diff options
Diffstat (limited to 'security')
40 files changed, 494 insertions, 94 deletions
diff --git a/security/Makefile b/security/Makefile index 77f3408b22bf..39de649f8d2d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -877,6 +877,7 @@ SUBDIR += putty-nogtk SUBDIR += pvk SUBDIR += pwauth + SUBDIR += pwdsafety SUBDIR += pwman SUBDIR += pwned-check SUBDIR += py-SecretStorage @@ -1331,6 +1332,7 @@ SUBDIR += sshguard SUBDIR += sshpass SUBDIR += ssl-admin + SUBDIR += ssl-checker SUBDIR += ssllabs-scan SUBDIR += sslproxy SUBDIR += sslscan diff --git a/security/aws-iam-authenticator/Makefile b/security/aws-iam-authenticator/Makefile index bf91091174f6..9aecaae8b218 100644 --- a/security/aws-iam-authenticator/Makefile +++ b/security/aws-iam-authenticator/Makefile @@ -1,7 +1,6 @@ PORTNAME= aws-iam-authenticator -PORTVERSION= 0.7.3 +PORTVERSION= 0.7.4 DISTVERSIONPREFIX= v -PORTREVISION= 1 CATEGORIES= security MAINTAINER= danilo@FreeBSD.org @@ -10,7 +9,7 @@ WWW= https://github.com/kubernetes-sigs/aws-iam-authenticator LICENSE= APACHE20 -USES= go:1.24,modules +USES= go:modules GO_MODULE= github.com/kubernetes-sigs/${PORTNAME} GO_TARGET= ./cmd/${PORTNAME} diff --git a/security/aws-iam-authenticator/distinfo b/security/aws-iam-authenticator/distinfo index fef0487d0219..75490661d335 100644 --- a/security/aws-iam-authenticator/distinfo +++ b/security/aws-iam-authenticator/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1750521592 -SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.3/v0.7.3.mod) = 8ecdfec2a08ef66fd57567c82bc179409b8cf25a6a783345c9b07f258524ad01 -SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.3/v0.7.3.mod) = 4278 -SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.3/v0.7.3.zip) = aa54c7e555826a93cd55c4f651af71ddad0408367085e6f9044bedf386824008 -SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.3/v0.7.3.zip) = 227851 +TIMESTAMP = 1752398596 +SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.4/v0.7.4.mod) = db4a607f223aa9e65f5350dd36239f83586c7cb8fe5a769eb7eb650b1d1eef7b +SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.4/v0.7.4.mod) = 4316 +SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.4/v0.7.4.zip) = 45a66f0e05a6c7bb9455d8d94ce46374ebd3faeeb4bd9f554b6ff55a665d9eb1 +SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.4/v0.7.4.zip) = 228112 diff --git a/security/aws-lc/Makefile b/security/aws-lc/Makefile index 67c1020ba0f6..1e0c61f021c8 100644 --- a/security/aws-lc/Makefile +++ b/security/aws-lc/Makefile @@ -1,5 +1,5 @@ PORTNAME= aws-lc -PORTVERSION= 1.54.0 +PORTVERSION= 1.55.0 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/aws-lc/distinfo b/security/aws-lc/distinfo index 2a7e6ae009f0..0dbd7af0dc75 100644 --- a/security/aws-lc/distinfo +++ b/security/aws-lc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751208136 -SHA256 (aws-aws-lc-v1.54.0_GH0.tar.gz) = d491b6d6b233e88314a15170d435e28259f7cf4f950a427acc80a0e977aa683a -SIZE (aws-aws-lc-v1.54.0_GH0.tar.gz) = 127011221 +TIMESTAMP = 1751622349 +SHA256 (aws-aws-lc-v1.55.0_GH0.tar.gz) = a216e5e572ad9f68e6b93666f0bbca4d7792f400ca525731583196c139c12ce9 +SIZE (aws-aws-lc-v1.55.0_GH0.tar.gz) = 127105253 diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index 7f9712b57b9d..1a372e5bb819 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,7 +1,10 @@ PORTNAME= gnutls -DISTVERSION= 3.8.9 +DISTVERSION= 3.8.10 CATEGORIES= security net -MASTER_SITES= GNUPG/${PORTNAME}/v${DISTVERSION:C/(\.[^.]*).*/\1/} +MASTER_SITES= GNUPG/${PORTNAME}/v${DISTVERSION:C/(\.[^.]*).*/\1/} \ + https://gitlab.com/gnutls/gnutls/-/raw/${DISTVERSION}/tests/:test +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ktls_utils.h:test +EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= tijl@FreeBSD.org COMMENT= GNU Transport Layer Security library @@ -12,10 +15,12 @@ LICENSE_COMB= multi LICENSE_FILE_GPLv3+ = ${WRKSRC}/COPYING LICENSE_FILE_LGPL21+ = ${WRKSRC}/COPYING.LESSERv2 -LIB_DEPENDS= libgmp.so:math/gmp \ +LIB_DEPENDS= libbrotlienc.so:archivers/brotli \ + libgmp.so:math/gmp \ libnettle.so:security/nettle \ libtasn1.so:security/libtasn1 \ - libunistring.so:devel/libunistring + libunistring.so:devel/libunistring \ + libzstd.so:archivers/zstd USES= compiler:c11 cpe gmake iconv libtool localbase makeinfo \ pkgconfig tar:xz @@ -28,11 +33,11 @@ CONFIGURE_ARGS= --disable-rpath \ --enable-openssl-compatibility \ --with-default-trust-store-dir=/etc/ssl/certs \ --with-system-priority-file=${PREFIX}/etc/gnutls/config \ - --without-brotli \ + --with-brotli \ --without-included-libtasn1 \ --without-tpm \ --without-tpm2 \ - --without-zstd + --with-zstd MAKE_ENV= MAKEINFOFLAGS=--no-split INSTALL_TARGET= install-strip @@ -73,6 +78,7 @@ P11KIT_CONFIGURE_WITH= p11-kit SRP_CONFIGURE_ENABLE= srp-authentication post-patch: + @${CP} -p ${DISTDIR}/ktls_utils.h ${WRKSRC}/tests/ @${RM} ${WRKSRC}/doc/*.info* @${REINPLACE_CMD} 's,/usr/share,${PREFIX}/share,' \ ${WRKSRC}/doc/manpages/*.