Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
changes: minor bugfixes
|
|
This is better solution of PR 28562 and may fix PR 34792.
Also, convert a post-build sed step to use the SUBST framework,
requested by PR 34792.
|
|
|
|
|
|
|
|
of the lib/libfw{builder,compiler}.{a,la.so} files.
|
|
Changes since the 2.0.12 release:
Improvements and changes in the GUI
* The GUI works much faster with very large object trees.
* "Where used" menu item to quickly find and show all groups and
firewall rules that reference given object. Confirmation dialog
shown when an object is deleted also shows all groups and rules
that use it.
* Built-in installer can now save a copy of .fwb file to the firewall.
* Compile/install dialog is now an independent window instead of a modal
dialog, this means the user can look at the policy and objects while
compilation and/or installation is going on.
* Network discovery driud is back, ported from fwbuilder 1.0. As before,
it supports reading object definitions from a file in /etc/hosts
format, can read DNS zone and also can crawl the network using SNMP
queries.
* Startup splash window has been removed.
* Keeping track of dependencies between objects. Firewalls that refer
to an object that is modified are marked with bold font.
* Added bulk compile and install operations.
* All object dialogs have been converted into built-in panels that
appear in the right hand part of the main window.
* Improvements in "Find" function: administrator can now drag an object
into a well in the find dialog panel to make it search for this
particular object.
* The "Find and replace" operation has been implemented.
New object types, new rule types and rule elements, new actions and other new
features
* AddressTable This object resolves to a set of IP addresses defined in
an external file.
* DNSName: This object resolves a host name to the IP address using
DNS. Object can be confgiured to do so at compile time or run time.
* TagService: This object matches tags set by action Tag.
* Interface objects can now be marked as bridge ports.
* Support for routing rules has been implemented.
* Global policy and interface policies have been merged. Each policy
rule now has rule element "Interface".
* Policy rules can have the following new actions:
* Queue: This action passes the packet to user space process for
inspection.
* Custom: This action allows administrator to define arbitrary
piece of code to be used in place of an action.
* Branch: This action is used to create a branch in the rule set.
* Tag: This action associates internal tag with the packet.
* Classify: This action allows the firewall to define QoS class
for the packet that matches the rule.
* Route: This action makes the firewall to route the packet that
matches the rule through an interface or a gateway specified in
the parameters of the action.
* Firewall object now has an attribute "inactive" excluding it from
bulk compiles and installs.
Compiler for iptables
* Support for address tables loaded from external files at compile or
run time.
* Support user defined chains with predefined names (using special
action )
* Support for CLASSIFY, MARK, CONNMARK, QUEUE, ROUTE targets
* Support for physdev module for bridging firewalls
* additional optimization of rules in INPUT and OUTPUT chain: now
removing firewall object from src or dst to simplify rule if it uses
OUTPUT or INPUT chain.
* support for modules connlimit and hashlimit.
Compiler for PF
* Support for load balancing rules
* Support for tag and route options
* Support for address ranges and network objects in TSrc in NAT rules
* Support for pool types in NAT rules ('bitmask', 'random',
'source-hash', 'round-robin'), as well as 'static-port' option.
* Supprot for anchors (by way of a special action)
* Support for tables with predefined names (using AddressTable object)
* Support for packet 'tagging' (by way of a special action and service
object TagService)
Compiler for ipfilter
* Support for PPTP and IRC proxies
* Support for route option
API
* internal object ID is augumented with process ID of the program that
creates an object.
* fwbedit
Fwbedit can now create objects and repair broken object database.
|
|
Changes since the the 2.0.12 release:
Improvements and changes in the GUI
* The GUI works much faster with very large object trees.
* "Where used" menu item to quickly find and show all groups and
firewall rules that reference given object. Confirmation dialog
shown when an object is deleted also shows all groups and rules
that use it.
* Built-in installer can now save a copy of .fwb file to the firewall.
