| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- Fix false positive on NetBSD for "login". Thanks to Richard Ibbotson for
helping sort this out.
- Install main shell script and documentation.
chkwtmp.c
fix: del counter (Thanks to Dietrich Raisin)
chkproc.c
fix: better support for Linux threads
chkrootkit;
new rootkit detected: Madalin rootkit
top and find tests improved for Suse Linux
more ports added in the bindshell test
fix: FreeBSD false positives
fix: slammer detection
lots of minor bug fixes
|
|
|
|
library changes for gnustep-base 1.10.0.
|
|
(and possibly elsewhere) behave as expected. Without this, the build
framework thinks you are not building a package, but base.
|
|
- ok'ed wiz@, snj@
- Grab maintainership
- Remove DIST_SUBDIR directive
Verison 2.0.5:
--------------
[BUG] OpenBSD compile fix.
Support for 802.1Q.
New signatures.
Speel-chceked teh docuhmentation!
Absolutely experimental support for open connection fingerprinting (-O).
Synced manpage and documentation.
Added several -O signatures.
|
|
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
|
|
|
|
|
|
Changes in version 0.4.0 are:
* Build fix on some systems
* Translation updates
Changes in version 0.3.3 are:
* Translation updates
Changes in version 0.3.2 are:
* New API functions for getting/setting ACL
* Implemented delete keyring operation
Changes in version 0.3.1 are:
* New and updated translations.
* New introduction document
* unlocking the NULL keyring unlocks the default keyring
|
|
that, on a large SMP bulk build machine, and occasionally on smaller
less busy machines, we can get a false-postive message in the aide
output because the atime on a group of files can be one second later
than "cur_time", the current time as returned to aide. So allow for
one second's difference in the time calculation.
Bump package revision.
|
|
Changes since 0.0.8:
* Changes in 0.1.4 (released 2004-08-08)
** Revamp of gnulib compatibility files.
** More translations.
German (by Roland Illig), Basque (by Mikel Olasagasti), French (by
Michel Robitaille), Irish (by Kevin Patrick Scannell), Dutch (by Elros
Cyriatan), Polish (by Jakub Bogusz), Romanian (by Laurentiu Buzdugan),
and Serbian (by Aleksandar Jelenak).
* Changes in 0.1.3 (released 2004-08-04)
** Command line tool support IPv6 (and other protocol families).
Requires that your system has `getaddrinfo'.
** Command line behaviour for gsasl tool improved.
The --client and --imap parameters are now the default. The --connect
host and port can now be specified directly. If --authentication-id
is not specified, the username of the user invoking gsasl is used
(i.e., getpwuid(getuid)->pw_name). Alltogether, this allows simple
usage, as in `gsasl mail.example.com' to connect, via IMAP, to
mail.example.com.
* Changes in 0.1.2 (released 2004-07-16)
** The SMTP mode in `gsasl' should now work.
** Cross compile builds should work.
It should work for any sane cross compile target, but the only tested
platform is uClibc/uClinux on Motorola Coldfire.
** The GNU Readline library is used to read data, if available.
** Passwords read from stdin are not echoed to the terminal.
* Changes in 0.1.1 (released 2004-06-26)
** In the command line client, the default quality of protection is now none.
* Changes in 0.1.0 (released 2004-04-16)
** The library re-licensed to LGPL and distributed as a separate package.
This means a fork of this NEWS file, all the entries below relate to
the combined work of earlier versions. New entries above does not
document user visible changes for the library ("libgsasl"), for that
see NEWS in the lib/ sub-directory, which is also distributed as a
stand-alone package.
* Changes in 0.0.14 (released 2004-01-22)
** Moved all mechanism specific code into sub-directories of lib/.
Each backend is built into its own library (e.g., libgsasl-plain.so),
to facilitate future possible use of dlopen to dynamically load
backends.
