and replace with appropriate references to PKGINFODIR instead.
* Properly account for split info files during installation.
* Move info file listings directly into the package PLISTs.
This fixes info-file-related PLIST problems.
changes:
-a security fix which was already in pkgsrc (0.46nb1)
-bugfixes
-zlib compression for dbclient
-Set "low delay" TOS bit
-client keyboard-interactive mode support
-logging improvements
-Added aes-256 cipher and sha1-96 hmac
-allow connections to listening forwarded ports from remote machines
changes:
Fixed a couple of problems in lshd, where the server process
leaks file descriptors to user shells that it starts. These
bugs implied a local denial of service hole, at best.
Support for aes256-ctr.
Newer nettle library. Bugfixes and performance improvements
for the assembler code, in particular support for sparc64, and
Makefile fixes.
changes:
* Better HKP support for strange key servers.
* Updated gedit plugin to work with gedit 2.14
* Fixed signing of keys with GPG 1.4.2 [Daniel Rodriguez Garcia]
* Fixed some minor packaging and build problems.
* Many smaller fixes.
pkgsrc changes:
-don't build nautilus plugin to limit dependencies
(will be provided in a separate pkg)
-remove some more unneeded dependencies
-prepare for the gedit plugin as a separate pkg
The following changes have been made between John 1.7 and 1.7.0.1:
* Minor bug and portability fixes.
* Better handling of certain uncommon scenarios and improper uses of John.
* Bonus: "Keyboard" cracker included in the default john.conf (john.ini)
that will try sequences of adjacent keys on a keyboard as passwords.
The following major changes have been made since John 1.6:
* Bitslice DES code for x86 with MMX: more than twice faster than older
non-bitslice MMX code.
* Bitsliced the LM hash code as well: now several times faster.
* Significant improvements to the generic bitslice DES code: +20% on RISC.
* PowerPC G4+ AltiVec support (Mac OS X and Linux): effective 128-bitness
for bitslice DES, resulting in huge speedups.
* First attempt at generic vectorization support for bitslice DES.
* Two MD5 hashes at a time for extra ILP on RISC: up to +80% on Alpha EV5+.
* Generic Blowfish x86 assembly code in addition to the original Pentium
version: +15% on the Pentium Pro family (up to and including Pentium III),
+20% on AMD K6 (Pentium 4 and newer AMD CPUs are more happy running the
original Pentium code for Blowfish).
* Verbose logging of events to the global or a session-specific log file.
* Better idle priority emulation with POSIX.1b (POSIX.4) scheduling calls.
* System-wide installation support for *BSD ports and Linux distributions.
* AIX, DU/Tru64 C2, HP-UX tcb files support in unshadow.
* New make targets for Linux/x86-64, Linux/PowerPC, FreeBSD/Alpha,
OpenBSD/x86-64, OpenBSD/Alpha, OpenBSD/SPARC, OpenBSD/SPARC64,
OpenBSD/PowerPC, OpenBSD/PA-RISC, OpenBSD/VAX, NetBSD/VAX, Solaris/SPARC64,
Mac OS X (PowerPC and x86), SCO, BeOS.
* Bug and portability fixes, and new bugs.
* Bonus: "Strip" cracker included in the default john.conf (john.ini).
INSTALL/DEINSTALL script creation within pkgsrc.
If an INSTALL or DEINSTALL script is found in the package directory,
it is automatically used as a template for the pkginstall-generated
scripts. If instead, they should be used simply as the full scripts,
then the package Makefile should set INSTALL_SRC or DEINSTALL_SRC
explicitly, e.g.:
INSTALL_SRC= ${PKGDIR}/INSTALL
DEINSTALL_SRC= # emtpy
As part of the restructuring of the pkginstall framework internals,
we now *always* generate temporary INSTALL or DEINSTALL scripts. By
comparing these temporary scripts with minimal INSTALL/DEINSTALL
scripts formed from only the base templates, we determine whether or
not the INSTALL/DEINSTALL scripts are actually needed by the package
(see the generate-install-scripts target in bsd.pkginstall.mk).
In addition, more variables in the framework have been made private.
The *_EXTRA_TMPL variables have been renamed to *_TEMPLATE, which are
more sensible names given the very few exported variables in this
framework. The only public variables relating to the templates are:
INSTALL_SRC INSTALL_TEMPLATE
DEINSTALL_SRC DEINSTALL_TEMPLATE
HEADER_TEMPLATE
The packages in pkgsrc have been modified to reflect the changes in
the pkginstall framework.
