Harden the class loader to provide a mitigation for CVE-2022-22965
a Spring Framework vulnerability: Effectively disable the
WebappClassLoaderBase.getResources() method as it is not used and
if something accidently exposes the class loader this method can be used to gain
access to Tomcat internals.
Changes: https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.0-M14_(markt)
PR: 262975
Harden the class loader to provide a mitigation for CVE-2022-22965
a Spring Framework vulnerability: Effectively disable the
WebappClassLoaderBase.getResources() method as it is not used and
if something accidently exposes the class loader this method can be used to gain
access to Tomcat internals.
Changes: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.62_(remm)
PR: 262975
Harden the class loader to provide a mitigation for CVE-2022-22965
a Spring Framework vulnerability: Effectively disable the
WebappClassLoaderBase.getResources() method as it is not used and
if something accidently exposes the class loader this method can be used to gain
access to Tomcat internals.
Changes: https://tomcat.apache.org/tomcat-8.5-doc/changelog.html#Tomcat_8.5.78_(markt)
PR: 262975
lux is an image viewer for 'normal' images and the most common types of
panoramic images, typically showing a 'rectilinear' view to the image
data, which looks as if this view had been taken with an 'ordinary'
lens. The view can be zoomed, panned, scrolled, rotated and modified in
several ways. lux displays images, it does not modify them. But it can
produce high-quality images from the view it shows. lux can also
produce synoptic views of several images and do stitching, HDR blending,
exposure fusions, focus stacks and deghosting, usually from 'PTO' files,
processing a subset of the panotools standard used by panorama stitching
software like hugin.
WWW: https://bitbucket.org/kfj/pv
PR: 262943
This project originally started out as a fork of squashfs-tools 4.3,
after encountering some short comings and realizing that there have
been no updates on the SourceForge site or mailing list for a long
time. Even before the first public release, the fork was replaced
with a complete re-write after growing frustrated with the existing
code base.
The utilities provided by squashfs-tools-ng offer alternative tooling
and are intentionally named differently, so both packages can be
installed side by side.
WWW: https://infraroot.at/projects/squashfs-tools-ng/
2022-03-31 devel/hadoop2: Depends on expired devel/maven3
databases/opentsdb
2022-03-31 databases/hbase: Outdated, unsupported by upstream since June 2019 (upstream is at 2.3 and higher)
The clang-pseudo program is provided by clang-tools-extras (the
EXTRAS option), but was incorrectly tagged as part of CLANG.
This also broke the lite flavor.
2022-03-31 security/hashcat-legacy: Unsupported upstream, please consider using security/hashcat
2022-03-31 security/razorback-masterNugget: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 security/razorback-syslogNugget: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 security/pxytest: Abandonware, last release around 2003, dead upsteam and unfetchable
2022-03-31 security/razorback-api: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 security/revealrk: Deprecate, marked BROKEN on 12+ in 2018
2022-03-31 devel/apache-commons-modeler: Abandoned upstream, last release in 2013
2022-03-31 security/afl: Abandoned upstream, no new release since 2017. Please consider using security/afl++ instead
2022-03-31 www/mod_line_edit: Abandoned upstream, last release in 2006, Apache includes mod_sed
2022-03-31 www/myfaces: Unsupported by upstream, released in 2005
2022-03-31 www/mod_backtrace: Abandoned upstream in 2012 (version 2.0)
2022-03-31 security/base: Broken with PHP 7+, forked here https://github.com/NathanGibbs3/BASE/
2022-03-31 security/find-zlib: Deprecated, no longer relevant
2022-03-31 security/razorback-clamavNugget: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 security/shimmer: Abandonware, last release in 2008
2022-03-31 security/kripp: Abandonware, upstream returns 404 and last release was back in 2007
2022-03-31 security/ipfilter2dshield: Abandonware, no word of it on upstream web site
2022-03-31 security/sha: Obsolete, we have tools in base
2022-03-31 security/gputty: Unfetchable, dead upstream
2022-03-31 java/apache-commons-discovery: Abandoned upstream, last release in 2006
2022-03-31 www/geronimo: Port outdated, unsupported upstream and depends on deprecated software
2022-03-31 security/isakmpd: 15+ years old and broken on multiple versions
2022-03-31 security/razorback-swfScanner: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 devel/hadoop: Outdated, unsupported upstream
2022-03-31 java/apache-commons-primitives: Abandoned upstream, last release in 2003
2022-03-31 security/l5: Abandonware, broken on amd64 for 10+ years
2022-03-31 security/unicornscan: Very outdated and abandoned, current version in tree was released in 2004 and last release by upstream in Aug 2013. Please consider using security/nmap or security/rustscan
2022-03-31 security/gringotts: Abandonware, upstream dead and last release in 2009
2022-03-31 security/axTLS: Very outdated and abandoned, current version in tree was released in 2013 and last by upstream in 2019
2022-03-31 security/shttpscanner: Abandonware, last release in 2006
2022-03-31 security/sniff: Abandonware, last release around 2000 and dead upstream. Please consider using net/wireshark
2022-03-31 security/razorback-archiveInflate: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 security/scanssh: Abandonware, last release in 2005. Please consider using security/nmap or security/rustscan
2022-03-31 security/symbion-sslproxy: Abandonware, last release in 2009 and inactive upstream
2022-03-31 security/manipulate_data: Abandonware, unsupported upstream
2022-03-31 security/vinetto: Obsolete, targets deprecated Windows operating systems such as XP and 2003 Server
2022-03-31 security/pbnj: Abandonware, last release in 2006 and reported broken upstream in 2017 upstream
2022-03-31 databases/jasperreports: Unsupported by upstream, released in 2013
2022-03-31 security/retranslator: Deprecated upstream (EOL)
2022-03-31 security/cp2fwb: Abandonware, used with deprecated software Firewall Builder.
