16:37 erwin 

The Crypt::SaltedHash module provides an object oriented interface to create
salted (or seeded) hashes of clear text data. The original formalization of
this concept comes from RFC-3112 and is extended by the use of different
digital agorithms.

WWW: http://search.cpan.org/dist/Crypt-SaltedHash

PR:             ports/90698
Submitted by:   Gabor Kovesdan

16:35 erwin 

Shark is 64-bit block cipher that accepts a 128-bit key. It was
designed by Vincent Rijmen, Joan Daemen, Bart Preneel, Antoon
Bosselaers, and Erik De Win.

WWW: http://search.cpan.org/dist/Crypt-Shark

PR:             ports/90699
Submitted by:   Gabor Kovesdan

16:31 erwin 

The single exported subroutine in this module is for generating a salt
suitable for being fed to crypt() and other similar functions.

WWW: http://search.cpan.org/dist/Crypt-Salt

PR:             ports/90696
Submitted by:   Gabor Kovesdan

15:40 erwin 

This module contains a simple S/Key calculator (as described in RFC
1760) implemented in Perl. It exports the function `key' by default, and
may optionally export the function `compute'.
`compute_md4', `compute_md5', `key_md4', and `key_md5' are provided as
convenience functions for selecting either MD4 or MD5 hashes. The
default is MD4; this may be changed with with the `$Crypt::SKey::HASH'
variable, assigning it the value of `MD4' or `MD5'. You can access any
of these functions by exporting them in the same manner as `compute' in
the above example.
Most S/Key systems use MD4 hashing, but a few (notably OPIE) use MD5.

WWW: http://search.cpan.org/dist/Crypt-SKey

PR:             ports/90695
Submitted by:   Gabor Kovesdan

15:39 erwin 

Loki97 is 128-bit block cipher that accepts a variable-length key. It was
designed by Lawrie Brown, Josef Pieprzyk, and Jennifer Seberry. The default
key length in this implementation is 128 bits. Loki97 was one of the 15
candidates for the AES.

WWW: http://search.cpan.org/dist/Crypt-Loki97

PR:             ports/90694
Submitted by:   Gabor Kovesdan

15:37 erwin 

Crypt::License decodes an encrypted file and attempts to decrypt it by first,
looking for a hash pointer in the caller program called $ptr2_License. The
hash contains the path to the License file and an optional 'private' key list
of modules which will decrypt only with the 'private' key. OR, a hash key of
'next' with no particular value that indicates to look to the next caller on
the stack for the License pointer. If the pointer is not present or the
License file is not found successfully, then no further action is taken. If the
License file is successfully opened, and the contents validated then the
attached encrypted module is loaded and the seconds remaining until License
expiration are returned or now() in the case of no expiration. Undef is
returned for an expired license (module fails to load).

WWW: http://search.cpan.org/dist/Crypt-License

PR:             ports/90693
Submitted by:   Gabor Kovesdan

15:30 erwin 

Khazad is a 128-bit key, 64-bit block cipher. Designed by Vincent Rijmen and
Paulo S. L. M. Barreto, Khazad is a NESSIE finalist for legacy-level block
ciphers. Khazad has many similarities with Rijndael, and has an extremely
high rate of diffusion.

WWW: http://search.cpan.org/dist/Crypt-Khazad

PR:             ports/90692
Submitted by:   Gabor Kovesdan

08:35 erwin 

This module is a complete working Perl implementation of the Enigma Machine
used during World War II. The cipher calculations are based on actual Enigma
values and the resulting ciphered values are as would be expected from an
Enigma Machine.
The implementation allows for all of the Rotors and Reflectors available to the
real world Enigma to be used. A Steckerboard has also been implemented,
allowing letter substitutions to be made.

WWW: http://search.cpan.org/dist/Crypt-Enigma

PR:             ports/90683
Submitted by:   Gabor Kovesdan

20:47 edwin 

[new port] security/chroot_safe

        chroot_safe, a tool to chroot any application in a sane
        manner without requring binaries, shared libraries etc
        within the chroot or any support from the application. Works
        with any dynamically linked application.

