diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/gnutls/Makefile | 18 | ||||
| -rw-r--r-- | security/gnutls/distinfo | 8 | ||||
| -rw-r--r-- | security/gnutls/files/patch-lib_system_ktls.c | 18 | ||||
| -rw-r--r-- | security/gnutls/pkg-plist | 2 | ||||
| -rw-r--r-- | security/kf6-kdesu/distinfo | 6 | ||||
| -rw-r--r-- | security/plasma6-kscreenlocker/distinfo | 6 | ||||
| -rw-r--r-- | security/plasma6-ksshaskpass/distinfo | 6 | ||||
| -rw-r--r-- | security/plasma6-kwallet-pam/distinfo | 6 | ||||
| -rw-r--r-- | security/seahorse/Makefile | 10 | ||||
| -rw-r--r-- | security/seahorse/distinfo | 6 | ||||
| -rw-r--r-- | security/seahorse/pkg-plist | 49 | ||||
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 76 | ||||
| -rw-r--r-- | security/wazuh-manager/Makefile | 2 |
13 files changed, 178 insertions, 35 deletions
diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index 7f9712b57b9d..1a372e5bb819 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,7 +1,10 @@ PORTNAME= gnutls -DISTVERSION= 3.8.9 +DISTVERSION= 3.8.10 CATEGORIES= security net -MASTER_SITES= GNUPG/${PORTNAME}/v${DISTVERSION:C/(\.[^.]*).*/\1/} +MASTER_SITES= GNUPG/${PORTNAME}/v${DISTVERSION:C/(\.[^.]*).*/\1/} \ + https://gitlab.com/gnutls/gnutls/-/raw/${DISTVERSION}/tests/:test +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ktls_utils.h:test +EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= tijl@FreeBSD.org COMMENT= GNU Transport Layer Security library @@ -12,10 +15,12 @@ LICENSE_COMB= multi LICENSE_FILE_GPLv3+ = ${WRKSRC}/COPYING LICENSE_FILE_LGPL21+ = ${WRKSRC}/COPYING.LESSERv2 -LIB_DEPENDS= libgmp.so:math/gmp \ +LIB_DEPENDS= libbrotlienc.so:archivers/brotli \ + libgmp.so:math/gmp \ libnettle.so:security/nettle \ libtasn1.so:security/libtasn1 \ - libunistring.so:devel/libunistring + libunistring.so:devel/libunistring \ + libzstd.so:archivers/zstd USES= compiler:c11 cpe gmake iconv libtool localbase makeinfo \ pkgconfig tar:xz @@ -28,11 +33,11 @@ CONFIGURE_ARGS= --disable-rpath \ --enable-openssl-compatibility \ --with-default-trust-store-dir=/etc/ssl/certs \ --with-system-priority-file=${PREFIX}/etc/gnutls/config \ - --without-brotli \ + --with-brotli \ --without-included-libtasn1 \ --without-tpm \ --without-tpm2 \ - --without-zstd + --with-zstd MAKE_ENV= MAKEINFOFLAGS=--no-split INSTALL_TARGET= install-strip @@ -73,6 +78,7 @@ P11KIT_CONFIGURE_WITH= p11-kit SRP_CONFIGURE_ENABLE= srp-authentication post-patch: + @${CP} -p ${DISTDIR}/ktls_utils.h ${WRKSRC}/tests/ @${RM} ${WRKSRC}/doc/*.info* @${REINPLACE_CMD} 's,/usr/share,${PREFIX}/share,' \ ${WRKSRC}/doc/manpages/*.[13] diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index fe6e2e9317b8..a67d8f2ab573 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1739176636 -SHA256 (gnutls-3.8.9.tar.xz) = 69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed -SIZE (gnutls-3.8.9.tar.xz) = 6847364 +TIMESTAMP = 1752249814 +SHA256 (gnutls-3.8.10.tar.xz) = db7fab7cce791e7727ebbef2334301c821d79a550ec55c9ef096b610b03eb6b7 +SIZE (gnutls-3.8.10.tar.xz) = 6909856 +SHA256 (ktls_utils.h) = e41d33289c63573c59d2d02b4110a2f63651add28001031e6dc20327d096b734 +SIZE (ktls_utils.h) = 1983 diff --git a/security/gnutls/files/patch-lib_system_ktls.c