The Crypt::OpenSSL::AES module implements a wrapper around
OpenSSL's AES (Rijndael) library.
PR: ports/125387
Submitted by: John Ferrell <jdferrell3 at yahoo.com>
tool. It is meant to complement active crawlers and manual proxies more
commonly used for this task, and is optimized specifically for an accurate and
sensitive detection, and automatic annotation, of potential problems and
security-relevant design patterns based on the observation of existing,
user-initiated traffic in complex web 2.0 environments.
WWW: http://code.google.com/p/ratproxy/
PR: ports/125249
Submitted by: Steven Kreuzer <skreuzer@exit2shell.com>
- Change clamav-milter startup script to wait clamav-milter socket be created
before try to chmod it [1]
PR: ports/124643 [1]
Submitted by: Adrian Thearle <adrian@thearle.com.au> [1]
servers via a single "gateway" host. It is useful for establishing Net::SSH
connections to servers behind firewalls, but can also be used to forward ports
and establish connections of other types, like HTTP, to servers with i
restricted access.
* Easily manage forwarded ports
* Establish Net::SSH connections through firewalls
WWW: http://net-ssh.rubyforge.org/gateway
PR: ports/125053
Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com>
SSH (and requires the Net::SSH library), and allows files and directory trees
to copied to and from a remote server.
* Transfer files or entire directory trees to or from a remote host via SCP
* Can preserve file attributes across transfers
* Can download files in-memory, or direct-to-disk
* Support for SCP URI's, and OpenURI
WWW: http://net-ssh.rubyforge.org/scp
PR: ports/125052
Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com>
"OTR button" functionality have been moved to a menu. Also, "Buddy
authentication has been revamped, based on the user study published
in SOUPS 2008." The old authentication methods are still allowed.
This version adds locale files for ar, de, hu, and ru.
Drop the specific library version number for libpurple to
(hopefully) avoid churn down the road.
Assume maintainership, and add my website to MASTER_SITES.
Approved by: Maintainer timeout
"OTR button" functionality have been moved to a menu. Also, "Buddy
authentication has been revamped, based on the user study published
in SOUPS 2008." The old authentication methods are still allowed.
In this version support for pkgconfig has been added, and the
shared library version number has been bumped.
This port has 3 consumers, net-im/climm, security/kopete-otr, and
security/pidgin-otr. Maintainers of the first two have confirmed
that this update works for them. An update for pidgin-otr is next.
This has been tested against pidgin 2.4.2 and 2.4.3.
Finally, I'm taking over maintainership per agreement with the
current maintainer.
The port is deprecated since it is not supported by the FreeBSD
Security Officer anymore. The reason for this is that the ca-roots
port makes promises with regard to CA verification which the current
Security Officer (and deputy) do not want to make.
For people who need a general root certificate list see the
security/ca_root_ns, but note that the difference in guarantees with
regard to which CAs are included in ca_root_ns vs. ca-roots. The
ca_root_ns port basically makes no guarantees other than that the
certificates comes from the Mozilla project.
Note that the ca-roots MOVED file entry on purpose does not point at
ca_root_ns due to the change in CA guarantees.
With hat: security-officer
- User RF macro.
PR: ports/125028
Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com>
Approved by: Roderick van Domburg <r.s.a.vandomburg@nedforce.nl> (maintainer)
- User RF macro.
PR: ports/125016
Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com>
Approved by: Roderick van Domburg <r.s.a.vandomburg@nedforce.nl> (maintainer)
Unlike previous major version bumps, this time ABI hasn't changed, so
the shared libraries' versions stayed the same. Therefore, this update
doesn't requite any special handling.
- 2008-06-12 - Snort 2.8.2.1
[*] Improvements
* Fix support for pass rules that sometimes did not take precedence
over alert and/or drop rules.
PR: ports/124717
Submitted by: Michael Scheidell <scheidell_AT_secnap dot net>
Single Packet Authorization (SPA).
fwknop stands for the "FireWall KNock OPerator", and
implements an authorization scheme called Single Packet
Authorization (SPA). This method of authorization is based
around a default-drop packet filter (fwknop supports both
iptables on Linux systems and ipfw on FreeBSD and Mac OS X
systems) and libpcap.
SPA requires only a single encrypted packet in order to
communicate various pieces of information including desired
access through an iptables policy and/or complete commands
to execute on the target system. By using iptables to
maintain a "default drop" stance, the main application of
this program is to protect services such as OpenSSH with
an additional layer of security in order to make the
exploitation of vulnerabilities (both 0-day and unpatched
code) much more difficult. With fwknop deployed, anyone
using nmap to look for sshd can't even tell that it is
listening; it makes no difference if they have a 0-day
exploit or not. The authorization server passively monitors
authorization packets via libcap and hence there is no
"server" to which to connect in the traditional sense.
Access to a protected service is only granted after a valid
encrypted and non-replayed packet is monitored from an
fwknop client (see the following network diagram; the SSH
session can only take place after the SPA packet is monitored):
PR: ports/118229
Submitted by: Sean Greven <sean.greven@gmail.com>
the vpopmail support was removed with 0.60.3 (because none felt responsible
for maintaining it in courier-authlib) - this commit adds - togehter with
this update - a patch which patches the vpopmail support back into 0.60.4
(because at least I need the interaction with vpopmail!).
