MODJAVA_VER to 1.8; feedback/ok ian@
While here:
* Add a reminder about checking if future updates will work with jdk 11
(text borrowed from sthen@)
* Switch to the new PERMIT_* markers (thanks to naddy@ for confirming that
this is the right way to do this)
* Change the HOMEPAGE to use https
Added cmake checks for malloc.h and malloc_usable_size(3). Include maloc.h only
if it exists. Fallback to stdlib.h and use malloc_usable_size(3) only if there
is one.
Thanks sthen@ and jca@ for lot of feedback, help and patience,
Tested and ok thfr@, ok jca@
Follow the upstream recommendations for packagers and switch to
multi-packages:
devel/gettext -> devel/gettext,-runtime
devel/gettext-tools -> devel/gettext,-tools
(new) devel/gettext,-textstyle
lang/python port module. I've not yet come up with a port that
would not need this and one can always set MODPY_TESTDEP to "no"
to prevent the module from touching TEST_DEPENDS.
Idea from afresh1 who pointed out the cpan module already does this.
aja "I support this move."
OK sthen@
Pwntools is a CTF framework and exploit development library. Written in
Python, it is designed for rapid prototyping and development, and
intended to make exploit writing as simple as possible.
NB: Only the 'pwn' script has been installed, all other end-user scripts
are available through 'pwn', e.g. 'pwn checksec'.
OK aja@
like the rest of the ports tree. This also allows removing a bunch of
manual setting of PATH="${PORTPATH}" HOME="${PORTHOME}" done in various
ports etc. This also makes sure CFLAGS is passed through (not everything
honours it but it does improve at least some ports).
Remove NO_CCACHE from www/honk that was added because the above problem
resulted in ccache variables not being passed through correctly breaking
the cc calls in this.
ok kmos@
Use ports-gcc on !clang archs, because suricata needs thread local storage.
While here, make spacing consistent in the Makefile.
Tested on macppc with gcc-4.9 and gcc-8.3.
ok jasper@ (maintainer)
Reaver implements a brute force attack against Wifi Protected Setup
(WPS) registrar PINs in order to recover WPA/WPA2 passphrases, as
described in Brute forcing Wi-Fi Protected Setup When poor design meets
poor implementation. by Stefan Viehboeck. Reaver has been designed to
be a robust and practical attack against Wi-Fi Protected Setup (WPS)
registrar PINs in order to recover WPA/WPA2 passphrases and has been
tested against a wide variety of access points and WPS implementations.
Depending on the target's Access Point (AP), to recover the plain text
WPA/WPA2 passphrase the average amount of time for the transitional
online brute force method is between 4-10 hours. In practice, it will
generally take half this time to guess the correct WPS pin and recover
the passphrase. When using the offline attack, if the AP is vulnerable,
it may take only a matter of seconds to minutes.
feedback and OK already some time ago sthen@, gonzalo@
Pixiewps is a tool written in C used to bruteforce offline the WPS PIN
exploiting the low or non-existing entropy of some software
implementations, the so-called "pixie-dust attack" discovered by
Dominique Bongard in summer 2014. It is meant for educational purposes
only.
As opposed to the traditional online brute-force attack, implemented in
tools like Reaver or Bully which aim to recover the pin in a few hours,
this method can get the PIN in only a matter of seconds or minutes,
depending on the target, if vulnerable.
feedback and OK already a while ago sthen@, gonzalo@
Remove the symbol renaming workaround. Use version scripts as done on
Linux and FreeBSD to hide internal symbols (eg HMAC_Update) that
conflict with libcrypto.
Tested in a bul by ajacoutot@, ok sthen@ naddy@, no objection landry@
(maintainer)
NSS has a number of internal functions (used inter-library between NSS's
various libraries, not exported in the public API) that conflict with
libcrypto:
HMAC_Init, HMAC_Update, MD5_Update, SHA1_Update, SHA224_Update,
SHA256_Update, SHA384_Update, SHA512_Update.
We were already renaming (via #define macro) SHA1_Update and HMAC_Update
but some programs use others - notably libreoffice, which uses HMAC_Init and
HMAC_Update when saving encrypted .od* files - as robert@ tracked down, the
NSS version was being called instead of the expected libcrypto one.
Fix by renaming the remaining conflicting functions the same way.
Files are created as root, user _suricata cannot open them. Use
filemode 664 in the default config where possible. Use syslog for
general logging. Fix possible NULL dereference found by Emmanuel
Roullit.
OK sthen@ gonzalo@
WES-NG is a tool based on the output of Windows 'systeminfo' utility
which provides the list of vulnerabilities the OS is vulnerable to,
including any exploits for these vulnerabilities.
ok sthen@
This tool lets you search your gadgets on your binaries to facilitate your ROP
exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM,
ARM64, PowerPC, SPARC and MIPS architectures.
initial port by and OK rpointel@
lang/python/python.port.mk revision 1.102 and 1.103 added
MODPY_TEST_LOCALE and MODPY_PYTEST respectively, nicely wrapping up the
usual pytest dance.
This removes hand-rolled do-tests from all 70 ports by setting
MODPY_PYTEST=Yes and MODPY_TEST_LOCALE as well as HOME=${WRKDIR} to TESTENV
as needed.
From Kurt Mosiejczuk <kurt at cranky dot work>, thanks!
OK sthen
environment, which will reduce complexity in java.port.mk when jdk 11 is
added. direction agreed with kurt@.
- switch all MODJAVA_VER to at least 1.8 (we don't currently have any
version earlier than this anyway).
- drop MODJAVA_JRERUN, the separate jre package will be going away with
jdk 11.
- bump changed ports
that an attacker who replaces a library with a trojaned one doesn't notice
that aide is installed) but, as far as this port goes, nobody has bumped
it when dependencies have had security fixes, so we're better off with
dynamic.
