diff options
Diffstat (limited to 'security')
81 files changed, 976 insertions, 429 deletions
diff --git a/security/Makefile b/security/Makefile index ddae4dbefef7..d8b14da244aa 100644 --- a/security/Makefile +++ b/security/Makefile @@ -204,8 +204,7 @@ SUBDIR += gpg-tui SUBDIR += gpgdir SUBDIR += gpgme - SUBDIR += gpgme-cpp - SUBDIR += gpgme-qt + SUBDIR += gpgmepp SUBDIR += gsa SUBDIR += gsad SUBDIR += gsasl @@ -283,6 +282,7 @@ SUBDIR += lasso SUBDIR += lastpass-cli SUBDIR += lego + SUBDIR += lfacme SUBDIR += libaegis SUBDIR += libargon2 SUBDIR += libassuan @@ -953,7 +953,7 @@ SUBDIR += py-google-auth SUBDIR += py-google-auth-httplib2 SUBDIR += py-google-auth-oauthlib - SUBDIR += py-gpgme + SUBDIR += py-gpg SUBDIR += py-gpsoauth SUBDIR += py-greenbone-feed-sync SUBDIR += py-gssapi @@ -1101,6 +1101,7 @@ SUBDIR += py-zkg SUBDIR += py-zxcvbn SUBDIR += pygost + SUBDIR += qgpgme SUBDIR += qt-sudo SUBDIR += qtkeychain SUBDIR += quantis-kmod diff --git a/security/aws-lc/Makefile b/security/aws-lc/Makefile index e72557e40eea..0bafd001dc8c 100644 --- a/security/aws-lc/Makefile +++ b/security/aws-lc/Makefile @@ -1,5 +1,5 @@ PORTNAME= aws-lc -PORTVERSION= 1.52.1 +PORTVERSION= 1.53.0 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/aws-lc/distinfo b/security/aws-lc/distinfo index 489abb390a58..48a0cd1e409f 100644 --- a/security/aws-lc/distinfo +++ b/security/aws-lc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1748831216 -SHA256 (aws-aws-lc-v1.52.1_GH0.tar.gz) = fe552e3c3522f73afc3c30011745c431c633f7b4e25dcd7b38325f194a7b3b75 -SIZE (aws-aws-lc-v1.52.1_GH0.tar.gz) = 126954534 +TIMESTAMP = 1750188014 +SHA256 (aws-aws-lc-v1.53.0_GH0.tar.gz) = b7c3a456df40c0d19621848e8c7b70c1fa333f9e8f5aa72755890fb50c9963de +SIZE (aws-aws-lc-v1.53.0_GH0.tar.gz) = 126984389 diff --git a/security/boringssl/Makefile b/security/boringssl/Makefile index 27f7c73d1a2a..d72689f75660 100644 --- a/security/boringssl/Makefile +++ b/security/boringssl/Makefile @@ -1,5 +1,5 @@ PORTNAME= boringssl -PORTVERSION= 0.0.0.0.2025.06.05.01 +PORTVERSION= 0.0.0.0.2025.06.25.01 CATEGORIES= security EXTRACT_ONLY= ${GH_ACCOUNT}-${PORTNAME}-${PORTVERSION}-${GH_TAGNAME}_GH0.tar.gz @@ -19,7 +19,7 @@ CPE_VENDOR= google USE_GITHUB= yes GH_ACCOUNT= google -GH_TAGNAME= 5622da9 +GH_TAGNAME= 78b48c1 CMAKE_ARGS+= -DBUILD_SHARED_LIBS=1 CFLAGS_i386= -msse2 diff --git a/security/boringssl/distinfo b/security/boringssl/distinfo index c05036202f73..64e40c2a4f5f 100644 --- a/security/boringssl/distinfo +++ b/security/boringssl/distinfo @@ -1,4 +1,4 @@ -TIMESTAMP = 1749831968 +TIMESTAMP = 1750950234 SHA256 (filippo.io/edwards25519/@v/v1.1.0.zip) = 9ac43a686d06fdebd719f7af3866c87eb069302272dfb131007adf471c308b65 SIZE (filippo.io/edwards25519/@v/v1.1.0.zip) = 55809 SHA256 (filippo.io/edwards25519/@v/v1.1.0.mod) = 099556fc4d7e6f5cb135efdd8b6bb4c0932e38ea058c53fc5fa5ce285572fb61 @@ -11,5 +11,5 @@ SHA256 (golang.org/x/sys/@v/v0.32.0.zip) = 85d47075d21fd7ef35d9a47fc73f2356fb3cd SIZE (golang.org/x/sys/@v/v0.32.0.zip) = 1991164 SHA256 (golang.org/x/sys/@v/v0.32.0.mod) = f67e3e18f4c08e60a7e80726ab36b691fdcea5b81ae1c696ff64caf518bcfe3d SIZE (golang.org/x/sys/@v/v0.32.0.mod) = 35 -SHA256 (google-boringssl-0.0.0.0.2025.06.05.01-5622da9_GH0.tar.gz) = ae4f97f3adf33f578fc58bfa946e74f16cd1afec4bd213cc53d77c87be027c72 -SIZE (google-boringssl-0.0.0.0.2025.06.05.01-5622da9_GH0.tar.gz) = 46161255 +SHA256 (google-boringssl-0.0.0.0.2025.06.25.01-78b48c1_GH0.tar.gz) = 2cfaa5f01ecedb7d662d7b01cac6f2f5f873a52f694a44af69de9b8efcdb6e90 +SIZE (google-boringssl-0.0.0.0.2025.06.25.01-78b48c1_GH0.tar.gz) = 46168678 diff --git a/security/botan3/Makefile b/security/botan3/Makefile index a376d1c4fa7c..c5c0ff84d783 100644 --- a/security/botan3/Makefile +++ b/security/botan3/Makefile @@ -1,5 +1,5 @@ PORTNAME= botan -DISTVERSION= 3.7.1 +DISTVERSION= 3.8.1 CATEGORIES= security MASTER_SITES= http://botan.randombit.net/releases/ PKGNAMESUFFIX= ${_BOTANMAJOR} @@ -14,7 +14,8 @@ LICENSE_FILE= ${WRKSRC}/license.txt BUILD_DEPENDS= ${LOCALBASE}/include/boost/asio.hpp:devel/boost-libs -USES= compiler:c++20-lang cpe gmake llvm shebangfix tar:xz # llvm fixes build failure, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279136 +USES= compiler:c++20-lang cpe gmake shebangfix tar:xz + CPE_VENDOR= ${PORTNAME}_project USE_LDCONFIG= yes @@ -37,7 +38,7 @@ LDFLAGS+= -pthread DOCSDIR= ${LOCALBASE}/share/doc/${PORTNAME}-${PORTVERSION} -_SOABIVER= 7 +_SOABIVER= 8 _BOTANMAJOR= ${DISTVERSION:S/./ /g:[1]} _SHLIBVER= ${DISTVERSION:S/./ /g:[2]} _SHLIBVERPATCH= ${DISTVERSION:S/./ /g:[3]} @@ -47,10 +48,12 @@ PLIST_SUB= SHLIBVER=${_SHLIBVER} \ BOTANMAJOR=${_BOTANMAJOR} PORTDOCS= * -OPTIONS_DEFINE= DOCS MANPAGES PYTHON SQLITE3 +OPTIONS_DEFINE= DOCS LLVM_FROM_PORTS MANPAGES PYTHON SQLITE3 OPTIONS_DEFAULT= MANPAGES OPTIONS_SUB= yes +LLVM_FROM_PORTS_DESC= Use LLVM from ports to build + MANPAGES_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}sphinx>=0:textproc/py-sphinx@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}furo>=2022.6.21:textproc/py-furo@${PY_FLAVOR} MANPAGES_CONFIGURE_WITH= sphinx @@ -65,6 +68,15 @@ SQLITE3_CONFIGURE_WITH= sqlite3 .include <bsd.port.options.mk> +# llvm from ports fixes build failure, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279136 +.if ${OPSYS} == FreeBSD && \ + ((${OSVERSION} >= 1500000) || \ + ${PORT_OPTIONS:MLLVM_FROM_PORTS}) +USES+= llvm +USES:= ${USES:Ncompiler\:*} # XXX avoid warnings +CHOSEN_COMPILER_TYPE= clang +.endif + .if ${ARCH} == aarch64 CONFIGURE_ARGS+= --cc-abi="-march=armv8-a+crypto" .elif ${ARCH:Mpowerpc64*} @@ -74,12 +86,6 @@ CONFIGURE_ARGS+= --disable-powercrypto .endif .endif -.if ${ARCH} == i386 || ${ARCH} == amd64 -PLIST_SUB+= HAS_RDRAND_RNG="" -.else -PLIST_SUB+= HAS_RDRAND_RNG="@comment " -.endif - .if ${ARCH} == i386 || ${ARCH} == amd64 || ${ARCH:Mpowerpc64*} PLIST_SUB+= HAS_PROCESSOR_RNG="" .else diff --git a/security/botan3/distinfo b/security/botan3/distinfo index e90946f4ca79..e64fce607f4f 100644 --- a/security/botan3/distinfo +++ b/security/botan3/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1738854685 -SHA256 (Botan-3.7.1.tar.xz) = fc0620463461caaea8e60f06711d7e437a3ad1eebd6de4ac29c14bbd901ccd1b -SIZE (Botan-3.7.1.tar.xz) = 8659408 +TIMESTAMP = 1747422221 +SHA256 (Botan-3.8.1.tar.xz) = b039681d4b861a2f5853746d8ba806f553e23869ed72d89edbfa3c3dbfa17e68 +SIZE (Botan-3.8.1.tar.xz) = 8706304 diff --git a/security/fwknop/Makefile b/security/fwknop/Makefile index 9fafdb258370..31af0953db65 100644 --- a/security/fwknop/Makefile +++ b/security/fwknop/Makefile @@ -1,6 +1,6 @@ PORTNAME= fwknop PORTVERSION= 2.6.10 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MASTER_SITES= http://www.cipherdyne.org/fwknop/download/ diff --git a/security/gpa/Makefile b/security/gpa/Makefile index cbd06e27b898..8be53eac84c7 100644 --- a/security/gpa/Makefile +++ b/security/gpa/Makefile @@ -1,5 +1,6 @@ PORTNAME= gpa PORTVERSION= 0.11.0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= GNUPG/gpa diff --git a/security/gpa/files/patch-src_gpacontext.c b/security/gpa/files/patch-src_gpacontext.c new file mode 100644 index 000000000000..6b41a8f4cc80 --- /dev/null +++ b/security/gpa/files/patch-src_gpacontext.c @@ -0,0 +1,70 @@ +The trustlist feature, which only worked for a short period in 2003, was +removed in GpgME 2.0.0. + +--- src/gpacontext.c.orig 2022-11-14 07:04:19 UTC ++++ src/gpacontext.c +@@ -38,8 +38,6 @@ static void gpa_context_next_key (GpaContext *context, + static void gpa_context_start (GpaContext *context); + static void gpa_context_done (GpaContext *context, gpg_error_t err); + static void gpa_context_next_key (GpaContext *context, gpgme_key_t key); +-static void gpa_context_next_trust_item (GpaContext *context, +- gpgme_trust_item_t item); + static void gpa_context_progress (GpaContext *context, int current, int total); + + /* The GPGME I/O callbacks */ +@@ -65,7 +63,6 @@ enum + START, + DONE, + NEXT_KEY, +- NEXT_TRUST_ITEM, + PROGRESS, + LAST_SIGNAL + }; +@@ -113,7 +110,6 @@ gpa_context_class_init (GpaContextClass *klass) + klass->start = gpa_context_start; + klass->done = gpa_context_done; + klass->next_key = gpa_context_next_key; +- klass->next_trust_item = gpa_context_next_trust_item; + klass->progress = gpa_context_progress; + + /* Signals */ +@@ -143,15 +139,6 @@ gpa_context_class_init (GpaContextClass *klass) + g_cclosure_marshal_VOID__POINTER, + G_TYPE_NONE, 1, + G_TYPE_POINTER); +- signals[NEXT_TRUST_ITEM] = +- g_signal_new ("next_trust_item", +- G_TYPE_FROM_CLASS (object_class), +- G_SIGNAL_RUN_FIRST, +- G_STRUCT_OFFSET (GpaContextClass, next_trust_item), +- NULL, NULL, +- g_cclosure_marshal_VOID__POINTER, +- G_TYPE_NONE, 1, +- G_TYPE_POINTER); + signals[PROGRESS] = + g_signal_new ("progress", + G_TYPE_FROM_CLASS (object_class), +@@ -496,10 +483,6 @@ gpa_context_event_cb (void *data, gpgme_event_io_t typ + case GPGME_EVENT_NEXT_KEY: + g_signal_emit (context, signals[NEXT_KEY], 0, type_data); + break; +- case GPGME_EVENT_NEXT_TRUSTITEM: +- g_signal_emit (context, signals[NEXT_TRUST_ITEM], 0, +- type_data); +- break; + default: + /* Ignore unsupported event types */ + break; +@@ -527,12 +510,6 @@ gpa_context_next_key (GpaContext *context, gpgme_key_t + + static void + gpa_context_next_key (GpaContext *context, gpgme_key_t key) +-{ +- /* Do nothing yet */ +-} +- +-static void +-gpa_context_next_trust_item (GpaContext *context, gpgme_trust_item_t item) + { + /* Do nothing yet */ + } diff --git a/security/gpa/files/patch-src_gpacontext.h b/security/gpa/files/patch-src_gpacontext.h new file mode 100644 index 000000000000..7b7d6eba5dc6 --- /dev/null +++ b/security/gpa/files/patch-src_gpacontext.h @@ -0,0 +1,13 @@ +The trustlist feature, which only worked for a short period in 2003, was +removed in GpgME 2.0.0. + +--- src/gpacontext.h.orig 2018-10-16 19:58:08 UTC ++++ src/gpacontext.h +@@ -63,7 +63,6 @@ struct _GpaContextClass { + void (*start) (GpaContext *context); + void (*done) (GpaContext *context, gpg_error_t err); + void (*next_key) (GpaContext *context, gpgme_key_t key); +- void (*next_trust_item) (GpaContext *context, gpgme_trust_item_t item); + void (*progress) (GpaContext *context, int current, int total); + }; + diff --git a/security/gpgme-cpp/Makefile b/security/gpgme-cpp/Makefile deleted file mode 100644 index e24db4919c02..000000000000 --- a/security/gpgme-cpp/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -PORTREVISION= 0 -PKGNAMESUFFIX= -${_GPGME_BINDING} - -COMMENT= Gpgme C++ bindings - -MASTERDIR= ${.CURDIR:H:H}/security/gpgme -PLIST= ${.CURDIR}/pkg-plist - -_GPGME_BINDING= cpp - -.include "${MASTERDIR}/Makefile" diff --git a/security/gpgme-qt/Makefile b/security/gpgme-qt/Makefile deleted file mode 100644 index f683b6a005dd..000000000000 --- a/security/gpgme-qt/Makefile +++ /dev/null @@ -1,13 +0,0 @@ -PORTREVISION= 0 - -COMMENT= Gpgme Qt${FLAVOR:S|qt||} bindings - -LICENSE= GPLv2+ -LICENSE_FILE= ${WRKSRC}/COPYING - -MASTERDIR= ${.CURDIR:H:H}/security/gpgme -PLIST= ${.CURDIR}/pkg-plist - -_GPGME_BINDING= qt - -.include "${MASTERDIR}/Makefile" diff --git a/security/gpgme/Makefile b/security/gpgme/Makefile index ad66bed32308..92bba8a67faa 100644 --- a/security/gpgme/Makefile +++ b/security/gpgme/Makefile @@ -1,6 +1,5 @@ PORTNAME= gpgme -PORTVERSION= 1.24.2 -PORTREVISION?