diff options
Diffstat (limited to 'security')
46 files changed, 511 insertions, 51 deletions
diff --git a/security/Makefile b/security/Makefile index 7066817c71ba..2574d50691c8 100644 --- a/security/Makefile +++ b/security/Makefile @@ -918,6 +918,7 @@ SUBDIR += py-certbot-dns-standalone SUBDIR += py-certbot-nginx SUBDIR += py-certifi + SUBDIR += py-certipy SUBDIR += py-certomancer SUBDIR += py-certstream SUBDIR += py-ckcc-protocol diff --git a/security/acmed/Makefile b/security/acmed/Makefile index 6fec0c7fbe30..35b47483237a 100644 --- a/security/acmed/Makefile +++ b/security/acmed/Makefile @@ -1,7 +1,7 @@ PORTNAME= acmed DISTVERSIONPREFIX= v DISTVERSION= 0.21.0 -PORTREVISION= 22 +PORTREVISION= 23 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/agave/Makefile b/security/agave/Makefile index 44614004e259..179a8edfbce1 100644 --- a/security/agave/Makefile +++ b/security/agave/Makefile @@ -1,7 +1,7 @@ PORTNAME= agave DISTVERSIONPREFIX= v DISTVERSION= 2.2.14 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security PKGNAMESUFFIX= -blockchain diff --git a/security/arti/Makefile b/security/arti/Makefile index 7ff5ced0400a..b339b8ff2d5c 100644 --- a/security/arti/Makefile +++ b/security/arti/Makefile @@ -1,6 +1,6 @@ PORTNAME= arti DISTVERSION= 1.5.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= cs@FreeBSD.org diff --git a/security/authenticator/Makefile b/security/authenticator/Makefile index 191034a9fcca..faedbe606e3d 100644 --- a/security/authenticator/Makefile +++ b/security/authenticator/Makefile @@ -1,6 +1,6 @@ PORTNAME= authenticator DISTVERSION= 4.4.0 -PORTREVISION= 9 +PORTREVISION= 10 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/authoscope/Makefile b/security/authoscope/Makefile index 6645a15213a6..36d3767ae8ec 100644 --- a/security/authoscope/Makefile +++ b/security/authoscope/Makefile @@ -1,7 +1,7 @@ PORTNAME= authoscope DISTVERSIONPREFIX= v DISTVERSION= 0.8.1 -PORTREVISION= 24 +PORTREVISION= 25 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/cargo-audit/Makefile b/security/cargo-audit/Makefile index 968206cde143..a45d7b4b4a7c 100644 --- a/security/cargo-audit/Makefile +++ b/security/cargo-audit/Makefile @@ -1,7 +1,7 @@ PORTNAME= cargo-audit DISTVERSIONPREFIX= ${PORTNAME}/v DISTVERSION= 0.21.2 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= security diff --git a/security/clamav-lts/Makefile b/security/clamav-lts/Makefile index b6539482641f..4f863dabe9f6 100644 --- a/security/clamav-lts/Makefile +++ b/security/clamav-lts/Makefile @@ -1,6 +1,6 @@ PORTNAME= clamav DISTVERSION= 1.0.9 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= https://www.clamav.net/downloads/production/ diff --git a/security/clamav/Makefile b/security/clamav/Makefile index 7a29dc981d0a..413f7af43016 100644 --- a/security/clamav/Makefile +++ b/security/clamav/Makefile @@ -1,6 +1,6 @@ PORTNAME= clamav DISTVERSION= 1.4.3 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= https://www.clamav.net/downloads/production/ diff --git a/security/cloak/Makefile b/security/cloak/Makefile index 5e766c9afb4e..11042978be15 100644 --- a/security/cloak/Makefile +++ b/security/cloak/Makefile @@ -1,7 +1,7 @@ PORTNAME= cloak DISTVERSIONPREFIX= v DISTVERSION= 0.3.0 -PORTREVISION= 32 +PORTREVISION= 33 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/cosign/Makefile b/security/cosign/Makefile index 9766fa711a8b..9fcb48325d8f 100644 --- a/security/cosign/Makefile +++ b/security/cosign/Makefile @@ -1,6 +1,6 @@ PORTNAME= cosign DISTVERSIONPREFIX= v -DISTVERSION= 2.6.0 +DISTVERSION= 2.6.1 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org @@ -23,7 +23,7 @@ GO_BUILDFLAGS= -ldflags="-buildid= \ PLIST_FILES= bin/${PORTNAME} -GIT_HASH= 37fbfc7018fb4d60a9a2c9175bd64c75dda5869a +GIT_HASH= 634fabe54f9fbbab55d821a83ba93b2d25bdba5f .include <bsd.port.pre.mk> diff --git a/security/cosign/distinfo b/security/cosign/distinfo index 