diff options
Diffstat (limited to 'security')
171 files changed, 1508 insertions, 832 deletions
diff --git a/security/2fa/Makefile b/security/2fa/Makefile index f7baf8708f3e..49626ceb3c0b 100644 --- a/security/2fa/Makefile +++ b/security/2fa/Makefile @@ -1,7 +1,7 @@ PORTNAME= 2fa DISTVERSIONPREFIX= v DISTVERSION= 1.2.0 -PORTREVISION= 29 +PORTREVISION= 30 CATEGORIES= security MAINTAINER= mauroeldritch@gmail.com diff --git a/security/Makefile b/security/Makefile index e7f3d95c9556..fbfc8471a1f5 100644 --- a/security/Makefile +++ b/security/Makefile @@ -331,7 +331,6 @@ SUBDIR += libtasn1 SUBDIR += libtatsu SUBDIR += libtomcrypt - SUBDIR += libu2f-host SUBDIR += libwhisker SUBDIR += libxcrypt SUBDIR += libyubikey @@ -458,6 +457,7 @@ SUBDIR += openssl33-quictls SUBDIR += openssl34 SUBDIR += openssl35 + SUBDIR += openssl36 SUBDIR += openvas SUBDIR += openvpn SUBDIR += openvpn-admin @@ -649,15 +649,10 @@ SUBDIR += p5-Crypt-xDBM_File SUBDIR += p5-CryptX SUBDIR += p5-Dancer-Plugin-Auth-Extensible - SUBDIR += p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup - SUBDIR += p5-Dancer-Plugin-Passphrase SUBDIR += p5-Dancer2-Plugin-Auth-Extensible SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-DBIC SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-Database SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-IMAP - SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup - SUBDIR += p5-Dancer2-Plugin-Passphrase - SUBDIR += p5-Data-Entropy SUBDIR += p5-Data-Password SUBDIR += p5-Digest SUBDIR += p5-Digest-Adler32 @@ -1002,7 +997,6 @@ SUBDIR += py-nvdlib SUBDIR += py-oauthlib SUBDIR += py-omemo-dr - SUBDIR += py-onlykey SUBDIR += py-openssh-wrapper SUBDIR += py-openssl SUBDIR += py-oscrypto diff --git a/security/acmed/Makefile b/security/acmed/Makefile index 8e0aa0273009..6fec0c7fbe30 100644 --- a/security/acmed/Makefile +++ b/security/acmed/Makefile @@ -1,7 +1,7 @@ PORTNAME= acmed DISTVERSIONPREFIX= v DISTVERSION= 0.21.0 -PORTREVISION= 21 +PORTREVISION= 22 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/acmetool/Makefile b/security/acmetool/Makefile index be2f921a29c0..01022633705a 100644 --- a/security/acmetool/Makefile +++ b/security/acmetool/Makefile @@ -1,7 +1,7 @@ PORTNAME= acmetool DISTVERSIONPREFIX= v DISTVERSION= 0.2.2 -PORTREVISION= 19 +PORTREVISION= 20 CATEGORIES= security MAINTAINER= samm@FreeBSD.org diff --git a/security/agave/Makefile b/security/agave/Makefile index aed19e0f2e41..44614004e259 100644 --- a/security/agave/Makefile +++ b/security/agave/Makefile @@ -1,7 +1,7 @@ PORTNAME= agave DISTVERSIONPREFIX= v DISTVERSION= 2.2.14 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security PKGNAMESUFFIX= -blockchain diff --git a/security/age/Makefile b/security/age/Makefile index cc387501e1b4..c5571bb026f8 100644 --- a/security/age/Makefile +++ b/security/age/Makefile @@ -1,7 +1,7 @@ PORTNAME= age DISTVERSIONPREFIX= v DISTVERSION= 1.2.1 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/arti/Makefile b/security/arti/Makefile index 0827536cfb82..7ff5ced0400a 100644 --- a/security/arti/Makefile +++ b/security/arti/Makefile @@ -1,5 +1,6 @@ PORTNAME= arti DISTVERSION= 1.5.0 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= cs@FreeBSD.org diff --git a/security/assh/Makefile b/security/assh/Makefile index 99abada502ef..a9d3e0166031 100644 --- a/security/assh/Makefile +++ b/security/assh/Makefile @@ -1,7 +1,7 @@ PORTNAME= assh DISTVERSIONPREFIX= v DISTVERSION= 2.15.0 -PORTREVISION= 23 +PORTREVISION= 24 CATEGORIES= security MAINTAINER= ashish@FreeBSD.org diff --git a/security/authenticator/Makefile b/security/authenticator/Makefile index fb1d86d80305..191034a9fcca 100644 --- a/security/authenticator/Makefile +++ b/security/authenticator/Makefile @@ -1,6 +1,6 @@ PORTNAME= authenticator DISTVERSION= 4.4.0 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/authoscope/Makefile b/security/authoscope/Makefile index 94c87c4a6fdf..6645a15213a6 100644 --- a/security/authoscope/Makefile +++ b/security/authoscope/Makefile @@ -1,7 +1,7 @@ PORTNAME= authoscope DISTVERSIONPREFIX= v DISTVERSION= 0.8.1 -PORTREVISION= 23 +PORTREVISION= 24 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/aws-iam-authenticator/Makefile b/security/aws-iam-authenticator/Makefile index 4dff9e6a0a33..b47641ae1615 100644 --- a/security/aws-iam-authenticator/Makefile +++ b/security/aws-iam-authenticator/Makefile @@ -1,7 +1,7 @@ PORTNAME= aws-iam-authenticator PORTVERSION= 0.7.5 DISTVERSIONPREFIX= v -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= danilo@FreeBSD.org diff --git a/security/aws-lc/Makefile b/security/aws-lc/Makefile index 1e0c61f021c8..b2c1dac66de6 100644 --- a/security/aws-lc/Makefile +++ b/security/aws-lc/Makefile @@ -1,8 +1,11 @@ PORTNAME= aws-lc -PORTVERSION= 1.55.0 +PORTVERSION= 1.57.1 DISTVERSIONPREFIX= v CATEGORIES= security +PATCH_SITES= https://github.com/aws/aws-lc/commit/ +PATCHFILES= 125f94c2c26559ed93a22f1cc5880efe46f0b937.patch:-p1 + MAINTAINER= sunpoet@FreeBSD.org COMMENT= AWS libcrypto WWW= https://github.com/aws/aws-lc diff --git a/security/aws-lc/distinfo b/security/aws-lc/distinfo index 0dbd7af0dc75..2327bcddd04b 100644 --- a/security/aws-lc/distinfo +++ b/security/aws-lc/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1751622349 -SHA256 (aws-aws-lc-v1.55.0_GH0.tar.gz) = a216e5e572ad9f68e6b93666f0bbca4d7792f400ca525731583196c139c12ce9 -SIZE (aws-aws-lc-v1.55.0_GH0.tar.gz) = 127105253 +TIMESTAMP = 1755062466 +SHA256 (aws-aws-lc-v1.57.1_GH0.tar.gz) = 1c434d294594a82f1c046aa4e172277b5b549f7b5c89225e3cb2222b94744ca8 +SIZE (aws-aws-lc-v1.57.1_GH0.tar.gz) = 127164147 +SHA256 (125f94c2c26559ed93a22f1cc5880efe46f0b937.patch) = a07ef67b487b47168384d70b7f7bd2b6a8479e037e09087c34f9f083c88411f2 +SIZE (125f94c2c26559ed93a22f1cc5880efe46f0b937.patch) = 2046 diff --git a/security/aws-lc/files/patch-powerpc64le b/security/aws-lc/files/patch-powerpc64le deleted file mode 100644 index 49cc0f44382b..000000000000 --- a/security/aws-lc/files/patch-powerpc64le +++ /dev/null @@ -1,20 +0,0 @@ -Obtained from: https://cgit.FreeBSD.org/ports/commit/?id=f08b67611f0b19c0ee8d9053ee4d22e09b03f2b1 - ---- crypto/fipsmodule/cpucap/cpu_ppc64le.c.orig 2024-07-03 21:50:24 UTC -+++ crypto/fipsmodule/cpucap/cpu_ppc64le.c -@@ -69,10 +69,15 @@ void OPENSSL_cpuid_setup(void) { - - void OPENSSL_cpuid_setup(void) { - #if defined(AT_HWCAP2) -+#if defined(__linux__) - OPENSSL_ppc64le_hwcap2 = getauxval(AT_HWCAP2); -+#elif defined(__FreeBSD__) -+ elf_aux_info(AT_HWCAP2, &OPENSSL_ppc64le_hwcap2, sizeof(OPENSSL_ppc64le_hwcap2)); -+#endif - #else - OPENSSL_ppc64le_hwcap2 = 0; - #endif -+ - OPENSSL_cpucap_initialized = 1; - - // OPENSSL_ppccap is a 64-bit hex string which may start with "0x". diff --git a/security/aws-lc/pkg-plist b/security/aws-lc/pkg-plist index 74bd41ebfb82..87899532d793 100644 --- a/security/aws-lc/pkg-plist +++ b/security/aws-lc/pkg-plist @@ -88,6 +88,7 @@ include/openssl/time.h include/openssl/tls1.h include/openssl/trust_token.h include/openssl/type_check.h +include/openssl/ui.h include/openssl/x509.h include/openssl/x509_vfy.h include/openssl/x509v3.h diff --git a/security/aws-vault/Makefile b/security/aws-vault/Makefile index 0db83a5b6da4..44951aa51216 100644 --- a/security/aws-vault/Makefile +++ b/security/aws-vault/Makefile @@ -1,7 +1,7 @@ PORTNAME= aws-vault DISTVERSIONPREFIX= v DISTVERSION= 6.6.2 -PORTREVISION= 20 +PORTREVISION= 21 CATEGORIES= security MAINTAINER= mauroeldritch@gmail.com diff --git a/security/boringssl/Makefile b/security/boringssl/Makefile index 606bce9a84fe..28e061773d37 100644 --- a/security/boringssl/Makefile +++ b/security/boringssl/Makefile @@ -1,5 +1,6 @@ PORTNAME= boringssl PORTVERSION= 0.20250818.0 +PORTREVISION= 1 CATEGORIES= security EXTRACT_ONLY= ${GH_ACCOUNT}-${PORTNAME}-${PORTVERSION}_GH0.tar.gz @@ -13,7 +14,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE USES= cmake:insource cpe go:no_targets,1.24 localbase perl5 CONFLICTS_INSTALL= libressl libressl-devel openssl openssl111 \ - openssl3[2345] openssl-quictls openssl33-quictls + openssl3[23456] openssl-quictls openssl33-quictls CPE_VENDOR= google diff --git a/security/caldera-ot/Makefile b/security/caldera-ot/Makefile index 549f91706aea..0e6e7fefbb69 100644 --- a/security/caldera-ot/Makefile +++ b/security/caldera-ot/Makefile @@ -1,6 +1,6 @@ PORTNAME= caldera-ot DISTVERSION= 5.3.0 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security python MAINTAINER= acm@FreeBSD.org diff --git a/security/caldera/Makefile b/security/caldera/Makefile index 871722852a27..d3761c9b6dfc 100644 --- a/security/caldera/Makefile +++ b/security/caldera/Makefile @@ -1,6 +1,6 @@ PORTNAME= caldera DISTVERSION= 5.3.0 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security python MAINTAINER= acm@FreeBSD.org diff --git a/security/cargo-audit/Makefile b/security/cargo-audit/Makefile index 750963d30c54..968206cde143 100644 --- a/security/cargo-audit/Makefile +++ b/security/cargo-audit/Makefile @@ -1,7 +1,7 @@ PORTNAME= cargo-audit DISTVERSIONPREFIX= ${PORTNAME}/v DISTVERSION= 0.21.2 -PORTREVISION= 2 +PORTREVISION= 3 PORTEPOCH= 1 CATEGORIES= security diff --git a/security/certificate_maker/Makefile b/security/certificate_maker/Makefile index c322ca9d3cd0..73e65a61f456 100644 --- a/security/certificate_maker/Makefile +++ b/security/certificate_maker/Makefile @@ -1,7 +1,7 @@ PORTNAME= certificate_maker DISTVERSIONPREFIX= v DISTVERSION= 1.7.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/certmgr/Makefile b/security/certmgr/Makefile index 8ef39b4f6fcf..b8899bab302c 100644 --- a/security/certmgr/Makefile +++ b/security/certmgr/Makefile @@ -1,7 +1,7 @@ PORTNAME= certmgr DISTVERSIONPREFIX= v DISTVERSION= 3.0.3 -PORTREVISION= 29 +PORTREVISION= 30 CATEGORIES= security net MAINTAINER= fuz@FreeBSD.org diff --git a/security/cfssl/Makefile b/security/cfssl/Makefile index 71ad591947b1..22400075f2e0 100644 --- a/security/cfssl/Makefile +++ b/security/cfssl/Makefile @@ -1,7 +1,7 @@ PORTNAME= cfssl DISTVERSIONPREFIX= v DISTVERSION= 1.6.5 -PORTREVISION= 12 +PORTREVISION= 13 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/clamav-lts/Makefile b/security/clamav-lts/Makefile index 4543bd7cfe81..b6539482641f 100644 --- a/security/clamav-lts/Makefile +++ b/security/clamav-lts/Makefile @@ -1,5 +1,6 @@ PORTNAME= clamav DISTVERSION= 1.0.9 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= https://www.clamav.net/downloads/production/ diff --git a/security/clamav/Makefile b/security/clamav/Makefile index cd3a95b8f21b..7a29dc981d0a 100644 --- a/security/clamav/Makefile +++ b/security/clamav/Makefile @@ -1,5 +1,6 @@ PORTNAME= clamav DISTVERSION= 1.4.3 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= https://www.clamav.net/downloads/production/ diff --git a/security/cloak/Makefile b/security/cloak/Makefile index 0dbc8fc8d3f6..5e766c9afb4e 100644 --- a/security/cloak/Makefile +++ b/security/cloak/Makefile @@ -1,7 +1,7 @@ PORTNAME= cloak DISTVERSIONPREFIX= v DISTVERSION= 0.3.0 -PORTREVISION= 31 +PORTREVISION= 32 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/cosign/Makefile b/security/cosign/Makefile index 317ebaa1c7d7..af140597692c 100644 --- a/security/cosign/Makefile +++ b/security/cosign/Makefile @@ -1,7 +1,7 @@ PORTNAME= cosign DISTVERSIONPREFIX= v DISTVERSION= 2.5.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/crlfuzz/Makefile b/security/crlfuzz/Makefile index 2331286ca7fa..99b7c6614272 100644 --- a/security/crlfuzz/Makefile +++ b/security/crlfuzz/Makefile @@ -1,7 +1,7 @@ PORTNAME= crlfuzz PORTVERSION= 1.4.1 DISTVERSIONPREFIX= v -PORTREVISION= 29 +PORTREVISION= 30 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/crowdsec-blocklist-mirror/Makefile b/security/crowdsec-blocklist-mirror/Makefile index b91a2ba80ea1..d06cec2b434d 100644 --- a/security/crowdsec-blocklist-mirror/Makefile +++ b/security/crowdsec-blocklist-mirror/Makefile @@ -2,7 +2,7 @@ PORTNAME= crowdsec-blocklist-mirror DISTVERSIONPREFIX= v DISTVERSION= 0.0.2 DISTVERSIONSUFFIX= -freebsd -PORTREVISION= 16 +PORTREVISION= 17 CATEGORIES= security MAINTAINER= marco@crowdsec.net diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile index 02b7be73fcd8..9881bf5c0792 100644 --- a/security/crowdsec-firewall-bouncer/Makefile +++ b/security/crowdsec-firewall-bouncer/Makefile @@ -1,7 +1,7 @@ PORTNAME= crowdsec-firewall-bouncer DISTVERSIONPREFIX= v DISTVERSION= 0.0.32 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= marco@crowdsec.net diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile index 68b3ba268fef..6def3753de60 100644 --- a/security/crowdsec/Makefile +++ b/security/crowdsec/Makefile @@ -1,7 +1,7 @@ PORTNAME= crowdsec DISTVERSIONPREFIX= v DISTVERSION= 1.6.11 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= marco@crowdsec.net diff --git a/security/ct-submit/Makefile b/security/ct-submit/Makefile index 6350daebccf0..c2edb344b792 100644 --- a/security/ct-submit/Makefile +++ b/security/ct-submit/Makefile @@ -1,6 +1,6 @@ PORTNAME= ct-submit PORTVERSION= 1.1.2 -PORTREVISION= 29 +PORTREVISION= 30 CATEGORIES= security www MAINTAINER= jim@ohlste.in diff --git a/security/diswall/Makefile b/security/diswall/Makefile index 0bb4161f86b7..fe69a0d58e55 100644 --- a/security/diswall/Makefile +++ b/security/diswall/Makefile @@ -1,7 +1,7 @@ PORTNAME= diswall DISTVERSIONPREFIX= v DISTVERSION= 0.6.0 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/enc/Makefile b/security/enc/Makefile index b534f63164eb..e3d13aae3cf9 100644 --- a/security/enc/Makefile +++ b/security/enc/Makefile @@ -1,6 +1,6 @@ PORTNAME= enc DISTVERSION= 1.1.4 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MAINTAINER= dtxdf@FreeBSD.org diff --git a/security/ffuf/Makefile b/security/ffuf/Makefile index fbe49eb00c28..176f48536c13 100644 --- a/security/ffuf/Makefile +++ b/security/ffuf/Makefile @@ -1,7 +1,7 @@ PORTNAME= ffuf DISTVERSIONPREFIX=v DISTVERSION= 2.1.0 -PORTREVISION= 14 +PORTREVISION= 15 CATEGORIES= security www MAINTAINER= dutra@FreeBSD.org diff --git a/security/flawz/Makefile b/security/flawz/Makefile index 189d9e0f0b76..5888307efb27 100644 --- a/security/flawz/Makefile +++ b/security/flawz/Makefile @@ -1,7 +1,7 @@ PORTNAME= flawz DISTVERSIONPREFIX= v DISTVERSION= 0.3.0 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/git-credential-azure/Makefile b/security/git-credential-azure/Makefile index ee4448f25181..d9b9156e55cd 100644 --- a/security/git-credential-azure/Makefile +++ b/security/git-credential-azure/Makefile @@ -1,7 +1,7 @@ PORTNAME= git-credential-azure DISTVERSIONPREFIX= v DISTVERSION= 0.3.1 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security MAINTAINER= ehaupt@FreeBSD.org diff --git a/security/git-credential-oauth/Makefile b/security/git-credential-oauth/Makefile index e3ed01c7fe53..0d9f7f1b24f1 100644 --- a/security/git-credential-oauth/Makefile +++ b/security/git-credential-oauth/Makefile @@ -1,7 +1,7 @@ PORTNAME= git-credential-oauth DISTVERSIONPREFIX= v DISTVERSION= 0.15.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= ehaupt@FreeBSD.org diff --git a/security/gitjacker/Makefile b/security/gitjacker/Makefile index 3c1d6102911a..bf9de433f0da 100644 --- a/security/gitjacker/Makefile +++ b/security/gitjacker/Makefile @@ -1,7 +1,7 @@ PORTNAME= gitjacker DISTVERSIONPREFIX= v DISTVERSION= 0.1.0 -PORTREVISION= 29 +PORTREVISION= 30 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/go-cve-dictionary/Makefile b/security/go-cve-dictionary/Makefile index 6857e6c8d502..0bd36a5bca62 100644 --- a/security/go-cve-dictionary/Makefile +++ b/security/go-cve-dictionary/Makefile @@ -1,7 +1,7 @@ PORTNAME= go-cve-dictionary DISTVERSIONPREFIX=v DISTVERSION= 0.11.0 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= girgen@FreeBSD.org diff --git a/security/go-tuf/Makefile b/security/go-tuf/Makefile index 7ddc31097234..c60ba8a8793f 100644 --- a/security/go-tuf/Makefile +++ b/security/go-tuf/Makefile @@ -1,7 +1,7 @@ PORTNAME= go-tuf DISTVERSIONPREFIX= v DISTVERSION= 2.1.