20:16 Jesús Daniel Colmenares Oviedo (dtxdf) 

security/tscli: New port: CLI tool to interact with the Tailscale API

tscli is a fast, single-binary CLI for the Tailscale HTTP API. From
your terminal you can manage devices, users, auth keys, webhooks,
posture integrations, tailnet-wide settings, and even hit raw
endpoints when the SDK hasn’t caught up yet.

PR:		286845
Approved by:	acm (mentor)

    2767edb

18:58 Rene Ladan (rene) 

security/py-oauth2client: Remove expired port

2025-03-31 security/py-oauth2client: Deprecated by upstream. Use
security/py-google-auth or security/py-oauthlib instead. See
https://google-auth.readthedocs.io/en/latest/oauth2client-deprecation.html for
details

    0c8fb0a

18:32 Cy Schubert (cy) 

security/racoon2: Remove expired port

2025-05-31 security/racoon2: Requested removal by PR/286981

PR:	286981

    e30c04f

18:21 Rene Ladan (rene) 

security/mbedtls2: Remove expired port

2024-12-31 security/mbedtls2: Upstream support ends at the end of 2024

    6175f8d

12:38 Muhammad Moinur Rahman (bofh) 

security/kanidm: New port

Kanidm is a simple and secure identity provider and client for UNIX systems

WWW:	https://kanidm.com

    2e06d59

14:30 Nuno Teixeira (eduardo)  Author: Einar Bjarni Halldórsson

security/govulncheck: New port: Database client and tools for the Go
vulnerability database

Govulncheck reports known vulnerabilities that affect Go code.
It uses static analysis of source code or a binary's symbol table
to narrow down reports to only those that could affect the
application.

- Submitter becomes maintainer

WWW:		https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
PR:		285627

    2a9f119

07:40 Gleb Popov (arrowd)  Author: Andrea Cocito

security/tpm2-openssl: TPM2 provider for OpenSSL3+

Makes the TPM 2.0 accessible via the standard OpenSSL API and
command-line tools, so one can add TPM support to (almost) any
OpenSSL 3.x based application.

PR		286218
Pull Request:	https://github.com/freebsd/freebsd-ports/pull/393
Co-authored-by: Gleb Popov <arrowd@FreeBSD.org>

    a8a6f68

15:52 Juraj Lutter (otis) 

security/openvpn-auth-oauth2: Add new port

openvpn-auth-oauth2 handles the single sign-on (SSO) authentication
for OpenVPN servers. Authentication can be performed against
various identity providers, among others also Microsoft Entra ID,
GitHub, Okta, Google, Keycloak and other OIDC-compliant providers.

Docs are at https://github.com/jkroepke/openvpn-auth-oauth2

    aa25ca5

13:35 Matthias Fechner (mfechner) 

security/rubygem-devise-two-factor41-rails70: renamed to
security/rubygem-devise-two-factor-rails-gitlab

    3eabb60

13:35 Matthias Fechner (mfechner) 

www/gitlab: new ports required for 18.0.0

    2ee2123

10:22 Kurt Jaeger (pi)  Author: Hakan Sarıman

security/netbird: New Port: wireguard based VPN client

NetBird is an open-source WireGuard-based overlay network combined with
Zero Trust Network Access, providing secure and reliable connectivity
to internal resources.

Key features:
- Zero-config VPN: Easily create secure connections between devices without
  manual network setup.
- Built on WireGuard: Leverages WireGuard's high-performance encryption for
  fast and secure communication.
- Self-hosted or Cloud-managed: Users can deploy their own NetBird management
  server or use NetBird Cloud for centralized control.
- Access Control & Routing: Fine-grained access control policies and automatic
  network routing simplify connectivity.
- This FreeBSD port provides the NetBird client daemon and CLI tools,
  allowing FreeBSD systems to join a NetBird mesh network and securely
  communicate with other peers.

For more details, visit: https://netbird.io

PR:		284877

    e3ce763

06:34 Mathieu Arnold (mat) 

security/p5-Crypt-SysRandom: add, Perl interface to system randomness

    0705238

07:33 Dima Panov (fluffy) 

security/linux-rl9-libxcrypt: integrate into linux_base-rl9

PR:	283925

    5907666

18:44 Muhammad Moinur Rahman (bofh) 

security/rekor: New port

Software Supply Chain Transparency Log

Rekor's goals are to provide an immutable tamper resistant ledger of
metadata generated within a software projects supply chain. Rekor will
enable software maintainers and build systems to record signed metadata
to an immutable record.  Other parties can then query said metadata to
enable them to make informed decisions on trust and non-repudiation of
an object's lifecycle.

