by other package Makefiles, and with the deprecation of USE_BUILDLINK3
support in the infrastructure files, these had the potential to break
existing packages.
The files in this archive are example systrace policy files,
which can be used to raise the security levels of your
computer by using the systrace(1) utility. These example
policies can be used as a base for custom policies, or as
learning material.
the courier Makefile adds it to all of the flags again. This avoids
situations where you end up with a flag that looks like "-Wl,-Wl,...".
This should fix the problem noted in pkg/29777.
Pkgsrc changes from version 0.9.7e include:
*) Install the man pages with names that are less likely to collide
with other packages' man pages.
*) Support PKG_OPTIONS of "idea", "mdc2" and "rc5" to allow building
with patented algorithms. By default, this package still builds
without patented algorithms.
Major changes from version 0.9.7e include:
*) Prompt for pass phrases when appropriate for PKCS12 input format.
*) Back-port of selected performance improvements from development
branch, as well as improved support for PowerPC platforms.
*) Add lots of checks for memory allocation failure, error codes to indicate
failure and freeing up memory if a failure occurs.
*) Add new -passin argument to dgst.
*) Make an explicit check during certificate validation to see that
the CA setting in each certificate on the chain is correct.
Noteworthy changes in version 1.4.1 (2005-03-15)
------------------------------------------------
* New --rfc2440-text option which controls how text is handled in
signatures. This is in response to some problems seen with
certain PGP/MIME mail clients and GnuPG version 1.4.0. More
details about this are available at
<http://lists.gnupg.org/pipermail/gnupg-users/2005-January/024408.html>.
* New "import-unusable-sigs" and "export-unusable-sigs" tags for
--import-options and --export-options. These are off by
default, and cause GnuPG to not import or export key signatures
that are not usable (e.g. expired signatures).
* New experimental HTTP, HTTPS, FTP, and FTPS keyserver helper
that uses the cURL library <http://curl.haxx.se> to retrieve
keys. This is disabled by default, but may be enabled with the
configure option --with-libcurl. Without this option, the
existing HTTP code is used for HTTP, and HTTPS, FTP, and FTPS
are not supported.
[enabled with the "curl" option for the package]
* When running a --card-status or --card-edit and a public key is
available, missing secret key stubs will be created on the fly.
Details of the key are listed too.
* The implicit packet dumping in double verbose mode is now sent
to stderr and not to stdout.
* Added countermeasures against the Mister/Zuccherato CFB attack
<http://eprint.iacr.org/2005/033>.
* Add new --edit-key command "bkuptocard" to allow restoring a
card key from a backup.
* The "fetch" command of --card-edit now retrieves the key using
the default keyserver if no URL has been stored on the card.
* New configure option --enable-noexecstack.
Also, gpgkeys_mailto is not installed any longer, dropping the
dependency on perl.
version 0.54 include:
* authsystem.passwd.in: Explicitly set LC_ALL to en_US
* SASL: Added CRAM-SHA256 authentication method (experimental).
* courierauthdebug.h: Macro dprintf conflicts with new glibc.
Version 4.5.4 is a bugfix release.
Fixed a string error in the updater.
Fixed a race condition in f-protd where f-protd would report
'Bad file number' on accept() under high loads.
Fixed a crash issue with malformed word macros.
Fixed a memory corruption in the x86 emulation code.
Modified check-updates.pl to automatically detect f-prot version number.
5.2 - merged in changes for 5.01 - 5.0.4
- added support for using encoding parameters and key derivation parameters
with public key encryption (implemented by OAEP and DL/ECIES)
- added Camellia, SHACAL-2, Two-Track-MAC, Whirlpool, RIPEMD-320,
RIPEMD-128, RIPEMD-256, Base-32 coding
- added ThreadUserTimer for timing thread CPU usage
- added option for password-based key derivation functions
to iterate until a mimimum elapsed thread CPU time is reached
- added option (on by default) for DEFLATE compression to detect
uncompressible files and process them more quickly
- improved compatibility and performance on 64-bit platforms,
including Alpha, IA-64, x86-64, PPC64, Sparc64, and MIPS64
- fixed ONE_AND_ZEROS_PADDING to use 0x80 instead 0x01 as padding.
- fixed encoding/decoding of PKCS #8 privateKeyInfo to properly
handle optional attributes
5.2.1 - fixed bug in the "dlltest" DLL testing program
- fixed compiling with STLport using VC .NET
- fixed compiling with -fPIC using GCC
- fixed compiling with -msse2 on systems without memalign()
- fixed inability to instantiate PanamaMAC
- fixed problems with inline documentation
support is built into courier-authlib -- -lintl is only needed by the
authpgsql authentication module. This avoids problems when linking
clients with -lcourierauth and the linker thinks -lintl is needed when
it really doesn't. Bump the PKGREVISION to 3.
*before* a BSD-with-advertising license was added to their diffs, and other
work done personally by me.
sshd now works. Most permissions checks work properly. Privsep is off by
default, and the sshd user is not created, on Interix until some problems
with privsep are fixed (perhaps by abstracting the auth functionality out
to openpam).
Fixes from Christoph Badura, who tested on gnupg-1.2.
This new version works with gnupg-1.4.0 as well as older versions of gpg,
and uses the --list-sigs argument as well as the --with-colons arguments
to gpg.
package builds and works correctly. This approach was taken prior to
this change. The is a problem because pth installs pthread.h in
${LOCALBASE}/include. This causes problems for things like Ada tasking
that depend on native pthreads when also linking against libraries in
pkgsrc (eg., gmp).
This change solve the problem by building a static pth library locally
and linking against it.
* Fixed bug which caused hostnames containing hyphens to fail with an error.
* Improved mapping of ID numbers to names in decode. This allows sparse IDs
ranges (e.g. 1,2,3,65000) to be supported, which means that we can now decode
XAUTH authentication method amongst other things.
* Added SO_BROADCAST option to UDP socket to allow sending to broadcast
addresses. Previously this gave a permission denied error.
* Version 0.2.5 (released 2005-02-08)
** Added self test of EXTERNAL mechanism.
** Vietnamese translation added, thanks to Clytie Siddall.
* Version 0.2.4 (released 2005-01-01)
** The CRAM-MD5 mechanism is now preferred over DIGEST-MD5.
This decision was based on recent public research that suggest MD5 is
broken, while HMAC-MD5 not immediately compromised, and the lack of
public analysis on what consequences the MD5 break have for
DIGEST-MD5. Support for CRAM-SHA1 is under investigation, to enable
users to avoid MD5 completely
** Fixed a bug that prevented SMTP client from working.
** New configure option --disable-obsolete to remove backwards compatibility.
This is mostly intended to be used when compiling for platforms with
constrained memory/space resources.
** DIGEST-MD5 rewritten and enabled by default (see lib/NEWS for details).
** Command line tool now query for realm, hostname and service name properly.
** Documentation updates and improvements.
** Self test improvements.
** Update of gnulib files.
The main change is support for printing policies and NAT rules for
firewall objects. Also improvments in the iptables compiler and lots
of bug fixes, to numerous to mentions. See the release notes at:
http://www.fwbuilder.org/archives/cat_release_notes.html#000185
Firewall Builder is a multi-platform firewall configuration and
management tool. It consists of a GUI and a set of policy compilers for
various firewall platforms. Firewall Builder uses an object-oriented
approach, it helps administrators maintain a database of network
objects and allows policy editing using simple drag-and-drop
operations. Firewall Builder currently supports
iptables,
IP Filter,
ipfw,
OpenBSD PF, and
Cisco PIX
fwbuilder provides the GUI frontend and the policy compilers.
useful.
Firewall Builder is a multi-platform firewall configuration and
management tool. It consists of a GUI and a set of policy compilers for
various firewall platforms. Firewall Builder uses an object-oriented
approach, it helps administrators maintain a database of network
objects and allows policy editing using simple drag-and-drop
operations. Firewall Builder currently supports
iptables,
IP Filter,
ipfw,
OpenBSD PF, and
Cisco PIX
libfwbuilder provides the back-end functionality in a library.
Cross-platform fix for checksumming code. This is
*incompatible* with version 2.5.1. As a temporary
workaround, setting "bugcompatibility 251" will maintain
compatibility with release 2.5.1 for little-endian platforms
(e.g. Intel). This will be removed from the final production
release.
Upgrade to Inno Setup 4.
More documentation fixes.
Increased the default thread stack size to 64k and
added "threadstacksize" for debug/test purposes.
Fix handling of HTTP/1.1 responses from proxies.
Added acceptconnecttimeout (supersedes "connecttimeout")
along with connectattempts, serverconnecttimeout and
targetconnecttimeout.
Fixed bug with "clienthost" not being honoured when Zebedee
was used as a service.
