11 files changed, 60 insertions, 53 deletions

diff --git a/security/gokey/Makefile b/security/gokey/Makefile
index d52063e0f7b9..0bf965c28340 100644
--- a/security/gokey/Makefile
+++ b/security/gokey/Makefile
@@ -1,7 +1,6 @@
 PORTNAME=	gokey
 DISTVERSIONPREFIX=	v
-DISTVERSION=	0.1.2
-PORTREVISION=	18
+DISTVERSION=	0.1.3
 CATEGORIES=	security
 
 MAINTAINER=	ports@FreeBSD.org
@@ -12,8 +11,6 @@ LICENSE=	BSD3CLAUSE
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 USES=		go:modules
-USE_GITHUB=	nodefault
-GH_TUPLE=	golang:sys:v0.6.0:sys
 
 GO_MODULE=	github.com/cloudflare/gokey
 GO_TARGET=	./cmd/gokey
@@ -24,10 +21,6 @@ PORTDOCS=	README.md
 
 OPTIONS_DEFINE=	DOCS
 
-pre-build:
-	${RM} -r ${WRKSRC}/vendor/golang.org/x/sys
-	${LN} -s ${WRKDIR}/sys-* ${WRKSRC}/vendor/golang.org/x/sys
-
 do-install-DOCS-on:
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/${PORTDOCS} ${STAGEDIR}${DOCSDIR}
diff --git a/security/gokey/distinfo b/security/gokey/distinfo
index 2c8ae8c5be3d..c73bec521cf1 100644
--- a/security/gokey/distinfo
+++ b/security/gokey/distinfo
@@ -1,7 +1,5 @@
-TIMESTAMP = 1679785309
-SHA256 (go/security_gokey/gokey-v0.1.2/v0.1.2.mod) = 950a88925784603d0a9b5af156afc7233601d33ddc237d01d6978f1c2f53e310
-SIZE (go/security_gokey/gokey-v0.1.2/v0.1.2.mod) = 167
-SHA256 (go/security_gokey/gokey-v0.1.2/v0.1.2.zip) = 44c0e33ce53a39d2c1aadb457478faacc46204e2a60c171d48c4c943d38df639
-SIZE (go/security_gokey/gokey-v0.1.2/v0.1.2.zip) = 25411
-SHA256 (go/security_gokey/gokey-v0.1.2/golang-sys-v0.6.0_GH0.tar.gz) = b4f6d17c7a128f76169964b437cb66b3f2dbf9a33361928ec19dfecf7b03fc54
-SIZE (go/security_gokey/gokey-v0.1.2/golang-sys-v0.6.0_GH0.tar.gz) = 1434234
+TIMESTAMP = 1747434941
+SHA256 (go/security_gokey/gokey-v0.1.3/v0.1.3.mod) = ad79ff30a189d8bc2b82304a17d2a9f4aa1f40244a806cf52ef851fbb977d722
+SIZE (go/security_gokey/gokey-v0.1.3/v0.1.3.mod) = 113
+SHA256 (go/security_gokey/gokey-v0.1.3/v0.1.3.zip) = e07dd6921bbea368a26b1445f42709837f1df2d9144739b14bb8c9e6fce944e4
+SIZE (go/security_gokey/gokey-v0.1.3/v0.1.3.zip) = 28472
diff --git a/security/gokey/files/patch-go.mod b/security/gokey/files/patch-go.mod
index 5e7868a42b96..99bcac4b32fe 100644
--- a/security/gokey/files/patch-go.mod
+++ b/security/gokey/files/patch-go.mod
@@ -1,14 +1,14 @@
---- go.mod.orig	2023-03-25 23:03:40 UTC
+--- go.mod.orig	1979-11-29 16:00:00 UTC
 +++ go.mod
-@@ -1,8 +1,10 @@
+@@ -1,8 +1,10 @@ module github.com/cloudflare/gokey
  module github.com/cloudflare/gokey
  
