summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/Makefile1
-rw-r--r--security/R-cran-openssl/Makefile4
-rw-r--r--security/R-cran-openssl/distinfo6
-rw-r--r--security/agave/Makefile4
-rw-r--r--security/agave/distinfo10
-rw-r--r--security/agave/files/patch-rust-1.87.042
-rw-r--r--security/fizz/Makefile2
-rw-r--r--security/fizz/distinfo6
-rw-r--r--security/gnupg-pkcs11-scd/Makefile2
-rw-r--r--security/govulncheck/Makefile37
-rw-r--r--security/govulncheck/distinfo5
-rw-r--r--security/govulncheck/files/patch-all__test.go11
-rw-r--r--security/govulncheck/files/patch-internal_buildinfo_additions__scan__test.go11
-rw-r--r--security/govulncheck/files/patch-internal_scan_run.go11
-rw-r--r--security/govulncheck/files/patch-internal_scan_util.go11
-rw-r--r--security/govulncheck/files/patch-internal_test_packages.go11
-rw-r--r--security/govulncheck/files/patch-internal_test_testenv.go11
-rw-r--r--security/govulncheck/files/patch-internal_testenv_testenv.go11
-rw-r--r--security/govulncheck/files/patch-internal_vulncheck_packages.go11
-rw-r--r--security/govulncheck/files/patch-vendor_golang.org_x_telemetry_internal_configstore_download.go11
-rw-r--r--security/govulncheck/files/patch-vendor_golang.org_x_telemetry_internal_telemetry_dir.go11
-rw-r--r--security/govulncheck/files/patch-vendor_golang.org_x_tools_go_gcexportdata_gcexportdata.go11
-rw-r--r--security/govulncheck/files/patch-vendor_golang.org_x_tools_go_packages_packagestest_export.go11
-rw-r--r--security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_gcimporter_exportdata.go11
-rw-r--r--security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_gocommand_invoke.go11
-rw-r--r--security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_goroot_importcfg.go11
-rw-r--r--security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_testenv_testenv.go38
-rw-r--r--security/govulncheck/pkg-descr19
-rw-r--r--security/node-sqlcipher/Makefile4
-rw-r--r--security/node-sqlcipher/distinfo18
-rw-r--r--security/nss/Makefile2
-rw-r--r--security/nss/distinfo6
-rw-r--r--security/p5-CSP/Makefile2
-rw-r--r--security/p5-dicewaregen/Makefile2
-rw-r--r--security/py-passhole/Makefile3
-rw-r--r--security/py-passhole/distinfo6
-rw-r--r--security/signify/Makefile2
-rw-r--r--security/signify/distinfo6
-rw-r--r--security/vuls/files/patch-vendor_gorm.io_gorm_internal_stmt_store_stmt_store.go29
-rw-r--r--security/vuxml/vuln/2025.xml46
40 files changed, 419 insertions, 48 deletions
diff --git a/security/Makefile b/security/Makefile
index 34fc30166872..205c732e5678 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -197,6 +197,7 @@
SUBDIR += gosec
SUBDIR += gost-engine
SUBDIR += gostsum
+ SUBDIR += govulncheck
SUBDIR += gpa
SUBDIR += gpg-gui
SUBDIR += gpg-tui
diff --git a/security/R-cran-openssl/Makefile b/security/R-cran-openssl/Makefile
index ee4683304723..31882d609237 100644
--- a/security/R-cran-openssl/Makefile
+++ b/security/R-cran-openssl/Makefile
@@ -1,11 +1,11 @@
PORTNAME= openssl
-DISTVERSION= 2.3.2
+DISTVERSION= 2.3.3
CATEGORIES= security
DISTNAME= ${PORTNAME}_${DISTVERSION}
MAINTAINER= eduardo@FreeBSD.org
COMMENT= Toolkit for Encryption, Signatures and Certificates Based on OpenSSL
-WWW= https://cran.r-project.org/web/packages/openssl/
+WWW= https://cran.r-project.org/package=openssl
LICENSE= MIT
diff --git a/security/R-cran-openssl/distinfo b/security/R-cran-openssl/distinfo
index ae69dfff9a27..c28d46c50229 100644
--- a/security/R-cran-openssl/distinfo
+++ b/security/R-cran-openssl/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1738686768
-SHA256 (openssl_2.3.2.tar.gz) = 9925ca6abc3c55809322e12458a15c49cccc01b85f9cac9475a64e9d1e6584db
-SIZE (openssl_2.3.2.tar.gz) = 1204775
+TIMESTAMP = 1748336768
+SHA256 (openssl_2.3.3.tar.gz) = b6b709a98dc3de47ec59adc234d8f0864c4f5b31c5e65478ec5e49c80ba7bf59
