aboutsummaryrefslogtreecommitdiff
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
* For ports in `security' category: remove redundant PKGMESSAGE assignment,Alexey Dokuchaev2018-05-054-5/+0
| | | | | | | | which is set appropriately by the b.p.m when `pkg-message' appears on the SUB_FILES list. Notes: svn path=/head/; revision=469113
* - Sort the knobs for better readabilityAlexey Dokuchaev2018-05-051-5/+4
| | | | | | | - Remove redundant PKGMESSAGE assignment Notes: svn path=/head/; revision=469112
* Update to 1.10Kirill Ponomarev2018-05-043-6/+7
| | | | | | | | PR: 227972 Submitted by: maintainer Notes: svn path=/head/; revision=469038
* Update plasma5-kwallet-pam with security fixes released today.Adriaan de Groot2018-05-043-0/+342
| | | | | | | | | | | | | | https://www.kde.org/info/security/advisory-20180503-1.txt CVE-2018-10380 The patches are taken from the git commits referred to in the security notice, hence the unusual naming. Approved by: tcberner (mentor, implicit) Security: 83a548b5-4fa5-11e8-9a8e-001e2a3f778d Notes: svn path=/head/; revision=469032
* Security notice regarding kwallet-pam (KDE Plasma5).Adriaan de Groot2018-05-041-0/+30
| | | | | | | | | | | | | https://www.kde.org/info/security/advisory-20180503-1.txt The port is not built by default through the regular KDE packages, and has been in the ports tree only a week; the impact is expected to be low. Approved by: tcberner (mentor, implicit) Notes: svn path=/head/; revision=469031
* Update to 0.060.Vanilla I. Shu2018-05-042-4/+4
| | | | Notes: svn path=/head/; revision=469030
* Update gnupg to 2.2.7Adam Weinberger2018-05-042-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also, remove unnecessary USE_LDCONFIG. * gpg: New option --no-symkey-cache to disable the passphrase cache for symmetrical en- and decryption. * gpg: The ERRSIG status now prints the fingerprint if that is part of the signature. * gpg: Relax emitting of FAILURE status lines * gpg: Add a status flag to "sig" lines printed with --list-sigs. * gpg: Fix "Too many open files" when using --multifile. [#3951] * ssh: Return an error for unknown ssh-agent flags. [#3880] * dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL caches under Windows. [#2448,#3923] * dirmngr: Fix a CNAME problem with pools and TLS. Also use a fixed mapping of keys.gnupg.net to sks-keyservers.net. [#3755] * dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours). * dirmngr: Fallback to CRL if no default OCSP responder is configured. * dirmngr: Implement CRL fetching via https. Here a redirection to http is explictly allowed. * dirmngr: Make LDAP searching and CRL fetching work under Windows. This stopped working with 2.1. [#3937] * agent,dirmngr: New sub-command "getenv" for "getinfo" to ease debugging. Notes: svn path=/head/; revision=469025
* Update to the latest MIT KRB5 development commit on github.Cy Schubert2018-05-043-5/+6
| | | | Notes: svn path=/head/; revision=469008
* Update 1.15.2 --> 1.15.3Cy Schubert2018-05-042-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Major changes in 1.15.3 (2018-05-03) ==================================== This is a bug fix release. * Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730]. * Fix a KDC PKINIT memory leak. * Fix a small KDC memory leak on transited or authdata errors when processing TGS requests. * Fix a null dereference when the KDC sends a large TGS reply. * Fix "kdestroy -A" with the KCM credential cache type. * Fix the handling of capaths "." values. * Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection). Notes: svn path=/head/; revision=469007
