14:31 Matthias Fechner (mfechner) 

www/gitlab-ce: added newly required ports for version 15.10

    3ab74c0

13:36 Po-Chuan Hsieh (sunpoet) 

security/rubygem-openssl221: Remove obsoleted port

Use security/rubygem-openssl instead.

    80e88b6

20:06 Eugene Grosbein (eugen) 

new port: security/cpfx

PFX decoder for CryptoPro GOST R 34.10-2012 implementation

    acb81ef

20:04 Eugene Grosbein (eugen) 

new port: security/pygost

PyGOST is pure Python 2.7/3.x GOST cryptographic functions library.

    08e811b

17:29 Po-Chuan Hsieh (sunpoet) 

security/rubygem-rasn1: Add rubygem-rasn1 0.12.1

Rasn1 is a ruby ASN.1 library to encode, parse and decode ASN.1 data in DER
format.

    e4a5bcb

17:29 Po-Chuan Hsieh (sunpoet) 

security/py-detect-secrets: Add py-detect-secrets 1.4.0

detect-secrets is an aptly named module for (surprise, surprise) detecting
secrets within a code base.

However, unlike other similar packages that solely focus on finding secrets,
this package is designed with the enterprise client in mind: providing a
backwards compatible, systematic means of:
 1. Preventing new secrets from entering the code base,
 2. Detecting if such preventions are explicitly bypassed, and
 3. Providing a checklist of secrets to roll, and migrate off to a more secure
    storage.

This way, you create a separation of concern: accepting that there may currently
be secrets hiding in your large repository (this is what we refer to as a
baseline), but preventing this issue from getting any larger, without dealing
with the potentially gargantuan effort of moving existing secrets away.

It does this by running periodic diff outputs against heuristically crafted
regex statements, to identify whether any new secret has been committed. This
way, it avoids the overhead of digging through all git history, as well as the
need to scan the entire repository every time.

    4bead35

17:29 Po-Chuan Hsieh (sunpoet) 

*/Makefile: Sort SUBDIRs

    6527bbb

14:15 Gleb Popov (arrowd)  Author: Alexey Yushkin

security/howdy: Face recognition based authentication provider.

Co-authored-by:	Alexey Donskov <voxnod@gmail.com>
Co-authored-by: Gleb Popov <arrowd@FreeBSD.org>

Sponsored by:	Serenity Cybersecurity, LLC

    93eaa54

23:59 Muhammad Moinur Rahman (bofh) 

security/teleport: Update version 4.4.12=>5.2.5

This port was marked to expire on 2023-03-31 but there was another port
security/teleport5 with more recent version from upstream. So move
security/teleport5 to security/teleport.

Pet portlint/portclippy while I am here.

Approved by:	portmgr (blanket)

    301d2b5

23:59 Muhammad Moinur Rahman (bofh) 

security/openvpn25: Remove expired port:

2023-03-31 security/openvpn25: replaced by new upstream release 2.6.0

    2bfed05

23:59 Muhammad Moinur Rahman (bofh) 

security/portsentry: Remove expired port:

2023-03-31 security/portsentry: Abandoned, upstream is dead and last release was
back in 2003

    2223282

23:59 Muhammad Moinur Rahman (bofh) 

security/openscep: Remove expired port:

2023-03-31 security/openscep: Do not support recent RFC 8894

    b8a99dc

11:38 Gleb Popov (arrowd)  Author: Alexey Yushkin

security/pam_howdy: + PAM module for Howdy Face Recognition.

This is a beta version for the upcoming release.

Co-authored-by: Alexey Donskov <voxnod@gmail.com>

Reviewed by:	arrowd

    8bb4370

15:07 Matthias Fechner (mfechner) 

www/gitlab-ce: fix dependency problem

Starting gitlab fails with error:
rake aborted!
NoMethodError: undefined method `active_record_options' for
#<Doorkeeper::Config:0x000000081fb0f0c8 @orm=:active_record,
@default_generator_method=:hex,
@authenticate_resource_owner=#<Proc:0x000000081fb0ed80
/usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb:13>,
@resource_owner_from_credentials=#<Proc:0x000000081fb0ec68
/usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb:25>,
@refresh_token_enabled=true, @enforce_configured_scopes=true,
@force_ssl_in_redirect_uri=false, @forbid_redirect_uri=#<Proc:0x000000081fb0ea10
/usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb:67>,
@enable_application_owner=true,
@default_scopes=#<Doorkeeper::OAuth::Scopes:0x000000081fb17e30 @scopes=["api"]>,
@optional_scopes=#<Doorkeeper::OAuth::Scopes:0x000000081fb177f0
@scopes=["read_api", "read_user", "read_repository", "write_repository", "sudo",
"openid", "profile", "email"]>, @access_token_methods=[:from_access_token_param,
:from_bearer_authorization, :from_bearer_param],
@token_secret_strategy=Gitlab::DoorkeeperSecretStoring::Token::Pbkdf2Sha512,
@token_secret_fallback_strategy=Doorkeeper::SecretStoring::Plain,
@application_secret_strategy=Gitlab::DoorkeeperSecretStoring::Secret::Pbkdf2Sha512,
@application_secret_fallback_strategy=Doorkeeper::SecretStoring::Plain,
@grant_flows=["authorization_code", "password", "client_credentials"],
@skip_authorization=#<Proc:0x000000081fb1ce58
/usr/local/www/gitlab-ce/config/initializers/doorkeeper.rb:109>,
@base_controller="::Gitlab::BaseDoorkeeperController",
@skip_client_authentication_for_password_grant=true,
@application_model=Doorkeeper::Application(id: integer, name: string, uid:
string, secret: string, redirect_uri: text, scopes: string, created_at:
datetime, updated_at: datetime, owner_id: integer, owner_type: string, trusted:
boolean, confidential: boolean, expire_access_tokens: boolean),
@access_grant_model=Doorkeeper::AccessGrant(id: integer, resource_owner_id:
integer, application_id: integer, token: string, expires_in: integer,
redirect_uri: text, created_at: datetime, revoked_at: datetime, scopes: string,
code_challenge: text, code_challenge_method: text),
@access_token_model=Doorkeeper::AccessToken(id: integer, resource_owner_id:
integer, application_id: integer, token: string, refresh_token: string,
expires_in: integer, revoked_at: datetime, created_at: datetime, scopes:
string)>

