From 97563f8b64fbd41f18a2d7e5ef1c625fd3d79afe Mon Sep 17 00:00:00 2001 From: Juraj Lutter Date: Thu, 8 Apr 2021 00:22:32 +0200 Subject: security/pidentd: Remove port pidentd is broken on recent FreeBSD versions and abandoned upstream. Remove port, disconnect from category Makefile. PR: 254748 Reported by: daniel.engberg.lists@pyret.net --- security/Makefile | 1 - security/pidentd/Makefile | 49 --------------- security/pidentd/distinfo | 4 -- security/pidentd/files/idecrypt.8 | 94 ----------------------------- security/pidentd/files/patch-src_idecrypt.c | 46 -------------- security/pidentd/files/patch-src_pides.c | 52 ---------------- security/pidentd/pkg-descr | 12 ---- 7 files changed, 258 deletions(-) delete mode 100644 security/pidentd/Makefile delete mode 100644 security/pidentd/distinfo delete mode 100644 security/pidentd/files/idecrypt.8 delete mode 100644 security/pidentd/files/patch-src_idecrypt.c delete mode 100644 security/pidentd/files/patch-src_pides.c delete mode 100644 security/pidentd/pkg-descr (limited to 'security') diff --git a/security/Makefile b/security/Makefile index 5eabdc2aec13..6093be2e098d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -787,7 +787,6 @@ SUBDIR += php80-sodium SUBDIR += phpsecinfo SUBDIR += picosha2 - SUBDIR += pidentd SUBDIR += pidgin-encryption SUBDIR += pidgin-otr SUBDIR += pinentry diff --git a/security/pidentd/Makefile b/security/pidentd/Makefile deleted file mode 100644 index 0e074f0589d7..000000000000 --- a/security/pidentd/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -# Created by: torstenb - -PORTNAME= pidentd -PORTVERSION= 3.0.19 -PORTREVISION= 4 -CATEGORIES= security -MASTER_SITES= ftp://ftp.lysator.liu.se/pub/unix/ident/servers/ \ - ftp://ftp.stack.nl/pub/users/johans/pidentd/ - -PATCH_SITES= ftp://ftp.stack.nl/pub/users/johans/pidentd/ \ - ftp://mud.stack.nl/pub/pidentd/ -PATCHFILES= pidentd-${PORTVERSION}-ipv6-20080101.diff.gz -PATCH_DIST_STRIP= -p0 - -MAINTAINER= ports@FreeBSD.org -COMMENT= RFC1413 identification server - -BROKEN_FreeBSD_12= fails to compile: k_freebsd2.c: storage size of 'pcbp' isn't known -BROKEN_FreeBSD_13= fails to compile: k_freebsd2.c: storage size of 'pcbp' isn't known - -CONFLICTS_INSTALL= fakeident-[0-9]* - -GNU_CONFIGURE= yes -USES= ssl - -PLIST_FILES= sbin/ibench sbin/identd sbin/idecrypt sbin/ikeygen \ - man/man8/identd.8.gz man/man8/idecrypt.8.gz - -CFLAGS+= -DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY -LDFLAGS+= -L${OPENSSLLIB} -lcrypto - -post-extract: - ${CP} ${FILESDIR}/idecrypt.8 ${WRKSRC}/doc/idecrypt.8 - -post-patch: - @${REINPLACE_CMD} \ - -e 's| /etc/identd.conf| ${PREFIX}/etc/identd.conf|' \ - -e 's| /etc/identd.key| ${PREFIX}/etc/identd.key|' \ - ${WRKSRC}/doc/identd.8 ${WRKSRC}/doc/idecrypt.8 - @${REINPLACE_CMD} -e 's|freebsd.4.7.|freebsd|' ${WRKSRC}/configure - @${REINPLACE_CMD} -e 's|$$(sbindir)|$${DESTDIR}&|' \ - -e 's|-m 755|-s &|' ${WRKSRC}/src/Makefile.in - @${REINPLACE_CMD} -e 's|$$(mandir)|$${DESTDIR}&|' ${WRKSRC}/Makefile.in - -post-install: - ${INSTALL_MAN} -m 644 ${WRKSRC}/doc/idecrypt.8 \ - ${STAGEDIR}${MANPREFIX}/man/man8 - -.include diff --git a/security/pidentd/distinfo b/security/pidentd/distinfo deleted file mode 100644 index 02f1732008a0..000000000000 --- a/security/pidentd/distinfo +++ /dev/null @@ -1,4 +0,0 @@ -SHA256 (pidentd-3.0.19.tar.gz) = 4c57574f3f64aca62a852935a17055999f1b6a61ab5b01b6e5201c8887293b30 -SIZE (pidentd-3.0.19.tar.gz) = 145505 -SHA256 (pidentd-3.0.19-ipv6-20080101.diff.gz) = 57ac0abd67ef71c8324ec560ce9356c1a8cf1f651a5070e04db3de350a7bff5d -SIZE (pidentd-3.0.19-ipv6-20080101.diff.gz) = 7931 diff --git