diff options
Diffstat (limited to 'security')
45 files changed, 227 insertions, 174 deletions
diff --git a/security/Makefile b/security/Makefile index fbfc8471a1f5..4c01467ae32d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1066,6 +1066,7 @@ SUBDIR += py-securesystemslib SUBDIR += py-service-identity SUBDIR += py-signedjson + SUBDIR += py-signxml SUBDIR += py-social-auth-core SUBDIR += py-spake2 SUBDIR += py-ssh-audit diff --git a/security/aws-c-auth/Makefile b/security/aws-c-auth/Makefile index 77592156a966..bd723975d7a5 100644 --- a/security/aws-c-auth/Makefile +++ b/security/aws-c-auth/Makefile @@ -1,6 +1,6 @@ PORTNAME= aws-c-auth DISTVERSIONPREFIX= v -DISTVERSION= 0.9.0 +DISTVERSION= 0.9.1 CATEGORIES= security MAINTAINER= eduardo@FreeBSD.org diff --git a/security/aws-c-auth/distinfo b/security/aws-c-auth/distinfo index c3f580df1db8..b950bee4af3c 100644 --- a/security/aws-c-auth/distinfo +++ b/security/aws-c-auth/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1743191973 -SHA256 (awslabs-aws-c-auth-v0.9.0_GH0.tar.gz) = aa6e98864fefb95c249c100da4ae7aed36ba13a8a91415791ec6fad20bec0427 -SIZE (awslabs-aws-c-auth-v0.9.0_GH0.tar.gz) = 265696 +TIMESTAMP = 1757251762 +SHA256 (awslabs-aws-c-auth-v0.9.1_GH0.tar.gz) = adae1e725d9725682366080b8bf8e49481650c436b846ceeb5efe955d5e03273 +SIZE (awslabs-aws-c-auth-v0.9.1_GH0.tar.gz) = 265755 diff --git a/security/aws-lc/Makefile b/security/aws-lc/Makefile index b2c1dac66de6..99eff2b0deec 100644 --- a/security/aws-lc/Makefile +++ b/security/aws-lc/Makefile @@ -1,11 +1,8 @@ PORTNAME= aws-lc -PORTVERSION= 1.57.1 +PORTVERSION= 1.59.0 DISTVERSIONPREFIX= v CATEGORIES= security -PATCH_SITES= https://github.com/aws/aws-lc/commit/ -PATCHFILES= 125f94c2c26559ed93a22f1cc5880efe46f0b937.patch:-p1 - MAINTAINER= sunpoet@FreeBSD.org COMMENT= AWS libcrypto WWW= https://github.com/aws/aws-lc diff --git a/security/aws-lc/distinfo b/security/aws-lc/distinfo index 2327bcddd04b..ee331f192075 100644 --- a/security/aws-lc/distinfo +++ b/security/aws-lc/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1755062466 -SHA256 (aws-aws-lc-v1.57.1_GH0.tar.gz) = 1c434d294594a82f1c046aa4e172277b5b549f7b5c89225e3cb2222b94744ca8 -SIZE (aws-aws-lc-v1.57.1_GH0.tar.gz) = 127164147 +TIMESTAMP = 1757120534 +SHA256 (aws-aws-lc-v1.59.0_GH0.tar.gz) = fcc179ab0f7801b8416bf27cb16cfb8ee7dff78df364afdf432ba5eb50f42b22 +SIZE (aws-aws-lc-v1.59.0_GH0.tar.gz) = 127302583 SHA256 (125f94c2c26559ed93a22f1cc5880efe46f0b937.patch) = a07ef67b487b47168384d70b7f7bd2b6a8479e037e09087c34f9f083c88411f2 SIZE (125f94c2c26559ed93a22f1cc5880efe46f0b937.patch) = 2046 diff --git a/security/ca_root_nss/Makefile b/security/ca_root_nss/Makefile index 581eaf31b155..5a7cfdd6e5eb 100644 --- a/security/ca_root_nss/Makefile +++ b/security/ca_root_nss/Makefile @@ -1,5 +1,6 @@ PORTNAME= ca_root_nss PORTVERSION= ${VERSION_NSS} +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX} @@ -18,6 +19,7 @@ WRKSRC_SUBDIR= nss OPTIONS_DEFINE= ETCSYMLINK OPTIONS_DEFAULT= ETCSYMLINK +OPTIONS_EXCLUDE_FreeBSD_15= ETCSYMLINK OPTIONS_SUB= yes diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile index 44f30253b5b2..690ac26738d8 100644 --- a/security/openvpn/Makefile +++ b/security/openvpn/Makefile @@ -1,6 +1,6 @@ PORTNAME= openvpn DISTVERSION= 2.6.14 -PORTREVISION?= 2 +PORTREVISION?= 3 CATEGORIES= security net net-vpn MASTER_SITES= https://swupdate.openvpn.org/community/releases/ \ https://build.openvpn.net/downloads/releases/ \ diff --git a/security/openvpn/files/patch-src_openvpn_dco__freebsd.c b/security/openvpn/files/patch-src_openvpn_dco__freebsd.c index 22c24baa9ec3..686fc6584be7 100644 --- a/security/openvpn/files/patch-src_openvpn_dco__freebsd.c +++ b/security/openvpn/files/patch-src_openvpn_dco__freebsd.c @@ -1,6 +1,6 @@ --- src/openvpn/dco_freebsd.c.orig 2025-04-02 06:53:10 UTC +++ src/openvpn/dco_freebsd.c -@@ -72,6 +72,67 @@ sockaddr_to_nvlist(const struct sockaddr *sa) +@@ -72,6 +72,61 @@ sockaddr_to_nvlist(const struct sockaddr *sa) return (nvl); } @@ -32,10 +32,7 @@ + + in->sin_len = sizeof(*in); + data = nvlist_get_binary(nvl, "address", &len); -+ if (len != sizeof(in->sin_addr)) -+ { -+ return (false); -+ } ++ ASSERT(len == sizeof(in->sin_addr)); + memcpy(&in->sin_addr, data, sizeof(in->sin_addr)); + in->sin_port = nvlist_get_number(nvl, "port"); + break; @@ -49,10 +46,7 @@ + + in6->sin6_len = sizeof(*in6); + data = nvlist_get_binary(nvl, "address", &len); -+ if (len != sizeof(in6->sin6_addr)) -+ { -+ return (false); -+ } ++ ASSERT(len == sizeof(in6->sin6_addr)); + memcpy(&in6->sin6_addr, data, sizeof(in6->sin6_addr)); + in6->sin6_port = nvlist_get_number(nvl, "port"); + break; @@ -68,7 +62,7 @@ int dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd, struct sockaddr *localaddr, struct sockaddr *remoteaddr, -@@ -570,6 +631,25 @@ dco_do_read(dco_context_t *dco) +@@ -570,6 +625,25 @@ dco_do_read(dco_context_t *dco) case OVPN_NOTIF_ROTATE_KEY: dco->dco_message_type = OVPN_CMD_SWAP_KEYS; break; diff --git a/security/openvpn/files/patch-src_openvpn_init.c b/security/openvpn/files/patch-src_openvpn_init.c new file mode 100644 index 000000000000..0d09e6050236 --- /dev/null +++ b/security/openvpn/files/patch-src_openvpn_init.c @@ -0,0 +1,22 @@ +--- src/openvpn/init.c.orig 2025-04-02 06:53:10 UTC ++++ src/openvpn/init.c +@@ -330,7 +330,7 @@ management_callback_remote_entry_count(void *arg) + static unsigned int + management_callback_remote_entry_count(void *arg) + { +- assert(arg); ++ ASSERT(arg); + struct context *c = (struct context *) arg; + struct connection_list *l = c->options.connection_list; + +@@ -340,8 +340,8 @@ management_callback_remote_entry_get(void *arg, unsign + static bool + management_callback_remote_entry_get(void *arg, unsigned int index, char **remote) + { +- assert(arg); +- assert(remote); ++ ASSERT(arg); ++ ASSERT(remote); + + struct context *c = (struct context *) arg; + struct connection_list *l = c->options.connection_list; diff --git a/security/pecl-gnupg/Makefile b/security/pecl-gnupg/Makefile index dd2eb5172e17..acff4677d2fe 100644 --- a/security/pecl-gnupg/Makefile +++ b/security/pecl-gnupg/Makefile @@ -1,6 +1,5 @@ PORTNAME= gnupg -PORTVERSION= 1.5.3 -PORTREVISION= 1 +PORTVERSION= 1.5.4 CATEGORIES= security MAINTAINER= sunpoet@FreeBSD.org diff --git a/security/pecl-gnupg/distinfo b/security/pecl-gnupg/distinfo index 52ded8388151..96fec406399e 100644 --- a/security/pecl-gnupg/distinfo +++ b/security/pecl-gnupg/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1749813026 -SHA256 (PECL/gnupg-1.5.3.tgz) = c1555e0c86a7f6d95141530761c1ecf3fe8dbf76e14727e6f885cd7e034bdfd2 -SIZE (PECL/gnupg-1.5.3.tgz) = 47696 +TIMESTAMP = 1757120606 +SHA256 (PECL/gnupg-1.5.4.tgz) = 4d4a0980759bf259e4129ef02cb592bbeb103b4005e7b4bb6945d79488951a50 +SIZE (PECL/gnupg-1.5.4.tgz) = 47874 diff --git a/security/pecl-gnupg/files/patch-gnupg.c b/security/pecl-gnupg/files/patch-gnupg.c deleted file mode 100644 index fda8f01312fd..000000000000 --- a/security/pecl-gnupg/files/patch-gnupg.c +++ /dev/null @@ -1,41 +0,0 @@ -The trustlist feature has been deprecated in Gpgme since 2003 and was removed -in version 2.0.0. - ---- gnupg.c.orig 2025-06-02 18:54:02 UTC -+++ gnupg.c -@@ -341,7 +341,9 @@ phpc_function_entry gnupg_methods[] = { - PHP_GNUPG_FALIAS(addencryptkey, arginfo_gnupg_key_method) - PHP_GNUPG_FALIAS(adddecryptkey, arginfo_gnupg_key_passphrase_method) - PHP_GNUPG_FALIAS(deletekey, arginfo_gnupg_deletekey_method) -+#if GPGME_VERSION_NUMBER < 0x020000 /* GPGME < 2.0.0 */ - PHP_GNUPG_FALIAS(gettrustlist, arginfo_gnupg_pattern_method) -+#endif - PHP_GNUPG_FALIAS(listsignatures, arginfo_gnupg_keyid_method) - PHP_GNUPG_FALIAS(seterrormode, arginfo_gnupg_errmode_method) - PHPC_FE_END -@@ -483,7 +485,9 @@ static zend_function_entry gnupg_functions[] = { - PHP_FE(gnupg_addencryptkey, arginfo_gnupg_key_function) - PHP_FE(gnupg_adddecryptkey, arginfo_gnupg_key_passphrase_function) - PHP_FE(gnupg_deletekey, arginfo_gnupg_deletekey_function) -+#if GPGME_VERSION_NUMBER < 0x020000 /* GPGME < 2.0.0 */ - PHP_FE(gnupg_gettrustlist, arginfo_gnupg_pattern_function) -+#endif - PHP_FE(gnupg_listsignatures, arginfo_gnupg_keyid_function) - PHP_FE(gnupg_seterrormode, arginfo_gnupg_errmode_function) - PHPC_FE_END -@@ -1936,6 +1940,7 @@ PHP_FUNCTION(gnupg_deletekey) - } - /* }}} */ - -+#if GPGME_VERSION_NUMBER < 0x020000 /* GPGME < 2.0.0 */ - /* {{{ proto array gnupg_gettrustlist(string pattern) - * searching for trust items which match PATTERN - */ -@@ -1980,6 +1985,7 @@ PHP_FUNCTION(gnupg_gettrustlist) - } - } - /* }}} */ -+#endif - - /* {{{ proto array gnupg_listsignatures(string keyid) */ - PHP_FUNCTION(gnupg_listsignatures) diff --git a/security/pecl-gnupg/files/patch-php85 b/security/pecl-gnupg/files/patch-php85 deleted file mode 100644 index de4a30311382..000000000000 --- a/security/pecl-gnupg/files/patch-php85 +++ /dev/null @@ -1,31 +0,0 @@ ---- gnupg_keylistiterator.c.orig 2025-06-02 18:54:02 UTC -+++ gnupg_keylistiterator.c -@@ -201,7 +201,7 @@ PHP_METHOD(gnupg_keylistiterator, rewind) - - if ((PHPC_THIS->err = gpgme_op_keylist_start( - PHPC_THIS->ctx, PHPC_THIS->pattern ? PHPC_THIS->pattern : "", 0)) != GPG_ERR_NO_ERROR){ -- zend_throw_exception(zend_exception_get_default(TSRMLS_C), (char *)gpg_strerror(PHPC_THIS->err), 1 TSRMLS_CC); -+ zend_throw_exception(zend_ce_exception, (char *)gpg_strerror(PHPC_THIS->err), 1 TSRMLS_CC); - } - if ((PHPC_THIS->err = gpgme_op_keylist_next(PHPC_THIS->ctx, &PHPC_THIS->gpgkey)) != GPG_ERR_NO_ERROR){ - RETURN_FALSE; ---- gnupg.c.orig 2025-06-02 18:54:02 UTC -+++ gnupg.c -@@ -64,7 +64,7 @@ PHPC_OBJ_DEFINE_HANDLER_VAR(gnupg); - break; \ - case 2: \ - zend_throw_exception(\ -- zend_exception_get_default(TSRMLS_C), \ -+ zend_ce_exception, \ - (char*) error, \ - 0 TSRMLS_CC \ - ); \ -@@ -169,7 +169,7 @@ static void php_gnupg_this_make(PHPC_THIS_DECLARE(gnup - if (gpgme_ctx_set_engine_info( - ctx, GPGME_PROTOCOL_OpenPGP, file_name, home_dir) != GPG_ERR_NO_ERROR) { - zend_throw_exception( -- zend_exception_get_default(TSRMLS_C), -+ zend_ce_exception, - (char*) "Setting engine info failed", - 0 TSRMLS_CC - ); diff --git a/security/py-authlib/Makefile b/security/py-authlib/Makefile index b527bb8c9863..56b2bb82b717 100644 --- a/security/py-authlib/Makefile +++ b/security/py-authlib/Makefile @@ -1,5 +1,5 @@ PORTNAME= authlib -PORTVERSION= 1.6.1 +PORTVERSION= 1.6.3 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-authlib/distinfo b/security/py-authlib/distinfo index d864619a8bce..b5637dd84b1e 100644 --- a/security/py-authlib/distinfo +++ b/security/py-authlib/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1753265790 -SHA256 (authlib-1.6.1.tar.gz) = 4dffdbb1460ba6ec8c17981a4c67af7d8af131231b5a36a88a1e8c80c111cdfd -SIZE (authlib-1.6.1.tar.gz) = 159988 +TIMESTAMP = 1757120812 +SHA256 (authlib-1.6.3.tar.gz) = 9f7a982cc395de719e4c2215c5707e7ea690ecf84f1ab126f28c053f4219e610 +SIZE (authlib-1.6.3.tar.gz) = 160836 diff --git a/security/py-cryptojwt/Makefile b/security/py-cryptojwt/Makefile index 515dbf8eb5af..3ee84f750580 100644 --- a/security/py-cryptojwt/Makefile +++ b/security/py-cryptojwt/Makefile @@ -1,5 +1,5 @@ PORTNAME= cryptojwt -PORTVERSION= 1.9.4 +PORTVERSION= 1.10.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -12,8 +12,9 @@ WWW= https://cryptojwt.readthedocs.io/en/latest/ \ LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}poetry-core>=1.0.0:devel/py-poetry-core@${PY_FLAVOR} -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}requests>=2.25.1<3:www/py-requests@${PY_FLAVOR} +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}hatchling>=0:devel/py-hatchling@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}uv-dynamic-versioning>=0:devel/py-uv-dynamic-versioning@${PY_FLAVOR} +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}requests>=2.25.1:www/py-requests@${PY_FLAVOR} USES= python shebangfix USE_PYTHON= autoplist concurrent cryptography pep517 diff --git a/security/py-cryptojwt/distinfo b/security/py-cryptojwt/distinfo index 97e73204deed..ca087d3591c4 100644 --- a/security/py-cryptojwt/distinfo +++ b/security/py-cryptojwt/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1744215559 -SHA256 (cryptojwt-1.9.4.tar.gz) = 6daa5c9a8841e34947410008c3cbfdb4330d4024961e4e623012b545f991de0c -SIZE (cryptojwt-1.9.4.tar.gz) = 64480 +TIMESTAMP = 1757120814 +SHA256 (cryptojwt-1.10.0.tar.gz) = 12bed4604adedc2f60cc529627b1283cd15abfd6c291efdc0b5225867c39415b +SIZE (cryptojwt-1.10.0.tar.gz) = 151945 diff --git a/security/py-joserfc/Makefile b/security/py-joserfc/Makefile index 09603c34e6a5..c909e5773db7 100644 --- a/security/py-joserfc/Makefile +++ b/security/py-joserfc/Makefile @@ -1,5 +1,5 @@ PORTNAME= joserfc -PORTVERSION= 1.2.2 +PORTVERSION= 1.3.1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-joserfc/distinfo