2011-05-01 security/aafid2: Upstream disapear and distfile is no more available
2011-05-01 security/bjorb: Upstream disapear and distfile is no more available
2011-05-01 security/borzoi: Upstream disapear and distfile is no more available
2011-05-01 security/cmd5checkpw: Upstream disapear and distfile is no more available
2011-05-01 security/cops: Upstream disapear and distfile is no more available
2011-05-01 security/find_ddos: Upstream disapear and distfile is no more available
2011-05-01 security/ftpmap: Upstream disapear and distfile is no more available
2011-05-01 security/hafiye: Upstream disapear and distfile is no more available
2011-05-01 security/ident2: Upstream disapear and distfile is no more available
2011-05-01 security/liedentd: Upstream disapear and distfile is no more available
2011-05-01 security/pam_pop3: Upstream disapear and distfile is no more available
2011-05-01 security/poc: Upstream disapear and distfile is no more available
2011-05-01 security/portscanner: Upstream disapear and distfile is no more available
2011-05-01 security/ppgen: Upstream disapear and distfile is no more available
2011-05-01 security/qident: Upstream disapear and distfile is no more available
2011-05-01 security/quintuple-agent: Upstream disapear and distfile is no more available
2011-05-01 security/rc5pipe: Upstream disapear and distfile is no more available
2011-05-01 security/rid: Upstream disapear and distfile is no more available
2011-05-01 security/ssh: Upstream disapear and distfile is no more available
2011-05-01 security/tea-total: Upstream disapear and distfile is no more available
2011-05-01 security/uberkey: Upstream disapear and distfile is no more available
monitors traffic on any number of Ethernet interfaces and examines ARP replies
and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP
request that is in conflict with its notion of "correct" Ethernet/IP address
pairs, it logs the attack if logging is enabled, and, if the Ethernet
interface that the attack was seen on is is configured as being in aggressive
mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with
the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables
of hosts on the local network segment. The corrective gratuitous ARP request
and corrective gratuitous ARP reply can be sent from an Ethernet interface
other than the one that the attack was seen on.
WWW: http://acm.poly.edu/wiki/ARP_Counterattack
PR: ports/151973
Submitted by: Boris Kochergin <spawk@acm.poly.edu>
2011-04-17 cad/tclspice: has been broken for more than a year
2011-04-17 comms/hcfmdm: does not compile on 7.X or higher
2011-04-17 databases/mysqlcc: has been broken for almost a year
2011-04-17 devel/ruby-rjudy: does not compile on FreeBSD 7.x or newer
2011-04-17 devel/xfc: does not compile on FreeBSD 7.x or newer
2011-04-17 devel/lamson: has been broken for a half year
2011-04-17 devel/cocktail: does not build on FreeBSD 7.x or newer
2011-04-17 devel/djgpp-gcc: has been broken for half a year
2011-04-17 devel/gauche-sdl: has been broken for a year
2011-04-17 devel/gdb53-act: does not compile on FreeBSD 7.x and up
2011-04-17 editors/zed: does not compile on FreeBSD 7.x or newer
2011-04-17 games/aqbubble: does not compile on FreeBSD 7.x or newer
2011-04-17 graphics/libvisual-plugins: has been broken for 3 years
2011-04-17 japanese/roundcube: has been broken for almost a year
2011-04-17 japanese/tkstep80: does not compile on FreeBSD 7.x or newer
2011-04-17 lang/u++: has been broken for over a half year
2011-04-17 lang/pugs: has been broken for over a year
2011-04-17 lang/mozart: does not compile on FreeBSD 7.x or newer
2011-04-17 math/linalg: does not build on FreeBSD 7.x or newer
2011-04-17 math/R-cran-igraph: has been broken for over a half year
2011-04-17 misc/ftree: has been broken for over a half year
2011-04-17 multimedia/katchtv: has been broken for a half year
2011-04-17 multimedia/libomxil-bellagio: has been broken for almost a year
2011-04-17 multimedia/banshee-mirage: has been broken for over a half year
2011-04-17 net-p2p/trackerbt: has been broken for a half year
2011-04-17 net/cap: does not compile on FreeBSD 7.x or newer
2011-04-17 net/ggsd: does not compile on FreeBSD 7.x or newer
2011-04-17 net/b2bua: does not compile on FreeBSD 7.x or newer
2011-04-17 net/penguintv: has been broken for a half year
2011-04-17 news/openftd: has been broken for almost a year
2011-04-17 palm/romeo: does not compile on FreeBSD 7.x or newer
2011-04-17 science/pcp: does not compile on FreeBSD 7.x or newer
2011-04-17 science/elmer-fem: has been broken for over a year
2011-04-17 security/newpki-lib: does not compile on FreeBSD 7.x or newer
2011-04-17 security/newpki-server: does not compile on FreeBSD 7.x or newer
2011-04-17 security/xmlsec: does not compile on FreeBSD 7.x or newer
2011-04-17 security/f-protd: has been broken for over a year
2011-04-17 sysutils/xwlans: does not compile on FreeBSD 7.x or newer
2011-04-17 www/bk_edit: does not compile on FreeBSD 7.x and newer
2011-04-17 www/bricolage: has been broken for a half year
2011-04-17 x11-toolkits/gauche-gtk: has been broken for a year
2011-04-17 x11-toolkits/gambas2-gb-qt: has been broken for over a year
2011-04-17 x11-toolkits/php-gtk2: has been broken for over a half year
2011-04-17 x11-toolkits/p5-Tcl-Tk: has been broken for 2 year
2011-04-17 x11/metisse: has been broken for over a half year
2011-04-11 lang/gpc: development has ceased; use lang/fpc instead
2011-04-11 security/mypasswordsafe: development has ceased; try security/gorilla instead
module on FreeBSD i386/amd64.
It consists of a FreeBSD Cryptoki wrapper library that serializes and forwards
PKCS#11 function calls to a Linux server program that dlopen() and use the
real module. The communication between the two components is via a UNIX socket.
pkcs11-gateway is based on the rpc-layer of Gnome Keyring.