+SIZE (openssl_2.3.3.tar.gz) = 1206720
diff --git a/security/agave/Makefile b/security/agave/Makefile
index c23f02587c7c..b6fc26a9c13a 100644
--- a/security/agave/Makefile
+++ b/security/agave/Makefile
@@ -1,6 +1,6 @@
PORTNAME= agave
DISTVERSIONPREFIX= v
-DISTVERSION= 2.2.10
+DISTVERSION= 2.2.14
CATEGORIES= security
PKGNAMESUFFIX= -blockchain
@@ -653,7 +653,7 @@ CARGO_CRATES= Inflector-0.11.4 \
solana-reserved-account-keys-2.2.1 \
solana-reward-info-2.2.1 \
solana-sanitize-2.2.1 \
- solana-sbpf-0.10.0 \
+ solana-sbpf-0.10.1 \
solana-sdk-2.2.2 \
solana-sdk-ids-2.2.1 \
solana-sdk-macro-2.2.1 \
diff --git a/security/agave/distinfo b/security/agave/distinfo
index 3efe7f5d17ae..1d57ba0c8a39 100644
--- a/security/agave/distinfo
+++ b/security/agave/distinfo
@@ -1,4 +1,4 @@
-TIMESTAMP = 1744998301
+TIMESTAMP = 1747742789
SHA256 (rust/crates/Inflector-0.11.4.crate) = fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3
SIZE (rust/crates/Inflector-0.11.4.crate) = 17438
SHA256 (rust/crates/addr2line-0.20.0.crate) = f4fa78e18c64fce05e902adecd7a5eed15a5e0a3439f7b0e169f0252214865e3
@@ -1253,8 +1253,8 @@ SHA256 (rust/crates/solana-reward-info-2.2.1.crate) = 18205b69139b1ae0ab8f6e11cd
SIZE (rust/crates/solana-reward-info-2.2.1.crate) = 4139
SHA256 (rust/crates/solana-sanitize-2.2.1.crate) = 61f1bc1357b8188d9c4a3af3fc55276e56987265eb7ad073ae6f8180ee54cecf
SIZE (rust/crates/solana-sanitize-2.2.1.crate) = 1565
-SHA256 (rust/crates/solana-sbpf-0.10.0.crate) = 66a3ce7a0f4d6830124ceb2c263c36d1ee39444ec70146eb49b939e557e72b96
-SIZE (rust/crates/solana-sbpf-0.10.0.crate) = 167288
+SHA256 (rust/crates/solana-sbpf-0.10.1.crate) = 8e6aed9fa0b4791538896be288fb5ccb2ab9f558ca0fe1ff28dfd3046fbdb5c5
+SIZE (rust/crates/solana-sbpf-0.10.1.crate) = 167277
SHA256 (rust/crates/solana-sdk-2.2.2.crate) = e8af90d2ce445440e0548fa4a5f96fe8b265c22041a68c942012ffadd029667d
SIZE (rust/crates/solana-sdk-2.2.2.crate) = 28048
SHA256 (rust/crates/solana-sdk-ids-2.2.1.crate) = 5c5d8b9cc68d5c88b062a33e23a6466722467dde0035152d8fb1afbcdf350a5f
@@ -1727,5 +1727,5 @@ SHA256 (rust/crates/zstd-sys-2.0.13+zstd.1.5.6.crate) = 38ff0f21cfee8f97d94cef41
SIZE (rust/crates/zstd-sys-2.0.13+zstd.1.5.6.crate) = 749090
SHA256 (anza-xyz-crossbeam-fd279d707025f0e60951e429bf778b4813d1b6bf_GH0.tar.gz) = c997bc77438ef12fbddf0a4e3fe1d8665dbd479980bab65cda3bfe2dbfda32ea
SIZE (anza-xyz-crossbeam-fd279d707025f0e60951e429bf778b4813d1b6bf_GH0.tar.gz) = 254980
-SHA256 (anza-xyz-agave-v2.2.10_GH0.tar.gz) = b4dd7d82f93959b9c055dac85436928cf3aa47d24c8f3cd55c0b9253f5feec80
-SIZE (anza-xyz-agave-v2.2.10_GH0.tar.gz) = 18448115
+SHA256 (anza-xyz-agave-v2.2.14_GH0.tar.gz) = 210e181762c217e3c16b3747c32526d61bda70a0c1a97ebb2ec72941df82e7d9
+SIZE (anza-xyz-agave-v2.2.14_GH0.tar.gz) = 49456937
diff --git a/security/agave/files/patch-rust-1.87.0 b/security/agave/files/patch-rust-1.87.0
new file mode 100644
index 000000000000..cc2162774154
--- /dev/null
+++ b/security/agave/files/patch-rust-1.87.0
@@ -0,0 +1,42 @@
+https://github.com/anza-xyz/agave/pull/5323
+
+https://github.com/anza-xyz/agave/pull/5323/commits/b8444343075a96f7472dd3b18490233cd0aeb9a2
+https://github.com/anza-xyz/agave/pull/5323/commits/28ec738e2282958f5b85bf6fd515ac31b099f95e
+
+--- unified-scheduler-pool/src/lib.rs.orig 2025-05-20 14:31:43.222181000 +0200
++++ unified-scheduler-pool/src/lib.rs 2025-05-20 14:31:51.894607000 +0200
+@@ -12,6 +12,8 @@
+ //! Refer to [`PooledScheduler`] doc comment for general overview of scheduler state transitions
+ //! regarding to pooling and the actual use.
+
++use std::ops::DerefMut;
++
+ #[cfg(feature = "dev-context-only-utils")]
+ use qualifier_attr::qualifiers;
+ use {
+@@ -326,10 +328,10 @@ where
+ //
+ // Note that this critical section could block the latency-sensitive replay
+ // code-path via ::take_scheduler().
