access violations and public keyring database corruption when importing
manipulated public keys. http://seclists.org/bugtraq/2012/Dec/151
Tweaked from a submission from David Hill.
Tested on sparc64 & hppa, and went into an amd64 bulk build.
Node that builtins/certdata.c patch goes to the attic since it's
autogenerated at build time from builtins/certdata.txt (which we patch
too for CACert roots) since bug #683266.
There might be a chemspill for a TURKTRUST CA distrust soon (bug
#825022, sg-only) but let's get this in now.
ok/feedback jasper@
The YubiKey Personalization Tool is a Qt based cross-platform utility
designed to facilitate re-configuration of YubiKeys on Windows, Linux
and MAC platforms. The tool provides a sane simple step-by-step
approach to make configuration of YubiKeys easy to follow and
understand, while still being powerful enough to exploit all
functionality of both the YubiKey 1 and YubiKey 2 generations of
keys. The tool provides the same functionality and user interface on
Windows, Linux and MAC platforms.
The Cross-Platform YubiKey Personalization Tool provides the following
main functions:
* Programming the YubiKey in "Yubico OTP" mode
* Programming the YubiKey in "OATH-HOTP" mode
* Programming the YubiKey in "Static Password" mode
* Programming the YubiKey in "Challenge-Response" mode
* Checking type and firmware version of the YubiKey
spiped (pronounced "ess-pipe-dee") is a utility for creating
symmetrically encrypted and authenticated pipes between socket
addresses, so that one may connect to one address (e.g., a UNIX socket
on localhost) and transparently have a connection established to another
address (e.g., a UNIX socket on a different system). This is similar to
'ssh -L' functionality, but does not use SSH and requires a pre-shared
symmetric key.
spipe (pronounced "ess-pipe") is a utility which acts as an spiped
protocol client (i.e., connects to an spiped daemon), taking input from
the standard input and writing data read back to the standard output.
openssh-5.3p1.src.rpm.
ssh-ldap-helper is a small helper for sshd's AuthorizedKeysCommand
config keyword, allowing to fetch the AuthorizedKeys from an LDAP
directory with a given schema.
Note that you'll need an sshd with ssh/auth2-pubkey.c r1.33 for it
to work fine.
ok ajacoutot@ sthen@
- use ${SUBST_CMD} instead of old-style perl -pi -e commands
- update nss-config from debian's nss-config.in, since apparently it
comes from there.. needed to fix detection by mozillas, otherwise the
current script returns 3.14 for --version while configure scripts
expect 3.14.0... grab version via awk on nss.h at runtime.
Tested on amd64/i386/powerpc and in an amd64 bulk build. Needed by
firefox 18.
ok sthen@ ajacoutot@ jasper@
and the line with the unregister.sh script down to the bottom of
the plist. Silences all the blurb about ".../*.haddock doesn't exist
or isn't a file."
(it wants Data.Serialize.IEEE754).
Bump the other ports where necessary (because their haskell package
signatures changed).
Suggestion about bumps, and ok kili@
ports, for the ports that are built both on ruby 1.8 and ruby 1.9,
switch the category Makefiles to explicitly list the ruby18 FLAVOR
instead of the ruby19 FLAVOR.
Also, for home_run, fastri, and fastercsv, explicitly build only the
ruby 1.8 version of the port. These libraries can run on ruby 1.9, but
it doesn't make sense to build a ruby 1.9 version by default.
The situation is this: even when we --disable-gtk-doc, if gtk-doc is
actually installed at configure stage, tools like gtkdoc-rebase will be
picked up and run during the install target. That is bad because the
gtk-doc package may have been removed by then, especially during dpb(1)
bulks (we explicitely disable support for it so why should it stay...).
So for now, let's add the following env to configure whenever we use
--disable-gtk-doc, until a bettersolution is found...
CONFIGURE_ENV +=ac_cv_path_GTKDOC_CHECK="" \
ac_cv_path_GTKDOC_REBASE="" \
ac_cv_path_GTKDOC_MKPDF=""
- Fix a problem when only serial drivers are used (no hotplug/USB
driver)
- increase log buffer size from 160 to 2048. Some "long" log lines where
truncated.
- Fix redirection of stdin, stdout and stderr to /dev/null when pcscd is
started as a daemon (default)
- Some other minor improvements and bug corrections