Changes provided, but not clear, I guess should be a
functional improvement and some bugs fixed.
- Patch by Mike McCauley mikem@open.com_.au
- applied patch from Tim Engler <tim@burntcouch_.com>
- perl-5.8/gcc-3.2 patch on Makefile.PL from
Joern_Hoos@@notes.uni-paderborn._de, lucho@@galix._com,
bellis@@saberlogic._com, and simonclewer@@superquote._com
* Numerous bug fixes for most of the PAM modules, including several
string length checks and fixes (update recommended!).
* fix for legacy behavior of pam_setcred and pam_close_session in
the case that pam_authenticate and pam_open_session hadn't been
called
* pam_unix:
- don't zero out password strings during password changing function
* pam_wheel:
- feature: can use the module to provide wheel access to non-root
accounts.
* pam_limits:
- added '%' domain for maxlogins limiting, now '*' and @group
have the old meaning (every) and '%' the new one (all)
- handle negative priority limits (which can apply to the
superuser too).
* pam_userdb:
- require that all of typed password matches that in database
* pam_access:
- added the 'fieldsep=' argument, made a PAM_RHOST of ""
equivalent to NULL
Incidentally, cups-1.1.18 will once again do PAM authentication using
pam_unix.so if built against PAM-0.77.
From NEWS file:
Noteworthy changes in version 0.3.14 (2002-12-04)
-------------------------------------------------
* GPGME-Plug is now in its own package "cryptplug".
* Workaround for a setlocale problem. Fixed a segv related to not
correctly as closed marked file descriptors.
For full list of changes see ChangeLog.
(distfile checked against .sig file)
Based on pr pkg/19438 by Adrian Portelli.
Changes since 1.2.6:
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- The 'cancel' button of several file selection dialogs is now working
- Optimized several plugins :
- Web-related checks now use http_recv() instead of recv()
- open_priv_sock_tcp() has a lower timeout
- RPC related checks now use get_rpc_port(), a function equivalent
to libc's getrpcport() but with a much smaller timeout
- Decreased the default value of checks_read_timeout from 15 to 5
- Fixed a bug in the plugin selection GUI which would not refresh
the list of plugins of a given family properly (bug#3)
- Fixed memory leaks in NASL
- Fixed a bug in nessusd which would make it leak memory when receiving a SIGHUP
(bug#10)
- Fixed a compatibility problem with Nmap 3.10ALPHA (bug#11)
- Nessus now accepts nmap's U: and T: notation for the port range (bug#5)
. changes by Erik Anderson (eanders@pobox.com)
- Added CVE and BID links, added urls and removed dead links from the plugins
. changes by Michel Scheidell (scheidell@secnap.net)
- Improved several SMB-related checks
. changes by Rodolfo Baader (rbaader@activesec.biz)
- Quotes and apostrophes are properly escaped in the XML output report
TkPasMan is a simple program that lets you store usernames and passwords
you collect during access to forums, mailing lists, and other websites.
It is inspired in gpasman, but it has more paste possibilities. You can,
for example, paste the username at first and then password, using two
mouse clicks.
Passwords can be stored in a secure file, using OpenSSL to encrypt it.
This closes my own PR pkg/18884.
Approved by wiz.
Package changes: use buildlink2, ssldump command moved from bin/ to sbin/.
Selected Changelogs bits:
* Added support for VLAN networks (Jeffrey Hafey)
* Added support for non-promiscuous mode (-P flag) (Bruce M Simpson)
* Added support for session resumption.
* Added the -X flag to force hex-only printing when binary data is displayed
as hex dumps.
* Added -r as a synonym for -f. -f will eventually
be removed and reused for some other option.
This was done for option compatibility with tcpdump
and on the theory that someday I might add a -w.
* Renamed -h to -H and added it to the documentation.
-h now triggers usage info.
Plus numerous fixes, bug fixes and security fixes.
from DESCR:
Hackbot is a vulnerability scanner that started as a joke at first, but now
it has become a serious project. Hackbot scans over 300 CGI's, scans for
banners of several services, does unicode checks, checks for open relays,
outsmarts Cisco PIX MailGuard, can do ripe checkup, spamcop db checkup, X
connect test and lots more.
- No need for /usr/lib/sasl2 anymore: INSTALL script removed, DEINSTALL
script tuned.
- Removed auto* tools dependencies by providing patch files for generated
configure and Makefile.in.
