diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/crowdsec/Makefile | 8 | ||||
| -rw-r--r-- | security/crowdsec/distinfo | 10 | ||||
| -rw-r--r-- | security/crowdsec/files/acquis.yaml.sample | 18 | ||||
| -rw-r--r-- | security/crowdsec/files/patch-config_acquis.yaml | 12 | ||||
| -rw-r--r-- | security/i2pd/Makefile | 2 | ||||
| -rw-r--r-- | security/i2pd/distinfo | 6 | ||||
| -rw-r--r-- | security/i2pd/pkg-plist | 2 | ||||
| -rw-r--r-- | security/p5-GSSAPI/Makefile | 4 | ||||
| -rw-r--r-- | security/py-greenbone-feed-sync/Makefile | 3 | ||||
| -rw-r--r-- | security/py-nitrokey/Makefile | 7 | ||||
| -rw-r--r-- | security/py-notus-scanner/Makefile | 3 | ||||
| -rw-r--r-- | security/timestamp-authority/Makefile | 3 | ||||
| -rw-r--r-- | security/timestamp-authority/distinfo | 10 | ||||
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 74 |
14 files changed, 122 insertions, 40 deletions
diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile index 6def3753de60..00e137ea9782 100644 --- a/security/crowdsec/Makefile +++ b/security/crowdsec/Makefile @@ -1,7 +1,6 @@ PORTNAME= crowdsec DISTVERSIONPREFIX= v -DISTVERSION= 1.6.11 -PORTREVISION= 2 +DISTVERSION= 1.7.0 CATEGORIES= security MAINTAINER= marco@crowdsec.net @@ -15,7 +14,7 @@ LIB_DEPENDS= libabsl_base.so:devel/abseil \ libre2.so:devel/re2 USES= go:modules pkgconfig -_COMMIT= d64ee2ae +_COMMIT= c3036e21 _BUILD_DATE= $$(date -u "+%F_%T") USE_RC_SUBR= crowdsec @@ -86,6 +85,9 @@ do-install: @${MV} ${STAGEDIR}${ETCDIR}/acquis.yaml \ ${STAGEDIR}${ETCDIR}/acquis.yaml.sample + ${INSTALL_DATA} ${FILESDIR}/acquis.yaml.sample \ + ${STAGEDIR}${ETCDIR}/acquis.yaml.sample + @${MV} ${STAGEDIR}${ETCDIR}/config.yaml \ ${STAGEDIR}${ETCDIR}/config.yaml.sample diff --git a/security/crowdsec/distinfo b/security/crowdsec/distinfo index 47a7babd24af..27a1df0a8f93 100644 --- a/security/crowdsec/distinfo +++ b/security/crowdsec/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1754034506 -SHA256 (go/security_crowdsec/crowdsec-v1.6.11/v1.6.11.mod) = c4dcc18622d60438579ba803257295e8118772dd383825b72ee758800e282bb7 -SIZE (go/security_crowdsec/crowdsec-v1.6.11/v1.6.11.mod) = 10729 -SHA256 (go/security_crowdsec/crowdsec-v1.6.11/v1.6.11.zip) = ca01f1e1321075a0690b5a2378dbd4cc02eee104594fe71ab64c010df5b77591 -SIZE (go/security_crowdsec/crowdsec-v1.6.11/v1.6.11.zip) = 1780687 +TIMESTAMP = 1756721640 +SHA256 (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.mod) = fe6e9e56759a9f85b7b7946724b1d64421340aabb174b1c56a5140e5e35169bb +SIZE (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.mod) = 10467 +SHA256 (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.zip) = 8854689eea80df7d93437f05ec5fca7461a8444ddb3d09aed387be3a75452113 +SIZE (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.zip) = 1796649 diff --git a/security/crowdsec/files/acquis.yaml.sample b/security/crowdsec/files/acquis.yaml.sample new file mode 100644 index 000000000000..b994f31b0a6b --- /dev/null +++ b/security/crowdsec/files/acquis.yaml.sample @@ -0,0 +1,18 @@ +filenames: + - /var/log/nginx/*.log + - ./tests/nginx/nginx.log +#this is not a syslog log, indicate which kind of logs it is +labels: + type: nginx +--- +filenames: + - /var/log/auth.log + - /var/log/syslog +labels: + type: syslog +--- +filenames: + - /var/log/httpd-access.log + - /var/log/httpd-error.log +labels: + type: apache2 diff --git a/security/crowdsec/files/patch-config_acquis.yaml b/security/crowdsec/files/patch-config_acquis.yaml deleted file mode 100644 index 67b4ef3c693b..000000000000 --- a/security/crowdsec/files/patch-config_acquis.