 -go 1.13
 +go 1.17
  
  require (
- 	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d
- 	golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
+ 	golang.org/x/crypto v0.17.0
+ 	golang.org/x/term v0.15.0
  )
 +
-+require golang.org/x/sys v0.6.0 // indirect
++require golang.org/x/sys v0.15.0 // indirect
diff --git a/security/gokey/files/patch-go.sum b/security/gokey/files/patch-go.sum
deleted file mode 100644
index cff06eac8113..000000000000
--- a/security/gokey/files/patch-go.sum
+++ /dev/null
@@ -1,11 +0,0 @@
---- go.sum.orig	2023-03-25 23:03:43 UTC
-+++ go.sum
-@@ -5,6 +5,8 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go
- golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
- golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
- golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-+golang.org/x/sys v0.6.0 h1:MVltZSvRTcU2ljQOhs94SXPftV6DCNnZViHeQps87pQ=
-+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
- golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
- golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
- golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
diff --git a/security/gokey/files/patch-vendor_modules.txt b/security/gokey/files/patch-vendor_modules.txt
index e871e87d957c..e169e8c39333 100644
--- a/security/gokey/files/patch-vendor_modules.txt
+++ b/security/gokey/files/patch-vendor_modules.txt
@@ -1,18 +1,16 @@
---- vendor/modules.txt.orig	2023-03-25 23:04:26 UTC
+--- vendor/modules.txt.orig	2025-05-16 22:37:27 UTC
 +++ vendor/modules.txt
-@@ -1,11 +1,14 @@
- # golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d
+@@ -1,10 +1,13 @@
+ # golang.org/x/crypto v0.17.0
 +## explicit; go 1.17
  golang.org/x/crypto/ed25519
  golang.org/x/crypto/hkdf
  golang.org/x/crypto/pbkdf2
--# golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1
-+# golang.org/x/sys v0.6.0
+ # golang.org/x/sys v0.15.0
 +## explicit; go 1.17
- golang.org/x/sys/internal/unsafeheader
  golang.org/x/sys/plan9
  golang.org/x/sys/unix
  golang.org/x/sys/windows
- # golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1
-+## explicit; go 1.11
+ # golang.org/x/term v0.15.0
++## explicit; go 1.17
  golang.org/x/term
diff --git a/security/py-netbox-secrets/Makefile b/security/py-netbox-secrets/Makefile
index 72e83b741b37..79466b639c92 100644
--- a/security/py-netbox-secrets/Makefile
+++ b/security/py-netbox-secrets/Makefile
@@ -1,6 +1,5 @@
 PORTNAME=	netbox-secrets
-DISTVERSION=	2.2.0
-PORTREVISION=	1
+DISTVERSION=	2.2.1
 CATEGORIES=	security python
 MASTER_SITES=	PYPI
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
@@ -13,10 +12,12 @@ WWW=		https://github.com/Onemind-Services-LLC/netbox-secrets
 LICENSE=	APACHE20
 LICENSE_FILE=	${WRKSRC}/LICENSE.md
 
+BUILD_DEPENDS=	${PY_SETUPTOOLS} \
+		${PYTHON_PKGNAMEPREFIX}wheel>0:devel/py-wheel@${PY_FLAVOR}
 RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}pycryptodome>0:security/py-pycryptodome@${PY_FLAVOR}
 
 USES=		python
-USE_PYTHON=	autoplist distutils
+USE_PYTHON=	autoplist pep517
 
 NO_ARCH=	yes
 
diff --git a/security/py-netbox-secrets/distinfo b/security/py-netbox-secrets/distinfo
index 2a6f2505f573..25c5b104549d 100644
--- a/security/py-netbox-secrets/distinfo
+++ b/security/py-netbox-secrets/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1738929151
-SHA256 (netbox_secrets-2.2.0.tar.gz) = 6140dd46981c65a96bc174ac07905ae7355bdbdc3d144fc281a0cde0f6e096c8
-SIZE (netbox_secrets-2.2.0.tar.gz) = 57503
+TIMESTAMP = 1747310577
+SHA256 (netbox_secrets-2.2.1.tar.gz) = 26f817f9a9c03dcd34aaaa89d4744b2d15408d0e38f584aa6f2cb73bdd48958f
+SIZE (netbox_secrets-2.2.1.tar.gz) = 57852
diff --git a/security/vuls/Makefile b/security/vuls/Makefile
index a202c3f5fe81..1ade7a45b4e5 100644
--- a/security/vuls/Makefile
+++ b/security/vuls/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	vuls
 DISTVERSIONPREFIX=v
-DISTVERSION=	0.31.1
+DISTVERSION=	0.32.0
 CATEGORIES=	security
 
