aboutsummaryrefslogtreecommitdiff
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
* security/openssl-devel: Security update to 3.0.1Bernard Spil2021-12-202-5/+6
| | | | | | Security: 0132ca5b-5d11-11ec-8be6-d4c9ef517024 MFH: 2021Q4 (cherry picked from commit 2b095f9a257a5916bf2e55094ad43e4e8f632c80)
* security/suricata: Update to 6.0.4Franco Fichtner2021-12-145-180/+41
| | | | | | | | | | | | While here pet portfmt. Changes: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 PR: 260250 Approved by: 0mp (mentor) MFH: 2021Q4 Differential Revision: https://reviews.freebsd.org/D33335 (cherry picked from commit 3571a07d68b7dbce0e19619e135fb76766c7af12)
* security/openvpn: sort OPTIONS_{DEFAULT|DEFINE}Matthias Andree2021-12-121-3/+3
| | | | (cherry picked from commit 42d73509241dbede9fb29d56683188fa4a1b2872)
* security/openvpn: deprecate tunnelblickMatthias Andree2021-12-122-6/+23
| | | | | | While here, shorten LZO_DESC to fit 80x24 dialogs. (cherry picked from commit bedfd042b988444cb311f477d5cf1e4457ead29f)
* security/openvpn: re-enable mbedTLS buildMatthias Andree2021-12-111-4/+4
| | | | | | | | | | | ...now that mbedTLS metadata was fixed to show the actual situation for mbedTLS 2.x.y, that it's either Apache License 2.0, or GNU General Public License 2.0 or any later version. While here, also mark the main port with mbedTLS option enabled to record it's going to lose the mbedTLS option end of March 2022. (cherry picked from commit d02b0675d0630a9ac66617becd9f9cfbbca9c524)
* security/mbedtls: fix LICENSE (dual with GPLv2+)Matthias Andree2021-12-111-2/+4
| | | | | | | | | | "Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the Apache License 2.0, or the GNU General Public License v2.0 or later (SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later)." Approved by: portmgr@ (blanket metadata change approval) (cherry picked from commit cd08d6c7ed39147df7ed9beef9536c9c5151ac01)
* security/openvpn: license incompat mbedTLS, LZO+LibreSSLMatthias Andree2021-12-111-3/+26
| | | | | | | | | | | | | | | | | | | | After reviewing licenses again, - mark mbedTLS broken for now, since it uses the Apache License 2.0, which is incompatible with the GPLv2 (OpenVPN does not employ the "or any later version" escape hatch). This will be handed to the OpenVPN-devel mailing list for review. - block out the combination of LZO with LibreSSL, since OpenVPN only has a linking exception for OpenSSL itself. Remedy is to either forgo LibreSSL, or to disable the LZO option, which requires proper configuration on either end. The maintainer's recommendation is to compile with OpenSSL instead. Bump PORTREVISION in spite of unchanged contents to flush out old packages. MFH: 2021Q4 (cherry picked from commit 5cc978dcfe58a52b9a163e080d855b022ac22545)
* security/nmap: Make PCAP option non-defaultCy Schubert2021-12-101-2/+2
| | | | | | | All supported versions of FreeBSD provide pcap support. Disable the PCAP option by default. (cherry picked from commit cb950ffff2e18ff8148ae10ac010b000b926739c)
* security/nmap: PCAP option conflicts with pcap in 14-CURRENT baseCy Schubert2021-12-101-0/+6
| | | | | | | PCAP option conflicts with pcap in 14-CURRENT base. Mark the option BROKEN. (cherry picked from commit b1dcaf64da857d32153590fed40804f460da9bb9)
* security/nss: update to 3.73Jan Beich2021-12-052-4/+4
| | | | | | | | Changes: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/vy9284s8APM Changes: https://hg.mozilla.org/projects/nss/shortlog/NSS_3_73_RTM Reported by: Repology (cherry picked from commit 41fa14b53804ce4c79b5a88d902031fe0803aadf)
* security/p5-Crypt-JWT: Update to 0.034Sergei Vyshenski2021-12-022-4/+4
| | | | | | | | | | Ensure payload is serialized consistently (canonical). PR: 260112 Approved by: philip (mentor) Differential Revision: https://reviews.freebsd.org/D33201 (cherry picked from commit 552c9a7e733839fac305715b7dbde0b33f53933f)
* security/nss: update to 3.72Jan Beich2021-11-292-4/+4
| | | | | | Changes: https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.72_release_notes Changes: https://hg.mozilla.org/projects/nss/shortlog/NSS_3_72_RTM (cherry picked from commit c8c0edf0cae2490970ea899e49223c3ae01fac5a)
