diff options
Diffstat (limited to 'security')
288 files changed, 2461 insertions, 1231 deletions
diff --git a/security/2fa/Makefile b/security/2fa/Makefile index 49626ceb3c0b..48602f14288e 100644 --- a/security/2fa/Makefile +++ b/security/2fa/Makefile @@ -1,7 +1,7 @@ PORTNAME= 2fa DISTVERSIONPREFIX= v DISTVERSION= 1.2.0 -PORTREVISION= 30 +PORTREVISION= 32 CATEGORIES= security MAINTAINER= mauroeldritch@gmail.com diff --git a/security/Makefile b/security/Makefile index c49e8676f481..c347eb87fbe9 100644 --- a/security/Makefile +++ b/security/Makefile @@ -234,7 +234,6 @@ SUBDIR += hyperhotp SUBDIR += i2pd SUBDIR += iaikpkcs11wrapper - SUBDIR += iddawc SUBDIR += idea SUBDIR += identify SUBDIR += imds-filterd @@ -953,6 +952,7 @@ SUBDIR += py-google-auth SUBDIR += py-google-auth-httplib2 SUBDIR += py-google-auth-oauthlib + SUBDIR += py-google-cloud-kms SUBDIR += py-gpg SUBDIR += py-gpsoauth SUBDIR += py-greenbone-feed-sync @@ -1199,6 +1199,7 @@ SUBDIR += rubygem-omniauth-cas SUBDIR += rubygem-omniauth-dingtalk-oauth2 SUBDIR += rubygem-omniauth-gitlab + SUBDIR += rubygem-omniauth-gl SUBDIR += rubygem-omniauth-jwt SUBDIR += rubygem-omniauth-multipassword SUBDIR += rubygem-omniauth-multipassword2 @@ -1210,6 +1211,7 @@ SUBDIR += rubygem-omniauth-saml1 SUBDIR += rubygem-omniauth-shibboleth SUBDIR += rubygem-omniauth-shibboleth-redux + SUBDIR += rubygem-omniauth-shibboleth-redux-gitlab SUBDIR += rubygem-omniauth1 SUBDIR += rubygem-openssl SUBDIR += rubygem-openssl-ccm diff --git a/security/acmetool/Makefile b/security/acmetool/Makefile index 01022633705a..ea4436b4bf44 100644 --- a/security/acmetool/Makefile +++ b/security/acmetool/Makefile @@ -1,7 +1,7 @@ PORTNAME= acmetool DISTVERSIONPREFIX= v DISTVERSION= 0.2.2 -PORTREVISION= 20 +PORTREVISION= 22 CATEGORIES= security MAINTAINER= samm@FreeBSD.org diff --git a/security/afl++/Makefile b/security/afl++/Makefile index 1a90d83b36a6..7b5377a26750 100644 --- a/security/afl++/Makefile +++ b/security/afl++/Makefile @@ -1,6 +1,6 @@ PORTNAME= afl DISTVERSIONPREFIX= v -DISTVERSION= 4.33c +DISTVERSION= 4.34c CATEGORIES= security PKGNAMESUFFIX= ++-${FLAVOR} @@ -13,7 +13,6 @@ LICENSE_FILE= ${WRKSRC}/docs/COPYING ONLY_FOR_ARCHS= aarch64 amd64 i386 powerpc powerpc64 powerpc64le riscv64 ONLY_FOR_ARCHS_REASON= uses x86-only instrumentation or requires complete LLVM support -BROKEN_FreeBSD_13= fails to build, error: unknown type name 'mode_t' BUILD_DEPENDS= ginstall:sysutils/coreutils @@ -35,6 +34,7 @@ SHEBANG_FILES= afl-cmin.py afl-persistent-config MAKEFILE= GNUmakefile MAKE_ARGS= AFL_NO_X86=1 AFL_NO_TEST_BUILD=1 \ + NO_FRIDA=1 NO_UNICORN=1 NO_QEMU=1 \ PREFIX="${PREFIX}/${PKGBASE}" .if ${FLAVOR} == llvm CFLAGS_riscv64= -mno-relax diff --git a/security/afl++/distinfo b/security/afl++/distinfo index 871fd6e76ebe..c5f257fe07e5 100644 --- a/security/afl++/distinfo +++ b/security/afl++/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751370940 -SHA256 (AFLplusplus-AFLplusplus-v4.33c_GH0.tar.gz) = 98903c8036282c8908b1d8cc0d60caf3ea259db4339503a76449b47acce58d1d -SIZE (AFLplusplus-AFLplusplus-v4.33c_GH0.tar.gz) = 3058802 +TIMESTAMP = 1759308044 +SHA256 (AFLplusplus-AFLplusplus-v4.34c_GH0.tar.gz) = b500b3d8012757ba6f3435814f7f36a474a1b722efce464216c87af0c515888c +SIZE (AFLplusplus-AFLplusplus-v4.34c_GH0.tar.gz) = 3100867 diff --git a/security/afl++/files/patch-GNUmakefile.llvm b/security/afl++/files/patch-GNUmakefile.llvm deleted file mode 100644 index 8642167f99eb..000000000000 --- a/security/afl++/files/patch-GNUmakefile.llvm +++ /dev/null @@ -1,20 +0,0 @@ ---- GNUmakefile.llvm.orig 2025-06-28 20:29:37 UTC -+++ GNUmakefile.llvm -@@ -554,6 +554,9 @@ test_build: $(PROGS) - - .PHONY: test_build - test_build: $(PROGS) -+ifdef AFL_NO_TEST_BUILD -+ @echo "[*] Not testing the CC wrapper and instrumentation output (AFL_NO_TEST_BUILD set)." -+else - @echo "[*] Testing the CC wrapper and instrumentation output..." - unset AFL_USE_ASAN AFL_USE_MSAN AFL_INST_RATIO AFL_LLVM_ALLOWLIST AFL_LLVM_DENYLIST; ASAN_OPTIONS=detect_leaks=0 AFL_QUIET=1 AFL_PATH=. AFL_LLVM_LAF_ALL=1 ./afl-cc $(CFLAGS) $(CPPFLAGS) ./test-instr.c -o test-instr $(LDFLAGS) - ifdef IS_IOS -@@ -564,6 +567,7 @@ endif - @rm -f test-instr - @cmp -s .test-instr0 .test-instr1; DR="$$?"; rm -f .test-instr0 .test-instr1; if [ "$$DR" = "0" ]; then echo; echo "Oops, the instrumentation does not seem to be behaving correctly!"; echo; echo "Please post to https://github.com/AFLplusplus/AFLplusplus/issues to troubleshoot the issue."; echo; exit 1; fi - @echo "[+] All right, the instrumentation seems to be working!" -+endif - - .PHONY: all_done - all_done: test_build diff --git a/security/afl++/files/patch-include_forkserver.h b/security/afl++/files/patch-include_forkserver.h deleted file mode 100644 index d47f462f9bd0..000000000000 --- a/security/afl++/files/patch-include_forkserver.h +++ /dev/null @@ -1,11 +0,0 @@ ---- include/forkserver.h.orig 2025-06-28 20:29:37 UTC -+++ include/forkserver.h -@@ -30,6 +30,8 @@ - - #include <stdio.h> - #include <stdbool.h> -+#include <string.h> -+#include <unistd.h> - - #include "types.h" - diff --git a/security/age/Makefile b/security/age/Makefile index c5571bb026f8..ff7a14b78333 100644 --- a/security/age/Makefile +++ b/security/age/Makefile @@ -1,7 +1,7 @@ PORTNAME= age DISTVERSIONPREFIX= v DISTVERSION= 1.2.1 -PORTREVISION= 7 +PORTREVISION= 9 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/assh/Makefile b/security/assh/Makefile index a9d3e0166031..394cf9c86441 100644 --- a/security/assh/Makefile +++ b/security/assh/Makefile @@ -1,7 +1,7 @@ PORTNAME= assh DISTVERSIONPREFIX= v DISTVERSION= 2.15.0 -PORTREVISION= 24 +PORTREVISION= 26 CATEGORIES= security MAINTAINER= ashish@FreeBSD.org diff --git a/security/aws-c-cal/Makefile b/security/aws-c-cal/Makefile index c20c47ed86bb..f018701e5d62 100644 --- a/security/aws-c-cal/Makefile +++ b/security/aws-c-cal/Makefile @@ -1,6 +1,6 @@ PORTNAME= aws-c-cal DISTVERSIONPREFIX= v -DISTVERSION= 0.9.3 +DISTVERSION= 0.9.4 CATEGORIES= security MAINTAINER= eduardo@FreeBSD.org diff --git a/security/aws-c-cal/distinfo b/security/aws-c-cal/distinfo index c3fa370d9411..e8b721263ad6 100644 --- a/security/aws-c-cal/distinfo +++ b/security/aws-c-cal/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1758220673 -SHA256 (awslabs-aws-c-cal-v0.9.3_GH0.tar.gz) = 7033e3efecbb1f6eddd0f549bb071b166e1aaca5f8fb4b215d0d0de5cb2e9496 -SIZE (awslabs-aws-c-cal-v0.9.3_GH0.tar.gz) = 1686833 +TIMESTAMP = 1760573923 +SHA256 (awslabs-aws-c-cal-v0.9.4_GH0.tar.gz) = 0c26d3092ecc3b23d41ac411a0c6c8d3f56f38bc1d396e0b40a008db6ae0f63f +SIZE (awslabs-aws-c-cal-v0.9.4_GH0.tar.gz) = 1689214 diff --git a/security/aws-iam-authenticator/Makefile b/security/aws-iam-authenticator/Makefile index 0304ac2f9d6a..26c8d8071bed 100644 --- a/security/aws-iam-authenticator/Makefile +++ b/security/aws-iam-authenticator/Makefile @@ -1,5 +1,5 @@ PORTNAME= aws-iam-authenticator -PORTVERSION= 0.7.7 +PORTVERSION= 0.7.8 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/aws-iam-authenticator/distinfo b/security/aws-iam-authenticator/distinfo index ec330c2dfe00..30287a3b4b50 100644 --- a/security/aws-iam-authenticator/distinfo +++ b/security/aws-iam-authenticator/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1757668473 -SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.7/v0.7.7.mod) = 700630d5d1ea0b410a7666d256ade2002fcf24897c5f2eb70dec1a40f3ef55a7 -SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.7/v0.7.7.mod) = 4996 -SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.7/v0.7.7.zip) = 777328ad14c24fe5bab06f377b75178c5a8159e2cbf511adc3c84a8beb25d84e -SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.7/v0.7.7.zip) = 234107 +TIMESTAMP = 1760692813 +SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.8/v0.7.8.mod) = 4163efce19348a71e733d26c118986834ed5afac48be7cec9dfc9c57d094dae3 +SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.8/v0.7.8.mod) = 4788 +SHA256 (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.8/v0.7.8.zip) = 499be04fd4aaec4210863e54e653220138fd9f6b7280b785ac90bbbe40594fe9 +SIZE (go/security_aws-iam-authenticator/aws-iam-authenticator-v0.7.8/v0.7.8.zip) = 233860 diff --git a/security/aws-lc/Makefile b/security/aws-lc/Makefile index f9ffe2737b4f..c185291aed80 100644 --- a/security/aws-lc/Makefile +++ b/security/aws-lc/Makefile @@ -1,5 +1,5 @@ PORTNAME= aws-lc -PORTVERSION= 1.61.0 +PORTVERSION= 1.61.4 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/aws-lc/distinfo b/security/aws-lc/distinfo index 22aea2964882..603f5a0c62c4 100644 --- a/security/aws-lc/distinfo +++ b/security/aws-lc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1759324018 -SHA256 (aws-aws-lc-v1.61.0_GH0.tar.gz) = c5c6cc7dea4c08300fb139272eb6fcc259918dab37587db8b6631c75830dbc0c -SIZE (aws-aws-lc-v1.61.0_GH0.tar.gz) = 127480894 +TIMESTAMP = 1759816568 +SHA256 (aws-aws-lc-v1.61.4_GH0.tar.gz) = 443b62dbb51bb4ce1ce16150fa555da4182e3ba4c928f57f74eb07097138893c +SIZE (aws-aws-lc-v1.61.4_GH0.tar.gz) = 127438620 diff --git a/security/aws-vault/Makefile b/security/aws-vault/Makefile index 44951aa51216..1329f09f3035 100644 --- a/security/aws-vault/Makefile +++ b/security/aws-vault/Makefile @@ -1,7 +1,7 @@ PORTNAME= aws-vault DISTVERSIONPREFIX= v DISTVERSION= 6.6.2 -PORTREVISION= 21 +PORTREVISION= 23 CATEGORIES= security MAINTAINER= mauroeldritch@gmail.com diff --git a/security/bitwarden-cli/Makefile b/security/bitwarden-cli/Makefile index f0471f6a1d32..7fd76a3d5def 100644 --- a/security/bitwarden-cli/Makefile +++ b/security/bitwarden-cli/Makefile @@ -1,6 +1,6 @@ PORTNAME= bitwarden-cli DISTVERSIONPREFIX= cli-v -DISTVERSION= 2025.9.0 +DISTVERSION= 2025.10.0 CATEGORIES= security MASTER_SITES= https://nodejs.org/dist/v${PKG_NODE_VER}/:node DISTFILES= node-v${PKG_NODE_VER}${EXTRACT_SUFX}:node \ @@ -81,7 +81,36 @@ pre-fetch: ${FIND} ${WRKDIR}/node-modules-cache -type d -exec ${CHMOD} 755 {} ';'; \ for dir in `${FIND} -s ${WRKDIR}/node-modules-cache -type d -name node_modules -print | \ ${GREP} -ve 'node_modules/.*/node_modules'`; do \ - ${MTREE_CMD} -cbnSp $${dir} | ${MTREE_CMD} -C | ${SED} \ + ${MTREE_CMD} -cbnSp $${dir} | ${MTREE_CMD} -C | \ + ${AWK} ' \ + function oct2dec(octstr, i, c, val) { \ + val = 0; \ + for (i = 1; i <= length(octstr); i++) { \ + c = substr(octstr, i, 1); \ + if (c < "0" || c > "7") { \ + break; \ + } \ + val = val * 8 + (c - "0"); \ + } \ + return val; \ + } \ + { \ + if (match($$0, /mode=[0-7]+/)) { \ + mode_str = substr($$0, RSTART+5, RLENGTH-5); \ + mode = oct2dec(mode_str); \ + exec_bits = 73; \ + special_bits = 3584; \ + special = and(mode, special_bits); \ + if (and(mode, exec_bits) != 0) { \ + newmode = or(special, 493); \ + } else { \ + newmode = or(special, 420); \ + } \ + sub(/mode=[0-7]+/, "mode=" sprintf("%04o", newmode)); \ + } \ + print; \ + }' | \ + ${SED} \ -e 's:time=[0-9.]*:time=${PREFETCH_TIMESTAMP}.000000000:' \ -e 's:\([gu]id\)=[0-9]*:\1=0:g' \ -e 's:flags=.*:flags=none:' \ @@ -101,7 +130,7 @@ post-extract: post-patch: # apply FreeBSD patches for node - @${BSDMAKE} PATCHDIR=${FILESDIR}/node \ + @${BSDMAKE} PATCHDIR=${PATCHDIR}/node \ WRKSRC=${WRKDIR}/node-v${PKG_NODE_VER} do-patch # apply node patch from pkg-fetch @${PATCH} -s -p1 -d ${WRKDIR}/node-v${PKG_NODE_VER} < \ diff --git a/security/bitwarden-cli/distinfo b/security/bitwarden-cli/distinfo index 9e8e1ae6ad20..58fed7bf314a 100644 --- a/security/bitwarden-cli/distinfo +++ b/security/bitwarden-cli/distinfo @@ -1,7 +1,7 @@ -TIMESTAMP = 1758610163 +TIMESTAMP = 1760949423 SHA256 (node-v22.15.1.tar.gz) = 38aea029f8818f7783f273fbc70dcf930f9ef54bdd49c5f90c0152caec7a57be SIZE (node-v22.15.1.tar.gz) = 100310295 -SHA256 (bitwarden-cli-2025.9.0-node-modules.tar.gz) = dd995f5b9fa758b4e76c7b51ce7a29bbebab1cb6be3d1ff83a659369d925e075 -SIZE (bitwarden-cli-2025.9.0-node-modules.tar.gz) = 267011903 -SHA256 (bitwarden-clients-cli-v2025.9.0_GH0.tar.gz) = 4a970c053035550fb5b44fedfbf45dce490f873bc0a397540597a5bc49af022e -SIZE (bitwarden-clients-cli-v2025.9.0_GH0.tar.gz) = 26819052 +SHA256 (bitwarden-cli-2025.10.0-node-modules.tar.gz) = 94b46790681dd3506479d9f650135e31220b64dec0ec7ada0e56f63de8b56766 +SIZE (bitwarden-cli-2025.10.0-node-modules.tar.gz) = 267045345 +SHA256 (bitwarden-clients-cli-v2025.10.0_GH0.tar.gz) = e9f5b989e3403525c08ef0d295e7a315de2e5f05121e67b0352fed21417277df +SIZE (bitwarden-clients-cli-v2025.10.0_GH0.tar.gz) = 28302200 diff --git a/security/bitwarden-cli/files/packagejsons/apps/browser/package.json b/security/bitwarden-cli/files/packagejsons/apps/browser/package.json index 24a53f43f66c..402a00fee31a 100644 --- a/security/bitwarden-cli/files/packagejsons/apps/browser/package.json +++ b/security/bitwarden-cli/files/packagejsons/apps/browser/package.json @@ -1,6 +1,6 @@ { "name": "@bitwarden/browser", - "version": "2025.9.0", + "version": "2025.10.0", "scripts": { "build": "npm run build:chrome", "build:bit": "npm run build:bit:chrome", diff --git a/security/bitwarden-cli/files/packagejsons/apps/cli/package.json b/security/bitwarden-cli/files/packagejsons/apps/cli/package.json index e5dbd66ab128..02db5317a26b 100644 --- a/security/bitwarden-cli/files/packagejsons/apps/cli/package.json +++ b/security/bitwarden-cli/files/packagejsons/apps/cli/package.json @@ -1,7 +1,7 @@ { "name": "@bitwarden/cli", "description": "A secure and free password manager for all of your devices.", - "version": "2025.9.0", + "version": "2025.10.0", "keywords": [ "bitwarden", "password", @@ -64,11 +64,11 @@ }, "dependencies": { "@koa/multer": "4.0.0", - "@koa/router": "13.1.0", + "@koa/router": "14.0.0", "big-integer": "1.6.52", "browser-hrtime": "1.1.8", "chalk": "4.1.2", - "commander": "11.1.0", + "commander": "14.0.0", "core-js": "3.45.0", "form-data": "4.0.4", "https-proxy-agent": "7.0.6", @@ -80,7 +80,7 @@ "koa-json": "2.0.2", "lowdb": "1.0.0", "lunr": "2.3.9", - "multer": "1.4.5-lts.2", + "multer": "2.0.2", "node-fetch": "2.6.12", "node-forge": "1.3.1", "open": "10.1.2", diff --git a/security/bitwarden-cli/files/packagejsons/apps/desktop/package.json b/security/bitwarden-cli/files/packagejsons/apps/desktop/package.json index dd5fb85b4da7..cb997273f1e8 100644 --- a/security/bitwarden-cli/files/packagejsons/apps/desktop/package.json +++ b/security/bitwarden-cli/files/packagejsons/apps/desktop/package.json @@ -1,7 +1,7 @@ { "name": "@bitwarden/desktop", "description": "A secure and free password manager for all of your devices.", - "version": "2025.9.0", + "version": "2025.10.0", "keywords": [ "bitwarden", "password", diff --git a/security/bitwarden-cli/files/packagejsons/apps/web/package.json b/security/bitwarden-cli/files/packagejsons/apps/web/package.json index 551eb1c5e86c..5690ce77dec9 100644 --- a/security/bitwarden-cli/files/packagejsons/apps/web/package.json +++ b/security/bitwarden-cli/files/packagejsons/apps/web/package.json @@ -1,6 +1,6 @@ { "name": "@bitwarden/web-vault", - "version": "2025.9.0", + "version": "2025.10.0", "scripts": { "build:oss": "webpack", "build:bit": "webpack -c ../../bitwarden_license/bit-web/webpack.config.js", @@ -18,6 +18,7 @@ "build:bit:selfhost:watch": "cross-env ENV=selfhosted npm run build:bit:watch", "build:oss:selfhost:prod": "cross-env ENV=selfhosted NODE_ENV=production npm run build:oss", "build:bit:selfhost:prod": "cross-env ENV=selfhosted NODE_ENV=production npm run build:bit", + "build:bit:selfhost:dev": "cross-env ENV=selfhosted NODE_ENV=production npm run build:bit", "build:bit:ee": "cross-env NODE_ENV=production ENV=ee npm run build:bit", "clean:l10n": "git push origin --delete l10n_master", "dist:bit:cloud": "npm run build:bit:cloud", diff --git a/security/bitwarden-cli/files/packagejsons/libs/admin-console/package.json b/security/bitwarden-cli/files/packagejsons/libs/admin-console/package.json index c319beb8f4cc..5e934006d0db 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/admin-console/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/admin-console/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/angular/package.json b/security/bitwarden-cli/files/packagejsons/libs/angular/package.json index 322c8c826a2f..0b9111f88fbd 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/angular/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/angular/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/assets/package.json b/security/bitwarden-cli/files/packagejsons/libs/assets/package.json index cc5935833bf9..c46c2a4e954a 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/assets/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/assets/package.json @@ -4,8 +4,8 @@ "description": "Assets used in Bitwarden clients", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "ui-foundation", "scripts": { diff --git a/security/bitwarden-cli/files/packagejsons/libs/auth/package.json b/security/bitwarden-cli/files/packagejsons/libs/auth/package.json index 52c1be63f817..cab83bd3b8dc 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/auth/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/auth/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/billing/package.json b/security/bitwarden-cli/files/packagejsons/libs/billing/package.json index 8858cfaa2669..3afd267cc231 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/billing/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/billing/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest --passWithNoTests" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/client-type/package.json b/security/bitwarden-cli/files/packagejsons/libs/client-type/package.json index 1db72603bf9f..9a18cf281818 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/client-type/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/client-type/package.json @@ -4,8 +4,8 @@ "description": "Exports the ClientType enum", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "platform" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/core-test-utils/package.json b/security/bitwarden-cli/files/packagejsons/libs/core-test-utils/package.json index acb2edc8eb5a..dd9e54e6548e 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/core-test-utils/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/core-test-utils/package.json @@ -4,8 +4,8 @@ "description": "Async test tools for state and clients", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "platform" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/dirt/card/package.json b/security/bitwarden-cli/files/packagejsons/libs/dirt/card/package.json index cf613ead7af6..d6fc1841888e 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/dirt/card/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/dirt/card/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest --passWithNoTests" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/guid/package.json b/security/bitwarden-cli/files/packagejsons/libs/guid/package.json index 9f7af0667a35..4461add637f5 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/guid/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/guid/package.json @@ -4,8 +4,8 @@ "description": "Guid utilities extracted from common", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "platform" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/importer/package.json b/security/bitwarden-cli/files/packagejsons/libs/importer/package.json index eb2588b6340e..2c85c78cb666 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/importer/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/importer/package.json @@ -13,6 +13,7 @@ }, "license": "GPL-3.0", "scripts": { + "test": "jest", "clean": "rimraf dist", "build": "npm run clean && tsc", "build:watch": "npm run clean && tsc -watch" diff --git a/security/bitwarden-cli/files/packagejsons/libs/logging/package.json b/security/bitwarden-cli/files/packagejsons/libs/logging/package.json index b9cfbe35eb0f..2b1d529af334 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/logging/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/logging/package.json @@ -4,8 +4,8 @@ "description": "Logging primitives", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "platform" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/messaging-internal/package.json b/security/bitwarden-cli/files/packagejsons/libs/messaging-internal/package.json deleted file mode 100644 index 7a0a13d2d673..000000000000 --- a/security/bitwarden-cli/files/packagejsons/libs/messaging-internal/package.