* Compile/install dialog is now an independent window instead of a modal
dialog, this means the user can look at the policy and objects while
compilation and/or installation is going on.
* Network discovery driud is back, ported from fwbuilder 1.0. As before,
it supports reading object definitions from a file in /etc/hosts
format, can read DNS zone and also can crawl the network using SNMP
queries.
* Startup splash window has been removed.
* Keeping track of dependencies between objects. Firewalls that refer
to an object that is modified are marked with bold font.
* Added bulk compile and install operations.
* All object dialogs have been converted into built-in panels that
appear in the right hand part of the main window.
* Improvements in "Find" function: administrator can now drag an object
into a well in the find dialog panel to make it search for this
particular object.
* The "Find and replace" operation has been implemented.
New object types, new rule types and rule elements, new actions and other new
features
* AddressTable This object resolves to a set of IP addresses defined in
an external file.
* DNSName: This object resolves a host name to the IP address using
DNS. Object can be confgiured to do so at compile time or run time.
* TagService: This object matches tags set by action Tag.
* Interface objects can now be marked as bridge ports.
* Support for routing rules has been implemented.
* Global policy and interface policies have been merged. Each policy
rule now has rule element "Interface".
* Policy rules can have the following new actions:
* Queue: This action passes the packet to user space process for
inspection.
* Custom: This action allows administrator to define arbitrary
piece of code to be used in place of an action.
* Branch: This action is used to create a branch in the rule set.
* Tag: This action associates internal tag with the packet.
* Classify: This action allows the firewall to define QoS class
for the packet that matches the rule.
* Route: This action makes the firewall to route the packet that
matches the rule through an interface or a gateway specified in
the parameters of the action.
* Firewall object now has an attribute "inactive" excluding it from
bulk compiles and installs.
Compiler for iptables
* Support for address tables loaded from external files at compile or
run time.
* Support user defined chains with predefined names (using special
action )
* Support for CLASSIFY, MARK, CONNMARK, QUEUE, ROUTE targets
* Support for physdev module for bridging firewalls
* additional optimization of rules in INPUT and OUTPUT chain: now
removing firewall object from src or dst to simplify rule if it uses
OUTPUT or INPUT chain.
* support for modules connlimit and hashlimit.
Compiler for PF
* Support for load balancing rules
* Support for tag and route options
* Support for address ranges and network objects in TSrc in NAT rules
* Support for pool types in NAT rules ('bitmask', 'random',
'source-hash', 'round-robin'), as well as 'static-port' option.
* Supprot for anchors (by way of a special action)
* Support for tables with predefined names (using AddressTable object)
* Support for packet 'tagging' (by way of a special action and service
object TagService)
Compiler for ipfilter
* Support for PPTP and IRC proxies
* Support for route option
API
* internal object ID is augumented with process ID of the program that
creates an object.
* fwbedit
Fwbedit can now create objects and repair broken object database.
|
|
man1, since the binaries are installed in bin/.
PKGREVISION++
|
|
Changes:
Security bugs resolved in this release:
* Fix a bug in the sshd privilege separation monitor that weakened its
verification of successful authentication. This bug is not known to
be exploitable in the absence of additional vulnerabilities.
This release includes the following non-security fixes:
* Several compilation fixes for portable OpenSSH
* Fixes to Solaris SMF/process contract support (bugzilla #1255)
|
|
- Fixed handling of user/domain name splitting in the client library
when the caller doesn't initially provide a domain name.
- cvm_client_setenv now also sets $MAILDIR for use with Courier IMAP.
|
|
in the DESTDIR case, fix this.
|
|
Bump PKGREVISION.
|
|
libtool fix this package needs to build.
Riding on the initial import - no PKGREVISION bump
|
|
|
|
|
|
web applications (or a web application firewall). Operating as an Apache Web
server module or standalone, the purpose of ModSecurity is to increase web
application security, protecting web applications from known and unknown
attacks.
