* Key manager now uses new file chooser dialogs
* For detached signatures, prompt when missing plain text files
* Import/Export to clipboard implemented as copy/paste
* Dragging keys into the key manager import
* All file operations work with gnome-vfs remote URIs (ie: smb, ftp, http,
etc...)
* Proper sort support for key listings
* Filter support on key manager and recipients windows
* Multiple file and folder support in nautilus
* Fixed MIME type integration with nautilus
* Rework the 'Key Properties' dialog
* Can now change primary user id, or delete user ids on a secret key
* Can sign individual user ids on a key
* Can now list signatures on a key
* Respects 'Encrypt to Self' option when encrypting files or text
* Gnome HIG (Human Interface Guidelines) compliancy fixes
* gedit plugin for encrypting/decrypting/signing/verifying text
* 'Seahorse Agent' for caching passwords on system
* Updated to a new version of GPGME (1.0)
* Fixed startup crashers
* New Key generation assistant (wizard/druid)
* Version 1.0.0! We are proud to present you with a thoroughly
tested and stable version of the GPGME library. A big Thank You!
to all the people who made this possible.
The development will be branched into a stable 1.x.y series and the
head.
* The gpgme.m4 macro supports checking the API version. Just prepend
it to the required version string, separated by a colon. For
example, this release has the version "1:1.0.0". The last release
to which this version is (mostly) ABI compatible is "1:0.4.2",
which is the default required version.
testing, and using exploit code. This release includes 18 exploits and 27
payloads; many of these exploits are either the only ones publicly available
or just much more reliable than anything else out there. The Framework will
run on any modern system that has a working Perl interpreter, the Windows
installer includes a slimmed-down version of the Cygwin environment.
slightly modified by me.
Changes since 0.6:
* Ported to Solaris 2.8.
* Added a new error source GPG_ERR_SOURCE_GSTI, and new error
codes GPG_ERR_PROTOCOL_VIOLATION and GPG_ERR_INV_MAC for this
source.
* Interface changes relative to the 0.7 release:
GPG_ERR_SOURCE_GSTI NEW
GPG_ERR_PROTOCOL_VIOLATION NEW
GPG_ERR_INV_MAC NEW
GPG_ERR_INV_REQUEST NEW
* libgpg-error can be built on systems where the errno macros do not
evaluate to plain numbers, but expressions. If you want to
cross-compile, you might have to set CC_FOR_BUILD, though.
* A new tool gpg-error to convert error numbers into symbols into
strings is provided.
* Interface changes relative to the 0.6 release:
GPG_ERR_LOCALE_PROBLEM NEW
GPG_ERR_NOT_LOCKED NEW
Addresses PR#27254
Version 4.4.7 contains various bugfixes and improvements to the
documentation and software.
o A critical bug fixed in scan-mail.pl.
o Detection of JPG exploits has been added.
o A file descriptor leak has been fixed in f-protd.
o A minor bug in f-protd related to CPU hogging under certain
conditions has been fixed.
o A log level has been added (further information can be found in
the man pages).
under ${PREFIX} instead of being an absolute path.
So fix the references using RCD_SCRIPTS_EXAMPLEDIR to be
${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}.
This should have no changes to use before.
Please note that the MESSAGE files in most cases are wrong in the
first place. We have automated mechanisms and could have an automated
message for explaining rc.d script usage. (This is something to do!)
maintainer Klaus Klein.
2) Update to version 0.9.7 to satisfy version requirements for, soon to
be committed, gnupg2 (1.9.10) that provides SMIME support.
Libksba is a library to make the tasks of working with X.509 certificates,
CMS data and related objects more easy. It a highlevel interface to the
implemented protocols and presents the data in a consistent way.
as it's only used internally by bsd.prefs.mk.
* Make _PKGSRCDIR a public variable by renaming it to PKGSRCDIR.
Also, generate its value from ${_PKGSRC_TOPDIR} so it's less fragile
than the old method of stripping off the last two components of
${.CURDIR}. PKGSRCDIR may now be used after bsd.prefs.mk is defined.
* Change all references to _PKGSRCDIR to PKGSRCDIR.
2004-10-03 22:04 nolan
* src/: mypasswordsafe.ui.h, safedragobject.cpp,
safedragobject.hpp, safelistview.cpp, safelistview.hpp: Did some
work so MyPS wouldn't segfault when dragging onto another app
2004-10-03 22:03 nolan
* MyPasswordSafe.pro: Removed spaces added by Designer
MyPasswordSafe is a straight-forward, easy-to-use password manager
that maintains compatibility with Password Safe files. MyPasswordSafe
has the following features:
* Safes are encrypted when they are stored to disk.
* Passwords never have to be seen, because they are copied to
the clipboard
* Random passwords can be generated.
* Window size, position, and column widths are remembered.
* Passwords remain encrypted until they need to be decrypted at
the dialog and file levels.
* A safe can be made active so it will always be opened when
MyPasswordSafe starts.
* Supports Unicode in the safes
* Languages supported: English and French
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
- Fix false positive on NetBSD for "login". Thanks to Richard Ibbotson for
helping sort this out.
- Install main shell script and documentation.
chkwtmp.c
fix: del counter (Thanks to Dietrich Raisin)
chkproc.c
fix: better support for Linux threads
chkrootkit;
new rootkit detected: Madalin rootkit
top and find tests improved for Suse Linux
more ports added in the bindshell test
fix: FreeBSD false positives
fix: slammer detection
lots of minor bug fixes
- ok'ed wiz@, snj@
- Grab maintainership
- Remove DIST_SUBDIR directive
Verison 2.0.5:
--------------
[BUG] OpenBSD compile fix.
