Commit graph

11818 commits

Author SHA1 Message Date
wiz
4261c9f611 nettle: update to 3.8.
NEWS for the Nettle 3.8 release

	This release includes a couple of new features, and many
	performance improvements. It adds assembly code for two more
	architectures: ARM64 and S390x.

	The new version is intended to be fully source and binary
	compatible with Nettle-3.6. The shared library names are
	libnettle.so.8.5 and libhogweed.so.6.5, with sonames
	libnettle.so.8 and libhogweed.so.6.

	New features:

	* AES keywrap (RFC 3394), contributed by Nicolas Mora.

	* SM3 hash function, contributed by Tianjia Zhang.

	* New functions cbc_aes128_encrypt, cbc_aes192_encrypt,
	  cbc_aes256_encrypt.

	  On processors where AES is fast enough, e.g., x86_64 with
	  aesni instructions, the overhead of using Nettle's general
	  cbc_encrypt can be significant. The new functions can be
	  implemented in assembly, to do multiple blocks with reduced
	  per-block overhead.

	  Note that there's no corresponding new decrypt functions,
	  since the general cbc_decrypt doesn't suffer from the same
	  performance problem.

	Bug fixes:

	* Fix fat builds for x86_64 windows, these appear to never
          have worked.

	Optimizations:

	* New ARM64 implementation of AES, GCM, Chacha, SHA1 and
	  SHA256, for processors supporting crypto extensions. Great
	  speedups, and fat builds are supported. Contributed by
	  Mamone Tarsha.

	* New s390x implementation of AES, GCM, Chacha, memxor, SHA1,
	  SHA256, SHA512 and SHA3. Great speedups, and fat builds are
	  supported. Contributed by Mamone Tarsha.

	* New PPC64 assembly for ecc modulo/redc operations,
	  contributed by Amitay Isaacs, Martin Schwenke and Alastair
	  D´Silva.

	* The x86_64 AES implementation using aesni instructions has
	  been reorganized with one separate function per key size,
	  each interleaving the processing of two blocks at a time
	  (when the caller processes multiple blocks with each call).
	  This gives a modest performance improvement on some
	  processors.

	* Rewritten and faster x86_64 poly1305 assembly.

	Known issues:

	* Nettle's testsuite doesn't work out-of-the-box on recent
	  MacOS, due to /bin/sh discarding the DYLD_LIBRARY_PATH
	  environment variable. Nettle's test scripts handle this in
	  some cases, but currently fails the test cases that are
	  themselves written as /bin/sh scripts. As a workaround, use

	  make check EMULATOR='env DYLD_LIBRARY_PATH=$(TEST_SHLIB_DIR)'

	Miscellaneous:

	* Updated manual to current makeinfo conventions, with no
	  explicit node pointers. Generate pdf version with texi2pdf,
	  to get working hyper links.

	* Added square root functions for NIST ecc curves, as a
	  preparation for supporting compact point representation.

	* Reworked internal GCM/ghash interfaces, simplifying assembly
	  implementations. Deleted unused GCM C implementation
	  variants with less than 8-bit lookup table.
2022-07-03 09:46:45 +00:00
ryoon
3f802fe5c3 *: Recursive revbump from audio/pulseaudio 2022-07-02 16:53:03 +00:00
wiz
22afbb436d gnupg2: fix possible security issue
Per
https://www.openwall.com/lists/oss-security/2022/06/30/1
using upstream patch.

Bump PKGREVISION.
2022-06-30 14:48:55 +00:00
nia
04f4eef997 *: Revbump packages that use Python at runtime without a PKGNAME prefix 2022-06-30 11:18:01 +00:00
wiz
77c316d7a3 camlp4: remove
camlp4 is an outdated way to build packages with caml and does not work
with pkgsrc ocaml versions for more than a year.

Remove camlp4 and all packages using it.

