aboutsummaryrefslogtreecommitdiff
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
* security/wpa_supplicant: Add EAPOL_TEST optionCraig Leres2020-04-224-6/+85
| | | | | | | | | | | | | | | Add an option option to builds and installs the eapol_test program. Update/patch to solve new compilation errors that result with the option enabled. Note: Leaving the changes to Packet32.c out of the PR patch set as it is not needed. PR: 245809 Approved by: cy (maintainer) Notes: svn path=/head/; revision=532442
* Document libntlm vulnerabilitySunpoet Po-Chuan Hsieh2020-04-211-0/+31
| | | | Notes: svn path=/head/; revision=532399
* Update to 0.12.0Sunpoet Po-Chuan Hsieh2020-04-212-5/+5
| | | | | | | Changes: https://github.com/googleapis/google-auth-library-ruby/releases Notes: svn path=/head/; revision=532385
* Update to 1.14.0Sunpoet Po-Chuan Hsieh2020-04-212-4/+4
| | | | | | | | Changes: https://github.com/googleapis/google-auth-library-python/releases https://github.com/googleapis/google-auth-library-python/blob/master/CHANGELOG.md Notes: svn path=/head/; revision=532352
* Update to 1.6Sunpoet Po-Chuan Hsieh2020-04-214-16/+9
| | | | | | | | | | | | | - Update MASTER_SITES - Remove DOCS option - Update WWW Changes: https://gitlab.com/jas/libntlm/-/blob/master/NEWS Security: 0f798bd6-8325-11ea-9a78-08002728f74c MFH: 2020Q2 Notes: svn path=/head/; revision=532305
* Update to 1.4.0Sunpoet Po-Chuan Hsieh2020-04-214-347/+342
| | | | | | | | Changes: https://developers.yubico.com/libfido2/Release_Notes.html https://github.com/Yubico/libfido2/blob/master/NEWS Notes: svn path=/head/; revision=532304
* Update to 5.4.0Sunpoet Po-Chuan Hsieh2020-04-212-4/+4
| | | | | | | Changes: https://github.com/keybase/client/releases Notes: svn path=/head/; revision=532303
* Add new entries for SA-20:10 and SA-20:11.Gordon Tetlow2020-04-211-0/+65
| | | | Notes: svn path=/head/; revision=532291
* security/step-certificates: Update to 0.14.3Bernhard Froehlich2020-04-212-4/+4
| | | | | | | | PR: 245794 Submitted by: Markus Wipp <mw@wipp.bayern> (maintainer) Notes: svn path=/head/; revision=532289
* security/vuxml: Document devel/py-twisted vulnerabilitiesDanilo G. Baio2020-04-211-0/+53
| | | | | | | | | PR: 245252 Submitted by: Sascha Biberhofer <ports@skyforge.at> Reported by: contact@evilham.com Notes: svn path=/head/; revision=532266
* security/aws-vault: Update to 5.4.1Dmitri Goutnik2020-04-212-4/+4
| | | | | | | | Changes: https://github.com/99designs/aws-vault/releases/tag/v5.4.1 Reported by: portscout Notes: svn path=/head/; revision=532264
* Update to new snapshot 202016.Matthias Andree2020-04-202-4/+4
| | | | | | | | | | | | | | | Git changes since 202015: * 37bc691e 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov] * 3b06b57d 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov] * d8ac887c 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve selection [Arne Schwabe] Approved by: ecrist@secure-computing.net (via IRC #openvpn-devel) Security: CVE-2020-11810 Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f Notes: svn path=/head/; revision=532210
* Update courier-authlib to 0.70.0Guido Falsi2020-04-202-4/+4
| | | | Notes: svn path=/head/; revision=532206
* - Pass maintainership to submitterHiroki Tagato2020-04-201-1/+4
| | | | | | | | | | | - Add license PR: 245492 Submitted by: Mauro F Caseres <mauroeldritch@gmail.com> Approved by: ehaupt (mentor), pizzamig (co-mentor) Notes: svn path=/head/; revision=532204
* security/aws-vault: Update to 5.4.0Dmitri Goutnik2020-04-202-4/+7
| | | | | | | | Changes: https://github.com/99designs/aws-vault/releases/tag/v5.4.0 Reported by: portscout Notes: svn path=/head/; revision=532203
* security/softether5: Update to 5.01.9673Koichiro Iwao2020-04-202-18/+17
| | | | | | | Sponsored by: HAW International Notes: svn path=/head/; revision=532198
* Remove expired port:Rene Ladan2020-04-209-506/+0
