| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
relevant bugs) version:
Major changes between version 1.7.4p3 and 1.7.4p4:
* A potential security issue has been fixed with respect to the
handling of sudo's -g command line option when -u is also
specified. The flaw may allow an attacker to run commands as a
user that is not authorized by the sudoers file.
* A bug has been fixed where "sudo -l" output was incomplete if
multiple sudoers sources were defined in nsswitch.conf and there
was an error querying one of the sources.
* The log_input, log_output, and use_pty sudoers options now work
correctly on AIX. Previously, sudo would hang if they were
enabled.
* Fixed "make install" when sudo is built in a directory other
than the directory that holds the sources.
* The runas_default sudoers setting now works properly in a
per-command Defaults line.
* Suspending and resuming the bash shell when PAM is in use now
works properly. The SIGCONT signal was not being propagated to
the child process.
Major changes between version 1.7.4p2 and 1.7.4p3:
* A bug has been fixed where duplicate HOME environment variables
could be set when the env_reset setting was disabled and the
always_set_home setting was enabled in sudoers.
* The value of sysconfdir is now substituted into the path to the
sudoers.d directory in the installed sudoers file.
* Fixed compilation problems on Irix and other platforms.
* If multiple PAM "auth" actions are specified and the user enters
^C at the password prompt, sudo will now abort any subsequent
"auth" actions. Previously it was necessary to enter ^C once for
each "auth" action.
Major changes between version 1.7.4p1 and 1.7.4p2:
* Fixed a bug where sudo could spin in a cpu loop waiting for the
child process.
* Packaging fixes for sudo.pp to better handle patchlevels.
Major changes between version 1.7.4 and 1.7.4p1:
* Fix a bug introduced in sudo 1.7.3 that prevented the -k and -K
options from functioning when the tty_tickets sudoers option was
enabled.
* Sudo no longer prints a warning when the -k or -K options are
specified and the ticket file does not exist.
* Changes to the configure script to enable cross-compilation of
Sudo.
Major changes between version 1.7.3 and 1.7.4:
* Sudoedit will now preserve the file extension in the name of the
temporary file being edited. The extension is used by some
editors (such as emacs) to choose the editing mode.
* Time stamp files have moved from /var/run/sudo to either
/var/db/sudo, /var/lib/sudo or /var/adm/sudo. The directories
are checked for existence in that order. This prevents users
from receiving the sudo lecture every time the system reboots.
Time stamp files older than the boot time are ignored on systems
where it is possible to determine this.
* Ancillary documentation (README files, LICENSE, etc) is now
installed in a sudo documentation directory.
* Sudo now recognizes "tls_cacert" as an alias for "tls_cacertfile"
in ldap.conf.
* Defaults settings that are tied to a user, host or command may
now include the negation operator. For example:
Defaults:!millert lecture
will match any user but millert.
* The default PATH environment variable, used when no PATH variable
exists, now includes /usr/sbin and /sbin.
* Sudo now uses polypkg for cross-platform packing.
* On Linux, sudo will now restore the nproc resource limit before
executing a command, unless the limit appears to have been
modified by pam_limits. This avoids a problem with bash scripts
that open more than 32 descriptors on SuSE Linux, where
sysconf(_SC_CHILD_MAX) will return -1 when RLIMIT_NPROC is set
to RLIMIT_UNLIMITED (-1).
* Visudo will now treat an unrecognized Defaults entry as a parse
error (sudo will warn but still run).
* The HOME and MAIL environment variables are now reset based on
the target user's password database entry when the env_reset
sudoers option is enabled (which is the case in the default
configuration). Users wishing to preserve the original values
should use a sudoers entry like:
Defaults env_keep += HOME
to preserve the old value of HOME and
Defaults env_keep += MAIL
to preserve the old value of MAIL.
* The tty_tickets option is now on by default.
* Fixed a problem in the restoration of the AIX authdb registry
setting.
* If PAM is in use, wait until the process has finished before
closing the PAM session.
* Fixed "sudo -i -u user" where user has no shell listed in the
password database.
* When logging I/O, sudo now handles pty read/write returning ENXIO,
as seen on FreeBSD when the login session has been killed.
