diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/fizz/Makefile | 2 | ||||
-rw-r--r-- | security/fizz/distinfo | 6 | ||||
-rw-r--r-- | security/lego/Makefile | 4 | ||||
-rw-r--r-- | security/lego/distinfo | 10 | ||||
-rw-r--r-- | security/naabu/Makefile | 4 | ||||
-rw-r--r-- | security/naabu/distinfo | 10 | ||||
-rw-r--r-- | security/node-sqlcipher/Makefile | 4 | ||||
-rw-r--r-- | security/node-sqlcipher/distinfo | 18 | ||||
-rw-r--r-- | security/pecl-gnupg/files/patch-php85 | 31 | ||||
-rw-r--r-- | security/py-certifi/Makefile | 2 | ||||
-rw-r--r-- | security/py-certifi/distinfo | 6 | ||||
-rw-r--r-- | security/py-joserfc/Makefile | 2 | ||||
-rw-r--r-- | security/py-joserfc/distinfo | 6 | ||||
-rw-r--r-- | security/snort3/Makefile | 3 | ||||
-rw-r--r-- | security/snort3/distinfo | 6 | ||||
-rw-r--r-- | security/snort3/pkg-plist | 2 | ||||
-rw-r--r-- | security/sudo-rs/Makefile | 1 | ||||
-rw-r--r-- | security/sudo-rs/files/patch-src_system_mod.rs | 13 | ||||
-rw-r--r-- | security/sudo-rs/pkg-descr-coexist | 4 | ||||
-rw-r--r-- | security/vuxml/vuln/2025.xml | 58 |
20 files changed, 150 insertions, 42 deletions
diff --git a/security/fizz/Makefile b/security/fizz/Makefile index 34ec1011e8f7..52d84d866404 100644 --- a/security/fizz/Makefile +++ b/security/fizz/Makefile @@ -1,6 +1,6 @@ PORTNAME= fizz DISTVERSIONPREFIX= v -DISTVERSION= 2025.07.07.00 +DISTVERSION= 2025.07.21.00 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/fizz/distinfo b/security/fizz/distinfo index 3adc96cbaa66..61fd5fd39bbb 100644 --- a/security/fizz/distinfo +++ b/security/fizz/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752053888 -SHA256 (facebookincubator-fizz-v2025.07.07.00_GH0.tar.gz) = 86635b14d000c6e8e61a3edfbd9ad51764c9bf84b3702d73ac6dadff97786c99 -SIZE (facebookincubator-fizz-v2025.07.07.00_GH0.tar.gz) = 759365 +TIMESTAMP = 1753158778 +SHA256 (facebookincubator-fizz-v2025.07.21.00_GH0.tar.gz) = 8e2eef377e81913edb70bd2beb53ed0f3b56048411314c557f8d9028c7b983f1 +SIZE (facebookincubator-fizz-v2025.07.21.00_GH0.tar.gz) = 762878 diff --git a/security/lego/Makefile b/security/lego/Makefile index e2b6deead144..d6919c372941 100644 --- a/security/lego/Makefile +++ b/security/lego/Makefile @@ -1,6 +1,6 @@ PORTNAME= lego DISTVERSIONPREFIX= v -DISTVERSION= 4.24.0 +DISTVERSION= 4.25.1 CATEGORIES= security MAINTAINER= matt@matthoran.com @@ -12,7 +12,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss -USES= go:1.23,modules +USES= go:modules GO_MODULE= github.com/go-acme/lego/v4 GO_TARGET= ./cmd/lego GO_BUILDFLAGS= -ldflags '-X "main.version=${DISTVERSION}"' diff --git a/security/lego/distinfo b/security/lego/distinfo index ee445fe960dc..38327b4fc1b1 100644 --- a/security/lego/distinfo +++ b/security/lego/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1752932681 -SHA256 (go/security_lego/lego-v4.24.0/v4.24.0.mod) = 4ee2e188492702303c89e3703b26d3cbb10cbdde9ff002e4e8f842f15b81763f -SIZE (go/security_lego/lego-v4.24.0/v4.24.0.mod) = 11037 -SHA256 (go/security_lego/lego-v4.24.0/v4.24.0.zip) = f6a58c88e80aa6d4ffb8eba3b4fd313bba2b3ed3a3b1bbfd23b33fad1bbe7642 -SIZE (go/security_lego/lego-v4.24.0/v4.24.0.zip) = 1502515 +TIMESTAMP = 1753224987 +SHA256 (go/security_lego/lego-v4.25.1/v4.25.1.mod) = d4a62b1d418a18edeb1389150c8d2b6726ce7dd8fb4b4f17958562a5e0136884 +SIZE (go/security_lego/lego-v4.25.1/v4.25.1.mod) = 10758 +SHA256 (go/security_lego/lego-v4.25.1/v4.25.1.zip) = 3227df424f99eabfb24cba0a636fb710a5084212fd9051385a63fea6c9f7321b +SIZE (go/security_lego/lego-v4.25.1/v4.25.1.zip) = 1562186 diff --git a/security/naabu/Makefile b/security/naabu/Makefile index 2a4dd1621e14..3d1385cb4f89 100644 --- a/security/naabu/Makefile +++ b/security/naabu/Makefile @@ -1,6 +1,6 @@ PORTNAME= naabu DISTVERSIONPREFIX= v -DISTVERSION= 2.3.4 +DISTVERSION= 2.3.5 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org @@ -9,7 +9,7 @@ WWW= https://github.com/projectdiscovery/naabu LICENSE= MIT -USES= go:1.23,modules +USES= go:1.24,modules GO_MODULE= github.com/projectdiscovery/naabu/v2 GO_TARGET= ./cmd/${PORTNAME} diff --git a/security/naabu/distinfo b/security/naabu/distinfo index 95692c03c54d..674b49e0f45d 100644 --- a/security/naabu/distinfo +++ b/security/naabu/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1744947331 -SHA256 (go/security_naabu/naabu-v2.3.4/v2.3.4.mod) = 37477fafd0b3b04592d1c7104ddf9dfafe87d579bb2cc3dcab93621b9549b283 -SIZE (go/security_naabu/naabu-v2.3.4/v2.3.4.mod) = 6288 -SHA256 (go/security_naabu/naabu-v2.3.4/v2.3.4.zip) = 534e0e1318f8a4fb7fee5db3b3d2f6537145beb4037958d6df4a68e69de6ee0d -SIZE (go/security_naabu/naabu-v2.3.4/v2.3.4.zip) = 506886 +TIMESTAMP = 1753248989 +SHA256 (go/security_naabu/naabu-v2.3.5/v2.3.5.mod) = c6ea2b8c6fa1e166e02d9a074514b9a77c1bf2914f52e4ba411726a9c798349b +SIZE (go/security_naabu/naabu-v2.3.5/v2.3.5.mod) = 6743 +SHA256 (go/security_naabu/naabu-v2.3.5/v2.3.5.zip) = 77c0c9136c85afc93a3d16811d76e491b23a3be2e077847c80d6e2258b2dfa87 +SIZE (go/security_naabu/naabu-v2.3.5/v2.3.5.zip) = 527140 diff --git a/security/node-sqlcipher/Makefile b/security/node-sqlcipher/Makefile index adeb2171a6e1..3619cf6c698c 100644 --- a/security/node-sqlcipher/Makefile +++ b/security/node-sqlcipher/Makefile @@ -1,5 +1,5 @@ PORTNAME= node-sqlcipher -DISTVERSION= 2.0.3 +DISTVERSION= 2.1.0 CATEGORIES= security MASTER_SITES= https://github.com/signalapp/node-sqlcipher/archive/refs/tags/v${DISTVERSION}/:sqlcipher \ https://registry.npmjs.org/@esbuild/freebsd-arm64/-/:esbuildarm64 \ @@ -26,7 +26,7 @@ USES= nodejs:20,build PLIST_FILES= lib/node_sqlcipher.node -ESBUILD_VERS= 0.25.5 +ESBUILD_VERS= 0.25.6 ESBUILD_ARCH= ${ARCH:S/aarch64/arm64/:S/amd64/x64/} MAKE_ENV+= ESBUILD_BINARY_PATH=${WRKDIR}/esbuild-freebsd-64/package/bin/esbuild diff --git a/security/node-sqlcipher/distinfo b/security/node-sqlcipher/distinfo index 4c0d581254c3..2efbc32fcae3 100644 --- a/security/node-sqlcipher/distinfo +++ b/security/node-sqlcipher/distinfo @@ -1,9 +1,9 @@ -TIMESTAMP = 1748872146 -SHA256 (freebsd-arm64-0.25.5.tgz) = abfbe3edad2cf736ce43a35c2dea079313a4641869912dcb53738a87080f512f -SIZE (freebsd-arm64-0.25.5.tgz) = 4003803 -SHA256 (freebsd-x64-0.25.5.tgz) = 0d8997fd565a9c53d1995b30ed53f2d98b35f831cb6e1f55e0a653aa33cee317 -SIZE (freebsd-x64-0.25.5.tgz) = 4355608 -SHA256 (node-sqlcipher-2.0.3.tar.gz) = 99d3bb23907e8a5a0263d18e0f94857c798d56d2dd0344f2ae873b54e56e9489 -SIZE (node-sqlcipher-2.0.3.tar.gz) = 2711596 -SHA256 (node-sqlcipher-2.0.3-npm-cache.tar.gz) = f7e3800b03717bba269dd8911ede17f64b95d67c037f49b5d7279e78d9d9898c -SIZE (node-sqlcipher-2.0.3-npm-cache.tar.gz) = 67243807 +TIMESTAMP = 1752763972 +SHA256 (freebsd-arm64-0.25.6.tgz) = 64d7ee10a68707188ccf9bf9904771b3ca87ed38b95b38562266625d18263f1b +SIZE (freebsd-arm64-0.25.6.tgz) = 4005168 +SHA256 (freebsd-x64-0.25.6.tgz) = 802165252d595fd843b54010d0f4e96f4ca6a86ac82cfb5701a25c3fedf0e16b +SIZE (freebsd-x64-0.25.6.tgz) = 4357533 +SHA256 (node-sqlcipher-2.1.0.tar.gz) = 81dbfe085be60258d9e0daf4089adc44aaea868b3d009fb5ec47a511f6c99264 +SIZE (node-sqlcipher-2.1.0.tar.gz) = 2712831 +SHA256 (node-sqlcipher-2.1.0-npm-cache.tar.gz) = 8e01706283929ad0a11cd3c16cb97dccebd71a2ac6e982d8bf155da45b8272c4 +SIZE (node-sqlcipher-2.1.0-npm-cache.tar.gz) = 67521401 diff --git a/security/pecl-gnupg/files/patch-php85 b/security/pecl-gnupg/files/patch-php85 new file mode 100644 index 000000000000..de4a30311382 --- /dev/null +++ b/security/pecl-gnupg/files/patch-php85 @@ -0,0 +1,31 @@ +--- gnupg_keylistiterator.c.orig 2025-06-02 18:54:02 UTC ++++ gnupg_keylistiterator.c +@@ -201,7 +201,7 @@ PHP_METHOD(gnupg_keylistiterator, rewind) + + if ((PHPC_THIS->err = gpgme_op_keylist_start( + PHPC_THIS->ctx, PHPC_THIS->pattern ? PHPC_THIS->pattern : "", 0)) != GPG_ERR_NO_ERROR){ +- zend_throw_exception(zend_exception_get_default(TSRMLS_C), (char *)gpg_strerror(PHPC_THIS->err), 1 TSRMLS_CC); ++ zend_throw_exception(zend_ce_exception, (char *)gpg_strerror(PHPC_THIS->err), 1 TSRMLS_CC); + } + if ((PHPC_THIS->err = gpgme_op_keylist_next(PHPC_THIS->ctx, &PHPC_THIS->gpgkey)) != GPG_ERR_NO_ERROR){ + RETURN_FALSE; +--- gnupg.c.orig 2025-06-02 18:54:02 UTC ++++ gnupg.c +@@ -64,7 +64,7 @@ PHPC_OBJ_DEFINE_HANDLER_VAR(gnupg); + break; \ + case 2: \ + zend_throw_exception(\ +- zend_exception_get_default(TSRMLS_C), \ ++ zend_ce_exception, \ + (char*) error, \ + 0 TSRMLS_CC \ + ); \ +@@ -169,7 +169,7 @@ static void php_gnupg_this_make(PHPC_THIS_DECLARE(gnup + if (gpgme_ctx_set_engine_info( + ctx, GPGME_PROTOCOL_OpenPGP, file_name, home_dir) != GPG_ERR_NO_ERROR) { + zend_throw_exception( +- zend_exception_get_default(TSRMLS_C), ++ zend_ce_exception, + (char*) "Setting engine info failed", + 0 TSRMLS_CC + ); diff --git a/security/py-certifi/Makefile b/security/py-certifi/Makefile index de1cfbdc119e..43a6cf3fd110 100644 --- a/security/py-certifi/Makefile +++ b/security/py-certifi/Makefile @@ -1,5 +1,5 @@ PORTNAME= certifi -PORTVERSION= 2025.7.9 +PORTVERSION= 2025.7.14 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-certifi/distinfo