| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add an option option to builds and installs the eapol_test program.
Update/patch to solve new compilation errors that result with the
option enabled.
Note: Leaving the changes to Packet32.c out of the PR patch set as
it is not needed.
PR: 245809
Approved by: cy (maintainer)
Notes:
svn path=/head/; revision=532442
|
|
|
|
| |
Notes:
svn path=/head/; revision=532399
|
|
|
|
|
|
|
| |
Changes: https://github.com/googleapis/google-auth-library-ruby/releases
Notes:
svn path=/head/; revision=532385
|
|
|
|
|
|
|
|
| |
Changes: https://github.com/googleapis/google-auth-library-python/releases
https://github.com/googleapis/google-auth-library-python/blob/master/CHANGELOG.md
Notes:
svn path=/head/; revision=532352
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Update MASTER_SITES
- Remove DOCS option
- Update WWW
Changes: https://gitlab.com/jas/libntlm/-/blob/master/NEWS
Security: 0f798bd6-8325-11ea-9a78-08002728f74c
MFH: 2020Q2
Notes:
svn path=/head/; revision=532305
|
|
|
|
|
|
|
|
| |
Changes: https://developers.yubico.com/libfido2/Release_Notes.html
https://github.com/Yubico/libfido2/blob/master/NEWS
Notes:
svn path=/head/; revision=532304
|
|
|
|
|
|
|
| |
Changes: https://github.com/keybase/client/releases
Notes:
svn path=/head/; revision=532303
|
|
|
|
| |
Notes:
svn path=/head/; revision=532291
|
|
|
|
|
|
|
|
| |
PR: 245794
Submitted by: Markus Wipp <mw@wipp.bayern> (maintainer)
Notes:
svn path=/head/; revision=532289
|
|
|
|
|
|
|
|
|
| |
PR: 245252
Submitted by: Sascha Biberhofer <ports@skyforge.at>
Reported by: contact@evilham.com
Notes:
svn path=/head/; revision=532266
|
|
|
|
|
|
|
|
| |
Changes: https://github.com/99designs/aws-vault/releases/tag/v5.4.1
Reported by: portscout
Notes:
svn path=/head/; revision=532264
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Git changes since 202015:
* 37bc691e 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov]
* 3b06b57d 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov]
* d8ac887c 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve selection [Arne Schwabe]
Approved by: ecrist@secure-computing.net (via IRC #openvpn-devel)
Security: CVE-2020-11810
Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f
Notes:
svn path=/head/; revision=532210
|
|
|
|
| |
Notes:
svn path=/head/; revision=532206
|
|
|
|
|
|
|
|
|
|
|
| |
- Add license
PR: 245492
Submitted by: Mauro F Caseres <mauroeldritch@gmail.com>
Approved by: ehaupt (mentor), pizzamig (co-mentor)
Notes:
svn path=/head/; revision=532204
|
|
|
|
|
|
|
|
| |
Changes: https://github.com/99designs/aws-vault/releases/tag/v5.4.0
Reported by: portscout
Notes:
svn path=/head/; revision=532203
|
|
|
|
|
|
|
| |
Sponsored by: HAW International
Notes:
svn path=/head/; revision=532198
|
|
|
|
|
|
|
| |
2020-04-20 security/suricata5: security/suricata is already at version 5
Notes:
svn path=/head/; revision=532195
|
|
|
|
|
|
|
|
| |
PR: 245681
Submitted by: Michael Muenz <m.muenz@gmail.com>
Notes:
svn path=/head/; revision=532177
|
|
|
|
| |
Notes:
svn path=/head/; revision=532172
|
|
|
|
| |
Notes:
svn path=/head/; revision=532166
|
|
|
|
| |
Notes:
svn path=/head/; revision=532133
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security release to fix CVE-2020-1730.
