include:
* authlib: create the authtest and authpasswd manual pages.
* authdaemon.c (auth_generic): Silly bug in auth_generic().
* authldaplib.c (auth_ldap_do3): Fix call of authcryptpasswd().
* authpgsqllib.c (auth_pgsql_setpass): Ditto.
* authmysqllib.c (auth_mysql_setpass): Ditto.
* authmysqllib.c (auth_mysql_setpass): Fix a memory leak.
* authpipe: more fixes to the authpipe module.
* authpipe: various fixes to the authpipe module.
* authpipe.c (auth_pipe_pre): Fix zombies created by the authpipe
module.
* New authpipe authentication module.
* authldap.schema: Add mailhost to the recommended LDAP schema.
* README_authlib.sgml: Document updated authpipe protocol.
* cryptpassword.c (authcryptpasswd): Fix handling of encryption hints.
* checkpassword.c (do_authcheckpassword): Ignore {CRYPT} prefix on
crypted passwords.
* checkpasswordsha1.c (authcheckpasswordsha1): Fix {SHA256} passwords.
* authdaemond.c: Strip full name/gecos field after the first comma.
* authdaemond: Pass LOGGEROPTS option to authdaemond.
* liblog/logger.c: Fix wrong args to setuidgid().
* liblog/logger.c: Added -droproot option to courierlogger.
* liblock/lockdaemon.c: Try to recover if upgraded daemon process runs
under a different uid.
* Changed -uid and -gid options to -user and -group for consistency
with couriertcpd. Change them to affect courierlogger itself,
after it has spawned any child.
* Optional default domain for authentication requests.
* Fix the error code when an empty password is provided.
file's sole purpose was to provide a dependency on pkg-config and set
some environment variables. Instead, turn pkg-config into a "tool"
in the tools framework, where the pkg-config wrapper automatically
adds PKG_CONFIG_LIBDIR to the environment before invoking the real
pkg-config.
For all package Makefiles that included pkg-config/buildlink3.mk, remove
that inclusion and replace it with USE_TOOLS+=pkg-config.
Changes since version 0.6b2:
- NAT-T fixes for situations where NAT-T is not used
- OpenSSL 0.9.8 support
- keys are not restricted to OpenSSL default size anymore
- PKCS7 support
- SHA2 support
This patch is the same as revision 1.3 of
/cvsroot/src/crypto/dist/heimdal/lib/asn1/gen_glue.c by matt@
those cvs log:
Don't emit struct units [] anymore. emit a struct units * const foo and
in the C file initialize that to the static list.
Bump pkgrevision: it changes the binary package on gcc<4 platforms
approved by wiz@
Mike M. Volokhov.
pwsafe is a unix commandline program that manages encrypted password
databases. There are few features listed:
* Pure command-line operation if desired (good for remote access over ssh).
* Can interact with X11 selection & clipboard.
* Portable, endianess-clean, misaligned-access-free C++.
* Compatible with CounterPane's PasswordSafe Win32 program versions 1.9.x.
* Funny comments included in source code.
and /etc/sshd.conf is old (and I assume some configurations from
there don't apply any more), user and group are not created
automatically (only if PKG_CREATE_USERGROUP is at default YES),
UsePrivilegeSeparation is the default, and seems to imply that
openssh is insecure without it.
Bump PKGREVISION.
Change comment regarding MESSAGE.Interix.
Removed unused MESSAGE_SUBST settings. Move one to the options.mk
as it is for "pam" only.
Noteworthy changes in version 1.4.2 (2005-07-26)
------------------------------------------------
* New command "verify" in the card-edit menu to display
the Private-DO-3. The Admin command has been enhanced to take
the optional arguments "on", "off" and "verify". The latter may
be used to verify the Admin Pin without modifying data; this
allows displaying the Private-DO-4 with the "list" command.
* Rewrote large parts of the card code to optionally make use of a
running gpg-agent. If --use-agent is being used and a gpg-agent
with enabled scdaemon is active, gpg will now divert all card
operations to that daemon. This is required because both,
scdaemon and gpg require exclusive access to the card reader. By
delegating the work to scdaemon, both can peacefully coexist and
scdaemon is able to control the use of the reader. Note that
this requires at least gnupg 1.9.17.
* Fixed a couple of problems with the card reader.
