This is RATS, a rough auditing tool for security, developed by
Secure Software Solutions. It is a tool for scanning source code
(C, C++, Perl, and Python) and flagging common security related
programming errors such as buffer overflows and TOCTOU (Time Of
Check, Time Of Use) race conditions. As its name implies, the tool
performs only a rough analysis of source code. It will not find
every error and will also find things that are not errors. Manual
inspection of your code is still necessary, but greatly aided with
this tool.
Obtained from: OpenBSD
- stripped down some patches
20010617
- (djm) Pull in small fix from -CURRENT for session.c:
typo, use pid not s->pid, mstone@cs.loyola.edu
20010615
- (stevesk) don't set SA_RESTART and set SIGCHLD to SIG_DFL
around grantpt().
20010614
- (bal) Applied X11 Cookie Patch. X11 Cookie behavior has changed to
no longer use /tmp/ssh-XXXXX/
20010528
- (tim) [conifgure.in] add setvbuf test needed for sftp-int.c
Patch by Corinna Vinschen <vinschen@redhat.com>
Approved by: dwcjr@freebsd.org
Changelog for version 3.20, 2001.08.15, urgency: LOW:
* setsockopt() optlen set according to the optval for Solaris.
* Minor NetBSD compatibility fixes by Martti Kuparinen.
* Minor MSVC6 compatibility fixes by Patrick Mayweg.
* SSL close_notify timeout reduced to 10 seconds of inactivity.
* Socket close instead of reset on close_notify timeout.
* Some source arrangement and minor bugfixes.
PR: 29766
Submitted by: maintainer
to determine the location of utmp by nosing around /var/run,
/var/adm, and so on. This fails in bento's build environment,
and it's not the right thing to do anyway.
* All patches except sysutils/kdeadmin/files/patch-rpmMessages.c:
- Either obsoleted or merged into KDE.
* All pkg-plists:
- Huge diffs are due to mass conversion from static HTML pages
to XML/XSL versions.
* audio/kdemultimedia2:
- aRts + Noatun, etc. now work and play MP3s et al properly,
using the mpg123 aRtsplugin. Remove mpeglib[,_artsplug]
from compile.
* converters/kdesupport2:
- Obsolete. No longer used in this version of KDE.
* deskutils/kdepim:
- Use autoconf and account for brokenness in the configure
script by replacing invocations of INSTALL under libical
with the proper incantations.
- Per David O'Brien's request, move libimap to libkimap;
this was performed by Rik Hemsley <rikkus@kde.org>.
* devel/kdesdk:
- New module with some helpful tools. One in particular that
seems demanded is ``kbabel'', which, as I've been told, is
a translator's wet dream.
- Workaround dumb problem in kbabel's libgettext (which I could
not figure out how to remove) by replacing its error() with
errc(). KBabel seems to run fine with this patch.
* devel/kdevelop:
- Fix lame check for libkdeui.so.* by replacing it with just
a check for libkdeui.so. It's been/being removed from
kdevelop after 2.2.
* editors/koffice:
- Fix kivio compile errors by substituting in PTHREAD_LIBS
in the correct place. Compensate for kivio's dependency
on pthreads by changing kivio to use LD_PRELOAD=/usr/lib/libc_r.so
in kivio.desktop.
* games/kdegames2:
- Some new games.
* graphics/kdegraphics2:
- Fix link errors in libkscan and kamera where they
require gettext (ie: add -lintl).
- Fix compile error in kamera.cpp which is dependent on a
correctly done gphoto2.. of course, this will only help
people who've manually installed gphoto2 themselves.
* net/kdenetwork2:
- Mimelib was moved here (reason for removal of kdesupport2).
* misc/kdeaddons:
- New module to FreeBSD ports; some simple addons for KDE2.
Suggested by Lauri Watts <lauri@kde.org>.
* misc/kdeutils2:
- Added a couple manpages.
* x11-clocks/kdetoys2:
- Some new apps.
* sysutils/kdeadmin:
- Remove kuser from compile because it has some problems. ;\
* x11/kdelibs2:
- Add libFAM dependency to help people who run FAM; FAM
increases the overall desktop responsiveness.
Submitted by Lauri Watts <lauri@kde.org>.
- Add CUPS dependency to bring in KDE's new print system.
- Add bzip2/libxml2 dependencies to support the new help kioslave.
- Disable installation of libltdl stuff to prevent conflicts
with other stuff. Submitted by wjv.
- Add pkg-req script to avoid conflicts with kdelibs11; add
to Makefile too. Submitted by benno.
- Be sure to remove the pth header conflicts stuff from the
arts/mcop_mt section.
- Fix problem with configure trying to find -lfam in the
wrong place.
- Remove kspell and api subdirs from doc; we don't need them,
and there are problems trying to build/install them.
Submitted by Lauri Watts <lauri@kde.org>.
* x11/kdebase2:
- Solve link permissions problem by changing the modes on
files installed by kdesktop/init/Templates to 644.
Submitted by Jim Durham <durham@w2xo.pgh.pa.us>.
* x11/kde2:
- Bump version; no other changes.
Special thanks to Lauri Watts <lauri@kde.org> for helping me test
packages generated by these changes on a virgin system. I believe
that this is the best-tested update I've ever done for KDE, and it
really shines this time around.
I just noticed there are a couple other PRs in the PR db that need
to be addressed. I will take care of those by tomorrow. Sorry...