[13] diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index fe6e2e9317b8..a67d8f2ab573 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1739176636 -SHA256 (gnutls-3.8.9.tar.xz) = 69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed -SIZE (gnutls-3.8.9.tar.xz) = 6847364 +TIMESTAMP = 1752249814 +SHA256 (gnutls-3.8.10.tar.xz) = db7fab7cce791e7727ebbef2334301c821d79a550ec55c9ef096b610b03eb6b7 +SIZE (gnutls-3.8.10.tar.xz) = 6909856 +SHA256 (ktls_utils.h) = e41d33289c63573c59d2d02b4110a2f63651add28001031e6dc20327d096b734 +SIZE (ktls_utils.h) = 1983 diff --git a/security/gnutls/files/patch-lib_system_ktls.c b/security/gnutls/files/patch-lib_system_ktls.c new file mode 100644 index 000000000000..3c0dbc6a8734 --- /dev/null +++ b/security/gnutls/files/patch-lib_system_ktls.c @@ -0,0 +1,18 @@ +--- lib/system/ktls.c.orig 2025-04-11 11:51:08 UTC ++++ lib/system/ktls.c +@@ -1076,6 +1076,7 @@ int _gnutls_ktls_recv_control_msg(gnutls_session_t ses + default: + return GNUTLS_E_PULL_ERROR; + } ++#ifdef EKEYEXPIRED + } else if (unlikely(ret == -EKEYEXPIRED)) { + /* This will be received until a keyupdate is performed on the + scoket. */ +@@ -1083,6 +1084,7 @@ int _gnutls_ktls_recv_control_msg(gnutls_session_t ses + "updated keys\n"); + gnutls_assert(); + return GNUTLS_E_AGAIN; ++#endif + } + + /* connection closed */ diff --git a/security/gnutls/pkg-plist b/security/gnutls/pkg-plist index 14edcf814711..45fd3c64ee3a 100644 --- a/security/gnutls/pkg-plist +++ b/security/gnutls/pkg-plist @@ -35,7 +35,7 @@ lib/libgnutls-openssl.so.27 lib/libgnutls-openssl.so.27.0.2 lib/libgnutls.so lib/libgnutls.so.30 -lib/libgnutls.so.30.40.3 +lib/libgnutls.so.30.40.4 lib/libgnutlsxx.so lib/libgnutlsxx.so.30 lib/libgnutlsxx.so.30.0.0 diff --git a/security/p5-IO-Socket-SSL/Makefile b/security/p5-IO-Socket-SSL/Makefile index 2c321a4026a6..29146bfd6d3f 100644 --- a/security/p5-IO-Socket-SSL/Makefile +++ b/security/p5-IO-Socket-SSL/Makefile @@ -1,5 +1,5 @@ PORTNAME= IO-Socket-SSL -DISTVERSION= 2.094 +DISTVERSION= 2.095 CATEGORIES= security perl5 MASTER_SITES= CPAN PKGNAMEPREFIX= p5- diff --git a/security/p5-IO-Socket-SSL/distinfo b/security/p5-IO-Socket-SSL/distinfo index efb7a05e9054..b22b9809c135 100644 --- a/security/p5-IO-Socket-SSL/distinfo +++ b/security/p5-IO-Socket-SSL/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750304746 -SHA256 (IO-Socket-SSL-2.094.tar.gz) = b2446889cb5e20545d782c4676da1b235673a81c181689aaae2492589d84bf02 -SIZE (IO-Socket-SSL-2.094.tar.gz) = 276094 +TIMESTAMP = 1752293624 +SHA256 (IO-Socket-SSL-2.095.tar.gz) = 7e764392b1b8bd44e654183c082b75be47800e98d7cd325f0e1b76c7d9a6b768 +SIZE (IO-Socket-SSL-2.095.tar.gz) = 276128 diff --git a/security/pwdsafety/Makefile b/security/pwdsafety/Makefile new file mode 100644 index 000000000000..118a8440662b --- /dev/null +++ b/security/pwdsafety/Makefile @@ -0,0 +1,20 @@ +PORTNAME= pwdsafety +DISTVERSIONPREFIX= v +DISTVERSION= 0.4.0 +CATEGORIES= security + +MAINTAINER= olgeni@FreeBSD.org +COMMENT= Command line tool that checks how much a password is safe +WWW= https://github.com/edoardottt/pwdsafety + +LICENSE= GPLv3 +LICENSE_FILE= ${WRKSRC}/LICENSE + +USES= go:modules + +GO_MODULE= github.com/edoardottt/pwdsafety +GO_TARGET= ./cmd/pwdsafety + +PLIST_FILES= bin/pwdsafety + +.include <bsd.port.mk> diff --git a/security/pwdsafety/distinfo b/security/pwdsafety/distinfo new file mode 100644 index 000000000000..1bae896cbab4 --- /dev/null +++ b/security/pwdsafety/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1752333153 +SHA256 (go/security_pwdsafety/pwdsafety-v0.4.0/v0.4.0.mod) = e24364d55d617dd7b5b727b94d836e02a2c1994d731f8e7f839e9a4b6e4728fc +SIZE (go/security_pwdsafety/pwdsafety-v0.4.0/v0.4.0.mod) = 272 +SHA256 (go/security_pwdsafety/pwdsafety-v0.4.0/v0.4.0.zip) = 81ee80f0da8ed074ea82b4e468a901ce4858c4e1a9635428e5355114c9c43601 +SIZE (go/security_pwdsafety/pwdsafety-v0.4.0/v0.4.0.zip) = 41421 diff --git a/security/pwdsafety/pkg-descr b/security/pwdsafety/pkg-descr new file mode 100644 index 000000000000..2d88f6f3a928 --- /dev/null +++ b/security/pwdsafety/pkg-descr @@ -0,0 +1,11 @@ +pwdsafety is a command-line tool that checks how safe a password is by +calculating its entropy and providing a safety score. It helps users +understand password strength without storing any password information. + +Features: + +- Password strength analysis through entropy calculation +- Safety scoring system +- Generates strong random passwords for weak inputs +- Command-line interface for easy integration +- Zero storage of password data diff --git a/security/py-certifi/Makefile