Up to [cvs.NetBSD.org] / pkgsrc / net / tacacs
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch
net: Remove SHA1 hashes for distfiles
Add SHA512 digests for distfiles for net category Problems found with existing digests: Package haproxy distfile haproxy-1.5.14.tar.gz 159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded] da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated] Problems found locating distfiles: Package bsddip: missing distfile bsddip-1.02.tar.Z Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2 Package djbdns: missing distfile djbdns-cachestats.patch Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch Package gated: missing distfile gated-3-5-11.tar.gz Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz Package poink: missing distfile poink-1.6.tar.gz Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch Package waste: missing distfile waste-source.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Update to version 4.0.4.28, and switch to shrubbery.net version which appears to be maintained and where contributions are being integrated. Particularly, this fixes a SEGV crash on LP64 (amd64). Upstream changes since 4.0.4a in reverse chronological order: F4.0.4.28 - Fix buffer length argument to ntop() - Muhammad Muquit - Fix two missing free()s - Fix segfault from incorrect pointer returned from value(). Reported here: http://www.shrubbery.net/pipermail/tac_plus/2014-January/001384.html - update autoconf bits for autoconf 2.69 - put tac_plus daemon in sbin, where it ought to be - fix hdr->datalength handling in dump_nas_pak() - add -m option to specify the client listen queue max and increase the default to 64 if the O/S does not define SOMAXCONN - fix config.h include syntax - David M. Syzdek - added -U and -Q flags to allow runtime setuid/setgid change - from from Robert Drake with some alteration - Make implicit time_t conversions explicit in expire.c - from David M. Syzdek - initialize newsockfd in main() - from David M. Syzdek - recent changes in autoconf are causing the + of the package name to become -, so just drop it from the tarball name. F4.0.4.27 - add "port" to clarify log messages of default_fn.c - use program name (filename) instead of hard-coded "tac_plus" for name given to PAM - change socket binding to allow an IPv6 address with the -B argument - bind v4 and v6 sockets if system claims its has addresses for the AFs - fix command authorization debug message logic for match/no match - reported by Dereck Chan F4.0.4.26 - add optional securid support via aceclient library - Matt Addison - use localtime instead of gmtime for log messages so that the timezone is inheritted. - allow file authentication for PAP authorization F4.0.4.25 - add -m (md5) option to tac_pwd. XXX could use better salt generation - use random() in tac_pwd if available and generate 4 bytes of salt for md5. - sprintf -> snprintf - Robert Swiecki - more pkt size checking in acct.c, authen.c, author.c - Robert Swiecki - free(pak) in start_session() not in account(), for consistency F4.0.4.24 - allow PAM for pap authentication - Jeroen Nijhof - replace home-grown vprintf in report() with vsnprintf - Robert Swiecki - dont use report in signal handler, since report uses syslog which uses malloc - Robert Swiecki - use volatile sig_atomic_t 'reinitialize' variable - Robert Swiecki - use snprintf in get_authen_continue() and send_authen_error() and check return - Robert Swiecki - make snprintf buffers of get_authen_continue() and send_authen_error() at least NI_MAXHOST bytes - Robert Swiecki F4.0.4.23 - fix build on netbsd - update PAM includes for OSX - YiJia Zhang F4.0.4.22 - check of regexec() return value inverted - from Ignas Kazlauskas F4.0.4.21 - do_auth.py - better Nexus support, better AV replacement, and only send roles to Nexus - from Daniel Schmidt - fix bug in checking the return value of regexec() for login and enable ACLs. - do_auth.py - better Nexus support, better AV replacement, and only F4.0.4.20 - remove stupid error message about running as root - Drop the private regex library in favor of libc's. A system w/o a regex is one I dont care about. - finally remove config parsing for 'default authorization = permit' - apply ACLs to pap, chap, arap and ms-chap authentication too - change accounting log time format to match syslog - do_auth.py fix from Daniel Schmidt - import fdes from David G. Koontz (1991) for ARAP/MSCHAP_DES - move MSCHAP define to autoconf; --enable-mschap - use the fdes code for ARAP_DES and MSCHAP_DES. NOTE: I have no way to test this. lmk if it does not work. - increase NAC address array size. affects the format of the tacacs wholog file (TACPLUS_WHOLOGFILE); existing file should be removed. - add comments to tac_plus.conf.5 about cipher algorithms in password_spec - do_auth.py - Fixed reression, Support for replacing av pairs - from Daniel Schmidt F4.0.4.19 - offer $ip to before/after authorization scripts - wtmp and accounting files do not need to be mutually exclusive - add authorization script example - from Daniel Schmidt - add partial support for single-connection mode - convert select()s to poll()s F4.0.4.18 - Fix missing printf argument in debug output - Add "enable = nopassword" to users, groups and hosts. F4.0.4.17 - Move