Nessus 2.2.3 contains a new option called "silent dependencies" which can be
used to filter out the noise generated by some plugins not directly enabled by
the user. It also contains a slightly more intuitive GUI which now contains
a "Credentials" tab to put Windows and SSH usernames and passwords.
* Add "pmfiles.dat" to legacy manifest_skip routine to accomodate
early Win32 hacks. Reported by Steve Hay via Michael Schwern.
[Changes for 0.43 - 2004-12-16]
* Updated t/0-signature.t to be more friendly with Test::More;
contributed by Michael Schwern.
* Add $Timeout (default 3 seconds) to control the timeout for
probing connections to the key server.
* Take account of the .ts files produced by newer MakeMakers
in the suggested MANIFEST.SKIP list.
[Changes for 0.42 - 2004-11-20]
* Move under SVK version control management; ditch keyword tags.
* Michael Schwern pointed out that during development, the
"signature.t" file would keep failing.
* Documented how to generate SIGNATURE files as part of "make dist",
for Module::Install, ExtUtils::MakeMaker and Module::Build users .
We are pleased to announce the availability of GnuTLS 1.2.0!
This release is the result of the 23 development releases made on the
development branch (1.1.x).
Major changes compared to the 1.0 branch include:
* Moved SRP password authentication from the GnuTLS-extra library
(licensed under GPL) to the core library (licensed under LGPL).
* The API has been cleaned up, and data types now use a '_t' suffix.
* Fixes to handle denial of service problem when verifying long
certificate chains.
* The manual has been converted to Texinfo and is consequently
available in many formats, see:
<http://josefsson.org/gnutls/manual/>
* A reference API manual has been added, and is available in HTML and
DevHelp formats, thanks to GTK-DOC, see:
<http://josefsson.org/gnutls/reference/gnutls-gnutls.html>
The 1.2.0 version is intended to be stable, and to be a drop-in
replacement of the stable 1.0.x branch.
We encourage developers to move to the 1.2 branch as soon as possible,
since we will now spend less time improving version 1.0.x.
We are not planning to open a 1.3 development branch soon, because
there are no plans to start work on any major new feature today.
Instead, we will continue to carefully improve the quality of this
release over time.
Improving GnuTLS is costly, but you can help! We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.
- Makefile's error messages now correct if output is
redirected (patch from Ilya Zakharevich).
- Non-blocking connects/accepts now work (Problem found by
Uri Guttman).
- new_from_fd() now works.
- getline() and <> in scalar context now return undef
instead of '' when the read failed. (Problem found by
Christian Gilmore).
- Broken pipe signals are now ignored during socket close
to prevent a SSL shutdown message from killing the parent
program. (Problem found by Christian Gilmore).
- Tests should proceed much more quickly, and a semi-race was
fixed, meaning that on slow machines the tests should be
more reliable.
- Check for Scalar::Util and Weakref now uses default
$SIG{__DIE__} instead of a potentially user-altered one
(suggestion from Olaf Schneider). This only applies to Perl 5.6.0 & above.
- Session caching support (patch from Marko Asplund).
- set_default_context() added to alter the behavior of
modules that use IO::Socket::SSL from the main program.
- get_ssl_object() renamed to _get_ssl_object() to reflect
the fact that it's only supposed to be used internally
(not that you should have cared, of course).
- Added patch for Net::SSLeay to take advantage of
client-side session caching. (i.e. use 1.26 of Net-SSLeay)
cache file by default; one of them is that recursion isn't re-parsing
the values correctly (and hosing up on multiple spaces in things like
CPPFLAGS). Amusingly enough, this hosage does not happen with a site
cache file such as the one generated by autoswc.
The switch to using :Q on these variables tripped over this stupidity bug,
so turn off the Cyrus configure.in stupidity where it tries to force use
of a cache file.
Fixes PR pkg/29375 and PR pkg/29380.
In download-vulnerability-list, first set the PKGVULNDIR, then create
the directory if it doesn't already exist.
Pointed out by Geert Hendrickx on tech-pkg@
The Courier authentication library provides authentication services for
other Courier applications. In this context, the term "authentication"
refers to the following functions:
1. Take a userid or a loginid, and a password. Determine whether the
loginid and the password are valid.
2. Given a userid, obtain the following information about the userid:
A. The account's home directory.
B. The numeric system userid and groupid that owns all files
associated with this account.
C. The location of the account's maildir.
D. Any maildir quota defined for this account. See the Courier
documentation for more information on maildir quotas.
E. Other miscellaneous account-specific options.
3. Change the password associated with a loginid.
4. Obtain a complete list of all loginids.
20040210 (Eelgrass) include:
- BUGFIX: Correct numerous markup errors, invalid cross-references,
and other issues in the manual pages, with kind assistance from
Ruslan Ermilov <ru@freebsd.org>.
- BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
and RETURNX() macros.
- BUGFIX: Remove an unnecessary and non-portable pointer cast in
pam_get_data(3).
- BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
pam_strerror(3) and gendoc.pl.
- ENHANCE: Minor overhaul of the autoconf / build system.
- ENHANCE: Add openpam_free_envlist(3).
This addresses PR#29271.
Changes include:
Version 4.5.3 adds a new commandline switch to f-protd, '-fullreport'
and new possible summary codes (see man page for details).
Version 4.5.2 is a bugfix release; f-protd would misidentify .pdf files
and block them from being delivered.
Version 4.5.1 is a bugfix release to fix a bug in scan-mail.pl where
scan-mail.pl would exit after first scan request on some unix platforms,
because of differing signal mechanism between BSD and SysV
Version 4.5.0 contains various bugfixes and improvements to the
documentation and software.
o check-updates.pl has been modified. It now identifies itself with a
unique user-agent string containing information on OS, kernel and
architecture.
o contains a major overhaul of the virus scanning engine
(new engine version 3.16.1). These changes improve its
detection capabilities. The engine can now better detect and
handle executable packers, often used by malware authors to conceal
malicious code.
o includes a more generic JPEG GDI+ exploit detection
o includes EMF/WMF image format exploit detection
o encrypted executables inside archives are now reported as
"could be a suspicious file (encrypted program in archive)",
previously reported as "could be a security risk".
o The argument switch "-archive" has been changed to support the form
"-archive=n" where n is a non-negative integer. This causes f-prot
to scan only n levels deep into nested archives of supported types in
order to protect against 'arhcive-bombs'.
The old form "-archive" is still supported, although depreciated, and
implies n==5. See the man page for details.
o Minor modifications in the DTD for the f-prot daemon XML.
o Bugfix where f-prot would return IO_ERROR when attempting to scan
unsupported partial archive files, e.g. .z01 files
o Improved RAR support. F-Prot fully supports rar versions 1.5, 2.0 and
2.6 and partially supports rar 2.9 (doesn't support RAR Virtual
Machine and the PPM model features)
within NetBSD-current's bsd.own.mk, which conflicts with its usage in
pkgsrc. The package that use USE_PAM have been converted to use the
bsd.options.mk framework. This should fix PR pkg/29257.
Don't accidentally inherit a forwarded agent when
inheritwhich=local-once. Move the --stop warning after the version
splash.
Add inheritance support via --inherit. Add parameters to --stop for
more control. Change the default behavior of keychain to inherit if
there's no keychain agent running ("--inherit local-once"), and
refrain from killing other agents unless "--stop others" is
specified.
Release notes:
December 22, 2004
amavisd-new-2.2.1 release notes
SECURITY:
- add support for the pax(1) archive decoder, which can handle tar/cpio/pax
archives (including legacy format variants). Due to limitations in cpio
(and in Archive::Tar), for security reasons it is preferred to decode
such archives with pax and no longer with cpio; please add a line:
$pax = 'pax';
to amavisd.conf and verify that the program pax is installed on the system
(and in the jail if running in chroot);
- perform additional tests at startup time on the proper protection
of the configuration file;
- add file name extensions wmf, emf and grp to the example list of
banned extension, according to recent Microsoft security bulletins;
suggested by Stephane Lentz;
- introduces 'clean but inconclusive' av scanner result to avoid a specialized
or quick partial av scanner like jpeg checker to claim mail is clean
when all other general purpose av scanners fail (see below);
INCOMPATIBILITY:
- removed some legacy $*_ldap variables, as they are no longer needed;
These variables were still declared but ignored in 2.2.0 for compatibility
with older amavisd.conf files. Such variables need to be removed from
the amavisd.conf if they are still present there from older versions,
otherwise Perl will complain with 'Global symbol ... requires explicit
package name";
OTHER FIXES:
- files_to_scan and decompose_mail are now able to remove unexpected
directories which may have been left behind by some failed decoding
and were causing temporary failures and mail delivery retries;
error recovery problem after failed unarj reported by Ralf Hildebrandt;
- error recovery code in files_to_scan and rmdir_recursively now tries to
change protection on directories and files, and retry if the first attempt
to access them fails because of denied permission;
- pre-load some additional Perl modules needed by SA when running in chroot;
- add module Net::LDAP::Search to a list of pre-fetched modules;
omission pointed out by Paul Jacobson;
- when quarantining is disabled by keeping $QUARANTINEDIR undefined,
the log entry and administrator notification message inappropriately
suggested that mail was quarantined, which in fact (appropriately)
it was not. Setting $QUARANTINEDIR='' did work as expected.
