18:25 Po-Chuan Hsieh (sunpoet) 

security/py-service-identity: Add py-service-identity 23.1.0

Use this package if:
- you want to verify that a PyCA cryptography certificate is valid for a certain
  hostname or IP address,
- or if you use pyOpenSSL and don’t want to be MITMed,
- or if you want to inspect certificates from either for service IDs.

service-identity aspires to give you all the tools you need for verifying
whether a certificate is valid for the intended purposes. In the simplest case,
this means host name verification. However, service-identity implements RFC 6125
fully.

    96195f8

18:25 Po-Chuan Hsieh (sunpoet) 

security/py-truststore: Add py-truststore 0.7.0

Truststore is a library which exposes native system certificate stores (ie
"trust stores") through an ssl.SSLContext-like API. This means that Python
applications no longer need to rely on certifi as a root certificate store.
Native system certificate stores have many helpful features compared to a static
certificate bundle like certifi:
- Automatically update certificates as new CAs are created and removed
- Fetch missing intermediate certificates
- Check certificates against certificate revocation lists (CRLs) to avoid
  monster-in-the-middle (MITM) attacks
- Managed per-system rather than per-application by a operations/IT team
- PyPI is no longer a CA distribution channel

Right now truststore is a stand-alone library that can be installed globally in
your application to immediately take advantage of the benefits in Python 3.10+.
Truststore has also been integrated into pip as an opt-in method for verifying
HTTPS certificates with truststore instead of certifi.

Long-term the hope is to make truststore the default way to verify HTTPS
certificates in pip and to add this functionality into Python itself. Wish us
luck!

    a5abdad

18:43 Emanuel Haupt (ehaupt) 

security/git-credential-azure: Add new port

git-credential-azure is a Git credential helper that authenticates to
Azure Repos (dev.azure.com). Azure Repos is part of Azure DevOps.

The first time you authenticate, the helper opens a browser window to
Microsoft login. Subsequent authentication is non interactive.

    57acd56

13:01 Robert Clausecker (fuz)  Author: Jesús Daniel Colmenares Oviedo

security/su-exec: New port: Switch user and group id and exec

su-exec is a simple tool that will simply execute a program with
different privileges. The program will be executed directly and not
run as a child, like su and sudo does, which avoids TTY and signal
issues.

WWW: https://github.com/ncopa/su-exec

PR:		272867

    4ec063f

09:57 Nuno Teixeira (eduardo) 

security/R-cran-sodium: New port: R bindings to libsodium

Bindings to libsodium: a modern, easy-to-use software library for
encryption, decryption, signatures, password hashing and more. Sodium
uses curve25519, a state-of-the-art Diffie-Hellman function by Daniel
Bernstein, which has become very popular after it was discovered that
the NSA had backdoored Dual EC DRBG.

WWW: https://cran.r-project.org/web/packages/sodium/

    4b13302

11:02 Dima Panov (fluffy) 

security/botan3: add Botan 3.1.1 release (+)

Introduce Botan 3.x branch as separated concurrent port to allow consumers
migrate in their own progress due to API/ABI incompatibility between 2.x/3.x
releases

Release notes:	https://botan.randombit.net/news.html#version-3-0-0-2023-04-11
		https://botan.randombit.net/news.html#version-3-1-0-2023-07-11
		https://botan.randombit.net/news.html#version-3-1-1-2023-07-13

    37dfbb1

07:21 Hiroki Tagato (tagattie) 

security/bitwarden-cli: add port: Bitwarden client command-line interface

The Bitwarden CLI is a powerful, full-featured command-line interface
(CLI) tool to access and manage a Bitwarden vault. The CLI is written
with TypeScript and Node.js and can be run on Windows, macOS, and
Linux distributions.

WWW: https://bitwarden.com

Requested by:	000.fbsd@quip.cz (via ports)
Tested by:	000.fbsd@quip.cz

    d2062f3

07:46 Tobias C. Berner (tcberner) 

security/py-cryptography: copy port to -legacy variant prior to update

A future commit will update to security/py-cryptography will introduce a
rust dependency.

PR:		254853

    c380909c

20:45 Dave Cottlehuber (dch) 

security/monocypher: NEW PORT - easy to use, deploy, auditable crypto library

It is written in portable C, and approaches the size of TweetNaCl,
and the speed of libsodium.

Reviewed by:	zirias
Sponsored by:	SkunkWerks, GmbH

    3ebf55c

18:46 Jason E. Hale (jhale) 

security/*gpgme*: Update to 1.21.0

Split out the headers shared between the qt5 and qt6 flavors of
security/gpgme-qt to security/gpgme-qt-headers so that they no longer
conflict.

https://dev.gnupg.org/T6585

    143072f

10:15 Po-Chuan Hsieh (sunpoet) 

security/py-httpx-auth: Add py-httpx-auth 0.17.0

httpx-auth provides authentication classes to be used with httpx authentication
parameter.

