in the reverse dns queries for IPv6 addresses (overwriting 12
bytes of local variables on the stack). Disabled x11-security
on all platforms, as it does not seem to work on i386 either.
Incremented PKGREVISION to 7.
Noteworthy changes in version 0.5.11 (2006-10-26)
------------------------------------------------
* Add a new self test "basic" to test cdk_check_version.
* Add prototype of cdk_stream_decrypt to opencdk.h, reported by Adam
Langley.
* Fix crash in cdk_data_transform triggered by self-tests.
- A few pkglint warning clean up.
- Major changes are here. For complete changes,
see http://www.openssh.com/txt/release-4.4.
Changes since OpenSSH 4.3:
============================
Security bugs resolved in this release:
* Fix a pre-authentication denial of service found by Tavis Ormandy,
that would cause sshd(8) to spin until the login grace time
expired.
* Fix an unsafe signal hander reported by Mark Dowd. The signal
handler was vulnerable to a race condition that could be exploited
to perform a pre-authentication denial of service. On portable
OpenSSH, this vulnerability could theoretically lead to
pre-authentication remote code execution if GSSAPI authentication
is enabled, but the likelihood of successful exploitation appears
remote.
* On portable OpenSSH, fix a GSSAPI authentication abort that could
be used to determine the validity of usernames on some platforms.
This release includes the following new functionality and fixes:
* Implemented conditional configuration in sshd_config(5) using the
"Match" directive. This allows some configuration options to be
selectively overridden if specific criteria (based on user, group,
hostname and/or address) are met. So far a useful subset of post-
authentication options are supported and more are expected to be
added in future releases.
* Add support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256.
* Added a "ForceCommand" directive to sshd_config(5). Similar to the
command="..." option accepted in ~/.ssh/authorized_keys, this forces
the execution of the specified command regardless of what the user
requested. This is very useful in conjunction with the new "Match"
option.
* Add a "PermitOpen" directive to sshd_config(5). This mirrors the
permitopen="..." authorized_keys option, allowing fine-grained
control over the port-forwardings that a user is allowed to
establish.
* Add optional logging of transactions to sftp-server(8).
* ssh(1) will now record port numbers for hosts stored in
~/.ssh/authorized_keys when a non-standard port has been requested.
* Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with
a non-zero exit code) when requested port forwardings could not be
established.
* Extend sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments.
* Replacement of all integer overflow susceptible invocations of
malloc(3) and realloc(3) with overflow-checking equivalents.
* Many manpage fixes and improvements
* New portable OpenSSH-specific features:
- Add optional support for SELinux, controlled using the
--with-selinux configure option (experimental)
- Add optional support for Solaris process contracts, enabled
using the --with-solaris-contracts configure option (experimental)
This option will also include SMF metadata in Solaris packages
built using the "make package" target
- Add optional support for OpenSSL hardware accelerators (engines),
enabled using the --with-ssl-engine configure option.
Fix builds on -current
Grab MAINTAINER
pkglintification
From CHANGES:
v5.2 September 2005 (THC public release)
! THIS IS A THC TAX ANNIVERSARY SPECIAL RELEASE ! HAVE FUN !
* Included patch from ka0ttic@gentoo.org for cleaner gcc compile
* Added SSL_Pending() to prevent rare locking on SSL ports,
thanks to michel(at)arboi.fr.eu.org for reporting
* Added lots of fingerprints, most from Johnny Cyberpunk / THC - THANKS!
v5.1 June 2005 (THC public release)
* Big appdefs.resp update. Thanks to all contributors!
* Finally and forever fixed the --prefix= issue
* Fixed the web update function for bad inet_pton implementations
* Added support for nmap files with IPv6 addresses
* You can scan/check port 0 now (wish from nbach<at>deloitte.dk)
* Less error prone "make install"
Changes since 0.6.3:
0.6.6
* src/racoon/isakmp_xauth.c: Build fix
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendgetspi().
* src/racoon/pfkey.c: Sets NAT-T ports to 0 if no NAT
encapsulation in pk_sendupdate().
* src/racoon/isakmp_xauth.c: fix memory leak
* src/racoon/{cfparse.y|handler.h}: typos
0.6.5
* src/racoon/isakmp.c: Fixed zombie PH1 handler when isakmp_send()
fails in isakmp_ph1resend()
* src/racoon/{cfparse.y|ipsec_doi.c}: Temporary fix for /32
subnets parsing.
* src/racoon/isakmp_cfg.c: make software behave as the documentation
advertise for INTERNAL_NETMASK4. Keep the old INTERNAL_MASK4 to
avoid breaking backward compatibility.
