| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Bump PKGREVISION.
|
|
ClamAV 0.97 brings many improvements, including complete Windows support
(all major components compile out-of-box under Visual Studio), support for
signatures based on SHA1 and SHA256, better error detection, as well as
speed and memory optimizations. The complete list of changes is available
in the ChangeLog file.
|
|
* header file location of libbind is differ than SFU.
* treat all Interxi as same, not only interix3.
|
|
neither getipnodebyname(3) nor gethostbyname2(3).
|
|
|
|
|
|
|
|
* detect recent OpenPAM correctly
* catch getopt(3) with `int' for platforms that char will never be -1.
Bump PKGREVISION.
|
|
Bugfixes:
* Enforcer: Fixed a number of build warnings.
OpenDNSSEC 1.2.0rc3:
* Moved migration instructions to the file MIGRATION
Bugfixes:
* Bugreport #199: The previous DB schema change made the zone removal broken.
* Enforcer: When retiring old KSK, use TTL(ds) and not TTL(ksk).
* Enforcer: Minimize the set of DS RRs sent to DelegationSignerSubmitCommand.
* Enforcer: Replace tab with a space character in the DNSKEY printed to syslog.
* Enforcer: Fixed pontential format string bug.
* ods-ksmutil: Log to syslog when ds-seen changes a key to active/standby.
* Signer Engine: Don't be smart with RRSIG TTLs, the hsm will set them for you.
* Signer Engine: Set notify command for zone when receiving ods-signer update.
* Signer Engine: Update TTL of NSEC(3) records if SOA Minimum has changed
in KASP.
* Signer Engine: Now logs to the correct facility.
* Signer Engine: Also remove NSEC records when detecting changes in
signconf <Denial>
* Signer Engine: Dropped privileges before starting Zonefetcher.
OpenDNSSEC 1.2.0rc2:
Bugfixes:
* Signer Engine: Use the correct TTL for RRs after the $INCLUDE directive.
* Signer Engine: Also create new signature if TTL of RR has changed.
* Signer Engine: Drop old NSEC/NSEC3 records.
* ods-ksmutil: Fixed some memory leaks.
OpenDNSSEC 1.2.0rc1:
* New commandline option for the signer: ods-signer running.
* Allow connection to different MySQL ports in the Enforcer.
* Tone down and explain warning when converting M or Y to seconds
* ldns 1.6.7 is required for bugfixes
* dnsruby 1.51 is required for bugfixes
Bugfixes:
* Bugreport #187: ods-control signer start will return non-zero if start up
failed (uses ods-signer running).
* Narrow glue at the zone cut is allowed, do not consider it as occluded.
* Move zone fetcher output to correct input adapter file.
* Enforcer shared keys on zones with ShareKeys disabled.
* Make names of key states consistent.
* Signer Engine file descriptor leak fix on engine.sock.
* Set explicit "unlimited" repository capacity to prevent random integer being
read. Requires "ods-ksmutil update conf" to be run if using an existing
database.
* Fix issue with key generation creating too many keys Ticket #194.
* Bugreport #189: Auditor did not handle white-space-seperated substrings
for base64 text
* Bugreport #190: Auditor (and signer) does not handle case correctly
* Signer now silence stdout-output from the notify command
OpenDNSSEC 1.2.0b1:
* A new signer engine, written in c. Zones are maintained in memory, instead of
in files on disk.
* Removed the python and python-4suite-xml dependencies.
* Remove separate autoconf for libhsm/conf/enforcer.
* Add option to disable building the signer.
* Signer logs statistics just after outputting a new signed zone.
* libhsm will skip processing (and not create) any public keys if the
per repository option <SkipPublicKey/> is set.
* Keysharing improved - keys can now exist in different states on each zone
that the key is in use for.
* Backup prepare/commit/rollback added for 2-step backups without taking the
enforcer offline.
* Standby keys are now optional (default to 0) and should be considered
experimental.
