summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/openssh-portable/Makefile8
-rw-r--r--security/openssh-portable/distinfo10
-rw-r--r--security/openssh-portable/files/patch-upstream-beae06f56e0d0a66ca535896149d5fb0b2e8a1b473
-rw-r--r--security/openvpn-auth-oauth2/Makefile5
-rw-r--r--security/openvpn-auth-oauth2/distinfo10
-rw-r--r--security/trivy/Makefile10
-rw-r--r--security/trivy/distinfo10
7 files changed, 28 insertions, 98 deletions
diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile
index d8be89255105..f36d91c12c4a 100644
--- a/security/openssh-portable/Makefile
+++ b/security/openssh-portable/Makefile
@@ -1,6 +1,6 @@
PORTNAME= openssh
-DISTVERSION= 10.1p1
-PORTREVISION= 5
+DISTVERSION= 10.2p1
+PORTREVISION= 0
PORTEPOCH= 1
CATEGORIES= security
MASTER_SITES= OPENBSD/OpenSSH/portable
@@ -116,13 +116,13 @@ EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue
. endif
# - See https://sources.debian.org/data/main/o/openssh/ for which subdir to
# pull from.
-GSSAPI_DEBIAN_VERSION= 10.1p1
+GSSAPI_DEBIAN_VERSION= 10.2p1
GSSAPI_DEBIAN_SUBDIR= ${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-1
# - Debian does not use a versioned filename so we trick fetch to make one for
# us with the ?<anything>=/ trick.
PATCH_SITES+= https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex
# Bump this when updating the patch location
-GSSAPI_DISTVERSION= 10.1p1
+GSSAPI_DISTVERSION= 10.2p1
PATCHFILES+= openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-debian-rh-${GSSAPI_DISTVERSION}.patch:-p1:gsskex
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgssc.c
EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgsss.c
diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo
index cef52e80ff85..6aa27b76a8c8 100644
--- a/security/openssh-portable/distinfo
+++ b/security/openssh-portable/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1759963002
-SHA256 (openssh-10.1p1.tar.gz) = b9fc7a2b82579467a6f2f43e4a81c8e1dfda614ddb4f9b255aafd7020bbf0758
-SIZE (openssh-10.1p1.tar.gz) = 1972831
-SHA256 (openssh-10.1p1-gsskex-all-debian-rh-10.1p1.patch) = b46e798092ea4e0653ea5e124b10a881f58b2e78a16b3e46475c52c39b725874
-SIZE (openssh-10.1p1-gsskex-all-debian-rh-10.1p1.patch) = 126336
+TIMESTAMP = 1760240447
+SHA256 (openssh-10.2p1.tar.gz) = ccc42c0419937959263fa1dbd16dafc18c56b984c03562d2937ce56a60f798b2
+SIZE (openssh-10.2p1.tar.gz) = 1974519
+SHA256 (openssh-10.2p1-gsskex-all-debian-rh-10.2p1.patch) = a02ab012657477a85dc7e4dca90a568ff5f13199221cda888608e9d0290454a0
+SIZE (openssh-10.2p1-gsskex-all-debian-rh-10.2p1.patch) = 126336
diff --git a/security/openssh-portable/files/patch-upstream-beae06f56e0d0a66ca535896149d5fb0b2e8a1b4 b/security/openssh-portable/files/patch-upstream-beae06f56e0d0a66ca535896149d5fb0b2e8a1b4
deleted file mode 100644
index e9cb994331ab..000000000000
--- a/security/openssh-portable/files/patch-upstream-beae06f56e0d0a66ca535896149d5fb0b2e8a1b4
+++ /dev/null
@@ -1,73 +0,0 @@
-From beae06f56e0d0a66ca535896149d5fb0b2e8a1b4 Mon Sep 17 00:00:00 2001
-From: "djm@openbsd.org" <djm@openbsd.org>
-Date: Tue, 7 Oct 2025 08:02:32 +0000
-Subject: [PATCH] upstream: don't reuse c->isatty for signalling that the
- remote channel
-
-has a tty attached as this causes side effects, e.g. in channel_handle_rfd().