    31a40d7

10:15 Po-Chuan Hsieh (sunpoet) 

security/py-certomancer: Add py-certomancer 0.11.0

Quickly construct, mock & deploy PKI test configurations using simple
declarative configuration. Includes CRL, OCSP and time stamping service
provisioning.

    4288ad7

21:48 John Hixson (jhixson) 

security/sssd-devel: New port

Add new port sss-devel. This updates sssd to version 2.9.0. This is a
development version to be used to get out all the kinks before replacing
the current security/sssd port.

Changes:

https://sssd.io/release-notes/sssd-2.0.0.html
https://sssd.io/release-notes/sssd-2.1.0.html
https://sssd.io/release-notes/sssd-2.2.0.html
https://sssd.io/release-notes/sssd-2.3.0.html
https://sssd.io/release-notes/sssd-2.4.0.html
https://sssd.io/release-notes/sssd-2.5.0.html
https://sssd.io/release-notes/sssd-2.6.0.html
https://sssd.io/release-notes/sssd-2.7.0.html
https://sssd.io/release-notes/sssd-2.8.0.html
https://sssd.io/release-notes/sssd-2.9.0.html

    8ed50ce

07:34 Muhammad Moinur Rahman (bofh) 

security/openssl_tpm_engine: Remove expired port

2023-07-02 security/openssl_tpm_engine: Requires older openssl and upstream
unmaintained since 2017

    788dde9

05:48 Muhammad Moinur Rahman (bofh) 

security/rubygem-omniauth-cas3: Remove expired port

2023-06-30 security/rubygem-omniauth-cas3: Deprecated by upstream. The
repository has been archived by the owner on Aug 23, 2022

Approved by:	portmgr (blanket)

    b739d82

17:53 Cy Schubert (cy) 

security/krb5-118: Remove expired MIT KRB5 1.18 port

    0adf433

08:28 Yuri Victorovich (yuri) 

security/zlint: New port: X.509 certificate linter

    558ce1e

16:54 Vinícius Zavam (egypcio) 

[NEW] security/webtunnel-tor: Pluggable Transport based on HTTPT

  WebTunnel is a pluggable transport for Tor that attempts to imitate
  web browsing activities based on HTTPT, a Probe-Resistant Proxy.

  *
https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel

Sponsored by:	TorBSD Diversity Project, TDP
Sponsored by:	The Tor Project

    ad63312

20:12 Rene Ladan (rene) 

security/p5-OpenCA-OpenSSL: Remove expired port

2023-03-21 security/p5-OpenCA-OpenSSL: Broken since 2021

    adfb021

20:12 Rene Ladan (rene) 

security/p5-OpenCA-PKCS7: Remove expired port

2023-06-21 security/p5-OpenCA-PKCS7: Depends on expired
security/p5-OpenCA-OpenSSL

    4f5f7c3

15:25 Matthias Fechner (mfechner) 

www/gitlab-ce: added newly required ports for version 16.1

rubygem-net-http 0.1.1 is required due to:
https://gitlab.com/gitlab-org/gitlab/-/issues/413528

    9d4482b

14:57 Muhammad Moinur Rahman (bofh) 

*/*php83*: Sunrise

Please DO NOT use this version in production, it is an early test
version.

For upgrade notes please visit:
https://github.com/php/php-src/blob/php-8.3.0alpha1/UPGRADING

Changelog: https://github.com/php/php-src/blob/php-8.3.0alpha1/NEWS
Sponsored by:	Bounce Experts

    95967c2

05:32 Charlie Li (vishwin) 

security/py-sequoia: remove

Deprecated upstream; security/sequoia no longer includes the parts
necessary for this to work. PySequoia is the designated replacement
and will be ported later, and MOVED will be updated accordingly.

PR: 256877
Approved by: phryk-ports[at]wzff[dot]de (maintainer, transfer)
Event: SouthEast LinuxFest 2023

    bc10672

05:32 Charlie Li (vishwin) 

security/sequoia: convert to meta-port and update

sq split to security/sequoia-sq. More programs to be ported later.
FFI deprecated upstream and removed from the port.

PR: 256877
Approved by: phryk-ports[at]wzff[dot]de (maintainer, transfer)
Event: SouthEast LinuxFest 2023

    3835bb2

22:47 Matthew Seaman (matthew)  Author: Jamie Landeg-Jones

security/py-certbot-dns-standalone: New port

Standalone DNS Authenticator plugin for Certbot

This is a plugin that uses an integrated DNS server to respond to the
_acme-challenge records, so the domain's records do not have to be modified.

