Commit graph

5083 commits

Author SHA1 Message Date
hasso
8ebb4314af Added security/xml-security-c version 1.4.0 2009-05-10 12:30:25 +00:00
hasso
62327be05f XML Security is an C++ implementation of the W3C digital signature
specification that makes it possible for programmers to create and
validate signed XML documents.
2009-05-10 12:23:36 +00:00
adrianp
fe4a78da01 Add a patch from Debian that allows the dsniff tools to read from a pcap
file in addition to sniffing the wire directly.
2009-05-09 16:33:04 +00:00
hasso
d88c11c3aa Update to 0.6.16. Changes since 0.6.15:
* For ccid, etoken* drivers remove polling loop, review the force_poll
  configuration option, this reduces power consumption and CPU load.
* Fix some issues caused by newer udev version.
* Handle T1 abort better.
* Some build system fixes.
* Some minor fixes.
* Re-add api documentation (pre-generated), like we used to.
2009-05-08 08:55:56 +00:00
hasso
a71ec92b3d Update to 0.11.8. Fixes a security problem, for details see:
http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html

New in 0.11.8; 2009-05-07;
* Fix security problem in pkcs11-tool gen_keypair (PublicExponent 1)
* fix compiling without openssl.
* updated and improve entersafe driver. FTCOS/PK-01C cards are supported
  now, compatible with cards writen by Feitian's software on windows.
2009-05-08 07:02:36 +00:00
adrianp
7f477452b6 Not MAKE_JOBS_SAFE 2009-05-06 21:41:29 +00:00
zafer
d78c579beb remove backslash 2009-05-04 20:39:55 +00:00
zafer
0621da9737 Remove mirror rediris. It does not provide the distfile. 2009-05-04 17:19:31 +00:00
seb
f7e908e851 Update p5-Crypt-Eksblowfish from version 0.005 to version 0.007.
Pkgsrc changes:
- Adjust dependencies
- Whitespace fix in Makefile to placate pkglint

Upstream changes:
version 0.007; 2009-04-22

  * in XS code, use the correct "PREINIT:" instead of "INIT:" to introduce
    variable declarations

  * test Uklblowfish with long keys

version 0.006; 2009-04-21

  * in C::E::Family, new method "as_class" to work around Crypt::CBC
    brain damage

  * use simpler "parent" pragma in place of "base"

  * in documentation, use the term "truth value" instead of the less
    precise "boolean"

  * drop prototypes from method subs (where the prototypes have no effect)

  * in C::E::Family, abandon use of the "fields" module

  * add casts for pointer target signedness to avoid compiler warnings

  * use full stricture in Build.PL
2009-05-03 06:41:23 +00:00
tnn
6ca4d7852f Update to gnutls-2.6.6.
* Version 2.6.6 (released 2009-04-30)

libgnutls: Corrected double free on signature verification failure.
  Reported by Miroslav Kratochvil.  See the advisory
  for more details.  [GNUTLS-SA-2009-1] [CVE-2009-1415]

libgnutls: Fix DSA key generation.
  Noticed when investigating the previous GNUTLS-SA-2009-1 problem.  All
  DSA keys generated using GnuTLS 2.6.x are corrupt.  See the advisory
  for more details.  [GNUTLS-SA-2009-2] [CVE-2009-1416]

libgnutls: Check expiration/activation time on untrusted certificates.
  Reported by Romain Francoise.  Before the
  library did not check activation/expiration times on certificates, and
  was documented as not doing so.  We have realized that many
  applications that use libgnutls, including gnutls-cli, fail to perform
  proper checks.  Implementing similar logic in all applications leads
  to code duplication.  Hence, we decided to check whether the current
  time (as reported by the time function) is within the
  activation/expiration period of certificates when verifying untrusted
  certificates.

This changes the semantics of gnutls_x509_crt_list_verify, which in
turn is used by gnutls_certificate_verify_peers and
gnutls_certificate_verify_peers2.  We add two new
gnutls_certificate_status_t codes for reporting the new error
condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED.  We also
add a new gnutls_certificate_verify_flags flag,
GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
behaviour.