Support for 802.1Q.
New signatures.
Speel-chceked teh docuhmentation!
Absolutely experimental support for open connection fingerprinting (-O).
Synced manpage and documentation.
Added several -O signatures.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
Changes in version 0.4.0 are:
* Build fix on some systems
* Translation updates
Changes in version 0.3.3 are:
* Translation updates
Changes in version 0.3.2 are:
* New API functions for getting/setting ACL
* Implemented delete keyring operation
Changes in version 0.3.1 are:
* New and updated translations.
* New introduction document
* unlocking the NULL keyring unlocks the default keyring
that, on a large SMP bulk build machine, and occasionally on smaller
less busy machines, we can get a false-postive message in the aide
output because the atime on a group of files can be one second later
than "cur_time", the current time as returned to aide. So allow for
one second's difference in the time calculation.
Bump package revision.
Changes since 0.0.8:
* Changes in 0.1.4 (released 2004-08-08)
** Revamp of gnulib compatibility files.
** More translations.
German (by Roland Illig), Basque (by Mikel Olasagasti), French (by
Michel Robitaille), Irish (by Kevin Patrick Scannell), Dutch (by Elros
Cyriatan), Polish (by Jakub Bogusz), Romanian (by Laurentiu Buzdugan),
and Serbian (by Aleksandar Jelenak).
* Changes in 0.1.3 (released 2004-08-04)
** Command line tool support IPv6 (and other protocol families).
Requires that your system has `getaddrinfo'.
** Command line behaviour for gsasl tool improved.
The --client and --imap parameters are now the default. The --connect
host and port can now be specified directly. If --authentication-id
is not specified, the username of the user invoking gsasl is used
(i.e., getpwuid(getuid)->pw_name). Alltogether, this allows simple
usage, as in `gsasl mail.example.com' to connect, via IMAP, to
mail.example.com.
* Changes in 0.1.2 (released 2004-07-16)
** The SMTP mode in `gsasl' should now work.
** Cross compile builds should work.
It should work for any sane cross compile target, but the only tested
platform is uClibc/uClinux on Motorola Coldfire.
** The GNU Readline library is used to read data, if available.
** Passwords read from stdin are not echoed to the terminal.
* Changes in 0.1.1 (released 2004-06-26)
** In the command line client, the default quality of protection is now none.
* Changes in 0.1.0 (released 2004-04-16)
** The library re-licensed to LGPL and distributed as a separate package.
This means a fork of this NEWS file, all the entries below relate to
the combined work of earlier versions. New entries above does not
document user visible changes for the library ("libgsasl"), for that
see NEWS in the lib/ sub-directory, which is also distributed as a
stand-alone package.
* Changes in 0.0.14 (released 2004-01-22)
** Moved all mechanism specific code into sub-directories of lib/.
Each backend is built into its own library (e.g., libgsasl-plain.so),
to facilitate future possible use of dlopen to dynamically load
backends.
** Moved compatibility files (getopt*) to gl/, and added more (strdup*).
* Changes in 0.0.13 (released 2004-01-17)
** Nettle (the crypto functionality, crypto/) has been updated.
This fixes two portability issues, the new code should work on
platforms that doesn't have inttypes.h and alloca.
* Changes in 0.0.12 (released 2004-01-15)
** Protocol line parser in 'gsasl' tool more reliable.
Earlier it assumed two lines were sent in one packet in one place, and
sent as two packets in another place.
** Various bugfixes.
* Changes in 0.0.11 (released 2004-01-06)
** The client part of CRAM-MD5 now uses SASLprep instead of NFKC.
This aligns with draft-ietf-sasl-crammd5-01.
** The CRAM-MD5 challenge string now conform to the proper syntax.
** The string preparation (SASLprep and trace) functions now work correctly.
** DocBook manuals no longer included.
The reason is that recent DocBook tools from the distribution I use
(Debian) fails with an error. DocBook manuals may be included in the
future, if I can get the tools to work.
** API and ABI modifications.
GSASL_SASLPREP_ERROR: ADD.
* Changes in 0.0.10 (released 2003-11-22)
** The CRAM-MD5 server now reject invalid passwords.
The logic flaw was introduced in 0.0.9, after blindly making code
changes to shut up valgrind just before the release.
** Various build improvements.
Pkg-config is no longer needed. GTK-DOC is only used if present.
* Changes in 0.0.9 (released 2003-11-21)
** Command line client can talk to SMTP servers with --smtp.
** DocBook manuals in XML, PDF, PostScript, ASCII and HTML formats included.
** Token parser in DIGEST-MD5 fixed, improve interoperability of DIGEST-MD5.
** Libgcrypt >= 1.1.42 is used if available (for CRAM-MD5 and DIGEST-MD5).
The previous libgcrypt API is no longer supported.
** CRAM-MD5 and DIGEST-MD5 no longer require libgcrypt (but can still use it).
If libgcrypt 1.1.42 or later is not found, it uses a minimalistic
cryptographic library based on Nettle, from crypto/. Currently only
MD5 and HMAC-MD5 is needed, making a dependence on libgcrypt overkill.
** Listing supported server mechanisms with gsasl_server_mechlist work.
** Autoconf 2.59, Automake 1.8 beta, Libtool CVS used.
** Source code for each SASL mechanism moved to its own sub-directory in lib/.
** The command line interface now uses getopt instead of argp.
The reason is portability, this also means we no longer use gnulib.