* Update 1.16 --> 1.16.1Cy Schubert2018-05-042-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Major changes in 1.16.1 (2018-05-03) ==================================== This is a bug fix release. * Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730]. * Fix a KDC PKINIT memory leak. * Fix a small KDC memory leak on transited or authdata errors when processing TGS requests. * Fix a regression in pkinit_cert_match matching of client certificates containing Microsoft UPN SANs. * Fix a null dereference when the KDC sends a large TGS reply. * Fix "kdestroy -A" with the KCM credential cache type. * Allow validation of Microsoft PACs containing enterprise names. * Fix the handling of capaths "." values. * Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection). Notes: svn path=/head/; revision=469006
* Bump PORTREVISION on *-sbcl ports after lang/sbcl upgrade.Kirill Ponomarev2018-05-041-1/+1
| | | | Notes: svn path=/head/; revision=469005
* - Add XMSS option to enable experimental key support added in 7.7 [1]Bryan Drewery2018-05-036-2/+157
| | | | | | | | | | | | | | | | | | - Bring in upstream patches post 7.7 to fix various issues [2]: b81b2d120e9c8a83489e241620843687758925ad - Fix tunnel forwarding broken in 7.7p1 341727df910e12e26ef161508ed76d91c40a61eb - don't kill ssh-agent's listening socket entriely if we fail to accept a connection 85fe48fd49f2e81fa30902841b362cfbb7f1933b - don't free the %C expansion, it's used later for LocalCommand 868afa68469de50d8a43e5daf867d7c624a34d20 - Disable SSH2_MSG_DEBUG messages for Twisted Conch clients f5baa36ba79a6e8c534fb4e0a00f2614ccc42ea6 - Omit 3des-cbc if OpenSSL built without DES PR: 227758 [1] Submitted by: IWAMOTO Kouichi <sue@iwmt.org> [1] PR: 227551 [2] Reported by: rozhuk.im@gmail.com [2] Obtained from: upstream mirror https://github.com/openssh/openssh-portable [2] Notes: svn path=/head/; revision=468998
* Add --rundir definition to CONFIGURE_ARGS to make sure configure script usesRenato Botelho2018-05-031-2/+3
| | | | | | | | | | | /var/run/sudo. Without it, on a system that has /run directory, configure will by default define rundir to /run/sudo Reported by: Walter Schwarzenfeld <w.schwarzenfeld@utanet.at> Sponsored by: Rubicon Communications, LLC (Netgate) Notes: svn path=/head/; revision=468974
* Document multiple vulnerabilities in www/drupal7 and www/drupal8Jochen Neumeister2018-05-031-0/+33
| | | | Notes: svn path=/head/; revision=468972
* Update to 0.24.0Sunpoet Po-Chuan Hsieh2018-05-0315-43/+43
| | | | | | | | Changes: https://github.com/certbot/certbot/blob/master/CHANGELOG.md https://github.com/certbot/certbot/milestones?state=closed Notes: svn path=/head/; revision=468967
* Update KDE Plasma Desktop to 5.12.5Tobias C. Berner2018-05-033-9/+9
| | | | | | | Submitted by: lwhsu Notes: svn path=/head/; revision=468941
* Fix PLIST without LDAPRenato Botelho2018-05-032-1/+2
| | | | | | | | | PR: 227926 Reported by: O. Hartmann Sponsored by: Rubicon Communications, LLC (Netgate) Notes: svn path=/head/; revision=468922
* Update to 0.6.David Thiel2018-05-022-4/+6
| | | | | | | | PR: 227797 Submitted by: Kai Notes: svn path=/head/; revision=468860
* Update to version 1.26Steven Kreuzer2018-05-023-19/+7
| | | | | | | Define LICENSE Notes: svn path=/head/; revision=468836
* Update security/sudo to 1.8.23Renato Botelho2018-05-024-213/+7
| | | | | | | | | PR: 227900 Submitted by: Yasuhiro KIMURA <yasu@utahime.org> Sponsored by: Rubicon Communications, LLC (Netgate) Notes: svn path=/head/; revision=468828
* security/sqlmap: update to 1.2.4Ruslan Makhmatkhanov2018-05-022-4/+4
| | | | Notes: svn path=/head/; revision=468824
* Document vulnerabilities in gitlab for several versions.Matthias Fechner2018-05-021-0/+30
| | | | | | | | | Reviewed by: eugen_grosbein.net, tz (mentor) Approved by: eugen_grosbein.net, tz (mentor) Differential Revision: https://reviews.freebsd.org/D15248 Notes: svn path=/head/; revision=468819