API and ABI modifications:
  gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.
  gnutls_certificate_verify_peers: Likewise.
  gnutls_certificate_verify_peers2: Likewise.
  GNUTLS_CERT_NOT_ACTIVATED: ADDED.
  GNUTLS_CERT_EXPIRED: ADDED.
  GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.
2009-05-02 20:04:32 +00:00
zafer
b897318e8f add sourceforge mirror 2009-05-01 14:43:29 +00:00
zafer
c55efcff7f remove dead mirror. 2009-05-01 14:28:45 +00:00
zafer
d1cf32c54e update mirrors and add a few more from the mirror list. 2009-05-01 14:27:34 +00:00
zafer
fd8c4eb4bf remove dead mirrors. 2009-05-01 14:01:50 +00:00
zafer
99074a7440 update mirrors. pull in a few more mirrors from the official mirror list. 2009-05-01 13:59:53 +00:00
zafer
553fc6954d remove non-working mirrors. 2009-05-01 13:51:41 +00:00
zafer
e62422950a replace non working mirrors with working ones. 2009-05-01 13:49:07 +00:00
zafer
6760dca118 remove dead mirror. 2009-05-01 13:45:28 +00:00
zafer
d0c25a056f update mirrors. 2009-05-01 13:39:31 +00:00
hasso
faf9dc9a8b Update to 1.5.3.
Changelog:
pcsc-lite-1.5.3: Ludovic Rousseau
- SCardEstablishContext(): check we do not reuse an already allocated
  hContext
  Thanks to Daniel Nobs for the bug report and patch
- pcsclite.h: add missing SCARD_E_* and SCARD_W_* return code. They are
  unused by pcsc-lite but defined on Windows
- reader.h: add PIN_PROPERTIES_STRUCTURE structure and
  FEATURE_IFD_PIN_PROPERTIES
  Thanks to Martin Paljak for the patch
- remove powermgt_macosx.c since it is using APSL version 1.1 instead of
  the BSD-like licence like the other files
  Thanks to Stanislav Brabec for the bug report
- avoid a possible crash due to a race condition
  Thanks to Matheus Ribeiro for the patch
- change default log level from PCSC_LOG_INFO to PCSC_LOG_ERROR to limit
  syslog pollution
- CardDisconnect(): call RFUnlockAllSharing() instead of
  RFUnlockSharing() to release all nested locks. The problem occurs if
  SCardBeginTransaction() are made without corresponding
  SCardEndTransaction().  OpenSC "pkcs11-tool -I" exhibits such a
  behavior.
  Thanks to Marc Rios Valles for the bug report
- some other minor improvements and bug corrections
2009-04-30 06:24:10 +00:00
agc
44406fb04a Add and enable netpgp 2009-04-29 04:55:29 +00:00
agc
b0903c297b Initial import of the "glorious 50" release of netpgp-20090428 into the
Packages Collection.

	The netpgp command can digitally sign files and verify that the
	signatures attached to files were signed by a given user identifier.
	netpgp can also encrypt files using the public or private keys of
	users and, in the same manner, decrypt files which were encrypted.

	The netpgp utility can also be used to generate a new key-pair for a
	user.  This key is in two parts, the public key (which can be used by
	other people) and a private key.

	In addition to these primary uses, the third way of using netpgp is to
	maintain keyrings.  Keyrings are collections of public keys belonging
	to other users.  By using other means of identification, it is
	possible to establish the bona fides of other users.  Once trust has
	been established, the public key of the other user will be signed.
	The other user's public key can be added to our keyring.  The other
	user will add our public key to their keyring.

This software is built on top of openpgpsdk 0.9.1, but provides a
higher-level interface, is autoconf-ed and libtool-ed, and has had
some significant bugs fixed.
2009-04-29 04:54:34 +00:00
tez
bf5c272d94 Add patches for CVE-2009-0846 & CVE-2009-0847
approved by agc
2009-04-21 18:58:17 +00:00
wiz
19105dd1b7 Update to 2.6.5. Update commented out LICENSE (needs two).
* Version 2.6.5 (released 2009-04-11)

** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to
specify the client hello message record version. Used to overcome buggy
TLS servers. Report by Martin von Gagern.

** GnuTLS no longer uses the libtasn1-config script to find libtasn1.
Libtasn1 0.3.4 or later is required.  This is to align with the
upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script.

** API and ABI modifications:
No changes since last version.
2009-04-20 13:11:57 +00:00
wiz
3e0c3106d2 Update to 2.1:
Version 2.1 (released 2009-04-17)
- Fix compilation failure on platforms that can't generate empty archives,
  e.g., Mac OS X.  Reported by David Reiser <dbreiser@gmail.com>.

Version 2.0 (released 2009-04-13)
- Optimized tree generation.
- ASN1 parser code re-generated using Bison 2.4.1.
- Build with more warning flags.  Many compiler warnings fixed.
- Compiled with -fvisibility=hidden by default if supported.
  See http://gcc.gnu.org/wiki/Visibility
- The libtasn1-config tool has been removed.
  For application developers, please stop using libtasn1-config for
  finding libtasn1, use proper autoconf checks or pkg-config instead.
  For users that need a libtasn1 that provides a libtasn1-config
  script (for use with older applications), use libtasn1 v1.x instead.
  Version 1.x is still supported.
2009-04-20 12:48:48 +00:00
drochner
1404b26fd3 update to 2.26.1
changes:
-DBus now automatically starts the gnome-keyring service properly
-Initialize daemon with LOGNAME and USERNAME environment variables
-Add DBus method for getting the gnome-keyring environment variables
-misc fixes
2009-04-16 19:35:29 +00:00
tnn
7eab86532c the external rsaref option was dropped from securirty/openssl over
4 years ago; remove support from the bl3.mk as well.
2009-04-16 14:05:38 +00:00
tnn
021b4615a9 NetBSD/sparc64 build fix. Reported and fix tested by Michael C. Vergallen. 2009-04-16 09:50:37 +00:00
sno
81612b2728 PkgSrc changes:
- updating package to 1.24

