- Added optional time synchronization requirement.
It will add timestamps in handshake PRP authentication, disallowing to
repeat captured packet and get reply from the server, making it visible
to DPI.
PR: 206799
Submitted by: Sergey Matveev <stargrave@stargrave.org> (maintainer)
stud is a network proxy that terminates TLS/SSL connections
and forwards the unencrypted traffic to some backend. It's
designed to handle 10s of thousands of connections
efficiently on multicore machines.
WWW: https://github.com/bumptech/stud
PR: 206134
Submitted by: Franz Bettag <franz bett ag>
xconv is the only piece of xinetd written in perl, removing it from package
also removes perl dependency.
Add a new option, on by default to don't change current behavior, to select
to install or not xconv.
While here, re-generate patches using `make makepatch` to silence portlint
PR: 205661
Approved by: maintainer timeout (> 30 days)
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
- Upgrade all linux-c6- to CentOS 6.7
- Cleanups
PR: 205846
Submitted by: xmj
In Collaboration with: allanjude, netchild, xmj
Exp-run: antoine
Sponsored by: Perceivon Hosting Inc.
Differential Revision: D3428
We'd like to thanks for all the feedback and comments.
Bindings to OpenSSL libssl and libcrypto, plus custom SSH pubkey
parsers. Supports RSA, DSA and NIST curves P-256, P-384 and P-521.
Cryptographic signatures can either be created and verified manually
or via x509 certificates. AES block cipher is used in CBC mode for
symmetric encryption; RSA for asymmetric (public key) encryption.
High-level envelope functions combine RSA and AES for encrypting
arbitrary sized data. Other utilities include key generators, hash
functions (md5, sha1, sha256, etc), base64 encoder, a secure random
number generator, and 'bignum' math methods for manually performing
crypto calculations on large multibyte integers.
WWW: https://cran.r-project.org/web/packages/openssl/
[Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
[Security] Unsafe generation of CSRF token, see PMASA-2016-2
[Security] Multiple XSS vulnerabilities, see PMASA-2016-3
[Security] Insecure password generation in JavaScript, see PMASA-2016-4
[Security] Unsafe comparison of CSRF token, see PMASA-2016-5
[Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6
[Security] XSS vulnerability in normalization page, see PMASA-2016-7
[Security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8
[Security] XSS vulnerability in SQL editor, see PMASA-2016-9