- Use ${PKGDIR} instead of ${.CURDIR} for PLIST_SRC files.
- `--with-rc4' does not need an argument.
- Use BUILDLINK_PREFIX.whatever instead of BUILDLINK_DIR.
- Fix GSSAPI build for non-current NetBSD, this includes patch-ag removal.
- Fix PLIST handling by providing PLIST.post (lib/sasl2 removal at deinstall
time) and fixing PLIST.common (include/sasl removal at deinstall time).
- Bump BUILDLINK_DEPENDS.cyrus-sasl in buildlink2.mk.
- Work around problem introduced by LTCONFIG_OVERRIDE and direct usage
of ac_cv_can_build_shared in configure.in as suggested by Nick Hudson.
Remove patch-ab (sasl-config is gone btw, it was not needed anyway).
This should fix plugins shared libs problem as reported -among other-
in PR pkg/19001 by Stephen Degler <sdegler at degler dot net>.
Version 0.9
* Fixed bugs
* Added support for keyed md check of db and config
* Removed dependancy on libgcrypt
* Added dependancy on mhash
Version 0.8
* Fixed loads and loads of bugs
* Added syslog backend
* Report format changed
* added lots of parameters see man page and configure --help
* added ACL support for SunOS 5.x (and compatibles)
* libgcrypt is now separate and required
Version 0.7
* Bug fixes
* Compressed database support
* Linkname checking
* Mhash support (version 0.8.1 of mhash required)
Version 0.8.17 (released October 4 2002)
- Corrected the HEX key mode. Refuses to convert hex strings longer
than the given key size.
- Corrected some memory leaks in keygen_s2k. Patch by Bob Mathews
<bobmathews@alumni.calpoly.edu>
- Corrected wrong use of sizeof in hmac_test. Reported by Ellis Pritchard
<ellispritchard@users.sf.net>
Version 0.8.16 (released May 29 2002)
- Code cleanups and optimizations
- Added configure time options to disable certain algorithms
Version 0.8.15 (released May 24 2002)
- Corrected Iterated S2K
- Made all static tables constant (pointed out by Darryl Miles <darryl@netbauds.net>)
Version 0.8.14 (release March 28 2002)
- mhash_deinit() and mhash_hmac_deinit() now accept a null digest parameter
- Corrected memory leaks (patch by Gustavo Niemeyer <niemeyer@conectiva.com>)
- Corrected bug in Gost hash algorithm (pointed out by Mike Gorchak <mike@malva.ua>)
Version 0.8.13 (released November 18 2001)
- Added ADLER32 algorithm (implementation by Manuel Kasper <mk@neon1.net>)
Version 0.8.12 (released October 29 2001)
- Corrected bugs in mhash_get_name() functions
- Added SHA-256 from libnettle.
Version 0.8.11 (released October 21 2001)
- added mhash_save_state_mem() and mhash_restore_state_mem() functions,
initial patches and idea by Blake Stephen <Stephen.Blake@veritect.com>
- Added mhash_get_name_static()
- Corrected mhash_get_name() and mhash_count()
Version 0.8.10 (released on July 12 2001)
- New mhash_deinit() and mhash_hmac_deinit() functions based on the
proposal, and patches by William Ahern <wahern@25thandClement.com>
SASL_USE_GSSAPI is defined to yes. Note untested as I don't have kerberos
setup, it probably won't work until some patches are put in to fix plugins
not working.
Changes in release 1.2.1:
* kadmind: fix remote exploit
Changes in release 1.2:
* fix buffer overrun in ftp
* fix openssl building
* don't try to force encryption in telnet if not talking to a default
telnet port
* recognise AIX 5
* should work with more DB libraries
This is the latest release of cyrus-sasl. It is needed for the 2.1.x
versions of cyrus-imapd.
SASL is a method for adding authentication support to connection-based
protocols. To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating protection
of subsequent protocol interactions. If its use is negotiated, a security
layer is inserted between the protocol and the connection.
Major user visible changes are:
* The library dependencies for OpenLDAP seem to change fairly
frequently, and GnuPG's configure script cannot guess all the
combinations. Use ./configure LDAPLIBS="-L libdir -l libs" to
override the script and use the libraries selected.
* Secret keys generated with --export-secret-subkeys are now
indicated in key listings with a '#' after the "sec", and in
--with-colons listings by showing no capabilities (no lowercase
characters).
