summaryrefslogtreecommitdiff
path: root/security
AgeCommit message (Collapse)AuthorFilesLines
2008-02-07Needs GNU nroff to format catpages with -mandoc.tnn1-1/+2
2008-02-06Fix build on HPUX:tnn1-1/+3
in HP's alternate universe, MAP_ANON is called MAP_ANONYMOUS.
2008-02-05Update p5-IO-Socket-SSL to 1.13.obache2-6/+6
v1.13 - removed CLONE_SKIP which was added in 1.03 because this breaks windows forking. Handled threads/windows forking better by making sure that CTX from Net::SSLeay gets not freed multiple times from different threads after cloning/forking - removed setting LocalPort to 0 in tests, instead leave it undef if a random port should be allocated. This should fix build problems with 5.6.1. Thanks to <andrew[DOT]benham[AT]thus[DOT]net>
2008-01-31Increase the BUILDLINK_API_DEPENDS.gnutls to at least gnutls>=1.2.6reed1-2/+2
which is still very old. This fixes problem where building something depending on gnutls when old gnutls is already installed using liblzo won't buildlink because lzo is not installed. This forces a newer gnutls to be installed that uses lzo instead.
2008-01-29Need to allow leading underscore of OPENPAM_VERSION for old(?) version.obache1-2/+2
2008-01-28Changes 2.1.16:adam7-19/+22
Unfortunate bug introduced in 2.1.15 that broke generated firewall script for iptables in case option "use iptables-restore" was on is fixed in this release. Additional checks were added to the generated script for iptables to improve error detection and make sure the GUI properly detects when it terminates with error. Support for load balancing with PF was also added.
2008-01-28Remove leading underscore from OPENPAM_VERSION for BUILTIN_VERSION.openpam,bjs1-2/+2
as openpam "Hydrangea" now defines OPENPAM_VERSION. This caused the version inquiry to fail.
2008-01-28pkglint says:rillig2-3/+3
ERROR: security/dsniff/Makefile.common:4: PKGREVISION must not be set outside the package Makefile.
2008-01-25Updated to version 1.05.heinz2-7/+10
Pkgsrc changes: - Added missing HOMEPAGE. - The package supports installation to DESTDIR. - A C compiler is necessary. Changes since version 0.05: =========================== 1.05 - Fri Nov 9 05:39:09 2007 * This version fixes the signed integer problems that Solaris had. * Now this module require perl 5.6. * You don't need to upgrade if your system isn't Solaris. 1.04 - Mon Oct 15 14:27:00 2007 * Quashed warnings about overflows by casting numbers to unsigned ints. * This compiles warning-free and passes all tests on Solaris 10 with gcc 3.4.6, so it might take care of RT # 27632 1.04_02 - Wed Sep 19 19:24:06 2007 * remove test files that shouldn't be there 1.04_01 - Wed Sep 12 15:34:24 2007 * This developer release explores the Solaris bug noted in RT # 27632. Some Solaris installations may be encrypting or decrpyting incorrectly. 1.04 - Fri Feb 23 11:20:44 2007 * Todd Ross adjusted rijndael.h to use __sun to identify Solaris boxes. GCC uses __sun__ or __sun, but Solaris cc only uses __sun : http://blogs.sun.com/morganh/date/20060928 * If you've already compiled this module, you don't need to upgrade 1.03 - Thu Feb 22 15:42:04 2007 * Updated distro to include missing Pod tests * No code changes 1.02 - Thu Jan 25 14:48:51 2007 * Updated docs to show cipher modes. No need to upgrade if you already have this. 1.01 - Wed Jan 10 19:14:14 2007 * Bump to a release version. This is the same as 0.06_10. * This release should fix the problems with INT types on all platforms, including 64 bit platforms. 0.06_10 - Wed Jan 10 00:35:10 2007 * Let's try the int type for MinGW:wq 0.06_09 - Fri Dec 15 08:12:02 2006 * Updated header file to handle Solaris special case * I think this might be the release candidate for 0.07! :) 0.06_08 - Wed Nov 29 19:51:33 2006 * Adjusting WIN32 targets for typedefs. Some things look like both Unix and Windows, so I don't want compilers to choke if it tries to redefine types. 