Ok jaapb@
2022-06-29 07:54:38 +00:00
wiz
8292204475 *: recursive bump for perl 5.36 2022-06-28 11:30:51 +00:00
fcambus
81aa03d447 *: drop maintainership for packages not related to toolchains and ELF. 2022-06-27 15:29:13 +00:00
jperkin
da65efd873 openssl: Update to 1.1.1p.
Approved during freeze by gdt@, tested on SmartOS and macOS.

Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]

    o Fixed additional bugs in the c_rehash script which was not properly
      sanitising shell metacharacters to prevent command injection
      (CVE-2022-2068)
2022-06-21 18:48:39 +00:00
mef
58c247d627 (security/opendnssec2) regen distinfo, was not just updated 2022-06-14 22:28:12 +00:00
wiz
bbe1319ed0 py-cyclonedx-python-lib: update to 2.5.1.
2.5.1

Fix

    Add missing Vulnerability comparator for sorting (#246) (c3f3d0d)

2.5.0

Feature

    Use SortedSet in model to improve reproducibility - this will provide predictable ordering of various items in generated CycloneDX documents - thanks to @RodneyRichardson (8a1c404)

Documentation

    Fix typo "This is out" -> "This is our" (ef0278a)

2.4.0

Feature

    deps: Remove unused typing-extensions constraints (2ce358a)
2022-06-13 09:59:01 +00:00
wiz
66ade018e6 botan: update to 2.19.2.
Version 2.19.2
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

* Add support for parallel computation in Argon2 (GH #2937 #2926)

* Add SSSE3 implementation of Argon2 (GH #2937 #2927)

* The OpenSSL provider was incompatible with OpenSSL 3.0.
  It has been removed (GH #2902)

* Avoid using reserve in secure_vector appending, which caused
  a performance problem (GH #2945 #2920)

* Fix TLS::Text_Policy behavior when X25519 is disabled
  at build time (GH #2894)

* Fix several warnings from Clang (#2888 #2886)
2022-06-13 09:23:57 +00:00
he
53dd263cbb Update OpenDNSSEC2 to version 2.1.10.
Upstream changes:

OpenDNSSEC 2.1.10 - 2021-09-10

* OPENDNSSEC-957: Fix exit code signer daemon to not always report failure.
* OPENDNSSEC-958: Fix immediate resalting after migration from 1.4.
* OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count
  that is deemed too high.
* SUPPORT-265: Resolve conflict when deleting keys from HSM whilst
  also performing step in key roll process.  Typically a message
  "key_data_update failed" is present in logs.
* Provided RedHat/CentOS spec file in contrib directory.
2022-06-12 08:54:05 +00:00
kim
40491cd477 security/ca-certificates: Add configurability for certificate store
- The location of the system certificate store can now be set using
  a new configuration file (ca-certificates-dir.conf).

- Installing the certificates to the system certificate store must
  be enabled by the administrator.
2022-06-12 07:05:30 +00:00
pin
8121d24661 security/pleaser: update to 0.5.3
-Fix bug regarding 'require_pass'
2022-06-10 21:34:44 +00:00
gdt
6320731b63 security/ca-certificates: Clarify and adjust language
Point out that this is from Debian and that Debian's policy is unclear
(it's not on HOMEPAGE at least; they probably do have one).

Note that modification outside of the package's files is either to
base or to pkgsrc openssl.

Clarify that there's a supported way to exclude particular certs as
trust anchors.
2022-06-10 13:14:10 +00:00
pin
062159b0a0 security/pleaser: update to 0.5.2
-do not read config files that have already been processed
-permit reason (-r) strings as regex matches
-%{HOSTNAME} expands to hostname in regex rules
-suggest -d when invoked with cd and cd is not located
-new option of timeout for password prompt
-new option of target_group for run/edit
2022-06-10 07:32:13 +00:00
adam
b8ecb52c15 py-acme py-certbot*: updated to 1.28.0
1.28.0

