aboutsummaryrefslogtreecommitdiff
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
* security/nss: don't pull llvm40 on 10.* i386 if CPUTYPE is setJan Beich2017-12-141-1/+1
| | | | | | | Submitted by: mi Notes: svn path=/head/; revision=456313
* Add missing IGNORE_WITH_PHP for various pecl-ports.Torsten Zuehlsdorff2017-12-143-3/+3
| | | | | | | | | | | | | After testing every pecl-* port with PHP 5.6, 7.0, 7.1 and 7.2 i set the IGNORE_WITH_PHP accordingly to the fallout. PR: 222165 Reported by: brnd Approved by: portmgr (blanket) Differential Revision: https://reviews.freebsd.org/D13476 Notes: svn path=/head/; revision=456296
* Document GitLab VulnerabilityTorsten Zuehlsdorff2017-12-141-0/+45
| | | | | | | Security: https://vuxml.FreeBSD.org/freebsd/e72a8864-e0bc-11e7-b627-d43d7e971a1b.html Notes: svn path=/head/; revision=456287
* Add entry for CVE-2017-8819.Remko Lodder2017-12-141-0/+32
| | | | | | | | Requested by: Roger Marquis Hat: FreeBSD Security Team Notes: svn path=/head/; revision=456278
* Update to 0.38Sunpoet Po-Chuan Hsieh2017-12-132-4/+4
| | | | | | | Changes: http://search.cpan.org/dist/POE-Filter-SSL/Changes Notes: svn path=/head/; revision=456251
* - Add CVE names for old asterisk13 vulnerabilitiesGuido Falsi2017-12-131-1/+7
| | | | | | | - Fix typo Notes: svn path=/head/; revision=456232
* Document asterisk13 vulnerability.Guido Falsi2017-12-131-0/+29
| | | | Notes: svn path=/head/; revision=456231
* Snort 3 is the next major release of the Snort utility:Mark Felder2017-12-135-0/+259
| | | | | | | | | | | | | | | | | | | | | | | | | | | Here are some key features of Snort 3: Support multiple packet processing threads Use a shared configuration and attribute table Use a simple, scriptable configuration Make key components pluggable Autodetect services for portless configuration Support sticky buffers in rules Autogenerate reference documentation Provide better cross platform support Facilitate component testing Additional features on the roadmap include: Use a shared network map Support pipelining of packet processing Support hardware offload and data plane integration Support proxy mode Windows support WWW: http://www.snort.org/ Notes: svn path=/head/; revision=456230
* Update to pgpdump 0.32Johan van Selst2017-12-132-3/+6
| | | | Notes: svn path=/head/; revision=456221
* Document libxml2 issueSteve Wills2017-12-131-0/+40
| | | | Notes: svn path=/head/; revision=456209
* security/nextcloud-twofactor_totp: Update to 1.4.0Bernard Spil2017-12-133-170/+58
| | | | | | | Changelog: https://github.com/nextcloud/twofactor_totp/releases/tag/1.4.0 Notes: svn path=/head/; revision=456204
* - Fix build with boost 1.66Dmitry Marakasov2017-12-123-0/+38
| | | | | | | | PR: 224179 Reported by: jbeich@FreeBSD.org Notes: svn path=/head/; revision=456169
* security/vault: Update to 0.9.0Steve Wills2017-12-122-5/+5
| | | | | | | | PR: 224267 Submitted by: Dani <i.dani@outlook.com> Notes: svn path=/head/; revision=456166
* - Those ports fail to build with python3Antoine Brodin2017-12-122-2/+2
| | | | | | | - Add some explicit FLAVOR to dependencies where needed Notes: svn path=/head/; revision=456126
* security/libargon2: Add SONAME to shared libraryTorsten Zuehlsdorff2017-12-122-4/+18
| | | | | | | | | | | | Also add pkg-config file PR: 224190 222344 Submitted by: Christopher Hall (maintainer) Reported by: xxjack12xx@gmail.com Approved by: maintainer Notes: svn path=/head/; revision=456119
* Re-try ports affected by bug 193528 on powerpc* after r449590Jan Beich2017-12-121-2/+0
| | | | Notes: svn path=/head/; revision=456105
* Update devel/protobuf to 3.5.0Sunpoet Po-Chuan Hsieh2017-12-111-1/+1
| | | | | | | | | - Bump PORTREVISION for shlib change Changes: https://github.com/google/protobuf/releases Notes: svn path=/head/; revision=456058
* Fix version range in latest curl entry.Tijl Coosemans2017-12-111-2/+2
| | | | Notes: svn path=/head/; revision=456043
* Add linux-c7-curl to latest curl entry.Tijl Coosemans2017-12-111-0/+5
| | | | | | | Security: 301a01b7-d50e-11e7-ac58-b499baebfeaf Notes: svn path=/head/; revision=456041
* Bump PORTREVISION on *-sbcl ports after lang/sbcl upgrade.Kirill Ponomarev2017-12-111-1/+1
| | | | Notes: svn path=/head/; revision=456036
