head 1.5; access; symbols pkgsrc-2013Q2:1.5.0.46 pkgsrc-2013Q2-base:1.5 pkgsrc-2012Q4:1.5.0.44 pkgsrc-2012Q4-base:1.5 pkgsrc-2011Q4:1.5.0.42 pkgsrc-2011Q4-base:1.5 pkgsrc-2011Q2:1.5.0.40 pkgsrc-2011Q2-base:1.5 pkgsrc-2009Q4:1.5.0.38 pkgsrc-2009Q4-base:1.5 pkgsrc-2008Q4:1.5.0.36 pkgsrc-2008Q4-base:1.5 pkgsrc-2008Q3:1.5.0.34 pkgsrc-2008Q3-base:1.5 cube-native-xorg:1.5.0.32 cube-native-xorg-base:1.5 pkgsrc-2008Q2:1.5.0.30 pkgsrc-2008Q2-base:1.5 pkgsrc-2008Q1:1.5.0.28 pkgsrc-2008Q1-base:1.5 pkgsrc-2007Q4:1.5.0.26 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.5.0.24 pkgsrc-2007Q3-base:1.5 pkgsrc-2007Q2:1.5.0.22 pkgsrc-2007Q2-base:1.5 pkgsrc-2007Q1:1.5.0.20 pkgsrc-2007Q1-base:1.5 pkgsrc-2006Q4:1.5.0.18 pkgsrc-2006Q4-base:1.5 pkgsrc-2006Q3:1.5.0.16 pkgsrc-2006Q3-base:1.5 pkgsrc-2006Q2:1.5.0.14 pkgsrc-2006Q2-base:1.5 pkgsrc-2006Q1:1.5.0.12 pkgsrc-2006Q1-base:1.5 pkgsrc-2005Q4:1.5.0.10 pkgsrc-2005Q4-base:1.5 pkgsrc-2005Q3:1.5.0.8 pkgsrc-2005Q3-base:1.5 pkgsrc-2005Q2:1.5.0.6 pkgsrc-2005Q2-base:1.5 pkgsrc-2005Q1:1.5.0.4 pkgsrc-2005Q1-base:1.5 pkgsrc-2004Q4:1.5.0.2 pkgsrc-2004Q4-base:1.5 pkgsrc-2004Q3:1.4.0.2 pkgsrc-2004Q3-base:1.4 pkgsrc-2004Q2:1.3.0.6 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.3.0.4 pkgsrc-2004Q1-base:1.3 pkgsrc-2003Q4:1.3.0.2 pkgsrc-2003Q4-base:1.3 buildlink2-base:1.3 netbsd-1-5-PATCH001:1.2 netbsd-1-5-RELEASE:1.2 netbsd-1-4-PATCH003:1.2; locks; strict; comment @# @; 1.5 date 2004.12.15.21.16.32; author jlam; state dead; branches; next 1.4; 1.4 date 2004.09.10.21.12.21; author wiz; state Exp; branches; next 1.3; 1.3 date 2001.06.04.16.18.22; author abs; state dead; branches; next 1.2; 1.2 date 2000.10.02.16.43.45; author abs; state Exp; branches; next 1.1; 1.1 date 2000.09.13.01.00.48; author wiz; state Exp; branches; next ; desc @@ 1.5 log @Explicitly add the dependency on OpenSSL for encryption and bump the PKGREVISION. Remove unnecessary patch-af for working around DES API differences between OpenSSL 0.9.6 and 0.9.7. @ text @$NetBSD: patch-af,v 1.4 2004/09/10 21:12:21 wiz Exp $ --- src/encrypt.c.orig 2002-06-20 15:38:34.000000000 +0200 +++ src/encrypt.c @@@@ -38,7 +38,12 @@@@ #if defined(HAVE_LIBCRYPTO) || defined(HAVE_OPENSSL_DES_H) /* must be des.h from OpenSSL */ -# include +# include +# if OPENSSL_VERSION_NUMBER < 0x0090700fL +# include +# else +# include +# endif # define USE_SSL 1 #endif @ 1.4 log @Make compile on 2.0_BETA. Also tested on 1.6.2. @ text @d1 1 a1 1 $NetBSD$ @ 1.3 log @Update cfengine to 1.6.3 * Expansion of $(dollar) broken in 1.6.0 - fixed * Locking problem in cfd fixed. Problem causing access denied while re-reading config files. MAXTRIES increased for high volume services, was causing premature apoptosis. dest= could not refer to a filename with spaces, fixed. * Made recipient variables in client.c long instead of size_t in rstat, for 64 bits. With %ld in scanf. * Cfengine 1.6.0-1.6.3 introduces filters into processes and files. * 1.6.3 change from Berkeley DB2 to DB3 - not backward compatible!!! Update Berkeley db with cd build_unix ../dist/configure make; make install ln -s /usr/local/BerkeleyDB.3.2 /usr/local/BerkeleyDB 2000-06-13 David Masterson * 1.6.0.a2: re-released to Mark after stupid mistakes. * src/Makefile.am (noinst_HEADERS): add cfparse.h * Makefile.am (EXTRA_DIST): add acconfig.h 2000-06-12 David Masterson * 1.6.0.a2: released to Mark * General: Attempted to convert to reincorporate all my Automake stuff into the release. 2000-06-12 Mark Burgess * 1.6.0-alpha1: released * General: Rewrite of DCE code by Transarc/IBM. Add elsedefine= tag as complement to define=. CompressCommand action=compress in files, tidy, compress=true for compressing files on the fly. Bug in copy with size= fixed. Was ignored if file didn't exist. Modules: in addition to setting classes, can return lines =ENVVAR=value which sets cfengine environment variables. This allows modules to set variables which can be inherited directly by scripts. 