diff options
Diffstat (limited to 'security')
52 files changed, 1024 insertions, 121 deletions
diff --git a/security/botan2/Makefile b/security/botan2/Makefile index 1ca8fcfdbee3..5e0f65c0ff07 100644 --- a/security/botan2/Makefile +++ b/security/botan2/Makefile @@ -9,7 +9,8 @@ DISTNAME= Botan-${PORTVERSION} PATCH_SITES+= https://github.com/randombit/botan/commit/ PATCHFILES+= 37fec38ff97604f964122cd2d33f5d503f319b10.patch:-p1 \ 698c383b050591ae1a239c9e6d4ebe05532d2eee.patch:-p1 \ - 0fed26215b52a3d30122deb528f6b4deb824eae7.patch:-p1 + 0fed26215b52a3d30122deb528f6b4deb824eae7.patch:-p1 \ + 1eb0d14a7c110207479f40c8369faacc73d945c8.patch:-p1 MAINTAINER= fluffy@FreeBSD.org COMMENT= Portable, easy to use and efficient C++ crypto library @@ -109,6 +110,8 @@ PLIST_SUB+= HAS_PROCESSOR_RNG="@comment " post-patch: @${REINPLACE_CMD} -e 's|^optimization_flags .*|optimization_flags "${CXXFLAGS}"|' \ ${WRKSRC}/src/build-data/cc/clang.txt + @${REINPLACE_CMD} -e 's|boost_system|boost_filesystem|' \ + ${WRKSRC}/src/lib/utils/boost/info.txt post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/botan ${STAGEDIR}${PREFIX}/lib/libbotan-2.so.${_SOABIVER}.${_SHLIBVER}.${_SHLIBVERPATCH} diff --git a/security/botan2/distinfo b/security/botan2/distinfo index 334533525222..f45a3087e771 100644 --- a/security/botan2/distinfo +++ b/security/botan2/distinfo @@ -1,4 +1,4 @@ -TIMESTAMP = 1737980464 +TIMESTAMP = 1753445434 SHA256 (Botan-2.19.5.tar.xz) = dfeea0e0a6f26d6724c4af01da9a7b88487adb2d81ba7c72fcaf52db522c9ad4 SIZE (Botan-2.19.5.tar.xz) = 6140148 SHA256 (37fec38ff97604f964122cd2d33f5d503f319b10.patch) = 65d185241f6ca5ed5f1ee271855d7733874218df7fccb82a21c12b97e47828c0 @@ -7,3 +7,5 @@ SHA256 (698c383b050591ae1a239c9e6d4ebe05532d2eee.patch) = b3d9c32018fb17035b8119 SIZE (698c383b050591ae1a239c9e6d4ebe05532d2eee.patch) = 2927 SHA256 (0fed26215b52a3d30122deb528f6b4deb824eae7.patch) = 5af4a25ee9252829469cdb33de9f8afd212b96520a03b50855f8fc73cb99779a SIZE (0fed26215b52a3d30122deb528f6b4deb824eae7.patch) = 2512 +SHA256 (1eb0d14a7c110207479f40c8369faacc73d945c8.patch) = 97df96aab5fb3632773b804e077171da48204e81776a945c69672e5c7b0d7396 +SIZE (1eb0d14a7c110207479f40c8369faacc73d945c8.patch) = 1300 diff --git a/security/lego/Makefile b/security/lego/Makefile index e2b6deead144..d6919c372941 100644 --- a/security/lego/Makefile +++ b/security/lego/Makefile @@ -1,6 +1,6 @@ PORTNAME= lego DISTVERSIONPREFIX= v -DISTVERSION= 4.24.0 +DISTVERSION= 4.25.1 CATEGORIES= security MAINTAINER= matt@matthoran.com @@ -12,7 +12,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss -USES= go:1.23,modules +USES= go:modules GO_MODULE= github.com/go-acme/lego/v4 GO_TARGET= ./cmd/lego GO_BUILDFLAGS= -ldflags '-X "main.version=${DISTVERSION}"' diff --git a/security/lego/distinfo b/security/lego/distinfo index ee445fe960dc..38327b4fc1b1 100644 --- a/security/lego/distinfo +++ b/security/lego/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1752932681 -SHA256 (go/security_lego/lego-v4.24.0/v4.24.0.mod) = 4ee2e188492702303c89e3703b26d3cbb10cbdde9ff002e4e8f842f15b81763f -SIZE (go/security_lego/lego-v4.24.0/v4.24.0.mod) = 11037 -SHA256 (go/security_lego/lego-v4.24.0/v4.24.0.zip) = f6a58c88e80aa6d4ffb8eba3b4fd313bba2b3ed3a3b1bbfd23b33fad1bbe7642 -SIZE (go/security_lego/lego-v4.24.0/v4.24.0.zip) = 1502515 +TIMESTAMP = 1753224987 +SHA256 (go/security_lego/lego-v4.25.1/v4.25.1.mod) = d4a62b1d418a18edeb1389150c8d2b6726ce7dd8fb4b4f17958562a5e0136884 +SIZE (go/security_lego/lego-v4.25.1/v4.25.1.mod) = 10758 +SHA256 (go/security_lego/lego-v4.25.1/v4.25.1.zip) = 3227df424f99eabfb24cba0a636fb710a5084212fd9051385a63fea6c9f7321b +SIZE (go/security_lego/lego-v4.25.1/v4.25.1.zip) = 1562186 diff --git a/security/naabu/Makefile b/security/naabu/Makefile index 2a4dd1621e14..3d1385cb4f89 100644 --- a/security/naabu/Makefile +++ b/security/naabu/Makefile @@ -1,6 +1,6 @@ PORTNAME= naabu DISTVERSIONPREFIX= v -DISTVERSION= 2.3.4 +DISTVERSION= 2.3.5 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org @@ -9,7 +9,7 @@ WWW= https://github.com/projectdiscovery/naabu LICENSE= MIT -USES= go:1.23,modules +USES= go:1.24,modules GO_MODULE= github.com/projectdiscovery/naabu/v2 GO_TARGET= ./cmd/${PORTNAME} diff --git a/security/naabu/distinfo b/security/naabu/distinfo index 95692c03c54d..674b49e0f45d 100644 --- a/security/naabu/distinfo +++ b/security/naabu/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1744947331 -SHA256 (go/security_naabu/naabu-v2.3.4/v2.3.4.mod) = 37477fafd0b3b04592d1c7104ddf9dfafe87d579bb2cc3dcab93621b9549b283 -SIZE (go/security_naabu/naabu-v2.3.4/v2.3.4.mod) = 6288 -SHA256 (go/security_naabu/naabu-v2.3.4/v2.3.4.zip) = 534e0e1318f8a4fb7fee5db3b3d2f6537145beb4037958d6df4a68e69de6ee0d -SIZE (go/security_naabu/naabu-v2.3.4/v2.3.4.zip) = 506886 +TIMESTAMP = 1753248989 +SHA256 (go/security_naabu/naabu-v2.3.5/v2.3.5.mod) = c6ea2b8c6fa1e166e02d9a074514b9a77c1bf2914f52e4ba411726a9c798349b +SIZE (go/security_naabu/naabu-v2.3.5/v2.3.5.mod) = 6743 +SHA256 (go/security_naabu/naabu-v2.3.5/v2.3.5.zip) = 77c0c9136c85afc93a3d16811d76e491b23a3be2e077847c80d6e2258b2dfa87 +SIZE (go/security_naabu/naabu-v2.3.5/v2.3.5.zip) = 527140 diff --git a/security/node-sqlcipher/Makefile b/security/node-sqlcipher/Makefile index adeb2171a6e1..3619cf6c698c 100644 --- a/security/node-sqlcipher/Makefile +++ b/security/node-sqlcipher/Makefile @@ -1,5 +1,5 @@ PORTNAME= node-sqlcipher -DISTVERSION= 2.0.3 +DISTVERSION= 2.1.0 CATEGORIES= security MASTER_SITES= https://github.com/signalapp/node-sqlcipher/archive/refs/tags/v${DISTVERSION}/:sqlcipher \ https://registry.npmjs.org/@esbuild/freebsd-arm64/-/:esbuildarm64 \ @@ -26,7 +26,7 @@ USES= nodejs:20,build PLIST_FILES= lib/node_sqlcipher.node -ESBUILD_VERS= 0.25.5 +ESBUILD_VERS= 0.25.6 ESBUILD_ARCH= ${ARCH:S/aarch64/arm64/:S/amd64/x64/} MAKE_ENV+= ESBUILD_BINARY_PATH=${WRKDIR}/esbuild-freebsd-64/package/bin/esbuild diff --git a/security/node-sqlcipher/distinfo b/security/node-sqlcipher/distinfo index 4c0d581254c3..2efbc32fcae3 100644 --- a/security/node-sqlcipher/distinfo +++ b/security/node-sqlcipher/distinfo @@ -1,9 +1,9 @@ -TIMESTAMP = 1748872146 -SHA256 (freebsd-arm64-0.25.5.tgz) = abfbe3edad2cf736ce43a35c2dea079313a4641869912dcb53738a87080f512f -SIZE (freebsd-arm64-0.25.5.tgz) = 4003803 -SHA256 (freebsd-x64-0.25.5.tgz) = 0d8997fd565a9c53d1995b30ed53f2d98b35f831cb6e1f55e0a653aa33cee317 -SIZE (freebsd-x64-0.25.5.tgz) = 4355608 -SHA256 (node-sqlcipher-2.0.3.tar.gz) = 99d3bb23907e8a5a0263d18e0f94857c798d56d2dd0344f2ae873b54e56e9489 -SIZE (node-sqlcipher-2.0.3.tar.gz) = 2711596 -SHA256 (node-sqlcipher-2.0.3-npm-cache.tar.gz) = f7e3800b03717bba269dd8911ede17f64b95d67c037f49b5d7279e78d9d9898c -SIZE (node-sqlcipher-2.0.3-npm-cache.tar.gz) = 67243807 +TIMESTAMP = 1752763972 +SHA256 (freebsd-arm64-0.25.6.tgz) = 64d7ee10a68707188ccf9bf9904771b3ca87ed38b95b38562266625d18263f1b +SIZE (freebsd-arm64-0.25.6.tgz) = 4005168 +SHA256 (freebsd-x64-0.25.6.tgz) = 802165252d595fd843b54010d0f4e96f4ca6a86ac82cfb5701a25c3fedf0e16b +SIZE (freebsd-x64-0.25.6.tgz) = 4357533 +SHA256 (node-sqlcipher-2.1.0.tar.gz) = 81dbfe085be60258d9e0daf4089adc44aaea868b3d009fb5ec47a511f6c99264 +SIZE (node-sqlcipher-2.1.0.tar.gz) = 2712831 +SHA256 (node-sqlcipher-2.1.0-npm-cache.tar.gz) = 8e01706283929ad0a11cd3c16cb97dccebd71a2ac6e982d8bf155da45b8272c4 +SIZE (node-sqlcipher-2.1.0-npm-cache.tar.gz) = 67521401 diff --git a/security/nuclei/Makefile b/security/nuclei/Makefile index ff4ce951c803..14307cedd2a0 100644 --- a/security/nuclei/Makefile +++ b/security/nuclei/Makefile @@ -1,6 +1,6 @@ PORTNAME= nuclei DISTVERSIONPREFIX= v -DISTVERSION= 3.4.6 +DISTVERSION= 3.4.7 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/nuclei/distinfo b/security/nuclei/distinfo index fb33bee95717..e84c8fc80136 100644 --- a/security/nuclei/distinfo +++ b/security/nuclei/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1751730063 -SHA256 (go/security_nuclei/nuclei-v3.4.6/v3.4.6.mod) = 95c7844c02f7c9c24a53544e7bcdfd252a11c8fb61a80f555fbffd6dfaf402a6 -SIZE (go/security_nuclei/nuclei-v3.4.6/v3.4.6.mod) = 18995 -SHA256 (go/security_nuclei/nuclei-v3.4.6/v3.4.6.zip) = 6ea753633305e332bcfd8af6b0e6f7042ebf6a1751bc27c3536f535c4b4c3c40 -SIZE (go/security_nuclei/nuclei-v3.4.6/v3.4.6.zip) = 12374607 +TIMESTAMP = 1753317860 +SHA256 (go/security_nuclei/nuclei-v3.4.7/v3.4.7.mod) = bc1fb722b23218fe4ec211f30a80341a92e69f62fe0a5625afbb0a86599726fc +SIZE (go/security_nuclei/nuclei-v3.4.7/v3.4.7.mod) = 18779 +SHA256 (go/security_nuclei/nuclei-v3.4.7/v3.4.7.zip) = 0356b818c4d68bff08f690128ed089b37a83b43dfdea9a045c8f13500d52300e +SIZE (go/security_nuclei/nuclei-v3.4.7/v3.4.7.zip) = 12380996 diff --git a/security/pecl-gnupg/files/patch-php85 b/security/pecl-gnupg/files/patch-php85 new file mode 100644 index 000000000000..de4a30311382 --- /dev/null +++ b/security/pecl-gnupg/files/patch-php85 @@ -0,0 +1,31 @@ +--- gnupg_keylistiterator.c.orig 2025-06-02 18:54:02 UTC ++++ gnupg_keylistiterator.c +@@ -201,7 +201,7 @@ PHP_METHOD(gnupg_keylistiterator, rewind) + + if ((PHPC_THIS->err = gpgme_op_keylist_start( + PHPC_THIS->ctx, PHPC_THIS->pattern ? PHPC_THIS->pattern : "", 0)) != GPG_ERR_NO_ERROR){ +- zend_throw_exception(zend_exception_get_default(TSRMLS_C), (char *)gpg_strerror(PHPC_THIS->err), 1 TSRMLS_CC); ++ zend_throw_exception(zend_ce_exception, (char *)gpg_strerror(PHPC_THIS->err), 1 TSRMLS_CC); + } + if ((PHPC_THIS->err = gpgme_op_keylist_next(PHPC_THIS->ctx, &PHPC_THIS->gpgkey)) != GPG_ERR_NO_ERROR){ + RETURN_FALSE; +--- gnupg.c.orig 2025-06-02 18:54:02 UTC ++++ gnupg.c +@@ -64,7 +64,7 @@ PHPC_OBJ_DEFINE_HANDLER_VAR(gnupg); + break; \ + case 2: \ + zend_throw_exception(\ +- zend_exception_get_default(TSRMLS_C), \ ++ zend_ce_exception, \ + (char*) error, \ + 0 TSRMLS_CC \ + ); \ +@@ -169,7 +169,7 @@ static void php_gnupg_this_make(PHPC_THIS_DECLARE(gnup + if (gpgme_ctx_set_engine_info( + ctx, GPGME_PROTOCOL_OpenPGP, file_name, home_dir) != GPG_ERR_NO_ERROR) { + zend_throw_exception( +- zend_exception_get_default(TSRMLS_C), ++ zend_ce_exception, + (char*) "Setting engine info failed", + 0 TSRMLS_CC + ); diff --git a/security/py-acme/distinfo b/security/py-acme/distinfo index a2264f2b9272..ba6b77837571 100644 --- a/security/py-acme/distinfo +++ b/security/py-acme/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167596 -SHA256 (acme-4.0.0.tar.gz) = 972d6e0b160000ae833aaa9619901896336e5dc7ca82003fa6ff465bafcbdf52 -SIZE (acme-4.0.0.tar.gz) = 91684 +TIMESTAMP = 1751947304 +SHA256 (acme-4.1.1.tar.gz) = 0ffaaf6d3f41ff05772fd2b6170cf0b2b139f5134d7a70ee49f6e63ca20e8f9a +SIZE (acme-4.1.1.tar.gz) = 96744 diff --git a/security/py-acme/version.mk b/security/py-acme/version.mk index 07cd2b1dd4f4..c6273480e6b0 100644 --- a/security/py-acme/version.mk +++ b/security/py-acme/version.mk @@ -1 +1 @@ -ACME_VERSION= 4.0.0 +ACME_VERSION= 4.1.1 diff --git a/security/py-authlib/Makefile b/security/py-authlib/Makefile index fb2cecb70f68..b527bb8c9863 100644 --- a/security/py-authlib/Makefile +++ b/security/py-authlib/Makefile @@ -1,5 +1,5 @@ PORTNAME= authlib -PORTVERSION= 1.6.0 +PORTVERSION= 1.6.1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-authlib/distinfo