* Update to 1.02Sunpoet Po-Chuan Hsieh2017-12-112-4/+4
| | | | | | | Changes: http://search.cpan.org/dist/Digest-SHA3/Changes Notes: svn path=/head/; revision=455982
* security/libhijack: mark broken for 10.xSteve Wills2017-12-111-0/+2
| | | | | | | | PR: 224155 Submitted by: Shawn Webb <shawn.webb@hardenedbsd.org> (maintainer) (inspired by) Notes: svn path=/head/; revision=455925
* Mark as failing to compile on big-endian.Mark Linimon2017-12-111-0/+3
| | | | | | | Approved by: portmgr (tier-2 blanket) Notes: svn path=/head/; revision=455924
* - Those ports fail to build with python3Antoine Brodin2017-12-102-4/+4
| | | | | | | - Add some explicit FLAVOR to dependencies where needed Notes: svn path=/head/; revision=455913
* Audit base system against known vulnerabilities and generate reportsMark Felder2017-12-105-0/+254
| | | | | | | | | including references to security advisories. It uses pkg audit and Vuxml database as is used for packages but this script checks base system. Notes: svn path=/head/; revision=455902
* Document FreeBSD-SA-17:12.opensslMark Felder2017-12-101-0/+57
| | | | Notes: svn path=/head/; revision=455901
* document latest wireshark vulnerabilitiesChristoph Moench-Tegeder2017-12-101-0/+54
| | | | Notes: svn path=/head/; revision=455890
* - hotssh doesn't work with python3Antoine Brodin2017-12-091-13/+11
| | | | | | | | | - add explicit FLAVOR to dependencies (useful when using DEFAULT_VERSIONS=python=3.x) - fix shebang Notes: svn path=/head/; revision=455856
* py-cracklib fails to build with python3Antoine Brodin2017-12-091-1/+1
| | | | Notes: svn path=/head/; revision=455850
* - Add security/u2f-devd dependency to ensure the maintenance of the devd ↵Carlos J. Puga Medina2017-12-093-22/+2
| | | | | | | | | | | | | | | | | rulesets for U2F devices - Drop pkg-message.in because u2f-devd port provides it - Bump PORTREVISION libu2f-host installs /usr/local/etc/devd/u2f.conf.sample, but it only works on /dev/usb/*, doesn't touch /dev/uhid*. One of the requirements is that /dev/uhid* files should be readable/writable to the user who runs chromium. Notes: svn path=/head/; revision=455848
* security/u2f-devd: Devd hotplug rules for Universal 2nd Factor (U2F) tokensCarlos J. Puga Medina2017-12-095-0/+205
| | | | | | | | | | | Automatic device permission handling for Universal 2nd Factor (U2F) USB authentication tokens. PR: 224199 Submitted by: Greg V <greg@unrelenting.technology> Notes: svn path=/head/; revision=455847
* parano is not compatible with python3Antoine Brodin2017-12-091-1/+1
| | | | Notes: svn path=/head/; revision=455825
* gcipher is not compatible with python3Antoine Brodin2017-12-091-1/+1
| | | | Notes: svn path=/head/; revision=455822
* Fix version range of mail/procmailSunpoet Po-Chuan Hsieh2017-12-081-1/+2
| | | | | | | | PR: 223777 Submitted by: romain Notes: svn path=/head/; revision=455799
* Update */pear-Horde to the latest versionJochen Neumeister2017-12-086-12/+12
| | | | | | | | | | switch to DISTVERSION Approved by: tcberner (mentor) Differential Revision: https://reviews.freebsd.org/D13399 Notes: svn path=/head/; revision=455798
* security/py-{acme,certbot}: Update to 0.20.0Carlos J. Puga Medina2017-12-086-16/+16
| | | | | | | | | | | | | | | | Common: - Update PORTVERSION and distinfo checksum (0.20.0) - Regenerate patch Changelog: https://github.com/certbot/certbot/blob/master/CHANGELOG.md#0200---2017-12-06 Reviewed by: koobs (maintainer) Approved by: koobs (maintainer, py-certbot) Differential Revision: https://reviews.freebsd.org/D13410 Notes: svn path=/head/; revision=455779
* security/boringssl: update to new snapshotSteve Wills2017-12-072-5/+5
| | | | Notes: svn path=/head/; revision=455750
* security/openssl: Update to 1.0.2mBernard Spil2017-12-074-32/+52
| | | | | | | | | | | - Remove patch now included upstream - Include post-release patch for clang build error MFH: 2017Q4 Security: 3bb451fc-db64-11e7-ac58-b499baebfeaf Notes: svn path=/head/; revision=455706
* secuirty/vuxml: Document OpenSSL vulnerabilitiesBernard Spil2017-12-071-0/+53
| | | | Notes: svn path=/head/; revision=455705
* Document FreeBSD-SA-17:11.opensslMark Felder2017-12-061-0/+53
| | | | Notes: svn path=/head/; revision=455673
* Document FreeBSD-SA-17:10.kldstatMark Felder2017-12-061-0/+34