+- #[allow(unstable_name_collisions)]
+- idle_inners.extend(scheduler_inners.extract_if(|(_inner, pooled_at)| {
+- now.duration_since(*pooled_at) > max_pooling_duration
+- }));
++ idle_inners.extend(MakeExtractIf::extract_if(
++ scheduler_inners.deref_mut(),
++ |(_inner, pooled_at)| now.duration_since(*pooled_at) > max_pooling_duration,
++ ));
+ drop(scheduler_inners);
+
+ let idle_inner_count = idle_inners.len();
+@@ -357,8 +359,8 @@ where
+ let Ok(mut timeout_listeners) = scheduler_pool.timeout_listeners.lock() else {
+ break;
+ };
+- #[allow(unstable_name_collisions)]
+- expired_listeners.extend(timeout_listeners.extract_if(
++ expired_listeners.extend(MakeExtractIf::extract_if(
++ timeout_listeners.deref_mut(),
+ |(_callback, registered_at)| {
+ now.duration_since(*registered_at) > timeout_duration
+ },
diff --git a/security/fizz/Makefile b/security/fizz/Makefile
index 58cb52d68aeb..696aa320c8f8 100644
--- a/security/fizz/Makefile
+++ b/security/fizz/Makefile
@@ -1,6 +1,6 @@
PORTNAME= fizz
DISTVERSIONPREFIX= v
-DISTVERSION= 2025.05.19.00
+DISTVERSION= 2025.05.26.00
CATEGORIES= security
MAINTAINER= yuri@FreeBSD.org
diff --git a/security/fizz/distinfo b/security/fizz/distinfo
index 74e44fafe591..8f7d8fec9996 100644
--- a/security/fizz/distinfo
+++ b/security/fizz/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1747730518
-SHA256 (facebookincubator-fizz-v2025.05.19.00_GH0.tar.gz) = 83ce2e22c993cad1c5cbc5f3ee1aff4c44af99eeeb3dd3d539f1017a7af18647
-SIZE (facebookincubator-fizz-v2025.05.19.00_GH0.tar.gz) = 754906
+TIMESTAMP = 1748334332
+SHA256 (facebookincubator-fizz-v2025.05.26.00_GH0.tar.gz) = 3a4bdd1b61c44c12047136796c70ee4d9b78076358855367d976acf99c22bf1d
+SIZE (facebookincubator-fizz-v2025.05.26.00_GH0.tar.gz) = 755400
diff --git a/security/gnupg-pkcs11-scd/Makefile b/security/gnupg-pkcs11-scd/Makefile
index 0a75d8a76601..759009670932 100644
--- a/security/gnupg-pkcs11-scd/Makefile
+++ b/security/gnupg-pkcs11-scd/Makefile
@@ -3,7 +3,7 @@ DISTVERSION= 0.11.0
CATEGORIES= security
MASTER_SITES= https://github.com/alonbl/${PORTNAME}/releases/download/${DISTNAME}/
-MAINTAINER= mat@FreeBSD.org
+MAINTAINER= ports@FreeBSD.org
COMMENT= PKCS\#11 enabled gnupg scd
WWW= https://github.com/alonbl/gnupg-pkcs11-scd
diff --git a/security/govulncheck/Makefile b/security/govulncheck/Makefile
new file mode 100644
index 000000000000..421e87f037bf
--- /dev/null
+++ b/security/govulncheck/Makefile
@@ -0,0 +1,37 @@
+PORTNAME= govulncheck
+DISTVERSIONPREFIX= v
+DISTVERSION= 1.1.4
+CATEGORIES= security
+
+MAINTAINER= einar@isnic.is
+COMMENT= Database client and tools for the Go vulnerability database
+WWW= https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
+
+LICENSE= BSD3CLAUSE
+LICENSE_FILE= ${WRKSRC}/LICENSE
+
+USES= go:modules,run
+
+GO_MODULE= golang.org/x/vuln
+GO_TARGET= ./cmd/govulncheck
+
+PLIST_FILES= bin/govulncheck
+
+post-patch:
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/scan/util.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/all_test.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/scan/run.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/test/packages.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/test/testenv.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/testenv/testenv.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/internal/vulncheck/packages.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/telemetry/internal/configstore/download.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/telemetry/internal/telemetry/dir.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/go/packages/packagestest/export.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/gcimporter/exportdata.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/gocommand/invoke.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/goroot/importcfg.go
+ @${REINPLACE_CMD} -e 's|%%GO_CMD%%|${GO_CMD}|g' ${WRKSRC}/vendor/golang.org/x/tools/internal/testenv/testenv.go
+
+.include <bsd.port.mk>
diff --git a/security/govulncheck/distinfo b/security/govulncheck/distinfo
new file mode 100644
index 000000000000..ab0dd596680a
--- /dev/null
+++ b/security/govulncheck/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1742556049
+SHA256 (go/security_govulncheck/govulncheck-v1.1.4/v1.1.4.mod) = 40e5fa329adbfd7dad2476465ba340d2531b4d33640b82c81c34ac90f36cbd2a
+SIZE (go/security_govulncheck/govulncheck-v1.1.4/v1.1.4.mod) = 387
+SHA256 (go/security_govulncheck/govulncheck-v1.1.4/v1.1.4.zip) = 115ff76fba8f73b27106eb2e59e3f30696f4f7faaeed55471b5b65c3994b503d
+SIZE (go/security_govulncheck/govulncheck-v1.1.4/v1.1.4.zip) = 853384
diff --git a/security/govulncheck/files/patch-all__test.go b/security/govulncheck/files/patch-all__test.go
new file mode 100644
index 000000000000..e6186df4baba
--- /dev/null
+++ b/security/govulncheck/files/patch-all__test.go
@@ -0,0 +1,11 @@
+--- all_test.go.orig 2025-05-08 09:17:55 UTC
++++ all_test.go
+@@ -84,7 +84,7 @@ func rungo(t *testing.T, args ...string) {
+ t.Helper()
+ testenv.NeedsGoBuild(t)
+
+- cmd := exec.Command("go", args...)
++ cmd := exec.Command("%%GO_CMD%%", args...)
