diff options
Diffstat (limited to 'security')
48 files changed, 1176 insertions, 90 deletions
diff --git a/security/Makefile b/security/Makefile index 0343c9fd1932..15488729f2b5 100644 --- a/security/Makefile +++ b/security/Makefile @@ -255,6 +255,7 @@ SUBDIR += keepass SUBDIR += keepass-plugin-keepassrpc SUBDIR += keepassxc + SUBDIR += keepassxc276 SUBDIR += keybase SUBDIR += keychain SUBDIR += keyprint diff --git a/security/fizz/Makefile b/security/fizz/Makefile index 34ec1011e8f7..52d84d866404 100644 --- a/security/fizz/Makefile +++ b/security/fizz/Makefile @@ -1,6 +1,6 @@ PORTNAME= fizz DISTVERSIONPREFIX= v -DISTVERSION= 2025.07.07.00 +DISTVERSION= 2025.07.21.00 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/fizz/distinfo b/security/fizz/distinfo index 3adc96cbaa66..61fd5fd39bbb 100644 --- a/security/fizz/distinfo +++ b/security/fizz/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752053888 -SHA256 (facebookincubator-fizz-v2025.07.07.00_GH0.tar.gz) = 86635b14d000c6e8e61a3edfbd9ad51764c9bf84b3702d73ac6dadff97786c99 -SIZE (facebookincubator-fizz-v2025.07.07.00_GH0.tar.gz) = 759365 +TIMESTAMP = 1753158778 +SHA256 (facebookincubator-fizz-v2025.07.21.00_GH0.tar.gz) = 8e2eef377e81913edb70bd2beb53ed0f3b56048411314c557f8d9028c7b983f1 +SIZE (facebookincubator-fizz-v2025.07.21.00_GH0.tar.gz) = 762878 diff --git a/security/gvmd/Makefile b/security/gvmd/Makefile index 0648b0880e09..0e719b8bddbb 100644 --- a/security/gvmd/Makefile +++ b/security/gvmd/Makefile @@ -1,6 +1,6 @@ PORTNAME= gvmd DISTVERSION= 26.0.0 -PORTREVISION= 1 +PORTREVISION= 2 DISTVERSIONPREFIX= v CATEGORIES= security @@ -15,7 +15,7 @@ LIB_DEPENDS= libgvm_base.so:security/gvm-libs \ libgnutls.so:security/gnutls \ libgpgme.so:security/gpgme \ libical.so:devel/libical -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lxml>0:devel/py-lxml@${PY_FLAVOR} \ +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lxml5>0:devel/py-lxml5@${PY_FLAVOR} \ ${LOCALBASE}/lib/postgresql/libpg-gvm.so:databases/pg-gvm \ doxygen>0:devel/doxygen \ p5-XML-Twig>=0:textproc/p5-XML-Twig \ diff --git a/security/keepassxc/Makefile b/security/keepassxc/Makefile index 4cb9c335c67b..1cd13b8eb820 100644 --- a/security/keepassxc/Makefile +++ b/security/keepassxc/Makefile @@ -1,5 +1,5 @@ PORTNAME= keepassxc -DISTVERSION= 2.7.6 +DISTVERSION= 2.7.10 CATEGORIES= security MASTER_SITES= https://github.com/keepassxreboot/keepassxc/releases/download/${DISTVERSION}/ DISTNAME= ${PORTNAME}-${DISTVERSION}-src @@ -15,13 +15,10 @@ LICENSE_NAME_NOKIA-LGPL-EXCEPTION= Nokia Qt LGPL Exception version 1.1 LICENSE_FILE_NOKIA-LGPL-EXCEPTION= ${WRKSRC}/LICENSE.NOKIA-LGPL-EXCEPTION LICENSE_PERMS_NOKIA-LGPL-EXCEPTION= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept -DEPRECATED= Depends on expired security/botan2 -EXPIRATION_DATE=2025-06-21 - BUILD_DEPENDS= asciidoctor:textproc/rubygem-asciidoctor LIB_DEPENDS= libargon2.so:security/libargon2 \ libqrencode.so:graphics/libqrencode \ - libbotan-2.so:security/botan2 + libbotan-3.so:security/botan3 USES= cmake compiler:c++17-lang desktop-file-utils pkgconfig qt:5 \ readline shared-mime-info tar:xz xorg @@ -32,7 +29,7 @@ USE_XORG= x11 WRKSRC= ${WRKDIR}/${DISTNAME:S/-src//} CMAKE_OFF= WITH_XC_UPDATECHECK -CONFLICTS_INSTALL= keepassx-0.* keepassx2 keepassx +CONFLICTS_INSTALL= keepassx-0.* keepassx2 keepassx keepassxc276 OPTIONS_DEFINE= AUTOTYPE BROWSER FDOSECRETS KEESHARE NETWORKING SSHAGENT YUBIKEY TEST OPTIONS_DEFAULT= AUTOTYPE BROWSER FDOSECRETS KEESHARE NETWORKING SSHAGENT YUBIKEY diff --git a/security/keepassxc/distinfo b/security/keepassxc/distinfo index 25f70dd938b3..6a354c652cb2 100644 --- a/security/keepassxc/distinfo +++ b/security/keepassxc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1692163985 -SHA256 (keepassxc-2.7.6-src.tar.xz) = a58074509fa8e90f152c6247f73e75e126303081f55eedb4ea0cbb6fa980d670 -SIZE (keepassxc-2.7.6-src.tar.xz) = 8474624 +TIMESTAMP = 1751644926 +SHA256 (keepassxc-2.7.10-src.tar.xz) = 5ce76d6440986c24842585f019d5f3cadc166fa71fc911a4fe97b8bbc4819dfa +SIZE (keepassxc-2.7.10-src.tar.xz) = 9787952 diff --git a/security/keepassxc/files/patch-CMakeLists.txt b/security/keepassxc/files/patch-CMakeLists.txt new file mode 100644 index 000000000000..38c92ebea387 --- /dev/null +++ b/security/keepassxc/files/patch-CMakeLists.txt @@ -0,0 +1,13 @@ +--- CMakeLists.txt.orig 2024-06-19 14:32:55.000000000 -0700 ++++ CMakeLists.txt 2024-06-20 07:26:46.907481000 -0700 +@@ -575,8 +575,8 @@ + include_directories(SYSTEM ${PCSC_INCLUDE_DIRS}) + + if(UNIX AND NOT APPLE) +- find_library(LIBUSB_LIBRARIES NAMES usb-1.0 REQUIRED) +- find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb-1.0" "libusb" REQUIRED) ++ find_library(LIBUSB_LIBRARIES NAMES usb REQUIRED) ++ find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb" "libusb" REQUIRED) + include_directories(SYSTEM ${LIBUSB_INCLUDE_DIR}) + endif() + endif() diff --git a/security/keepassxc276/Makefile b/security/keepassxc276/Makefile new file mode 100644 index 000000000000..e5965d9be9de --- /dev/null +++ b/security/keepassxc276/Makefile @@ -0,0 +1,72 @@ +PORTNAME= keepassxc +DISTVERSION= 2.7.6 +CATEGORIES= security +MASTER_SITES= https://github.com/keepassxreboot/keepassxc/releases/download/${DISTVERSION}/ +PKGNAMESUFFIX= 276 +DISTNAME= ${PORTNAME}-${DISTVERSION}-src + +MAINTAINER= lwhsu@FreeBSD.org +COMMENT= KeePass Cross-platform Community Edition +WWW= https://keepassxc.org + +CONFLICTS= keepassxc-[1-9]* + +LICENSE= APACHE20 BSD3CLAUSE CC0-1.0 GPLv2 GPLv3 LGPL21 LGPL3 MIT \ + NOKIA-LGPL-EXCEPTION +LICENSE_COMB= multi +LICENSE_NAME_NOKIA-LGPL-EXCEPTION= Nokia Qt LGPL Exception version 1.1 +LICENSE_FILE_NOKIA-LGPL-EXCEPTION= ${WRKSRC}/LICENSE.NOKIA-LGPL-EXCEPTION +LICENSE_PERMS_NOKIA-LGPL-EXCEPTION= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept + +DEPRECATED= Depends on expired security/botan2 +EXPIRATION_DATE=2025-06-21 + +BUILD_DEPENDS= asciidoctor:textproc/rubygem-asciidoctor +LIB_DEPENDS= libargon2.so:security/libargon2 \ + libqrencode.so:graphics/libqrencode \ + libbotan-2.so:security/botan2 + +USES= cmake compiler:c++17-lang desktop-file-utils pkgconfig qt:5 \ + readline shared-mime-info tar:xz xorg +USE_QT= concurrent core dbus gui network svg widgets buildtools:build \ + linguisttools:build qmake:build testlib:build x11extras +USE_XORG= x11 + +WRKSRC= ${WRKDIR}/${DISTNAME:S/-src//} +CMAKE_OFF= WITH_XC_UPDATECHECK + +CONFLICTS_INSTALL= keepassx-0.