* Command completion is now available in the --edit-key and
--card-edit menus. Filename completion is available at all
filename prompts. Note that completion is only available if the
system provides a readline library.
* New experimental HKP keyserver helper that uses the cURL
library. It is enabled via the configure option --with-libcurl
like the other (also experimental) cURL helpers.
* New key cleaning options that can be used to remove unusable
(expired, revoked) signatures from a key. This is available via
the new "clean" command in --edit-key on a key by key basis, as
well as via the import-clean-sigs/import-clean-uids and
export-clean-sigs/export-clean-uids options for --import-options
and --export-options. These are currently off by default, and
replace the import-unusable-sigs/export-unusable-sigs options
from version 1.4.1.
* New export option export-reset-subkey-passwd.
* New option --limit-card-insert-tries.
- The reference source for the CVM interface.
- Diagnostic and benchmark CVM clients.
- A checkpassword interface CVM client.
- A UNIX/POSIX system module (uses getpwnam).
- A flat-file module.
- A vmailmgr module.
- MySQL and PgSQL modules.
- A library for client writers.
- A set of libraries for module writers.
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
* Version 1.2.5 (2005-07-03)
- More builddir != srcdir fixes, reported by Mike Castle
- Fixed off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn,
reported by Adam Langley
- Corrected some stuff in minilzo detection. Pointed out by
Sergey Lipnevich.
- MiniLZO updated to version 2.00.
- gnutls_x509_crt_list_import now accept a DER formatted CRL.
- API and ABI modifications:
No changes since last version.
deal with this.
- No official changelog in the tarball for what's changed
- PLIST fixes
- Looks like:
Updated certificate for online updates
Updated exploits notably Solaris LPD Command Execution
Fixes for console interface
- Change MESSAGE based on new -config directive
- Remove outdated patch for bug that's no longer there in CHANGES.txt
- Set plugings directory in the default config.txt
- Point users to the installed customised config.txt instead of the sample one
- From the CHANGELOG.txt
05.20.2005
Database Updates
- Multiple msgs updates from david.maciejak@kyxar.fr
- Multiple test updates from burak.dayioglu@pro-g.com.tr
nikto_core.plugin 1.31
- Bugfix: fingerprint was not including leading /. Thanks Axel Meerschaert
for the report.
- Bugfix: NMAPOPTS was not being used, thanks to David Rhoades for patching.
- Added additional content checking to reduce false positives, thanks to
Pavel Kankovsky
nikto.pl 1.14
- Added -config option to specify a config file, thanks to Pavel Kankovsky
We are pleased to announce the availability of GnuPG 1.9.17 - the
branch of GnuPG featuring the S/MIME protocol. You should consider
using GnuPG 1.9 if you want to use the GPG-AGENT or GPGSM. The
GPG-AGENT is also helpful when using the stable GPG version 1.4 or if
you want to check out its ssh-agent replacement feature.
GnuPG 1.9 is the current development version of GnuPG. Despite of
that, most parts (in particular GPG-AGENT and GPGSM) are considered
ready for production use. Please keep on using GnuPG 1.4.x for
OpenPGP; 1.9 and 1.4 may - and actually should - be installed
simultaneously.
This release features a partly rewrite of the smartcard access code as
well as several bug fixes and enhancements. Noteworthy things are:
* gpg-connect-agent has now features to handle Assuan INQUIRE
commands.
* Internal changes for OpenPGP cards. New Assuan command WRITEKEY.
* GNU Pth is now a hard requirement.
* [scdaemon] Support for OpenSC has been removed. Instead a new and
straightforward pkcs#15 modules has been written. As of now it
does allows only signing using TCOS cards but we are going to
enhance it to match all the old capabilities.
* [gpg-agent] New option --write-env-file and Assuan command
UPDATESTARTUPTTY.
* [gpg-agent] New option --default-cache-ttl-ssh to set the TTL for
SSH passphrase caching independent from the other passphrases.
You will also need to get a new libassuan (our IPC library).
1.6.8p7 include:
562) Fixed noexec functionality on Linux.
564) Fixed a bug that prevented Heimdal authentication from working.
566) A sudoers entry with sudo ALL no longer overwrites the value of
safe_cmnd. This fixes the privilege escalation vulnerability
noted in http://www.courtesan.com/sudo/alerts/path_race.html
USE_TOOLS and any of "autoconf", "autoconf213", "automake" or
"automake14". Also, we don't need to call the auto* tools via
${ACLOCAL}, ${AUTOCONF}, etc., since the tools framework takes care
to symlink the correct tool to the correct name, so we can just use
aclocal, autoconf, etc.
