SASL is a generic mechanism for authentication used by several
network protocols. Authen::SASL provides an implementation
framework that all protocols should be able to share.
The XS framework makes calls into the existing libsasl.so
shared library to perform SASL client connection functionality,
including loading existing shared library mechanisms.
Authen::SASL::Cyrus implements XS SASL Authentication.
Packages provided by Quentin Garnier via pkgsrc-wip.
SASL is a generic mechanism for authentication used by several
network protocols. Authen::SASL provides an implementation
framework that all protocols should be able to share.
The included plugin Authen::SASL::Perl implements several of
these protocols (DIGEST-MD5, CRAM-MD5, ANONYMOUS, EXTERNAL,
LOGIN and PLAIN).
Package provided by Quentin Garnier via pkgsrc-wip.
Changes from previous version:
+ rely on an embedded sha1 digest to tell whether the vulnerabilities
file has been damaged in transit or received successfully, rather than
trusting that the file will not grow smaller
+ use the new filename "pkg-vulnerabilities"
+ use definitions from defs.${OPSYS}.mk in the download-vulnerability-list
script
+ at installation time, don't rely on "ln -sf" to DTRT - explicitly call
"rm -f" before attempting the symbolc link
With thanks to seb@ for testing.
Based on pr pkg/22356 by Adrian Portelli.
Changes since 2.0.6a:
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Fixed bad performances issues when pinging dead hosts
- Fixed a bug which would prevent to store items larger than 2kb in the KB
- NFS and SMB file-related functions completed (open, read and cwd are
implemented)
- Plugins support for Windows 2003
- Network IPs can now be evenly sliced instead of being scanned
sequentially
- User-definable source-IP(s) for the checks (nessusd -S)
- Fixed a possible message corruption problem if a plugin was to send a too
long message back to nessusd
- Fixed a possible plugin corruption problem when the client overwrites
existing plugins
- Fixed various false positives and wording issues in several plugins
Some highlights of changes since 4.2.3:
* PCRE updated to 4.3, GD to 2.0.15
* improved Apache2 support
* much improved stream & URL wrapper support, output compression support
* added CLI (Command Line Interface) SAPI
* debug_backtrace() backported from ZendEngine2
* faster build system
* huge number of other bug fixes and improvements
Packaging changes:
* 'pcre', 'xml', and 'session' modules folded back into main package -
'pcre' and 'xml' is required by PEAR, and 'session' is just too essential
to be separate
* 'gd' module now uses bundled PHP GD library, which is better integrated
* PHP modules use shared distinfo when possible to ease future PHP updates
* ${PREFIX}/bin/php is now CLI version, ${PREFIX}/libexec/cgi-big/php
remains CGI version
USE_PKGINSTALL is "YES". bsd.pkg.install.mk will no longer automatically
pick up a INSTALL/DEINSTALL script in the package directory and assume that
you want it for the corresponding *_EXTRA_TMPL variable.
for a possessive (like her, his, whose, their, and its).
Note that I didn't check for proper use of "its" (when it should
be "it is" or "it has" instead).
I also saw over 15 other grammar or punctuation problems, but not
fixed in this commit.
* New "--gnupg" option (set by default) that disables --openpgp,
and the various --pgpX emulation options. This replaces
--no-openpgp, and --no-pgpX, and also means that GnuPG has
finally grown a --gnupg option to make GnuPG act like GnuPG.
* A number of portability changes to make building GnuPG on
less-common platforms easier.
* Romanian translation.
* Two new %-expandos for use in notation and policy URLs. "%g"
expands to the fingerprint of the key making the signature
(which might be a subkey), and "%p" expands to the fingerprint
of the primary key that owns the key making the signature.
* New "tru" record in --with-colons --list-keys listings. It
shows the status of the trust database that was used to
calculate the key validity in the listings. See doc/DETAILS for
the specifics of this.
* New REVKEYSIG status tag for --status-fd. It indicates a valid
signature that was issued by a revoked key. See doc/DETAILS for
the specifics of this.
an operating system does not have a 'make' (ie only bmake), or if the OS
supplied 'make' is sufficiently broken (Irix), this will cause the build to
fail (interestingly enough apparently only if build as a dependency, not
if build from this directory).
Patch Makefiles to use @MAKE@, which then, after patching, is substituted with
the actual ${MAKE} (can't use "MAKE= ${MAKE} -f Makefile.ssl").
While here, tweak Irix configure a bit.
No documentation is given for changes.
- improved portability; proper checking for libwrap.
- add hosts_allow, hosts_deny and hosts_ctl methods.
It should fix macppc bulk build problem. This packge was broken since
ruby-tcpwrap-0.3's distfile's contet was changed.
Instead of using the number of bytes to determine whether or not the
file has shrunk, use the number of lines. This will allow for
spelling corrections, login name of committers being shorter than
others, etc. This is a temporary measure until a better distribution
mechanism is used. Suggested by David Brownlee.