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "name": "@bitwarden/messaging-internal", - "version": "0.0.1", - "description": "Internal details to accompany @bitwarden/messaging this library should not be consumed in non-platform code.", - "private": true, - "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", - "license": "GPL-3.0", - "author": "platform" -} diff --git a/security/bitwarden-cli/files/packagejsons/libs/messaging/package.json b/security/bitwarden-cli/files/packagejsons/libs/messaging/package.json index 01c8d7cb0e7a..7f83f0170c80 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/messaging/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/messaging/package.json @@ -4,8 +4,8 @@ "description": "Services for sending and recieving messages from different contexts of the same application.", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "platform" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/node/package.json b/security/bitwarden-cli/files/packagejsons/libs/node/package.json index 823913c997d3..6a375a2a5ad8 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/node/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/node/package.json @@ -13,6 +13,7 @@ }, "license": "GPL-3.0", "scripts": { + "test": "jest", "clean": "rimraf dist", "build": "npm run clean && tsc", "build:watch": "npm run clean && tsc -watch" diff --git a/security/bitwarden-cli/files/packagejsons/libs/nx-plugin/package.json b/security/bitwarden-cli/files/packagejsons/libs/nx-plugin/package.json index 8a3bdebf9ac5..8d132bad96b6 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/nx-plugin/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/nx-plugin/package.json @@ -4,8 +4,8 @@ "description": "Custom Nx tools like generators and executors for Bitwarden projects", "private": true, "type": "commonjs", - "main": "./src/index.js", - "types": "./src/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "Platform", "generators": "./generators.json" diff --git a/security/bitwarden-cli/files/packagejsons/libs/platform/package.json b/security/bitwarden-cli/files/packagejsons/libs/platform/package.json index 093019b446d9..b063def1a9b3 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/platform/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/platform/package.json @@ -13,6 +13,7 @@ }, "license": "GPL-3.0", "scripts": { + "test": "jest", "clean": "rimraf dist", "build": "npm run clean && tsc", "build:watch": "npm run clean && tsc -watch" diff --git a/security/bitwarden-cli/files/packagejsons/libs/serialization/package.json b/security/bitwarden-cli/files/packagejsons/libs/serialization/package.json index d582d28ac236..09d1e05e19d8 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/serialization/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/serialization/package.json @@ -4,8 +4,8 @@ "description": "Core serialization utilities", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "platform" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/state-internal/package.json b/security/bitwarden-cli/files/packagejsons/libs/state-internal/package.json index 2a6252205987..b8634a672f37 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/state-internal/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/state-internal/package.json @@ -4,8 +4,8 @@ "description": "The internal parts of @bitwarden/state that should not be used by other teams.", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "platform" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/state-test-utils/package.json b/security/bitwarden-cli/files/packagejsons/libs/state-test-utils/package.json index 9fd9aa64e5f1..f4c2fb45a19c 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/state-test-utils/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/state-test-utils/package.json @@ -4,8 +4,8 @@ "description": "Test utilities and fakes for state management", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "platform" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/state/package.json b/security/bitwarden-cli/files/packagejsons/libs/state/package.json index 2c25647e4e35..62805f6a084b 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/state/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/state/package.json @@ -4,8 +4,8 @@ "description": "Centralized application state management", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "platform" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/storage-core/package.json b/security/bitwarden-cli/files/packagejsons/libs/storage-core/package.json index 7b18e4dcb5f4..4f566ef2056b 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/storage-core/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/storage-core/package.json @@ -4,8 +4,8 @@ "description": "Abstractions over storage APIs", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "platform" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/storage-test-utils/package.json b/security/bitwarden-cli/files/packagejsons/libs/storage-test-utils/package.json index 22d83f2334ed..6fcca07803d0 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/storage-test-utils/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/storage-test-utils/package.json @@ -4,8 +4,8 @@ "description": "Test tools for the storage library", "private": true, "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "platform" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/tools/export/vault-export/vault-export-core/package.json b/security/bitwarden-cli/files/packagejsons/libs/tools/export/vault-export/vault-export-core/package.json index c7fcd26d8847..887f64a2f0c5 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/tools/export/vault-export/vault-export-core/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/tools/export/vault-export/vault-export-core/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/tools/export/vault-export/vault-export-ui/package.json b/security/bitwarden-cli/files/packagejsons/libs/tools/export/vault-export/vault-export-ui/package.json index 4dc5e3251241..2a2d2dc599d8 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/tools/export/vault-export/vault-export-ui/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/tools/export/vault-export/vault-export-ui/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest --passWithNoTests" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/tools/generator/components/package.json b/security/bitwarden-cli/files/packagejsons/libs/tools/generator/components/package.json index be4bbbe4ae89..4e6ddd39df7e 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/tools/generator/components/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/tools/generator/components/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest --passWithNoTests" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/tools/generator/core/package.json b/security/bitwarden-cli/files/packagejsons/libs/tools/generator/core/package.json index 23ef352f9a61..00adf1c7e521 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/tools/generator/core/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/tools/generator/core/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/history/package.json b/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/history/package.json index 5941d675536e..2e61910941a3 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/history/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/history/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/legacy/package.json b/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/legacy/package.json index 151f48d5aba1..eaf07d0e3ed1 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/legacy/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/legacy/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/navigation/package.json b/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/navigation/package.json index 61b6d2b8da3f..96b1eb3c3bba 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/navigation/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/tools/generator/extensions/navigation/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/tools/send/send-ui/package.json b/security/bitwarden-cli/files/packagejsons/libs/tools/send/send-ui/package.json index 98f7e0ca27e8..1bfdf87da104 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/tools/send/send-ui/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/tools/send/send-ui/package.json @@ -15,6 +15,7 @@ "scripts": { "clean": "rimraf dist", "build": "npm run clean && tsc", - "build:watch": "npm run clean && tsc -watch" + "build:watch": "npm run clean && tsc -watch", + "test": "jest" } } diff --git a/security/bitwarden-cli/files/packagejsons/libs/ui/common/package.json b/security/bitwarden-cli/files/packagejsons/libs/ui/common/package.json index 4ea0f8aed771..0cc6d4b153f3 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/ui/common/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/ui/common/package.json @@ -12,6 +12,11 @@ "url": "https://github.com/bitwarden/clients" }, "license": "GPL-3.0", + "scripts": { + "clean": "rimraf dist", + "build": "npm run clean && tsc", + "build:watch": "npm run clean && tsc -watch" + }, "exports": { ".": { "import": "./src/index.ts" diff --git a/security/bitwarden-cli/files/packagejsons/libs/user-core/package.json b/security/bitwarden-cli/files/packagejsons/libs/user-core/package.json index 2251d2ceace7..b32afd6d8f9a 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/user-core/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/user-core/package.json @@ -3,8 +3,8 @@ "version": "0.0.0", "description": "The very basic concept that constitutes a user, this needs to be very low level to facilitate Platform keeping their own code low level.", "type": "commonjs", - "main": "dist/index.js", - "types": "dist/index.d.ts", + "main": "index.js", + "types": "index.d.ts", "license": "GPL-3.0", "author": "auth" } diff --git a/security/bitwarden-cli/files/packagejsons/libs/vault/package.json b/security/bitwarden-cli/files/packagejsons/libs/vault/package.json index 48822f93a40f..3d0653205201 100644 --- a/security/bitwarden-cli/files/packagejsons/libs/vault/package.json +++ b/security/bitwarden-cli/files/packagejsons/libs/vault/package.json @@ -13,6 +13,7 @@ }, "license": "GPL-3.0", "scripts": { + "test": "jest", "clean": "rimraf dist", "build": "npm run clean && tsc", "build:watch": "npm run clean && tsc -watch" diff --git a/security/bitwarden-cli/files/packagejsons/package-lock.json b/security/bitwarden-cli/files/packagejsons/package-lock.json index 1b4fe5f40e30..71196389be2a 100644 --- a/security/bitwarden-cli/files/packagejsons/package-lock.json +++ b/security/bitwarden-cli/files/packagejsons/package-lock.json @@ -23,11 +23,11 @@ "@angular/platform-browser": "19.2.14", "@angular/platform-browser-dynamic": "19.2.14", "@angular/router": "19.2.14", - "@bitwarden/sdk-internal": "0.2.0-main.266", + "@bitwarden/sdk-internal": "0.2.0-main.311", "@electron/fuses": "1.8.0", "@emotion/css": "11.13.5", "@koa/multer": "4.0.0", - "@koa/router": "13.1.0", + "@koa/router": "14.0.0", "@microsoft/signalr": "8.0.7", "@microsoft/signalr-protocol-msgpack": "8.0.7", "@ng-select/ng-select": "14.9.0", @@ -40,7 +40,7 @@ "buffer": "6.0.3", "bufferutil": "4.0.9", "chalk": "4.1.2", - "commander": "11.1.0", + "commander": "14.0.0", "core-js": "3.45.0", "form-data": "4.0.4", "https-proxy-agent": "7.0.6", @@ -53,7 +53,7 @@ "lit": "3.3.0", "lowdb": "1.0.0", "lunr": "2.3.9", - "multer": "1.4.5-lts.2", + "multer": "2.0.2", "ngx-toastr": "19.0.0", "node-fetch": "2.6.12", "node-forge": "1.3.1", @@ -97,12 +97,12 @@ "@storybook/test-runner": "0.22.0", "@storybook/theming": "8.6.12", "@storybook/web-components-webpack5": "8.6.12", - "@types/chrome": "0.0.306", + "@types/chrome": "0.1.12", "@types/firefox-webext-browser": "120.0.4", "@types/inquirer": "8.2.10", "@types/jest": "29.5.14", "@types/jsdom": "21.1.7", - "@types/koa": "2.15.0", + "@types/koa": "3.0.0", "@types/koa__multer": "2.0.7", "@types/koa__router": "12.0.4", "@types/koa-bodyparser": "4.3.7", @@ -131,7 +131,7 @@ "copy-webpack-plugin": "13.0.0", "cross-env": "10.0.0", "css-loader": "7.1.2", - "electron": "36.8.1", + "electron": "36.9.3", "electron-builder": "26.0.12", "electron-log": "5.4.0", "electron-reload": "2.0.0-alpha.1", @@ -191,19 +191,19 @@ }, "apps/browser": { "name": "@bitwarden/browser", - "version": "2025.9.0" + "version": "2025.10.0" }, "apps/cli": { "name": "@bitwarden/cli", - "version": "2025.9.0", + "version": "2025.10.0", "license": "SEE LICENSE IN LICENSE.txt", "dependencies": { "@koa/multer": "4.0.0", - "@koa/router": "13.1.0", + "@koa/router": "14.0.0", "big-integer": "1.6.52", "browser-hrtime": "1.1.8", "chalk": "4.1.2", - "commander": "11.1.0", + "commander": "14.0.0", "core-js": "3.45.0", "form-data": "4.0.4", "https-proxy-agent": "7.0.6", @@ -215,7 +215,7 @@ "koa-json": "2.0.2", "lowdb": "1.0.0", "lunr": "2.3.9", - "multer": "1.4.5-lts.2", + "multer": "2.0.2", "node-fetch": "2.6.12", "node-forge": "1.3.1", "open": "10.1.2", @@ -277,7 +277,7 @@ }, "apps/desktop": { "name": "@bitwarden/desktop", - "version": "2025.9.0", + "version": "2025.10.0", "hasInstallScript": true, "license": "GPL-3.0" }, @@ -291,7 +291,7 @@ }, "apps/web": { "name": "@bitwarden/web-vault", - "version": "2025.9.0" + "version": "2025.10.0" }, "libs/admin-console": { "name": "@bitwarden/admin-console", @@ -375,6 +375,7 @@ "libs/messaging-internal": { "name": "@bitwarden/messaging-internal", "version": "0.0.1", + "extraneous": true, "license": "GPL-3.0" }, "libs/node": { @@ -4670,10 +4671,6 @@ "resolved": "libs/messaging", "link": true }, - "node_modules/@bitwarden/messaging-internal": { - "resolved": "libs/messaging-internal", - "link": true - }, "node_modules/@bitwarden/node": { "resolved": "libs/node", "link": true @@ -4691,9 +4688,9 @@ "link": true }, "node_modules/@bitwarden/sdk-internal": { - "version": "0.2.0-main.266", - "resolved": "https://registry.npmjs.org/@bitwarden/sdk-internal/-/sdk-internal-0.2.0-main.266.tgz", - "integrity": "sha512-2Axa1D9AEkax2ssqahZYHVkk2RdguzLV2bJ6j99AZhh4qjGIYtDvmc5gDh7zhuw7Ig7H3mNpKwCZ/eJgadyH6g==", + "version": "0.2.0-main.311", + "resolved": "https://registry.npmjs.org/@bitwarden/sdk-internal/-/sdk-internal-0.2.0-main.311.tgz", + "integrity": "sha512-zJdQykNMFOyivpNaCB9jc85wZ1ci2HM8/E4hI+yS7FgRm0sRigK5rieF3+xRjiq7pEsZSD8AucR+u/XK9ADXiw==", "license": "GPL-3.0", "dependencies": { "type-fest": "^4.41.0" @@ -8013,17 +8010,18 @@ } }, "node_modules/@koa/router": { - "version": "13.1.0", - "resolved": "https://registry.npmjs.org/@koa/router/-/router-13.1.0.tgz", - "integrity": "sha512-mNVu1nvkpSd8Q8gMebGbCkDWJ51ODetrFvLKYusej+V0ByD4btqHYnPIzTBLXnQMVUlm/oxVwqmWBY3zQfZilw==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/@koa/router/-/router-14.0.0.tgz", + "integrity": "sha512-LBSu5K0qAaaQcXX/0WIB9PGDevyCxxpnc1uq13vV/CgObaVxuis5hKl3Eboq/8gcb6ebnkAStW9NB/Em2eYyFA==", "license": "MIT", "dependencies": { + "debug": "^4.4.1", "http-errors": "^2.0.0", "koa-compose": "^4.1.0", - "path-to-regexp": "^6.3.0" + "path-to-regexp": "^8.2.0" }, "engines": { - "node": ">= 18" + "node": ">= 20" } }, "node_modules/@leichtgewicht/ip-codec": { @@ -13379,9 +13377,9 @@ } }, "node_modules/@types/chrome": { - "version": "0.0.306", - "resolved": "https://registry.npmjs.org/@types/chrome/-/chrome-0.0.306.tgz", - "integrity": "sha512-95kgcqvTNcaZCXmx/kIKY6uo83IaRNT3cuPxYqlB2Iu+HzKDCP4t7TUe7KhJijTdibcvn+SzziIcfSLIlgRnhQ==", + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/@types/chrome/-/chrome-0.1.12.tgz", + "integrity": "sha512-jEkxs9GPQHx7g49WjkA8QDNcqODbMGDuBbWQOtjiS/Wf9AiEcDmQMIAgJvC/Xi36WoCVNx584g0Dd9ThJQCAiw==", "dev": true, "license": "MIT", "dependencies": { @@ -13713,9 +13711,9 @@ } }, "node_modules/@types/koa": { - "version": "2.15.0", - "resolved": "https://registry.npmjs.org/@types/koa/-/koa-2.15.0.tgz", - "integrity": "sha512-7QFsywoE5URbuVnG3loe03QXuGajrnotr3gQkXcEBShORai23MePfFYdhz90FEtBBpkyIYQbVD+evKtloCgX3g==", + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/@types/koa/-/koa-3.0.0.tgz", + "integrity": "sha512-MOcVYdVYmkSutVHZZPh8j3+dAjLyR5Tl59CN0eKgpkE1h/LBSmPAsQQuWs+bKu7WtGNn+hKfJH9Gzml+PulmDg==", "dev": true, "license": "MIT", "dependencies": { @@ -13723,7 +13721,7 @@ "@types/content-disposition": "*", "@types/cookies": "*", "@types/http-assert": "*", - "@types/http-errors": "*", + "@types/http-errors": "^2", "@types/keygrip": "*", "@types/koa-compose": "*", "@types/node": "*" @@ -18365,12 +18363,12 @@ } }, "node_modules/commander": { - "version": "11.1.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-11.1.0.tgz", - "integrity": "sha512-yPVavfyCcRhmorC7rWlkHn15b4wDVgVmBA7kV4QVBsF7kv/9TKJAbAXVTxvTnwP8HHKjRCJDClKbciiYS7p0DQ==", + "version": "14.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.0.tgz", + "integrity": "sha512-2uM9rYjPvyq39NwLRqaiLtWHyDC1FvryJDa2ATTVims5YAS4PupsEQsDvP14FqhFr0P49CYDugi59xaxJlTXRA==", "license": "MIT", "engines": { - "node": ">=16" + "node": ">=20" } }, "node_modules/common-path-prefix": { @@ -18473,20 +18471,34 @@ "license": "MIT" }, "node_modules/concat-stream": { - "version": "1.6.2", - "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz", - "integrity": "sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-2.0.0.tgz", + "integrity": "sha512-MWufYdFw53ccGjCA+Ol7XJYpAlW6/prSMzuPOTRnJGcGzuhLn4Scrz7qf6o8bROZ514ltazcIFJZevcfbo0x7A==", "engines": [ - "node >= 0.8" + "node >= 6.0" ], "license": "MIT", "dependencies": { "buffer-from": "^1.0.0", "inherits": "^2.0.3", - "readable-stream": "^2.2.2", + "readable-stream": "^3.0.2", "typedarray": "^0.0.6" } }, + "node_modules/concat-stream/node_modules/readable-stream": { + "version": "3.6.2", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", + "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==", + "license": "MIT", + "dependencies": { + "inherits": "^2.0.3", + "string_decoder": "^1.1.1", + "util-deprecate": "^1.0.1" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/concurrently": { "version": "9.2.0", "resolved": "https://registry.npmjs.org/concurrently/-/concurrently-9.2.0.tgz", @@ -20147,9 +20159,9 @@ } }, "node_modules/electron": { - "version": "36.8.1", - "resolved": "https://registry.npmjs.org/electron/-/electron-36.8.1.tgz", - "integrity": "sha512-honaH58/cyCb9QAzIvD+WXWuNIZ0tW9zfBqMz5wZld/rXB+LCTEDb2B3TAv8+pDmlzPlkPio95RkUe86l6MNjg==", + "version": "36.9.3", + "resolved": "https://registry.npmjs.org/electron/-/electron-36.9.3.tgz", + "integrity": "sha512-eR5yswsA55zVTPDEIA/PSdVNBLOp0q0Wsavgx0S3BmJYOqKoH1gqzS+hggf0/aY5OvUjVNSHiJJA1VsB5aJUug==", "dev": true, "hasInstallScript": true, "license": "MIT", @@ -30081,22 +30093,21 @@ } }, "node_modules/multer": { - "version": "1.4.5-lts.2", - "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz", - "integrity": "sha512-VzGiVigcG9zUAoCNU+xShztrlr1auZOlurXynNvO9GiWD1/mTBbUljOKY+qMeazBqXgRnjzeEgJI/wyjJUHg9A==", - "deprecated": "Multer 1.x is impacted by a number of vulnerabilities, which have been patched in 2.x. You should upgrade to the latest 2.x version.", + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/multer/-/multer-2.0.2.tgz", + "integrity": "sha512-u7f2xaZ/UG8oLXHvtF/oWTRvT44p9ecwBBqTwgJVq0+4BW1g8OW01TyMEGWBHbyMOYVHXslaut7qEQ1meATXgw==", "license": "MIT", "dependencies": { "append-field": "^1.0.0", - "busboy": "^1.0.0", - "concat-stream": "^1.5.2", - "mkdirp": "^0.5.4", + "busboy": "^1.6.0", + "concat-stream": "^2.0.0", + "mkdirp": "^0.5.6", "object-assign": "^4.1.1", - "type-is": "^1.6.4", - "xtend": "^4.0.0" + "type-is": "^1.6.18", + "xtend": "^4.0.2" }, "engines": { - "node": ">= 6.0.0" + "node": ">= 10.16.0" } }, "node_modules/multer/node_modules/media-typer": { @@ -32996,10 +33007,13 @@ } }, "node_modules/path-to-regexp": { - "version": "6.3.0", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.3.0.tgz", - "integrity": "sha512-Yhpw4T9C6hPpgPeA28us07OJeqZ5EzQTkbfwuhsUg0c237RomFoETJgmp2sa3F/41gfLE6G5cqcYwznmeEeOlQ==", - "license": "MIT" + "version": "8.2.0", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.2.0.tgz", + "integrity": "sha512-TdrF7fW9Rphjq4RjrW0Kp2AW0Ahwu9sRGTkS6bvDi0SCwZlEZYmcfDbEsTz8RVk0EHIS/Vd1bv3JhG+1xZuAyQ==", + "license": "MIT", + "engines": { + "node": ">=16" + } }, "node_modules/path-type": { "version": "6.0.0", @@ -35049,15 +35063,6 @@ "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==", "license": "MIT" }, - "node_modules/router/node_modules/path-to-regexp": { - "version": "8.2.0", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.2.0.tgz", - "integrity": "sha512-TdrF7fW9Rphjq4RjrW0Kp2AW0Ahwu9sRGTkS6bvDi0SCwZlEZYmcfDbEsTz8RVk0EHIS/Vd1bv3JhG+1xZuAyQ==", - "license": "MIT", - "engines": { - "node": ">=16" - } - }, "node_modules/rrweb-cssom": { "version": "0.8.0", "resolved": "https://registry.npmjs.org/rrweb-cssom/-/rrweb-cssom-0.8.0.tgz", diff --git a/security/bitwarden-cli/files/packagejsons/package.json b/security/bitwarden-cli/files/packagejsons/package.json index 62ae69a2175a..961a7fd1d6a2 100644 --- a/security/bitwarden-cli/files/packagejsons/package.json +++ b/security/bitwarden-cli/files/packagejsons/package.json @@ -61,12 +61,12 @@ "@storybook/test-runner": "0.22.0", "@storybook/theming": "8.6.12", "@storybook/web-components-webpack5": "8.6.12", - "@types/chrome": "0.0.306", + "@types/chrome": "0.1.12", "@types/firefox-webext-browser": "120.0.4", "@types/inquirer": "8.2.10", "@types/jest": "29.5.14", "@types/jsdom": "21.1.7", - "@types/koa": "2.15.0", + "@types/koa": "3.0.0", "@types/koa__multer": "2.0.7", "@types/koa__router": "12.0.4", "@types/koa-bodyparser": "4.3.7", @@ -95,7 +95,7 @@ "copy-webpack-plugin": "13.0.0", "cross-env": "10.0.0", "css-loader": "7.1.2", - "electron": "36.8.1", + "electron": "36.9.3", "electron-builder": "26.0.12", "electron-log": "5.4.0", "electron-reload": "2.0.0-alpha.1", @@ -158,11 +158,11 @@ "@angular/platform-browser": "19.2.14", "@angular/platform-browser-dynamic": "19.2.14", "@angular/router": "19.2.14", - "@bitwarden/sdk-internal": "0.2.0-main.266", + "@bitwarden/sdk-internal": "0.2.0-main.311", "@electron/fuses": "1.8.0", "@emotion/css": "11.13.5", "@koa/multer": "4.0.0", - "@koa/router": "13.1.0", + "@koa/router": "14.0.0", "@microsoft/signalr": "8.0.7", "@microsoft/signalr-protocol-msgpack": "8.0.7", "@ng-select/ng-select": "14.9.0", @@ -175,7 +175,7 @@ "buffer": "6.0.3", "bufferutil": "4.0.9", "chalk": "4.1.2", - "commander": "11.1.0", + "commander": "14.0.0", "core-js": "3.45.0", "form-data": "4.0.4", "https-proxy-agent": "7.0.6", @@ -188,7 +188,7 @@ "lit": "3.3.0", "lowdb": "1.0.0", "lunr": "2.3.9", - "multer": "1.4.5-lts.2", + "multer": "2.0.2", "ngx-toastr": "19.0.0", "node-fetch": "2.6.12", "node-forge": "1.3.1", diff --git a/security/bitwarden-cli/files/patch-apps_cli_src_platform_services_cli-platform-utils.service.ts b/security/bitwarden-cli/files/patch-apps_cli_src_platform_services_cli-platform-utils.service.ts index 908e64ec7ba8..d5489628220a 100644 --- a/security/bitwarden-cli/files/patch-apps_cli_src_platform_services_cli-platform-utils.service.ts +++ b/security/bitwarden-cli/files/patch-apps_cli_src_platform_services_cli-platform-utils.service.ts @@ -1,4 +1,4 @@ ---- apps/cli/src/platform/services/cli-platform-utils.service.ts.orig 2025-07-01 17:12:33 UTC +--- apps/cli/src/platform/services/cli-platform-utils.service.ts.orig 2025-10-10 16:12:57 UTC +++ apps/cli/src/platform/services/cli-platform-utils.service.ts @@ -28,7 +28,7 @@ export class CliPlatformUtilsService implements Platfo case "darwin": @@ -9,7 +9,7 @@ default: this.deviceCache = DeviceType.LinuxCLI; break; -@@ -80,7 +80,7 @@ export class CliPlatformUtilsService implements Platfo +@@ -84,7 +84,7 @@ export class CliPlatformUtilsService implements Platfo } launchUri(uri: string, options?: any): void { diff --git a/security/boringssl/Makefile b/security/boringssl/Makefile index 28e061773d37..7d5bd79dbf53 100644 --- a/security/boringssl/Makefile +++ b/security/boringssl/Makefile @@ -1,6 +1,6 @@ PORTNAME= boringssl PORTVERSION= 0.20250818.0 -PORTREVISION= 1 +PORTREVISION= 3 CATEGORIES= security EXTRACT_ONLY= ${GH_ACCOUNT}-${PORTNAME}-${PORTVERSION}_GH0.tar.gz diff --git a/security/caldera-ot/Makefile b/security/caldera-ot/Makefile index 0e6e7fefbb69..ff8d5e1f0f77 100644 --- a/security/caldera-ot/Makefile +++ b/security/caldera-ot/Makefile @@ -1,6 +1,6 @@ PORTNAME= caldera-ot DISTVERSION= 5.3.0 -PORTREVISION= 5 +PORTREVISION= 7 CATEGORIES= security python MAINTAINER= acm@FreeBSD.org diff --git a/security/caldera/Makefile b/security/caldera/Makefile index dfdf57c86e2b..43dbdf79fee9 100644 --- a/security/caldera/Makefile +++ b/security/caldera/Makefile @@ -1,6 +1,6 @@ PORTNAME= caldera DISTVERSION= 5.3.0 -PORTREVISION= 7 +PORTREVISION= 9 CATEGORIES= security python MAINTAINER= acm@FreeBSD.org diff --git a/security/certificate_maker/Makefile b/security/certificate_maker/Makefile index 73e65a61f456..e56dbf5b0787 100644 --- a/security/certificate_maker/Makefile +++ b/security/certificate_maker/Makefile @@ -1,7 +1,7 @@ PORTNAME= certificate_maker DISTVERSIONPREFIX= v DISTVERSION= 1.7.1 -PORTREVISION= 5 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/certmgr/Makefile b/security/certmgr/Makefile index b8899bab302c..7ff0fb9a570c 100644 --- a/security/certmgr/Makefile +++ b/security/certmgr/Makefile @@ -1,7 +1,7 @@ PORTNAME= certmgr DISTVERSIONPREFIX= v DISTVERSION= 3.0.3 -PORTREVISION= 30 +PORTREVISION= 32 CATEGORIES= security net MAINTAINER= fuz@FreeBSD.org diff --git a/security/cfssl/Makefile b/security/cfssl/Makefile index 22400075f2e0..269dff7db0a4 100644 --- a/security/cfssl/Makefile +++ b/security/cfssl/Makefile @@ -1,7 +1,7 @@ PORTNAME= cfssl DISTVERSIONPREFIX= v DISTVERSION= 1.6.5 -PORTREVISION= 13 +PORTREVISION= 15 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/clamav/Makefile b/security/clamav/Makefile index 4d6bedecb396..8a8f61eb6e7e 100644 --- a/security/clamav/Makefile +++ b/security/clamav/Makefile @@ -1,5 +1,5 @@ PORTNAME= clamav -DISTVERSION= 1.5.0 +DISTVERSION= 1.5.1 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= https://www.clamav.net/downloads/production/ diff --git a/security/clamav/distinfo b/security/clamav/distinfo index 8b152af4d834..3d7208d2db3a 100644 --- a/security/clamav/distinfo +++ b/security/clamav/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1759867675 -SHA256 (clamav-1.5.0.tar.gz) = 09026c8b912b6c2a593d325318e99df7d763c9df013fff0d48ef3b2215fb53ee -SIZE (clamav-1.5.0.tar.gz) = 55281972 +TIMESTAMP = 1760651998 +SHA256 (clamav-1.5.1.tar.gz) = 64fe4a16a5622c1d71efe9ed7f2c2fbd37f8f237da9f11ff66b73038df71db91 +SIZE (clamav-1.5.1.tar.gz) = 65638226 diff --git a/security/cosign/Makefile b/security/cosign/Makefile index 9fcb48325d8f..273d56014e86 100644 --- a/security/cosign/Makefile +++ b/security/cosign/Makefile @@ -1,6 +1,7 @@ PORTNAME= cosign DISTVERSIONPREFIX= v DISTVERSION= 2.6.1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/courier-authlib/Makefile b/security/courier-authlib/Makefile index f542e393c400..c4a29f7623bb 100644 --- a/security/courier-authlib/Makefile +++ b/security/courier-authlib/Makefile @@ -1,5 +1,5 @@ PORTNAME= courier-authlib -PORTVERSION= 0.72.4 +PORTVERSION= 0.72.5 CATEGORIES?