* src/racoon/session.c: Fixed / cleaned up signal handling.
0.6.4
* configure.ac src/racoon/plog.c: backported Fred's workaround for
%zu problems on (at least) FreeBSD4.
* src/racoon/session.c: backport: fix possible race conditions in
signal handlers (see session.c 1.17).
* src/libipsec/pfkey_dump.c: fixed compilation when NAT_T
disabled (Fred has still some CVS problems).
* src/libipsec/{libpfkey.h|pfkey_dump.c}: add a sadump_withports
function to display SAD entries with their associated ports.
* src/setkey/{parse.y|setkey.c|setkey.8}: allow to use setkey -p flag
in conjunction with -D to show SADs with the port, allow both get and
delete commands to use bracketed ports if needed.
* src/racoon/racoon.conf.5: Style changes
- Added check for base_users and base_roles tables in base_main.php -
Kevin Johnson
- Added . to VAR_PUNC to fix query issue - Kevin johnson
- Fixed issue with base_users table being required - Kevin Johnson
- Added search punctuation fix - Bruce Briggs
- Added FQDN to display -- Jonathan W Miner
- PrintForm() fixes - Bruce Briggs
- Settings for automatic expansion of the IP and Payload Criteria
on Search screen - Bruce Briggs
- Save the fields entered on the Search screen for Back button proper
refilling - Bruce Briggs
- RFE 1520185 Add support for managing last_cid - Eric Jacobsen
- Changed show_rows to 49 in base_conf.php.dist to fix IE 6/7 bug -
Bruce Briggs
- Fixed link to FAQ - Juergen Leising
- Fixed VAR_BOOLEAN error and some typos in the footer - Eric Jacobsen
- Trivial patch to make base_stat_time.php use GET insted of POST to
avoid the 'resend data' warning on refresh - GaRaGeD
- Added base-rss.php to the contrib section - Dan Michitsch
Noteworthy changes in version 0.5.10 (2006-10-11)
------------------------------------------------
* Fix double-free in cdk_pklist_encrypt, reported by Adam Langley.
* Fix keydb_idx_search() to handle keys at offset 0, thanks to Adam Langley.
* A pkg-config script was added, thanks to Andreas Metzler.
* Autobuild time stamps are used, for easier build robot testing.
This package used to register as ap-modsecurity regardless of which apache
version it built against. It will now register as ap13-modsecurity if
building against apache 1.x and ap2-modsecurity if building against
apache 2.x.
Lots of changes including:
* Enhanced memory utilisation.
* Log level is now present on every entry in the debug log.
* Added new actions (e.g. setenv, setnote, auditlog, noauditlog)
* 404 responses are no longer considered relevant.
* Added performance measurement to the Apache 2 versions.
See CHANGES for all the details
RainbowCrack is a general propose implementation of Philippe Oechslin's faster
time-memory trade-off technique. In short, the RainbowCrack tool is a hash
cracker. A traditional brute force cracker try all possible plaintexts one by
one in cracking time. It is time consuming to break complex password in this
way. The idea of time-memory trade-off is to do all cracking time computation
in advance and store the result in files so called "rainbow table". It does
take a long time to precompute the tables. But once the one time precomputation
is finished, a time-memory trade-off cracker can be hundreds of times faster
than a brute force cracker, with the help of precomputed tables.
Patch provided by Martin Wilke via PR 34396.
Modify to avoid interaction when buildling.
Authen-SASL 2.10 -- Sat Mar 25 13:11:47 CST 2006
Enhancements
* Added Authen::SASL::Perl::GSSAPI
* Added error method to Authen::SASL to obtain error from last connection
Bug Fixes
* Authen::SASL::Perl::DIGEST_MD5
- Fixed response to server to pass digest-uri
- Correct un-escaping behaviour when reading the challenge,
- check for required fields (according to the RFC),
- allow for qop not to be sent from the server (according to the RFC),
- add a callback for the realm.