The Rekor project provides a restful API based server for validation and
a transparency log for storage. A CLI application is available to make
and verify entries, query the transparency log for inclusion proof,
integrity verification of the transparency log or retrieval of entries
by either public key or artifact.

Rekor fulfils the signature transparency role of sigstore's software
signing infrastructure. However, Rekor can be run on its own and is
designed to be extensible to working with different manifest schemas and
PKI tooling.

WWW: https://www.sigstore.dev/

    fd18edc

18:44 Muhammad Moinur Rahman (bofh) 

security/timestamp-authority: New port

Service for issuing RFC 3161 timestamps

Trusted timestamping is a process that has been around for some time. It
provides a timestamp record of when a document was created or modified.

A timestamp authority creates signed timestamps using public key
infrastructure. The operator of the timestamp authority must secure the
signing key material to prevent unauthorized timestamp signing.

A timestamp authority should also verify its own clock. We provide a
configuration to periodically check the current time against well-known
NTP sources.

WWW: https://sigstore.dev/

    0194e90

18:44 Muhammad Moinur Rahman (bofh) 

security/certificate_maker: New port

Certificate creation utility for Fulcio

WWW: https://www.sigstore.dev/

    a00c27a

18:44 Muhammad Moinur Rahman (bofh) 

security/trillian: New port

General transparency

Trillian is an implementation of the concepts described in the
Verifiable Data Structures white paper, which in turn is an extension
and generalisation of the ideas which underpin Certificate Transparency.

Trillian implements a Merkle tree whose contents are served from a data
storage layer, to allow scalability to extremely large trees. On top of
this Merkle tree, Trillian provides the following:

- An append-only Log mode, analogous to the original Certificate
  Transparency logs. In this mode, the Merkle tree is effectively filled
  up from the left, giving a dense Merkle tree.

Note that Trillian requires particular applications to provide their own
personalities on top of the core transparent data store functionality.

WWW: https://github.com/google/trillian

    dc13e88

18:44 Muhammad Moinur Rahman (bofh) 

security/go-tuf: New port

Framework for Securing Software

The Update Framework (TUF) is a framework for secure content delivery
and updates. It protects against various types of supply chain attacks
and provides resilience to compromise.

The Update Framework (TUF) design helps developers maintain the security
of a software update system, even against attackers that compromise the
repository or signing keys. TUF provides a flexible specification
defining functionality that developers can use in any software update
system or re-implement to fit their needs.

WWW: https://theupdateframework.io

    1786296

18:44 Muhammad Moinur Rahman (bofh) 

security/cosign: New port

Signing OCI containers and other artifacts using Sigstore

Cosign aims to make signatures invisible infrastructure.

Cosign supports:
- "Keyless signing" with the Sigstore public good Fulcio certificate
   authority and Rekor transparency log (default)
- Hardware and KMS signing
- Signing with a cosign generated encrypted private/public keypair
- Container Signing, Verification and Storage in an OCI registry.
- Bring-your-own PKI

WWW: https://github.com/sigstore/cosign

    e4a9ef0

11:39 Rene Ladan (rene) 

security/libuecc: Remove expired port

2025-04-30 security/libuecc: Deprecated, only user was some never properly
ported FreiFunk control plane software

    8a6d713

11:38 Rene Ladan (rene) 

security/i2p: Remove expired port

2025-04-30 security/i2p: Outdated and unsupported upstream

    dc0edf8

22:27 Serhii (Sergey) Kozlov (skozlov) 

security/sshesame: add to category Makefile

Forgot to add in the previous commit

    bfdf7360

18:53 Rene Ladan (rene) 

security/weggli: Remove expired port

2025-04-27 security/weggli: Upstream inactive as last release was in 2022

    4c3fbf2

23:57 Yuri Victorovich (yuri) 

security/solana: Move to security/agave; Update 2.2.10 → 2.2.10

Solana repository was archived, Agave is a maintained fork.

