| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
removed in revision 1.22.
|
|
It has security problems for a long time now.
Removal was announced on pkgsrc-users on March 13.
|
|
cipher/rijndael.c:do_padlock(): seen with GCC 3.3.3 on NetBSD.
|
|
|
|
|
|
e.g. match IRIX 5.x but not 6.x. Some of these may indeed apply to 6.x
too, but let's be conservative. PR pkg/38224.
|
|
pkgsrc changes:
- Explict to depends security/heimdal package when kerberos option is
specified. PR pkg/37999 should be fixed.
Change:
646) Sudo will now set the nproc resource limit to unlimited on Linux
systems to work around Linux's setuid() resource limit semantics.
On PAM systems the resource limits will be reset by pam_limits.so
before the command is executed.
647) SELinux support that can be used to implement role based access
control (RBAC). A role and (optional) type may be specified
in sudoers or on the command line. These are then used in the
security context that the command is run as.
648) Fixed a Kerberos 5 compilation problem with MIT Kerberos.
Sudo 1.6.9p13 released.
649) Fixed an invalid assumption in the PAM conversation function
introduced in version 1.6.9p9. The conversation function may
be called for non-password reading purposes as well.
650) Fixed freeing an uninitialized pointer in -l mode, introduced in
version 1.6.9p13.
651) Check /etc/sudoers after LDAP even if the user was found in LDAP.
This allows Defaults options in /etc/sudoers to take effect.
652) Add missing checks for enforcing mode in SELinux RBAC mode.
Sudo 1.6.9p14 released.
|
|
Noteworthy changes in version 1.4.0 (2007-12-10)
------------------------------------------------
* New configure option --disable-padlock-support which is mostly
useful in case of build problems.
Noteworthy changes in version 1.3.2 (2007-12-03)
------------------------------------------------
* The visibility attribute is now used if supported by the toolchain.
* The ACE engine of VIA processors is now used for AES-128.
* The ASN.1 DER template for SHA-224 has been fixed.
Noteworthy changes in version 1.3.1 (2007-10-26)
------------------------------------------------
* The entire library is now under the LGPL. The helper programs and
the manual are under the GPL. Kudos to Peter Gutmann for giving
permissions to relicense the rndw32 and rndunix modules.
* The Camellia cipher is now under the LGPL and included by default.
* Fixed a bug in the detection of symbol prefixes which inhibited the
build of optimzied assembler code on certain systems.
* Updated the entropy gatherer for W32.
Noteworthy changes in version 1.3.0 (2007-05-04)
------------------------------------------------
* Changed the way the RNG gets initialized. This allows to keep it
uninitialized as long as no random numbers are used. To override
this, the new macro gcry_fast_random_poll may be used. It is in
general a good idea to spread this macro into the application code
to make sure that these polls happen often enough.
* Made the RNG immune against fork without exec.
* Reading and writing the random seed file is now protected by a
fcntl style file lock on systems that provide this function.
* Support for SHA-224 and HMAC using SHA-384 and SHA-512.
* Support for the SEED cipher.
* Support for the Camellia cipher. Note that Camellia is disabled by
default, and that enabling it changes the license of libgcrypt from
LGPL to GPL.
* Support for OFB encryption mode.
* gcry_mpi_rshift does not anymore truncate the shift count.
* Reserved algorithm ranges for use by applications.
* Support for DSA2.
* The new function gcry_md_debug should be used instead of the
gcry_md_start_debug and gcry_md_stop_debug macros.
* New configure option --enable-random-daemon to support a system
wide random daemon. The daemon code is experimental and not yet
very well working. It will eventually allow to keep a global
random pool for the sake of short living processes.
* Non executable stack support is now used by default on systems
supporting it.
* Support for Microsoft Windows.
* Assembler support for the AMD64 architecture.
* New configure option --enable-mpi-path for optimized builds.
* Experimental support for ECDSA; should only be used for testing.
* New control code GCRYCTL_PRINT_CONFIG to print the build
configuration.
* Minor changes to some function declarations. Buffer arguments are
now typed as void pointer. This should not affect any compilation.
Fixed two bugs in return values and clarified documentation.