Reported by Sascha Lucas;
- avoid the use of Encode::is_utf8 due to a Perl bug (still present in 5.8.5)
where Encode::is_utf8 on tainted utf8 character string produces false;
- modify safe_encode() to guarantee the result is a string of octets,
not a string of UTF-8 characters; it saves some unnecessary work in
further processing and keeps MIME::Entity from UTF swamp when running
in chroot; problem pointed out by Branko F. Gracnar;
- avoid braindead Perl default where an empty regexp implies the last
successfully matched regexp, which (if not being very careful) brings in
some completely unrelated last-executed regular expression;
- change kill 'TERM' into kill 'KILL' when a forked process within run_command
and run_command_consumer gets into deep trouble, to avoid exit handlers
being invoked in the subprocess (which could lead to two processes trying
to clean the same set of temporary files);
- in an old sendmail setup using the amavis(.c) helper program without
LDA arguments, avoid inappropriate warning:
"WARN: no recips left (forgot to set $forward_method=undef using milter?)
and return status 0 instead of 99 when message is to be blocked, as the
helper program amavis(.c) does not recognize status 99 in this situation
and inappropriately passed it on to sendmail; reported by The Mindflayer;
- the @bypass_header_checks_maps is now able to also bypass the bad header
checks as provided by MIME::Parser; inconsitency reported by CRivera;
- avoid some Perl warning messages; thanks to Bill Landry;
CHANGES AND MINOR NEW FEATURES:
- add configuration variable @newvirus_admin_maps (and $newvirus_admin,
along with corresponding SQL field 'newvirus_admin') which works like
the existing @virus_admin_maps (and $virus_admin), except that it sends
virus administrator notification to specified e-mail address only for newly
encountered viruses which have not yet been encountered since the amavisd
startup. It makes use of by-virusname counters in the SNMP counters
database. If more than one child process starts working on infected
message containing a not-yet-accounted-for virus, there might be more
than one 'first time' notification, this is not a malfunction. Both
the @newvirus_admin_maps and the @virus_admin_maps may be enabled,
each (possibly both) would receive their notifications as appropriate.
A useful setting is to globally enable only the new virus notifications,
and additionally enable _all_ administrator notifications for internally
originating mail only (by the use of policy banks);
- provide separate configuration variables @banned_admin_maps and
@bad_header_admin_maps, along with corresponding SQL fields
'banned_admin' and 'bad_header_admin'; their function was previously
covered by @virus_admin_maps, which now only still controls administrator
notifications in case of viruses;
- introduces 'clean but inconclusive' av scanner result to avoid a specialized
or quick partial av scanner like jpeg checker to claim mail is clean
when all other general purpose av scanners fail:
in av scanner entries (lists @av_scanners and @av_scanners_backup) give
an extended meaning to undefined fourth argument (the 'match for clean'
list or regexp). The interpretation of the fourth argument is now:
4. an array ref of av scanner exit status values, or a regexp (to be
matched against scanner output), indicating NO VIRUSES found;
a special case is a value undef, which does not claim file to be clean
(i.e. it never matches, similar to []), but suppresses a failure warning;
to be used when the result is inconclusive (useful for specialized and
quick partial scanners such as jpeg checker);
Also modified example jpeg checker entry in amavisd.conf accordingly.
- NOD32 av scanner: changed @av_scanners entry to match the new version
of the scanner; thanks to Nejc Skoberne;
- added @av_scanners entry for File::Scan;
- when preparing a SQL SELECT clause for white/blacklisting lookup,
take into account a relative position of ? and %k in the
$sql_select_white_black_list template to improve flexibility
of specifying the clause; suggested by Matt Petteys;
- reduce the log level of some more common and harmless log messages;
- macro %p and the log entry now reports full policy bank path,
not just the last loaded policy bank name;
- added LDAP attributes amavisWarnVirusRecip, amavisWarnBannedRecip,
and amavisWarnBadHeaderRecip; by Joel Nimety and Michael Hall;
- renamed LDAP attribute name amavisSpamModifiesSubject to
amavisSpamModifiesSubj in order to match the documented LDAP schema;
noticed by Kees Bos, patch by Michael Hall;
- add support for ripOLE decoder, which attempt to extract embedded documents
from MS OLE documents (MS Office) (http://www.pldaniels.com/ripole/,
by Paul L Daniels)); ripOLE is still experimental/alpha code;
To be make amavisd-new find the installed program 'ripole', add the:
$ripole = 'ripole';
to the amavisd.conf; suggested by David Wilson and Noel Jones;
- allow multiple occurrences of command line option: -c config_file
and execute the provided configuration files one after the other;
based on a subset of functionality provided as a patch by Davor Ocelic;
- a slight improvement (in default $map_full_type_to_short_type_re)
in classifying mpeg and some other multimedia files;
- several minor code cleanups;
- add a recommendation by Daniel J McDonald to a documentation file INSTALL:
If different UID is preferred for an AV scanner, a solution for
ClamAV is to add user clamav to the amavis group, and then add
AllowSupplementaryGroups to clamd.conf;
- enclosed a simple demonstrational Perl program amavis.pl, which is
functionally much like the amavis.c helper program, but talks the new
AM.PDP protocol with the amavisd daemon. See README.protocol for the
description of AM.PDP protocol. To be placed in amavisd.conf:
$protocol='AM.PDP'; $unix_socketname='/var/amavis/amavisd.sock';
Usage: amavis.pl sender recip1 recip2 ... < message.txt
- documentation updates;
verision of libnet <= 1.0.1b. This will prevent the case where the user
has installed the libnet 1.1.x branch and then tries to install an application
that is not compatible with the 1.1.x tree.
Over time the list of these applications that require the 1.0.x branch
will be reduced as they are updated to later versions that support the
libnet 1.1.x branch.
This addresses PR# 29056 opened by diro (at) nixsys.bz, thanks for the PR !
- Version number in libtasn1.h updated properly.
Changes 0.2.12:
- Manual converted to Texinfo format.
- Manual in GTK-DOC and DevHelp formats added.
- Man pages for all functions added.
- Various internal cleanups.
python*-pth packages into meta-packages which will install the non-pth
packages. Bump PKGREVISIONs on the non-pth versions to propagate the
thread change, but leave the *-pth versions untouched to not affect
existing installations.
Sync all PYTHON_VERSIONS_AFFECTED lines in package Makefiles.
This is basically bug fix release, but official changes aren't provided
yet. Please refer ChangeLog.
Here is pkgsrc changes:
o Set RUBY_HAS_ARCHLIB=yes for Ruby packages including archtecture depending
extention library in order to depend more specific Ruby.
o Now install database for ri(1). Fix PR pkg/28566.
o Net::IMAP
* lib/net/imap.rb (u8tou16): fixed typo. fixed: [ruby-list:40546]
o NKF:
* ext/nkf/nkf-utf8/nkf.c (reinit): should initialize all static
variables. fixed: [ruby-list:40445]
* ext/nkf/lib/kconv.rb (Kconv::RegexpEucjp): second byte is up to
0xfe.
* ext/nkf/lib/kconv.rb (Kconv#kconv): should handle UTF8 and UTF16
properly.
o WEBrick
* lib/webrick/httpauth/htpasswd.rb (WEBrick::Htpasswd#reload):
raise NotImplementedError if password is encrypted by digest
algorithms. This patch is contributed by sheepman. [ruby-list:40467]
* lib/webrick/httpauth/digestauth.rb
(WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation.
This patch is contributed by sheepman. [ruby-list:40482]
* lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use
pack/unpack-template char "m" instead of lib/base64.rb to do base64
encoding/decoding. fixed: [ruby-dev:25336]
TLS (aka SSL) Channel - can be layered on any bi-directional Tcl_Channel.
Both client and server-side sockets are possible, and this code should work
on any platform as it uses a generic mechanism for layering on SSL and Tcl.
script to avoid bizarre quoting problems within the configure script.
This also fixes the definition of SYSCONFDIR in the compiled library.
Bump the PKGREVISION to 1.
TLS (aka SSL) Channel - can be layered on any bi-directional Tcl_Channel.