          if
Doorkeeper.configuration.active_record_options[:establish_connection]
                                     ^^^^^^^^^^^^^^^^^^^^^^
/usr/local/www/gitlab-ce/config/environment.rb:7:in `<top (required)>'

This is caused by a breaking change in doorkeeper 5.6.3, so fix on version 5.6.2
for now.
https://github.com/doorkeeper-gem/doorkeeper/blob/main/CHANGELOG.md

An upgrade of doorkeeper-openid_connect to 1.8.5 is not possible, as this brings
another breaking dependency shift from json-jwt to jwt, which causes again other
dependecy breaks.

Downgrading doorkeeper is for now the best solution.

    5c3f9ae

19:19 Po-Chuan Hsieh (sunpoet) 

security/rubygem-rack-oauth21: Add rubygem-rack-oauth21 1.21.3 (copied from
rubygem-rack-oauth2)

- Add PORTSCOUT

    ae445d3

19:19 Po-Chuan Hsieh (sunpoet) 

*/Makefile: Sort SUBDIRs

    f2fb2ea

03:49 Romain Tartière (romain) 

security/pam_rssh: New port

This PAM module provides ssh-agent based authentication. The primary
design goal is to avoid typing password when you sudo on remote servers.
Instead, you can simply touch your hardware security key (e.g.
Yubikey/Canokey) to fulfill user verification. The process is done by
forwarding the remote authentication request to client-side ssh-agent as
a signature request.

    d856093

18:24 Bernard Spil (brnrd) 

security/openssl31: Add OpenSSL 3.1 release port

Reported by:	ngie
Differential Revision:	https://reviews.freebsd.org/D38938

    39c5850

18:19 Bernard Spil (brnrd) 

security/openssl-devel: Rename to security/openssl30

 * Align with the upstream "release" status
 * Avoid confusion with OpenSSL 3.1

Reported by:	ngie
Differential Revision:	https://reviews.freebsd.org/D38938

    98749c4

09:50 Tobias C. Berner (tcberner) 

security/libomemo-c: new port -- for of libsignal-protocol-c with OMEMO support

This is a fork of libsignal-protocol-c, an implementation of Signal's
ratcheting forward secrecy protocol that works in synchronous and asynchronous
messaging. The fork adds support for OMEMO as defined in XEP-0384 versions
0.3.0 and later.

* OMEMO version 0.3.0 uses the original libsignal-protocol-c implementation
with its protocol versions 2 and 3.

* OMEMO version 0.4.0+ is implemented using a new protocol version 4
internally. In comparison with protocol version 3, it changes:
*  HKDF info strings
*  Protocol buffer encoding
*  Signature scheme (uses XEd25519 instead of custom "Curve25519 signatures")
*  Specification-compliant double ratchet
*  Support for Ed25519 public keys
*  Various serializations
*  Removes unused functionality

WWW: https://github.com/dino/libomemo-c

    0656fbe

18:22 Gleb Popov (arrowd) 

security/linux-c7-ca-certificates: + Mozilla certificates for Linuxulator.

Sponsored by:	Serenity Cybersecurity, LLC

    0ffd3fc

02:42 Romain Tartière (romain) 

security/pam_u2f: New port

This module implements PAM over U2F and FIDO2, providing an easy way to
integrate the YubiKey (or other U2F/FIDO2 compliant authenticators) into
your existing infrastructure.

    3cbf478

23:36 Robert Clausecker (fuz)  Author: Seyed Pouria Mousavizadeh Tehrani

security/ssh-import-id: new port

You're logged onto a cloud instance working on a problem with your
fellow devs, and you want to invite them to log in and take a look
at these crazy log messages. What to do?

Oh. You have to ask them to cat their public SSH key, paste it into
IRC (wait, no, it's id_rsa.pub, not id_rsa silly!) then you copy it
and cat it to the end of authorized_hosts.

That's where ssh-import-id comes in. With ssh-import-id, you can add
the public SSH keys from a known, trusted online identity to grant
SSH access.

Currently supported identities include Github and Launchpad.

WWW: https://git.launchpad.net/ssh-import-id

Submitter is first time maintainer.

