Here is quote from README.
$Id: README,v 1.3 2001/11/18 19:00:06 majkl Exp $
'OpenSSL for Ruby' project
Copyright (C) 2001 Michal Rokos <m.rokos@sh.cvut.cz>
All rights reserved.
This program is licenced under the same licence as Ruby.
(See the file 'LICENCE'.)
[Done] (but not fully tested)
= OpenSSL config file parser (part) --- TO BE DROPPED? (any idea?)
= PKey:: RSA,DSA keys - new, load, export
= X509::Certificate - generating new certs, load, looking inside
= X509::CRL - load, new, looking inside
= X509::Name - new, export to_str, to_a, to_h (hash)
= X509::Revoked - new, looking inside (on parameters)
= X509::Store - new, import trusted certs and CRL, verifiing certs
= Digest::... - various hashes
= X509::Request - Cert requests
= X509::Attribute - as X509Request extensions (not tested)
= X509::Extension - to Certs, CRLs...
= X509::ExtensionMaker - for easy creating new Extensions
= Netscape::SPKI - for requests from NetscapeCommunicators
= Cipher::... - various ciphers
= basic PRNG functions (random generator) for OpenSSL module and class Random
= SSLSocket (merged Gotou Yuuzou's SSLsocket-Ruby project)
= PKCS7 (signing&data_verify is working, rest needs some testing)
[To-Do]
= check for memory leaking :-))
= cleaner code
= examples
= RubyUnit to be used!
= API documentation
= comments to sources!!!
= further functionality to existing
= Std. Extensions, Attributes to be made as Classes?
= AttributeFactory?
= add aliases to to_pem as s_dump s_load to support Marshal module
= CipherFactory?
= autogen random IVs for Ciphers
= safe BigNums
= PKCS12
= PKCS8
= HMAC
= ASN.1 ???
= BIO ???
= compat tests for RSA/DSA sign/encrypt
appropriate place. Pointed out in private mail by someone who wishes
to remain anonymous.
XXX The PLIST's location for these files needs to be fixed by someone
more knowledgable than me in these black arts.
- str[n]{cpy,cat} -> strl{cpy,cat}, sprintf -> snprintf
- strftime format fixes
- Don't hang waiting for select() with SIGTERM + no active SA
- Add UI option 'R' to trigger isakmpd reinit (same as SIGHUP)
...
http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/isakmpd/
* Added a "--local" option for removing the ${HOSTNAME} from the various
files that keychain creates. Handy for non-NFS users.
* Using the Bourne shell "type" builtin rather than using the external
"which" command. Should make things a lot more robust and slightly
faster.
* Solaris' "which" command outputs "no lockfile in..." to stdout rather
than stderr. A one-line fix (test the error condition) has been
applied.
* lockfile settings tweak
* If you stop making progress providing valid passphrases, it's three
strikes and you're out.
* Some private keys can't be "ssh-keygen -l -f"'d; this patch causes
keychain to look for the corresponding public key if the private
key doesn't work. Thanks Constantine!
* CYAN color misdefined; fixed.
* A "quiet mode" (--quiet) fix; I missed an "echo".
* Missed another "kill -9"; it's now gone.
TCT is a collection of programs by Dan Farmer and Wietse Venema for a
post-mortem analysis of a UNIX system after break-in.
Notable TCT components are the grave-robber tool that captures
information, the ils and mactime tools that display access patterns of
files dead or alive, the unrm and lazarus tools that recover deleted
files, and the findkey tool that recovers cryptographic keys from a
running process or from files.
WARNING
This software is not for the faint of heart. It is relatively
unpolished compared to the software that Dan and Wietse usually
release. TCT can spend a lot of time collecting data. And although
TCT collects lots of data, many analysis tools still need to be
written.
Based on patches provided in PR 15081 by frazee.23@osu.edu.
- Fixed a bug in the mcrypt extension, where list destructors were not
properly being allocated. (Sterling)
- Fixed bugs in the mcrypt extension that caused crashes. (Derick)
1.0.10 :
Changes by Michael Scheidell <scheidell@fdma.com> :
- Backported Nessus 1.1.x plugins changes in nessus-plugins
Changes by Renaud Deraison <deraison@nessus.org> :
- Minor fixes
- Format string bug fixed in protocol.c
smtp, pop3 and nntp in client mode were affected.
(stunnel clients could be attacked by malicious servers)
- Certificate chain can be supplied with -p option or in stunnel.pem.
- Problem with -r and -l options used together fixed.
- memmove() instead of memcpy() is used to move data in buffers.
- More detailed information about negotiated ciphers is printed.
- New ./configure options: "--enable-no-rsa" and "--enable-dh".
Mirrordir is a suite of functions in one package. It contains the
following programs:
* pslogin: A remote login utility and daemon that provides a secure
shell. This can be considered as a GPL replacement to Ssh.