Several changes are involved since they are all interrelated. These
changes affect about 1000 files.
The first major change is rewriting bsd.builtin.mk as well as all of
the builtin.mk files to follow the new example in bsd.builtin.mk.
The loop to include all of the builtin.mk files needed by the package
is moved from bsd.builtin.mk and into bsd.buildlink3.mk. bsd.builtin.mk
is now included by each of the individual builtin.mk files and provides
some common logic for all of the builtin.mk files. Currently, this
includes the computation for whether the native or pkgsrc version of
the package is preferred. This causes USE_BUILTIN.* to be correctly
set when one builtin.mk file includes another.
The second major change is teach the builtin.mk files to consider
files under ${LOCALBASE} to be from pkgsrc-controlled packages. Most
of the builtin.mk files test for the presence of built-in software by
checking for the existence of certain files, e.g. <pthread.h>, and we
now assume that if that file is under ${LOCALBASE}, then it must be
from pkgsrc. This modification is a nod toward LOCALBASE=/usr. The
exceptions to this new check are the X11 distribution packages, which
are handled specially as noted below.
The third major change is providing builtin.mk and version.mk files
for each of the X11 distribution packages in pkgsrc. The builtin.mk
file can detect whether the native X11 distribution is the same as
the one provided by pkgsrc, and the version.mk file computes the
version of the X11 distribution package, whether it's built-in or not.
The fourth major change is that the buildlink3.mk files for X11 packages
that install parts which are part of X11 distribution packages, e.g.
Xpm, Xcursor, etc., now use imake to query the X11 distribution for
whether the software is already provided by the X11 distribution.
This is more accurate than grepping for a symbol name in the imake
config files. Using imake required sprinkling various builtin-imake.mk
helper files into pkgsrc directories. These files are used as input
to imake since imake can't use stdin for that purpose.
The fifth major change is in how packages note that they use X11.
Instead of setting USE_X11, package Makefiles should now include
x11.buildlink3.mk instead. This causes the X11 package buildlink3
and builtin logic to be executed at the correct place for buildlink3.mk
and builtin.mk files that previously set USE_X11, and fixes packages
that relied on buildlink3.mk files to implicitly note that X11 is
needed. Package buildlink3.mk should also include x11.buildlink3.mk
when linking against the package libraries requires also linking
against the X11 libraries. Where it was obvious, redundant inclusions
of x11.buildlink3.mk have been removed.
* Version 1.2.4 (2005-05-28)
- Corrected some bugs that could affect 64 bit systems.
- Some corrections in the header files to include the prototype
of memmem properly (affected 64 bit systems). Report and patch
by Yoann Vandoorselaere <yoann@prelude-ids.org>.
- Introduced the --fix-key option to certtool, which can be used to
regenerate the (optional) parameters in a private key. It should
be used together with --key-info.
- Corrected a bug in certificate chain verification that could lead
to marking a trusted chain as non trusted, if the last certificate in
the chain was a self signed one.
- Gnulib portability files were updated.
- License were updated to reflect new FSF address.
This still works on NetBSD (1.6.2 tested) but also fixes the include error
on Linux (Debian 3 tested) and Solaris (9 tested).
Although DragonFlyBSD, FreeBSD and OpenBSD should work as before I have
not tried to build the package there.
Feedback whether it builds/works on Darwin/MacOS is also welcome.
Changes from previous pkgsrc version 2.1.0 include:
apg-2.2.3
Fixed version info (-v).
apg-2.2.2
Fixed permissions for source distribution.
apg-2.2.1
Changed manpages of apg and apgd.
apg-2.2.0
Added polish translation for APG PHP frontend.
Added option -p (see apg(1) apgd(8)).
Added option -t (see apg(1) apgd(8)).
Added option -l (see apg(1)).
Changed format of the bloom-filter file. Added
converter utility to convert old format to the
new one (bfconvert).
Added option -i (see apgbfm(1)).
Fixed some bugs.
Some compatibility changes.
Changed default apg options.
Update provided by Leonard Schmidt <lems@gmx.net> in PR#30345, thanks!
