diff options
Diffstat (limited to 'security')
73 files changed, 541 insertions, 257 deletions
diff --git a/security/Makefile b/security/Makefile index fbfc8471a1f5..4c01467ae32d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1066,6 +1066,7 @@ SUBDIR += py-securesystemslib SUBDIR += py-service-identity SUBDIR += py-signedjson + SUBDIR += py-signxml SUBDIR += py-social-auth-core SUBDIR += py-spake2 SUBDIR += py-ssh-audit diff --git a/security/aws-c-auth/Makefile b/security/aws-c-auth/Makefile index 77592156a966..bd723975d7a5 100644 --- a/security/aws-c-auth/Makefile +++ b/security/aws-c-auth/Makefile @@ -1,6 +1,6 @@ PORTNAME= aws-c-auth DISTVERSIONPREFIX= v -DISTVERSION= 0.9.0 +DISTVERSION= 0.9.1 CATEGORIES= security MAINTAINER= eduardo@FreeBSD.org diff --git a/security/aws-c-auth/distinfo b/security/aws-c-auth/distinfo index c3f580df1db8..b950bee4af3c 100644 --- a/security/aws-c-auth/distinfo +++ b/security/aws-c-auth/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1743191973 -SHA256 (awslabs-aws-c-auth-v0.9.0_GH0.tar.gz) = aa6e98864fefb95c249c100da4ae7aed36ba13a8a91415791ec6fad20bec0427 -SIZE (awslabs-aws-c-auth-v0.9.0_GH0.tar.gz) = 265696 +TIMESTAMP = 1757251762 +SHA256 (awslabs-aws-c-auth-v0.9.1_GH0.tar.gz) = adae1e725d9725682366080b8bf8e49481650c436b846ceeb5efe955d5e03273 +SIZE (awslabs-aws-c-auth-v0.9.1_GH0.tar.gz) = 265755 diff --git a/security/aws-lc/Makefile b/security/aws-lc/Makefile index b2c1dac66de6..99eff2b0deec 100644 --- a/security/aws-lc/Makefile +++ b/security/aws-lc/Makefile @@ -1,11 +1,8 @@ PORTNAME= aws-lc -PORTVERSION= 1.57.1 +PORTVERSION= 1.59.0 DISTVERSIONPREFIX= v CATEGORIES= security -PATCH_SITES= https://github.com/aws/aws-lc/commit/ -PATCHFILES= 125f94c2c26559ed93a22f1cc5880efe46f0b937.patch:-p1 - MAINTAINER= sunpoet@FreeBSD.org COMMENT= AWS libcrypto WWW= https://github.com/aws/aws-lc diff --git a/security/aws-lc/distinfo b/security/aws-lc/distinfo index 2327bcddd04b..ee331f192075 100644 --- a/security/aws-lc/distinfo +++ b/security/aws-lc/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1755062466 -SHA256 (aws-aws-lc-v1.57.1_GH0.tar.gz) = 1c434d294594a82f1c046aa4e172277b5b549f7b5c89225e3cb2222b94744ca8 -SIZE (aws-aws-lc-v1.57.1_GH0.tar.gz) = 127164147 +TIMESTAMP = 1757120534 +SHA256 (aws-aws-lc-v1.59.0_GH0.tar.gz) = fcc179ab0f7801b8416bf27cb16cfb8ee7dff78df364afdf432ba5eb50f42b22 +SIZE (aws-aws-lc-v1.59.0_GH0.tar.gz) = 127302583 SHA256 (125f94c2c26559ed93a22f1cc5880efe46f0b937.patch) = a07ef67b487b47168384d70b7f7bd2b6a8479e037e09087c34f9f083c88411f2 SIZE (125f94c2c26559ed93a22f1cc5880efe46f0b937.patch) = 2046 diff --git a/security/ca_root_nss/Makefile b/security/ca_root_nss/Makefile index 581eaf31b155..5a7cfdd6e5eb 100644 --- a/security/ca_root_nss/Makefile +++ b/security/ca_root_nss/Makefile @@ -1,5 +1,6 @@ PORTNAME= ca_root_nss PORTVERSION= ${VERSION_NSS} +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX} @@ -18,6 +19,7 @@ WRKSRC_SUBDIR= nss OPTIONS_DEFINE= ETCSYMLINK OPTIONS_DEFAULT= ETCSYMLINK +OPTIONS_EXCLUDE_FreeBSD_15= ETCSYMLINK OPTIONS_SUB= yes diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile index 6def3753de60..00e137ea9782 100644 --- a/security/crowdsec/Makefile +++ b/security/crowdsec/Makefile @@ -1,7 +1,6 @@ PORTNAME= crowdsec DISTVERSIONPREFIX= v -DISTVERSION= 1.6.11 -PORTREVISION= 2 +DISTVERSION= 1.7.0 CATEGORIES= security MAINTAINER= marco@crowdsec.net @@ -15,7 +14,7 @@ LIB_DEPENDS= libabsl_base.so:devel/abseil \ libre2.so:devel/re2 USES= go:modules pkgconfig -_COMMIT= d64ee2ae +_COMMIT= c3036e21 _BUILD_DATE= $$(date -u "+%F_%T") USE_RC_SUBR= crowdsec @@ -86,6 +85,9 @@ do-install: @${MV} ${STAGEDIR}${ETCDIR}/acquis.yaml \ ${STAGEDIR}${ETCDIR}/acquis.yaml.sample + ${INSTALL_DATA} ${FILESDIR}/acquis.yaml.sample \ + ${STAGEDIR}${ETCDIR}/acquis.yaml.sample + @${MV} ${STAGEDIR}${ETCDIR}/config.yaml \ ${STAGEDIR}${ETCDIR}/config.yaml.sample diff --git a/security/crowdsec/distinfo b/security/crowdsec/distinfo index 47a7babd24af..27a1df0a8f93 100644 --- a/security/crowdsec/distinfo +++ b/security/crowdsec/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1754034506 -SHA256 (go/security_crowdsec/crowdsec-v1.6.11/v1.6.11.mod) = c4dcc18622d60438579ba803257295e8118772dd383825b72ee758800e282bb7 -SIZE (go/security_crowdsec/crowdsec-v1.6.11/v1.6.11.mod) = 10729 -SHA256 (go/security_crowdsec/crowdsec-v1.6.11/v1.6.11.zip) = ca01f1e1321075a0690b5a2378dbd4cc02eee104594fe71ab64c010df5b77591 -SIZE (go/security_crowdsec/crowdsec-v1.6.11/v1.6.11.zip) = 1780687 +TIMESTAMP = 1756721640 +SHA256 (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.mod) = fe6e9e56759a9f85b7b7946724b1d64421340aabb174b1c56a5140e5e35169bb +SIZE (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.mod) = 10467 +SHA256 (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.zip) = 8854689eea80df7d93437f05ec5fca7461a8444ddb3d09aed387be3a75452113 +SIZE (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.zip) = 1796649 diff --git a/security/crowdsec/files/acquis.yaml.sample b/security/crowdsec/files/acquis.yaml.sample new file mode 100644 index 000000000000..b994f31b0a6b --- /dev/null +++ b/security/crowdsec/files/acquis.yaml.sample @@ -0,0 +1,18 @@ +filenames: + - /var/log/nginx/*.log + - ./tests/nginx/nginx.log +#this is not a syslog log, indicate which kind of logs it is +labels: + type: nginx +--- +filenames: + - /var/log/auth.log + - /var/log/syslog +labels: + type: syslog +--- +filenames: + - /var/log/httpd-access.log + - /var/log/httpd-error.log +labels: + type: apache2 diff --git a/security/crowdsec/files/patch-config_acquis.yaml b/security/crowdsec/files/patch-config_acquis.yaml deleted file mode 100644 index 67b4ef3c693b..000000000000 --- a/security/crowdsec/files/patch-config_acquis.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- config/acquis.yaml.orig 2021-12-15 10:39:37 UTC -+++ config/acquis.yaml -@@ -11,6 +11,8 @@ filenames: - labels: - type: syslog - --- --filename: /var/log/apache2/*.log -+filenames: -+ - /var/log/httpd-access.log -+ - /var/log/httpd-error.log - labels: - type: apache2 diff --git a/security/doas/Makefile b/security/doas/Makefile index 58c1aa4b15fe..d0b419bd2f06 100644 --- a/security/doas/Makefile +++ b/security/doas/Makefile @@ -1,10 +1,11 @@ PORTNAME= doas -PORTVERSION= 6.3p12 +PORTVERSION= 6.3p13 CATEGORIES= security +MASTER_SITES= https://codeberg.org/thejessesmith/doas/archive/${PORTVERSION}${EXTRACT_SUFX}?dummy=/ MAINTAINER= jsmith@resonatingmedia.com COMMENT= Simple sudo alternative to run commands as another user -WWW= https://github.com/slicer69/doas/ +WWW= https://codeberg.org/thejessesmith/doas/ LICENSE= BSD2CLAUSE ISCL LICENSE_COMB= multi @@ -15,16 +16,16 @@ USES= cpe gmake CPE_VENDOR= doas_project CPE_VERSION= ${PORTVERSION:C/p.+//} CPE_UPDATE= ${PORTVERSION:C/[^p]*//} -USE_GITHUB= yes -GH_ACCOUNT= slicer69 MAKE_ENV+= TARGETPATH=-DGLOBAL_PATH='\"${_GLOBAL_PATH}\"' CONFLICTS= opendoas BINMODE= 4755 - SUB_FILES= pkg-message + +WRKSRC= ${WRKDIR}/${PORTNAME} + PLIST_FILES= bin/doas \ bin/doasedit \ bin/vidoas \ @@ -37,10 +38,6 @@ PLIST_FILES= bin/doas \ # These are upstream's default paths that are set for the GLOBAL_PATH variable # in doas.h since the 6.1 release. Those paths are then used for target user's # PATH variable instead of those of the original user. -# -# See also: -# * https://github.com/slicer69/doas/blob/6.1/doas.h#L36 -# * https://github.com/slicer69/doas/releases/tag/6.1 _GLOBAL_PATH?