Nessus 2.2.3 contains a new option called "silent dependencies" which can be
used to filter out the noise generated by some plugins not directly enabled by
the user. It also contains a slightly more intuitive GUI which now contains
a "Credentials" tab to put Windows and SSH usernames and passwords.
* Add "pmfiles.dat" to legacy manifest_skip routine to accomodate
early Win32 hacks. Reported by Steve Hay via Michael Schwern.
[Changes for 0.43 - 2004-12-16]
* Updated t/0-signature.t to be more friendly with Test::More;
contributed by Michael Schwern.
* Add $Timeout (default 3 seconds) to control the timeout for
probing connections to the key server.
* Take account of the .ts files produced by newer MakeMakers
in the suggested MANIFEST.SKIP list.
[Changes for 0.42 - 2004-11-20]
* Move under SVK version control management; ditch keyword tags.
* Michael Schwern pointed out that during development, the
"signature.t" file would keep failing.
* Documented how to generate SIGNATURE files as part of "make dist",
for Module::Install, ExtUtils::MakeMaker and Module::Build users .
We are pleased to announce the availability of GnuTLS 1.2.0!
This release is the result of the 23 development releases made on the
development branch (1.1.x).
Major changes compared to the 1.0 branch include:
* Moved SRP password authentication from the GnuTLS-extra library
(licensed under GPL) to the core library (licensed under LGPL).
* The API has been cleaned up, and data types now use a '_t' suffix.
* Fixes to handle denial of service problem when verifying long
certificate chains.
* The manual has been converted to Texinfo and is consequently
available in many formats, see:
<http://josefsson.org/gnutls/manual/>
* A reference API manual has been added, and is available in HTML and
DevHelp formats, thanks to GTK-DOC, see:
<http://josefsson.org/gnutls/reference/gnutls-gnutls.html>
The 1.2.0 version is intended to be stable, and to be a drop-in
replacement of the stable 1.0.x branch.
We encourage developers to move to the 1.2 branch as soon as possible,
since we will now spend less time improving version 1.0.x.
We are not planning to open a 1.3 development branch soon, because
there are no plans to start work on any major new feature today.
Instead, we will continue to carefully improve the quality of this
release over time.
Improving GnuTLS is costly, but you can help! We are looking for
organizations that find GnuTLS useful and wish to contribute back.
You can contribute by reporting bugs, improve the software, or donate
money or equipment.
- Makefile's error messages now correct if output is
redirected (patch from Ilya Zakharevich).
- Non-blocking connects/accepts now work (Problem found by
Uri Guttman).
- new_from_fd() now works.
- getline() and <> in scalar context now return undef
instead of '' when the read failed. (Problem found by
Christian Gilmore).
- Broken pipe signals are now ignored during socket close
to prevent a SSL shutdown message from killing the parent
program. (Problem found by Christian Gilmore).
- Tests should proceed much more quickly, and a semi-race was
fixed, meaning that on slow machines the tests should be
more reliable.
- Check for Scalar::Util and Weakref now uses default
$SIG{__DIE__} instead of a potentially user-altered one
(suggestion from Olaf Schneider). This only applies to Perl 5.6.0 & above.
- Session caching support (patch from Marko Asplund).
- set_default_context() added to alter the behavior of
modules that use IO::Socket::SSL from the main program.
- get_ssl_object() renamed to _get_ssl_object() to reflect
the fact that it's only supposed to be used internally
(not that you should have cared, of course).
- Added patch for Net::SSLeay to take advantage of
client-side session caching. (i.e. use 1.26 of Net-SSLeay)
cache file by default; one of them is that recursion isn't re-parsing
the values correctly (and hosing up on multiple spaces in things like
CPPFLAGS). Amusingly enough, this hosage does not happen with a site
cache file such as the one generated by autoswc.
The switch to using :Q on these variables tripped over this stupidity bug,
so turn off the Cyrus configure.in stupidity where it tries to force use
of a cache file.