        WWW: http://sourceforge.net/projects/chrootsafe

PR:             ports/90341
Submitted by:   Gabor Kovesdan <gabor.kovesdan@t-hosting.hu>

15:51 erwin 

This package is used to encrypt and decrypt passwords generated by IMail.
See: http://www.ipswitch.com/products/imail_server/

WWW: http://search.cpan.org/dist/Crypt-Imail

PR:             ports/90686
Submitted by:   Gabor Kovesdan

15:51 erwin 

Crypt::GOST_PP is a pure perl implementation of GOST, a 64-bit
symmetrical block cipher with a 256-bit key from the former Soviet
Union. Please read the Pod documentation contained in the module
itself for additional information, including the rationale behind
the writing of this module.

WWW: http://search.cpan.org/dist/Crypt-GOST_PP

PR:             ports/90685
Submitted by:   Gabor Kovesdan

15:50 erwin 

GOST 28147-89 is a 64-bit symmetric block cipher with a 256-bit
key developed in the former Soviet Union. Some information on it
is available at http://vipul.net/gost/ .
This module implements GOST encryption. It supports the Crypt::CBC
interface, with the functions described below. It also provides
an interface that is backwards- compatible with Crypt::GOST 0.41,
but its use in new code is discouraged.

WWW: http://search.cpan.org/dist/Crypt-GOST

PR:             ports/90684
Submitted by:   Gabor Kovesdan

14:49 erwin 

The Data Encryption Standard (DES), also known as Data
Encryption Algorithm (DEA) is a semi-strong encryption and
decryption algorithm.
The module is 100 % compatible to Crypt::DES but is implemented
entirely in Perl. That means that you do not need a C compiler
to build and install this extension.

WWW: http://search.cpan.org/dist/Crypt-DES_PP

PR:             ports/90682
Submitted by:   Gabor Kovesdan

14:42 erwin 

The Chimera key exchange protocol generates a shared key between two parties.
The protocol was shown to be INSECURE. This module is therefore released for
purely academic curiosity.

WWW: http://search.cpan.org/dist/Crypt-Chimera

PR:             ports/90681
Submitted by:   Gabor Kovesdan

09:51 anray 

Added p5-Crypto-MySQL, perl extension to compare MySQL passwords without
libmysqlclient.

PR:             ports/90590
Submitted by:   Gabor Kovesdan <gkovesdan@t-hosting.hu>
Approved by:    sem(mentor)

09:35 anray 

Added p5-Crypt-HCE_MD5, perl extension implementing one way hash chaining
encryption using MD5.

PR:             ports/90589
Submitted by:   Gabor Kovesdan <gkovesdan@t-hosting.hu>
Approved by:    sem(mentor)

09:16 anray 

Added p5-Crypt-HCE_MD5, perl extension implementing one way hash chaining
encryption using MD5.

PR:             ports/90589
Submitted by:   Gabor Kovesdan <gkovesdan@t-hosting.hu>
Approved by:    sem(mentor)

22:13 erwin 

Rabbit is a new stream cipher based on the properties of counter assisted
stream ciphers, invented by Martin Boesgaard, Mette Vesterager,
Thomas Pedersen, Jesper Christiansen, and Ove Scavenius of Cryptico A/S.

WWW: http://search.cpan.org/dist/Crypt-Rabbit

PR:             ports/90615
Submitted by:   Gabor Kovesdan

22:06 erwin 

Sometimes it's necessary to protect some certain data against plain reading
or you intend to send information through the Internet. Another reason might
be to assure users cannot modify their previously entered data in a follow-up
step of a long Web transaction where you don't want to deal with server-side
session data. The goal of Crypt::Lite was to have a pretty simple way to
encrypt and decrypt data without the need to install and compile huge
packages with lots of dependencies.
Crypt::Lite generates every time a different encrypted hash when you
re-encrypt the same data with the same secret string. Nevertheless you
are able to make double or tripple-encryption with any data to increase
the security. Decryption works also on hashes that have been encrypted
on a foreign host (try this with an unpatched IDEA installation ;-).

WWW: http://search.cpan.org/dist/Crypt-Lite

PR:             ports/90614
Submitted by:   Gabor Kovesdan

21:59 erwin 

Generic Counter Mode implementation in pure Perl. The Counter Mode module
constructs a stream cipher from a block cipher or cryptographic hash funtion
and returns it as an object. Any block cipher in the Crypt:: class can be
used, as long as it supports the blocksize and keysize methods. Any hash
function in the Digest:: class can be used, as long as it supports
the add method.