= ${LOCALBASE}/sbin:${LOCALBASE}/bin:/usr/sbin:/usr/bin:/sbin:/bin do-install: diff --git a/security/doas/distinfo b/security/doas/distinfo index 5a0be4612ac3..c611ad3751a8 100644 --- a/security/doas/distinfo +++ b/security/doas/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1715361640 -SHA256 (slicer69-doas-6.3p12_GH0.tar.gz) = e4f37745345c12d4e0c8c03c8237791729cf047dbd7b2455f8de60e2f82ac1b0 -SIZE (slicer69-doas-6.3p12_GH0.tar.gz) = 34396 +TIMESTAMP = 1757209805 +SHA256 (doas-6.3p13.tar.gz) = 2cca9003856e92ec0a50b3e559b7f3132bf8293dc8302613933f8ed06c8c7fc5 +SIZE (doas-6.3p13.tar.gz) = 34883 diff --git a/security/i2pd/Makefile b/security/i2pd/Makefile index b8e3ea48d5d1..b0baf476f5c3 100644 --- a/security/i2pd/Makefile +++ b/security/i2pd/Makefile @@ -1,5 +1,5 @@ PORTNAME= i2pd -DISTVERSION= 2.57.0 +DISTVERSION= 2.58.0 CATEGORIES= security net-p2p MAINTAINER= driesm@FreeBSD.org diff --git a/security/i2pd/distinfo b/security/i2pd/distinfo index 12bf6a23c325..33b74d6b2ade 100644 --- a/security/i2pd/distinfo +++ b/security/i2pd/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1749125900 -SHA256 (PurpleI2P-i2pd-2.57.0_GH0.tar.gz) = e2327f816d92a369eaaf9fd1661bc8b350495199e2f2cb4bfd4680107cd1d4b4 -SIZE (PurpleI2P-i2pd-2.57.0_GH0.tar.gz) = 712641 +TIMESTAMP = 1757487050 +SHA256 (PurpleI2P-i2pd-2.58.0_GH0.tar.gz) = 5ff650c6da8fda3522c10ec22889a7fd1c6b5d1af42c24531d84c36f6cc49019 +SIZE (PurpleI2P-i2pd-2.58.0_GH0.tar.gz) = 719564 diff --git a/security/i2pd/pkg-plist b/security/i2pd/pkg-plist index 3142b9953a5b..9de8997b4b92 100644 --- a/security/i2pd/pkg-plist +++ b/security/i2pd/pkg-plist @@ -14,7 +14,6 @@ share/man/man1/i2pd.1.gz %%DATADIR%%/certificates/family/volatile.crt %%DATADIR%%/certificates/reseed/acetone_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/admin_at_stormycloud.org.crt -%%DATADIR%%/certificates/reseed/arnavbhatt288_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/creativecowpat_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/echelon3_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/hankhill19580_at_gmail.com.crt @@ -25,7 +24,6 @@ share/man/man1/i2pd.1.gz %%DATADIR%%/certificates/reseed/r4sas-reseed_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/rambler_at_mail.i2p.crt %%DATADIR%%/certificates/reseed/reseed_at_diva.exchange.crt -%%DATADIR%%/certificates/reseed/unixeno_at_cubicchaos.net.crt @dir %%ETCDIR%%/tunnels.d @dir(%%USER%%,%%GROUP%%,755) /var/db/i2pd @dir(%%USER%%,%%GROUP%%,755) /var/log/i2pd diff --git a/security/netbird/Makefile b/security/netbird/Makefile index 9a0ac9619973..cac5d2216eae 100644 --- a/security/netbird/Makefile +++ b/security/netbird/Makefile @@ -1,7 +1,6 @@ PORTNAME= netbird DISTVERSIONPREFIX= v -DISTVERSION= 0.55.1 -PORTREVISION= 1 +DISTVERSION= 0.56.0 CATEGORIES= security net net-vpn MAINTAINER= hakan.external@netbird.io diff --git a/security/netbird/distinfo b/security/netbird/distinfo index cfabf2a6c0fe..842834e94dc7 100644 --- a/security/netbird/distinfo +++ b/security/netbird/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1756098278 -SHA256 (go/security_netbird/netbird-v0.55.1/v0.55.1.mod) = c2299db0600b77c686e27da4a20c0e4f391de2491c94fd331d3da7c366e30655 -SIZE (go/security_netbird/netbird-v0.55.1/v0.55.1.mod) = 12507 -SHA256 (go/security_netbird/netbird-v0.55.1/v0.55.1.zip) = 5c1564631d955f97bbb0d62e2f0adfefde9528aa6022b88ce249f602599f6306 -SIZE (go/security_netbird/netbird-v0.55.1/v0.55.1.zip) = 3102125 +TIMESTAMP = 1756099179 +SHA256 (go/security_netbird/netbird-v0.56.0/v0.56.0.mod) = e817264ac86111dbad8241ebaa0896fceeeb3c5aa2f8a1d36e84100e05975489 +SIZE (go/security_netbird/netbird-v0.56.0/v0.56.0.mod) = 12619 +SHA256 (go/security_netbird/netbird-v0.56.0/v0.56.0.zip) = 750c6be8736b9b960509f57d245711b0d7a4b97f15c0f2a1a3ac07aadf20ba63 +SIZE (go/security_netbird/netbird-v0.56.0/v0.56.0.zip) = 3126909 diff --git a/security/openvpn-devel/Makefile b/security/openvpn-devel/Makefile index bf3005b49f02..bc04c60e5f14 100644 --- a/security/openvpn-devel/Makefile +++ b/security/openvpn-devel/Makefile @@ -1,5 +1,5 @@ PORTNAME= openvpn -DISTVERSION= g20250801 +DISTVERSION= g20250905 PORTREVISION= 0 # leave in even if 0 to avoid accidental PORTEPOCH bumps PORTEPOCH= 1 CATEGORIES= security net net-vpn @@ -21,7 +21,7 @@ LIB_DEPENDS+= liblzo2.so:archivers/lzo2 USES= autoreconf cpe libtool pkgconfig python:build shebangfix tar:xz IGNORE_SSL= libressl libressl-devel USE_GITLAB= yes -GL_TAGNAME= 7b1b283478ec008fad163c8a54659a1ed97ed727 +GL_TAGNAME= 1e7b9a0fb021f0a64e76369f4efd2001d50ef42b USE_RC_SUBR= openvpn SHEBANG_FILES= sample/sample-scripts/auth-pam.pl \ @@ -63,7 +63,6 @@ OPTIONS_EXCLUDE_FreeBSD_13= DCO # FreeBSD 14 only DCO_DESC= Build with Data Channel Offload (ovpn(4)) support EASYRSA_DESC= Install security/easy-rsa RSA helper package -MBEDTLS_DESC= SSL/TLS via mbedTLS (lacks TLS v1.3) PKCS11_DESC= Use security/pkcs11-helper SMALL_DESC= Build a smaller executable with fewer features X509ALTUSERNAME_DESC= Enable --x509-username-field (OpenSSL only) @@ -77,7 +76,7 @@ EASYRSA_RUN_DEPENDS= easy-rsa>=0:security/easy-rsa LZ4_LIB_DEPENDS+= liblz4.so:archivers/liblz4 LZ4_CONFIGURE_OFF= --disable-lz4 -MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls2 +MBEDTLS_LIB_DEPENDS= libmbedtls.so:security/mbedtls3 MBEDTLS_CONFIGURE_ON= --with-crypto-library=mbedtls OPENSSL_USES= ssl diff --git a/security/openvpn-devel/distinfo b/security/openvpn-devel/distinfo index 642485f91297..5af62172f472 100644 --- a/security/openvpn-devel/distinfo +++ b/security/openvpn-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1754042576 -SHA256 (openvpn-openvpn-7b1b283478ec008fad163c8a54659a1ed97ed727_GL0.tar.gz) = 6aae8dff746465fa30cfebece17aee8b5c8b18def9d1f44385403d9a5a17d942 -SIZE (openvpn-openvpn-7b1b283478ec008fad163c8a54659a1ed97ed727_GL0.tar.gz) = 1330547 +TIMESTAMP = 1757057338 +SHA256 (openvpn-openvpn-1e7b9a0fb021f0a64e76369f4efd2001d50ef42b_GL0.tar.gz) = bbc283697162a50ea3a107c00f319216eba8ec0ba4b2ff4ea29ca85f92d60f3a +SIZE (openvpn-openvpn-1e7b9a0fb021f0a64e76369f4efd2001d50ef42b_GL0.tar.gz) = 1333583 diff --git a/security/openvpn/Makefile b/security/openvpn/Makefile index 7c44e64f7dba..690ac26738d8 100644 --- a/security/openvpn/Makefile +++ b/security/openvpn/Makefile @@ -1,6 +1,6 @@ PORTNAME= openvpn DISTVERSION= 2.6.14 -PORTREVISION?= 1 +PORTREVISION?= 3 CATEGORIES= security net net-vpn MASTER_SITES= https://swupdate.openvpn.org/community/releases/ \ https://build.openvpn.net/downloads/releases/ \ diff --git a/security/openvpn/files/patch-src_openvpn_dco__freebsd.c b/security/openvpn/files/patch-src_openvpn_dco__freebsd.c new file mode 100644 index 000000000000..686fc6584be7 --- /dev/null +++ b/security/openvpn/files/patch-src_openvpn_dco__freebsd.c @@ -0,0 +1,90 @@ +--- src/openvpn/dco_freebsd.c.orig 2025-04-02 06:53:10 UTC ++++ src/openvpn/dco_freebsd.c +@@ -72,6 +72,61 @@ sockaddr_to_nvlist(const struct sockaddr *sa) + return (nvl); + } + ++static bool ++nvlist_to_sockaddr(const nvlist_t *nvl, struct sockaddr_storage *ss) ++{ ++ if (!nvlist_exists_number(nvl, "af")) ++ { ++ return (false); ++ } ++ if (!nvlist_exists_binary(nvl, "address")) ++ { ++ return (false); ++ } ++ if (!nvlist_exists_number(nvl, "port")) ++ { ++ return (false); ++ } ++ ++ ss->ss_family = nvlist_get_number(nvl, "af"); ++ ++ switch (ss->ss_family) ++ { ++ case AF_INET: ++ { ++ struct sockaddr_in *in = (struct sockaddr_in *)ss; ++ const void *data; ++ size_t len; ++ ++ in->sin_len = sizeof(*in); ++ data = nvlist_get_binary(nvl, "address", &len); ++ ASSERT(len == sizeof(in->sin_addr)); ++ memcpy(&in->sin_addr, data, sizeof(in->sin_addr)); ++ in->sin_port = nvlist_get_number(nvl, "port"); ++ break; ++ } ++ ++ case AF_INET6: ++ { ++ struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)ss; ++ const void *data; ++ size_t len; ++ ++ in6->sin6_len = sizeof(*in6); ++ data = nvlist_get_binary(nvl, "address", &len); ++ ASSERT(len == sizeof(in6->sin6_addr)); ++ memcpy(&in6->sin6_addr, data, sizeof(in6->sin6_addr)); ++ in6->sin6_port = nvlist_get_number(nvl, "port"); ++ break; ++ } ++ ++ default: ++ return (false); ++ } ++ ++ return (true); ++} ++ + int + dco_new_peer(dco_context_t *dco, unsigned int peerid, int sd, + struct sockaddr *localaddr, struct sockaddr *remoteaddr, +@@ -570,6 +625,25 @@ dco_do_read(dco_context_t *dco) + case OVPN_NOTIF_ROTATE_KEY: + dco->dco_message_type = OVPN_CMD_SWAP_KEYS; + break; ++ ++ case OVPN_NOTIF_FLOAT: { ++ const nvlist_t *address; ++ ++ if (!nvlist_exists_nvlist(nvl, "address")) ++ { ++ msg(M_WARN, "Float notification without address"); ++ break; ++ } ++ ++ address = nvlist_get_nvlist(nvl, "address"); ++ if (!nvlist_to_sockaddr(address, &dco->dco_float_peer_ss)) ++ { ++ msg(M_WARN, "Failed to parse float notification"); ++ break; ++ } ++ dco->dco_message_type = OVPN_CMD_FLOAT_PEER; ++ break; ++ } + + default: + msg(M_WARN, "Unknown kernel notification %d", type); diff --git a/security/openvpn/files/patch-src_openvpn_dco__freebsd.h b/security/openvpn/files/patch-src_openvpn_dco__freebsd.h new file mode 100644 index 000000000000..32dd08563f27 --- /dev/null +++ b/security/openvpn/files/patch-src_openvpn_dco__freebsd.h @@ -0,0 +1,18 @@ +--- src/openvpn/dco_freebsd.h.orig 2025-04-02 06:53:10 UTC ++++ src/openvpn/dco_freebsd.h +@@ -36,6 +36,7 @@ enum ovpn_message_type_t { + OVPN_CMD_DEL_PEER, + OVPN_CMD_PACKET, + OVPN_CMD_SWAP_KEYS, ++ OVPN_CMD_FLOAT_PEER, + }; + + enum ovpn_del_reason_t { +@@ -55,6 +56,7 @@ typedef struct dco_context { + int dco_message_type; + int dco_message_peer_id; + int dco_del_peer_reason; ++ struct sockaddr_storage dco_float_peer_ss; + uint64_t dco_read_bytes; + uint64_t dco_write_bytes; + } dco_context_t; diff --git a/security/openvpn/files/patch-src_openvpn_forward.c b/security/openvpn/files/patch-src_openvpn_forward.c new file mode 100644 index 000000000000..0734167f6636 --- /dev/null +++ b/security/openvpn/files/patch-src_openvpn_forward.c @@ -0,0 +1,44 @@ +--- src/openvpn/forward.c.orig 2025-04-02 06:53:10 UTC ++++ src/openvpn/forward.c +@@ -1234,6 +1234,41 @@ process_incoming_link(struct context *c) + perf_pop(); + } + ++void ++extract_dco_float_peer_addr(const sa_family_t socket_family, ++ struct openvpn_sockaddr *out_osaddr, ++ const struct sockaddr *float_sa) ++{ ++ if (float_sa->sa_family == AF_INET) ++ { ++ struct sockaddr_in *float4 = (struct sockaddr_in *)float_sa; ++ /* DCO treats IPv4-mapped IPv6 addresses as pure IPv4. However, on a ++ * dual-stack socket, we need to preserve the mapping otherwise openvpn ++ * will not be able to find the peer by its transport address. ++ */ ++ if (socket_family == AF_INET6) ++ { ++ out_osaddr->addr.in6.sin6_family = AF_INET6; ++ out_osaddr->addr.in6.sin6_port = float4->sin_port; ++ ++ memset(&out_osaddr->addr.in6.sin6_addr.s6_addr, 0, 10); ++ out_osaddr->addr.in6.sin6_addr.s6_addr[10] = 0xff; ++ out_osaddr->addr.in6.sin6_addr.s6_addr[11] = 0xff; ++ memcpy(&out_osaddr->addr.in6.sin6_addr.s6_addr[12], ++ &float4->sin_addr.s_addr, sizeof(in_addr_t)); ++ } ++ else ++ { ++ memcpy(&out_osaddr->addr.in4, float4, sizeof(struct sockaddr_in)); ++ } ++ } ++ else ++ { ++ struct sockaddr_in6 *float6 = (struct sockaddr_in6 *)float_sa; ++ memcpy(&out_osaddr->addr.in6, float6, sizeof(struct sockaddr_in6)); ++ } ++} ++ + static void + process_incoming_dco(struct context *c) + { diff --git a/security/openvpn/files/patch-src_openvpn_forward.h b/security/openvpn/files/patch-src_openvpn_forward.h new file mode 100644 index 000000000000..050343949c03 --- /dev/null +++ b/security/openvpn/files/patch-src_openvpn_forward.h @@ -0,0 +1,24 @@ +--- src/openvpn/forward.h.orig 2025-04-02 06:53:10 UTC ++++ src/openvpn/forward.h +@@ -189,6 +189,21 @@ void process_incoming_link_part2(struct context *c, st + void process_incoming_link_part2(struct context *c, struct link_socket_info *lsi, const uint8_t *orig_buf); + + /** ++ * Transfers \c float_sa data extracted from an incoming DCO ++ * PEER_FLOAT_NTF to \c out_osaddr for later processing. ++ * ++ * @param socket_family - The address family of the socket ++ * @param out_osaddr - openvpn_sockaddr struct that will be filled the new ++ * address data ++ * @param float_sa - The sockaddr struct containing the data received from the ++ * DCO notification ++ */ ++void ++extract_dco_float_peer_addr(sa_family_t socket_family, ++ struct openvpn_sockaddr *out_osaddr, ++ const struct sockaddr *float_sa); ++ ++/** + * Write a packet to the external network interface. + * @ingroup external_multiplexer + * diff --git a/security/openvpn/files/patch-src_openvpn_init.c b/security/openvpn/files/patch-src_openvpn_init.c new file mode 100644 index 000000000000..0d09e6050236 --- /dev/null +++ b/security/openvpn/files/patch-src_openvpn_init.c @@ -0,0 +1,22 @@ +--- src/openvpn/init.c.orig 2025-04-02 06:53:10 UTC ++++ src/openvpn/init.c +@@ -330,7 +330,7 @@ management_callback_remote_entry_count(void *arg) + static unsigned int + management_callback_remote_entry_count(void *arg) + { +- assert(arg); ++ ASSERT(arg); + struct context *c = (struct context *) arg; + struct connection_list *l = c->options.connection_list; + +@@ -340,8 +340,8 @@ management_callback_remote_entry_get(void *arg, unsign + static bool + management_callback_remote_entry_get(void *arg, unsigned int index, char **remote) + { +- assert(arg); +- assert(remote); ++ ASSERT(arg); ++ ASSERT(remote); + + struct context *c = (struct context *) arg; + struct connection_list *l = c->options.connection_list; diff --git a/security/openvpn/files/patch-src_openvpn_multi.c b/security/openvpn/files/patch-src_openvpn_multi.c new file mode 100644 index 000000000000..22995fb45caf --- /dev/null +++ b/security/openvpn/files/patch-src_openvpn_multi.c @@ -0,0 +1,39 @@ +--- src/openvpn/multi.c.orig 2025-04-02 06:53:10 UTC ++++ src/openvpn/multi.c +@@ -3169,6 +3169,18 @@ multi_process_float(struct multi_context *m, struct mu + goto done; + } + ++ /* It doesn't make sense to let a peer float to the address it already ++ * has, so we disallow it. This can happen if a DCO netlink notification ++ * gets lost and we miss a floating step. ++ */ ++ if (m1->peer_id == m2->peer_id) ++ { ++ msg(M_WARN, "disallowing peer %" PRIu32 " (%s) from floating to " ++ "its own address (%s)", ++ m1->peer_id, tls_common_name(mi->context.c2.tls_multi, false), ++ mroute_addr_print(&mi->real, &gc)); ++ goto done; ++ } + msg(D_MULTI_MEDIUM, "closing instance %s", multi_instance_string(ex_mi, false, &gc)); + multi_close_instance(m, ex_mi, false); + } +@@ -3301,6 +3313,17 @@ multi_process_incoming_dco(struct multi_context *m) + { + process_incoming_del_peer(m, mi, dco); + } ++#if defined(TARGET_FREEBSD) ++ else if (dco->dco_message_type == OVPN_CMD_FLOAT_PEER) ++ { ++ ASSERT(mi->context.c2.link_socket); ++ extract_dco_float_peer_addr(mi->context.c2.link_socket->info.af, ++ &m->top.c2.from.dest, ++ (struct sockaddr *)&dco->dco_float_peer_ss); ++ multi_process_float(m, mi); ++ CLEAR(dco->dco_float_peer_ss); ++ } ++#endif /* if defined(TARGET_LINUX) || defined(TARGET_WIN32) */ + else if (dco->dco_message_type == OVPN_CMD_SWAP_KEYS) + { + tls_session_soft_reset(mi->context.c2.tls_multi); diff --git a/security/openvpn/files/patch-src_openvpn_ovpn__dco__freebsd.h b/security/openvpn/files/patch-src_openvpn_ovpn__dco__freebsd.h new file mode 100644 index 000000000000..1d1ff16e5d8e --- /dev/null +++ b/security/openvpn/files/patch-src_openvpn_ovpn__dco__freebsd.h @@ -0,0 +1,10 @@ +--- src/openvpn/ovpn_dco_freebsd.h.orig 2025-04-02 06:53:10 UTC ++++ src/openvpn/ovpn_dco_freebsd.h +@@ -37,6 +37,7 @@ enum ovpn_notif_type { + enum ovpn_notif_type { + OVPN_NOTIF_DEL_PEER, + OVPN_NOTIF_ROTATE_KEY, ++ OVPN_NOTIF_FLOAT, + }; + + enum ovpn_del_reason { diff --git a/security/pecl-gnupg/Makefile b/security/pecl-gnupg/Makefile index dd2eb5172e17..acff4677d2fe 100644 --- a/security/pecl-gnupg/Makefile +++ b/security/pecl-gnupg/Makefile @@ -1,6 +1,5 @@ PORTNAME= gnupg -PORTVERSION= 1.5.3 -PORTREVISION= 1 +PORTVERSION= 1.5.4 CATEGORIES= security MAINTAINER= sunpoet@FreeBSD.org diff --git a/security/pecl-gnupg/distinfo b/security/pecl-gnupg/distinfo index 52ded8388151..96fec406399e 100644 --- a/security/pecl-gnupg/distinfo +++ b/security/pecl-gnupg/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1749813026 -SHA256 (PECL/gnupg-1.5.3.tgz) = c1555e0c86a7f6d95141530761c1ecf3fe8dbf76e14727e6f885cd7e034bdfd2 -SIZE (PECL/gnupg-1.5.3.tgz) = 47696 +TIMESTAMP = 1757120606 +SHA256 (PECL/gnupg-1.5.4.tgz) = 4d4a0980759bf259e4129ef02cb592bbeb103b4005e7b4bb6945d79488951a50 +SIZE (PECL/gnupg-1.5.4.tgz) = 47874 diff --git a/security/pecl-gnupg/files/patch-gnupg.c b/security/pecl-gnupg/files/patch-gnupg.c deleted file mode 100644 index fda8f01312fd..000000000000 --- a/security/pecl-gnupg/files/patch-gnupg.c +++ /dev/null @@ -1,41 +0,0 @@ -The trustlist feature has been deprecated in Gpgme since 2003 and was removed -in version 2.0.0. - ---- gnupg.c.orig 2025-06-02 18:54:02 UTC -+++ gnupg.c -@@ -341,7 +341,9 @@ phpc_function_entry gnupg_methods[] = { - PHP_GNUPG_FALIAS(addencryptkey, arginfo_gnupg_key_method) - PHP_GNUPG_FALIAS(adddecryptkey, arginfo_gnupg_key_passphrase_method) - PHP_GNUPG_FALIAS(deletekey, arginfo_gnupg_deletekey_method) -+#if GPGME_VERSION_NUMBER < 0x020000 /* GPGME < 2.0.0 */ - PHP_GNUPG_FALIAS(gettrustlist, arginfo_gnupg_pattern_method) -+#endif - PHP_GNUPG_FALIAS(listsignatures, arginfo_gnupg_keyid_method) - PHP_GNUPG_FALIAS(seterrormode, arginfo_gnupg_errmode_method) - PHPC_FE_END -@@ -483,7 +485,9 @@ static zend_function_entry gnupg_functions[] = { - PHP_FE(gnupg_addencryptkey, arginfo_gnupg_key_function) - PHP_FE(gnupg_adddecryptkey, arginfo_gnupg_key_passphrase_function) - PHP_FE(gnupg_deletekey, arginfo_gnupg_deletekey_function) -+#if GPGME_VERSION_NUMBER < 0x020000 /* GPGME < 2.0.0 */ - PHP_FE(gnupg_gettrustlist, arginfo_gnupg_pattern_function) -+#endif - PHP_FE(gnupg_listsignatures, arginfo_gnupg_keyid_function) - PHP_FE(gnupg_seterrormode, arginfo_gnupg_errmode_function) - PHPC_FE_END -@@ -1936,6 +1940,7 @@ PHP_FUNCTION(gnupg_deletekey) - } - /* }}} */ - -+#if GPGME_VERSION_NUMBER < 0x020000 /* GPGME < 2.0.0 */ - /* {{{ proto array gnupg_gettrustlist(string pattern) - * searching for trust items which match PATTERN - */ -@@ -1980,6 +1985,7 @@ PHP_FUNCTION(gnupg_gettrustlist) - } - } - /* }}} */ -+#endif - - /* {{{ proto array gnupg_listsignatures(string keyid) */ - PHP_FUNCTION(gnupg_listsignatures) diff --git a/security/pecl-gnupg/files/patch-php85 b/security/pecl-gnupg/files/patch-php85 deleted file mode 100644 index de4a30311382..000000000000 --- a/security/pecl-gnupg/files/patch-php85 +++ /dev/null @@ -1,31 +0,0 @@ ---- gnupg_keylistiterator.c.orig 2025-06-02 18:54:02 UTC -+++ gnupg_keylistiterator.c -@@ -201,7 +201,7 @@ PHP_METHOD(gnupg_keylistiterator, rewind) - - if ((PHPC_THIS->err = gpgme_op_keylist_start( - PHPC_THIS->ctx, PHPC_THIS->pattern ? PHPC_THIS->pattern : "", 0)) != GPG_ERR_NO_ERROR){ -- zend_throw_exception(zend_exception_get_default(TSRMLS_C), (char *)gpg_strerror(PHPC_THIS->err), 1 TSRMLS_CC); -+ zend_throw_exception(zend_ce_exception, (char *)gpg_strerror(PHPC_THIS->err), 1 TSRMLS_CC); - } - if ((PHPC_THIS->err = gpgme_op_keylist_next(PHPC_THIS->ctx, &PHPC_THIS->gpgkey)) != GPG_ERR_NO_ERROR){ - RETURN_FALSE; ---- gnupg.c.orig 2025-06-02 18:54:02 UTC -+++ gnupg.c -@@ -64,7 +64,7 @@ PHPC_OBJ_DEFINE_HANDLER_VAR(gnupg); - break; \ - case 2: \ - zend_throw_exception(\ -- zend_exception_get_default(TSRMLS_C), \ -+ zend_ce_exception, \ - (char*) error, \ - 0 TSRMLS_CC \ - ); \ -@@ -169,7 +169,7 @@ static void php_gnupg_this_make(PHPC_THIS_DECLARE(gnup - if (gpgme_ctx_set_engine_info( - ctx, GPGME_PROTOCOL_OpenPGP, file_name, home_dir) != GPG_ERR_NO_ERROR) { - zend_throw_exception( -- zend_exception_get_default(TSRMLS_C), -+ zend_ce_exception, - (char*) "Setting engine info failed", - 0 TSRMLS_CC - ); diff --git a/security/py-authlib/Makefile b/security/py-authlib/Makefile index b527bb8c9863..56b2bb82b717 100644 --- a/security/py-authlib/Makefile +++ b/security/py-authlib/Makefile @@ -1,5 +1,5 @@ PORTNAME= authlib -PORTVERSION= 1.6.1 +PORTVERSION= 1.6.3 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-authlib/distinfo b/security/py-authlib/distinfo index d864619a8bce..b5637dd84b1e 100644 --- a/security/py-authlib/distinfo +++ b/security/py-authlib/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1753265790 -SHA256 (authlib-1.6.1.tar.gz) = 4dffdbb1460ba6ec8c17981a4c67af7d8af131231b5a36a88a1e8c80c111cdfd -SIZE (authlib-1.6.1.tar.gz) = 159988 +TIMESTAMP = 1757120812 +SHA256 (authlib-1.6.3.tar.gz) = 9f7a982cc395de719e4c2215c5707e7ea690ecf84f1ab126f28c053f4219e610 +SIZE (authlib-1.6.3.tar.gz) = 160836 diff --git a/security/py-cryptojwt/Makefile b/security/py-cryptojwt/Makefile index 515dbf8eb5af..3ee84f750580 100644 --- a/security/py-cryptojwt/Makefile +++ b/security/py-cryptojwt/Makefile @@ -1,5 +1,5 @@ PORTNAME= cryptojwt -PORTVERSION= 1.9.4 +PORTVERSION= 1.10.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -12,8 +12,9 @@ WWW= https://cryptojwt.readthedocs.io/en/latest/ \ LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}poetry-core>=1.0.0:devel/py-poetry-core@${PY_FLAVOR} -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}requests>=2.25.1<3:www/py-requests@${PY_FLAVOR} +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}hatchling>=0:devel/py-hatchling@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}uv-dynamic-versioning>=0:devel/py-uv-dynamic-versioning@${PY_FLAVOR} +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}requests>=2.25.1:www/py-requests@${PY_FLAVOR} USES= python shebangfix USE_PYTHON= autoplist concurrent cryptography pep517 diff --git a/security/py-cryptojwt/distinfo b/security/py-cryptojwt/distinfo index 97e73204deed..ca087d3591c4 100644 --- a/security/py-cryptojwt/distinfo +++ b/security/py-cryptojwt/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1744215559 -SHA256 (cryptojwt-1.9.4.tar.gz) = 6daa5c9a8841e34947410008c3cbfdb4330d4024961e4e623012b545f991de0c -SIZE (cryptojwt-1.9.4.tar.gz) = 64480 +TIMESTAMP = 1757120814 +SHA256 (cryptojwt-1.10.0.tar.gz) = 12bed4604adedc2f60cc529627b1283cd15abfd6c291efdc0b5225867c39415b +SIZE (cryptojwt-1.10.0.tar.gz) = 151945 diff --git a/security/py-greenbone-feed-sync/Makefile b/security/py-greenbone-feed-sync/Makefile index 353b084cfaa8..d9ab494643e3 100644 --- a/security/py-greenbone-feed-sync/Makefile +++ b/security/py-greenbone-feed-sync/Makefile @@ -1,6 +1,7 @@ PORTNAME= greenbone-feed-sync DISTVERSION= 25.1.0 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -13,8 +14,8 @@ LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}poetry-core>0:devel/py-poetry-core@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}rich>=13.2.0:textproc/py-rich@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}tomli>=2.0.1:textproc/py-tomli@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}shtab>=1.6.5:devel/py-shtab@${PY_FLAVOR} \ + ${PY_TOMLI} \ rsync:net/rsync USE_GITHUB= yes diff --git a/security/py-joserfc/Makefile b/security/py-joserfc/Makefile index 09603c34e6a5..c909e5773db7 100644 --- a/security/py-joserfc/Makefile +++ b/security/py-joserfc/Makefile @@ -1,5 +1,5 @@ PORTNAME= joserfc -PORTVERSION= 1.2.2 +PORTVERSION= 1.3.1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-joserfc/distinfo b/security/py-joserfc/distinfo index 62b3a48b759b..d994f1b7109c 100644 --- a/security/py-joserfc/distinfo +++ b/security/py-joserfc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752566724 -SHA256 (joserfc-1.2.2.tar.gz) = 0d2a84feecef96168635fd9bf288363fc75b4afef3d99691f77833c8e025d200 -SIZE (joserfc-1.2.2.tar.gz) = 192865 +TIMESTAMP = 1757120816 +SHA256 (joserfc-1.3.1.tar.gz) = f682710bffbf2052d7a90e5d808dbaf06832ccac24f697b262837ea052eeb2c9 +SIZE (joserfc-1.3.1.tar.gz) = 195967 diff --git a/security/py-notus-scanner/Makefile b/security/py-notus-scanner/Makefile index 713e822f766c..32397f0f8582 100644 --- a/security/py-notus-scanner/Makefile +++ b/security/py-notus-scanner/Makefile @@ -1,6 +1,7 @@ PORTNAME= notus-scanner DISTVERSION= 22.7.2 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -16,7 +17,7 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}packaging>0:devel/py-packaging@${PY_FLAVOR} ${PYTHON_PKGNAMEPREFIX}paho-mqtt>0:net/py-paho-mqtt@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}psutil>=0:sysutils/py-psutil@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}python-gnupg>0:security/py-python-gnupg@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}tomli>0:textproc/py-tomli@${PY_FLAVOR} \ + ${PY_TOMLI} \ ${PYTHON_PKGNAMEPREFIX}sentry-sdk>0:devel/py-sentry-sdk@${PY_FLAVOR} \ mosquitto:net/mosquitto diff --git a/security/py-pyhanko-certvalidator/Makefile b/security/py-pyhanko-certvalidator/Makefile index 4da59bde9079..b995b3135b2a 100644 --- a/security/py-pyhanko-certvalidator/Makefile +++ b/security/py-pyhanko-certvalidator/Makefile @@ -1,5 +1,5 @@ PORTNAME= pyhanko-certvalidator -PORTVERSION= 0.27.0 +PORTVERSION= 0.28.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -28,6 +28,6 @@ NO_ARCH= yes OPTIONS_DEFINE= ASYNC_HTTP ASYNC_HTTP_DESC=Asynchronous support -ASYNC_HTTP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>=3.8<3.12:www/py-aiohttp@${PY_FLAVOR} +ASYNC_HTTP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>=3.9<3.13:www/py-aiohttp@${PY_FLAVOR} .include <bsd.port.mk> diff --git a/security/py-pyhanko-certvalidator/distinfo b/security/py-pyhanko-certvalidator/distinfo index 551d2a7abd70..19dfbcffe720 100644 --- a/security/py-pyhanko-certvalidator/distinfo +++ b/security/py-pyhanko-certvalidator/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1748107944 -SHA256 (pyhanko_certvalidator-0.27.0.tar.gz) = 94820b23ccecadfa64fa7f61b0427f751edcfa24f1bcbfb052b5780bdeab3def -SIZE (pyhanko_certvalidator-0.27.0.tar.gz) = 104111 +TIMESTAMP = 1757120820 +SHA256 (pyhanko_certvalidator-0.28.0.tar.gz) = 6b2911520a3e9cf24a640f67488fadac82ad3818f4256ddfb7e8fa1fada80f2d +SIZE (pyhanko_certvalidator-0.28.0.tar.gz) = 93049 diff --git a/security/py-pyhanko-certvalidator/files/patch-pyproject.toml b/security/py-pyhanko-certvalidator/files/patch-pyproject.toml index d7e06f702bf3..610cbd5c387d 100644 --- a/security/py-pyhanko-certvalidator/files/patch-pyproject.toml +++ b/security/py-pyhanko-certvalidator/files/patch-pyproject.toml @@ -1,14 +1,11 @@ ---- pyproject.toml.orig 2025-05-24 11:55:40 UTC +--- pyproject.toml.orig 2025-08-23 12:29:44 UTC +++ pyproject.toml -@@ -1,6 +1,6 @@ requires = [ +@@ -1,12 +1,11 @@ [build-system] - requires = [ -- "setuptools>=67.4", -+ "setuptools>=61", - "wheel" - ] +-requires = ["setuptools>=80.8.0"] ++requires = ["setuptools>=61"] build-backend = "setuptools.build_meta" -@@ -8,8 +8,7 @@ authors = [{name = "Matthias Valvekens", email = "dev@ + [project] name = "pyhanko-certvalidator" authors = [{name = "Matthias Valvekens", email = "dev@mvalvekens.be"}] diff --git a/security/py-pyhanko-cli/Makefile b/security/py-pyhanko-cli/Makefile index d5834355e802..7bf271af369f 100644 --- a/security/py-pyhanko-cli/Makefile +++ b/security/py-pyhanko-cli/Makefile @@ -1,14 +1,15 @@ PORTNAME= pyhanko-cli -DISTNAME= pyhanko_cli-${PORTVERSION} PORTVERSION= 0.1.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} +DISTNAME= pyhanko_cli-${PORTVERSION} MAINTAINER= sunpoet@FreeBSD.org COMMENT= CLI tools for stamping and signing PDF files -WWW= https://pyhanko.readthedocs.io/en/latest/cli-guide/ \ +WWW= https://docs.pyhanko.eu/en/latest/cli-guide/ \ + https://github.com/MatthiasValvekens/pyHanko/tree/master/pkgs/pyhanko-cli \ https://github.com/MatthiasValvekens/pyHanko LICENSE= MIT @@ -18,8 +19,8 @@ BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=61:devel/py-setuptools@${PY_FL ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}asn1crypto>=1.5.1:devel/py-asn1crypto@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}click>=8.1.3:devel/py-click@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pyhanko>=0.29.1<0.30:security/py-pyhanko@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pyhanko-certvalidator>=0.27.0<0.28:security/py-pyhanko-certvalidator@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pyhanko>=0.29.1:security/py-pyhanko@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pyhanko-certvalidator>=0.27.0:security/py-pyhanko-certvalidator@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}tzlocal>=4.3:devel/py-tzlocal@${PY_FLAVOR} USES= python diff --git a/security/py-pyhanko-cli/files/patch-pyproject.toml b/security/py-pyhanko-cli/files/patch-pyproject.toml index 975a0994ebe7..06d2d28e40b6 100644 --- a/security/py-pyhanko-cli/files/patch-pyproject.toml +++ b/security/py-pyhanko-cli/files/patch-pyproject.toml @@ -17,3 +17,14 @@ keywords = [ "signature", "pdf", +@@ -33,8 +32,8 @@ dependencies = [ + dependencies = [ + "asn1crypto>=1.5.1", + "tzlocal>=4.3", +- "pyhanko>=0.29.1,<0.30", +- "pyhanko-certvalidator>=0.27.0,<0.28", ++ "pyhanko>=0.29.1", ++ "pyhanko-certvalidator>=0.27.0", + "click>=8.1.3,!=8.2.0", + ] + version = "0.1.2" diff --git a/security/py-pyhanko/Makefile b/security/py-pyhanko/Makefile index 15de838aa27f..0925ddb157b7 100644 --- a/security/py-pyhanko/Makefile +++ b/security/py-pyhanko/Makefile @@ -1,6 +1,5 @@ PORTNAME= pyhanko -PORTVERSION= 0.29.1 -PORTREVISION= 1 +PORTVERSION= 0.30.0 CATEGORIES= security python MASTER_SITES= PYPI \ https://github.com/MatthiasValvekens/pyHanko/releases/download/v${PORTVERSION}/ @@ -8,7 +7,7 @@ PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} MAINTAINER= sunpoet@FreeBSD.org COMMENT= Tools for stamping and signing PDF files -WWW= https://pyhanko.readthedocs.io/en/latest/ \ +WWW= https://docs.pyhanko.eu/en/latest/ \ https://github.com/MatthiasValvekens/pyHanko LICENSE= MIT @@ -19,7 +18,7 @@ BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=61:devel/py-setuptools@${PY_FL RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}asn1crypto>=1.5.1:devel/py-asn1crypto@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}click>=8.1.3<8.2.0:devel/py-click@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}defusedxml>=0.7.1<0.8:devel/py-defusedxml@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pyhanko-certvalidator>=0.27.0<0.28:security/py-pyhanko-certvalidator@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}pyhanko-certvalidator>=0.28.0<0.29:security/py-pyhanko-certvalidator@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyyaml>=6.0:devel/py-pyyaml@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}qrcode>=7.3.1:textproc/py-qrcode@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}requests>=2.31.0:www/py-requests@${PY_FLAVOR} \ @@ -30,21 +29,22 @@ USE_PYTHON= autoplist concurrent cryptography pep517 NO_ARCH= yes -OPTIONS_DEFINE= ASYNC_HTTP ETSI IMAGE_SUPPORT OPENTYPE PKGCS11 XMP +OPTIONS_DEFINE= ASYNC_HTTP