diff options
Diffstat (limited to 'security')
41 files changed, 303 insertions, 71 deletions
diff --git a/security/Makefile b/security/Makefile index 67f44efbc33a..c8bc4fb9daf1 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1221,6 +1221,7 @@ SUBDIR += rubygem-openssl-ccm SUBDIR += rubygem-openssl-cmac SUBDIR += rubygem-openssl-signature_algorithm + SUBDIR += rubygem-openssl3 SUBDIR += rubygem-openvas-omp SUBDIR += rubygem-origami SUBDIR += rubygem-pbkdf2-ruby diff --git a/security/autofirma/Makefile b/security/autofirma/Makefile index 034ca3b487e2..ba6ae18ec0cb 100644 --- a/security/autofirma/Makefile +++ b/security/autofirma/Makefile @@ -12,6 +12,7 @@ LICENSE= GPLv2 EUPL11 LICENSE_COMB= dual LICENSE_FILE= ${WRKSRC}/usr/share/common-licenses/eupl-1.1.txt +EXTRACT_DEPENDS= zip:archivers/zip LIB_DEPENDS= libnss3.so:security/nss USES= desktop-file-utils java zip @@ -34,7 +35,7 @@ WRKSRC=${WRKDIR} post-extract: ${TAR} -C ${WRKDIR} -xvzf ${WRKDIR}/autofirma_1_9.deb ${TAR} -C ${WRKDIR} -xvzf ${WRKDIR}/data.tar.gz - ${ZIP_CMD} -d ${PORTNAME}.jar "nss/WINDOWS/*" "windows/*" "osx/*" "linux/*" + zip -d ${WRKDIR}/usr/lib/Autofirma/${PORTNAME}.jar "nss/WINDOWS/*" "windows/*" "osx/*" "linux/*" do-install: ${MKDIR} ${STAGEDIR}${DATADIR} diff --git a/security/aws-lc/Makefile b/security/aws-lc/Makefile index bfb4e5b4b697..c91ea8c22e4a 100644 --- a/security/aws-lc/Makefile +++ b/security/aws-lc/Makefile @@ -1,5 +1,5 @@ PORTNAME= aws-lc -PORTVERSION= 1.65.1 +PORTVERSION= 1.66.0 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/aws-lc/distinfo b/security/aws-lc/distinfo index b5de7c54a7e9..07122433a55c 100644 --- a/security/aws-lc/distinfo +++ b/security/aws-lc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1765032670 -SHA256 (aws-aws-lc-v1.65.1_GH0.tar.gz) = d4cf3b19593fc7876b23741e8ca7c48e0043679cec393fe24b138c3f1ffd6254 -SIZE (aws-aws-lc-v1.65.1_GH0.tar.gz) = 124042558 +TIMESTAMP = 1766036365 +SHA256 (aws-aws-lc-v1.66.0_GH0.tar.gz) = 21020d848ffb7db0df0954afbb79b3eb80c389ced5f5286060d9416dd428a486 +SIZE (aws-aws-lc-v1.66.0_GH0.tar.gz) = 126538688 diff --git a/security/easy-rsa/Makefile b/security/easy-rsa/Makefile index 4a7e4df1f41f..b10997333c64 100644 --- a/security/easy-rsa/Makefile +++ b/security/easy-rsa/Makefile @@ -1,6 +1,6 @@ PORTNAME= easy-rsa DISTVERSION= 3.2.5 -PORTREVISION= 0 # leave in if 0 to avoid accidental PORTEPOCH bumps +PORTREVISION= 1 # leave in if 0 to avoid accidental PORTEPOCH bumps PORTEPOCH= 1 CATEGORIES= security net-mgmt MASTER_SITES= https://github.com/OpenVPN/easy-rsa/releases/download/v${DISTVERSION}/ \ diff --git a/security/easy-rsa/files/pkg-message.in b/security/easy-rsa/files/pkg-message.in index aa6fcbb7be4b..7094bcc18cdb 100644 --- a/security/easy-rsa/files/pkg-message.in +++ b/security/easy-rsa/files/pkg-message.in @@ -12,8 +12,7 @@ See %%PREFIX%%/share/doc/easy-rsa/README.quickstart.md for further information. An on-line help is available, you can run: - easyrsa help # for help on commands - easyrsa help options # for help on options + easyrsa help # for help on commands and options **** SECURITY WARNING FOR PAST security/easy-rsa versions **** **** easyrsa may have encrypted your CA private key with a weak cipher diff --git a/security/keychain/Makefile b/security/keychain/Makefile index 4f071b73d6fd..304d63403853 100644 --- a/security/keychain/Makefile +++ b/security/keychain/Makefile @@ -1,5 +1,5 @@ PORTNAME= keychain -PORTVERSION= 2.9.6 +PORTVERSION= 2.9.8 CATEGORIES= security MAINTAINER= garga@FreeBSD.org diff --git a/security/keychain/distinfo b/security/keychain/distinfo index 588c263ce07b..18a187f1d543 100644 --- a/security/keychain/distinfo +++ b/security/keychain/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1759928737 -SHA256 (funtoo-keychain-2.9.6_GH0.tar.gz) = 23e58da1f3ea7cbe15069e7d3c730277d0cb6a4bec2db76adc20a06acd4c0a42 -SIZE (funtoo-keychain-2.9.6_GH0.tar.gz) = 51990 +TIMESTAMP = 1766160351 +SHA256 (funtoo-keychain-2.9.8_GH0.tar.gz) = 589cf55ae5c4b65af1d977d705beb319006efca5bcdda8352b8558d0dcff5a84 +SIZE (funtoo-keychain-2.9.8_GH0.tar.gz) = 61665 diff --git a/security/krb5-121/Makefile b/security/krb5-121/Makefile index e5b2c56906d2..3fd6a66b5c37 100644 --- a/security/krb5-121/Makefile +++ b/security/krb5-121/Makefile @@ -43,10 +43,10 @@ CPE_PRODUCT= kerberos FLAVORS= default ldap OPTIONS_DEFINE= EXAMPLES NLS DOCS DNS_FOR_REALM LDAP LMDB -OPTIONS_DEFAULT= DOCS READLINE BUILTIN +OPTIONS_DEFAULT= DOCS READLINE CRYPTO_BUILTIN OPTIONS_RADIO= CMD_LINE_EDITING CRYPTO OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT LIBEDIT_BASE -OPTIONS_RADIO_CRYPTO= BUILTIN OPENSSL +OPTIONS_RADIO_CRYPTO= CRYPTO_BUILTIN CRYPTO_OPENSSL CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm @@ -65,10 +65,10 @@ LIBEDIT_USES= libedit LIBEDIT_CONFIGURE_WITH= libedit LIBEDIT_BASE_CONFIGURE_WITH= libedit LIBEDIT_BASE_DESC= Use libedit in FreeBSD base -BUILTIN_DESC= Use crypto built into KRB5 -BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin -OPENSSL_DESC= Use OpenSSL crypto -OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl +CRYPTO_BUILTIN_DESC= Use crypto built into KRB5 +CRYPTO_BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin +CRYPTO_OPENSSL_DESC= Use OpenSSL crypto +CRYPTO_OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl .if ${FLAVOR:U} == ldap OPTIONS_DEFAULT+= LDAP LMDB diff --git a/security/krb5-122/Makefile b/security/krb5-122/Makefile index 2ae37b61fd34..af51d1ea6fdc 100644 --- a/security/krb5-122/Makefile +++ b/security/krb5-122/Makefile @@ -42,10 +42,10 @@ CPE_PRODUCT= kerberos FLAVORS= default ldap OPTIONS_DEFINE= EXAMPLES NLS DOCS DNS_FOR_REALM LDAP LMDB -OPTIONS_DEFAULT= DOCS READLINE BUILTIN +OPTIONS_DEFAULT= DOCS READLINE CRYPTO_BUILTIN OPTIONS_RADIO= CMD_LINE_EDITING CRYPTO OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT LIBEDIT_BASE -OPTIONS_RADIO_CRYPTO= BUILTIN OPENSSL +OPTIONS_RADIO_CRYPTO= CRYPTO_BUILTIN CRYPTO_OPENSSL CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm @@ -64,10 +64,10 @@ LIBEDIT_USES= libedit LIBEDIT_CONFIGURE_WITH= libedit LIBEDIT_BASE_CONFIGURE_WITH= libedit LIBEDIT_BASE_DESC= Use libedit in FreeBSD base -BUILTIN_DESC= Use crypto built into KRB5 -BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin -OPENSSL_DESC= Use OpenSSL crypto -OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl +CRYPTO_BUILTIN_DESC= Use crypto built into KRB5 +CRYPTO_BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin +CRYPTO_OPENSSL_DESC= Use OpenSSL crypto +CRYPTO_OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl .if ${FLAVOR:U} == ldap OPTIONS_DEFAULT+= LDAP LMDB diff --git a/security/krb5-devel/Makefile b/security/krb5-devel/Makefile index b7f77986aee8..0bb9349d6ca7 100644 --- a/security/krb5-devel/Makefile +++ b/security/krb5-devel/Makefile @@ -45,10 +45,10 @@ CPE_PRODUCT= kerberos FLAVORS= default ldap OPTIONS_DEFINE= EXAMPLES NLS DNS_FOR_REALM LDAP LMDB -OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML READLINE BUILTIN +OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML READLINE CRYPTO_BUILTIN OPTIONS_RADIO= CMD_LINE_EDITING CRYPTO OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT LIBEDIT_BASE -OPTIONS_RADIO_CRYPTO= BUILTIN OPENSSL +OPTIONS_RADIO_CRYPTO= CRYPTO_BUILTIN CRYPTO_OPENSSL CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm @@ -67,10 +67,10 @@ LIBEDIT_USES= libedit LIBEDIT_CONFIGURE_WITH= libedit LIBEDIT_BASE_CONFIGURE_WITH= libedit LIBEDIT_BASE_DESC= Use libedit in FreeBSD base -BUILTIN_DESC= Use crypto built into KRB5 -BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin -OPENSSL_DESC= Use OpenSSL crypto -OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl +CRYPTO_BUILTIN_DESC= Use crypto built into KRB5 +CRYPTO_BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin +CRYPTO_OPENSSL_DESC= Use OpenSSL crypto +CRYPTO_OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl .if ${FLAVOR:U} == ldap OPTIONS_DEFAULT+= LDAP LMDB diff --git a/security/py-authlib/Makefile b/security/py-authlib/Makefile index 55033d4eb214..192f80333ccd 100644 --- a/security/py-authlib/Makefile +++ b/security/py-authlib/Makefile @@ -1,5 +1,5 @@ PORTNAME= authlib -PORTVERSION= 1.6.5 +PORTVERSION= 1.6.6 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-authlib/distinfo b/security/py-authlib/distinfo index 58aaf71e0566..a11717c72272 100644 --- a/security/py-authlib/distinfo +++ b/security/py-authlib/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1759774705 -SHA256 (authlib-1.6.5.tar.gz) = 6aaf9c79b7cc96c900f0b284061691c5d4e61221640a948fe690b556a6d6d10b -SIZE (authlib-1.6.5.tar.gz) = 164553 +TIMESTAMP = 1766036505 +SHA256 (authlib-1.6.6.tar.gz) = 45770e8e056d0f283451d9996fbb59b70d45722b45d854d58f32878d0a40c38e +SIZE (authlib-1.6.6.tar.gz) = 164894 diff --git a/security/py-joserfc/Makefile b/security/py-joserfc/Makefile index a0e345319fa3..98446c7a5326 100644 --- a/security/py-joserfc/Makefile +++ b/security/py-joserfc/Makefile @@ -1,5 +1,5 @@ PORTNAME= joserfc -PORTVERSION= 1.5.0 +PORTVERSION= 1.6.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-joserfc/distinfo b/security/py-joserfc/distinfo index ed21ffec4d0d..43fcd8dac444 100644 --- a/security/py-joserfc/distinfo +++ b/security/py-joserfc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1765032814 -SHA256 (joserfc-1.5.0.tar.gz) = 4e88d757cf08ec1d370561a15dd6dda8452ad4e335066a9aeb1b426bffe91c56 -SIZE (joserfc-1.5.0.tar.gz) = 213086 +TIMESTAMP = 1766036507 +SHA256 (joserfc-1.6.0.tar.gz) = 27946ee53f591c2da65b726a663a68f0fb000732eaadfe819bbbda6429702ad0 +SIZE (joserfc-1.6.0.tar.gz) = 225982 diff --git a/security/rubygem-acme-client/Makefile b/security/rubygem-acme-client/Makefile index e5bf6340b0dc..e7be426598f7 100644 --- a/security/rubygem-acme-client/Makefile +++ b/security/rubygem-acme-client/Makefile @@ -1,5 +1,5 @@ PORTNAME= acme-client -PORTVERSION= 2.0.28 +PORTVERSION= 2.0.29 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-acme-client/distinfo b/security/rubygem-acme-client/distinfo index f20ee4ff7cd5..7ceb92c18c42 100644 --- a/security/rubygem-acme-client/distinfo +++ b/security/rubygem-acme-client/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1764511054 -SHA256 (rubygem/acme-client-2.0.28.gem) = 3756de6aa433a1d829b438d69a1de8bafbdf40e44fa3af7ab7a6cd132fa8e43b -SIZE (rubygem/acme-client-2.0.28.gem) = 23552 +TIMESTAMP = 1766036629 +SHA256 (rubygem/acme-client-2.0.29.gem) = 2750537f644659aaf62d9e3a94e96acbd0cebcd24425c2231ed38e73cc4034f1 +SIZE (rubygem/acme-client-2.0.29.gem) = 24064 diff --git a/security/rubygem-omniauth-gitlab/Makefile b/security/rubygem-omniauth-gitlab/Makefile index 159210eeda6f..75a5ee05c2ef 100644 --- a/security/rubygem-omniauth-gitlab/Makefile +++ b/security/rubygem-omniauth-gitlab/Makefile @@ -1,5 +1,6 @@ PORTNAME= omniauth-gitlab PORTVERSION= 4.1.0 +PORTREVISION= 1 CATEGORIES= security rubygems MASTER_SITES= RG @@ -11,7 +12,7 @@ LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE.txt