aboutsummaryrefslogtreecommitdiff
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
* security/vuxml:Lars Engels2020-06-181-0/+27
| | | | | | | Document CVE-2020-13882 and CVE-2019-13033 for security/lynis. Notes: svn path=/head/; revision=539544
* security/lynis: Update to 3.0.0Lars Engels2020-06-183-9/+7
| | | | | | | | | | This is a major release but also fixes two security problems. MFH: 2020Q2 Security: CVE-2019-13033 CVE-2020-13882 Notes: svn path=/head/; revision=539543
* security/vuxml: CVE-2020-8618 and CVE-2020-8619Philip Paeps2020-06-181-0/+67
| | | | | | | | ISC published CVE-2020-8618 affecting dns/bind916 and CVE-2020-8619 affecting dns/bind911 and dns/bind916. Both ports were updated. Notes: svn path=/head/; revision=539533
* new port: security/vigenere: cipher algorithm toolFernando Apesteguía2020-06-184-0/+34
| | | | | | | | | | | | | vigenere is an implementation of the Vigenere cipher algorithm extended to the entire set of printable ASCII characters https://www.olivermahmoudi.com/programming/vigenere-cipher/ PR: 247244 Submitted by: fbsd@olivermahmoudi.com Notes: svn path=/head/; revision=539531
* security/nss: update to 3.53.1Jan Beich2020-06-182-4/+4
| | | | | | | | | | Changes: https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.53.1_release_notes Changes: https://hg.mozilla.org/projects/nss/shortlog/NSS_3_53_1_RTM ABI: https://abi-laboratory.pro/tracker/timeline/nss/ Security: CVE-2020-12402 Notes: svn path=/head/; revision=539512
* Move devel/swig30 to devel/swig and update to 4.0.1Sunpoet Po-Chuan Hsieh2020-06-177-17/+11
| | | | | | | | | | | | | | | - Do not silence installation message - Update dependent ports: - Fix build with swig 4.0.1 - Update *_DEPENDS - Remove BINARY_ALIAS Changes: http://www.swig.org/news.php PR: 246613 Exp-run by: antoine Notes: svn path=/head/; revision=539491
* Update KDE Frameworks to 5.71.0Tobias C. Berner2020-06-172-3/+4
| | | | | | | | | | | | | | | | | | | | | June 06, 2020. KDE today announces the release of KDE Frameworks 5.71.0. KDE Frameworks are over 70 addon libraries to Qt which provide a wide variety of commonly needed functionality in mature, peer reviewed and well tested libraries with friendly licensing terms. For an introduction see the KDE Frameworks web page. This release is part of a series of planned monthly releases making improvements available to developers in a quick and predictable manner. Announcement: https://kde.org/announcements/kde-frameworks-5.71.0 Exp-run by: antoine PR: 247240 Notes: svn path=/head/; revision=539415
* security/tor-devel: Update 0.4.3.4-rc -> 0.4.4.1-alphaYuri Victorovich2020-06-162-4/+4
| | | | | | | Reported by: upstream notification Notes: svn path=/head/; revision=539381
* KDE Plasma Desktop -- update to 5.19.1Tobias C. Berner2020-06-163-9/+9
| | | | | | | | | | | | | | | | | | | Tuesday, 16 June 2020. Today KDE releases a bugfix update to KDE Plasma 5, versioned 5.19.1. Plasma 5.19 was released in June 2020 with many feature refinements and new modules to complete the desktop experience. This release adds a month's worth of new translations and fixes from KDE's contributors. The bugfixes are typically small but important and include: * Dr Konqi: Map neon in platform guessing. * Battery applet not showing up in tray. * Fix confirmLogout setting for SessionManagement. Changelog: https://kde.org/announcements/plasma-5.19.0-5.19.1-changelog Notes: svn path=/head/; revision=539370
* security/dropbear: update to 2020.79Piotr Kubaj2020-06-162-67/+59
| | | | | | | Add some new options, remove needless patching, move to Dropbear's system for non-default options. Notes: svn path=/head/; revision=539342
* Made rubygem net-ssh version 5 available as it is required by ↵Matthias Fechner2020-06-164-0/+46
| | | | | | | | | net-mgmt/rubygem-oxidized. PR: 247172 Notes: svn path=/head/; revision=539331
* security/libressl: Chain-validation update to 3.1.3Bernard Spil2020-06-162-4/+4
| | | | Notes: svn path=/head/; revision=539329