Bugfixes:
* Fix semantics of refresh value in Signer Engine.
* Auditor handles chains of empty nonterminals correctly.
* Recalculate salt immediately if the saltlength is changed.
* libhsm connected to slot 0 if the token label was not found.
An error is now returned instead of connecting to the slot.
* Bugreport #102: Removed the obsoleted python-4suite-xml dependency.
* Fixed Known Issue: KSK rollover requires manual timing.
* Fixed Known Issue: Key rollover and reuse of signatures.
* Fixed Known Issue: Issue with sharing keys and adding zones.
* Fixed Known Issue: Quicksorter does not allow certain owner names
(Quicksorter is removed, signer now reads and sorts the zone).
|
|
|
|
What's new in Sudo 1.7.4p6?
* A bug has been fixed in the I/O logging support that could cause
visual artifacts in full-screen programs such as text editors.
|
|
|
|
* Allow more hash algorithms with the OpenPGP v2 card.
* The gpg-agent now tests for a new gpg-agent.conf on a HUP.
* Fixed output of "gpgconf --check-options".
* Fixed a bug where Scdaemon sends a signal to Gpg-agent running in
non-daemon mode.
* Fixed TTY management for pinentries and session variable update
problem.
|
|
|
|
|
|
|
|
|
|
What's new in Sudo 1.7.4p5?
* A bug has been fixed that would allow a command to be run without the
user entering a password when sudo's -g flag is used without the -u flag.
* If user has no supplementary groups, sudo will now fall back on checking
the group file explicitly, which restores historic sudo behavior.
* A crash has been fixed when sudo's -g flag is used without the -u flag
and the sudoers file contains an entry with no runas user or group listed.
* A bug has been fixed in the I/O logging support that could cause
visual artifacts in full-screen programs such as text editors,.
* A crash has been fixed when the Solaris project support is enabled
and sudo's -g flag is used without the -u flag.
* Sudo no longer exits with an error when support for auditing is
compiled in but auditing is not enabled.
* Fixed a bug introduced in sudo 1.7.3 where the ticket file was not
being honored when the "targetpw" sudoers Defaults option was enabled.
* The LOG_INPUT and LOG_OUTPUT tags in sudoers are now parsed correctly.
* A crash has been fixed in "sudo -l" when sudo is built with auditing
support and the user is not allowed to run any commands on the host.
|
|
|
|
* only use the last 8 chars of the key -- it's the more common use, and
the wotsap urls only use them now
* convert optional "mykey" to uppercase before matching
* print correct date (misuse of non-local vars)
|
|
|
|
changes: bugfixes
|
|
run dir in VARBASE... Bump PKGREVISION to 3.
|
|
configuration file requires this directory to exist.
Bump PKGREVISION to 2.
|
|
|
|
PR#44333.
|
|
|
|
* On DragonFly, rmd160.h exists and required functions are defined there,
but not in any library, so ignore it.
* On DragonFly and FreeBSD, MD5 and MD4 functions are in libmd.
|
|
OS X and probably other machines. pkglint clean-up.
|
|
|
|
* need to include sys/socket.h, PR#44313.
* same signature as Linux and NetBSD for PAM related functions.
|
|
* not have libresolv, but required functions in libc.
* need to include <sys/socket.h> exactly in some place.
|
|
|
|
|
|
|
|
into pkgsrc/mail. Part of PR/32554
|
|
Part of PR/32554
|
|
Changes since 1.1:
** gsasl: Add --no-cb to disable use of TLS channel bindings.
** build: Use silent build rules via automake.
Use 'make V=99' to see the command lines used.
** Update gnulib files.
** gsasl: Support for TLS channel bindings.
Requires GnuTLS 2.11.4 or later for the gnutls_session_channel_binding
function. Used by the SCRAM-SHA-1-PLUS mechanism.
