diff options
Diffstat (limited to 'security')
35 files changed, 367 insertions, 119 deletions
diff --git a/security/Makefile b/security/Makefile index 46547e92bf04..d8b14da244aa 100644 --- a/security/Makefile +++ b/security/Makefile @@ -282,6 +282,7 @@ SUBDIR += lasso SUBDIR += lastpass-cli SUBDIR += lego + SUBDIR += lfacme SUBDIR += libaegis SUBDIR += libargon2 SUBDIR += libassuan diff --git a/security/aws-lc/Makefile b/security/aws-lc/Makefile index e72557e40eea..0bafd001dc8c 100644 --- a/security/aws-lc/Makefile +++ b/security/aws-lc/Makefile @@ -1,5 +1,5 @@ PORTNAME= aws-lc -PORTVERSION= 1.52.1 +PORTVERSION= 1.53.0 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/aws-lc/distinfo b/security/aws-lc/distinfo index 489abb390a58..48a0cd1e409f 100644 --- a/security/aws-lc/distinfo +++ b/security/aws-lc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1748831216 -SHA256 (aws-aws-lc-v1.52.1_GH0.tar.gz) = fe552e3c3522f73afc3c30011745c431c633f7b4e25dcd7b38325f194a7b3b75 -SIZE (aws-aws-lc-v1.52.1_GH0.tar.gz) = 126954534 +TIMESTAMP = 1750188014 +SHA256 (aws-aws-lc-v1.53.0_GH0.tar.gz) = b7c3a456df40c0d19621848e8c7b70c1fa333f9e8f5aa72755890fb50c9963de +SIZE (aws-aws-lc-v1.53.0_GH0.tar.gz) = 126984389 diff --git a/security/boringssl/Makefile b/security/boringssl/Makefile index 27f7c73d1a2a..d72689f75660 100644 --- a/security/boringssl/Makefile +++ b/security/boringssl/Makefile @@ -1,5 +1,5 @@ PORTNAME= boringssl -PORTVERSION= 0.0.0.0.2025.06.05.01 +PORTVERSION= 0.0.0.0.2025.06.25.01 CATEGORIES= security EXTRACT_ONLY= ${GH_ACCOUNT}-${PORTNAME}-${PORTVERSION}-${GH_TAGNAME}_GH0.tar.gz @@ -19,7 +19,7 @@ CPE_VENDOR= google USE_GITHUB= yes GH_ACCOUNT= google -GH_TAGNAME= 5622da9 +GH_TAGNAME= 78b48c1 CMAKE_ARGS+= -DBUILD_SHARED_LIBS=1 CFLAGS_i386= -msse2 diff --git a/security/boringssl/distinfo b/security/boringssl/distinfo index c05036202f73..64e40c2a4f5f 100644 --- a/security/boringssl/distinfo +++ b/security/boringssl/distinfo @@ -1,4 +1,4 @@ -TIMESTAMP = 1749831968 +TIMESTAMP = 1750950234 SHA256 (filippo.io/edwards25519/@v/v1.1.0.zip) = 9ac43a686d06fdebd719f7af3866c87eb069302272dfb131007adf471c308b65 SIZE (filippo.io/edwards25519/@v/v1.1.0.zip) = 55809 SHA256 (filippo.io/edwards25519/@v/v1.1.0.mod) = 099556fc4d7e6f5cb135efdd8b6bb4c0932e38ea058c53fc5fa5ce285572fb61 @@ -11,5 +11,5 @@ SHA256 (golang.org/x/sys/@v/v0.32.0.zip) = 85d47075d21fd7ef35d9a47fc73f2356fb3cd SIZE (golang.org/x/sys/@v/v0.32.0.zip) = 1991164 SHA256 (golang.org/x/sys/@v/v0.32.0.mod) = f67e3e18f4c08e60a7e80726ab36b691fdcea5b81ae1c696ff64caf518bcfe3d SIZE (golang.org/x/sys/@v/v0.32.0.mod) = 35 -SHA256 (google-boringssl-0.0.0.0.2025.06.05.01-5622da9_GH0.tar.gz) = ae4f97f3adf33f578fc58bfa946e74f16cd1afec4bd213cc53d77c87be027c72 -SIZE (google-boringssl-0.0.0.0.2025.06.05.01-5622da9_GH0.tar.gz) = 46161255 +SHA256 (google-boringssl-0.0.0.0.2025.06.25.01-78b48c1_GH0.tar.gz) = 2cfaa5f01ecedb7d662d7b01cac6f2f5f873a52f694a44af69de9b8efcdb6e90 +SIZE (google-boringssl-0.0.0.0.2025.06.25.01-78b48c1_GH0.tar.gz) = 46168678 diff --git a/security/botan3/Makefile b/security/botan3/Makefile index a376d1c4fa7c..c5c0ff84d783 100644 --- a/security/botan3/Makefile +++ b/security/botan3/Makefile @@ -1,5 +1,5 @@ PORTNAME= botan -DISTVERSION= 3.7.1 +DISTVERSION= 3.8.1 CATEGORIES= security MASTER_SITES= http://botan.randombit.net/releases/ PKGNAMESUFFIX= ${_BOTANMAJOR} @@ -14,7 +14,8 @@ LICENSE_FILE= ${WRKSRC}/license.txt BUILD_DEPENDS= ${LOCALBASE}/include/boost/asio.hpp:devel/boost-libs -USES= compiler:c++20-lang cpe gmake llvm shebangfix tar:xz # llvm fixes build failure, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279136 +USES= compiler:c++20-lang cpe gmake shebangfix tar:xz + CPE_VENDOR= ${PORTNAME}_project USE_LDCONFIG= yes @@ -37,7 +38,7 @@ LDFLAGS+= -pthread DOCSDIR= ${LOCALBASE}/share/doc/${PORTNAME}-${PORTVERSION} -_SOABIVER= 