Fixes PR pkg/29375 and PR pkg/29380.
In download-vulnerability-list, first set the PKGVULNDIR, then create
the directory if it doesn't already exist.
Pointed out by Geert Hendrickx on tech-pkg@
The Courier authentication library provides authentication services for
other Courier applications. In this context, the term "authentication"
refers to the following functions:
1. Take a userid or a loginid, and a password. Determine whether the
loginid and the password are valid.
2. Given a userid, obtain the following information about the userid:
A. The account's home directory.
B. The numeric system userid and groupid that owns all files
associated with this account.
C. The location of the account's maildir.
D. Any maildir quota defined for this account. See the Courier
documentation for more information on maildir quotas.
E. Other miscellaneous account-specific options.
3. Change the password associated with a loginid.
4. Obtain a complete list of all loginids.
20040210 (Eelgrass) include:
- BUGFIX: Correct numerous markup errors, invalid cross-references,
and other issues in the manual pages, with kind assistance from
Ruslan Ermilov <ru@freebsd.org>.
- BUGFIX: Avoid multiple evaluation of macro arguments in ENTERX()
and RETURNX() macros.
- BUGFIX: Remove an unnecessary and non-portable pointer cast in
pam_get_data(3).
- BUGFIX: Fix identical typos in PAM_ACCT_EXPIRED case in
pam_strerror(3) and gendoc.pl.
- ENHANCE: Minor overhaul of the autoconf / build system.
- ENHANCE: Add openpam_free_envlist(3).
This addresses PR#29271.
Changes include:
Version 4.5.3 adds a new commandline switch to f-protd, '-fullreport'
and new possible summary codes (see man page for details).
Version 4.5.2 is a bugfix release; f-protd would misidentify .pdf files
and block them from being delivered.
Version 4.5.1 is a bugfix release to fix a bug in scan-mail.pl where
scan-mail.pl would exit after first scan request on some unix platforms,
because of differing signal mechanism between BSD and SysV
Version 4.5.0 contains various bugfixes and improvements to the
documentation and software.
o check-updates.pl has been modified. It now identifies itself with a
unique user-agent string containing information on OS, kernel and
architecture.
o contains a major overhaul of the virus scanning engine
(new engine version 3.16.1). These changes improve its
detection capabilities. The engine can now better detect and
handle executable packers, often used by malware authors to conceal
malicious code.
o includes a more generic JPEG GDI+ exploit detection
o includes EMF/WMF image format exploit detection
o encrypted executables inside archives are now reported as
"could be a suspicious file (encrypted program in archive)",
previously reported as "could be a security risk".
o The argument switch "-archive" has been changed to support the form
"-archive=n" where n is a non-negative integer. This causes f-prot
to scan only n levels deep into nested archives of supported types in
order to protect against 'arhcive-bombs'.
The old form "-archive" is still supported, although depreciated, and
implies n==5. See the man page for details.
o Minor modifications in the DTD for the f-prot daemon XML.
o Bugfix where f-prot would return IO_ERROR when attempting to scan
unsupported partial archive files, e.g. .z01 files
o Improved RAR support. F-Prot fully supports rar versions 1.5, 2.0 and
2.6 and partially supports rar 2.9 (doesn't support RAR Virtual
Machine and the PPM model features)
within NetBSD-current's bsd.own.mk, which conflicts with its usage in
pkgsrc. The package that use USE_PAM have been converted to use the
bsd.options.mk framework. This should fix PR pkg/29257.
Don't accidentally inherit a forwarded agent when
inheritwhich=local-once. Move the --stop warning after the version
splash.
Add inheritance support via --inherit. Add parameters to --stop for
more control. Change the default behavior of keychain to inherit if
there's no keychain agent running ("--inherit local-once"), and
refrain from killing other agents unless "--stop others" is
specified.