This is the 2.x branch of modsecurity and only supports Apache 2.x
|
|
also fix unprivileged builds in general.
|
|
|
|
Reported by David Carrel in pkgsrc-users@.
|
|
in the reverse dns queries for IPv6 addresses (overwriting 12
bytes of local variables on the stack). Disabled x11-security
on all platforms, as it does not seem to work on i386 either.
Incremented PKGREVISION to 7.
|
|
Noteworthy changes in version 0.5.11 (2006-10-26)
------------------------------------------------
* Add a new self test "basic" to test cdk_check_version.
* Add prototype of cdk_stream_decrypt to opencdk.h, reported by Adam
Langley.
* Fix crash in cdk_data_transform triggered by self-tests.
|
|
- A few pkglint warning clean up.
- Major changes are here. For complete changes,
see http://www.openssh.com/txt/release-4.4.
Changes since OpenSSH 4.3:
============================
Security bugs resolved in this release:
* Fix a pre-authentication denial of service found by Tavis Ormandy,
that would cause sshd(8) to spin until the login grace time
expired.
* Fix an unsafe signal hander reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited
to perform a pre-authentication denial of service. On portable
OpenSSH, this vulnerability could theoretically lead to
pre-authentication remote code execution if GSSAPI authentication
is enabled, but the likelihood of successful exploitation appears
remote.
* On portable OpenSSH, fix a GSSAPI authentication abort that could
be used to determine the validity of usernames on some platforms.
This release includes the following new functionality and fixes:
* Implemented conditional configuration in sshd_config(5) using the
"Match" directive. This allows some configuration options to be
selectively overridden if specific criteria (based on user, group,
hostname and/or address) are met. So far a useful subset of post-
authentication options are supported and more are expected to be
added in future releases.
* Add support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256.
* Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." option accepted in ~/.ssh/authorized_keys, this forces
the execution of the specified command regardless of what the user
requested. This is very useful in conjunction with the new "Match"
option.
* Add a "PermitOpen" directive to sshd_config(5). This mirrors the
permitopen="..." authorized_keys option, allowing fine-grained
control over the port-forwardings that a user is allowed to
establish.
* Add optional logging of transactions to sftp-server(8).
* ssh(1) will now record port numbers for hosts stored in
~/.ssh/authorized_keys when a non-standard port has been requested.
* Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with
a non-zero exit code) when requested port forwardings could not be
established.
* Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.
* Replacement of all integer overflow susceptible invocations of
malloc(3) and realloc(3) with overflow-checking equivalents.
* Many manpage fixes and improvements
* New portable OpenSSH-specific features:
- Add optional support for SELinux, controlled using the
--with-selinux configure option (experimental)
- Add optional support for Solaris process contracts, enabled
using the --with-solaris-contracts configure option (experimental)
This option will also include SMF metadata in Solaris packages
built using the "make package" target
- Add optional support for OpenSSL hardware accelerators (engines),
enabled using the --with-ssl-engine configure option.
|
|
|
|
|
|
|
|
|
|
Fix builds on -current
Grab MAINTAINER
pkglintification
From CHANGES:
v5.2 September 2005 (THC public release)
! THIS IS A THC TAX ANNIVERSARY SPECIAL RELEASE ! HAVE FUN !
* Included patch from ka0ttic@gentoo.org for cleaner gcc compile
* Added SSL_Pending() to prevent rare locking on SSL ports,
thanks to michel(at)arboi.fr.eu.org for reporting
* Added lots of fingerprints, most from Johnny Cyberpunk / THC - THANKS!
v5.1 June 2005 (THC public release)
* Big appdefs.resp update. Thanks to all contributors!
* Finally and forever fixed the --prefix= issue
* Fixed the web update function for bad inet_pton implementations
* Added support for nmap files with IPv6 addresses
* You can scan/check port 0 now (wish from nbach<at>deloitte.dk)
* Less error prone "make install"
|
|
Changes since 0.6.3:
0.6.6
* src/racoon/isakmp_xauth.c: Build fix
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendgetspi().
