| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note that libxslt is vulnerable, unfixed, and without maintainer.
Two of four vulnerabilities have been fixed.
Note that libxml2 in our ports is vulnerable and there is no upstream
release fixing these bugs, they need cherry-picks.
Deprecate textproc/xmlto and textproc/minixmlto,
which both depend on the unmaintained and vulnerable libxslt.
I have filed https://pagure.io/xmlto/issue/15 to ask the xmlto
upstream to switch to different XML/XSLT libraries.
Two issues are undisclosed and do not seem to have a CVE assigned yet.
Security: CVE-2025-6021
Security: CVE-2025-6170
Security: CVE-2025-7424
Security: CVE-2025-7425
Security: CVE-2025-49794
Security: CVE-2025-49795
Security: CVE-2025-49795
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/913
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/926
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/931
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/932
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/933
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/935
Security: https://gitlab.gnome.org/GNOME/libxml2/-/issues/941
Security: https://gitlab.gnome.org/GNOME/libxslt/-/issues/139
Security: https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
Security: https://gitlab.gnome.org/GNOME/libxslt/-/issues/144
Security: https://gitlab.gnome.org/GNOME/libxslt/-/issues/148
Security: https://gitlab.gnome.org/Teams/Releng/security/-/wikis/2025#libxml2-and-libxslt
Security: https://www.openwall.com/lists/oss-security/2025/06/16/6
|
| |
|
| |
|
|
|
|
| |
Reported by: pkg-fallout
|
|
|
|
| |
Changes: https://github.com/cedarcode/tpm-key_attestation/blob/master/CHANGELOG.md
|
|
|
|
| |
Changes: https://github.com/cedarcode/webauthn-ruby/blob/master/CHANGELOG.md
|
|
|
|
| |
Changes: https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service/-/blob/main/CHANGELOG.md
|
|
|
|
| |
Changelog: https://github.com/xmlsec/python-xmlsec/releases/tag/1.3.16
|
|
|
|
| |
Changes: https://github.com/unixcharles/acme-client/blob/master/CHANGELOG.md
|
|
|
|
| |
Changes: https://github.com/aws/aws-lc/releases
|
| |
|
|
|
|
|
| |
ssl-checker is a fast and beautiful command-line tool designed to check SSL
certificates for HTTPS endpoints.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
PR: 288054
MFH: 2025Q3
|
|
|
|
|
|
|
|
|
| |
libprotobuf-c.so once again has version info. Force a rebuild of
its consumers.
PR: 282060
MFH: 2025Q3
Sponsored by: <If the change was sponsored by an organization.>
|
|
|
|
|
|
|
|
| |
Disconnect lang/luajit-devel from the build, will be removed soon.
Bump PORTREVISIONs for the consumers.
Discussed with: adamw
PR: 225342
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* CVE-2025-27613
* CVE-2025-27614
* CVE-2025-46835
* CVE-2025-48384
* CVE-2025-48385
* CVE-2025-48386
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
|
|
|
|
|
|
| |
Remove mongodb80 entry since it is not affected.
Reported by: ronald-lists@klop.ws
Fixes: fbefcec73997
|
|
|
|
|
|
|
|
| |
* CVE-2025-6711
* CVE-2025-6712
* CVE-2025-6713
* CVE-2025-6714
* CVE-2025-7259
|
| |
|
|
|
|
| |
* CVE-2025-52891
|
|
|
|
| |
- Bump PORTREVISION
|
|
|
|
|
|
|
| |
- Fix extract issues on amd64/aarch64
- Update cpython bundle to 3.11.13
- Update whl cache files
- Bump PORTREVISION
|
|
|
|
| |
ChangeLog: https://github.com/aws/s2n-tls/releases/tag/v1.5.22
|
|
|
|
|
|
|
|
|
|
|
| |
ChangeLogs:
- https://github.com/jaxxstorm/tscli/releases/tag/v0.0.12
- https://github.com/jaxxstorm/tscli/releases/tag/v0.0.11
- https://github.com/jaxxstorm/tscli/releases/tag/v0.0.10
- https://github.com/jaxxstorm/tscli/releases/tag/v0.0.9
Approved by: acm (mentor)
|
|
|
|
|
|
|
| |
ReleaseNotes: https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
MFH: 2025Q3
Security: 3dcc0812-4da5-11f0-afcc-f02f7432cf97
Security: 6c6c1507-4da5-11f0-afcc-f02f7432cf97
|
|
|
|
|
|
|
| |
ReleaseNotes: https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
MFH: 2025Q3
Security: 3dcc0812-4da5-11f0-afcc-f02f7432cf97
Security: 6c6c1507-4da5-11f0-afcc-f02f7432cf97
|
| |
|
|
|
|
|
|
|
| |
Changelog: https://github.com/hockeypuck/hockeypuck/releases/tag/2.2.4
PR: 288079
Approved by: me@svmhdvn.name (maintainer)
|
| |
|
|
|
|
| |
Changes: https://github.com/aquasecurity/trivy/releases/tag/v0.64.1
|
|
|
|
| |
FreeBSD-SA-25:06.xz affects FreeBSD 13.5 and FreeBSD 14.2
|
|
|
|
|
|
|
| |
Build depends should be executables or shared libraries, not include
files.
Reported by: Gleb Popov
|
|
|
|
|
|
|
|
| |
Apparently the pprof has been provided by the devel/pprof port for
quite awhile. Since PERFTOOLS is off by default this wasn't noticed
until reported by Andrea Venturoli.
Reported by: Andrea Venturoli
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelogs:
https://github.com/adrienverge/openfortivpn/blob/v1.23.1/CHANGELOG.md
Improve port:
- repalace PORTVERSION with DISTVERSION
- fix warnings from portclippy
- install config.sample: prevent rewrites user's config during every update
- remove useless config.template
PR: 287912
Co-authored-by: Ben Hutton <ben@benhutton.com.au>
MFH: 2025Q3
|
| |
|
|
|
|
|
| |
ChangeLog:
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.6
|
|
|
|
|
|
|
|
|
| |
We need to include bsd.port.pre.mk before declaring
PYDISTUTILS_INSTALLARGS to preserve any pre-set values. We will then
include bsd.port.post.mk afterward.
PR: 287992
Reported by: milios@ccsys.com
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use --only-use-pwn-command to prevent installing 'main', 'version',
'errno', etc., reducing $PATH clutter and namespace pollution.
Upstream plans to remove most generic scripts in 5.0.0, which should
further reduce spurious entitlement claims on the system PATH, unlike
the reporter’s ex-wife.
Upstream issue:
https://github.com/Gallopsled/pwntools/issues/2589
PR: 287992
Reported by: milios@ccsys.com
|
|
|
|
|
|
|
|
|
|
|
|
| |
* CVE-2025-6425
* CVE-2025-6427
* CVE-2025-6429
* CVE-2025-6430
* CVE-2025-6432
* CVE-2025-6433
* CVE-2025-6434
* CVE-2025-6435
* CVE-2025-6436
|