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- config/acquis.yaml.orig 2021-12-15 10:39:37 UTC -+++ config/acquis.yaml -@@ -11,6 +11,8 @@ filenames: - labels: - type: syslog - --- --filename: /var/log/apache2/*.log -+filenames: -+ - /var/log/httpd-access.log -+ - /var/log/httpd-error.log - labels: - type: apache2 diff --git a/security/i2pd/Makefile b/security/i2pd/Makefile index b8e3ea48d5d1..b0baf476f5c3 100644 --- a/security/i2pd/Makefile +++ b/security/i2pd/Makefile @@ -1,5 +1,5 @@ PORTNAME= i2pd -DISTVERSION= 2.57.0 +DISTVERSION= 2.58.0 CATEGORIES= security net-p2p MAINTAINER= driesm@FreeBSD.org diff --git a/security/i2pd/distinfo b/security/i2pd/distinfo index 12bf6a23c325..33b74d6b2ade 100644 --- a/security/i2pd/distinfo +++ b/security/i2pd/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1749125900 -SHA256 (PurpleI2P-i2pd-2.57.0_GH0.tar.gz) = e2327f816d92a369eaaf9fd1661bc8b350495199e2f2cb4bfd4680107cd1d4b4 -SIZE (PurpleI2P-i2pd-2.57.0_GH0.tar.gz) = 712641 +TIMESTAMP = 1757487050 +SHA256 (PurpleI2P-i2pd-2.58.0_GH0.tar.gz) = 5ff650c6da8fda3522c10ec22889a7fd1c6b5d1af42c24531d84c36f6cc49019 +SIZE (PurpleI2P-i2pd-2.58.0_GH0.tar.gz) = 719564 diff --git a/security/i2pd/pkg-plist b/security/i2pd/pkg-plist index 3142b9953a5b..9de8997b4b92 100644 --- a/security/i2pd/pkg-plist +++ b/security/i2pd/pkg-plist @@ -14,7 +14,6 @@ share/man/man1/i2pd.1.gz %%DATADIR%%/certificates/family/volatile.crt %%DATADIR%%/certificates/reseed/acetone_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/admin_at_stormycloud.org.crt -%%DATADIR%%/certificates/reseed/arnavbhatt288_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/creativecowpat_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/echelon3_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/hankhill19580_at_gmail.com.crt @@ -25,7 +24,6 @@ share/man/man1/i2pd.1.gz %%DATADIR%%/certificates/reseed/r4sas-reseed_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/rambler_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/reseed_at_diva.exchange.crt -%%DATADIR%%/certificates/reseed/unixeno_at_cubicchaos.net.crt @dir %%ETCDIR%%/tunnels.d @dir(%%USER%%,%%GROUP%%,755) /var/db/i2pd @dir(%%USER%%,%%GROUP%%,755) /var/log/i2pd diff --git a/security/p5-GSSAPI/Makefile b/security/p5-GSSAPI/Makefile index ff17e4d13599..25102d1fa128 100644 --- a/security/p5-GSSAPI/Makefile +++ b/security/p5-GSSAPI/Makefile @@ -22,11 +22,9 @@ OPTIONS_DEFAULT=GSSAPI_BASE GSSAPI_BASE_USES= gssapi GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_MIT_USES= gssapi:mit -GSSAPI_MIT_VARS= KRB5CONF=${KRB5_HOME}/bin/krb5-config -GSSAPI_MIT_VARS_OFF= KRB5CONF=${HEIMDAL_HOME}/bin/krb5-config post-patch: - @${REINPLACE_CMD} -e 's|%%KRB5CONF%%|${KRB5CONF}|g' ${WRKSRC}/Makefile.PL + @${REINPLACE_CMD} -e 's|%%KRB5CONF%%|${KRB5CONFIG}|g' ${WRKSRC}/Makefile.PL post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/${SITE_ARCH_REL}/auto/GSSAPI/GSSAPI.so diff --git a/security/py-greenbone-feed-sync/Makefile b/security/py-greenbone-feed-sync/Makefile index 353b084cfaa8..d9ab494643e3 100644 --- a/security/py-greenbone-feed-sync/Makefile +++ b/security/py-greenbone-feed-sync/Makefile @@ -1,6 +1,7 @@ PORTNAME= greenbone-feed-sync