04260adacbe1..f7a8031a9264 100644 --- a/security/cosign/distinfo +++ b/security/cosign/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1757797254 -SHA256 (go/security_cosign/cosign-v2.6.0/v2.6.0.mod) = 5bdb0b024ddd7ed55330cccaf993f544d68917acac507d0f3c78e22be77afabb -SIZE (go/security_cosign/cosign-v2.6.0/v2.6.0.mod) = 17701 -SHA256 (go/security_cosign/cosign-v2.6.0/v2.6.0.zip) = 2952d765dacdaebf7c651cfbad99e4736a086a9732e3a42bf8e9ce963bc73ae3 -SIZE (go/security_cosign/cosign-v2.6.0/v2.6.0.zip) = 1366214 +TIMESTAMP = 1759523978 +SHA256 (go/security_cosign/cosign-v2.6.1/v2.6.1.mod) = 4d6e9e11c0efec4ed8d03058cd1b73a0f9a830b804fb59a42890e6ea7f91fea8 +SIZE (go/security_cosign/cosign-v2.6.1/v2.6.1.mod) = 17701 +SHA256 (go/security_cosign/cosign-v2.6.1/v2.6.1.zip) = 8821408a71dba7b6ed4b94cac23b8e0679a9d23419d83a3e4b303796d920c6d3 +SIZE (go/security_cosign/cosign-v2.6.1/v2.6.1.zip) = 1367164 diff --git a/security/diswall/Makefile b/security/diswall/Makefile index fe69a0d58e55..38bb50c05d26 100644 --- a/security/diswall/Makefile +++ b/security/diswall/Makefile @@ -1,7 +1,7 @@ PORTNAME= diswall DISTVERSIONPREFIX= v DISTVERSION= 0.6.0 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/flawz/Makefile b/security/flawz/Makefile index 5888307efb27..b8ede509ef15 100644 --- a/security/flawz/Makefile +++ b/security/flawz/Makefile @@ -1,7 +1,7 @@ PORTNAME= flawz DISTVERSIONPREFIX= v DISTVERSION= 0.3.0 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/fprintd/Makefile b/security/fprintd/Makefile index ceee89d4cbd9..5e9ee6c1a499 100644 --- a/security/fprintd/Makefile +++ b/security/fprintd/Makefile @@ -14,7 +14,7 @@ LIB_DEPENDS= libbasu.so:devel/basu \ libfprint-2.so:security/libfprint \ libpolkit-gobject-1.so:sysutils/polkit -USES= gettext gnome libtool meson pkgconfig +USES= gettext gnome meson pkgconfig USE_GITLAB= yes GL_SITE= https://gitlab.freedesktop.org GL_ACCOUNT= libfprint diff --git a/security/gpg-tui/Makefile b/security/gpg-tui/Makefile index bd53260d9ce8..6dc29b19e639 100644 --- a/security/gpg-tui/Makefile +++ b/security/gpg-tui/Makefile @@ -1,7 +1,7 @@ PORTNAME= gpg-tui DISTVERSIONPREFIX= v DISTVERSION= 0.11.1 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= se@FreeBSD.org diff --git a/security/hashcat/Makefile b/security/hashcat/Makefile index f2c76ff7fa2b..aae3658efa75 100644 --- a/security/hashcat/Makefile +++ b/security/hashcat/Makefile @@ -1,7 +1,7 @@ PORTNAME= hashcat PORTVERSION= 7.1.2 DISTVERSIONPREFIX= v -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= security diff --git a/security/kanidm/Makefile b/security/kanidm/Makefile index 54b16724b18c..e29028300f7d 100644 --- a/security/kanidm/Makefile +++ b/security/kanidm/Makefile @@ -1,7 +1,7 @@ PORTNAME= kanidm DISTVERSIONPREFIX= v DISTVERSION= 1.7.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security net MAINTAINER= bofh@FreeBSD.org diff --git a/security/libfprint/Makefile b/security/libfprint/Makefile index 2c84695dd52c..a0684407fe70 100644 --- a/security/libfprint/Makefile +++ b/security/libfprint/Makefile @@ -14,7 +14,7 @@ LIB_DEPENDS= libgusb.so:devel/libgusb \ libnss3.so:security/nss \ libpixman-1.so:x11/pixman -USES= gnome libtool meson pkgconfig python:env shebangfix +USES= gnome meson pkgconfig python:env shebangfix USE_GITLAB= yes GL_SITE= https://gitlab.freedesktop.org USE_GNOME= glib20 diff --git a/security/lxqt-openssh-askpass/Makefile b/security/lxqt-openssh-askpass/Makefile index bb967a5a4478..10d34bcb1565 100644 --- a/security/lxqt-openssh-askpass/Makefile +++ b/security/lxqt-openssh-askpass/Makefile @@ -1,6 +1,6 @@ PORTNAME= lxqt-openssh-askpass PORTVERSION= 2.2.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= LXQT diff --git a/security/lxqt-sudo/Makefile b/security/lxqt-sudo/Makefile index b181f248e32a..cb1181975101 100644 --- a/security/lxqt-sudo/Makefile +++ b/security/lxqt-sudo/Makefile @@ -1,6 +1,6 @@ PORTNAME= lxqt-sudo PORTVERSION= 2.2.