| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Approved by: fixit blanket
Approved by: ports-secteam (delphij)
Security: 43eaa656-80bc-11e6-bf52-b499baebfeaf
Security: 91a337d8-83ed-11e6-bf52-b499baebfeaf
Notes:
svn path=/branches/2016Q3/; revision=423083
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security/libressl: Update to version 2.3.6
Security: CVE-2016-2178
Sponsored by: BSDCan DevSummit
security/libressl: Update to 2.3.7
- Bugfix update [1]
Release notes:
- http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.7-relnotes.txt
security/libressl: Update to 2.4.2
- Update to latest stable version 2.4.2
- Add UPDATING entry
- Remove OPENSSL_VERSION_NUMBER patch
- Change post-install targets to post-stage where possible
- Bump libcrypto version in version.mk
PR: 211701
security/libressl: Update to 2.4.3
- Update to 2.4.3
- Only affected by CVE-2016-6304 (high)
Security: CVE-2016-6304
Security: 43eaa656-80bc-11e6-bf52-b499baebfeaf
Approved by: ports-secteam (feld)
Notes:
svn path=/branches/2016Q3/; revision=422912
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
security/openssl: Update to 1.0.2j
- Update to 1.0.2j
- Fixes Missing CRL sanity check (CVE-2016-7052)
Security: 337d8-83ed-11e6-bf52-b499baebfeaf
Approved by: ports-secteam (feld)
Notes:
svn path=/branches/2016Q3/; revision=422882
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security/openssl-devel: Update to 1.1.0b
- Update to 1.1.0b
- Fixes CRITICAL Use After Free for large message sizes (CVE-2016-6309)
- Make zlib and ssl3 options work
- Remove jpake header (jpake removed completely)
Security: 91a337d8-83ed-11e6-bf52-b499baebfeaf
Approved by: ports-secteam (Xin Li)
Notes:
svn path=/branches/2016Q3/; revision=422786
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security/openssl: Update to 1.0.2i
- Update to 1.0.2i
- Move from PORTREVISION to PORTVERSION updates
- Remove patches that are included upstream
Reviewed by: mat, delphij
Sponsored by: EuroBSDcon 2016 DevSummit
Differential Revision: D8006
Approved by: ports-secteam (delphij)
Notes:
svn path=/branches/2016Q3/; revision=422669
|
| |
|
|
|
|
|
|
|
| |
Update to 3.4.15.
Approved by: ports-secteam (feld)
Notes:
svn path=/branches/2016Q3/; revision=421714
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix some edge cases in xinetd file descriptor handling
This change fixes the case where the listening file descriptor is in 0~2
range (easily reprodutible with a single UDP service)
PR: 211038
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
Approved by: ports-secteam (feld)
Notes:
svn path=/branches/2016Q3/; revision=421441
|
| |
|
|
|
|
|
|
|
|
|
| |
- Upgrade to 1.4.21 (security, predictable bits in some situation).
References: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
Approved by: ports-secteam (with hat)
Notes:
svn path=/branches/2016Q3/; revision=420793
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update to 1.7.3 (security fixes)
- Bump library version in pkg-plist
ref: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
Reviewed by: amdmi3 (mentor)
Approved by: amdmi3 (mentor)
Differential Revision: D7558
Approved by: ports-secteam (junovitch)
Notes:
svn path=/branches/2016Q3/; revision=420588
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Stage II. FreeBSD 9.x branch need a bit more love to deal with c++11-aware code
for Jit/LLVM bytecode engine [1]
- Disable Jit engine by default for package building [2]
Reported by: pi [1]
Discussed with: garga [2]
Approved by: garga (maintainer)
Approved by: ports-secteam (blanket)
Notes:
svn path=/branches/2016Q3/; revision=420046
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- security/clamav: Unbroke Jit engine
Buldled LLVM is very limited/outdated and produce the broken code on recent FreeBSD releases,
so unconditionally rely on latest supported (3.6) LLVM framework from ports to build ClamAV Jit parser
PR: 211683
Reported by: many
Submitted by: myself
Approved by: garga (maintainer)
Approved by: ports-secteam (blanket)
Notes:
svn path=/branches/2016Q3/; revision=419991
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
security/libntlm: Update MAINTAINER address
PR: 211521
Submitted by: Jochen Neumeister <joneum bsdproject de> (maintainer, new email)
Approved by: Jochen Neumeister <jochen daten-chaos de> (maintainer, old email)
Approved by: ports-secteam (blanket)
Notes:
svn path=/branches/2016Q3/; revision=419915
|
| |
|
|
|
|
|
|
|
|
| |
security/nss: update to 3.26
Changes: https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.26_release_notes
Approved by: ports-secteam (junovitch)
Notes:
svn path=/branches/2016Q3/; revision=419755
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update to version 2016.74
- Add license information
Changelog:
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
PR: 211298
Submitted by: Piotr Kubaj (maintainer)
Approved by: ports-secteam (feld)
Notes:
svn path=/branches/2016Q3/; revision=419448
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to 1.13.6.