PR:		285935

    189ac1b

05:36 Po-Chuan Hsieh (sunpoet) 

*/Makefile: Sort SUBDIRs

    beec893

05:13 Gabriel M. Dutra (dutra) 

security/naabu: Add new port

Port scanner written in go with a focus on reliability and simplicity

    0aa3c45

12:29 Mikael Urankar (mikael) 

security/node-sqlcipher: Add new port

A fast N-API-based Node.js addon wrapping sqlcipher and Signal-specific FTS5
segmenting APIs.

    7d77bc3

17:41 Po-Chuan Hsieh (sunpoet) 

security/py-python-jose: Add py-python-jose 3.4.0

python-jose provides a JOSE implementation in Python.

The JavaScript Object Signing and Encryption (JOSE) technologies - JSON Web
Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), and JSON Web
Algorithms (JWA) - collectively can be used to encrypt and/or sign content using
a variety of algorithms. While the full set of permutations is extremely large,
and might be daunting to some, it is expected that most applications will only
use a small set of algorithms to meet their needs.

    53a685a

17:41 Po-Chuan Hsieh (sunpoet) 

security/py-cryptojwt: Add py-cryptojwt 1.9.4

cryptojwt provides an implementation of the JSON cryptographic specs JWS, JWE,
JWK, and JWA [RFC 7515-7518] and JSON Web Token (JWT) [RFC 7519].

    d852875

00:20 Koichiro Iwao (meta) 

security/sudo-rs: hook build

PR:		285861

    7b7dcc2

19:19 Rene Ladan (rene) 

security/rubygem-pundit61: Remove expired port

2025-04-03 security/rubygem-pundit61: Uses EOL version 6.1.X of Rails

    e789158

15:59 Rene Ladan (rene) 

security/heimdal-devel: Remove expired port

2025-03-31 security/heimdal-devel: Upstream commits are incompatible

    2a1ea69

14:41 Rene Ladan (rene) 

security/py-python-jose: Remove expired port

2025-03-31 security/py-python-jose: Depends on expired devel/py-pytest-runner

    656b934

14:40 Rene Ladan (rene) 

security/caldera4: Remove expired port

2025-03-31 security/caldera4: Upgrade to a newer caldera version. 4.2.0 is
vulnerable to remote code execution

    3b634f8

19:12 Bernard Spil (brnrd) 

security/openssl35: Add new OpenSSL version with PQC

* This is ALPHA level software, for testing only
* Adds Post-Quantum Crypto algorithms

    a6e928d

08:07 Baptiste Daroussin (bapt) 

gnome: remove some unused gnomesharp components

    24fa864

07:47 Koichiro Iwao (meta)  Author: Yusuf Yaman

security/gauth: New port: Google Authenticator in your terminal

gauth is a command-line utility that replaces Google Authenticator, providing a
convenient way to generate two-factor authentication codes from your terminal.
It stores secrets locally, supports encryption, and offers features like
displaying progress bars, adding/removing keys, and compatibility with
various services like AWS, Github, and more. This tool is ideal for
users who prefer managing their 2FA on their computers rather than
relying solely on their smartphones.

WWW:	https://github.com/pcarrier/gauth \
	https://pkg.go.dev/github.com/pcarrier/gauth

PR:	284929

    c53a7a6

06:26 Matthias Fechner (mfechner) 

www/gitlab: new ports required for 17.9

    7a518af

09:37 Antoine Brodin (antoine) 

security/libfcrypto: new port

Library for encryption formats

    c5423e4

03:37 Eugene Grosbein (eugen) 

security/ipsec-tools: re-add the port

I use the software and will maintain the port.

Our port has no known security issues, it has patches obtained
from NetBSD CVS Repository. Change WWW to point to that repo.
Still, download same distfile from the SourceForge.
Add TIMESTAMP to distinfo.

    63e90eb

21:44 Rene Ladan (rene) 

security/ipsec-tools: Remove expired port

2025-01-31 security/ipsec-tools: Deprecated by upstream in 2014, contains
security issues

    e5996ba

17:02 Gleb Popov (arrowd)  Author: Tobias C. Berner

KDE: It goes to 6!

