aboutsummaryrefslogtreecommitdiff
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
* Update to 3.0. Sigh.Will Andrews2002-04-232-0/+452
| | | | Notes: svn path=/head/; revision=58018
* revert change from this morningMichael Haro2002-04-222-4/+1
| | | | Notes: svn path=/head/; revision=58016
* Change to vi:ts=8.David E. O'Brien2002-04-221-11/+11
| | | | Notes: svn path=/head/; revision=57987
* Patch sudo 1.6.5.2 with GlobalInterSec's sudo patch.Michael Haro2002-04-222-1/+4
| | | | Notes: svn path=/head/; revision=57985
* Reclaim maintainership.Anders Nordby2002-04-222-3/+3
| | | | Notes: svn path=/head/; revision=57968
* Please welcome Qt3/KDE3 to our ports tree. This includes work since theWill Andrews2002-04-218-732/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | original versions of these ports, so some PORTREVISIONs were bumped. See http://freebsd.kde.org/ and mailing lists linked to from there for info on the packages generated to test these ports. bsd.kde.mk has already been updated a few days ago to work with these. Some patches applied to fix a few bugs were: deskutils/kdepim3: [1] Remove kpilot from build because it wasn't ready at release. editors/koffice-kde3: [2] Fix compile time bugs for FreeBSD. misc/kdeedu3: [3] Fix compile problem with kvoctrain. x11/kdebase3: [4] Fix KDM CPU usage and login bug. Some caveats: * All PLISTs are broken for deinstall due to script bug that I didn't notice until very recently. This will be fixed when I commit an update tomorrow. These ports should still install perfectly fine though. They should also deinstall without giving errors, but will leave directories behind. * You can't install this with any other version of QT or KDE already installed. I am not sure the checks are 100% working, but fixes for these will be forthcoming. This is mainly due to a policy decision made by kde@ to make QT/KDE ports install the way the rest of the world expects it to while also still conforming to FreeBSD's hier(7). For reference on this decision, please consult the KDE/FreeBSD mailing list archives. This decision fixes 2-year-old bug reports relating to how we handled this for KDE2 vs KDE1. Submitted by: [1] Adrian de Groot <adridg@cs.kun.nl>, [2] David Faure <faure@kde.org>, Andy Fawcett <andy@athame.co.uk> Lauri Watts <lauri@kde.org> [3] Lauri Watts <lauri@kde.org> [4] Alan Eldridge <alane@geeksrus.net> Oswald Buddenhagen <ossi@kde.org> Reviewed by: kde Notes: svn path=/head/; revision=57964
* - Update to 0.9.6cDirk Meyer2002-04-216-52/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - more manpages - shift FORBIDDEN Excerpt of Changes between 0.9.6b and 0.9.6c [21 dec 2001] *) Fix BN_rand_range bug pointed out by Dominikus Scherkl *) Only add signing time to PKCS7 structures if it is not already present. *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", OBJ_ld_ce should be OBJ_id_ce. Also some ip-pda OIDs in crypto/objects/objects.txt were incorrect (cf. RFC 3039). *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() returns early because it has nothing to do. *) Fix mutex callback return values in crypto/engine/hw_ncipher.c. *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake messages are stored in a single piece (fixed-length part and variable-length part combined) and fix various bugs found on the way. *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() instead. BIO_gethostbyname() does not know what timeouts are appropriate, so entries would stay in cache even when they have become invalid. *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when faced with a pathologically small ClientHello fragment that does not contain client_version: Instead of aborting with an error, simply choose the highest available protocol version (i.e., TLS 1.0 unless it is disabled). *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() never resets s->method to s->ctx->method when called from within one of the SSL handshake functions. *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert (sent using the client's version number) if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation correctly. *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a client receives HelloRequest while in a handshake. *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C should end in 'break', not 'goto end' which circuments various cleanups done in state SSL_ST_OK. But session related stuff must be disabled for SSL_ST_OK in the case that we just sent a HelloRequest. Also avoid some overhead by not calling ssl_init_wbio_buffer() before just sending a HelloRequest. *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't reveal whether illegal block cipher padding was found or a MAC verification error occured. (Neither SSLerr() codes nor alerts are directly visible to potential attackers, but the information may leak via logfiles.) ssl/s2_pkt.c failed to verify that the purported number of padding bytes is in the legal range. *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid 'wristwatch attack' using huge encoding parameters (cf. James H. Manger's CRYPTO 2001 paper). Note that the RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use encoding parameters and hence was not vulnerable. *) BN_sqr() bug fix. *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() followed by modular reduction. *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range() equivalent based on BN_pseudo_rand() instead of BN_rand(). *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). This function was broken, as the check for a new client hello message to handle SGC did not allow these large messages. *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl() for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>). *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() with the same message size as in ssl3_get_certificate_request(). Otherwise, if no ServerKeyExchange message occurs, CertificateRequest messages might inadvertently be reject as too long. *) Modified SSL library such that the verify_callback that has been set specificly for an SSL object with SSL_set_verify() is actually being used. Before the change, a verify_callback set with this function was ignored and the verify_callback() set in the SSL_CTX at the time of the call was used. New function X509_STORE_CTX_set_verify_cb() introduced to allow the necessary settings. *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored dh->length and always used BN_rand_range(priv_key, dh->p). So switch back to BN_rand(priv_key, l, ...) where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 otherwise. *) In RSA_eay_public_encrypt, RSA_eay_private_decrypt, RSA_eay_private_encrypt RSA_eay_public_decrypt always reject numbers >= n. *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 to synchronize access to 'locking_thread'. *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID *before* setting the 'crypto_lock_rand' flag. The previous code had a race condition if 0 is a valid thread ID. Notes: svn path=/head/; revision=57949
* Update maintainer e-mail address.Anders Nordby2002-04-201-1/+1
| | | | | | | | PR: 37294 Submitted by: maintainer Notes: svn path=/head/; revision=57942
* Update krb5-1.2.5-beta1 --> krb5-1.2.5-beta2Cy Schubert2002-04-202-3/+3
| | | | Notes: svn path=/head/; revision=57910
* Patches from maintainer:Kris Kennaway2002-04-1912-0/+281
| | | | | | | | | | | | | | | | * HKP (WWW) key submissions disabled by default, enabled via configuration file * nicer formatting of long (SHA-1) fingerprints * pksdctl usage() shows available commands/arguments * manual page fixes Bump PORTREVISION. PR: ports/34970 Submitted by: Jason Harris <jharris@widomaker.com> Notes: svn path=/head/; revision=57897
* Say goodbye to Qt 1.x and all of its dependents. The one port I foundWill Andrews2002-04-196-36/+0
| | | | | | | | | | | | | | | | which probably isn't supposed to be removed is misc/instant-workstation, which had a dependency on audio/xamp (being removed), so I removed that dependency and bumped PORTREVISION. All other ports are real dependents upon Qt 1.x, including KDE 1.x stuff. Code in bsd.kde.mk supporting these ports is also removed or adjusted. Also, some adjustments made to accomodate Qt3/KDE3 ports, which will be committed Real Soon Now (TM), pending repo-copies. This commit made in impending view of Qt3/KDE3 entering ports tree. Notes: svn path=/head/; revision=57872
* Update nessus-devel suite to version 1.2.0.Jimmy Olgeni2002-04-1811-53/+70
| | | | | | | | PR: 37237 Submitted by: Udo Schweigert <udo.schweigert@siemens.com> Notes: svn path=/head/; revision=57868
* libgmp3 -> libgmp4Ying-Chieh Liao2002-04-182-2/+4
| | | | Notes: svn path=/head/; revision=57844
* Transfer maintainership to Jason Harris <jharris@widomaker.com>Kris Kennaway2002-04-181-1/+1
| | | | Notes: svn path=/head/; revision=57842
* Give maintainership back to ports@Patrick Li2002-04-172-2/+2
| | | | | | | | PR: 37191 Submitted by: maintainer Notes: svn path=/head/; revision=57826
* Update to 4197James E. Housley2002-04-172-2/+2
| | | | Notes: svn path=/head/; revision=57820
* Check hidden dependency on libiconv.Jun Kuriyama2002-04-162-0/+6
| | | | | | | Pointed out by: Neil Darlow <neil@darlow.co.uk> Notes: svn path=/head/; revision=57755
* Upgrade to snort 1.8.6. The previous two versions (1.8.4 and 1.8.5) wereKris Kennaway2002-04-132-3/+3
| | | | | | | buggy and short-lived; hopefully this one is better. Notes: svn path=/head/; revision=57671
* New MIT Kerberos V beta, V 1.2.5-beta1.Cy Schubert2002-04-1325-0/+906
| | | | Notes: svn path=/head/; revision=57661
* gettext upgrade uber-patch (stage 3)Ade Lovett2002-04-125-14/+10
| | | | | | | | | | | | | - switch devel/gettext (0.11.1) on, installing full package - flip devel/gettext-old (0.10.35) to installing only static binaries with a "-old" suffix -- gettext-old will have its deorbit burn sequence initiated just after 4.6-RELEASE - fix up ports for the new world order Reviewed by: portmgr Notes: svn path=/head/; revision=57625
