22:25 sunpoet 

Add rubygem-net-ssh4 4.2.0 (copied from rubygem-net-ssh)

- Add PORTSCOUT

 

22:24 sunpoet 

Add rubygem-ed25519 1.2.4

ed25519.rb is a Ruby binding to the Ed25519 elliptic curve public-key signature
system described in RFC 8032.

Two implementations are provided: a MRI C extension which uses the "ref10"
implementation from the SUPERCOP benchmark suite, and a pure Java version based
on str4d/ed25519-java.

Ed25519 is one of two notable algorithms implemented atop the Curve25519
elliptic curve. The x25519 gem is a related project of this one, and implements
the X25519 Diffie-Hellman key exchange algorithm on the Montgomery form of
Curve25519.

WWW: https://github.com/crypto-rb/ed25519

 

21:44 tcberner 

Update lang/ghc 8.4.2 and the hs-* ports the newer versions

* Update lang/ghc to 8.4.2
* Update the boostrap compiler to 8.4.1
* Update the many hs-* ports
* Bump the rest

Thanks a lot to arrowd for doing all the heavy lifting :)

PR:		227968
Exp-run by:	antoine
Submitted by:	arrowd
Differential Revision:	https://reviews.freebsd.org/D15005

 

17:20 antoine 

New port: security/py-rekall_lib

Support libraries for the Rekall framework.

WWW: http://www.rekall-forensic.com/

 

18:06 miwi 

Flask-SAML is an extension for the Flask web application micro framework
that implements Security Association Markup Language (SAML) authentication.

WWW: https://bitbucket.org/asecurityteam/flask_saml

PR:		225202
Submitted by:	John W. O'Brien <john@saltant.com>
Sponsored by:	iXsystems Inc.

 

08:39 meta 

net-im/rubygem-earthquake: Remove port

This port has been broken for years and no longer maintained by upstream.

Also, remove security/rubygem-jugyo_twtter_oauth. It is a fork of
twitter_oauth[1] and required only by net-im/rubygem-earthquake.

[1] https://rubygems.org/gems/twitter_oauth

Approved by:	hrs (mentor)
Differential Revision:	https://reviews.freebsd.org/D15441

 

15:59 miwi 

GSSAPI Negotiate HTTP authentication for Flask routes.

WWW: https://github.com/mkomitee/flask-kerberos

PR:		225199
Submitted by:	John W. O'Brien <john@saltant.com>
Sponsored by:	iXsystems Inc.

 

20:49 antoine 

- pywinrm is named pywinrm, not winrm
- pywinrm is not python3 ready

Reported by:	pkg-fallout

 

18:55 pi 

New port: security/py-winrm

Python library for Windows Remote Management (WinRM)

WWW: https://github.com/diyan/pywinrm

PR:		226450
Submitted by:	rozhuk.im@gmail.com

 

18:32 pi 

New port: security/py-requests-credssp

An authentication handler for using CredSSP with Python Requests.

WWW: https://github.com/jborean93/requests-credssp

PR:		226448
Submitted by:	rozhuk.im@gmail.com

 

12:38 pi 

New port: security/p5-Crypt-Perl

Cryptography in pure perl, needs no non-core XS dependencies.

WWW: http://search.cpan.org/dist/Crypt-Perl/

 

10:57 pi 

New port: security/p5-Bytes-Random-Secure-Tiny

A tiny Perl extension to generate cryptographically-secure random bytes.

It provides random bytes from a cryptographically secure random
number generator (ISAAC), seeded from strong entropy sources on a
wide variety of platforms. It does so without external dependencies
(except on Windows), and has a minimal but useful user interface
patterned after the module Bytes::Random::Secure.

WWW: http://search.cpan.org/dist/Bytes-Random-Secure-Tiny/

 

20:20 pi 

New port: security/p5-Crypt-X509-CRL

Crypt::X509::CRL is an object oriented X.509 certificate
revocation list parser with numerous methods for directly
extracting information from certificate revocation lists

WWW: http://search.cpan.org/dist/Crypt-X509-CRL/

PR:		228074
Submitted by:	Sergei Vyshenski <svysh.fbsd@gmail.com>

 

06:24 yuri 

New port: openvpn-auth-script/Makefile: Generic script-based deferred auth
plugin for OpenVPN

PR:		226492
Submitted by:	Phil DeMonaco <pdemon@gmail.com>

 

19:06 rene 

Remove expired ports:
2018-04-30 databases/rubygem-seed-fu236: Obsoleted by update of www/gitlab.
Please use databases/rubygem-seed-fu
2018-04-30 security/polarssl13: has reached end of life

 

17:15 krion 

gopass is a rewrite of the pass password manager in Go with the aim
of making it cross-platform and adding additional features.

