14:37 linimon 

Remove avmailgate due to licensing concerns.

14:00 krion 

Add rkhunter 1.0.8,

Rootkit Hunter is scanning tool to ensure you for about 99.9%
you're clean of nasty tools.

This tool scans for rootkits, backdoors and local exploits by
running tests like:

- MD5/SHA1 hash compare
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files

PR:             ports/66660
Submitted by:   Radim Kolar <hsn at netmag dot cz>

11:29 krion 

Add lep 0.30,

LEP is my attempt to provide a simple yet effective crypto
system that focuses largely on streamlining tasks and less on
elaborate inclusion of algorithms (MD5 and Blowfish are the
only official algorithms used, both of which are linked in from
-lcrypto), and also has some simple implementations of classic
cipher design (transposition, byte swapping, caesar, XOR, hex
encoding, etc) which can fit into the same operation chain,
relieving the need for OS overhead with process spawning and
piping.

PR:             ports/66659
Submitted by:   Dmitri Nikulin <setagllib@optusnet.com.au>

18:08 pav 

Add scanlogd, a TCP port scan detection tool, originally designed to illustrate
various attacks an IDS developer has to deal with. Unlike some of the other
port scan detection tools out there, scanlogd is designed to be totally safe
to use.

PR:             ports/66449
Submitted by:   Roman Bogorodskiy <bogorodskiy@inbox.ru>

12:56 tobez 

Add security/p5-Authen-Captcha, a Perl module to verify the human
element in transactions.

06:19 marcus 

Add gaim-encryption, a Gaim plug-in that allows for transparent RSA message
encryption between supporting clients.

PR:             66236
Submitted by:   ports@c0decafe.net <ports@c0decafe.net>

19:27 lofi 

Add pinentry slaveport for the curses based pinentry dialog.

19:26 lofi 

Add pinentry slaveport for the GTK based pinentry dialog.

19:25 lofi 

Add pinentry slaveport for the QT based pinentry dialog.

19:19 lofi 

security/newpg -> security/gnupg-devel

13:57 arved 

Update libgcrypt to the new stable version 1.2.0
Retire libgcrypt-devel

Switch back to security/libgcrypt and bump PORTREVISION for
- gnutls
- gnutls-devel
- gsasl
- opencdk
- vpnc

libggz:
- Remove dependency on libgcrypt, because the port does not yet
work with the new libgcrypt

libksba:
- Update to 0.9.5
- Pass maintainership to lofi, who already maintains the other
aegypten ports.

Approved by:    lofi

wmbiff:
Switch to security/libgcrypt but no PORTREVISION bump, because the
dependency is optional and the port does not work with the new
libgcrypt and needs to be updated.

No action, because ports don't work with the new libgcrypt and need
to be updated, maintainers informed:
security/newpg
security/pinentry
security/dirmngr
emulators/fuse
emulators/libspectrum

13:00 netchild 

Slave port of security/ssh2. It builds ssh2 without X11 support.

Submitted by:   marius

09:34 lofi 

Add libassuan, an IPC library used by GnuPG and gpgme.

01:45 kris 

As announced 2 months ago, remove these deprecated or broken ports.

23:16 thierry 

Add libtomcrypt 0.92, comprehensive, modular and portable
cryptographic toolkit.

PR:             62581
Submitted by:   Yonatan <Yonatan@Xpert.com>
Approved by:    pav (mentor).

02:54 marcus 

Add gnomekeyring, an API and daemon for managing lists of credentials.  This
is similar to the Keychain in MacOS.

07:29 kris 

Remove category pkg/COMMENT files in favour of a COMMENT variable in the
category makefile.

Submitted by:   Matthew Seaman <m.seaman@infracaninophile.co.uk>
PR:             59651

19:42 pav 

Add pear-Text_Password, a PEAR package, which provides the ability to the user
to generate random passwords, either pronounceable or not pronounceable.

PR:             ports/64896
Submitted by:   <bra@fsn.hu>

02:01 trevor 

Add new port of i386 binary client for the md5crk project.
It is a distributed effort to generate MD5 collisions.

00:19 kris 

Add gnutls-devel

Pointy hat to:  sergei

16:08 pav 

Add fpc-md5, a Free Pascal module with MD5 hash routines.

PR:             ports/62593
Submitted by:   John Merryweather Cooper <coop9211@uidaho.edu>

23:22 sergei 

Add lockdown 0.1:

Lockdown is a hardening system written in C++ for FreeBSD
and released under the BSD license.

