diff options
Diffstat (limited to 'security')
33 files changed, 271 insertions, 94 deletions
diff --git a/security/afl++/Makefile b/security/afl++/Makefile index 41e79b781385..6e45c1ed62e0 100644 --- a/security/afl++/Makefile +++ b/security/afl++/Makefile @@ -1,6 +1,6 @@ PORTNAME= afl DISTVERSIONPREFIX= v -DISTVERSION= 4.32c +DISTVERSION= 4.33c CATEGORIES= security PKGNAMESUFFIX= ++-${FLAVOR} diff --git a/security/afl++/distinfo b/security/afl++/distinfo index 21befac35cea..871fd6e76ebe 100644 --- a/security/afl++/distinfo +++ b/security/afl++/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1746197618 -SHA256 (AFLplusplus-AFLplusplus-v4.32c_GH0.tar.gz) = dc7f59a11ce8cf67a3ed09a5ac78028c6f793b239b21fd83e5b2370cea166926 -SIZE (AFLplusplus-AFLplusplus-v4.32c_GH0.tar.gz) = 3045679 +TIMESTAMP = 1751370940 +SHA256 (AFLplusplus-AFLplusplus-v4.33c_GH0.tar.gz) = 98903c8036282c8908b1d8cc0d60caf3ea259db4339503a76449b47acce58d1d +SIZE (AFLplusplus-AFLplusplus-v4.33c_GH0.tar.gz) = 3058802 diff --git a/security/aws-lc/Makefile b/security/aws-lc/Makefile index 803ea2798817..67c1020ba0f6 100644 --- a/security/aws-lc/Makefile +++ b/security/aws-lc/Makefile @@ -1,5 +1,5 @@ PORTNAME= aws-lc -PORTVERSION= 1.53.1 +PORTVERSION= 1.54.0 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/aws-lc/distinfo b/security/aws-lc/distinfo index 7e178c8c2194..2a7e6ae009f0 100644 --- a/security/aws-lc/distinfo +++ b/security/aws-lc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750954130 -SHA256 (aws-aws-lc-v1.53.1_GH0.tar.gz) = 74137613ea4e322600400fdc2e21c83f08f4c68d368ebe006eab264e4e685e01 -SIZE (aws-aws-lc-v1.53.1_GH0.tar.gz) = 127004586 +TIMESTAMP = 1751208136 +SHA256 (aws-aws-lc-v1.54.0_GH0.tar.gz) = d491b6d6b233e88314a15170d435e28259f7cf4f950a427acc80a0e977aa683a +SIZE (aws-aws-lc-v1.54.0_GH0.tar.gz) = 127011221 diff --git a/security/bzrtp/Makefile b/security/bzrtp/Makefile index 9816979d199c..800884d25be9 100644 --- a/security/bzrtp/Makefile +++ b/security/bzrtp/Makefile @@ -1,5 +1,5 @@ PORTNAME= bzrtp -DISTVERSION= 5.4.2 +DISTVERSION= 5.4.24 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org @@ -20,8 +20,7 @@ GL_ACCOUNT= public USE_GNOME= libxml2 USE_LDCONFIG= yes -CMAKE_ARGS= -DCMAKE_PREFIX_PATH=${LOCALBASE} \ - -DENABLE_STRICT=NO +CMAKE_ARGS= -DENABLE_STRICT=NO post-patch: @${REINPLACE_CMD} 's/<alloca\.h>/<stdlib.h>/' ${WRKSRC}/src/zidCache.c diff --git a/security/bzrtp/distinfo b/security/bzrtp/distinfo index f980a0a7141b..0511c983a7a5 100644 --- a/security/bzrtp/distinfo +++ b/security/bzrtp/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1743013166 -SHA256 (bzrtp-5.4.2.tar.bz2) = fd7cf3412a541d2866c6adf4d36c3cbb5b56b671ccedefc7e0e8aeff8b26e1c7 -SIZE (bzrtp-5.4.2.tar.bz2) = 154138 +TIMESTAMP = 1751281561 +SHA256 (bzrtp-5.4.24.tar.bz2) = 5fdd590ed302f8f4db3c06902c7a711a307e323a125a265bc3720efeda4ce0d7 +SIZE (bzrtp-5.4.24.tar.bz2) = 154137 diff --git a/security/cosign/Makefile b/security/cosign/Makefile index 5a8e00d37bc2..50bc7042755e 100644 --- a/security/cosign/Makefile +++ b/security/cosign/Makefile @@ -1,6 +1,6 @@ PORTNAME= cosign DISTVERSIONPREFIX= v -DISTVERSION= 2.5.0 +DISTVERSION= 2.5.1 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org @@ -10,7 +10,7 @@ WWW= https://www.sigstore.dev/ LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE -USES= cpe go:1.23,modules +USES= cpe go:modules CPE_VENDOR= sigstore GO_MODULE= github.com/sigstore/cosign/v2 @@ -23,7 +23,7 @@ GO_BUILDFLAGS= -ldflags="-buildid= \ PLIST_FILES= bin/${PORTNAME} -GIT_HASH= 38bb98697005cdc5c092f031594c0e45d039f4a0 +GIT_HASH= a7345fb2ce17b52b5bc687970fa31ff85bc2f7ca .include <bsd.port.pre.mk> diff --git a/security/cosign/distinfo b/security/cosign/distinfo index 6a77534390e6..6094ea46b910 100644 --- a/security/cosign/distinfo +++ b/security/cosign/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1746276026 -SHA256 (go/security_cosign/cosign-v2.5.0/v2.5.0.mod) = fc290766dd5324141caa63fed997ce4b975b0a5b9eb2345c43db315bd8969e4e -SIZE (go/security_cosign/cosign-v2.5.0/v2.5.0.mod) = 14751 -SHA256 (go/security_cosign/cosign-v2.5.0/v2.5.0.zip) = 930d7c766f230d56063bc42a2a4cee77260e4fd5d79a6200c531e5e99b354b0c -SIZE (go/security_cosign/cosign-v2.5.0/v2.5.0.zip) = 1260158 +TIMESTAMP = 1751272854 +SHA256 (go/security_cosign/cosign-v2.5.1/v2.5.1.mod) = 73cd50764e440cee0dc08dd15dbe489d880980170cef56164f3f351a3c861bac +SIZE (go/security_cosign/cosign-v2.5.1/v2.5.1.mod) = 15329 +SHA256 (go/security_cosign/cosign-v2.5.1/v2.5.1.zip) = d2a7631cb2b26181682af19fc7d067da852b9edee54e3124fddcf1b82c7663d4 +SIZE (go/security_cosign/cosign-v2.5.1/v2.5.1.zip) = 1274453 diff --git a/security/kanidm/Makefile b/security/kanidm/Makefile index 38a6e4d76654..aed265502929 100644 --- a/security/kanidm/Makefile +++ b/security/kanidm/Makefile @@ -1,6 +1,6 @@ PORTNAME= kanidm DISTVERSIONPREFIX= v -DISTVERSION= 1.6.0 +DISTVERSION= 1.6.1 CATEGORIES= security net MAINTAINER= bofh@FreeBSD.org diff --git a/security/kanidm/distinfo b/security/kanidm/distinfo index 53e5c16ee421..81d7c632cbe6 100644 --- a/security/kanidm/distinfo +++ b/security/kanidm/distinfo @@ -1,4 +1,4 @@ -TIMESTAMP = 1749695021 +TIMESTAMP = 1751273631 SHA256 (rust/crates/addr2line-0.24.2.crate) = dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1 SIZE (rust/crates/addr2line-0.24.2.crate) = 39015 SHA256 (rust/crates/adler2-2.0.0.crate) = 512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627 @@ -1307,5 +1307,5 @@ SHA256 (Firstyear-libnss-rs-763da4beaadc1e475b89ed876de31a5e393f6d30_GH0.tar.gz) SIZE (Firstyear-libnss-rs-763da4beaadc1e475b89ed876de31a5e393f6d30_GH0.tar.gz) = 12094 SHA256 (Firstyear-compact-jwt-b3d2b5700cfe567d384c81df35d25537fbf7f110_GH0.tar.gz) = f9308a607e2ad1755c67452f52acd1d7c0f3d30d40f15551d3e7ad3bacc4a3da SIZE (Firstyear-compact-jwt-b3d2b5700cfe567d384c81df35d25537fbf7f110_GH0.tar.gz) = 62309 -SHA256 (kanidm-kanidm-v1.6.0_GH0.tar.gz) = ece0c090eecddbda54c12d1e50e72daca5c9348bc199c7cb1c0f25935b5c786b -SIZE (kanidm-kanidm-v1.6.0_GH0.tar.gz) = 8648803 +SHA256 (kanidm-kanidm-v1.6.1_GH0.tar.gz) = 89e993c3b81720122385b82f47f04fff2acbfd5540af25b507a8cab713a70e86 +SIZE (kanidm-kanidm-v1.6.1_GH0.tar.gz) = 8649026 diff --git a/security/lime/Makefile b/security/lime/Makefile index d94686d00af0..0315dec4d176 100644 --- a/security/lime/Makefile +++ b/security/lime/Makefile @@ -1,5 +1,5 @@ PORTNAME= lime -DISTVERSION= 5.4.2 +DISTVERSION= 5.4.24 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org @@ -20,8 +20,7 @@ USE_GITLAB= yes GL_SITE= https://gitlab.linphone.org/BC GL_ACCOUNT= public -CMAKE_ARGS= -DCMAKE_PREFIX_PATH=${LOCALBASE} \ - -DENABLE_STRICT=NO \ +CMAKE_ARGS= -DENABLE_STRICT=NO \ -DENABLE_UNIT_TESTS=NO .include <bsd.port.mk> diff --git a/security/lime/distinfo b/security/lime/distinfo index c58fa25b259f..ad4f709f3363 100644 --- a/security/lime/distinfo +++ b/security/lime/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1743023454 -SHA256 (lime-5.4.2.tar.bz2) = 46f03be330a37186ed330dfbfe64fb4887a683bfb889f33aa1bfd3c54780a8a6 -SIZE (lime-5.4.2.tar.bz2) = 677782 +TIMESTAMP = 1751281759 +SHA256 (lime-5.4.24.tar.bz2) = e06de2ad663f8735dc22a06153910aa511834493b17c2f2e1dfce2c247fcc02b +SIZE (lime-5.4.24.tar.bz2) = 677362 diff --git a/security/nettle/Makefile b/security/nettle/Makefile index 79573ea82af5..ddea868f1be1 100644 --- a/security/nettle/Makefile +++ b/security/nettle/Makefile @@ -1,5 +1,5 @@ PORTNAME= nettle -PORTVERSION= 3.10.1 +PORTVERSION= 3.10.2 CATEGORIES= security MASTER_SITES= GNU \ https://www.lysator.liu.se/~nisse/archive/ diff --git a/security/nettle/distinfo b/security/nettle/distinfo index 97625f47b80f..ceeab63d0f14 100644 --- a/security/nettle/distinfo +++ b/security/nettle/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1735705131 -SHA256 (nettle-3.10.1.tar.gz) = b0fcdd7fc0cdea6e80dcf1dd85ba794af0d5b4a57e26397eee3bc193272d9132 -SIZE (nettle-3.10.1.tar.gz) = 2643267 +TIMESTAMP = 1751208138 +SHA256 (nettle-3.10.2.tar.gz) = fe9ff51cb1f2abb5e65a6b8c10a92da0ab5ab6eaf26e7fc2b675c45f1fb519b5 +SIZE (nettle-3.10.2.tar.gz) = 2644644 diff --git a/security/nettle/files/extra-patch-Makefile.in b/security/nettle/files/extra-patch-Makefile.in index 2974b822043a..2c1480398adf 100644 --- a/security/nettle/files/extra-patch-Makefile.in +++ b/security/nettle/files/extra-patch-Makefile.in @@ -1,6 +1,6 @@ ---- Makefile.in.orig 2023-06-01 18:40:35 UTC +--- Makefile.in.orig 2025-06-26 18:29:02 UTC +++ Makefile.in -@@ -19,7 +19,7 @@ OPT_NETTLE_SOURCES = @OPT_NETTLE_SOURCES@ +@@ -19,7 +19,7 @@ FAT_TEST_LIST = @FAT_TEST_LIST@ FAT_TEST_LIST = @FAT_TEST_LIST@ diff --git a/security/nettle/files/patch-configure b/security/nettle/files/patch-configure index 1b8f460d9501..d210a2e1be01 100644 --- a/security/nettle/files/patch-configure +++ b/security/nettle/files/patch-configure @@ -1,6 +1,6 @@ ---- configure.orig 2023-06-01 18:40:35 UTC +--- configure.orig 2025-06-26 18:29:02 UTC +++ configure -@@ -6638,7 +6638,7 @@ $as_echo "$as_me: WARNING: Cross compiling for linux. +@@ -7532,7 +7532,7 @@ printf "%s\n" "$as_me: WARNING: Cross compiling for li # and 64-bit in lib. Don't know about "kfreebsd", does # it follow the Linux fhs conventions? *:freebsd*:32) diff --git a/security/nettle/files/patch-examples-nettle-openssl.c b/security/nettle/files/patch-examples-nettle-openssl.c index d7cf037c61c3..006e654aa899 100644 --- a/security/nettle/files/patch-examples-nettle-openssl.c +++ b/security/nettle/files/patch-examples-nettle-openssl.c @@ -1,6 +1,6 @@ ---- examples/nettle-openssl.c.orig 2021-03-21 08:32:25 UTC +--- examples/nettle-openssl.c.orig 2025-06-26 18:29:03 UTC +++ examples/nettle-openssl.c -@@ -374,6 +374,7 @@ openssl_hash_update(void *p, +@@ -291,6 +291,7 @@ openssl_hash_update(void *p, EVP_DigestUpdate(ctx->evp, src, length); } @@ -8,7 +8,7 @@ #define OPENSSL_HASH(NAME, name) \ static void \ openssl_##name##_init(void *p) \ -@@ -404,6 +405,38 @@ nettle_openssl_##name = { \ +@@ -321,6 +322,38 @@ nettle_openssl_##name = { \ openssl_hash_update, \ openssl_##name##_digest \ }; @@ -46,4 +46,4 @@ +#endif OPENSSL_HASH(MD5, md5) - OPENSSL_HASH(SHA, sha1) + OPENSSL_HASH(SHA1, sha1) diff --git a/security/nettle/files/patch-powerpc64-p8-aes-decrypt-internal.asm b/security/nettle/files/patch-powerpc64-p8-aes-decrypt-internal.asm index 67ceabec79c5..e23c8a8f6463 100644 --- a/security/nettle/files/patch-powerpc64-p8-aes-decrypt-internal.asm +++ b/security/nettle/files/patch-powerpc64-p8-aes-decrypt-internal.asm @@ -1,4 +1,4 @@ ---- powerpc64/p8/aes-decrypt-internal.asm.orig 2024-06-16 15:27:54 UTC +--- powerpc64/p8/aes-decrypt-internal.asm.orig 2025-06-26 18:29:03 UTC +++ powerpc64/p8/aes-decrypt-internal.asm @@ -64,7 +64,7 @@ PROLOGUE(_nettle_aes_decrypt) diff --git a/security/nettle/files/patch-powerpc64-p8-aes-encrypt-internal.asm b/security/nettle/files/patch-powerpc64-p8-aes-encrypt-internal.asm index 313ba61a4f6b..67218e1caaf4 100644 --- a/security/nettle/files/patch-powerpc64-p8-aes-encrypt-internal.asm +++ b/security/nettle/files/patch-powerpc64-p8-aes-encrypt-internal.asm @@ -1,6 +1,6 @@ ---- powerpc64/p8/aes-encrypt-internal.asm.orig 2022-06-02 17:57:16 UTC +--- powerpc64/p8/aes-encrypt-internal.asm.orig 2025-06-26 18:29:03 UTC +++ powerpc64/p8/aes-encrypt-internal.asm -@@ -63,7 +63,7 @@ define(`S7', `v9') +@@ -64,7 +64,7 @@ PROLOGUE(_nettle_aes_encrypt) define(`FUNC_ALIGN', `5') PROLOGUE(_nettle_aes_encrypt) @@ -9,7 +9,7 @@ subi ROUNDS,ROUNDS,1 srdi LENGTH,LENGTH,4 -@@ -328,6 +328,6 @@ EPILOGUE(_nettle_aes_encrypt) +@@ -269,6 +269,6 @@ EPILOGUE(_nettle_aes_encrypt) .data .align 4 diff --git a/security/nettle/pkg-plist b/security/nettle/pkg-plist index 25ba25f62658..48c756c49b45 100644 --- a/security/nettle/pkg-plist +++ b/security/nettle/pkg-plist @@ -79,11 +79,11 @@ include/nettle/yarrow.h lib/libhogweed.a lib/libhogweed.so lib/libhogweed.so.6 -lib/libhogweed.so.6.10 +lib/libhogweed.so.6.11 lib/libnettle.a lib/libnettle.so lib/libnettle.so.8 -lib/libnettle.so.8.10 +lib/libnettle.so.8.11 libdata/pkgconfig/hogweed.pc libdata/pkgconfig/nettle.pc %%PORTDOCS%%%%DOCSDIR%%/NEWS diff --git a/security/osslsigncode/Makefile b/security/osslsigncode/Makefile index 506113da3bfb..90ad102b8086 100644 --- a/security/osslsigncode/Makefile +++ b/security/osslsigncode/Makefile @@ -1,5 +1,5 @@ PORTNAME= osslsigncode -DISTVERSION= 2.9 +DISTVERSION= 2.10 CATEGORIES= security devel MAINTAINER= bofh@FreeBSD.org diff --git a/security/osslsigncode/distinfo b/security/osslsigncode/distinfo index 7fcd2eecd6b3..28a1ff301015 100644 --- a/security/osslsigncode/distinfo +++ b/security/osslsigncode/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1722080494 -SHA256 (mtrojnar-osslsigncode-2.9_GH0.tar.gz) = 3fe5488e442ad99f91410efeb7b029275366b5df9aa02371dcc89a8f8569ff55 -SIZE (mtrojnar-osslsigncode-2.9_GH0.tar.gz) = 1033420 +TIMESTAMP = 1751273239 +SHA256 (mtrojnar-osslsigncode-2.10_GH0.tar.gz) = 2a864e6127ee2350fb648070fa0d459c534ac6400ca0048886aeab7afb250f65 +SIZE (mtrojnar-osslsigncode-2.10_GH0.tar.gz) = 1038769 diff --git a/security/rubygem-gitlab-cloud-connector/Makefile b/security/rubygem-gitlab-cloud-connector/Makefile index b59e9cf5734e..17348ef607c0 100644 --- a/security/rubygem-gitlab-cloud-connector/Makefile +++ b/security/rubygem-gitlab-cloud-connector/Makefile @@ -1,5 +1,5 @@ PORTNAME= gitlab-cloud-connector -PORTVERSION= 1.17.0 +PORTVERSION= 1.19.0 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-gitlab-cloud-connector/distinfo b/security/rubygem-gitlab-cloud-connector/distinfo index f3bc3876d43c..b702ac666f5a 100644 --- a/security/rubygem-gitlab-cloud-connector/distinfo +++ b/security/rubygem-gitlab-cloud-connector/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750222196 -SHA256 (rubygem/gitlab-cloud-connector-1.17.0.gem) = b9eaf5544cebb66667be560cc032fd6e26ccb6c35c0912b3cd1fadb7cbcfbf34 -SIZE (rubygem/gitlab-cloud-connector-1.17.0.gem) = 18432 +TIMESTAMP = 1750912646 +SHA256 (rubygem/gitlab-cloud-connector-1.19.0.gem) = cfa644b4d827062f5c625d391ca3e6904e7667f0f6efe96adab81e051d8d07ad +SIZE (rubygem/gitlab-cloud-connector-1.19.0.gem) = 18432 diff --git a/security/strongswan/Makefile b/security/strongswan/Makefile index b65637df0d71..1eb1f164081d 100644 --- a/security/strongswan/Makefile +++ b/security/strongswan/Makefile @@ -1,6 +1,5 @@ PORTNAME= strongswan -DISTVERSION= 6.0.0 -PORTREVISION= 1 +DISTVERSION= 6.0.1 CATEGORIES= security net-vpn MASTER_SITES= https://download.strongswan.org/ \ https://download2.strongswan.org/ diff --git a/security/strongswan/distinfo b/security/strongswan/distinfo index c9460511cb81..6596d8ab97bf 100644 --- a/security/strongswan/distinfo +++ b/security/strongswan/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1740055222 -SHA256 (strongswan-6.0.0.tar.bz2) = 72fe58b7523155703b65b08c3cc559c2c9a5c96da54afebd8136f6623e7dda82 -SIZE (strongswan-6.0.0.tar.bz2) = 4863821 +TIMESTAMP = 1747651788 +SHA256 (strongswan-6.0.1.tar.bz2) = 212368cbc674fed31f3292210303fff06da8b90acad2d1387375ed855e6879c4 +SIZE (strongswan-6.0.1.tar.bz2) = 4844260 diff --git a/security/sudo/Makefile b/security/sudo/Makefile index 14466a9e7774..b9bea691da08 100644 --- a/security/sudo/Makefile +++ b/security/sudo/Makefile @@ -1,5 +1,5 @@ PORTNAME= sudo -PORTVERSION= 1.9.17 +PORTVERSION= 1.9.17p1 CATEGORIES= security MASTER_SITES= SUDO diff --git a/security/sudo/distinfo b/security/sudo/distinfo index 9b38cd2b5a6c..a01a900722c6 100644 --- a/security/sudo/distinfo +++ b/security/sudo/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750523514 -SHA256 (sudo-1.9.17.tar.gz) = 3f212c69d534d5822b492d099abb02a593f91ca99f5afde5cb9bd3e1dcdad069 -SIZE (sudo-1.9.17.tar.gz) = 5447899 +TIMESTAMP = 1751356446 +SHA256 (sudo-1.9.17p1.tar.gz) = ff607ea717072197738a78f778692cd6df9a7e3e404565f51de063ca27455d32 +SIZE (sudo-1.9.17p1.tar.gz) = 5449076 diff --git a/security/trivy/Makefile b/security/trivy/Makefile index 05cfa55f0b39..d208cccbab53 100644 --- a/security/trivy/Makefile +++ b/security/trivy/Makefile @@ -1,7 +1,6 @@ PORTNAME= trivy DISTVERSIONPREFIX= v -DISTVERSION= 0.63.0 -PORTREVISION= 1 +DISTVERSION= 0.64.0 CATEGORIES= security MAINTAINER= mfechner@FreeBSD.org diff --git a/security/trivy/distinfo b/security/trivy/distinfo index 14015874c1c6..24ad8282e01f 100644 --- a/security/trivy/distinfo +++ b/security/trivy/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1748580283 -SHA256 (go/security_trivy/trivy-v0.63.0/v0.63.0.mod) = f0b5b8182a3155cfd22aedd2f1266794a26549664c18b8358a411ba634188fa3 -SIZE (go/security_trivy/trivy-v0.63.0/v0.63.0.mod) = 23467 -SHA256 (go/security_trivy/trivy-v0.63.0/v0.63.0.zip) = 638bc4adc54bf61afc8647c9f4fa5db30e6352dfe033655c30d0af02eca5c14d -SIZE (go/security_trivy/trivy-v0.63.0/v0.63.0.zip) = 58804833 +TIMESTAMP = 1751363247 +SHA256 (go/security_trivy/trivy-v0.64.0/v0.64.0.mod) = 0cdadb981316deab57b0abfdca161b8a907173478b82770c901c8d58ce4a2016 +SIZE (go/security_trivy/trivy-v0.64.0/v0.64.0.mod) = 23200 +SHA256 (go/security_trivy/trivy-v0.64.0/v0.64.0.zip) = f5f0943b22846cd637d140585dd5a318e303cf0fe9f45b5f138153e2a292fc06 +SIZE (go/security_trivy/trivy-v0.64.0/v0.64.0.zip) = 58856559 diff --git a/security/vault/Makefile b/security/vault/Makefile index 6f65c1a69795..95b5e0e4fea8 100644 --- a/security/vault/Makefile +++ b/security/vault/Makefile @@ -1,6 +1,6 @@ PORTNAME= vault DISTVERSIONPREFIX= v -DISTVERSION= 1.19.5 +DISTVERSION= 1.20.0 CATEGORIES= security MASTER_SITES= https://raw.githubusercontent.com/hashicorp/vault/${DISTVERSIONFULL}/ \ LOCAL/bofh/security/${PORTNAME}/:web_ui @@ -27,7 +27,7 @@ EXTRACT_DEPENDS=npm-node20>0:www/npm-node20 \ yarn-node20>0:www/yarn-node20 .endif -USES= cpe go:1.24,modules +USES= cpe go:modules CPE_VENDOR= hashicorp USE_GITHUB= yes GH_ACCOUNT= hashicorp @@ -46,7 +46,7 @@ GROUPS= vault PLIST_FILES= bin/${PORTNAME} -GITID= 7010adf2c67686681908f04ec8e9357f19066f4f +GITID= 6fdd6b59e97d97a9e19b0fb5304bf879c190295e .include <bsd.port.pre.mk> diff --git a/security/vault/distinfo b/security/vault/distinfo index 91abadf4847a..8ae380ecfa61 100644 --- a/security/vault/distinfo +++ b/security/vault/distinfo @@ -1,17 +1,17 @@ -TIMESTAMP = 1749701093 -SHA256 (go/security_vault/hashicorp-vault-v1.19.5_GH0/go.mod) = eb4c04065aeb9f30a71a31229fa197336d6b93f6380ee67afc94a51245423dfc -SIZE (go/security_vault/hashicorp-vault-v1.19.5_GH0/go.mod) = 29839 -SHA256 (go/security_vault/hashicorp-vault-v1.19.5_GH0/api/go.mod) = 0d652a7ef05e4031f5cc927151101672f29851c4a227e6082263a8aa32918667 -SIZE (go/security_vault/hashicorp-vault-v1.19.5_GH0/api/go.mod) = 1678 -SHA256 (go/security_vault/hashicorp-vault-v1.19.5_GH0/api/auth/approle/go.mod) = 58a8a86c96adddbe7d63ca3aa6be8b4972048639084ed8191522f60610cdb811 -SIZE (go/security_vault/hashicorp-vault-v1.19.5_GH0/api/auth/approle/go.mod) = 1084 -SHA256 (go/security_vault/hashicorp-vault-v1.19.5_GH0/api/auth/kubernetes/go.mod) = 877dd47a4ba1d2e0b4be63bb30178433e7be72e3bf7454619be502af4d05332f -SIZE (go/security_vault/hashicorp-vault-v1.19.5_GH0/api/auth/kubernetes/go.mod) = 1087 -SHA256 (go/security_vault/hashicorp-vault-v1.19.5_GH0/api/auth/userpass/go.mod) = 380860700e965d112bbb40ed96a0da01a9ff9e16a5127fc7c6496ae3aaa14538 -SIZE (go/security_vault/hashicorp-vault-v1.19.5_GH0/api/auth/userpass/go.mod) = 1085 -SHA256 (go/security_vault/hashicorp-vault-v1.19.5_GH0/sdk/go.mod) = bf6fdc7aade5d5ab3308c1782a4e7831218dd30bc5362aaf9999c68811bc5883 -SIZE (go/security_vault/hashicorp-vault-v1.19.5_GH0/sdk/go.mod) = 6583 -SHA256 (go/security_vault/hashicorp-vault-v1.19.5_GH0/vault-web_ui-1.19.5.tar.gz) = dec3f028c5b1fc021b43f911c7834f6fb96cce19a867c729f7f901bb68471e0a -SIZE (go/security_vault/hashicorp-vault-v1.19.5_GH0/vault-web_ui-1.19.5.tar.gz) = 3402738 -SHA256 (go/security_vault/hashicorp-vault-v1.19.5_GH0/hashicorp-vault-v1.19.5_GH0.tar.gz) = 195ac1f9cfb2c6618633794b74807d2a06db6e6b5b24eeeb55aaaa4f5faba65d -SIZE (go/security_vault/hashicorp-vault-v1.19.5_GH0/hashicorp-vault-v1.19.5_GH0.tar.gz) = 37816526 +TIMESTAMP = 1751270126 +SHA256 (go/security_vault/hashicorp-vault-v1.20.0_GH0/go.mod) = 2ba77e161beb4cb09d49a8050c29c3f04e3eebdadfa6acc41c75adffec1305b7 +SIZE (go/security_vault/hashicorp-vault-v1.20.0_GH0/go.mod) = 30423 +SHA256 (go/security_vault/hashicorp-vault-v1.20.0_GH0/api/go.mod) = 4e249690767897bd2050076246927eef319d4b981711c44d1303a2e61b6a8b84 +SIZE (go/security_vault/hashicorp-vault-v1.20.0_GH0/api/go.mod) = 1686 +SHA256 (go/security_vault/hashicorp-vault-v1.20.0_GH0/api/auth/approle/go.mod) = bd0424483d992f8909a0c581079a8cfe0418a83035cd64cad592da71aee024ec +SIZE (go/security_vault/hashicorp-vault-v1.20.0_GH0/api/auth/approle/go.mod) = 1092 +SHA256 (go/security_vault/hashicorp-vault-v1.20.0_GH0/api/auth/kubernetes/go.mod) = 031d60cabed3e3d38954745e59623cddd02a58c8c0616dd6b8f0834b6180b229 +SIZE (go/security_vault/hashicorp-vault-v1.20.0_GH0/api/auth/kubernetes/go.mod) = 1095 +SHA256 (go/security_vault/hashicorp-vault-v1.20.0_GH0/api/auth/userpass/go.mod) = 35297d2e71346bf96738f03f57a9ba0389a12267852dbc2bf0b6aa314d2274ab +SIZE (go/security_vault/hashicorp-vault-v1.20.0_GH0/api/auth/userpass/go.mod) = 1093 +SHA256 (go/security_vault/hashicorp-vault-v1.20.0_GH0/sdk/go.mod) = a3da120c91c4a0a9a2ad7e2fac36034da35a1527668359a6c9f19800aa88f2f1 +SIZE (go/security_vault/hashicorp-vault-v1.20.0_GH0/sdk/go.mod) = 6759 +SHA256 (go/security_vault/hashicorp-vault-v1.20.0_GH0/vault-web_ui-1.20.0.tar.gz) = 4bb7caa0ff55170fcc21de4e095ea8e0aa120f6b71ec7005fdc81f2ba6a3e36c +SIZE (go/security_vault/hashicorp-vault-v1.20.0_GH0/vault-web_ui-1.20.0.tar.gz) = 3586169 +SHA256 (go/security_vault/hashicorp-vault-v1.20.0_GH0/hashicorp-vault-v1.20.0_GH0.tar.gz) = 12e388d5aecdcef7fe24cd1a65964d3a643e952b659e6748d9a85767a4bda0f0 +SIZE (go/security_vault/hashicorp-vault-v1.20.0_GH0/hashicorp-vault-v1.20.0_GH0.tar.gz) = 41609921 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index e9e2390a00f0..29b966ccfd90 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,184 @@ + <vuln vid="24f4b495-56a1-11f0-9621-93abbef07693"> + <topic>sudo -- privilege escalation vulnerability through host and chroot options</topic> + <affects> + <package> + <name>sudo</name> + <range><lt>1.9.17p1</lt></range> + </package> + <package> + <name>sudo-sssd</name> + <range><lt>1.9.17p1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Todd C. Miller reports, crediting Rich Mirch from Stratascale Cyber Research Unit (CRU):</p> + <blockquote cite="https://www.sudo.ws/releases/stable/"> + <p>Sudo 1.9.17p1:</p> + <ul> + <li> + Fixed CVE-2025-32462. Sudo's -h (--host) option could be specified + when running a command or editing a file. This could enable a + local privilege escalation attack if the sudoers file allows the + user to run commands on a different host. For more information, + see Local Privilege Escalation via host option. + </li> + <li> + Fixed CVE-2025-32463. An attacker can leverage sudo's -R + (--chroot) option to run arbitrary commands as root, even if they + are not listed in the sudoers file. The chroot support has been + deprecated an will be removed entirely in a future release. For + more information, see Local Privilege Escalation via chroot + option. + </li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-32462</cvename> + <cvename>CVE-2025-32463</cvename> + <url>https://www.sudo.ws/releases/stable/</url> + <url>https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host</url> + <url>https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot</url> + </references> + <dates> + <discovery>2025-04-01</discovery> + <entry>2025-07-01</entry> + </dates> + </vuln> + + <vuln vid="8df49466-5664-11f0-943a-18c04d5ea3dc"> + <topic>xorg server -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>xorg-server</name> + <name>xephyr</name> + <name>xorg-vfbserver</name> + <range><lt>21.1.18,1</lt></range> + </package> + <package> + <name>xorg-nextserver</name> + <range><lt>21.1.18,2</lt></range> + </package> + <package> + <name>xwayland</name> + <range><lt>24.1.8,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The X.Org project reports:</p> + <blockquote cite="https://lists.x.org/archives/xorg-announce/2025-February/003584.html"> + <ul> + <li> + CVE-2025-49176: Integer overflow in Big Requests Extension + <p>The Big Requests extension allows requests larger than the 16-bit length + limit. + It uses integers for the request length and checks for the size not to + exceed the maxBigRequestSize limit, but does so after translating the + length to integer by multiplying the given size in bytes by 4. + In doing so, it might overflow the integer size limit before actually + checking for the overflow, defeating the purpose of the test.