Upstream changes:
v1.24 2009.04.01
- add verify hostname scheme ftp, same as http
- renew test certificates again (root CA expired, now valid for 10 years)
2009-04-12 00:40:08 +00:00
sno
dfca1e1ce5 PkgSrc changes:
- removed packages p5-IO-Compress-Base, p5-IO-Compress-Zlib,
    p5-IO-Compress-Bzip2 and p5-Compress-Zlib because they are
    merged into p5-IO-Compress
  - Updated dependend packages to depend on p5-IO-Compress
    and bump PKGREVISION

Upstream changes:
  2.017 30 March 2009

      * Merged IO-Compress-Base, IO-Compress-Bzip2, IO-Compress-Zlib &
        Compress-Zlib into IO-Compress.
      * The interface to Compress-Raw-Zlib now uses the new LimitOutput
        feature. This will make all of the zlib-related IO-Compress modules
        less greedy in their memory consumption.
      * Removed MAN3PODS from Makefile.PL
      * A few changes to get the test harness to work on VMS courtesy of
        Craig. A. Berry.
      * IO::Compress::Base & IO::Uncompress::Base
        Downgraded some croaks in the constructors to just set $! (by letting
        the code attempt to open a file and fail).
        This makes the behavior more consistent to a standard open.
        [RT #42657]
      * IO::Uncompress::Base
        Doing a seek with MultiStream could drop some of the uncompressed
        data. Fixed.
      * IO::Compress::Zip
        - Fixed problem with the uncompressed & uncompressed fields when
          zip64 is enabled. They were set to 0x0000FFFF instead of
          0xFFFFFFFF. Also the ZIP64 extra field was 4 bytes short.
          Problem spotted by Dino Chiesa.
      * IO::Uncompress::Unzip
        - use POSIX::mktime instead of Time::Local::timelocal to convert
          the zip DOS time field into Unix time.
      * Compress::Zlib
        - Documented Compress::Zlib::zlib_version()
2009-04-11 23:15:19 +00:00
manu
9224e8ae67 Upgrade to lasso-2.2.2:
From distribution NEWS file:
Many fixes and improvements to the ID-WSF 1 support, new API to load SSL keys
off memory, documentation for ID-WSF methods, general robustness and memory
leak fixes.
2009-04-09 03:23:55 +00:00
joerg
368d71b62e Remove redundant NO_CHECKSUM and EXTRACT_ONLY definitions. 2009-04-09 00:48:06 +00:00
joerg
135d18bea7 Use META_PACKAGE 2009-04-08 23:27:51 +00:00
schmonz
8d44c5b6fa Update to 0.95. From the changelog:
- Added a "lookaside" mode to cvm-qmail, to assist with proper chaining
    to cvm-vmailmgr or other modules.
- Fixed failure in cvm-qmail when virtualdomains did not exist.
- Fixed client.h symlink to point to v2client.h to match the library.
- Fixed cvm-vmailmgr to fail with OUTOFSCOPE=1 when the virtual password
    table file does not exist, instead of failing with an I/O error.
    This should improve its ability to chain with other modules.
- Added cvm-sqlite from Wayne Marshall
2009-04-07 03:04:25 +00:00
tnn
ce257462cd Update to openssl-0.9.8k.
Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
*) Don't set val to NULL when freeing up structures, it is freed up by
   underlying code. If sizeof(void *) > sizeof(long) this can result in
   zeroing past the valid field. (CVE-2009-0789)
*) Fix bug where return value of CMS_SignerInfo_verify_content() was not
   checked correctly. This would allow some invalid signed attributes to
   appear to verify correctly. (CVE-2009-0591)
*) Reject UniversalString and BMPString types with invalid lengths. This
   prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
   a legal length. (CVE-2009-0590)
*) Set S/MIME signing as the default purpose rather than setting it
   unconditionally. This allows applications to override it at the store
   level.
*) Permit restricted recursion of ASN1 strings. This is needed in practice
   to handle some structures.
*) Improve efficiency of mem_gets: don't search whole buffer each time
   for a '\n'
*) New -hex option for openssl rand.
*) Print out UTF8String and NumericString when parsing ASN1.
*) Support NumericString type for name components.
*) Allow CC in the environment to override the automatically chosen
   compiler. Note that nothing is done to ensure flags work with the
   chosen compiler.
2009-04-05 15:50:17 +00:00
dsainty
2233fd895c Work around the problem that BUILDLINK_LDADD.dl is not initialised by
mk/dlopen.buildlink3.mk until very late in the proceedings.  Fixes build on
Linux.  No PKGREVISION bump required, no functional change on platforms where
the build completed.