Both client and server-side sockets are possible, and this code should work
on any platform as it uses a generic mechanism for layering on SSL and Tcl.
Changes:
* Updated the ALTQ patch, now works correctly on NetBSD 2.0 release.
Thanks to Miles Nordin for helping and testing.
* Write struct "pcap_sf_pkthdr" instead of "pcap_pkthdr". Fixes
an LP64 specific problem with reading the pflog with tcpdump(8).
* Applied patch to pf.c from OPENBSD_3_6 branch:
ICMP state entries use the ICMP ID as port for the unique state key. When
checking for a usable key, construct the key in the same way. Otherwise,
a colliding key might be missed or a state insertion might be refused even
though it could be inserted. The second case triggers the endless loop
fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel.
Report and test data by Srebrenko Sehic.
* Applied patch to pf_lkm.c from NetBSD HEAD:
pfil4_wrapper: clear M_CANFASTFWD which is not compatible with pf.
* Applied patch to pf_ioctl.c from OPENBSD_3_6 branch:
replace finer-grained spl locking in pfioctl() with a single broad lock
around the entire body. this resolves the (misleading) panics in
pf_tag_packet() during heavy ioctl operations (like when using authpf)
that occur because softclock can interrupt ioctl on i386 since SMP.
* Applied patch to pf.c from OPENBSD_3_6 branch:
IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6
header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing
the header chain. In the case where headers are skipped, the protocol
checksum verification used the wrong length (included the skipped headers),
leading to incorrectly mismatching checksums. Such IPv6 packets with
headers were silently dropped. Reported by Bernhard Schmidt.
* Applied patch to pfctl_optimize.c from OPENBSD_3_6 branch:
&&/|| inversion would try to merge IP addresses with non-addresses into a
single table causing a ruleset load error and eventually a double-free.
* Applied patch to pf.c from OPENBSD_3_6 branch:
Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN,
prevents a possible endless loop in pf_get_sport() with 'static-port'
* Fix to if_events.diff from Miles Nordin <carton at Ivy dot NET>:
Call free after removing the element from the list, not before.
Fixes panic with "unaligned access" on Alpha.
changes:
-IPv6 support
-client added
-bugfixes
XXX dropbear wants to use /dev/random per default now which makes it
unusable on systems w/o entropy source. I've patched it back to
/dev/urandom. There might be security concerns.
when other source files depend on fd_set being defined in a local header.
(Required on Interix, which does not expose <sys/select.h>/<sys/time.h>
automagically via other system headers as some OS's do by default.)
because:
- its behaviour changes between releases
- it uses build-host specific instructions where possible,
specifically on >= Solaris 9 update 6 and Sun Studio 9 (sse, sse2)
this breaks using the binary pkg when installed on systems with a
less capable processor. instead, just use -xO5 so the binary pkg will
work everywhere.
to regenerate some documentation files, but the regen is unnecessary.
Fix the post-tools target that created a dummy perl -- it was failing
because ${TRUE} may not be an actual executable (it could be a shell
builtin) and thus symlinking to it may not work.
- Complete overhaul of the Framework payload collection
+ Win32 ordinal-stagers are now included (92-byte reverse connect)
+ A handful of new sparc payloads have been added (sol, linux, bsd)
+ Reliability problems have been resolved in bsd, linux, and win32
+ New udp-based linux shell stagers and shell payloads
+ New size-optimized Mac OS X encoders and payloads
- Includes the win32 version of the Meterpreter
+ Dynamically load new features over the network w/o disk access
+ In-memory dll injection of the basic meterpreter shell
+ Current extensions include Fs, Process, Net, and Sys
+ Extensive documentation is available online:
* http://metasploit.com/projects/Framework/docs/meterpreter.pdf
- Complete rewrite of the 'msfweb' user interface
+ Generate and encode stand-alone shellcode from the web interface
+ The interface is skinnable and includes three different themes
+ Streaming HTTP is used to provide a 100% web-based shell
+ Ability to set advanced options in the web interface
- Massive speed enhancements in msfconsole and msfweb
+ Snappier response and quicker load times on older systems
+ Optimizations made to various sort/search algorithms
+ Modules are no longer reloaded after each exploit
- New exploits
+ Microsoft WINS Service Memory Overwrite (MS04-045)
+ Samba trans2open() Buffer Overflow (Mac OS X)
+ 4D WebSTAR FTP Server Buffer Overflow (Mac OS X)
+ Veritas Name Service Registration Buffer Overflow
+ AOL Instant Messenger 'goaway' Buffer Overflow
+ IPSwitch IMail IMAPD 'delete' Buffer Overflow
+ Seattle Labs Mail Server POP3 Buffer Overflow
+ UoW IMAPD Buffer Overflow (sparc, ia32)
+ IRIX lpdsched Remote Command Execution
+ CDE dtspcd Buffer Overflow (Solaris)
+ IIS 4.0 ism.dll HTR Buffer Overflow
+ IIS w3who.dll ISAPI Buffer Overflow
* Portability fixes, memory allocation fixes and other minor things.
* Support to build as a W32 static library.
* Changed the way the RNG gets initialized. This allows to keep it
uninitialized as long as no random numbers are used. To override
this, the new macro gcry_fast_random_poll may be used. It is in
general a good idea to spread this macro into the application code
to make sure that these polls happen often enough.
- Add bl3 and openssl support
- Fix paths in man pages
- Install extra documentation
- Remove un-needed options from pkgsrc Makefile
Lots of changes/bugfixes from 1.6 including:
psk-crack.c: New program to crack Aggressive Mode Pre-Shared Keys
using dictionary attack. This uses the output from "ike-scan -P"
together with a dictionary.
in their tests for built-in versions of the PAM implementations. The
MacOS X case now collapses nicely into the linux-pam case. Allow
pam.buildlink3.mk to use solaris-pam as an accepted PAM implementation.
It includes the correct buildlink3.mk file from either Linux-PAM
(security/PAM) or OpenPAM (security/openpam) and eventually will
support solaris-pam. pam.buildlink3.mk will:
* set PAMBASE to the base directory of the PAM files;
* set PAM_TYPE to the PAM implementation used.
There are two variables that can be used to tweak the selection of
the PAM implementation:
PAM_DEFAULT is a user-settable variable whose value is the default
PAM implementation to use.
PAM_ACCEPTED is a package-settable list of PAM implementations
that may be used by the package.
Modify most packages that include PAM/buildlink3.mk to include
pam.buildlink3.mk instead.
package from "pam" to "linux-pam".
* Rewrite PAM/builtin.mk to check that we have Linux-PAM, and re-classify
MacOS X's PAM as Linux-PAM because it _is_, according to to Apple.
Also don't use BUILDLINK_TRANSFORM.* to rewrite header file paths
-- just use a symlink so that <security/*.h> can be used to find
<pam/*.h>.
OpenPAM is an open source PAM library that focuses on simplicity,
correctness, and cleanliness.
OpenPAM aims to gather the best features of Solaris PAM, XSSO and
Linux-PAM, plus some innovations of its own. In areas where these
implementations disagree, OpenPAM tries to remain compatible with
Solaris, at the expense of XSSO conformance and Linux-PAM
compatibility.
These are some of OpenPAM's features:
- Implements the complete PAM API as described in the original PAM
paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
except for mappings and secondary authentication. Also
implements some extensions found in Solaris 9.
- Extends the API with several useful and time-saving functions.
- Performs strict checking of return values from service modules.
so that the appropriate OpenSSL sources are built. Also, explicitly
mark the endianness of each supported NetBSD platform to avoid potential
endianness issues when doing the crypto arithmetic.
wrapper functions with the correct parameters for CRC-CCITT, CRC-16 and
CRC-32.
[tv: This differs from p5-String-CRC32 in that it is a generic Digest.pm
module plugin.]
The purpose of pgpenvelope is to allow easy use of GnuPG
to encrypt/sign/decrypt/verify messages using Pine's send-
ing/displaying filters.
Simply make the appropriate filter entries in one's Pine
configuration, and run Pine as normal. When sending mail,
choose the pgpenvelope_encrypt filter. Additionally, one
can use it as a procmail filter.
object-oriented method for interacting with GnuPG, being able to perform
functions such as but not limited to encrypting, signing, decryption,
verification, and key-listing parsing.
Dirmngr is a server for managing and downloading certificate
revocation lists (CRLs) for X.509 certificates and for downloading the
certificates themselves. Dirmngr also handles OCSP requests as an
alternative to CRLs. Dirmngr is either invoked internaly by gpgsm
(from gnupg 1.9) or when running as a system daemon through the
dirmngr-client tool.
Whats new in this release
=========================
* New option --daemon to start dirmngr as a system daemon. This
switches to the use of different directories and also does
CRL signing certificate validation on its own.
