diff options
Diffstat (limited to 'security')
39 files changed, 379 insertions, 116 deletions
diff --git a/security/apg/Makefile b/security/apg/Makefile index 2f17bb03d649..2025c0417726 100644 --- a/security/apg/Makefile +++ b/security/apg/Makefile @@ -18,6 +18,9 @@ GH_ACCOUNT= wneessen GH_PROJECT= apg-go GH_TUPLE= wneessen:go-hibp:v1.0.6:wneessen_go_hibp/vendor/github.com/wneessen/go-hibp +DEPRECATED= Uses old go, but try building without USES=go:someversion +EXPIRATION_DATE=2026-01-01 + GO_PKGNAME= github.com/${GH_ACCOUNT}/${GH_PROJECT} GO_TARGET= ./cmd/${PORTNAME} diff --git a/security/aws-c-auth/Makefile b/security/aws-c-auth/Makefile index 2f522470ecf4..74328cc0f17d 100644 --- a/security/aws-c-auth/Makefile +++ b/security/aws-c-auth/Makefile @@ -1,6 +1,6 @@ PORTNAME= aws-c-auth DISTVERSIONPREFIX= v -DISTVERSION= 0.9.2 +DISTVERSION= 0.9.3 CATEGORIES= security MAINTAINER= eduardo@FreeBSD.org diff --git a/security/aws-c-auth/distinfo b/security/aws-c-auth/distinfo index b721cfeb373d..a54e929c9948 100644 --- a/security/aws-c-auth/distinfo +++ b/security/aws-c-auth/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1763592265 -SHA256 (awslabs-aws-c-auth-v0.9.2_GH0.tar.gz) = 1925c0032321969ccb1333d9cfdba1564d705e64c899265613c9d7841ba66cc1 -SIZE (awslabs-aws-c-auth-v0.9.2_GH0.tar.gz) = 280216 +TIMESTAMP = 1764967115 +SHA256 (awslabs-aws-c-auth-v0.9.3_GH0.tar.gz) = e7ad0abad2b2b4211483e6a57cf8ccb9b56b5c6bd10e94864566fd1dcd85dafd +SIZE (awslabs-aws-c-auth-v0.9.3_GH0.tar.gz) = 280180 diff --git a/security/certificate_maker/Makefile b/security/certificate_maker/Makefile index 3de1559ee359..815854e981ff 100644 --- a/security/certificate_maker/Makefile +++ b/security/certificate_maker/Makefile @@ -1,7 +1,6 @@ PORTNAME= certificate_maker DISTVERSIONPREFIX= v -DISTVERSION= 1.8.2 -PORTREVISION= 1 +DISTVERSION= 1.8.3 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org @@ -11,7 +10,7 @@ WWW= https://www.sigstore.dev/ LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE -USES= cpe go:modules +USES= cpe go:1.25,modules CPE_VENDOR= sigstore GO_MODULE= github.com/sigstore/fulcio diff --git a/security/certificate_maker/distinfo b/security/certificate_maker/distinfo index 15e2f7008f1b..8dea80bb072c 100644 --- a/security/certificate_maker/distinfo +++ b/security/certificate_maker/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1763635242 -SHA256 (go/security_certificate_maker/certificate_maker-v1.8.2/v1.8.2.mod) = 176cb4fc64fc6040cc65bffc403839a2840e075f06f4f4c9cb509759ac90b649 -SIZE (go/security_certificate_maker/certificate_maker-v1.8.2/v1.8.2.mod) = 8493 -SHA256 (go/security_certificate_maker/certificate_maker-v1.8.2/v1.8.2.zip) = 49e11bb0fb347cd790fc37966fd2477a136d604f2e8c2ca28a501793d6e1a4f9 -SIZE (go/security_certificate_maker/certificate_maker-v1.8.2/v1.8.2.zip) = 1244478 +TIMESTAMP = 1765019812 +SHA256 (go/security_certificate_maker/certificate_maker-v1.8.3/v1.8.3.mod) = 9be5a1e97be2a86f88c752392ca2655c197031f2fe0fa29b1ed81e41f18b4ce2 +SIZE (go/security_certificate_maker/certificate_maker-v1.8.3/v1.8.3.mod) = 8493 +SHA256 (go/security_certificate_maker/certificate_maker-v1.8.3/v1.8.3.zip) = 14c77573368b3f785e49e770722732f2f44bd5a423249e283128a905066fd385 +SIZE (go/security_certificate_maker/certificate_maker-v1.8.3/v1.8.3.zip) = 1242599 diff --git a/security/certspotter/Makefile b/security/certspotter/Makefile index 1e72e32655ca..f66ed4525249 100644 --- a/security/certspotter/Makefile +++ b/security/certspotter/Makefile @@ -15,6 +15,9 @@ USE_RC_SUBR= certspotter GO_MODULE= software.sslmate.com/src/certspotter GO_TARGET= ./cmd/${PORTNAME}:${PREFIX}/sbin/${PORTNAME} +DEPRECATED= Uses old go, but try building without USES=go:someversion +EXPIRATION_DATE=2026-01-01 + CERTSPOTTER_USER?= certspotter CERTSPOTTER_GROUP?