b/security/py-joserfc/distinfo index 62b3a48b759b..d994f1b7109c 100644 --- a/security/py-joserfc/distinfo +++ b/security/py-joserfc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752566724 -SHA256 (joserfc-1.2.2.tar.gz) = 0d2a84feecef96168635fd9bf288363fc75b4afef3d99691f77833c8e025d200 -SIZE (joserfc-1.2.2.tar.gz) = 192865 +TIMESTAMP = 1757120816 +SHA256 (joserfc-1.3.1.tar.gz) = f682710bffbf2052d7a90e5d808dbaf06832ccac24f697b262837ea052eeb2c9 +SIZE (joserfc-1.3.1.tar.gz) = 195967 diff --git a/security/py-pyhanko-certvalidator/Makefile b/security/py-pyhanko-certvalidator/Makefile index 4da59bde9079..b995b3135b2a 100644 --- a/security/py-pyhanko-certvalidator/Makefile +++ b/security/py-pyhanko-certvalidator/Makefile @@ -1,5 +1,5 @@ PORTNAME= pyhanko-certvalidator -PORTVERSION= 0.27.0 +PORTVERSION= 0.28.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -28,6 +28,6 @@ NO_ARCH= yes OPTIONS_DEFINE= ASYNC_HTTP ASYNC_HTTP_DESC=Asynchronous support -ASYNC_HTTP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>=3.8<3.12:www/py-aiohttp@${PY_FLAVOR} +ASYNC_HTTP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>=3.9<3.13:www/py-aiohttp@${PY_FLAVOR} .include <bsd.port.mk> diff --git a/security/py-pyhanko-certvalidator/distinfo b/security/py-pyhanko-certvalidator/distinfo index 551d2a7abd70..19dfbcffe720 100644 --- a/security/py-pyhanko-certvalidator/distinfo +++ b/security/py-pyhanko-certvalidator/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1748107944 -SHA256 (pyhanko_certvalidator-0.27.0.tar.gz) = 94820b23ccecadfa64fa7f61b0427f751edcfa24f1bcbfb052b5780bdeab3def -SIZE (pyhanko_certvalidator-0.27.0.tar.gz) = 104111 +TIMESTAMP = 1757120820 +SHA256 (pyhanko_certvalidator-0.28.0.tar.gz) = 6b2911520a3e9cf24a640f67488fadac82ad3818f4256ddfb7e8fa1fada80f2d +SIZE (pyhanko_certvalidator-0.28.0.tar.gz) = 93049 diff --git a/security/py-pyhanko-certvalidator/files/patch-pyproject.toml b/security/py-pyhanko-certvalidator/files/patch-pyproject.toml index d7e06f702bf3..610cbd5c387d 100644 --- a/security/py-pyhanko-certvalidator/files/patch-pyproject.toml +++ b/security/py-pyhanko-certvalidator/files/patch-pyproject.toml @@ -1,14 +1,11 @@ ---- pyproject.toml.orig 2025-05-24 11:55:40 UTC +--- pyproject.toml.orig 2025-08-23 12:29:44 UTC +++ pyproject.toml -@@ -1,6 +1,6 @@ requires = [ +@@ -1,12 +1,11 @@ [build-system] - requires = [ -- "setuptools>=67.4", -+ "setuptools>=61", - "wheel" - ] +-requires = ["setuptools>=80.8.0"] ++requires = ["setuptools>=61"] build-backend = "setuptools.build_meta" -@@ -8,8 +8,7 @@ authors = [{name = "Matthias Valvekens", email = "dev@ + [project] name = "pyhanko-certvalidator" authors = [{name = "Matthias Valvekens", email = "dev@mvalvekens.be"}] diff --git a/security/py-pyhanko-cli/Makefile b/security/py-pyhanko-cli/Makefile index d5834355e802..7bf271af369f 100644 --- a/security/py-pyhanko-cli/Makefile +++ b/security/py-pyhanko-cli/Makefile @@ -1,14 +1,15 @@ PORTNAME= pyhanko-cli -DISTNAME= pyhanko_cli-${PORTVERSION} PORTVERSION= 0.1.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} +DISTNAME= pyhanko_cli-${PORTVERSION} MAINTAINER= sunpoet@FreeBSD.org COMMENT= CLI tools for stamping and signing PDF files -WWW= https://pyhanko.readthedocs.io/en/latest/cli-guide/ \ +WWW= https://docs.pyhanko.eu/en/latest/cli-guide/ \ + https://github.com/MatthiasValvekens/pyHanko/tree/master/pkgs/pyhanko-cli \ https://github.com/MatthiasValvekens/pyHanko LICENSE= MIT @@ -18,8 +19,8 @@ BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=61:devel/py-setuptools@${PY_FL ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}asn1crypto>=1.5.1:devel/py-asn1crypto@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}click>=8.1.3:devel/py-click@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pyhanko>=0.29.1<0.30:security/py-pyhanko@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pyhanko-certvalidator>=0.27.0<0.28:security/py-pyhanko-certvalidator@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pyhanko>=0.29.1:security/py-pyhanko@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pyhanko-certvalidator>=0.27.0:security/py-pyhanko-certvalidator@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}tzlocal>=4.3:devel/py-tzlocal@${PY_FLAVOR} USES= python diff --git a/security/py-pyhanko-cli/files/patch-pyproject.toml b/security/py-pyhanko-cli/files/patch-pyproject.toml index 975a0994ebe7..06d2d28e40b6 100644 --- a/security/py-pyhanko-cli/files/patch-pyproject.toml +++ b/security/py-pyhanko-cli/files/patch-pyproject.toml @@ -17,3 +17,14 @@ keywords = [ "signature", "pdf", +@@ -33,8 +32,8 @@ dependencies = [ + dependencies = [ + "asn1crypto>=1.5.1", + "tzlocal>=4.3", +- "pyhanko>=0.29.1,<0.30", +- "pyhanko-certvalidator>=0.27.0,<0.28", ++ "pyhanko>=0.29.1", ++ "pyhanko-certvalidator>=0.27.0", + "click>=8.1.3,!