b/security/py-authlib/distinfo index 3804f57e8b48..d864619a8bce 100644 --- a/security/py-authlib/distinfo +++ b/security/py-authlib/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1748495847 -SHA256 (authlib-1.6.0.tar.gz) = 4367d32031b7af175ad3a323d571dc7257b7099d55978087ceae4a0d88cd3210 -SIZE (authlib-1.6.0.tar.gz) = 158371 +TIMESTAMP = 1753265790 +SHA256 (authlib-1.6.1.tar.gz) = 4dffdbb1460ba6ec8c17981a4c67af7d8af131231b5a36a88a1e8c80c111cdfd +SIZE (authlib-1.6.1.tar.gz) = 159988 diff --git a/security/py-certbot-apache/Makefile b/security/py-certbot-apache/Makefile index cb57a26b075e..e847903f2aa3 100644 --- a/security/py-certbot-apache/Makefile +++ b/security/py-certbot-apache/Makefile @@ -28,8 +28,8 @@ USE_PYTHON= autoplist concurrent pep517 NO_ARCH= yes post-patch: - @${REINPLACE_CMD} -e 's|apache2ctl|apachectl|' ${WRKSRC}/certbot_apache/_internal/configurator.py - @${REINPLACE_CMD} -e 's|/etc/apache2|${LOCALBASE}/etc/apache24|' ${WRKSRC}/certbot_apache/_internal/configurator.py + @${REINPLACE_CMD} -e 's|apache2ctl|apachectl|' ${WRKSRC}/src/certbot_apache/_internal/configurator.py + @${REINPLACE_CMD} -e 's|/etc/apache2|${LOCALBASE}/etc/apache24|' ${WRKSRC}/src/certbot_apache/_internal/configurator.py .include "${.CURDIR}/../py-acme/version.mk" .include <bsd.port.mk> diff --git a/security/py-certbot-apache/distinfo b/security/py-certbot-apache/distinfo index 0e68734f0cac..11197ab66cc3 100644 --- a/security/py-certbot-apache/distinfo +++ b/security/py-certbot-apache/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167597 -SHA256 (certbot_apache-4.0.0.tar.gz) = 507f9a336bd95c25548f449d8307eead6f875186a13049de173d6833371910a2 -SIZE (certbot_apache-4.0.0.tar.gz) = 183105 +TIMESTAMP = 1751947305 +SHA256 (certbot_apache-4.1.1.tar.gz) = 8b43f9f4b3cb504109cae58b7b8edbadb62bd3fbb1e796fe17ea426a7195b41f +SIZE (certbot_apache-4.1.1.tar.gz) = 183384 diff --git a/security/py-certbot-dns-cloudflare/distinfo b/security/py-certbot-dns-cloudflare/distinfo index 59543aa2a2d4..a836a8eae2c1 100644 --- a/security/py-certbot-dns-cloudflare/distinfo +++ b/security/py-certbot-dns-cloudflare/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167597 -SHA256 (certbot_dns_cloudflare-4.0.0.tar.gz) = 3cc9752b1fbca8e16de8ccd23675d345505a529737855398db655b3413e711f8 -SIZE (certbot_dns_cloudflare-4.0.0.tar.gz) = 16391 +TIMESTAMP = 1751947306 +SHA256 (certbot_dns_cloudflare-4.1.1.tar.gz) = ab42e92ebac8909b40341d8fb0795bf4c938f71d1443bcda120c6ca8894d002a +SIZE (certbot_dns_cloudflare-4.1.1.tar.gz) = 16190 diff --git a/security/py-certbot-dns-cloudflare/files/patch-cloudflare b/security/py-certbot-dns-cloudflare/files/patch-cloudflare index a4acaa5b416a..a7cac35737b0 100644 --- a/security/py-certbot-dns-cloudflare/files/patch-cloudflare +++ b/security/py-certbot-dns-cloudflare/files/patch-cloudflare @@ -1,5 +1,5 @@ ---- certbot_dns_cloudflare/_internal/dns_cloudflare.py.orig 2025-02-11 19:57:38 UTC -+++ certbot_dns_cloudflare/_internal/dns_cloudflare.py +--- src/certbot_dns_cloudflare/_internal/dns_cloudflare.py.orig 2025-02-11 19:57:38 UTC ++++ src/certbot_dns_cloudflare/_internal/dns_cloudflare.py @@ -100,12 +100,12 @@ class _CloudflareClient: # We can't use named arguments in this case, as it would break compatibility with # the Cloudflare library since version 2.10.1, as the `token` argument was used for diff --git a/security/py-certbot-dns-digitalocean/distinfo b/security/py-certbot-dns-digitalocean/distinfo index 524a886863d4..80a5dbf0fc8b 100644 --- a/security/py-certbot-dns-digitalocean/distinfo +++ b/security/py-certbot-dns-digitalocean/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167598 -SHA256 (certbot_dns_digitalocean-4.0.0.tar.gz) = 00ce5b7c6fdcf360ab65558ec0e9c9a7247ddeb7ac8355bca3f5ca43496b0b87 -SIZE (certbot_dns_digitalocean-4.0.0.tar.gz) = 14571 +TIMESTAMP = 1751947307 +SHA256 (certbot_dns_digitalocean-4.1.1.tar.gz) = c2dca249f23eac2ad20b2aaef4773a38489c49799cce1a16cd227138e9112862 +SIZE (certbot_dns_digitalocean-4.1.1.tar.gz) = 14397 diff --git a/security/py-certbot-dns-dnsimple/distinfo b/security/py-certbot-dns-dnsimple/distinfo index 98efb380fd24..936dc0fce051 100644 --- a/security/py-certbot-dns-dnsimple/distinfo +++ b/security/py-certbot-dns-dnsimple/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167599 -SHA256 (certbot_dns_dnsimple-4.0.0.tar.gz) = 3dbe24c0cd5ada5c833d6de174c7ced9fd2a215547d18ad569ee4fe45aafb41b -SIZE (certbot_dns_dnsimple-4.0.0.tar.gz) = 11885 +TIMESTAMP = 1751947308 +SHA256 (certbot_dns_dnsimple-4.1.1.tar.gz) = c47472839a98a02171f992becf7f067a114e64be1fa647b4054f7813a1997afb +SIZE (certbot_dns_dnsimple-4.1.1.tar.gz) = 12048 diff --git a/security/py-certbot-dns-dnsmadeeasy/distinfo b/security/py-certbot-dns-dnsmadeeasy/distinfo index 792674798234..644ad100c41c 100644 --- a/security/py-certbot-dns-dnsmadeeasy/distinfo +++ b/security/py-certbot-dns-dnsmadeeasy/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167599 -SHA256 (certbot_dns_dnsmadeeasy-4.0.0.tar.gz) = bd42dc87844d764c80e27221b81371670ccce65e564119fe1c99fafe7b0b441e -SIZE (certbot_dns_dnsmadeeasy-4.0.0.tar.gz) = 12069 +TIMESTAMP = 1751947309 +SHA256 (certbot_dns_dnsmadeeasy-4.1.1.tar.gz) = 3b473ba6d7e7eeda907609343ac7d895182f8fff40de17d3bcc78999f2550aff +SIZE (certbot_dns_dnsmadeeasy-4.1.1.tar.gz) = 12204 diff --git a/security/py-certbot-dns-gehirn/distinfo b/security/py-certbot-dns-gehirn/distinfo index d888dffea618..2550453241db 100644 --- a/security/py-certbot-dns-gehirn/distinfo +++ b/security/py-certbot-dns-gehirn/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167600 -SHA256 (certbot_dns_gehirn-4.0.0.tar.gz) = 554c35ab3582b37d3fa628cd0c8186f0801b2925bf21fcb08c9db502b276471f -SIZE (certbot_dns_gehirn-4.0.0.tar.gz) = 11966 +TIMESTAMP = 1751947310 +SHA256 (certbot_dns_gehirn-4.1.1.tar.gz) = 305ff044228fe757f3a3ad5d7e1baba802a7a2eb0cd45ebf33c952e72945994a +SIZE (certbot_dns_gehirn-4.1.1.tar.gz) = 12111 diff --git a/security/py-certbot-dns-google/distinfo b/security/py-certbot-dns-google/distinfo index ee603d75d370..39325fafc1ad 100644 --- a/security/py-certbot-dns-google/distinfo +++ b/security/py-certbot-dns-google/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167601 -SHA256 (certbot_dns_google-4.0.0.tar.gz) = 07f78292c7e9b76552a9eed5152c46b285acf3231338850195e895eb3a62a6d3 -SIZE (certbot_dns_google-4.0.0.tar.gz) = 25242 +TIMESTAMP = 1751947311 +SHA256 (certbot_dns_google-4.1.1.tar.gz) = c0e0e9779df9d581d85ed058f39f6ab473a39945bce209bec767b47115bc1e7b +SIZE (certbot_dns_google-4.1.1.tar.gz) = 25128 diff --git a/security/py-certbot-dns-linode/distinfo b/security/py-certbot-dns-linode/distinfo index c20d0009f043..1817bf57c362 100644 --- a/security/py-certbot-dns-linode/distinfo +++ b/security/py-certbot-dns-linode/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167601 -SHA256 (certbot_dns_linode-4.0.0.tar.gz) = a8487117a2c57606e9e554bf967058c598f6f559fdddd13a4c763c97416c999b -SIZE (certbot_dns_linode-4.0.0.tar.gz) = 12181 +TIMESTAMP = 1751947311 +SHA256 (certbot_dns_linode-4.1.1.tar.gz) = 9801b9f418ddf71e0572f934559557763c256fa27ab88f6303609a35a6944891 +SIZE (certbot_dns_linode-4.1.1.tar.gz) = 12320 diff --git a/security/py-certbot-dns-luadns/distinfo b/security/py-certbot-dns-luadns/distinfo index 34df1fda5087..7b60abf34d6e 100644 --- a/security/py-certbot-dns-luadns/distinfo +++ b/security/py-certbot-dns-luadns/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167602 -SHA256 (certbot_dns_luadns-4.0.0.tar.gz) = 2fb5bcd8eeada94f9ad9a5a213d0d90480071a5b5411c326e279fa352bc42ea6 -SIZE (certbot_dns_luadns-4.0.0.tar.gz) = 11888 +TIMESTAMP = 1751947312 +SHA256 (certbot_dns_luadns-4.1.1.tar.gz) = b5147c8ab8d2daf2b33e45d973f1422e4d64fe8ae1a664e78d861d861028d35a +SIZE (certbot_dns_luadns-4.1.1.tar.gz) = 12043 diff --git a/security/py-certbot-dns-nsone/distinfo b/security/py-certbot-dns-nsone/distinfo index 351b033e7fe7..be8531f7b65d 100644 --- a/security/py-certbot-dns-nsone/distinfo +++ b/security/py-certbot-dns-nsone/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167603 -SHA256 (certbot_dns_nsone-4.0.0.tar.gz) = c0bdd769e88147e7b45371c4892c68404a014aa9c4aa48a505f011a94b5e18eb -SIZE (certbot_dns_nsone-4.0.0.tar.gz) = 11966 +TIMESTAMP = 1751947313 +SHA256 (certbot_dns_nsone-4.1.1.tar.gz) = 733aa1f6f97ec7122820a67c1cda82ecb012bcf4c85ae62c44860b03c7045ccd +SIZE (certbot_dns_nsone-4.1.1.tar.gz) = 12133 diff --git a/security/py-certbot-dns-ovh/distinfo b/security/py-certbot-dns-ovh/distinfo index 5b6e491f4289..aeeef787cf5b 100644 --- a/security/py-certbot-dns-ovh/distinfo +++ b/security/py-certbot-dns-ovh/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167603 -SHA256 (certbot_dns_ovh-4.0.0.tar.gz) = 54b1637572d2ac5bbe78bddc180966ad9c7d90bb6baf820c4e7da4c02e6f21ab -SIZE (certbot_dns_ovh-4.0.0.tar.gz) = 12324 +TIMESTAMP = 1751947314 +SHA256 (certbot_dns_ovh-4.1.1.tar.gz) = 167eca0226261d9ecff3d71b50153c9a88ad57e7981a68e04ebad2f6bc0e9dde +SIZE (certbot_dns_ovh-4.1.1.tar.gz) = 12469 diff --git a/security/py-certbot-dns-rfc2136/distinfo b/security/py-certbot-dns-rfc2136/distinfo index 107400db71f4..a2def85da1fd 100644 --- a/security/py-certbot-dns-rfc2136/distinfo +++ b/security/py-certbot-dns-rfc2136/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167604 -SHA256 (certbot_dns_rfc2136-4.0.0.tar.gz) = 9d403198294c6e2e4bc9df6a5e82a4ed35ab3ffef534307f732e967fec3292d7 -SIZE (certbot_dns_rfc2136-4.0.0.tar.gz) = 16948 +TIMESTAMP = 1751947315 +SHA256 (certbot_dns_rfc2136-4.1.1.tar.gz) = fb9a0813cc4a4d5b514b6c5d137463b133a32e79f930b61e77875df080550567 +SIZE (certbot_dns_rfc2136-4.1.1.tar.gz) = 16763 diff --git a/security/py-certbot-dns-route53/distinfo b/security/py-certbot-dns-route53/distinfo index bf6178bc02fd..4d94a52554e6 100644 --- a/security/py-certbot-dns-route53/distinfo +++ b/security/py-certbot-dns-route53/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167605 -SHA256 (certbot_dns_route53-4.0.0.tar.gz) = 9b6397d5a0b3a23242346238cdf423b111b16114e59798638b47d1be9a84fc2e -SIZE (certbot_dns_route53-4.0.0.tar.gz) = 15688 +TIMESTAMP = 1751947315 +SHA256 (certbot_dns_route53-4.1.1.tar.gz) = 52da6a9f89ee698a9d157c88fe2648e57b0073ed4bac18c13e9ce22259e4378c +SIZE (certbot_dns_route53-4.1.1.tar.gz) = 15510 diff --git a/security/py-certbot-dns-sakuracloud/distinfo b/security/py-certbot-dns-sakuracloud/distinfo index 17fdf8768906..dd267d0de10a 100644 --- a/security/py-certbot-dns-sakuracloud/distinfo +++ b/security/py-certbot-dns-sakuracloud/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167606 -SHA256 (certbot_dns_sakuracloud-4.0.0.tar.gz) = b658870de64ffab5f302575f391b8b37774a1cd5d294e8dbbe6db46a794bdd36 -SIZE (certbot_dns_sakuracloud-4.0.0.tar.gz) = 11967 +TIMESTAMP = 1751947316 +SHA256 (certbot_dns_sakuracloud-4.1.1.tar.gz) = 3477ff18b26133f67678f1ad50055a5de8081f5b0ece08b4f768ae325e2748b2 +SIZE (certbot_dns_sakuracloud-4.1.1.tar.gz) = 12116 diff --git a/security/py-certbot-nginx/Makefile b/security/py-certbot-nginx/Makefile index a2e820017817..c6414612ae95 100644 --- a/security/py-certbot-nginx/Makefile +++ b/security/py-certbot-nginx/Makefile @@ -29,7 +29,7 @@ USE_PYTHON= autoplist concurrent pep517 NO_ARCH= yes post-patch: - @${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|' ${WRKSRC}/certbot_nginx/_internal/constants.py + @${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|' ${WRKSRC}/src/certbot_nginx/_internal/constants.py .include "${.CURDIR}/../py-acme/version.mk" .include <bsd.port.mk> diff --git a/security/py-certbot-nginx/distinfo b/security/py-certbot-nginx/distinfo index c4a16deb245b..94a634fb7d50 100644 --- a/security/py-certbot-nginx/distinfo +++ b/security/py-certbot-nginx/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167606 -SHA256 (certbot_nginx-4.0.0.tar.gz) = 4478c3e13e04b49f95675d83adaacdcf1356f8fac0824e236f893f2f5a1d991c -SIZE (certbot_nginx-4.0.0.tar.gz) = 79653 +TIMESTAMP = 1751947317 +SHA256 (certbot_nginx-4.1.1.tar.gz) = 9b03a0c877d8004bc8b077d6aa8419257300a23c7d72f9d8fe268a0a3bb859f2 +SIZE (certbot_nginx-4.1.1.tar.gz) = 80191 diff --git a/security/py-certbot/Makefile b/security/py-certbot/Makefile index 5e66ba0a7c54..f909c26d9147 100644 --- a/security/py-certbot/Makefile +++ b/security/py-certbot/Makefile @@ -48,11 +48,11 @@ MANPAGES_PLIST_FILES= share/man/man1/certbot.1.gz \ .include <bsd.port.pre.mk> .if ${PYTHON_REL} < 31000 -RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}importlib-metadata>=4.6:devel/py-importlib-metadata@${PY_FLAVOR} +RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}importlib-metadata>=8.6.1:devel/py-importlib-metadata@${PY_FLAVOR} .endif post-patch: - @${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|' ${WRKSRC}/certbot/compat/misc.py ${WRKSRC}/certbot/_internal/tests/cli_test.py + @${REINPLACE_CMD} -e 's|/usr/local|${LOCALBASE}|' ${WRKSRC}/src/certbot/compat/misc.py ${WRKSRC}/src/certbot/_internal/tests/cli_test.py post-build-MANPAGES-on: # Avoid gmake / ${DO_MAKE_BUILD} -C ${WRKSRC}/docs man diff --git a/security/py-certbot/distinfo b/security/py-certbot/distinfo index 05ecc6071f5a..1a10a8c352d8 100644 --- a/security/py-certbot/distinfo +++ b/security/py-certbot/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745167596 -SHA256 (certbot-4.0.0.tar.gz) = a867bfbb5126516c12d4c8a93909ef1e4d5309fc4e9f5b97b2d987b0ffd4bbe3 -SIZE (certbot-4.0.0.tar.gz) = 439556 +TIMESTAMP = 1751947305 +SHA256 (certbot-4.1.1.tar.gz) = d1fdde3174bcf1d68f7a8dca070341acec28b78ef92ad2dd18b8d49959e96779 +SIZE (certbot-4.1.1.tar.gz) = 441624 diff --git a/security/py-certbot/files/patch-certbot-compat-misc.py b/security/py-certbot/files/patch-src-certbot-compat-misc.py index 56031716086a..1ffb2afd1010 100644 --- a/security/py-certbot/files/patch-certbot-compat-misc.py +++ b/security/py-certbot/files/patch-src-certbot-compat-misc.py @@ -4,8 +4,8 @@ # https://github.com/certbot/certbot/pull/7056 # TODO: Upstream ---- certbot/compat/misc.py.orig 2023-04-04 15:06:41 UTC -+++ certbot/compat/misc.py +--- src/certbot/compat/misc.py.orig 2023-04-04 15:06:41 UTC ++++ src/certbot/compat/misc.py @@ -100,6 +100,11 @@ LINUX_DEFAULT_FOLDERS = { 'work': '/var/lib/letsencrypt', 'logs': '/var/log/letsencrypt', diff --git a/security/py-certbot/files/patch-certbot___internal_tests_cli__test.py b/security/py-certbot/files/patch-src-certbot-internal_tests-cli__test.py index c5c1cd41e898..d89ec8254b9e 100644 --- a/security/py-certbot/files/patch-certbot___internal_tests_cli__test.py +++ b/security/py-certbot/files/patch-src-certbot-internal_tests-cli__test.py @@ -1,5 +1,5 @@ ---- certbot/_internal/tests/cli_test.py.orig 2023-04-04 15:06:41 UTC -+++ certbot/_internal/tests/cli_test.py +--- src/certbot/_internal/tests/cli_test.py.orig 2023-04-04 15:06:41 UTC ++++ src/certbot/_internal/tests/cli_test.py @@ -1,6 +1,7 @@ """Tests for certbot._internal.cli.""" import argparse diff --git a/security/py-certifi/Makefile b/security/py-certifi/Makefile index de1cfbdc119e..43a6cf3fd110 100644 --- a/security/py-certifi/Makefile +++ b/security/py-certifi/Makefile @@ -1,5 +1,5 @@ PORTNAME= certifi -PORTVERSION= 2025.7.9 +PORTVERSION= 2025.7.14 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-certifi/distinfo b/security/py-certifi/distinfo index a5b8a9689443..693b25863be4 100644 --- a/security/py-certifi/distinfo +++ b/security/py-certifi/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752266162 -SHA256 (certifi-2025.7.9.tar.gz) = c1d2ec05395148ee10cf672ffc28cd37ea0ab0d99f9cc74c43e588cbd111b079 -SIZE (certifi-2025.7.9.tar.gz) = 160386 +TIMESTAMP = 1752566722 +SHA256 (certifi-2025.7.14.tar.gz) = 8ea99dbdfaaf2ba2f9bac77b9249ef62ec5218e7c2b2e903378ed5fccf765995 +SIZE (certifi-2025.7.14.tar.gz) = 163981 diff --git a/security/py-joserfc/Makefile b/security/py-joserfc/Makefile index 469d3303adfc..09603c34e6a5 100644 --- a/security/py-joserfc/Makefile +++ b/security/py-joserfc/Makefile @@ -1,5 +1,5 @@ PORTNAME= joserfc -PORTVERSION= 1.2.1 +PORTVERSION= 1.2.2 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-joserfc/distinfo b/security/py-joserfc/distinfo index d51ddb558786..62b3a48b759b 100644 --- a/security/py-joserfc/distinfo +++ b/security/py-joserfc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752266164 -SHA256 (joserfc-1.2.1.tar.gz) = 466a75dc0af9c6711d2a93f38e91c5d4920ec77059063325c251913da3e83569 -SIZE (joserfc-1.2.1.tar.gz) = 192229 +TIMESTAMP = 1752566724 +SHA256 (joserfc-1.2.2.tar.gz) = 0d2a84feecef96168635fd9bf288363fc75b4afef3d99691f77833c8e025d200 +SIZE (joserfc-1.2.2.tar.gz) = 192865 diff --git a/security/rubygem-brakeman/Makefile b/security/rubygem-brakeman/Makefile index d6bc6638c1a4..04ebef5157f1 100644 --- a/security/rubygem-brakeman/Makefile +++ b/security/rubygem-brakeman/Makefile @@ -1,5 +1,5 @@ PORTNAME= brakeman -PORTVERSION= 7.0.2 +PORTVERSION= 7.1.0 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-brakeman/distinfo b/security/rubygem-brakeman/distinfo index 6d9ca9bc8cd7..7a04b64597b1 100644 --- a/security/rubygem-brakeman/distinfo +++ b/security/rubygem-brakeman/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1744289334 -SHA256 (rubygem/brakeman-7.0.2.gem) = b602d91bcec6c5ce4d4bc9e081e01f621c304b7a69f227d1e58784135f333786 -SIZE (rubygem/brakeman-7.0.2.gem) = 1709056 +TIMESTAMP = 1753265942 +SHA256 (rubygem/brakeman-7.1.0.gem) = bbc708a75a53008490c8b9600b97fa85cb3d5a8818dd1560f18e0b89475d48af +SIZE (rubygem/brakeman-7.1.0.gem) = 1689088 diff --git a/security/snort3/Makefile b/security/snort3/Makefile index 6c19698e3065..a8aa50e7c196 100644 --- a/security/snort3/Makefile +++ b/security/snort3/Makefile @@ -1,6 +1,5 @@ PORTNAME= snort -DISTVERSION= 3.9.1.0 -PORTREVISION= 1 +DISTVERSION= 3.9.2.0 PORTEPOCH= 1 CATEGORIES= security PKGNAMESUFFIX= 3 diff --git a/security/snort3/distinfo b/security/snort3/distinfo index 948c3a03b335..b0b61e634faf 100644 --- a/security/snort3/distinfo +++ b/security/snort3/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751623929 -SHA256 (snort3-snort3-3.9.1.0_GH0.tar.gz) = fc19f20cd34192eb78f28d7f128c79c5d0096733277f2b630a8cf892b10f33ce -SIZE (snort3-snort3-3.9.1.0_GH0.tar.gz) = 3501016 +TIMESTAMP = 1753181972 +SHA256 (snort3-snort3-3.9.2.0_GH0.tar.gz) = edf0aa5e72d673702bca161e235b7b8f8c3e5a49b81e8ddf2ea7e10736ab0cdd +SIZE (snort3-snort3-3.9.2.0_GH0.tar.gz) = 3507676 diff --git a/security/snort3/pkg-plist b/security/snort3/pkg-plist index ac9338536bea..6e0c9db565da 100644 --- a/security/snort3/pkg-plist +++ b/security/snort3/pkg-plist @@ -202,6 +202,8 @@ include/snort/pub_sub/eof_event.h include/snort/pub_sub/eve_process_event.h include/snort/pub_sub/expect_events.h include/snort/pub_sub/external_event_ids.h +include/snort/pub_sub/file_events.h +include/snort/pub_sub/file_events_ids.h include/snort/pub_sub/finalize_packet_event.h include/snort/pub_sub/ftp_events.h include/snort/pub_sub/http_body_event.h diff --git a/security/sudo-rs/Makefile b/security/sudo-rs/Makefile index 773a9fe74501..e609dff6e60f 100644 --- a/security/sudo-rs/Makefile +++ b/security/sudo-rs/Makefile @@ -1,6 +1,7 @@ PORTNAME= sudo-rs PORTVERSION= 0.2.7 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= security MAINTAINER= marc@trifectatech.org diff --git a/security/sudo-rs/files/patch-src_system_mod.rs b/security/sudo-rs/files/patch-src_system_mod.rs new file mode 100644 index 000000000000..9474860f4b51 --- /dev/null +++ b/security/sudo-rs/files/patch-src_system_mod.rs @@ -0,0 +1,13 @@ +--- src/system/mod.rs.orig 2025-07-01 09:04:15 UTC ++++ src/system/mod.rs +@@ -802,8 +802,8 @@ impl Process { + + let ki_start = ki_proc[0].ki_start; + Ok(ProcessCreateTime::new( +- ki_start.tv_sec, +- ki_start.tv_usec * 1000, ++ (ki_start.tv_sec).into(), ++ (ki_start.tv_usec * 1000).into(), + )) + } + } diff --git a/security/sudo-rs/pkg-descr-coexist b/security/sudo-rs/pkg-descr-coexist new file mode 100644 index 000000000000..b77a949d55db --- /dev/null +++ b/security/sudo-rs/pkg-descr-coexist @@ -0,0 +1,4 @@ +Sudo-rs is a memory safe re-implementation of the sudo utility. + +Use this package to try out sudo-rs safely alongside security/sudo, using the +commands "sudo-rs" and "visudo-rs". diff --git a/security/tor/Makefile b/security/tor/Makefile index f57d6c95ee17..ce8c16da16df 100644 --- a/security/tor/Makefile +++ b/security/tor/Makefile @@ -1,5 +1,5 @@ PORTNAME= tor -DISTVERSION= 0.4.8.16 +DISTVERSION= 0.4.8.17 CATEGORIES= security net MASTER_SITES= TOR diff --git a/security/tor/distinfo b/security/tor/distinfo index 03f9a737f3ad..b6c151ad9fc0 100644 --- a/security/tor/distinfo +++ b/security/tor/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1743437584 -SHA256 (tor-0.4.8.16.tar.gz) = 6540dd377a120fb8e7d27530aa3b7ff72a0fa5b4f670fe1d64c987c1cfd390cb -SIZE (tor-0.4.8.16.tar.gz) = 9930424 +TIMESTAMP = 1753369975 +SHA256 (tor-0.4.8.17.tar.gz) = 79b4725e1d4b887b9e68fd09b0d2243777d5ce3cd471e538583bcf6f9d8cdb56 +SIZE (tor-0.4.8.17.tar.gz) = 10073355 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index d41fa0a839d8..0277bd44c443 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,851 @@ + <vuln vid="67c6461f-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1933572%2C1971116"> + <p>Memory safety bugs present in Firefox 140 and + Thunderbird 140. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code.</p> + <p>Focus incorrectly truncated URLs towards the beginning instead of + around the origin.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8044</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8044</url> + <cvename>CVE-2025-8043</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8043</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="62f1a68f-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975058%2C1975058%2C1975998%2C1975998"> + <p>Memory safety bugs present in Firefox ESR 140.0, + Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. + Some of these bugs showed evidence of memory corruption and + we presume that with enough effort some of these could have + been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8040</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8040</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="6088905c-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Persisted search terms in the URL bar</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1970997"> + <p>In some cases search terms persisted in the URL bar even after + navigating away from the search page.