Age | Commit message (Collapse) | Author | Files | Lines |
|
One-time cipher based back door program for executing emergency
commands.
Secure Back Door(SBD) is an alternative to leaving SSH open all the
time. It is based on a secure one-time keypad method, that insures
maximum security. Since SBD is very small, it is less likely to have
security exploits, as compared to SSH. Therefore, you could leave an
important computer up and running with just sbdd running in the
background, and if an emergency came about, you could simple execute a
command to bring ssh up, then work on the computer as regular. It
would be as simple as doing ./sbd domain.com "/etc/init.d/sshd start",
and with the proper key file set, the remote computer would have ssh
up and running shortly.
|
|
|
|
|
|
http://www.ijs.si/software/amavisd/release-notes.txt
|
|
|
|
SSLCrypto is a package for Python that dramatically eases the task of
adding encryption to Python programs.
It provides a unified API that is almost totally compatible with that
of ezPyCrypto, except that it takes advantage of the OpenSSL Crypto
Library to deliver massive improvements in speed and security.
After using ezPyCrypto myself, I found that while it performed ok with
smaller public key sizes, it proved impossibly slow with larger keys.
This slowness, resulting from non-optimal code in its backend (the
Python Cryptography Toolkit) meant that on a 1.5 GHz Athlon XP, it was
taking several minutes to generate 4096-bit keys. Completely
unacceptable if you need real security.
Performance is absolutely critical for an encryption API. If slowness
deters people from using adequate-sized keys, security will be
severely compromised, almost to the extent that there's little point
in using encryption in the first place.
|
|
|
|
v1.05
- make session cache working even if the IO::Socket::SSL object
was not created with IO::Socket::SSL->new but with
IO::Socket::SSL->start_SSL on an established socket
|
|
* Added all of the patches on Sourceforge, plus those included by Red Hat's Fedora Extras
|
|
* Stuff from the Fedora Extras crew
|
|
- Added patch for sigbus error on unaligned data, when doing rapid copies.
Changes 0.9.8.1:
- Another round of bugfixes
|
|
|
|
Also makes it build on HP-UX and Linux/hppa, tested by me.
|
|
Another attempt to fix PR pkg/36086.
|
|
|
|
to link with the "dl" library under Mac OS X if necessary.
This should finally fix PR pkg/36086.
|
|
|
|
with appropriate values for REPLACE_PERL.
|
|
* Version 1.6.2 (released 2007-04-18)
** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields.
Before, we remove the parameters field, which resulted in a slightly
different DER encoding which in turn caused signature verification
failures of GnuTLS-generated RSA certificates in some other
implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs
you read, this may or may not be correct, but our new behaviour appear
to be consistent with other widely used implementations.
** Regenerate the PKIX ASN.1 syntax tree.
For some reason, after changing the ASN.1 type of ldap-UID in the last
release, the generated C file built from the ASN.1 schema was not
refreshed. This can cause problems when reading/writing UID
components inside X.500 Distinguished Names. Reported by devel
<dev001@pas-world.com>.
** Updated translations.
** API and ABI modifications:
No changes since last version.
|
|
"LDFLAGS". This is another attempt to fix PR pkg/36086.
|
|
library dependences we don't need to include "dlopen.buildlink3.mk" here.
|
|
"pkgsrc/devel/dlcompat/buildlink3.mk" under Darwin. This might
finally fix PR pkg/36086.
|
|
|
|
v1.04
- added way to create SSL object with predefined session
cache, thus making it possible to share the cache between
objects even if the rest of the context is not shared
key SSL_session_cache
Note that the arguments of IO::Socket::SSL::SessionCache::new
changed (but you should never have used this class directly
because it's internal to IO::Socket::SSL)
|
|
This moves this pkg to the new stable gnome branch, too much to list here.
|
|
This moves this pkg to the new stable gnome branch, too much to list here.
|
|
o Fixed SHA256 detection on some systems
o Fixed a DoS in Informationnal messages processing (CVE-2007-1841).
|
|
changes:
* Fixes some a null pointer crashes when called with a NULL
keyring
* Translations
|
|
- Allow filtering plugins to hook others filters plugins.
- Update reporting code to latest specification for the SNMPService class.
- Warn about Un-handled command line arguments.
- Properly dump IDMEF-XML output (fix #186).
- Various bug fixes.
|
|
- Allow filtering plugins to hook others filters plugins.
- Update reporting code to latest specification for the SNMPService class.
- Warn about Un-handled command line arguments.
- Properly dump IDMEF-XML output (fix #186).
- Various bug fixes.
|
|
- Fix preludedb-admin copy/move operations.
|
|
- Improve error reporting with the central option interface.
- Fix a bug when comparing IDMEF object with optional fields.