= security mail .if defined(PKGNAMESUFFIX) MASTER_SITES= SF/courier/authlib/${PORTVERSION} diff --git a/security/courier-authlib/distinfo b/security/courier-authlib/distinfo index 1b97be6c6ce6..826791c9cc47 100644 --- a/security/courier-authlib/distinfo +++ b/security/courier-authlib/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1744018659 -SHA256 (courier-authlib-0.72.4.tar.bz2) = 2a9d4e4535f1eeae84cc57589e8fdb9b46ae4f695d40e943413dfd6e949e3137 -SIZE (courier-authlib-0.72.4.tar.bz2) = 2290493 +TIMESTAMP = 1760733071 +SHA256 (courier-authlib-0.72.5.tar.bz2) = a94ff34c560f7b338108fe13ba876f1d15b9700bbc26e249da34d4db79d3aa42 +SIZE (courier-authlib-0.72.5.tar.bz2) = 2801834 diff --git a/security/courier-authlib/files/patch-Makefile.in b/security/courier-authlib/files/patch-Makefile.in index 4af934841bf2..f3dc3a55900d 100644 --- a/security/courier-authlib/files/patch-Makefile.in +++ b/security/courier-authlib/files/patch-Makefile.in @@ -1,6 +1,6 @@ ---- Makefile.in.orig 2025-04-06 14:25:31 UTC +--- Makefile.in.orig 2025-10-14 23:04:09 UTC +++ Makefile.in -@@ -95,11 +95,10 @@ host_triplet = @host@ +@@ -97,11 +97,10 @@ host_triplet = @host@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @@ -16,7 +16,7 @@ subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/configure.ac -@@ -154,7 +153,7 @@ am__v_lt_0 = --silent +@@ -155,7 +154,7 @@ am__v_lt_0 = --silent AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -25,10 +25,10 @@ libauthcustom_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libauthcustom_la_LDFLAGS) $(LDFLAGS) \ -@@ -219,6 +218,13 @@ libcourierauth_la_DEPENDENCIES = libs/libhmac/libhmac. - libs/md5/libmd5.la libs/sha1/libsha1.la \ - libs/numlib/libnumlib.la libs/random128/librandom128.la \ - libs/rfc822/libencode.la +@@ -223,6 +222,13 @@ am_libcourierauth_la_OBJECTS = authdaemon.lo authdaemo + am_libcourierauth_la_OBJECTS = authdaemon.lo authdaemonlib.lo \ + preauthdaemon.lo authmoduser2.lo authmoduser3.lo debug.lo \ + authoption.lo +am_libauthvchkpw_la_OBJECTS = authvchkpw.lo authvchkpwlib.lo \ + preauthvchkpw.lo +libauthvchkpw_la_OBJECTS = $(am_libauthvchkpw_la_OBJECTS) @@ -36,10 +36,10 @@ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libauthvchkpw_la_LDFLAGS) $(LDFLAGS) \ + -o $@ - am_libcourierauth_la_OBJECTS = authdaemon.lo authdaemonlib.lo \ - preauthdaemon.lo authmoduser2.lo authmoduser3.lo debug.lo \ - authoption.lo -@@ -299,11 +305,11 @@ am__v_GEN_0 = @echo " GEN " $@; + libcourierauth_la_OBJECTS = $(am_libcourierauth_la_OBJECTS) + libcourierauth_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ +@@ -300,11 +306,11 @@ am__v_GEN_0 = @echo " GEN " $@; AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; @@ -53,7 +53,7 @@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__maybe_remake_depfiles = depfiles -@@ -335,7 +341,9 @@ am__depfiles_remade = ./$(DEPDIR)/authconfigfile.Plo \ +@@ -336,7 +342,9 @@ am__depfiles_remade = ./$(DEPDIR)/authconfigfile.Plo \ ./$(DEPDIR)/authsqlite.Plo ./$(DEPDIR)/authsqlitelib.Plo \ ./$(DEPDIR)/authsyschangepwd.Plo ./$(DEPDIR)/authsyscommon.Plo \ ./$(DEPDIR)/authtest.Po ./$(DEPDIR)/authuserdb.Plo \ @@ -64,7 +64,7 @@ ./$(DEPDIR)/checkpasswordmd5.Plo \ ./$(DEPDIR)/checkpasswordsha1.Plo ./$(DEPDIR)/cramlib.Plo \ ./$(DEPDIR)/cryptpassword.Plo ./$(DEPDIR)/debug.Plo \ -@@ -343,7 +351,7 @@ am__depfiles_remade = ./$(DEPDIR)/authconfigfile.Plo \ +@@ -344,7 +352,7 @@ am__depfiles_remade = ./$(DEPDIR)/authconfigfile.Plo \ ./$(DEPDIR)/preauthldap.Plo ./$(DEPDIR)/preauthmysql.Plo \ ./$(DEPDIR)/preauthpam.Plo ./$(DEPDIR)/preauthpwd.Plo \ ./$(DEPDIR)/preauthshadow.Plo ./$(DEPDIR)/preauthuserdb.Plo \ @@ -73,7 +73,7 @@ am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -@@ -354,7 +362,7 @@ am__v_CC_0 = @echo " CC " $@; +@@ -355,7 +363,7 @@ am__v_CC_0 = @echo " CC " $@; AM_V_CC = $(am__v_CC_@AM_V@) am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) am__v_CC_0 = @echo " CC " $@; @@ -82,7 +82,7 @@ CCLD = $(CC) LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ -@@ -362,7 +370,7 @@ am__v_CCLD_0 = @echo " CCLD " $@; +@@ -363,7 +371,7 @@ am__v_CCLD_0 = @echo " CCLD " $@; AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; @@ -91,7 +91,7 @@ CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) LTCXXCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ -@@ -372,7 +380,7 @@ am__v_CXX_0 = @echo " CXX " $@; +@@ -373,7 +381,7 @@ am__v_CXX_0 = @echo " CXX " $@; AM_V_CXX = $(am__v_CXX_@AM_V@) am__v_CXX_ = $(am__v_CXX_@AM_DEFAULT_V@) am__v_CXX_0 = @echo " CXX " $@; @@ -100,7 +100,7 @@ CXXLD = $(CXX) CXXLINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \ -@@ -380,12 +388,13 @@ am__v_CXXLD_0 = @echo " CXXLD " $@; +@@ -381,12 +389,13 @@ am__v_CXXLD_0 = @echo " CXXLD " $@; AM_V_CXXLD = $(am__v_CXXLD_@AM_V@) am__v_CXXLD_ = $(am__v_CXXLD_@AM_DEFAULT_V@) am__v_CXXLD_0 = @echo " CXXLD " $@; @@ -115,7 +115,7 @@ $(libcourierauth_la_SOURCES) \ $(libcourierauthcommon_la_SOURCES) \ $(libcourierauthsasl_la_SOURCES) \ -@@ -399,6 +408,7 @@ DIST_SOURCES = $(libauthcustom_la_SOURCES) $(libauthld +@@ -400,6 +409,7 @@ DIST_SOURCES = $(libauthcustom_la_SOURCES) $(libauthld $(libauthpgsql_la_SOURCES) $(libauthpipe_la_SOURCES) \ $(libauthpwd_la_SOURCES) $(libauthshadow_la_SOURCES) \ $(libauthsqlite_la_SOURCES) $(libauthuserdb_la_SOURCES) \ @@ -123,7 +123,7 @@ $(libcourierauth_la_SOURCES) \ $(libcourierauthcommon_la_SOURCES) \ $(libcourierauthsasl_la_SOURCES) \ -@@ -571,6 +581,7 @@ LIBAUTHUSERDB = @LIBAUTHUSERDB@ +@@ -575,6 +585,7 @@ LIBAUTHUSERDB = @LIBAUTHUSERDB@ LIBAUTHSHADOW = @LIBAUTHSHADOW@ LIBAUTHSQLITE = @LIBAUTHSQLITE@ LIBAUTHUSERDB = @LIBAUTHUSERDB@ @@ -131,19 +131,19 @@ LIBDB = @LIBDB@ LIBDL = @LIBDL@ LIBGDBM = @LIBGDBM@ -@@ -704,7 +715,10 @@ AUTOMAKE_OPTIONS = dist-bzip2 +@@ -710,7 +721,10 @@ AUTOMAKE_OPTIONS = dist-bzip2 userdb = @userdb@ using_systemd = @using_systemd@ AUTOMAKE_OPTIONS = dist-bzip2 --SUBDIRS = libs/gdbmobj libs/bdbobj libs/md5 libs/sha1 libs/libhmac libs/numlib libs/makedat userdb libs/rfc822 libs/random128 libs/liblock liblog +-SUBDIRS = libs/gdbmobj libs/bdbobj libs/md5 libs/sha1 libs/libhmac libs/numlib libs/makedat userdb libs/rfc822 libs/rfc2045 libs/random128 libs/liblock liblog +SUBDIRS = libs/gdbmobj libs/bdbobj libs/md5 libs/sha1 libs/libhmac libs/numlib +@HAVE_USERDB_TRUE@SUBDIRS += libs/makedat userdb -+SUBDIRS += libs/rfc822 libs/random128 ++SUBDIRS += libs/rfc822 libs/rfc2045 libs/random128 +@HAVE_BASE_TRUE@SUBDIRS += libs/liblock liblog AM_CPPFLAGS = -I liblock $(LTDLINCL) BUILT_SOURCES = authdaemonrc.h $(BUILT1) $(GITFILES) \ $(man3:%.3=%.html) $(man1:%.1=%.html) authsqliterc.h \ -@@ -712,16 +726,18 @@ modules = @LIBAUTHUSERDB@ \ +@@ -718,16 +732,18 @@ modules = @LIBAUTHUSERDB@ \ modules = @LIBAUTHUSERDB@ \ @LIBAUTHPAM@ @LIBAUTHPWD@ @LIBAUTHSHADOW@ \ @LIBAUTHPGSQL@ @LIBAUTHLDAP@ @LIBAUTHMYSQL@ @LIBAUTHSQLITE@ \ @@ -166,7 +166,7 @@ libauthpgsql.la \ libauthldap.la \ libauthmysql.la \ -@@ -794,6 +810,13 @@ libauthshadow_la_LDFLAGS = $(commonldflags) +@@ -800,6 +816,13 @@ libauthshadow_la_LDFLAGS = $(commonldflags) libauthshadow_la_LIBADD = $(commonlibadd) $(libauthshadow_t) libauthshadow_la_LDFLAGS = $(commonldflags) @@ -180,7 +180,7 @@ # The authpgsql module libauthpgsql_t = @PGSQL_LIBS@ @LIBM@ @NETLIBS@ libauthpgsql_la_SOURCES = authpgsql.c authpgsqllib.cpp authpgsql.h -@@ -883,8 +906,8 @@ libcourierauthsaslclient_la_LDFLAGS = -export-symbols- +@@ -889,8 +912,8 @@ libcourierauthsaslclient_la_LDFLAGS = -export-symbols- libcourierauthsaslclient_la_LIBADD = libcourierauth.la libcourierauthsaslclient_la_LDFLAGS = -export-symbols-regex '^auth_sasl_client$$' -version-info @LIBVERSION_INFO@ @@ -191,7 +191,7 @@ courierauthconfig_SOURCES = authinfo.c authpasswd_SOURCES = authpasswd.c -@@ -901,7 +924,7 @@ authenumerate_LDADD = libcourierauth.la \ +@@ -907,7 +930,7 @@ authenumerate_LDADD = libcourierauth.la \ authenumerate_LDADD = libcourierauth.la \ libs/numlib/libnumlib.la @@ -200,7 +200,7 @@ # # The main daemon. -@@ -932,7 +955,7 @@ extraman3 = auth_generic_meta.3 auth_login_meta.3 auth +@@ -938,7 +961,7 @@ extraman3 = auth_generic_meta.3 auth_login_meta.3 auth extraman3 = auth_generic_meta.3 auth_login_meta.3 auth_getuserinfo_meta.3 \ auth_sasl_ex.3 @@ -209,18 +209,18 @@ man_MANS = $(man1) $(man3) $(extraman3) BUILT1 = authlib.html authldaprc.h authmysqlrc.h authpgsqlrc.h authpiperc.h \ authdaemonrc.h packageversion.h \ -@@ -990,7 +1013,7 @@ stamp-h1: $(srcdir)/courier_auth_config.h.in $(top_bui +@@ -996,7 +1019,7 @@ stamp-h1: $(srcdir)/courier_auth_config.h.in $(top_bui stamp-h1: $(srcdir)/courier_auth_config.h.in $(top_builddir)/config.status - @rm -f stamp-h1 - cd $(top_builddir) && $(SHELL) ./config.status courier_auth_config.h + $(AM_V_at)rm -f stamp-h1 + $(AM_V_GEN)cd $(top_builddir) && $(SHELL) ./config.status courier_auth_config.h -$(srcdir)/courier_auth_config.h.in: $(am__configure_deps) +$(srcdir)/courier_auth_config.h.in: $(am__configure_deps) - ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) - rm -f stamp-h1 - touch $@ -@@ -1162,73 +1185,76 @@ clean-pkglibLTLIBRARIES: - rm -f $${locs}; \ - } + $(AM_V_GEN)($(am__cd) $(top_srcdir) && $(AUTOHEADER)) + $(AM_V_at)rm -f stamp-h1 + $(AM_V_at)touch $@ +@@ -1151,73 +1174,76 @@ clean-pkglibLTLIBRARIES: + echo rm -f $${locs}; \ + $(am__rm_f) $${locs} -libauthcustom.la: $(libauthcustom_la_OBJECTS) $(libauthcustom_la_DEPENDENCIES) $(EXTRA_libauthcustom_la_DEPENDENCIES) +libauthcustom.la: $(libauthcustom_la_OBJECTS) $(libauthcustom_la_DEPENDENCIES) $(EXTRA_libauthcustom_la_DEPENDENCIES) @@ -316,7 +316,7 @@ @rm -f courierauthconfig$(EXEEXT) $(AM_V_CCLD)$(LINK) $(courierauthconfig_OBJECTS) $(courierauthconfig_LDADD) $(LIBS) install-pkglibexecSCRIPTS: $(pkglibexec_SCRIPTS) -@@ -1355,6 +1381,8 @@ distclean-compile: +@@ -1344,6 +1370,8 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authtest.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authuserdb.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/authuserdbpwd.Plo@am__quote@ # am--include-marker @@ -325,7 +325,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/checkpassword.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/checkpasswordmd5.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/checkpasswordsha1.Plo@am__quote@ # am--include-marker -@@ -1370,6 +1398,7 @@ distclean-compile: +@@ -1359,6 +1387,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/preauthshadow.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/preauthuserdb.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/preauthuserdbcommon.Plo@am__quote@ # am--include-marker @@ -333,7 +333,7 @@ $(am__depfiles_remade): @$(MKDIR_P) $(@D) -@@ -1939,6 +1968,8 @@ distclean: distclean-recursive +@@ -1928,6 +1957,8 @@ distclean: distclean-recursive -rm -f ./$(DEPDIR)/authtest.Po -rm -f ./$(DEPDIR)/authuserdb.Plo -rm -f ./$(DEPDIR)/authuserdbpwd.Plo @@ -342,7 +342,7 @@ -rm -f ./$(DEPDIR)/checkpassword.Plo -rm -f ./$(DEPDIR)/checkpasswordmd5.Plo -rm -f ./$(DEPDIR)/checkpasswordsha1.Plo -@@ -1954,6 +1985,7 @@ distclean: distclean-recursive +@@ -1943,6 +1974,7 @@ distclean: distclean-recursive -rm -f ./$(DEPDIR)/preauthshadow.Plo -rm -f ./$(DEPDIR)/preauthuserdb.Plo -rm -f ./$(DEPDIR)/preauthuserdbcommon.Plo @@ -350,7 +350,7 @@ -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-hdr distclean-libtool distclean-tags -@@ -1970,18 +2002,26 @@ info-am: +@@ -1959,18 +1991,26 @@ info-am: info-am: @@ -385,7 +385,7 @@ install-html: install-html-recursive install-html-am: -@@ -2124,13 +2164,16 @@ uninstall-man: uninstall-man1 uninstall-man3 +@@ -2113,13 +2153,16 @@ uninstall-man: uninstall-man1 uninstall-man3 .PRECIOUS: Makefile @@ -404,7 +404,7 @@ @HAVE_AUTHPGSQL_TRUE@uninstall-authpgsqlrc: @HAVE_AUTHPGSQL_TRUE@ rm -f $(DESTDIR)@authpgsqlrc@.dist -@@ -2148,8 +2191,6 @@ authpgsqlrc.h: +@@ -2137,8 +2180,6 @@ authpgsqlrc.h: @HAVE_LDAP_TRUE@ $(mkinstalldirs) $(DESTDIR)`dirname @authldaprc@` || : @HAVE_LDAP_TRUE@ $(INSTALL_DATA) -m 660 $(srcdir)/authldaprc \ @HAVE_LDAP_TRUE@ $(DESTDIR)@authldaprc@.dist @@ -413,7 +413,7 @@ @HAVE_LDAP_TRUE@uninstall-authldaprc: @HAVE_LDAP_TRUE@ rm -f $(DESTDIR)@authldaprc@.dist -@@ -2160,6 +2201,18 @@ authpgsqlrc.h: +@@ -2149,6 +2190,18 @@ authpgsqlrc.h: @HAVE_LDAP_FALSE@uninstall-authldaprc: @HAVE_LDAP_FALSE@ @: @@ -432,7 +432,7 @@ authldaprc.h: echo "#define AUTHLDAPRC \"@authldaprc@\"" >authldaprc.h -@@ -2167,8 +2220,6 @@ authldaprc.h: +@@ -2156,8 +2209,6 @@ authldaprc.h: @HAVE_AUTHMYSQL_TRUE@ $(mkinstalldirs) $(DESTDIR)`dirname @authmysqlrc@` || : @HAVE_AUTHMYSQL_TRUE@ $(INSTALL_DATA) -m 660 $(srcdir)/authmysqlrc \ @HAVE_AUTHMYSQL_TRUE@ $(DESTDIR)@authmysqlrc@.dist @@ -441,7 +441,7 @@ @HAVE_AUTHMYSQL_TRUE@uninstall-authmysqlrc: @HAVE_AUTHMYSQL_TRUE@ rm -f $(DESTDIR)@authmysqlrc@.dist -@@ -2186,8 +2237,6 @@ authmysqlrc.h: +@@ -2175,8 +2226,6 @@ authmysqlrc.h: @HAVE_AUTHSQLITE_TRUE@ $(mkinstalldirs) $(DESTDIR)`dirname @authsqliterc@` || : @HAVE_AUTHSQLITE_TRUE@ $(INSTALL_DATA) -m 660 $(srcdir)/authsqliterc \ @HAVE_AUTHSQLITE_TRUE@ $(DESTDIR)@authsqliterc@.dist @@ -450,7 +450,7 @@ @HAVE_AUTHSQLITE_TRUE@uninstall-authsqliterc: @HAVE_AUTHSQLITE_TRUE@ rm -f $(DESTDIR)@authsqliterc@.dist -@@ -2206,17 +2255,21 @@ authpiperc.h: +@@ -2195,17 +2244,21 @@ authpiperc.h: authpiperc.h: echo "#define PIPE_PROGRAM \"@authProg@\"" >authpiperc.h @@ -481,7 +481,7 @@ authdaemonrc.h: echo "#define AUTHDAEMONRC \"@authdaemonrc@\"" >authdaemonrc.h echo "#define AUTHDAEMONVAR \"@authdaemonvar@\"" >>authdaemonrc.h -@@ -2272,24 +2325,24 @@ install-data-hook: install-authdaemonrc install-authpg +@@ -2261,24 +2314,24 @@ install-data-hook: install-authdaemonrc install-authpg # automake still a bit stupid... install-data-hook: install-authdaemonrc install-authpgsqlrc \ @@ -518,7 +518,7 @@ $(INSTALL_SCRIPT) userdb/pw2userdb \ $(DESTDIR)$(sbindir)/pw2userdb ; \ $(INSTALL_SCRIPT) userdb/makeuserdb \ -@@ -2300,9 +2353,10 @@ uninstall-hook: uninstall-authldaprc uninstall-authdae +@@ -2289,9 +2342,10 @@ uninstall-hook: uninstall-authldaprc uninstall-authdae $(DESTDIR)$(sbindir)/userdbpw uninstall-hook: uninstall-authldaprc uninstall-authdaemonrc uninstall-authmysqlrc uninstall-authpgsqlrc uninstall-authsqliterc @@ -530,7 +530,7 @@ $(DESTDIR)$(sbindir)/pw2userdb \ $(DESTDIR)$(sbindir)/makeuserdb \ $(DESTDIR)$(sbindir)/userdb \ -@@ -2312,7 +2366,7 @@ authlib.3: authlib.3.in +@@ -2301,7 +2355,7 @@ authlib.3: authlib.3.in $(SHELL) ./config.status --file=authlib.html authlib.3: authlib.3.in diff --git a/security/courier-authlib/files/patch-libs_rfc2045_rfc2045.h b/security/courier-authlib/files/patch-libs_rfc2045_rfc2045.h new file mode 100644 index 000000000000..af387f7e7dd7 --- /dev/null +++ b/security/courier-authlib/files/patch-libs_rfc2045_rfc2045.h @@ -0,0 +1,11 @@ +--- libs/rfc2045/rfc2045.h.orig 2025-10-06 09:00:02 UTC ++++ libs/rfc2045/rfc2045.h +@@ -3224,7 +3224,7 @@ void rfc822::mime_decoder<out_iter, src_type>::decode( + + if (decode_header) + { +- typename rfc2045::entity::line_iter<crlf>::headers< ++ typename rfc2045::entity::line_iter<crlf>::template headers< + src_type> parser{e, src }; + + parser.name_lc=header_name_lc; diff --git a/security/courier-authlib/files/patch-libs_rfc2045_testsuitecpp.C b/security/courier-authlib/files/patch-libs_rfc2045_testsuitecpp.C new file mode 100644 index 000000000000..649fadc8ea79 --- /dev/null +++ b/security/courier-authlib/files/patch-libs_rfc2045_testsuitecpp.C @@ -0,0 +1,11 @@ +--- libs/rfc2045/testsuitecpp.C.orig 2025-10-04 09:00:06 UTC ++++ libs/rfc2045/testsuitecpp.C +@@ -19,7 +19,7 @@ void testrfc2045line_iter_testset(int &testnum, test_t + auto b=s.begin(); + auto e=s.end(); + +- typename rfc2045::entity::line_iter<crlf>::iter< ++ typename rfc2045::entity::line_iter<crlf>::template iter< + std::string_view::iterator, + std::string_view::iterator + > diff --git a/security/courier-authlib/files/patch-libs_rfc2045_testsuitecpp2.C b/security/courier-authlib/files/patch-libs_rfc2045_testsuitecpp2.C new file mode 100644 index 000000000000..353465b17a71 --- /dev/null +++ b/security/courier-authlib/files/patch-libs_rfc2045_testsuitecpp2.C @@ -0,0 +1,29 @@ +--- libs/rfc2045/testsuitecpp2.C.orig 2025-09-10 09:00:05 UTC ++++ libs/rfc2045/testsuitecpp2.C +@@ -217,7 +217,7 @@ void test3() + auto b=std::istreambuf_iterator<char>{ss}; + auto e=std::istreambuf_iterator<char>{}; + +- typename rfc2045::entity::line_iter<crlf>::iter< ++ typename rfc2045::entity::line_iter<crlf>::template iter< + std::istreambuf_iterator<char>, + std::istreambuf_iterator<char> + > iter{b, e}; +@@ -310,7 +310,7 @@ void test4() + auto b=std::istreambuf_iterator<char>{ss}; + auto e=std::istreambuf_iterator<char>{}; + +- typename rfc2045::entity::line_iter<crlf>::iter< ++ typename rfc2045::entity::line_iter<crlf>::template iter< + std::istreambuf_iterator<char>, + std::istreambuf_iterator<char> + > iter{b, e}; +@@ -488,7 +488,7 @@ void test5() + auto b=std::istreambuf_iterator<char>{ss}; + auto e=std::istreambuf_iterator<char>{}; + +- typename rfc2045::entity::line_iter<crlf>::iter< ++ typename rfc2045::entity::line_iter<crlf>::template iter< + std::istreambuf_iterator<char>, + std::istreambuf_iterator<char> + > iter{b, e}; diff --git a/security/crlfuzz/Makefile b/security/crlfuzz/Makefile index 99b7c6614272..82794788a768 100644 --- a/security/crlfuzz/Makefile +++ b/security/crlfuzz/Makefile @@ -1,7 +1,7 @@ PORTNAME= crlfuzz PORTVERSION= 1.4.1 DISTVERSIONPREFIX= v -PORTREVISION= 30 +PORTREVISION= 32 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/crowdsec-blocklist-mirror/Makefile b/security/crowdsec-blocklist-mirror/Makefile index d06cec2b434d..c3a6375e257e 100644 --- a/security/crowdsec-blocklist-mirror/Makefile +++ b/security/crowdsec-blocklist-mirror/Makefile @@ -2,7 +2,7 @@ PORTNAME= crowdsec-blocklist-mirror DISTVERSIONPREFIX= v DISTVERSION= 0.0.2 DISTVERSIONSUFFIX= -freebsd -PORTREVISION= 17 +PORTREVISION= 19 CATEGORIES= security MAINTAINER= marco@crowdsec.net diff --git a/security/crowdsec-firewall-bouncer/Makefile b/security/crowdsec-firewall-bouncer/Makefile index 9881bf5c0792..718699706db0 100644 --- a/security/crowdsec-firewall-bouncer/Makefile +++ b/security/crowdsec-firewall-bouncer/Makefile @@ -1,7 +1,7 @@ PORTNAME= crowdsec-firewall-bouncer DISTVERSIONPREFIX= v DISTVERSION= 0.0.32 -PORTREVISION= 5 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= marco@crowdsec.net diff --git a/security/crowdsec/Makefile b/security/crowdsec/Makefile index 00e137ea9782..980a6692d0c3 100644 --- a/security/crowdsec/Makefile +++ b/security/crowdsec/Makefile @@ -1,6 +1,6 @@ PORTNAME= crowdsec DISTVERSIONPREFIX= v -DISTVERSION= 1.7.0 +DISTVERSION= 1.7.2 CATEGORIES= security MAINTAINER= marco@crowdsec.net @@ -13,8 +13,8 @@ LICENSE_FILE= ${WRKSRC}/LICENSE LIB_DEPENDS= libabsl_base.so:devel/abseil \ libre2.so:devel/re2 -USES= go:modules pkgconfig -_COMMIT= c3036e21 +USES= go:1.25,modules pkgconfig +_COMMIT= 108690d1 _BUILD_DATE= $$(date -u "+%F_%T") USE_RC_SUBR= crowdsec @@ -164,6 +164,7 @@ do-install: @${RM} ${STAGEDIR}${ETCDIR}/context.yaml @${RM} ${STAGEDIR}${ETCDIR}/detect.yaml @${RM} ${STAGEDIR}${ETCDIR}/dev.yaml + @${RM} ${STAGEDIR}${ETCDIR}/windows-dev.yaml @${RM} ${STAGEDIR}${ETCDIR}/user.yaml @${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/email @${RMDIR} ${STAGEDIR}${ETCDIR}/notifications/http diff --git a/security/crowdsec/distinfo b/security/crowdsec/distinfo index 27a1df0a8f93..69774792d127 100644 --- a/security/crowdsec/distinfo +++ b/security/crowdsec/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1756721640 -SHA256 (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.mod) = fe6e9e56759a9f85b7b7946724b1d64421340aabb174b1c56a5140e5e35169bb -SIZE (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.mod) = 10467 -SHA256 (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.zip) = 8854689eea80df7d93437f05ec5fca7461a8444ddb3d09aed387be3a75452113 -SIZE (go/security_crowdsec/crowdsec-v1.7.0/v1.7.0.zip) = 1796649 +TIMESTAMP = 1761126036 +SHA256 (go/security_crowdsec/crowdsec-v1.7.2/v1.7.2.mod) = c4bbd96e96bb3b6c05909402d1894201ebdff7255e525a228c9756a38576c87e +SIZE (go/security_crowdsec/crowdsec-v1.7.2/v1.7.2.mod) = 11817 +SHA256 (go/security_crowdsec/crowdsec-v1.7.2/v1.7.2.zip) = e487aac057688c6014e23243a0ec4141473d9d6032860214b0a453058ca14e5d +SIZE (go/security_crowdsec/crowdsec-v1.7.2/v1.7.2.zip) = 1819151 diff --git a/security/ct-submit/Makefile b/security/ct-submit/Makefile index c2edb344b792..ada7fb57ab00 100644 --- a/security/ct-submit/Makefile +++ b/security/ct-submit/Makefile @@ -1,6 +1,6 @@ PORTNAME= ct-submit PORTVERSION= 1.1.2 -PORTREVISION= 30 +PORTREVISION= 32 CATEGORIES= security www MAINTAINER= jim@ohlste.in diff --git a/security/enc/Makefile b/security/enc/Makefile index e3d13aae3cf9..94c9bdde1eb8 100644 --- a/security/enc/Makefile +++ b/security/enc/Makefile @@ -1,6 +1,6 @@ PORTNAME= enc DISTVERSION= 1.1.4 -PORTREVISION= 3 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= dtxdf@FreeBSD.org diff --git a/security/ffuf/Makefile b/security/ffuf/Makefile index 