4942 commits

Author	SHA1	Message	Date
agc	6503f7082f	Add and enable sshfp	2008-07-31 10:23:06 +00:00
agc	a1e0ba2e59	Initial import of sshfp-1.1.3 into the Packages Collection. ... sshfp is a small utility that generates RFC4255 SSHFP DNS records based on the public keys stored in a known_hosts file or obtained by using ssh-keyscan. If the nameserver of the domain allows zone tranfers (AXFR), an entire domain can be processed for all its A records. These can then be easilly added to a zone, and then secured by DNSSEC.	2008-07-31 10:21:21 +00:00
kefren	ad4ad68b38	update to gnutls-2.4.1 ... Changes: ** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2] ** libgnutls: Fix memory leaks when doing a re-handshake. ** Fix compiler warnings. ** Fix ordering of -I's to avoid opencdk.h conflict with system headers. ** srptool: Fix a problem where --verify check does not succeed.	2008-07-30 17:17:21 +00:00
he	bc6858a8f0	Update from version 0.34nb4 to 0.36. ... Pkgsrc changes: o Change to use CPAN as distribution source o Change HOMEPAGE to use search.cpan.org; leave old HOMEPAGE pointing to sourceforge commented-out Upstream changes: 0.36 Mon Aug 13 12:16:38 EDT 2007 * [rt.cpan.org #28814] - Performance improvement from mehradek (Radoslaw Zielinski) -use English; +use English qw( -no_match_vars ); 0.35 Fri Apr 20 12:33:53 EDT 2007 - Jesse Vincent <jesse@bestpractical.com> * New Maintainer: Jesse Vincent <jesse@bestpractical.com> took over maintenance of this module. * Removed test key expiry dates. (Fixes http://rt.cpan.org/Ticket/Display.html?id=17618) * Applied secret key output patch for modern GPG from http://rt.cpan.org/Ticket/Display.html?id=17619 * Applied patch to support 'tru' record types from (http://search.cpan.org/src/JRED/Mail-GPG-1.0.6/patches/)	2008-07-30 13:26:52 +00:00
joerg	bbb376ec3a	Needs pkg-config.	2008-07-29 19:53:45 +00:00
he	08533f8f5c	Update from version 0.06 to 0.07. Changes: ... 0.07 Thu Jul 23 10:31:33 2008 - rt 34703 - argument logic before filehandle fetch so that they'll apply - read small chunk of file handles instead if readline() to avoid various issues	2008-07-28 09:26:48 +00:00
joerg	645008a58a	NetBSD at least gets glob.h installed, so check for it.	2008-07-27 18:47:07 +00:00
he	0901f20e3c	Add HOMEPAGE pointing into search.cpan.org. ... No other change, so no version bump.	2008-07-27 16:06:09 +00:00
he	35135ea5fe	Update from version 0.02 to 0.04. ... Pkgsrc changes: o Added full list of dependencies, from Makefile.PL. Upstream changes: 0.04 Sun Jun 15 16:22:32 JST 2008 * fixed a bug caused memory greediness with too long strings :< * improved internal code for PAUSE. 0.03 Sat Jun 14 19:17:30 JST 2008 * added support for Math::Random::MT::Perl. * switched to Module::Build. * cleaned up test scripts. * added 'binary' option to rndpassword.	2008-07-26 20:28:23 +00:00
rhaen	1132dc138f	Fixed the problems reported by babylon5.netbsd.org weekly pkgsrc output for Thu Jul 24 02:20:00 2008	2008-07-25 08:48:23 +00:00
tnn	53324c97e5	Add patch from OpenSSH 5.1 that fixes an X11 fwd security issue on HP-UX. ... Bump PKGREVISION.	2008-07-24 16:25:47 +00:00
obache	d700089e65	Update amavisd-new to 2.6.1. ... Based on maintainer update request in PR 39196. There are a lot of changes and some incompatabilities with 2.5.3 (current version in pkgsrc) particularly as respects SQL schema. Consult vendor's releases notes for more detail: http://www.ijs.si/software/amavisd/release-notes.txt	2008-07-24 13:49:22 +00:00
rhaen	b0d730ef34	updated to 2.01 ... - no complete ChangeLog from upstream - ChangeLog: 2000-03-13 Gisle Aas <gisle@ActiveState.com> Release 2.01 Broken out of the Digest-MD5-2.12 distribution and made into a separate dist.	2008-07-23 22:52:39 +00:00
shannonjr	d738510fd2	Changed so that pflogger daemon can run as non-root with nologin shell.	2008-07-21 12:22:15 +00:00
shannonjr	b744defec4	Added prelude-correlator	2008-07-21 12:17:52 +00:00
shannonjr	ca727cf206	Prelude-Correlator serves to correlate, in real time, the multiple ... events received by Prelude. Several isolated alerts, generated from different probes, can thus trigger a single correlation alert should the events be related. This correlation alert then appears within the Prewikka interface and indicates the potential target information via the set of correlation rules.	2008-07-21 12:16:46 +00:00
shannonjr	59829784a4	Update to 0.9.14. Changes: ... - Improve thread safety when evicting events to disk. - Handle IDMEF message version tag, which will be used in upcoming libprelude version. - Add support for newer GnuTLS 2.2.0 session priority functions. When the option is available, the user might specify TLS settings through the "tls-options" configuration entry. - Fix a possible crash upon destruction of a bufpool that is writing to a failover. - Correct strtoul() error checking, when verifying scheduler options.	2008-07-21 12:12:15 +00:00
shannonjr	dc766237b5	Update to 0.9.18. Changes: ... - Add support for newer GnuTLS 2.2.0 session priority functions. When the option is available, the user might specify TLS settings through the "tls-options" configuration entry. - Workaround a GnuTLS issue where the client wouldn't be able to negotiate a supported compression protocol with the server (#299). - Implement variable substitution in Prelude configuration files. - Allow IDMEF criteria with multiples values for a single path, as can be seen in the following example: alert.classification.text = (A || B || C || D) - Implement negation of idmef-criteria, allowing to write criteria like: ! (alert.classification.text = A || alert.classification.text = B) - Fix an IDMEF-Criteria matching problem, where the match function would not attempt to match a OR after multiple consecutive AND that failed. Thanks Alexander Afonyashin <firm(at)iname.com> for pointing out the problem. - Never use non-pointer field, always use the "required" keyword. Fix API consistency issue, that could lead to unexpected behavior. - Fix multiples problem with prelude_read_multiline / prelude_read_multiline2, (fix a problem with prelude-manager idmef-criteria that wouldn't read external ruleset). - Error out if GnuTLS initialization fail.	2008-07-21 12:10:48 +00:00
heinz	921d1ed754	Updated to version 1.98. ... Pkgsrc changes: - none Changes since version 1.58: =========================== 1.98 Jul 08, 2008 * Precedence bug in Public::write() and Private::write() (http://rt.cpan.org/Public/Bug/Display.html?id=37489) Thanks to HRAFNKELL for reporting this! 1.96 Jul 06, 2008 * Set the version numbers in modules to $Crypt::RSA::Version::VERSIOn 1.95 Jul 06, 2008 * Remove STDERR error output in Crypt::RSA::SS::PSS. (http://rt.cpan.org/Public/Bug/Display.html?id=29048) * Allow symmetric cipher specification in Crypt::RSA::Key. (http://rt.cpan.org/Public/Bug/Display.html?id=27929) * Fix bug in AUTOLOAD. (http://rt.cpan.org/Public/Bug/Display.html?id=26028) * Use Module::Install instead of ExtUtils::MakeMaker * Consolidate versioning to module version in Crypt::RSA::Version (which is the reason for the version # jump) * "use base" instead of @ISA * "use FindBin" instead of the literal "lib" - this is safer.	2008-07-17 21:14:53 +00:00
heinz	34044d023c	Updated to version 1.24. ... Pkgsrc changes: - none Changes since version 1.21: =========================== 1.24 (Tue Jul 15 14:35:35 EDT 2008) - Remove references to Artistic License from README. 1.23 (Tue Jul 15 05:18:37 EDT 2008) - Applied patch from ANDK@cpan.org to avoid failures in reforgy.t [http://rt.cpan.org/Ticket/Display.html?id=27585] - Turned off warnings in the test suite. It is supposed to generate warnings but it freaks out people. - License changed to Artistic 2.0 | GPL for Fedora folks.	2008-07-17 20:50:24 +00:00
heinz	8a79320f1f	Updated to version 2.29. ... Pkgsrc changes: - none Changes since version 2.24: =========================== 2.29 Tue Apr 22 10:22:37 EDT 2008 - Fixed errors that occurred when encrypting/decrypting utf8 strings in Perl's more recent than 5.8.8. 2.28 Mon Mar 31 10:46:25 EDT 2008 - Fixed bug in onesandzeroes test that causes it to fail with Rijndael module is not installed. 2.27 Fri Mar 28 10:13:32 EDT 2008 - When taint mode is turned on and user is using a tainted key, explicitly check tainting of key in order to avoid "cryptic" failure messages from some crypt modules. 2.26 Thu Mar 20 16:41:23 EDT 2008 - Fixed onezeropadding test, which was not reporting its test count properly. 2.25 Fri Jan 11 15:26:27 EST 2008 - Fixed failure of oneandzeroes padding when plaintext size is an even multiple of blocksize. - Added new "rijndael_compat" padding method, which is compatible with the oneandzeroes padding method used by Crypt::Rijndael in CBC mode.	2008-07-17 20:28:08 +00:00
heinz	753ca44889	Updated to version 5.45. ... Pkgsrc changes: - none Changes since version 5.45: =========================== 5.47 Wed Apr 30 04:00:54 MST 2008 - modified Makefile.PL to install in core for Perls >= 5.10 -- thanks to Jerry Hedden for patch - changed from #include <> to #include "" in SHA.xs -- some platforms not able to find SHA source files -- thanks to Alexandr Ciornii for testing - moved .pm file to appropriate lib directory - minor addition to META.yml 5.46 Wed Apr 9 05:04:00 MST 2008 - modified Addfile to recognize leading and trailing whitespace in filenames (ref. rt.cpan.org #34690) - minor C source code modification (ref. hmac.c) - use const in sha.c for clean builds with -Wwrite-strings -- thanks to Robin Barker for patch	2008-07-17 19:02:32 +00:00
drochner	7beee17e68	-make this work with the openpam version in -current ... (I didn't try whether it still works on 4.0. Would be nice if someone did it.) -supply an example pam.conf file -slow down to avoid abuse, better cleanup in error cases, more paranoia thanks to Joerg for suggestions	2008-07-17 18:00:58 +00:00
rhaen	97f5307fde	- updated to 1.06 ... - fixed dependencies (required) ChangeLog: 1.06 - Wed Apr 23 13:14:34 2008 * This release has a compiler-bug workaround for Sun C 5.9 identified by Andy Armstrong. No, really, it was a compiler bug: http://in.opensolaris.org/jive/thread.jspa?threadID=53641&tstart=0 * You don't need to upgrade if you already have 1.05.	2008-07-17 10:59:22 +00:00
rhaen	198c9b7d69	- updated to 0.14 ... Changelog: 0.11 Wed Oct 31 20:26:13 2007 - fixed __reflect error 0.12 Sat Nov 3 10:11:42 2007 - Debug output removed 0.13 Sun Nov 4 11:22:54 2007 - fixed tests 0.14 Mon Nov 5 08:10:11 2007 - fixed __reflect error in non XS part	2008-07-16 13:53:24 +00:00
joerg	2c8433379b	Try to fix build on NetBSD.	2008-07-15 16:39:55 +00:00
mishka	c1c9887eb8	Use my NetBSD.org email - I read it much more regulary than any others.	2008-07-15 15:33:45 +00:00
drochner	3d80c5d3f6	sync w/ base pkg	2008-07-15 11:13:30 +00:00
drochner	c7853b86b0	update to 2.22.3 ... change: version bump for gnome-2.22.3	2008-07-15 11:12:42 +00:00
abs	da84bdd952	+p5-Crypt-GPG	2008-07-15 09:46:57 +00:00
abs	f4c4e59451	Added security/p5-Crypt-GPG version 1.63 ... The Crypt::GPG module provides access to the functionality of the GnuPG (www.gnupg.org) encryption tool through an object oriented interface. It provides methods for encryption, decryption, signing, signature verification, key generation, key certification, export and import. Key-server access is on the todo list.	2008-07-15 09:46:22 +00:00