PR:		227845
Submitted by:	Sascha Holzleiter <sascha@root-login.org>

 

20:29 tcberner 

Import the KDE Plasma5 ports

This is an import of the Plasma5 ports that we have had in the development
repository for quite some time now.

Please note:
 * Plasma5 cannot be installed at the same time as KDE SC4.
 * Qt5 assumes /etc/localtime to be a symlink to a tz file, not a regular file.
 * To start plasma5, it is recommended to use something like
       exec ck-launch-session startkde
 * Powermanagement and such is not working :-)

I would like to thank all the people that have helped test it in the past years.

Reviewed by:	adridg
Differential Revision:	https://reviews.freebsd.org/D15096

 

17:32 seanc 

Add new port: security/teleport

Gravitational Teleport ("Teleport") is a modern SSH server for remotely
accessing clusters of FreeBSD or Linux servers via SSH or HTTPS. It is
intended to be used instead of sshd. Teleport enables teams to easily
adopt the best SSH practices like:

- Integrated SSH credentials with your organization Google Apps identities or
  other OAuth identitiy providers.
- Teleport uses certificate-based access with automatic expiration time
- Enforcement of 2nd factor authentication
- Cluster introspection: every Teleport node becomes a part of a cluster
  and is visible on the Web UI
- Record and replay SSH sessions for knowledge sharing and auditing purposes
- Collaboratively troubleshoot issues through session sharing
- Connect to clusters located behind firewalls without direct Internet
  access via SSH bastions

Teleport is built on top of the high-quality Golang SSH implementation
and it is compatible with OpenSSH.

Initially submitted by:	staticwizard@hotmail.com in ports/219332

PR:		ports/219332
Approved by:	swills (mentor)
Reviewed by:	yuri, swills, pi
Differential Revision:	https://reviews.freebsd.org/D14576

 

23:58 sunpoet 

Add p5-Crypt-OpenSSL-Guess 0.01

Crypt::OpenSSL::Guess provides helpers to guess OpenSSL include path on any
platforms.

Often MacOS's homebrew OpenSSL cause a problem on installation due to include
path is not added. Some CPAN module provides to modify include path with
configure-args, but Carton or Module::CPANfile is not supported to pass
configure-args to each modules. Crypt::OpenSSL::* modules should use it on your
Makefile.PL.

This module resolves the include path by Net::SSLeay's workaround. Original code
is taken from inc/Module/Install/PRIVATE/Net/SSLeay.pm by Net::SSLeay.

WWW: http://search.cpan.org/dist/Crypt-OpenSSL-Guess/

 

20:56 jbeich 

security/py-zxcvbn-python: update to 4.4.25 and rename

Changes:	https://github.com/dwolfhub/zxcvbn-python/compare/v4.4.23...v4.4.25

 

19:39 tcberner 

New ports: security/kgpg, security/kleopatra, security/kwalletmanager

This is the current version of KDE Applications <foo>.
Note that users of KDE SC4 should stick with <foo>-kde4.

 

19:09 tcberner 

New ports: KDE Applications net/ and dependencies

* deskutils/grantleetheme
* deskutils/kdepim
* deskutils/kdepim-apps-libs
* deskutils/libkdepim
* net/akonadi-calendar
* net/akonadi-contacts
* net/akonadi-mime
* net/akonadi-notes
* net/akonadi-search
* net/calendarsupport
* net/eventviews
* net/incidenceeditor
* net/kalarmcal
* net/kblog
* net/kcalcore
* net/kcalutils
* net/kcontacts
* net/kdav
* net/kdenetwork-filesharing
* net/kget
* net/kidentitymanagement
* net/kimap
* net/kldap
* net/kmailtransport
* net/kmbox
* net/kmime
* net/kontactinterface
* net/kpimtextedit
* net/krdc
* net/krfb
* net/ksmtp
* net/ktnef
* net/libgravatar
* net/libkgapi
* net/libksieve
* net/mailcommon
* net/mailimporter
* net/messagelib
* net/pimcommon
* net/zeroconf-ioslave
* security/libkleo

This is the current version of KDE Applications <foo>.
Note that users of KDE SC4 should stick with <foo>-kde4.