* Remove expired ports:Rene Ladan2018-05-015-212/+0
| | | | | | | | 2018-04-30 databases/rubygem-seed-fu236: Obsoleted by update of www/gitlab. Please use databases/rubygem-seed-fu 2018-04-30 security/polarssl13: has reached end of life Notes: svn path=/head/; revision=468781
* gopass is a rewrite of the pass password manager in Go with the aimKirill Ponomarev2018-05-014-0/+48
| | | | | | | | | | of making it cross-platform and adding additional features. PR: 227845 Submitted by: Sascha Holzleiter <sascha@root-login.org> Notes: svn path=/head/; revision=468769
* - Add LICENSE_FILEDmitry Marakasov2018-05-011-1/+3
| | | | | | | | | | - Add NO_ARCH - Switch to new test framework Approved by: portmgr blanket Notes: svn path=/head/; revision=468757
* Document free-after-use issue in chromium before 66.0.3359.139Thomas Zander2018-04-301-0/+30
| | | | | | | | Submitted by: Tommi Pernila <tommi.pernila@iki.fi> via e-mail Security: CVE-2018-6118 Notes: svn path=/head/; revision=468740
* Update to 0.30.1Sunpoet Po-Chuan Hsieh2018-04-302-4/+4
| | | | | | | Changes: https://gitlab.com/m2crypto/m2crypto/blob/master/CHANGES Notes: svn path=/head/; revision=468715
* www/nextcloud: PHP-flavorizeBernard Spil2018-04-303-6/+9
| | | | | | | | | | | | - Create flavors for all PHP versions - Use releases dir (not pre-) PR: 227510 Approved by: mat Differential Revision: https://reviews.freebsd.org/D15235 Notes: svn path=/head/; revision=468708
* security/signify: Cleanup keysTobias Kortkamp2018-04-3015-39/+1
| | | | | | | | | | | | - OpenBSD 6.1 is unsupported now, so retire its keys - Only keep the base keys and remove the rest. All other keys are useless on FreeBSD. Reported by: tj@mrsk.me Notes: svn path=/head/; revision=468685
* security/libressl: Use -pthreadBernard Spil2018-04-302-2/+2
| | | | | | | Reported by: jbeich, eadler Notes: svn path=/head/; revision=468674
* security/dehydrated: Restore ZSH and BASH options because they make scripts ↵Yuri Victorovich2018-04-302-16/+23
| | | | | | | | | | | | | to use these shells The options were deleted mistakenly in the previous commit. Additionally, moved plist into pkg-plist file, and added @sample instructions for relevant samples. PR: 227848 Reported by: Sascha Holzleiter <sascha@root-login.org> (maintainer) Notes: svn path=/head/; revision=468669
* security/dehydrated: Update 0.6.1-7 -> 0.6.2Yuri Victorovich2018-04-292-27/+13
| | | | | | | | | | | | | | Port changes: * Add bash to RUN_DEPENDS * Remove BASH and ZSH options as per PHB * Change PORTDOCS to * for simplicity * Silence some commands PR: 227848 Submitted by: Sascha Holzleiter <sascha@root-login.org> (maintainer) Notes: svn path=/head/; revision=468668
* security/libressl: Force linking libthrBernard Spil2018-04-291-0/+2
| | | | | | | - Fixes problems with loading private ssh keys Notes: svn path=/head/; revision=468626
* security/libressl-devel: Fix AES-NI accelerationBernard Spil2018-04-292-1/+21
| | | | | | | - As implemented in non-devel Notes: svn path=/head/; revision=468625
* - Update to 1.1Ashish SHUKLA2018-04-293-4/+6
| | | | | | | - Add pkg-message for information regarding new experimental rclone backend Notes: svn path=/head/; revision=468619
* Fix phase 1 initiation in the racoon daemon after base system change r285204Eugene Grosbein2018-04-292-1/+65
| | | | | | | | | PR: 192774, 222065 Submitted by: Andreas Longwitz <longwitz@incore.de> Approved by: VANHULLEBUS Yvan (maintainer, implicitly) Notes: svn path=/head/; revision=468617
* Update to 1.9.2Sunpoet Po-Chuan Hsieh2018-04-282-4/+4
| | | | | | | Changes: https://github.com/nov/rack-oauth2/commits/master Notes: svn path=/head/; revision=468589
* security/libressl: Add version.mk changeBernard Spil2018-04-281-1/+1