- Alex Dupre
ale@FreeBSD.org
2011-04-01 accessibility/linux-f8-atk: End of Life since Jan 7, 2009
2011-04-01 archivers/linux-f8-ucl: End of Life since Jan 7, 2009
2011-04-01 archivers/linux-f8-upx: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-alsa-lib: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-arts: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-esound: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-freealut: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-libaudiofile: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-libogg: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-libvorbis: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-mikmod: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-nas-libs: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-openal: End of Life since Jan 7, 2009
2011-04-01 audio/linux-f8-sdl_mixer: End of Life since Jan 7, 2009
2011-04-01 databases/linux-f8-sqlite3: End of Life since Jan 7, 2009
2011-04-02 databases/postgresql81-server: EOL see http://wiki.postgresql.org/wiki/PostgreSQL_Release_Support_Policy
2011-04-02 databases/postgresql73-server: EOL see http://wiki.postgresql.org/wiki/PostgreSQL_Release_Support_Policy
2011-04-02 databases/postgresql74-server: EOL see http://wiki.postgresql.org/wiki/PostgreSQL_Release_Support_Policy
2011-04-02 databases/postgresql80-server: EOL see http://wiki.postgresql.org/wiki/PostgreSQL_Release_Support_Policy
2011-04-01 devel/linux-f8-libglade: End of Life since Jan 7, 2009
2011-04-01 devel/linux-f8-sdl12: End of Life since Jan 7, 2009
2011-04-01 devel/linux-f8-allegro: End of Life since Jan 7, 2009
2011-04-01 devel/linux-f8-libsigc++20: End of Life since Jan 7, 2009
2011-04-01 devel/linux-f8-libglade2: End of Life since Jan 7, 2009
2011-04-01 devel/linux-f8-nspr: End of Life since Jan 7, 2009
2011-04-01 dns/linux-f8-libidn: End of Life since Jan 7, 2009
2011-04-01 emulators/linux_base-f8: End of Life since Jan 7, 2009
2011-04-01 emulators/linux_base-f9: End of Life since Jul 10, 2009
2011-04-01 emulators/linux_base-fc6: End of Life since December 7, 2007
2011-04-01 emulators/linux_base-f7: End of Life since June 13, 2008
2011-04-01 ftp/linux-f8-curl: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-sdl_image: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-ungif: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-imlib: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-cairo: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-dri: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-gdk-pixbuf: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-jpeg: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-png: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-libGLU: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-libmng: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-png10: End of Life since Jan 7, 2009
2011-04-01 graphics/linux-f8-tiff: End of Life since Jan 7, 2009
2011-04-01 lang/linux-f8-libg2c: End of Life since Jan 7, 2009
2011-04-01 lang/linux-f8-tcl84: End of Life since Jan 7, 2009
2011-04-01 multimedia/linux-f8-libtheora: End of Life since Jan 7, 2009
2011-04-02 net-p2p/dcd: No fetch sources and looks like project abandoned
2011-03-31 net/straw: abandoned upstream and does not work with python 2.6+
2011-04-01 security/linux-f8-libssh2: End of Life since Jan 7, 2009
2011-04-01 security/linux-f8-nss: End of Life since Jan 7, 2009
2011-04-01 security/linux-f8-openssl: End of Life since Jan 7, 2009
2011-04-01 textproc/linux-f8-libxml2: End of Life since Jan 7, 2009
2011-04-01 textproc/linux-f8-scim-gtk: End of Life since Jan 7, 2009
2011-04-01 textproc/linux-f8-scim-libs: End of Life since Jan 7, 2009
2011-04-01 textproc/linux-f8-expat: End of Life since Jan 7, 2009
2011-04-01 textproc/linux-f8-libxml: End of Life since Jan 7, 2009
2011-04-01 textproc/linux-f8-aspell: End of Life since Jan 7, 2009
2011-04-01 www/linux-f8-flashplugin10: End of Life since Jan 7, 2009
2011-03-30 www/mediawiki112: abandoned upstream
2011-03-30 www/mediawiki113: abandoned upstream
2011-03-30 www/mediawiki114: abandoned upstream
2011-03-30 www/mediawiki16: abandoned upstream
2011-04-01 x11-fonts/linux-f8-fontconfig: End of Life since Jan 7, 2009
2011-03-01 x11-themes/gnome-icons-cool-gorilla: "no mastersite"
2011-04-01 x11-themes/linux-f8-hicolor-icon-theme: End of Life since Jan 7, 2009
2011-04-01 x11-toolkits/linux-f8-gtk: End of Life since Jan 7, 2009
2011-04-01 x11-toolkits/linux-f8-gtk2: End of Life since Jan 7, 2009
2011-04-01 x11-toolkits/linux-f8-openmotif: End of Life since Jan 7, 2009
2011-04-01 x11-toolkits/linux-f8-pango: End of Life since Jan 7, 2009
2011-04-01 x11-toolkits/linux-f8-qt33: End of Life since Jan 7, 2009
2011-04-01 x11-toolkits/linux-f8-tk84: End of Life since Jan 7, 2009
2011-04-01 x11/linux-f8-xorg-libs: End of Life since Jan 7, 2009
create-cert is a script that uses openssl(1) to create self-signed host
certificates and private keys for fully qualified domain names (FQDNs).
PR: ports/155014
Submitted by: Craig Leres <leres@ee.lbl.gov>
bindings for the former.
"YARA is a tool aimed at helping malware researchers to identify and classify
malware samples. With YARA you can create descriptions of malware families
based on textual or binary patterns contained on samples of those families.
Each description consists of a set of strings and a Boolean expression which
determines its logic."
WWW: http://code.google.com/p/yara-project/
allow the use of SSL or TLS-based connections using IO::Socket::SSL.
WWW: http://search.cpan.org/dist/IO-Async-SSL/
PR: ports/155336
Submitted by: "ports@c0decafe.net" <ports@c0decafe.net>
- Clean up bsd.python.mk (remove PYWSGIREF, PYHASHLIB, PYCTYPES and PYEXPAT) all these is now part of python
since python25
Remove:
textproc/py-expat
devel/py-ctypes
security/py-hashlib
www/py-wsgiref
length (128, 192, or 256 bits) key, developed by Counterpane Labs.
It is unpatented and free for all uses, as described at
http://www.counterpane.com/twofish.html. It has been one of the
five finalists for AES.
This module is written in pure Perl, it should run everywhere
where Perl runs.
WWW: http://search.cpan.org/dist/Crypt-Twofish_PP/
PR: ports/154142
Submitted by: Konstantin Menshikov <kostjnspb@yandex.ru>
Feature safe: yes
files, Hongfuzz supplies and modifies input to a test program and utilize the
ptrace() API/POSIX signal interface to detect and log crashes.
WWW: http://code.google.com/p/honggfuzz/
and no one has any of interest to fix it. It's an ancient software and
is part of GNOME 1. It's time for us to get rid of some of GNOME 1 stuff as
the GNOME 3 is coming sometimes in 2011. Any ports that required libcappet
are removed and ports that have optional aren't remove.
