By sniffing a VNC challenge-response sequence off the network
(typically when VNC is used without a decent cryptographic
wrapper like SSH or SSL), you can recover the password fairly
easily and quickly by letting VNCcrack pound on it.
WWW: http://www.randombit.net/projects/vnccrack/
PR: ports/102279
Submitted by: Pankov Pavel <pankov_p at mail.ru>
OpenVPN is a robust, scalable and highly configurable VPN (Virtual Private
Network) daemon which can be used to securely link two or more private networks
using an encrypted tunnel over the internet. It can operate over UDP or TCP,
can use SSL or a pre-shared secret to authenticate peers, and in SSL mode, one
server can handle many clients.
PR: ports/101802
Submitted by: Matthias Andree <matthias.andree@gmx.de> (openvpn maintainer)
not WITH(OUT)_NOPORTDOCS
- Use PORTDOCS and clean pkg-plist
- Add NLS to OPTIONS as on by default and move the check after
bsd.port.pre.mk
- Add --with-ldap=${LOCALBASE} because it was not finding ldap libs without
this
PR: ports/101318
Submitted by: garga
Approved by: maintainer timeout (14 days)
Note that these directories are be removed by other dependency ports,
so I do not bump PORTREVISION for them. These affected ports are
belong to ports@.
PR: ports/101586
Submitted by: Stanislav Sedov <ssedov at mbsd.msk.ru>
Changelog libpreludedb:
- Implement an idea from Lex van Roon <r3boot@r3blog.nl.eu.org> providing
an alert/heartbeat deletion performance improvement in the order of
3000% (preludedb-admin already benefit from it, next Prewikka release
will benefit from it too).
- Fix --with-(perl|python|swig) detection path ordering.
- Verbose error reporting on logfile opening error.
- Various bug fixes.
PR: ports/101995
Submitted by: maintainer (Robin Gruyters)
marked all future releases of squirrelmail as vulnerable.
The negative side-effect of PORTEPOCH. Split the previous entry
into two seperated entries again, restoring the old entry for
squirrelmail, and having the 'new' entry for ja-squirrelmail.
This would grab any future versions of ja-squirrelmail if it were
to be readded, and does not conflict with future versions of
squirrelmail.
For more information about the portepoch discussion etc:
http://lists.freebsd.org/pipermail/freebsd-vuxml/2006-July/000185.html
original package changes:
- fixed invalid filename encoding with german umlauts in base64
- Fixed display of UTF8 characters in the GUI
- Add environment variable
- Fixed crash when CA is created with nsCertType
- Enhanced version detection
- Changed command for openssl due to changed openssl behavior
regarding fingerprints
- Added "friendly name" to PKCS#12 export
- Corrected exit call
PR: ports/101558
Submitted by: maintainer (Janos Mohacsi)
- PurePerl.pm has used "eval" to try MIME::Base64 & Digest::base, so
add these dependencies.
PR: ports/101406
Submitted by: Gea-Suan Lin <gslin_AT_gslin dot org>
Approved by: maintainer (gkovesdan_AT_t-hosting dot hu)
will be linked against it anyway, not against a system one.
PR: ports/101439
Submitted by: Stanislav Sedov <ssedov at mbsd.msk.ru>
Approved by: David Thiel <lx at redundancy.redundancy.org> (maintainer)
I have jumped in over my head with maintaining the port, both in terms of my
skills with significantly modifying a port (particularly in getting the port
from 2.4.5 to 2.6.0), not using snort enough to really test the full package,
and not enough time to improve the port.
With that said, there still is ports/99862 that is still open (re: bring
security/snort to 2.6.0) which I have it the wall on trying to get the port
to deinstall cleanly due to the optional nature of some components. I will
continue to help out with other ports that I can take on and those that I
can still take on maintainership.
PR: ports/101526
Submitted by: Linh Pham <question+fbsdports@closedsrc.org> (maintainer)
Kerberos V5 is an authentication system developed at MIT.
(Linux version)
WWW: http://web.mit.edu/kerberos/
- New port: security/linux-openssl
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
(TLS v1) protocols with full-strength cryptography world-wide. The
project is managed by a worldwide community of volunteers that use
the Internet to communicate, plan, and develop the OpenSSL tookit
and its related documentation.
OpenSSL is based on the excellent SSLeay library developed by Eric
A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under
an Apache-style licence, which basically means that you are free
to get and use it for commercial and non-commercial purposes subject
to some simple license conditions.
(Linux version)
WWW: http://www.openssl.org/
Approved by: garga (mentor)
This commit should largele be a NOOP as it only adds support
for DESTDIR undefined. This does allow us to start testing
ports with DESTDIR set, but this is as of yet not supported.
Although this has been extensively tested on pointyhat, this
is a very intrusive change and some cases may have been
overlooked. Please contact Gabor and me if you find any.
PR: 100555
Submitted by: gabor
Sponsored by: Google Summer of Code 2006
since September 2005, with an EXPIRATION_DATE of 2006-08-31,
as all free license keys that still might be in use should
have expired by then.
If anyone is actually using this port with a commercial
license key, feel free to adopt this port. Otherwise this
port will be deleted after the above EXPIRATION_DATE.
