and /etc/sshd.conf is old (and I assume some configurations from
there don't apply any more), user and group are not created
automatically (only if PKG_CREATE_USERGROUP is at default YES),
UsePrivilegeSeparation is the default, and seems to imply that
openssh is insecure without it.
Bump PKGREVISION.
Change comment regarding MESSAGE.Interix.
Removed unused MESSAGE_SUBST settings. Move one to the options.mk
as it is for "pam" only.
Noteworthy changes in version 1.4.2 (2005-07-26)
------------------------------------------------
* New command "verify" in the card-edit menu to display
the Private-DO-3. The Admin command has been enhanced to take
the optional arguments "on", "off" and "verify". The latter may
be used to verify the Admin Pin without modifying data; this
allows displaying the Private-DO-4 with the "list" command.
* Rewrote large parts of the card code to optionally make use of a
running gpg-agent. If --use-agent is being used and a gpg-agent
with enabled scdaemon is active, gpg will now divert all card
operations to that daemon. This is required because both,
scdaemon and gpg require exclusive access to the card reader. By
delegating the work to scdaemon, both can peacefully coexist and
scdaemon is able to control the use of the reader. Note that
this requires at least gnupg 1.9.17.
* Fixed a couple of problems with the card reader.
* Command completion is now available in the --edit-key and
--card-edit menus. Filename completion is available at all
filename prompts. Note that completion is only available if the
system provides a readline library.
* New experimental HKP keyserver helper that uses the cURL
library. It is enabled via the configure option --with-libcurl
like the other (also experimental) cURL helpers.
* New key cleaning options that can be used to remove unusable
(expired, revoked) signatures from a key. This is available via
the new "clean" command in --edit-key on a key by key basis, as
well as via the import-clean-sigs/import-clean-uids and
export-clean-sigs/export-clean-uids options for --import-options
and --export-options. These are currently off by default, and
replace the import-unusable-sigs/export-unusable-sigs options
from version 1.4.1.
* New export option export-reset-subkey-passwd.
* New option --limit-card-insert-tries.
- The reference source for the CVM interface.
- Diagnostic and benchmark CVM clients.
- A checkpassword interface CVM client.
- A UNIX/POSIX system module (uses getpwnam).
- A flat-file module.
- A vmailmgr module.
- MySQL and PgSQL modules.
- A library for client writers.
- A set of libraries for module writers.
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
* Version 1.2.5 (2005-07-03)
- More builddir != srcdir fixes, reported by Mike Castle
- Fixed off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn,
reported by Adam Langley
- Corrected some stuff in minilzo detection. Pointed out by
Sergey Lipnevich.
- MiniLZO updated to version 2.00.
- gnutls_x509_crt_list_import now accept a DER formatted CRL.
- API and ABI modifications:
No changes since last version.
deal with this.
- No official changelog in the tarball for what's changed
- PLIST fixes
- Looks like:
Updated certificate for online updates
Updated exploits notably Solaris LPD Command Execution
Fixes for console interface
- Change MESSAGE based on new -config directive
- Remove outdated patch for bug that's no longer there in CHANGES.txt
- Set plugings directory in the default config.txt
- Point users to the installed customised config.txt instead of the sample one
- From the CHANGELOG.txt
05.20.2005
Database Updates
- Multiple msgs updates from david.maciejak@kyxar.fr
- Multiple test updates from burak.dayioglu@pro-g.com.tr
nikto_core.plugin 1.31
- Bugfix: fingerprint was not including leading /. Thanks Axel Meerschaert
for the report.
- Bugfix: NMAPOPTS was not being used, thanks to David Rhoades for patching.
- Added additional content checking to reduce false positives, thanks to
Pavel Kankovsky
nikto.pl 1.14
- Added -config option to specify a config file, thanks to Pavel Kankovsky
We are pleased to announce the availability of GnuPG 1.9.17 - the
branch of GnuPG featuring the S/MIME protocol. You should consider
using GnuPG 1.9 if you want to use the GPG-AGENT or GPGSM. The
GPG-AGENT is also helpful when using the stable GPG version 1.4 or if
you want to check out its ssh-agent replacement feature.
GnuPG 1.9 is the current development version of GnuPG. Despite of
that, most parts (in particular GPG-AGENT and GPGSM) are considered
ready for production use. Please keep on using GnuPG 1.4.x for
OpenPGP; 1.9 and 1.4 may - and actually should - be installed
simultaneously.
This release features a partly rewrite of the smartcard access code as
well as several bug fixes and enhancements. Noteworthy things are:
* gpg-connect-agent has now features to handle Assuan INQUIRE
commands.
* Internal changes for OpenPGP cards. New Assuan command WRITEKEY.
* GNU Pth is now a hard requirement.
* [scdaemon] Support for OpenSC has been removed. Instead a new and
straightforward pkcs#15 modules has been written. As of now it
does allows only signing using TCOS cards but we are going to
enhance it to match all the old capabilities.
* [gpg-agent] New option --write-env-file and Assuan command
UPDATESTARTUPTTY.
* [gpg-agent] New option --default-cache-ttl-ssh to set the TTL for
SSH passphrase caching independent from the other passphrases.
You will also need to get a new libassuan (our IPC library).
1.6.8p7 include:
562) Fixed noexec functionality on Linux.
564) Fixed a bug that prevented Heimdal authentication from working.
566) A sudoers entry with sudo ALL no longer overwrites the value of
safe_cmnd. This fixes the privilege escalation vulnerability
noted in http://www.courtesan.com/sudo/alerts/path_race.html
