* Format string bug fixed in protocol.c
smtp, pop3 and nntp in client mode were affected.
(stunnel clients could be attacked by malicious servers)
* Certificate chain can be supplied with -p option or in stunnel.pem.
* Problem with -r and -l options used together fixed.
* memmove() instead of memcpy() is used to move data in buffers.
* More detailed information about negotiated ciphers is printed.
* New ./configure options: "--enable-no-rsa" and "--enable-dh".
- Support for ACE (WinACE) Archiver
- Support for additional packers
- Support for newer versions of packers
- Support for BZIP compression format
- Support for additional LHA compression formats, LH6 and LH7
- Support for zcompress compression format
- Support for PDF 5.0 files
- Improved scanning for MIME formats
- Support for Unicode and Unicode big-endian saved scripts
- Support for Compiled Help files
- Support for Microsoft Exchange internal data-transfer format
- Support for Internet Message Connector (IMC) Archive format.
- Support for uncompressed VBA in Visio files
- Improved heuristic analysis for 32-bit Windows applications
- Support for compressed RTF and HTML in Microsoft Outlook messages
- Support for Script Component Type Libraries
- Improved performance when scanning Windows 32 applications
- Define NO_REGRESS
- replace all LOG_DEBUG to LOG_INFO
- use snprintf() instead of sprintf() in debuglog.c
- stop if /tmp/pcsc already exists
- clean and remove /tmp/pcsc on exit
Patches by Dr. Ludovic Rousseau <ludovic.rousseau@free.fr> and
already submitted to upstream project. Thanks.
---
PC/SC Architecture for most Unix type operating systems. Allows
easy porting of Windows smartcard software to other operating
systems. Supports many types of serial, PCMCIA, and USB smartcard
readers and cryptographic tokens.
WWW: http://www.linuxnet.com/
Tested by Dr. Ludovic Rousseau and me.
--
Logcheck is a scheduled auditing tool that scans system log files
for security violations and unusual activity. Reports of suspicious
log entries are mailed to a specified user (usually root).
WWW: http://www.psionic.com/abacus/logcheck
MAINTAINER= Srebrenko Sehic <haver@insecure.dk>
ccrypt is a utility for encrypting and decrypting files and streams.
It was designed to replace the standard unix crypt utility, which is
notorious for using a very weak encryption algorithm. ccrypt is based
on the Rijndael cipher, which is the U.S. government's chosen
candidate for the Advanced Encryption Standard. This cipher is believed
to provide very strong security.
--
Zebedee is a simple program to establish an encrypted, compressed TCP or
UDP tunnel between two systems. This allows traffic such as telnet, ftp,
VNC, and X to be protected from snooping as well as potentially gaining
performance over low-bandwidth networks from compression.
WWW: http://www.winton.org.uk/zebedee/
Submitted by Jon Leonard <jleonard@iss.net>
Passive OS fingerprinting technique based on information coming
from remote host when it establishes connection to our system.
Captured packets contains enough information to determine OS - and,
unlike active scanners (nmap, queSO) - without sending anything to
this host.
---
IO::Socket::SSL is a class implementing an object oriented interface
to SSL sockets. The class is a descendent of IO::Socket::INET and
provides a subset of the base class's interface methods as well as
SSL specific methods.
either support more than one protocol to attack or support parallized
connects.
Currently this tool supports TELNET, FTP, POP3, IMAP, HTTP Basic and Cisco
authentication only, however the module engine for new services is very easy
so it won't take a long time until more services are supported.
---
Python OpenSSL Wrappers(POW) is a set of comprehensive wrappers for
Python of the OpenSSL libraries. POW will provide a 'slim' interface
which will still enable Python developers to fully utilize OpenSSL.
WWW: http://pow.sourceforge.net
the 1.0.4 release and because the problem was later fixed in 1.0.5 (and
later versions). Here is a quote from the NEWS file about this issue:
--cut--
* WARNING: The semantics of --verify have changed to address a
problem with detached signature detection. --verify now ignores signed
material given on stdin unless this is requested by using a "-" as the
name for the file with the signed material. Please check all your
detached signature handling applications and make sure that they don't
pipe the signed material to stdin without using a filename together with
"-" on the the command line.
--cut--
The patch introduce a problem in the way verifying a signature returned
a value of 2 instead of 0 (when the signature was properly verified).
