diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/rnp/Makefile | 3 | ||||
| -rw-r--r-- | security/rnp/distinfo | 6 | ||||
| -rw-r--r-- | security/rnp/files/patch-src_lib_types.h | 19 | ||||
| -rw-r--r-- | security/rnp/files/patch-src_lib_utils.cpp | 31 | ||||
| -rw-r--r-- | security/rnp/files/patch-src_librekey_key__store__g10.cpp | 33 | ||||
| -rw-r--r-- | security/rnp/pkg-plist | 1 | ||||
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 37 |
7 files changed, 42 insertions, 88 deletions
diff --git a/security/rnp/Makefile b/security/rnp/Makefile index 9d0e5329de0b..d53c9ca08b8c 100644 --- a/security/rnp/Makefile +++ b/security/rnp/Makefile @@ -1,7 +1,6 @@ PORTNAME= rnp DISTVERSIONPREFIX= v -DISTVERSION= 0.17.1 -PORTREVISION= 2 +DISTVERSION= 0.18.0 CATEGORIES= security MAINTAINER= se@FreeBSD.org diff --git a/security/rnp/distinfo b/security/rnp/distinfo index 2689cd70a2ce..543f9d413201 100644 --- a/security/rnp/distinfo +++ b/security/rnp/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1740573395 -SHA256 (rnpgp-rnp-v0.17.1_GH0.tar.gz) = ec486bb2c25abb0ddbd95973fd135e3922ea68b4e6919c7c18d992078baaf50c -SIZE (rnpgp-rnp-v0.17.1_GH0.tar.gz) = 3515288 +TIMESTAMP = 1750584656 +SHA256 (rnpgp-rnp-v0.18.0_GH0.tar.gz) = 5c8f0bdd5770f5680cc83a76f4569a067f107b8b3eec76577faa227135c7c18e +SIZE (rnpgp-rnp-v0.18.0_GH0.tar.gz) = 4292768 SHA256 (rnpgp-sexpp-c641a2f_GH0.tar.gz) = 43d4abdb0c131305ed11ce202d128717336782159b741931494ee8f99cf43cf4 SIZE (rnpgp-sexpp-c641a2f_GH0.tar.gz) = 71645 diff --git a/security/rnp/files/patch-src_lib_types.h b/security/rnp/files/patch-src_lib_types.h deleted file mode 100644 index 4262e8f2de42..000000000000 --- a/security/rnp/files/patch-src_lib_types.h +++ /dev/null @@ -1,19 +0,0 @@ ---- src/lib/types.h.orig 2024-05-03 10:03:14 UTC -+++ src/lib/types.h -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2017-2021, [Ribose Inc](https://www.ribose.com). -+ * Copyright (c) 2017-2024, [Ribose Inc](https://www.ribose.com). - * Copyright (c) 2009 The NetBSD Foundation, Inc. - * All rights reserved. - * -@@ -95,9 +95,6 @@ class id_str_pair { - static int lookup(const id_str_pair pair[], - const std::vector<uint8_t> &bytes, - int notfound = 0); -- static int lookup(const id_str_pair pair[], -- const std::basic_string<uint8_t> &bytes, -- int notfound = 0); - }; - - /** pgp_fingerprint_t */ diff --git a/security/rnp/files/patch-src_lib_utils.cpp b/security/rnp/files/patch-src_lib_utils.cpp deleted file mode 100644 index 761f5bd55c94..000000000000 --- a/security/rnp/files/patch-src_lib_utils.cpp +++ /dev/null @@ -1,31 +0,0 @@ ---- src/lib/utils.cpp.orig 2024-05-03 10:03:14 UTC -+++ src/lib/utils.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021, [Ribose Inc](https://www.ribose.com). -+ * Copyright (c) 2021, 2024 [Ribose Inc](https://www.ribose.com). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -53,21 +53,6 @@ id_str_pair::lookup(const id_str_pair pair[], const st - - int - id_str_pair::lookup(const id_str_pair pair[], const std::vector<uint8_t> &bytes, int notfound) --{ -- while (pair && pair->str) { -- if ((strlen(pair->str) == bytes.size()) && -- !memcmp(pair->str, bytes.data(), bytes.size())) { -- return pair->id; -- } -- pair++; -- } -- return notfound; --} -- --int --id_str_pair::lookup(const id_str_pair pair[], -- const std::basic_string<uint8_t> &bytes, -- int notfound) - { - while (pair && pair->str) { - if ((strlen(pair->str) == bytes.size()) && diff --git a/security/rnp/files/patch-src_librekey_key__store__g10.cpp b/security/rnp/files/patch-src_librekey_key__store__g10.cpp deleted file mode 100644 index 688b54c380e4..000000000000 --- a/security/rnp/files/patch-src_librekey_key__store__g10.cpp +++ /dev/null @@ -1,33 +0,0 @@ ---- src/librekey/key_store_g10.cpp.orig 2024-05-03 10:03:14 UTC -+++ src/librekey/key_store_g10.cpp -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2017-2022, [Ribose Inc](https://www.ribose.com). -+ * Copyright (c) 2017-2024, [Ribose Inc](https://www.ribose.com). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without -@@ -312,12 +312,12 @@ read_curve(const sexp_list_t *list, const std::string - - const auto &bytes = data->get_string(); - pgp_curve_t curve = static_cast<pgp_curve_t>( -- id_str_pair::lookup(g10_curve_aliases, data->get_string(), PGP_CURVE_UNKNOWN)); -+ id_str_pair::lookup(g10_curve_aliases, (const char *) bytes.data(), PGP_CURVE_UNKNOWN)); - if (curve != PGP_CURVE_UNKNOWN) { - key.curve = curve; - return true; - } -- RNP_LOG("Unknown curve: %.*s", (int) bytes.size(), (char *) bytes.data()); -+ RNP_LOG("Unknown curve: %.*s", (int) bytes.size(), (const char *) bytes.data()); - return false; - } - -@@ -806,7 +806,7 @@ g23_parse_seckey(pgp_key_pkt_t &seckey, - - auto & alg_bt = alg_s_exp->sexp_string_at(0)->get_string(); - pgp_pubkey_alg_t alg = static_cast<pgp_pubkey_alg_t>( -- id_str_pair::lookup(g10_alg_aliases, alg_bt.c_str(), PGP_PKA_NOTHING)); -+ id_str_pair::lookup(g10_alg_aliases, (const char *) alg_bt.data(), PGP_PKA_NOTHING)); - if (alg == PGP_PKA_NOTHING) { - RNP_LOG( - "Unsupported algorithm: '%.*s'", (int) alg_bt.size(), (const char *) alg_bt.data()); diff --git a/security/rnp/pkg-plist b/security/rnp/pkg-plist index 7afb6e16fefd..2e36e321d3d1 100644 --- a/security/rnp/pkg-plist +++ b/security/rnp/pkg-plist @@ -3,6 +3,7 @@ bin/rnpkeys include/rnp/rnp.h include/rnp/rnp_err.h include/rnp/rnp_export.h +include/rnp/rnp_ver.h lib/cmake/rnp/rnp-config-version.cmake lib/cmake/rnp/rnp-config.cmake lib/cmake/rnp/rnp-targets-%%CMAKE_BUILD_TYPE%%.cmake diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index fc3c3004bbac..7ddafc13c211 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,40 @@ + <vuln vid="03ba1cdd-4faf-11f0-af06-00a098b42aeb"> + <topic>cisco -- OpenH264 Decoding Functions Heap Overflow Vulnerability</topic> + <affects> + <package> + <name>openh264</name> + <range><lt>2.5.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Cisco reports:</p> + <blockquote cite="https://github.com/cisco/openh264/releases/tag/2.5.1"> + <p>A vulnerability in the decoding functions + of OpenH264 codec library could allow a remote, unauthenticated + attacker to trigger a heap overflow. This vulnerability is due to + a race condition between a Sequence Parameter Set (SPS) memory + allocation and a subsequent non Instantaneous Decoder Refresh + (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An + attacker could exploit this vulnerability by crafting a malicious + bitstream and tricking a victim user into processing an arbitrary + video containing the malicious bistream. An exploit could allow + the attacker to cause an unexpected crash in the victim's user + decoding client and, possibly, perform arbitrary commands on the + victim's host by abusing the heap overflow.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-27091</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-27091</url> + </references> + <dates> + <discovery>2025-02-20</discovery> + <entry>2025-06-22</entry> + </dates> + </vuln> + <vuln vid="6c6c1507-4da5-11f0-afcc-f02f7432cf97"> <topic>clamav -- ClamAV UDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability</topic> <affects> |