* --trusted-key has been un-obsoleted, as it is useful for adding
ultimately trusted keys from the config file. It is identical
to using --edit and "trust" to change a key to ultimately
trusted.
* The usual bug fixes as well as fixes to build problems on some
systems.
Note that patch-aa and patch-ab are no longer needed as was, patch-aa now
contains fixes to handle dlsym errors properly.
Also now include libiconv/buildlink2.mk as gnupg looks for iconv.
Fixes pkg/18221.
of libraries and linker flags needed to link against libsasl. Bump
PKGREVISION and bump the BUILDLINK_DEPENDS as packages will be needing to
use a version of cyrus-sasl with a correct sasl-config.
pyCA tries to make it easier for people to set up and run a organizational
certificate authority which fulfills the need for a fairly secure
certification processing. The package also tries to reduce administrative
tasks and user's frustration by providing a comfortable web interface to
users contacting the certificate authority.
Changes since 1.2.0:
1.2.6 :
. changes by Michael Slifcak (Michael.Slifcak@guardent.com)
- Added Bugtraq cross reference in the plugins
- Added support for BID in nessusd (this has yet to be done on the
client side)
. changes by Axel Nennker (Axel.Nennker@t-systems.com)
- fixed the xml and html outputs
- fixed array issues in a couple of plugins
. changes by Michel Arboi (arboi@bigfoot.com)
- find_service now detects services protected by TCP wrappers or ACL
- find_service detects gnuserv
- ptyexecvp() replaced by nessus_popen() (*)
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Fixed a bug which may make nasl interpret backquoted strings
(\n and \r) received from the network (problem noted by Pavel Kankovsky)
- nmap_wrapper.nes calls _exit() instead of exit() (*)
- Solved the lack of bpf's on Free/Open/NetBSD and MacOSX by
sharing _one_ among all the Nessus processes. As a result, Nessus's
ping is much more effective on these platforms
- bugfix in plug_set_key() which would eventually make some scripts
take too long when writing in the KB
- Plugins of family ACT_SETTINGS are run *after* plugins of family
ACT_SCANNERS
- replaced the implementation of md5 which was used when OpenSSL is disabled
by the one from RSA (the old one would not work on a big-endian host)
- Fixed plugins build issues on MacOS X
- The nessus client compiles and links against GTK+-2.0. Of course, it will
be horrible and instable, as the GTK team does not care about backward
compatibility
(*) These two modifications solve the problems of nmap hanging under FreeBSD
1.2.5 :
. changes by Michel Arboi (arboi@bigfoot.com)
- find_service now displays unknown services that run on assigned ports
- read_stream_connection smarter (smaller timeout)
- find_service sometimes declared IDENT as "unknown"
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Fixed a deadlock that would prevent some plugins from completing
- Fixed a possible (although rare) corruption issue in the reports
(the script IDs could under some circumstances be random)
- Fixed a potential segfault in the execution of nasl scripts
1.2.4 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Reverted back to autoconf 2.13.
- Bug fix in nessus-core/nessusd/pluginlaunch.c - under some circumstances,
data might have be lost in the reports
- Fixed a bug in several plugins for web checks (under some circumstances,
a plugin would do N x N checks against the remote web servers (where
N equals to the number of web servers running on the remote host)
1.2.3 :
. changes by Isaac Dawson (idawson@securitymanagementpartners.com)
- New html output layout.
. changes by Pasi Eronen (pasi.eronen@nixu.com)
- fix in nmap_wrapper
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Fixed a bug which could make, under some circumstances, make nessusd
crash the host it is running on.
- If the option log_whole_attack is set to "no", then only the begining
and the end of the attack is logged (and not the time each plugin takes)
- Improved no404.nasl to further reduce false positives
- Bug fix in nessusd - under some rare circumstances, report data could
be lost (if many many plugins were enabled at the same time and were
sending data at the same time).
- UDP packets are resent while we wait for a reply (avoids to loose packets
en route)
- Fixed the option "auto_enable_dependencies" which would not always work
- Sending a SIGTERM to the nessus client during a command line scan
forces it to save its result to the current test file
- Non-printables characters are not shown in the report any more
1.2.2 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- In the GUI, while running a scan, plugins names are only updated once
in a while (saves CPU)
- Bugfix in the client : some host names would make the client crash
- Repaired the '-P' switch in the client
1.2.1 :
. changes by Simon Law (sfllaw@engmail.uwaterloo.ca)
- Made a manpage for nessus-mkcert-client(1) and have it installed by
the Makefile
- Revised most other manpages for missing information and to increase
clarity
2002-09-21 Werner Koch <wk@gnupg.org>
Released 1.2.0.