WWW: http://search.cpan.org/dist/Crypt-Ctr

PR:             ports/90613
Submitted by:   Gabor Kovesdan

21:56 erwin 

Crypt::Caesar - Decrypt rot-N strings

WWW: http://search.cpan.org/dist/Caesar

PR:             ports/90612
Submitted by:   Gabor Kovesdan

21:55 erwin 

Generic CFB implementation in pure Perl. The Cipher Feedback Mode module
constructs a stream cipher from a block cipher or cryptographic hash funtion
and returns it as an object. Any block cipher in the Crypt:: class can be
used, as long as it supports the blocksize and keysize methods. Any hash
function in the Digest:: class can be used, as long as it supports the
add method.

WWW: http://search.cpan.org/dist/Crypt-CFB

PR:             ports/90611
Submitted by:   Gabor Kovesdan

21:53 erwin 

This code appears to have only cursory resemblance to Bruce Schneier's
blowfish and twofish algorithms in that it too has a table-based decoder.
Derivation from FairKeys code by Jon Lech Johanson at nanocrew.net.
If you don't know what that is, don't bother looking here further. This is
a Pure Perl implementation. I doubt there is any need for xs coding for
what would mainly be processing 16 bytes at a time. This code is part of an
ongoing effort to clone portions of the Apple iTMS in Perl for portability.
See www.hymn-project.org for prior efforts by others.

WWW: http://search.cpan.org/dist/Crypt-AppleTwoFish

PR:             ports/90610
Submitted by:   Gabor Kovesdan

16:03 vanilla 

Add sshit 0.5, checks for SSH/FTP bruteforce and blocks given IPs.

PR:             ports/90603
Submitted by:   Jui-Nan Lin <jnlin@csie.nctu.edu.tw>

21:50 erwin 

Digest::Pearson is an implementation of Peter K. Pearson's hash algorithm
presented in "Fast Hashing of Variable Length Text Strings" - ACM 1990. This
hashing technique yields good distribution of hashed results for variable
length input strings on the range 0-255, and thus, it is well suited for
data load balancing.
The implementation is in C, so it is fast. If you prefer a pure Perl version
and can tolerate slower speed, you might want to consider
Digest::Pearson::PurePerl instead.

WWW: http://search.cpan.org/dist/Digest-MD5-Pearson

PR:             ports/90578
Submitted by:   Gabor Kovesdan

21:46 erwin 

Digest::ManberHash - a Perl package to calculate Manber Hashes

WWW: http://search.cpan.org/dist/Digest-ManberHash

PR:             ports/90577
Submitted by:   Gabor Kovesdan

21:45 erwin 

MD5 sums (see RFC 1321 - The MD5 Message-Digest Algorithm) are used as a
one-way hash of data. Due to the nature of the formula used, it is impossible
to reverse it.
This module provides functions to search several online MD5 hashes database and
return the results (or return undefined if no match found).

WWW: http://search.cpan.org/dist/Digest-MD5-Reverse

PR:             ports/90576
Submitted by:   Gabor Kovesdan

16:22 erwin 

Get MD5 sums for files of a given path or content of a given url.

WWW: http://search.cpan.org/dist/Digest-MD5-File

PR:             ports/90567
Submitted by:   Gabor Kovesdan

16:16 erwin 

The Digest::JHash module allows you to use the fast JHash hashing algorithm
developed by Bob Jenkins from within Perl programs. The algorithm takes as
input a message of arbitrary length and produces as output a 32-bit
"message digest" of the input in the form of an unsigned long integer.
See http://burtleburtle.net/bob/hash/doobs.html for more information.

WWW: http://search.cpan.org/dist/Digest-JHash

PR:             ports/90564
Submitted by:   Gabor Kovesdan

16:15 erwin 

Digest::FNV is an implementation for the 32-bit version of Fowler/Noll/Vo
hashing algorithm which allows variable length input strings to be quickly
hashed into unsigned integer values. For more information about this hash,
please visit http://www.isthe.com/chongo/tech/comp/fnv/.

WWW: http://search.cpan.org/dist/Digest-FNV

PR:             ports/90563
Submitted by:   Gabor Kovesdan

16:02 erwin 

Digest::Elf provides an XS based implementation of the ElfHash algorithm.
ElfHash generates resonably 32 bit integer value from a string in a
reasonably short period of time.

