Net::Server::Mail::ESMTP::AUTH is an extension to provide
support for SMTP authentication with Net::Server::Mail::ESMTP
module.
Currently only LOGIN and PLAIN methods are supported.
WWW: http://search.cpan.org/dist/Net-Server-Mail-ESMTP-AUTH/
Author: Sylvain Cresto <scresto [_at_] gmail.com>
PR: ports/114785 (with corrections)
Submitted by: Zane C. Bowers <vvelox@vvelox.net>
- Fix error when changing ownership of spool directory
Changelog prelude-manager 0.9.9:
- Update configuration template, add documentation for Prelude
generic TCP options.
- Implement modified patch from Pierre Chifflier <chifflier@inl.fr>
to fix the example log path (fix#224).
- Move IDMEF message normalization in the scheduler, rather than
doing it upon reception. This remove some load from the server
and allow Prelude-Manager own IDMEF messages to go through the
normalizer path.
- Implement heartbeat->analyzer normalization.
- Improve IPv4 / IPv6 address normalization.
IPv4 mapped IPv6 addresses are now mapped back to IPv4.
Additionally, the Normalize plugin now provide two additionals option:
ipv6-only: Map any incoming IPv4 address to IPv6.
keep-ipv4-mapped-ipv6: do not map IPv4 mapped IPv6 addresses back to
IPv4.
- Make a difference between exceptional report plugin failure (example:
a single message couldn't be processed) and "global" plugin failure
(example: database server is down). We use a different failover for
'exceptional' failure, so that we don't try to reinsert a bogus message
(fix#247).
- Start of a Prelude-Manager manpages (#236).
- Various bug fixes.
PR: ports/115233
Submitted by: maintainer (Robin Gruyters)
- Use libxml2 in USE_GNOME (instead of LIB_DEPENDS)
- Use USE_PYTHON_BUILD instead of USE_PYTHON
- bump PORTREVISION
PR: ports/115457
Submitted by: maintainer (Gea-Suan Lin)
Tested on two systems, and until works perfectly.
Changelog snort-2.7.0.1:
* etc/snort.conf:
Turn off flow since Stream5 is now enabled by default.
* src/snort.c:
Fix printing of threshold counts until after all rules are read.
This issue did not affect thresholding, only display of thresholding.
Thanks to Jeffrey Denton for reporting the problem.
* src/sfutil/ipobj.c:
Fix free of invalid pointer when using a negated IP list.
This is used by sfportscan preprocessor configuration parsing.
Thanks to Anders Ostrem for reporting the problem.
* src/preprocessors/Stream5/snort_stream5_session.c:
Fixed issue when experimental ICMP tracking is used without using
the TCP or UDP session tracking. ICMP was attempting to lookup
TCP or UDP sessions from uninitialized session cache. Thanks to
Koji Shikata for reporting the problem.
* src/preprocessors/Stream5/snort_stream5_tcp.c:
Fixed invalid session pointer when rule tries to use flowbits after
session ends. Thanks to rmkml for initially reporting the problem.
PR: ports/115294
Submitted by: Robin Gruyters <r dot gruyters_AT_yirdis dot nl>
sudo_noexec.so to unbreak NOEXEC option. [1]
- Build using --with-secure-path if SUDO_SECURE_PATH is set when
building the port. SUDO_SECURE_PATH should be set to a PATH string.
[2]
- Don't bother deleting sudo_noexec.la. Deleting the file after it's
installed is ugly and since it's not harmful it's not worth patching
the install.
- Set CONFIGURE_TARGET.
PR: 115442 [1], 115381 [2]
Submitted by: vd [1], Janos Mohacsi [2]
ClamTk is a GUI front-end for ClamAV using gtk2-perl. It is designed to
be an easy-to-use frontend for Unix systems.
WWW: http://clamtk.sourceforge.net/
Author: Dave M <dave.nerd@gmail.com>
provides Web Single SignOn (SSO) across or within organizational
boundaries. It allows sites to make informed authorization decisions
for individual access of protected online resources in a
privacy-preserving manner.
This software is a C++ implementation of the Service Provider
component of the Shibboleth can be used in Apache Web servers. The
service provider manages secured resources. User access to resources
is based on assertions received by the service provider (SP) from
an identity provider.