0.06_07 - Mon Nov 27 10:37:18 2006 * more header file fiddling to get everyone to define the right abstract types. This time check for _SYS_TYPES_H 0.06_06 - Fri Nov 17 14:56:19 2006 * Fooled with header file some more, and tested it myself on Cygwin. Instead of checking for WIN32, just check for __CYGWIN__ 0.06_05 - Fri Nov 17 11:13:25 2006 * The last two revisions seem to not define UINTxx and ends up with a parse error. Let's try this, as I go off to dig out my Windows box. 0.06_04 - Wed Nov 15 14:43:37 2006 * Try UINT patch from David Golden to get this to work on MinGW 0.06_03 - Wed Nov 15 11:07:08 2006 * Re-jiggered logic to define UINT32 and UINT8. First I'll try sys/types.h, then check if they are already defined elsewhere, and lastly hardcode the typedefs based on platform. The previous release (0.06_02) had some problems on Windows from conflicting typedefs (similar to the cygwin problems with libjpeg and X), so I guard my typedefs by checking for previous definitions. Let's hope those previous definitions are right :) 0.06_02 - Sun Nov 12 16:23:07 2006 * Let's try some hardcoded types for UINT(32|8) for Windows. 0.06_01 - Sun Nov 12 10:38:56 2006 * Adjust version number to match distro number (RT #4227) * Use <sys/types.h> instead of hard-coding (RT #22755, 9514, 18812, 1444, 503). * This module is now maintained by brian d foy (bdfoy@cpan.org)
2008-01-24Update dependency, it builds with openssl-0.9.8tnn1-2/+2
2008-01-24Append {,nb*} to a dependency.tnn1-2/+2
2008-01-23Also used by security/cy2-ldapdb/Makefile.obache1-1/+2
2008-01-22Distribution file was changed after sudo 1.6.9p12 was released. :-(taca2-5/+7
config.h.in configure configure.in ldap.c Add DIST_SUBDIR to handle this situation. Bump PKG_REVISION.
2008-01-22Fixed pattern to strip nb*.obache1-2/+2
2008-01-21Update sudo package to 1.6.9p12.taca2-6/+6
Changes from 1.6.9p11: 641) Added a configure check for the ber_set_option() function. 642) Fixed a compilation problem with the HP-UX K&R C compiler. 643) Revamped the Kerberos 5 ticket verification code. 644) Added support for the checkpeer ldap.conf variable for netscape-based LDAP SDKs. 645) Fixed a problem where an incomplete password could be echoed to the screen if there was a read timeout.
2008-01-18Per the process outlined in revbump(1), perform a recursive revbumptnn65-94/+130
on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
2008-01-17Update to openssl-0.9.8g. Provided by Jukka Salmi in pkgsrc-wip.tnn29-634/+262
pkgsrc notes: o Tested on NetBSD/i386 (Jukka Salmi), Mac OSX 10.5 (Adrian Portelli), Linux (Jeremy C. Reed), Tru64 5.1b (tnn), HP-UX 11i (tnn). Because the Makefile system has been rewamped, other platforms may require fixes. Please test if you can. o OpenSSL can now be built with installation to DESTDIR. Overview of important changes since 0.9.7i: o Add gcc 4.2 support. o DTLS improvements. o RFC4507bis support. o TLS Extensions support. o RFC3779 support. o New cipher Camellia o Updated ECC cipher suite support. o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). o Zlib compression usage fixes. o Major work on the BIGNUM library for higher efficiency and to make operations more streamlined and less contradictory. This is the result of a major audit of the BIGNUM library. o Addition of BIGNUM functions for fields GF(2^m) and NIST curves, to support the Elliptic Crypto functions. o Major work on Elliptic Crypto; ECDH and ECDSA added, including the use through EVP, X509 and ENGINE. o New ASN.1 mini-compiler that's usable through the OpenSSL configuration file. o