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= LXQT diff --git a/security/netbird/Makefile b/security/netbird/Makefile index d018c374af81..2b5638e59319 100644 --- a/security/netbird/Makefile +++ b/security/netbird/Makefile @@ -1,7 +1,6 @@ PORTNAME= netbird DISTVERSIONPREFIX= v -DISTVERSION= 0.56.0 -PORTREVISION= 1 +DISTVERSION= 0.59.1 CATEGORIES= security net net-vpn MAINTAINER= hakan.external@netbird.io diff --git a/security/netbird/distinfo b/security/netbird/distinfo index 842834e94dc7..6afd5a561327 100644 --- a/security/netbird/distinfo +++ b/security/netbird/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1756099179 -SHA256 (go/security_netbird/netbird-v0.56.0/v0.56.0.mod) = e817264ac86111dbad8241ebaa0896fceeeb3c5aa2f8a1d36e84100e05975489 -SIZE (go/security_netbird/netbird-v0.56.0/v0.56.0.mod) = 12619 -SHA256 (go/security_netbird/netbird-v0.56.0/v0.56.0.zip) = 750c6be8736b9b960509f57d245711b0d7a4b97f15c0f2a1a3ac07aadf20ba63 -SIZE (go/security_netbird/netbird-v0.56.0/v0.56.0.zip) = 3126909 +TIMESTAMP = 1759481572 +SHA256 (go/security_netbird/netbird-v0.59.1/v0.59.1.mod) = a930885bdb739be4a2fbbb2a63b86d0b33d3c2897b45d5f391ef1d9d29db5975 +SIZE (go/security_netbird/netbird-v0.59.1/v0.59.1.mod) = 12607 +SHA256 (go/security_netbird/netbird-v0.59.1/v0.59.1.zip) = 0e1eca9e038d7bf1db3bf67b59f3fa58356fb856c1a68c8fa02e8a609bc21f68 +SIZE (go/security_netbird/netbird-v0.59.1/v0.59.1.zip) = 3188357 diff --git a/security/nss/Makefile b/security/nss/Makefile index 525635c1e763..f7c77344a5f0 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -1,5 +1,5 @@ PORTNAME= nss -PORTVERSION= 3.116 +PORTVERSION= 3.117 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src diff --git a/security/nss/distinfo b/security/nss/distinfo index c913edb41197..0eb1e4a89c39 100644 --- a/security/nss/distinfo +++ b/security/nss/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1757695731 -SHA256 (nss-3.116.tar.gz) = 3938611de4ad1e3b71f27f3cd5ea717a5b5f83bffc9cd427e6d929dc67f2bb73 -SIZE (nss-3.116.tar.gz) = 76661970 +TIMESTAMP = 1759509202 +SHA256 (nss-3.117.tar.gz) = 5786b523a2f2e9295ed10d711960d2e33cd620bb80d6288443eda43553a51996 +SIZE (nss-3.117.tar.gz) = 76684970 diff --git a/security/pam_rssh/Makefile b/security/pam_rssh/Makefile index 07652f65ae6e..0c6fe51224ed 100644 --- a/security/pam_rssh/Makefile +++ b/security/pam_rssh/Makefile @@ -1,7 +1,7 @@ PORTNAME= pam_rssh DISTVERSIONPREFIX=v DISTVERSION= 1.1.0 -PORTREVISION= 19 +PORTREVISION= 20 CATEGORIES= security MAINTAINER= romain@FreeBSD.org diff --git a/security/pdfrip/Makefile b/security/pdfrip/Makefile index bf4a65566578..43787025a24f 100644 --- a/security/pdfrip/Makefile +++ b/security/pdfrip/Makefile @@ -1,7 +1,7 @@ PORTNAME= pdfrip DISTVERSIONPREFIX= v DISTVERSION= 2.0.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= fox@FreeBSD.org diff --git a/security/py-bcrypt/Makefile b/security/py-bcrypt/Makefile index f600a9238ade..283595598671 100644 --- a/security/py-bcrypt/Makefile +++ b/security/py-bcrypt/Makefile @@ -1,6 +1,6 @@ PORTNAME= bcrypt DISTVERSION= 4.3.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-certipy/Makefile b/security/py-certipy/Makefile new file mode 100644 index 000000000000..85a58c2c49ba --- /dev/null +++ b/security/py-certipy/Makefile @@ -0,0 +1,32 @@ +PORTNAME= certipy +PORTVERSION= 0.2.2 +CATEGORIES= security python +MASTER_SITES= PYPI +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= yuri@FreeBSD.org +COMMENT= Utility to create and sign CAs and certificates +WWW= https://github.com/LLNL/certipy + +LICENSE= BSD3CLAUSE +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= ${PY_SETUPTOOLS} \ + ${PYTHON_PKGNAMEPREFIX}setuptools-scm>=7:devel/py-setuptools-scm@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}wheel>0:devel/py-wheel@${PY_FLAVOR} +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography>0:security/py-cryptography@${PY_FLAVOR} +TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}flask>0:www/py-flask@${PY_FLAVOR} + +USES= python +USE_PYTHON= pep517 autoplist concurrent pytest + +TEST_ENV= ${MAKE_ENV} PYTHONPATH=${STAGEDIR}${PYTHONPREFIX_SITELIBDIR} + +NO_ARCH= yes + +do-test: + @cd ${TEST_WRKSRC} && ${SETENV} ${TEST_ENV} ${PYTHON_CMD} -m pytest certipy/test/ -v + +# tests as of 0.2.2: 7 passed, 1 warning in 8.94s + +.include <bsd.port.mk> diff --git a/security/py-certipy/distinfo b/security/py-certipy/distinfo new file mode 100644 index 000000000000..2ef868267d23 --- /dev/null +++ b/security/py-certipy/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1759474134 +SHA256 (certipy-0.2.2.tar.gz) = fef1f3d8819ee29c4c67719171c988302823dfe0b6cfbb47d249f374809ba05e +SIZE (certipy-0.2.2.tar.gz) = 20591 diff --git a/security/py-certipy/files/patch-pyproject.toml b/security/py-certipy/files/patch-pyproject.toml new file mode 100644 index 000000000000..6caafb486e20 --- /dev/null +++ b/security/py-certipy/files/patch-pyproject.toml @@ -0,0 +1,11 @@ +--- pyproject.toml.orig 2025-01-02 23:51:00 UTC ++++ pyproject.toml +@@ -10,7 +10,7 @@ + # SPDX-License-Identifier: BSD-3-Clause + ############################################################################### + [build-system] +-requires = ["setuptools>=64", "setuptools_scm>=7"] ++requires = ["setuptools", "setuptools_scm>=7"] + build-backend = "setuptools.build_meta" + + [project] diff --git a/security/py-certipy/pkg-descr b/security/py-certipy/pkg-descr new file mode 100644 index 000000000000..a238de2106b9 --- /dev/null +++ b/security/py-certipy/pkg-descr @@ -0,0 +1,13 @@ +certipy is a simple python tool for creating certificate authorities +and certificates on the fly. + +Certipy was made to simplify the certificate creation process. To that end, +Certipy exposes methods for creating and managing certificate authorities, +certificates, signing and building trust bundles. + +Behind the scenes Certipy: + +* Manages records of all certificates it creates +* External certs can be imported and managed by Certipy +* Maintains signing hierarchy +* Persists certificates to files with appropriate permissions diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile index 4196068bf9b6..5c0c9fabfec5 100644 --- a/security/py-cryptography/Makefile +++ b/security/py-cryptography/Makefile @@ -1,6 +1,6 @@ PORTNAME= cryptography PORTVERSION= 44.0.3 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= security python MASTER_SITES= PYPI diff --git a/security/rage-encryption/Makefile b/security/rage-encryption/Makefile index 688f7197901f..e79fef92dda4 100644 --- a/security/rage-encryption/Makefile +++ b/security/rage-encryption/Makefile @@ -1,7 +1,7 @@ PORTNAME= rage DISTVERSIONPREFIX= v DISTVERSION= 0.11.1 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security PKGNAMESUFFIX= -encryption diff --git a/security/ratify/Makefile b/security/ratify/Makefile index a90853bdb421..d11339ee445b 100644 --- a/security/ratify/Makefile +++ b/security/ratify/Makefile @@ -1,5 +1,6 @@ PORTNAME= ratify DISTVERSION= 2.3.1 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/rpm-sequoia/Makefile b/security/rpm-sequoia/Makefile index 344c34f5b2cf..d0048e6a9974 100644 --- a/security/rpm-sequoia/Makefile +++ b/security/rpm-sequoia/Makefile @@ -1,7 +1,7 @@ PORTNAME= rpm-sequoia DISTVERSIONPREFIX= v DISTVERSION= 1.9.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security archivers MAINTAINER= yuri@FreeBSD.org diff --git a/security/rustls-ffi/Makefile b/security/rustls-ffi/Makefile index 9c6efa0fa885..f2559fb39df6 100644 --- a/security/rustls-ffi/Makefile +++ b/security/rustls-ffi/Makefile @@ -1,7 +1,7 @@ PORTNAME= rustls-ffi DISTVERSIONPREFIX= v DISTVERSION= 0.15.0 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= brnrd@FreeBSD.org diff --git a/security/rustscan/Makefile b/security/rustscan/Makefile index 403a1d9714a0..4f13108ab023 100644 --- a/security/rustscan/Makefile +++ b/security/rustscan/Makefile @@ -1,6 +1,6 @@ PORTNAME= rustscan PORTVERSION= 2.4.