** doc: Mention new property GSASL_CB_TLS_UNIQUE and SCRAM-SHA-1-PLUS.
** tests: Added self-tests for SCRAM-SHA-1-PLUS.
** gsasl: Avoid fixed size buffers.
This caused problems on Windows where the BUFSIZ was too small for
some line lengths with GS2-KRB5.
** tests: Fix error strings to be more unique.
** doc: Added section on how to build with MIT Kerberos for Windows.
** doc: Added PDF version of API reference manual.
See doc/reference/gsasl.pdf.
** i18n: Updated translations.
Thanks to Benno Schulenberg.
** doc: Explain GS2-related changes.
** doc: GTK-DOC manual improved.
Now almost all symbols and types are explained.
** gsasl: Fix crash when getaddrinfo does not get a canonical name.
** gsasl: Improve error message when server rejects authentication.
** tests: Self checks are improved.
** gsasl: Improve application data throughput.
Patch from Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> in
<http://thread.gmane.org/gmane.comp.gnu.gsasl.general/256>.
** Improve MinGW builds.
** doc: Fix doc/cyclo/ output.
** tests/crypto: Also test newly added SHA-1 interfaces.
** tests/scram: Also test GSASL_SCRAM_SALTED_PASSWORD case.
This code path triggered a crash in v1.3.
** i18n: Added Finnish translation.
Thanks to Jorma Karvonen <karvonen.jorma@gmail.com>.
** Experimental support for SCRAM-SHA-1 added.
Please test it but don't put it into production use, the RFC have not
been finalized yet. For this reason, the mechanism priority list is
such that SCRAM-SHA-1 will never be selected over any other mechanism
(including PLAIN, CRAM-MD5, and DIGEST-MD5). When it has been tested
further, we'll make SCRAM-SHA-1 the preferred mechanism after GSSAPI.
** gsasl: Fix libintl-related build errors on MinGW.
Tiny patch from "carlo.bramix" <carlo.bramix@libero.it>.
** doc: Typo fixes to manual.
Based on report by Marco Maggi <marco.maggi-ipsu@poste.it> in
<http://thread.gmane.org/gmane.comp.gnu.gsasl.general/222>.
** tests: Rewrite basic self test using modern API.
** tests: New self-test 'crypto' to increase code coverage.
** gsasl: Fix out of bounds write when in IMAP/SMTP mode.
Reported by Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de> in
<http://thread.gmane.org/gmane.comp.gnu.gsasl.general/230>.
** doc: Rewritten introduction material.
** doc: Improved sections for the info manual.
We now follow the advice given by the texinfo manual on which
directory categories to use. In particular, libgsasl moved from the
'GNU Libraries' section to the 'Software libraries' as GNU SASL, and
'Invoking gsasl' moved from 'GNU utilities' to 'Security'.
** examples: Removed unneeded 'ctx' parameter from client_authenticate.
** Building with many warning flags now requires --enable-gcc-warnings.
This avoids crying wolf for normal compiles.
** New configure parameters to set packaging specific information.
The parameters are --with-packager, --with-packager-version, and
--with-packager-bug-reports. See
<http://article.gmane.org/gmane.comp.lib.gnulib.bugs/17791> for more
details.
|
|
alternative from mk/jpeg.buildlink3.mk
This allows selection of an alternative jpeg library (namely the x86 MMX,
SSE, SSE2 accelerated libjpeg-turbo) via JPEG_DEFAULT=libjpeg-turbo, and
follows the current standard model for alternatives (fam, motif, fuse etc).