b/security/py-certifi/Makefile index b4ae106315be..de1cfbdc119e 100644 --- a/security/py-certifi/Makefile +++ b/security/py-certifi/Makefile @@ -1,5 +1,5 @@ PORTNAME= certifi -PORTVERSION= 2025.6.15 +PORTVERSION= 2025.7.9 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-certifi/distinfo b/security/py-certifi/distinfo index fe596debd52b..a5b8a9689443 100644 --- a/security/py-certifi/distinfo +++ b/security/py-certifi/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750188134 -SHA256 (certifi-2025.6.15.tar.gz) = d747aa5a8b9bbbb1bb8c22bb13e22bd1f18e9796defa16bab421f7f7a317323b -SIZE (certifi-2025.6.15.tar.gz) = 158753 +TIMESTAMP = 1752266162 +SHA256 (certifi-2025.7.9.tar.gz) = c1d2ec05395148ee10cf672ffc28cd37ea0ab0d99f9cc74c43e588cbd111b079 +SIZE (certifi-2025.7.9.tar.gz) = 160386 diff --git a/security/py-josepy/Makefile b/security/py-josepy/Makefile index c8b91ecf0550..e07e5dd9c575 100644 --- a/security/py-josepy/Makefile +++ b/security/py-josepy/Makefile @@ -1,5 +1,5 @@ PORTNAME= josepy -PORTVERSION= 2.0.0 +PORTVERSION= 2.1.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-josepy/distinfo b/security/py-josepy/distinfo index 7b968e5afc63..777203aa8d8a 100644 --- a/security/py-josepy/distinfo +++ b/security/py-josepy/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745140066 -SHA256 (josepy-2.0.0.tar.gz) = e7d7acd2fe77435cda76092abe4950bb47b597243a8fb733088615fa6de9ec40 -SIZE (josepy-2.0.0.tar.gz) = 55767 +TIMESTAMP = 1752266260 +SHA256 (josepy-2.1.0.tar.gz) = 9beafbaa107ec7128e6c21d86b2bc2aea2f590158e50aca972dca3753046091f +SIZE (josepy-2.1.0.tar.gz) = 56189 diff --git a/security/py-joserfc/Makefile b/security/py-joserfc/Makefile index 289de9d6f06d..469d3303adfc 100644 --- a/security/py-joserfc/Makefile +++ b/security/py-joserfc/Makefile @@ -1,5 +1,5 @@ PORTNAME= joserfc -PORTVERSION= 1.1.0 +PORTVERSION= 1.2.1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-joserfc/distinfo b/security/py-joserfc/distinfo index 96f01f13fae3..d51ddb558786 100644 --- a/security/py-joserfc/distinfo +++ b/security/py-joserfc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1748495851 -SHA256 (joserfc-1.1.0.tar.gz) = a8f3442b04c233f742f7acde0d0dcd926414e9542a6337096b2b4e5f435f36c1 -SIZE (joserfc-1.1.0.tar.gz) = 182360 +TIMESTAMP = 1752266164 +SHA256 (joserfc-1.2.1.tar.gz) = 466a75dc0af9c6711d2a93f38e91c5d4920ec77059063325c251913da3e83569 +SIZE (joserfc-1.2.1.tar.gz) = 192229 diff --git a/security/py-netmiko/Makefile b/security/py-netmiko/Makefile index 2a8511d310bc..a8bf74c9a8a1 100644 --- a/security/py-netmiko/Makefile +++ b/security/py-netmiko/Makefile @@ -1,6 +1,6 @@ PORTNAME= netmiko DISTVERSIONPREFIX= v -DISTVERSION= 4.5.0 +DISTVERSION= 4.6.0 CATEGORIES= security net-mgmt python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -11,7 +11,7 @@ WWW= https://github.com/ktbyers/netmiko LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}poetry-core>=1.6.1:devel/py-poetry-core@${PY_FLAVOR} +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}poetry-core>=1.0.0:devel/py-poetry-core@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ntc-templates>=3.1.0:textproc/py-ntc-templates@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}paramiko>=2.9.5:security/py-paramiko@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyserial>=3.3:comms/py-pyserial@${PY_FLAVOR} \ @@ -21,7 +21,7 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ntc-templates>=3.1.0:textproc/py-ntc-templat ${PYTHON_PKGNAMEPREFIX}textfsm>=1.1.3:textproc/py-textfsm@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyyaml>=6.0.1:devel/py-pyyaml@${PY_FLAVOR} -USES= python:3.9+ shebangfix +USES= python shebangfix USE_PYTHON= autoplist concurrent pep517 pytest USE_GITHUB= yes GH_ACCOUNT= ktbyers diff --git a/security/py-netmiko/distinfo b/security/py-netmiko/distinfo index 04d25f41b5ac..1eb4318fefc3 100644 --- a/security/py-netmiko/distinfo +++ b/security/py-netmiko/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1733817518 -SHA256 (ktbyers-netmiko-v4.5.0_GH0.tar.gz) = a1dd444169647904d9b4bb56894fc36cad6a2c73dfcae3444a04cdbae95fc4d1 -SIZE (ktbyers-netmiko-v4.5.0_GH0.tar.gz) = 1803872 +TIMESTAMP = 1751266261 +SHA256 (ktbyers-netmiko-v4.6.0_GH0.tar.gz) = 6234d11f394377533ce3e40b0506b248c98cfd894ac95a639d1dea3133e1dedd +SIZE (ktbyers-netmiko-v4.6.0_GH0.tar.gz) = 1954361 diff --git a/security/py-netmiko/files/patch-pyproject.toml b/security/py-netmiko/files/patch-pyproject.toml index c238a371d1e7..175963f10281 100644 --- a/security/py-netmiko/files/patch-pyproject.toml +++ b/security/py-netmiko/files/patch-pyproject.toml @@ -1,16 +1,7 @@ -Use the more lightweight py-poetry-core instead py-poetry and relax version requirements. +Relax some version requirements. ---- pyproject.toml.orig 2024-12-09 21:51:07 UTC +--- pyproject.toml.orig 2025-06-26 19:00:25 UTC +++ pyproject.toml -@@ -1,6 +1,6 @@ - [build-system] --requires = ["poetry>=1.6.1"] --build-backend = "poetry.masonry.api" -+requires = ["poetry-core>=1.6.1"] -+build-backend = "poetry.core.masonry.api" - - [tool.poetry] - name = "netmiko" @@ -23,7 +23,7 @@ scp = ">=0.13.6" python = ">=3.9,<4.0" paramiko = ">=2.9.5" diff --git a/security/py-xmlsec/Makefile b/security/py-xmlsec/Makefile index b657e758b557..8218f7db77bd 100644 --- a/security/py-xmlsec/Makefile +++ b/security/py-xmlsec/Makefile @@ -1,6 +1,5 @@ PORTNAME= xmlsec -DISTVERSION= 1.3.15 -PORTREVISION= 1 +DISTVERSION= 1.3.16 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -12,7 +11,7 @@ WWW= https://github.com/mehcode/python-xmlsec/ LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lxml>=3.8.0:devel/py-lxml@${PY_FLAVOR} \ +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lxml5>=5.4.0:devel/py-lxml5@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pkgconfig>=1.5.1:devel/py-pkgconfig@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}setuptools-scm>=3.4:devel/py-setuptools-scm@${PY_FLAVOR} \ ${PY_SETUPTOOLS} \ diff --git a/security/py-xmlsec/distinfo b/security/py-xmlsec/distinfo index b4fd4a98cbac..fc767f7b3bca 100644 --- a/security/py-xmlsec/distinfo +++ b/security/py-xmlsec/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1741766224 -SHA256 (xmlsec-1.3.15.tar.gz) = baa856b83d0012e278e6f6cbec96ac8128de667ca9fa9a2eeb02c752e816f6d8 -SIZE (xmlsec-1.3.15.tar.gz) = 114117 +TIMESTAMP = 1752211418 +SHA256 (xmlsec-1.3.16.tar.gz) = 2b6c70544c6d1d4ca006aaa314958e0ef3514dc81fffde1b23f2ec41a5791f9d +SIZE (xmlsec-1.3.16.tar.gz) = 114202 diff --git a/security/rubygem-acme-client/Makefile b/security/rubygem-acme-client/Makefile index 5050db108bcf..1e962af25ae9 100644 --- a/security/rubygem-acme-client/Makefile +++ b/security/rubygem-acme-client/Makefile @@ -1,6 +1,5 @@ PORTNAME= acme-client -PORTVERSION= 2.0.21 -PORTREVISION= 1 +PORTVERSION= 2.0.22 CATEGORIES= security rubygems MASTER_SITES= RG @@ -11,7 +10,7 @@ WWW= https://github.com/unixcharles/acme-client LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE.txt -RUN_DEPENDS= rubygem-base64>=0.2.0<1:converters/rubygem-base64 \ +RUN_DEPENDS= rubygem-base64>=0.2<1:converters/rubygem-base64 \ rubygem-faraday>=1.0<3.0.0:www/rubygem-faraday \ rubygem-faraday-retry>=1.0<3.0.0:www/rubygem-faraday-retry diff --git a/security/rubygem-acme-client/distinfo b/security/rubygem-acme-client/distinfo index 9541e0d1158e..f1249e2a15c4 100644 --- a/security/rubygem-acme-client/distinfo +++ b/security/rubygem-acme-client/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1742405570 -SHA256 (rubygem/acme-client-2.0.21.gem) = e0a044f993cd26f0ba7f8b13a3b2b007ef864cfaa333075a2d8865b087297641 -SIZE (rubygem/acme-client-2.0.21.gem) = 21504 +TIMESTAMP = 1751622403 +SHA256 (rubygem/acme-client-2.0.22.gem) = 817534b743e2c93b3e498dad6b0f1a96a8e6df273bb04e37525d586a519176f7 +SIZE (rubygem/acme-client-2.0.22.gem) = 21504 diff --git a/security/rubygem-acme-client/files/patch-gemspec b/security/rubygem-acme-client/files/patch-gemspec deleted file mode 100644 index 9dbce91a35a7..000000000000 --- a/security/rubygem-acme-client/files/patch-gemspec +++ /dev/null @@ -1,11 +0,0 @@ ---- acme-client.gemspec.orig 2025-06-02 06:56:50 UTC -+++ acme-client.gemspec -@@ -24,7 +24,7 @@ Gem::Specification.new do |s| - s.add_development_dependency(%q<vcr>.freeze, ["~> 2.9".freeze]) - s.add_development_dependency(%q<webmock>.freeze, ["~> 3.8".freeze]) - s.add_development_dependency(%q<webrick>.freeze, ["~> 1.7".freeze]) -- s.add_runtime_dependency(%q<base64>.freeze, ["~> 0.2.0".freeze]) -+ s.add_runtime_dependency(%q<base64>.freeze, ["~> 0.2".freeze]) - s.add_runtime_dependency(%q<faraday>.freeze, [">= 1.0".freeze, "< 3.0.0".freeze]) - s.add_runtime_dependency(%q<faraday-retry>.freeze, [">= 1.0".freeze, "< 3.0.0".freeze]) - end diff --git a/security/rubygem-gitlab-secret_detection/Makefile b/security/rubygem-gitlab-secret_detection/Makefile index 74fed2b4ae8e..6296865d0945 100644 --- a/security/rubygem-gitlab-secret_detection/Makefile +++ b/security/rubygem-gitlab-secret_detection/Makefile @@ -1,6 +1,5 @@ PORTNAME= gitlab-secret_detection -PORTVERSION= 0.31.0 -PORTREVISION= 1 +PORTVERSION= 0.33.0 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-gitlab-secret_detection/distinfo b/security/rubygem-gitlab-secret_detection/distinfo index d6389e98547e..b445544e4da4 100644 --- a/security/rubygem-gitlab-secret_detection/distinfo +++ b/security/rubygem-gitlab-secret_detection/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750222593 -SHA256 (rubygem/gitlab-secret_detection-0.31.0.gem) = ee809e0cbcc474e5f4b032a4428572457126384184d19f333fd97fe7059515ec -SIZE (rubygem/gitlab-secret_detection-0.31.0.gem) = 37376 +TIMESTAMP = 1752208844 +SHA256 (rubygem/gitlab-secret_detection-0.33.0.gem) = ceb6ea9e1633796f52754d21f6538e652e6a21eda7c56b4aefd70b800e25ba91 +SIZE (rubygem/gitlab-secret_detection-0.33.0.gem) = 40960 diff --git a/security/rubygem-tpm-key_attestation/Makefile b/security/rubygem-tpm-key_attestation/Makefile index ff5c0de99f5d..f29f1b9c7941 100644 --- a/security/rubygem-tpm-key_attestation/Makefile +++ b/security/rubygem-tpm-key_attestation/Makefile @@ -1,5 +1,5 @@ PORTNAME= tpm-key_attestation -PORTVERSION= 0.14.0 +PORTVERSION= 0.14.1 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-tpm-key_attestation/distinfo b/security/rubygem-tpm-key_attestation/distinfo index 4a910ce36b6e..451d67f5852c 100644 --- a/security/rubygem-tpm-key_attestation/distinfo +++ b/security/rubygem-tpm-key_attestation/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1738903521 -SHA256 (rubygem/tpm-key_attestation-0.14.0.gem) = d05cc52b397f89c36a7307407e0e84d3ea1c7afce50e0a70b146f8ab17d2bf4b -SIZE (rubygem/tpm-key_attestation-0.14.0.gem) = 34304 +TIMESTAMP = 1752212297 +SHA256 (rubygem/tpm-key_attestation-0.14.1.gem) = 7fd4e4653a7afd0a386632ddfb05d10ecfdd47678299c5e69165bc9ae111193f +SIZE (rubygem/tpm-key_attestation-0.14.1.gem) = 35840 diff --git a/security/rubygem-webauthn/Makefile b/security/rubygem-webauthn/Makefile index bb9b1b19b6c1..b7801ff527e6 100644 --- a/security/rubygem-webauthn/Makefile +++ b/security/rubygem-webauthn/Makefile @@ -1,5 +1,5 @@ PORTNAME= webauthn -PORTVERSION= 3.4.0 +PORTVERSION= 3.4.1 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-webauthn/distinfo b/security/rubygem-webauthn/distinfo index 0491ed7f5b8d..418a36abaebf 100644 --- a/security/rubygem-webauthn/distinfo +++ b/security/rubygem-webauthn/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1744084171 -SHA256 (rubygem/webauthn-3.4.0.gem) = a10665f5e05eb156ba0219fd17480c57e0af4daaf83e3e33439bf958350af4c5 -SIZE (rubygem/webauthn-3.4.0.gem) = 42496 +TIMESTAMP = 1752212088 +SHA256 (rubygem/webauthn-3.4.1.gem) = f7c6f69178dd35dcc90313bc0d9b6558002336451d0c19d641ef1280624ac3ea +SIZE (rubygem/webauthn-3.4.1.gem) = 42496 diff --git a/security/ssl-checker/Makefile b/security/ssl-checker/Makefile new file mode 100644 index 000000000000..0feafab4289b --- /dev/null +++ b/security/ssl-checker/Makefile @@ -0,0 +1,21 @@ +PORTNAME= ssl-checker +DISTVERSIONPREFIX= v +DISTVERSION= 0.1.7 +CATEGORIES= security + +MAINTAINER= olgeni@FreeBSD.org +COMMENT= Fast and beautiful program to check all your https endpoints +WWW= https://github.com/fabio42/ssl-checker + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE + +USES= go:modules +USE_GITHUB= yes +GH_ACCOUNT= fabio42 + +GO_MODULE= github.com/fabio42/ssl-checker + +PLIST_FILES= bin/ssl-checker + +.include <bsd.port.mk> diff --git a/security/ssl-checker/distinfo b/security/ssl-checker/distinfo new file mode 100644 index 000000000000..8b1cb25dfb5f --- /dev/null +++ b/security/ssl-checker/distinfo @@ -0,0 +1,7 @@ +TIMESTAMP = 1752139521 +SHA256 (go/security_ssl-checker/fabio42-ssl-checker-v0.1.7_GH0/v0.1.7.mod) = ae6b2bbc492daae18415ac0eaf5dff6f76a93b98737fa8766fec80d5b07158f1 +SIZE (go/security_ssl-checker/fabio42-ssl-checker-v0.1.7_GH0/v0.1.7.mod) = 2405 +SHA256 (go/security_ssl-checker/fabio42-ssl-checker-v0.1.7_GH0/v0.1.7.zip) = d9679cd48a41262de3b14db56281d3dbb2d9561f6afd7d73976d811528eb5ea1 +SIZE (go/security_ssl-checker/fabio42-ssl-checker-v0.1.7_GH0/v0.1.7.zip) = 824813 +SHA256 (go/security_ssl-checker/fabio42-ssl-checker-v0.1.7_GH0/fabio42-ssl-checker-v0.1.7_GH0.tar.gz) = a29d9ff77be95acbc4e1100b6e0dce867f5554d9bd3f0ae7bbc4a8c825f07ec8 +SIZE (go/security_ssl-checker/fabio42-ssl-checker-v0.1.7_GH0/fabio42-ssl-checker-v0.1.7_GH0.tar.gz) = 820937 diff --git a/security/ssl-checker/pkg-descr b/security/ssl-checker/pkg-descr new file mode 100644 index 000000000000..82c7998c64ac --- /dev/null +++ b/security/ssl-checker/pkg-descr @@ -0,0 +1,8 @@ +ssl-checker is a fast and beautiful command-line tool designed to check SSL +certificates for HTTPS endpoints. It allows users to quickly verify the SSL +status of multiple domains, providing an efficient way to monitor certificate +validity and security. + +The tool supports checking domains directly from the command line or from +configuration files, making it suitable for both ad-hoc checks and automated +monitoring workflows. diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index e4159b1dc703..3df49be5c53d 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,327 @@ + <vuln vid="c3e1df74-5e73-11f0-95e5-74563cf9e4e9"> + <topic>GnuTLS -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gnutls</name> + <range><lt>3.8.