PR:		265835
Approved by:	flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38681

    d24b805

11:01 Robert Clausecker (fuz)  Author: Clockwork6400

security/pam_fprint: revive port

pam_fprint is a simple PAM module which uses libfprint's fingerprint
processing and verification functionality for authentication. In other
words, instead of seeing a password prompt, you're asked to scan your
fingerprint.

Submitter becomes maintainer.  Is already maintainer of other ports.

PR:		269554
Approved by:	flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38628

    cae60e6

11:01 Robert Clausecker (fuz) 

security/openssl-agent: New port: OpenSSL key agent and client utils

OpenSSL key agent and client utilities.

The aim of these utilities is to provide an openssl-rsautl(1) drop-in
replacement for performing cryptographic operations using a private key
that is unlocked for the session, similar to OpenSSH's ssh-agent(1).

The port's author is known to the maintainer but wishes not to be named.

WWW: https://git.build2.org/cgit/openssl-agent/tree/README

Obtained from:	anonymous author
Approved by:	flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38630

    b6a3351

12:58 Po-Chuan Hsieh (sunpoet) 

security/py-pem: Add py-pem 21.2.0

pem is an MIT-licensed Python module for parsing and splitting of PEM files,
i.e. Base64-encoded DER keys and certificates.

It runs on Python 3.7+, has no dependencies, and does not attempt to interpret
the certificate data in any way.

It's born from the need to load keys, certificates, trust chains, and DH
parameters from various certificate deployments: some servers (like Apache)
expect them to be a separate file, others (like nginx) expect them concatenated
to the server certificate and finally some (like HAProxy) expect key,
certificate, and chain to be in one file.

Additionally to the vanilla parsing code, pem also contains helpers for Twisted
that save a lot of boilerplate code.

    0421e03

12:58 Po-Chuan Hsieh (sunpoet) 

*/Makefile: Sort SUBDIRs

    a2e9b4a

21:32 Matthias Andree (mandree) 

security/openvpn*: update to 2.6.0, keep openvpn25

- copy openvpn to openvpn25, mark as deprecated and to expire March 31

- update openvpn to openvpn 2.6.0, highlights from Frank Lichtenheld's
  release announcement e-mail, slightly edited:

 * Data Channel Offload (DCO) kernel acceleration support for Windows,
   Linux, and FreeBSD [14].
 * OpenSSL 3 support
 * Improved handling of tunnel MTU, including support for pushable MTU.
 * Outdated cryptographic algorithms disabled by default, but there are
   options to override if necessary.
 * Reworked TLS handshake, making OpenVPN immune to replay-packet state
   exhaustion attacks.
 * Added --peer-fingerprint mode for a more simplistic certificate setup
   and verification.
 * Improved protocol negotiation, leading to faster connection setup.

ChangeLog: https://github.com/OpenVPN/openvpn/blob/v2.6.0/Changes.rst

    6853ab1

12:26 Fernando Apesteguía (fernape)  Author: Daniel

security/kc: update to 2.5.1

kc24 was a transient port to easy the migration of the database. Later on, the
original kc port was obsoleted. Rename kc24 to kc to match upstream again and
update to latest version.

PR:		268842
Reported by:	leva@ecentrum.hu (maintainer)

    d4fef53

20:52 Juraj Lutter (otis) 

security/py-badkeys: Add new port

badkeys is a tool and a library to check cryptographic public keys for
known vulnerabilities.

    2d756eb

16:41 Tobias C. Berner (tcberner) 

security/keysmith: new port - Application to generate 2fa tokens

Keysmith is an application to generate two-factor authentication (2FA)
tokens when logging in to your (online) accounts. Currently it supports
both HOTP and TOTP tokens.

WWW:		https://invent.kde.org/utilities/keysmith

    77596f3

03:19 Vanilla I. Shu (vanilla) 

security/lua-argon2: New port

Lua C binding for the Argon2 password hashing function. Compatible with Lua 5.x
and LuaJIT.

PR:		268039
Reported by:	Manuel Wiesinger <manuel at mmap.at>

    0eb692f

12:47 Dag-Erling Smørgrav (des) 

security/opie: New port: One-time Passwords In Everything

Differential Revision: https://reviews.freebsd.org/D37963

    3d4de6d

05:59 Yuri Victorovich (yuri) 

security/diswall: New port: Distributed firewall

    6a09bf4

08:06 Daniel Engberg (diizzy)  Author: Michael Reim

security/teleport5: New port: Centralized access gateway using the SSH protocol

This ports main purpose is to provide an upgrade path for users to
Teleport 6 and newer versions. New installations are STRONGLY
discouraged until we have version 7.X in tree.

PR:		268604

    efc9e9c

10:16 Yuri Victorovich (yuri) 

security/authoscope: New port: Scriptable network authentication cracker

    21e13cb

14:59 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-06-30 security/py-pycrypto: Unmaintained, obsolete, and contains security
vulnerabilities. Use security/py-pycryptodome instead

    d22a548

02:50 Alexey Dokuchaev (danfe) 

Restore three ports removed too early and assume their maintainership.

    a95989d

01:33 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-12-31 security/libfprint: Very outdated, unsupported upstream which now
have systemd as a non optional requirement
2022-12-31 security/fprint_demo: Depends on deprecated library libfprint
2022-12-31 security/fprintd: Very outdated, unsupported upstream which now have
systemd as a non optional requirement

    995d4ad

03:36 Koichiro Iwao (meta) 

security/gokey: New port: Simple password manager writen in Go

PR:		268587

    aeccccd

19:36 Muhammad Moinur Rahman (bofh) 

*/*php74*: Sunset php 7.4

As per upstream php 7.4 has reached it's EOL on 2022-11-22. Remove php74
from the tree. Default version of php has already been switched to 8.1.