adam	12be2ea8e0	Changes 2.1.19: ... * Improvements and bug fixes.	2008-07-15 09:17:27 +00:00
dsainty	8f8c9f2e65	Catch distinfo up with the removal of patch-a[bh]. ... (Hi Tobias :)	2008-07-14 22:19:11 +00:00
drochner	c44a332480	update to 2.22.3 ... changes: -Better initization of (non-crypto) random number generator -Build fixes	2008-07-14 17:20:35 +00:00
joerg	f605fec2db	Mark as destdir ready.	2008-07-14 12:55:56 +00:00
tnn	ecd7c12e2c	Update to openssl-0.9.8h. Changes from 0.9.8g: ... Two crashes discovered using the Codenomicon TLS test suite, as reported in CVE-2008-0891 and CVE-2008-1672, were fixed. The root CA certificates of commercial CAs were removed from the distribution. Functions were added to implement RFC3394 compatible AES key wrapping. Utility functions to handle ASN1 structures were added. The certificate status request TLS extension, as defined in RFC3546, was implemented. Several other bugfixes and enhancements were made.	2008-07-14 03:52:54 +00:00
bad	6fbd870d63	Make nessus-core honor PKG_SYSCONFBASE for configuration files. ... While here, move the sharedstatedir to VARBASE where it belongs. Bump PKGREVISION.	2008-07-01 21:27:38 +00:00
obache	28d2e6ccff	Treat DragonFly same as other *BSDs. ... Patch provided by Hasso Tepper in PR 38878.	2008-07-01 13:46:02 +00:00
taca	1632781072	Update sudo package to 1.6.9p17. ... 660) The -i flag should imply resetting the environment, as it did in sudo version prior to 1.6.9. Also, the -i and -E flags are mutually exclusive. 661) Fixed the configure test for dirfd() under Linux. 662) Fixed test for whether -lintl is required to link. 663) Changed how sudo handles the child process when sending mail. This fixes a problem on Linux with the mail_always option. 664) Fixed a problem with line continuation characters inside of quoted strings.	2008-06-30 15:53:41 +00:00
peter	a0fd6786bb	-pflkm	2008-06-26 21:01:25 +00:00
peter	28b5c355bc	Remove security/pflkm, it's outdated and unmaintained. ... Approved by agc.	2008-06-26 21:01:00 +00:00
drochner	ab0e7394b0	don't pass DESTDIR in CPPFLAGS, from Stephen Borrill	2008-06-25 18:17:33 +00:00
joerg	b34aa6885e	DESTDIR support.	2008-06-22 23:05:00 +00:00
he	b540489d0d	Add p5-Digest-MD5-File.	2008-06-21 22:25:52 +00:00
he	eb54c3aa26	Import p5-Digest-MD5-File version 0.06. ... Get MD5 sums for files of a given path or content of a given url.	2008-06-21 22:25:00 +00:00
joerg	3b0d97b0de	Add DESTDIR support.	2008-06-20 01:09:05 +00:00
taca	f7ceb84d39	- Switch to use vendor_dir with Ruby 1.8.7. ... Bump PKGREVISION.	2008-06-19 14:52:11 +00:00
tonnerre	edf2b93718	Fix shared library build on various architectures. This basically fiddles ... with the number of colons between the fields.	2008-06-16 20:18:20 +00:00
joerg	4addc4fd2d	Add missing directory.	2008-06-16 15:33:11 +00:00
peter	810255d978	Add detection for pf 4.1 and 4.2.	2008-06-15 14:03:22 +00:00
joerg	ba171a91fa	Add DESTDIR support.	2008-06-12 02:14:13 +00:00
shannonjr	9b17cd7da7	RE: pkg/38922: security/libprelude fails to build ... Applied Hasso Tepper recommended fix. Thank you.	2008-06-10 13:57:10 +00:00
tonnerre	dbcd463c31	Add more patches, now for MITKRB5-SA-2007-006, MITKRB5-SA-2008-001 and ... MITKRB5-SA-2008-002. Bump PKGREVISION now finally.	2008-06-07 23:58:11 +00:00
tonnerre	3dba4d1622	Add patches for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005. PKGREVISION ... will be bumped again once some other patches are in.	2008-06-07 22:26:10 +00:00
tonnerre	ee2541c198	Remove parts of a different security patch which slipped in but are not ... supported yet. Don't bump revision as the package didn't build before.	2008-06-07 20:22:18 +00:00
tonnerre	c94122195f	Add security patches for 3 Kerberos vulnerabilities: ... - telnetd username and environment sanitizing vulnerabilities ("-f root") as described in MIT Kerberos advisory 2007-001. - krb5_klog_syslog() problems with overly long log strings as described in MIT Kerberos advisory 2007-002. - GSS API kg_unseal_v1() double free vulnerability as described in the MIT Kerberos advisory 2007-003.	2008-06-07 18:36:06 +00:00
tonnerre	9005c221a8	Fix two Denial of Service vulnerabilities in OpenSSL 0.9.8g: ... - Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a silent crash. - Fix double free in TLS server name extensions which could lead to a remote crash. Patches from upstream.	2008-06-03 21:39:40 +00:00
obache	75e54952f2	Missing to add bin/chkutmp when updated to 0.47. ... Noticed by Hasso Tepper in PR 38822. Bump PKGREVISION.	2008-06-02 12:23:04 +00:00
obache	604ecba71a	Try to fix build failure on Solaris, it does not have LOG_AUTHPRIV.	2008-06-01 08:09:38 +00:00
tron	71065d0d2f	Restore NetBSD specific part of the patch which got lost in the ... last commit.	2008-05-30 13:55:48 +00:00
tron	9f3ec4170c	Fix build problem under Mac OS X caused by broken code to support ... getpeereid() .	2008-05-30 12:30:07 +00:00
drochner	c4594852f5	update to 2.22.2 ... changes: -Fix importing keys from hkp keyservers -build fixes	2008-05-29 16:53:20 +00:00
drochner	532e197c84	update to 2.22.2 ... changes: -minor UI improvements -bugfixes -portability improvements, in particular for credential passing on local sockets -- unfortunately a bit of the patch I submitted upstream got lost	2008-05-29 10:47:52 +00:00
schmonz	078836c257	Restore PKG_SYSCONFDIR support, lost in the last update. Bump PKGREVISION.	2008-05-29 00:44:30 +00:00
agc	ee52f51006	Make this package work on Mac OS X.	2008-05-27 22:28:21 +00:00
tnn	5f770b6c1a	Update to stunnel-4.24. ... 4.24: fix security problem (properly reject revoked certs) 4.23: WinNT bugfix 4.22: - A new global option to control logging to syslog. Simultaneous logging to a file and the syslog is now possible. - A new service level option to control stack size. - Restored chroot() to be executed after decoding numerical userid and groupid values in drop_privileges(). - A few bugs fixed the in the new libwrap support code. - TLSv1 method used by default in FIPS mode instead of SSLv3 client and SSLv23 server methods. 4.21: - Initial FIPS 140-2 support (see INSTALL.FIPS for details). - Experimental fast support for non-MT-safe libwrap is provided with pre-spawned processes. - Stunnel binary moved from /usr/local/sbin to /usr/local/bin in order to meet FHS and LSB requirements. - Added code to disallow compiling stunnel with pthreads when OpenSSL is compiled without threads support. - Minor manual update. - TODO file updated. - Dynamic locking callbacks added (needed by some engines to work). - AC_ARG_ENABLE fixed in configure.am to accept yes/no arguments. - On some systems libwrap requires yp_get_default_domain from libnsl, additional checking for libnsl was added to the ./configure script. - Sending a list of trusted CAs for the client to choose the right certificate restored. - Some compatibility issues with NTLM authentication fixed.	2008-05-27 11:51:32 +00:00
tnn	879c72f41f	Mark as not for bulk building on HPUX	2008-05-27 09:44:39 +00:00
joerg	3d8ef5a52d	Second round of explicit pax dependencies. As reminded by tnn@, ... many packages used to use ${PAX}. Use the common way of directly calling pax, it is created as tool after all.	2008-05-26 02:13:14 +00:00
wiz	22414ab751	Improve previous patch to still build on NetBSD 4.0 branch. ... Addresses PR 38744.	2008-05-25 21:50:45 +00:00
joerg	a8a3c01339	Explicitly add pax dependency in those Makefiles that use it (or have ... patches to add it). Drop pax from the default USE_TOOLS list. Make bsdtar the default for those places that wanted gtar to extract long links etc, as bsdtar can be built of the tree.	2008-05-25 21:42:20 +00:00
obache	e1120407b7	Require libgcrypt>=1.2.2. Noticed by Steve Bellovin in pkgsrc-users@. ... And also require opencdk>=0.6.5.	2008-05-24 04:59:59 +00:00
tnn	dff5175c58	Remove textproc/p5-String-Random which was a duplicate of ... security/p5-String-Random. Merge changes from the textproc one into the security one.	2008-05-22 19:04:37 +00:00
tnn	1a4e5d5cb6	Update to gnutls-2.2.5. ... * Version 2.2.5 (released 2008-05-19) Fix flaw in fix for GNUTLS-SA-2008-1-3. * Version 2.2.4 (released 2008-05-19) Fix three security vulnerabilities. [GNUTLS-SA-2008-1] [GNUTLS-SA-2008-1-1] libgnutls: Fix crash when sending invalid server name. [GNUTLS-SA-2008-1-2] libgnutls: Fix crash when sending repeated client hellos. [GNUTLS-SA-2008-1-3] libgnutls: Fix crash in cipher padding decoding for invalid record lengths. * Version 2.2.3 (released 2008-05-06) Increase default handshake packet size limit to 48kb. Fix compilation error related to __FUNCTION__ on some systems. Documented the --priority option to gnutls-cli and gnutls-serv. Fix fopen file descriptor leak in PSK server code. Build Guile code with -fgnu89-inline only when supported. Make Camellia encryption work.	2008-05-22 13:18:52 +00:00
obache	3a3654baf5	Update gsasl to 0.2.26. ... Based on patch provided by Eric Schnoebelen in PR 38692. While here, marked as DESTDIR support. Also fix CONFIGURE option for GSSAPI implement (I don't know from when). * Version 0.2.26 (released 2008-05-05) ** Translations files not stored directly in git to avoid merge conflicts. This allows us to avoid use of --no-location which makes the translation teams happier. ** Build fixes for the documentation. ** Update gnulib files. * Version 0.2.25 (released 2008-03-10) ** gsasl: Fix buffering issue to avoid mixing stdout/stderr outputs. This would manifest itself when redirecting output to a pipe, such as when used with Gnus. Reported by Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>, see <http://thread.gmane.org/gmane.comp.gnu.gsasl.general/123>. ** Fix non-portable use of brace expansion in makefiles. * Version 0.2.24 (released 2008-01-15) ** Link self-tests with gnulib, to fix link failures under MinGW. * Version 0.2.23 (released 2008-01-15) ** Improve CRAM-MD5 self-test to detect if challenges are the same. ** Improve gsasl --help and --version to conform with GNU standards. ** Use gettext 0.17. ** Update gnulib files. * Version 0.2.22 (released 2007-10-08) ** Development git tree moved to savannah. See <https://savannah.gnu.org/projects/gsasl/>. ** Fix warnings when building the tool 'gsasl'. ** Update gnulib files.	2008-05-21 15:22:56 +00:00
obache	1f8accbf4c	Fix MAINTAINER address typo since initial import. ... tech-pkg at jp.NetBSD.org => tech-pkg-ja at jp.NetBSD.org	2008-05-17 08:22:56 +00:00
drochner	0cb815d245	update to 1.7.3 ... changes: -direct-tcpip support -bug fixes pkgsrc change: disable use of Python setuptools (gives unpredictable results)	2008-05-15 18:27:43 +00:00
wiz	a7abc37f1c	Fix build on NetBSD-current with openssl-current, by adding a "const".	2008-05-15 11:06:05 +00:00
jwise	00cd99382b	libhcrypto.la only seems to get installed if we're building on 3.x or older, ... so make it only end up in the PLIST if that is the case.	2008-05-14 18:01:26 +00:00
