There's no reason to regenerate these for the sake of having 'UTC' in the patch
and it also considers patches with comments to be invalid.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-auth2.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-readconf.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-regress__test-exec.sh: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-servconf.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-session.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.1: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh-agent.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-ssh_config.5: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshconnect.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.8: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd.c: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
WARN: /root/svn/ports/security/openssh-portable/files/patch-sshd_config.5: patch was not generated using ``make makepatch''. It is recommended to use ``make makepatch'' when you need to [re-]generate a patch to ensure proper patch format.
- Add LICENSE_FILE
- Convert to new options target helper
- Convert to new options variable helper
- Use = instead of += for PLIST_SUB
- Cleanup Makefile
Changes: https://github.com/rubygems/rubygems/blob/master/History.txt
PR: 204328
Exp-run by: antoine
In short: getting and installing SSL/TLS certificates made easy.
The Let's Encrypt Client is a tool to automatically receive and install
X.509 certificates to enable TLS on servers. The client will
interoperate with the Let's Encrypt CA which will be issuing
browser-trusted certificates for free.
It's all automated:
The tool will prove domain control to the CA and submit a CSR
(Certificate Signing Request).
If domain control has been proven, a certificate will get issued and
the tool will automatically install it.
WWW: https://github.com/letsencrypt/letsencrypt
PR: 203405
- Update version and distinfo checksum (0.0.0.dev20151104)
- Switch to DISTVERSION (illegal PORTVERSION) and DISTVERSIONPREFIX
- Use github version tags rather than a direct commit
PR: 204303
Approved by: Carlos J Puga Medina <cpm fbsd es> (maintainer)
- use new OPTIONS targes
Parts from Changelog [1]
==========================
Nmap 6.49BETA6
o Integrated all of your IPv6 OS fingerprint submissions from April to October
(only 9 of them!). We are steadily improving the IPv6 database, but we need
your submissions. The classifier added 3 new groups, bringing the new total
to 93. Highlights: http://seclists.org/nmap-dev/2015/q4/61 [Daniel Miller]
o Integrated all of your IPv4 OS fingerprint submissions from February to
October (1065 of them). Added 219 fingerprints, bringing the new total to
4985. Additions include Linux 4.1, Windows 10, OS X 10.11, iOS 9, FreeBSD
11.0, Android 5.1, and more. Highlights:
http://seclists.org/nmap-dev/2015/q4/60 [Daniel Miller]
o Integrated all of your service/version detection fingerprints submitted from
February to October (800+ of them). The signature count went up 2.5% to
10293. We now detect 1089 protocols, from afp, bitcoin, and caldav to
xml-rpc, yiff, and zebra. Highlights: http://seclists.org/nmap-dev/2015/q4/62
[Daniel Miller]
o [NSE] Added 10 NSE scripts from 5 authors, bringing the total up to 509!
They are all listed at http://nmap.org/nsedoc/, and the summaries are below
(authors are listed in brackets):
...
[1] https://nmap.org/changelog.html
- Remove patch-plugins__sudoers__Makefile.in, unnecessary on stagedir days
- Remove patch-plugins__sudoers__audit.c, sudo_gettext.h is already included
by sudoers.h
- Rework patch-plugins__sudoers__sudoers.in to replace pkg_* utilities by
pkg on message
not build properly. Prior to r399238, even if the heimdal port was
installed, the base krb5 libraries and include files were used. This is
because ports/security/heimdal places its libraries in
${LOCALBASE}/lib/heimdal and include files in ${LOCALBASE}/include/heimdal,
which this port does not look for (unless told to do so... by this commit).
Discovered by: marino
Add py-idna and conditionally (For Python < 3.3) py-ipaddress to
RUN_DEPENDS
While I'm here:
- Update minimum versions requirement for py-cffi
- Update test target since the framework supports TEST_DEPENDS et al.
Noticed by: brnrd
- add ca_root_nss as direct runtime dependency
- use new option target to install docs
Download URL has changed from s3.amazonaws to snort.org!