* configure.ac: Bumbed version number and set development version
to no.
2002-09-19 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Try linking LDAP as just -lldap as it seems very
recent OpenLDAPs (>=2.0.23) support that.
2002-09-14 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Try linking LDAP without -lresolv first, just in
case the platform has libresolv, but doesn't actually need it to
use LDAP.
2002-09-12 David Shaw <dshaw@jabberwocky.com>
* NEWS: Note that the old IDEA plugin won't work with post-1.1.90
gpg.
2002-09-11 Werner Koch <wk@gnupg.org>
Released 1.1.92.
* configure.ac (random_modules): The default random module for
system lacking a /dev/random is now auto selected at runtime.
2002-09-09 David Shaw <dshaw@jabberwocky.com>
* NEWS: typo.
* configure.ac: Add a link test for LDAP without -lresolv for
HPUX. Remove "hstrerror" test as it is no longer needed.
2002-09-02 Werner Koch <wk@gnupg.org>
* README: Removed the note about a development version so that we
later don't forget this. Minor other changes.
2002-08-29 Werner Koch <wk@gnupg.org>
* configure.ac (random_modules): Reworked the code to select the
random module. Define USE_ALL_RANDOM_MODULES for value all.
2002-08-27 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Check type of mode_t.
* NEWS: Clarify that --libexecdir is a configure option.
* configure.ac: Check for hstrerror.
2002-08-19 David Shaw <dshaw@jabberwocky.com>
* NEWS: Document new ways to enable MDC, and change in automatic
compression disabling.
* configure.ac: No such thing as the "none" random gather any
longer.
2002-08-08 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Add an --enable-tiger.
* NEWS: Clarify new permission checks.
2002-08-07 David Shaw <dshaw@jabberwocky.com>
* configure.ac: If the static IDEA cipher is present, disable
dynamic loading. Also fix backwards grammar of keyserver
exec-path CHECKING message.
2002-08-05 Werner Koch <wk@gnupg.org>
* configure.ac: Bumbed version number.
2002-08-04 Werner Koch <wk@gnupg.org>
Released 1.1.91.
* configure.ac (ALL_LINGUAS): Added Catalan.
2002-08-02 Werner Koch <wk@gnupg.org>
* configure.ac: Removed all extension stuff but keep the tests for
dlopen. We don't need to figure out the flags required. All
stuff is now statically loaded.
2002-07-30 David Shaw <dshaw@jabberwocky.com>
* README, configure.ac: --with-exec-path is now clarified into
--disable-keyserver-path
* NEWS: changes since 1.1.90.
2002-07-24 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Include a GNUPG_LIBEXECDIR in g10defs.h, as well
as a SUBST for Makefiles.
2002-07-22 Timo Schulz <ts@winpt.org>
* configure.ac: Replace the 'c:/' variables with 'c:\' due
to the fact we already use '\' in the remaining code.
2002-07-08 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Add --with-mailprog to override the use of
sendmail with another MTA. We can use anything that follows the
"$MAILPROG -t" convention.
2002-07-04 David Shaw <dshaw@jabberwocky.com>
* configure.ac: --enable-exec-path should be a 'with'. Fix 'no'
cases of --with-exec-path and --with-photo-viewer.
* README: Document --disable-exec, --disable-photo-viewers,
--disable-keyserver-helpers, --enable-exec-path, and
--with-photo-viewer.
* configure.ac: Add --with-photo-viewer to lock the viewer at
compile time and --disable-keyserver-helpers and
--disable-photo-viewers to allow disabling one without disabling
the other.
2002-07-03 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Allow setting USE_EXEC_PATH to lock the exec-path
to a fixed value.
2002-07-01 Werner Koch <wk@gnupg.org>
* configure.ac: Set version number to 1.1.91.
Released 1.1.90.
* INSTALL: Replaced by generic install file.
* README: Marked as development version and moved most stuff of
the old INSTALL file to here.
2002-06-30 Werner Koch <wk@gnupg.org>
* configure.ac: Link W32 version against libwsock32.
2002-06-29 Werner Koch <wk@gnupg.org>
* configure.ac (development_version): New.
(HAVE_DEV_RANDOM_IOCTL): Removed test for it; it was never used.