= certspotter diff --git a/security/gauth/Makefile b/security/gauth/Makefile index 217881711ace..9cdb9b3113bb 100644 --- a/security/gauth/Makefile +++ b/security/gauth/Makefile @@ -1,7 +1,7 @@ PORTNAME= gauth DISTVERSIONPREFIX= v DISTVERSION= 1.5.0 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= nxjoseph@protonmail.com @@ -12,7 +12,7 @@ WWW= https://github.com/pcarrier/gauth \ LICENSE= ISCL LICENSE_FILE= ${WRKSRC}/LICENSE -USES= go:1.23,modules +USES= go:modules GO_MODULE= github.com/pcarrier/gauth diff --git a/security/git-credential-gopass/Makefile b/security/git-credential-gopass/Makefile index 31ee815c9fd9..613391333411 100644 --- a/security/git-credential-gopass/Makefile +++ b/security/git-credential-gopass/Makefile @@ -1,6 +1,7 @@ PORTNAME= git-credential-gopass DISTVERSIONPREFIX= v DISTVERSION= 1.16.0 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= ehaupt@FreeBSD.org @@ -10,7 +11,7 @@ WWW= https://github.com/gopasspw/git-credential-gopass LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE -USES= go:1.22,modules +USES= go:modules USE_GITHUB= yes GH_ACCOUNT= gopasspw diff --git a/security/gitlab-analyzers-secrets/Makefile b/security/gitlab-analyzers-secrets/Makefile index 65eaf25ea8f8..3791d351b1f3 100644 --- a/security/gitlab-analyzers-secrets/Makefile +++ b/security/gitlab-analyzers-secrets/Makefile @@ -21,7 +21,7 @@ EXTRACT_DEPENDS= ${UNZIP_CMD}:archivers/unzip RUN_DEPENDS= gitleaks:devel/gitleaks \ git>=0:devel/git -USES= go:modules,1.24 tar:bzip2 +USES= go:modules tar:bzip2 USE_GITLAB= yes GL_ACCOUNT= gitlab-org/security-products/analyzers diff --git a/security/lego/Makefile b/security/lego/Makefile index 50ac850f4504..180e0df2aa65 100644 --- a/security/lego/Makefile +++ b/security/lego/Makefile @@ -1,7 +1,6 @@ PORTNAME= lego DISTVERSIONPREFIX= v -DISTVERSION= 4.28.1 -PORTREVISION= 1 +DISTVERSION= 4.29.0 CATEGORIES= security MAINTAINER= matt@matthoran.com diff --git a/security/lego/distinfo b/security/lego/distinfo index 66aebb0a2db1..1e9f5c6269e4 100644 --- a/security/lego/distinfo +++ b/security/lego/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1762612035 -SHA256 (go/security_lego/lego-v4.28.1/v4.28.1.mod) = 08b0178bf0929722a39e7bc70a79701ffd726fd3708efccc64ebb36a201ffb33 -SIZE (go/security_lego/lego-v4.28.1/v4.28.1.mod) = 10956 -SHA256 (go/security_lego/lego-v4.28.1/v4.28.1.zip) = a44e2b3b41d9384b89d9f63c5b3d3dd2ee2b2bf9023c836f948181546d4b5d3a -SIZE (go/security_lego/lego-v4.28.1/v4.28.1.zip) = 1681655 +TIMESTAMP = 1764930207 +SHA256 (go/security_lego/lego-v4.29.0/v4.29.0.mod) = a17bdec8e819a9e763c3e7fba4805146f738fa430dda64bc0c64cd617afd25f4 +SIZE (go/security_lego/lego-v4.29.0/v4.29.0.mod) = 11062 +SHA256 (go/security_lego/lego-v4.29.0/v4.29.0.zip) = 96639130d037324c87f6165d95256f03edfe403a1518124424051e4829b125ed +SIZE (go/security_lego/lego-v4.29.0/v4.29.0.zip) = 1718850 diff --git a/security/local-php-security-checker/Makefile b/security/local-php-security-checker/Makefile index 7d0b72cf4ac3..b5f2db86ce55 100644 --- a/security/local-php-security-checker/Makefile +++ b/security/local-php-security-checker/Makefile @@ -1,7 +1,7 @@ PORTNAME= local-php-security-checker DISTVERSIONPREFIX= v DISTVERSION= 2.1.3 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= security MASTER_SITES= GH @@ -12,7 +12,7 @@ WWW= https://github.com/fabpot/local-php-security-checker LICENSE= AGPLv3 LICENSE_FILE= ${WRKSRC}/LICENSE -USES= go:1.22,modules +USES= go:modules USE_GITHUB= yes GH_ACCOUNT= fabpot diff --git a/security/nss/Makefile b/security/nss/Makefile index 0aa58183d688..58a3877b77a1 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -1,5 +1,5 @@ PORTNAME= nss -PORTVERSION= 3.118.1 +PORTVERSION= 3.119 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src diff --git a/security/nss/distinfo b/security/nss/distinfo index af21eaf40bc6..47aab9c33814 100644 --- a/security/nss/distinfo +++ b/security/nss/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1763494141 -SHA256 (nss-3.118.1.tar.gz) = 8c390a676ea37266fcd3d0cd2fb070e2f69f4d78fa4ed88e07ac0c9eb5aab8d3 -SIZE (nss-3.118.1.tar.gz) = 77625759 +TIMESTAMP = 1764961743 +SHA256 (nss-3.119.tar.gz) = e8412db6c9d6f531e8adfe8a122ec33a8fae920681ff47231a1349bdd399f0e9 +SIZE (nss-3.119.tar.gz) = 77633205 diff --git a/security/oath-toolkit/Makefile b/security/oath-toolkit/Makefile index 6e7185c29f6b..512c32ed764a 100644 --- a/security/oath-toolkit/Makefile +++ b/security/oath-toolkit/Makefile @@ -1,12 +1,11 @@ PORTNAME= oath-toolkit -PORTVERSION= 2.6.9 -PORTREVISION= 2 +PORTVERSION= 2.6.13 CATEGORIES= security MASTER_SITES= SAVANNAH MAINTAINER= ale@FreeBSD.org COMMENT= Library, tools, and PAM module for OATH authentication -WWW= https://www.nongnu.org/oath-toolkit/ +WWW= https://oath-toolkit.codeberg.page/ LICENSE= GPLv3+ LGPL20+ LICENSE_COMB= multi diff --git a/security/oath-toolkit/distinfo b/security/oath-toolkit/distinfo index bd627e1dce41..b7bf58d44c4d 100644 --- a/security/oath-toolkit/distinfo +++ b/security/oath-toolkit/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1689066348 -SHA256 (oath-toolkit-2.6.9.tar.gz) = 333ac831c8f1a6dbd7feb897339bba453ff34d3b0f4cfaa6b5a20dba55c8e985 -SIZE (oath-toolkit-2.6.9.tar.gz) = 4693524 +TIMESTAMP = 1765190904 +SHA256 (oath-toolkit-2.6.13.tar.gz) = 5b5d82e9a4455206d24fcbd7ee58bf4c79398a2e67997d80bd45ae927586b18b +SIZE (oath-toolkit-2.6.13.tar.gz) = 3847530 diff --git a/security/oath-toolkit/files/patch-liboath_tests_tst__basic.c b/security/oath-toolkit/files/patch-liboath_tests_tst__basic.c deleted file mode 100644 index e1583b1c584a..000000000000 --- a/security/oath-toolkit/files/patch-liboath_tests_tst__basic.c +++ /dev/null @@ -1,11 +0,0 @@ ---- liboath/tests/tst_basic.c.orig 2022-01-31 11:26:43 UTC -+++ liboath/tests/tst_basic.c -@@ -57,7 +57,7 @@ main (void) - return 1; - } - -- if (OATH_VERSION_NUMBER < 0x02060300 || OATH_VERSION_NUMBER >= 0x03000000) -+ if (OATH_VERSION_NUMBER < 0x02060200 || OATH_VERSION_NUMBER >= 0x03000000) - { - printf ("OATH_VERSION_NUMBER out of range?!\n"); - return 1; diff --git a/security/oath-toolkit/files/patch-liboath_tests_tst__totp__validate.c b/security/oath-toolkit/files/patch-liboath_tests_tst__totp__validate.c deleted file mode 100644 index 616fcd5ee021..000000000000 --- a/security/oath-toolkit/files/patch-liboath_tests_tst__totp__validate.c +++ /dev/null @@ -1,20 +0,0 @@ ---- liboath/tests/tst_totp_validate.c.orig 2022-01-31 11:03:27 UTC -+++ liboath/tests/tst_totp_validate.c -@@ -156,7 +156,7 @@ main (void) - } - if (otp_counter != tv[i].otp_counter) - { -- printf ("validate3 loop %ld failed (counter %d != %d)?!\n", -+ printf ("validate3 loop %ld failed (counter %ld != %ld)?!\n", - i, otp_counter, tv[i].otp_counter); - return 1; - } -@@ -184,7 +184,7 @@ main (void) - } - if (otp_counter != tv[i].otp_counter) - { -- printf ("validate3_callback loop %ld failed (counter %d != %d)?!\n", -+ printf ("validate3_callback loop %ld failed (counter %ld != %ld)?!\n", - i, otp_counter, tv[i].otp_counter); - return 1; - } diff --git a/security/oath-toolkit/files/patch-libpskc_tests_tst__basic.c b/security/oath-toolkit/files/patch-libpskc_tests_tst__basic.c deleted file mode 100644 index e69b5c0425d7..000000000000 --- a/security/oath-toolkit/files/patch-libpskc_tests_tst__basic.c +++ /dev/null @@ -1,11 +0,0 @@ ---- libpskc/tests/tst_basic.c.orig 2022-01-31 11:38:13 UTC -+++ libpskc/tests/tst_basic.c -@@ -70,7 +70,7 @@ main (void) - return 1; - } - -- if (PSKC_VERSION_NUMBER < 0x02060300 || PSKC_VERSION_NUMBER >= 0x03000000) -+ if (PSKC_VERSION_NUMBER < 0x02060200 || PSKC_VERSION_NUMBER >= 0x03000000) - { - printf ("PSKC_VERSION_NUMBER out of range?!\n"); - return 1; diff --git a/security/openvpn-auth-oauth2/Makefile b/security/openvpn-auth-oauth2/Makefile index 3fed1bf952da..0243b85a27c2 100644 --- a/security/openvpn-auth-oauth2/Makefile +++ b/security/openvpn-auth-oauth2/Makefile @@ -1,7 +1,7 @@ PORTNAME= openvpn-auth-oauth2 DISTVERSIONPREFIX= v DISTVERSION= 1.26.4 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security net net-vpn MAINTAINER= otis@FreeBSD.org @@ -13,7 +13,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE.txt EXTRACT_DEPENDS= ${BUILD_DEPENDS} -USES= go:1.25,modules +USES= go:modules GO_MODULE= github.com/jkroepke/openvpn-auth-oauth2 GO_TARGET= ./cmd/openvpn-auth-oauth2 diff --git a/security/openvpn-devel/Makefile b/security/openvpn-devel/Makefile index 1fa17d217cc5..2fa50d005f48 100644 --- a/security/openvpn-devel/Makefile +++ b/security/openvpn-devel/Makefile @@ -1,5 +1,5 @@ PORTNAME= openvpn -DISTVERSION= g20251117 +DISTVERSION= g20251128 PORTREVISION= 0 # leave in even if 0 to avoid