taca	6c7222dc28	Update security/seudo pacakge to 1.6.p16. ... Major changes since Sudo 1.6.9p15: o There was missing whitespace before the ldap libraries in the Makefile for some configurations. o LDAPS_PORT may not be defined on older Solaris LDAP SDKs. o If the LDAP server could not be contacted and the user was not present in sudoers, a syntax error in sudoers was incorrectly reported.	2008-05-14 14:00:15 +00:00
agc	650bfc74c8	Add and enable stegtunnel	2008-05-09 21:40:34 +00:00
agc	6596cdb087	Initial import of stegtunnel-0.4 into the packages collection. ... Stegtunnel provides a covert channel in the IPID and sequence number fields of any desired TCP connection. It requires the server and client to have a previously shared secret in common to detect and decrypt the data.	2008-05-09 21:39:17 +00:00
joerg	a235d3b925	Supports DESTDIR.	2008-05-08 18:59:38 +00:00
joerg	b9d9951b4c	Supports DESTDIR	2008-05-08 18:32:19 +00:00
tonnerre	2f84995386	Fix build of OpenSSL on NetBSD/amd64 (4.0 and current tested)	2008-05-08 14:04:25 +00:00
jwise	6995e3bc58	Add missing library (libhcrypto) to PLIST, allowing sudo to build against ... this heimdal on 3.x. Bump PKGREVISION.	2008-05-05 02:26:03 +00:00
jlam	c98cfb0b82	Note addition of security/ruby-ezcrypto.	2008-05-01 21:10:19 +00:00
jlam	a353970006	Initial import of ruby18-ezcrypto-0.7 as security/ruby-ezcrypto. ... EzCrypto is an easy-to-use wrapper around the poorly documented OpenSSL Ruby library. Features include: * Defaults to AES 128 CBC * Will use OpenSSL library for transparent hardware crypto support * Single-class object-oriented access to most commonly used features * Ruby-like syntax	2008-05-01 21:09:47 +00:00
jmmv	0d3662ee66	Drop maintainership ... Stop lying and drop maintainership of these packages. I have not maintained them for a very long time already, so leave room for fresh blood to take over them.	2008-04-30 13:38:14 +00:00
shannonjr	753cd7d5a3	Re: pkg/38549 (Support for DragonFly to security/pcsc-lite) ... Synopsis: Support for DragonFly to security/pcsc-lite Incorporated fix submitted by Hasso Tepper.	2008-04-30 13:34:28 +00:00
shannonjr	6c169bd86d	Re: pkg/38550 (Support for DragonFly to security/ccid) ... Synopsis: Support for DragonFly to security/ccid Incorporated fix submitted by Hasso Tepper.	2008-04-30 13:32:21 +00:00
shannonjr	bc762658a7	Add patch to conditionally include <stdint.h> based on the symbol ... HAVE_STDINT_H generated by configure. This is required for compilation on Solaris 9.	2008-04-30 11:39:24 +00:00
wiz	d01506e74b	Update to 1.4: ... Version 1.4 (released 2008-04-21) - Update gnulib files. - Replace uses of alloca with malloc.	2008-04-29 11:45:55 +00:00
wiz	1cb31b9db7	Update to 1.4.1: ... Noteworthy changes in version 1.4.1 (2008-04-25) ------------------------------------------------ * Fixed a bug introduced by 1.3.1 which led to the comsumption of far too much entropy for the intial seeding. * Improved AES performance for CFB and CBC modes. * Removed build problems for the Padlock support.	2008-04-29 11:03:50 +00:00
bouyer	a02c5da190	Add py-smbpasswd	2008-04-28 22:05:05 +00:00
bouyer	31cf4566e4	py-smbpasswd version 1.0.1 ... This module can generate both LANMAN and NT password hashes, suitable for use with Samba.	2008-04-28 22:03:53 +00:00
shannonjr	8e0349434d	Update to 2.0.9. Changes: ... * Enhanced gpg-connect-agent with a small scripting language. * New option --list-config for gpgconf. * Fixed a crash in gpgconf. * The envvars XAUTHORITY and PINENTRY_USER_DATA are now passed to the pinentry. * Fixed the auto creation of the key stub for smartcards. * Fixed a rare bug in decryption using the OpenPGP card. * Creating DSA2 keys is now possible. * New option --extra-digest-algo for gpgsm to allow verification of broken signatures. * Allow encryption with legacy Elgamal sign+encrypt keys with option --rfc2440.	2008-04-28 14:54:27 +00:00
shannonjr	8f8197707f	Re: pkg/38508 (gnupg2 won't build) ... Builds without 'enable-maintainer-mode' being set	2008-04-28 14:21:27 +00:00
shannonjr	c786e8b6b2	Update to 0.9.14. Changes: ... - Let the user choose the type of sorting (default to time descending, available: time asc/desc, count asc/desc). - Implement Prewikka Asynchronous DNS resolution in alert view as well as message summary (require twisted.names and twisted.internet), see the additional dns_max_delay settings parameters in prewikka.conf. - In the alert summary view, handle portlist and ip_version service fields, and show alert messageid. - Fix exception when rendering ToolAlert. - Fix double classification escaping (could result in non working link for alert with classification containing escaped character). - Improvement to heartbeat retrieval (heartbeat view speedup). - Correct typo (fix #275), thanks Scott Olihovki <skippylou@gmail.com> for pointing this out. - Polish translation, by Konrad Kosmowski <konrad@kosmosik.net>. - Update to pt_BR translation, by Edelberto Franco Silva <edeunix@edeunix.com> - Various bug fixes and cleanup.	2008-04-28 10:59:42 +00:00
shannonjr	29d33b2356	Update to 0.9.12.2. Changes: ... - [rulesets]: Remove successful/failure keyword from classification (use IDMEF completion). Analyzer class sanitization. - [nagios] Handle Nagios V2 log entry (fix #283). - [spamassassin] Fix incorrect AdditionalData assignement. - New Suhosin ruleset, by Sebastien Tricaud <toady@inl.fr> - Fix invalid logfile inconsistency alert that could be triggered in a rare case, after a renaming detection. Alert improvement. - On logfile inconsistency alert, do not re-analyze the whole file. - Remove the 1024 bytes per PCRE reference limit. - Minor bug fixes, build system cleanup.	2008-04-28 10:54:08 +00:00
shannonjr	d53d7b9ff0	New patch required for 0.9.17	2008-04-28 10:52:40 +00:00
shannonjr	7634cc570d	Update to 0.9.17. Changes: ... - Implement RFC 4122 UUIDv1 identifier generation, more resistant to duplicate than our previous implementation in case of clock skew, or multiple client with the same analyzerid sending alert in parallel. - You can now provide NULL value to idmef_path_set() in order to destroy existing value within an IDMEF message. - Unify memory handling of value retrieval through idmef_path_t. This allow the user to retrieve and keep any values, even through the associated IDMEF message is freed. - Build system cleanup, enable RELRO when possible. - Implement PRELUDE_CLIENT_FLAGS_AUTOCONFIG, which is set by default, but that applications might unset in order for their client not to read the default profile/global configuration. - Fix possible assertion when destroying un-started prelude-client. - Improvement to the prelude-io API, the user might now hook its own handling function. - Fix dumping of (not) NULL criteria operator to string. Remove gratuitous space insertion when dumping criteria. - Headers fixes for C++ build. - Fix printing and cloning of empty IDMEF string. - In IDMEF to string convertion code, print <invalid enum value> in place of NULL on invalid enumeration value. - Various bug fixes.	2008-04-28 10:51:49 +00:00
frueauf	8255221254	Set MAINTAINER to pkgsrc-users@NetBSD.org to indicate anyone can work on fixes for those packages.	2008-04-27 18:14:03 +00:00
tnn	351ceffa01	Update to OpenSSH 5.0p1. ... Changes since 4.7: - fix two security issues - chroot support for sshd(8) - sftp server internalized in sshd(8) - assorted bug fixes	2008-04-27 00:34:27 +00:00
tnn	97822f1b10	Fix DEPENDS for Python 2.5.	2008-04-25 22:30:47 +00:00
tnn	29075003c4	Don't hardcode PYPKGPREFIX in bl3.mk	2008-04-25 22:16:20 +00:00
joerg	a77e7015fe	Update PYTHON_VERSIONS_COMPATIBLE ... - assume that Python 2.4 and 2.5 are compatible and allow checking for fallout. - remove PYTHON_VERSIONS_COMPATIBLE that are obsoleted by the 2.3+ default. Modify the others to deal with the removals.	2008-04-25 20:39:06 +00:00
jlam	9080934d3b	Fix detection of openssl configuration directory on NetBSD so it's ... /etc/openssl only if USE_BUILTIN.openssl is "yes".	2008-04-25 20:06:15 +00:00
smb	a24a1950a1	Fix function prototype mismatch	2008-04-25 15:16:31 +00:00
tnn	a18f03ef3a	revbumps due to libevent update.	2008-04-22 18:06:09 +00:00
adam	18b56f1131	Changes 2.1.18: ... This version includes compilers for Cisco PIX and IOS access lists which were released under GPL.	2008-04-21 15:43:15 +00:00
jnemeth	ad43885514	sort	2008-04-20 02:48:38 +00:00
drochner	be979fabcc	update to 2.22.1 ... This switches to the gnome-2.22 release branch.	2008-04-15 18:53:42 +00:00
wiz	8015905674	Update to 1.0: ... Ignore temporary build files make make install install stuff. Bump NEWS.Debian. Proposed solution for #462897: unconditionally sync keys between normal gnupg home and caff gnupg home on startup, to cope with changed keys.	2008-04-13 22:26:34 +00:00
schmonz	077f92a68f	Update to 0.90. From the changelog: ... - Added support for chaining modules within the version client library. To use this, specify the module string as a list of modules separated with commas. For example: cvm-command:/path/to/module,cvm-local:/path/to/socket This enhancement deprecates the cvm-chain module. - Introduced an "out of scope" fact, to be used on credential rejection results when the supplied credentials are outside of the scope of authority of the module. The cvm-vmailmgr and cvm-qmail modules report this fact as appropriate, and cvm-chain copies it as appropriate from the modules it invokes. - A random anti-spoofing tag is added to all version 2 client requests. Its length is set by $CVM_RANDOM_BYTES and defaults to 8. - Fixed a bug that caused the domain output to be set incorrectly when doing qmail lookups with a domain not in the control files with $CVM_QMAIL_ASSUME_LOCAL set.	2008-04-13 06:51:19 +00:00
jlam	841dfa0e7a	Convert to use PLIST_VARS instead of manually passing "@comment " ... through PLIST_SUBST to the plist module.	2008-04-12 22:42:57 +00:00
wiz	5eb83dd9bc	Remove non-standard qt4/lib/pkgconfig directory. Bump PKGREVISION.	2008-04-12 10:35:17 +00:00
jlam	ba8d4b3c72	Remove unnecessary PLIST_SUBST definition -- the PLIST is dynamic through ... the use of AUTHLIB_PLIST, so we don't need to comment stuff out.	2008-04-10 20:56:33 +00:00
drochner	2a4296c275	update to 2.22.1 ... This switches to the gnome-2.22 release branch.	2008-04-10 16:53:44 +00:00
wiz	a865b2e1c4	Fix path in DEPENDS line.	2008-04-10 07:56:09 +00:00
taca	87c3f03083	Fix build problem with hpn-patch option enabled.	2008-04-08 06:36:47 +00:00
joerg	ced3928058	Fix installation.	2008-04-07 18:06:07 +00:00
joerg	37963f36a5	Fix DESTDIR.	2008-04-07 18:04:21 +00:00
joerg	a820e04656	Add missing directories.	2008-04-07 16:45:35 +00:00
markd	c3348303f2	also set KRB5_CONFIG in the case where using builtin but ... /usr/bin/krb5-config exists. Fixes build of imap-uw package with the kerberos option on NetBSD-current and possibly other platforms.	2008-04-04 21:10:45 +00:00
jlam	6973294f00	Add and enable new ruby-* packages.	2008-04-04 15:33:05 +00:00
jlam	6488c3a1fb	Initial import of ruby18-net-ssh-1.1.2 as security/ruby-net-ssh. ... Net::SSH is to SSH as Net::Telnet is to Telnet and Net::HTTP is to HTTP. Perform non-interactive SSH processing, purely from Ruby!	2008-04-04 15:20:34 +00:00
jlam	5fa529a3b5	Initial import of ruby18-net-sftp-1.1.1 as security/ruby-net-sftp. ... Net::SFTP is a pure-Ruby implementation of the SFTP client protocol.	2008-04-04 15:20:28 +00:00
