parameter to daemonize, move the parameter from daemon to daemon_flags,
so that the user cannot inadvertently prevent it from daemonizing by
adjusting the flags.
Discussed with ajacoutot and schwarze, this method was suggested
by schwarze@ as a simpler alternative to my diff. ok aja@
The libSRTP library is an open-source implementation of the Secure
Real-time Transport Protocol (SRTP) originally authored by Cisco
Systems, Inc.
ok benoit@
Botan is a crypto library written in C++. It provides a variety of
cryptographic algorithms, including common ones such as AES, MD5, SHA,
HMAC, RSA, Diffie-Hellman, DSA, and ECDSA, as well as many others that
are more obscure or specialized. It also offers X.509v3 certificates
and CRLs, and PKCS #10 certificate requests. A message processing
system that uses a filter/pipeline metaphor allows for many common
cryptographic tasks to be completed with just a few lines of code.
Assembly optimizations for common CPUs, including x86, x86-64, and
PowerPC, offers further speedups for critical tasks such as SHA-1
hashing and multiple precision integer operations.
from brad
tested by aja@ and me@
ok aja@
SSL 2.0 is disabled by default.
A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack
demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default.
SHA-224 is supported.
additional blacklist CA's. Malaysia-based DigiCert Sdn. Bhd
Ok sthen@
Start using MODRUBY_REGRESS with ruby, rspec2, and testrb entries.
Switch away from manual do_regress targets where possible. Add
some patches to make regress tests run for some ports.
couple of fallouts. Note that these ports are only the ones that used to
have a direct dependency on devel/libusb so there may be some other
hidden ports that may break because of the switch. If that's the case,
no need to start ranting all over but instead tell me which one(s)
break. Thanks.
Note: sysutils/nut hasn't been fixed yet but will be today.
in typical clamav tradition, release notes say "ClamAV 0.97.3 is a
minor bugfix release and is recommended for all users", secunia says:
A vulnerability has been reported in ClamAV, which can be exploited by
malicious people to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system.
The vulnerability is caused due to errors related to the handling of
recursion levels within the "cli_bcapi_extract_new()"
(libclamav/bytecode_api.c) and "cli_bytecode_runhook()"
(libclamav/bytecode.c) functions, which can be exploited to e.g. cause
a crash via specially crafted files.
- note that this breaks p5-Mail-SpamAssassin regression tests,
as it removes obsolete SSLv2 support
- no USE_GROFF
- adjust Makefile to template
ok sthen
tests as they now depend on RSpec 2, and ports still only supports
RSpec 1.
The bcrypt C implementation in 3.0.0 is new, so the previous patches
are no longer necessary.
p11-kit provides a way to load and enumerate PKCS#11 modules. It
implements a standard discoverable configuration for installed PKCS#11
modules.
(this is needed for an upcoming gnutls update)
ok jasper@
This module implements the NTLM (Microsoft Windows NT LAN Manager)
authentication mechanism. It can be used to perform NTLM style
authentication for any desired protocol.
Feedback and OK gsoares@; OK landry@ sthen@.
protocol on client and server side. With libssh, you can remotely
execute programs, transfer files, use a secure and transparent tunnel
for your remote applications.
ok jasper@.
ok giovanni@.
ikeman is a tool designed to simplify management of X.509 public key
infrastructure used to create IPsec flows by isakmpd(8) or iked(8).
It displays all PKI data in a hierarchical view and can also create
new certificate authorities, sign new certificate requests and revoke
or un-revoke currently loaded certificates.
All this in a user-friendly ncurses GUI, which also warns user about
errors like already expired, revoked or not yet valid certificates.
SSLScan queries SSL services, such as HTTPS, in order to determine the
ciphers that are supported. SSLScan is designed to be easy, lean and
fast. The output includes prefered ciphers of the SSL service, the
certificate and is in Text and XML formats.
Heavily based on the FreeBSD port.
inputs from sthen@
ok jasper@
- tweaks patch-src_Makefile from sthen@ and jolan@
- remove jolan@ as maintainer per his request
- take maintainership
OK sthen@ jolan@
"get it in" jasper@
PLIST and delete everything under the @sample'd directory instead of the
directory itself to prevent a warning from pkg_delete(1) trying to
remove a non existing directory and to help preventing left-over files
and directories.