176f48536c13..00b450957940 100644 --- a/security/ffuf/Makefile +++ b/security/ffuf/Makefile @@ -1,7 +1,7 @@ PORTNAME= ffuf DISTVERSIONPREFIX=v DISTVERSION= 2.1.0 -PORTREVISION= 15 +PORTREVISION= 17 CATEGORIES= security www MAINTAINER= dutra@FreeBSD.org diff --git a/security/fizz/Makefile b/security/fizz/Makefile index 8daa250a1a03..656541d3b74b 100644 --- a/security/fizz/Makefile +++ b/security/fizz/Makefile @@ -1,6 +1,7 @@ PORTNAME= fizz DISTVERSIONPREFIX= v DISTVERSION= 2025.08.18.00 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/git-credential-azure/Makefile b/security/git-credential-azure/Makefile index d9b9156e55cd..7776f22cf7c1 100644 --- a/security/git-credential-azure/Makefile +++ b/security/git-credential-azure/Makefile @@ -1,7 +1,7 @@ PORTNAME= git-credential-azure DISTVERSIONPREFIX= v DISTVERSION= 0.3.1 -PORTREVISION= 6 +PORTREVISION= 8 CATEGORIES= security MAINTAINER= ehaupt@FreeBSD.org diff --git a/security/git-credential-oauth/Makefile b/security/git-credential-oauth/Makefile index 705e84d4c124..81e955e5d82b 100644 --- a/security/git-credential-oauth/Makefile +++ b/security/git-credential-oauth/Makefile @@ -1,6 +1,7 @@ PORTNAME= git-credential-oauth DISTVERSIONPREFIX= v DISTVERSION= 0.16.0 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= ehaupt@FreeBSD.org diff --git a/security/gitjacker/Makefile b/security/gitjacker/Makefile index bf9de433f0da..9507020d2c63 100644 --- a/security/gitjacker/Makefile +++ b/security/gitjacker/Makefile @@ -1,7 +1,7 @@ PORTNAME= gitjacker DISTVERSIONPREFIX= v DISTVERSION= 0.1.0 -PORTREVISION= 30 +PORTREVISION= 32 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/go-cve-dictionary/Makefile b/security/go-cve-dictionary/Makefile index 0bd36a5bca62..39b35c16721d 100644 --- a/security/go-cve-dictionary/Makefile +++ b/security/go-cve-dictionary/Makefile @@ -1,7 +1,7 @@ PORTNAME= go-cve-dictionary DISTVERSIONPREFIX=v DISTVERSION= 0.11.0 -PORTREVISION= 7 +PORTREVISION= 9 CATEGORIES= security MAINTAINER= girgen@FreeBSD.org diff --git a/security/go-tuf/Makefile b/security/go-tuf/Makefile index 5c80faabe2b0..4b93fafd4f57 100644 --- a/security/go-tuf/Makefile +++ b/security/go-tuf/Makefile @@ -1,6 +1,7 @@ PORTNAME= go-tuf DISTVERSIONPREFIX= v DISTVERSION= 2.2.0 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/gokart/Makefile b/security/gokart/Makefile index 2428dfd745d0..b461de345e3f 100644 --- a/security/gokart/Makefile +++ b/security/gokart/Makefile @@ -1,7 +1,7 @@ PORTNAME= gokart DISTVERSIONPREFIX= v DISTVERSION= 0.5.1 -PORTREVISION= 24 +PORTREVISION= 26 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/gokey/Makefile b/security/gokey/Makefile index cb8222051743..f04c171ba84a 100644 --- a/security/gokey/Makefile +++ b/security/gokey/Makefile @@ -1,7 +1,7 @@ PORTNAME= gokey DISTVERSIONPREFIX= v DISTVERSION= 0.1.3 -PORTREVISION= 5 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/gopass/Makefile b/security/gopass/Makefile index b3f91c4d1a1c..6c4fb8b9ba98 100644 --- a/security/gopass/Makefile +++ b/security/gopass/Makefile @@ -1,6 +1,7 @@ PORTNAME= gopass DISTVERSIONPREFIX= v DISTVERSION= 1.15.18 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= eduardo@FreeBSD.org diff --git a/security/gosec/Makefile b/security/gosec/Makefile index 7821519afa1b..c70f9a7edd9a 100644 --- a/security/gosec/Makefile +++ b/security/gosec/Makefile @@ -1,7 +1,7 @@ PORTNAME= gosec DISTVERSIONPREFIX= v DISTVERSION= 2.22.0 -PORTREVISION= 7 +PORTREVISION= 9 CATEGORIES= security devel MAINTAINER= yuri@FreeBSD.org diff --git a/security/govulncheck/Makefile b/security/govulncheck/Makefile index 0ec895c47fa6..2d6e12853b65 100644 --- a/security/govulncheck/Makefile +++ b/security/govulncheck/Makefile @@ -1,7 +1,7 @@ PORTNAME= govulncheck DISTVERSIONPREFIX= v DISTVERSION= 1.1.4 -PORTREVISION= 4 +PORTREVISION= 6 CATEGORIES= security MAINTAINER= einar@isnic.is diff --git a/security/gsa/Makefile b/security/gsa/Makefile index 355f134bd07c..545a68bbc34b 100644 --- a/security/gsa/Makefile +++ b/security/gsa/Makefile @@ -1,6 +1,6 @@ PORTNAME= gsa DISTVERSIONPREFIX= v -DISTVERSION= 25.0.0 +DISTVERSION= 26.0.0 CATEGORIES= security MAINTAINER= acm@FreeBSD.org diff --git a/security/gsa/distinfo b/security/gsa/distinfo index 1601832c8f0e..a1e911a27787 100644 --- a/security/gsa/distinfo +++ b/security/gsa/distinfo @@ -1,7 +1,7 @@ -TIMESTAMP = 1750730229 -SHA256 (gsa-cache-aarch64-25.0.0.tar.gz) = 73d2a799e3e91d933a6070a68a700160fdd09d0f7cf1dbb7e5a612dbfa72f564 -SIZE (gsa-cache-aarch64-25.0.0.tar.gz) = 49641157 -SHA256 (gsa-cache-amd64-25.0.0.tar.gz) = 030b10dec16f5cddf4c91e3a38a4af2bcca411aad54e7be6ff5e29805e21eb12 -SIZE (gsa-cache-amd64-25.0.0.tar.gz) = 50160790 -SHA256 (greenbone-gsa-v25.0.0_GH0.tar.gz) = f177c1c0d5e66ea9bb93a6c898c5175b0f85a91baae416a95d8e6f3a102ba46c -SIZE (greenbone-gsa-v25.0.0_GH0.tar.gz) = 3729977 +TIMESTAMP = 1759903257 +SHA256 (gsa-cache-amd64-26.0.0.tar.gz) = bc43fba7a3e5507f9f3d8f3b0f930dd9d9347f4126f25496a223040c4f3a49b5 +SIZE (gsa-cache-amd64-26.0.0.tar.gz) = 56573102 +SHA256 (gsa-cache-aarch64-26.0.0.tar.gz) = 5d6d9325c56db77afef57350f7c3c06603e79cc9684f71bf93653573d1dac112 +SIZE (gsa-cache-aarch64-26.0.0.tar.gz) = 56081175 +SHA256 (greenbone-gsa-v26.0.0_GH0.tar.gz) = 3d96a038c5e6ddf7b828d08485cce2e46c6345fb6a7aac9bfbc327f4cda2e8fe +SIZE (greenbone-gsa-v26.0.0_GH0.tar.gz) = 2468141 diff --git a/security/gsad/Makefile b/security/gsad/Makefile index 93105ab32e2e..1f948846ac51 100644 --- a/security/gsad/Makefile +++ b/security/gsad/Makefile @@ -1,7 +1,6 @@ PORTNAME= gsad DISTVERSIONPREFIX= v -DISTVERSION= 24.3.0 -PORTREVISION= 1 +DISTVERSION= 24.5.4 CATEGORIES= security MAINTAINER= acm@FreeBSD.org diff --git a/security/gsad/distinfo b/security/gsad/distinfo index 3db5c844a5ea..edb51b301f1a 100644 --- a/security/gsad/distinfo +++ b/security/gsad/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750731904 -SHA256 (greenbone-gsad-v24.3.0_GH0.tar.gz) = d5756149e666169063516f6a94f2d6618e0a1f42ea40ee0c5e2b967c5e81a0d3 -SIZE (greenbone-gsad-v24.3.0_GH0.tar.gz) = 229954 +TIMESTAMP = 1759903294 +SHA256 (greenbone-gsad-v24.5.4_GH0.tar.gz) = f5e7fbf1a37d87ebf7ce3a50dbc55184cce4f2383c629a5fd8c638d9248e18dd +SIZE (greenbone-gsad-v24.5.4_GH0.tar.gz) = 235074 diff --git a/security/gvm-libs/Makefile b/security/gvm-libs/Makefile index f7a8987caa7c..5160f991ded2 100644 --- a/security/gvm-libs/Makefile +++ b/security/gvm-libs/Makefile @@ -1,7 +1,6 @@ PORTNAME= gvm DISTVERSIONPREFIX= v -DISTVERSION= 22.22.0 -PORTREVISION= 2 +DISTVERSION= 22.29.2 CATEGORIES= security PKGNAMESUFFIX= -libs diff --git a/security/gvm-libs/distinfo b/security/gvm-libs/distinfo index bd000ba5bc69..9a2991415155 100644 --- a/security/gvm-libs/distinfo +++ b/security/gvm-libs/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750728151 -SHA256 (greenbone-gvm-libs-v22.22.0_GH0.tar.gz) = c97372197de5f6253580ef5f1083d32f1a2b0c47bfa4b54b60b1b87d31d1ca67 -SIZE (greenbone-gvm-libs-v22.22.0_GH0.tar.gz) = 382817 +TIMESTAMP = 1759900802 +SHA256 (greenbone-gvm-libs-v22.29.2_GH0.tar.gz) = 564b82d58ef5b7f4fcdb4735c91f2ba87fa26da89644510a71cf1a76ae0e761c +SIZE (greenbone-gvm-libs-v22.29.2_GH0.tar.gz) = 407412 diff --git a/security/gvm-libs/files/patch-util_passwordbasedauthentication.c b/security/gvm-libs/files/patch-util_passwordbasedauthentication.c index 6838446064ad..55e4d62a57a8 100644 --- a/security/gvm-libs/files/patch-util_passwordbasedauthentication.c +++ b/security/gvm-libs/files/patch-util_passwordbasedauthentication.c @@ -1,6 +1,6 @@ ---- util/passwordbasedauthentication.c 2021-08-03 06:50:41.000000000 -0500 -+++ util/passwordbasedauthentication.c 2021-09-04 20:54:26.630524000 -0500 -@@ -26,7 +26,13 @@ +--- util/passwordbasedauthentication.c 2025-10-01 02:22:47.000000000 -0700 ++++ util/passwordbasedauthentication.c 2025-10-07 22:23:18.428502000 -0700 +@@ -14,7 +14,13 @@ // UFC_crypt defines crypt_r when only when __USE_GNU is set // this shouldn't affect other implementations #define __USE_GNU @@ -14,16 +14,19 @@ // INVALID_HASH is used on verify when the given hash is a NULL pointer. // This is done to not directly jump to exit with a INVALID_HASH result // but rather keep calculating to make it a little bit harder to guess -@@ -173,6 +179,7 @@ +@@ -208,6 +214,7 @@ return strlen (setting) > 1 && setting[0] == '$'; } +#if HAS_CRYPT_R - char * - pba_hash (struct PBASettings *setting, const char *password) - { -@@ -276,3 +283,4 @@ - free (tmp); + /** + * @brief Create a password hash. + * +@@ -262,6 +269,7 @@ + free (settings); return result; } +#endif /* #if HAS_CRYPT_R */ + + /** + * @brief Verify a password hash. diff --git a/security/gvm-libs/pkg-plist b/security/gvm-libs/pkg-plist index 6a65393809a7..d98884f22dea 100644 --- a/security/gvm-libs/pkg-plist +++ b/security/gvm-libs/pkg-plist @@ -24,8 +24,10 @@ include/gvm/boreas/cli.h include/gvm/boreas/ping.h include/gvm/boreas/sniffer.h include/gvm/boreas/util.h +include/gvm/container_image_scanner/container_image_scanner.h include/gvm/gmp/gmp.h include/gvm/http/httputils.h +include/gvm/http_scanner/http_scanner.h include/gvm/openvasd/openvasd.h include/gvm/osp/osp.h include/gvm/util/authutils.h @@ -43,39 +45,48 @@ include/gvm/util/passwordbasedauthentication.h include/gvm/util/radiusutils.h include/gvm/util/serverutils.h include/gvm/util/sshutils.h +include/gvm/util/streamvalidator.h include/gvm/util/uuidutils.h include/gvm/util/versionutils.h include/gvm/util/vtparser.h include/gvm/util/xmlutils.h lib/libgvm_agent_controller.so lib/libgvm_agent_controller.so.22 -lib/libgvm_agent_controller.so.22.22.0 +lib/libgvm_agent_controller.so.22.29.2 lib/libgvm_base.so lib/libgvm_base.so.22 -lib/libgvm_base.so.22.22.0 +lib/libgvm_base.so.22.29.2 lib/libgvm_boreas.so lib/libgvm_boreas.so.22 -lib/libgvm_boreas.so.22.22.0 +lib/libgvm_boreas.so.22.29.2 +lib/libgvm_container_image_scanner.so +lib/libgvm_container_image_scanner.so.22 +lib/libgvm_container_image_scanner.so.22.29.2 lib/libgvm_gmp.so lib/libgvm_gmp.so.22 -lib/libgvm_gmp.so.22.22.0 +lib/libgvm_gmp.so.22.29.2 lib/libgvm_http.so lib/libgvm_http.so.22 -lib/libgvm_http.so.22.22.0 +lib/libgvm_http.so.22.29.2 +lib/libgvm_http_scanner.so +lib/libgvm_http_scanner.so.22 +lib/libgvm_http_scanner.so.22.29.2 lib/libgvm_openvasd.so lib/libgvm_openvasd.so.22 -lib/libgvm_openvasd.so.22.22.0 +lib/libgvm_openvasd.so.22.29.2 lib/libgvm_osp.so lib/libgvm_osp.so.22 -lib/libgvm_osp.so.22.22.0 +lib/libgvm_osp.so.22.29.2 lib/libgvm_util.so lib/libgvm_util.so.22 -lib/libgvm_util.so.22.22.0 +lib/libgvm_util.so.22.29.2 libdata/pkgconfig/libgvm_agent_controller.pc libdata/pkgconfig/libgvm_base.pc libdata/pkgconfig/libgvm_boreas.pc +libdata/pkgconfig/libgvm_container_image_scanner.pc libdata/pkgconfig/libgvm_gmp.pc libdata/pkgconfig/libgvm_http.pc +libdata/pkgconfig/libgvm_http_scanner.pc libdata/pkgconfig/libgvm_openvasd.pc libdata/pkgconfig/libgvm_osp.pc libdata/pkgconfig/libgvm_util.pc diff --git a/security/gvm/Makefile b/security/gvm/Makefile index 0f8c629b2078..bc1a195af02c 100644 --- a/security/gvm/Makefile +++ b/security/gvm/Makefile @@ -1,5 +1,5 @@ PORTNAME= gvm -PORTVERSION= 26.0.0 +PORTVERSION= 26.3.0 CATEGORIES= security MAINTAINER= acm@FreeBSD.org diff --git a/security/gvmd/Makefile b/security/gvmd/Makefile index 38a02d7f3b2c..af884117fbfb 100644 --- a/security/gvmd/Makefile +++ b/security/gvmd/Makefile @@ -1,6 +1,5 @@ PORTNAME= gvmd -DISTVERSION= 26.0.0 -PORTREVISION= 3 +DISTVERSION= 26.3.0 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/gvmd/distinfo b/security/gvmd/distinfo index 3b51e4292115..d34513f64e3f 100644 --- a/security/gvmd/distinfo +++ b/security/gvmd/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750728558 -SHA256 (greenbone-gvmd-v26.0.0_GH0.tar.gz) = c209a735147235b4c5d0956cfb883cb358386d0682751db3f73fc90bc5675d30 -SIZE (greenbone-gvmd-v26.0.0_GH0.tar.gz) = 1125084 +TIMESTAMP = 1759901261 +SHA256 (greenbone-gvmd-v26.3.0_GH0.tar.gz) = 7ff29b8dec6be3c24bd196d154ad103650f1b640d5b48133494c330badbd096d +SIZE (greenbone-gvmd-v26.3.0_GH0.tar.gz) = 1217037 diff --git a/security/gvmd/files/patch-src_manage_alerts.c b/security/gvmd/files/patch-src_manage_alerts.c new file mode 100644 index 000000000000..3010412c662e --- /dev/null +++ b/security/gvmd/files/patch-src_manage_alerts.c @@ -0,0 +1,25 @@ +--- src/manage_alerts.c 2025-09-05 02:59:51.000000000 -0700 ++++ src/manage_alerts.c 2025-10-07 22:40:51.468412000 -0700 +@@ -33,12 +33,12 @@ + #include "manage_sql_tickets.h" + #include "manage_tickets.h" + +-#include <bsd/unistd.h> + #include <glib/gstdio.h> + #include <grp.h> + #include <pwd.h> + #include <sys/types.h> + #include <sys/wait.h> ++#include <unistd.h> + + #include <gvm/gmp/gmp.h> + #include <gvm/util/fileutils.h> +@@ -1043,7 +1043,7 @@ + g_debug (" HTTP_GET %s", url); + + cmd = (gchar **) g_malloc (5 * sizeof (gchar *)); +- cmd[0] = g_strdup ("/usr/bin/wget"); ++ cmd[0] = g_strdup ("/usr/local/bin/wget"); + cmd[1] = g_strdup ("-O"); + cmd[2] = g_strdup ("-"); + cmd[3] = g_strdup (url); diff --git a/security/gvmd/files/patch-src_manage_sql.c b/security/gvmd/files/patch-src_manage_sql.c index f0a2558a25c8..4a8c168b398a 100644 --- a/security/gvmd/files/patch-src_manage_sql.c +++ b/security/gvmd/files/patch-src_manage_sql.c @@ -1,31 +1,28 @@ ---- src/manage_sql.c 2024-01-12 03:14:29.000000000 -0500 -+++ src/manage_sql.c 2024-01-26 16:42:23.043251000 -0500 -@@ -54,7 +54,6 @@ +--- src/manage_sql.c 2025-09-05 02:59:51.000000000 -0700 ++++ src/manage_sql.c 2025-10-07 22:42:53.666243000 -0700 +@@ -72,7 +72,6 @@ #include <errno.h> #include <glib/gstdio.h> #include <gnutls/x509.h> -#include <malloc.h> - #include <pwd.h> #include <stdlib.h> #include <sys/socket.h> -@@ -71,7 +70,6 @@ + #include <sys/stat.h> +@@ -84,12 +83,12 @@ + #include <gpgme.h> + #include <stdlib.h> + #include <string.h> ++#include <unistd.h> + + #include <gvm/base/gvm_sentry.h> #include <gvm/base/hosts.h> #include <gvm/base/pwpolicy.h> #include <gvm/base/logging.h> -#include <bsd/unistd.h> #include <gvm/util/fileutils.h> - #include <gvm/util/gpgmeutils.h> #include <gvm/util/serverutils.h> -@@ -9431,7 +9429,7 @@ - g_debug (" HTTP_GET %s", url); - - cmd = (gchar **) g_malloc (5 * sizeof (gchar *)); -- cmd[0] = g_strdup ("/usr/bin/wget"); -+ cmd[0] = g_strdup ("/usr/local/bin/wget"); - cmd[1] = g_strdup ("-O"); - cmd[2] = g_strdup ("-"); - cmd[3] = g_strdup (url); -@@ -15775,8 +15773,6 @@ + #include <gvm/util/uuidutils.h> +@@ -6382,8 +6381,6 @@ cleanup_iterator (&nvts); cleanup_iterator (&prefs); diff --git a/security/gvmd/pkg-plist b/security/gvmd/pkg-plist index 16a215ec225e..c9035415f44b 100644 --- a/security/gvmd/pkg-plist +++ b/security/gvmd/pkg-plist @@ -3,7 +3,7 @@ bin/gvm-manage-certs @sample etc/gvm/pwpolicy.conf.sample lib/libgvm-pg-server.so lib/libgvm-pg-server.so.26 -lib/libgvm-pg-server.so.26.0.0 +lib/libgvm-pg-server.so.26.3.0 sbin/gvmd share/doc/gvm/example-gvm-manage-certs.conf share/doc/gvm/html/gmp.html diff --git a/security/headscale/Makefile b/security/headscale/Makefile index f5c71ac4e8f0..4e09e45bcfe1 100644 --- a/security/headscale/Makefile +++ b/security/headscale/Makefile @@ -1,7 +1,7 @@ PORTNAME= headscale PORTVERSION= 0.26.1 DISTVERSIONPREFIX= v -PORTREVISION= 3 +PORTREVISION= 5 CATEGORIES= security net-vpn MAINTAINER= m.muenz@gmail.com diff --git a/security/hidden-lake/Makefile b/security/hidden-lake/Makefile index 3128df93d9f9..f27d4e7524dc 100644 --- a/security/hidden-lake/Makefile +++ b/security/hidden-lake/Makefile @@ -1,6 +1,6 @@ PORTNAME= hidden-lake DISTVERSIONPREFIX= v -DISTVERSION= 1.9.0 +DISTVERSION= 1.9.1 PORTREVISION= 1 CATEGORIES= security net-p2p diff --git a/security/hidden-lake/distinfo b/security/hidden-lake/distinfo index e2025a2a90d5..0c453c912479 100644 --- a/security/hidden-lake/distinfo +++ b/security/hidden-lake/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1755749357 -SHA256 (go/security_hidden-lake/hidden-lake-v1.9.0/v1.9.0.mod) = 63e461d57f3f49cebe5696f97cf82a652a9afe45e3d17e1aaa7cac4340eca63b -SIZE (go/security_hidden-lake/hidden-lake-v1.9.0/v1.9.0.mod) = 340 -SHA256 (go/security_hidden-lake/hidden-lake-v1.9.0/v1.9.0.zip) = 9cbb358b10607e5b3b20eae34c367f8ad578340bec4bb2203795704c80fcb5a0 -SIZE (go/security_hidden-lake/hidden-lake-v1.9.0/v1.9.0.zip) = 10690371 +TIMESTAMP = 1759785956 +SHA256 (go/security_hidden-lake/hidden-lake-v1.9.1/v1.9.1.mod) = 63e461d57f3f49cebe5696f97cf82a652a9afe45e3d17e1aaa7cac4340eca63b +SIZE (go/security_hidden-lake/hidden-lake-v1.9.1/v1.9.1.mod) = 340 +SHA256 (go/security_hidden-lake/hidden-lake-v1.9.1/v1.9.1.zip) = 3721b5c69e813a53a44ddac81e13a777784ad32dd1a373238c638a1306279c42 +SIZE (go/security_hidden-lake/hidden-lake-v1.9.1/v1.9.1.zip) = 10648837 diff --git a/security/hockeypuck/Makefile b/security/hockeypuck/Makefile index 4f76e01013f9..78c3a0535552 100644 --- a/security/hockeypuck/Makefile +++ b/security/hockeypuck/Makefile @@ -1,6 +1,6 @@ PORTNAME= hockeypuck DISTVERSION= 2.2.4 -PORTREVISION= 3 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= me@svmhdvn.name diff --git a/security/honeytrap/Makefile b/security/honeytrap/Makefile index ea11abf504e2..8f35bfa91f3c 100644 --- a/security/honeytrap/Makefile +++ b/security/honeytrap/Makefile @@ -1,6 +1,6 @@ PORTNAME= honeytrap DISTVERSION= g20210510 -PORTREVISION= 30 +PORTREVISION= 32 CATEGORIES= security MAINTAINER= ezri.mudde@dutchsec.com diff --git a/security/horcrux/Makefile b/security/horcrux/Makefile index 3a26d585fb3a..e7d748774e80 100644 --- a/security/horcrux/Makefile +++ b/security/horcrux/Makefile @@ -1,7 +1,7 @@ PORTNAME= horcrux DISTVERSIONPREFIX= v DISTVERSION= 0.3 -PORTREVISION= 29 +PORTREVISION= 31 CATEGORIES= security MAINTAINER= lcook@FreeBSD.org diff --git a/security/i2pd/Makefile b/security/i2pd/Makefile index b0baf476f5c3..136db5ae0ce0 100644 --- a/security/i2pd/Makefile +++ b/security/i2pd/Makefile @@ -1,5 +1,6 @@ PORTNAME= i2pd DISTVERSION= 2.58.0 +PORTREVISION= 1 CATEGORIES= security net-p2p MAINTAINER= driesm@FreeBSD.org diff --git a/security/iddawc/Makefile b/security/iddawc/Makefile deleted file mode 100644 index 775eee3530cd..000000000000 --- a/security/iddawc/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -PORTNAME= iddawc -PORTVERSION= 1.1.8 -DISTVERSIONPREFIX= v -CATEGORIES= security - -MAINTAINER= ports@FreeBSD.org -COMMENT= OAuth2/OIDC Client and Relying Party library -WWW= https://babelouest.github.io/iddawc/ \ - https://github.com/babelouest/iddawc - -LICENSE= LGPL21 -LICENSE_FILE= ${WRKSRC}/LICENSE - -DEPRECATED= Upstream repo archived on Nov 11, 2024 -EXPIRATION_DATE=2025-10-13 - -BUILD_DEPENDS= jansson>=2.11:devel/jansson \ - orcania>=2.3.2:devel/orcania \ - rhonabwy>=1.1.10:security/rhonabwy \ - ulfius>=2.7.12:www/ulfius \ - yder>=1.4.14:devel/yder -LIB_DEPENDS= libcurl.so:ftp/curl \ - libgnutls.so:security/gnutls \ - libjansson.so:devel/jansson \ - libmicrohttpd.so:www/libmicrohttpd \ - liborcania.so:devel/orcania \ - librhonabwy.so:security/rhonabwy \ - libulfius.so:www/ulfius \ - libyder.so:devel/yder - -USES= cmake pathfix - -CMAKE_OFF= BUILD_IDDAWC_DOCUMENTATION BUILD_IDDAWC_TESTING BUILD_RPM DOWNLOAD_DEPENDENCIES -CMAKE_ON= BUILD_IDWCC BUILD_STATIC INSTALL_HEADER SEARCH_ORCANIA_I SEARCH_RHONABWY_I SEARCH_ULFIUS_I SEARCH_YDER_I - -PLIST_SUB= PORTVERSION=${PORTVERSION} - -USE_GITHUB= yes -GH_ACCOUNT= babelouest - -post-install: - ${INSTALL_DATA} ${INSTALL_WRKSRC}/libiddawc.a ${STAGEDIR}${PREFIX}/lib/libiddawc.a - -.include <bsd.port.mk> diff --git a/security/iddawc/distinfo b/security/iddawc/distinfo deleted file mode 100644 index 1b99a83fccd6..000000000000 --- a/security/iddawc/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1686496690 -SHA256 (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1e075ffd64b26ab042b571473d4be6d6fcfc11f348b4833c79af52d70573dc59 -SIZE (babelouest-iddawc-v1.1.8_GH0.tar.gz) = 1463208 diff --git a/security/iddawc/files/patch-src-iddawc.c b/security/iddawc/files/patch-src-iddawc.c deleted file mode 100644 index 8841b26e2c51..000000000000 --- a/security/iddawc/files/patch-src-iddawc.c +++ /dev/null @@ -1,29 +0,0 @@ ---- src/iddawc.c.orig 2022-12-17 21:23:54 UTC -+++ src/iddawc.c -@@ -4972,7 +4972,7 @@ int i_verify_id_token(struct _i_session * i_session) { - if (alg != GNUTLS_DIG_UNKNOWN) { - hash_data.data = (unsigned char*)i_session->access_token; - hash_data.size = (unsigned int)o_strlen(i_session->access_token); -- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { -+ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { - if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { - if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "at_hash")), hash_encoded_len) != 0) { - y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token at - at_hash invalid"); -@@ -5000,7 +5000,7 @@ int i_verify_id_token(struct _i_session * i_session) { - if (alg != GNUTLS_DIG_UNKNOWN) { - hash_data.data = (unsigned char*)i_session->code; - hash_data.size = (unsigned int)o_strlen(i_session->code); -- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { -+ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { - if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { - if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "c_hash")), hash_encoded_len) != 0) { - y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - c_hash invalid"); -@@ -5028,7 +5028,7 @@ int i_verify_id_token(struct _i_session * i_session) { - if (alg != GNUTLS_DIG_UNKNOWN) { - hash_data.data = (unsigned char*)i_session->state; - hash_data.size = (unsigned int)o_strlen(i_session->state); -- if (gnutls_fingerprint(alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { -+ if (gnutls_fingerprint((gnutls_digest_algorithm_t) alg, &hash_data, hash, &hash_len) == GNUTLS_E_SUCCESS) { - if (o_base64url_encode(hash, hash_len/2, hash_encoded, &hash_encoded_len)) { - if (o_strncmp((const char *)hash_encoded, json_string_value(json_object_get(i_session->id_token_payload, "s_hash")), hash_encoded_len) != 0) { - y_log_message(Y_LOG_LEVEL_DEBUG, "i_verify_id_token - s_hash invalid"); diff --git a/security/iddawc/pkg-descr b/security/iddawc/pkg-descr deleted file mode 100644 index 01bcbdcd4420..000000000000 --- a/security/iddawc/pkg-descr +++ /dev/null @@ -1,23 +0,0 @@ -Iddawc is a C library used to implement OAuth2/OIDC clients according to the -OAuth2 RFC and the OpenID Connect Specs. - -It's based on Ulfius library for the HTTP requests and response management and -Rhonabwy library for the JOSE management. - -Iddawc supports the following features: -- Loading openid-configuration endpoints and parsing the results -- Making auth requests using the given parameters (client_id, client_secret, - redirect_uri, etc.) and parsing the result -- Making token requests using the given parameters (code, client_id, - client_secret, redirect_uri, etc.) and parsing the result -- Making userinfo, token introspection, token revocation requests -- Parse responses, validate id_token -- Registering new clients using the register endpoint if any -- Sending signed and or encrypted requests in the auth and token endpoints -- Client TLS Authentication available -- Making Pushed Auth Requests -- Making Rich Auth Requests -- Adding claims to requests -- Sending DPoP proofs -- JWT Secured Authorization Response Mode -- End session and single-logout functionalities diff --git a/security/iddawc/pkg-plist b/security/iddawc/pkg-plist deleted file mode 100644 index b9afe21892ee..000000000000 --- a/security/iddawc/pkg-plist +++ /dev/null @@ -1,37 +0,0 @@ -bin/idwcc -include/iddawc-cfg.h -include/iddawc.h -lib/libiddawc.a -lib/libiddawc.so -lib/libiddawc.so.1.1 -lib/libiddawc.so.