Commit graph

5083 commits

Author SHA1 Message Date
tonnerre
3042c9c631 Initial import of the mkhomedir PAM module.
The pam_mkhomedir module provides the means for automatic creation of
home directories upon login, if necessary. Key Benefits are:

 * Uses the Pluggable Authentication Module API defined in OSF DCE RFC 86.0.
 * Removes the need to pre-create user home directories.

The software is distributed under the terms of the 2.5-clause BSD license.
2009-02-15 13:21:52 +00:00
taca
73de9ffc0e Enable DESTDIR support and sort PLIST.
(No other functional change.)
2009-02-15 03:27:56 +00:00
tonnerre
1d871bb1f4 The LDAP feature of sudo now also needs the SASL libraries to compile. 2009-02-14 19:30:33 +00:00
joerg
19df0f2ffa Supports DESTDIR. 2009-02-12 17:33:51 +00:00
joerg
3abd2d8fbf Don't use text relocations, link against shared libcrypto.
DESTDIR support. Simplify. Bump revision.
2009-02-11 23:25:59 +00:00
abs
7303ba167b Updated security/msudir to 0.15
move to code.google
PKG_DESTDIR_SUPPORT=    destdir
2009-02-11 23:19:01 +00:00
abs
b7970cd47e fix distinfo 2009-02-11 22:45:58 +00:00
joerg
2070411a90 DESTDIR support. 2009-02-10 21:11:13 +00:00
joerg
87ad0f4320 DESTDIR support 2009-02-10 16:39:40 +00:00
abs
fccea4281f Updated security/msu to 1.09
Enable PKG_DESTDIR_SUPPORT=destdir
Move source to code.google
2009-02-10 13:09:35 +00:00
joerg
6bf251943f DESTDIR support. 2009-02-09 23:53:00 +00:00
joerg
3c645bb7fc Switch to Python 2.5 as default. Bump revision of all packages that have
changed runtime dependencies now.
2009-02-09 22:56:21 +00:00
joerg
e2107c85f6 Remove Python 2.1 support. 2009-02-09 21:09:20 +00:00
taca
ff4641fd17 Update security/sudo package to 1.7.0.
* pkgsrc change: relax restriction to kerberos package.


What's new in Sudo 1.7.0?

 * Rewritten parser that converts sudoers into a set of data structures.
   This eliminates a number of ordering issues and makes it possible to
   apply sudoers Defaults entries before searching for the command.
   It also adds support for per-command Defaults specifications.

 * Sudoers now supports a #include facility to allow the inclusion of other
   sudoers-format files.

 * Sudo's -l (list) flag has been enhanced:
    o applicable Defaults options are now listed
    o a command argument can be specified for testing whether a user
      may run a specific command.
    o a new -U flag can be used in conjunction with "sudo -l" to allow
      root (or a user with "sudo ALL") list another user's privileges.

 * A new -g flag has been added to allow the user to specify a
   primary group to run the command as.  The sudoers syntax has been
   extended to include a group section in the Runas specification.

 * A uid may now be used anywhere a username is valid.

 * The "secure_path" run-time Defaults option has been restored.

 * Password and group data is now cached for fast lookups.

 * The file descriptor at which sudo starts closing all open files is now
   configurable via sudoers and, optionally, the command line.

 * Visudo will now warn about aliases that are defined but not used.

 * The -i and -s command line flags now take an optional command
   to be run via the shell.  Previously, the argument was passed
   to the shell as a script to run.

 * Improved LDAP support.  SASL authentication may now be used in
   conjunction when connecting to an LDAP server.  The krb5_ccname
   parameter in ldap.conf may be used to enable Kerberos.

 * Support for /etc/nsswitch.conf.  LDAP users may now use nsswitch.conf
   to specify the sudoers order.  E.g.:
	sudoers: ldap files
   to check LDAP, then /etc/sudoers.  The default is "files", even
   when LDAP support is compiled in.  This differs from sudo 1.6
   where LDAP was always consulted first.

 * Support for /etc/environment on AIX and Linux.  If sudo is run
   with the -i flag, the contents of /etc/environment are used to
   populate the new environment that is passed to the command being
   run.

 * If no terminal is available or if the new -A flag is specified,
   sudo will use a helper program to read the password if one is
   configured.  Typically, this is a graphical password prompter
   such as ssh-askpass.

 * A new Defaults option, "mailfrom" that sets the value of the
   "From:" field in the warning/error mail.  If unspecified, the
   login name of the invoking user is used.

 * A new Defaults option, "env_file" that refers to a file containing
   environment variables to be set in the command being run.

 * A new flag, -n, may be used to indicate that sudo should not
   prompt the user for a password and, instead, exit with an error
   if authentication is required.

 * If sudo needs to prompt for a password and it is unable to disable
   echo (and no askpass program is defined), it will refuse to run
   unless the "visiblepw" Defaults option has been specified.

 * Prior to version 1.7.0, hitting enter/return at the Password: prompt
   would exit sudo.  In sudo 1.7.0 and beyond, this is treated as
   an empty password.  To exit sudo, the user must press ^C or ^D
   at the prompt.

 * visudo will now check the sudoers file owner and mode in -c (check)
   mode when the -s (strict) flag is specified.
2009-02-05 13:48:12 +00:00
tron
ea71974691 Fix build under Mac OS X:
The GNU library ends up being empty and "ar" complains if you try to create
an archive. Simply skip the directory during the build to avoid this.
2009-02-02 11:58:47 +00:00
shattered
bcb98e3257 heimdal leaves empty directories after deinstallation, fix that.
OK by wiz@.
2009-02-01 21:39:43 +00:00
adam
fac4d52596 Changes 1.8:
* Fix crlf self-test under Mingw+Wine.
* Fix build problems on platforms that lack stdint.h.
2009-01-31 08:58:55 +00:00
adam
6c385f5ff3 Changes 1.4.4:
* Publish GCRY_MODULE_ID_USER and GCRY_MODULE_ID_USER_LAST constants.
  This functionality has been in Libgcrypt since 1.3.0.
* MD5 may now be used in non-enforced fips mode.
* Fixed HMAC for SHA-384 and SHA-512 with keys longer than 64 bytes.
* In fips mode, RSA keys are now generated using the X9.31 algorithm
  and DSA keys using the FIPS 186-2 algorithm.
* The transient-key flag is now also supported for DSA key
  generation.  DSA domain parameters may be given as well.
2009-01-31 08:53:14 +00:00
joerg
82874648cf Fix installation. 2009-01-29 17:11:25 +00:00
joerg
4d090be8d2 Needs libtool. 2009-01-29 16:54:17 +00:00
markd
5ba7d247a2 Update to qca 2.0.1
- Bugfix release, forward and backward compatible with 2.0.0
  - Ability to build as a Mac framework (and build this way by default)
  - On non-Mac Unix, the pkgconfig file is always qca2.pc, even in debug
    mode
  - Certificates containing wildcards are now matched properly
  - DirWatch/FileWatch now work
  - Keystore writes now work
  - Don't delete objects in their event handler (prevents Qt 4.4 warnings)
  - Fix potential hang with TLS in server mode
  - Windows version can be configured/installed using paths with spaces
2009-01-27 11:10:46 +00:00
jschauma
65e9c90d89 Give up maintainership, as I have not so much as looked at pkgsrc in
well over a year now.  Sorry. :-(
2009-01-23 21:14:16 +00:00
obache
1726335b5f Also need to take care of md5 for Solaris, PR 40434. 2009-01-20 14:48:56 +00:00
sketch
77f91ca050 The Solaris support in this package only works on OpenSolaris. Allow it to
build (although likely not work) on Solaris too.
2009-01-20 10:08:17 +00:00
seb
8e4ba347bb Update from version 2.12 to version 2.12nb1.
Pkgsrc changes:
- Register required dependency on package security/p5-Digest-HMAC
2009-01-20 06:24:03 +00:00
obache
867afc2eb6 Solaris's md4.h and sha1.h are not good enough for this package,
and MD5_* is in libmd5.
Fixes build failure reported by PR 40434.
2009-01-19 12:00:03 +00:00
ahoka
05ae0e14e9 security/39313 strikes again
Do a workaround here too.
2009-01-11 20:32:18 +00:00
he
e404323ce0 Update from version 2.11nb1 to 2.12.
Upstream changes:

Authen-SASL 2.12 -- Mon Jun 30 21:35:21 CDT 2008

Enhancements
  * GSSAPI implement protocol according to RFC, but by default,
    remain compatible with cyrus sasl lib
  * DIGEST-MD5 implement channel encryption layer
2009-01-11 14:30:08 +00:00
manu
24c4fb7253 From Sergey Svishchev <svs@ropnet.ru>: ipsec-tools builds fine on FreeBSD 2009-01-10 17:13:01 +00:00
rillig
19abf88cc9 Fixed pkglint warnings about sorting SUBDIR. 2009-01-09 19:34:44 +00:00
tnn
1157e16862 Update to openssl-0.9.8j. Fixes CVE-2008-5077.
Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
*) Properly check EVP_VerifyFinal() and similar return values
   (CVE-2008-5077).
*) Allow the CHIL engine to be loaded, whether the application is
   multithreaded or not. (This does not release the developer from the
   obligation to set up the dynamic locking callbacks.)
*) Use correct exit code if there is an error in dgst command.
*) Tweak Configure so that you need to say "experimental-jpake" to enable
   JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
*) Add experimental JPAKE support, including demo authentication in
   s_client and s_server.
*) Set the comparison function in v3_addr_canonize().
*) Add support for XMPP STARTTLS in s_client.
*) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
   to ensure that even with this option, only ciphersuites in the
   server's preference list will be accepted.  (Note that the option
   applies only when resuming a session, so the earlier behavior was
   just about the algorithm choice for symmetric cryptography.)

Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
*) Fix a state transitition in s3_srvr.c and d1_srvr.c
   (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
*) The fix in 0.9.8c that supposedly got rid of unsafe
   double-checked locking was incomplete for RSA blinding,
   addressing just one layer of what turns out to have been
   doubly unsafe triple-checked locking.
   So now fix this for real by retiring the MONT_HELPER macro
   in crypto/rsa/rsa_eay.c.
*) Various precautionary measures:
   - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
   - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
     (NB: This would require knowledge of the secret session ticket key
     to exploit, in which case you'd be SOL either way.)
   - Change bn_nist.c so that it will properly handle input BIGNUMs
     outside the expected range.
   - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
     builds.
*) Allow engines to be "soft loaded" - i.e. optionally don't die if
   the load fails. Useful for distros.
*) Add support for Local Machine Keyset attribute in PKCS#12 files.
*) Fix BN_GF2m_mod_arr() top-bit cleanup code.
*) Expand ENGINE to support engine supplied SSL client certificate functions.
   This work was sponsored by Logica.
*) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
   keystores. Support for SSL/TLS client authentication too.
   Not compiled unless enable-capieng specified to Configure.
   This work was sponsored by Logica.
*) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
   ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
   attribute creation routines such as certifcate requests and PKCS#12
   files.
2009-01-08 16:38:22 +00:00
tonnerre
8883df8908 Despite the fact that various Python modules do have buildlink files,
according to Joerg this behavior is wrong. Remove this one again.
2009-01-07 23:00:26 +00:00
tonnerre
7da5df70b0 Add buildlink3.mk file to py-OpenSSL extension so it can be referenced in
other packages.
2009-01-07 22:27:48 +00:00
wiz
777af89dac Update to 1.19:
v1.19 2008.12.31
- fix verfycn_name autodetection from PeerAddr/PeerHost
2009-01-07 12:41:50 +00:00
wiz
55fa90af5f Move scrollkeeper/omf.mk to rarian/omf.mk.
scrollkeeper is nowadays included in rarian, so the omf.mk file should
be there as well.
Adapt all references.
2009-01-04 18:00:58 +00:00
adrianp
3d34fb2c47 +openvas-* 2009-01-04 01:13:55 +00:00
adrianp
be52ce7665 OpenVAS stands for Open Vulnerability Assessment System and is a
network security scanner with associated tools like a graphical
user front-end. The core component is a server with a set of network
vulnerability tests (NVTs) to detect security problems in remote
systems and applications.
2009-01-04 01:08:52 +00:00
obache
b2ce73ffc8 Update amavisd-new to 2.6.2, maintainer update request by PR 40303.
amavisd-new-2.6.2 release notes

MAIN NEW FEATURES SUMMARY

- bounce killer: improved detection of nonstandard bounces;
- bounces to be killed no longer waste SpamAssassin time;
- tool to convert dkim-filter keysfile into amavisd configuration;
- compatibility with SpamAssassin 3.3 (CVS head) regained;
- rewritten and expanded documentation section on DKIM signing and
  verification in amavisd-new-docs.html;

COMPATIBILITY WITH 2.6.1

- apart from small differences in logging and notifications, the
  version 2.6.2 is compatible with 2.6.1, with its configuration file
  and its environment;

- virus scanner entries were updated (as described below, most notably by
  adding a regexp flag m), so be sure to update existing configuration file;
  updated virus scanner entries can be used with 2.6.1 too;

- the %sql_clause default has changed in detail (see below), if its value
  is overridden in a configuration file the setting may need updating;

See full release notes:

http://www.ijs.si/software/amavisd/release-notes.txt
2009-01-01 14:30:02 +00:00
stacktic
85ceaf1037 Fixed build (removed whirlpool) (ok by wiz) 2008-12-30 15:13:28 +00:00
taca
05d38d24bc This package isn't JOBS_SAFE. 2008-12-21 15:20:27 +00:00
jmcneill
31b608fb35 PR# pkg/40146: security/policykit fails to build on Linux 2008-12-21 13:57:29 +00:00
jmcneill
c6e16fabba PR# pkg/40230: "libvolume_id" doesn't build under Mac OS X
Fix PolicyKit build on OSX.
2008-12-20 19:44:00 +00:00
heinz
2e45cef6fd Added fixes for DESTDIR support:
Correct settings for file ownership (*OWN, *GRP in patch-aa and patch-ao).
  Added missing installation directories in patch-aa.

Sorted PLIST to placate pkglint.

Adapted filename in patch-an to the way mkpatches generates nowadays.
2008-12-19 21:09:11 +00:00
he
33cc881a67 Add p5-OpenSSL. 2008-12-19 18:31:36 +00:00
he
e64549e7e0 Import p5-OpenSSL version 0.09.
Fixes PR#39223.


THIS IS A FUCKING HACK (nichts für die Goldwaage..)

Don't read the man-pages/*.pm's (they are dummy), check t/*
and fix OpenSSL.xs

Don't forget to try -
print OpenSSL::CRL::new_from_file("crl.pem")->info
- it's the only CRL stuff that's supported :)

OpenSSL::HMAC is dummy.
OpenSSL::BN is untested.
2008-12-19 18:30:52 +00:00
adam
57adf42ff0 Changes 2.6.3
* gnutls: Fix chain verification for chains that ends with RSA-MD2 CAs.
* gnutls: Fix memory leak in PSK authentication.
* certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier.
  It needs to be invoked before libgcrypt is initialized.
* gnutls-cli: Return non-zero exit code on error conditions.
* gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.
2008-12-19 15:43:20 +00:00
he
1f9a1a98bc Update from version 2.36nb1 to 2.38.
Should fix PR#40189.

Upstream changes:

2008-11-14   Gisle Aas <gisle@ActiveState.com>

   Release 2.38
   The 2.37 tarball was infected by various '._*' files.
   Thank you, Mac OS X!
   Applied warning fix from Geoff Richards [RT#19643]
   Applied compatiblity fix from Alexandr Ciornii [RT#30348]


2008-11-12   Gisle Aas <gisle@ActiveState.com>

   Release 2.37
   Sync up with consting changes from the perl core.
2008-12-18 21:57:22 +00:00
he
6932d65bef Update from version 1.17 to 1.18.
Fixes PR#40188, though the dependency bump is not done
(is not reflected in the module's META.yml).

Upstream changes:

v1.18 2008.11.17
- fixed typo in argument: wildcars_in_cn -> wildcards_in_cn
  http://rt.cpan.org/Ticket/Display.html?id=40997
  thanks to ludwig[DOT]nussel[AT]suse[DOT]de for reporting
2008-12-18 21:50:34 +00:00
smb
53f72195ad Update to 2.6.8. Apparently fixed some compilation issues (presumably
due to GCC 4), though those aren't mentioned in the upstream change log.

Other changes:

2007-06-09  gettextize  <bug-gnu-gettext@gnu.org>

        * m4/gettext.m4: New file, from gettext-0.16.1.
        * m4/iconv.m4: New file, from gettext-0.16.1.
        * m4/lib-ld.m4: New file, from gettext-0.16.1.
        * m4/lib-link.m4: New file, from gettext-0.16.1.
        * m4/lib-prefix.m4: New file, from gettext-0.16.1.
        * m4/nls.m4: New file, from gettext-0.16.1.
        * m4/po.m4: New file, from gettext-0.16.1.
        * m4/progtest.m4: New file, from gettext-0.16.1.

2003-03-08 17:38  nmav

        * Makefile.am:

        Honor DESTDIR variable. Patch by Andrew W. Nosenko  <awn@bcs.zp.ua>

2003-03-08 17:29  nmav

        * src/mcrypt.c, NEWS:

        Made the algorithm and mode command line input case insensitive.

2003-03-08 17:08  nmav

        * doc/mcrypt.1:

        some corrections in the manpage by  Michael Mason
        <mgm@eskimoman.net>
2008-12-15 20:59:28 +00:00
rillig
069677a7b2 gcc complains when an int is cast to a pointer of different size. To
avoid that warning, the ints are first cast to size_t, which is more
likely to match the size of a pointer. Unfortunately, the intptr_t and
uintptr_t types are marked optional in C99.
2008-12-15 15:06:43 +00:00
obache
15debaac89 * Fixes mismatch between the section and extension of skeyprune.
* skeyprune is perl script, need runtime dependency on perl5.
* Fixes mis-use of config.h (patch-a[d-i]), avoid to use a mixture of
  local hash function with system RMD header.
  Fixes build failure reported by PR 39872 and PR 39953.

Bump PKGREVISION.
2008-12-13 13:58:31 +00:00
obache
3a0751331d Restore to original DESTDIR ready. 2008-12-13 13:26:19 +00:00
obache
c994f76ba5 Use REPLACE_PERL instead of custom SUBST. 2008-12-13 13:18:08 +00:00
obache
c1f8fb9742 macro name must not contains '-', a part of PR 39953. 2008-12-13 12:07:54 +00:00
taca
ec79fc220c Fix build problem with USE_DESTDIR == no. 2008-12-12 01:10:54 +00:00
wiz
f41049960a PR 40152 by Tim Zingelman:
lib/krb5/os/dnsglue.c uses statbuf structure before zeroing it.
Solaris requires it be zeroed first... all kerberos programs that
use dns lookup crash.  Zeroing before use does not break anything
on any other platforms.