* security/fizz: Update 2020.06.08.00 -> 2020.06.15.00Yuri Victorovich2020-06-152-4/+4
| | | | Notes: svn path=/head/; revision=539280
* Update to 5.1.0Sunpoet Po-Chuan Hsieh2020-06-152-4/+4
| | | | | | | Changes: https://github.com/IdentityPython/pysaml2/releases Notes: svn path=/head/; revision=539008
* Update to 1.17.2Sunpoet Po-Chuan Hsieh2020-06-152-7/+8
| | | | | | | | Changes: https://github.com/googleapis/google-auth-library-python/releases https://github.com/googleapis/google-auth-library-python/blob/master/CHANGELOG.md Notes: svn path=/head/; revision=539007
* Update to 2020.4.5.2Sunpoet Po-Chuan Hsieh2020-06-152-4/+4
| | | | | | | Changes: https://github.com/certifi/python-certifi/commits/master Notes: svn path=/head/; revision=539006
* Update dependenciesSunpoet Po-Chuan Hsieh2020-06-152-8/+8
| | | | | | | - Bump PORTREVISION for package change Notes: svn path=/head/; revision=538941
* security/cvm: fix threaded buildPiotr Kubaj2020-06-151-0/+2
| | | | | | | | | | Build with 16 threads fails: ./makeshlib libcvm-sasl.la sasl_auth.lo sasl_authenticate.lo sasl_cram_md5.lo sasl_init.lo sasl_login.lo sasl_plain.lo sasl_start.lo --- sql-query.lo --- mv: rename sql-query.loT to sql-query.lo: No such file or directory Notes: svn path=/head/; revision=538879
* - Update WWWDmitry Marakasov2020-06-151-1/+1
| | | | | | | Approved by: portmgr blanket Notes: svn path=/head/; revision=538867
* Update to 2.1.0Antoine Brodin2020-06-142-4/+4
| | | | Notes: svn path=/head/; revision=538722
* security/libgpg-error: update to 1.38Roman Bogorodskiy2020-06-143-5/+5
| | | | Notes: svn path=/head/; revision=538712
* security/vuxml: Update CVE-2019-18348 and CVE-2020-8492 entriesDanilo G. Baio2020-06-131-8/+8
| | | | | | | | | | Python 3.6 and 3.7 are not vulnerable in the ports tree anymore. Change range for python35 to <le>, suggested by swills. PR: 246984, 246738 Notes: svn path=/head/; revision=538674
* - Update WWWDmitry Marakasov2020-06-131-1/+1
| | | | | | | Approved by: portmgr blanket Notes: svn path=/head/; revision=538658
* security/vuxml: document libreoffice <6.4.4 security issuesDima Panov2020-06-131-0/+32
| | | | | | | | PR: 247196 Submitted by: rob2g2 <spam123@bitbert.com> Notes: svn path=/head/; revision=538650
* Update KDE's Application (release-service) to 20.04.2Tobias C. Berner2020-06-135-15/+15
| | | | Notes: svn path=/head/; revision=538649
* - Update to 1.1Hiroki Tagato2020-06-132-6/+8
| | | | | | | | | | | | | - Add LICENSE_FILE - Make portclippy happy PR: 247186 Submitted by: Oliver Mahmoudi <fbsd@olivermahmoudi.com> (maintainer) Approved by: mentors (implicit) Changelog: https://github.com/olimah/caesarcipher/blob/v1.1/Changelog Notes: svn path=/head/; revision=538645
* Document multiple sqlite3 vulnerabilities with CVSS scores rangingCy Schubert2020-06-131-0/+47
| | | | | | | | | from 5.5 (medium) to 7.5 (high). PR: 247149 Notes: svn path=/head/; revision=538637
* [NEW] security/yubikey-agent: Seamless ssh-agent for YubiKeysVinícius Zavam2020-06-124-0/+57
| | | | | | | | | | | | | | | | | (*) Easy to use. A one-command setup, one environment variable, and it just runs in the background. (*) Indestructible. Tolerates unplugging, sleep, and suspend. Never needs restarting. (*) Compatible. Provides a public key that works with all services and servers. (*) Secure. The key is generated on the YubiKey and can't be extracted. Every session requires the PIN, every login requires a touch. Setup takes care of PUK and management key. WWW: https://filippo.io/yubikey-agent Notes: svn path=/head/; revision=538589
* security/vuxml: document Node.js June 2020 Security ReleasesBradley T. Hughes2020-06-121-0/+66
| | | | | | | | | https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/ Sponsored by: Miles AS Notes: svn path=/head/; revision=538562
* security/kpmenu: fix build on aarch64Mikael Urankar2020-06-111-0/+24
| | | | | | | | PR: 245144 Approved by: portmgr (tier-2 blanket) Notes: svn path=/head/; revision=538527