This adds a slew of KDE Pim related ports and some of their dependencies.
Note, that KDE Pim has a history of working poorly on FreeBSD.

 

18:29 sunpoet 

Add rubygem-omniauth-jwt 0.0.2

JSON Web Token (JWT) is a simple way to send verified information between two
parties online. This can be useful as a mechanism for providing Single Sign-On
(SSO) to an application by allowing an authentication server to send a validated
claim and log the user in. This is how Zendesk does SSO, for example.

OmniAuth::JWT provides a clean, simple wrapper on top of JWT so that you can
easily implement this kind of SSO either between your own applications or allow
third parties to delegate authentication.

WWW: https://github.com/mbleigh/omniauth-jwt

 

04:52 yuri 

New port: security/py-netmiko: Multi-vendor library to simplify SSH connections
to network devices

PR:		227088
Submitted by:	Kai <freebsd_ports@k-worx.org>

 

03:32 yuri 

New port: security/py-scp: Scp module for paramiko

PR:		224423
Submitted by:	Sergey Akhmatov <sergey@akhmatov.ru>

 

21:29 mandree 

Reinstate support for GTK2 (rather than GTK3) as an OPTION.

While here, add a putty-gtk2 slave port and update _CONFLICTS.

Since the default package does not change, and pkg would handle conflicts
around attempted installation of the new -gtk2 package, omit the
PORTREVISION bump from Miroslav's original patch.

PR:		227200
Submitted by:	Miroslav Lachman

 

15:13 pi 

security/owasp-dependency-check: add missing security/Makefile entry

PR:		226206
Reported by:	antoine

 

15:38 sunpoet 

Remove expired security/rubygem-rpam2-3

 

14:19 feld 

kr enables SSH to authenticate with a key stored in a Krypton (iOS or
Android) mobile app. kr runs as an SSH agent, called krd. When a Krypton
private key operation is needed for authentication, krd routes this
request to the paired mobile phone, where the user decides whether to
allow the operation or not. The private key never leaves the phone.

WWW: https://krypt.co

 

23:20 dbaio 

Add security/setaudit: Tool to specify audit configurations on a process

With setaudit it is possible to specify audit configurations on a process
directly at the runtime.

All audit events are redirected to the auditd(8), an audit log management
daemon.

Example of enabling all exe related audit events performed by a command and its
child processes:

  # setaudit -m ex command

WWW: https://github.com/csjayp/setaudit

PR:		226627
Submitted by:	Mateusz Piotrowski <0mp@FreeBSD.org>

 

08:57 tz 

Resurrect security/rubygem-doorkeeper as security/rubygem-doorkeeper42

www/gitlab depends on the 4.2.x version and is currently broken without it

 

15:10 mfechner 

New ports required for gitlab update to 10.5.x.

Reviewed by:	tz (mentor)
Approved by:	tz (mentor)
Differential Revision:	https://reviews.freebsd.org/D14840

 

15:18 jrm 

Copy security/rubygem-rpam2 to security/rubygem-rpam2-3 to fix
security/rubygem-devise_pam_authenticatable2 build breakage

The only port requiring security/rubygem-rpam2,
security/rubygem-devise_pam_authenticatable2, requires rpam2 ~> 3.0 [1].
The prematre update of security/rubygem-rpam2 to version 4.0.0 broke the
build of security/rubygem-devise_pam_authenticatable2 [2].

[1] https://rubygems.org/gems/devise_pam_authenticatable2/versions/9.0.0
[2]
http://pkg.awarnach.mathstat.dal.ca/data/11amd64-default/2018-03-22_12h03m21s/logs/errors/rubygem-devise_pam_authenticatable2-9.0.0.log

Pointy-hat: sunpoet

 

13:13 bapt 

Python library and command line tool for configuring any YubiKey over all USB
transports.

WWW: https://developers.yubico.com/yubikey-manager/

 

00:57 jrm 

Add new Ruby Gem dependency ports for upcoming Mastodon v2.3.1

multimedia/rubygem-streamio-ffmpeg
WWW: http://github.com/streamio/streamio-ffmpeg

security/rubygem-devise_pam_authenticatable2
WWW: http://github.com/devkral/devise_pam_authenticatable2

security/rubygem-omniauth-cas
WWW: https://github.com/dlindahl/omniauth-cas

security/rubygem-rpam2
WWW: http://github.com/devkral/rpam2

 

18:21 tcberner 

Move security/qtkeychain-qt[45] to security/qtkeychain and create flavors

Reviewed by:	Gleb Popov <6yearold_gmail.com>
Approved by:	portmgr (mat)

 

08:39 yuri 

New port: security/py-ntlm-auth: Create NTLM authentication structures

Approved by:	tcberner (mentor, implicit)

 

15:56 jhale 

New port: security/py-python-nss

python-nss is a Python binding for NSS (Network Security Services)
and NSPR (Netscape Portable Runtime). NSS provides cryptography
services supporting SSL, TLS, PKI, PKIX, X509, PKCS*, etc. NSS is
an alternative to OpenSSL and used extensively by major software
projects. NSS is FIPS-140 certified.