DISTVERSION= 25.1.0 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -13,8 +14,8 @@ LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}poetry-core>0:devel/py-poetry-core@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}rich>=13.2.0:textproc/py-rich@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}tomli>=2.0.1:textproc/py-tomli@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}shtab>=1.6.5:devel/py-shtab@${PY_FLAVOR} \ + ${PY_TOMLI} \ rsync:net/rsync USE_GITHUB= yes diff --git a/security/py-nitrokey/Makefile b/security/py-nitrokey/Makefile index 4fbcdf8adcd3..6e2c63495263 100644 --- a/security/py-nitrokey/Makefile +++ b/security/py-nitrokey/Makefile @@ -1,5 +1,6 @@ PORTNAME= nitrokey DISTVERSION= 0.3.2 +PORTREVISION= 1 CATEGORIES= security devel python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -15,13 +16,15 @@ BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}fido2>=1.1.2,<3:security/py-fido2@${PY_FLA ${PYTHON_PKGNAMEPREFIX}requests>=0:www/py-requests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}semver>=0:devel/py-semver@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}tlv8>=0:converters/py-tlv8@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}poetry>=0:devel/py-poetry@${PY_FLAVOR} + ${PYTHON_PKGNAMEPREFIX}poetry>=0:devel/py-poetry@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}hidapi>=0.14,<0.15:comms/py-hidapi@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}fido2>=1.1.2,<3:security/py-fido2@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyusb>=0:devel/py-pyusb@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}requests>=0:www/py-requests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyserial>=0:comms/py-pyserial@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}semver>=0:devel/py-semver@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}tlv8>=0:converters/py-tlv8@${PY_FLAVOR} + ${PYTHON_PKGNAMEPREFIX}tlv8>=0:converters/py-tlv8@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}hidapi>=0.14,<0.15:comms/py-hidapi@${PY_FLAVOR} USES= python shebangfix USE_PYTHON= autoplist concurrent cryptography pep517 diff --git a/security/py-notus-scanner/Makefile b/security/py-notus-scanner/Makefile index 713e822f766c..32397f0f8582 100644 --- a/security/py-notus-scanner/Makefile +++ b/security/py-notus-scanner/Makefile @@ -1,6 +1,7 @@ PORTNAME= notus-scanner DISTVERSION= 22.7.2 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -16,7 +17,7 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}packaging>0:devel/py-packaging@${PY_FLAVOR} ${PYTHON_PKGNAMEPREFIX}paho-mqtt>0:net/py-paho-mqtt@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}psutil>=0:sysutils/py-psutil@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}python-gnupg>0:security/py-python-gnupg@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}tomli>0:textproc/py-tomli@${PY_FLAVOR} \ + ${PY_TOMLI} \ ${PYTHON_PKGNAMEPREFIX}sentry-sdk>0:devel/py-sentry-sdk@${PY_FLAVOR} \ mosquitto:net/mosquitto diff --git a/security/timestamp-authority/Makefile b/security/timestamp-authority/Makefile index f121f3c4b9a1..32ac2a2a5c2a 100644 --- a/security/timestamp-authority/Makefile +++ b/security/timestamp-authority/Makefile @@ -1,7 +1,6 @@ PORTNAME= timestamp-authority DISTVERSIONPREFIX= v -DISTVERSION= 1.2.8 -PORTREVISION= 4 +DISTVERSION= 1.2.9 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/timestamp-authority/distinfo