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8039</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8039</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="5d91def0-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Ignored paths while checking navigations</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1808979"> + <p>Thunderbird ignored paths when checking the validity of + navigations in a frame.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8038</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8038</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="5abc2187-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- cookie shadowing</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1964767"> + <p>Setting a nameless cookie with an equals sign in the + value shadowed other cookies. Even if the nameless cookie + was set over HTTP and the shadowed cookie included the + `Secure` attribute.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8037</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8037</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="58027367-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- CORS circumvention</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1960834"> + <p>Thunderbird cached CORS preflight responses across IP + address changes. This allowed circumventing CORS with DNS + rebinding.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8036</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8036</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="55096bd3-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2C1975961%2C1975961"> + <p>Memory safety bugs present in Firefox ESR 128.12, + Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR + 140.0, Firefox 140 and Thunderbird 140. Some of these bugs + showed evidence of memory corruption and we presume that + with enough effort some of these could have been exploited + to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8035</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8035</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="4faa01cb-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>115.26</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970422%2C1970422%2C1970422%2C1970422"> + <p>Memory safety bugs present in Firefox ESR 115.25, Firefox + ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, + Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some + of these bugs showed evidence of memory corruption and we + presume that with enough effort some of these could have + been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8034</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8034</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="4d03efe7-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- nullptr dereference</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>115.26</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1973990"> + <p>The JavaScript engine did not handle closed generators + correctly and it was possible to resume them leading to a + nullptr deref.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8033</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8033</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="4a357f4b-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- XSLT document CSP bypass</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1974407"> + <p>XSLT document loading did not correctly propagate the + source document which bypassed its CSP.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8032</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8032</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="477e9eb3-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- HTTP Basic Authentication credentials leak</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971719"> + <p>The `username:password` part was not correctly stripped + from URLs in CSP reports potentially leaking HTTP Basic + Authentication credentials.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8031</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8031</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="44b3048b-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Insufficient input escaping</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1968414"> + <p>Insufficient escaping in the Copy as cURL feature could + potentially be used to trick a user into executing + unexpected code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8030</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8030</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="419bcf99-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- 'javascript:' URLs execution</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1928021"> + <p>Thunderbird executed `javascript:` URLs when used in + `object` and `embed` tags.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8029</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8029</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="3e9406a7-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Incorrect computation of branch address</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>115.26</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971581"> + <p>On arm64, a WASM `br_table` instruction with a lot of + entries could lead to the label being too far from the + instruction causing truncation and incorrect computation of + the branch address.