Commit graph

6206 commits

Author SHA1 Message Date
pettai
3086b4e8e8 SoftHSM 1.3.2
* Update the README with information on moving the database
  between different architectures.

Bugfixes:
* Fix the destruction order of the Singleton objects.
2012-03-18 15:11:07 +00:00
taca
6e3f9c8d9c Update ruby-net-ssh to 2.3.0.
=== 2.3.0 / 11 Jan 2012

* Support for hmac-sha2 and diffie-hellman-group-exchange-sha256 [Ryosuke Yamazaki]

=== 2.2.2 / 04 Jan 2012

* Fixed: Connection hangs on ServerVersion.new(socket, logger) [muffl0n]
* Avoid dying when unsupported auth mechanisms are defined [pcn]
2012-03-17 17:01:16 +00:00
gdt
f84cad6cbe fix distinfo; patch-aa is gone 2012-03-16 00:15:15 +00:00
gdt
38f229c4fe Set license (GPLv2, or boutique license not in pkgsrc/licenses). 2012-03-16 00:14:36 +00:00
gdt
12c101dc74 Update to 0.6.0.1206569328141510525648634803928199668821045408958.
(Yes, that ridiculous version number really is what upstream calls it.)

No NEWS entry, but announcement includes:

2012-03-13  Zooko Wilcox-O'Hearn  <zooko@zooko.com>

      * src/pycryptopp/_version.py: release pycryptopp-0.6.0
      * add Ed25519 signatures (#75)
      * add XSalsa20 cipher (#40)
      * switch from darcs to git for revision control
      * pycryptopp version numbers now include a decimal encoding of *
      * reorganize the source tree and the version number generation
      * aesmodule.cpp: validate size of IV and throw exception if it
        is not 16 (#70)
      * fixed compile errors with gcc-4.7.0 (#78)
      * fixed compile errors concerning "CryptoPP::g_nullNameValuePairs" (#77)
      * suppress warnings from valgrind with new OpenSSL 1.0.1 on Fedora (#82)
      * raise Python exception instead of uncaught C++ exception
        (resulting in abort) when deserializing malformed RSA keys (#83)
2012-03-16 00:12:35 +00:00
adam
a7c64a1ebe Changes 2.12.17:
* libgnutls: Corrections in record packet parsing.
* libgnutls: Fixes in SRP authentication.
* libgnutls: Added function to force explicit reinitialization of PKCS 11
  modules. This is required on the child process after a fork.
* libgnutls: PKCS 11 objects that do not have ID no longer crash listing.
* API and ABI modifications: gnutls_pkcs11_reinit: Added
2012-03-15 16:41:48 +00:00
obache
2cd654bab6 Bump PKGREVISION from default python to 2.7. 2012-03-15 11:53:20 +00:00
cegger
ba63b2d5f7 configure script expects darwin-ppc-cc and not darwin-powerpc-cc.
'should be ok' joerg@
2012-03-14 22:48:58 +00:00
wiz
f3ac896f57 Update MASTER_SITES' and HOMEPAGE'.
From patch by Bug Hunting.

Add 'isc' to licenses.
2012-03-14 14:20:38 +00:00
pettai
878cc8437e Imported pam-yubico, libyubikey, ykclient and ykpers 2012-03-13 15:36:37 +00:00
pettai
2498320560 The Yubico PAM module provides an easy way to integrate the Yubikey
into your existing user authentication infrastructure.

Imported from pkgsrc-wip
2012-03-13 15:32:47 +00:00
pettai
eda68f4360 The YubiKey Personalization package contains a library and
command line tool used to personalize (i.e., set a AES key) YubiKeys.

Imported from pkgsrc-wip
2012-03-13 15:30:07 +00:00
pettai
d6063f8967 Backout bad (over)import 2012-03-13 15:25:33 +00:00
pettai
c06bc35d24 This package implements online validation of Yubikey OTPs. It is written in C
and provides a shared library for use by other software.

Imported from pkgsrc-wip
2012-03-13 15:15:15 +00:00
pettai
7e0c9d3b39 This package make up the low-level C software development kit for the
Yubico authentication device, the Yubikey.

