under IRIX. Other OS regen the catman page.
This addresses PR pkg/23452.
Since just depending on textproc/groff would pull in a large number of
packages (such as perl, ghostscript, tiff etc.), and since this is a very
important package that should NOT depend on all this gunk, Jeremy C. Reed
suggested this solution.
Ok agc.
This is to make sure that libexec/gnupg/gpgkeys_mailto is
installed. (Okay'd by wiz.)
This assumes that /usr/sbin/sendmail is sendmail.
PKGREVISION is not bumped because package couldn't be made
in first place if libexec/gnupg/gpgkeys_mailto was missing.
private mail, ok'd by lukem. Changes:
> Use the URL node and {head,tail}URL edge-attribute and link
> to "Web of trust statistics and pathfinder"-Site.
>
> This site provides a statistical analysis of the key (linked behind
> each node) and a path between to keys (linked behind tail and
> head of a edge).
>
> Those URL statements take only affect if one generates IMAP or CMAP
> output and uses this on a HTML-Site as imagemap.
gnome-keyring is a program that keeps passwords and other secrets for
users. It is run as a damon in the session, similar to ssh-agent, and
other applications can locate it by an environment variable.
The program can manage several keyrings, each with its own master
password, and there is also a session keyring which is never stored to
disk, but forgotten when the session ends.
The library libgnome-keyring is used by applications to integrate with
the gnome keyring system. However, at this point the library hasn't
been tested and used enough to consider the API to be publically exposed.
Therefore use of libgnome-keyring is at the moment limited to internal
use in the gnome desktop. However, we hope that the gnome-keyring API
will turn out useful and good, so that later it can be made public for
any application to use.
* Support for AES in GSSAPI has been implemented. This corresponds to the
in-progress work in the IETF (CFX).
* To avoid compatibility problems, unrecognized TGS options will now be
ignored.
* 128-bit AES has been added to the default enctypes.
* AES cryptosystem now chains IVs. This WILL break backwards compatibility
for the kcmd applications, if they are using AES session keys.
* Assorted minor bug fixes and plugged memory leaks.
on the wip/mit-krb5 package by Jeremy Reed, but heavily modified by me to
libtoolize the build.
Kerberos V5 is an authentication system developed at MIT. It is a network
authentication protocol designed to provide strong authentication for
client/server applications by using secret-key cryptography. (Kerberos
5 is discussed in RFC 1510.)
This package provides Kerberos and GSSAPI (Generic Security Services
Application Programming Interface) development headers and libraries.
It also includes Kerberos ticket and principal tools, and Kerberized
r-services, telnet and ftp services.
bug gnupg/293, so grant has blessed it for inclusion in pkgsrc.
No more GNU sed build dependency, but the binaries do not change; thus
PKGREVISION untouched.
hashcash-0.30 - 04-Mar-2004 - Adam Back <adam@cypherspace.org>
* make -cX check multiple X-Hashcash lines until it finds the
right one. Bug reported by Kyle Hasselbacher <kyle@toehold.com>.
hashcash-0.29 - 04-Mar-2004 - Adam Back <adam@cypherspace.org>
* fix prototype mismatch of function hashcash_check in
hashcash.h vs libhc.c which caused compile failure on
openBSD and freeBSD
* change to make it compile on MAC OSX (need to recognize OSX
and treat as unix like for headers to include)
* change to make it compile on solaris 9 (and POSIX / SVR
systems in general). Turns out putenv(3) is more portable
than setenv(3) / unsetenv(3)
* update sha1 man page to name it sha1-hashcash to avoid collision
with openssl sha1(1). By default with openssl there is not
actually any program named sha1, rather sha1 is a subprogram of
openssl invoked "openssl sha1". However I think it may still be
possible to compile that as a separate program or symlink sha1 to
openssl to get that.
* update sha1 man pages to refer to the other common sha1
implementations.
* update LICENSE request
use is to help hashcash users avoid losing email due to content based
and blacklist based anti-spam systems.
The hashcash tool allows you to create hashcash tokens to attach to
emails you send, and to verify hashcash tokens attached to emails you
receive. Email senders attach hashcash tokens with the X-Hashcash:
header. Vendors and authors of anti-spam tools are encouraged to exempt
mail sent with hashcash from their blacklists and content based
filtering rules.
usage of perl's int() causes trouble with perl 5.8.3 (5.8*?) on at least
NetBSD sparc64/1.6.2.