> - Added Turkish -- Umut Nacak
> - Changed login button to actually say login -- Jonathan W Minor
> - Fixed issue with signature names and MySQL 5.0 -- Kade P. Cole
> - Fixed Bug# 1347623 auto-refresh ignored for stat pages -- Shane Castle
> - Fixed Sort order issues -- Timothy Doty
> - Applied patch from Debian maintainer for final SQL injection fix -- Kevin
> - Updated project lead comments -- Kevin
> - Added Portscan Information -- Kevin for Nikns
called. Also include pthread.buildlink3.mk directly.
- With the update of qt3-tools to use the libtool mode of qmake, it is
unnecessary to install files manually; "make install" just works.
Bump PKGREVISION.
Pkgsrc changes:
- The new release includes the patch by Peter Behroozi (already contained
in Peter's unofficial release 1.26) that adds get1_session() for session
caching.
- Reverted to using MASTER_SITE_PERL_CPAN
Changes since version 1.25:
===========================
1.30 21.12.2005
- Fixed the MD5 function for hashsums containing \0
- Fixed some compile warnings with recent gcc.
- Fixed do_httpx3:
+ Don't add additional Host: headers if it's already given
+ Omit the :$port suffix for standard ports
+ Thanks to ivan-cpan-rt@420.am
- Limit the chunk size when reading with tcp_read_all to 0x1000.
This fixes various rt tickets.
- Added patch to allow session caching
- Mike McCauley and Florian Ragwitz maintain this module now
Pkgsrc changes:
none
Changes since version 2.15:
===========================
2.17 Mon Jan 9 18:22:51 EST 2006
-IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly
using 8 byte IVs when generating the old-style RandomIV style header
(as opposed to the new-style random salt header). This affects data
encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
and is a significant security issue.
The bug has been corrected in versions 2.17 and higher by making it
impossible to use 16-byte block ciphers with RandomIV headers. You may
still read legacy encrypted data by explicitly passing the
-insecure_legacy_decrypt option to Crypt::CBC->new().
-The salt, iv and key are now reset before each complete encryption
cycle. This avoids inadvertent reuse of the same salt.
-A new -header option has been added that allows you to select
among the various types of headers, and avoids the ambiguity
of having multiple interacting options.
-A new random_bytes() method provides access to /dev/urandom on
suitably-equipped hardware.
2.16 Tue Dec 6 14:17:45 EST 2005
- Added two new options to new():
-keysize => <bytes> Force the keysize -- useful for Blowfish
-blocksize => <bytes> Force the blocksize -- not known to be useful
("-keysize=>16" is necessary to decrypt OpenSSL messages encrypted
with Blowfish)
(so lsh2 and lsh DESCRiptions are different.)
Also uppercase ssh2 to SSH2.
TODO: anyone want to document features or differences between
these two packages?
Changes:
- Remove trailing space from regex we get from plugins.rules (this fix
a match problem on log entry that didn't contain any space).
- Add --user / --group option to drop privilege. However, make sure it is
not allowed to open file that the target user can not read, because it
would lead to failure when trying to re-open the logfile after a rotation.
- Signal handling improvement.
- Fix priority for --quiet option.
- Use newer libprelude IDMEF_LIST_APPEND/IDMEF_LIST_PREPEND addition.
- Add unhandled arguments warning.
Changes:
- Fix PostgreSQL plugin compilation problem.
- Update database schema: enforce that AdditionalData data field is not NULL.
- Improve Swig basic type mapping situation regarding to the target architecture.
- Fix query time calculation.
Changes:
- Fix an issue with system using both IP v4 and v6 interfaces which
doesn't allow binding both 0.0.0.0 and :: .
- Add autoconf detection for libgcrypt: this fix a build issue for
distribution shipping with broken libgnutls-config script.
- Generate Perl and Python bindings for the prelude-timer API.
- Fix for upcoming plugin that doesn't provide an activation option.
- Various bug fixes.
Pkgsrc changes:
- Rewrote patch-aa to be specific to NetBSD.
Changes since version 0.02:
===========================
- generate more efficient code with gcc-3.4 and later.
* Files containing several signed messages are not allowed any
longer as there is no clean way to report the status of such
files back to the caller. To partly revert to the old behaviour
the new option --allow-multisig-verification may be used.
- Error messages are now translated using GNU Gettext.
- The function gnutls_x509_crt_to_xml now return an internal error.
This means that the code to convert X.509 certificates to XML format
does not work any more. The reason is that the function called
libtasn1 internal functions. It seems unclean for libtasn1 to export
the APIs needed here. Instead it would be better to implement XML
support inside libtasn1 properly. If you need this functionality
strongly, please consider looking into implementing this suggested
approach instead. As a workaround, you may also modify lib/x509/xml.c
(change '#if 1' to '#if 0') and build using --with-included-libtasn1.
- Doc fixes to explain that gnutls_record_send can block.
- gnutls-cli can now recognize services and port numbers with the -p option.
- Support constant size bit strings, as in 'BIT STRING (SIZE(42))'.
