ports/158519: [maintainer-update] security/skipfish to 2.00b
Ryan Steinmetz
rpsfa at rit.edu
Thu Jun 30 00:20:08 UTC 2011
>Number: 158519
>Category: ports
>Synopsis: [maintainer-update] security/skipfish to 2.00b
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Jun 30 00:20:07 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Ryan Steinmetz
>Release: 8.2-RELEASE
>Organization:
Rochester Institute of Technology
>Environment:
>Description:
-Update to 2.00b
======================================
Version 2.00b:
--------------
- Minor bug fix to path parsing to avoid problems with /.$foo/,
- Improved PHP error detection (courtesy of Niels Heinen),
- Improved dictionary logic (courtesy of Niels Heinen) and new
documentation of the same,
- Improved support for file.ext keywords in the dictionary,
- Fixed missing content_checks() in unknown_check_callback()
(courtesy of Niels Heinen),
- Improved an oversight in dictionary case sensitivity,
- Improved pivots.txt data,
- Support for supplementary read-only dictionaries (-W +dict),
- Change to directory detection to work around a certain sneaky
server behavior.
- TODO: Revise dictionaries!!!
Version 1.94b:
--------------
- Proxy support! Currently only works for HTTP, put behind #ifdef
PROXY_SUPPORT.
- Change to prefix() and change_prefix() macros to limit the risk of bugs.
Version 1.93b:
--------------
- Major fix to URL XSS detection logic (courtesy of Niels Heinen).
Version 1.92b:
--------------
- Reading starting URLs from file is now supported (@ prefix).
Version 1.90b / 1.91b:
----------------------
- Minor fix to pivots.txt.
Version 1.89b:
--------------
- Skipfish now saves all discovered URLs in a single file for third-party
tools: pivots.txt.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/skipfish/Makefile,v
retrieving revision 1.18
diff -u -r1.18 Makefile
--- Makefile 15 May 2011 00:54:22 -0000 1.18
+++ Makefile 30 Jun 2011 00:11:26 -0000
@@ -5,7 +5,7 @@
# $FreeBSD: ports/security/skipfish/Makefile,v 1.18 2011/05/15 00:54:22 wxs Exp $
PORTNAME= skipfish
-PORTVERSION= 1.88b
+PORTVERSION= 2.00b
CATEGORIES= security www
MASTER_SITES= ${MASTER_SITE_GOOGLE_CODE}
EXTRACT_SUFX= .tgz
@@ -31,6 +31,7 @@
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/skipfish ${PREFIX}/bin/skipfish
+ ${INSTALL_SCRIPT} ${WRKSRC}/sfscandiff ${PREFIX}/bin/sfscandiff
(cd ${WRKSRC}/assets/ && ${COPYTREE_SHARE} . ${DATADIR}/assets/)
(cd ${WRKSRC}/dictionaries/ && ${COPYTREE_SHARE} . ${DATADIR}/dictionaries/)
.if !defined(NOPORTDOCS)
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/security/skipfish/distinfo,v
retrieving revision 1.15
diff -u -r1.15 distinfo
--- distinfo 15 May 2011 00:52:59 -0000 1.15
+++ distinfo 30 Jun 2011 00:11:26 -0000
@@ -1,2 +1,2 @@
-SHA256 (skipfish-1.88b.tgz) = b564cb444d1cb095a5ef20dd2ddda79a04a75cdf38037ba82ed470a3b2bce281
-SIZE (skipfish-1.88b.tgz) = 187602
+SHA256 (skipfish-2.00b.tgz) = da4ba0137364c78bf8eedc9e3eff3b0588931c59ae3e04e9ba05caf4f9da2fbc
+SIZE (skipfish-2.00b.tgz) = 192957
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/security/skipfish/pkg-plist,v
retrieving revision 1.2
diff -u -r1.2 pkg-plist
--- pkg-plist 13 Dec 2010 00:37:57 -0000 1.2
+++ pkg-plist 30 Jun 2011 00:11:26 -0000
@@ -1,4 +1,5 @@
bin/skipfish
+bin/sfscandiff
%%DATADIR%%/assets/COPYING
%%DATADIR%%/assets/i_high.png
%%DATADIR%%/assets/i_low.png
Index: files/patch-Makefile
===================================================================
RCS file: /home/ncvs/ports/security/skipfish/files/patch-Makefile,v
retrieving revision 1.2
diff -u -r1.2 patch-Makefile
--- files/patch-Makefile 13 Dec 2010 00:37:58 -0000 1.2
+++ files/patch-Makefile 30 Jun 2011 00:11:26 -0000
@@ -1,5 +1,5 @@
---- Makefile.orig 2010-11-29 16:59:49.000000000 -0500
-+++ Makefile 2010-12-12 19:24:29.000000000 -0500
+--- ./Makefile.orig 2011-06-29 20:02:06.000000000 -0400
++++ ./Makefile 2011-06-29 20:02:49.000000000 -0400
@@ -26,12 +26,13 @@
INCFILES = alloc-inl.h string-inl.h debug.h types.h http_client.h \
database.h crawler.h analysis.h config.h report.h
@@ -8,15 +8,15 @@
+_LOCALBASE ?= ${LOCALBASE}
+CFLAGS_GEN = -Wall -funsigned-char -g -ggdb -I$(LOCALBASE)/include/ \
-I/opt/local/include/ $(CFLAGS) -DVERSION=\"$(VERSION)\"
- CFLAGS_DBG = -DLOG_STDERR=1 -DDEBUG_ALLOCATOR=1 $(CFLAGS_GEN)
+ CFLAGS_DBG = -DLOG_STDERR=1 -DDEBUG_ALLOCATOR=1 $(CFLAGS_GEN)
CFLAGS_OPT = -O3 -Wno-format $(CFLAGS_GEN)
-LDFLAGS += -L/usr/local/lib/ -L/opt/local/lib
-+LDFLAGS += -L$(LOCALBASE)/lib/
++LDFLAGS += -L$(LOCALBASE)/lib/
LIBS += -lcrypto -lssl -lidn -lz
all: $(PROGNAME)
-@@ -39,12 +40,12 @@
+@@ -39,12 +40,6 @@
$(PROGNAME): $(PROGNAME).c $(OBJFILES) $(INCFILES)
$(CC) $(LDFLAGS) $(PROGNAME).c -o $(PROGNAME) $(CFLAGS_OPT) \
$(OBJFILES) $(LIBS)
@@ -26,12 +26,6 @@
- @echo "Having problems with your scans? Be sure to visit:"
- @echo "http://code.google.com/p/skipfish/wiki/KnownIssues"
- @echo
-+# @echo
-+# @echo "See dictionaries/README-FIRST to pick a dictionary for the tool."
-+# @echo
-+# @echo "Having problems with your scans? Be sure to visit:"
-+# @echo "http://code.google.com/p/skipfish/wiki/KnownIssues"
-+# @echo
debug: $(PROGNAME).c $(OBJFILES) $(INCFILES)
$(CC) $(LDFLAGS) $(PROGNAME).c -o $(PROGNAME) $(CFLAGS_DBG) \
Index: files/patch-sfscandiff
===================================================================
RCS file: files/patch-sfscandiff
diff -N files/patch-sfscandiff
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/patch-sfscandiff 30 Jun 2011 00:11:26 -0000
@@ -0,0 +1,8 @@
+--- ./sfscandiff.orig 2011-06-29 20:06:17.000000000 -0400
++++ ./sfscandiff 2011-06-29 20:06:20.000000000 -0400
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ echo "sfscandiff - skipfish scan result comparator (lcamtuf at google.com)" 1>&2
+
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list