+ if output, err := cmd.CombinedOutput(); err != nil {
+ if ee := (*exec.ExitError)(nil); errors.As(err, &ee) && len(ee.Stderr) > 0 {
+ t.Fatalf("%v: %v\n%s", cmd, err, ee.Stderr)
diff --git a/security/govulncheck/files/patch-internal_buildinfo_additions__scan__test.go b/security/govulncheck/files/patch-internal_buildinfo_additions__scan__test.go
new file mode 100644
index 000000000000..8de5b3027e68
--- /dev/null
+++ b/security/govulncheck/files/patch-internal_buildinfo_additions__scan__test.go
@@ -0,0 +1,11 @@
+--- internal/buildinfo/additions_scan_test.go.orig 2025-05-08 09:20:20 UTC
++++ internal/buildinfo/additions_scan_test.go
+@@ -145,7 +145,7 @@ func Vuln() {
+ })
+ defer e.Cleanup()
+
+- cmd := exec.Command("go", "build", "-o", "entry")
++ cmd := exec.Command("%%GO_CMD%%", "build", "-o", "entry")
+ cmd.Dir = e.Config.Dir
+ cmd.Env = e.Config.Env
+ out, err := cmd.CombinedOutput()
diff --git a/security/govulncheck/files/patch-internal_scan_run.go b/security/govulncheck/files/patch-internal_scan_run.go
new file mode 100644
index 000000000000..4af9d3301b41
--- /dev/null
+++ b/security/govulncheck/files/patch-internal_scan_run.go
@@ -0,0 +1,11 @@
+--- internal/scan/run.go.orig 2025-05-08 09:21:10 UTC
++++ internal/scan/run.go
+@@ -87,7 +87,7 @@ func prepareConfig(ctx context.Context, cfg *config, c
+ }
+ }
+ if cfg.GoVersion == "" {
+- if out, err := exec.Command("go", "env", "GOVERSION").Output(); err == nil {
++ if out, err := exec.Command("%%GO_CMD%%", "env", "GOVERSION").Output(); err == nil {
+ cfg.GoVersion = strings.TrimSpace(string(out))
+ }
+ }
diff --git a/security/govulncheck/files/patch-internal_scan_util.go b/security/govulncheck/files/patch-internal_scan_util.go
new file mode 100644
index 000000000000..607c11164eed
--- /dev/null
+++ b/security/govulncheck/files/patch-internal_scan_util.go
@@ -0,0 +1,11 @@
+--- internal/scan/util.go.orig 1979-11-30 00:00:00 UTC
++++ internal/scan/util.go
+@@ -50,7 +50,7 @@ func gomodExists(dir string) bool {
+ }
+
+ func gomodExists(dir string) bool {
+- cmd := exec.Command("go", "env", "GOMOD")
++ cmd := exec.Command("%%GO_CMD%%", "env", "GOMOD")
+ cmd.Dir = dir
+ out, err := cmd.Output()
+ output := strings.TrimSpace(string(out))
diff --git a/security/govulncheck/files/patch-internal_test_packages.go b/security/govulncheck/files/patch-internal_test_packages.go
new file mode 100644
index 000000000000..3cc85bdd22a6
--- /dev/null
+++ b/security/govulncheck/files/patch-internal_test_packages.go
@@ -0,0 +1,11 @@
+--- internal/test/packages.go.orig 2025-05-08 09:19:24 UTC
++++ internal/test/packages.go
+@@ -13,7 +13,7 @@ func VerifyImports(t *testing.T, allowed ...string) {
+ )
+
+ func VerifyImports(t *testing.T, allowed ...string) {
+- if _, err := exec.LookPath("go"); err != nil {
++ if _, err := exec.LookPath("%%GO_CMD%%"); err != nil {
+ t.Skipf("skipping: %v", err)
+ }
+ cfg := &packages.Config{Mode: packages.NeedImports | packages.NeedDeps}
diff --git a/security/govulncheck/files/patch-internal_test_testenv.go b/security/govulncheck/files/patch-internal_test_testenv.go
new file mode 100644
index 000000000000..f28ee2f16524
--- /dev/null
+++ b/security/govulncheck/files/patch-internal_test_testenv.go
@@ -0,0 +1,11 @@
+--- internal/test/testenv.go.orig 2025-05-08 09:18:33 UTC
++++ internal/test/testenv.go
+@@ -14,7 +14,7 @@ func NeedsGoEnv(t testing.TB) {
+ func NeedsGoEnv(t testing.TB) {
+ t.Helper()
+
+- if _, err := exec.LookPath("go"); err != nil {
++ if _, err := exec.LookPath("%%GO_CMD%%"); err != nil {
+ t.Skip("skipping test: can't run go env")
+ }
+ }
diff --git a/security/govulncheck/files/patch-internal_testenv_testenv.go b/security/govulncheck/files/patch-internal_testenv_testenv.go
new file mode 100644
index 000000000000..634a4a23fe50
--- /dev/null
+++ b/security/govulncheck/files/patch-internal_testenv_testenv.go
@@ -0,0 +1,11 @@
+--- internal/testenv/testenv.go.orig 2025-05-08 09:21:55 UTC
++++ internal/testenv/testenv.go
+@@ -100,7 +100,7 @@ func NeedsGoBuild(t testing.TB) {
+ if err := os.WriteFile(mainGo, []byte("package main\nfunc main() {}\n"), 0644); err != nil {
+ t.Fatal(err)
+ }
+- cmd := exec.Command("go", "build", "-o", os.DevNull, mainGo)
++ cmd := exec.Command("%%GO_CMD%%", "build", "-o", os.DevNull, mainGo)
+ cmd.Dir = dir
+ if err := cmd.Run(); err != nil {
+ goBuildErr = fmt.Errorf("%v: %v", cmd, err)
diff --git a/security/govulncheck/files/patch-internal_vulncheck_packages.go b/security/govulncheck/files/patch-internal_vulncheck_packages.go
new file mode 100644
index 000000000000..d9e7038ebc9c
--- /dev/null
+++ b/security/govulncheck/files/patch-internal_vulncheck_packages.go
@@ -0,0 +1,11 @@
+--- internal/vulncheck/packages.go.orig 2025-05-08 09:26:39 UTC
++++ internal/vulncheck/packages.go
+@@ -34,7 +34,7 @@ func NewPackageGraph(goVersion string) *PackageGraph {
+ }
+
+ goRoot := ""
+- if out, err := exec.Command("go", "env", "GOROOT").Output(); err == nil {
++ if out, err := exec.Command("%%GO_CMD%%", "env", "GOROOT").Output(); err == nil {
+ goRoot = strings.TrimSpace(string(out))
+ }
+ stdlibModule := &packages.Module{
diff --git a/security/govulncheck/files/patch-vendor_golang.org_x_telemetry_internal_configstore_download.go b/security/govulncheck/files/patch-vendor_golang.org_x_telemetry_internal_configstore_download.go
new file mode 100644
index 000000000000..19f5c34ba0cc
--- /dev/null
+++ b/security/govulncheck/files/patch-vendor_golang.org_x_telemetry_internal_configstore_download.go
@@ -0,0 +1,11 @@
+--- vendor/golang.org/x/telemetry/internal/configstore/download.go.orig 2025-05-08 09:35:28 UTC
++++ vendor/golang.org/x/telemetry/internal/configstore/download.go
+@@ -36,7 +36,7 @@ func Download(version string, envOverlay []string) (*t
+ }
+ modVer := ModulePath + "@" + version
+ var stdout, stderr bytes.Buffer
+- cmd := exec.Command("go", "mod", "download", "-json", modVer)
++ cmd := exec.Command("%%GO_CMD%%", "mod", "download", "-json", modVer)
+ cmd.Env = append(os.Environ(), envOverlay...)