The perl script openssl-0.9.6m/crypto/bn/bn_prime.pl uses the perl
function int() to truncate the return of sqrt() function.
On the above mentioned platform this leads to execution error:
...
/usr/pkg/bin/perl bn_prime.pl >bn_prime.h
Illegal modulus zero at bn_prime.pl line 16.
Tracing the problem I've found that this int() usage may be the key
of the problem. Please note the following:
$ uname -srm; perl -v | grep 'This is perl'; perl -e 'print int(sqrt(3)),"\n"'
NetBSD 1.6.2 sparc64
This is perl, v5.8.3 built for sparc64-netbsd
2
And...
$ uname -srm; perl -v | grep 'This is perl'; perl -e 'print int(sqrt(3)),"\n"'
NetBSD 1.6.2 sparc64
This is perl, v5.6.1 built for sparc64-netbsd
1
Also note that perlfunc(3) warns about int() used for rounding and
recommends to use sprintf, printf, POSIX::floor or POSIX::ceil when
applicable.
My workaround is to use POSIX::floor() instead of int().
include:
* Better error-handling.
* Support for Courier-IMAP authdaemond for plaintext password verification.
* Fixed resource leaks and buffer overruns.
pkgsrc changes include:
* SASL_DBTYPE is either "ndbm" or "berkeley" and sets the db format of the
sasldb authentication database, defaulting to ndbm.
* SASLSOCKETDIR is the location of the saslauthd socket directory.
* AUTHDAEMONVAR is the localt of the authdaemond socket directory.
* SASL_ENTROPY_SOURCE is a file of random bytes used as a PRNG.
This closes PR 24649 and PR 24694.
ONLY_FOR_PLATFORMS setting and simply allow the build to fail on systems
on which it currently doesn't build. Replace the cascading if statement
that set the Makefile target with something more compact. Lastly, teach
tcp_wrappers to partially honor PKG_SYSCONFDIR -- it will default to the
historic locations /etc/host.{allow,deny} for the config files, but if
PKG_SYSCONFDIR.tcp_wrappers is set in /etc/mk.conf, then it will use that
instead.
not defined yet until bsd.pkg.mk. Explicitly use "openssl" instead. This
correctly forces NetBSD installations of openssl to use /etc/openssl as
the configuration file directory as originally intended.
Changes between 0.9.6l and 0.9.6m [17 Mar 2004]
*) Fix null-pointer assignment in do_change_cipher_spec() revealed
by using the Codenomicon TLS Test Tool (CAN-2004-0079)
[Joe Orton, Steve Henson]
- use <stdarg.h> instead of <varargs.h>
- don't declare errno assuming nicluding <errno.h> is sufficient.
- check strerror(3) and don't use own alternative one.
available any more.
(c) FRISK Software International
http://www.f-prot.com/
F-PROT Antivirus for BSD, version 4.4.1
Version 4.4.1 contains various bugfixes and improvements to the documentation
and software.
o Further enhancements of scanning password encrypted zip files.
o Added detection of encrypted archives (since various new viruses
spread through encrypted archives).
o Minor bug-fixes in the F-Prot daemon.
o Minor bug-fixes in scan-mail.pl (smtp proxying).
o Critical bug-fixes in f-prot-milter.
by moving the inclusion of buildlink3.mk files outside of the protected
region. This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.
BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list. This ordering property is used to check for builtin
packages in the correct order. The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end. However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
While here, update to 4.4.0 since previous distfile disappeared.
Changes:
o Added detection of encrypted archives (since various new viruses
spread through encrypted archives).
o Minor bug-fixes in the F-Prot daemon.
o Minor bug-fixes in scan-mail.pl (smtp proxying).
o Critical bug-fixes in f-prot-milter.
o Minor modifications to the check-updates.pl script (disable proxy caching
by default).
changes:
- Added support for removing files recursivly
- Incudes checking for file type and size.
- Displays the file being destroyed and its size.
- Added command line flags:
- Added Security Level Flag (Destroy Severity)
- Added Output suppression flag for non-verbose output.
- Added Help flag.
- Added a Manual page for the program in section 1.
While here bl3ify.
Changes since previously packaged version (3.2.5):
2003-12-03 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.9.1.