* keepassx2 keepassx + +OPTIONS_DEFINE= AUTOTYPE BROWSER FDOSECRETS KEESHARE NETWORKING SSHAGENT YUBIKEY TEST +OPTIONS_DEFAULT= AUTOTYPE BROWSER FDOSECRETS KEESHARE NETWORKING SSHAGENT YUBIKEY +OPTIONS_SUB= yes + +AUTOTYPE_CMAKE_BOOL= WITH_XC_AUTOTYPE +AUTOTYPE_DESC= Auto-type passwords in input fields +AUTOTYPE_USE= XORG=xi,xtst + +BROWSER_CMAKE_BOOL= WITH_XC_BROWSER +BROWSER_DESC= Browser integration with KeePassXC-Browser + +FDOSECRETS_CMAKE_BOOL= WITH_XC_FDOSECRETS +FDOSECRETS_DESC= freedesktop.org secrets service support + +KEESHARE_CMAKE_BOOL= WITH_XC_KEESHARE +KEESHARE_DESC= Sharing integration with KeeShare +KEESHARE_USES= minizip + +# Legacy/Deprecated. +NETWORKING_CMAKE_BOOL= WITH_XC_NETWORKING +NETWORKING_DESC= Networking support (e.g. for downloading website icons) + +SSHAGENT_CMAKE_BOOL= WITH_XC_SSHAGENT +SSHAGENT_DESC= SSH agent support + +YUBIKEY_CMAKE_BOOL= WITH_XC_YUBIKEY +YUBIKEY_DESC= YubiKey support +YUBIKEY_LIB_DEPENDS= libpcsclite.so:devel/pcsc-lite + +TEST_CMAKE_BOOL= WITH_TESTS WITH_GUI_TESTS +TEST_TEST_TARGET= test + +.include <bsd.port.mk> diff --git a/security/keepassxc276/distinfo b/security/keepassxc276/distinfo new file mode 100644 index 000000000000..25f70dd938b3 --- /dev/null +++ b/security/keepassxc276/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1692163985 +SHA256 (keepassxc-2.7.6-src.tar.xz) = a58074509fa8e90f152c6247f73e75e126303081f55eedb4ea0cbb6fa980d670 +SIZE (keepassxc-2.7.6-src.tar.xz) = 8474624 diff --git a/security/keepassxc276/files/patch-src_thirdparty_ykcore_CMakeLists.txt b/security/keepassxc276/files/patch-src_thirdparty_ykcore_CMakeLists.txt new file mode 100644 index 000000000000..af4cb68d5d09 --- /dev/null +++ b/security/keepassxc276/files/patch-src_thirdparty_ykcore_CMakeLists.txt @@ -0,0 +1,11 @@ +--- src/thirdparty/ykcore/CMakeLists.txt.orig 2022-03-21 22:47:20 UTC ++++ src/thirdparty/ykcore/CMakeLists.txt +@@ -27,7 +27,7 @@ elseif(UNIX AND NOT APPLE)
+ elseif(UNIX AND NOT APPLE)
+ target_sources(ykcore PRIVATE ykcore_libusb-1.0.c)
+
+- find_library(LIBUSB_LIBRARY NAMES usb-1.0)
++ find_library(LIBUSB_LIBRARY NAMES usb-1.0 usb)
+ find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb-1.0" "libusb")
+ if(NOT LIBUSB_LIBRARY OR NOT LIBUSB_INCLUDE_DIR)
+ message(FATAL_ERROR "libusb-1.0 dev package required, but not found")
diff --git a/security/keepassxc276/pkg-descr b/security/keepassxc276/pkg-descr new file mode 100644 index 000000000000..f71cf7e984f7 --- /dev/null +++ b/security/keepassxc276/pkg-descr @@ -0,0 +1,22 @@ +KeePassXC is a community fork of KeePassX, a native cross-platform port of +KeePass Password Safe, with the goal to extend and improve it with new features +and bugfixes to provide a feature-rich, fully cross-platform and modern +open-source password manager. + +Main Features + + * Secure storage with AES, Twofish or ChaCha20 encryption + * File format compatibility with KeePass2, KeePassX, MacPass, KeeWeb and many + others (KDBX 3.1 and 4.0) + * SSH Agent integration + * Passwords synchronization using KeeShare + * Auto-Type for automagically filling in login forms + * Key file and YubiKey challenge-response support for additional security + * TOTP generation (including Steam Guard) + * CSV import from other password managers (e.g., LastPass) + * Command line interface + * Custom icons for database entries and download of website favicons + * Database merge functionality + * Automatic reload when the database was changed externally + * Browser integration with KeePassXC-Browser for Google Chrome, Chromium, + Vivaldi, and Mozilla Firefox. diff --git a/security/keepassxc276/pkg-plist b/security/keepassxc276/pkg-plist new file mode 100644 index 000000000000..28f44ae6c9c8 --- /dev/null +++ b/security/keepassxc276/pkg-plist @@ -0,0 +1,67 @@ +bin/keepassxc +bin/keepassxc-cli +%%BROWSER%%bin/keepassxc-proxy +%%AUTOTYPE%%lib/keepassxc/libkeepassxc-autotype-xcb.so +share/man/man1/keepassxc-cli.1.gz +share/man/man1/keepassxc.1.gz +share/applications/org.keepassxc.KeePassXC.desktop +share/icons/hicolor/256x256/apps/keepassxc.png +share/icons/hicolor/scalable/apps/keepassxc-locked.svg +share/icons/hicolor/scalable/apps/keepassxc-monochrome-dark-locked.svg +share/icons/hicolor/scalable/apps/keepassxc-monochrome-dark.svg +share/icons/hicolor/scalable/apps/keepassxc-monochrome-light-locked.svg +share/icons/hicolor/scalable/apps/keepassxc-monochrome-light.svg +share/icons/hicolor/scalable/apps/keepassxc-unlocked.svg +share/icons/hicolor/scalable/apps/keepassxc.svg +share/icons/hicolor/scalable/mimetypes/application-x-keepassxc.svg +%%DATADIR%%/docs/KeePassXC_GettingStarted.html +%%DATADIR%%/docs/KeePassXC_KeyboardShortcuts.html +%%DATADIR%%/docs/KeePassXC_UserGuide.html +%%DATADIR%%/icons/application/256x256/apps/keepassxc.png +%%DATADIR%%/translations/keepassxc_ar.qm +%%DATADIR%%/translations/keepassxc_bg.qm +%%DATADIR%%/translations/keepassxc_ca.qm +%%DATADIR%%/translations/keepassxc_cs.qm +%%DATADIR%%/translations/keepassxc_da.qm +%%DATADIR%%/translations/keepassxc_de.qm +%%DATADIR%%/translations/keepassxc_el.qm +%%DATADIR%%/translations/keepassxc_en.qm +%%DATADIR%%/translations/keepassxc_en_GB.qm +%%DATADIR%%/translations/keepassxc_en_US.qm +%%DATADIR%%/translations/keepassxc_es.qm +%%DATADIR%%/translations/keepassxc_et.qm +%%DATADIR%%/translations/keepassxc_fi.qm +%%DATADIR%%/translations/keepassxc_fil.qm +%%DATADIR%%/translations/keepassxc_fr.qm +%%DATADIR%%/translations/keepassxc_fr_CA.qm +%%DATADIR%%/translations/keepassxc_he.qm +%%DATADIR%%/translations/keepassxc_hr.qm +%%DATADIR%%/translations/keepassxc_hu.qm +%%DATADIR%%/translations/keepassxc_id.qm +%%DATADIR%%/translations/keepassxc_it.qm +%%DATADIR%%/translations/keepassxc_ja.qm +%%DATADIR%%/translations/keepassxc_km.qm +%%DATADIR%%/translations/keepassxc_ko.qm +%%DATADIR%%/translations/keepassxc_lt.qm +%%DATADIR%%/translations/keepassxc_my.qm +%%DATADIR%%/translations/keepassxc_nb.qm +%%DATADIR%%/translations/keepassxc_nl.qm +%%DATADIR%%/translations/keepassxc_pl.qm +%%DATADIR%%/translations/keepassxc_pt_BR.qm +%%DATADIR%%/translations/keepassxc_pt_PT.qm +%%DATADIR%%/translations/keepassxc_ro.qm +%%DATADIR%%/translations/keepassxc_ru.qm +%%DATADIR%%/translations/keepassxc_si.qm +%%DATADIR%%/translations/keepassxc_sk.qm +%%DATADIR%%/translations/keepassxc_sl.qm +%%DATADIR%%/translations/keepassxc_sq.qm +%%DATADIR%%/translations/keepassxc_sr.qm +%%DATADIR%%/translations/keepassxc_sv.qm +%%DATADIR%%/translations/keepassxc_th.qm +%%DATADIR%%/translations/keepassxc_tr.qm +%%DATADIR%%/translations/keepassxc_uk.qm +%%DATADIR%%/translations/keepassxc_zh_CN.qm +%%DATADIR%%/translations/keepassxc_zh_TW.qm +%%DATADIR%%/wordlists/eff_large.wordlist +share/metainfo/org.keepassxc.KeePassXC.appdata.xml +share/mime/packages/keepassxc.xml diff --git a/security/lego/Makefile b/security/lego/Makefile index e2b6deead144..d6919c372941 100644 --- a/security/lego/Makefile +++ b/security/lego/Makefile @@ -1,6 +1,6 @@ PORTNAME= lego DISTVERSIONPREFIX= v -DISTVERSION= 4.24.0 +DISTVERSION= 4.25.1 CATEGORIES= security MAINTAINER= matt@matthoran.com @@ -12,7 +12,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= ${LOCALBASE}/share/certs/ca-root-nss.crt:security/ca_root_nss -USES= go:1.23,modules +USES= go:modules GO_MODULE= github.com/go-acme/lego/v4 GO_TARGET= ./cmd/lego GO_BUILDFLAGS= -ldflags '-X "main.version=${DISTVERSION}"' diff --git a/security/lego/distinfo b/security/lego/distinfo index ee445fe960dc..38327b4fc1b1 100644 --- a/security/lego/distinfo +++ b/security/lego/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1752932681 -SHA256 (go/security_lego/lego-v4.24.0/v4.24.0.mod) = 4ee2e188492702303c89e3703b26d3cbb10cbdde9ff002e4e8f842f15b81763f -SIZE (go/security_lego/lego-v4.24.0/v4.24.0.mod) = 11037 -SHA256 (go/security_lego/lego-v4.24.0/v4.24.0.zip) = f6a58c88e80aa6d4ffb8eba3b4fd313bba2b3ed3a3b1bbfd23b33fad1bbe7642 -SIZE (go/security_lego/lego-v4.24.0/v4.24.0.zip) = 1502515 +TIMESTAMP = 1753224987 +SHA256 (go/security_lego/lego-v4.25.1/v4.25.1.mod) = d4a62b1d418a18edeb1389150c8d2b6726ce7dd8fb4b4f17958562a5e0136884 +SIZE (go/security_lego/lego-v4.25.1/v4.25.1.mod) = 10758 +SHA256 (go/security_lego/lego-v4.25.1/v4.25.1.zip) = 3227df424f99eabfb24cba0a636fb710a5084212fd9051385a63fea6c9f7321b +SIZE (go/security_lego/lego-v4.25.1/v4.25.1.zip) = 1562186 diff --git a/security/naabu/Makefile b/security/naabu/Makefile index 2a4dd1621e14..3d1385cb4f89 100644 --- a/security/naabu/Makefile +++ b/security/naabu/Makefile @@ -1,6 +1,6 @@ PORTNAME= naabu DISTVERSIONPREFIX= v -DISTVERSION= 2.3.4 +DISTVERSION= 2.3.5 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org @@ -9,7 +9,7 @@ WWW= https://github.com/projectdiscovery/naabu LICENSE= MIT -USES= go:1.23,modules +USES= go:1.24,modules GO_MODULE= github.com/projectdiscovery/naabu/v2 GO_TARGET= ./cmd/${PORTNAME} diff --git a/security/naabu/distinfo b/security/naabu/distinfo index 95692c03c54d..674b49e0f45d 100644 --- a/security/naabu/distinfo +++ b/security/naabu/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1744947331 -SHA256 (go/security_naabu/naabu-v2.3.4/v2.3.4.mod) = 37477fafd0b3b04592d1c7104ddf9dfafe87d579bb2cc3dcab93621b9549b283 -SIZE (go/security_naabu/naabu-v2.3.4/v2.3.4.mod) = 6288 -SHA256 (go/security_naabu/naabu-v2.3.4/v2.3.4.zip) = 534e0e1318f8a4fb7fee5db3b3d2f6537145beb4037958d6df4a68e69de6ee0d -SIZE (go/security_naabu/naabu-v2.3.4/v2.3.4.zip) = 506886 +TIMESTAMP = 1753248989 +SHA256 (go/security_naabu/naabu-v2.3.5/v2.3.5.mod) = c6ea2b8c6fa1e166e02d9a074514b9a77c1bf2914f52e4ba411726a9c798349b +SIZE (go/security_naabu/naabu-v2.3.5/v2.3.5.mod) = 6743 +SHA256 (go/security_naabu/naabu-v2.3.5/v2.3.5.zip) = 77c0c9136c85afc93a3d16811d76e491b23a3be2e077847c80d6e2258b2dfa87 +SIZE (go/security_naabu/naabu-v2.3.5/v2.3.5.zip) = 527140 diff --git a/security/node-sqlcipher/Makefile b/security/node-sqlcipher/Makefile index adeb2171a6e1..3619cf6c698c 100644 --- a/security/node-sqlcipher/Makefile +++ b/security/node-sqlcipher/Makefile @@ -1,5 +1,5 @@ PORTNAME= node-sqlcipher -DISTVERSION= 2.0.3 +DISTVERSION= 2.1.0 CATEGORIES= security MASTER_SITES= https://github.com/signalapp/node-sqlcipher/archive/refs/tags/v${DISTVERSION}/:sqlcipher \ https://registry.npmjs.org/@esbuild/freebsd-arm64/-/:esbuildarm64 \ @@ -26,7 +26,7 @@ USES= nodejs:20,build PLIST_FILES= lib/node_sqlcipher.node -ESBUILD_VERS= 0.25.5 +ESBUILD_VERS= 0.25.6 ESBUILD_ARCH= ${ARCH:S/aarch64/arm64/:S/amd64/x64/} MAKE_ENV+= ESBUILD_BINARY_PATH=${WRKDIR}/esbuild-freebsd-64/package/bin/esbuild diff --git a/security/node-sqlcipher/distinfo b/security/node-sqlcipher/distinfo index 4c0d581254c3..2efbc32fcae3 100644 --- a/security/node-sqlcipher/distinfo +++ b/security/node-sqlcipher/distinfo @@ -1,9 +1,9 @@ -TIMESTAMP = 1748872146 -SHA256 (freebsd-arm64-0.25.5.tgz) = abfbe3edad2cf736ce43a35c2dea079313a4641869912dcb53738a87080f512f -SIZE (freebsd-arm64-0.25.5.tgz) = 4003803 -SHA256 (freebsd-x64-0.25.5.tgz) = 0d8997fd565a9c53d1995b30ed53f2d98b35f831cb6e1f55e0a653aa33cee317 -SIZE (freebsd-x64-0.25.5.tgz) = 4355608 -SHA256 (node-sqlcipher-2.0.3.tar.gz) = 99d3bb23907e8a5a0263d18e0f94857c798d56d2dd0344f2ae873b54e56e9489 -SIZE (node-sqlcipher-2.0.3.tar.gz) = 2711596 -SHA256 (node-sqlcipher-2.0.3-npm-cache.tar.gz) = f7e3800b03717bba269dd8911ede17f64b95d67c037f49b5d7279e78d9d9898c -SIZE (node-sqlcipher-2.0.3-npm-cache.tar.gz) = 67243807 +TIMESTAMP = 1752763972 +SHA256 (freebsd-arm64-0.25.6.tgz) = 64d7ee10a68707188ccf9bf9904771b3ca87ed38b95b38562266625d18263f1b +SIZE (freebsd-arm64-0.25.6.tgz) = 4005168 +SHA256 (freebsd-x64-0.25.6.tgz) = 802165252d595fd843b54010d0f4e96f4ca6a86ac82cfb5701a25c3fedf0e16b +SIZE (freebsd-x64-0.25.6.tgz) = 4357533 +SHA256 (node-sqlcipher-2.1.0.tar.gz) = 81dbfe085be60258d9e0daf4089adc44aaea868b3d009fb5ec47a511f6c99264 +SIZE (node-sqlcipher-2.1.0.tar.gz) = 2712831 +SHA256 (node-sqlcipher-2.1.0-npm-cache.tar.gz) = 8e01706283929ad0a11cd3c16cb97dccebd71a2ac6e982d8bf155da45b8272c4 +SIZE (node-sqlcipher-2.1.0-npm-cache.tar.gz) = 67521401 