Approved by:	portmgr (blanket infrastructure)
Sponsored by:	Bounce Experts

    0d310d7

05:07 Lewis Cook (lcook) 

security/osv-scanner: Vulnerability scanner written in Go which uses the OSV
database

Use OSV-Scanner to find existing vulnerabilities affecting your projects
dependencies.

OSV-Scanner provides an officially supported frontend to the OSV database
that connects a projects list of dependencies with the vulnerabilities
that affect them. Since the OSV.dev database is open source and distributed,
it has several benefits in comparison with closed source advisory databases
and scanners:

* Each advisory comes from an open and authoritative source.
* Anyone can suggest improvements to advisories, resulting in a very high
  quality database.
* The OSV format unambiguously stores information about affected versions
  in a machine-readable format that precisely maps onto a developers list
  of packages.

The above all results in fewer, more actionable vulnerability notifications,
which reduces the time needed to resolve them.

WWW: https://github.com/google/osv-scanner

    b2dc69c

06:33 Fernando Apesteguía (fernape)  Author: Marco

security/crowdsec-blocklist-mirror: New port: CrowdSec Blocklist Mirror

ChangeLog: https://github.com/crowdsecurity/cs-blocklist-mirror

This bouncer exposes CrowdSec's active decisions via provided HTTP endpoints in
pre-defined formats. It can be used by network appliances which support
consumption of blocklists via HTTP.

PR:		268105
Reported by:	marco@crowdsec.net

    4fde381

01:44 Koichiro Iwao (meta)  Author: Rozhuk Ivan

security/gostsum: New port:Implementation of GOST R 34.11-94, GOST R 34.11-2012
hash functions

PR:		268343

    47cc96f

14:22 Muhammad Moinur Rahman (bofh) 

security/local-php-security-checker: New port

The Local PHP Security Checker is a command line tool that checks if
your PHP application depends on PHP packages with known security
vulnerabilities. It uses the Security Advisories Database behind the
scenes availble from https://github.com/FriendsOfPHP/security-advisories

PR:		261148
Reported by:	einar@isnic.is
Tested by:	bofh
Approved by:	einar@isnic.is (Submitter is maintainer)

    0a6ca5e

04:36 Yasuhiro Kimura (yasu) 

security/py-{acme,certbot*}: Update to 2.0.0

ChangeLog:	https://github.com/certbot/certbot/releases/tag/v2.0.0
PR:		267913
Approved by:	maintainer timeout

    65cc12e

18:36 Muhammad Moinur Rahman (bofh) 

security/rubygem-omniauth-saml1: New port

A generic SAML strategy for OmniAuth

Sponsored by:	Nepustil

    524a93c

04:16 Yuri Victorovich (yuri) 

security/openfhe: New port: Open-source Fully Homomorphic Encryption library

    6373568

09:38 Matthias Fechner (mfechner) 

www/gitlab-ce: new ports required for version 15.5

    a892bde

07:33 Muhammad Moinur Rahman (bofh) 

security/rubygem-pundit61: New port

Pundit provides a set of helpers which guide you in leveraging regular
Ruby classes and object oriented design patterns to build a simple,
robust and scaleable authorization system.

Sponsored by:	Nepustil

    39336c4

06:43 Muhammad Moinur Rahman (bofh) 

security/rubygem-doorkeeper-rails61: New port

Doorkeeper is a Ruby gem that makes it easy to introduce OAuth 2
provider functionality to a Rails or Grape application.

Sponsored by:	Nepustil

    89858f6

05:27 Muhammad Moinur Rahman (bofh) 

security/rubygem-devise_pam_authenticatable2-rails61: New port

The devise_pam_authenticatable2 is a Devise extension for authentication
using PAM (Pluggable Authentication Modulues) via the rpam2 gem. This
allows you to authenticate against the local host's authentication
system including local account usernames and passwords.

Sponsored by:	Nepustil

    9acad4e

00:01 Cy Schubert (cy) 

security/heimdal-devel: New port tracking Heimdal develpment

This new heimdal port tracks the Heimdal development branch. The
last security advisory showed us we might want to track its development.

    4e44a84

15:57 Ryan Steinmetz (zi) 

security/shibboleth-idp: new port:

A simple Single Sign-On solution for any organisation with complex
identity management requirements. With excellent scaling capabilities
and customisable user-related data, the Identity Provider equips
workforces with a personalised user experience.

* Widely adaptable to support custom scenarios
* Built-in support for a range of authentication systems
* Handles millions of authentication requests per day

WWW: https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1265631498/Home

    287db69

15:41 Matthias Fechner (mfechner) 

security/rubygem-omniauth-rails_csrf_protection: new port, required for
gitlab-ce

    344c25a

11:05 Mateusz Piotrowski (0mp) 

security/tpm-quote-tools: Add new port

The TPM Quote Tools is a collection of programs that provide support
for TPM based attestation using the TPM quote mechanism. The manual
page for tpm_quote_tools provides a usage overview. The manangement
tools are only used to take ownership of a TPM.