tonnerre	2442cc7499	Fix two vulnerabilities in OpenSSH: ... - X11 forwarding information disclosure (CVE-2008-1483) - ForceCommand bypass vulnerability	2008-04-03 07:59:08 +00:00
jlam	38a70df401	Don't hardcode "0 0" for the root user and group -- use ${REAL_ROOT_USER} ... and ${REAL_ROOT_GROUP} instead. The pkginstall framework checks for the name of the user and group, not the uid and gid, when comparing permissions. This fixes the following spurious warning from appearing: The following files are used by sudo-1.6.9p15 and have the wrong ownership and/or permissions: /usr/pkg/etc/sudoers (m=0440, o=0, g=0)	2008-04-02 15:06:07 +00:00
taca	e07592e07d	Update sudo package to 1.6.9p15. ... 653) Fixed installation of sudo_noexec.so on AIX. 654) Updated libtool to version 1.5.26. 655) Fixed printing of default SELinux role and type in -V mode. 656) The HOME environment variable is once again preserved by default, as per the documentation.	2008-03-29 14:16:58 +00:00
adrianp	ffbce7705e	Update to gnupg-1.4.9 ... Addresses a recent security issue that only impacts 1.4.8 and 2.0.8 * Improved AES encryption performance by more than 20% (on ia32). Decryption is also a bit faster. * Fixed possible memory corruption bug in 1.4.8 while importing OpenPGP keys.	2008-03-26 21:20:34 +00:00
tron	ae5dce2428	Add a new option "via-padlock" which enables support for the ... VIA PadLock Security Engine: - The new option is turned on by default. - The new option is only available on i386 systems except Mac OS X (which doesn't work on VIA CPU). - The new option isn't available on system which uses GCC 3.x because it causes build failures. This fixes PR pkg/38197. Approved by Dieter Baron.	2008-03-26 20:09:43 +00:00
tron	6af1f268fd	Readd checksum for "libgcrypt-1.2.4-idea.diff.bz2" which was accidentally ... removed in revision 1.22.	2008-03-25 21:39:45 +00:00
wiz	b117f6c81a	Remove openssh+gssapi. ... It has security problems for a long time now. Removal was announced on pkgsrc-users on March 13.	2008-03-25 13:44:00 +00:00
seb	bf27fa9cf5	Add a hack for GCC 3.* failing to compile asm() call in ... cipher/rijndael.c:do_padlock(): seen with GCC 3.3.3 on NetBSD.	2008-03-16 20:14:38 +00:00
wiz	1b8ea98f12	Sort.	2008-03-16 00:14:01 +00:00
tnn	fd23ed0d29	Fix build with MIPSPro. PR pkg/38210.	2008-03-11 22:19:54 +00:00
tnn	882d3eb4fe	Put back a couple of IRIX conditionals the way they used to behave, ... e.g. match IRIX 5.x but not 6.x. Some of these may indeed apply to 6.x too, but let's be conservative. PR pkg/38224.	2008-03-11 18:47:40 +00:00
taca	1b21c85160	Update sudo package to 1.6.9p14. ... pkgsrc changes: - Explict to depends security/heimdal package when kerberos option is specified. PR pkg/37999 should be fixed. Change: 646) Sudo will now set the nproc resource limit to unlimited on Linux systems to work around Linux's setuid() resource limit semantics. On PAM systems the resource limits will be reset by pam_limits.so before the command is executed. 647) SELinux support that can be used to implement role based access control (RBAC). A role and (optional) type may be specified in sudoers or on the command line. These are then used in the security context that the command is run as. 648) Fixed a Kerberos 5 compilation problem with MIT Kerberos. Sudo 1.6.9p13 released. 649) Fixed an invalid assumption in the PAM conversation function introduced in version 1.6.9p9. The conversation function may be called for non-password reading purposes as well. 650) Fixed freeing an uninitialized pointer in -l mode, introduced in version 1.6.9p13. 651) Check /etc/sudoers after LDAP even if the user was found in LDAP. This allows Defaults options in /etc/sudoers to take effect. 652) Add missing checks for enforcing mode in SELinux RBAC mode. Sudo 1.6.9p14 released.	2008-03-11 15:52:51 +00:00
wiz	ab973e6cbc	Update to 1.4.0: ... Noteworthy changes in version 1.4.0 (2007-12-10) ------------------------------------------------ * New configure option --disable-padlock-support which is mostly useful in case of build problems. Noteworthy changes in version 1.3.2 (2007-12-03) ------------------------------------------------ * The visibility attribute is now used if supported by the toolchain. * The ACE engine of VIA processors is now used for AES-128. * The ASN.1 DER template for SHA-224 has been fixed. Noteworthy changes in version 1.3.1 (2007-10-26) ------------------------------------------------ * The entire library is now under the LGPL. The helper programs and the manual are under the GPL. Kudos to Peter Gutmann for giving permissions to relicense the rndw32 and rndunix modules. * The Camellia cipher is now under the LGPL and included by default. * Fixed a bug in the detection of symbol prefixes which inhibited the build of optimzied assembler code on certain systems. * Updated the entropy gatherer for W32. Noteworthy changes in version 1.3.0 (2007-05-04) ------------------------------------------------ * Changed the way the RNG gets initialized. This allows to keep it uninitialized as long as no random numbers are used. To override this, the new macro gcry_fast_random_poll may be used. It is in general a good idea to spread this macro into the application code to make sure that these polls happen often enough. * Made the RNG immune against fork without exec. * Reading and writing the random seed file is now protected by a fcntl style file lock on systems that provide this function. * Support for SHA-224 and HMAC using SHA-384 and SHA-512. * Support for the SEED cipher. * Support for the Camellia cipher. Note that Camellia is disabled by default, and that enabling it changes the license of libgcrypt from LGPL to GPL. * Support for OFB encryption mode. * gcry_mpi_rshift does not anymore truncate the shift count. * Reserved algorithm ranges for use by applications. * Support for DSA2. * The new function gcry_md_debug should be used instead of the gcry_md_start_debug and gcry_md_stop_debug macros. * New configure option --enable-random-daemon to support a system wide random daemon. The daemon code is experimental and not yet very well working. It will eventually allow to keep a global random pool for the sake of short living processes. * Non executable stack support is now used by default on systems supporting it. * Support for Microsoft Windows. * Assembler support for the AMD64 architecture. * New configure option --enable-mpi-path for optimized builds. * Experimental support for ECDSA; should only be used for testing. * New control code GCRYCTL_PRINT_CONFIG to print the build configuration. * Minor changes to some function declarations. Buffer arguments are now typed as void pointer. This should not affect any compilation. Fixed two bugs in return values and clarified documentation. * Interface changes relative to the 1.2.0 release: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ gcry_fast_random_poll NEW gcry_md_debug NEW gcry_sexp_nth_string NEW GCRY_MD_SHA224 NEW GCRY_PK_USAGE_CERT NEW GCRY_PK_USAGE_AUTH NEW GCRY_PK_USAGE_UNKN NEW GCRY_PK_ECDSA NEW GCRY_CIPHER_SEED NEW GCRY_CIPHER_CAMELLIA128 NEW GCRY_CIPHER_CAMELLIA192 NEW GCRY_CIPHER_CAMELLIA256 NEW GCRYCTL_FAKED_RANDOM_P NEW GCRYCTL_PRINT_CONFIG NEW GCRYCTL_SET_RNDEGD_SOCKET NEW. gcry_mpi_scan CHANGED: Argument BUFFER is now void*. gcry_pk_algo_name CHANGED: Returns "?" instead of NULL. gcry_cipher_algo_name CHANGED: Returns "?" instead of "". gcry_pk_spec_t CHANGED: Element ALIASES is now const ptr. gcry_md_write_t CHANGED: Argument BUF is now a const void*. gcry_md_ctl CHANGED: Argument BUFFER is now void*. gcry_cipher_encrypt CHANGED: Arguments IN and OUT are now void*. gcry_cipher_decrypt CHANGED: Arguments IN and OUT are now void*. gcry_sexp_sprint CHANGED: Argument BUFFER is now void*. gcry_create_nonce CHANGED: Argument BUFFER is now void*. gcry_randomize CHANGED: Argument BUFFER is now void*. gcry_cipher_register CHANGED: Argument ALGORITHM_ID is now int*.	2008-03-07 16:16:22 +00:00
wiz	8e810a2bc9	Recursive PKGREVISION bump for gnutls-2.2.2 update with shlib major bump.	2008-03-06 14:53:47 +00:00
wiz	0cf6fb1a13	Update to 2.2.2: ... * Version 2.2.2 (released 2008-02-21) ** Cipher priority string handling now handle strings that starts with NULL. Thanks to Laurence Withers <l@lwithers.me.uk>. ** Corrected memory leaks in session resuming and DHE ciphersuites. Reported by Daniel Stenberg. ** Increased the default certificate verification chain limits and allowed for checks without limitation. ** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary strings and return the proper size. ** API and ABI modifications: No changes since last version. * Version 2.2.1 (released 2008-01-17) ** Prevent linking libextra against previously installed libgnutls. Tiny patch from "Alon Bar-Lev" <alon.barlev@gmail.com>, see <http://bugs.gentoo.org/show_bug.cgi?id=202269>. ** Fixes the post_client_hello_function(). The extensions are now parsed in a callback friendly way. ** Fix for certificate selection in servers with certificate callbacks. ** API and ABI modifications: No changes since last version. * Version 2.2.0 (released 2007-12-14) Major changes compared to the v2.0 branch: * SRP support aligned with newly published RFC 5054. * OpenPGP support aligned with newly published RFC 5081. * Support for DSA2 keys. * Support for Camellia cipher. * Support for Opaque PRF Input extension. * PKCS#8 parser now handle DSA keys. * Change from GPLv2 to GPLv3 for command-line tools, libgnutls-extra, etc. Notice that liblzo2 2.02 is licensed under GPLv2 only. Earlier versions, such as 2.01 which is included with GnuTLS, is available under GPLv2 or later. If this incompatibility causes problems, we recommend you to disable LZO using --without-lzo. LZO compression is not a standard TLS compression algorithm, so the impact should be minimal. * Functions for disabling record protocol padding. Works around bugs on Nokia/Ericsson phones. * New functions gnutls_priority_set() for setting cipher priorities easily. Priorities like "COMPAT" also enables other work arounds, such as disabling padding. * Other minor improvements and bug fixes. Minor changes compared to the latest v2.1.8 release candidate: * Update internal copy of libtasn1 to version 1.2. * Certtool --verify-chain now handle inputs larger than 64kb. This fixes the self-test "rsa-md5-collision" under MinGW+Wine with recent versions of libgcrypt. The problem was that Wine with the libgcrypt RNG generates huge amounts of debugging output. * Translation updates. Added Dutch translation. Updated Polish and Swedish translation. Backwards incompatible API/ABI changes in GnuTLS 2.2 ==================================================== To adapt to changes in the TLS extension specifications for OpenPGP and SRP, the GnuTLS API had to be modified. This means breaking the API and ABI backwards compatibility. That is something we try to avoid unless it is necessary. We decided to also remove the already deprecated stub functions for X.509 to XML conversion and TLS authorization (see below) when we had the opportunity. Generally, most applications does not need to be modified. Just re-compile