WWW: http://search.cpan.org/dist/Digest-Elf

PR:             ports/90561
Submitted by:   Gabor Kovesdan

16:00 erwin 

This is Encrypted MAC (EMAC), formerly known as Double MAC (DMAC).
Unlike HMAC, which reuses an existing one-way hash function, such as
MD5, SHA-1 or RIPEMD-160, EMAC reuses an existing block cipher to
produce a secure message authentication code (MAC).

WWW: http://search.cpan.org/dist/Digest-EMAC

PR:             ports/90560
Submitted by:   Gabor Kovesdan

15:22 erwin 

This is Encrypted MAC (EMAC), formerly known as Double MAC (DMAC).
Unlike HMAC, which reuses an existing one-way hash function, such as
MD5, SHA-1 or RIPEMD-160, EMAC reuses an existing block cipher to
produce a secure message authentication code (MAC).

WWW: http://search.cpan.org/dist/Digest-DMAC

PR:             ports/90550
Submitted by:   Gabor Kovesdan

14:50 erwin 

Digest::DJB is an implementation of D. J. Bernstein's hash which returns a
32-bit unsigned value for any variable-length input string. An equivalent pure
Perl version is also available: Digest::DJB::PurePerl.

WWW: http://search.cpan.org/dist/Digest-DJB

PR:             ports/90549
Submitted by:   Gabor Kovesdan

14:44 erwin 

This module implements the hashcash hash (or digest, although it's not
clearly a digest). For all your information needs please
visit http://www.hashcash.org.

WWW: http://search.cpan.org/dist/Digest-Hashcash

PR:             ports/90548
Submitted by:   Gabor Kovesdan

14:16 erwin 

This module provides a perl implementation to generate 32 bits CRC digests for
buffers and files.

WWW: http://search.cpan.org/dist/Digest-Crc32

PR:             ports/90547
Submitted by:   Gabor Kovesdan

14:06 erwin 

The Digest::CRC module calculates CRC sums of all sorts. It contains wrapper
functions with the correct parameters for CRC-CCITT, CRC-16 and CRC-32.

WWW: http://search.cpan.org/dist/Digest-CRC

PR:             ports/90546
Submitted by:   Gabor Kovesdan

13:53 erwin 

The Digest::Adler32 module implements the Adler-32 checksum as specified
in RFC 1950. The interface provided by this module is specified in Digest,
but no functional interface is provided.

WWW: http://search.cpan.org/dist/Digest-Adler32

PR:             ports/90545
Submitted by:   Gabor Kovesdan

12:09 erwin 

Digest::SV1 - Cryptosleazically strong message digest format

WWW: http://search.cpan.org/dist/Digest-SV1

PR:             ports/90539
Submitted by:   Gabor Kovesdan

11:54 erwin 

A perl module that implements the tiger hash, which is believed to be secure
and runs quickly on 64-bit processors.

WWW: http://search.cpan.org/dist/Digest-Tiger

PR:             ports/90537
Submitted by:   Gabor Kovesdan

11:21 erwin 

Digest::Whirlpool - A 512-bit, collision-resistant, one-way hash function
developed by Paulo S. L. M. Barreto and Vincent Rijmen.

WWW: http://search.cpan.org/dist/Digest-Whirlpool

PR:             ports/90536
Submitted by:   Gabor Kovesdan

10:30 erwin 

Haval is a variable-length, variable-round one-way hash function designed by
Yuliang Zheng, Josef Pieprzyk, and Jennifer Seberry. The number of rounds can
be 3, 4, or 5, while the hash length can be 128, 160, 192, 224, or 256 bits.
Thus, there are a total of 15 different outputs. For better security, however,
this module implements the 5-round, 256-bit output.

WWW: http://search.cpan.org/dist/Digest-Haval256

PR:             ports/90534
Submitted by:   Gabor Kovesdan

20:15 ehaupt 

Add, security/fiked, a fake IKE PSK+XAUTH daemon based on VPNC.

This is a fake IKE daemon supporting just enough of the standards and Cisco
extensions to attack commonly found insecure Cisco PSK+XAUTH VPN setups.

If you know the pre-shared key, also known as shared secret or group password,
you can impersonate the VPN gateway in IKE phase 1, and learn XAUTH user
credentials in phase 2.

PR:             90372
Submitted by:   Daniel Roethlisberger <daniel@roe.ch>

09:50 barner 

Add symbion-sslproxy 1.0.5, an SSL proxy for securing unsecure
connections.

PR:             ports/90216
Submitted by:   Gabor Kovesdan

10:07 novel 

Add gnutls-devel - development version of gnutls.

