jargon' from the interface.
* Can now drag keys from a key list to nautilus.
* Many smaller bug fixes.
seahorse 0.7.6
--------------
* Compatible with GPG 1.4
* Initial LDAP key server searching and importing support.
* Show descriptive icons (eg: secret, public keys) in the main
Key Manager window. [Adam Schreiber]
* Monitor keyring and refresh key list automatically across
processes, such as gedit plugin, recipient selection etc...
* Decryption 'Open With' in nautilus for PGP encrypted and
signed files. [Adam Schreiber]
* Added Backup Keyrings functionality. [Adam Schreiber]
* Prompt for signer when no default key is selected.
* Display UIDs properly in the seahorse-agent status window.
* Allow selection of a signing key in the Recipients dialog.
* More usable HIG friendly Key Properties dialog [Jim Pharis]
* Fix problems with 0 length files being created on error.
* Gnome HIG compliancy fixes
* Allow deletion of UIDs from the Key Manager window.
* Show all UIDs in the Recipient selection dialog.
* Prompt before overwriting files.
* More efficient operations on large files.
* Enable gedit plugin by default.
* Many smaller bug fixes.
|
|
|
|
apparently some systems only have .a (pointed out by adrianp@).
|
|
> Some highlights in this release:
>
> - Previously unreleased exploits (20 others added since 2.3)
> + Solaris KCMS Arbitary File Read
> + Solaris snmpXdmid AddComponent Overflow
> + Metasploit Framework Payload Handler
> + Microsoft Message Queueing Service MSO5-017
> + Minishare 1.41 Buffer Overflow
>
> - Addition of the new SunRPC and XDR Perl API
> + Allows for clean RPC exploit development
> + Used by two new exploit modules (KCMS and snmpXdmid)
> + Updated sadmind exploit uses the new API
>
> - Includes the new win32 PassiveX payload system
> + Loads an arbitary ActiveX through Internet Explorer
> + PassiveX payload loads the next stage over HTTP
> + HTTP transport emulates a standard TCP connection
> + Interact with cmd.exe, VNC, or Meterpreter over HTTP
> + Uses Internet Explorer settings for proxy access
> + Fully-functional on systems with Internet Explorer 6
> + Extensive documentation is available online:
> * http://www.uninformed.org/?v=1&a=3&t=pdf
>
> - Stability improvements and numerous bugs fixes
> + The msfweb interface is slightly less of a memory pig
> + Many exploits have been updated and improved
> + New external references added to the exploit modules
>
> - General improvements to the payload system
> + Brand new "shelldemo" binary for the impurity stager
> + Size reductions to win32_bind, win32_reverse, and others
> + Can now make standalone executables with msfpayload
> + Interact with metasploit payloads via payload_handler.pm
|
|
.tar file. Also, fix the yacc silliness while we're here.
|
|
|
|
Apparently, for as of yet undetermined reasons, gawk as built on IRIX
under pkgsrc croaks on regular expressions including a
combination of alpha- and numerical matches, such as the rather
trivial /^[ \t]*[0-9]+/
Let's use the system's AWK (ie nawk) for this package to avoid
breaking hundreds of dependents.
Speculation: somehow the regular expression library used to build
gawk conflicts with the systems regular expression library or
some such.
Note: gawk from SGIs freeware collection depends on expat -- why
is that? Does that have anything to do with anything?
|
|
|
|
|
|
|
|
|
|
of the example config files through to sub-make processes. Since
courier-authlib uses GNU automake, we need to set AM_MAKEFLAGS to the
correct value. This fixes the installation of the *.dist files into
${PREFIX}/share/examples/courier-authlib.
|
|
"MAKEFLAGS". Both "MAKEVARS" and "MAKEFLAGS" affect the package-level
make process, not the software's own make process.
|
|
to pass make flags to bmake.
|
|
Updated to OpenBSD 3.7 pf:
* Support limiting TCP connections by establishment rate, automatically
adding flooding IP addresses to tables and flushing states
(max-src-conn-rate, overload <table>, flush global).
* Improved functionality of tags (tag and tagged for translation rules,
tagging of all packets matching state entries).
* Improved diagnostics (error messages and additional counters from pfctl -si).
* New keyword set skip on to skip filtering on arbitrary interfaces,
like loopback.
* Several bugfixes improving stability.
ALTQ is now also supported by using the option 'altq', see the homepage
for information about how to apply the kernel patch.