Release notes:
December 22, 2004
amavisd-new-2.2.1 release notes
SECURITY:
- add support for the pax(1) archive decoder, which can handle tar/cpio/pax
archives (including legacy format variants). Due to limitations in cpio
(and in Archive::Tar), for security reasons it is preferred to decode
such archives with pax and no longer with cpio; please add a line:
$pax = 'pax';
to amavisd.conf and verify that the program pax is installed on the system
(and in the jail if running in chroot);
- perform additional tests at startup time on the proper protection
of the configuration file;
- add file name extensions wmf, emf and grp to the example list of
banned extension, according to recent Microsoft security bulletins;
suggested by Stephane Lentz;
- introduces 'clean but inconclusive' av scanner result to avoid a specialized
or quick partial av scanner like jpeg checker to claim mail is clean
when all other general purpose av scanners fail (see below);
INCOMPATIBILITY:
- removed some legacy $*_ldap variables, as they are no longer needed;
These variables were still declared but ignored in 2.2.0 for compatibility
with older amavisd.conf files. Such variables need to be removed from
the amavisd.conf if they are still present there from older versions,
otherwise Perl will complain with 'Global symbol ... requires explicit
package name";
OTHER FIXES:
- files_to_scan and decompose_mail are now able to remove unexpected
directories which may have been left behind by some failed decoding
and were causing temporary failures and mail delivery retries;
error recovery problem after failed unarj reported by Ralf Hildebrandt;
- error recovery code in files_to_scan and rmdir_recursively now tries to
change protection on directories and files, and retry if the first attempt
to access them fails because of denied permission;
- pre-load some additional Perl modules needed by SA when running in chroot;
- add module Net::LDAP::Search to a list of pre-fetched modules;
omission pointed out by Paul Jacobson;
- when quarantining is disabled by keeping $QUARANTINEDIR undefined,
the log entry and administrator notification message inappropriately
suggested that mail was quarantined, which in fact (appropriately)
it was not. Setting $QUARANTINEDIR='' did work as expected.
Reported by Sascha Lucas;
- avoid the use of Encode::is_utf8 due to a Perl bug (still present in 5.8.5)
where Encode::is_utf8 on tainted utf8 character string produces false;
- modify safe_encode() to guarantee the result is a string of octets,
not a string of UTF-8 characters; it saves some unnecessary work in
further processing and keeps MIME::Entity from UTF swamp when running
in chroot; problem pointed out by Branko F. Gracnar;
- avoid braindead Perl default where an empty regexp implies the last
successfully matched regexp, which (if not being very careful) brings in
some completely unrelated last-executed regular expression;
- change kill 'TERM' into kill 'KILL' when a forked process within run_command
and run_command_consumer gets into deep trouble, to avoid exit handlers
being invoked in the subprocess (which could lead to two processes trying
to clean the same set of temporary files);
- in an old sendmail setup using the amavis(.c) helper program without
LDA arguments, avoid inappropriate warning:
"WARN: no recips left (forgot to set $forward_method=undef using milter?)
and return status 0 instead of 99 when message is to be blocked, as the
helper program amavis(.c) does not recognize status 99 in this situation
and inappropriately passed it on to sendmail; reported by The Mindflayer;
- the @bypass_header_checks_maps is now able to also bypass the bad header
checks as provided by MIME::Parser; inconsitency reported by CRivera;
- avoid some Perl warning messages; thanks to Bill Landry;
CHANGES AND MINOR NEW FEATURES:
- add configuration variable @newvirus_admin_maps (and $newvirus_admin,
along with corresponding SQL field 'newvirus_admin') which works like
the existing @virus_admin_maps (and $virus_admin), except that it sends
virus administrator notification to specified e-mail address only for newly
encountered viruses which have not yet been encountered since the amavisd
startup. It makes use of by-virusname counters in the SNMP counters
database. If more than one child process starts working on infected
message containing a not-yet-accounted-for virus, there might be more
than one 'first time' notification, this is not a malfunction. Both
the @newvirus_admin_maps and the @virus_admin_maps may be enabled,
each (possibly both) would receive their notifications as appropriate.