The symptom showed itself in mutt for example.
This problem was found by Anders Arnholm <anders@arnholm.nu>
markus@ asked me to commit this.
---
GnuPGInterface is a Python module to interface with GnuPG. It
concentrates on interacting with GnuPG via filehandles, providing
access to control GnuPG via versatile and extensible means.
- setsockopt() optlen set according to the optval for Solaris.
- Minor NetBSD compatibility fixes by Martti Kuparinen.
- Minor MSVC6 compatibility fixes by Patrick Mayweg.
- SSL close_notify timeout reduced to 10 seconds of inactivity.
- Socket close instead of reset on close_notify timeout.
- Some source arrangement and minor bugfixes.
- Critical section added around non MT-safe TCP Wrappers code.
- Problem with "select: Interrupted system call" error fixed.
- errno replaced with get_last_socket_error() for Win32.
- Some FreeBSD/NetBSD patches to ./configure from Martti Kuparinen.
- Local mode process pid logged.
- Default FQDN (localhost) removed from stunnel.cnf
- ./configure changed to recognize POSIX threads library on OSF.
- New -O option to set socket options.
--
APG (Automated Password Generator) is the tool set for random
password generation. It features: a built-in ANSI X9.17 RNG (Random
Number Generator)(CAST/SHA1), two methods for password generation:
FIPS 181 and truly random, configurable lengths and numbers of
passwords. Two components are supported, a network daemon (apgd)
and a command line client (apg). The command line tool does not
require the network daemon.
WWW: http://www.adel.nursat.kz/apg/
MAINTAINER= Jose Nazario <jose@crimelabs.net>
ok pvalchev@
was found that there was a trojaned version of aide floating there.
However, our checksum checking would have found the difference, but
I prefer to play it safe and remove that obviously unsecure host from
the Aide's MASTER_SITES (they should use OpenBSD :)).
Thanks to Heikki Korpela <heko@iki.fi> for bringing this to me.
- MAX_CLIENTS is calculated based on FD_SETSIZE, now.
- Problems with closing SSL in transfer() fixed.
- -I option to bind a static local IP address added.
- Debug output of info_callback redesigned.
Maintainer : COUDERC Damien <couderc.damien@wanadoo.fr>
---
GnuPG Made Easy (GPGME) is a library designed to make access to
GnuPG easier for applications.
It provides a High-Level Crypto API for encryption, decryption,
signing, signature verification and key management. Currently it
uses GnuPG as it's backend but the API isn't restricted to this
engine; in fact it is planned to add other backends to it.
--
Chrootuid makes it easy to run network services at a low privilege
level and with restricted file system access. This utility employs
both chroot and su to confine users to specified areas by assigning
appropriate userids.
Chrootuid was written by Wietse Venema; this port includes Phil
Pennock's initgroups patch.
WWW: http://www.porcupine.org/
MAINTAINER= Jason Peel <jsyn@openbsd.org>
An initial port skeleton was donated by the farmer who uses BSD.
o transposition.grid-controls added (rectangular grid transposition
ciphers)
o steganalysis.word-gaps added (hidden cipher breaker)
o Various cosmetic changes
o Made source pane editable updating view pane dynamically. Got rid of
old "edit source" option.
o Moved hillclimb-cracker's progress bar onto widget display
o Description area in plugin-viewer
o Plugins share variables by not using 'static'
o New plugin->menu_string and menu items
o Added optional source pane to make the source/view idea more obvious
- Some transfer() bugfixes/improvements.
- STDIN/STDOUT are no logner assumed to be non-socket decriptors.
- Problem with --with-tcp-wrappers patch fixed.
- pop3 and nntp support bug fixed by Martin Germann.
- -o option to append log messages to a file added.
- Changed error message for SSL error 0.
- Serious bug resulting in random transfer() hangs fixed.
- Separate file descriptors are used for inetd mode.
- -f (foreground) logs are now stamped with time.
- New ./configure option: --with-tcp-wrappers by Brian Hatch.
- pop3 protocol client support (-n pop3) by Martin Germann.
- nntp protocol client support (-n nntp) by Martin Germann.
- RFC 2487 (smtp STARTTLS) client mode support.
- Transparency support for Tru64 added.
- Some #includes for AIX added.