Authen-SASL 2.09 -- Tue Apr 26 06:55:10 CDT 2005
Enhancements
* authname support in Authen::SASL::Perl::DIGEST_MD5
* flexible plugin selection in Authen::SASL using import()
i.e. use Authen::SASL qw(Authen::SASL::Cyrus);
* new documentation for
- Authen::SASL::Perl::ANONYMOUS
- Authen::SASL::Perl::CRAM_MD5
- Authen::SASL::Perl::EXTERNAL
- Authen::SASL::Perl::LOGIN
- Authen::SASL::Perl::PLAIN
- Authen::SASL::Perl
* updates in the tests
Authen-SASL 2.08 -- Tue May 25 11:24:21 BST 2004
Bug Fixes
* Fix the handling of qop in Digest-MD5
Authen-SASL 2.07 -- Sat Apr 10 09:06:21 BST 2004
Bug Fixes
* Fixed test bug if Digest::HMAC_MD5 was not installed
* Fixed order of values sent in the PLAIN mechanism
Enhancements
* Added support in the framework for server-side plugins
2003-11-01 18:48 Graham Barr
* lib/Authen/SASL.pm:
Release 2.06
2003-10-21 19:59 Graham Barr
* MANIFEST, lib/Authen/SASL/Perl.pm,
lib/Authen/SASL/Perl/ANONYMOUS.pm,
lib/Authen/SASL/Perl/CRAM_MD5.pm,
lib/Authen/SASL/Perl/DIGEST_MD5.pm,
lib/Authen/SASL/Perl/EXTERNAL.pm, lib/Authen/SASL/Perl/LOGIN.pm,
lib/Authen/SASL/Perl/PLAIN.pm, t/order.t:
Add ordering so we always pich the best of the available methods instead of
just the first
2003-10-17 22:12 Graham Barr
* lib/Authen/SASL.pm:
Release 2.05
2003-10-17 22:06 Graham Barr
* MANIFEST, Makefile.PL:
use Module::Install to generate Makefile and add SIGNATURE and META.yml
2003-10-17 21:19 Graham Barr
* lib/Authen/SASL/Perl/DIGEST_MD5.pm:
Fix typo
2003-10-17 21:17 Graham Barr
* lib/Authen/SASL/: Perl.pm, Perl/DIGEST_MD5.pm:
Don't call die in DIGEST_MD5, but call set_error and return an empty list
2003-10-17 21:16 Graham Barr
* lib/Authen/SASL.pod:
Update docs to reflect that client_start and client_step return an emtpy list on error
(PKG_SYSCONFDIR already includes "stunnel" by default, so avoid the
package adding another and making $PREFIX/etc/stunnel/stunnel/stunnel.conf;
the pidfile does not normally belong under $PREFIX as $PREFIX/var/run is
not normally cleaned/checked by OS-supplied processes.)
* keychain 2.6.6 (08 Sep 2006)
08 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Make --lockwait -1 mean forever. Previously 0 meant forever but was
undocumented. Add more locking regression tests #137981
* keychain 2.6.5 (08 Sep 2006)
08 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Break out of loop when empty lockfile can't be removed #127471. Add locking
regression tests:
100_lock_stale 101_lock_held 102_lock_empty 103_lock_empty_cant_remove
* keychain 2.6.4 (08 Sep 2006)
08 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Add validinherit function so that validity of SSH_AUTH_SOCK and friends can be
validated from startagent rather than up front. The advantage is that warning
messages aren't emitted unnecessarily when --inherit *-once.
Fix --eval for fish, and add new testcases:
053_start_with_--eval_ksh
054_start_with_--eval_fish
055_start_with_--eval_csh
* keychain 2.6.3 (07 Sep 2006)
07 Sep 2006; Aron Griffis <agriffis@gentoo.org>:
Support fish: http://roo.no-ip.org/fish/
Thanks to Ilkka Poutanen for the patch.
Changelog:
* gpglist: do not die with with-fingerprint (Closes: #382019).
* gpg-key2ps: add --list-key to gpg call (works around #382794).
* caff: when set, use $ENV{'GNUPGHOME'} to find secring.gpg. Suggested by
Gerfried Fuchs.
- Hook class comparison function. Accept NULL, equal, not equal operator.
- Introduce better error checking in the idmef-class API, which is now
considered public and might be used by external application. Rename
error code to reflect the API.
- Change to the way IDMEF listed element are handled. Specifying negative
number as the position of the element from the low level API now allow
to position the element at the specified (reversed) index. Using the
high level API a negative index permit to address a list of element
backward (replace an element).
- Build fixes for SWIG > 1.3.27.
- Modify idmef_value_match() so that it always unroll listed value
(do it for both val1 and val2. Remove assertion, and let
idmef_value_type_compare() return an error code in case there is an issue.
- Handle path using IDMEF_LIST_APPEND or IDMEF_LIST_PREPEND as
path using an undefined list index on idmef_path_get() call.
- Make criteria parser accept (*) list index.
- Implement comparison function for all IDMEF object.