b/security/py-certifi/distinfo index a5b8a9689443..693b25863be4 100644 --- a/security/py-certifi/distinfo +++ b/security/py-certifi/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752266162 -SHA256 (certifi-2025.7.9.tar.gz) = c1d2ec05395148ee10cf672ffc28cd37ea0ab0d99f9cc74c43e588cbd111b079 -SIZE (certifi-2025.7.9.tar.gz) = 160386 +TIMESTAMP = 1752566722 +SHA256 (certifi-2025.7.14.tar.gz) = 8ea99dbdfaaf2ba2f9bac77b9249ef62ec5218e7c2b2e903378ed5fccf765995 +SIZE (certifi-2025.7.14.tar.gz) = 163981 diff --git a/security/py-joserfc/Makefile b/security/py-joserfc/Makefile index 469d3303adfc..09603c34e6a5 100644 --- a/security/py-joserfc/Makefile +++ b/security/py-joserfc/Makefile @@ -1,5 +1,5 @@ PORTNAME= joserfc -PORTVERSION= 1.2.1 +PORTVERSION= 1.2.2 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-joserfc/distinfo b/security/py-joserfc/distinfo index d51ddb558786..62b3a48b759b 100644 --- a/security/py-joserfc/distinfo +++ b/security/py-joserfc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752266164 -SHA256 (joserfc-1.2.1.tar.gz) = 466a75dc0af9c6711d2a93f38e91c5d4920ec77059063325c251913da3e83569 -SIZE (joserfc-1.2.1.tar.gz) = 192229 +TIMESTAMP = 1752566724 +SHA256 (joserfc-1.2.2.tar.gz) = 0d2a84feecef96168635fd9bf288363fc75b4afef3d99691f77833c8e025d200 +SIZE (joserfc-1.2.2.tar.gz) = 192865 diff --git a/security/snort3/Makefile b/security/snort3/Makefile index 6c19698e3065..a8aa50e7c196 100644 --- a/security/snort3/Makefile +++ b/security/snort3/Makefile @@ -1,6 +1,5 @@ PORTNAME= snort -DISTVERSION= 3.9.1.0 -PORTREVISION= 1 +DISTVERSION= 3.9.2.0 PORTEPOCH= 1 CATEGORIES= security PKGNAMESUFFIX= 3 diff --git a/security/snort3/distinfo b/security/snort3/distinfo index 948c3a03b335..b0b61e634faf 100644 --- a/security/snort3/distinfo +++ b/security/snort3/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751623929 -SHA256 (snort3-snort3-3.9.1.0_GH0.tar.gz) = fc19f20cd34192eb78f28d7f128c79c5d0096733277f2b630a8cf892b10f33ce -SIZE (snort3-snort3-3.9.1.0_GH0.tar.gz) = 3501016 +TIMESTAMP = 1753181972 +SHA256 (snort3-snort3-3.9.2.0_GH0.tar.gz) = edf0aa5e72d673702bca161e235b7b8f8c3e5a49b81e8ddf2ea7e10736ab0cdd +SIZE (snort3-snort3-3.9.2.0_GH0.tar.gz) = 3507676 diff --git a/security/snort3/pkg-plist b/security/snort3/pkg-plist index ac9338536bea..6e0c9db565da 100644 --- a/security/snort3/pkg-plist +++ b/security/snort3/pkg-plist @@ -202,6 +202,8 @@ include/snort/pub_sub/eof_event.h include/snort/pub_sub/eve_process_event.h include/snort/pub_sub/expect_events.h include/snort/pub_sub/external_event_ids.h +include/snort/pub_sub/file_events.h +include/snort/pub_sub/file_events_ids.h include/snort/pub_sub/finalize_packet_event.h include/snort/pub_sub/ftp_events.h include/snort/pub_sub/http_body_event.h diff --git a/security/sudo-rs/Makefile b/security/sudo-rs/Makefile index 773a9fe74501..e609dff6e60f 100644 --- a/security/sudo-rs/Makefile +++ b/security/sudo-rs/Makefile @@ -1,6 +1,7 @@ PORTNAME= sudo-rs PORTVERSION= 