01:04 edwin 

Add security/tor-devel

02:31 edwin 

[NEW PORT] security/jailaudit: Generate portaudit reports for jails from the
hostsystem

        This port contains a script for generating portaudit reports
        for jails running on a FreeBSD system.

        Jailaudit runs in the Host-system and uses portaudit to
        create reports for every jail currently running.

        It can also be used to send specific report-mails to the
        owner of a jail by running it as a cronjob.

        /etc/crontab example:
        0   4   *   *   *   *   root   /usr/local/bin/jailaudit mail
admin@foo.bar "foo.example.com bar.example.com"

        Sends reports-mails of the jails with the hostnames
        foo.example.com and bar.example.com to the mailaddr.
        admin@example.com.

        WWW: http://outpost.h3q.org/software/jailaudit/

PR:             ports/87581
Submitted by:   Philipp Wuensche <cryx-ports@h3q.com>

21:03 edwin 

New port: security/klamav

        KlamAV - Clam Anti-Virus on the KDE Desktop

        KlamAV is a KDE 3 front-end to Clam Anti-Virus.  It includes
        the following features:

        - 'On Access' Scanning
        - Manual Scanning
        - Quarantine Management
        - Downloading Updates
        - Mail Scanning (KMail/Evolution)

PR:             ports/84342
Submitted by:   Anderson S. Ferreira <anderson@cnpm.embrapa.br>

05:16 lioux 

New port md4coll version 0.1: Fast MD4 collision generator

05:15 lioux 

New port md5coll version 0.1: Fast MD5 collision generator

13:25 sergei 

- Disconnect security/prelude-nids from the parent Makefile
  prior to deletion

14:20 sumikawa 

Racoon is now maintained in security/ipsec-tools.

08:35 az 

- Move securiy/hping -> net/hping

16:28 lawrance 

Add amavisd-milter 1.0.2, milter for amavisd-new.

PR:             ports/82427
Submitted by:   Petr Rehor <prehor@gmail.com>

11:50 pav 

Sud is a daemon to execute interactive and non-interactive processes with
special (and customizable) privileges in a nosuid environment. It is based on a
client/server model and on the ability to pass file descriptors between
processes.

PR:             ports/88354
Submitted by:   Vaida Bogdan <vaidab@phenix.rootshell.be>

13:45 tobez 

Add security/p5-Authen-Htpasswd 0.12, a Perl module to read and modify
apache-style .htpasswd files.

06:45 vanilla 

Add denyhosts 1.1.2, script to thwart ssh attacks.

PR:             ports/88781
Submitted by:   Janos Mohacsi <janos.mohacsi.at.bsd.hu>

11:49 skv 

Add p5-Authen-SASL-Cyrus 0.12, XS SASL Authentication.

22:08 linimon 

Remove opensc-esteid.  The functionality has been merged into the
masterport.

PR:             ports/88008
Submitted by:   maintainer

01:33 nork 

Add java_policy 1.4.2, which provides JCE(Java Cryptography
Extension) Unlimited Strength Jurisdiction Policy Files.

WWW:                    http://java.sun.com/products/jce/index-14.html
I was cheated by:       ume

17:36 ehaupt 

Add p5-GD-SecurityImage, a Perl5 module for creating CAPTCHA security images

PR:             87494
Submitted by:   Rod Taylor <ports@rbt.ca>
Approved by:    novel (mentor) (implicit)

18:18 sergei 

Add security/libpreludedb:

This library provides a framework for easy access to the Prelude database.

WWW:    http://www.prelude-ids.org/

06:08 dinoex 

- create slave port for openssl 0.9.7

02:16 edwin 

New port: security/webfwlog Web-based firewall log analyzer

        Webfwlog is a web-based firewall log analysis and reporting
        tool, and supports ipfilter and ipfw log file formats.  It
        is interactive and allow the user to "drill-down" from a
        summary report to packet details logged.  It also has great
        flexibility in the format of the output and which logged
        records are included.  Sample report definitions are included
        and are saved in a database (MySQL or PostgreSQL) and can
        be modified by the user.

        More info at: http://www.webfwlog.net

PR:             ports/80352
Submitted by:   Bob Hockney <zeus@ix.netcom.com>

18:21 ehaupt 

Add gwee, a tool to exploit command execution vulnerabilities in web scripts.

