diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/Makefile | 1 | ||||
| -rw-r--r-- | security/aws-iam-authenticator/Makefile | 5 | ||||
| -rw-r--r-- | security/aws-iam-authenticator/distinfo | 10 | ||||
| -rw-r--r-- | security/gnutls/Makefile | 18 | ||||
| -rw-r--r-- | security/gnutls/distinfo | 8 | ||||
| -rw-r--r-- | security/gnutls/files/patch-lib_system_ktls.c | 18 | ||||
| -rw-r--r-- | security/gnutls/pkg-plist | 2 | ||||
| -rw-r--r-- | security/pwdsafety/Makefile | 20 | ||||
| -rw-r--r-- | security/pwdsafety/distinfo | 5 | ||||
| -rw-r--r-- | security/pwdsafety/pkg-descr | 11 | ||||
| -rw-r--r-- | security/py-certifi/Makefile | 2 | ||||
| -rw-r--r-- | security/py-certifi/distinfo | 6 | ||||
| -rw-r--r-- | security/py-josepy/Makefile | 2 | ||||
| -rw-r--r-- | security/py-josepy/distinfo | 6 | ||||
| -rw-r--r-- | security/py-joserfc/Makefile | 2 | ||||
| -rw-r--r-- | security/py-joserfc/distinfo | 6 | ||||
| -rw-r--r-- | security/py-netmiko/Makefile | 6 | ||||
| -rw-r--r-- | security/py-netmiko/distinfo | 6 | ||||
| -rw-r--r-- | security/py-netmiko/files/patch-pyproject.toml | 13 | ||||
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 43 | ||||
| -rw-r--r-- | security/wazuh-manager/Makefile | 2 |
21 files changed, 144 insertions, 48 deletions
diff --git a/security/Makefile b/security/Makefile index 5651bbf0f77d..39de649f8d2d 100644 --- a/security/Makefile +++ b/security/Makefile @@ -877,6 +877,7 @@ SUBDIR += putty-nogtk SUBDIR += pvk SUBDIR += pwauth + SUBDIR += pwdsafety SUBDIR += pwman SUBDIR += pwned-check SUBDIR += py-SecretStorage diff --git a/security/aws-iam-authenticator/Makefile b/security/aws-iam-authenticator/Makefile index bf91091174f6..9aecaae8b218 100644 --- a/security/aws-iam-authenticator/Makefile +++ b/security/aws-iam-authenticator/Makefile @@ -1,7 +1,6 @@ PORTNAME= aws-iam-authenticator -PORTVERSION= 0.7.3 +PORTVERSION= 0.7.4 DISTVERSIONPREFIX= v -PORTREVISION= 1 CATEGORIES= security MAINTAINER= danilo@FreeBSD.org @@ -10,7 +9,7 @@ WWW= https://github.com/kubernetes-sigs/aws-iam-authenticator LICENSE= APACHE20 -USES= go:1.24,modules +USES= go:modules GO_MODULE= github.com/kubernetes-sigs/${PORTNAME} GO_TARGET= ./cmd/${PORTNAME} diff --git a/security/aws-iam-authenticator/distinfo b/security/aws-iam-authenticator/distinfo index fef0487d0219..75490661d335 100644 --- a/security/aws-iam-authenticator/distinfo +++ b/security/aws-iam-authenticator/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1750521592 -SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.3/v0.7.3.mod) = 8ecdfec2a08ef66fd57567c82bc179409b8cf25a6a783345c9b07f258524ad01 -SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.3/v0.7.3.mod) = 4278 -SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.3/v0.7.3.zip) = aa54c7e555826a93cd55c4f651af71ddad0408367085e6f9044bedf386824008 -SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.3/v0.7.3.zip) = 227851 +TIMESTAMP = 1752398596 +SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.4/v0.7.4.mod) = db4a607f223aa9e65f5350dd36239f83586c7cb8fe5a769eb7eb650b1d1eef7b +SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.4/v0.7.4.mod) = 4316 +SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.4/v0.7.4.zip) = 45a66f0e05a6c7bb9455d8d94ce46374ebd3faeeb4bd9f554b6ff55a665d9eb1 +SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.4/v0.7.4.zip) = 228112 diff --git a/security/gnutls/Makefile b/security/gnutls/Makefile index 7f9712b57b9d..1a372e5bb819 100644 --- a/security/gnutls/Makefile +++ b/security/gnutls/Makefile @@ -1,7 +1,10 @@ PORTNAME= gnutls -DISTVERSION= 3.8.9 +DISTVERSION= 3.8.10 CATEGORIES= security net -MASTER_SITES= GNUPG/${PORTNAME}/v${DISTVERSION:C/(\.