mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-15 03:14:23 +00:00
Code Issues Releases Activity
396,041 Commits 45 Branches 100 Tags 3.4 GiB
e754159579
Commit Graph

23394 Commits

Author SHA1 Message Date
Jason Unovitch
1561ed7189 Document Wordpress vulnerabilities fixed in 4.5.3 
PR:             210480 [1]
PR:             210581
Reported by:	Mihail Timofeev <9267096@gmail.com> [1]
Security:	CVE-2016-5832
Security:	CVE-2016-5833
Security:	CVE-2016-5834
Security:	CVE-2016-5835
Security:	CVE-2016-5836
Security:	CVE-2016-5837
Security:	CVE-2016-5838
Security:	CVE-2016-5839
Security:	https://vuxml.FreeBSD.org/freebsd/bfcc23b6-3b27-11e6-8e82-002590263bf5.html
 2016-06-25 23:17:46 +00:00
Jason Unovitch
777e8f5f5c Docment security issues fixed in PHP 7.0.8, 5.6.23, and 5.5.37 
PR:		210491
PR:		210502
Reported by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Reported by:	Philip Jocks <freebsdbugs@filis.org>
Security:	CVE-2015-8874
Security:	CVE-2016-5766
Security:	CVE-2016-5767
Security:	CVE-2016-5768
Security:	CVE-2016-5769
Security:	CVE-2016-5770
Security:	CVE-2016-5771
Security:	CVE-2016-5772
Security:	CVE-2016-5773
Security:	https://vuxml.FreeBSD.org/freebsd/66d77c58-3b1d-11e6-8e82-002590263bf5.html
 2016-06-25 22:18:23 +00:00
Ollivier Robert
c18e71f49d Fix filename in distinfo. 
PR:		210553
Submitted by:	t@tobik.me
 2016-06-25 11:41:18 +00:00
Hajimu UMEMOTO
af3fd373da Add new port -- Yubico PIV tool 
The Yubico PIV tool is used for interacting with the Privilege and
Identification Card (PIV) application on a YubiKey.

With it you may generate keys on the device, importing keys and
certificates, and create certificate requests, and other operations. A
shared library and a command-line tool is included.
 2016-06-25 11:11:13 +00:00
Antoine Brodin
77b7623135 Hook doas to the build 2016-06-25 07:59:49 +00:00
Ollivier Robert
1a4601bd17 Change PORTREVISION to something sensible as upstream did not change. 
Reported by:	mat
 2016-06-24 23:17:39 +00:00
Bernard Spil
6a8398dd65 security/py-certbot: Complete renaming from letsencrypt 
- Rename relevant occurences in pkg-descr and pkg-message

PR:		210508
 2016-06-24 21:21:08 +00:00
Ollivier Robert
33d3d55396 Missed the fact that ${ETCDIR} includes the port's name. 
Submitted by:	@mordin_ on Twitter.
 2016-06-24 21:00:07 +00:00
Ollivier Robert
d0474ec82b Update to commit 720db72 to fix a security issue. 
Reported by:	Bryan Steele (@canadianbryan on Twitter)
 2016-06-24 20:34:30 +00:00
Jan Beich
bb2dc31bc5 security/nss: update to 3.25 
Changes:	https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.25_release_notes
 2016-06-24 15:14:56 +00:00
Ollivier Robert
f93bc3ba8f New port: security/doas 
The doas program allows users to run commands as another user (usually
root). The doas program was written by the OpenBSD team to provide a
lightweight, simplified (and more secure) alternative to the sudo command.

Original upstream (OpenBSD) source:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/doas/

FreeBSD version: https://github.com/slicer69/doas

NOTE: I added the two patch files to workaround issues mentioned in the PR
about hardcoding of /usr/local.

PR:		210473
Submitted by:	jsmith@resonatingmedia.com
Modified by:	jrm@ftfl.ca (see PR) and me (roberto)
 2016-06-24 00:07:13 +00:00
Grzegorz Blach
a4d75e55ce Update to 2.5 2016-06-23 17:21:52 +00:00
Mark Felder
9a1238559a Fix vuxml 
I didn't validate after updating "foo reports:" line

Pointyhat:	me
 2016-06-23 16:55:18 +00:00
Mark Felder
ba1a8bd8c2 Document libarchive vulnerabilities 
PR:		210493
Security:	CVE-2015-8934
Security:	CVE-2016-4300
Security:	CVE-2016-4301
Security:	CVE-2016-4302
 2016-06-23 16:25:47 +00:00
Mark Felder
5439f8dea9 Add piwik XSS to vuxml 
No further information is available. No CVE has been assigned.