-bz3872
-
-ok markus@
-
-OpenBSD-Commit-ID: 4cd8a9f641498ca6089442e59bad0fd3dcbe85f8
----
- channels.c | 9 +++++----
- channels.h | 3 ++-
- 2 files changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/channels.c b/channels.c
-index f1d7bcf345b..80014ff341f 100644
---- channels.c
-+++ channels.c
-@@ -1,4 +1,4 @@
--/* $OpenBSD: channels.c,v 1.451 2025/09/25 06:33:19 djm Exp $ */
-+/* $OpenBSD: channels.c,v 1.452 2025/10/07 08:02:32 djm Exp $ */
- /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
-@@ -362,7 +362,7 @@ channel_classify(struct ssh *ssh, Channel *c)
- {
- struct ssh_channels *sc = ssh->chanctxt;
- const char *type = c->xctype == NULL ? c->ctype : c->xctype;
-- const char *classifier = c->isatty ?
-+ const char *classifier = (c->isatty || c->remote_has_tty) ?
- sc->bulk_classifier_tty : sc->bulk_classifier_notty;
-
- c->bulk = type != NULL && match_pattern_list(type, classifier, 0) == 1;
-@@ -566,7 +566,7 @@ channel_new(struct ssh *ssh, char *ctype, int type, int rfd, int wfd, int efd,
- void
- channel_set_tty(struct ssh *ssh, Channel *c)
- {
-- c->isatty = 1;
-+ c->remote_has_tty = 1;
- channel_classify(ssh, c);
- }
-
-@@ -1078,7 +1078,8 @@ channel_format_status(const Channel *c)
- c->rfd, c->wfd, c->efd, c->sock, c->ctl_chan,
- c->have_ctl_child_id ? "c" : "nc", c->ctl_child_id,
- c->io_want, c->io_ready,
-- c->isatty ? "T" : "", c->bulk ? "B" : "I");
-+ c->isatty ? "T" : (c->remote_has_tty ? "RT" : ""),
-+ c->bulk ? "B" : "I");
- return ret;
- }
-
-diff --git a/channels.h b/channels.h
-index df7c7f364d2..7456541f8ce 100644
---- channels.h
-+++ channels.h
-@@ -1,4 +1,4 @@
--/* $OpenBSD: channels.h,v 1.161 2025/09/25 06:33:19 djm Exp $ */
-+/* $OpenBSD: channels.h,v 1.162 2025/10/07 08:02:32 djm Exp $ */
-
- /*
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
-@@ -145,6 +145,7 @@ struct Channel {
- int ctl_chan; /* control channel (multiplexed connections) */
- uint32_t ctl_child_id; /* child session for mux controllers */
- int have_ctl_child_id;/* non-zero if ctl_child_id is valid */
-+ int remote_has_tty; /* remote side has a tty */
- int isatty; /* rfd is a tty */
- #ifdef _AIX
- int wfd_isatty; /* wfd is a tty */
diff --git a/security/openvpn-auth-oauth2/Makefile b/security/openvpn-auth-oauth2/Makefile
index 6ab27def53ee..82c4562fe8cc 100644
--- a/security/openvpn-auth-oauth2/Makefile
+++ b/security/openvpn-auth-oauth2/Makefile
@@ -1,7 +1,6 @@
PORTNAME= openvpn-auth-oauth2
DISTVERSIONPREFIX= v
-DISTVERSION= 1.25.2
-PORTREVISION= 2
+DISTVERSION= 1.26.2
CATEGORIES= security net net-vpn
MAINTAINER= otis@FreeBSD.org
@@ -13,7 +12,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE.txt
EXTRACT_DEPENDS= ${BUILD_DEPENDS}
-USES= go:1.24,modules
+USES= go:1.25,modules
GO_MODULE= github.com/jkroepke/openvpn-auth-oauth2
diff --git a/security/openvpn-auth-oauth2/distinfo b/security/openvpn-auth-oauth2/distinfo
index ef958b0b6d12..042c291b8b1d 100644
