12:31 wen 

- Remove the entry of pear-Crypt_HMAC

PR:             ports/140822
Submitted by:   wen@ (myself)
Approved by:    miwi@ (maintainer)

09:47 wen 

- Add entry for pear-Crypt_HMAC2

13:45 miwi 

All ports depending on the nettle library have been updated
to use nettle 2.0, and there is no longer any reason to keep
separate ports for nettle versions 1.x and 2.x.

PR:             139482 139484
Submitted by:   Charlie Kester <corky1951@comcast.net> (maintainer)

06:28 wen 

pecl-pam provides PAM (Pluggable Authentication Modules) integration.
PAM is a system of libraries that handle the authentication tasks of
applications and services. The library provides a stable API for
applications to defer to for authentication tasks.

WWW: http://pecl.php.net/package/PAM/

20:06 marcus 

Presenting GNOME 2.28.1 for FreeBSD.  The official release notes for this
release can be found at http://library.gnome.org/misc/release-notes/2.28/ .
Officially, this is mostly a polishing release in preparation for GNOME 3.0
due in about a year.

On the FreeBSD front, though, a lot went into this release.  Major thanks
goes to kwm and avl who did a lot of the porting work for this release.
In particular, kwm brought in Evolution MAPI support for better Microsoft
Exchange integration.  Avl made sure that the new gobject introspection
repository ports were nicely compartmentalized so that large dependencies
aren't brought in wholesale.

But, every GNOME team member (ahze, avl, bland, kwm, mezz, and myself)
contributed to this release.

Other major improvements include an updated HAL with better volume
probing code, ufsid integration, and support for volume names containing
spaces (big thanks to J.R. Oldroyd); a new WebKit; updated AbiWord;
an updated Gimp; and a preview of the new GNOME Shell project (thanks to
Pawel Worach).

The FreeBSD GNOME Team would like to that the following additional
contributors to this release whose patches and testing really helped
make it a success:

Andrius Morkunas
Dominique Goncalves
Eric L. Chen
J.R. Oldroyd
Joseph S. Atkinson
Li
Pawel Worach
Romain Tartière
Thomas Vogt
Yasuda Keisuke
Rui Paulo
Martin Wilke
(and an extra shout out to miwi and pav for pointyhat runs)

We would like to send this release out to Alexander Loginov (avl) in
hopes that he feels better soon.

PR:             136676
                136967
                138872 (obsolete with new epiphany-webkit)
                139160
                134737
                139941
                140097
                140838
                140929

15:21 tdb 

- Update f-prot to 6.2.1. Based on ports/132074.

PR:             ports/132074
Submitted by:   Cristiano Rolim Pereira <cristianorolim@hotmail.com>

11:43 miwi 

- Connect security/nettle2

Feature safe: yes

15:55 pav 

Net::Radius::Server provides an extensible framework to create RADIUS
servers suitable for non-standard scenarios where authentication
needs to consider multiple factors. The RADIUS responses may be
created by arbitrarily complex rules that process the request packet
as well as any external data accessible to Perl.

WWW:    http://search.cpan.org/dist/Net-Radius-Server/

PR:             ports/138164
Submitted by:   Gea-Suan Lin <gslin@gslin.org>
Feature safe:   yes

01:42 amdmi3 

Barnyard is a critical tool for the parsing of Snort's unified binary files,
processing and on-forwarding to a variety of output plugins. Unfortunately
it has not seen an updated in over 4 years and is not going to be maintained
by the original developers. With the new version of the unified format
(ie. unified2) arriving we need something to bridge this gap.

The SXL team love barnyard. So much so that we want it to stay and have been
tinkering around with the code to give it a breath of new life. Here is what
we have achieved to far for this reinvigorated code base:

    * Parsing of the new unified2 log files.
    * Maintaining majority of the command syntax of barnyard.
    * Addressed all associated bug reports and feature requests arising since
                barnyard-0.2.0.
    * Completely rewritten code based on the GPLv2 Snort making it entirely
                GPLv2.

This is an effort to fuse the awesome work of Snort and the original concept
of barnyard giving it a fresh update along the way. We've come a long way so
far and have a very stable build that we've integrated into our NSMnow
framework.  If you have any feature requests, bugs or gripes then send them
our way.

WWW: http://www.securixlive.com/barnyard2/

PR:             138326
Submitted by:   Paul Schmehl <pauls@utdallas.edu>

21:04 miwi 

The Python keyring lib provides an easy way to access the system keyring
service from Python. It can be used in any application that needs safe password
storage. It supports OSX, KDE, Gnome and Windows's native password storing
services. Besides this, it is shipped with kinds of Python implemented keyring
for the left environments.