* BUGS, AUTHORS: Add a note on how to send security related bug
reports.
2002-06-20 David Shaw <dshaw@jabberwocky.com>
* NEWS: changes since 1.0.7.
* configure.ac: Set new version number (1.1.90), and fix Solaris
compiler flags for shared objects.
2002-06-11 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Move -lsocket and -lnsl checks before LDAP link
tests so they work properly on Solaris. Noted by David Champion.
Also, check for the Mozilla LDAP library if the OpenLDAP library
check fails. Put -lsocket and -lnsl in NETLIBS rather than LIBS
so not all programs are forced to link to them.
2002-06-05 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Add a switch for the experimental external HKP
keyserver interface.
2002-05-22 Werner Koch <wk@gnupg.org>
* configure.ac: Check for strcasecmp and strncasecmp. Removed
stricmp and memicmp checks.
2002-05-08 David Shaw <dshaw@jabberwocky.com>
* configure.ac: If LDAP comes up unusable, try #including <lber.h>
before giving up. Old versions of OpenLDAP require that.
2002-05-03 David Shaw <dshaw@jabberwocky.com>
* configure.ac: In g10defs.h, use \ for the directory separator
when HAVE_DOSISH_SYSTEM is on.
* configure.ac: Add --disable-exec flag to disable all remote
program execution. --disable-exec implies --disable-ldap and
--disable-mailto. Also look in /usr/lib for sendmail. If
sendmail is not found, do not default - just fail.
2002-04-30 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Try and link to a sample LDAP program to check if
the LDAP we're about to use is really sane. The most common
problem (using a very old OpenLDAP), could be fixed with an extra
#include, but this would not be very portable to other LDAP
libraries.
otpCalc is an RFC2289 and RFC1760 compliant one time password
calculator, written to use the GTK+ library for screen I/O.
Contributed by Michael Santos <mike@ethmoid.org> in PR 18527.
Here is quote from 2.0's release announce but changes from 2.0 to 2.1 are
unknown.
New in this version of RATS:
RATS can now descend through directories recursively, analyzing any supported
source code it finds.
Ability to output results as HTML or XML.
Result output can contain the line of code that caused each problem to be
reported, along with the column number in the source file the problem was
detected at.
RATS will now report various statistics at the end of the reporting phase,
including total time spend on the analysis, and number of source lines analyzed.
Various database additions.
A new database file, rats-openssl, which aids in analyzing any code that
utilizes the OpenSSL C API. (Thanks to Ben Laurie for contributing this
database)
Changes :
+ PKCS12 certificate support, patch submitted by Beni Takahashi,
author of patch Daisuke Kuroda
+ Fixing compile warnings on Solaris 8/Sparc with Forte 7.0 about
implicit conversions and implicit declarations. Thanks to
Marek Rouchal for bug report.
- Removed unused dependency on URI::URL, thanks to Ric Steinberger
for pointing out this problem under perl 5.8.0
- fixed Makefile.PL use of dirname() which could error for perl 5.8.x
Thanks to Chip Turner of RedHat for patch.
- Fixed a runtime error with Net::SSL->proxy for running under
perl warnings with no proxy defined, which t/net_ssl.t test case
revealed.
+ Added t/net_ssl.t test for initializing a Net::SSL object
+ Added build auto-detect for 0.9.6+ and only then use OPENSSL_free
instead of free() since older OpenSSL like 0.9.4 did not have it.
+ Added ./net_ssl_test -CAfile documentation, and root CA file from mod_ssl
distribution at certs/ca-bundle.crt that can be used for general root CA
peer certificate verification.
+ Plus many bugs fixed and improvement... see CHANGES for more
Two recent changes :
v0.91
- Added support for SSL_peek and SSL_pending (peek() and
pending()). Updated documentation, tests, etc. to reflect
this.
v0.901 2002.08.19
- Fixed the warning that happens when sockets are not explicitly
closed() before the program terminates.
For full log, please see Changes
* Use bsd.pkg.install.mk and install the example xdm config files.
* Rename the rc.d script to "xdm_krb4.sh" and make it use /etc/rc.subr.
* Remove redundant MESSAGE; the INSTALL script says all the right things.
* Improved the default output so it creates multiple formatted lines
instead of single very long lines for each hit.
Use the new "--singleline" (-S) option to get the original
"long line" format.