PR:             80639
Submitted by:   chinsan <chinsan@mail2000.com.tw>
Approved by:    novel (mentor)

16:31 mnag 

New port

The Authen::CyrusSASL module provides a simple class that allows you
to send request to the cyrus-sasl's authen daemon.
This module is based on the Authen::Radius module with the similar interface.

PR:             86943
Submitted by:   Attila Nagy <bra@fsn.hu>
Approved by:    pav (mentor)

13:54 garga 

Add tthsum 1.1.0, a command-line utility for generating and checking TTH
message digests.

PR:             ports/86555
Submitted by:   Emanuel Haupt <ehaupt@critical.ch>

13:50 pav 

Pamsfs is a PAM module that logs a user into a SFS server on
system login. The primary reason for doing this is to allow users'
home-directories to be located on a SFS server.

PR:             ports/86095
Submitted by:   David Thiel <lx@redundancy.redundancy.org>

16:43 lth 

Add p5-Digest-SHA 5.31, Perl extension for SHA-1/224/256/384/512.

PR:             ports/84570
Submitted by:   Travis Campbell <hcoyote@ghostar.org>

23:42 pav 

ClusterSSH controls a number of xterm windows via a single graphical
console window to allow commands to be interactively run on multiple
servers over an ssh connection.

PR:             ports/84970
Submitted by:   David Thiel <lx@redundancy.redundancy.org>

15:02 lth 

Add p5-Crypt-NULL 1.02, perl implementation of the NULL encryption
algorithm.

PR:             ports/84629
Submitted by:   TAKAHASHI Kaoru <kaoru@kaisei.org>

23:14 pav 

- Remove security/pf and security/authpf ports. They were only useful on
  FreeBSD 5.0 - 5.2.1.

Requested by:   mlaier (maintainer) via linimon

00:06 jylefort 

Add signing-party.

signing-party is a collection for all kinds of PGP/GnuPG related things,
including signing scripts, party preparation scripts, etc.

 * caff: CA - Fire and Forget signs and mails a key
 * pgp-clean: removes all non-self signatures from key
 * pgp-fixkey: removes broken packets from keys
 * gpg-mailkeys: simply mail out a signed key to its owner
 * gpg-key2ps: generate PostScript file with fingerprint paper strips
 * gpglist: show who signed which of your UIDs
 * gpgsigs: annotates list of GnuPG keys with already done signatures
 * keylookup: ncurses wrapper around gpg --search

WWW: http://pgp-tools.alioth.debian.org/

PR:             ports/86077
Submitted by:   Johan van Selst <johans@stack.nl>

12:49 garga 

Add ncrypt 0.7.0, advanced AES file encryption tool.

PR:             ports/85486
Submitted by:   Frank Laszlo <laszlof@vonostingroup.com>

14:13 vsevolod 

Add IPSec tools port - the new "official" version of racoon,
is the only one which is maintained and have lots of new features.

PR:             85544
Submitted by:   VANHULLEBUS Yvan <vanhu@netasq.com>
Approved by:    perky (mentor)

19:03 sem 

Bcrypt is a blowfish file encryption utility which aims for cross-platform
portability.

PR:             ports/84798
Submitted by:   Emanuel Haupt <ehaupt@critical.ch>

18:51 sem 

ipguard listens network for ARP packets. All permitted MAC/IP pairs
listed in 'ethers' file. If it recieves one with MAC/IP pair, which is
not listed in 'ethers' file, it will send ARP reply with configured
fake address. This will prevent not permitted host to work properly
in this ethernet segment. Especially Windows(TM) hosts.

PR:             ports/84627, ports/85671
Submitted by:   SeaD <sead@mail.ru>

16:29 garga 

Add p5-Net-Daemon-SSL 1.0, perl5 extension for portable daemons.

PR:             ports/85125
Submitted by:   Simon Dick <simond@irrelevant.org>

01:52 jylefort 

Add p5-Net-OpenID-Server.

OpenID is a decentralized identity system, but one that's actually
decentralized and doesn't entirely crumble if one company turns evil
or goes out of business.

An OpenID identity is just a URL. You can have multiple identities in
the same way you can have multiple URLs. All OpenID does is provide a
way to prove that you own a URL (identity).

Anybody can run their own site using OpenID, and anybody can be an
OpenID server, and they all work with each other without having to
register with or pay anybody to "get started". An owner of a URL can
pick which OpenID server to use.