* security/honeytrap: fix build on aarch64Mikael Urankar2020-06-113-0/+284
| | | | | | | Approved by: portmgr (tier-2 blanket) Notes: svn path=/head/; revision=538525
* Update to 1.09Emanuel Haupt2020-06-112-5/+4
| | | | | | | | | PR: 247156 Submitted by: driesm.michiels@gmail.com (maintainer) Changelog: https://github.com/google/google-authenticator-libpam/releases/tag/1.09 Notes: svn path=/head/; revision=538492
* Document net-mgmt/tcpreplay vulnerabilitiesEmanuel Haupt2020-06-111-0/+33
| | | | Notes: svn path=/head/; revision=538483
* security/vuxml: Document irc/znc issueDanilo G. Baio2020-06-111-0/+28
| | | | | | | Security: CVE-2020-13775 Notes: svn path=/head/; revision=538447
* Add go mod dependencies to fix build errorsCarlo Strub2020-06-101-0/+6
| | | | Notes: svn path=/head/; revision=538436
* security/zeek: Update to 3.0.7 and address various vulnerabilities:Craig Leres2020-06-102-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS - Fix potential stack overflow in NVT analyzer - Fix NVT analyzer memory leak from multiple telnet authn name options - Fix multiple content-transfer-encoding headers causing a memory leak - Fix potential leak of Analyzers added to tree during Analyzer::Done - Prevent IP fragment reassembly on packets without minimal IP header Other fixes: - Limit rate of logging MaxMind DB diagnostic messages - Fix wrong return value type for `topk_get_top()` BIF - Fix opaque Broker types lacking a Type after (de)serialization - Fix lack of descriptive printing for intervals converted from `double_to_interval()` - Fix some cases of known-services not being logged MFH: 2020Q3 Security: 9f7ae7ea-da93-4f86-b257-ba76707f6d5d Notes: svn path=/head/; revision=538431
* Document npm vulnerabilities.Matthias Fechner2020-06-101-0/+30
| | | | Notes: svn path=/head/; revision=538392
* security/keepass: Set maintainer to latest submitterBen Woods2020-06-101-1/+1
| | | | | | | | PR: 246438 Approved by: Michael Muenz <m.muenz@gmail.com> (new maintainer) Notes: svn path=/head/; revision=538389
* - Update WWWDmitry Marakasov2020-06-101-1/+1
| | | | | | | Approved by: portmgr blanket Notes: svn path=/head/; revision=538379
* Document the audio/libadplug vulnerabilities:Emanuel Haupt2020-06-101-0/+41
| | | | | | | https://github.com/adplug/adplug/releases/tag/adplug-2.3.3 Notes: svn path=/head/; revision=538376
* security/vuxml: Mark zeek < 3.0.7 as vulnerable as per:Craig Leres2020-06-101-0/+37
| | | | | | | | | https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS Various issues including stack overflows and memory leaks. Notes: svn path=/head/; revision=538363
* security/nflib: Unbreak on systems incompatible with the system where the ↵Yuri Victorovich2020-06-091-1/+8
| | | | | | | | | package was built -march=native caused SEGVs on incompatible systems Notes: svn path=/head/; revision=538354
* Document the latest Flash Player vulnerability.Jung-uk Kim2020-06-091-0/+29
| | | | | | | https://helpx.adobe.com/security/products/flash-player/apsb20-30.html Notes: svn path=/head/; revision=538349
* Add FreeBSD-SA-20:17.usb.Gordon Tetlow2020-06-091-0/+30
| | | | | | | Approved by: so Notes: svn path=/head/; revision=538328
* Update KDE Plasma Desktop to 5.19.0Tobias C. Berner2020-06-094-9/+10
| | | | | | | | | | | | | | | | | | | | | | Tuesday, 9 June 2020. Plasma 5.19 is out! If we gave alliterative names to Plasma releases, this one could be "Polished Plasma". The effort developers have put into squashing bugs and removing annoying papercuts has been immense. In this release, we have prioritized making Plasma more consistent, correcting and unifying designs of widgets and desktop elements; worked on giving you more control over your desktop by adding configuration options to the System Settings; and improved usability, making Plasma and its components easier to use and an overall more pleasurable experience. Read on to discover all the new features and improvements of Plasma 5.19… Announcement: https://kde.org/announcements/plasma-5.19.0 Notes: svn path=/head/; revision=538320