The mechanical edits were applied via the following script:
#!/bin/sh
for d in */*; do
[ -d "$d" ] || continue
for i in "$d/"Makefile* "$d/"*.mk; do
case "$i" in *.orig|*"*"*) continue;; esac
out="$d/x"
sed -e 's;graphics/jpeg/buildlink3\.mk;mk/jpeg.buildlink3.mk;g' \
-e 's;BUILDLINK_PREFIX\.jpeg;JPEGBASE;g' \
< "$i" > "$out"
if cmp -s "$i" "$out"; then
rm -f "$out"
else
echo "Edited $i"
mv -f "$i" "$i.orig" && mv "$out" "$i"
fi
done
done
|
|
|
|
|
|
2010-07-23 - 0.9.32.1
- Fixed missing header file resulting in compile errors
2010-07-23 - 0.9.32
- Added support for memory_limit > 2GB
- Fixed missing header file resulting in wrong php_combined_lcg()
prototype being used
- Improved random number seed generation more by adding /dev/urandom juice
2010-03-28 - 0.9.31
- Fix ZTS build of session.c
- Increased session identifier entropy by using /dev/urandom if available
2010-03-25 - 0.9.30
- Added line ending characters %0a and %0d to the list of
dangerous characters handled
by suhosin.server.encode and suhosin.server.strip
- Fixed crash bug with PHP 5.3.x and session module (due to
changed session globals struct)
- Added ! protection to PHP session serializer
- Fixed simulation mode now also affects (dis)allowed functions
- Fixed missing return (1); in random number generator replacements
- Fixed random number generator replacement error case behaviour
in PHP 5.3.x
- Fixed error case handling in function_exists() PHP 5.3.x
- Merged changes/fixes in import_request_variables()/extract()
from upstream PHP
- Fixed suhosin_header_handler to be PHP 5.3.x compatible
- Merge fixes and new features of PHP's file upload code to suhosin
|
|
value of a pointer, prior to a memcpy(), to prevent a buffer overflow.
|
|
|
|
rogue cards (SA42658)
|
|
this to build properly under Mac OS X "Snow Leopard" on a 64-bit host.
Fixes PR pkg/44191 by me.
|
|
of the C pre-processor.
|
|
|
|
The following changes have been made between John 1.7.5.1 and 1.7.6:
* Generic crypt(3) support (enabled with "--format=crypt") has been added for
auditing password hash types supported by the system but not yet supported by
John's own optimized cryptographic routines (such as "SHA-crypt" and SunMD5).
* Optional parallelization of the above has been implemented by means of OpenMP
along with glibc's crypt_r(3) or Solaris' MT-safe crypt(3C).
* Optional parallelization of John's own optimized code for the OpenBSD-style
Blowfish-based crypt(3) (bcrypt) hashes with OpenMP has been added.
* A more suitable version of 32-bit x86 assembly code for Blowfish is now
chosen on Core i7 and similar CPUs (when they happen to run a 32-bit build).
* More optimal DES S-box expressions for PowerPC with AltiVec (making use of
the conditional select operation) contributed by Dumplinger Boy (Dango-Chu)
have been integrated.
* The bitslice DES C source code has been reworked to allow for the use of
arbitrary SIMD intrinsics, which was previously only implemented for AltiVec
as a special case.
* Support for SSE2 and MMX intrinsics with bitslice DES (as an alternative to
the supplied assembly code) has been added (currently only enabled for SSE2 on
x86-64 when compiling with GCC 4.4+).
* Support for mixed-type longer virtual vectors (such as SSE2+MMX, SSE2+ALU,
AltiVec+ALU, and other combinations) with bitslice DES has been added (not
enabled by default yet, primarily intended for easy benchmarks on future CPUs,
with future compiler versions, with even more SIMD instruction sets, and with
different DES S-box expressions that might be available in the future).
* The obsolete 32-bit SPARC assembly implementation of DES has been dropped.
* The loader will now detect password hashes specified on a line on their own,
not only as part of an /etc/passwd or PWDUMP format file.
* When run in "--stdin" mode and reading candidate passwords from a terminal
(to be typed by the user), John will no longer mess with the terminal settings.
* John will now restore terminal settings not only on normal termination or
interrupt, but also when forcibly interrupted with two Ctrl-C keypresses.
The following changes have been made between John 1.7.5 and 1.7.5.1:
* A new numeric variable has been added to the word mangling rules engine:
"p" for position of the character last found with the "/" or "%" commands.