+ cmd.Stdout = &stdout
+ cmd.Stderr = &stderr
diff --git a/security/govulncheck/files/patch-vendor_golang.org_x_telemetry_internal_telemetry_dir.go b/security/govulncheck/files/patch-vendor_golang.org_x_telemetry_internal_telemetry_dir.go
new file mode 100644
index 000000000000..b8ea9e633a94
--- /dev/null
+++ b/security/govulncheck/files/patch-vendor_golang.org_x_telemetry_internal_telemetry_dir.go
@@ -0,0 +1,11 @@
+--- vendor/golang.org/x/telemetry/internal/telemetry/dir.go.orig 2025-05-08 09:35:02 UTC
++++ vendor/golang.org/x/telemetry/internal/telemetry/dir.go
+@@ -52,7 +52,7 @@ func init() {
+ if err != nil {
+ return
+ }
+- Default = NewDir(filepath.Join(cfgDir, "go", "telemetry"))
++ Default = NewDir(filepath.Join(cfgDir, "%%GO_CMD%%", "telemetry"))
+ }
+
+ func (d Dir) Dir() string {
diff --git a/security/govulncheck/files/patch-vendor_golang.org_x_tools_go_gcexportdata_gcexportdata.go b/security/govulncheck/files/patch-vendor_golang.org_x_tools_go_gcexportdata_gcexportdata.go
new file mode 100644
index 000000000000..4dcb9c703a59
--- /dev/null
+++ b/security/govulncheck/files/patch-vendor_golang.org_x_tools_go_gcexportdata_gcexportdata.go
@@ -0,0 +1,11 @@
+--- vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go.orig 2025-05-08 09:27:42 UTC
++++ vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go
+@@ -87,7 +87,7 @@ func Find(importPath, srcDir string) (filename, path s
+ // Deprecated: Use the higher-level API in golang.org/x/tools/go/packages,
+ // which is more efficient.
+ func Find(importPath, srcDir string) (filename, path string) {
+- cmd := exec.Command("go", "list", "-json", "-export", "--", importPath)
++ cmd := exec.Command("%%GO_CMD%%", "list", "-json", "-export", "--", importPath)
+ cmd.Dir = srcDir
+ out, err := cmd.Output()
+ if err != nil {
diff --git a/security/govulncheck/files/patch-vendor_golang.org_x_tools_go_packages_packagestest_export.go b/security/govulncheck/files/patch-vendor_golang.org_x_tools_go_packages_packagestest_export.go
new file mode 100644
index 000000000000..86b3c18a17ed
--- /dev/null
+++ b/security/govulncheck/files/patch-vendor_golang.org_x_tools_go_packages_packagestest_export.go
@@ -0,0 +1,11 @@
+--- vendor/golang.org/x/tools/go/packages/packagestest/export.go.orig 2025-05-08 09:28:42 UTC
++++ vendor/golang.org/x/tools/go/packages/packagestest/export.go
+@@ -37,7 +37,7 @@ the 'go list' command on the specified modules:
+ })
+ defer e.Cleanup()
+
+- cmd := exec.Command("go", "list", "gopher.example/...")
++ cmd := exec.Command("%%GO_CMD%%", "list", "gopher.example/...")
+ cmd.Dir = e.Config.Dir
+ cmd.Env = e.Config.Env
+ out, err := cmd.Output()
diff --git a/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_gcimporter_exportdata.go b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_gcimporter_exportdata.go
new file mode 100644
index 000000000000..64a057ceea2d
--- /dev/null
+++ b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_gcimporter_exportdata.go
@@ -0,0 +1,11 @@
+--- vendor/golang.org/x/tools/internal/gcimporter/exportdata.go.orig 2025-05-08 09:32:45 UTC
++++ vendor/golang.org/x/tools/internal/gcimporter/exportdata.go
+@@ -392,7 +392,7 @@ func lookupGorootExport(pkgDir string) (string, error)
+ )
+ f, _ = exportMap.LoadOrStore(pkgDir, func() (string, error) {
+ listOnce.Do(func() {
+- cmd := exec.Command(filepath.Join(build.Default.GOROOT, "bin", "go"), "list", "-export", "-f", "{{.Export}}", pkgDir)
++ cmd := exec.Command(filepath.Join(build.Default.GOROOT, "bin", "%%GO_CMD%%"), "list", "-export", "-f", "{{.Export}}", pkgDir)
+ cmd.Dir = build.Default.GOROOT
+ cmd.Env = append(os.Environ(), "PWD="+cmd.Dir, "GOROOT="+build.Default.GOROOT)
+ var output []byte
diff --git a/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_gocommand_invoke.go b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_gocommand_invoke.go
new file mode 100644
index 000000000000..447c512d1811
--- /dev/null
+++ b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_gocommand_invoke.go
@@ -0,0 +1,11 @@
+--- vendor/golang.org/x/tools/internal/gocommand/invoke.go.orig 2025-05-08 09:34:03 UTC
++++ vendor/golang.org/x/tools/internal/gocommand/invoke.go
+@@ -245,7 +245,7 @@ func (i *Invocation) run(ctx context.Context, stdout,
+ appendOverlayFlag()
+ goArgs = append(goArgs, i.Args...)