Approved by: netchild
The GNOME Password Manager - GPass for short - is a simple
application, written for the GNOME 2 desktop, that lets you manage a
collection of passwords. The password collection is stored in an
encrypted file, protected by a master-password.
GPass is released under the GNU GPL2 licence.
Features:
* Clean and easy-to-use user interface.
* Quick-search facility.
* Username and password may easily be copied to the clipboard.
* Encryption is done using the OpenSSL cryptographics library.
* The built-in password generator helps you generate secure passwords.
* You can launch a website and the associated username/passwords
direct from GPass
Author: Kouji TAKAO <kouji -at- netlab.jp>
WWW: http://projects.netlab.jp/gpass/
PR: ports/100845
Submitted by: ports_at_c0decafe.net <ports at c0decafe.net>
Approved by: garga (mentor)
It will be based on Ruby instead of perl, have a different license, and some
utilities (msfconsole, msfencode...) will conflict with the current metasploit
package.
This update comes to preempt the conflicts and to clarify the pkg-descr.
Bump PORTREVISION.
PR: ports/101090
Submitted by: Yonatan (maintianer)
yet and are unable to tell what the naming scheme will be with
those patches. We can narrow down the scope later, we should
not do so before we know the mentioned scheme.
Triggered by: sem
some fpc ports.
- Added PORTREVISION for each port
- Fixed pkg-plist on fpc-gtk2 and fpc-gtk ports
- Fixed the gtk, glib and gdk libraries linking for fpc-gtk
- Removed obsolete patches from fpc-gtk. Now it's using ${REINPLACE_CMD}
- Removed post-extract from fpc-fcl. I just added it to makefiles.units file
Approved by: garga (mentor)
the man page) and README.openvpn-down-root
2 - match rc.d filename as printed post install in pkg-message to actual file
name on newer systems (which use openvpn rather than openvpn.sh)
Reported by: Jean-Baptiste Quenot (Bcc'd)
The maintainer wishes to thank Jean-Baptiste for his report and patience.
3 - add a pkg-req script to prevent installation of 6.1 packages on older
machines, which is a frequent source of "rc.d script doesn't work"
complaints.
Added file(s):
- files/pkg-req.in
PR: ports/100917
Submitted by: Matthias Andree (maintainer)
the format string exploit fixes that were also in the patch in 4.2.0_1 (hence
removed).
- Also updating master site to the new official one.
PR: ports/100952
Submitted by: David Thiel (maintainer)
- Mark IGNORE on !i386, due to a run-time issue.
- Use DATADIR macro in pkg-plist while here.
PR: ports/99949
Submitted by: shaun (me)
Approved by: Maintainer timeout (19 days)
In the code, the author uses two level hash, and IPC::Shareable
will create a share memory for those anonymouse object (the second
level hash). Those share memory will not be removed when sshit exists
or when the rule is removed. Running sshit for a period of time,
the number of share memory and semaphore will reach the limit for
one process, then sshit.pl can not get more share memory, thus it
quits. The only solution is to manually remove all share memory and
semaphore.
This is somehow the limitation of using IPC::Shareable. To workaround
this problem. The patch will removes associated firewall rules when
syslogd closes the fd [1], and use IPC::Shareable->clean_up
to remove all shm/sem created by this process. I also set 'destroy'
to 1 so the shm tied to %list can be removed.
The second hunk is to fix a typo for ipfw2. Due to this typo,
ip in ipfw2's table cat not be removed. That means once blocked,
the client is blocked until reboot or admin cleanup the table.
[1] if any log files are rotated, newsyslog sends a HUP to syslogd,
syslogd will close *all* current open fd and reopen them. At
that time, the sshit.pl's stdin will be closed, thus the main
program will exit.
PR: ports/100726
Submitted by: Alex Samorukov <samm at os2.kiev.ua>
Approved by: Jui-Nan Eric Lin <jnlin at csie.NCTU.edu.tw> (maintainer)
Obtained from: rafan
- Port now installs some extra documentation into ${DOCSDIR}.
- Added pkg-message and pkg-plist to port.
PR: ports/100897
Submitted by: maintainer (andrew_AT_arda dot homeunix)
"Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project
have found several format string security bugs in osiris, a network-wide
system integrity monitor control interface. A remote attacker could
exploit them and cause a denial of service or execute arbitrary code."
PR: ports/100793
Submitted by: David Thiel (maintainer)
Security: CVE-2006-3120
CHANGES:
- Added parsing for multiple route-to's
- Added parsing of "set skip" statements
- Added Optionsclass unit test script
- Fixed the natedit page so that is reloads automatically when it should.
- Fixed a small XHTML compliance problem which sometimes would generate &
instead of &
- Moved the stylesheet fromt the body to the header on a lot of web scripts
for xhtml compliance reasons
- Changed from statically defining font size on the screen to a relative
measurement. This allows changing of font size on IE
connections into Tor.
trans-proxy-tor is a transparent proxy
that uses PF to redirect TCP connections
through Tor (http://tor.eff.org/).
Programs that aren't aware of Tor
will use it without their knowledge,
and their traffic no longer leaves the
system unencrypted.
PR: ports/99034
Submitted by: Fabian Keil <fk at fabiankeil.de>