* New tool dirmngr-client.
* New options: --ldap-wrapper-program, --http-wrapper-program,
--disable-ldap, --disable-http, --honor-http-proxy, --http-proxy,
--ldap-proxy, --only-ldap-proxy, --ignore-ldap-dp and
--ignore-http-dp.
* Uses an external ldap wrapper to cope with timeouts and general
LDAP problems.
* SIGHUP may be used to reread the configuration and to flush the
certificate cache.
* An authorithyKeyIdentifier in a CRL is now handled correctly.
Version 4.07, 2005.01.03, urgency: MEDIUM:
* Bugfixes
- Problem with infinite poll() timeout negative, but not equal to -1 fixed.
- Problem with a file descriptor ready to be read just after a non-blocking
connect call fixed.
- Compile error with EAI_NODATA not defined or equal to EAI_NONAME fixed.
- IP address and TCP port textual representation length (IPLEN) increased
to 128 bytes.
- OpenSSL engine support is only used if engine.h header file exists.
Version 4.06, 2004.12.26, urgency: LOW:
* New feature sponsored by SURFnet http://www.surfnet.nl/
- IPv6 support (to be enabled with ./configure --enable-ipv6).
* New features
- poll() support - no more FD_SETSIZE limit!
- Multiple connect=host:port options are allowed in a single service
section. Remote hosts are connected using round-robin algorithm.
This feature is not compatible with delayed resolver.
- New 'compression' option to enable compression. To use zlib
algorithm you have to enable it when building OpenSSL library.
- New 'engine' option to select a hardware engine.
- New 'TIMEOUTconnect' option with 10 seconds default added.
- stunnel3 perl script to emulate version 3.x command line options.
- French manual updated by Bernard Choppy <choppy AT free POINT fr>.
- A watchdog to detect transfer() infinite loops added.
- Configuration file comment character changed from '#' to ';'.
'#' will still be recognized to keep compatibility.
- MT-safe getaddrinfo() and getnameinfo() are used where available
to get better performance on resolver calls.
- Automake upgraded from 1.4-p4 to 1.7.9.
* Bugfixes
- log() changed to s_log() to avoid conflicts on some systems.
- Common CRIT_INET critical section introduced instead of separate
CRIT_NTOA and CRIT_RESOLVER to avoid potential problems with
libwrap (TCP Wrappers) library.
- CreateThread() finally replaced with _beginthread() on Win32.
- make install creates $(localstatedir)/stunnel.
$(localstatedir)/stunnel/dev/zero is also created on Solaris.
- Race condition with client session cache fixed.
- Other minor bugfixes.
* Release notes
- Default is *not* to use IPv6 '::' for accept and '::1' for
connect. For example to accept pop3s on IPv6 you could use:
'accept = :::995'. I hope the new syntax is clear enough.
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
Changes:
* doc/pyOpenSSL.tex: Updates to the docs.
* src/crypto/x509.c: Add X509.add_extensions based on a patch
from Han S. Lee.
* src/ssl/ssl.c: Add more SSL_OP_ constants. Patch from Mihai
Ibanescu.
* setup.py src/crypto/: Add support for Netscape SPKI extensions
based on a patch from Tollef Fog Heen.
* src/crypto/crypto.c: Add support for python passphrase callbacks
based on a patch from Robert Olson.
* src/ssl/context.c: Applied patch from Frederic Peters to add
Context.use_certificate_chain_file.
* src/crypto/x509.c: Applid patch from Tollef Fog Heen to add
X509.subject_name_hash and X509.digest.
* src/crypto/crypto.c src/ssl/ssl.c: Applied patch from Bastian
Kleineidam to fix full names of exceptions.
* doc/pyOpenSSL.tex: Fix the errors regarding X509Name's field names.
* examples/certgen.py: Fixed wrong attributes in doc string, thanks
Remy. (SFbug#913315)
* __init__.py, setup.py, version.py: Add __version__, as suggested by
Ronald Oussoren in SFbug#888729.
* examples/proxy.py: Fix typos, thanks Mihai Ibanescu. (SFpatch#895820)
* Use cyclic GC protocol in SSL.Connection, SSL.Context, crypto.PKCS12
and crypto.X509Name.
* tsafe.py: Add some missing methods.
* __init__.py: Import tsafe too!
* src/crypto/x509name.c: Use unicode strings instead of ordinary
strings in getattr/setattr. Note that plain ascii strings should
still work.
in PR 25573, with some cleanup by me.
Mixminion is a communication security application for electronic mail
messages. Its purpose is to deny an adversary the ability to
determine who is communicating with whom and to provide the closely
related service of anonymous communication.
It does this by sending messages through a series of servers.
Messages going into and out of each server are encrypted. Each server
keeps a pool of messages. When a message comes in it is placed in the
pool. Messages sent out from the pool are difficult to correlate with
the messages going in. This process is called "mixing."
Each server reduces the ability of the adversary to determine the
origin of a message. Chaining the servers further reduces this
ability and contains the damage caused by compromised servers. The
chain of servers is chosen by the Mixminion software running on the
user's machine.
See http://mixminion.net for a complete description.
* Version 0.2.3 (released 2004-12-15)
** Fix example code to handle base64 encoded data properly.
** DIGEST-MD5 is disabled by default, pending a rewrite for the new API.
** Command line tool uses new callback interface to the library.
** Command line tool uses "iconvme" from gnulib for UTF-8 string conversion.
** Server mode in the command line tool does not work currently.
It is unclear if this feature was ever that useful. If there are no
objections, it will be removed completely in future versions.
** Documentation fixes.
** Fix self test bugs.
* Version 0.2.2 (released 2004-11-29)
** Update of gnulib files.
* Version 0.2.1 (released 2004-11-19)
** Documentation fixes; the old callback API functions are marked as obsolete.
* Version 0.2.0 (released 2004-11-07)
** Added new directory examples/ with complete examples for new API.
** Documentation improvements.
For example, you can now browse the GNU SASL API manual using DevHelp.
** Update of gnulib files.
** More self tests.
** Translation fixes.
New in 0.0.15:
** Documentation improvements.
For example, you can now browse the GSS manual using DevHelp.
** Libtool's -export-symbols-regex is now used to only export official APIs.
Before, applications might accidentally access internal functions.
Note that this is not supported on all platforms, so you must still
make sure you are not using undocumented symbols in GSS.
* Version 0.0.14 (released 2004-10-15)
** gss_import_name and gss_duplicate_name no longer clone the OID.
Instead, only the pointer to the OID is cloned. It seem unclear where
a cloned OID would be deallocated.
** Fixed handling of sequence numbers in gss_accept_sec_context, for servers.
** Fix crash in gss_accept_sec_context for NULL values of ret_flags.
** Fix memory leaks.
** Sync with new Shishi 0.0.18 API.
While here, convert to options.mk.
GnuPG 1.4 Highlights
====================
This is a brief overview of the changes between the GnuPG 1.2 series
and the new GnuPG 1.4 series. To read the full list of highlights for
each revision that led up to 1.4, see the NEWS file in the GnuPG
distribution. This document is based on the NEWS file, and is thus
the highlights of the highlights.
When upgrading, note that RFC-2440, the OpenPGP standard, is currently
being revised. Most of the revisions in the latest draft (2440bis-12)
have already been incorporated into GnuPG 1.4.
Algorithm Changes
-----------------
OpenPGP supports many different algorithms for encryption, hashing,
and compression, and taking into account the OpenPGP revisions, GnuPG
1.4 supports a slightly different algorithm set than 1.2 did.
The SHA256, SHA384, and SHA512 hashes are now supported for read and
write.
The BZIP2 compression algorithm is now supported for read and write.
Due to the recent successful attack on the MD5 hash algorithm
(discussed in <http://www.rsasecurity.com/rsalabs/node.asp?id=2738>,
among other places), MD5 is deprecated for OpenPGP use. It is still
allowed in GnuPG 1.4 for backwards compatibility, but a warning is
given when it is used.
The TIGER/192 hash is no longer available. This should not be
interpreted as a statement as to the quality of TIGER/192 - rather,
the revised OpenPGP standard removes support for several unused or
mostly unused hashes, and TIGER/192 was one of them.
Similarly, Elgamal signatures and the Elgamal signing key type have
been removed from the OpenPGP standard, and thus from GnuPG. Please
do not confuse Elgamal signatures with DSA or DSS signatures or with
Elgamal encryption. Elgamal signatures were very rarely used and were
not supported in any product other than GnuPG. Elgamal encryption was
and still is part of OpenPGP and GnuPG.
Very old (pre-1.0) versions of GnuPG supported a nonstandard (contrary
to OpenPGP) Elgamal key type. While no recent version of GnuPG
permitted the generation of such keys, GnuPG 1.2 could still use them.