PR:	271889

    c69de36

18:35 Cy Schubert (cy) 

security/krb5-121: Welcome new krb5 1.21

Welcome the new krb5-121 (1.21) from MIT.

krb5-119 is now deprecated and scheduled for removal a year from
now.

    49e70b3

18:46 Po-Chuan Hsieh (sunpoet) 

security/rubygem-omniauth-cas3-oauth2: Remove obsoleted port

Use security/rubygem-omniauth-cas3 instead.

    2f2379d

18:52 Emanuel Haupt (ehaupt) 

security/git-credential-oauth: Add new port

git-credential-oauth is a Git credential helper that securely
authenticates to GitHub, GitLab, BitBucket and Gerrit using OAuth.

The first time you push, the helper will open a browser window to
authenticate. Subsequent pushes within storage lifetime require no
interaction.

    633a5f5

12:09 Rene Ladan (rene) 

security/esteidfirefoxplugin: Remove expired port:

2023-05-28 security/esteidfirefoxplugin: Upstream last release in 2013 and has
been migrated into other products of upstream

    f279a8b

12:09 Rene Ladan (rene) 

security/keynote: Remove expired port:

2023-05-28 security/keynote: Upstream last release in 2000

    93a6bf2

12:07 Rene Ladan (rene) 

security/zxid: Remove expired port:

2023-05-27 security/zxid: Do not build with OpenSSL 1.1.1e and later

    28db060

12:07 Rene Ladan (rene) 

security/p5-Net-SAML: Remove expired port:

2023-05-27 security/p5-Net-SAML: Depends on deprecated security/zxid

    3249a3a

23:43 Po-Chuan Hsieh (sunpoet) 

security/rubygem-doorkeeper562: Remove obsoleted port

Use security/rubygem-doorkeeper instead.

    1a5c92b

23:43 Po-Chuan Hsieh (sunpoet) 

security/rubygem-ed2551912: Remove obsoleted port

Use security/rubygem-ed25519 instead.

    b3de475

04:48 Nicola Vitale (nivit) 

security/transcrypt: Add new port

A script to configure transparent encryption of sensitive files stored in a Git
repository. Files that you choose will be automatically encrypted when you
commit them, and automatically decrypted when you check them out. The process
will degrade gracefully, so even people without your encryption password can
safely commit changes to the repository's non-encrypted files.

Transcrypt protects your data when it's pushed to remotes that you may not
directly control (e.g., GitHub, Dropbox clones, etc.), while still allowing you
to work normally on your local working copy. You can conveniently store things
like passwords and private keys within your repository and not have to share
them with your entire team or complicate your workflow.

https://github.com/elasticdog/transcrypt

    ea3df33

08:19 Robert Clausecker (fuz)  Author: rihaz jerrin

security/ismtp: Test for SMTP user enumeration, internal spoofing, and relay

SMTP user enumeration (RCPT TO and VRFY), internal spoofing, and open
relay.  A tool that tests for all three and comes with great
flexibility. iSMTP does just that, making it much easier to knock that
process out of the way.

WWW: https://github.com/altjx/ipwn/tree/master/iSMTP

PR:		270304

    6da2b6f

03:37 Kai Knoblich (kai) 

security/py-netbox-secrets: New port

This is the continuation of the NetBox Secretstore app. The original
plugin is minimally maintained and has a lot of issues.

This plugin is a complete rewrite of the original plugin.  It is more
generic and flexible than the original plugin.  It is also regularly
tested with the latest NetBox releases to ensure compatibility and
stability.

Features:

* Store secrets in the database encrypted with a public key (RSA)
* More generic and flexible than the original plugin (e.g. secrets
  can be assigned to any object in NetBox)
* Secrets can be assigned to contacts to associate them with
  a secret (e.g. SSH key)
* Updated user interface to make it easier to use and more intuitive
  to navigate
* Regularly tested with the latest NetBox releases to ensure
  compatibility and stability

MFH:		2023Q2 (in 3 weeks, to provide a migration path for
		security/py-netbox-secretstore, which is deprecated)

    1976bf9

03:29 Jason E. Hale (jhale) 

security/gpgme-qt: Flavorize for new Qt6 bindings

Rename security/gpgme-qt5 to security/gpgme-qt and flavorize to
allow building qt5 and qt6 flavors.

Adjust dependencies and bump PORTREVISION on consumers.

Fix installation of optional Doxgen docs.

    f247211

06:53 Felix Palmen (zirias) 

security/tlsc: Add new port

Tlsc is a little BSD-licensed daemon that allows to connect non-TLS
clients to TLS-enabled services.

It's kept simple, so uses all-standard options for TLS and doesn't
implement anything else (like e.g. STARTTLS or doing service-side).