* Portability fixes.
* Pth is not anymore linked by means of weak symbol tricks. It is
now required to link to the pth version of libassuan. New aufoconf
macros are provided to to check for this. The pth version is only
build if Pth is available.
* configure does now check that descriptor passing is available. A
way to check at runtime for this is also provided
* New "relax" flag for trustlist.txt to allow root CA certificates
without BasicContraints.
* [gpg2] Removed the -k PGP 2 compatibility hack. -k is now an
alias for --list-keys.
* [gpg2] Print a warning if "-sat" is used instead of "--clearsign".
* Regular man pages for most tools are now build directly from the
Texinfo source.
* Included translations from gnupg 1.4.5.
* The gpg code from 1.4.5 has been fully merged into this release.
The configure option --enable-gpg is still required to build this
gpg part. For production use of OpenPGP the gpg version 1.4.5 is
still recommended. Note, that gpg will be installed under the name
gpg2 to allow coexisting with an 1.4.x gpg.
* API change in gpg-agent's pkdecrypt command. Thus an older gpgsm
may not be used with the current gpg-agent.
* The scdaemon will now call a script on reader status changes.
* gpgsm now allows file descriptor passing for "INPUT", "OUTPUT" and
"MESSAGE".
* The gpgsm server may now output a key listing to the output file
handle. This needs to be enabled using "OPTION list-to-output=1".
* The --output option of gpgsm has now an effect on list-keys.
* New gpgsm commands --dump-chain and list-chain.
* gpg-connect-agent has new options to utilize descriptor passing.
* A global trustlist may now be used. See doc/examples/trustlist.txt.
* When creating a new pubring.kbx keybox common certificates are
imported.
* Enhanced pkcs#12 support to allow import from simple keyBags.
* Exporting to pkcs#12 now create bag attributes so that Mozilla is
able to import the files.
* Pkcs#12 files are now created with a MAC. This is for better
interoperability.
* Fixed uploading of certain keys to the smart card.
* New command APDU for scdaemon to allow using it for general card
access. Might be used through gpg-connect-agent by using the SCD
prefix command.
* Support for the CardMan 4040 PCMCIA reader (Linux 2.6.15 required).
* Scdaemon does not anymore reset cards at the end of a connection.
* Kludge to allow use of Bundesnetzagentur issued X.509 certificates.
* Added --hash=xxx option to scdaemon's PKSIGN command.
* A couple of bug fixes for OCSP.
* OCSP does now make use of the responder ID and optionally included
certificates in the response to locate certificates.
* No more lost file descriptors when loading CRLs via HTTP.
* HTTP redirection for CRL and OCSP has been implemented.
* Man pages are now build and installed from the texinfo source.
Note, that you need to update libksba to version 1.0.0 for this
release.
from PKG_OPTIONS, and also comments out the libcrack module in the PLIST.
However this means nothing to the PAM configure script, which will find a
system libcrack and install the libcrack module. When the pkgsrc bulk
build deinstalls PAM, it detects the leftover libcrack module and marks
PAM and its dependents failed.
Fix this by adding a --disable-crack option to the configure script.
New in 2.1.22
-------------
* Added support for spliting big data blocks (bigger than maxbuf)
into multiple SASL packets in sasl_encodev
* Various sasl_decode64() fixes
* Increase canonicalization buffer size to 1024 bytes
* Call do_authorization() after successful APOP authentication
* Allow for configuration file location to be configurable independently
of plugin location (bug # 2795)
* Added sasl_set_path function, which provides a more convenient way
of setting plugin and config paths. Changed the default
sasl_getpath_t/sasl_getconfpath_t callbacks to calculate
the value only once and cache it for later use.
* Fixed load_config to search for the config file in all directories
(bug # 2796). Changed the default search path to be
/usr/lib/sasl2:/etc/sasl2
* Don't ignore log_level configuration option in default UNIX syslog
logging callback
* (Windows) Minor IPv6 related changes in Makefiles for Visual Studio 6
* (Windows) Fixed bug of not setting the CODEGEN (code generation option)
nmake option if STATIC nmake option is set.
* Several fixed to DIGEST-MD5 plugin:
- Enable RC4 cipher in Windows build of DIGEST-MD5
- Server side: handle missing realm option as if realm="" was sent
- Fix DIGEST-MD5 to properly advertise maxssf when both DES and RC4
are disabled
- Check that DIGEST-MD5 SASL packet are no shorter than 16 bytes
* Several changes/fixed to SASLDB plugin:
- Prevent spurious SASL_NOUSER errors
- Added ability to keep BerkleyDB handle open between operations
(for performance reason). New behavior can be enabled
with --enable-keep-db-open.