%%PORTVERSION%% -libdata/pkgconfig/libiddawc.pc -share/idwcc/webapp/callback.html -share/idwcc/webapp/css/bootstrap.css -share/idwcc/webapp/css/bootstrap.css.map -share/idwcc/webapp/css/bootstrap.min.css -share/idwcc/webapp/css/bootstrap.min.css.map -share/idwcc/webapp/css/fork-awesome.css -share/idwcc/webapp/css/fork-awesome.min.css -share/idwcc/webapp/css/fork-awesome.min.css.map -share/idwcc/webapp/css/idwcc.css -share/idwcc/webapp/css/v5-compat.css -share/idwcc/webapp/css/v5-compat.min.css -share/idwcc/webapp/css/v5-compat.min.css.map -share/idwcc/webapp/fonts/forkawesome-webfont.eot -share/idwcc/webapp/fonts/forkawesome-webfont.svg -share/idwcc/webapp/fonts/forkawesome-webfont.ttf -share/idwcc/webapp/fonts/forkawesome-webfont.woff -share/idwcc/webapp/fonts/forkawesome-webfont.woff2 -share/idwcc/webapp/index.html -share/idwcc/webapp/js/bootstrap.js -share/idwcc/webapp/js/bootstrap.js.map -share/idwcc/webapp/js/bootstrap.min.js -share/idwcc/webapp/js/bootstrap.min.js.map -share/idwcc/webapp/js/iddwc.js -share/idwcc/webapp/js/jquery.js -share/idwcc/webapp/js/jquery.min.js -share/idwcc/webapp/js/popper.js -share/idwcc/webapp/js/popper.min.js -share/idwcc/webapp/js/qrcode.js -share/man/man1/idwcc.1.gz diff --git a/security/interactsh/Makefile b/security/interactsh/Makefile index 0a71e8c20062..ef206d1ed87b 100644 --- a/security/interactsh/Makefile +++ b/security/interactsh/Makefile @@ -1,6 +1,7 @@ PORTNAME= interactsh PORTVERSION= 1.2.4 DISTVERSIONPREFIX= v +PORTREVISION= 2 CATEGORIES= security MAINTAINER= danilo@FreeBSD.org diff --git a/security/keepassxc/Makefile b/security/keepassxc/Makefile index a8fecc23c2db..8c2148891e31 100644 --- a/security/keepassxc/Makefile +++ b/security/keepassxc/Makefile @@ -1,6 +1,6 @@ PORTNAME= keepassxc DISTVERSION= 2.7.10 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= https://github.com/keepassxreboot/keepassxc/releases/download/${DISTVERSION}/ DISTNAME= ${PORTNAME}-${DISTVERSION}-src @@ -25,7 +25,7 @@ LIB_DEPENDS= libargon2.so:security/libargon2 \ USES= cmake compiler:c++17-lang desktop-file-utils minizip \ pkgconfig qt:5 readline shared-mime-info tar:xz xorg -USE_QT= concurrent core dbus gui network svg widgets x11extras \ +USE_QT= concurrent core dbus gui network svg wayland widgets x11extras \ buildtools:build linguisttools:build qmake:build testlib:build USE_XORG= x11 diff --git a/security/keybase/Makefile b/security/keybase/Makefile index 89c01e84b716..a05b4a0eeb53 100644 --- a/security/keybase/Makefile +++ b/security/keybase/Makefile @@ -1,7 +1,7 @@ PORTNAME= keybase PORTVERSION= 6.5.1 DISTVERSIONPREFIX= v -PORTREVISION= 5 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= sunpoet@FreeBSD.org diff --git a/security/keychain/Makefile b/security/keychain/Makefile index 913a8fbc38f1..4f071b73d6fd 100644 --- a/security/keychain/Makefile +++ b/security/keychain/Makefile @@ -1,5 +1,5 @@ PORTNAME= keychain -PORTVERSION= 2.9.5 +PORTVERSION= 2.9.6 CATEGORIES= security MAINTAINER= garga@FreeBSD.org diff --git a/security/keychain/distinfo b/security/keychain/distinfo index 5dfacbe82b18..588c263ce07b 100644 --- a/security/keychain/distinfo +++ b/security/keychain/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750426458 -SHA256 (funtoo-keychain-2.9.5_GH0.tar.gz) = c883f26db616bc1c81ba5ef3832c7ad912f3e8bd0baf6aaff981164c538a1411 -SIZE (funtoo-keychain-2.9.5_GH0.tar.gz) = 42685 +TIMESTAMP = 1759928737 +SHA256 (funtoo-keychain-2.9.6_GH0.tar.gz) = 23e58da1f3ea7cbe15069e7d3c730277d0cb6a4bec2db76adc20a06acd4c0a42 +SIZE (funtoo-keychain-2.9.6_GH0.tar.gz) = 51990 diff --git a/security/kleopatra/Makefile b/security/kleopatra/Makefile index 82203c6914d6..3fec24d80e5d 100644 --- a/security/kleopatra/Makefile +++ b/security/kleopatra/Makefile @@ -1,5 +1,6 @@ PORTNAME= kleopatra DISTVERSION= ${KDE_APPLICATIONS_VERSION} +PORTREVISION= 1 CATEGORIES= security kde kde-applications MAINTAINER= kde@FreeBSD.org diff --git a/security/kpmenu/Makefile b/security/kpmenu/Makefile index e2af7f3b7c7b..2b9786443e81 100644 --- a/security/kpmenu/Makefile +++ b/security/kpmenu/Makefile @@ -1,7 +1,7 @@ PORTNAME= kpmenu DISTVERSIONPREFIX= v DISTVERSION= 1.4.1 -PORTREVISION= 30 +PORTREVISION= 32 CATEGORIES= security MAINTAINER= bapt@FreeBSD.org diff --git a/security/lego/Makefile b/security/lego/Makefile index 8a6f7b43b848..6ba0cbb685bf 100644 --- a/security/lego/Makefile +++ b/security/lego/Makefile @@ -1,6 +1,6 @@ PORTNAME= lego DISTVERSIONPREFIX= v -DISTVERSION= 4.26.0 +DISTVERSION= 4.27.0 CATEGORIES= security MAINTAINER= matt@matthoran.com diff --git a/security/lego/distinfo b/security/lego/distinfo index 33c9158bf88b..61e1e053a607 100644 --- a/security/lego/distinfo +++ b/security/lego/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1757982174 -SHA256 (go/security_lego/lego-v4.26.0/v4.26.0.mod) = 7beedcefda490a8f0f99f5057d3da951e2dfebcf325fec1053a247ba7e43d0ef -SIZE (go/security_lego/lego-v4.26.0/v4.26.0.mod) = 10962 -SHA256 (go/security_lego/lego-v4.26.0/v4.26.0.zip) = 3f2287156a729865a5b49d92f6f9890da69fd1d482c164e9f45795334fa37989 -SIZE (go/security_lego/lego-v4.26.0/v4.26.0.zip) = 1600833 +TIMESTAMP = 1760846644 +SHA256 (go/security_lego/lego-v4.27.0/v4.27.0.mod) = cecadfa0296e7454a6091949ae4a9b97494ab54d298e070da9b61b4d95c8a1f2 +SIZE (go/security_lego/lego-v4.27.0/v4.27.0.mod) = 11015 +SHA256 (go/security_lego/lego-v4.27.0/v4.27.0.zip) = c397e8c08ab816854ac9facf79479edd0624e175b1ef65275795004e17d8f515 +SIZE (go/security_lego/lego-v4.27.0/v4.27.0.zip) = 1654875 diff --git a/security/libgpg-error/Makefile b/security/libgpg-error/Makefile index c5cd944be429..8e14c97232ce 100644 --- a/security/libgpg-error/Makefile +++ b/security/libgpg-error/Makefile @@ -1,5 +1,5 @@ PORTNAME= libgpg-error -DISTVERSION= 1.55 +DISTVERSION= 1.56 CATEGORIES= security devel MASTER_SITES= GNUPG diff --git a/security/libgpg-error/distinfo b/security/libgpg-error/distinfo index 71d07ea47033..5b0e4cda9143 100644 --- a/security/libgpg-error/distinfo +++ b/security/libgpg-error/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745598267 -SHA256 (libgpg-error-1.55.tar.bz2) = 95b178148863f07d45df0cea67e880a79b9ef71f5d230baddc0071128516ef78 -SIZE (libgpg-error-1.55.tar.bz2) = 1109437 +TIMESTAMP = 1759920743 +SHA256 (libgpg-error-1.56.tar.bz2) = 82c3d2deb4ad96ad3925d6f9f124fe7205716055ab50e291116ef27975d169c0 +SIZE (libgpg-error-1.56.tar.bz2) = 1116017 diff --git a/security/libgpg-error/pkg-plist b/security/libgpg-error/pkg-plist index 15910b09c9ca..12c18a64659b 100644 --- a/security/libgpg-error/pkg-plist +++ b/security/libgpg-error/pkg-plist @@ -7,7 +7,7 @@ include/gpgrt.h lib/libgpg-error.a lib/libgpg-error.so lib/libgpg-error.so.0 -lib/libgpg-error.so.0.39.3 +lib/libgpg-error.so.0.40.0 libdata/pkgconfig/gpg-error.pc share/man/man1/gpg-error-config.1.gz share/man/man1/gpgrt-config.1.gz diff --git a/security/libressl-devel/Makefile b/security/libressl-devel/Makefile index b90c18b1308e..daa464c11003 100644 --- a/security/libressl-devel/Makefile +++ b/security/libressl-devel/Makefile @@ -1,5 +1,5 @@ PORTNAME= libressl -PORTVERSION= 4.1.1 +PORTVERSION= 4.2.0 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL PKGNAMESUFFIX= -devel @@ -50,12 +50,12 @@ LDFLAGS+= -pthread INSTALL_TARGET= install-strip TEST_TARGET= check -PLIST_SUB+= LIBCRYPTO_SHLIBMAJ=56 \ - LIBCRYPTO_SHLIBFULL=56.0.0 \ - LIBSSL_SHLIBMAJ=59 \ - LIBSSL_SHLIBFULL=59.0.1 \ - LIBTLS_SHLIBMAJ=32 \ - LIBTLS_SHLIBFULL=32.0.1 +PLIST_SUB+= LIBCRYPTO_SHLIBMAJ=57 \ + LIBCRYPTO_SHLIBFULL=57.0.1 \ + LIBSSL_SHLIBMAJ=60 \ + LIBSSL_SHLIBFULL=60.0.1 \ + LIBTLS_SHLIBMAJ=33 \ + LIBTLS_SHLIBFULL=33.0.1 post-patch-MAN3-off: ${REINPLACE_CMD} -e '/^install-man:/s/install-man3//' \ diff --git a/security/libressl-devel/distinfo b/security/libressl-devel/distinfo index 62e0fcbe19c7..6971a8021c4e 100644 --- a/security/libressl-devel/distinfo +++ b/security/libressl-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1759303143 -SHA256 (libressl-4.1.1.tar.gz) = c7ff7a7d675d5f57730940e5ccff1dbe2dcd5b7405b5397e0f7ffd66a5ed5679 -SIZE (libressl-4.1.1.tar.gz) = 9202355 +TIMESTAMP = 1760545157 +SHA256 (libressl-4.2.0.tar.gz) = 0f7dba44d7cb8df8d53f2cfbf1955254bc128e0089595f1aba2facfaee8408b2 +SIZE (libressl-4.2.0.tar.gz) = 9147132 diff --git a/security/libressl-devel/pkg-plist b/security/libressl-devel/pkg-plist index c73e0cb9c35a..30505e613b0c 100644 --- a/security/libressl-devel/pkg-plist +++ b/security/libressl-devel/pkg-plist @@ -38,6 +38,7 @@ include/openssl/kdf.h include/openssl/lhash.h include/openssl/md4.h include/openssl/md5.h +include/openssl/mlkem.h include/openssl/modes.h include/openssl/obj_mac.h include/openssl/objects.h diff --git a/security/libressl-devel/version.mk b/security/libressl-devel/version.mk index a43395b52412..2fe40b3646a5 100644 --- a/security/libressl-devel/version.mk +++ b/security/libressl-devel/version.mk @@ -1 +1 @@ -OPENSSL_SHLIBVER?= 56 +OPENSSL_SHLIBVER?= 57 diff --git a/security/libressl/Makefile b/security/libressl/Makefile index 749ae4315dc1..21673f97c719 100644 --- a/security/libressl/Makefile +++ b/security/libressl/Makefile @@ -1,5 +1,5 @@ PORTNAME= libressl -PORTVERSION= 4.1.1 +PORTVERSION= 4.2.0 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL @@ -49,12 +49,12 @@ LDFLAGS+= -pthread INSTALL_TARGET= install-strip TEST_TARGET= check -PLIST_SUB+= LIBCRYPTO_SHLIBMAJ=56 \ - LIBCRYPTO_SHLIBFULL=56.0.0 \ - LIBSSL_SHLIBMAJ=59 \ - LIBSSL_SHLIBFULL=59.0.1 \ - LIBTLS_SHLIBMAJ=32 \ - LIBTLS_SHLIBFULL=32.0.1 +PLIST_SUB+= LIBCRYPTO_SHLIBMAJ=57 \ + LIBCRYPTO_SHLIBFULL=57.0.1 \ + LIBSSL_SHLIBMAJ=60 \ + LIBSSL_SHLIBFULL=60.0.1 \ + LIBTLS_SHLIBMAJ=33 \ + LIBTLS_SHLIBFULL=33.0.1 post-patch-MAN3-off: ${REINPLACE_CMD} -e '/^install-man:/s/install-man3//' \ diff --git a/security/libressl/distinfo b/security/libressl/distinfo index 62e0fcbe19c7..6971a8021c4e 100644 --- a/security/libressl/distinfo +++ b/security/libressl/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1759303143 -SHA256 (libressl-4.1.1.tar.gz) = c7ff7a7d675d5f57730940e5ccff1dbe2dcd5b7405b5397e0f7ffd66a5ed5679 -SIZE (libressl-4.1.1.tar.gz) = 9202355 +TIMESTAMP = 1760545157 +SHA256 (libressl-4.2.0.tar.gz) = 0f7dba44d7cb8df8d53f2cfbf1955254bc128e0089595f1aba2facfaee8408b2 +SIZE (libressl-4.2.0.tar.gz) = 9147132 diff --git a/security/libressl/pkg-plist b/security/libressl/pkg-plist index c73e0cb9c35a..30505e613b0c 100644 --- a/security/libressl/pkg-plist +++ b/security/libressl/pkg-plist @@ -38,6 +38,7 @@ include/openssl/kdf.h include/openssl/lhash.h include/openssl/md4.h include/openssl/md5.h +include/openssl/mlkem.h include/openssl/modes.h include/openssl/obj_mac.h include/openssl/objects.h diff --git a/security/libressl/version.mk b/security/libressl/version.mk index a43395b52412..2fe40b3646a5 100644 --- a/security/libressl/version.mk +++ b/security/libressl/version.mk @@ -1 +1 @@ -OPENSSL_SHLIBVER?= 56 +OPENSSL_SHLIBVER?= 57 diff --git a/security/meek/Makefile b/security/meek/Makefile index 9483477599f1..35db4e3d03ed 100644 --- a/security/meek/Makefile +++ b/security/meek/Makefile @@ -1,7 +1,7 @@ PORTNAME= meek DISTVERSIONPREFIX=v DISTVERSION= 0.37.0 -PORTREVISION= 26 +PORTREVISION= 28 CATEGORIES= security net MAINTAINER= egypcio@FreeBSD.org diff --git a/security/metasploit/Makefile b/security/metasploit/Makefile index 424f1c11602f..2e381aaf8e3d 100644 --- a/security/metasploit/Makefile +++ b/security/metasploit/Makefile @@ -1,6 +1,6 @@ PORTNAME= metasploit DISTVERSION= 6.4.58 -PORTREVISION= 5 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= tanawts@gmail.com diff --git a/security/naabu/Makefile b/security/naabu/Makefile index 383cfec25a03..607d0e3dc5e3 100644 --- a/security/naabu/Makefile +++ b/security/naabu/Makefile @@ -1,7 +1,7 @@ PORTNAME= naabu DISTVERSIONPREFIX= v DISTVERSION= 2.3.5 -PORTREVISION= 2 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/nebula/Makefile b/security/nebula/Makefile index d809fe4e5504..e3c95c2bd43b 100644 --- a/security/nebula/Makefile +++ b/security/nebula/Makefile @@ -1,7 +1,7 @@ PORTNAME= nebula DISTVERSIONPREFIX= v DISTVERSION= 1.8.2 -PORTREVISION= 14 +PORTREVISION= 16 CATEGORIES= security MAINTAINER= ashish@FreeBSD.org diff --git a/security/netbird/Makefile b/security/netbird/Makefile index 2b5638e59319..dcc6ba064fbe 100644 --- a/security/netbird/Makefile +++ b/security/netbird/Makefile @@ -1,6 +1,7 @@ PORTNAME= netbird DISTVERSIONPREFIX= v -DISTVERSION= 0.59.1 +DISTVERSION= 0.59.5 +PORTREVISION= 1 CATEGORIES= security net net-vpn MAINTAINER= hakan.external@netbird.io diff --git a/security/netbird/distinfo b/security/netbird/distinfo index 6afd5a561327..e9f7354c4e59 100644 --- a/security/netbird/distinfo +++ b/security/netbird/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1759481572 -SHA256 (go/security_netbird/netbird-v0.59.1/v0.59.1.mod) = a930885bdb739be4a2fbbb2a63b86d0b33d3c2897b45d5f391ef1d9d29db5975 -SIZE (go/security_netbird/netbird-v0.59.1/v0.59.1.mod) = 12607 -SHA256 (go/security_netbird/netbird-v0.59.1/v0.59.1.zip) = 0e1eca9e038d7bf1db3bf67b59f3fa58356fb856c1a68c8fa02e8a609bc21f68 -SIZE (go/security_netbird/netbird-v0.59.1/v0.59.1.zip) = 3188357 +TIMESTAMP = 1759443384 +SHA256 (go/security_netbird/netbird-v0.59.5/v0.59.5.mod) = a930885bdb739be4a2fbbb2a63b86d0b33d3c2897b45d5f391ef1d9d29db5975 +SIZE (go/security_netbird/netbird-v0.59.5/v0.59.5.mod) = 12607 +SHA256 (go/security_netbird/netbird-v0.59.5/v0.59.5.zip) = 53bc2ca386490601792871891337e0d7ed73e7a5e96275137cb1c25005b627c2 +SIZE (go/security_netbird/netbird-v0.59.5/v0.59.5.zip) = 3192778 diff --git a/security/nextcloud-end_to_end_encryption/Makefile b/security/nextcloud-end_to_end_encryption/Makefile index fb390e30f5e8..989cdea1c8ce 100644 --- a/security/nextcloud-end_to_end_encryption/Makefile +++ b/security/nextcloud-end_to_end_encryption/Makefile @@ -1,5 +1,5 @@ PORTNAME= end_to_end_encryption -PORTVERSION= 1.17.0 +PORTVERSION= 1.18.0 DISTVERSIONPREFIX= v CATEGORIES= security @@ -9,7 +9,7 @@ WWW= https://apps.nextcloud.com/apps/end_to_end_encryption LICENSE_FILE= ${WRKSRC}/LICENSE -NEXTCLOUD_RUN_DEPENDS= 31 +NEXTCLOUD_RUN_DEPENDS= 32 USES= nextcloud php:flavors diff --git a/security/nextcloud-end_to_end_encryption/distinfo b/security/nextcloud-end_to_end_encryption/distinfo index 7c3128388436..5a29084e41e2 100644 --- a/security/nextcloud-end_to_end_encryption/distinfo +++ b/security/nextcloud-end_to_end_encryption/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1740558340 -SHA256 (nextcloud/end_to_end_encryption-v1.17.0.tar.gz) = 5a88effd4cc34fdbfd6d5682f0aec6a9a4185531381a8446db3b4700b664b4b9 -SIZE (nextcloud/end_to_end_encryption-v1.17.0.tar.gz) = 1864255 +TIMESTAMP = 1760546414 +SHA256 (nextcloud/end_to_end_encryption-v1.18.0.tar.gz) = 3426b9b7e92c6c778184bd18a448c3e26e5d8f4c0040891ce98adea409f4f133 +SIZE (nextcloud/end_to_end_encryption-v1.18.0.tar.gz) = 1899150 diff --git a/security/nuclei/Makefile b/security/nuclei/Makefile index 884ebf15b0e1..91bafa59bce5 100644 --- a/security/nuclei/Makefile +++ b/security/nuclei/Makefile @@ -1,6 +1,7 @@ PORTNAME= nuclei DISTVERSIONPREFIX= v DISTVERSION= 3.4.10 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org diff --git a/security/obfs4proxy-tor/Makefile b/security/obfs4proxy-tor/Makefile index 76b061e30825..3cbaa640cf54 100644 --- a/security/obfs4proxy-tor/Makefile +++ b/security/obfs4proxy-tor/Makefile @@ -1,6 +1,6 @@ PORTNAME= obfs4proxy DISTVERSION= 0.0.14 -PORTREVISION= 24 +PORTREVISION= 26 CATEGORIES= security net PKGNAMESUFFIX= -tor DISTFILES= ${DISTNAME}${EXTRACT_SUFX} diff --git a/security/onionscan/Makefile b/security/onionscan/Makefile index b08feed23913..56d3dcd53406 100644 --- a/security/onionscan/Makefile +++ b/security/onionscan/Makefile @@ -1,7 +1,7 @@ PORTNAME= onionscan DISTVERSIONPREFIX= OnionScan- DISTVERSION= 0.2 -PORTREVISION= 32 +PORTREVISION= 34 CATEGORIES= security net MAINTAINER= egypcio@FreeBSD.org diff --git a/security/openbao/Makefile b/security/openbao/Makefile index ed9842ccfaff..de470b9a559b 100644 --- a/security/openbao/Makefile +++ b/security/openbao/Makefile @@ -1,6 +1,7 @@ PORTNAME= openbao DISTVERSIONPREFIX= v DISTVERSION= 2.4.1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES+= https://raw.githubusercontent.com/${PORTNAME}/${PORTNAME}/${DISTVERSIONFULL}/ DISTFILES= go.mod \ diff --git a/security/openssh-portable/Makefile b/security/openssh-portable/Makefile index 352394002f30..f36d91c12c4a 100644 --- a/security/openssh-portable/Makefile +++ b/security/openssh-portable/Makefile @@ -1,6 +1,6 @@ PORTNAME= openssh -DISTVERSION= 10.1p1 -PORTREVISION= 2 +DISTVERSION= 10.2p1 +PORTREVISION= 0 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= OPENBSD/OpenSSH/portable @@ -43,7 +43,7 @@ gssapi_PKGNAMESUFFIX= -portable-gssapi OPTIONS_DEFINE= DOCS PAM TCP_WRAPPERS LIBEDIT BSM \ HPN KERB_GSSAPI \ LDNS NONECIPHER XMSS FIDO_U2F BLACKLISTD -OPTIONS_DEFAULT= LIBEDIT PAM TCP_WRAPPERS LDNS FIDO_U2F +OPTIONS_DEFAULT= BLACKLISTD LIBEDIT PAM TCP_WRAPPERS LDNS FIDO_U2F .if ${FLAVOR:U} == hpn OPTIONS_DEFAULT+= HPN NONECIPHER .endif @@ -100,21 +100,29 @@ ETCDIR?= ${PREFIX}/etc/ssh PATCH_SITES+= http://mirror.shatow.net/freebsd/${PORTNAME}/:DEFAULT,hpn,gsskex # Must add this patch before HPN due to conflicts +.if !${PORT_OPTIONS:MBLACKLISTD} +. if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} +# Needed glue for applying HPN patch without conflict +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-no-blocklistd-hpn-glue +. endif +.endif + +# Must add this patch before HPN due to conflicts .if ${PORT_OPTIONS:MKERB_GSSAPI} || ${FLAVOR:U} == gssapi -BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. +# BROKEN= KERB_GSSAPI No patch for ${DISTVERSION} yet. . if ${PORT_OPTIONS:MHPN} || ${PORT_OPTIONS:MNONECIPHER} # Needed glue for applying HPN patch without conflict EXTRA_PATCHES+= ${FILESDIR}/extra-patch-hpn-gss-glue . endif # - See https://sources.debian.org/data/main/o/openssh/ for which subdir to # pull from. -GSSAPI_DEBIAN_VERSION= 10.0p1 -GSSAPI_DEBIAN_SUBDIR= ${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-8 +GSSAPI_DEBIAN_VERSION= 10.2p1 +GSSAPI_DEBIAN_SUBDIR= ${GSSAPI_DEBIAN_VERSION:U${DISTVERSION}}-1 # - Debian does not use a versioned filename so we trick fetch to make one for # us with the ?<anything>=/ trick. PATCH_SITES+= https://sources.debian.org/data/main/o/openssh/1:${GSSAPI_DEBIAN_SUBDIR}/debian/patches/gssapi.patch?dummy=/:gsskex # Bump this when updating the patch location -GSSAPI_DISTVERSION= 10.0p1 +GSSAPI_DISTVERSION= 10.2p1 PATCHFILES+= openssh-${GSSAPI_DISTVERSION:U${DISTVERSION}}-gsskex-all-debian-rh-${GSSAPI_DISTVERSION}.patch:-p1:gsskex EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgssc.c EXTRA_PATCHES+= ${FILESDIR}/extra-patch-gssapi-kexgsss.c diff --git a/security/openssh-portable/distinfo b/security/openssh-portable/distinfo index 20ed1e88abef..6aa27b76a8c8 100644 --- a/security/openssh-portable/distinfo +++ b/security/openssh-portable/distinfo @@ -1,3 +1,5 @@ -TIMESTAMP = 1759763325 -SHA256 (openssh-10.1p1.tar.gz) = b9fc7a2b82579467a6f2f43e4a81c8e1dfda614ddb4f9b255aafd7020bbf0758 -SIZE (openssh-10.1p1.tar.gz) = 1972831 +TIMESTAMP = 1760240447 +SHA256 (openssh-10.2p1.tar.gz) = ccc42c0419937959263fa1dbd16dafc18c56b984c03562d2937ce56a60f798b2 +SIZE (openssh-10.2p1.tar.gz) = 1974519 +SHA256 (openssh-10.2p1-gsskex-all-debian-rh-10.2p1.patch) = a02ab012657477a85dc7e4dca90a568ff5f13199221cda888608e9d0290454a0 +SIZE (openssh-10.2p1-gsskex-all-debian-rh-10.2p1.patch) = 126336 diff --git a/security/openssh-portable/files/extra-patch-blacklistd b/security/openssh-portable/files/extra-patch-blacklistd index a7145e42ce9b..3118103c5d74 100644 --- a/security/openssh-portable/files/extra-patch-blacklistd +++ b/security/openssh-portable/files/extra-patch-blacklistd @@ -1,9 +1,80 @@ ---- blacklist.c.orig 2021-04-28 13:37:52.679784000 -0700 -+++ blacklist.c 2021-04-28 13:56:45.677805000 -0700 -@@ -0,0 +1,92 @@ +--- Makefile.in.orig 2025-10-02 12:00:00.000000000 ++++ Makefile.in 2025-10-02 12:00:00.000000000 +@@ -208,6 +208,8 @@ + FIXPATHSCMD = $(SED) $(PATHSUBS) + FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \ + @UNSUPPORTED_ALGORITHMS@ ++ ++LIBSSH_OBJS+= blacklist.o + + all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) + +--- auth-pam.c.orig 2025-10-02 12:00:00.000000000 ++++ auth-pam.c 2025-10-02 12:00:00.000000000 +@@ -101,6 +101,7 @@ + #endif + #include "monitor_wrap.h" + #include "srclimit.h" ++#include "blacklist_client.h" + + extern ServerOptions options; + extern struct sshbuf *loginmsg; +@@ -936,6 +937,8 @@ + sshbuf_free(buffer); + return (0); + } ++ BLACKLIST_NOTIFY(NULL, BLACKLIST_AUTH_FAIL, ++ "PAM illegal user"); + error("PAM: %s for %s%.100s from %.100s", msg, + sshpam_authctxt->valid ? "" : "illegal user ", + sshpam_authctxt->user, sshpam_rhost); +--- auth.c.orig 2025-10-02 12:00:00.000000000 ++++ auth.c 2025-10-02 12:00:00.000000000 +@@ -75,6 +75,7 @@ + #include "monitor_wrap.h" + #include "ssherr.h" + #include "channels.h" ++#include "blacklist_client.h" + + /* import */ + extern ServerOptions options; +@@ -285,8 +286,12 @@ + authmsg = "Postponed"; + else if (partial) + authmsg = "Partial"; +- else ++ else { + authmsg = authenticated ? "Accepted" : "Failed"; ++ if (authenticated) ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_OK, ++ "Authenticated"); ++ } + + if ((extra = format_method_key(authctxt)) == NULL) { + if (authctxt->auth_method_info != NULL) +@@ -334,6 +339,7 @@ + { + Authctxt *authctxt = (Authctxt *)ssh->authctxt; + ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Maximum attempts exceeded"); + error("maximum authentication attempts exceeded for " + "%s%.100s from %.200s port %d ssh2", + authctxt->valid ? "" : "invalid user ", +@@ -494,6 +500,8 @@ + aix_restoreauthdb(); + #endif + if (pw == NULL) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, ++ "Invalid user"); + logit("Invalid user %.100s from %.100s port %d", + user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); + #ifdef CUSTOM_FAILED_LOGIN +--- blacklist.c.orig 2025-10-02 12:00:00.000000000 ++++ blacklist.c 2025-10-02 12:00:00.000000000 +@@ -0,0 +1,97 @@ +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. -+ * Copyright (c) 