Added

Updated Apache/NGINX TLS configs to document contents are based on ssl-config.mozilla.org

Changed

A change to order finalization has been made to the acme module and Certbot:
An order's certificate field will only be processed if the order's status is valid.
An order's error field will only be processed if the order's status is invalid.
2022-06-08 12:00:00 +00:00
wiz
e17b4d65c4 polkit: really bump PKGREVISION 2022-06-07 18:11:25 +00:00
wiz
101ed7e233 polkit: remove introspection option, enabling it by default
It was default-on, but bump PKGREVISION to be on the safe side
for those who disabled it.
2022-06-07 18:03:55 +00:00
wiz
90009786b8 libsecret: remove introspection option, enabling it by default
It was default-on, but this commit also makes gobject-introspection
a build dependency, so bump PKGREVISION.
2022-06-07 18:00:18 +00:00
wiz
348fdac7c7 lasso: fix PLIST for fixed gtk-doc
and depend on it. Bump PKGREVISION.
2022-06-07 07:39:45 +00:00
adam
a10392083a botan2: add PLIST.Darwin; pkglint fixes 2022-06-05 14:17:27 +00:00
wiz
9cd9622739 sudo: fix unportable test(1) operators 2022-06-03 07:58:34 +00:00
bsiegert
d97b2d854f Revbump all Go packages after go118 update 2022-06-02 18:51:56 +00:00
mef
12d4814408 (security/R-sodium) import R-sodium-1.2.0
(Once I did import with wrong directory name, R-soduim, and I noticed
that before I did commit security/Makefile and doc/CHANGES-2022,
so those two are correct, but I did not notice the necessity of correcting
importing commit, now re-importing the correct name, I hope,
sorry and thanks leot@)

Bindings to 'libsodium': a modern, easy-to-use software library for
encryption, decryption, signatures, password hashing and more. Sodium
uses curve25519, a state-of-the-art Diffie-Hellman function by Daniel
Bernstein, which has become very popular after it was discovered that
the NSA had backdoored Dual EC DRBG.
2022-05-30 21:45:41 +00:00
mef
60fbe1c67e (R-soduim) Sorry, wrong directory name, thanks leot@ 2022-05-30 21:35:08 +00:00
mef
dc61c73e2b Added security/R-sodium version 1.2.0 2022-05-30 16:32:47 +00:00
mef
68ee8b21b1 (security/R-soduim) import R-sodium-1.2.0
Bindings to 'libsodium': a modern, easy-to-use software library for
encryption, decryption, signatures, password hashing and more. Sodium
uses curve25519, a state-of-the-art Diffie-Hellman function by Daniel
Bernstein, which has become very popular after it was discovered that
the NSA had backdoored Dual EC DRBG.
2022-05-30 16:30:25 +00:00
pin
c895c34031 security/gpg-tui: update to 0.9.0
[0.9.0] - 2022-05-27
Added
    Support customizing key bindings (#6)
    Add a separate script for preparing the test environment

Changed
    Bump dependencies
    Bump the Rust version in Dockerfile
    Update man page about custom key bindings

Fixed
    Fix the formatting
    Update application handler tests about custom key bindings
    Update custom key binding handler test
    Fix the keycode handler test
    Fix typo in the script name

Removed
    Remove edition key from rustfmt config
2022-05-29 17:36:42 +00:00
wiz
72a8b81be2 py-pip-audit: update to 2.3.1.
## [2.3.1] - 2022-05-24

### Fixed

* CLI: A bug causing the terminal's cursor to disappear on some
  versions of CPython was fixed
  ([#280](https://github.com/trailofbits/pip-audit/issues/280))
2022-05-29 07:47:05 +00:00
wiz
35e3550a10 cargo-audit: update to 0.17.0.
Changes not found.
2022-05-29 07:36:34 +00:00
wen
0557116a0a Update to 20211001
Upstream changes:
20211001
  - Update mk-ca-bundle.pl and Mozilla data to 2021-10-01 (Aaron Rowe)
  - Improve metadata for license information (Shoichi Kaji)
2022-05-29 00:58:14 +00:00
taca
bf4b55921e security/php-pecl-mcrypt: update to 1.0.5
1.0.5 (2022-05-23)