Please adjust your pulledpork.conf
MFH: 2015Q4
for static linking. This affects emulators/qemu-user-static primarily
but will help anyone trying to statically link their applications.
Reviewed by: tijl cpm@fbsd.es (Maintainer)
- When VICI option is selected, install libvici.h to include directory,
it's useful when you need to build a custom code linked to libvici
- Pass path to USE_LDCONFIG otherwise libraries will not be visible
PR: 204098
Approved by: maintainer
Obtained from: pfSense
Sponsored by: Rubicon Communications (Netgate)
(compatible with FreeBSD's libc) and vstr (devel/vstr). Since it's not
selected any of them on CONFIGURE_ARGS, it uses auto, and end up using
glibc.
pfSense users reported memory leaks on strongSwan [2] [3] and a it was
reported to upstream [1].
Add a single option and let user choose which printf hook to use, and
change default to use builtin. Bump PORTREVISION due to default change
[1] https://wiki.strongswan.org/issues/1106
[2] https://forum.pfsense.org/index.php?topic=96767.0
[3] https://redmine.pfsense.org/issues/5149
PR: 204051
Approved by: maintainer
Obtained from: pfSense
MFH: 2015Q4
Sponsored by: Rubicon Communications (Netgate)
The gnupg module allows Python programs to make use of the functionality
provided by the GNU Privacy Guard (abbreviated GPG or GnuPG). Using this
module, Python programs can encrypt and decrypt data, digitally sign documents
and verify digital signatures, manage (generate, list and delete) encryption
keys, using proven Public Key Infrastructure (PKI) encryption technology based
on OpenPGP.
WWW: http://packages.python.org/python-gnupg/index.html
PR: 199551
Submitted by: Christer Edwards <christer.edwards@gmail.com>
s2n is a C99 implementation of the TLS/SSL protocols that
is designed to be simple, small, fast, and with security as
a priority. It is released and licensed under the Apache Software License 2.0.
WWW: https://github.com/awslabs/s2n
The gist from maintainer's explanation of the situation:
Upon creation of the port, the version number of the bro
distribution broccoli was packaged with was used. But it
makes more sense to use broccoli's actual version number.
PR: 203848
Submitted by: leres@ee.lbl.gov (maintainer)
- Update PORTVERSION and distinfo checksum (2.0.9)
Changes:
https://github.com/inliniac/suricata/blob/suricata-2.0.9/ChangeLog
While I'm here,
- Standardize the length of pkg-message separators and add spaces
between them and the text body. <idea> It would be cool if the ports
framework could wrap these pkg-message's in standard formatting for
all ports automagically</idea>
Requested by: Martin Olsson (via email)
Refactor *_DEPENDS to match setup.py's less than obvious dependencies
cffi is both a build/run dependency, the rest are only run dependencies.
This was causing a build failure for net-im/papyon:
ImportError: No module named enum
Reported by: kwm, pkg-fallout
Assisted by: antoine
- Support multiple values in *_OLD_CMD, i.e. we can now fix both "/usr/bin/python" and "/usr/bin/env python" at the same time
- Default *_OLD_CMD values are now always appended, so you don't need to specify them in individual ports
- Add lua support (depends on USES=lua)
- Add more default values, such as "/usr/bin/env foo" for python, perl, bash, ruby and lua
- Shebangfix now matches whole words, e.g. we will no longer (erroneously) replace "/usr/bin/perl5.005" with "${perl_CMD}5.005" (but "/usr/bin/perl -tt" is still (correctly) replaced with "${perl_CMD} -tt")
Note that *_OLD_CMD items containing spaces must now be quoted (e.g. perl_OLD_CMD=/bin/perl /usr/bin/perl "/usr/bin/env perl")
Update shebangfix usage according to new rules in many ports:
- Remove *_OLD_CMD for patterns now replaced by default
- Quote custom *_OLD_CMD which contain spaces
Fix shebangfix usage in many ports (irrelevant to infrastructure change):
- Remove redundant SHEBANG_LANG (no need to duplicate default langs)
- Remove redundant *_CMD (such as python_CMD=${LOCALBASE}/bin/python${PYTHON_VER} when USES=python is present)
- Never use *_OLD_CMD in REINPLACE_CMD matchers, these should always look for exact string
Approved by: portmgr (bapt)
Differential Revision: D3756
- Update to 1.0.2
- Strip shared libraries
- Add patch to support building with LibreSSL
- Remove ALPN patch (upstreamed)
Changes:
https://github.com/pyca/cryptography/blob/1.0.2/CHANGELOG.rst
PR: 203819
Submitted by: Ralf van der Enden <tremere cainites net>
to facilitate re-configuration of YubiKeys on Windows, Linux and Mac platforms.