| | | | Notes: svn path=/head/; revision=468574
* security/libressl: Update to 2.7.2Bernard Spil2018-04-283-20/+276
| | | | | | | | - Most important ports are compatible, see https://wiki.freebsd.org/LibreSSL/2.7 for more info Notes: svn path=/head/; revision=468572
* Update KDE Applications to 18.04.0Tobias C. Berner2018-04-286-18/+18
| | | | | | | * Pin multimedia/kdelive at 17.12.3 until we import the mlt update from the dev-repo. Notes: svn path=/head/; revision=468558
* security/afl: switch to llvm60Jan Beich2018-04-271-2/+2
| | | | Notes: svn path=/head/; revision=468504
* Import the KDE Plasma5 portsTobias C. Berner2018-04-2715-1/+352
| | | | | | | | | | | | | | | | | | | | This is an import of the Plasma5 ports that we have had in the development repository for quite some time now. Please note: * Plasma5 cannot be installed at the same time as KDE SC4. * Qt5 assumes /etc/localtime to be a symlink to a tz file, not a regular file. * To start plasma5, it is recommended to use something like exec ck-launch-session startkde * Powermanagement and such is not working :-) I would like to thank all the people that have helped test it in the past years. Reviewed by: adridg Differential Revision: https://reviews.freebsd.org/D15096 Notes: svn path=/head/; revision=468495
* Update to 0.30.0Sunpoet Po-Chuan Hsieh2018-04-272-4/+4
| | | | | | | Changes: https://gitlab.com/m2crypto/m2crypto/blob/master/CHANGES Notes: svn path=/head/; revision=468457
* Update to 3.17.1Antoine Brodin2018-04-272-4/+4
| | | | Notes: svn path=/head/; revision=468424
* Update to 1.2.0.6Antoine Brodin2018-04-272-4/+4
| | | | Notes: svn path=/head/; revision=468420
* security/libressl: Bump portrevisionBernard Spil2018-04-271-0/+1
| | | | | | | | | - Everybody deserves AES-NI off-load Reported by: adamw Notes: svn path=/head/; revision=468414
* Update KDE Frameworks to 5.45.0Tobias C. Berner2018-04-261-3/+3
| | | | | | | | PR: 227512 Exp-run by: antoine Notes: svn path=/head/; revision=468380
* Update to 1.8.0Sunpoet Po-Chuan Hsieh2018-04-262-4/+4
| | | | | | | Changes: https://github.com/onelogin/ruby-saml/releases Notes: svn path=/head/; revision=468374
* Add new port: security/teleportSean Chittenden2018-04-266-0/+145
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Gravitational Teleport ("Teleport") is a modern SSH server for remotely accessing clusters of FreeBSD or Linux servers via SSH or HTTPS. It is intended to be used instead of sshd. Teleport enables teams to easily adopt the best SSH practices like: - Integrated SSH credentials with your organization Google Apps identities or other OAuth identitiy providers. - Teleport uses certificate-based access with automatic expiration time - Enforcement of 2nd factor authentication - Cluster introspection: every Teleport node becomes a part of a cluster and is visible on the Web UI - Record and replay SSH sessions for knowledge sharing and auditing purposes - Collaboratively troubleshoot issues through session sharing - Connect to clusters located behind firewalls without direct Internet access via SSH bastions Teleport is built on top of the high-quality Golang SSH implementation and it is compatible with OpenSSH. Initially submitted by: staticwizard@hotmail.com in ports/219332 PR: ports/219332 Approved by: swills (mentor) Reviewed by: yuri, swills, pi Differential Revision: https://reviews.freebsd.org/D14576 Notes: svn path=/head/; revision=468360
* Document vulnerabilities in quassel before 0.12.5Ben Woods2018-04-261-0/+47
| | | | | | | Security: https://vuxml.freebsd.org/freebsd/499f6b41-58db-4f98-b8e7-da8c18985eda.html Notes: svn path=/head/; revision=468346
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-04 23:46:47 +0000