** API and ABI modifications.
gsasl_randomize: ADD.
gsasl_md5: ADD.
gsasl_hmac_md5: ADD.
gsasl_hexdump: REMOVED. Never intended to be exported.
gsasl_step: ADD.
gsasl_step64: ADD.
gsasl_client_step: DEPRECATED: use gsasl_step instead.
gsasl_server_step: DEPRECATED: use gsasl_step instead.
gsasl_client_step_base64: DEPRECATED: use gsasl_step64 instead.
gsasl_server_step_base64: DEPRECATED: use gsasl_step64 instead.
gsasl_finish: ADD.
gsasl_client_finish: DEPRECATED: use gsasl_finish instead.
gsasl_server_finish: DEPRECATED: use gsasl_finish instead.
gsasl_ctx_get: ADD.
gsasl_client_ctx_get: DEPRECATED: use gsasl_ctx_get instead.
gsasl_server_ctx_get: DEPRECATED: use gsasl_ctx_get instead.
gsasl_appinfo_get: ADD.
gsasl_appinfo_set: ADD.
gsasl_client_application_data_get: DEPRECATED: use gsasl_appinfo_get instead.
gsasl_client_application_data_set: DEPRECATED: use gsasl_appinfo_set instead.
gsasl_server_application_data_get: DEPRECATED: use gsasl_appinfo_get instead.
gsasl_server_application_data_set: DEPRECATED: use gsasl_appinfo_set instead.
Gsasl: ADD.
Gsasl_ctx: DEPRECATED: use Gsasl instead.
Gsasl_session: ADD.
Gsasl_session_ctx: DEPRECATED: use Gsasl_session instead.
GSASL_CRYPTO_ERROR: ADD, replaces deprecated GSASL_LIBGCRYPT_ERROR.
GSASL_LIBGCRYPT_ERROR: DEPRECATED: use GSASL_CRYPTO_ERROR instead.
GSASL_KERBEROS_V5_INTERNAL_ERROR: ADD, replaces deprecated GSASL_SHISHI_ERROR.
GSASL_SHISHI_ERROR: DEPRECATED: use GSASL_KERBEROS_V5_INTERNAL_ERROR instead.
GSASL_INVALID_HANDLE: ADD.
* Changes in 0.0.13 (released 2004-08-08)
** Revamp of gnulib compatibility files.
** More translations.
French (by Michel Robitaille) and Romanian (by Laurentiu Buzdugan).
* Changes in 0.0.12 (released 2004-08-01)
** Added rudimentary self tests of Kerberos 5 context init/accept.
Tests client and server authentication, with and without mutual
authentication, and that various aspects of the API like ret_flags
work.
** Various fixes, discovered while writing the Kerberos 5 self test.
** Cross compile builds should work.
It should work for any sane cross compile target, but the only tested
platform is uClibc/uClinux on Motorola Coldfire.
at:
http://www.sudo.ws/sudo/alerts/sudoedit.html
Major changes since Sudo 1.6.8:
o Sudoedit now re-opens the temp file as the invoking user
and will only open regular files.
o Better detection of unchanged files in sudoedit.
o The path to ldap.conf is now configurable.
o Added SSL tls_* certificate checking options when using LDAP.
o The sample pam config file has been updated.
NetBSD-1.6.2_STABLE. Gets rid of a parse error when only one
argument is given to HDN_WARN, which leaves us with "fprintf(fp, arg, )".
This may be a failure of the compiler on this platform to properly
do varargs macros, but the changes are noops and gets it building there.
-lreadline also needs either -ltermcap, -lcurses, -lncurses in the link
command to resolve all symbols used in the readline library. Cause one
of these libraries to automatically be added whenever "-lreadline"
appears on the command line. This is a generalization of the change in
revision 1.6 to work on more operating systems.
dependencies. This fixes link failures when the Heimdal dependency
is satisfied by the package rather than the builtin Heimdal. Pointed
out by Mark Davies in private email.
I've intentionally left out including readline/buildlink3.mk. Although
it is used by libsl.* and libss.*, those libraries are not actually
critical or used by other packages that depend on Heimdal for Kerberos
functionality.
* fix vulnerabilities in ftpd
* support for linux AFS /proc "syscalls"
* support for RFC3244 (Windows 2000 Kerberos Change/Set Password) in kpasswdd
* fix possible KDC denial of service
* Fix possible buffer overrun in v4 kadmin (which now defaults to off)
Collection.
The CipherSaber Perl module provides an object oriented interface to
CipherSaber-1 and CipherSaber-2 encryption.
See http://ciphersaber.gurus.com for more information about CipherSaber.
* Added new "IdentitiesOnly" option to ssh(1), which specifies that it should
use keys specified in ssh_config, rather than any keys in ssh-agent(1)
* Make sshd(8) re-execute itself on accepting a new connection. This security
measure ensures that all execute-time randomisations are reapplied for each
connection rather than once, for the master process' lifetime. This includes
mmap and malloc mappings, shared library addressing, shared library mapping
order, ProPolice and StackGhost cookies on systems that support such things
* Add strict permission and ownership checks to programs reading ~/.ssh/config
NB ssh(1) will now exit instead of trying to process a config with poor
ownership or permissions
* Implemented the ability to pass selected environment variables between the
client and the server. See "AcceptEnv" in sshd_config(5) and "SendEnv" in
ssh_config(5) for details
* Added a "MaxAuthTries" option to sshd(8), allowing control over the maximum
number of authentication attempts permitted per connection
* Added support for cancellation of active remote port forwarding sessions.