* Removed duplicate "getpass" entry in the ruleset;
this didn't hurt anything, but was unnecessary.
Thanks to the user who gave me that feedback, wish I'd kept your
email address so I could credit you properly :-).
* Added a short tutorial to man page.
* Fixed initial upper/lower case on many entries in the ruleset.
* Allow "--input" as a synonym for "--inputs".
headers in ${BUILDLINK_DIR}, simply create BUILDLINK_CPPFLAGS.<pkg>
variables whose values are appended to CPPFLAGS, which are automatically
passed to the configure and build processes.
BUILDLINK_TRANSFORM.<pkg> has little use in buildlink2 since packages are
now told that the software may be found where it really is installed, not
in ${BUILDLINK_DIR} as was the case with buildlink1. Eventually, these
variables will be declared unsupported by buildlink2.
extension Makefile fragments, because they really don't have anything to
do with the buildlink[12] frameworks. Change all the Makefiles that use
application.buildlink.mk and extension.buildlink.mk to use application.mk
and extension.mk instead.
OPENSSH_USER
OPENSSH_UID
OPENSSH_GROUP
OPENSSH_GID
OPENSSH_CHROOT
Use these to automatically create user/group if they do not already
exist. Assists platforms which do not have an 'sshd' user by default,
while adding flexibility for NetBSD systems.
Checked by Stoned Elipot <seb@netbsd.org>.
It should be fixed in error of bulk build, too.
$Id: ChangeLog,v 1.43 2002/07/24 14:46:52 gotoyuzo Exp $
'OpenSSL for Ruby' project
Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz>
All rights reserved.
$Log: ChangeLog,v $
Revision 1.43 2002/07/24 14:46:52 gotoyuzo
* lib/openssl/buffering.rb: typo fixed. (Thakns NaHi)
Revision 1.42 2002/07/24 12:31:31 gotoyuzo
* ossl.c: should include <sys/time.h> if it exists. (Thanks Knu)
Revision 1.41 2002/07/24 09:56:17 gotoyuzo
* ossl-0.1.2 released
Revision 1.40 2002/07/23 20:23:30 gotoyuzo
* lib/net/https.rb: follow net/http.rb Rev: 1.41.2.18 (ruby_1_6)
Revision 1.39 2002/07/23 10:49:19 gotoyuzo
* ossl_ssl.c: should raise exception while SSL_write returns 0.
Revision 1.38 2002/07/23 10:45:25 gotoyuzo
* ossl.h: include <openssl/e_os.h>
* ossl.c: workaround to convert into UTC time.
* lib/openssl.rb: fix string embeded expression.
Revision 1.37 2002/04/07 16:35:32 majkl
* Macros fixups
* X509ExtFactory cleanup
* fixed strptime warning on Linux
* X509::Certificate#version has been changed!
!!! WARNING !!!
x509.version = 2 -> defines X509v3, (0 for v1, 1 for v2, ...)
p x509.version -> 2, means that it is X509v3
!!! WARNING !!!
Revision 1.36 2002/03/11 21:35:39 majkl
* Cipher IV fixup
Revision 1.35 2002/03/11 17:20:22 majkl
* Big internal cleanup (all structs with only 1 member rearranged)
* improved getting time_t from cTime
Revision 1.34 2002/03/06 08:05:05 majkl
* build fix-ups
Revision 1.33 2002/03/05 15:05:57 majkl
* WARNING! All to_str methods are not used any longer (use to_text instead)
* made an aliases to_pem as to_s
* more relaxed params checking - everywhere where string was needed it is OK that obj implements to_s method
Revision 1.32 2002/02/23 07:28:00 majkl
* More benevolent checks (Check_SafeStr(x) -> Check_Type(x, T_STRING)
(where we don't care)
Revision 1.31 2002/02/20 08:43:54 majkl
* Fixed some memory leaks
Revision 1.30 2002/02/13 13:09:49 majkl
* transition from rb_raise to OSSL_Raise (where possible)
* some mem checks
* preliminary DH key support
* OpenBSD 3.1 SA 010: Receiving IKE payloads out of sequence can cause
isakmpd(8) to crash.
* A rewrite of the CRL support code, also from <Thomas.Walpuski@gmx.net>.
Some style mods, and checks added for OpenSSL version 0.9.7 or later.
Currently CRLs are not supported for earlier versions.
Manual pages updated.
* Handle configuration lines that end in whitespace or ^M.
Also avoid a potential memory leak.