NSS is built upon NSPR because NSPR provides an abstraction of
common operating system services, particularly in the areas of
networking and process management. Python also provides an abstraction
of common operating system services but because NSS and NSPR are
tightly bound, python-nss exposes elements of NSPR.

WWW:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_binding_for_NSS

 

07:35 yuri 

security/obfsproxy: Unbreak; Rename to security/py-obfsproxy-tor

Port changes:
* Unbreak: removed unnecessary lines in setup.py that were failing
* Changed MASTER_SITES to CHEESESHOP
* Added PKGNAMEPREFIX as every python port should have
* Added PKGNAMESUFFIX=-tor to easily identify as being for Tor
* Added LICENSE_FILE
* Deleted pkg-plist
* Added USE_PYTHON=autoplist instead of pkg-plist
* Added USE_PYTHON=noflavors (an app)
* Added NO_ARCH
* Updated WWW

Approved by:	tcberner (mentor, implicit)
Approved by:	portmgr (port compliance, infrastructure)

 

15:04 sunpoet 

Add rubygem-aes_key_wrap 1.0.1

AESKeyWrap is a Ruby implementation of AES Key Wrap (RFC 3394, a.k.a. NIST Key
Wrap).

WWW: https://github.com/tomdalling/aes_key_wrap

 

13:01 wg 

security/py-asyncssh: Python asnycio SSH protocol library

AsyncSSH is a Python package which provides an asynchronous client
and server implementation of the SSHv2 protocol on top of
the Python asyncio framework. It requires Python 3.4 or later
and the Python cryptography library for some cryptographic functions.

WWW: https://github.com/ronf/asyncssh

Submitted by:	Bartosz Prokop

 

19:03 tcberner 

Give the KDE SC4 applications ports a -kde4 suffix

In order to make room for the up-to-date version of the KDE Desktop and its
applications move the KDE Application ports based on Qt4.

PR:		225992
Exp-run by:	antoine
Reviewed by:	rakuco, adridg
Differential Revision:	https://reviews.freebsd.org/D14413

 

14:31 mat 

Add py-certbot-dns-route53, Route53 DNS Authenticator for py-certbot.

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

14:30 mat 

Add py-certbot-dns-rfc2136, RFC 2136 DNS Authenticator for py-certbot.

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

14:30 mat 

Add py-certbot-dns-nsone, NS1 DNS Authenticator for py-certbot.

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

14:30 mat 

Add py-certbot-dns-luadns, LuaDNS Authenticator plugin for py-certbot.

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

14:30 mat 

Add py-certbot-dns-google, Google Cloud DNS Authenticator for py-certbot

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

14:30 mat 

Add py-certbot-dns-dnsmadeeasy, DNS Made Easy DNS Authenticator for py-certbot

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

14:30 mat 

Add py-certbot-dns-dnsimple, DNSimple DNS Authenticator for py-certbot.

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

14:30 mat 

Add py-certbot-dns-digitalocean, DigitalOcean DNS Authenticator plugin for
py-cerbot.

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

14:30 mat 

Add py-certbot-dns-cloudxns, CloudXNS DNS Authenticator plugin for py-certbot.

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

14:30 mat 

Add py-certbot-dns-cloudflare, Cloudflare DNS Authenticator plugin for Certbot

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

14:29 mat 

Add py-certbot-nginx, the nginx plugin for py-certbot.

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

14:29 mat 

Add py-certbot-apache, the Apache plugin for py-certbot.

Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D14262

 

15:19 tz 

security/rubygem-attr_encrypted30: Resurrect port in version 3.0.3

This prepares the update of www/gitlab to 10.4 update
which requires this specific version

Submitted by: Matthias Fechner <idefix@fechner.net>
Reviewed by:  swills, tz

 

08:35 tz 

Hook rubygem-omniauth-shibboleth12

Reported by: antoine

 

16:59 tz 

Bring back dependencies needed to prepare the update of www/gitlab to 10.4

Submitted by: Matthias Fechner <idefix@fechner.net>
Reviewed by:  swills, tz

 

19:58 sunpoet 

Add py-python3-openid 3.1.0

This is a set of Python packages to support use of the OpenID decentralized
identity system in your application, update to Python 3. Want to enable single
sign-on for your web site? Use the openid.consumer package. Want to run your own
OpenID server? Check out openid.server. Includes example code and support for a
variety of storage back-ends.

WWW: https://pypi.python.org/pypi/python3-openid
WWW: https://github.com/necaris/python3-openid

 

16:42 sunpoet 

Remove security/rubygem-openssl20

 

04:19 yuri 

New port: security/sops: Editor of encrypted files that supports YAML, JSON and
BINARY formats

PR:		225267
Submitted by:	Dmitri Goutnik <dg@syrec.org>
Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D14111

 

04:04 cy 

Add the plog an IP Filter log parse utility that summarizes ipmon
output into a tablular form.

I have been using this tool in various forms on my IP Filter firewalls
for almost twenty years. Maybe someone else might find it useful too.

Description from http://www.antibozo.net/ogata/webtools/:

plog is a parser for the logged output of the ipmon utility that is part
of the excellent IP-Filter packet-filtering and NAT package written and
maintained by Darren Reed. plog translates the somewhat garbled output
from ipmon into a report that aids analysis of your firewall traffic.
The current version number is 0.10.

 

01:39 rene 

Remove expired ports:
2018-01-27 emulators/raine: Broken for more than 6 months
2018-01-27 mail/libmapi: Broken for more than 6 months
2018-01-27 www/lessc: Broken for more than 6 months
2018-01-27 www/uglifyjs: Broken for more than 6 months
2018-01-27 www/py-octoprint: Broken for more than 6 months
2018-01-27 www/xpi-noscript: Broken for more than 6 months
2018-01-27 www/npm-less-plugin-clean-css: Broken for more than 6 months
2018-01-27 www/caudium14: Depends on expiring lang/pike78
2018-01-27 www/hinventory-client: Broken for more than 6 months
2018-01-27 security/tclgpg: Broken for more than 6 months
2018-01-27 security/pond: Broken for more than 6 months
2018-01-27 security/mdcrack: Broken for more than 6 months
2018-01-27 devel/npm-commander: Broken for more than 6 months
2018-01-27 devel/py-protocols-devel: Broken for more than 6 months
2018-01-27 devel/py-InlineEgg: Broken for more than 6 months
2018-01-27 devel/npm-amdefine: Broken for more than 6 months
2018-01-27 devel/npm-source-map: Broken for more than 6 months
2018-01-27 devel/libical-glib: Broken for more than 6 months
2018-01-27 devel/npm-graceful-readlink: Broken for more than 6 months
2018-01-27 devel/npm-clean-css: Broken for more than 6 months
2018-01-27 devel/py-ruledispatch: Depends on expiring devel/py-protocols-devel
2018-01-27 games/balazarbrothers: Broken for more than 6 months
2018-01-27 games/libretro-cores: Broken for more than 6 months
2018-01-27 games/gish-demo: Broken for more than 6 months
2018-01-27 games/cheech: Broken for more than 6 months
2018-01-27 audio/mbrolavox: Broken for more than 6 months
2018-01-27 audio/linux-mbrola: Depends on expiring audio/mbrolavox
2018-01-27 audio/gigedit: Broken for more than 6 months
2018-01-27 audio/gnomoradio: Broken for more than 6 months
2018-01-27 math/asir2000: Broken for more than 6 months
2018-01-27 multimedia/librespot: Broken for more than 6 months
2018-01-27 multimedia/bombono: Broken for more than 6 months
2018-01-27 lang/gcl: Broken for more than 6 months
2018-01-27 lang/pike78: Broken for more than 6 months
2018-01-27 shells/ambit: Broken for more than 6 months

 

09:49 brnrd 

security/nextcloud-passman: Add Nextcloud Passman app

 

10:34 woodsb02 

Add new port security/keepass-plugin-keepassrpc

KeePassRPC is a KeePass plugin that allows applications to transfer passwords to
and from KeePass.

One such application is the Kee plugin for Firefox, which adds free, secure and
easy to use password management features to your web browser which save you time
and keep your private data more secure.