accidental PORTEPOCH bumps PORTEPOCH= 1 CATEGORIES= security net net-vpn @@ -21,7 +21,7 @@ LIB_DEPENDS+= liblzo2.so:archivers/lzo2 USES= autoreconf cpe libtool pkgconfig python:build shebangfix tar:xz IGNORE_SSL= libressl libressl-devel USE_GITLAB= yes -GL_TAGNAME= d6ee27b4ff31e4469d699f3bfd7b9998ab167230 +GL_TAGNAME= 31ef3d66c20e62cd6cc87a6b9f9c9987b889335c USE_RC_SUBR= openvpn SHEBANG_FILES= sample/sample-scripts/auth-pam.pl \ diff --git a/security/openvpn-devel/distinfo b/security/openvpn-devel/distinfo index 6d2c15323da2..0314026c6b95 100644 --- a/security/openvpn-devel/distinfo +++ b/security/openvpn-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1763394774 -SHA256 (openvpn-openvpn-d6ee27b4ff31e4469d699f3bfd7b9998ab167230_GL0.tar.gz) = 8f57323446853027ed6140521b8485aff100d5858877083059dfaed64ff92edb -SIZE (openvpn-openvpn-d6ee27b4ff31e4469d699f3bfd7b9998ab167230_GL0.tar.gz) = 1347484 +TIMESTAMP = 1764356557 +SHA256 (openvpn-openvpn-31ef3d66c20e62cd6cc87a6b9f9c9987b889335c_GL0.tar.gz) = cb4f8d9b30628955a5cbf34e362167152bea49f8c181732a6260f96172ae2e76 +SIZE (openvpn-openvpn-31ef3d66c20e62cd6cc87a6b9f9c9987b889335c_GL0.tar.gz) = 1348842 diff --git a/security/opkssh/Makefile b/security/opkssh/Makefile index 36c50d9ac217..225500a886d7 100644 --- a/security/opkssh/Makefile +++ b/security/opkssh/Makefile @@ -11,7 +11,7 @@ COMMENT= Tool which enables SSH to be used with OpenID Connect LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE -USES= go:1.23,modules +USES= go:modules USE_GITHUB= yes GH_ACCOUNT= openpubkey GO_BUILDFLAGS= -ldflags "-X main.Version=${DISTVERSIONPREFIX}${DISTVERSION}" diff --git a/security/pinentry/Makefile b/security/pinentry/Makefile index ad3da32c4472..121ba47d9746 100644 --- a/security/pinentry/Makefile +++ b/security/pinentry/Makefile @@ -1,6 +1,6 @@ PORTNAME= pinentry PORTVERSION= 1.3.2 -PORTREVISION?= 0 +PORTREVISION?= 1 CATEGORIES= security MASTER_SITES= GNUPG/pinentry diff --git a/security/proxytunnel/Makefile b/security/proxytunnel/Makefile index 9dde77e2ddd0..695dba9a2b49 100644 --- a/security/proxytunnel/Makefile +++ b/security/proxytunnel/Makefile @@ -15,8 +15,6 @@ BUILD_DEPENDS= asciidoc:textproc/asciidoc \ minixmlto:textproc/minixmlto USES= cpe gmake pkgconfig ssl -BROKEN_SSL= openssl openssl31 -BROKEN_SSL_REASON= Fails to build with ld: error: undefined symbol: SSL_get_peer_certificate USE_GITHUB= yes PLIST_FILES= bin/proxytunnel \ diff --git a/security/rekor/Makefile b/security/rekor/Makefile index 5fd7519facc6..195a8a4ea7a7 100644 --- a/security/rekor/Makefile +++ b/security/rekor/Makefile @@ -1,7 +1,6 @@ PORTNAME= rekor DISTVERSIONPREFIX= v -DISTVERSION= 1.3.10 -PORTREVISION= 9 +DISTVERSION= 1.4.1 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org @@ -20,7 +19,7 @@ server_PKGNAMESUFFIX= -server server_COMMENT= (server only) server_PLIST= ${.CURDIR}/pkg-plist.server -USES= cpe go:1.24,modules +USES= cpe go:modules CPE_VENDOR= linuxfoundation .if ${FLAVOR} == server USE_RC_SUBR= rekor @@ -46,7 +45,7 @@ USERS= ${PORTNAME} GROUPS= ${PORTNAME} .endif -GIT_HASH= 4118a64b4b9c228a968b2d935a00807ca1b33aed +GIT_HASH= 7c83add6b10b15d4665b1773ccb6144da95394b7 .include <bsd.port.pre.mk> diff --git a/security/rekor/distinfo b/security/rekor/distinfo index 2c16c79e10d2..3b43b80f60c6 100644 --- a/security/rekor/distinfo +++ b/security/rekor/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1746289423 -SHA256 (go/security_rekor/rekor-v1.3.10/v1.3.10.mod) = 788c563e936db5816de40e7ff4a7f58ffa8d184fbe99842eec058da0d3b8f65d -SIZE (go/security_rekor/rekor-v1.3.10/v1.3.10.mod) = 11137 -SHA256 (go/security_rekor/rekor-v1.3.10/v1.3.10.zip) = 6a65d2c266a8ac2351061716142c9cb373abec19c892d4b5c0c83e21bf2b3789 -SIZE (go/security_rekor/rekor-v1.3.10/v1.3.10.zip) = 1193215 +TIMESTAMP = 1765021625 +SHA256 (go/security_rekor/rekor-v1.4.1/v1.4.1.mod) = f09b8f719791b75aa36e056c11137b7c59dc06d2c0c13128e9693e9abd7b35b9 +SIZE (go/security_rekor/rekor-v1.4.1/v1.4.1.mod) = 11314 +SHA256 (go/security_rekor/rekor-v1.4.1/v1.4.1.zip) = fd313e3c24bba8b05524a116f902ad2a489bf12dfd2d7b32c45770ecc13d31c7 +SIZE (go/security_rekor/rekor-v1.4.1/v1.4.1.zip) = 