WWW: http://shibboleth.internet2.edu/
PR: ports/114663
Submitted by: Janos Mohacsi <janos.mohacsi@bsd.hu>
See: FreeBSD-SA-07:06.tcpdump
This commit also takes over the older tcpdump entry that was specific
to ports, I merged that into this entry and I retired the old one.
- Add significantly better support in bsd.python.mk for working with
Python Eggs and the easy_install system
Tested by: pointyhat runs
Approved by: pav (portmgr)
Most work by: perky
Thanks to: pav
* Worked around a bug in some PAM implementations that caused a crash
when no tty was present.
* Fixed a crash on some platforms in the error logging function.
- Change default pam session stack to pam_permit like su does [1]
- Grab maintainership
Sugested by: des [1]
Alliance standards; it defines processes for federated identities,
single sign-on and related protocols. Lasso is built on top of
libxml2, XMLSec and OpenSSL and is licensed under the GNU General
Public License (with an OpenSSL exception).
WWW: http://lasso.entrouvert.org/
PR: ports/114639
Submitted by: Gea-Suan Lin <gslin at gslin.org>
Update includes:
- Target-based stream reassembly, including handling of TCP dataoverlaps and
anomalous TCP header flags on a per-destination basis. 11 different
target-based policies are supported. See README.stream5 for specific
configuration options for operating system targets.
- UDP session tracking
- Option to emulate Stream4 flushing behaviour
- Stream5 replaces BOTH Stream4 and Flow -- should disable both of these when
Stream5 is enabled.
- Security and memory footprint improvements
PR: ports/114806
Submitted by: Robin Gruyters <r dot gruyters_AT_yirdis dot nl>
supports them. This is determined by running ``configure --help'' in
do-configure target and set the shell variable _LATE_CONFIGURE_ARGS
which is then passed to CONFIGURE_ARGS.
- Remove --mandir and --infodir in ports' Makefile where applicable
Few ports use REINPLACE_CMD to achieve the same effect, remove them too.
- Correct some manual pages location from PREFIX/man to MANPREFIX/man
- Define INFO_PATH where necessary
- Document that .info files are installed in a subdirectory relative to
PREFIX/INFO_PATH and slightly change add-plist-info to use INFO_PATH and
subdirectory detection.
PR: ports/111470
Approved by: portmgr
Discussed with: stas (Mk/*), gerald (info related stuffs)
Tested by: pointyhat exp run
- Temporarilly disable session entry in default pam file because
pam_lastlog causes users to appear as though they have logged out in
system logs. [2]
Reported by: yarodin@gmail.com [1], Paul Fraser <pfraser@gmail.com> [2]
Submitted by: Todd Miller [1]
Application changes:
- PAM, since present, is used by default.
- Environment variable handling has changed significantly.
- Sudo checks the user's supplemental group vector so nsswitch order is
no longer important for group based rules.
(See UPGRADE and CHANGING under share/doc/sudo/ for more.)
Port changes:
- PAM file is no longer clobered on reinstall.
- OPIE option has been removed due to PAM being used by default.
- Selected documentation is now installed.
the current one is fine, but it is reported that portupgrade(1)
has troubles with the current way. No PORTREVISION bump, as it just blocked
the upgrade, but we don't want to require people to rebuild again.
Reported by: Aurelien Croc <aurelien@ap2c.org>
bsmtrace is a audit driven host based intrusion detection system which
operates on finite state machine principles. Since it's audit driven,
it requires that operating system security auditing be enabled. This
requires FreeBSD 6.2 at a minimum. By default it provides real-time
analysis through the use of an audit pipe, however it can operate on
regular audit trail files as well.
Approved by: Pav
Reviewed by: Pav (and others)
- This module has numerious known bugs, is not compatable with the Digest
interface and its functionality is a subset of the functionality of
Digest::SHA (which is in perl core as of 5.9.3).
- I'll trace it
Ref: http://search.cpan.org/dist/Digest-SHA2/SHA2.pm
management and identity web services protocols. Initial goal is
supporting SP role, followed by ID-WSF WSC and IdP roles.
ZXID is light weight, has a small foot print, and is implemented in C.
