diff options
Diffstat (limited to '')
146 files changed, 926 insertions, 816 deletions
diff --git a/security/2fa/Makefile b/security/2fa/Makefile index 5beeef73f678..48602f14288e 100644 --- a/security/2fa/Makefile +++ b/security/2fa/Makefile @@ -1,7 +1,7 @@ PORTNAME= 2fa DISTVERSIONPREFIX= v DISTVERSION= 1.2.0 -PORTREVISION= 31 +PORTREVISION= 32 CATEGORIES= security MAINTAINER= mauroeldritch@gmail.com diff --git a/security/Makefile b/security/Makefile index c49e8676f481..e3840f2246ac 100644 --- a/security/Makefile +++ b/security/Makefile @@ -234,7 +234,6 @@ SUBDIR += hyperhotp SUBDIR += i2pd SUBDIR += iaikpkcs11wrapper - SUBDIR += iddawc SUBDIR += idea SUBDIR += identify SUBDIR += imds-filterd @@ -953,6 +952,7 @@ SUBDIR += py-google-auth SUBDIR += py-google-auth-httplib2 SUBDIR += py-google-auth-oauthlib + SUBDIR += py-google-cloud-kms SUBDIR += py-gpg SUBDIR += py-gpsoauth SUBDIR += py-greenbone-feed-sync diff --git a/security/acmetool/Makefile b/security/acmetool/Makefile index e1c08c45d774..ea4436b4bf44 100644 --- a/security/acmetool/Makefile +++ b/security/acmetool/Makefile @@ -1,7 +1,7 @@ PORTNAME= acmetool DISTVERSIONPREFIX= v DISTVERSION= 0.2.2 -PORTREVISION= 21 +PORTREVISION= 22 CATEGORIES= security MAINTAINER= samm@FreeBSD.org diff --git a/security/age/Makefile b/security/age/Makefile index 8b79fd0ecdef..ff7a14b78333 100644 --- a/security/age/Makefile +++ b/security/age/Makefile @@ -1,7 +1,7 @@ PORTNAME= age DISTVERSIONPREFIX= v DISTVERSION= 1.2.1 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/assh/Makefile b/security/assh/Makefile index 18d04ad440df..394cf9c86441 100644 --- a/security/assh/Makefile +++ b/security/assh/Makefile @@ -1,7 +1,7 @@ PORTNAME= assh DISTVERSIONPREFIX= v DISTVERSION= 2.15.0 -PORTREVISION= 25 +PORTREVISION= 26 CATEGORIES= security MAINTAINER= ashish@FreeBSD.org diff --git a/security/aws-c-cal/Makefile b/security/aws-c-cal/Makefile index c20c47ed86bb..f018701e5d62 100644 --- a/security/aws-c-cal/Makefile +++ b/security/aws-c-cal/Makefile @@ -1,6 +1,6 @@ PORTNAME= aws-c-cal DISTVERSIONPREFIX= v -DISTVERSION= 0.9.3 +DISTVERSION= 0.9.4 CATEGORIES= security MAINTAINER= eduardo@FreeBSD.org diff --git a/security/aws-c-cal/distinfo b/security/aws-c-cal/distinfo index c3fa370d9411..e8b721263ad6 100644 --- a/security/aws-c-cal/distinfo +++ b/security/aws-c-cal/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1758220673 -SHA256 (awslabs-aws-c-cal-v0.9.3_GH0.tar.gz) = 7033e3efecbb1f6eddd0f549bb071b166e1aaca5f8fb4b215d0d0de5cb2e9496 -SIZE (awslabs-aws-c-cal-v0.9.3_GH0.tar.gz) = 1686833 +TIMESTAMP = 1760573923 +SHA256 (awslabs-aws-c-cal-v0.9.4_GH0.tar.gz) = 0c26d3092ecc3b23d41ac411a0c6c8d3f56f38bc1d396e0b40a008db6ae0f63f +SIZE (awslabs-aws-c-cal-v0.9.4_GH0.tar.gz) = 1689214 diff --git a/security/aws-iam-authenticator/Makefile b/security/aws-iam-authenticator/Makefile index 60b0556f8036..921f039f43c8 100644 --- a/security/aws-iam-authenticator/Makefile +++ b/security/aws-iam-authenticator/Makefile @@ -1,7 +1,7 @@ PORTNAME= aws-iam-authenticator PORTVERSION= 0.7.7 DISTVERSIONPREFIX= v -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= danilo@FreeBSD.org diff --git a/security/aws-lc/Makefile b/security/aws-lc/Makefile index f9ffe2737b4f..c185291aed80 100644 --- a/security/aws-lc/Makefile +++ b/security/aws-lc/Makefile @@ -1,5 +1,5 @@ PORTNAME= aws-lc -PORTVERSION= 1.61.0 +PORTVERSION= 1.61.4 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/aws-lc/distinfo b/security/aws-lc/distinfo index 22aea2964882..603f5a0c62c4 100644 --- a/security/aws-lc/distinfo +++ b/security/aws-lc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1759324018 -SHA256 (aws-aws-lc-v1.61.0_GH0.tar.gz) = c5c6cc7dea4c08300fb139272eb6fcc259918dab37587db8b6631c75830dbc0c -SIZE (aws-aws-lc-v1.61.0_GH0.tar.gz) = 127480894 +TIMESTAMP = 1759816568 +SHA256 (aws-aws-lc-v1.61.4_GH0.tar.gz) = 443b62dbb51bb4ce1ce16150fa555da4182e3ba4c928f57f74eb07097138893c +SIZE (aws-aws-lc-v1.61.4_GH0.tar.gz) = 127438620 diff --git a/security/aws-vault/Makefile b/security/aws-vault/Makefile index 7c4987397e8e..1329f09f3035 100644 --- a/security/aws-vault/Makefile +++ b/security/aws-vault/Makefile @@ -1,7 +1,7 @@ PORTNAME= aws-vault DISTVERSIONPREFIX= v DISTVERSION= 6.6.2 -PORTREVISION= 22 +PORTREVISION= 23 CATEGORIES= security MAINTAINER= mauroeldritch@gmail.com diff --git a/security/boringssl/Makefile b/security/boringssl/Makefile index 15b93986792e..7d5bd79dbf53 100644 --- a/security/boringssl/Makefile +++ b/security/boringssl/Makefile @@ -1,6 +1,6 @@ PORTNAME= boringssl PORTVERSION= 0.20250818.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security EXTRACT_ONLY= ${GH_ACCOUNT}-${PORTNAME}-${PORTVERSION}_GH0.tar.gz diff --git a/security/caldera-ot/Makefile b/security/caldera-ot/Makefile index 6d40de8dedde..ff8d5e1f0f77 100644 --- a/security/caldera-ot/Makefile +++ b/security/caldera-ot/Makefile @@ -1,6 +1,6 @@ PORTNAME= caldera-ot DISTVERSION= 5.3.0 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security python MAINTAINER= acm@FreeBSD.org diff --git a/security/caldera/Makefile b/security/caldera/Makefile index 7b961242f964..43dbdf79fee9 100644 --- a/security/caldera/Makefile +++ b/security/caldera/Makefile @@ -1,6 +1,6 @@ PORTNAME= caldera DISTVERSION= 5.3.0 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= security python MAINTAINER= acm@FreeBSD.org diff --git a/security/certificate_maker/Makefile b/security/certificate_maker/Makefile index a1f7147d229e..e56dbf5b0787 100644 --- a/security/certificate_maker/Makefile +++ b/security/certificate_maker/Makefile @@ -1,7 +1,7 @@ PORTNAME= certificate_maker DISTVERSIONPREFIX= v DISTVERSION= 1.7.1 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/certmgr/Makefile b/security/certmgr/Makefile index 89cc10dc8d39..7ff0fb9a570c 100644 --- a/security/certmgr/Makefile +++ b/security/certmgr/Makefile @@ -1,7 +1,7 @@ PORTNAME= certmgr DISTVERSIONPREFIX= v DISTVERSION= 3.0.3 -PORTREVISION= 31 +PORTREVISION= 32 CATEGORIES= security net MAINTAINER= fuz@FreeBSD.org diff --git a/security/cfssl/Makefile b/security/cfssl/Makefile index cddbca7ccadb..269dff7db0a4 100644 --- a/security/cfssl/Makefile +++ b/security/cfssl/Makefile @@ -1,7 +1,7 @@ PORTNAME= cfssl DISTVERSIONPREFIX= v DISTVERSION= 1.6.5 -PORTREVISION= 14 +PORTREVISION= 15 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/cosign/Makefile b/security/cosign/Makefile index cc5869f8229f..273d56014e86 100644 --- a/security/cosign/Makefile +++ b/security/cosign/Makefile @@ -1,7 +1,7 @@ PORTNAME= cosign DISTVERSIONPREFIX= v DISTVERSION= 2.6.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/crlfuzz/Makefile b/security/crlfuzz/Makefile index b044b331d508..82794788a768 100644 --- a/security/crlfuzz/Makefile +++ b/security/crlfuzz/Makefile @@ -1,7 +1,7 @@ PORTNAME= crlfuzz PORTVERSION= 1.4.1 DISTVERSIONPREFIX= v -PORTREVISION= 31 +PORTREVISION= 32 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/crowdsec-blocklist-mirror/Makefile b/security/crowdsec-blocklist-mirror/Makefile index db51291357ac..c3a6375e257e 100644 --- a/security/crowdsec-blocklist-mirror/Makefile +++ b/security/crowdsec-blocklist-mirror/Makefile @@ -2,7 +2,7 @@ PORTNAME= crowdsec-blocklist-mirror DISTVERSIONPREFIX= v DISTVERSION= 0.0.2 DISTVERSIONSUFFIX= -freebsd -PORTREVISION= 18 +PORTREVISION= 19 CATEGORIES= security MAINTAINER= marco@crowdsec.net diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile index 69a05722f3b5..718699706db0 100644 --- a/security/crowdsec-firewall-bouncer/Makefile +++ b/security/crowdsec-firewall-bouncer/Makefile @@ -1,7 +1,7 @@ PORTNAME= crowdsec-firewall-bouncer DISTVERSIONPREFIX= v DISTVERSION= 0.0.32 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= marco@crowdsec.net diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile index 2f84c37e2340..9d161dee8157 100644 --- a/security/crowdsec/Makefile +++ b/security/crowdsec/Makefile @@ -1,7 +1,7 @@ PORTNAME= crowdsec DISTVERSIONPREFIX= v DISTVERSION= 1.7.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= marco@crowdsec.net diff --git a/security/ct-submit/Makefile b/security/ct-submit/Makefile index d494fa194d0b..ada7fb57ab00 100644 --- a/security/ct-submit/Makefile +++ b/security/ct-submit/Makefile @@ -1,6 +1,6 @@ PORTNAME= ct-submit PORTVERSION= 1.1.2 -PORTREVISION= 31 +PORTREVISION= 32 CATEGORIES= security www MAINTAINER= jim@ohlste.in diff --git a/security/enc/Makefile b/security/enc/Makefile index 91c567cfd983..94c9bdde1eb8 100644 --- a/security/enc/Makefile +++ b/security/enc/Makefile @@ -1,6 +1,6 @@ PORTNAME= enc DISTVERSION= 1.1.4 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= dtxdf@FreeBSD.org diff --git a/security/ffuf/Makefile b/security/ffuf/Makefile index 7d927331649d..00b450957940 100644 --- a/security/ffuf/Makefile +++ b/security/ffuf/Makefile @@ -1,7 +1,7 @@ PORTNAME= ffuf DISTVERSIONPREFIX=v DISTVERSION= 2.1.0 -PORTREVISION= 16 +PORTREVISION= 17 CATEGORIES= security www MAINTAINER= dutra@FreeBSD.org diff --git a/security/git-credential-azure/Makefile b/security/git-credential-azure/Makefile index 4aa8774b122b..7776f22cf7c1 100644 --- a/security/git-credential-azure/Makefile +++ b/security/git-credential-azure/Makefile @@ -1,7 +1,7 @@ PORTNAME= git-credential-azure DISTVERSIONPREFIX= v DISTVERSION= 0.3.1 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= security MAINTAINER= ehaupt@FreeBSD.org diff --git a/security/git-credential-oauth/Makefile b/security/git-credential-oauth/Makefile index 1e7a5104f0ae..81e955e5d82b 100644 --- a/security/git-credential-oauth/Makefile +++ b/security/git-credential-oauth/Makefile @@ -1,7 +1,7 @@ PORTNAME= git-credential-oauth DISTVERSIONPREFIX= v DISTVERSION= 0.16.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= ehaupt@FreeBSD.org diff --git a/security/gitjacker/Makefile b/security/gitjacker/Makefile index c4e0ac31794a..9507020d2c63 100644 --- a/security/gitjacker/Makefile +++ b/security/gitjacker/Makefile @@ -1,7 +1,7 @@ PORTNAME= gitjacker DISTVERSIONPREFIX= v DISTVERSION= 0.1.0 -PORTREVISION= 31 +PORTREVISION= 32 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/go-cve-dictionary/Makefile b/security/go-cve-dictionary/Makefile index c2c58f86a02d..39b35c16721d 100644 --- a/security/go-cve-dictionary/Makefile +++ b/security/go-cve-dictionary/Makefile @@ -1,7 +1,7 @@ PORTNAME= go-cve-dictionary DISTVERSIONPREFIX=v DISTVERSION= 0.11.0 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= security MAINTAINER= girgen@FreeBSD.org diff --git a/security/go-tuf/Makefile b/security/go-tuf/Makefile index a3201e7115d0..4b93fafd4f57 100644 --- a/security/go-tuf/Makefile +++ b/security/go-tuf/Makefile @@ -1,7 +1,7 @@ PORTNAME= go-tuf DISTVERSIONPREFIX= v DISTVERSION= 2.2.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/gokart/Makefile b/security/gokart/Makefile index 6f6ae755af2d..b461de345e3f 100644 --- a/security/gokart/Makefile +++ b/security/gokart/Makefile @@ -1,7 +1,7 @@ PORTNAME= gokart DISTVERSIONPREFIX= v DISTVERSION= 0.5.1 -PORTREVISION= 25 +PORTREVISION= 26 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/gokey/Makefile b/security/gokey/Makefile index f7514b53adf1..f04c171ba84a 100644 --- a/security/gokey/Makefile +++ b/security/gokey/Makefile @@ -1,7 +1,7 @@ PORTNAME= gokey DISTVERSIONPREFIX= v DISTVERSION= 0.1.3 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/gopass/Makefile b/security/gopass/Makefile index 8e0372bbbd8d..6c4fb8b9ba98 100644 --- a/security/gopass/Makefile +++ b/security/gopass/Makefile @@ -1,7 +1,7 @@ PORTNAME= gopass DISTVERSIONPREFIX= v DISTVERSION= 1.15.18 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= eduardo@FreeBSD.org diff --git a/security/gosec/Makefile b/security/gosec/Makefile index bf5e9d25d5d1..c70f9a7edd9a 100644 --- a/security/gosec/Makefile +++ b/security/gosec/Makefile @@ -1,7 +1,7 @@ PORTNAME= gosec DISTVERSIONPREFIX= v DISTVERSION= 2.22.0 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= security devel MAINTAINER= yuri@FreeBSD.org diff --git a/security/govulncheck/Makefile b/security/govulncheck/Makefile index b562e42851f6..2d6e12853b65 100644 --- a/security/govulncheck/Makefile +++ b/security/govulncheck/Makefile @@ -1,7 +1,7 @@ PORTNAME= govulncheck DISTVERSIONPREFIX= v DISTVERSION= 1.1.4 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security MAINTAINER= einar@isnic.is diff --git a/security/headscale/Makefile b/security/headscale/Makefile index acab010c3392..4e09e45bcfe1 100644 --- a/security/headscale/Makefile +++ b/security/headscale/Makefile @@ -1,7 +1,7 @@ PORTNAME= headscale PORTVERSION= 0.26.1 DISTVERSIONPREFIX= v -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security net-vpn MAINTAINER= m.muenz@gmail.com diff --git a/security/hidden-lake/Makefile b/security/hidden-lake/Makefile index 93177dea07a7..f27d4e7524dc 100644 --- a/security/hidden-lake/Makefile +++ b/security/hidden-lake/Makefile @@ -1,6 +1,7 @@ PORTNAME= hidden-lake DISTVERSIONPREFIX= v DISTVERSION= 1.9.1 +PORTREVISION= 1 CATEGORIES= security net-p2p MAINTAINER= alven@FreeBSD.org diff --git a/security/hockeypuck/Makefile b/security/hockeypuck/Makefile index c9b2455cf335..78c3a0535552 100644 --- a/security/hockeypuck/Makefile +++ b/security/hockeypuck/Makefile @@ -1,6 +1,6 @@ PORTNAME= hockeypuck DISTVERSION= 2.2.4 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= me@svmhdvn.name diff --git a/security/honeytrap/Makefile b/security/honeytrap/Makefile index 6a211fe1ed83..8f35bfa91f3c 100644 --- a/security/honeytrap/Makefile +++ b/security/honeytrap/Makefile @@ -1,6 +1,6 @@ PORTNAME= honeytrap DISTVERSION= g20210510 -PORTREVISION= 31 +PORTREVISION= 32 CATEGORIES= security MAINTAINER= ezri.mudde@dutchsec.com diff --git a/security/horcrux/Makefile b/security/horcrux/Makefile index d6c5b9d4c1b1..e7d748774e80 100644 --- a/security/horcrux/Makefile +++ b/security/horcrux/Makefile @@ -1,7 +1,7 @@ PORTNAME= horcrux DISTVERSIONPREFIX= v DISTVERSION= 0.3 -PORTREVISION= 30 +PORTREVISION= 31 CATEGORIES= security MAINTAINER= lcook@FreeBSD.org diff --git a/security/iddawc/Makefile b/security/iddawc/Makefile deleted file mode 100644 index 775eee3530cd..000000000000 --- a/security/iddawc/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -PORTNAME= iddawc -PORTVERSION= 1.1.8 -DISTVERSIONPREFIX= v -CATEGORIES= security - -MAINTAINER= ports@FreeBSD.org -COMMENT= OAuth2/OIDC Client and Relying Party library -WWW= https://babelouest.github.io/iddawc/ \ - https://github.com/babelouest/iddawc - -LICENSE= LGPL21 -LICENSE_FILE= ${WRKSRC}/LICENSE - -DEPRECATED= Upstream repo archived on Nov 11, 2024 -EXPIRATION_DATE=2025-10-13 - -BUILD_DEPENDS= jansson>=2.11:devel/jansson \ - orcania>=2.3.2:devel/orcania \ - rhonabwy>=1.1.10:security/rhonabwy \ - ulfius>=2.7.12:www/ulfius \ - yder>=1.4.14:devel/yder -LIB_DEPENDS= libcurl.so:ftp/curl \ - libgnutls.so:security/gnutls \ - libjansson.so:devel/jansson \ - libmicrohttpd.so:www/libmicrohttpd \ - liborcania.so:devel/orcania \ - librhonabwy.so:security/rhonabwy \ - libulfius.so:www/ulfius \ - libyder.so:devel/yder - -USES= cmake pathfix - -CMAKE_OFF= BUILD_IDDAWC_DOCUMENTATION BUILD_IDDAWC_TESTING BUILD_RPM DOWNLOAD_DEPENDENCIES -CMAKE_ON= BUILD_IDWCC BUILD_STATIC INSTALL_HEADER SEARCH_ORCANIA_I SEARCH_RHONABWY_I SEARCH_ULFIUS_I SEARCH_YDER_I - -PLIST_SUB= PORTVERSION=${PORTVERSION} - -USE_GITHUB= yes -GH_ACCOUNT= babelouest - -post-install: - ${INSTALL_DATA} ${INSTALL_WRKSRC}/libiddawc.a ${STAGEDIR}${PREFIX}/lib/libiddawc.a - -.include <bsd.port.mk> diff --git a/security/iddawc/distinfo b/security/iddawc/distinfo deleted file mode 100644 index 1b99a83fccd6..000000000000 --- a/security/iddawc/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1686496690 -SHA256 (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1e075ffd64b26ab042b571473d4be6d6fcfc11f348b4833c79af52d70573dc59 -SIZE (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1463208 diff --git a/security/iddawc/files/patch-src-iddawc.c b/security/iddawc/files/patch-src-iddawc.c deleted file mode 100644 index 8841b26e2c51..000000000000 --- a/security/iddawc/files/patch-src-iddawc.c +++ /dev/null @@ -1,29 +0,0 @@ ---- src/iddawc.c.orig 