2000-05-11 David Masterson * contrib/Makefile.am (pkgdata_SCRIPTS): change cfemacs.el to cfengine.el in keeping with internal documentation. Also renamed the file as well. 2000-05-08 David Masterson * Release: V1.6 released to Mark for verification. * Everything: Many things have been changed and reorganized for the shift to automake generated Makefiles. See the end of the NEWS file for more information. 2000-04-24 David Masterson * ChangeLog: Created and initialized with old VERSION.DIFF ***************** Minor Version 5 ******************** KNOWN BUGS: linux, when making directories, ownership can perms can be wrong. 1.5.4 Added security message in checksum=md5 for cfengine if new files appear Bug in class evaluation with multiple embedded groups fixed Bug in file transfer could hang a server in special circumstances. Bug in secure recursive copy (access denied incorrectly). Type change, size is off_t in cfstat struct Multiple define bug in copy: could cause endless loop Thread counting error fixed in cfd Required/disk suspicious warnings now cause classes to be defined Resolver could delete substring lines Extra measures against Denial of Service attacks on cfd, only one instance of a host-IP may be connected at one time. 1) Multiple connections from the same host are refused by default (before any recv()) 2) A DenyConnectionsFrom list will prevent named IP adresses from connecting (before any recv) or a general AllowConnectionsFrom mask... 3) If the thread table is full for more than five requests, cfd commits suicide (apoptosis) to avoid resource usage by spamming. The control variable "DenyConnectionsFrom = ( ip1 ip2 ... )" allows a list of numerical IP masks to be specified, which cfd will deny connections from. This can be used to prevent hanging connection attacks from malicous hosts and other Denial of Service attacks. e.g. cfd.conf control: AllowConnectionsFrom ( 128.39.89 ) DenyConnectionsFrom = ( 128.39.89.4 ) This is in addition to tcp wrapper stuff, but the TCP wrapper code cannot protect against denial of service attacks. typecheck=false in copy switches off error messages on type mismatch. @ text @d1 1 a1 1 $NetBSD: patch-af,v 1.2 2000/10/02 16:43:45 abs Exp $ d3 3 a5 8 --- src/log.c.orig Mon Oct 2 17:38:13 2000 +++ src/log.c @@@@ -71,12 +71,12 @@@@ if (LOGGING && (getuid() == 0)) { - syslog(LOG_ERR,string,VFQNAME); + syslog(LOG_ERR,"%s",string,VFQNAME); d7 11 a17 24 if (strlen(errstr) != 0) { - syslog(LOG_ERR,errstr,VFQNAME); - syslog(LOG_ERR,strerror(errno),VFQNAME); + syslog(LOG_ERR,"%s",errstr,VFQNAME); + syslog(LOG_ERR,"%s",strerror(errno),VFQNAME); } } break; @@@@ -110,11 +110,11 @@@@ case cflogonly: if (LOGGING && getuid() == 0) { - syslog(LOG_INFO,string,VFQNAME); + syslog(LOG_INFO,"%s",string,VFQNAME); if ((errstr == NULL) || (strlen(errstr) > 0)) { - syslog(LOG_ERR,errstr,VFQNAME); + syslog(LOG_ERR,"%s",errstr,VFQNAME); } } @@@@ -125,7 +125,7 @@@@ a18 18 if (LOGGING && (getuid() == 0)) { - syslog(LOG_ERR,string,VFQNAME); + syslog(LOG_ERR,"%s",string,VFQNAME); } if (string[strlen(string)-1] != '\n') @@@@ -141,8 +141,8 @@@@ if (LOGGING && (getuid() == 0)) { - syslog(LOG_ERR,errstr,VFQNAME); - syslog(LOG_ERR,strerror(errno),VFQNAME); + syslog(LOG_ERR,"%s",errstr,VFQNAME); + syslog(LOG_ERR,"%s",strerror(errno),VFQNAME); } } return; @ 1.2 log @Update to 1.5.3nb3: Always pass %s to syslog to avoid potential format string exploit. (Action based on alert by Pekka Savola on Bugtraq) @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Fix #ifdef's to make the program compile even if rsaref's des.h is installed. Fixes pkg/9835 by Michael Wolfson. @ text @d3 8 a10 10 --- src/encrypt.c.orig Wed Aug 11 11:32:33 1999 +++ src/encrypt.c @@@@ -39,6 +39,8 @@@@ #ifdef HAVE_LIBCRYPTO /* must be des.h from OpenSSL */ # ifdef HAVE_OPENSSL_DES_H # include +# else +# undef HAVE_LIBCRYPTO # endif #endif d12 43 @