Approved by:	tcberner (mentor, implicit)

    cf234c8

18:26 Jose Alonso Cardenas Marquez (acm) 

security/py-iris-intelowl-module: New port: IntelOwl IRIS module

iris-intelowl-module is a IRIS processor module providing open-source threat
intelligence leveraging IntelOlw analyzers, to enrich indicators of compromise.

    18a6934

21:50 Jose Alonso Cardenas Marquez (acm) 

security/py-iris-evtx-module: New port: Example of IRIS module, handling EVTX
files

An interface module for Evtx2Splunk and Iris in order to ingest Microsoft EVTX
log files. The module is installed on IRIS by default. In case you needed a
procedure to install it by yourself, you can follow the one below.

    dae915d

03:53 Jose Alonso Cardenas Marquez (acm) 

security/py-iris-vt-module: New port: IRIS Module enriching IOCs with VT
insights

An interface module for VT and Iris to automatically enrich IOCs with VT
insight.

    0b2a355f

03:46 Jose Alonso Cardenas Marquez (acm) 

security/py-iris-webhooks-module: New port: IRIS module offering support for
webhooks

An interface module that allows to call webhooks from IRIS.

    858d116

03:31 Jose Alonso Cardenas Marquez (acm) 

security/py-iris-check-module: New port: A simple processor module for IRIS

An Iris Module that simply replies to every hooks

    0d27d93

03:24 Jose Alonso Cardenas Marquez (acm) 

security/py-iris-misp-module: New port: IRIS module interfacing MISP with IRIS

An interface module for MISP and Iris to automatically enrich IOCs with MISP
insight.

    0e13ed1

03:14 Jose Alonso Cardenas Marquez (acm) 

security/py-iris-module-interface: New port: Base interface for modules of Iris

This Python package is used by IRIS modules to interact and extend IRIS
capabilities. It's the interface which module have to use to communicate with
the platform.

    03bf39e

23:32 Jose Alonso Cardenas Marquez (acm) 

security/py-flask-bcrypt: New port: Flask extension that provides bcrypt hashing
utilities for your application

Flask-Bcrypt is a Flask extension that provides bcrypt hashing utilities for
your application.

Due to the recent increased prevalence of powerful hardware, such as modern
GPUs, hashes have become increasingly easy to crack. A proactive solution to
this is to use a hash that was designed to be "de-optimized". Bcrypt is such a
hashing facility; unlike hashing algorithms such as MD5 and SHA1, which are
optimized for speed, bcrypt is intentionally structured to be slow.

For sensitive data that must be protected, such as passwords, bcrypt is an
advisable choice.

    0b98cb4

22:47 Jose Alonso Cardenas Marquez (acm) 

security/py-iris-client: New port: Python client for DFIR-IRIS

dfir_iris_client offers a Python interface to communicate with IRIS.

It relies exclusively on the API, which means output of the methods are the
same as specified in the API reference.

    9c3c097

06:08 Jose Alonso Cardenas Marquez (acm) 

security/caldera: New port: Automated Adversary Emulation Platform

CALDERA a cyber security platform designed to easily automate adversary
emulation, assist manual red-teams, and automate incident response.

It is built on the MITRE ATT&CK framework and is an active research project
at MITRE.

The framework consists of two components:

- The core system. This is the framework code, consisting of what is available
  in this repository. Included is an asynchronous command-and-control (C2)
  server with a REST API and a web interface.
- Plugins. These repositories expand the core framework capabilities and
  providing additional functionality. Examples include agents, reporting,
  collections of TTPs and more.

    84e20fa

02:26 Jose Alonso Cardenas Marquez (acm) 

security/py-dirhash: New port: Python module and CLI for hashing of file system
directories

A lightweight python module and CLI for computing the hash of any directory
based on its files structure and content.

- Supports all hashing algorithms of Python's built-in hashlib module.
- Glob/wildcard (".gitignore style") path matching for expressive filtering of
  files to include/exclude.
- Multiprocessing for up to 6x speed-up

The hash is computed according to the Dirhash Standard, which is designed to
allow for consistent and collision resistant generation/verification of
directory hashes across implementations.

    ddef073

22:03 Jose Alonso Cardenas Marquez (acm) 

security/py-aiohttp-security: New port: security for aiohttp.web

The library provides identity and authorization for aiohttp.web

    eb19c26

18:00 Po-Chuan Hsieh (sunpoet) 

security/py-pyhanko: Add py-pyhanko 0.17.2

The lack of open-source CLI tooling to handle digitally signing and stamping PDF
files was bothering me, so I went ahead and rolled my own.

Note: The working title of this project (and former name of the repository on
GitHub) was pdf-stamp, which might still linger in some references.

