security/wpa_supplicant: fix for P2P provision vulnerability
Latest version available from: https://w1.fi/security/2021-1/
Vulnerability
A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.
Vulnerable versions/configurations
wpa_supplicant v1.0-v2.9 with CONFIG_P2P build option enabled
An attacker (or a system controlled by the attacker) needs to be within
radio range of the vulnerable system to send a set of suitably
constructed management frames that trigger the corner case to be reached
in the management of the P2P peer table.
Note: The P2P option is not default.
Security: https://w1.fi/security/2021-1/\
wpa_supplicant-p2p-provision-discovery-processing-vulnerability.txt
security/libressl: Bugfix update to 3.2.4
* See errata 013 from OpenBSD 6.8
* Various interoperability issues and memory leaks were discovered in
libcrypto and libssl
security/libressl: Security fix for potential use-after-free
Security: eeca52dc-866c-11eb-b8d6-d4c9ef517024
Approved by: ports-secteam (blanket)
databases/postgresql-mysql_fdw: Upgrade from 2.5.4 to 2.5.5
Fix various bugs, compilation warnings, and server crashes.
Souce: https://github.com/EnterpriseDB/mysql_fdw/releases/tag/REL-2_5_5
Also make minimum PostgreSQL version 9.6. The last version 2.5.4 already
dropped the PostgreSQL 9.5 support. Also imcrease max supported PostgreSQL
version from 11 to 13. This was also introduced in the last version 2.5.4.
Take maintainership
Sponsored by: Bounce Experts
M postgresql-mysql_fdw/Makefile
M postgresql-mysql_fdw/distinfo
mail/dovecot-fts-xapian: Update to 1.4.8
- Update to 1.4.8
Reviewed by: osa (mentor)
Approved by: osa (mentor)
Differential Revision: https://reviews.freebsd.org/D29251
x11/wezterm: add new port
WezTerm is a GPU-accelerated cross-platform terminal emulator and
multiplexer written by @wez and implemented in Rust.
- Multiplex terminal panes, tabs and windows on local and remote
hosts, with native mouse and scrollback
- Ligatures, Color Emoji and font fallback, with true color and
dynamic color schemes
- Hyperlinks
- Searchable Scrollback (use mouse wheel and Shift-PageUp and Shift
PageDown to navigate, Ctrl-Shift-F to activate search mode)
- xterm style selection of text with mouse; paste selection via
Shift-Insert (bracketed paste is supported!)
- SGR style mouse reporting (works in vim and tmux)
- Render underline, double-underline, italic, bold, strikethrough
(most other terminal emulators do not support as many render
attributes)
- Configuration via a file with hot reloading
- Multiple Windows (Hotkey: Super-N)
- Splits/Panes
- Tabs (Hotkey: Super-T, next/prev: Super-[ and Super-], go-to: Super-[1-9])
- SSH client with native tabs
- Connect to serial ports for embedded/Arduino work
- Connect to a local multiplexer server over unix domain sockets
- Connect to a remote multiplexer using SSH or TLS over TCP/IP
- iTerm2 compatible image protocol support, and built-in imgcat command
- Sixel graphics support
https://wezfurlong.org/wezterm/
multimedia/arcan: unbreak on aarch64
(encode) disabled, lzma not found
[...]
Determining if the function lzma_auto_decoder exists in the /usr/lib/liblzma.so failed with the following output:
c++: error: the clang compiler does not support '-march=native'
[...]
===> Checking for items in pkg-plist which are not in STAGEDIR
Error: Missing: bin/afsrv_encode
PR: 254234
Reported by: mikael
mail/fetchmail and mail/fetchmailconf: Update to 6.4.16
PR: 253423
Submitted by: Corey Halpin <chalpin AT cs.wisc DOT edu> (maintainer)
mail/fetchmail: fetchmailconf: update to 6.4.17 (minor fixes, Japanese translation)
# BUG FIXES
* IMAP client: plus memory leaks for username and password when trying
the LOGIN (password-based) authentication and encountered a timeout situation.
* dist-tools/getstats.py: also counts lines in *.py files [for NEWS file]
# CHANGES
* fetchmail.man: now mentions that you may need to add --ssl when specifying
a TLS-wrapped port.
* fetchmailconf: --version (-V) now prints the Python version in use.
# TRANSLATION UPDATE
* ja: Takeshi Hamasaki [Japanese]
PR: 254208
Approved by: Corey Halpin (maintainer)
ChangeLog: 66ae17e72c/NEWS (L85)
java/intellij-rubymine: Fix packaging with non-default Python versions
* Replace a few occurrences in pkg-plist where PYTHON_VER shouldn't be used
as a substitution.
PR: 253815
Approved by: portmgr (build fix)
Approved by: ports-secteam (implicit)
dns/c-ares: Update 1.16.1 -> 1.17.1
Bump to the latest release. Upstream has reorganized the source in this
release, and the port has been adapted to path changes where necessary.
Approved by: zi (maintainer)
Sponsored by: Miles AS
sysutils/lcdproc: fix build on powerpc64 elfv2
Use GCC:
In file included from serialVFD_io.c:45:
./port.h:344:32: error: invalid output constraint '=a' in asm
__asm__ volatile ("inb %1,%0":"=a" (value)
firefox: import upstream bugfixes
1 https://bugzilla.mozilla.org/show_bug.cgi?id=1694670
"Linux startup crash in [@ qcms_data_create_rgb_with_gamma]"
crash on startup when loading certain ICC profiles
2 https://bugzilla.mozilla.org/show_bug.cgi?id=1694699
"Investigate tabs API regression in Firefox 86"
regression causing loss of tabs from tab groups
PR: 253886 ([2])
Reported by: Hans Petter Selasky [1], Graham Perrin [2]