- set CONFIGURE_STYLE to gnu, remove ALL_TARGET
- set USE_LIBTOOL/SHARED_LIBS=
- PFRAG.shared is added
- remove unneeded patch
- adjust license name. ( PD -> Public Domain )
- regen PLIST
from sthen@
- remove NO_REGRESS (there is no test, but it doesn't
error out when you try to run it)
-tidy up whitespaces (USE_GROFF)
ok jasper@ sthen@
by accident (if ghc is installed but hs-mtl isn't).
Rule of thumb: if some hs-* port works with both mtl-1 and
mtl-2, let it depend on devel/hs-mtl. If it strictly requires
mtl-1, then don't let it depend on devel/hs-mtl (that part is
obvious). If it doesn't specify the mtl version i the .cabal
file and breaks with devel/hs-mtl installed, patch the .cabal
file.
I'll rebuild and check all the haskell junk on my machine and
will see what can be done to hs-* ports that don't build with
mtl-2 (devel/hs-mtl). If they can be fixed to work with mtl-2,
mtl-1 (in lang/ghc) will be removed.
What a mess!
Nettle is a cryptographic library that is designed to fit easily in more
or less any context: In crypto toolkits for object-oriented languages
(C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in
kernel space. In most contexts, you need more than the basic
cryptographic algorithms, you also need some way to keep track of
available algorithms, their properties and variants. You often have some
algorithm selection process, often dictated by a protocol you want to
implement.
<...>
ok jasper@ landry@
This Module helps LWP, Net::SMTP and Net::LDAP to be either SSL
aware at all or to offer way for proper certificate checking.
ok benoit@
tweaks Gleydson Soares
PERSEUS library is an open source technology whose aim is to secure any
kind of communication streams against illegitimate or abusive
eavesdropping except for Nation State Security offices, provided that a
suitable, huge computing power is used (from tens of hours with a
supercomputer).
ok jasper@
The clamav-unofficial-sigs script provides a simple way to
download, test, and update third-party signature databases
for ClamAV provided by Sanesecurity, SecuriteInfo, INetMsg,
OITC, MalwarePatrol, and ScamNailer.
The OATH Toolkit makes it easy to build one-time password authentication
systems. This package contains a shared library and a command line tool
for generating and validating OTPs.
Supported technologies include the event-based HOTP algorithm (RFC 4226)
and the time-based TOTP algorithm (draft-mraihi-totp-timebased-07).
OATH stands for Open AuTHentication, which is the organization that
specify the algorithms.
libdpam is a stipped down version of OpenPAM and serves as a
"wrapper" for bsd_auth(3), therefore using external modules
are not supported.
This port is not hooked up to the build yet.
Metasploit provides useful information and tools for penetration
testers, security researchers, and IDS signature developers. This
project was created to provide information on exploit techniques and to
create a functional knowledgebase for exploit developers and security
professionals. The tools and information on this site are provided for
legal security research and testing purposes only.
Subpackages:
mysql - mysql database backend.
postgresql - postgresql database backend.
help from nicm@, benoit@ and jeremy@
ok jasper@ and jeremy@ (of some earlier version)
Native TLS protocol implementation, focusing on purity and more
type-checking.
Currently implement the SSL3.0, TLS1.0 and TLS1.1 protocol. Not yet
properly secure and missing some features. Do not yet use as replacement
to more mature implementation.
Only RSA supported as Key exchange for now.
ok kili@
Certificates and Key reader/writer. At the moment only X509 certificate
and unencrypted private key are supported, but will include PGP
certificate and pkcs8 private keys.
ok kili@
Collection of crypto hashes, with a practical incremental and one-pass,
pure APIs, with performance close to the fastest implementations
available in others languages.
feedback and ok kili@
Generic interface for cryptographic operations, platform independent
quality RNG, property tests and known-answer tests (KATs) for common
algorithms, and a basic benchmark infrastructure. Maintainers of hash
and cipher implementations are encouraged to add instances for the
classes defined in Crypto.Classes. [..]
ok kili@
Previously, we were using ruby->=1.8,<=1.9, instead of
ruby->=1.8,<1.9. While this wouldn't cause an issue, since
our ruby-1.9.2 package isn't included in ruby->=1.8,<=1.9,
it's still wrong and should be fixed. This also fixes the
following minor issues:
Switch from using FLAVOR to MODRUBY_FLAVOR for *_DEPENDS.
Currently we don't have a ruby port that uses FLAVORs that
would differ from MODRUBY_FLAVOR, but it's possible we will
in the future.
