| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
It is just a old version of security/py-crypto since it was re-imported as
version 2.1.0.
|
|
|
|
|
|
|
|
|
|
will produce an error message. Since we installed a wrapper script to handle
the builtin better, there is no longer an error, so avoid that check.
|
|
that are unsupported by the native port of MIT KRB5, and add any flags
necessary to support the builtin version.
Fixes various packages since the change to support the SunOS builtin.
Based on patches by Richard PALO (richard@).
|
|
|
|
|
|
|
|
Bump PKGREVISION for runtime dependency pattern changed packages.
|
|
|
|
|
|
No package depend on those packages and no advantage to maintain pure ruby
gem with pkgsrc.
|
|
|
|
munge-0.5.11 (2013-08-27):
- Added --mlockall cmdline opt to munged.
- Added --syslog cmdline opt to munged.
- Added --uid and --gid cmdline opts to munge.
- Added numeric timezone to unmunge timestamp output.
- Added timer to munged for periodically stirring PRNG entropy pool.
- Added support for pkg-config.
- Added support for systemd.
- Changed timer thread to better accommodate misbehaving system clocks.
- Changed behavior of munge --string cmdline opt to not append newline.
- Changed init script chkconfig priority levels to start after ntpd/ntpdate.
- Changed init script so munged runs as munge user by default.
- Fixed HMAC validation timing attack vulnerability.
- Fixed bug with munged being unable to restart if daemon not cleanly shutdown.
- Fixed bug with large groups triggering "numerical result out of range" error.
- Fixed bug causing high CPU utilization on FreeBSD when processing group info.
- Fixed bug causing IPv6-only hosts to exit due to failed hostname resolution.
- Fixed autoconf check that was not portable across shells.
- Fixed init script LSB Header on openSUSE.
- Replaced perl build-time dependency with awk.
|
|
|
|
* Fix breakage with latest automake.
|
|
Updates:
* SUPPORT-72: Improve logging when failed to increment serial in case of
key rollover and serial value "keep" [OPENDNSSEC-461].
* OPENDNSSEC-106: Add 'ods-enforcerd -p <policy>' option. This prompts
the enforcer to run once and only process the specified policy
and associated zones.
* OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml.
Default value remains PT0S.
* OPENDNSSEC-390: ods-ksmutil: Add an option to the 'ods-ksmutil key ds-seen'
command so the user can choose not to notify the enforcer.
* OPENDNSSEC-430: ods-ksmutil: Improve 'zone add' - Zone add command could
warn if a specified zone file or adapter file does not exits.
* OPENDNSSEC-431: ods-ksmutil: Improve 'zone add' - Support default <input>
and <output> values for DNS adapters.
* OPENDNSSEC-454: ods-ksmutil: Add option for 'ods-ksmutil key import'
to check if there is a matching key in the repository before import.
Bugfixes:
* OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature cleanup.
* OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly.
* OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back
to AXFR.
* OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use
inbound serial.
|
|
Patches from Sebastian Wiedenroth.
|
|
The three tommath patches (which patch the files into existence) have
been included in the source code since heimdal 1.5, so remove them.
Compile errors due to missing -pthread in MirBSD were fixed by adding
PTHREAD_AUTO_VARS.
|
|
This is a bugfix release. The krb5-1.10 release series is in maintenance, and for new deployments, installers should prefer the krb5-1.11 release series or later.
* Fix a KDC locking issue that could lead to the KDC process holding a persistent lock, preventing administrative actions such as password changes.
* Fix a number of bugs related to KDC master key rollover.
* Fix a KDC null pointer dereference [CVE-2013-1418] that could affect KDCs that serve multiple realms.
|
|
|
|
Changes since OpenSSH 6.3
=========================
This release fixes a security bug:
* sshd(8): fix a memory corruption problem triggered during rekeying
when an AES-GCM cipher is selected. Full details of the vulnerability
are available at: http://www.openssh.com/txt/gcmrekey.adv
Changes since OpenSSH 6.2 is too many to write here, please refer
the release note: http://www.openssh.com/txt/release-6.3.
|
|
* Version 3.2.7 (released 2013-11-23)
** libgnutls: gnutls_cipher_get_iv_size() now returns the correct IV size in
GCM ciphers (previously it returned the implicit IV used in TLS).
** libgnutls: gnutls_certificate_set_x509_key_file() et al when provided
with a PKCS #11 URL pointing to a certificate, will attempt to load the whole
chain.
