scheduled import of www/p5-Catalyst-Authentication-Store-Htpasswd,
which is recommended by the update of editors/p5-Padre-Plugin-Catalyst.
This module provides a convenient, object-oriented interface to Apache-style
.htpasswd files. It supports passwords encrypted via MD5, SHA1, and crypt,
as well as plain (cleartext) passwords. Additional fields after username
and password, if present, are accessible via the extra_info array.
5.48 Mon Jan 4 16:32:52 MST 2010
- fixed "shasum -a0" option (ref. rt.cpan.org #53319)
-- incorrectly accepted 0 as a valid algorithm
-- thanks to Zefram for patch
- updated URL for NIST test vectors
-- ref. files t/nistbit.t, t/nistbyte.t
-- thanks to Leon Brocard for patch
Version 4.29, 2009.12.02, urgency: MEDIUM:
* New features sponsored by Searchtech Limited http://www.astraweb.com/
- sessiond, a high performance SSL session cache was built for stunnel.
A new service-level "sessiond" option was added. sessiond is
available for download on ftp://stunnel.mirt.net/stunnel/sessiond/ .
stunnel clusters will be a lot faster, now!
* Bugfixes
- "execargs" defaults to the "exec" parameter (thx to Peter Pentchev).
- Compilation fixes added for AIX and old versions of OpenSSL.
- Missing "fips" option was added to the manual.
Version 4.28, 2009.11.08, urgency: MEDIUM:
* New features
- Win32 DLLs for OpenSSL 0.9.8l.
- Transparent proxy support on Linux kernels >=2.6.28.
See the manual for details.
- New socket options to control TCP keepalive on Linux:
TCP_KEEPCNT, TCP_KEEPIDLE, TCP_KEEPINTVL.
- SSL options updated for the recent version of OpenSSL library.
* Bugfixes
- A serious bug in asynchronous shutdown code fixed.
- Data alignment updated in libwrap.c.
- Polish manual encoding fixed.
- Notes on compression implementation in OpenSSL added to the manual.
pkgsrc changes:
- Adjusting license definition
Upstream changes:
1.08 - Wed Dec 9 18:20:22 2009
* Promoting development release to full release.
* This release mainly clarifies the licensing.
1.07_02 - Tue Nov 4 02:21:27 2008
* RT #40511: Give a better warning when you try to use tainted
data as an initialization vector. If anyone wants to use
tainted data, they can patch the code to accept it.
1.07_01 - Tue Oct 14 08:59:58 2008
* Clarify that these files are under the Lesser GNU Public License
(also known as the Library GNU Public License).
changes:
* The default for --include-cert is now to include all certificates
in the chain except for the root certificate.
* Numerical values may now be used as an alternative to the
debug-level keywords.
* The GPGSM --audit-log feature is now more complete.
* GPG now supports DNS lookups for SRV, PKA and CERT on W32.
* New GPGSM option --ignore-cert-extension.
* New and changed passphrases are now created with an iteration count
requiring about 100ms of CPU work.
Approved by agc@.
Changes between 0.9.8k and 0.9.8l [5 Nov 2009]
*) Disable renegotiation completely - this fixes a severe security
problem (CVE-2009-3555) at the cost of breaking all
renegotiation. Renegotiation can be re-enabled by setting
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
run-time. This is really not recommended unless you know what
you're doing.
[Ben Laurie]
* Not only interix-3, but also treat all interix release, allow to build on SUA.
* Gave up randomized image base, use 0x5e000000, as in mk/platform/Interix.mk.
It is workaround of PR 42369.
* Use -D_REENTRANT flags for threads.
* replace -Wl,soname= linker flags with -Wl,h, for Interix
Major changes between sudo 1.7.2p1 and 1.7.2p2:
* Fixed a a bug where the negation operator in a Cmnd_List
was not being honored.
* Sudo no longer produces a parse error when #includedir references
a directory that contains no valid filenames.
* The sudo.man.pl and sudoers.man.pl files are now included in
the distribution for people who wish to regenerate the man pages.
* Fixed the emulation of krb5_get_init_creds_opt_alloc() for MIT kerberos.