Addresses PR pkg/41080.

Ok'd by wiz@
2009-03-30 14:14:19 +00:00
jmmv
b44b025a2e Make the installation path of doc files consistent with all other instalations
in Darwin and also register the installed header file.
2009-03-23 13:16:13 +00:00
wiz
b1076bb765 Remove msgfmtstrip scripts and targets using them, now that the
infrastructure supports this properly (thanks joerg!).
2009-03-22 19:01:37 +00:00
snj
348194d7b9 Add two missing @dirrm entries to PLIST. Welcome to nb1. 2009-03-22 14:45:19 +00:00
joerg
2d1ba244e9 Simply and speed up buildlink3.mk files and processing.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
2009-03-20 19:23:50 +00:00
joerg
0d0e90a320 Include pyversion.mk include the protected part of the buildlink3.mk
files, not over and over again.
2009-03-20 17:30:09 +00:00
joerg
54c7445ecd Fix name of include guard to match package name. 2009-03-19 15:31:42 +00:00
drochner
1c6899025e needs libSM 2009-03-19 12:14:01 +00:00
jmcneill
ea4f69e5ff to netbsd-desktop 2009-03-18 13:30:45 +00:00
darcy
57ded33aec Correct email address for generic MAINTAINER. 2009-03-17 21:40:44 +00:00
jmcneill
272e3af7ab Update seahorse-plugins to 2.26.0.
seahorse-plugins 2.26.0
-----------------------

    (no changes)

seahorse-plugins 2.25.92
------------------------

    * Connect the uninit function to gtk_quit signal [Adam Schreiber]
    *  Only use 16 characters when generating a key identifier for notifications. [Stef Walter]
    * Fix reference counting to close windows properly [Adam Schreiber]
    * Fix exiting of gedit plugin [Paolo Borelli and Jesse van den Kieboom]
    * Don't print replacement text to stderr. [Adam Schreiber]
    * Remove deprecated GTK+ symbols [Adam Schreiber]
    * Removed unused screenshots [Adam Schreiber]
    * Update epiphany version checking automagic [Christian Persch]

    Translations
    * it.po [Milo Casagrande]
    * pl.po [Tomasz Dominikowski]
    * vi.po [Clytie Siddall]
    * zh_HK.po [Chao-Hsiung Liao]
    * zh_TW.po [Chao-Hsiung Liao]

seahorse-plugins 2.25.90
------------------------

    * Don't prompt for signer if only one private key [Adam Schreiber]
    * Bring name of preferences window into alignment with desktop file and
    documentation [Adam Schreiber]
    * Finish removing libgnome calls [Adam Schreiber]
    * Fix display of error meassages [Adam Schreiber]

    Translations
    * ko.po: [Changwoo Ryu]
    * bn_IN.po: [Runa Bhattacharjee]

seahorse-plugins 2.25.3
-----------------------

    * remove calls that pull in libgnomeui [Adam Schreiber]
    * HIG Fixes [Christian Persch]
    * Make epiphany plugin work again [Adam Schreiber]


seahorse-plugins 2.25.1
-----------------------

    * remove last of gnome-vfs. [Stef Walters]
2009-03-17 16:39:12 +00:00
tnn
98190c9b0c Fix build failure due to 64-bit time_t. 2009-03-17 13:52:08 +00:00
hasso
0b0f6ba1c4 Update to version 1.4.15. Many small fixes and new ATRs in the list. See
Changelog in the source tarball for full commit log.
2009-03-16 19:14:08 +00:00
hasso
f52840e6d8 Update to version 1.4.7. Upstream changes:
* Card/Card.pm: type: prefered -> preferred
* Card/Card.pm: update copyright date
* Card/Card.pm: typo: prefered -> preferred
* Card/Card.pod: typos
* README: release 1.4.7
* MANIFEST: remove removed files (merged)
* Makefile_OSX.PL, Makefile_win.PL: merged in Makefile.PL
* README, README.OSX, README.Unix, README.Windows: merge all README.* in README
* Makefile.PL: merge Makefile_win.PL and Makefile_OSX.PL
* PCSC.pod: typos
* PCSC.pod: typo
* PCSC.pm: version 0.05
* PCSC.pod, PCSCperl.h: update copyright date
* PCSCperl.h: reorder the .h inclusion to have a default for Unix system
2009-03-16 14:55:59 +00:00
hasso
fc8b59be3f Update to version 1.3.10. Upstream changes:
1.3.10:
    - add support for MSI StarReader SMART, Noname reader (from
      Omnikey), Xiring Xi Sign PKI, Realtek 43 in 1 + Sim + Smart Card
      Reader, Atmel AT98SC032CT, Aktiv Rutoken Magistra, TianYu CCID
      SmartKey, Precise Biometrics 200 MC and 250 MC
    - add a patch to support the bogus OpenPGP card (on board key
      generation sometimes timed out)
    - disable support of the contactless part of SDI010 and SCR331DI
      (this code was reverse engineered and hard to maintain)
    - some minor bugs removed