7 +_SOABIVER= 8 _BOTANMAJOR= ${DISTVERSION:S/./ /g:[1]} _SHLIBVER= ${DISTVERSION:S/./ /g:[2]} _SHLIBVERPATCH= ${DISTVERSION:S/./ /g:[3]} @@ -47,10 +48,12 @@ PLIST_SUB= SHLIBVER=${_SHLIBVER} \ BOTANMAJOR=${_BOTANMAJOR} PORTDOCS= * -OPTIONS_DEFINE= DOCS MANPAGES PYTHON SQLITE3 +OPTIONS_DEFINE= DOCS LLVM_FROM_PORTS MANPAGES PYTHON SQLITE3 OPTIONS_DEFAULT= MANPAGES OPTIONS_SUB= yes +LLVM_FROM_PORTS_DESC= Use LLVM from ports to build + MANPAGES_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}sphinx>=0:textproc/py-sphinx@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}furo>=2022.6.21:textproc/py-furo@${PY_FLAVOR} MANPAGES_CONFIGURE_WITH= sphinx @@ -65,6 +68,15 @@ SQLITE3_CONFIGURE_WITH= sqlite3 .include <bsd.port.options.mk> +# llvm from ports fixes build failure, see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279136 +.if ${OPSYS} == FreeBSD && \ + ((${OSVERSION} >= 1500000) || \ + ${PORT_OPTIONS:MLLVM_FROM_PORTS}) +USES+= llvm +USES:= ${USES:Ncompiler\:*} # XXX avoid warnings +CHOSEN_COMPILER_TYPE= clang +.endif + .if ${ARCH} == aarch64 CONFIGURE_ARGS+= --cc-abi="-march=armv8-a+crypto" .elif ${ARCH:Mpowerpc64*} @@ -74,12 +86,6 @@ CONFIGURE_ARGS+= --disable-powercrypto .endif .endif -.if ${ARCH} == i386 || ${ARCH} == amd64 -PLIST_SUB+= HAS_RDRAND_RNG="" -.else -PLIST_SUB+= HAS_RDRAND_RNG="@comment " -.endif - .if ${ARCH} == i386 || ${ARCH} == amd64 || ${ARCH:Mpowerpc64*} PLIST_SUB+= HAS_PROCESSOR_RNG="" .else diff --git a/security/botan3/distinfo b/security/botan3/distinfo index e90946f4ca79..e64fce607f4f 100644 --- a/security/botan3/distinfo +++ b/security/botan3/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1738854685 -SHA256 (Botan-3.7.1.tar.xz) = fc0620463461caaea8e60f06711d7e437a3ad1eebd6de4ac29c14bbd901ccd1b -SIZE (Botan-3.7.1.tar.xz) = 8659408 +TIMESTAMP = 1747422221 +SHA256 (Botan-3.8.1.tar.xz) = b039681d4b861a2f5853746d8ba806f553e23869ed72d89edbfa3c3dbfa17e68 +SIZE (Botan-3.8.1.tar.xz) = 8706304 diff --git a/security/krb5-devel/Makefile b/security/krb5-devel/Makefile index 36aa57f35ae2..6745764fa63d 100644 --- a/security/krb5-devel/Makefile +++ b/security/krb5-devel/Makefile @@ -8,8 +8,8 @@ PKGNAME_X= -${FLAVOR:S/default//} .endif PKGNAMESUFFIX= ${PKGNAME_X:S/--/-/:C/-$//} -HASH= 61e92fe9a -MIT_COMMIT_DATE= 2025.04.06 +HASH= 1113e746a +MIT_COMMIT_DATE= 2025.06.17 PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 diff --git a/security/krb5-devel/distinfo b/security/krb5-devel/distinfo index addd917f9451..83e6497143e7 100644 --- a/security/krb5-devel/distinfo +++ b/security/krb5-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1747800263 -SHA256 (krb5-krb5-1.22.2025.04.06-61e92fe9a_GH0.tar.gz) = 2eae92b633a9c77a66fbcb6a5acba93bf5bc6eb75b95ded662c9c4509ba16255 -SIZE (krb5-krb5-1.22.2025.04.06-61e92fe9a_GH0.tar.gz) = 4679049 +TIMESTAMP = 1750876627 +SHA256 (krb5-krb5-1.22.2025.06.17-1113e746a_GH0.tar.gz) = 535c723d44a5fb50ffe3aeb8e1198e81bf1485d24d0f11aa62f56f80dd9c283f +SIZE (krb5-krb5-1.22.2025.06.17-1113e746a_GH0.tar.gz) = 4683455 diff --git a/security/libcryptui/Makefile b/security/libcryptui/Makefile index addf4a236690..b1cbf9ef4783 100644 --- a/security/libcryptui/Makefile +++ b/security/libcryptui/Makefile @@ -9,6 +9,10 @@ MAINTAINER= gnome@FreeBSD.org COMMENT= GNOME application for managing encryption keys (PGP, SSH) WWW= https://gitlab.gnome.org/GNOME/libcryptui +DEPRECATED= abandoned project +EXPIRATION_DATE=2025-06-30 +BROKEN= does not build with gpgme 2.x + BUILD_DEPENDS= seahorse>=3.0.0:security/seahorse \ gpg:security/gnupg LIB_DEPENDS= libgpgme.so:security/gpgme \ diff --git a/security/netbird/Makefile b/security/netbird/Makefile index c5ddbbccf8b7..4c189fbd0f94 100644 --- a/security/netbird/Makefile +++ b/security/netbird/Makefile @@ -1,6 +1,6 @@ PORTNAME= netbird DISTVERSIONPREFIX= v -DISTVERSION= 0.47.2 +DISTVERSION= 0.49.0 CATEGORIES= security net net-vpn MAINTAINER= hakan.external@netbird.io @@ -16,15 +16,15 @@ NOT_FOR_ARCHS_REASON= "no 32-bit builds supported" RUN_DEPENDS= ca_root_nss>0:security/ca_root_nss USES= go:modules -USE_RC_SUBR= netbird +USE_RC_SUBR= ${PORTNAME} GO_MODULE= github.com/netbirdio/netbird -GO_TARGET= ./client:netbird +GO_TARGET= ./client:${PORTNAME} GO_BUILDFLAGS= -tags freebsd -o ${PORTNAME} -ldflags \ "-s -w -X github.com/netbirdio/netbird/version.version=${DISTVERSION}" -WRKSRC= ${WRKDIR}/netbird-${DISTVERSION} +WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION} -PLIST_FILES= bin/netbird +PLIST_FILES= bin/${PORTNAME} .include <bsd.port.mk> diff --git a/security/netbird/distinfo b/security/netbird/distinfo index 76ba6e320c5e..0806cc6f24f0 100644 --- a/security/netbird/distinfo +++ b/security/netbird/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1749687672 -SHA256 (go/security_netbird/netbird-v0.47.2/v0.47.2.mod) = dd8e2b5f3ee570d2ef933101c6fb7bc5de05dae258f0c7ea7602e8db42238acb -SIZE (go/security_netbird/netbird-v0.47.2/v0.47.2.mod) = 12507 -SHA256 (go/security_netbird/netbird-v0.47.2/v0.47.2.zip) = 8671becd05ff5437daa98b34e76819cd0908c1a040f49a369c9e26ed8cc64831 -SIZE (go/security_netbird/netbird-v0.47.2/v0.47.2.zip) = 2917482 +TIMESTAMP = 1750840361 +SHA256 (go/security_netbird/netbird-v0.49.0/v0.49.0.mod) = dd8e2b5f3ee570d2ef933101c6fb7bc5de05dae258f0c7ea7602e8db42238acb +SIZE (go/security_netbird/netbird-v0.49.0/v0.49.0.mod) = 12507 +SHA256 (go/security_netbird/netbird-v0.49.0/v0.49.0.zip) = c1aa8b8749cdb1a471425ce5aac7d90e318e6f6280f51a8b72ca18ad241f7bfb +SIZE (go/security_netbird/netbird-v0.49.0/v0.49.0.zip) = 2921705 diff --git a/security/netbird/files/netbird.in b/security/netbird/files/netbird.in index a05f7f099ee0..ddd19f27cd52 100644 --- a/security/netbird/files/netbird.in +++ b/security/netbird/files/netbird.in @@ -16,8 +16,8 @@ # Default: 'info' # netbird_logfile (path): Path to the client log file. # Default: /var/log/netbird/client.log -# netbird_env (str): Extra environment variables for the daemon, in KEY=VALUE format. -# Default: 'IS_DAEMON=1' +# netbird_tun_dev (str): Name of the TUN device used by Netbird for its VPN tunnel. +# Default: wt0 # . /etc/rc.subr @@ -32,11 +32,33 @@ load_rc_config "$name" : ${netbird_socket:="/var/run/netbird.sock"} : ${netbird_loglevel:="info"} : ${netbird_logfile:="/var/log/netbird/client.log"} -: ${netbird_env:="IS_DAEMON=1"} +: ${netbird_tun_dev:="wt0"} pidfile="/var/run/${name}.pid" command="/usr/sbin/daemon" daemon_args="-P ${pidfile} -r -t \"${name}: daemon\"" command_args="${daemon_args} %%PREFIX%%/bin/netbird service run --config ${netbird_config} --log-level ${netbird_loglevel} --daemon-addr unix://${netbird_socket} --log-file ${netbird_logfile}" +start_precmd="${name}_start_precmd" +stop_postcmd="${name}_stop_postcmd" + +netbird_start_precmd() { + logger -s -t netbird "Starting ${name}." + # Check for orphaned netbird tunnel interface + # And if it exists, then destroy it + if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then + if ! /sbin/ifconfig ${netbird_tun_dev} | fgrep -qw PID; then + logger -s -t netbird "Found orphaned tunnel interface ${netbird_tun_dev}, destroying" + /sbin/ifconfig ${netbird_tun_dev} destroy + fi + fi +} + +netbird_stop_postcmd() { + if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then + logger -s -t netbird "Destroying tunnel interface ${netbird_tun_dev}" + /sbin/ifconfig ${netbird_tun_dev} destroy || \ + logger -s -t netbird "Failed to destroy interface ${netbird_tun_dev}" + fi +} run_rc_command "$1" diff --git a/security/nuclei/Makefile b/security/nuclei/Makefile index 3a2828d806b2..bf4fd87882ba 100644 --- a/security/nuclei/Makefile +++ b/security/nuclei/Makefile @@ -1,6 +1,6 @@ PORTNAME= nuclei DISTVERSIONPREFIX= v -DISTVERSION= 