2016 The FreeBSD Foundation, Inc. ++ * Copyright (c) 2016 The FreeBSD Foundation + * All rights reserved. + * + * Portions of this software were developed by Kurt Lidl @@ -48,11 +119,15 @@ +#include "packet.h" +#include "log.h" +#include "misc.h" ++#include "servconf.h" +#include <blacklist.h> +#include "blacklist_client.h" + +static struct blacklist *blstate = NULL; + ++/* import */ ++extern ServerOptions options; ++ +/* internal definition from bl.h */ +struct blacklist *bl_create(bool, char *, void (*)(int, const char *, va_list)); + @@ -82,23 +157,24 @@ +blacklist_init(void) +{ + -+ blstate = bl_create(false, NULL, im_log); ++ if (options.use_blacklist) ++ blstate = bl_create(false, NULL, im_log); +} + +void -+blacklist_notify(int action, struct ssh *ssh, const char *msg) ++blacklist_notify(struct ssh *ssh, int action, const char *msg) +{ + + if (blstate != NULL && ssh_packet_connection_is_on_socket(ssh)) + (void)blacklist_r(blstate, action, + ssh_packet_get_connection_in(ssh), msg); +} ---- blacklist_client.h.orig 2020-11-16 16:45:22.823087000 -0800 -+++ blacklist_client.h 2020-11-16 16:45:09.761962000 -0800 +--- blacklist_client.h.orig 2025-10-02 12:00:00.000000000 ++++ blacklist_client.h 2025-10-02 12:00:00.000000000 @@ -0,0 +1,61 @@ +/*- + * Copyright (c) 2015 The NetBSD Foundation, Inc. -+ * Copyright (c) 2016 The FreeBSD Foundation, Inc. ++ * Copyright (c) 2016 The FreeBSD Foundation + * All rights reserved. + * + * Portions of this software were developed by Kurt Lidl @@ -143,23 +219,62 @@ + +#ifdef USE_BLACKLIST +void blacklist_init(void); -+void blacklist_notify(int, struct ssh *, const char *); ++void blacklist_notify(struct ssh *, int, const char *); + +#define BLACKLIST_INIT() blacklist_init() -+#define BLACKLIST_NOTIFY(x, ssh, msg) blacklist_notify(x, ssh, msg) ++#define BLACKLIST_NOTIFY(ssh,x,msg) blacklist_notify(ssh,x,msg) + +#else + +#define BLACKLIST_INIT() -+#define BLACKLIST_NOTIFY(x, ssh, msg) ++#define BLACKLIST_NOTIFY(ssh,x,msg) + +#endif + + +#endif /* BLACKLIST_CLIENT_H */ ---- servconf.c.orig 2021-04-15 20:55:25.000000000 -0700 -+++ servconf.c 2021-04-28 13:36:19.591999000 -0700 -@@ -172,6 +172,7 @@ initialize_server_options(ServerOptions *options) +--- monitor.c.orig 2025-10-02 12:00:00.000000000 ++++ monitor.c 2025-10-02 12:00:00.000000000 +@@ -85,6 +85,8 @@ + #include "misc.h" + #include "servconf.h" + #include "monitor.h" ++#include "blacklist_client.h" ++ + #ifdef GSSAPI + #include "ssh-gss.h" + #endif +@@ -353,16 +355,24 @@ + } + } + if (authctxt->failures > options.max_authtries) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, ++ "Too many authentication attempts"); + /* Shouldn't happen */ + fatal_f("privsep child made too many authentication " + "attempts"); + } + } + +- if (!authctxt->valid) +- fatal_f("authenticated invalid user"); +- if (strcmp(auth_method, "unknown") == 0) ++ if (!authctxt->valid) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, ++ "Authenticated invalid user"); ++ fatal_f("authenticated invalid user"); ++ } ++ if (strcmp(auth_method, "unknown") == 0) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, ++ "Authentication method name unknown"); + fatal_f("authentication method name unknown"); ++ } + + debug_f("user %s authenticated by privileged process", authctxt->user); + auth_attempted = 0; +--- servconf.c.orig 2025-10-02 12:00:00.000000000 ++++ servconf.c 2025-10-02 12:00:00.000000000 +@@ -186,6 +186,7 @@ options->max_sessions = -1; options->banner = NULL; options->use_dns = -1; @@ -167,7 +282,7 @@ options->client_alive_interval = -1; options->client_alive_count_max = -1; options->num_authkeys_files = 0; -@@ -410,6 +411,8 @@ fill_default_server_options(ServerOptions *options) +@@ -455,6 +456,8 @@ options->max_sessions = DEFAULT_SESSIONS_MAX; if (options->use_dns == -1) options->use_dns = 0; @@ -176,15 +291,15 @@ if (options->client_alive_interval == -1) options->client_alive_interval = 0; if (options->client_alive_count_max == -1) -@@ -506,6 +509,7 @@ typedef enum { +@@ -563,6 +566,7 @@ sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms, sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions, sBanner, sUseDNS, sHostbasedAuthentication, + sUseBlacklist, sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms, sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize, - sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, -@@ -642,6 +646,8 @@ static struct { + sPerSourcePenalties, sPerSourcePenaltyExemptList, +@@ -706,6 +710,8 @@ { "maxsessions", sMaxSessions, SSHCFG_ALL }, { "banner", sBanner, SSHCFG_ALL }, { "usedns", sUseDNS, SSHCFG_GLOBAL }, @@ -193,7 +308,7 @@ { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, { "clientaliveinterval", sClientAliveInterval, SSHCFG_ALL }, -@@ -1692,6 +1698,10 @@ process_server_config_line_depth(ServerOptions *option +@@ -1788,6 +1794,10 @@ intptr = &options->use_dns; goto parse_flag; @@ -203,8 +318,8 @@ + case sLogFacility: log_facility_ptr = &options->log_facility; - arg = strdelim(&cp); -@@ -2872,6 +2882,7 @@ dump_config(ServerOptions *o) + arg = argv_next(&ac, &av); +@@ -3276,6 +3286,7 @@ dump_cfg_fmtint(sCompression, o->compression); dump_cfg_fmtint(sGatewayPorts, o->fwd_opts.gateway_ports); dump_cfg_fmtint(sUseDNS, o->use_dns); @@ -212,9 +327,9 @@ dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding); ---- servconf.h.orig 2020-11-16 15:51:00.752090000 -0800 -+++ servconf.h 2020-11-16 15:51:02.962173000 -0800 -@@ -179,6 +179,7 @@ typedef struct { +--- servconf.h.orig 2025-10-02 12:00:00.000000000 ++++ servconf.h 2025-10-02 12:00:00.000000000 +@@ -195,6 +195,7 @@ int max_sessions; char *banner; /* SSH-2 banner message */ int use_dns; @@ -222,150 +337,61 @@ int client_alive_interval; /* * poke the client this often to * see if it's still there ---- auth-pam.c.orig 2020-11-16 15:52:45.816578000 -0800 -+++ auth-pam.c 2020-11-16 15:54:19.796583000 -0800 -@@ -105,6 +105,7 @@ extern char *__progname; - #include "ssh-gss.h" - #endif - #include "monitor_wrap.h" -+#include "blacklist_client.h" - - extern ServerOptions options; - extern struct sshbuf *loginmsg; -@@ -916,6 +917,10 @@ sshpam_query(void *ctx, char **name, char **info, - sshbuf_free(buffer); - return (0); - } -+ /* XXX: ssh context unavailable here, unclear if this is even needed. -+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, -+ the_active_state, sshpam_authctxt->user); -+ */ - error("PAM: %s for %s%.100s from %.100s", msg, - sshpam_authctxt->valid ? "" : "illegal user ", - sshpam_authctxt->user, sshpam_rhost); ---- auth.c.orig 2020-11-16 15:52:45.824171000 -0800 -+++ auth.c 2020-11-16 15:57:51.091969000 -0800 -@@ -76,6 +76,7 @@ - #include "ssherr.h" - #include "compat.h" - #include "channels.h" -+#include "blacklist_client.h" - - /* import */ - extern ServerOptions options; -@@ -331,8 +332,11 @@ auth_log(struct ssh *ssh, int authenticated, int parti - authmsg = "Postponed"; - else if (partial) - authmsg = "Partial"; -- else -+ else { - authmsg = authenticated ? "Accepted" : "Failed"; -+ if (authenticated) -+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_OK, ssh, "ssh"); -+ } - - if ((extra = format_method_key(authctxt)) == NULL) { - if (authctxt->auth_method_info != NULL) -@@ -586,6 +590,7 @@ getpwnamallow(struct ssh *ssh, const char *user) - aix_restoreauthdb(); - #endif - if (pw == NULL) { -+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, ssh, user); - logit("Invalid user %.100s from %.100s port %d", - user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); - #ifdef CUSTOM_FAILED_LOGIN ---- auth2.c.orig 2020-11-16 17:10:36.772062000 -0800 -+++ auth2.c 2020-11-16 17:12:04.852943000 -0800 -@@ -58,6 +58,7 @@ - #include "monitor_wrap.h" - #include "digest.h" - #include "kex.h" -+#include "blacklist_client.h" - - /* import */ - extern ServerOptions options; -@@ -295,6 +296,7 @@ input_userauth_request(int type, u_int32_t seq, struct - } else { - /* Invalid user, fake password information */ - authctxt->pw = fakepw(); -+ BLACKLIST_NOTIFY(BLACKLIST_BAD_USER, ssh, "ssh"); - #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(ssh, SSH_INVALID_USER)); - #endif -@@ -448,8 +450,10 @@ userauth_finish(struct ssh *ssh, int authenticated, co - } else { - /* Allow initial try of "none" auth without failure penalty */ - if (!partial && !authctxt->server_caused_failure && -- (authctxt->attempt > 1 || strcmp(method, "none") != 0)) -+ (authctxt->attempt > 1 || strcmp(method, "none") != 0)) { - authctxt->failures++; -+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh"); -+ } - if (authctxt->failures >= options.max_authtries) { - #ifdef SSH_AUDIT_EVENTS - PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES)); ---- packet.c.orig 2020-11-16 15:52:45.839070000 -0800 -+++ packet.c 2020-11-16 15:56:09.285418000 -0800 -@@ -96,6 +96,7 @@ - #include "packet.h" - #include "ssherr.h" - #include "sshbuf.h" -+#include "blacklist_client.h" - - #ifdef PACKET_DEBUG - #define DBG(x) x -@@ -1882,6 +1883,7 @@ sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, - case SSH_ERR_NO_KEX_ALG_MATCH: - case SSH_ERR_NO_HOSTKEY_ALG_MATCH: - if (ssh->kex && ssh->kex->failed_choice) { -+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh"); - ssh_packet_clear_keys(ssh); - errno = oerrno; - logdie("Unable to negotiate with %s: %s. " ---- sshd.c.orig 2021-08-19 21:03:49.000000000 -0700 -+++ sshd.c 2021-09-10 10:37:17.926747000 -0700 -@@ -123,6 +123,7 @@ - #include "version.h" - #include "ssherr.h" +--- sshd-session.c.orig 2025-10-02 12:00:00.000000000 ++++ sshd-session.c 2025-10-02 12:00:00.000000000 +@@ -108,6 +108,7 @@ #include "sk-api.h" -+#include "blacklist_client.h" #include "srclimit.h" #include "dh.h" ++#include "blacklist_client.h" -@@ -2225,6 +2228,9 @@ main(int ac, char **av) - if ((loginmsg = sshbuf_new()) == NULL) - fatal_f("sshbuf_new failed"); - auth_debug_reset(); + #ifdef LIBWRAP + #include <tcpd.h> +@@ -223,6 +224,8 @@ + static void + grace_alarm_handler(int sig) + { ++ BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, ++ "Grace period expired"); + /* + * Try to kill any processes that we have spawned, E.g. authorized + * keys command helpers or privsep children. +@@ -1206,6 +1209,8 @@ + ssh_signal(SIGQUIT, SIG_DFL); + ssh_signal(SIGCHLD, SIG_DFL); + ssh_signal(SIGINT, SIG_DFL); + -+ if (options.use_blacklist) -+ BLACKLIST_INIT(); ++ BLACKLIST_INIT(); - if (use_privsep) { - if (privsep_preauth(ssh) == 1) ---- Makefile.in.orig 2022-10-03 07:51:42.000000000 -0700 -+++ Makefile.in 2022-10-09 10:50:06.401377000 -0700 -@@ -185,6 +185,8 @@ FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(S - FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \ - @UNSUPPORTED_ALGORITHMS@ + /* + * Register our connection. This turns encryption off because we do +@@ -1297,8 +1302,10 @@ + } -+LIBSSH_OBJS+= blacklist.o -+ - all: $(CONFIGFILES) $(MANPAGES) $(TARGETS) + if ((r = kex_exchange_identification(ssh, -1, +- options.version_addendum)) != 0) ++ options.version_addendum)) != 0) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange"); + sshpkt_fatal(ssh, r, "banner exchange"); ++ } - $(LIBSSH_OBJS): Makefile.in config.h ---- sshd_config.orig 2020-11-16 16:57:14.276036000 -0800 -+++ sshd_config 2020-11-16 16:57:42.183846000 -0800 -@@ -94,6 +94,7 @@ - #PrintLastLog yes - #TCPKeepAlive yes - #PermitUserEnvironment no -+#UseBlacklist no - #Compression delayed - #ClientAliveInterval 0 - #ClientAliveCountMax 3 ---- sshd_config.5.orig 2023-12-18 15:59:50.000000000 +0100 -+++ sshd_config.5 2024-01-06 16:36:17.025742000 +0100 -@@ -1855,6 +1855,20 @@ This option may be useful in conjunction with + ssh_packet_set_nonblocking(ssh); + +@@ -1443,7 +1450,10 @@ + audit_event(the_active_state, SSH_CONNECTION_ABANDON); + #endif + /* Override default fatal exit value when auth was attempted */ +- if (i == 255 && auth_attempted) ++ if (i == 255 && auth_attempted) { ++ BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, ++ "Fatal exit"); + _exit(EXIT_AUTH_ATTEMPTED); ++ } + _exit(i); + } +--- sshd_config.5.orig 2025-10-02 12:00:00.000000000 ++++ sshd_config.5 2025-10-02 12:00:00.000000000 +@@ -2009,6 +2009,20 @@ is to never expire connections for having no open channels. This option may be useful in conjunction with .Cm ChannelTimeout . @@ -386,34 +412,13 @@ .It Cm UseDNS Specifies whether .Xr sshd 8 ---- monitor.c.orig 2020-11-16 17:24:03.457283000 -0800 -+++ monitor.c 2020-11-16 17:25:57.642510000 -0800 -@@ -96,6 +96,7 @@ - #include "match.h" - #include "ssherr.h" - #include "sk-api.h" -+#include "blacklist_client.h" +--- sshd_config.orig 2025-10-02 12:00:00.000000000 ++++ sshd_config 2025-10-02 12:00:00.000000000 +@@ -102,6 +102,7 @@ + #MaxStartups 10:30:100 + #PermitTunnel no + #ChrootDirectory none ++#UseBlacklist no + #VersionAddendum none - #ifdef GSSAPI - static Gssctxt *gsscontext = NULL; -@@ -342,8 +343,11 @@ monitor_child_preauth(struct ssh *ssh, struct monitor - if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { - auth_log(ssh, authenticated, partial, - auth_method, auth_submethod); -- if (!partial && !authenticated) -+ if (!partial && !authenticated) { - authctxt->failures++; -+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, -+ ssh, "ssh"); -+ } - if (authenticated || partial) { - auth2_update_session_info(authctxt, - auth_method, auth_submethod); -@@ -1228,6 +1232,7 @@ mm_answer_keyallowed(struct ssh *ssh, int sock, struct - } else { - /* Log failed attempt */ - auth_log(ssh, 0, 0, auth_method, NULL); -+ BLACKLIST_NOTIFY(BLACKLIST_AUTH_FAIL, ssh, "ssh"); - free(cuser); - free(chost); - } + # no default banner path diff --git a/security/openssh-portable/files/extra-patch-hpn b/security/openssh-portable/files/extra-patch-hpn index 412cc576fb7c..a4df93cc2186 100644 --- a/security/openssh-portable/files/extra-patch-hpn +++ b/security/openssh-portable/files/extra-patch-hpn @@ -1233,17 +1233,17 @@ diff -urN -x configure -x config.guess -x config.h.in -x config.sub work.clean/o /* * Create a new session and process group since the 4.4BSD * setlogin() affects the entire process group. We don't ---- work.clean/openssh-9.8p1/sshd-session.c.orig 2024-07-01 13:54:25.745441000 -0700 -+++ work/openssh-9.8p1/sshd-session.c 2024-07-01 13:54:57.335695000 -0700 -@@ -1305,7 +1305,7 @@ main(int ac, char **av) - alarm(options.login_grace_time); +--- work/openssh/sshd-session.c.orig 2025-10-11 10:19:18.935826000 -0700 ++++ work/openssh/sshd-session.c 2025-10-11 10:20:11.460279000 -0700 +@@ -1281,7 +1281,7 @@ main(int ac, char **av) + } if ((r = kex_exchange_identification(ssh, -1, -- options.version_addendum)) != 0) -+ options.version_addendum, options.hpn_disabled)) != 0) +- options.version_addendum)) != 0) { ++ options.version_addendum, options.hpn_disabled)) != 0) { + BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange"); sshpkt_fatal(ssh, r, "banner exchange"); - - ssh_packet_set_nonblocking(ssh); + } --- work.clean/openssh-6.8p1/sshd_config 2015-04-01 22:07:18.248858000 -0500 +++ work/openssh-6.8p1/sshd_config 2015-04-01 22:16:49.932279000 -0500 @@ -111,6 +111,20 @@ AuthorizedKeysFile .ssh/authorized_keys diff --git a/security/openssh-portable/files/extra-patch-hpn-gss-glue b/security/openssh-portable/files/extra-patch-hpn-gss-glue index 57b47e8b023a..3924a57f9d67 100644 --- a/security/openssh-portable/files/extra-patch-hpn-gss-glue +++ b/security/openssh-portable/files/extra-patch-hpn-gss-glue @@ -22,9 +22,9 @@ if (options.gss_keyex) { /* Add the GSSAPI mechanisms currently supported on this * client to the key exchange algorithm proposal */ ---- readconf.c.orig 2019-07-19 12:13:18.000312000 -0700 -+++ readconf.c 2019-07-19 12:13:29.614552000 -0700 -@@ -63,11 +63,11 @@ +--- readconf.c.orig 2025-10-08 15:36:47.220504000 -0700 ++++ readconf.c 2025-10-08 15:38:09.729314000 -0700 +@@ -60,11 +60,11 @@ #include "readconf.h" #include "match.h" #include "kex.h" @@ -34,12 +34,12 @@ #include "myproposal.h" #include "digest.h" -#include "ssh-gss.h" + #include "version.h" /* Format of the configuration file: - ---- servconf.c.orig 2019-07-19 12:14:42.078398000 -0700 -+++ servconf.c 2019-07-19 12:14:43.543687000 -0700 -@@ -54,6 +54,7 @@ +--- servconf.c.orig 2025-10-08 15:36:47.223017000 -0700 ++++ servconf.c 2025-10-08 15:38:32.182178000 -0700 +@@ -56,6 +56,7 @@ #include "sshkey.h" #include "kex.h" #include "mac.h" @@ -47,11 +47,11 @@ #include "match.h" #include "channels.h" #include "groupaccess.h" -@@ -64,7 +65,6 @@ +@@ -66,7 +67,6 @@ #include "auth.h" #include "myproposal.h" #include "digest.h" -#include "ssh-gss.h" + #include "version.h" - static void add_listen_addr(ServerOptions *, const char *, - const char *, int); + #if !defined(SSHD_PAM_SERVICE) diff --git a/security/openssh-portable/files/extra-patch-no-blocklistd-hpn-glue b/security/openssh-portable/files/extra-patch-no-blocklistd-hpn-glue new file mode 100644 index 000000000000..1059f57cc88b --- /dev/null +++ b/security/openssh-portable/files/extra-patch-no-blocklistd-hpn-glue @@ -0,0 +1,27 @@ +--- sshd-session.c.orig 2025-10-11 10:16:00.048273000 -0700 ++++ sshd-session.c 2025-10-11 10:16:02.937735000 -0700 +@@ -149,6 +149,12 @@ static int have_agent = 0; + /* Daemon's agent connection */ + int auth_sock = -1; + static int have_agent = 0; ++ ++/* ++ * This is compiled WITHOUT blocklistd support. This is done for patch ++ * glue in ports. ++ */ ++#define BLACKLIST_NOTIFY(...) + + /* + * Any really sensitive data in the application is contained in this +@@ -1275,8 +1281,10 @@ main(int ac, char **av) + } + + if ((r = kex_exchange_identification(ssh, -1, +- options.version_addendum)) != 0) ++ options.version_addendum)) != 0) { ++ BLACKLIST_NOTIFY(ssh, BLACKLIST_AUTH_FAIL, "Banner exchange"); + sshpkt_fatal(ssh, r, "banner exchange"); ++ } + + ssh_packet_set_nonblocking(ssh); + diff --git a/security/openvas/Makefile b/security/openvas/Makefile index 27e3a9a1a15a..a1033b6ebeb6 100644 --- a/security/openvas/Makefile +++ b/security/openvas/Makefile @@ -1,6 +1,5 @@ PORTNAME= openvas -DISTVERSION= 23.20.1 -PORTREVISION= 2 +DISTVERSION= 23.28.0 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/openvas/distinfo b/security/openvas/distinfo index 321cb33a54a7..df23d9547dae 100644 --- a/security/openvas/distinfo +++ b/security/openvas/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750728484 -SHA256 (greenbone-openvas-scanner-v23.20.1_GH0.tar.gz) = 80fbf610520c4304e901b803828e296d942ec76e95751c5607de06ef2295fcea -SIZE (greenbone-openvas-scanner-v23.20.1_GH0.tar.gz) = 1580761 +TIMESTAMP = 1759902409 +SHA256 (greenbone-openvas-scanner-v23.28.0_GH0.tar.gz) = 63afa40723a549f698c35f6458c428a2efce483a5e970a094270570254e728b6 +SIZE (greenbone-openvas-scanner-v23.28.0_GH0.tar.gz) = 1621693 diff --git a/security/openvas/files/patch-nasl_nasl_http2.c b/security/openvas/files/patch-nasl_nasl_http2.c new file mode 100644 index 000000000000..d5dfdeca691a --- /dev/null +++ b/security/openvas/files/patch-nasl_nasl_http2.c @@ -0,0 +1,20 @@ +--- nasl/nasl_http2.c 2025-10-07 22:47:47.850601000 -0700 ++++ nasl/nasl_http2.c 2025-10-07 22:49:19.267011000 -0700 +@@ -366,7 +366,7 @@ + curl_easy_setopt (handle, CURLOPT_CUSTOMREQUEST, "DELETE"); + break; + case HEAD: +- curl_easy_setopt (handle, CURLOPT_NOBODY, 1); ++ curl_easy_setopt (handle, CURLOPT_NOBODY, 1L); + break; + case PUT: + curl_easy_setopt (handle, CURLOPT_CUSTOMREQUEST, "PUT"); +@@ -377,7 +377,7 @@ + } + break; + case GET: +- curl_easy_setopt (handle, CURLOPT_HTTPGET, 1); ++ curl_easy_setopt (handle, CURLOPT_HTTPGET, 1L); + break; + case POST: + // Set body. POST is set automatically with this options diff --git a/security/openvas/pkg-plist b/security/openvas/pkg-plist index 650a981dbf83..e0b6bfc886d0 100644 --- a/security/openvas/pkg-plist +++ b/security/openvas/pkg-plist @@ -3,10 +3,10 @@ bin/openvas-nasl-lint @sample %%ETCDIR%%/openvas_log.conf.sample lib/libopenvas_misc.so lib/libopenvas_misc.so.23 -lib/libopenvas_misc.so.23.20.1 +lib/libopenvas_misc.so.23.28.0 lib/libopenvas_nasl.so lib/libopenvas_nasl.so.23 -lib/libopenvas_nasl.so.23.20.1 +lib/libopenvas_nasl.so.23.28.0 sbin/openvas share/man/man1/openvas-nasl-lint.1.gz share/man/man1/openvas-nasl.1.gz diff --git a/security/openvpn-auth-oauth2/Makefile b/security/openvpn-auth-oauth2/Makefile index 921a17d7fca6..97c937182e56 100644 --- a/security/openvpn-auth-oauth2/Makefile +++ b/security/openvpn-auth-oauth2/Makefile @@ -1,6 +1,6 @@ PORTNAME= openvpn-auth-oauth2 DISTVERSIONPREFIX= v -DISTVERSION= 1.25.2 +DISTVERSION= 1.26.2 PORTREVISION= 1 CATEGORIES= security net net-vpn @@ -13,7 +13,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE.txt EXTRACT_DEPENDS= ${BUILD_DEPENDS} -USES= go:1.24,modules +USES= go:1.25,modules GO_MODULE= github.com/jkroepke/openvpn-auth-oauth2 diff --git a/security/openvpn-auth-oauth2/distinfo b/security/openvpn-auth-oauth2/distinfo index ef958b0b6d12..042c291b8b1d 100644 --- a/security/openvpn-auth-oauth2/distinfo +++ b/security/openvpn-auth-oauth2/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1754885003 -SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.mod) = d0f750c04d64d7442d246f72b825d2f9fc0ed4210e066ea5f6787b9eb877f963 -SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.mod) = 1370 -SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.zip) = 0ac1f121f8eb6842a65e67e4b2a16a52c6c2f2cc068e79b06a5f90b04cce0a4e -SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.zip) = 1875487 +TIMESTAMP = 1760253375 +SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.mod) = b747b6a37a8a76572f0004a79fdcc9af49cea7b27ef60c6b153846d7309bea76 +SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.mod) = 1322 +SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.zip) = d7bbd034cbaa7e950c134f9157adee1da7d7609ac33c5e0e67b2578904430ddd +SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.26.2/v1.26.2.zip) = 1879603 diff --git a/security/osv-scanner/Makefile b/security/osv-scanner/Makefile index c3f0fa16bbd3..1f12da707e5a 100644 --- a/security/osv-scanner/Makefile +++ b/security/osv-scanner/Makefile @@ -1,6 +1,6 @@ PORTNAME= osv-scanner DISTVERSIONPREFIX= v -DISTVERSION= 2.2.2 +DISTVERSION= 2.2.3 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org @@ -13,7 +13,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE USES= go:1.24,modules,run _BUILD_VERSION= ${DISTVERSION} -_BUILD_COMMIT= 04a8728 +_BUILD_COMMIT= a66ef4b _BUILD_DATE= $$(date +%Y-%m-%d) GO_MODULE= github.com/google/${PORTNAME}/v2 diff --git a/security/osv-scanner/distinfo b/security/osv-scanner/distinfo index 1a2041a4e6ed..c12006834dff 100644 --- a/security/osv-scanner/distinfo +++ b/security/osv-scanner/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1757786339 -SHA256 (go/security_osv-scanner/osv-scanner-v2.2.2/v2.2.2.mod) = d54389929750cc4839c89a8f2083a8d735c105d2aac0a3d90cdfb9a5e8fc998f -SIZE (go/security_osv-scanner/osv-scanner-v2.2.2/v2.2.2.mod) = 