diff --git a/security/nuclei/Makefile b/security/nuclei/Makefile index ff4ce951c803..14307cedd2a0 100644 --- a/security/nuclei/Makefile +++ b/security/nuclei/Makefile @@ -1,6 +1,6 @@ PORTNAME= nuclei DISTVERSIONPREFIX= v -DISTVERSION= 3.4.6 +DISTVERSION= 3.4.7 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/nuclei/distinfo b/security/nuclei/distinfo index fb33bee95717..e84c8fc80136 100644 --- a/security/nuclei/distinfo +++ b/security/nuclei/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1751730063 -SHA256 (go/security_nuclei/nuclei-v3.4.6/v3.4.6.mod) = 95c7844c02f7c9c24a53544e7bcdfd252a11c8fb61a80f555fbffd6dfaf402a6 -SIZE (go/security_nuclei/nuclei-v3.4.6/v3.4.6.mod) = 18995 -SHA256 (go/security_nuclei/nuclei-v3.4.6/v3.4.6.zip) = 6ea753633305e332bcfd8af6b0e6f7042ebf6a1751bc27c3536f535c4b4c3c40 -SIZE (go/security_nuclei/nuclei-v3.4.6/v3.4.6.zip) = 12374607 +TIMESTAMP = 1753317860 +SHA256 (go/security_nuclei/nuclei-v3.4.7/v3.4.7.mod) = bc1fb722b23218fe4ec211f30a80341a92e69f62fe0a5625afbb0a86599726fc +SIZE (go/security_nuclei/nuclei-v3.4.7/v3.4.7.mod) = 18779 +SHA256 (go/security_nuclei/nuclei-v3.4.7/v3.4.7.zip) = 0356b818c4d68bff08f690128ed089b37a83b43dfdea9a045c8f13500d52300e +SIZE (go/security_nuclei/nuclei-v3.4.7/v3.4.7.zip) = 12380996 diff --git a/security/pecl-gnupg/files/patch-php85 b/security/pecl-gnupg/files/patch-php85 new file mode 100644 index 000000000000..de4a30311382 --- /dev/null +++ b/security/pecl-gnupg/files/patch-php85 @@ -0,0 +1,31 @@ +--- gnupg_keylistiterator.c.orig 2025-06-02 18:54:02 UTC ++++ gnupg_keylistiterator.c +@@ -201,7 +201,7 @@ PHP_METHOD(gnupg_keylistiterator, rewind) + + if ((PHPC_THIS->err = gpgme_op_keylist_start( + PHPC_THIS->ctx, PHPC_THIS->pattern ? PHPC_THIS->pattern : "", 0)) != GPG_ERR_NO_ERROR){ +- zend_throw_exception(zend_exception_get_default(TSRMLS_C), (char *)gpg_strerror(PHPC_THIS->err), 1 TSRMLS_CC); ++ zend_throw_exception(zend_ce_exception, (char *)gpg_strerror(PHPC_THIS->err), 1 TSRMLS_CC); + } + if ((PHPC_THIS->err = gpgme_op_keylist_next(PHPC_THIS->ctx, &PHPC_THIS->gpgkey)) != GPG_ERR_NO_ERROR){ + RETURN_FALSE; +--- gnupg.c.orig 2025-06-02 18:54:02 UTC ++++ gnupg.c +@@ -64,7 +64,7 @@ PHPC_OBJ_DEFINE_HANDLER_VAR(gnupg); + break; \ + case 2: \ + zend_throw_exception(\ +- zend_exception_get_default(TSRMLS_C), \ ++ zend_ce_exception, \ + (char*) error, \ + 0 TSRMLS_CC \ + ); \ +@@ -169,7 +169,7 @@ static void php_gnupg_this_make(PHPC_THIS_DECLARE(gnup + if (gpgme_ctx_set_engine_info( + ctx, GPGME_PROTOCOL_OpenPGP, file_name, home_dir) != GPG_ERR_NO_ERROR) { + zend_throw_exception( +- zend_exception_get_default(TSRMLS_C), ++ zend_ce_exception, + (char*) "Setting engine info failed", + 0 TSRMLS_CC + ); diff --git a/security/py-authlib/Makefile b/security/py-authlib/Makefile index fb2cecb70f68..b527bb8c9863 100644 --- a/security/py-authlib/Makefile +++ b/security/py-authlib/Makefile @@ -1,5 +1,5 @@ PORTNAME= authlib -PORTVERSION= 1.6.0 +PORTVERSION= 1.6.1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-authlib/distinfo b/security/py-authlib/distinfo index 3804f57e8b48..d864619a8bce 100644 --- a/security/py-authlib/distinfo +++ b/security/py-authlib/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1748495847 -SHA256 (authlib-1.6.0.tar.gz) = 4367d32031b7af175ad3a323d571dc7257b7099d55978087ceae4a0d88cd3210 -SIZE (authlib-1.6.0.tar.gz) = 158371 +TIMESTAMP = 1753265790 +SHA256 (authlib-1.6.1.tar.gz) = 4dffdbb1460ba6ec8c17981a4c67af7d8af131231b5a36a88a1e8c80c111cdfd +SIZE (authlib-1.6.1.tar.gz) = 159988 diff --git a/security/py-certifi/Makefile b/security/py-certifi/Makefile index de1cfbdc119e..43a6cf3fd110 100644 --- a/security/py-certifi/Makefile +++ b/security/py-certifi/Makefile @@ -1,5 +1,5 @@ PORTNAME= certifi -PORTVERSION= 2025.7.9 +PORTVERSION= 2025.7.14 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-certifi/distinfo b/security/py-certifi/distinfo index a5b8a9689443..693b25863be4 100644 --- a/security/py-certifi/distinfo +++ b/security/py-certifi/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752266162 -SHA256 (certifi-2025.7.9.tar.gz) = c1d2ec05395148ee10cf672ffc28cd37ea0ab0d99f9cc74c43e588cbd111b079 -SIZE (certifi-2025.7.9.tar.gz) = 160386 +TIMESTAMP = 1752566722 +SHA256 (certifi-2025.7.14.tar.gz) = 8ea99dbdfaaf2ba2f9bac77b9249ef62ec5218e7c2b2e903378ed5fccf765995 +SIZE (certifi-2025.7.14.tar.gz) = 163981 diff --git a/security/py-cybox/Makefile b/security/py-cybox/Makefile index 5380ef49a79a..d6829f5065fc 100644 --- a/security/py-cybox/Makefile +++ b/security/py-cybox/Makefile @@ -1,7 +1,7 @@ PORTNAME= cybox PORTVERSION= 2.1.0.21 DISTVERSIONPREFIX= v -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -13,7 +13,7 @@ LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE.txt RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}python-dateutil>=0:devel/py-python-dateutil@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}lxml>=2.2.3:devel/py-lxml@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}lxml5>=2.2.3:devel/py-lxml5@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}mixbox>=1.0.2:security/py-mixbox@${PY_FLAVOR} TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}nose>=0:devel/py-nose@${PY_FLAVOR} diff --git a/security/py-joserfc/Makefile b/security/py-joserfc/Makefile index 469d3303adfc..09603c34e6a5 100644 --- a/security/py-joserfc/Makefile +++ b/security/py-joserfc/Makefile @@ -1,5 +1,5 @@ PORTNAME= joserfc -PORTVERSION= 1.2.1 +PORTVERSION= 1.2.2 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-joserfc/distinfo b/security/py-joserfc/distinfo index d51ddb558786..62b3a48b759b 100644 --- a/security/py-joserfc/distinfo +++ b/security/py-joserfc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752266164 -SHA256 (joserfc-1.2.1.tar.gz) = 466a75dc0af9c6711d2a93f38e91c5d4920ec77059063325c251913da3e83569 -SIZE (joserfc-1.2.1.tar.gz) = 192229 +TIMESTAMP = 1752566724 +SHA256 (joserfc-1.2.2.tar.gz) = 0d2a84feecef96168635fd9bf288363fc75b4afef3d99691f77833c8e025d200 +SIZE (joserfc-1.2.2.tar.gz) = 192865 diff --git a/security/py-maec/Makefile b/security/py-maec/Makefile index f03bb0997f05..eb40a7d2fa9b 100644 --- a/security/py-maec/Makefile +++ b/security/py-maec/Makefile @@ -1,6 +1,6 @@ PORTNAME= maec PORTVERSION= 4.1.0.17 -PORTREVISION= 1 +PORTREVISION= 2 DISTVERSIONPREFIX= v CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -12,7 +12,7 @@ WWW= https://github.com/MAECProject/python-maec LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE.txt -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lxml>=2.2.3:devel/py-lxml@${PY_FLAVOR} \ +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}lxml5>=2.2.3:devel/py-lxml5@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}cybox>=2.1.0.13:security/py-cybox@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}mixbox>=0.0.13:security/py-mixbox@${PY_FLAVOR} TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}nose>=0:devel/py-nose@${PY_FLAVOR} diff --git a/security/py-mixbox/Makefile b/security/py-mixbox/Makefile index fb026db3022c..af0835f1254e 100644 --- a/security/py-mixbox/Makefile +++ b/security/py-mixbox/Makefile @@ -1,6 +1,6 @@ PORTNAME= mixbox PORTVERSION= 1.0.5 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -12,7 +12,7 @@ WWW= https://github.com/CybOXProject/mixbox LICENSE= BSD3CLAUSE RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}python-dateutil>=0:devel/py-python-dateutil@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}lxml>=0:devel/py-lxml@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}lxml5>=0:devel/py-lxml5@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}ordered-set>=0:devel/py-ordered-set@${PY_FLAVOR} NO_ARCH= yes diff --git a/security/py-ospd-openvas/Makefile b/security/py-ospd-openvas/Makefile index f712dc948669..c7029aa90cce 100644 --- a/security/py-ospd-openvas/Makefile +++ b/security/py-ospd-openvas/Makefile @@ -1,6 +1,7 @@ PORTNAME= ospd-openvas DISTVERSION= 22.9.0 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= security python #MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -18,7 +19,7 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}redis>=0:databases/py-redis@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}packaging>=0:devel/py-packaging@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}defusedxml>=0:devel/py-defusedxml@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}deprecated>0:devel/py-deprecated@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}lxml>0:devel/py-lxml@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}lxml5>0:devel/py-lxml5@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}paramiko>0:security/py-paramiko@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}python-gnupg>0:security/py-python-gnupg@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}paho-mqtt>0:net/py-paho-mqtt@${PY_FLAVOR} \ diff --git a/security/py-pykeepass/Makefile b/security/py-pykeepass/Makefile index 6856c073a1a3..84c0e4e45cbe 100644 --- a/security/py-pykeepass/Makefile +++ b/security/py-pykeepass/Makefile @@ -1,6 +1,7 @@ PORTNAME= pykeepass DISTVERSION= 4.1.1 DISTVERSIONSUFFIX= .post1 +PORTREVISION= 1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -17,7 +18,7 @@ BUILD_DEPENDS= ${PY_SETUPTOOLS} \ ${PYTHON_PKGNAMEPREFIX}wheel>0:devel/py-wheel@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}argon2-cffi>=0:security/py-argon2-cffi@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}construct>=0:devel/py-construct@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}lxml>=0:devel/py-lxml@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}lxml5>=0:devel/py-lxml5@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pycryptodomex>=0:security/py-pycryptodomex@${PY_FLAVOR} USES= python diff --git a/security/py-python-cas/Makefile b/security/py-python-cas/Makefile index afdb7b8656e8..2f174cd20904 100644 --- a/security/py-python-cas/Makefile +++ b/security/py-python-cas/Makefile @@ -1,6 +1,6 @@ PORTNAME= python-cas PORTVERSION= 1.6.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -14,7 +14,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE.txt RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}six>=1.10.0:devel/py-six@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}requests>=2.11.1:www/py-requests@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}lxml>=3.4:devel/py-lxml@${PY_FLAVOR} + ${PYTHON_PKGNAMEPREFIX}lxml5>=3.4:devel/py-lxml5@${PY_FLAVOR} USES= python USE_PYTHON= autoplist distutils diff --git a/security/py-python3-saml/Makefile b/security/py-python3-saml/Makefile index a2d8be7364ed..2079f1a1cdb0 100644 --- a/security/py-python3-saml/Makefile +++ b/security/py-python3-saml/Makefile @@ -1,5 +1,6 @@ PORTNAME= python3-saml PORTVERSION= 1.16.0 +PORTREVISION= 1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -16,7 +17,7 @@ BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}poetry-core>=1.1.0:devel/py-poetry-core@${ ${PYTHON_PKGNAMEPREFIX}setuptools>=40.1.0:devel/py-setuptools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}isodate>=0.6.1:devel/py-isodate@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}lxml>=4.6.5:devel/py-lxml@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}lxml5>=4.6.5:devel/py-lxml5@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}xmlsec>=1.3.9:security/py-xmlsec@${PY_FLAVOR} TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}coverage>=4.5.2:devel/py-coverage@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}flake8>=3.6.0:devel/py-flake8@${PY_FLAVOR} \ diff --git a/security/py-stix/Makefile b/security/py-stix/Makefile index bebebd778cb9..d32ce7cc2494 100644 --- a/security/py-stix/Makefile +++ b/security/py-stix/Makefile @@ -1,7 +1,7 @@ PORTNAME= stix PORTVERSION= 1.2.0.11 DISTVERSIONPREFIX= v -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -13,7 +13,7 @@ LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE.txt RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}python-dateutil>=0:devel/py-python-dateutil@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}lxml>=2.3:devel/py-lxml@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}lxml5>=2.3:devel/py-lxml5@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}cybox>=2.1.0.13:security/py-cybox@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}mixbox>=1.0.2:security/py-mixbox@${PY_FLAVOR} TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}nose>=0:devel/py-nose@${PY_FLAVOR} \ diff --git a/security/rubygem-brakeman/Makefile b/security/rubygem-brakeman/Makefile index d6bc6638c1a4..04ebef5157f1 100644 --- a/security/rubygem-brakeman/Makefile +++ b/security/rubygem-brakeman/Makefile @@ -1,5 +1,5 @@ PORTNAME= brakeman -PORTVERSION= 7.0.2 +PORTVERSION= 7.1.0 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-brakeman/distinfo b/security/rubygem-brakeman/distinfo index 6d9ca9bc8cd7..7a04b64597b1 100644 --- a/security/rubygem-brakeman/distinfo +++ b/security/rubygem-brakeman/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1744289334 -SHA256 (rubygem/brakeman-7.0.2.gem) = b602d91bcec6c5ce4d4bc9e081e01f621c304b7a69f227d1e58784135f333786 -SIZE (rubygem/brakeman-7.0.2.gem) = 1709056 +TIMESTAMP = 1753265942 +SHA256 (rubygem/brakeman-7.1.0.gem) = bbc708a75a53008490c8b9600b97fa85cb3d5a8818dd1560f18e0b89475d48af +SIZE (rubygem/brakeman-7.1.0.gem) = 1689088 diff --git a/security/snort3/Makefile b/security/snort3/Makefile index 6c19698e3065..a8aa50e7c196 100644 --- a/security/snort3/Makefile +++ b/security/snort3/Makefile @@ -1,6 +1,5 @@ PORTNAME= snort -DISTVERSION= 3.9.1.0 -PORTREVISION= 1 +DISTVERSION= 3.9.2.0 PORTEPOCH= 1 CATEGORIES= security PKGNAMESUFFIX= 3 diff --git a/security/snort3/distinfo b/security/snort3/distinfo index 948c3a03b335..b0b61e634faf 100644 --- a/security/snort3/distinfo +++ b/security/snort3/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751623929 -SHA256 (snort3-snort3-3.9.1.0_GH0.tar.gz) = fc19f20cd34192eb78f28d7f128c79c5d0096733277f2b630a8cf892b10f33ce -SIZE (snort3-snort3-3.9.1.0_GH0.tar.gz) = 3501016 +TIMESTAMP = 1753181972 +SHA256 (snort3-snort3-3.9.2.0_GH0.tar.gz) = edf0aa5e72d673702bca161e235b7b8f8c3e5a49b81e8ddf2ea7e10736ab0cdd +SIZE (snort3-snort3-3.9.2.0_GH0.tar.gz) = 3507676 diff --git a/security/snort3/pkg-plist b/security/snort3/pkg-plist index ac9338536bea..6e0c9db565da 100644 --- a/security/snort3/pkg-plist +++ b/security/snort3/pkg-plist @@ -202,6 +202,8 @@ include/snort/pub_sub/eof_event.h include/snort/pub_sub/eve_process_event.h include/snort/pub_sub/expect_events.h include/snort/pub_sub/external_event_ids.h +include/snort/pub_sub/file_events.h +include/snort/pub_sub/file_events_ids.h include/snort/pub_sub/finalize_packet_event.h include/snort/pub_sub/ftp_events.h include/snort/pub_sub/http_body_event.h diff --git a/security/sudo-rs/Makefile b/security/sudo-rs/Makefile index 773a9fe74501..e609dff6e60f 100644 --- a/security/sudo-rs/Makefile +++ b/security/sudo-rs/Makefile @@ -1,6 +1,7 @@ PORTNAME= sudo-rs PORTVERSION= 0.2.7 DISTVERSIONPREFIX= v +PORTREVISION= 1 CATEGORIES= security MAINTAINER= marc@trifectatech.org diff --git a/security/sudo-rs/files/patch-src_system_mod.rs b/security/sudo-rs/files/patch-src_system_mod.rs new file mode 100644 index 000000000000..9474860f4b51 --- /dev/null +++ b/security/sudo-rs/files/patch-src_system_mod.rs @@ -0,0 +1,13 @@ +--- src/system/mod.rs.orig 2025-07-01 09:04:15 UTC ++++ src/system/mod.rs +@@ -802,8 +802,8 @@ impl Process { + + let ki_start = ki_proc[0].ki_start; + Ok(ProcessCreateTime::new( +- ki_start.tv_sec, +- ki_start.tv_usec * 1000, ++ (ki_start.tv_sec).into(), ++ (ki_start.tv_usec * 1000).into(), + )) + } + } diff --git a/security/sudo-rs/pkg-descr-coexist b/security/sudo-rs/pkg-descr-coexist new file mode 100644 index 000000000000..b77a949d55db --- /dev/null +++ b/security/sudo-rs/pkg-descr-coexist @@ -0,0 +1,4 @@ +Sudo-rs is a memory safe re-implementation of the sudo utility. + +Use this package to try out sudo-rs safely alongside security/sudo, using the +commands "sudo-rs" and "visudo-rs". diff --git a/security/tor/Makefile b/security/tor/Makefile index f57d6c95ee17..ce8c16da16df 100644 --- a/security/tor/Makefile +++ b/security/tor/Makefile @@ -1,5 +1,5 @@ PORTNAME= tor -DISTVERSION= 0.4.8.16 +DISTVERSION= 0.4.8.17 CATEGORIES= security net MASTER_SITES= TOR diff --git a/security/tor/distinfo b/security/tor/distinfo index 03f9a737f3ad..b6c151ad9fc0 100644 --- a/security/tor/distinfo +++ b/security/tor/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1743437584 -SHA256 (tor-0.4.8.16.tar.gz) = 6540dd377a120fb8e7d27530aa3b7ff72a0fa5b4f670fe1d64c987c1cfd390cb -SIZE (tor-0.4.8.16.tar.gz) = 9930424 +TIMESTAMP = 1753369975 +SHA256 (tor-0.4.8.17.tar.gz) = 79b4725e1d4b887b9e68fd09b0d2243777d5ce3cd471e538583bcf6f9d8cdb56 +SIZE (tor-0.4.8.17.tar.gz) = 10073355 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 22b2f0f2fbf0..0277bd44c443 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,851 @@ + <vuln vid="67c6461f-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1933572%2C1971116"> + <p>Memory safety bugs present in Firefox 140 and + Thunderbird 140. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code.</p> + <p>Focus incorrectly truncated URLs towards the beginning instead of + around the origin.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8044</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8044</url> + <cvename>CVE-2025-8043</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8043</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="62f1a68f-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975058%2C1975058%2C1975998%2C1975998"> + <p>Memory safety bugs present in Firefox ESR 140.0, + Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. + Some of these bugs showed evidence of memory corruption and + we presume that with enough effort some of these could have + been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8040</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8040</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="6088905c-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Persisted search terms in the URL bar</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1970997"> + <p>In some cases search terms persisted in the URL bar even after + navigating away from the search page.