- No need for /usr/lib/sasl2 anymore: INSTALL script removed, DEINSTALL
script tuned.
- Removed auto* tools dependencies by providing patch files for generated
configure and Makefile.in.
- Use ${PKGDIR} instead of ${.CURDIR} for PLIST_SRC files.
- `--with-rc4' does not need an argument.
- Use BUILDLINK_PREFIX.whatever instead of BUILDLINK_DIR.
- Fix GSSAPI build for non-current NetBSD, this includes patch-ag removal.
- Fix PLIST handling by providing PLIST.post (lib/sasl2 removal at deinstall
time) and fixing PLIST.common (include/sasl removal at deinstall time).
- Bump BUILDLINK_DEPENDS.cyrus-sasl in buildlink2.mk.
- Work around problem introduced by LTCONFIG_OVERRIDE and direct usage
of ac_cv_can_build_shared in configure.in as suggested by Nick Hudson.
Remove patch-ab (sasl-config is gone btw, it was not needed anyway).
This should fix plugins shared libs problem as reported -among other-
in PR pkg/19001 by Stephen Degler <sdegler at degler dot net>.
Version 0.9
* Fixed bugs
* Added support for keyed md check of db and config
* Removed dependancy on libgcrypt
* Added dependancy on mhash
Version 0.8
* Fixed loads and loads of bugs
* Added syslog backend
* Report format changed
* added lots of parameters see man page and configure --help
* added ACL support for SunOS 5.x (and compatibles)
* libgcrypt is now separate and required
Version 0.7
* Bug fixes
* Compressed database support
* Linkname checking
* Mhash support (version 0.8.1 of mhash required)
Version 0.8.17 (released October 4 2002)
- Corrected the HEX key mode. Refuses to convert hex strings longer
than the given key size.
- Corrected some memory leaks in keygen_s2k. Patch by Bob Mathews
<bobmathews@alumni.calpoly.edu>
- Corrected wrong use of sizeof in hmac_test. Reported by Ellis Pritchard
<ellispritchard@users.sf.net>
Version 0.8.16 (released May 29 2002)
- Code cleanups and optimizations
- Added configure time options to disable certain algorithms
Version 0.8.15 (released May 24 2002)
- Corrected Iterated S2K
- Made all static tables constant (pointed out by Darryl Miles <darryl@netbauds.net>)
Version 0.8.14 (release March 28 2002)
- mhash_deinit() and mhash_hmac_deinit() now accept a null digest parameter
- Corrected memory leaks (patch by Gustavo Niemeyer <niemeyer@conectiva.com>)
- Corrected bug in Gost hash algorithm (pointed out by Mike Gorchak <mike@malva.ua>)
Version 0.8.13 (released November 18 2001)
- Added ADLER32 algorithm (implementation by Manuel Kasper <mk@neon1.net>)
Version 0.8.12 (released October 29 2001)
- Corrected bugs in mhash_get_name() functions
- Added SHA-256 from libnettle.
Version 0.8.11 (released October 21 2001)
- added mhash_save_state_mem() and mhash_restore_state_mem() functions,
initial patches and idea by Blake Stephen <Stephen.Blake@veritect.com>
- Added mhash_get_name_static()
- Corrected mhash_get_name() and mhash_count()
Version 0.8.10 (released on July 12 2001)
- New mhash_deinit() and mhash_hmac_deinit() functions based on the
proposal, and patches by William Ahern <wahern@25thandClement.com>
SASL_USE_GSSAPI is defined to yes. Note untested as I don't have kerberos
setup, it probably won't work until some patches are put in to fix plugins
not working.
Changes in release 1.2.1:
* kadmind: fix remote exploit
Changes in release 1.2:
* fix buffer overrun in ftp
* fix openssl building
* don't try to force encryption in telnet if not talking to a default
telnet port
* recognise AIX 5
* should work with more DB libraries
This is the latest release of cyrus-sasl. It is needed for the 2.1.x
versions of cyrus-imapd.
SASL is a method for adding authentication support to connection-based
protocols. To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating protection
of subsequent protocol interactions. If its use is negotiated, a security
layer is inserted between the protocol and the connection.
Major user visible changes are:
* The library dependencies for OpenLDAP seem to change fairly
frequently, and GnuPG's configure script cannot guess all the
combinations. Use ./configure LDAPLIBS="-L libdir -l libs" to
override the script and use the libraries selected.
* Secret keys generated with --export-secret-subkeys are now
indicated in key listings with a '#' after the "sec", and in
--with-colons listings by showing no capabilities (no lowercase
characters).
* --trusted-key has been un-obsoleted, as it is useful for adding
ultimately trusted keys from the config file. It is identical
to using --edit and "trust" to change a key to ultimately
trusted.
* The usual bug fixes as well as fixes to build problems on some
systems.
Note that patch-aa and patch-ab are no longer needed as was, patch-aa now
contains fixes to handle dlsym errors properly.
Also now include libiconv/buildlink2.mk as gnupg looks for iconv.