[^.]*).*/\1/} +MASTER_SITES= GNUPG/${PORTNAME}/v${DISTVERSION:C/(\.[^.]*).*/\1/} \ + https://gitlab.com/gnutls/gnutls/-/raw/${DISTVERSION}/tests/:test +DISTFILES= ${DISTNAME}${EXTRACT_SUFX} ktls_utils.h:test +EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} MAINTAINER= tijl@FreeBSD.org COMMENT= GNU Transport Layer Security library @@ -12,10 +15,12 @@ LICENSE_COMB= multi LICENSE_FILE_GPLv3+ = ${WRKSRC}/COPYING LICENSE_FILE_LGPL21+ = ${WRKSRC}/COPYING.LESSERv2 -LIB_DEPENDS= libgmp.so:math/gmp \ +LIB_DEPENDS= libbrotlienc.so:archivers/brotli \ + libgmp.so:math/gmp \ libnettle.so:security/nettle \ libtasn1.so:security/libtasn1 \ - libunistring.so:devel/libunistring + libunistring.so:devel/libunistring \ + libzstd.so:archivers/zstd USES= compiler:c11 cpe gmake iconv libtool localbase makeinfo \ pkgconfig tar:xz @@ -28,11 +33,11 @@ CONFIGURE_ARGS= --disable-rpath \ --enable-openssl-compatibility \ --with-default-trust-store-dir=/etc/ssl/certs \ --with-system-priority-file=${PREFIX}/etc/gnutls/config \ - --without-brotli \ + --with-brotli \ --without-included-libtasn1 \ --without-tpm \ --without-tpm2 \ - --without-zstd + --with-zstd MAKE_ENV= MAKEINFOFLAGS=--no-split INSTALL_TARGET= install-strip @@ -73,6 +78,7 @@ P11KIT_CONFIGURE_WITH= p11-kit SRP_CONFIGURE_ENABLE= srp-authentication post-patch: + @${CP} -p ${DISTDIR}/ktls_utils.h ${WRKSRC}/tests/ @${RM} ${WRKSRC}/doc/*.info* @${REINPLACE_CMD} 's,/usr/share,${PREFIX}/share,' \ ${WRKSRC}/doc/manpages/*.[13] diff --git a/security/gnutls/distinfo b/security/gnutls/distinfo index fe6e2e9317b8..a67d8f2ab573 100644 --- a/security/gnutls/distinfo +++ b/security/gnutls/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1739176636 -SHA256 (gnutls-3.8.9.tar.xz) = 69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed -SIZE (gnutls-3.8.9.tar.xz) = 6847364 +TIMESTAMP = 1752249814 +SHA256 (gnutls-3.8.10.tar.xz) = db7fab7cce791e7727ebbef2334301c821d79a550ec55c9ef096b610b03eb6b7 +SIZE (gnutls-3.8.10.tar.xz) = 6909856 +SHA256 (ktls_utils.h) = e41d33289c63573c59d2d02b4110a2f63651add28001031e6dc20327d096b734 +SIZE (ktls_utils.h) = 1983 diff --git a/security/gnutls/files/patch-lib_system_ktls.c b/security/gnutls/files/patch-lib_system_ktls.c new file mode 100644 index 000000000000..3c0dbc6a8734 --- /dev/null +++ b/security/gnutls/files/patch-lib_system_ktls.c @@ -0,0 +1,18 @@ +--- lib/system/ktls.c.orig 2025-04-11 11:51:08 UTC ++++ lib/system/ktls.c +@@ -1076,6 +1076,7 @@ int _gnutls_ktls_recv_control_msg(gnutls_session_t ses + default: + return GNUTLS_E_PULL_ERROR; + } ++#ifdef EKEYEXPIRED + } else if (unlikely(ret == -EKEYEXPIRED)) { + /* This will be received until a keyupdate is performed on the + scoket. */ +@@ -1083,6 +1084,7 @@ int _gnutls_ktls_recv_control_msg(gnutls_session_t ses + "updated