1190306 diff --git a/security/s2n-tls/Makefile b/security/s2n-tls/Makefile index fb28c47877bb..83352f59dbe0 100644 --- a/security/s2n-tls/Makefile +++ b/security/s2n-tls/Makefile @@ -1,6 +1,6 @@ PORTNAME= s2n-tls DISTVERSIONPREFIX= v -DISTVERSION= 1.6.1 +DISTVERSION= 1.6.2 PORTEPOCH= 1 CATEGORIES= security diff --git a/security/s2n-tls/distinfo b/security/s2n-tls/distinfo index 241d66f84ffe..996e5561b7dd 100644 --- a/security/s2n-tls/distinfo +++ b/security/s2n-tls/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1763805921 -SHA256 (aws-s2n-tls-v1.6.1_GH0.tar.gz) = d913741fd8329b2ff4f9f153cb1b4a0a88e788f0217f28ded1f207db6fabd5eb -SIZE (aws-s2n-tls-v1.6.1_GH0.tar.gz) = 5119769 +TIMESTAMP = 1764963686 +SHA256 (aws-s2n-tls-v1.6.2_GH0.tar.gz) = b62c52ededd0b42e58fea660727141728cfb853c564083dbfc6fd027a1564582 +SIZE (aws-s2n-tls-v1.6.2_GH0.tar.gz) = 5155040 diff --git a/security/sshesame/Makefile b/security/sshesame/Makefile index ddba948fae64..7e7aaca64b03 100644 --- a/security/sshesame/Makefile +++ b/security/sshesame/Makefile @@ -10,7 +10,7 @@ WWW= https://github.com/jaksi/sshesame LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE -USES= go:1.22,modules +USES= go:modules USE_RC_SUBR= ${PORTNAME} USERS= sshesame diff --git a/security/step-certificates/Makefile b/security/step-certificates/Makefile index 7b865e0753a4..a74198bdc18c 100644 --- a/security/step-certificates/Makefile +++ b/security/step-certificates/Makefile @@ -16,6 +16,9 @@ RUN_DEPENDS= step:security/step-cli USES= go:1.22,modules +DEPRECATED= Uses old go, but try building without USES=go:someversion +EXPIRATION_DATE=2026-01-01 + USE_RC_SUBR= step_ca GO_MODULE= github.com/smallstep/certificates diff --git a/security/step-cli/Makefile b/security/step-cli/Makefile index d58b502aa605..a9a897b5f233 100644 --- a/security/step-cli/Makefile +++ b/security/step-cli/Makefile @@ -12,6 +12,9 @@ LICENSE_FILE= ${WRKSRC}/LICENSE USES= go:1.22,modules shebangfix +DEPRECATED= Uses old go, but try building without USES=go:someversion +EXPIRATION_DATE=2026-01-01 + SHEBANG_FILES= autocomplete/bash_autocomplete GO_MODULE= github.com/smallstep/cli diff --git a/security/trezord/Makefile b/security/trezord/Makefile index 0519f75984be..c7448b203fc5 100644 --- a/security/trezord/Makefile +++ b/security/trezord/Makefile @@ -1,7 +1,7 @@ PORTNAME= trezord DISTVERSIONPREFIX= v -DISTVERSION= 2.0.33 -PORTREVISION= 4 +DISTVERSION= 2.0.33-9 +DISTVERSIONSUFFIX= -ga58468e CATEGORIES= security MAINTAINER= ale@FreeBSD.org @@ -11,7 +11,7 @@ WWW= https://github.com/trezor/trezord-go LICENSE= LGPL3 LICENSE_FILE= ${WRKSRC}/COPYING -USES= go:1.20,modules +USES= go:modules USE_RC_SUBR= ${PORTNAME} diff --git a/security/trezord/Makefile.modules b/security/trezord/Makefile.modules index 765ac3a262d3..4ca9901b21b2 100644 --- a/security/trezord/Makefile.modules +++ b/security/trezord/Makefile.modules @@ -1,5 +1,7 @@ GH_TUPLE= \ + BurntSushi:toml:v0.3.1:burntsushi_toml/vendor/github.com/BurntSushi/toml \ felixge:httpsnoop:v1.0.1:felixge_httpsnoop/vendor/github.com/felixge/httpsnoop \ + go-yaml:yaml:v2.4.0:go_yaml_yaml/vendor/gopkg.in/yaml.v2 \ gorilla:csrf:v1.7.0:gorilla_csrf/vendor/github.com/gorilla/csrf \ gorilla:handlers:v1.5.1:gorilla_handlers/vendor/github.com/gorilla/handlers \ gorilla:mux:v1.8.0:gorilla_mux/vendor/github.com/gorilla/mux \ diff --git a/security/trezord/distinfo b/security/trezord/distinfo index 642da5a1f7db..9fb6a2e124fd 100644 --- a/security/trezord/distinfo +++ b/security/trezord/distinfo @@ -1,8 +1,12 @@ -TIMESTAMP = 1681804602 -SHA256 (trezor-trezord-go-v2.0.33_GH0.tar.gz) = b589b857888811cfdd6593dd911e0574b8257fce24a9d9366a187be3b859fa59 -SIZE (trezor-trezord-go-v2.0.33_GH0.tar.gz) = 645382 +TIMESTAMP = 1765199636 +SHA256 (trezor-trezord-go-v2.0.33-9-ga58468e_GH0.tar.gz) = 071757a557bb9ed83351ff4134423b75f23fee3b1baeee4e7a5596ecf74d0f37 +SIZE (trezor-trezord-go-v2.0.33-9-ga58468e_GH0.tar.gz) = 645802 +SHA256 (BurntSushi-toml-v0.3.1_GH0.tar.gz) = 6593da894578ba510a470735ffbdc88ce88033094dc5a8f4d3957ab87e18803f +SIZE (BurntSushi-toml-v0.3.1_GH0.tar.gz) = 42077 SHA256 (felixge-httpsnoop-v1.0.1_GH0.tar.gz) = 