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Daiki Ueno reports:</p> + <blockquote cite="https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html"> + <ul> + <li>libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps + Spotted by oss-fuzz and reported by OpenAI Security Research Team, + and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1, + CVSS: medium] [CVE-2025-32989]</li> + <li>libgnutls: Fix double-free upon error when exporting otherName in SAN + Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2, + CVSS: low] [CVE-2025-32988]</li> + <li>certtool: Fix 1-byte write buffer overrun when parsing template + Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, + CVSS: low] [CVE-2025-32990]</li> + <li>libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK + Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium] + [CVE-2025-6395]</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-32989</cvename> + <cvename>CVE-2025-32988</cvename> + <cvename>CVE-2025-32990</cvename> + <cvename>CVE-2025-6395</cvename> + <url>https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html</url> + </references> + <dates> + <discovery>2025-07-09</discovery> + <entry>2025-07-14</entry> + </dates> + </vuln> + + <vuln vid="b0a3466f-5efc-11f0-ae84-99047d0a6bcc"> + <topic>libxslt -- unmaintained, with multiple unfixed vulnerabilities</topic> + <affects> + <package> + <name>libxslt</name> + <range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed --> + </package> + <package> + <name>linux-c7-libxslt</name> + <range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed --> + </package> + <package> + <name>linux-rl9-libxslt</name> + <range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed --> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Alan Coopersmith reports:</p> + <blockquote cite="https://www.openwall.com/lists/oss-security/2025/07/11/2"> + <p>On 6/16/25 15:12, Alan Coopersmith wrote:</p> + <p><em> + BTW, users of libxml2 may also be using its sibling project, libxslt, + which currently has no active maintainer, but has three unfixed security issues + reported against it according to + <a href="https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt"> + https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</a> + </em></p> + <p>2 of the 3 have now been disclosed:</p> + <p>(CVE-2025-7424) libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes<br /> + <a href="https://gitlab.gnome.org/GNOME/libxslt/-/issues/139">https://gitlab.gnome.org/GNOME/libxslt/-/issues/139</a> + <a href="https://project-zero.issues.chromium.org/issues/409761909">https://project-zero.issues.chromium.org/issues/409761909</a></p> + <p>(CVE-2025-7425) libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption<br /> + <a href="https://gitlab.gnome.org/GNOME/libxslt/-/issues/140">https://gitlab.gnome.org/GNOME/libxslt/-/issues/140</a><br /><a href="https://project-zero.issues.chromium.org/issues/410569369">https://project-zero.issues.chromium.org/issues/410569369</a></p> + <p>Engineers from Apple & Google have proposed patches in the GNOME gitlab issues, + but neither has had a fix applied to the git repo since there is currently no + maintainer for libxslt.</p> + </blockquote> + <p>Note that a fourth vulnerability was reported on June 18, 2025, which remains undisclosed to date (GNOME libxslt issue 148, link below), see + <a href="https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt"> + https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</a> + </p> + </body> + </description> + <references> + <cvename>CVE-2025-7424</cvename> + <cvename>CVE-2025-7425</cvename> + <url>https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</url> + <url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/139</url> + <url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/140</url> + <url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/144</url> + <url>https://gitlab.gnome.org/GNOME/libxslt/-/issues/148</url> + <url>https://gitlab.gnome.org/GNOME/libxslt/-/commit/923903c59d668af42e3144bc623c9190a0f65988</url> + </references> + <dates> + <discovery>2025-04-10</discovery> + <entry>2025-07-12</entry> + </dates> + </vuln> + + <vuln vid="abbc8912-5efa-11f0-ae84-99047d0a6bcc"> + <topic>libxml2 -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libxml2</name> + <range><lt>3.0</lt></range> <!-- needs update once fixed version appears --> + </package> + <package> + <name>linux-c7-libxml2</name> + <range><lt>3.0</lt></range> <!-- needs update once fixed version appears --> + </package> + <package> + <name>linux-rl9-libxml2</name> + <range><lt>3.0</lt></range> <!