This is a bug fix release.
* Improve some error messages
* Improve documentation
* Allow a principal with nonexistent policy to bypass the minimum
password lifetime check, consistent with other aspects of
nonexistent policies
* Fix a rare KDC denial of service vulnerability when anonymous client
principals are restricted to obtaining TGTs only [CVE-2016-3120]
Security: 62d45229-4fa0-11e6-9d13-206a8a720317
Security: CVE-2016-3120
Approved by: ports-secteam (feld)
Notes:
svn path=/branches/2016Q3/; revision=419193
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to 1.14.3.
This is a bug fix release.
* Improve some error messages
* Improve documentation
* Allow a principal with nonexistent policy to bypass the minimum
password lifetime check, consistent with other aspects of
nonexistent policies
* Fix a rare KDC denial of service vulnerability when anonymous client
principals are restricted to obtaining TGTs only [CVE-2016-3120]
Security: 62d45229-4fa0-11e6-9d13-206a8a720317
Security: CVE-2016-3120
Approved by: ports-secteam@ (feld@)
Notes:
svn path=/branches/2016Q3/; revision=419147
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update to 1.7.2
- Bump library version in pkg-plist
Changelog:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000392.html
PR: 211153
Reviewed by: junovitch (mentor)
Approved by: junovitch (mentor)
Exp-run: antoine
Differential Revision: D7221
Approved by: ports-secteam (feld)
Notes:
svn path=/branches/2016Q3/; revision=418835
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security/rubygem-omniauth-saml: update from 1.5.0 to 1.6.0
- Ensure that subclasses of OmniAuth::Stategies::SAML are registered with OmniAuth as strategies
- Update ruby-saml to 1.3 to address CVE-2016-5697 (Signature wrapping attacks)
Approved by: junovitch (mentor)
Security: CVE-2016-5697
Approved by: ports-secteam (junovitch)
Notes:
svn path=/branches/2016Q3/; revision=418234
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
security/rubygem-ruby-saml: update from 1.2.0 to 1.3.0
- Security Fix Add extra validations to prevent Signature wrapping attacks
- Fix XMLSecurity SHA256 and SHA512 uris
- Fix Destination validation
Approved by: junovitch (mentor)
Security: CVE-2016-5697
Approved by: ports-secteam (junovitch)
Notes:
svn path=/branches/2016Q3/; revision=418233
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump PORTREVISION in security/pinentry and pinentry-qt4 after r415872.
r415872 changed the binary name that security/pinentry-qt4 installs without
bumping PORTREVISION in the affected ports, so if security/pinentry gets
rebuilt after this change but security/pinentry-qt4 is not the pinentry symlink
will be broken. Similarly, if one builds security/pinentry-qt{4,5} without
updating security/pinentry, the pinentry symlink will also be broken.
PR: 209556
Approved by: ports-secteam (feld)
Notes:
svn path=/branches/2016Q3/; revision=417990
|
| |
|
|
|
|
|
| |
Security: CVE-2016-5360
Notes:
svn path=/head/; revision=417856
|
| |
|
|
|
|
|
| |
Security: CVE-2016-5301
Notes:
svn path=/head/; revision=417850
|
| |
|
|
|
|
|
|
| |
The vulnerable version range was not matching correctly for the devel
port.
Notes:
svn path=/head/; revision=417849
|
| |
|
|
|
|
|
| |
Security: CVE-2016-4472
Notes:
svn path=/head/; revision=417845
|
| |
|
|
|
|
|
| |
Security: CVE-2015-8899
Notes:
svn path=/head/; revision=417844
|
| |
|
|
|
|
|
|
| |
PR: 210541
Security: CVE-2016-5699
Notes:
svn path=/head/; revision=417843
|
| |
|
|
|
|
|
|
| |
PR: 210550
Security: CVE-2016-2177
Notes:
svn path=/head/; revision=417842
|
| |
|
|
|
|
|
|
| |
PR: 210514
Submitted by: yuri@rawbw.com
Notes:
svn path=/head/; revision=417815
|
| |
|
|
|
|
|
|
| |
- Update to 0.1.7
- Move from USE_OPENSSL to USES=ssl
Notes:
svn path=/head/; revision=417795
|
| |
|
|
|
|
|
| |
- Change USE_OPENSSL by USES=ssl
Notes:
svn path=/head/; revision=417788
|
| |
|
|
|
|
|
|
|
| |
always was a user defined variable.
