Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
(suggested by lukem), group z, r and f flags.
some whitespace cleanup.
|
|
relevant changes are > 500 lines, see
ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog
Personal selection:
rekeying bugfixes and automatic rekeying
bandwidth limitation (scp -l)
Add a -t life option to ssh-agent that set the default lifetime.
The default can still be overriden by using -t in ssh-add.
sftp progress meter support.
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp;
[scp.c]
1) include stalling time in total time
2) truncate filenames to 45 instead of 20 characters
3) print rate instead of progress bar, no more stars
4) scale output to tty width
|
|
- group 'zrw' and 'p' args, -s last
- use the && operator consistently
- strip unneeded parens
- some whitespace cleanup
|
|
Changes since 1.6.7p2:
* Kerberos V support should work on latest MIT Kerberos V and Heimdal.
|
|
Changes since Sudo 1.6.7p1:
o Fixed an unterminated comment that broke Kerberos V authentication.
o The krb5-config script is now used to determine Kerberos V
CPPFLAGS and LDFLAGS/LIBS if it exists.
o Backed out changes to mkinstalldirs from autoconf 2.57 that
caused problems on Tru64 Unix.
|
|
|
|
478) Wildcards now work correctly in the env_keep Defaults directive.
479) Added support for non-root timestamp dirs. This allows the timestamp
dir to be shared via NFS (though this is not recommended).
480) Removed double printing of bad environment variable table in -V mode.
481) configure script has been regenerated with autoconf 2.5.7.
This required some changes to configure.in.
482) Fixed a compilation problem on SunOS; thanks to Alek O. Komarnitsky.
483) SecurID 5.0 API support from Michael Stroucken.
484) Restore state of signal handlers to what we had upon startup.
Fixes a problem when using sudo with nohup; thanks to Paul Markham.
485) Revamp set_perms() to use setresuid() or setreuid() when available
in preference to POSIX stuff since they allow us to properly
implement "stay_setuid" whereas POSIX does not really.
486) In strict mode sudo did not throw an error for undefined User_Aliases.
487) Fixed a Makefile bug on IRIX.
488) Write the prompt *after* turning off echo to avoid some password
characters being echoed on heavily-loaded machines with fast typists.
489) Added %U and %H escapes in the prompt and fixed treatment of %%.
490) Visudo will now add a final newline to sudoers if the user's editor
not add one before EOF.
491) The lexer state is now reset to its initial value on EOF.
Previously, the state was not reset between parser invocations
which could cause problems for visudo in rare cases.
492) Added support for Defaults that apply based on the RunasUser.
493) Sudo now includes copies of strlc{at,py} and uses them throughout.
494) Sudo is now careful to avoid interger overflow when allocating
memory. This is one of those "should not happen" situations.
495) Added a configure option (--with-stow) to make sudo compatible
with GNU stow.
496) auth/kerb5.c now compiles under Heimdal.
497) The volatile prefix is used in the hopes of preventing compilers
from optimizing away memory zeroing. Unfortunately, this results
in some warnings from gcc.
498) Better Kerberos IV/V support in the configure script.
499) Fixed a logic thinko in the SIGCHLD handler that caused problems
with rlogin on HP-UX.
500) configure now adds -R to LDFLAGS when it adds -L for Solaris and
SVR4. There is a configure option, --with-rpath, to control this.
501) On AIX, configure will pass extra directory paths to the linker
via the -blibpath ld option. This is only active when additional
library paths are used. It may be disabled via the
--without-blibpath configure option.
502) The --with-skey and --with-opie configure options now take
an optional directory argument that should have an include and
lib dir for the skey/opie include file and library respectively.