b/security/gnutls/files/patch-lib_system_ktls.c new file mode 100644 index 000000000000..3c0dbc6a8734 --- /dev/null +++ b/security/gnutls/files/patch-lib_system_ktls.c @@ -0,0 +1,18 @@ +--- lib/system/ktls.c.orig 2025-04-11 11:51:08 UTC ++++ lib/system/ktls.c +@@ -1076,6 +1076,7 @@ int _gnutls_ktls_recv_control_msg(gnutls_session_t ses + default: + return GNUTLS_E_PULL_ERROR; + } ++#ifdef EKEYEXPIRED + } else if (unlikely(ret == -EKEYEXPIRED)) { + /* This will be received until a keyupdate is performed on the + scoket. */ +@@ -1083,6 +1084,7 @@ int _gnutls_ktls_recv_control_msg(gnutls_session_t ses + "updated keys\n"); + gnutls_assert(); + return GNUTLS_E_AGAIN; ++#endif + } + + /* connection closed */ diff --git a/security/gnutls/pkg-plist b/security/gnutls/pkg-plist index 14edcf814711..45fd3c64ee3a 100644 --- a/security/gnutls/pkg-plist +++ b/security/gnutls/pkg-plist @@ -35,7 +35,7 @@ lib/libgnutls-openssl.so.27 lib/libgnutls-openssl.so.27.0.2 lib/libgnutls.so lib/libgnutls.so.30 -lib/libgnutls.so.30.40.3 +lib/libgnutls.so.30.40.4 lib/libgnutlsxx.so lib/libgnutlsxx.so.30 lib/libgnutlsxx.so.30.0.0 diff --git a/security/kf6-kdesu/distinfo b/security/kf6-kdesu/distinfo index bea35261fd90..52e78e907b29 100644 --- a/security/kf6-kdesu/distinfo +++ b/security/kf6-kdesu/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1749476629 -SHA256 (KDE/frameworks/6.15/kdesu-6.15.0.tar.xz) = 9eb4c11a1742af2cb17cf1e7e18bb0fbdb45ee16f083739c418cbe9d45af1806 -SIZE (KDE/frameworks/6.15/kdesu-6.15.0.tar.xz) = 57012 +TIMESTAMP = 1752529520 +SHA256 (KDE/frameworks/6.16/kdesu-6.16.0.tar.xz) = f9cbfae88596cfd00b269744c89a042dfbc048273e35f1c7e158429db55c8d68 +SIZE (KDE/frameworks/6.16/kdesu-6.16.0.tar.xz) = 57016 diff --git a/security/plasma6-kscreenlocker/distinfo b/security/plasma6-kscreenlocker/distinfo index b29b38d6d151..cd888278e07e 100644 --- a/security/plasma6-kscreenlocker/distinfo +++ b/security/plasma6-kscreenlocker/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751380541 -SHA256 (KDE/plasma/6.4.2/kscreenlocker-6.4.2.tar.xz) = ef2bc8c2f1f0df75c67778c4208a5ee02c0546356ef8352dd1ffdee867283cc4 -SIZE (KDE/plasma/6.4.2/kscreenlocker-6.4.2.tar.xz) = 183732 +TIMESTAMP = 1752584471 +SHA256 (KDE/plasma/6.4.3/kscreenlocker-6.4.3.tar.xz) = 3441174426fd18524ca59fa2246f9ee99c31dec0fd89eaa79705e6a32d1dcac3 +SIZE (KDE/plasma/6.4.3/kscreenlocker-6.4.3.tar.xz) = 183744 diff --git a/security/plasma6-ksshaskpass/distinfo b/security/plasma6-ksshaskpass/distinfo index 87b4a2ee1759..85e6bb88f3e3 100644 --- a/security/plasma6-ksshaskpass/distinfo +++ b/security/plasma6-ksshaskpass/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751380542 -SHA256 (KDE/plasma/6.4.2/ksshaskpass-6.4.2.tar.xz) = 6ef3811239c2ec505859f6c483927d6d69a59fbd8d6da41b385a977c231efffc -SIZE (KDE/plasma/6.4.2/ksshaskpass-6.4.2.tar.xz) = 30792 +TIMESTAMP = 1752584472 +SHA256 (KDE/plasma/6.4.3/ksshaskpass-6.4.3.tar.xz) = 965f89a01aa91c07ed5b8aed2be3521f88e98b22e1277846f12440c9760baf10 +SIZE (KDE/plasma/6.4.3/ksshaskpass-6.4.3.tar.xz) = 30796 diff --git a/security/plasma6-kwallet-pam/distinfo b/security/plasma6-kwallet-pam/distinfo index 3eb96bb2863b..2311ddd3d4b4 100644 --- a/security/plasma6-kwallet-pam/distinfo +++ b/security/plasma6-kwallet-pam/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751380542 -SHA256 (KDE/plasma/6.4.2/kwallet-pam-6.4.2.tar.xz) = fc5578ae860d74ce7695cf0b561a72bcf4730636694d8debfc10c85e97296ae9 -SIZE (KDE/plasma/6.4.2/kwallet-pam-6.4.2.tar.xz) = 22396 +TIMESTAMP = 1752584472 +SHA256 (KDE/plasma/6.4.3/kwallet-pam-6.4.3.tar.xz) = 08151ca03e7b8a8e7696927e3aadc3095cf48081748c983798dac35ab5fd0cde +SIZE (KDE/plasma/6.4.3/kwallet-pam-6.4.3.tar.xz) = 22396 diff --git a/security/seahorse/Makefile b/security/seahorse/Makefile index 76b93450b3f5..d7ff8f7417ed 100644 --- a/security/seahorse/Makefile +++ b/security/seahorse/Makefile @@ -1,6 +1,5 @@ PORTNAME= seahorse -PORTVERSION= 41.0 -PORTREVISION= 4 +PORTVERSION= 47.0.1 CATEGORIES= security gnome MASTER_SITES= GNOME DIST_SUBDIR= gnome @@ -10,7 +9,8 @@ PATCHFILES+= aa68522cc696fa491ccfdff735b77bcf113168d0.patch:-p1 # Fix build with MAINTAINER= gnome@FreeBSD.org COMMENT= GNOME application for managing encryption keys (PGP, SSH) -WWW= https://wiki.gnome.org/Apps/Seahorse +WWW= https://wiki.gnome.org/Apps/Seahorse \ + https://gitlab.gnome.org/GNOME/seahorse LICENSE= GPLv2 LICENSE_FILE= ${WRKSRC}/COPYING @@ -22,11 +22,12 @@ LIB_DEPENDS= libgcr-base-3.so:security/gcr3 \ libhandy-1.so:x11-toolkits/libhandy \ libpwquality.so:security/libpwquality \ libsecret-1.so:security/libsecret \ - libsoup-2.4.so:devel/libsoup + libsoup-3.0.so:devel/libsoup3 RUN_DEPENDS= gnupg>=2.1.4:security/gnupg USES= cpe gettext gnome localbase:ldflags meson pkgconfig \ python:build tar:xz vala:build xorg +CPE_VENDOR= gnome USE_CSTD= c99 USE_GNOME= gtk30 GLIB_SCHEMAS= org.gnome.seahorse.gschema.xml \ @@ -34,7 +35,6 @@ GLIB_SCHEMAS= org.gnome.seahorse.gschema.xml \ org.gnome.seahorse.window.gschema.xml USE_LDCONFIG= yes USE_XORG= sm -CPE_VENDOR= gnome MESON_ARGS= -Dcheck-compatible-gpg=false \ -Dhkp-support=true \ diff --git a/security/seahorse/distinfo b/security/seahorse/distinfo index 614fbb838ea0..a57013811960 100644 --- a/security/seahorse/distinfo +++ b/security/seahorse/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1750438455 -SHA256 (gnome/seahorse-41.0.tar.xz) = e6eec09e810448295f547f18c1d5772b65c3edc1d9e5a2595f10b5dde68929f5 -SIZE (gnome/seahorse-41.0.tar.xz) = 1371984 +TIMESTAMP = 1752525378 +SHA256 (gnome/seahorse-47.0.1.tar.xz) = 9c1917e4a61f7febb787849ce36ce717fce706c346880b991d056d54dadbcacc +SIZE (gnome/seahorse-47.0.1.tar.xz) = 1401872 SHA256 (gnome/aa68522cc696fa491ccfdff735b77bcf113168d0.patch) = 026b9ab0bce4b670cc3dd0910cdd5551e5965a32f07e19374c944fd7624bea78 SIZE (gnome/aa68522cc696fa491ccfdff735b77bcf113168d0.patch) = 715 diff --git a/security/seahorse/pkg-plist b/security/seahorse/pkg-plist index 77ce53b2b950..5c0c84e16a23 100644 --- a/security/seahorse/pkg-plist +++ b/security/seahorse/pkg-plist @@ -92,6 +92,50 @@ share/help/ca/seahorse/ssh-import.page share/help/ca/seahorse/subkeys-add.page share/help/ca/seahorse/subkeys-examine.page share/help/ca/seahorse/subkeys-revoke.page +share/help/da/seahorse/about-diff-private-public.page +share/help/da/seahorse/about-pgp.page +share/help/da/seahorse/about-ssh.page +share/help/da/seahorse/concepts.page +share/help/da/seahorse/glossary.page +share/help/da/seahorse/index.page +share/help/da/seahorse/introduction.page +share/help/da/seahorse/key-servers-add.page +share/help/da/seahorse/keyring-change-default.page +share/help/da/seahorse/keyring-create.page +share/help/da/seahorse/keyring-lock.page +share/help/da/seahorse/keyring-unlock.page +share/help/da/seahorse/keyring-update-password.page +share/help/da/seahorse/keyring.page +share/help/da/seahorse/legal.xml +share/help/da/seahorse/media/dialog-password-symbolic.svg +share/help/da/seahorse/media/org.gnome.seahorse.Application.svg +share/help/da/seahorse/misc-key-backup.page +share/help/da/seahorse/misc-key-fingerprint.page +share/help/da/seahorse/passwords-stored-create.page +share/help/da/seahorse/passwords-view.page +share/help/da/seahorse/pgp-create.page +share/help/da/seahorse/pgp-delete.page +share/help/da/seahorse/pgp-expiration-change.page +share/help/da/seahorse/pgp-expired.page +share/help/da/seahorse/pgp-export.page +share/help/da/seahorse/pgp-import.page +share/help/da/seahorse/pgp-photoid.page +share/help/da/seahorse/pgp-publish.page +share/help/da/seahorse/pgp-retrieve-remote.page +share/help/da/seahorse/pgp-sign.page +share/help/da/seahorse/pgp-subkeys.page +share/help/da/seahorse/pgp-sync.page +share/help/da/seahorse/pgp-userid-add.page +share/help/da/seahorse/pgp-userid-primary.page +share/help/da/seahorse/pgp-userid-remove.page +share/help/da/seahorse/pgp-userid.page +share/help/da/seahorse/ssh-connect-remote.page +share/help/da/seahorse/ssh-create.page +share/help/da/seahorse/ssh-export.page +share/help/da/seahorse/ssh-import.page +share/help/da/seahorse/subkeys-add.page +share/help/da/seahorse/subkeys-examine.page +share/help/da/seahorse/subkeys-revoke.page share/help/cs/seahorse/about-diff-private-public.page share/help/cs/seahorse/about-pgp.page share/help/cs/seahorse/about-ssh.page @@ -709,7 +753,8 @@ share/help/uk/seahorse/subkeys-add.page share/help/uk/seahorse/subkeys-examine.page share/help/uk/seahorse/subkeys-revoke.page share/icons/hicolor/scalable/apps/org.gnome.seahorse.Application.svg -share/icons/hicolor/symbolic/apps/org.gnome.seahorse.Application-symbolic.svg +share/icons/hicolor/symbolic/apps/org.gnome.seahorse.Application.svg +share/locale/ab/LC_MESSAGES/seahorse.mo share/locale/ar/LC_MESSAGES/seahorse.mo share/locale/as/LC_MESSAGES/seahorse.mo share/locale/ast/LC_MESSAGES/seahorse.mo @@ -749,9 +794,11 @@ share/locale/hi/LC_MESSAGES/seahorse.mo share/locale/hr/LC_MESSAGES/seahorse.mo share/locale/hu/LC_MESSAGES/seahorse.mo share/locale/id/LC_MESSAGES/seahorse.mo +share/locale/ie/LC_MESSAGES/seahorse.mo share/locale/is/LC_MESSAGES/seahorse.mo share/locale/it/LC_MESSAGES/seahorse.mo share/locale/ja/LC_MESSAGES/seahorse.mo +share/locale/ka/LC_MESSAGES/seahorse.mo share/locale/kk/LC_MESSAGES/seahorse.mo share/locale/kn/LC_MESSAGES/seahorse.mo share/locale/ko/LC_MESSAGES/seahorse.mo diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index cbc427ef34b8..812764583b54 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,72 @@ + <vuln vid="aeac223e-60e1-11f0-8baa-8447094a420f"> + <topic>liboqs -- Secret-dependent branching in HQC</topic> + <affects> + <package> + <name>liboqs</name> + <range><lt>0.14.