WWW: https://www.kee.pm/

 

15:40 cpm 

security/py-josepy: JOSE protocol implementation in Python

JOSE (Javascript Object Signing and Encryption) is a Python implementation
of the standards developed by IETF Javascript Object Signing and Encryption
(Active WG), in particular the following RFCs:

- JSON Web Algorithms (JWA)
- JSON Web Key (JWK)
- JSON Web Signature (JWS)

Originally developed as part of the ACME protocol implementation.

WWW: https://josepy.readthedocs.io/en/latest/

Differential Revision:	https://reviews.freebsd.org/D14013

 

13:20 antoine 

New port: security/py-pyblake2

pyblake2 is an extension module for Python implementing BLAKE2 hash function.

WWW: https://github.com/dchest/pyblake2

 

00:38 jhale 

Update security/pinentry* to 1.1.0 [1]

Add security/pinentry-fltk, fltk frontend [2]

PR:		225190 [1], 225191 [2]
Submitted by:	Dmitri Goutnik <dg@syrec.org>

 

15:43 feld 

Minisign is a dead simple tool to sign files and verify signatures.

It is portable, lightweight, and uses the highly secure Ed25519
public-key signature system.

WWW: https://github.com/jedisct1/minisign

 

17:12 ale 

trezord (short for TREZOR Daemon), or TREZOR Bridge, is a small piece of
software, used for websites, to talk with TREZOR devices.

WWW: https://github.com/trezor/trezord

 

16:54 pizzamig 

security/pecl-mcrypt: Add port

This PHP extension works only with PHP 7.2
It provides an extension deprecated in the last version of PHP

Sponsored by:	trivago N.V.

 

17:11 krion 

Add security/libdecaf

Implementation of elliptic curve cryptography using the Montgomery
and Edwards curves Curve25519, Ed25519, Ed448-Goldilocks and
Curve448, using the Decaf / Ristretto encoding.

Approved by:	mat (mentor)

 

17:00 feld 

A small, self-contained API server written in Ruby and Sinatra to
provide a private backend for the open-source Bitwarden apps.

WWW: https://github.com/jcs/bitwarden-ruby

 

16:51 feld 

A Ruby implementation of the Password-Based Key-Derivation Function v2

WWW: https://github.com/emerose/pbkdf2-ruby

 

15:53 sunpoet 

Sort SUBDIRs

 

13:22 swills 

security/rubygem-rbnacl4: create port

4.x version required by gitlab

PR:		224931
Submitted by:	Matthias Fechner <idefix@fechner.net> (maintainer)

 

11:41 rene 

Remove expired ports:
2017-12-31 security/gnupg20: Will reach EOL upstream on 2017-12-31
2018-01-01 dns/dualserver: Please migrate to dns/dnsmasq. Over the years
dualserver becomes unmaintenaible.
2018-01-01 devel/p5-Parse-Pidl44: yes
2018-01-01 sysutils/DTraceToolkit: Now maintained as part of the base system

 

18:26 yuri 

New port: security/titan: Command line password manager and file encryption
program

Submitted by:	myself
Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D13629

 

13:11 joneum 

New port: security/snuffleupagus

Snuffleupagus is a PHP7+ module designed to drastically raise the cost
of attacks against websites.  This is achieved by killing entire bug
classes and providing a powerful virtual-patching system, allowing the
administrator to fix specific vulnerabilities without having to touch
the PHP code.

WWW: https://snuffleupagus.readthedocs.io/

PR:		224545
Submitted by:	Franco Fichtner <franco@opnsense.org> (maintainer)
Approved by:	rene (mentor)
Differential Revision:	https://reviews.freebsd.org/D13606

 

15:33 yuri 

New port: security/obfs4proxy-tor: Pluggable transport proxy for Tor (obfs4, The
Obfuscator)

PR:		222645
Submitted by:	Vinicius Zavam <egypcio@googlemail.com>
Approved by:	adamw (mentor)
Differential Revision:	https://reviews.freebsd.org/D12524

 

21:42 jrm 

Copy security/rubygem-openssl to create new port,
security/rubygem-openssl20

net-im/mastodon fails to run with newer versions of rubygem-openssl:
https://github.com/ruby/openssl/issues/180 for details.