PR: ports/153355
Discussed with: My team, FreeBSD GNOME Team
Tested by: pointyhat-exp (thanks pav!)
2010-12-30 databases/p5-sqlrelay: broken and upstream disapeared
2010-12-30 devel/php-dbg2: No upstream support
2010-12-30 dns/fourcdns: upstream has disapeared
2010-12-31 emulators/win4bsd: Development has ceased and distfile is no longer available
2010-12-31 french/mozilla-flp: www/seamonkey port is deprecated. Consider using the www/firefox-i18n.
2010-12-31 french/xtel: Minitel services will be discontinued at the end of 2010.
2010-12-30 ftp/ftpq: upstream has disapeared
2010-12-30 graphics/paintlib: does not compile with new tiff and no more maintained upstream
2010-12-30 graphics/g3dviewer: does not build with gcc 4.2, upstream disapeared
2010-12-30 lang/scriba: Does not compile with gcc 4.2+, looks like abandonware
2010-12-30 math/rascal: Broken on every arch since 2008, looks like an abandonware
2010-12-31 net-mgmt/nrg: Project has vanished. Use cacti instead.
2010-12-31 security/hostsentry: Project is dead.
2010-12-31 sysutils/kcube: Project has vanished
2010-12-31 www/cybercalendar: has been unmaintained since 2001 and is unusable with dates after 2010 (see ports/150974)
2010-12-31 www/flock: Flock 3 moves from Firefox to Chromium
2010-12-31 www/linux-flock: Flock 3 moves from Firefox to Chromium
2010-12-30 x11-clocks/xtu: Looks like abandonware
Leave java/tya in for now, as it has outstanding PRs.
2010-11-15 archivers/linux-par2cmdline: Native version available
2010-11-15 audio/bmp-musepack: does not build with audio/musepack
2010-11-15 audio/libmpcdec: superseded by audio/musepack
2010-11-15 audio/py-musepack: does not build with audio/musepack
2010-12-01 chinese/chinput3: Development has ceased.
2010-12-01 emulators/dynagen-devel: Please install emulators/dynagen instead
2010-11-24 net-p2p/gift-fasttrack: unmaintained upstream
2010-11-24 net-p2p/gift-gnutella: unmaintained upstream
2010-11-24 net-p2p/gift-openft: unmaintained upstream
2010-11-24 net-p2p/pyslsk: unmantained upstream, use net-p2p/nicotine-plus
2010-11-11 security/pamsfs: SFS is dead, this project is dead, and site is gone
2010-11-10 www/p5-Catalyst-Plugin-CommandLine: The module is not needed any more. With new Catalyst (at least 5.7014) it works out of the box.
release can be found at http://library.gnome.org/misc/release-notes/2.32/
This will be the last release of the GNOME 2.x series, mainly a bugfix and
bridge release to the first release of the GNOME 3.x series.
This release features commits by avl, marcus, mezz and myself.
The FreeBSD GNOME Team would like to thank the following contributors and
testers for there help with this release:
Zane C.B. <vvelox@vvelox.net>
romain@
Olaf Seibert <O.Seibert@cs.ru.nl>
DomiX
Bapt <baptiste.daroussin@gmail.com>
jsa@
miwi@
Sergio de Almeida Lenzi <lenzi.sergio@gmail.com>
Maxim Samsonov <xors@mne.ru>
Kris Moore
And pav@ for 2 exp-runs
PR: ports/152255
ports/143260
ports/141033
ports/149629
ports/150350
ports/151523
With hat: gnome@
2010-11-07 devel/libisc: Unlikely to be used...
2010-11-08 emulators/vmware-guestd3: Depends of misc/compat3x, that is deprecated and set to be removed
2010-11-08 emulators/vmware-tools3: Depends of misc/compat3x, that is deprecated and set to be removed
2010-10-08 misc/compat3x: "Only FreeBSD 6.4+ are supported in ports"
2010-11-08 misc/bidwatcher: Obsoleted by JBidwatcher and changes at http://ebay.com
2010-11-08 security/vscan: Depends of misc/compat3x, that is deprecated and set to be removed
2010-11-08 www/ssserver: Depends of misc/compat3x, that is deprecated and set to be removed
contiguous credit card numbers (PAN) and track data on windows and
UNIX operating systems. It will also identify the location of the
PAN data in the files and record MAC times.
WWW: http://ccsrch.sourceforge.net/
PR: ports/148821
Submitted by: Pavel I Volkov <pavelivolkov at googlemail.com>
Prevention Engine developed by the Open Information Security Foundation (OISF).
This engine is not intended to just replace or emulate the existing tools in
the industry, but will bring new ideas and technologies to the field.
OISF is part of and funded by the Department of Homeland Security's Directorate
for Science and Technology HOST program (Homeland Open Security Technology),
by the the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as
through the very generous support of the members of the OISF Consortium.
More information about the Consortium is available, as well as a list of our
current Consortium Members.
The Suricata Engine and the HTP Library are available to use under the GPLv2.
The HTP Library is an HTTP normalizer and parser written by Ivan Ristic of
Mod Security fame for the OISF. This integrates and provides very advanced
processing of HTTP streams for Suricata. The HTP library is required by the
engine but may also be used independently in a range of applications and tools.
WWW: http://openinfosecfoundation.org
PR: ports/150191
Submitted by: Patrick Tracanelli <eksffa@freebsdbrasil.com.br>
The hardware can be found at
http://www.yubico.com/home/index/
The decryption module does only one thing - decrypt the AES encrypted
OTP from the Yubikey. To this, it requires the OTP, and the AES
key.
Please note - this module does not perform authentication - it is
a required component to decrypt the token first before authentication
can be performed.
WWW: http://search.cpan.org/~massyn/Auth-Yubikey_Decrypter-0.07/
PR: ports/149802
Submitted by: Kurt Jaeger <fbsd-ports@opsec.eu>
to discover the version of a (known) web application by comparing
static files at known locations against precomputed hashes for
versions of those files in all available releases. The technique
is fast, low-bandwidth, non-invasive, generic, and highly automatable.
WWW: http://blindelephant.sourceforge.net/
Approved by: itetcu (mentor)
Submitted by: Dax Labrador <semprix _at_ bsdmail.org>
Approved by: glarkin (mentor)
dradis is an open source framework to enable effective information sharing.
dradis is a self-contained web application that provides a centralised
repository of information to keep track of what has been done so far,
and what is still ahead.
Features include:
* Easy report generation.
* Support for attachments.
* Integration with existing systems and
tools through server plugins.
* Platform independent.