    5e663a4

14:31 Matthias Fechner (mfechner) 

www/gitlab-ce: added newly required ports for version 15.10

    3ab74c0

13:36 Po-Chuan Hsieh (sunpoet) 

security/rubygem-openssl221: Remove obsoleted port

Use security/rubygem-openssl instead.

    80e88b6

20:06 Eugene Grosbein (eugen) 

new port: security/cpfx

PFX decoder for CryptoPro GOST R 34.10-2012 implementation

    acb81ef

20:04 Eugene Grosbein (eugen) 

new port: security/pygost

PyGOST is pure Python 2.7/3.x GOST cryptographic functions library.

    08e811b

17:29 Po-Chuan Hsieh (sunpoet) 

security/rubygem-rasn1: Add rubygem-rasn1 0.12.1

Rasn1 is a ruby ASN.1 library to encode, parse and decode ASN.1 data in DER
format.

    e4a5bcb

17:29 Po-Chuan Hsieh (sunpoet) 

security/py-detect-secrets: Add py-detect-secrets 1.4.0

detect-secrets is an aptly named module for (surprise, surprise) detecting
secrets within a code base.

However, unlike other similar packages that solely focus on finding secrets,
this package is designed with the enterprise client in mind: providing a
backwards compatible, systematic means of:
 1. Preventing new secrets from entering the code base,
 2. Detecting if such preventions are explicitly bypassed, and
 3. Providing a checklist of secrets to roll, and migrate off to a more secure
    storage.

This way, you create a separation of concern: accepting that there may currently
be secrets hiding in your large repository (this is what we refer to as a
baseline), but preventing this issue from getting any larger, without dealing
with the potentially gargantuan effort of moving existing secrets away.

It does this by running periodic diff outputs against heuristically crafted
regex statements, to identify whether any new secret has been committed. This
way, it avoids the overhead of digging through all git history, as well as the
need to scan the entire repository every time.

    4bead35

17:29 Po-Chuan Hsieh (sunpoet) 

*/Makefile: Sort SUBDIRs

    6527bbb

14:15 Gleb Popov (arrowd)  Author: Alexey Yushkin

security/howdy: Face recognition based authentication provider.

Co-authored-by:	Alexey Donskov <voxnod@gmail.com>
Co-authored-by: Gleb Popov <arrowd@FreeBSD.org>

Sponsored by:	Serenity Cybersecurity, LLC

    93eaa54

23:59 Muhammad Moinur Rahman (bofh) 

security/teleport: Update version 4.4.12=>5.2.5

This port was marked to expire on 2023-03-31 but there was another port
security/teleport5 with more recent version from upstream. So move
security/teleport5 to security/teleport.

Pet portlint/portclippy while I am here.

Approved by:	portmgr (blanket)

    301d2b5

23:59 Muhammad Moinur Rahman (bofh) 

security/openvpn25: Remove expired port:

2023-03-31 security/openvpn25: replaced by new upstream release 2.6.0

    2bfed05

23:59 Muhammad Moinur Rahman (bofh) 

security/portsentry: Remove expired port:

2023-03-31 security/portsentry: Abandoned, upstream is dead and last release was
back in 2003

    2223282

23:59 Muhammad Moinur Rahman (bofh) 

security/openscep: Remove expired port:

2023-03-31 security/openscep: Do not support recent RFC 8894

    b8a99dc

11:38 Gleb Popov (arrowd)  Author: Alexey Yushkin

security/pam_howdy: + PAM module for Howdy Face Recognition.

This is a beta version for the upcoming release.

Co-authored-by: Alexey Donskov <voxnod@gmail.com>

Reviewed by:	arrowd

    8bb4370

15:07 Matthias Fechner (mfechner) 

