against recent openpam headers produce non functioning pam_ldap.so
on NetBSD 4.99.47(?) or more recent systems.
There's something really fishy in the headers...
Pkgsrc changes:
o Adapt patch-aa, still needed for non-hanging tests...
Upstream changes:
1.33 2008.10.21
- Fix open() calls (rt.cpan.org #40020)
- Fix non-shell problem (rt.cpan.org #39980)
- Allow full agent forwarding (rt.cpan.org #32190)
- Handle hashed known_hosts files (Greg Sabino Mullane, rt.cpan.org #25175)
1.32 2008.10.16
- Add IO::Handle to Perl.pm (rt.cpan.org #40057, #35985)
- Minor test cleanups.
1.31 2008.10.02
- New co-maintainer, Greg Sabino Mullane (TURNSTEP).
- Prevent t/03-packet.t from hanging due to high file descriptor.
(altblue at n0i.net, rt.cpan.org #6101)
- Skip some tests if Math::GMP not installed (e.g. from choosing only
protocol 2 in Makefile.PL) (Greg Sabino Mullane, reported in
rt.cpan.org #25152)
- If ENV{HOME} is not set, use getpwuid. If both fail and the dir
is needed, we croak. (Greg Sabino Mullane, expanded from patch
by dgehl at inverse.ca in rt.cpan.org #25174)
- Fix incorrect logical/bitwise AND mixup (Peter.Haydon at uk.fujitsu.com,
rt.cpan.org #31490)
- Allow empty stdin for SSH2 (rcp at rcable.co.uk, rt.cpan.org #32730)
- Adjust terminal dimensions dynamically if Term::ReadKey is available
(john at sackheads.org, rt.cpan.org #34874)
Authen::PluggableCaptcha is a fully modularized and extensible
system for making Pluggable Catpcha (Completely Automated Public
Turing Test to Tell Computers and Humans Apart) tests.
Pluggable? All Captcha objects are instantiated and interfaced via
the main module, and then manipulated to require various submodules
as plug-ins.
Authen::PluggableCaptcha borrows from the functionality in
Apache::Session::Flex.
* Version 2.6.2 (released 2008-11-12)
** libgnutls: Fix crash in X.509 validation code for self-signed certificates.
The patch to fix the security problem GNUTLS-SA-2008-3 introduced a
problem for certificate chains that contained just one self-signed
certificate. Reported by Michael Meskes <meskes@debian.org> in
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>.
** API and ABI modifications:
No changes since last version.
Changes since 0.0.14:
* epa-mail-encrypt now skips unusable keys.
* epa-file now uses canonical file names as keys for passphrase cache.
* Fixed a load-error of epa on XEmacs.
* epa-file bug fixes.
* Prepare auto-mode-alist to strip .gpg suffix when choosing major-modes.
* Don't signal an error when opening a nonexistent file via Tramp.
* epa-verify-region now decodes the plaintext with
coding-system-for-read or one saved as epa-coding-system-used.
* Version 2.6.1 (released 2008-11-10)
** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]
The flaw makes it possible for man in the middle attackers (i.e.,
active attackers) to assume any name and trick GNU TLS clients into
trusting that name. Thanks for report and analysis from Martin von
Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989]
Any updates with more details about this vulnerability will be added
to <http://www.gnu.org/software/gnutls/security.html>
** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits.
Reported by Kevin Quick <quick@sparq.org> in
<https://savannah.gnu.org/support/index.php?106454>.
** libgnutls-extra: Protect internal symbols with static.
Fixes problem when linking certtool statically. Tiny patch from Aaron
Ucko <ucko@ncbi.nlm.nih.gov>.
** libgnutls-openssl: Fix patch against X509_get_issuer_name.
It incorrectly returned the subject DN instead of issuer DN in v2.6.0.
Thanks to Thomas Viehmann <tv@beamnet.de> for report.
** certtool: Print a PKCS #8 key even if it is not encrypted.
** tests: Make tests compile when using internal libtasn1.
Patch by ludo@gnu.org (Ludovic Courtès).
** API and ABI modifications:
No changes since last version.
for all autoconf definitions that pollute namespace. Additionally,
I've prepared a distribution patch from FreeBSD ports which
fixes many memory leaks (see comment in patch).
PKGREVISION++
Eksblowfish is a variant of the Blowfish cipher, modified to make
the key setup very expensive. ("Eks" stands for "expensive key
schedule".) This doesn't make it significantly cryptographically
stronger, but is intended to hinder brute-force attacks. It also
makes it unsuitable for any application requiring key agility. It
was designed by Niels Provos and David Mazieres for password hashing
in OpenBSD. See Crypt::Eksblowfish::Bcrypt for the hash algorithm.