This megacommit merges all the work from
https://github.com/freebsd/freebsd-ports-kde/tree/kde-it_goes_to_6
Specifically:
- KDE Plasma 6 ports updated to 6.2.5
- KDE Applications ports updated to 24.12.0
- Development ports of KDE Applications removed
- A lot of various ports switched to Qt 6 by default
- Some KDE Frameworks 5 and Plasma 5 ports are adapted to be coinstallable
  with their 6 counterparts

PR:		284351
Exp-run by:	antoine
Pull Request:	https://github.com/freebsd/freebsd-ports/pull/341

Co-authored-by:	Max Brazhnikov <makc@FreeBSD.org>
Co-authored-by:	Kenneth Raplee <kenrap@kennethraplee.com>
Co-authored-by:	Jason E. Hale <jhale@FreeBSD.org>
Co-authored-by:	Gleb Popov <arrowd@FreeBSD.org>

    b44569f

05:14 Jose Alonso Cardenas Marquez (acm) 

security/py-zaproxy: New port: ZAP api client

The Python implementation to access the ZAP API. For more information about ZAP
consult the (main) ZAP project.

    bf12715

13:21 Ruslan Makhmatkhanov (rm) 

zope: Remove leaf zope ports that have no sense in absence of zope itself

    c46f669

16:31 Tijl Coosemans (tijl) 

security/mbedtls: Move to security/mbedtls2

The port has expired but isn't removed yet because there are still too
many consumers.  Rename it because the name "security/mbedtls" makes it
look like it's the default version.

PR:		283792

    5e762dc

12:19 Rene Ladan (rene) 

security/maia: Remove expired port

2024-12-31 security/maia: Depends on deprecated dependencies and doesn't work
with PHP 8.

    6075692

12:19 Rene Ladan (rene) 

security/py-first-server: Remove expired port

2024-12-31 security/py-first-server: Upstream project has been archived

    34dc2c1

12:10 Rene Ladan (rene) 

security/dirmngr: Remove expired port

2024-12-31 security/dirmngr: Obsolete, now maintained within GNU Privacy Guard
(GnuPG). Please use security/gnupg

    7d7b23a

11:50 Zsolt Udvari (uzsolt) 

security/hidden-lake: hooked to the build

Forget to add SUBDIR to security/Makefile
in commit c543b2f674564560584e66839f6493a79b02a9d9.

Reported by:    antoine

    e3d1381

11:29 Rene Ladan (rene) 

security/sssd: Remove expired port

2024-12-31 security/sssd: Not supported, please use deve/sssd2

    151bd93

11:25 Rene Ladan (rene) 

security/gnome-ssh-askpass: Remove expired port

2024-12-31 security/gnome-ssh-askpass: Uses deprecated gtk2 library

    11224c5d

16:22 Po-Chuan Hsieh (sunpoet) 

security/py-pysaml26: Remove obsoleted port

Use security/py-pysaml2 instead.

    ebdc77d

15:38 Po-Chuan Hsieh (sunpoet) 

security/py-wassima: Add py-wassima 1.1.6

Wassima offers you a great alternative to certifi. It is a simple yet efficient
wrapper around MIT licensed rustls-native-certs.

This project allows you to access your original operating system trust store,
thus helping you to verify the remote peer certificates.

It works as-is out-of-the-box for MacOS, Windows, and Linux. Automatically
fallback on Certifi otherwise. Available on PyPy and Python 3.7+

If your particular operating system is not supported, we will make this happen!
Open an issue on the repository.

For now, it is not supported to call your OS certificate verify native function.
Use your Python native capabilities for it.

    56fecd5

11:49 Matthias Fechner (mfechner) 

www/gitlab: further isolate port from rexml gem

    1908b78

19:14 Po-Chuan Hsieh (sunpoet) 

security/p5-CPANSA-DB: Add p5-CPANSA-DB 20241208.003

CPANSA::DB provides the CPAN Security Advisory data as a Perl data structure,
mostly for CPAN::Audit.

The db subroutine returns the CPAN Security Advisory (CPANSA) reports as a Perl
data structure. However, anything can use this.

Each release also comes with a .gpg file that has the signature for the file. If
you cannot confirm that the module file has the right signature, it might have
been corrupted or modified.

This module is available outside of CPAN as a release on GitHub:
https://github.com/briandfoy/cpan-security-advisory/releases. Each release on
GitHub includes an attestation.