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/sequoia-chameleon-gnupg/Makefile b/security/sequoia-chameleon-gnupg/Makefile index f66d9dcdaadb..e9e1ea6e49c6 100644 --- a/security/sequoia-chameleon-gnupg/Makefile +++ b/security/sequoia-chameleon-gnupg/Makefile @@ -1,7 +1,7 @@ PORTNAME= sequoia-chameleon-gnupg DISTVERSIONPREFIX= v DISTVERSION= 0.13.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MAINTAINER= vishwin@FreeBSD.org diff --git a/security/sequoia-sq/Makefile b/security/sequoia-sq/Makefile index 26e06e16fa59..aaf571000b74 100644 --- a/security/sequoia-sq/Makefile +++ b/security/sequoia-sq/Makefile @@ -1,7 +1,7 @@ PORTNAME= sq DISTVERSIONPREFIX= v DISTVERSION= 1.3.1 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security PKGNAMEPREFIX= sequoia- diff --git a/security/sniffglue/Makefile b/security/sniffglue/Makefile index d7331e6fdaf9..6202160c807c 100644 --- a/security/sniffglue/Makefile +++ b/security/sniffglue/Makefile @@ -1,7 +1,7 @@ PORTNAME= sniffglue DISTVERSIONPREFIX= v DISTVERSION= 0.16.1 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= security MAINTAINER= freebsd@sysctl.cz diff --git a/security/ssh-vault/Makefile b/security/ssh-vault/Makefile index 7b45ec510645..d713158ceb49 100644 --- a/security/ssh-vault/Makefile +++ b/security/ssh-vault/Makefile @@ -1,6 +1,6 @@ PORTNAME= ssh-vault PORTVERSION= 1.0.10 -PORTREVISION= 14 +PORTREVISION= 15 CATEGORIES= security MASTER_SITES= CRATESIO DISTFILES= ${CARGO_DIST_SUBDIR}/${DISTNAME}${CARGO_CRATE_EXT} diff --git a/security/sudo-rs/Makefile b/security/sudo-rs/Makefile index a76bfdb2f580..909b431a62a6 100644 --- a/security/sudo-rs/Makefile +++ b/security/sudo-rs/Makefile @@ -1,7 +1,7 @@ PORTNAME= sudo-rs DISTVERSIONPREFIX= v DISTVERSION= 0.2.8 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= marc@trifectatech.org diff --git a/security/suricata/Makefile b/security/suricata/Makefile index ac84d4d9587d..3d1c7bd1e0cd 100644 --- a/security/suricata/Makefile +++ b/security/suricata/Makefile @@ -1,6 +1,6 @@ PORTNAME= suricata DISTVERSION= 7.0.11 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://www.openinfosecfoundation.org/download/ diff --git a/security/vaultwarden/Makefile b/security/vaultwarden/Makefile index 82a26d7d1c4b..0a8fe5576b6d 100644 --- a/security/vaultwarden/Makefile +++ b/security/vaultwarden/Makefile @@ -1,6 +1,6 @@ PORTNAME= vaultwarden DISTVERSION= 1.34.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= mr@FreeBSD.org diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 48a7c5fdc5be..806a5ebf596d 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,401 @@ + <vuln vid="0af2f18e-a119-11f0-9446-f02f7497ecda"> + <topic>redis,valkey -- Out of bound read due to a bug in LUA</topic> + <affects> + <package> + <name>redis</name> + <range><ge>8.2.0</ge><lt>8.2.2</lt></range> + </package> + <package> + <name>redis80</name> + <range><ge>8.0.0</ge><lt>8.0.4</lt></range> + </package> + <package> + <name>redis74</name> + <range><ge>7.4.0</ge><lt>7.4.6</lt></range> + </package> + <package> + <name>redis72</name> + <range><ge>7.2.0</ge><lt>7.2.11</lt></range> + </package> + <package> + <name>redis62</name> + <range><ge>6.2.0</ge><lt>6.2.20</lt></range> + </package> + <package> + <name>valkey</name> + <range><lt>8.1.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>redis reports:</p> + <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-4c68-q8q8-3g4f"> + <p> + An authenticated user may use a specially crafted LUA script to read + out-of-bound data or crash the server and subsequent denial of + service. + The problem exists in all versions of Redis with Lua scripting + An additional workaround to mitigate the problem without patching + the redis-server executable is to prevent users from executing Lua + scripts. This can be done using ACL to block a script by restricting + both the EVAL and FUNCTION command families. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-46819</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-46819</url> + </references> + <dates> + <discovery>2025-10-03</discovery> + <entry>2025-10-04</entry> + </dates> + </vuln> + + <vuln vid="0258d37d-a118-11f0-9446-f02f7497ecda"> + <topic>redis,valkey -- Running Lua function as a different user</topic> + <affects> + <package> + <name>redis</name> + <range><ge>8.2.0</ge><lt>8.2.2</lt></range> + </package> + <package> + <name>redis80</name> + <range><ge>8.0.0</ge><lt>8.0.4</lt></range> + </package> + <package> + <name>redis74</name> + <range><ge>7.4.0</ge><lt>7.4.6</lt></range> + </package> + <package> + <name>redis72</name> + <range><ge>7.2.0</ge><lt>7.2.11</lt></range> + </package> + <package> + <name>redis62</name> + <range><ge>6.2.0</ge><lt>6.2.20</lt></range> + </package> + <package> + <name>valkey</name> + <range><lt>8.1.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>redis reports:</p> + <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-qrv7-wcrx-q5jp"> + <p> + An authenticated user may use a specially crafted Lua script to + manipulate different LUA objects and potentially run their own code + in the context of another user + The problem exists in all versions of Redis with Lua scripting. + An additional workaround to mitigate the problem without patching + the redis-server executable is to prevent users from executing Lua + scripts. This can be done using ACL to block a script by restricting + both the EVAL and FUNCTION command families. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-46818</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-46818</url> + </references> + <dates> + <discovery>2025-10-03</discovery> + <entry>2025-10-04</entry> + </dates> + </vuln> + + <vuln vid="f6b8de04-a116-11f0-9446-f02f7497ecda"> + <topic>redis,valkey -- Lua library commands may lead to integer overflow and potential RCE</topic> + <affects> + <package> + <name>redis</name> + <range><ge>8.2.0</ge><lt>8.2.2</lt></range> + </package> + <package> + <name>redis80</name> + <range><ge>8.0.0</ge><lt>8.0.4</lt></range> + </package> + <package> + <name>redis74</name> + <range><ge>7.4.0</ge><lt>7.4.6</lt></range> + </package> + <package> + <name>redis72</name> + <range><ge>7.2.0</ge><lt>7.2.11</lt></range> + </package> + <package> + <name>redis62</name> + <range><ge>6.2.0</ge><lt>6.2.20</lt></range> + </package> + <package> + <name>valkey</name> + <range><lt>8.1.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>redis reports:</p> + <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-m8fj-85cg-7vhp"> + <p> + An authenticated user may use a specially crafted Lua script to + cause an integer overflow and potentially lead to remote code + execution + The problem exists in all versions of Redis with Lua scripting. + An additional workaround to mitigate the problem without patching + the redis-server executable is to prevent users from executing Lua + scripts. This can be done using ACL to block a script by restricting + both the EVAL and FUNCTION command families. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-46817</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-46817</url> + </references> + <dates> + <discovery>2025-10-03</discovery> + <entry>2025-10-04</entry> + </dates> + </vuln> + + <vuln vid="17e85cae-a115-11f0-9446-f02f7497ecda"> + <topic>redis,valkey -- Lua Use-After-Free may lead to remote code execution</topic> + <affects> + <package> + <name>redis</name> + <range><ge>8.2.0</ge><lt>8.2.2</lt></range> + </package> + <package> + <name>redis80</name> + <range><ge>8.0.0</ge><lt>8.0.4</lt></range> + </package> + <package> + <name>redis74</name> + <range><ge>7.4.0</ge><lt>7.4.6</lt></range> + </package> + <package> + <name>redis72</name> + <range><ge>7.2.0</ge><lt>7.2.11</lt></range> + </package> + <package> + <name>redis62</name> + <range><ge>6.2.0</ge><lt>6.2.20</lt></range> + </package> + <package> + <name>valkey</name> + <range><lt>8.1.