 MAINTAINER=	girgen@FreeBSD.org
@@ -10,7 +10,7 @@ WWW=		https://vuls.io
 LICENSE=	GPLv3+
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-USES=		go:1.23,modules
+USES=		go:1.24,modules
 
 GO_MODULE=	github.com/future-architect/vuls
 GO_TARGET=	./cmd/${PORTNAME}
diff --git a/security/vuls/distinfo b/security/vuls/distinfo
index a567c9ed0f6c..171f6cc2ca7b 100644
--- a/security/vuls/distinfo
+++ b/security/vuls/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1746696143
-SHA256 (go/security_vuls/vuls-v0.31.1/v0.31.1.mod) = 5b19a8a2789f1f93369c7bf24d38df8b345a7a871b2b229aec6349b9db98027e
-SIZE (go/security_vuls/vuls-v0.31.1/v0.31.1.mod) = 20796
-SHA256 (go/security_vuls/vuls-v0.31.1/v0.31.1.zip) = 40312da1c3021023a0bee1822b8622713e48137b3ca29f14f4347c79a88ec425
-SIZE (go/security_vuls/vuls-v0.31.1/v0.31.1.zip) = 1376467
+TIMESTAMP = 1747479508
+SHA256 (go/security_vuls/vuls-v0.32.0/v0.32.0.mod) = e3091e79324dcdd3e3c2959a3b9fa4ab03fc4d53a0ce41a76fc793a68b57302e
+SIZE (go/security_vuls/vuls-v0.32.0/v0.32.0.mod) = 20795
+SHA256 (go/security_vuls/vuls-v0.32.0/v0.32.0.zip) = 1eed06de6c88de618a25184d843010c76b30b77a8e554f028a2700a5e267266b
+SIZE (go/security_vuls/vuls-v0.32.0/v0.32.0.zip) = 1389053
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 57231ad368f3..10fce3138813 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,28 @@
+  <vuln vid="46594aa3-32f7-11f0-a116-8447094a420f">
+    <topic>WeeChat -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>weechat</name>
+	<range><lt>4.6.3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Weechat project reports:</p>
+	<blockquote cite="https://weechat.org/doc/weechat/security/">
+	  <p>Multiple integer and buffer overflows in WeeChat core.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <url>https://weechat.org/doc/weechat/security/</url>
+    </references>
+    <dates>
+      <discovery>2025-05-11</discovery>
+      <entry>2025-05-17</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="79400d31-3166-11f0-8cb5-a8a1599412c6">
     <topic>chromium -- multiple security fixes</topic>
     <affects>
diff --git a/security/wolfssl/Makefile b/security/wolfssl/Makefile
index 837bebd08315..87fa1c88c8d7 100644
--- a/security/wolfssl/Makefile
+++ b/security/wolfssl/Makefile
@@ -1,5 +1,6 @@
 PORTNAME=	wolfssl
 PORTVERSION=	5.8.0
+PORTREVISION=	1
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.wolfssl.com/ \
 		LOCAL/fox
@@ -35,9 +36,11 @@ CONFIGURE_ARGS=	--disable-dependency-tracking \
 		--enable-static \
 		--enable-tls13 \
 		--enable-tls13-draft18 \
+		--enable-haproxy \
+		--enable-quic \
 		--enable-context-extra-user-data
 TEST_TARGET=	check
-CFLAGS+=	-DWOLFSSL_ALT_NAMES
+CFLAGS+=	-DWOLFSSL_ALT_NAMES -DWOLFSSL_GETRANDOM=1
 
 OPTIONS_DEFINE=	DEBUG DOCS