| | | | | | | 2020-04-20 security/suricata5: security/suricata is already at version 5 Notes: svn path=/head/; revision=532195
* - Update to 8.0.8Ryan Steinmetz2020-04-203-5/+5
| | | | | | | | PR: 245681 Submitted by: Michael Muenz <m.muenz@gmail.com> Notes: svn path=/head/; revision=532177
* - Update to 0.709Wen Heping2020-04-202-4/+4
| | | | Notes: svn path=/head/; revision=532172
* Update to 1.5.3Mateusz Piotrowski2020-04-192-4/+4
| | | | Notes: svn path=/head/; revision=532166
* Update to 1.8.0Carlo Strub2020-04-192-5/+4
| | | | Notes: svn path=/head/; revision=532133
* security/libssh: Update to 0.9.4Lorenzo Salvadore2020-04-193-5/+5
| | | | | | | | | | | | | | Security release to fix CVE-2020-1730. Exp-run by: antoine PR: 245572 Reviewed by: tcberner Approved by: gerald (mentor) Security: CVE-2020-1730 Differential Revision: https://reviews.freebsd.org/D24374 Notes: svn path=/head/; revision=532111
* security/vuxml: Add CVE-2020-1730 affecting security/libsshLorenzo Salvadore2020-04-191-0/+31
| | | | | | | | Approved by: gerald (mentor) Differential Revision: https://reviews.freebsd.org/D24377 Notes: svn path=/head/; revision=532108
* devel/libgit2: Update to 1.0.0Tobias Kortkamp2020-04-191-1/+1
| | | | | | | | | | Changes: https://github.com/libgit2/libgit2/releases/tag/v1.0.0 ABI: https://abi-laboratory.pro/tracker/timeline/libgit2 Approved by: mfechner (maintainer) Differential Revision: https://reviews.freebsd.org/D24471 Notes: svn path=/head/; revision=532068
* Document webkit2-gtk3 vulnabilityKoop Mast2020-04-181-0/+26
| | | | Notes: svn path=/head/; revision=532023
* - Update to 3.3.4Wen Heping2020-04-182-4/+4
| | | | Notes: svn path=/head/; revision=532005
* - Add www/drupal8 entryJose Alonso Cardenas Marquez2020-04-181-0/+34
| | | | Notes: svn path=/head/; revision=531995
* sysutils/ansible*: Add multiple VulnerabilitiesMuhammad Moinur Rahman2020-04-171-0/+161
| | | | | | | | | | | - Add vuxml entry for CVE-2020-1737, CVE-2020-1739 and CVE-2020-1740 Security: CVE-2020-1737 Security: CVE-2020-1739 Security: CVE-2020-1740 Notes: svn path=/head/; revision=531977
* This port contains the Smallstep step-ca certificates componentBernhard Froehlich2020-04-177-0/+331
| | | | | | | | | | | | | | | | | | It can be used together with the Smallstep step-ca client. step-ca is a local CA. It can be used to create your own local PKI Infrastructure and includes things like e.g. the possibility to have your own ACME server. A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH. WWW: https://smallstep.com/certificates/ PR: 245535 Submitted by: Markus Wipp <mw@wipp.bayern> Notes: svn path=/head/; revision=531970
* step is a zero trust swiss army knife that integrates with step-ca forBernhard Froehlich2020-04-176-0/+600
| | | | | | | | | | | | | | | | automated certificate management. It's an easy-to-use and hard-to-misuse utility for building, operating, and automating systems that use zero trust technologies like authenticated encryption (X.509, TLS), single sign-on (OAuth OIDC, SAML), multi-factor authentication (OATH OTP, FIDO U2F), encryption mechanisms (JSON Web Encryption, NaCl), and verifiable claims (JWT, SAML assertions). WWW: https://smallstep.com/cli/ PR: 245534 Submitted by: Markus Wipp <mw@wipp.bayern> Notes: svn path=/head/; revision=531969
* security/wazuh-agent: Update to 3.12.2Bernhard Froehlich2020-04-172-28/+28
| | | | | | | | PR: 245479 Submitted by: Michael Muenz <m.muenz@gmail.com> (maintainer) Notes: svn path=/head/; revision=531960