The following changes have been made between John 1.7.4.2 and 1.7.5:
* Support for the use of "--format" along with "--show" or "--make-charset" has
been added.
* The choice of .rec and .log filenames for custom session names has been made
more intuitive.
* Support for "\r" (character lists with repeats) and "\p0" (reference to the
immediately preceding character list/range) has been added to the word mangling
rules preprocessor.
* The undefined and undocumented behavior of some subtle word mangling rules
preprocessor constructs has been changed to arguably be more sensible.
* Some bugs were fixed, most notably JtR crashing on no password hashes loaded
(bug introduced in 1.7.4.2).
The following changes have been made between John 1.7.4 and 1.7.4.2:
* Major performance improvements for processing of very large password files
or sets of files, especially with salt-less or same-salt hashes, achieved
primarily through introduction of two additional hash table sizes (64K and 1M
entries), changes to the loader, and smarter processing of successful guesses
(to accommodate getting thousands of hashes successfully cracked per second).
* Many default buffer and hash table sizes have been increased and thresholds
for the use of hash tables lowered, meaning that John will now tend to use
more memory to achieve better speed (unless it is told not to with the
"--save-memory" option).
* Some previously missed common website passwords found on public lists of
"top N passwords" have been added to the bundled common passwords list.
* Some bugs introduced in 1.7.4 and affecting wordlist mode's elimination of
consecutive duplicate candidate passwords have been fixed.
The following changes have been made between John 1.7.3.4 and 1.7.4:
* Support for back-references and "parallel" ranges has been added to the
word mangling rules preprocessor.
* The notion of numeric variables (to be used for character positions
and substring lengths along with numeric constants supported previously)
has been introduced into the rules engine. Two pre-defined variables
("l" for initial or updated word's length and "m" for initial or
memorized word's last character position) and 11 user-defined variables
("a" through "k") have been added. Additionally, there's a new numeric
constant: "z" for "infinite" position or length.
* New rule commands have been added: "A" (append, insert, or prefix with a
string), "X" (extract a substring from memory and insert), "v" (subtract
and assign to a numeric variable).
* New rule reject flags have been added: ":" (no-op, for use along with the
"parallel" ranges feature of the preprocessor) and "p" (reject unless word
pair commands are allowed, for sharing of the same ruleset between "single
crack" and wordlist modes).
* Processing of word mangling rules has been made significantly faster in
multiple ways (caching of the current length, less copying of data, code
and data placement changes for better branch prediction and L1 cache usage,
compiler-friendly use of local variables, code micro-optimizations,
removal of no-op rule commands in an initial pass).
* The default rulesets for "single crack" and wordlist modes have been
revised to make use of the new features, for speed, to produce fewer
duplicates, and to attempt additional kinds of candidate passwords (such
as for years 2010 through 2019 with "year-based" rules).
* The idle priority emulation code has been optimized for lower overhead when
there appears to be no other demand for CPU time.
* The default for the Idle setting has been changed from N to Y.
The following changes have been made between John 1.7.3.1 and 1.7.3.4:
* "make check" has been implemented (for Unix-like systems only).
* The "--test" option will now take an optional argument - the duration of each
benchmark in seconds.
* Section .note.GNU-stack has been added to all assembly files to avoid the
stack area unnecessarily being made executable on Linux systems that use this
mechanism.
* Some very minor bugs that did not affect normal operation have been fixed.
* Some unimportant compiler warnings have been fixed, a source code comment has
been made more verbose and more complete.
|
|
* Version 2.10.4 (released 2010-12-06)
** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz.
** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures.
This makes us comply with RFC3279. Reported by Michael Rommel.
** libgnutls: Reverted default behavior for verification and
introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default
V1 trusted CAs are allowed, unless the new flag is specified.
** minitasn1: Updated to Libtasn1 2.9.
** API and ABI modifications:
No changes since last version.
|