PR:		210458
 2016-06-23 15:52:40 +00:00
Bernard Spil
d7c96981b8 security/py-certbot: Rename from py-letsencrypt and update 
- Move security/py-letsencrypt to security/py-certbot
  - Update security/py-acme to 0.8.1
  - Update security/py-certbot to 0.8.1
  - Update python dependencies

PR:		209584
 2016-06-23 10:22:35 +00:00
Torsten Zuehlsdorff
8b62234838 Change all occurrences of xmj@chaot.net to johannes@perceivon.net as the owner requested. 
This only affects "Created by" lines with one exception: devel/uclcmd. There the maintainer is changed. This was overlooked in r416918.

Approved by: junovitch (mentor)
 2016-06-23 09:48:53 +00:00
Baptiste Daroussin
7361664043 Prefer relative symlinks to make the package relocation friendly 2016-06-23 06:36:18 +00:00
Ryan Steinmetz
cc6fd7f10e - Update to 2.9.8.3 2016-06-23 01:56:42 +00:00
Renato Botelho
89ace70eb9 Update security/sudo to 1.8.17p1 
MFH:		2016Q2
Sponsored by:	Rubicon Communications (Netgate)
 2016-06-23 00:55:19 +00:00
Jan Beich
2d4c884669 security/tor-devel: update to 0.2.8.4.r 
Changes:	https://blog.torproject.org/blog/tor-0284-rc-released
PR:		210348
Submitted by:	Neel Chauhan <neel@neelc.org>
Approved by:	previous timeouts
 2016-06-22 15:50:23 +00:00
Jan Beich
c12acdb82b security/eschalot: add new port 
PR:		210378
Submitted by:	yuri@rawbw.com

Echalot is a TOR hidden service name generator, it allows one to produce
a (partially) customized vanity .onion address using a brute-force method.

https://github.com/ReclaimYourPrivacy/eschalot
 2016-06-22 15:02:01 +00:00
Mathieu Arnold
59bc68ef23 Update to 0.17. 
Sponsored by:	Absolight
 2016-06-22 13:36:27 +00:00
Edward Tomasz Napierala
0bd3b5d00e Drop maintainership for some of my ports. 2016-06-22 10:12:46 +00:00
Vanilla I. Shu
67b1a1ccf6 Update to 0.037. 2016-06-21 15:50:23 +00:00
Mathieu Arnold
62a3c066e0 Update to 0.80. 
Sponsored by:	Absolight
 2016-06-21 15:09:17 +00:00
Mathieu Arnold
48af9870f3 Update to 1.205. 
Sponsored by:	Absolight
 2016-06-21 15:09:12 +00:00
Mathieu Arnold
8991bc11bd Update to 0.161520. 
Sponsored by:	Absolight
 2016-06-21 15:09:04 +00:00
Mathieu Arnold
95a28e9c7a Rename all three p5-ReadLine-(Gnu,Perl,TTYtter) to their real names 
p5-Term-ReadLine-(Gnu,Perl,TTYtter).

I can't find any reason for p5-ReadLine-Gnu to have been added as
ReadLine-Gnu instead of Term-ReadLine-Gnu twenty years ago.

devel/p5-Term-ReadLine-Perl was added as a dupplicate a few years back
where it should not have, so change its maintainer to be perl@ like
devel/p5-ReadLine-Perl had.

Sponsored by:	Absolight
 2016-06-21 13:24:53 +00:00
Vasil Dimov
98a80a35b5 Followup to r417190 - all versions of wget<1.18 are affected 2016-06-21 08:34:27 +00:00
Vasil Dimov
ed08cac60a Document ftp/wget's HTTP to FTP redirection file name confusion vulnerability 
PR:		210420
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security:	CVE-2016-4971
 2016-06-21 08:16:47 +00:00
Dirk Meyer
e7994cc754 - fix possible integer overflow and application crash 
Security: CVE-2016-2177
MFH:		2016Q2
 2016-06-20 19:16:43 +00:00
Mark Felder
aade2eccbb Update vuxml for libxslt vulnerabilities 
These vulnerabilities were previously reported by Google as they bundle
libxslt with Chrome. When we patched Chromium to address these
vulnerabilites it was overlooked that we do not bundle libxslt library
with Chromium, but instead use textproc/libxslt. Chromium users have
continued to be vulnerable to these CVEs as a result. This update fixes
the Chromium CVE entry and adds a separate one for libxslt.