Bump PKGREVISION.
2008-12-11 09:42:25 +00:00
obache
40a6e1781b Fixes perl module installation path, PR 40138 by Rumko.
Change to install into vendor and use packlist.
2008-12-09 11:58:59 +00:00
adrianp
4c9bbb9c1f And pear-Mail_Mime while we're here 2008-12-07 22:41:25 +00:00
adrianp
696d40ebac DEPENDS+=mail/pear-Mail
PKGREVISION++
2008-12-07 22:38:13 +00:00
sborrill
6273c7c610 Add security/sslproxy 2008-12-05 12:53:24 +00:00
sborrill
488e7d3e72 The Symbion SSL Proxy listens on a TCP port, accepts SSL connections, and
forwards them to another (local or remote) TCP port, or UNIX domain socket.
2008-12-05 12:52:39 +00:00
wiz
7038d5243b Remove share/icons/hicolor/icon-theme.cache from PLIST, belongs
to hicolor-icon-them. Bump PKGREVISION.
2008-12-04 17:34:14 +00:00
hasso
fb4dee82ac * Use PolicyKit.conf.NetBSD on DragonFly as well
* DESTDIR support
* Bump PKGREVISION
2008-11-26 08:22:24 +00:00
hasso
d87c2b7027 Correct patch-aa checksum, sorry for a mess. 2008-11-25 07:09:54 +00:00
adam
da84c3c16f Changes 1.7:
- Add libtasn1-config for compatibility.
  Please stop use it as it will disappear in v2.0!
  Use standard AC_CHECK_FUNCS autoconf tests or pkg-config instead.
- Read PKCS-12 blob as binary file, fixes self-tests under Mingw.
- Fix use of __attribute__ ((deprecated)) to work on non-GCC.

Changes 1.6:
- Fixed namespace violation for MAX_NAME_SIZE and MAX_ERROR_DESCRIPTION_SIZE.
  The new names are ASN1_MAX_NAME_SIZE and ASN1_MAX_ERROR_DESCRIPTION_SIZE.
- Fixed namespace violation for libtasn1_perror and libtasn1_strerror.
  The new names are asn1_perror and asn1_strerror.
- Fix namespace violation for LIBASN1_VERSION.
  The new name is ASN1_VERSION.
- Decoder can now decode BER encoded octet strings.
- doc: Change license on the manual to GFDLv1.3+.
- doc: Sync gdoc script with GnuTLS, changes license on man-pages to GAP.
- doc: Improve gtk-doc manual.
- Assumes system has strdup and string.h.
- Remove libtasn1-config and libtasn1.m4,
  use standard AC_CHECK_FUNCS autoconf tests or pkg-config instead.
- Change detection of when to use a linker version script,
  use --enable-ld-version-script or --disable-ld-version-script to
  override auto-detection logic.
2008-11-24 15:36:03 +00:00
wiz
1f47f57008 Add missing build dependencies on libxslt and docbook-xsl, for creating
the man pages. No PKGREVISION bump because package didn't package.
2008-11-24 14:50:43 +00:00
jmcneill
0e3928c81e enable hal, bump PKGREVISION 2008-11-24 14:39:19 +00:00
jmcneill
617b5b4c10 From FreeBSD:
Fix a problem with PK's strndup() implementation assuming all strings
passed to it would be NUL-terminated.  This is known to fix crashes with
polkit-gnome-authorization and clock-applet.
2008-11-23 22:28:23 +00:00
hasso
50bd093c85 * Make it compile in DragonFly
* Fix permissions of suid/sgid binaries
* Bump PKGREVISION
2008-11-23 21:21:43 +00:00
jmcneill
7220d360cc On NetBSD, install a default policy that allows password-less authentication
for root, password authentication for users in group wheel, and deny access
to all others.
2008-11-23 02:00:48 +00:00
jmcneill
c2e5d96b56 Add buildlink script for polkit-gnome 2008-11-22 21:21:48 +00:00
jmcneill
6cd59fc039 Add a MESSAGE explaining that procfs is required for policykit 2008-11-22 03:55:53 +00:00
jmcneill
a84bdf7be5 Add policykit, policykit-gnome 2008-11-22 03:36:20 +00:00
jmcneill
a7c1c8c890 Import policykit-gnome version 0.9.2.
PolicyKit is an application-level toolkit for defining and handling the
policy that allows unprivileged processes to speak to privileged processes:
It is a framework for centralizing the decision making process with respect
to granting access to privileged operations for unprivileged applications.
PolicyKit is specifically targeting applications in rich desktop environments
on multi-user UNIX-like operating systems. It does not imply or rely on any
exotic kernel features.

This package provides a D-Bus session bus service for bringing up
authentication dialogs used for obtaining privileges.
2008-11-22 03:34:55 +00:00
jmcneill
33380d61b2 Import policykit version 0.9.
PolicyKit is an application-level toolkit for defining and handling the
policy that allows unprivileged processes to speak to privileged processes:
It is a framework for centralizing the decision making process with respect
to granting access to privileged operations for unprivileged applications.
PolicyKit is specifically targeting applications in rich desktop environments
on multi-user UNIX-like operating systems. It does not imply or rely on any
exotic kernel features.
2008-11-22 03:33:38 +00:00
ahoka
6b7c5c9a7f Try to deal with a bug described in security/39313, when the build
against recent openpam headers produce non functioning pam_ldap.so
on NetBSD 4.99.47(?) or more recent systems.

There's something really fishy in the headers...
2008-11-21 03:24:29 +00:00
cube
aef2a666ca Properly give up maintainership, as pointed out by wiz@ [hi he!]. 2008-11-20 16:20:05 +00:00
hasso
72153421c6 The patch from upstream to fix man/man5/qop.5 symlink. This has been sit in
PR 38622 for some time.
2008-11-19 13:27:33 +00:00
he
f38676a267 Update from version 1.30nb1 to 1.33.
Pkgsrc changes:
 o Adapt patch-aa, still needed for non-hanging tests...

Upstream changes:

1.33 2008.10.21

    - Fix open() calls (rt.cpan.org #40020)
    - Fix non-shell problem (rt.cpan.org #39980)
    - Allow full agent forwarding (rt.cpan.org #32190)
    - Handle hashed known_hosts files (Greg Sabino Mullane, rt.cpan.org #25175)

1.32 2008.10.16

    - Add IO::Handle to Perl.pm (rt.cpan.org #40057, #35985)
    - Minor test cleanups.

1.31 2008.10.02

    - New co-maintainer, Greg Sabino Mullane (TURNSTEP).
    - Prevent t/03-packet.t from hanging due to high file descriptor.
      (altblue at n0i.net, rt.cpan.org #6101)
    - Skip some tests if Math::GMP not installed (e.g. from choosing only
      protocol 2 in Makefile.PL) (Greg Sabino Mullane, reported in
      rt.cpan.org #25152)
    - If ENV{HOME} is not set, use getpwuid. If both fail and the dir
      is needed, we croak. (Greg Sabino Mullane, expanded from patch
      by dgehl at inverse.ca in rt.cpan.org #25174)
    - Fix incorrect logical/bitwise AND mixup (Peter.Haydon at uk.fujitsu.com,
      rt.cpan.org #31490)
    - Allow empty stdin for SSH2 (rcp at rcable.co.uk, rt.cpan.org #32730)
    - Adjust terminal dimensions dynamically if Term::ReadKey is available
      (john at sackheads.org, rt.cpan.org #34874)
2008-11-18 16:19:04 +00:00
he
e08dc7a02a Add p5-Authen-PluggableCaptcha. 2008-11-17 20:36:29 +00:00
he
a76a900005 Import p5-Authen-PluggableCaptcha version 0.05.
Authen::PluggableCaptcha is a fully modularized and extensible
system for making Pluggable Catpcha (Completely Automated Public
Turing Test to Tell Computers and Humans Apart) tests.

Pluggable? All Captcha objects are instantiated and interfaced via
the main module, and then manipulated to require various submodules
as plug-ins.

Authen::PluggableCaptcha borrows from the functionality in
Apache::Session::Flex.
2008-11-17 20:34:47 +00:00
tron
fac967286c Add support for user destination directory installation.
Patch provided by Aleksey Cheusov in PR pkg/39905.
2008-11-16 13:57:02 +00:00
wiz
c1a52e57ff Update to 2.6.2:
* Version 2.6.2 (released 2008-11-12)

** libgnutls: Fix crash in X.509 validation code for self-signed certificates.
The patch to fix the security problem GNUTLS-SA-2008-3 introduced a
problem for certificate chains that contained just one self-signed
certificate.  Reported by Michael Meskes <meskes@debian.org> in
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>.