* Interface changes relative to the 1.2.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcry_fast_random_poll NEW
gcry_md_debug NEW
gcry_sexp_nth_string NEW
GCRY_MD_SHA224 NEW
GCRY_PK_USAGE_CERT NEW
GCRY_PK_USAGE_AUTH NEW
GCRY_PK_USAGE_UNKN NEW
GCRY_PK_ECDSA NEW
GCRY_CIPHER_SEED NEW
GCRY_CIPHER_CAMELLIA128 NEW
GCRY_CIPHER_CAMELLIA192 NEW
GCRY_CIPHER_CAMELLIA256 NEW
GCRYCTL_FAKED_RANDOM_P NEW
GCRYCTL_PRINT_CONFIG NEW
GCRYCTL_SET_RNDEGD_SOCKET NEW.
gcry_mpi_scan CHANGED: Argument BUFFER is now void*.
gcry_pk_algo_name CHANGED: Returns "?" instead of NULL.
gcry_cipher_algo_name CHANGED: Returns "?" instead of "".
gcry_pk_spec_t CHANGED: Element ALIASES is now const ptr.
gcry_md_write_t CHANGED: Argument BUF is now a const void*.
gcry_md_ctl CHANGED: Argument BUFFER is now void*.
gcry_cipher_encrypt CHANGED: Arguments IN and OUT are now void*.
gcry_cipher_decrypt CHANGED: Arguments IN and OUT are now void*.
gcry_sexp_sprint CHANGED: Argument BUFFER is now void*.
gcry_create_nonce CHANGED: Argument BUFFER is now void*.
gcry_randomize CHANGED: Argument BUFFER is now void*.
gcry_cipher_register CHANGED: Argument ALGORITHM_ID is now int*.
|
|
|
|
* Version 2.2.2 (released 2008-02-21)
** Cipher priority string handling now handle strings that starts with NULL.
Thanks to Laurence Withers <l@lwithers.me.uk>.
** Corrected memory leaks in session resuming and DHE ciphersuites. Reported
by Daniel Stenberg.
** Increased the default certificate verification chain limits and allowed
for checks without limitation.
** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
strings and return the proper size.
** API and ABI modifications:
No changes since last version.
* Version 2.2.1 (released 2008-01-17)
** Prevent linking libextra against previously installed libgnutls.
Tiny patch from "Alon Bar-Lev" <alon.barlev@gmail.com>, see
<http://bugs.gentoo.org/show_bug.cgi?id=202269>.
** Fixes the post_client_hello_function(). The extensions are now parsed
in a callback friendly way.
** Fix for certificate selection in servers with certificate callbacks.
** API and ABI modifications:
No changes since last version.
* Version 2.2.0 (released 2007-12-14)
Major changes compared to the v2.0 branch:
* SRP support aligned with newly published RFC 5054.
* OpenPGP support aligned with newly published RFC 5081.
* Support for DSA2 keys.
* Support for Camellia cipher.
* Support for Opaque PRF Input extension.
* PKCS#8 parser now handle DSA keys.
* Change from GPLv2 to GPLv3 for command-line tools, libgnutls-extra,
etc. Notice that liblzo2 2.02 is licensed under GPLv2 only. Earlier
versions, such as 2.01 which is included with GnuTLS, is available under
GPLv2 or later. If this incompatibility causes problems, we recommend
you to disable LZO using --without-lzo. LZO compression is not a
standard TLS compression algorithm, so the impact should be minimal.
* Functions for disabling record protocol padding.
Works around bugs on Nokia/Ericsson phones.
* New functions gnutls_priority_set() for setting cipher priorities easily.
Priorities like "COMPAT" also enables other work arounds, such as
disabling padding.
* Other minor improvements and bug fixes.
Minor changes compared to the latest v2.1.8 release candidate:
* Update internal copy of libtasn1 to version 1.2.
* Certtool --verify-chain now handle inputs larger than 64kb.
This fixes the self-test "rsa-md5-collision" under MinGW+Wine with
recent versions of libgcrypt. The problem was that Wine with the
libgcrypt RNG generates huge amounts of debugging output.
* Translation updates.
Added Dutch translation. Updated Polish and Swedish translation.
Backwards incompatible API/ABI changes in GnuTLS 2.2
====================================================
To adapt to changes in the TLS extension specifications for OpenPGP
and SRP, the GnuTLS API had to be modified. This means breaking the
API and ABI backwards compatibility. That is something we try to
avoid unless it is necessary. We decided to also remove the already
deprecated stub functions for X.509 to XML conversion and TLS
authorization (see below) when we had the opportunity.
Generally, most applications does not need to be modified. Just
re-compile them against the latest GnuTLS release, and it should work
fine.