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8039</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8039</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="5d91def0-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Ignored paths while checking navigations</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1808979"> + <p>Thunderbird ignored paths when checking the validity of + navigations in a frame.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8038</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8038</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="5abc2187-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- cookie shadowing</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1964767"> + <p>Setting a nameless cookie with an equals sign in the + value shadowed other cookies. Even if the nameless cookie + was set over HTTP and the shadowed cookie included the + `Secure` attribute.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8037</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8037</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="58027367-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- CORS circumvention</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1960834"> + <p>Thunderbird cached CORS preflight responses across IP + address changes. This allowed circumventing CORS with DNS + rebinding.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8036</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8036</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="55096bd3-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1975961%2C1975961%2C1975961"> + <p>Memory safety bugs present in Firefox ESR 128.12, + Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR + 140.0, Firefox 140 and Thunderbird 140. Some of these bugs + showed evidence of memory corruption and we presume that + with enough effort some of these could have been exploited + to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8035</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8035</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="4faa01cb-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>115.26</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1970422%2C1970422%2C1970422%2C1970422"> + <p>Memory safety bugs present in Firefox ESR 115.25, Firefox + ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, + Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some + of these bugs showed evidence of memory corruption and we + presume that with enough effort some of these could have + been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8034</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8034</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="4d03efe7-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- nullptr dereference</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>115.26</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1973990"> + <p>The JavaScript engine did not handle closed generators + correctly and it was possible to resume them leading to a + nullptr deref.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8033</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8033</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="4a357f4b-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- XSLT document CSP bypass</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1974407"> + <p>XSLT document loading did not correctly propagate the + source document which bypassed its CSP.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8032</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8032</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="477e9eb3-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- HTTP Basic Authentication credentials leak</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971719"> + <p>The `username:password` part was not correctly stripped + from URLs in CSP reports potentially leaking HTTP Basic + Authentication credentials.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8031</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8031</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="44b3048b-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Insufficient input escaping</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1968414"> + <p>Insufficient escaping in the Copy as cURL feature could + potentially be used to trick a user into executing + unexpected code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8030</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8030</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="419bcf99-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- 'javascript:' URLs execution</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1928021"> + <p>Thunderbird executed `javascript:` URLs when used in + `object` and `embed` tags.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8029</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8029</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="3e9406a7-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- Incorrect computation of branch address</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>115.26</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1971581"> + <p>On arm64, a WASM `br_table` instruction with a lot of + entries could lead to the label being too far from the + instruction causing truncation and incorrect computation of + the branch address.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8028</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8028</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="3c234220-685e-11f0-a12d-b42e991fc52e"> + <topic>Mozilla -- IonMonkey-JIT bad stack write</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>141.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.13</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>115.26</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>141.0</lt></range> + </package> + <package> + <name>thunderbird-esr</name> + <range><lt>140.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>128.