* Update the download site and URL.Peter Pentchev2002-04-111-1/+1
| | | | | | | | | PR: 36687 Submitted by: Kimura Fuyuki <fuyuki@mj.0038.net> Approved by: maintainer Notes: svn path=/head/; revision=57573
* Mark as broken for -current with OpenPAM. Does not work yet.Anders Nordby2002-04-101-1/+7
| | | | Notes: svn path=/head/; revision=57548
* Upgrade to 4196James E. Housley2002-04-102-2/+2
| | | | Notes: svn path=/head/; revision=57543
* upgrade to 0.9.5Ying-Chieh Liao2002-04-102-2/+2
| | | | Notes: svn path=/head/; revision=57517
* Fix another case when build breaks when qt versions 1 and 2 coexistPatrick Li2002-04-101-2/+11
| | | | Notes: svn path=/head/; revision=57514
* Add fwanalog 0.5.1, a firewall log summarizer that uses Analog.Cy Schubert2002-04-076-0/+71
| | | | | | | | PR: 35758 Submitted by: Kimura Fuyuki <fuyuki@mj.0038.net> Notes: svn path=/head/; revision=57400
* Fixup pkg-plist.Cy Schubert2002-04-062-1/+3
| | | | | | | Pointy hat to: myself Notes: svn path=/head/; revision=57387
* Change my ports to use my FreeBSD.org address.Joe Marcus Clarke2002-04-051-1/+1
| | | | | | | Approved by: sobomax Notes: svn path=/head/; revision=57352
* Nuked at maintainer's request now that pam_passwdqc is in the base system.Dag-Erling Smørgrav2002-04-047-66/+0
| | | | Notes: svn path=/head/; revision=57326
* upgrade to 1.14Ying-Chieh Liao2002-04-043-3/+4
| | | | | | | | PR: 36742 Submitted by: maintainer Notes: svn path=/head/; revision=57319
* Update to 4195James E. Housley2002-04-032-2/+2
| | | | Notes: svn path=/head/; revision=57287
* Update to 20020403Patrick Li2002-04-032-2/+2
| | | | | | | | PR: 36693 Submitted by: Martti Kuparinen <martti.kuparinen@iki.fi> Notes: svn path=/head/; revision=57280
* Update to version 2.54 Beta 32.David E. O'Brien2002-04-022-2/+2
| | | | Notes: svn path=/head/; revision=57234
* This port needs python from building, not running.Munechika SUMIKAWA2002-04-021-1/+2
| | | | Notes: svn path=/head/; revision=57206
* Add vlog 1.1f, a curses based real-time logfile viewer.Mark Pulford2002-04-026-0/+53
| | | | | | | | PR: 36616 Submitted by: hannes sowa <satbran@web.de> Notes: svn path=/head/; revision=57195
* ssh_askpass2 is built only when X11 is installed. SupportAkinori MUSHA2002-04-022-1/+9
| | | | | | | | | | {WITH,WITHOUT}_X11 and detect ${X11BASE}/lib/libX11.a. Reported by: bento Obtained from: security/ssh (partly) Notes: svn path=/head/; revision=57179
* Remove this port at the request of the maintainer. The version of pam_sshKris Kennaway2002-04-016-31/+0
| | | | | | | in the base system is more up-to-date and is being actively maintained. Notes: svn path=/head/; revision=57159
* Unbreak pam_ldap on -CURRENT after the latest OpenPAM patchPatrick Li2002-04-012-4/+11
| | | | | | | | PR: 36613 Submitted by: maintainer Notes: svn path=/head/; revision=57147
* Add new port security/pam_passwdqc - A pam module to validate passwordsPatrick Li2002-04-017-0/+66
| | | | | | | | | | for quality PR: 36597 Submitted by: Dominic Marks <dominic_marks@btinernet.com> Notes: svn path=/head/; revision=57112
* Update to 2.0.3David W. Chapman Jr.2002-04-013-9/+10
| | | | | | | | PR: 36595 Submitted by: maintainer Notes: svn path=/head/; revision=57099
* Update to 0.6.6Patrick Li2002-03-313-2/+6
| | | | Notes: svn path=/head/; revision=57035
* Add #include <arpa/inet.h> to unbreak buildKris Kennaway2002-03-312-0/+20
| | | | Notes: svn path=/head/; revision=57034
* Add option for jumbo patch kit and pass maintainership to submitterPatrick Li2002-03-313-2/+23
| | | | | | | | PR: 36514 Submitted by: ago <a.go@wish.net> Notes: svn path=/head/; revision=56996
* Update to 20020203 and give maintainership back to ports@Patrick Li2002-03-302-3/+3
| | | | | | | | PR: 36548 Submitted by: maintainer Notes: svn path=/head/; revision=56990
* Fix the KDE ports to not use objprelink, if OSVERSION >= 500029. This isWill Andrews2002-03-302-2/+14
| | | | | | | | | | not tested other than for syntax, but should DTRT from what I understand of the problem. Submitted by: bento Notes: svn path=/head/; revision=56912
* - Fix build for 5.0-CURRENTDirk Meyer2002-03-302-0/+50
| | | | Notes: svn path=/head/; revision=56899
* www.crypto-publish.org does not have krb5-1.2.4.{tar,tar.Z,tar.gz,tar.bz2}.Cy Schubert2002-03-294-24/+0
| | | | | | | Reported by: bento Notes: svn path=/head/; revision=56870
* - add a patch to let this build with OpenPAM, but mark as broken forPete Fritchman2002-03-292-2/+105
| | | | | | | | | | | -currents with OpenPAM because functionality is broken. - touch -> ${TOUCH} PR: 36469 Submitted by: maintainer Notes: svn path=/head/; revision=56842
* Update port to 0.80Michael Haro2002-03-292-2/+2
| | | | | | | Maintainer timeout: 6 months, 17 days Notes: svn path=/head/; revision=56831
* Install config file as a sample filePatrick Li2002-03-283-4/+8
| | | | | | | | PR: 36442 Submitted by: ago <a.go@wish.net> Notes: svn path=/head/; revision=56819
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-28 05:35:04 +0000