Path to this page:
Next | Query returned 7 messages, browsing 1 to 10 | previous
CVS Commit History:
2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605) |
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
|
2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606) |
Log message:
security: Remove SHA1 hashes for distfiles
|
2021-03-08 13:39:33 by Ryo ONODERA | Files touched by this commit (2) |
Log message:
gnu-pw-mgr: Update to 2.7.4
* Use pkgsrc libtool.
* Use MASTER_SITE_GNU as MASTER_SITES.
Changelog:
New in 2.7.4 - September 2020
New in 2.4 - August, 2018
disable the --use-pbkdf2 option and implement --rehash as replacement
* the default "rehash" count is printed with --status output
* security question answers can now be stable across password
changes. Two answers are now printed: the deprecated version
that changes with the rehash count, and the new version that
is stable.
New in 2.2 - June, 2018
* Chase Bank has added the password restriction that no three characters
may be in sequence. So look for that and fix it, if need be.
* Let people know when they last modified a password.
Mark the day when the pbkdf2 count is modified.
* The confirmation value printed out is a hash based on the confirmation
string and the current password. So, if the password changes, then
so does the confirmation string. Not ideal. This change restricts
the hashing source to just the password id and the confirmation
string.
* Users may now specify a config file other than the default.
New in 2.0 - May, 2016
* A new option --shared to implement sharing passwords.
This allows shared logins with secure passwords and still
keeps all the other passwords very secret. See the docs for
the rationale and usage.
|
2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046) |
Log message:
all: migrate several HOMEPAGEs to https
pkglint --only "https instead of http" -r -F
With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.
This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
|
2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434) |
Log message:
Add SHA512 digests for distfiles for security category
Problems found locating distfiles:
Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
Package libidea: missing distfile libidea-0.8.2b.tar.gz
Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
Package uvscan: missing distfile vlp4510e.tar.Z
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
|
2015-08-21 17:20:33 by Thomas Klausner | Files touched by this commit (2) |
Log message:
Update to 1.5:
New in 1.5 - August, 2015
* PIN number passwords got broken somewhere along the line.
Nobody much uses tham. (A good thing.)
|
2015-06-01 14:57:14 by Thomas Klausner | Files touched by this commit (4) |
Log message:
Import gnu-pw-mgr-1.4 as security/gnu-pw-mgr.
GNU gnu-pw-mgr is a password manager designed to make it easy to
reconstruct difficult passwords when they are needed, while limiting
the risk of attack. The user of this program inputs a very long
initial password "seed" and a self-defined transformation of a web
site URL to obtain both the password and a user name hint for that
web site. The seed is stored in a hidden file. However, the passwords
and the URL transforms are never stored anywhere. You must remember
this transform (password id), or the password is lost forever.
|
Next | Query returned 7 messages, browsing 1 to 10 | previous