02f506689067855a2afcbea692a63f60bcb50a3994722650339c82027d1cbe3e SIZE (felixge-httpsnoop-v1.0.1_GH0.tar.gz) = 10725 +SHA256 (go-yaml-yaml-v2.4.0_GH0.tar.gz) = d8e94679e5fff6bd1a35e10241543929a5f3da44f701755babf99b3daf0faac0 +SIZE (go-yaml-yaml-v2.4.0_GH0.tar.gz) = 73209 SHA256 (gorilla-csrf-v1.7.0_GH0.tar.gz) = 8cbc7df34ba5266f78c81b5d1a86b822d4107533dd4c3fd9fe16cdee4d916db5 SIZE (gorilla-csrf-v1.7.0_GH0.tar.gz) = 21854 SHA256 (gorilla-handlers-v1.5.1_GH0.tar.gz) = be22eafc7020cba749c8638d0051c326f1b31b5a76a98d86beafc595079f6b09 diff --git a/security/trezord/files/patch-vendor_modules.txt b/security/trezord/files/patch-vendor_modules.txt new file mode 100644 index 000000000000..15f2e59f183a --- /dev/null +++ b/security/trezord/files/patch-vendor_modules.txt @@ -0,0 +1,28 @@ +--- vendor/modules.txt.orig 2025-12-08 13:35:38 UTC ++++ vendor/modules.txt +@@ -0,0 +1,25 @@ ++# github.com/BurntSushi/toml v0.3.1 ++## explicit ++# github.com/felixge/httpsnoop v1.0.1 ++## explicit; go 1.13 ++github.com/felixge/httpsnoop ++# github.com/gorilla/csrf v1.7.0 ++## explicit; go 1.13 ++github.com/gorilla/csrf ++# github.com/gorilla/handlers v1.5.1 ++## explicit; go 1.14 ++github.com/gorilla/handlers ++# github.com/gorilla/mux v1.8.0 ++## explicit; go 1.12 ++github.com/gorilla/mux ++# github.com/gorilla/securecookie v1.1.1 ++## explicit ++github.com/gorilla/securecookie ++# github.com/pkg/errors v0.9.1 ++## explicit ++github.com/pkg/errors ++# gopkg.in/natefinch/lumberjack.v2 v2.0.0 ++## explicit ++gopkg.in/natefinch/lumberjack.v2 ++# gopkg.in/yaml.v2 v2.4.0 ++## explicit; go 1.15 diff --git a/security/trivy/Makefile b/security/trivy/Makefile index d45780e3c7c7..0f4232db8fbb 100644 --- a/security/trivy/Makefile +++ b/security/trivy/Makefile @@ -1,7 +1,6 @@ PORTNAME= trivy DISTVERSIONPREFIX= v -DISTVERSION= 0.67.2 -PORTREVISION= 3 +DISTVERSION= 0.68.1 CATEGORIES= security MAINTAINER= mfechner@FreeBSD.org @@ -13,7 +12,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE BROKEN_i386= not supported, see https://github.com/aquasecurity/trivy/pull/9102 -USES= go:modules,1.25 +USES= go:modules USE_GITHUB= yes GH_ACCOUNT= aquasecurity diff --git a/security/trivy/distinfo b/security/trivy/distinfo index 28fde0ce1daa..b97aa771a9ea 100644 --- a/security/trivy/distinfo +++ b/security/trivy/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1760123985 -SHA256 (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/go.mod) = 130a0a0c893125dadbcc30ec66370aac6f848cc1b116a5d1acae4ceecb5a256d -SIZE (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/go.mod) = 26741 -SHA256 (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/aquasecurity-trivy-v0.67.2_GH0.tar.gz) = 280ff8cfb17d05d6b4d1b07bdd3cd26971032301bedb3b800a14886e64ce75eb -SIZE (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/aquasecurity-trivy-v0.67.2_GH0.tar.gz) = 57236343 +TIMESTAMP = 1764769990 +SHA256 (go/security_trivy/aquasecurity-trivy-v0.68.1_GH0/go.mod) = ed1e2812f402bc580b5cdd5665d62f0aef5f8d12d1a36dc3f808c3e13cd227f9 +SIZE (go/security_trivy/aquasecurity-trivy-v0.68.1_GH0/go.mod) = 26727 +SHA256 (go/security_trivy/aquasecurity-trivy-v0.68.1_GH0/aquasecurity-trivy-v0.68.1_GH0.tar.gz) = 9dd35dd79b0452ab5cf426fac6511718473cc42f92dc6c494839e42690f8023d +SIZE (go/security_trivy/aquasecurity-trivy-v0.68.1_GH0/aquasecurity-trivy-v0.68.1_GH0.tar.gz) = 56758578 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index e73059383e25..d795461fa6b6 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,268 @@ + <vuln vid="ea34264d-d289-11f0-a15a-a8a1599412c6"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>143.0.7499.40</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>143.0.7499.40</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html"> + <p>This update includes 13 security fixes:</p> + <ul> + <li>[456547591] High CVE-2025-13630: Type Confusion in V8. Reported by Shreyas Penkar (@streypaws) on 2025-10-31</li> + <li>[448113221] High CVE-2025-13631: Inappropriate implementation in Google Updater. Reported by Jota Domingos on 2025-09-29</li> + <li>[439058242] High CVE-2025-13632: Inappropriate implementation in