Added support for ASN.1 indefinite length constructed encoding. o New PKCS#12 'medium level' API to manipulate PKCS#12 files. o Complete rework of shared library construction and linking programs with shared or static libraries, through a separate Makefile.shared. o Rework of the passing of parameters from one Makefile to another. o Changed ENGINE framework to load dynamic engine modules automatically from specifically given directories. o New structure and ASN.1 functions for CertificatePair. o Changed the key-generation and primality testing "progress" mechanism to take a structure that contains the ticker function and an argument. o New engine module: GMP (performs private key exponentiation). o New engine module: VIA PadLOck ACE extension in VIA C3 Nehemiah processors. o Added support for IPv6 addresses in certificate extensions. See RFC 1884, section 2.2. o Added support for certificate policy mappings, policy constraints and name constraints. o Added support for multi-valued AVAs in the OpenSSL configuration file. o Added support for multiple certificates with the same subject in the 'openssl ca' index file. o Make it possible to create self-signed certificates using 'openssl ca -selfsign'. o Make it possible to generate a serial number file with 'openssl ca -create_serial'. o New binary search functions with extended functionality. o New BUF functions. o New STORE structure and library to provide an interface to all sorts of data repositories. Supports storage of public and private keys, certificates, CRLs, numbers and arbitrary blobs. This library is unfortunately unfinished and unused withing OpenSSL. o New control functions for the error stack. o Changed the PKCS#7 library to support one-pass S/MIME processing. o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). o New X509_VERIFY_PARAM structure to support parametrisation of X.509 path validation. o Change the default digest in 'openssl' commands from MD5 to SHA-1. o Added support for DTLS. o New BIGNUM blinding. o Added support for the RSA-PSS encryption scheme o Added support for the RSA X.931 padding. o Added support for files larger than 2GB. o Added alternate pkg-config files.
2008-01-15Needs libz.rillig1-1/+2
From PR 37760.
2008-01-13-audit-packagesadrianp1-2/+1
2008-01-13Retire audit-packages in favour of pkg_install>=20070714.adrianp10-1037/+0
All functionality in this package is now in pkg_install>=20070714. As discussed on pkgsrc-users@ and OK'ed by agc@.
2008-01-13Update to 1.4.8:wiz2-6/+7
Noteworthy changes in version 1.4.8 (2007-12-20) ------------------------------------------------ ******************************************* * A decade of GnuPG: g10-0.0.0.tar.gz was * * released exactly 10 years ago. * ******************************************* * Changed the license to GPLv3. * Improved detection of keyrings specified multiple times. * Changes to better cope with broken keyservers. * Minor bug fixes. * The new OpenPGP standard is now complete, and has been published as RFC-4880. The GnuPG --openpgp mode (note this is not the default) has been updated to match the new standard. The --rfc2440 option can be used to return to the older RFC-2440 behavior. The main differences between the two are "--enable-dsa2 --no-rfc2440-text --escape-from-lines --require-cross-certification". * By default (i.e. --gnupg mode), --require-cross-certification is now on. --rfc2440-text and --force-v3-sigs are now off. * Allow encryption using legacy Elgamal sign+encrypt keys if option --rfc2440 is used. * Fixed the auto creation of the key stub for smartcards. * Fixed a rare bug in decryption using the OpenPGP card. * Fix RFC-4880 typo in the SHA-224 hash prefix. Old SHA-224 signatures will continue to work.