=8.2.0", + ] + version = "0.1.2" diff --git a/security/py-pyhanko/Makefile b/security/py-pyhanko/Makefile index 15de838aa27f..0925ddb157b7 100644 --- a/security/py-pyhanko/Makefile +++ b/security/py-pyhanko/Makefile @@ -1,6 +1,5 @@ PORTNAME= pyhanko -PORTVERSION= 0.29.1 -PORTREVISION= 1 +PORTVERSION= 0.30.0 CATEGORIES= security python MASTER_SITES= PYPI \ https://github.com/MatthiasValvekens/pyHanko/releases/download/v${PORTVERSION}/ @@ -8,7 +7,7 @@ PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} MAINTAINER= sunpoet@FreeBSD.org COMMENT= Tools for stamping and signing PDF files -WWW= https://pyhanko.readthedocs.io/en/latest/ \ +WWW= https://docs.pyhanko.eu/en/latest/ \ https://github.com/MatthiasValvekens/pyHanko LICENSE= MIT @@ -19,7 +18,7 @@ BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=61:devel/py-setuptools@${PY_FL RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}asn1crypto>=1.5.1:devel/py-asn1crypto@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}click>=8.1.3<8.2.0:devel/py-click@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}defusedxml>=0.7.1<0.8:devel/py-defusedxml@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pyhanko-certvalidator>=0.27.0<0.28:security/py-pyhanko-certvalidator@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pyhanko-certvalidator>=0.28.0<0.29:security/py-pyhanko-certvalidator@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyyaml>=6.0:devel/py-pyyaml@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}qrcode>=7.3.1:textproc/py-qrcode@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}requests>=2.31.0:www/py-requests@${PY_FLAVOR} \ @@ -30,21 +29,22 @@ USE_PYTHON= autoplist concurrent cryptography pep517 NO_ARCH= yes -OPTIONS_DEFINE= ASYNC_HTTP ETSI IMAGE_SUPPORT OPENTYPE PKGCS11 XMP +OPTIONS_DEFINE= ASYNC_HTTP ETSI IMAGE_SUPPORT OPENTYPE PKCS11 XMP ASYNC_HTTP_DESC=Asynchronous support ETSI_DESC= European Telecommunications Standards Institute (ETSI) IMAGE_SUPPORT_DESC= Image handling support OPENTYPE_DESC= OpenType/TrueType support -PKGCS11_DESC= PKGCS\#11 support +PKCS11_DESC= PKCS\#11 support XMP_DESC= XMP (Extensible Metadata Platform) support ASYNC_HTTP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>=3.9<3.13:www/py-aiohttp@${PY_FLAVOR} -ETSI_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}xsdata>=24.4<26.0:devel/py-xsdata@${PY_FLAVOR} +ETSI_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}xsdata>=24.4<26.0:devel/py-xsdata@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}signxml>=4.2.0:security/py-signxml@${PY_FLAVOR} IMAGE_SUPPORT_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pillow>=7.2.0:graphics/py-pillow@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}python-barcode>=0.15.1<0.15.1_99:graphics/py-python-barcode@${PY_FLAVOR} OPENTYPE_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}fonttools>=4.33.3:print/py-fonttools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}uharfbuzz>=0.25.0<0.51.0:print/py-uharfbuzz@${PY_FLAVOR} -PKGCS11_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}python-pkcs11>=0.8.0<0.9:security/py-python-pkcs11@${PY_FLAVOR} +PKCS11_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}python-pkcs11>=0.9.0<0.10:security/py-python-pkcs11@${PY_FLAVOR} XMP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}defusedxml>=0.7.1<0.8:devel/py-defusedxml@${PY_FLAVOR} .include <bsd.port.mk> diff --git a/security/py-pyhanko/distinfo b/security/py-pyhanko/distinfo index 8f219ecc7a0c..ed1bfa659566 100644 --- a/security/py-pyhanko/distinfo +++ b/security/py-pyhanko/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750954232 -SHA256 (pyhanko-0.29.1.tar.gz) = 