** API and ABI modifications:
No changes since last version.
2008-11-15 23:02:09 +00:00
minskim
7d5eb59ee4 Update EasyPG to 0.0.16.
Changes since 0.0.14:
* epa-mail-encrypt now skips unusable keys.
* epa-file now uses canonical file names as keys for passphrase cache.
* Fixed a load-error of epa on XEmacs.
* epa-file bug fixes.
* Prepare auto-mode-alist to strip .gpg suffix when choosing major-modes.
* Don't signal an error when opening a nonexistent file via Tramp.
* epa-verify-region now decodes the plaintext with
  coding-system-for-read or one saved as epa-coding-system-used.
2008-11-13 08:15:34 +00:00
minskim
caec860b9a Update the package directory for gnupg2. 2008-11-13 08:09:15 +00:00
wiz
35bfc5a2d4 Update to 2.6.1:
* Version 2.6.1 (released 2008-11-10)

** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]
The flaw makes it possible for man in the middle attackers (i.e.,
active attackers) to assume any name and trick GNU TLS clients into
trusting that name.  Thanks for report and analysis from Martin von
Gagern <Martin.vGagern@gmx.net>.  [CVE-2008-4989]

Any updates with more details about this vulnerability will be added
to <http://www.gnu.org/software/gnutls/security.html>

** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits.
Reported by Kevin Quick <quick@sparq.org> in
<https://savannah.gnu.org/support/index.php?106454>.

** libgnutls-extra: Protect internal symbols with static.
Fixes problem when linking certtool statically.  Tiny patch from Aaron
Ucko <ucko@ncbi.nlm.nih.gov>.

** libgnutls-openssl: Fix patch against X509_get_issuer_name.
It incorrectly returned the subject DN instead of issuer DN in v2.6.0.
Thanks to Thomas Viehmann <tv@beamnet.de> for report.

** certtool: Print a PKCS #8 key even if it is not encrypted.

** tests: Make tests compile when using internal libtasn1.
Patch by ludo@gnu.org (Ludovic Courtès).

** API and ABI modifications:
No changes since last version.
2008-11-10 17:33:20 +00:00
jnemeth
9eee804f3c this also depends on gnome-key 2008-11-08 23:46:00 +00:00
bjs
1dd15d1ebf Ugh, this was worse than I thought. Refactor my change to account
for all autoconf definitions that pollute namespace.  Additionally,
I've prepared a distribution patch from FreeBSD ports which
fixes many memory leaks (see comment in patch).

PKGREVISION++
2008-11-08 13:47:11 +00:00
bjs
47da9b30cc Patch out definition of VERSION in mhash_config.h. Code could
rely on this--and *not* define it in installed headers!

PKGREVISION++
2008-11-08 12:55:21 +00:00
abs
9129862374 add p5-Crypt-Eksblowfish 2008-11-07 20:56:11 +00:00
abs
7971424486 Added security/p5-Crypt-Eksblowfish version 0.005
Eksblowfish is a variant of the Blowfish cipher, modified to make
the key setup very expensive. ("Eks" stands for "expensive key
schedule".) This doesn't make it significantly cryptographically
stronger, but is intended to hinder brute-force attacks. It also
makes it unsuitable for any application requiring key agility. It
was designed by Niels Provos and David Mazieres for password hashing
in OpenBSD. See Crypt::Eksblowfish::Bcrypt for the hash algorithm.
See Crypt::Eksblowfish::Blowfish for the unmodified Blowfish cipher.

Eksblowfish is a parameterised (family-keyed) cipher. It takes a
cost parameter that controls how expensive the key scheduling is.
It also takes a family key, known as the "salt". Cost and salt
parameters together define a cipher family. Within each family, a
key determines an encryption function in the usual way. See
Crypt::Eksblowfish::Family for a way to encapsulate an Eksblowfish
cipher family.
2008-11-07 20:52:54 +00:00
adam
169b01f6b6 Changes 0.2.29:
* gsasl: Don't use poll with POLLOUT to avoid busy-waiting.
* doc: Error codes are now extracted using official library APIs.
* doc: Included cyclomatic code complexity charts of the library code.
* tests: Add self test of obsolete base64 functions.
* Update gnulib files. Improves Windows compatibility.
2008-11-07 18:40:52 +00:00
adrianp
25c40fa038 Add some extra install docs 2008-11-05 22:50:00 +00:00
adrianp
2b002c41a2 Update to 1.4.1
Some highlights:
Bug #1680965 sans lookup fails -- Jordan Wiens
Fixed index.php redirect -- Kevin Johnson for Terry Burton
Added Worldmap feature -- Juergen Leising
Added Vendor MAC Map -- Juergen Leising
Increased memory limit from 50 to 128 MB in base_graph_common.php
Fixed "Select Signature from List" in the query form -- Juergen Leising
Newly generated coordinates file world_map6.txt. -- Juergen Leising

See docs/CHANGELOG for all the details
2008-11-05 22:47:13 +00:00
wiz
f7d882e5b3 Update to 1.17. Add dependencies on p5-Net-LibIDN and p5-IO-Socket-INET6
for IDN and inet6 support.

v.17 2008.10.13
- no code changes, publish v.16_3 as v.17 because it looks better
  than v.16
- document win32 behavior regarding non-blocking and timeouts

v.16_3   2008.09.25
- fix t/nonblock.t with workaround for problems with
  IO::Socket::INET on some systems (Mac,5.6.2) where it cannot do
  nonblocking connect and leaves socket blocked.
- make some tests less verbose by fixing diag in t/testlib.t
  (send output to STDOUT not STDERR and prefix with '#')

v.16_2   2008.09.24
- work around Bug in IO::Socket::INET6 on BSD systems
  http://rt.cpan.org/Ticket/Display.html?id=39550
  by setting Domain based on PeerAddr
  Thanks to srezic for report and support
- remove tests of recv/send from t/core.t. Might badly interact
  with SSL handshake and cause crashes as seen on OS X 10.4

v.16_1   2008.09.19
- better support for IPv6:
  - IPv6 is enabled by default if IO::Socket::INET6 is available
  - t/inet6.t for basic tests
2008-11-05 15:24:40 +00:00
tonnerre
08696d8ad4 Add .py files to PLIST (Why haven't they been there in the first place? Hm.) 2008-11-05 10:53:42 +00:00
wiz
7e9836de00 Add script for munging locale files. 2008-11-03 06:52:04 +00:00
wiz
0515e3be9e Remove superfluous patches. 2008-11-03 06:51:37 +00:00
bad
c67f903d99 Fix hydra-gtk/src/callbacks.c to put server and service last on the
command line as hydra(1) expects.  Makes xhydra work again.
Bump PKGREVISION.
2008-10-30 14:52:14 +00:00
bad
c4a6a95b41 Hydra does not depend on arp0. And subversion-base pulls in the correct
version of APR by itself.
2008-10-30 14:49:41 +00:00
bjs
b5d0fb3ccc Add security/pakchois 2008-10-30 03:44:13 +00:00
bjs
50028caf42 remove --enable-dlopen from CONFIGURE_ARGS; it's unnecessary 2008-10-30 03:43:35 +00:00
bjs
3b716ffb7b Add pakchois-0.4. (upcoming new neon can use it)
--

pakchois is just another PKCS#11 wrapper library.  pakchois aims to
provide a thin wrapper over the PKCS#11 interface.

The goals are:

1) to offer a modern* object-oriented C interface wrapper for PKCS#11.

2) to not hide or abstract away any details of the PKCS#11 interface
itself except where absolutely necessary.

3) to handle the details of loading DSOs

4) to allow the caller to avoid caring about where on the system
PKCS#11 modules might be stored, or exactly how they are named.

5) to avoid any dependency on a particular cryptography toolkit.

Existing PKCS#11 wrapper libraries solutions differ in at least one of
the above goals.

*: "modern" being a euphemism for not using process-global state,
having a sane symbol namespace, etc.
2008-10-30 03:32:19 +00:00
wiz
871bf5d2c7 Add patch-ag, patch-ah, patch-ai (hi, shannonjr!). 2008-10-29 11:45:34 +00:00
shannonjr
4211cef123 Three patches to permit compilation under Solaris with SunPro compiler:
patch-ag and patch-ah fix void functions that attempt to return the result
of calling a void function.

patch-ai conditionally includes <sys/inttypes.h> to pick up uint32_t
2008-10-29 11:38:09 +00:00
wiz
bfc9fdcd47 Add patch-ag. 2008-10-29 10:30:44 +00:00
shannonjr
0a391289a6 "return _gcry_rngfips_deinit_external_test (context);"
is incorrect because:
1) _gcry_rngfips_deinit_external_test() is void function
2) the calling function, random, is declared void

The unpatched code will not compile with Sun compiler.
2008-10-29 10:24:09 +00:00
wiz
38ebbd0f9b Remove seahorse-gedit and seahorse-nautilus, replace by seahorse-plugins. 2008-10-27 16:54:49 +00:00
wiz
b6b9229ba9 Import seahorse-plugins-2.24.1 as security/seahorse-plugins.
Seahorse is a GNOME front-end for GnuGP.  It can be used for signing,
encrypting, verifying and decrypting text and files.  The text can be
taken from the clipboard, or written directly in the little editor it
has.  Seahorse is also a keymanager, which can be used to edit almost
all the properties of the keys stored in your keyrings.