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/gokart/Makefile b/security/gokart/Makefile index 83bfcfb43af6..2428dfd745d0 100644 --- a/security/gokart/Makefile +++ b/security/gokart/Makefile @@ -1,7 +1,7 @@ PORTNAME= gokart DISTVERSIONPREFIX= v DISTVERSION= 0.5.1 -PORTREVISION= 23 +PORTREVISION= 24 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/gokey/Makefile b/security/gokey/Makefile index 458ef44b4a90..cb8222051743 100644 --- a/security/gokey/Makefile +++ b/security/gokey/Makefile @@ -1,7 +1,7 @@ PORTNAME= gokey DISTVERSIONPREFIX= v DISTVERSION= 0.1.3 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/gopass/Makefile b/security/gopass/Makefile index 84548014ca1b..b856a4e599cb 100644 --- a/security/gopass/Makefile +++ b/security/gopass/Makefile @@ -1,7 +1,7 @@ PORTNAME= gopass DISTVERSIONPREFIX= v DISTVERSION= 1.15.16 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security MAINTAINER= eduardo@FreeBSD.org diff --git a/security/gosec/Makefile b/security/gosec/Makefile index e06ce8594cbf..7821519afa1b 100644 --- a/security/gosec/Makefile +++ b/security/gosec/Makefile @@ -1,7 +1,7 @@ PORTNAME= gosec DISTVERSIONPREFIX= v DISTVERSION= 2.22.0 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security devel MAINTAINER= yuri@FreeBSD.org diff --git a/security/govulncheck/Makefile b/security/govulncheck/Makefile index 83986767631a..0ec895c47fa6 100644 --- a/security/govulncheck/Makefile +++ b/security/govulncheck/Makefile @@ -1,7 +1,7 @@ PORTNAME= govulncheck DISTVERSIONPREFIX= v DISTVERSION= 1.1.4 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= einar@isnic.is diff --git a/security/gpg-tui/Makefile b/security/gpg-tui/Makefile index 97881f10986a..bd53260d9ce8 100644 --- a/security/gpg-tui/Makefile +++ b/security/gpg-tui/Makefile @@ -1,7 +1,7 @@ PORTNAME= gpg-tui DISTVERSIONPREFIX= v DISTVERSION= 0.11.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MAINTAINER= se@FreeBSD.org diff --git a/security/hashcat/Makefile b/security/hashcat/Makefile index be113eb03c5f..f2c76ff7fa2b 100644 --- a/security/hashcat/Makefile +++ b/security/hashcat/Makefile @@ -1,6 +1,7 @@ PORTNAME= hashcat PORTVERSION= 7.1.2 DISTVERSIONPREFIX= v +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= security diff --git a/security/headscale/Makefile b/security/headscale/Makefile index c678b39eb0f1..f5c71ac4e8f0 100644 --- a/security/headscale/Makefile +++ b/security/headscale/Makefile @@ -1,7 +1,7 @@ PORTNAME= headscale PORTVERSION= 0.26.1 DISTVERSIONPREFIX= v -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security net-vpn MAINTAINER= m.muenz@gmail.com diff --git a/security/hidden-lake/Makefile b/security/hidden-lake/Makefile index 4acd0a642028..3128df93d9f9 100644 --- a/security/hidden-lake/Makefile +++ b/security/hidden-lake/Makefile @@ -1,7 +1,7 @@ PORTNAME= hidden-lake DISTVERSIONPREFIX= v -DISTVERSION= 1.8.6 -PORTREVISION= 2 +DISTVERSION= 1.9.0 +PORTREVISION= 1 CATEGORIES= security net-p2p MAINTAINER= alven@FreeBSD.org @@ -14,13 +14,14 @@ LICENSE_FILE= ${WRKSRC}/LICENSE USES= go:modules GO_MODULE= github.com/number571/hidden-lake -GO_TARGET= ./cmd/hla/hla_tcp:hla_tcp \ +GO_TARGET= ./cmd/hla/hla-http:hla-http \ + ./cmd/hla/hla-tcp:hla-tcp \ ./cmd/hlc:hlc \ - ./cmd/hlf:hlf \ - ./cmd/hlm:hlm \ - ./cmd/hlp:hlp \ - ./cmd/hlr:hlr \ - ./cmd/hls:hls + ./cmd/hlk:hlk \ + ./cmd/hls/hls-filesharer:hls-filesharer \ + ./cmd/hls/hls-messenger:hls-messenger \ + ./cmd/hls/hls-pinger:hls-pinger \ + ./cmd/hls/hls-remoter:hls-remoter TEST_TARGET= test-run diff --git a/security/hidden-lake/distinfo b/security/hidden-lake/distinfo index 45882d770589..e2025a2a90d5 100644 --- a/security/hidden-lake/distinfo +++ b/security/hidden-lake/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1749829911 -SHA256 (go/security_hidden-lake/hidden-lake-v1.8.6/v1.8.6.mod) = af5da6e07886561d70f87bfc232dc0effefc286c3ec66acb6ea5a6ef77a19121 -SIZE (go/security_hidden-lake/hidden-lake-v1.8.6/v1.8.6.mod) = 340 -SHA256 (go/security_hidden-lake/hidden-lake-v1.8.6/v1.8.6.zip) = 33d2c50ad079614d85954af115673ea41a0ce214d4ce21d6e97e32dd5bb334be -SIZE (go/security_hidden-lake/hidden-lake-v1.8.6/v1.8.6.zip) = 11188051 +TIMESTAMP = 1755749357 +SHA256 (go/security_hidden-lake/hidden-lake-v1.9.0/v1.9.0.mod) = 63e461d57f3f49cebe5696f97cf82a652a9afe45e3d17e1aaa7cac4340eca63b +SIZE (go/security_hidden-lake/hidden-lake-v1.9.0/v1.9.0.mod) = 340 +SHA256 (go/security_hidden-lake/hidden-lake-v1.9.0/v1.9.0.zip) = 9cbb358b10607e5b3b20eae34c367f8ad578340bec4bb2203795704c80fcb5a0 +SIZE (go/security_hidden-lake/hidden-lake-v1.9.0/v1.9.0.zip) = 10690371 diff --git a/security/hidden-lake/pkg-plist b/security/hidden-lake/pkg-plist index d2d728bd8408..d5c970a3b5a0 100644 --- a/security/hidden-lake/pkg-plist +++ b/security/hidden-lake/pkg-plist @@ -1,10 +1,11 @@ -bin/hla_tcp +bin/hla-http +bin/hla-tcp bin/hlc -bin/hlf -bin/hlm -bin/hlp -bin/hlr -bin/hls +bin/hlk +bin/hls-filesharer +bin/hls-messenger +bin/hls-pinger +bin/hls-remoter %%PORTDOCS%%%%DOCSDIR%%/CODESTYLE.md %%PORTDOCS%%%%DOCSDIR%%/DEF_PORTS.md %%PORTDOCS%%%%DOCSDIR%%/README.md diff --git a/security/hockeypuck/Makefile b/security/hockeypuck/Makefile index b7506daa1afa..4f76e01013f9 100644 --- a/security/hockeypuck/Makefile +++ b/security/hockeypuck/Makefile @@ -1,6 +1,6 @@ PORTNAME= hockeypuck DISTVERSION= 2.2.4 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MAINTAINER= me@svmhdvn.name diff --git a/security/honeytrap/Makefile b/security/honeytrap/Makefile index 4a3352865c03..ea11abf504e2 100644 --- a/security/honeytrap/Makefile +++ b/security/honeytrap/Makefile @@ -1,6 +1,6 @@ PORTNAME= honeytrap DISTVERSION= g20210510 -PORTREVISION= 29 +PORTREVISION= 30 CATEGORIES= security MAINTAINER= ezri.mudde@dutchsec.com diff --git a/security/horcrux/Makefile b/security/horcrux/Makefile index c59ca34bf592..3a26d585fb3a 100644 --- a/security/horcrux/Makefile +++ b/security/horcrux/Makefile @@ -1,7 +1,7 @@ PORTNAME= horcrux DISTVERSIONPREFIX= v DISTVERSION= 0.3 -PORTREVISION= 28 +PORTREVISION= 29 CATEGORIES= security MAINTAINER= lcook@FreeBSD.org diff --git a/security/kanidm/Makefile b/security/kanidm/Makefile index d26139ca5e75..54b16724b18c 100644 --- a/security/kanidm/Makefile +++ b/security/kanidm/Makefile @@ -1,6 +1,7 @@ PORTNAME= kanidm DISTVERSIONPREFIX= v DISTVERSION= 1.7.3 +PORTREVISION= 1 CATEGORIES= security net MAINTAINER= bofh@FreeBSD.org diff --git a/security/keybase/Makefile b/security/keybase/Makefile index cbee3c327569..89c01e84b716 100644 --- a/security/keybase/Makefile +++ b/security/keybase/Makefile @@ -1,7 +1,7 @@ PORTNAME= keybase PORTVERSION= 6.5.1 DISTVERSIONPREFIX= v -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= sunpoet@FreeBSD.org diff --git a/security/kpmenu/Makefile b/security/kpmenu/Makefile index d34c8fba9960..e2af7f3b7c7b 100644 --- a/security/kpmenu/Makefile +++ b/security/kpmenu/Makefile @@ -1,7 +1,7 @@ PORTNAME= kpmenu DISTVERSIONPREFIX= v DISTVERSION= 1.4.1 -PORTREVISION= 29 +PORTREVISION= 30 CATEGORIES= security MAINTAINER= bapt@FreeBSD.org diff --git a/security/lego/Makefile b/security/lego/Makefile index cdc574d87bc1..3dc4af5aefa6 100644 --- a/security/lego/Makefile +++ b/security/lego/Makefile @@ -1,6 +1,7 @@ PORTNAME= lego DISTVERSIONPREFIX= v DISTVERSION= 4.25.2 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= matt@matthoran.com diff --git a/security/libsecret/Makefile b/security/libsecret/Makefile index 43d6825802cd..9d01aa01e974 100644 --- a/security/libsecret/Makefile +++ b/security/libsecret/Makefile @@ -25,4 +25,6 @@ MESON_ARGS= -Dbash_completion=disabled # see PR 287429 / https://gitlab.gnome.org/GNOME/libsecret/-/issues/106 MESON_ARGS+= -Dc_args="-DHAVE_CMSGCRED" +PIE_UNSAFE= yes + .include <bsd.port.mk> diff --git a/security/libu2f-host/Makefile b/security/libu2f-host/Makefile deleted file mode 100644 index 19795061d2a8..000000000000 --- a/security/libu2f-host/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -PORTNAME= libu2f-host -PORTVERSION= 1.1.10 -DISTVERSIONPREFIX= ${PORTNAME}- -PORTREVISION= 2 -CATEGORIES= security devel - -MAINTAINER= ports@FreeBSD.org -COMMENT= Yubico Universal 2nd Factor (U2F) Host C Library -WWW= https://developers.yubico.com/libu2f-host/ - -LICENSE= LGPL21+ GPLv3+ -LICENSE_COMB= multi - -DEPRECATED= This project is deprecated and is no longer being maintained. libfido2 is a new project with support for U2F and FIDO2. Use security/libfido2 instead -EXPIRATION_DATE=2025-05-31 - -BUILD_DEPENDS= gengetopt:devel/gengetopt \ - gtk-doc>0:textproc/gtk-doc \ - help2man:misc/help2man -LIB_DEPENDS= libhidapi.so:comms/hidapi \ - libjson-c.so:devel/json-c -RUN_DEPENDS= ${LOCALBASE}/etc/devd/u2f.conf:security/u2f-devd - -USES= autoreconf pkgconfig gmake libtool -USE_LDCONFIG= yes -GNU_CONFIGURE= yes -GNU_CONFIGURE_MANPREFIX=${PREFIX}/share -CONFIGURE_ARGS= -enable-gtk-doc -INSTALL_TARGET= install-strip - -USE_GITHUB= yes -GH_ACCOUNT= Yubico - -OPTIONS_DEFINE= DOCS -OPTIONS_SUB= yes - -.include <bsd.port.mk> diff --git a/security/libu2f-host/distinfo b/security/libu2f-host/distinfo deleted file mode 100644 index 424c6964723c..000000000000 --- a/security/libu2f-host/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1559205280 -SHA256 (Yubico-libu2f-host-libu2f-host-1.1.10_GH0.tar.gz) = 45937c6c04349f865d9f047d3a68cc50ea24e9085d18ac2c7d31fa38eb749303 -SIZE (Yubico-libu2f-host-libu2f-host-1.1.10_GH0.tar.gz) = 145840 diff --git a/security/libu2f-host/files/patch-u2f-host-u2fmisc.c b/security/libu2f-host/files/patch-u2f-host-u2fmisc.c deleted file mode 100644 index 686fd3a0377b..000000000000 --- a/security/libu2f-host/files/patch-u2f-host-u2fmisc.c +++ /dev/null @@ -1,29 +0,0 @@ ---- u2f-host/u2fmisc.c.orig 2019-05-15 11:54:11 UTC -+++ u2f-host/u2fmisc.c -@@ -30,7 +30,7 @@ - #define u2fh_json_object_object_get(obj, key, value) json_object_object_get_ex(obj, key, &value) - #else - typedef int json_bool; --#define u2fh_json_object_object_get(obj, key, value) (value = json_object_object_get(obj, key)) == NULL ? (json_bool)FALSE : (json_bool)TRUE -+#define u2fh_json_object_object_get(obj, key, value) (value = json_object_object_get(obj, key)) == NULL ? 0 : 1 - #endif - - static void -@@ -114,7 +114,7 @@ prepare_origin (const char *jsonstr, unsigned char *p) - if (debug) - fprintf (stderr, "JSON: %s\n", json_object_to_json_string (jo)); - -- if (u2fh_json_object_object_get (jo, "appId", k) == FALSE) -+ if (u2fh_json_object_object_get (jo, "appId", k) == 0) - return U2FH_JSON_ERROR; - - app_id = json_object_get_string (k); -@@ -390,7 +390,7 @@ get_fixed_json_data (const char *jsonstr, const char * - if (debug) - fprintf (stderr, "JSON: %s\n", json_object_to_json_string (jo)); - -- if (u2fh_json_object_object_get (jo, key, k) == FALSE) -+ if (u2fh_json_object_object_get (jo, key, k) == 0) - return U2FH_JSON_ERROR; - - urlb64 = json_object_get_string (k); diff --git a/security/libu2f-host/pkg-descr b/security/libu2f-host/pkg-descr deleted file mode 100644 index 77126da87be0..000000000000 --- a/security/libu2f-host/pkg-descr +++ /dev/null @@ -1,3 +0,0 @@ -Libu2f-host provides a C library and command-line tool that implements the -host-side of the U2F protocol. There are APIs to talk to a U2F device and -perform the U2F Register and U2F Authenticate operations. diff --git a/security/libu2f-host/pkg-plist b/security/libu2f-host/pkg-plist deleted file mode 100644 index 9485c17eaf73..000000000000 --- a/security/libu2f-host/pkg-plist +++ /dev/null @@ -1,24 +0,0 @@ -bin/u2f-host -include/u2f-host/u2f-host-types.h -include/u2f-host/u2f-host-version.h -include/u2f-host/u2f-host.h -lib/libu2f-host.a -lib/libu2f-host.so -lib/libu2f-host.so.0 -lib/libu2f-host.so.0.1.10 -libdata/pkgconfig/u2f-host.pc -share/man/man1/u2f-host.1.gz -%%DOCS%%share/gtk-doc/html/u2f-host/home.png -%%DOCS%%share/gtk-doc/html/u2f-host/index.html -%%DOCS%%share/gtk-doc/html/u2f-host/intro.html -%%DOCS%%share/gtk-doc/html/u2f-host/left-insensitive.png -%%DOCS%%share/gtk-doc/html/u2f-host/left.png -%%DOCS%%share/gtk-doc/html/u2f-host/right-insensitive.png -%%DOCS%%share/gtk-doc/html/u2f-host/right.png -%%DOCS%%share/gtk-doc/html/u2f-host/style.css -%%DOCS%%share/gtk-doc/html/u2f-host/u2f-host-u2f-host-types.html -%%DOCS%%share/gtk-doc/html/u2f-host/u2f-host-u2f-host-version.html -%%DOCS%%share/gtk-doc/html/u2f-host/u2f-host-u2f-host.html -%%DOCS%%share/gtk-doc/html/u2f-host/u2f-host.devhelp2 -%%DOCS%%share/gtk-doc/html/u2f-host/up-insensitive.png -%%DOCS%%share/gtk-doc/html/u2f-host/up.png diff --git a/security/meek/Makefile b/security/meek/Makefile index afb92731ff83..9483477599f1 100644 --- a/security/meek/Makefile +++ b/security/meek/Makefile @@ -1,7 +1,7 @@ PORTNAME= meek DISTVERSIONPREFIX=v DISTVERSION= 0.37.0 -PORTREVISION= 25 +PORTREVISION= 26 CATEGORIES= security net MAINTAINER= egypcio@FreeBSD.org diff --git a/security/metasploit/Makefile b/security/metasploit/Makefile index de9d739a3813..424f1c11602f 100644 --- a/security/metasploit/Makefile +++ b/security/metasploit/Makefile @@ -1,6 +1,6 @@ PORTNAME= metasploit DISTVERSION= 6.4.58 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= tanawts@gmail.com diff --git a/security/naabu/Makefile b/security/naabu/Makefile index 35da9279b69d..383cfec25a03 100644 --- a/security/naabu/Makefile +++ b/security/naabu/Makefile @@ -1,7 +1,7 @@ PORTNAME= naabu DISTVERSIONPREFIX= v DISTVERSION= 2.3.5 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/nebula/Makefile b/security/nebula/Makefile index d38485d10c6d..d809fe4e5504 100644 --- a/security/nebula/Makefile +++ b/security/nebula/Makefile @@ -1,7 +1,7 @@ PORTNAME= nebula DISTVERSIONPREFIX= v DISTVERSION= 1.8.2 -PORTREVISION= 13 +PORTREVISION= 14 CATEGORIES= security MAINTAINER= ashish@FreeBSD.org diff --git a/security/netbird/Makefile b/security/netbird/Makefile index 1ea7f5225c50..9a0ac9619973 100644 --- a/security/netbird/Makefile +++ b/security/netbird/Makefile @@ -1,6 +1,7 @@ PORTNAME= netbird DISTVERSIONPREFIX= v DISTVERSION= 0.55.1 +PORTREVISION= 1 CATEGORIES= security net net-vpn MAINTAINER= hakan.external@netbird.io diff --git a/security/obfs4proxy-tor/Makefile b/security/obfs4proxy-tor/Makefile index 964c21c2f3fd..76b061e30825 100644 --- a/security/obfs4proxy-tor/Makefile +++ b/security/obfs4proxy-tor/Makefile @@ -1,6 +1,6 @@ PORTNAME= obfs4proxy DISTVERSION= 0.0.14 -PORTREVISION= 23 +PORTREVISION= 24 CATEGORIES= security net PKGNAMESUFFIX= -tor DISTFILES= ${DISTNAME}${EXTRACT_SUFX} diff --git a/security/onionscan/Makefile b/security/onionscan/Makefile index a3bf6157d030..b08feed23913 100644 --- a/security/onionscan/Makefile +++ b/security/onionscan/Makefile @@ -1,7 +1,7 @@ PORTNAME= onionscan DISTVERSIONPREFIX= OnionScan- DISTVERSION= 0.2 -PORTREVISION= 31 +PORTREVISION= 32 CATEGORIES= security net MAINTAINER= egypcio@FreeBSD.org diff --git a/security/openssl36/Makefile b/security/openssl36/Makefile new file mode 100644 index 000000000000..9604e260b8e0 --- /dev/null +++ b/security/openssl36/Makefile @@ -0,0 +1,206 @@ +PORTNAME= openssl +DISTVERSION= 3.6.0-alpha1 +PORTREVISION= 1 +CATEGORIES= security devel +PKGNAMESUFFIX= 36 +MASTER_SITES= https://github.com/openssl/openssl/releases/download/${DISTNAME}/ + +MAINTAINER= brnrd@FreeBSD.org +COMMENT= TLSv1.3 capable SSL and crypto library +WWW= https://www.openssl.org/ + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE.txt + +CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl111 openssl3[1234] openssl*-quictls + +HAS_CONFIGURE= yes +CONFIGURE_SCRIPT= config +CONFIGURE_ENV= PERL="${PERL}" +CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \ + --prefix=${PREFIX} + +USES= cpe perl5 +USE_PERL5= build +TEST_TARGET= test + +LDFLAGS_i386= -Wl,-znotext + +MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}" +MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS= + +OPTIONS_GROUP= CIPHERS COMPRESSION HASHES MODULES OPTIMIZE PQC \ + PROTOCOLS +OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 TLS-DEPRECATED-EC \ + WEAK-SSL-CIPHERS +OPTIONS_GROUP_COMPRESSION= BROTLI ZLIB ZSTD +OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3 +OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS THREADPOOL +OPTIONS_GROUP_PQC= ML-DSA ML-KEM SLH-DSA +OPTIONS_GROUP_MODULES= FIPS LEGACY +OPTIONS_DEFINE_i386= I386 +OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG QUIC SCTP SSL3 TLS1 TLS1_1 TLS1_2 + +OPTIONS_DEFINE= ASYNC CT FIPS-JITTER KTLS MAN3 RFC3779 SHARED + +OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST KTLS MAN3 MD4 ML-DSA ML-KEM \ + NEXTPROTONEG QUIC RFC3779 RC2 RC4 RMD160 SCTP SHARED SLH-DSA \ + SSE2 THREADPOOL THREADS TLS1 TLS1_1 TLS1_2 + +OPTIONS_GROUP_OPTIMIZE_amd64= EC + +.if ${MACHINE_ARCH} == "amd64" +OPTIONS_GROUP_OPTIMIZE+= EC +.elif ${MACHINE_ARCH} == "mips64el" +OPTIONS_GROUP_OPTIMIZE+= EC +.endif + +OPTIONS_SUB= yes + +ARIA_DESC= ARIA (South Korean standard) +ASM_DESC= Assembler code +ASYNC_DESC= Asynchronous mode +CIPHERS_DESC= Block Cipher Support +COMPRESSION_DESC= Compression Support +CT_DESC= Certificate Transparency Support +DES_DESC= (Triple) Data Encryption Standard +EC_DESC= Optimize NIST elliptic curves +FIPS_DESC= Build FIPS provider (Note: NOT yet FIPS validated) +FIPS-JITTER_DESC= Use JITTER seed source in FIPS provider +GOST_DESC= GOST (Russian standard) +HASHES_DESC= Hash Function Support +I386_DESC= i386 (instead of i486+) +IDEA_DESC= International Data Encryption Algorithm +KTLS_DESC= Use in-kernel TLS (FreeBSD >13) +LEGACY_DESC= Older algorithms +MAN3_DESC= Install API manpages (section 3, 7) +MD2_DESC= MD2 (obsolete) (requires LEGACY) +MD4_DESC= MD4 (unsafe) +MDC2_DESC= MDC-2 (patented, requires DES) +ML-DSA_DESC= ML-DSA CRYSTALS-Dilithium Digital Signature Algorithm +ML-KEM_DESC= ML-KEM Kyber Key Encapsulation Method +MODULES_DESC= Provider modules +NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY) +OPTIMIZE_DESC= Optimizations +PQC_DESC= Post-Quantum Cryptography +PROTOCOLS_DESC= Protocol Support +QUIC_DESC= HTTP/3 +RC2_DESC= RC2 (unsafe) +RC4_DESC= RC4 (unsafe) +RC5_DESC= RC5 (patented) +RMD160_DESC= RIPEMD-160 +RFC3779_DESC= RFC3779 support (BGP) +SCTP_DESC= SCTP (Stream Control Transmission) +SHARED_DESC= Build shared libraries +SLH-DSA_DESC= SLH-DSA Sphinx+ Digital Signature Algorithm +SM2_DESC= SM2 Elliptic Curve DH (Chinese standard) +SM3_DESC= SM3 256bit (Chinese standard) +SM4_DESC= SM4 128bit (Chinese standard) +SSE2_DESC= Runtime SSE2 detection +SSL3_DESC= SSLv3 (unsafe) +TLS-DEPRECATED-EC_DESC= Deprecated elliptic curve groups in TLS (unsafe) +TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2) +TLS1_1_DESC= TLSv1.1 (requires TLS1_2) +TLS1_2_DESC= TLSv1.2 +THREADPOOL_DESC=Thread Pooling support +WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe) + +# Upstream default disabled options +.for _option in brotli fips fips-jitter md2 ktls rc5 sctp ssl3 weak-ssl-ciphers zlib zstd +${_option:tu}_CONFIGURE_ON= enable-${_option} +.endfor + +# Upstream default enabled options +.for _option in aria asm async ct des gost idea md4 mdc2 ml-kem ml-dsa \ + legacy nextprotoneg quic rc2 rc4 rfc3779 rmd160 shared slh-dsa \ + sm2 sm3 sm4 sse2 threads tls-deprecated-ec tls1 tls1_1 tls1_2 +${_option:tu}_CONFIGURE_OFF= no-${_option} +.endfor + +FIPS-JITTER_IMPLIES= FIPS +MD2_IMPLIES= LEGACY +MDC2_IMPLIES= DES +TLS1_IMPLIES= TLS1_1 +TLS1_1_IMPLIES= TLS1_2 + +BROTLI_CFLAGS= -I${PREFIX}/include +BROTLI_CONFIGURE_ON= enable-brotli-dynamic +BROTLI_LIB_DEPENDS= libbrotlicommon.so:archivers/brotli +EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128 +FIPS_VARS= shlibs+=lib/ossl-modules/fips.so +I386_CONFIGURE_ON= 386 +FIPS-JITTER_CFLAGS= -I${PREFIX}/include +FIPS-JITTER_LDFLAGS= -L${PREFIX}/lib +FIPS-JITTER_BUILD_DEPENDS= ${LOCALBASE}/lib/libjitterentropy.a:devel/libjitterentropy +LEGACY_VARS= shlibs+=lib/ossl-modules/legacy.so +MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_find-doc-nits +SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER} +SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER} +SHARED_USE= ldconfig=yes +SHARED_VARS= shlibs+="lib/libcrypto.so.${OPENSSL_SHLIBVER} \ + lib/libssl.so.${OPENSSL_SHLIBVER} \ + lib/engines-${OPENSSL_SHLIBVER}/capi.so \ + lib/engines-${OPENSSL_SHLIBVER}/devcrypto.so \ + lib/engines-${OPENSSL_SHLIBVER}/padlock.so" +SSL3_CONFIGURE_ON= enable-ssl3 enable-ssl3-method +THREADPOOL_CONFIGURE_OFF= no-thread-pool +ZLIB_CONFIGURE_ON= zlib-dynamic +ZSTD_CFLAGS= -I${PREFIX}/include +ZSTD_CONFIGURE_ON= enable-zstd-dynamic +ZSTD_LIB_DEPENDS= libzstd.so:archivers/zstd + +SHLIBS= lib/engines-${OPENSSL_SHLIBVER}/loader_attic.so + +PORTSCOUT= limit:^${DISTVERSION:R:S/./\./g}\. + +.include <bsd.port.options.mk> + +.if ${ARCH} == powerpc64 +CONFIGURE_ARGS+= BSD-ppc64 +.elif ${ARCH} == powerpc64le +CONFIGURE_ARGS+= BSD-ppc64le +.elif ${ARCH} == riscv64 +CONFIGURE_ARGS+= BSD-riscv64 +.endif + +.include <bsd.port.pre.mk> +.if ${PREFIX} == /usr +IGNORE= the OpenSSL port can not be installed over the base version +.endif + +OPENSSLDIR?= ${PREFIX}/openssl +PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} + +.include "version.mk" + +post-patch: + ${REINPLACE_CMD} -Ee 's|^(build\|install)_docs: .*|\1_docs: \1_man_docs|' \ + ${WRKSRC}/Configurations/unix-Makefile.tmpl + ${REINPLACE_CMD} 's|SHLIB_VERSION=3|SHLIB_VERSION=${OPENSSL_SHLIBVER}|' \ + ${WRKSRC}/VERSION.dat + +post-configure: + ( cd ${WRKSRC} ; ${PERL} configdata.pm --dump ) + +post-configure-MAN3-off: + ${REINPLACE_CMD} \ + -e 's|^build_man_docs:.*|build_man_docs: $$(MANDOCS1) $$(MANDOCS5)|' \ + -e 's|dummy $$(MANDOCS[37]); do |dummy; do |' \ + ${WRKSRC}/Makefile + +post-install-SHARED-on: +.for i in ${SHLIBS} + -@${STRIP_CMD} ${STAGEDIR}${PREFIX}/$i +.endfor + +post-install-SHARED-off: + ${RMDIR} ${STAGEDIR}${PREFIX}/lib/engines-12 + +post-install: + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl + +post-install-MAN3-on: + ( cd ${STAGEDIR}/${PREFIX} ; find share/man/man3 -not -type d ; \ + find share/man/man7 -not -type d ) | sed 's/$$/.gz/' >> ${TMPPLIST} + +.include <bsd.port.post.mk> diff --git a/security/openssl36/distinfo b/security/openssl36/distinfo new file mode 100644 index 000000000000..864066f84ddb --- /dev/null +++ b/security/openssl36/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1756905754 +SHA256 (openssl-3.6.0-alpha1.tar.gz) = 214991128e68adbac1e41df435960c11a0899f762f9e586beb8112f2ca415778 +SIZE (openssl-3.6.0-alpha1.tar.gz) = 54968069 diff --git a/security/openssl36/files/extra-patch-ktls b/security/openssl36/files/extra-patch-ktls new file mode 100644 index 000000000000..8a46c272d95c --- /dev/null +++ b/security/openssl36/files/extra-patch-ktls @@ -0,0 +1,540 @@ +diff --git include/internal/ktls.h include/internal/ktls.h +index 95492fd065..3c82cae26b 100644 +--- include/internal/ktls.h ++++ include/internal/ktls.h +@@ -40,6 +40,11 @@ + # define OPENSSL_KTLS_AES_GCM_128 + # define OPENSSL_KTLS_AES_GCM_256 + # define OPENSSL_KTLS_TLS13 ++# ifdef TLS_CHACHA20_IV_LEN ++# ifndef OPENSSL_NO_CHACHA ++# define OPENSSL_KTLS_CHACHA20_POLY1305 ++# endif ++# endif + + typedef struct tls_enable ktls_crypto_info_t; + +diff --git ssl/ktls.c ssl/ktls.c +index 79d980959e..e343d382cc 100644 +--- ssl/ktls.c ++++ ssl/ktls.c +@@ -10,6 +10,67 @@ + #include "ssl_local.h" + #include "internal/ktls.h" + ++#ifndef OPENSSL_NO_KTLS_RX ++ /* ++ * Count the number of records that were not processed yet from record boundary. ++ * ++ * This function assumes that there are only fully formed records read in the ++ * record layer. If read_ahead is enabled, then this might be false and this ++ * function will fail. ++ */ ++static int count_unprocessed_records(SSL *s) ++{ ++ SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); ++ PACKET pkt, subpkt; ++ int count = 0; ++ ++ if (!PACKET_buf_init(&pkt, rbuf->buf + rbuf->offset, rbuf->left)) ++ return -1; ++ ++ while (PACKET_remaining(&pkt) > 0) { ++ /* Skip record type and version */ ++ if (!PACKET_forward(&pkt, 3)) ++ return -1; ++ ++ /* Read until next record */ ++ if (!PACKET_get_length_prefixed_2(&pkt, &subpkt)) ++ return -1; ++ ++ count += 1; ++ } ++ ++ return count; ++} ++ ++/* ++ * The kernel cannot offload receive if a partial TLS record has been read. ++ * Check the read buffer for unprocessed records. If the buffer contains a ++ * partial record, fail and return 0. Otherwise, update the sequence ++ * number at *rec_seq for the count of unprocessed records and return 1. ++ */ ++static int check_rx_read_ahead(SSL *s, unsigned char *rec_seq) ++{ ++ int bit, count_unprocessed; ++ ++ count_unprocessed = count_unprocessed_records(s); ++ if (count_unprocessed < 0) ++ return 0; ++ ++ /* increment the crypto_info record sequence */ ++ while (count_unprocessed) { ++ for (bit = 7; bit >= 0; bit--) { /* increment */ ++ ++rec_seq[bit]; ++ if (rec_seq[bit] != 0) ++ break; ++ } ++ count_unprocessed--; ++ ++ } ++ ++ return 1; ++} ++#endif ++ + #if defined(__FreeBSD__) + # include "crypto/cryptodev.h" + +@@ -37,6 +98,10 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, + case SSL_AES128GCM: + case SSL_AES256GCM: + return 1; ++# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 ++ case SSL_CHACHA20POLY1305: ++ return 1; ++# endif + case SSL_AES128: + case SSL_AES256: + if (s->ext.use_etm) +@@ -55,9 +120,9 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, + } + + /* Function to configure kernel TLS structure */ +-int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, ++int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + void *rl_sequence, ktls_crypto_info_t *crypto_info, +- unsigned char **rec_seq, unsigned char *iv, ++ int is_tx, unsigned char *iv, + unsigned char *key, unsigned char *mac_key, + size_t mac_secret_size) + { +@@ -71,6 +136,12 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + else + crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; + break; ++# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 ++ case SSL_CHACHA20POLY1305: ++ crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305; ++ crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd); ++ break; ++# endif + case SSL_AES128: + case SSL_AES256: + switch (s->s3.tmp.new_cipher->algorithm_mac) { +@@ -101,11 +172,11 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + crypto_info->tls_vminor = (s->version & 0x000000ff); + # ifdef TCP_RXTLS_ENABLE + memcpy(crypto_info->rec_seq, rl_sequence, sizeof(crypto_info->rec_seq)); +- if (rec_seq != NULL) +- *rec_seq = crypto_info->rec_seq; ++ if (!is_tx && !check_rx_read_ahead(s, crypto_info->rec_seq)) ++ return 0; + # else +- if (rec_seq != NULL) +- *rec_seq = NULL; ++ if (!is_tx) ++ return 0; + # endif + return 1; + }; +@@ -154,15 +225,20 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, + } + + /* Function to configure kernel TLS structure */ +-int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, ++int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + void *rl_sequence, ktls_crypto_info_t *crypto_info, +- unsigned char **rec_seq, unsigned char *iv, ++ int is_tx, unsigned char *iv, + unsigned char *key, unsigned char *mac_key, + size_t mac_secret_size) + { + unsigned char geniv[12]; + unsigned char *iiv = iv; + ++# ifdef OPENSSL_NO_KTLS_RX ++ if (!is_tx) ++ return 0; ++# endif ++ + if (s->version == TLS1_2_VERSION && + EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { + if (!EVP_CIPHER_CTX_get_updated_iv(dd, geniv, +@@ -186,8 +262,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_get_key_length(c)); + memcpy(crypto_info->gcm128.rec_seq, rl_sequence, + TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); +- if (rec_seq != NULL) +- *rec_seq = crypto_info->gcm128.rec_seq; ++ if (!is_tx && !check_rx_read_ahead(s, crypto_info->gcm128.rec_seq)) ++ return 0; + return 1; + # endif + # ifdef OPENSSL_KTLS_AES_GCM_256 +@@ -201,8 +277,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_get_key_length(c)); + memcpy(crypto_info->gcm256.rec_seq, rl_sequence, + TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); +- if (rec_seq != NULL) +- *rec_seq = crypto_info->gcm256.rec_seq; ++ if (!is_tx && !check_rx_read_ahead(s, crypto_info->gcm256.rec_seq)) ++ return 0; + return 1; + # endif + # ifdef OPENSSL_KTLS_AES_CCM_128 +@@ -216,8 +292,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_get_key_length(c)); + memcpy(crypto_info->ccm128.rec_seq, rl_sequence, + TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); +- if (rec_seq != NULL) +- *rec_seq = crypto_info->ccm128.rec_seq; ++ if (!is_tx && !check_rx_read_ahead(s, crypto_info->ccm128.rec_seq)) ++ return 0; + return 1; + # endif + # ifdef OPENSSL_KTLS_CHACHA20_POLY1305 +@@ -231,8 +307,10 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + EVP_CIPHER_get_key_length(c)); + memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence, + TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE); +- if (rec_seq != NULL) +- *rec_seq = crypto_info->chacha20poly1305.rec_seq; ++ if (!is_tx ++ && !check_rx_read_ahead(s, ++ crypto_info->chacha20poly1305.rec_seq)) ++ return 0; + return 1; + # endif + default: +diff --git ssl/record/ssl3_record.c ssl/record/ssl3_record.c +index d8ef018741..63caac080f 100644 +--- ssl/record/ssl3_record.c ++++ ssl/record/ssl3_record.c +@@ -185,18 +185,23 @@ int ssl3_get_record(SSL *s) + int imac_size; + size_t num_recs = 0, max_recs, j; + PACKET pkt, sslv2pkt; +- int is_ktls_left; ++ int using_ktls; + SSL_MAC_BUF *macbufs = NULL; + int ret = -1; + + rr = RECORD_LAYER_get_rrec(&s->rlayer); + rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); +- is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0); + max_recs = s->max_pipelines; + if (max_recs == 0) + max_recs = 1; + sess = s->session; + ++ /* ++ * KTLS reads full records. If there is any data left, ++ * then it is from before enabling ktls. ++ */ ++ using_ktls = BIO_get_ktls_recv(s->rbio) && SSL3_BUFFER_get_left(rbuf) == 0; ++ + do { + thisrr = &rr[num_recs]; + +@@ -361,7 +366,9 @@ int ssl3_get_record(SSL *s) + } + } + +- if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) { ++ if (SSL_IS_TLS13(s) ++ && s->enc_read_ctx != NULL ++ && !using_ktls) { + if (thisrr->type != SSL3_RT_APPLICATION_DATA + && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC + || !SSL_IS_FIRST_HANDSHAKE(s)) +@@ -391,7 +398,13 @@ int ssl3_get_record(SSL *s) + } + + if (SSL_IS_TLS13(s)) { +- if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) { ++ size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH; ++ ++ /* KTLS strips the inner record type. */ ++ if (using_ktls) ++ len = SSL3_RT_MAX_ENCRYPTED_LENGTH; ++ ++ if (thisrr->length > len) { + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, + SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + return -1; +@@ -409,7 +422,7 @@ int ssl3_get_record(SSL *s) + #endif + + /* KTLS may use all of the buffer */ +- if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) ++ if (using_ktls) + len = SSL3_BUFFER_get_left(rbuf); + + if (thisrr->length > len) { +@@ -518,11 +531,7 @@ int ssl3_get_record(SSL *s) + return 1; + } + +- /* +- * KTLS reads full records. If there is any data left, +- * then it is from before enabling ktls +- */ +- if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) ++ if (using_ktls) + goto skip_decryption; + + if (s->read_hash != NULL) { +@@ -677,21 +686,29 @@ int ssl3_get_record(SSL *s) + if (SSL_IS_TLS13(s) + && s->enc_read_ctx != NULL + && thisrr->type != SSL3_RT_ALERT) { +- size_t end; ++ /* ++ * The following logic are irrelevant in KTLS: the kernel provides ++ * unprotected record and thus record type represent the actual ++ * content type, and padding is already removed and thisrr->type and ++ * thisrr->length should have the correct values. ++ */ ++ if (!using_ktls) { ++ size_t end; + +- if (thisrr->length == 0 +- || thisrr->type != SSL3_RT_APPLICATION_DATA) { +- SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE); +- goto end; ++ if (thisrr->length == 0 ++ || thisrr->type != SSL3_RT_APPLICATION_DATA) { ++ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE); ++ goto end; ++ } ++ ++ /* Strip trailing padding */ ++ for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; ++ end--) ++ continue; ++ ++ thisrr->length = end; ++ thisrr->type = thisrr->data[end]; + } +- +- /* Strip trailing padding */ +- for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; +- end--) +- continue; +- +- thisrr->length = end; +- thisrr->type = thisrr->data[end]; + if (thisrr->type != SSL3_RT_APPLICATION_DATA + && thisrr->type != SSL3_RT_ALERT + && thisrr->type != SSL3_RT_HANDSHAKE) { +@@ -700,7 +717,7 @@ int ssl3_get_record(SSL *s) + } + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, +- &thisrr->data[end], 1, s, s->msg_callback_arg); ++ &thisrr->type, 1, s, s->msg_callback_arg); + } + + /* +@@ -723,8 +740,7 @@ int ssl3_get_record(SSL *s) + * Therefore we have to rely on KTLS to check the plaintext length + * limit in the kernel. + */ +- if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH +- && (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) { ++ if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH && !using_ktls) { + SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); + goto end; + } +diff --git ssl/ssl_local.h ssl/ssl_local.h +index 5471e900b8..79ced2f468 100644 +--- ssl/ssl_local.h ++++ ssl/ssl_local.h +@@ -2760,9 +2760,9 @@ __owur int ssl_log_secret(SSL *ssl, const char *label, + /* ktls.c */ + int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, + const EVP_CIPHER_CTX *dd); +-int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, ++int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, + void *rl_sequence, ktls_crypto_info_t *crypto_info, +- unsigned char **rec_seq, unsigned char *iv, ++ int is_tx, unsigned char *iv, + unsigned char *key, unsigned char *mac_key, + size_t mac_secret_size); + # endif +diff --git ssl/t1_enc.c ssl/t1_enc.c +index 237a19cd93..900ba14fbd 100644 +--- ssl/t1_enc.c ++++ ssl/t1_enc.c +@@ -98,42 +98,6 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) + return ret; + } + +-#ifndef OPENSSL_NO_KTLS +- /* +- * Count the number of records that were not processed yet from record boundary. +- * +- * This function assumes that there are only fully formed records read in the +- * record layer. If read_ahead is enabled, then this might be false and this +- * function will fail. +- */ +-# ifndef OPENSSL_NO_KTLS_RX +-static int count_unprocessed_records(SSL *s) +-{ +- SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); +- PACKET pkt, subpkt; +- int count = 0; +- +- if (!PACKET_buf_init(&pkt, rbuf->buf + rbuf->offset, rbuf->left)) +- return -1; +- +- while (PACKET_remaining(&pkt) > 0) { +- /* Skip record type and version */ +- if (!PACKET_forward(&pkt, 3)) +- return -1; +- +- /* Read until next record */ +- if (!PACKET_get_length_prefixed_2(&pkt, &subpkt)) +- return -1; +- +- count += 1; +- } +- +- return count; +-} +-# endif +-#endif +- +- + int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, + const EVP_CIPHER *ciph, + const EVP_MD *md) +@@ -201,12 +165,7 @@ int tls1_change_cipher_state(SSL *s, int which) + int reuse_dd = 0; + #ifndef OPENSSL_NO_KTLS + ktls_crypto_info_t crypto_info; +- unsigned char *rec_seq; + void *rl_sequence; +-# ifndef OPENSSL_NO_KTLS_RX +- int count_unprocessed; +- int bit; +-# endif + BIO *bio; + #endif + +@@ -473,30 +432,11 @@ int tls1_change_cipher_state(SSL *s, int which) + else + rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); + +- if (!ktls_configure_crypto(s, c, dd, rl_sequence, &crypto_info, &rec_seq, +- iv, key, ms, *mac_secret_size)) ++ if (!ktls_configure_crypto(s, c, dd, rl_sequence, &crypto_info, ++ which & SSL3_CC_WRITE, iv, key, ms, ++ *mac_secret_size)) + goto skip_ktls; + +- if (which & SSL3_CC_READ) { +-# ifndef OPENSSL_NO_KTLS_RX +- count_unprocessed = count_unprocessed_records(s); +- if (count_unprocessed < 0) +- goto skip_ktls; +- +- /* increment the crypto_info record sequence */ +- while (count_unprocessed) { +- for (bit = 7; bit >= 0; bit--) { /* increment */ +- ++rec_seq[bit]; +- if (rec_seq[bit] != 0) +- break; +- } +- count_unprocessed--; +- } +-# else +- goto skip_ktls; +-# endif +- } +- + /* ktls works with user provided buffers directly */ + if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) { + if (which & SSL3_CC_WRITE) +diff --git ssl/tls13_enc.c ssl/tls13_enc.c +index 12388922e3..eaab0e2a74 100644 +--- ssl/tls13_enc.c ++++ ssl/tls13_enc.c +@@ -434,6 +434,7 @@ int tls13_change_cipher_state(SSL *s, int which) + const EVP_CIPHER *cipher = NULL; + #if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13) + ktls_crypto_info_t crypto_info; ++ void *rl_sequence; + BIO *bio; + #endif + +@@ -688,8 +689,7 @@ int tls13_change_cipher_state(SSL *s, int which) + s->statem.enc_write_state = ENC_WRITE_STATE_VALID; + #ifndef OPENSSL_NO_KTLS + # if defined(OPENSSL_KTLS_TLS13) +- if (!(which & SSL3_CC_WRITE) +- || !(which & SSL3_CC_APPLICATION) ++ if (!(which & SSL3_CC_APPLICATION) + || (s->options & SSL_OP_ENABLE_KTLS) == 0) + goto skip_ktls; + +@@ -705,7 +705,10 @@ int tls13_change_cipher_state(SSL *s, int which) + if (!ktls_check_supported_cipher(s, cipher, ciph_ctx)) + goto skip_ktls; + +- bio = s->wbio; ++ if (which & SSL3_CC_WRITE) ++ bio = s->wbio; ++ else ++ bio = s->rbio; + + if (!ossl_assert(bio != NULL)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); +@@ -713,18 +716,26 @@ int tls13_change_cipher_state(SSL *s, int which) + } + + /* All future data will get encrypted by ktls. Flush the BIO or skip ktls */ +- if (BIO_flush(bio) <= 0) +- goto skip_ktls; ++ if (which & SSL3_CC_WRITE) { ++ if (BIO_flush(bio) <= 0) ++ goto skip_ktls; ++ } + + /* configure kernel crypto structure */ +- if (!ktls_configure_crypto(s, cipher, ciph_ctx, +- RECORD_LAYER_get_write_sequence(&s->rlayer), +- &crypto_info, NULL, iv, key, NULL, 0)) ++ if (which & SSL3_CC_WRITE) ++ rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer); ++ else ++ rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); ++ ++ if (!ktls_configure_crypto(s, cipher, ciph_ctx, rl_sequence, &crypto_info, ++ which & SSL3_CC_WRITE, iv, key, NULL, 0)) + goto skip_ktls; + + /* ktls works with user provided buffers directly */ +- if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) +- ssl3_release_write_buffer(s); ++ if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) { ++ if (which & SSL3_CC_WRITE) ++ ssl3_release_write_buffer(s); ++ } + skip_ktls: + # endif + #endif +diff --git test/sslapitest.c test/sslapitest.c +index 2911d6e94b..faf2eec2bc 100644 +--- test/sslapitest.c ++++ test/sslapitest.c +@@ -1243,7 +1243,7 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, + #if defined(OPENSSL_NO_KTLS_RX) + rx_supported = 0; + #else +- rx_supported = (tls_version != TLS1_3_VERSION); ++ rx_supported = 1; + #endif + if (!cis_ktls || !rx_supported) { + if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio))) diff --git a/security/openssl36/files/extra-patch-util_find-doc-nits b/security/openssl36/files/extra-patch-util_find-doc-nits new file mode 100644 index 000000000000..bf70e9fee1ac --- /dev/null +++ b/security/openssl36/files/extra-patch-util_find-doc-nits @@ -0,0 +1,20 @@ +--- util/find-doc-nits.orig 2023-09-07 09:00:22 UTC ++++ util/find-doc-nits +@@ -80,7 +80,7 @@ my $temp = '/tmp/docnits.txt'; + my $OUT; + my $status = 0; + +-$opt_m = "man1,man3,man5,man7" unless $opt_m; ++$opt_m = "man1,man5" unless $opt_m; + die "Argument of -m option may contain only man1, man3, man5, and/or man7" + unless $opt_m =~ /^(man[1357][, ]?)*$/; + my @sections = ( split /[, ]/, $opt_m ); +@@ -725,7 +725,7 @@ sub check { + next if $target eq ''; # Skip if links within page, or + next if $target =~ /::/; # links to a Perl module, or + next if $target =~ /^https?:/; # is a URL link, or +- next if $target =~ /\([1357]\)$/; # it has a section ++ next if $target =~ /\([15]\)$/; # it has a section + err($id, "Missing man section number (likely, $mansect) in L<$target>") + } + # Check for proper links to commands. diff --git a/security/openssl36/files/patch-Configurations_10-main.conf b/security/openssl36/files/patch-Configurations_10-main.conf new file mode 100644 index 000000000000..82503c0ff90c --- /dev/null +++ b/security/openssl36/files/patch-Configurations_10-main.conf @@ -0,0 +1,35 @@ +--- Configurations/10-main.conf.orig 2022-04-12 16:29:42 UTC ++++ Configurations/10-main.conf +@@ -1069,6 +1069,32 @@ my %targets = ( + perlasm_scheme => "linux64", + }, + ++ "BSD-ppc" => { ++ inherit_from => [ "BSD-generic32" ], ++ asm_arch => 'ppc32', ++ perlasm_scheme => "linux32", ++ lib_cppflags => add("-DB_ENDIAN"), ++ }, ++ ++ "BSD-ppc64" => { ++ inherit_from => [ "BSD-generic64" ], ++ cflags => add("-m64"), ++ cxxflags => add("-m64"), ++ lib_cppflags => add("-DB_ENDIAN"), ++ asm_arch => 'ppc64', ++ perlasm_scheme => "linux64", ++ }, ++ ++ "BSD-ppc64le" => { ++ inherit_from => [ "BSD-generic64" ], ++ cflags => add("-m64"), ++ cxxflags => add("-m64"), ++ lib_cppflags => add("-DL_ENDIAN"), ++ asm_arch => 'ppc64', ++ perlasm_scheme => "linux64le", ++ }, ++ ++ + "bsdi-elf-gcc" => { + inherit_from => [ "BASE_unix" ], + CC => "gcc", diff --git a/security/openssl36/files/patch-crypto_threads__pthread.c b/security/openssl36/files/patch-crypto_threads__pthread.c new file mode 100644 index 000000000000..3347170e0bd0 --- /dev/null +++ b/security/openssl36/files/patch-crypto_threads__pthread.c @@ -0,0 +1,13 @@ +--- crypto/threads_pthread.c.orig 2022-11-01 14:14:36 UTC ++++ crypto/threads_pthread.c +@@ -29,6 +29,10 @@ + #define BROKEN_CLANG_ATOMICS + #endif + ++#if defined(__FreeBSD__) && defined(__i386__) ++#define BROKEN_CLANG_ATOMICS ++#endif ++ + #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) + + # if defined(OPENSSL_SYS_UNIX) diff --git a/security/openssl36/pkg-descr b/security/openssl36/pkg-descr new file mode 100644 index 000000000000..c7704288547a --- /dev/null +++ b/security/openssl36/pkg-descr @@ -0,0 +1,13 @@ +The OpenSSL Project is a collaborative effort to develop a robust, +commercial-grade, full-featured, and Open Source toolkit implementing +the Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1, +v1.1, v1.2, v1.3) protocols with full-strength cryptography world-wide. +The project is managed by a worldwide community of volunteers that use +the Internet to communicate, plan, and develop the OpenSSL tookit +and its related documentation. + +OpenSSL is based on the excellent SSLeay library developed by Eric +A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under +an Apache-style licence, which basically means that you are free +to get and use it for commercial and non-commercial purposes subject +to some simple license conditions. diff --git a/security/openssl36/pkg-message b/security/openssl36/pkg-message new file mode 100644 index 000000000000..0ed980ee3513 --- /dev/null +++ b/security/openssl36/pkg-message @@ -0,0 +1,14 @@ +[ +{ type: install + message: <<EOM +This OpenSSL version is in an ALPHA stage +Do NOT use for production! +EOM +} +{ type: upgrade + message: <<EOM +This OpenSSL version is in an ALPHA stage +Do NOT use for production! +EOM +} +] diff --git a/security/openssl36/pkg-plist b/security/openssl36/pkg-plist new file mode 100644 index 000000000000..7bd599c31899 --- /dev/null +++ b/security/openssl36/pkg-plist @@ -0,0 +1,286 @@ +bin/c_rehash +bin/openssl +include/openssl/aes.h +include/openssl/asn1.h +include/openssl/asn1err.h +include/openssl/asn1t.h +include/openssl/async.h +include/openssl/asyncerr.h +include/openssl/bio.h +include/openssl/bioerr.h +include/openssl/blowfish.h +include/openssl/bn.h +include/openssl/bnerr.h +include/openssl/buffer.h +include/openssl/buffererr.h +include/openssl/byteorder.h +include/openssl/camellia.h +include/openssl/cast.h +include/openssl/cmac.h +include/openssl/cmp.h +include/openssl/cmp_util.h +include/openssl/cmperr.h +include/openssl/cms.h +include/openssl/cmserr.h +include/openssl/comp.h +include/openssl/comperr.h +include/openssl/conf.h +include/openssl/conf_api.h +include/openssl/conferr.h +include/openssl/configuration.h +include/openssl/conftypes.h +include/openssl/core.h +include/openssl/core_dispatch.h +include/openssl/core_names.h +include/openssl/core_object.h +include/openssl/crmf.h +include/openssl/crmferr.h +include/openssl/crypto.h +include/openssl/cryptoerr.h +include/openssl/cryptoerr_legacy.h +include/openssl/ct.h +include/openssl/cterr.h +include/openssl/decoder.h +include/openssl/decodererr.h +include/openssl/des.h +include/openssl/dh.h +include/openssl/dherr.h +include/openssl/dsa.h +include/openssl/dsaerr.h +include/openssl/dtls1.h +include/openssl/e_os2.h +include/openssl/e_ostime.h +include/openssl/ebcdic.h +include/openssl/ec.h +include/openssl/ecdh.h +include/openssl/ecdsa.h +include/openssl/ecerr.h +include/openssl/encoder.h +include/openssl/encodererr.h +include/openssl/engine.h +include/openssl/engineerr.h +include/openssl/err.h +include/openssl/ess.h +include/openssl/esserr.h +include/openssl/evp.h +include/openssl/evperr.h +include/openssl/fips_names.h +include/openssl/fipskey.h +include/openssl/hmac.h +include/openssl/hpke.h +include/openssl/http.h +include/openssl/httperr.h +include/openssl/idea.h +include/openssl/indicator.h +include/openssl/kdf.h +include/openssl/kdferr.h +include/openssl/lhash.h +include/openssl/macros.h +include/openssl/md2.h +include/openssl/md4.h +include/openssl/md5.h +include/openssl/mdc2.h +include/openssl/ml_kem.h +include/openssl/modes.h +include/openssl/obj_mac.h +include/openssl/objects.h +include/openssl/objectserr.h +include/openssl/ocsp.h +include/openssl/ocsperr.h +include/openssl/opensslconf.h +include/openssl/opensslv.h +include/openssl/ossl_typ.h +include/openssl/param_build.h +include/openssl/params.h +include/openssl/pem.h +include/openssl/pem2.h +include/openssl/pemerr.h +include/openssl/pkcs12.h +include/openssl/pkcs12err.h +include/openssl/pkcs7.h +include/openssl/pkcs7err.h +include/openssl/prov_ssl.h +include/openssl/proverr.h +include/openssl/provider.h +include/openssl/quic.h +include/openssl/rand.h +include/openssl/randerr.h +include/openssl/rc2.h +include/openssl/rc4.h +include/openssl/rc5.h +include/openssl/ripemd.h +include/openssl/rsa.h +include/openssl/rsaerr.h +include/openssl/safestack.h +include/openssl/seed.h +include/openssl/self_test.h +include/openssl/sha.h +include/openssl/srp.h +include/openssl/srtp.h +include/openssl/ssl.h +include/openssl/ssl2.h +include/openssl/ssl3.h +include/openssl/sslerr.h +include/openssl/sslerr_legacy.h +include/openssl/stack.h +include/openssl/store.h +include/openssl/storeerr.h +include/openssl/symhacks.h +include/openssl/thread.h +include/openssl/tls1.h +include/openssl/trace.h +include/openssl/ts.h +include/openssl/tserr.h +include/openssl/txt_db.h +include/openssl/types.h +include/openssl/ui.h +include/openssl/uierr.h +include/openssl/whrlpool.h +include/openssl/x509.h +include/openssl/x509_acert.h +include/openssl/x509_vfy.h +include/openssl/x509err.h +include/openssl/x509v3.h +include/openssl/x509v3err.h +lib/cmake/OpenSSL/OpenSSLConfig.cmake +lib/cmake/OpenSSL/OpenSSLConfigVersion.cmake +%%SHARED%%lib/engines-%%SHLIBVER%%/capi.so +%%SHARED%%lib/engines-%%SHLIBVER%%/devcrypto.so +%%SHARED%%lib/engines-%%SHLIBVER%%/loader_attic.so +%%SHARED%%lib/engines-%%SHLIBVER%%/padlock.so +lib/libcrypto.a +%%SHARED%%lib/libcrypto.so +%%SHARED%%lib/libcrypto.so.%%SHLIBVER%% +lib/libssl.a +%%SHARED%%lib/libssl.so +%%SHARED%%lib/libssl.so.