* non-commercial: removed cert hash compat stuff, which broke
compilation.
2003-09-26 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.9.
* ssh2,sshd2: (by Patrick Irwin): Critical security fix: fixed
several bugs in ASN.1 decoding functionality, which were caused
by invalid assumptions on the format of input BER data.
Certificates malformed in certain ways could cause a crash or
buffer overflow. No known exploits at this time, but you are
strongly advised to upgrade.
Admins unwilling or unable to upgrade need to disable
certificates, but this may not be enough for "hostbased"
authentication. "publickey" auth should be safe even with the
old version with certificates disabled. Clients are probably
vulnerable against malicious servers in the initial key exchange
regardless of configuration.
Users of noncommercial version are not affected by this
vulnerability.
2003-09-25 Sami J. Lehtinen <sjl@ssh.com>
* sshd2, ssh2: Implemented DisableVersionFallback, with which you
can disable fallback compatibility code for older, or otherwise
incompatible versions of software. Don't disable unless you know
what you're doing. See sshd2_config(5) for details. For really
paranoid people (using this option will probably hurt usability
somewhat, especially in environments where multiple versions of
SSH are used from different vendors).
* sshd2, ssh2: Implemented Cert.RSA.Compat.HashScheme. Older SSH
Secure Shell clients and servers used hashes in an incoherent
manner (sometimes MD5, sometimes SHA-1). With this option, you
can set what hash is used. See sshd2_config(5) for details.
* Previous: ssh-3.2.8.
2003-08-07 Tomi Salo <ttsalo@ssh.com>
* Added a new general configuration option, MaxCRLSize. This sets
the maximum size for CRLs and CA certs used in validating
received certificates. (The size is the total size of all CRLs
and certs, not the maximum individual size.)
2003-06-11 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.7.
* ssh-signer2: Fixed a bug, which caused the application to
intermittently call fatal because the read() operation was
interrupted by a signal (SIGCHLD).
2003-06-04 Sami J. Lehtinen <sjl@ssh.com>
* ssh-3.2.6.
* SecurID certified binaries, no code changes.
built-in or not into a separate builtin.mk file. The code to deal
checking for built-in software is much simpler to deal with in pkgsrc.
The buildlink3.mk file for a package will be of the usual format
regardless of the package, which makes it simpler for packagers to
update a package.
The builtin.mk file for a package must define a single yes/no variable
USE_BUILTIN.<pkg> that is used by bsd.buildlink3.mk to decide whether
to use the built-in software or to use the pkgsrc software.
According to README, "RSA Security holds software patents on the
RC5 algorithm. If you intend to use this cipher, you must contact
RSA Security for licensing conditions." And "The IDEA algorithm is
patented by Ascom ... They should be contacted if that algorithm
is to be used." The openssl FAQ says "For patent reasons, support
for IDEA, RC5 and MDC2 is disabled in this [Red Hat Linux] version."
The FAQ lists patent numbers and expiry dates of US patents:
MDC-2: 4,908,861 13/03/2007
IDEA: 5,214,703 25/05/2010
RC5: 5,724,428 03/03/2015
Now fee-based-commercial-use ACCEPTABLE_LICENSES is not needed.
Adapted to buildlink3
No INTERACTIVE_STAGE anymore
Changes sinces 0.17
===================
1.03 2002.12.09
- Makefile.PL now uses ExtUtils::AutoInstall. Thanks to Autrijus Tang
for the note.
- SIGNATURE file now included with distribution.
- Added --version to bin/pgplet, which lists supported ciphers, digests,
etc., along with version information.
- Added Crypt::OpenPGP::KeyBlock::save_armoured, to save an armoured
version of the keyblock (useful for exporting public keys).
- encrypt and verify no longer fail if there are no public keyrings,
in case lookup in a keyserver is desired.
- Added Crypt::OpenPGP::Digest::supported and
Crypt::OpenPGP::Cipher::supported.
- Fixed bug where signed cleartext has \r characters in the header.
1.02 2002.10.12
- encrypt and verify now support auto-retrieval of public keys from
an HKP keyserver, if the keys are not found in the local keyring.
- Added support for the SHA-1 integrity checks on secret keys used
by gnupg 1.0.7. Thanks to Chip Turner for the spot.