This package contains various plugins for Seahorse.
2008-10-27 16:54:01 +00:00
wiz
04185a7526 Update to 2.24.1. Please note that seahorse-agent and two other
tools moved to the new seahorse-plugins package.

seahorse 2.24.1
---------------

    * Fix problems with seahorse crashing when searching for
      remote keys. [Adam Schreiber]
    * Build fixes on Solaris [Jeff Cai]
    * Fix selection of keys in libcryptui. [Philip Withnall]
    * I18n fixes. [Adam Schreiber]

seahorse 2.24.0
---------------

    * Some tweaks to the password prompt window, including allowing
      minimizing to release the keyboard grab.
    * Fix compiler warnings for gcc 4.3.
    * Return a 'cancelled' error when from the daemon crypto dbus
      methods when a user cancels out of a password prompt.
    * Show revoked subkeys properly in details view of PGP keys.
    * Fix problem deleting SSH keys.
    * Fix dialog prompt column widths, and elipsize long text in
      key listing. [Adam Schreiber]
    * Fix problem with 'no keys available' when trying to sign a
      PGP key from within the key manager.
    * Add 'exportable' flag to objects/keys and don't enable export
      UI if selected objects are not exportable.
    * Build fixes [Joe Orton, Adam Schreiber]
    * Crash and other fixes. [Christian Persch]

seahorse 2.23.92
----------------

    * Fix crash when changing a stored Gnome Keyring password.
    * Fix certain crashes on syncing, searching and other operations.
    * Fix dumb 'Couldn't import keys' error message when success.

seahorse 2.23.91
----------------

    * Fix copying keys to the clipboard. [Adam Schreiber]
    * Fix double free crash when importing keys.
    * Fix crasher when deleting a key.
    * Don't add extra null bytes to SSH authorized_keys and
      similar files. [Adam Schreiber]
    * Documentation fixes. [Adam Schreiber]
    * Don't repeatedly load gnome-keyring items. [Adam Schreiber]
    * Make help button in 'First Time Options' work proprely. [Adam Schreiber]
    * Better wording for options in PGP key dialogs. [Adam Schreiber]

seahorse 2.23.90
----------------

    * Icon makeover. [Michael Monreal]

seahorse 2.23.6
---------------

    * Initial PKCS#11 certificate listing implementation.
    * Internal code refactoring.
    * Fix problems with reference counting on operations.
    * Use base64 functions in glib, rather than rolling our own.
    * Don't use deprecated LDAP functions. [Adam Schreiber]
    * String operation fixes. [Adam Schreiber]
    * Build fixes [Jeff Cai]

seahorse 2.23.5
---------------

    * Fix importing keys from key servers [Mackenzie Morgan]
    * Factor out seahorse-plugins to a different module.
    * Add XDS drag and drop support.
    * Remove gnome-vfs dependency and use gio instead.
    * Return key id of signer from DBus service even when key
      is not found locally [Adam Schreiber]
    * Refactor UI code internally into modules.
    * Remove hard GPG and GPGME dependency.
    * Replace signer drop down in key chooser with just a check
      button when only one secret key exists. [Adam Schreiber]
    * Set sync button insensitive when no server is selected.
      [Adam Schreiber]
    * Test for secure memory before using it. [Coleman Kane]
    * Change trust model used to match GPG's. [Adam Schreiber]
    * Remove libgnome and libgnomeui dependencies. [Saleem Abdulrasool]
    * Grab keyboard focus when prompting for password.
      [Josselin Mouette]
    * Use the vala programming language for some code.
    * Add initial infrastructure for PKCS#11 key/certificate support.
    * Save and load window sizes from gconf. [Adam Schreiber]
    * Build fixes [Brian Cameron, Saleem Abdulrasool, Alexis Ballier,
      Christian Persch, Rodrigo Moya]
2008-10-27 16:51:59 +00:00
adrianp
78d94af2e9 Also supports apache 2.2.x
PKGREVISION++
2008-10-25 15:59:27 +00:00
adrianp
dede2ac381 Might be good to actually add the patch that fixes the problem 2008-10-25 12:04:34 +00:00
adrianp
c348119408 OpenSSL is not JOBS_SAFE
Pull in a fix from the OpenSSL CVS:
http://cvs.openssl.org/filediff?f=openssl/crypto/x509/x509_att.c&v1=1.14&v2=1.15
This should fix PR #39767 opened by Wolfgang Solfrank
2008-10-25 12:03:35 +00:00
wiz
96c8559ed9 Update to 2.24.1:
Changes in version 2.24.1 are:
* Fix crash on logout on Solaris. [Jeff Cai]
* Add missing 'server' attribute to the NETWORK_PASSWORD schema.
2008-10-25 00:49:32 +00:00
tonnerre
916d4b32c0 +py-asn1 2008-10-22 20:39:13 +00:00
tonnerre
7ffda7dc56 Import the ASN1 Python module to pkgsrc. This module allows to dissect
ASN1-encoded files (DER, BER, PER, etc.) in Python. ASN1 is the Abstract
Syntax Notation version 1, as defined by the International Telecommunication
Union (ITU).
2008-10-22 16:33:55 +00:00
dsainty
bf9856d7c6 The HTTP MASTER_SITES entry is no longer available, and has a text file
indicating that ftp://ftp.gnu.org/pub/gnu/gnutls/ should be used instead.
The replacement site also supports HTTP, so make it our HTTP source.
2008-10-20 12:24:17 +00:00
he
b021813da0 Bump the PKGREVISION for all packages which depend directly on perl,
to trigger/signal a rebuild for the transition 5.8.8 -> 5.10.0.

The list of packages is computed by finding all packages which end
up having either of PERL5_USE_PACKLIST, BUILDLINK_API_DEPENDS.perl,
or PERL5_PACKLIST defined in their make setup (tested via
"make show-vars VARNAMES=...").
2008-10-19 19:17:40 +00:00
shannonjr
42caf47b41 Prelude-manager now can send alerts via E-mail. Make start depend on mail. 2008-10-18 13:31:12 +00:00
shannonjr
230ede0514 Update to 0.9.14. Changes:
- Fix log file permission error, that could happen thought the user
Prelude-LML was running as could access the file (#291).
- ModSecurity ruleset update, by Dan Kopecek <dkopecek@redhat.com>:
provides much more descriptive classification.text, add regexps for
[file ..], [line ...], [tag ...] fields and fine tune targets/types
(#321).
- Deprecate Gamin/FAM support in favor of libev: the previous
implementation had problem on SELinux enabled system due to Gamin server
startup being triggered by other program, and thus using improper role
for Prelude-LML.
(#326).
- Improved polling architecture by using Operating System specific
backend when possible.
- We now monitor files that are not immediately available for reading on
startup: once the file can be monitored, libev provide us with a
notification.
2008-10-18 13:29:28 +00:00
shannonjr
08f9034574 Update to 0.9.21.1. Changes:
- Fix an assertion warning upon sensor start in case the address
for the local machine could not be found.
- Consistency rework of EasyBindings IDMEFCriteria API.
- Add refcount support for prelude_client_t and
prelude_client_profile_t, and update EasyBindings destructor to use
them.
- Fix a bug where EasyBindings would be built although they were not
enabled.
- Fix path issue in case libprelude was configured with specific path
outside of $prefix (fix #319).
2008-10-18 13:28:28 +00:00
adam
978fa43d4e Changes 2.6.0:
* libgnutls: Correct printing and parsing of IPv6 addresses.
* libgnutls-openssl: fix out of bounds access.
* certtool: Use inet_pton for parsing IPv6 addresses.
* Added API to replace and update the crypto backend.
* certtool: can add several subject alternative names via template file.
* opencdk: Parse (but not decrypt) encrypted secret keys.
* more...
2008-10-18 11:55:11 +00:00
adam
a88a64a4cc Changes 4.26:
* libwrap related fixes, better debugging messages, MS Visual C++ support

Changes 4.25:
* delay libwrap process spawning after dropping privs, other improvements
2008-10-17 07:31:58 +00:00
wiz
d150578c8e PKGREVISION bump for libevent shlib name change. 2008-10-16 21:52:16 +00:00
drochner
6cc7cf199c update to 2.24.0
This switches to the gnome-2.24 release branch.
2008-10-16 13:45:38 +00:00
adam
d779ce5514 Changes 1.4.3:
* Try to auto-initialize Libgcrypt to minimize the effect of
  applications not doing that correctly.  This is not a perfect
  solution but given that many applicationion would totally fail
  without such a hack, we try to help at least with the most common
  cases.  Folks, please read the manual to learn how to properly
  initialize Libgcrypt!
* Auto-initialize the secure memory to 32k instead of aborting the
  process.
* Log fatal errors via syslog.
* Changed the name and the semantics of the fips mode config file.
* Add convenience macro gcry_fips_mode_active.
* More self-tests.
* Documentation cleanups.
2008-10-14 11:33:13 +00:00
adam
b4c509e9c8 Changes 1.6:
* Fixed a build problem under Windows.

Changes 1.5:
* Minor build system fixes.
* Updated gettext.  Removed included gettext copy.
* gpg-error has a new option --version.
2008-10-14 11:32:11 +00:00
bad
465844de47 Fix botched update of nessus.
Need to BUILDLINK_ABI_DEPENDS on the 2.2.11 versions of the libraries.
Bump PKGREVISION wholesale to disambiguate the fixed packages from the botched
ones and depend on them.
Use GPLed version of the plugins instead of the non-free version.

