original package changes:
- fixed invalid filename encoding with german umlauts in base64
- Fixed display of UTF8 characters in the GUI
- Add environment variable
- Fixed crash when CA is created with nsCertType
- Enhanced version detection
- Changed command for openssl due to changed openssl behavior
regarding fingerprints
- Added "friendly name" to PKCS#12 export
- Corrected exit call
PR: ports/101558
Submitted by: maintainer (Janos Mohacsi)
- PurePerl.pm has used "eval" to try MIME::Base64 & Digest::base, so
add these dependencies.
PR: ports/101406
Submitted by: Gea-Suan Lin <gslin_AT_gslin dot org>
Approved by: maintainer (gkovesdan_AT_t-hosting dot hu)
will be linked against it anyway, not against a system one.
PR: ports/101439
Submitted by: Stanislav Sedov <ssedov at mbsd.msk.ru>
Approved by: David Thiel <lx at redundancy.redundancy.org> (maintainer)
I have jumped in over my head with maintaining the port, both in terms of my
skills with significantly modifying a port (particularly in getting the port
from 2.4.5 to 2.6.0), not using snort enough to really test the full package,
and not enough time to improve the port.
With that said, there still is ports/99862 that is still open (re: bring
security/snort to 2.6.0) which I have it the wall on trying to get the port
to deinstall cleanly due to the optional nature of some components. I will
continue to help out with other ports that I can take on and those that I
can still take on maintainership.
PR: ports/101526
Submitted by: Linh Pham <question+fbsdports@closedsrc.org> (maintainer)
Kerberos V5 is an authentication system developed at MIT.
(Linux version)
WWW: http://web.mit.edu/kerberos/
- New port: security/linux-openssl
The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
(TLS v1) protocols with full-strength cryptography world-wide. The
project is managed by a worldwide community of volunteers that use
the Internet to communicate, plan, and develop the OpenSSL tookit
and its related documentation.
OpenSSL is based on the excellent SSLeay library developed by Eric
A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under
an Apache-style licence, which basically means that you are free
to get and use it for commercial and non-commercial purposes subject
to some simple license conditions.
(Linux version)
WWW: http://www.openssl.org/
Approved by: garga (mentor)
This commit should largele be a NOOP as it only adds support
for DESTDIR undefined. This does allow us to start testing
ports with DESTDIR set, but this is as of yet not supported.
Although this has been extensively tested on pointyhat, this
is a very intrusive change and some cases may have been
overlooked. Please contact Gabor and me if you find any.
PR: 100555
Submitted by: gabor
Sponsored by: Google Summer of Code 2006
since September 2005, with an EXPIRATION_DATE of 2006-08-31,
as all free license keys that still might be in use should
have expired by then.
If anyone is actually using this port with a commercial
license key, feel free to adopt this port. Otherwise this
port will be deleted after the above EXPIRATION_DATE.
Approved by: netchild
The GNOME Password Manager - GPass for short - is a simple
application, written for the GNOME 2 desktop, that lets you manage a
collection of passwords. The password collection is stored in an
encrypted file, protected by a master-password.
GPass is released under the GNU GPL2 licence.
Features:
* Clean and easy-to-use user interface.
* Quick-search facility.
* Username and password may easily be copied to the clipboard.
* Encryption is done using the OpenSSL cryptographics library.
* The built-in password generator helps you generate secure passwords.
* You can launch a website and the associated username/passwords
direct from GPass
Author: Kouji TAKAO <kouji -at- netlab.jp>
WWW: http://projects.netlab.jp/gpass/
PR: ports/100845
Submitted by: ports_at_c0decafe.net <ports at c0decafe.net>
Approved by: garga (mentor)
It will be based on Ruby instead of perl, have a different license, and some
utilities (msfconsole, msfencode...) will conflict with the current metasploit
package.
This update comes to preempt the conflicts and to clarify the pkg-descr.
Bump PORTREVISION.
PR: ports/101090
Submitted by: Yonatan (maintianer)
yet and are unable to tell what the naming scheme will be with
those patches. We can narrow down the scope later, we should
not do so before we know the mentioned scheme.
Triggered by: sem
some fpc ports.