1.3.9:
    - add support for Aladdin eToken PRO USB 72K Java, Cherry
      SmartTerminal ST-1200USB, Atmel AT91SO, SpringCard Prox'N'Roll,
      CSB6 Basic, EasyFinger Ultimate, CSB6 Ultimate, EasyFinger
      Standard, CrazyWriter, CSB6 Secure, KONA USB SmartCard, HP MFP
      Smart Card Reader, ACS ACR122U PICC, Gemalto PDT, VMware Virtual
      USB CCID
    - MacOSX/configure: do not overwrite PCSC_CFLAGS, PCSC_LIBS,
      LIBUSB_CFLAGS and LIBUSB_LIBS if already defined by the user
    - by default, link statically against libusb on Mac OS X
    - IFDHPowerICC(): use a very long timeout for PowerUp since the card
      can be very slow to send the full ATR (up to 30 seconds at 4 MHz)
    - SecurePINVerify(): correct a bug when using a Case 1 APDU and a
      SCM SPR532 reader
    - log the reader name instead of just the pcscd Lun
    - some minor bugs removed
2009-03-16 14:10:47 +00:00
hasso
1a55d75c12 Update to version 1.5.2. Upstream changes:
pcsc-lite-1.5.2:
- SCardGetStatusChange(): return if the state of the reader changed
  since the previous call. Thanks to Thomas Harning for the patch
- SCardCancel() no works as expected. It got broken in version 1.5.0.
  Closes: [#311342] SCardCancel does not cancel an outstanding
  SCardGetStatusChange
- log TxBuffer and RxBuffer if the SCardControl() command failed.
  Closes: [#311376] PCSC_LOG_VERBOSE via -dd; print details of "Card not
  transacted"
- add a mutex to avoid a race condition
  Closes: [#311377] Race condition in SCardBeginTransaction
- SCardGetStatusChange() may not return if the reader was removed.
- some other minor improvements and bug corrections


pcsc-lite-1.5.1:
- Extended APDU of more than 2048 bytes were corrupted. The problem was
  introduced in version 1.3.3 (2 years ago) by making the code compile
  with Sun Studio 11.
  Thanks to Eric Mounier for the patch
- some other minor improvements and bug corrections


pcsc-lite-1.5.0:
- correctly handle up to PCSCLITE_MAX_READERS_CONTEXTS readers (instead
  of PCSCLITE_MAX_READERS_CONTEXTS-1)
- SCardGetStatusChange()
  . now returns SCARD_E_TIMEOUT instead of SCARD_S_SUCCESS if dwTimeout
    == 0 (conform to Windows XP)
  . add support of reader name \\?PnP?\Notification to detect reader
    insertion/removal (conform to Windows XP)
  . if a reader disappear also set SCARD_STATE_UNAVAILABLE in
    dwEventState (more conform to Windows XP)
- SCardStatus(): add support of SCARD_AUTOALLOCATE for pcchReaderLen and
  pcbAtrLen
- SCardGetStatusChange() now uses asynchronous events instead of polling
- more and/or better Doxygen documentation
- SCardTransmit(): correctly pass the pioRecvPci parameter
- SCardConnect() and SCardReconnect(): correct a bug when two
  applications were calling SCardConnect() or SCardReconnect() at the
  exact same time
- pcscd logs the command name sent by the application (when in debug mode)
- some other minor improvements and bug corrections
2009-03-16 14:08:33 +00:00
jmcneill
f5dfbd24ec Update seahorse to 2.26.0.
pkgsrc changes:

    * add net/avahi dependency to enable key sharing support

Changes between 2.24.0 and 2.26.0:
==================================

    * Searching by key identifiers now shows results.
    * Disable interactive tree search in key manager.
    * Add libcryptui documentation.
    * Remove use of GTK+ deprecated symbols.
    * Allow creation and deletion of keyrings from main GUI.
    * Only autostart seahorse-daemon when key sharing is enabled.
    * seahorse-daemon registers with session manager properly.
    * Remove bits of libcryptui	that are now handled by the gcr library
      from gnome-keyring.
    * Tons of other fixes and changes.
2009-03-15 18:32:43 +00:00
jmcneill
c3e1066185 Update gnome-keyring to 2.26.0.
Changes between 2.24.0 and 2.26.0:
==================================