-- needs update once fixed version appears --> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Alan Coopersmith reports:</p> + <blockquote cite="https://www.openwall.com/lists/oss-security/2025/06/16/6"> + <p>As discussed in + <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/913">https://gitlab.gnome.org/GNOME/libxml2/-/issues/913</a> the + security policy of libxml2 has been changed to disclose vulnerabilities + before fixes are available so that people other than the maintainer can + contribute to fixing security issues in this library.</p> + <p>As part of this, the following 5 CVE's have been disclosed recently:</p> + <p>(CVE-2025-49794) Heap use after free (UAF) leads to Denial of service (DoS) + <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/931">https://gitlab.gnome.org/GNOME/libxml2/-/issues/931</a> [...]</p> + <p>(CVE-2025-49795) Null pointer dereference leads to Denial of service (DoS) + <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/932">https://gitlab.gnome.org/GNOME/libxml2/-/issues/932</a> [...]</p> + <p>(CVE-2025-49796) Type confusion leads to Denial of service (DoS) + <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/933">https://gitlab.gnome.org/GNOME/libxml2/-/issues/933</a> [...]</p> + <p>For all three of the above, note that upstream is considering removing Schematron support completely, as discussed in + <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/935">https://gitlab.gnome.org/GNOME/libxml2/-/issues/935</a>.</p> + <p>(CVE-2025-6021) Integer Overflow Leading to Buffer Overflow in xmlBuildQName() + <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/926">https://gitlab.gnome.org/GNOME/libxml2/-/issues/926</a> [...]</p> + <p>(CVE-2025-6170) Stack-based Buffer Overflow in xmllint Shell + <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/941">https://gitlab.gnome.org/GNOME/libxml2/-/issues/941</a> [...]</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6021</cvename> + <cvename>CVE-2025-6170</cvename> + <cvename>CVE-2025-49794</cvename> + <cvename>CVE-2025-49795</cvename> + <cvename>CVE-2025-49795</cvename> + <url>https://www.openwall.com/lists/oss-security/2025/06/16/6</url> + <url>https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt</url> + <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/913</url> + <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/931</url> + <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/932</url> + <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/933</url> + <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/935</url> + <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/926</url> + <url>https://gitlab.gnome.org/GNOME/libxml2/-/issues/941</url> + </references> + <dates> + <discovery>2025-05-27</discovery> + <entry>2025-07-12</entry> + </dates> + </vuln> + + <vuln vid="61d74f80-5e9e-11f0-8baa-8447094a420f"> + <topic>mod_http2 -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>mod_http2</name> + <range><lt>2.0.33</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The mod_http2 project reports:</p> + <blockquote cite="https://github.com/icing/mod_h2/releases/tag/v2.0.33"> + <p>a client can increase memory consumption for a HTTP/2 connection + via repeated request header names,leading to denial of service</p> + <p>certain proxy configurations whith mod_proxy_http2 as the + backend, an assertion can be triggered by certain requests, leading + to denial of service</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-53020</cvename> + <cvename>CVE-2025-49630</cvename> + <url>https://github.com/icing/mod_h2/releases/tag/v2.0.33</url> + </references> + <dates> + <discovery>2025-07-10</discovery> + <entry>2025-07-11</entry> + </dates> + </vuln> + + <vuln vid="342f2a0a-5e9b-11f0-8baa-8447094a420f"> + <topic>Apache httpd -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>apache24</name> + <range><lt>2.4.64</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Apache httpd project reports:</p> + <blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html"> + <p>moderate: Apache HTTP Server: HTTP response splitting (CVE-2024-42516)</p> + <p>low: Apache HTTP Server: SSRF with mod_headers setting Content-Type header (CVE-2024-43204)</p> + <p>moderate: Apache HTTP Server: SSRF on Windows due to UNC paths (CVE-2024-43394)</p> + <p>low: Apache HTTP Server: mod_ssl error log variable escaping (CVE-2024-47252)</p> + <p>moderate: Apache HTTP Server: mod_ssl access control bypass with session resumption (CVE-2025-23048)</p> + <p>low: Apache HTTP Server: mod_proxy_http2 denial of service (CVE-2025-49630)</p> + <p>moderate: Apache HTTP Server: mod_ssl TLS upgrade attack (CVE-2025-49812)</p> + <p>moderate: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-42516</cvename> + <cvename>CVE-2024-43204</cvename> + <cvename>CVE-2024-43394</cvename> + <cvename>CVE-2024-47252</cvename> + <cvename>CVE-2025-23048</cvename> + <cvename>CVE-2025-49630</cvename> + <cvename>CVE-2025-49812</cvename> + <cvename>CVE-2025-53020</cvename> + <url>https://httpd.apache.org/security/vulnerabilities_24.html</url> + </references> + <dates> + <discovery>2025-07-10</discovery> + <entry>2025-07-11</entry> + </dates> + </vuln> + + <vuln