- Added PORTREVISION for each port
- Fixed pkg-plist on fpc-gtk2 and fpc-gtk ports
- Fixed the gtk, glib and gdk libraries linking for fpc-gtk
- Removed obsolete patches from fpc-gtk. Now it's using ${REINPLACE_CMD}
- Removed post-extract from fpc-fcl. I just added it to makefiles.units file
Approved by: garga (mentor)
the man page) and README.openvpn-down-root
2 - match rc.d filename as printed post install in pkg-message to actual file
name on newer systems (which use openvpn rather than openvpn.sh)
Reported by: Jean-Baptiste Quenot (Bcc'd)
The maintainer wishes to thank Jean-Baptiste for his report and patience.
3 - add a pkg-req script to prevent installation of 6.1 packages on older
machines, which is a frequent source of "rc.d script doesn't work"
complaints.
Added file(s):
- files/pkg-req.in
PR: ports/100917
Submitted by: Matthias Andree (maintainer)
the format string exploit fixes that were also in the patch in 4.2.0_1 (hence
removed).
- Also updating master site to the new official one.
PR: ports/100952
Submitted by: David Thiel (maintainer)
- Mark IGNORE on !i386, due to a run-time issue.
- Use DATADIR macro in pkg-plist while here.
PR: ports/99949
Submitted by: shaun (me)
Approved by: Maintainer timeout (19 days)
In the code, the author uses two level hash, and IPC::Shareable
will create a share memory for those anonymouse object (the second
level hash). Those share memory will not be removed when sshit exists
or when the rule is removed. Running sshit for a period of time,
the number of share memory and semaphore will reach the limit for
one process, then sshit.pl can not get more share memory, thus it
quits. The only solution is to manually remove all share memory and
semaphore.
This is somehow the limitation of using IPC::Shareable. To workaround
this problem. The patch will removes associated firewall rules when
syslogd closes the fd [1], and use IPC::Shareable->clean_up
to remove all shm/sem created by this process. I also set 'destroy'
to 1 so the shm tied to %list can be removed.
The second hunk is to fix a typo for ipfw2. Due to this typo,
ip in ipfw2's table cat not be removed. That means once blocked,
the client is blocked until reboot or admin cleanup the table.
[1] if any log files are rotated, newsyslog sends a HUP to syslogd,
syslogd will close *all* current open fd and reopen them. At
that time, the sshit.pl's stdin will be closed, thus the main
program will exit.
PR: ports/100726
Submitted by: Alex Samorukov <samm at os2.kiev.ua>
Approved by: Jui-Nan Eric Lin <jnlin at csie.NCTU.edu.tw> (maintainer)
Obtained from: rafan
- Port now installs some extra documentation into ${DOCSDIR}.
- Added pkg-message and pkg-plist to port.
PR: ports/100897
Submitted by: maintainer (andrew_AT_arda dot homeunix)
"Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project
have found several format string security bugs in osiris, a network-wide
system integrity monitor control interface. A remote attacker could
exploit them and cause a denial of service or execute arbitrary code."
PR: ports/100793
Submitted by: David Thiel (maintainer)
Security: CVE-2006-3120
CHANGES:
- Added parsing for multiple route-to's
- Added parsing of "set skip" statements
- Added Optionsclass unit test script
- Fixed the natedit page so that is reloads automatically when it should.
- Fixed a small XHTML compliance problem which sometimes would generate &
instead of &
- Moved the stylesheet fromt the body to the header on a lot of web scripts
for xhtml compliance reasons
- Changed from statically defining font size on the screen to a relative
measurement. This allows changing of font size on IE
connections into Tor.
trans-proxy-tor is a transparent proxy
that uses PF to redirect TCP connections
through Tor (http://tor.eff.org/).
Programs that aren't aware of Tor
will use it without their knowledge,
and their traffic no longer leaves the
system unencrypted.
PR: ports/99034
Submitted by: Fabian Keil <fk at fabiankeil.de>
dns-proxy-tor is a DNS server that stops
DNS leaks with applications that don't support
or aren't configured to use socks4a or Tor's DNS
resolution.
WWW: http://http://p56soo2ibjkx23xo.onion/
PR: ports/99033
Submitted by: Fabian Keil <fk at fabiankeil.de>
to use Crypt::Rijndael where available. This implementation is really
slow, but I am working on it.
WWW: http://search.cpan.org/dist/Crypt-Rijndael_PP/
PR: ports/100262
Submitted by: Gea-Suan Lin <gslin at gslin.org>
- Unbreak vuln.xml format by adding content to the references section.