There is also a JSON file that provides the same datastructure.

    65c406e

02:31 Joseph Mingrone (jrm) 

*/*-ccl: Add Clozure Common Lisp (CCL) fasl ports

Approved by:	olgeni (maintainer of lang/ccl, implicit)
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D48091

    148251b

02:31 Joseph Mingrone (jrm) 

*/*-clisp: Add CLISP fasl ports

Differential Revision:	https://reviews.freebsd.org/D48089
Sponsored by:	The FreeBSD Foundation

    7f68336

06:17 Matthias Fechner (mfechner) 

www/gitlab: new ports required for 17.7.0

    e8f263d

13:47 Nuno Teixeira (eduardo)  Author: Einar Bjarni Halldórsson

security/py-openssh-wrapper: New port: OpenSSH python wrapper

- Submitter becomes maintainer

Under some circumstances simple wrapper around OpenSSH ssh command-line
utility seems more preferable than paramiko machinery.

This project proposes yet another hopefully thin wrapper around ssh to
execute commands on remote servers. All you need thereis to make sure that
OpenSSH client and Python interpreter are installed, and then install
openssh-wrapper package.

WWW: https://github.com/NetAngels/openssh-wrapper

This port is a needed dependency to run tests on devel/py-proxmoxer

PR:		283381

    b01118e

08:03 Bernard Spil (brnrd) 

security/openssl-oqsprovider: Add new port

Quantum-safe algorithms provider for OpenSSL 3.x

    8f95f03

00:19 Dima Panov (fluffy) 

*/*: Update Rocky Linux 9 packages to 9.5 release (+)

While here, hook up missed packages to resolve all 'not found' libraries

Sponsored by:	Future Crew, LLC

    433660c

21:07 Rene Ladan (rene) 

security/tfsec: Remove expired port

2024-11-26 security/tfsec: tfsec now is party of security/trivy

    925fa88

13:15 Matthias Fechner (mfechner) 

www/gitlab: fix regression from 335fc7c38d61142727cb9f01fd9e401c476e4ad8

Gitlab requires net-http 0.4.1:
Because faraday >= 2, < 2.5 could not be found in locally installed gems
  and faraday >= 2.5, < 2.12.1 could not be found in locally installed gems,
  faraday >= 2, < 2.12.1 cannot be used.
And because faraday >= 2.12.1 depends on faraday-net_http >= 2.0, < 3.5,
  faraday >= 2 requires faraday-net_http >= 2.0, < 3.5.
Because faraday-net_http >= 3.4.0 depends on net-http >= 0.5.0
and faraday-net_http >= 2.0, < 3.4.0 could not be found in locally installed
gems,
  faraday-net_http >= 2.0 requires net-http >= 0.5.0.
Thus, faraday >= 2 requires net-http >= 0.5.0.
So, because Gemfile depends on faraday ~> 2
  and Gemfile depends on net-http = 0.4.1,
  version solving has failed.

While fixing the problem, moved gitlab used packages to own package names with a
PKGNAMESUFFIX of `-gitlab`.
This should make the gitlab package much more stable if updates in the ports are
done.

    edc8d03

21:43 Dima Panov (fluffy) 

security/linux-rl9-trousers: add new port (+)

Open-source TCG Software Stack

Sponsored by:	Future Crew, LLC

    84fcd2d

16:14 Jason E. Hale (jhale) 

security/*gpgme*: Update to 1.24.0

Remove security/gpgme-qt-headers. The Qt headers have been folded back
into security/gpgme-qt since they no longer conflict.

https://dev.gnupg.org/T7376

    ca49e20

08:23 Matthias Fechner (mfechner) 

security/rubygem-ssrf_filter10: make version 1.0.x available

Copied from rubygem-ssrf_filter

    1540df3

15:17 Robert Clausecker (fuz) 

filesystems: add new category for file systems and related utilities

The filesystems category houses file systems and file system utilities.
It is added mainly to turn the sysutils/fusefs-* pseudo-category into
a proper one, but is also useful for the sundry of other file systems
related ports found in the tree.

Ports that seem like they belong there are moved to the new category.
Two ports, sysutils/fusefs-funionfs and sysutils/fusefs-fusepak are
not moved as they currently don't fetch and don't have TIMESTAMP set
in their distinfo, but that is required to be able to push a rename
of the port by the pre-receive hook.