While here fix permissions of PKG_SYSCONFDIR in nessus-core/Makefile.
2008-10-13 22:32:54 +00:00
adam
1ae4ce5ed7 Changes 1.5:
- Update gnulib files.
- Fix memory leaks.
2008-10-13 09:23:34 +00:00
adrianp
863460b3b3 Update from 2.1.4->2.5.7
Use ./configure as one is now supplied
libmxl2 is no longer optional but curl is
Rename doc/eg dirs from ap-security to ap-modsecurity

* Allow for disabling request body limit checks in phase:1
* Now log XML parsing/validation warnings and errors to be in the debug log
  at levels 3 and 4, respectivly.
* Transformation caching has been deprecated, and is now off by default. We
  now advise against using transformation caching in production.
* Improve request body processing error messages.

Any many more . . . see CHANGES for all the details
2008-10-12 12:50:17 +00:00
uebayasi
34004f51e0 Move mk/emacs.mk to editors/emacs/modules.mk.
Don't call pkg_info to get the installed Emacs version; always use the
version matching EMACS_TYPE set by users.  Be DEPENDS to it.  This should
address pkg/37146 by Aleksey Cheusov.

While here convert some emacs lisp packages to user-destdir.
2008-10-11 09:31:54 +00:00
adam
e9b8b7fe93 .nbin patches are not installed 2008-10-10 11:35:39 +00:00
adam
16ddfab365 Changes 2.2.11:
* Bug fixes and improvements
2008-10-10 11:34:50 +00:00
wiz
b4737a01bd Update to 1.16:
v1.16
	- change code for SSL_check_crl to use X509_STORE_set_flags instead of
          X509_STORE_CTX_set_flags based on bug report from
          <tjtoocool[AT]phreaker[DOT]net >
        - change opened() to report -1 if the IO::Handle is open, but the
          SSL connection failed, needed with HTTP::Daemon::SSL which will send
          an error mssage over the unencrypted socket
2008-10-09 13:17:50 +00:00
gdt
9efe008b7b Don't put glob.h in the PLIST for NetBSD. At least 4.0 and current do
not require this, and this fixes the build on those systems.  Not
objected to by joerg@.
2008-10-03 19:01:14 +00:00
joerg
afa791e368 Use POSIX types for int32/uint32 to fix build on AMD64.
Add DESTDIR support.
2008-10-03 17:42:28 +00:00
joerg
52784ae240 Don't mess with /etc on installation. Add DESTDIR support. 2008-10-02 18:21:06 +00:00
joerg
b114922689 Fix DESTDIR build. 2008-10-02 18:06:36 +00:00
joerg
b740c74a84 Fix lp64 build. Add DESTDIR support. 2008-10-02 18:03:36 +00:00
obache
024a6b04df * Move inclusion of phthread.buildlink3.mk to rightful place in options.mk and
only suggest pthread option when native pthread exists.
  We cannot use pthread.buildlink3.mk to just detect if suituable pthread
  implementation exist or not.
  Avoid unwanted dependency on pthread package when no native pthread and
  pthread option off.

* Move inclusion of seculity/tcp_wappers/buildlink3.mk to rightful place in
  options.mk.
  Avoid unwanted dependency on tcp_wrappers when libwrap option off.

* Remove deprecated(?) --with-tcp-wrappers from CONFIGURE_ARGS.

* Remove --enable-libwrap from CONFIGURE_ARGS even if require tcp_wrappers.
  It affect not only check of existence of tcp_wappers but also blow off
  needful addition of -lwrap to LIBS.
  Fixes PR 39635
2008-10-01 14:34:32 +00:00
obache
ee7ad224d9 Revert to previous revision and remove bin/makedat (it was conflict with maildrop?).
Additional entries are optionally and already handled in Makefile and options.mk.
Re: PR 39661
2008-10-01 11:43:41 +00:00
apb
add6a683f6 Make dsniff and dsniff-nox11 build on NetBSD-current:
* In dsniff-nox11/Makefile, add a post-configure target to move
  missing/sys/queue.h out of the way if the configure script
  found a real sys/queue.h.
* Add patches to #include <string.h> in some files where I noticed warnings.

Bump PKGREVISION for both dsniff and dsniff-nox11.
2008-10-01 08:43:09 +00:00
obache
38c8122e9c sort 2008-09-29 11:55:55 +00:00
obache
e02a6bccab Require OpenSSL.
While here, add DESTDIR support.
2008-09-29 11:55:24 +00:00
tonnerre
46723b3a66 Upgrade courier-authlib to version 0.61.0 in order to fix CVE-2008-2667,
finally. While here, fix PLIST and depkglint a bit. Also, fix the horrid
abuse of libtool.

Changes since 0.60.2:
 * courier-authlib.spec: Dummy provides: for symlinks, to allow upgrade
   with older packages that require <libname>.so.0.
 * Makefile.am: Switch to versionless shared libraries.
   Install all shared libraries just as <libname>.so. make install manually
   removes *.so.0.0 files that were left over from previous versions,
   and installs a temporary *.so.0 symlink to *.so, for temporary
   binary ABI compatibility with 0.60. The symlinks will be removed in
   0.62.
 * Cleanup: always compile md5, sha* and hmac stuff, and remove all
   conditionally-compiled cruft. Move SASL list to an internal header.
   Add client-side support for AUTH EXTERNAL.
 * authsasl.c (auth_sasl_ex): auth_sasl_ex() supercedes auth_sasl(),
   invokes auth_sasl() for non-EXTERNAL SASL methods, implements EXTERNAL
   by going through the motions, then setting up a dummy authentication
   request.
 * authdaemon.c (auth_generic): Check for the dummy EXTERNAL
   authentication request, and handle it by invoking auth_getuserinfo(),
   rather than sending it down the pipe. This avoid having to implement
   a stub in every authentication module.
 * authmysqllib.c: Use mysql_set_character_set() instead of SET NAMES
 * authmysqllib.c: Fix domain-less queries.
 * Makefile: Drop the unmaintained authvchkpw module.
 * authmysqllib.c: Cleanup. Use mysql_real_escape_string instead of
   crude filtering.
 * Makefile.am: Use _LIBADD properly.
 * configure.in: More portability fixes.
2008-09-28 22:15:30 +00:00
tonnerre
3e58fd536d If strverscmp() is not present, gnutls shouldn't export a symbol of the
same name, breaking the builds of libraries trying to both link against
libcurl and use strverscmp(). Bump PKGREVISION.

Fixes PR 39640.
2008-09-27 23:11:36 +00:00
adrianp
22a9586aaf Expose libwrap through options.mk (no change to default builds) 2008-09-19 19:20:57 +00:00
joerg
681afdef37 Fix build on DragonFly. From PR 38835.
Add DESTDIR support.
2008-09-17 16:15:54 +00:00
joerg
59a7666aee Fix build with newer awk in netbsd-current. 2008-09-17 16:11:28 +00:00
reed
8748c6679e Add zlib option.
This is for PR 39433.
It is not enabled by default.
2008-09-17 00:46:58 +00:00
gdt
acbb0d5c86 Finish removal of security/Ai{CA,SSLtelnet} that should have been part
of last commit.
2008-09-16 20:02:16 +00:00
gdt
d5c91b174e Remove security/AiCA, security/AiSSLtelnet, security/smimemsg.
These packages have unfetchable distfiles and unreachable HOMEPAGEs.
Removal proposed on pkgsrc-users with no objections received.
2008-09-16 20:00:35 +00:00
seb
7fa7aa3ba0 Add & enable p5-Authen-CAS-Client 2008-09-16 17:04:36 +00:00
seb
d5000a89cf Initial import of p5-Authen-CAS-Client version 0.03 in the NetBSD
Packages Collection.

The Perl 5 module Authen::CAS::Client provides a simple interface
for authenticating users using JA-SIG's CAS protocol. Both CAS v1.0
and v2.0 are supported.
2008-09-16 17:03:03 +00:00
taca
847296952e Update openssh package to 5.1.1 (5.1p1)
Changes from OpenSSH 5.0 is huge to write here, please refer its
release note: http://www.openssh.com/txt/release-5.1.
I quote only Security section from the release note.

Security:

 * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly
   other platforms) when X11UseLocalhost=no

   When attempting to bind(2) to a port that has previously been bound
   with SO_REUSEADDR set, most operating systems check that either the
   effective user-id matches the previous bind (common on BSD-derived
   systems) or that the bind addresses do not overlap (Linux and
   Solaris).

   Some operating systems, such as HP/UX, do not perform these checks
   and are vulnerable to an X11 man-in-the-middle attack when the
   sshd_config(5) option X11UseLocalhost has been set to "no" - an
   attacker may establish a more-specific bind, which will be used in
   preference to sshd's wildcard listener.

   Modern BSD operating systems, Linux, OS X and Solaris implement the
   above checks and are not vulnerable to this attack, nor are systems
   where the X11UseLocalhost has been left at the default value of
   "yes".

   Portable OpenSSH 5.1 avoids this problem for all operating systems
   by not setting SO_REUSEADDR when X11UseLocalhost is set to no.

   This vulnerability was reported by sway2004009 AT hotmail.com.
2008-09-16 12:53:08 +00:00
he
59a0fe51ac Update from version 1.06 to 1.07.
Upstream changes:

1.07 - Fri Aug 15 16:53:36 2008
	* Fixed the odd character problems in some of the files
	* No need to upgrade if you already have this installed

1.06_03 - Sun Jun 22 11:32:46 2008
	* Trying the __sgi definition. If this doesn't make things
	blow up, this release will get bumped to 1.07.