RUN_DEPENDS= rubygem-omniauth>=2.0<3:security/rubygem-omniauth \ - rubygem-omniauth-oauth2>=1.8.0<1.9:net/rubygem-omniauth-oauth2 + rubygem-omniauth-oauth2>=1.8.0<2:net/rubygem-omniauth-oauth2 USES= gem diff --git a/security/rubygem-omniauth-gitlab/files/patch-gemspec b/security/rubygem-omniauth-gitlab/files/patch-gemspec new file mode 100644 index 000000000000..6b516a7acf8a --- /dev/null +++ b/security/rubygem-omniauth-gitlab/files/patch-gemspec @@ -0,0 +1,11 @@ +--- omniauth-gitlab.gemspec.orig 2025-12-18 13:25:02 UTC ++++ omniauth-gitlab.gemspec +@@ -20,7 +20,7 @@ Gem::Specification.new do |s| + s.specification_version = 4 + + s.add_runtime_dependency(%q<omniauth>.freeze, ["~> 2.0".freeze]) +- s.add_runtime_dependency(%q<omniauth-oauth2>.freeze, ["~> 1.8.0".freeze]) ++ s.add_runtime_dependency(%q<omniauth-oauth2>.freeze, ["~> 1.8".freeze]) + s.add_development_dependency(%q<rspec>.freeze, ["~> 3.1".freeze]) + s.add_development_dependency(%q<rspec-its>.freeze, ["~> 1.0".freeze]) + s.add_development_dependency(%q<simplecov>.freeze, [">= 0".freeze]) diff --git a/security/rubygem-openssl-ccm/Makefile b/security/rubygem-openssl-ccm/Makefile index 615466c3d016..3ebafaebf291 100644 --- a/security/rubygem-openssl-ccm/Makefile +++ b/security/rubygem-openssl-ccm/Makefile @@ -1,5 +1,6 @@ PORTNAME= openssl-ccm PORTVERSION= 1.3.0 +PORTREVISION= 1 CATEGORIES= security rubygems MASTER_SITES= RG @@ -10,7 +11,7 @@ WWW= https://github.com/SmallLars/openssl-ccm LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE -RUN_DEPENDS= rubygem-openssl>=3.0<4:security/rubygem-openssl +RUN_DEPENDS= rubygem-openssl>=3.0:security/rubygem-openssl USES= gem diff --git a/security/rubygem-openssl-ccm/files/patch-gemspec b/security/rubygem-openssl-ccm/files/patch-gemspec new file mode 100644 index 000000000000..eab39d40b2de --- /dev/null +++ b/security/rubygem-openssl-ccm/files/patch-gemspec @@ -0,0 +1,10 @@ +--- openssl-ccm.gemspec.orig 2025-12-18 12:39:52 UTC ++++ openssl-ccm.gemspec +@@ -24,6 +24,6 @@ Gem::Specification.new do |s| + + s.specification_version = 4 + +- s.add_runtime_dependency(%q<openssl>.freeze, ["~> 3.0".freeze]) ++ s.add_runtime_dependency(%q<openssl>.freeze, [">= 3.0".freeze]) + end + diff --git a/security/rubygem-openssl-cmac/Makefile b/security/rubygem-openssl-cmac/Makefile index 42b63866830e..39b14194ace1 100644 --- a/security/rubygem-openssl-cmac/Makefile +++ b/security/rubygem-openssl-cmac/Makefile @@ -1,5 +1,6 @@ PORTNAME= openssl-cmac PORTVERSION= 2.1.0 +PORTREVISION= 1 CATEGORIES= security rubygems MASTER_SITES= RG @@ -10,7 +11,7 @@ WWW= https://github.com/SmallLars/openssl-cmac LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE -RUN_DEPENDS= rubygem-openssl>=3.0<4:security/rubygem-openssl +RUN_DEPENDS= rubygem-openssl>=3.0:security/rubygem-openssl USES= gem diff --git a/security/rubygem-openssl-cmac/files/patch-gemspec b/security/rubygem-openssl-cmac/files/patch-gemspec new file mode 100644 index 000000000000..cee7f6932efa --- /dev/null +++ b/security/rubygem-openssl-cmac/files/patch-gemspec @@ -0,0 +1,10 @@ +--- openssl-cmac.gemspec.orig 2025-12-18 12:47:47 UTC ++++ openssl-cmac.gemspec +@@ -24,6 +24,6 @@ Gem::Specification.new do |s| + + s.specification_version = 4 + +- s.add_runtime_dependency(%q<openssl>.freeze, ["~> 3.0".freeze]) ++ s.add_runtime_dependency(%q<openssl>.freeze, [">= 3.0".freeze]) + end + diff --git a/security/rubygem-openssl/Makefile b/security/rubygem-openssl/Makefile index ae4449b2d1df..92332acebf00 100644 --- a/security/rubygem-openssl/Makefile +++ b/security/rubygem-openssl/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssl -PORTVERSION= 3.3.2 +PORTVERSION= 