www/gitlab-ce: fix dependency problem

Starting gitlab fails with error:
rake aborted!
NoMethodError: undefined method `active_record_options' for
#<Doorkeeper::Config:0x000000081fb0f0c8 @orm=:active_record,
@default_generator_method=:hex,
@authenticate_resource_owner=#<Proc:0x000000081fb0ed80
/usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb:13>,
@resource_owner_from_credentials=#<Proc:0x000000081fb0ec68
/usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb:25>,
@refresh_token_enabled=true, @enforce_configured_scopes=true,
@force_ssl_in_redirect_uri=false, @forbid_redirect_uri=#<Proc:0x000000081fb0ea10
/usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb:67>,
@enable_application_owner=true,
@default_scopes=#<Doorkeeper::OAuth::Scopes:0x000000081fb17e30 @scopes=["api"]>,
@optional_scopes=#<Doorkeeper::OAuth::Scopes:0x000000081fb177f0
@scopes=["read_api", "read_user", "read_repository", "write_repository", "sudo",
"openid", "profile", "email"]>, @access_token_methods=[:from_access_token_param,
:from_bearer_authorization, :from_bearer_param],
@token_secret_strategy=Gitlab::DoorkeeperSecretStoring::Token::Pbkdf2Sha512,
@token_secret_fallback_strategy=Doorkeeper::SecretStoring::Plain,
@application_secret_strategy=Gitlab::DoorkeeperSecretStoring::Secret::Pbkdf2Sha512,
@application_secret_fallback_strategy=Doorkeeper::SecretStoring::Plain,
@grant_flows=["authorization_code", "password", "client_credentials"],
@skip_authorization=#<Proc:0x000000081fb1ce58
/usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb:109>,
@base_controller="::Gitlab::BaseDoorkeeperController",
@skip_client_authentication_for_password_grant=true,
@application_model=Doorkeeper::Application(id: integer, name: string, uid:
string, secret: string, redirect_uri: text, scopes: string, created_at:
datetime, updated_at: datetime, owner_id: integer, owner_type: string, trusted:
boolean, confidential: boolean, expire_access_tokens: boolean),
@access_grant_model=Doorkeeper::AccessGrant(id: integer, resource_owner_id:
integer, application_id: integer, token: string, expires_in: integer,
redirect_uri: text, created_at: datetime, revoked_at: datetime, scopes: string,
code_challenge: text, code_challenge_method: text),
@access_token_model=Doorkeeper::AccessToken(id: integer, resource_owner_id:
integer, application_id: integer, token: string, refresh_token: string,
expires_in: integer, revoked_at: datetime, created_at: datetime, scopes:
string)>

          if
Doorkeeper.configuration.active_record_options[:establish_connection]
                                     ^^^^^^^^^^^^^^^^^^^^^^
/usr/local/www/gitlab-ce/config/environment.rb:7:in `<top (required)>'

This is caused by a breaking change in doorkeeper 5.6.3, so fix on version 5.6.2
for now.
https://github.com/doorkeeper-gem/doorkeeper/blob/main/CHANGELOG.md

An upgrade of doorkeeper-openid_connect to 1.8.5 is not possible, as this brings
another breaking dependency shift from json-jwt to jwt, which causes again other
dependecy breaks.

Downgrading doorkeeper is for now the best solution.

    5c3f9ae

19:19 Po-Chuan Hsieh (sunpoet) 

security/rubygem-rack-oauth21: Add rubygem-rack-oauth21 1.21.3 (copied from
rubygem-rack-oauth2)

- Add PORTSCOUT

    ae445d3

19:19 Po-Chuan Hsieh (sunpoet) 

*/Makefile: Sort SUBDIRs

    f2fb2ea

03:49 Romain Tartière (romain) 

security/pam_rssh: New port

This PAM module provides ssh-agent based authentication. The primary
design goal is to avoid typing password when you sudo on remote servers.
Instead, you can simply touch your hardware security key (e.g.
Yubikey/Canokey) to fulfill user verification. The process is done by
forwarding the remote authentication request to client-side ssh-agent as
a signature request.

    d856093

18:24 Bernard Spil (brnrd) 

security/openssl31: Add OpenSSL 3.1 release port

Reported by:	ngie
Differential Revision:	https://reviews.freebsd.org/D38938

    39c5850

18:19 Bernard Spil (brnrd) 

security/openssl-devel: Rename to security/openssl30

 * Align with the upstream "release" status
 * Avoid confusion with OpenSSL 3.1

Reported by:	ngie
Differential Revision:	https://reviews.freebsd.org/D38938

    98749c4

09:50 Tobias C. Berner (tcberner) 

security/libomemo-c: new port -- for of libsignal-protocol-c with OMEMO support

This is a fork of libsignal-protocol-c, an implementation of Signal's
ratcheting forward secrecy protocol that works in synchronous and asynchronous
messaging. The fork adds support for OMEMO as defined in XEP-0384 versions
0.3.0 and later.

* OMEMO version 0.3.0 uses the original libsignal-protocol-c implementation
with its protocol versions 2 and 3.

* OMEMO version 0.4.0+ is implemented using a new protocol version 4
internally. In comparison with protocol version 3, it changes:
*  HKDF info strings
*  Protocol buffer encoding
*  Signature scheme (uses XEd25519 instead of custom "Curve25519 signatures")
*  Specification-compliant double ratchet
*  Support for Ed25519 public keys
*  Various serializations
*  Removes unused functionality

WWW: https://github.com/dino/libomemo-c

    0656fbe

18:22 Gleb Popov (arrowd) 

security/linux-c7-ca-certificates: + Mozilla certificates for Linuxulator.