| | | | Notes: svn path=/head/; revision=455672
* Document FreeBSD-SA-17:09.shmMark Felder2017-12-061-0/+36
| | | | Notes: svn path=/head/; revision=455671
* Document FreeBSD-SA-17:08.ptraceMark Felder2017-12-061-0/+35
| | | | Notes: svn path=/head/; revision=455670
* Document FreeBSD-SA-17:07.wpaMark Felder2017-12-061-0/+38
| | | | Notes: svn path=/head/; revision=455669
* security/hitch: Add reload command to rc scriptMark Felder2017-12-062-1/+2
| | | | | | | | | Hitch properly handles SIGHUP MFH: 2017Q4 Notes: svn path=/head/; revision=455660
* Adjust expiry date.Cy Schubert2017-12-061-1/+1
| | | | | | | Reported by: Boris Samorodov <bsam@passap.ru> Notes: svn path=/head/; revision=455653
* www/nextcloud: Add WWW to all appsBernard Spil2017-12-062-0/+4
| | | | | | | Reported by: adamw Notes: svn path=/head/; revision=455649
* As per MIT policy, deprecate and expire twelve months followingCy Schubert2017-12-061-0/+3
| | | | | | | release of 1.16 (+ grace period to end of month). Notes: svn path=/head/; revision=455635
* Welcome the new security/krb5-116 port. This port follows MIT'sCy Schubert2017-12-0614-1/+561
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | KRB5 1.16 releases. Major changes in 1.16 (2017-12-05) ================================== Administrator experience: * The KDC can match PKINIT client certificates against the "pkinit_cert_match" string attribute on the client principal entry, using the same syntax as the existing "pkinit_cert_match" profile option. * The ktutil addent command supports the "-k 0" option to ignore the key version, and the "-s" option to use a non-default salt string. * kpropd supports a --pid-file option to write a pid file at startup, when it is run in standalone mode. * The "encrypted_challenge_indicator" realm option can be used to attach an authentication indicator to tickets obtained using FAST encrypted challenge pre-authentication. * Localization support can be disabled at build time with the --disable-nls configure option. Developer experience: * The kdcpolicy pluggable interface allows modules control whether tickets are issued by the KDC. * The kadm5_auth pluggable interface allows modules to control whether kadmind grants access to a kadmin request. * The certauth pluggable interface allows modules to control which PKINIT client certificates can authenticate to which client principals. * KDB modules can use the client and KDC interface IP addresses to determine whether to allow an AS request. * GSS applications can query the bit strength of a krb5 GSS context using the GSS_C_SEC_CONTEXT_SASL_SSF OID with gss_inquire_sec_context_by_oid(). * GSS applications can query the impersonator name of a krb5 GSS credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with gss_inquire_cred_by_oid(). * kdcpreauth modules can query the KDC for the canonicalized requested client principal name, or match a principal name against the requested client principal name with canonicalization. Protocol evolution: * The client library will continue to try pre-authentication mechanisms after most failure conditions. * The KDC will issue trivially renewable tickets (where the renewable lifetime is equal to or less than the ticket lifetime) if requested by the client, to be friendlier to scripts. * The client library will use a random nonce for TGS requests instead of the current system time. * For the RC4 string-to-key or PAC operations, UTF-16 is supported (previously only UCS-2 was supported). * When matching PKINIT client certificates, UPN SANs will be matched correctly as UPNs, with canonicalization. User experience: * Dates after the year 2038 are accepted (provided that the platform time facilities support them), through the year 2106. * Automatic credential cache selection based on the client realm will take into account the fallback realm and the service hostname. * Referral and alternate cross-realm TGTs will not be cached, avoiding some scenarios where they can be added to the credential cache multiple times. * A German translation has been added. Notes: svn path=/head/; revision=455634
* security/vuxml: mark firefox < 57.0.1 as vulnerableJan Beich2017-12-051-0/+46
| | | | Notes: svn path=/head/; revision=455631