- Fix a problem with the logger, where large log entry wouldn't be
logged.
|
|
pgpenvelope either.
|
|
Mac OS X. This is harmless under recent versions of Mac OS X where
"libdl.dylib" is symbolic link to "libSystem.dylib". And it is necessary
under old versions of Mac OS X (Jaguar and older) where we need the
"libdl.dylib" from the "dlcompat" package.
This should finally fix PR pkg/36086 by John D. Baker.
|
|
No disagreement on pkgsrc-users.
|
|
replacement.
No disagreement on pkgsrc-users.
|
|
|
|
under Mac OS X. This should fix PR pkg/36086.
|
|
|
|
|
|
|
|
|
|
Changes since 2.1.7 are:
Version 2.1.10
Improvements and bug fixes in the GUI
* fixed bug #1661140: "built-in installer broken in 2.1.9 for PF".
Installer incorrectly set name for files it copied to the firewall if
generated configuration consisted of several files. Affected platforms
are PF and ipfilter because normally for these platforms compiler
generates two files.
* fixed bug #1659832: "No compile with QT without STL support"
* a workaround for the bug 1629461: "Policy tabs do not scroll @ window
extent on OSX". The tab widget used to show policy, nat, routing and
policy branch rulesets does not switch to a "folded" mode on Mac OS X
when it needs to show more tabs that fit in the window. Since I can't
figure out a way to force it to do that, I am dropping "Policy/" from
the tab titles for branches to make them shorter. This will help users
with policies with many branches, however it does not solve the
problem because as they keep adding branches, at some point they won't
fit in the window again.
* added an item "Where used" to the context menu associated with objects
in rules
Version 2.1.9
Improvements and bug fixes in the GUI
* New feature: new operation "Tools/Find Conflicting Objects in Two Data
Files". This operation inspects two data files (either .fwb or .fwl)
and finds conflicting objects. Conflicting objects have the same
internal ID but different attributes. Two data files can not be
merged, or one imported into another, if they contain such objects.
This operation also helps identify changes made to objects in two
copies of the same data file. This operation does not find objects
present in one file but not in the other, such objects present no
problem for merge or import operations. This operation works with two
external files, neither of which needs to be opened in the program.
Currently opened data file is not affected by this operation and
objects in the tree do not change. In the process of this operation
user is presented with series of dialogs showing conflicting objects
side by side. In the end the program can generate report and write it
to a text file.
* installOptionsDialog was too large and did not fit on some laptop
screens. Doing tricks to make sure the dialog properly resized after
unused GUI elements are hidden.
* bug #1629521: "can't delete empty chain/policy tab"
* bug #1619842: "prolog "script editor" opens behind other windows"
* bug #1620206: "RuleOptions' "Apply" button greyed-out until menu
selection"
* bug 1619930: "Prolog tab's ScriptEditor's import fails to overwrite"
* bug #1617501:"Install fails after compile". The GUI got confused when
user enter full path to the policy file in the "Output file name"
input field in the "Compiler" tab of firewall object dialog. Making
sure we always strip directory path from the file name if user
specified full path for the policy file in the "Output file name"
input field in the "Compiler" tab of firewall object dialog. Need to
strip path when macro "%FWSCRIPT%" is substituted in installation
scriptlets and in some other places.
* "Apply" and "Close" buttons in the objct editor panel should be of
fixed size horizontally
* bug #1624577: "group window doesn't stay open on multiple-adds". Using
special flag to tell ObjectTreeView that it should ignore
MouseReleaseEvent it gets after d&d operation, so it wont switch
object in the editor panel. Note the bug triggered only on Mac OS X.
* bug (no num.): GUI used show fanthom 'Policy', 'NAT' and 'Routing'
tabs when user deleted objects from the Deleted Objects library,
provided some of these objects were previously deleted firewalls.
* bug #1620284: "conflict when adding library to Preferences/Libraries".
When the user tried to add a library to the list in
Preferemces/Libraries when a data file with the same object library
was loaded, the GUI detected the conflict and showed error dialog.
* bug #1650369: "[patch] please add support for GNU/kFreeBSD". Applied
patch to make code compile on kFreeBSD.
Compiler for iptables
* bug #1623338: "Can not disable rules in a branch". Compiler for
iptables ignored flag 'disabled' on rules in a branch.
* bug #1623113: 'connlimit fails in compiled "address table" rules'
Module connlimit can only be used in iptables rules matching TCP
services. Such iptables commands have "-p tcp" and/or "-m tcp"
options. If a rule in fwbuilder uses TCP Service and connlimit option
and has multiple objects in src and dst, optimizer used to split it to
minimize matches. It however preserved connlimit option in all
subrules, even though some of them did not have TCP service after the
split. This lead to generation of incorrect iptables commands.
* bug #1620925: "compile-time AddressTable object with empty file".
