Pkgsrc changes:
- placate pkglint
Upstream changes:
[Changes for 0.64 - Sun, 9 May 2010 00:50:11 +0200]
* Avoid creating gnupg configuration files for the user invoking Makefile.PL
(Closes RT#41978).
* Correctly detect the version of gnupg on cygwin and add tests for it
(Paul Fenwick) (Closes RT#39258).
- Addition of a "make clean" target. removal of runtests as it is currently
broken.
- New release process in Makefile and release.sh - keychain release tarball
will now contain pre-generated keychain, keychain.1 and keychain.spec so
that users do not need to run "make". Updated README.rst to refer to the
"source code" as a "release archive" since it contains both source code and
ready-to-go script and man page.
- GPG fix from Gentoo bug 203871; This fix will fix the issue with pinentry
starting in the background and not showing up in the terminal.
* keychain 2.7.0 (23 Oct 2009)
- lockfile() replacement from Parallels Inc. OpenVZ code, takelock() rewrite,
resulting in ~100 line code savings. Default lock timeout set to 5 seconds,
and now keychain will try to forcefully acquire the lock if the timeout
aborts, rather than simply failing and aborting.
- MacOS X/BSD improvements: fix sed call in Makefile for MacOS X and presumably
other *BSD environments. Rename COPYING to COPYING.txt + slight COPYING.txt
formatting change. Fixed POD errors (removed '=end').
- Disable "Identity added" messages when --quiet is specified.
(Gentoo bug #250328)
--help will print output to stdout (Gentoo bug #196060)
output cleanup and colorization changes - moving away from blue and over to
cyan as it displays better terminals with black background.
Also some additional colorization.
* keychain 2.6.9 (26 Jul 2009)
- Close Gentoo bug 222953 fix potential issues with GNU grep, Mac OS X color
fix when called with --eval.
- Perl 5.10 Makefile fix. Transition README to README.rst (reStructuredText).
Updated maintainership information.
Simplified default output
* Respect --disable-64bit
* Respect $DESTDIR for config files
* The binaries can now show the version number
* softhsm-keyconv could not handle --ttl properly
* Link softhsm static with libsofthsm
* Build libsofthsm.so without version number
* libsofthsm.so is now a loadable module
that manages the security of domain names on the Internet.
The project intends to drive adoption of Domain Name System Security Extensions
(DNSSEC) to further enhance Internet security.
Upstream changes:
v1.33 2010.03.17
- attempt to make t/memleak_bad_handshake.t more stable, it fails
for unknown reason on various systems
- fix hostname checking: an IP should only be checked against
subjectAltName GEN_IPADD, never against GEN_DNS or CN.
Thanks to rusch[AT]genua[DOT]de for bug report
* Noteworthy changes in release 2.6 (2010-04-20) [stable]
- Fix build failure on platforms without support for GNU LD version scripts.
- libtasn1: Simplified implementation of asn1_check_version.
- tests: Improved self-checks.
- Update gnulib files, fix many syntax-check nits, indent code,
fix license templates.
Changes since 0.0.8a:
- Decoder can now treat values of unknown types as opaque OctetString.
- Fix to Set/SetOf type decoder to handle uninitialized scalar SetOf
components correctly.
- API versioning mechanics retired (pyasn1.v1 -> pyasn1) what makes
it possible to zip-import pyasn1 sources (used by egg and py2exe).
- Allow any non-zero values in Boolean type BER decoder, as it's in
accordnance with the standard.
Sudo versions 1.7.2p6 and 1.6.9p22 are now available. These releases
fix a privilege escalation bug in the sudoedit functionality.
Summary:
A flaw exists in sudo's -e option (aka sudoedit) in sudo versions
1.6.8 through 1.7.2p5 that may give a user with permission to
run sudoedit the ability to run arbitrary commands. This bug
is related to, but distinct from, CVE 2010-0426.
Sudo versions affected:
1.6.8 through 1.7.2p5 inclusive.
k5start, and krenew are modified versions of kinit which add support
for running as a daemon to maintain a ticket cache, running a
command with credentials from a keytab and maintaining a ticket
cache until that command completes, obtaining AFS tokens (via an
external aklog) after obtaining tickets, and creating an AFS PAG
for a command. They are primarily useful in conjunction with
long-running jobs; for moving ticket handling code out of servers,
cron jobs, or daemons; and to obtain tickets and AFS tokens with
a single command.
- New features
- New service-level "libwrap" option for run-time control whether
/etc/hosts.allow and /etc/hosts.deny are used for access control.
Disabling libwrap significantly increases performance of stunnel.
- Log file reopen on USR1 signal was added.
- Graceful configuration reload with HUP signal on Unix
and with GUI on Windows.
- Bugfixes
- Inetd mode fixed
- Fixed a transfer() loop issue with SSLv2 connections.
- Fixed a "setsockopt IP_TRANSPARENT" warning with "local" option.
- Logging subsystem bugfixes and cleanup.
- Installer bugfixes for Vista and later versions of Windows.
- FIPS mode can be enabled/disabled at runtime.
either netcat or stunnel except that it is Kerberised. You can use
it to construct client/server applications while keeping the Kerberos
libraries out of your programs address space quickly and easily.
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
*) When rejecting SSL/TLS records due to an incorrect version number, never
update s->server with a new major version number. As of
- OpenSSL 0.9.8m if 'short' is a 16-bit type,
- OpenSSL 0.9.8f if 'short' is longer than 16 bits,
the previous behavior could result in a read attempt at NULL when
receiving specific incorrect SSL/TLS records once record payload
protection is active. (CVE-2010-0740)
[Bodo Moeller, Adam Langley <agl@chromium.org>]
*) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
could be crashed if the relevant tables were not present (e.g. chrooted).
[Tomas Hoger <thoger@redhat.com>]
Upstream changes:
[Changes for 0.63 - Sun, 28 Mar 2010 04:46:27 +0100]
* Fix diagnostic message from Makefile.PL when the user dosn't have gnupg or
Crypt::OpenPGP (miyagawa).
[Changes for 0.62 - Tue, 23 Mar 2010 22:17:39 +0100]
* Change the default keyserver from the outdated pgp.mit.edu to
pool.sks-keyservers.net.
in src/lib as that is the location it wants to pick it up. Work around
the dependencies in other places by symlinking to that, effectively
reverting the direction. Link telnet(d) consistently. Add DESTDIR support.
pkgsrc changes:
- Adjust dependencies
- Add license definition
Upstream changes:
***0.16 March 12, 2010
Feature: KEY inherits DNSKEY
This helps maintenance in one part of the code.
Feature: keylength methode rt.cpan.org #53468
Added keylength method for RSA and DSA
Acknowledgements Hugo Salgado
Fix: rt.cpan.org #51778
Empty bitmap would cause error about undefined ARRAY in NSEC/NSEC3.
Now the code will allow empty bitmaps gracefully
Feature: New Algorithm Support (rt.cpan.org #51092)
SHA2 algorithm support, including NSEC3 algorithm parameters updated
Acknowledgement Jakob Shlyter
Fix: rt.cpan.org #42089
NSEC3 Algorithm support in NSEC3 broken
patch by Wes Hardaker
pkgsrc changes:
- Adding license definition
- Adjusting dependencies
Upstream changes:
version 0.008; 2010-03-11
* bugfix: avoid memory leak when returning block to Perl space
* check for required Perl version at runtime
* in XS, avoid using "class" as a variable name, for compatibility
with C++ compilers
* in Build.PL, explicitly declare configure-time requirements
* remove bogus "exit 0" from Build.PL