REARMSIGNAL definition to autoconf - Move REAPCHILD definition to autoconf and check if SIG_IGN works - Move SIGCHLD handling to apply to all daemon personalities - partly from John Payne F4.0.4.16 - Few innocuous changes from or inspired by FreeBSD ports - Deal with max-session finger format difference in a way that does not require knowing which IOS is being fingered. - The header encryption field is really a flags field which includes a single-session option (which we'd like to support) - Check return of write() for interrupts when writing arguments to external scripts. - -G was not remaining in foreground - From Nathan Schrenk - Do not attempt to remove the pidfile if the pidfilebuf was truncated or we could not open the file. - Add 'accounting syslog;' configuration knob - mostly from Mark Ellzey Thomas - Notes about PAM - from Aaron Scarisbrick - Allow PAM debug message with tac_plus password debugging option - from Aaron Scarisbrick - Allow \'s within quoted words in tac_plus.conf - from Jesse Zbikowski - Allow 'file' <password_spec> for host and user enable - part from Jeff Gehlbach via Daniel Schmidt - Fix possible buffer overflow for arap - noted by Oren Nechushtan F4.0.4.15 - Check data lengths in debugging functions - reported by Antonin Vitecek - Fix syslog facility selection - from Timo Vanoni & Josef Voggesser - Add -G/foreground option - Deal with missing socklen_t F4.0.4.14 - Add notes about PAM to the user guide and tac_plus.conf(5) - Log login failures with the username, NAS address and NAS tty - requested by Andi Bauer - ACLs were not applied through the default authentication (ie: user=DEFAULT) path - reported by Robert Lister F4.0.4.13 - Rename convert.pl to tac_convert and install it - install users_guide F4.0.4.12 - Fix typo in usage message - from Georg Schwarz - Various tac_plus.conf.5 fixes - from Georg Schwarz - escape the escape backslash of the ACL examples - from Georg Schwarz - Fix a LP64 bug where VALUE (union v) consisting of pointer was intialized like an int - reported by brad dreisbach F4.0.4.11 - Fix OS X and build problems and do not prototype errno - from Georg Schwarz F4.0.4.10 - Fix PAM for linux, which does not offer PAM_AUTHOK for pam_set_item() and requires a pam_conv function even with PAM_SILENT - reported and tested by Stefan Oettl F4.0.4.9 - clean-up bogus nopasswd_str protoypes that gcc4 did not like F4.0.4.8 - if -B is used, add the bind address in the PID filename - from Ian Dickinson - "acl" is an AV pair for service exec. Within service attribute parsing, do not parse "acl" as the acl (or connection ACL) keyword. This is a hack; the parser is rather lame - noted by Bryce Kahle - fix md4 for LP64 - do not accept skey keywords unless compiled with skey support - fix skey enable password type - bit from Ed Ravin - skey prompt ("challenge") is "S/Key challenge", not "Password" - make "daemon" the default syslog facility and add a syslog config statement - add support for user authentication via PAM F4.0.4.7 - make configure option --with-skey work - raise a few logs from INFO to NOTICE, to allow syslogd filtering of some rather noisey logs - add ACL checking for authorization, for the case where tacacs is only used for authorization. F4.0.4.6 - fix a few compiler warnings - add -e and -h options to tac_pwd - include crypt.h if it exists (solaris) - make configure options --with-{user,group}id work F4.0.4.5 - use C99 stdint.h for int types - linux's libwrap needs libnsl - variable index in md5.c conflicts with index() F4.0.4.4 - added more autoconf stuff - fix-up tac_plus.8 manpage - still need to do autoconf-time option replacement - fix-up tac_plus.conf manpage - incomplete - fix-up tac_plus help message - whitespace and formatting nits - port host clause (minus type keyword) from devrim seral's tac_plus v9 (http://www.gazi.edu.tr/tacacs/) at user request - changed user-specific enable password handling such that it if one is specified for the user, the daemon does not check the host-specific or global enable password. - make TACPLUS_ACCTFILE, TACPLUS_PIDFILE, and TACPLUS_LOGFILE autoconf knobs filling in pathsl.h and appopriate bits in manpages - separated the frequently asked questions portion of the user_guide into the file FAQ - OR successive -d (debug) options - fix md5 for LP64 F4.0.4.3 - comment out the unnecessary lex and yacc tests from autoconf F4.0.4.2 - partial autoconf setup - much more to be done - compile option IGN_HUP (ignore HUP signal) is history - rename generated_password -> tac_pwd and add manpage - rename tac_plus.1 -> tac_plus.8 - add tac_plus.confg.5 - add -h option to display usage info F4.0.4.1 - {log,pid}file permissions fixes - partically from ian freislich - add bind address (-B) option - partically from ian freislich - fix pidfile removal on exit Changes from release F4.0.3 to F4.0.4 - merge F4.0.4 changes from disaster.com
Fix void use. Add some missing prototypes and includes.
Fixed build problem with gcc4 reported by Yakovetsky Vladimir in PR 36929.
Fix errno. Define O_SYNC as O_FSYNC for DragonFly.
Add RMD160 digests.
Move to sha1 checksum, and/or add distfile sizes.
+ move the distfile digest/checksum value from files/md5 to distinfo + move the patch digest/checksum values from files/patch-sum to distinfo