| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
RSAref is used, then the library may be found.
|
|
|
|
|
|
|
|
|
|
OPENSSH_USER
OPENSSH_UID
OPENSSH_GROUP
OPENSSH_GID
OPENSSH_CHROOT
Use these to automatically create user/group if they do not already
exist. Assists platforms which do not have an 'sshd' user by default,
while adding flexibility for NetBSD systems.
Checked by Stoned Elipot <seb@netbsd.org>.
|
|
It should be fixed in error of bulk build, too.
$Id: ChangeLog,v 1.43 2002/07/24 14:46:52 gotoyuzo Exp $
'OpenSSL for Ruby' project
Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz>
All rights reserved.
$Log: ChangeLog,v $
Revision 1.43 2002/07/24 14:46:52 gotoyuzo
* lib/openssl/buffering.rb: typo fixed. (Thakns NaHi)
Revision 1.42 2002/07/24 12:31:31 gotoyuzo
* ossl.c: should include <sys/time.h> if it exists. (Thanks Knu)
Revision 1.41 2002/07/24 09:56:17 gotoyuzo
* ossl-0.1.2 released
Revision 1.40 2002/07/23 20:23:30 gotoyuzo
* lib/net/https.rb: follow net/http.rb Rev: 1.41.2.18 (ruby_1_6)
Revision 1.39 2002/07/23 10:49:19 gotoyuzo
* ossl_ssl.c: should raise exception while SSL_write returns 0.
Revision 1.38 2002/07/23 10:45:25 gotoyuzo
* ossl.h: include <openssl/e_os.h>
* ossl.c: workaround to convert into UTC time.
* lib/openssl.rb: fix string embeded expression.
Revision 1.37 2002/04/07 16:35:32 majkl
* Macros fixups
* X509ExtFactory cleanup
* fixed strptime warning on Linux
* X509::Certificate#version has been changed!
!!! WARNING !!!
x509.version = 2 -> defines X509v3, (0 for v1, 1 for v2, ...)
p x509.version -> 2, means that it is X509v3
!!! WARNING !!!
Revision 1.36 2002/03/11 21:35:39 majkl
* Cipher IV fixup
Revision 1.35 2002/03/11 17:20:22 majkl
* Big internal cleanup (all structs with only 1 member rearranged)
* improved getting time_t from cTime
Revision 1.34 2002/03/06 08:05:05 majkl
* build fix-ups
Revision 1.33 2002/03/05 15:05:57 majkl
* WARNING! All to_str methods are not used any longer (use to_text instead)
* made an aliases to_pem as to_s
* more relaxed params checking - everywhere where string was needed it is OK that obj implements to_s method
Revision 1.32 2002/02/23 07:28:00 majkl
* More benevolent checks (Check_SafeStr(x) -> Check_Type(x, T_STRING)
(where we don't care)
Revision 1.31 2002/02/20 08:43:54 majkl
* Fixed some memory leaks
Revision 1.30 2002/02/13 13:09:49 majkl
* transition from rb_raise to OSSL_Raise (where possible)
* some mem checks
* preliminary DH key support
|
|
Checked by Stoned Elipot <seb@netbsd.org>.
|
|
* OpenBSD 3.1 SA 010: Receiving IKE payloads out of sequence can cause
isakmpd(8) to crash.
* A rewrite of the CRL support code, also from <Thomas.Walpuski@gmx.net>.
Some style mods, and checks added for OpenSSL version 0.9.7 or later.
Currently CRLs are not supported for earlier versions.
Manual pages updated.
* Handle configuration lines that end in whitespace or ^M.
Also avoid a potential memory leak.
* Start for support of IKECFG in SET/ACK mode. Server side only so far.
* Fix keyed HMAC where the key was longer than the blocksize
|
|
libcrypt-before-libcrypto into a section that is protected by something
we can set in the configure script (check_for_libcrypt_before). This
should fix the latter part of pkg/18091 by grant beattie.
|
|
|
|
the proper message.
|
|
|
|
This fixes the first part of pkg/18091 by grant.
|
|
support may already reside in the base system.
|
|
Allow options to be targetted to specific directories by using [dirname]
tags in the config file. Requested by <norm at sandbox.org.uk>.
|
|
msudir allows enabled users to easily manage 'setuid' scripts and
binaries. A directory containing scripts or other executables is
created inside the basedir for each destination user. Any user is
then able to invoke the script 'bar' in the directory 'fu' via
'msudir fu/bar'. The script will be run under the uid and primary
gid of the destination user. Some effort is taken to sanitise the
arguments and environment, but msudir should not be used without
an understanding of the security implication.
|
|
msudir allows enabled users to easily manage 'setuid'
scripts and binaries. A directory containing scripts or
other executables is created inside the basedir for each
destination user. Any user is then able to invoke the script
'bar' in the directory 'fu' via 'msudir fu/bar'. The script
will be run under the uid and primary gid of the destination
user. Some effort is taken to sanitise the arguments and
environment, but msudir should not be used without an
understanding of the security implication.
|
|
* An experimental interface to GnuPG's --edit-key functionality is
introduced, see gpgme_op_edit.
* The new gpgme_import_ext function provides a convenient access to
the number of processed keys.
* It is possible to use an outside event loop for the I/O to the
crypto engine by setting the I/O callbacks with gpgme_set_io_cbs.
* GPGME_ATTR_OTRUST is implemented now.
* A first step toward thread safeness has been achieved, see the
documentation for details. Supported thread libraries are pthread
and Pth.