Imported from pkgsrc-wip
2012-03-13 15:12:36 +00:00
fhajny
a8a57efa46 On SunOS, heimdal never builds hcrypto when pkgsrc OpenSSL used. 2012-03-13 09:04:49 +00:00
fhajny
f926cc3866 Adding PLIST.SunOS 2012-03-13 08:01:01 +00:00
taca
021760c273 Update openssl pacakge to 0.9.8u.
Changes between 0.9.8t and 0.9.8u [12 Mar 2012]

  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
     in CMS and PKCS7 code. When RSA decryption fails use a random key for
     content decryption and always return the same error. Note: this attack
     needs on average 2^20 messages so it only affects automated senders. The
     old behaviour can be reenabled in the CMS code by setting the
     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
     an MMA defence is not necessary.
     Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
     this issue. (CVE-2012-0884)
     [Steve Henson]

  *) Fix CVE-2011-4619: make sure we really are receiving a
     client hello before rejecting multiple SGC restarts. Thanks to
     Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
     [Steve Henson]
2012-03-13 03:11:32 +00:00
fhajny
5581fcff90 Value of _FILE_OFFSET_BITS corrected. Disabled static linking for Solaris 10
and later (no longer supports static linking).
2012-03-12 14:18:44 +00:00
shattered
1dd261dca2 PR/39656 -- Use /var/heimdal as hdbdir, not /var. 2012-03-11 11:30:06 +00:00
fhajny
9e40597477 Force --with-waitfunc=wait3 on SunOS, fixes several courier-* packages. 2012-03-09 15:15:30 +00:00
joerg
609e6db1d9 One more tool in /usr/sbin. 2012-03-08 01:14:24 +00:00
joerg
8e3a63ce05 Really bump revision. 2012-03-08 01:14:04 +00:00
joerg
3b771a2259 Don't build & install cat page. Bump revision. 2012-03-08 01:13:42 +00:00
ryoon
45f8f27196 Recursive PKGREVISION bump for xulrunner, nss, and nspr. 2012-03-06 17:38:53 +00:00
sno
5ce085f87c Updating package for CPAN distribution Net::SSLeay in security/p5-Net-SSLeay
from 1.42 to 1.45.

Upstream changes:
1.45 2012-02-25
     Added mising doc for SESSION_cmp. Patch by paul.