A useful setting is to globally enable only the new virus notifications,
and additionally enable _all_ administrator notifications for internally
originating mail only (by the use of policy banks);
- provide separate configuration variables @banned_admin_maps and
@bad_header_admin_maps, along with corresponding SQL fields
'banned_admin' and 'bad_header_admin'; their function was previously
covered by @virus_admin_maps, which now only still controls administrator
notifications in case of viruses;
- introduces 'clean but inconclusive' av scanner result to avoid a specialized
or quick partial av scanner like jpeg checker to claim mail is clean
when all other general purpose av scanners fail:
in av scanner entries (lists @av_scanners and @av_scanners_backup) give
an extended meaning to undefined fourth argument (the 'match for clean'
list or regexp). The interpretation of the fourth argument is now:
4. an array ref of av scanner exit status values, or a regexp (to be
matched against scanner output), indicating NO VIRUSES found;
a special case is a value undef, which does not claim file to be clean
(i.e. it never matches, similar to []), but suppresses a failure warning;
to be used when the result is inconclusive (useful for specialized and
quick partial scanners such as jpeg checker);
Also modified example jpeg checker entry in amavisd.conf accordingly.
- NOD32 av scanner: changed @av_scanners entry to match the new version
of the scanner; thanks to Nejc Skoberne;
- added @av_scanners entry for File::Scan;
- when preparing a SQL SELECT clause for white/blacklisting lookup,
take into account a relative position of ? and %k in the
$sql_select_white_black_list template to improve flexibility
of specifying the clause; suggested by Matt Petteys;
- reduce the log level of some more common and harmless log messages;
- macro %p and the log entry now reports full policy bank path,
not just the last loaded policy bank name;
- added LDAP attributes amavisWarnVirusRecip, amavisWarnBannedRecip,
and amavisWarnBadHeaderRecip; by Joel Nimety and Michael Hall;
- renamed LDAP attribute name amavisSpamModifiesSubject to
amavisSpamModifiesSubj in order to match the documented LDAP schema;
noticed by Kees Bos, patch by Michael Hall;
- add support for ripOLE decoder, which attempt to extract embedded documents
from MS OLE documents (MS Office) (http://www.pldaniels.com/ripole/,
by Paul L Daniels)); ripOLE is still experimental/alpha code;
To be make amavisd-new find the installed program 'ripole', add the:
$ripole = 'ripole';
to the amavisd.conf; suggested by David Wilson and Noel Jones;
- allow multiple occurrences of command line option: -c config_file
and execute the provided configuration files one after the other;
based on a subset of functionality provided as a patch by Davor Ocelic;
- a slight improvement (in default $map_full_type_to_short_type_re)
in classifying mpeg and some other multimedia files;
- several minor code cleanups;
- add a recommendation by Daniel J McDonald to a documentation file INSTALL:
If different UID is preferred for an AV scanner, a solution for
ClamAV is to add user clamav to the amavis group, and then add
AllowSupplementaryGroups to clamd.conf;
- enclosed a simple demonstrational Perl program amavis.pl, which is
functionally much like the amavis.c helper program, but talks the new
AM.PDP protocol with the amavisd daemon. See README.protocol for the
description of AM.PDP protocol. To be placed in amavisd.conf:
$protocol='AM.PDP'; $unix_socketname='/var/amavis/amavisd.sock';
Usage: amavis.pl sender recip1 recip2 ... < message.txt
- documentation updates;
verision of libnet <= 1.0.1b. This will prevent the case where the user
has installed the libnet 1.1.x branch and then tries to install an application
that is not compatible with the 1.1.x tree.
Over time the list of these applications that require the 1.0.x branch
will be reduced as they are updated to later versions that support the
libnet 1.1.x branch.
This addresses PR# 29056 opened by diro (at) nixsys.bz, thanks for the PR !
- Version number in libtasn1.h updated properly.
Changes 0.2.12:
- Manual converted to Texinfo format.
- Manual in GTK-DOC and DevHelp formats added.