* Sudo now performs I/O logging in the C locale. This avoids
locale-related issues when parsing floating point numbers in the
timing file.
* Added support for Ubuntu-style admin flag dot files.
Major changes between version 1.7.2p8 and 1.7.3:
* Support for logging a command's input and output as well as the
ability to replay sessions. For more information, see the
documentation for the log_input and log_output Defaults options
in the sudoers manual. Also see the sudoreplay manual for
information on replaying I/O log sessions.
* The use_pty sudoers option can be used to force a command to be
run in a pseudo-pty, even when I/O logging is not enabled.
* On some systems, sudo can now detect when a user has logged out
and back in again when tty-based time stamps are in use.
Supported systems include Solaris systems with the devices file
system, Mac OS X, and Linux systems with the devpts filesystem
(pseudo-ttys only).
* On AIX systems, the registry setting in /etc/security/user is
now taken into account when looking up users and groups.
Sudo now applies the correct the user and group ids when running
a command as a user whose account details come from a different
source (e.g. LDAP or DCE vs. local files).
* Support for multiple sudoers_base and uri entries in ldap.conf.
When multiple entries are listed, sudo will try each one in the
order in which they are specified.
* Sudo's SELinux support should now function correctly when running
commands as a non-root user and when one of stdin, stdout or stderr
is not a terminal.
* Sudo will now use the Linux audit system with configure with the
--with-linux-audit flag.
* Sudo now uses mbr_check_membership() on systems that support it
to determine group membership. Currently, only Darwin (Mac OS X)
supports this.
* When the tty_tickets sudoers option is enabled but there is no
terminal device, sudo will no longer use or create a tty-based
ticket file. Previously, sudo would use a tty name of "unknown".
As a consequence, if a user has no terminal device, sudo will now
always prompt for a password.
* The passwd_timeout and timestamp_timeout options may now be
specified as floating point numbers for more granular timeout
values.
* Negating the fqdn option in sudoers now works correctly when sudo
is configured with the --with-fqdn option. In previous versions
of sudo the fqdn was set before sudoers was parsed.
|
|
From Aleksey Cheusov in PR 43849.
|
|
* Remove RUBY_HAS_ARCHLIB.
* Chante PKG_DESTDIR_SUPPORT to user-destdir.
* Add patch to support both ruby18 and ruby19.
|
|
* Remove default value of GEM_BUILD.
|
|
* Update dependency according to gemspec.
|
|
* Remove default value of GEM_BUILD.
|
|
* Update HOMEPAGE.
* Remove default value of GEM_BUILD.
=== 2.0.23 / 03 Jun 2010
* delay CHANNEL_EOF packet until output buffer is empty [Rich Lane]
Previously, calling #eof! after #send_data would result in the CHANNEL_EOF
packet being sent immediately, ahead of the data in the output buffer. Now
buffer becomes empty.
=== 2.0.22 / 20 Apr 2010
* Fix for: "Parsing the config errors out because it coerces the "1" into an integer and then tries to split it on spaces for multiple host checking." (http://net-ssh.lighthouseapp.com/projects/36253/tickets/10) [Lee Marlow]
=== 2.0.21 / 20 Mar 2010
* Fix for "IdentifyFile" in ~/.ssh/config does not work if no "Host" statement is given (http://net-ssh.lighthouseapp.com/projects/36253/tickets/9-identifyfile-in-sshconfig-does-not-work-if-no-host-statement-is-given#ticket-9-5) [xbaldauf, Delano Mandelbaum]
* Fix for client closes a forwarded connection, but the server is reading, net-ssh terminates with IOError socket closed (http://net-ssh.lighthouseapp.com/projects/36253/tickets/7) [Miklós Fazekas]
* Fix for client force closes (RST) a forwarded connection, but server is reading, net-ssh terminates with exception [Miklós Fazekas]
* Fix for server closes the sending side, the on_eof is not handled. [Miklós Fazekas]
* Removed Hanna dependency in Rakefile [Delano Mandelbaum]
=== 2.0.20 / 10 Feb 2010
* Support "ProxyCommand none" directive [Andy Lo-A-Foe]
=== 2.0.19 / 16 Jan 2010
* Support plus sign in sshconfig hostname [Jason Weathered]
=== 2.0.18 / 15 Jan 2010
* Fix related to #recv(1) to #readpartial change in 2.0.16 [Hans de Graaff, Delano Mandelbaum]
=== 2.0.17 / 14 Dec 2009
* Don't load net/ssh/authentication/pageant on Windows with Ruby 1.9 [Travis Reeder, Delano Mandelbaum]
|
|
* Use lang/ruby/gem.mk instead of misc/rubygems/rubygem.mk.