* Better error checking in SQL (MySQL) auxprop plugin code
* Added support for HTTP POST password validation in saslauthd
* Added new application ("pluginviewer") that helps report information
about installed plugins
* Allow for building with OpenSSL 0.9.8
* Allow for building with OpenLDAP 2.3+
* Several quoting fixes to configure script
* A large number of other minor bugfixes and cleanups
** Parse "group" configuration parameters of GnuPG.
** epg-verify-file and epg-verify-string now return the plaintext
after successful verification.
** Obey the decoding coding-system determined by
decode-coding-inserted-region.
** Improved progress display.
** Allow file names starting with "-".
---------------------------------------------------------------------------
June 27, 2006
amavisd-new-2.4.2 release notes
SUMMARY OF CHANGES:
- new feature: "pen pals soft-whitelisting" lowers spam score of received
replies to a message previously sent by a local user to this address;
- new feature: added command line options to override certain configuration
settings from a config file, see below;
- documentation bug fixes, especially on the use of SQL data type TIMESTAMP;
- zoo decoder interface routine can now use utility unzoo(1) or zoo(1);
---------------------------------------------------------------------------
May 8, 2006
amavisd-new-2.4.1 release notes
INCOMPATIBLE CHANGE WITH 2.4.0:
- notification templates incompatibility with 2.4.0 (but not with versions
2.3.3 or older): major contents category numbers are renumbered due to a
newly inserted category CC_SPAMMY; it affects the use of macro ccat_maj
in templates (one field added), and only affect users which provide
non-default templates based on 2.4.0 templates; older templates (2.3.3
or earlier) are unaffected as they do not use macro ccat_maj;
---------------------------------------------------------------------------
April 3, 2006
amavisd-new-2.4.0 release notes
The most important changes since 2.3.3 at a glance:
Delivery status notifications (DSN) are now supported, both as a SMTP
protocol extension and in notifications. Header fields like X-Amavis
and X-Spam are now prepended to mail header for DomainKeys compatibility.
Configuration variables can be chosen based on mail contents category,
which is now represented explicitly. A built-in macro expander is enhanced,
providing new macros and call types. Added support for passive operating
system fingerprinting with the use of p0f, supplying collected information
as a header field to SpamAssassin. Provide compatibility with Net::Server
0.91 and later.
at previous commit.
Note: OpenSSH 4.4p1 has already released, there is no hpn-patch patch yet,
so I don't update to it while pkgsrc-freeze is in effect.
20060211
- (dtucker) [README] Bump release notes URL.
- (djm) Release 4.3p2
20060208
- (tim) [session.c] Logout records were not updated on systems with
post auth privsep disabled due to bug 1086 changes. Analysis and patch
by vinschen at redhat.com. OK tim@, dtucker@.
- (dtucker) [configure.ac] Typo in Ultrix and NewsOS sections (NEED_SETPRGP
-> NEED_SETPGRP), reported by Berhard Simon. ok tim@
20060206
- (tim) [configure.ac] Remove unnecessary tests for net/if.h and
netinet/in_systm.h. OK dtucker@.
20060205
- (tim) [configure.ac] Add AC_REVISION. Add sys/time.h to lastlog.h test
for Solaris. OK dtucker@.
- (tim) [configure.ac] Bug #1149. Changes in QNX section only. Patch by
kraai at ftbfs.org.
20060203
- (tim) [configure.ac] test for egrep (AC_PROG_EGREP) before first
AC_CHECK_HEADERS test. Without it, if AC_CHECK_HEADERS is first run
by a platform specific check, builtin standard includes tests will be
skipped on the other platforms.
Analysis and suggestion by vinschen at redhat.com, patch by dtucker@.
OK tim@, djm@.
20060202
- (dtucker) [configure.ac] Bug #1148: Fix "crippled AES" test so that it
works with picky compilers. Patch from alex.kiernan at thus.net.
on ssh anyways, but better to make sure). Fixed some
more ssh_*_{en,de}code calls missing necessary casts.
Disabled x11-security extension on x86_64 as it does not
work there (uses xauth instead). Updated pkgrevision.
* Version 1.4.4 (released 2006-09-12)
** Relax the test that caught signatures that exploit the variant of
** Bleichenbacher's Crypto 06 rump session attack on our
** verification logic flaw.
In particular, we now permit the digestAlgorithm.parameters field to
be present but empty, whereas in 1.4.3 we actually checked that the
field was absent.