Exp-run by: antoine
PR: 245572
Reviewed by: tcberner
Approved by: gerald (mentor)
Security: CVE-2020-1730
Differential Revision: https://reviews.freebsd.org/D24374
Notes:
svn path=/head/; revision=532111
|
|
|
|
|
|
|
|
| |
Approved by: gerald (mentor)
Differential Revision: https://reviews.freebsd.org/D24377
Notes:
svn path=/head/; revision=532108
|
|
|
|
|
|
|
|
|
|
| |
Changes: https://github.com/libgit2/libgit2/releases/tag/v1.0.0
ABI: https://abi-laboratory.pro/tracker/timeline/libgit2
Approved by: mfechner (maintainer)
Differential Revision: https://reviews.freebsd.org/D24471
Notes:
svn path=/head/; revision=532068
|
|
|
|
| |
Notes:
svn path=/head/; revision=532023
|
|
|
|
| |
Notes:
svn path=/head/; revision=532005
|
|
|
|
| |
Notes:
svn path=/head/; revision=531995
|
|
|
|
|
|
|
|
|
|
|
| |
- Add vuxml entry for CVE-2020-1737, CVE-2020-1739 and CVE-2020-1740
Security: CVE-2020-1737
Security: CVE-2020-1739
Security: CVE-2020-1740
Notes:
svn path=/head/; revision=531977
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It can be used together with the Smallstep step-ca client.
step-ca is a local CA. It can be used to create your own local PKI
Infrastructure and includes things like e.g. the possibility to have your
own ACME server.
A private certificate authority (X.509 & SSH) & ACME server for secure
automated certificate management, so you can use TLS everywhere & SSO for SSH.
WWW: https://smallstep.com/certificates/
PR: 245535
Submitted by: Markus Wipp <mw@wipp.bayern>
Notes:
svn path=/head/; revision=531970
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
automated certificate management. It's an easy-to-use and hard-to-misuse utility
for building, operating, and automating systems that use zero trust technologies
like authenticated encryption (X.509, TLS), single sign-on (OAuth OIDC, SAML),
multi-factor authentication (OATH OTP, FIDO U2F), encryption mechanisms (JSON
Web Encryption, NaCl), and verifiable claims (JWT, SAML assertions).
WWW: https://smallstep.com/cli/
PR: 245534
Submitted by: Markus Wipp <mw@wipp.bayern>
Notes:
svn path=/head/; revision=531969
|
|
|
|
|
|
|
|
| |
PR: 245479
Submitted by: Michael Muenz <m.muenz@gmail.com> (maintainer)
Notes:
svn path=/head/; revision=531960
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At the same time, remove ASYNC_PUSH_LIBS workaround from [1].
Changelog (high-level):
https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249
Git changelog, marking the three fixes that were already in 2.4.8_3
as cherry-picks with a 1, 2, or 3 instead of "*" to correspond
with the PORTREVISION, and those with "-" that are specific to other systems,
say, Windows.
* 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4, Changes.rst) (tag: v2.4.9) [Gert Doering]
3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov]
* 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov]
- 5f8a9df1 2020-02-12 | Allow unicode search string in --cryptoapicert option [Selva Nair]
- 4658b3b6 2020-02-12 | Skip expired certificates in Windows certificate store [Selva Nair]
* df5ea7f1 2020-02-19 | Fix possible access of uninitialized pipe handles [Selva Nair]
* 1d9e0be2 2020-02-19 | Fix possibly uninitialized return value in GetOpenvpnSettings() [Selva Nair]
* 5ee76a8f 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve selection [Arne Schwabe]
* ed925c0a 2020-04-07 | OpenSSL: Fix --crl-verify not loading multiple CRLs in one file [Maxim Plotnikov]
* 2fe84732 2020-03-30 | When auth-user-pass file has no password query the management interface (if available). [Selva Nair]
* 908eae5c 2020-04-03 | Move querying username/password from management interface to a function [Selva Nair]
* 15bc476f 2020-04-02 | Fix OpenSSL error stack handling of tls_ctx_add_extra_certs [Arne Schwabe]
* 22df79bb 2020-04-01 | Fetch OpenSSL versions via source/old links [Arne Schwabe]
* 0efbd8e9 2020-03-31 | mbedTLS: Make sure TLS session survives move [Tom van Leeuwen]
* 33395693 2020-03-25 | docs: Add reference to X509_LOOKUP_hash_dir(3) [WGH]
* 7d19b2bb 2019-10-21 | Fix OpenSSL private key passphrase notices [Santtu Lakkala]
2 8484f37a 2020-03-14 | Fix building with --enable-async-push in FreeBSD [Lev Stipakov]
* 69bbfbdf 2020-02-18 | Swap the order of checks for validating interactive service user [Selva Nair]
* 0ba4f916 2019-11-09 | socks: use the right function when printing struct openvpn_sockaddr [Antonio Quartulli]
1 3bd91cd0 2019-10-30 | Fix broken fragmentation logic when using NCP [Lev Stipakov]
PR: 244286 [1]
MFH: 2020Q2 (patchlevel bugfix release)
Notes:
svn path=/head/; revision=531957
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add TEST
PR: 245171
Approved by: christer.edwards@gmail.com (maintainer timeout)
MFH: 2020Q2 (runtime fix)
Relnotes: https://bitbucket.org/vinay.sajip/python-gnupg/src/master/
Notes:
svn path=/head/; revision=531913
|
|
|
|
|
|
|
|
| |
PR: 245680
Submitted by: Michael Muenz <m.muenz@gmail.com>
Notes:
svn path=/head/; revision=531896
|
|
|
|
|
|
|
| |
Obtained from: Google Chrome Releases
Notes:
svn path=/head/; revision=531859
|
|
|
|
| |
Notes:
svn path=/head/; revision=531850
|
|
|
|
|
|
|
| |
head r359981 and r359994 reverted commits that caused clang to run in infinite loop, allocating all available memory and crashing the system.