them against the latest GnuTLS release, and it should work fine. Applications that use the OpenPGP or SRP features needs to be modified. Below is a list of the modified APIs and discussion of what the minimal things you need to modify in your application to make it work with GnuTLS 2.2. Note that GnuTLS 2.2 also introduces new APIs -- such as gnutls_set_priority() that is superior to gnutls_set_default_priority() -- that you may want to start using. However, using those new APIs is not required to use GnuTLS 2.2 since the old functions continue are still supported. This text only discuss what you minimally have to modify. XML related changes ------------------- The function `gnutls_x509_crt_to_xml' has been removed. It has been deprecated and only returned an error code since GnuTLS version 1.2.11. Nobody has complained, so users doesn't seem to miss the functionality. We don't know of any other library to convert X.509 certificates into XML format, but we decided (long ago) that GnuTLS isn't the right place for this kind of functionality. If you want help to find some other library to use here, please explain and discuss your use case on help-gnutls <at> gnu.org. TLS Authorization related changes --------------------------------- Everything related to TLS authorizations have been removed, they were only stub functions that returned an error code: GNUTLS_SUPPLEMENTAL_AUTHZ_DATA gnutls_authz_data_format_type_t gnutls_authz_recv_callback_func gnutls_authz_send_callback_func gnutls_authz_enable gnutls_authz_send_x509_attr_cert gnutls_authz_send_saml_assertion gnutls_authz_send_x509_attr_cert_url gnutls_authz_send_saml_assertion_url SRP related changes ------------------- The callback gnutls_srp_client_credentials_function has a new prototype, and its semantic has changed. You need to rewrite the callback, see the updated function documentation and SRP example code (doc/examples/ex-client-srp.c and doc/examples/ex-serv-srp.c) for more information. The alert codes GNUTLS_A_MISSING_SRP_USERNAME and GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert is used. There are #define's to map the old names to the new. You may run into problems if you have a switch-case with cases for both SRP alerts, since they are now mapped to the same value. The solution is to drop the SRP alerts from such switch cases, as they are now deprecated in favor of GNUTLS_A_UNKNOWN_PSK_IDENTITY. OpenPGP related changes ----------------------- The function `gnutls_certificate_set_openpgp_keyserver' have been removed. There is no replacement functionality inside GnuTLS. If you need keyserver functionality, consider using the GnuPG tools. All functions, types, and error codes related to OpenPGP trustdb format have been removed. The trustdb format is a non-standard GnuPG-specific format, and we recommend you to use key rings instead. The following have been removed: gnutls_certificate_set_openpgp_trustdb gnutls_openpgp_trustdb_init gnutls_openpgp_trustdb_deinit gnutls_openpgp_trustdb_import gnutls_openpgp_key_verify_trustdb gnutls_openpgp_trustdb_t GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED The following functions has an added parameter of the (new) type `gnutls_openpgp_crt_fmt_t'. The type specify the format of the data (binary or base64). The functions are: gnutls_certificate_set_openpgp_key_file gnutls_certificate_set_openpgp_key_mem gnutls_certificate_set_openpgp_keyring_mem gnutls_certificate_set_openpgp_keyring_file To improve terminology and align with the X.509 interface, some functions have been renamed. Compatibility mappings exists. The old and new names of the affected functions and types are: Old name New name gnutls_openpgp_key_t gnutls_openpgp_crt_t gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT gnutls_openpgp_key_init gnutls_openpgp_crt_init gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit gnutls_openpgp_key_import gnutls_openpgp_crt_import gnutls_openpgp_key_export gnutls_openpgp_crt_export gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname gnutls_openpgp_send_key gnutls_openpgp_send_cert * Version 2.0.0 (released 2007-09-04) The following changes have been made since GnuTLS 1.6: * Support for external RSA/DSA signing for TLS client authentication. This allows you to secure the private key better, for example by using privilege-separation techniques between the private key and the network client/server. * Support for signing X.509 certificates using RSA with SHA-256/384/512. * Experimental support for TLS 1.2 (disabled by default). The TLS 1.2 specification is not finalized yet, but we implement a draft version for testing. * Support for X.509 Proxy Certificates (RFC 3820) * Support for Supplemental handshakes messages (RFC 4680). * Support for TLS authorization extension (draft-housley-tls-authz-extns-07). * Support for the X.509 'otherName' Subject Altnerative Names (for XMPP). * Guile bindings for GnuTLS have been added, thanks to Ludovic Courtes. * Improve logic of gnutls_set_default_priority() which can now be more recommended. * New APIs to enumerate supported algorithms in the library. * New APIs to access X.509 Certificate extension sequentially. * New APIs to print X.509 Certificates and CRLs in human readable formats. * New APIs to extract X.509 Distinguished Names from certificates. * New APIs to handle pathLenConstraint in X.509 Basic Constraints. * Certtool can export more than one certificate to PKCS#12. * Several message translation improvements. * Instructions and improvements to easily set up a HTTPS test server. * Included copies updated to Libtasn1 1.1 and OpenCDK 0.6.4. * Build improvements for Windows, Mac OS X, uClinux, etc. * GnuTLS is now developed in GIT. * Improved manual * Many bugfixes and minor improvements.	2008-03-06 14:52:12 +00:00
jlam	84361e6a3d	As of revision 1.2 of termcap.buildlink3.mk, "-ltermcap" is automatically ... transformed into the correct set of libraries, so we no longer need to override the configure script's check for which library has tgetent().	2008-03-04 22:37:46 +00:00
shannonjr	33cef9b4f5	Correct pathname pkgsrc/local to pkgsrc/security.	2008-03-04 15:52:15 +00:00
wiz	8dff0af114	Update to 1.3: ... Version 1.3 (released 2008-02-01) - Handle 'INTEGER { ... } (a..b)' regression. Revert parts of earlier fix. asn1Parser can now again parse src/pkix.asn1. The ASN1.c file was generated using Bison 2.3. - Move examples from src/ to new directory examples/. - Duplicate copy of divergated pkix.asn removed. - Merge unnecessary lib/defines.h into lib/int.h. - Configure no longer tries to use gcc -pipe. - Update gnulib files. - Fix mem leak in self-test. Version 1.2 (released 2007-12-10) - Update gnulib files. Version 1.1 (released 2007-08-31) - Fix bug that made asn1_check_version believe that 1.0 is older than 0.3.10. Version 1.0 (released 2007-08-31) - The self-tests, command line tools and build infrastructure have been re-licensed from GPLv2 to GPLv3. - Doc fixes. - Update gnulib files. Version 0.3.10 (released 2007-05-25) - Update gnulib files.	2008-03-04 15:06:42 +00:00
shannonjr	5d67f27acf	Added entries for pcsc-lite, ccid, p5-pcsc, pcsc-tools and CoolKey.	2008-03-04 11:37:32 +00:00
shannonjr	4168c23b12	Provides driver support for the CoolKey and Common Access Card (CAC) ... smart card used in a Public Key Infrastructure (PKI). The libpkcs11 module allows use of Smart Cards in applications that use mozilla Network Security Services (NSS).	2008-03-04 11:33:02 +00:00
shannonjr	5a21c9eec3	Provides several tools that are useful when working ... with smart cards: csc_scan regularly scans every PC/SC reader connected to the host and reports when a card is inserted or removed. ATR_analysis is a Perl script used to parse the smart card ATR. The smartcard_list.txt contains ATR of some cards. It is used by ATR_analysis to find a card model corresponding to the ATR. The perl script scriptortis used to send commands to a smart card using a batch file or stdin.	2008-03-04 11:32:15 +00:00
shannonjr	0305335642	This package contains a Perl wrapper to the PC/SC smartcard library ... (pcsc-lite) from MUSCLE together with some small examples.	2008-03-04 11:31:04 +00:00
shannonjr	30a5bfae3e	This package provides a generic USB CCID (Chip/Smart Card Interface ... Devices) driver and ICCD (Integrated Circuit(s) Card Devices). See the USB CCID and ICCD specifications from the USB working group.	2008-03-04 11:30:08 +00:00
shannonjr	d6204794ef	The purpose of PC/SC Lite is to provide a Windows(R) SCard interface in a ... very small form factor for communicating to smartcards and readers. The PC/SC Lite library is used to connect to the PC/SC daemon from a client application and provide access to the desired reader.	2008-03-04 11:29:08 +00:00
rillig	ebcb0ce01e	Resign from maintaining a lot of packages, so everyone is free to update ... them at will.	2008-03-04 11:02:23 +00:00
tonio	1fc4d6fc09	Update ocaml-ssl to 0.4.2 ... Update provided by Jaap Boender in PR 38145 Release notes not available. Added a .include bsd.prefs.mk so that MACHINE_ARCH is correctly defined.	2008-03-03 18:14:19 +00:00
shannonjr	9640842eb0	Update to 0.9.11. Changes: ... - In case a lot of message were being processed, the heartbeat timer could be delayed for a long period of time. - The old scheduler algorithm could be unfair when certain message priority were not available for processing. We now appropriatly handle repartition to others priority messages. - Message of the same priority could be processed in the wrong order when on-disk buffers were used. - No integrity check were performed on orphan on-disk buffer in case of an operating system crash. By using the prelude-failover API, we can now detect possibly corrupted disk buffer, or resume at the time we stopped recovering them. - New sched-priority and sched-buffer-size configuration options. - Fix a bug where several relaying plugin instance would only forward their message to a single Manager.	2008-03-03 15:15:32 +00:00
shannonjr	39e994d32f	Update to 0.9.16.2. Changes: ... - Fix bindings for IDMEF 'get_next' functions. - Make sure we use no additional GnuLib compiler flags when building bindings, this fix bindings compilation failure on some architecture (Solaris).	2008-03-03 15:13:02 +00:00
bjs	324979ec68	Add libssh2 to category Makefile.	2008-03-02 16:14:34 +00:00
bjs	8740bfa07f	Import libssh2-0.18, a library implementing the SSH2 protocol (available ... under the revised BSD license).	2008-03-02 14:11:54 +00:00
jlam	ca5929bc04	The "missing-from-system" headers that Heimdal installs are now placed ... into ${PREFIX}/include/krb5/roken instead of ${PREFIX}/include/krb5. This is good because it reduces the likelihood of a conflict with any other similarly named headers if you simply add -I${PREFIX}/include/krb5 to the compiler command line. Patch from PR pkg/38119 by charlie.	2008-03-02 06:41:32 +00:00
jlam	9d8755394f	Rename termlib.* to termcap.* to better document exactly what packages ... are trying to use (the termcap t*() API).	2008-02-29 22:41:13 +00:00