GnuPG 1.4 no longer allows the use of these keys or the (also
nonstandard) messages generated using them.
At build time, it is possible to select which algorithms will be built
into GnuPG. This can be used to build a smaller program binary for
embedded uses where space is tight.
Keyserver Changes
-----------------
GnuPG 1.4 does all keyserver operations via plugin or helper
applications. This allows the main GnuPG program to be smaller and
simpler. People who package GnuPG for various reasons have the
flexibility to include or leave out support for any keyserver type as
desired.
Support for fetching keys via HTTP and finger has been added. This is
mainly useful for setting a preferred keyserver URL like
"http://www.jabberwocky.com/key.asc". or "finger:wk at g10code.com".
The LDAP keyserver helper now supports storing, retrieving, and
searching for keys in both the old NAI "LDAP keyserver" as well as the
more recent method to store OpenPGP keys in standard LDAP servers.
This is compatible with the storage schema that PGP uses, so both
products can interoperate with the same LDAP server.
The LDAP keyserver helper is compatible with the PGP company's new
"Global Directory" service.
If the LDAP library you use supports LDAP-over-TLS and LDAPS, then
GnuPG detects this and supports them as well. Note that using TLS or
LDAPS does not improve the security of GnuPG itself, but may be useful
in certain key distribution scenarios.
HTTP Basic authentication is now supported for all HKP and HTTP
keyserver functions, either through a proxy or via direct access.
The HKP keyserver plugin supports the new machine-readable key
listing format for those keyservers that provide it.
IPv6 is supported for HKP and HTTP keyserver access.
When using a HKP keyserver with multiple DNS records (such as
subkeys.pgp.net which has the addresses of multiple servers around the
world), all DNS address records are tried until one succeeds. This
prevents a single down server in the rotation from stopping access.
DNS SRV records are used in HKP keyserver lookups to allow
administrators to load balance and select keyserver ports
automatically.
Timeout support has been added to the keyserver plugins. This allows
users to set an upper limit on how long to wait for the keyserver
before giving up.
Preferred Keyserver URL
-----------------------
Preferred keyserver support has been added. Users may set a preferred
keyserver via the --edit-key command "keyserver". If the
--keyserver-option honor-keyserver-url is set (and it is by default),
then the preferred keyserver is used when refreshing that key with
--refresh-keys.
The --sig-keyserver-url option can be used to inform signature
recipients where the signing key can be downloaded. When verifying
the signature, if the signing key is not present, and the keyserver
options honor-keyserver-url and auto-key-retrieve are set, this URL
will be used to retrieve the key.
Trust Signatures
----------------
GnuPG 1.4 supports OpenPGP trust signatures, which allow a user to
specify the trust level and distance from the user along with the
signature so users can delegate different levels of certification
ability to other users, possibly restricted by a regular expression on
the user ID.
Trust Models
------------
GnuPG 1.4 supports several ways of looking at trust:
Classic - The classic PGP trust model, where people sign each others
keys and thus build up an assurance (called "validity") that
the key belongs to the right person. This was the default
trust model in GnuPG 1.2.
Always - Bypass all trust checks, and make all keys fully valid.
Direct - Users may set key validity directly.
PGP - The PGP 7 and 8 behavior which combines Classic trust with trust
signatures overlaid on top. This is the default trust model in
GnuPG 1.4.
The OpenPGP Smartcard
---------------------
GnuPG 1.4 supports the OpenPGP smartcard
(<http://www.g10code.de/p-card.html>)
Secret keys may be kept fully or partially on the smartcard. The
smartcard may be used for primary keys or subkeys.
Other Interesting New Features
------------------------------
For those using Security-Enhanced Linux <http://www.nsa.gov/selinux/>,
the configure option --enable-selinux-support prevents GnuPG from
processing its own files (i.e. reading the secret keyring for
something other than getting a secret key from it). This simplifies
writing ACLs for the SELinux kernel.
Readline support is now available at all prompts if the system
provides a readline library.
GnuPG can now create messages that can be decrypted with either a
passphrase or a secret key. These messages may be generated with
--symmetric --encrypt or --symmetric --sign --encrypt.
--list-options and --verify-options allow the user to customize
exactly what key listings or signature verifications look like,
enabling or disabling things such as photo display, preferred
keyserver URL, calculated validity for each user ID, etc.
The --primary-keyring option designates the keyring that the user
wants new keys imported into.
The --hidden-recipient (or -R) command encrypts to a user, but hides
the identity of that user. This is the same functionality as
--throw-keyid, but can be used on a per-user basis.
Full algorithm names (e.g. "3DES", "SHA1", "ZIP") can now be used
interchangeably with the short algorithm names (e.g. "S2", "H2", "Z1")
anywhere algorithm names are used in GnuPG.
The --keyid-format option selects short (99242560), long
(DB698D7199242560), 0xshort (0x99242560), or 0xlong
(0xDB698D7199242560) key ID displays. This lets users tune the
display to what they prefer.
While it is not recommended for extended periods, it is possible to
run both GnuPG 1.2.x and GnuPG 1.4 during the transition. To aid in
this, GnuPG 1.4 tries to load a config file suffixed with its version
before it loads the default config file. For example, 1.4 will try
for gpg.conf-1.4 and gpg.conf-1 before falling back to the regular
gpg.conf file.
too numerous to be listed here, but include adding a new DES API
(support for the old one is still present).
Changes to the pkgsrc structure include:
* Install the shared libraries with a version number that matches the
OpenSSL version number
* Move some of the less often-used c_* utilities back into the examples
directory.
* Drop support for using the RSAREF library and always use the built-in
RSA code instead.
* [gpg-agent] New option --use-standard-socket to allow the use of a
fixed socket. gpgsm falls back to this socket if GPG_AGENT_INFO
has not been set.
* New tool gpg-preset-passphrase.
NOTE: THIS IS A SECURITY UPDATE.
Changes from version 1.3.4 include:
* [2841] Fix heap buffer overflow in password history
mechanism. [MITKRB5-SA-2004-004]
* [2682] Fix ftpd hang caused by empty PASS command.
* [2686] Fix double-free errors. [MITKRB5-SA-2004-002]
* [2687] Fix denial-of-service vulnerability in ASN.1
decoder. [MITKRB5-SA-2004-003]
module directory has changed (eg. "darwin-2level" vs.
"darwin-thread-multi-2level").
binary packages of perl modules need to be distinguishable between
being built against threaded perl and unthreaded perl, so bump the
PKGREVISION of all perl module packages and introduce
BUILDLINK_RECOMMENDED for perl as perl>=5.8.5nb5 so the correct
dependencies are registered and the binary packages are distinct.
addresses PR pkg/28619 from H. Todd Fujinaka.
libssl without linking also libcrypto, which fails on 2.0 since libssl
doesn't have recorded the libcrypto dependency; fix by disabling
the checkLibrary() call when QC_WITH_OPENSSL_LIB is supplied
PR: 28576
build shared libraries. on Darwin with xlc, this fails because of the
way xlc invokes Darwin's in-base libtool to create shared libraries,
meaning that the -all_load argument cannot be used to import all
symbols.
work around this the same way as UnixWare does it, by listing the
archive library contents and linking the object files into the shared
library individually. also remove some other assumed gcc'isms to make
this build on Darwin with xlc.
XXX maybe this pkg should be libtool'ized?
The wrapper will correctly set the CPP environment variable to a
stat((2)able path to a C preprocessor, then rely on the PATH to
find and invoke the real rpcgen.
Remove NO_EXPORT_CPP in package Makefiles where it was used just to
avoid problems with rpcgen. The build system now just does the right
thing automatically without needing package-specific knowledge.
This fixes PR pkg/27272.
The idea is to prevent needing to patch source files for packages that
use OpenSSL for DES support by ensuring that including <openssl/des.h>
will always present the old DES API.
(1) If des_old.h exists, then we're using OpenSSL>=0.9.7, and
<openssl/des.h> already does the right thing.
(2) If des_old.h doesn't exist, then one of two things is happening:
(a) If <openssl/des.h> is old and (only) supports the old DES API,
then <openssl/des.h> does the right thing.
(b) If it's NetBSD's Special(TM) one that stripped out the old DES
support into a separate library and header (-ldes, <des.h>),
then we create a new header <openssl/des.h> that includes the
system one and <des.h>.
Also modify existing packages that set USE_OLD_DES_API to simply include
<openssl/des.h> instead of either <des.h> or <openssl/des_old.h> (This
step is mostly just removing unnecessary patches).
This should fix building packages that use OpenSSL's old DES API support
on non-NetBSD systems where the built-in OpenSSL is at least 0.9.7.