DevTools. Reported by Leandro Teles on 2025-08-16</li> + <li>[458082926] High CVE-2025-13633: Use after free in Digital Credentials. Reported by Chrome on 2025-11-05</li> + <li>[429140219] Medium CVE-2025-13634: Inappropriate implementation in Downloads. Reported by Eric Lawrence of Microsoft on 2025-07-02</li> + <li>[457818670] Medium CVE-2025-13720: Bad cast in Loader. Reported by Chrome on 2025-11-04</li> + <li>[355120682] Medium CVE-2025-13721: Race in v8. Reported by Chrome on 2024-07-23</li> + <li>[405727341] Low CVE-2025-13635: Inappropriate implementation in Downloads. Reported by Hafiizh on 2025-03-24</li> + <li>[446181124] Low CVE-2025-13636: Inappropriate implementation in Split View. Reported by Khalil Zhani on 2025-09-20</li> + <li>[392375329] Low CVE-2025-13637: Inappropriate implementation in Downloads. Reported by Hafiizh on 2025-01-27</li> + <li>[448046109] Low CVE-2025-13638: Use after free in Media Stream. Reported by sherkito on 2025-09-29</li> + <li>[448408148] Low CVE-2025-13639: Inappropriate implementation in WebRTC. Reported by Philipp Hancke on 2025-10-01</li> + <li>[452071826] Low CVE-2025-13640: Inappropriate implementation in Passwords. Reported by Anonymous on 2025-10-14</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-13631</cvename> + <cvename>CVE-2025-13632</cvename> + <cvename>CVE-2025-13633</cvename> + <cvename>CVE-2025-13634</cvename> + <cvename>CVE-2025-13635</cvename> + <cvename>CVE-2025-13636</cvename> + <cvename>CVE-2025-13637</cvename> + <cvename>CVE-2025-13638</cvename> + <cvename>CVE-2025-13639</cvename> + <cvename>CVE-2025-13640</cvename> + <cvename>CVE-2025-13634</cvename> + <cvename>CVE-2025-13720</cvename> + <cvename>CVE-2025-13721</cvename> + <url>https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html</url> + </references> + <dates> + <discovery>2025-12-02</discovery> + <entry>2025-12-06</entry> + </dates> + </vuln> + + <vuln vid="8acfcfdc-d27c-11f0-8512-b0416f0c4c67"> + <topic>spotipy -- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</topic> + <affects> + <package> + <name>py310-spotipy</name> + <name>py311-spotipy</name> + <name>py312-spotipy</name> + <name>py313-spotipy</name> + <name>py313t-spotipy</name> + <name>py314-spotipy</name> + <range><lt>2.25.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm reports:</p> + <blockquote cite="https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-r77h-rpp9-w2xm"> + <p>Spotipy is a Python library for the Spotify Web API. Prior to +version 2.25.2, there is a cross-site scripting (XSS) vulnerability +in the OAuth callback server that allows for JavaScript injection +through the unsanitized error parameter. Attackers can execute +arbitrary JavaScript in the user's browser during OAuth authentication. +This issue has been patched in version 2.25.2.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-66040</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2025-66040</url> + </references> + <dates> + <discovery>2025-11-26</discovery> + <entry>2025-12-06</entry> + </dates> + </vuln> + + <vuln vid="c7187676-d176-11f0-841f-843a4b343614"> + <topic>xkbcomp -- Several vulnerabilities</topic> + <affects> + <package> + <name>xkbcomp</name> + <range><lt>1.5.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>X.Org reports:</p> + <blockquote cite="https://lists.x.org/archives/xorg-announce/2025-December/003644.html"> + <p>Multiple issues have been found in xkbcomp that have been previously + been published as CVEs in libxbkcommon. libxkbcommon is (to some degree) + a fork of xkbcomp and some of the code base is identical. These CVEs + were published earlier as:</p> + <ul> + <li>CVE-2018-15853: Endless recursion in xkbcomp/expr.c resulting in a crash</li> + <li>CVE-2018-15859: NULL pointer dereference when parsing invalid atoms in + ExprResolveLhs resulting in a crash</li> + <li>CVE-2018-15861: NULL pointer dereference in ExprResolveLhs resulting + in a crash</li> + <li>CVE-2018-15863: NULL pointer dereference in ResolveStateAndPredicate + resulting in a