Approved by:	portmgr (rene)
Reviewed by:	mat
Pull Request:	https://github.com/freebsd/freebsd-ports/pull/302
PR:		281988

    6e2da96

16:50 Gleb Popov (arrowd) 

security/gcr: Update to 4.3.0

Move the previous version to security/gcr3 and switch consumer ports to it

PR:		282046
Approved by:	vishwin
Sponsored by:	Future Crew, LLC

    791bbaf

13:20 Po-Chuan Hsieh (sunpoet) 

security/rubygem-doorkeeper57-rails70: Add rubygem-doorkeeper57-rails70 5.7.1
(copied from rubygem-doorkeeper-rails70)

- Add PORTSCOUT

    0b8ec2a

19:58 Yuri Victorovich (yuri) 

security/palisade: Remove

    3768fc6

21:29 Craig Leres (leres) 

security/py-pysrp: New port: cryptographically strong authentication protocol

SRP is used for password-based, mutual authentication over an
insecure network connection.

    3b1dd9a

20:39 Rene Ladan (rene) 

security/rubygem-doorkeeper-rails61: Remove expired port

2024-10-24 security/rubygem-doorkeeper-rails61: Ruby on Rails 6.1.x reaches EOL
on 2024-10-01

    0546890

20:39 Rene Ladan (rene) 

security/rubygem-devise_pam_authenticatable2-rails61: Remove expired port

2024-10-24 security/rubygem-devise_pam_authenticatable2-rails61: Ruby on Rails
6.1.x reaches EOL on 2024-10-01

    dcac530

11:49 Li-Wen Hsu (lwhsu)  Author: Daniel Schaefer

security/fprint_demo: Remove, it's deprecated

See here: https://fprint.freedesktop.org/
> fprint_demo is obsolete. Most features are integrated into fprintd’s
> helpers, and libfprint has an examples section.

It also doesn't build with the latest libfprint anymore.

Co-authored-by:	Sheng-Yi Hung <aokblast@freebsd.org>
Signed-off-by:	Daniel Schaefer <dhs@frame.work>
PR:		280749
Sponsored by:	Framework Computer Inc
Sponsored by:	The FreeBSD Foundation
Pull Request:	https://github.com/freebsd/freebsd-ports/pull/291

    39089f9

11:49 Li-Wen Hsu (lwhsu)  Author: Daniel Schaefer

security/pam_fprint: Remove, it's deprecated

See here: https://fprint.freedesktop.org/
> pam_fprint is replaced by fprintd’s pam_fprintd module, which splits
> the PAM conversation from hardware access.

It also doesn't work with the latest libfprint anymore.

Co-authored-by:	Sheng-Yi Hung <aokblast@FreeBSD.org>
Signed-off-by:	Daniel Schaefer <dhs@frame.work>
PR:		280749
Sponsored by:	Framework Computer Inc
Sponsored by:	The FreeBSD Foundation
Pull Request:	https://github.com/freebsd/freebsd-ports/pull/291

    11a451f

09:17 Po-Chuan Hsieh (sunpoet) 

security/aws-lc: Add aws-lc 1.36.1

AWS-LC is a general-purpose cryptographic library maintained by the AWS
Cryptography team for AWS and their customers. It is based on code from the
Google BoringSSL project and the OpenSSL project.

AWS-LC contains portable C implementations of algorithms needed for TLS and
common applications. For performance critical algorithms, optimized assembly
versions are included for x86 and ARM.

    7116a2d

19:11 Emanuel Haupt (ehaupt) 

*/*: Rename clusterssh to p5-App-ClusterSSH and update to 4.17

* Renamed to match upstream naming on CPAN
* Update to 4.17
* Document move in MOVED

    6f059c2

07:54 Bernard Spil (brnrd) 

security/openssl34: Add new OpenSSL 3.4 port (BETA)

    6b1863a

12:32 Ruslan Makhmatkhanov (rm) 

security/py-zope.password: remove leaf zope port

This port has no consumers and has no use/value as a standalone package

    a073dee

06:27 Bernard Spil (brnrd) 

security/nextcloud-twofactor_nextcloud_notification: Remove port

 * Twofactor_nextcloud_notification is bundled with Nextcloud 30

Reported by:	John W. O'Brien

    323603f

06:29 Robert Clausecker (fuz)  Author: Jesús Daniel Colmenares Oviedo

security/py-passhole: New port: Secure hole for your passwords (KeePass CLI)

passhole is a commandline password manager for KeePass inspired by
pass.

