Page MenuHomeFreeBSD

security/*: Deprecate and mark ports BROKEN that are dead upstream and/or abandonware
ClosedPublic

Authored by diizzy on Nov 7 2021, 1:37 PM.

Details

Summary
security/afl			-	Migrate to security/afl++
security/amap			-	Abandoned upstream, last release 10+ years ago
security/amavis-stats		-	Upstream is dead and last release was back in 2005
security/arirang		-	Abandoned (website also refers to Ruby 1.9) and a 9+ year old webserver security scanner isn't useful today
security/axTLS			-	Very outdated and abandoned, current version in tree was released in 2013 and last by upstream in 2019
security/base			-	Broken with PHP 7+, forked here https://github.com/NathanGibbs3/BASE/
security/beecrypt		-	Abandoned upstream, last release in 2009
security/bruteforceblocker	-	Doesn't seem to build/package, please consider using security/sshguard
security/cfs			-	Deprecated upstream, reference: https://www.bayofrum.net/cgi-bin/fossil/cfs/index
security/cisco-torch		-	Unfetchable, dead upstream
security/cp2fwb			-	Used with deprecated software Firewall Builder
security/dcetest		-	Targets deprecated protocol by Microsoft in favour of .NET
security/doscan			-	Abandonware, last release in 2014. Please consider using security/masscan or sysutils/pnscan
security/find-zlib		-	Deprecated, no longer relevant
security/flawfinder		-	Very outdated, current version in tree was released in 2014. Last release by upstream in Aug 2021
security/govpn			-	Deprecated upstream, reference: http://www.govpn.info/
security/gputty			-	Unfetchable, dead upstream
security/gwee			-	Last release 15+ years ago, abandonware and dead upstream
security/hackbot		-	Abandonware, last release in 2003. Please consider using security/nmap or security/rustscan
security/hashcat-legacy		-	Unsupported upstream, please consider using security/hashcat
security/hlfl			-	Abandonware, last release in 2003
security/ike			-	Abandonware, last release in 2013 and IKEv1 is considered to be insecure
security/integrit		-	Abandonware, last release in 2003
security/ipfilter2dshield	-	Abandonware, no word of it on upstream web site
security/ipfw2dshield		-	Abandonware, no word of it on upstream web site
security/isakmpd		-	15+ years old and broken on multiple versions
security/kripp			-	Abandonware, upstream returns 404 and last release was back in 2007
security/l0phtcrack		-	Obsolete, Microsoft LANMAN and NT password hashes are deprecated
security/l5			-	Abandonware, broken on amd64 for 10+ years
security/gringotts		-	Abandonware, upstream dead and last release in 2009
security/libgringotts		-	Abandonware, upstream dead and last release in 2008
security/libprelude		-	Very outdated, current version in tree was released back in 2015 and upstream is still active
security/libpreludedb		-	Very outdated, current version in tree was released back in 2015 and upstream is still active
security/libpwstor		-	Abandonware, last release in 2008
security/manipulate_data	-	Abandonware, unsupported upstream
security/matrixssl		-	Abandonware, dead upstream
security/monkeysphere		-	Abandonware, dead upstream
security/mussh			-	Abandonware, last release in 2011 please consider using security/teleport
security/outguess		-	Abandonware, dead upstream and last release in 2001
security/pbnj			-	Abandonware, last release in 2006 and reported broken upstream in 2017 upstream
security/phpsecinfo		-	Abandonware, last release in 2006
security/pktsuckers		-	Abandonware, last release from somewhere around 1999
security/ppars			-	Abandonware, no word of it on upstream web site
security/pscan			-	Abandonware, last release in 2000
security/pxytest		-	Abandonware, last release around 2003, dead upsteam and unfetchable
security/radamsa		-	Abandonware, last release in 2017 and marked as BROKEN in late 2020
security/razorback-*		-	Abandonware, last release in 2012 and listed as alpha quality by upstream
security/retranslator		-	Deprecated upstream (EOL)	
security/scanssh		-	Abandonware, last release in 2005. Please consider using security/nmap or security/rustscan
security/shimmer		-	Abandonware, last release in 2008
security/shttpscanner		-	Abandonware, last release in 2006
security/sha			-	Obsolete, we have tools in base
security/slurpie		-	Abandonware, last release around 2000 and dead upstream
security/slush			-	Obsolete, listed as alpha quality, last release around 2000 and dead upstream
security/smtpscan		-	Abandonware, last release in 2003 and dead upstream. Please consider using nmap
security/spybye			-	Abandonware, last release in 2008 and no upstream development
security/sslsniffer		-	Abandonware, last release in 2001. Please consider using security/sslsplit or security/sslproxy
security/sslwrap		-	Abandonware, marked BROKEN on 12+ in 2019
security/strobe			-	Abandonware, last release around 2000 and dead upstream. Please consider using security/nmap or security/rustscan
security/stud			-	Abandonware, marked BROKEN on 12+ in 2019
security/symbion-sslproxy	-	Abandonware, last release in 2009 and inactive upstream
security/tlswrap		-	Abandonware, last release in 2007 and dead upstream
security/trinokiller		-	Abandonware, dead upstream
security/tripwire-131		-	Deprecated, please consider using security/tripwire instead
security/unicornscan		-	Very outdated and abandoned, current version in tree was released in 2004 and last release by upstream in Aug 2013. Please consider using security/nmap or security/rustscan
security/vinetto		-	Obsolete, targets deprecated Windows operating systems such as XP and 2003 Server
security/vnccrack		-	Very outdated and abandoned, last release in 2008. Upstream is at 2.1 while version in ports is 1.0.0
security/webscarab		-	Deprecated by upstream in 2014
security/zebedee		-	Abandonware, last release in 2005 and runtime issues reported upstream