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>redis reports:</p> + <blockquote cite="https://github.com/redis/redis/security/advisories/GHSA-4789-qfc9-5f9q"> + <p> + An authenticated user may use a specially crafted Lua script to + manipulate the garbage collector, trigger a use-after-free and + potentially lead to remote code execution. + The problem exists in all versions of Redis with Lua scripting. + An additional workaround to mitigate the problem without patching the + redis-server executable is to prevent users from executing Lua scripts. + This can be done using ACL to restrict EVAL and EVALSHA commands. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-49844</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-49844</url> + </references> + <dates> + <discovery>2025-10-03</discovery> + <entry>2025-10-04</entry> + </dates> + </vuln> + + <vuln vid="c27c05a7-a0c8-11f0-8471-4ccc6adda413"> + <topic>qt6-webengine -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>qt6-pdf</name> + <name>qt6-webengine</name> + <range><lt>6.9.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Qt qtwebengine-chromium repo reports:</p> + <blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based"> + <p>Backports for 9 security bugs in Chromium:</p> + <ul> + <li>CVE-2025-9866: Determine whether to bypass redirect checks per request</li> + <li>CVE-2025-10200: Use after free in Serviceworker</li> + <li>CVE-2025-10201: Inappropriate implementation in Mojo</li> + <li>CVE-2025-10500: Use after free in Dawn</li> + <li>CVE-2025-10501: Use after free in WebRTC</li> + <li>CVE-2025-10502: Heap buffer overflow in ANGLE</li> + <li>CVE-2025-10890: Side-channel information leakage in V8 (1/2)</li> + <li>CVE-2025-10891: Integer overflow in V8</li> + <li>CVE-2025-10892: Integer overflow in V8</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9866</cvename> + <cvename>CVE-2025-10200</cvename> + <cvename>CVE-2025-10201</cvename> + <cvename>CVE-2025-10500</cvename> + <cvename>CVE-2025-10501</cvename> + <cvename>CVE-2025-10502</cvename> + <cvename>CVE-2025-10890</cvename> + <cvename>CVE-2025-10891</cvename> + <cvename>CVE-2025-10892</cvename> + <url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=130-based</url> + </references> + <dates> + <discovery>2025-09-25</discovery> + <entry>2025-10-04</entry> + </dates> + </vuln> + + <vuln vid="21fba35e-a05f-11f0-a8b8-a1ef31191bc1"> + <topic>fetchmail -- potential crash when authenticating to SMTP server</topic> + <affects> + <package> + <name>fetchmail</name> + <range><ge>5.9.9</ge><lt>6.5.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Matthias Andree reports:</p> + <blockquote cite="https://www.fetchmail.info/fetchmail-SA-2025-01.txt"> + <p> + fetchmail's SMTP client, when configured to authenticate, is + susceptible to a protocol violation where, when a trusted but + malicious or malfunctioning SMTP server responds to an + authentication request with a "334" code but without a following + blank on the line, it will attempt to start reading from memory + address 0x1 to parse the server's SASL challenge. This address is + constant and not under the attacker's control. This event will + usually cause a crash of fetchmail. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-61962</cvename> + <url>https://www.fetchmail.info/fetchmail-SA-2025-01.txt</url> + <url>https://gitlab.com/fetchmail/fetchmail/-/raw/legacy_6x/fetchmail-SA-2025-01.txt?ref_type=heads</url> + <url>https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8</url> + </references> + <dates> + <discovery>2025-10-02</discovery> + <entry>2025-10-03</entry> + <modified>2025-10-04</modified> + </dates> + </vuln> + + <vuln vid="169a87de-a157-4558-9f97-a7395a9ae144"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>141.0.7390.54</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>141.0.7390.54</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html"> + <p>This update includes 21 security fixes:</p> + <ul> + <li>[442444724] High CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG on 2025-09-02</li> + <li>[444755026] High CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl on 2025-09-12</li> + <li>[428189824] Medium CVE-2025-11207: Side-channel information leakage in Storage. Reported by Alesandro Ortiz on 2025-06-27</li> + <li>[397878997] Medium CVE-2025-11208: Inappropriate implementation in Media. Reported by Kevin Joensen on 2025-02-20</li> + <li>[438226517] Medium CVE-2025-11209: Inappropriate implementation in Omnibox. Reported by Hafiizh on 2025-08-13</li> + <li>[440523110] Medium CVE-2025-11210: Side-channel information leakage in Tab. Reported by Umar Farooq on 2025-08-22</li> + <li>[441917796] Medium CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob on 2025-08-29</li> + <li>[420734141] Medium CVE-2025-11212: Inappropriate implementation in Media. Reported by Ameen Basha M K on 2025-05-28</li> + <li>[443408317] Medium CVE-2025-11213: Inappropriate implementation in Omnibox. Reported by Hafiizh on 2025-09-06</li> + <li>[439758498] Medium CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep on 2025-08-19</li> + <li>[419721056] Low CVE-2025-11216: Inappropriate implementation in Storage. Reported by Farras Givari on 2025-05-23</li> + <li>[439772737] Low CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep on 2025-08-19</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11205</cvename> + <cvename>CVE-2025-11206</cvename> + <cvename>CVE-2025-11207</cvename> + <cvename>CVE-2025-11208</cvename> + <cvename>CVE-2025-11209</cvename> + <cvename>CVE-2025-11210</cvename> + <cvename>CVE-2025-11211</cvename> + <cvename>CVE-2025-11212</cvename> + <cvename>CVE-2025-11213</cvename> + <cvename>CVE-2025-11215</cvename> + <cvename>CVE-2025-11216</cvename> + <cvename>CVE-2025-11219</cvename> + <url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html</url> + </references> + <dates> + <discovery>2025-09-30</discovery> + <entry>2025-10-03</entry> + </dates> + </vuln> + + <vuln vid="90fc859e-9fe4-11f0-9fa2-080027836e8b"> + <topic>Django -- multiple vulnerabilities</topic> + <affects> + <package> + <name>py39-django42</name> + <name>py310-django42</name> + <name>py311-django42</name> + <range><lt>4.2.25</lt></range> + </package> + <package> + <name>py310-django51</name> + <name>py311-django51</name> + <range><lt>5.1.13</lt></range> + </package> + <package> + <name>py310-django52</name> + <name>py311-django52</name> + <range><lt>5.2.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Django reports:</p> + <blockquote cite="https://www.djangoproject.com/weblog/2025/oct/01/security-releases/"> + <p>CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB.</p> + <p>CVE-2025-59682: Potential partial directory-traversal via archive.extract().</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-59681</cvename> + <cvename>CVE-2025-59682</cvename> + <url>https://www.djangoproject.com/weblog/2025/oct/01/security-releases/</url> + </references> + <dates> + <discovery>2025-10-01</discovery> + <entry>2025-10-02</entry> + </dates> + </vuln> + <vuln vid="cb570d6f-9ea9-11f0-9446-f02f7497ecda"> <topic>py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL</topic> <affects> @@ -85,11 +483,13 @@ <cvename>CVE-2025-9230</cvename> <cvename>CVE-2025-9231</cvename> <cvename>CVE-2025-9232</cvename> + <freebsdsa>SA-25:08.openssl</freebsdsa> <url>https://openssl-library.org/news/secadv/20250930.txt</url> </references> <dates> <discovery>2025-09-30</discovery> <entry>2025-10-01</entry> + <modified>2025-10-03</modified> </dates> </vuln> |