keys\n"); + gnutls_assert(); + return GNUTLS_E_AGAIN; ++#endif + } + + /* connection closed */ diff --git a/security/gnutls/pkg-plist b/security/gnutls/pkg-plist index 14edcf814711..45fd3c64ee3a 100644 --- a/security/gnutls/pkg-plist +++ b/security/gnutls/pkg-plist @@ -35,7 +35,7 @@ lib/libgnutls-openssl.so.27 lib/libgnutls-openssl.so.27.0.2 lib/libgnutls.so lib/libgnutls.so.30 -lib/libgnutls.so.30.40.3 +lib/libgnutls.so.30.40.4 lib/libgnutlsxx.so lib/libgnutlsxx.so.30 lib/libgnutlsxx.so.30.0.0 diff --git a/security/pwdsafety/Makefile b/security/pwdsafety/Makefile new file mode 100644 index 000000000000..118a8440662b --- /dev/null +++ b/security/pwdsafety/Makefile @@ -0,0 +1,20 @@ +PORTNAME= pwdsafety +DISTVERSIONPREFIX= v +DISTVERSION= 0.4.0 +CATEGORIES= security + +MAINTAINER= olgeni@FreeBSD.org +COMMENT= Command line tool that checks how much a password is safe +WWW= https://github.com/edoardottt/pwdsafety + +LICENSE= GPLv3 +LICENSE_FILE= ${WRKSRC}/LICENSE + +USES= go:modules + +GO_MODULE= github.com/edoardottt/pwdsafety +GO_TARGET= ./cmd/pwdsafety + +PLIST_FILES= bin/pwdsafety + +.include <bsd.port.mk> diff --git a/security/pwdsafety/distinfo b/security/pwdsafety/distinfo new file mode 100644 index 000000000000..1bae896cbab4 --- /dev/null +++ b/security/pwdsafety/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1752333153 +SHA256 (go/security_pwdsafety/pwdsafety-v0.4.0/v0.4.0.mod) = e24364d55d617dd7b5b727b94d836e02a2c1994d731f8e7f839e9a4b6e4728fc +SIZE (go/security_pwdsafety/pwdsafety-v0.4.0/v0.4.0.mod) = 272 +SHA256 (go/security_pwdsafety/pwdsafety-v0.4.0/v0.4.0.zip) = 81ee80f0da8ed074ea82b4e468a901ce4858c4e1a9635428e5355114c9c43601 +SIZE (go/security_pwdsafety/pwdsafety-v0.4.0/v0.4.0.zip) = 41421 diff --git a/security/pwdsafety/pkg-descr b/security/pwdsafety/pkg-descr new file mode 100644 index 000000000000..2d88f6f3a928 --- /dev/null +++ b/security/pwdsafety/pkg-descr @@ -0,0 +1,11 @@ +pwdsafety is a command-line tool that checks how safe a password is by +calculating its entropy and providing a safety score. It helps users +understand password strength without storing any password information. + +Features: + +- Password strength analysis through entropy calculation +- Safety scoring system +- Generates strong random passwords for weak inputs +- Command-line interface for easy integration +- Zero storage of password data diff --git a/security/py-certifi/Makefile b/security/py-certifi/Makefile index b4ae106315be..de1cfbdc119e 100644 --- a/security/py-certifi/Makefile +++ b/security/py-certifi/Makefile @@ -1,5 +1,5 @@ PORTNAME= certifi -PORTVERSION= 2025.6.15 +PORTVERSION= 2025.7.9 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-certifi/distinfo b/security/py-certifi/distinfo index fe596debd52b..a5b8a9689443 100644 --- a/security/py-certifi/distinfo +++ b/security/py-certifi/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750188134 -SHA256 (certifi-2025.6.15.tar.gz) = d747aa5a8b9bbbb1bb8c22bb13e22bd1f18e9796defa16bab421f7f7a317323b -SIZE (certifi-2025.6.15.tar.gz) = 158753 +TIMESTAMP = 1752266162 +SHA256 (certifi-2025.7.9.tar.gz) = c1d2ec05395148ee10cf672ffc28cd37ea0ab0d99f9cc74c43e588cbd111b079 +SIZE (certifi-2025.7.9.tar.gz) = 160386 diff --git a/security/py-josepy/Makefile b/security/py-josepy/Makefile index c8b91ecf0550..e07e5dd9c575 100644 --- a/security/py-josepy/Makefile +++ b/security/py-josepy/Makefile @@ -1,5 +1,5 @@ PORTNAME= josepy -PORTVERSION= 2.0.0 +PORTVERSION= 2.1.