* Remove default value of GEM_BUILD.
=== 2.0.5 / 19 Aug 2010
* Fixed missing StringIO exception in download! [Toby Bryans, Delano Mandelbaum]
|
|
* Use lang/ruby/gem.mk instead of misc/rubygems/rubygem.mk.
* Remove default value of GEM_BUILD.
* Ajust new ruby package's framework.
=== 1.0.3 / 17 Aug 2010
* replace :sanitize_file_name with a call to String#shellescape [Sung Pae]
* Added gemspec file and removed echoe dependency [Miron Cuperman, Delano Mandelbaum]
* Removed Hanna dependency in Rakefile [Delano Mandelbaum]
|
|
* Use lang/ruby/gem.mk instead of misc/rubygems/rubygem.mk.
* Add LICENSE.
Changes are unknown.
|
|
|
|
|
|
pkgsrc changes:
- imported and added recommended dependency to Math::Random::MT
- moved List::MoreUtils to run dependencies
Upstream changes:
0.06 Tue Aug 31 15:37:15 JST 2010
* added a parameter 'provider' passed to Crypt::Random.
now you can avoid annoying device lock to set the value for example
to 'udevrandom' (means /dev/urandom), 'rand' etc.
|
|
pkgsrc changes:
- add informational dependency to core module Digest::MD5
Upstream changes:
Authen-SASL 2.15 -- Wed Jun 2 13:47:41 CDT 2010
* Makes sure that user callbacks are called [Yann Kerherve]
Authen-SASL 2.1401 -- Mon Mar 29 14:22:54 CDT 2010
* Add META.yml to release
|
|
Upstream changes:
0.49 Aug 7, 2010
- do not kill master from forked processes (bug report by
scotchie at PerlMonks)
- some typos corrected
|
|
pkgsrc changes:
- switch from gnupg-1 (more or less depreciated) to Crypt::OpenPGP and a
bunch of used encoders and digest modules
- use Module::Install::Bundled module type
- remove patch - works fine with current infrastructure for now
Upstream changes:
[Changes for 0.66 - Fri, 6 Sep 2010 22:51:37 +0200]
* Fix incompatibility with EU::Manifest 1.54 to 1.57
(Paul Howarth) (Closes RT#61124).
[Changes for 0.65 - Fri, 3 Sep 2010 21:38:02 +0200]
* Skip MYMETA (Alexandr Ciornii)
|
|
|
|
This is an updated version of the liboauth package in pkgsrc-wip by
Kamel Derouiche, modified by myself not to have nss, doxygen, perl and
graphviz pre-requisites.
OAuth (Open Authorization) is an open standard that allows users to
share their private resources (e.g. photos, videos, contact lists)
stored on one site with another site without having to hand out their
username and password.
OAuth allows users to hand out tokens instead of usernames and
passwords to their data hosted by a given service provider. Each
token grants access to a specific site (e.g. a video editing site)
for specific resources (e.g. just videos from a specific album) and
for a defined duration (e.g. the next 2 hours).
Thus OAuth allows a user to grant a third party site access to their
information stored with another service provider, without sharing
their access permissions or the full extent of their data.
OAuth is a service that is complementary to but distinct from OpenID.
liboauth is a collection of C functions implementing the OAuth
Core 1.0 standard API. liboauth provides basic functions to
escape and encode parameters according to OAuth specs and
offers high-level functions to sign requests or verify
signatures.
Necessary these days for twitter applications; useful for flickr and many
others...
|
|
* not using autogen.sh anymore, so remove some tools from USE_TOOLS.
* patch-ak does not effect anymore for above reason, add patch-ao for it.
this patch is required to avoid conflict with security/gnupg.