** Moved compatibility files (getopt*) to gl/, and added more (strdup*).
* Changes in 0.0.13 (released 2004-01-17)
** Nettle (the crypto functionality, crypto/) has been updated.
This fixes two portability issues, the new code should work on
platforms that doesn't have inttypes.h and alloca.
* Changes in 0.0.12 (released 2004-01-15)
** Protocol line parser in 'gsasl' tool more reliable.
Earlier it assumed two lines were sent in one packet in one place, and
sent as two packets in another place.
** Various bugfixes.
* Changes in 0.0.11 (released 2004-01-06)
** The client part of CRAM-MD5 now uses SASLprep instead of NFKC.
This aligns with draft-ietf-sasl-crammd5-01.
** The CRAM-MD5 challenge string now conform to the proper syntax.
** The string preparation (SASLprep and trace) functions now work correctly.
** DocBook manuals no longer included.
The reason is that recent DocBook tools from the distribution I use
(Debian) fails with an error. DocBook manuals may be included in the
future, if I can get the tools to work.
** API and ABI modifications.
GSASL_SASLPREP_ERROR: ADD.
* Changes in 0.0.10 (released 2003-11-22)
** The CRAM-MD5 server now reject invalid passwords.
The logic flaw was introduced in 0.0.9, after blindly making code
changes to shut up valgrind just before the release.
** Various build improvements.
Pkg-config is no longer needed. GTK-DOC is only used if present.
* Changes in 0.0.9 (released 2003-11-21)
** Command line client can talk to SMTP servers with --smtp.
** DocBook manuals in XML, PDF, PostScript, ASCII and HTML formats included.
** Token parser in DIGEST-MD5 fixed, improve interoperability of DIGEST-MD5.
** Libgcrypt >= 1.1.42 is used if available (for CRAM-MD5 and DIGEST-MD5).
The previous libgcrypt API is no longer supported.
** CRAM-MD5 and DIGEST-MD5 no longer require libgcrypt (but can still use it).
If libgcrypt 1.1.42 or later is not found, it uses a minimalistic
cryptographic library based on Nettle, from crypto/. Currently only
MD5 and HMAC-MD5 is needed, making a dependence on libgcrypt overkill.
** Listing supported server mechanisms with gsasl_server_mechlist work.
** Autoconf 2.59, Automake 1.8 beta, Libtool CVS used.
** Source code for each SASL mechanism moved to its own sub-directory in lib/.
** The command line interface now uses getopt instead of argp.
The reason is portability, this also means we no longer use gnulib.
** API and ABI modifications.
gsasl_randomize: ADD.
gsasl_md5: ADD.
gsasl_hmac_md5: ADD.
gsasl_hexdump: REMOVED. Never intended to be exported.
gsasl_step: ADD.
gsasl_step64: ADD.
gsasl_client_step: DEPRECATED: use gsasl_step instead.
gsasl_server_step: DEPRECATED: use gsasl_step instead.
gsasl_client_step_base64: DEPRECATED: use gsasl_step64 instead.
gsasl_server_step_base64: DEPRECATED: use gsasl_step64 instead.
gsasl_finish: ADD.
gsasl_client_finish: DEPRECATED: use gsasl_finish instead.
gsasl_server_finish: DEPRECATED: use gsasl_finish instead.
gsasl_ctx_get: ADD.
gsasl_client_ctx_get: DEPRECATED: use gsasl_ctx_get instead.
gsasl_server_ctx_get: DEPRECATED: use gsasl_ctx_get instead.
gsasl_appinfo_get: ADD.
gsasl_appinfo_set: ADD.
gsasl_client_application_data_get: DEPRECATED: use gsasl_appinfo_get instead.
gsasl_client_application_data_set: DEPRECATED: use gsasl_appinfo_set instead.
gsasl_server_application_data_get: DEPRECATED: use gsasl_appinfo_get instead.
gsasl_server_application_data_set: DEPRECATED: use gsasl_appinfo_set instead.