9801 -SHA256 (go/security_osv-scanner/osv-scanner-v2.2.2/v2.2.2.zip) = 5dbba62ae3d7fec8f1d61d3cb011b54f8b994ac6b7aa9a33a3f9bee0abf0a70a -SIZE (go/security_osv-scanner/osv-scanner-v2.2.2/v2.2.2.zip) = 12527375 +TIMESTAMP = 1760884223 +SHA256 (go/security_osv-scanner/osv-scanner-v2.2.3/v2.2.3.mod) = cd9251730017cdc7b5b3140a7401820db51b5f26be66e4a88ed7be699de48270 +SIZE (go/security_osv-scanner/osv-scanner-v2.2.3/v2.2.3.mod) = 9925 +SHA256 (go/security_osv-scanner/osv-scanner-v2.2.3/v2.2.3.zip) = a4e129563cd6b6daf79a9f2e736f61bb1a01c719e0adf5b2a9e62c7d42dea5dd +SIZE (go/security_osv-scanner/osv-scanner-v2.2.3/v2.2.3.zip) = 12620788 diff --git a/security/p5-Authen-Krb5-Simple/Makefile b/security/p5-Authen-Krb5-Simple/Makefile index b9e8e6ab6c68..d41811f5cecb 100644 --- a/security/p5-Authen-Krb5-Simple/Makefile +++ b/security/p5-Authen-Krb5-Simple/Makefile @@ -20,7 +20,9 @@ OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT OPTIONS_DEFAULT= GSSAPI_BASE GSSAPI_BASE_USES= gssapi +.if !exists(/usr/libdata/pkgconfig/mit-krb5.pc) GSSAPI_BASE_CONFIGURE_ENV= HAVE_HEIMDAL=1 +.endif GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ENV= HAVE_HEIMDAL=1 GSSAPI_MIT_USES= gssapi:mit diff --git a/security/p5-Authen-Krb5/Makefile b/security/p5-Authen-Krb5/Makefile index 634f1f93506c..35e05519a45d 100644 --- a/security/p5-Authen-Krb5/Makefile +++ b/security/p5-Authen-Krb5/Makefile @@ -19,7 +19,9 @@ OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT OPTIONS_DEFAULT= GSSAPI_BASE GSSAPI_BASE_USES= gssapi +.if !exists(/usr/libdata/pkgconfig/mit-krb5.pc) GSSAPI_BASE_CONFIGURE_ENV= HAVE_HEIMDAL=1 +.endif GSSAPI_HEIMDAL_USES= gssapi:heimdal GSSAPI_HEIMDAL_CONFIGURE_ENV= HAVE_HEIMDAL=1 GSSAPI_MIT_USES= gssapi:mit diff --git a/security/pecl-krb5/Makefile b/security/pecl-krb5/Makefile index 84ca24082319..3ce381d52f1b 100644 --- a/security/pecl-krb5/Makefile +++ b/security/pecl-krb5/Makefile @@ -1,5 +1,6 @@ PORTNAME= krb5 PORTVERSION= 1.2.4 +PORTREVISION= 1 CATEGORIES= security pear MAINTAINER= girgen@FreeBSD.org @@ -8,9 +9,7 @@ WWW= https://pecl.php.net/package/krb5 LICENSE= BSD3CLAUSE -LIB_DEPENDS= libkrb5support.so:security/krb5 - -USES= php:pecl +USES= php:pecl gssapi:mit CONFIGURE_ARGS= --with-krb5config=${LOCALBASE}/bin/krb5-config diff --git a/security/picocrypt/Makefile b/security/picocrypt/Makefile index f6483ced31b9..e71725cab095 100644 --- a/security/picocrypt/Makefile +++ b/security/picocrypt/Makefile @@ -1,6 +1,6 @@ PORTNAME= picocrypt DISTVERSION= 1.49 # Missing modules.txt, generate one with `go mod vendor` and place it in ${FILESDIR} -PORTREVISION= 2 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= eduardo@FreeBSD.org diff --git a/security/pwdsafety/Makefile b/security/pwdsafety/Makefile index b404e2f8071d..857214ea0ef9 100644 --- a/security/pwdsafety/Makefile +++ b/security/pwdsafety/Makefile @@ -1,6 +1,7 @@ PORTNAME= pwdsafety DISTVERSIONPREFIX= v DISTVERSION= 0.4.1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= olgeni@FreeBSD.org diff --git a/security/py-asyncssh/Makefile b/security/py-asyncssh/Makefile index 787379fb0a79..27f7b57403aa 100644 --- a/security/py-asyncssh/Makefile +++ b/security/py-asyncssh/Makefile @@ -1,5 +1,5 @@ PORTNAME= asyncssh -PORTVERSION= 2.21.0 +PORTVERSION= 2.21.1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -32,7 +32,7 @@ PKCS11_DESC= PKCS \#11 support PYOPENSSL_DESC= X.509 certificate authentication BCRYPT_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}bcrypt>=3.1.3:security/py-bcrypt@${PY_FLAVOR} -FIDO2_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}fido2>=0.9.2:security/py-fido2@${PY_FLAVOR} +FIDO2_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}fido2>=2:security/py-fido2@${PY_FLAVOR} GSSAPI_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}gssapi>=1.2.0:security/py-gssapi@${PY_FLAVOR} LIBNACL_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}libnacl>=1.4.2:security/py-libnacl@${PY_FLAVOR} PKCS11_RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}python-pkcs11>=0.7.0:security/py-python-pkcs11@${PY_FLAVOR} diff --git a/security/py-asyncssh/distinfo b/security/py-asyncssh/distinfo index 6f759f3fb528..d5154bcec3ab 100644 --- a/security/py-asyncssh/distinfo +++ b/security/py-asyncssh/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1747546578 -SHA256 (asyncssh-2.21.0.tar.gz) = 450fe13bb8d86a8f4e7d7b5fafce7791181ca3e7c92e15bbc45dfb25866e48b3 -SIZE (asyncssh-2.21.0.tar.gz) = 539740 +TIMESTAMP = 1759816710 +SHA256 (asyncssh-2.21.1.tar.gz) = 9943802955e2131536c2b1e71aacc68f56973a399937ed0b725086d7461c990c +SIZE (asyncssh-2.21.1.tar.gz) = 540515 diff --git a/security/py-asyncssh/files/patch-fido2 b/security/py-asyncssh/files/patch-fido2 new file mode 100644 index 000000000000..d8b9c8387a67 --- /dev/null +++ b/security/py-asyncssh/files/patch-fido2 @@ -0,0 +1,161 @@ +Obtained from: https://github.com/ronf/asyncssh/commit/b9e58a3914c7d1df7f2c096e8c1c0220799e247f + +--- asyncssh/sk.py.orig 2025-08-23 02:54:29 UTC ++++ asyncssh/sk.py +@@ -128,7 +128,9 @@ def _win_enroll(alg: int, application: str, user: str) + def _win_enroll(alg: int, application: str, user: str) -> Tuple[bytes, bytes]: + """Enroll a new security key using Windows WebAuthn API""" + +- client = WindowsClient(application, verify=_verify_rp_id) ++ data_collector = DefaultClientDataCollector(origin=application, ++ verify=_verify_rp_id) ++ client = WindowsClient(data_collector) + + rp = {'id': application, 'name': application} + user_cred = {'id': user.encode('utf-8'), 'name': user} +@@ -137,7 +139,8 @@ def _win_enroll(alg: int, application: str, user: str) + 'pubKeyCredParams': key_params} + + result = client.make_credential(options) +- cdata = result.attestation_object.auth_data.credential_data ++ response = result.response ++ cdata = response.attestation_object.auth_data.credential_data + + # pylint: disable=no-member + return _decode_public_key(alg, cdata.public_key), cdata.credential_id +@@ -188,17 +191,20 @@ def _win_sign(data: bytes, application: str, + key_handle: bytes) -> Tuple[int, int, bytes, bytes]: + """Sign a message with a security key using Windows WebAuthn API""" + +- client = WindowsClient(application, verify=_verify_rp_id) ++ data_collector = DefaultClientDataCollector(origin=application, ++ verify=_verify_rp_id) ++ client = WindowsClient(data_collector) + + creds = [{'type': 'public-key', 'id': key_handle}] + options = {'challenge': data, 'rpId': application, + 'allowCredentials': creds} + + result = client.get_assertion(options).get_response(0) +- auth_data = result.authenticator_data ++ response = result.response ++ auth_data = response.authenticator_data + + return auth_data.flags, auth_data.counter, \ +- result.signature, bytes(result.client_data) ++ response.signature, bytes(response.client_data) + + + def sk_webauthn_prefix(data: bytes, application: str) -> bytes: +@@ -327,7 +333,7 @@ try: + + + try: +- from fido2.client import WindowsClient ++ from fido2.client import DefaultClientDataCollector + from fido2.ctap import CtapError + from fido2.ctap1 import Ctap1, APDU, ApduError + from fido2.ctap2 import Ctap2, ClientPin, PinProtocolV1 +@@ -335,13 +341,8 @@ try: + from fido2.hid import CtapHidDevice + + sk_available = True +- +- sk_use_webauthn = WindowsClient.is_available() and \ +- hasattr(ctypes, 'windll') and \ +- not ctypes.windll.shell32.IsUserAnAdmin() + except (ImportError, OSError, AttributeError): # pragma: no cover + sk_available = False +- sk_use_webauthn = False + + def _sk_not_available(*args: object, **kwargs: object) -> NoReturn: + """Report that security key support is unavailable""" +@@ -351,3 +352,13 @@ except (ImportError, OSError, AttributeError): # pragm + sk_enroll = _sk_not_available + sk_sign = _sk_not_available + sk_get_resident = _sk_not_available ++ ++try: ++ from fido2.client.windows import WindowsClient ++ ++ sk_use_webauthn = WindowsClient.is_available() and \ ++ hasattr(ctypes, 'windll') and \ ++ not ctypes.windll.shell32.IsUserAnAdmin() ++except ImportError: ++ WindowsClient = None ++ sk_use_webauthn = False +--- pyproject.toml.orig 2025-09-28 13:31:10 UTC ++++ pyproject.toml +@@ -35,7 +35,7 @@ bcrypt = ['bcrypt >= 3.1.3'] + + [project.optional-dependencies] + bcrypt = ['bcrypt >= 3.1.3'] +-fido2 = ['fido2 >= 0.9.2, < 2'] ++fido2 = ['fido2 >= 2'] + gssapi = ['gssapi >= 1.2.0'] + libnacl = ['libnacl >= 1.4.2'] + pkcs11 = ['python-pkcs11 >= 0.7.0'] +--- tests/sk_stub.py.orig 2025-05-29 03:09:38 UTC ++++ tests/sk_stub.py +@@ -93,6 +93,13 @@ class _AttestationResponse: + self.attestation_object = attestation_object + + ++class _RegistrationResponse: ++ """Security key registration response""" ++ ++ def __init__(self, attestation_response): ++ self.response = attestation_response ++ ++ + class _AuthenticatorData: + """Security key authenticator data in aseertion""" + +@@ -110,6 +117,13 @@ class _AssertionResponse: + self.signature = signature + + ++class _AuthenticationResponse: ++ """Security key authentication response""" ++ ++ def __init__(self, response): ++ self.response = response ++ ++ + class _AssertionSelection: + """Security key assertion response list""" + +@@ -261,9 +275,9 @@ class WindowsClient(_CtapStub): + class WindowsClient(_CtapStub): + """Stub for unit testing U2F security keys via Windows WebAuthn""" + +- def __init__(self, origin, verify): +- self._origin = origin +- self._verify = verify ++ def __init__(self, data_collector): ++ self._origin = data_collector._origin ++ self._verify = data_collector._verify + + def make_credential(self, options): + """Make a credential using Windows WebAuthN API""" +@@ -275,8 +289,9 @@ class WindowsClient(_CtapStub): + public_key, key_handle = self._enroll(alg) + + cdata = _CredentialData(alg, public_key, key_handle) ++ attestation_object = _Credential(_CredentialAuthData(cdata)) + +- return _AttestationResponse(_Credential(_CredentialAuthData(cdata))) ++ return _RegistrationResponse(_AttestationResponse(attestation_object)) + + def get_assertion(self, options): + """Get assertion using Windows WebAuthN API""" +@@ -297,7 +312,8 @@ class WindowsClient(_CtapStub): + key_handle, flags) + + auth_data = _AuthenticatorData(flags, counter) +- assertion = _AssertionResponse(data, auth_data, sig) ++ response = _AssertionResponse(data, auth_data, sig) ++ assertion = _AuthenticationResponse(response) + + return _AssertionSelection([assertion]) + diff --git a/security/py-authlib/Makefile b/security/py-authlib/Makefile index 56b2bb82b717..55033d4eb214 100644 --- a/security/py-authlib/Makefile +++ b/security/py-authlib/Makefile @@ -1,5 +1,5 @@ PORTNAME= authlib -PORTVERSION= 1.6.3 +PORTVERSION= 1.6.5 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-authlib/distinfo b/security/py-authlib/distinfo index b5637dd84b1e..58aaf71e0566 100644 --- a/security/py-authlib/distinfo +++ b/security/py-authlib/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1757120812 -SHA256 (authlib-1.6.3.tar.gz) = 9f7a982cc395de719e4c2215c5707e7ea690ecf84f1ab126f28c053f4219e610 -SIZE (authlib-1.6.3.tar.gz) = 160836 +TIMESTAMP = 1759774705 +SHA256 (authlib-1.6.5.tar.gz) = 6aaf9c79b7cc96c900f0b284061691c5d4e61221640a948fe690b556a6d6d10b +SIZE (authlib-1.6.5.tar.gz) = 164553 diff --git a/security/py-bcrypt/Makefile b/security/py-bcrypt/Makefile index 283595598671..87b89401a47d 100644 --- a/security/py-bcrypt/Makefile +++ b/security/py-bcrypt/Makefile @@ -1,6 +1,5 @@ PORTNAME= bcrypt -DISTVERSION= 4.3.0 -PORTREVISION= 3 +PORTVERSION= 5.0.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -21,15 +20,14 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} USES= cargo python USE_PYTHON= autoplist concurrent pep517 pytest -CARGO_CARGOLOCK= ${WRKSRC}/src/_bcrypt/Cargo.lock -CARGO_CARGOTOML= ${WRKSRC}/src/_bcrypt/Cargo.toml -CARGO_BUILD= no -CARGO_INSTALL= no -CARGO_TEST= no - +CARGO_BUILD= no +CARGO_CARGOLOCK=${WRKSRC}/src/_bcrypt/Cargo.lock +CARGO_CARGOTOML=${WRKSRC}/src/_bcrypt/Cargo.toml +CARGO_INSTALL= no +CARGO_TEST= no TEST_ENV= PYTHONPATH=${STAGEDIR}${PYTHON_SITELIBDIR} -post-install: +x-post-install: ${FIND} ${STAGEDIR}${PYTHON_SITELIBDIR} -name '*.so' -exec ${STRIP_CMD} {} + .include <bsd.port.mk> diff --git a/security/py-bcrypt/Makefile.crates b/security/py-bcrypt/Makefile.crates index d762d5e54aec..a7b7e5399fc1 100644 --- a/security/py-bcrypt/Makefile.crates +++ b/security/py-bcrypt/Makefile.crates @@ -1,50 +1,42 @@ -CARGO_CRATES= autocfg-1.4.0 \ +CARGO_CRATES= autocfg-1.5.0 \ base64-0.22.1 \ - bcrypt-0.17.0 \ + bcrypt-0.17.1 \ bcrypt-pbkdf-0.10.0 \ - bitflags-2.8.0 \ block-buffer-0.10.4 \ blowfish-0.9.1 \ byteorder-1.5.0 \ - cfg-if-1.0.0 \ + cfg-if-1.0.3 \ cipher-0.4.4 \ cpufeatures-0.2.17 \ crypto-common-0.1.6 \ digest-0.10.7 \ generic-array-0.14.7 \ - getrandom-0.3.1 \ + getrandom-0.3.3 \ heck-0.5.0 \ - indoc-2.0.5 \ + indoc-2.0.6 \ inout-0.1.4 \ - libc-0.2.170 \ + libc-0.2.176 \ memoffset-0.9.1 \ - once_cell-1.20.3 \ + once_cell-1.21.3 \ pbkdf2-0.12.2 \ - portable-atomic-1.11.0 \ - proc-macro2-1.0.93 \ - pyo3-0.23.5 \ - pyo3-build-config-0.23.5 \ - pyo3-ffi-0.23.5 \ - pyo3-macros-0.23.5 \ - pyo3-macros-backend-0.23.5 \ - quote-1.0.38 \ - sha2-0.10.8 \ + portable-atomic-1.11.1 \ + proc-macro2-1.0.101 \ + pyo3-0.26.0 \ + pyo3-build-config-0.26.0 \ + pyo3-ffi-0.26.0 \ + pyo3-macros-0.26.0 \ + pyo3-macros-backend-0.26.0 \ + quote-1.0.40 \ + r-efi-5.3.0 \ + sha2-0.10.9 \ subtle-2.6.1 \ - syn-2.0.98 \ - target-lexicon-0.12.16 \ + syn-2.0.106 \ + target-lexicon-0.13.3 \ typenum-1.18.0 \ - unicode-ident-1.0.17 \ - unindent-0.2.3 \ + unicode-ident-1.0.19 \ + unindent-0.2.4 \ version_check-0.9.5 \ - wasi-0.13.3+wasi-0.2.2 \ - windows-targets-0.52.6 \ - windows_aarch64_gnullvm-0.52.6 \ - windows_aarch64_msvc-0.52.6 \ - windows_i686_gnu-0.52.6 \ - windows_i686_gnullvm-0.52.6 \ - windows_i686_msvc-0.52.6 \ - windows_x86_64_gnu-0.52.6 \ - windows_x86_64_gnullvm-0.52.6 \ - windows_x86_64_msvc-0.52.6 \ - wit-bindgen-rt-0.33.0 \ + wasi-0.14.7+wasi-0.2.4 \ + wasip2-1.0.1+wasi-0.2.4 \ + wit-bindgen-0.46.0 \ zeroize-1.8.1 diff --git a/security/py-bcrypt/distinfo b/security/py-bcrypt/distinfo index 9ec605554eaf..7da3d21229d7 100644 --- a/security/py-bcrypt/distinfo +++ b/security/py-bcrypt/distinfo @@ -1,24 +1,22 @@ -TIMESTAMP = 1749155161 -SHA256 (bcrypt-4.3.0.tar.gz) = 3a3fd2204178b6d2adcf09cb4f6426ffef54762577a7c9b54c159008cb288c18 -SIZE (bcrypt-4.3.0.tar.gz) = 25697 -SHA256 (rust/crates/autocfg-1.4.0.crate) = ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26 -SIZE (rust/crates/autocfg-1.4.0.crate) = 17712 +TIMESTAMP = 1759816990 +SHA256 (bcrypt-5.0.0.tar.gz) = f748f7c2d6fd375cc93d3fba7ef4a9e3a092421b8dbf34d8d4dc06be9492dfdd +SIZE (bcrypt-5.0.0.tar.gz) = 25386 +SHA256 (rust/crates/autocfg-1.5.0.crate) = c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8 +SIZE (rust/crates/autocfg-1.5.0.crate) = 18729 SHA256 (rust/crates/base64-0.22.1.crate) = 72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6 SIZE (rust/crates/base64-0.22.1.crate) = 81597 -SHA256 (rust/crates/bcrypt-0.17.0.crate) = 92758ad6077e4c76a6cadbce5005f666df70d4f13b19976b1a8062eef880040f -SIZE (rust/crates/bcrypt-0.17.0.crate) = 12461 +SHA256 (rust/crates/bcrypt-0.17.1.crate) = abaf6da45c74385272ddf00e1ac074c7d8a6c1a1dda376902bd6a427522a8b2c +SIZE (rust/crates/bcrypt-0.17.1.crate) = 12542 SHA256 (rust/crates/bcrypt-pbkdf-0.10.0.crate) = 6aeac2e1fe888769f34f05ac343bbef98b14d1ffb292ab69d4608b3abc86f2a2 SIZE (rust/crates/bcrypt-pbkdf-0.10.0.crate) = 11032 -SHA256 (rust/crates/bitflags-2.8.0.crate) = 8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36 -SIZE (rust/crates/bitflags-2.8.0.crate) = 47482 SHA256 (rust/crates/block-buffer-0.10.4.crate) = 3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71 SIZE (rust/crates/block-buffer-0.10.4.crate) = 10538 SHA256 (rust/crates/blowfish-0.9.1.crate) = e412e2cd0f2b2d93e02543ceae7917b3c70331573df19ee046bcbc35e45e87d7 SIZE (rust/crates/blowfish-0.9.1.crate) = 16734 SHA256 (rust/crates/byteorder-1.5.0.crate) = 1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b SIZE (rust/crates/byteorder-1.5.0.crate) = 23288 -SHA256 (rust/crates/cfg-if-1.0.0.crate) = baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd -SIZE (rust/crates/cfg-if-1.0.0.crate) = 7934 +SHA256 (rust/crates/cfg-if-1.0.3.crate) = 2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9 +SIZE (rust/crates/cfg-if-1.0.3.crate) = 8719 SHA256 (rust/crates/cipher-0.4.4.crate) = 773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad SIZE (rust/crates/cipher-0.4.4.crate) = 19073 SHA256 (rust/crates/cpufeatures-0.2.17.crate) = 59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280 @@ -29,75 +27,61 @@ SHA256 (rust/crates/digest-0.10.7.crate) = 9ed9a281f7bc9b7576e61468ba615a66a5c8c SIZE (rust/crates/digest-0.10.7.crate) = 19557 SHA256 (rust/crates/generic-array-0.14.7.crate) = 85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a SIZE (rust/crates/generic-array-0.14.7.crate) = 15950 -SHA256 (rust/crates/getrandom-0.3.1.crate) = 43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8 -SIZE (rust/crates/getrandom-0.3.1.crate) = 42449 +SHA256 (rust/crates/getrandom-0.3.3.crate) = 26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4 +SIZE (rust/crates/getrandom-0.3.3.crate) = 49493 SHA256 (rust/crates/heck-0.5.0.crate) = 2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea SIZE (rust/crates/heck-0.5.0.crate) = 11517 -SHA256 (rust/crates/indoc-2.0.5.crate) = b248f5224d1d606005e02c97f5aa4e88eeb230488bcc03bc9ca4d7991399f2b5 -SIZE (rust/crates/indoc-2.0.5.crate) = 14396 +SHA256 (rust/crates/indoc-2.0.6.crate) = f4c7245a08504955605670dbf141fceab975f15ca21570696aebe9d2e71576bd +SIZE (rust/crates/indoc-2.0.6.crate) = 17164 SHA256 (rust/crates/inout-0.1.4.crate) = 879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01 SIZE (rust/crates/inout-0.1.4.crate) = 11280 -SHA256 (rust/crates/libc-0.2.170.crate) = 875b3680cb2f8f71bdcf9a30f38d48282f5d3c95cbf9b3fa57269bb5d5c06828 -SIZE (rust/crates/libc-0.2.170.crate) = 760076 +SHA256 (rust/crates/libc-0.2.176.crate) = 58f929b4d672ea937a23a1ab494143d968337a5f47e56d0815df1e0890ddf174 +SIZE (rust/crates/libc-0.2.176.crate) = 790040 SHA256 (rust/crates/memoffset-0.9.1.crate) = 488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a SIZE (rust/crates/memoffset-0.9.1.crate) = 9032 -SHA256 (rust/crates/once_cell-1.20.3.crate) = 945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e -SIZE (rust/crates/once_cell-1.20.3.crate) = 33456 +SHA256 (rust/crates/once_cell-1.21.3.crate) = 42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d +SIZE (rust/crates/once_cell-1.21.3.crate) = 34534 SHA256 (rust/crates/pbkdf2-0.12.2.crate) = f8ed6a7761f76e3b9f92dfb0a60a6a6477c61024b775147ff0973a02653abaf2 SIZE (rust/crates/pbkdf2-0.12.2.crate) = 13906 -SHA256 (rust/crates/portable-atomic-1.11.0.crate) = 350e9b48cbc6b0e028b0473b114454c6316e57336ee184ceab6e53f72c178b3e -SIZE (rust/crates/portable-atomic-1.11.0.crate) = 181258 -SHA256 (rust/crates/proc-macro2-1.0.93.crate) = 60946a68e5f9d28b0dc1c21bb8a97ee7d018a8b322fa57838ba31cc878e22d99 -SIZE (rust/crates/proc-macro2-1.0.93.crate) = 52388 -SHA256 (rust/crates/pyo3-0.23.5.crate) = 7778bffd85cf38175ac1f545509665d0b9b92a198ca7941f131f85f7a4f9a872 -SIZE (rust/crates/pyo3-0.23.5.crate) = 1088533 -SHA256 (rust/crates/pyo3-build-config-0.23.5.crate) = 94f6cbe86ef3bf18998d9df6e0f3fc1050a8c5efa409bf712e661a4366e010fb -SIZE (rust/crates/pyo3-build-config-0.23.5.crate) = 33885 -SHA256 (rust/crates/pyo3-ffi-0.23.5.crate) = e9f1b4c431c0bb1c8fb0a338709859eed0d030ff6daa34368d3b152a63dfdd8d -SIZE (rust/crates/pyo3-ffi-0.23.5.crate) = 74867 -SHA256 (rust/crates/pyo3-macros-0.23.5.crate) = fbc2201328f63c4710f68abdf653c89d8dbc2858b88c5d88b0ff38a75288a9da -SIZE (rust/crates/pyo3-macros-0.23.5.crate) = 8856 -SHA256 (rust/crates/pyo3-macros-backend-0.23.5.crate) = fca6726ad0f3da9c9de093d6f116a93c1a38e417ed73bf138472cf4064f72028 -SIZE (rust/crates/pyo3-macros-backend-0.23.5.crate) = 70938 -SHA256 (rust/crates/quote-1.0.38.crate) = 0e4dccaaaf89514f546c693ddc140f729f958c247918a13380cccc6078391acc -SIZE (rust/crates/quote-1.0.38.crate) = 31252 -SHA256 (rust/crates/sha2-0.10.8.crate) = 793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8 -SIZE (rust/crates/sha2-0.10.8.crate) = 26357 +SHA256 (rust/crates/portable-atomic-1.11.1.crate) = f84267b20a16ea918e43c6a88433c2d54fa145c92a811b5b047ccbe153674483 +SIZE (rust/crates/portable-atomic-1.11.1.crate) = 185506 +SHA256 (rust/crates/proc-macro2-1.0.101.crate) = 89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de +SIZE (rust/crates/proc-macro2-1.0.101.crate) = 53886 +SHA256 (rust/crates/pyo3-0.26.0.crate) = 7ba0117f4212101ee6544044dae45abe1083d30ce7b29c4b5cbdfa2354e07383 +SIZE (rust/crates/pyo3-0.26.0.crate) = 1151579 +SHA256 (rust/crates/pyo3-build-config-0.26.0.crate) = 4fc6ddaf24947d12a9aa31ac65431fb1b851b8f4365426e182901eabfb87df5f +SIZE (rust/crates/pyo3-build-config-0.26.0.crate) = 34309 +SHA256 (rust/crates/pyo3-ffi-0.26.0.crate) = 025474d3928738efb38ac36d4744a74a400c901c7596199e20e45d98eb194105 +SIZE (rust/crates/pyo3-ffi-0.26.0.crate) = 78247 +SHA256 (rust/crates/pyo3-macros-0.26.0.crate) = 2e64eb489f22fe1c95911b77c44cc41e7c19f3082fc81cce90f657cdc42ffded +SIZE (rust/crates/pyo3-macros-0.26.0.crate) = 8906 +SHA256 (rust/crates/pyo3-macros-backend-0.26.0.crate) = 100246c0ecf400b475341b8455a9213344569af29a3c841d29270e53102e0fcf +SIZE (rust/crates/pyo3-macros-backend-0.26.0.crate) = 81809 +SHA256 (rust/crates/quote-1.0.40.crate) = 1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d +SIZE (rust/crates/quote-1.0.40.crate) = 31063 +SHA256 (rust/crates/r-efi-5.3.0.crate) = 69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f +SIZE (rust/crates/r-efi-5.3.0.crate) = 64532 +SHA256 (rust/crates/sha2-0.10.9.crate) = a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283 +SIZE (rust/crates/sha2-0.10.9.crate) = 29271 SHA256 (rust/crates/subtle-2.6.1.crate) = 13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292 SIZE (rust/crates/subtle-2.6.1.crate) = 14562 -SHA256 (rust/crates/syn-2.0.98.crate) = 36147f1a48ae0ec2b5b3bc5b537d267457555a10dc06f3dbc8cb11ba3006d3b1 -SIZE (rust/crates/syn-2.0.98.crate) = 297807 -SHA256 (rust/crates/target-lexicon-0.12.16.crate) = 61c41af27dd6d1e27b1b16b489db798443478cef1f06a660c96db617ba5de3b1 -SIZE (rust/crates/target-lexicon-0.12.16.crate) = 26488 +SHA256 (rust/crates/syn-2.0.106.crate) = ede7c438028d4436d71104916910f5bb611972c5cfd7f89b8300a8186e6fada6 +SIZE (rust/crates/syn-2.0.106.crate) = 301514 +SHA256 (rust/crates/target-lexicon-0.13.3.crate) = df7f62577c25e07834649fc3b39fafdc597c0a3527dc1c60129201ccfcbaa50c +SIZE (rust/crates/target-lexicon-0.13.3.crate) = 28498 SHA256 (rust/crates/typenum-1.18.0.crate) = 1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f SIZE (rust/crates/typenum-1.18.0.crate) = 74871 -SHA256 (rust/crates/unicode-ident-1.0.17.crate) = 