The tool provides a same simple step-by-step approach to make configuration of
YubiKeys easy to follow and understand, while still being powerful enough to
exploit all functionality both of the YubiKey 1 and YubiKey 2 generation of
keys. The tool provides the same functionality and user interface on Windows,
Linux and Mac platforms.
The Cross-Platform YubiKey Personalization Tool provides the following main
functions:
- Programming the YubiKey in "Yubico OTP" mode;
- Programming the YubiKey in "OATH-HOTP" mode;
- Programming the YubiKey in "Static Password" mode;
- Programming the YubiKey in "Challenge-Response" mode;
- Programming the NDEF feature of the YubiKey NEO;
- Testing the challenge-response functionality of a YubiKey;
- Deleting the configuration of a YubiKey;
- Checking type and firmware version of the YubiKey.
WWW: https://github.com/Yubico/yubikey-personalization-gui
* Update to 2.6.7
* Update and sort pkg-plist
* Group/sort sections
* Convert to OPTIONS helpers
* Use install-strip target so binaries/libraries are stripped
PR: 203168
Submitted by: Sean Greven <sean.greven gmail com> (maintainer)
- old version did not work
- current github head does work (tested)
- new from head sees itself as 2.1.0, but not yet released, so...
PR: 203774
Requested by: emaste
CVE-2015-5289: json or jsonb input values constructed from arbitrary
user input can crash the PostgreSQL server and cause a denial of
service.
CVE-2015-5288: The crypt() function included with the optional pgCrypto
extension could be exploited to read a few additional bytes of memory.
No working exploit for this issue has been developed.
- Supports building without EGD
- Order options alphabetical
Reviewed by: koobs (mentor), zi (maintainer)
Approved by: zi (maintainer)
PR: 198997
Differential Revision: https://reviews.freebsd.org/D2694
Suricata currently builds with GCC -march=native by default.
This can create problems if, for example, packages of this port are
built on ATOM servers but installed on AMD processors. In these and
other cases where the build host is not equal to the target host,
suricata can generate an Illegal instruction and refuse
to start.
It is ultimately preferable to explicitly cross-build and/or optimize
compilation for target architectures and processors. See: PEP20.
PR: 203296
Submitted by: Olivier Cochard <olivier cochard me>
Tested by: Olivier Cochard <olivier cochard me>
MFH: 2015Q3
Without ports/ prepended to the PR number, the http://www.vuxml.org links
go to https://bugs.FreeBSD.org and not the actual PR.
While here, "trongSwan" -> "StrongSwan" spelling correction
PR: 200777
* gstreamer1-libav now uses ffmpeg from ports.
* New ports:
* gstreamer1-validate: Tools to detect if elements are not behaving
as expected, mainly aimed at developers, or advanced debugging.
* gstreamer1-rtsp-server: Base foundation for building a rtsp
server ontop of GStreamer
* Bunch of new plugins like: mpg123, rsvg, libde265, openh264, x265 and dtls.
Release announcement:
http://lists.freedesktop.org/archives/gstreamer-announce/2015-September/000357.html
Obtained from: gnome devel repo