** libgnutls: When traversing PKCS #11 tokens looking for an object, avoid
looking in unrelated to the object tokens.
** libgnutls: Added an experimental %DUMBFW option in priority strings. This
avoids a black hole behavior in some firewalls by sending a large client hello.
See http://www.ietf.org/mail-archive/web/tls/current/msg10423.html
** libgnutls: The GNUTLS_DEBUG_LEVEL variable if set to a log level number
will force output of debug messages to stderr.
** libgnutls: Fixed the setting of the ciphersuite when gnutls_premaster_set()
is used with another protocol than the GNUTLS_DTLS0_9 protocol.
** libgnutls: gnutls_x509_crt_set_expiration_time() will set the no well defined
expiration date when (time_t)-1 is specified as date.
** libgnutls: Session tickets are encrypted using AES-GCM.
** libgnutls: Corrected issue in record decompression. Issue pinpointed
by Frank Zschockel.
** libgnutls: Forbid all compression methods in DTLS.
** gnutls-serv: Fixed issue with IPv6 address in UDP mode.
** certtool: When exporting an encrypted PEM private key do not output the key
parameters.
** certtool: Expiration days template option allows for a -1 value which
will set to the no well defined expiration date (RFC5280), and no longer
chokes on integer overflows. Suggested by Stefan Buehler.
** certtool: Added new template options: 'activation_date', and
'expiration_date'.
** tools: The environment variable GNUTLS_PIN can be used to read any PIN
requested from tokens.
** tools: The installed version of libopts is used if the autogen tool is
present.
** API and ABI modifications:
gnutls_pkcs11_obj_export3: Added
gnutls_pkcs11_get_raw_issuer: Added
gnutls_est_record_overhead_size: Exported
|
|
Bump rev.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SSLScan queries SSL services, such as HTTPS, in order to determine the
ciphers that are supported. SSLScan is designed to be easy, lean and
fast. The output includes prefered ciphers of the SSL service, the
certificate and is in Text and XML formats.
|
|
|
|
System V shared memory segments created with shmget() are assigned an
owner, a group and a set of permissions intended to limit access to
the segment to designated processes only. The owner of a shared
memory segment can change the ownership and permissions on a segment
after its creation using shmctl(). Any subsequent processes that wish
to attach to the segment can only do so if they have the appropriate
permissions. Once attached, the process can read or write to the
segment, as per the permissions that were set when the segment was
created.
smaSHeM takes advantage of applications that set weak permissions on
such segments, allowing an attacker to dump or patch their contents.
As discussed in the presentation at 44CON 2013 entitled 'I Miss LSD',
in the case of many X11 applications it is possible to extract pixmaps
of previously rendered GUI artifacts. When compiled with QtCore
linking enabled, smaSHeM aids in that process by brute forcing
potentially valid dimensions for the raw pixmap dump.
|
|
|
|
aborts the build. Use '||' instead. Upstream's "HEAD" equivalent has
the fix already.
|
|
bugfixes, many new features, improved stability and performance.
|
|
|
|
platforms.
Reported by Richard PALO.
|
|
|
|
|
|
* Version 3.2.6 (released 2013-10-31)
** libgnutls: Support for TPM via trousers is now enabled by default.
** libgnutls: Camellia in GCM mode has been added in default priorities, and
GCM mode is prioritized over CBC in all of the default priority strings.
** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.
** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256.
Reported by Stefan Buehler.
** libgnutls: Added support for ISO OID for RSA-SHA1 signatures.
** libgnutls: Minimum acceptable DH group parameters were increased to 767
bits from 727.
** libgnutls: Added function to obtain random data from PKCS #11 tokens.
Contributed by Wolfgang Meyer zu Bergsten.
** gnulib: updated.
** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
previous fix. Reported by Tomas Mraz.
** p11tool: Added option generate-random.
** API and ABI modifications:
gnutls_pkcs11_token_get_random: Added
|
|
Updated USE_TOOLS with gmake
|
|
own PKGNAME is unchanged.
|
|
|
|
|
|
allow you to investigate disk images. The core functionality of TSK allows
you to analyze volume and file system data. The plug-in framework allows
you to incorporate additional modules to analyze file contents and build
automated systems. The library can be incorporated into larger digital
forensics tools and the command line tools can be directly used to find
evidence.
|