2022-12-17 21:23:54 UTC -+++ src/iddawc.c -@@ -4972,7 +4972,7 @@ int i_verify_id_token(struct _i_session * i_session) { - if (alg != GNUTLS_DIG_UNKNOWN) { - hash_data.data = (unsigned char*)i_session->access_token; - hash_data.size = (unsigned int)o_strlen(i_session->access_token); -- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { -+ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { - if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { - if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "at_hash")), hash_encoded_len) != 0) { - y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token at - at_hash invalid"); -@@ -5000,7 +5000,7 @@ int i_verify_id_token(struct _i_session * i_session) { - if (alg != GNUTLS_DIG_UNKNOWN) { - hash_data.data = (unsigned char*)i_session->code; - hash_data.size = (unsigned int)o_strlen(i_session->code); -- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { -+ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { - if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { - if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "c_hash")), hash_encoded_len) != 0) { - y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - c_hash invalid"); -@@ -5028,7 +5028,7 @@ int i_verify_id_token(struct _i_session * i_session) { - if (alg != GNUTLS_DIG_UNKNOWN) { - hash_data.data = (unsigned char*)i_session->state; - hash_data.size = (unsigned int)o_strlen(i_session->state); -- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { -+ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { - if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { - if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "s_hash")), hash_encoded_len) != 0) { - y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - s_hash invalid"); diff --git a/security/iddawc/pkg-descr b/security/iddawc/pkg-descr deleted file mode 100644 index 01bcbdcd4420..000000000000 --- a/security/iddawc/pkg-descr +++ /dev/null @@ -1,23 +0,0 @@ -Iddawc is a C library used to implement OAuth2/OIDC clients according to the -OAuth2 RFC and the OpenID Connect Specs. - -It's based on Ulfius library for the HTTP requests and response management and -Rhonabwy library for the JOSE management. - -Iddawc supports the following features: -- Loading openid-configuration endpoints and parsing the results -- Making auth requests using the given parameters (client_id, client_secret, - redirect_uri, etc.) and parsing the result -- Making token requests using the given parameters (code, client_id, - client_secret, redirect_uri, etc.) and parsing the result -- Making userinfo, token introspection, token revocation requests -- Parse responses, validate id_token -- Registering new clients using the register endpoint if any -- Sending signed and or encrypted requests in the auth and token endpoints -- Client TLS Authentication available -- Making Pushed Auth Requests -- Making Rich Auth Requests -- Adding claims to requests -- Sending DPoP proofs -- JWT Secured Authorization Response Mode -- End session and single-logout functionalities diff --git a/security/iddawc/pkg-plist b/security/iddawc/pkg-plist deleted file mode 100644 index b9afe21892ee..000000000000 --- a/security/iddawc/pkg-plist +++ /dev/null @@ -1,37 +0,0 @@ -bin/idwcc -include/iddawc-cfg.h -include/iddawc.h -lib/libiddawc.a -lib/libiddawc.so -lib/libiddawc.so.1.1 -lib/libiddawc.so.%%PORTVERSION%% -libdata/pkgconfig/libiddawc.pc -share/idwcc/webapp/callback.html -share/idwcc/webapp/css/bootstrap.css -share/idwcc/webapp/css/bootstrap.css.map -share/idwcc/webapp/css/bootstrap.min.css -share/idwcc/webapp/css/bootstrap.min.css.map -share/idwcc/webapp/css/fork-awesome.css -share/idwcc/webapp/css/fork-awesome.min.css -share/idwcc/webapp/css/fork-awesome.min.css.map -share/idwcc/webapp/css/idwcc.css -share/idwcc/webapp/css/v5-compat.css -share/idwcc/webapp/css/v5-compat.min.css -share/idwcc/webapp/css/v5-compat.min.css.map -share/idwcc/webapp/fonts/forkawesome-webfont.eot -share/idwcc/webapp/fonts/forkawesome-webfont.svg -share/idwcc/webapp/fonts/forkawesome-webfont.ttf -share/idwcc/webapp/fonts/forkawesome-webfont.woff -share/idwcc/webapp/fonts/forkawesome-webfont.woff2 -share/idwcc/webapp/index.html -share/idwcc/webapp/js/bootstrap.js -share/idwcc/webapp/js/bootstrap.js.map -share/idwcc/webapp/js/bootstrap.min.js -share/idwcc/webapp/js/bootstrap.min.js.map -share/idwcc/webapp/js/iddwc.js -share/idwcc/webapp/js/jquery.js -share/idwcc/webapp/js/jquery.min.js -share/idwcc/webapp/js/popper.js -share/idwcc/webapp/js/popper.min.js -share/idwcc/webapp/js/qrcode.js -share/man/man1/idwcc.1.gz diff --git a/security/interactsh/Makefile b/security/interactsh/Makefile index 66f4e9e5ecff..ef206d1ed87b 100644 --- a/security/interactsh/Makefile +++ b/security/interactsh/Makefile @@ -1,7 +1,7 @@ PORTNAME= interactsh PORTVERSION= 1.2.4 DISTVERSIONPREFIX= v -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= danilo@FreeBSD.org diff --git a/security/keybase/Makefile b/security/keybase/Makefile index 5803c66ae714..a05b4a0eeb53 100644 --- a/security/keybase/Makefile +++ b/security/keybase/Makefile @@ -1,7 +1,7 @@ PORTNAME= keybase PORTVERSION= 6.5.1 DISTVERSIONPREFIX= v -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= sunpoet@FreeBSD.org diff --git a/security/kpmenu/Makefile b/security/kpmenu/Makefile index b637fbd84129..2b9786443e81 100644 --- a/security/kpmenu/Makefile +++ b/security/kpmenu/Makefile @@ -1,7 +1,7 @@ PORTNAME= kpmenu DISTVERSIONPREFIX= v DISTVERSION= 1.4.1 -PORTREVISION= 31 +PORTREVISION= 32 CATEGORIES= security MAINTAINER= bapt@FreeBSD.org diff --git a/security/lego/Makefile b/security/lego/Makefile index 564a5381054c..808aa37ad2a6 100644 --- a/security/lego/Makefile +++ b/security/lego/Makefile @@ -1,7 +1,7 @@ PORTNAME= lego DISTVERSIONPREFIX= v DISTVERSION= 4.26.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= matt@matthoran.com diff --git a/security/libressl-devel/Makefile b/security/libressl-devel/Makefile index b90c18b1308e..daa464c11003 100644 --- a/security/libressl-devel/Makefile +++ b/security/libressl-devel/Makefile @@ -1,5 +1,5 @@ PORTNAME= libressl -PORTVERSION= 4.1.1 +PORTVERSION= 4.2.0 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL PKGNAMESUFFIX= -devel @@ -50,12 +50,12 @@ LDFLAGS+= -pthread INSTALL_TARGET= install-strip TEST_TARGET= check -PLIST_SUB+= LIBCRYPTO_SHLIBMAJ=56 \ - LIBCRYPTO_SHLIBFULL=56.0.0 \ - LIBSSL_SHLIBMAJ=59 \ - LIBSSL_SHLIBFULL=59.0.1 \ - LIBTLS_SHLIBMAJ=32 \ - LIBTLS_SHLIBFULL=32.0.1 +PLIST_SUB+= LIBCRYPTO_SHLIBMAJ=57 \ + LIBCRYPTO_SHLIBFULL=57.0.1 \ + LIBSSL_SHLIBMAJ=60 \ + LIBSSL_SHLIBFULL=60.0.1 \ + LIBTLS_SHLIBMAJ=33 \ + LIBTLS_SHLIBFULL=33.0.1 post-patch-MAN3-off: ${REINPLACE_CMD} -e '/^install-man:/s/install-man3//' \ diff --git a/security/libressl-devel/distinfo b/security/libressl-devel/distinfo index 62e0fcbe19c7..6971a8021c4e 100644 --- a/security/libressl-devel/distinfo +++ b/security/libressl-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1759303143 -SHA256 (libressl-4.1.1.tar.gz) = c7ff7a7d675d5f57730940e5ccff1dbe2dcd5b7405b5397e0f7ffd66a5ed5679 -SIZE (libressl-4.1.1.tar.gz) = 9202355 +TIMESTAMP = 1760545157 +SHA256 (libressl-4.2.0.tar.gz) = 0f7dba44d7cb8df8d53f2cfbf1955254bc128e0089595f1aba2facfaee8408b2 +SIZE (libressl-4.2.0.tar.gz) = 9147132 diff --git a/security/libressl-devel/pkg-plist b/security/libressl-devel/pkg-plist index c73e0cb9c35a..30505e613b0c 100644 --- a/security/libressl-devel/pkg-plist +++ b/security/libressl-devel/pkg-plist @@ -38,6 +38,7 @@ include/openssl/kdf.h include/openssl/lhash.h include/openssl/md4.h include/openssl/md5.h +include/openssl/mlkem.h include/openssl/modes.h include/openssl/obj_mac.h include/openssl/objects.h diff --git a/security/libressl-devel/version.mk b/security/libressl-devel/version.mk index a43395b52412..2fe40b3646a5 100644 --- a/security/libressl-devel/version.mk +++ b/security/libressl-devel/version.mk @@ -1 +1 @@ -OPENSSL_SHLIBVER?= 56 +OPENSSL_SHLIBVER?= 57 diff --git a/security/libressl/Makefile b/security/libressl/Makefile index 749ae4315dc1..21673f97c719 100644 --- a/security/libressl/Makefile +++ b/security/libressl/Makefile @@ -1,5 +1,5 @@ PORTNAME= libressl -PORTVERSION= 4.1.1 +PORTVERSION= 4.2.0 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL @@ -49,12 +49,12 @@ LDFLAGS+= -pthread INSTALL_TARGET= install-strip TEST_TARGET= check -PLIST_SUB+= LIBCRYPTO_SHLIBMAJ=56 \ - LIBCRYPTO_SHLIBFULL=56.0.0 \ - LIBSSL_SHLIBMAJ=59 \ - LIBSSL_SHLIBFULL=59.0.1 \ - LIBTLS_SHLIBMAJ=32 \ - LIBTLS_SHLIBFULL=32.0.1 +PLIST_SUB+= LIBCRYPTO_SHLIBMAJ=57 \ + LIBCRYPTO_SHLIBFULL=57.0.1 \ + LIBSSL_SHLIBMAJ=60 \ + LIBSSL_SHLIBFULL=60.0.1 \ + LIBTLS_SHLIBMAJ=33 \ + LIBTLS_SHLIBFULL=33.0.1 post-patch-MAN3-off: ${REINPLACE_CMD} -e '/^install-man:/s/install-man3//' \ diff --git a/security/libressl/distinfo b/security/libressl/distinfo index 62e0fcbe19c7..6971a8021c4e 100644 --- a/security/libressl/distinfo +++ b/security/libressl/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1759303143 -SHA256 (libressl-4.1.1.tar.gz) = c7ff7a7d675d5f57730940e5ccff1dbe2dcd5b7405b5397e0f7ffd66a5ed5679 -SIZE (libressl-4.1.1.tar.gz) = 9202355 +TIMESTAMP = 1760545157 +SHA256 (libressl-4.2.0.tar.gz) = 0f7dba44d7cb8df8d53f2cfbf1955254bc128e0089595f1aba2facfaee8408b2 +SIZE (libressl-4.2.0.tar.gz) = 9147132 diff --git a/security/libressl/pkg-plist b/security/libressl/pkg-plist index c73e0cb9c35a..30505e613b0c 100644 --- a/security/libressl/pkg-plist +++ b/security/libressl/pkg-plist @@ -38,6 +38,7 @@ include/openssl/kdf.h include/openssl/lhash.h include/openssl/md4.h include/openssl/md5.h +include/openssl/mlkem.h include/openssl/modes.h include/openssl/obj_mac.h include/openssl/objects.h diff --git a/security/libressl/version.mk b/security/libressl/version.mk index a43395b52412..2fe40b3646a5 100644 --- a/security/libressl/version.mk +++ b/security/libressl/version.mk @@ -1 +1 @@ -OPENSSL_SHLIBVER?= 56 +OPENSSL_SHLIBVER?= 57 diff --git a/security/meek/Makefile b/security/meek/Makefile index ab96c2cfcd53..35db4e3d03ed 100644 --- a/security/meek/Makefile +++ b/security/meek/Makefile @@ -1,7 +1,7 @@ PORTNAME= meek DISTVERSIONPREFIX=v DISTVERSION= 0.37.0 -PORTREVISION= 27 +PORTREVISION= 28 CATEGORIES= security net MAINTAINER= egypcio@FreeBSD.org diff --git a/security/metasploit/Makefile b/security/metasploit/Makefile index 2ba3f1fcb9bb..2e381aaf8e3d 100644 --- a/security/metasploit/Makefile +++ b/security/metasploit/Makefile @@ -1,6 +1,6 @@ PORTNAME= metasploit DISTVERSION= 6.4.58 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= tanawts@gmail.com diff --git a/security/naabu/Makefile b/security/naabu/Makefile index 7c9ddeb69d74..607d0e3dc5e3 100644 --- a/security/naabu/Makefile +++ b/security/naabu/Makefile @@ -1,7 +1,7 @@ PORTNAME= naabu DISTVERSIONPREFIX= v DISTVERSION= 2.3.5 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/nebula/Makefile b/security/nebula/Makefile index 7a59048daf8f..e3c95c2bd43b 100644 --- a/security/nebula/Makefile +++ b/security/nebula/Makefile @@ -1,7 +1,7 @@ PORTNAME= nebula DISTVERSIONPREFIX= v DISTVERSION= 1.8.2 -PORTREVISION= 15 +PORTREVISION= 16 CATEGORIES= security MAINTAINER= ashish@FreeBSD.org diff --git a/security/netbird/Makefile b/security/netbird/Makefile index 5a6e20c2d06d..dcc6ba064fbe 100644 --- a/security/netbird/Makefile +++ b/security/netbird/Makefile @@ -1,6 +1,6 @@ PORTNAME= netbird DISTVERSIONPREFIX= v -DISTVERSION= 0.59.1 +DISTVERSION= 0.59.5 PORTREVISION= 1 CATEGORIES= security net net-vpn diff --git a/security/netbird/distinfo b/security/netbird/distinfo index 6afd5a561327..e9f7354c4e59 100644 --- a/security/netbird/distinfo +++ b/security/netbird/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1759481572 -SHA256 (go/security_netbird/netbird-v0.59.1/v0.59.1.mod) = a930885bdb739be4a2fbbb2a63b86d0b33d3c2897b45d5f391ef1d9d29db5975 -SIZE (go/security_netbird/netbird-v0.59.1/v0.59.1.mod) = 12607 -SHA256 (go/security_netbird/netbird-v0.59.1/v0.59.1.zip) = 0e1eca9e038d7bf1db3bf67b59f3fa58356fb856c1a68c8fa02e8a609bc21f68 -SIZE (go/security_netbird/netbird-v0.59.1/v0.59.1.zip) = 3188357 +TIMESTAMP = 1759443384 +SHA256 (go/security_netbird/netbird-v0.59.5/v0.59.5.mod) = a930885bdb739be4a2fbbb2a63b86d0b33d3c2897b45d5f391ef1d9d29db5975 +SIZE (go/security_netbird/netbird-v0.59.5/v0.59.5.mod) = 12607 +SHA256 (go/security_netbird/netbird-v0.59.5/v0.59.5.zip) = 53bc2ca386490601792871891337e0d7ed73e7a5e96275137cb1c25005b627c2 +SIZE (go/security_netbird/netbird-v0.59.5/v0.59.5.zip) = 3192778 diff --git a/security/nextcloud-end_to_end_encryption/Makefile b/security/nextcloud-end_to_end_encryption/Makefile index fb390e30f5e8..989cdea1c8ce 100644 --- a/security/nextcloud-end_to_end_encryption/Makefile +++ b/security/nextcloud-end_to_end_encryption/Makefile @@ -1,5 +1,5 @@ PORTNAME= end_to_end_encryption -PORTVERSION= 1.17.0 +PORTVERSION= 1.18.0 DISTVERSIONPREFIX= v CATEGORIES= security @@ -9,7 +9,7 @@ WWW= https://apps.nextcloud.com/apps/end_to_end_encryption LICENSE_FILE= ${WRKSRC}/LICENSE -NEXTCLOUD_RUN_DEPENDS= 31 +NEXTCLOUD_RUN_DEPENDS= 32 USES= nextcloud php:flavors diff --git a/security/nextcloud-end_to_end_encryption/distinfo b/security/nextcloud-end_to_end_encryption/distinfo index 7c3128388436..5a29084e41e2 100644 --- a/security/nextcloud-end_to_end_encryption/distinfo +++ b/security/nextcloud-end_to_end_encryption/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1740558340 -SHA256 (nextcloud/end_to_end_encryption-v1.17.0.tar.gz) = 5a88effd4cc34fdbfd6d5682f0aec6a9a4185531381a8446db3b4700b664b4b9 -SIZE (nextcloud/end_to_end_encryption-v1.17.0.tar.gz) = 1864255 +TIMESTAMP = 1760546414 +SHA256 (nextcloud/end_to_end_encryption-v1.18.0.tar.gz) = 3426b9b7e92c6c778184bd18a448c3e26e5d8f4c0040891ce98adea409f4f133 +SIZE (nextcloud/end_to_end_encryption-v1.18.0.tar.gz) = 1899150 diff --git a/security/nuclei/Makefile b/security/nuclei/Makefile index 01cdae0f1324..91bafa59bce5 100644 --- a/security/nuclei/Makefile +++ b/security/nuclei/Makefile @@ -1,7 +1,7 @@ PORTNAME= nuclei DISTVERSIONPREFIX= v DISTVERSION= 3.4.10 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/obfs4proxy-tor/Makefile b/security/obfs4proxy-tor/Makefile index 0bbf97dabe0c..3cbaa640cf54 100644 --- a/security/obfs4proxy-tor/Makefile +++ b/security/obfs4proxy-tor/Makefile @@ -1,6 +1,6 @@ PORTNAME= obfs4proxy DISTVERSION= 0.0.14 -PORTREVISION= 25 +PORTREVISION= 26 CATEGORIES= security net PKGNAMESUFFIX= -tor DISTFILES= ${DISTNAME}${EXTRACT_SUFX} diff --git a/security/onionscan/Makefile b/security/onionscan/Makefile index 404366298a69..56d3dcd53406 100644 --- a/security/onionscan/Makefile +++ b/security/onionscan/Makefile @@ -1,7 +1,7 @@ PORTNAME= onionscan DISTVERSIONPREFIX= OnionScan- DISTVERSION= 0.2 -PORTREVISION= 33 +PORTREVISION= 34 CATEGORIES= security net MAINTAINER= egypcio@FreeBSD.org diff --git a/security/openbao/Makefile b/security/openbao/Makefile index 3acd581d1396..de470b9a559b 100644 --- a/security/openbao/Makefile +++ b/security/openbao/Makefile @@ -1,7 +1,7 @@ PORTNAME= openbao DISTVERSIONPREFIX= v DISTVERSION= 2.4.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES+= https://raw.githubusercontent.com/${PORTNAME}/${PORTNAME}/${DISTVERSIONFULL}/ DISTFILES= go.mod \ diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index a92ec62232d3..f36d91c12c4a 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,6 +1,6 @@ PORTNAME= openssh -DISTVERSION= 10.1p1 -PORTREVISION= 4 +DISTVERSION= 10.2p1 +PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= OPENBSD/OpenSSH/portable @@ -43,7 +43,7 @@ gssapi_PKGNAMESUFFIX= -portable-gssapi OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \ HPN KERB_GSSAPI \ LDNS NONECIPHER XMSS FIDO_U2F BLACKLISTD -OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS FIDO_U2F +OPTIONS_DEFAULT= BLACKLISTD LIBEDIT PAM TCP_WRAPPERS LDNS FIDO_U2F .if ${FLAVOR:U} == hpn OPTIONS_DEFAULT+= HPN NONECIPHER .endif @@ -100,6 +100,14 @@ ETCDIR?= ${PREFIX}/etc/ssh PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex # Must add this patch before HPN due to conflicts +.if !${PORT_OPTIONS:MBLACKLISTD} +. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} +# Needed glue for applying HPN patch without conflict +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-no-blocklistd-hpn-glue +. endif +.endif + +# Must add this patch before HPN due to conflicts .if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi # BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} @@ -108,13 +116,13 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue . endif # - See https://sources.debian.org/data/main/o/openssh/ for which subdir to # pull from. -GSSAPI_DEBIAN_VERSION= 10.1p1 +GSSAPI_DEBIAN_VERSION= 10.2p1 GSSAPI_DEBIAN_SUBDIR= ${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-1 # - Debian does not use a versioned filename so we trick fetch to make one for # us with the ?<anything>=/ trick. PATCH_SITES+= https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex # Bump this when updating the patch location -GSSAPI_DISTVERSION= 10.1p1 +GSSAPI_DISTVERSION= 10.2p1 PATCHFILES+= openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-debian-rh-${GSSAPI_DISTVERSION}.patch:-p1:gsskex EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgssc.c EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgsss.c diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index cef52e80ff85..6aa27b76a8c8 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1759963002 -SHA256 (openssh-10.1p1.tar.gz) = b9fc7a2b82579467a6f2f43e4a81c8e1dfda614ddb4f9b255aafd7020bbf0758 -SIZE (openssh-10.1p1.tar.gz) = 1972831 -SHA256 (openssh-10.1p1-gsskex-all-debian-rh-10.1p1.patch) = b46e798092ea4e0653ea5e124b10a881f58b2e78a16b3e46475c52c39b725874 -SIZE (openssh-10.1p1-gsskex-all-debian-rh-10.1p1.patch) = 126336 +TIMESTAMP = 1760240447 +SHA256 (openssh-10.2p1.tar.gz) = ccc42c0419937959263fa1dbd16dafc18c56b984c03562d2937ce56a60f798b2 +SIZE (openssh-10.2p1.tar.gz) = 1974519 +SHA256 (openssh-10.2p1-gsskex-all-debian-rh-10.2p1.patch) = a02ab012657477a85dc7e4dca90a568ff5f13199221cda888608e9d0290454a0 +SIZE (openssh-10.2p1-gsskex-all-debian-rh-10.2p1.patch) = 126336 diff --git a/security/openssh-portable/files/extra-patch-blacklistd b/security/openssh-portable/files/extra-patch-blacklistd index a7145e42ce9b..3118103c5d74 100644 --- a/security/openssh-portable/files/extra-patch-blacklistd +++ b/security/openssh-portable/files/extra-patch-blacklistd @@ -1,9 +1,80 @@ ---- blacklist.c.orig 2021-04-28 13:37:52.679784000 -0700 -+++ blacklist.c 2021-04-28 13:56:45.677805000 -0700 -@@ -0,0 +1,92 @@ +--- Makefile.in.orig 2025-10-02 12:00:00.000000000 ++++ Makefile.in 2025-10-02 12:00:00.000000000 +@@ -208,6 +208,8 @@ + FIXPATHSCMD = $(SED) $(PATHSUBS) + FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \ + @UNSUPPORTED_ALGORITHMS@ ++ ++LIBSSH_OBJS+= blacklist.o + + all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) + +--- auth-pam.c.orig 2025-10-02 12:00:00.000000000 ++++ auth-pam.c 2025-10-02 12:00:00.000000000 +@@ -101,6 +101,7 @@ + #endif + #include "monitor_wrap.h" + #include "srclimit.h" ++#include "blacklist_client.h" + + extern ServerOptions options; + extern struct sshbuf *loginmsg; +@@ -936,6 +937,8 @@ + sshbuf_free(buffer); + return (0); + } ++ BLACKLIST_NOTIFY(NULL, BLACKLIST_AUTH_FAIL, ++ "PAM illegal user"); + error("PAM: %s for %s%.100s from %.100s", msg, + sshpam_authctxt->valid ? "" : "illegal user ", + sshpam_authctxt->user, sshpam_rhost); +--- auth.c.orig 2025-10-02 12:00:00.000000000 ++++ auth.c 2025-10-02 12:00:00.000000000 +@@ -75,6 +75,7 @@ + #include "monitor_wrap.h" + #include "ssherr.h" + #include "channels.h" ++#include "blacklist_client.h" + + /* import */ + extern ServerOptions options; +@@ -285,8 +286,12 @@ + authmsg = "Postponed"; + else if (partial) + authmsg = "Partial"; +- else ++ else { + authmsg = authenticated ? "Accepted" : "Failed"; ++ if (authenticated) ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_OK, ++ "Authenticated"); ++ } + + if ((extra = format_method_key(authctxt)) == NULL) { + if (authctxt->auth_method_info != NULL) +@@ -334,6 +339,7 @@ + { + Authctxt *authctxt = (Authctxt *)ssh->authctxt; + ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Maximum attempts exceeded"); + error("maximum authentication attempts exceeded for " + "%s%.100s from %.200s port %d ssh2", + authctxt->valid ? "" : "invalid user ", +@@ -494,6 +500,8 @@ + aix_restoreauthdb(); + #endif + if (pw == NULL) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, ++ "Invalid user"); + logit("Invalid user %.100s from %.100s port %d", + user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + #ifdef CUSTOM_FAILED_LOGIN +--- blacklist.c.orig 2025-10-02 12:00:00.000000000 ++++ blacklist.c 2025-10-02 12:00:00.000000000 +@@ -0,0 +1,97 @@ +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. -+ * Copyright (c) 2016 The FreeBSD Foundation, Inc. ++ * Copyright (c) 2016 The FreeBSD Foundation + * All rights reserved. + * + * Portions of this software were developed by Kurt Lidl @@ -48,11 +119,15 @@ +#include "packet.h" +#include "log.h" +#include "misc.h" ++#include "servconf.h" +#include <blacklist.h> +#include "blacklist_client.h" + +static struct blacklist *blstate = NULL; + ++/* import */ ++extern ServerOptions options; ++ +/* internal definition from bl.h */ +struct blacklist *bl_create(bool, char *, void (*)(int, const char *, va_list)); + @@ -82,23 +157,24 @@ +blacklist_init(void) +{ + -+ blstate = bl_create(false, NULL, im_log); ++ if (options.use_blacklist) ++ blstate = bl_create(false, NULL, im_log); +} + +void -+blacklist_notify(int action, struct ssh *ssh, const char *msg) ++blacklist_notify(struct ssh *ssh, int action, const char *msg) +{ + + if (blstate != NULL && ssh_packet_connection_is_on_socket(ssh)) + (void)blacklist_r(blstate, action, + ssh_packet_get_connection_in(ssh), msg); +} ---- blacklist_client.h.orig 2020-11-16 16:45:22.823087000 -0800 -+++ blacklist_client.h 2020-11-16 16:45:09.761962000 -0800 +--- blacklist_client.h.orig 2025-10-02 12:00:00.000000000 ++++ blacklist_client.h 2025-10-02 12:00:00.000000000 @@ -0,0 +1,61 @@ +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. -+ * Copyright (c) 2016 The FreeBSD Foundation, Inc. ++ * Copyright (c) 2016 The FreeBSD Foundation + * All rights reserved. + * + * Portions of this software were developed by Kurt Lidl @@ -143,23 +219,62 @@ + +#ifdef USE_BLACKLIST +void blacklist_init(void); -+void blacklist_notify(int, struct ssh *, const char *); ++void blacklist_notify(struct ssh *, int, const char *); + +#define BLACKLIST_INIT() blacklist_init() -+#define BLACKLIST_NOTIFY(x, ssh, msg) blacklist_notify(x, ssh, msg) ++#define BLACKLIST_NOTIFY(ssh,x,msg) blacklist_notify(ssh,x,msg) + +#else + +#define BLACKLIST_INIT() -+#define BLACKLIST_NOTIFY(x, ssh, msg) ++#define BLACKLIST_NOTIFY(ssh,x,msg) + +#endif + + +#endif /* BLACKLIST_CLIENT_H */ ---- servconf.c.orig 2021-04-15 20:55:25.000000000 -0700 -+++ servconf.c 2021-04-28 13:36:19.591999000 -0700 -@@ -172,6 +172,7 @@ initialize_server_options(ServerOptions *options) +--- monitor.c.orig 2025-10-02 12:00:00.000000000 ++++ monitor.c 2025-10-02 12:00:00.000000000 +@@ -85,6 +85,8 @@ + #include "misc.h" + #include "servconf.h" + #include "monitor.h" ++#include "blacklist_client.h" ++ + #ifdef GSSAPI + #include "ssh-gss.h" + #endif +@@ -353,16 +355,24 @@ + } + } + if (authctxt->failures > options.max_authtries) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, ++ "Too many authentication attempts"); + /* Shouldn't happen */ + fatal_f("privsep child made too many authentication " + "attempts"); + } + } + +- if (!authctxt->valid) +- fatal_f("authenticated invalid user"); +- if (strcmp(auth_method, "unknown") == 0) ++ if (!authctxt->valid) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, ++ "Authenticated invalid user"); ++ fatal_f("authenticated invalid user"); ++ } ++ if (strcmp(auth_method, "unknown") == 0) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, ++ "Authentication method name unknown"); + fatal_f("authentication method name unknown"); ++ } + + debug_f("user %s authenticated by privileged process", authctxt->user); + auth_attempted = 0; +--- servconf.c.orig 2025-10-02 12:00:00.000000000 ++++ servconf.c 2025-10-02 12:00:00.000000000 +@@ -186,6 +186,7 @@ options->max_sessions = -1; options->banner = NULL; options->use_dns = -1; @@ -167,7 +282,7 @@ options->client_alive_interval = -1; options->client_alive_count_max = -1; options->num_authkeys_files = 0; -@@ -410,6 +411,8 @@ fill_default_server_options(ServerOptions *options) +@@ -455,6 +456,8 @@ options->max_sessions = DEFAULT_SESSIONS_MAX; if (options->use_dns == -1) options->use_dns = 0; @@ -176,15 +291,15 @@ if (options->client_alive_interval == -1) options->client_alive_interval = 0; if (options->client_alive_count_max == -1) -@@ -506,6 +509,7 @@ typedef enum { +@@ -563,6 +566,7 @@ sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms, sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, sBanner, sUseDNS, sHostbasedAuthentication, + sUseBlacklist, sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms, sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize, - sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, -@@ -642,6 +646,8 @@ static struct { + sPerSourcePenalties, sPerSourcePenaltyExemptList, +@@ -706,6 +710,8 @@ { "maxsessions", sMaxSessions, SSHCFG_ALL }, { "banner", sBanner, SSHCFG_ALL }, { "usedns", sUseDNS, SSHCFG_GLOBAL }, @@ -193,7 +308,7 @@ { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, -@@ -1692,6 +1698,10 @@ process_server_config_line_depth(ServerOptions *option +@@ -1788,6 +1794,10 @@ intptr = &options->use_dns; goto parse_flag; @@ -203,8 +318,8 @@ + case sLogFacility: log_facility_ptr = &options->log_facility; - arg = strdelim(&cp); -@@ -2872,6 +2882,7 @@ dump_config(ServerOptions *o) + arg = argv_next(&ac, &av); +@@ -3276,6 +3286,7 @@ dump_cfg_fmtint(sCompression, o->compression); dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); dump_cfg_fmtint(sUseDNS, o->use_dns); @@ -212,9 +327,9 @@ dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); ---- servconf.h.orig 2020-11-16 15:51:00.752090000 -0800 -+++ servconf.h 2020-11-16 15:51:02.962173000 -0800 -@@ -179,6 +179,7 @@ typedef struct { +--- servconf.h.orig 2025-10-02 12:00:00.000000000 ++++ servconf.h 2025-10-02 12:00:00.000000000 +@@ -195,6 +195,7 @@ int max_sessions; char *banner; /* SSH-2 banner message */ int use_dns; @@ -222,150 +337,61 @@ int client_alive_interval; /* * poke the client this often to * see if it's still there ---- auth-pam.c.orig 2020-11-16 15:52:45.816578000 -0800 -+++ auth-pam.c 2020-11-16 15:54:19.796583000 -0800 -@@ -105,6 +105,7 @@ extern char *__progname; - #include "ssh-gss.h" - #endif - #include "monitor_wrap.h" -+#include "blacklist_client.h" - - extern ServerOptions options; - extern struct sshbuf *loginmsg; -@@ -916,6 +917,10 @@ sshpam_query(void *ctx, char **name, char **info, - sshbuf_free(buffer); - return (0); - } -+ /* XXX: ssh context unavailable here, unclear if this is even needed. -+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, -+ the_active_state, sshpam_authctxt->user); -+ */ - error("PAM: %s for %s%.100s from %.100s", msg, - sshpam_authctxt->valid ? "" : "illegal user ", - sshpam_authctxt->user, sshpam_rhost); ---- auth.c.orig 2020-11-16 15:52:45.824171000 -0800 -+++ auth.c 2020-11-16 15:57:51.091969000 -0800 -@@ -76,6 +76,7 @@ - #include "ssherr.h" - #include "compat.h" - #include "channels.h" -+#include "blacklist_client.h" - - /* import */ - extern ServerOptions options; -@@ -331,8 +332,11 @@ auth_log(struct ssh *ssh, int authenticated, int parti - authmsg = "Postponed"; - else if (partial) - authmsg = "Partial"; -- else -+ else { - authmsg = authenticated ? "Accepted" : "Failed"; -+ if (authenticated) -+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, ssh, "ssh"); -+ } - - if ((extra = format_method_key(authctxt)) == NULL) { - if (authctxt->auth_method_info != NULL) -@@ -586,6 +590,7 @@ getpwnamallow(struct ssh *ssh, const char *user) - aix_restoreauthdb(); - #endif - if (pw == NULL) { -+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, ssh, user); - logit("Invalid user %.100s from %.100s port %d", - user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); - #ifdef CUSTOM_FAILED_LOGIN ---- auth2.c.orig 2020-11-16 17:10:36.772062000 -0800 -+++ auth2.c 2020-11-16 17:12:04.852943000 -0800 -@@ -58,6 +58,7 @@ - #include "monitor_wrap.h" - #include "digest.h" - #include "kex.h" -+#include "blacklist_client.h" - - /* import */ - extern ServerOptions options; -@@ -295,6 +296,7 @@ input_userauth_request(int type, u_int32_t seq, struct - } else { - /* Invalid user, fake password information */ - authctxt->pw = fakepw(); -+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, ssh, "ssh"); - #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(ssh, SSH_INVALID_USER)); - #endif -@@ -448,8 +450,10 @@ userauth_finish(struct ssh *ssh, int authenticated, co - } else { - /* Allow initial try of "none" auth without failure penalty */ - if (!partial && !authctxt->server_caused_failure && -- (authctxt->attempt > 1 || strcmp(method, "none") != 0)) -+ (authctxt->attempt > 1 || strcmp(method, "none") != 0)) { - authctxt->failures++; -+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh"); -+ } - if (authctxt->failures >= options.max_authtries) { - #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES)); ---- packet.c.orig 2020-11-16 15:52:45.839070000 -0800 -+++ packet.c 2020-11-16 15:56:09.285418000 -0800 -@@ -96,6 +96,7 @@ - #include "packet.h" - #include "ssherr.h" - #include "sshbuf.h" -+#include "blacklist_client.h" - - #ifdef PACKET_DEBUG - #define DBG(x) x -@@ -1882,6 +1883,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, - case SSH_ERR_NO_KEX_ALG_MATCH: - case SSH_ERR_NO_HOSTKEY_ALG_MATCH: - if (ssh->kex && ssh->kex->failed_choice) { -+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh"); - ssh_packet_clear_keys(ssh); - errno = oerrno; - logdie("Unable to negotiate with %s: %s. " ---- sshd.c.orig 2021-08-19 21:03:49.000000000 -0700 -+++ sshd.c 2021-09-10 10:37:17.926747000 -0700 -@@ -123,6 +123,7 @@ - #include "version.h" - #include "ssherr.h" +--- sshd-session.c.orig 2025-10-02 12:00:00.000000000 ++++ sshd-session.c 2025-10-02 12:00:00.000000000 +@@ -108,6 +108,7 @@ #include "sk-api.h" -+#include "blacklist_client.h" #include "srclimit.h" #include "dh.h" ++#include "blacklist_client.h" -@@ -2225,6 +2228,9 @@ main(int ac, char **av) - if ((loginmsg = sshbuf_new()) == NULL) - fatal_f("sshbuf_new failed"); - auth_debug_reset(); + #ifdef LIBWRAP + #include <tcpd.h> +@@ -223,6 +224,8 @@ + static void + grace_alarm_handler(int sig) + { ++ BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, ++ "Grace period expired"); + /* + * Try to kill any processes that we have spawned, E.g. authorized + * keys command helpers or privsep children. +@@ -1206,6 +1209,8 @@ + ssh_signal(SIGQUIT, SIG_DFL); + ssh_signal(SIGCHLD, SIG_DFL); + ssh_signal(SIGINT, SIG_DFL); + -+ if (options.use_blacklist) -+ BLACKLIST_INIT(); ++ BLACKLIST_INIT(); - if (use_privsep) { - if (privsep_preauth(ssh) == 1) ---- Makefile.in.orig 2022-10-03 07:51:42.000000000 -0700 -+++ Makefile.in 2022-10-09 10:50:06.401377000 -0700 -@@ -185,6 +185,8 @@ FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(S - FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \ - @UNSUPPORTED_ALGORITHMS@ + /* + * Register our connection. This turns encryption off because we do +@@ -1297,8 +1302,10 @@ + } -+LIBSSH_OBJS+= blacklist.o -+ - all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) + if ((r = kex_exchange_identification(ssh, -1, +- options.version_addendum)) != 0) ++ options.version_addendum)) != 0) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange"); + sshpkt_fatal(ssh, r, "banner exchange"); ++ } - $(LIBSSH_OBJS): Makefile.in config.h ---- sshd_config.orig 2020-11-16 16:57:14.276036000 -0800 -+++ sshd_config 2020-11-16 16:57:42.183846000 -0800 -@@ -94,6 +94,7 @@ - #PrintLastLog yes - #TCPKeepAlive yes - #PermitUserEnvironment no -+#UseBlacklist no - #Compression delayed - #ClientAliveInterval 