Gsasl: ADD.
Gsasl_ctx: DEPRECATED: use Gsasl instead.
Gsasl_session: ADD.
Gsasl_session_ctx: DEPRECATED: use Gsasl_session instead.
GSASL_CRYPTO_ERROR: ADD, replaces deprecated GSASL_LIBGCRYPT_ERROR.
GSASL_LIBGCRYPT_ERROR: DEPRECATED: use GSASL_CRYPTO_ERROR instead.
GSASL_KERBEROS_V5_INTERNAL_ERROR: ADD, replaces deprecated GSASL_SHISHI_ERROR.
GSASL_SHISHI_ERROR: DEPRECATED: use GSASL_KERBEROS_V5_INTERNAL_ERROR instead.
GSASL_INVALID_HANDLE: ADD.
|
|
* Changes in 0.0.13 (released 2004-08-08)
** Revamp of gnulib compatibility files.
** More translations.
French (by Michel Robitaille) and Romanian (by Laurentiu Buzdugan).
* Changes in 0.0.12 (released 2004-08-01)
** Added rudimentary self tests of Kerberos 5 context init/accept.
Tests client and server authentication, with and without mutual
authentication, and that various aspects of the API like ret_flags
work.
** Various fixes, discovered while writing the Kerberos 5 self test.
** Cross compile builds should work.
It should work for any sane cross compile target, but the only tested
platform is uClibc/uClinux on Motorola Coldfire.
|
|
|
|
at:
http://www.sudo.ws/sudo/alerts/sudoedit.html
Major changes since Sudo 1.6.8:
o Sudoedit now re-opens the temp file as the invoking user
and will only open regular files.
o Better detection of unchanged files in sudoedit.
o The path to ldap.conf is now configurable.
o Added SSL tls_* certificate checking options when using LDAP.
o The sample pam config file has been updated.
|
|
NetBSD-1.6.2_STABLE. Gets rid of a parse error when only one
argument is given to HDN_WARN, which leaves us with "fprintf(fp, arg, )".
This may be a failure of the compiler on this platform to properly
do varargs macros, but the changes are noops and gets it building there.
|
|
scripts can be taught how to properly detect our utmpx implementation.
This should fix the build on NetBSD-2.0 and -current.
|
|
-lreadline also needs either -ltermcap, -lcurses, -lncurses in the link
command to resolve all symbols used in the readline library. Cause one
of these libraries to automatically be added whenever "-lreadline"
appears on the command line. This is a generalization of the change in
revision 1.6 to work on more operating systems.
|
|
dependencies. This fixes link failures when the Heimdal dependency
is satisfied by the package rather than the builtin Heimdal. Pointed
out by Mark Davies in private email.
I've intentionally left out including readline/buildlink3.mk. Although
it is used by libsl.* and libss.*, those libraries are not actually
critical or used by other packages that depend on Heimdal for Kerberos
functionality.
|
|
with NetBSD versions.
|
|
* fix vulnerabilities in ftpd
* support for linux AFS /proc "syscalls"
* support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in kpasswdd
* fix possible KDC denial of service
* Fix possible buffer overrun in v4 kadmin (which now defaults to off)
|
|
|
|
|
|
provided in PR pkg/26678 by Jukka Salmi.
|
|
of the library, not 2.18; adapt PLIST.
|
|
Don't try and use getutent() on NetBSD's that have utmpx
Fixes problems seen in bulkbuild.
|
|
|
|
Bump the PKGREVISION for this security update.
|
|
|
|
|
|
|
|
|
|
pam_dbm is a PAM module for DBM authentication.
|
|
|
|
pam_dbm is a PAM module for DBM authentication.
|
|
otherwise the default is better (and the variable doesn't need to be set).
Remove a few cases where it was set unnecessarily.
|
|
|
|
Collection.
The CipherSaber Perl module provides an object oriented interface to
CipherSaber-1 and CipherSaber-2 encryption.