+ }
+- cmd := exec.Command("go", goArgs...)
++ cmd := exec.Command("%%GO_CMD%%", goArgs...)
+ cmd.Stdout = stdout
+ cmd.Stderr = stderr
+
diff --git a/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_goroot_importcfg.go b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_goroot_importcfg.go
new file mode 100644
index 000000000000..92a3260e8b51
--- /dev/null
+++ b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_goroot_importcfg.go
@@ -0,0 +1,11 @@
+--- vendor/golang.org/x/tools/internal/goroot/importcfg.go.orig 2025-05-08 09:33:18 UTC
++++ vendor/golang.org/x/tools/internal/goroot/importcfg.go
+@@ -47,7 +47,7 @@ func PkgfileMap() (map[string]string, error) {
+ func PkgfileMap() (map[string]string, error) {
+ once.Do(func() {
+ m := make(map[string]string)
+- output, err := exec.Command("go", "list", "-export", "-e", "-f", "{{.ImportPath}} {{.Export}}", "std", "cmd").Output()
++ output, err := exec.Command("%%GO_CMD%%", "list", "-export", "-e", "-f", "{{.ImportPath}} {{.Export}}", "std", "cmd").Output()
+ if err != nil {
+ stdlibPkgfileErr = err
+ }
diff --git a/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_testenv_testenv.go b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_testenv_testenv.go
new file mode 100644
index 000000000000..3c8c09262b38
--- /dev/null
+++ b/security/govulncheck/files/patch-vendor_golang.org_x_tools_internal_testenv_testenv.go
@@ -0,0 +1,38 @@
+--- vendor/golang.org/x/tools/internal/testenv/testenv.go.orig 2025-05-08 09:30:00 UTC
++++ vendor/golang.org/x/tools/internal/testenv/testenv.go
+@@ -115,7 +115,7 @@ func HasTool(tool string) error {
+ checkGoBuild.err = err
+ return
+ }
+- cmd := exec.Command("go", "build", "-o", os.DevNull, mainGo)
++ cmd := exec.Command("%%GO_CMD%%", "build", "-o", os.DevNull, mainGo)
+ cmd.Dir = dir
+ if out, err := cmd.CombinedOutput(); err != nil {
+ if len(out) > 0 {
+@@ -145,7 +145,7 @@ func cgoEnabled(bypassEnvironment bool) (bool, error)
+ }
+
+ func cgoEnabled(bypassEnvironment bool) (bool, error) {
+- cmd := exec.Command("go", "env", "CGO_ENABLED")
++ cmd := exec.Command("%%GO_CMD%%", "env", "CGO_ENABLED")
+ if bypassEnvironment {
+ cmd.Env = append(append([]string(nil), os.Environ()...), "CGO_ENABLED=")
+ }
+@@ -444,7 +444,7 @@ func findGOROOT() (string, error) {
+ return
+ }
+
+- cmd := exec.Command("go", "env", "GOROOT")
++ cmd := exec.Command("%%GO_CMD%%", "env", "GOROOT")
+ out, err := cmd.Output()
+ if err != nil {
+ gorootErr = fmt.Errorf("%v: %v", cmd, err)
+@@ -480,7 +480,7 @@ func NeedsLocalXTools(t testing.TB) {
+
+ NeedsTool(t, "go")
+
+- cmd := Command(t, "go", "list", "-f", "{{with .Replace}}{{.Dir}}{{end}}", "-m", "golang.org/x/tools")
++ cmd := Command(t, "%%GO_CMD%%", "list", "-f", "{{with .Replace}}{{.Dir}}{{end}}", "-m", "golang.org/x/tools")
+ out, err := cmd.Output()
+ if err != nil {
+ if ee, ok := err.(*exec.ExitError); ok && len(ee.Stderr) > 0 {
diff --git a/security/govulncheck/pkg-descr b/security/govulncheck/pkg-descr
new file mode 100644
index 000000000000..5759881efc1c
--- /dev/null
+++ b/security/govulncheck/pkg-descr
@@ -0,0 +1,19 @@
+Govulncheck reports known vulnerabilities that affect Go code.
+It uses static analysis of source code or a binary's symbol table
+to narrow down reports to only those that could affect the
+application.
+
+By default, govulncheck makes requests to the Go vulnerability
+database at https://vuln.go.dev. Requests to the vulnerability
+database contain only module paths with vulnerabilities already
+known to the database, not code or other properties of your
+program. See https://vuln.go.dev/privacy.html for more.
+Use the -db flag to specify a different database, which must
+implement the specification at https://go.dev/security/vuln/database.
+
+Govulncheck looks for vulnerabilities in Go programs using a specific
+build configuration. For analyzing source code, that configuration is
+the Go version specified by the "go" command found on the PATH. For
+binaries, the build configuration is the one used to build the binary.