crash</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2018-15863</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2018-15863</url> + <cvename>CVE-2018-15859</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2018-15859</url> + <cvename>CVE-2018-15861</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2018-15861</url> + <cvename>CVE-2018-15863</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2018-15863</url> + </references> + <dates> + <discovery>2025-12-03</discovery> + <entry>2025-12-05</entry> + </dates> + </vuln> + + <vuln vid="f323f148-d181-11f0-841f-843a4b343614"> + <topic>png -- Out-of-bounds read</topic> + <affects> + <package> + <name>png</name> + <range><lt>1.6.52</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f reports:</p> + <blockquote cite="https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f"> + <p>Prior to 1.6.52, an out-of-bounds read vulnerability in + libpng's simplified API allows reading up to 1012 bytes beyond the + png_sRGB_base[512] array when processing valid palette PNG images + with partial transparency and gamma correction. The PNG files that + trigger this vulnerability are valid per the PNG specification; the + bug is in libpng's internal state management.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-66293</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2025-66293</url> + </references> + <dates> + <discovery>2025-12-03</discovery> + <entry>2025-12-05</entry> + </dates> + </vuln> + + <vuln vid="be3167b5-d140-11f0-ad27-c01803b56cc4"> + <topic>libvirt -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>libvirt</name> + <range><lt>11.10.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The libvirt project reports:</p> + <blockquote cite="https://libvirt.org/news.html#v11-10-0-2025-12-01"> + <p>See <a href="https://libvirt.org/news.html#v11-10-0-2025-12-01"> + changelog</a> for details.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-12748</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2025-12748</url> + <cvename>CVE-2025-13193</cvename> + <url>https://cveawg.mitre.org/api/cve/CVE-2025-13193</url> + </references> + <dates> + <discovery>2025-11-11</discovery> + <entry>2025-12-04</entry> + </dates> + </vuln> + + <vuln vid="6ebe4a30-d138-11f0-af8c-8447094a420f"> + <topic>Apache httpd -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>apache24</name> + <range><lt>2.4.66</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Apache httpd project reports:</p> + <blockquote cite="https://downloads.apache.org/httpd/CHANGES_2.4.66"> + <p>See <a href="https://downloads.apache.org/httpd/CHANGES_2.4.66"> + changelog</a> or <a href="https://httpd.apache.org/security/vulnerabilities_24.html"> + 2.4 vulnerabilities</a> for details.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-66200</cvename> + <cvename>CVE-2025-65082</cvename> + <cvename>CVE-2025-59775</cvename> + <cvename>CVE-2025-58098</cvename> + <cvename>CVE-2025-55753</cvename> + <url>https://downloads.apache.org/httpd/CHANGES_2.4.66</url> + </references> + <dates> + <discovery>2025-12-04</discovery> + <entry>2025-12-04</entry> + </dates> + </vuln> + + <vuln vid="245bd19f-d035-11f0-84e9-c7a56e37e3f0"> + <topic>go -- excessive resource consumption</topic> + <affects> + <package> + <name>go124</name> + <range><lt>1.24.11</lt></range> + </package> + <package> + <name>go125</name> + <range><lt>1.25.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Go project reports:</p> + <blockquote cite="https://pkg.go.dev/vuln/GO-2025-4155"> + <p>Within HostnameError.Error(), when constructing an error + string, there is no limit to the number of hosts that will + be printed out.</p> + <p>Furthermore, the error string is constructed by repeated + string concatenation, leading to quadratic runtime. + Therefore, a certificate provided by a malicious actor can + result in excessive resource consumption.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-61729</cvename> + <url>https://pkg.go.dev/vuln/GO-2025-4155</url> + </references> + <dates> + <discovery>2025-12-02</discovery> + <entry>2025-12-03</entry> + </dates> + </vuln> + <vuln vid="eda92945-ced4-11f0-a958-b42e991fc52e"> <topic>MongoDB -- Missing Authorization</topic> <affects> |