WWW: http://pypi.python.org/pypi/keyring

PR:             ports/138513
Submitted by:   Douglas Thrift

23:37 cy 

Welcome the new krb5-17.

PR:             138246

19:54 miwi 

MailZu is a simple and intuitive web interface to manage Amavisd-new
quarantine. Users can view their own quarantine, release/delete messages
or request the release of messages. MailZu is written in PHP and requires
Amavisd-new version greater than 2.3.0.

WWW: http://sourceforge.net/projects/mailzu/

PR:             ports/137197
Submitted by:   Sahil Tandon <sahil at tandon.net>

13:20 erwin 

security/dns-proxy-tor
security/trans-proxy-tor: trans-proxy-tor is rendered obsolete by Tor\'s
TransPort option  (currently only available in tor-devel)

Approved by:    maintainer

17:54 miwi 

AuthCAS aims at providing a Perl API to Yale's Central Authentication
System (CAS). Only a basic Perl library is provided with CAS whereas
AuthCAS is a full object-oriented library.

WWW:    http://cpan.uwinnipeg.ca/dist/AuthCAS

PR:             ports/136956
Submitted by:   Frank Wall <fw at moov.de>

09:01 miwi 

2009-07-28 games/amy: mastersite disappeared, does not build on recent version
2009-07-28 security/hashish: "does not compile"
2009-07-19 security/smtpmap: depends on GCC 2.95 which has not been available
for 9+ months

18:31 shaun 

Remove this port, as its only mirror (operated by me) is about to be
vanish. The port is pretty useless anyway.

06:07 pgollucci 

LuaSec is a binding for OpenSSL library to provide TLS/SSL communication. This
version delegates to LuaSocket the TCP connection establishment between the
client and server. Then LuaSec uses this connection to start a secure TLS/SSL
session.

WWW: http://www.inf.puc-rio.br/~brunoos/luasec/

PR:             ports/136266
Submitted by:   Andrew Lewis <dru at silenceisdefeat.net>

20:56 nox 

This is a Linux Fedora 10 infrastructure port for...

The Cyrus SASL (Simple Authentication and Security Layer)

SASL is the Simple Authentication and Security Layer, a method
for adding authentication support to connection-based protocols.
To use SASL, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating
protection of subsequent protocol interactions. If its use is
negotiated, a security layer is inserted between the protocol
and the connection.

WWW: http://cyrusimap.web.cmu.edu/

Obtained from:  Peter Jeremy <peterjeremy@optushome.com.au>

08:27 makc 

Connect pinentry-qt4 to build

05:35 miwi 

Jifty::Plugin::OpenID is a perl module provides OpenID
authentication for your jifty app.

WWW:    http://search.cpan.org/dist/Jifty-Plugin-OpenID/

PR:             ports/135558
Submitted by:   Wen Heping <wenheping at gmail.com>

05:28 miwi 

ranpwd uses /dev/random or /dev/urandom to generate cryptographically secure
passwords.

Generated passwords may consist of any specified length and any combination of
upper- or lower-case alphanumeric characters or punctuation.  ranpwd can also
generate passwords consisting of hexadecimal, decimal, octal or binary numbers,
and format these as valid C constants for inclusion in source code.

WWW: http://freshmeat.net/projects/ranpwd

PR:             ports/135540
Submitted by:   corky1951 at comcast.net

21:46 miwi 

The netpgp command can digitally sign files and verify that the
signatures attached to files were signed by a given user identifier.
netpgp can also encrypt files using the public or private keys of
users and, in the same manner, decrypt files which were encrypted.

The netpgp utility can also be used to generate a new key-pair for a
user.  This key is in two parts, the public key (which can be used by
other people) and a private key.

In addition to these primary uses, the third way of using netpgp is to
maintain keyrings.  Keyrings are collections of public keys belonging
to other users.  By using other means of identification, it is
possible to establish the bona fides of other users.  Once trust has
been established, the public key of the other user will be signed.
The other user's public key can be added to our keyring.  The other
user will add our public key to their keyring.

WWW:    http://www.NetBSD.org/

PR:             ports/134997
Submitted by:   bapt <baptiste.daroussin at gmail.com>

22:48 miwi 

OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880,
1800, 2800, 3800, 7200 Series and Cisco 7301 Routers.

Like vpnc, OpenConnect is not officially supported by, or
associated in any way with, Cisco Systems. It just happens to
interoperate with their equipment.

WWW: http://www.infradead.org/openconnect.html

PR:             ports/135274
Submitted by:   Damian Gerow

17:26 bsam 

Here are new Linux Fedora 10 infrastructure ports.