    * Refactor PKI code to make it modular, loosely coupled and easier
      to hack and test.
    * Add standard widgets for display of certificates.
    * If login keyring doesn't exist when changing a PAM password,
      don't create it automatically.
    * Overhaul the secure memory allocator to have memory guards,
      be valgrind compatible, and also be sparing with secure memory.
    * When importing keys, prompt to initialize new PKCS#11 tokens.
    * Fix export of RSA keys to be more interoperable.
    * Make the gp11 library multi-thread safe.
    * Rework initialization of daemon, and the way that it
      integrates with the new session manager.
    * Close open file descriptors before starting daemon from PAM.
    * Don't leave keyring daemon running if PAM just started it
      for a password change.
    * Register environment variables with session properly.
    * Remove usage of deprecated glib/gtk stuff.
    * Hundreds of other smaller changes and fixes.
2009-03-15 18:14:24 +00:00
adrianp
d8952f2109 Update to 2.5.9
* Fixed PDF XSS issue where a non-GET request for a PDF file would crash the
   Apache httpd process.  Discovered by Steve Grubb at Red Hat.

 * Removed an invalid "Internal error: Issuing "%s" for unspecified error."
   message that was logged when denying with nolog/noauditlog set and
   causing the request to be audited.

 * Fixed parsing multipart content with a missing part header name which
   would crash Apache.  Discovered by "Internet Security Auditors"
   (isecauditors.com).

 * Added ability to specify the config script directly using --with-apr
   and --with-apu.

 * Updated copyright year to 2009.

 * Added macro expansion for append/prepend action.

 * Fixed race condition in concurrent updates of persistent counters.  Updates
   are now atomic.

 * Cleaned up build, adding an option for verbose configure output and making
   the mlogc build more portable.
2009-03-14 13:45:38 +00:00
abs
19324eaea7 Ensure various directories and a file are created in /var so the package
can work - bump pkgrevision
2009-03-12 22:25:30 +00:00
wiz
78b7af7df5 Use mk/omf-scrollkeeper.mk instead of textproc/rarian/omf.mk. 2009-03-08 15:56:43 +00:00
jnemeth
867712b413 add and enable lasso and py-lasso 2009-03-07 02:17:08 +00:00
hasso
c70d8939e6 Added security/libp11 version 0.2.4
Added security/engine_pkcs11 version 0.1.5
2009-03-05 20:37:25 +00:00
hasso
0bfe3d7430 Engine_pkcs11 is a PKCS#11 engine for OpenSSL. It can be loaded using code,
config file or command line and will pass any function call by openssl to a
PKCS#11 module.

Engine_pkcs11 is meant to be used with smart cards and software for using
smart cards in PKCS#11 format, such as OpenSC. Originaly this engine was a
part of OpenSC, until OpenSC was split into several small projects for
improved flexibility.
2009-03-05 20:30:52 +00:00
hasso
01e775f711 Libp11 is a library implementing a small layer on top of PKCS#11 API to make
using PKCS#11 implementations easier.
2009-03-05 20:28:24 +00:00
joerg
25a80fb4ab Remove PYBINMODULE. All it did was mark some packages as not available
on some platforms that lacked shared library support in the past. The
list hasn't been maintained at all and the gain is very limited, so just
get rid of it.
2009-03-05 18:51:26 +00:00
joerg
bf590eb712 Always kill --as-needed, it is known to break Solaris as well and has
created various interesting issues on other platforms as well.
From PR 40016.
2009-03-05 14:17:46 +00:00
wiz
2347d10ac1 Pick up maintainership. 2009-03-05 10:46:23 +00:00
ahoka
e3e6b13ee0 Add MESSAGE for giving instructions about single sign on. 2009-03-04 19:25:56 +00:00
manu
9f05418770 Add missing version in package names 2009-03-03 10:53:15 +00:00
manu
2082de4599 Missing library for dependencies 2009-03-02 21:08:34 +00:00
manu
e1232165cb Lasso is a free software C library aiming to implement the Liberty
Alliance standards: ID-FF, ID-WSF and SAML. It defines processes for
federated identities, single sign-on and related protocols. Lasso is
built on top of libxml2, XMLSec and OpenSSL and is GPL licensed.