Reported by Cyril Holweck <cyril.holweck@q-free.com>.
- Add two more APIs required by GnuTLS.
- New public APIs:
asn1_find_node function
asn1_copy_node
Let the caff package install other gpg related tools
- pgp-clean: removes all non-self signatures from key
- pgp-fixkey: removes broken packets from keys
- gpg-mailkeys: simply mail out a signed key to its owner
- gpg-key2ps: generate PostScript file with fingerprint paper strips
- gpglist: show who signed which of your UIDs
- gpgsigs: annotates list of GnuPG keys with already done signatures
- keylookup: ncurses wrapper around gpg --search
Fix hardcoded path in man pages
caff is a script that helps you in keysigning. It takes a list of
keyids on the command line, fetches them from a keyserver and calls
GnuPG so that you can sign it. It then mails each key to all its
email addresses - only including the one UID that we send to in each
mail.
Features:
* Easy to setup.
* Attaches only the very UID that we send to in the mail.
* Prunes the key from all signatures that are not self sigs and
not done by you, thereby greatly reducing the size of mails.
* Sends the mail encrypted if possible, will warn before sending
unencrypted mail (sign only keys)
* Creates proper PGP MIME messages.
* Uses separate GNUPGHOME for all its operations.
From NEWS:
Version 0.7-RC1 2006/1/10 <moriyoshi@users.sourceforge.net>
* Add a option "disconnect_every_op" option that forces pam_mysql to
disconnect from the database every operation (PR #1325395). -moriyoshi
* Use geteuid() instead of getuid() to check if the current user is authorized
to change the password (PR #1338667). -moriyoshi
* Allow root (uid=0) to change the passwords of other users without their old
password. -moriyoshi
Version 0.7-pre3 2005/9/29 <moriyoshi@users.sourceforge.net>
* Changed handling of the "where" option to not escape meta characters
(PR #1261484). -moriyoshi
* Overhauled the SQL logging facility (PR #1256243). -moriyoshi
* Added logrhostcolumn (log.rhost_column) option that enables you to log the
value of the "rhost" item specified by the application. -moriyoshi
* Fixed possible security flaw (though not considered to be severe). -moriyoshi
* Fixed memory leaks spotted when "config_file" option is used. -moriyoshi
* Fixed try_first_pass behaviour. -moriyoshi
* Changed option parsing behaviour so "=" following each option name is not
needed. -moriyoshi
Version 0.7-pre2 2005/9/18 <moriyoshi@users.sourceforge.net>
* Changed column name handling to not escape meta characters. Now you can
specify an expression to every XXXcolumn variable like "CONCAT(a, b, c)".
-moriyoshi
* Supported SHA1 hash (PR #1117036). -moriyoshi, alexeen
* Supported use_first_pass and try_first_pass options. -moriyoshi
Version 0.7-pre1 2005/6/13 <moriyoshi@users.sourceforge.net>
* Support for NSS-mysql style configuration file which is inspired
by the Florian's work. -moriyoshi
Version 0.6.2 2005/9/29 <moriyoshi@users.sourceforge.net>
* Overhauled the SQL logging facility (PR #1256243). -moriyoshi
* Fixed possible security flaw (though not considered to be severe). -moriyoshi
Version 0.6.1 2005/9/18 <moriyoshi@users.sourceforge.net>
* Added use_323_passwd option that allows you to use an encryption function
used in the old MySQL versions (3.23.x). -moriyoshi, Daniel Renaud
* Fixed account management code that wouldn't work at all :-p -moriyoshi
* Included pam_mysql.spec to the tarball by default. This enables you to
make a RPM with the following oneliner: (rpmbuild -tb pam_mysql.tar.gz).
-moriyoshi
* Fixed compile failure that occurs with the old mysql_config (< 4.0.16).
-moriyoshi
* Fixed compile failure on Solaris when --with-openssl is specified to the
configure script.
Version 0.6 2005/6/13 <moriyoshi@users.sourceforge.net>
* Adopted autoconf / automake for build system. -moriyoshi
* Portable MD5 support by using OpenSSL / Cyrus-SASL. -moriyoshi
* MySQL library detection. -moriyoshi
* Added RPM spec file. -moriyoshi
* Tidied up the entire code for security and maintainability. -moriyoshi
* Modified log output to be more verbose. -moriyoshi
* Changed log facility type to LOG_AUTHPRIV as per the recommendation in
the PAM documentation. -moriyoshi
* Added support for unix socket and non-default ports. -moriyoshi
* Added account management and authentication token alteration code. -moriyoshi
* Remove default values for string parameters for the sake of performance.
-moriyoshi
* Enhanced SQL logging function to log session state as well. -moriyoshi
* Solaris support. -moriyoshi