This may be performed using the ~C escape character, see "Escape Characters"
in ssh(1) for details
* Many sftp(1) interface improvements, including greatly enhanced "ls" support
and the ability to cancel active transfers using SIGINT (^C)
* Implement session multiplexing: a single ssh(1) connection can now carry
multiple login/command/file transfer sessions. Refer to the "ControlMaster"
and "ControlPath" options in ssh_config(5) for more information
* The sftp-server has improved support for non-POSIX filesystems (e.g. FAT)
* Portable OpenSSH: Re-introduce support for PAM password authentication, in
addition to the keyboard-interactive driver. PAM password authentication
is less flexible, and doesn't support pre-authentication password expiry but
runs in-process so Kerberos tokens, etc are retained
* Improved and more extensive regression tests
* Many bugfixes and small improvements
- SECURITY: Don't try to free() uninitialised variables in DSS verification
code. Thanks to Arne Bernin for pointing out this bug. This is possibly
exploitable, all users with DSS and pubkey-auth compiled in are advised to
upgrade.
- Clean up agent forwarding socket files correctly, patch from Gerrit Pape.
- Don't go into an infinite loop when portforwarding to servers which don't
send any initial data/banner. Patch from Nikola Vladov
- Fix for network vs. host byte order in logging remote TCP ports, also
from Gerrit Pape.
- Initialise many pointers to NULL, for general safety. Also checked cleanup
code for mp_ints (related to security issues above).
intended transformation: use "rm" to remove an option, "rmdir" to remove
all options containing a path starting with a given directory name, and
"rename" to rename options to something else.
which are the full option names used to set rpath directives for the
linker and the compiler, respectively. In places were we are invoking
the linker, use "${LINKER_RPATH_FLAG} <path>", where the space is
inserted in case the flag is a word, e.g. -rpath. The default values
of *_RPATH_FLAG are set by the compiler/*.mk files, depending on the
compiler that you use. They may be overridden on a ${OPSYS}-specific
basis by setting _OPSYS_LINKER_RPATH_FLAG and _OPSYS_COMPILER_RPATH_FLAG,
respectively. Garbage-collect _OPSYS_RPATH_NAME and _COMPILER_LD_FLAG.
adds two new options, ldap and pam.
Changes:
* Sudo now supports storing sudoers info in LDAP (optionally using TLS).
* There is a new -e option to edit files the with uid of the invoking
user. This makes it possible to give users to ability to safely edit
files without the possibility of editing other files or running commands
as the target user. If sudo is run as "sudoedit" the -e flag is implied.
* A new tag, NOEXEC, will prevent a dynamically-linked program being run
by sudo from executing another program (think shell escapes). Because
this uses LD_PRELOAD it has no effect on static binaries.
* A uid specified in sudoers now matches the user specified by the -u flag
even if the -u flag specified a name, not a uid.
* Added a -i option to simulate an initial login similar to "su -".
* If sudo is used to run as root shell, further sudo commands will be logged
as run by the user specified by the SUDO_USER environment variable. In -e
mode (sudoedit), SUDO_USER is used to determine what user to run the editor
when the real uid is 0.
* The sudoers file is now parsed as the runas user in all cases instead of
root. This fixes some issues with running NFS-mounted commands.
* If the target user == invoking user a password is no longer required.
* Sudo now produces a sensible error message when the targetpw Defaults option
is set and a non-existent uid is specified via the -u option.
* A negated user/uid in a runas list is now treated the same as a negated
command and overrides a previously allowed entry.
* PAM support now uses Use pam_acct_mgmt() to check for disabled accounts.
* Added a check in visudo for runas_default being used before it was set.
* Fixed several issues when closing all open descriptors. Sudo now uses
closefrom() if it exists, otherwise it uses /proc/$$/fd if that exists
with a fallback of closing all possible descriptors.
* Quoting globbing characters with a backslash now works as documented.
* Fixed a problem on FreeBSD (and perhaps others) when the user is only
listed in NIS (not master.passwd) and netgroups are used in the
master.passwd file.
* The username in a log entry is no longer truncated at 8 characters.
* Added a "sudo_lecture" option that can point to a file containing a
custom lecture.
* The timeout for password reading is now done via alarm(), not select().
* /tmp/.odus is no longer used for timestamps by default.
* Sudo now works on the nsr-tandem-nsk platform.
* Fixed the --with-stow configure option.
* TIS fwtk authentication now supports fwtk 2.0 and higher.
* Added Stan Lee / Uncle Ben quote to the lecture from RedHat.
* Added the --with-pc-insults configure to replace politically incorrect
insults with other ones.
into the bsd.options.mk framework. Instead of appending to
${PKG_OPTIONS_VAR}, it appends to PKG_DEFAULT_OPTIONS. This causes
the default options to be the union of PKG_DEFAULT_OPTIONS and any
old USE_* and FOO_USE_* settings.
This fixes PR pkg/26590.
Noteworthy changes in version 0.9.0 (unreleased)
------------------------------------------------
* The type gpgme_key_t has now a new field keylist_mode that contains
the keylist mode that was active at the time the key was retrieved.
* The type gpgme_decrypt_result_t has a new field "wrong_key_usage"
that contains a flag indicating that the key should not have been
used for encryption.
* Verifying a signature of a revoked key gives the correct result now
(GPG_ERR_CERT_REVOKED error code).
* Clarified that the error code GPG_ERR_NO_DATA from the decrypt &
verify operations still allows you to look at the signature
verification result.
