scan command now pushes baseline database to host.
added import-filters command (developer submission).
auth.db passwords are now encrypted (hashed).
mod_ports has new params to ignore certain port numbers.
added -q option to console, to not log to system log.
DEPRECATED=Development version of nessus is no longer available in sources
at maintainer's request
PR: ports/94543
Submitted by: Udo Schweigert <udo.schweigert@siemens.com> (maintainer)
- Add .../old/ subdir to MASTER_SITES so the port is still fetchable even
when the Prelude project releases a new version
PR: ports/93710
Submitted by: Robin Gruyters (maintainer)
Approved by: portmgr (krion)
- Add .../old/ subdir to MASTER_SITES so the port is still fetchable even
when the Prelude project releases a new version
- Add missing LIB_DEPENDS when using WITH_SQLITE knob
PR: ports/93737
Submitted by: Robin Gruyters (maintainer)
Approved by: portmgr (krion)
in the recent sweep) with GNU_CONFIGURE=yes; update pkg-plist appropriately
- Add .../old/ subdir to MASTER_SITES so the port is still fetchable even
when the Prelude project releases a new version
- Bump PORTREVISION
PR: ports/93795
Submitted by: Robin Gruyters (maintainer)
Approved by: portmgr (linimon)
commands kill all connections.
- Separate keygen part and create keygen command.
- Bump PORTREVISION
PR: 93228 [1]
Reported by: DanGer on #bsdports [2]
rather ambiguous. The original author of the tripwire software had
coded the distribution contrib/install.sh file not to clobber the local
and site key files only whereas CLOBBER=false should also include not
clobbering the installed copies of the twcfg.txt and twpol.txt files.
PR: 85155
Change some URLs from author dirs to dist dirs.
The example in the porter's handbook didn't have the trailing slash;
mea culpa for not having caught that when it went in.
We have not checked for this KEYWORD for a long time now, so this
is a complete noop, and thus no PORTREVISION bump. Removing it at
this point is mostly for pedantic reasons, and partly to avoid
perpetuating this anachronism by copy and paste to future scripts.
- Reorganize Makefile
- Use PLIST_FILES and PORTDOCS
- Remove dependency of perl. Use REINPLACE_CMD
- Bump PORTREVISION
PR: 93593
Reported by: Andrew Pantyukhin <infofarmer@gmail.com>
being unfetchable. The author's domain name (libtomcrypt.org) expired
and was picked up by a cybersquatter, and the distfiles haven't been
mirrored by ftp.freebsd.org yet.
If anyone has a copy of the distfiles for any of these ports, please
send them to me so that I can host them and unbreak these ports.
Approved by: flz
Discussed with: maintainer
- Move the generation of the host key (if not present) from the package/
port installation to the startup script in order to be in line with
what the base OpenSSH and the OpenSSH-portable port do.
- Flush stdout when updating the transfer progress bar of sftp2 and scp2
so the info displayed is up to date. [1]
- Remove obsolete USE_REINPLACE, remove trailing white space in Makefile.
PR: 91262 [1]
Approved by: netchild
Approved by: tobez (implicit)
2.17 Mon Jan 9 18:22:51 EST 2006
-IMPORTANT NOTE: Versions of this module prior to 2.17 were incorrectly
using 8 byte IVs when generating the old-style RandomIV style header
(as opposed to the new-style random salt header). This affects data
encrypted using the Rijndael algorithm, which has a 16 byte blocksize,
and is a significant security issue.
The bug has been corrected in versions 2.17 and higher by making it
impossible to use 16-byte block ciphers with RandomIV headers. You may
still read legacy encrypted data by explicitly passing the
-insecure_legacy_decrypt option to Crypt::CBC->new().
-The salt, iv and key are now reset before each complete encryption
cycle. This avoids inadvertent reuse of the same salt.
-A new -header option has been added that allows you to select
among the various types of headers, and avoids the ambiguity
of having multiple interacting options.
-A new random_bytes() method provides access to /dev/urandom on
suitably-equipped hardware.
2.16 Tue Dec 6 14:17:45 EST 2005
- Added two new options to new():
-keysize => <bytes> Force the keysize -- useful for Blowfish
-blocksize => <bytes> Force the blocksize -- not known to be useful
("-keysize=>16" is necessary to decrypt OpenSSL messages encrypted with Blowfish)
- Add WITH_LOCAL_CLAMAV[_DEVEL] to run-depend on security/clamav[-devel];
default LOCAL_CLAMAV on to restore the way port behaved until last update.
Depend on installed package rather that clamd to register depends correctly.
- If one of the clam options is on, make rc.d script to REQUIRE: clamd
Actually use clamsmtp_debug var.
Also make rc.d script to look more like the example in PH.
- Install example script in EXAMPLESDIR rather that DOCSDIR;
- Moved: pkg-message --> files/pkg-message.in
- Drop USE_REINPLACE while here.