* When authenticating via PAM, set PAM_RUSER and PAM_RHOST early so
they can be used during authentication.
an "idea" option, but that was removed more than a year ago when it
got updated from 1.2 to 1.4
The patch was was used on gnupg2 in the "idea" case was just a four-line
memory initialization fix, there is no point in LICENSE restrictions
due to this, so I've pulled it in as regular patch so that it doesn't
get lost for the case someone fixes idea support in libgcrypt
(which isn't hard).
noticed by OBATA Akio per mail to pkgsrc-users.
This makes most sense to me since gnupg2 doesn't install a gpg-zip
intentionally. Since possible clients of gpg-zip should have a
dependency on gnupg1, we can't take over easily. Once we are sure
that gnupg2 can fully replace gnupg1, we might consider to install
eg symlinks gpg->gpg2 etc and make gnupg1 obsolete, but this needs
careful testing.
changes: many fixes and improvements
reviewed by John R. Shannon
pkgsrc notes:
-since S/MIME support is the biggest difference in functionality over
gnupg1, enable it per default -- my tests (with the s/mime plugin
of claws-mail) worked
-left the build against a private libassuan with GNU-pth support
alone for now, just updated libassuan to 1.0.5. We might build
pkgsrc/libassuan against pkgsrc/pth at some point, but this needs
to be checked for side effects. (As this pkg doesn't export a library
which might propagate the pth dependency, the possibility of
pthread-pth conflicts should be limited. Other uses of libassuan
need to be checked.)
changes:
* New option --url for the LOOKUP command and dirmngr-client.
* The LOOKUP command does now also consults the local cache. New
option --cache-only for it and --local for dirmngr-client.
* Port to Windows completed.
* Improved certificate chain construction.
* Support loading of PEM encoded CRLs via HTTP.
* Client based trust anchors are now supported.
* Configured certificates with the suffix ".der" are now also used.
* Libgcrypt 1.4 is now required.
reviewed by John R. Shannon
pkgsrc notes:
I've left the build against a private libassuan with GNU-pth support
alone for now, just updated libassuan to 1.0.5. We might build
pkgsrc/libassuan against pkgsrc/pth at some point, but this needs
to be checked for side effects. (As this pkg doesn't export a library
which might propagate the pth dependency, the possibility of
pthread-pth conflicts should be limited. Other uses of libassuan
need to be checked.)
Beiing here, support DESTDIR.
-don't pull in gnupg2's "gpgconf" if both gnupg1 and gnupg2 are installed
but we are building against gnupg1, this caused a build failure
-fix a selftest to work with gnupg2
Changes in version 2.28.2 are:
* Add license to reference documentation.
* Sent output of g_printerr to syslog.
* No error when can't unlock login keyring.
* Fix assertion when comparing attributes.
* Fix freeing of unallocated memory in test.
* Don't barf on certificates with unsupported algorithm.
* Fix some memory leaks.
[Changes for 0.61]
* Added "=encoding utf8" to POD to fix author name display.
No functional changes.
[Changes for 0.60]
* LICENSING CHANGE: This compilation and all individual files in it
are now under the nullary CC0 1.0 Universal terms:
To the extent possible under law, 唐鳳 has waived all copyright and
related or neighboring rights to Module-Signature.
* Updated Module::Install to 0.91, prompted by Florian Ragwitz.
0.42 Wed Sep 30 23:20:58 JST 2009
* Support for GPG2
0.41_01 Fri Sep 25 02:56:33 JST 2009
* Beginnings of support for GPG2
0.40_04 Tue Apr 21 19:50:12 JST 2009
* Use Any::Moose instead of Moose for Mouse celerity (Sartak)
0.40_1 Sat Nov 15 12:35:59 EST 2008
* [rt.cpan.org #40963] Replace Class::MethodMaker with Moose (Chris Prather)
Noteworthy changes in version 1.4.5 (2009-12-11)
------------------------------------------------
* Fixed minor memory leak in DSA key generation.
* No more switching to FIPS mode if /proc/version is not readable.
* Fixed a sigill during Padlock detection on old CPUs.
* Fixed a hang on some W2000 machines.
