Fix CAN-2004-0885:
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
correct cipher suite has been negotiated, else deny access.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL
0.9.7, prevent session resumption during a renegotiation to force the
client to negotiate a new (and acceptable) cipher suite.
Credits: Hartmut Keil, Joe Orton
- Make security/libtasn1 and security/opencdk into optional dependencies,
enabled by knobs: WITH_LIBTASN1 and WITH_OPENCDK, respectively.
Default to using their included versions
It ensures to link with expat when apache isn't built with its own expat
Noticed by: Nik Clayton <nik _at_ crf-consulting _dot_ co _dot_ uk>
PR: ports/71988
- Added manual pages from Debian Linux.
- Added sample script that can be used as startup/stop script for
Bittorrent sites (hopefully will be integrated in $PREFIX/etc/rc.d/ once
(but first I need some feedback)
- Added proper IPv6 support - removing compact=1 from announcements.
(If you want you can test it at http://6net.nii.hu:6969)
PR: ports/71736
Submitted by: Janos Mohacsi <janos.mohacsi@bsd.hu>
This port contains a subset of the DJBDNS package.
It includes several useful Domain Name System (DNS) tools:
- dnsfilter: a parallel IP-address-to-host-name converter
- dnsip, dnsipq, dnsname, dnstxt, and dnsmx: simple
command-line interfaces to DNS
- dnsq, dnstrace, dnstracesort: DNS debugging tools
Author: Daniel J. Bernstein <djb@cr.yp.to>
WWW: http://cr.yp.to/djbdns.html
* ntohs() won't work, because it converts from bigendian to native
byteorder, and the format used in TVision streams is littleendian.
Conversion must be done explicitly, by calling readByte() several
times, in consecutive statements !
*This enables ncurses mouse support, which was broken (it seemed to depend
on gpm in an unhealthy way).
*Un*x filenames can easily contain spaces ... Don't trim the filename.
*Avoid possible problems with signed/unsigned char comparisons. And
functions like toupper must be called with an unsigned char.
PR: 71544
Submitted by: Erling Jacobsen <linuxcub@email.dk>
Set maintainer back to ports, as libh is now officially a dead project
Compile with GCC 3.4
Bump PORTREVISION
This program is a filter which shall improve the readability for messages
(emails and posts) by *hiding* some annoying parts, including:
- mailing list footers
- excessive quoting
- overlong signatures
- Outlook-style "TOFU" (text above - full quote below)
- squeeze sequences of blank lines or punctuation
Its primary mode of operation is a display filter in MUA (it has special
support for Mutt), but it can also be used in MTA/MDA - e.g. for immediately
bouncing "improper" messages.
Author: Jochen Striepe <t-prot@tolot.escape.de>
WWW: http://www.escape.de/users/tolot/mutt/
Somehow, a hard coded -lc_r survived in a patch file.
Eleminating it, makes the port (finally) PTHREAD_* conform.
PR: ports/71612
Submitted by: Simon Barner <barner@in.tum.de>
databases/mysqlcppapi is unable to detect mysql-4.1.4 and
use new mysql_shutdown() api. Thus it is broken with mysql41-*
after mysql41-* were updated to 4.1.4. I hope this fix can
make it way to ports before the freeze.
PR: ports/71348
Submitted by: Jie Gao <gaoj@cpsc.ucalgary.ca>
Updating the Samhain integrity checking system from 1.8.10b to 1.8.11.
Code changes include:
o for files in the IgnoreAll policy, there are no warnings
(anymore) about 'no such user/group' and/or non-printable filenames
o there is a new option HardlinkOffset=... to specify an
offset from the canonical hardlink count for a directory
o ... and a new option AddOKChars=... to modify the set of
characters in a filename for which a warning (about
obscure/non-printable) filename is issued.
Port changes:
Turn off kernel integrity checking by default - building
this into packages wouldn't work anyhow, since it would
only work with an identical kernel as on the build cluster.
PR: ports/71169
Submitted by: David Thiel <lx@redundancy.redundancy.org>
Attached patch changes Muine's library mappings so minor
version number changes do not break the port in the future.
PR: ports/71136
Submitted by: Tom McLaughlin <tmclaugh@sdf.lonestar.org>
