ok/feedback jasper@
The YubiKey Personalization Tool is a Qt based cross-platform utility
designed to facilitate re-configuration of YubiKeys on Windows, Linux
and MAC platforms. The tool provides a sane simple step-by-step
approach to make configuration of YubiKeys easy to follow and
understand, while still being powerful enough to exploit all
functionality of both the YubiKey 1 and YubiKey 2 generations of
keys. The tool provides the same functionality and user interface on
Windows, Linux and MAC platforms.
The Cross-Platform YubiKey Personalization Tool provides the following
main functions:
* Programming the YubiKey in "Yubico OTP" mode
* Programming the YubiKey in "OATH-HOTP" mode
* Programming the YubiKey in "Static Password" mode
* Programming the YubiKey in "Challenge-Response" mode
* Checking type and firmware version of the YubiKey
spiped (pronounced "ess-pipe-dee") is a utility for creating
symmetrically encrypted and authenticated pipes between socket
addresses, so that one may connect to one address (e.g., a UNIX socket
on localhost) and transparently have a connection established to another
address (e.g., a UNIX socket on a different system). This is similar to
'ssh -L' functionality, but does not use SSH and requires a pre-shared
symmetric key.
spipe (pronounced "ess-pipe") is a utility which acts as an spiped
protocol client (i.e., connects to an spiped daemon), taking input from
the standard input and writing data read back to the standard output.
openssh-5.3p1.src.rpm.
ssh-ldap-helper is a small helper for sshd's AuthorizedKeysCommand
config keyword, allowing to fetch the AuthorizedKeys from an LDAP
directory with a given schema.
Note that you'll need an sshd with ssh/auth2-pubkey.c r1.33 for it
to work fine.
ok ajacoutot@ sthen@
- use ${SUBST_CMD} instead of old-style perl -pi -e commands
- update nss-config from debian's nss-config.in, since apparently it
comes from there.. needed to fix detection by mozillas, otherwise the
current script returns 3.14 for --version while configure scripts
expect 3.14.0... grab version via awk on nss.h at runtime.
Tested on amd64/i386/powerpc and in an amd64 bulk build. Needed by
firefox 18.
ok sthen@ ajacoutot@ jasper@
and the line with the unregister.sh script down to the bottom of
the plist. Silences all the blurb about ".../*.haddock doesn't exist
or isn't a file."
(it wants Data.Serialize.IEEE754).
Bump the other ports where necessary (because their haskell package
signatures changed).
Suggestion about bumps, and ok kili@
ports, for the ports that are built both on ruby 1.8 and ruby 1.9,
switch the category Makefiles to explicitly list the ruby18 FLAVOR
instead of the ruby19 FLAVOR.
Also, for home_run, fastri, and fastercsv, explicitly build only the
ruby 1.8 version of the port. These libraries can run on ruby 1.9, but
it doesn't make sense to build a ruby 1.9 version by default.
The situation is this: even when we --disable-gtk-doc, if gtk-doc is
actually installed at configure stage, tools like gtkdoc-rebase will be
picked up and run during the install target. That is bad because the
gtk-doc package may have been removed by then, especially during dpb(1)
bulks (we explicitely disable support for it so why should it stay...).
So for now, let's add the following env to configure whenever we use
--disable-gtk-doc, until a bettersolution is found...
CONFIGURE_ENV +=ac_cv_path_GTKDOC_CHECK="" \
ac_cv_path_GTKDOC_REBASE="" \
ac_cv_path_GTKDOC_MKPDF=""
- Fix a problem when only serial drivers are used (no hotplug/USB
driver)
- increase log buffer size from 160 to 2048. Some "long" log lines where
truncated.
- Fix redirection of stdin, stdout and stderr to /dev/null when pcscd is
started as a daemon (default)
- Some other minor improvements and bug corrections
* new HOMEPAGE, new MASTER_SITE
* use new CONFIGURE_STYLE=oasis
* rename from cryptokit to ocaml-cryptokit
From: Christopher Zimmermann <madroach@gmerlin.de>
sample config file (e.g. winnow_bad_cw and various bofhland lists).
Comment-out MBL to disable by default, it has various problems with
false-positives and doesn't seem very effective at present.
YubiServe is a lightweight Validation Server supporting both OATH/HOTP
and Yubico Yubikey implementations, written in Python that uses an
SQLite database or, optionally, a MySQL database. It has an integrated
threaded webserver, with HTTPS/SSL support, compatible with the
Yubico validation protocol 2.0 including HMAC SHA-1 signatures to
provide for authentication of the server.
A change in 1.10.2 accidentally broke ABI compatibility with
1.10.1 and earlier versions, causing programs compiled against
1.10.1 to crash if linked with 1.10.2 at runtime.
Recent versions of OpenSSL include extra information in ECC
private keys, the presence of which caused an exception when
such a key was loaded by botan. The decoding of ECC private
keys has been changed to ignore these fields if they are set.
from Brad
version would require a lot of work and we have no maintainer; not to
mention the source code is not available right now.
A "security" software that is unmaintained is something that should live
in an attic.
ok jasper@ sthen@
ClamAV 0.97.5 addresses possible evasion cases in some archive formats
(CVE-2012-1457, CVE-2012-1458, CVE-2012-1459). It also addresses stability
issues in portions of the bytecode engine. This release is recommended for all
users.
The libpwquality library purpose is to provide common functions for
password quality checking and also scoring them based on their apparent
randomness. The library also provides a function for generating random
passwords with good pronounceability. The library supports reading and
parsing of a configuration file.
including patches that have been committed upstream to disable pam, as
suggested by and ok aja@