The additional patches[1] in files/ come from AUR and were authored by
Michael Niewöhner. The patches were incomplete according to grawity[2].
I've incorporated grawity's feedback into our patches so that the -y
flag is recognized by a call to getopt().

[1]:
https://aur.archlinux.org/cgit/aur.git/plain/0001-Differentiate-between-owner-and-srk-well-known-passs.patch?h=tpm-quote-tools
[2]: https://aur.archlinux.org/packages/tpm-quote-tools#comment-684239

Sponsored by:	Klara, Inc.

    01e03ae

14:24 Antoine Brodin (antoine) 

security/Makefile: unbreak the ports tree

    26c11a8

12:42 Li-Wen Hsu (lwhsu)  Author: Gabriel M. Dutra

Add security/nuclei: Fast vulnerability scanner

PR:		266509

    2bceb89

12:28 Li-Wen Hsu (lwhsu)  Author: Gabriel M. Dutra

Add security/tfsec: Security scanner for Terraform

PR:		267319

    0155f0a

09:56 Li-Wen Hsu (lwhsu)  Author: Robert Clausecker

Add security/hyperhotp: Programmer for the HOTP feature of hyperFIDO USB
security keys

HyperHOTP is an open re-implementation of the programming software for
the HOTP feature of the hyperFIDO security keys. It's based on reverse-
engineering the Windows-based programmer available on Hypersecu's
website.

WWW: https://github.com/casept/hyperhotp

PR:		267223

    bc2ac75

12:23 Bernard Spil (brnrd) 

security/nextcloud-twofactor_totp: Included in www/nextcloud

 * Nextcloud Hub 3 / 25.0.0 includes the twofactor TOTP provider

    291711e

20:14 Adriaan de Groot (adridg)  Author: Boudhayan Gupta

security/py-certbot-dns-gandi: new port, certbot plugin

This plugin comes from https://github.com/obynio/certbot-plugin-gandi .
Port file from Boudhayan, slightly modified for line length and portlint.

PR:		266860

    851f5d0

20:06 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-09-30 security/pwman3: Depends on expired security/py-pycrypto
2022-09-30 sysutils/py-ansible-base: Depends on expired security/py-pycrypto

    642838c

03:57 Jose Alonso Cardenas Marquez (acm) 

security/py-secure: New port: Adds security headers for python web frameworks

secure.py lock is a lightweight package that adds optional security headers for
Python web frameworks.

    bafd04a

05:45 Jose Alonso Cardenas Marquez (acm) 

security/wazuh-dashboard: New port: Web user interface for data visualization
and analysis

Wazuh is a free and open source platform used for threat prevention, detection,
and response. It is capable of protecting workloads across on-premises,
virtualized, containerized, and cloud-based environments.

Wazuh solution consists of an endpoint security agent, deployed to the
monitored systems, and a management server, which collects and analyzes data
gathered by the agents. Besides, Wazuh has been fully integrated with the
Elastic Stack, providing a search engine and data visualization tool that
allows users to navigate through their security alerts.

    ad9a3f9

05:44 Jose Alonso Cardenas Marquez (acm) 

security/wazuh-server: New port: Components for analyze the data received from
the agents

Wazuh is a free and open source platform used for threat prevention, detection,
and response. It is capable of protecting workloads across on-premises,
virtualized, containerized, and cloud-based environments.

Wazuh solution consists of an endpoint security agent, deployed to the
monitored systems, and a management server, which collects and analyzes data
gathered by the agents. Besides, Wazuh has been fully integrated with the
Elastic Stack, providing a search engine and data visualization tool that
allows users to navigate through their security alerts.

    844dbce

05:42 Jose Alonso Cardenas Marquez (acm) 

security/wazuh-indexer: New port: A highly scalable, full-text search and
analytics engine

Wazuh is a free and open source platform used for threat prevention, detection,
and response. It is capable of protecting workloads across on-premises,
virtualized, containerized, and cloud-based environments.

Wazuh solution consists of an endpoint security agent, deployed to the
monitored systems, and a management server, which collects and analyzes data
gathered by the agents. Besides, Wazuh has been fully integrated with the
Elastic Stack, providing a search engine and data visualization tool that
allows users to navigate through their security alerts.

    8c9cf93

02:40 Neel Chauhan (nc)  Author: Lady Serena Kitty

security/rotate: New Port

Differential Revision:	https://reviews.freebsd.org/D36588

    5f5b3bd

21:44 Neel Chauhan (nc)  Author: Lady Serena Kitty

security/diffcode: New port

Differential Revision:	https://reviews.freebsd.org/D36586

    4ed2ec5

15:16 Nuno Teixeira (eduardo)  Author: Daniel Engberg

security/s2n-tls: Various improvements

 - Define LICENSE_FILE
 - Use ports framework for unit testing
 - Add option for assembly optimization and LTO
 - Disable building tests by default
 - Disable assembly optimization by default (requires AVX2 and BMI2 support
without runtime detection)
 - Use CMake helpers provided by framework
 - Rename s2n -> s2n-tls to match upstream name

PR:		266397

    79a0481

11:26 Felix Palmen (zirias) 

security/linux-c7-openssl-devel: Add new port

This contains the headers to build Linux software using OpenSSL.
Also add USE_LINUX=openssl-devel.