Applications that use the OpenPGP or SRP features needs to be
modified. Below is a list of the modified APIs and discussion of what
the minimal things you need to modify in your application to make it
work with GnuTLS 2.2.
Note that GnuTLS 2.2 also introduces new APIs -- such as
gnutls_set_priority() that is superior to
gnutls_set_default_priority() -- that you may want to start using.
However, using those new APIs is not required to use GnuTLS 2.2 since
the old functions continue are still supported. This text only
discuss what you minimally have to modify.
XML related changes
-------------------
The function `gnutls_x509_crt_to_xml' has been removed. It has been
deprecated and only returned an error code since GnuTLS version
1.2.11. Nobody has complained, so users doesn't seem to miss the
functionality. We don't know of any other library to convert X.509
certificates into XML format, but we decided (long ago) that GnuTLS
isn't the right place for this kind of functionality. If you want
help to find some other library to use here, please explain and
discuss your use case on help-gnutls <at> gnu.org.
TLS Authorization related changes
---------------------------------
Everything related to TLS authorizations have been removed, they were
only stub functions that returned an error code:
GNUTLS_SUPPLEMENTAL_AUTHZ_DATA
gnutls_authz_data_format_type_t
gnutls_authz_recv_callback_func
gnutls_authz_send_callback_func
gnutls_authz_enable
gnutls_authz_send_x509_attr_cert
gnutls_authz_send_saml_assertion
gnutls_authz_send_x509_attr_cert_url
gnutls_authz_send_saml_assertion_url
SRP related changes
-------------------
The callback gnutls_srp_client_credentials_function has a new
prototype, and its semantic has changed. You need to rewrite the
callback, see the updated function documentation and SRP example code
(doc/examples/ex-client-srp.c and doc/examples/ex-serv-srp.c) for more
information.
The alert codes GNUTLS_A_MISSING_SRP_USERNAME and
GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP
specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert is
used. There are #define's to map the old names to the new. You may
run into problems if you have a switch-case with cases for both SRP
alerts, since they are now mapped to the same value. The solution is
to drop the SRP alerts from such switch cases, as they are now
deprecated in favor of GNUTLS_A_UNKNOWN_PSK_IDENTITY.
OpenPGP related changes
-----------------------
The function `gnutls_certificate_set_openpgp_keyserver' have been
removed. There is no replacement functionality inside GnuTLS. If you
need keyserver functionality, consider using the GnuPG tools.
All functions, types, and error codes related to OpenPGP trustdb
format have been removed. The trustdb format is a non-standard
GnuPG-specific format, and we recommend you to use key rings instead.
The following have been removed:
gnutls_certificate_set_openpgp_trustdb
gnutls_openpgp_trustdb_init
gnutls_openpgp_trustdb_deinit
gnutls_openpgp_trustdb_import
gnutls_openpgp_key_verify_trustdb
gnutls_openpgp_trustdb_t
GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED
The following functions has an added parameter of the (new) type
`gnutls_openpgp_crt_fmt_t'. The type specify the format of the data
(binary or base64). The functions are:
gnutls_certificate_set_openpgp_key_file
gnutls_certificate_set_openpgp_key_mem
gnutls_certificate_set_openpgp_keyring_mem
gnutls_certificate_set_openpgp_keyring_file
To improve terminology and align with the X.509 interface, some
functions have been renamed. Compatibility mappings exists. The old
and new names of the affected functions and types are:
Old name New name
gnutls_openpgp_key_t gnutls_openpgp_crt_t
gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t
gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t
GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
gnutls_openpgp_key_init gnutls_openpgp_crt_init
gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
gnutls_openpgp_key_import gnutls_openpgp_crt_import
gnutls_openpgp_key_export gnutls_openpgp_crt_export
gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage
gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint
gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm
gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name
gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version
gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time
gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time
gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id
gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname
gnutls_openpgp_send_key gnutls_openpgp_send_cert
* Version 2.0.0 (released 2007-09-04)
The following changes have been made since GnuTLS 1.6:
* Support for external RSA/DSA signing for TLS client authentication.
This allows you to secure the private key better, for example by using
privilege-separation techniques between the private key and the
network client/server.
* Support for signing X.509 certificates using RSA with SHA-256/384/512.
* Experimental support for TLS 1.2 (disabled by default). The TLS 1.2
specification is not finalized yet, but we implement a draft version
for testing.