ETSI IMAGE_SUPPORT OPENTYPE PKCS11 XMP ASYNC_HTTP_DESC=Asynchronous support ETSI_DESC= European Telecommunications Standards Institute (ETSI) IMAGE_SUPPORT_DESC= Image handling support OPENTYPE_DESC= OpenType/TrueType support -PKGCS11_DESC= PKGCS\#11 support +PKCS11_DESC= PKCS\#11 support XMP_DESC= XMP (Extensible Metadata Platform) support ASYNC_HTTP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}aiohttp>=3.9<3.13:www/py-aiohttp@${PY_FLAVOR} -ETSI_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}xsdata>=24.4<26.0:devel/py-xsdata@${PY_FLAVOR} +ETSI_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}xsdata>=24.4<26.0:devel/py-xsdata@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}signxml>=4.2.0:security/py-signxml@${PY_FLAVOR} IMAGE_SUPPORT_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pillow>=7.2.0:graphics/py-pillow@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}python-barcode>=0.15.1<0.15.1_99:graphics/py-python-barcode@${PY_FLAVOR} OPENTYPE_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}fonttools>=4.33.3:print/py-fonttools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}uharfbuzz>=0.25.0<0.51.0:print/py-uharfbuzz@${PY_FLAVOR} -PKGCS11_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}python-pkcs11>=0.8.0<0.9:security/py-python-pkcs11@${PY_FLAVOR} +PKCS11_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}python-pkcs11>=0.9.0<0.10:security/py-python-pkcs11@${PY_FLAVOR} XMP_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}defusedxml>=0.7.1<0.8:devel/py-defusedxml@${PY_FLAVOR} .include <bsd.port.mk> diff --git a/security/py-pyhanko/distinfo b/security/py-pyhanko/distinfo index 8f219ecc7a0c..ed1bfa659566 100644 --- a/security/py-pyhanko/distinfo +++ b/security/py-pyhanko/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750954232 -SHA256 (pyhanko-0.29.1.tar.gz) = 4b7787fc9ff325012ce85f24b67c13b1c9507991e2570c955b23522e3a2dc3b6 -SIZE (pyhanko-0.29.1.tar.gz) = 366860 +TIMESTAMP = 1757120818 +SHA256 (pyhanko-0.30.0.tar.gz) = efaa9e5401d4912fa5b2aeb4cdbe729196d98dae0671bd6d37a824dc6fde5ca4 +SIZE (pyhanko-0.30.0.tar.gz) = 405860 diff --git a/security/py-python-pkcs11/Makefile b/security/py-python-pkcs11/Makefile index b632077457e1..5773fb9d9102 100644 --- a/security/py-python-pkcs11/Makefile +++ b/security/py-python-pkcs11/Makefile @@ -1,5 +1,5 @@ PORTNAME= python-pkcs11 -PORTVERSION= 0.8.1 +PORTVERSION= 0.9.0 CATEGORIES= security python MASTER_SITES= PYPI \ https://github.com/pyauth/python-pkcs11/releases/download/v${PORTVERSION}/ diff --git a/security/py-python-pkcs11/distinfo b/security/py-python-pkcs11/distinfo index c0a5f4aad13a..1cc3580ac585 100644 --- a/security/py-python-pkcs11/distinfo +++ b/security/py-python-pkcs11/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750954234 -SHA256 (python_pkcs11-0.8.1.tar.gz) = f9e11df146ce2e6359aeb81fa84c2dd7ab9719f707cdae06ceae22d9e6a10818 -SIZE (python_pkcs11-0.8.1.tar.gz) = 156019 +TIMESTAMP = 1757120822 +SHA256 (python_pkcs11-0.9.0.tar.gz) = 5297de1a30020907af63717003a56d30dcace6fe0022ccaa1d70423f8f836a4d +SIZE (python_pkcs11-0.9.0.tar.gz) = 174604 diff --git a/security/py-signxml/Makefile b/security/py-signxml/Makefile new file mode 100644 index 000000000000..d8b550fa3e56 --- /dev/null +++ b/security/py-signxml/Makefile @@ -0,0 +1,25 @@ +PORTNAME= signxml +PORTVERSION= 4.2.0 +CATEGORIES= security python +MASTER_SITES= PYPI +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= sunpoet@FreeBSD.org +COMMENT= Python XML Signature and XAdES library +WWW= https://xml-security.github.io/signxml/ \ + https://github.com/XML-Security/signxml + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}hatch-vcs>=0:devel/py-hatch-vcs@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}hatchling>=0:devel/py-hatchling@${PY_FLAVOR} +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}certifi>=2023.11.17:security/py-certifi@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}lxml5>=5.2.1<7:devel/py-lxml5@${PY_FLAVOR} + +USES= python +USE_PYTHON= autoplist concurrent cryptography pep517 + +NO_ARCH= yes + +.include <bsd.port.mk> diff --git a/security/py-signxml/distinfo b/security/py-signxml/distinfo new file mode 100644 index 000000000000..3e65f43e86b0 --- /dev/null +++ b/security/py-signxml/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1757120472 +SHA256 (signxml-4.2.0.tar.gz) = 5317b71f682d6b9ebd4a827d564eb43fe8f6edf98030fc30eb629621045441c6 +SIZE (signxml-4.2.0.tar.gz) = 1610974 diff --git a/security/py-signxml/pkg-descr b/security/py-signxml/pkg-descr new file mode 100644 index 000000000000..b16692a92a68 --- /dev/null +++ b/security/py-signxml/pkg-descr @@ -0,0 +1,21 @@ +SignXML is an implementation of the W3C XML Signature standard in Python. This +standard (also known as "XMLDSig") is used to provide payload security in SAML +2.0, XAdES, EBICS, and WS-Security, among other uses. The standard is defined in +the W3C Recommendation XML Signature Syntax and Processing Version 1.1. SignXML +implements all of the required components of the Version 1.1 standard, and most +recommended ones. Its features are: +- Use of a libxml2-based XML parser configured to defend against common XML + attacks when verifying signatures +- Extensions to allow signing with and verifying X.509 certificate chains, + including hostname/CN validation +- Extensions to sign and verify XAdES signatures +- Support for exclusive XML canonicalization with inclusive prefixes + (InclusiveNamespaces PrefixList, required to verify signatures generated by + some SAML implementations) +- Modern Python compatibility (3.9-3.13+ and PyPy) +- Well-supported, portable, reliable dependencies: lxml and cryptography +- Comprehensive testing (including the XMLDSig interoperability suite) and + continuous integration +- Simple interface with useful, ergonomic, and secure defaults (no network + calls, XSLT or XPath transforms) +- Compactness, readability, and extensibility diff --git a/security/py-truststore/Makefile b/security/py-truststore/Makefile index 03832c767a53..12a550387b39 100644 --- a/security/py-truststore/Makefile +++ b/security/py-truststore/Makefile @@ -1,5 +1,5 @@ PORTNAME= truststore -PORTVERSION= 0.10.1 +PORTVERSION= 0.10.4 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -12,7 +12,7 @@ WWW= https://truststore.readthedocs.io/en/latest/ \ LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}flit-core>=3.2<4:devel/py-flit-core@${PY_FLAVOR} +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}flit-core>=3.11<4:devel/py-flit-core@${PY_FLAVOR} USES= python:3.10+ ssl USE_PYTHON= autoplist concurrent pep517 diff --git a/security/py-truststore/distinfo b/security/py-truststore/distinfo index ede564e526e4..3933aabb9b4c 100644 --- a/security/py-truststore/distinfo +++ b/security/py-truststore/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1739116726 -SHA256 (truststore-0.10.1.tar.gz) = eda021616b59021812e800fa0a071e51b266721bef3ce092db8a699e21c63539 -SIZE (truststore-0.10.1.tar.gz) = 26101 +TIMESTAMP = 1757120824 +SHA256 (truststore-0.10.4.tar.gz) = 9d91bd436463ad5e4ee4aba766628dd6cd7010cf3e2461756b3303710eebc301 +SIZE (truststore-0.10.4.tar.gz) = 26169 diff --git a/security/py-truststore/files/patch-pyproject.toml b/security/py-truststore/files/patch-pyproject.toml new file mode 100644 index 000000000000..478ce982457f --- /dev/null +++ b/security/py-truststore/files/patch-pyproject.toml @@ -0,0 +1,12 @@ +--- pyproject.toml.orig 2025-08-12 18:47:53 UTC ++++ pyproject.toml +@@ -9,8 +9,7 @@ readme = "README.md" + {name = "David Glick", email = "david@glicksoftware.com"} + ] + readme = "README.md" +-license = "MIT" +-license-files = ["LICENSE"] ++license = {file = "LICENSE"} + classifiers = [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", diff --git a/security/py-wassima/Makefile b/security/py-wassima/Makefile index c6aabb6eb0f3..66269e93a79e 100644 --- a/security/py-wassima/Makefile +++ b/security/py-wassima/Makefile @@ -1,5 +1,5 @@ PORTNAME= wassima -PORTVERSION= 2.0.0 +PORTVERSION= 2.0.1 CATEGORIES= security python MASTER_SITES= PYPI \ https://github.com/jawah/wassima/releases/download/${PORTVERSION}/ diff --git a/security/py-wassima/distinfo b/security/py-wassima/distinfo index 64dbf3f738a6..578757f6e63e 100644 --- a/security/py-wassima/distinfo +++ b/security/py-wassima/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750954236 -SHA256 (wassima-2.0.0.tar.gz) = 9d0dd4d7f8cdc1247518daf72b656f77f87a870861aeda73e32a43e583202ae6 -SIZE (wassima-2.0.0.tar.gz) = 148821 +TIMESTAMP = 1757120826 +SHA256 (wassima-2.0.1.tar.gz) = c383285e1fafdf21fc6f8486fd3f46778ed1295ddfd1595c03e592a8aa248e83 +SIZE (wassima-2.0.1.tar.gz) = 150452 diff --git a/security/rubygem-acme-client/Makefile b/security/rubygem-acme-client/Makefile index f3f78774f3e4..ebd58343040c 100644 --- a/security/rubygem-acme-client/Makefile +++ b/security/rubygem-acme-client/Makefile @@ -1,5 +1,5 @@ PORTNAME= acme-client -PORTVERSION= 2.0.23 +PORTVERSION= 2.0.25 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-acme-client/distinfo b/security/rubygem-acme-client/distinfo index 0e4cb4a697a8..79a4a4fcfdbd 100644 --- a/security/rubygem-acme-client/distinfo +++ b/security/rubygem-acme-client/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1755062612 -SHA256 (rubygem/acme-client-2.0.23.gem) = 33241b5bdb5179283ad52591c751bafcc4225e62d81c003c23891e48a3c107ac -SIZE (rubygem/acme-client-2.0.23.gem) = 21504 +TIMESTAMP = 1757121850 +SHA256 (rubygem/acme-client-2.0.25.gem) = e0bba7b9f785fd9ffe0933f8733ca81357ac46e4a979cb4f84806ab88fee0f31 +SIZE (rubygem/acme-client-2.0.25.gem) = 22016 diff --git a/security/rubygem-googleauth/Makefile b/security/rubygem-googleauth/Makefile index 930b5d38c7f2..18d976267d44 100644 --- a/security/rubygem-googleauth/Makefile +++ b/security/rubygem-googleauth/Makefile @@ -1,5 +1,5 @@ PORTNAME= googleauth -PORTVERSION= 1.14.0 +PORTVERSION= 1.15.0 CATEGORIES= security rubygems MASTER_SITES= RG @@ -13,7 +13,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= rubygem-faraday>=1.0<3.0:www/rubygem-faraday \ rubygem-google-cloud-env>=2.2<3:net/rubygem-google-cloud-env \ rubygem-google-logging-utils>=0.1<1:devel/rubygem-google-logging-utils \ - rubygem-jwt>=1.4<3.0:www/rubygem-jwt \ + rubygem-jwt>=1.4<4.0:www/rubygem-jwt \ rubygem-multi_json>=1.11<2:devel/rubygem-multi_json \ rubygem-os>=0.9<2.0:devel/rubygem-os \ rubygem-signet>=0.16<2:security/rubygem-signet diff --git a/security/rubygem-googleauth/distinfo b/security/rubygem-googleauth/distinfo index 715d45a95edc..6b4e5fcfa88d 100644 --- a/security/rubygem-googleauth/distinfo +++ b/security/rubygem-googleauth/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1742405572 -SHA256 (rubygem/googleauth-1.14.0.gem) = 62e7de11791890c3d3dc70582dfd9ab5516530e4e4f56d96451fd62c76475149 -SIZE (rubygem/googleauth-1.14.0.gem) = 60928 +TIMESTAMP = 1757121852 +SHA256 (rubygem/googleauth-1.15.0.gem) = 122ae61813805a1cfdf225638f33d354ca6078be17e9712669667226a7243bcf +SIZE (rubygem/googleauth-1.15.0.gem) = 70144 diff --git a/security/rubygem-rasn1/Makefile b/security/rubygem-rasn1/Makefile index a9dda07d9e6f..ac673604c6d1 100644 --- a/security/rubygem-rasn1/Makefile +++ b/security/rubygem-rasn1/Makefile @@ -1,11 +1,11 @@ PORTNAME= rasn1 -PORTVERSION= 0.16.0 +PORTVERSION= 0.16.2 CATEGORIES= security rubygems MASTER_SITES= RG MAINTAINER= sunpoet@FreeBSD.org COMMENT= Pure ruby ASN.1 library -WWW= https://github.com/lemontree55/rasn1 +WWW= https://codeberg.org/lemontree55/rasn1 LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE diff --git a/security/rubygem-rasn1/distinfo b/security/rubygem-rasn1/distinfo index a19adb8a6d67..fee1e8ca6e0d 100644 --- a/security/rubygem-rasn1/distinfo +++ b/security/rubygem-rasn1/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750188250 -SHA256 (rubygem/rasn1-0.16.0.gem) = c3f482cd6163822f98f31e3397b0528f3abe1f244093095abf0946e656be5c2b -SIZE (rubygem/rasn1-0.16.0.gem) = 29696 +TIMESTAMP = 1757121854 +SHA256 (rubygem/rasn1-0.16.2.gem) = f25b5548b6dfe80608af490eea6901fd9ed42f9fb4b45ddaa33bbb58c4b9688c +SIZE (rubygem/rasn1-0.16.2.gem) = 30208 diff --git a/security/rubygem-signet/Makefile b/security/rubygem-signet/Makefile index b893b776ed00..e6eb4cf7969b 100644 --- a/security/rubygem-signet/Makefile +++ b/security/rubygem-signet/Makefile @@ -1,5 +1,5 @@ PORTNAME= signet -PORTVERSION= 0.20.0 +PORTVERSION= 0.21.0 CATEGORIES= security rubygems MASTER_SITES= RG @@ -12,7 +12,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= rubygem-addressable>=2.8<3:www/rubygem-addressable \ rubygem-faraday>=0.17.5<3.0:www/rubygem-faraday \ - rubygem-jwt>=1.5<3.0:www/rubygem-jwt \ + rubygem-jwt>=1.5<4.0:www/rubygem-jwt \ rubygem-multi_json>=1.10<2:devel/rubygem-multi_json USES= gem diff --git a/security/rubygem-signet/distinfo b/security/rubygem-signet/distinfo index 9149e7a21965..a08f75285e2f 100644 --- a/security/rubygem-signet/distinfo +++ b/security/rubygem-signet/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1747547520 -SHA256 (rubygem/signet-0.20.0.gem) = bc660e2a6062311348cd35ec1ffafde1c5e2231213e1ca124f57aa4f59ec47a3 -SIZE (rubygem/signet-0.20.0.gem) = 35840 +TIMESTAMP = 1757121856 +SHA256 (rubygem/signet-0.21.0.gem) = d617e9fbf24928280d39dcfefba9a0372d1c38187ffffd0a9283957a10a8cd5b +SIZE (rubygem/signet-0.21.0.gem) = 35840 diff --git a/security/snort3/Makefile b/security/snort3/Makefile index 8a7d723304fe..7064f6c2546e 100644 --- a/security/snort3/Makefile +++ b/security/snort3/Makefile @@ -1,5 +1,5 @@ PORTNAME= snort -DISTVERSION= 3.9.3.0 +DISTVERSION= 3.9.5.0 PORTEPOCH= 1 CATEGORIES= security PKGNAMESUFFIX= 3 diff --git a/security/snort3/distinfo b/security/snort3/distinfo index 5149faaa6b94..4822b69ada6a 100644 --- a/security/snort3/distinfo +++ b/security/snort3/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1754971093 -SHA256 (snort3-snort3-3.9.3.0_GH0.tar.gz) = c7c2f7488b1a9ec5b60b9706fc3f2f3f9c0e1eb57f384e077676c452570468cf -SIZE (snort3-snort3-3.9.3.0_GH0.tar.gz) = 3521227 +TIMESTAMP = 1757072847 +SHA256 (snort3-snort3-3.9.5.0_GH0.tar.gz) = e2e36a8db2c4c26a6ff58ea58839339260319eba25d0eb901ddb7210f4fa4b4c +SIZE (snort3-snort3-3.9.5.0_GH0.tar.gz) = 3525177 diff --git a/security/timestamp-authority/Makefile b/security/timestamp-authority/Makefile index f121f3c4b9a1..32ac2a2a5c2a 100644 --- a/security/timestamp-authority/Makefile +++ b/security/timestamp-authority/Makefile @@ -1,7 +1,6 @@ PORTNAME= timestamp-authority DISTVERSIONPREFIX= v -DISTVERSION= 1.2.8 -PORTREVISION= 4 +DISTVERSION= 1.2.9 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/timestamp-authority/distinfo b/security/timestamp-authority/distinfo index a6b799f3a899..990024b18972 100644 --- a/security/timestamp-authority/distinfo +++ b/security/timestamp-authority/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1749129459 -SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.8/v1.2.8.mod) = 7d4f9a12c60f4fcf4d7c383fd1a142d27013d333af0ed468934e9e5d4043746b -SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.8/v1.2.8.mod) = 7937 -SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.8/v1.2.8.zip) = a38ad43bc263abdbf8775c01642292a016ecb5d79c8bcde69aef154bce412f6d -SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.8/v1.2.8.zip) = 196365 +TIMESTAMP = 