** Revert the removal of debug information for the GNUTLS-SA-2006-3 problem.
The messages are only printed in debug mode, which is not recommended
for normal use, and thus logging this situation cannot be abused as an
oracle in typical recommended situations.
** API and ABI modifications:
No changes since last version.
2006-09-05 Fernando Herrera <fherrera@onirica.com>
* configure.ac: Release 2.16.0
2006-09-02 Daniel Nylander <po@danielnylander.se>
* docs/sv/sv.po: Updated Swedish translation.
2006-08-22 Fernando Herrera <fherrera@onirica.com>
* configure.ac: Relase 2.15.92
2006-08-22 Fernando Herrera <fherrera@onirica.com>
* src/gnome-keyring-manager-keyring-editor.c:
(gkm_keyring_editor_set_acl): Chage a crash by leak :)
2006-08-03 German Poo-Caaman~o <gpoo@ubiobio.cl>
* MAINTAINERS: Added myself there (Fernando Herrera asked me
to co-maintain this module)
2006-08-03 German Poo-Caaman~o <gpoo@ubiobio.cl>
Patch from Przemysrlaw Grzegorczyk <pgrzegorczyk@gmail.com>
* po/LINGUAS: New file listing all supported languages.
* configure.ac: Use po/LINGUAS instead of including all languages
directly in this file. See the wiki for more information:
http://live.gnome.org/GnomeGoals/PoLinguas. Fixed#337908
2006-08-03 Jovan Naumovski <jovan@lugola.net>
* Added sl.po to po/ and 'sl' to configure.ac
2006-08-02 German Poo-Caaman~o <gpoo@ubiobio.cl>
* data/gnome-keyring-manager.desktop.in.in: Switched 'GNOME;GTK;'
instead 'GNOME;' in 'Categories' in order to fix#328039.
2006-08-02 German Poo-Caaman~o <gpoo@ubiobio.cl>
* MAINTAINERS: Added this file in order to fix#335041. At the
moment I just set to Fernando Herrera as the current maintainer.
2006-08-02 Fernando Herrera <fherrera@onirica.com>
* src/gnome-keyring-manager.c: (main): Port to GOption API. Patch by
Sebastien Bacher. Closes bug #336077
2006-08-02 Fernando Herrera <fherrera@onirica.com>
* configure.ac: Branched for gnome-2-14, bump version number to
2.15.91
2006-07-23 Christophe Bliard <christophe.bliard@trux.info>
* docs/fr/fr.po: Added French translation.
* docs/Makefile.am: Added fr to DOC_LINGUAS.
2006-07-23 Daniel Nylander <po@danielnylander.se>
* sv/sv.po: Updated Swedish translation.
2006-07-03 Runa Bhattacharjee <runabh@gmail.com>
* configure.ac: Added Bengali India (bn_IN) to ALL_LINGUAS.
2006-06-29 Daniel Nylander <po@danielnylander.se>
* docs/sv/sv.po: Added Swedish translation.
2006-06-19 Raivis Dejus <orvils@gmail.com>
* configure.ac: Added "lv" Latvian in to ALL_LINGUAS line.
2006-06-12 Ahmad Riza H Nst <rizahnst@gnome.org>
* configure.ac: Added "id" Indonesian in to ALL_LINGUAS line.
* po/id.po: Added Indonesian translation.
2006-05-25 Åsmund Skjæveland <aasmunds@fys.uio.no>
* po/nn.po: Added Norwegian Nynorsk translation.
* configure.ac: Added nn to ALL_LINGUAS.
2006-04-17 Kjartan Maraas <kmaraas@gnome.org>
* configure.ac: Remove obsolete entry for no_NO.
* po/no.po: And the translation.
2006-04-05 Behdad Esfahbod <behdad@gnome.org>
Approved by Fernando Herrera on IRC.
* gnome-keyring-manager-attribute-editor.h:
* gnome-keyring-manager-attribute-editor.c:
* gnome-keyring-manager-new-item-dialog.h:
* gnome-keyring-manager-new-item-dialog.c:
* gnome-keyring-manager-password-dialog.h:
* gnome-keyring-manager-password-dialog.c: Remove. Not needed
because of UI changes.
* po/POTFILES.in: Remove above files.