- Added a --local-user|-u option to bin/pgplet to support using a
different secret key for signing. Thanks to Joseph Pepin for the
patch.
- new() now accepts Crypt::OpenPGP::KeyRing objects for the PubRing
and SecRing parameters.
- Fixed a bug in decrypt where passing in a "Key" param to decrypt a
message encrypted to multiple recipients did not work. Thanks to
rdailey for the spot.
- ElGamal self-signatures no longer cause an error.
- Added LWP::UserAgent and URI::Escape to prereqs, for keyserver.
- Added Crypt::OpenPGP::Signature::digest accessor. Thanks to Bob
Mathews for the patch.
1.01 2002.07.15
- Added Crypt::OpenPGP::handle, a DWIM wrapper around the other
high-level interface methods. Given data, it determines whether the
data needs to be decrypted, verified, or both. And then it does what
it's supposed to do.
- Added Crypt::OpenPGP::Signature::timestamp to return the created-on
time for a signature. Also, Crypt::OpenPGP::decrypt and
Crypt::OpenPGP::verify now return the Crypt::OpenPGP::Signature object
if called in list context (and, in the case of decrypt, if there is
a signature). Thanks to Erik Arneson for the patches.
- Fixed a bug in decrypt with uncompressed encrypted signed data.
Thanks to Erik Arneson for the spot.
- Fixed a bug in Crypt::OpenPGP::Message with clearsigned messages, if
the text and signature were contained in a block of text containing
more PGP messages/signatures.
- Fixed a nasty, evil, stupid compatibility bug with canonical text.
Namely, pgp2 and pgp5 do not trim trailing whitespace from "canonical
text" signatures, only from cleartext signatures. This was causing
invalid signatures which should not have been invalid. Thanks to
Erik Arneson for the spot.
- Added Crypt::OpenPGP::KeyServer, which does lookups against an HKP
keyserver.
1.00 2002.02.26
- CAST5 is now supported thanks to Crypt::CAST5_PP from Bob Mathews.
- bin/pgplet now supports encrypting and decrypting symmetrically-
encrypted messages.
- The PassphraseCallback argument to Crypt::OpenPGP::decrypt can now
be used to supply a callback for symmetrically-encrypted packets,
as well as public-key-encrypted packets.
- Fix a bug with encrypted, signed text--the signature was being
armoured, which led to errors from the process trying to decrypt and
verify.
- Fix a bug with symmetric-encrypted session keys w/r/t generation for
PGP2--PGP2 doesn't understand symmetric-encrypted session keys, so we
need to leave them out when Compat is PGP2. Also, we need to use the
'Simple' S2k rather than the default, 'Salt_Iter'.
- Fix a key generation bug where GnuPG will not import generated public
keys, because the self-signature is invalid; signature needs to be on
key data *and* user ID. Thanks to Joel Rowles for the spot.
- Fix bug in ElGamal encryption and k generation.
0.18 2002.01.29
- Added IsPacketStream parameter to Crypt::OpenPGP::Message; this turns
off armour detection when initializing the message, and can be used
when you *know* that the message is a stream of packets, and not an
ASCII-armoured stream of packets.
- When unarmouring, remove \r characters from the armoured text end
of lines.
- Added Crypt::OpenPGP::KeyRing::save method. Thanks to Ben Xain for
the idea and a patch.
- Added compatibility with symmetric-key-encrypted files that do not
have a symmetric-key session key packet. The assumption with these
encrypted messages is that they are PGP2-encrypted, using the IDEA
cipher, MD5 digests, and a Simple s2k. So that is how the fix has
been implemented. Thanks to Ben Xain for the bug report.
- Win32 fixes: use binmode when reading files that might be binary.
- Added --symmetric and --digest options to Makefile.PL to set
symmetric and digest algorithms when using --sdk.
- Fixed subkey IDs in list-keys with bin/pgplet.
- Check for errors when reading keyring.
Changes since 0.0.6:
- A command line tool "gss" added in src/.
- gss_display_status can return multiple description texts (using context).
- The Swedish translation has been updated.
- Various cleanups and improvements.
- Implemented gss_export_name and gss_krb5_inquire_cred_by_mech.
The Kerberos 5 backend also support them.
- gss_inquire_cred support default credentials.
- Kerberos 5 gss_canonicalize_name now support all mandatory name types.
- Kerberos 5 gss_accept_sec_context now support sub-session keys in AP-REQ.
