and NetBSD-current which caused serius lossage:
depend on librfuncs>=1.0.7nb1 which implements NetBSD-current's
behaviour, change the patch to _gpgme_getenv() accordingly,
and bump PKGREVISION
New features include:
* Statistics Collector: A daemon that can process netflow-like information
exported by several Honeyd instances and do computations on the data - see
live data.
* Improved Subsystems: Improved support for subsystems permits running more
complicated UNIX applications like mwcollect as a subsystem for Honeyd.
* Proxy and SMTP subsystems: Example subsystems to simulate open proxies and
mail relays. These subsystems are written with performance in mind and have
no problem in keeping up with a busy network.
Bugfixes include:
A bug in Honeyd's IP reassembly code allows adversaries to remotely fingerprint
honeypots. Thanks to Jon Oberheide for finding the bug; see adv.2006-01 for
more information
Pkgsrc changes:
- Removed almost all warnings in MESSAGE.
Changes since version 0.21:
===========================
0.22 Mon Nov 15 2005 21:13:20
- Add public_decrypt, private_encrypt methods, contributed
by Paul G. Weiss <paul@weiss.name>
- Some changes to help builds on Redhat9
- Remove deprecated methods:
* the no-arg new constructor - use new_from_public_key,
new_from_private_key or Crypt::OpenSSL::RSA->generate_key instead
* load_public_key - use new_from_public_key
* load_private_key - use new_from_private_key
* generate_key as an instance method - use it as a class constructor
method instead.
* set_padding_mode - use use_no_padding, use_pkcs1_padding,
use_pkcs1_oaep_padding, or use_sslv23_padding instead.
* get_padding_mode
- Eliminate all(most all) memory leaks.
- fix email address
- Stop returning true from methods just to indicate success.
- Change default public exponent from 65535 to 65537
Pkgsrc changes:
none
Relevant changes since version 0.11:
=============================================
- Removed all use of strlen() in DSA.xs so signatures with nulls,
as commonly generated with sha1, could be signed/verified,
and added more tests
Pkgsrc changes:
- Removed dependency on p5-Math-Pari, p5-Crypt-Random, p5-Class-Loader.
Changes since version 0.12:
===========================
0.13 2005.05.26
- Rewrote to use Math::BigInt instead of Math::Pari, including patches
from Brad Fitzpatrick for a replacement for the isprime function
(both using pure Perl and an external gp program).
- Added optional Content argument to Crypt::DSA::Key->new, to specify
serialized Content to be deserialized.
- Added Signature serialization and deserialization of ASN.1-encoded
structures.
- Added ability to do key generation using an external openssl binary.
Thanks to Brad Fitzpatrick for the patch.
- Signature object now has better get/set acccessors.
- Use Module::Install instead of hand-coded Makefile.PL.
Pkgsrc changes:
- Removed (now unnecessary) patch-aa.
Changes since version 1.50:
===========================
1.57 Oct 20, 2005
* Updated POD documentation and added POD syntax and coverage
tests using Test::Pod and Pod::Coverage.
1.56 July 05, 2005
* Removed references to the mailing list and added support for
an optional commercial license.
1.55 February 18, 2005
* Fixed a bug ::DataFormat::i2osp(), wherein there was an encoding problem
when the most significant byte is 0x0100. Reported and patched by
<jbarkdull@yahoo.com> <rt.cpan.org: Bug #11495>
* Fixed warnings in t/15-benchmark.t
1.51 February 25, 2003
* In Crypt::RSA::encrypt() and decrypt() added a check to ensure the
blocksize is greater than 0. Blocksize can be smaller than 0 if the RSA
key modulus is too small for a particular encoding.
Changes since version 1.02:
======================================
There is no list of changes. Changes I found so far:
- Used htons() from netinet/in.h to simplify handling of different endianness
between platforms.
- Some changes in test.pl
Relevant changes since version 2.03:
====================================
des.h was renamed to _des.h in an attempt to solve the build-on-Solaris
problem.
all references to des_ were changed to _des_ since the 2.04 release didn't
seem to fix the problem on Solaris.
Relevant changes since version 1.13:
====================================
- fixed circular reference between Crypt::Random and Crypt::Random::Generator
causing 'Undefined subroutine' errors.
- Made "forbidden division t_REAL % t_INT" error disappear.
- Workaround for Math::Pari's serialization problem.
- Added a Uniform option to makerandom() and makerandom_itv() that
doesn't set the high bit of the generated random, and produces
a number uniformally distributed in the interval. Thanks to Len
Budney for pointing this out.
Relevant changes since version 2.08:
=====================================
- RandomIV in message header overrides manually-supplied -salt, as one
would expect it should.
- Added OpenSSL compatibility
- Salt and IV generators take advantage of /dev/urandom device, if available
- Added regression test for PCBC mode
- Fixed bug reported by Joshua Brown that caused certain length
strings to not encrypt properly if ending in a "0" character.
- Fixed Rijndael compat problems
From Jason White via PR pkg/32780
Changes:
Security bugs resolved in this release:
* CVE-2006-0225: scp (as does rcp, on which it is based) invoked a
subshell to perform local to local, and remote to remote copy
operations. This subshell exposed filenames to shell expansion
twice; allowing a local attacker to create filenames containing
shell metacharacters that, if matched by a wildcard, could lead
to execution of attacker-specified commands with the privilege of
the user running scp (Bugzilla #1094)
This is primarily a bug-fix release, only one new feature has been
added:
* Add support for tunneling arbitrary network packets over a
connection between an OpenSSH client and server via tun(4) virtual
network interfaces. This allows the use of OpenSSH (4.3+) to create
a true VPN between the client and server providing real network
connectivity at layer 2 or 3. This feature is experimental and is
currently supported on OpenBSD, Linux, NetBSD (IPv4 only) and
FreeBSD. Other operating systems with tun/tap interface capability
may be added in future portable OpenSSH releases. Please refer to
the README.tun file in the source distribution for further details
and usage examples.