* Add support for PHP 8.1.  (Don't use deprecated null value.)
2022-05-28 10:14:22 +00:00
wiz
41c3656ed3 py-pip-audit: update to 2.3.0.
## [2.3.0] - 2022-05-18

### Added

* CLI: The `--ignore-vuln` option has been added, allowing users to
  specify vulnerability IDs to ignore during the final report
  ([#275](https://github.com/trailofbits/pip-audit/pull/275))

* CLI: The `--no-deps` flag has been added, allowing users to skip dependency
  resolution entirely when `pip-audit` is used in requirements mode
  ([#255](https://github.com/trailofbits/pip-audit/pull/255))
2022-05-28 08:58:27 +00:00
adam
9e2aa5a3d0 gnutls: updated to 3.7.6
Version 3.7.6 (released 2022-05-27)

** libgnutls: Fixed invalid write when gnutls_realloc_zero()
   is called with new_size < old_size. This bug caused heap
   corruption when gnutls_realloc_zero() has been set as gmp
   reallocfunc
2022-05-28 06:03:41 +00:00
wen
0383e768be Update to 0.88
Upstream changes:
[Changes for 0.88 - Sat Dec 18 11:34:44 CST 2021]

* Update PAUSE keys to 2022. (@skaji)
2022-05-28 04:52:55 +00:00
wen
473b261fcb Update to 0.076
Upstream changes:
0.076   2022-01-07
        - fix #80 github actions (mac, windows, cygwin)
        - fix #79 isolate ltc functions (via -Wl,--exclude-libs,ALL)
        - fix #68 Segmentation fault on Apache due to symbol clash with libasn1

0.075   2021-12-25
        - fix #78 bundled libtomcrypt update branch:develop (commit:673f5ce2 2021-06-04)

0.074   2021-11-06
        - fix #75 Missing methods _sadd + _ssub in Math::BigInt::LTM
        - fix #76 Tests failing for numbers with multiple underscore characters (Math::BigInt::LTM)
2022-05-28 03:33:39 +00:00
wen
705ba7fdb7 Update to 0.28
Upstream changes:
0.28    Mon Oct 25 11:38:55 JST 2021
        - Support OpenSSL 3.0.
2022-05-28 03:26:37 +00:00
wiz
f39792045c {lib,}fwbuilder: remove
No upstream development since 2012, fwbuilder does not build in
any recent bulk builds.
2022-05-25 21:39:58 +00:00
jaapb
0cb733c72b Replaced mk/ocaml.mk with lang/ocaml/ocaml.mk in ocaml packages 2022-05-24 18:59:20 +00:00
jaapb
5f05f46db9 Recursive revbump associated with update of ocaml.
Also change of mk/ocaml.mk to lang/ocaml/ocaml.mk.
2022-05-24 18:51:47 +00:00
nia
e29a3270ff sudo: Use OPSYS_VERSION 2022-05-24 09:47:54 +00:00
nikita
32638782dc pleaser: switch to USE_GITLAB. 2022-05-24 09:38:44 +00:00
gutteridge
a9cd09ba59 py-gnupg: incompatible with Python 2.7 (un-break bulk builds) 2022-05-23 01:02:26 +00:00
adam
c55cf1910b py-gnupg: updated to 0.4.9
0.4.9

Added a status attribute to the returned object from gen_key() which is set to 'ok' if a key was successfully created, or 'key not created' if that was reported by gpg, or None in any other case.
Provided the ability to add subkeys. Thanks to Daniel Kilimnik for the feature request and patch.
Added keygrip values to the information collected when keys are listed. Thanks to Daniel Kilimnik for the feature request and patch.
Added extra_args to send_keys(), recv_keys() and search_keys() to allow passing options relating to key servers.
2022-05-22 12:17:38 +00:00
taca
6f9ac9275d security/php-ssdeep: restrict php56 and php74
* Resrict this package for php56 and php74.
* Update HOMEPAGE.