3.4.4 +DISTVERSION= 3.4.5 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/nuclei/distinfo b/security/nuclei/distinfo index a4c3ceade456..e4cf46444ae0 100644 --- a/security/nuclei/distinfo +++ b/security/nuclei/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1749429917 -SHA256 (go/security_nuclei/nuclei-v3.4.4/v3.4.4.mod) = 9e805e04dec4da32e582d774928290dd9b337ec1fd9fe49b5a38dc4f2d8fa9f3 -SIZE (go/security_nuclei/nuclei-v3.4.4/v3.4.4.mod) = 17916 -SHA256 (go/security_nuclei/nuclei-v3.4.4/v3.4.4.zip) = c574a8583455d3faaa9e50d87d24a2b8b283f22fecc796e2a58478c7525dddbd -SIZE (go/security_nuclei/nuclei-v3.4.4/v3.4.4.zip) = 12381056 +TIMESTAMP = 1750899492 +SHA256 (go/security_nuclei/nuclei-v3.4.5/v3.4.5.mod) = 5afbb1c8d97f83b0d2b11bd9bf677f5b88043b95241def65c6cdf11d290bbdbe +SIZE (go/security_nuclei/nuclei-v3.4.5/v3.4.5.mod) = 17916 +SHA256 (go/security_nuclei/nuclei-v3.4.5/v3.4.5.zip) = d88771513264794e0f2acb6c03682492363addc36b92c80330fb25ff747462ac +SIZE (go/security_nuclei/nuclei-v3.4.5/v3.4.5.zip) = 12383461 diff --git a/security/plasma6-kscreenlocker/distinfo b/security/plasma6-kscreenlocker/distinfo index 832f8bbd7964..9b45a355b193 100644 --- a/security/plasma6-kscreenlocker/distinfo +++ b/security/plasma6-kscreenlocker/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750010496 -SHA256 (KDE/plasma/6.4.0/kscreenlocker-6.4.0.tar.xz) = b840202ba6b5bd7832ab2116beee2c8e386fa9b844e6db0e425a84006b6698fa -SIZE (KDE/plasma/6.4.0/kscreenlocker-6.4.0.tar.xz) = 183788 +TIMESTAMP = 1750789611 +SHA256 (KDE/plasma/6.4.1/kscreenlocker-6.4.1.tar.xz) = c849dc939a050a26f270393f8b59e8b86d671983a752e014af7c89a1c955b925 +SIZE (KDE/plasma/6.4.1/kscreenlocker-6.4.1.tar.xz) = 183776 diff --git a/security/plasma6-ksshaskpass/distinfo b/security/plasma6-ksshaskpass/distinfo index 0762978afab7..8196ba2a8c6e 100644 --- a/security/plasma6-ksshaskpass/distinfo +++ b/security/plasma6-ksshaskpass/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750010496 -SHA256 (KDE/plasma/6.4.0/ksshaskpass-6.4.0.tar.xz) = ce3c7ba9f16638eb5e0378821448a84b9a0619228be8196e55c395fd4d743806 -SIZE (KDE/plasma/6.4.0/ksshaskpass-6.4.0.tar.xz) = 30792 +TIMESTAMP = 1750789611 +SHA256 (KDE/plasma/6.4.1/ksshaskpass-6.4.1.tar.xz) = 5495db2d45f9b2ac50a81382f7e38c99ab83d7ea34adcf72b05c260d9d8a3433 +SIZE (KDE/plasma/6.4.1/ksshaskpass-6.4.1.tar.xz) = 30796 diff --git a/security/plasma6-kwallet-pam/Makefile b/security/plasma6-kwallet-pam/Makefile index b4aad08a3703..538b12ebeb1b 100644 --- a/security/plasma6-kwallet-pam/Makefile +++ b/security/plasma6-kwallet-pam/Makefile @@ -1,6 +1,5 @@ PORTNAME= kwallet-pam DISTVERSION= ${KDE_PLASMA_VERSION} -PORTREVISION= 1 CATEGORIES= security kde kde-plasma MAINTAINER= kde@FreeBSD.org diff --git a/security/plasma6-kwallet-pam/distinfo b/security/plasma6-kwallet-pam/distinfo index eb3872634da1..81c94e309bb8 100644 --- a/security/plasma6-kwallet-pam/distinfo +++ b/security/plasma6-kwallet-pam/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750010496 -SHA256 (KDE/plasma/6.4.0/kwallet-pam-6.4.0.tar.xz) = 450e4d6b804c597eb51159000e193688926e4d8225ae19a1627e25d11feb8b5e -SIZE (KDE/plasma/6.4.0/kwallet-pam-6.4.0.tar.xz) = 22396 +TIMESTAMP = 1750789612 +SHA256 (KDE/plasma/6.4.1/kwallet-pam-6.4.1.tar.xz) = 04d4d7075cb93cac10a7e0504836d961c7a2eda4f08987bb500f927200298b7c +SIZE (KDE/plasma/6.4.1/kwallet-pam-6.4.1.tar.xz) = 22400 diff --git a/security/py-certifi/Makefile b/security/py-certifi/Makefile index c1a72415dd68..b4ae106315be 100644 --- a/security/py-certifi/Makefile +++ b/security/py-certifi/Makefile @@ -1,5 +1,5 @@ PORTNAME= certifi -PORTVERSION= 2025.4.26 +PORTVERSION= 2025.6.15 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -10,7 +10,7 @@ WWW= https://github.com/certifi/python-certifi LICENSE= MPL20 -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=0:devel/py-setuptools@${PY_FLAVOR} \ +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=42.0.0:devel/py-setuptools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} USES= python diff --git a/security/py-certifi/distinfo b/security/py-certifi/distinfo index 7bdf8d62e8ce..fe596debd52b 100644 --- a/security/py-certifi/distinfo +++ b/security/py-certifi/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745936214 -SHA256 (certifi-2025.4.26.tar.gz) = 0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6 -SIZE (certifi-2025.4.26.tar.gz) = 160705 +TIMESTAMP = 1750188134 +SHA256 (certifi-2025.6.15.tar.gz) = d747aa5a8b9bbbb1bb8c22bb13e22bd1f18e9796defa16bab421f7f7a317323b +SIZE (certifi-2025.6.15.tar.gz) = 158753 diff --git a/security/py-webauthn/Makefile b/security/py-webauthn/Makefile index 2c97531fd969..0224d6c5af41 100644 --- a/security/py-webauthn/Makefile +++ b/security/py-webauthn/Makefile @@ -1,5 +1,5 @@ PORTNAME= webauthn -PORTVERSION= 2.5.2 +PORTVERSION= 2.6.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -12,7 +12,7 @@ WWW= https://duo-labs.github.io/py_webauthn/ \ LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=0:devel/py-setuptools@${PY_FLAVOR} \ +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=61.0:devel/py-setuptools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}asn1crypto>=1.5.1:devel/py-asn1crypto@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}cbor2>=5.6.5:devel/py-cbor2@${PY_FLAVOR} \ diff --git a/security/py-webauthn/distinfo b/security/py-webauthn/distinfo index 3490692fa0ea..4b6631072a69 100644 --- a/security/py-webauthn/distinfo +++ b/security/py-webauthn/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1749813110 -SHA256 (webauthn-2.5.2.tar.gz) = 09c13dfc1c68c810f32fa4d89b1d37acb9f9ae9091c9d7019e313be4525a95ef -SIZE (webauthn-2.5.2.tar.gz) = 124114 +TIMESTAMP = 1750188136 +SHA256 (webauthn-2.6.0.tar.gz) = 13cf5b009a64cef569599ffecf24550df1d7c0cd4fbaea870f937148484a80b4 +SIZE (webauthn-2.6.0.tar.gz) = 123608 diff --git a/security/py-webauthn/files/patch-pyproject.toml b/security/py-webauthn/files/patch-pyproject.toml new file mode 100644 index 000000000000..e2799155d521 --- /dev/null +++ b/security/py-webauthn/files/patch-pyproject.toml @@ -0,0 +1,12 @@ +--- pyproject.toml.orig 2025-06-16 22:25:09 UTC ++++ pyproject.toml +@@ -7,8 +7,7 @@ readme = "README.md" + dynamic = ["version"] + description = "Pythonic WebAuthn" + readme = "README.md" +-license = "BSD-3-Clause" +-license-files = ["LICENSE"] ++license = { text = "BSD-3-Clause" } + keywords = ["webauthn", "fido2"] + authors = [{ name = "Duo Labs", email = "labs@duo.com" }] + classifiers = [ diff --git a/security/rnp/Makefile b/security/rnp/Makefile index c8dc94c9cdac..77944be6a051 100644 --- a/security/rnp/Makefile +++ b/security/rnp/Makefile @@ -1,6 +1,7 @@ PORTNAME= rnp DISTVERSIONPREFIX= v DISTVERSION= 0.18.0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://github.com/rnpgp/${PORTNAME}/releases/download/${DISTVERSIONFULL}/ diff --git a/security/rubygem-rasn1/Makefile b/security/rubygem-rasn1/Makefile index 5a7fc4753d36..a9dda07d9e6f 100644 --- a/security/rubygem-rasn1/Makefile +++ b/security/rubygem-rasn1/Makefile @@ -1,5 +1,5 @@ PORTNAME= rasn1 -PORTVERSION= 0.15.0 +PORTVERSION= 0.16.0 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-rasn1/distinfo b/security/rubygem-rasn1/distinfo index 4cd85543dcce..a19adb8a6d67 100644 --- a/security/rubygem-rasn1/distinfo +++ b/security/rubygem-rasn1/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1736671257 -SHA256 (rubygem/rasn1-0.15.0.gem) = 6d3a8c94f8dbdbdc346f1a17ad905e99bbe6c754b1effba80d857b94f8ce5600 -SIZE (rubygem/rasn1-0.15.0.gem) = 29696 +TIMESTAMP = 1750188250 +SHA256 (rubygem/rasn1-0.16.0.gem) = c3f482cd6163822f98f31e3397b0528f3abe1f244093095abf0946e656be5c2b +SIZE (rubygem/rasn1-0.16.0.gem) = 