2008-01-11update to 2.20.3drochner2-6/+6
changes: minor fixes
2008-01-11update to 2.20.3drochner4-15/+15
changes: translation updates
2008-01-09Updated to version 1.32.heinz2-10/+18
Pkgsrc changes: - Requires p5-Test-Exception and p5-Test-Warn for building and p5-MIME-Base64 for running. The modules p5-Array-Compare, p5-Sub-Uplevel and p5-Tree-DAG_Node are only used through p5-Test-Warn. Opened bug id 32172 at rt.cpan.org for this. - Needs a C compiler. - Specified prefix for OpenSSL in order to avoid adding any search paths to inc/Module/Install/PRIVATE/Net/SSLeay.pm. - No more interactive questions (PERL_MM_USE_DEFAULT). Changes since version 1.30: =========================== - Mike McCauley and Florian Ragwitz maintain this module now 1.31_01 02.07.2007 - Only bind X509_STORE_set_trust #if OPENSSL_VERSION_NUMBER >= 0x0090800fL - Removed %Filenum_Objects from Net::SSLeay::Handle so unused handles will be freed. - Use ppport.h. - improved openssl path guessing, forcing openssl path now requires the -path flag (caution: incompatible flag change) Path guessing works on windows too. mikem, with patches from Stas Bekman - Added /usr/sfw/bin/openssl to path guessing for Open Solaris, suggested by Igor Boehme. - Fixed a problem with X509_get_subjectAltNames not working when the subjectAltNAmes are the first extension. Reported by Achim Grolms 1.31_02 14.07.2007 - Fix linking problems on Windows. Tested with VC++ 6.0, Shining Light 0.9.7L on Windows Server 2003 with ActivePerl 5.8.8.820. Also tested with OpenSSL 0.9.8e compiled from source. - Unable to get working systems when compiling with MS Visual Studio Express 2005. Contributions requested. This may be relevant: http://www.itwriting.com/blog/?postid=261&replyto=2542 - Fixed a number of minor compile warnings on Windows - Updated README.Win32 to define building procedures on Windows - Fixed incorrect test failure reports in 08_external. - Add parens to function calls in Makefile.PL to prevent warnings with some perls. - Tested on Sparc Solaris 8, Sparc Solaris 10, OpenSuSE 10.2 x64, OpenSuSE 10.0 x86, FreeBSD 6.0 x86, Ubuntu 6.10, Fedora Core 6 x86 - Changed type of SSL_set_info_callback args to stop compiler warnings on Windows - Removed auto_include from Makefile.PL - Removed build_requires('Test::NoWarnings') from Makefile.PL - Testing with Strawberry Perl on Windows XP SP2, added doc to README.Win32 - Testing with Perl CamelPack 5.8.7 on Windows XP SP2,added doc to README.Win32 1.32 03.08.2007 - Don't let the tests die when something unexpected happens. Just BAIL_OUT. - Some Win32 improvements.
2008-01-08Fix builds on Darwinadrianp1-2/+2
2008-01-08Updated to version 5.45.heinz2-6/+8
Pkgsrc changes: - Added explicit licence identification. Changes since version 5.44: =========================== 5.45 Tue Jun 26 02:36:00 MST 2007 - extended portability to earlier Perls -- works on Perl 5.003 and later -- thanks to Jim Doble for testing on legacy platforms - updated META.yml to conform to current META spec (1.3) - minor documentation fixes
2008-01-08Updated to version 0.25.heinz3-25/+12
Pkgsrc changes: - A C compiler is necessary. - Added explicit license identification. - Removed patch-ab (fixed upstream). Changes since version 0.24: =========================== 0.25 Sun May 20 2007 12:56:11 - Add a LICENSE file. - Fix a bug (reported by many) in rsa.t - we were incorrectly counting the number of tests in situations where use_sha512_hash was not available.
2008-01-08Updated to version 0.04.heinz2-7/+12
Pkgsrc changes: - The package supports installation to DESTDIR. - A C compiler is necessary. - Added explicit license identification. Changes since version 0.03: =========================== 0.04 Sun May 20 13:41:04 2007 - Add a LICENSE file. - Better use of types.
2008-01-08Updated to version 0.04.heinz2-7/+12
Pkgsrc changes: - The package supports installation to DESTDIR. - A C compiler is necessary. - Added explicit license identification. Changes since version 0.03: =========================== 0.04 Sun May 20 2007 13:08:23 - Add a LICENSE file. - Add -DOPENSSL_NO_KRB5 to DEFINE to keep redhat happy.
2008-01-07Fix builtin.mk logic for thread feature if no native OpenSSL exists.joerg1-2/+3
Fixes PR pkg/37699 from Aleksey Cheusov.
2008-01-06Update sudo package to 1.6.9p11.taca2-8/+6
637) Fixed a compilation problem on SCO related to how they store the high resolution timestamps in struct stat. 638) Avoid checking the passwd file group multiple times in the LDAP query when the user's passwd group is also listed in the supplemental group vector. 639) The URI specifier can now be used in ldap.conf even when the LDAP SDK doesn't support ldap_initialize(). 640) New %p prompt escape that expands to the user whose password is being prompted, as specified by the rootpw, targetpw and runaspw sudoers flags. Based on a diff from Patrick Schoenfeld.