Features:

* fill user/pass field in any application via keyboard shortcut
* add, delete, move, edit, rename entries and groups
* generate alphanumeric, symbolic, or correct horse battery staple style
  passwords
* temporarily cache database password (by default for 10 minutes)
* multiple databases
* supports KeePass v3 and v4 databases
* supports TOTP

WWW: https://pypi.org/project/passhole

PR:		277696
Event:		EuroBSDcon 2024

    6bbcc07

06:29 Robert Clausecker (fuz)  Author: Jesús Daniel Colmenares Oviedo

security/py-pykeepass: New port: Python library to interact with keepass
databases

pykeepass is a python library to interact with keepass databases
(supports KDBX3 and KDBX4). You can perform many tasks such as
finding entries, groups, manipulate entries, group entries,
attachments, and much more. All in a single Python library.

WWW: https://pypi.org/project/pykeepass

PR:		277695
Evenet:		EuroBSDcon 2024

    f05e534

06:29 Robert Clausecker (fuz)  Author: Jesús Daniel Colmenares Oviedo

security/py-pykeepass-cache: New port: Database caching for PyKeePass

pykeepass_cache is a support library for pykeepass. It is a drop-in
replacement for pykeepass.PyKeePass which caches databases in a
background process to make database access faster.

This is useful in situations where the program is terminated between
invocations (e.g. CLI scripts). The background process will
automatically shut down after 300 seconds.

WWW: https://pypi.org/project/pykeepass-cache

PR:		277694
Event:		EuroBSDcon 2024

    2613829

01:00 Vladimir Druzenko (vvd)  Author: jake

security/openbao: New port: open source, community-driven fork of Vault

OpenBao exists to provide a software solution to manage, store, and
distribute sensitive data including secrets, certificates, and keys.
The OpenBao community intends to provide this software under an
OSI-approved open-source license, led by a community run under open
governance principles.

https://openbao.org
https://github.com/openbao/openbao

PR:	280619

    a9cd810

06:13 Po-Chuan Hsieh (sunpoet) 

security/rubygem-brakeman: Add rubygem-brakeman 6.2.1

Brakeman is a static analysis tool which checks Ruby on Rails applications for
security vulnerabilities.

    c445907

05:37 Matthias Fechner (mfechner) 

security/rubygem-ruby-saml115: Remove expired port

security/rubygem-ruby-saml115

    0db09a7

20:09 Po-Chuan Hsieh (sunpoet) 

security/libaegis: Add libaegis 0.1.23

libaegis is a portable C implementations of the AEGIS family of high-performance
authenticated ciphers (AEGIS-128L, AEGIS-128X2, AEGIS-128X4, AEGIS-256,
AEGIS-256X2, AEGIS-256X4), with runtime CPU detection.

Features:
- AEGIS-128L with 16 and 32 bytes tags (software, AES-NI, ARM Crypto)
- AEGIS-128X2 with 16 and 32 bytes tags (software, VAES + AVX2, AES-NI, ARM
  Crypto)
- AEGIS-128X4 with 16 and 32 bytes tags (software, AVX512, VAES + AVX2, AES-NI,
  ARM Crypto)
- AEGIS-256 with 16 and 32 bytes tags (software, AES-NI, ARM Crypto)
- AEGIS-256X2 with 16 and 32 bytes tags (software, VAES + AVX2, AES-NI, ARM
  Crypto)
- AEGIS-256X4 with 16 and 32 bytes tags (software, AVX512, VAES + AVX2, AES-NI,
  ARM Crypto)
- All variants of AEGIS-MAC, supporting incremental updates.
- Encryption and decryption with attached and detached tags
- Incremental encryption and decryption.
- Unauthenticated encryption and decryption (not recommended - only implemented
  for specific protocols)
- Deterministic pseudorandom stream generation.