PR: 93157
Submitted by: Ion-Mihai Tetcu <itetcu AT people dot tecnik93 dot com>
According to the official announcement:
This release fixes a security issue that allows an attacker to perform
injection attacks against the underlying storage containers. Upgrading
is strongly recommended!
See changelog at <http://pear.php.net/package/Auth/download/1.2.4>.
PR: 93406
Submitted by: /me
Approved by: maintainer
Security: see changelog.
Also, document the rename of files/twpol.txt to files/twpol.m4 through
a repocopy. M4 is now used to conditionally build the initial copy of the
Tripwire policy file based on the version of FreeBSD this port is being
installed on.
- Chase libprelude version bump
- Override LDCONFIG_DIRS to specify where we install shlibs [1]
- Sort pkg-plist
Obtained from: Frank van Vliet <frank@pine.nl> [1]
- Unbreak (fix pkg-plist by using @dirrmtry) [1]
- Remove USE_REINPLACE which is not needed anymore
PR: ports/92401
Submitted by: Ion-Mihai "IOnut" Tetcu
PR.
Thanks for contributing.
Since the acroread7 port is a somewhat important port for our users, I
will hand it over to emulation@ if no _active_ *committer* takes it
before the ports freeze.
While I'm here:
- fix a little nit in the csound port (I think the intention was to
create no backup file instead of creating one with a "-e" extension)
- set ARCH to i386 in the amd64 case for the acroread7 port. This
is a work-around to be able to install everything when a dependency
is not already installed (ARCH is read-only in sub-makes, so the
dependencies can't change it). This should be removed when the
dependencies are fixed or converted to use bsd.linux-rpm.mk. [1]
Not objected to by: portmgr (explicit: krion; silence: rest)
Maintainer timeout: ~4 months
Submitted by: Sangwoo Shim <sangwoos@gmail.com> [1]
PR: 87985 [1]
- Use DISTVERSION
- Add most configuration in OPTIONS
- Enable support to libedit in sftp [1]
- Add OPTIONS to HPN patches [2]
- Add new rc.d script [3]
- New rc.d script are responsible to check configuration and create host keys
- Using USE_RC_SUBR
- Modify pkg-message to reflect new rc.d script
- Fix pkg-plist
Reviewd by: dougb [3]
Submitted by: vs [1], brooks [2]
Tested by: me, John E Hein
function from the popular TCP Wrappers security package. This
allows validation of network access from perl programs against
the system-wide hosts.allow file.
WWW: http://search.cpan.org/dist/Authen-Libwrap
PR: ports/92855
Submitted by: Zach Thompson <hideo@lastamericanempire.com>
target actually work again.
Follow the upstream author's idea of keeping all stunnel-related
configuration files into ${PREFIX}/etc/stunnel/ - now "make cert" also
installs the certificate there instead of ${PREFIX}/etc/.
Bump PORTREVISION and add a note to UPDATING for the certificate
location change.
PR: 91991
Reported by: Jiri Pridal <jiri.pridal@firebrno.cz>
EMACS ports. [1]
- Allow building a port as root using an NFS-mounted /usr/ports if the
server maps root to a UID other than root. [2]
- Make 'BROKEN' and 'IGNORED' ports exit their "make install" with a fail
status rather than success. [3]
- Improve behavior when dealing with versioned dependencies. [4]
- Fix false positives in check-conflicts target. [5]
- Remove obsolete bzip2 code. [6]
- Add physical category net-p2p. [7]
- Don't fetch INDEXFILE if not necessary; respect FETCH_ENV. [8], [11]
- INDEX can now be moved outside of ports tree. [9]
- Add ghostscript-gpl. [10]
- Remove obsolete USE_MESA. [12]
- Force pkg_install tools from ports on FreeBSD 4.10 and older. [13]
- Document ALWAYS_KEEP_DISTFILES. [14]
- Remove USE_REINPLACE from bsd.port.mk USE_DOS2UNIX patch. [15]
PR: ports/37596 [1], ports/57259 [2], ports/63216 [3],
ports/89448 [4], ports/89710 [5], ports/88996 [6],
ports/89260 [7], ports/89363 [8], ports/89809 [9],
ports/89853 [10], ports/91086 [11], ports/91710 [12],
ports/91727 [13], ports/92111 [14], ports/92124 [15]
Submitted by: Jay Sachs <jay at eziba dot com> [1], sem [1, 3, 8, 12],
Andrew Heybey <ath at niksun dot com> [2], Jamie Jones
<jamie at thompson dot bishopston dot net>, tobez [4], Mark
Andrews <Mark_Andrews at isc dot org> [5], edwin [6, 11, 15],
pav [7, 13], Peter Jeremy <PeterJeremy at optushome dot com
dot au> [9], Ulrich Spoerlein <q at galgenberg dot net> [10],
netchild [11], erwin [14]
Reviewed by: kris, clement (partially)
offer really good functionality for doing this in a safe way.