- Man pages for all functions added.
- Various internal cleanups.
python*-pth packages into meta-packages which will install the non-pth
packages. Bump PKGREVISIONs on the non-pth versions to propagate the
thread change, but leave the *-pth versions untouched to not affect
existing installations.
Sync all PYTHON_VERSIONS_AFFECTED lines in package Makefiles.
This is basically bug fix release, but official changes aren't provided
yet. Please refer ChangeLog.
Here is pkgsrc changes:
o Set RUBY_HAS_ARCHLIB=yes for Ruby packages including archtecture depending
extention library in order to depend more specific Ruby.
o Now install database for ri(1). Fix PR pkg/28566.
o Net::IMAP
* lib/net/imap.rb (u8tou16): fixed typo. fixed: [ruby-list:40546]
o NKF:
* ext/nkf/nkf-utf8/nkf.c (reinit): should initialize all static
variables. fixed: [ruby-list:40445]
* ext/nkf/lib/kconv.rb (Kconv::RegexpEucjp): second byte is up to
0xfe.
* ext/nkf/lib/kconv.rb (Kconv#kconv): should handle UTF8 and UTF16
properly.
o WEBrick
* lib/webrick/httpauth/htpasswd.rb (WEBrick::Htpasswd#reload):
raise NotImplementedError if password is encrypted by digest
algorithms. This patch is contributed by sheepman. [ruby-list:40467]
* lib/webrick/httpauth/digestauth.rb
(WEBrick::HTTPAuth::DigestAuth#_authenticate): fix digest calculation.
This patch is contributed by sheepman. [ruby-list:40482]
* lib/webrick/{httpauth.rb,httpauth/basicauth.rb,httpproxy.rb}: use
pack/unpack-template char "m" instead of lib/base64.rb to do base64
encoding/decoding. fixed: [ruby-dev:25336]
TLS (aka SSL) Channel - can be layered on any bi-directional Tcl_Channel.
Both client and server-side sockets are possible, and this code should work
on any platform as it uses a generic mechanism for layering on SSL and Tcl.
script to avoid bizarre quoting problems within the configure script.
This also fixes the definition of SYSCONFDIR in the compiled library.
Bump the PKGREVISION to 1.
TLS (aka SSL) Channel - can be layered on any bi-directional Tcl_Channel.
Both client and server-side sockets are possible, and this code should work
on any platform as it uses a generic mechanism for layering on SSL and Tcl.
Changes:
* Updated the ALTQ patch, now works correctly on NetBSD 2.0 release.
Thanks to Miles Nordin for helping and testing.
* Write struct "pcap_sf_pkthdr" instead of "pcap_pkthdr". Fixes
an LP64 specific problem with reading the pflog with tcpdump(8).
* Applied patch to pf.c from OPENBSD_3_6 branch:
ICMP state entries use the ICMP ID as port for the unique state key. When
checking for a usable key, construct the key in the same way. Otherwise,
a colliding key might be missed or a state insertion might be refused even
though it could be inserted. The second case triggers the endless loop
fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel.
Report and test data by Srebrenko Sehic.
* Applied patch to pf_lkm.c from NetBSD HEAD:
pfil4_wrapper: clear M_CANFASTFWD which is not compatible with pf.
* Applied patch to pf_ioctl.c from OPENBSD_3_6 branch:
replace finer-grained spl locking in pfioctl() with a single broad lock
around the entire body. this resolves the (misleading) panics in
pf_tag_packet() during heavy ioctl operations (like when using authpf)
that occur because softclock can interrupt ioctl on i386 since SMP.
* Applied patch to pf.c from OPENBSD_3_6 branch:
IPv6 packets can contain headers (like options) before the TCP/UDP/ICMP6
header. pf finds the first TCP/UDP/ICMP6 header to filter by traversing
the header chain. In the case where headers are skipped, the protocol
checksum verification used the wrong length (included the skipped headers),
leading to incorrectly mismatching checksums. Such IPv6 packets with
headers were silently dropped. Reported by Bernhard Schmidt.