* All error output of the gpgsm backend is send to the bit bucket.
* The signature verification functions are extended. Instead of
always returning GPGME_SIG_STATUS_GOOD, the functions new codes for
expired signatures.
* The current passphrase callback and progress meter callback can be
retrieved with the new functions gpgme_get_passphrase_cb and
gpgme_get_progress_cb respectively.
* gpgme_op_encrypt can be called with RECIPIENTS being 0. In this
case, symmetric encryption is performed. Note that this requires a
passphrase from the user.
* More information is returned for X.509 certificates.
* Interface changes relative to the 0.3.4 release:
* gpgme_op_encrypt does now fail with GPGME_Invalid_Recipients if
some recipients have been invalid, whereas earlier versions
succeeded in this case.
* gpgme_op_verify now allows to pass an uninitialized data object as
its plaintext argument to check for normal and cleartext
signatures. The plaintext is then returned in the data object.
* New interfaces gpgme_set_include_certs and gpgme_get_include_certs
to set and get the number of certifications to include in S/MIME
signed messages.
* New interfaces gpgme_op_encrypt_sign and gpgme_op_encrypt_sign_start
to encrypt and sign a message in a combined operation.
* New interface gpgme_op_keylist_ext_start to search for multiple patterns.
* gpgme_key_get_ulong_attr supports the GPGME_ATTR_EXPIRE attribute.
* Interface changes relative to the 0.3.3 release:
* Fix the Makefile in jnlib.
* Fix the test suite (hopefully). It should clean up all its state
with `make check' now.
* Remove erroneous dependency on libgcrypt in jnlib.
* There is a Texinfo manual documenting the API.
* The gpgme_set_keylist_mode function returns an error, and changed
its meaning. It is no longer usable to select between normal and
fast mode (newer versions of GnuPG will always be fast), but
selects between local keyring, remote keyserver, or both.
For this, two new macros are defined, GPGME_KEYLIST_MODE_LOCAL
and GPGME_KEYLIST_MODE_EXTERN. To make it possible to modify the
current setting, a fucntion gpgme_get_keylist_mode was added to
retrieve the current mode.
* gpgme_wait accepts a new argument STATUS to return the error status
of the operation on the context. Its definition is closer to
waitpid() now than before.
* The LENGTH argument to gpgme_data_new_from_filepart changed its
type from off_t to the unsigned size_t.
* The R_HD argument to the GpgmePassphraseCb type changed its type
from void* to void**.
* New interface gpgme_op_trustlist_end() to match
gpgme_op_keylist_end().
* The CryptPlug modules have been renamed to gpgme-openpgp and
gpgme-smime, and they are installed in pkglibdir by `make install'.
* An idle function can be registered with gpgme_register_idle().
* The GpgSM backend supports key generation with gpgme_op_genkey().
|
|
have been converted to USE_BUILDLINK2.
|
|
buildlink2.mk files back into the main trunk.
|
|
buildlink2.mk files back into the main trunk. This provides sufficient
buildlink2 infrastructure to start merging other packages from the
buildlink2 branch that have already been converted to use the buildlink2
framework.
|
|
Import some patches (via FreeBSD), one of them concerning weak rnd number
generation.
|
|
|
|
Avcheck is a simple program that allows you to call an antivirus software
in order to check mail messages for viruses before actual delivery from
within a Mail Transfer Agent, or MTA.
|
|
/var/run directory, tmpfs is mounted on /var/run by default.
/var/run does not exist by default on Solaris 7, but some daemons
appear to make use of it after it is created (eg. syslogd).
|
|
* bug fixes
|
|
basesrc/lib/libc/hash/sha1.c.
|
|
trying to ask for 0.9.5a as we will not be allowed to use it anyway.
|
|
- Do not revoke existing group membership.
|
|
|
|
|
|
Gleaned from apache's startup script.
|
|
|
|
on 1.4.2/i386. Approved by agc.
|
|
Changes :
- further fixes for Net::SSLeay::Handle from jbowlin@@_linklint.org
- applied minor patch by Mark Veltzer <mark@@veltzer._org> to Makefile.PL
- Added SSL_peek patch to ssl_read_until from
Peter Behroozi <peter@@fhpwireless_.com> --Sampo
- Improved Windows instructions per Marcel Bucher <marcle@bucher._cc>
|
|
|
|
the in-tree openssl is < 0.9.6f, a previous package build has installed
the openssl-0.9.6g package, but the BUILDLINK_DEPENDS.openssl value is
not initialised, so that the package infrastructure tries to build and
install the openssl-0.9.6g package again.
|
|
problems for Solaris. Instead, handle patch for NetBSD-1.4.2 specially.
|
|
|
|
|
|
|
|
|
|
|
|
NetBSD-patched codebase won't apply cleanly (or at all) without the NetBSD
patch. Therefore, remove the `.if ${OS}' condition for applying the patch,
so Solaris and Darwin start with the same codebase. Fix as needed.
|
|
|
|
a stunning DoS vulnerability, fixed in 0.9.6f:
*) Use proper error handling instead of 'assertions' in buffer
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()).
[Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
Regenerate the netbsd patch. This is now a clean diff against the
vendor tag, with version-number-only changes elided.
Partially revert "crypto/dist/openssl/crypto/rand/randfile.c", version
1.4 (via additional pkgsrc patch), to give this a shot to compile on
NetBSD-1.4.2 and earlier, which had no strlcpy() or strlcat().
Assemble the shared library without "-Bsymbolic", mainly to give this
a shot at linking on NetBSD-a.out (untested).
|