2006-04-05 Behdad Esfahbod <behdad@gnome.org>
* configure.ac, Makefile.am: Get rid of m4 directory that does not
exist. (bug #337310)
2006-04-03 Dan Williams <dcbw@redhat.com>
* src/gnome-keyring-manager-util.c
- (gkm_get_application_path): implement for FreeBSD
2006-04-03 Dan Williams <dcbw@redhat.com>
* src/gnome-keyring-manager-acl-display.c
- (gkm_acl_display_set_acl): deal with possibly NULL application path
2006-04-03 Dan Williams <dcbw@redhat.com>
* src/gnome-keyring-manager.c
- (gkm_application_open_keyring_manager): Fix "unused result" error
on return from g_slist_append()
2006-04-03 Dan Williams <dcbw@redhat.com>
Patch from Brent Smith <gnome@nextreality.net> Bug #327946
* Makefile.am, configure.ac, docs/gnome-keyring-manager.omf.in,
docs/Makefile.am: updates for gnome-doc-utils
2006-04-03 Dan Williams <dcbw@redhat.com>
Patch from Matthias Clasen <mclasen@redhat.com> Bug #317037
* src/gnome-keyring-manager-keyring-editor.c
- (gkm_keyring_editor_new): don't set edited keyring if not passed
a keyring name
* src/gnome-keyring-manager-main-ui.c
- (gkm_main_ui_init): Don't open 'default' keyring, but defer setting
the edited keyring until keyrings are loaded
- (on_keyrings_model_row_changed): new function; if there is no currently
edited keyring, use the first item in the keyring list
- (gkm_main_ui_connect_glade_signals): connect keyring treeview
row-changed signal
2006-04-03 Dan Williams <dcbw@redhat.com>
* data/gnome-keyring-manager.glade
- Remove "invisible_char" items because they override the GTK default,
which is now pretty, with ugly obfuscation characters
2006-04-03 Dan Williams <dcbw@redhat.com>
* src/gnome-keyring-manager-util.c
- (gkm_show_about_dialog): don't use "GNOME" in about
dialog title. Bug #326273
2006-04-03 Dan Williams <dcbw@redhat.com>
Patch from Christian Persch <chpe@gnome.org>, bug #336497
* src/gnome-keyring-manager-main-ui.c
- (on_about_activate): call gkm_show_about_dialog instead
* src/gnome-keyring-manager-util.c
src/gnome-keyring-manager-util.h
- (gkm_about_dialog_new): renamed to gkm_show_about_dialog
- (gkm_show_about_dialog): use gtk_show_about_dialog() rather than
gtk_about_dialog_new()
* src/gnome-keyring-manager.c
src/gnome-keyring-manager.h
- (gkm_application_open_about_dialog): removed
2006-04-03 Dan Williams <dcbw@redhat.com>
Fix network attribute mishandling when a default attribute isn't present in
the attribute list. For example, if the attribute list had no 'port', but
the user modified the 'port' in gnome-keyring-manager, the 'user' attribute
would be set instead.
* src/gnome-keyring-manager-attribute-display.c
- (gkm_attribute_display_init, network_password_update_page,
gkm_attribute_display_clear, on_attribute_entry_changed): Replace usage
of "NUM_ENTRIES - 3" with NON_PASSWORD_ENTRIES_MAX
- (gkm_attribute_display_init): initialize mappings to -1
- (network_password_update_page): enable widgets for attributes that are
present, and disable widgets for attributes that are not. Reset attribute
to widget mapping when changing keyring entries, since not all entries
have every default attribute.
- (on_attribute_entry_changed): don't do anything for attributes which
don't have a mapping, should we ever get here (widget should be disabled),
and clean up function a bit
2006-04-03 Dan Williams <dcbw@redhat.com>
* data/gnome-keyring-manager.glade
- Allow ports higher than 100. Bug #336692
2006-04-03 Dan Williams <dcbw@redhat.com>
Patch from Christian Persch <chpe@gnome.org>
* src/gnome-keyring-manager.c
- (gkm_application_window_destroyed_callback): Fix "unused result" error
on return from g_slist_remove()
2006-03-24 Tommi Vainikainen <thv@iki.fi>
* configure.ac (ALL_LINGUAS): Added Dzongkha (dz).
2006-03-21 Vladimer Sichinava <vlsichinava@gmail.com>
* configure.ac: Added "ka" (Georgian) to ALL_LINGUAS
* NetBSD fixes
* Crash fix
* Typo fix
* Translations
Changes in version 0.5.2 are:
* Translation updates
* Better title in docs
* Fixed crashes
* New function: gnome_keyring_item_grant_access_rights_sync
Changes in version 0.5.1 are:
* Support changing password of a keyring
* Create ~/.gnome2 if needed
* Save keyring when an ACL is added
* Add password strength meter
* Small bugfixes
* Version 1.4.3 (released 2006-09-08)
** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's
** Crypto 06 rump session attack.
In particular, we check that the digestAlgorithm.parameters field is
empty, to avoid that it can contain "garbage" that may be used to
alter the numeric properties of the signature. See
<http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is
not exactly the same as the problem we fix here). Reported by Yutaka
OIWA <y.oiwa@aist.go.jp>.