--- a/security/openvpn-auth-oauth2/distinfo
+++ b/security/openvpn-auth-oauth2/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1754885003
-SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.mod) = d0f750c04d64d7442d246f72b825d2f9fc0ed4210e066ea5f6787b9eb877f963
-SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.mod) = 1370
-SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.zip) = 0ac1f121f8eb6842a65e67e4b2a16a52c6c2f2cc068e79b06a5f90b04cce0a4e
-SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.zip) = 1875487
+TIMESTAMP = 1760253375
+SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.mod) = b747b6a37a8a76572f0004a79fdcc9af49cea7b27ef60c6b153846d7309bea76
+SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.mod) = 1322
+SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.zip) = d7bbd034cbaa7e950c134f9157adee1da7d7609ac33c5e0e67b2578904430ddd
+SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.zip) = 1879603
diff --git a/security/trivy/Makefile b/security/trivy/Makefile
index c6f6bf0fc112..5c9d2d8787e9 100644
--- a/security/trivy/Makefile
+++ b/security/trivy/Makefile
@@ -1,7 +1,6 @@
PORTNAME= trivy
DISTVERSIONPREFIX= v
-DISTVERSION= 0.66.0
-PORTREVISION= 2
+DISTVERSION= 0.67.2
CATEGORIES= security
MAINTAINER= mfechner@FreeBSD.org
@@ -13,14 +12,19 @@ LICENSE_FILE= ${WRKSRC}/LICENSE
BROKEN_i386= not supported, see https://github.com/aquasecurity/trivy/pull/9102
-USES= go:modules,1.24
+USES= go:modules,1.25
+USE_GITHUB= yes
+GH_ACCOUNT= aquasecurity
+GH_PROJECT= trivy
+GO_MOD_DIST= github
GO_MODULE= github.com/aquasecurity/trivy
GO_TARGET= ./cmd/trivy
GO_BUILDFLAGS= -ldflags=" \
-extldflags '-static' \
-X github.com/aquasecurity/trivy/pkg/version.ver=${DISTVERSION} \
-s -w"
+MAKE_ENV= GOEXPERIMENT=jsonv2
PLIST_FILES= bin/${PORTNAME}
diff --git a/security/trivy/distinfo b/security/trivy/distinfo
index c7848514d223..28fde0ce1daa 100644
--- a/security/trivy/distinfo
+++ b/security/trivy/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1756878437
-SHA256 (go/security_trivy/trivy-v0.66.0/v0.66.0.mod) = 41bedcea560a0f606080b34320349b4c21d920aeadb0e57a81d5fcbc4cf58823
-SIZE (go/security_trivy/trivy-v0.66.0/v0.66.0.mod) = 25763
-SHA256 (go/security_trivy/trivy-v0.66.0/v0.66.0.zip) = 78fb7cca5602ee1927808488e3306a9d0d1ba26c4817ceff055d10ed04da9d1b
-SIZE (go/security_trivy/trivy-v0.66.0/v0.66.0.zip) = 59145292
+TIMESTAMP = 1760123985
+SHA256 (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/go.mod) = 130a0a0c893125dadbcc30ec66370aac6f848cc1b116a5d1acae4ceecb5a256d
+SIZE (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/go.mod) = 26741
+SHA256 (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/aquasecurity-trivy-v0.67.2_GH0.tar.gz) = 280ff8cfb17d05d6b4d1b07bdd3cd26971032301bedb3b800a14886e64ce75eb
+SIZE (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/aquasecurity-trivy-v0.67.2_GH0.tar.gz) = 57236343