b/security/timestamp-authority/distinfo index a6b799f3a899..990024b18972 100644 --- a/security/timestamp-authority/distinfo +++ b/security/timestamp-authority/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1749129459 -SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.8/v1.2.8.mod) = 7d4f9a12c60f4fcf4d7c383fd1a142d27013d333af0ed468934e9e5d4043746b -SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.8/v1.2.8.mod) = 7937 -SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.8/v1.2.8.zip) = a38ad43bc263abdbf8775c01642292a016ecb5d79c8bcde69aef154bce412f6d -SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.8/v1.2.8.zip) = 196365 +TIMESTAMP = 1757405602 +SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.9/v1.2.9.mod) = 2bfba68e8bc93ec88a2d67d277aa0c982fe4d51f590daa689f0e3f909a92c7b7 +SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.9/v1.2.9.mod) = 8637 +SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.9/v1.2.9.zip) = fb191f73ac2fec3d6f68c767cb6c9e72baa48a098b5d613bcf0608b57d1aa034 +SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.9/v1.2.9.zip) = 199679 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 6a4e1eec9395..f6e442e66486 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,77 @@ + <vuln vid="f50640fa-89a4-4795-a302-47b0dea8cee5"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>140.0.7339.127</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>140.0.7339.127</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html"> + <p>This update includes 2 security fixes:</p> + <ul> + <li>[440454442] Critical CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang on 2025-08-22</li> + <li>[439305148] High CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon on 2025-08-18</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10200</cvename> + <cvename>CVE-2025-10201</cvename> + <url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html</url> + </references> + <dates> + <discovery>2025-09-09</discovery> + <entry>2025-09-11</entry> + </dates> + </vuln> + + <vuln vid="602fc0fa-8ece-11f0-9d03-2cf05da270f3"> + <topic>Gitlab -- Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.3.0</ge><lt>18.3.2</lt></range> + <range><ge>18.2.0</ge><lt>18.2.6</lt></range> + <range><ge>7.8.0</ge><lt>18.1.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/"> + <p>Denial of Service issue in SAML Responses impacts GitLab CE/EE</p> + <p>Server-Side Request Forgery issue in Webhook custom header impacts GitLab CE/EE</p> + <p>Denial of Service issue in User-Controllable Fields impacts GitLab CE/EE</p> + <p>Denial of Service issue in endpoint file upload impacts GitLab CE/EE</p> + <p>Denial of Service issue in token listing operations impacts GitLab CE/EE</p> + <p>Information disclosure issue in runner endpoints impacts GitLab CE/EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-2256</cvename> + <cvename>CVE-2025-6454</cvename> + <cvename>CVE-2025-1250</cvename> + <cvename>CVE-2025-7337</cvename> + <cvename>CVE-2025-10094</cvename> + <cvename>CVE-2025-6769</cvename> + <url>https://about.gitlab.com/releases/2025/09/10/patch-release-gitlab-18-3-2-released/</url> + </references> + <dates> + <discovery>2025-09-10</discovery> + <entry>2025-09-11</entry> + </dates> + </vuln> + <vuln vid="bda50cf1-8bcf-11f0-b3f7-a8a1599412c6"> <topic>chromium -- multiple security fixes</topic> <affects> |