vid="ef87346f-5dd0-11f0-beb2-ac5afc632ba3"> + <topic>Apache Tomcat -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>tomcat110</name> + <range><gt>11.0.0</gt></range> + <range><lt>11.0.9</lt></range> + </package> + <package> + <name>tomcat101</name> + <range><gt>10.1.0</gt></range> + <range><lt>10.1.43</lt></range> + </package> + <package> + <name>tomcat9</name> + <range><gt>9.0.0</gt></range> + <range><lt>9.0.107</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@apache.org reports:</p> + <blockquote cite="https://www.mail-archive.com/announce@tomcat.apache.org/msg00710.html"> + <p>A race condition on connection close could trigger a JVM crash when using the + APR/Native connector leading to a DoS. This was particularly noticeable with client + initiated closes of HTTP/2 connections.</p> + </blockquote> + <blockquote cite="https://www.mail-archive.com/announce@tomcat.apache.org/msg00713.html"> + <p>An uncontrolled resource consumption vulnerability if an HTTP/2 client did not + acknowledge the initial settings frame that reduces the maximum permitted + concurrent streams could result in a DoS.</p> + </blockquote> + <blockquote cite="https://www.mail-archive.com/announce@tomcat.apache.org/msg00714.html"> + <p>For some unlikely configurations of multipart upload, an Integer Overflow + vulnerability could lead to a DoS via bypassing of size limits.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-52434</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-52434</url> + <cvename>CVE-2025-52520</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-52520</url> + <cvename>CVE-2025-53506</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-53506</url> + </references> + <dates> + <discovery>2025-07-10</discovery> + <entry>2025-07-10</entry> + </dates> + </vuln> + + <vuln vid="20823cc0-5d45-11f0-966e-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.1.0</ge><lt>18.1.2</lt></range> + <range><ge>18.0.0</ge><lt>18.0.4</lt></range> + <range><ge>13.3.0</ge><lt>17.11.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/07/09/patch-release-gitlab-18-1-2-released/"> + <p>Cross-site scripting issue impacts GitLab CE/EE</p> + <p>Improper authorization issue impacts GitLab CE/EE</p> + <p>Improper authorization issue impacts GitLab EE</p> + <p>Improper authorization issue impacts GitLab EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6948</cvename> + <cvename>CVE-2025-3396</cvename> + <cvename>CVE-2025-4972</cvename> + <cvename>CVE-2025-6168</cvename> + <url>https://about.gitlab.com/releases/2025/07/09/patch-release-gitlab-18-1-2-released/</url> + </references> + <dates> + <discovery>2025-07-09</discovery> + <entry>2025-07-10</entry> + </dates> + </vuln> + <vuln vid="2a4472ed-5c0d-11f0-b991-291fce777db8"> <topic>git -- multiple vulnerabilities</topic> <affects> diff --git a/security/wazuh-manager/Makefile b/security/wazuh-manager/Makefile index b6af1f502bd0..1734493f67ff 100644 --- a/security/wazuh-manager/Makefile +++ b/security/wazuh-manager/Makefile @@ -1,7 +1,7 @@ PORTNAME= wazuh DISTVERSIONPREFIX= v DISTVERSION= 4.12.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= https://packages.wazuh.com/deps/40/libraries/sources/:wazuh_sources \ LOCAL/acm/${PORTNAME}/:wazuh_cache diff --git a/security/wazuh-manager/distinfo b/security/wazuh-manager/distinfo index f6d2b8de31ca..31e3af0fbad7 100644 --- a/security/wazuh-manager/distinfo +++ b/security/wazuh-manager/distinfo @@ -57,8 +57,8 @@ SHA256 (wazuh-4.12.0/wazuh-cache-any-4.12.0.tar.gz) = c5e7ce333b2ec47f40c748ff79 SIZE (wazuh-4.12.0/wazuh-cache-any-4.12.0.tar.gz) = 22863738 SHA256 (wazuh-4.12.0/wazuh-python-4.12.0.tar.gz) = d4c68ac05ec7c45af17cc784f3708dbfc6322f124bd8f46b43ad6a360ab28ba7 SIZE (wazuh-4.12.0/wazuh-python-4.12.0.tar.gz) = 466860 -SHA256 (wazuh-4.12.0/wazuh-cache-fbsd13-amd64-4.12.0.tar.gz) = e5bd8424d8f0e98df306466707d5ce70afb73f897470c56ef511e2b70be24186 -SIZE (wazuh-4.12.0/wazuh-cache-fbsd13-amd64-4.12.0.tar.gz) = 26778733 +SHA256 (wazuh-4.12.0/wazuh-cache-fbsd13-amd64-4.12.0.tar.gz) = b3acdd77f9a37e6ad43c64d8e71c35fa78d247d2aeb2bccbb746e55e74bc3478 +SIZE (wazuh-4.12.0/wazuh-cache-fbsd13-amd64-4.12.0.tar.gz) = 26779275 SHA256 (wazuh-4.12.0/wazuh-cache-fbsd14-aarch64-4.12.0.tar.gz) = 0f6168a1207b6080d966ad3c4f3c7ac73d62a95bc5169f95452eaefc1219bd7b SIZE (wazuh-4.12.0/wazuh-cache-fbsd14-aarch64-4.12.0.tar.gz) = 24834192 SHA256 (wazuh-4.12.0/wazuh-cache-fbsd14-amd64-4.12.0.tar.gz) = dd8b50065084e35102b7fdfcb6356455c693d1096e0174ae5d7bb0353ca7cd60 |