- Added new extended function API: gss_userok.
- API documentation in HTML format from GTK-DOC included in doc/reference/.
- Moved all backend specific code into sub-directories of lib/.
- The gss_duplicate_name function now allocate the output result properly.
- Man pages for all public functions are included.
- Documentation fixes. For example, all official APIs are now documented.
- Fixed typo that broke gss_wrap for 3DES with Kerberos 5.
- Improvements to build environment.
- Autoconf 2.59, Automake 1.8 beta, Libtool CVS used.
Changes from previous version are:
+ Fix a single byte buffer overflow. Can only be a NUL byte that
overflows, not believed (at this stage!) to be exploitable in any
way.
+ Avoid null-pointer dereference if getpwuid(getuid()) fails.
Version 1.0.8 (28/02/2004)
- Corrected bug in mutual certificate authentication in SSL 3.0.
- Several other minor bugfixes.
Version 1.0.7 (25/02/2004)
- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection hack).
- Some updates in the documentation.
by request on regional-fr.
Srm is a secure replacement for rm(1). Unlike the standard rm, it overwrites
the data in the target files before unlinkg them. This prevents command-line
recovery of the data by examining the raw block device. It may also help
frustrate physical examination of the disk, although it's unlikely that
completely protects against this type of recovery.
Srm uses algorithms found in _Secure Deletion of Data from Magnetic and
Solid-State Memory_ by Peter Gutmann and THC Secure Delete (the overwrite,
truncate, rename, unlink sequence).
All users, but especially Linux users, should be aware that srm will only
work on file systems that overwrite blocks in place. In particular, it will
_NOT_ work on resiserfs or the vast majority of journaled file systems. It
should work on ext2, FAT-based file systems, and the BSD native file system.
Ext3 users should be especially careful as it can be set to journal data as
well, which is an obvious route to reconstructing information.
---
ike-scan discovers IKE hosts and can also fingerprint them using the
retransmission backoff pattern.
ike-scan does two things:
a) Discovery: Determine which hosts are running IKE.
This is done by displaying those hosts which respond to the IKE requests
sent by ike-scan.
b) Fingerprinting: Determine which IKE implementation the hosts are using.
This is done by recording the times of the IKE response packets from the
target hosts and comparing the observed retransmission backoff pattern
against known patterns.
The retransmission backoff fingerprinting concept is discussed in more
detail in the UDP backoff fingerprinting paper which should be included
in the ike-scan kit as udp-backoff-fingerprinting-paper.txt.
The program sends IKE main mode requests to the specified hosts and displays
any responses that are received. It handles retry and retransmission with
backoff to cope with packet loss. It also limits the amount of bandwidth
used by the outbound IKE packets.
Changes since 0.9.1:
* Support for Extended Key Usage.
* ksba_cms_identify may no return a pseudo content type for pkcs#12
files.
* Cleaned up the DN label table.
* Fixed a bug in creating CMS signed data.
* Interface changes:
ksba_reader_clear NEW.
ksba_cert_get_ext_key_usages NEW.
KSBA_CT_PKCS12 NEW.
Changes since 1.1.90:
- Included a limited implementation of RFC2268.
- Changed API of the gcry_ac_ functions.
- Code cleanups and minor bug fixes.
- Interface changes:
GCRY_CIPHER_RFC2268_40 NEW.
gcry_ac_data_set CHANGED: New argument FLAGS.
gcry_ac_data_get_name CHANGED: New argument FLAGS.
gcry_ac_data_get_index CHANGED: New argument FLAGS.
cry_ac_key_pair_generate CHANGED: New and reordered arguments.
gcry_ac_key_test CHANGED: New argument HANDLE.
gcry_ac_key_get_nbits CHANGED: New argument HANDLE.
gcry_ac_key_get_grip CHANGED: New argument HANDLE.
gcry_ac_data_search REMOVED.
gcry_ac_data_add REMOVED.
GCRY_AC_DATA_FLAG_NO_BLINDING REMOVED.
GCRY_AC_FLAG_NO_BLINDING NEW: Replaces above.
Taking maintainership.
Adapted to buildlink3.
Shut up warnings during test with patch-aa.
Updated version requirements according to Makefile.PL.
