I don't have the time to give to many of the ports I maintain at
the moment. I wasn't expecting to be so busy this summer ...
Please set all my ports back to ports@freebsd.org.
PR: ports/56935
Submitted by: Dominic Marks <dom@wirespeed.org.uk>,Clement Laforet <sheepkiller@cultdeadsheep.org>,Oliver Eikemeier <eikemeier@fillmore-labs.com>
When attempting to build the didentd port on FreeBSD 5.1-R, it
fails in get_info4.c and get_info6.c with a complaint that it
does not know the size of variable 'uc'.
PR: 56332
Submitted by: Pat Lashley <patl+freebsd@volant.org>
Approved by: maintainer timeout (3 weeks)
caused by ${WRKSRC}/Makefile.
- Fix the "extra tokens at end of #else directive" warnings in
${WRKSRC}/sysdep/freebsd/sysdep-os.h on -current.
- Fix some format strings in ${WRKSRC}/conf.c and ${WRKSRC}/sa.c for 64 bit
systems (obtained from NetBSD).
- Move the delta patching ${WRKSRC}/Makefile from patch-ab (priviously
patching ${WRKSRC}/samples/Makefile and ${WRKSRC}/Makefile) to patch-aa
(patching ${WRKSRC}/Makefile).
- Build and install certpatch(8), a quite usefull tool to add subjectAltName
identities to X.509 certificates.
Submitted by: Marius Strobl <marius@alchemy.franken.de>
Dropbear is an SSH 2 server, designed to be usable in small
memory environments.
It supports:
* Main features of SSH 2 protocol
* Implements X11 forwarding, and authentication-agent forwarding
for OpenSSH clients
* Compatible with OpenSSH ~/.ssh/authorized_keys public key
authentication
WWW: http://matt.ucc.asn.au/dropbear/dropbear.html
PR: ports/55795
Submitted by: Clement Laforet <sheepkiller@cultdeadsheep.org>
One-file-port, from @stake. This dumps information from
remote RPC. Much like "rpcinfo -p host" on unix hosts.
Please check my patches: I removed an unused function so
this wouldn't be marked as a security sensitive port, and
I'm not sure my Makefile change respects CFLAGS.
PR: ports/46991
Submitted by: Yonatan@xpert.com <Yonatan@xpert.com>
This is a sample script for ${PREFIX}/etc/rc.d that will
wake snort up on boot, and take it down on shutdown. Nothing
fancy here. This is needed, because I'm planning on teaching
ACID many new things, and ACID expects snort to help itself.
There is only one thing that requires thinking here: This
should run only after {MySQL|PostgreSQL} server is up, as
snort might want to report to the local server.
PR: ports/49047
Submitted by: Yonatan@xpert.com <Yonatan@xpert.com>
Approved by: maintainer timeout
Web server fingerprinting tool, used to identify web servers
that changed thier banners.
PR: ports/50754
Submitted by: Yonatan@xpert.com <Yonatan@xpert.com>
I finnaly got fed up with that FAQ about chkrootkit. The
solution was either to add a Q+A to the FAQ or fix the port.
This introduce a new variable, FreeBSD5, that is set to
"yes" if we're running FreeBSD 5 or higher.
This variable is used to fix the tests of the following
binaries, so they would DTRT on FreeBSD 5: chfn chsh date
ls ps
I also fixed a bug in the cheking of vdir, but it's irrelevant
for FreeBSD.
Informed maintainer.
PR: ports/55919
Submitted by: Yonatan@xpert.com <Yonatan@xpert.com>
multiprecision integer arithmetic libraries. Presently,
many though not all of the arithmetic operations that
OpenSSL provides are exposed to perl. In addition,
this module can be used to provide access to bignum
values produced by other OpenSSL modules, such as key
parameters from Crypt::OpenSSL::RSA.
I'll be happy to take maintainership over this one. I removed
the BROKEN notice on versions older than 3, as this was
completely rewritten and I feel somewhat optimistic today.
Please tell me if this is proves wrong. The patch to change
the Makefile is also not required anymore, I hope the
configure is doing the right magic, as I haven't tested it
when PREFIX!=/usr/local
PR: ports/54473
Submitted by: Yonatan@xpert.com <Yonatan@xpert.com>
TinyCA is a simple graphical userinterface written in Perl/Tk
to manage a small CA (Certification Authority).
PR: 54571
Submitted by: Janos Mohacsi <janos.mohacsi@bsd.hu>
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
Chase makesum; the author retar the current tarball by updating these
modules since its release (05.27.2003 - 08.18.2003):
nikto_outdated.plugin 1.08
- Fixed nasty regex bug in the version eval, and made more efficient. Pointed out by fr0stman, thx Zeno for assistance
nikto_core.plugin 1.15
- Bugfix: only scanning port 80 when multiple ports are specified by CLI argument. Thanks to Martin Macok for submitting a bug report.
nikto_headers.plugin 1.07
- Added Host header back after delete in IIS Content-Location check. Thanks to Abdi Ponce for the bug report & debug.
nikto_httpoptions.plugin 1.04
- Changed PROPPATCH, TRACK, TRACE messages. Changed PROPFIND message, thanks to Jericho for tracking down some good info on it. Added SEARCH message.
nikto_user_enum_apache.plugin 1.02
- Bugfix: some user names not tested (zz, zzz, etc.)
- Major rewrite for speed improvements
Obtained from: bento
mail admins
Scan Apache log files for CodeRed, Nimda, FormMail, proxy
scanners and other malicious probes. For each one found,
track down the contact email from WHOIS data and send a
notice. Built-in rate controls prevent flooding an admin
even when his machines are scanning at high rates. Runs as
a non-privileged cron job to not interfere with the HTTP
daemon's operation.