Diff Detail

Repository
R11 FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

diizzy requested review of this revision.Nov 7 2021, 1:37 PM
diizzy created this revision.
This revision is now accepted and ready to land.Nov 7 2021, 1:41 PM

Many of these ports are unmaintained in our repo and in most cases also upstream. They eat quite a bit of time for ports committers trying to keeping these at least buildable, most aren't relevant today and/or have maintained counterparts.

diizzy retitled this revision from security/*: Deprecate and mark ports BROKEN that are dead upstream and/abandonware to security/*: Deprecate and mark ports BROKEN that are dead upstream and/or abandonware.Nov 7 2021, 1:49 PM

Hi,

If you've been added for review it means that you have one or more ports affected by this patch, please review the changes

security/bruteforceblocker	danger@FreeBSD.org
security/cfs			crees@FreeBSD.org
security/flawfinder		lx@FreeBSD.org
security/gputty			olivier@FreeBSD.org
security/ike			mgrooms@shrew.net
security/libprelude		koobs@FreeBSD.org
security/libpreludedb		koobs@FreeBSD.org
security/monkeysphere		egypcio@FreeBSD.org
security/mussh			farrokhi@FreeBSD.org
security/sha			allan@saddi.com
security/spybye			bofh@FreeBSD.org
security/tripwire-131		cy@FreeBSD.org

security/bruteforceblocker - Doesn't seem to build/package, please consider using security/sshguard

I tried build with poudriere and 13.0-RELEASE amd64 jail and it succeeded without any error.

https://www.utahime.org/FreeBSD/poudriere/data/logs/bulk/130amd64-default/2021-11-08_00h49m58s/logs/bruteforceblocker-1.2.6_2.log

In D32880#742216, @yasu wrote:

security/bruteforceblocker - Doesn't seem to build/package, please consider using security/sshguard

I tried build with poudriere and 13.0-RELEASE amd64 jail and it succeeded without any error.

https://www.utahime.org/FreeBSD/poudriere/data/logs/bulk/130amd64-default/2021-11-08_00h49m58s/logs/bruteforceblocker-1.2.6_2.log

Thanks but something seems to be up with packaging looking at freshports but I couldn't find anything obvious looking at portsfallout.
https://www.freshports.org/security/bruteforceblocker/

Thanks but something seems to be up with packaging looking at freshports but I couldn't find anything obvious looking at portsfallout.
https://www.freshports.org/security/bruteforceblocker/

Package build cluster doesn't build package of this port because LICENSE is set to NONE in security/bruteforceblocker/Makefile.
NONE is one of pre-defined licenses and it is defined in Mk/bsd.licence.db.mk as following.

_LICENSE_NAME_NONE=     No license specified
_LICENSE_GROUPS_NONE=   # empty
_LICENSE_PERMS_NONE=    none

As you can see, _LICENSE_PERMS_NONE doesn't include auto-accept.
So you need to explicitly accept the license when building the port.
If you build it interactively , dialog is displayed to ask if you accept the license.
If you build it with batch mode, you need to add LICENSES_ACCEPTED=NONE to make.conf.

@yasu
Ahh, that makes sense. Thanks for clearing it up! :-)
Unless you want to take up maintainership or danger replies I still think we should deprecate it given the multiple maintainer timeouts dating back to 2017. I'll of course update the patch accordingly

Proposed change, remove security/beecrypt from the list for now (requested by maintainer)

se added inline comments.
security/flawfinder/Makefile
16 ↗(On Diff #98158)

I have created a patch that brings this port to the latest version (2.0.19) and have sent it to the maintainer (lx@) for approval.