    9bcaea9

20:09 Po-Chuan Hsieh (sunpoet) 

security/libhydrogen: Add libhydrogen 0.0.0.g20240509

The Hydrogen library is a small, easy-to-use, hard-to-misuse cryptographic
library.

Features:
- Consistent high-level API, inspired by libsodium. Instead of low-level
  primitives, it exposes simple functions to solve common problems that
  cryptography can solve.
- 100% built using just two cryptographic building blocks: the Curve25519
  elliptic curve, and the Gimli permutation.
- Small and easy to audit. Implemented as one tiny file for every set of
  operation, and adding a single .c file to your project is all it takes to use
  libhydrogen in your project.
- The whole code is released under a single, very liberal license (ISC).
- Zero dynamic memory allocations and low stack requirements (median: 32 bytes,
  max: 128 bytes). This makes it usable in constrained environments such as
  microcontrollers.
- Portable: written in standard C99. Supports Linux, *BSD, MacOS, Windows, and
  the Arduino IDE out of the box.
- Can generate cryptographically-secure random numbers, even on Arduino boards.
- Attempts to mitigate the implications of accidental misuse, even on systems
  with an unreliable PRG and/or no clock.

    2177ea1

06:23 Matthias Fechner (mfechner) 

security/rubygem-rack-oauth21: Remove expired port

security/rubygem-rack-oauth21

    92dc7eb

12:33 Matthias Fechner (mfechner) 

security/rubygem-omniauth-multipassword2: new port required for
omniauth-kerberos 0.4.0

    298e483

16:42 Tijl Coosemans (tijl) 

security/mbedtls3: New port, version 3.6.0

PR:		270024

    01623d8

08:10 Nuno Teixeira (eduardo) 

security/qt-sudo: New port: Clone of LXQt sudo tool without LXQt libs

qt-sudo is a clone of LXQt sudo tool (without LXQt libs). It is the ONLY
privilege escalation tool supported by Baiacu, Octopi, OctoPkg, OctoPkgin,
OctoXBPS and QTGZManager applications.

WWW: https://github.com/aarnt/qt-sudo

    8086199

20:44 Gleb Popov (arrowd)  Author: Shapovalov Alexey

security/py-nethsm: Python client for NetHSM

Sponsored by:   Serenity Cybersecurity, LLC
Co-authored-by:	Gleb Popov <arrowd@FreeBSD.org>

    ff99431

13:15 Muhammad Moinur Rahman (bofh) 

*/*php84*: Sunrise

Please DO NOT use this version in production, it is an early test
version.

For upgrade notes please visit:
https://github.com/php/php-src/blob/php-8.4.0alpha1/UPGRADING

Changelog: https://github.com/php/php-src/blob/php-8.4.0alpha1/NEWS

    42db2c3

18:20 Vladimir Druzenko (vvd)  Author: gatekeeper

security/exploit-pattern: new port: Python Exploit Pattern Tool

Python implementation of Metasploit's pattern generator and search.
Should be python version agnostic, tested and working with Python
2.7.12 up to and including Python 3.11.1
Starts faster and rolls both tools into one.
No extra dependencies required, works with vanilla python
https://github.com/Svenito/exploit-pattern

PR:	280341

    2f3f70a

04:49 Matthias Fechner (mfechner) 

www/gitlab: new port required for version 17.2

    aa2456e

13:06 Cy Schubert (cy) 

security/wpa_supplicant210: Clone wpa_supplicant to wpa_supplicant210

We clone security/wpa_supplicant to security/wpa_supplicant210 in
preparation for the wpa_supplicant update to 2.11. In case anyone is
having issues with it they can fall back to security/wpa_supplicant210.

    810299b

01:45 Jason E. Hale (jhale) 

security/libtatsu: New port

Library handling the communication with Apple's Tatsu Signing Server
(TSS).

This library is part of the libimobiledevice project and its main
purpose is to create TSS request payloads, send them to Apple's TSS
server, and ultimately retrieve and process the response.

PR:		280014
Reported by:	<fabio.comolli@gmail.com>

    8a03fb6

17:55 Bernard Spil (brnrd) 

security/rustls-ffi: Add new port

 * Dependency for the experimental www/apache24 mod_tls module

    c0fdd50

15:40 Po-Chuan Hsieh (sunpoet) 

*/Makefile: Sort SUBDIRs

    0bd0aef