* security/cyrus-sasl2-gssapi: remove patch-plugins_gssapi.cHajimu UMEMOTO2021-11-282-118/+1
| | | | | | | | | PR: 260017 Reported by: Michael Osipov Discussed with: hrs MFH: 2021Q4 (cherry picked from commit 17b54ce763286be358fae69961f5fb1a670c614c)
* www/py-pyjwt: Rename to www/py-pyjwt1Goran Mekic2021-11-242-3/+5
| | | | | | | | To make it possible to easily import py-pyjwt v2.x move the current port to a versioned directory. Bump consumers after rename of the dependency. PR: 254038 (cherry picked from commit e6ec12f6646f71fe84268d21f3a6901191ebf60e)
* */lxqt*: Update WWWLi-Wen Hsu2021-11-162-2/+2
| | | | (cherry picked from commit 988c8752f06ed079d9f8a2c2671eae8fea9e389f)
* security/p5-Mcrypt: Fix link issue and miscellaneous cleanupTatsuki Makino2021-11-153-6/+10
| | | | | | | | | | | | | * Fix issue that Mcrypt.so is linked with libltdl.so if the port is build under the environment where devel/libltdl is installed * Add TIMESTAMP to distinfo * Switch to DISTVERSION * Regenerate pkg-plist with `make makeplist` * Pet portlint and portclippy PR: 259210 MFH: 2021Q4 (cherry picked from commit e6a10825e4a359c04e254766107ac4769ea60bd1)
* security/clamav-lts: Fix plist errorYasuhiro Kimura2021-11-081-3/+3
| | | | | | | | | | | | Fix plist error when user sets CLAMAVUSER to non-default value. This is direct commit to 2021Q4 branch as the commit that causes plist error is also direct one. PR: 259663 Reported by: ml at netfence dot it Fixes: 2da7ca992591 (security/clamav: Update to new bugfix release 0.103.4) Approved by: fluffy (ports-secteam)
* security/mailzu: Fix runtime error with recent PHPKrzysztof2021-11-054-28/+47
| | | | | | | | | * Pet portclippy * Re-format Makefile with portfmt PR: 241745 MFH: 2021Q4 (cherry picked from commit c99114e14f7c799db21764b80ef612e9763e0a61)
* security/clamav: Update to new bugfix release 0.103.4Yasuhiro Kimura2021-11-043-37/+124
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is direct commit to 2021Q4 branch. The reason that it is not MFH is as following. * On September upstream changed their release and support policy as following. - They release Regular Feature Release (= x.y.0 release) more frequently. And x.y.z releases are supported until 4 months after the release of x.(y+1).0. - To compensate for the short lifetime of Regular Feature Releases, Long Term Support (LTS) Feature Release is introduced. A new LTS Feature Release will be identified approximately every two years and be supported for at least three years from the initial publication date of that LTS feature version. * Version 0.103.3 was identified as first LTS Feature Release. * After 2021Q4 branch was created, on main brach security/clamav was updated to 0.104.0 and security/clamav-lts was added. * Version 0.104.0 is first Regular Feature Release that new upstream policy is applied. There are large chages between 0.103.3 and 0.104.0 as upstream refactored their code base. * On November 3rd new bugfix releases 0.104.1 and 0.103.4 were released. On main branch I already updated both security/clamav and security/clamav-lts to their latest releases. * As is exlained above lifetime of 0.104.x isn't so long and there is large difference between 0.103.x and 0.104.x. Furthermore there isn't security/clamav-lts in 2021Q4 branch that can be selected as alternative for those who look for longer lifetime. * So merging 0.104.x to 2021Q4 isn't appropriate in this case and I select to update security/clamav to 0.103.3. ReleaseNotes: https://blog.clamav.net/2021/11/clamav-01034-and-01041-patch-releases.html PR: 259641 Approved by: fluffy (ports-secteam@)
* security/openvpn: create and use dedicated openvpn userMatthias Andree2021-11-015-9/+87
| | | | | | | | | (two commits squashed for clarity) PR: 259384 (cherry picked from commit bb6ec079c50dc6f45700dd5897b35f66a19ee51c) (cherry picked from commit 89d9e9320aff2d4c61be4c7dfa1b6829717bd034)
* security/openvpn: bugfix update to 2.5.4Matthias Andree2021-11-013-5/+6
| | | | | | | | adds openvpn-examples(5) manual page Changelog: https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-254 (cherry picked from commit cf4dd6bbfe80d93a23f2f7d140ed5dd764d13e96)
