FreeBSD ports tree https://cgit-dev.freebsd.org/ports/atom?h=release%2F11.3.0 2019-06-13T00:47:22Z 2019-06-13T00:47:22Z Jan Beich jbeich@FreeBSD.org 2019-06-13T00:47:22Z urn:sha1:390e0800a24320a176f656b0deafdb4a969cd523 devel/libevent2: update to 2.1.10 Changes: https://github.com/libevent/libevent/releases/tag/release-2.1.10-stable ABI: https://abi-laboratory.pro/tracker/timeline/libevent/ PR: 238127 Reported by: GitHub (watch releases) Tested by: pkubaj (powerpc64) Approved by: maintainer timeout (2 weeks) Approved by: ports-secteam (miwi) 2019-06-10T16:13:29Z Antoine Brodin antoine@FreeBSD.org 2019-06-10T16:13:29Z urn:sha1:64a47d110e1d20db47065f2464d2c9f248c6bc7c Mark BROKEN: unfetchable Reported by: pkg-fallout 2019-06-02T15:41:13Z Craig Leres leres@FreeBSD.org 2019-06-02T15:41:13Z urn:sha1:e28db1fea49f42260fdcf4eeb741531317799f33 security/bro: Update to 2.6.2 and address several denial of service vulnerabilities: https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS - Integer type mismatches in BinPAC-generated parser code and Bro analyzer code may allow for crafted packet data to cause unintentional code paths in the analysis logic to be taken due to unsafe integer conversions causing the parser and analysis logic to each expect different fields to have been parsed. One such example, reported by Maksim Shudrak, causes the Kerberos analyzer to dereference a null pointer. CVE-2019-12175 was assigned for this issue. - The Kerberos parser allows for several fields to be left uninitialized, but they were not marked with an &optional attribute and several usages lacked existence checks. Crafted packet data could potentially cause an attempt to access such uninitialized fields, generate a runtime error/exception, and leak memory. Existence checks and &optional attributes have been added to the relevent Kerberos fields. - BinPAC-generated protocol parsers commonly contain fields whose length is derived from other packet input, and for those that allow for incremental parsing, BinPAC did not impose a limit on how large such a field could grow, allowing for remotely-controlled packet data to cause growth of BinPAC's flowbuffer bounded only by the numeric limit of an unsigned 64-bit integer, leading to memory exhaustion. There is now a generalized limit for how large flowbuffers are allowed to grow, tunable by setting "BinPAC::flowbuffer_capacity_max". Approved by: ler (mentor, implicit) Security: 177fa455-48fc-4ded-ba1b-9975caa7f62a Approved by: ports-secteam (miwi) 2019-05-24T09:00:45Z Kubilay Kocak koobs@FreeBSD.org 2019-05-24T09:00:45Z urn:sha1:321f72267aed977b5158d671305a16adfbd973b5 Upstream supports and tests against up to Python 3.6 [1] and declares up to 3.6 in its Trove Classifiers [2]. Fix incorrect Python version support declaration in USES=python accordingly, allowing Python 3.x builds. [3] While I'm here, add TEST_DEPENDS and a test target to help with QA. [1] https://github.com/diyan/pywinrm/blob/master/.travis.yml [2] setup.py: 'Programming Language :: Python :: 3.6' PR: 237178 [3] Reported by: <timp87 gmail com> [3] Approved by: portmgr (blanket: bug fix, framework compliance) Approved by: ports-secteam (blanket: bugfix) 2019-05-11T23:21:36Z Jan Beich jbeich@FreeBSD.org 2019-05-11T23:21:36Z urn:sha1:27592423bd1fd94ce05e5c87eb5b0a6d2a6cfefe security/nss: unbreak on powerpc64 after r501212 crypto_primitives.c: In function 'swap8b': crypto_primitives.c:31: error: 'SHA_MASK8' undeclared (first use in this function) crypto_primitives.c:31: error: (Each undeclared identifier is reported only once crypto_primitives.c:31: error: for each function it appears in.) crypto_primitives.c:32: error: 'SHA_MASK16' undeclared (first use in this function) PR: 237841 Reported by: jhibbits Approved by: ports-secteam blanket 2019-05-11T14:48:41Z Michael Reifenberger mr@FreeBSD.org 2019-05-11T14:48:41Z urn:sha1:8937b6aed2c25e5d4fd3d2762436ad8987fab58d Apply fix for installation with ruby 2.5 PR: 237478 Submitted by: Koichiro Iwao Approved by: portmgr (blanket: Build, runtime or packaging fixes, if the quarterly branch version is currently broken) 2019-05-11T01:00:21Z Jan Beich jbeich@FreeBSD.org 2019-05-11T01:00:21Z urn:sha1:b62f4b999651c4ed41d354a6764a5016cb5e21c2 security/nss: update to 3.44 Changes: https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes Changes: https://hg.mozilla.org/projects/nss/shortlog/NSS_3_44_RTM ABI: https://abi-laboratory.pro/tracker/timeline/nss/ Approved by: ports-secteam blanket (required by Firefox 68) 2019-05-09T14:45:09Z Cy Schubert cy@FreeBSD.org 2019-05-09T14:45:09Z urn:sha1:436530a1a0ae6b309c0ada56da425b42a96b653e Prepare for the pending removal of ispec from GENERIC, making sure that the ipsec kld is loaded. Suggested by: gallatin@ Approved by: portmgr (joneum@) 2019-05-07T17:37:13Z Cy Schubert cy@FreeBSD.org 2019-05-07T17:37:13Z urn:sha1:d19839985735706178277d3505dd092a62d68fcb Fix build with libressl 2.9.1. PR: 237621 Reported by: many Approved by: portmgr (joneum@) 2019-05-06T21:18:30Z John Baldwin jhb@FreeBSD.org 2019-05-06T21:18:30Z urn:sha1:358778bb1c89e017c6d82bfed4344ae410a376fa Add AES-CCM and plain SHA digest test vectors. These will be used to expand testing of OCF crypto algorithms in future changes to the base system OCF tests. Approved by: ports-secteam (miwi)