%%SHLIBVER%% +%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so +%%LEGACY%%%%SHARED%%lib/ossl-modules/legacy.so +libdata/pkgconfig/libcrypto.pc +libdata/pkgconfig/libssl.pc +libdata/pkgconfig/openssl.pc +share/man/man1/CA.pl.1ossl.gz +share/man/man1/asn1parse.1ossl.gz +share/man/man1/c_rehash.1ossl.gz +share/man/man1/ca.1ossl.gz +share/man/man1/ciphers.1ossl.gz +share/man/man1/cmp.1ossl.gz +share/man/man1/cms.1ossl.gz +share/man/man1/crl.1ossl.gz +share/man/man1/crl2pkcs7.1ossl.gz +share/man/man1/dgst.1ossl.gz +share/man/man1/dhparam.1ossl.gz +share/man/man1/dsa.1ossl.gz +share/man/man1/dsaparam.1ossl.gz +share/man/man1/ec.1ossl.gz +share/man/man1/ecparam.1ossl.gz +share/man/man1/enc.1ossl.gz +share/man/man1/engine.1ossl.gz +share/man/man1/errstr.1ossl.gz +share/man/man1/gendsa.1ossl.gz +share/man/man1/genpkey.1ossl.gz +share/man/man1/genrsa.1ossl.gz +share/man/man1/info.1ossl.gz +share/man/man1/kdf.1ossl.gz +share/man/man1/mac.1ossl.gz +share/man/man1/nseq.1ossl.gz +share/man/man1/ocsp.1ossl.gz +share/man/man1/openssl-asn1parse.1ossl.gz +share/man/man1/openssl-ca.1ossl.gz +share/man/man1/openssl-ciphers.1ossl.gz +share/man/man1/openssl-cmds.1ossl.gz +share/man/man1/openssl-cmp.1ossl.gz +share/man/man1/openssl-cms.1ossl.gz +share/man/man1/openssl-configutl.1ossl.gz +share/man/man1/openssl-crl.1ossl.gz +share/man/man1/openssl-crl2pkcs7.1ossl.gz +share/man/man1/openssl-dgst.1ossl.gz +share/man/man1/openssl-dhparam.1ossl.gz +share/man/man1/openssl-dsa.1ossl.gz +share/man/man1/openssl-dsaparam.1ossl.gz +share/man/man1/openssl-ec.1ossl.gz +share/man/man1/openssl-ecparam.1ossl.gz +share/man/man1/openssl-enc.1ossl.gz +share/man/man1/openssl-engine.1ossl.gz +share/man/man1/openssl-errstr.1ossl.gz +share/man/man1/openssl-fipsinstall.1ossl.gz +share/man/man1/openssl-format-options.1ossl.gz +share/man/man1/openssl-gendsa.1ossl.gz +share/man/man1/openssl-genpkey.1ossl.gz +share/man/man1/openssl-genrsa.1ossl.gz +share/man/man1/openssl-info.1ossl.gz +share/man/man1/openssl-kdf.1ossl.gz +share/man/man1/openssl-list.1ossl.gz +share/man/man1/openssl-mac.1ossl.gz +share/man/man1/openssl-namedisplay-options.1ossl.gz +share/man/man1/openssl-nseq.1ossl.gz +share/man/man1/openssl-ocsp.1ossl.gz +share/man/man1/openssl-passphrase-options.1ossl.gz +share/man/man1/openssl-passwd.1ossl.gz +share/man/man1/openssl-pkcs12.1ossl.gz +share/man/man1/openssl-pkcs7.1ossl.gz +share/man/man1/openssl-pkcs8.1ossl.gz +share/man/man1/openssl-pkey.1ossl.gz +share/man/man1/openssl-pkeyparam.1ossl.gz +share/man/man1/openssl-pkeyutl.1ossl.gz +share/man/man1/openssl-prime.1ossl.gz +share/man/man1/openssl-rand.1ossl.gz +share/man/man1/openssl-rehash.1ossl.gz +share/man/man1/openssl-req.1ossl.gz +share/man/man1/openssl-rsa.1ossl.gz +share/man/man1/openssl-rsautl.1ossl.gz +share/man/man1/openssl-s_client.1ossl.gz +share/man/man1/openssl-s_server.1ossl.gz +share/man/man1/openssl-s_time.1ossl.gz +share/man/man1/openssl-sess_id.1ossl.gz +share/man/man1/openssl-skeyutl.1ossl.gz +share/man/man1/openssl-smime.1ossl.gz +share/man/man1/openssl-speed.1ossl.gz +share/man/man1/openssl-spkac.1ossl.gz +share/man/man1/openssl-srp.1ossl.gz +share/man/man1/openssl-storeutl.1ossl.gz +share/man/man1/openssl-ts.1ossl.gz +share/man/man1/openssl-verification-options.1ossl.gz +share/man/man1/openssl-verify.1ossl.gz +share/man/man1/openssl-version.1ossl.gz +share/man/man1/openssl-x509.1ossl.gz +share/man/man1/openssl.1ossl.gz +share/man/man1/passwd.1ossl.gz +share/man/man1/pkcs12.1ossl.gz +share/man/man1/pkcs7.1ossl.gz +share/man/man1/pkcs8.1ossl.gz +share/man/man1/pkey.1ossl.gz +share/man/man1/pkeyparam.1ossl.gz +share/man/man1/pkeyutl.1ossl.gz +share/man/man1/prime.1ossl.gz +share/man/man1/rand.1ossl.gz +share/man/man1/rehash.1ossl.gz +share/man/man1/req.1ossl.gz +share/man/man1/rsa.1ossl.gz +share/man/man1/rsautl.1ossl.gz +share/man/man1/s_client.1ossl.gz +share/man/man1/s_server.1ossl.gz +share/man/man1/s_time.1ossl.gz +share/man/man1/sess_id.1ossl.gz +share/man/man1/smime.1ossl.gz +share/man/man1/speed.1ossl.gz +share/man/man1/spkac.1ossl.gz +share/man/man1/srp.1ossl.gz +share/man/man1/storeutl.1ossl.gz +share/man/man1/ts.1ossl.gz +share/man/man1/tsget.1ossl.gz +share/man/man1/verify.1ossl.gz +share/man/man1/version.1ossl.gz +share/man/man1/x509.1ossl.gz +share/man/man5/config.5ossl.gz +share/man/man5/fips_config.5ossl.gz +share/man/man5/x509v3_config.5ossl.gz +%%OPENSSLDIR%%/misc/CA.pl +@comment %%OPENSSLDIR%%/misc/tsget.pl +%%OPENSSLDIR%%/misc/tsget +@sample %%OPENSSLDIR%%/ct_log_list.cnf.dist %%OPENSSLDIR%%/ct_log_list.cnf +%%FIPS%%%%OPENSSLDIR%%/fipsmodule.cnf +@sample %%OPENSSLDIR%%/openssl.cnf.dist %%OPENSSLDIR%%/openssl.cnf +@dir lib/ossl-modules +@dir %%OPENSSLDIR%%/private +@dir %%OPENSSLDIR%%/certs diff --git a/security/openssl36/version.mk b/security/openssl36/version.mk new file mode 100644 index 000000000000..7bf1106dadd0 --- /dev/null +++ b/security/openssl36/version.mk @@ -0,0 +1 @@ +OPENSSL_SHLIBVER?= 18 diff --git a/security/openvpn-auth-oauth2/Makefile b/security/openvpn-auth-oauth2/Makefile index 444fc1962136..921a17d7fca6 100644 --- a/security/openvpn-auth-oauth2/Makefile +++ b/security/openvpn-auth-oauth2/Makefile @@ -1,6 +1,7 @@ PORTNAME= openvpn-auth-oauth2 DISTVERSIONPREFIX= v DISTVERSION= 1.25.2 +PORTREVISION= 1 CATEGORIES= security net net-vpn MAINTAINER= otis@FreeBSD.org diff --git a/security/openvpn-devel/Makefile b/security/openvpn-devel/Makefile index bf3005b49f02..bc04c60e5f14 100644 --- a/security/openvpn-devel/Makefile +++ b/security/openvpn-devel/Makefile @@ -1,5 +1,5 @@ PORTNAME= openvpn -DISTVERSION= g20250801 +DISTVERSION= g20250905 PORTREVISION= 0 # leave in even if 0 to avoid accidental PORTEPOCH bumps PORTEPOCH= 1 CATEGORIES= security net net-vpn @@ -21,7 +21,7 @@ LIB_DEPENDS+= liblzo2.so:archivers/lzo2 USES= autoreconf cpe libtool pkgconfig python:build shebangfix tar:xz IGNORE_SSL= libressl libressl-devel USE_GITLAB= yes -GL_TAGNAME= 7b1b283478ec008fad163c8a54659a1ed97ed727 +GL_TAGNAME= 1e7b9a0fb021f0a64e76369f4efd2001d50ef42b USE_RC_SUBR= openvpn SHEBANG_FILES= sample/sample-scripts/auth-pam.pl \ @@ -63,7 +63,6 @@ OPTIONS_EXCLUDE_FreeBSD_13= DCO # FreeBSD 14 only DCO_DESC= Build with Data Channel Offload (ovpn(4)) support EASYRSA_DESC= Install security/easy-rsa RSA helper package -MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3) PKCS11_DESC= Use security/pkcs11-helper SMALL_DESC= Build a smaller executable with fewer features X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) @@ -77,7 +76,7 @@ EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4 LZ4_CONFIGURE_OFF= --disable-lz4 -MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls2 +MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls3 MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls OPENSSL_USES= ssl diff --git a/security/openvpn-devel/distinfo b/security/openvpn-devel/distinfo index 642485f91297..5af62172f472 100644 --- a/security/openvpn-devel/distinfo +++ b/security/openvpn-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1754042576 -SHA256 (openvpn-openvpn-7b1b283478ec008fad163c8a54659a1ed97ed727_GL0.tar.gz) = 6aae8dff746465fa30cfebece17aee8b5c8b18def9d1f44385403d9a5a17d942 -SIZE (openvpn-openvpn-7b1b283478ec008fad163c8a54659a1ed97ed727_GL0.tar.gz) = 1330547 +TIMESTAMP = 1757057338 +SHA256 (openvpn-openvpn-1e7b9a0fb021f0a64e76369f4efd2001d50ef42b_GL0.tar.gz) = bbc283697162a50ea3a107c00f319216eba8ec0ba4b2ff4ea29ca85f92d60f3a +SIZE (openvpn-openvpn-1e7b9a0fb021f0a64e76369f4efd2001d50ef42b_GL0.tar.gz) = 1333583 diff --git a/security/osv-scanner/Makefile b/security/osv-scanner/Makefile index a67332b5ff08..e1b4fc3acda3 100644 --- a/security/osv-scanner/Makefile +++ b/security/osv-scanner/Makefile @@ -1,6 +1,7 @@ PORTNAME= osv-scanner DISTVERSIONPREFIX= v DISTVERSION= 2.2.1 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/p5-CPAN-Audit/Makefile b/security/p5-CPAN-Audit/Makefile index 952aab98f16a..2dc3c0e06245 100644 --- a/security/p5-CPAN-Audit/Makefile +++ b/security/p5-CPAN-Audit/Makefile @@ -1,5 +1,5 @@ PORTNAME= CPAN-Audit -PORTVERSION= 20250115.001 +PORTVERSION= 20250829.001 CATEGORIES= security perl5 MASTER_SITES= CPAN PKGNAMEPREFIX= p5- diff --git a/security/p5-CPAN-Audit/distinfo b/security/p5-CPAN-Audit/distinfo index 4492473e7a23..3c03376eda2a 100644 --- a/security/p5-CPAN-Audit/distinfo +++ b/security/p5-CPAN-Audit/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1737010616 -SHA256 (CPAN-Audit-20250115.001.tar.gz) = 4052d1ffe721805af4203ab3af9da3e3193ce30ef98bab67d01c1fc4a147f708 -SIZE (CPAN-Audit-20250115.001.tar.gz) = 32382 +TIMESTAMP = 1756709907 +SHA256 (CPAN-Audit-20250829.001.tar.gz) = ec711a2277e01dc813954dfc698ffc2dbfca83c7e16252cfdfba7333b12cd502 +SIZE (CPAN-Audit-20250829.001.tar.gz) = 32403 diff --git a/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/Makefile b/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/Makefile deleted file mode 100644 index 2a1ba4015789..000000000000 --- a/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/Makefile +++ /dev/null @@ -1,27 +0,0 @@ -PORTNAME= Dancer-Plugin-Auth-Extensible-Provider-Usergroup -PORTVERSION= 0.21 -PORTREVISION= 2 -CATEGORIES= security perl5 -MASTER_SITES= CPAN -PKGNAMEPREFIX= p5- - -MAINTAINER= perl@FreeBSD.org -COMMENT= Extensible authentication framework for Dancer apps -WWW= https://metacpan.org/pod/Dancer::Plugin::Auth::Extensible::Provider::Usergroup - -LICENSE= ART10 GPLv1+ -LICENSE_COMB= dual - -DEPRECATED= Depends on expired security/p5-Data-Entropy via security/p5-Dancer-Plugin-Passphrase -EXPIRATION_DATE=2025-09-01 - -BUILD_DEPENDS= ${RUN_DEPENDS} -RUN_DEPENDS= p5-Dancer>=1.3118:www/p5-Dancer \ - p5-Dancer-Plugin-Auth-Extensible>=0:security/p5-Dancer-Plugin-Auth-Extensible \ - p5-Dancer-Plugin-Passphrase>=0:security/p5-Dancer-Plugin-Passphrase \ - p5-Dancer-Plugin-DBIC>=0:databases/p5-Dancer-Plugin-DBIC - -USES= perl5 -USE_PERL5= configure - -.include <bsd.port.mk> diff --git a/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/distinfo b/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/distinfo deleted file mode 100644 index 6923eb3bd9d4..000000000000 --- a/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (Dancer-Plugin-Auth-Extensible-Provider-Usergroup-0.21.tar.gz) = 3917f4e0568d892e57a5941230ac261e66ae024bbc57f8e04bf1ceb1c46612a6 -SIZE (Dancer-Plugin-Auth-Extensible-Provider-Usergroup-0.21.tar.gz) = 10033 diff --git a/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/pkg-descr b/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/pkg-descr deleted file mode 100644 index 298b35a308ff..000000000000 --- a/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/pkg-descr +++ /dev/null @@ -1,4 +0,0 @@ -authenticate as a member of a group - -Define that a user must be logged in and have the proper permissions to -access a route diff --git a/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/pkg-plist b/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/pkg-plist deleted file mode 100644 index b8a29876bdfe..000000000000 --- a/security/p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup/pkg-plist +++ /dev/null @@ -1,2 +0,0 @@ -%%PERL5_MAN3%%/Dancer::Plugin::Auth::Extensible::Provider::Usergroup.3.gz -%%SITE_PERL%%/Dancer/Plugin/Auth/Extensible/Provider/Usergroup.pm diff --git a/security/p5-Dancer-Plugin-Passphrase/Makefile b/security/p5-Dancer-Plugin-Passphrase/Makefile deleted file mode 100644 index 4ae937fe5568..000000000000 --- a/security/p5-Dancer-Plugin-Passphrase/Makefile +++ /dev/null @@ -1,29 +0,0 @@ -PORTNAME= Dancer-Plugin-Passphrase -PORTVERSION= 2.0.1 -PORTREVISION= 2 -CATEGORIES= security perl5 -MASTER_SITES= CPAN -MASTER_SITE_SUBDIR= CPAN:JAITKEN -PKGNAMEPREFIX= p5- - -MAINTAINER= perl@FreeBSD.org -COMMENT= Passphrases and Passwords as objects for Dancer -WWW= https://metacpan.org/release/Dancer-Plugin-Passphrase - -LICENSE= ART10 GPLv1+ -LICENSE_COMB= dual -LICENSE_FILE= ${WRKSRC}/LICENSE - -DEPRECATED= Depends on expired security/p5-Data-Entropy -EXPIRATION_DATE=2025-09-01 - -BUILD_DEPENDS= ${RUN_DEPENDS} -RUN_DEPENDS= p5-Dancer>=0:www/p5-Dancer \ - p5-Data-Entropy>=0.005:security/p5-Data-Entropy \ - p5-Digest-Bcrypt>=0:security/p5-Digest-Bcrypt - -NO_ARCH= yes -USES= perl5 -USE_PERL5= configure - -.include <bsd.port.mk> diff --git a/security/p5-Dancer-Plugin-Passphrase/distinfo b/security/p5-Dancer-Plugin-Passphrase/distinfo deleted file mode 100644 index dc3dc85dcd8e..000000000000 --- a/security/p5-Dancer-Plugin-Passphrase/distinfo +++ /dev/null @@ -1,2 +0,0 @@ -SHA256 (Dancer-Plugin-Passphrase-2.0.1.tar.gz) = 33b49fd46cf6732ccf2b0cf2761c6e72911e9e029f93b914a1f8b7f7ea4f7ba5 -SIZE (Dancer-Plugin-Passphrase-2.0.1.tar.gz) = 25992 diff --git a/security/p5-Dancer-Plugin-Passphrase/pkg-descr b/security/p5-Dancer-Plugin-Passphrase/pkg-descr deleted file mode 100644 index d10429f90a92..000000000000 --- a/security/p5-Dancer-Plugin-Passphrase/pkg-descr +++ /dev/null @@ -1,4 +0,0 @@ -Dancer::Plugin::Passphrase manages the hashing of passwords for Dancer apps, -allowing developers to follow cryptography best practices without having to -become a cryptography expert. It uses the bcrypt algorithm as the default, -while also supporting any hashing function provided by Digest. diff --git a/security/p5-Dancer-Plugin-Passphrase/pkg-plist b/security/p5-Dancer-Plugin-Passphrase/pkg-plist deleted file mode 100644 index 59e6cb2e5a92..000000000000 --- a/security/p5-Dancer-Plugin-Passphrase/pkg-plist +++ /dev/null @@ -1,2 +0,0 @@ -%%SITE_PERL%%/Dancer/Plugin/Passphrase.pm -%%PERL5_MAN3%%/Dancer::Plugin::Passphrase.3.gz diff --git a/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/Makefile b/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/Makefile deleted file mode 100644 index 8e9c296c3689..000000000000 --- a/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/Makefile +++ /dev/null @@ -1,28 +0,0 @@ -PORTNAME= Dancer2-Plugin-Auth-Extensible-Provider-Usergroup -PORTVERSION= 0.709 -CATEGORIES= security perl5 -MASTER_SITES= CPAN -PKGNAMEPREFIX= p5- - -MAINTAINER= perl@FreeBSD.org -COMMENT= Extensible authentication framework for Dancer2 apps -WWW= https://metacpan.org/release/Dancer2-Plugin-Auth-Extensible-Provider-Usergroup - -LICENSE= ART10 GPLv1+ -LICENSE_COMB= dual - -DEPRECATED= Depends on expired security/p5-Data-Entropy via security/p5-Dancer2-Plugin-Passphrase -EXPIRATION_DATE=2025-09-01 - -BUILD_DEPENDS= ${RUN_DEPENDS} -RUN_DEPENDS= p5-Dancer2>=0.204001:www/p5-Dancer2 \ - p5-Dancer2-Plugin-Auth-Extensible>=0.709:security/p5-Dancer2-Plugin-Auth-Extensible \ - p5-Dancer2-Plugin-Passphrase>=3.3.0:security/p5-Dancer2-Plugin-Passphrase \ - p5-Dancer2-Plugin-DBIC>=0.0013:databases/p5-Dancer2-Plugin-DBIC - -USES= perl5 -USE_PERL5= configure - -NO_ARCH= yes - -.include <bsd.port.mk> diff --git a/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/distinfo b/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/distinfo deleted file mode 100644 index 50e050b0e6ff..000000000000 --- a/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1595416755 -SHA256 (Dancer2-Plugin-Auth-Extensible-Provider-Usergroup-0.709.tar.gz) = ea182b6ba4166597f34e23099a2d694ce930c8472a1cf65a6583d0547228dd42 -SIZE (Dancer2-Plugin-Auth-Extensible-Provider-Usergroup-0.709.tar.gz) = 13017 diff --git a/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/pkg-descr b/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/pkg-descr deleted file mode 100644 index bf30ea5f1cae..000000000000 --- a/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/pkg-descr +++ /dev/null @@ -1,2 +0,0 @@ -Define that a user must be logged in and have the proper permissions to -access a route diff --git a/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/pkg-plist b/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/pkg-plist deleted file mode 100644 index 27e9162c43f2..000000000000 --- a/security/p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup/pkg-plist +++ /dev/null @@ -1,2 +0,0 @@ -%%SITE_PERL%%/Dancer2/Plugin/Auth/Extensible/Provider/Usergroup.pm -%%PERL5_MAN3%%/Dancer2::Plugin::Auth::Extensible::Provider::Usergroup.3.gz diff --git a/security/p5-Dancer2-Plugin-Passphrase/Makefile b/security/p5-Dancer2-Plugin-Passphrase/Makefile deleted file mode 100644 index 9ccffa262016..000000000000 --- a/security/p5-Dancer2-Plugin-Passphrase/Makefile +++ /dev/null @@ -1,28 +0,0 @@ -PORTNAME= Dancer2-Plugin-Passphrase -PORTVERSION= 3.4.1 -CATEGORIES= security perl5 -MASTER_SITES= CPAN -PKGNAMEPREFIX= p5- - -MAINTAINER= perl@FreeBSD.org -COMMENT= Passphrases and Passwords as objects for Dancer2 -WWW= https://metacpan.org/release/Dancer2-Plugin-Passphrase - -LICENSE= ART10 GPLv1+ -LICENSE_COMB= dual - -DEPRECATED= Depends on expired security/p5-Data-Entropy -EXPIRATION_DATE=2025-09-01 - -BUILD_DEPENDS= ${RUN_DEPENDS} -RUN_DEPENDS= p5-Crypt-Bcrypt>=0.006:security/p5-Crypt-Bcrypt \ - p5-Dancer2>=0.200000:www/p5-Dancer2 \ - p5-Data-Entropy>=0.007:security/p5-Data-Entropy \ - p5-Digest-Bcrypt>=1.212:security/p5-Digest-Bcrypt - -USES= perl5 -USE_PERL5= configure - -NO_ARCH= yes - -.include <bsd.port.mk> diff --git a/security/p5-Dancer2-Plugin-Passphrase/distinfo b/security/p5-Dancer2-Plugin-Passphrase/distinfo deleted file mode 100644 index 3c4aabeebc7b..000000000000 --- a/security/p5-Dancer2-Plugin-Passphrase/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1654275989 -SHA256 (Dancer2-Plugin-Passphrase-3.4.1.tar.gz) = ea18cae7fc21b0db92b7ca0544ad97947a8442afdf78a39fb4aa2eaf514cf50f -SIZE (Dancer2-Plugin-Passphrase-3.4.1.tar.gz) = 19675 diff --git a/security/p5-Dancer2-Plugin-Passphrase/pkg-descr b/security/p5-Dancer2-Plugin-Passphrase/pkg-descr deleted file mode 100644 index 063cdc71f28f..000000000000 --- a/security/p5-Dancer2-Plugin-Passphrase/pkg-descr +++ /dev/null @@ -1,4 +0,0 @@ -Dancer2::Plugin::Passphrase manages the hashing of passwords for Dancer apps, -allowing developers to follow cryptography best practices without having to -become a cryptography expert. It uses the bcrypt algorithm as the default, -while also supporting any hashing function provided by Digest. diff --git a/security/p5-Dancer2-Plugin-Passphrase/pkg-plist b/security/p5-Dancer2-Plugin-Passphrase/pkg-plist deleted file mode 100644 index 6b920ec57fdc..000000000000 --- a/security/p5-Dancer2-Plugin-Passphrase/pkg-plist +++ /dev/null @@ -1,6 +0,0 @@ -%%SITE_PERL%%/Dancer2/Plugin/Passphrase.pm -%%SITE_PERL%%/Dancer2/Plugin/Passphrase/Core.pm -%%SITE_PERL%%/Dancer2/Plugin/Passphrase/Hashed.pm -%%PERL5_MAN3%%/Dancer2::Plugin::Passphrase.3.gz -%%PERL5_MAN3%%/Dancer2::Plugin::Passphrase::Core.3.gz -%%PERL5_MAN3%%/Dancer2::Plugin::Passphrase::Hashed.3.gz diff --git a/security/p5-Data-Entropy/Makefile b/security/p5-Data-Entropy/Makefile deleted file mode 100644 index 9908d5079b59..000000000000 --- a/security/p5-Data-Entropy/Makefile +++ /dev/null @@ -1,30 +0,0 @@ -PORTNAME= Data-Entropy -PORTVERSION= 0.008 -CATEGORIES= security perl5 -MASTER_SITES= CPAN -PKGNAMEPREFIX= p5- - -MAINTAINER= perl@FreeBSD.org -COMMENT= Entropy (randomness) management -WWW= https://metacpan.org/release/Data-Entropy - -LICENSE= ART10 GPLv1+ -LICENSE_COMB= dual - -DEPRECATED= The maintainer of this distribution has indicated that it is deprecated and no longer suitable for use -EXPIRATION_DATE=2025-05-31 - -BUILD_DEPENDS= ${RUN_DEPENDS} -RUN_DEPENDS= p5-Crypt-Rijndael>=0:security/p5-Crypt-Rijndael \ - p5-Crypt-URandom>=0.36:security/p5-Crypt-URandom \ - p5-Data-Float>=0.008:math/p5-Data-Float \ - p5-HTTP-Lite>=2.20:www/p5-HTTP-Lite \ - p5-Module-Build>=0:devel/p5-Module-Build \ - p5-Params-Classify>=0:devel/p5-Params-Classify - -USES= perl5 -USE_PERL5= configure - -NO_ARCH= yes - -.include <bsd.port.mk> diff --git a/security/p5-Data-Entropy/distinfo b/security/p5-Data-Entropy/distinfo deleted file mode 100644 index e50fa82fd6e0..000000000000 --- a/security/p5-Data-Entropy/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1744289416 -SHA256 (Data-Entropy-0.008.tar.gz) = 18a52b1386e82c6b8cdb384a39861d60220a442a790e077010be72dd853b67b3 -SIZE (Data-Entropy-0.008.tar.gz) = 40697 diff --git a/security/p5-Data-Entropy/pkg-descr b/security/p5-Data-Entropy/pkg-descr deleted file mode 100644 index e308b55388d9..000000000000 --- a/security/p5-Data-Entropy/pkg-descr +++ /dev/null @@ -1,18 +0,0 @@ -This module maintains a concept of a current selection of entropy -source. Algorithms that require entropy can use the source nominated -by this module, avoiding the need for entropy source objects to be -explicitly passed around. This is convenient because usually one -entropy source will be used for an entire program run and so an -explicit entropy source parameter would rarely vary. There is also a -default entropy source, avoiding the need to explicitly configure a -source at all. - -If nothing is done to set a source then it defaults to the use of -Rijndael (AES) in counter mode (see -Data::Entropy::RawSource::CryptCounter and Crypt::Rijndael), keyed -using Perl's built-in rand function. This gives a data stream that -looks like concentrated entropy, but really only has at most the -entropy of the rand seed. Within a single run it is cryptographically -difficult to detect the correlation between parts of the -pseudo-entropy stream. If more true entropy is required then it is -necessary to configure a different entropy source. diff --git a/security/p5-Data-Entropy/pkg-plist b/security/p5-Data-Entropy/pkg-plist deleted file mode 100644 index e83105a04eb9..000000000000 --- a/security/p5-Data-Entropy/pkg-plist +++ /dev/null @@ -1,14 +0,0 @@ -%%SITE_PERL%%/Data/Entropy.pm -%%SITE_PERL%%/Data/Entropy/Algorithms.pm -%%SITE_PERL%%/Data/Entropy/RawSource/CryptCounter.pm -%%SITE_PERL%%/Data/Entropy/RawSource/Local.pm -%%SITE_PERL%%/Data/Entropy/RawSource/RandomOrg.pm -%%SITE_PERL%%/Data/Entropy/RawSource/RandomnumbersInfo.pm -%%SITE_PERL%%/Data/Entropy/Source.pm -%%PERL5_MAN3%%/Data::Entropy.3.gz -%%PERL5_MAN3%%/Data::Entropy::Algorithms.3.gz -%%PERL5_MAN3%%/Data::Entropy::RawSource::CryptCounter.3.gz -%%PERL5_MAN3%%/Data::Entropy::RawSource::Local.3.gz -%%PERL5_MAN3%%/Data::Entropy::RawSource::RandomOrg.3.gz -%%PERL5_MAN3%%/Data::Entropy::RawSource::RandomnumbersInfo.3.gz -%%PERL5_MAN3%%/Data::Entropy::Source.3.gz diff --git a/security/pam_rssh/Makefile b/security/pam_rssh/Makefile index dcea9616f1c4..07652f65ae6e 100644 --- a/security/pam_rssh/Makefile +++ b/security/pam_rssh/Makefile @@ -1,7 +1,7 @@ PORTNAME= pam_rssh DISTVERSIONPREFIX=v DISTVERSION= 1.1.0 -PORTREVISION= 18 +PORTREVISION= 19 CATEGORIES= security MAINTAINER= romain@FreeBSD.org diff --git a/security/pdfrip/Makefile b/security/pdfrip/Makefile index afb4e2d25e80..bf4a65566578 100644 --- a/security/pdfrip/Makefile +++ b/security/pdfrip/Makefile @@ -1,6 +1,7 @@ PORTNAME= pdfrip DISTVERSIONPREFIX= v DISTVERSION= 2.0.1 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= fox@FreeBSD.org diff --git a/security/picocrypt/Makefile b/security/picocrypt/Makefile index c713ce6cc77b..f6483ced31b9 100644 --- a/security/picocrypt/Makefile +++ b/security/picocrypt/Makefile @@ -1,6 +1,6 @@ PORTNAME= picocrypt DISTVERSION= 1.49 # Missing modules.txt, generate one with `go mod vendor` and place it in ${FILESDIR} -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= eduardo@FreeBSD.org diff --git a/security/pwdsafety/Makefile b/security/pwdsafety/Makefile index c143543bf2cc..23dfe9f40408 100644 --- a/security/pwdsafety/Makefile +++ b/security/pwdsafety/Makefile @@ -1,7 +1,7 @@ PORTNAME= pwdsafety DISTVERSIONPREFIX= v DISTVERSION= 0.4.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= olgeni@FreeBSD.org diff --git a/security/py-bcrypt/Makefile b/security/py-bcrypt/Makefile index fe1618ce8018..f600a9238ade 100644 --- a/security/py-bcrypt/Makefile +++ b/security/py-bcrypt/Makefile @@ -1,6 +1,6 @@ PORTNAME= bcrypt DISTVERSION= 4.3.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-certifi/Makefile b/security/py-certifi/Makefile index 43a6cf3fd110..7931c8da5906 100644 --- a/security/py-certifi/Makefile +++ b/security/py-certifi/Makefile @@ -1,5 +1,5 @@ PORTNAME= certifi -PORTVERSION= 2025.7.14 +PORTVERSION= 2025.8.3 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-certifi/distinfo b/security/py-certifi/distinfo index 693b25863be4..46a418fec79c 100644 --- a/security/py-certifi/distinfo +++ b/security/py-certifi/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752566722 -SHA256 (certifi-2025.7.14.tar.gz) = 8ea99dbdfaaf2ba2f9bac77b9249ef62ec5218e7c2b2e903378ed5fccf765995 -SIZE (certifi-2025.7.14.tar.gz) = 163981 +TIMESTAMP = 1755062576 +SHA256 (certifi-2025.8.3.tar.gz) = e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407 +SIZE (certifi-2025.8.3.tar.gz) = 162386 diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile index b42dbc8ae694..4196068bf9b6 100644 --- a/security/py-cryptography/Makefile +++ b/security/py-cryptography/Makefile @@ -1,6 +1,6 @@ PORTNAME= cryptography PORTVERSION= 44.0.3 -PORTREVISION= 2 +PORTREVISION= 3 PORTEPOCH= 1 CATEGORIES= security python MASTER_SITES= PYPI diff --git a/security/py-onlykey/Makefile b/security/py-onlykey/Makefile deleted file mode 100644 index ef1985208211..000000000000 --- a/security/py-onlykey/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -PORTNAME= onlykey -PORTVERSION= 1.2.2 -PORTREVISION= 4 -CATEGORIES= security python -MASTER_SITES= PYPI -PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} - -MAINTAINER= dmytro@posteo.net -COMMENT= Python command line tool for configuring and using OnlyKey -WWW= https://github.com/trustcrypto/python-onlykey - -LICENSE= MIT - -DEPRECATED= Depends on expired security/libu2f-host -EXPIRATION_DATE=2025-09-01 - -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}hidapi>0:comms/py-hidapi@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}aenum>0:devel/py-aenum@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}six>0:devel/py-six@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}prompt-toolkit>=2:devel/py-prompt-toolkit@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pynacl>=1.4.0:security/py-pynacl@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}ecdsa>=0.13:security/py-ecdsa@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}cython>=0.23.4:lang/cython@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}libusb1>0:devel/py-libusb1@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}uhid-freebsd>0:devel/py-uhid-freebsd@${PY_FLAVOR} \ - u2f-host:security/libu2f-host - -USES= python -USE_PYTHON= autoplist distutils - -SUB_FILES= pkg-message - -PLIST_FILES= "@sample ${PREFIX}/etc/devd/onlykey.conf.sample" \ - "${PREFIX}/share/man/man1/onlykey-cli.1.gz" - -NO_ARCH= yes - -post-install: - @${MKDIR} ${STAGEDIR}${PREFIX}/etc/devd - ${INSTALL_DATA} ${FILESDIR}/onlykey.conf.sample \ - ${STAGEDIR}${PREFIX}/etc/devd - ${INSTALL_MAN} ${FILESDIR}/onlykey-cli.1 ${STAGEDIR}${PREFIX}/share/man/man1 - -.include <bsd.port.mk> diff --git a/security/py-onlykey/distinfo b/security/py-onlykey/distinfo deleted file mode 100644 index 7e00628c1ffa..000000000000 --- a/security/py-onlykey/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1603049784 -SHA256 (onlykey-1.2.2.tar.gz) = b17197715e9197885574a0806cce8af087756f99c87d27415be7d15e967a6be2 -SIZE (onlykey-1.2.2.tar.gz) = 11911 diff --git a/security/py-onlykey/files/onlykey-cli.1 b/security/py-onlykey/files/onlykey-cli.1 deleted file mode 100644 index d8bf2f0583cb..000000000000 --- a/security/py-onlykey/files/onlykey-cli.1 +++ /dev/null @@ -1,230 +0,0 @@ -.Dd October 23, 2020 -.Dt ONLYKEY-CLI 1 -.Os -.Sh NAME -.Nm onlykey-cli -.Nd Python client for interacting with the OnlyKey -.Sh SYNOPSIS -.Nm -.Op Ar command -.Sh DESCRIPTION -.Nm -is a command line interface to the OnlyKey that can be used for -configuration (similar functionality to OnlyKey App). You can either -provide a -.Ar command -to get it executed immediately or run -.Nm -without parameters to open an interactive prompt and type commands there. -.Sh COMMANDS -.Bl -tag -width 2n -.It Xo -.Cm init -.Xc -.Pp -Sets OnlyKey into initial configuration mode (setting PIN). -.It Xo -.Cm settime -.Xc -.Pp -Sets time on OnlyKey, time is needed for TOTP (Google Authenticator). -.It Xo -.Cm getlabels -.Xc -.Pp -Prints label for each slot. -.It Xo -.Cm getkeylabels -.Xc -.Pp -Prints key label for each RSA and ECC key. -.It Xo -.Cm setslot -.Ar slot_id -.Ar type -.Ar value -.Xc -.Pp -For the specified slot sets parameter of the specified -.Ar type -to the -.Ar value -provided. -.Bl -tag -width indent -.It Ar slot_id -Slot id: 1a-6b. -.It Ar type -Type of the parameter to set. Must be one of the following: -.Bl -tag -offset 4n -width 8n -.It Sy label -The slot label. -.It Sy url -URL of the login page. -.It Sy delay1 -Delay after entering URL, seconds: 0-9. -.It Sy add_char1 -Additional character before username: 1 for TAB, 0 to clear. -.It Sy username -Username to login. -.It Sy add_char2 -Additional character after username: 1 for TAB, 2 for RETURN. -.It Sy delay2 -Delay after entering username, seconds: 0-9. -.It Sy password -Password to login. -.It Sy add_char3 -Additional character after password: 1 for TAB, 2 for RETURN. -.It Sy delay3 -Delay after entering password, seconds: 0-9. -.It Sy add_char4 -Additional character before OTP: 1 for TAB, 2 for RETURN. -.It Sy 2fa -Type of two factor authentication: g for Google Authenticator, y - Yubico OTP, u - U2F. -.It Sy totpkey -Google Authenticator key. -.It Sy add_char5 -Additional character after OTP: 1 for TAB, 2 for RETURN. -.El -.It Ar value -Value to set, see accepted values in each parameter type description above. -.El -.It Xo -.Cm wipeslot -.Ar slot_id -.Xc -.Pp -Erases all the data (URL/username/password/label/etc.) of the slot with provided -.Ar slot_id -(1a-6b). -.It Xo -.Cm setkey -.Ar key_slot -.Ar key_type -.Xc -.Pp -Sets custom key of provided -.Ar key_type -to the -.Ar key_slot . -.It Xo -.Cm wipekey -.Ar key_slot -.Xc -.Pp -Wipes custom key from the provided -.Ar key_slot . -.It Xo -.Cm idletimeout -.Ar timeout -.Xc -.Pp -Sets the OnlyKey auto-lock time value to -.Ar timout -minutes: 1-255; default is 30; 0 to disable. -.It Xo -.Cm wipemode -.Ar mode_id -.Xc -.Pp -Configures how the OnlyKey responds to a factory reset. Accepted -.Ar mode_id -values are: -.Bl -tag -width indent -.It 1 -Only sensitive data will be wiped (default). -.It 2 -Entire OnlyKey device will be wiped, including firmware. Firmware must be -reloaded after factory reset. This mode is recommended for plausible -deniability users. WARNING: setting to this mode cannot be changed. -.El -.It Xo -.Cm keylayout -.Ar layout_id -.Xc -.Pp -Configures the OnlyKey keyboard layout. Accepted -.Ar layout_id -values are: -.Bl -tag -width indent -.It 1 -USA_ENGLISH (default). -.It 2 -CANADIAN_FRENCH. -.It 3 -CANADIAN_MULTILINGUAL. -.It 4 -DANISH. -.It 5 -FINNISH. -.It 6 -FRENCH. -.It 7 -FRENCH_BELGIAN. -.It 8 -FRENCH_SWISS. -.It 9 -GERMAN. -.It 10 -GERMAN_MAC. -.It 11 -GERMAN_SWISS. -.It 12 -ICELANDIC. -.It 13 -IRISH. -.It 14 -ITALIAN. -.It 15 -NORWEGIAN. -.It 16 -PORTUGUESE. -.It 17 -PORTUGUESE_BRAZILIAN. -.It 18 -SPANISH. -.It 19 -SPANISH_LATIN_AMERICA. -.It 20 -SWEDISH. -.It 21 -TURKISH. -.It 22 -UNITED_KINGDOM. -.It 23 -CZECH. -.It 24 -SERBIAN_LATIN_ONLY. -.It 25 -HUNGARIAN. -.El -.It Xo -.Cm keytypespeed -.Ar speed -.Xc -.Pp -Sets type -.Ar speed -: 1 is slowest; 10 is fastest; 4 is default. -.Sh BUGS -Sometimes the -.Nm -doesn't recognize that PIN has been entered and the OnlyKey in unlocked -successfully. -In such case any command to the OnlyKey fails with an -error 'OnlyKey is locked, enter PIN to unlock'. -The workaround for such issue is to just retry one more time. -.Sh AUTHORS -This manual page is a -.Xr mdoc 7 -reimplementation of the OnlyKey PIP module's README.md, -modified and customized for -.Fx . The -.Xr mdoc 7 -implementation of this manual page was initially written by -.An Dmytro Bilokha Aq dmytro@posteo.net . -.Sh WWW -Main OnlyKey product page: https://onlykey.io/ - -OnlyKey documentation site: https://docs.crp.to/ - -Source code: https://github.com/trustcrypto/python-onlykey diff --git a/security/py-onlykey/files/onlykey.conf.sample b/security/py-onlykey/files/onlykey.conf.sample deleted file mode 100644 index 703ab3be66de..000000000000 --- a/security/py-onlykey/files/onlykey.conf.sample +++ /dev/null @@ -1,31 +0,0 @@ -# OnlyKey Security KEY -notify 100 { - match "system" "USB"; - match "subsystem" "DEVICE"; - match "type" "ATTACH"; - match "vendor" "0x1d50"; - match "product" "0x60fc"; - action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; -}; - -notify 100 { - match "system" "USB"; - match "subsystem" "DEVICE"; - match "type" "ATTACH"; - match "vendor" "0x16c0"; - match "product" "0x0486"; - action "chgrp u2f /dev/$cdev; chmod g+rw /dev/$cdev"; -}; - -attach 100 { - match "vendor" "0x1d50"; - match "product" "0x60fc"; - action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; -}; - -attach 100 { - match "vendor" "0x16c0"; - match "product" "0x0486"; - action "chgrp u2f /dev/$device-name; chmod g+rw /dev/$device-name"; -}; - diff --git a/security/py-onlykey/files/pkg-message.in b/security/py-onlykey/files/pkg-message.in deleted file mode 100644 index 3b82056a0726..000000000000 --- a/security/py-onlykey/files/pkg-message.in +++ /dev/null @@ -1,8 +0,0 @@ -[ -{ type: install - message: <<EOM -By default the usage of OnlyKey will be allowed to users of the 'u2f' -group. To override this edit %%PREFIX%%/etc/devd/onlykey.conf -EOM -} -] diff --git a/security/py-onlykey/pkg-descr b/security/py-onlykey/pkg-descr deleted file mode 100644 index 05fff212216a..000000000000 --- a/security/py-onlykey/pkg-descr +++ /dev/null @@ -1,2 +0,0 @@ -Python command line tool for configuring and using the OnlyKey -hardware password manager. diff --git a/security/py-yara-python-dex/Makefile b/security/py-yara-python-dex/Makefile index c311734a66db..316aaa8d2e14 100644 --- a/security/py-yara-python-dex/Makefile +++ b/security/py-yara-python-dex/Makefile @@ -1,6 +1,5 @@ PORTNAME= yara-python-dex -PORTVERSION= 1.0.7.1 -PORTREVISION= 1 +PORTVERSION= 1.0.9 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -26,6 +25,6 @@ USE_PYTHON= distutils LDFLAGS+= -s .endif -PLIST_SUB= VER=${PORTVERSION:R} +PLIST_FILES= %%PYTHON_SITELIBDIR%%/yara%%PYTHON_TAG%%.so .include <bsd.port.mk> diff --git a/security/py-yara-python-dex/distinfo b/security/py-yara-python-dex/distinfo index 5a6611163bd9..d1571c0f5ca6 100644 --- a/security/py-yara-python-dex/distinfo +++ b/security/py-yara-python-dex/distinfo @@ -1,6 +1,6 @@ -TIMESTAMP = 1736800627 -SHA256 (MobSF-yara-python-dex-1.0.7.1_GH0.tar.gz) = 9b2febf8341d724480ee15f94adde22ea6f9f902346f59e2e9b92ec029b7ade2 -SIZE (MobSF-yara-python-dex-1.0.7.1_GH0.tar.gz) = 4505 +TIMESTAMP = 1757003675 +SHA256 (MobSF-yara-python-dex-1.0.9_GH0.tar.gz) = 1e135345d961f019c5dd31a85876aa6552aa471a9604fcc5683c85fab93e7425 +SIZE (MobSF-yara-python-dex-1.0.9_GH0.tar.gz) = 4748 SHA256 (VirusTotal-yara-python-188cb6e85137f715fef563f61c6b4f21ad026562_GH0.tar.gz) = f685495d280ba2105fa4ca31e0ac8173f16c93c28514c2e66b25a57c7d2d45b8 SIZE (VirusTotal-yara-python-188cb6e85137f715fef563f61c6b4f21ad026562_GH0.tar.gz) = 31860 SHA256 (VirusTotal-yara-ed1a1a430c64cf908b61a5fadc3958866a840bc6_GH0.tar.gz) = 282b97f106076f389e8f74e8e957bdcefbe87cc34887a8be6b5efd64cc96f920 diff --git a/security/py-yara-python-dex/pkg-plist b/security/py-yara-python-dex/pkg-plist deleted file mode 100644 index 5f948a5fbca8..000000000000 --- a/security/py-yara-python-dex/pkg-plist +++ /dev/null @@ -1,6 +0,0 @@ -%%PYTHON_SITELIBDIR%%/yara%%PYTHON_TAG%%.so -%%PYTHON_SITELIBDIR%%/yara_python_dex-%%VER%%-py%%PYTHON_VER%%.egg-info/PKG-INFO -%%PYTHON_SITELIBDIR%%/yara_python_dex-%%VER%%-py%%PYTHON_VER%%.egg-info/SOURCES.txt -%%PYTHON_SITELIBDIR%%/yara_python_dex-%%VER%%-py%%PYTHON_VER%%.egg-info/dependency_links.txt -%%PYTHON_SITELIBDIR%%/yara_python_dex-%%VER%%-py%%PYTHON_VER%%.egg-info/not-zip-safe -%%PYTHON_SITELIBDIR%%/yara_python_dex-%%VER%%-py%%PYTHON_VER%%.egg-info/top_level.txt diff --git a/security/rage-encryption/Makefile b/security/rage-encryption/Makefile index 6a0dd637ff94..688f7197901f 100644 --- a/security/rage-encryption/Makefile +++ b/security/rage-encryption/Makefile @@ -1,7 +1,7 @@ PORTNAME= rage DISTVERSIONPREFIX= v DISTVERSION= 0.11.1 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security PKGNAMESUFFIX= -encryption diff --git a/security/ratify/Makefile b/security/ratify/Makefile index db9db6f9fdb5..8c9a246dcef4 100644 --- a/security/ratify/Makefile +++ b/security/ratify/Makefile @@ -1,6 +1,6 @@ PORTNAME= ratify DISTVERSION= 2.2.0 -PORTREVISION= 9 +PORTREVISION= 10 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/rekor/Makefile b/security/rekor/Makefile index 331e75973e2b..558b50c586fc 100644 --- a/security/rekor/Makefile +++ b/security/rekor/Makefile @@ -1,7 +1,7 @@ PORTNAME= rekor DISTVERSIONPREFIX= v DISTVERSION= 1.3.10 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/rpm-sequoia/Makefile b/security/rpm-sequoia/Makefile index 3b78fd2817a8..344c34f5b2cf 100644 --- a/security/rpm-sequoia/Makefile +++ b/security/rpm-sequoia/Makefile @@ -1,6 +1,7 @@ PORTNAME= rpm-sequoia DISTVERSIONPREFIX= v DISTVERSION= 1.9.0 +PORTREVISION= 1 CATEGORIES= security archivers MAINTAINER= yuri@FreeBSD.org diff --git a/security/rubygem-acme-client/Makefile b/security/rubygem-acme-client/Makefile index 1e962af25ae9..f3f78774f3e4 100644 --- a/security/rubygem-acme-client/Makefile +++ b/security/rubygem-acme-client/Makefile @@ -1,5 +1,5 @@ PORTNAME= acme-client -PORTVERSION= 2.0.22 +PORTVERSION= 2.0.23 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-acme-client/distinfo b/security/rubygem-acme-client/distinfo index f1249e2a15c4..0e4cb4a697a8 100644 --- a/security/rubygem-acme-client/distinfo +++ b/security/rubygem-acme-client/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751622403 -SHA256 (rubygem/acme-client-2.0.22.gem) = 817534b743e2c93b3e498dad6b0f1a96a8e6df273bb04e37525d586a519176f7 -SIZE (rubygem/acme-client-2.0.22.gem) = 21504 +TIMESTAMP = 1755062612 +SHA256 (rubygem/acme-client-2.0.23.gem) = 33241b5bdb5179283ad52591c751bafcc4225e62d81c003c23891e48a3c107ac +SIZE (rubygem/acme-client-2.0.23.gem) = 21504 diff --git a/security/rustls-ffi/Makefile b/security/rustls-ffi/Makefile index 65a625c0905d..9c6efa0fa885 100644 --- a/security/rustls-ffi/Makefile +++ b/security/rustls-ffi/Makefile @@ -1,7 +1,7 @@ PORTNAME= rustls-ffi DISTVERSIONPREFIX= v DISTVERSION= 0.15.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= brnrd@FreeBSD.org diff --git a/security/rustls-ffi/files/patch-cargo-crates_aws-lc-sys-0.24.0_aws-lc_include_openssl_target.h b/security/rustls-ffi/files/patch-cargo-crates_aws-lc-sys-0.24.0_aws-lc_include_openssl_target.h new file mode 100644 index 000000000000..c95774d5f41f --- /dev/null +++ b/security/rustls-ffi/files/patch-cargo-crates_aws-lc-sys-0.24.0_aws-lc_include_openssl_target.h @@ -0,0 +1,20 @@ +--- cargo-crates/aws-lc-sys-0.24.0/aws-lc/include/openssl/target.h.orig 2025-09-03 10:05:29 UTC ++++ cargo-crates/aws-lc-sys-0.24.0/aws-lc/include/openssl/target.h +@@ -34,14 +34,14 @@ + #elif defined(__ARMEL__) || defined(_M_ARM) + #define OPENSSL_32_BIT + #define OPENSSL_ARM +-#elif (defined(__PPC64__) || defined(__powerpc64__)) && defined(_LITTLE_ENDIAN) ++#elif (defined(__PPC64__) || defined(__powerpc64__)) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ + #define OPENSSL_64_BIT + #define OPENSSL_PPC64LE +-#elif (defined(__PPC64__) || defined(__powerpc64__)) && defined(_BIG_ENDIAN) ++#elif (defined(__PPC64__) || defined(__powerpc64__)) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ + #define OPENSSL_64_BIT + #define OPENSSL_PPC64BE + #define OPENSSL_BIG_ENDIAN +-#elif (defined(__PPC__) || defined(__powerpc__)) && defined(_BIG_ENDIAN) ++#elif (defined(__PPC__) || defined(__powerpc__)) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ + #define OPENSSL_32_BIT + #define OPENSSL_PPC32BE + #define OPENSSL_BIG_ENDIAN diff --git a/security/rustscan/Makefile b/security/rustscan/Makefile index 0c0e061e5907..403a1d9714a0 100644 --- a/security/rustscan/Makefile +++ b/security/rustscan/Makefile @@ -1,6 +1,6 @@ PORTNAME= rustscan PORTVERSION= 2.4.1 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/sequoia-chameleon-gnupg/Makefile b/security/sequoia-chameleon-gnupg/Makefile index 31ac7bb3e6d0..f66d9dcdaadb 100644 --- a/security/sequoia-chameleon-gnupg/Makefile +++ b/security/sequoia-chameleon-gnupg/Makefile @@ -1,7 +1,7 @@ PORTNAME= sequoia-chameleon-gnupg DISTVERSIONPREFIX= v DISTVERSION= 0.13.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= vishwin@FreeBSD.org diff --git a/security/sequoia-sq/Makefile b/security/sequoia-sq/Makefile index 4ce523dcf47c..26e06e16fa59 100644 --- a/security/sequoia-sq/Makefile +++ b/security/sequoia-sq/Makefile @@ -1,7 +1,7 @@ PORTNAME= sq DISTVERSIONPREFIX= v DISTVERSION= 1.3.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security PKGNAMEPREFIX= sequoia- diff --git a/security/shibboleth-sp/Makefile b/security/shibboleth-sp/Makefile index d7673458c7f6..96c934a50720 100644 --- a/security/shibboleth-sp/Makefile +++ b/security/shibboleth-sp/Makefile @@ -1,6 +1,5 @@ PORTNAME= shibboleth-sp -PORTVERSION= 3.5.0 -PORTREVISION= 3 +PORTVERSION= 3.5.1 CATEGORIES= security www MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PORTVERSION}/ diff --git a/security/shibboleth-sp/distinfo b/security/shibboleth-sp/distinfo index 483bd5f40c67..34c8b575369e 100644 --- a/security/shibboleth-sp/distinfo +++ b/security/shibboleth-sp/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1729173100 -SHA256 (shibboleth-sp-3.5.0.tar.bz2) = f301604bd17ee4d94a66e6dd7ad1c3f0917949a4a12176d55614483d78fefe58 -SIZE (shibboleth-sp-3.5.0.tar.bz2) = 834909 +TIMESTAMP = 1756924496 +SHA256 (shibboleth-sp-3.5.1.tar.bz2) = 05da3a09d76c3ba1a5ddd7f919fd942be2d87025f214aba139c2b64b804f9a99 +SIZE (shibboleth-sp-3.5.1.tar.bz2) = 837446 diff --git a/security/shibboleth-sp/pkg-plist b/security/shibboleth-sp/pkg-plist index 44d5c5a1a91c..0111f1e8eb89 100644 --- a/security/shibboleth-sp/pkg-plist +++ b/security/shibboleth-sp/pkg-plist @@ -92,7 +92,7 @@ include/shibsp/util/TemplateParameters.h include/shibsp/version.h lib/libshibsp.so lib/libshibsp.so.12 -lib/libshibsp.so.12.0.0 +lib/libshibsp.so.12.0.1 lib/shibboleth/adfs-lite.so lib/shibboleth/adfs.so @comment %%MEMCACHED%%lib/shibboleth/memcache-store.so @@ -104,7 +104,7 @@ lib/shibboleth/plugins.so %%FASTCGI%%lib/shibboleth/shibresponder lib/libshibsp-lite.so lib/libshibsp-lite.so.12 -lib/libshibsp-lite.so.12.0.0 +lib/libshibsp-lite.so.12.0.1 libdata/pkgconfig/shibsp-lite.pc libdata/pkgconfig/shibsp.pc sbin/shibd diff --git a/security/sniffglue/Makefile b/security/sniffglue/Makefile index 9a1ab670897b..d7331e6fdaf9 100644 --- a/security/sniffglue/Makefile +++ b/security/sniffglue/Makefile @@ -1,7 +1,7 @@ PORTNAME= sniffglue DISTVERSIONPREFIX= v DISTVERSION= 0.16.1 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= freebsd@sysctl.cz diff --git a/security/snort3/Makefile b/security/snort3/Makefile index 8a7d723304fe..7064f6c2546e 100644 --- a/security/snort3/Makefile +++ b/security/snort3/Makefile @@ -1,5 +1,5 @@ PORTNAME= snort -DISTVERSION= 3.9.3.0 +DISTVERSION= 3.9.5.0 PORTEPOCH= 1 CATEGORIES= security PKGNAMESUFFIX= 3 diff --git a/security/snort3/distinfo b/security/snort3/distinfo index 5149faaa6b94..4822b69ada6a 100644 --- a/security/snort3/distinfo +++ b/security/snort3/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1754971093 -SHA256 (snort3-snort3-3.9.3.0_GH0.tar.gz) = c7c2f7488b1a9ec5b60b9706fc3f2f3f9c0e1eb57f384e077676c452570468cf -SIZE (snort3-snort3-3.9.3.0_GH0.tar.gz) = 3521227 +TIMESTAMP = 1757072847 +SHA256 (snort3-snort3-3.9.5.0_GH0.tar.gz) = e2e36a8db2c4c26a6ff58ea58839339260319eba25d0eb901ddb7210f4fa4b4c +SIZE (snort3-snort3-3.9.5.0_GH0.tar.gz) = 3525177 diff --git a/security/snowflake-tor/Makefile b/security/snowflake-tor/Makefile index 0049a5ddf87c..0e82f830ff48 100644 --- a/security/snowflake-tor/Makefile +++ b/security/snowflake-tor/Makefile @@ -1,7 +1,7 @@ PORTNAME= snowflake DISTVERSIONPREFIX= v PORTVERSION= 2.5.1 -PORTREVISION= 22 +PORTREVISION= 23 CATEGORIES= security net PKGNAMESUFFIX= -tor diff --git a/security/ssb/Makefile b/security/ssb/Makefile index 734453ff1fd1..d0938babaec5 100644 --- a/security/ssb/Makefile +++ b/security/ssb/Makefile @@ -1,7 +1,7 @@ PORTNAME= ssb DISTVERSIONPREFIX= v DISTVERSION= 0.1.1 -PORTREVISION= 28 +PORTREVISION= 29 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/ssh-vault/Makefile b/security/ssh-vault/Makefile index b987279ac1eb..7b45ec510645 100644 --- a/security/ssh-vault/Makefile +++ b/security/ssh-vault/Makefile @@ -1,6 +1,6 @@ PORTNAME= ssh-vault PORTVERSION= 1.0.10 -PORTREVISION= 13 +PORTREVISION= 14 CATEGORIES= security MASTER_SITES= CRATESIO DISTFILES= ${CARGO_DIST_SUBDIR}/${DISTNAME}${CARGO_CRATE_EXT} diff --git a/security/ssl-checker/Makefile b/security/ssl-checker/Makefile index c49b5c6df697..93673abb45d9 100644 --- a/security/ssl-checker/Makefile +++ b/security/ssl-checker/Makefile @@ -1,7 +1,7 @@ PORTNAME= ssl-checker DISTVERSIONPREFIX= v DISTVERSION= 0.1.7 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= olgeni@FreeBSD.org diff --git a/security/ssllabs-scan/Makefile b/security/ssllabs-scan/Makefile index 1d6aba12355c..a36d64259294 100644 --- a/security/ssllabs-scan/Makefile +++ b/security/ssllabs-scan/Makefile @@ -1,7 +1,7 @@ PORTNAME= ssllabs-scan DISTVERSIONPREFIX= v DISTVERSION= 1.5.0 -PORTREVISION= 28 +PORTREVISION= 29 CATEGORIES= security net MAINTAINER= egypcio@FreeBSD.org diff --git a/security/stegify/Makefile b/security/stegify/Makefile index 7a63858191d3..06d7e41a9747 100644 --- a/security/stegify/Makefile +++ b/security/stegify/Makefile @@ -2,7 +2,7 @@ PORTNAME= stegify DISTVERSIONPREFIX= v DISTVERSION= 1.2-2 DISTVERSIONSUFFIX= -g62518ca -PORTREVISION= 28 +PORTREVISION= 29 CATEGORIES= security graphics MAINTAINER= yuri@FreeBSD.org diff --git a/security/sudo-rs/Makefile b/security/sudo-rs/Makefile index 1f27827c26f6..a76bfdb2f580 100644 --- a/security/sudo-rs/Makefile +++ b/security/sudo-rs/Makefile @@ -1,6 +1,7 @@ PORTNAME= sudo-rs DISTVERSIONPREFIX= v DISTVERSION= 0.2.8 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= marc@trifectatech.org diff --git a/security/suricata/Makefile b/security/suricata/Makefile index 9cc82a37e912..ac84d4d9587d 100644 --- a/security/suricata/Makefile +++ b/security/suricata/Makefile @@ -1,5 +1,6 @@ PORTNAME= suricata DISTVERSION= 7.0.11 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://www.openinfosecfoundation.org/download/ diff --git a/security/tailscale/Makefile b/security/tailscale/Makefile index 0673446306c3..a4c4b5d22cae 100644 --- a/security/tailscale/Makefile +++ b/security/tailscale/Makefile @@ -1,6 +1,7 @@ PORTNAME= tailscale PORTVERSION= 1.86.4 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= security net-vpn MAINTAINER= ashish@FreeBSD.org diff --git a/security/teleport/Makefile b/security/teleport/Makefile index 93aaf2da4f8d..498f279fe1dd 100644 --- a/security/teleport/Makefile +++ b/security/teleport/Makefile @@ -1,7 +1,7 @@ PORTNAME= teleport DISTVERSIONPREFIX= v DISTVERSION= 5.2.5 -PORTREVISION= 17 +PORTREVISION= 18 CATEGORIES= security MAINTAINER= kraileth@elderlinux.org diff --git a/security/timestamp-authority/Makefile b/security/timestamp-authority/Makefile index 4d278042cdd3..f121f3c4b9a1 100644 --- a/security/timestamp-authority/Makefile +++ b/security/timestamp-authority/Makefile @@ -1,7 +1,7 @@ PORTNAME= timestamp-authority DISTVERSIONPREFIX= v DISTVERSION= 1.2.8 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/totp-cli/Makefile b/security/totp-cli/Makefile index ed3416a3c81c..b6fad616d90f 100644 --- a/security/totp-cli/Makefile +++ b/security/totp-cli/Makefile @@ -1,7 +1,7 @@ PORTNAME= totp-cli PORTVERSION= 1.9.2 DISTVERSIONPREFIX= v -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security MAINTAINER= sunpoet@FreeBSD.org diff --git a/security/trillian/Makefile b/security/trillian/Makefile index 7c587b69320c..7bdeb3e299f9 100644 --- a/security/trillian/Makefile +++ b/security/trillian/Makefile @@ -1,7 +1,7 @@ PORTNAME= trillian DISTVERSIONPREFIX= v DISTVERSION= 1.7.2 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/trivy/Makefile