(Not updated more than 4 years.)
2022-05-21 16:22:55 +00:00
mef
a960824a63 (security/R-openssl) Updated 2.0.0 to 2.0.1
2.0.1
 - Fix a unit test for a changed error message in openssl 3.0.2
2022-05-21 12:48:58 +00:00
adam
81cd60f443 py-asyncssh: updated to 2.10.1
Release 2.10.1 (16 Apr 2022)
----------------------------

* Added support for "Match Exec" in config files and updated AsyncSSH
  API calls to do config parsing in an executor to avoid blocking the
  event loop if a "Match Exec" command doesn't return immediately.

* Fixed an issue where settings associated with server channels set
  when creating a listener rather than at the time a new channel is
  opened were not always being applied correctly.

* Fixed config file handling to be more consistent with OpenSSH, making
  all relative paths be evaluated relative to ~/.ssh and allowing
  references to config file patterns which don't match anything to only
  trigger a debug message rather than an error. Thanks go to Caleb Ho
  for reporting this issue!

* Update minimum required version of cryprography package to 3.1, to
  allow calls to it to be made without passing in a "backend" argument.
  This was missed back in the 2.9 release. Thanks go to Github users
  sebby97 and JavaScriptDude for reporting this issue!

Release 2.10.0 (26 Mar 2022)
----------------------------

* Added new get_server_auth_methods() function which returns the set
  of auth methods available for a given user and SSH server.

* Added support for new line_echo argument when creating a server
  channel which controls whether input in the line editor is echoed
  to the output immediately or under the control of the application,
  allowing more control over the ordering of input and output.

* Added explicit support for RSA SHA-2 certificate algorithms.
  Previously, SHA-2 signatures were supported using the original
  ssh-rsa-cert-v01@openssh.com algorithm name, but recent versions
  of SSH now disable this algorithm by default, so the new SHA-2
  algorithm names need to be advertised for SHA-2 signatures to
  work when using OpenSSH certificates.

* Improved handling of config file loading when options argument is
  used, allowing config loading to be overridden at connect() time
  even if the options passed in referenced a config file.

* Improved speed of unit tests by avoiding some network timeouts
  when connecting to invalid addresses.

* Merged GitHub workflows contributed by GitHub user hexchain to
  run unit tests and collect code coverage information on multiple
  platforms and Python versions. Thanks so much for this work!

* Fixed issue with GSS auth unit tests hanging on Windows.

* Fixed issue with known_hosts matching when ProxyJump is being used.
  Thanks go to GitHub user velavokr for reporting this and helping
  to debug it.

* Fixed type annotations for SFTP client and server open methods.
  Thanks go to Marat Sharafutdinov for reporting this!
2022-05-20 12:09:48 +00:00
adam
4e0f7c366e py-google-reauth: updated to 0.1.1
0.1.1
Raise an exception for SAML reauth challenges.
Ensure code coverage is back at 100%.
2022-05-19 07:42:01 +00:00
khorben
9163a302d2 lasso: fix the build with inkscape installed
Basically lasso installs additional files when Inkscape is available,
which it would normally re-generate but are already in the source tree.

This unconditionally caches "/bin/false" as the path to Inkscape, which:

* will always behave the same (install the missing files)
* will break if they ever have to be re-generated (thus exposing the
  issue directly, which is a good thing)

In addition since lasso can provide additional documentation when
gtk-doc is installed, I have enabled this by default as well.

Bumps PKGREVISION.

Reviewed by manu@, thanks!
2022-05-19 01:23:31 +00:00