jlam	81dece3fea	Update security/heimdal to version 1.1. Changes from version 0.7.2 include: ... * Read-only PKCS11 provider built-in to hx509. * Better compatibilty with Windows 2008 Server pre-releases and Vista. * Add RFC3526 modp group14 as default. * Handle [kdc] database = { } entries without realm = stanzas. * Add gss_pseudo_random() for mechglue and krb5. * Make session key for the krbtgt be selected by the best encryption type of the client. * Better interoperability with other PK-INIT implementations. * Alias support for inital ticket requests. * Make ASN.1 library less paranoid to with regard to NUL in string to make it inter-operate with MIT Kerberos again. * PK-INIT support. * HDB extensions support, used by PK-INIT. * New ASN.1 compiler. * GSS-API mechglue from FreeBSD. * Updated SPNEGO to support RFC4178. * Support for Cryptosystem Negotiation Extension (RFC 4537). * A new X.509 library (hx509) and related crypto functions. * A new ntlm library (heimntlm) and related crypto functions. * KDC will return the "response too big" error to force TCP retries for large (default 1400 bytes) UDP replies. This is common for PK-INIT requests. * Libkafs defaults to use 2b tokens. * krb5_kuserok() also checks ~/.k5login.d directory for acl files. * Fix memory leaks. * Bugs fixes	2008-02-28 14:11:55 +00:00
rillig	b32b7657bb	Replaced the deprecated INSTALLATION_DIRS_FROM_PLIST with AUTO_MKDIRS, ... to shut up the pkglint warnings.	2008-02-28 11:58:47 +00:00
jlam	0c8cfdf12d	Update security/heimdal to version 1.1. Changes from version 0.7.2 include: ... * Read-only PKCS11 provider built-in to hx509. * Better compatibilty with Windows 2008 Server pre-releases and Vista. * Add RFC3526 modp group14 as default. * Handle [kdc] database = { } entries without realm = stanzas. * Add gss_pseudo_random() for mechglue and krb5. * Make session key for the krbtgt be selected by the best encryption type of the client. * Better interoperability with other PK-INIT implementations. * Alias support for inital ticket requests. * Make ASN.1 library less paranoid to with regard to NUL in string to make it inter-operate with MIT Kerberos again. * PK-INIT support. * HDB extensions support, used by PK-INIT. * New ASN.1 compiler. * GSS-API mechglue from FreeBSD. * Updated SPNEGO to support RFC4178. * Support for Cryptosystem Negotiation Extension (RFC 4537). * A new X.509 library (hx509) and related crypto functions. * A new ntlm library (heimntlm) and related crypto functions. * KDC will return the "response too big" error to force TCP retries for large (default 1400 bytes) UDP replies. This is common for PK-INIT requests. * Libkafs defaults to use 2b tokens. * krb5_kuserok() also checks ~/.k5login.d directory for acl files. * Fix memory leaks. * Bugs fixes	2008-02-28 08:14:41 +00:00
adam	7cf5a9029c	Changes 2.1.17: ... This is a bug-fix release. It improves stablility of the policy importer on 64-bit platforms, supports import of iptables policies that use TCPMSS target, fixes problems with built-in RCS on windows when user does not have administrator's rights and comes with nearly 100% Brazilian Portugese translation	2008-02-21 17:34:08 +00:00
tnn	20a85821ab	Link shared libraries with -rpath on IRIX to prevent check-shlibs errors.	2008-02-20 01:10:20 +00:00
reed	e9c0ed7055	Update to 2.5.3. This update is from maintainer in PR #38062. ... From the amavisd-new-2.5.3 release notes: BUG FIXES - fix parsing a SMTP status response from MTA when releasing from a quarantine, when a MTA response did not include an enhanced status code (RFC 3463) (such as with old versions of Postfix); a parsing failure resulted in attribute "setreply=450 4.5.0 Unexpected:..." in an AM.PDP protocol response, even though a release was successful; reported by Ron Miller, John M. Kupski, investigated by Tony Caduto and Jeremy Fowler; - change parsing of addresses in From, To, and Cc header fields, avoiding complex Perl regular expressions which could crash a process on certain degenerate cases of these header fields; thanks for detailed problem reports to Carsten Lührs and Attila Nagy; - completely rewritten parsing of Received header field to work around a Perl regular expression problem which could crash a process on certain degenerate cases of mail header fields; problem reported by Thomas Gelf; - harden to some extent regular expressions in parse_message_id to cope better with degenerate cases of header fields carrying message-id; - sanitize 8-bit characters in In-Reply-To and References header fields before using them in Pen Pals SQL lookups to avoid UTF-8 errors like: penpals_check FAILED: sql exec: err=7, 22021, DBD::Pg::st execute failed: ERROR: invalid byte sequence for encoding "UTF8": 0xd864 - when turning an infection report into a spam report, avoid adding newly discovered virus names (i.e. fraud names) to a cached list if these names are already listed; previously the list would just grow on each passage through a cache, leading to unsightly long lists of spam tests in a report; based on a patch by Henrik Krohns; - fix diagnostics when an invalid command line argument is given; OTHER - reduce log clutter when certain Perl modules are loaded late, i.e. after chrooting and daemonizing, but still before a fork; now only issue one log entry by a parent process: "extra modules loaded after daemonizing: "; - slightly relax mail address syntax in subroutine split_address; - fetch additional information (tags) from SpamAssassin: TESTS, ASN, ASNCIDR, DKIMDOMAIN and DKIMIDENTITY, making them available through a macro 'supplementary_info' (if a version of SpamAssassin in use provides them); - updated DKIM section in amavisd-new-docs.html, removing the historical DomainKeys milter from examples; - declared a dummy subroutine dkim_key() and new dummy configuration variables @dkim_signature_options_bysender_maps, %signed_header_fields, $reputation_factor, @signer_reputation_maps and $sql_partition_tag, members of policy banks, in preparation for 2.6.0 - declared now for improved downgrade compatibility of 2.6.0 configuration files, if need arises.	2008-02-19 16:20:15 +00:00
reed	f7336fad52	Sort some PLIST entries.	2008-02-19 16:18:18 +00:00
jlam	d3a42c55a4	Make this more cut-and-paste-friendly.	2008-02-18 20:37:22 +00:00
jlam	79d070da7a	Actually add that prestart function as a start_precmd. Ride previous ... PKGREVISION bump.	2008-02-18 20:35:48 +00:00
jlam	42b88b10b3	+ Add full DESTDIR support. ... + Create any required directories with the right ownership and permissions as a "prestart" action in the authdaemond rc.d script. Bump the PKGREVISION to 1.	2008-02-18 20:26:33 +00:00
jlam	c788841be5	Add changes from NetBSD src that add casts to fix warnings on platforms ... where size_t is unsigned long.	2008-02-18 18:22:18 +00:00
jlam	eb65092610	Update security/openpam to openpam-20071221 (Hydrangea). Changes from ... version 20050616 (Figwort) include: - ENHANCE: API function arguments are now const where appropriate, to match corresponding changes in the Solaris PAM and Linux-PAM APIs. - ENHANCE: corrected a number of C namespace violations. - ENHANCE: the module cache has been removed, allowing long-lived applications to pick up module changes. This also allows multiple threads to use PAM simultaneously (as long as they use separate PAM contexts), since the module cache was the only part of OpenPAM that was not thread-safe.	2008-02-18 16:48:12 +00:00
apb	5396c32a11	Allow SFS_USER and SFS_GROUP to be overridden, instead of hardcoded ... to sfs:sfs. Bump PKGREVISION.	2008-02-16 22:06:12 +00:00
apb	babe7e230f	Deal with fourth arg to mount(2) in NetBSD. It appeared between ... 4.99.23 and 4.99.24.	2008-02-16 22:03:49 +00:00
adrianp	a79f7bfe0b	-msf	2008-02-12 23:13:58 +00:00
adrianp	56d3d50bc1	Remove msf v2.x for a number of reasons: ... * v3.x is now out * Any patches to update files for where interpreters are get overwritten the next time you update the msf files from metasploit.org. This renders the PLIST useless.	2008-02-12 23:13:36 +00:00
heinz	e97bfc3815	The package supports installation to DESTDIR.	2008-02-07 20:52:58 +00:00
heinz	2861a20fb0	Updated to version 2.24. ... Pkgsrc changes: - The package supports installation to DESTDIR. Changes since version 2.19: =========================== Revision history for Perl extension Crypt::CBC. 2.24 Fri Sep 28 11:21:07 EDT 2007 - Fixed failure to run under taint checks with Crypt::Rijndael or Crypt::OpenSSL::AES (and maybe other Crypt modules). See http://rt.cpan.org/Public/Bug/Display.html?id=29646. 2.23 Fri Apr 13 14:50:21 EDT 2007 - Added checks for other implementations of CBC which add no standard padding at all when cipher text is an even multiple of the block size. 2.22 Sun Oct 29 16:50:32 EST 2006 - Fixed bug in which plaintext encrypted with the -literal_key option could not be decrypted using a new object created with the same -literal_key. - Added documentation confirming that -literal_key must be accompanied by a -header of 'none' and a manually specificied IV. 2.21 Mon Oct 16 19:26:26 EDT 2006 - Fixed bug in which new() failed to work when first option is -literal_key. 2.20 Sat Aug 12 22:30:53 EDT 2006 - Added ability to pass a preinitialized Crypt::* block cipher object instead of the class name. - Fixed a bug when processing -literal_key.	2008-02-07 20:46:04 +00:00
heinz	a609610359	The package supports installation to DESTDIR. ... A C compiler is necessary.	2008-02-07 20:27:23 +00:00
tnn	bdcd11f1c3	Needs GNU nroff to format catpages with -mandoc.	2008-02-07 13:24:36 +00:00
tnn	e18489a712	Fix build on HPUX: ... in HP's alternate universe, MAP_ANON is called MAP_ANONYMOUS.	2008-02-06 00:36:06 +00:00
obache	af85d259cd	Update p5-IO-Socket-SSL to 1.13. ... v1.13 - removed CLONE_SKIP which was added in 1.03 because this breaks windows forking. Handled threads/windows forking better by making sure that CTX from Net::SSLeay gets not freed multiple times from different threads after cloning/forking - removed setting LocalPort to 0 in tests, instead leave it undef if a random port should be allocated. This should fix build problems with 5.6.1. Thanks to <andrew[DOT]benham[AT]thus[DOT]net>	2008-02-05 11:36:04 +00:00
reed	dd348daae9	Increase the BUILDLINK_API_DEPENDS.gnutls to at least gnutls>=1.2.6 ... which is still very old. This fixes problem where building something depending on gnutls when old gnutls is already installed using liblzo won't buildlink because lzo is not installed. This forces a newer gnutls to be installed that uses lzo instead.	2008-01-31 01:04:26 +00:00
obache	f3bc31c6d2	Need to allow leading underscore of OPENPAM_VERSION for old(?) version.	2008-01-29 00:52:58 +00:00
adam	e3d0110329	Changes 2.1.16: ... Unfortunate bug introduced in 2.1.15 that broke generated firewall script for iptables in case option "use iptables-restore" was on is fixed in this release. Additional checks were added to the generated script for iptables to improve error detection and make sure the GUI properly detects when it terminates with error. Support for load balancing with PF was also added.	2008-01-28 20:34:54 +00:00
bjs	a7c1b4774c	Remove leading underscore from OPENPAM_VERSION for BUILTIN_VERSION.openpam, ... as openpam "Hydrangea" now defines OPENPAM_VERSION. This caused the version inquiry to fail.	2008-01-28 01:15:26 +00:00