The Input Filter extension is meant to address this issue by implementing
a set of filters and mechanisms that users can use to safely access their
input data.
WWW: http://pecl.php.net/package/filter
PR: ports/92198
Submitted by: Alexander Zhuravlev <zaa@zaa.pp.ru>
a way that the file changes every time so distribute a stable copy via
MASTER_SITE_LOCAL. Since the file version doesn't change even when the
contents change (for instance a recent set of commits resulting in no
changes except an edition of a blank line and a new cvs Id), store the
date of the snapsnot in PORTREVISION.
Reported by: kris
very long and if some dependencies can't be added into the list.
[1]
- Fix FAM support. Make gamin the default FAM system. [2]
- Introduce new 'quicksearch' target to show only port, path and
info section of the matching ports. [3]
- Introduce new category - rubygems. [4]
- Fix stale dependencies while installing qmail slaveport and
another port that depends on qmail. [5]
- Add commentary for describes target in bsd.port.mk. [6]
- Fix warning issued during make index on archs !368. [7]
- Add USE_DOS2UNIX variable. If set to "YES", remove the ^M from
all files under ${WRKSRC}. If set to a string, remove in all files
under ${WRKSRC} with one of these names the ^Ms. [8]
- Add new variables PERL_RUN_DEPENDS and PERL_BUILD_DEPENDS by
checking the existance of the Perl modules with the "perl -e 'use
module;'" command. [9]
- Fix bsd.port.mk variable quoting issues. No quoting is necessary
anymore either in the Makefile or on the command line. Affected
variables include:
BROKEN
FORBIDDEN
IGNORE
MANUAL_PACKAGE_BUILD
NO_CDROM
NO_PACKAGE
RESTRICTED
[10]
- Add NOFETCHFILES variable. If set, don't download these files
from the ${MASTER_SITES} or ${MASTER_SITE_BACKUP} (but do from
${MASTER_SITE_OVERRIDE}). [11]
- Improve 'search' target output. [12]
- Add a new virtual category for Amateur Radio - hamradio. [13]
- Cleanup some old/unused pathes in bsd.port.mk. [14]
- Add @dirrmtry for plists which does the same as:
"@unexec rmdir %D/foo 2>/dev/null || true" [15]
- Remove virtual category - offix. [16]
- Use portsnap instead of cvsup or cvs on "make update" in
/usr/ports. [17]
- Move location of bsd.autotools.mk within bsd.port.mk [18]
- Add bsd.linux-rpm.mk, fix INSTALLS_SHLIB for Linux ports [19]
- Use new USE_RC_SUBR format for FreeBSD version >= 700007 [20]
- Replace the string "FreeBSD" by "The FreeBSD Project" in the
security warning [21]
- Add bsd.local.mk for local modification to ports framework. [22]
- Replace rcNG spelling by rc.d [23]
- Remove superfluous USE_REINPLACE. [24]
Special thanks to: linimon for spending hours with all these patches
clement for fixes
kris for help with pointyhat
PR: ports/86310 [1], ports/89498 [2], ports/83530 [3],
ports/83789 [4], ports/84053 [5], ports/86281 [6],
ports/87214 [7], ports/87234 [8], ports/87318 [9],
ports/87396 [10], ports/87605 [11], ports/87840 [12],
ports/88230 [13], ports/88493 [14], ports/88711 [15],
ports/88751 [16], ports/89281 [17], ports/89999 [18],
ports/90031 [19], ports/90150 [20], ports/90668 [21],
ports/91433 [23], ports/88754 [24]
Submitted by: mi [1], marcus [2], Lars Engels <lars.engels@0x20.net> [3],
pav [4, 16, 20, 24], garga [5], cperciva [6], vd [7],
edwin [8, 9, 11, 15, 21],
fenner [10], Arseny Nasokin <tarc.po.cs.msu.su@tarc.po.cs.msu.su> [12],
Carl Makin <carl@stagecraft.cx> [13], arved [14],
NIIMI Satoshi <sa2c@sa2c.net> [17], thierry [18],
jylefort [19], linimon [22], dougb [23]
supports the following features:
- User authentication via explicit username/password, or using a
public-key/private-key pair.
- Port forwarding, both from the local host to a remote computer via
the remote host, and from the remote host to the local host.
- Execute processes on the remote machine, both interactively and
non-interactively ("batch").
PR: ports/91828
Submitted by: Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl>
The ldap_integration Drupal module allows users to authenticate against
a LDAP directory. Additionally, users can read and modify their data in
the LDAP directory subject to administrative restrictions.
verification of BIR entries. It only implements a subset of the BioAPI
specification but should provide enough functionallity for basic account
management.
PR: ports/91749
Submitted by: Fredrik Lindberg <fli@shapeshifter.se>
