aboutsummaryrefslogtreecommitdiff
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
* security/vuxml: add www/chromium < 107.0.5304.121Rene Ladan32 hours1-0/+34
| | | | Obtained from: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
* security/vuxml: Document HTTP response splitting vulnerability in rubygem-cgiYasuhiro Kimura41 hours1-0/+63
|
* Partially revert "security/heimdal*: Remove LLVM_DEFAULT build prerequisite"Cy Schubert43 hours2-13/+7
| | | | | | | | | | | | The suggested workaround will only work when autoreconf is not run. The devel port still needs LLVM_DEFAULT while the non-devel port does not PR: 267814 Fixes: 22a683a337ef MFH: 2022Q4 This partially reverts commit 22a683a337efe7169b61de8c9ec63e2c0d561891.
* security/heimdal: Remove LLVM_DEFAULT artifactCy Schubert43 hours1-2/+1
| | | | | | | | Remove an artifact from 22a683a337ef. PR: 267814 Fixes: 22a683a337ef MFH: 2022Q4
* security/zeek: Update to 5.0.4Craig Leres48 hours2-4/+4
| | | | | | | | | | | | | | | | | | | | | | https://github.com/zeek/zeek/releases/tag/v5.0.4 This release fixes the following potential DoS vulnerabilities: - A specially-crafted series of HTTP 0.9 packets can cause Zeek to spend large amounts of time processing the packets. - A specially-crafted FTP packet can cause Zeek to spend large amounts of time processing the command. - A specially-crafted IPv6 packet can cause Zeek to overflow memory and potentially crash. This release fixes the following bugs: - Fix a potential stall in Broker’s internal data pipeline. Reported by: Tim Wojtulewicz Security: ???
* security/vuxml: Mark zeek < 5.0.4 as vulnerable as per:Craig Leres2 days1-0/+31
| | | | | | | | | | | | | | | | | https://github.com/zeek/zeek/releases/tag/v5.0.4 This release fixes the following potential DoS vulnerabilities: - A specially-crafted series of HTTP 0.9 packets can cause Zeek to spend large amounts of time processing the packets. - A specially-crafted FTP packet can cause Zeek to spend large amounts of time processing the command. - A specially-crafted IPv6 packet can cause Zeek to overflow memory and potentially crash. Reported by: Tim Wojtulewicz
* security/heimdal*: Handle other types of garbage dataCy Schubert2 days4-6/+62
| | | | | | | | | In addition to garbage realm data, also handle garbage dbname, acl_file, stash_file, and invalid bitmask garbage data. PR: 267912 Reported by: Robert Morris <rtm@lcs.mit.edu> MFH: 2022Q4
* security/heimdal*: Fix NULL dereference when mangled realm messageCy Schubert2 days5-2/+47
| | | | | | | | | Fix a NULL dereference in _kadm5_s_init_context() when the client sends a mangled realm message. PR: 267912 Reported by: Robert Morris <rtm@lcs.mit.edu> MFH: 2022Q4
* security/heimdal*: The version string must always contain a terminating NULCy Schubert2 days4-2/+86
| | | | | | | | | | | Should the sender send a string without a terminating NUL, ensure that the NUL terminates the string regardless. And while at it only process the version string when bytes are returned. PR: 267884 Reported by: Robert Morris <rtm@lcs.mit.edu> MFH: 2022Q4
* security/heimdal*: Remove LLVM_DEFAULT build prerequisiteCy Schubert2 days5-31/+51
| | | | | | | | | Adjust ./configure to set the correct CLANG_FORMAT value when clang-format is not found (when none of the llvm ports are installed). PR: 267814 Submitted by: Tatsuki Makino <tatsuki_makino@hotmail.com> MFH: 2022Q4
* security/vuxml: Add multiple CVEs for advancecompFernando ApesteguĂ­a2 days1-0/+43
| | | | PR: 267937
* security/libssh2: Import upstream libressl-3.5 fixFelix Palmen2 days3-15/+9
| | | | | | | | Backport upstream commit instead of using own local patch. Also bump port revision, it will change the binary when built with libressl. Approved by: sbz (maintainer, timeout), tcberner (mentor) Differential Revision: https://reviews.freebsd.org/D37278
* security/snort3: Update to 3.1.47.0Dan Langille3 days3-4/+6
| | | | re: https://github.com/snort3/snort3/releases/tag/3.1.47.0
* security/acme.sh: Update to 3.0.5Dan Langille3 days3-6/+16
| | | | | | re: https://github.com/acmesh-official/acme.sh/releases/tag/v3.0.5 While here, change from Neilpang to acmesh-official since it redirects.