Those ports are intended to be used with 8-CURRENT at least
with SVN r192206.

If you want to switch to linux-f10 ports, please define at /etc/make.conf:
  OVERRIDE_LINUX_BASE_PORT=f10
  OVERRIDE_LINUX_NONBASE_PORTS=f10

An upgrading procedure is shown at /usr/ports/UPDATING, entries 20090401
and 20070327.

For the first time all tested linux ports work as expected(!):
. acroread8;
. google-earth;
. skype;
. seamonkey.

Many thanks for kernel folks who really did the main work
(and I wrote only some lines of ports).

There is a good chance that those ports may become a default
for 8.0-RELEASE. Please, test and report back to emulation@ ML.

11:56 miwi 

The scrypt key derivation function was originally developed for use in
the Tarsnap online backup system and is designed to be far more secure
against hardware brute-force attacks than alternative functions such as
PBKDF2 or bcrypt.

WWW:   http://www.tarsnap.com/scrypt/

PR:             ports/134961
Submitted by:   Wen Heping <wenheping at gmail.com>

14:08 miwi 

Prelude is a new innovative hybrid Intrusion Detection system designed
to be very modular, distributed, rock solid and fast.

Prelude-PFlogger Listens at OpenBSD PF redirect logged packet, and
send alerts to the Prelude Manager.

WWW: http://www.prelude-ids.org/

PR:             ports/134746
Submitted by:   Anders Troback <freebsd at troback.com>

01:34 acm 

- New port: security/gambas2-gb-crypt

The gambas crypt encription component

17:51 glarkin 

This module comes with a set of methods to use with htaccess password
files. These files (and htaccess) are used to do Basic Authentication
on a web server.

The password file is a flat-file with login names and their associated
crypted password. You can use this for non-Apache files if you wish,
but it was written specifically for .htaccess style files.

WWW:    http://search.cpan.org/dist/Apache-Htpasswd/

23:21 miwi 

It will transparently hijack HTTP traffic on a network, watch for HTTPS links
and redirects, then map those links into either look-alike HTTP links or
homograph-similar HTTPS links. It also supports modes for supplying a
favicon which looks like a lock icon, selective logging, and session denial.

WWW:    http://www.thoughtcrime.org/software/sslstrip/

PR:             ports/134021
Submitted by:   Matt Donovan <kitchetech@gmail.com>

17:15 miwi 

py-pylibacl -- Manipulate the POSIX.1e Access Control Lists with python

WWW:    http://pylibacl.sourceforge.net/

PR:             ports/133846
Submitted by:   joris

13:20 wxs 

Download and install definition files for Clamav from the following sites:

sanesecurity.com
malware.com.br
msrbl.com
clamav.securiteinfo.com

WWW: https://sourceforge.net/projects/scamp/

PR:             ports/133248
Submitted by:   Gerard Seibert <gerard@seibercom.net>

17:47 lwhsu 

Add libssh 0.2, a library implementing the SSH1 and SSH2 protocol.

PR:             ports/133657
Submitted by:   Alexander Logvinov <ports at logvinov.com>

20:51 linimon 

Remove expired port security/cutlass: does not work with current version
of security/botan.

16:15 bsam 

Add linux-f8-nss 3.12.2, network Security Services (Linux Fedora 8).

16:09 bsam 

Add linux-f8-libssh2 0.18, the library implementing the SSH2 protocol
(Linux Fedora 8).

15:25 bsam 

Here are new Linux Fedora 8 infrastructure ports.

The recommended version of FreeBSD to use them is 8-CURRENT.
FreeBSD-7.x is not fully compatible with compat.linux.osrelease
2.6.16. Some syscalls cannot be MFCed due to native FreeBSD
ABI breakage.

Usage (and package building):
1. define compat.linux.osrelease=2.6.16;
2. add following variables to /etc/make.conf:
   . OVERRIDE_LINUX_BASE_PORT=f8;
   . OVERRIDE_LINUX_NONBASE_PORTS=f8.

Approved by:    bsam (me) ;-)

09:39 miwi 

Pairing-based cryptography is a relatively young area of cryptography
that revolves around a certain function with special properties.

The PBC (Pairing-Based Cryptography) library is a free C library
(released under the GNU Public License) built on the GMP library that
performs the mathematical operations underlying pairing-based
cryptosystems.

The PBC library is designed to be the backbone of implementations of
pairing-based cryptosystems, thus speed and portability are important
goals. It provides routines such as elliptic curve generation, elliptic
curve arithmetic and pairing computation. Thanks to the GMP library,
despite being written in C, pairings times are reasonable.