Sponsored by:	Serenity Cybersecurity, LLC

    0ffd3fc

02:42 Romain Tartière (romain) 

security/pam_u2f: New port

This module implements PAM over U2F and FIDO2, providing an easy way to
integrate the YubiKey (or other U2F/FIDO2 compliant authenticators) into
your existing infrastructure.

    3cbf478

23:36 Robert Clausecker (fuz)  Author: Seyed Pouria Mousavizadeh Tehrani

security/ssh-import-id: new port

You're logged onto a cloud instance working on a problem with your
fellow devs, and you want to invite them to log in and take a look
at these crazy log messages. What to do?

Oh. You have to ask them to cat their public SSH key, paste it into
IRC (wait, no, it's id_rsa.pub, not id_rsa silly!) then you copy it
and cat it to the end of authorized_hosts.

That's where ssh-import-id comes in. With ssh-import-id, you can add
the public SSH keys from a known, trusted online identity to grant
SSH access.

Currently supported identities include Github and Launchpad.

WWW: https://git.launchpad.net/ssh-import-id

Submitter is first time maintainer.

PR:		265835
Approved by:	flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38681

    d24b805

11:01 Robert Clausecker (fuz)  Author: Clockwork6400

security/pam_fprint: revive port

pam_fprint is a simple PAM module which uses libfprint's fingerprint
processing and verification functionality for authentication. In other
words, instead of seeing a password prompt, you're asked to scan your
fingerprint.

Submitter becomes maintainer.  Is already maintainer of other ports.

PR:		269554
Approved by:	flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38628

    cae60e6

11:01 Robert Clausecker (fuz) 

security/openssl-agent: New port: OpenSSL key agent and client utils

OpenSSL key agent and client utilities.

The aim of these utilities is to provide an openssl-rsautl(1) drop-in
replacement for performing cryptographic operations using a private key
that is unlocked for the session, similar to OpenSSH's ssh-agent(1).

The port's author is known to the maintainer but wishes not to be named.

WWW: https://git.build2.org/cgit/openssl-agent/tree/README

Obtained from:	anonymous author
Approved by:	flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38630

    b6a3351

12:58 Po-Chuan Hsieh (sunpoet) 

security/py-pem: Add py-pem 21.2.0

pem is an MIT-licensed Python module for parsing and splitting of PEM files,
i.e. Base64-encoded DER keys and certificates.

It runs on Python 3.7+, has no dependencies, and does not attempt to interpret
the certificate data in any way.

It's born from the need to load keys, certificates, trust chains, and DH
parameters from various certificate deployments: some servers (like Apache)
expect them to be a separate file, others (like nginx) expect them concatenated
to the server certificate and finally some (like HAProxy) expect key,
certificate, and chain to be in one file.

Additionally to the vanilla parsing code, pem also contains helpers for Twisted
that save a lot of boilerplate code.

    0421e03

12:58 Po-Chuan Hsieh (sunpoet) 

*/Makefile: Sort SUBDIRs

    a2e9b4a

21:32 Matthias Andree (mandree) 

security/openvpn*: update to 2.6.0, keep openvpn25

- copy openvpn to openvpn25, mark as deprecated and to expire March 31

- update openvpn to openvpn 2.6.0, highlights from Frank Lichtenheld's
  release announcement e-mail, slightly edited:

 * Data Channel Offload (DCO) kernel acceleration support for Windows,
   Linux, and FreeBSD [14].
 * OpenSSL 3 support
 * Improved handling of tunnel MTU, including support for pushable MTU.
 * Outdated cryptographic algorithms disabled by default, but there are
   options to override if necessary.
 * Reworked TLS handshake, making OpenVPN immune to replay-packet state
   exhaustion attacks.
 * Added --peer-fingerprint mode for a more simplistic certificate setup
   and verification.
 * Improved protocol negotiation, leading to faster connection setup.

ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.0/Changes.rst

    6853ab1

12:26 Fernando Apesteguía (fernape)  Author: Daniel

security/kc: update to 2.5.1

kc24 was a transient port to easy the migration of the database. Later on, the
original kc port was obsoleted. Rename kc24 to kc to match upstream again and
update to latest version.

PR:		268842
Reported by:	leva@ecentrum.hu (maintainer)

    d4fef53

20:52 Juraj Lutter (otis) 

security/py-badkeys: Add new port

badkeys is a tool and a library to check cryptographic public keys for
known vulnerabilities.

    2d756eb

16:41 Tobias C. Berner (tcberner) 

security/keysmith: new port - Application to generate 2fa tokens

Keysmith is an application to generate two-factor authentication (2FA)
tokens when logging in to your (online) accounts. Currently it supports
both HOTP and TOTP tokens.

WWW:		https://invent.kde.org/utilities/keysmith

    77596f3

03:19 Vanilla I. Shu (vanilla) 

security/lua-argon2: New port

Lua C binding for the Argon2 password hashing function. Compatible with Lua 5.x
and LuaJIT.