Fixes pkg/18221.
of libraries and linker flags needed to link against libsasl. Bump
PKGREVISION and bump the BUILDLINK_DEPENDS as packages will be needing to
use a version of cyrus-sasl with a correct sasl-config.
pyCA tries to make it easier for people to set up and run a organizational
certificate authority which fulfills the need for a fairly secure
certification processing. The package also tries to reduce administrative
tasks and user's frustration by providing a comfortable web interface to
users contacting the certificate authority.
Changes since 1.2.0:
1.2.6 :
. changes by Michael Slifcak (Michael.Slifcak@guardent.com)
- Added Bugtraq cross reference in the plugins
- Added support for BID in nessusd (this has yet to be done on the
client side)
. changes by Axel Nennker (Axel.Nennker@t-systems.com)
- fixed the xml and html outputs
- fixed array issues in a couple of plugins
. changes by Michel Arboi (arboi@bigfoot.com)
- find_service now detects services protected by TCP wrappers or ACL
- find_service detects gnuserv
- ptyexecvp() replaced by nessus_popen() (*)
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Fixed a bug which may make nasl interpret backquoted strings
(\n and \r) received from the network (problem noted by Pavel Kankovsky)
- nmap_wrapper.nes calls _exit() instead of exit() (*)
- Solved the lack of bpf's on Free/Open/NetBSD and MacOSX by
sharing _one_ among all the Nessus processes. As a result, Nessus's
ping is much more effective on these platforms
- bugfix in plug_set_key() which would eventually make some scripts
take too long when writing in the KB
- Plugins of family ACT_SETTINGS are run *after* plugins of family
ACT_SCANNERS
- replaced the implementation of md5 which was used when OpenSSL is disabled
by the one from RSA (the old one would not work on a big-endian host)
- Fixed plugins build issues on MacOS X
- The nessus client compiles and links against GTK+-2.0. Of course, it will
be horrible and instable, as the GTK team does not care about backward
compatibility
(*) These two modifications solve the problems of nmap hanging under FreeBSD
1.2.5 :
. changes by Michel Arboi (arboi@bigfoot.com)
- find_service now displays unknown services that run on assigned ports
- read_stream_connection smarter (smaller timeout)
- find_service sometimes declared IDENT as "unknown"
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Fixed a deadlock that would prevent some plugins from completing
- Fixed a possible (although rare) corruption issue in the reports
(the script IDs could under some circumstances be random)
- Fixed a potential segfault in the execution of nasl scripts
1.2.4 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Reverted back to autoconf 2.13.
- Bug fix in nessus-core/nessusd/pluginlaunch.c - under some circumstances,
data might have be lost in the reports
- Fixed a bug in several plugins for web checks (under some circumstances,
a plugin would do N x N checks against the remote web servers (where
N equals to the number of web servers running on the remote host)
1.2.3 :
. changes by Isaac Dawson (idawson@securitymanagementpartners.com)
- New html output layout.
. changes by Pasi Eronen (pasi.eronen@nixu.com)
- fix in nmap_wrapper
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Fixed a bug which could make, under some circumstances, make nessusd
crash the host it is running on.
- If the option log_whole_attack is set to "no", then only the begining
and the end of the attack is logged (and not the time each plugin takes)
- Improved no404.nasl to further reduce false positives
- Bug fix in nessusd - under some rare circumstances, report data could
be lost (if many many plugins were enabled at the same time and were
sending data at the same time).
- UDP packets are resent while we wait for a reply (avoids to loose packets
en route)
- Fixed the option "auto_enable_dependencies" which would not always work
- Sending a SIGTERM to the nessus client during a command line scan
forces it to save its result to the current test file
- Non-printables characters are not shown in the report any more
1.2.2 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- In the GUI, while running a scan, plugins names are only updated once
in a while (saves CPU)
- Bugfix in the client : some host names would make the client crash
- Repaired the '-P' switch in the client
1.2.1 :
. changes by Simon Law (sfllaw@engmail.uwaterloo.ca)
- Made a manpage for nessus-mkcert-client(1) and have it installed by
the Makefile
- Revised most other manpages for missing information and to increase
clarity
2002-09-21 Werner Koch <wk@gnupg.org>
Released 1.2.0.
* configure.ac: Bumbed version number and set development version
to no.
2002-09-19 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Try linking LDAP as just -lldap as it seems very
recent OpenLDAPs (>=2.0.23) support that.
2002-09-14 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Try linking LDAP without -lresolv first, just in
case the platform has libresolv, but doesn't actually need it to
use LDAP.
2002-09-12 David Shaw <dshaw@jabberwocky.com>
* NEWS: Note that the old IDEA plugin won't work with post-1.1.90
gpg.
2002-09-11 Werner Koch <wk@gnupg.org>
Released 1.1.92.
* configure.ac (random_modules): The default random module for
system lacking a /dev/random is now auto selected at runtime.
2002-09-09 David Shaw <dshaw@jabberwocky.com>
* NEWS: typo.
* configure.ac: Add a link test for LDAP without -lresolv for
HPUX. Remove "hstrerror" test as it is no longer needed.