1757405602 +SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.9/v1.2.9.mod) = 2bfba68e8bc93ec88a2d67d277aa0c982fe4d51f590daa689f0e3f909a92c7b7 +SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.9/v1.2.9.mod) = 8637 +SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.9/v1.2.9.zip) = fb191f73ac2fec3d6f68c767cb6c9e72baa48a098b5d613bcf0608b57d1aa034 +SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.9/v1.2.9.zip) = 199679 diff --git a/security/vault/Makefile b/security/vault/Makefile index 536c0cce0ff7..7906ac22206e 100644 --- a/security/vault/Makefile +++ b/security/vault/Makefile @@ -1,7 +1,6 @@ PORTNAME= vault DISTVERSIONPREFIX= v -DISTVERSION= 1.20.2 -PORTREVISION= 1 +DISTVERSION= 1.20.3 CATEGORIES= security MASTER_SITES= https://raw.githubusercontent.com/hashicorp/vault/${DISTVERSIONFULL}/ \ LOCAL/bofh/security/${PORTNAME}/:web_ui @@ -47,7 +46,7 @@ GROUPS= vault PLIST_FILES= bin/${PORTNAME} -GITID= 824d12909d5b596ddd3f34d9c8f169b4f9701a0c +GITID= 7665ff29d77e5cb3ea9ddbeaed49ee312e53c6b8 .include <bsd.port.pre.mk> diff --git a/security/vault/distinfo b/security/vault/distinfo index c17babae63fa..c8a637c2add4 100644 --- a/security/vault/distinfo +++ b/security/vault/distinfo @@ -1,17 +1,17 @@ -TIMESTAMP = 1754685277 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/go.mod) = cd83bd31fc0bfb55d172ae8fc8f8bc3930bc52602a5b73b2cccbf5428e144241 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/go.mod) = 30390 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/go.mod) = c0d25838a7b72c0a5450c0c346e22eea9d24074c637f99e13941fd74980330e5 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/go.mod) = 1659 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/approle/go.mod) = 94d14c8d7b0e143e5cda121829d639935bcd5bab9cc4961ca4ac432ec675a5b9 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/approle/go.mod) = 1065 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/kubernetes/go.mod) = bb4af50f74cdf95fd886651b1911dff90e118c62270497102ce144f5c76c9b1d -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/kubernetes/go.mod) = 1068 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/userpass/go.mod) = e92fff72dd8294c27b29ba8fc653d28edf322d8f59d98258ea87691dd5777b56 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/userpass/go.mod) = 1066 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/sdk/go.mod) = a3da120c91c4a0a9a2ad7e2fac36034da35a1527668359a6c9f19800aa88f2f1 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/sdk/go.mod) = 6759 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/vault-web_ui-1.20.2.tar.gz) = 5d6a244ae81312a78c847abeec525a01cfe92fdf2f7df6d812a884f14561cc96 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/vault-web_ui-1.20.2.tar.gz) = 3584329 -SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/hashicorp-vault-v1.20.2_GH0.tar.gz) = cff7c65f4cfdebbf2a419e77debe5dda1abd93d48f673e8bbbd4c5e5161233e2 -SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/hashicorp-vault-v1.20.2_GH0.tar.gz) = 41645004 +TIMESTAMP = 1756981575 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/go.mod) = 7113bb21f1f4e49f214b327ab6bf38e61c7a1d6a90945d800af5c95adfe35ef4 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/go.mod) = 30603 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/go.mod) = c0d25838a7b72c0a5450c0c346e22eea9d24074c637f99e13941fd74980330e5 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/go.mod) = 1659 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/approle/go.mod) = 94d14c8d7b0e143e5cda121829d639935bcd5bab9cc4961ca4ac432ec675a5b9 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/approle/go.mod) = 1065 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/kubernetes/go.mod) = bb4af50f74cdf95fd886651b1911dff90e118c62270497102ce144f5c76c9b1d +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/kubernetes/go.mod) = 1068 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/userpass/go.mod) = e92fff72dd8294c27b29ba8fc653d28edf322d8f59d98258ea87691dd5777b56 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/api/auth/userpass/go.mod) = 1066 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/sdk/go.mod) = aa3fe5aee6ec08608f8f97f1238b1a132bb89973069985e0ae24d9e492b2df7c +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/sdk/go.mod) = 6786 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/vault-web_ui-1.20.3.tar.gz) = 4131d8f602bce1ced7275ea2925e18ccd202d03a0fcc69e3f338fafcbaeb22d8 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/vault-web_ui-1.20.3.tar.gz) = 3513752 +SHA256 (go/security_vault/hashicorp-vault-v1.20.3_GH0/hashicorp-vault-v1.20.3_GH0.tar.gz) = 024dbc999b4149551da398355008d29827459e52f4379a129eb20c5284647050 +SIZE (go/security_vault/hashicorp-vault-v1.20.3_GH0/hashicorp-vault-v1.20.3_GH0.tar.gz) = 41634047 diff --git a/security/vuls/Makefile b/security/vuls/Makefile index 0a3bfc140f06..ebe25474a906 100644 --- a/security/vuls/Makefile +++ b/security/vuls/Makefile @@ -1,7 +1,6 @@ PORTNAME= vuls DISTVERSIONPREFIX=v -DISTVERSION= 0.33.4 -PORTREVISION= 1 +DISTVERSION= 0.34.0 CATEGORIES= security MAINTAINER= girgen@FreeBSD.org diff --git a/security/vuls/distinfo b/security/vuls/distinfo index 79f5d3b3f61b..07044799c86d 100644 --- a/security/vuls/distinfo +++ b/security/vuls/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1756275976 -SHA256 (go/security_vuls/vuls-v0.33.4/v0.33.4.mod) = 58bcb90a4067f623c6c3bcb960b6aed4fcf08e6b94014667105f74b66f446da6 -SIZE (go/security_vuls/vuls-v0.33.4/v0.33.4.mod) = 20710 -SHA256 (go/security_vuls/vuls-v0.33.4/v0.33.4.zip) = 434e4e0b86a08cb257c2387d541277474903c5d96998638cb7a014fbc4a3a412 -SIZE (go/security_vuls/vuls-v0.33.4/v0.33.4.zip) = 1398525 +TIMESTAMP = 1757153514 +SHA256 (go/security_vuls/vuls-v0.34.0/v0.34.0.mod) = 0ac637cb17c79cc5ca34bbfcd75d05a6e4458ee66523050a2a15461cad6af2df +SIZE (go/security_vuls/vuls-v0.34.0/v0.34.0.mod) = 20230 +SHA256 (go/security_vuls/vuls-v0.34.0/v0.34.0.zip) = 08062c74c713c8087c93bcd3f8031947bd0e159d6ab43f39ef0ac4c8e637aa56 +SIZE (go/security_vuls/vuls-v0.34.0/v0.34.0.zip) = 1400840 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index a7e620621142..6a4e1eec9395 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,42 @@ + <vuln vid="bda50cf1-8bcf-11f0-b3f7-a8a1599412c6"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>140.0.7339.80</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>140.0.7339.80</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html"> + <p>This update includes 6 security fixes:</p> + <ul> + <li>[434513380] High CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team on 2025-07-28</li> + <li>[437147699] Medium CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani on 2025-08-07</li> + <li>[379337758] Medium CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK on 2024-11-16</li> + <li>[415496161] Medium CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari on 2025-05-04</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9864</cvename> + <cvename>CVE-2025-9865</cvename> + <cvename>CVE-2025-9866</cvename> + <cvename>CVE-2025-9867</cvename> + <url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html</url> + </references> + <dates> + <discovery>2025-09-02</discovery> + <entry>2025-09-07</entry> + </dates> + </vuln> + <vuln vid="340dc4c1-895a-11f0-b6e5-4ccc6adda413"> <topic>exiv2 -- Denial-of-service</topic> <affects> @@ -2233,7 +2272,7 @@ <affects> <package> <name>libxslt</name> - <range><lt>2</lt></range> <!-- adjust should libxslt ever be fixed --> + <range><lt>1.1.43_2</lt></range> <!-- adjust should libxslt ever be fixed --> </package> <package> <name>linux-c7-libxslt</name> |