29696 diff --git a/security/tscli/Makefile b/security/tscli/Makefile index d86f970157cc..dc2147eb3484 100644 --- a/security/tscli/Makefile +++ b/security/tscli/Makefile @@ -1,7 +1,6 @@ PORTNAME= tscli DISTVERSIONPREFIX= v -DISTVERSION= 0.0.7 -PORTREVISION= 1 +DISTVERSION= 0.0.8 CATEGORIES= security MAINTAINER= dtxdf@FreeBSD.org diff --git a/security/tscli/distinfo b/security/tscli/distinfo index e938f26fd9d2..efb08192281b 100644 --- a/security/tscli/distinfo +++ b/security/tscli/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1748984412 -SHA256 (go/security_tscli/tscli-v0.0.7/v0.0.7.mod) = 7a2fdc5e3af52d5109a5e92304981f0504d30dc6d8b60ce0f7e77aad321a7cb6 -SIZE (go/security_tscli/tscli-v0.0.7/v0.0.7.mod) = 2490 -SHA256 (go/security_tscli/tscli-v0.0.7/v0.0.7.zip) = 6e2e69078b0c442f70c0bfc048c2c1f4043445031ae183aea95c58bbaa17422d -SIZE (go/security_tscli/tscli-v0.0.7/v0.0.7.zip) = 90576 +TIMESTAMP = 1750799402 +SHA256 (go/security_tscli/tscli-v0.0.8/v0.0.8.mod) = af60e402176095e07127536838df7fdce64b4a840bbb23869ac208c04d476f5f +SIZE (go/security_tscli/tscli-v0.0.8/v0.0.8.mod) = 2796 +SHA256 (go/security_tscli/tscli-v0.0.8/v0.0.8.zip) = 885f4c2b781c29c4b4d53ead18a07b7efcfd68c504996346553b91255a234e50 +SIZE (go/security_tscli/tscli-v0.0.8/v0.0.8.zip) = 92477 diff --git a/security/vuls/Makefile b/security/vuls/Makefile index 9e88ccf86b2f..f2f41cbbf54c 100644 --- a/security/vuls/Makefile +++ b/security/vuls/Makefile @@ -1,7 +1,6 @@ PORTNAME= vuls DISTVERSIONPREFIX=v -DISTVERSION= 0.32.0 -PORTREVISION= 2 +DISTVERSION= 0.33.1 CATEGORIES= security MAINTAINER= girgen@FreeBSD.org @@ -25,6 +24,9 @@ SUB_LIST= PORTNAME=${PORTNAME} USERS=${USERS} GROUPS=${GROUPS} USERS= vuls GROUPS= vuls +NOT_FOR_ARCHS= i386 +NOT_FOR_ARCHS_REASON_i386= https://gitlab.com/cznic/libc/-/issues/45 + post-patch: @${REINPLACE_CMD} -e 's,%%ETCDIR%%,${ETCDIR},' \ ${WRKSRC}/subcmds/configtest.go \ diff --git a/security/vuls/distinfo b/security/vuls/distinfo index 171f6cc2ca7b..1524e85119a6 100644 --- a/security/vuls/distinfo +++ b/security/vuls/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1747479508 -SHA256 (go/security_vuls/vuls-v0.32.0/v0.32.0.mod) = e3091e79324dcdd3e3c2959a3b9fa4ab03fc4d53a0ce41a76fc793a68b57302e -SIZE (go/security_vuls/vuls-v0.32.0/v0.32.0.mod) = 20795 -SHA256 (go/security_vuls/vuls-v0.32.0/v0.32.0.zip) = 1eed06de6c88de618a25184d843010c76b30b77a8e554f028a2700a5e267266b -SIZE (go/security_vuls/vuls-v0.32.0/v0.32.0.zip) = 1389053 +TIMESTAMP = 1750837237 +SHA256 (go/security_vuls/vuls-v0.33.1/v0.33.1.mod) = cffef0d92a21a68ae82e1eeb7dbf6504887496b042af76cb182e1e3fba9ece20 +SIZE (go/security_vuls/vuls-v0.33.1/v0.33.1.mod) = 20804 +SHA256 (go/security_vuls/vuls-v0.33.1/v0.33.1.zip) = 0bca1fe58726ef06e60e98d0849baff1c2aff6e1bd0de3722fe64314efec49c3 +SIZE (go/security_vuls/vuls-v0.33.1/v0.33.1.zip) = 1401641 diff --git a/security/vuls/files/patch-vendor_gorm.io_gorm_internal_stmt_store_stmt_store.go b/security/vuls/files/patch-vendor_gorm.io_gorm_internal_stmt_store_stmt_store.go deleted file mode 100644 index a249bd5099ae..000000000000 --- a/security/vuls/files/patch-vendor_gorm.io_gorm_internal_stmt_store_stmt_store.go +++ /dev/null @@ -1,29 +0,0 @@ -commit 8c4e8e2d2a63ef019048bd988a2016948605920b -Author: iTanken <23544702+iTanken@users.noreply.github.com> -Date: Sun Apr 27 14:05:16 2025 +0800 - - fix: int type variable defaultMaxSize overflows in 32-bit environment (#7439) - - Refs: #7435 - -diff --git a/internal/stmt_store/stmt_store.go b/internal/stmt_store/stmt_store.go -index 7068419..a82b2cf 100644 ---- vendor/gorm.io/gorm/internal/stmt_store/stmt_store.go -+++ vendor/gorm.io/gorm/internal/stmt_store/stmt_store.go -@@ -3,6 +3,7 @@ package stmt_store - import ( - "context" - "database/sql" -+ "math" - "sync" - "time" - -@@ -73,7 +74,7 @@ type Store interface { - // the cache can