PR:		210298
Security:	CVE-2016-1683
Security:	CVE-2016-1684
 2016-06-20 19:08:31 +00:00
Tijl Coosemans
e079e58681 Update Linux ports to Centos 6.8. 
PR:		210373
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>
Differential Revision:	https://reviews.freebsd.org/D6891
 2016-06-20 17:13:26 +00:00
Mathieu Arnold
7ae7b018cc With the power of USES=dos2unix, get rid of most patches and files 
with CRLF.

While there, run make makepatch, rename patches to use the new scheme,
and various fixes.

With hat:	portmgr
Sponsored by:	Absolight
 2016-06-20 16:23:28 +00:00
Cy Schubert
becd50be04 Update 1.8.16 --> 1.8.17 
PR:		210407
Submitted by:	cy@
Approved by:	garga@
MFH:		2016Q2
 2016-06-20 14:03:03 +00:00
Alex Dupre
0a4722baff Update to 0.16.0 release. 
PR:		210406
Submitted by:	cmt
 2016-06-20 10:55:33 +00:00
Jun Kuriyama
a96d0cea62 - Upgrade to 2.1.13 (minor bugfixes). 2016-06-20 10:49:47 +00:00
Baptiste Daroussin
a3b3ff1f71 Provide a new MASTER_SITES 
Add explicit xorg dependencies

PR:		210396
Submitted by:	lightside@gmx.com
 2016-06-20 06:29:43 +00:00
Baptiste Daroussin
f74fd16099 Mark as deprecated: does not fetch 2016-06-19 22:34:15 +00:00
Pawel Pekala
f65275f22d Update to version 1.10.0 
Changes: https://github.com/openxpki/openxpki/commits/master

PR:		210139
Submitted by:	maintainer
 2016-06-19 16:53:28 +00:00
Bernard Spil
b8ea07e174 security/letskencrypt: Don't automatically execute installed sample 
- Remove automatic renewscript execution
 2016-06-19 12:55:33 +00:00
Bernard Spil
520b5e48f3 security/letskencrypt: Add periodic(8) and multi-cert capability 
- Add periodic script
  - Make Domain+SAN names and challenge-dir configurable
  - Add multiple Domain+SAN certificates capability using scripts
  - Add sample renewal script
  - Add sample deployment script
  - Add pkg-message documenting periodic.conf variables
 2016-06-19 12:36:09 +00:00
Bernard Spil
83cd5adde3 Update security/libressl vulnerability for quarterly branch 
- Mark vulnerable from 2.3.0 up to 2.3.6
  - Mark vulnerable below 2.2.9
 2016-06-19 09:03:23 +00:00
Jason Unovitch
1ed74a507a Document Flash vulnerabilities in Adobe Security Bulletins APSB16-10, 
APSB16-15, APSB16-18

PR:		209592
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013,
		CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
		CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021,
		CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,
		CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,
		CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033,
		CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099,
		CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103,
		CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107,
		CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108,
		CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112,
		CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116,
		CVE-2016-4117, CVE-2016-4120, CVE-2016-4121, CVE-2016-4160,
		CVE-2016-4161, CVE-2016-4162, CVE-2016-4163, CVE-2016-4122,
		CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127,
		CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131,
		CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135,
		CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139,
		CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143,
		CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147,
		CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151,
		CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155,
		CVE-2016-4156, CVE-2016-4166, CVE-2016-4171
Security:	https://vuxml.FreeBSD.org/freebsd/0e3dfdde-35c4-11e6-8e82-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/07888b49-35c4-11e6-8e82-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/0c6b008d-35c4-11e6-8e82-002590263bf5.html
 2016-06-19 02:57:04 +00:00
Colin Percival
76b4a4f5b8 Teach security/scrypt about libcrypto versions: 
* Add USE_OPENSSL
* Pass the appropriate CFLAGS and LDFLAGS to configure
 2016-06-18 23:41:41 +00:00
Baptiste Daroussin
a7865cca1b Convert to @sample 
Remove useless @exec already handled by other parts of the plist
 2016-06-18 15:38:10 +00:00
Mathieu Arnold
e28adea1da Fix with GCRYPT option on. 
Submitted by:	Craig Leres
Sponsored by:	Absolight
 2016-06-18 09:02:40 +00:00
Rene Ladan
a8e20f7641 security/py-oauthlib: update to 1.1.2 
PR:		209989
Submitted by:	myself
Approved by:	maintainer timeout (koobs, 15 days)
 2016-06-18 07:36:35 +00:00
Roman Bogorodskiy
5a069aeb84 security/libgpg-error: update to 1.23 2016-06-18 05:09:50 +00:00