This is a security fix for an issue that has not yet been disclosed. The
vuxml entry will be updated once the CVE is available.
The patch to mitigate the vulnerability was introduced already on
2021-04-23 in the FreeBSD port as 3.2.1_1.
Security: e4403051-a667-11eb-b9c9-6cc21735f730
Upstream can now check at runtime for SIMD availaibility. Merge upstream commits 91173a287e and 21a40abc5c to implement it.
Local patch is used because upstream patch doesn't apply.
Remove -maltivec and -mvsx, upstream now properly sets those flags on their own.
2021-04-22 net/samba411: Security Support ends on 03 Dec 2020
2021-04-22 net-im/cordless: Unmaintained and dead upstream, uses the old Discord API which notably has got users banned
2021-04-18 news/plor: listed as "Alpha-release" but last update in 2001; unmaintained
2021-04-20 security/certificate-transparency: Broken for more than 6 months
The dependencies where previously added indirectly through the
dependency chain via opensaml, bust the Q/A disapproved of that.
Add patch to check for missing DataSealer during cookie recovery.
The april bugfix release for KDE Plasma is here. This wasn't
done immediately for the 5.21.3 ports commit that I landed
yesterday because I wasn't paying attention to latest
releases. Release notes are at
https://kde.org/announcements/plasma/5/5.21.4/
KDE Gear 21.04
Thursday, 22 April 2021
Welcome to KDE Gear ⚙️ 21.04!
KDE produces literally dozens of apps for work, play, education, and
creativity. Kontact, for example, gives you control over all your email,
contact, and agenda; Itinerary keeps you up to date with everything you
need regarding your trips; the KAlgebra graphing calculator works
equally well on your desktop and your phone; Cantor provides you with an
intuitive way of analyzing data and graphing the results; and Kdenlive
makes cutting and building sophisticated-looking videos not only easy,
but fun as well.
These are but a few of the apps releasing new updates today. When
combined with the KDE’s powerful Plasma desktop, they provide you with
most, if not all, the tools you need to be productive in a versatile and
flexible Linux^WFreeBSD environment.
But you don’t even need to run Linux! Many of the apps in this
announcement work on Windows, macOS, and Android as well. This is what
convergent means for KDE: use your favorite apps anywhere, on any
system, on your work computer, mobile or even on your TV!
And, remember: KDE’s apps, the Plasma desktop, Plasma Mobile, Plasma
BigScreen and all the rest of KDE’s software are free and open source.
No licensing, no hidden costs, no spying. Share them with your friends,
install them at work, or use them in your school lab. It is your
software to enjoy where and how you want.
Full announcement and changelogs:
https://kde.org/announcements/gear/21.04/
This updates the KDE Plasma parts to release 5.21.3. There is one
new port, plasma5-systemmonitor, which is the upcoming replacement
for KDE sysguard. It is not installed by default.
Release notes are at
https://kde.org/announcements/plasma/5/5.21.3/
Previous commits tidying up DOCS options left some non-
applications consumers without the necessary kdoctools
dependency, so (re)introduce that now.
https://github.com/zeek/zeek/releases/tag/v4.0.1
Fix null-pointer dereference when encountering an invalid enum name
in a config/input file that tries to read it into a set[enum]. For
those that have such an input feed whose contents may come from
external/remote sources, this is a potential DoS vulnerability.
https://github.com/zeek/zeek/releases/tag/v4.0.1
This release fixes the following vulnerability:
- Fix null-pointer dereference when encountering an invalid enum
name in a config/input file that tries to read it into a set[enum].
For those that have such an input feed whose contents may come
from external/remote sources, this is a potential DoS vulnerability.
Other fixes:
- Fix mime type detection bug in IRC/FTP file_transferred event
for file data containing null-bytes
- Fix potential for missing timestamps in SMB logs
- Remove use of LeakSanitizer API on FreeBSD where it's unsupported
- Fix incorrect parsing of ERSPAN Type I
- Fix incorrect/overflowed n value for SSL_Heartbeat_Many_Requests
notices where number of server heartbeats is greater than number
of client heartbeats.
- Fix missing user_agent existence check in smtp/software.zeek
(causes reporter.log error noise, but no functional difference)
- Fix include order of bundled headers to avoid conflicts with
pre-existing/system-wide installs
- Fix musl build (e.g. Void, Alpine, etc.)
- Fix build with -DENABLE_MOBILE_IPV6 / ./configure --enable-mobile-ipv6
- Add check for null packet data in pcap IOSource, which is an
observed state in Myricom libpcap that crashes Zeek via null-pointer
dereference
- Allow CRLF line-endings in Zeek scripts and signature files
- Fix armv7 build
- Fix unserialization of set[function], generally now used by
connection record removal hooks, and specifically breaking
intel.log of Zeek clusters
- Fix indexing of set/table types with a vector
- Fix precision loss in ASCII logging/printing of large double,
time, or interval values
- Improve handling of invalid SIP data before requests
- Fix copy()/cloning vectors that have holes (indices w/ null
values)
Reported by: Jon Siwek
Even though users will never see it since it is either excluded or
forced on, let's not rely on options implementation quirks and
define it properly.
Reported by: portscan
- Mark BROKEN for 11.X and 12.X. Cannot detect flex from ports. There is
an ongoing issue at upstream.
https://github.com/snort3/snort3/issues/168
- Use OPTIONSNG for couple of OPTIONS
Reported by: adridg