See Crypt::Eksblowfish::Blowfish for the unmodified Blowfish cipher.
Eksblowfish is a parameterised (family-keyed) cipher. It takes a
cost parameter that controls how expensive the key scheduling is.
It also takes a family key, known as the "salt". Cost and salt
parameters together define a cipher family. Within each family, a
key determines an encryption function in the usual way. See
Crypt::Eksblowfish::Family for a way to encapsulate an Eksblowfish
cipher family.
* gsasl: Don't use poll with POLLOUT to avoid busy-waiting.
* doc: Error codes are now extracted using official library APIs.
* doc: Included cyclomatic code complexity charts of the library code.
* tests: Add self test of obsolete base64 functions.
* Update gnulib files. Improves Windows compatibility.
Some highlights:
Bug #1680965 sans lookup fails -- Jordan Wiens
Fixed index.php redirect -- Kevin Johnson for Terry Burton
Added Worldmap feature -- Juergen Leising
Added Vendor MAC Map -- Juergen Leising
Increased memory limit from 50 to 128 MB in base_graph_common.php
Fixed "Select Signature from List" in the query form -- Juergen Leising
Newly generated coordinates file world_map6.txt. -- Juergen Leising
See docs/CHANGELOG for all the details
for IDN and inet6 support.
v.17 2008.10.13
- no code changes, publish v.16_3 as v.17 because it looks better
than v.16
- document win32 behavior regarding non-blocking and timeouts
v.16_3 2008.09.25
- fix t/nonblock.t with workaround for problems with
IO::Socket::INET on some systems (Mac,5.6.2) where it cannot do
nonblocking connect and leaves socket blocked.
- make some tests less verbose by fixing diag in t/testlib.t
(send output to STDOUT not STDERR and prefix with '#')
v.16_2 2008.09.24
- work around Bug in IO::Socket::INET6 on BSD systems
http://rt.cpan.org/Ticket/Display.html?id=39550
by setting Domain based on PeerAddr
Thanks to srezic for report and support
- remove tests of recv/send from t/core.t. Might badly interact
with SSL handshake and cause crashes as seen on OS X 10.4
v.16_1 2008.09.19
- better support for IPv6:
- IPv6 is enabled by default if IO::Socket::INET6 is available
- t/inet6.t for basic tests
--
pakchois is just another PKCS#11 wrapper library. pakchois aims to
provide a thin wrapper over the PKCS#11 interface.
The goals are:
1) to offer a modern* object-oriented C interface wrapper for PKCS#11.
2) to not hide or abstract away any details of the PKCS#11 interface
itself except where absolutely necessary.
3) to handle the details of loading DSOs
4) to allow the caller to avoid caring about where on the system
PKCS#11 modules might be stored, or exactly how they are named.
5) to avoid any dependency on a particular cryptography toolkit.
Existing PKCS#11 wrapper libraries solutions differ in at least one of
the above goals.
*: "modern" being a euphemism for not using process-global state,
having a sane symbol namespace, etc.
patch-ag and patch-ah fix void functions that attempt to return the result
of calling a void function.
patch-ai conditionally includes <sys/inttypes.h> to pick up uint32_t
is incorrect because:
1) _gcry_rngfips_deinit_external_test() is void function
2) the calling function, random, is declared void
The unpatched code will not compile with Sun compiler.
Seahorse is a GNOME front-end for GnuGP. It can be used for signing,
encrypting, verifying and decrypting text and files. The text can be
taken from the clipboard, or written directly in the little editor it
has. Seahorse is also a keymanager, which can be used to edit almost
all the properties of the keys stored in your keyrings.
This package contains various plugins for Seahorse.
tools moved to the new seahorse-plugins package.
seahorse 2.24.1
---------------
* Fix problems with seahorse crashing when searching for
remote keys. [Adam Schreiber]
* Build fixes on Solaris [Jeff Cai]
* Fix selection of keys in libcryptui. [Philip Withnall]
* I18n fixes. [Adam Schreiber]
seahorse 2.24.0
---------------
* Some tweaks to the password prompt window, including allowing
minimizing to release the keyboard grab.
* Fix compiler warnings for gcc 4.3.
* Return a 'cancelled' error when from the daemon crypto dbus
methods when a user cancels out of a password prompt.
* Show revoked subkeys properly in details view of PGP keys.
* Fix problem deleting SSH keys.
