PBKDF2::Tiny provides an RFC 2898 compliant PBKDF2 implementation using
HMAC-SHA1 or HMAC-SHA2 in under 100 lines of code.
WWW: http://search.cpan.org/dist/PBKDF2-Tiny/
Authen::SASL::SASLprep implements the SASLprep specification, which describes
how to prepare Unicode strings representing user names and passwords for
comparison. SASLprep is a profile of the stringprep algorithm.
WWW: http://search.cpan.org/dist/Authen-SASL-SASLprep/
reop is a simple, semi-modern wannabe PGP clone.
Supported operations include signing -S and verifying -V messages, plus
a variety of options for encrypting messages (-D -E). It does everything
you'd expect a PGP program to do. More accurately, it does everything I
expect you to expect a PGP program to do.
WWW: https://github.com/tedu/reop
This library is used to gain direct access to the functions exposed by
Daniel J. Bernstein's nacl library via libsodium or tweetnacl. It has
been constructed to maintain extensive documentation on how to use nacl
as well as being tely portable. The file in libnacl/__init__.py can be
pulled out and placed directly in any project to give a single file
binding to all of nacl.
WWW: https://libnacl.readthedocs.org
k5start is a modified version of kinit that can use keytabs to authenticate,
can run as a daemon and wake up periodically to refresh a ticket, and can run
single commands with their own authentication credentials and refresh those
credentials until the command exits.
It is commonly used to maintain Kerberos tickets for services that need to
authenticate to minimize the amount of Kerberos-related logic that must be
in the service itself.
WWW: http://www.eyrie.org/~eagle/software/kstart/
2015-01-31 audio/py-eyed3-06: In audio/abcde dependency has been changed to audio/py-eyed3
2015-01-31 mail/postfix210: Use mail/postfix instead.
2015-01-31 net-im/venom: No more support from the project
2015-02-01 security/openssh-portable66: security/openssh-portable now has all patches working. This port is obsolete.
2015-01-31 www/p5-WWW-Scraper-ISBN-Driver: Merged to www/p5-WWW-Scraper-ISBN by upstream
2015-01-31 www/p5-WWW-Scraper-ISBN-Record: Merged to www/p5-WWW-Scraper-ISBN by upstream
Asignify tool is heavily inspired by signify used in OpenBSD. However, the main
goal of this project is to define high level API for signing files, validating
signatures and encrypting using public keys cryptography. Asignify is designed
to be portable and self-contained with zero external dependencies. It uses
blake2b as the hash function and ed25519 implementation from tweetnacl.
Key features:
- Zero dependencies (libc and C compiler are likely required though), so it
could be easily used in embedded systems.
- Modern cryptography primitives (ed25519, blake2 and sha512 namely).
- Ability to encrypt files with the same keys using curve25519 based cryptobox.
- Protecting secret keys by passwords using PBKDF2-BLAKE2 routine.
- Asignify can convert ssh ed25519 private keys to the native format and verify
signatures using just ssh ed25519 public keys (without intermediate
conversions).
- Asignify provides high level API for application developers for signing,
verifying, encrypting and keys generation.
- All keys, signatures and encrypted files contain version information allowing
to change cryptographical primitives in the future without loosing of
backward compatibility.
- Plugins are no longer available separately so remove security/qca-* and
replace them with options in devel/qca
- Adjust all ports that depended on security/qca-*
- This also fixes the build of the OpenSSL plugin when OpenSSL doesn't
support SSLv2
Approved by: kde (rakuco)
2015-01-01 biology/boinc-simap: Project shutting down, see http://boincsimap.org/boincsimap/forum_thread.php?id=88
2015-01-01 security/openssh-portable-base: Overwrite-base option/port/pkg will be removed. There is no real need for foot-shooting.
2015-01-01 devel/cedet: Fails to build, use Emacs' builtin cedet package instead
2015-01-01 devel/ecb: does not work with newer Emacs versions, use the elpa package instead
- Resolve mutual conflict for security/pinentry-* ports
- Add new port security/pinentry-tty for pure console version of pinentry
- Convert security/pinentry to meta-alike port that depends on pinentry-tty by
default and installs commons files (documentation). Mark it architecture
independent.
Add new ports needed by this version:
security/rubygem-metasploit-concern
security/rubygem-metasploit-credential
security/rubygem-metasploit-model
security/rubygem-meterpreter_bins
security/rubygem-recog
American fuzzy lop is a fuzzer that employs a novel type of compile-time
instrumentation and genetic algorithms to automatically discover clean,
interesting test cases that trigger new internal states in the targeted
binary. This substantially improves the functional coverage for the
fuzzed code.
WWW: http://lcamtuf.coredump.cx/afl/
PR: 195279
Submitted by: Fabian Keil <fk@fabiankeil.de>
Dancer2::Plugin::Passphrase manages the hashing of passwords for
Dancer apps, allowing developers to follow cryptography best practices
without having to become a cryptography expert. It uses the bcrypt
algorithm as the default, while also supporting any hashing function
provided by Digest.
WWW: http://search.cpan.org/dist/Dancer2-Plugin-Passphrase/
PR: 194962
Submitted by: Henk van Oers <hvo.pm@xs4all.nl>
A user authentication and authorisation framework plugin for Dancer2 apps.
Makes it easy to require a user to be logged in to access certain
routes, provides role-based access control, and supports various
authentication methods/sources (config file, database, Unix system
users, etc).
Designed to support multiple authentication realms and to be as
extensible as possible, and to make secure password handling easy (the
base class for auth providers makes handling `RFC2307'-style hashed
passwords really simple, so you have no excuse for storing plain-text
passwords).