- Remove vulnerabilities already documented in
40a0185f-ec32-11da-be02-000c6ec775d9.
which I can test fixes for those. [1]
- update to use OPTIONS for Postgres and Subversion support. [1]
- enable all the optional modules. [1]
- mark broken on 4.x [2]
PR: ports/100131
Submitted by: maintainer [1], me (itetcu) [2]
come standard on most unix-like distributions. This allows you to check
passwords against dictionaries of words to ensure some minimal level of
password security.
From the cracklib README
CrackLib makes literally hundreds of tests to determine whether you've
chosen a bad password.
* It tries to generate words from your username and gecos entry to tries
to match them against what you've chosen.
* It checks for simplistic patterns.
* It then tries to reverse-engineer your password into a dictionary
word, and searches for it in your dictionary.
- after all that, it's PROBABLY a safe(-ish) password. 8-)
WWW: http://pecl.php.net/package/crack
PR: ports/94244
Submitted by: Bill Moran <wmoran at collaborativefusion.com>
Prelude-LML Changes:
- Fix a bug where some rules marked silent would trigger an alert.
- Load Sonicwall and Spamassassin ruleset by default.
- Fix rule syntax problem in Sonicwall ruleset.
- Fix rule indexing problem in Squid ruleset.
- Postfix rule consistency fix.
PR: ports/100063
Submitted by: maintainer (Robin Gruyters)
for multiple pcap.h files and aborts with an error message, if more
than one is actually present. This appears to be a pre-caution to
prevent building with pcap.h from one version and running with a
library belonging to another one ...
While I see the value of such a test, it prevents building on systems
before 5.0 (where it requires a port version of libpcap). After some
testing I'm quite confident, that the port will build correctly (i.e.
without version mismatch between header and library), if the port
version of libpcap is present.
The libpcap port is used instead of the system version, if present.
In that case, yersinia is statically linked with libpcap.
The problem was detected by jau at iki dot fi (Jukka A. Ukkonen).
PR: 99869
during the upgrade of the port:
- A gtk-2 enabled version is built unless configure is invoked
with option --without-gtk (detected and reported by Pointyhat)
- Several fixes seem to be no longer required and patch files
can thus be removed
The port uses gtk if present, unless built with -DWITHOUT_GTK.
Building with gtk can be enforced via -DWITH_GTK (but this is
not the default for the package, because of the large dependency
list).
announcements about setups which are not affected. To avoid having
to reference two documents simply reference the release notes for
all the information (it's basically the same as the changelog with
slightly different wording).
- Add a modified date tag.
- Update HPN patch to hpn12. Now none cipher are configured in run time. [2]
Notified by: Peter Losher <plosher___plosh.net> [1], Scott Larson <stl___iowainteractive.com> [2]
- Point configure at ${LOCALBASE} instead of ${PREFIX} when looking for the
libraries.
- Use ${DATADIR} where appropriate.
PR: 99619
Submitted by: Richard Bejtlich <taosecurity@gmail.com>
Patch by: stefan
Approved by: maintainer
arved (mentor)
meaning that you cannot administrate an OpenVPN server with it (Look for kvpnc
if you want such a program). You can use it to connect and disconnect without
needing to open a console. You can also input username and/or password that
might be needed.
In Short: It can do everything an end-user want's for his everyday work with
OpenVPN.
WWW: http://www.enlighter.de/
--Anderson S. Ferreira <anderson@cnpm.embrapa.br>
PR: ports/95709
Submitted by: anderson@cnpm.embrapa.br
* ADMIN_EMAIL pref can now contain multiple email addresses delimited by a
comma (white space is optional). eg. foo@bar.com, bar@foo.com,
foobar@foo.com
* fixed bug in denyfileutil: 'timestamp' is now initialized properly
* daemon-control-dist: modified to work w/ non-default python versions. You
must change the PYTHON_BIN and #!/bin/env/python references if appropriate.
* added a debug message when loading allowed-hosts fails.
* fixed bug when reporting suspicious login activity.
PR: ports/99636
Submitted by: maintainer
architectures, the other fixes a critical problem that causes the program to
use 100% of the CPU. Both added them to the port.
PR: ports/99596
Submitted by: maintainer