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendupdate().
* src/racoon/isakmp_xauth.c: fix memory leak
* src/racoon/{cfparse.y|handler.h}: typos
0.6.5
* src/racoon/isakmp.c: Fixed zombie PH1 handler when isakmp_send()
fails in isakmp_ph1resend()
* src/racoon/{cfparse.y|ipsec_doi.c}: Temporary fix for /32
subnets parsing.
* src/racoon/isakmp_cfg.c: make software behave as the documentation
advertise for INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to
avoid breaking backward compatibility.
* src/racoon/session.c: Fixed / cleaned up signal handling.
0.6.4
* configure.ac src/racoon/plog.c: backported Fred's workaround for
%zu problems on (at least) FreeBSD4.
* src/racoon/session.c: backport: fix possible race conditions in
signal handlers (see session.c 1.17).
* src/libipsec/pfkey_dump.c: fixed compilation when NAT_T
disabled (Fred has still some CVS problems).
* src/libipsec/{libpfkey.h|pfkey_dump.c}: add a sadump_withports
function to display SAD entries with their associated ports.
* src/setkey/{parse.y|setkey.c|setkey.8}: allow to use setkey -p flag
in conjunction with -D to show SADs with the port, allow both get and
delete commands to use bracketed ports if needed.
* src/racoon/racoon.conf.5: Style changes
|
|
- Added check for base_users and base_roles tables in base_main.php -
Kevin Johnson
- Added . to VAR_PUNC to fix query issue - Kevin johnson
- Fixed issue with base_users table being required - Kevin Johnson
- Added search punctuation fix - Bruce Briggs
- Added FQDN to display -- Jonathan W Miner
- PrintForm() fixes - Bruce Briggs
- Settings for automatic expansion of the IP and Payload Criteria
on Search screen - Bruce Briggs
- Save the fields entered on the Search screen for Back button proper
refilling - Bruce Briggs
- RFE 1520185 Add support for managing last_cid - Eric Jacobsen
- Changed show_rows to 49 in base_conf.php.dist to fix IE 6/7 bug -
Bruce Briggs
- Fixed link to FAQ - Juergen Leising
- Fixed VAR_BOOLEAN error and some typos in the footer - Eric Jacobsen
- Trivial patch to make base_stat_time.php use GET insted of POST to
avoid the 'resend data' warning on refresh - GaRaGeD
- Added base-rss.php to the contrib section - Dan Michitsch
|
|
|
|
Noteworthy changes in version 0.5.10 (2006-10-11)
------------------------------------------------
* Fix double-free in cdk_pklist_encrypt, reported by Adam Langley.
* Fix keydb_idx_search() to handle keys at offset 0, thanks to Adam Langley.
* A pkg-config script was added, thanks to Andreas Metzler.
* Autobuild time stamps are used, for easier build robot testing.
|
|
Possibly fix PR 34555.
|
|
|
|
This package used to register as ap-modsecurity regardless of which apache
version it built against. It will now register as ap13-modsecurity if
building against apache 1.x and ap2-modsecurity if building against
apache 2.x.
Lots of changes including:
* Enhanced memory utilisation.
* Log level is now present on every entry in the debug log.
* Added new actions (e.g. setenv, setnote, auditlog, noauditlog)
* 404 responses are no longer considered relevant.
* Added performance measurement to the Apache 2 versions.