1.44 2012-02-25
     Added missing t/data/binary-test.file to MANIFEST

1.43 2012-02-24
    Fixed some typos. Patched by Neil Bowers.
    SSLeay.pm convenience functions now call Net::SSLeay::initialize that
    initializes the SSL library at most once.
    Patch from kmx to protect SSLeay_add_ssl_algorithms from multiple loads
    and reentrancy in multi-threaded perls.
    Patch from kmx to add reentrancy protection for callbacks in
    multithreading.
    Updated ppport.h, fixed some complaints from ppport.h
    Fixed a problem with CTX_use_PKCS12_file on Windows, since the file was
    not opened in binary mode. Reported by kmx.
    Added resources line for SVN repository to Makefile. Suggested by kmx.
    Fixed complaints unders some windows compilers about cast from pointer to integer of
    different size. Suggested by kmx.
    Added thread safety and dynamic locking. This should complete thread
    safety work, making Net::SSLeay completely thread-safe. Patches by kind
    assistance of kmx.
    Improvements to openssl backwards compatibility. Now build with versions
    back to 0.9.6. With extreme thanks to kmx.
    Improvements to documentation, thanks to kmx.
    SUMMARY OF NEWLY INTRODUCED FUNCTIONS:
    - Net::SSLeay::initialize
    - Net::SSLeay::SSLeay
    - Net::SSLeay::SSLeay_version
    - Net::SSLeay::SSLeay_version
    - Net::SSLeay::ASN1_TIME_new
    - Net::SSLeay::ASN1_TIME_free
    - Net::SSLeay::ASN1_TIME_set
    - Net::SSLeay::P_ASN1_TIME_get_isotime
    - Net::SSLeay::P_ASN1_TIME_set_isotime
    - Net::SSLeay::P_ASN1_TIME_put2string
    - Net::SSLeay::OpenSSL_add_all_digests
    - Net::SSLeay::P_EVP_MD_list_all
    - Net::SSLeay::EVP_get_digestbyname
    - Net::SSLeay::EVP_MD_type
    - Net::SSLeay::EVP_MD_size
    - Net::SSLeay::EVP_MD_CTX_md
    - Net::SSLeay::EVP_MD_CTX_create
    - Net::SSLeay::EVP_MD_CTX_destroy
    - Net::SSLeay::EVP_DigestInit
    - Net::SSLeay::EVP_DigestInit_ex
    - Net::SSLeay::EVP_DigestUpdate
    - Net::SSLeay::EVP_DigestFinal
    - Net::SSLeay::EVP_DigestFinal_ex
    - Net::SSLeay::EVP_Digest
    - Net::SSLeay::SHA1
    - Net::SSLeay::SHA256
    - Net::SSLeay::SHA512
    - Net::SSLeay::EVP_sha1
    - Net::SSLeay::EVP_sha512
    Fixed a problem with set_proxy where the password was not properly
    set. The code to do this went missing at some stage. Reported by Ulrich
    Weber via RT.
    Further improvements to testing time functions.
    Added t/local/37_asn1_time.t
    Added various digest functions, documentation and tests
    Removed debug from P_ASN1_TIME_get_isotime. Courtesy kmx.
    Remove unnecessary warnings about Random number generator not
    seeded. Courtesy kmx.
    Fixed an error in 04_basic.t triggered if Test::Exception not present.
    Added documentation for many CTX_ functions. Courtesy kmx.
    Fixed mionor typos in SSLeay.xs. Courtesy kmx.
    Moved documentation to new lib/Net/SSLeay.pod. Courtesy kmx.
    Additions to documentation in pod. Courtesy kmx.
    Fixed some incorrect return types from SSL_set_options
    SSL_CTX_set_options. Courtesy kmx.
    Further documentation in pod. Courtesy kmx.
    Small fixes to XS code + one new trivial function SSL_CIPHER_get_name
    And one more thing - 02_pod_coverage.t is turned ON passing all tests -
    never ever allow a new function without at least a short doc. Courtesy
    kmx.
    Removed 2 unnecessary 'local $[;' from SSLeay.pm
2012-03-05 14:30:23 +00:00
pettai
68f50e546e Add fix for CVE-2006-7250 2012-03-05 00:26:54 +00:00
wiz
e0808f0de0 More pcre PKGREVISION bumps. 2012-03-03 12:54:15 +00:00
wiz
232908aa3e Update to 1.4.12:
Noteworthy changes in version 1.4.12 (2012-01-30)
-------------------------------------------------

    * GPG now accepts a space separated fingerprint as a user ID.
      This allows to copy and paste the fingerprint from the key
      listing.

    * Removed support for the original HKP keyserver which is not
      anymore used by any site.

    * Rebuild the trustdb after changing the option --min-cert-level.

    * Improved JPEG detection.

    * Included more VMS patches

    * Made it easier to create an installer for Windows.

    * Supports the 32 bit variant of the mingw-w64 toolchain.

    * Made file locking more portable.

    * Minor bug fixes.
2012-03-03 00:17:29 +00:00
wiz
ee311e3b36 Recursive bump for pcre-8.30* (shlib major change) 2012-03-03 00:11:51 +00:00
hans
b27a244881 Uses cdefs. 2012-03-02 16:36:57 +00:00
hans
f529b4bd64 Fix build on SunOS. 2012-03-02 14:57:07 +00:00
hans
3768a38dbc Fix build on SunOS.
- uses fts functions
- don't ignore pkgsrc-provided CFLAGS, CPPFLAGS, LDFLAGS and LIBS
2012-03-01 16:27:57 +00:00
jmmv
43fe09b632 Allow this to build again by explicitly disabling the building of the
OS X Framework.
2012-02-28 00:52:56 +00:00
asau
250d0ace84 Update to Heimdal 1.5.2
Release Notes - Heimdal - Version Heimdal 1.5.2

