Age | Commit message (Collapse) | Author | Files | Lines |
|
Bump PKGREVISION.
|
|
* Major changes in 0.0.10
** Support GnuPG versions older than 1.4.3
** Provide a minor-mode to encrypt/sign mails
* Major changes in 0.0.9
** epa.el usablity improvements.
*** M-x epa-encrypt-region specifies --armor & --textmode by default
*** M-x epa-sign-region and M-x epa-sign-file create a cleartext signature by
default
*** Region based commands now determine the coding-system used to
encode the plain text
*** Fingerprints are pretty-printed
*** New user option epa-protocol to use the S/MIME.
** Support XEmacs compiled with --with-mule=no --with-file-coding=no.
|
|
a) Experimental IKEv2 support (--ikev2)
b) RFC 3947 NAT traversal support (--nat-t)
c) Source IP spoofing (--sourceip) - Requires raw sockets.
d) Nortel proprietary pre-shared key cracking support.
e) psk-crack can read dictionary files from stdin (--dictionary=-)
f) Backoff patterns may contain only a single packet.
g) Two new packet display options: --timestamp and --shownum
h) ike-scan now uses the Mersenne twister PRNG, with new --randomseed option.
i) --rcookie option allows the responder cookie to be specified in outgoing packets.
j) Several new backoff patterns and vendor IDs added.
k) ike-scan wiki launched: http://www.nta-monitor.com/wiki/
|
|
ready included with that release of OpenSSH, but in fact it is not)
* removed hacks.mk which is no longer necessary with that version of OpenSSH
|
|
|
|
Package was incorectly auto detecting postgres and attempting to compile
postgres plugin. Force package to skip compilation of postgres plugin.
|
|
Update to 1.2.8 (formerly in devel/apr1), no longer build from the
httpd distfile.
devel/rapidsvn:
devel/subversion-base:
parallel/ganglia-monitor-core:
security/hydra:
www/apache2:
Use devel/apr0.
www/apache22:
Use devel/apr and devel/apr-util.
|
|
Bump PKGREVISION.
|
|
Bump package revision because of this fix.
|
|
/var/run/stunnel.pid
|
|
According to the gnutls maintainer, the C++ compiler on Darwin is
probably broken.
|
|
* Version 1.6.1 (released 2006-12-28)
** Fix the list of trusted CAs that server's send to clients.
Before, the list contained issuer DN's instead of subject DN's of the
trusted CAs. Reported by Max Kellermann
** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it.
Reported by Max Kellermann
** Encode UID fields in DN's as DirectoryString.
Before GnuTLS encoded and parsed UID fields as IA5String. This was
incorrect, it should have used DirectoryString. Now it will use
DirectoryString for the UID field, but for backwards compatibility it
will also accept IA5String UID's. Reported by Max Kellermann
** Fix ./configure failure with non-GCC compilers.
This fixes the following error message:
configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined.
Reported by "Michael C. Vergallen"
* Version 1.6.0 (released 2006-11-17)
** No changes since 1.5.5.
The major changes compared to the 1.4.x branch are:
*** A GnuTLS C++ library is part of the official distribution.
Currently there are no examples or documentation, but hopefully this
will change. See gnutlsxx.h for the API.
*** Windows is a supported platform.
There are, however, two know bugs. One is related to select() in
command line tools (not, nota bene, in the library), the other is a
problem with libgcrypt that causes delays. Help is needed to resolve
those issues, so we feel we can't delay the release because of this.
*** New APIs for custom push/pull function error reporting.
The new APIs are gnutls_transport_set_errno and
gnutls_transport_set_global_errno. See the release notes for version
1.5.4 for more information.
*** Self tests are run under valgrind, if available. See --disable-valgrind.
|
|
Accurate changes are unknown.
Bump PKGREVISION.
|
|
is able to scan much larger directories. :)
PKGREVISION++
|
|
Addresses PR pkg/34252 by Matthias Petermann.
Also delint a bit.
|
|
of the shlib name change (!) during the update to 1.900.0.
Noted by Robert Elz in PR 35431.
|
|
"An unauthenticated user may cause execution of arbitrary code in
kadmind, which can compromise the Kerberos key database and host
security. (kadmind usually runs as root.) Unsuccessful exploitation,
or even accidental replication of the required conditions by
non-malicious users, can result in kadmind crashing."
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2006-002-rpc.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6143
Patch from MIT.
|
|
2007-01-16 David A. Wheeler <dwheeler, at, dwheeler.com>
* Release version 1.27
2007-01-16 Sebastien Tandel <sebastien, at, tandel (doht) be)
* Cleaned up code for patch handling, fix bug in subdir handling,
include patch info in help.
2007-01-15 Steve Kemp <steve at shellcode dot org>
* Fix Debian bug 268236.