2002-09-02 Werner Koch <wk@gnupg.org>
* README: Removed the note about a development version so that we
later don't forget this. Minor other changes.
2002-08-29 Werner Koch <wk@gnupg.org>
* configure.ac (random_modules): Reworked the code to select the
random module. Define USE_ALL_RANDOM_MODULES for value all.
2002-08-27 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Check type of mode_t.
* NEWS: Clarify that --libexecdir is a configure option.
* configure.ac: Check for hstrerror.
2002-08-19 David Shaw <dshaw@jabberwocky.com>
* NEWS: Document new ways to enable MDC, and change in automatic
compression disabling.
* configure.ac: No such thing as the "none" random gather any
longer.
2002-08-08 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Add an --enable-tiger.
* NEWS: Clarify new permission checks.
2002-08-07 David Shaw <dshaw@jabberwocky.com>
* configure.ac: If the static IDEA cipher is present, disable
dynamic loading. Also fix backwards grammar of keyserver
exec-path CHECKING message.
2002-08-05 Werner Koch <wk@gnupg.org>
* configure.ac: Bumbed version number.
2002-08-04 Werner Koch <wk@gnupg.org>
Released 1.1.91.
* configure.ac (ALL_LINGUAS): Added Catalan.
2002-08-02 Werner Koch <wk@gnupg.org>
* configure.ac: Removed all extension stuff but keep the tests for
dlopen. We don't need to figure out the flags required. All
stuff is now statically loaded.
2002-07-30 David Shaw <dshaw@jabberwocky.com>
* README, configure.ac: --with-exec-path is now clarified into
--disable-keyserver-path
* NEWS: changes since 1.1.90.
2002-07-24 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Include a GNUPG_LIBEXECDIR in g10defs.h, as well
as a SUBST for Makefiles.
2002-07-22 Timo Schulz <ts@winpt.org>
* configure.ac: Replace the 'c:/' variables with 'c:\' due
to the fact we already use '\' in the remaining code.
2002-07-08 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Add --with-mailprog to override the use of
sendmail with another MTA. We can use anything that follows the
"$MAILPROG -t" convention.
2002-07-04 David Shaw <dshaw@jabberwocky.com>
* configure.ac: --enable-exec-path should be a 'with'. Fix 'no'
cases of --with-exec-path and --with-photo-viewer.
* README: Document --disable-exec, --disable-photo-viewers,
--disable-keyserver-helpers, --enable-exec-path, and
--with-photo-viewer.
* configure.ac: Add --with-photo-viewer to lock the viewer at
compile time and --disable-keyserver-helpers and
--disable-photo-viewers to allow disabling one without disabling
the other.
2002-07-03 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Allow setting USE_EXEC_PATH to lock the exec-path
to a fixed value.
2002-07-01 Werner Koch <wk@gnupg.org>
* configure.ac: Set version number to 1.1.91.
Released 1.1.90.
* INSTALL: Replaced by generic install file.
* README: Marked as development version and moved most stuff of
the old INSTALL file to here.
2002-06-30 Werner Koch <wk@gnupg.org>
* configure.ac: Link W32 version against libwsock32.
2002-06-29 Werner Koch <wk@gnupg.org>
* configure.ac (development_version): New.
(HAVE_DEV_RANDOM_IOCTL): Removed test for it; it was never used.
* BUGS, AUTHORS: Add a note on how to send security related bug
reports.
2002-06-20 David Shaw <dshaw@jabberwocky.com>
* NEWS: changes since 1.0.7.
* configure.ac: Set new version number (1.1.90), and fix Solaris
compiler flags for shared objects.
2002-06-11 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Move -lsocket and -lnsl checks before LDAP link
tests so they work properly on Solaris. Noted by David Champion.
Also, check for the Mozilla LDAP library if the OpenLDAP library
check fails. Put -lsocket and -lnsl in NETLIBS rather than LIBS
so not all programs are forced to link to them.
2002-06-05 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Add a switch for the experimental external HKP
keyserver interface.
2002-05-22 Werner Koch <wk@gnupg.org>
* configure.ac: Check for strcasecmp and strncasecmp. Removed
stricmp and memicmp checks.
2002-05-08 David Shaw <dshaw@jabberwocky.com>
* configure.ac: If LDAP comes up unusable, try #including <lber.h>
before giving up. Old versions of OpenLDAP require that.
2002-05-03 David Shaw <dshaw@jabberwocky.com>
* configure.ac: In g10defs.h, use \ for the directory separator
when HAVE_DOSISH_SYSTEM is on.
* configure.ac: Add --disable-exec flag to disable all remote
program execution. --disable-exec implies --disable-ldap and
--disable-mailto. Also look in /usr/lib for sendmail. If
sendmail is not found, do not default - just fail.
2002-04-30 David Shaw <dshaw@jabberwocky.com>
* configure.ac: Try and link to a sample LDAP program to check if
the LDAP we're about to use is really sane. The most common
problem (using a very old OpenLDAP), could be fixed with an extra
#include, but this would not be very portable to other LDAP
libraries.