theoretically store as many elements as possible. - // (1 << 63) - 1 is the maximum value that an int64 type can represent. - const ( -- defaultMaxSize = (1 << 63) - 1 -+ defaultMaxSize = math.MaxInt - // defaultTTL defines the default time-to-live (TTL) for each cache entry. - // When the TTL for cache entries is not specified, each cache entry will expire after 24 hours. - defaultTTL = time.Hour * 24 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 88ecf66a42a7..a13b0b1015ce 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,235 @@ + <vuln vid="5e64770c-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior</topic> + <affects> + <package> + <name>mongodb60</name> + <range><lt>6.0.21</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.17</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@mongodb.com reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-106746"> + <p>An authenticated user may trigger a use after free that may result + in MongoDB Server crash and other unexpected behavior, even if the + user does not have authorization to shut down a server. The crash + is triggered on affected versions by issuing an aggregation framework + operation using a specific combination of rarely-used aggregation + pipeline expressions. This issue affects MongoDB Server v6.0 version + prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and + MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is + enabled.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6706</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6706</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="5cd2bd2b-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Race condition in privilege cache invalidation cycle</topic> + <affects> + <package> + <name>mongodb50</name> + <range><lt>5.0.31</lt></range> + </package> + <package> + <name>mongodb60</name> + <range><lt>6.0.24</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.21</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>NVD reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6707"> + <p>Under certain conditions, an authenticated user request + may execute with stale privileges following an intentional + change by an authorized administrator.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6707</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6707</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="5b87eef6-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication</topic> + <affects> + <package> + <name>mongodb60</name> + <range><lt>6.0.21</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.17</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>NVD reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6709"> + <p>The MongoDB Server is susceptible to a denial of service + vulnerability due to improper handling of specific date + values in JSON input when using OIDC authentication. + This can be reproduced using the mongo shell to send a + malicious JSON payload leading to an invariant failure + and server crash. </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6709</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6709</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="59ed4b19-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB</topic> + <affects> + <package> + <name>mongodb70</name> + <range><lt>7.0.17</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@mongodb.com reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-106749"> + <p>MongoDB Server may be susceptible to stack overflow due to JSON + parsing mechanism, where specifically crafted JSON inputs may induce + unwarranted levels of recursion, resulting in excessive stack space + consumption. Such inputs can lead to a stack overflow that causes + the server to crash which could occur pre-authorisation. This issue + affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB + Server v8.0 versions prior to 8.0.5. + The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, + but an attacker can only induce denial of service after authenticating.