See http://ciphersaber.gurus.com for more information about CipherSaber.
|
|
* Added new "IdentitiesOnly" option to ssh(1), which specifies that it should
use keys specified in ssh_config, rather than any keys in ssh-agent(1)
* Make sshd(8) re-execute itself on accepting a new connection. This security
measure ensures that all execute-time randomisations are reapplied for each
connection rather than once, for the master process' lifetime. This includes
mmap and malloc mappings, shared library addressing, shared library mapping
order, ProPolice and StackGhost cookies on systems that support such things
* Add strict permission and ownership checks to programs reading ~/.ssh/config
NB ssh(1) will now exit instead of trying to process a config with poor
ownership or permissions
* Implemented the ability to pass selected environment variables between the
client and the server. See "AcceptEnv" in sshd_config(5) and "SendEnv" in
ssh_config(5) for details
* Added a "MaxAuthTries" option to sshd(8), allowing control over the maximum
number of authentication attempts permitted per connection
* Added support for cancellation of active remote port forwarding sessions.
This may be performed using the ~C escape character, see "Escape Characters"
in ssh(1) for details
* Many sftp(1) interface improvements, including greatly enhanced "ls" support
and the ability to cancel active transfers using SIGINT (^C)
* Implement session multiplexing: a single ssh(1) connection can now carry
multiple login/command/file transfer sessions. Refer to the "ControlMaster"
and "ControlPath" options in ssh_config(5) for more information
* The sftp-server has improved support for non-POSIX filesystems (e.g. FAT)
* Portable OpenSSH: Re-introduce support for PAM password authentication, in
addition to the keyboard-interactive driver. PAM password authentication
is less flexible, and doesn't support pre-authentication password expiry but
runs in-process so Kerberos tokens, etc are retained
* Improved and more extensive regression tests
* Many bugfixes and small improvements
|
|
- SECURITY: Don't try to free() uninitialised variables in DSS verification
code. Thanks to Arne Bernin for pointing out this bug. This is possibly
exploitable, all users with DSS and pubkey-auth compiled in are advised to
upgrade.
- Clean up agent forwarding socket files correctly, patch from Gerrit Pape.
- Don't go into an infinite loop when portforwarding to servers which don't
send any initial data/banner. Patch from Nikola Vladov
- Fix for network vs. host byte order in logging remote TCP ports, also
from Gerrit Pape.
- Initialise many pointers to NULL, for general safety. Also checked cleanup
code for mp_ints (related to security issues above).
|
|
directory. Bump PKGREVISION to 4. From Ryo HAYASAKA in PR pkg/26808.
|
|
|
|
intended transformation: use "rm" to remove an option, "rmdir" to remove
all options containing a path starting with a given directory name, and
"rename" to rename options to something else.
|
|
|
|
|
|
changes:
-bugfixes
-adds some limits to the verification functions to avoid denial of
service attacks
-selftests added
|
|
changes:
Severeal cleanups and Libgcrypt 1.2.0 adjustments.
|
|
which are the full option names used to set rpath directives for the
linker and the compiler, respectively. In places were we are invoking
the linker, use "${LINKER_RPATH_FLAG} <path>", where the space is
inserted in case the flag is a word, e.g. -rpath. The default values
of *_RPATH_FLAG are set by the compiler/*.mk files, depending on the
compiler that you use. They may be overridden on a ${OPSYS}-specific
basis by setting _OPSYS_LINKER_RPATH_FLAG and _OPSYS_COMPILER_RPATH_FLAG,
respectively. Garbage-collect _OPSYS_RPATH_NAME and _COMPILER_LD_FLAG.
|
|
|
|
* Updated the included gettext. This also fixes the installation
problem from 1.2.5
* Fixed a race condition possibly leading to deleted keys.
|
|
Fix build with recent libtool. Not bumping PKGREVISION, it's in the flow
of current PLIST fixes and such...
|