* Support for X.509 Proxy Certificates (RFC 3820)
* Support for Supplemental handshakes messages (RFC 4680).
* Support for TLS authorization extension (draft-housley-tls-authz-extns-07).
* Support for the X.509 'otherName' Subject Altnerative Names (for XMPP).
* Guile bindings for GnuTLS have been added, thanks to Ludovic Courtes.
* Improve logic of gnutls_set_default_priority() which can now be more
recommended.
* New APIs to enumerate supported algorithms in the library.
* New APIs to access X.509 Certificate extension sequentially.
* New APIs to print X.509 Certificates and CRLs in human readable formats.
* New APIs to extract X.509 Distinguished Names from certificates.
* New APIs to handle pathLenConstraint in X.509 Basic Constraints.
* Certtool can export more than one certificate to PKCS#12.
* Several message translation improvements.
* Instructions and improvements to easily set up a HTTPS test server.
* Included copies updated to Libtasn1 1.1 and OpenCDK 0.6.4.
* Build improvements for Windows, Mac OS X, uClinux, etc.
* GnuTLS is now developed in GIT.
* Improved manual
* Many bugfixes and minor improvements.
|
|
transformed into the correct set of libraries, so we no longer need to
override the configure script's check for which library has tgetent().
|
|
|
|
Version 1.3 (released 2008-02-01)
- Handle 'INTEGER { ... } (a..b)' regression.
Revert parts of earlier fix. asn1Parser can now again parse src/pkix.asn1.
The ASN1.c file was generated using Bison 2.3.
- Move examples from src/ to new directory examples/.
- Duplicate copy of divergated pkix.asn removed.
- Merge unnecessary lib/defines.h into lib/int.h.
- Configure no longer tries to use gcc -pipe.
- Update gnulib files.
- Fix mem leak in self-test.
Version 1.2 (released 2007-12-10)
- Update gnulib files.
Version 1.1 (released 2007-08-31)
- Fix bug that made asn1_check_version believe that 1.0 is older than 0.3.10.
Version 1.0 (released 2007-08-31)
- The self-tests, command line tools and build infrastructure have
been re-licensed from GPLv2 to GPLv3.
- Doc fixes.
- Update gnulib files.
Version 0.3.10 (released 2007-05-25)
- Update gnulib files.
|
|
|
|
smart card used in a Public Key Infrastructure (PKI). The libpkcs11
module allows use of Smart Cards in applications that use mozilla
Network Security Services (NSS).
|
|
with smart cards: csc_scan regularly scans every
PC/SC reader connected to the host and reports when
a card is inserted or removed. ATR_analysis is a Perl
script used to parse the smart card ATR. The
smartcard_list.txt contains ATR of some cards. It is
used by ATR_analysis to find a card model corresponding
to the ATR. The perl script scriptortis used to send
commands to a smart card using a batch file or stdin.
|
|
(pcsc-lite) from MUSCLE together with some small examples.
|
|
Devices) driver and ICCD (Integrated Circuit(s) Card Devices).
See the USB CCID and ICCD specifications from the USB working group.
|
|
very small form factor for communicating to smartcards and readers.
The PC/SC Lite library is used to connect to the PC/SC daemon from a
client application and provide access to the desired reader.
|
|
them at will.
|
|
Update provided by Jaap Boender in PR 38145
Release notes not available.
Added a .include bsd.prefs.mk so that MACHINE_ARCH is correctly defined.
|
|
- In case a lot of message were being processed, the heartbeat timer
could be delayed for a long period of time.
- The old scheduler algorithm could be unfair when certain message priority
were not available for processing. We now appropriatly handle repartition
to others priority messages.
- Message of the same priority could be processed in the wrong order when
on-disk buffers were used.
- No integrity check were performed on orphan on-disk buffer in case of an
operating system crash. By using the prelude-failover API, we can now
detect possibly corrupted disk buffer, or resume at the time we stopped
recovering them.
- New sched-priority and sched-buffer-size configuration options.
- Fix a bug where several relaying plugin instance would only forward
their message to a single Manager.
|
|
- Fix bindings for IDMEF 'get_next' functions.
- Make sure we use no additional GnuLib compiler flags when building
bindings, this fix bindings compilation failure on some architecture
(Solaris).
|
|
|
|
under the revised BSD license).
|
|
into ${PREFIX}/include/krb5/roken instead of ${PREFIX}/include/krb5.