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-josepy/distinfo b/security/py-josepy/distinfo index 7b968e5afc63..777203aa8d8a 100644 --- a/security/py-josepy/distinfo +++ b/security/py-josepy/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745140066 -SHA256 (josepy-2.0.0.tar.gz) = e7d7acd2fe77435cda76092abe4950bb47b597243a8fb733088615fa6de9ec40 -SIZE (josepy-2.0.0.tar.gz) = 55767 +TIMESTAMP = 1752266260 +SHA256 (josepy-2.1.0.tar.gz) = 9beafbaa107ec7128e6c21d86b2bc2aea2f590158e50aca972dca3753046091f +SIZE (josepy-2.1.0.tar.gz) = 56189 diff --git a/security/py-joserfc/Makefile b/security/py-joserfc/Makefile index 289de9d6f06d..469d3303adfc 100644 --- a/security/py-joserfc/Makefile +++ b/security/py-joserfc/Makefile @@ -1,5 +1,5 @@ PORTNAME= joserfc -PORTVERSION= 1.1.0 +PORTVERSION= 1.2.1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-joserfc/distinfo b/security/py-joserfc/distinfo index 96f01f13fae3..d51ddb558786 100644 --- a/security/py-joserfc/distinfo +++ b/security/py-joserfc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1748495851 -SHA256 (joserfc-1.1.0.tar.gz) = a8f3442b04c233f742f7acde0d0dcd926414e9542a6337096b2b4e5f435f36c1 -SIZE (joserfc-1.1.0.tar.gz) = 182360 +TIMESTAMP = 1752266164 +SHA256 (joserfc-1.2.1.tar.gz) = 466a75dc0af9c6711d2a93f38e91c5d4920ec77059063325c251913da3e83569 +SIZE (joserfc-1.2.1.tar.gz) = 192229 diff --git a/security/py-netmiko/Makefile b/security/py-netmiko/Makefile index 2a8511d310bc..a8bf74c9a8a1 100644 --- a/security/py-netmiko/Makefile +++ b/security/py-netmiko/Makefile @@ -1,6 +1,6 @@ PORTNAME= netmiko DISTVERSIONPREFIX= v -DISTVERSION= 4.5.0 +DISTVERSION= 4.6.0 CATEGORIES= security net-mgmt python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -11,7 +11,7 @@ WWW= https://github.com/ktbyers/netmiko LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}poetry-core>=1.6.1:devel/py-poetry-core@${PY_FLAVOR} +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}poetry-core>=1.0.0:devel/py-poetry-core@${PY_FLAVOR} RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ntc-templates>=3.1.0:textproc/py-ntc-templates@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}paramiko>=2.9.5:security/py-paramiko@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyserial>=3.3:comms/py-pyserial@${PY_FLAVOR} \ @@ -21,7 +21,7 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}ntc-templates>=3.1.0:textproc/py-ntc-templat ${PYTHON_PKGNAMEPREFIX}textfsm>=1.1.3:textproc/py-textfsm@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyyaml>=6.0.1:devel/py-pyyaml@${PY_FLAVOR} -USES= python:3.9+ shebangfix +USES= python shebangfix USE_PYTHON= autoplist concurrent pep517 pytest USE_GITHUB= yes GH_ACCOUNT= ktbyers diff --git a/security/py-netmiko/distinfo b/security/py-netmiko/distinfo index 04d25f41b5ac..1eb4318fefc3 100644 --- a/security/py-netmiko/distinfo +++ b/security/py-netmiko/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1733817518 -SHA256 (ktbyers-netmiko-v4.5.0_GH0.tar.gz) = a1dd444169647904d9b4bb56894fc36cad6a2c73dfcae3444a04cdbae95fc4d1 -SIZE (ktbyers-netmiko-v4.5.0_GH0.tar.gz) = 1803872 +TIMESTAMP = 1751266261 +SHA256 (ktbyers-netmiko-v4.6.0_GH0.tar.gz) = 6234d11f394377533ce3e40b0506b248c98cfd894ac95a639d1dea3133e1dedd +SIZE (ktbyers-netmiko-v4.6.0_GH0.tar.gz) = 1954361 diff --git a/security/py-netmiko/files/patch-pyproject.toml b/security/py-netmiko/files/patch-pyproject.toml index c238a371d1e7..175963f10281 100644 --- a/security/py-netmiko/files/patch-pyproject.toml +++ b/security/py-netmiko/files/patch-pyproject.toml @@ -1,16 +1,7 @@ -Use the more lightweight py-poetry-core instead py-poetry and relax version requirements. +Relax some version requirements. ---- pyproject.toml.orig 2024-12-09 21:51:07 UTC +--- pyproject.toml.orig 2025-06-26 19:00:25 UTC +++ pyproject.toml -@@ -1,6 +1,6 @@ - [build-system] --requires = ["poetry>=1.6.1"] --build-backend = "poetry.masonry.api" -+requires = ["poetry-core>=1.6.1"] -+build-backend = "poetry.core.masonry.api" - - [tool.poetry] - name = "netmiko" @@ -23,7 +23,7 @@ scp = ">=0.13.6" python = ">=3.9,<4.0" paramiko = ">=2.9.5" diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index cbc427ef34b8..3df49be5c53d 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,46 @@ + <vuln vid="c3e1df74-5e73-11f0-95e5-74563cf9e4e9"> + <topic>GnuTLS -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gnutls</name> + <range><lt>3.8.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Daiki Ueno reports:</p> + <blockquote cite="https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html"> + <ul> + <li>libgnutls: Fix heap read buffer overrun in parsing X.509 SCTS timestamps + Spotted by oss-fuzz and reported by OpenAI Security Research Team, + and fix developed by Andrew Hamilton. [GNUTLS-SA-2025-07-07-1, + CVSS: medium] [CVE-2025-32989]</li> + <li>libgnutls: Fix double-free upon error when exporting otherName in SAN + Reported by OpenAI Security Research Team. [GNUTLS-SA-2025-07-07-2, + CVSS: low] [CVE-2025-32988]</li> + <li>certtool: Fix 1-byte write buffer overrun when parsing template + Reported by David Aitel. [GNUTLS-SA-2025-07-07-3, + CVSS: low] [CVE-2025-32990]</li> + <li>libgnutls: Fix NULL pointer dereference when 2nd Client Hello omits PSK + Reported by Stefan Bühler. [GNUTLS-SA-2025-07-07-4, CVSS: medium] + [CVE-2025-6395]</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-32989</cvename> + <cvename>CVE-2025-32988</cvename> + <cvename>CVE-2025-32990</cvename> + <cvename>CVE-2025-6395</cvename> + <url>https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html</url> + </references> + <dates> + <discovery>2025-07-09</discovery> + <entry>2025-07-14</entry> + </dates> + </vuln> + <vuln vid="b0a3466f-5efc-11f0-ae84-99047d0a6bcc"> <topic>libxslt -- unmaintained, with multiple unfixed vulnerabilities</topic> <affects> diff --git a/security/wazuh-manager/Makefile b/security/wazuh-manager/Makefile index b6af1f502bd0..1734493f67ff 100644 --- a/security/wazuh-manager/Makefile +++ b/security/wazuh-manager/Makefile @@ -1,7 +1,7 @@ PORTNAME= wazuh DISTVERSIONPREFIX= v DISTVERSION= 4.12.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= https://packages.wazuh.com/deps/40/libraries/sources/:wazuh_sources \ LOCAL/acm/${PORTNAME}/:wazuh_cache |