Notes to committer:
1. This port installs a user and a group "hunch". It doesn't
meet the conditions listed in the handbook for a "reserved"
uid/gid.
2. portlint will complain about the port. A lot. To the
best of my judgment all of the warnings can be ignored
with the exception of the one about BATCH which I could
find no documentation for. Therefore it is setting
IS_INTERACTIVE.
PR: ports/44836
Submitted by: Dan Pelleg <daniel+hunch@pelleg.org>
Module::Signature adds cryptographic authentications to CPAN
distributions, via the special SIGNATURE file.
If you are a module user, all you have to do is to remember
running "cpansign -v" (or just "cpansign") before issuing
"perl Makefile.PL" or "perl Build.PL"; that will ensure the
distribution has not been tampered with.
For module authors, you'd want to add the SIGNATURE file to
your MANIFEST, then type "cpansign -s" before making a distribution.
Submitted by: autrijus@autrijus.org
- fix dependency on devel/p5-IO, which should only be used when
perl older than 5.6.1 is installed.
- enable cpio for extraction of tar archives, which uses much less
memory than Archive::Tar (suggested by amavisd-new author)
PR: 56013
Submitted by: Blaz Zupan <blaz.zupan@amis.net>
(thanks Paulius Bulotas for reporting)
- Avoid ever touching existing configs by installing example files
with .sample suffix into ${PREFIX}/etc; do not install duplicates
in ${EXAMPLESDIR}
- Removed unneeded @cwd in pkg-plist
- Bump PORTREVISION due to changed package
PR: 55971
Submitted by: Sergei Kolobov <sergei@kolobov.com>
The isakmpd port comes with a pcap.h that is not compatible
with the FreeBSD pcap.h. As a result, the pcap file written
by isakmpd has an incorrect 'linktype' in the header. Thus,
if one tries to use the pcap file with a FreeBSD tool like
tcpdump, the packets are incorrectly (read: not at all)
decoded.
PR: ports/55940
Submitted by: James E. Flemer <jflemer@alum.rpi.edu>
ADM smb is a security scanner for Samba
/* based on the src of the smbclient from the samba team */
ADMsmb will perform a complete audit of samba for you on a host you
provide.
PR: ports/53696
Submitted by: Jacek Serwatynski <tutus@trynet.eu.org>
Call bspatch with a full path; this fixes problems where
people are running freebsd-update with a PATH which doesn't
include /usr/local/bin
PR: ports/55869
Submitted by: Colin Percival <cperciva@daemonology.net>
Call bspatch with a full path; this fixes problems where
people are running freebsd-update with a PATH which doesn't
include /usr/local/bin
PR: ports/55869
Submitted by: Colin Percival <cperciva@daemonology.net>
This module lets you generate secure random passwords
with a reasonable amount of pronounceability. It avoids
the problems associated with the FIPS-181 NIST standard
as used by Crypt::RandPasswd. See perldoc for more
details.
PR: 55575
Submitted by: andrew@scoop.co.nz
Also: [2]
* respect to ${CC}
* save three bytes in pkg-plist (use %%DOCSDIR%%)
* save more bytes in Makefile (by remove refuse `/' and
optimize ${INSTALL_DATA} rules)
Submitted by: Yonatan@xpert.com <Yonatan@xpert.com> (maintainer) [1],
osa [2]
PR: 55532
every day or snapshots have to be preserved elsewhere, this patch changes
the master_sites to a mirror which keeps the clamav-devel package for a
longer time. And while we're at it update to the latest snapshot.
PR: 55294
Submitted by: Rob Evers <rob@debank.tv>
Official KDE 3.1.3 announcement:
http://www.kde.org/announcements/announce-3.1.3.php
(may not work until a few hours after this commit - we jumped the gun a little
in order to have the update in place at the time the security notifications for
KDE 3.1.2 will be released together with the announcement of KDE 3.1.3).
Changelog from 3.1.2 to 3.1.3 release:
http://www.kde.org/announcements/changelogs/changelog3_1_2to3_1_3.php
Thanks and credits need to go to the whole KDE-FreeBSD team, as well
as everyone on kde@freebsd.org for providing feedback, reporting bugs
and just using the KDE ports.
Approved by: will (real mentor asleep)
Update s_server.c by the following instruction from the openssl changelog
*) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
the clients preferred ciphersuites and rather use its own preferences.
Should help to work around M$ SGC (Server Gated Cryptography) bug in
Internet Explorer by ensuring unchanged hash method during stepup.
(Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
[Lutz Jaenicke]
PR: 54280
Submitted by: Gea-Suan Lin <gslin@netnews.NCTU.edu.tw>
by cyrus-sasl2-saslauthd. Since if Sendmail.conf is not installed,
SASL2 uses auxprop by default, it is enough to install Sendmail.conf
by saslauthd port.
4278 Emergency Dat release due to:
Some customers have reported a problem with
using the 4277 DATs on Microsoft Windows 9x/ME
operating systems. This DAT release has been
issued to correct this problem. This does not
effect systems running any other operating system
Since new variants of DOWNLOADER-DI have been
mass-mailed to end users since the 4277 release,
we are also taking this opportunity to add
detection for these new variants in this release.
***********************************************
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
Add a patch to fix a u_int_16 overflow after new merged gcc.
Submitted by: Pyun YongHyeon <yongari@kt-is.co.kr>
Reviewed by: maintainer
tested ok by: all current platforms