Some of the other bugs resolved and internal improvements are:
* Reduce default key length for new DSA keys generated by ssh-keygen
back to 1024 bits. DSA is not specified for longer lengths and does
not fully benefit from simply making keys longer. As per FIPS 186-2
Change Notice 1, ssh-keygen will refuse to generate a new DSA key
smaller or larger than 1024 bits
* Fixed X forwarding failing to start when a the X11 client is executed
in background at the time of session exit (Bugzilla #1086)
* Change ssh-keygen to generate a protocol 2 RSA key when invoked
without arguments (Bugzilla #1064)
* Fix timing variance for valid vs. invalid accounts when attempting
Kerberos authentication (Bugzilla #975)
* Ensure that ssh always returns code 255 on internal error (Bugzilla
#1137)
* Cleanup wtmp files on SIGTERM when not using privsep (Bugzilla #1029)
* Set SO_REUSEADDR on X11 listeners to avoid problems caused by
lingering sockets from previous session (X11 applications can
sometimes not connect to 127.0.0.1:60xx) (Bugzilla #1076)
* Ensure that fds 0, 1 and 2 are always attached in all programs, by
duping /dev/null to them if necessary.
* Xauth list invocation had bogus "." argument (Bugzilla #1082)
* Remove internal assumptions on key exchange hash algorithm and output
length, preparing OpenSSH for KEX methods with alternate hashes.
* Ignore junk sent by a server before it sends the "SSH-" banner
(Bugzilla #1067)
* The manpages has been significantly improves and rearranged, in
addition to other specific manpage fixes:
#1037 - Man page entries for -L and -R should mention -g.
#1077 - Descriptions for "ssh -D" and DynamicForward should mention
they can specify "bind_address" optionally.
#1088 - Incorrect descriptions in ssh_config man page for
ControlMaster=no.
#1121 - Several corrections for ssh_agent manpages
* Lots of cleanups, including fixes to memory leaks on error paths
(Bugzilla #1109, #1110, #1111 and more) and possible crashes (#1092)
* Portable OpenSSH-specific fixes:
- Pass random seed during re-exec for each connection: speeds up
processing of new connections on platforms using the OpenSSH's
builtin entropy collector (ssh-rand-helper)
- PAM fixes and improvements:
#1045 - Missing option for ignoring the /etc/nologin file
#1087 - Show PAM password expiry message from LDAP on login
#1028 - Forward final non-query conversations to client
#1126 - Prevent user from being forced to change an expired
password repeatedly on AIX in some PAM configurations.
#1045 - Do not check /etc/nologin when PAM is enabled, instead
allow PAM to handle it. Note that on platforms using
PAM, the pam_nologin module should be used in sshd's
session stack in order to maintain past behaviour
- Portability-related fixes:
#989 - Fix multiplexing regress test on Solaris
#1097 - Cross-compile fixes.
#1096 - ssh-keygen broken on HPUX.
#1098 - $MAIL being set incorrectly for HPUX server login.
#1104 - Compile error on Tru64 Unix 4.0f
#1106 - Updated .spec file and startup for SuSE.
#1122 - Use _GNU_SOURCE define in favor of __USE_GNU, fixing
compilation problems on glibc 2.4
Change MAINTAINER to tech-pkg. Stop using PKGREVISION in DISTNAME.
Notable changes include:
* Postfix config has been changed so TLS is not used internally, that is
when communicating with scan-mail.pl. TLS can nevertheless be used
when communicating with the outside world on port 25.
* f-protd has been tweaked for better performance
* A bug in f-protd when using the 'id=' argument was fixed
* A format string bug in f-protd which could cause malformed xml report
was fixed
* f-prot-milter's logging changed to facilitate more useful error logs
* Fixed startup/shutdown routine for f-prot-milter in scan-mail.pl
* .wmf scanning improved
* A bug in the .hqx scanner on x86 cpu's was fixed
* A bug in the .msl scanner was fixed
* Fixed a bug in .cab and lzh handling
* A race issue with OLE documents was fixed.
- Only send TLS alert if there is one queued, fix a possible crash.
- Emit warning if prelude-failover problem arise.
- Improve error handling.
- Improve db plugin log option, "-" now mean stdout.
- Various bug fixes.
- Fix for filtering IDMEF field using the '!=' operator, which resulted in
filtering of events where the field did not exist (#129).
- Implement a "move" command in preludedb-admin.
- When SQL query logging is enabled, log the time taken to execute the query.
- Improve plugin API by making it opaque so that existing plugin don't break
if we add more SQL plugin function.
- Verbose error reporting, make the plugin error API viable for more drivers.
- Fix error reporting from perl and python bindings.
- Make libpreludedb header files c++ compiler friendly.
- Enforce listed IDMEF value ordering. IDMEF value were sometime unordered
because of an uninitialized list position problem.
- More TLS cleanup.
- Application can now report error without using specific prelude_client
error reporting function.
- More work and improved verbose error reporting.
- Fix compilation problem with prelude_error_is_verbose() (#130).
Compilation problem on NetBSD 1.6 and OpenBSD has been fixed so patch-ad
is deleted.