+Note that different build configurations may have different known
+vulnerabilities.
diff --git a/security/node-sqlcipher/Makefile b/security/node-sqlcipher/Makefile
index 5ade2847365e..28c25c052618 100644
--- a/security/node-sqlcipher/Makefile
+++ b/security/node-sqlcipher/Makefile
@@ -1,5 +1,5 @@
PORTNAME= node-sqlcipher
-DISTVERSION= 2.0.0
+DISTVERSION= 2.0.1
CATEGORIES= security
MASTER_SITES= https://github.com/signalapp/node-sqlcipher/archive/refs/tags/v${DISTVERSION}/:sqlcipher \
https://registry.npmjs.org/@esbuild/freebsd-arm64/-/:esbuildarm64 \
@@ -26,7 +26,7 @@ USES= nodejs:20,build
PLIST_FILES= lib/node_sqlcipher.node
-ESBUILD_VERS= 0.25.3
+ESBUILD_VERS= 0.25.4
ESBUILD_ARCH= ${ARCH:S/aarch64/arm64/:S/amd64/x64/}
MAKE_ENV+= ESBUILD_BINARY_PATH=${WRKDIR}/esbuild-freebsd-64/package/bin/esbuild
diff --git a/security/node-sqlcipher/distinfo b/security/node-sqlcipher/distinfo
index 0e85aa5b51c8..851591c935a6 100644
--- a/security/node-sqlcipher/distinfo
+++ b/security/node-sqlcipher/distinfo
@@ -1,9 +1,9 @@
-TIMESTAMP = 1745482082
-SHA256 (freebsd-arm64-0.25.3.tgz) = 66cd941c96ed8b27d2e319c442eea96becbb99374d830795508279b68ce02124
-SIZE (freebsd-arm64-0.25.3.tgz) = 4001403
-SHA256 (freebsd-x64-0.25.3.tgz) = e895510cb1cd3c194792ab1bc6976e5f4f3b1899c790aaa8deff2c801fb07760
-SIZE (freebsd-x64-0.25.3.tgz) = 4351370
-SHA256 (node-sqlcipher-2.0.0.tar.gz) = fa5ebc0ae37cc40800305b117f3f5008036309043d85cdfb6dcfeb3adea2d56b
-SIZE (node-sqlcipher-2.0.0.tar.gz) = 2711493
-SHA256 (node-sqlcipher-2.0.0-npm-cache.tar.gz) = bc2d77eeb74dbed95327ef46be2309e2a6a102628172800b196a1d11022a398a
-SIZE (node-sqlcipher-2.0.0-npm-cache.tar.gz) = 66671541
+TIMESTAMP = 1747319143
+SHA256 (freebsd-arm64-0.25.4.tgz) = 0072915465631a1bc954ec539e0f2bb0dbdfcf6cea1073d7d1d6deb7b5008156
+SIZE (freebsd-arm64-0.25.4.tgz) = 4002815
+SHA256 (freebsd-x64-0.25.4.tgz) = 56e4cd53e81c443d2ad85812f8582fe5628fcf1eebc1d7b5b541b4c81862df9e
+SIZE (freebsd-x64-0.25.4.tgz) = 4354424
+SHA256 (node-sqlcipher-2.0.1.tar.gz) = 33822ea0eff715acb00d2bcc27d1ea9470e1312aa4f5ddbdbd79b195d20b1a81
+SIZE (node-sqlcipher-2.0.1.tar.gz) = 2711520
+SHA256 (node-sqlcipher-2.0.1-npm-cache.tar.gz) = 3d9021adbf6853d9726577862c6cf471cb6edefb5aff4a1d1fdc74a506e26d36
+SIZE (node-sqlcipher-2.0.1-npm-cache.tar.gz) = 68950580
diff --git a/security/nss/Makefile b/security/nss/Makefile
index 95cf763e709b..cd09fec5a081 100644
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@@ -1,5 +1,5 @@
PORTNAME= nss
-PORTVERSION= 3.111
+PORTVERSION= 3.112
CATEGORIES= security
MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src
diff --git a/security/nss/distinfo b/security/nss/distinfo
index 62ed0eddbcaa..4363042d1944 100644
--- a/security/nss/distinfo
+++ b/security/nss/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1746465088
-SHA256 (nss-3.111.tar.gz) = 5a4d5a44e91ef03cdc0c4897cf616e3c92f4e590ea835d3e0ccad8b005bd73c6
-SIZE (nss-3.111.tar.gz) = 76617947
+TIMESTAMP = 1748343929
+SHA256 (nss-3.112.tar.gz) = 33ae72d43b275957252adc8639e84229d3ae692a57b6191b059d9456b8568a68
+SIZE (nss-3.112.tar.gz) = 76620428
diff --git a/security/p5-CSP/Makefile b/security/p5-CSP/Makefile
index 168133d07658..350902446199 100644
--- a/security/p5-CSP/Makefile
+++ b/security/p5-CSP/Makefile
@@ -6,7 +6,7 @@ MASTER_SITES= ftp://ftp.it.su.se/pub/users/leifj/ \
http://redundancy.redundancy.org/mirror/
PKGNAMEPREFIX= p5-
-MAINTAINER= ports@FreeBSD.org
+MAINTAINER= perl@FreeBSD.org
COMMENT= Perl tool for managing Certificate Authorities
WWW= http://devel.it.su.se/projects/CSP/
diff --git a/security/p5-dicewaregen/Makefile b/security/p5-dicewaregen/Makefile
index 7041b806298a..0c495d9a2760 100644
--- a/security/p5-dicewaregen/Makefile
+++ b/security/p5-dicewaregen/Makefile
@@ -3,7 +3,7 @@ PORTVERSION= 1.4
CATEGORIES= security
PKGNAMEPREFIX= p5-
-MAINTAINER= ports@FreeBSD.org
+MAINTAINER= perl@FreeBSD.org
COMMENT= Perl script to generate Diceware dictionaries for passwords
WWW= https://github.com/graudeejs/dicewaregen.pl
diff --git a/security/py-passhole/Makefile b/security/py-passhole/Makefile
index d5e96346f923..98d49592b793 100644
--- a/security/py-passhole/Makefile
+++ b/security/py-passhole/Makefile
@@ -1,6 +1,5 @@
PORTNAME= passhole
-DISTVERSION= 1.10.0
-PORTREVISION= 1
+DISTVERSION= 1.10.1
CATEGORIES= security python
MASTER_SITES= PYPI
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
diff --git a/security/py-passhole/distinfo b/security/py-passhole/distinfo
index b1651305de2e..8f23f10ef29a 100644
--- a/security/py-passhole/distinfo
+++ b/security/py-passhole/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1710386646
-SHA256 (passhole-1.10.0.tar.gz) = de937186a9a4c3cb4ed30541b999ee6bae0726b129c9e35200a88032c338a156