0.2.7 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= security MAINTAINER= marc@trifectatech.org diff --git a/security/sudo-rs/files/patch-src_system_mod.rs b/security/sudo-rs/files/patch-src_system_mod.rs new file mode 100644 index 000000000000..9474860f4b51 --- /dev/null +++ b/security/sudo-rs/files/patch-src_system_mod.rs @@ -0,0 +1,13 @@ +--- src/system/mod.rs.orig 2025-07-01 09:04:15 UTC ++++ src/system/mod.rs +@@ -802,8 +802,8 @@ impl Process { + + let ki_start = ki_proc[0].ki_start; + Ok(ProcessCreateTime::new( +- ki_start.tv_sec, +- ki_start.tv_usec * 1000, ++ (ki_start.tv_sec).into(), ++ (ki_start.tv_usec * 1000).into(), + )) + } + } diff --git a/security/sudo-rs/pkg-descr-coexist b/security/sudo-rs/pkg-descr-coexist new file mode 100644 index 000000000000..b77a949d55db --- /dev/null +++ b/security/sudo-rs/pkg-descr-coexist @@ -0,0 +1,4 @@ +Sudo-rs is a memory safe re-implementation of the sudo utility. + +Use this package to try out sudo-rs safely alongside security/sudo, using the +commands "sudo-rs" and "visudo-rs". diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index d41fa0a839d8..6d452a163c2d 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,61 @@ + <vuln vid="0f5bcba2-67fb-11f0-9ee5-b42e991fc52e"> + <topic>sqlite -- Integer Truncation on SQLite</topic> + <affects> + <package> + <name>sqlite3</name> + <range><lt>3.50.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cve-coordination@google.com reports:</p> + <blockquote cite="https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"> + <p>There exists a vulnerability in SQLite versions before + 3.50.2 where the number of aggregate terms could exceed the + number of columns available. This could lead to a memory + corruption issue.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6965</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6965</url> + </references> + <dates> + <discovery>2025-07-15</discovery> + <entry>2025-07-23</entry> + </dates> + </vuln> + + <vuln vid="80411ba2-6729-11f0-a5cb-8c164580114f"> + <topic>7-Zip -- Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder</topic> + <affects> + <package> + <name>7-zip</name> + <range><lt>25.00</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security-advisories@github.com reports:</p> + <blockquote cite="https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/"> + <p>7-Zip is a file archiver with a high compression ratio. Zeroes + written outside heap buffer in RAR5 handler may lead to memory + corruption and denial of service in versions of 7-Zip prior to + 25.0.0. Version 25.0.0 contains a fix for the issue.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-53816</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-53816</url> + </references> + <dates> + <discovery>2025-07-17</discovery> + <entry>2025-07-22</entry> + </dates> + </vuln> + <vuln vid="605a9d1e-6521-11f0-beb2-ac5afc632ba3"> <topic>libwasmtime -- host panic with fd_renumber WASIp1 function</topic> <affects> |