See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more
up to date information.
** Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.
See <http://www.bell-labs.com/user/bleichen/papers/pkcs.ps.gz>.
Reported by Werner Koch <wk@gnupg.org>.
See GNUTLS-SA-2006-3 on http://www.gnutls.org/security.html for more
up to date information.
** Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
** API and ABI modifications:
No changes since last version.
* Version 1.4.2 (released 2006-08-12)
** Fix a crash (strcmp() on a NULL value) in the certificate verification logic.
This can happen if you call gnutls_certificate_verify_peers2 and have
a certain mix of local CA certificates and the peer send special
certificates, that together trigger certain behaviour. It is not
known at this point whether the crash can be triggered without the
special local CA certificate, and thus turn this into a remote crash
of clients that verify server certificates when they talk to a server
with the special server certificate. See GNUTLS-SA-2006-2 on
http://www.gnu.org/software/gnutls/security.html for more up to date
information. Reported by satyakumar <satyam_kkd@hyd.hellosoft.com>.
** Change SRP and Cert-Type extensions to match IANA registry.
** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support.
** Make --without-included-libtasn1 work.
Reported by Daniel Black <dragonheart@gentoo.org>.
** API and ABI modifications:
No changes since last version.
Noteworthy changes in version 0.5.9 (2006-08-06)
------------------------------------------------
* Fix cdk_kbnode_write_to_mem to return CDK_Too_Short when buf is
NULL, tiny patch from Mario Lenz.
* Fixed opencdk-config script to include -lz, thanks to Weng Liong, Low.
* Fix prototypes for AIX compiler, reported by John Heiden.
* Don't use trailing comma in last enum constant, for IBM C v6. Tiny
patch from Albert Chin.
This resolves PR pkg/34394 by Martin Wilke.
Pkgsrc changes:
- none
Changes since version 2.09:
===========================
2.10 Fri Dec 02 07:36:18 EST 2005
- updated the README file to remove the reference
to CBC_R - no longer available.
- updated the README file to include performance
results for G4/1.2GHz PPC Mac OS X 10.4.X
This resolves PR pkg/34407 by Martin Wilke.
Pkgsrc changes:
- took maintainership
Changes since version 5.41:
===========================
5.43 Sat Aug 5 02:36:18 MST 2006
- undid Perl Best Practice of favoring 3-argument "open"
-- 3-arg version uses different semantics for "-"
causing bugs in addfile and shasum
- modified underlying C functions to use ANSI prototypes
-- requested by Steve Hay (ref. Smoke [5.9.4] 28630)
-- K&R style was causing numerous warnings from
Borland compiler
5.42 Mon Jul 24 04:04:40 MST 2006
- minor code changes suggested by Perl::Critic
-- e.g. no bareword filehandles, no 2-argument open's
- updated public key (ref. B538C51C)
-- previous one (0AF563FE) expired July 2, 2006
- added documentation to warn that Base64 digests are NOT padded
-- padding must be done by user if interoperability
with other software is required
This resolves PR pkg/34398 by Martin Wilke.
Pkgsrc changes:
- none
Changes since version 2.17:
===========================
2.19 Tue Jul 18 18:39:57 EDT 2006
- Renamed Crypt::CBC-2.16-vulnerability.txt so that package installs
correctly under Cygwin
2.18 2006/06/06 23:17:04
- added more documentation describing how to achieve compatibility
with old encrypted messages
tools which allow to use GnuPG from Emacs (EasyPG Assistant), and a
fully functional interface library to GnuPG (EasyPG Library.) It does
not cache passphrases, so gpg-agent (security/gnupg-devel) is
recommended.
- If SSL_cipher_list is not given it uses the openssl default
instead of setting it to 'ALL:!LOW:!EXP' like before. The old
value included ADH and this might be a bad idea, see BUGS why.
Resolves PR pkg/34392 by Martin Wilke
Noteworthy changes in version 1.2.3 (2006-08-28)
------------------------------------------------
* Rewrote gcry_mpi_rshift to allow arbitrary shift counts.
* Minor bug fixes.