</p> + </li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-49176</cvename> + <url>https://lists.x.org/archives/xorg/2025-June/062055.html</url> + </references> + <dates> + <discovery>2025-06-17</discovery> + <entry>2025-07-01</entry> + </dates> + </vuln> + + <vuln vid="b14cabf7-5663-11f0-943a-18c04d5ea3dc"> + <topic>xorg server -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>xorg-server</name> + <name>xephyr</name> + <name>xorg-vfbserver</name> + <range><lt>21.1.17,1</lt></range> + </package> + <package> + <name>xorg-nextserver</name> + <range><lt>21.1.17,2</lt></range> + </package> + <package> + <name>xwayland</name> + <range><lt>24.1.7,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The X.Org project reports:</p> + <blockquote cite="https://lists.x.org/archives/xorg-announce/2025-February/003584.html"> + <ul> + <li> + CVE-2025-49175: Out-of-bounds access in X Rendering extension (Animated cursors) + <p>The X Rendering extension allows creating animated cursors providing a + list of cursors. + By default, the Xserver assumes at least one cursor is provided while a + client may actually pass no cursor at all, which causes an out-of-bound + read creating the animated cursor and a crash of the Xserver.</p> + </li> + <li> + CVE-2025-49177: Data leak in XFIXES Extension 6 (XFixesSetClientDisconnectMode) + + <p>The handler of XFixesSetClientDisconnectMode does not check the client + request length. + A client could send a shorter request and read data from a former + request.</p> + </li> + <li> + CVE-2025-49178: Unprocessed client request via bytes to ignore + + <p>When reading requests from the clients, the input buffer might be shared + and used between different clients. + If a given client sends a full request with non-zero bytes to ignore, + the bytes to ignore may still be non-zero even though the request is + full, in which case the buffer could be shared with another client who's + request will not be processed because of those bytes to ignore, leading + to a possible hang of the other client request.</p> + </li> + <li> + CVE-2025-49179: Integer overflow in X Record extension + + <p>The RecordSanityCheckRegisterClients() function in the X Record extension + implementation of the Xserver checks for the request length, but does not + check for integer overflow. + A client might send a very large value for either the number of clients + or the number of protocol ranges that will cause an integer overflow in + the request length computation, defeating the check for request length.</p> + </li> + <li> + CVE-2025-49180: Integer overflow in RandR extension (RRChangeProviderProperty) + + <p>A client might send a request causing an integer overflow when computing + the total size to allocate in RRChangeProviderProperty().</p> + </li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-49175</cvename> + <cvename>CVE-2025-49177</cvename> + <cvename>CVE-2025-49178</cvename> + <cvename>CVE-2025-49179</cvename> + <cvename>CVE-2025-49180</cvename> + <url>https://lists.x.org/archives/xorg/2025-June/062055.html</url> + </references> + <dates> + <discovery>2025-06-17</discovery> + <entry>2025-07-01</entry> + </dates> + </vuln> + <vuln vid="6b1b8989-55b0-11f0-ac64-589cfc10a551"> <topic>podman -- TLS connection used to pull VM images was not validated</topic> <affects> |