* Clarified that patterns in keylisting operations have an upper
limit, and thus are not suited to list many keys at once by their
fingerprint. Also improve the error message if the pattern is too
long for the CMS protocol to handle.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgme_key_t EXTENDED: New field keylist_mode.
gpgme_decrypt_result_t EXTENDED: New field wrong_key_usage.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Set the 0.9.0 versions as BUILDLINK_DEPENDS in the buildlink3.mk for the
library major version changes.
Noteworthy changes in version 0.4.7 (2004-04-29)
------------------------------------------------
* Correctly initialize the fields expired, revoked, invalid, and
disabled in the gpgme_key_t structures.
* A bug fix: The flag wrong_key_usage of gpgme_signature_t was
accidently of type int instead unsigned int.
Noteworthy changes in version 0.4.6 (2004-04-06)
------------------------------------------------
* Bug fixes
Noteworthy changes in version 0.4.5 (2004-03-07)
------------------------------------------------
* GPGME is now compiled with LFS (large file support) by default.
* New key listing mode GPGME_KEYLIST_MODE_VALIDATE for validation of
the listed keys.
* New interface gpgme_cancel() that can be used to cancel
asynchronous operations.
Noteworthy changes in version 0.4.4 (2004-01-12)
------------------------------------------------
* The member "class" in gpgme_key_sig_t and gpgme_new_signature_t has
been renamed to "sig_class", to avoid clash with C++ compilers. In
the C API, the old name "class" has been preserved for backwards
compatibility, but is deprecated.
- Replace SED with SUBST.*
- Improve DESCR
- ok'ed snj@/wiz@
From the Changelog:
Verison 2.0.4:
--------------
More signatures.
Improved documentation, mentions of p0f_db, etc.
[BUG] Fixed a minor problem with installation on systems w/o /usr/man/.
[BUG] Fixed a DLT_NULL problem, added a new loopback signature.
Multiple timestamp options, timestamps now read from pcap dumps.
Sync with new Windows port code.
[BUG] Fixed one-line reporting for masquerade detection.
explicitly add only those plugins for SASL support for servers that
won't let us exclude any found SASL plugins. Also, don't bother
building the static library since the static library is useless until
the build mechanism is fixed by the Cyrus maintainers.
Bump the PKGREVISION.
Hydan steganographically conceals a message into an application. It
exploits redundancy in the i386 instruction set by defining sets of
functionally equivalent instructions. It then encodes information in
machine code by using the appropriate instructions from each set.
Features:
- Application filesize remains unchanged
- Message is blowfish encrypted with a user-supplied
passphrase before being embedded
- Encoding rate: 1/110
Primary uses for Hydan:
- Covert Communication: embedding data into binaries creates a
covert channel that can be used to exchange secret messages.
- Signing: a program's cryptographic signature can be embedded
into itself. The recipient of the binary can then verify
that it has not been tampered with (virus or trojan), and is
really from who it claims to be from. This check can be
built into the OS for user transparency.
- Watermarking: a watermark can be embedded to uniquely
identify binaries for copyright purposes, or as part of a DRM
scheme. Note: this usage is not recommended as Hydan
implements fragile watermarks.
Changes in 2.2.10:
A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option. Affected Samba
2.2 installations can avoid this possible security bug by using
the hash2 mangling method. Server installations requiring
the hash mangling method are encouraged to upgrade to Samba v2.2.10
or v3.0.5.
Changes in 2.2.9:
This is a maintenance release of Samba 2.2.8a to address the
problem with user password changes after applying the Microsoft
hotfix described in KB828741 to Windows NT 4.0/200x/XP clients.
Also updated dependant packages pam-smbpass and winbind.
is "/usr", what we really want to check is if the pam_appl.h header found
is within the ${LOCALBASE} hierarchy, which implies that it's a
pkgsrc-controlled file, and hence not built-in.
amavisd-new is an interface between message transfer agent (MTA) and
one or more content checkers, e.g. virus scanners, SpamAssassin, etc.
It is a performance-enhanced and feature-enriched version of amavisd
(which in turn is a daemonized version of AMaViS or amavis-perl).
amavisd-new is normally positioned at or near a central mailer, not
necessarily where user's mailboxes and final delivery takes place. If
you are looking for fully per-user configurable and/or low-message-rate
solution to be placed at the final stage of mail delivery (e.g. called
from procmail), there may be other solutions more appropriate for your
needs.
Package created and maintained by Julian Dunn in pkgsrc-wip.
can be used to create shared libraries _and_ be linked into a statically
linked program. Instead of trying to hack libtool to do this, just
accept the fact and do what you want another way!
Remove the ugly hack in sasldb/Makefile.am that regenerated the static
archive from the non-PIC object files. While this was fine for linking
into programs, it breaks things when you link this into the sasldb
plugin. Leaving it the other way, where the static archive from the
PIC object files, is also unacceptable because there are potential
problems on some platforms when linking an archive of of PIC objects
into an executable. The solution: let the static archive contain PIC
objects and be used to link into the sasldb plugin, but for the programs
in the utils directory, explicitly add the non-PIC object files listed
in $(SASL_DB_BACKEND_STATIC) to the files used to generate the programs.
This is easy because SASL_DB_BACKEND_STATIC is already generated
properly by config/sasldb.m4, so make use if it.