Notes:
svn path=/head/; revision=531847
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a time frame between allocating peer-id and initializing data
channel key (which is performed on receiving push request or on async
push-reply) in which the existing peer-id float checks do not work right.
If a "rogue" data channel packet arrives during that time frame from another
address and with same peer-id, this would cause client to float to that new
address.
The net effect of this behaviour is that the VPN session for the "victim
client" is broken. Since the "attacker client" does not have suitable keys,
it can not inject or steal VPN traffic from the other session. The time
window is small and it can not be used to attack a specific client's session,
unless some other way is found to make it disconnect and reconnect first.
This fix is inherited by the openvpn-mbedtls slave port.
Obtained from: Lev Stipakov (OpenVPN)
MFH: 2020Q2 (blanket security patch)
Security: CVE-2020-11810
Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f
Notes:
svn path=/head/; revision=531837
|
|
|
|
|
|
|
|
|
|
|
| |
URL: https://community.openvpn.net/openvpn/ticket/1272
Reported by: Lev Stipakov
Security: CVE-2020-11810
Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f
Notes:
svn path=/head/; revision=531833
|
|
|
|
|
|
|
| |
Changes: https://github.com/python-social-auth/social-core/blob/master/CHANGELOG.md
Notes:
svn path=/head/; revision=531808
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
alm@ and csjp@ are both upstream maintainers of bsmtrace; they've decided to
transfer maintainership of bsmtrace over to csjp@. PORTREVISION bump to
reflect the new maintainer in the package.
Approved by: alm (maintainer, via e-mail)
Approved by: koobs (mentor, ports)
MFH: 2020Q2 (blanket: metadata update, MAINTAINER consistency)
Notes:
svn path=/head/; revision=531802
|
|
|
|
|
|
|
| |
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
Notes:
svn path=/head/; revision=531767
|
|
|
|
|
|
|
|
| |
MFH: 2020Q2
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04
Notes:
svn path=/head/; revision=531766
|
|
|
|
|
|
|
| |
Changes: https://github.com/drwetter/testssl.sh/releases/tag/3.0.1
Notes:
svn path=/head/; revision=531760
|
|
|
|
| |
Notes:
svn path=/head/; revision=531745
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Chase latest version number that contains a simple fix not relevant
to supported versions of FreeBSD (hence no MFH).
https://raw.githubusercontent.com/zeek/zeek/3ad19762770c567edc3498b3c1f9f216f46970b0/NEWS
- Same as 3.0.4 but fixes compilation on various platforms with
older compilers, for example GCC 4.8.x.
Notes:
svn path=/head/; revision=531735
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS
- Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
remotely via crafted packet sequence.
Other fixes:
- Fix use-after-free in Zeek lambda functions with uninitialized
locals
- Fix buffer overflow due to tables/records created at parse-time
not rebuilt on record redef
- Fix SMB NegotiateContextList parsing
- Fix binpac flowbuffer frame length parsing doing too much bounds
checking
- Fix parsing ERSPAN III optional sub-header
- Fix bug in intel indicator normalization
- Fix connection duration thresholding
- Fix X509Common.h header include for external plugins
- Fix incorrect targeting of node-specific Broker/Cluster messages
MFH: 2020Q2
Notes:
svn path=/head/; revision=531729
|
|
|
|
|
|
|
|
|
|
| |
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS
An attacker can crash Zeek remotely via crafted packet sequence via
a stack overflow in POP3 analyzer.
Notes:
svn path=/head/; revision=531728
|
|
|
|
| |
Notes:
svn path=/head/; revision=531719
|
|
|
|
| |
Notes:
svn path=/head/; revision=531718
|