WWW: http://dradisframework.org/
Unfortunately version 2.0.0 is largely incompatible with version 1.x, so it
is necessary to have a stopgap measure while ports that depend on libassuan
can be updated. In conversation with the maintainers of the dependent ports
it was originally considered ideal to prepare updates for the ports first,
then upgrade everything to libassuan 2.x en masse. Since no action has
arisen on that front, go with plan B:
Copy security/libassuan to security/libassuan-1, and update the dependent
ports accordingly. Because this is (intended to be) a _temporary_ measure,
and because no updates for libassuan 1.x are anticipated, and because the
hope is that it can be removed sooner rather than later, it's a copy instead
of a repocopy.
"key strengthening" to make the complexity of a brute-force attack arbitrarily
high. PBKDF2 uses any other cryptographic hash or cipher (by convention,
usually HMAC-SHA1, but Crypt::PBKDF2 is fully pluggable), and allows for an
arbitrary number of iterations of the hashing function, and a nearly unlimited
output hash size (up to 2**32 - 1 times the size of the output of the backend
hash). The hash is salted, as any password hash should be, and the salt may
also be of arbitrary size.
See also: RFC2898, PKCS#5 version 2.0: http://tools.ietf.org/html/rfc2898
WWW: http://search.cpan.org/dist/Crypt-PBKDF2/
PR: ports/146847
Submitted by: Victor Popov <v.a.popov at gmail.com>
of the Kaspersky Lab's applications into a separate folder.
With the help of the utility you can download updates for selected
Kaspersky Lab's applications installed either in your network or at
a home PC. The utility has a function for saving downloaded updates
and autopatches in a local folder, a network folder connected as a
disc to the computer file system, or onto a flash-carrier.
WWW: http://support.kaspersky.com/updater?level=2
PR: ports/147116
Submitted by: Gvozdikov Veniamin <g.veniamin at googlemail.com>
an elementary quantum optics process.
This port contains the user library and a CLI/GUI application
to access such devices.
WWW: http://www.idquantique.com/
release can be found at http://library.gnome.org/misc/release-notes/2.30/ .
This release brings initial PackageKit support, Upower (replaces power
management part of hal), cuse4bsd integration with HAL and cheese, and a
faster Evolution.
Sadly GNOME 2.30.x will be the last release with FreeBSD 6.X support. This
will also be the last of the 2.x releases. The next release will be the
highly-anticipated GNOME 3.0 which will bring with it a new UI experience.
Currently, there are a few bugs with GNOME 2.30 that may be of note for our
users. Be sure to consult the UPGRADING note or the 2.30 upgrade FAQ at
http://www.freebsd.org/gnome/docs/faq230.html for specific upgrading
instructions, and the up-to-date list of known issues.
This release features commits by avl, ahze, bland, marcus, mezz, and myself.
The FreeBSD GNOME Team would like to thank Anders F Bjorklund for doing the
initual packagekit porting.
And the following contributors & testers for there help with this release:
Eric L. Chen
Vladimir Grebenschikov
Sergio de Almeida Lenzi
DomiX
walder
crsd
Kevin Oberman
Michal Varga
Pavel Plesov
Bapt
kevin
and ITetcu for two exp-run
PR: ports/143852
ports/145347
ports/144980
ports/145830
ports/145511
The sample config file comes predefined with the new settings for
snort.org downloads, which will change in June 2010.
BE SURE to read through the master pulledpork.conf file thoroughly,
as there are many changes as of snort 2.8.6.0 that WILL affect you,
even if you are NOT yet running 2.8.6.0!
Features:
* Flowbit tracking!
* capability to specify base ruleset (see README.RULESETS) in master
pulledpork.conf file.
* Handle preprocessor and sensitive-information rulesets
* Ability to define sid ranges in any of the sid modification .conf files
* Ability to specify references in any of the sid modification .conf files
* Ability to ignore entire rule categories (i.e. not include them)
* Specify locally stored rules files that need their meta data included
in sid-msg.map
* Ability to specify your arch for so_rules
* Rules are written to only two distinct files
* Support metadata based VRT recommended rulesets
* Maintain an optional rule changelog
* Support for setting rules to Drop
* Support for multi-line rules
* Rule modification, i.e. disabling of specific rules within rule sets
* Outputs changes in rules files if any rules have been added / modified
* Compares new rules files with current rule sets
* Automated retrieval of certain variables (Distro, Snort Version.. etc)
* Downloads latest rules file
* Verifies MD5 of local rules file
* If MD5 has not changed from snort.org.. doesn't fetch files again
* handle both rules and so_rules
* Capability to generate stub files
WWW: http://code.google.com/p/pulledpork/
PR: ports/146239
Submitted by: Olli Hauer
2010-02-20 databases/mysql-connector-java50: Old version: please use databases/mysql-connector-java instead
2010-04-15 databases/p5-DBIx-Class-HTML-FormFu: This module is obsoleted by www/p5-HTML-FormFu-Model-DBIC
2010-04-29 devel/py-rbtree: "does not build with new pyrex and it's not active maintained"
2010-04-08 devel/tavrasm: No longer maintained, use devel/avra instead
2010-04-27 mail/postfix23: it's no longer maintened by upstream developer
2010-04-30 math/libgmp4: Use math/gmp instead.
2010-04-04 misc/ezload: does not build with new USB stack in 8-STABLE
2010-01-31 misc/gkrellmbgchg: use misc/gkrellmbgchg2
2010-03-04 multimedia/kbtv: no longer under development by author
2010-02-16 net/plb: broken; abandoned by author; use net/relayd or www/nginx instead
2010-04-30 security/vpnd: This software is no longer developed
2010-03-15 textproc/isearch: abandoned upstream, uses an obsolete version of GCC, not used by any other port
2010-04-02 www/caudium12: No longer maintained upstream, please switch to www/caudium14
2010-03-08 www/p5-Catalyst-Plugin-Cache-FileCache: Deprecated by module author in favor of www/p5-Catalyst-Plugin-Cache
are used for a website. It can detect content management systems
(CMS), blogging platforms, stats/analytics packages, javascript
libraries, servers, etc..
WWW: http://www.morningstarsecurity.com/research/whatweb
Approved by: itetcu (mentor)
developers the flexibility to implement OTR encryption for
their python-based Instant Messaging clients.
WWW: http://python-otr.pentabarf.de/
Submitted by: Frank Steinborn <steinex at nognu.de>
security testing tool. It features a single-threaded multiplexing
HTTP stack, heuristic detection of obscure Web frameworks, and
advanced, differential security checks capable of detecting blind
injection vulnerabilities, stored XSS, and so forth.