Changes sinces 1.47
===================
* In ::Key::generate() calls to ::Key::Private::write() and
::Key::Public::write() have been fixed. Thanks to
Lars Rehe <rehe@mail.desy.de> for pointing out this bug.
* Fixed some documentation typos.
* POD documentation for ::Key::[Private|Public].
Taking maintainership.
Adapted to buildlink3.
Changes sinces 1.11
===================
* Changed the die() message at provider contruction to include the
name of the provider.
* Updated documentation.
Taking maintainership.
Needs p5-Crypt-Rijndael for running the tests.
Adapted to buildlink3.
Changes sinces 2.02
===================
-Bug fix from Chris Laas to fix custom padding
-Bug fixes from Stephen Waters to fix space padding
-Lots of regression tests from Stephen Waters
-Makes zero-and-one padding compatible with Crypt::Rijndael::MODE_CBC.
-Lots of improvements to padding mechanisms from Stephen Waters
-Patch from Andy Turner <turner@mikomi.org> to allow backward
compatibility with old versions when key length exceeded max.
be linked in when testing -lreadline usability so that test fails on
Solaris - so pass that lib into configure at the start via the environment.
Also allow optional use of db4 rather that db.
the TCPA chip described in IBM Global Security Analysis Lab's
article "Take Control of TCPA" in the August 2003 issue of Linux
Journal.
For this package to be useful, you need a computer with a TCPA
chip, and support for the chip in your kernel. An unofficial NetBSD
TCPA driver and instructions can be found here:
http://www.citi.umich.edu/u/rwash/projects/trusted/netbsd.html
I don't have a TCPA chip with which to verify the functionality of
this package.
Thanks to Soren Jacobsen for bringing me up to speed on modern
pkgsrc conventions, and to Rick Wash for his recent presentation
at my local ACM chapter on TCPA and "Trusted Computing".
sourceforge dot net, cleaned by cjep@, and modified by me.
pyOpenSSL is a Python module that is a rather think wrapper around (a
subset of) the OpenSSL library. A lot of the object methods do
nothing more than call a corresponding function in the OpenSSL
library.
Update to version 0.21.
Changes since 0.19:
0.21 Sun Feb 15 2004 21:13:45
- Include t/format.t in the MANIFEST file, so that it is
actually included in the distribution.
0.20 Sun Feb 15 2004 15:21:40
- Finally add support for the public key format produced by
"openssl rsa -pubout".
- Add comment in readme about locating kerberos files on redhat systems
modified by me.
chkrootkit is a tool to locally check for signs of a rootkit. It
contains:
* chkrootkit: a shell script that checks system binaries for
rootkit modification.
* ifpromisc.c: checks if the network interface is in promiscuous
mode.
* chklastlog.c: checks for lastlog deletions.
* chkwtmp.c: checks for wtmp deletions.
* check_wtmpx.c: checks for wtmpx deletions. (Solaris only)
* chkproc.c: checks for signs of LKM trojans.
* chkdirs.c: checks for signs of LKM trojans.
* strings.c: quick and dirty strings replacement.
Only minor changes since last release:
2003-11-19 Werner Koch <wk@gnupg.org>
Released 0.3.16.
* configure.ac: Bump LT revision to C9/A3/R7.
2003-11-18 Werner Koch <wk@gnupg.org>
* configure.ac: Check for timegm.
* New feature sponsored by SURFnet http://www.surfnet.nl/
- Support for CIFS aka SMB protocol SSL negotiation.
* New features
- CRL support with new CApath and CAfile global options.
- New 'taskbar' option on WIN32 (thx to Ken Mattsen
<ken.Mattsen@roxio.com>).
- New -fd command line parameter to read configuration
from a specified file descriptor instead of a file.
- accept is reported as error with [section] defined (in
stunnel 4.04 it was silently ignored causing problems
for lusers that did not read the fine manual).
- Use fcntl() instead of ioctlsocket() to set socket
nonblocking when it is supported.
- Basic support for hardware engines with OpenSSL >= 0.9.7.
- French manual by Bernard Choppy <choppy@imaginet.fr>.
- Thread stack size reduced to 64KB for maximum scalability.
- Added optional code to debug thread stack usage.
- Support for nsr-tandem-nsk (thx to Tom Bates <tom.bates@hp.com>).
* Bugfixes
- TCP wrappers code moved to CRIT_NTOA critical section
since it uses static inet_ntoa() result buffer.