* security/p5-openxpki: Fix shebang related bugsSergei Vyshenski2021-11-012-7/+7
| | | | | | | | | * Update CONFLICTS * Update pkg-message PR: 259000 MFH: 2021Q4 (cherry picked from commit 7e96b5f51e6be90611ac7828980e61f31998e07b)
* security/tor: Update 0.4.6.7 -> 0.4.6.8Yuri Victorovich2021-10-292-4/+4
| | | | | Changelog: https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.6.8 (cherry picked from commit 0c3ad9597bc1a27a3e712b4efeb1aa5dc1af772f)
* security/tor-devel: Update 0.4.7.1-alpha -> 0.4.7.2-alphaNeel Chauhan2021-10-292-4/+4
| | | | | | | Changelog: https://gitweb.torproject.org/tor.git/plain/ChangeLog?h=tor-0.4.7.2-alpha PR: 259531 (cherry picked from commit a58a309a102b6d2994437149e4c198bae330c5e1)
* security/sssd: Fix installation with automake 1.16.4Tijl Coosemans2021-10-271-4/+13
| | | | | | | | | | Patch the configure script so it evaluates a variable that uses PYTHON_PREFIX (since automake 1.16.4) before PYTHON_PREFIX is unset. PR: 258898 Approved by: maintainer timeout (2 weeks) (cherry picked from commit b07a361a29711f26c51b24b433662baa37648194)
* security/py-fail2ban: Add upstream patch to fix possible RCE vulnerabilityYasuhiro Kimura2021-10-272-15/+169
| | | | | | | | | | | | | | | | * Switch to DISTVERSION * Pet portclippy * Reformat Makefile with portfmt PR: 259297 Approved by: maintainer Obtained from: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 MFH: 2021Q4 Security: CVE-2021-32749 Security: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm Differential Revision: https://reviews.freebsd.org/D32576 (cherry picked from commit 644e5b65b9503bed420885c9fefc8b3941dd009d)
* */*: Revert "*/*: Make rails 6.1.3 available"Matthias Fechner2021-10-275-34/+1
| | | | | | | | | This reverts commit f4511dc4a7c439b30c898b75246d314a574f01cb. Add MOVED entries. These ports are not required anymore as gitlab 14.4.0 has upgrade now to rails 6.1.4.1. (cherry picked from commit 4a7e890e91522896eb83f1c2f278ce0414175333)
* security/strongswan: Update to 5.9.4Dani2021-10-202-6/+6
| | | | | | | | | | | | | | Security & Bugfix Update to 5.9.4: - Changelog: https://github.com/strongswan/strongswan/releases/tag/5.9.4 - While here change repos to https - Fix CVE-2021-41990: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html - Fix CVE-2021-41991: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html PR: 259267 Approved by: strongswan@Nanoteq.com (maintainer) MFH: 2021Q4 (cherry picked from commit eead2ddf757a4e9f50eedd1680f3b62e6a16aaef)
* security/openssh-portable: Bring in patch for CVE-2021-41617Bryan Drewery2021-10-123-1/+52
| | | | Obtained from: OpenSSH-portable git
* security/py-cryptography: support LibreSSL 3.4.0Charlie Li2021-10-057-103/+98
| | | | | | | | | | | | Merged upstream as https://github.com/pyca/cryptography/pull/6360 and backported to this version. While here, remove remaining FreeBSD 11 cruft Approved by: fluffy (mentor), koobs (implicit: MAINTAINER_POLICY) Differential Revision: https://reviews.freebsd.org/D32281 (cherry picked from commit 5b57210d0d0a7d74c9f8b4895907b34f2f34473d)
* */*: Make rails 6.1.3 availableMatthias Fechner2021-10-055-1/+35
| | | | | | | The upgrade of rails to 6.1.4 broke www/gitlab-ce. PR: 258855 (cherry picked from commit f4511dc4a7c439b30c898b75246d314a574f01cb)
* security/sshguard: Fix memset() off-by-oneKevin Zheng2021-10-042-0/+12
| | | | | | | | | | | This bug causes a stack overflow (and crash due to failed stack check) when certain IPv6 addresses are whitelisted on i386. PR: 258179 Reported by: John Marshall <john@jmarshall.id.au> MFH: 2021Q4 (cherry picked from commit c3381bf4d961159f4903f573c7f01fae85ad5a18)
* security/libressl: Update to 3.3.5Bernard Spil2021-10-032-4/+4
| | | | | | | * Fixes issues with LetsEncrypt DST Root X3 expiry MFH: 2021Q4 (cherry picked from commit 13cf9e281a81d2592549630020c2a3e984a77137)
* security/nss: update to 3.71Jan Beich2021-10-032-4/+4
| | | | | Changes: https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.71_release_notes Changes: https://hg.mozilla.org/projects/nss/shortlog/NSS_3_71_RTM
* security/helib: Update 2.2.0 -> 2.2.1Yuri Victorovich2021-10-022-4/+4