PR: 22735, 28549
Blanket approval by: demon (kdesdk, kdevelop)
* MAX_CLIENTS is calculated based on FD_SETSIZE, now.
* Problems with closing SSL in transfer() fixed.
* -I option to bind a static local IP address added.
* Debug output of info_callback redesigned.
o Reorder MASTER_SITES
PR: 29358
Submitted by: maintainer
been broken by the incompatibility between db3.2 and db3.3.
I am unconditionally bumping the PORTREVISION's to eliminate possible
troubles that should not happen before the coming release.
Sorry for inconvenience. I'll try to check compatibility hard before
committing next time.
MMDDYY to make it monotonic). This is a utility for generating a set of
HTML reports/summaries based on snort alert files.
At the moment we only enable the HTML generation features. There are other
features such as the ability to annotate incidents in the report which
are not currently enabled.
Change MASTER_SITES.
NB: This versioning is bogus. Unfortunately, there is no official
release of pam_krb5 yet, but it has substantially changed. I made
this release based on what is in CVS.
of country-code based aliases for the debian mirrors. Someone with
power to commit to bsd.sites.mk should, of course, move it there
ASAP.
Get ready for upgrade to 0.5.1 -- noone else stepped forward to do this.
The coolest feature is a new scan type -- Idlescan!
The quick synopsis is that this is a completely blind scan (meaning no
packets are sent to the target from your real IP address). Instead, a
unique side-channel attack exploits predictable "IP fragmentation ID"
sequence generation on the zombie host to glean information about the
open ports on the target.
Add missing files to pkg-plist
Update to 2.2.2
Change dependency to look for bzip shared lib instead of static lib
Update patch-aa to work with new version
PR: 28517
Submitted by: Pete Fritchman <petef@databits.net>
- change = to += in CONFIGURE_ARGS
- add magic to allow build as a non-root user
- improve pkg-comment
- add WWW: to pkg-descr
PR: ports/28561
Submitted by: Pete Fritchman <petef@databits.net>
when used standard login via telnet or console
However when used openssh, then sshd does not setup LANG & MM_CHARSET into envir
onment for user in russian class
Code for this operation did not exists in openssh port !
PR: 21146
Submitted by: odip@bionet.nsc.ru
The committed version differs from the one in the PR. It is supplied by
the maintainer after a round of fixes.
PR: 28127
Submitted by: Arnaud S. Launay <asl@launay.org>
OK'ed by: markm
* change default keytab to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab,
the new keytab type that tries both of these in order (SRVTAB is
also an alias for krb4:)
* improve error reporting and error handling (error messages should
be more detailed and more useful)
* improve building with openssl
* add kadmin -K, rcp -F
* fix two incorrect weak DES keys
* fix building of kaserver compat in KDC
* the API is closer to what MIT krb5 is using
* more compatible with windows 2000
* removed some memory leaks
* bug fixes
- Features:
Possible use of sftp/sftp-server with older FreeBSD releases.
Use a newer version independently from the Base system.
Easier to test and fix possible security bugs.
- Bugs:
build of pam_ssm.so isn't be supported any more
Any file named "cookie" can be deleted by this and any older "sshd"
with X11 Forwarding.
-- Added a whole bunch of new OS fingerprints (and adjustments)
ranging from big important ones (Linux 2.4.X, OpenBSD 2.9, FreeBSD
4.3, Cisco 12.2.1, MacOS X, etc) to some that are more obscure (
such as Apple Color LaserWriter 12/660 PS and VirtualAccess
LinxpeedPro 120 )
-- Tweaked TCP Timestamp and IP.ID sequence classification algorithms
Install docs, honoring NOPORTDOCS.
PR: 27649 - the problem of unrecognized ether ifaces;
27874 - the maintainer patch.
Reported by: Jason Swank <jswank@colltech.com> (the problem)
Submitted by: maintainer (the patch)
+ fixes a problem that kept UDP RPC scanning from working unless you were
also doing a TCP scan.
+ updated to latest version of rpc program number list
OpenSSH portable, which has GNU-configure and more.
Diffs to OpenSSH-OPenBSD are huge.
So this is here a complete diffrent branch, no repro-copy
- Did a bit cleanup in the Makefile
Submitted by: dwcjr@inethouston.net
It doesn't work properly yet, but I'd appreciate if someone could
investigate the problem further. (Seems it always fails to
authenticate due to PAM_MODULE_UNKNOWN)
ALso, note that it doesn't even load a module successfully because
FreeBSD's PAM modules are not linked with libpam.so. Add -lpam to
LDADD, then rebuild and reinstall PAM modules before trying this
library out.
due to non-backwards compatible changes. The shlib bump necessitates
a corresponding bump in bsd.port.mk for the automagic openssl
dependency. Mistakes in the port are my responsibility. Approval for
the bsd.port.mk commit comes through asami -> kkenn -> me. Kris is
a little busy at the moment, so he asked me to lob it in.
Approved by: kris
Remove shells/ruby-shell as it is now part of the standard distribution.
(in both Ruby 1.6.4 and 1.7.0)
Mark security/ruby-sha1 broken for Ruby >= 1.7.0, as it is also part of the
standard distribution now.
****IMPORTANT NOTES****
* Notice: This emergency DAT release has been
produced to provide protection for the
VBS/VBSWG virus variant also known as "Mawanella".