- SSL_ERROR_SYSCALL handling problems fixed.
- added code to retry nonblocking SSL_shutdown() calls.
- Use FD_SETSIZE instead of 16 file descriptors in inetd
mode.
- fdscanf groks lowercase protocol negotiation commands.
- WIN32 taskbar GDI objects leak fixed.
- Libwrap detection bug in ./configure script fixed.
- grp.h header detection fixed for NetBSD and possibly
other systems.
- Some other minor updates.
include it. This is a reminder to anyone who updates cyrus-sasl2 to also
touch the other packages.
Update the cy2-*/PLIST files to have the correct module version numbers.
2003-10-29 David A. Wheeler
* Fixed an incredibly obscure parsing error that caused some
false positives. If a constant C string, after the closing
double-quote, is followed by a \ and newline (instead of a comma),
the string might not be recognized as a constant string
(thus triggering warnings about non-constant values in some cases).
This kind of formatting is quite ugly and rare.
My thanks to Sascha Nitsch (sascha, at spsn.ath.cx) for pointing
this bug out and giving me a test case to work with.
* Added a warning for readlink. The implementation and warning
are mine, but the idea of warning about readlink came from
Stefan Kost (kost, at imn.htwk-leipzig.de). Thanks!!
2003-09-27 David A. Wheeler
* Released version 1.23. Minor bugfixes.
2003-09-27 David A. Wheeler
* Fixed subtle bug - in some circumstances single character constants
wouldn't be parsed correctly. My thanks to Scott Renfro
<scottdonotspam, at renfro.org> for notifying me about this bug.
Scott Renfro also sent me a patch; I didn't use it
(the patch didn't handle other cases), but I'm grateful since it
illustrated the problem.
* Fixed documentation bug in man page.
The option "--minlevel=X" must be preceded by two dashes,
as are all GNU-style long options. The man page accidentally only
had one dash in the summary (it was correct elsewhere); it now
correctly shows both dashes.
* Modified man page to list filename extensions that are
interpreted as C/C++.
* Removed index.html from distribution - it's really only for the
website.
as PREFER_PKGSRC. Preferences are determined by the most specific
instance of the package in either PREFER_PKGSRC or PREFER_NATIVE. If
a package is specified in neither or in both variables, then PREFER_PKGSRC
has precedence over PREFER_NATIVE.
Python bindings for GNUTLS.
GnuTLS is a project that aims to develop a library which provides a
secure layer, over a reliable transport layer. Currently the GnuTLS
library implements the proposed standards by the IETF's TLS working
group.
really only needs gettext-lib through libgpg-error, and doesn't need
libiconv at all unless it uses the pkgsrc gettext-lib. The gettext-lib
buildlink3.mk file combined with the buildlink3 framework is considerably
better at detecting this than the buildlink2.mk, which broke in a lot of
instances.
This provides both, simple and fine-grained control over the Kerberos
prefix. If not specified, KRB4_PREFIX_CMDS will default to the value
of KERBEROS_PREFIX_CMDS. If specified, it overrides KERBEROS_PREFIX_CMDS.
of bootstrap-pkgsrc).
ftp is now always installed as bin/k4ftp. In addition, if the variable
KRB4_PREFIX_CMDS is set to YES, rcp, rlogin, rsh, su, and telnet will
be installed with a "k4" prefix.
This has been achieved by stealing the transform code from security/heimdal
and by tayloring it a bit.
Closes PR pkg/24354 by Tracy Di Marco White.
targets so platforms other than *BSD have a chance of building.
install /etc/TIMEZONE on Solaris.
XXX this package still needs more work to be useful on Solaris
and other platforms.
BUILDLINK_PREFER_PKGSRC
This variable determines whether or not to prefer the pkgsrc
versions of software that is also present in the base system.
This variable is multi-state:
defined, or "yes" always prefer the pkgsrc versions
not defined, or "no" only use the pkgsrc versions if
needed by dependency requirements
This can also take a list of packages for which to prefer the
pkgsrc-installed software. The package names may be found by
consulting the value added to BUILDLINK_PACKAGES in the
buildlink[23].mk files for that package.
_mpih-mul1.s:2: Error: alignment not a power of 2
_mpih-mul1.s:20: Error: alignment not a power of 2
So, changing ALIGN (3) to ALIGN (4) fixes these problems.