 Security fixes
 - CVE-2011-4862 Buffer overflow in libtelnet/encrypt.c in telnetd - escalation of privilege
 - Check that key types strictly match - denial of service

Release Notes - Heimdal - Version Heimdal 1.5.1

 Bug fixes
 - Fix building on Solaris, requires c99
 - Fix building on Windows
 - Build system updates

Release Notes - Heimdal - Version Heimdal 1.5

New features

 - Support GSS name extensions/attributes
 - SHA512 support
 - No Kerberos 4 support
 - Basic support for MIT Admin protocol (SECGSS flavor)
   in kadmind (extract keytab)
 - Replace editline with libedit
2012-02-27 12:39:11 +00:00
adam
3ac5973a5f Changes 1.0.3:
This is primarily a bugfix release.
2012-02-26 13:16:32 +00:00
adam
e23b4ba694 Changes 1.8.6:
This is primarily a bugfix release.
* Fix an interaction in iprop that could cause spurious excess kadmind processes
  when a kprop child fails.

Changes 1.8.5:
This is primarily a bugfix release.
* Fix MITKRB5-SA-2011-006 KDC denial of service vulnerabilities
  [CVE-2011-1528 CVE-2011-1529 CVE-2011-4151].
2012-02-26 13:14:19 +00:00
pettai
4d813cf6b6 1.42
Fixed incorrect documentation of how to enable CRL checking.
    Fixed incorrect letter in Sebastien in Credits.
    Reversed order of the Changes file to be reverse chronological.
    Fixed a a compile error when building on Windows with MSVC6.

1.41
    Fixed incorrect const signatures for 1.0 that were causing warnings.
    Now have clean compile with 0.9.8a through 1.0.0.

1.40
    Fixed incorrect argument type in call to SSL_set1_param
    Fixed a number of issues with pointer sizes
    Removed redundant pointer cast tests from t/
    Added Perl version requirements to SSLeay.pm

1.39
    Downgraded Module::Install to 0.93 since 1.01 was causing problems in
    the Makefile.

1.38
    - Fixed a problem with  various symbols that only became available
    in OpenSSL 0.9.8 such as X509_VERIFY_PARAM and X509_POLICY_NODE,
    causing build failures with older versions of OpenSSL.

1.37
    - Added X509_get_fingerprint, contributed by Thierry Walrant (with
    minor changes die to the fact that stricmp is not avialable. Cert
    types must be lowercase. Also added test to 07_sslecho.t
    - Added suport for SSL_CTX_set1_param, SSL_set1_param,
    selected X509_VERIFY_PARAM_* OBJ_* functions. Added new test
    t/local/36_verify.t
    - Fixed an uninitialized value warning in $Net::SSLeay::proxyauth
    - Update so net-ssleay will compile if SSLV2 is not present.
    - Fixed a problem where sslcat (and possibly other functions) expect
     RSA keys and will not load DSA keys for client certificates.
    - Removed SSL_CTX_v2_new and SSLv2_method() for OpenSSL 1.0 and later.
    - Added CTX_use_PKCS12_file contributed by "Andrew A. Budkin".
2012-02-22 23:10:14 +00:00
wiz
afe04b932a Revert unintended commits. 2012-02-22 15:39:43 +00:00
wiz
10b42eef42 Mention putty-devel successor. 2012-02-22 15:31:34 +00:00
wiz
89919181be Remove putty-devel, older than putty now. 2012-02-22 15:31:05 +00:00
wiz
28d4a789d3 Add a patch from the putty-devel package (not needed on my -current though) 2012-02-22 15:30:20 +00:00
wiz
5b92122de8 Update to 0.62, keeping all pkgsrc patches which have not been fed upstream (hi roy! hi rillig!)
2011-12-10 PuTTY 0.62 released

PuTTY 0.62 is out, containing only bug fixes from 0.61, in particular a security fix preventing passwords from being accidentally
retained in memory.