* Boosted SHA-512 performance by 30% on ia32 boxes and gcc 4.3;
SHA-256 went up by 25%.
Apart from infrastructure changes, there are the following functional ones:
+ Update to version 1.99.14/20091210
+ provide a new netpgp_match_list_keys(3) function to perform a
regular-expression based search of all the keys in the keyring. If no
pattern is specified to match, then all keys are returned.
+ provide a new netpgp_set_homedir(3) function, and use it to set the
home directory from the library, rather than individually in all the
programs which use the library
+ provide a new netpgp_incvar(3) function which will add a constant
increment (which may be negative) to the value of an internal
variable. This is primarily used for the verbosity level within the
library, and is again a movement of the function into the library from
the individual programs which use the library
+ move to the specification of an ssh key file by internal variable,
rather than the directory holding an ssh key file
+ autoconf infrastructure changes
+ take a hammer to the _GNU_SOURCE definitions problems
+ don't rely on strnlen(3) being present everywhere
+ add rudimentary support for ssh keys
+ add a netpgp library function - netpgp_get_key(3) - to print a
specific key
+ add functionality to call this function in netpgpkeys(1)
+ add test for netpgp_get_key
+ add a verbose switch to the tst script
+ add netpgp functions to expose the memory signing and verification
functions - netpgp_sign_memory(3) and netpgp_verify_memory(3)
+ coalesced signing and verification ops file functions
The seccure toolset implements a selection of asymmetric
algorithms based on elliptic curve cryptography (ECC). In
particular it offers public key encryption / decryption,
signature generation / verification and key establishment.
ECC schemes offer a much better key size to security ratio
than classical systems (RSA, DSA). Keys are short enough to
make direct specification of keys on the command line possible
(sometimes this is more convenient than the management of
PGP-like key rings). seccure builds on this feature and
therefore is the tool of choice whenever lightweight
asymmetric cryptography -- independent of key servers,
revocation certificates, the Web of Trust or even
configuration files -- is required.
collection - kudos to Jan Schaumann for pointing it out.
PAM module which permits authentication for arbitrary services
via ssh-agent. Written with sudo in mind, but like any auth
PAM module, can be used for for many purposes.
and "root" user-less platforms.
* replace one bash script shbang (for safe side, may bone shell is sufficient).
* fix PLIST for PR 40993.
add missing entries and back plist vars replaced for Darwin-apple excessively.
Bump PKGREVISION.
On SP initiated logout, the SP x509 certificate was included in the
HTTP redirect URL. First this was an SAML standard violation, and second
it inflated the URL beyond 2038 bytes, which is the maximum length for
IE7 and prior. As a result, SP initated single logout was broken with IE7
and prior versions.
changes:
-Support for the "aes128-ctr", "aes192-ctr", "aes256-ctr" ciphers
-Support for the "arcfour128" cipher
-Fix crash when server sends an invalid SSH_MSG_IGNORE message
1.) Use "hashlib" instead of "sha" module if possible.
2.) Use "subprocess" module instead of os.popen3().
Both changes tested with Python 2.4 and 2.6.
Pkgsrc-related improvements:
1.) Support "user-destdir" installation (no changes required).
2.) Set license to "gnu-gpl-v2".
3.) Reduce patches by recording the fact that the manual page gets
compressed automatically (which "pkgsrc" handles fine) instead
of trying to prevent that.
This is Crypt::ECB, a Perl-only implementation of the ECB mode. In
combination with a block cipher such as DES, IDEA or Blowfish, you can encrypt
and decrypt messages of arbitrarily long length. Though for security reasons
other modes than ECB such as CBC should be preferred. See textbooks on
cryptography if you want to know why.
In addition to this module you will need to install one or more of the
Crypt::DES, Crypt::IDEA, or Crypt::Blowfish modules.
changes:
-bugfixes
-API extensions
-documentation improvement
-The encoding of gpgme_data_t objects can affect the output encoding
of export, sign and encrypt operations now
-Using GPGME_KEYLIST_MODE_LOCAL combined with
GPGME_KEYLIST_MODE_EXTERN is now supported
0.9.0-beta8:
- Include spamhaus_drop.dat in the source distribution. Fix installation
issue (closes#364).