PR: ports/144942
Submitted by: Ryan Steinmetz <rpsfa@rit.edu>
Approved by: itetcu (mentor)
WWW: http://code.google.com/p/skipfish/
and update the third-party ClamAV signature databases provided by
Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, INetMsg and ScamNailer.
PR: ports/144509
Submitted by: Marko Njezic <sf at maxempire.com>
NOTE that the port is more of a development snapshot than it used to be,
so it should be used SOLELY for testing and development, NOT IN PRODUCTION.
PR: ports/144115
Approved by: mandree@ (previous maintainer)
Approved by: garga@ (mentor)
Feature safe: yes
nmap interface for Users, in order to management all options of this powerful
security net scanner!
WWW: http://www.nmapsi4.org
PR: ports/142118
Submitted by: Gvozdikov Veniamin <g.veniamin at googlemail.com>
2010-01-08 x11-fm/velocity: has been broken for 7 months
2010-01-08 x11-drivers/xf86-video-nsc: has been broken for 5 months
2010-01-08 www/rubygem-merb: has been broken for 5 months
2010-01-08 security/shibboleth-sp: has been broken for 3 months
limits, as a random UID, and with limited access to the X server
WWW: http://code.google.com/p/isolate/
PR: ports/142350
Submitted by: Steve Wills <steve@mouf.net>
file. This is a simple automation of the things normally done by
the user when having an "offending key" in his/her known_hosts file
caused by a changing host key of the destination.
WWW: http://unssh.sourceforge.net/
PR: ports/137254
Submitted by: Dax Labrador <semprix at bsdmail.org>
functions, according to NIST FIPS 180-2 (with the SHA-224 addendum), as
well as the SHA-based HMAC routines. The functions have been tested
against most of the NIST and RFC test vectors for the various functions.
While some attention has been paid to performance, these do not
presently reach the speed of well-tuned libraries, like OpenSSL.
WWW: http://hackage.haskell.org/package/SHA
Update security/openvpn20 to 2.0.9, revising pkg-message.
Move security/openvpn-devel to security/openvpn and
update security/openvpn to 2.1.1.
Remove security/openvpn-devel, adding a MOVED entry.
Update security/Makefile to remove openvpn-devel and add openvpn20 to
SUBDIRS.
Add a UPDATING entry for this shuffle. Currently without upgrade
instructions since neither portupgrade nor portmaster are up to the
task (because of the CONFLICTS).
Approved by: garga@ (mentor)
through a PKCS #11 interface. You can use it to explore PKCS #11
without having a Hardware Security Module. It is being developed
as a part of the OpenDNSSEC project. SoftHSM uses Botan for its
cryptographic operations.
WWW: http://www.opendnssec.org/
PR: ports/141932
Submitted by: Jaap Akkerhuis <jaap at NLnetLabs.nl
security/freebsd-update||2009-12-24|Incorporated into base system long ago
sysutils/est||2009-12-24|Incorporated into base system long ago
sysutils/estctrl||2009-12-24|Incorporated into base system long ago
sysutils/freebsd-sha1||2009-12-24|Incorporated into base system long ago
sysutils/freebsd-sha256||2009-12-24|Incorporated into base system long ago
written in C. PolarSSL is written with embedded systems in mind and has
been ported on a number of architectures, including ARM, PowerPC, MIPS
and Motorola 68000.
Features include:
* Small memory footprint
* Clean and simple API for integration
* Loose coupling of cryptographic code.
* Symmetric encryption algorithms: AES, Triple-DES, DES, ARC4, Camellia, XTEA
* Hash algorithms: MD2, MD4, MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
* HAVEGE random number generator
* RSA with PKCS#1 v1.5 padding
* SSL version 3 and TLS version 1 client support
* X.509 certificate and CRL reading from memory or disk in PEM and DER formats
* Over 900 regression and code coverage tests
* Example applications
LICENSE: GPL2
WWW: http://polarssl.org/
functionality into their applications and devices.
Features
SSL version 3 and TLS versions 1, 1.1 and 1.2 (client and server)
Minimum size of 60-100kb, depending on build options
Runtime memory usage between 5-50kb
DTLS support (client and server)
OpenSSL compatibility layer
zlib compression support
integration in MySQL, stunnel, Lighttpd availible.
MD2, MD4, MD5, SHA-1, RIPEMD, HMAC, DES, 3DES, AES, ARC4, TWOFISH, BLOWFISH,
RSA, DSS, DH, and PKCS#5 PBKDF2
ia32 assembly for AES, 3DES, BLOWFISH, TWOFISH, ARC4, MD5, SHA, and RIPEMD
SSE2 instructions for Large Integers
Simple API
Interchangeable crypto and certificate libraries
PEM and DER certificate support
Very fast
LICENSE: GPL2 with FOSS extension
WWW: http://www.yassl.com/
to use nettle 2.0, and there is no longer any reason to keep
separate ports for nettle versions 1.x and 2.x.
PR: 139482 139484
Submitted by: Charlie Kester <corky1951@comcast.net> (maintainer)
PAM is a system of libraries that handle the authentication tasks of
applications and services. The library provides a stable API for
applications to defer to for authentication tasks.
WWW: http://pecl.php.net/package/PAM/
release can be found at http://library.gnome.org/misc/release-notes/2.28/ .
Officially, this is mostly a polishing release in preparation for GNOME 3.0
due in about a year.
On the FreeBSD front, though, a lot went into this release. Major thanks
goes to kwm and avl who did a lot of the porting work for this release.
In particular, kwm brought in Evolution MAPI support for better Microsoft
Exchange integration. Avl made sure that the new gobject introspection
repository ports were nicely compartmentalized so that large dependencies
aren't brought in wholesale.
But, every GNOME team member (ahze, avl, bland, kwm, mezz, and myself)
contributed to this release.
Other major improvements include an updated HAL with better volume
probing code, ufsid integration, and support for volume names containing
spaces (big thanks to J.R. Oldroyd); a new WebKit; updated AbiWord;
an updated Gimp; and a preview of the new GNOME Shell project (thanks to
Pawel Worach).
The FreeBSD GNOME Team would like to that the following additional
contributors to this release whose patches and testing really helped
make it a success:
Andrius Morkunas
Dominique Goncalves
Eric L. Chen
J.R. Oldroyd
Joseph S. Atkinson
Li
Pawel Worach
Romain Tartière
Thomas Vogt
Yasuda Keisuke
Rui Paulo
Martin Wilke
(and an extra shout out to miwi and pav for pointyhat runs)
We would like to send this release out to Alexander Loginov (avl) in
hopes that he feels better soon.