WWW:    http://crypto.stanford.edu/pbc/

PR:             ports/133172
Submitted by:   Wen Heping <wenheping at gmail.com>

12:01 makc 

connect qca-cyrus-sasl and qca-gnupg to build

00:31 wxs 

- Connect unhide to the build.

PR:             ports/132131
Submitted by:   Nikos Ntarmos <ntarmos@cs.uoi.gr>

07:45 miwi 

SSH key-based authentication is tried-and-true, but it lacks a true
Public Key Infrastructure for key certification, revocation and
expiration.  Monkeysphere is a framework that uses the OpenPGP web of
trust for these PKI functions.  It can be used in both directions: for
users to get validated host keys, and for hosts to authenticate users.

WWW: http://web.monkeysphere.info/

PR:             ports/128406
Submitted by:   Daniel Kahn Gillmor <dkg at fifthhorseman.net>

23:31 miwi 

- Connect security/py-pyclamd to the build

23:36 gabor 

HotSSH is an interface to Secure Shell, for GNOME and OpenSSH. It
intends to be a better experience than simply invoking "ssh" from an
existing terminal window.

   * Fast search-based interface for new connections
   * Also display and search of local (Avahi) SSH servers
   * Tabbed display with automatic session saving (Firefox style)
   * Status bar with information like latency to server and output of
     remote uptime
   * Close integration with OpenSSH features like connection sharing
     (near-instant new tabs)
   * NetworkManager integration to easily reconnect after a network
     change, great for laptops

WWW:    http://projects.gnome.org/hotssh/

PR:             ports/131133
Submitted by:   Ashish Shukla <wahjava at gmail.com>

11:27 miwi 

The OpenPGP SDK project provides an open source library, written in C,
which implements the OpenPGP specification.

WWW:    http://openpgp.nominet.org.uk/

21:25 miwi 

py-PF is a pure-Python module for managing OpenBSD's Packet Filter. It aims
to combine the flexibility of PF's C API and the power of Python, making it
easier to manage PF data and to integrate firewalling capabilities in more
complex applications.

WWW:    http://www.kernel-panic.it/software/py-pf/

PR:             ports/131463
Submitted by:   Sofian Brabez <sbrabez at gmail.com>

16:52 miwi 

The Nmap::Parser library provides a Ruby interface to
Nmap's scan data.  It can run Nmap and parse its XML
output directly from the scan, parse a file containing
the XML data from a separate scan, parse a String of
XML data from a scan, or parse XML data from an object
via its read() method.  This information is presented
in an easy-to-use and intuitive fashion for storage
and manipulation.

WWW: http://rubynmap.sourceforge.net/

PR:             ports/131516
Submitted by:   Daniel Roethlisberger <daniel at roe.ch>

12:46 gabor 

Crypt::Juniper - Encrypt/decrypt Juniper $9$ secrets

WWW:    http://search.cpan.org/dist/Crypt-Juniper/

PR:             ports/131126
Submitted by:   Tsung-Han Yeh <snowfly at yuntech.edu.tw>

12:45 gabor 

The Mcrypt modules provides and simple and inuitive perl abstraction of the
libmcrypt cryptography library.  It provide mechanisms for encoding and
decoding perl scalars.

WWW: http://search.cpan.org/dist/Mcrypt/

PR:             ports/131051
Submitted by:   Tatsuki Makino <tatsuki_makino@hotmail.com>