Approved by: Thomas Klausner <wiz@NetBSD.org>
|
|
Multiple bug fixes, the most important being NAT-T now working with
multiple endpoints behind the same NAT.
|
|
specifically, check in /usr/lib${ABI}, since it's possible that
on multi-ABI platforms only one version is installed, in which case we'd
need to build and install the other from pkgsrc.
|
|
options framework. Rename PKG_OPTIONS.* to PKG_BUILD_OPTIONS.*.
|
|
caches variable definitions that were computed by make. These variables
are specified by listing them in MAKE_VARS, e.g.,
.if !defined(FOO)
FOO!= very_time_consuming_command
.endif
MAKE_VARS+= FOO
bsd.pkg.mk will include only the one generated during the most recent
phase. A particular phase's makevars.mk file consists of variable
definitions that are a superset of all of the ones produced in previous
phases of the build.
The caching is useful because bsd.pkg.mk invokes make recursively,
which in the example above has the potential to run the very time-consuming
command each time unless we cause FOO to be defined for the sub-make
processes. We don't cache via MAKE_FLAGS because MAKE_FLAGS isn't
consistently applied to every invocation of make, and also because
MAKE_FLAGS can overflow the maximum length of a make variable very
quickly if we add many values to it.
One important and desirable property of variables cached via MAKE_VARS
is that they only apply to the current package, and not to any
dependencies whose builds may have been triggered by the current
package.
The makevars.mk files are generated by new targets fetch-vars,
extract-vars, patch-vars, etc., and these targets are built during
the corresponding real-* target to ensure that they are being invoked
with PKG_PHASE set to the proper value.
Also, remove the variables cache file that bsd.wrapper.mk was generating
since the new makevars.mk files provide the same functionality at a
higher level. Change all WRAPPER_VARS definitions that were used by
the old wrapper-phase cache file into MAKE_VARS definitions.
|
|
package because PKG_OPTION.<pkg> could contain negative options, which
are never part of PKG_OPTIONS. Instead, use the show-var target to
display the value. We cache it in WRAPPER_VARS and in MAKE_FLAGS to
prevent reinvoking the show-var target recursively.
|
|
|
|
|
|
|
|
by David Ferlier with minor changes by me.
This is a module that allows people to login to PAM aware applications
by authenticating to a MySQL db. Now configurable in terms of which
host the database reside upon, which table and username and password
column to interrogate.
|
|
is enabled.
(Noticed in K. Walfridsson's NetBSD 3.0_BETA/x86_64 bulk build results
which were reviewed by wiz.)
|
|
|
|
no longer a custom option.
Add rc.d scripts to the PLIST.
|
|
INSTALL_SCRIPT step and set RCD_SCRIPTS=dirmngr instead?"
|
|
And always is defined as share/examples/rc.d
which was the default before.
This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.
This was discussed on tech-pkg in late January and late April.
Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.
|
|
|
|
* Version 1.2.3
- Corrected bug in record packet parsing that could lead
to a denial of service attack.
- Corrected bug in RSA key export. Previously exported keys
can be fixed using certtool. Use certtool -k <infile >outfile
- API and ABI modifications:
gnutls_x509_privkey_fix(): Add.
* Version 1.2.2 (2005-04-25)
- gnutls_error_to_alert() now considers
GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET.
- Fixed error in session resuming that could cause a crash in a session.
- Fixed pkcs12 friendly name and local key identifier decoding.
- Internal cleanups, removed duplicate typedef/struct definitions,
and made source code include external include file, to check
function prototypes during compile time.
- API and ABI modifications:
No changes since last version. At least not intentional, but due
to the include header changes, there may be inadvertant changes,
please let us know if you find any.
|
|
explicitely so that it os not autodetected on -current
|
|
|
|
security/lsh at 1.4.3.
lsh-2.0.1 has interoperability problems with openssh servers
(always gets "Invalid server signature" errors).
lsh-1.4.3 is not affected by CAN-2003-0826. Add a patch to address
CAN-2005-0814 and bump PKGREVISION.
|
|
|
|
|
|
changes:
- Makefile no longer appends 'static' to statically linked binaries
- Add optional SSH_ASKPASS support to the client
- Respect HOST_LOOKUP option
- Fix accidentally removed "return;" statement which was removed in 0.44
(causing clients which sent an empty terminal-modes string to fail to
connect - including pssh, ssh.com, danger hiptop). (patches
independently from Paul Fox, David Horwitt and Sven-Ola Tuecke)
- Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
will work with scp.
|
|
|
|
News for the 2.0.1 release
Fixed denial of service bug in lshd.
Fixed a bug in lsh-make-seed, which could make the program go
into an infinite loop on read errors.
lsh now asks for passwords also in quite (-q) mode, as
described in the manual.
Control character filtering used to sometimes consider newline
as a dangerous control character. Now newlines should be
displayed normally.