Lockdown was designed to harden FreeBSD's base system. It does so
by editing the systems configuration files and set permissions,
flags and ownership on SUID, GID and information files.
Lockdown was meant to be run only once, so you can quickly
and without forgetting something, get a secure system running.

WWW:    http://lockdown.TruNet.dk/

PR:             62714
Submitted by:   Daniel Blankensteiner <db@TruNet.dk>

21:39 cy 

MIT KRB5 1.3.2 has been released. Remove the beta.

17:48 vanilla 

Add samba-vscan 0.3.4, on-access virus scanning with Samba.

While I am here,

  - make portlint happy,
  - use WRKSRC instead hardcode path.
  - use SAMBASRC instead wrong path if WRKDIRPREFIX env set.
  - remove PORTREVISION on new ports.

PR:             ports/63464
Submitted by:   Jean Milanez Melo <jmelo@freebsdbrasil.com.br>

11:08 arved 

Remove geheimnis. Project is dead for a long time, and superseded by kgpg

01:45 linimon 

Refactor f-prot into f-prot (for the code) and f-prot-sig (for the
signature definitions).  This allows the definitions to be updated
seperately as and when required.

PR:             ports/62917, 62918
Submitted by:   Tim Bishop <tim@bishnet.net> (maintainer)

17:45 dinoex 

PuTTY is a client program for the SSH, Telnet and Rlogin network protocols.

These protocols are all used to run a remote session on a computer,
over a network. PuTTY implements the client end of that session:
the end at which the session is displayed, rather than the end
at which it runs.

WWW: http://www.chiark.greenend.org.uk/~sgtatham/putty/

01:04 ijliao 

add py-xmlsec 0.2.0
A set of Python bindings for XML Security Library

14:27 nectar 

Now I know my ABCs
Next time won't you run sort(1) with me

14:24 nectar 

Activate vuxml, vxquery.

10:06 arved 

Add libgcrypt-devel, repocopied from libgcrypt.
Version 1.1.91 is incompatible with 1.1.12.

The -devel is required by the upcoming GnuTLS version and the new vpnc version.
The Stable version is still required by the Aegypten plugins.

Approved by:    portmgr(marcus)
Repocopied by:  joe

09:55 ale 

Add snortreport 1.2, add-on module for snort to generate real-time web
reports.

PR:             ports/62046
Submitted by:   Andrea Venturoli <a.ventu@FreeBSD.org>
Approved by:    nork (mentor/implicitly)

16:17 eik 

tandart vulnerability test for port auditing systems

  This is a package to test FreeBSD port auditing systems, e.g. portaudit
  and the upcoming VuXML based system. Even though it installs no files,
  it is listed in the portaudit database as vulnerable.

  Kind of a EICAR-STANDARD-ANTIVIRUS-TEST-FILE

19:53 eik 

connect portaudit to the INDEX
(what is the INDEX?)

13:24 demon 

New port: qca-tls.

A plugin to provide SSL/TLS capability to programs that utilize the
Qt Cryptographic Architecture (QCA).

04:10 cy 

Brand new MIT KRB5 beta.

09:21 vanilla 

Add p5-Crypt-xDBM_File 1.01,
perl module encrypt almost any kind of
dbm file.

PR:             60709
Submitted by:   Cheng-Lung Sung <clsung@dragon2.net>

13:53 sergei 

Add cvm 0.18, Credential Validation Modules:
- The reference source for the CVM interface
- Diagnostic and benchmark CVM clients
- A checkpassword interface CVM client
- A UNIX/POSIX system module (uses getpwnam)
- A flat-file module
- A library for client writers
- A set of libraries for module writers

Author: Bruce Guenter <bruceg@em.ca>
WWW:    http://untroubled.org/cvm/

This port in needed to unbreak build of mail/mailfront and ftp/twoftpd.

15:08 kuriyama 

Add starttls 0.9, simple wrapper program for STARTTLS on emacs21.

15:19 krion 

Add vpnc 0.2,

VPNC - Client for Cisco 3000 VPN Concentrator

A VPN client compatible with Cisco's EasyVPN equipment.
Supports IPSec (ESP) with Mode Configuration and Xauth.
Supports only shared-secret IPSec authentication, 3DES, MD5,
and IP tunneling.  It runs entirely in userspace

PR:             60283
Submitted by:   Christian Lackas

14:07 skv 

Add rng_82802 0.0.0, RNG driver for the Intel 82802.

23:19 sergei 

Add xca 0.4.5, graphical certification authority.