1.06_02 - Thu Jun 19 11:55:21 2008
	* Removed wide chars from the header file. Some compilers
	like to complain about things that are wrong. :(

1.06_01 - Wed Jun 18 09:37:34 2008
	This is a test of a fix for Irix.

1.06_01 - Wed Jun  4 19:18:57 2008
	* This is a test of a fix for Irix.
2008-09-12 11:53:45 +00:00
gdt
beebde5f4e Clarify that the vague patent claims are made by the licensor. 2008-09-12 11:49:57 +00:00
gdt
9d4870602c +generic-nonlicense, NO_*_ON_* because one can't read the license due
to distfile/homepage lossage.

candidate for removal.
2008-09-12 11:45:41 +00:00
gdt
63da1fb304 Add LICENSE=generic-nonlicense, set NO_*_ON_* due to unfetchable
distfile.
2008-09-12 11:42:02 +00:00
adam
f3adb6cf86 Changes 0.2.28:
* Rewrite to use poll instead of select.
* Improve Windows installation instructions in the manual.
* tests: New self test of gsasl_mechanism_name function.
2008-09-08 08:58:49 +00:00
bjs
f8fc2597e3 Update to libassuan-1.0.5. As shipped, it builds with -fPIC on linux.
This is not acceptable for us.  Instead, we patch to use libtool.
The included test passes.

Changes since 1.0.3:

 * Minor fixes.
 * Build library for GNU/Linux as PIC [**but we use libtool**]
 * New hook feature to enhance the internal I/O functions.
2008-09-07 02:40:53 +00:00
wiz
6d32cfc00d Bump PKGREVISION for libevent users due to 1.4.3->1.4.5 shlib name change. 2008-09-06 21:39:52 +00:00
wiz
03b53774ba Recursive PKGREVISION/ABI-depends bump for db4 4.6->4.7 update (shlib
name change).
2008-09-06 20:54:31 +00:00
wiz
7dd4a9c15e Update to 1.15:
v1.15
	- change internal behavior when SSL handshake failed (like when verify
          callback returned an error) in the hope to fix spurios errors in
          t/auto_verify_hostname.t
2008-09-06 15:44:04 +00:00
adrianp
a645ba3258 Update to 5.4
- Make this compile on amd64
- Don't silently look for libraries when we don't need them.  This should fix
  PR 39318
- Add missing depends on apr

Release 5.4
###########
* Fixes to the http modules as some Apache installations are picky
* The MySQL module also works with mysqld-5.0, updated
* Added AS/400 return code checks to pop3 module
* Fixed memory leaks in the http-form module.
* Implemented a proposal by Jean-Baptiste.BEAUFRETON (at) turbomeca.fr to
  check for "530 user unknown" message in the ftp module
* Added a performance patch by alejandro.mendiondo (at) baicom.com. This one
  needs stability testing!
* Beautification to remove compiler warnings of modern gcc
2008-08-31 10:54:52 +00:00
shannonjr
0b0f66db00 Update to 0.9.15. Changes:
- preludedb-admin has a bew 'count' command, printing the result of a
COUNT() on the database.
- preludedb-admin work on smaller set of data, to prevent large
retrieval error (fix #220, refs #305).
- preludedb-admin handling of interrupted transaction was improved.
- Fix MySQL and SQLite MacOSX detection, by
Uwe Schwartz <usx303 at googlemail.com>. (fix #296).
2008-08-27 22:37:09 +00:00
shannonjr
c610379d81 Update to 0.9.14.2. Changes: Various build fixes (#306) 2008-08-26 22:25:46 +00:00
shannonjr
921d0aa5e8 Update to 0.9.13. Changes:
ModSecurity ruleset rewrite, by Peter Vrabec <pvrabec@redhat.com> and
Dan Kopecek <dkopecek@redhat.com>. This ruleset handle ModSecurity 2.0
output. (Fix #216).
- New rulesets for FreeBSD su attempts, by Alexander Afonyashin <firm@iname.com>
(Fix #304).
- Add additional format to the default configuration to deal with apache
error_log file format, by Alexander Afonyashin <firm@iname.com> (Fix #307).
- Normalize some classification: introduce Remote Login, and
Credentials Change. Cleanup SSH ruleset, and remove duplicated rules.
2008-08-26 22:23:29 +00:00
shannonjr
e3fa46a96b Update to 0.9.19. Changes:
- EasyBindings inclusion! EasyBindings provide simple C++, Python,
Perl, Ruby, and Lua bindings for using libprelude. They are still
considered experimental, thus you need to use (--enable-easy-bindings)
to activate them. Thanks to Sebastien Tricaud <toady@inl.fr> and
Pierre Chifflier <p.chifflier@inl.fr> for their contribution to this
project!
- Use automake/autoconf for building/installing Python extension.
- Fix 0.9.18 regression (alert created with empty CreateTime).
- Implement reference counting for the idmef-criteria and
prelude-connection API.
- Automatic casting when setting IDMEF Value to a field that is of
different type. Until now, if an user tried to set a path of a
specific type with an idmef_value_t object containing another type,
idmef_path_set() would return an error.
- Various bug fixes.
2008-08-26 22:21:55 +00:00
obache
1f65f1b313 Add and enable p5-Crypt-OpenSSL-AES. 2008-08-24 09:10:52 +00:00
obache
3bd6aba41e Import p5-Crypt-OpenSSL-AES-0.02 as security/p5-Crypt-OpenSSL-AES.
Based on PR 39222 by Jens Rehsack.

This module implements a wrapper around OpenSSL. Specifically, it wraps the
methods related to the US Government's Advanced Encryption Standard (the
Rijndael algorithm).
This module is compatible with Crypt::CBC (and likely other modules that
utilize a block cipher to make a stream cipher).
This module is an alternative to the implementation provided by Crypt::Rijndael
which implements AES itself. In contrast, this module is simply a wrapper
around the OpenSSL library.
The Crypt::Rijndael implementation seems to produce inaccurate results on
64-bit x86 machines. By using OpenSSL, this module aims to avoid architecture
specific problems, allowing the OpenSSL maintainers to overcome such issues.
2008-08-24 09:09:38 +00:00
obache
2d7bf63357 Remove unresolvable hosts from MASTER_SITES.
Noticed by Zafer Aydogan via private mail.
2008-08-23 07:46:59 +00:00
epg
647ff31665 Set MAKE_JOBS_SAFE=no 2008-08-23 00:48:12 +00:00
tonnerre
e188148e85 Push new Python OpenSSL module. Changes since version 0.6:
- Removed some unused variables.
 - Improved Python 2.3 compatibility.
 - Fixed various threading bugs.
 - Some improvements in the test suite.
2008-08-21 10:29:31 +00:00
he
0eb28a977e Add p5-Net-DNS-SEC-Maint-Key. 2008-08-20 09:56:28 +00:00
he
09114ae9fb Import p5-Net-DNS-SEC-Maint-Key version 0.013.
This is the RIPE NCC DNSSEC Key Management tools, described at

  https://www.ripe.net/projects/disi/dnssec_maint_tool/

This class implements an interface to a database of private keys used
during DNSSEC administration.


This package includes some diffs to the self-tests, so that they pass.
2008-08-20 09:55:38 +00:00
markd
48dceb7aee Update p5-GSSAPI to 0.26
0.22    Mo Mai 29 21:15:17 CEST 2006
        - Bugfixs

0.23    Mi Aug  2 15:48:19 UTC 2006
        - Re-added support of MIT Kerberos 1.2.x

0.24    Wed, 21 Feb 2007 20:59:39 +0100
        - Changed tests as an answer to FAIL 413320

0.25    So 3. Feb 20:18:16 UTC 2008
        - Enhancement to use OpenSolaris/Solaris 10 native gss library

0.26    Fr 15. Feb 22:32:10 UTC 2008
        - modified Makefile.PL to trigger no FAIL testreports
          in case of missing prerequirements.
2008-08-17 21:09:12 +00:00
he
3993718d61 Update from version 2.10 to 2.11.
Pkgsrc changes:
 o Change MAINTAINER to pkgsrc-users@ as per communication with maintainer

Upstream changes:

Authen-SASL 2.11 -- Mon Apr 21 10:23:19 CDT 2008

Enhancements
  * implement securesocket() in the ::Perl set of plugins

Bug Fixes
  * fix parsing challenges from GnuSASL
  * update tests for DIGEST-MD5
  * New test from Phil Pennock for testing final server response
2008-08-17 17:40:36 +00:00
dholland
c6ff9df47b This installs a bash script. Handle it properly.
PKGREVISION++
2008-08-17 05:32:12 +00:00
dholland
891852c7a5 Fix DESTDIR. 2008-08-17 03:21:45 +00:00
manu
2181a05305 Update to ipsec-tools 0.7.1, fixes CVE-2008-3652
Changes since the 0.6 branch:
0.7.1 - 23 July 2008
        o Fixes a memory leak when invalid proposal received
        o Some fixes in DPD
        o do not set default gss id if xauth is used
        o fixed hybrid enabled builds
        o fixed compilation on FreeBSD8
        o cleanup in network port value manipulation
        o gets ports from SADB_X_EXT_NAT_T_[SD]PORT if present in purge_ipsec_sp
i()
        o Generates a log if cert validation has been disabled by configuration
        o better handling for pfkey socket read errors
        o Fixes in yacc / bison stuff
        o new plog() macro (reduced CPU usage when logging is disabled)
        o Try to works better with huge SPD/SAD
        o Corrected modecfg option syntax
        o Many other various fixes...