PR:		268039
Reported by:	Manuel Wiesinger <manuel at mmap.at>

    0eb692f

12:47 Dag-Erling Smørgrav (des) 

security/opie: New port: One-time Passwords In Everything

Differential Revision: https://reviews.freebsd.org/D37963

    3d4de6d

05:59 Yuri Victorovich (yuri) 

security/diswall: New port: Distributed firewall

    6a09bf4

08:06 Daniel Engberg (diizzy)  Author: Michael Reim

security/teleport5: New port: Centralized access gateway using the SSH protocol

This ports main purpose is to provide an upgrade path for users to
Teleport 6 and newer versions. New installations are STRONGLY
discouraged until we have version 7.X in tree.

PR:		268604

    efc9e9c

10:16 Yuri Victorovich (yuri) 

security/authoscope: New port: Scriptable network authentication cracker

    21e13cb

14:59 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-06-30 security/py-pycrypto: Unmaintained, obsolete, and contains security
vulnerabilities. Use security/py-pycryptodome instead

    d22a548

02:50 Alexey Dokuchaev (danfe) 

Restore three ports removed too early and assume their maintainership.

    a95989d

01:33 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-12-31 security/libfprint: Very outdated, unsupported upstream which now
have systemd as a non optional requirement
2022-12-31 security/fprint_demo: Depends on deprecated library libfprint
2022-12-31 security/fprintd: Very outdated, unsupported upstream which now have
systemd as a non optional requirement

    995d4ad

03:36 Koichiro Iwao (meta) 

security/gokey: New port: Simple password manager writen in Go

PR:		268587

    aeccccd

19:36 Muhammad Moinur Rahman (bofh) 

*/*php74*: Sunset php 7.4

As per upstream php 7.4 has reached it's EOL on 2022-11-22. Remove php74
from the tree. Default version of php has already been switched to 8.1.

Approved by:	portmgr (blanket infrastructure)
Sponsored by:	Bounce Experts

    0d310d7

05:07 Lewis Cook (lcook) 

security/osv-scanner: Vulnerability scanner written in Go which uses the OSV
database

Use OSV-Scanner to find existing vulnerabilities affecting your projects
dependencies.

OSV-Scanner provides an officially supported frontend to the OSV database
that connects a projects list of dependencies with the vulnerabilities
that affect them. Since the OSV.dev database is open source and distributed,
it has several benefits in comparison with closed source advisory databases
and scanners:

* Each advisory comes from an open and authoritative source.
* Anyone can suggest improvements to advisories, resulting in a very high
  quality database.
* The OSV format unambiguously stores information about affected versions
  in a machine-readable format that precisely maps onto a developers list
  of packages.

The above all results in fewer, more actionable vulnerability notifications,
which reduces the time needed to resolve them.

WWW: https://github.com/google/osv-scanner

    b2dc69c

06:33 Fernando Apesteguía (fernape)  Author: Marco

security/crowdsec-blocklist-mirror: New port: CrowdSec Blocklist Mirror

ChangeLog: https://github.com/crowdsecurity/cs-blocklist-mirror

This bouncer exposes CrowdSec's active decisions via provided HTTP endpoints in
pre-defined formats. It can be used by network appliances which support
consumption of blocklists via HTTP.

PR:		268105
Reported by:	marco@crowdsec.net

    4fde381

01:44 Koichiro Iwao (meta)  Author: Rozhuk Ivan

security/gostsum: New port:Implementation of GOST R 34.11-94, GOST R 34.11-2012
hash functions

PR:		268343

    47cc96f

14:22 Muhammad Moinur Rahman (bofh) 

security/local-php-security-checker: New port

The Local PHP Security Checker is a command line tool that checks if
your PHP application depends on PHP packages with known security
vulnerabilities. It uses the Security Advisories Database behind the
scenes availble from https://github.com/FriendsOfPHP/security-advisories

PR:		261148
Reported by:	einar@isnic.is
Tested by:	bofh
Approved by:	einar@isnic.is (Submitter is maintainer)

    0a6ca5e

04:36 Yasuhiro Kimura (yasu) 

security/py-{acme,certbot*}: Update to 2.0.0

ChangeLog:	https://github.com/certbot/certbot/releases/tag/v2.0.0
PR:		267913
Approved by:	maintainer timeout

    65cc12e

18:36 Muhammad Moinur Rahman (bofh) 

security/rubygem-omniauth-saml1: New port

A generic SAML strategy for OmniAuth

Sponsored by:	Nepustil

    524a93c

04:16 Yuri Victorovich (yuri) 

security/openfhe: New port: Open-source Fully Homomorphic Encryption library

    6373568