Change log:
5.28 Wed Nov 10 15:33:20 MST 2004
- provided more flexible formatting of SHA state files
-- entries may now contain embedded whitespace
for improved readability
- minor code cleanups
Change log:
*** 2004/09/13 Version 1.4
Fixed Makefile problems on some versions of perl 5.8.0
*** 2004/11/17 Version 1.5
ActivePerl version adds hexhash() for compatibility
Contributed by Gisle Aas
and no package is using it ATM).
4.1.1:
- Fixed shared library version info.
4.1.0:
- Added SHA-384 and SHA-512 algorithms.
- Added HMAC-SHA-384 and HMAC-SHA-512 algorithms.
- Added generic SSE2 optimization for the above algorithms.
- Added more digest algorithms for PKCS#1 EMSA.
- Optimized swap32 and swap64 routines on Linux.
- Fixed missing definition in mpopt.h for s390x.
- Fixed nostackexec configuration bug.
- Fixed problem in Date::toString.
- Fixed deadlock problem which occured in certain cases where security
or crypto SPI constructor called getInstance for another security or
crypto SPI.
- Fixed a bug in the generic CBC encryption code; when called with
nblocks == 1, the feedback was set incorrectly.
- Fixed a bug in mpbsubmod; sometimes it takes multiple additions of
the modulus to get a positive number.
- Fixed PowerPC 64-bit configuration problem on Linux.
4.0.0:
- Added a C++ API interface, modeled after Java's security & crypto API.
- Added the new GNU noexecstack feature.
- Added more x86_64 and s390x assembler routines.
- Modified i2osp, so that it only requires as many octets as there are
significant bytes in the multi-precision integers.
- Fixed a bug in the creation of rsa keypairs; code was not correctly
migrated to new calling sequence. The code now implements the method
described in IEEE P.1363.
- Fixed another bug in mpextgcd_w which sometimes returned incorrect
results.
- Fixed a bug in mprshiftlsz, which didn't work correctly when size = 1.
- Fixed a configuration problem on Tru64 Unix.
3.1.0:
- Added wiping of private key components of keypairs before freeing.
- Fixed bug in mpextgcd_w which sometimes returned incorrect result.
- Fixed error in PowerPC 64-bit assembler symbol definitions.
* improved cleanup routines to make sure that no memory is leaking.
* applied patch to pf.c from OPENBSD_3_6 branch:
fix a bug that leads to a crash when binat rules of the form
'binat from ... to ... -> (if)' are used, where the interface is dynamic.
* added (unsigned char) casts to ctype functions.
* added experimental patch for ALTQ support.
* applied patch to pfctl_parser.c from OPENBSD_3_6 branch:
do not assume entries in pf_timeouts[] are ordererd like PFTM_* in pfvar.h
* applied patch to pf.c from OPENBSD_3_6 branch:
The flag to re-filter pf-generated packets was set wrong by synproxy
for ACKs. It should filter the ACK replayed to the server, instead of
of the one to the client.
* applied patch to pf.c from OPENBSD_3_6 branch:
For RST generated due to state mismatch during handshake, don't set
th_flags TH_ACK and leave th_ack 0, just like the RST generated by
the stack in this case. Fixes the Raptor workaround.
* applied patch to pf_lkm.c from NetBSD HEAD:
pfil4_wrapper, pfil6_wrapper:
ensure that mbufs are writable beforehand as pf assumes it.
* applied patch to pf.c from OPENBSD_3_6 branch:
reset anchor pointer to NULL when stepping back into the main ruleset,
fixes pflog attributing states wrongly to anchors and pfctl -vvsn/sr
showing wrong state counters for anchor rules.
pkgsrc and in NetBSD-1.6.x) and OpenSSL 0.9.7 (in NetBSD-2.0), by
creating a new yes/no variable USE_OLD_DES_API that flags whether the
package wants to use the old DES API. If USE_OLD_DES_API is "yes",
then:
* For OpenSSL 0.9.6, symlink ${BUILDLINK_DIR}/include/openssl/des_old.h
to ${SSLBASE}/include/openssl/des.h.
* For NetBSD 2.0's "special" installation of OpenSSL 0.9.7, symlink
${BUILDLINK_DIR}/include/openssl/des_old.h to /usr/include/des.h,
and transform "-lcrypto" into "-ldes -lcrypto". This makes it
behave like stock OpenSSL 0.9.7 where the old DES functions are
part of libcrypto.
Software that wants to use the old DES API should be taught to do it
in a way that works with a stock installation of OpenSSL 0.9.7 -- by
including <openssl/des_old.h> and linking against "-lcrypto". Software
that wants to use the new DES API should simply depend on openssl>=0.9.7.
This change has no impact on existing packages as the new code is
active only when USE_OLD_DES_API == "yes".
This is mainly a maintenance release to support new options in dirmngr
(to be released soon):
* [gpgsm] New option --prefer-system-dirmngr.
* Minor cleanups and debugging aids.
It can't be fixed easily because the pflkm package uses different versioning
(dates instead of 3.5, 3.6, etc). So just disable it for now until I've
found a better way to handle this.
Approved by wiz.
Changes:
o Added a configure check for systems with a 2-argument version of
timespecsub (like BSD/OS).
o Added stub struct defintions to sudo.h to quiet compiler warnings
on some systems.
o In sudoers Defaults lines, tuples like "lecture" may now be used
without a value, restoring their old boolean-like nature.
o Invalid values for a tuple are now handled correctly.
0.xx releases. Full changelog:
hashcash-1.13 - 16-Oct-2004 - Adam Back <adam@cypherspace.org>
* fix bug where grace period not applied to double-spend db.
I think this could allow people to double-spend in the time
period after the resulting premature purging and before
expiry (which is the grace period)
* add new feature where -e <period> can be used with -p to
override the expiry given at spend time (that is stored in
the double-spend db). Inspired by question from Atom
Smasher <atom@suspicious.org>.
* clean up some memory leaks
* add hashcash_free function (DLL scenario caller can't rely
on having same deallocator to call as library compiled with)
* lots more function documentation in hashcash.h for
library/DLL users, renamed all exported library functions to
start with hashcash_ prefix.
* added hashcash_version function.
* added callback function to allow user quit (returns
HASHCASH_USER_ABORT) and to give progress feedback.
* added option -P which uses the callback to show progress.
* added -O core option to allow user selection of core.
* added small parameter to hashcash (to request small stamps
rather than slightly larger fast to generate stamps), and -Z
option to turn this on. (In fact it is not implemented yet
but want to avoid changing library interface later).
hashcash-1.12 - 03-Oct-2004 - Adam Back <adam@cypherspace.org>
* make a HASHCASH.DLL on windows using MINGW.
hashcash-1.11 - 02-Oct-2004 - Adam Back <adam@cypherspace.org>
* _really_ fix trailing ascii(32) (spaces). I have no idea
how I decided the 1.10 code fixed it. Must have messed up
the test I was using to check it worked.
hashcash-1.10 - 01-Oct-2004 - Adam Back <adam@cypherspace.org>
* remove trailing ascii(32) (spaces) which padding somehow
leaves
hashcash-1.09 - 17-Sep-2004 - Adam Back <adam@cypherspace.org>
* fix missing space between resource name and width with -cv
reported by Panta Admin.
* apply cumulative patch of 3 patches from Jonathan Morton.
hashcash-1.08 - 12-Sep-2004 - Adam Back <adam@cypherspace.org>
* fix bug reported by Panta Admin <admin@panta-rhei.dyndns.org>
must have introduced in recent version where with pipe
prints stamp twice.
* attempt to work around MINGW problem with signals -- somehow
it is changing it's mind about whether the MMX core can run
from the first call to the 2nd call. But the test result
is cached so it is hard to see how this happens. Not clear
if this work-around will work as don't have a 486 to test
on. (Work around is make single gIsMMXpresent shared
between the two mmx cores, should at least result in signal
call being used fewer times (max 1 time). Also pass 1 to
longjmp.)
* give up entirely on conditional make. One Makefile, no
funky stuff. Prints info about what you need to do to
compile on your platform and goes ahead and compiles with
generic anyway. Make new gnu (generic) target for gcc, and
normal generic with no gcc specific flags.
hashcash-1.07 - 11-Sep-2004 - Adam Back <adam@cypherspace.org>
* patch from J H Wilson <jhw@ieee.org> to initialize a bunch
of variables (actually I had to back some of these out to
get to compile on non gnu compilers -- some of those
structure initializations are gnu extensions I think.)
* also J H Wilson one of patch changes was to avoid mmx
assembler code clobbering ebx register which is needed for
fPIC support.
* better randomness on windows using the CAPI rng
CryptGenRandom. Still compiles using MINGW ... whee!