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8028</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8028</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="3c234220-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- IonMonkey-JIT bad stack write</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>115.26</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1968423"> + <p>On 64-bit platforms IonMonkey-JIT only wrote 32 bits of + the 64-bit return value space on the stack. Baseline-JIT, + however, read the entire 64 bits.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8027</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8027</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="3d4393b2-68a5-11f0-b2b4-589cfc10832a"> + <topic>gdk-pixbuf2 -- a heap buffer overflow</topic> + <affects> + <package> + <name>gdk-pixbuf2</name> + <range><lt>2.42.12_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cve@mitre.org reports:</p> + <blockquote cite="https://www.cve.org/CVERecord?id=CVE-2025-7345"> + <p>A flaw exists in gdk-pixbuf within the gdk_pixbuf__jpeg_image_load_increment + function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). + When processing maliciously crafted JPEG images, a heap buffer overflow can occur + during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially + causing application crashes or arbitrary code execution.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-7345</cvename> + <url>https://www.cve.org/CVERecord?id=CVE-2025-7345</url> + </references> + <dates> + <discovery>2025-07-24</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="b3948bf3-685e-11f0-bff5-6805ca2fa271"> + <topic>powerdns-recursor -- cache pollution</topic> + <affects> + <package> + <name>powerdns-recursor</name> + <range><lt>5.2.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>PowerDNS Team reports:</p> + <blockquote cite="https://blog.powerdns.com/powerdns-security-advisory-2025-04"> + <p>An attacker spoofing answers to ECS enabled requests + sent out by the Recursor has a chance of success higher + than non-ECS enabled queries. The updated version include + various mitigations against spoofing attempts of ECS enabled + queries by chaining ECS enabled requests and enforcing + stricter validation of the received answers. The most strict + mitigation done when the new setting outgoing.edns_subnet_harden + (old style name edns-subnet-harden) is enabled.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-30192</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-30192</url> + </references> + <dates> + <discovery>2025-07-21</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="5683b3a7-683d-11f0-966e-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.2.0</ge><lt>18.2.1</lt></range> + <range><ge>18.1.0</ge><lt>18.1.3</lt></range> + <range><ge>15.0.0</ge><lt>18.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/"> + <p>Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE</p> + <p>Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE using CDNs</p> + <p>Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE</p> + <p>Improper Access Control issue impacts GitLab EE</p> + <p>Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE</p> + <p>Improper Access Control issue impacts GitLab CE/EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4700</cvename> + <cvename>CVE-2025-4439</cvename> + <cvename>CVE-2025-7001</cvename> + <cvename>CVE-2025-4976</cvename> + <cvename>CVE-2025-0765</cvename> + <cvename>CVE-2025-1299</cvename> + <url>https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/</url> + </references> + <dates> + <discovery>2025-07-23</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="0f5bcba2-67fb-11f0-9ee5-b42e991fc52e"> + <topic>sqlite -- Integer Truncation on SQLite</topic> + <affects> + <package> + <name>sqlite3</name> + <range><lt>3.50.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cve-coordination@google.com reports:</p> + <blockquote cite="https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"> + <p>There exists a vulnerability in SQLite versions before + 3.50.2 where the number of aggregate terms could exceed the + number of columns available. This could lead to a memory + corruption issue.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6965</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6965</url> + </references> + <dates> + <discovery>2025-07-15</discovery> + <entry>2025-07-23</entry> + </dates> + </vuln> + + <vuln vid="80411ba2-6729-11f0-a5cb-8c164580114f"> + <topic>7-Zip -- Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder</topic> + <affects> + <package> + <name>7-zip</name> + <range><lt>25.00</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security-advisories@github.com reports:</p> + <blockquote cite="https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/"> + <p>7-Zip is a file archiver with a high compression ratio. Zeroes + written outside heap buffer in RAR5 handler may lead to memory + corruption and denial of service in versions of 7-Zip prior to + 25.0.0. Version 25.0.0 contains a fix for the issue.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-53816</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-53816</url> + </references> + <dates> + <discovery>2025-07-17</discovery> + <entry>2025-07-22</entry> + </dates> + </vuln> + <vuln vid="605a9d1e-6521-11f0-beb2-ac5afc632ba3"> <topic>libwasmtime -- host panic with fd_renumber WASIp1 function</topic> <affects> |