Approved by:		tijl, tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D35903

    b1cb46a

16:42 Felix Palmen (zirias)  Author: Daniel Engberg

security/axc: Add new port

Client lib providing crypto interfaces for libsignal-protocol-c.

PR:			266104
Approved by:		tcberner (mentor)
Differential Revision:	https://reviews.freebsd.org/D36468

    d7813e3

20:37 Larry Rosenman (ler) 

security/1password-client2-beta: [NEW PORT]

Make the beta version of the CLI available in FreeBSD ports.

latest changelog:
https://app-updates.agilebits.com/product_history/CLI2#v2070101

NOTE: you may need to check the "show betas" checkbox on that link.

    caf16d2

15:56 Cy Schubert (cy) 

security/libomemo: Add new port

libomemo implements OMEMO (XEP-0384 v0.3.0) in C. For more information
see https://github.com/gkdr/libomemo.

PR:		265966
Submitted by:	Michael A. Oshin <micadeyeye at gmail.com>
Reported by:	Michael A. Oshin <micadeyeye at gmail.com>

    2bf1fc5

10:10 Po-Chuan Hsieh (sunpoet) 

security/rubygem-openssl2: Add rubygem-openssl2 2.2.1 (copied from
rubygem-openssl)

- Add PORTSCOUT

    dced785

10:10 Po-Chuan Hsieh (sunpoet) 

security/p5-URN-OASIS-SAML2: Add p5-URN-OASIS-SAML2 0.003

URN::OASIS::SAML2 provides constants which are in use by the SAML2
implementation.

WWW: https://metacpan.org/dist/URN-OASIS-SAML2

    2cdd6fc

10:10 Po-Chuan Hsieh (sunpoet) 

security/p5-Net-SAML2: Add p5-Net-SAML2 0.57

Net::SAML2 provides support for the Web Browser SSO profile of SAML2.

Net::SAML2 correctly perform the SSO process against numerous SAML Identity
Providers (IdPs). It has been tested against:
- GSuite (Google)
- Azure (Microsoft Office 365)
- OneLogin
- Jump
- Mircosoft ADFS
- Keycloak
- Auth0
- PingIdentity

WWW: https://metacpan.org/dist/Net-SAML2

    1ca8cd5

10:10 Po-Chuan Hsieh (sunpoet) 

security/p5-Crypt-OpenSSL-Verify: Add p5-Crypt-OpenSSL-Verify 0.35

Given a CA certificate and another untrusted certificate, will show whether the
CA signs the certificate. This is a useful thing to have if you're signing with
X509 certificates, but outside of SSL.

A specific example is where you're working with XML signatures, and need to
verify that the signing certificate is valid.

WWW: https://metacpan.org/dist/Crypt-OpenSSL-Verify

    0973142

04:22 Matthias Fechner (mfechner) 

www/gitlab-ce: added new ports required by gitlab-ce 15.2

    02c44a2

20:53 Juraj Lutter (otis) 

security/py-certbot-dns-powerdns: Add new port

Add py-certbot-dns-powerdns, a PowerDNS certbot authentication module.

WWW: https://github.com/pan-net-security/certbot-dns-powerdns

    6c19d65

22:09 Neel Chauhan (nc)  Author: John W. O'Brien

security/py-pycryptodome-test-vectors: New port: Optional test vectors for
PyCryptodome and PyCryptodomeX

PR:	265668

    8b64941

20:43 Jose Alonso Cardenas Marquez (acm) 

security/py-notus-scanner: New port: scanner for creating results from local
security checks

Notus Scanner detects vulnerable products in a system environment. The scanning
method is to evaluate internal system information. It does this very fast and
even detects currently inactive products because it does not need to interact
with each of the products.

To report about vulnerabilities, Notus Scanner receives collected system
information on the one hand and accesses the vulnerability information from the
feed service on the other. Both input elements are in table form: the system
information is specific to each environment and the vulnerability information
is specific to each system type.

Notus Scanner integrates into the Greenbone Vulnerability Management framework
which allows to let it scan entire networks within a single task. Any
vulnerability test in the format of .notus files inside the Greenbone Feed will
be considered and automatically matched with the scanned environments.

WWW: https://github.com/greenbone/notus-scanner

    a3cdb67

13:21 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-08-01 security/nextcloud-twofactor_u2f: Upstream deprecated this port in
favor of twofactor_webauthn. Check
https://github.com/nextcloud/twofactor_webauthn#migration-from-two-factor-u2f
for migration instructions

    bf8555d

20:20 Jose Alonso Cardenas Marquez (acm) 

security/wazuh-manager: New port: Security tool to monitor and check logs and
intrusions (server)

Wazuh is a free and open source platform used for threat prevention, detection,
and response. It is capable of protecting workloads across on-premises,
virtualized, containerized, and cloud-based environments.

Wazuh solution consists of an endpoint security agent, deployed to the
monitored systems, and a management server, which collects and analyzes data
gathered by the agents. Besides, Wazuh has been fully integrated with the
Elastic Stack, providing a search engine and data visualization tool that
allows users to navigate through their security alerts.