503) Fixed false positives in the overflow detection of expand_prompt().
|
|
|
|
|
|
|
|
rather
make all packages that use linux emulation include bsd.pkg.mk as the
last files just like any normal package.
|
|
|
|
|
|
sfssd: support "reload"
sfssd: call sfskey gen with "-K -l sfs_host_key" to prevent interactive Q's
bump PKGREVISION (to 2)
|
|
|
|
use /var/sfs instead of /usr/pkg/var/sfs
use OWN_DIRS_PERMS
bump PKGREVISION
|
|
|
|
|
|
reference to them in the distribution, either):
bin/fake-agent
bin/rpc_pcl
bin/rpc_psrv
bin/smkdirall
bin/smount
bin/snfsfstab
bin/snfshost
bin/snfsmount
bin/snfspsrv
bin/snfsumount
bin/snfsuser
bin/sumount
bin/sumountall
etc/rpc_pcl.conf
lib/perl5/site_perl/5.6.1/SNFS.pm
lib/perl5/site_perl/5.6.1/auto/SNFS/autosplit.ix
|
|
Sort the Makefile a bit. Install a default configuration file in place.
Bump PKGREVISION to 1.
|
|
Researchers have discovered a timing attack on RSA keys, to which
OpenSSL is generally vulnerable, unless RSA blinding has been turned
on.
Typically, it will not have been, because it is not easily possible to
do so when using OpenSSL to provide SSL or TLS.
The enclosed patch switches blinding on by default. Applications that
wish to can remove the blinding with RSA_blinding_off(), but this is
not generally advised. It is also possible to disable it completely by
defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time.
The performance impact of blinding appears to be small (a few
percent).
This problem affects many applications using OpenSSL, in particular,
almost all SSL-enabled Apaches. You should rebuild and reinstall
OpenSSL, and all affected applications.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0147 to this issue.
* Add patch from http://www.openssl.org/news/secadv_20030319.txt:
Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa
have come up with an extension of the "Bleichenbacher attack" on RSA
with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Their
attack requires the attacker to open millions of SSL/TLS connections
to the server under attack; the server's behaviour when faced with
specially made-up RSA ciphertexts can reveal information that in
effect allows the attacker to perform a single RSA private key
operation on a ciphertext of its choice using the server's RSA key.
Note that the server's RSA key is not compromised in this attack.
* Bump PKGREVISION.
|
|
|
|
This is the Cyrus SASL plugin that implements the NTLM (MS Windows NT)
authentication mechanism.
|
|
This is the Cyrus SASL plugin that implements the LOGIN authentication
mechanism. It's recommended that it only be used if absolutely necessary
since it is not a secure authentication scheme.
|
|
plugin packages.
|
|
redundant command.
|
|
|
|
|
|
This is the Cyrus SASL plugin that implements the LOGIN authentication
mechanism. It's recommended that it only be used if absolutely necessary
since it is not a secure authentication scheme.
|
|
should be included in package Makefiles.
|
|
plugin packages.
|
|
|
|
Based on the sfs-0.6 package provided by Michael Santos in PR 18528.
SFS is a secure, global network file system with completely
decentralized control. SFS lets you access your files from anywhere
and share them with anyone, anywhere. Anyone can set up an SFS
server, and any user can access any server from any client. SFS
lets you share files across administrative realms without involving
administrators or certification authorities.
|
|
Makefiles simply need to use this value often, for better or for
worse.
(2) Create a new variable FIX_RPATH that lists variables that should
be cleansed of -R or -rpath values if ${_USE_RPATH} is "no". By
default, FIX_RPATH contains LIBS, X11_LDFLAGS, and LDFLAGS, and
additional variables may be appended from package Makefiles.
|
|
Changes:
- The progress status is sent via the progress callbacks in
gpgme_op_edit.
- Bug fix for signing operations with explicit signer settings
for the CMS protocol.
|
|
This release changes the output format slightly to improve integration with
other tools, and improves the RPM packaging.
|
|
Use Bugzilla for bug reporting.
* README: Mention Bugzilla.
* fsh.texi (Bugs): Mention Bugzilla.
Port to Python 2.2. (Bug 332).
* fshcompat.py: New module, that finds some constants in os,
fcntl, FCNTL or thin air depending on Python version.
* fshlib.py: Use fshcompat instead of FCNTL.
* infshd.py: Ditto.
* Makefile.am (pkgdata_DATA): Added fshcompat.py.
|
|
when openssl is not in places planned by Makefile.PL (like
LOCALBASE).
|
|
|
|
Bump PKGREVISION.
|
|
|
|
21Feb2003: Version 2.6.4
- Updated Spanish-Argentina translation by Ariel
Fermani.
- Some fixes for compiling under win32.