0.7     - 09 August 2007
        o Xauth with pre-shared key PSK
        o Xauth with certificates
        o SHA2 support
        o pkcs7 support
        o system accounting (utmp)
        o Darwin support
        o configuration can be reloaded
        o Support for UNIQUE generated policies
        o Support for semi anonymous sainfos
        o Support for ph1id to remoteid matching
        o Plain RSA authentication
        o Native LDAP support for Xauth and modecfg
        o Group membership checks for Xauth and sainfo selection
        o Camellia cipher support
        o IKE Fragment force option
        o Modecfg SplitNet attribute support
        o Modecfg SplitDNS attribute support ( server side )
        o Modecfg Default Domain attribute support
        o Modecfg DNS/WINS server multiple attribute support
2008-08-16 06:55:18 +00:00
wiz
2c824d3104 Remove idea option -- I can't find a patch for the current PKGVERSION.
Addresses PR 39316.
2008-08-14 19:24:07 +00:00
adam
b2d1395ec5 Changes 0.2.27:
* Fix SASL operations through TLS.
* Update gnulib files, and include gnulib self-tests.
* Update translations.
2008-08-14 10:01:03 +00:00
obache
ce6fa3e65e Add DESTDIR support. 2008-08-12 10:16:54 +00:00
shannonjr
9d2f0bf21f PLIST correction. 2008-08-10 12:38:39 +00:00
shannonjr
571dc25154 PLIST correction. 2008-08-08 21:27:58 +00:00
shannonjr
982ffc8ac0 Re: pkg/39314 (security/ccid update to 1.3.8)
Update to 1.3.8
2008-08-08 21:27:24 +00:00
shannonjr
c3ad12ccf2 Re: pkg/39315
Update to 1.4.102. Patches ag and ah are deleted because they are no
longer required (change included in unmodified system).
2008-08-08 21:25:48 +00:00
obache
3d9d4444c5 Change MASITER_SITES to one still have old distfile.
from Zafer Aydogan via private mail.
2008-08-04 08:37:06 +00:00
he
925bae7970 Update from version 1.13 to 1.14. Changes:
v1.14
	- added support for verification of hostname from certificate
          including subjectAltNames, support for IDN etc based on patch and
          input from christopher[AT]odenbachs[DOT]de and
          achim[AT]grolmsnet[DOT]de.
          It is also possible to get more information from peer_certificate
          based on this patch. See documentation for peer_certificate and
          verify_hostname
	- automatic verification of hostnames with SSL_verifycn_scheme and
          SSL_verifycn_name
        - global setting of default context options like SSL_verifycn_scheme,
          SSL_verify_mode with set_ctx_defaults
        - fix import of inet4,inet6 which got broken within 1.13_X.
          Thanks to <at[AT]altlinux[DOT]ru> for bugreport and patch
	- clarified and enhanced debugging supppport based on bugreport
          http://rt.cpan.org/Ticket/Display.html?id=32960
	- put information into README regarding the supported and recommanded
	  version of Net::SSLeay
2008-08-03 20:47:11 +00:00
he
248476e90b Update from version 1.32nb1 to 1.35. Changes:
1.35 25.07.208
	- Fix test plan for autoload.t if Test::Exception isn't available.
	- Skip rsa_generate_key.t if Test::Exception isn't available.

1.34 24.07.2008
	- Fixed problem with X509_get_subjectAltNames, where some types of Alt
	  Name (eg DIRNAMEs) were not properly handled, resulting in seg faults.
	  Reported by Achim Grolms.
	- Added support for ENGINE_load_builtin_engines and
	  ENGINE_register_all_complete in order to enable built-in OpenSSL
	  crypto engines for hardware acceleration etc.
	- Added support for ENGINE_by_id and ENGINE_set_default, required
	  to enable Sun crypto acceleration

1.33_01 14.02.2008
	- Fixed a compile problem with inc_paths /usr/kerberos/include
	  in inc/Module/Install/PRIVATE/Net/SSLeay.pm. Reported by "J. Nick
	  Koston via RT"
	- Added optional support for SSL_set_hello_extension,
          SSL_set_session_secret_cb to support various extension patches from
          a patch to openssl-0.9.9-dev contributed by Jouni Malinen.
          See wpa_supplicant/patches/openssl-0.9.9-session-ticket.patch in the
          latest (git) version 0.6 and later of wpa_suplicant at
          http://hostap.epitest.fi/. These additions are ifdefed to
          SSL_F_SSL_SET_HELLO_EXTENSION which is added by the patch
          Tested with openssl-SNAP-20070816.
        - Added SSL_SESSION_set_master_key and SSL_get_keyblock_size.
        - Added all SSL_OP_* options flags present in 0.9.9
        - Fixed a bug in SSL_set_tmp_dh
        - Doc improvements in README.Win32
	- Fixed a problem with proxy connections: open_proxy_tcp_connection
	  was stopping after the first \n from teh proxy,
	  but instead should have looked for
	  $CRLF . $CRLF to find the beginning of the SSL content
	- Fixed missing / on /usr/kerberos/include, reported by several people
	- removed bacus.pt from host list in t/handle/external/10_destroy.t,
	  since it seems no longer to respond. Reported by tco2.
	- changed t/handle/external/10_destroy.t so this list of URIs to be
	  tested can be configured with environment variable SSLEAY_URIS, a
	  colon separated list of host names. Suggested by tco2.
	- changed t/handle/external/50_external.t and t/external/08_external.t
	  so this list of sites to be
	  tested can be configured with environment variable SSLEAY_SITES, a
	  colon separated list of host names. Suggested by tco2.
	- Fixed doucumentation in README of how to use OPENSSL_PREFIX
	  environment variable to control the location of openssl. Reported by
	  "Quanah Gibson-Mount via RT".
	- Don't use Module::Installs auto_install.
	- Bind NID_ and GEN_ constants.
	- Default to not running external tests.
2008-08-03 20:35:30 +00:00
agc
6503f7082f Add and enable sshfp 2008-07-31 10:23:06 +00:00
agc
a1e0ba2e59 Initial import of sshfp-1.1.3 into the Packages Collection.
sshfp is a small utility that generates RFC4255 SSHFP DNS records
	based on the public keys stored in a known_hosts file or obtained by
	using ssh-keyscan.  If the nameserver of the domain allows zone
	tranfers (AXFR), an entire domain can be processed for all its A
	records.  These can then be easilly added to a zone, and then secured
	by DNSSEC.
2008-07-31 10:21:21 +00:00
kefren
ad4ad68b38 update to gnutls-2.4.1
Changes:

** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2]
** libgnutls: Fix memory leaks when doing a re-handshake.
** Fix compiler warnings.
** Fix ordering of -I's to avoid opencdk.h conflict with system headers.
** srptool: Fix a problem where --verify check does not succeed.
2008-07-30 17:17:21 +00:00
he
bc6858a8f0 Update from version 0.34nb4 to 0.36.
Pkgsrc changes:
 o Change to use CPAN as distribution source
 o Change HOMEPAGE to use search.cpan.org; leave old
   HOMEPAGE pointing to sourceforge commented-out

Upstream changes:
0.36 Mon Aug 13 12:16:38 EDT 2007

    * [rt.cpan.org #28814] - Performance improvement
      from mehradek (Radoslaw Zielinski)
        -use English;
        +use English qw( -no_match_vars );


0.35 Fri Apr 20 12:33:53 EDT 2007 - Jesse Vincent <jesse@bestpractical.com>

    * New Maintainer: Jesse Vincent <jesse@bestpractical.com> took over
      maintenance of this module.
    * Removed test key expiry dates. (Fixes
      http://rt.cpan.org/Ticket/Display.html?id=17618)
    * Applied secret key output patch for modern GPG from
      http://rt.cpan.org/Ticket/Display.html?id=17619
    * Applied patch to support 'tru' record types from
      (http://search.cpan.org/src/JRED/Mail-GPG-1.0.6/patches/)
2008-07-30 13:26:52 +00:00
joerg
bbb376ec3a Needs pkg-config. 2008-07-29 19:53:45 +00:00
he
08533f8f5c Update from version 0.06 to 0.07. Changes:
0.07  Thu Jul 23 10:31:33 2008
    - rt 34703
    - argument logic before filehandle fetch so that they'll apply
    - read small chunk of file handles instead if readline() to
      avoid various issues
2008-07-28 09:26:48 +00:00
joerg
645008a58a NetBSD at least gets glob.h installed, so check for it. 2008-07-27 18:47:07 +00:00
he
0901f20e3c Add HOMEPAGE pointing into search.cpan.org.
No other change, so no version bump.
2008-07-27 16:06:09 +00:00
he
35135ea5fe Update from version 0.02 to 0.04.
Pkgsrc changes:
 o Added full list of dependencies, from Makefile.PL.

Upstream changes:
0.04  Sun Jun 15 16:22:32 JST 2008
	* fixed a bug caused memory greediness with too long strings :<
	* improved internal code for PAUSE.

0.03  Sat Jun 14 19:17:30 JST 2008
	* added support for Math::Random::MT::Perl.
	* switched to Module::Build.
	* cleaned up test scripts.
	* added 'binary' option to rndpassword.
2008-07-26 20:28:23 +00:00