22:38 miwi 

2009-01-19 games/emacs-chess: has been broken for more than 6 months
2009-02-01 devel/subversion-devel: Use devel/subversion or
devel/subversion-freebsd instead of this port
2009-01-19 devel/hs-hat: has been broken for more than 6 months
2009-01-19 devel/hs-hpl: has been broken for more than 6 months
2009-01-19 databases/mysqlbigram: has been broken for more than 6 months
2009-01-19 mail/claws-mail-clamav: has been broken for more than 6 months
2009-01-19 mail/sylpheed2-devel: has been broken for more than 6 months
2009-01-19 www/pecl-mnogosearch: has been broken for more than 6 months
2009-01-31 x11-fonts/mathfonts: This port was supported by Mozilla 1.8
(including Firefox 2.0) - to be replaced by  STIX fonts for Firefox 3.x
2009-01-19 x11-wm/fluxspace: has been broken for more than 6 months
2009-01-31 x11-wm/expocity: project has been abandoned
2009-01-19 x11/bbuname: has been broken for more than 6 months
2009-01-19 security/squidclam: has been broken for more than 6 months
2009-01-19 print/virtualpaper: depends on broken, expired port
2009-01-19 print/ifhp: has been broken for more than 6 months
2009-01-19 net-p2p/peercast: has been forbidden for more than 6 months
2009-01-19 palm/pdbc: has been broken for more than 6 months
2009-01-19 net-mgmt/NeTraMet: has been broken for more than 6 months
2009-01-19 net-im/sulci: has been broken for more than 6 months
2009-01-19 multimedia/mjpegtools-yuvfilters: has been broken for more than 6
months
2009-01-19 multimedia/helixplayer: has been broken for more than 6 months
2009-01-19 lang/quack: has been broken for more than 6 months
2009-01-19 misc/pybliographer: has been broken for more than 6 months
2009-01-19 net/versuch: has been broken for more than 6 months
2009-01-19 net/py-mantissa: has been broken for more than 6 months
2009-01-19 net/libunpipc: has been broken for more than 6 months
2009-01-19 net/gnometelnet: has been broken for more than 6 months
2009-01-19 net/gacxtool: depends on expired, broken port
2009-01-19 devel/py-coro: has been broken for more than 6 months
2009-01-19 chinese/stardict2-dict-zh_TW: has been broken for more than 6 months
2009-01-19 x11-themes/gtk-industrial-theme: has been broken for more than 6
months

23:47 pgj 

This package provides efficient cryptographic hash implementations for
strict and lazy bytestrings for the functional programming language
Haskell.

WWW: http://hackage.haskell.org/cgi-bin/hackage-scripts/package/digest

Reviewed by:    gabor
Approved by:    tabthorpe

16:06 cy 

Add sudosh2.

18:22 pgollucci 

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log
and bans IP that makes too many password failures. It updates
firewall rules to reject the IP address.

WWW: http://www.fail2ban.org/wiki/index.php/Main_Page

05:22 marcus 

Presenting GNOME 2.24 for FreeBSD.

See http://library.gnome.org/misc/release-notes/2.24/ for the general
release notes.  On the FreeBSD front, this release introduces Fuse support
in HAL, adds multi-CPU support to libgtop, WebKit updates, and fixes some
long-standing seahorse and gnome-keyring bugs.  The documentation updates
to the website are forthcoming.

This release features commits by adamw, ahze, kwm, mezz, and myself.  It would
not have been possible without are contributors and testers:

Alexander Loginov
Craig Butler [1]
Dmitry Marakasov [6]
Eric L. Chen
Joseph S. Atkinson
Kris Moore
Lapo Luchini [7]
Nikos Ntarmos
Pawel Worach
Romain Tartiere
TAOKA Fumiyoshi [3]
Yasuda Keisuke
Zyl
aZ [4]
bf [2] [5]
Florent Thoumie
Peter Wemm
pluknet

PR:             125857 [1]
                126993 [2]
                130031 [3]
                127399 [4]
                127661 [5]
                124302 [6]
                129570 [7]
                129936
                123790

16:35 dinoex 

- disconnect openssl-beta

07:21 novel 

Re-add gnutls-devel port at version 2.7.4.

13:49 dinoex 

- disconnect openssl-stable

11:27 johans 

PyMe is a Python interface to GPGME library.

PyMe's development model is GPGME + Python + SWIG (just like m2crypto is
an OpenSSL + Python + SWIG) combination which means that most of the
functions and types are converted from C into Python automatically by SWIG.
In short, to be able to use PyMe you need to be familiar with GPGME.

WWW:    http://pyme.sourceforge.net/

09:05 ale 

Remove pecl-filter in favour of php5-filter.

Approved by:    maintainer

09:01 ale 

Add php5 filter extension.

08:58 ale 

Add php5 hash extension.

15:57 miwi 

- Connect security/opensaml2

00:20 amdmi3 

Lynis is an auditing tool for Unix (specialists). It scans the
system and available software, to detect security issues. Beside
security related information it will also scan for general system
information, installed packages and configuration mistakes.

This software aims in assisting automated auditing, software patch
management, vulnerability and malware scanning of Unix based systems.
It can be run without prior installation, so inclusion on read only
storage is no problem (USB stick, cd/dvd).

WWW: http://www.rootkit.nl/projects/lynis.html
Author: Michael Boelen

PR:             128909
Submitted by:   Cory McIntire <loon at noncensored dot com>

01:09 cy 

Retire fwbuilder and libfwbuilder version 2. They are no longer supported
by their developer.

16:08 araujo 

- libpwstor is a library implementing a password storage format
for C programmers.  This format provides a reasonable level of
security by utilizing SHA-256 in addition to a random salt to
mitigate dictionary and rainbow table attacks.