This complains that flawfinder crashes when presented with a
file it cannot read. The patch obviously can't prevent
the problem, since the tool can't review what it can't read,
but at least it halts with a cleaner error message.
2007-01-15 cmorgan <cmorgan47, at earthlink dooot net>
* Fixed Debian bug 271287 (flawfinder).
Fixed skipping newlines when line ended with \,
which caused incorrect line number reporting.
Skip multiple whitespace at one time.
2007-01-15 David A. Wheeler <dwheeler, at, dwheeler.com>
* Modified Sebastien Tandel's code so that it also supports GNU diff
(his code worked only for svn diff)
* When using a patchfile, skip analysis of any file not
listed in the patchfile.
2007-01-15 Sebastien Tandel <sebastien, at, tandel (doht) be)
* Add support for using "svn diff" created patch files, based
on the approach described by David A. Wheeler on how it
could be done.
2007-01-15 David A. Wheeler <dwheeler, at, dwheeler.com>
* By default, now skips directories beginning with "."
(this makes it work nicely with many SCM systems).
Added "--followdotdir" option if you WANT it to enter
such directories.
* Fixed divide-by-zero when no code found (not exactly common
in normal use, but anyway!)
|
|
clear that these variables are completely unrelated to
BUILDLINK_TRANSFORM.
Added a legacy check that catches appearances of BUILDLINK_TRANSFORM.*.
XXX: Where should incompatible changes in pkgsrc be documented?
|
|
Changelog:
* caff:
+ Fix a bug with checking if we have exactly one or more keys that failed
downloading.
+ Mention in manpage that keyserver-options is a useful setting in
.caff/gnupghome/gpg.conf (Closes: #392811).
+ q-p-encode From: header (Closes: #366745).
|
|
|
|
|
|
ocaml-ssl is a library of OCaml bindings for libssl.
Package provided by Jaap Boender in PR pkg/35212
|
|
- Fix miscellaneous pkglint warnings.
- Fix security problem; CAN-2006-5170.
$Id: ChangeLog,v 1.212 2006/10/05 23:23:52 lukeh Exp $
===============================================================
183 Luke Howard <lukeh@padl.com>
* fix for BUG#291: don't suppress password policy
errors which should not be suppressed
182 Luke Howard <lukeh@padl.com>
* fix for BUG#269: compile time error in call to
ldap_sasl_interactive_bind_s()
181 Luke Howard <lukeh@padl.com>
* fix for BUG#256: don't send password policy request
control if pam_lookup_policy no specified
* fix for BUG#254: check gethostbyname() result
* fix for BUG#237: typo in ldap_get_lderrno()
implementation
* fix for BUG#207: if ldap_start_tls_s() fails
return PAM_AUTHINFO_UNAVAIL
* fix for BUG#261: sslpath example wrong
* fix for BUG#268: POLICY_ERROR_CHANGE_AFTER_RESET
should be handled as POLICY_ERROR_PASSWORD_EXPIRED,
other password policy errors to be treated as fatal
|
|
* keychain 2.6.8 (24 Oct 2006)
Save LC_ALL for gpg invocation so that pinentry-curses works. This affected
peper and kloeri, though it seems to work for me in any case.
* keychain 2.6.7 (24 Oct 2006)
Prevent gpg_listmissing from accidentally loading keys
|
|
Version 4.20, 2006.11.30, urgency: MEDIUM:
* Release notes
- The new transfer() function has been well tested.
I recommend upgrading any previous version with this one.
* Bugfixes
- Fixed support for encrypted passphases (broken in 4.19).
- Reduced amount of debug logs.
- A minor man page update.
Version 4.19, 2006.11.11, urgency: LOW/EXPERIMENTAL:
* Release notes
- There are a lot of new features in this version. I recommend
to test it well before upgrading your mission-critical systems.
* New features
- New service-level option to specify OCSP server flag:
OCSPflag = <flag>
- "protocolCredentials" option changed to "protocolUsername"
and "protocolPassword"
- NTLM support to be enabled with the new service-level option:
protocolAuthentication = NTLM
- imap protocol negotiation support added.
- Passphrase cache was added so the user does not need to reenter
the same passphrase for each defined service any more.
- New service-level option to retry connect+exec section:
retry = yes|no
- Local IP and port is logged for each established connection.
- Win32 DLLs for OpenSSL 0.9.8d.
* Bugfixes
- Serious problem with SSL_WANT_* retries fixed.
The new code requires extensive testing!
Version 4.18, 2006.09.26, urgency: MEDIUM:
* Bugfixes
- GPF on entering private key pass phrase on Win32 fixed.
- Updated OpenSSL Win32 DLLs.
- Minor configure script update.
Version 4.17, 2006.09.10, urgency: MEDIUM:
* New features
- Win32 DLLs for OpenSSL 0.9.8c.