 

14:07 rene 

Remove two unmaintained ports that were only useful for the AIM network, which
was shut down on 2017-12-15:

net-im/pork
security/aimsniff

 

20:32 feld 

Snort 3 is the next major release of the Snort utility:

Here are some key features of Snort 3:

    Support multiple packet processing threads
    Use a shared configuration and attribute table
    Use a simple, scriptable configuration
    Make key components pluggable
    Autodetect services for portless configuration
    Support sticky buffers in rules
    Autogenerate reference documentation
    Provide better cross platform support
    Facilitate component testing

Additional features on the roadmap include:

    Use a shared network map
    Support pipelining of packet processing
    Support hardware offload and data plane integration
    Support proxy mode
    Windows support

WWW: http://www.snort.org/

 

16:00 feld 

Audit base system against known vulnerabilities and generate reports
including references to security advisories.
It uses pkg audit and Vuxml database as is used for packages but this script
checks base system.

 

11:55 cpm 

security/u2f-devd: Devd hotplug rules for Universal 2nd Factor (U2F) tokens

Automatic device permission handling for Universal 2nd Factor (U2F) USB
authentication tokens.

PR:		224199
Submitted by:	Greg V <greg@unrelenting.technology>

 

04:18 cy 

Welcome the new security/krb5-116 port. This port follows MIT's
KRB5 1.16 releases.

Major changes in 1.16 (2017-12-05)
==================================

Administrator experience:

* The KDC can match PKINIT client certificates against the
  "pkinit_cert_match" string attribute on the client principal entry,
  using the same syntax as the existing "pkinit_cert_match" profile
  option.

* The ktutil addent command supports the "-k 0" option to ignore the
  key version, and the "-s" option to use a non-default salt string.

* kpropd supports a --pid-file option to write a pid file at startup,
  when it is run in standalone mode.

* The "encrypted_challenge_indicator" realm option can be used to
  attach an authentication indicator to tickets obtained using FAST
  encrypted challenge pre-authentication.

* Localization support can be disabled at build time with the
  --disable-nls configure option.

Developer experience:

* The kdcpolicy pluggable interface allows modules control whether
  tickets are issued by the KDC.

* The kadm5_auth pluggable interface allows modules to control whether
  kadmind grants access to a kadmin request.

* The certauth pluggable interface allows modules to control which
  PKINIT client certificates can authenticate to which client
  principals.

* KDB modules can use the client and KDC interface IP addresses to
  determine whether to allow an AS request.

* GSS applications can query the bit strength of a krb5 GSS context
  using the GSS_C_SEC_CONTEXT_SASL_SSF OID with
  gss_inquire_sec_context_by_oid().

* GSS applications can query the impersonator name of a krb5 GSS
  credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with
  gss_inquire_cred_by_oid().

* kdcpreauth modules can query the KDC for the canonicalized requested
  client principal name, or match a principal name against the
  requested client principal name with canonicalization.

Protocol evolution:

* The client library will continue to try pre-authentication
  mechanisms after most failure conditions.

* The KDC will issue trivially renewable tickets (where the renewable
  lifetime is equal to or less than the ticket lifetime) if requested
  by the client, to be friendlier to scripts.

* The client library will use a random nonce for TGS requests instead
  of the current system time.

* For the RC4 string-to-key or PAC operations, UTF-16 is supported
  (previously only UCS-2 was supported).

* When matching PKINIT client certificates, UPN SANs will be matched
  correctly as UPNs, with canonicalization.

User experience:

* Dates after the year 2038 are accepted (provided that the platform
  time facilities support them), through the year 2106.

* Automatic credential cache selection based on the client realm will
  take into account the fallback realm and the service hostname.

* Referral and alternate cross-realm TGTs will not be cached, avoiding
  some scenarios where they can be added to the credential cache
  multiple times.

* A German translation has been added.

 

19:12 yuri 

New port: security/libhijack: Runtime process infection made easy

PR:		221322
Submitted by:	Shawn Webb <shawn.webb@hardenedbsd.org>
Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D13256

 

19:23 rene 

Remove expired port:
2017-12-02 security/krb5-113: EOL twelve months after release of krb5-1.15

 

09:38 rene 

Remove expired port:
2017-11-30 security/webshag: Abandoned

 

21:10 rene 

Remove expired port:
2017-11-29 security/py-rekall_gui: PoC that is no longer supported

 

15:50 mat 

Convert Python ports to FLAVORS.

  Ports using USE_PYTHON=distutils are now flavored.  They will
  automatically get flavors (py27, py34, py35, py36) depending on what
  versions they support.

  There is also a USE_PYTHON=flavors for ports that do not use distutils
  but need FLAVORS to be set.  A USE_PYTHON=noflavors can be set if
  using distutils but flavors are not wanted.