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6710</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6710</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="e26608ff-5266-11f0-b522-b42e991fc52e"> + <topic>kanboard -- Password Reset Poisoning via Host Header Injection</topic> + <affects> + <package> + <name>kanboard</name> + <range><lt>1.2.45</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>GitHub Security Advisories reports:</p> + <blockquote cite="null"> + <p> + Kanboard allows password reset emails to be sent with URLs + derived from the unvalidated Host header when the + application_url configuration is unset (default behavior). + This allows an attacker to craft a malicious password + reset link that leaks the token to an attacker-controlled + domain. If a victim (including an administrator) clicks + the poisoned link, their account can be taken over. This + affects all users who initiate a password reset while + application_url is not set. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-52560</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-52560</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="d45dabd9-5232-11f0-9ca4-2cf05da270f3"> + <topic>Gitlab -- Vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.1.0</ge><lt>18.1.1</lt></range> + <range><ge>18.0.0</ge><lt>18.0.3</lt></range> + <range><ge>16.10.0</ge><lt>17.11.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/06/25/patch-release-gitlab-18-1-1-released/"> + <p>Denial of Service impacts GitLab CE/EE</p> + <p>Missing Authentication issue impacts GitLab CE/EE</p> + <p>Improper access control issue impacts GitLab CE/EE</p> + <p>Elevation of Privilege impacts GitLab CE/EE</p> + <p>Improper access control issue impacts GitLab EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-3279</cvename> + <cvename>CVE-2025-1754</cvename> + <cvename>CVE-2025-5315</cvename> + <cvename>CVE-2025-2938</cvename> + <cvename>CVE-2025-5846</cvename> + <url>https://about.gitlab.com/releases/2025/06/25/patch-release-gitlab-18-1-1-released/</url> + </references> + <dates> + <discovery>2025-06-25</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + <vuln vid="03ba1cdd-4faf-11f0-af06-00a098b42aeb"> <topic>cisco -- OpenH264 Decoding Functions Heap Overflow Vulnerability</topic> <affects> diff --git a/security/wpa_supplicant-devel/Makefile b/security/wpa_supplicant-devel/Makefile index f4456e429e42..5aee9e01aadb 100644 --- a/security/wpa_supplicant-devel/Makefile +++ b/security/wpa_supplicant-devel/Makefile @@ -1,6 +1,5 @@ PORTNAME= wpa_supplicant PORTVERSION= ${COMMIT_DATE} -PORTREVISION= 1 CATEGORIES= security net PKGNAMESUFFIX= -devel @@ -11,8 +10,8 @@ WWW= https://w1.fi/wpa_supplicant/ USE_GITHUB= yes GH_ACCOUNT= cschuber GH_PROJECT= hostap -GH_TAGNAME= 54930b62b -COMMIT_DATE= 2025.05.08 +GH_TAGNAME= 0b60826a6 +COMMIT_DATE= 2025.06.25 LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/README diff --git a/security/wpa_supplicant-devel/distinfo b/security/wpa_supplicant-devel/distinfo index 4eabde753e8c..dcac53e1a70b 100644 --- a/security/wpa_supplicant-devel/distinfo +++ b/security/wpa_supplicant-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1747800845 -SHA256 (cschuber-hostap-2025.05.08-54930b62b_GH0.tar.gz) = 945b6a16ef7e6071309f1aa02168e05de26ec91b7e4cf8f6eb556fcd649012bb -SIZE (cschuber-hostap-2025.05.08-54930b62b_GH0.tar.gz) = 5291910 +TIMESTAMP = 1750881106 +SHA256 (cschuber-hostap-2025.06.25-0b60826a6_GH0.tar.gz) = 308a2a3a1edf5154a6d44dfa6dc07d9cf61d6bef54be16cdd76683984c83bf7e +SIZE (cschuber-hostap-2025.06.25-0b60826a6_GH0.tar.gz) = 5313294 |