Sponsored by: Absolight
Notes:
svn path=/head/; revision=417767
|
| |
|
|
| |
Notes:
svn path=/head/; revision=417763
|
| |
|
|
| |
Notes:
svn path=/head/; revision=417762
|
| |
|
|
| |
Notes:
svn path=/head/; revision=417748
|
| |
|
|
|
|
|
| |
- Crypt::OpenSSL::RSA was missing
Notes:
svn path=/head/; revision=417746
|
| |
|
|
|
|
|
|
|
| |
Perl extension to OpenSSL's PKCS10 API.
WWW: http://search.cpan.org/dist/Crypt-OpenSSL-PKCS10/
Notes:
svn path=/head/; revision=417745
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Crypt::LE provides the functionality necessary to use Let's Encrypt
API and generate free SSL certificates for your domains. It can
also be used to generate RSA keys and Certificate Signing Requests
or to revoke previously issued certificates. Crypt::LE is shipped
with a self-sufficient client for obtaining SSL certificates -
le.pl.
The client supports 'http' and 'dns' domain verification out of the box.
WWW: http://search.cpan.org/dist/Crypt-LE/
Notes:
svn path=/head/; revision=417741
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Port Changes:
- password-save option is always on now, no longer optional
- LibreSSL has been renamed mbed TLS
Upstream Changes:
- Implement --push-remove option to remove options pushed by server
- Use mbedTLS 2.x now, instead of PolarSSL 1.x
PR: 210259
Submitted by: ecrist@secure-computing.net (maintainer)
Notes:
svn path=/head/; revision=417735
|
| |
|
|
|
|
|
|
|
|
|
| |
PR: 210529
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D6936
Notes:
svn path=/head/; revision=417719
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following variables have been folded into arguments:
- USE_PHPIZE -> USES=php:phpize
- USE_PHPEXT -> USES=php:ext
- USE_ZENDEXT -> USES=php:zend
- USE_PHP_BUILD -> USES=php:build
- WANT_PHP_CLI -> USES=php:cli
- WANT_PHP_CGI -> USES=php:cgi
- WANT_PHP_MOD -> USES=php:mod
- WANT_PHP_WEB -> USES=php:web
- WANT_PHP_EMB -> USES=php:embed
PR: 210529
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D6936
Notes:
svn path=/head/; revision=417717
|
| |
|
|
| |
Notes:
svn path=/head/; revision=417710
|
| |
|
|
| |
Notes:
svn path=/head/; revision=417705
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The last change submitted or approved by Horia in Bugzilla dates back to
September 2015. Since then, all commits to his ports were landed by others
after the maintainer timeout period expired (see r383744, r405055, r405057,
r400461 and r414655, for example).
Horia did show interest in coming back after I sent a private email a few
months ago, but since nothing has changed it is better to reassign his ports
back to the heap.
Differential Revision: https://reviews.freebsd.org/D5980
Notes:
svn path=/head/; revision=417703
|
| |
|
|
|
|
|
|
| |
PR: 210646
Submitted by: yuri@rawbw.com
Notes:
svn path=/head/; revision=417691
|
| |
|
|
|
|
|
|
| |
PR: 210646
Submitted by: yuri@rawbw.com
Notes:
svn path=/head/; revision=417690
|
| |
|
|
|
|
|
|
|
| |
PR: 210474
Submitted by: jbeich
With hat: portmgr-secretary
Notes:
svn path=/head/; revision=417685
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- fixed a bug where, when the user authenticates successfully as root,
only the user's effective user id (euid) becomes zero (0).
This leads to file permission errors when performing upgrades or
other file-oriented operations.
- introduced gmake as a dependency as it is needed to process upstream's
makefile.
PR: 210596
Submitted by: jsmith@resonatingmedia.com (maintainer)
Notes:
svn path=/head/; revision=417675
|
| |
|
|
| |
Notes:
svn path=/head/; revision=417668
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a qa hint about needing, or not, USES=ssl.
Fix ports doing silly things, like including bsd.openssl.mk directly.
PR: 210322
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight
Differential Revision: https://reviews.freebsd.org/D6866
Notes:
svn path=/head/; revision=417651
|
| |
|
|
|
|
|
| |
Tool for configuring your PIV-enabled YubiKey.
Notes:
svn path=/head/; revision=417646
|