PR: 136676
136967
138872 (obsolete with new epiphany-webkit)
139160
134737
139941
140097
140838
140929
servers suitable for non-standard scenarios where authentication
needs to consider multiple factors. The RADIUS responses may be
created by arbitrarily complex rules that process the request packet
as well as any external data accessible to Perl.
WWW: http://search.cpan.org/dist/Net-Radius-Server/
PR: ports/138164
Submitted by: Gea-Suan Lin <gslin@gslin.org>
Feature safe: yes
processing and on-forwarding to a variety of output plugins. Unfortunately
it has not seen an updated in over 4 years and is not going to be maintained
by the original developers. With the new version of the unified format
(ie. unified2) arriving we need something to bridge this gap.
The SXL team love barnyard. So much so that we want it to stay and have been
tinkering around with the code to give it a breath of new life. Here is what
we have achieved to far for this reinvigorated code base:
* Parsing of the new unified2 log files.
* Maintaining majority of the command syntax of barnyard.
* Addressed all associated bug reports and feature requests arising since
barnyard-0.2.0.
* Completely rewritten code based on the GPLv2 Snort making it entirely
GPLv2.
This is an effort to fuse the awesome work of Snort and the original concept
of barnyard giving it a fresh update along the way. We've come a long way so
far and have a very stable build that we've integrated into our NSMnow
framework. If you have any feature requests, bugs or gripes then send them
our way.
WWW: http://www.securixlive.com/barnyard2/
PR: 138326
Submitted by: Paul Schmehl <pauls@utdallas.edu>
service from Python. It can be used in any application that needs safe password
storage. It supports OSX, KDE, Gnome and Windows's native password storing
services. Besides this, it is shipped with kinds of Python implemented keyring
for the left environments.
WWW: http://pypi.python.org/pypi/keyring
PR: ports/138513
Submitted by: Douglas Thrift
quarantine. Users can view their own quarantine, release/delete messages
or request the release of messages. MailZu is written in PHP and requires
Amavisd-new version greater than 2.3.0.
WWW: http://sourceforge.net/projects/mailzu/
PR: ports/137197
Submitted by: Sahil Tandon <sahil at tandon.net>
security/trans-proxy-tor: trans-proxy-tor is rendered obsolete by Tor\'s TransPort option (currently only available in tor-devel)
Approved by: maintainer
System (CAS). Only a basic Perl library is provided with CAS whereas
AuthCAS is a full object-oriented library.
WWW: http://cpan.uwinnipeg.ca/dist/AuthCAS
PR: ports/136956
Submitted by: Frank Wall <fw at moov.de>
version delegates to LuaSocket the TCP connection establishment between the
client and server. Then LuaSec uses this connection to start a secure TLS/SSL
session.
WWW: http://www.inf.puc-rio.br/~brunoos/luasec/
PR: ports/136266
Submitted by: Andrew Lewis <dru at silenceisdefeat.net>
The Cyrus SASL (Simple Authentication and Security Layer)
SASL is the Simple Authentication and Security Layer, a method
for adding authentication support to connection-based protocols.
To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating
protection of subsequent protocol interactions. If its use is
negotiated, a security layer is inserted between the protocol
and the connection.
WWW: http://cyrusimap.web.cmu.edu/
Obtained from: Peter Jeremy <peterjeremy@optushome.com.au>
passwords.
Generated passwords may consist of any specified length and any combination of
upper- or lower-case alphanumeric characters or punctuation. ranpwd can also
generate passwords consisting of hexadecimal, decimal, octal or binary numbers,
and format these as valid C constants for inclusion in source code.
WWW: http://freshmeat.net/projects/ranpwd
PR: ports/135540
Submitted by: corky1951 at comcast.net
signatures attached to files were signed by a given user identifier.
netpgp can also encrypt files using the public or private keys of
users and, in the same manner, decrypt files which were encrypted.
The netpgp utility can also be used to generate a new key-pair for a
user. This key is in two parts, the public key (which can be used by
other people) and a private key.
In addition to these primary uses, the third way of using netpgp is to
maintain keyrings. Keyrings are collections of public keys belonging
to other users. By using other means of identification, it is
possible to establish the bona fides of other users. Once trust has
been established, the public key of the other user will be signed.
The other user's public key can be added to our keyring. The other
user will add our public key to their keyring.
WWW: http://www.NetBSD.org/
PR: ports/134997
Submitted by: bapt <baptiste.daroussin at gmail.com>
supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880,
1800, 2800, 3800, 7200 Series and Cisco 7301 Routers.
Like vpnc, OpenConnect is not officially supported by, or
associated in any way with, Cisco Systems. It just happens to
interoperate with their equipment.
WWW: http://www.infradead.org/openconnect.html
PR: ports/135274
Submitted by: Damian Gerow
Those ports are intended to be used with 8-CURRENT at least
with SVN r192206.
If you want to switch to linux-f10 ports, please define at /etc/make.conf:
OVERRIDE_LINUX_BASE_PORT=f10
OVERRIDE_LINUX_NONBASE_PORTS=f10
An upgrading procedure is shown at /usr/ports/UPDATING, entries 20090401
and 20070327.
For the first time all tested linux ports work as expected(!):
. acroread8;
. google-earth;
. skype;
. seamonkey.
Many thanks for kernel folks who really did the main work
(and I wrote only some lines of ports).
There is a good chance that those ports may become a default
for 8.0-RELEASE. Please, test and report back to emulation@ ML.
the Tarsnap online backup system and is designed to be far more secure
against hardware brute-force attacks than alternative functions such as
PBKDF2 or bcrypt.
WWW: http://www.tarsnap.com/scrypt/
PR: ports/134961
Submitted by: Wen Heping <wenheping at gmail.com>
to be very modular, distributed, rock solid and fast.
Prelude-PFlogger Listens at OpenBSD PF redirect logged packet, and
send alerts to the Prelude Manager.
WWW: http://www.prelude-ids.org/
PR: ports/134746
Submitted by: Anders Troback <freebsd at troback.com>
files. These files (and htaccess) are used to do Basic Authentication
on a web server.
The password file is a flat-file with login names and their associated
crypted password. You can use this for non-Apache files if you wish,
but it was written specifically for .htaccess style files.
WWW: http://search.cpan.org/dist/Apache-Htpasswd/
and redirects, then map those links into either look-alike HTTP links or
homograph-similar HTTPS links. It also supports modes for supplying a
favicon which looks like a lock icon, selective logging, and session denial.