Bump PKGREVISION.
|
|
== 0.4.3 2010-09-01
* Fix for em-http proxy (ichverstehe)
|
|
changes:
-bugfixes
-New command --passwd for GPG
-Make use of libassuan 2.0 which is available as a DSO
-The gpg-agent commands KILLAGENT and RELOADAGENT are now available
on all platforms
|
|
changes:
-bugfixes
-Make use of libassuan 2.0 which is available as a DSO
|
|
change: Fixed a CMS parsing bug exhibited by Lotus Notes
|
|
change: New function gpg_err_deinit
|
|
many fixes and API extensions, but still binary compatible afaict
|
|
|
|
This is basically to switch to libassuan2.
other changes: minor fixes
|
|
(this pkg will be obsolete soon, when gnutls gets updated to 2.10)
|
|
|
|
* Report correct file type in "Detailed information
about changes" section
* Bug fixes
Version 0.14.1
* Added aide-attributes.sh contrib script
* Bug fixes
Version 0.14
* Renewed autoconf mechanism
* Resolved licensing conflicts
* New feature to summarize changes
* Added prelink support
* Many bugfixes
|
|
Dnsruby 1.49 now required (for correct zone parsing)
ldns 1.6.6 is required to fix the zone fetcher bug
Bugfixes:
* ods-control stop did not stopped zone fetcher (bug was introduced in 1.1.0)
* Auditor correctly handles chains of empty nonterminals
* Zone fetcher can block zone transfers if AXFR once failed.
This is a bug in ldns versions 1.6.5 and lower.
See KNOWN_ISSUES for more information.
* Bugreport #165: Ensure Output SOA serial is always bigger than Input SOA serial.
* Bugreport #166: Correct exit value from signer.
* Bugreport #167: Zone fetcher now also picks up changes when zonelist is reloaded
* Bugreport #168: ods-control with tightened control for the Enforcer
* Bugreport #169: Do not include config.h in the distribution
* Bugreport #170: Typo in a man page (ods-signer)
* Bugreport #172: Correction of some macros in a man page (ods-timing)
* Bugreport #173: A man page used a macro that does not exist (ods-ksmutil)
|
|
|
|
Upstream changes:
[Changes for 0.30 - 16 Aug 2010]
* Updated dist metadata and M::I
[Changes for 0.29 (unreleased) - 11 Sep, 2007]
* T::P::P->generate($len) works
* Fix behavior:
T::P::P->new(2,10)->generate(6)
was equivalent to
T::P::P->generate(6,10)
which is too subtle. Now it works just as
T::P::P->generate(6,6)
* Improved warnings on bad arguments
|
|
Upstream changes:
0.58 2010-08-25 14:06:30 UTC
- Bump version number for Crypt::SSLeay to 0.58 and Net::SSL to 2.85 in
preparation for release.
- Fix typo in POD is SSLeay.pm s/PEM0encoded/PEM encoded/ (checked
http://github.com/gitpan/Crypt-SSLeay/blob/9a1582ee1e4d132ae7cf9497bb83144786425d73/SSLeay.pm)
- Update Changes and TODO. Regenerate README and META.yml. Update package
author. Minor POD fixes.
0.57_05 2010-08-15 17:41:21 UTC
- Fix for NO_PROXY support in Net::SSL (bug #57836)
- Bump Net::SSL version number to 2.84_02 after changes
- Fix file/dir permissions (bug #60338)
- Review warnings when compiling SSLeay.xs against older versions of OpenSSL.
Warnings are due to OpenSSL.
- Add clarification regarding $ENV{HTTPS_CA_FILE} and $ENV{HTTPS_CA_DIR} to the
POD.
- Other POD related changes:
* Remove historic information in README about platforms where the package
was successfully built.
* Reformat acknowledgements. TODO: Add more people.
* Fix link to Net-SSLeay.
* Add note about the --live-tests command line option
* Generate README from POD.
* Formatting fixes.
* Update copyright notice.
0.57_04 2010-08-11 00:22:33 UTC
- Reorganize Makefile.PL to break individual steps in to subroutines so as to
facilitate localized future modifications. Whether there was any point to
this remains to be seen.