The search for a small Secure Shell server to fit on a laptop with 4
megs ram and no hard disk was fruitless, so Matt Johnston decided to
write his own, and Dropbear is the result. It implements various
features of the SSH 2 protocol, including X11 and Authentication Agent
forwarding. Dropbear is Open Source software, distributed under a
MIT-style license.
Features
* A small memory footprint - Dropbear can compile to a 110kB
statically linked binary with uClibc (and only minimal options
selected).
* Implements X11 forwarding, and authentication-agent forwarding
for OpenSSH clients
* Compatible with OpenSSH ~/.ssh/authorized_keys public key
authentication
* Features can easily be disabled when compiling to save space.
* Preliminary TCP forwarding support (-L style only)
changes:
Fix build on NetBSD-current with OpenSSL 0.9.7.
New in 2.1.15
-------------
* Fix a number of build issues
* Add a doc/components.html that hopefully describes how things
interact better.
New in 2.1.14
-------------
* OS X 10.2 support
* Support for the Sun SEAM GSSAPI implementation
* Support for MySQL 4
* A number of build fixes
* Other minor bugfixes
OK'ed by chris@
Previous versions have a security issue. Please update!
Thanks to gendalia@ for testing.
Changes since version 3.2.2:
2003-05-09 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.5.
* Fixed a critical security bug with RSA signature
verification. Mitigating factors: DSA is used by default (not
vulnerable). Also, the attack requires that attacker has the
public key and the attacker needs to precompute the signature
data so, that it looks like a valid PKCS#1 signature. This is a
non-trivial task to perform without the private
key. Nonetheless, all users should update their servers and
clients as soon as convenient. Workarounds are to not use RSA
keys as host keys (though connecting to existing hosts with RSA
hostkeys poses a serious risk with a vulnerable client), and
disabling publickey authentication. Update your clients and
servers.
2003-04-22 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.4.
* sshd2: Binary (generated by us) is tagged as a "supported
binary" for SecurID. (no actual code changes)
* Previous: ssh-3.2.3.1.
2003-02-06 Sami J. Lehtinen <sjl@ssh.com>
* sftp2 (etc): Fixed a bug with readline jamming when pressing
backspace (etc) on AIX and some other platforms.
2003-01-12 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.3.
2003-01-03 Sami J. Lehtinen <sjl@ssh.com>
* scp2: Removed broken special handling for SIGHUP, so that
"nohup" can again work.
* ssh2: Check whether we should ignore SIGQUIT, SIGINT, and do so,
if necessary. Thanks for J. Schilling for pointing this one out.
* ssh-add2: Make sure fgets() from pipe to ssh-askpass2 recovers
from if interrupted by signal, i.e. SIGCHLD.
* ssh2 (lib/sshsession/sshtty.c): As entry above, but for tcsetattr().
* During "make install", use default size of key instead of hardcoded
1024 when generating hostkey.
2002-12-18 Sami J. Lehtinen <sjl@ssh.com>
* scp2,sftp2: Print progress output to stdout, to make it
distinguishable from errors in cron jobs etc.
2002-12-17 Sami J. Lehtinen <sjl@ssh.com>
* apps/ssh/sshchsession.c: Fixed a bug which caused sshd2 child
server to jam occasionally after logging an event, if nsswitch had
been configured to use LDAP.
2002-12-13 Sami J. Lehtinen <sjl@ssh.com>
* sshd2: Previous (by Tomi Mickelsson): Fixed a bug where
specifying a local forwarding endpoint as an IP-address which was
unresolvable would result in a crash.
2002-12-12 Sami J. Lehtinen <sjl@ssh.com>
* scp2: Fixed a bug/missing feature from scp2. It now reports
information also when run when there is no tty. Also implemented
--statistics=[no,yes,simple], where "yes" is old-style, "no" is
analogous to "-Q" command-line option, and "simple" is the way
the statistics are printed when there is no tty (no intermittent
reporting, file size, transfer time and full file name are printed
after the transfer for the specific file is finished).
2002-12-11 Sami J. Lehtinen <sjl@ssh.com>
* ssh-keygen2: respect "-P" and "-p" options when converting
ssh1-keys.
2002-12-10 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshcore/sshdebug.c: Fixed a compilation problem
manifested on older AIX and debugging enabled (as is default).
* scp2: You can now specify the newline convention when using the
"-a" option. See manual page scp2(1).
2002-11-08 Sami J. Lehtinen <sjl@ssh.com>
* Removed ssh-pubkeymgr and ssh-chrootmgr from the distribution
(they didn't work too well).
* apps/ssh/lib/sshproto/trcommon.c: Fixed a crash if hostkey
algorithms or kex-methods couldn't be negotiated.
2002-11-05 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshapputil/sshuserfile.c: Changed to use
lib/sshsession/sigchld.c, instead of using wait() directly. This
fixes the bug where the number of connections would slowly rise to
the maximum when using MaxConnections and tcp-wrappers (it was a
race-condition).