= 0 +PORTVERSION= 2.0.0 CATEGORIES?= security MASTER_SITES= GNUPG/gpgme @@ -16,17 +15,14 @@ LIB_DEPENDS= libassuan.so:security/libassuan \ USES= compiler:c11 cpe gmake libtool localbase:ldflags pathfix tar:bzip2 USE_LDCONFIG= yes +CPE_VENDOR= gnu GNU_CONFIGURE= yes +CONFIGURE_ARGS+=--enable-languages="cl" CFLAGS+= -Wno-suggest-override -Wno-unknown-warning-option INSTALL_TARGET= install-strip TEST_TARGET= check -CPE_VENDOR= gnu - -.if !defined(_GPGME_BINDING) -CONFIGURE_ARGS+=--enable-languages="cl" - INFO= gpgme PORTDOCS= AUTHORS INSTALL NEWS README @@ -49,93 +45,11 @@ TEST_PREVENTS_MSG= TEST option is mainly designed for use with the GNUPG2 option UISERVER_DESC= GnuPG UI server support UISERVER_CONFIGURE_ENABLE= fd-passing -.else -LIB_DEPENDS+= libgpgme.so:security/gpgme -BUILD_WRKSRC= ${WRKSRC}/lang/${_GPGME_BINDING} -INSTALL_WRKSRC= ${WRKSRC}/lang/${_GPGME_BINDING} -TEST_WRKSRC= ${WRKSRC}/lang/${_GPGME_BINDING}/tests - -. if ${_GPGME_BINDING} == "cpp" -USES+= compiler:c++11-lang -CONFIGURE_ARGS+=--enable-languages="cpp" -NO_TEST= yes -. else -OPTIONS_DEFINE+= TEST -. endif - -. if ${_GPGME_BINDING} == "qt" -LIB_DEPENDS+= libgpgmepp.so:security/gpgme-cpp - -FLAVORS= qt5 qt6 -FLAVOR?= ${FLAVORS:[1]} -qt5_PKGNAMESUFFIX= -qt5 -qt6_PKGNAMESUFFIX= -qt6 - -. if ${FLAVOR:U} == "qt5" -USES+= compiler:c++11-lang pkgconfig qt:5 -USE_QT= core \ - buildtools:build -TEST_USE= QT=testlib:build -PLIST_SUB= QGPGME_CMAKE_SUFFIX="" \ - QGPGME_INCLUDE_SUFFIX="${FLAVOR}" \ - QGPGME_LIB_SUFFIX="" -. else -USES+= compiler:c++17-lang pkgconfig qt:6 -USE_CXXSTD= c++17 -USE_QT= base -PLIST_SUB= QGPGME_CMAKE_SUFFIX="Qt${FLAVOR:S|qt||}" \ - QGPGME_INCLUDE_SUFFIX="${FLAVOR}" \ - QGPGME_LIB_SUFFIX="${FLAVOR}" -. endif - -CONFIGURE_ARGS+=--enable-languages="cpp ${FLAVOR}" -DOCSDIR= ${PREFIX}/share/doc/${PORTNAME}${PKGNAMESUFFIX} - -OPTIONS_DEFINE+= DOXYGEN -DOXYGEN_BUILD_DEPENDS= doxygen:devel/doxygen \ - dot:graphics/graphviz -. endif - -. if ${_GPGME_BINDING} == "python" -BUILD_DEPENDS+= swig:devel/swig \ - ${PY_SETUPTOOLS} -USES+= python:3.9+ -USE_PYTHON= flavors -CONFIGURE_ARGS+=--enable-languages="python" -CONFIGURE_ENV+= BSD_PYTHON="${PYTHON_CMD}" \ - BSD_PYTHON_VERSION="${PYTHON_VER}" \ - SWIG="${LOCALBASE}/bin/swig" -PLIST_SUB+= VERSION=${PORTVERSION} -. endif -.endif - -.include <bsd.port.pre.mk> post-patch: -.if ${COMPILER_TYPE} == "clang" - @${REINPLACE_CMD} -e 's|mno-direct-extern-access|fno-direct-access-external-data|g' \ - ${WRKSRC}/configure -.endif -.if defined(_GPGME_BINDING) - @${FIND} ${BUILD_WRKSRC} -name "Makefile.in" -type f | ${XARGS} \ - ${REINPLACE_CMD} -e 's|../../../src/libgpgme.la|-lgpgme|g' -. if ${_GPGME_BINDING} == "qt" - @${FIND} ${BUILD_WRKSRC} -name "Makefile.in" -type f | ${XARGS} \ - ${REINPLACE_CMD} -e 's|../../cpp/src/libgpgmepp.la|-lgpgmepp|g' -. endif -.endif @${REINPLACE_CMD} -e 's|^clfilesdir.*|clfilesdir=$$\(libdir\)/common-lisp/gpgme|g' \ ${WRKSRC}/lang/cl/Makefile.in -post-patch-DOXYGEN-off: - @${REINPLACE_CMD} -e '/SUBDIRS/s|doc||' \ - ${WRKSRC}/lang/qt/Makefile.in - -post-patch-TEST-off: - @${REINPLACE_CMD} -e '/SUBDIRS/s|tests||' \ - ${WRKSRC}/lang/python/Makefile.in \ - ${WRKSRC}/lang/qt/Makefile.in - # The gnupg programs will create sockets for the tests in a temporary directory # under /var/run/user/${UID} if it exists. Otherwise, they will try to create # them in the test build directories. To prevent errors in cases where the test @@ -165,17 +79,8 @@ pre-test: pre-build-TEST-on post-test: post-build-TEST-on -.if !defined(_GPGME_BINDING) post-install-DOCS-on: - ${MKDIR} ${STAGEDIR}${DOCSDIR} + @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR} -.endif - -post-install-DOXYGEN-on: - ${MKDIR} ${STAGEDIR}${DOCSDIR}/html - cd ${WRKSRC}/lang/qt/doc/generated/html && \ - ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR}/html - @${FIND} -P ${STAGEDIR}${DOCSDIR} -type f 2>/dev/null | \ - ${SED} -ne 's|^${STAGEDIR}${PREFIX}/||p' >> ${TMPPLIST} -.include <bsd.port.post.mk> +.include <bsd.port.mk> diff --git a/security/gpgme/distinfo b/security/gpgme/distinfo index 3f69026dd7d7..c0c75d7c36e4 100644 --- a/security/gpgme/distinfo +++ b/security/gpgme/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1739544658 -SHA256 (gpgme-1.24.2.tar.bz2) = e11b1a0e361777e9e55f48a03d89096e2abf08c63d84b7017cfe1dce06639581 -SIZE (gpgme-1.24.2.tar.bz2) = 1891804 +TIMESTAMP = 1750274492 +SHA256 (gpgme-2.0.0.tar.bz2) = ddf161d3c41ff6a3fcbaf4be6c6e305ca4ef1cc3f1ecdfce0c8c2a167c0cc36d +SIZE (gpgme-2.0.0.tar.bz2) = 1383911 diff --git a/security/gpgme/files/patch-configure b/security/gpgme/files/patch-configure index 9884bbddbdc4..02ee21a01cff 100644 --- a/security/gpgme/files/patch-configure +++ b/security/gpgme/files/patch-configure @@ -1,27 +1,8 @@ -Hunk 1: -The configure script automatically detects all versions of Python and builds -the bindings for each found version. This is a problem when building outside -of a clean environment since the ports system can only build a package for one -Python flavor at a time. The found versions of Python are overridden by -environment variables set in the port Makefile. - -Hunk 2: Fix path of pkgconfig files passed to gpgrt-config. ---- configure.orig 2023-11-28 15:45:04 UTC +--- configure.orig 2025-06-03 11:26:27 UTC +++ configure -@@ -31428,6 +31428,10 @@ printf "%s\n" "$as_me: WARNING: - - fi - -+ # Override the automatically found Pythons with the selected version from ports. -+ PYTHONS=$BSD_PYTHON -+ PYTHON_VERSIONS=$BSD_PYTHON_VERSION -+ - # Recover some values lost in the second attempt to find Python. - PYTHON="$(echo $PYTHONS | cut -d ' ' -f 1)" - PYTHON_VERSION="$(echo $PYTHON_VERSIONS | cut -d ' ' -f 1)" -@@ -32691,7 +32695,7 @@ fi +@@ -16828,7 +16828,7 @@ fi # Get the prefix of gpgrt-config assuming it's something like: # <PREFIX>/bin/gpgrt-config gpgrt_prefix=${GPGRT_CONFIG%/*/*} diff --git a/security/gpgme/files/patch-lang_python_Makefile.in b/security/gpgme/files/patch-lang_python_Makefile.in deleted file mode 100644 index e78760200c2a..000000000000 --- a/security/gpgme/files/patch-lang_python_Makefile.in +++ /dev/null @@ -1,29 +0,0 @@ -First hunk: -The swig executable from devel/swig30 is named 'swig3.0' and the build system -only looks for an executable named 'swig': -unable to execute 'swig': No such file or directory - -Second hunk: -Fix staging and build the *.pyc and *.pyo files - ---- lang/python/Makefile.in.orig 2023-08-21 07:46:32 UTC -+++ lang/python/Makefile.in -@@ -768,7 +768,7 @@ all-local: copystamp - CFLAGS="$(CFLAGS)" \ - srcdir="$(srcdir)" \ - top_builddir="$(top_builddir)" \ -- $$PYTHON setup.py build --verbose --build-base="$$(basename "$${PYTHON}")-gpg" ; \ -+ $$PYTHON setup.py build --verbose --build-base="$$(basename "$${PYTHON}")-gpg" build_ext --swig=$(SWIG) ; \ - done - - python$(PYTHON_VERSION)-gpg/dist/gpg-$(VERSION).tar.gz.asc: copystamp -@@ -811,7 +811,8 @@ install-exec-local: - build \ - --build-base="$$(basename "$${PYTHON}")-gpg" \ - install \ -- --prefix "$(DESTDIR)$(prefix)" \ -+ -c -O1 --prefix=$(prefix) \ -+ --root=$(DESTDIR) \ - --verbose ; \ - done - diff --git a/security/gpgme/pkg-plist b/security/gpgme/pkg-plist index 9034fa4ef44d..b79e4310fc92 100644 --- a/security/gpgme/pkg-plist +++ b/security/gpgme/pkg-plist @@ -7,8 +7,8 @@ lib/common-lisp/gpgme/gpgme-package.lisp lib/common-lisp/gpgme/gpgme.asd lib/common-lisp/gpgme/gpgme.lisp lib/libgpgme.so -lib/libgpgme.so.11 -lib/libgpgme.so.11.33.2 +lib/libgpgme.so.45 +lib/libgpgme.so.45.0.0 libdata/pkgconfig/gpgme-glib.pc libdata/pkgconfig/gpgme.pc share/aclocal/gpgme.m4 diff --git a/security/gpgmepp/Makefile b/security/gpgmepp/Makefile new file mode 100644 index 000000000000..e82eb6422f32 --- /dev/null +++ b/security/gpgmepp/Makefile @@ -0,0 +1,18 @@ +PORTNAME= gpgmepp +PORTVERSION= 2.0.0 +CATEGORIES= security +MASTER_SITES= GNUPG + +MAINTAINER= jhale@FreeBSD.org +COMMENT= GnuPG Made Easy (GPGME) C++ bindings +WWW= https://gnupg.org/software/gpgme/index.html + +LICENSE= LGPL20+ +LICENSE_FILE= ${WRKSRC}/COPYING.LIB + +LIB_DEPENDS= libgpg-error.so:security/libgpg-error \ + libgpgme.so:security/gpgme + +USES= cmake compiler:c++17-lang pkgconfig tar:xz + +.include <bsd.port.mk> diff --git a/security/gpgmepp/distinfo b/security/gpgmepp/distinfo new file mode 100644 index 000000000000..8d7b098d16d2 --- /dev/null +++ b/security/gpgmepp/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1750275911 +SHA256 (gpgmepp-2.0.0.tar.xz) = d4796049c06708a26f3096f748ef095347e1a3c1e570561701fe952c3f565382 +SIZE (gpgmepp-2.0.0.tar.xz) = 118304 diff --git a/security/gpgmepp/pkg-descr b/security/gpgmepp/pkg-descr new file mode 100644 index 000000000000..34f3229a2efb --- /dev/null +++ b/security/gpgmepp/pkg-descr @@ -0,0 +1,2 @@ +GpgMEpp is a C++ wrapper (or C++ bindings) for the GnuPG project's GPGME +(GnuPG Made Easy) library. diff --git a/security/gpgme-cpp/pkg-plist b/security/gpgmepp/pkg-plist index 544a430d2de8..2741334cbc58 100644 --- a/security/gpgme-cpp/pkg-plist +++ b/security/gpgmepp/pkg-plist @@ -31,18 +31,22 @@ include/gpgme++/key.h include/gpgme++/keygenerationresult.h include/gpgme++/keylistresult.h include/gpgme++/notation.h +include/gpgme++/randomresults.h include/gpgme++/result.h include/gpgme++/scdgetinfoassuantransaction.h include/gpgme++/signingresult.h include/gpgme++/statusconsumerassuantransaction.h include/gpgme++/swdbresult.h include/gpgme++/tofuinfo.h -include/gpgme++/trustitem.h include/gpgme++/verificationresult.h include/gpgme++/vfsmountresult.h +lib/cmake/Gpgmepp/FindGpgme.cmake +lib/cmake/Gpgmepp/FindLibGpgError.cmake lib/cmake/Gpgmepp/GpgmeppConfig.cmake lib/cmake/Gpgmepp/GpgmeppConfigVersion.cmake +lib/cmake/Gpgmepp/GpgmeppTargets-%%CMAKE_BUILD_TYPE%%.cmake +lib/cmake/Gpgmepp/GpgmeppTargets.cmake lib/libgpgmepp.so -lib/libgpgmepp.so.6 -lib/libgpgmepp.so.6.21.2 +lib/libgpgmepp.so.7 +lib/libgpgmepp.so.7.0.0 libdata/pkgconfig/gpgmepp.pc diff --git a/security/gvm-libs/Makefile b/security/gvm-libs/Makefile index 0a6e2266c017..f11ade33a8ca 100644 --- a/security/gvm-libs/Makefile +++ b/security/gvm-libs/Makefile @@ -1,6 +1,7 @@ PORTNAME= gvm DISTVERSIONPREFIX= v DISTVERSION= 22.22.0 +PORTREVISION= 1 CATEGORIES= security PKGNAMESUFFIX= -libs diff --git a/security/gvmd/Makefile b/security/gvmd/Makefile index 366f6967d8f4..0648b0880e09 100644 --- a/security/gvmd/Makefile +++ b/security/gvmd/Makefile @@ -1,5 +1,6 @@ PORTNAME= gvmd DISTVERSION= 26.0.0 +PORTREVISION= 1 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/kleopatra/Makefile b/security/kleopatra/Makefile index 505df198284c..021af0b579e1 100644 --- a/security/kleopatra/Makefile +++ b/security/kleopatra/Makefile @@ -1,7 +1,13 @@ PORTNAME= kleopatra DISTVERSION= ${KDE_APPLICATIONS_VERSION} +PORTREVISION= 1 CATEGORIES= security kde kde-applications +PATCH_SITES= https://invent.kde.org/pim/kleopatra/-/commit/ +PATCHFILES+= 10b618703d74618c09b5e2b16e2db9d829aed93b.patch:-p1 # Prep for Qgpgme 2.0.0 +PATCHFILES+= b1f3736de7ed3c2d4f58aa454064a4cd0f423250.patch:-p1 # Prep for Qgpgme 2.0.0 +PATCHFILES+= d4f777ffa137148302ca39d5a2238c01c896605d.patch:-p1 # Prep for Qgpgme 2.0.0 + MAINTAINER= kde@FreeBSD.org COMMENT= Certificate manager for KDE WWW= https://www.kde.org/applications/utilities/kleopatra/ @@ -10,8 +16,8 @@ LIB_DEPENDS= libassuan.so:security/libassuan \ libboost_thread.so:devel/boost-libs \ libgpgme.so:security/gpgme \ libgpg-error.so:security/libgpg-error \ - libgpgmepp.so:security/gpgme-cpp \ - libqgpgmeqt6.so:security/gpgme-qt@qt6 + libgpgmepp.so:security/gpgmepp \ + libqgpgmeqt6.so:security/qgpgme@qt6 USES= cmake compiler:c++11-lang desktop-file-utils gettext kde:6 \ qt:6 shared-mime-info tar:xz xorg diff --git a/security/kleopatra/distinfo b/security/kleopatra/distinfo index dcac84233c5f..f1f3b98769a3 100644 --- a/security/kleopatra/distinfo +++ b/security/kleopatra/distinfo @@ -1,3 +1,9 @@ -TIMESTAMP = 1749036950 +TIMESTAMP = 1750496363 SHA256 (KDE/release-service/25.04.2/kleopatra-25.04.2.tar.xz) = d155c416103fad173c361ea10f3ea1f6142297cc5be3598e9b062461336a3476 SIZE (KDE/release-service/25.04.2/kleopatra-25.04.2.tar.xz) = 2851360 +SHA256 (KDE/release-service/25.04.2/10b618703d74618c09b5e2b16e2db9d829aed93b.patch) = 75f5c94d85eadad74dcef21f66c019946217a051a9e8b90803d5eceaadb3fcd4 +SIZE (KDE/release-service/25.04.2/10b618703d74618c09b5e2b16e2db9d829aed93b.patch) = 1241 +SHA256 (KDE/release-service/25.04.2/b1f3736de7ed3c2d4f58aa454064a4cd0f423250.patch) = c2796b58683b07eabeae48a517192460c474a1722d7022e796b94df6553d933d +SIZE (KDE/release-service/25.04.2/b1f3736de7ed3c2d4f58aa454064a4cd0f423250.patch) = 1585 +SHA256 (KDE/release-service/25.04.2/d4f777ffa137148302ca39d5a2238c01c896605d.patch) = 0120d812f9a57cbd4a5a2718fbbc9acef090841701cb2c6b4f11a596986840e6 +SIZE (KDE/release-service/25.04.2/d4f777ffa137148302ca39d5a2238c01c896605d.patch) = 1573 diff --git a/security/krb5-devel/Makefile b/security/krb5-devel/Makefile index 36aa57f35ae2..6745764fa63d 100644 --- a/security/krb5-devel/Makefile +++ b/security/krb5-devel/Makefile @@ -8,8 +8,8 @@ PKGNAME_X= -${FLAVOR:S/default//} .endif PKGNAMESUFFIX= ${PKGNAME_X:S/--/-/:C/-$//} -HASH= 61e92fe9a -MIT_COMMIT_DATE= 2025.04.06 +HASH= 1113e746a +MIT_COMMIT_DATE= 2025.06.17 PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 diff --git a/security/krb5-devel/distinfo b/security/krb5-devel/distinfo index addd917f9451..83e6497143e7 100644 --- a/security/krb5-devel/distinfo +++ b/security/krb5-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1747800263 -SHA256 (krb5-krb5-1.22.2025.04.06-61e92fe9a_GH0.tar.gz) = 2eae92b633a9c77a66fbcb6a5acba93bf5bc6eb75b95ded662c9c4509ba16255 -SIZE (krb5-krb5-1.22.2025.04.06-61e92fe9a_GH0.tar.gz) = 4679049 +TIMESTAMP = 1750876627 +SHA256 (krb5-krb5-1.22.2025.06.17-1113e746a_GH0.tar.gz) = 535c723d44a5fb50ffe3aeb8e1198e81bf1485d24d0f11aa62f56f80dd9c283f +SIZE (krb5-krb5-1.22.2025.06.17-1113e746a_GH0.tar.gz) = 4683455 diff --git a/security/libcryptui/Makefile b/security/libcryptui/Makefile index 98a75479363a..b1cbf9ef4783 100644 --- a/security/libcryptui/Makefile +++ b/security/libcryptui/Makefile @@ -1,6 +1,6 @@ PORTNAME= libcryptui PORTVERSION= 3.12.2 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security gnome MASTER_SITES= GNOME DIST_SUBDIR= gnome @@ -9,6 +9,10 @@ MAINTAINER= gnome@FreeBSD.org COMMENT= GNOME application for managing encryption keys (PGP, SSH) WWW= https://gitlab.gnome.org/GNOME/libcryptui +DEPRECATED= abandoned project +EXPIRATION_DATE=2025-06-30 +BROKEN= does not build with gpgme 2.x + BUILD_DEPENDS= seahorse>=3.0.0:security/seahorse \ gpg:security/gnupg LIB_DEPENDS= libgpgme.so:security/gpgme \ diff --git a/security/libkleo/Makefile b/security/libkleo/Makefile index 10b3a01e7a07..19824ceb7dda 100644 --- a/security/libkleo/Makefile +++ b/security/libkleo/Makefile @@ -1,5 +1,6 @@ PORTNAME= libkleo DISTVERSION= ${KDE_APPLICATIONS_VERSION} +PORTREVISION= 1 CATEGORIES= security kde kde-applications MAINTAINER= kde@FreeBSD.org @@ -10,8 +11,8 @@ BUILD_DEPENDS= ${LOCALBASE}/include/boost/range/algorithm.hpp:devel/boost-libs LIB_DEPENDS= libassuan.so:security/libassuan \ libgpg-error.so:security/libgpg-error \ libgpgme.so:security/gpgme \ - libqgpgmeqt6.so:security/gpgme-qt@qt6 \ - libgpgmepp.so:security/gpgme-cpp + libqgpgmeqt6.so:security/qgpgme@qt6 \ + libgpgmepp.so:security/gpgmepp RUN_DEPENDS= ${LOCALBASE}/bin/gmd5sum:sysutils/coreutils USES= cmake compiler:c++11-lang gettext kde:6 qt:6 tar:xz diff --git a/security/netbird/Makefile b/security/netbird/Makefile index c5ddbbccf8b7..4c189fbd0f94 100644 --- a/security/netbird/Makefile +++ b/security/netbird/Makefile @@ -1,6 +1,6 @@ PORTNAME= netbird DISTVERSIONPREFIX= v -DISTVERSION= 0.47.2 +DISTVERSION= 0.49.0 CATEGORIES= security net net-vpn MAINTAINER= hakan.external@netbird.io @@ -16,15 +16,15 @@ NOT_FOR_ARCHS_REASON= "no 32-bit builds supported" RUN_DEPENDS= ca_root_nss>0:security/ca_root_nss USES= go:modules -USE_RC_SUBR= netbird +USE_RC_SUBR= ${PORTNAME} GO_MODULE= github.com/netbirdio/netbird -GO_TARGET= ./client:netbird +GO_TARGET= ./client:${PORTNAME} GO_BUILDFLAGS= -tags freebsd -o ${PORTNAME} -ldflags \ "-s -w -X github.com/netbirdio/netbird/version.version=${DISTVERSION}" -WRKSRC= ${WRKDIR}/netbird-${DISTVERSION} +WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION} -PLIST_FILES= bin/netbird +PLIST_FILES= bin/${PORTNAME} .include <bsd.port.mk> diff --git a/security/netbird/distinfo b/security/netbird/distinfo index 76ba6e320c5e..0806cc6f24f0 100644 --- a/security/netbird/distinfo +++ b/security/netbird/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1749687672 -SHA256 (go/security_netbird/netbird-v0.47.2/v0.47.2.mod) = dd8e2b5f3ee570d2ef933101c6fb7bc5de05dae258f0c7ea7602e8db42238acb -SIZE (go/security_netbird/netbird-v0.47.2/v0.47.2.mod) = 12507 -SHA256 (go/security_netbird/netbird-v0.47.2/v0.47.2.zip) = 8671becd05ff5437daa98b34e76819cd0908c1a040f49a369c9e26ed8cc64831 -SIZE (go/security_netbird/netbird-v0.47.2/v0.47.2.zip) = 2917482 +TIMESTAMP = 1750840361 +SHA256 (go/security_netbird/netbird-v0.49.0/v0.49.0.mod) = dd8e2b5f3ee570d2ef933101c6fb7bc5de05dae258f0c7ea7602e8db42238acb +SIZE (go/security_netbird/netbird-v0.49.0/v0.49.0.mod) = 12507 +SHA256 (go/security_netbird/netbird-v0.49.0/v0.49.0.zip) = c1aa8b8749cdb1a471425ce5aac7d90e318e6f6280f51a8b72ca18ad241f7bfb +SIZE (go/security_netbird/netbird-v0.49.0/v0.49.0.zip) = 2921705 diff --git a/security/netbird/files/netbird.in b/security/netbird/files/netbird.in index a05f7f099ee0..ddd19f27cd52 100644 --- a/security/netbird/files/netbird.in +++ b/security/netbird/files/netbird.in @@ -16,8 +16,8 @@ # Default: 'info' # netbird_logfile (path): Path to the client log file. # Default: /var/log/netbird/client.log -# netbird_env (str): Extra environment variables for the daemon, in KEY=VALUE format. -# Default: 'IS_DAEMON=1' +# netbird_tun_dev (str): Name of the TUN device used by Netbird for its VPN tunnel. +# Default: wt0 # . /etc/rc.subr @@ -32,11 +32,33 @@ load_rc_config "$name" : ${netbird_socket:="/var/run/netbird.sock"} : ${netbird_loglevel:="info"} : ${netbird_logfile:="/var/log/netbird/client.log"} -: ${netbird_env:="IS_DAEMON=1"} +: ${netbird_tun_dev:="wt0"} pidfile="/var/run/${name}.pid" command="/usr/sbin/daemon" daemon_args="-P ${pidfile} -r -t \"${name}: daemon\"" command_args="${daemon_args} %%PREFIX%%/bin/netbird service run --config ${netbird_config} --log-level ${netbird_loglevel} --daemon-addr unix://${netbird_socket} --log-file ${netbird_logfile}" +start_precmd="${name}_start_precmd" +stop_postcmd="${name}_stop_postcmd" + +netbird_start_precmd() { + logger -s -t netbird "Starting ${name}." + # Check for orphaned netbird tunnel interface + # And if it exists, then destroy it + if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then + if ! /sbin/ifconfig ${netbird_tun_dev} | fgrep -qw PID; then + logger -s -t netbird "Found orphaned tunnel interface ${netbird_tun_dev}, destroying" + /sbin/ifconfig ${netbird_tun_dev} destroy + fi + fi +} + +netbird_stop_postcmd() { + if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then + logger -s -t netbird "Destroying tunnel interface ${netbird_tun_dev}" + /sbin/ifconfig ${netbird_tun_dev} destroy || \ + logger -s -t netbird "Failed to destroy interface ${netbird_tun_dev}" + fi +} run_rc_command "$1" diff --git a/security/nuclei/Makefile b/security/nuclei/Makefile