Compile-time AddressTable object that uses file with no addresses
should be treated as an empty group according to the "Ignore empty
groups" option.
* bug #1618381: "CLASSIFY/MARK are non-terminating". This bug report in
fact reported several problems.
* For action Branch with option to add branching rule to the mangle
table: we now generate rules in PREROUTING, POSTROUTING, INPUT,
OUTPUT and FORWARD chains. This is because some targets can only
work in PREROUTING or POSTROUTING chains but we do not know what
rules will user put in the branch. So we need to branch in all
chains
* For rules in mangle table with direction set to Inbound or
Outbound force chain to PREROUTING or POSTROUTING respectively
early. This eliminates duplicates such as the same rule in
PREROUTING and INPUT chains. Also since most (all?) targets that
require mangle table go into either PREROUTING or POSTROUTING
chains, it should be enough to use these two chains.
* Non-terminating rules shadow each other "backwards", that is more
general rule shadows other rules _above_ it. Added flag 'reverse'
to the method find_more_general_rule and added new rule processor
DetectShadowingForNonTerminatingRules that finds such cases of
'reverse' shadowing. Using it for rules in the mangle table for
iptables.
* Adding iptables rule with target ACCEPT to emulate terminating
behavior for Tag and Classify actions. Emulation is controlled by
a global option in the "Compiler" tab of the firewall properties
dialog (default is "off"). This means emulation can be turned on
and off for all rules that might require it at once. It is
impossible to mix such rules with terminating and
non-termninating behavior. The reason for this is that shadowing
detection algorithm can only work with either terminating or
non-terminating rules, not with the mix.
* bug #1628989: "run-time-loaded rules don't accept ";" as line comment"
* bug #1632054: "Runtime AddressObjects FAIL to load if "Name:" contains
"."". Compiler checks if the name of the run-time AddressTable object
contains characters that have special meaning in sheel and relaces
them with '_' when it generates the name of the temporary shell
variable.
* bug (no num.): data files used for run-time AddressTable objects can
have empty lines, the script should skip them.
Firewall Builder Release Notes
Version 2.1.8
Installation
Optinon poll ran on the fwbuilder-discussion mailing list showed that
majority of users are not interested in ability to install and run both
fwbuilder 2.0 and 2.1 on the same machine at the same time. Hence we are
reverting to the old naming schema without suffix '21' for the binaries
and man pages in this release.
Improvements and bug fixes in the GUI
* The user can search for objects using regular expressions matching
their names or attributes.
* Fixed bug #1592130: "Policy Chaining Issues". The GUI should properly
display nested branch rulesets. The user can create policy branches
within other branches.
All compilers
* Fixed bug #1590746 "problem with using "DNS Names" objects on MS
Windows". Compiler failed to convert DNSName objects set to resolve at
compile time into IP addresses.
Compiler for iptables
* fixed bug #1593221: "iptables filtering bridge problem - PHYSDEV: no
physdev opti..." Some times rules were generated with "-m physdev" but
witout "--physdev-in" or "--physdev-out" options.
Compiler for Cisco PIX
* fixed a bug (no num, support req. #1604103: "fwb_pix policy compiler
dies when SNMP or NTP hosts defined". Compiler did not print error
message when it could not find an interface with network zone matching
IP address of NTP or SNMP server (it just printed the address without
explanation of what went wrong)
* Experimental utility fwb_pix_diff has been added to the package. This
utility takes two PIX configurations on the command line and produces
the 'diff' that consists of a set of commands that should bring the
firewall from the state defined by the first config to the state
defined by the second. Only PIX 7.0 is supported. This utility will be
incorporated into policy installer in the future to make policy
updates simpler and faster, especially when small changes are made to
the large set of access lists and nat rules.
|
|
Pkgsrc changes:
- Added CHECK_INTERPRETER_SKIP patterns to stop complaints about
non-existing "/usr/bin/perl" interpreter.
Changes since version 1.57:
===========================
1.58 Dec 21, 2006
* We turn on binmode() on filehandles when reading and writing
keys from disk, so allow safe exchange of SSH private keys
from Windows and *nix systems. Thanks to Ulisses Gomes
<ulisses@ibiz.com.br> for pointing this out.
* Include a copy of the GPL in the distribution. This addresses
bug #18771. (http://rt.cpan.org/Public/Bug/Display.html?id=18771)
* Removed warnings from t/15-benchmark.t
|
|
Stopped check-interpreter.mk complaining about Tie/EncryptedHash.pm
|
|
|
|
|
|
change: warn strongly when a hostkey mismatch occurred
|
|
this fixes the same problem which was fixed by gpg-1.4.7: depending
on use, additional text could get through undetected
this gpgme uses gpg in a save way -- since we have gpg-1.4.7 in pkgsrc
this is kindo belt-and-suspender, but anyway...
|
|
|