This package provides python bindings for Lasso.
2009-03-02 16:46:26 +00:00
manu
edd18f0b63 Lasso is a free software C library aiming to implement the Liberty
Alliance standards: ID-FF, ID-WSF and SAML. It defines processes for
federated identities, single sign-on and related protocols. Lasso is
built on top of libxml2, XMLSec and OpenSSL and is GPL licensed.
2009-03-02 16:46:01 +00:00
manu
cfaad96f3d Buildlink support. 2009-03-02 16:44:29 +00:00
wiz
d3c0ff12c6 Update to 1.1, changes undocumented. 2009-03-01 15:02:02 +00:00
wiz
58a3420586 Bump PKGREVISION for libevent ABI bump. 2009-02-27 22:53:46 +00:00
drochner
79c32a06f6 add a patch from upstream to fix buffer oberflow in ARC2 code
(CVE-2009-0544), bump PKGREVISION
2009-02-27 12:46:54 +00:00
hasso
7626be6b1d Update to 0.11.7. Changes from 0.11.6:
* hide_empty_slots now on by default.
* pinpad supported fixed for Mac OS X.
* ruToken driver was updated.
* openct virtual readers reduced to 2 by default.
* link with iconv on Mac OS X for i18n support.
* Security issue: Fix private data support. [CVE-2009-0368]
* Enable lock_login by default.
* Disable allow_soft_keygen by default.
2009-02-27 07:35:30 +00:00
plunky
0f5f03e2ed add
fprint-demo
	libfprint
	pam-fprint

for using a finger print reader
2009-02-26 21:59:21 +00:00
plunky
c787d29a6c Simple GTK+ application to demonstrate libfprint's capabilities 2009-02-26 21:52:54 +00:00
plunky
a6dfbfac2a This is a simple PAM module which uses the fingerprint processing and
verification from libfprint for authentication instead of asking for
a password.
2009-02-26 21:52:00 +00:00
plunky
84a3e10fc4 libfprint is an open source software library designed to make it easy for
application developers to add support for consumer fingerprint readers to
their software.
2009-02-26 21:51:06 +00:00
hasso
805195b8cc + openct, opensc, opensc-signer 2009-02-26 11:06:55 +00:00
hasso
46698f3f26 Opensc signer plugin for Mozilla apps. 2009-02-26 10:51:02 +00:00
hasso
ba79afa667 OpenSC provides a set of libraries and utilities to access smart cards.
Its main focus is on cards that support cryptographic operations, and
facilitate their use in security applications such as mail encryption,
authentication, and digital signature. OpenSC implements the PKCS#11 API
so applications supporting this API such as Mozilla Firefox and Thunderbird
can use it. OpenSC implements the PKCS#15 standard and aims to be compatible
with every software that does so, too.
2009-02-26 10:50:05 +00:00
hasso
b8cae3d9a7 Drivers for several smart card readers. OpenCT comes as driver in ifdhandler
format for PC/SC-Lite, as CT-API driver, or as a small and lean middleware,
so applications can use it with minimal overhead. OpenCT also has a primitive
mechanism to export smart card readers to remote machines via TCP/IP.
2009-02-26 10:07:49 +00:00
sno
336c284e13 pkgsrc Changes:
Update dependency to security/p5-Net-SSLeay to 1.33 as notes in modules
META.yml

Upstream Changes:

v1.23 2009.02.23
- if neither SSL_ca_file nor SSL_ca_path are known (e.g not given and the
  default values have no existing file|path) disable checking of
  certificates, but carp about the problem
- new test certificates, the old ones expired and caused tests to fail
2009-02-25 20:33:12 +00:00
roy
e57abfce36 Add patches so that the home/end keys work on BSD servers as well as Linux 2009-02-25 18:08:01 +00:00
wiz
ae61ba2196 Drop maintainership. 2009-02-24 16:15:22 +00:00
adrianp
ee4afd012c Typo 2009-02-23 22:01:11 +00:00
wiz
6e26187f43 Update to 2.30:
Changes undocumented.
2009-02-22 16:09:33 +00:00
wiz
32fb3767be Update to 0.12:
0.12
Made Cyrus.xs more compatible with Perl API by changing function calls
like Perl_warn() to just warn(), and defining PERL_NO_GET_CONTEXT.
Made SASL properties which take an IP address and load it into the SASL
library more robust by determining if the passed address is in
"struct sockaddr" format or in "IP1.IP2.IP3.IP4;PORT" format.
Fixed passing of "function + params" as a callback.

0.11
Fixed t/callback.t to NOT try connecting to the LDAP server
on localhost since that, well, doesn't work at Pause.

0.10
Added better callback management, Perl memory management,
and three test scripts, as written by Ulrich Pfeifer.

0.09
Changed securesocket GLOB, as suggested by Marius Tomaschewski.
Extended SASL2 support.

0.08
Changed the "code" routine to return the result code of the
last SASL library call. This allows differentiation of the
result of the client_step returning a zero byte string vs.
it saying authentication is complete.
2009-02-22 16:06:38 +00:00
he
c146982c0e Update from version 1.33 to 1.34.
Pkgsrc changes:
 o Adjust dependencies according to module requirements (added p5-Crypt-IDEA)

Upstream changes:

