2)Was installing into a directory but not removing it with the rest of
the package.
3)Now supports NOPORTDOCS (which isn't documented in Mk/bsd.port.mk)
This is a library, which contains a safe reincarnations
of strcpy/strcat/sprintf and some other functions,
which is known to be a source to 99% of stack smashing
attacks since Morrison Worm.
PR: ports/9279
Submitted by: Alexandre Snarskii <snar@paranoia.ru>
commenting out MASTER_SITES.
Modify the IGNORE= message a little, and use ${DISTFILES} to describe
the file to fetch so that the message doesn't have to be modified every
time the port is updated.
the diffs are trashed because Makefile.org is used as a basis for
Makefile.ssl during configuration. Now that patch-ab is applied correctly
libRSAglue.a is installed.
- add patch-aj obtained from the OpenSSL CVS repository:
"Make sure the RSA OAEP test is skipped under -DRSAref because
OAEP isn't supported when OpenSSL is built with RSAref."
According to the OpenSSL-core-team you are strongly encouraged to upgrade
any old version. The new version has a lot of bug fixes.
- ${PREFIX}/bin/ssleay was renamed to ${PREFIX}/bin/openssl and
${PREFIX}/etc/ssleay.cnf to ${PREFIX}/lib/openssl.cnf
- there are no links from e. g. ${PREFIX}/bin/md5 to ${PREFIX}/bin/ssleay
any longer, instead you have to call "openssl md5" now
- replaced HAS_CONFIGURE, CONFIGURE_SCRIPT and CONFIGURE_ENV with a
do-configure target and changed the indention level
- some perl scripts need perl5 now, so set USE_PERL5 and replace perl
with ${PERL5} where neccessary.
- honour ${CFLAGS}
(2) Reorganize MASTER_SITEs
(3) Remove reference to Phil Karn's ssh speedups, it is now distributed
as a full source package, and not a patch kit. If we want to use it,
we will have to make a new port for it.
(4) Use ${ECHO} instead of echo, ${RM} instead of rm, ${LN} instead of ln
(5) Use ${FALSE} instead of false
(6) Remove multiple blank lines in Makefile
(7) Remove trailing blank lines in pkg/DESCR
Submitted by: Alex Perel <veers@disturbed.net> (1, 2, 4, 6)
Bill Fumerola <billf@FreeBSD.org> (3, 5, 7)
brief discussion on -committers, tcp_wrappers will be imported into the base
system which will allow us to build our system portmapper with hosts.allow
functionality.
Apply openssl-0.9.1c-bnrec.patch via PATCHFILES:
"DESCRIPTION:
The Big Number (BN) library in OpenSSL 0.9.1c has some problems when dealing
with very large numbers. Because mostly all other OpenSSL sub-libraries
(including the RSA library) are based on BN, this can cause failures when
doing certificate verification and performing other SSL functions. These BN
bugs are already fixed for OpenSSL 0.9.2. But for OpenSSL 0.9.1c the easiest
workaround to fix the subtle problems is to apply the above patch which mainly
disables the broken Montgomery multiplication algorithm inside BN."
bsd.port.mk rev. 1.304 for details on the change.
The fix here is one of the following.
(1) Define USE_BZIP2 instead of BUILD_DEPENDS on bzip2 and redefining
EXTRACT_* commands.
(2) Change ${EXTRACT_CMD} to ${TAR} when the command is obviously
calling the "tar" command (i.e., arguments like "-xzf" are spelled
out).
(3) If ${EXTRACT_CMD} is called directly with ${EXTRACT_BEFORE_ARGS},
add ${EXTRACT_AFTER_ARGS} to the command line as well.
(4) If any of EXTRACT_CMD, EXTRACT_BEFORE_ARGS or EXTRACT_AFTER_ARGS
is set, define the other two too.
* Let the install target print correct location of the conf file.
* Use CFLAGS+= instead of commenting it out.
* Add -DPREFIX="${PREFIX}" to the CFLAGS.
Requested by: Garrett Wollman <wollman@FreeBSD.ORG>:
"If you have an RSA license, you DON'T want to use rsaref -- it's
slow as hell. The only reason you would want to use rsaref is:
1) You are in the US.
2) The patent hasn't expired yet (600-someodd days and counting).
3) You wouldn't have the right to use RSA otherwise."
Use newly introduced %%PARL_ARCH%% for dirname of architecture
dependent libraries.
(i.e. s!%%PERL_VER%%/i386-freebsd!%%PERL_VER%%/%%PERL_ARCH%%!)
Approved by: asami
OpenSSL is a successor of SSLeay (see http://www.openssl.org/).
This port uses almost the same files as SSLeay. So they can't be
installed both.
- make the port ${PREFIX} clean
- reorganize PLIST (list links as normal files, which makes the PLIST
shorter and easier to maintain)
- reference ${PREFIX}/etc/ssleay.cnf only (there was a reference to
${PREFIX}/lib/ssleay.cnf somewhere)
- some other minor portlint changes
This port requireat least s version 1.41 of the Qt library.
There will be an error reported by configure, if only an earlier
version is found, but no automatic port dependency exists (i.e.
the x11-toolkits/qt141 port has to be manually built and installed).
There may still be a problem with a missing -lXext in the kdesupport
port. This will be taken care of during the next few days, if the
problem still exists ...
dependencies to perl5 in -current. This might cause some unwanted
perl5 installations on -stable (if it was originally RUN_DEPENDS,
perl5 will now be installed during build too, etc.), but its lifetime
is limited anyway.
This program filters the tcpump raw packet data looking for logins and
passwords on the most commonly used tcp ports (ftp telnet pop3 ...).
It dumps sniffed data to a file named sniff.log
PR: 9039
Submitted by: admin@righi.ml.org
Sentry is part of the Abacus Project suite of security tools.
It is a program designed to detect and respond to port scans
against a target host in real-time. There are other port scan
detectors that peform similar detection of scans,but the Sentry
has some unique features that may make it worth looking into.
PR: ports/5475
Submitted by: chris@still.whet.org
order I've ever seen. Haven't these guys ever done Unix programming
before?
* Quiet some compiling warnings. For "security" software, this code should
NOT have as many warnings and unused vars as it does.