WWW: http://sourceforge.net/projects/kageki

PR:             ports/128328
Submitted by:   Matt D. Harris <mattdharris@users.sourceforge.net>
Reworked by:    myself

21:43 miwi 

Tuntun is an applet for Gnome panel that manage a list of vpn connections
through the OpenVPN Management Interface.

Main features

 * Simple & lightweight just a client GUI to start/stop your OpenVPN tunnels
   and nothing more
 * Integrated with the Gnome Desktop (support for the Keyring and notification
   daemon)
 * Support for Auth and Private-Key OpenVPN authentication methods

 WWW:   http://code.google.com/p/tuntun/

PR:             ports/128097
Submitted by:   Anderson S. Ferreira <anderson at cnpm.embrapa.br>

14:09 roam 

Initial import of paperkey-0.8, a simple tool for extracting the truly
secret parts of a PGP secret key for backup purposes.

Obtained from:  http://www.jabberwocky.com/software/paperkey/
Author:         David Shaw <dshaw@jabberwocky.com>

14:03 ehaupt 

Add op 1.32, controlled privilege escalation tool

08:09 miwi 

HTML_Crypt provides methods to encrypt text, which can be later be decrypted
using JavaScript on the client side.

This is very useful to prevent spam robots collecting email addresses from your
site, included is a method to add mailto links to the text being generated.

WWW:    http://pear.php.net/package/HTML_Crypt

08:08 miwi 

This package allows you to encrypt and decrypt strings or long integer arrays
with the XXTEA encryption algorithm, which is secure, fast and suitable for web
development.

WWW:    http://pear.php.net/package/Crypt_XXTEA

08:07 miwi 

Provides methods needed to generate and verify MicroIDs.

WWW:    http://pear.php.net/package/Crypt_MicroID/

14:23 miwi 

pycryptopp is a set of Python wrappers for a few of
the best crypto algorithms from the Crypto++ library.

WWW:   http://allmydata.org/trac/pycryptopp

PR:             ports/126977
Submitted by:   Wen Heping <wenheping at gmail.com>

23:03 jmelo 

- Add entry for security/snortsam.

21:32 cy 

Welcome fwbuilder and libfwbuilder 3.0.0, replacing 2.1.19. The old version
is deprecated and scheduled for deletion as it is no longer supported by its
author.

07:26 miwi 

This is a Camellia package for Ruby. Camellia engine is implemented in "C".
Supported key length : 128bit/192bit/256bit
Supported modes of operation : ECB/CFB/CBC

WWW:    http://info.isl.ntt.co.jp/crypt/eng/camellia/index.html

PR:             ports/126390
Submitted by:   Yoshisato YANAGISAWA <osho at pcc-software.org>

07:53 marcus 

Add pam_helper, a small utility which allows non-PAM or non-setuid
applications to make use of PAM's authentication services.

10:17 danfe 

Switzerland is a tool for testing networks, ISPs, and firewalls developed
by the Electronic Frontier Foundation (www.eff.org).

WWW: http://www.eff.org/testyourisp/switzerland

00:12 miwi 

Taking a hint from the similarly-named Java Cryptography Architecture,
QCA aims to provide a straightforward and cross-platform crypto
API, using Qt datatypes and conventions. QCA separates the API from
the implementation, using plugins known as Providers. The advantage
of this model is to allow applications to avoid linking to or
explicitly depending on any particular cryptographic library. This
allows one to easily change or upgrade crypto implementations
without even needing to recompile the application. QCA should work
everywhere Qt does, including Windows/Unix/MacOSX.

Capabilities:
TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0,
SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160,
Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5,
RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)

WWW: http://delta.affinix.com/qca/

13:54 lwhsu 

Add sshguard-ipfilter, protect hosts from brute force attacks against
ssh and other services using ipfilter.

PR:             ports/125975
Submitted by:   Mij <mij at bitchx.it>

03:19 beech 

ssl-admin was designed to create a user-friendly, menu-driven interface
to the OpenSSL programs.

ssl-admin will help you do the following tasks with SSL certificates:
  * Create your own CA certificate.
  * Create new Certificate Signing Requests
  * Sign existing Certificate Signing Requests
  * Manage Certificate Revokation Lists
  * Export configurations and certificates for OpenVPN.