2008-01-05Fixed a few pkglint warnings.rillig3-7/+8
2008-01-05Change MASTER_SITES to locatoin for old archive,obache1-2/+2
noticed by Zafer Aydogan in private mail.
2008-01-05Change MASTER_SITES to new location, noticed by Zafer Aydogan in private mail.obache1-3/+3
Also change HOMEPAGE.
2008-01-05Old url is not available now, noticed by Zafer Aydogan in private mail.obache1-4/+3
Switch HOMEPAGE and MASTER_SITES to new location.
2008-01-05*.tbz does not exist now, noticed by Zafer Aydogan in private mail.obache2-6/+6
Switch to *.tgz, no differ from *.tbz.
2008-01-05Change HOMEPAGE and MASTER_SITES to new location.obache1-3/+3
2008-01-04The package needs a C compiler.heinz1-1/+3
2008-01-04Removed the special-case handling of PKG_SYSCONFDIR for NetBSD. Now therillig1-6/+2
configuration files are installed in the usual pkgsrc place, not in /etc. PKGREVISION++ Ok'ed by jlam@.
2008-01-04Update to 2.1.4adrianp4-23/+20
27 Nov 2007 - 2.1.4 ------------------- * Updated included Core Ruleset to version 1.5 and noted in the docs that XML support is required to use the rules without modification. * Fixed an evasion FP, mistaking a multipart non-boundary for a boundary. * Fixed multiple warnings on Solaris and/or 64bit builds. * Do not process subrequests in phase 2-4, but do hand off the request data. * Fixed a blocking FP in the multipart parser, which affected Safari. 11 Sep 2007 - 2.1.3 ------------------- * Updated multipart parsing code adding variables to allow checking for various parsing issues (request body abnormalities). * Allow mod_rpaf and mod_extract_forwarded2 to work before ModSecurity. * Quiet some compiler warnings. * Do not block internal ErrorDocument requests after blocking request. * Added ability to compile without an external API (use -DNO_MODSEC_API). 27 Jul 2007 - 2.1.2 ------------------- * Cleaned up and clarified some documentation. * Update included core rules to latest version (1.4.3). * Enhanced ability to alert/audit failed requests. * Do not trigger "pause" action for internal requests. * Fixed issue with requests that use internal requests. These had the potential to be intercepted incorrectly when other Apache httpd modules that used internal requests were used with mod_security. * Added Solaris and Cygwin to the list of platforms not supporting the hidden visibility attribute. * Fixed decoding full-width unicode in t:urlDecodeUni. * Lessen some overhead of debugging messages and calculations. * Do not try to intercept a request after a failed rule. This fixes the issue associated with an "Internal Error: Asked to intercept request but was_intercepted is zero" error message. * Added SecAuditLog2 directive to allow redundent concurrent audit log index files. This will allow sending audit data to two consoles, etc. * Small performance improvement in memory management for rule execution.
2008-01-03Install the binaries readable for the owner, so that a package can berillig3-6/+7
created in unprivileged pkgsrc mode. PKGREVISION++
2008-01-02Look out for the case where audit-packages is already installed with theadrianp1-1/+10
base OS on NetBSD.
2007-12-30Replaced outdated mirrors by working mirrors.heinz1-4/+5
2007-12-30* Honor PKGMANDIR and PKG_SYSCONFBASE.obache4-8/+67
* Install config files by CONF_FILES instead of install directly. * Correct path of tools and config in sample config files and a manual page. * Add DESTDIR support. Bump PKGREVISION.
2007-12-28Recognize the MIT Kerberos bundled with Mac OS X Leopard.tron1-1/+7
2007-12-28This package uses BSD Makefile.obache3-2/+21
Honor PKGMANDIR and DESTDIR ready.
2007-12-28Require pre-created sbin directory.obache1-2/+2
2007-12-28DESTDIR ready.obache1-1/+3
2007-12-28Fixes invalid lvalue in assignment.obache2-1/+15
2007-12-28Also need for NetBSD.obache2-4/+4
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-03 20:14:49 +0000