2.014 2015/05/05
- Utils::CERT_create - work around problems with authorityInfoAccess, where
OpenSSL i2v does not create the same string as v2i expects
- Intercept - don't clone some specific extensions which make only sense with
the original certificate
2.013 2015/05/01
- assign severities to internal error handling and make sure that follow-up
errors like "configuration failed" or "certificate verify error" don't
replace more specific "hostname verification failed" when reporting in
sub errstr/$SSL_ERROR. see also RT#103423
- enhanced documentation thanks to Chase Whitener
https://github.com/noxxi/p5-io-socket-ssl/pull/26
Upstream changes:
0.19 Sun Feb 8 11:30:09 2015
- fixed issue with OO crc64, #101999
- remove Build.PL as it seems to have some issues with the XS support
0.20 Sun Feb 8 16:45:13 2015
- removed debug code
0.21 Sat Feb 21 13:18:25 2015
- new() throwing an error if an unsupported type is specified
Upstream changes:
2014-04-28 Gisle Aas <gisle@ActiveState.com>
Release 2.04
No change. I accidentally deleted the 2.03 dist from CPAN when trying
to clean up old Digest-MD5 dists.
* Noteworthy changes in release 4.5 (released 2015-04-29) [stable]
- Corrected an invalid memory access in octet string decoding.
Reported by Hanno Böck.
Upstream changes:
0.24 Sat Jan 10 00:45:34 MST 2015
- simplified shabits() routine (bitwise input buffering)
-- slightly less efficient but easier to understand
- minor documentation tweaks and additions
0.23 Sun Jan 4 05:36:30 MST 2015
- updated to reflect Draft FIPS 202
-- append domain separation bits to message
-- implement SHAKE128 and SHAKE256 Extendable-Output
Functions (XOFs)
The intention of zmsystemctl.pl is to use bin/pkexec to allow the apache user
to start and stop the ZoneMinder services on operating systems using systemd
and newer versions of Polkit than Pkgsrc currently has.
If the base OS doesn't use systemd (E.g. anything not Linux), this file
shouldn't be used anyway.
In Pkgsrc we ignore the potentially absent pkexec interpreter in this file.
If the base OS uses systemd, it probably also has pkexec in its base
installation.
Bump PKGREVISION.
service_identity aspires to give you all the tools you need for
verifying whether a certificate is valid for the intended purposes.
In the simplest case, this means host name verification. However,
service_identity implements RFC 6125 fully and plans to add other
relevant RFCs too.
py-bcrypt is a Python wrapper of OpenBSD's Blowfish password hashing code, as
described in "A Future-Adaptable Password Scheme" by Niels Provos and David
Mazieres.
This system hashes passwords using a version of Bruce Schneier's Blowfish block
cipher with modifications designed to raise the cost of off-line password
cracking and frustrate fast hardware implementation. The computation cost of the
algorithm is parametised, so it can be increased as computers get faster. The
intent is to make a compromise of a password database less likely to result in
an attacker gaining knowledge of the plaintext passwords (e.g. using John the
Ripper).
As of py-bcrypt-0.4, this module can also be used as a Key Derivation Function
(KDF) to turn a password and salt into a cryptographic key.
It operates the mozilla-rootcerts installer script in order to allow
managing the resulting output openssl certs with the package tools.
Since openssl does not support more than one directory of certificates
(sheesh) this is an abusive package - it installs directly into the
openssl certs directory even though this is a sysconfig directory that
should normally only be touched using the config files infrastructure.
And, for native openssl, it's in the root /etc outside of $PREFIX.
Nonetheless, having this package is better than not having it.
Probably at some point this and the mozilla-rootcerts package should
be folded together in some fashion; but I didn't want to do that up
front, and in particular I didn't want to muck with the installer
script in mozilla-rootcerts any more than necessary to make this
package possible. This in particular prevented e.g. installing the
certs in share/ and symlinking them into the certs directory.
As things are, if you already have the certs installed manually you
can install this package over them cleanly, and thenceforth not have
to update them by hand.
Noteworthy changes in version 0.9.1 (2015-03-18)
------------------------------------------------
* Fixed build problems for systems without ncurses.
* Reworked the option parser to allow building on systems without
getopt_long.
* Fixed Qt4 build problems.
Noteworthy changes in version 1.19 (2015-04-10) [C15/A15/R0]
-----------------------------------------------
* New set of error codes for use with LDAP.
* New options --help and --defines for gpg-error.
* Allow building with gcc 5.
* Interface changes relative to the 1.18 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
GPG_ERR_LDAP_* NEW.
* Avoid compilation error on tolower and char type.
Changelog:
2015-02-28 PuTTY 0.64 released, fixing a SECURITY HOLE
PuTTY 0.64, released today, fixes a security hole in 0.63 and before:
private-key-not-wiped-2. Also diffie-hellman-range-check has been argued
to be a security hole. In addition to these and other less critical bug
fixes, 0.64 also supports the major new feature of sharing an SSH connection
between multiple instances of PuTTY and its tools, and a command-line and
config option to specify the expected host key(s).
Numerous changes, documented at:
https://github.com/ZoneMinder/ZoneMinder/releases
Addresses two security advisories:
https://github.com/ZoneMinder/ZoneMinder/releases/tag/v1.28.0http://secunia.com/advisories/62918/
Pkgsrc changes:
patch-src_zm_signal_h is no longer necessary because zm_signal.h uses
HAVE_EXECINFO_H.
patch-src_zmf_cpp appears to be applied upstream.
patch-configure_ac no longer needs to set PATH_BUILD to
PREFIX/share/zoneminder, so that zmupdate.pl can locate the database build
scripts as installed files. Upstream has now implemented this via the
ZM_PATH_DATA entry in zm.conf, and adds a ZM_PATH_DATA/db subdirectory.
src/Makefile.am no longer setuid's zmfix, as zmfix was removed from
ZoneMinder 1.26.6.
The code now uses clock_gettime(), which on some systems (like Linux), calls
for -lrt. Since the build system isn't aware of this, but Pkgsrc is, just set
PTHREAD_AUTO_VARS=yes.
The PHP code now uses PDO for DB access, but it looks like there are some
straggling dependencies on the raw MySQL driver, so both are pulled in.
py-six and removed py-mock as dependencies for the tests option. Some
commits from the repo:
Enable coverage testing and require 100% coverage
Upgrade crypt_blowfish to 1.3
Removed usage of mock which wasn't really doing anything