* Applied patch to pfctl_optimize.c from OPENBSD_3_6 branch:
&&/|| inversion would try to merge IP addresses with non-addresses into a
single table causing a ruleset load error and eventually a double-free.
* Applied patch to pf.c from OPENBSD_3_6 branch:
Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN,
prevents a possible endless loop in pf_get_sport() with 'static-port'
* Fix to if_events.diff from Miles Nordin <carton at Ivy dot NET>:
Call free after removing the element from the list, not before.
Fixes panic with "unaligned access" on Alpha.
changes:
-IPv6 support
-client added
-bugfixes
XXX dropbear wants to use /dev/random per default now which makes it
unusable on systems w/o entropy source. I've patched it back to
/dev/urandom. There might be security concerns.
when other source files depend on fd_set being defined in a local header.
(Required on Interix, which does not expose <sys/select.h>/<sys/time.h>
automagically via other system headers as some OS's do by default.)
because:
- its behaviour changes between releases
- it uses build-host specific instructions where possible,
specifically on >= Solaris 9 update 6 and Sun Studio 9 (sse, sse2)
this breaks using the binary pkg when installed on systems with a
less capable processor. instead, just use -xO5 so the binary pkg will
work everywhere.
to regenerate some documentation files, but the regen is unnecessary.
Fix the post-tools target that created a dummy perl -- it was failing
because ${TRUE} may not be an actual executable (it could be a shell
builtin) and thus symlinking to it may not work.
- Complete overhaul of the Framework payload collection
+ Win32 ordinal-stagers are now included (92-byte reverse connect)
+ A handful of new sparc payloads have been added (sol, linux, bsd)
+ Reliability problems have been resolved in bsd, linux, and win32
+ New udp-based linux shell stagers and shell payloads
+ New size-optimized Mac OS X encoders and payloads
- Includes the win32 version of the Meterpreter
+ Dynamically load new features over the network w/o disk access
+ In-memory dll injection of the basic meterpreter shell
+ Current extensions include Fs, Process, Net, and Sys
+ Extensive documentation is available online:
* http://metasploit.com/projects/Framework/docs/meterpreter.pdf
- Complete rewrite of the 'msfweb' user interface
+ Generate and encode stand-alone shellcode from the web interface
+ The interface is skinnable and includes three different themes
+ Streaming HTTP is used to provide a 100% web-based shell
+ Ability to set advanced options in the web interface
- Massive speed enhancements in msfconsole and msfweb
+ Snappier response and quicker load times on older systems
+ Optimizations made to various sort/search algorithms
+ Modules are no longer reloaded after each exploit
- New exploits
+ Microsoft WINS Service Memory Overwrite (MS04-045)
+ Samba trans2open() Buffer Overflow (Mac OS X)
+ 4D WebSTAR FTP Server Buffer Overflow (Mac OS X)
+ Veritas Name Service Registration Buffer Overflow
+ AOL Instant Messenger 'goaway' Buffer Overflow
+ IPSwitch IMail IMAPD 'delete' Buffer Overflow
+ Seattle Labs Mail Server POP3 Buffer Overflow
+ UoW IMAPD Buffer Overflow (sparc, ia32)
+ IRIX lpdsched Remote Command Execution
+ CDE dtspcd Buffer Overflow (Solaris)
+ IIS 4.0 ism.dll HTR Buffer Overflow
+ IIS w3who.dll ISAPI Buffer Overflow
* Portability fixes, memory allocation fixes and other minor things.
* Support to build as a W32 static library.
* Changed the way the RNG gets initialized. This allows to keep it
uninitialized as long as no random numbers are used. To override
this, the new macro gcry_fast_random_poll may be used. It is in
general a good idea to spread this macro into the application code
to make sure that these polls happen often enough.