b/security/trivy/Makefile index 25ee7423ffe0..a3a64eed48e0 100644 --- a/security/trivy/Makefile +++ b/security/trivy/Makefile @@ -1,6 +1,6 @@ PORTNAME= trivy DISTVERSIONPREFIX= v -DISTVERSION= 0.65.0 +DISTVERSION= 0.66.0 PORTREVISION= 1 CATEGORIES= security diff --git a/security/trivy/distinfo b/security/trivy/distinfo index 46e3fca7da86..c7848514d223 100644 --- a/security/trivy/distinfo +++ b/security/trivy/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1754018480 -SHA256 (go/security_trivy/trivy-v0.65.0/v0.65.0.mod) = 2aa9419ba4e6e58feb3f2c87aac23fba02f1bc260265682007d4a3a74638bc22 -SIZE (go/security_trivy/trivy-v0.65.0/v0.65.0.mod) = 26160 -SHA256 (go/security_trivy/trivy-v0.65.0/v0.65.0.zip) = fa97802cb042c4627e6fe3f2ad5664a2efb85281ed38c63c76ffaa24aeac5065 -SIZE (go/security_trivy/trivy-v0.65.0/v0.65.0.zip) = 59139682 +TIMESTAMP = 1756878437 +SHA256 (go/security_trivy/trivy-v0.66.0/v0.66.0.mod) = 41bedcea560a0f606080b34320349b4c21d920aeadb0e57a81d5fcbc4cf58823 +SIZE (go/security_trivy/trivy-v0.66.0/v0.66.0.mod) = 25763 +SHA256 (go/security_trivy/trivy-v0.66.0/v0.66.0.zip) = 78fb7cca5602ee1927808488e3306a9d0d1ba26c4817ceff055d10ed04da9d1b +SIZE (go/security_trivy/trivy-v0.66.0/v0.66.0.zip) = 59145292 diff --git a/security/tscli/Makefile b/security/tscli/Makefile index 6ec2f243475d..730a440763dc 100644 --- a/security/tscli/Makefile +++ b/security/tscli/Makefile @@ -1,7 +1,7 @@ PORTNAME= tscli DISTVERSIONPREFIX= v DISTVERSION= 0.0.15 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= dtxdf@FreeBSD.org diff --git a/security/vault/Makefile b/security/vault/Makefile index 590a93f11d40..7906ac22206e 100644 --- a/security/vault/Makefile +++ b/security/vault/Makefile @@ -1,6 +1,6 @@ PORTNAME= vault DISTVERSIONPREFIX= v -DISTVERSION= 1.20.2 +DISTVERSION= 1.20.3 CATEGORIES= security MASTER_SITES= https://raw.githubusercontent.com/hashicorp/vault/${DISTVERSIONFULL}/ \ LOCAL/bofh/security/${PORTNAME}/:web_ui @@ -46,7 +46,7 @@ GROUPS= vault PLIST_FILES= bin/${PORTNAME} -GITID= 824d12909d5b596ddd3f34d9c8f169b4f9701a0c +GITID= 7665ff29d77e5cb3ea9ddbeaed49ee312e53c6b8 .include <bsd.port.pre.mk> diff --git a/security/vault/distinfo b/security/vault/distinfo index c17babae63fa..c8a637c2add4 100644 --- a/security/vault/distinfo +++ b/security/vault/distinfo @@ -1,17 +1,17 @@ -TIMESTAMP = 1754685277 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/go.mod) = cd83bd31fc0bfb55d172ae8fc8f8bc3930bc52602a5b73b2cccbf5428e144241 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/go.mod) = 30390 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/go.mod) = c0d25838a7b72c0a5450c0c346e22eea9d24074c637f99e13941fd74980330e5 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/go.mod) = 1659 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/approle/go.mod) = 94d14c8d7b0e143e5cda121829d639935bcd5bab9cc4961ca4ac432ec675a5b9 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/approle/go.mod) = 1065 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/kubernetes/go.mod) = bb4af50f74cdf95fd886651b1911dff90e118c62270497102ce144f5c76c9b1d -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/kubernetes/go.mod) = 1068 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/userpass/go.mod) = e92fff72dd8294c27b29ba8fc653d28edf322d8f59d98258ea87691dd5777b56 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/userpass/go.mod) = 1066 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/sdk/go.mod) = a3da120c91c4a0a9a2ad7e2fac36034da35a1527668359a6c9f19800aa88f2f1 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/sdk/go.mod) = 6759 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/vault-web_ui-1.20.2.tar.gz) = 5d6a244ae81312a78c847abeec525a01cfe92fdf2f7df6d812a884f14561cc96 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/vault-web_ui-1.20.2.tar.gz) = 3584329 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/hashicorp-vault-v1.20.2_GH0.tar.gz) = cff7c65f4cfdebbf2a419e77debe5dda1abd93d48f673e8bbbd4c5e5161233e2 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/hashicorp-vault-v1.20.2_GH0.tar.gz) = 41645004 +TIMESTAMP = 1756981575 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/go.mod) = 7113bb21f1f4e49f214b327ab6bf38e61c7a1d6a90945d800af5c95adfe35ef4 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/go.mod) = 30603 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/go.mod) = c0d25838a7b72c0a5450c0c346e22eea9d24074c637f99e13941fd74980330e5 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/go.mod) = 1659 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/approle/go.mod) = 94d14c8d7b0e143e5cda121829d639935bcd5bab9cc4961ca4ac432ec675a5b9 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/approle/go.mod) = 1065 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/kubernetes/go.mod) = bb4af50f74cdf95fd886651b1911dff90e118c62270497102ce144f5c76c9b1d +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/kubernetes/go.mod) = 1068 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/userpass/go.mod) = e92fff72dd8294c27b29ba8fc653d28edf322d8f59d98258ea87691dd5777b56 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/userpass/go.mod) = 1066 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/sdk/go.mod) = aa3fe5aee6ec08608f8f97f1238b1a132bb89973069985e0ae24d9e492b2df7c +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/sdk/go.mod) = 6786 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/vault-web_ui-1.20.3.tar.gz) = 4131d8f602bce1ced7275ea2925e18ccd202d03a0fcc69e3f338fafcbaeb22d8 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/vault-web_ui-1.20.3.tar.gz) = 3513752 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/hashicorp-vault-v1.20.3_GH0.tar.gz) = 024dbc999b4149551da398355008d29827459e52f4379a129eb20c5284647050 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/hashicorp-vault-v1.20.3_GH0.tar.gz) = 41634047 diff --git a/security/vaultwarden/Makefile b/security/vaultwarden/Makefile index 63c287e2119f..82a26d7d1c4b 100644 --- a/security/vaultwarden/Makefile +++ b/security/vaultwarden/Makefile @@ -1,5 +1,6 @@ PORTNAME= vaultwarden DISTVERSION= 1.34.3 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= mr@FreeBSD.org diff --git a/security/vouch-proxy/Makefile b/security/vouch-proxy/Makefile index 9d4136e4cbdf..f430df7765fd 100644 --- a/security/vouch-proxy/Makefile +++ b/security/vouch-proxy/Makefile @@ -1,7 +1,7 @@ PORTNAME= vouch-proxy DISTVERSIONPREFIX=v DISTVERSION= 0.45.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= decke@FreeBSD.org diff --git a/security/vuls/Makefile b/security/vuls/Makefile index f2c58e968a83..0a3bfc140f06 100644 --- a/security/vuls/Makefile +++ b/security/vuls/Makefile @@ -1,6 +1,7 @@ PORTNAME= vuls DISTVERSIONPREFIX=v DISTVERSION= 0.33.4 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= girgen@FreeBSD.org diff --git a/security/vulsrepo/Makefile b/security/vulsrepo/Makefile index a8bed60e8097..da2e8927160c 100644 --- a/security/vulsrepo/Makefile +++ b/security/vulsrepo/Makefile @@ -1,7 +1,7 @@ PORTNAME= vulsrepo PORTVERSION= 0.7.1 DISTVERSIONPREFIX=v -PORTREVISION= 12 +PORTREVISION= 13 CATEGORIES= security www MASTER_SITES= https://raw.githubusercontent.com/${GH_ACCOUNT}/${PORTNAME}/v${PORTVERSION}/server/:gomod DISTFILES= go.mod:gomod diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index d587a9dae0e9..0a19623ed18f 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,169 @@ + <vuln vid="340dc4c1-895a-11f0-b6e5-4ccc6adda413"> + <topic>exiv2 -- Denial-of-service</topic> + <affects> + <package> + <name>exiv2</name> + <range><lt>0.28.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Kevin Backhouse reports:</p> + <blockquote cite="https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g"> + <p>A denial-of-service was found in Exiv2 version v0.28.5: a quadratic + algorithm in the ICC profile parsing code in jpegBase::readMetadata() + can cause Exiv2 to run for a long time. Exiv2 is a command-line utility + and C++ library for reading, writing, deleting, and modifying the + metadata of image files. The denial-of-service is triggered when Exiv2 + is used to read the metadata of a crafted jpg image file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-55304</cvename> + <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g</url> + </references> + <dates> + <discovery>2025-08-29</discovery> + <entry>2025-09-04</entry> + </dates> + </vuln> + + <vuln vid="84a77710-8958-11f0-b6e5-4ccc6adda413"> + <topic>exiv2 -- Out-of-bounds read in Exiv2::EpsImage::writeMetadata()</topic> + <affects> + <package> + <name>exiv2</name> + <range><lt>0.28.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Kevin Backhouse reports:</p> + <blockquote cite="https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39"> + <p>An out-of-bounds read was found in Exiv2 versions v0.28.5 and earlier. + Exiv2 is a command-line utility and C++ library for reading, writing, + deleting, and modifying the metadata of image files. The out-of-bounds + read is triggered when Exiv2 is used to write metadata into a crafted + image file. An attacker could potentially exploit the vulnerability to + cause a denial of service by crashing Exiv2, if they can trick the victim + into running Exiv2 on a crafted image file.</p> + <p>Note that this bug is only triggered when writing the metadata, which + is a less frequently used Exiv2 operation than reading the metadata. For + example, to trigger the bug in the Exiv2 command-line application, you + need to add an extra command-line argument such as delete.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-54080</cvename> + <url>https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39</url> + </references> + <dates> + <discovery>2025-08-29</discovery> + <entry>2025-09-04</entry> + </dates> + </vuln> + + <vuln vid="0db8684f-8938-11f0-8325-bc2411f8eb0b"> + <topic>Django -- multiple vulnerabilities</topic> + <affects> + <package> + <name>py39-django42</name> + <name>py310-django42</name> + <name>py311-django42</name> + <range><lt>4.2.24</lt></range> + </package> + <package> + <name>py310-django51</name> + <name>py311-django51</name> + <range><lt>5.1.12</lt></range> + </package> + <package> + <name>py310-django52</name> + <name>py311-django52</name> + <range><lt>5.2.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Django reports:</p> + <blockquote cite="https://www.djangoproject.com/weblog/2025/sep/03/security-releases/"> + <p>CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-57833</cvename> + <url>https://www.djangoproject.com/weblog/2025/sep/03/security-releases/</url> + </references> + <dates> + <discovery>2025-09-01</discovery> + <entry>2025-09-04</entry> + </dates> + </vuln> + + <vuln vid="9f9b0b37-88fa-11f0-90a2-6cc21735f730"> + <topic>Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin</topic> + <affects> + <package> + <name>shibboleth-sp</name> + <range><lt>3.5.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Internet2 reports:</p> + <blockquote cite="https://shibboleth.net/community/advisories/secadv_20250903.txt"> + <p>The Shibboleth Service Provider includes a storage API usable + for a number of different use cases such as the session cache, + replay cache, and relay state management. An ODBC extension + plugin is provided with some distributions of the software + (notably on Windows).</p> + <p>A SQL injection vulnerability was identified in some of the + queries issued by the plugin, and this can be creatively + exploited through specially crafted inputs to exfiltrate + information stored in the database used by the SP.</p> + </blockquote> + </body> + </description> + <references> + <url>https://shibboleth.net/community/advisories/secadv_20250903.txt</url> + </references> + <dates> + <discovery>2025-09-03</discovery> + <entry>2025-09-03</entry> + </dates> + </vuln> + + <vuln vid="aaa060af-88d6-11f0-a294-b0416f0c4c67"> + <topic>Vieb -- Remote Code Execution via Visiting Untrusted URLs</topic> + <affects> + <package> + <name>linux-vieb</name> + <range><lt>12.4.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Zhengyu Liu, Jianjia Yu, Jelmer van Arnhem report:</p> + <blockquote cite="https://github.com/Jelmerro/Vieb/security/advisories/GHSA-h2fq-667q-7gpm"> + <p>We discovered a remote code execution (RCE) vulnerability in the latest + release of the Vieb browser (v12.3.0). By luring a user to visit a + malicious website, an attacker can achieve arbitrary code execution on the + victim’s machine.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/Jelmerro/Vieb/security/advisories/GHSA-h2fq-667q-7gpm</url> + </references> + <dates> + <discovery>2025-07-31</discovery> + <entry>2025-09-03</entry> + </dates> + </vuln> + <vuln vid="d7b7e505-8486-11f0-9d03-2cf05da270f3"> <topic>Gitlab -- vulnerabilities</topic> <affects> @@ -2067,7 +2233,7 @@ <affects> <package> <name>libxslt</name> - <range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed --> + <range><lt>1.1.43_2</lt></range> <!-- adjust should libxslt ever be fixed --> </package> <package> <name>linux-c7-libxslt</name> diff --git a/security/webtunnel-tor/Makefile b/security/webtunnel-tor/Makefile index c7513b884ffd..e8f1ab7cd74f 100644 --- a/security/webtunnel-tor/Makefile +++ b/security/webtunnel-tor/Makefile @@ -1,6 +1,6 @@ PORTNAME= webtunnel PORTVERSION= 0.0.1 -PORTREVISION= 16 +PORTREVISION= 17 CATEGORIES= security net PKGNAMESUFFIX= -tor diff --git a/security/xhash/Makefile b/security/xhash/Makefile index 03808fd1144d..7436f73301cb 100644 --- a/security/xhash/Makefile +++ b/security/xhash/Makefile @@ -1,7 +1,7 @@ PORTNAME= xhash DISTVERSIONPREFIX= v DISTVERSION= 3.6.3 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= rbranco@suse.com diff --git a/security/xray-core/Makefile b/security/xray-core/Makefile index 6030334ae8fc..310320cfe4ab 100644 --- a/security/xray-core/Makefile +++ b/security/xray-core/Makefile @@ -1,7 +1,7 @@ PORTNAME= xray-core DISTVERSIONPREFIX= v DISTVERSION= 25.7.26 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://github.com/v2fly/geoip/releases/download/202507050144/:geoip \ https://github.com/v2fly/domain-list-community/releases/download/20250627153051/:geosite diff --git a/security/yubikey-agent/Makefile b/security/yubikey-agent/Makefile index 06d0f27154a4..5c886fbca140 100644 --- a/security/yubikey-agent/Makefile +++ b/security/yubikey-agent/Makefile @@ -1,7 +1,7 @@ PORTNAME= yubikey-agent DISTVERSIONPREFIX= v DISTVERSION= 0.1.6 -PORTREVISION= 21 +PORTREVISION= 22 CATEGORIES= security sysutils MAINTAINER= egypcio@FreeBSD.org diff --git a/security/yubikey-manager-qt/Makefile b/security/yubikey-manager-qt/Makefile index 9a92a11991df..70f1c79cd6e9 100644 --- a/security/yubikey-manager-qt/Makefile +++ b/security/yubikey-manager-qt/Makefile @@ -11,9 +11,6 @@ WWW= https://developers.yubico.com/yubikey-manager-qt/ LICENSE= BSD2CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING -DEPRECATED= Depends on expired security/libu2f-host via security/py-yubikey-manager -EXPIRATION_DATE=2025-09-01 - BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}yubikey-manager>0:security/py-yubikey-manager@${PY_FLAVOR} \ pyotherside-qt5>0:devel/pyotherside-qt5 RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}yubikey-manager>0:security/py-yubikey-manager@${PY_FLAVOR} \ diff --git a/security/yubioath-desktop/Makefile b/security/yubioath-desktop/Makefile index 7f536c778050..5f2373a67822 100644 --- a/security/yubioath-desktop/Makefile +++ b/security/yubioath-desktop/Makefile @@ -11,9 +11,6 @@ WWW= https://developers.yubico.com/yubioath-desktop/ LICENSE= BSD2CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING -DEPRECATED= Depends on expired security/libu2f-host via security/py-yubikey-manager -EXPIRATION_DATE=2025-09-01 - RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}yubikey-manager>=0.7.0:security/py-yubikey-manager@${PY_FLAVOR} \ pyotherside-qt5>0:devel/pyotherside-qt5 \ RSA_SecurID_getpasswd:devel/libccid \ |