Use OWN_DIRS to handle directories under /var.
Move the logcheck.sh script to where it belongs, the bin directory.
Use buildlink2.
Bump PKGREVISION to 1.
amavis-perl. Fixed milter support for amavis-perl.
NB: the package was named amavis-perl-200xxxxx, now the version is 0.1,
which is lexicographically lower. I wrote v0.1 instead of 0.1 in order
to make 0.1 newer than 200xxxxx
tar. Do not pass P to tar when testing for removal of leading /'s.
This is a fix for PR#20928.
XXX On Solaris this package will be broken. It probably needs to
XXX depend on gtar in this case.
relevant changes are > 500 lines, see
ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog
Personal selection:
rekeying bugfixes and automatic rekeying
bandwidth limitation (scp -l)
Add a -t life option to ssh-agent that set the default lifetime.
The default can still be overriden by using -t in ssh-add.
sftp progress meter support.
allow usernames with embedded '@', e.g. scp user@vhost@realhost:file /tmp;
[scp.c]
1) include stalling time in total time
2) truncate filenames to 45 instead of 20 characters
3) print rate instead of progress bar, no more stars
4) scale output to tty width
Changes since Sudo 1.6.7p1:
o Fixed an unterminated comment that broke Kerberos V authentication.
o The krb5-config script is now used to determine Kerberos V
CPPFLAGS and LDFLAGS/LIBS if it exists.
o Backed out changes to mkinstalldirs from autoconf 2.57 that
caused problems on Tru64 Unix.
478) Wildcards now work correctly in the env_keep Defaults directive.
479) Added support for non-root timestamp dirs. This allows the timestamp
dir to be shared via NFS (though this is not recommended).
480) Removed double printing of bad environment variable table in -V mode.
481) configure script has been regenerated with autoconf 2.5.7.
This required some changes to configure.in.
482) Fixed a compilation problem on SunOS; thanks to Alek O. Komarnitsky.
483) SecurID 5.0 API support from Michael Stroucken.
484) Restore state of signal handlers to what we had upon startup.
Fixes a problem when using sudo with nohup; thanks to Paul Markham.
485) Revamp set_perms() to use setresuid() or setreuid() when available
in preference to POSIX stuff since they allow us to properly
implement "stay_setuid" whereas POSIX does not really.
486) In strict mode sudo did not throw an error for undefined User_Aliases.
487) Fixed a Makefile bug on IRIX.
488) Write the prompt *after* turning off echo to avoid some password
characters being echoed on heavily-loaded machines with fast typists.
489) Added %U and %H escapes in the prompt and fixed treatment of %%.
490) Visudo will now add a final newline to sudoers if the user's editor
not add one before EOF.
491) The lexer state is now reset to its initial value on EOF.
Previously, the state was not reset between parser invocations
which could cause problems for visudo in rare cases.
492) Added support for Defaults that apply based on the RunasUser.
493) Sudo now includes copies of strlc{at,py} and uses them throughout.
494) Sudo is now careful to avoid interger overflow when allocating
memory. This is one of those "should not happen" situations.
495) Added a configure option (--with-stow) to make sudo compatible
with GNU stow.
496) auth/kerb5.c now compiles under Heimdal.
497) The volatile prefix is used in the hopes of preventing compilers
from optimizing away memory zeroing. Unfortunately, this results
in some warnings from gcc.
498) Better Kerberos IV/V support in the configure script.
499) Fixed a logic thinko in the SIGCHLD handler that caused problems
with rlogin on HP-UX.
500) configure now adds -R to LDFLAGS when it adds -L for Solaris and
SVR4. There is a configure option, --with-rpath, to control this.
501) On AIX, configure will pass extra directory paths to the linker
via the -blibpath ld option. This is only active when additional
library paths are used. It may be disabled via the
--without-blibpath configure option.
502) The --with-skey and --with-opie configure options now take
an optional directory argument that should have an include and
lib dir for the skey/opie include file and library respectively.
503) Fixed false positives in the overflow detection of expand_prompt().
Researchers have discovered a timing attack on RSA keys, to which
OpenSSL is generally vulnerable, unless RSA blinding has been turned
on.
Typically, it will not have been, because it is not easily possible to
do so when using OpenSSL to provide SSL or TLS.
The enclosed patch switches blinding on by default. Applications that
wish to can remove the blinding with RSA_blinding_off(), but this is
not generally advised. It is also possible to disable it completely by
defining OPENSSL_NO_FORCE_RSA_BLINDING at compile-time.
The performance impact of blinding appears to be small (a few
percent).
This problem affects many applications using OpenSSL, in particular,
almost all SSL-enabled Apaches. You should rebuild and reinstall
OpenSSL, and all affected applications.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0147 to this issue.
* Add patch from http://www.openssl.org/news/secadv_20030319.txt:
Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa
have come up with an extension of the "Bleichenbacher attack" on RSA
with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. Their
attack requires the attacker to open millions of SSL/TLS connections
to the server under attack; the server's behaviour when faced with
specially made-up RSA ciphertexts can reveal information that in
effect allows the attacker to perform a single RSA private key
operation on a ciphertext of its choice using the server's RSA key.
Note that the server's RSA key is not compromised in this attack.
* Bump PKGREVISION.
This is the Cyrus SASL plugin that implements the LOGIN authentication
mechanism. It's recommended that it only be used if absolutely necessary
since it is not a secure authentication scheme.
This is the Cyrus SASL plugin that implements the LOGIN authentication
mechanism. It's recommended that it only be used if absolutely necessary
since it is not a secure authentication scheme.
Based on the sfs-0.6 package provided by Michael Santos in PR 18528.
SFS is a secure, global network file system with completely
decentralized control. SFS lets you access your files from anywhere
and share them with anyone, anywhere. Anyone can set up an SFS
server, and any user can access any server from any client. SFS
lets you share files across administrative realms without involving
administrators or certification authorities.
Makefiles simply need to use this value often, for better or for
worse.
(2) Create a new variable FIX_RPATH that lists variables that should
be cleansed of -R or -rpath values if ${_USE_RPATH} is "no". By
default, FIX_RPATH contains LIBS, X11_LDFLAGS, and LDFLAGS, and
additional variables may be appended from package Makefiles.
Changes:
- The progress status is sent via the progress callbacks in
gpgme_op_edit.
- Bug fix for signing operations with explicit signer settings
for the CMS protocol.