- Add bl3 and openssl support
- Fix paths in man pages
- Install extra documentation
- Remove un-needed options from pkgsrc Makefile
Lots of changes/bugfixes from 1.6 including:
psk-crack.c: New program to crack Aggressive Mode Pre-Shared Keys
using dictionary attack. This uses the output from "ike-scan -P"
together with a dictionary.
in their tests for built-in versions of the PAM implementations. The
MacOS X case now collapses nicely into the linux-pam case. Allow
pam.buildlink3.mk to use solaris-pam as an accepted PAM implementation.
It includes the correct buildlink3.mk file from either Linux-PAM
(security/PAM) or OpenPAM (security/openpam) and eventually will
support solaris-pam. pam.buildlink3.mk will:
* set PAMBASE to the base directory of the PAM files;
* set PAM_TYPE to the PAM implementation used.
There are two variables that can be used to tweak the selection of
the PAM implementation:
PAM_DEFAULT is a user-settable variable whose value is the default
PAM implementation to use.
PAM_ACCEPTED is a package-settable list of PAM implementations
that may be used by the package.
Modify most packages that include PAM/buildlink3.mk to include
pam.buildlink3.mk instead.
package from "pam" to "linux-pam".
* Rewrite PAM/builtin.mk to check that we have Linux-PAM, and re-classify
MacOS X's PAM as Linux-PAM because it _is_, according to to Apple.
Also don't use BUILDLINK_TRANSFORM.* to rewrite header file paths
-- just use a symlink so that <security/*.h> can be used to find
<pam/*.h>.
OpenPAM is an open source PAM library that focuses on simplicity,
correctness, and cleanliness.
OpenPAM aims to gather the best features of Solaris PAM, XSSO and
Linux-PAM, plus some innovations of its own. In areas where these
implementations disagree, OpenPAM tries to remain compatible with
Solaris, at the expense of XSSO conformance and Linux-PAM
compatibility.
These are some of OpenPAM's features:
- Implements the complete PAM API as described in the original PAM
paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
except for mappings and secondary authentication. Also
implements some extensions found in Solaris 9.
- Extends the API with several useful and time-saving functions.
- Performs strict checking of return values from service modules.
so that the appropriate OpenSSL sources are built. Also, explicitly
mark the endianness of each supported NetBSD platform to avoid potential
endianness issues when doing the crypto arithmetic.
wrapper functions with the correct parameters for CRC-CCITT, CRC-16 and
CRC-32.
[tv: This differs from p5-String-CRC32 in that it is a generic Digest.pm
module plugin.]
The purpose of pgpenvelope is to allow easy use of GnuPG
to encrypt/sign/decrypt/verify messages using Pine's send-
ing/displaying filters.
Simply make the appropriate filter entries in one's Pine
configuration, and run Pine as normal. When sending mail,
choose the pgpenvelope_encrypt filter. Additionally, one
can use it as a procmail filter.
object-oriented method for interacting with GnuPG, being able to perform
functions such as but not limited to encrypting, signing, decryption,
verification, and key-listing parsing.
Dirmngr is a server for managing and downloading certificate
revocation lists (CRLs) for X.509 certificates and for downloading the
certificates themselves. Dirmngr also handles OCSP requests as an
alternative to CRLs. Dirmngr is either invoked internaly by gpgsm
(from gnupg 1.9) or when running as a system daemon through the
dirmngr-client tool.
Whats new in this release
=========================
* New option --daemon to start dirmngr as a system daemon. This
switches to the use of different directories and also does
CRL signing certificate validation on its own.
* New tool dirmngr-client.
* New options: --ldap-wrapper-program, --http-wrapper-program,
--disable-ldap, --disable-http, --honor-http-proxy, --http-proxy,
--ldap-proxy, --only-ldap-proxy, --ignore-ldap-dp and
--ignore-http-dp.
* Uses an external ldap wrapper to cope with timeouts and general
LDAP problems.
* SIGHUP may be used to reread the configuration and to flush the
certificate cache.
* An authorithyKeyIdentifier in a CRL is now handled correctly.