WWW: http://www.openid.net

PR:             ports/85284
Submitted by:   Alex Kapranoff <kappa@rambler-co.ru>

01:34 jylefort 

Add p5-Data-Password.

Data::Password checks potential passwords for crackability. It checks that the
password has the appropriate length, that it has enough character groups, that
it does not contain the same characters repeatedly, that it does not contain
ascending or descending characters, or characters close to each other on the
keyboard. It also searches for the password in the ispell word file.

WWW: http://search.cpan.org/~razinf/Data-Password/

PR:             ports/84513
Submitted by:   ports@c0decafe.net

14:10 sergei 

- Disconnect gnutls-devel from the parent Makefile prior to removal

10:32 garga 

This package implements an algorithm for breaking the PkZip cipher that was
devised by Eli Biham and Paul Kocher.

This program applies a known plaintext attack to an encrypted file.
A known-plaintext-attack recovers a password using the encrypted file and
(part of) the unencrypted file.

Please note that cryptographers use the word 'plaintext' for any kind of
unencrypted data - not necessarily readable ASCII text.

Before you ask why somebody may want to know the password when he already knows
the plaintext think of the following situations:

 - Usually there's a large number of files in a ZIP-archive. Usually all these
   files are encrypted using the same password. So if you know one of the files,
   you can recover the password and decrypt the other files.
 - You need to know only a part of the plaintext (at least 13 bytes). Many files
   have commonly known headers, like DOS .EXE-files. Knowing a reasonably long
   header you can recover the password and decrypt the entire file.

WWW: http://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html

PR:             ports/84192
Submitted by:   Emanuel Haupt <ehaupt@critical.ch>

03:37 ade 

Add courierpasswd, a user authentication and password changing utility
for the courier imap/pop3 system.

18:47 garga 

TLSWrap is a TLS/SSL FTP wrapper/proxy for UNIX and Windows, allowing you to
use your favourite FTP client with any TLS/SSL-enabled FTP server.

WWW: http://tlswrap.sunsite.dk/

PR:             ports/84028
Submitted by:   Daniel J. O'Connor <darius@dons.net.au>
Thanks to:      novel

17:13 se 

New port: Yersinia

Yersinia is a layer 2 vulnerability scanner with support for the
following protocols:

- Cisco Discovery Protocol (CDP)
- Dynamic Host Configuration Protocol (DHCP)
- Dynamic Trunking Protocol (DTP)
- Hot Standby Router Protocol (HSRP)
- IEEE 802.1q
- Spanning Tree Protocol (STP, RSTP)
- Virtual Trunking Protocol (VTP)

17:10 garga 

BSDsfv is a flexible and highly compatible SFV checksum utility.

Features:

  - create SFV files, verify downloaded single files or whole releases
  - add banners to your SFV files
  - very flexible and compatible with all other SFV tools currently known,
    including SFVNIX compatibility mode concerning SFV files created
  - easy to console application
  - plug & play support for glFTPd and other demons including
    count-missing-files feature for race scripts

WWW: http://bsdsfv.sourceforge.net/

PR:             ports/84108
Submitted by:   Emanuel Haupt <ehaupt@critical.ch>
Approved by:    flz (mentor)

17:08 garga 

This utility creates .SFV (Simple File Verify) and .PAR (Parity Archive) data
files.

Features:

  * Recursive directories handling
  * Automatic checksum file naming ability in create mode
  * Meaningful and documented exit values for easy scripting
  * Wildcards for file names
  * Creation of PAR (Parity Archive) files
  * Create Multiple recovery sets if number of files in SFV greater than 255

WWW: http://pure-sfv.sourceforge.net/

PR:             ports/84127
Submitted by:   Emanuel Haupt <ehaupt@critical.ch>
Approved by:    flz (mentor)

17:43 garga 

Bridge betwean ClamAV antivirus software and Squid caching proxy.

Squidclam is a replacement for SquidClamAV-Redirector.py written
in C using libclamav and libcurl

Author: squidclam@users.sourceforge.net
WWW:    http://sourceforge.net/projects/squidclam/

PR:             ports/82652
Submitted by:   Alexander Novitsky <alecn2002@yandex.ru>
Approved by:    flz (mentor)

12:28 pav 

- Revive security/ruby-acl port and unbreak it
- Reset maintainership

PR:             ports/76917
Submitted by:   IWATSUKI Hiroyuki <don@na.rim.or.jp>

16:29 pav 

This module brings to Python programs the capability of evaluating password
strength. To achieve this noble aim it uses the well known cracklib toolkit,
hence the name.