4.0.0 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-openssl/distinfo b/security/rubygem-openssl/distinfo index 2b626fe628f7..163e6f6f2d63 100644 --- a/security/rubygem-openssl/distinfo +++ b/security/rubygem-openssl/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1762587464 -SHA256 (rubygem/openssl-3.3.2.gem) = 7f4e01215dc9c4be1fca71d692406be3e6340b39c1f71a47fea9c497decd0f6c -SIZE (rubygem/openssl-3.3.2.gem) = 207872 +TIMESTAMP = 1766036631 +SHA256 (rubygem/openssl-4.0.0.gem) = 185711ed93d4e9c9a9db6efea7edb202dfe04f7d3692fbab988e3d84e498ee91 +SIZE (rubygem/openssl-4.0.0.gem) = 205824 diff --git a/security/rubygem-openssl3/Makefile b/security/rubygem-openssl3/Makefile new file mode 100644 index 000000000000..089448e21b7f --- /dev/null +++ b/security/rubygem-openssl3/Makefile @@ -0,0 +1,22 @@ +PORTNAME= openssl +PORTVERSION= 3.3.2 +CATEGORIES= security rubygems +MASTER_SITES= RG +PKGNAMESUFFIX= 3 + +MAINTAINER= sunpoet@FreeBSD.org +COMMENT= Wrap the OpenSSL library +WWW= https://github.com/ruby/openssl + +LICENSE= BSD2CLAUSE RUBY +LICENSE_COMB= dual +LICENSE_FILE_BSD2CLAUSE=${WRKSRC}/BSDL +LICENSE_FILE_RUBY= ${WRKSRC}/COPYING + +USES= cpe gem ssl + +CPE_VENDOR= ruby-lang + +PORTSCOUT= limit:^3\. + +.include <bsd.port.mk> diff --git a/security/rubygem-openssl3/distinfo b/security/rubygem-openssl3/distinfo new file mode 100644 index 000000000000..2b626fe628f7 --- /dev/null +++ b/security/rubygem-openssl3/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1762587464 +SHA256 (rubygem/openssl-3.3.2.gem) = 7f4e01215dc9c4be1fca71d692406be3e6340b39c1f71a47fea9c497decd0f6c +SIZE (rubygem/openssl-3.3.2.gem) = 207872 diff --git a/security/rubygem-openssl3/pkg-descr b/security/rubygem-openssl3/pkg-descr new file mode 100644 index 000000000000..a5823175eba3 --- /dev/null +++ b/security/rubygem-openssl3/pkg-descr @@ -0,0 +1,2 @@ +OpenSSL provides SSL, TLS and general purpose cryptography. This gem wraps the +OpenSSL library. diff --git a/security/rubygem-sshkit/Makefile b/security/rubygem-sshkit/Makefile index 5c344199b86d..8bf216712600 100644 --- a/security/rubygem-sshkit/Makefile +++ b/security/rubygem-sshkit/Makefile @@ -1,5 +1,5 @@ PORTNAME= sshkit -PORTVERSION= 1.24.0 +PORTVERSION= 1.25.0 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-sshkit/distinfo b/security/rubygem-sshkit/distinfo index 55ba18e42ad9..cedb89a63ca2 100644 --- a/security/rubygem-sshkit/distinfo +++ b/security/rubygem-sshkit/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1739117570 -SHA256 (rubygem/sshkit-1.24.0.gem) = 9597c1f984778ae9742f2dc839778d57a6a2efb868107046575c52ac7c628e6c -SIZE (rubygem/sshkit-1.24.0.gem) = 145920 +TIMESTAMP = 1766036633 +SHA256 (rubygem/sshkit-1.25.0.gem) = c8c6543cdb60f91f1d277306d585dd11b6a064cb44eab0972827e4311ff96744 +SIZE (rubygem/sshkit-1.25.0.gem) = 145920 diff --git a/security/shibboleth-sp/Makefile b/security/shibboleth-sp/Makefile index 96c934a50720..717e69651aad 100644 --- a/security/shibboleth-sp/Makefile +++ b/security/shibboleth-sp/Makefile @@ -1,5 +1,5 @@ PORTNAME= shibboleth-sp -PORTVERSION= 3.5.1 +PORTVERSION= 3.5.2 CATEGORIES= security www MASTER_SITES= http://shibboleth.net/downloads/service-provider/${PORTVERSION}/ diff --git a/security/shibboleth-sp/distinfo b/security/shibboleth-sp/distinfo index 34c8b575369e..299262fd188e 100644 --- a/security/shibboleth-sp/distinfo +++ b/security/shibboleth-sp/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1756924496 -SHA256 (shibboleth-sp-3.5.1.tar.bz2) = 05da3a09d76c3ba1a5ddd7f919fd942be2d87025f214aba139c2b64b804f9a99 -SIZE (shibboleth-sp-3.5.1.tar.bz2) = 837446 +TIMESTAMP = 1766097097 +SHA256 (shibboleth-sp-3.5.2.tar.bz2) = c4e92c11e56adaa5ea480aba1d78c5f30fbd5d1badb4a13bdd85684bd801298a +SIZE (shibboleth-sp-3.5.2.tar.bz2) = 838391 diff --git a/security/shibboleth-sp/pkg-plist b/security/shibboleth-sp/pkg-plist index 0111f1e8eb89..45597aa2884f 100644 --- a/security/shibboleth-sp/pkg-plist +++ b/security/shibboleth-sp/pkg-plist @@ -92,7 +92,7 @@ include/shibsp/util/TemplateParameters.h include/shibsp/version.h lib/libshibsp.so lib/libshibsp.so.12 -lib/libshibsp.so.12.0.1 +lib/libshibsp.so.12.0.2 lib/shibboleth/adfs-lite.so lib/shibboleth/adfs.so @comment %%MEMCACHED%%lib/shibboleth/memcache-store.so @@ -104,7 +104,7 @@ lib/shibboleth/plugins.so %%FASTCGI%%lib/shibboleth/shibresponder lib/libshibsp-lite.so lib/libshibsp-lite.so.12 -lib/libshibsp-lite.so.12.0.1 +lib/libshibsp-lite.so.12.0.2 libdata/pkgconfig/shibsp-lite.pc libdata/pkgconfig/shibsp.pc sbin/shibd diff --git a/security/snuffleupagus/Makefile b/security/snuffleupagus/Makefile index 5783534cd0a0..51cb5fe20f1d 100644 --- a/security/snuffleupagus/Makefile +++ b/security/snuffleupagus/Makefile @@ -8,7 +8,7 @@ PKGNAMEPREFIX= ${PHP_PKGNAMEPREFIX} PATCH_SITES= https://github.com/${GH_ACCOUNT}/${PORTNAME}/commit/ PATCHFILES= b005df2.patch:-p2 -MAINTAINER= franco@opnsense.org +MAINTAINER= ports@FreeBSD.org COMMENT= Security module for PHP WWW= https://snuffleupagus.readthedocs.io/ diff --git a/security/sqlmap/Makefile b/security/sqlmap/Makefile index b22c8675730e..5ce8ab82c277 100644 --- a/security/sqlmap/Makefile +++ b/security/sqlmap/Makefile @@ -1,5 +1,5 @@ PORTNAME= sqlmap -PORTVERSION= 1.8 +PORTVERSION= 1.9.12 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -18,7 +18,10 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}sqlite3>0:databases/py-sqlite3@${PY_FLAVOR} USES= python shebangfix USE_PYTHON= autoplist pep517 -SHEBANG_FILES= *.py sqlmap/extra/shutils/*.sh sqlmap/extra/shutils/*.py +SHEBANG_FILES= *.py sqlmap/extra/shutils/*.sh sqlmap/extra/shutils/*.py \ + sqlmap/plugins/dbms/clickhouse/*.py \ + sqlmap/thirdparty/identywaf/identYwaf.py + NO_ARCH= yes OPTIONS_DEFINE= MSF diff --git a/security/sqlmap/distinfo b/security/sqlmap/distinfo index 396332c41449..ea6d5a319c34 100644 --- a/security/sqlmap/distinfo +++ b/security/sqlmap/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1716077230 -SHA256 (sqlmap-1.8.tar.gz) = 8dbb204ee36e57c123ff50f042345174dfd262f3ed0a044ed8d7251379472ba1 -SIZE (sqlmap-1.8.tar.gz) = 7208171 +TIMESTAMP = 1766217194 +SHA256 (sqlmap-1.9.12.tar.gz) = 0b3f37ccb8c6aaf0e3c15166322e001c1f0961bc601e44272875d5c32c44a757 +SIZE (sqlmap-1.9.12.tar.gz) = 7216017 diff --git a/security/suricata/Makefile b/security/suricata/Makefile index 6d56f51eba60..14275450849d 100644 --- a/security/suricata/Makefile +++ b/security/suricata/Makefile @@ -4,7 +4,7 @@ PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://www.openinfosecfoundation.org/download/ -MAINTAINER= franco@opnsense.org +MAINTAINER= bofh@FreeBSD.org COMMENT= High Performance Network IDS, IPS and Security Monitoring engine WWW= https://suricata.io diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 8daf847a93d7..3fa157e87559 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,168 @@ + <vuln vid="dc7e30db-de67-11f0-b893-5404a68ad561"> + <topic>traefik -- Inverted TLS Verification Logic in Kubernetes NGINX Provider</topic> + <affects> +<package> +<name>traefik</name> +<range><lt>3.6.3</lt></range> +</package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The traefik project reports:</p> + <blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-7vww-mvcr-x6vj"> + <p> + There is a potential vulnerability in Traefik NGINX + provider managing the + nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. + The provider inverts the semantics of the + nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. + Setting the annotation to "on" (intending to enable + backend TLS certificate verification) actually disables + verification, allowing man-in-the-middle attacks against + HTTPS backends when operators believe they are + protected. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-66491</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-66491</url> + </references> + <dates> + <discovery>2025-12-08</discovery> + <entry>2025-12-21</entry> + </dates> + </vuln> + + <vuln vid="91b9790e-de65-11f0-b893-5404a68ad561"> + <topic>traefik -- Bypassing security controls via special characters</topic> + <affects> +<package> +<name>traefik</name> +<range><lt>3.6.3</lt></range> +</package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The traefik project reports:</p> + <blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-gm3x-23wp-hc2c"> + <p>There is a potential vulnerability in Traefik managing + the requests using a PathPrefix, Path or PathRegex + matcher. + When Traefik is configured to route the requests to a + backend using a matcher based on the path; if the + request path contains an encoded restricted character + from the following set ('/', '', 'Null', ';', '?', '#'), + it is possible to target a backend, exposed using + another router, by-passing the middlewares chain.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-66490</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-66490</url> + </references> + <dates> + <discovery>2025-12-08</discovery> + <entry>2025-12-21</entry> + </dates> + </vuln> + + <vuln vid="c32cb4b7-ddcb-11f0-902c-b42e991fc52e"> + <topic>smb4k -- Critical vulnerabilities in Mount Helper</topic> + <affects> +<package> +<name>smb4k</name> +<range><lt>4.0.4</lt></range> +</package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>vulndb reports:</p> + <blockquote cite="https://vuldb.com/?id.336198"> + <p>A vulnerability, which was classified as critical, was + found in smb4k up to 4.0.4. Affected is some unknown + functionality of the component Mount Helper. The + manipulation with an unknown input leads to a access control + vulnerability. CWE is classifying the issue as CWE-284. The + product does not restrict or incorrectly restricts access to + a resource from an unauthorized actor. This is going to have + an impact on integrity, and availability. The advisory is + available at seclists.org. The exploitability is told to be + easy. Local access is required to approach this attack. The + technical details are unknown and an exploit is not + available.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-66002</cvename> + <url>https://vuldb.com/?id.336198</url> + <cvename>CVE-2025-66003</cvename> + <url>https://vuldb.com/?id.336199</url> + </references> + <dates> + <discovery>2025-12-20</discovery> + <entry>2025-12-20</entry> + </dates> + </vuln> + + <vuln vid="2a33d28e-ddc0-11f0-902c-b42e991fc52e"> + <topic>Firefox -- Use-after-free</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>146.0.1,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2000597 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2000597"> + <p>Use-after-free in the Disability Access APIs component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-14860</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2025-14860</url> + </references> + <dates> + <discovery>2025-12-18</discovery> + <entry>2025-12-20</entry> + </dates> + </vuln> + + <vuln vid="23437e07-ddc0-11f0-902c-b42e991fc52e"> + <topic>Firefox -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>146.0.1,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>https://bugzilla.mozilla.org/buglist.cgi?bug_id=1996570%2C1999700 reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1996570%2C1999700"> + <p>Memory safety bugs present in Firefox 146. Some of these + bugs showed evidence of memory corruption and we presume + that with enough effort some of these could have been + exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-14861</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2025-14861</url> + </references> + <dates> + <discovery>2025-12-18</discovery> + <entry>2025-12-20</entry> + </dates> + </vuln> + <vuln vid="f99e70c2-dcb8-11f0-a15a-a8a1599412c6"> <topic>chromium -- multiple security fixes</topic> <affects> diff --git a/security/wazuh-manager/distinfo b/security/wazuh-manager/distinfo index b6ada3611ec3..2dcbd4f32364 100644 --- a/security/wazuh-manager/distinfo +++ b/security/wazuh-manager/distinfo @@ -67,12 +67,12 @@ SHA256 (wazuh-4.14.1/wazuh-cache-fbsd14-amd64-4.14.1.tar.gz) = f2b26a36b116348e3 SIZE (wazuh-4.14.1/wazuh-cache-fbsd14-amd64-4.14.1.tar.gz) = 25055515 SHA256 (wazuh-4.14.1/wazuh-cache-fbsd15-aarch64-4.14.1.tar.gz) = c63484af8fd157f61b6bf0297b4233c3e2a3eee481f35c7d15fcb5b90d711489 SIZE (wazuh-4.14.1/wazuh-cache-fbsd15-aarch64-4.14.1.tar.gz) = 24690859 -SHA256 (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = bf77697d47df3eeb6ccc0d1e43841f5dd3570a7e11e8dd669d5098890b985657 -SIZE (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = 26650464 +SHA256 (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = 3818a9e752e29e661d4b577b3fb0a5a8bf691da6bde264453f2323d37b46408e +SIZE (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = 26650237 SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 1510ef710bcae78e22db88f443504d006e9e4b45d27c66bb84984211409f7e65 SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 24863114 -SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = f706a10b1e31dc959e1751a015b3ec2e74ddbda0362ab192ba3918852731635c -SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 26653845 +SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 03e92ad3b8cc1d06f9e31d07aa13d1ba3dca85b302d869ec5ec3a2b517d3dbf0 +SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 26653557 SHA256 (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = aa59cb2baa7e7d38d8bb4ff6a22afbf2945de4fb555f9b8bb2657b6f89a773ed SIZE (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = 19810038 SHA256 (wazuh-4.14.1/alonsobsd-wazuh-freebsd-2f1307c_GH0.tar.gz) = a955c569217122779ab5b6b58bdfabbfa1cd452b4719cc35c791f7047b1f364f diff --git a/security/xray-core/Makefile b/security/xray-core/Makefile index 8874c68da3a4..744509ed5a3c 100644 --- a/security/xray-core/Makefile +++ b/security/xray-core/Makefile @@ -1,6 +1,7 @@ PORTNAME= xray-core DISTVERSIONPREFIX= v DISTVERSION= 25.12.8 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://github.com/v2fly/geoip/releases/download/202512050148/:geoip \ https://github.com/v2fly/domain-list-community/releases/download/20251212112114/:geosite diff --git a/security/xray-core/files/xray.in b/security/xray-core/files/xray.in index 87516c9759d0..18c9beeb4f5c 100644 --- a/security/xray-core/files/xray.in +++ b/security/xray-core/files/xray.in @@ -20,6 +20,8 @@ name="xray" rcvar="xray_enable" +load_rc_config "$name" + : ${xray_enable="NO"} : ${xray_config="%%PREFIX%%/etc/${name}-core"} : ${xray_logdir="/var/log/${name}-core"} @@ -43,5 +45,4 @@ xray_startprecmd() { chown -R ${xray_user}:${xray_group} "${xray_logdir}" } -load_rc_config "$name" run_rc_command "$1" |