This should fix problems with using Cyrus SASL on non-i386 platforms
noted in PR pkg/26492 by Matt Dainty. Bump the PKGREVISION.
include:
* Fixes to saslauthd to allow better integration with realms (-r flag to
saslauthd, %R token in LDAP module)
* A nontrivial number of small bugfixes.
hashcash-0.32 - 09-Apr-2004 - Adam Back <adam@cypherspace.org>
* documentation fixes
* change multiple regexp behavior; previous algorithm only allowed
higher overrides; need to support both higher and lower
overrides. This also required introducing -o option to join
regexps which are set intersections where otherwise risk of
uninteded override occuring and mail being rejected as spent or
insufficent bits. Now revert to lexical order most specific
regexp first.
* wrote test script test.sh
* fix a few minor bugs uncovered by above test script
* -c now means check date
* allow -n etc with -X
* introduced -b relative to default way of specifying bits
* -b is no optional, if want token fully checked, but can give -b
default; or new relative to default -b +0.
hashcash-0.31 - 01-Apr-2004 - Adam Back <adam@cypherspace.org>
* final 0.x version (v0 format) release before 1.x version (v1
format) (bug fixes / maintenance only afterwards on 0.x version)
* remove -O3 from Makefile, use -O instead as fails on HPUX or
sun.
* fix some out of date usage stuff in hashcash man page.
* disable timing loop unless timing needed
* fix multiple reciept bug in -cX/-cx reported by Junior Ang
<junior@chrysant.com>. If you receive a mail multiple times
because you are on the receipt list multiple times, there will
be multiple hashcash headers for you. In this case it is
necessary to examine the first matching, non-spent stamp. The
bug was previous versions stopped on the first matching stamp
and then failed because it was spent. Need to keep going and
check later also matching stamps until find one which is not
spent.
* rationalize command line args further. No implied -m , more
things that are awkward to implement but not that useful are
disallowed.
* change purge operation to use read-write operations in the same
sdb file rather than creating a temporary file. This makes
locking easier and is also aesthetically nicer.
* add flock(2) database file write locking, and change creation
logic to use open(2) to avoid creation db race-condition also.
* make resource string case insensitive by default to match email
semantics; add -C option to force case sensitivity if desired
(email addresses are converted to and stored in lower case, so
you have to both mint and verify with case sensitivity turned on
to make use of case sensitivity)
* support minting multiple resources with multiple command line
args. Also if no resources given on command line, read
resources from stdin.
* support supplying multiple email addresses, for people who want
to accept as multiple addresses.
* support multiple resources on purging also.
* support multiple tokens with check mode as cmd line args, if
none given as args, read tokens from stdin; if -X/-x read from
cmd line args, then from stdin as email (matching stamp headers
skipping stamp headers)
* rename default simple database to hashcash.sdb (.sdb extension),
to distinguish from planned support for better database.
* fix bug in PPUTS didn't match PPRINTF
* fixup -l, -w, -n so they support multiple tokens also
* made use of -b optional (get the default on mint & check)
* added "-b default" to specify default number of bits with -s
(otherwise no way to measure the default speed without
specifying the number of bits -- and when this can change over
time it would be inconvenient for scripting to have to
separately obtain this)
* added support for wildcard email addresses with '*' wildcard
marker. '*' before '@' does not match '@', '*' after '@' does
not match '.'. And both email addresses must contain @ sign and
same number of '.' separated sub domains as wildcard address.
Wildcard matching is the new default. Use -S to get plain
string match. Can turn back on with -W.
* increased size of random string to reduce chance of collisions
between users. Now negligible chance of collision with typical
token sizes.
* added support for regexps. Can work from POSIX library or BSD
regexp library. Use -E to get regexps. Input is always in
POSIX syntax (specials are not quoted to have special action;
are quoted to have plain meaning). If using BSD library still
give input in POSIX syntax, it's converted to BSD internally.
* implement highest matching semantics. Ensures that eg -c -b10
*@bar.invalid -b15 adam@bar.invalid will not accept a 10 bit
token for adam@bar.invalid. (This is done by sorting resources
highest bits required first and accepting only the first highest
matching resource.)
* change arg parsing so -b, -e, -g, -z, -E, -W, -S, apply to the
following resources and tokens, and can be changed for later
resources/tokens with tokens and args interspersed. Means you
have to give these args before the resource/token or you will
get defaults.
for each package can be determined by invoking:
make show-var VARNAME=PKG_OPTIONS_VAR
The old options are still supported unless the variable named in
PKG_OPTIONS_VAR is set within make(1) (usually via /etc/mk.conf).
Improve update_dat script with patch from Jason White in followup
to PR 26408.
. get updates from faster and more reliable http server
. dat file format has changed -- version info is now in a different file
. abort update if no write permissions in target dir
* New --ask-cert-level/--no-ask-cert-level option to turn on and
off the prompt for signature level when signing a key. Defaults
to on.
* New --min-cert-level option to disregard key signatures that are
under a specified level. Defaults to 1 (i.e. don't disregard
anything).
* New --max-output option to limit the amount of plaintext output
generated by GnuPG. This option can be used by programs which
call GnuPG to process messages that may result in plaintext
larger than the calling program is prepared to handle. This is
sometimes called a "Decompression Bomb".
* New --list-config command for frontends and other programs that
call GnuPG. See doc/DETAILS for the specifics of this.
* New --gpgconf-list command for internal use by the gpgconf
utility from gnupg 1.9.x.
* Some performance improvements with large keyrings. See
--enable-key-cache=SIZE in the README file for details.
* Some portability fixes for the OpenBSD/i386, HPPA, and AIX
platforms.
* Simplified Chinese translation.