* - Update WWWDmitry Marakasov2020-06-091-1/+1
| | | | | | | Approved by: portmgr blanket Notes: svn path=/head/; revision=538298
* security/fizz: Update 2020.06.01.00 -> 2020.06.08.00Yuri Victorovich2020-06-092-4/+4
| | | | | | | Reported by: portscout Notes: svn path=/head/; revision=538283
* UPnP SUBSCRIBE misbehavior in hostapd WPS APCy Schubert2020-06-093-7/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As published by our hostapd upstream Vulnerability General security vulnerability in the way the callback URLs in the UPnP SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695). Some of the described issues may be applicable to the use of UPnP in WPS AP mode functionality for supporting external registrars. Such issues could allow a device connected to the local network (i.e., a device that has been authorized to transmit packets in the network in which the AP is located) could trigger the AP to initiate a HTTP (TCP/IP) connection to an arbitrary URL, including connections to servers in external networks. This could have a security implication if traffic from the local network to external destinations have different rules (e.g., firewall and packet inspection) for different local hosts and the AP having access to external hosts while the attacker controlled local device not having such access. Such deployment cases may not be common for networks where WPS would be enabled, but it is not possible to completely rule out the applicability to cases where hostapd is used to control a WPS enabled AP. In addition to the more generic issues with the UPnP protocol, couple of implementation specific issues in hostapd were discovered while reviewing this area of the WPS implementation. These issues could allow local devices (i.e., devices that have been authorized to transmit packets in the network in which the AP is located) to trigger misbehavior in hostapd and cause the process to either get terminated or to start using more CPU resources by using a specially constructed SUBSCRIBE command. All these issues require the attacker to be able to discover the UPnP service provided by hostapd and to open a TCP connection toward the IP address of the AP. The former requires access to the local network to be able to receive broadcast packets and the latter requires access to initiate TCP/IP connection to the IP address used by the AP. In most common AP deployment cases, both of these operations are available only from the local network. Vulnerable versions/configurations All hostapd versions with WPS AP support with UPnP enabled in the build parameters (CONFIG_WPS_UPNP=y) and in the runtime configuration (upnp_iface). Possible mitigation steps - Disable WPS UPnP support in the hostapd runtime configuration by removing the upnp_iface parameter. - Merge the following commits to hostapd and rebuild: For CVE-2020-12695: WPS UPnP: Do not allow event subscriptions with URLs to other networks For the other issues: WPS UPnP: Fix event message generation using a long URL path WPS UPnP: Handle HTTP initiation failures for events more properly These patches are available from https://w1.fi/security/2020-1/ - Update to hostapd v2.10 or newer, once available Obtained from: https://w1.fi/security/2020-1/ MFH: 2020Q2 Security: VU#339275 and CVE-2020-12695 Notes: svn path=/head/; revision=538281
* Update maintainer'r addressCarlo Strub2020-06-081-1/+1
| | | | | | | | | PR: 245490 Submitted by: Mauro F Caseres <mauroeldritch@gmail.com> Approved by: maintainer timeout Notes: svn path=/head/; revision=538257
* Unbreak vuxmlbuildJochen Neumeister2020-06-081-3/+0
| | | | | | | | | | | Parsing VuXML ...Application exception: bad CVE name for vid 669f3fe8-a07a-11ea-b83e-f0def1f5c5a2: GHSL-2020-100 @ho:215 *** Error code 1 Sponsored by: Netzkommune GmbH Notes: svn path=/head/; revision=538232
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-05 04:41:46 +0000