* lib/sshsession/sigchld.c: Sigchld now keeps a list of recently
exited children. This fixes a race condition, where the child
process could exit before the mother process had registered a
handler for it.
* lib/sshsession: Fixed NetBSD 1.6 compilation. Also, NetBSD 1.6
supports openpty style ptys, so fixed check to actually detect
them on NetBSD. Don't use utmpx on NetBSD, as it doesn't seem to
work (at least not in the way we use it).
* lib/sshsession/sshunixuser.c: Make sure we have room for the
NULL pointer in the groups array.
* ssh2 (ssh1-emulation): Fixed a bug, which in some cases caused
an assertion failure later.
2002-10-29 Sami J. Lehtinen <sjl@ssh.com>
* configure: Added /usr/X11R6/bin and /usr/X11/bin to search PATH
for xauth to ease installation on pristine systems.
2002-10-22 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshnet/sshtcp.c: (by Tomi Ollila) Fixed a bug with
SOCKS handling.
2002-10-01 Sami J. Lehtinen <sjl@ssh.com>
* lib/sshutil/sshpacketstream/sshpacketwrapper.c: (by Tomi Kause)
Fixed a latent (in ssh2) bug, when writing to the stream from the
received_cb.
* lib/sshutil/sshnet/sshsocks.c: (by Tomi Ollila) Decode
ipv6-mapped-ipv4-addresses when doing SOCKS4, as SOCKS4 only
supports plain ipv4-addresses.
* scp2: Implemented --overwrite, which controls whether to
overwrite the destination file(s). Default is "yes",
i.e. to overwrite.
* scp2: Implemented interactive mode, i.e. you can make scp2
prompt you whether to overwrite an existing destination
file. Works by giving --interactive (-I) on the command-line.
2002-08-15 Sami J. Lehtinen <sjl@ssh.com>
* sshd2: Fixed a bug with originator-pat with ForwardACLs.
2002-08-02 Sami J. Lehtinen <sjl@ssh.com>
* scp2, sftp2: Fixed a bug, which caused file transfer to stall,
if trying to transfer a zero sized file with ascii transfer
(newline mangling).
2002-07-21 Sami J. Lehtinen <sjl@ssh.com>
* sftp2: Added option "S" and "r" to "ls" (for sorting by size and
reversing the sort order, respectively).
* sftp2: "ls" works much better now. Tab completion understand
directories (appends a '/', for easier directory traversal).
* sftp2, scp2: Extensive rewrite of SshFileCopy, and as a
consequence, of both scp2 and sftp2 core functionality.
2002-06-13 Sami J. Lehtinen <sjl@ssh.com>
* ssh2: Fixed a bug with one-shot forwarding.
3.0.0:
- Cleaned up installed header files.
- Modified the API so that all keys can be passed as arrays of bytes.
- Modified the API so that all key sizes are given in bits.
- Modified the multi-precision integer library to work better on 64-bit
machines.
- Modified the assembly source generation mechanism, employing the m4
macro processor.
- Added multi-precision integer vectorized assembler routines for
Itanium.
- Added multi-precision integer assembler routines for PowerPC 64-bit.
- Added multi-precision integer assembler routines for Alpha.
- Added multi-precision integer assembler routines for Opteron.
- Added multi-precision integer assembler routines for IBM zSeries 64-bit.
- Added multi-precision integer assembler routines for M68K.
- Added Jeff Johnson's python bindings.
- Added new unit tests.
- Added new benchmarking programs.
2.3.0pre:
- Modified the header files so that the library now uses self-contained
autoconf-generated configuration files; a program employing BeeCrypt can
now use the symbols already tested and defined instead of having to
regenerate them (thus also eliminating the risk of inconsistencies).
- Added the AES algorithm, with assembler routines for i586 and powerpc.
- Added the DSA signature algorithm.
- Added PowerPC assembler routines for blowfish.
- Added Pentium4 SSE2 assembler multiplication routines.
- Fixed the RSA CRT algorithm.
- Fixed the gas/i386 mp32even and mp32odd routines.
- Fixed a bug in modular inverse computation; thanks to Jeff Johnson of
RedHat for pointing this out.
- Fixed a bug in testing the result of a gcd operation in the mp32prndconone
routine.
- Fixed an ugly bug in base64 decoding.
- Fixed compatibility with the latest automake & autoconf versions.
- Replaces CPU optimization mechanism in configure script.
BeeCrypt is an open source cryptography library that contains highly
optimized C and assembler implementations of many well-known algorithms
including Blowfish, MD5, SHA-1, Diffie-Hellman, and ElGamal.
Unlike some other crypto libraries, BeeCrypt is not designed to solve
one specific problem, like file encryption, but to be a general purpose
toolkit which can be used in a variety of applications.
There are also no patent or royalty issues associated with BeeCrypt, and
it is released under the GNU LGPL license, which means it can used for
free in both open source and closed source commercial projects.