Graphical certification authority is an interface for managing
RSA keys and certificates, and the creation and signing of PKCS#10 requests.
It uses the OpenSSL library and a Berkeley DB for key and certificate storage.
It supports importing and exporting keys and PEM DER PKCS8 certificates,
signing and revoking of PEM DER PKCS12, and selection of x509v3 extensions.
A tree view of certificates is presented.

Author: Christian Hohnstaedt <christian@hohnstaedt.de>
WWW:    http://www.hohnstaedt.de/xca.html

PR:             58378
Submitted by:   Valentin Zahariev <curly@e-card.bg>

23:17 linimon 

Retire security/whisker.  Author says to use nikto instead.
PR: ports/58606.

17:14 skv 

Add p5-OpenCA-CRL 0.9.17, CRL Management module.

17:06 skv 

Add p5-OpenCA-REQ 0.9.52,
perl extension to easily manage Cert
REQUESTs.

17:04 skv 

Add p5-OpenCA-PKCS7 0.9.13, perl extension for basic handling PKCS.

11:48 markm 

This software is old and unmaintained. Remove.

16:42 vanilla 

Add p5-Crypt-OFB 0.01, encrypt Data using OFB Mode.

PR:             58825
Submitted by:   clsung

18:40 knu 

Retire the following ports; they have been integrated into ruby18 and
ruby16-shim-ruby18:

        devel/ruby-yaml
        net/ruby-drb
        net/ruby-gserver
        net/ruby-soap
        net/ruby-xmlrpc
        security/ruby-openssl
        sysutils/ruby-devel-logger
        textproc/ruby-rexml
        www/ruby-webrick

09:41 foxfair 

Add p5-Crypt-Anubis, a Crypt::CBC-compliant block cipher

08:35 ijliao 

add gsasl 0.0.8
GNU SASL Library

06:40 ijliao 

add gss 0.0.6
GNU Generic Security Service Library

10:39 skv 

Add p5-OpenCA-CRR 0.0.2, perl extention to handle CRR objects.

03:08 foxfair 

Add f-prot 4.2.0, f-Prot Antivirus for BSD Workstations.

PR:             52923
Submitted by:   Tim Bishop <tim@bishnet.net>

20:23 sergei 

Add libgpg-error 0.5, common error values for all GnuPG components.

PR:             58325
Submitted by:   Sergei Kolobov <sergei@kolobov.com>
Approved by:    krion (mentor)

17:25 ijliao 

add shishi 0.0.8
A free implementation of the Kerberos 5 network security system

10:07 ijliao 

add libntlm 0.3.2
A library that implement Microsoft's NTLM authentication

12:49 mat 

Add p5-Crypt-CBCeasy 0.24,
Easy things make really easy with Crypt::CBC.

06:06 edwin 

[New ports] linux-pam-docs

        While pam(8) refers Linux-PAM Guides at ``SEE ALSO'' section,
        it seems no documentation is in ports/ tree.

        I think reading those docs takes good understanding of PAM
        in RELENG_4, and also OpenPAM in HEAD.

PR:             ports/53490
Submitted by:   Hideyuki KURASHINA <rushani@FreeBSD.org>

05:52 edwin 

New port: gnome-ssh-askpass

        New port, the gnome based askpass from the openssh contrib.

PR:             ports/53247
Submitted by:   Mark Hannon <markhannon@optusnet.com.au>

23:53 edwin 

New Port: ssh_askpass_gtk2 - A tiny GTK2 ssh askpass replacement

        A small SSH Askpass replacement written with GTK2. Features
        fullscreen dialog and translucent background.

PR:             ports/56537
Submitted by:   Manuel Rabade <mig@mig-29.net>

23:34 edwin 

[new port] security/opensc-esteid: modified version of the
security/opensc port that works with Estonian Electronic ID card

        This is modified version of the OpenSC port that works with
        Estonian Electronic ID card (EstEID).

        WWW: http://marie.vtl.ee/esteid/

PR:             ports/56612
Submitted by:   Sven Petai <hadara@bsd.ee>

23:49 leeym 

add autossh-1.2d

autossh is a program to start a copy of ssh and monitor it, restarting
it as necessary should it die or stop passing traffic.

The original idea and the mechanism were from rstunnel (Reliable SSH
Tunnel). With this version the method changes: autossh uses ssh to
construct a loop of ssh forwardings (one from local to remote, one
from remote to local), and then sends test data that it expects to
get back. (The idea is thanks to Terrence Martin.)