0.9.0-beta7:
- Initial SpamhausDrop plugin implementation, by
Wes Young <wes@barely3am.com> (closes#363)
- Do not discard --root parameters if prefix is absolute.
- Python 2.4 backward compatibility fixes.
- Handle plugin loading error gracefully.
- Improve WormPlugin accuracy, and make it carry a reference to the
initial event. The plugin used to alert when seeing an alert to a
given target, and this same alert going back to the source. This can
happen in a number of case (example: Netbios alert triggered by Snort)
As of now, the plugin will wait for the events to be repeated against
at least 5 differents hosts.
- Dshield CorrelationAlert now handle multiples events. Previously, we
used to generate a single Dshield CorrelationAlert for each events
where the source address would match the Dshield database. The plugin
now generate CorrelationAlert for multiples events received from the
same source.
* Version 2.8.5 (released 2009-11-02)
** libgnutls: In server side when resuming a session do not overwrite the
** initial session data with the resumed session data.
** libgnutls: Fix PKCS#12 encoding.
The error you would get was "The OID is not supported.". Problem
introduced for the v2.8.x branch in 2.7.6.
** guile: Compatibility with guile 2.x.
By Ludovic Courtes <ludovic.courtes@laas.fr>.
** tests: Fix expired cert in chainverify self-test.
** tests: Fix time bomb in chainverify self-test.
Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.
** API and ABI modifications:
No changes since last version.
* Version 2.8.4 (released 2009-09-18)
** libgnutls: Enable Camellia ciphers by default.
** libgnutls: Make OpenPGP hostname checking work again.
The patch to resolve the X.509 CN/SAN issue accidentally broken
OpenPGP hostname comparison.
** libgnutls: When printing X.509 certificates, handle XMPP SANs better.
Reported by Howard Chu <hyc@symas.com> in
<https://savannah.gnu.org/support/?106975>.
** API and ABI modifications:
No changes since last version.
* gpgsigs:
+ Added patch from Roland Rosenfeld to support RIPEMD160 checksum.
(Closes: #533747).
+ Updated man page to mention support for SHA256 and RIPEMD160 checksum.
+ Made removal of nonexistent photos quiet by the use of the force option.
+ Updated generated tex file in latex mode so that it uses the grffile
package. This allows pdflatex to process our tex file assuming the photos
are previously converted to PDF. (Closes: #542478)
* caff: Updated check for the local-user keyids.
+ Moved the current check to a new function get_local_user_keys().
+ Warned the user if a local-user keyid is not listed as a keyid in
./caffrc. (Closes: #540165).
* gpgdir: New upstream release.
* gpg-mailkeys:
+ The charset for the text of the message is deduced from the charset used
by ~/.gpg-mailkeysrc and ~/.signature.
The text message is encoded in quoted printable and thus it requires a
new dependency on qprint in debian/control. (Closes: #545186)
+ Mentionned both the .gpg-mailkeysrc and .signature files in the manpage.
- fix the configuration path and file, so it can use the proper user:group
and the chroot
- fix some pkglint warnings regarding PKG_OPTIONS: 'pthread' => 'threads',
'libwrap' => 'tcpwrappers' (in accordance to mk/defaults/options.description)
Bump PKGREVISION.
Upstream changes:
v1.31 2009.09.25
- add and export constants for SSL_VERIFY_*
- set SSL_use_cert if cert is given and not SSL_server
- support alternative CRL file with SSL_crl_file thanks to patch of
w[DOT]phillip[DOT]moore[AT]gmail[DOT]com
- Fix references to the confdir.
- Fix headers so thirdparty apps can be built with pcsc-lite from pkgsrc.
- Some minor changes to fix pkglint warnings.
- Bump PKGREVISION.
- Use SWIG 1.3.39 to generate bindings code, fixes Prewikka compatibility
problem because of SWIG version mismatch between libprelude/libpreludedb
modules.
* USB code for BSD fixed by Emmanuel Dreyfus
* Add support for Rutoken S by Aktiv Co. / Aleksey Samsonov
* Plus some fixes to Info.plist (for users combining openct with pcsc-lite).