PR:             ports/83603
Submitted by:   Vsevolod Stakhov <vsevolod@highsecure.ru>

13:58 pav 

NewPKI is a PKI based on the OpenSSL low-level API, all the datas are handled
through a database, which provides a much more flexible PKI than with OpenSSL,
such as seeking a certificate with a search engine.

CA implementation.

PR:             ports/83387
Submitted by:   Vsevolod Stakhov <vsevolod@highsecure.ru>

13:24 pav 

NewPKI is a PKI based on the OpenSSL low-level API, all the datas are handled
through a database, which provides a much more flexible PKI than with OpenSSL,
such as seeking a certificate with a search engine.

GUI client that uses wxWidgets.

PR:             ports/83386
Submitted by:   Vsevolod Stakhov <vsevolod@highsecure.ru>

13:01 pav 

NewPKI is a PKI based on the OpenSSL low-level API, all the datas are handled
through a database, which provides a much more flexible PKI than with OpenSSL,
such as seeking a certificate with a search engine.

PR:             ports/83385
Submitted by:   Vsevolod Stakhov <vsevolod@highsecure.ru>

14:35 pav 

OpenCT, a middleware framework for smart card terminals.
It all started with a reader driver library to provide a framework for people
writing drivers for smart card readers. The idea was to provide all the usual
stuff (T=0, T=1, serial vs. USB device handling, etc) in a single place, and
reduce driver writing to interaction with the device itself.

OpenCT provides a native OpenCT, CT-API and PC/SC Lite IFD interface with an
OpenCT ifdhandler resource manager.

PR:             ports/82990
Submitted by:   Janos Mohacsi <janos.mohacsi@bsd.hu>

02:33 erwin 

Add calife-devel

Forgotten by:   roberto
Committed from: Las Vegas, NV

06:57 ahze 

- Add sasp
This is a tool that uses ARP poisoning  to  have  a  scenario
like this: we have a LAN and we want offer connectivity to every-
one coming here with his laptop for example. It could happen that
our  customer  has  his  network parameters already configured to
work correctly in his own LAN, but not working here. We can  have
then this scenario:
Customer's  host (10.0.0.2/8 and default gateway set to 10.0.0.1)
Our LAN (192.168.0.0/24 with real gateway 192.168.0.254).
All that we want is that our customer plugs his laptop  and  joins
the  internet without changing nothing of his network parameters.
Here comes this tool installed in my real gw(192.168.0.254)  It's
a  sort  of sniffer, because it sniffs broadcast ARP requests for
the gateway and answers that the gateway is itself In our example
our  customer's  laptop  sends  this request: arp who-has 10.0.0.1
tell 10.0.0.2 Now our gateway does the following: 1)  Sends  back
this  reply to 10.0.0.2: arp reply 10.0.0.1 is-at his_mac_address
2)Create the alias 10.0.0.254 (ARP is not routable so we need one
alias  for each subnet that is not our one) 3)Sends itself an ARP
reply to refresh his ARP cache
It is different from proxy arp for two reasons: first it runs  in
user  space,  then in this case we can plug machines belonging to
whatever subnet, while proxy arp is used in the case of only  two
different ones.

PR:             ports/79676
Submitted by:   Luigi Pizzirani <sviat@opengeeks.it>

20:01 niels 

New port: Create HOME directory with a PAM module on demand

Based on submission via the following PR:

PR:             ports/82032
Submitted by:   Martin Mersberger
Approved by:    nectar (mentor)

20:56 niels 

New port based on submission by Paul Schmehl

Sancp is a network security tool designed to collect
statistical information regarding network traffic, as
well as, collect the traffic itself in pcap format, all
for the purpose of: auditing, historical analysis, and
network activity discovery.

PR:             ports/77426
Submitted by:   Paul Schmehl
Approved by:    nectar (mentor)

13:36 niels 

New port: BitDefender Console Antivirus 7.0.1
Based on submission via PR:

PR:             ports/75424
Submitted by:   Adrian Pircalabu
Approved by:    nectar (mentor)

20:01 thierry 

Add snortsms 0.11.3, a Snort Sensor Management System web interface
and monitoring console.

PR:             81425
Submitted by:   J. Randolph <snortsms (at) servangle.net>