* Start for support of IKECFG in SET/ACK mode. Server side only so far.
* Fix keyed HMAC where the key was longer than the blocksize
libcrypt-before-libcrypto into a section that is protected by something
we can set in the configure script (check_for_libcrypt_before). This
should fix the latter part of pkg/18091 by grant beattie.
msudir allows enabled users to easily manage 'setuid' scripts and
binaries. A directory containing scripts or other executables is
created inside the basedir for each destination user. Any user is
then able to invoke the script 'bar' in the directory 'fu' via
'msudir fu/bar'. The script will be run under the uid and primary
gid of the destination user. Some effort is taken to sanitise the
arguments and environment, but msudir should not be used without
an understanding of the security implication.
msudir allows enabled users to easily manage 'setuid'
scripts and binaries. A directory containing scripts or
other executables is created inside the basedir for each
destination user. Any user is then able to invoke the script
'bar' in the directory 'fu' via 'msudir fu/bar'. The script
will be run under the uid and primary gid of the destination
user. Some effort is taken to sanitise the arguments and
environment, but msudir should not be used without an
understanding of the security implication.
* An experimental interface to GnuPG's --edit-key functionality is
introduced, see gpgme_op_edit.
* The new gpgme_import_ext function provides a convenient access to
the number of processed keys.
* It is possible to use an outside event loop for the I/O to the
crypto engine by setting the I/O callbacks with gpgme_set_io_cbs.
* GPGME_ATTR_OTRUST is implemented now.
* A first step toward thread safeness has been achieved, see the
documentation for details. Supported thread libraries are pthread
and Pth.
* All error output of the gpgsm backend is send to the bit bucket.
* The signature verification functions are extended. Instead of
always returning GPGME_SIG_STATUS_GOOD, the functions new codes for
expired signatures.
* The current passphrase callback and progress meter callback can be
retrieved with the new functions gpgme_get_passphrase_cb and
gpgme_get_progress_cb respectively.
* gpgme_op_encrypt can be called with RECIPIENTS being 0. In this
case, symmetric encryption is performed. Note that this requires a
passphrase from the user.
* More information is returned for X.509 certificates.
* Interface changes relative to the 0.3.4 release:
* gpgme_op_encrypt does now fail with GPGME_Invalid_Recipients if
some recipients have been invalid, whereas earlier versions
succeeded in this case.
* gpgme_op_verify now allows to pass an uninitialized data object as
its plaintext argument to check for normal and cleartext
signatures. The plaintext is then returned in the data object.
* New interfaces gpgme_set_include_certs and gpgme_get_include_certs
to set and get the number of certifications to include in S/MIME
signed messages.
* New interfaces gpgme_op_encrypt_sign and gpgme_op_encrypt_sign_start
to encrypt and sign a message in a combined operation.
* New interface gpgme_op_keylist_ext_start to search for multiple patterns.
* gpgme_key_get_ulong_attr supports the GPGME_ATTR_EXPIRE attribute.
* Interface changes relative to the 0.3.3 release:
* Fix the Makefile in jnlib.
* Fix the test suite (hopefully). It should clean up all its state
with `make check' now.
* Remove erroneous dependency on libgcrypt in jnlib.
* There is a Texinfo manual documenting the API.
* The gpgme_set_keylist_mode function returns an error, and changed
its meaning. It is no longer usable to select between normal and
fast mode (newer versions of GnuPG will always be fast), but
selects between local keyring, remote keyserver, or both.
For this, two new macros are defined, GPGME_KEYLIST_MODE_LOCAL
and GPGME_KEYLIST_MODE_EXTERN. To make it possible to modify the
current setting, a fucntion gpgme_get_keylist_mode was added to
retrieve the current mode.
* gpgme_wait accepts a new argument STATUS to return the error status
of the operation on the context. Its definition is closer to
waitpid() now than before.
* The LENGTH argument to gpgme_data_new_from_filepart changed its
type from off_t to the unsigned size_t.
* The R_HD argument to the GpgmePassphraseCb type changed its type
from void* to void**.
* New interface gpgme_op_trustlist_end() to match
gpgme_op_keylist_end().
* The CryptPlug modules have been renamed to gpgme-openpgp and
gpgme-smime, and they are installed in pkglibdir by `make install'.
* An idle function can be registered with gpgme_register_idle().
* The GpgSM backend supports key generation with gpgme_op_genkey().