* security/openvpn: update to 2.4.9 (also for -mbedtls slave port)Matthias Andree2020-04-174-268/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At the same time, remove ASYNC_PUSH_LIBS workaround from [1]. Changelog (high-level): https://github.com/OpenVPN/openvpn/blob/release/2.4/Changes.rst#version-249 Git changelog, marking the three fixes that were already in 2.4.8_3 as cherry-picks with a 1, 2, or 3 instead of "*" to correspond with the PORTREVISION, and those with "-" that are specific to other systems, say, Windows. * 9b0dafca 2020-04-16 | Preparing release v2.4.9 (ChangeLog, version.m4, Changes.rst) (tag: v2.4.9) [Gert Doering] 3 f7b318f8 2020-04-15 | Fix illegal client float (CVE-2020-11810) [Lev Stipakov] * 9bb285e3 2020-03-13 | Fix broken async push with NCP is used [Lev Stipakov] - 5f8a9df1 2020-02-12 | Allow unicode search string in --cryptoapicert option [Selva Nair] - 4658b3b6 2020-02-12 | Skip expired certificates in Windows certificate store [Selva Nair] * df5ea7f1 2020-02-19 | Fix possible access of uninitialized pipe handles [Selva Nair] * 1d9e0be2 2020-02-19 | Fix possibly uninitialized return value in GetOpenvpnSettings() [Selva Nair] * 5ee76a8f 2020-03-28 | Fix OpenSSL 1.1.1 not using auto elliptic curve selection [Arne Schwabe] * ed925c0a 2020-04-07 | OpenSSL: Fix --crl-verify not loading multiple CRLs in one file [Maxim Plotnikov] * 2fe84732 2020-03-30 | When auth-user-pass file has no password query the management interface (if available). [Selva Nair] * 908eae5c 2020-04-03 | Move querying username/password from management interface to a function [Selva Nair] * 15bc476f 2020-04-02 | Fix OpenSSL error stack handling of tls_ctx_add_extra_certs [Arne Schwabe] * 22df79bb 2020-04-01 | Fetch OpenSSL versions via source/old links [Arne Schwabe] * 0efbd8e9 2020-03-31 | mbedTLS: Make sure TLS session survives move [Tom van Leeuwen] * 33395693 2020-03-25 | docs: Add reference to X509_LOOKUP_hash_dir(3) [WGH] * 7d19b2bb 2019-10-21 | Fix OpenSSL private key passphrase notices [Santtu Lakkala] 2 8484f37a 2020-03-14 | Fix building with --enable-async-push in FreeBSD [Lev Stipakov] * 69bbfbdf 2020-02-18 | Swap the order of checks for validating interactive service user [Selva Nair] * 0ba4f916 2019-11-09 | socks: use the right function when printing struct openvpn_sockaddr [Antonio Quartulli] 1 3bd91cd0 2019-10-30 | Fix broken fragmentation logic when using NCP [Lev Stipakov] PR: 244286 [1] MFH: 2020Q2 (patchlevel bugfix release) Notes: svn path=/head/; revision=531957
* security/py-python-gnupg: Update version 0.4.3=>0.4.5Muhammad Moinur Rahman2020-04-172-4/+10
| | | | | | | | | | | | - Add TEST PR: 245171 Approved by: christer.edwards@gmail.com (maintainer timeout) MFH: 2020Q2 (runtime fix) Relnotes: https://bitbucket.org/vinay.sajip/python-gnupg/src/master/ Notes: svn path=/head/; revision=531913
* security/ylva: Update 1.5 -> 1.6Yuri Victorovich2020-04-172-4/+4
| | | | | | | | PR: 245680 Submitted by: Michael Muenz <m.muenz@gmail.com> Notes: svn path=/head/; revision=531896
* Document new vulnerabilities in www/chromium < 81.0.4044.113Rene Ladan2020-04-161-0/+28
| | | | | | | Obtained from: Google Chrome Releases Notes: svn path=/head/; revision=531859
* - cleanup rc.d scriptDirk Meyer2020-04-164-18/+30
| | | | Notes: svn path=/head/; revision=531850
* security/nss: go back to using clang on powerpc64 where availablePiotr Kubaj2020-04-161-1/+2
| | | | | | | head r359981 and r359994 reverted commits that caused clang to run in infinite loop, allocating all available memory and crashing the system. Notes: svn path=/head/; revision=531847
* security/openvpn: Fix illegal client float (CVE-2020-11810)Matthias Andree2020-04-162-1/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | There is a time frame between allocating peer-id and initializing data channel key (which is performed on receiving push request or on async push-reply) in which the existing peer-id float checks do not work right. If a "rogue" data channel packet arrives during that time frame from another address and with same peer-id, this would cause client to float to that new address. The net effect of this behaviour is that the VPN session for the "victim client" is broken. Since the "attacker client" does not have suitable keys, it can not inject or steal VPN traffic from the other session. The time window is small and it can not be used to attack a specific client's session, unless some other way is found to make it disconnect and reconnect first. This fix is inherited by the openvpn-mbedtls slave port. Obtained from: Lev Stipakov (OpenVPN) MFH: 2020Q2 (blanket security patch) Security: CVE-2020-11810 Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f Notes: svn path=/head/; revision=531837