* keychain 2.3.4 (24 Jul 2004)
24 Jul 2004; Aron Griffis <agriffis@gentoo.org>;
Fix bug 28599 reported by Bruno Pelaia; ignore defunct processes in
ps output
* keychain 2.3.3 (30 Jun 2004)
30 Jun 2004; Aron Griffis <agriffis@gentoo.org>;
Fix bug reported by Matthew S. Moore in email; escape the backticks
in --help output
Fix bug reported by Herbie Ong in email; set pidf, cshpidf and lockf
variables after parsing command-line to honor --dir setting
Fix bug reported by Stephan Stahl in email; make spaces in filenames
work throughout keychain, even in pure Bourne shell
Fix operation on HP-UX with older OpenSSH by interpreting output of
ssh-add as well as the error status
* keychain 2.3.2 (16 Jun 2004)
16 Jun 2004; Aron Griffis <agriffis@gentoo.org>;
Fix bug 53837 (keychain needs ssh-askpass) by unsetting SSH_ASKPASS
when --nogui is specified
* keychain 2.3.1 (03 Jun 2004)
03 Jun 2004; Aron Griffis <agriffis@gentoo.org>;
Fix bug 52874: problems when the user is running csh
* keychain 2.3.0 (14 May 2004)
14 May 2004; Aron Griffis <agriffis@gentoo.org>;
Rewrite the locking code to avoid procmail
* keychain 2.2.2 (03 May 2004)
03 May 2004; Aron Griffis <agriffis@gentoo.org>;
Call loadagent prior to generating HOSTNAME-csh file so that
variables are set.
* keychain 2.2.1 (27 Apr 2004)
27 Apr 2004; Aron Griffis <agriffis@gentoo.org>;
Find running ssh-agent processes by searching for /[s]sh-agen/
instead of /[s]sh-agent/ for the sake of Solaris, which cuts off ps
-u output at 8 characters. Thanks to Clay England for reporting the
problem and testing the fix.
* keychain 2.2.0 (21 Apr 2004)
21 Apr 2004; Aron Griffis <agriffis@gentoo.org>;
Rewrote most of the code, organized into functions, fixed speed
issues involving ps, fixed compatibility issues for various UNIXes,
hopefully didn't introduce too many bugs. This version has a
--quick option (for me) and a --timeout option (for carpaski).
Also added a Makefile and converted the man-page to pod for easier
editing. See perlpod(1) for information on the format. Note that
the pod is sucked into keychain and colorized when you run make.
slightly modified by me.
Crypto++ Library is a free C++ class library of cryptographic schemes.
One purpose of Crypto++ is to act as a repository of public domain
(not copyrighted) source code. Although the library is copyrighted as
a compilation, the individual files in it (except for a few exceptions
listed in the license) are in the public domain.
* Changes in 0.0.11 (released 2004-04-18)
** Minor cleanups to the core header file.
Using xom.h is no longer supported (the file doesn't exist on modern
systems).
** Kerberos 5 sequence number handling fixed.
First, gss_init_sec_context set the sequence numbers correctly, before
the incorrect sequence numbers prevented gss_(un)wrap from working
correctly. Secondly, gss_unwrap now check the sequence numbers
correctly. This was prompted by the addition of randomized sequence
numbers by default in Shishi 0.0.15.
** The compatibility files in gl/ where synced with Gnulib.
** Various bugfixes and cleanups.
** Polish translation added, by Jakub Bogusz.
* Fixed a bug in ./configure which would sometimes assume that GTK is not
installed whereas it actually is
* Fixed a race condition in nessus-adduser for users who do not configure
their TMPDIR variable (thanks to Cyrille Barthelemy)
* Fixed a bug in nessus-update-plugins which would not update the plugins
properly on all systems (thanks to Keith Butler)
* Fixed the installer to compile Nessus with GTK support if gtk-config OR
pkg-config is installed.
from othyro at freeshell dot org via pkgsrc-wip
PRNGD is a Pseudo Random Number Generator Daemon. It is intended
to replace EGD, and provides an EGD compatible interface to obtain
random data and as an entropy source.
PRNGD is never drained and can never block. And it has a seed-save
file, so that it is immediately usable after system start.
patch-ap now includes the updates between rev 1.84 and rev 1.90
modulo the support for passing of GSSAPI credentials.
Patch provided by Jukka Salmi in PR 26184
Bump PKGREVISION to 3 for the new fix.
Change list from release notes:
* Synchronized bundled GD library with GD 2.0.23.
* Fixed a bug that prevented compilation of GD extensions against
FreeType 2.1.0-2.1.2.
* Fixed thread safety issue with informix connection id.
* Fixed incorrect resolving of relative paths by glob() in windows.
* Fixed mapping of Greek letters to html entities.
* Fixed a bug that caused an on shutdown crash when using PHP with Apache
2.0.49.
* Fixed a number of crashes inside pgsql, cpdf and gd extensions.
All in all this release fixes over 30 bugs that have been discovered
and resolved since the 4.3.6 release.
was based a long time ago on the OpenBSD port, but the only thing that
remains form that is one of the patches, and I'm not sure that's necessary
any more.
Firewall Builder is multi-platform firewall configuration and
management tool. It consists of a GUI and set of policy compilers for
various firewall platforms. Firewall Builder uses object-oriented
approach, it helps administrator maintain a database of network
objects and allows policy editing using simple drag-and-drop
operations. Firewall Builder currently supports
iptables,
ipfilter,
OpenBSD PF, and
Cisco PIX
libfwbuilder provides the back-end functionality in a library.
use shlibtool to build the plugins to avoid generating and installing a
static archive for the plugin module. This fixes PLIST breakage. Bump the
PKGREVISION to 2.