2011-11-27 PuTTY 0.62 pre-release builds available

PuTTY 0.61 had a few noticeable bugs in it (but nothing security-related), so we are planning to make a 0.62 release containing just bug
fixes. The Wishlist page lists the bugs that will be fixed by the 0.62 release. The Download page now contains pre-release snapshots of
0.62, which contain those bug fixes and should be otherwise stable. (The usual development snapshots, containing other development since
0.61, are also still available.)

2011-07-12 PuTTY 0.61 is released

PuTTY 0.61 is out, after over four years (sorry!), with new features, bug fixes, and compatibility updates for Windows 7 and various SSH
server software.
2012-02-22 15:27:13 +00:00
sbd
66de12233b Don't try to build if using linux-pam. 2012-02-21 22:19:25 +00:00
asau
d4fec7550f + munge 2012-02-19 03:52:28 +00:00
asau
e30b5a755a Import MUNGE 0.5.10 as security/munge.
MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service
for creating and validating credentials. It is designed to be
highly scalable for use in an HPC cluster environment. It allows
a process to authenticate the UID and GID of another local or
remote process within a group of hosts having common users and
groups. These hosts form a security realm that is defined by a
shared cryptographic key. Clients within this security realm can
create and validate credentials without the use of root
privileges, reserved ports, or platform-specific methods.
2012-02-19 03:51:17 +00:00
gls
275bef5b5d Update security/py-cryptopp to 0.5.29.
Upstream changes:

Not complete, the only info mentionned in the Changelog is this:

2011-01-16 -- pycryptopp v0.5.28

re-enable the ECDSA module, but please do not rely on it as it is expected to
change in backwards-incompatible ways in future releases several changes to the
build system to make it tidier and less error-prone -- see revision control
history for details
2012-02-18 21:18:02 +00:00
gls
bc42ab1c81 Update security/py-OpenSSL to 0.13.
Upstream changes:

2011-09-02  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * Release 0.13

2011-06-12  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/crypto/pkey.c: Add the PKey.check method, mostly
          implemented by Rick Dean, to verify the internal consistency of a
          PKey instance.

2011-06-12  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/crypto/crypto.c: Fix the sign and verify functions so
          they handle data with embedded NULs.  Fix by David Brodsky
          <lp:~lihalla>.

2011-05-20  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/ssl/connection.c, OpenSSL/test/test_ssl.py: Add a new
          method to the Connection type, get_peer_cert_chain, for retrieving
          the peer's certificate chain.

2011-05-19  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/crypto/x509.c, OpenSSL/test/test_crypto.py: Add a new
          method to the X509 type, get_signature_algorithm, for inspecting
          the signature algorithm field of the certificate.  Based on a
          patch from <lp:~okuda>.

2011-05-10  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/crypto/crypto.h: Work around a Windows/OpenSSL 1.0 issue
          explicitly including a Windows header before any OpenSSL headers.

        * OpenSSL/crypto/pkcs12.c: Work around an OpenSSL 1.0 issue by
          explicitly flushing errors known to be uninteresting after calling
          PKCS12_parse.

        * OpenSSL/ssl/context.c: Remove SSLv2 support if the underlying
          OpenSSL library does not provide it.

        * OpenSSL/test/test_crypto.py: Support an OpenSSL 1.0 change from
          MD5 to SHA1 by allowing either hash algorithm's result as the
          return value of X509.subject_name_hash.

        * OpenSSL/test/test_ssl.py: Support an OpenSSL 1.0 change from MD5
          to SHA1 by constructing certificate files named using both hash
          algorithms' results when testing Context.load_verify_locations.

        * Support OpenSSL 1.0.0a.

2011-04-15  Jean-Paul Calderone  <exarkun@twistedmatrix.com>

        * OpenSSL/ssl/ssl.c: Add OPENSSL_VERSION_NUMBER, SSLeay_version
          and related constants for retrieving version information about the
          underlying OpenSSL library.
2012-02-18 20:40:40 +00:00
sbd
769ea24804 The compiler rpath flag isn't always '-R', so put a substitutable token in
the patch and replace it using the substitution facility with the pkgsrc
determined flag.
2012-02-18 01:23:59 +00:00
jakllsch
99564468fe Update kstart to 4.1. 2012-02-17 18:26:00 +00:00