* document security/openvpn{,-mbedtls,-devel} illegal client float DoSMatthias Andree2020-04-161-0/+49
| | | | | | | | | | | URL: https://community.openvpn.net/openvpn/ticket/1272 Reported by: Lev Stipakov Security: CVE-2020-11810 Security: 8604121c-7fc2-11ea-bcac-7781e90b0c8f Notes: svn path=/head/; revision=531833
* * Updated to 3.3.3Richard Gallamore2020-04-162-5/+5
| | | | | | | Changes: https://github.com/python-social-auth/social-core/blob/master/CHANGELOG.md Notes: svn path=/head/; revision=531808
* security/bsmtrace: switch MAINTAINER over to csjp@Kyle Evans2020-04-161-2/+2
| | | | | | | | | | | | | alm@ and csjp@ are both upstream maintainers of bsmtrace; they've decided to transfer maintainership of bsmtrace over to csjp@. PORTREVISION bump to reflect the new maintainer in the package. Approved by: alm (maintainer, via e-mail) Approved by: koobs (mentor, ports) MFH: 2020Q2 (blanket: metadata update, MAINTAINER consistency) Notes: svn path=/head/; revision=531802
* Document Mbed TLS CVE-2020-10932.Tijl Coosemans2020-04-151-0/+30
| | | | | | | Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 Notes: svn path=/head/; revision=531767
* Update to 2.16.6.Tijl Coosemans2020-04-152-4/+4
| | | | | | | | MFH: 2020Q2 Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 Notes: svn path=/head/; revision=531766
* security/testssl.sh: Update to 3.0.1Tobias Kortkamp2020-04-152-4/+4
| | | | | | | Changes: https://github.com/drwetter/testssl.sh/releases/tag/3.0.1 Notes: svn path=/head/; revision=531760
* Document gitlab vulnerabilities.Matthias Fechner2020-04-151-0/+36
| | | | Notes: svn path=/head/; revision=531745
* security/zeek: Update to 3.0.5Craig Leres2020-04-152-4/+4
| | | | | | | | | | | | | Chase latest version number that contains a simple fix not relevant to supported versions of FreeBSD (hence no MFH). https://raw.githubusercontent.com/zeek/zeek/3ad19762770c567edc3498b3c1f9f216f46970b0/NEWS - Same as 3.0.4 but fixes compilation on various platforms with older compilers, for example GCC 4.8.x. Notes: svn path=/head/; revision=531735
* security/zeek: Update to 3.0.4 and address a remote crash vulnerability:Craig Leres2020-04-142-5/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS - Fix stack overflow in POP3 analyzer. An attacker can crash Zeek remotely via crafted packet sequence. Other fixes: - Fix use-after-free in Zeek lambda functions with uninitialized locals - Fix buffer overflow due to tables/records created at parse-time not rebuilt on record redef - Fix SMB NegotiateContextList parsing - Fix binpac flowbuffer frame length parsing doing too much bounds checking - Fix parsing ERSPAN III optional sub-header - Fix bug in intel indicator normalization - Fix connection duration thresholding - Fix X509Common.h header include for external plugins - Fix incorrect targeting of node-specific Broker/Cluster messages MFH: 2020Q2 Notes: svn path=/head/; revision=531729
* security/vuxml: Mark zeek < 3.0.4 as vulnerable as per:Craig Leres2020-04-141-0/+30
| | | | | | | | | | https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS An attacker can crash Zeek remotely via crafted packet sequence via a stack overflow in POP3 analyzer. Notes: svn path=/head/; revision=531728
* Update to the latest MIT KRB5 commits on github.Cy Schubert2020-04-142-5/+5
| | | | Notes: svn path=/head/; revision=531719
* Update 1.18 --> 1.18.1Cy Schubert2020-04-142-4/+4
| | | | Notes: svn path=/head/; revision=531718
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-29 21:17:07 +0000