  A new USE_PYTHON=optsuffix that will add PYTHON_PKGNAMESUFFIX has been
  added to cope with Python ports that did not have the Python
  PKGNAMEPREFIX but are flavored.

  USES=python now also exports a PY_FLAVOR variable that contains the
  current python flavor.  It can be used in dependency lines when the
  port itself is not python flavored.  For example, deskutils/calibre.

  By default, all the flavors are generated.  To only generate flavors
  for the versions in PYTHON2_DEFAULT and PYTHON3_DEFAULT, define
  BUILD_DEFAULT_PYTHON_FLAVORS in your make.conf.

  In all the ports with Python dependencies, the *_DEPENDS entries MUST
  end with the flavor so that the framework knows which to build/use.
  This is done by appending '@${PY_FLAVOR}' after the origin (or
  @${FLAVOR} if in a Python module with Python flavors, as the content
  will be the same).  For example:

    RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}six>0:devel/py-six@${PY_FLAVOR}

PR:		223071
Reviewed by:	portmgr, python
Sponsored by:	Absolight
Differential Revision:	https://reviews.freebsd.org/D12464

 

15:52 tz 

New port: security/rubygem-rbnacl-libsodium

rbnacl with bundled libsodium

WWW: https://github.com/cryptosphere/rbnacl-libsodium

Submitted by: Matthias Fechner <idefix@fechner.net>

 

15:41 tz 

New port: security/rubygem-bcrypt_pbkdf

This gem implements bcrypt_pdkfd (a variant of PBKDF2 with bcrypt-based PRF)

WWW: https://github.com/net-ssh/bcrypt_pbkdf-ruby

Submitted by: Matthias Fechner <idefix@fechner.net>

 

03:05 sunpoet 

Add kbfs 1.0.36

kbfs is the official Keybase implementation of the client-side code for the
Keybase filesystem (KBFS).

This client allows you to mount KBFS as a proper filesystem at some mountpoint
on your local device (by default, /keybase/). It communicates locally with the
Keybase service, and remotely with three types of KBFS servers (block servers,
metadata servers, and key servers).

WWW: https://keybase.io/docs/kbfs
WWW: https://github.com/keybase/kbfs

 

23:45 brnrd 

www/nextcloud: Add essential apps

 

21:32 yuri 

New port: security/py-ssh-audit: SSH server auditing

PR:		223810
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>
Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D13207

 

18:59 yuri 

New port: security/2fa: Two-factor authentication on the command line

PR:		223822
Submitted by:	Dmitri Goutnik <dg@syrec.org>
Approved by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D13220

 

16:27 tz 

New port: security/rubygem-rbnacl

The Networking and Cryptography (NaCl) library provides a high-level toolkit for
building cryptographic systems and protocols.

WWW: https://github.com/cryptosphere/rbnacl

 

10:48 tz 

Add PHP 7.2 RC6

Notable changes:
- mcrypt module was removed
- sodium module was added
- sybase_ct artifacts removed

Also many PECL ports will not work with this version
since some files got renamed.

Reviewed by:           mat, ale, Rainer Duffner <rainer@ultra-secure.de>
Differential Revision: https://reviews.freebsd.org/D12980

 

18:32 yuri 

New port: security/botan2: Portable, easy to use and efficient C++ crypto
library

PR:		223199
Submitted by:	Ralf van der Enden <tremere@cainites.net>
Reviewed by:	tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D13043

 

10:30 rene 

Remove expired ports:
2017-11-04 lang/ats: Unmaintained, outdated, needs lots of refreshment
2017-11-09 games/lordsawar: Broken for more than 6 months
2017-11-09 databases/elixir-ecto_migrate: Broken for more than 6 months
2017-11-09 audio/gspeakers: Broken for more than 6 months
2017-11-09 net/p5-Filesys-SmbClient: Broken for more than 6 months
2017-11-09 audio/tclmidi: Broken for more than 6 months
2017-11-09 security/py-xmlsec: Broken for more than 6 months
2017-11-09 security/samba-virusfilter: Broken for more than 6 months
2017-11-09 textproc/ocaml-pxp: Broken for more than 6 months
2017-11-09 audio/sooperlooper: Broken for more than 6 months
2017-11-09 devel/dwarves: Broken for more than 6 months
2017-11-09 devel/cl-cffi-sbcl: Broken for more than 6 months
2017-11-09 devel/pinba_engine: Broken for more than 6 months
2017-11-09 devel/py-event: Broken for more than 6 months