2022-03-31 security/webscarab: Deprecated by upstream in 2014
2022-03-31 security/pscan: Abandonware, last release in 2000
2022-03-31 security/vnccrack: Outdated and abandoned, last release in 2008. Upstream is at 2.1 while version in ports is 1.0.0
2022-03-31 security/doscan: Abandonware, last release in 2014. Please consider using security/masscan or sysutils/pnscan
2022-03-31 security/radamsa: Abandonware, last release in 2017 and marked as BROKEN in late 2020
2022-03-31 security/trinokiller: Abandonware, dead upstream
2022-03-31 security/spybye: Abandonware, last release in 2008 and no upstream development
2022-03-31 security/razorback-officeCat: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 textproc/crimson: Deprecated by upstream 2010-08-06
2022-03-31 security/tripwire-131: Deprecated, please consider using security/tripwire instead
2022-03-31 security/bruteforceblocker: Abandonware, please consider using security/sshguard
2022-03-31 security/razorback-fsMonitor: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 security/tlswrap: Abandonware, last release in 2007 and dead upstream
2022-03-31 security/sslsniffer: Abandonware, last release in 2001. Please consider using security/sslsplit or security/sslproxy
2022-03-31 security/strobe: Abandonware, last release around 2000 and dead upstream. Please consider using security/nmap or security/rustscan
2022-03-31 security/amap: Abandoned upstream, no new release for 10+ years. Please consider using security/nmap or security/rustscan
2022-03-31 security/ppars: Abandonware, no word of it on upstream web site
2022-03-31 security/zebedee: Abandonware, last release in 2005 and runtime issues reported upstream
2022-03-31 security/matrixssl: Abandonware, dead upstream
2022-03-31 security/razorback-virusTotal: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 security/stud: Abandonware, marked BROKEN on 12+ in 2019
2022-03-31 security/sslwrap: Abandonware, marked BROKEN on 12+ in 2019
2022-03-31 security/dcetest: Targets deprecated protocol by Microsoft in favour of .NET
2022-03-31 security/l0phtcrack: Obsolete, Microsoft LANMAN and NT password hashes are deprecated
2022-03-31 security/slurpie: Abandonware, last release around 2000 and dead upstream
2022-03-31 security/ike: Abandonware, last release in 2013 and IKEv1 is considered to be insecure
2022-03-31 security/mussh: Abandonware, last release in 2011 please consider using security/teleport
2022-03-31 security/razorback-fsWalk: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 security/hackbot: Abandonware, last release in 2003. Please consider using security/nmap or security/rustscan
2022-03-31 security/phpsecinfo: Abandonware, last release in 2006
2022-03-31 security/libpreludedb: Very outdated, current version in tree was released back in 2015 and upstream is still active
2022-03-31 security/ipfw2dshield: Abandonware, no word of it on upstream web site
2022-03-31 security/razorback-fileInject: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 security/gwee: Abandonware, last release 15+ years ago and dead upstream
2022-03-31 security/pktsuckers: Abandonware, last release from somewhere around 1999
2022-03-31 security/slush: Obsolete, listed as alpha quality, last release around 2000 and dead upstream
2022-03-31 security/integrit: Abandonware, last release in 2003
2022-03-31 security/razorback-pdfFox: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 security/razorback-yaraNugget: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 security/hlfl: Abandonware, last release in 2003
2022-03-31 security/jbrofuzz: Abandonware, no word of it on upstream web site and last release was 10 years ago
2022-03-31 security/libpwstor: Abandonware, last release in 2008
2022-03-31 security/smtpscan: Abandonware, last release in 2003 and dead upstream. Please consider using security/nmap
2022-03-31 security/cisco-torch: Abandonware, dead upstream
2022-03-31 security/amavis-stats: Abandoned, upstream is dead and last release was back in 2005
2022-03-31 textproc/lucene4: Unsupported by upstream, released in 2015
2022-03-31 java/apache-commons-discovery: Abandoned upstream, last release in 2006
2022-03-31 devel/liballium: Abandonware, last release in 2014 and upstream is dead
2022-03-31 www/sakai: Depends on expired www/tomcat7
2022-03-31 graphics/deegree-wpvs: Depends on expired www/tomcat7
2022-03-31 graphics/deegree-igeoportal: Depends on expired www/tomcat7