This is good because it reduces the likelihood of a conflict with any
other similarly named headers if you simply add -I${PREFIX}/include/krb5
to the compiler command line.
Patch from PR pkg/38119 by charlie.
|
|
are trying to use (the termcap t*() API).
|
|
* Read-only PKCS11 provider built-in to hx509.
* Better compatibilty with Windows 2008 Server pre-releases and Vista.
* Add RFC3526 modp group14 as default.
* Handle [kdc] database = { } entries without realm = stanzas.
* Add gss_pseudo_random() for mechglue and krb5.
* Make session key for the krbtgt be selected by the best encryption
type of the client.
* Better interoperability with other PK-INIT implementations.
* Alias support for inital ticket requests.
* Make ASN.1 library less paranoid to with regard to NUL in string to
make it inter-operate with MIT Kerberos again.
* PK-INIT support.
* HDB extensions support, used by PK-INIT.
* New ASN.1 compiler.
* GSS-API mechglue from FreeBSD.
* Updated SPNEGO to support RFC4178.
* Support for Cryptosystem Negotiation Extension (RFC 4537).
* A new X.509 library (hx509) and related crypto functions.
* A new ntlm library (heimntlm) and related crypto functions.
* KDC will return the "response too big" error to force TCP retries
for large (default 1400 bytes) UDP replies. This is common for
PK-INIT requests.
* Libkafs defaults to use 2b tokens.
* krb5_kuserok() also checks ~/.k5login.d directory for acl files.
* Fix memory leaks.
* Bugs fixes
|
|
to shut up the pkglint warnings.
|
|
* Read-only PKCS11 provider built-in to hx509.
* Better compatibilty with Windows 2008 Server pre-releases and Vista.
* Add RFC3526 modp group14 as default.
* Handle [kdc] database = { } entries without realm = stanzas.
* Add gss_pseudo_random() for mechglue and krb5.
* Make session key for the krbtgt be selected by the best encryption
type of the client.
* Better interoperability with other PK-INIT implementations.
* Alias support for inital ticket requests.
* Make ASN.1 library less paranoid to with regard to NUL in string to
make it inter-operate with MIT Kerberos again.
* PK-INIT support.
* HDB extensions support, used by PK-INIT.
* New ASN.1 compiler.
* GSS-API mechglue from FreeBSD.
* Updated SPNEGO to support RFC4178.
* Support for Cryptosystem Negotiation Extension (RFC 4537).
* A new X.509 library (hx509) and related crypto functions.
* A new ntlm library (heimntlm) and related crypto functions.
* KDC will return the "response too big" error to force TCP retries
for large (default 1400 bytes) UDP replies. This is common for
PK-INIT requests.
* Libkafs defaults to use 2b tokens.
* krb5_kuserok() also checks ~/.k5login.d directory for acl files.
* Fix memory leaks.
* Bugs fixes
|
|
This is a bug-fix release. It improves stablility of the policy importer
on 64-bit platforms, supports import of iptables policies that use TCPMSS
target, fixes problems with built-in RCS on windows when user does not
have administrator's rights and comes with nearly 100% Brazilian Portugese
translation
|
|
|
|
From the amavisd-new-2.5.3 release notes:
BUG FIXES
- fix parsing a SMTP status response from MTA when releasing from a
quarantine, when a MTA response did not include an enhanced status
code (RFC 3463) (such as with old versions of Postfix); a parsing
failure resulted in attribute "setreply=450 4.5.0 Unexpected:..."