Patch sent by pancake in private email, adapted to use subst.mk
framework by me.
Version 4.3.2 contains various bugfixes and improvements to the documentation
and software.
o Minor modifications to the check-updates.pl script.
o A libmilter plugin for the Mail Scanner added.
o A qmail plugin for the Mail Scanner added.
o Improved mime handling.
o Various features added to scan-mail.pl.
o Minor improvements in mime handling.
the normal case when BUILDLINK_DEPENDS.<pkg> isn't specified, it receives
a value only once due to the multiple inclusion protection in the
bulldlink3.mk files. In the case where a package includes several
buildlink3.mk files that each want a slightly different version of another
dependency, having BUILDLINK_DEPENDS.<pkg> be a list allows for the
strictest <pkg> dependency to be matched.
sent to me by the author Shane Kinney
A system utility that destroys files on the hard drive
by writing null and random bytes to the file over and over.
0.22 2004/01/23
* parse_subpacket() are split into parse_signature_subpacket() and
parse_userattr_subpacket(). A bug of length calculation is fixed.
* The critical bit of the signature subpackets are supported.
Peter Palfrader <peter@palfrader.org>
0.21 2004/01/13
* Removing compiler warnings.
* Using getopt().
* Supporting RISC OS.
Stefan Bellon <sbellon@sbellon.de>
* Correct casting for Bzip2.
Stefan Bellon <sbellon@sbellon.de>
* Prepared os/riscos/{config.h,Makefile} since "sh" does not exist on
RISC OS.
Stefan Bellon <sbellon@sbellon.de>
Major changes from previous version:
Master site has moved to sourceforge
Licence has changed to a GPL-like licence
Minor changes from previous version:
12-21-1999 - 1.1 Fixed typo in bare-bones TCP list where 524 was supposed to be for 1524.
03-31-2000 - 1.1 Updated .conf to add ipf blocking rule. Thanks Graham Dunn
<gdunn@inscriber.com>
06-08-2000 - 1.1 Fixed an error in the state engine portion that could cause an increment error
under certain conditions. Thanks Peter M. Allan <peter.m.allan@hsbcgroup.com> for finding this.
6-21-2000 - 1.1 New Features added
- Added in feature to disable DNS host resolution by checking RESOLVE_HOST in
conf file.
- Added in feature to have external command run before or after blocking has
occurred as defined in KILL_RUN_CMD_FIRST option in conf file.
- Removed DoBlockTCP/UDP functions. Converted over to generic flag checker.
7-5-2000 - 1.1
- Added iptables support (thanks Scott Catterton <scatterton@valinux.com>)
- Added Makefile support for Irix
- Put in ports for common DDOS ports
9-8-2000 - 1.1 - Added in netmask support
9-9-2000 - 1.1 - Finally moved resolver functions to own area.
- Made CleanAndResolve to ensure DNS records returned are sanitized
correctly before being passed back.
3-23-2001 - 1.1 - Fixed a bug that showed up under Linux 2.4 Kernel that would cause accept
to loop. There was an error with how I used a count variable after trying to bind to ports.
If the port didn't bind the count for the openSockfd would still increment and this caused
the error to show up.
6-26-2001 - 1.1 - Added Mac OS X build support (Same as FreeBSD). Fixed bug for Advanced mode
to properly monitor 1024 ports (it only did first 1023 before). Thanks Guido.
05-23-2003 - 1.2 - Removed references to old psionic e-mail and changed license to
Common Public License.
I've also added a fix for a multi-line string constant for gcc3.
OpenSSL software. Otherwise, set it to /etc/ssl/certs, which is where a
lot of Linux distros store certs. The behaviour on NetBSD systems is
unchanged -- always set to /etc/openssl/certs. Fixes PR 24161.
If an optional "mykeyid" is given on the command line, use different
colors for lines to & from that node. The colors are:
green mutual trust, includes mykey
blue mutual trust, not mykey
orange someone trusts mykey (one way)
red mykey trusts someone (one way)
black one way trust, not mykey
which lists all the keys in your public key ring, along with all
their signatures, and converts it to a di-graph in "dot" language
form.
The graphviz package can turn the description into a graph you can
look at to see who has signed whose key, or how far it is from your
key to someone in Reykjavik, etc.