| | | | Reported by: portscout
* security/ssl-admin: Fetch from GitHubStefan Eßer2021-10-023-8/+17
| | | | | | | | In addition to fetching from GitHub the order of definitions in the port Makefile has been normalized, @sample tags are now used in the pkg-plist file, and the BSD3CLAUSE style LICENSE file is included in the generated package. Approved by: ecrist@secure-computing.net (maintainer)
* *: Chase new major version (29) of editors/emacs-develJoseph Mingrone2021-10-011-1/+1
| | | | Differential Revision: https://reviews.freebsd.org/D32258
* security/honeytrap: Update to g20210510Mikael Urankar2021-10-0112-133/+24
| | | | | | | | | | | - Update to g20210510 - Update license information - Split long lines - Add HONEYTRAP_LOGDIR PR: 258245 Reported by: Borja Marcos Approved by: maintainer timeout
* security/vuxml: Document mediawiki's multiple vulnerabilitiesWen Heping2021-10-011-0/+44
|
* security/tor-devel: Update 0.4.6.4-rc -> 0.4.7.1-alphaNeel Chauhan2021-10-012-4/+4
| | | | PR: 258826
* security/erlang-fast_tls: update to 1.1.13Dave Cottlehuber2021-09-304-13/+16
| | | | - support OTP24
* cleanup: drop support for EOL FreeBSD 11.XRene Ladan2021-09-3027-93/+10
| | | | | | | | | | | | | | | | | Search criteria used: - 11.4 - OSREL* - OSVER* - *_FreeBSD_11 Input from: - adridg: devel/qca-legacy - jbeich: _WITH_DPRINTF, _WITH_GETLINE, GNU bfd workarounds - sunpoet: security/p5-*OpenSSL* Reviewed by: doceng, kde, multimedia, perl, python, ruby, rust Differential Revision: https://reviews.freebsd.org/D32008 Test Plan: make index
* security/vuxml: add www/chromium < 94.0.4606.71Rene Ladan2021-09-301-0/+41
| | | | Obtained from: https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html
* cleanup: Remove expired ports:Rene Ladan2021-09-308-92/+0
| | | | | | | | | | | | | | devel/erlang-exmpp: last upstream patches over 10 years ago sysutils/showbeastie: Broken on FreeBSD 12 and above since 2018 2021-09-30 www/squid3: Unsupported by upstream 2021-09-30 sysutils/cfengine310: OpenSSL 1.1.X is not supported. 2021-09-30 security/py-paramiko1: Out of date version. No consumer now. Use security/py-paramiko 2021-09-30 sysutils/cfengine-masterfiles310: cfengine310 will retire at FreeBSD 11 EOL 2021-09-30 security/openca-tools-forked: Use modern port security/libscep instead 2021-09-30 multimedia/sms1xxx-kmod: Supports DVB API v3 only. Use multimedia/webcamd instead 2021-09-30 sysutils/cfengine311: OpenSSL 1.1.X is not supported. 2021-09-30 sysutils/cfengine-masterfiles311: cfengine311 will retire at FreeBSD 11 EOL 2021-09-30 mail/postfix35: It is only here until FreeBSD 11 is EoL (Postfix >= 3.6 requires OpenSSL >= 1.1.x)
* security/vuxml: Document gitlab vulnerabilitiesMatthias Fechner2021-09-301-0/+77
|
* security/vuxml: Fix entry 7062bce0-1b17-11ec-9d9d-0022489ad614Li-Wen Hsu2021-09-301-1/+1
| | | | | | | This should also fix vuxml build. PR: 258802 Sponsored by: The FreeBSD Foundation
* security/rubygem-doorkeeper-rails50: Add CPE informationBernhard Froehlich2021-09-301-1/+3
| | | | Approved by: portmgr (blanket)
* security/rubygem-doorkeeper-rails5: Add CPE informationBernhard Froehlich2021-09-301-1/+3
| | | | Approved by: portmgr (blanket)
* security/sudo: Update to 1.9.8p2Cy Schubert2021-09-302-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | Major changes between sudo 1.9.8p2 and 1.9.8p1: * Fixed a potential out-of-bounds read with "sudo -i" when the target user's shell is bash. This is a regression introduced in sudo 1.9.8. Bug #998. * sudo_logsrvd now only sends a log ID for first command of a session. There is no need to send the log ID for each sub-command. * Fixed a few minor memory leaks in intercept mode. * Fixed a problem with sudo_logsrvd in relay mode if "store_first" was enabled when handling sub-commands. A new zero-length journal file was created for each sub-command instead of simply using the existing journal file. PR: 258666 Submitted by: cy Reported by: cy Approved by: garga (maintainer) MFH: 2021Q3
* */*: Switch deps from rails 6.0 to 6.1Matthias Fechner2021-09-301-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-23 06:05:28 +0000