Crypt::OpenSSL::Guess provides helpers to guess OpenSSL include path on any
platforms.
Often MacOS's homebrew OpenSSL cause a problem on installation due to include
path is not added. Some CPAN module provides to modify include path with
configure-args, but Carton or Module::CPANfile is not supported to pass
configure-args to each modules. Crypt::OpenSSL::* modules should use it on your
Makefile.PL.
This module resolves the include path by Net::SSLeay's workaround. Original code
is taken from inc/Module/Install/PRIVATE/Net/SSLeay.pm by Net::SSLeay.
WWW: http://search.cpan.org/dist/Crypt-OpenSSL-Guess/
The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable
computational-complexity attack when parsing and storing ISAKMP fragments.
The implementation permits a remote attacker to exhaust computational
resources on the remote endpoint by repeatedly sending ISAKMP fragment
packets in a particular order such that the worst-case computational
complexity is realized in the algorithm utilized to determine
if reassembly of the fragments can take place.
The fix obtained from NetBSD CVS head with a command:
cvs diff -D 2017-01-24 -D 2017-09-01 \
src/racoon/handler.h \
src/racoon/isakmp.c \
src/racoon/isakmp_frag.c \
src/racoon/isakmp_inf.c
While here, add LICENSE.
PR: 225066
Approved by: VANHULLEBUS Yvan (maintainer timeout, 3 months)
Obtained from: NetBSD
MFH: 2018Q1
Security: CVE-2016-10396
the command line added by patch-ssh.c misapplies to 7.7p1 and
moves from main() to to ssh_session2(). This breaks ssh SSHFP
support for non-canonical hostnames. For example, "ssh zinc"
correctly discovers the FQDN (zinc.ee.lbl.gov) and uses it to
look up A and AAAA records but the non-canonical version (zinc)
is used in the SSHFP record lookup which or course fails.
Regenerate the patch.
Reviewed by: bdrewery, ler (mentor)
Approved by: bdrewery, ler (mentor)
Differential Revision: https://reviews.freebsd.org/D15053
Bugfixes and some new features. Most notable fix:
- CVE-2018-9860 Fix a bug decrypting TLS CBC ciphertexts which could
for a malformed ciphertext cause the decryptor to read and HMAC an
additional 64K bytes of data which is not part of the record. This
could cause a crash if the read went into unmapped memory. No
information leak or out of bounds write occurs.
PR: 227455
Submitted by: maintainer
* gpg,gpgsm: New option --request-origin to pretend requests coming
from a browser or a remote site.
* gpg: Fix race condition on trustdb.gpg updates due to too early
released lock. [#3839]
* gpg: Emit FAILURE status lines in almost all cases. [#3872]
* gpg: Implement --dry-run for --passwd to make checking a key's
passphrase straightforward.
* gpg: Make sure to only accept a certification capable key for key
signatures. [#3844]
* gpg: Better user interaction in --card-edit for the factory-reset
sub-command.
* gpg: Improve changing key attributes in --card-edit by adding an
explicit "key-attr" sub-command. [#3781]
* gpg: Print the keygrips in the --card-status.
* scd: Support KDF DO setup. [#3823]
* scd: Fix some issues with PC/SC on Windows. [#3825]
* scd: Fix suspend/resume handling in the CCID driver.
* agent: Evict cached passphrases also via a timer. [#3829]
* agent: Use separate passphrase caches depending on the request
origin. [#3858]
* ssh: Support signature flags. [#3880]
* dirmngr: Handle failures related to missing IPv6 support
gracefully. [#3331]
* Fix corner cases related to specified home directory with
drive letter on Windows. [#3720]
* Allow the use of UNC directory names as homedir. [#3818]
* deskutils/grantleetheme
* deskutils/kdepim
* deskutils/kdepim-apps-libs
* deskutils/libkdepim
* net/akonadi-calendar
* net/akonadi-contacts
* net/akonadi-mime
* net/akonadi-notes
* net/akonadi-search
* net/calendarsupport
* net/eventviews
* net/incidenceeditor
* net/kalarmcal
* net/kblog
* net/kcalcore
* net/kcalutils
* net/kcontacts
* net/kdav
* net/kdenetwork-filesharing
* net/kget
* net/kidentitymanagement
* net/kimap
* net/kldap
* net/kmailtransport
* net/kmbox
* net/kmime
* net/kontactinterface
* net/kpimtextedit
* net/krdc
* net/krfb
* net/ksmtp
* net/ktnef
* net/libgravatar
* net/libkgapi
* net/libksieve
* net/mailcommon
* net/mailimporter
* net/messagelib
* net/pimcommon
* net/zeroconf-ioslave
* security/libkleo
This is the current version of KDE Applications <foo>.
Note that users of KDE SC4 should stick with <foo>-kde4.
This adds a slew of KDE Pim related ports and some of their dependencies.
Note, that KDE Pim has a history of working poorly on FreeBSD.