This allows uploading of SIEVE scripts larger than 4kb if GSSAPI
authentification is used for cyrus-imapd.
link to the patch provided by Jukka Salmi in PR 26165
bump PKGREVISION to 1
file descriptors (0, 1, 2) are open. This avoids multiple warnings issued
under NetBSD about running set[ug]id programs with those descriptors closed.
Fixes PR pkg/26079; although it talks about gaim, the problem is here, in
libgcrypt. Bump PKGREVISION to 1.
Don't include python/extension.mk, as it is also useless. Don't set
NO_CONFIGURE, because it makes PYTHON_PATCH_SCRIPTS useless. Don't set
MAKEFILE, as we don't actually use the included makefile for anything.
Changes since 1.24:
* Added more support for Microsoft's approach to internationalization.
* Added two new rules for GLib functions, "g_get_home_dir" and
g_get_tmp_dir".
* Added curl_getenv().
* Added several rules for input functions (for -I) -
recv, recvfrom, recvmsg, fread, and readv.
* Tightened the false positive test slightly; if a name is
followed by = or - or + it's unlikely to be a function call,
so it'll be quietly discarded.
* Modified the summary report format slightly.
* Modified the getpass text to remove an extraneous character.
* Added rules for cuserid, getlogin, getpass, mkstemp, getpw, memalign,
as well as the obsolete functions gsignal, ssignal, ulimit, usleep.
* Modified text for strncat to clarify it.
* Fixed error in --columns format, so that the output is simply
"filename:linenumber:columnnumber" when --columns (-C) is used.
* Eliminated "Number of" phrase in the footer report
* Added more statistical information to the footer report.
* Added shortcut single-letter commands (-D for --dataonly,
-Q for --quiet, -C for --columns), so that invoking from
editors is easier.
* Tries to autoremove some false positives. In particular, a function
name followed immediately by "=" (ignoring whitespace)
is automatically considered to be a variable and NOT a function,
and thus doesn't register as a hit. There are exotic cases
where this won't be correct, but they're pretty unlikely in
real code.
* Added a "--falsepositive" (-F) option, which tries to remove
many more likely false positives.
This is mainly a bugfix release. Sometimes EOF was not properly detected
while reading the password file. This would result in an 'Line too long'
error message (and some wierd behavour). Also, the current password file
is now backed up before each write.
in PR 25654 from Hauke Fath.
Take any non-standard values from audit-packages.conf file in
audit-packages as well as download-vulnerability-list.
Fix the pre-formatted documentation so that filenames to be
substituted are not formatted with the bold or underline "overstrikes"
on ttys, so that the correct sed substitutions take place at package
install time.
libgcrypt was recently upgraded. So when using binary packages
it is possible for new libgcrypt (libgcrypt.so.12.1) to be installed
with old opencdk-0.5.4 package.
So bump PKGREVISION and BUILDLINK_DEPENDS (to force a new package
to be required).
- Some complilation fixes.
- Added the --xml parameter to the certtool utility.
Changes 1.0.12:
- Corrected bug in OpenPGP key loading using a callback.
- Renamed gnutls-srpcrypt to srptool
- Allow handshake requests by the client.
* Things backported from the development branch:
- Added support for authority key identifier and the extended key usage
X.509 extension fields. The certtoool was updated to support them.
- Added batch support to certtool. Now it can use templates.
- The RC2 cipher is no more included. The one in libgcrypt is now used.
Changes 1.0.11:
- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name()
- Corrected bug in TLS renegotiation.
Changes 1.0.10:
- Corrected bug in RSA parameters handling which could cause
unexpected crashes.
- Corrected bug in SSL 3.0 authentication.
* First stable release.
Changes 1.1.94
* The support for multi-threaded users goes into its third
incarnation. We removed compile time support for thread libraries.
To support the thread library of your choice, you have to set up
callback handlers at initialization time. New data structures, a
new control command, and default initializers are provided for this
purpose.
* Interface changes relative to the 1.1.93 release:
libgcrypt-config --thread OBSOLETE
libgcrypt-pth.la REMOVED
libgcrypt-pthread.la REMOVED
GCRYCTL_SET_THREAD_CBS NEW
struct gcrypt_thread_cbs NEW
enum gcry_thread_option NEW
GCRY_THREAD_OPTION_PTH_IMPL NEW
GCRY_THREAD_OPTION_PTHREAD_IMPL NEW
Changes 1.1.93
* The automatic thread library detection has finally been removed.
From now on, only linking explicitely to libgcrypt, libgcrypt-pth
or libgcrypt-pthread is supported.
- Added scripts to assist in libtasn1 version detection
from configure scripts.
- Corrected a DER decoding bug which was reported
by Max Vozeler <max@hinterhof.net>.
Changes 0.2.9
- Accept negative numbers as range in INTEGER declarations
Changes 0.2.8
- Add asn1_delete_element function
It says to use "pseudo-device rnd" kernel configuration.
TODO: if the above instructions are fine for other
operating systems with /dev/urandom then add.
faults, and haven't tracked down why yet.
No allow PAM authentication if Linux (and USE_PAM is defined).
This will close my 20846 PR from March 2003.
Also, install the contrib/sshd.pam.generic file as the example
sshd.pam instead of the FreeBSD version, but this okay since
it was commented out in the first place.
TODO: test the PAM support on other platforms and allow
if USE_PAM is defined.