WWW: http://www.thoughtcrime.org/software/sslstrip/
PR: ports/134021
Submitted by: Matt Donovan <kitchetech@gmail.com>
The recommended version of FreeBSD to use them is 8-CURRENT.
FreeBSD-7.x is not fully compatible with compat.linux.osrelease
2.6.16. Some syscalls cannot be MFCed due to native FreeBSD
ABI breakage.
Usage (and package building):
1. define compat.linux.osrelease=2.6.16;
2. add following variables to /etc/make.conf:
. OVERRIDE_LINUX_BASE_PORT=f8;
. OVERRIDE_LINUX_NONBASE_PORTS=f8.
Approved by: bsam (me) ;-)
that revolves around a certain function with special properties.
The PBC (Pairing-Based Cryptography) library is a free C library
(released under the GNU Public License) built on the GMP library that
performs the mathematical operations underlying pairing-based
cryptosystems.
The PBC library is designed to be the backbone of implementations of
pairing-based cryptosystems, thus speed and portability are important
goals. It provides routines such as elliptic curve generation, elliptic
curve arithmetic and pairing computation. Thanks to the GMP library,
despite being written in C, pairings times are reasonable.
WWW: http://crypto.stanford.edu/pbc/
PR: ports/133172
Submitted by: Wen Heping <wenheping at gmail.com>
Public Key Infrastructure for key certification, revocation and
expiration. Monkeysphere is a framework that uses the OpenPGP web of
trust for these PKI functions. It can be used in both directions: for
users to get validated host keys, and for hosts to authenticate users.
WWW: http://web.monkeysphere.info/
PR: ports/128406
Submitted by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
intends to be a better experience than simply invoking "ssh" from an
existing terminal window.
* Fast search-based interface for new connections
* Also display and search of local (Avahi) SSH servers
* Tabbed display with automatic session saving (Firefox style)
* Status bar with information like latency to server and output of
remote uptime
* Close integration with OpenSSH features like connection sharing
(near-instant new tabs)
* NetworkManager integration to easily reconnect after a network
change, great for laptops
WWW: http://projects.gnome.org/hotssh/
PR: ports/131133
Submitted by: Ashish Shukla <wahjava at gmail.com>
to combine the flexibility of PF's C API and the power of Python, making it
easier to manage PF data and to integrate firewalling capabilities in more
complex applications.
WWW: http://www.kernel-panic.it/software/py-pf/
PR: ports/131463
Submitted by: Sofian Brabez <sbrabez at gmail.com>
Nmap's scan data. It can run Nmap and parse its XML
output directly from the scan, parse a file containing
the XML data from a separate scan, parse a String of
XML data from a scan, or parse XML data from an object
via its read() method. This information is presented
in an easy-to-use and intuitive fashion for storage
and manipulation.
WWW: http://rubynmap.sourceforge.net/
PR: ports/131516
Submitted by: Daniel Roethlisberger <daniel at roe.ch>
2009-02-01 devel/subversion-devel: Use devel/subversion or devel/subversion-freebsd instead of this port
2009-01-19 devel/hs-hat: has been broken for more than 6 months
2009-01-19 devel/hs-hpl: has been broken for more than 6 months
2009-01-19 databases/mysqlbigram: has been broken for more than 6 months
2009-01-19 mail/claws-mail-clamav: has been broken for more than 6 months
2009-01-19 mail/sylpheed2-devel: has been broken for more than 6 months
2009-01-19 www/pecl-mnogosearch: has been broken for more than 6 months
2009-01-31 x11-fonts/mathfonts: This port was supported by Mozilla 1.8 (including Firefox 2.0) - to be replaced by STIX fonts for Firefox 3.x
2009-01-19 x11-wm/fluxspace: has been broken for more than 6 months
2009-01-31 x11-wm/expocity: project has been abandoned
2009-01-19 x11/bbuname: has been broken for more than 6 months
2009-01-19 security/squidclam: has been broken for more than 6 months
2009-01-19 print/virtualpaper: depends on broken, expired port
2009-01-19 print/ifhp: has been broken for more than 6 months
2009-01-19 net-p2p/peercast: has been forbidden for more than 6 months
2009-01-19 palm/pdbc: has been broken for more than 6 months
2009-01-19 net-mgmt/NeTraMet: has been broken for more than 6 months
2009-01-19 net-im/sulci: has been broken for more than 6 months
2009-01-19 multimedia/mjpegtools-yuvfilters: has been broken for more than 6 months
2009-01-19 multimedia/helixplayer: has been broken for more than 6 months
2009-01-19 lang/quack: has been broken for more than 6 months
2009-01-19 misc/pybliographer: has been broken for more than 6 months
2009-01-19 net/versuch: has been broken for more than 6 months
2009-01-19 net/py-mantissa: has been broken for more than 6 months
2009-01-19 net/libunpipc: has been broken for more than 6 months
2009-01-19 net/gnometelnet: has been broken for more than 6 months
2009-01-19 net/gacxtool: depends on expired, broken port
2009-01-19 devel/py-coro: has been broken for more than 6 months
2009-01-19 chinese/stardict2-dict-zh_TW: has been broken for more than 6 months
2009-01-19 x11-themes/gtk-industrial-theme: has been broken for more than 6 months
See http://library.gnome.org/misc/release-notes/2.24/ for the general
release notes. On the FreeBSD front, this release introduces Fuse support
in HAL, adds multi-CPU support to libgtop, WebKit updates, and fixes some
long-standing seahorse and gnome-keyring bugs. The documentation updates
to the website are forthcoming.
This release features commits by adamw, ahze, kwm, mezz, and myself. It would
not have been possible without are contributors and testers:
Alexander Loginov
Craig Butler [1]
Dmitry Marakasov [6]
Eric L. Chen
Joseph S. Atkinson
Kris Moore
Lapo Luchini [7]
Nikos Ntarmos
Pawel Worach
Romain Tartiere
TAOKA Fumiyoshi [3]
Yasuda Keisuke
Zyl
aZ [4]
bf [2] [5]
Florent Thoumie
Peter Wemm
pluknet
PR: 125857 [1]
126993 [2]
130031 [3]
127399 [4]
127661 [5]
124302 [6]
129570 [7]
129936
123790
PyMe's development model is GPGME + Python + SWIG (just like m2crypto is
an OpenSSL + Python + SWIG) combination which means that most of the
functions and types are converted from C into Python automatically by SWIG.
In short, to be able to use PyMe you need to be familiar with GPGME.
WWW: http://pyme.sourceforge.net/
system and available software, to detect security issues. Beside
security related information it will also scan for general system
information, installed packages and configuration mistakes.