WWW: http://search.cpan.org/dist/Dancer2-Plugin-Auth-Extensible/
PR: 194961
Submitted by: Henk van Oers <hvo.pm@xs4all.nl>
Gnome 3.14.1 and Cinnamon 2.2.16 are supported on FreeBSD 9.3-RELEASE and up.
This commit removes the old GNOME 2 desktop, bindings and some ports that
can't be compiled. A few ports where updated to more recent versions to
allow them to compile with this update.
Apart from updating ports to newer versions
GDM is more integrated with gnome-shell now, and handles several things for
the GNOME desktop such as screen locking. If you want to use GNOME 3 via
startx, you will have to add your own lock screen/screensaver. For example xscreensaver
can be used for sessions started without GDM.
Shell Extensions can be installed via https://extensions.gnome.org/ , we have
ported a few that can't be installed via this way.
The old gnome-utils and gnome-games ports where split up into single ports
and where converted to meta-ports.
gnome-terminal requires a UTF-8 locale to run, gdm handles this already, but
if you use startx you need to do this yourself.
Upgrade instructions:
Delete the old and conflicting packages:
# pkg delete clutter gnome-utils gnome-panel gnome-keyring vala-vapigen \
guile gcalctool gnome-media libgnomekbd
# pkg delete gnome-screensaver gnome-applets bug-buddy evolution-exchange \
evolution-webcal gnome-system-tools seahorse-plugins gnome-control-center
For package users the following lines will be enough:
# pkg upgrade
# pkg install gnome3
For ports users should do the following:
# portmaster -a
# portmaster x11/gnome3
We are currently aware of two issues. The first issue is a bug in the
file monitoring code in the glib20 port. This bug causes glib programs
to crash when files in a monitored directory are added or removed.
Upstream is aware of the problem, but since the problem is quite complex
there is no solution yet. This problem isn't restricted to BSD.
The second issue is that on certain video cards totem will display a
purple/pink overlay on the video. It not clear yet where the issues
comes from.
Major thanks goes to Gustau Perez for being a driving force behind getting
GNOME 3 up to speed again. Also thanks to Antoine Brodin for running the exp-runs.
This update was also made possible by:
Joe Maloney
Kris Moore
Beeblebrox
Ryan Lortie
Antoine Jacoutot
and everyone I missed
- Update to 0.9.0
- Remove pinentry-gtk port (GTK+ 1 support is discontinued upstream)
- Ignore Qt 4 frontend on 10 and greater, it fails to build with clang/libc++
1.11 remains a maintenance release.
- Update security/krb5 1.12.2 --> 1.13
- Copy the old security/krb5 1.12.2 to security/krb5-112
(now a maintenance release supported by MIT)
- Move the old krb5-maint (1.11.5: old maintenance release) to
security/krb5-111 (the old maintenance release still supported by MIT)
This port was retired at version 0.3.8 because wpa_supplicant is
part of FreeBSD base. However, the last few releases have had a period
of only a few months, so the base is always going to be behind. DragonFly
is also affected, so I'm bringing the port back at the latest version.
It features the same patches as FreeBSD including the conversion to use
libutil's pidfile routines. There are some additional patches for
DragonFly support and to fix some bugs from the 9 Oct 2014 release.
The WPA Supplicant build system has been converted to ports options, and
there are dozens of them. I've set the defaults to match the
configuration in base and verified that it builds with all options
selected at once.
The Rekall Framework is a completely open collection of tools, implemented in
Python under the GNU General Public License, for the extraction of digital
artifacts from volatile memory (RAM) samples. The extraction techniques are
performed completely independent of the system being investigated but offer
visibility into the runtime state of the system. The framework is intended to
introduce people to the techniques and complexities associated with extracting
digital artifacts from volatile memory samples and provide a platform for
further work into this exciting area of research.
WWW: http://www.rekall-forensic.com/
for verifying whether a certificate is valid for the intended
purposes.
In the simplest case, this means host name verification.
However, service_identity implements RFC 6125 fully and
plans to add other relevant RFCs too.
WWW: https://github.com/pyca/service_identity
PR: 193930
Submitted by: Axel Rau <axel.rau@chaos1.de>
The Fedora 10 infrastructure ports have been in use since June 2009 and, while
having served a great deed, have become unsupported upstream and hence affected
by unfixed security vulnerabilities. In addition to that, many recent Linux
binaries need newer libc / stdlibc++ versions.
This commit adds the linux-c6- userland as drop-in replacement for the -f10
infrastructure, as well as upgrading the linux_base-c6 port to CentOS 6.5.
If you want to switch to linux-c6 ports, please define at /etc/make.conf:
OVERRIDE_LINUX_BASE_PORT=c6
OVERRIDE_LINUX_NONBASE_PORTS=c6
Additionally, please add the following line to /etc/sysctl.conf:
compat.linux.osrelease=2.6.18
Upgrading procedures are shown in /usr/ports/UPDATING.
This work has been inspired by Artyom Mirgorodskiy's post to emulation@ in
November 2013, using and extending mav@'s work. It has been tested extensively
and most reported issues were already fixed. Please report any additional bug
or "features" to the emulation mailing list.
Many thanks to: mav@, rene@, allanjude@, netchild@, antoine@, everyone who's
filed Issues and Pull requests on GitHub,
PR: 186820
Differential Revision: https://reviews.freebsd.org/D793
Reviewed by: allanjude, antoine, bapt, rene
Approved by: portmgr (antoine, bapt)
Approved by: koobs (mentor)
Sponsored by: Perceivon Hosting Inc.