WWW: https://wazuh.com/

    d7fcd1c

11:41 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-07-22 math/intervaltree: Dependent ports now use GH_TUPLE
2022-07-24 security/gnomint: Abandonware, depending on gconf2
2022-07-24 japanese/im-ja: Abandonware, depending on gconf2
2022-07-25 sysutils/mgeupsd: Last release is 23 years old. It is not clear what
devices are supported.

    3bc1119

08:47 Nuno Teixeira (eduardo)  Author: Bruno Damour

security/openca-ocspd: New port: OpenCA’s OCSP responder

 - submitter becomes maintainer

OpenCA OCSP Responder is an rfc2560 compliant OCSPD responder.
The server is a stand-alone application and can be integrated into many
different PKI solutions as it does not depend on specific database scheme.
Furthermore it can be used as a responder for multiple CAs.

WWW: https://www.openca.org/projects/ocspd

PR:		264475

    e0fac72

16:09 Yasuhiro Kimura (yasu) 

security/base-audit: Remove port

* Remove port as 405.pkg-base-audit, core file of the port, is merged
  into ports-mgmt/pkg with pkg 1.18.1.
* Add entry to MOVED

PR:		264878
Approved by:	maintainer

    ad528e1

09:53 Nuno Teixeira (eduardo)  Author: Bruno Damour

security/libpki: New port: OpenCA PKI library (libpki) and tools

 - submitter becomes maintainer

OpenCA LibPKI provides an easy-to-use PKI library for PKI enabled
application development.
The library provides the developer with all the needed functionalities
to manage certificates, from generation to validation.

WWW: https://www.openca.org/projects/libpki

PR:		264474
Reviewed by:	diizzy

    93db311

00:18 Po-Chuan Hsieh (sunpoet) 

security/rubygem-devise-two-factor-rails70: Add
rubygem-devise-two-factor-rails70 5.0.0

Barebones two-factor authentication with Devise

WWW: https://github.com/tinfoil/devise-two-factor

    1271433

21:57 Dan Langille (dvl) 

security/iddawc: New port: OAuth2/OIDC Client

OAuth2/OIDC Client and Relying Party library

    6134351

21:57 Dan Langille (dvl) 

security/rhonabwy: New port: JOSE library

Javascript Object Signing and Encryption (JOSE) library
- JWK, JWKS, JWS, JWE and JWT

    c9befd7

21:25 Po-Chuan Hsieh (sunpoet) 

security/rubygem-net-ssh6: Add rubygem-net-ssh6 6.1.0 (copied from
rubygem-net-ssh)

- Add PORTSCOUT

    087feb3

20:48 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-06-30 databases/pgpool-II-36: Upstream support ended use
databases/pgpool-II-43
2022-06-30 ftp/multiget: Last release in 2007, doesn't support https, depends on
deprecated wxgtk28 and dead upstream. Please consider using net/uget
2022-06-30 devel/electron13: EOLed upstream, switch to newer version
2022-06-30 ftp/puf: Last release in 2006, doesn't support https and upstream is
dead. Please consider using www/aria2
2022-06-30 security/gss: Abandonware, last release in 2014 and no development
since
2022-06-30 security/shishi: Abandonware, last release in 2013 and no development
since
2022-06-30 ftp/urlgfe
2022-06-30 www/nspluginwrapper: Abandonware, last release in 2011 and upstream
is dead. NPAPI plugins are now obsolete and depends on deprecated library GTK 2
2022-06-30 devel/govendor: Use Go modules
2022-06-30 devel/racer: Racer is not actively developped now. Please consider
using newer software such as devel/rust-analyzer.
2022-06-30 net-mgmt/unifi6: No longer maintained by upstream
2022-06-30 devel/dep: Use Go modules
2022-06-30 databases/libgda5-bdb: Depends on deprecated databases/db5
2022-06-30 emulators/qemu5: Use emulators/qemu6 or emulators/qemu
2022-06-30 deskutils/bitcollider: bitzi.com is no longer available, closed down
in 2013
2022-06-30 converters/htx: XHTML is considered obsolete in favor of HTML5
2022-06-30 www/getleft: Abandonware last updated on 2008
2022-06-30 ftp/wxdfast: Last release in 2009, doesn't support https, depends on
deprecated wxgtk28 and dead upstream. Please consider using net/uget

    3088672

19:47 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-06-30 security/ruby-bitwarden: Broken with all supported versions of Ruby
2022-06-30 mail/rubygem-tmail: Broken with all supported versions of Ruby
2022-06-30 www/redmine4: Deprecated by upstream. Please consider using
www/redmine42

    67fa95f

19:41 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-03-31 security/libgringotts: Abandonware, upstream dead and last release in
2008
2022-06-30 deskutils/osmo: Depends on expired security/libgringotts

    92fd457

16:32 Po-Chuan Hsieh (sunpoet) 

security/py-nassl: Add py-nassl 4.0.2

nassl is an experimental OpenSSL wrapper for SSLyze.

WWW: https://github.com/nabla-c0d3/nassl

    d9cd2e5

16:32 Po-Chuan Hsieh (sunpoet) 

security/py-sslyze: Add py-sslyze 5.0.5

SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.