a/security/pidentd/files/idecrypt.8 b/security/pidentd/files/idecrypt.8 deleted file mode 100644 index f5de49dfdd34..000000000000 --- a/security/pidentd/files/idecrypt.8 +++ /dev/null @@ -1,94 +0,0 @@ -.TH IDECRYPT 8 "19 May 1996" -.SH NAME -idecrypt \- Decrypt tokens obtained from identd -.SH SYNOPSIS -.B idecrypt -.SH DESCRIPTION -.B idecrypt -is a utility for decrypting the encrypted tokens that -.BR identd (8) -provided instead of usernames when it is -run in encrypted-token mode (that is, with the -.B \-C -flag). -.PP -.B idecrypt -reads up to 1024 lines from the -.B /etc/identd.key -file, converting each line to a DES key using -.BR des_string_to_key (3). -It then reads standard input, searching for encrypted tokens -in the format produced by -.BR identd (8), -decrypts the tokens if possible, and copies all unrecognised text from -standard input to standard output without modification. -.PP -If more than one key appears in the key file, then -.BR identd (8) -will use the first key for encryption, and -.B idecrypt -will attempt to use all the keys for decryption. -This allows new keys to be used by -.BR identd (8) -without losing the ability for -.B idecrypt -to decrypt old tokens (until there are more than 1024 keys in the key file). -.PP -Each encrypted token consists of 32 base64 characters, enclosed in -square brackets. To make it easier to process logs generated by -versions of -.B tcpd (8) -that convert the square brackets to underlines, -.B idecrypt -permits underline characters instead of square brackets -in its input. -.PP -.BR idecrypt 's -output from decrypting each token is a human readable string -containing the timestamp (displayed as a local time in -.BR ctime (3) -format), the numeric uid, the local IP address, the local port number, -the remote IP address and the remote port number. -.SH EXAMPLE -Suppose that the local host has IP address 10.2.3.4, the local -.B /etc/identd.key -file contains -.PP -foobar -.PP -and the local host is running the -.BR identd (8) -server in encrypted-token mode. -.PP -Now, if a local user -with uid 501 telnets to a remote host with IP address 10.9.8.7, -the remote host may choose to make an ident query back to the -local host, in order to obtain some information to be logged for -possible use later. The local -.BR identd (8) -might send the following encrypted token to the remote host -instead of sending a username: -.PP -[aALdNYxh2496K4DDTel2Nk0Jzj5mRbok] -.PP -If the administrator of the remote host later provides the administrator -of the local host with a copy of the encrypted token, and if -the secret key has not been removed from the local -.B /etc/identd.key -file, then the administrator of the local host can run -.B idecrypt -and can provide the encrypted token in standard input. -.PP -.B idecrypt -will then print the following decrypted information: -.PP -Sun May 19 00:25:23 1996 501 10.2.3.4 2304 10.9.8.7 23 -.PP -This represents the time the encrypted token was created, -the local user id, the local IP address and port number, and the -remote IP address and port number. -.SH SEE ALSO -.BR identd (8) -.BR tcpd (8) -.SH BUGS -The handling of fatal errors could be better. diff --git a/security/pidentd/files/patch-src_idecrypt.c b/security/pidentd/files/patch-src_idecrypt.c deleted file mode 100644 index 7d3d2624ebf1..000000000000 --- a/security/pidentd/files/patch-src_idecrypt.c +++ /dev/null @@ -1,46 +0,0 @@ ---- src/idecrypt.c.orig 2015-02-28 20:14:56.633084000 +0100 -+++ src/idecrypt.c 2015-02-28 20:19:20.661476344 +0100 -@@ -100,8 +100,8 @@ - char buf1[40], buf2[40]; - struct sockaddr_gen ip_local, ip_remote; - int keyfile_fd; -- des_cblock key_bin; -- des_key_schedule sched; -+ DES_cblock key_bin; -+ DES_key_schedule sched; - static char readable[256]; - - -@@ -118,8 +118,8 @@ - while (read(keyfile_fd, keybuf, sizeof(keybuf)-1) == sizeof(keybuf)-1) - { - keybuf[sizeof(keybuf)-1] = '\0'; -- des_string_to_key(keybuf, &key_bin); -- des_set_key(&key_bin, sched); -+ DES_string_to_key(keybuf, &key_bin); -+ DES_set_key(&key_bin, &sched); - - count = (len == 32) ? 