0 - #ClientAliveCountMax 3 ---- sshd_config.5.orig 2023-12-18 15:59:50.000000000 +0100 -+++ sshd_config.5 2024-01-06 16:36:17.025742000 +0100 -@@ -1855,6 +1855,20 @@ This option may be useful in conjunction with + ssh_packet_set_nonblocking(ssh); + +@@ -1443,7 +1450,10 @@ + audit_event(the_active_state, SSH_CONNECTION_ABANDON); + #endif + /* Override default fatal exit value when auth was attempted */ +- if (i == 255 && auth_attempted) ++ if (i == 255 && auth_attempted) { ++ BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, ++ "Fatal exit"); + _exit(EXIT_AUTH_ATTEMPTED); ++ } + _exit(i); + } +--- sshd_config.5.orig 2025-10-02 12:00:00.000000000 ++++ sshd_config.5 2025-10-02 12:00:00.000000000 +@@ -2009,6 +2009,20 @@ is to never expire connections for having no open channels. This option may be useful in conjunction with .Cm ChannelTimeout . @@ -386,34 +412,13 @@ .It Cm UseDNS Specifies whether .Xr sshd 8 ---- monitor.c.orig 2020-11-16 17:24:03.457283000 -0800 -+++ monitor.c 2020-11-16 17:25:57.642510000 -0800 -@@ -96,6 +96,7 @@ - #include "match.h" - #include "ssherr.h" - #include "sk-api.h" -+#include "blacklist_client.h" +--- sshd_config.orig 2025-10-02 12:00:00.000000000 ++++ sshd_config 2025-10-02 12:00:00.000000000 +@@ -102,6 +102,7 @@ + #MaxStartups 10:30:100 + #PermitTunnel no + #ChrootDirectory none ++#UseBlacklist no + #VersionAddendum none - #ifdef GSSAPI - static Gssctxt *gsscontext = NULL; -@@ -342,8 +343,11 @@ monitor_child_preauth(struct ssh *ssh, struct monitor - if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { - auth_log(ssh, authenticated, partial, - auth_method, auth_submethod); -- if (!partial && !authenticated) -+ if (!partial && !authenticated) { - authctxt->failures++; -+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, -+ ssh, "ssh"); -+ } - if (authenticated || partial) { - auth2_update_session_info(authctxt, - auth_method, auth_submethod); -@@ -1228,6 +1232,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct - } else { - /* Log failed attempt */ - auth_log(ssh, 0, 0, auth_method, NULL); -+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh"); - free(cuser); - free(chost); - } + # no default banner path diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn index 412cc576fb7c..a4df93cc2186 100644 --- a/security/openssh-portable/files/extra-patch-hpn +++ b/security/openssh-portable/files/extra-patch-hpn @@ -1233,17 +1233,17 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o /* * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. We don't ---- work.clean/openssh-9.8p1/sshd-session.c.orig 2024-07-01 13:54:25.745441000 -0700 -+++ work/openssh-9.8p1/sshd-session.c 2024-07-01 13:54:57.335695000 -0700 -@@ -1305,7 +1305,7 @@ main(int ac, char **av) - alarm(options.login_grace_time); +--- work/openssh/sshd-session.c.orig 2025-10-11 10:19:18.935826000 -0700 ++++ work/openssh/sshd-session.c 2025-10-11 10:20:11.460279000 -0700 +@@ -1281,7 +1281,7 @@ main(int ac, char **av) + } if ((r = kex_exchange_identification(ssh, -1, -- options.version_addendum)) != 0) -+ options.version_addendum, options.hpn_disabled)) != 0) +- options.version_addendum)) != 0) { ++ options.version_addendum, options.hpn_disabled)) != 0) { + BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange"); sshpkt_fatal(ssh, r, "banner exchange"); - - ssh_packet_set_nonblocking(ssh); + } --- work.clean/openssh-6.8p1/sshd_config 2015-04-01 22:07:18.248858000 -0500 +++ work/openssh-6.8p1/sshd_config 2015-04-01 22:16:49.932279000 -0500 @@ -111,6 +111,20 @@ AuthorizedKeysFile .ssh/authorized_keys diff --git a/security/openssh-portable/files/extra-patch-no-blocklistd-hpn-glue b/security/openssh-portable/files/extra-patch-no-blocklistd-hpn-glue new file mode 100644 index 000000000000..1059f57cc88b --- /dev/null +++ b/security/openssh-portable/files/extra-patch-no-blocklistd-hpn-glue @@ -0,0 +1,27 @@ +--- sshd-session.c.orig 2025-10-11 10:16:00.048273000 -0700 ++++ sshd-session.c 2025-10-11 10:16:02.937735000 -0700 +@@ -149,6 +149,12 @@ static int have_agent = 0; + /* Daemon's agent connection */ + int auth_sock = -1; + static int have_agent = 0; ++ ++/* ++ * This is compiled WITHOUT blocklistd support. This is done for patch ++ * glue in ports. ++ */ ++#define BLACKLIST_NOTIFY(...) + + /* + * Any really sensitive data in the application is contained in this +@@ -1275,8 +1281,10 @@ main(int ac, char **av) + } + + if ((r = kex_exchange_identification(ssh, -1, +- options.version_addendum)) != 0) ++ options.version_addendum)) != 0) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange"); + sshpkt_fatal(ssh, r, "banner exchange"); ++ } + + ssh_packet_set_nonblocking(ssh); + diff --git a/security/openssh-portable/files/patch-upstream-beae06f56e0d0a66ca535896149d5fb0b2e8a1b4 b/security/openssh-portable/files/patch-upstream-beae06f56e0d0a66ca535896149d5fb0b2e8a1b4 deleted file mode 100644 index e9cb994331ab..000000000000 --- a/security/openssh-portable/files/patch-upstream-beae06f56e0d0a66ca535896149d5fb0b2e8a1b4 +++ /dev/null @@ -1,73 +0,0 @@ -From beae06f56e0d0a66ca535896149d5fb0b2e8a1b4 Mon Sep 17 00:00:00 2001 -From: "djm@openbsd.org" <djm@openbsd.org> -Date: Tue, 7 Oct 2025 08:02:32 +0000 -Subject: [PATCH] upstream: don't reuse c->isatty for signalling that the - remote channel - -has a tty attached as this causes side effects, e.g. in channel_handle_rfd(). -bz3872 - -ok markus@ - -OpenBSD-Commit-ID: 4cd8a9f641498ca6089442e59bad0fd3dcbe85f8 ---- - channels.c | 9 +++++---- - channels.h | 3 ++- - 2 files changed, 7 insertions(+), 5 deletions(-) - -diff --git a/channels.c b/channels.c -index f1d7bcf345b..80014ff341f 100644 ---- channels.c -+++ channels.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: channels.c,v 1.451 2025/09/25 06:33:19 djm Exp $ */ -+/* $OpenBSD: channels.c,v 1.452 2025/10/07 08:02:32 djm Exp $ */ - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> - * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -@@ -362,7 +362,7 @@ channel_classify(struct ssh *ssh, Channel *c) - { - struct ssh_channels *sc = ssh->chanctxt; - const char *type = c->xctype == NULL ? c->ctype : c->xctype; -- const char *classifier = c->isatty ? -+ const char *classifier = (c->isatty || c->remote_has_tty) ? - sc->bulk_classifier_tty : sc->bulk_classifier_notty; - - c->bulk = type != NULL && match_pattern_list(type, classifier, 0) == 1; -@@ -566,7 +566,7 @@ channel_new(struct ssh *ssh, char *ctype, int type, int rfd, int wfd, int efd, - void - channel_set_tty(struct ssh *ssh, Channel *c) - { -- c->isatty = 1; -+ c->remote_has_tty = 1; - channel_classify(ssh, c); - } - -@@ -1078,7 +1078,8 @@ channel_format_status(const Channel *c) - c->rfd, c->wfd, c->efd, c->sock, c->ctl_chan, - c->have_ctl_child_id ? "c" : "nc", c->ctl_child_id, - c->io_want, c->io_ready, -- c->isatty ? "T" : "", c->bulk ? "B" : "I"); -+ c->isatty ? "T" : (c->remote_has_tty ? "RT" : ""), -+ c->bulk ? "B" : "I"); - return ret; - } - -diff --git a/channels.h b/channels.h -index df7c7f364d2..7456541f8ce 100644 ---- channels.h -+++ channels.h -@@ -1,4 +1,4 @@ --/* $OpenBSD: channels.h,v 1.161 2025/09/25 06:33:19 djm Exp $ */ -+/* $OpenBSD: channels.h,v 1.162 2025/10/07 08:02:32 djm Exp $ */ - - /* - * Author: Tatu Ylonen <ylo@cs.hut.fi> -@@ -145,6 +145,7 @@ struct Channel { - int ctl_chan; /* control channel (multiplexed connections) */ - uint32_t ctl_child_id; /* child session for mux controllers */ - int have_ctl_child_id;/* non-zero if ctl_child_id is valid */ -+ int remote_has_tty; /* remote side has a tty */ - int isatty; /* rfd is a tty */ - #ifdef _AIX - int wfd_isatty; /* wfd is a tty */ diff --git a/security/openvpn-auth-oauth2/Makefile b/security/openvpn-auth-oauth2/Makefile index 6ab27def53ee..97c937182e56 100644 --- a/security/openvpn-auth-oauth2/Makefile +++ b/security/openvpn-auth-oauth2/Makefile @@ -1,7 +1,7 @@ PORTNAME= openvpn-auth-oauth2 DISTVERSIONPREFIX= v -DISTVERSION= 1.25.2 -PORTREVISION= 2 +DISTVERSION= 1.26.2 +PORTREVISION= 1 CATEGORIES= security net net-vpn MAINTAINER= otis@FreeBSD.org @@ -13,7 +13,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE.txt EXTRACT_DEPENDS= ${BUILD_DEPENDS} -USES= go:1.24,modules +USES= go:1.25,modules GO_MODULE= github.com/jkroepke/openvpn-auth-oauth2 diff --git a/security/openvpn-auth-oauth2/distinfo b/security/openvpn-auth-oauth2/distinfo index ef958b0b6d12..042c291b8b1d 100644 --- a/security/openvpn-auth-oauth2/distinfo +++ b/security/openvpn-auth-oauth2/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1754885003 -SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.mod) = d0f750c04d64d7442d246f72b825d2f9fc0ed4210e066ea5f6787b9eb877f963 -SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.mod) = 1370 -SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.zip) = 0ac1f121f8eb6842a65e67e4b2a16a52c6c2f2cc068e79b06a5f90b04cce0a4e -SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.zip) = 1875487 +TIMESTAMP = 1760253375 +SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.mod) = b747b6a37a8a76572f0004a79fdcc9af49cea7b27ef60c6b153846d7309bea76 +SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.mod) = 1322 +SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.zip) = d7bbd034cbaa7e950c134f9157adee1da7d7609ac33c5e0e67b2578904430ddd +SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.zip) = 1879603 diff --git a/security/osv-scanner/Makefile b/security/osv-scanner/Makefile index 9b06f22a5f85..2141caa8f196 100644 --- a/security/osv-scanner/Makefile +++ b/security/osv-scanner/Makefile @@ -1,7 +1,7 @@ PORTNAME= osv-scanner DISTVERSIONPREFIX= v DISTVERSION= 2.2.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/picocrypt/Makefile b/security/picocrypt/Makefile index bf7e2e5aa02e..e71725cab095 100644 --- a/security/picocrypt/Makefile +++ b/security/picocrypt/Makefile @@ -1,6 +1,6 @@ PORTNAME= picocrypt DISTVERSION= 1.49 # Missing modules.txt, generate one with `go mod vendor` and place it in ${FILESDIR} -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= eduardo@FreeBSD.org diff --git a/security/pwdsafety/Makefile b/security/pwdsafety/Makefile index 62312c543172..857214ea0ef9 100644 --- a/security/pwdsafety/Makefile +++ b/security/pwdsafety/Makefile @@ -1,7 +1,7 @@ PORTNAME= pwdsafety DISTVERSIONPREFIX= v DISTVERSION= 0.4.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= olgeni@FreeBSD.org diff --git a/security/py-asyncssh/Makefile b/security/py-asyncssh/Makefile index 787379fb0a79..27f7b57403aa 100644 --- a/security/py-asyncssh/Makefile +++ b/security/py-asyncssh/Makefile @@ -1,5 +1,5 @@ PORTNAME= asyncssh -PORTVERSION= 2.21.0 +PORTVERSION= 2.21.1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -32,7 +32,7 @@ PKCS11_DESC= PKCS \#11 support PYOPENSSL_DESC= X.509 certificate authentication BCRYPT_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}bcrypt>=3.1.3:security/py-bcrypt@${PY_FLAVOR} -FIDO2_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}fido2>=0.9.2:security/py-fido2@${PY_FLAVOR} +FIDO2_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}fido2>=2:security/py-fido2@${PY_FLAVOR} GSSAPI_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}gssapi>=1.2.0:security/py-gssapi@${PY_FLAVOR} LIBNACL_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}libnacl>=1.4.2:security/py-libnacl@${PY_FLAVOR} PKCS11_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}python-pkcs11>=0.7.0:security/py-python-pkcs11@${PY_FLAVOR} diff --git a/security/py-asyncssh/distinfo b/security/py-asyncssh/distinfo index 6f759f3fb528..d5154bcec3ab 100644 --- a/security/py-asyncssh/distinfo +++ b/security/py-asyncssh/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1747546578 -SHA256 (asyncssh-2.21.0.tar.gz) = 450fe13bb8d86a8f4e7d7b5fafce7791181ca3e7c92e15bbc45dfb25866e48b3 -SIZE (asyncssh-2.21.0.tar.gz) = 539740 +TIMESTAMP = 1759816710 +SHA256 (asyncssh-2.21.1.tar.gz) = 9943802955e2131536c2b1e71aacc68f56973a399937ed0b725086d7461c990c +SIZE (asyncssh-2.21.1.tar.gz) = 540515 diff --git a/security/py-asyncssh/files/patch-fido2 b/security/py-asyncssh/files/patch-fido2 new file mode 100644 index 000000000000..d8b9c8387a67 --- /dev/null +++ b/security/py-asyncssh/files/patch-fido2 @@ -0,0 +1,161 @@ +Obtained from: https://github.com/ronf/asyncssh/commit/b9e58a3914c7d1df7f2c096e8c1c0220799e247f + +--- asyncssh/sk.py.orig 2025-08-23 02:54:29 UTC ++++ asyncssh/sk.py +@@ -128,7 +128,9 @@ def _win_enroll(alg: int, application: str, user: str) + def _win_enroll(alg: int, application: str, user: str) -> Tuple[bytes, bytes]: + """Enroll a new security key using Windows WebAuthn API""" + +- client = WindowsClient(application, verify=_verify_rp_id) ++ data_collector = DefaultClientDataCollector(origin=application, ++ verify=_verify_rp_id) ++ client = WindowsClient(data_collector) + + rp = {'id': application, 'name': application} + user_cred = {'id': user.encode('utf-8'), 'name': user} +@@ -137,7 +139,8 @@ def _win_enroll(alg: int, application: str, user: str) + 'pubKeyCredParams': key_params} + + result = client.make_credential(options) +- cdata = result.attestation_object.auth_data.credential_data ++ response = result.response ++ cdata = response.attestation_object.auth_data.credential_data + + # pylint: disable=no-member + return _decode_public_key(alg, cdata.public_key), cdata.credential_id +@@ -188,17 +191,20 @@ def _win_sign(data: bytes, application: str, + key_handle: bytes) -> Tuple[int, int, bytes, bytes]: + """Sign a message with a security key using Windows WebAuthn API""" + +- client = WindowsClient(application, verify=_verify_rp_id) ++ data_collector = DefaultClientDataCollector(origin=application, ++ verify=_verify_rp_id) ++ client = WindowsClient(data_collector) + + creds = [{'type': 'public-key', 'id': key_handle}] + options = {'challenge': data, 'rpId': application, + 'allowCredentials': creds} + + result = client.get_assertion(options).get_response(0) +- auth_data = result.authenticator_data ++ response = result.response ++ auth_data = response.authenticator_data + + return auth_data.flags, auth_data.counter, \ +- result.signature, bytes(result.client_data) ++ response.signature, bytes(response.client_data) + + + def sk_webauthn_prefix(data: bytes, application: str) -> bytes: +@@ -327,7 +333,7 @@ try: + + + try: +- from fido2.client import WindowsClient ++ from fido2.client import DefaultClientDataCollector + from fido2.ctap import CtapError + from fido2.ctap1 import Ctap1, APDU, ApduError + from fido2.ctap2 import Ctap2, ClientPin, PinProtocolV1 +@@ -335,13 +341,8 @@ try: + from fido2.hid import CtapHidDevice + + sk_available = True +- +- sk_use_webauthn = WindowsClient.is_available() and \ +- hasattr(ctypes, 'windll') and \ +- not ctypes.windll.shell32.IsUserAnAdmin() + except (ImportError, OSError, AttributeError): # pragma: no cover + sk_available = False +- sk_use_webauthn = False + + def _sk_not_available(*args: object, **kwargs: object) -> NoReturn: + """Report that security key support is unavailable""" +@@ -351,3 +352,13 @@ except (ImportError, OSError, AttributeError): # pragm + sk_enroll = _sk_not_available + sk_sign = _sk_not_available + sk_get_resident = _sk_not_available ++ ++try: ++ from fido2.client.windows import WindowsClient ++ ++ sk_use_webauthn = WindowsClient.is_available() and \ ++ hasattr(ctypes, 'windll') and \ ++ not ctypes.windll.shell32.IsUserAnAdmin() ++except ImportError: ++ WindowsClient = None ++ sk_use_webauthn = False +--- pyproject.toml.orig 2025-09-28 13:31:10 UTC ++++ pyproject.toml +@@ -35,7 +35,7 @@ bcrypt = ['bcrypt >= 3.1.3'] + + [project.optional-dependencies] + bcrypt = ['bcrypt >= 3.1.3'] +-fido2 = ['fido2 >= 0.9.2, < 2'] ++fido2 = ['fido2 >= 2'] + gssapi = ['gssapi >= 1.2.0'] + libnacl = ['libnacl >= 1.4.2'] + pkcs11 = ['python-pkcs11 >= 0.7.0'] +--- tests/sk_stub.py.orig 2025-05-29 03:09:38 UTC ++++ tests/sk_stub.py +@@ -93,6 +93,13 @@ class _AttestationResponse: + self.attestation_object = attestation_object + + ++class _RegistrationResponse: ++ """Security key registration response""" ++ ++ def __init__(self, attestation_response): ++ self.response = attestation_response ++ ++ + class _AuthenticatorData: + """Security key authenticator data in aseertion""" + +@@ -110,6 +117,13 @@ class _AssertionResponse: + self.signature = signature + + ++class _AuthenticationResponse: ++ """Security key authentication response""" ++ ++ def __init__(self, response): ++ self.response = response ++ ++ + class _AssertionSelection: + """Security key assertion response list""" + +@@ -261,9 +275,9 @@ class WindowsClient(_CtapStub): + class WindowsClient(_CtapStub): + """Stub for unit testing U2F security keys via Windows WebAuthn""" + +- def __init__(self, origin, verify): +- self._origin = origin +- self._verify = verify ++ def __init__(self, data_collector): ++ self._origin = data_collector._origin ++ self._verify = data_collector._verify + + def make_credential(self, options): + """Make a credential using Windows WebAuthN API""" +@@ -275,8 +289,9 @@ class WindowsClient(_CtapStub): + public_key, key_handle = self._enroll(alg) + + cdata = _CredentialData(alg, public_key, key_handle) ++ attestation_object = _Credential(_CredentialAuthData(cdata)) + +- return _AttestationResponse(_Credential(_CredentialAuthData(cdata))) ++ return _RegistrationResponse(_AttestationResponse(attestation_object)) + + def get_assertion(self, options): + """Get assertion using Windows WebAuthN API""" +@@ -297,7 +312,8 @@ class WindowsClient(_CtapStub): + key_handle, flags) + + auth_data = _AuthenticatorData(flags, counter) +- assertion = _AssertionResponse(data, auth_data, sig) ++ response = _AssertionResponse(data, auth_data, sig) ++ assertion = _AuthenticationResponse(response) + + return _AssertionSelection([assertion]) + diff --git a/security/py-authlib/Makefile b/security/py-authlib/Makefile index 56b2bb82b717..e992f4abffb7 100644 --- a/security/py-authlib/Makefile +++ b/security/py-authlib/Makefile @@ -1,5 +1,5 @@ PORTNAME= authlib -PORTVERSION= 1.6.3 +PORTVERSION= 1.6.4 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-authlib/distinfo b/security/py-authlib/distinfo index b5637dd84b1e..fcf029145d98 100644 --- a/security/py-authlib/distinfo +++ b/security/py-authlib/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1757120812 -SHA256 (authlib-1.6.3.tar.gz) = 9f7a982cc395de719e4c2215c5707e7ea690ecf84f1ab126f28c053f4219e610 -SIZE (authlib-1.6.3.tar.gz) = 160836 +TIMESTAMP = 1759816712 +SHA256 (authlib-1.6.4.tar.gz) = 104b0442a43061dc8bc23b133d1d06a2b0a9c2e3e33f34c4338929e816287649 +SIZE (authlib-1.6.4.tar.gz) = 164046 diff --git a/security/py-bcrypt/Makefile b/security/py-bcrypt/Makefile index 283595598671..87b89401a47d 100644 --- a/security/py-bcrypt/Makefile +++ b/security/py-bcrypt/Makefile @@ -1,6 +1,5 @@ PORTNAME= bcrypt -DISTVERSION= 4.3.0 -PORTREVISION= 3 +PORTVERSION= 5.0.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -21,15 +20,14 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} USES= cargo python USE_PYTHON= autoplist concurrent pep517 pytest -CARGO_CARGOLOCK= ${WRKSRC}/src/_bcrypt/Cargo.lock -CARGO_CARGOTOML= ${WRKSRC}/src/_bcrypt/Cargo.toml -CARGO_BUILD= no -CARGO_INSTALL= no -CARGO_TEST= no - +CARGO_BUILD= no +CARGO_CARGOLOCK=${WRKSRC}/src/_bcrypt/Cargo.lock +CARGO_CARGOTOML=${WRKSRC}/src/_bcrypt/Cargo.toml +CARGO_INSTALL= no +CARGO_TEST= no TEST_ENV= PYTHONPATH=${STAGEDIR}${PYTHON_SITELIBDIR} -post-install: +x-post-install: ${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -name '*.so' -exec ${STRIP_CMD} {} + .include <bsd.port.mk> diff --git a/security/py-bcrypt/Makefile.crates b/security/py-bcrypt/Makefile.crates index d762d5e54aec..a7b7e5399fc1 100644 --- a/security/py-bcrypt/Makefile.crates +++ b/security/py-bcrypt/Makefile.crates @@ -1,50 +1,42 @@ -CARGO_CRATES= autocfg-1.4.0 \ +CARGO_CRATES= autocfg-1.5.0 \ base64-0.22.1 \ - bcrypt-0.17.0 \ + bcrypt-0.17.1 \ bcrypt-pbkdf-0.10.0 \ - bitflags-2.8.0 \ block-buffer-0.10.4 \ blowfish-0.9.1 \ byteorder-1.5.0 \ - cfg-if-1.0.0 \ + cfg-if-1.0.3 \ cipher-0.4.4 \ cpufeatures-0.2.17 \ crypto-common-0.1.6 \ digest-0.10.7 \ generic-array-0.14.7 \ - getrandom-0.3.1 \ + getrandom-0.3.3 \ heck-0.5.0 \ - indoc-2.0.5 \ + indoc-2.0.6 \ inout-0.1.4 \ - libc-0.2.170 \ + libc-0.2.176 \ memoffset-0.9.1 \ - once_cell-1.20.3 \ + once_cell-1.21.3 \ pbkdf2-0.12.2 \ - portable-atomic-1.11.0 \ - proc-macro2-1.0.93 \ - pyo3-0.23.5 \ - pyo3-build-config-0.23.5 \ - pyo3-ffi-0.23.5 \ - pyo3-macros-0.23.5 \ - pyo3-macros-backend-0.23.5 \ - quote-1.0.38 \ - sha2-0.10.8 \ + portable-atomic-1.11.1 \ + proc-macro2-1.0.101 \ + pyo3-0.26.0 \ + pyo3-build-config-0.26.0 \ + pyo3-ffi-0.26.0 \ + pyo3-macros-0.26.0 \ + pyo3-macros-backend-0.26.0 \ + quote-1.0.40 \ + r-efi-5.3.0 \ + sha2-0.10.9 \ subtle-2.6.1 \ - syn-2.0.98 \ - target-lexicon-0.12.16 \ + syn-2.0.106 \ + target-lexicon-0.13.3 \ typenum-1.18.0 \ - unicode-ident-1.0.17 \ - unindent-0.2.3 \ + unicode-ident-1.0.19 \ + unindent-0.2.4 \ version_check-0.9.5 \ - wasi-0.13.3+wasi-0.2.2 \ - windows-targets-0.52.6 \ - windows_aarch64_gnullvm-0.52.6 \ - windows_aarch64_msvc-0.52.6 \ - windows_i686_gnu-0.52.6 \ - windows_i686_gnullvm-0.52.6 \ - windows_i686_msvc-0.52.6 \ - windows_x86_64_gnu-0.52.6 \ - windows_x86_64_gnullvm-0.52.6 \ - windows_x86_64_msvc-0.52.6 \ - wit-bindgen-rt-0.33.0 \ + wasi-0.14.7+wasi-0.2.4 \ + wasip2-1.0.1+wasi-0.2.4 \ + wit-bindgen-0.46.0 \ zeroize-1.8.1 diff --git a/security/py-bcrypt/distinfo b/security/py-bcrypt/distinfo index 9ec605554eaf..7da3d21229d7 100644 --- a/security/py-bcrypt/distinfo +++ b/security/py-bcrypt/distinfo @@ -1,24 +1,22 @@ -TIMESTAMP = 1749155161 -SHA256 (bcrypt-4.3.0.tar.gz) = 3a3fd2204178b6d2adcf09cb4f6426ffef54762577a7c9b54c159008cb288c18 -SIZE (bcrypt-4.3.0.tar.gz) = 25697 -SHA256 (rust/crates/autocfg-1.4.0.crate) = ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26 -SIZE (rust/crates/autocfg-1.4.0.crate) = 17712 +TIMESTAMP = 1759816990 +SHA256 (bcrypt-5.0.0.tar.gz) = f748f7c2d6fd375cc93d3fba7ef4a9e3a092421b8dbf34d8d4dc06be9492dfdd +SIZE (bcrypt-5.0.0.tar.gz) = 25386 +SHA256 (rust/crates/autocfg-1.5.0.crate) = c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8 +SIZE (rust/crates/autocfg-1.5.0.crate) = 18729 SHA256 (rust/crates/base64-0.22.1.crate) = 72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6 SIZE (rust/crates/base64-0.22.1.crate) = 81597 -SHA256 (rust/crates/bcrypt-0.17.0.crate) = 92758ad6077e4c76a6cadbce5005f666df70d4f13b19976b1a8062eef880040f -SIZE (rust/crates/bcrypt-0.17.0.crate) = 12461 +SHA256 (rust/crates/bcrypt-0.17.1.crate) = abaf6da45c74385272ddf00e1ac074c7d8a6c1a1dda376902bd6a427522a8b2c +SIZE (rust/crates/bcrypt-0.17.1.crate) = 12542 SHA256 (rust/crates/bcrypt-pbkdf-0.10.0.crate) = 6aeac2e1fe888769f34f05ac343bbef98b14d1ffb292ab69d4608b3abc86f2a2 SIZE (rust/crates/bcrypt-pbkdf-0.10.0.crate) = 11032 -SHA256 (rust/crates/bitflags-2.8.0.crate) = 8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36 -SIZE (rust/crates/bitflags-2.8.0.crate) = 47482 SHA256 (rust/crates/block-buffer-0.10.4.crate) = 3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71 SIZE (rust/crates/block-buffer-0.10.4.crate) = 10538 SHA256 (rust/crates/blowfish-0.9.1.crate) = e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7 SIZE (rust/crates/blowfish-0.9.1.crate) = 16734 SHA256 (rust/crates/byteorder-1.5.0.crate) = 1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b SIZE (rust/crates/byteorder-1.5.0.crate) = 23288 -SHA256 (rust/crates/cfg-if-1.0.0.crate) = baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd -SIZE (rust/crates/cfg-if-1.0.0.crate) = 7934 +SHA256 (rust/crates/cfg-if-1.0.3.crate) = 2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9 +SIZE (rust/crates/cfg-if-1.0.3.crate) = 8719 SHA256 (rust/crates/cipher-0.4.4.crate) = 773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad SIZE (rust/crates/cipher-0.4.4.crate) = 19073 SHA256 (rust/crates/cpufeatures-0.2.17.crate) = 59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280 @@ -29,75 +27,61 @@ SHA256 (rust/crates/digest-0.10.7.crate) = 9ed9a281f7bc9b7576e61468ba615a66a5c8c SIZE (rust/crates/digest-0.10.7.crate) = 19557 SHA256 (rust/crates/generic-array-0.14.7.crate) = 85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a SIZE (rust/crates/generic-array-0.14.7.crate) = 15950 -SHA256 (rust/crates/getrandom-0.3.1.crate) = 43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8 -SIZE (rust/crates/getrandom-0.3.1.crate) = 42449 +SHA256 (rust/crates/getrandom-0.3.3.crate) = 26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4 +SIZE (rust/crates/getrandom-0.3.3.crate) = 49493 SHA256 (rust/crates/heck-0.5.0.crate) = 2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea SIZE (rust/crates/heck-0.5.0.crate) = 11517 -SHA256 (rust/crates/indoc-2.0.5.crate) = b248f5224d1d606005e02c97f5aa4e88eeb230488bcc03bc9ca4d7991399f2b5 -SIZE (rust/crates/indoc-2.0.5.crate) = 14396 +SHA256 (rust/crates/indoc-2.0.6.crate) = f4c7245a08504955605670dbf141fceab975f15ca21570696aebe9d2e71576bd +SIZE (rust/crates/indoc-2.0.6.crate) = 17164 SHA256 (rust/crates/inout-0.1.4.crate) = 879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01 SIZE (rust/crates/inout-0.1.4.crate) = 11280 -SHA256 (rust/crates/libc-0.2.170.crate) = 875b3680cb2f8f71bdcf9a30f38d48282f5d3c95cbf9b3fa57269bb5d5c06828 -SIZE (rust/crates/libc-0.2.170.crate) = 760076 +SHA256 (rust/crates/libc-0.2.176.crate) = 58f929b4d672ea937a23a1ab494143d968337a5f47e56d0815df1e0890ddf174 +SIZE (rust/crates/libc-0.2.176.crate) = 790040 SHA256 (rust/crates/memoffset-0.9.1.crate) = 488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a SIZE (rust/crates/memoffset-0.9.1.crate) = 9032 -SHA256 (rust/crates/once_cell-1.20.3.crate) = 945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e -SIZE (rust/crates/once_cell-1.20.3.crate) = 33456 +SHA256 (rust/crates/once_cell-1.21.3.crate) = 42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d +SIZE (rust/crates/once_cell-1.21.3.crate) = 34534 SHA256 (rust/crates/pbkdf2-0.12.2.crate) = f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2 SIZE (rust/crates/pbkdf2-0.12.2.crate) = 13906 -SHA256 (rust/crates/portable-atomic-1.11.0.crate) = 350e9b48cbc6b0e028b0473b114454c6316e57336ee184ceab6e53f72c178b3e -SIZE (rust/crates/portable-atomic-1.11.0.crate) = 181258 -SHA256 (rust/crates/proc-macro2-1.0.93.crate) = 60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99 -SIZE (rust/crates/proc-macro2-1.0.93.crate) = 52388 -SHA256 (rust/crates/pyo3-0.23.5.crate) = 7778bffd85cf38175ac1f545509665d0b9b92a198ca7941f131f85f7a4f9a872 -SIZE (rust/crates/pyo3-0.23.5.crate) = 1088533 -SHA256 (rust/crates/pyo3-build-config-0.23.5.crate) = 94f6cbe86ef3bf18998d9df6e0f3fc1050a8c5efa409bf712e661a4366e010fb -SIZE (rust/crates/pyo3-build-config-0.23.5.crate) = 33885 -SHA256 (rust/crates/pyo3-ffi-0.23.5.crate) = e9f1b4c431c0bb1c8fb0a338709859eed0d030ff6daa34368d3b152a63dfdd8d -SIZE (rust/crates/pyo3-ffi-0.23.5.crate) = 74867 -SHA256 (rust/crates/pyo3-macros-0.23.5.crate) = fbc2201328f63c4710f68abdf653c89d8dbc2858b88c5d88b0ff38a75288a9da -SIZE (rust/crates/pyo3-macros-0.23.5.crate) = 8856 -SHA256 (rust/crates/pyo3-macros-backend-0.23.5.crate) = fca6726ad0f3da9c9de093d6f116a93c1a38e417ed73bf138472cf4064f72028 -SIZE (rust/crates/pyo3-macros-backend-0.23.5.crate) = 70938 -SHA256 (rust/crates/quote-1.0.38.crate) = 0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc -SIZE (rust/crates/quote-1.0.38.crate) = 31252 -SHA256 (rust/crates/sha2-0.10.8.crate) = 793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8 -SIZE (rust/crates/sha2-0.10.8.crate) = 26357 +SHA256 (rust/crates/portable-atomic-1.11.1.crate) = f84267b20a16ea918e43c6a88433c2d54fa145c92a811b5b047ccbe153674483 +SIZE (rust/crates/portable-atomic-1.11.1.crate) = 185506 +SHA256 (rust/crates/proc-macro2-1.0.101.crate) = 89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de +SIZE (rust/crates/proc-macro2-1.0.101.crate) = 53886 +SHA256 (rust/crates/pyo3-0.26.0.crate) = 7ba0117f4212101ee6544044dae45abe1083d30ce7b29c4b5cbdfa2354e07383 +SIZE (rust/crates/pyo3-0.26.0.crate) = 1151579 +SHA256 (rust/crates/pyo3-build-config-0.26.0.crate) = 4fc6ddaf24947d12a9aa31ac65431fb1b851b8f4365426e182901eabfb87df5f +SIZE (rust/crates/pyo3-build-config-0.26.0.crate) = 34309 +SHA256 (rust/crates/pyo3-ffi-0.26.0.crate) = 025474d3928738efb38ac36d4744a74a400c901c7596199e20e45d98eb194105 +SIZE (rust/crates/pyo3-ffi-0.26.0.crate) = 78247 +SHA256 (rust/crates/pyo3-macros-0.26.0.crate) = 2e64eb489f22fe1c95911b77c44cc41e7c19f3082fc81cce90f657cdc42ffded +SIZE (rust/crates/pyo3-macros-0.26.0.crate) = 8906 +SHA256 (rust/crates/pyo3-macros-backend-0.26.0.crate) = 100246c0ecf400b475341b8455a9213344569af29a3c841d29270e53102e0fcf +SIZE (rust/crates/pyo3-macros-backend-0.26.0.crate) = 81809 +SHA256 (rust/crates/quote-1.0.40.crate) = 1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d +SIZE (rust/crates/quote-1.0.40.crate) = 31063 +SHA256 (rust/crates/r-efi-5.3.0.crate) = 69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f +SIZE (rust/crates/r-efi-5.3.0.crate) = 64532 +SHA256 (rust/crates/sha2-0.10.9.crate) = a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283 +SIZE (rust/crates/sha2-0.10.9.crate) = 29271 SHA256 (rust/crates/subtle-2.6.1.crate) = 13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292 SIZE (rust/crates/subtle-2.6.1.crate) = 14562 -SHA256 (rust/crates/syn-2.0.98.crate) = 36147f1a48ae0ec2b5b3bc5b537d267457555a10dc06f3dbc8cb11ba3006d3b1 -SIZE (rust/crates/syn-2.0.98.crate) = 297807 -SHA256 (rust/crates/target-lexicon-0.12.16.crate) = 61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1 -SIZE (rust/crates/target-lexicon-0.12.16.crate) = 26488 +SHA256 (rust/crates/syn-2.0.106.crate) = ede7c438028d4436d71104916910f5bb611972c5cfd7f89b8300a8186e6fada6 +SIZE (rust/crates/syn-2.0.106.crate) = 301514 +SHA256 (rust/crates/target-lexicon-0.13.3.crate) = df7f62577c25e07834649fc3b39fafdc597c0a3527dc1c60129201ccfcbaa50c +SIZE (rust/crates/target-lexicon-0.13.3.crate) = 28498 SHA256 (rust/crates/typenum-1.18.0.crate) = 1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f SIZE (rust/crates/typenum-1.18.0.crate) = 74871 -SHA256 (rust/crates/unicode-ident-1.0.17.crate) = 00e2473a93778eb0bad35909dff6a10d28e63f792f16ed15e404fca9d5eeedbe -SIZE (rust/crates/unicode-ident-1.0.17.crate) = 47704 -SHA256 (rust/crates/unindent-0.2.3.crate) = c7de7d73e1754487cb58364ee906a499937a0dfabd86bcb980fa99ec8c8fa2ce -SIZE (rust/crates/unindent-0.2.3.crate) = 7306 +SHA256 (rust/crates/unicode-ident-1.0.19.crate) = f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d +SIZE (rust/crates/unicode-ident-1.0.19.crate) = 47480 +SHA256 (rust/crates/unindent-0.2.4.crate) = 7264e107f553ccae879d21fbea1d6724ac785e8c3bfc762137959b5802826ef3 +SIZE (rust/crates/unindent-0.2.4.crate) = 7422 SHA256 (rust/crates/version_check-0.9.5.crate) = 0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a SIZE (rust/crates/version_check-0.9.5.crate) = 15554 -SHA256 (rust/crates/wasi-0.13.3+wasi-0.2.2.crate) = 26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2 -SIZE (rust/crates/wasi-0.13.3+wasi-0.2.2.crate) = 136754 -SHA256 (rust/crates/windows-targets-0.52.6.crate) = 9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973 -SIZE (rust/crates/windows-targets-0.52.6.crate) = 6403 -SHA256 (rust/crates/windows_aarch64_gnullvm-0.52.6.crate) = 32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3 -SIZE (rust/crates/windows_aarch64_gnullvm-0.52.6.crate) = 435718 -SHA256 (rust/crates/windows_aarch64_msvc-0.52.6.crate) = 09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469 -SIZE (rust/crates/windows_aarch64_msvc-0.52.6.crate) = 832615 -SHA256 (rust/crates/windows_i686_gnu-0.52.6.crate) = 8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b -SIZE (rust/crates/windows_i686_gnu-0.52.6.crate) = 880402 -SHA256 (rust/crates/windows_i686_gnullvm-0.52.6.crate) = 0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66 -SIZE (rust/crates/windows_i686_gnullvm-0.52.6.crate) = 475940 -SHA256 (rust/crates/windows_i686_msvc-0.52.6.crate) = 240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66 -SIZE (rust/crates/windows_i686_msvc-0.52.6.crate) = 901163 -SHA256 (rust/crates/windows_x86_64_gnu-0.52.6.crate) = 147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78 -SIZE (rust/crates/windows_x86_64_gnu-0.52.6.crate) = 836363 -SHA256 (rust/crates/windows_x86_64_gnullvm-0.52.6.crate) = 24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d -SIZE (rust/crates/windows_x86_64_gnullvm-0.52.6.crate) = 435707 -SHA256 (rust/crates/windows_x86_64_msvc-0.52.6.crate) = 589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec -SIZE (rust/crates/windows_x86_64_msvc-0.52.6.crate) = 832564 -SHA256 (rust/crates/wit-bindgen-rt-0.33.0.crate) = 3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c -SIZE (rust/crates/wit-bindgen-rt-0.33.0.crate) = 3357 +SHA256 (rust/crates/wasi-0.14.7+wasi-0.2.4.crate) = 883478de20367e224c0090af9cf5f9fa85bed63a95c1abf3afc5c083ebc06e8c +SIZE (rust/crates/wasi-0.14.7+wasi-0.2.4.crate) = 18219 +SHA256 (rust/crates/wasip2-1.0.1+wasi-0.2.4.crate) = 0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7 +SIZE (rust/crates/wasip2-1.0.1+wasi-0.2.4.crate) = 132087 +SHA256 (rust/crates/wit-bindgen-0.46.0.crate) = f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59 +SIZE (rust/crates/wit-bindgen-0.46.0.crate) = 60508 SHA256 (rust/crates/zeroize-1.8.1.crate) = ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde SIZE (rust/crates/zeroize-1.8.1.crate) = 20029 diff --git a/security/py-google-auth/Makefile b/security/py-google-auth/Makefile index df59d7ee2c9c..247278495faa 100644 --- a/security/py-google-auth/Makefile +++ b/security/py-google-auth/Makefile @@ -1,5 +1,5 @@ PORTNAME= google-auth -PORTVERSION= 2.40.3 +PORTVERSION= 2.41.