Removed support for the non-standard alias
"diffie-hellman-group2-sha1". The standardized name is for
this key exchange method is "diffie-hellman-group14-sha1".
News for the 2.0 release
Several programs have new default behaviour:
* lshd enables X11 forwarding by default (lsh still does not).
* lsh-keygen generates RSA rather than DSA keys by default.
* lsh-writekey encrypts the private key by default, using
aes256-cbc. Unless the --server flag is used.
Improved the lcp script. It is now installed by default.
Implemented the client side of "keyboard-interactive" user
authentication.
Support keyexchange with
diffie-hellman-group14-sha1/diffie-hellman-group2-sha1 (the
standardized name is at the moment not decided).
Fixes to the utf8 encoder, and in particular interactions
between utf8 and control character filtering.
News for the 1.5.5 release
Added SOCKS-style proxying to lsh and lshg. See the new -D
command line option. Supports both SOCKS-4 and SOCKS-5.
The lsh client no longer sets its stdio file descriptors into
non-blocking mode, which should avoid a bunch of problems. As
a consequence, the --cvs-workaround command line option has
been deleted.
In the user lookup code, lshd now ignores the shadow database
if getspnam returns NULL.
In the server pty setup code, use the group "system" as a
fallback if the group "tty" doesn't exist. This is the case on
AIX. (There are however more problems on AIX, which makes it
uncertain that lshd will work out of the box).
Deleted the --ssh1-fallback option for lshd. I hope ssh1 is
dead by now; if it isn't, you have to run ssh1d and lshd on
different ports.
Deleted code for bug-compatibility with ancient versions of
Datafellow's SSH2. There are zero bug-compatibility hacks in
this version.
News for the 1.5.4 release
Added logging of tcpip-forward requests.
Includes nettle-1.9, which have had some portability fixes and
optimizations. In particular, arcfour on x86 should be much
faster.
Implemented flow control on the raw ssh connection. Enforce
limits on the amount of buffered data waiting to be written to
the socket.
Moved all destructive string operations to a separate file
lsh_string.c, which has exclusive rights of accessing string
internals. Should make the code more robust, as buffer size
and index calculations elsewhere in the code should hit an
assert in lsh_string.c before doing damage.
Some general simplification and cleanup of the code.
News for the 1.5.3 release
Fixed heap buffer overrun with potential remote root
compromise. Initial bug report by Bennett Todd.
Fixed a similar bug in the check for channel number allocation
failure in the handling of channel_open, and in the
experimental client SRP code.
lshd now has an experimental mode similar to telnet, where it
accepts the 'none' authentication method and automatically
disables services such as X and TCP forwarding. This can be
useful in environment where it's required that /bin/login or
some other program handle authentication and session setup
(e.g. handle security contexts and so on).
News for the 1.5.2 release
Encrypted private keys works again.
New client escape sequence RET ~ ?, which lists all available
escape sequences. Also fixed the werror functions so that they
use \r\n to terminate lines when writing to a tty in raw mode.
Implemented handling of multiple --interface options to lshd.
As a side effect, The -p option must now be given before
--interface to have any effect.
Connecting to machines with multiple IP-adresses is smarter,
it connects to a few addresses at a time, in parallel.
Fixed a file descriptor leak in the server tcpip forwarding
code.
Lots of portability fixes.
News for the 1.5.1 release
Incompatible change to key format, to comply with the current
spki structure draft. You can use the script lsh-upgrade to
copy and convert the information in the old .lsh/known-hosts
to the new file .lsh/host-acls. The new code uses libspki.
Fixed IPv6 bug reported by Simon Kowallik.
lshd now does the equivalence of ulimit -n unlimited, this is
inherited by processes started upon client requests. If you
don't want this, you should use /etc/{profile,login,whatever}
to set limits for your users. Do note that PAM-based solutions
will NOT work as PAM is used from a separate process that
terminates as soon as the authentication is finished (this of
course goes for environment variables too).
lsh and and lshg now parses options from LSHFLAGS and
LSHGFLAGS, these are parsed before and can be overridden by
the command line.
News for the 1.5 release
Implemented the server side of X11 forwarding. Try lshd
--x11-forward. There's one known bug: The server may start
sending data on the session channel (typically your first
shell prompt) before it has sent the reply to the client's
"shell" or "exec" request. lsh will complain about, and ignore
that data.
As part of the X11 hacking, the socket code have been
reorganized.
Deleted one of the ipv6 configure tests. Now lsh will happily
build ipv6 support even if ipv6 is not available at run-time
on the build machine.
Fixed bug preventing -c none from working.
Another bug fix, call setsid even in the non-pty case.
Various bug fixes.
|
|
|
|
We don't need this any longer -- it's now default.
|
|
|
|
|