* made a separate GNUmakefile for gnu make (it takes that one
first over Makefile) and a Makefile which is the same but no
ifdef stuff which confuses some other makes, and no gnu
specific compile options (for x86 anyway).
* add gettimeofday timer into entropy to improve randomness on
systems which do not have /dev/urandom, and are not windows
hashcash-1.06 - 10-Sep-2004 - Adam Back <adam@cypherspace.org>
* patch from Justin Guyett <justin@soze.net> to fix unsigned
error which would have made libfastmint do something odd if
no minter worked.
* Makefile changes to compile under MINGW (gnu for windows
portability layer which produces win32 exes). new target
mingw-exe
* #ifdefs to avoid locking on MINGW (seems no lock support!)
* #ifdefs to use longjmp instead of siglongjmp, signal instead
of sigaction on MINGW
* #ifdef to use chsize instead of ftruncate on MINGW
hashcash-1.05 - 08-Sep-2004 - Adam Back <adam@cypherspace.org>
* and another issue (last I promise!) with case comparison.
1.04 change was good; however flaw in 1.02 means 1.04 minted
stamps (resource not canonicalized to lowercase) can falsely
fail to verify with 1.02 - 1.00 as those versions presume
canonicalized stamp. So we go back to making -C have effect
on minting also. With no -C canonicalize to lowercase, with
-C use resource as-is.
* get rid of -W flag reserved for posix, use -M in it's place.
hashcash-1.04 - 07-Sep-2004 - Adam Back <adam@cypherspace.org>
* fixed issue with case comparisons -- presumed resources were
in lower case at minting -- better to just ignore case
during comparison. Then will accept stamps containing upper
case or mixed-case resource names.
* integrate fastmint_benchtest as -sv option to hashcash.
* introduce COPT as well as CFLAGS as optimization subset of
flags passed with CFLAGS to nested make -- suits RPM
hashcash-1.03 - 07-Sep-2004 - Adam Back <adam@cypherspace.org>
* remove TARGET_ARCH again, let's keep things simple. Just
use CFLAGS period.
* figured out what GENTOO ebuild is doing, changed ebuild file
* remove recursion from hashcash_fastmint
* start using TARGET_ARCH in Makefile, hope it's portable;
it's an attempt to be more GENTOO ebuild friendly
* Makefile change: when PACKAGE is defined build default
target, otherwise echo the target info as before
* removed a bunch of old code replaced by fastmint, got rid of
CHROMATIX define
* fix following errors reported by Atom Smasher <atom@suspicious.org>
* fix width measuring bug with v0 stamps
* fix resource read from stdin bug
* use GNU getopt source always -- getopt
on BSD behaves differently (the getopt source is
smart -- it comments itself out on machines with
GNU_LIBRARY so using it always is not a problem)
* bug: should send the time estimate to
stderr, and the stamp to stdout
* -z width flag not properly error checked
to enforce UTCTIME restrictions (only valid widths
6, 10 or 12 digits)
* update LICENSE to note you end up with some GNU GPL taint
from getopt on systems without POSIX getopt which probably
forces you to use GPL as I link against it. Unless someone
wants to re-write the getopt or can point me at a public
domain replacement. In particular this includes BSD and
MACH (OSX) and as before windows.
* apply patch from Jonathan Morton <chromi@chromatix.demon.co.uk>
with following fixes:
* fix bug in mmx assembler code exposed by integration
* add generic target in Makefile
* increase benchmark work factor to improve accuracy of
results (as not used at run-time)
* new hashcash_quickbench()
* changes to hashcash_quickbench() to give faster timing on
linux x86 which has low resolution clock() (1/100th sec vs
1usec on OSX). (It was taking ~ 0.6sec on linux x86, code
takes 0.1 sec now which is less noticeable)
* related to above studiously avoided calling hc_per_sec()
which invokes hashcash_quickbench() -- seems a shame to burn
1/10th sec in default mint creation path if user typically
doesn't care about the info about how long it took. Now you
have to give -s or -v to get speed info when minting.
* fix case sensitivity bug reported by Atom Smasher
<atom@suspicious.org>
* add CPL option back to LICENSE file
* add make targets for different processors
* remove 2nd call of hashcash_benchtest (supposed to call
hc_per_second which caches not hashcash_per_second)
* enable static selection of fastmint cores, disable run
time benchtest
* applied fastmint fix patch from Jonathan Morton
<chromi@chromatix.demon.co.uk> and re-enabled fastmint
(remove -DCHROMATIX in Makefile to disable)
hashcash-1.02 - 11-Aug-2004 - Adam Back <adam@cypherspace.org>
* minor documentation stuff (put back ref to sha1-hashcash in
hashcash.pod manpage)
* add back requests to LICENSE file
hashcash-1.01 - 08-Aug-2004 - Adam Back <adam@cypherspace.org>
* fold in patches from by Hubert Chan
<hubert@uhoreg.ca> and Justin Guyett <justin@soze.net> to
clean up some stuff and fix minor bugs.
* another couple of minor bug fixes.
hashcash-1.00 - 07-Aug-2004 - Adam Back <adam@cypherspace.org>
* increment version number, 1.x to reflect move to version 1
stamp format
* explicit bits field in token (helps people who want to
prevalidate header and parse, and who want to know what the
intended bits were vs how lucky the sender got); new stamp
size definition is min( counted_bits, explicit bits field )
* no : in resource field to make easier to parse eg with cut,
awk etc
* new extension field
* reclaimed -x to use for passing eXtension data (old -x no longer
available, use -X, which has string fixed to X-Hashcash)
* put /dev/urandom macro for MAC from
Jonathan Morton <chromi@chromatix.demon.co.uk> so we use
/dev/urandom on MAC
* copy in and adjust Makefile for Jonathan Morton's optimized
minter (need to integrate)
* copy in Jonathan Morton's COMPACT option (method B vs method A
from fips-180-1, uses less registers) for libsha1.c
* copy in next rev of minter breaks 4megahashes/sec barrier on
3.06Ghz P4 -- disabled at present until some stuff gets
fixed and we figure out rpm/deb package portability
* added back v0 read support (but still only generates v1)
* pr5: first attempt at integrating libfastmint (some bug in
my integration code, broken so far)
* (pr6: libfastmint integ still not working)
* pr6: made X-Hashcash header accepatance case insensitive
* pr7: also reject tokens with count_bits < claimed_bits
(as previous logic of setting bits = min( count_bits, claimed_bits)
necessary to avoid people getting lucky
* use clock() instead of wall time
* expand max stamp size out to cope with 10KB extension fields
* update man page and usage with v1 stuff
* and release as 1.00 ready for Hubert Chan <hubert@uhoreg.ca>
to package for the imminent debian release
hashcash-0.33 - 13-Apr-2004 - Adam Back <adam@cypherspace.org>
* allow wild card without @ sign if there is no @ sign in
pattern
New in 2.2.0:
MIME traversal now includes MIME container parts (e.g. multipart/*,
message/*), making them visible to banned rules. This version
preserves original zip archives for virus scanners if the archive
contains any zero-length members. New short types 'dll' and 'empty'
makes blocking recent viruses more flexible, including their
unsuccessful propagation attempts. It recognizes standard Unix
archives and unpacks Debian binary packages. The LDAP modules were
rewritten. The handling of double errors was improved. This version
supports mail size limits and Mail::ClamAV 0.12. A new AV entry
'check-jpeg' can test JPEG images for validity.
New in 2.1.2:
This release fixes (hard) blacklisting and whitelisting on static
lookup tables, which was failing to match any sender. The 'neutral'
sender notification, which was joining the Subject and the Message-ID
header fields in some situations, has been fixed. The signal and
error handling in code sections holding BDB locks is now more
thorough. A new %e macro is provided that evaluates to a best guess
of the originator IP address collected from the Received trace.
New in 2.1.1:
The default use of $banned_filename_re, which was lost in 2.1.0,
was added back. A fix was made for inappropriate log entry in SQL
whitelisting, complaining about unexpected wb field value. Missing
import of &ca was added to the amavisd-new-courier.patch. A default
directory is now provided with delivery method "bsmtp", if not
specified. The Mail::SpamAssassin::Plugin::Hashcash module is
pre-loaded with SA 3.0.0, and Mail::SpamAssassin::SpamCopURI with
URI::* is loaded for older SA versions. Small enhancements were
made to amavisd-nanny.
New in 2.1.0:
The use of BerkeleyDB is now optional. The configuration files were
cleaned up, and a small new amavisd-nanny utility that shows the
status of all child processes and checks for vanished or stale
processes was included. Two important bugfixes were made in the
ACL and SQL lookup code along with numerous other fixes and small
improvements. Users of 2.0 should upgrade to this release.