PR:             ports/125875
Submitted by:   Eric Crist <ecrist at secure-computing.net>

13:20 wxs 

New port: FlowTag is a GUI interface for exploring the TCP flows in a
PCAP file.  It's strengths lie in:

   * rapid reconstruction of flows (via indexing),
   * visual selection of source IP and destination TCP ports;
   * filtering by time, packet count, and/or byte count
   * tagging flows with keywords

PR:             ports/125624
Submitted by:   Lee Hinman <lee@writequit.org>

04:27 beech 

- New port p5-Crypt-OpenSSL-AES-0.02

The Crypt::OpenSSL::AES module implements a wrapper around
OpenSSL's AES (Rijndael) library.

PR:             ports/125387
Submitted by:   John Ferrell <jdferrell3 at yahoo.com>

21:35 pav 

Ratproxy is a semi-automated, largely passive web application security audit
tool. It is meant to complement active crawlers and manual proxies more
commonly used for this task, and is optimized specifically for an accurate and
sensitive detection, and automatic annotation, of potential problems and
security-relevant design patterns based on the observation of existing,
user-initiated traffic in complex web 2.0 environments.

WWW: http://code.google.com/p/ratproxy/

PR:             ports/125249
Submitted by:   Steven Kreuzer <skreuzer@exit2shell.com>

23:06 araujo 

Net::SSH::Gateway is a library for programmatically tunneling connections to
servers via a single "gateway" host. It is useful for establishing Net::SSH
connections to servers behind firewalls, but can also be used to forward ports
and establish connections of other types, like HTTP, to servers with i
restricted access.

* Easily manage forwarded ports
* Establish Net::SSH connections through firewalls

WWW: http://net-ssh.rubyforge.org/gateway

PR:             ports/125053
Submitted by:   Philip M. Gollucci <pgollucci@p6m7g8.com>

23:03 araujo 

Net::SCP is a pure-Ruby implementation of the SCP protocol. This operates over
SSH (and requires the Net::SSH library), and allows files and directory trees
to copied to and from a remote server.

* Transfer files or entire directory trees to or from a remote host via SCP
* Can preserve file attributes across transfers
* Can download files in-memory, or direct-to-disk
* Support for SCP URI's, and OpenURI

WWW: http://net-ssh.rubyforge.org/scp

PR:             ports/125052
Submitted by:   Philip M. Gollucci <pgollucci@p6m7g8.com>

16:48 simon 

Retire the ca-roots ports, which expired long ago.

The port is deprecated since it is not supported by the FreeBSD
Security Officer anymore.  The reason for this is that the ca-roots
port makes promises with regard to CA verification which the current
Security Officer (and deputy) do not want to make.

For people who need a general root certificate list see the
security/ca_root_ns, but note that the difference in guarantees with
regard to which CAs are included in ca_root_ns vs. ca-roots.  The
ca_root_ns port basically makes no guarantees other than that the
certificates comes from the Mozilla project.

Note that the ca-roots MOVED file entry on purpose does not point at
ca_root_ns due to the change in CA guarantees.

With hat:       security-officer

06:31 linimon 

s/pear-Auth_OpenID2/php-Auth_OpenID2/ to go with what was actually
repocopied.

Reported by:    portsmon

13:04 edwin 

[repocopy] security/php-Auth_OpenID -> security/php-Auth_OpenID2

        Now supporting OpenID protocol version 2

PR:             ports/124737
Submitted by:   Edwin Groothuis <edwin@mavetju.org>

17:34 novel 

Remove security/gnutls-devel for a time while the experimental branch
is not active.

23:15 pav 

- Delete expired security/amavisd port: depends on misc/compat3x, which has
  security problems; old version

21:00 pav 

- Expired: No longer supported. Use p5-openxpki-client-html-mason instead

19:01 pav 

Delete security/cyrus-sasl, it has been expired for a year and a half.

03:43 edwin 

New port: security/fwknop fwknop,"FireWall KNock OPerator", implements
Single Packet Authorization (SPA).

        fwknop stands for the "FireWall KNock OPerator", and
        implements an authorization scheme called Single Packet
        Authorization (SPA). This method of authorization is based
        around a default-drop packet filter (fwknop supports both
        iptables on Linux systems and ipfw on FreeBSD and Mac OS X
        systems) and libpcap.