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1968423"> + <p>On 64-bit platforms IonMonkey-JIT only wrote 32 bits of + the 64-bit return value space on the stack. Baseline-JIT, + however, read the entire 64 bits.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8027</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8027</url> + </references> + <dates> + <discovery>2025-07-22</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="3d4393b2-68a5-11f0-b2b4-589cfc10832a"> + <topic>gdk-pixbuf2 -- a heap buffer overflow</topic> + <affects> + <package> + <name>gdk-pixbuf2</name> + <range><lt>2.42.12_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cve@mitre.org reports:</p> + <blockquote cite="https://www.cve.org/CVERecord?id=CVE-2025-7345"> + <p>A flaw exists in gdk-pixbuf within the gdk_pixbuf__jpeg_image_load_increment + function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). + When processing maliciously crafted JPEG images, a heap buffer overflow can occur + during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially + causing application crashes or arbitrary code execution.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-7345</cvename> + <url>https://www.cve.org/CVERecord?id=CVE-2025-7345</url> + </references> + <dates> + <discovery>2025-07-24</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="b3948bf3-685e-11f0-bff5-6805ca2fa271"> + <topic>powerdns-recursor -- cache pollution</topic> + <affects> + <package> + <name>powerdns-recursor</name> + <range><lt>5.2.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>PowerDNS Team reports:</p> + <blockquote cite="https://blog.powerdns.com/powerdns-security-advisory-2025-04"> + <p>An attacker spoofing answers to ECS enabled requests + sent out by the Recursor has a chance of success higher + than non-ECS enabled queries. The updated version include + various mitigations against spoofing attempts of ECS enabled + queries by chaining ECS enabled requests and enforcing + stricter validation of the received answers. The most strict + mitigation done when the new setting outgoing.edns_subnet_harden + (old style name edns-subnet-harden) is enabled.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-30192</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-30192</url> + </references> + <dates> + <discovery>2025-07-21</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="5683b3a7-683d-11f0-966e-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.2.0</ge><lt>18.2.1</lt></range> + <range><ge>18.1.0</ge><lt>18.1.3</lt></range> + <range><ge>15.0.0</ge><lt>18.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/"> + <p>Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE</p> + <p>Cross-site scripting issue impacts Kubernetes Proxy in GitLab CE/EE using CDNs</p> + <p>Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE</p> + <p>Improper Access Control issue impacts GitLab EE</p> + <p>Exposure of Sensitive Information to an Unauthorized Actor issue impacts GitLab CE/EE</p> + <p>Improper Access Control issue impacts GitLab CE/EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4700</cvename> + <cvename>CVE-2025-4439</cvename> + <cvename>CVE-2025-7001</cvename> + <cvename>CVE-2025-4976</cvename> + <cvename>CVE-2025-0765</cvename> + <cvename>CVE-2025-1299</cvename> + <url>https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/</url> + </references> + <dates> + <discovery>2025-07-23</discovery> + <entry>2025-07-24</entry> + </dates> + </vuln> + + <vuln vid="0f5bcba2-67fb-11f0-9ee5-b42e991fc52e"> + <topic>sqlite -- Integer Truncation on SQLite</topic> + <affects> + <package> + <name>sqlite3</name> + <range><lt>3.50.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cve-coordination@google.com reports:</p> + <blockquote cite="https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"> + <p>There exists a vulnerability in SQLite versions before + 3.50.2 where the number of aggregate terms could exceed the + number of columns available. This could lead to a memory + corruption issue.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6965</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6965</url> + </references> + <dates> + <discovery>2025-07-15</discovery> + <entry>2025-07-23</entry> + </dates> + </vuln> + + <vuln vid="80411ba2-6729-11f0-a5cb-8c164580114f"> + <topic>7-Zip -- Multi-byte write heap buffer overflow in NCompress::NRar5::CDecoder</topic> + <affects> + <package> + <name>7-zip</name> + <range><lt>25.00</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security-advisories@github.com reports:</p> + <blockquote cite="https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/"> + <p>7-Zip is a file archiver with a high compression ratio. Zeroes + written outside heap buffer in RAR5 handler may lead to memory + corruption and denial of service in versions of 7-Zip prior to + 25.0.0. Version 25.0.0 contains a fix for the issue.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-53816</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-53816</url> + </references> + <dates> + <discovery>2025-07-17</discovery> + <entry>2025-07-22</entry> + </dates> + </vuln> + <vuln vid="605a9d1e-6521-11f0-beb2-ac5afc632ba3"> <topic>libwasmtime -- host panic with fd_renumber WASIp1 function</topic> <affects> @@ -1612,7 +2460,7 @@ <affects> <package> <name>openh264</name> - <range><lt>2.5.1</lt></range> + <range><lt>2.5.1,2</lt></range> </package> </affects> <description> diff --git a/security/zeek/Makefile b/security/zeek/Makefile index 6a84daace7de..e9a2bcc78a26 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,6 +1,5 @@ PORTNAME= zeek -DISTVERSION= 7.0.8 -PORTREVISION= 1 +DISTVERSION= 7.0.9 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ diff --git a/security/zeek/distinfo b/security/zeek/distinfo index 556e223ec34a..716e78e681b4 100644 --- a/security/zeek/distinfo +++ b/security/zeek/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1747772619 -SHA256 (zeek-7.0.8.tar.gz) = 29f918851d671fb3d8fe6b97e3d9fcefaa18660c57cb1ed63adc5e25773175cd -SIZE (zeek-7.0.8.tar.gz) = 95963798 +TIMESTAMP = 1753129322 +SHA256 (zeek-7.0.9.tar.gz) = bebec9a71242da250ef8476bfce632c43892995c247d8dfafcef80ce42f6adbc +SIZE (zeek-7.0.9.tar.gz) = 95973519 |