* security/softether5: backport some patches from upstreamKoichiro Iwao3 days2-11/+17
| | | | | | | | | | | | - Fix DNS resolution when no IPv6 address is configured on any interface [1] - Disable MTU changes to avoid frequent interface up/down [2] [1] https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1510 [2] https://github.com/SoftEtherVPN/SoftEtherVPN/issues/1677 Obtained from: https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1510 PR: 267178
* security/botan2: update to 2.19.3 security release (+)Dima Panov3 days2-5/+4
| | | | | | | | | A malicious OCSP responder could forge OCSP responses due to a failure to validate that an embedded certificate was issued by the end-entity issuing certificate authority. Security: CVE-2022-43705 MFH: 2022Q4
* security/p5-IO-Socket-SSL: Update to 2.077Sergei Vyshenski4 days2-4/+4
| | | | | | Changelog: https://metacpan.org/dist/IO-Socket-SSL/changes PR: 267929
* security/i2pd: update to 2.44.0Dries Michiels4 days2-4/+4
| | | | Changes: https://github.com/PurpleI2P/i2pd/releases/tag/2.44.0
* security/heimdal*: Remove lockfile dependencyCy Schubert4 days2-5/+2
| | | | | | | | | Though heimdal ./configure checks for a lockfile dependency, it does not use it. Let's remove the dependency. PR: 267814 Reported by: Tatsuki Makino <tatsuki_makino@hotmail.com> MFH: 2022Q4
* security/seclists: Update to 2022.4Lorenzo Salvadore4 days3-5/+13
|
* security/boringssl: update to the recent commitSergey A. Osokin4 days2-5/+5
|
* security/gopass: Fix handle vi variantsNuno Teixeira4 days2-1/+11
| | | | | | https://github.com/gopasspw/gopass/issues/2412 PR: 267689
* security/rubygem-omniauth-alicloud: update to 2.0.0Matthias Fechner4 days3-20/+5
| | | | | | Required for gitlab-ce 15.5 update. Changelog: https://gitlab.com/gitlab-jh/jh-team/omniauth-alicloud/-/blob/main/CHANGELOG.md
* www/gitlab-ce: new ports required for version 15.5Matthias Fechner4 days7-0/+58
|
* security/aws-iam-authenticator: Update to 0.5.11Danilo Egea Gondolfo4 days2-155/+305
|
* security/tailscale: Update to 1.32.3Ashish SHUKLA5 days2-6/+6
| | | | | Security: e0f26ac5-6a17-11ed-93e7-901b0e9408dc Security: CVE-2022-41925
* security/vuxml: Document vulnerability for security/tailscaleAshish SHUKLA5 days1-0/+28
|
* */*: switch my ports from USES=pytest to USE_PYTHON=pytestDmitry Marakasov5 days1-2/+2
| | | | Suggested by: sunpoet
* Uses/cabal.mk: Rework MASTER_SITES and DISTFILES handling.Gleb Popov6 days2-126/+139
| | | | | | | | | | | | | This change removes duplicated entries from MASTER_SITES and DISTFILES variables. Now the MASTER_SITES variable will contain single Hackage URL without any group for the simplest case and with :_cabal_mk_hackage group in nodefault case. This change opens a path to using non-Hackage Cabal repositories (needed for Cardano) and pulling in .cabal revisions without using patches. Unfortunately, this change results in a large churn in Haskell ports distinfos. To make this churn less useless, refresh all Haskell dependencies in all ports.