2022-03-31 www/jspwiki: Depends on expired www/tomcat7
2022-03-31 graphics/deegree-wcs: Depends on expired www/tomcat7
2022-03-31 graphics/deegree-csw: Depends on expired www/tomcat7
2022-03-31 graphics/deegree-wms: Depends on expired www/tomcat7
2021-12-31 www/tomcat7: Tomcat 7 is EOL on 2021-03-31. Please upgrade to a later version
2022-03-31 devel/gitblit: Depends on expired www/tomcat7
2022-03-31 graphics/barbecue: Depends on expired www/tomcat7
2022-03-31 graphics/deegree-wfs: Depends on expired www/tomcat7
2022-03-31 graphics/deegree-wps: Depends on expired www/tomcat7
2022-03-31 sysutils/rubygem-smart_proxy_chef: Depends on expired sysutils/rubygem-chef-api
2021-12-31 sysutils/rubygem-chef-api: The chef-api gem is no longer maintained. Please use the supported Chef::ServerAPI library from the Chef gem
2022-03-31 databases/redis5: EOLed upstream
2022-03-31 security/outguess: Abandonware, dead upstream and last release in 2001
2022-01-15 devel/maven3: Outdated, unsupported upstream
2022-01-15 devel/maven33: Outdated, unsupported upstream
2022-03-31 devel/monotone: Abandoned upstream, no release since 2014
2022-03-31 security/botan110: Deprecated upstream, users are recommended to migrate to 2.x
2022-03-31 net/hping: Deprecated upstream, please consider using net/hping3 instead
2022-03-31 sysutils/autopsy: Very outdated, current version in tree was released back in 2010 and upstream is still active
2022-03-31 java/cryptix-jce: Abandonware, last release in 2005 and listed as dead upstream
2022-03-31 net-mgmt/netustad: Abandonware, dead upstream, unfetchable and is marked BROKEN for 13+
2022-03-31 www/paros: Abandonware, last release in 2006 and dead upstream
2022-03-31 net/queso: Abandonware and obsolete, last release back in 1998. Please consider using security/nmap instead
2022-03-31 mail/rlytest: Abandonware, last release in 2003 and dead upstream
2022-03-31 net/ssvnc: Abandonware, last release in 2011 and broken functionality reported upstream
2022-03-31 sysutils/webjob: Abandonware, last release in 2012 and broken on multiple architectures
2022-03-31 dns/bundy: Project is in hibernation and not recommended to use in production
2022-03-31 lang/ruby26: Use newer version of Ruby. Ruby 2.6 will reach its EoL on March 31, 2022
2022-03-31 textproc/kibana6: Uses expired www/node10
2021-04-30 www/node10: Node.js v10.x reaches end-of-life on 2021-04-30, see https://github.com/nodejs/Release
2022-03-31 comms/zssh: Abandonware, last release in 2003. Please consider using scp or net/croc instead
2022-03-31 devel/py-dataclasses: Included in Python 3.7 or later
2022-03-31 net-im/diligent: Abandoned upstream, users also confirms port to be non working
2022-03-31 www/typo3-9: Mainstream support ended 2021-09-30
2022-03-31 databases/adodb: Unsupported upstream, cannot be used with PHP 8.0+
2022-03-31 audio/clementine-player: Last release in 2016, many issue reports upstream and little to no development for years. Please consider using audio/strawberry
2022-03-31 security/libprelude: Very outdated, current version in tree was released back in 2015 and upstream is still active
2022-03-31 www/crp: Abandonware, last release in 2003 and upstream refers to PHP 4.x and is dead
2022-03-31 devel/fb-adb: Last release in 2016 and deprecated by upstream, please consider using devel/android-tools-adb instead
2022-03-31 comms/o2sms: Abandonware, last release in 2010 and upstream is dead
2022-03-31 comms/p5-SMS-Send-TW-Qma: QMA service provider is no longer around
2022-03-31 comms/p5-SMS-Send-TW-ShareSMS: Service provider is no longer around
2022-03-31 comms/yaps: Service providers are no longer around and/or are no longer providing this service
2022-03-31 security/arirang: Abandoned upstream and last release was back in 2011
2022-03-31 security/openvpn-mbedtls: mbedTLS only has a minimum viable TLSv1.3 implementation, and OpenVPN-mbedtls does not work on FreeBSD 14-CURRENT
2022-03-31 www/mod_proxy_xml: Abandoned upstream, last release in 2004
2022-03-31 www/mod_xmlns: Abandoned upstream, last release in 2004
2022-03-31 www/mod_authnz_crowd: Abandoned upstream in 2014, doesn't work with Apache 2.4+
2022-03-31 security/razorback-scriptNugget: Abandonware, last release in 2012 and listed as alpha quality by upstream
2022-03-31 dns/bind911: End of life, please migrate to a newer version of BIND9
2022-03-31 www/grafana6: EOLed upstream, unfixed vulnerabilities
2022-03-31 security/govpn: Deprecated upstream, reference: http://www.govpn.info/