- Some fixes to allow compiling gaaout.c with external
CFLAGS and CPPFLAGS.
04Oct2002: Version 2.6.3
- Added support for 64 bit file offsets. Based on patch by
Keven Belanger.
23Jun2002: Version 2.6.2
- Corrections in localization
- Added Spanish-Argentina translation. Translated by Ariel
Fermani.
15Jun2002: Version 2.6.1
- Better error checking
- Added rndunix random gatherer from gnupg. It is
a gatherer for random bytes, written by Peter Gutmann.
- Added some kind of random byte generator for Win32
systems.
- Corrected bug in configuration file parsing.
- Corrected bug in bare mode which put an IV in the
encrypted file even if the mode did not support IV.
29May2002: Version 2.6.0
- Added OpenPGP support (added by Timo Schulz)
- Removed all of file locking code.
- Several improvements and corrections on the old
codebase (still a mess).
11Mar2002: Version 2.5.13
- Corrected stream modes in block algorithms
29Jan2002: Version 2.5.12
- Added some missing files
26Jan2002: Version 2.5.11
- SHA1 is the default digest used
01Dec2001:
- Added --time option
|
|
January 19 2003: (version 2.5.6)
- Fixes in win32 detection and DLL building.
- Fixes for solaris (a symbol was not exported)
- Corrected bug which made algorithm symbols to be inserted
twice in symbol table.
December 22 2002: (version 2.5.5)
- Better win32 detection and DLL building.
- Changed some variables names in gost.c to allow compiling
with gcc and K6 optimizations.
- Some buffer overrun checks on input. Patches and suggestions
by Ilia A.
- Made the default behaviour to include all algorithms into
the main library, instead of using dynamic modules. Dynamic
loading is disabled by default. The --enable-dynamic-loading flag
can be used in the configure script, to get the old behaviour.
- Some fixes in ECB mode.
August 16 2002: (version 2.5.3)
- The const keyword is now used in the exported functions
- Corrected problem in libltdl's configure script
June 22 2002: (version 2.5.2)
- Fixed bug in the returned IV size of ARCFOUR
- Fixed bug in mcrypt_readdir() which prevented the test programs
to work.
May 30 2002: (version 2.5.1)
- Corrected the license. COPYING.LIB (LGPL) is now included
instead of COPYING (GPL)
Mar 09th 2002: (version 2.5.0)
- Several corrections in stream and block cipher modes.
- Added --disable-dynamic-loading configure option
- The IV modifications in Arcfour and Wake have been disabled
by default.
- Added CTR mode for block ciphers.
- Fixes in nCFB and nOFB modes.
- Added mcrypt_enc_get_state() function.
- Added test for nCFB, CFB, nOFB and CTR with AES
Feb 14th 2002:
- nOFB and nCFB modes can now encrypt and decrypt plaintext
of size less than block size.
|
|
portable. Bump PKGREVISION accordingly.
|
|
|
|
New in 2.1.12
-------------
* Distribute in Solaris tar (not GNU tar format)
* Fix a number of build/configure related issues.
New in 2.1.11
-------------
* Add the fastbind auth method to the saslauthd LDAP module.
* Fix a potential memory leak in the doors version of saslauthd.
* NTLM now only requires one of LM or NT, not both.
* Fix a variety of Berkeley DB, LDAP, OpenSSL, and other build issues.
* Win32 support compiles, but no documentation as of yet.
|
|
In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
via timing by performing a MAC computation even if incorrrect
block cipher padding has been found. This is a countermeasure
against active attacks where the attacker has to distinguish
between bad padding and a MAC verification error. (CAN-2003-0078)
Bump PKGREVISION.
|
|
configuration database from beeing modified by packages that do not honour
the --disable-schemas-install option. There is no need to patch these broken
packages any more.
Okay'ed by wiz.
|
|
rebuild the documentation database at install/deinstall time. This means
that:
- PLIST's do not need to call scrollkeeper-{update,rebuilddb} directly;
this is done by a bsd.pkg.install.mk template.
- The share/omf directory is only removed by scrollkeeper, which is the
last package in the dependancy tree.
- PKGREVISION is bumped.
Reviewed by wiz.
|