rillig	654940226e	pkglint says: ... ERROR: security/dsniff/Makefile.common:4: PKGREVISION must not be set outside the package Makefile.	2008-01-28 00:45:26 +00:00
heinz	d3b842b4ee	Updated to version 1.05. ... Pkgsrc changes: - Added missing HOMEPAGE. - The package supports installation to DESTDIR. - A C compiler is necessary. Changes since version 0.05: =========================== 1.05 - Fri Nov 9 05:39:09 2007 * This version fixes the signed integer problems that Solaris had. * Now this module require perl 5.6. * You don't need to upgrade if your system isn't Solaris. 1.04 - Mon Oct 15 14:27:00 2007 * Quashed warnings about overflows by casting numbers to unsigned ints. * This compiles warning-free and passes all tests on Solaris 10 with gcc 3.4.6, so it might take care of RT # 27632 1.04_02 - Wed Sep 19 19:24:06 2007 * remove test files that shouldn't be there 1.04_01 - Wed Sep 12 15:34:24 2007 * This developer release explores the Solaris bug noted in RT # 27632. Some Solaris installations may be encrypting or decrpyting incorrectly. 1.04 - Fri Feb 23 11:20:44 2007 * Todd Ross adjusted rijndael.h to use __sun to identify Solaris boxes. GCC uses __sun__ or __sun, but Solaris cc only uses __sun : http://blogs.sun.com/morganh/date/20060928 * If you've already compiled this module, you don't need to upgrade 1.03 - Thu Feb 22 15:42:04 2007 * Updated distro to include missing Pod tests * No code changes 1.02 - Thu Jan 25 14:48:51 2007 * Updated docs to show cipher modes. No need to upgrade if you already have this. 1.01 - Wed Jan 10 19:14:14 2007 * Bump to a release version. This is the same as 0.06_10. * This release should fix the problems with INT types on all platforms, including 64 bit platforms. 0.06_10 - Wed Jan 10 00:35:10 2007 * Let's try the int type for MinGW:wq 0.06_09 - Fri Dec 15 08:12:02 2006 * Updated header file to handle Solaris special case * I think this might be the release candidate for 0.07! :) 0.06_08 - Wed Nov 29 19:51:33 2006 * Adjusting WIN32 targets for typedefs. Some things look like both Unix and Windows, so I don't want compilers to choke if it tries to redefine types. 0.06_07 - Mon Nov 27 10:37:18 2006 * more header file fiddling to get everyone to define the right abstract types. This time check for _SYS_TYPES_H 0.06_06 - Fri Nov 17 14:56:19 2006 * Fooled with header file some more, and tested it myself on Cygwin. Instead of checking for WIN32, just check for __CYGWIN__ 0.06_05 - Fri Nov 17 11:13:25 2006 * The last two revisions seem to not define UINTxx and ends up with a parse error. Let's try this, as I go off to dig out my Windows box. 0.06_04 - Wed Nov 15 14:43:37 2006 * Try UINT patch from David Golden to get this to work on MinGW 0.06_03 - Wed Nov 15 11:07:08 2006 * Re-jiggered logic to define UINT32 and UINT8. First I'll try sys/types.h, then check if they are already defined elsewhere, and lastly hardcode the typedefs based on platform. The previous release (0.06_02) had some problems on Windows from conflicting typedefs (similar to the cygwin problems with libjpeg and X), so I guard my typedefs by checking for previous definitions. Let's hope those previous definitions are right :) 0.06_02 - Sun Nov 12 16:23:07 2006 * Let's try some hardcoded types for UINT(32|8) for Windows. 0.06_01 - Sun Nov 12 10:38:56 2006 * Adjust version number to match distro number (RT #4227) * Use <sys/types.h> instead of hard-coding (RT #22755, 9514, 18812, 1444, 503). * This module is now maintained by brian d foy (bdfoy@cpan.org)	2008-01-25 02:26:31 +00:00
tnn	e7a9a2bf1a	Update dependency, it builds with openssl-0.9.8	2008-01-24 11:14:26 +00:00
tnn	9d74e63476	Append {,nb*} to a dependency.	2008-01-24 11:10:53 +00:00
obache	9dff4b5d40	Also used by security/cy2-ldapdb/Makefile.	2008-01-23 08:53:06 +00:00
taca	4ed365d3bc	Distribution file was changed after sudo 1.6.9p12 was released. :-( ... config.h.in configure configure.in ldap.c Add DIST_SUBDIR to handle this situation. Bump PKG_REVISION.	2008-01-22 12:45:24 +00:00
obache	ffcb11f500	Fixed pattern to strip nb*.	2008-01-22 10:56:16 +00:00
taca	cd62454d80	Update sudo package to 1.6.9p12. ... Changes from 1.6.9p11: 641) Added a configure check for the ber_set_option() function. 642) Fixed a compilation problem with the HP-UX K&R C compiler. 643) Revamped the Kerberos 5 ticket verification code. 644) Added support for the checkpeer ldap.conf variable for netscape-based LDAP SDKs. 645) Fixed a problem where an incomplete password could be echoed to the screen if there was a read timeout.	2008-01-21 16:38:57 +00:00
tnn	ad6ceadd25	Per the process outlined in revbump(1), perform a recursive revbump ... on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@	2008-01-18 05:06:18 +00:00
tnn	5b7fef9e0c	Update to openssl-0.9.8g. Provided by Jukka Salmi in pkgsrc-wip. ... pkgsrc notes: o Tested on NetBSD/i386 (Jukka Salmi), Mac OSX 10.5 (Adrian Portelli), Linux (Jeremy C. Reed), Tru64 5.1b (tnn), HP-UX 11i (tnn). Because the Makefile system has been rewamped, other platforms may require fixes. Please test if you can. o OpenSSL can now be built with installation to DESTDIR. Overview of important changes since 0.9.7i: o Add gcc 4.2 support. o DTLS improvements. o RFC4507bis support. o TLS Extensions support. o RFC3779 support. o New cipher Camellia o Updated ECC cipher suite support. o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). o Zlib compression usage fixes. o Major work on the BIGNUM library for higher efficiency and to make operations more streamlined and less contradictory. This is the result of a major audit of the BIGNUM library. o Addition of BIGNUM functions for fields GF(2^m) and NIST curves, to support the Elliptic Crypto functions. o Major work on Elliptic Crypto; ECDH and ECDSA added, including the use through EVP, X509 and ENGINE. o New ASN.1 mini-compiler that's usable through the OpenSSL configuration file. o Added support for ASN.1 indefinite length constructed encoding. o New PKCS#12 'medium level' API to manipulate PKCS#12 files. o Complete rework of shared library construction and linking programs with shared or static libraries, through a separate Makefile.shared. o Rework of the passing of parameters from one Makefile to another. o Changed ENGINE framework to load dynamic engine modules automatically from specifically given directories. o New structure and ASN.1 functions for CertificatePair. o Changed the key-generation and primality testing "progress" mechanism to take a structure that contains the ticker function and an argument. o New engine module: GMP (performs private key exponentiation). o New engine module: VIA PadLOck ACE extension in VIA C3 Nehemiah processors. o Added support for IPv6 addresses in certificate extensions. See RFC 1884, section 2.2. o Added support for certificate policy mappings, policy constraints and name constraints. o Added support for multi-valued AVAs in the OpenSSL configuration file. o Added support for multiple certificates with the same subject in the 'openssl ca' index file. o Make it possible to create self-signed certificates using 'openssl ca -selfsign'. o Make it possible to generate a serial number file with 'openssl ca -create_serial'. o New binary search functions with extended functionality. o New BUF functions. o New STORE structure and library to provide an interface to all sorts of data repositories. Supports storage of public and private keys, certificates, CRLs, numbers and arbitrary blobs. This library is unfortunately unfinished and unused withing OpenSSL. o New control functions for the error stack. o Changed the PKCS#7 library to support one-pass S/MIME processing. o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). o New X509_VERIFY_PARAM structure to support parametrisation of X.509 path validation. o Change the default digest in 'openssl' commands from MD5 to SHA-1. o Added support for DTLS. o New BIGNUM blinding. o Added support for the RSA-PSS encryption scheme o Added support for the RSA X.931 padding. o Added support for files larger than 2GB. o Added alternate pkg-config files.	2008-01-17 06:42:47 +00:00
rillig	580cfc0748	Needs libz. ... From PR 37760.	2008-01-15 13:36:37 +00:00
adrianp	69310b4399	-audit-packages	2008-01-13 20:20:33 +00:00
adrianp	a8d77ab08a	Retire audit-packages in favour of pkg_install>=20070714. ... All functionality in this package is now in pkg_install>=20070714. As discussed on pkgsrc-users@ and OK'ed by agc@.	2008-01-13 20:20:06 +00:00
wiz	e11174603f	Update to 1.4.8: ... Noteworthy changes in version 1.4.8 (2007-12-20) ------------------------------------------------ ******************************************* * A decade of GnuPG: g10-0.0.0.tar.gz was * * released exactly 10 years ago. * ******************************************* * Changed the license to GPLv3. * Improved detection of keyrings specified multiple times. * Changes to better cope with broken keyservers. * Minor bug fixes. * The new OpenPGP standard is now complete, and has been published as RFC-4880. The GnuPG --openpgp mode (note this is not the default) has been updated to match the new standard. The --rfc2440 option can be used to return to the older RFC-2440 behavior. The main differences between the two are "--enable-dsa2 --no-rfc2440-text --escape-from-lines --require-cross-certification". * By default (i.e. --gnupg mode), --require-cross-certification is now on. --rfc2440-text and --force-v3-sigs are now off. * Allow encryption using legacy Elgamal sign+encrypt keys if option --rfc2440 is used. * Fixed the auto creation of the key stub for smartcards. * Fixed a rare bug in decryption using the OpenPGP card. * Fix RFC-4880 typo in the SHA-224 hash prefix. Old SHA-224 signatures will continue to work.	2008-01-13 16:23:55 +00:00
drochner	0d926fe456	update to 2.20.3 ... changes: minor fixes	2008-01-11 14:02:42 +00:00
drochner	f752f295cb	update to 2.20.3 ... changes: translation updates	2008-01-11 13:56:56 +00:00