-SIZE (passhole-1.10.0.tar.gz) = 57522
+TIMESTAMP = 1748278992
+SHA256 (passhole-1.10.1.tar.gz) = e71f110391f40f100023475e2d78544b2faae6f1a2c4258753877d1585d171d1
+SIZE (passhole-1.10.1.tar.gz) = 65435
diff --git a/security/signify/Makefile b/security/signify/Makefile
index 2abfda5cad9f..a2998eca08b3 100644
--- a/security/signify/Makefile
+++ b/security/signify/Makefile
@@ -1,6 +1,6 @@
PORTNAME= signify
DISTVERSIONPREFIX= v
-DISTVERSION= 0.13
+DISTVERSION= 0.14
PORTEPOCH= 1
CATEGORIES= security
diff --git a/security/signify/distinfo b/security/signify/distinfo
index 7ecea46f0457..0626f7ec7175 100644
--- a/security/signify/distinfo
+++ b/security/signify/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1698320458
-SHA256 (leahneukirchen-outils-v0.13_GH0.tar.gz) = 49d46211fe84a5b96cf55d689696d190b7aba7d3e043c8c8dc9f5ff9af8f927a
-SIZE (leahneukirchen-outils-v0.13_GH0.tar.gz) = 281834
+TIMESTAMP = 1748271343
+SHA256 (leahneukirchen-outils-v0.14_GH0.tar.gz) = e4dcbd92b25bbb371216b0fad5aa80cdff19f466f7ec8b5e145111fb348c91eb
+SIZE (leahneukirchen-outils-v0.14_GH0.tar.gz) = 281863
diff --git a/security/vuls/files/patch-vendor_gorm.io_gorm_internal_stmt_store_stmt_store.go b/security/vuls/files/patch-vendor_gorm.io_gorm_internal_stmt_store_stmt_store.go
new file mode 100644
index 000000000000..a249bd5099ae
--- /dev/null
+++ b/security/vuls/files/patch-vendor_gorm.io_gorm_internal_stmt_store_stmt_store.go
@@ -0,0 +1,29 @@
+commit 8c4e8e2d2a63ef019048bd988a2016948605920b
+Author: iTanken <23544702+iTanken@users.noreply.github.com>
+Date: Sun Apr 27 14:05:16 2025 +0800
+
+ fix: int type variable defaultMaxSize overflows in 32-bit environment (#7439)
+
+ Refs: #7435
+
+diff --git a/internal/stmt_store/stmt_store.go b/internal/stmt_store/stmt_store.go
+index 7068419..a82b2cf 100644
+--- vendor/gorm.io/gorm/internal/stmt_store/stmt_store.go
++++ vendor/gorm.io/gorm/internal/stmt_store/stmt_store.go
+@@ -3,6 +3,7 @@ package stmt_store
+ import (
+ "context"
+ "database/sql"
++ "math"
+ "sync"
+ "time"
+
+@@ -73,7 +74,7 @@ type Store interface {
+ // the cache can theoretically store as many elements as possible.
+ // (1 << 63) - 1 is the maximum value that an int64 type can represent.
+ const (
+- defaultMaxSize = (1 << 63) - 1
++ defaultMaxSize = math.MaxInt
+ // defaultTTL defines the default time-to-live (TTL) for each cache entry.
+ // When the TTL for cache entries is not specified, each cache entry will expire after 24 hours.
+ defaultTTL = time.Hour * 24
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 0c4d3ccee4af..14393c4e4738 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,21 +1,57 @@
+ <vuln vid="45eb98d6-3b13-11f0-97f7-b42e991fc52e">
+ <topic>grafana -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>grafana</name>
+ <range><lt>12.0.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>security@grafana.com reports:</p>
+ <blockquote cite="https://grafana.com/security/security-advisories/cve-2025-4123/">
+ <p>A cross-site scripting (XSS) vulnerability exists in Grafana caused
+ by combining a client path traversal and open redirect. This allows
+ attackers to redirect users to a website that hosts a frontend
+ plugin that will execute arbitrary JavaScript. This vulnerability
+ does not require editor permissions and if anonymous access is
+ enabled, the XSS will work. If the Grafana Image Renderer plugin
+ is installed, it is possible to exploit the open redirect to achieve
+ a full read SSRF.
+
+ The default Content-Security-Policy (CSP) in Grafana will block the
+ XSS though the `connect-src` directive.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-4123</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4123</url>
+ </references>
+ <dates>
+ <discovery>2025-05-22</discovery>
+ <entry>2025-05-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="e587b52d-38ac-11f0-b7b6-dcfe074bd614">
<topic>cpython -- Use-after-free in &quot;unicode_escape&quot; decoder with error handler</topic>
<affects>
<package>
<name>python39</name>
- <range><lt>3.9.22</lt></range>
+ <range><lt>3.9.22_1</lt></range>
</package>
<package>
<name>python310</name>
- <range><lt>3.10.17</lt></range>
+ <range><lt>3.10.17_1</lt></range>
</package>
<package>
<name>python311</name>
- <range><lt>3.11.12</lt></range>
+ <range><lt>3.11.12_1</lt></range>
</package>
<package>
<name>python312</name>
- <range><lt>3.12.10</lt></range>
+ <range><lt>3.12.10_1</lt></range>
</package>
</affects>
<description>
@@ -5576,7 +5612,7 @@
<affects>
<package>
<name>asterisk18</name>
- <range><lt>18.26.20</lt></range>
+ <range><lt>18.26.2</lt></range>
</package>
<package>
<name>asterisk20</name>