* copydir: A cp equivalent which additionally copies to and from ftp
servers. Use it to upload and download via ftp and via mirrordir's
secure daemon. Use it as a rigorous cp to correctly reproduce
hardlinks, permissions and access times.
* mirrordir: Mirrors filesystems over ftp or locally via a minimal
set of changes. It is optimised for locally mirroring a device as
an alternative to RAID devices. It duplicates file-systems in every
detail, even correctly recreating hardlinks, devices and access
times. It works well mirroring ftp sites that don't support ls-lR
summaries. Mirrordir can take a C script to customise the kind of
files to mirror based on their stat info, name, or other
information.
* recursdir: Pass a C script to recursdir to recursively perform
operations on files. This is a fast and overkill equivalent of find.
Taken from a suggestion by Jeff Sheinberg.
version 4.14.0 are:
- Support for ACE (WinACE) Archiver
- Support for additional packers: PKLITE32, ELiTeWrap, Joiner, PEBundle,
PEBundle Write-To-Disk, and tElock.
- Support for newer versions of packers: Petite, ASPack, UPX, NeoLite,
and PECompact.
- Support for BZIP compression format
- Support for additional LHA compression formats, LH6 and LH7
- Support for zcompress compression format
- Support for PDF 5.0 files
- Improved scanning for MIME formats
- Support for Unicode and Unicode big-endian saved scripts
- Support for Compiled Help files
- Support for Microsoft Exchange internal data-transfer format
- Support for Internet Message Connector (IMC) Archive format.
- Support for uncompressed VBA in Visio files
- Improved heuristic analysis for 32-bit Windows applications
- Support for compressed RTF and HTML in Microsoft Outlook messages
- Support for Script Component Type Libraries
- Improved performance when scanning Windows 32 applications
general INSTALL scripts and checking in the update_dat script that the
place to fetch the DAT files ends in a '/'. Changes include checking for
even more Internet worms (includes goner).
Changes :
- Patches for foreign program compatibility, initialization vectors
and padding methods from Jody Biggs <jody.biggs@paymybills.com>
- Removed debugging code
- Used Digest-MD5
Makefiles during the build process by touching various auto{conf,make}
source files to make them up-to-date. Packages that require regenerating
the configure script and Makefile.in files should make the appropriate
calls to auto{conf,make} in a pre-configure target. This allows the
various targets listed in ${_CONFIG_PREREQ} to modify the generated files
without triggering the GNU auto* tools and having the modifications be
overwritten.
* Disabled scard-install (patch/patch-ah -- Do we need/want it?)
Changes since 2.9.9.2:
- Don't allow authorized_keys specified environment variables when
UseLogin in active
- Fix IPv4 default in ssh-keyscan
- Fix early (and double) free of remote user when using Kerberos
- fix krb5 authorization check
- enable authorized_keys2 again
- ignore SIGPIPE early, makes ssh work if agent dies, netbsd-pr via itojun@
- make ~& (backgrounding) work again for proto v1; add support ~& for v2, too
- pad using the padding field from the ssh2 packet instead of sending
extra ignore messages
- missing free and sync dss/rsa code
- crank c->path to 256 so they can hold a full hostname
- cleanup libwrap support
- Fix fd leak in loginrec.c
- avoid possible FD_ISSET overflow for channels established
during channnel_after_select()
- chdir $HOME after krb_afslog()
- stat subsystem command before calling do_exec
- close all channels if the connection to the remote host has been closed,
should fix sshd's hanging with WCHAN==wait
- add NoHostAuthenticationForLocalhost; note that the hostkey is
now check for localhost, too
- loginrec.c: fix type conversion problems exposed when using 64-bit off_t
- Update spec files for new x11-askpass
HMAC is used for message integrity checks between two parties that
share a secret key, and works in combination with some other Digest
algorithm, usually MD5 or SHA-1. The HMAC mechanism is described in
RFC 2104.
pkgsrc. Instead, a new variable PKGREVISION is invented that can get
bumped independent of DISTNAME and PKGNAME.
Example #1:
DISTNAME= foo-X.Y
PKGREVISION= Z
=> PKGNAME= foo-X.YnbZ
Example #2:
DISTNAME= barthing-X.Y
PKGNAME= bar-X.Y
PKGREVISION= Z
=> PKGNAME= bar=X.YnbZ (!)
On subsequent changes, only PKGREVISION needs to be bumped, no more risk
of getting DISTNAME changed accidentally.
1.09 20.8.2001,
- fixed Makefile.PL (computation of bin_path) and test.pl ($perl
use before defined) per Gordon Lack <gml4410@ggr.co.uk>
11.9.2001,
- Patch by Jeremy Mates <jmates@mbt.washington.edu> to make Handle.pm
more acceptable for older perls
25.9.2001,
- systematically implemented many of the newer functions of
openssl API (per popular request and for completeness)