        SPA requires only a single encrypted packet in order to
        communicate various pieces of information including desired
        access through an iptables policy and/or complete commands
        to execute on the target system. By using iptables to
        maintain a "default drop" stance, the main application of
        this program is to protect services such as OpenSSH with
        an additional layer of security in order to make the
        exploitation of vulnerabilities (both 0-day and unpatched
        code) much more difficult. With fwknop deployed, anyone
        using nmap to look for sshd can't even tell that it is
        listening; it makes no difference if they have a 0-day
        exploit or not. The authorization server passively monitors
        authorization packets via libcap and hence there is no
        "server" to which to connect in the traditional sense.
        Access to a protected service is only granted after a valid
        encrypted and non-replayed packet is monitored from an
        fwknop client (see the following network diagram; the SSH
        session can only take place after the SPA packet is monitored):

PR:             ports/118229
Submitted by:   Sean Greven <sean.greven@gmail.com>

19:40 jadawin 

SpyBye is a tool to help web masters determine if their web pages
are hosting browser exploits that can infect visiting users with
malware. It functions as an HTTP proxy server and intercepts all
browser requests. SpyBye uses a few simple rules to determine if
embedded links on your web page are harmlesss, unknown or maybe
even dangerous.

SpyBye analyzes all downloads in the background and provides you
with a warning notification whenever it encounters content that
is potentially malicious. At that point, you can click on the link
in the notification and receive a more detailed analysis of the web page.

WWW: http://www.spybye.org/

PR:             ports/123945
Submitted by:   Paul Schmel <pauls utdallas.edu>
Approved by:    tabthorpe (mentor)

13:19 edwin 

[NEW PORT] security/openvas-server: A security scanner: a fork of Nessus

        OpenVAS stands for Open Vulnerability Assessment System and
        is a network security scanner with associated tools like a
        graphical user fontend. The core is a server component with
        a set of network vulnerability tests (NVTs) to detect
        security problems in remote systems and applications.

        WWW: http://www.openvas.org/

PR:             ports/123128
Submitted by:   Tomoyuki Sakurai <cherry@trombik.org>

13:17 edwin 

[NEW PORT] security/openvas-plugins: Plugins for OpenVAS

        OpenVAS stands for Open Vulnerability Assessment System and
        is a network security scanner with associated tools like a
        graphical user fontend. The core is a server component with
        a set of network vulnerability tests (NVTs) to detect
        security problems in remote systems and applications.

        WWW: http://www.openvas.org/

PR:             ports/123130
Submitted by:   Tomoyuki Sakurai <cherry@trombik.org>

13:15 edwin 

[NEW PORT] security/openvas-libraries: Libraries for OpenVAS

        OpenVAS stands for Open Vulnerability Assessment System and
        is a network security scanner with associated tools like a
        graphical user fontend. The core is a server component with
        a set of network vulnerability tests (NVTs) to detect
        security problems in remote systems and applications.

        WWW: http://www.openvas.org/

PR:             ports/123127
Submitted by:   Tomoyuki Sakurai <cherry@trombik.org>

13:14 edwin 

[NEW PORT] security/openvas-libnasl: NASL libraries for OpenVAS

        OpenVAS stands for Open Vulnerability Assessment System and
        is a network security scanner with associated tools like a
        graphical user fontend. The core is a server component with
        a set of network vulnerability tests (NVTs) to detect
        security problems in remote systems and applications.

        WWW: http://www.openvas.org/

PR:             ports/123129
Submitted by:   Tomoyuki Sakurai <cherry@trombik.org>

13:12 edwin 

[NEW PORT] security/openvas-client: A GUI client for OpenVAS

        OpenVAS stands for Open Vulnerability Assessment System and
        is a network security scanner with associated tools like a
        graphical user fontend. The core is a server component with
        a set of network vulnerability tests (NVTs) to detect
        security problems in remote systems and applications.

        WWW: http://www.openvas.org/

PR:             ports/123131
Submitted by:   Tomoyuki Sakurai <cherry@trombik.org>

02:49 lippe 

SquidClamAV is an interface to perform antivirus checks on data passing through
Squid Proxy.

WWW: http://www.samse.fr/GPL/squidclamav/

PR:             ports/119236
Submitted by:   Laurent LEVIER <llevier@argosnet.com>
Approved by:    araujo (mentor)

21:01 brix 

This is the base class for a system of objects that encapsulate
passphrases.  An object of this type is a passphrase recogniser: its
job is to recognise whether an offered passphrase is the right one.
For security, such passphrase recognisers usually do not themselves
know the passphrase they are looking for; they can merely recognise it
when they see it.  There are many schemes in use to achieve this
effect, and the intent of this class is to provide a consistent
interface to them all, hiding the details.

The CPAN package Authen::Passphrase contains implementations of
several specific passphrase schemes in addition to the base class.

WWW: http://search.cpan.org/dist/Authen-Passphrase/

Approved by:    erwin (mentor)

20:59 brix 

Perl XS interface for a portable traditional crypt function.

WWW: http://search.cpan.org/dist/Crypt/UnixCrypt_XS/

Approved by:    erwin (mentor)