WWW:            http://www.harding.motd.ca/autossh/

12:12 edwin 

New port: An MSN Messenger event/message sniffer

        An MSN Messenger event/message sniffer based on the pcap library

PR:             ports/55262
Submitted by:   Nicolas Gieczewski <nick@n0sp4m.nixsoftware.com>

04:28 edwin 

FreeBSD Port Submission for "Destroy"

        Destroy, A program that destroys files on the hard disk by
        writing null and random bytes to the file, then unlinking
        it.

PR:             ports/50291
Submitted by:   Shane Kinney <shane@freebsdhackers.net>

03:58 kris 

Remove the rsaref port, which fulfilled its usefulness a long time ago.

10:26 krion 

Add checkpassword-pam 0.98, implementation of checkpassword
authentication program.

PR:             57424
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>

08:51 knu 

Add ruby-gpgme, a Ruby interface to GnuPG Made Easy (GPGME).

00:06 bms 

New port: security/sectok

PR:             ports/39778

00:05 bms 

New port: security/libsectok

PR:             ports/39777

11:20 krion 

Doscan is a tool to quickly scan network for machines listening
on a TCP port. It can scan for Microsoft DCOM vulnerability.

PR:             57161
Submitted by:   Janos Mohacsi <janos.mohacsi@bsd.hu>

13:47 netchild 

Add AntiVir Milter, a mail virusscanner using the Sendmail Mail Filter API.
This is a commercial stand-alone solution written in C not a PERL script +
myriads of dependencies + some AV...
Licenses for private (individual, non-commercial) use, e.g. for protecting
your family's home network, can be applied for free of charge.

Submitted by:   Marius Strobl <marius@alchemy.franken.de>

15:07 osa 

New port: a checkpassword compatible authentication
program that uses CRAM-MD5 authentication mode.

Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>
PR:             56598

09:09 edwin 

[new port] security/dropbear: a lightweight SSH2 server

        Dropbear is an SSH 2 server, designed to be usable in small
        memory environments.

        It supports:
                * Main features of SSH 2 protocol
                * Implements X11 forwarding, and authentication-agent forwarding
                for OpenSSH clients
                * Compatible with OpenSSH ~/.ssh/authorized_keys public key
                authentication

        WWW: http://matt.ucc.asn.au/dropbear/dropbear.html

PR:             ports/55795
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>

13:57 edwin 

new port: dump MSRPC information

        One-file-port, from @stake. This dumps information from
        remote RPC.  Much like "rpcinfo -p host" on unix hosts.
        Please check my patches: I removed an unused function so
        this wouldn't be marked as a security sensitive port, and
        I'm not sure my Makefile change respects CFLAGS.

PR:             ports/46991
Submitted by:   Yonatan@xpert.com <Yonatan@xpert.com>

13:28 edwin 

New port: security/hmap - web server fingerprinting tool

        Web server fingerprinting tool, used to identify web servers
        that changed thier banners.

PR:             ports/50754
Submitted by:   Yonatan@xpert.com <Yonatan@xpert.com>

10:58 erwin 

Crypt::OpenSSL::Bignum provides access to OpenSSL
multiprecision integer arithmetic libraries. Presently,
many though not all of the arithmetic operations that
OpenSSL provides are exposed to perl. In addition,
this module can be used to provide access to bignum
values produced by other OpenSSL modules, such as key
parameters from Crypt::OpenSSL::RSA.

08:49 krion 

- New port: security/tinyca version 0.4.9

TinyCA is a simple graphical userinterface written in Perl/Tk
to manage a small CA (Certification Authority).

PR:             54571
Submitted by:   Janos Mohacsi <janos.mohacsi@bsd.hu>

09:21 edwin 

New port: hunch - Scan httpd log files, find vulnerability probes,
mail admins

        Scan Apache log files for CodeRed, Nimda, FormMail, proxy
        scanners and other malicious probes. For each one found,
        track down the contact email from WHOIS data and send a
        notice. Built-in rate controls prevent flooding an admin
        even when his machines are scanning at high rates. Runs as
        a non-privileged cron job to not interfere with the HTTP
        daemon's operation.

        Notes to committer:
         1. This port installs a user and a group "hunch". It doesn't
         meet the conditions listed in the handbook for a "reserved"
         uid/gid.
         2. portlint will complain about the port. A lot. To the
         best of my judgment all of the warnings can be ignored
         with the exception of the one about BATCH which I could
         find no documentation for. Therefore it is setting
         IS_INTERACTIVE.