* Bugfixes
- Problem with detecting getaddrinfo() in ./configure fixed.
- Compilation problem due to misplaced #endif in ssl.c fixed.
- Duplicate 220 in smtp_server() function in protocol.c fixed.
- Minor os2.mak update.
- Minor update of safestring()/safename() macros.
Version 4.16, 2006.08.31, urgency: MEDIUM:
* New features sponsored by Hewlett-Packard
- A new global option to control engine:
engineCtrl = <command>[:<parameter>]
- A new service-level option to select engine to read private key:
engineNum = <engine number>
- OCSP support:
ocsp = <URL>
* New features
- A new option to select version of SSL protocol:
sslVersion = all|SSLv2|SSLv3|TLSv1
- Visual Studio vc.mak by David Gillingham <dgillingham@gmail.com>.
- OS2 support by Paul Smedley (http://smedley.info)
* Bugfixes
- An ordinary user can install stunnel again.
- Compilation problem with --enable-dh fixed.
- Some minor compilation warnings fixed.
- Service-level CRL cert store implemented.
- GPF on protocol negotiations fixed.
- Problem detecting addrinfo() on Tru64 fixed.
- Default group is now detected by configure script.
- Check for maximum number of defined services added.
- OpenSSL_add_all_algorithms() added to SSL initialization.
- configure script sections reordered to detect pthread library funcions.
- RFC 2487 autdoetection improved. High resolution s_poll_wait()
not currently supported by UCONTEXT threading.
- More precise description of cert directory file names (thx to Muhammad
Muquit).
* Other changes
- Maximum number of services increased from 64 to 256 when poll() is used.
|
|
|
|
|
|
This fixes PR 35400.
|
|
|
|
database, for use by unprivileged users to verify their own password
(in particular for screen savers)
thanks to many people for comments
|
|
|
|
pam_af is a simple anti-bruteforce PAM module for authentification
services. It can be used to prevent brute-force attacks on services
like SSH or Telnet.
|
|
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.
Fixes PR 35265, although I did not use the patch provided therein.
|
|
Changes unknown. The homepage seems to come directly from the year 2004.
|
|
|
|
|
|
fails to detect native openssl on Darwin.
|
|
or USE_X11BASE set, but don't include mk/x11.buildlink3.mk directly or
via buildlink3.mks
- introduce BUILDLINK_PREFIX.libXpm as alias for BUILDLINK_PREFIX.xpm
in the !modular case
- fix some cases where the check for libX11 couldn't work at all by using
C++ for compilation without including the proper headers
Verified using a full X11_TYPE=xorg bulk build without additional
breakage. Discussed with salo@, wiz@ and send to packages@ for feedback.
|
|
|
|
|
|
|
|
|
|
ok <frueauf>, the MAINTAINER.
changes:
2.2.9:
======
- nessus-mkcert-client:
- Make sure that the user calling nessus-mkcert-client is root
- nessus-libraries:
- Fixed a bug in the PCAP handler which in turn should fix synscan.nes
- nessus:
- Fixed a possible memory corruption issue when creating a list of plugins
to launch
- Fixed a corruption of the .nessusrc files when receiving some plugin
prefs ending by a space
- nessus-fetch:
- Make sure that every request (including the proxy CONNECT request)
is done with the user-specified user-agent.
- nessus-plugins:
- Fixed a banner encoding problem in nessus_tcp_scanner and find_service
- Fixed a possible deadlock in synscan
- nessusd:
- Avoid a deadlock when waiting for a sub process to die
2.2.8:
======
- nessusd:
- Make sure that plugins of type ACT_INIT and ACT_SETTINGS are
always enabled during a scan
- Display more error verbose error messages when it's impossible to
load a .nes plugin
- Fixed a harmless memory reallocation problem which would truncate
a very long preference name
- nessus-libraries:
- Fixed a possible memory corruption when forwarding data from a process
to another
- libnasl:
- 'a = b + c ++' would not work as expected
- fixed a memory allocation problem when split() is passed an argument
of the wrong type
|
|
The redundant parsing of bsd.prefs.mk is mostly avoided now and
parse time e.g. for x11/kdebase3 gets reduced by up to 10%.
|
|
|
|
This is maintenance release to fix build problems found after the
release of 2.0.0 and to fix a buffer overflow in gpg2
|
|
Dirmngr is a server for managing and downloading certificate
revocation lists (CRLs) for X.509 certificates and for downloading the
certificates themselves. Dirmngr also handles OCSP requests as an
alternative to CRLs. Dirmngr is either invoked internally by gpgsm
(from GnuPG-2) or when running as a system daemon through the
dirmngr-client tool.
|
|
of the do-build target. bmake does not like that.
|
|
Mostly bugfixes, see: http://www.ijs.si/software/amavisd/release-notes.txt
|