- In Makefile.PL, accommodate ActiveState+MingW configuration.
- Pick the correct lib location for Strawberry Perl (bug #60230).
- Apply fixes in bug reports #59312 and #33954 to Net/SSL.pm.
- Bump version number in Net/SSL.pm to indicate development release.
0.57_03 2010-08-09 20:12:30 UTC
- If the last component of $inc_dir is 'openssl', set $inc_dir to its parent
and set $prefix to 'openssl'. Otherwise, leave $inc_dir as is and set $prefix
to '' (I hope this fixes bugs #28431, #28680, #32084, #43084, #54103 without
breaking anything).
- Improved OpenSSL detection on Win32/Strawberry Perl (bug #49285).
- Add MIME::Base64 as a prerequisite as Net::SSL needs it.
- exit 0 if OpenSSL can't be found to avoid superfluous reports from CPAN
Testers.
- Add \ to $opt_bench in eg/net-ssl-test (bugs #30931, #39363).
0.57_02 2010-08-08 18:27:40 UTC
- Refactor the version detection algorithm in Makefile.PL to handle all known
variations of version number encoding. Should fix bug #52408.
0.57_01 2008-02-18 14:42:32 UTC
- use #include <..> rather than #include "..." in
crypt_ssleay_version.h.
- add command-line switch to avoid live tests (bug #30268).
- skip tests in t/01-connect.t if 443 is already in use (bug #30985).
- make code gcc -Wwrite-strings compatible (bug #31926).
|
|
to trigger/signal a rebuild for the transition 5.10.1 -> 5.12.1.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=..."), minus the packages updated after
the perl package update.
sno@ was right after all, obache@ kindly asked and he@ led the
way. Thanks!
|
|
|
|
in PR 43774.
|
|
bug fixes.
|
|
Noteworthy changes in version 2.0.1 (2010-08-09)
------------------------------------------------
* Support for WindowsCE.
* Input and output notification handler can now really access the
parsed fd as stated in the manual.
* Cleaned up the logging.
* Interface changes relative to the 2.0.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
assuan_free NEW.
_assuan_w32ce_create_pipe NEW.
ASSUAN_LOG_CONTROL NEW.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
== 0.4.2 2010-08-13
* Fixed compatibility with Ruby 1.9.2 (ecavazos)
* Fixed the em-http request proxy (Joshua Hull)
* Fix for oauth proxy string manipulation (Jakub Suder)
* Added Bundler (rc) Gemfile for easier dev/testing
|
|
qt4: run "moc" at build time to make sure the generated files
match the installed qt version
|
|
changes:
-Beautified the qt4 pinentry
-Minor enhancements
Thanks to Sverre Froyen for testing the qt4 version and finding
a patch which makes the dialog stay on top.
|
|
are wrong and caused out-of-bounds memory accesses
bump PKGREVISION
|
|
|
|
Upstream changes:
0.48 Aug 2, 2010
- bug quoting escaped scalars as globs solved
- new faq for "can't change directory"
- support calling shell_quote and shell_quote_args as class
methods
- more tests
- minor doc corrections
|
|
(CVE-2010-2547), bump PKGREVISION
|
|
== 0.4.1 2010-06-16
* Added support for using OAuth with proxies (Marsh Gardiner)
* Rails 3 Compatibility fixes (Pelle Braendgaard)
* Fixed load errors on tests for missing (non-required) libraries
|
|
|
|
Based on SOAuth: security/ruby-soauth
A *simple* Ruby OAuth library that supports OAuth header signing, and header
verifying.
|
|
## The "S" is for "Signs" ##
*SOAuth* is a Ruby library that **creates HTTP headers for OAuth Authorization**
using previously-obtained OAuth keys/secrets. Useful if you want to make your
own HTTP request objects instead of using the ones created for you using the
[commonly-used OAuth gem](security/ruby-oauth).
It should be noted that this was developed without edge cases in mind -- it was
pretty much abstracted from my "by-hand" signing of OAuth requests in [Prey
Fetcher](http://preyfetcher.com), so don't consider it production-quality code
(though it [is running in production](http://preyfetcher.com)).
|