* Fix dialog prompt column widths, and elipsize long text in
key listing. [Adam Schreiber]
* Fix problem with 'no keys available' when trying to sign a
PGP key from within the key manager.
* Add 'exportable' flag to objects/keys and don't enable export
UI if selected objects are not exportable.
* Build fixes [Joe Orton, Adam Schreiber]
* Crash and other fixes. [Christian Persch]
seahorse 2.23.92
----------------
* Fix crash when changing a stored Gnome Keyring password.
* Fix certain crashes on syncing, searching and other operations.
* Fix dumb 'Couldn't import keys' error message when success.
seahorse 2.23.91
----------------
* Fix copying keys to the clipboard. [Adam Schreiber]
* Fix double free crash when importing keys.
* Fix crasher when deleting a key.
* Don't add extra null bytes to SSH authorized_keys and
similar files. [Adam Schreiber]
* Documentation fixes. [Adam Schreiber]
* Don't repeatedly load gnome-keyring items. [Adam Schreiber]
* Make help button in 'First Time Options' work proprely. [Adam Schreiber]
* Better wording for options in PGP key dialogs. [Adam Schreiber]
seahorse 2.23.90
----------------
* Icon makeover. [Michael Monreal]
seahorse 2.23.6
---------------
* Initial PKCS#11 certificate listing implementation.
* Internal code refactoring.
* Fix problems with reference counting on operations.
* Use base64 functions in glib, rather than rolling our own.
* Don't use deprecated LDAP functions. [Adam Schreiber]
* String operation fixes. [Adam Schreiber]
* Build fixes [Jeff Cai]
seahorse 2.23.5
---------------
* Fix importing keys from key servers [Mackenzie Morgan]
* Factor out seahorse-plugins to a different module.
* Add XDS drag and drop support.
* Remove gnome-vfs dependency and use gio instead.
* Return key id of signer from DBus service even when key
is not found locally [Adam Schreiber]
* Refactor UI code internally into modules.
* Remove hard GPG and GPGME dependency.
* Replace signer drop down in key chooser with just a check
button when only one secret key exists. [Adam Schreiber]
* Set sync button insensitive when no server is selected.
[Adam Schreiber]
* Test for secure memory before using it. [Coleman Kane]
* Change trust model used to match GPG's. [Adam Schreiber]
* Remove libgnome and libgnomeui dependencies. [Saleem Abdulrasool]
* Grab keyboard focus when prompting for password.
[Josselin Mouette]
* Use the vala programming language for some code.
* Add initial infrastructure for PKCS#11 key/certificate support.
* Save and load window sizes from gconf. [Adam Schreiber]
* Build fixes [Brian Cameron, Saleem Abdulrasool, Alexis Ballier,
Christian Persch, Rodrigo Moya]
ASN1-encoded files (DER, BER, PER, etc.) in Python. ASN1 is the Abstract
Syntax Notation version 1, as defined by the International Telecommunication
Union (ITU).
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.
The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
- Fix log file permission error, that could happen thought the user
Prelude-LML was running as could access the file (#291).
- ModSecurity ruleset update, by Dan Kopecek <dkopecek@redhat.com>:
provides much more descriptive classification.text, add regexps for
[file ..], [line ...], [tag ...] fields and fine tune targets/types
(#321).
- Deprecate Gamin/FAM support in favor of libev: the previous
implementation had problem on SELinux enabled system due to Gamin server
startup being triggered by other program, and thus using improper role
for Prelude-LML.
(#326).
- Improved polling architecture by using Operating System specific
backend when possible.
- We now monitor files that are not immediately available for reading on
startup: once the file can be monitored, libev provide us with a
notification.
- Fix an assertion warning upon sensor start in case the address
for the local machine could not be found.
- Consistency rework of EasyBindings IDMEFCriteria API.
- Add refcount support for prelude_client_t and
prelude_client_profile_t, and update EasyBindings destructor to use
them.
- Fix a bug where EasyBindings would be built although they were not
enabled.
- Fix path issue in case libprelude was configured with specific path
outside of $prefix (fix#319).
* libgnutls: Correct printing and parsing of IPv6 addresses.
* libgnutls-openssl: fix out of bounds access.
* certtool: Use inet_pton for parsing IPv6 addresses.
* Added API to replace and update the crypto backend.
* certtool: can add several subject alternative names via template file.
* opencdk: Parse (but not decrypt) encrypted secret keys.
* more...
* libwrap related fixes, better debugging messages, MS Visual C++ support
Changes 4.25:
* delay libwrap process spawning after dropping privs, other improvements