It is suitable for both high performance and embedded applications.
Scripting languages are supported using SWIG, including Perl, PHP and
Java. The "full stack" nature of ZXID means it's self contained and
has minimal external library dependencies (see downloads).
WWW: http://zxid.org/
PR: ports/114346
Submitted by: Gea-Suan Lin <gslin at gslin.org>
- select can be interrupted and return EINTR so we need to loop around it
while it does so rather than treating it as a fatal error.
- all process creations are matched with a wait() so having a SIGCHLD
handler that performs a wait(-1) is pointless and racy. We tend to
loose the race over half the time and as a result were reporting
successful processes as failed.
Add a couple features:
- Skip commented lines in the host specification.
- Allow '-' as an alias for stdin in the host file specification.
apparently due to mishandling of EINTR in select. It looks like
this is simlar to the problem reported in Python bug linked below,
but thus far I have been unable to work around it. Until that
happens, mark this port IGNORE to prevent disappointment.
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1049450&group_id=5470
Move net/rrdtool to databases/rrdtool.
It's an itch which needs to be scratched: net/rrdtool came from
net/mrtg, which was a good location for it. net/mrtg has later
been moved to net-mgmt/mrtg. net/rrdtool is "Round Robin Database
Tools", therefor it's better if it moves to databases/rrdtool.
Same with net/rrdtool10.
PR: ports/112942
Submitted by: Edwin Groothuis <edwin@mavetju.org>
This package provides parallel versions of the openssh tools. Included
in the distribution:
- Parallel ssh (pssh)
- Parallel scp (pscp)
- Parallel rsync (prsync)
- Parallel nuke (pnuke)
- Parallel slurp (pslurp)
What are these tools good for? Mainly for controlling large collections
of nodes in the wide-area.
WWW: http://www.theether.org/pssh/
- While I'm here, remove extra empty line in distinfo
PR: ports/113383
Submitted by: rafan
Approved by: VANHULLEBUS Yvan <yvan.vanhullebus at netasq.com> (maintainer)
PAM: authentication error for lissyara from 192.168.254.193
PR: ports/114194
Submitted by: Alex Keda <admin at lissyara.su>
Approved by: maintainer via irc
- Don't try to install if WITH_RAR is selected and IA32 compatibility is not
available [2]
PR: ports/114084 [1], ports/113941 [2]
Submitted by: garga [1], Michael Scheidell <scheidell@secnap.net> [2]
intercept Instant Text Messaging. Optionally, intercepted text messages can be
stored onto an RDMBS (Only mySQL is supported for now). Given that mySQL is
used, stored instant messages can be read through a browser interface that is
written in PHP language. Please see the INSTALL.txt file for instructions on
how to install, configure and run EnderUNIX scanhill.
WWW: http://www.enderunix.org/scanhill/
ExecWrap is a super-user exec wrapper for the lighttpd web-server, but
it can be used in any environment as long as arguments can be passed
from the server to its children via the environment.
WWW: http://cyanite.org/execwrap/
Author: Sune Foldager <cryo@cyanite.org>
The regex used to recognize IPv6 addresses in security/sshguard{,-ipfw,-pf}
doesn't catch all IPv6 addresses. The author (and port maintainer) is aware of
this issue and supplied the patch, which fixes the issue. The patch will be
part of sshguard-1.1, which is due soonish.
- bump PORTREVISION
PR: 113800
Submitted by: Henrik Brix Andersen
Approved by: Mij (maintainer)
configure did not, silently disabling flowcap packing tools. configure
should now fail properly in this case, and plist expects the flowcap
tools.
Submitted by: kris
- the port is no longer interactive, it uses the default blocking backend (hosts)
- for pf and ipfw see the new ports sshguard-[pf|ipfw]
PR: ports/112749
Submitted by: Mij (maintainer)
Reviewed by: leeym@
This implement a large majority of OpenSSL's useful X509 API.
The email() method supports both certificates where the
subject is of the form:
"... CN=Firstname lastname/emailAddress=user@domain", and also
certificates where there is a X509v3 Extension of the form
"X509v3 Subject Alternative Name: email=user@domain".
Submitted by: kftseng@iyard.org