in an AM.PDP protocol response, even though a release was successful;
reported by Ron Miller, John M. Kupski, investigated by Tony Caduto
and Jeremy Fowler;
- change parsing of addresses in From, To, and Cc header fields, avoiding
complex Perl regular expressions which could crash a process on certain
degenerate cases of these header fields; thanks for detailed problem
reports to Carsten Lührs and Attila Nagy;
- completely rewritten parsing of Received header field to work around a
Perl regular expression problem which could crash a process on certain
degenerate cases of mail header fields; problem reported by Thomas Gelf;
- harden to some extent regular expressions in parse_message_id to cope
better with degenerate cases of header fields carrying message-id;
- sanitize 8-bit characters in In-Reply-To and References header fields
before using them in Pen Pals SQL lookups to avoid UTF-8 errors like:
penpals_check FAILED: sql exec: err=7, 22021, DBD::Pg::st execute failed:
ERROR: invalid byte sequence for encoding "UTF8": 0xd864
- when turning an infection report into a spam report, avoid adding newly
discovered virus names (i.e. fraud names) to a cached list if these names
are already listed; previously the list would just grow on each passage
through a cache, leading to unsightly long lists of spam tests in a
report; based on a patch by Henrik Krohns;
- fix diagnostics when an invalid command line argument is given;
OTHER
- reduce log clutter when certain Perl modules are loaded late, i.e. after
chrooting and daemonizing, but still before a fork; now only issue one
log entry by a parent process: "extra modules loaded after daemonizing: ";
- slightly relax mail address syntax in subroutine split_address;
- fetch additional information (tags) from SpamAssassin: TESTS, ASN,
ASNCIDR, DKIMDOMAIN and DKIMIDENTITY, making them available through a macro
'supplementary_info' (if a version of SpamAssassin in use provides them);
- updated DKIM section in amavisd-new-docs.html, removing the historical
DomainKeys milter from examples;
- declared a dummy subroutine dkim_key() and new dummy configuration
variables @dkim_signature_options_bysender_maps, %signed_header_fields,
$reputation_factor, @signer_reputation_maps and $sql_partition_tag, members
of policy banks, in preparation for 2.6.0 - declared now for improved
downgrade compatibility of 2.6.0 configuration files, if need arises.
|
|
|
|
|
|
PKGREVISION bump.
|
|
+ Create any required directories with the right ownership and permissions
as a "prestart" action in the authdaemond rc.d script.
Bump the PKGREVISION to 1.
|
|
where size_t is unsigned long.
|
|
version 20050616 (Figwort) include:
- ENHANCE: API function arguments are now const where appropriate, to
match corresponding changes in the Solaris PAM and Linux-PAM APIs.
- ENHANCE: corrected a number of C namespace violations.
- ENHANCE: the module cache has been removed, allowing long-lived
applications to pick up module changes. This also allows multiple
threads to use PAM simultaneously (as long as they use separate PAM
contexts), since the module cache was the only part of OpenPAM that
was not thread-safe.
|
|
to sfs:sfs. Bump PKGREVISION.
|
|
4.99.23 and 4.99.24.
|
|
|
|
* v3.x is now out
* Any patches to update files for where interpreters are get overwritten
the next time you update the msf files from metasploit.org. This renders
the PLIST useless.
|
|
|
|
Pkgsrc changes:
- The package supports installation to DESTDIR.
Changes since version 2.19:
===========================
Revision history for Perl extension Crypt::CBC.
2.24 Fri Sep 28 11:21:07 EDT 2007
- Fixed failure to run under taint checks with Crypt::Rijndael
or Crypt::OpenSSL::AES (and maybe other Crypt modules). See
http://rt.cpan.org/Public/Bug/Display.html?id=29646.
2.23 Fri Apr 13 14:50:21 EDT 2007
- Added checks for other implementations of CBC which add no
standard padding at all when cipher text is an even multiple
of the block size.
2.22 Sun Oct 29 16:50:32 EST 2006
- Fixed bug in which plaintext encrypted with the -literal_key
option could not be decrypted using a new object created with
the same -literal_key.
- Added documentation confirming that -literal_key must be
accompanied by a -header of 'none' and a manually specificied IV.
2.21 Mon Oct 16 19:26:26 EDT 2006
- Fixed bug in which new() failed to work when first option is
-literal_key.
2.20 Sat Aug 12 22:30:53 EDT 2006
- Added ability to pass a preinitialized Crypt::* block cipher
object instead of the class name.
- Fixed a bug when processing -literal_key.
|
|
A C compiler is necessary.
|
|
|
|
in HP's alternate universe, MAP_ANON is called MAP_ANONYMOUS.
|
|
v1.13
- removed CLONE_SKIP which was added in 1.03 because this breaks
windows forking. Handled threads/windows forking better by making
sure that CTX from Net::SSLeay gets not freed multiple times from
different threads after cloning/forking
- removed setting LocalPort to 0 in tests, instead leave it undef
if a random port should be allocated. This should fix build problems
with 5.6.1. Thanks to <andrew[DOT]benham[AT]thus[DOT]net>
|
|
which is still very old.
This fixes problem where building something depending on gnutls
when old gnutls is already installed using liblzo won't buildlink
because lzo is not installed. This forces a newer gnutls to be
installed that uses lzo instead.
|