4b7787fc9ff325012ce85f24b67c13b1c9507991e2570c955b23522e3a2dc3b6 -SIZE (pyhanko-0.29.1.tar.gz) = 366860 +TIMESTAMP = 1757120818 +SHA256 (pyhanko-0.30.0.tar.gz) = efaa9e5401d4912fa5b2aeb4cdbe729196d98dae0671bd6d37a824dc6fde5ca4 +SIZE (pyhanko-0.30.0.tar.gz) = 405860 diff --git a/security/py-python-pkcs11/Makefile b/security/py-python-pkcs11/Makefile index b632077457e1..5773fb9d9102 100644 --- a/security/py-python-pkcs11/Makefile +++ b/security/py-python-pkcs11/Makefile @@ -1,5 +1,5 @@ PORTNAME= python-pkcs11 -PORTVERSION= 0.8.1 +PORTVERSION= 0.9.0 CATEGORIES= security python MASTER_SITES= PYPI \ https://github.com/pyauth/python-pkcs11/releases/download/v${PORTVERSION}/ diff --git a/security/py-python-pkcs11/distinfo b/security/py-python-pkcs11/distinfo index c0a5f4aad13a..1cc3580ac585 100644 --- a/security/py-python-pkcs11/distinfo +++ b/security/py-python-pkcs11/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750954234 -SHA256 (python_pkcs11-0.8.1.tar.gz) = f9e11df146ce2e6359aeb81fa84c2dd7ab9719f707cdae06ceae22d9e6a10818 -SIZE (python_pkcs11-0.8.1.tar.gz) = 156019 +TIMESTAMP = 1757120822 +SHA256 (python_pkcs11-0.9.0.tar.gz) = 5297de1a30020907af63717003a56d30dcace6fe0022ccaa1d70423f8f836a4d +SIZE (python_pkcs11-0.9.0.tar.gz) = 174604 diff --git a/security/py-signxml/Makefile b/security/py-signxml/Makefile new file mode 100644 index 000000000000..d8b550fa3e56 --- /dev/null +++ b/security/py-signxml/Makefile @@ -0,0 +1,25 @@ +PORTNAME= signxml +PORTVERSION= 4.2.0 +CATEGORIES= security python +MASTER_SITES= PYPI +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= sunpoet@FreeBSD.org +COMMENT= Python XML Signature and XAdES library +WWW= https://xml-security.github.io/signxml/ \ + https://github.com/XML-Security/signxml + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}hatch-vcs>=0:devel/py-hatch-vcs@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}hatchling>=0:devel/py-hatchling@${PY_FLAVOR} +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}certifi>=2023.11.17:security/py-certifi@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}lxml5>=5.2.1<7:devel/py-lxml5@${PY_FLAVOR} + +USES= python +USE_PYTHON= autoplist concurrent cryptography pep517 + +NO_ARCH= yes + +.include <bsd.port.mk> diff --git a/security/py-signxml/distinfo b/security/py-signxml/distinfo new file mode 100644 index 000000000000..3e65f43e86b0 --- /dev/null +++ b/security/py-signxml/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1757120472 +SHA256 (signxml-4.2.0.tar.gz) = 5317b71f682d6b9ebd4a827d564eb43fe8f6edf98030fc30eb629621045441c6 +SIZE (signxml-4.2.0.tar.gz) = 1610974 diff --git a/security/py-signxml/pkg-descr b/security/py-signxml/pkg-descr new file mode 100644 index 000000000000..b16692a92a68 --- /dev/null +++ b/security/py-signxml/pkg-descr @@ -0,0 +1,21 @@ +SignXML is an implementation of the W3C XML Signature standard in Python. This +standard (also known as "XMLDSig") is used to provide payload security in SAML +2.0, XAdES, EBICS, and WS-Security, among other uses. The standard is defined in +the W3C Recommendation XML Signature Syntax and Processing Version 1.1. SignXML +implements all of the required components of the Version 1.1 standard, and most +recommended ones. Its features are: +- Use of a libxml2-based XML parser configured to defend against common XML + attacks when verifying signatures +- Extensions to allow signing with and verifying X.509 certificate chains, + including hostname/CN validation +- Extensions to sign and verify XAdES signatures +- Support for exclusive XML canonicalization with inclusive prefixes + (InclusiveNamespaces PrefixList, required to verify signatures generated by + some SAML implementations) +- Modern Python compatibility (3.9-3.13+ and PyPy) +- Well-supported, portable, reliable dependencies: lxml and cryptography +- Comprehensive testing (including the XMLDSig interoperability suite) and + continuous integration +- Simple interface with useful, ergonomic, and secure defaults (no network + calls, XSLT or XPath transforms) +- Compactness, readability, and extensibility diff --git a/security/py-truststore/Makefile b/security/py-truststore/Makefile index 03832c767a53..12a550387b39 100644 --- a/security/py-truststore/Makefile +++ b/security/py-truststore/Makefile @@ -1,5 +1,5 @@ PORTNAME= truststore -PORTVERSION= 0.10.1 +PORTVERSION= 0.10.4 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -12,7 +12,7 @@ WWW= https://truststore.readthedocs.io/en/latest/ \ LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}flit-core>=3.2<4:devel/py-flit-core@${PY_FLAVOR} +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}flit-core>=3.11<4:devel/py-flit-core@${PY_FLAVOR} USES= python:3.10+ ssl USE_PYTHON= autoplist concurrent pep517 diff --git a/security/py-truststore/distinfo b/security/py-truststore/distinfo index ede564e526e4..3933aabb9b4c 100644 --- a/security/py-truststore/distinfo +++ b/security/py-truststore/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1739116726 -SHA256 (truststore-0.10.1.tar.gz) = eda021616b59021812e800fa0a071e51b266721bef3ce092db8a699e21c63539 -SIZE (truststore-0.10.1.tar.gz) = 26101 +TIMESTAMP = 1757120824 +SHA256 (truststore-0.10.4.tar.gz) = 9d91bd436463ad5e4ee4aba766628dd6cd7010cf3e2461756b3303710eebc301 +SIZE (truststore-0.10.4.tar.gz) = 26169 diff --git a/security/py-truststore/files/patch-pyproject.toml b/security/py-truststore/files/patch-pyproject.toml new file mode 100644 index 000000000000..478ce982457f --- /dev/null +++ b/security/py-truststore/files/patch-pyproject.toml @@ -0,0 +1,12 @@ +--- pyproject.toml.orig 2025-08-12 18:47:53 UTC ++++ pyproject.toml +@@ -9,8 +9,7 @@ readme = "README.md" + {name = "David Glick", email = "david@glicksoftware.com"} + ] + readme = "README.md" +-license = "MIT" +-license-files = ["LICENSE"] ++license = {file = "LICENSE"} + classifiers = [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", diff --git a/security/py-wassima/Makefile b/security/py-wassima/Makefile index c6aabb6eb0f3..66269e93a79e 100644 --- a/security/py-wassima/Makefile +++ b/security/py-wassima/Makefile @@ -1,5 +1,5 @@ PORTNAME= wassima -PORTVERSION= 2.0.0 +PORTVERSION= 2.0.1 CATEGORIES= security python MASTER_SITES= PYPI \ https://github.com/jawah/wassima/releases/download/${PORTVERSION}/ diff --git a/security/py-wassima/distinfo b/security/py-wassima/distinfo index 64dbf3f738a6..578757f6e63e 100644 --- a/security/py-wassima/distinfo +++ b/security/py-wassima/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750954236 -SHA256 (wassima-2.0.0.tar.gz) = 9d0dd4d7f8cdc1247518daf72b656f77f87a870861aeda73e32a43e583202ae6 -SIZE (wassima-2.0.0.tar.gz) = 148821 +TIMESTAMP = 1757120826 +SHA256 (wassima-2.0.1.tar.gz) = c383285e1fafdf21fc6f8486fd3f46778ed1295ddfd1595c03e592a8aa248e83 +SIZE (wassima-2.0.1.tar.gz) = 150452 diff --git a/security/rubygem-acme-client/Makefile b/security/rubygem-acme-client/Makefile index f3f78774f3e4..ebd58343040c 100644 --- a/security/rubygem-acme-client/Makefile +++ b/security/rubygem-acme-client/Makefile @@ -1,5 +1,5 @@ PORTNAME= acme-client -PORTVERSION= 2.0.23 +PORTVERSION= 2.0.25 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-acme-client/distinfo b/security/rubygem-acme-client/distinfo index 0e4cb4a697a8..79a4a4fcfdbd 100644 --- a/security/rubygem-acme-client/distinfo +++ b/security/rubygem-acme-client/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1755062612 -SHA256 (rubygem/acme-client-2.0.23.gem) = 33241b5bdb5179283ad52591c751bafcc4225e62d81c003c23891e48a3c107ac -SIZE (rubygem/acme-client-2.0.23.gem) = 21504 +TIMESTAMP = 1757121850 +SHA256 (rubygem/acme-client-2.0.25.gem) = e0bba7b9f785fd9ffe0933f8733ca81357ac46e4a979cb4f84806ab88fee0f31 +SIZE (rubygem/acme-client-2.0.25.gem) = 22016 diff --git a/security/rubygem-googleauth/Makefile b/security/rubygem-googleauth/Makefile index 930b5d38c7f2..18d976267d44 100644 --- a/security/rubygem-googleauth/Makefile +++ b/security/rubygem-googleauth/Makefile @@ -1,5 +1,5 @@ PORTNAME= googleauth -PORTVERSION= 1.14.0 +PORTVERSION= 1.15.0 CATEGORIES= security rubygems MASTER_SITES= RG @@ -13,7 +13,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= rubygem-faraday>=1.0<3.0:www/rubygem-faraday \ rubygem-google-cloud-env>=2.2<3:net/rubygem-google-cloud-env \ rubygem-google-logging-utils>=0.1<1:devel/rubygem-google-logging-utils \ - rubygem-jwt>=1.4<3.0:www/rubygem-jwt \ + rubygem-jwt>=1.4<4.0:www/rubygem-jwt \ rubygem-multi_json>=1.11<2:devel/rubygem-multi_json \ rubygem-os>=0.9<2.0:devel/rubygem-os \ rubygem-signet>=0.16<2:security/rubygem-signet diff --git a/security/rubygem-googleauth/distinfo b/security/rubygem-googleauth/distinfo index 715d45a95edc..6b4e5fcfa88d 100644 --- a/security/rubygem-googleauth/distinfo +++ b/security/rubygem-googleauth/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1742405572 -SHA256 (rubygem/googleauth-1.14.0.gem) = 62e7de11791890c3d3dc70582dfd9ab5516530e4e4f56d96451fd62c76475149 -SIZE (rubygem/googleauth-1.14.0.gem) = 60928 +TIMESTAMP = 1757121852 +SHA256 (rubygem/googleauth-1.15.0.gem) = 122ae61813805a1cfdf225638f33d354ca6078be17e9712669667226a7243bcf +SIZE (rubygem/googleauth-1.15.0.gem) = 70144 diff --git a/security/rubygem-rasn1/Makefile b/security/rubygem-rasn1/Makefile index a9dda07d9e6f..ac673604c6d1 100644 --- a/security/rubygem-rasn1/Makefile +++ b/security/rubygem-rasn1/Makefile @@ -1,11 +1,11 @@ PORTNAME= rasn1 -PORTVERSION= 0.16.0 +PORTVERSION= 0.16.2 CATEGORIES= security rubygems MASTER_SITES= RG MAINTAINER= sunpoet@FreeBSD.org COMMENT= Pure ruby ASN.1 library -WWW= https://github.com/lemontree55/rasn1 +WWW= https://codeberg.org/lemontree55/rasn1 LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE diff --git a/security/rubygem-rasn1/distinfo b/security/rubygem-rasn1/distinfo index a19adb8a6d67..fee1e8ca6e0d 100644 --- a/security/rubygem-rasn1/distinfo +++ b/security/rubygem-rasn1/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750188250 -SHA256 (rubygem/rasn1-0.16.0.gem) = c3f482cd6163822f98f31e3397b0528f3abe1f244093095abf0946e656be5c2b -SIZE (rubygem/rasn1-0.16.0.gem) = 29696 +TIMESTAMP = 1757121854 +SHA256 (rubygem/rasn1-0.16.2.gem) = f25b5548b6dfe80608af490eea6901fd9ed42f9fb4b45ddaa33bbb58c4b9688c +SIZE (rubygem/rasn1-0.16.2.gem) = 30208 diff --git a/security/rubygem-signet/Makefile b/security/rubygem-signet/Makefile index b893b776ed00..e6eb4cf7969b 100644 --- a/security/rubygem-signet/Makefile +++ b/security/rubygem-signet/Makefile @@ -1,5 +1,5 @@ PORTNAME= signet -PORTVERSION= 0.20.0 +PORTVERSION= 0.21.0 CATEGORIES= security rubygems MASTER_SITES= RG @@ -12,7 +12,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= rubygem-addressable>=2.8<3:www/rubygem-addressable \ rubygem-faraday>=0.17.5<3.0:www/rubygem-faraday \ - rubygem-jwt>=1.5<3.0:www/rubygem-jwt \ + rubygem-jwt>=1.5<4.0:www/rubygem-jwt \ rubygem-multi_json>=1.10<2:devel/rubygem-multi_json USES= gem diff --git a/security/rubygem-signet/distinfo b/security/rubygem-signet/distinfo index 9149e7a21965..a08f75285e2f 100644 --- a/security/rubygem-signet/distinfo +++ b/security/rubygem-signet/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1747547520 -SHA256 (rubygem/signet-0.20.0.gem) = bc660e2a6062311348cd35ec1ffafde1c5e2231213e1ca124f57aa4f59ec47a3 -SIZE (rubygem/signet-0.20.0.gem) = 35840 +TIMESTAMP = 1757121856 +SHA256 (rubygem/signet-0.21.0.gem) = d617e9fbf24928280d39dcfefba9a0372d1c38187ffffd0a9283957a10a8cd5b +SIZE (rubygem/signet-0.21.0.gem) = 35840 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 0a19623ed18f..6a4e1eec9395 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,42 @@ + <vuln vid="bda50cf1-8bcf-11f0-b3f7-a8a1599412c6"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>140.0.7339.80</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>140.0.7339.80</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html"> + <p>This update includes 6 security fixes:</p> + <ul> + <li>[434513380] High CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team on 2025-07-28</li> + <li>[437147699] Medium CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-08-07</li> + <li>[379337758] Medium CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK on 2024-11-16</li> + <li>[415496161] Medium CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-05-04</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9864</cvename> + <cvename>CVE-2025-9865</cvename> + <cvename>CVE-2025-9866</cvename> + <cvename>CVE-2025-9867</cvename> + <url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html</url> + </references> + <dates> + <discovery>2025-09-02</discovery> + <entry>2025-09-07</entry> + </dates> + </vuln> + <vuln vid="340dc4c1-895a-11f0-b6e5-4ccc6adda413"> <topic>exiv2 -- Denial-of-service</topic> <affects> |