new its4 port: C/C++ src security scanner

security/its4/Makefile

@@ -0,0 +1,37 @@
+# Makefile for:		its4
+# Version required:	1.0
+# Date created:		21 Feb 2000
+# Whom:			dugsong@monkey.org
+#
+# $OpenBSD: Makefile,v 1.1.1.1 2000/02/22 02:15:54 dugsong Exp $
+
+DISTNAME=	its4-1.0
+
+CATEGORIES=	security
+
+MAINTAINER=	dugsong@monkey.org
+
+MASTER_SITES=	see-do-fetch-target
+
+EXTRACT_SUFX=	.tgz
+
+HAS_CONFIGURE=	yes
+
+CONFIGURE_ARGS=	--prefix=${PREFIX} --datadir=${PREFIX}/share/its4
+
+do-fetch:
+	@if [ ! -f ${DISTDIR}/${DISTFILES} ]; then \
+	   ${ECHO} "" ; \
+	   ${ECHO} "  The source to this port may not be automatically fetched" ; \
+	   ${ECHO} "  due to licensing restrictions. You MUST fetch the source" ; \
+	   ${ECHO} "  manually after reading and agreeing to the license at:" ; \
+	   ${ECHO} "" ; \
+	   ${ECHO} "      http://www.rstcorp.com/its4/download.html" ; \
+	   ${ECHO} "" ; \
+	   ${ECHO} "  Once ${DISTFILES} has been downloaded, move it to ${DISTDIR}" ; \
+	   ${ECHO} "  and then restart this build." ; \
+	   ${ECHO} "" ; \
+	   exit 1 ; \
+	fi
+
+.include <bsd.port.mk>

security/its4/files/md5

@@ -0,0 +1,3 @@
+MD5 (its4-1.0.tgz) = bcf4c815b8d6d114e98b78e8db03141d
+RMD160 (its4-1.0.tgz) = 89d160550b416144e3d9e6084694e8c5ba307e49
+SHA1 (its4-1.0.tgz) = b396ec9c08988ceda11b54ca255a33f2cbd44d06

security/its4/patches/patch-aa

@@ -0,0 +1,16 @@
+--- configure.orig	Mon Feb 21 11:53:17 2000
++++ configure	Mon Feb 21 21:08:39 2000
+@@ -192,11 +192,12 @@
+ ###### Check for snprintf()
+ printf %s "Checking for snprintf()... " 1>&5
+ cat >tmp.c <<EOF
++#include <stdio.h>
+ #include <string.h>
+ int main()
+ {
+     char buf[12];
+-    snprintf(buf, "%s", 2, "foof");
++    snprintf(buf, 2, "%s", "foof");
+ }
+ EOF
+ if `${CC} tmp.c 2>/dev/null`; then 

security/its4/patches/patch-ab

@@ -0,0 +1,11 @@
+--- Makefile.in.orig	Mon Feb 21 11:53:17 2000
++++ Makefile.in	Mon Feb 21 21:04:29 2000
+@@ -9,7 +9,7 @@
+ 	purify 	$(CC) -o $(PROGNAME) $(OBJECTS)
+ 
+ .C.o:
+-	$(CC) -c -DDATA_DIR=$(INSTALL_DATADIR) $(EXTRA_FLAGS) ${OPTIMIZATION} $<
++	$(CC) $(CFLAGS) -c -DDATA_DIR=$(INSTALL_DATADIR) $<
+ 
+ remake: clean all
+ 

security/its4/pkg/COMMENT

@@ -0,0 +1 @@
+scan C/C++ source code for security problems

security/its4/pkg/DESCR

@@ -0,0 +1,13 @@
+from http://www.rstcorp.com/its4/
+
+ITS4 scans source code, looking for function calls that are
+potentially dangerous. For some calls, ITS4 tries to perform some code
+analysis to determine how risky the call is. In each case, ITS4
+provides a problem report, including a short description of the
+potential problem and suggestions on how to fix the code.
+
+ITS4 and its source code are provided here for non-commercial use to
+the security community.
+
+-d.
+

security/its4/pkg/PLIST

@@ -0,0 +1,4 @@
+bin/its4
+share/its4/vulns.i4d
+man/man1/its4.1
+@dirrm share/its4