PR:             ports/44836
Submitted by:   Dan Pelleg <daniel+hunch@pelleg.org>

08:28 perky 

Remove security/py-amkCrypto port. This port have not been built over
a year and replaced by security/py-pycrypto.

07:27 demon 

New port: p5-Module-Signature.

Module::Signature adds cryptographic authentications to CPAN
distributions, via the special SIGNATURE file.

If you are a module user, all you have to do is to remember
running "cpansign -v" (or just "cpansign") before issuing
"perl Makefile.PL" or "perl Build.PL"; that will ensure the
 distribution has not been tampered with.

For module authors, you'd want to add the SIGNATURE file to
your MANIFEST, then type "cpansign -s" before making a distribution.

Submitted by:   autrijus@autrijus.org

11:45 edwin 

new port: Security scanner for Samba

        ADM smb is a security scanner for Samba
        /* based on the src of the smbclient  from the samba team */
        ADMsmb will perform a complete audit of samba for you on a host you
        provide.

PR:             ports/53696
Submitted by:   Jacek Serwatynski <tutus@trynet.eu.org>

07:01 erwin 

Add p5-Crypt-GeneratePassword 0.02,

This module lets you generate secure random passwords
with a reasonable amount of pronounceability. It avoids
the problems associated with the FIPS-181 NIST standard
as used by Crypt::RandPasswd. See perldoc for more
details.

PR:             55575
Submitted by:   andrew@scoop.co.nz

01:42 cy 

MIT KRB5 1.3 has been released. Remove the beta.

05:43 kris 

As announced on May 6, remove the broken p5-Authen-Krb4 port

15:52 skv 

Add p5-Digest-SHA2 1.0.0, perl interface to the SHA-2 algorithms.

09:20 nork 

Add drweb-qmail 4.29.12, qmail client for DrWeb antivirus suite.

PR:             ports/54614
Submitted by:   Denis N. Peplin <info@volginfo.ru>

19:33 kbyanc 

Add gcipher 1.0, a simple encryption tool.

PR:             53738
Submitted by:   Shannon -jj Behrens <jjinux@yahoo.com>

02:34 foxfair 

Add hostsentry 0.02, a Login Anomaly Detector.

PR:             48127
Submitted by:   Andre Ramos <andre.ramos@netcabo.pt>

02:32 foxfair 

Add nikto 1.30, web and CGI vulnerability scanner with SSL support.

PR:             43313
Submitted by:   pandzilla

02:28 foxfair 

Add libwhisker 1.6, perl module to create HTTP test scripts.

PR:             42986
Submitted by:   pandzilla

20:11 oliver 

Add osiris 1.5.2,
file integrity checking, with GDBM and MySQL
support.

PR:             50026
Submitted by:   Nicolas Jombart <ecu@ipv42.net>

02:00 foxfair 

Add sudoscript, an audited shell using sudo(8) and script(1)

PR:             53967
Submitted by:   Howard Owen <hbo@egbok.com>

14:04 skv 

Add p5-Nmap-Scanner 0.5,
perform and manipulate nmap scans using
perl.

07:41 foxfair 

Import hydra-2.2, base on PR/43942. This port is provided as a standalone
program to avoid installing a full Nessus scanner system.

Submitted by:   Laurent LEVIER <llevier@argosnet.com>

12:33 nork 

Add new port of clamav-devel after repo copy.
Update to snapshot(20030625).

PR:             ports/53306
Submitted by:   Rob Evers <rob@debank.tv>
Approved by:    portmgr (marcus)
Repo copyed by: cvs (joe)

06:11 foxfair 

Add cryptlib 3.1, a powerful security programming toolkit.

PR:             53397
Submitted by:   me

02:52 foxfair 

PR:             53014
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>

Add prelude-manager 0.8.7, System central logging point of prelude Network
Intrusion Detection.

prelude-manager : the manager is the central logging point. It receives
alerts from sensors and logs them using one or several plugins (the default
logging being to a text file, but logging to a database is also possible -
and recommended).

02:48 foxfair 

PR:             53013
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>

Add prelude-nids 0.8.1,
Sensor program of prelude Network Intrusion Detection System

prelude-nids : the Prelude Network Intrusion Detection System is a sensor,
that may be installed on the same machine as the manager or not, which watches
network traffic and looks for familiar patterns. This is functionally
equivalent to Snort (http://www.snort.org).

02:45 foxfair 

PR:             53012
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>

Add prelude-lml 0.8.3, Log Monitoring Lackey for prelude Network
Intrusion Detection System.