See CHANGES for all the details
|
|
+ add support for gcc4
|
|
|
|
RainbowCrack is a general propose implementation of Philippe Oechslin's faster
time-memory trade-off technique. In short, the RainbowCrack tool is a hash
cracker. A traditional brute force cracker try all possible plaintexts one by
one in cracking time. It is time consuming to break complex password in this
way. The idea of time-memory trade-off is to do all cracking time computation
in advance and store the result in files so called "rainbow table". It does
take a long time to precompute the tables. But once the one time precomputation
is finished, a time-memory trade-off cracker can be hundreds of times faster
than a brute force cracker, with the help of precomputed tables.
|
|
|
|
|
|
|
|
This release is mainly to fix bugs found in 1.9.92.
|
|
|
|
Patch provided by Martin Wilke via PR 34396.
Modify to avoid interaction when buildling.
Authen-SASL 2.10 -- Sat Mar 25 13:11:47 CST 2006
Enhancements
* Added Authen::SASL::Perl::GSSAPI
* Added error method to Authen::SASL to obtain error from last connection
Bug Fixes
* Authen::SASL::Perl::DIGEST_MD5
- Fixed response to server to pass digest-uri
- Correct un-escaping behaviour when reading the challenge,
- check for required fields (according to the RFC),
- allow for qop not to be sent from the server (according to the RFC),
- add a callback for the realm.
Authen-SASL 2.09 -- Tue Apr 26 06:55:10 CDT 2005
Enhancements
* authname support in Authen::SASL::Perl::DIGEST_MD5
* flexible plugin selection in Authen::SASL using import()
i.e. use Authen::SASL qw(Authen::SASL::Cyrus);
* new documentation for
- Authen::SASL::Perl::ANONYMOUS
- Authen::SASL::Perl::CRAM_MD5
- Authen::SASL::Perl::EXTERNAL
- Authen::SASL::Perl::LOGIN
- Authen::SASL::Perl::PLAIN
- Authen::SASL::Perl
* updates in the tests
Authen-SASL 2.08 -- Tue May 25 11:24:21 BST 2004
Bug Fixes
* Fix the handling of qop in Digest-MD5
Authen-SASL 2.07 -- Sat Apr 10 09:06:21 BST 2004
Bug Fixes
* Fixed test bug if Digest::HMAC_MD5 was not installed
* Fixed order of values sent in the PLAIN mechanism
Enhancements
* Added support in the framework for server-side plugins
2003-11-01 18:48 Graham Barr
* lib/Authen/SASL.pm:
Release 2.06
2003-10-21 19:59 Graham Barr
* MANIFEST, lib/Authen/SASL/Perl.pm,
lib/Authen/SASL/Perl/ANONYMOUS.pm,
lib/Authen/SASL/Perl/CRAM_MD5.pm,
lib/Authen/SASL/Perl/DIGEST_MD5.pm,
lib/Authen/SASL/Perl/EXTERNAL.pm, lib/Authen/SASL/Perl/LOGIN.pm,
lib/Authen/SASL/Perl/PLAIN.pm, t/order.t:
Add ordering so we always pich the best of the available methods instead of
just the first
2003-10-17 22:12 Graham Barr
* lib/Authen/SASL.pm:
Release 2.05
2003-10-17 22:06 Graham Barr
* MANIFEST, Makefile.PL:
use Module::Install to generate Makefile and add SIGNATURE and META.yml
2003-10-17 21:19 Graham Barr
* lib/Authen/SASL/Perl/DIGEST_MD5.pm:
Fix typo
2003-10-17 21:17 Graham Barr
* lib/Authen/SASL/: Perl.pm, Perl/DIGEST_MD5.pm:
Don't call die in DIGEST_MD5, but call set_error and return an empty list
2003-10-17 21:16 Graham Barr
* lib/Authen/SASL.pod:
Update docs to reflect that client_start and client_step return an emtpy list on error
|
|
|
|
(PKG_SYSCONFDIR already includes "stunnel" by default, so avoid the
package adding another and making $PREFIX/etc/stunnel/stunnel/stunnel.conf;
the pidfile does not normally belong under $PREFIX as $PREFIX/var/run is
not normally cleaned/checked by OS-supplied processes.)
|
|
|
|
|
|
Tripwire and AIDE.
|