SSLyze can analyze the SSL/TLS configuration of a server by connecting to it, in
order to ensure that it uses strong encryption settings (certificate, cipher
suites, elliptic curves, etc.), and that it is not vulnerable to known TLS
attacks (Heartbleed, ROBOT, OpenSSL CCS injection, etc.).

WWW: https://github.com/nabla-c0d3/sslyze

    9cab43d1

18:49 Tobias C. Berner (tcberner)  Author: Felix Palmen

security/unix-selfauth-helper: Add new port

This little helper enables self-authentication against the local passwd
database using pam_exec.

Differential Revision: https://reviews.freebsd.org/D35347

    5774e49

06:32 Dave Cottlehuber (dch) 

*/*: Remove expired erlang and elixir ports

The rebar, rebar3 and mix tools are now more than a decade old, and are
the preferred ways to fetch and install specific erlang and elixir
modules, aside from core compilers, documentation, and custom build
tools.

See UPDATING and MOVED for details.

https://www.freebsd.org/status/report-2021-07-2021-09/#_freebsd_erlang_ecosystem_ports_update

archivers/erlang-snappy
converters/erlang-base64url
databases/elixir-calecto
databases/elixir-db_connection
databases/elixir-ecto
databases/elixir-geo
databases/elixir-mariaex
databases/elixir-postgrex
databases/elixir-timex_ecto
databases/erlang-couchbeam
databases/erlang-epgsql
databases/erlang-eredis
devel/elixir-apex
devel/elixir-bson
devel/elixir-cachex
devel/elixir-calendar
devel/elixir-combine
devel/elixir-conform
devel/elixir-connection
devel/elixir-coverex
devel/elixir-crontab
devel/elixir-csv
devel/elixir-decimal
devel/elixir-deppie
devel/elixir-dialyze
devel/elixir-distillery
devel/elixir-estree
devel/elixir-eternal
devel/elixir-exactor
devel/elixir-excoveralls
devel/elixir-exjsx
devel/elixir-exprotobuf
devel/elixir-gen_stage
devel/elixir-gettext
devel/elixir-inflex
devel/elixir-libring
devel/elixir-math
devel/elixir-msgpax
devel/elixir-nadia
devel/elixir-nats
devel/elixir-nimble_csv
devel/elixir-paratize
devel/elixir-plug
devel/elixir-poison
devel/elixir-quantum
devel/elixir-smppex
devel/elixir-timex
devel/elixir-trailing_format_plug
devel/elixir-tzdata
devel/elixir-unsafe
devel/erlang-bbmustache
devel/erlang-certifi
devel/erlang-cuttlefish
devel/erlang-erlware_commons
devel/erlang-gen_smtp
devel/erlang-getopt
devel/erlang-goldrush
devel/erlang-hut
devel/erlang-jobs
devel/erlang-jsx
devel/erlang-katana
devel/erlang-lager
devel/erlang-lager_syslog
devel/erlang-meck
devel/erlang-metrics
devel/erlang-parse_trans
devel/erlang-providers
devel/erlang-ssl_verify_fun
devel/erlang-unicode_util_compat
dns/erlang-idna
misc/elixir-mime
misc/elixir-uuid
misc/erlang-mimerl
misc/erlang-mimetypes
net/elixir-kafka_ex
net/elixir-oauth2
net/erlang-ranch
security/elixir-comeonin
security/elixir-comeonin_i18n
security/elixir-jose
security/erlang-fast_tls
security/erlang-jose
textproc/elixir-earmark
textproc/elixir-funnel
textproc/elixir-sweet_xml
textproc/erlang-edown
textproc/erlang-fast_xml
textproc/erlang-p1_utils
textproc/erlang-yamerl
www/elixir-html_entities
www/elixir-html_sanitize_ex
www/elixir-httpoison
www/elixir-httpotion
www/elixir-joken
www/elixir-maru
www/elixir-phoenix
www/elixir-phoenix_ecto
www/elixir-phoenix_html
www/elixir-phoenix_pubsub
www/elixir-webassembly
www/erlang-cowboy
www/erlang-cowlib
www/erlang-hackney
www/erlang-ibrowse
www/erlang-mochiweb
www/erlang-mochiweb-basho
www/erlang-webmachine

PR:		263694
Reviewed by:	olgeni@FreeBSD.org
Approved by:	erlang (with hat)
Sponsored by:	SkunkWerks, GmbH

    ab4964e

11:36 Rene Ladan (rene) 

cleanup: Remove expired ports:

2022-06-25 lang/cmucl: Not supported upstream since 2017 and broken since
FreeBSD 12.1
2022-06-25 devel/qbs: Abandoned and not working with modern clang
2022-06-25 lang/cmucl-extra: lang/cmucl is not supported upstream since 2017 and
broken since FreeBSD 12.1
2022-06-25 security/protonvpn-cli: This version is deprecated and unsupported
upstream. The port needs an update, which would require a fair amount of effort.
Use OpenVPN or Wireguard with configuration files provided by ProtonVPN instead.
2022-06-27 sysutils/firstboot-growfs: A better version is available on all
FreeBSD version
2022-06-27 security/modsecurity3-apache: The project was not developed further
2022-06-29 net-mgmt/zabbix54-frontend: Unsupported by upstream
2022-06-29 net-mgmt/zabbix54-server: Unsupported by upstream

    2fb224a