index 3a2828d806b2..bf4fd87882ba 100644 --- a/security/nuclei/Makefile +++ b/security/nuclei/Makefile @@ -1,6 +1,6 @@ PORTNAME= nuclei DISTVERSIONPREFIX= v -DISTVERSION= 3.4.4 +DISTVERSION= 3.4.5 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/nuclei/distinfo b/security/nuclei/distinfo index a4c3ceade456..e4cf46444ae0 100644 --- a/security/nuclei/distinfo +++ b/security/nuclei/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1749429917 -SHA256 (go/security_nuclei/nuclei-v3.4.4/v3.4.4.mod) = 9e805e04dec4da32e582d774928290dd9b337ec1fd9fe49b5a38dc4f2d8fa9f3 -SIZE (go/security_nuclei/nuclei-v3.4.4/v3.4.4.mod) = 17916 -SHA256 (go/security_nuclei/nuclei-v3.4.4/v3.4.4.zip) = c574a8583455d3faaa9e50d87d24a2b8b283f22fecc796e2a58478c7525dddbd -SIZE (go/security_nuclei/nuclei-v3.4.4/v3.4.4.zip) = 12381056 +TIMESTAMP = 1750899492 +SHA256 (go/security_nuclei/nuclei-v3.4.5/v3.4.5.mod) = 5afbb1c8d97f83b0d2b11bd9bf677f5b88043b95241def65c6cdf11d290bbdbe +SIZE (go/security_nuclei/nuclei-v3.4.5/v3.4.5.mod) = 17916 +SHA256 (go/security_nuclei/nuclei-v3.4.5/v3.4.5.zip) = d88771513264794e0f2acb6c03682492363addc36b92c80330fb25ff747462ac +SIZE (go/security_nuclei/nuclei-v3.4.5/v3.4.5.zip) = 12383461 diff --git a/security/openvas/Makefile b/security/openvas/Makefile index 891a0d409bdd..5181bd1bc773 100644 --- a/security/openvas/Makefile +++ b/security/openvas/Makefile @@ -1,5 +1,6 @@ PORTNAME= openvas DISTVERSION= 23.20.1 +PORTREVISION= 1 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/p5-Crypt-GpgME/Makefile b/security/p5-Crypt-GpgME/Makefile index 75b5ecbf7cd6..41be90383404 100644 --- a/security/p5-Crypt-GpgME/Makefile +++ b/security/p5-Crypt-GpgME/Makefile @@ -1,6 +1,6 @@ PORTNAME= Crypt-GpgME PORTVERSION= 0.09 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security perl5 MASTER_SITES= CPAN PKGNAMEPREFIX= p5- diff --git a/security/p5-Crypt-GpgME/files/patch-lib_Crypt_GpgME.pm b/security/p5-Crypt-GpgME/files/patch-lib_Crypt_GpgME.pm new file mode 100644 index 000000000000..61bb81fa0777 --- /dev/null +++ b/security/p5-Crypt-GpgME/files/patch-lib_Crypt_GpgME.pm @@ -0,0 +1,16 @@ +The trustlist feature, which only worked for a short period in 2003, was +removed in GpgME 2.0.0. + +--- lib/Crypt/GpgME.pm.orig 2009-11-17 22:51:18 UTC ++++ lib/Crypt/GpgME.pm +@@ -226,10 +226,6 @@ Returns a new Crypt::GpgME instance. Throws an excepti + + my $key = $ctx->signers_enum($seq); + +-=head2 trustlist +- +- my @trustlist = $ctx->trustlist($pattern, $maxlevel); +- + =head2 verify + + my ($result, $plain) = $ctx->verify($sig); diff --git a/security/p5-Crypt-GpgME/files/patch-perl__glue_perl__gpgme.c b/security/p5-Crypt-GpgME/files/patch-perl__glue_perl__gpgme.c new file mode 100644 index 000000000000..f8452fcf45dc --- /dev/null +++ b/security/p5-Crypt-GpgME/files/patch-perl__glue_perl__gpgme.c @@ -0,0 +1,42 @@ +The trustlist feature, which only worked for a short period in 2003, was +removed in GpgME 2.0.0. + +--- perl_glue/perl_gpgme.c.orig 2008-04-30 04:10:10 UTC ++++ perl_glue/perl_gpgme.c +@@ -762,36 +762,6 @@ SV * + } + + SV * +-perl_gpgme_hashref_from_trust_item (gpgme_trust_item_t item) { +- SV *sv; +- HV *hv; +- +- hv = newHV (); +- +- if (item->keyid) { +- perl_gpgme_hv_store (hv, "keyid", 5, newSVpv (item->keyid, 0)); +- } +- +- perl_gpgme_hv_store (hv, "type", 4, newSVpv (item->type == 1 ? "key" : "uid", 0)); +- perl_gpgme_hv_store (hv, "level", 5, newSViv (item->level)); +- +- if (item->type == 1 && item->owner_trust) { +- perl_gpgme_hv_store (hv, "owner_trust", 11, newSVpv (item->owner_trust, 0)); +- } +- +- if (item->validity) { +- perl_gpgme_hv_store (hv, "validity", 8, newSVpv (item->validity, 0)); +- } +- +- if (item->type == 2 && item->name) { +- perl_gpgme_hv_store (hv, "name", 4, newSVpv (item->name, 0)); +- } +- +- sv = newRV_noinc ((SV *)hv); +- return sv; +-} +- +-SV * + perl_gpgme_sv_from_status_code (gpgme_status_code_t status) { + int i; + SV *ret = NULL; diff --git a/security/p5-Crypt-GpgME/files/patch-perl__glue_perl__gpgme.h b/security/p5-Crypt-GpgME/files/patch-perl__glue_perl__gpgme.h new file mode 100644 index 000000000000..4b7fa2763638 --- /dev/null +++ b/security/p5-Crypt-GpgME/files/patch-perl__glue_perl__gpgme.h @@ -0,0 +1,14 @@ +The trustlist feature, which only worked for a short period in 2003, was +removed in GpgME 2.0.0. + +--- perl_glue/perl_gpgme.h.orig 2007-12-19 23:55:38 UTC ++++ perl_glue/perl_gpgme.h +@@ -117,8 +117,6 @@ SV *perl_gpgme_hash_algo_to_string (gpgme_hash_algo_t + + SV *perl_gpgme_hash_algo_to_string (gpgme_hash_algo_t algo); + +-SV *perl_gpgme_hashref_from_trust_item (gpgme_trust_item_t item); +- + SV *perl_gpgme_sv_from_status_code (gpgme_status_code_t status); + + SV *perl_gpgme_genkey_result_to_sv (gpgme_genkey_result_t result); diff --git a/security/p5-Crypt-GpgME/files/patch-xs_GpgME.xs b/security/p5-Crypt-GpgME/files/patch-xs_GpgME.xs new file mode 100644 index 000000000000..42f999ad3888 --- /dev/null +++ b/security/p5-Crypt-GpgME/files/patch-xs_GpgME.xs @@ -0,0 +1,35 @@ +The trustlist feature, which only worked for a short period in 2003, was +removed in GpgME 2.0.0. + +--- xs/GpgME.xs.orig 2008-04-30 04:10:27 UTC ++++ xs/GpgME.xs +@@ -453,29 +453,6 @@ gpgme_keylist (ctx, pattern, secret_only=0) + perl_gpgme_assert_error (err); + } + +-void +-gpgme_trustlist (ctx, pattern, max_level) +- gpgme_ctx_t ctx +- const char *pattern +- int max_level +- PREINIT: +- gpgme_error_t err; +- gpgme_trust_item_t item; +- PPCODE: +- err = gpgme_op_trustlist_start (ctx, pattern, max_level); +- perl_gpgme_assert_error (err); +- +- while ((err = gpgme_op_trustlist_next (ctx, &item)) == GPG_ERR_NO_ERROR) { +- XPUSHs (perl_gpgme_hashref_from_trust_item (item)); +- gpgme_trust_item_unref (item); +- } +- +- if (gpg_err_code (err) != GPG_ERR_EOF) { +- perl_gpgme_assert_error (err); +- } +- +- gpgme_op_trustlist_end (ctx); +- + NO_OUTPUT gpgme_error_t + gpgme_engine_check_version (ctx, proto) + perl_gpgme_ctx_or_null_t ctx diff --git a/security/pecl-gnupg/Makefile b/security/pecl-gnupg/Makefile index cad9dd9e5404..dd2eb5172e17 100644 --- a/security/pecl-gnupg/Makefile +++ b/security/pecl-gnupg/Makefile @@ -1,5 +1,6 @@ PORTNAME= gnupg PORTVERSION= 1.5.3 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= sunpoet@FreeBSD.org diff --git a/security/pecl-gnupg/files/patch-gnupg.c b/security/pecl-gnupg/files/patch-gnupg.c new file mode 100644 index 000000000000..fda8f01312fd --- /dev/null +++ b/security/pecl-gnupg/files/patch-gnupg.c @@ -0,0 +1,41 @@ +The trustlist feature has been deprecated in Gpgme since 2003 and was removed +in version 2.0.0. + +--- gnupg.c.orig 2025-06-02 18:54:02 UTC ++++ gnupg.c +@@ -341,7 +341,9 @@ phpc_function_entry gnupg_methods[] = { + PHP_GNUPG_FALIAS(addencryptkey, arginfo_gnupg_key_method) + PHP_GNUPG_FALIAS(adddecryptkey, arginfo_gnupg_key_passphrase_method) + PHP_GNUPG_FALIAS(deletekey, arginfo_gnupg_deletekey_method) ++#if GPGME_VERSION_NUMBER < 0x020000 /* GPGME < 2.0.0 */ + PHP_GNUPG_FALIAS(gettrustlist, arginfo_gnupg_pattern_method) ++#endif + PHP_GNUPG_FALIAS(listsignatures, arginfo_gnupg_keyid_method) + PHP_GNUPG_FALIAS(seterrormode, arginfo_gnupg_errmode_method) + PHPC_FE_END +@@ -483,7 +485,9 @@ static zend_function_entry gnupg_functions[] = { + PHP_FE(gnupg_addencryptkey, arginfo_gnupg_key_function) + PHP_FE(gnupg_adddecryptkey, arginfo_gnupg_key_passphrase_function) + PHP_FE(gnupg_deletekey, arginfo_gnupg_deletekey_function) ++#if GPGME_VERSION_NUMBER < 0x020000 /* GPGME < 2.0.0 */ + PHP_FE(gnupg_gettrustlist, arginfo_gnupg_pattern_function) ++#endif + PHP_FE(gnupg_listsignatures, arginfo_gnupg_keyid_function) + PHP_FE(gnupg_seterrormode, arginfo_gnupg_errmode_function) + PHPC_FE_END +@@ -1936,6 +1940,7 @@ PHP_FUNCTION(gnupg_deletekey) + } + /* }}} */ + ++#if GPGME_VERSION_NUMBER < 0x020000 /* GPGME < 2.0.0 */ + /* {{{ proto array gnupg_gettrustlist(string pattern) + * searching for trust items which match PATTERN + */ +@@ -1980,6 +1985,7 @@ PHP_FUNCTION(gnupg_gettrustlist) + } + } + /* }}} */ ++#endif + + /* {{{ proto array gnupg_listsignatures(string keyid) */ + PHP_FUNCTION(gnupg_listsignatures) diff --git a/security/pinentry/Makefile b/security/pinentry/Makefile index 3ba81d6e22ae..ba10a91f5e8a 100644 --- a/security/pinentry/Makefile +++ b/security/pinentry/Makefile @@ -36,7 +36,7 @@ NCURSES_RUN_DEPENDS= ${PINENTRY_NCURSES}:security/pinentry-curses EFL_DESC= EFL frontend PINENTRY_EFL= pinentry-efl # Due to a dependency loop that exists between security/pinentry-efl, -# devel/elf, graphics/poppler, security/gpgme-cpp, security/gpgme, +# devel/elf, graphics/poppler, security/gpgmepp, security/gpgme, # security/gnupg and security/pinentry, the user must install # pinentry-efl manually. See pkg-message.dep-loop for more details. #EFL_RUN_DEPENDS= ${PINENTRY_EFL}:security/pinentry-efl diff --git a/security/plasma6-kscreenlocker/distinfo b/security/plasma6-kscreenlocker/distinfo index 832f8bbd7964..9b45a355b193 100644 --- a/security/plasma6-kscreenlocker/distinfo +++ b/security/plasma6-kscreenlocker/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750010496 -SHA256 (KDE/plasma/6.4.0/kscreenlocker-6.4.0.tar.xz) = b840202ba6b5bd7832ab2116beee2c8e386fa9b844e6db0e425a84006b6698fa -SIZE (KDE/plasma/6.4.0/kscreenlocker-6.4.0.tar.xz) = 183788 +TIMESTAMP = 1750789611 +SHA256 (KDE/plasma/6.4.1/kscreenlocker-6.4.1.tar.xz) = c849dc939a050a26f270393f8b59e8b86d671983a752e014af7c89a1c955b925 +SIZE (KDE/plasma/6.4.1/kscreenlocker-6.4.1.tar.xz) = 183776 diff --git a/security/plasma6-ksshaskpass/distinfo b/security/plasma6-ksshaskpass/distinfo index 0762978afab7..8196ba2a8c6e 100644 --- a/security/plasma6-ksshaskpass/distinfo +++ b/security/plasma6-ksshaskpass/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750010496 -SHA256 (KDE/plasma/6.4.0/ksshaskpass-6.4.0.tar.xz) = ce3c7ba9f16638eb5e0378821448a84b9a0619228be8196e55c395fd4d743806 -SIZE (KDE/plasma/6.4.0/ksshaskpass-6.4.0.tar.xz) = 30792 +TIMESTAMP = 1750789611 +SHA256 (KDE/plasma/6.4.1/ksshaskpass-6.4.1.tar.xz) = 5495db2d45f9b2ac50a81382f7e38c99ab83d7ea34adcf72b05c260d9d8a3433 +SIZE (KDE/plasma/6.4.1/ksshaskpass-6.4.1.tar.xz) = 30796 diff --git a/security/plasma6-kwallet-pam/Makefile