* security/aws-c-auth: Update to 0.6.21Nuno Teixeira6 days2-4/+4
| | | | ChangeLog: https://github.com/awslabs/aws-c-auth/releases/tag/v0.6.21
* security/libxcrypt: Update 4.4.31 -> 4.4.33Yuri Victorovich7 days2-4/+4
| | | | Reported by: portscout
* security/rubygem-gpgme: Fix typo in dbcaf755426a9475840a9cb9426cf627c7a226e1Po-Chuan Hsieh7 days1-1/+1
|
* security/picocrypt: Update to 1.31Nuno Teixeira7 days2-18/+14
| | | | ChangeLog: https://github.com/HACKERALERT/Picocrypt/blob/main/Changelog.md
* security/py-keyring: Fix 86e80a529fecc59303768ae06174a1c908cc5b76Po-Chuan Hsieh7 days1-5/+11
| | | | | | | | | - Fix RUN_DEPENDS: py-importlib-metadata is a conditional dependency - Update version requirement of RUN_DEPENDS - Bump PORTREVISION for dependency change Approved by: portmgr (blanket) With hat: python
* security/rubygem-gpgme: Update to 2.0.21Po-Chuan Hsieh7 days4-10/+29
| | | | | | - Convert REINPLACE_CMD to patch files Changes: https://github.com/ueno/ruby-gpgme/blob/master/NEWS
* security/py-uhashring: Update to 2.2Po-Chuan Hsieh7 days3-4/+37
| | | | Changes: https://github.com/ultrabug/uhashring/commits/master
* security/py-cryptography: Rename patch filesPo-Chuan Hsieh7 days7-298/+298
|
* security/rubygem-pundit61: New portMuhammad Moinur Rahman7 days4-0/+28
| | | | | | | | Pundit provides a set of helpers which guide you in leveraging regular Ruby classes and object oriented design patterns to build a simple, robust and scaleable authorization system. Sponsored by: Nepustil
* security/rubygem-doorkeeper-rails61: New portMuhammad Moinur Rahman7 days4-0/+29
| | | | | | | Doorkeeper is a Ruby gem that makes it easy to introduce OAuth 2 provider functionality to a Rails or Grape application. Sponsored by: Nepustil
* security/rubygem-devise_pam_authenticatable2-rails61: New portMuhammad Moinur Rahman8 days4-0/+30
| | | | | | | | | The devise_pam_authenticatable2 is a Devise extension for authentication using PAM (Pluggable Authentication Modulues) via the rpam2 gem. This allows you to authenticate against the local host's authentication system including local account usernames and passwords. Sponsored by: Nepustil
* security/vuxml: Document Apache Tomcat vulnerabilityNuno Teixeira8 days1-0/+52
| | | | | | * CVE-2022-42252 Apache Tomcat - Request Smuggling PR: 266984
* security/heimdal-devel: Add MICROHTTPD optionCy Schubert8 days2-1/+7
| | | | | Add MICROHTTPD option to support httpd access to the KDC. This option is not enabled by default since this adds another vector of compromise.
* security/heimdal-devel: Update to the latest Heimdal github commitCy Schubert8 days2-6/+5
|
* security/heimdal-devel: Fix configure and packageCy Schubert8 days2-15/+15
| | | | | | | | Remove libmicrohttpd support. If installed it will automatically detect and build the necessary binaries to support a microhttpd KDC server. It is felt that a KDC with httpd support is another vector of concern. Fixes: 4e44a84dcc9a
* security/1password-client2-beta: upgrade to 2.8.0-beta.09Larry Rosenman8 days2-10/+10
| | | | | | | ChangeLog: https://app-updates.agilebits.com/product_history/CLI2#v2080009 Note: you may need to check the "Show betas" checkbox to see the notes.
* www/varnish-modules: Update to 0.21.0Ryan Steinmetz9 days1-0/+1
|
* security/wazuh-*: Update to 4.3.10Jose Alonso Cardenas Marquez9 days12-1941/+422
| | | | ChangeLog at: https://github.com/wazuh/wazuh/releases/tag/v4.3.10
* ecurity/heimdal-devel: update to the latest Heimdal github commitCy Schubert9 days3-590/+100
|
* security/wpa_supplicant-devel: Update to latest GH commitCy Schubert9 days2-5/+5
| | | | Update to the latest w1.fi commit, proxied through my GH account.
* security/krb5-devel: update to the latest MIT/KRB5 github commitCy Schubert9 days3-5/+6
|