Switch from BASE_PKGPATH to BUILD_PKGPATH in a few cases in
REGRESS_DEPENDS. This probably is not strictly necessary, but
BUILD_PKGPATH is used in more cases, so it is good for
consistency.
Switch to new style *_DEPENDS, with the version specification
at the end. The remaining cases where this is not done is
because a specific version is used.
Some FULLPKGNAME added to REGRESS_DEPENDS, to make sure that if
the old version is installed when you run a regress test, it
will install the new version first.
Some conversion of spaces to tabs for consistency.
OK landry@
threading implementation
- Backport a patch from upstream that allows using all the available
hash algorithms with scdaemon
- Fix license marker
- Fix wrong REGRESS_DEPENDS
- Swith to new-style LIB_DEPENDS/WANTLIB
- Adjust spacing
OK sthen@, pea@ (MAINTAINER)
PKG_ARCH = * removed from many ports as it is added automatically
for pure ruby gem ports. Switch ports that previously used
GEM_SKIPDEPENDS to adding dependencies or modifying the underlying
gem metadata with patches.
OK landry@
into MODRUBY_WANTLIB and using CONFIGURE_STYLE = ruby gem ext. Use the
lang/ruby module for all dependent ports, setting
MODRUBY_{BUILD,RUN}DEP=No if necessary.
ok landry, phessler, sthen
KeePassX is an application for people with extremly high demands on
secure personal data management. It has a light interface, is cross
platform and published under the terms of the GNU General Public
License.
KeePassX saves many different information e.g. user names, passwords,
URLs, attachments and comments in one single database. For a better
management user-defined titles and icons can be specified for each
single entry. Furthermore the entries are sorted in groups, which are
customizable as well. The integrated search function allows to search
in a single group or the complete database.
KeePassX offers a little utility for secure password generation. The
password generator is very customizable, fast and easy to use.
Especially someone who generates passwords frequently will appreciate
this feature.
The complete database is always encrypted either with AES (alias
Rijndael) or Twofish encryption algorithm using a 256 bit key.
Therefore the saved information can be considered as quite safe.
KeePassX uses a database format that is compatible with KeePass
Password Safe. This makes the use of that application even more
favourable.
ok landry@
GNU SASL is an implementation of the Simple Authentication and Security
Layer framework and a few common SASL mechanisms. SASL is used by
network servers (e.g., IMAP, SMTP) to request authentication from
clients, and in clients to authenticate against servers.
OK sthen@
All ruby .gem files are now hosted on rubygems.org in the same
directory. If the ruby gem CONFIGURE_STYLE is used, make the
default MASTER_SITES that directory.
There are still a few uses of MASTER_SITE_RUBYFORGE in the tree, for
some ports that aren't gems, or where the .gem file isn't hosted on
rubygems.org, or where the hashes don't match. Most of these will be
dealt with in the near future.
OK landry@
In the upgrade from ruby 1.8.6 to 1.8.7, the PLISTs changed
due to differences in how RDoc processes files.
This also has a number of changes to the regress tests to
work with the changes to devel/ruby-rake. It moves most of
the regress tests to use MODRUBY_REGRESS.
OK jcs@, landry@, jasper@, sthen@
This is the new generation of gksu, a simple utility to run programs as
root, even in X-based environments.
This version uses the new libgksu-polkit library, which uses PolicyKit
for authorization purposes and a D-Bus service to actually perform the
work.
ok jasper@
Jailkit is a set of utilities to limit user accounts to specific
files using chroot() and or specific commands. Setting up a chroot
shell, a shell limited to some specific command, or a daemon inside
a chroot jail is a lot easier and can be automated using these utilities.
After merging in what ajacoutot@ already had, and some final feedback from
him, OK ajacoutot@
gnoMint is a tool for an easy creation and management of Certification
Authorities. It allows a fancy visualization of all the pieces that
conform a CA: x509 certificates, CSRs, CRLs...
Currently, it allows the creation of CAs, CSRs and Certificates, and
export both public and private parts of them into PEM formatted files.
It manages the revocation of the created certificates, as well as the
creation of CRLs.
<...>
ok jasper@
create some depency mess.
The long term solution is to update+merge gnupg2 into gnupg1 but for now
at least we have a clean dependency chain.
looks ok to jasper@ and pea@
Makefile cleanup since then), feedback giovanni@
- better performance and reduced memory use
- various other fixes and minor enhancements
- new pdf parser