24 : 48; - for (i = 0, j = 0; i < count; i += 3, j += 4) -@@ -131,15 +131,15 @@ - - count = (len == 32) ? 2 : 8; - for (i = count; i >= 0; i -= 2) { -- des_ecb_encrypt((des_cblock *)&(r.longs[i+2]), -- (des_cblock *)&(r.longs[i+2]), -- sched, DES_DECRYPT); -+ DES_ecb_encrypt((DES_cblock *)&(r.longs[i+2]), -+ (DES_cblock *)&(r.longs[i+2]), -+ &sched, DES_DECRYPT); - r.longs[i+2] ^= r.longs[i ]; - r.longs[i+3] ^= r.longs[i+1]; - } -- des_ecb_encrypt((des_cblock *)&(r.longs[0]), -- (des_cblock *)&(r.longs[0]), -- sched, DES_DECRYPT); -+ DES_ecb_encrypt((DES_cblock *)&(r.longs[0]), -+ (DES_cblock *)&(r.longs[0]), -+ &sched, DES_DECRYPT); - - count = (len == 32) ? 6 : 12; - for (i = 1; i < count; i++) diff --git a/security/pidentd/files/patch-src_pides.c b/security/pidentd/files/patch-src_pides.c deleted file mode 100644 index d102e7053918..000000000000 --- a/security/pidentd/files/patch-src_pides.c +++ /dev/null @@ -1,52 +0,0 @@ ---- src/pdes.c.orig 2015-02-28 20:14:56.633084000 +0100 -+++ src/pdes.c 2015-02-28 20:17:14.869504878 +0100 -@@ -46,7 +46,7 @@ - - - --static des_key_schedule sched; -+static DES_key_schedule sched; - - - -@@ -55,7 +55,7 @@ - { - char keybuf[1024+1]; - int fd, res; -- des_cblock key_bin; -+ DES_cblock key_bin; - - - if (keyfile == NULL) -@@ -100,8 +100,8 @@ - } - - keybuf[sizeof(keybuf)-1] = '\0'; -- des_string_to_key(keybuf, &key_bin); -- des_set_key(&key_bin, sched); -+ DES_string_to_key(keybuf, &key_bin); -+ DES_set_key(&key_bin, &sched); - - return 0; - } -@@ -162,16 +162,16 @@ - for (i = 1; i < count; i++) - r.longs[0] ^= r.longs[i]; - -- des_ecb_encrypt((des_cblock *)&(r.longs[0]), (des_cblock *)&(r.longs[0]), -- sched, DES_ENCRYPT); -+ DES_ecb_encrypt((DES_cblock *)&(r.longs[0]), (DES_cblock *)&(r.longs[0]), -+ &sched, DES_ENCRYPT); - - count = (family == AF_INET) ? 4 : 10; - for (i = 0; i < count; i += 2) { - r.longs[i+2] ^= r.longs[i ]; - r.longs[i+3] ^= r.longs[i+1]; - -- des_ecb_encrypt((des_cblock *)&(r.longs[i+2]), -- (des_cblock *)&(r.longs[i+2]), sched, DES_ENCRYPT); -+ DES_ecb_encrypt((DES_cblock *)&(r.longs[i+2]), -+ (DES_cblock *)&(r.longs[i+2]), &sched, DES_ENCRYPT); - } - - count = (family == AF_INET) ? 24 : 48; diff --git a/security/pidentd/pkg-descr b/security/pidentd/pkg-descr deleted file mode 100644 index 324cb8161dbf..000000000000 --- a/security/pidentd/pkg-descr +++ /dev/null @@ -1,12 +0,0 @@ -This is a program that implements the RFC1413 identification server. It -was very much inspired by Dan Bernstein's original 'authd' (but unlike -that program doesn't use 'netstat' to get some of the information) It -uses the kernel information directly. (And is due to that fact a lot -faster). Dan has now written another version of the 'authd' daemon that -uses his 'kstuff' to read the kernel information. Unlike that daemon, -this will use only normally available kernel access functions (and is due -to that more limited in the different machines it support). Please note -that this daemon used to be called pauthd but has changed name to better -reflect what it does (and to conform to the new RFC). - -WWW: http://www.lysator.liu.se/~pen/pidentd/ -- cgit v1.2.3