This software aims in assisting automated auditing, software patch
management, vulnerability and malware scanning of Unix based systems.
It can be run without prior installation, so inclusion on read only
storage is no problem (USB stick, cd/dvd).
WWW: http://www.rootkit.nl/projects/lynis.html
Author: Michael Boelen
PR: 128909
Submitted by: Cory McIntire <loon at noncensored dot com>
for C programmers. This format provides a reasonable level of
security by utilizing SHA-256 in addition to a random salt to
mitigate dictionary and rainbow table attacks.
WWW: http://sourceforge.net/projects/kageki
PR: ports/128328
Submitted by: Matt D. Harris <mattdharris@users.sourceforge.net>
Reworked by: myself
through the OpenVPN Management Interface.
Main features
* Simple & lightweight just a client GUI to start/stop your OpenVPN tunnels
and nothing more
* Integrated with the Gnome Desktop (support for the Keyring and notification
daemon)
* Support for Auth and Private-Key OpenVPN authentication methods
WWW: http://code.google.com/p/tuntun/
PR: ports/128097
Submitted by: Anderson S. Ferreira <anderson at cnpm.embrapa.br>
using JavaScript on the client side.
This is very useful to prevent spam robots collecting email addresses from your
site, included is a method to add mailto links to the text being generated.
WWW: http://pear.php.net/package/HTML_Crypt
the best crypto algorithms from the Crypto++ library.
WWW: http://allmydata.org/trac/pycryptopp
PR: ports/126977
Submitted by: Wen Heping <wenheping at gmail.com>
QCA aims to provide a straightforward and cross-platform crypto
API, using Qt datatypes and conventions. QCA separates the API from
the implementation, using plugins known as Providers. The advantage
of this model is to allow applications to avoid linking to or
explicitly depending on any particular cryptographic library. This
allows one to easily change or upgrade crypto implementations
without even needing to recompile the application. QCA should work
everywhere Qt does, including Windows/Unix/MacOSX.
Capabilities:
TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)
WWW: http://delta.affinix.com/qca/
to the OpenSSL programs.
ssl-admin will help you do the following tasks with SSL certificates:
* Create your own CA certificate.
* Create new Certificate Signing Requests
* Sign existing Certificate Signing Requests
* Manage Certificate Revokation Lists
* Export configurations and certificates for OpenVPN.
PR: ports/125875
Submitted by: Eric Crist <ecrist at secure-computing.net>
The Crypt::OpenSSL::AES module implements a wrapper around
OpenSSL's AES (Rijndael) library.
PR: ports/125387
Submitted by: John Ferrell <jdferrell3 at yahoo.com>
tool. It is meant to complement active crawlers and manual proxies more
commonly used for this task, and is optimized specifically for an accurate and
sensitive detection, and automatic annotation, of potential problems and
security-relevant design patterns based on the observation of existing,
user-initiated traffic in complex web 2.0 environments.
WWW: http://code.google.com/p/ratproxy/
PR: ports/125249
Submitted by: Steven Kreuzer <skreuzer@exit2shell.com>
servers via a single "gateway" host. It is useful for establishing Net::SSH
connections to servers behind firewalls, but can also be used to forward ports
and establish connections of other types, like HTTP, to servers with i
restricted access.
* Easily manage forwarded ports
* Establish Net::SSH connections through firewalls
WWW: http://net-ssh.rubyforge.org/gateway
PR: ports/125053
Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com>
SSH (and requires the Net::SSH library), and allows files and directory trees
to copied to and from a remote server.
* Transfer files or entire directory trees to or from a remote host via SCP
* Can preserve file attributes across transfers
* Can download files in-memory, or direct-to-disk
* Support for SCP URI's, and OpenURI
WWW: http://net-ssh.rubyforge.org/scp
PR: ports/125052
Submitted by: Philip M. Gollucci <pgollucci@p6m7g8.com>
The port is deprecated since it is not supported by the FreeBSD
Security Officer anymore. The reason for this is that the ca-roots
port makes promises with regard to CA verification which the current
Security Officer (and deputy) do not want to make.
For people who need a general root certificate list see the
security/ca_root_ns, but note that the difference in guarantees with
regard to which CAs are included in ca_root_ns vs. ca-roots. The
ca_root_ns port basically makes no guarantees other than that the
certificates comes from the Mozilla project.
Note that the ca-roots MOVED file entry on purpose does not point at
ca_root_ns due to the change in CA guarantees.
With hat: security-officer
Single Packet Authorization (SPA).
fwknop stands for the "FireWall KNock OPerator", and
implements an authorization scheme called Single Packet
Authorization (SPA). This method of authorization is based
around a default-drop packet filter (fwknop supports both
iptables on Linux systems and ipfw on FreeBSD and Mac OS X
systems) and libpcap.
SPA requires only a single encrypted packet in order to
communicate various pieces of information including desired
access through an iptables policy and/or complete commands
to execute on the target system. By using iptables to
maintain a "default drop" stance, the main application of
this program is to protect services such as OpenSSH with
an additional layer of security in order to make the
exploitation of vulnerabilities (both 0-day and unpatched
code) much more difficult. With fwknop deployed, anyone
using nmap to look for sshd can't even tell that it is
listening; it makes no difference if they have a 0-day
exploit or not. The authorization server passively monitors
authorization packets via libcap and hence there is no
"server" to which to connect in the traditional sense.
Access to a protected service is only granted after a valid
encrypted and non-replayed packet is monitored from an
fwknop client (see the following network diagram; the SSH
session can only take place after the SPA packet is monitored):
PR: ports/118229
Submitted by: Sean Greven <sean.greven@gmail.com>
are hosting browser exploits that can infect visiting users with
malware. It functions as an HTTP proxy server and intercepts all
browser requests. SpyBye uses a few simple rules to determine if
embedded links on your web page are harmlesss, unknown or maybe
even dangerous.
SpyBye analyzes all downloads in the background and provides you
with a warning notification whenever it encounters content that
is potentially malicious. At that point, you can click on the link
in the notification and receive a more detailed analysis of the web page.
WWW: http://www.spybye.org/
PR: ports/123945
Submitted by: Paul Schmel <pauls utdallas.edu>
Approved by: tabthorpe (mentor)
OpenVAS stands for Open Vulnerability Assessment System and
is a network security scanner with associated tools like a
graphical user fontend. The core is a server component with
a set of network vulnerability tests (NVTs) to detect
security problems in remote systems and applications.
WWW: http://www.openvas.org/
PR: ports/123128
Submitted by: Tomoyuki Sakurai <cherry@trombik.org>