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -14,7 +14,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=0:devel/py-setuptools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cachetools>=2.0.0:devel/py-cachetools@${PY_FLAVOR} \ +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cachetools>=2.0.0<7.0:devel/py-cachetools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyasn1-modules>=0.2.1:devel/py-pyasn1-modules@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}rsa>=3.1.4<5:security/py-rsa@${PY_FLAVOR} diff --git a/security/py-google-auth/distinfo b/security/py-google-auth/distinfo index 2147330fb503..926364cc591d 100644 --- a/security/py-google-auth/distinfo +++ b/security/py-google-auth/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1749813108 -SHA256 (google_auth-2.40.3.tar.gz) = 500c3a29adedeb36ea9cf24b8d10858e152f2412e3ca37829b3fa18e33d63b77 -SIZE (google_auth-2.40.3.tar.gz) = 281029 +TIMESTAMP = 1759816714 +SHA256 (google_auth-2.41.0.tar.gz) = c9d7b534ea4a5d9813c552846797fafb080312263cd4994d6622dd50992ae101 +SIZE (google_auth-2.41.0.tar.gz) = 292282 diff --git a/security/py-google-auth/files/patch-setup.py b/security/py-google-auth/files/patch-setup.py deleted file mode 100644 index 06b64628ef0c..000000000000 --- a/security/py-google-auth/files/patch-setup.py +++ /dev/null @@ -1,11 +0,0 @@ ---- setup.py.orig 2025-05-21 18:00:57 UTC -+++ setup.py -@@ -20,7 +20,7 @@ DEPENDENCIES = ( - - - DEPENDENCIES = ( -- "cachetools>=2.0.0,<6.0", -+ "cachetools>=2.0.0", - "pyasn1-modules>=0.2.1", - # rsa==4.5 is the last version to support 2.7 - # https://github.com/sybrenstuvel/python-rsa/issues/152#issuecomment-643470233 diff --git a/security/py-google-cloud-kms/Makefile b/security/py-google-cloud-kms/Makefile new file mode 100644 index 000000000000..911d3a05b762 --- /dev/null +++ b/security/py-google-cloud-kms/Makefile @@ -0,0 +1,38 @@ +PORTNAME= google-cloud-kms +DISTVERSION= 3.6.0 +CATEGORIES= security python +MASTER_SITES= PYPI +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} +DISTNAME= ${PORTNAME:S/-/_/g}-${DISTVERSION} + +MAINTAINER= tagattie@FreeBSD.org +COMMENT= Python client for Google Cloud Key Management Service +WWW= https://pypi.org/project/google-cloud-kms/ + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}google-api-core>=1.34.1<3.0.0:www/py-google-api-core@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}google-auth>=2.14.1<3.0.0:security/py-google-auth@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}proto-plus>=1.22.3<2.0.0:devel/py-proto-plus@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}protobuf>=3.20.2,1<7.0.0,1:devel/py-protobuf@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}grpc-google-iam-v1>=0.14.0<1.0.0:devel/py-grpc-google-iam-v1@${PY_FLAVOR} +TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pytest-asyncio>0:devel/py-pytest-asyncio@${PY_FLAVOR} + +USES= python + +USE_PYTHON= autoplist distutils pytest +PYTEST_IGNORED_TESTS= test_list_ekm_connections[grpc] \ + test_list_ekm_connections[rest] + +NO_ARCH= yes + +PORTDOCS= README.rst + +OPTIONS_DEFINE= DOCS + +post-install-DOCS-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR} + +.include <bsd.port.mk> diff --git a/security/py-google-cloud-kms/distinfo b/security/py-google-cloud-kms/distinfo new file mode 100644 index 000000000000..f935ac04aec4 --- /dev/null +++ b/security/py-google-cloud-kms/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1760498630 +SHA256 (google_cloud_kms-3.6.0.tar.gz) = c0f7f2474e35e99e6a36651520a26fdba4bb8e73b7cd0d9bff8c8bd92737afcc +SIZE (google_cloud_kms-3.6.0.tar.gz) = 329923 diff --git a/security/py-google-cloud-kms/pkg-descr b/security/py-google-cloud-kms/pkg-descr new file mode 100644 index 000000000000..8eaf90a4f41f --- /dev/null +++ b/security/py-google-cloud-kms/pkg-descr @@ -0,0 +1,9 @@ +Google Cloud Key Management Service: a cloud-hosted key management +service that lets you manage cryptographic keys for your cloud +services the same way you do on-premises. You can generate, use, +rotate, and destroy AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and +EC P384 cryptographic keys. Cloud KMS is integrated with Cloud IAM and +Cloud Audit Logging so that you can manage permissions on individual +keys and monitor how these are used. Use Cloud KMS to protect secrets +and other sensitive data that you need to store in Google Cloud +Platform. diff --git a/security/py-joserfc/Makefile b/security/py-joserfc/Makefile index 7f57e94ff9d8..a61fd793eafd 100644 --- a/security/py-joserfc/Makefile +++ b/security/py-joserfc/Makefile @@ -1,5 +1,5 @@ PORTNAME= joserfc -PORTVERSION= 1.3.2 +PORTVERSION= 1.3.4 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-joserfc/distinfo b/security/py-joserfc/distinfo index facbadb9600a..28afb39c7d9f 100644 --- a/security/py-joserfc/distinfo +++ b/security/py-joserfc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1757436541 -SHA256 (joserfc-1.3.2.tar.gz) = 147bbba5b0b7c29fa270921dc1f17d83b48ccf0fecf51295b8de1ff1b682ca53 -SIZE (joserfc-1.3.2.tar.gz) = 196379 +TIMESTAMP = 1759816716 +SHA256 (joserfc-1.3.4.tar.gz) = 67d8413c501c239f65eefad5ae685cfbfc401aa63289fc409ef7cc331b007227 +SIZE (joserfc-1.3.4.tar.gz) = 197787 diff --git a/security/py-pwntools/Makefile b/security/py-pwntools/Makefile index 187252876f64..a4d19abc86c6 100644 --- a/security/py-pwntools/Makefile +++ b/security/py-pwntools/Makefile @@ -1,6 +1,5 @@ PORTNAME= pwntools -DISTVERSION= 4.14.1 -PORTREVISION= 2 +DISTVERSION= 4.15.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-pwntools/distinfo b/security/py-pwntools/distinfo index 20389087269e..b83fedb7d535 100644 --- a/security/py-pwntools/distinfo +++ b/security/py-pwntools/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1742915479 -SHA256 (pwntools-4.14.1.tar.gz) = 60f04976d1722120d18b9d50553408a024664b5cf888f36f258afca4bf035cac -SIZE (pwntools-4.14.1.tar.gz) = 5612163 +TIMESTAMP = 1760300293 +SHA256 (pwntools-4.15.0.tar.gz) = d99a917298c1ca7241b51bba9ad2212f2af441ef66488059b2426508e9a2a776 +SIZE (pwntools-4.15.0.tar.gz) = 5627629 diff --git a/security/rekor/Makefile b/security/rekor/Makefile index 299096b3ca8b..e0f0d3921e99 100644 --- a/security/rekor/Makefile +++ b/security/rekor/Makefile @@ -1,7 +1,7 @@ PORTNAME= rekor DISTVERSIONPREFIX= v DISTVERSION= 1.3.10 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/rubygem-acme-client/Makefile b/security/rubygem-acme-client/Makefile index ebd58343040c..4c6bf2db4a4a 100644 --- a/security/rubygem-acme-client/Makefile +++ b/security/rubygem-acme-client/Makefile @@ -1,5 +1,5 @@ PORTNAME= acme-client -PORTVERSION= 2.0.25 +PORTVERSION= 2.0.26 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-acme-client/distinfo b/security/rubygem-acme-client/distinfo index 79a4a4fcfdbd..a544bd690561 100644 --- a/security/rubygem-acme-client/distinfo +++ b/security/rubygem-acme-client/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1757121850 -SHA256 (rubygem/acme-client-2.0.25.gem) = e0bba7b9f785fd9ffe0933f8733ca81357ac46e4a979cb4f84806ab88fee0f31 -SIZE (rubygem/acme-client-2.0.25.gem) = 22016 +TIMESTAMP = 1759816936 +SHA256 (rubygem/acme-client-2.0.26.gem) = 060e5ea5dd2f66b1b2be3f710ac0884dd469ce3a8b3125c8a5c08e09fb6523bd +SIZE (rubygem/acme-client-2.0.26.gem) = 22528 diff --git a/security/rubygem-pundit/Makefile b/security/rubygem-pundit/Makefile index 2b64cad6e68b..25fb493ccb6e 100644 --- a/security/rubygem-pundit/Makefile +++ b/security/rubygem-pundit/Makefile @@ -1,5 +1,5 @@ PORTNAME= pundit -PORTVERSION= 2.5.1 +PORTVERSION= 2.5.2 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-pundit/distinfo b/security/rubygem-pundit/distinfo index e753cdb6927e..8f614b016c26 100644 --- a/security/rubygem-pundit/distinfo +++ b/security/rubygem-pundit/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1759324332 -SHA256 (rubygem/pundit-2.5.1.gem) = 0f5a21b1fa2921638d6b21925ad2219e3336e9ef7da486b614e7bb18e299f2de -SIZE (rubygem/pundit-2.5.1.gem) = 24576 +TIMESTAMP = 1759816938 +SHA256 (rubygem/pundit-2.5.2.gem) = e374152baa24f90b630428293faf4b4c5468fc3cc010165f7d8fcb44ce108bbd +SIZE (rubygem/pundit-2.5.2.gem) = 25088 diff --git a/security/snowflake-tor/Makefile b/security/snowflake-tor/Makefile index 1cf1fecc8f7d..0f0d6d166705 100644 --- a/security/snowflake-tor/Makefile +++ b/security/snowflake-tor/Makefile @@ -1,7 +1,7 @@ PORTNAME= snowflake DISTVERSIONPREFIX= v PORTVERSION= 2.5.1 -PORTREVISION= 24 +PORTREVISION= 25 CATEGORIES= security net PKGNAMESUFFIX= -tor diff --git a/security/sops/Makefile b/security/sops/Makefile index c12e6ed77184..f51b8bcf5c76 100644 --- a/security/sops/Makefile +++ b/security/sops/Makefile @@ -1,7 +1,7 @@ PORTNAME= sops DISTVERSIONPREFIX= v DISTVERSION= 3.11.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security editors MAINTAINER= bofh@FreeBSD.org diff --git a/security/ssb/Makefile b/security/ssb/Makefile index 0f7b65a87872..1d74b16ca88e 100644 --- a/security/ssb/Makefile +++ b/security/ssb/Makefile @@ -1,7 +1,7 @@ PORTNAME= ssb DISTVERSIONPREFIX= v DISTVERSION= 0.1.1 -PORTREVISION= 30 +PORTREVISION= 31 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/ssl-checker/Makefile b/security/ssl-checker/Makefile index 7ab1d24d7153..8a185d71eb5d 100644 --- a/security/ssl-checker/Makefile +++ b/security/ssl-checker/Makefile @@ -1,7 +1,7 @@ PORTNAME= ssl-checker DISTVERSIONPREFIX= v DISTVERSION= 0.1.7 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= olgeni@FreeBSD.org diff --git a/security/ssllabs-scan/Makefile b/security/ssllabs-scan/Makefile index ef3957a4363f..825d5add606a 100644 --- a/security/ssllabs-scan/Makefile +++ b/security/ssllabs-scan/Makefile @@ -1,7 +1,7 @@ PORTNAME= ssllabs-scan DISTVERSIONPREFIX= v DISTVERSION= 1.5.0 -PORTREVISION= 30 +PORTREVISION= 31 CATEGORIES= security net MAINTAINER= egypcio@FreeBSD.org diff --git a/security/stegify/Makefile b/security/stegify/Makefile index abcdaa2fa196..34dc80e26750 100644 --- a/security/stegify/Makefile +++ b/security/stegify/Makefile @@ -2,7 +2,7 @@ PORTNAME= stegify DISTVERSIONPREFIX= v DISTVERSION= 1.2-2 DISTVERSIONSUFFIX= -g62518ca -PORTREVISION= 30 +PORTREVISION= 31 CATEGORIES= security graphics MAINTAINER= yuri@FreeBSD.org diff --git a/security/tailscale/Makefile b/security/tailscale/Makefile index 47f19b79526e..f39f1869caf6 100644 --- a/security/tailscale/Makefile +++ b/security/tailscale/Makefile @@ -1,7 +1,7 @@ PORTNAME= tailscale PORTVERSION= 1.88.3 DISTVERSIONPREFIX= v -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security net-vpn MAINTAINER= ashish@FreeBSD.org diff --git a/security/teleport/Makefile b/security/teleport/Makefile index e2ee28def766..ec200d472e03 100644 --- a/security/teleport/Makefile +++ b/security/teleport/Makefile @@ -1,7 +1,7 @@ PORTNAME= teleport DISTVERSIONPREFIX= v DISTVERSION= 5.2.5 -PORTREVISION= 19 +PORTREVISION= 20 CATEGORIES= security MAINTAINER= kraileth@elderlinux.org diff --git a/security/theonionbox/Makefile b/security/theonionbox/Makefile index 0fa3e888427d..c76915ba3af4 100644 --- a/security/theonionbox/Makefile +++ b/security/theonionbox/Makefile @@ -1,6 +1,6 @@ PORTNAME= theonionbox DISTVERSION= 4.3.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security net python MASTER_SITES= PYPI @@ -17,7 +17,7 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}APScheduler>=3.4:devel/py-apscheduler@${PY_F ${PYTHON_PKGNAMEPREFIX}requests>2.18:www/py-requests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}stem>=1.5.4:security/py-stem@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}tzlocal>=1.5:devel/py-tzlocal@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}urllib3>=1.21.1,1<1.27,1:net/py-urllib3@${PY_FLAVOR} + ${PYTHON_PKGNAMEPREFIX}urllib3>=1.21.1,1:net/py-urllib3@${PY_FLAVOR} RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}sqlite3>=0:databases/py-sqlite3@${PY_FLAVOR} # workaround for bug#230613: missing internal sqlite3 module in python USES= python diff --git a/security/theonionbox/files/patch-setup.py b/security/theonionbox/files/patch-setup.py index 0447f6547c50..3b045a2a553a 100644 --- a/security/theonionbox/files/patch-setup.py +++ b/security/theonionbox/files/patch-setup.py @@ -32,7 +32,7 @@ 'tzlocal>=1.5', 'futures>=3.2; python_version<"3.0"', - 'urllib3>=1.24.2, <1.25' # '<1.25' due to requests 2.21 requirement -+ 'urllib3>=1.21.1,<1.27' # copied (except the exclusions) from requests 2.25.1 ++ 'urllib3>=1.21.1' # copied (except the exclusions) from requests 2.25.1 ], long_description_content_type='text/x-rst; charset=UTF-8', classifiers=[ diff --git a/security/timestamp-authority/Makefile b/security/timestamp-authority/Makefile index aea44f04a143..6e6d42f51e03 100644 --- a/security/timestamp-authority/Makefile +++ b/security/timestamp-authority/Makefile @@ -1,7 +1,7 @@ PORTNAME= timestamp-authority DISTVERSIONPREFIX= v DISTVERSION= 1.2.9 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/tlsc/Makefile b/security/tlsc/Makefile index 6b51b60916c8..62a7008de6f7 100644 --- a/security/tlsc/Makefile +++ b/security/tlsc/Makefile @@ -4,13 +4,16 @@ CATEGORIES= security MASTER_SITES= https://github.com/Zirias/%SUBDIR%/ MASTER_SITE_SUBDIR= ${PORTNAME}/releases/download/v${DISTVERSION} -MAINTAINER= zirias@FreeBSD.org +MAINTAINER= ports@FreeBSD.org COMMENT= TLS connect daemon WWW= https://github.com/Zirias/tlsc LICENSE= BSD2CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE.txt +DEPRECATED= Unmaintained port +EXPIRATION_DATE=2025-12-31 + LIB_DEPENDS= libposercore.so:devel/poser USES= compiler:c11 gmake pkgconfig tar:xz diff --git a/security/totp-cli/Makefile b/security/totp-cli/Makefile index cf681cc78601..0f2e324d34ba 100644 --- a/security/totp-cli/Makefile +++ b/security/totp-cli/Makefile @@ -1,7 +1,7 @@ PORTNAME= totp-cli PORTVERSION= 1.9.2 DISTVERSIONPREFIX= v -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= security MAINTAINER= sunpoet@FreeBSD.org diff --git a/security/trillian/Makefile b/security/trillian/Makefile index 04b0c63c3492..0b1ab83c64e0 100644 --- a/security/trillian/Makefile +++ b/security/trillian/Makefile @@ -1,7 +1,7 @@ PORTNAME= trillian DISTVERSIONPREFIX= v DISTVERSION= 1.7.2 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/trivy/Makefile b/security/trivy/Makefile index c6f6bf0fc112..29b172020359 100644 --- a/security/trivy/Makefile +++ b/security/trivy/Makefile @@ -1,7 +1,7 @@ PORTNAME= trivy DISTVERSIONPREFIX= v -DISTVERSION= 0.66.0 -PORTREVISION= 2 +DISTVERSION= 0.67.2 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= mfechner@FreeBSD.org @@ -13,14 +13,19 @@ LICENSE_FILE= ${WRKSRC}/LICENSE BROKEN_i386= not supported, see https://github.com/aquasecurity/trivy/pull/9102 -USES= go:modules,1.24 +USES= go:modules,1.25 +USE_GITHUB= yes +GH_ACCOUNT= aquasecurity +GH_PROJECT= trivy +GO_MOD_DIST= github GO_MODULE= github.com/aquasecurity/trivy GO_TARGET= ./cmd/trivy GO_BUILDFLAGS= -ldflags=" \ -extldflags '-static' \ -X github.com/aquasecurity/trivy/pkg/version.ver=${DISTVERSION} \ -s -w" +MAKE_ENV= GOEXPERIMENT=jsonv2 PLIST_FILES= bin/${PORTNAME} diff --git a/security/trivy/distinfo b/security/trivy/distinfo index c7848514d223..28fde0ce1daa 100644 --- a/security/trivy/distinfo +++ b/security/trivy/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1756878437 -SHA256 (go/security_trivy/trivy-v0.66.0/v0.66.0.mod) = 41bedcea560a0f606080b34320349b4c21d920aeadb0e57a81d5fcbc4cf58823 -SIZE (go/security_trivy/trivy-v0.66.0/v0.66.0.mod) = 25763 -SHA256 (go/security_trivy/trivy-v0.66.0/v0.66.0.zip) = 78fb7cca5602ee1927808488e3306a9d0d1ba26c4817ceff055d10ed04da9d1b -SIZE (go/security_trivy/trivy-v0.66.0/v0.66.0.zip) = 59145292 +TIMESTAMP = 1760123985 +SHA256 (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/go.mod) = 130a0a0c893125dadbcc30ec66370aac6f848cc1b116a5d1acae4ceecb5a256d +SIZE (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/go.mod) = 26741 +SHA256 (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/aquasecurity-trivy-v0.67.2_GH0.tar.gz) = 280ff8cfb17d05d6b4d1b07bdd3cd26971032301bedb3b800a14886e64ce75eb +SIZE (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/aquasecurity-trivy-v0.67.2_GH0.tar.gz) = 57236343 diff --git a/security/trufflehog/Makefile b/security/trufflehog/Makefile index 078a343b4878..0d373bc6e467 100644 --- a/security/trufflehog/Makefile +++ b/security/trufflehog/Makefile @@ -1,6 +1,7 @@ PORTNAME= trufflehog DISTVERSIONPREFIX= v DISTVERSION= 3.90.8 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/tscli/Makefile b/security/tscli/Makefile index 9440f69bae39..d818f759e101 100644 --- a/security/tscli/Makefile +++ b/security/tscli/Makefile @@ -1,7 +1,7 @@ PORTNAME= tscli DISTVERSIONPREFIX= v DISTVERSION= 0.0.15 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= dtxdf@FreeBSD.org diff --git a/security/unix-selfauth-helper/Makefile b/security/unix-selfauth-helper/Makefile index 9273cdff3650..7ca163de3985 100644 --- a/security/unix-selfauth-helper/Makefile +++ b/security/unix-selfauth-helper/Makefile @@ -4,12 +4,15 @@ PORTREVISION= 1 CATEGORIES= security MASTER_SITES= ${WWW}/releases/download/v${DISTVERSION}/ -MAINTAINER= zirias@FreeBSD.org +MAINTAINER= ports@FreeBSD.org COMMENT= Local self-authentication for pam_exec WWW= https://github.com/Zirias/${PORTNAME} LICENSE= BSD2CLAUSE +DEPRECATED= Unmaintained port +EXPIRATION_DATE=2025-12-31 + USES= tar:xz MAKE_ARGS+= MANDIR=${PREFIX}/share/man/man diff --git a/security/vault/Makefile b/security/vault/Makefile index a3a1b118c7a1..70a7c7f51c21 100644 --- a/security/vault/Makefile +++ b/security/vault/Makefile @@ -1,7 +1,7 @@ PORTNAME= vault DISTVERSIONPREFIX= v DISTVERSION= 1.20.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://raw.githubusercontent.com/hashicorp/vault/${DISTVERSIONFULL}/ \ LOCAL/bofh/security/${PORTNAME}/:web_ui diff --git a/security/vouch-proxy/Makefile b/security/vouch-proxy/Makefile index 6f81b748c87b..3101f03a39b9 100644 --- a/security/vouch-proxy/Makefile +++ b/security/vouch-proxy/Makefile @@ -1,7 +1,7 @@ PORTNAME= vouch-proxy DISTVERSIONPREFIX=v DISTVERSION= 0.45.1 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= decke@FreeBSD.org diff --git a/security/vuls/Makefile b/security/vuls/Makefile index 0c5253b84986..657d82d8086c 100644 --- a/security/vuls/Makefile +++ b/security/vuls/Makefile @@ -1,7 +1,7 @@ PORTNAME= vuls DISTVERSIONPREFIX=v DISTVERSION= 0.35.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= girgen@FreeBSD.org diff --git a/security/vulsrepo/Makefile b/security/vulsrepo/Makefile index 3503f27c4124..083a81530d90 100644 --- a/security/vulsrepo/Makefile +++ b/security/vulsrepo/Makefile @@ -1,7 +1,7 @@ PORTNAME= vulsrepo PORTVERSION= 0.7.1 DISTVERSIONPREFIX=v -PORTREVISION= 14 +PORTREVISION= 15 CATEGORIES= security www MASTER_SITES= https://raw.githubusercontent.com/${GH_ACCOUNT}/${PORTNAME}/v${PORTVERSION}/server/:gomod DISTFILES= go.mod:gomod diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 9debb57a2777..b1213c676ae1 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,56 @@ + <vuln vid="50fd6a75-0587-4987-bef2-bb933cd78ea1"> + <topic>zeek -- information leak vulnerability</topic> + <affects> + <package> + <name>zeek</name> + <range><lt>8.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Tim Wojtulewicz of Corelight reports:</p> + <blockquote cite="INSERT URL HERE"> + <p>The KRB analyzer can leak information about hosts in + analyzed traffic via external DNS lookups.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/zeek/zeek/releases/tag/v8.0.2</url> + </references> + <dates> + <discovery>2025-10-13</discovery> + <entry>2025-10-13</entry> + </dates> + </vuln> + + <vuln vid="6dd86212-a859-11f0-bd95-b42e991fc52e"> + <topic>Firefox -- JIT miscompilation in the JavaScript Engine</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.3,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1987481"> + <p>JIT miscompilation in the JavaScript Engine: JIT + component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11153</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11153</url> + </references> + <dates> + <discovery>2025-09-30</discovery> + <entry>2025-10-13</entry> + </dates> + </vuln> + <vuln vid="87fdaf3c-a5b5-11f0-98b5-2cf05da270f3"> <topic>Gitlab -- vulnerabilities</topic> <affects> diff --git a/security/webtunnel-tor/Makefile b/security/webtunnel-tor/Makefile index a3d8472ca64e..553aef51d8bf 100644 --- a/security/webtunnel-tor/Makefile +++ b/security/webtunnel-tor/Makefile @@ -1,6 +1,6 @@ PORTNAME= webtunnel PORTVERSION= 0.0.1 -PORTREVISION= 18 +PORTREVISION= 19 CATEGORIES= security net PKGNAMESUFFIX= -tor diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile index a40c862c2b61..adb1a5c98e70 100644 --- a/security/wpa_supplicant/Makefile +++ b/security/wpa_supplicant/Makefile @@ -1,6 +1,6 @@ PORTNAME= wpa_supplicant PORTVERSION= 2.11 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security net MASTER_SITES= https://w1.fi/releases/ @@ -12,6 +12,7 @@ LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/README USES= cpe gmake pkgconfig:build readline ssl +USE_LDCONFIG= yes BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant INSTALL_WRKSRC= ${WRKSRC}/src CFLAGS+= ${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS @@ -39,13 +40,13 @@ OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC WPS_UPNP PKCS12 SMARTCARD \ DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \ IEEE8021X_EAPOL EAPOL_TEST \ HS20 NO_ROAMING P2P TDLS DBUS MATCH DOCS \ - SIM_SIMULATOR USIM_SIMULATOR WEP PASN + SIM_SIMULATOR USIM_SIMULATOR WEP PASN LIBWPA OPTIONS_DEFAULT= BSD WIRED \ TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK \ WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG \ INTERWORKING HS20 DBUS MATCH IEEE80211R IEEE80211W \ IEEE8021X_EAPOL WPS_ER WPS_NFC WPS_UPNP \ - FAST PWD PAX SAKE GPSK TNC IKEV2 EKE WEP PASN + FAST PWD PAX SAKE GPSK TNC IKEV2 EKE WEP PASN LIBWPA OPTIONS_SUB= WPS_DESC= Wi-Fi Protected Setup @@ -108,10 +109,14 @@ SAKE_DESC= Shared-Secret Authentication & Key Establishment GPSK_DESC= Generalized Pre-Shared Key TNC_DESC= Trusted Network Connect PASN_DESC= Pre-Association Security Negotiation +LIBWPA_DESC= libwpa_client Shared Library PRIVSEP_PLIST_FILES= sbin/wpa_priv DBUS_PLIST_FILES= share/dbus-1/system-services/fi.w1.wpa_supplicant1.service \ etc/dbus-1/system.d/dbus-wpa_supplicant.conf +LIBWPA_PLIST_FILES= lib/libwpa_client.so \ + lib/libwpa_client.so.2 \ + include/wpa_ctrl.h .include <bsd.port.pre.mk> @@ -190,6 +195,9 @@ post-patch: .if ${PORT_OPTIONS:MSIM_SIMULATOR} @${ECHO_CMD} CONFIG_SIM_SIMULATOR=y >> ${CFG} .endif +.if ${PORT_OPTIONS:MLIBWPA} + @${ECHO_CMD} CONFIG_BUILD_WPA_CLIENT_SO=y >> ${CFG} +.endif @${ECHO_CMD} CONFIG_OS=unix >> ${CFG} @${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG} @${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG} @@ -224,4 +232,11 @@ do-install-DBUS-on: ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/dbus-wpa_supplicant.conf \ ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ +do-install-LIBWPA-on: + ${INSTALL_LIB} ${BUILD_WRKSRC}/libwpa_client.so \ + ${STAGEDIR}${PREFIX}/lib/libwpa_client.so.2 + ${LN} -s libwpa_client.so.2 ${STAGEDIR}${PREFIX}/lib/libwpa_client.so + ${INSTALL_DATA} ${INSTALL_WRKSRC}/common/wpa_ctrl.h \ + ${STAGEDIR}${PREFIX}/include + .include <bsd.port.post.mk> diff --git a/security/wpa_supplicant/files/patch-src_common_dhcp.h b/security/wpa_supplicant/files/patch-src_common_dhcp.h index f88d1921a380..d25233a070b7 100644 --- a/security/wpa_supplicant/files/patch-src_common_dhcp.h +++ b/security/wpa_supplicant/files/patch-src_common_dhcp.h @@ -1,5 +1,5 @@ ---- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800 -+++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800 +--- src/common/dhcp.h.orig 2024-07-20 18:04:37 UTC ++++ src/common/dhcp.h @@ -9,6 +9,22 @@ #ifndef DHCP_H #define DHCP_H diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c index 7c22ee2a372c..6e83ddc25b46 100644 --- a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c +++ b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c @@ -1,5 +1,5 @@ ---- src/drivers/driver_bsd.c.orig 2024-07-20 11:04:37.000000000 -0700 -+++ src/drivers/driver_bsd.c 2025-04-07 12:47:28.984390000 -0700 +--- src/drivers/driver_bsd.c.orig 2024-07-20 18:04:37 UTC ++++ src/drivers/driver_bsd.c @@ -9,11 +9,13 @@ #include "includes.h" @@ -14,7 +14,7 @@ #include "common/wpa_common.h" #include <ifaddrs.h> -@@ -293,8 +295,9 @@ +@@ -293,8 +295,9 @@ static int } static int @@ -25,7 +25,7 @@ struct ifreq ifr; os_memset(&ifr, 0, sizeof(ifr)); -@@ -306,7 +309,34 @@ +@@ -306,7 +309,34 @@ bsd_get_iface_flags(struct bsd_driver_data *drv) return -1; } drv->flags = ifr.ifr_flags; @@ -60,7 +60,7 @@ } static int -@@ -349,6 +379,20 @@ +@@ -349,6 +379,20 @@ bsd_set_key(void *priv, struct wpa_driver_set_key_para case WPA_ALG_CCMP: wk.ik_type = IEEE80211_CIPHER_AES_CCM; break; @@ -81,7 +81,7 @@ default: wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg); return -1; -@@ -413,13 +457,34 @@ +@@ -413,13 +457,34 @@ bsd_configure_wpa(void *priv, struct wpa_bss_params *p { #ifndef IEEE80211_IOC_APPIE static const char *ciphernames[] = @@ -116,7 +116,7 @@ case WPA_CIPHER_TKIP: v = IEEE80211_CIPHER_TKIP; break; -@@ -456,8 +521,18 @@ +@@ -456,8 +521,18 @@ bsd_configure_wpa(void *priv, struct wpa_bss_params *p } v = 0; @@ -135,7 +135,7 @@ if (params->wpa_pairwise & WPA_CIPHER_TKIP) v |= 1<<IEEE80211_CIPHER_TKIP; if (params->wpa_pairwise & WPA_CIPHER_NONE) -@@ -525,7 +600,7 @@ +@@ -525,7 +600,7 @@ bsd_set_ieee8021x(void *priv, struct wpa_bss_params *p __func__); return -1; } @@ -144,7 +144,7 @@ } static void -@@ -586,6 +661,7 @@ +@@ -586,6 +661,7 @@ bsd_set_freq(void *priv, struct hostapd_freq_params *f mode = IFM_IEEE80211_11B; } else { mode = @@ -152,7 +152,7 @@ freq->ht_enabled ? IFM_IEEE80211_11NA : IFM_IEEE80211_11A; } -@@ -853,14 +929,18 @@ +@@ -853,14 +929,18 @@ bsd_wireless_event_receive(int sock, void *ctx, void * drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; @@ -174,7 +174,7 @@ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1027,7 +1107,8 @@ +@@ -1027,7 +1107,8 @@ bsd_init(struct hostapd_data *hapd, struct wpa_init_pa if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) goto bad; @@ -184,7 +184,7 @@ goto bad; if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) { -@@ -1052,12 +1133,13 @@ +@@ -1052,12 +1133,13 @@ bsd_deinit(void *priv) { struct bsd_driver_data *drv = priv; @@ -199,7 +199,7 @@ static int bsd_set_sta_authorized(void *priv, const u8 *addr, unsigned int total_flags, unsigned int flags_or, -@@ -1199,13 +1281,41 @@ +@@ -1199,13 +1281,41 @@ static int } static int @@ -242,7 +242,7 @@ wpa_printf(MSG_DEBUG, "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" -@@ -1222,7 +1332,10 @@ +@@ -1222,7 +1332,10 @@ wpa_driver_bsd_associate(void *priv, struct wpa_driver mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: @@ -253,7 +253,7 @@ break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1251,22 +1364,31 @@ +@@ -1251,24 +1364,33 @@ wpa_driver_bsd_associate(void *priv, struct wpa_driver ret = -1; if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) ret = -1; @@ -266,9 +266,6 @@ - params->key_mgmt_suite == WPA_KEY_MGMT_NONE && - params->wpa_ie_len == 0); - wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); -- -- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) -- return -1; + if (params->wpa_ie_len) { + rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, + WLAN_EID_RSN); @@ -288,9 +285,7 @@ + } + } -- if (params->wpa_ie_len && -- set80211param(drv, IEEE80211_IOC_WPA, -- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) +- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) @@ -298,8 +293,15 @@ + if (bsd_ctrl_iface(drv, 1) < 0) return -1; +- if (params->wpa_ie_len && +- set80211param(drv, IEEE80211_IOC_WPA, +- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) +- return -1; +- os_memset(&mlme, 0, sizeof(mlme)); -@@ -1311,11 +1433,8 @@ + mlme.im_op = IEEE80211_MLME_ASSOC; + if (params->ssid != NULL) +@@ -1311,11 +1433,8 @@ wpa_driver_bsd_scan(void *priv, struct wpa_driver_scan } /* NB: interface must be marked UP to do a scan */ @@ -312,7 +314,7 @@ #ifdef IEEE80211_IOC_SCAN_MAX_SSID os_memset(&sr, 0, sizeof(sr)); -@@ -1495,6 +1614,12 @@ +@@ -1495,6 +1614,12 @@ static int wpa_driver_bsd_capa(struct bsd_driver_data drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; @@ -325,7 +327,7 @@ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) drv->capa.flags |= WPA_DRIVER_FLAGS_AP; -@@ -1547,6 +1672,8 @@ +@@ -1547,6 +1672,8 @@ get80211opmode(struct bsd_driver_data *drv) } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; @@ -334,7 +336,7 @@ if (ifmr.ifm_current & IFM_IEEE80211_MONITOR) return IEEE80211_M_MONITOR; #ifdef IEEE80211_M_MBSS -@@ -1607,7 +1734,7 @@ +@@ -1607,7 +1734,7 @@ wpa_driver_bsd_init(void *ctx, const char *ifname, voi drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt; /* Down interface during setup. */ @@ -343,13 +345,13 @@ goto fail; /* Proven to work, lets go! */ -@@ -1631,6 +1758,9 @@ +@@ -1630,6 +1757,9 @@ wpa_driver_bsd_deinit(void *priv) + if (drv->ifindex != 0 && !drv->if_removed) { wpa_driver_bsd_set_wpa(drv, 0); - ++ + /* NB: mark interface down */ + bsd_ctrl_iface(drv, 0); -+ + wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy); - diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c b/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c index 5c58337c4b3d..3fa5a11bd8e2 100644 --- a/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c +++ b/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c @@ -1,6 +1,6 @@ ---- src/drivers/driver_ndis.c.orig 2019-08-07 13:25:25 UTC +--- src/drivers/driver_ndis.c.orig 2024-07-20 18:04:37 UTC +++ src/drivers/driver_ndis.c -@@ -504,13 +504,13 @@ static int ndis_get_oid(struct wpa_drive +@@ -504,13 +504,13 @@ static int ndis_get_oid(struct wpa_driver_ndis_data *d o->Length = len; if (!PacketRequest(drv->adapter, FALSE, o)) { @@ -16,7 +16,7 @@ __func__, oid, (unsigned int) o->Length, len); os_free(buf); return -1; -@@ -573,7 +573,7 @@ static int ndis_set_oid(struct wpa_drive +@@ -573,7 +573,7 @@ static int ndis_set_oid(struct wpa_driver_ndis_data *d os_memcpy(o->Data, data, len); if (!PacketRequest(drv->adapter, TRUE, o)) { @@ -25,7 +25,7 @@ __func__, oid, len); os_free(buf); return -1; -@@ -1531,7 +1531,7 @@ static void wpa_driver_ndis_event_auth(s +@@ -1543,7 +1543,7 @@ static void wpa_driver_ndis_event_auth(struct wpa_driv if (data_len < sizeof(*req)) { wpa_printf(MSG_DEBUG, "NDIS: Too short Authentication Request " @@ -34,7 +34,7 @@ return; } req = (NDIS_802_11_AUTHENTICATION_REQUEST *) data; -@@ -1565,7 +1565,7 @@ static void wpa_driver_ndis_event_pmkid( +@@ -1577,7 +1577,7 @@ static void wpa_driver_ndis_event_pmkid(struct wpa_dri if (data_len < 8) { wpa_printf(MSG_DEBUG, "NDIS: Too short PMKID Candidate List " @@ -43,7 +43,7 @@ return; } pmkid = (NDIS_802_11_PMKID_CANDIDATE_LIST *) data; -@@ -1587,7 +1587,7 @@ static void wpa_driver_ndis_event_pmkid( +@@ -1599,7 +1599,7 @@ static void wpa_driver_ndis_event_pmkid(struct wpa_dri os_memset(&event, 0, sizeof(event)); for (i = 0; i < pmkid->NumCandidates; i++) { PMKID_CANDIDATE *p = &pmkid->CandidateList[i]; @@ -52,7 +52,7 @@ i, MAC2STR(p->BSSID), (int) p->Flags); os_memcpy(event.pmkid_candidate.bssid, p->BSSID, ETH_ALEN); event.pmkid_candidate.index = i; -@@ -1778,7 +1778,7 @@ static void wpa_driver_ndis_get_capabili +@@ -1790,7 +1790,7 @@ static void wpa_driver_ndis_get_capability(struct wpa_ "overflow"); break; } @@ -61,7 +61,7 @@ i, (int) ae->AuthModeSupported, (int) ae->EncryptStatusSupported); switch (ae->AuthModeSupported) { -@@ -2106,7 +2106,11 @@ static int wpa_driver_ndis_get_names(str +@@ -2118,7 +2118,11 @@ static int wpa_driver_ndis_get_names(struct wpa_driver dlen = dpos - desc; else dlen = os_strlen(desc); @@ -74,7 +74,7 @@ os_free(b); if (drv->adapter_desc == NULL) return -1; -@@ -2274,7 +2278,11 @@ static int wpa_driver_ndis_get_names(str +@@ -2286,7 +2290,11 @@ static int wpa_driver_ndis_get_names(struct wpa_driver } else { dlen = os_strlen(desc[i]); } diff --git a/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c b/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c index 2ec52fcdcd85..cd0c9a56f055 100644 --- a/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c +++ b/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c @@ -1,5 +1,5 @@ ---- src/l2_packet/l2_packet_freebsd.c.orig 2023-10-30 10:53:18.000000000 -0700 -+++ src/l2_packet/l2_packet_freebsd.c 2023-10-30 14:10:36.396969000 -0700 +--- src/l2_packet/l2_packet_freebsd.c.orig 2024-07-20 18:04:37 UTC ++++ src/l2_packet/l2_packet_freebsd.c @@ -8,7 +8,10 @@ */ diff --git a/security/wpa_supplicant/files/patch-src_utils_os__unix.c b/security/wpa_supplicant/files/patch-src_utils_os__unix.c index d3ebadbba827..3feccd7f0b28 100644 --- a/security/wpa_supplicant/files/patch-src_utils_os__unix.c +++ b/security/wpa_supplicant/files/patch-src_utils_os__unix.c @@ -1,6 +1,6 @@ ---- src/utils/os_unix.c.orig 2024-05-10 09:57:55.000000000 -0700 -+++ src/utils/os_unix.c 2024-06-01 22:18:54.999484000 -0700 -@@ -103,10 +103,12 @@ +--- src/utils/os_unix.c.orig 2024-07-20 18:04:37 UTC ++++ src/utils/os_unix.c +@@ -103,9 +103,11 @@ int os_get_reltime(struct os_reltime *t) break; #endif #ifdef CLOCK_MONOTONIC @@ -8,8 +8,7 @@ case CLOCK_MONOTONIC: clock_id = CLOCK_REALTIME; break; - #endif +#endif + #endif case CLOCK_REALTIME: return -1; - } diff --git a/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c b/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c index ee10b79e48aa..2a0e56329a07 100644 --- a/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c +++ b/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c @@ -1,6 +1,6 @@ ---- src/wps/wps_upnp.c.orig 2021-03-16 13:50:10.000000000 -0700 -+++ src/wps/wps_upnp.c 2021-03-18 12:49:19.537874000 -0700 -@@ -963,7 +963,8 @@ +--- src/wps/wps_upnp.c.orig 2024-07-20 18:04:37 UTC ++++ src/wps/wps_upnp.c +@@ -963,7 +963,8 @@ int get_netif_info(const char *net_if, unsigned *ip_ad goto fail; } os_memcpy(mac, req.ifr_addr.sa_data, 6); diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile b/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile index 9f1393fb85da..1efb42a0844f 100644 --- a/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile +++ b/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile @@ -1,6 +1,6 @@ ---- wpa_supplicant/Makefile.orig 2015-03-15 17:30:39 UTC +--- wpa_supplicant/Makefile.orig 2024-07-20 18:04:37 UTC +++ wpa_supplicant/Makefile -@@ -99,6 +99,14 @@ OBJS += ../src/utils/os_$(CONFIG_OS).o +@@ -140,6 +140,14 @@ OBJS_c += ../src/utils/os_$(CONFIG_OS).o OBJS_p += ../src/utils/os_$(CONFIG_OS).o OBJS_c += ../src/utils/os_$(CONFIG_OS).o @@ -15,3 +15,12 @@ ifdef CONFIG_WPA_TRACE CFLAGS += -DWPA_TRACE OBJS += ../src/utils/trace.o +@@ -2050,7 +2058,7 @@ libwpa_client.so: $(LIBCTRLSO) + + libwpa_client.so: $(LIBCTRLSO) + @$(E) " CC $@ ($^)" +- $(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -fPIC $^ ++ $(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -Wl,-soname,$@.2 -shared -fPIC $^ + + OBJS_wpatest := libwpa_test.o + _OBJS_VAR := OBJS_wpatest diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c b/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c index cc73ac35cd35..80a0c9d7cf1a 100644 --- a/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c +++ b/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c @@ -1,6 +1,6 @@ ---- wpa_supplicant/ctrl_iface_unix.c.orig 2022-01-16 12:51:29.000000000 -0800 -+++ wpa_supplicant/ctrl_iface_unix.c 2023-11-29 08:12:07.843443000 -0800 -@@ -506,6 +506,10 @@ +--- wpa_supplicant/ctrl_iface_unix.c.orig 2024-07-20 18:04:37 UTC ++++ wpa_supplicant/ctrl_iface_unix.c +@@ -509,6 +509,10 @@ static int wpas_ctrl_iface_open_sock(struct wpa_suppli struct group *grp; char *endp; int flags; @@ -11,7 +11,7 @@ buf = os_strdup(wpa_s->conf->ctrl_interface); if (buf == NULL) -@@ -678,6 +682,22 @@ +@@ -681,6 +685,22 @@ havesock: /* Not fatal, continue on.*/ } } diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_main.c b/security/wpa_supplicant/files/patch-wpa__supplicant_main.c index 3042768f44d9..f9db90635a4c 100644 --- a/security/wpa_supplicant/files/patch-wpa__supplicant_main.c +++ b/security/wpa_supplicant/files/patch-wpa__supplicant_main.c @@ -1,6 +1,6 @@ ---- wpa_supplicant/main.c.orig 2016-11-05 20:56:30 UTC +--- wpa_supplicant/main.c.orig 2024-07-20 18:04:37 UTC +++ wpa_supplicant/main.c -@@ -66,7 +66,7 @@ static void usage(void) +@@ -67,7 +67,7 @@ static void usage(void) " -c = Configuration file\n" " -C = ctrl_interface parameter (only used if -c is not)\n" " -d = increase debugging verbosity (-dd even more)\n" @@ -9,7 +9,7 @@ " -e = entropy file\n" #ifdef CONFIG_DEBUG_FILE " -f = log output to debug file instead of stdout\n" -@@ -105,8 +105,7 @@ static void usage(void) +@@ -106,8 +106,7 @@ static void usage(void) " -W = wait for a control interface monitor before starting\n"); printf("example:\n" @@ -20,14 +20,14 @@ } @@ -199,6 +198,11 @@ int main(int argc, char *argv[]) + iface_count = 1; wpa_supplicant_fd_workaround(1); - ++ +#ifdef CONFIG_DRIVER_NDIS + void driver_ndis_init_ops(void); + driver_ndis_init_ops(); +#endif /* CONFIG_DRIVER_NDIS */ -+ + for (;;) { c = getopt(argc, argv, - "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW"); diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c b/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c index 42f150b3595c..8013244d9f7f 100644 --- a/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c +++ b/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c @@ -1,6 +1,6 @@ ---- wpa_supplicant/wpa_supplicant.c.orig 2019-04-21 03:10:22.000000000 -0400 -+++ wpa_supplicant/wpa_supplicant.c 2019-05-15 22:44:44.919859000 -0400 -@@ -6357,13 +6357,6 @@ +--- wpa_supplicant/wpa_supplicant.c.orig 2024-07-20 18:04:37 UTC ++++ wpa_supplicant/wpa_supplicant.c +@@ -7983,13 +7983,6 @@ struct wpa_global * wpa_supplicant_init(struct wpa_par if (params == NULL) return NULL; diff --git a/security/xhash/Makefile b/security/xhash/Makefile index 2241c2266251..dc1073d84ff4 100644 --- a/security/xhash/Makefile +++ b/security/xhash/Makefile @@ -1,7 +1,7 @@ PORTNAME= xhash DISTVERSIONPREFIX= v DISTVERSION= 3.6.3 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= rbranco@suse.com diff --git a/security/xray-core/Makefile b/security/xray-core/Makefile index 80dbb318ace7..0257451a9cbb 100644 --- a/security/xray-core/Makefile +++ b/security/xray-core/Makefile @@ -1,7 +1,7 @@ PORTNAME= xray-core DISTVERSIONPREFIX= v DISTVERSION= 25.7.26 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= https://github.com/v2fly/geoip/releases/download/202507050144/:geoip \ https://github.com/v2fly/domain-list-community/releases/download/20250627153051/:geosite diff --git a/security/yubikey-agent/Makefile b/security/yubikey-agent/Makefile index 1548018aaefd..28bfd67a7030 100644 --- a/security/yubikey-agent/Makefile +++ b/security/yubikey-agent/Makefile @@ -1,7 +1,7 @@ PORTNAME= yubikey-agent DISTVERSIONPREFIX= v DISTVERSION= 0.1.6 -PORTREVISION= 23 +PORTREVISION= 24 CATEGORIES= security sysutils MAINTAINER= egypcio@FreeBSD.org diff --git a/security/zeek/Makefile b/security/zeek/Makefile index 15dd7d7a4249..fbdd47952775 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,5 +1,5 @@ PORTNAME= zeek -DISTVERSION= 8.0.1 +DISTVERSION= 8.0.3 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ @@ -82,8 +82,10 @@ CMAKE_ARGS= -DCARES_ROOT_DIR:PATH=${PREFIX} \ -DINSTALL_ZKG:BOOL=OFF \ -DPY_MOD_INSTALL_DIR:PATH=${PREFIX}/lib/zeekctl \ -DZEEK_ETC_INSTALL_DIR:PATH=${PREFIX}/etc \ + -DZEEK_LOG_DIR:PATH=/var/log/zeek \ -DZEEK_ROOT_DIR:PATH=${PREFIX} \ - -DZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek + -DZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek \ + -DZEEK_SPOOL_DIR:PATH=/var/spool/zeek ZEEKUSER?= zeek ZEEKGROUP?= zeek @@ -158,28 +160,26 @@ STRIP= USE_RC_SUBR= zeek .endif +post-install: + ${MV} ${STAGEDIR}${DATADIR}/site/local.zeek \ + ${STAGEDIR}${DATADIR}/site/local.zeek.sample + @${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/zeek-cut + @${RM} ${STAGEDIR}${PREFIX}/share/zeek/tests + ${LN} -s ../btest/data ${STAGEDIR}${PREFIX}/share/zeek/tests + post-install-ZEEKCTL-on: - ${MKDIR} ${STAGEDIR}${PREFIX}/logs - ${MKDIR} ${STAGEDIR}${PREFIX}/spool/tmp - ${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/auto - ${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/site + ${MKDIR} ${STAGEDIR}/var/spool/zeek/installed-scripts-do-not-touch/auto + ${MKDIR} ${STAGEDIR}/var/spool/zeek/installed-scripts-do-not-touch/site .for F in zeekctl.cfg networks.cfg node.cfg ${MV} ${STAGEDIR}${PREFIX}/etc/${F} ${STAGEDIR}${PREFIX}/etc/${F}.sample .endfor + # Do this here because later zeek won't be running as root ${RM} ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh - ${LN} -s ../../../spool/zeekctl-config.sh \ + ${LN} -s ../../../../../var/spool/zeek/zeekctl-config.sh \ ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh ${RM} ${STAGEDIR}${PREFIX}/lib/broctl ${LN} -s zeek/python/zeekctl ${STAGEDIR}${PREFIX}/lib/broctl -post-install: - ${MV} ${STAGEDIR}${DATADIR}/site/local.zeek \ - ${STAGEDIR}${DATADIR}/site/local.zeek.sample - @${RM} -rf ${STAGEDIR}${PREFIX}/var - @${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/zeek-cut - @${RM} ${STAGEDIR}${PREFIX}/share/zeek/tests - ${LN} -s ../btest/data ${STAGEDIR}${PREFIX}/share/zeek/tests - post-install-SPICY-on: @${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Archive @${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Test diff --git a/security/zeek/distinfo b/security/zeek/distinfo index cf681afb7421..8d3fd5d0c12e 100644 --- a/security/zeek/distinfo +++ b/security/zeek/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1756236375 -SHA256 (zeek-8.0.1.tar.gz) = ee916387e762345a6ffa84514cc3b66761f110d845a08b88e4a8da48db97ce8a -SIZE (zeek-8.0.1.tar.gz) = 99592537 +TIMESTAMP = 1760556081 +SHA256 (zeek-8.0.3.tar.gz) = c178a85e502835cef9584e9a5cb049b4a6abc00bd2bd3c07d4bc3466e5df6eee +SIZE (zeek-8.0.3.tar.gz) = 99613493 diff --git a/security/zeek/files/pkg-message.in b/security/zeek/files/pkg-message.in index 5b311b6cda33..ba18b01c0a45 100644 --- a/security/zeek/files/pkg-message.in +++ b/security/zeek/files/pkg-message.in @@ -35,10 +35,30 @@ EOM During deinstall of this package, the cfg files for zeekctl are not deleted if you have edited them. Instead the software will create a .sample file and the edited files will remain in place when you -upgrade. If you want to delete them, you have to remove the -%%PREFIX%%/etc directory manually. +upgrade. If you want to delete them, you have to remove +%%PREFIX%%/etc/zeekctl.cfg manually. -You may also need to manually remove %%PREFIX%%/spool/state.db +You may also need to manually remove /var/spool/state.db +EOM +} +{ type: upgrade + message: <<EOM +The default LogDir and SpoolDir have moved from %%PREFIX%% to /var. + +To migrate an existing installation to the new layout: + + - service zeek stop + + - pkg upgrade -y zeek + + - edit %%PREFIX%%/etc/zeekctl.cfg and make these changes: + + LogDir = /var/log/zeek + SpoolDir = /var/spool/zeek + + - move/create the log directory + + - service zeek deploy EOM } ] diff --git a/security/zeek/pkg-plist b/security/zeek/pkg-plist index c913e47f378d..2888ca696ecb 100644 --- a/security/zeek/pkg-plist +++ b/security/zeek/pkg-plist @@ -1,7 +1,10 @@ -@postexec chown %%ZEEKUSER%%:%%ZEEKGROUP%% %D/logs -%%ZEEKCTL%%@postexec chown %%ZEEKUSER%%:%%ZEEKGROUP%% %D/spool -%%ZEEKCTL%%@postexec chown %%ZEEKUSER%%:%%ZEEKGROUP%% %D/spool/tmp -%%ZEEKCTL%%@postexec chown -R %%ZEEKUSER%%:%%ZEEKGROUP%% %D/spool/installed-scripts-do-not-touch +@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/log/zeek +@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/spool/zeek +@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/spool/zeek/tmp +%%ZEEKCTL%%@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/spool/zeek/installed-scripts-do-not-touch +%%ZEEKCTL%%@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/spool/zeek/installed-scripts-do-not-touch/auto +%%ZEEKCTL%%@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/spool/zeek/installed-scripts-do-not-touch/site +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/state.db bin/bifcl bin/binpac %%ZEEKCTL%%bin/capstats @@ -2284,32 +2287,22 @@ share/zeek/tests %%ZEEKCTL%%share/zeekctl/scripts/set-zeek-path %%ZEEKCTL%%share/zeekctl/scripts/stats-to-csv %%ZEEKCTL%%share/zeekctl/scripts/zeekctl-config.sh -%%ZEEKCTL%%spool/zeekctl-config.sh -%%ZEEKCTL%%@preunexec rm -f %D/logs/current -%%ZEEKCTL%%@preunexec rm -f %D/spool/zeekctl.dat -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/auto/zeekctl-config.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/auto/local-networks.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/auto/standalone-layout.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local-logger.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local-manager.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local-proxy.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local-worker.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local.zeek.sample -%%ZEEKCTL%%@preunexec rm -f %D/spool/state.db -%%ZEEKCTL%%@dir spool/tmp -%%ZEEKCTL%%@dir spool/installed-scripts-do-not-touch/site -%%ZEEKCTL%%@dir spool/installed-scripts-do-not-touch/auto -%%ZEEKCTL%%@dir spool/installed-scripts-do-not-touch -%%ZEEKCTL%%@dir spool/extract_files -%%ZEEKCTL%%@dir spool/brokerstore -%%ZEEKCTL%%@dir spool +%%ZEEKCTL%%@preunexec rm -f /var/log/zeek/current +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/zeekctl.dat +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/auto/zeekctl-config.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/auto/local-networks.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/auto/standalone-layout.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local-logger.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local-manager.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local-proxy.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local-worker.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local.zeek.sample @dir share/man/man8 @dir share/man/man1 @dir share/man -%%ZEEKCTL%%@dir logs %%SPICY%%@dir lib/zeek/spicy @dir lib/zeek/plugins @dir include/zeek/analyzer/protocol/quic @dir include/zeek/analyzer/protocol/ldap -%%ZEEKCTL%%@postexec su -fm %%ZEEKUSER%% -c '%D/bin/zeekctl install; rm -f %D/spool/debug.log' +%%ZEEKCTL%%@postexec su -fm %%ZEEKUSER%% -c '%D/bin/zeekctl install; rm -f /var/spool/zeek/debug.log' |