1.34 2009.02.01

    - Rekey properly after 1 GB of data (rt.cpan.org #25044). Patch by
      Peter Oliver.
    - Don't try to process nonexistent or empty auth file (rt.cpan.org #41877).
    - Fix typo in croak message (rt.cpan.org #42056), thanks to
      jamie at audible.transient.net.
    - Move 'use base' call after Crypt module loading, per suggestion
      (rt.cpan.org #42051).
    - Only apply stdin if defined in SSH1 - John Payne (rt.cpan.org #42583)
2009-02-22 15:59:05 +00:00
wiz
44e0d982ae Update to 1.22:
v1.22 2009.01.24
- Net::SSLeay stores verify callbacks inside hash and never clears them, so
  set verify callback to NULL in destroy of context

v1.21 2009.01.22
- auto verification of name in certificate created circular reference between
  SSL and CTX object with the verify_callback, which caused the objects to be
  destroyed only at program end. Fix it be no longer access $self from inside
  the callback.
  Thanks to odenbach[AT]uni-paderborn[DOT]de for reporting

v1.20 2009.01.15
- only changes on test suite to make it ready for win32
  (tested with strawberry perl 5.8.8)
2009-02-21 14:02:08 +00:00
wiz
212cbcbac7 Update to 2.6.4:
* Version 2.6.4 (released 2009-02-06)

** libgnutls: Accept chains where intermediary certs are trusted.
Before GnuTLS needed to validate the entire chain back to a
self-signed certificate.  GnuTLS will now stop looking when it has
found an intermediary trusted certificate.  The new behaviour is
useful when chains, for example, contains a top-level CA, an
intermediary CA signed using RSA-MD5, and an end-entity certificate.
To avoid chain validation errors due to the RSA-MD5 cert, you can
explicitly add the intermediary RSA-MD5 cert to your trusted certs.
The signature on trusted certificates are not checked, so the chain
has a chance to validate correctly.  Reported by "Douglas E. Engert"
<deengert@anl.gov> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

** libgnutls: result_size in gnutls_hex_encode now holds
the size of the result. Report by John Brooks <special@dereferenced.net>.

** libgnutls: gnutls_handshake when sending client hello during a
rehandshake, will not offer a version number larger than the current.
Reported by Tristan Hill <stan@saticed.me.uk>.

** libgnutls: Permit V1 Certificate Authorities properly.
Before they were mistakenly rejected even though
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied.  Reported by
"Douglas E. Engert" <deengert@anl.gov> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.

** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
This is a bugfix -- the previous attempt to do this from internal x509
certificate verification procedures did not return the correct value
for certificates using a weak hash.  Reported by Daniel Kahn Gillmor
<dkg@fifthhorseman.net> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn
Gillmor <dkg@fifthhorseman.net>.

** libgnutls: Fix compile error with Sun CC.
Reported by Jeff Cai <jeff.cai@sun.com> in
<https://savannah.gnu.org/support/?106549>.
2009-02-21 13:45:31 +00:00
adrianp
97e08aa14b Some initial work on getting this going on OpenSolaris
It's currently still broken but this is a (small) start
2009-02-21 00:06:52 +00:00
adrianp
62dc1a63e1 +php-suhosin 2009-02-17 23:17:08 +00:00
adrianp
0f8ce7903d Suhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in two independent parts, that can be used separately or in combination. The first part is a small patch against the PHP core, that implements a few low-level protections against bufferoverflows or format string vulnerabilities and the second part is a powerful PHP extension that implements all the other protections. 2009-02-17 23:16:14 +00:00
joerg
f2f2af60fe Retire gpgme03. 2009-02-17 13:17:10 +00:00
joerg
1f9d754f97 Reset maintainer, mail bounced 2009-02-17 13:02:20 +00:00
joerg
1d5cc86ec3 DESTDIR support 2009-02-16 18:44:40 +00:00
joerg
d75498d8da Fix DESTDIR installation. 2009-02-16 16:42:38 +00:00
tonnerre
35c1f0a284 +pam-mkhomedir 2009-02-15 20:33:49 +00:00
tonnerre
e45d0a42d1 Initial import of the mkhomedir PAM module.
The pam_mkhomedir module provides the means for automatic creation of
home directories upon login, if necessary. Key Benefits are:

 * Uses the Pluggable Authentication Module API defined in OSF DCE RFC 86.0.
 * Removes the need to pre-create user home directories.

The software is distributed under the terms of the 2.5-clause BSD license.
2009-02-15 20:16:08 +00:00
tonnerre
8f5ceece1e Initial import of the mkhomedir PAM module.
The pam_mkhomedir module provides the means for automatic creation of
home directories upon login, if necessary. Key Benefits are:

 * Uses the Pluggable Authentication Module API defined in OSF DCE RFC 86.0.
 * Removes the need to pre-create user home directories.

The software is distributed under the terms of the 2.5-clause BSD license.
2009-02-15 14:08:53 +00:00