b/security/plasma6-kwallet-pam/Makefile index b4aad08a3703..538b12ebeb1b 100644 --- a/security/plasma6-kwallet-pam/Makefile +++ b/security/plasma6-kwallet-pam/Makefile @@ -1,6 +1,5 @@ PORTNAME= kwallet-pam DISTVERSION= ${KDE_PLASMA_VERSION} -PORTREVISION= 1 CATEGORIES= security kde kde-plasma MAINTAINER= kde@FreeBSD.org diff --git a/security/plasma6-kwallet-pam/distinfo b/security/plasma6-kwallet-pam/distinfo index eb3872634da1..81c94e309bb8 100644 --- a/security/plasma6-kwallet-pam/distinfo +++ b/security/plasma6-kwallet-pam/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750010496 -SHA256 (KDE/plasma/6.4.0/kwallet-pam-6.4.0.tar.xz) = 450e4d6b804c597eb51159000e193688926e4d8225ae19a1627e25d11feb8b5e -SIZE (KDE/plasma/6.4.0/kwallet-pam-6.4.0.tar.xz) = 22396 +TIMESTAMP = 1750789612 +SHA256 (KDE/plasma/6.4.1/kwallet-pam-6.4.1.tar.xz) = 04d4d7075cb93cac10a7e0504836d961c7a2eda4f08987bb500f927200298b7c +SIZE (KDE/plasma/6.4.1/kwallet-pam-6.4.1.tar.xz) = 22400 diff --git a/security/py-certifi/Makefile b/security/py-certifi/Makefile index c1a72415dd68..b4ae106315be 100644 --- a/security/py-certifi/Makefile +++ b/security/py-certifi/Makefile @@ -1,5 +1,5 @@ PORTNAME= certifi -PORTVERSION= 2025.4.26 +PORTVERSION= 2025.6.15 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -10,7 +10,7 @@ WWW= https://github.com/certifi/python-certifi LICENSE= MPL20 -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=0:devel/py-setuptools@${PY_FLAVOR} \ +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=42.0.0:devel/py-setuptools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} USES= python diff --git a/security/py-certifi/distinfo b/security/py-certifi/distinfo index 7bdf8d62e8ce..fe596debd52b 100644 --- a/security/py-certifi/distinfo +++ b/security/py-certifi/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745936214 -SHA256 (certifi-2025.4.26.tar.gz) = 0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6 -SIZE (certifi-2025.4.26.tar.gz) = 160705 +TIMESTAMP = 1750188134 +SHA256 (certifi-2025.6.15.tar.gz) = d747aa5a8b9bbbb1bb8c22bb13e22bd1f18e9796defa16bab421f7f7a317323b +SIZE (certifi-2025.6.15.tar.gz) = 158753 diff --git a/security/py-gpg/Makefile b/security/py-gpg/Makefile new file mode 100644 index 000000000000..582cb579dfc2 --- /dev/null +++ b/security/py-gpg/Makefile @@ -0,0 +1,43 @@ +PORTNAME= gpg +PORTVERSION= 2.0.0 +CATEGORIES= security python +MASTER_SITES= GNUPG/gpgmepy +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} +DISTNAME= gpgmepy-${PORTVERSION} + +MAINTAINER= jhale@FreeBSD.org +COMMENT= Gpgme Python bindings + +LICENSE= LGPL21+ +LICENSE_FILE= ${WRKSRC}/COPYING.LESSER + +BUILD_DEPENDS= swig:devel/swig \ + ${PY_SETUPTOOLS} \ + ${PYTHON_PKGNAMEPREFIX}wheel>0:devel/py-wheel@${PY_FLAVOR} + +LIB_DEPENDS= libassuan.so:security/libassuan \ + libgpg-error.so:security/libgpg-error \ + libgpgme.so:security/gpgme + +USES= gmake pkgconfig python:3.9+ tar:bzip2 +USE_PYTHON= autoplist pep517 + +GNU_CONFIGURE= yes +CONFIGURE_ENV= BSD_PYTHON="${PYTHON_CMD}" \ + BSD_PYTHON_VERSION="${PYTHON_VER}" +TEST_TARGET= check + +# Link src to the project name defined in pyproject.toml to deal with Python +# conventions. This is done in the project build system, but we're just using +# the configure part of the autotools and letting the FreeBSD python USES do +# the main build. +pre-build: + (cd ${BUILD_WRKSRC} && ${LN} -sf src ${PORTNAME}) + +# Avoid patching the src 'copystamp' target, which tries to copy several files +# to their original location, causing errors. ${BUILD_WRKSRC}/copystamp just +# has to exist for the port 'test' target to function for our purposes. +pre-test: + ${TOUCH} ${BUILD_WRKSRC}/copystamp + +.include <bsd.port.mk> diff --git a/security/py-gpg/distinfo b/security/py-gpg/distinfo new file mode 100644 index 000000000000..c0e4e0940c09 --- /dev/null +++ b/security/py-gpg/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1750492472 +SHA256 (gpgmepy-2.0.0.tar.bz2) = 07e1265648ff51da238c9af7a18b3f1dc7b0c66b4f21a72f27c74b396cd3336d +SIZE (gpgmepy-2.0.0.tar.bz2) = 575963 diff --git a/security/py-gpg/files/patch-configure.ac b/security/py-gpg/files/patch-configure.ac new file mode 100644 index 000000000000..d60e14dfd05d --- /dev/null +++ b/security/py-gpg/files/patch-configure.ac @@ -0,0 +1,19 @@ +The configure script automatically detects all versions of Python and builds +the bindings for each found version. This is a problem when building outside +of a clean environment since the ports system can only build a package for one +Python flavor at a time. The found versions of Python are overridden by +environment variables set in the port Makefile. + +--- configure.ac.orig 2025-06-17 08:21:23 UTC ++++ configure.ac +@@ -326,6 +326,10 @@ else + ], :, m4_if(mym4pythonver,[any],[],[python]mym4pythonver)) + ]) + ++ # Override the automatically found Pythons with the selected version from ports. ++ PYTHONS=$BSD_PYTHON ++ PYTHON_VERSIONS=$BSD_PYTHON_VERSION ++ + # Recover some values lost in the second attempt to find Python. + PYTHON="$(echo $PYTHONS | cut -d ' ' -f 1)" + PYTHON_VERSION="$(echo $PYTHON_VERSIONS | cut -d ' ' -f 1)" diff --git a/security/py-gpg/files/patch-pyproject.toml b/security/py-gpg/files/patch-pyproject.toml new file mode 100644 index 000000000000..f2a281e724c2 --- /dev/null +++ b/security/py-gpg/files/patch-pyproject.toml @@ -0,0 +1,13 @@ +Since we don't have a "swig" python package to look for, this breaks the +build. Swig detection, however, is done locally by the ports system and +the configure script. + +--- pyproject.toml.orig 2025-06-17 08:21:23 UTC ++++ pyproject.toml +@@ -59,5 +59,5 @@ content-type = "text/plain" + + [build-system] + # Minimum requirements for the build system to execute. +-requires = ["setuptools", "swig"] ++requires = ["setuptools"] + build-backend = "setuptools.build_meta" diff --git a/security/py-gpg/pkg-descr b/security/py-gpg/pkg-descr new file mode 100644 index 000000000000..331ded45d4d4 --- /dev/null +++ b/security/py-gpg/pkg-descr @@ -0,0 +1,3 @@ +Python bindings for the GpgME library, offering a high-level and curated +interface, as well as an idiomatic interface implemented as a shim, +automatically created using SWIG, on top of the low-level interface. diff --git a/security/py-gpgme/Makefile b/security/py-gpgme/Makefile deleted file mode 100644 index b79f2dd23518..000000000000 --- a/security/py-gpgme/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -PORTREVISION= 0 -CATEGORIES= security python -PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} - -MAINTAINER= jhale@FreeBSD.org -COMMENT= Gpgme Python bindings - -MASTERDIR= ${.CURDIR:H:H}/security/gpgme -PLIST= ${.CURDIR}/pkg-plist - -_GPGME_BINDING= python - -post-install: - ${STRIP_CMD} ${STAGEDIR}${PYTHON_SITELIBDIR}/gpg/_gpgme*.so - -.include "${MASTERDIR}/Makefile" diff --git a/security/py-gpgme/pkg-plist b/security/py-gpgme/pkg-plist deleted file mode 100644 index 8650d7182e84..000000000000 --- a/security/py-gpgme/pkg-plist +++ /dev/null @@ -1,89 +0,0 @@ -%%PYTHON_SITELIBDIR%%/gpg-%%VERSION%%-py%%PYTHON_VER%%.egg-info/PKG-INFO -%%PYTHON_SITELIBDIR%%/gpg-%%VERSION%%-py%%PYTHON_VER%%.egg-info/SOURCES.txt -%%PYTHON_SITELIBDIR%%/gpg-%%VERSION%%-py%%PYTHON_VER%%.egg-info/dependency_links.txt -%%PYTHON_SITELIBDIR%%/gpg-%%VERSION%%-py%%PYTHON_VER%%.egg-info/top_level.txt -%%PYTHON_SITELIBDIR%%/gpg/__init__.py -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/__init__%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/__init__%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/callbacks%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/callbacks%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/core%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/core%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/errors%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/errors%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/gpgme%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/gpgme%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/results%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/results%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/util%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/util%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/version%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/__pycache__/version%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/_gpgme%%PYTHON_TAG%%.so -%%PYTHON_SITELIBDIR%%/gpg/callbacks.py -%%PYTHON_SITELIBDIR%%/gpg/constants/__init__.py -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/__init__%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/__init__%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/create%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/create%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/event%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/event%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/import_type%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/import_type%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/keysign%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/keysign%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/md%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/md%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/pk%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/pk%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/protocol%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/protocol%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/sigsum%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/sigsum%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/status%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/status%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/validity%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/__pycache__/validity%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/create.py -%%PYTHON_SITELIBDIR%%/gpg/constants/data/__init__.py -%%PYTHON_SITELIBDIR%%/gpg/constants/data/__pycache__/__init__%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/data/__pycache__/__init__%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/data/__pycache__/encoding%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/data/__pycache__/encoding%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/data/encoding.py -%%PYTHON_SITELIBDIR%%/gpg/constants/event.py -%%PYTHON_SITELIBDIR%%/gpg/constants/import_type.py -%%PYTHON_SITELIBDIR%%/gpg/constants/keylist/__init__.py -%%PYTHON_SITELIBDIR%%/gpg/constants/keylist/__pycache__/__init__%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/keylist/__pycache__/__init__%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/keylist/__pycache__/mode%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/keylist/__pycache__/mode%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/keylist/mode.py -%%PYTHON_SITELIBDIR%%/gpg/constants/keysign.py -%%PYTHON_SITELIBDIR%%/gpg/constants/md.py -%%PYTHON_SITELIBDIR%%/gpg/constants/pk.py -%%PYTHON_SITELIBDIR%%/gpg/constants/protocol.py -%%PYTHON_SITELIBDIR%%/gpg/constants/sig/__init__.py -%%PYTHON_SITELIBDIR%%/gpg/constants/sig/__pycache__/__init__%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/sig/__pycache__/__init__%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/sig/__pycache__/mode%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/sig/__pycache__/mode%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/sig/__pycache__/notation%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/sig/__pycache__/notation%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/sig/mode.py -%%PYTHON_SITELIBDIR%%/gpg/constants/sig/notation.py -%%PYTHON_SITELIBDIR%%/gpg/constants/sigsum.py -%%PYTHON_SITELIBDIR%%/gpg/constants/status.py -%%PYTHON_SITELIBDIR%%/gpg/constants/tofu/__init__.py -%%PYTHON_SITELIBDIR%%/gpg/constants/tofu/__pycache__/__init__%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/tofu/__pycache__/__init__%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/tofu/__pycache__/policy%%PYTHON_TAG%%.opt-1.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/tofu/__pycache__/policy%%PYTHON_TAG%%.pyc -%%PYTHON_SITELIBDIR%%/gpg/constants/tofu/policy.py -%%PYTHON_SITELIBDIR%%/gpg/constants/validity.py -%%PYTHON_SITELIBDIR%%/gpg/core.py -%%PYTHON_SITELIBDIR%%/gpg/errors.py -%%PYTHON_SITELIBDIR%%/gpg/gpgme.py -%%PYTHON_SITELIBDIR%%/gpg/results.py -%%PYTHON_SITELIBDIR%%/gpg/util.py -%%PYTHON_SITELIBDIR%%/gpg/version.py diff --git a/security/py-webauthn/Makefile b/security/py-webauthn/Makefile index 2c97531fd969..0224d6c5af41 100644 --- a/security/py-webauthn/Makefile +++ b/security/py-webauthn/Makefile @@ -1,5 +1,5 @@ PORTNAME= webauthn -PORTVERSION= 2.5.2 +PORTVERSION= 2.6.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -12,7 +12,7 @@ WWW= https://duo-labs.github.io/py_webauthn/ \ LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=0:devel/py-setuptools@${PY_FLAVOR} \ +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=61.0:devel/py-setuptools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}asn1crypto>=1.5.1:devel/py-asn1crypto@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}cbor2>=5.6.5:devel/py-cbor2@${PY_FLAVOR} \ diff --git a/security/py-webauthn/distinfo b/security/py-webauthn/distinfo index 3490692fa0ea..4b6631072a69 100644 --- a/security/py-webauthn/distinfo +++ b/security/py-webauthn/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1749813110 -SHA256 (webauthn-2.5.2.tar.gz) = 09c13dfc1c68c810f32fa4d89b1d37acb9f9ae9091c9d7019e313be4525a95ef -SIZE (webauthn-2.5.2.tar.gz) = 124114 +TIMESTAMP = 1750188136 +SHA256 (webauthn-2.6.0.tar.gz) = 13cf5b009a64cef569599ffecf24550df1d7c0cd4fbaea870f937148484a80b4 +SIZE (webauthn-2.6.0.tar.gz) = 123608 diff --git a/security/py-webauthn/files/patch-pyproject.toml b/security/py-webauthn/files/patch-pyproject.toml new file mode 100644 index 000000000000..e2799155d521 --- /dev/null +++ b/security/py-webauthn/files/patch-pyproject.toml @@ -0,0 +1,12 @@ +--- pyproject.toml.orig 2025-06-16 22:25:09 UTC ++++ pyproject.toml +@@ -7,8 +7,7 @@ readme = "README.md" + dynamic = ["version"] + description = "Pythonic WebAuthn" + readme = "README.md" +-license = "BSD-3-Clause" +-license-files = ["LICENSE"] ++license = { text = "BSD-3-Clause" } + keywords = ["webauthn", "fido2"] + authors = [{ name = "Duo Labs", email = "labs@duo.com" }] + classifiers = [ diff --git a/security/qgpgme/Makefile b/security/qgpgme/Makefile new file mode 100644 index 000000000000..f45cb981a8f8 --- /dev/null +++ b/security/qgpgme/Makefile @@ -0,0 +1,55 @@ +PORTNAME= qgpgme +PORTVERSION= 2.0.0 +CATEGORIES= security +MASTER_SITES= GNUPG +PKGNAMESUFFIX= -${FLAVOR} + +MAINTAINER= jhale@FreeBSD.org +COMMENT= GnuPG Made Easy (GPGME) Qt bindings +WWW= https://gnupg.org/software/gpgme/index.html + +LICENSE= GPLv2+ +LICENSE_FILE= ${WRKSRC}/COPYING + +LIB_DEPENDS= libgpg-error.so:security/libgpg-error \ + libgpgme.so:security/gpgme \ + libgpgmepp.so:security/gpgmepp + +FLAVORS= qt6 qt5 +FLAVOR?= ${FLAVORS:[1]} + +USES= cmake:testing compiler:c++17-lang pkgconfig \ + qt:${FLAVOR:S|qt||} tar:xz +USE_LDCONFIG= yes +_USE_QT_qt5= core buildtools:build qmake:build testlib:test +_USE_QT_qt6= base +USE_QT= ${_USE_QT_${FLAVOR}} + +CMAKE_ON= BUILD_WITH_${FLAVOR:tu} +_CMAKE_OFF_qt5= BUILD_WITH_QT6 +_CMAKE_OFF_qt6= BUILD_WITH_QT5 +CMAKE_OFF= BUILD_TESTING \ + ${_CMAKE_OFF_${FLAVOR}} + +DOCSDIR= ${PREFIX}/share/doc/${PORTNAME}${PKGNAMESUFFIX} +_PLIST_SUB_qt5= QGPGME_CMAKE_SUFFIX="" \ + QGPGME_LIB_SUFFIX="" +_PLIST_SUB_qt6= QGPGME_CMAKE_SUFFIX="Qt6" \ + QGPGME_LIB_SUFFIX="qt6" +PLIST_SUB= QGPGME_INCLUDE_SUFFIX="${FLAVOR}" \ + ${_PLIST_SUB_${FLAVOR}} + +OPTIONS_DEFINE= DOXYGEN + +DOXYGEN_BUILD_DEPENDS= doxygen:devel/doxygen \ + dot:graphics/graphviz +DOXYGEN_CMAKE_BOOL_OFF= CMAKE_DISABLE_FIND_PACKAGE_Doxygen + +post-install-DOXYGEN-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR}/html + cd ${BUILD_WRKSRC}/doc/html && \ + ${COPYTREE_SHARE} . ${STAGEDIR}${DOCSDIR}/html + @${FIND} -P ${STAGEDIR}${DOCSDIR} -type f 2>/dev/null | \ + ${SED} -ne 's|^${STAGEDIR}${PREFIX}/||p' >> ${TMPPLIST} + +.include <bsd.port.mk> diff --git a/security/qgpgme/distinfo b/security/qgpgme/distinfo new file mode 100644 index 000000000000..86a926dc2776 --- /dev/null +++ b/security/qgpgme/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1750277661 +SHA256 (qgpgme-2.0.0.tar.xz) = 15645b2475cca6118eb2ed331b3a8d9442c9d4019c3846ba3f6d25321b4a61ad +SIZE (qgpgme-2.0.0.tar.xz) = 188552 diff --git a/security/qgpgme/pkg-descr b/security/qgpgme/pkg-descr new file mode 100644 index 000000000000..79dc974a22a3 --- /dev/null +++ b/security/qgpgme/pkg-descr @@ -0,0 +1,15 @@ +QGpgme provides a very high level Qt API around GpgMEpp, the GPGME C++ +bindings. + +There are two general concepts in QGpgME. Data abstraction through +GpgMEpp's Dataprovider interface and the Job pattern. + +Data can be provided with QByteArrayDataProvider or QIODeviceDataProvider +which can be constructed from their respective types. This means you can +pass a QFile, QProcess, QString, etc. directly to GPGME. + +To provide a stable API / ABI and because of historic reasons in libkleo +(where QGpgME was originally developed as an abstract crypto backend), +QGpgME only provides abstract interfaces as public API while the actual +implementation happens in the private QGpgME prefixed classes. + diff --git a/security/gpgme-qt/pkg-plist b/security/qgpgme/pkg-plist index 5fcfbc386950..e4b0eb3711f3 100644 --- a/security/gpgme-qt/pkg-plist +++ b/security/qgpgme/pkg-plist @@ -19,7 +19,6 @@ include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/QGpgME/EncryptJob include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/QGpgME/ExportJob include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/QGpgME/FileListDataProvider include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/QGpgME/GpgCardJob -include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/QGpgME/HierarchicalKeyListJob include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/QGpgME/ImportFromKeyserverJob include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/QGpgME/ImportJob include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/QGpgME/Job @@ -69,7 +68,6 @@ include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/encryptjob.h include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/exportjob.h include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/filelistdataprovider.h include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/gpgcardjob.h -include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/hierarchicalkeylistjob.h include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/importfromkeyserverjob.h include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/importjob.h include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/job.h @@ -100,8 +98,12 @@ include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/wkdlookupjob.h include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/wkdlookupresult.h include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/wkdrefreshjob.h include/qgpgme-%%QGPGME_INCLUDE_SUFFIX%%/qgpgme/wkspublishjob.h +lib/cmake/QGpgme%%QGPGME_CMAKE_SUFFIX%%/FindGpgme.cmake +lib/cmake/QGpgme%%QGPGME_CMAKE_SUFFIX%%/FindLibGpgError.cmake lib/cmake/QGpgme%%QGPGME_CMAKE_SUFFIX%%/QGpgme%%QGPGME_CMAKE_SUFFIX%%Config.cmake lib/cmake/QGpgme%%QGPGME_CMAKE_SUFFIX%%/QGpgme%%QGPGME_CMAKE_SUFFIX%%ConfigVersion.cmake +lib/cmake/QGpgme%%QGPGME_CMAKE_SUFFIX%%/QGpgme%%QGPGME_CMAKE_SUFFIX%%Targets-%%CMAKE_BUILD_TYPE%%.cmake +lib/cmake/QGpgme%%QGPGME_CMAKE_SUFFIX%%/QGpgme%%QGPGME_CMAKE_SUFFIX%%Targets.cmake lib/libqgpgme%%QGPGME_LIB_SUFFIX%%.so lib/libqgpgme%%QGPGME_LIB_SUFFIX%%.so.15 -lib/libqgpgme%%QGPGME_LIB_SUFFIX%%.so.15.6.2 +lib/libqgpgme%%QGPGME_LIB_SUFFIX%%.so.15.7.0 diff --git a/security/rnp/Makefile b/security/rnp/Makefile index c8dc94c9cdac..77944be6a051 100644 --- a/security/rnp/Makefile +++ b/security/rnp/Makefile @@ -1,6 +1,7 @@ PORTNAME= rnp DISTVERSIONPREFIX= v DISTVERSION= 0.18.0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://github.com/rnpgp/${PORTNAME}/releases/download/${DISTVERSIONFULL}/ diff --git a/security/rubygem-gpgme/Makefile b/security/rubygem-gpgme/Makefile index b88403fc738b..01afb9d78c35 100644 --- a/security/rubygem-gpgme/Makefile +++ b/security/rubygem-gpgme/Makefile @@ -1,6 +1,6 @@ PORTNAME= gpgme PORTVERSION= 2.0.24 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-gpgme/files/patch-ext-gpgme-extconf.rb b/security/rubygem-gpgme/files/patch-ext_gpgme_extconf.rb index e14b99204578..e0a3bbcbbf76 100644 --- a/security/rubygem-gpgme/files/patch-ext-gpgme-extconf.rb +++ b/security/rubygem-gpgme/files/patch-ext_gpgme_extconf.rb @@ -1,10 +1,10 @@ ---- ext/gpgme/extconf.rb.orig 2022-10-13 10:24:31 UTC +--- ext/gpgme/extconf.rb.orig 2025-06-24 09:21:26 UTC +++ ext/gpgme/extconf.rb -@@ -60,7 +60,6 @@ follows: +@@ -63,7 +63,6 @@ EOS EOS require 'rubygems' - require 'mini_portile2' - libgpg_error_recipe = MiniPortile.new('libgpg-error', '1.46').tap do |recipe| + libgpg_error_recipe = MiniPortile.new('libgpg-error', '1.47').tap do |recipe| recipe.target = File.join(ROOT, "ports") diff --git a/security/rubygem-gpgme/files/patch-ext_gpgme_gpgme__n.c b/security/rubygem-gpgme/files/patch-ext_gpgme_gpgme__n.c new file mode 100644 index 000000000000..d0c71e09bb17 --- /dev/null +++ b/security/rubygem-gpgme/files/patch-ext_gpgme_gpgme__n.c @@ -0,0 +1,59 @@ +The trustlist feature, which only worked for a short period in 2003, was +removed in GpgME 2.0.0. + +The gpgme_attr_t enums and their functions, which have been marked deprecated +since 2003, were removed in GpgME 2.0.0. + +--- ext/gpgme/gpgme_n.c.orig 2025-06-23 05:28:53 UTC ++++ ext/gpgme/gpgme_n.c +@@ -1633,6 +1633,7 @@ rb_s_gpgme_op_card_edit_start (VALUE dummy, VALUE vctx + return LONG2NUM(err); + } + ++#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000 + static VALUE + rb_s_gpgme_op_trustlist_start (VALUE dummy, VALUE vctx, VALUE vpattern, + VALUE vmax_level) +@@ -1696,6 +1697,7 @@ rb_s_gpgme_op_trustlist_end (VALUE dummy, VALUE vctx) + err = gpgme_op_trustlist_end (ctx); + return LONG2NUM(err); + } ++#endif + + static VALUE + rb_s_gpgme_op_decrypt (VALUE dummy, VALUE vctx, VALUE vcipher, VALUE vplain) +@@ -2558,13 +2560,15 @@ Init_gpgme_n (void) + rb_define_module_function (mGPGME, "gpgme_op_card_edit_start", + rb_s_gpgme_op_card_edit_start, 5); + +- /* Trust Item Management */ ++ /* Trust Item Management removed in 2.0.0 */ ++#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000 + rb_define_module_function (mGPGME, "gpgme_op_trustlist_start", + rb_s_gpgme_op_trustlist_start, 3); + rb_define_module_function (mGPGME, "gpgme_op_trustlist_next", + rb_s_gpgme_op_trustlist_next, 2); + rb_define_module_function (mGPGME, "gpgme_op_trustlist_end", + rb_s_gpgme_op_trustlist_end, 1); ++#endif + + /* Decrypt */ + rb_define_module_function (mGPGME, "gpgme_op_decrypt", +@@ -2805,7 +2809,8 @@ Init_gpgme_n (void) + rb_define_const (mGPGME, "GPGME_SIG_MODE_CLEAR", + INT2FIX(GPGME_SIG_MODE_CLEAR)); + +- /* gpgme_attr_t */ ++ /* gpgme_attr_t removed in 2.0.0 */ ++#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000 + rb_define_const (mGPGME, "GPGME_ATTR_KEYID", + INT2FIX(GPGME_ATTR_KEYID)); + rb_define_const (mGPGME, "GPGME_ATTR_FPR", +@@ -2868,6 +2873,7 @@ Init_gpgme_n (void) + INT2FIX(GPGME_ATTR_ERRTOK)); + rb_define_const (mGPGME, "GPGME_ATTR_SIG_SUMMARY", + INT2FIX(GPGME_ATTR_SIG_SUMMARY)); ++#endif + + /* gpgme_validity_t */ + rb_define_const (mGPGME, "GPGME_VALIDITY_UNKNOWN", diff --git a/security/rubygem-gpgme/files/patch-lib_gpgme_constants.rb b/security/rubygem-gpgme/files/patch-lib_gpgme_constants.rb new file mode 100644 index 000000000000..19766f99d845 --- /dev/null +++ b/security/rubygem-gpgme/files/patch-lib_gpgme_constants.rb @@ -0,0 +1,75 @@ +The gpgme_attr_t enums and their functions, which have been marked deprecated +since 2003, were removed in GpgME 2.0.0. + +--- lib/gpgme/constants.rb.orig 2025-06-23 05:42:19 UTC ++++ lib/gpgme/constants.rb +@@ -1,36 +1,38 @@ module GPGME + module GPGME + +- ATTR_ALGO = GPGME_ATTR_ALGO +- ATTR_CAN_CERTIFY = GPGME_ATTR_CAN_CERTIFY +- ATTR_CAN_ENCRYPT = GPGME_ATTR_CAN_ENCRYPT +- ATTR_CAN_SIGN = GPGME_ATTR_CAN_SIGN +- ATTR_CHAINID = GPGME_ATTR_CHAINID +- ATTR_COMMENT = GPGME_ATTR_COMMENT +- ATTR_CREATED = GPGME_ATTR_CREATED +- ATTR_EMAIL = GPGME_ATTR_EMAIL +- ATTR_ERRTOK = GPGME_ATTR_ERRTOK +- ATTR_EXPIRE = GPGME_ATTR_EXPIRE +- ATTR_FPR = GPGME_ATTR_FPR +- ATTR_ISSUER = GPGME_ATTR_ISSUER +- ATTR_IS_SECRET = GPGME_ATTR_IS_SECRET +- ATTR_KEYID = GPGME_ATTR_KEYID +- ATTR_KEY_CAPS = GPGME_ATTR_KEY_CAPS +- ATTR_KEY_DISABLED = GPGME_ATTR_KEY_DISABLED +- ATTR_KEY_EXPIRED = GPGME_ATTR_KEY_EXPIRED +- ATTR_KEY_INVALID = GPGME_ATTR_KEY_INVALID +- ATTR_KEY_REVOKED = GPGME_ATTR_KEY_REVOKED +- ATTR_LEN = GPGME_ATTR_LEN +- ATTR_LEVEL = GPGME_ATTR_LEVEL +- ATTR_NAME = GPGME_ATTR_NAME +- ATTR_OTRUST = GPGME_ATTR_OTRUST +- ATTR_SERIAL = GPGME_ATTR_SERIAL +- ATTR_SIG_STATUS = GPGME_ATTR_SIG_STATUS +- ATTR_SIG_SUMMARY = GPGME_ATTR_SIG_SUMMARY +- ATTR_TYPE = GPGME_ATTR_TYPE +- ATTR_UID_INVALID = GPGME_ATTR_UID_INVALID +- ATTR_UID_REVOKED = GPGME_ATTR_UID_REVOKED +- ATTR_USERID = GPGME_ATTR_USERID +- ATTR_VALIDITY = GPGME_ATTR_VALIDITY ++ if defined?(GPGME_ATTR_ALGO) ++ ATTR_ALGO = GPGME_ATTR_ALGO ++ ATTR_CAN_CERTIFY = GPGME_ATTR_CAN_CERTIFY ++ ATTR_CAN_ENCRYPT = GPGME_ATTR_CAN_ENCRYPT ++ ATTR_CAN_SIGN = GPGME_ATTR_CAN_SIGN ++ ATTR_CHAINID = GPGME_ATTR_CHAINID ++ ATTR_COMMENT = GPGME_ATTR_COMMENT ++ ATTR_CREATED = GPGME_ATTR_CREATED ++ ATTR_EMAIL = GPGME_ATTR_EMAIL ++ ATTR_ERRTOK = GPGME_ATTR_ERRTOK ++ ATTR_EXPIRE = GPGME_ATTR_EXPIRE ++ ATTR_FPR = GPGME_ATTR_FPR ++ ATTR_ISSUER = GPGME_ATTR_ISSUER ++ ATTR_IS_SECRET = GPGME_ATTR_IS_SECRET ++ ATTR_KEYID = GPGME_ATTR_KEYID ++ ATTR_KEY_CAPS = GPGME_ATTR_KEY_CAPS ++ ATTR_KEY_DISABLED = GPGME_ATTR_KEY_DISABLED ++ ATTR_KEY_EXPIRED = GPGME_ATTR_KEY_EXPIRED ++ ATTR_KEY_INVALID = GPGME_ATTR_KEY_INVALID ++ ATTR_KEY_REVOKED = GPGME_ATTR_KEY_REVOKED ++ ATTR_LEN = GPGME_ATTR_LEN ++ ATTR_LEVEL = GPGME_ATTR_LEVEL ++ ATTR_NAME = GPGME_ATTR_NAME ++ ATTR_OTRUST = GPGME_ATTR_OTRUST ++ ATTR_SERIAL = GPGME_ATTR_SERIAL ++ ATTR_SIG_STATUS = GPGME_ATTR_SIG_STATUS ++ ATTR_SIG_SUMMARY = GPGME_ATTR_SIG_SUMMARY ++ ATTR_TYPE = GPGME_ATTR_TYPE ++ ATTR_UID_INVALID = GPGME_ATTR_UID_INVALID ++ ATTR_UID_REVOKED = GPGME_ATTR_UID_REVOKED ++ ATTR_USERID = GPGME_ATTR_USERID ++ ATTR_VALIDITY = GPGME_ATTR_VALIDITY ++ end + DATA_ENCODING_ARMOR = GPGME_DATA_ENCODING_ARMOR + DATA_ENCODING_BASE64 = GPGME_DATA_ENCODING_BASE64 + DATA_ENCODING_BINARY = GPGME_DATA_ENCODING_BINARY diff --git a/security/rubygem-rasn1/Makefile b/security/rubygem-rasn1/Makefile index 5a7fc4753d36..a9dda07d9e6f 100644 --- a/security/rubygem-rasn1/Makefile +++ b/security/rubygem-rasn1/Makefile @@ -1,5 +1,5 @@ PORTNAME= rasn1 -PORTVERSION= 0.15.0 +PORTVERSION= 0.16.0 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-rasn1/distinfo b/security/rubygem-rasn1/distinfo index 4cd85543dcce..a19adb8a6d67 100644 --- a/security/rubygem-rasn1/distinfo +++ b/security/rubygem-rasn1/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1736671257 -SHA256 (rubygem/rasn1-0.15.0.gem) = 6d3a8c94f8dbdbdc346f1a17ad905e99bbe6c754b1effba80d857b94f8ce5600 -SIZE (rubygem/rasn1-0.15.0.gem) = 29696 +TIMESTAMP = 1750188250 +SHA256 (rubygem/rasn1-0.16.0.gem) = c3f482cd6163822f98f31e3397b0528f3abe1f244093095abf0946e656be5c2b +SIZE (rubygem/rasn1-0.16.0.gem) = 29696 diff --git a/security/seahorse/Makefile b/security/seahorse/Makefile index 86fdecd11037..76b93450b3f5 100644 --- a/security/seahorse/Makefile +++ b/security/seahorse/Makefile @@ -1,10 +1,13 @@ PORTNAME= seahorse PORTVERSION= 41.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security gnome MASTER_SITES= GNOME DIST_SUBDIR= gnome +PATCH_SITES= https://gitlab.gnome.org/GNOME/seahorse/-/commit/ +PATCHFILES+= aa68522cc696fa491ccfdff735b77bcf113168d0.patch:-p1 # Fix build with GpgME 2.0.0 + MAINTAINER= gnome@FreeBSD.org COMMENT= GNOME application for managing encryption keys (PGP, SSH) WWW= https://wiki.gnome.org/Apps/Seahorse diff --git a/security/seahorse/distinfo b/security/seahorse/distinfo index 2a5f46d36685..614fbb838ea0 100644 --- a/security/seahorse/distinfo +++ b/security/seahorse/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1633281709 +TIMESTAMP = 1750438455 SHA256 (gnome/seahorse-41.0.tar.xz) = e6eec09e810448295f547f18c1d5772b65c3edc1d9e5a2595f10b5dde68929f5 SIZE (gnome/seahorse-41.0.tar.xz) = 1371984 +SHA256 (gnome/aa68522cc696fa491ccfdff735b77bcf113168d0.patch) = 026b9ab0bce4b670cc3dd0910cdd5551e5965a32f07e19374c944fd7624bea78 +SIZE (gnome/aa68522cc696fa491ccfdff735b77bcf113168d0.patch) = 715 diff --git a/security/tscli/Makefile b/security/tscli/Makefile index d86f970157cc..dc2147eb3484 100644 --- a/security/tscli/Makefile +++ b/security/tscli/Makefile @@ -1,7 +1,6 @@ PORTNAME= tscli DISTVERSIONPREFIX= v -DISTVERSION= 0.0.7 -PORTREVISION= 1 +DISTVERSION= 0.0.8 CATEGORIES= security MAINTAINER= dtxdf@FreeBSD.org diff --git a/security/tscli/distinfo b/security/tscli/distinfo index e938f26fd9d2..efb08192281b 100644 --- a/security/tscli/distinfo +++ b/security/tscli/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1748984412 -SHA256 (go/security_tscli/tscli-v0.0.7/v0.0.7.mod) = 7a2fdc5e3af52d5109a5e92304981f0504d30dc6d8b60ce0f7e77aad321a7cb6 -SIZE (go/security_tscli/tscli-v0.0.7/v0.0.7.mod) = 2490 -SHA256 (go/security_tscli/tscli-v0.0.7/v0.0.7.zip) = 6e2e69078b0c442f70c0bfc048c2c1f4043445031ae183aea95c58bbaa17422d -SIZE (go/security_tscli/tscli-v0.0.7/v0.0.7.zip) = 90576 +TIMESTAMP = 1750799402 +SHA256 (go/security_tscli/tscli-v0.0.8/v0.0.8.mod) = af60e402176095e07127536838df7fdce64b4a840bbb23869ac208c04d476f5f +SIZE (go/security_tscli/tscli-v0.0.8/v0.0.8.mod) = 2796 +SHA256 (go/security_tscli/tscli-v0.0.8/v0.0.8.zip) = 885f4c2b781c29c4b4d53ead18a07b7efcfd68c504996346553b91255a234e50 +SIZE (go/security_tscli/tscli-v0.0.8/v0.0.8.zip) = 92477 diff --git a/security/vuls/Makefile b/security/vuls/Makefile index 9e88ccf86b2f..f2f41cbbf54c 100644 --- a/security/vuls/Makefile +++ b/security/vuls/Makefile @@ -1,7 +1,6 @@ PORTNAME= vuls DISTVERSIONPREFIX=v -DISTVERSION= 0.32.0 -PORTREVISION= 2 +DISTVERSION= 0.33.1 CATEGORIES= security MAINTAINER= girgen@FreeBSD.org @@ -25,6 +24,9 @@ SUB_LIST= PORTNAME=${PORTNAME} USERS=${USERS} GROUPS=${GROUPS} USERS= vuls GROUPS= vuls +NOT_FOR_ARCHS= i386 +NOT_FOR_ARCHS_REASON_i386= https://gitlab.com/cznic/libc/-/issues/45 + post-patch: @${REINPLACE_CMD} -e 's,%%ETCDIR%%,${ETCDIR},' \ ${WRKSRC}/subcmds/configtest.go \ diff --git a/security/vuls/distinfo b/security/vuls/distinfo index 171f6cc2ca7b..1524e85119a6 100644 --- a/security/vuls/distinfo +++ b/security/vuls/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1747479508 -SHA256 (go/security_vuls/vuls-v0.32.0/v0.32.0.mod) = e3091e79324dcdd3e3c2959a3b9fa4ab03fc4d53a0ce41a76fc793a68b57302e -SIZE (go/security_vuls/vuls-v0.32.0/v0.32.0.mod) = 20795 -SHA256 (go/security_vuls/vuls-v0.32.0/v0.32.0.zip) = 1eed06de6c88de618a25184d843010c76b30b77a8e554f028a2700a5e267266b -SIZE (go/security_vuls/vuls-v0.32.0/v0.32.0.zip) = 1389053 +TIMESTAMP = 1750837237 +SHA256 (go/security_vuls/vuls-v0.33.1/v0.33.1.mod) = cffef0d92a21a68ae82e1eeb7dbf6504887496b042af76cb182e1e3fba9ece20 +SIZE (go/security_vuls/vuls-v0.33.1/v0.33.1.mod) = 20804 +SHA256 (go/security_vuls/vuls-v0.33.1/v0.33.1.zip) = 0bca1fe58726ef06e60e98d0849baff1c2aff6e1bd0de3722fe64314efec49c3 +SIZE (go/security_vuls/vuls-v0.33.1/v0.33.1.zip) = 1401641 diff --git a/security/vuls/files/patch-vendor_gorm.io_gorm_internal_stmt_store_stmt_store.go b/security/vuls/files/patch-vendor_gorm.io_gorm_internal_stmt_store_stmt_store.go deleted file mode 100644 index a249bd5099ae..000000000000 --- a/security/vuls/files/patch-vendor_gorm.io_gorm_internal_stmt_store_stmt_store.go +++ /dev/null @@ -1,29 +0,0 @@ -commit 8c4e8e2d2a63ef019048bd988a2016948605920b -Author: iTanken <23544702+iTanken@users.noreply.github.com> -Date: Sun Apr 27 14:05:16 2025 +0800 - - fix: int type variable defaultMaxSize overflows in 32-bit environment (#7439) - - Refs: #7435 - -diff --git a/internal/stmt_store/stmt_store.go b/internal/stmt_store/stmt_store.go -index 7068419..a82b2cf 100644 ---- vendor/gorm.io/gorm/internal/stmt_store/stmt_store.go -+++ vendor/gorm.io/gorm/internal/stmt_store/stmt_store.go -@@ -3,6 +3,7 @@ package stmt_store - import ( - "context" - "database/sql" -+ "math" - "sync" - "time" - -@@ -73,7 +74,7 @@ type Store interface { - // the cache can theoretically store as many elements as possible. - // (1 << 63) - 1 is the maximum value that an int64 type can represent. - const ( -- defaultMaxSize = (1 << 63) - 1 -+ defaultMaxSize = math.MaxInt - // defaultTTL defines the default time-to-live (TTL) for each cache entry. - // When the TTL for cache entries is not specified, each cache entry will expire after 24 hours. - defaultTTL = time.Hour * 24 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 7ddafc13c211..a13b0b1015ce 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,235 @@ + <vuln vid="5e64770c-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior</topic> + <affects> + <package> + <name>mongodb60</name> + <range><lt>6.0.21</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.17</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@mongodb.com reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-106746"> + <p>An authenticated user may trigger a use after free that may result + in MongoDB Server crash and other unexpected behavior, even if the + user does not have authorization to shut down a server. The crash + is triggered on affected versions by issuing an aggregation framework + operation using a specific combination of rarely-used aggregation + pipeline expressions. This issue affects MongoDB Server v6.0 version + prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and + MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is + enabled.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6706</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6706</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="5cd2bd2b-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Race condition in privilege cache invalidation cycle</topic> + <affects> + <package> + <name>mongodb50</name> + <range><lt>5.0.31</lt></range> + </package> + <package> + <name>mongodb60</name> + <range><lt>6.0.24</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.21</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>NVD reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6707"> + <p>Under certain conditions, an authenticated user request + may execute with stale privileges following an intentional + change by an authorized administrator.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6707</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6707</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="5b87eef6-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication</topic> + <affects> + <package> + <name>mongodb60</name> + <range><lt>6.0.21</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.17</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>NVD reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6709"> + <p>The MongoDB Server is susceptible to a denial of service + vulnerability due to improper handling of specific date + values in JSON input when using OIDC authentication. + This can be reproduced using the mongo shell to send a + malicious JSON payload leading to an invariant failure + and server crash. </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6709</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6709</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="59ed4b19-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB</topic> + <affects> + <package> + <name>mongodb70</name> + <range><lt>7.0.17</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@mongodb.com reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-106749"> + <p>MongoDB Server may be susceptible to stack overflow due to JSON + parsing mechanism, where specifically crafted JSON inputs may induce + unwarranted levels of recursion, resulting in excessive stack space + consumption. Such inputs can lead to a stack overflow that causes + the server to crash which could occur pre-authorisation. This issue + affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB + Server v8.0 versions prior to 8.0.5. + The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, + but an attacker can only induce denial of service after authenticating.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6710</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6710</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="e26608ff-5266-11f0-b522-b42e991fc52e"> + <topic>kanboard -- Password Reset Poisoning via Host Header Injection</topic> + <affects> + <package> + <name>kanboard</name> + <range><lt>1.2.45</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>GitHub Security Advisories reports:</p> + <blockquote cite="null"> + <p> + Kanboard allows password reset emails to be sent with URLs + derived from the unvalidated Host header when the + application_url configuration is unset (default behavior). + This allows an attacker to craft a malicious password + reset link that leaks the token to an attacker-controlled + domain. If a victim (including an administrator) clicks + the poisoned link, their account can be taken over. This + affects all users who initiate a password reset while + application_url is not set. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-52560</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-52560</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="d45dabd9-5232-11f0-9ca4-2cf05da270f3"> + <topic>Gitlab -- Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.1.0</ge><lt>18.1.1</lt></range> + <range><ge>18.0.0</ge><lt>18.0.3</lt></range> + <range><ge>16.10.0</ge><lt>17.11.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/06/25/patch-release-gitlab-18-1-1-released/"> + <p>Denial of Service impacts GitLab CE/EE</p> + <p>Missing Authentication issue impacts GitLab CE/EE</p> + <p>Improper access control issue impacts GitLab CE/EE</p> + <p>Elevation of Privilege impacts GitLab CE/EE</p> + <p>Improper access control issue impacts GitLab EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-3279</cvename> + <cvename>CVE-2025-1754</cvename> + <cvename>CVE-2025-5315</cvename> + <cvename>CVE-2025-2938</cvename> + <cvename>CVE-2025-5846</cvename> + <url>https://about.gitlab.com/releases/2025/06/25/patch-release-gitlab-18-1-1-released/</url> + </references> + <dates> + <discovery>2025-06-25</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + <vuln vid="03ba1cdd-4faf-11f0-af06-00a098b42aeb"> <topic>cisco -- OpenH264 Decoding Functions Heap Overflow Vulnerability</topic> <affects> @@ -2045,7 +2277,7 @@ </vuln> <vuln vid="a8a1a8e7-2e85-11f0-a989-b42e991fc52e"> - <topic>Mozilla -- memory corrupton</topic> + <topic>Mozilla -- memory corruption</topic> <affects> <package> <name>firefox</name> @@ -2215,7 +2447,7 @@ </vuln> <vuln vid="9c37a02e-2e85-11f0-a989-b42e991fc52e"> - <topic>Mozilla -- javescript content execution</topic> + <topic>Mozilla -- javascript content execution</topic> <affects> <package> <name>firefox</name> diff --git a/security/wpa_supplicant-devel/Makefile b/security/wpa_supplicant-devel/Makefile index f4456e429e42..5aee9e01aadb 100644 --- a/security/wpa_supplicant-devel/Makefile +++ b/security/wpa_supplicant-devel/Makefile @@ -1,6 +1,5 @@ PORTNAME= wpa_supplicant PORTVERSION= ${COMMIT_DATE} -PORTREVISION= 1 CATEGORIES= security net PKGNAMESUFFIX= -devel @@ -11,8 +10,8 @@ WWW= https://w1.fi/wpa_supplicant/ USE_GITHUB= yes GH_ACCOUNT= cschuber GH_PROJECT= hostap -GH_TAGNAME= 54930b62b -COMMIT_DATE= 2025.05.08 +GH_TAGNAME= 0b60826a6 +COMMIT_DATE= 2025.06.25 LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/README diff --git a/security/wpa_supplicant-devel/distinfo b/security/wpa_supplicant-devel/distinfo index 4eabde753e8c..dcac53e1a70b 100644 --- a/security/wpa_supplicant-devel/distinfo +++ b/security/wpa_supplicant-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1747800845 -SHA256 (cschuber-hostap-2025.05.08-54930b62b_GH0.tar.gz) = 945b6a16ef7e6071309f1aa02168e05de26ec91b7e4cf8f6eb556fcd649012bb -SIZE (cschuber-hostap-2025.05.08-54930b62b_GH0.tar.gz) = 5291910 +TIMESTAMP = 1750881106 +SHA256 (cschuber-hostap-2025.06.25-0b60826a6_GH0.tar.gz) = 308a2a3a1edf5154a6d44dfa6dc07d9cf61d6bef54be16cdd76683984c83bf7e +SIZE (cschuber-hostap-2025.06.25-0b60826a6_GH0.tar.gz) = 5313294 |