heinz	9ab1ed4dab	Updated to version 1.32. ... Pkgsrc changes: - Requires p5-Test-Exception and p5-Test-Warn for building and p5-MIME-Base64 for running. The modules p5-Array-Compare, p5-Sub-Uplevel and p5-Tree-DAG_Node are only used through p5-Test-Warn. Opened bug id 32172 at rt.cpan.org for this. - Needs a C compiler. - Specified prefix for OpenSSL in order to avoid adding any search paths to inc/Module/Install/PRIVATE/Net/SSLeay.pm. - No more interactive questions (PERL_MM_USE_DEFAULT). Changes since version 1.30: =========================== - Mike McCauley and Florian Ragwitz maintain this module now 1.31_01 02.07.2007 - Only bind X509_STORE_set_trust #if OPENSSL_VERSION_NUMBER >= 0x0090800fL - Removed %Filenum_Objects from Net::SSLeay::Handle so unused handles will be freed. - Use ppport.h. - improved openssl path guessing, forcing openssl path now requires the -path flag (caution: incompatible flag change) Path guessing works on windows too. mikem, with patches from Stas Bekman - Added /usr/sfw/bin/openssl to path guessing for Open Solaris, suggested by Igor Boehme. - Fixed a problem with X509_get_subjectAltNames not working when the subjectAltNAmes are the first extension. Reported by Achim Grolms 1.31_02 14.07.2007 - Fix linking problems on Windows. Tested with VC++ 6.0, Shining Light 0.9.7L on Windows Server 2003 with ActivePerl 5.8.8.820. Also tested with OpenSSL 0.9.8e compiled from source. - Unable to get working systems when compiling with MS Visual Studio Express 2005. Contributions requested. This may be relevant: http://www.itwriting.com/blog/?postid=261&replyto=2542 - Fixed a number of minor compile warnings on Windows - Updated README.Win32 to define building procedures on Windows - Fixed incorrect test failure reports in 08_external. - Add parens to function calls in Makefile.PL to prevent warnings with some perls. - Tested on Sparc Solaris 8, Sparc Solaris 10, OpenSuSE 10.2 x64, OpenSuSE 10.0 x86, FreeBSD 6.0 x86, Ubuntu 6.10, Fedora Core 6 x86 - Changed type of SSL_set_info_callback args to stop compiler warnings on Windows - Removed auto_include from Makefile.PL - Removed build_requires('Test::NoWarnings') from Makefile.PL - Testing with Strawberry Perl on Windows XP SP2, added doc to README.Win32 - Testing with Perl CamelPack 5.8.7 on Windows XP SP2,added doc to README.Win32 1.32 03.08.2007 - Don't let the tests die when something unexpected happens. Just BAIL_OUT. - Some Win32 improvements.	2008-01-09 00:47:00 +00:00
adrianp	ed22d64afa	Fix builds on Darwin	2008-01-08 17:02:11 +00:00
heinz	239a1650c5	Updated to version 5.45. ... Pkgsrc changes: - Added explicit licence identification. Changes since version 5.44: =========================== 5.45 Tue Jun 26 02:36:00 MST 2007 - extended portability to earlier Perls -- works on Perl 5.003 and later -- thanks to Jim Doble for testing on legacy platforms - updated META.yml to conform to current META spec (1.3) - minor documentation fixes	2008-01-08 15:11:25 +00:00
heinz	c4641b5471	Updated to version 0.25. ... Pkgsrc changes: - A C compiler is necessary. - Added explicit license identification. - Removed patch-ab (fixed upstream). Changes since version 0.24: =========================== 0.25 Sun May 20 2007 12:56:11 - Add a LICENSE file. - Fix a bug (reported by many) in rsa.t - we were incorrectly counting the number of tests in situations where use_sha512_hash was not available.	2008-01-08 15:01:55 +00:00
heinz	aa79a95655	Updated to version 0.04. ... Pkgsrc changes: - The package supports installation to DESTDIR. - A C compiler is necessary. - Added explicit license identification. Changes since version 0.03: =========================== 0.04 Sun May 20 13:41:04 2007 - Add a LICENSE file. - Better use of types.	2008-01-08 14:48:35 +00:00
heinz	12b563509f	Updated to version 0.04. ... Pkgsrc changes: - The package supports installation to DESTDIR. - A C compiler is necessary. - Added explicit license identification. Changes since version 0.03: =========================== 0.04 Sun May 20 2007 13:08:23 - Add a LICENSE file. - Add -DOPENSSL_NO_KRB5 to DEFINE to keep redhat happy.	2008-01-08 14:36:51 +00:00
joerg	6cf0f6c49c	Fix builtin.mk logic for thread feature if no native OpenSSL exists. ... Fixes PR pkg/37699 from Aleksey Cheusov.	2008-01-07 15:51:08 +00:00
taca	5fe02749ec	Update sudo package to 1.6.9p11. ... 637) Fixed a compilation problem on SCO related to how they store the high resolution timestamps in struct stat. 638) Avoid checking the passwd file group multiple times in the LDAP query when the user's passwd group is also listed in the supplemental group vector. 639) The URI specifier can now be used in ldap.conf even when the LDAP SDK doesn't support ldap_initialize(). 640) New %p prompt escape that expands to the user whose password is being prompted, as specified by the rootpw, targetpw and runaspw sudoers flags. Based on a diff from Patrick Schoenfeld.	2008-01-06 16:08:24 +00:00
rillig	d5a1ab0577	Fixed a few pkglint warnings.	2008-01-05 20:41:25 +00:00
obache	50a4f19df7	Change MASTER_SITES to locatoin for old archive, ... noticed by Zafer Aydogan in private mail.	2008-01-05 05:25:21 +00:00
obache	e1b59f625b	Change MASTER_SITES to new location, noticed by Zafer Aydogan in private mail. ... Also change HOMEPAGE.	2008-01-05 05:23:23 +00:00
obache	1181cc43a1	Old url is not available now, noticed by Zafer Aydogan in private mail. ... Switch HOMEPAGE and MASTER_SITES to new location.	2008-01-05 05:09:09 +00:00
obache	5dc3470702	*.tbz does not exist now, noticed by Zafer Aydogan in private mail. ... Switch to *.tgz, no differ from *.tbz.	2008-01-05 05:06:52 +00:00
obache	6763497ac0	Change HOMEPAGE and MASTER_SITES to new location.	2008-01-05 05:00:37 +00:00
heinz	23c9f186f1	The package needs a C compiler.	2008-01-04 22:20:31 +00:00
rillig	7f791603aa	Removed the special-case handling of PKG_SYSCONFDIR for NetBSD. Now the ... configuration files are installed in the usual pkgsrc place, not in /etc. PKGREVISION++ Ok'ed by jlam@.	2008-01-04 22:08:09 +00:00
adrianp	4eb48dab26	Update to 2.1.4 ... 27 Nov 2007 - 2.1.4 ------------------- * Updated included Core Ruleset to version 1.5 and noted in the docs that XML support is required to use the rules without modification. * Fixed an evasion FP, mistaking a multipart non-boundary for a boundary. * Fixed multiple warnings on Solaris and/or 64bit builds. * Do not process subrequests in phase 2-4, but do hand off the request data. * Fixed a blocking FP in the multipart parser, which affected Safari. 11 Sep 2007 - 2.1.3 ------------------- * Updated multipart parsing code adding variables to allow checking for various parsing issues (request body abnormalities). * Allow mod_rpaf and mod_extract_forwarded2 to work before ModSecurity. * Quiet some compiler warnings. * Do not block internal ErrorDocument requests after blocking request. * Added ability to compile without an external API (use -DNO_MODSEC_API). 27 Jul 2007 - 2.1.2 ------------------- * Cleaned up and clarified some documentation. * Update included core rules to latest version (1.4.3). * Enhanced ability to alert/audit failed requests. * Do not trigger "pause" action for internal requests. * Fixed issue with requests that use internal requests. These had the potential to be intercepted incorrectly when other Apache httpd modules that used internal requests were used with mod_security. * Added Solaris and Cygwin to the list of platforms not supporting the hidden visibility attribute. * Fixed decoding full-width unicode in t:urlDecodeUni. * Lessen some overhead of debugging messages and calculations. * Do not try to intercept a request after a failed rule. This fixes the issue associated with an "Internal Error: Asked to intercept request but was_intercepted is zero" error message. * Added SecAuditLog2 directive to allow redundent concurrent audit log index files. This will allow sending audit data to two consoles, etc. * Small performance improvement in memory management for rule execution.	2008-01-04 10:05:51 +00:00
rillig	8159318d33	Install the binaries readable for the owner, so that a package can be ... created in unprivileged pkgsrc mode. PKGREVISION++	2008-01-03 23:17:47 +00:00
adrianp	f1462904ad	Look out for the case where audit-packages is already installed with the ... base OS on NetBSD.	2008-01-02 09:00:34 +00:00
heinz	b55970381a	Replaced outdated mirrors by working mirrors.	2007-12-30 13:42:29 +00:00
obache	583c31e60c	* Honor PKGMANDIR and PKG_SYSCONFBASE. ... * Install config files by CONF_FILES instead of install directly. * Correct path of tools and config in sample config files and a manual page. * Add DESTDIR support. Bump PKGREVISION.	2007-12-30 09:15:36 +00:00
tron	5105fb8b30	Recognize the MIT Kerberos bundled with Mac OS X Leopard.	2007-12-28 15:27:24 +00:00
obache	ecdc58e2bd	This package uses BSD Makefile. ... Honor PKGMANDIR and DESTDIR ready.	2007-12-28 12:27:20 +00:00
obache	fbffa9a69b	Require pre-created sbin directory.	2007-12-28 11:51:42 +00:00
obache	b33dc97d95	DESTDIR ready.	2007-12-28 11:47:24 +00:00
obache	5bcacb16f6	Fixes invalid lvalue in assignment.	2007-12-28 11:45:42 +00:00
obache	9ad21a5b6e	Also need for NetBSD.	2007-12-28 05:13:23 +00:00
obache	35eed689d9	Switch to SUBST framework.	2007-12-28 05:01:47 +00:00
obache	b1fe4da4d5	Honor PKGMANDIR.	2007-12-28 04:22:43 +00:00
gdt	efee29e6e8	Remove deprecated "fee-based commercial use" license for idea, mdc2, ... rc5, and replace with {idea,mdc2,rc5}-nonlicense. Because pkgsrc does not yet handle multiple licenses, set LICENSE to openssl-patented-algorithms-nonlicense.	2007-12-27 23:41:42 +00:00
adrianp	5723ca178b	Add a PCRE bl3 depends to fix builds (found by DragonFly bulk builds) ... PKGREVISION++	2007-12-27 16:39:07 +00:00
joerg	2e20c7d21d	Explicitly depend on Perl. Bump revision.	2007-12-27 16:31:23 +00:00
obache	3be1e9beac	Change MASTER_SITES to archive directory, 1.4.11 only exsits in it.	2007-12-27 15:46:00 +00:00
obache	83dfac88b1	Try to create target directories before install manuals.	2007-12-27 15:06:02 +00:00
obache	b992f36697	Try to fix build problem on NetBSD, use the same strategies as DragonFly.	2007-12-27 14:13:58 +00:00
markd	48ae334282	Now that package is installed into qt4 subdirectory, pkg-config can't ... find the qca2.pc file so copy to where it can. OKed jdolecek. Bump PKGREVISION.	2007-12-25 20:09:47 +00:00
jdolecek	07910e4767	restore security/qca-tls to state on pkgsrc-2007Q3-base tag (just before ... the removal), rather then revision 1.1 of all files, used for original revival test compiled on Mac OS X 10.5	2007-12-23 21:05:51 +00:00
jdolecek	124723b3de	install qca2 files into qt4 subdirectory, so that qca 1.x and qca2 could ... be installed at the same time bump PKGREVISION	2007-12-22 19:36:27 +00:00
joerg	17adb7cfd1	I18N (PR 37581) and DESTDIR support.	2007-12-21 20:35:36 +00:00
taca	dca1f5683b	Update sudo pacakge to 1.6.9p10. ... Major changes since Sudo 1.6.9p9: o Moved LDAP options into a table for simplified parsing/setting. o Fixed a problem with how some LDAP options were being applied. o Added support for connecting directly to LDAP servers via SSL/TLS for servers that don't support the start_tls extension.	2007-12-21 03:12:34 +00:00
jdolecek	96641aef3f	install qca2 files into qt4 subdirectory, so that qca 1.x and qca2 could ... be installed at the same time; also speedup build by disabling building tests and other miscellaneous cleanup bump PKGREVISION	2007-12-21 00:19:43 +00:00
jdolecek	550c7f21f9	put back qca-tls, add qca2 and qca2-ossl	2007-12-20 21:21:16 +00:00
jdolecek	e210ff0a0a	move back to version 1.0 for security/qca and re-add security/qca-tls ... (for qca 1.x), so that kdenetwork3 works again XXX these should be renamed to qca1* after current freeze	2007-12-20 20:37:21 +00:00
jdolecek	4188ec7c1a	files moved to security/qca2-ossl	2007-12-20 20:21:03 +00:00
jdolecek	bfb290e37b	reimport security/qca-ossl as security/qca2-ossl (it's qca 2.x only)	2007-12-20 20:20:17 +00:00
jdolecek	99087ddfcd	re-import security/qca version 2.0.0 as security/qca2 in preparation for ... having both qca 1.x and qca 2.x in tree	2007-12-20 20:17:47 +00:00
jdolecek	65df391662	add qca-ossl	2007-12-19 13:05:42 +00:00
jdolecek	ddb6d04cf4	Add qca-ossl 2.0.0-beta3 - OpenSSL plugin for security/qca	2007-12-19 13:05:05 +00:00
jdolecek	9e0b36c71a	remove qca-tls - it's replaced by qca-ossl in QCA 2.x	2007-12-19 13:02:11 +00:00