From owner-svn-ports-all@freebsd.org Wed Jul 5 18:02:04 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F1F8D8C58A; Wed, 5 Jul 2017 18:02:04 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3A1406600C; Wed, 5 Jul 2017 18:02:04 +0000 (UTC) (envelope-from pi@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v65I233m029896; Wed, 5 Jul 2017 18:02:03 GMT (envelope-from pi@FreeBSD.org) Received: (from pi@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v65I232R029892; Wed, 5 Jul 2017 18:02:03 GMT (envelope-from pi@FreeBSD.org) Message-Id: <201707051802.v65I232R029892@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pi set sender to pi@FreeBSD.org using -f From: Kurt Jaeger Date: Wed, 5 Jul 2017 18:02:03 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r445088 - in head/security: . hardening-check X-SVN-Group: ports-head X-SVN-Commit-Author: pi X-SVN-Commit-Paths: in head/security: . hardening-check X-SVN-Commit-Revision: 445088 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Jul 2017 18:02:04 -0000 Author: pi Date: Wed Jul 5 18:02:02 2017 New Revision: 445088 URL: https://svnweb.freebsd.org/changeset/ports/445088 Log: New port: security/hardening-check Check binaries for security hardening features Hardening-check is a perl script to verify that the resulting binary does, in fact, have hardening features enabled, you can use it to test each ELF binary and the output will show if the binary has position independent executable, stack protected, fortify source functions(not supported on FreeBSD now), read only relocations or immediate binding supported. WWW: https://wiki.debian.org/Hardening PR: 220245 Submitted by: amutu@amutu.com Added: head/security/hardening-check/ head/security/hardening-check/Makefile (contents, props changed) head/security/hardening-check/distinfo (contents, props changed) head/security/hardening-check/pkg-descr (contents, props changed) Modified: head/security/Makefile Modified: head/security/Makefile ============================================================================== --- head/security/Makefile Wed Jul 5 17:20:56 2017 (r445087) +++ head/security/Makefile Wed Jul 5 18:02:02 2017 (r445088) @@ -201,6 +201,7 @@ SUBDIR += gwee SUBDIR += hackbot SUBDIR += hamachi + SUBDIR += hardening-check SUBDIR += hashcat SUBDIR += hashcat-legacy SUBDIR += heimdal Added: head/security/hardening-check/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hardening-check/Makefile Wed Jul 5 18:02:02 2017 (r445088) @@ -0,0 +1,34 @@ +# Created by: Jov +# $FreeBSD$ + +PORTNAME= hardening-check +PORTVERSION= 2.6 +CATEGORIES= security +MASTER_SITES= http://http.debian.net/debian/pool/main/h/hardening-wrapper/ +DISTNAME= hardening-wrapper_${PORTVERSION} + +MAINTAINER= amutu@amutu.com +COMMENT= Check binaries for security hardening features + +LICENSE= GPLv2+ + +USES= tar:xz shebangfix perl5 + +SHEBANG_LANG= perl +SHEBANG_FILES= ${PORTNAME} + +NO_BUILD= yes +PLIST_FILES= bin/${PORTNAME} + +WRKSRC= ${WRKDIR}/hardening-wrapper + +post-patch: + ${REINPLACE_CMD} -e 's/die "List of libc functions not defined/#&/' \ + -e 's/^libc./& Not supported on FreeBSD now./' \ + -e 's/against glibc)./& This function is currently Not supported on FreeBSD./' \ + ${WRKSRC}/${PORTNAME} + +do-install: + ${INSTALL_SCRIPT} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin/ + +.include Added: head/security/hardening-check/distinfo ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hardening-check/distinfo Wed Jul 5 18:02:02 2017 (r445088) @@ -0,0 +1,3 @@ +TIMESTAMP = 1498272039 +SHA256 (hardening-wrapper_2.6.tar.xz) = c5fc46439646d0929a0605e4f3db67e57eefbbf5ceec5a2888440dbdf4450224 +SIZE (hardening-wrapper_2.6.tar.xz) = 19436 Added: head/security/hardening-check/pkg-descr ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/hardening-check/pkg-descr Wed Jul 5 18:02:02 2017 (r445088) @@ -0,0 +1,8 @@ +Hardening-check is a perl script to verify that the resulting binary +does, in fact, have hardening features enabled, you can use it to +test each ELF binary and the output will show if the binary has +position independent executable, stack protected, fortify source +functions(not supported on FreeBSD now), read only relocations or +immediate binding supported. + +WWW: https://wiki.debian.org/Hardening