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The OpenQuantumSafe project reports:</p> + <blockquote cite="https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm"> + <p>Secret-dependent branching in HQC reference implementation when compiled with Clang 17-20 for optimizations above -O0</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-52473</cvename> + <url>https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-qq3m-rq9v-jfgm</url> + </references> + <dates> + <discovery>2025-07-10</discovery> + <entry>2025-07-14</entry> + </dates> + </vuln> + + <vuln vid="c3e1df74-5e73-11f0-95e5-74563cf9e4e9"> + <topic>GnuTLS -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gnutls</name> + <range><lt>3.8.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Daiki Ueno reports:</p> + <blockquote cite="https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html"> + <ul> + <li>libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps + Spotted by oss-fuzz and reported by OpenAI Security Research Team, + and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1, + CVSS: medium] [CVE-2025-32989]</li> + <li>libgnutls: Fix double-free upon error when exporting otherName in SAN + Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2, + CVSS: low] [CVE-2025-32988]</li> + <li>certtool: Fix 1-byte write buffer overrun when parsing template + Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, + CVSS: low] [CVE-2025-32990]</li> + <li>libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK + Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium] + [CVE-2025-6395]</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-32989</cvename> + <cvename>CVE-2025-32988</cvename> + <cvename>CVE-2025-32990</cvename> + <cvename>CVE-2025-6395</cvename> + <url>https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html</url> + </references> + <dates> + <discovery>2025-07-09</discovery> + <entry>2025-07-14</entry> + </dates> + </vuln> + <vuln vid="b0a3466f-5efc-11f0-ae84-99047d0a6bcc"> <topic>libxslt -- unmaintained, with multiple unfixed vulnerabilities</topic> <affects> @@ -63,15 +132,15 @@ <affects> <package> <name>libxml2</name> - <range><lt>3.0</lt></range> <!-- needs update once fixed version appears --> + <range><lt>2.14.5</lt></range> </package> <package> <name>linux-c7-libxml2</name> - <range><lt>3.0</lt></range> <!-- needs update once fixed version appears --> + <range><lt>2.14.5</lt></range> <!-- needs update once fixed version appears --> </package> <package> <name>linux-rl9-libxml2</name> - <range><lt>3.0</lt></range> <!-- needs update once fixed version appears --> + <range><lt>2.14.5</lt></range> <!-- needs update once fixed version appears --> </package> </affects> <description> @@ -118,6 +187,7 @@ <dates> <discovery>2025-05-27</discovery> <entry>2025-07-12</entry> + <modified>2025-07-15</modified> </dates> </vuln> diff --git a/security/wazuh-manager/Makefile b/security/wazuh-manager/Makefile index b6af1f502bd0..1734493f67ff 100644 --- a/security/wazuh-manager/Makefile +++ b/security/wazuh-manager/Makefile @@ -1,7 +1,7 @@ PORTNAME= wazuh DISTVERSIONPREFIX= v DISTVERSION= 4.12.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= https://packages.wazuh.com/deps/40/libraries/sources/:wazuh_sources \ LOCAL/acm/${PORTNAME}/:wazuh_cache |