00e2473a93778eb0bad35909dff6a10d28e63f792f16ed15e404fca9d5eeedbe -SIZE (rust/crates/unicode-ident-1.0.17.crate) = 47704 -SHA256 (rust/crates/unindent-0.2.3.crate) = c7de7d73e1754487cb58364ee906a499937a0dfabd86bcb980fa99ec8c8fa2ce -SIZE (rust/crates/unindent-0.2.3.crate) = 7306 +SHA256 (rust/crates/unicode-ident-1.0.19.crate) = f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d +SIZE (rust/crates/unicode-ident-1.0.19.crate) = 47480 +SHA256 (rust/crates/unindent-0.2.4.crate) = 7264e107f553ccae879d21fbea1d6724ac785e8c3bfc762137959b5802826ef3 +SIZE (rust/crates/unindent-0.2.4.crate) = 7422 SHA256 (rust/crates/version_check-0.9.5.crate) = 0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a SIZE (rust/crates/version_check-0.9.5.crate) = 15554 -SHA256 (rust/crates/wasi-0.13.3+wasi-0.2.2.crate) = 26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2 -SIZE (rust/crates/wasi-0.13.3+wasi-0.2.2.crate) = 136754 -SHA256 (rust/crates/windows-targets-0.52.6.crate) = 9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973 -SIZE (rust/crates/windows-targets-0.52.6.crate) = 6403 -SHA256 (rust/crates/windows_aarch64_gnullvm-0.52.6.crate) = 32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3 -SIZE (rust/crates/windows_aarch64_gnullvm-0.52.6.crate) = 435718 -SHA256 (rust/crates/windows_aarch64_msvc-0.52.6.crate) = 09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469 -SIZE (rust/crates/windows_aarch64_msvc-0.52.6.crate) = 832615 -SHA256 (rust/crates/windows_i686_gnu-0.52.6.crate) = 8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b -SIZE (rust/crates/windows_i686_gnu-0.52.6.crate) = 880402 -SHA256 (rust/crates/windows_i686_gnullvm-0.52.6.crate) = 0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66 -SIZE (rust/crates/windows_i686_gnullvm-0.52.6.crate) = 475940 -SHA256 (rust/crates/windows_i686_msvc-0.52.6.crate) = 240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66 -SIZE (rust/crates/windows_i686_msvc-0.52.6.crate) = 901163 -SHA256 (rust/crates/windows_x86_64_gnu-0.52.6.crate) = 147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78 -SIZE (rust/crates/windows_x86_64_gnu-0.52.6.crate) = 836363 -SHA256 (rust/crates/windows_x86_64_gnullvm-0.52.6.crate) = 24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d -SIZE (rust/crates/windows_x86_64_gnullvm-0.52.6.crate) = 435707 -SHA256 (rust/crates/windows_x86_64_msvc-0.52.6.crate) = 589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec -SIZE (rust/crates/windows_x86_64_msvc-0.52.6.crate) = 832564 -SHA256 (rust/crates/wit-bindgen-rt-0.33.0.crate) = 3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c -SIZE (rust/crates/wit-bindgen-rt-0.33.0.crate) = 3357 +SHA256 (rust/crates/wasi-0.14.7+wasi-0.2.4.crate) = 883478de20367e224c0090af9cf5f9fa85bed63a95c1abf3afc5c083ebc06e8c +SIZE (rust/crates/wasi-0.14.7+wasi-0.2.4.crate) = 18219 +SHA256 (rust/crates/wasip2-1.0.1+wasi-0.2.4.crate) = 0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7 +SIZE (rust/crates/wasip2-1.0.1+wasi-0.2.4.crate) = 132087 +SHA256 (rust/crates/wit-bindgen-0.46.0.crate) = f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59 +SIZE (rust/crates/wit-bindgen-0.46.0.crate) = 60508 SHA256 (rust/crates/zeroize-1.8.1.crate) = ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde SIZE (rust/crates/zeroize-1.8.1.crate) = 20029 diff --git a/security/py-certifi/Makefile b/security/py-certifi/Makefile index 7931c8da5906..7ff29f1b3c4d 100644 --- a/security/py-certifi/Makefile +++ b/security/py-certifi/Makefile @@ -1,5 +1,5 @@ PORTNAME= certifi -PORTVERSION= 2025.8.3 +PORTVERSION= 2025.10.5 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-certifi/distinfo b/security/py-certifi/distinfo index 46a418fec79c..ce4d3e2a23f2 100644 --- a/security/py-certifi/distinfo +++ b/security/py-certifi/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1755062576 -SHA256 (certifi-2025.8.3.tar.gz) = e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407 -SIZE (certifi-2025.8.3.tar.gz) = 162386 +TIMESTAMP = 1759774707 +SHA256 (certifi-2025.10.5.tar.gz) = 47c09d31ccf2acf0be3f701ea53595ee7e0b8fa08801c6624be771df09ae7b43 +SIZE (certifi-2025.10.5.tar.gz) = 164519 diff --git a/security/py-google-auth/Makefile b/security/py-google-auth/Makefile index df59d7ee2c9c..ed4c61e4b537 100644 --- a/security/py-google-auth/Makefile +++ b/security/py-google-auth/Makefile @@ -1,5 +1,5 @@ PORTNAME= google-auth -PORTVERSION= 2.40.3 +PORTVERSION= 2.41.1 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -14,7 +14,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=0:devel/py-setuptools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} -RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cachetools>=2.0.0:devel/py-cachetools@${PY_FLAVOR} \ +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cachetools>=2.0.0<7.0:devel/py-cachetools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pyasn1-modules>=0.2.1:devel/py-pyasn1-modules@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}rsa>=3.1.4<5:security/py-rsa@${PY_FLAVOR} diff --git a/security/py-google-auth/distinfo b/security/py-google-auth/distinfo index 2147330fb503..bcb86d0491f3 100644 --- a/security/py-google-auth/distinfo +++ b/security/py-google-auth/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1749813108 -SHA256 (google_auth-2.40.3.tar.gz) = 500c3a29adedeb36ea9cf24b8d10858e152f2412e3ca37829b3fa18e33d63b77 -SIZE (google_auth-2.40.3.tar.gz) = 281029 +TIMESTAMP = 1759774709 +SHA256 (google_auth-2.41.1.tar.gz) = b76b7b1f9e61f0cb7e88870d14f6a94aeef248959ef6992670efee37709cbfd2 +SIZE (google_auth-2.41.1.tar.gz) = 292284 diff --git a/security/py-google-auth/files/patch-setup.py b/security/py-google-auth/files/patch-setup.py deleted file mode 100644 index 06b64628ef0c..000000000000 --- a/security/py-google-auth/files/patch-setup.py +++ /dev/null @@ -1,11 +0,0 @@ ---- setup.py.orig 2025-05-21 18:00:57 UTC -+++ setup.py -@@ -20,7 +20,7 @@ DEPENDENCIES = ( - - - DEPENDENCIES = ( -- "cachetools>=2.0.0,<6.0", -+ "cachetools>=2.0.0", - "pyasn1-modules>=0.2.1", - # rsa==4.5 is the last version to support 2.7 - # https://github.com/sybrenstuvel/python-rsa/issues/152#issuecomment-643470233 diff --git a/security/py-google-cloud-kms/Makefile b/security/py-google-cloud-kms/Makefile new file mode 100644 index 000000000000..9c4432c8f98e --- /dev/null +++ b/security/py-google-cloud-kms/Makefile @@ -0,0 +1,39 @@ +PORTNAME= google-cloud-kms +DISTVERSION= 3.7.0 +CATEGORIES= security python +MASTER_SITES= PYPI +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} +DISTNAME= ${PORTNAME:S/-/_/g}-${DISTVERSION} + +MAINTAINER= tagattie@FreeBSD.org +COMMENT= Python client for Google Cloud Key Management Service +WWW= https://pypi.org/project/google-cloud-kms/ + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}google-api-core>=1.34.1<3.0.0:www/py-google-api-core@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}google-auth>=2.14.1<3.0.0:security/py-google-auth@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}grpcio>=1.33.2:devel/py-grpcio@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}proto-plus>=1.22.3<2.0.0:devel/py-proto-plus@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}protobuf>=3.20.2,1<7.0.0,1:devel/py-protobuf@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}grpc-google-iam-v1>=0.14.0<1.0.0:devel/py-grpc-google-iam-v1@${PY_FLAVOR} +TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}pytest-asyncio>0:devel/py-pytest-asyncio@${PY_FLAVOR} + +USES= python + +USE_PYTHON= autoplist distutils pytest +PYTEST_IGNORED_TESTS= test_list_ekm_connections[grpc] \ + test_list_ekm_connections[rest] + +NO_ARCH= yes + +PORTDOCS= README.rst + +OPTIONS_DEFINE= DOCS + +post-install-DOCS-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_MAN} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR} + +.include <bsd.port.mk> diff --git a/security/py-google-cloud-kms/distinfo b/security/py-google-cloud-kms/distinfo new file mode 100644 index 000000000000..333481116e4e --- /dev/null +++ b/security/py-google-cloud-kms/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1760841619 +SHA256 (google_cloud_kms-3.7.0.tar.gz) = 389ed5cf085e212b6e4a55af1cffe06e6a47aa1827782ad8549591285cc2d620 +SIZE (google_cloud_kms-3.7.0.tar.gz) = 331064 diff --git a/security/py-google-cloud-kms/pkg-descr b/security/py-google-cloud-kms/pkg-descr new file mode 100644 index 000000000000..8eaf90a4f41f --- /dev/null +++ b/security/py-google-cloud-kms/pkg-descr @@ -0,0 +1,9 @@ +Google Cloud Key Management Service: a cloud-hosted key management +service that lets you manage cryptographic keys for your cloud +services the same way you do on-premises. You can generate, use, +rotate, and destroy AES256, RSA 2048, RSA 3072, RSA 4096, EC P256, and +EC P384 cryptographic keys. Cloud KMS is integrated with Cloud IAM and +Cloud Audit Logging so that you can manage permissions on individual +keys and monitor how these are used. Use Cloud KMS to protect secrets +and other sensitive data that you need to store in Google Cloud +Platform. diff --git a/security/py-greenbone-feed-sync/Makefile b/security/py-greenbone-feed-sync/Makefile index d9ab494643e3..7b32bb1ca99c 100644 --- a/security/py-greenbone-feed-sync/Makefile +++ b/security/py-greenbone-feed-sync/Makefile @@ -1,7 +1,6 @@ PORTNAME= greenbone-feed-sync -DISTVERSION= 25.1.0 +DISTVERSION= 25.1.3 DISTVERSIONPREFIX= v -PORTREVISION= 1 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-greenbone-feed-sync/distinfo b/security/py-greenbone-feed-sync/distinfo index 7c3eae88689a..c45ffe902c2a 100644 --- a/security/py-greenbone-feed-sync/distinfo +++ b/security/py-greenbone-feed-sync/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1744687806 -SHA256 (greenbone-greenbone-feed-sync-v25.1.0_GH0.tar.gz) = 4cab6c3774c4bab9e2eb4453d071e56ee7d848008d02f60bc876f4c8320c0ffe -SIZE (greenbone-greenbone-feed-sync-v25.1.0_GH0.tar.gz) = 65345 +TIMESTAMP = 1759902692 +SHA256 (greenbone-greenbone-feed-sync-v25.1.3_GH0.tar.gz) = 683d8ae8194ac861085b640bffb5a2f06cb323e342e62af559abb390f1bd3a7e +SIZE (greenbone-greenbone-feed-sync-v25.1.3_GH0.tar.gz) = 70796 diff --git a/security/py-greenbone-feed-sync/pkg-plist b/security/py-greenbone-feed-sync/pkg-plist index 8e02743b6b87..c6dadda2e728 100644 --- a/security/py-greenbone-feed-sync/pkg-plist +++ b/security/py-greenbone-feed-sync/pkg-plist @@ -44,11 +44,11 @@ bin/greenbone-scapdata-sync %%PYTHON_SITELIBDIR%%/greenbone/tests/test_main.py %%PYTHON_SITELIBDIR%%/greenbone/tests/test_parser.py %%PYTHON_SITELIBDIR%%/greenbone/tests/test_rsync.py -%%PYTHON_SITELIBDIR%%/greenbone_feed_sync-25.1.0.dist-info/LICENSE -%%PYTHON_SITELIBDIR%%/greenbone_feed_sync-25.1.0.dist-info/METADATA -%%PYTHON_SITELIBDIR%%/greenbone_feed_sync-25.1.0.dist-info/RECORD -%%PYTHON_SITELIBDIR%%/greenbone_feed_sync-25.1.0.dist-info/WHEEL -%%PYTHON_SITELIBDIR%%/greenbone_feed_sync-25.1.0.dist-info/entry_points.txt +%%PYTHON_SITELIBDIR%%/greenbone_feed_sync-25.1.3.dev1.dist-info/LICENSE +%%PYTHON_SITELIBDIR%%/greenbone_feed_sync-25.1.3.dev1.dist-info/METADATA +%%PYTHON_SITELIBDIR%%/greenbone_feed_sync-25.1.3.dev1.dist-info/RECORD +%%PYTHON_SITELIBDIR%%/greenbone_feed_sync-25.1.3.dev1.dist-info/WHEEL +%%PYTHON_SITELIBDIR%%/greenbone_feed_sync-25.1.3.dev1.dist-info/entry_points.txt @dir(gvm,gvm,750) etc/gvm @dir(gvm,gvm,750) /var/lib/gvm @dir(gvm,gvm,750) /var/lib/notus diff --git a/security/py-gvm-tools/Makefile b/security/py-gvm-tools/Makefile index 9f5874b1f32f..749e435e8912 100644 --- a/security/py-gvm-tools/Makefile +++ b/security/py-gvm-tools/Makefile @@ -1,5 +1,5 @@ PORTNAME= gvm-tools -DISTVERSION= 25.3.0 +DISTVERSION= 25.4.0 DISTVERSIONPREFIX= v CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-gvm-tools/distinfo b/security/py-gvm-tools/distinfo index d33dd9268515..63c582de5f04 100644 --- a/security/py-gvm-tools/distinfo +++ b/security/py-gvm-tools/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1744687887 -SHA256 (greenbone-gvm-tools-v25.3.0_GH0.tar.gz) = 24f8385a00dc909f1862a48f063126f8f51094b8f93c5d29e6b1438e424ed538 -SIZE (greenbone-gvm-tools-v25.3.0_GH0.tar.gz) = 260850 +TIMESTAMP = 1759902961 +SHA256 (greenbone-gvm-tools-v25.4.0_GH0.tar.gz) = 63c4b35d78301052ffefb2cc79969caa23b7769567222ea5ac6b7de45376a09e +SIZE (greenbone-gvm-tools-v25.4.0_GH0.tar.gz) = 263485 diff --git a/security/py-joserfc/Makefile b/security/py-joserfc/Makefile index 7f57e94ff9d8..4e7407d0e12a 100644 --- a/security/py-joserfc/Makefile +++ b/security/py-joserfc/Makefile @@ -1,5 +1,5 @@ PORTNAME= joserfc -PORTVERSION= 1.3.2 +PORTVERSION= 1.4.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-joserfc/distinfo b/security/py-joserfc/distinfo index facbadb9600a..054f9b10b463 100644 --- a/security/py-joserfc/distinfo +++ b/security/py-joserfc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1757436541 -SHA256 (joserfc-1.3.2.tar.gz) = 147bbba5b0b7c29fa270921dc1f17d83b48ccf0fecf51295b8de1ff1b682ca53 -SIZE (joserfc-1.3.2.tar.gz) = 196379 +TIMESTAMP = 1759774711 +SHA256 (joserfc-1.4.0.tar.gz) = e8c2f327bf10a937d284d57e9f8aec385381e5e5850469b50a7dade1aba59759 +SIZE (joserfc-1.4.0.tar.gz) = 196339 diff --git a/security/py-m2crypto/Makefile b/security/py-m2crypto/Makefile index 066692c320b9..ea09719db6bb 100644 --- a/security/py-m2crypto/Makefile +++ b/security/py-m2crypto/Makefile @@ -1,5 +1,5 @@ PORTNAME= m2crypto -PORTVERSION= 0.45.1 +PORTVERSION= 0.46.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -11,7 +11,7 @@ WWW= https://m2crypto.readthedocs.io/en/latest/ \ LICENSE= BSD2CLAUSE -BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=0:devel/py-setuptools@${PY_FLAVOR} \ +BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=61.0.0:devel/py-setuptools@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} \ swig>=4.0:devel/swig diff --git a/security/py-m2crypto/distinfo b/security/py-m2crypto/distinfo index 44832090c634..c0506e020a78 100644 --- a/security/py-m2crypto/distinfo +++ b/security/py-m2crypto/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745936216 -SHA256 (m2crypto-0.45.1.tar.gz) = d0fc81a8828edbf4308432b3040bf06bb26bad95abb9e7d4690b6118551e76ec -SIZE (m2crypto-0.45.1.tar.gz) = 363721 +TIMESTAMP = 1759774713 +SHA256 (m2crypto-0.46.0.tar.gz) = 5de32576c3bfc84fc2972ba703305dcba35dfb40383273e9552a7e17175dcb72 +SIZE (m2crypto-0.46.0.tar.gz) = 500661 diff --git a/security/py-m2crypto/files/patch-pyproject.toml b/security/py-m2crypto/files/patch-pyproject.toml new file mode 100644 index 000000000000..a89876004cad --- /dev/null +++ b/security/py-m2crypto/files/patch-pyproject.toml @@ -0,0 +1,11 @@ +--- pyproject.toml.orig 2025-10-01 22:01:37 UTC ++++ pyproject.toml +@@ -1,7 +1,7 @@ requires = [ + [build-system] + requires = [ + "setuptools>=43.0.0; python_version<='3.6'", +- "setuptools>=75.8.1; python_version>='3.9'", ++ "setuptools>=61.0.0; python_version>='3.9'", + "wheel" + ] + build-backend = "setuptools.build_meta" diff --git a/security/py-m2crypto/files/patch-setup.py b/security/py-m2crypto/files/patch-setup.py index 6e2719d77feb..df3db2ca45ac 100644 --- a/security/py-m2crypto/files/patch-setup.py +++ b/security/py-m2crypto/files/patch-setup.py @@ -1,35 +1,31 @@ ---- setup.py.orig 2024-10-09 22:15:33 UTC +--- setup.py.orig 2025-10-01 23:07:58 UTC +++ setup.py -@@ -164,11 +164,6 @@ class _M2CryptoBuildExt(build_ext.build_ext): - log.debug('self.openssl_path = %s', self.openssl_path) - log.debug('self.bundledlls = %s', self.bundledlls) +@@ -168,9 +168,6 @@ class _M2CryptoBuildExt(build_ext.build_ext): + log.debug("self.openssl_path = %s", self.openssl_path) + log.debug("self.bundledlls = %s", self.bundledlls) - # swig seems to need the default header file directories -- self.swig_opts.extend( -- ['-I%s' % i for i in _get_additional_includes()] -- ) +- self.swig_opts.extend(["-I%s" % i for i in _get_additional_includes()]) - - log.debug('self.include_dirs = %s', self.include_dirs) - log.debug('self.library_dirs = %s', self.library_dirs) + log.debug("self.include_dirs = %s", self.include_dirs) + log.debug("self.library_dirs = %s", self.library_dirs) -@@ -238,6 +233,11 @@ class _M2CryptoBuildExt(build_ext.build_ext): +@@ -237,6 +234,9 @@ class _M2CryptoBuildExt(build_ext.build_ext): f"gcc -E ended with return code {pid.returncode}" ) + # swig seems to need the default header file directories -+ self.swig_opts.extend( -+ ['-I%s' % i for i in _get_additional_includes()] -+ ) ++ self.swig_opts.extend(["-I%s" % i for i in _get_additional_includes()]) + # Some Linux distributor has added the following line in # /usr/include/openssl/opensslconf.h: # @@ -257,7 +257,7 @@ class _M2CryptoBuildExt(build_ext.build_ext): - '-I' + os.path.join(openssl_include_dir, 'openssl') - ) + if platform.system() == "Darwin": + self.swig_opts.append("-cpperraswarn") -- self.swig_opts.append('-includeall') -+ #self.swig_opts.append('-includeall') - self.swig_opts.append('-builtin') +- self.swig_opts.append("-includeall") ++ #self.swig_opts.append("-includeall") + self.swig_opts.append("-builtin") - build_dir = os.path.join(self.build_lib, 'M2Crypto') + build_dir = os.path.join(self.build_lib, "M2Crypto") diff --git a/security/py-pwntools/Makefile b/security/py-pwntools/Makefile index 187252876f64..a4d19abc86c6 100644 --- a/security/py-pwntools/Makefile +++ b/security/py-pwntools/Makefile @@ -1,6 +1,5 @@ PORTNAME= pwntools -DISTVERSION= 4.14.1 -PORTREVISION= 2 +DISTVERSION= 4.15.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-pwntools/distinfo b/security/py-pwntools/distinfo index 20389087269e..b83fedb7d535 100644 --- a/security/py-pwntools/distinfo +++ b/security/py-pwntools/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1742915479 -SHA256 (pwntools-4.14.1.tar.gz) = 60f04976d1722120d18b9d50553408a024664b5cf888f36f258afca4bf035cac -SIZE (pwntools-4.14.1.tar.gz) = 5612163 +TIMESTAMP = 1760300293 +SHA256 (pwntools-4.15.0.tar.gz) = d99a917298c1ca7241b51bba9ad2212f2af441ef66488059b2426508e9a2a776 +SIZE (pwntools-4.15.0.tar.gz) = 5627629 diff --git a/security/py-pysaml2/Makefile b/security/py-pysaml2/Makefile index 3514ee301704..898b94844f99 100644 --- a/security/py-pysaml2/Makefile +++ b/security/py-pysaml2/Makefile @@ -1,6 +1,5 @@ PORTNAME= pysaml2 -PORTVERSION= 7.5.2 -PORTREVISION= 1 +PORTVERSION= 7.5.4 CATEGORIES= security devel python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -16,9 +15,8 @@ BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}poetry-core>=1.0.0:devel/py-poetry-core@${ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}defusedxml>=0:devel/py-defusedxml@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}openssl>=0,1:security/py-openssl@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}python-dateutil>=0:devel/py-python-dateutil@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}pytz>=0,1:devel/py-pytz@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}requests>=2<3:www/py-requests@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}xmlschema>=2:textproc/py-xmlschema@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}requests>=2.0.0<3.0.0:www/py-requests@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}xmlschema>=2.0.0:textproc/py-xmlschema@${PY_FLAVOR} \ xmlsec1:security/xmlsec1 TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}mock>=0:devel/py-mock@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest>=0:devel/py-pytest@${PY_FLAVOR} \ diff --git a/security/py-pysaml2/distinfo b/security/py-pysaml2/distinfo index ae5f535009ec..6d78add836b5 100644 --- a/security/py-pysaml2/distinfo +++ b/security/py-pysaml2/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1739930200 -SHA256 (pysaml2-7.5.2.tar.gz) = 529fd58107c49a9fd0e98fe545094072262d6533c6acf1124102eab170797de2 -SIZE (pysaml2-7.5.2.tar.gz) = 340843 +TIMESTAMP = 1759774715 +SHA256 (pysaml2-7.5.4.tar.gz) = b827dcaab73c4f7fe001c945401eb442cfda5d22001cea50c20c138e9adeffea +SIZE (pysaml2-7.5.4.tar.gz) = 334172 diff --git a/security/py-pysaml2/files/patch-pyproject.toml b/security/py-pysaml2/files/patch-pyproject.toml index f1dd5e35eecf..71fab6ab80f9 100644 --- a/security/py-pysaml2/files/patch-pyproject.toml +++ b/security/py-pysaml2/files/patch-pyproject.toml @@ -1,17 +1,15 @@ ---- pyproject.toml.orig 2025-02-10 21:49:33 UTC +--- pyproject.toml.orig 1970-01-01 00:00:00 UTC +++ pyproject.toml -@@ -42,12 +42,12 @@ paste = {optional = true, version = "*"} - importlib-metadata = {version = ">=1.7.0", python = "<3.8"} - importlib-resources = {python = "<3.9", version = "*"} - paste = {optional = true, version = "*"} --pyopenssl = "<24.3.0" -+pyopenssl = "*" - python-dateutil = "*" - pytz = "*" - "repoze.who" = {optional = true, version = "*"} - requests = "^2" --xmlschema = "^2" -+xmlschema = ">=2" - "zope.interface" = {optional = true, version = "*"} +@@ -25,10 +25,10 @@ dependencies = [ + dependencies = [ + "cryptography >=3.1", + "defusedxml", +- "pyopenssl <24.3.0", ++ "pyopenssl", + "python-dateutil", + "requests >=2.0.0,<3.0.0", # ^2 means compatible with 2.x +- "xmlschema >=2.0.0,<3.0.0" ++ "xmlschema >=2.0.0" + ] - [tool.poetry.extras] + [project.optional-dependencies] diff --git a/security/py-python-gvm/Makefile b/security/py-python-gvm/Makefile index 0b0fff283ba4..cefeace0d0b5 100644 --- a/security/py-python-gvm/Makefile +++ b/security/py-python-gvm/Makefile @@ -1,5 +1,5 @@ PORTNAME= python-gvm -DISTVERSION= 26.2.1 +DISTVERSION= 26.6.0 DISTVERSIONPREFIX= v CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-python-gvm/distinfo b/security/py-python-gvm/distinfo index aa2cb56cae26..545fa9caec1a 100644 --- a/security/py-python-gvm/distinfo +++ b/security/py-python-gvm/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750729968 -SHA256 (greenbone-python-gvm-v26.2.1_GH0.tar.gz) = bb4a455ab8f716df888e66832dca5a6743c7ebdd9d939993d2863b8cd560d739 -SIZE (greenbone-python-gvm-v26.2.1_GH0.tar.gz) = 333842 +TIMESTAMP = 1759903032 +SHA256 (greenbone-python-gvm-v26.6.0_GH0.tar.gz) = affd14809cdb32e5f08f2b17b3d2d9dc4106598de60bb5a02e059849c06e1676 +SIZE (greenbone-python-gvm-v26.6.0_GH0.tar.gz) = 369658 diff --git a/security/py-ropgadget/Makefile b/security/py-ropgadget/Makefile index e50dc8d424fc..b0e7412db90b 100644 --- a/security/py-ropgadget/Makefile +++ b/security/py-ropgadget/Makefile @@ -1,13 +1,13 @@ PORTNAME= ropgadget -PORTVERSION= 7.6 -PORTREVISION= 1 +PORTVERSION= 7.7 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} MAINTAINER= ehaupt@FreeBSD.org COMMENT= Tool to search gadgets to facilitate ROP exploitation -WWW= https://pypi.org/project/ropgadget/ +WWW= https://pypi.org/project/ropgadget/ \ + https://github.com/JonathanSalwan/ROPgadget LICENSE= BSD3CLAUSE diff --git a/security/py-ropgadget/distinfo b/security/py-ropgadget/distinfo index 754e25afc7e8..ab707c4247d9 100644 --- a/security/py-ropgadget/distinfo +++ b/security/py-ropgadget/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1738402494 -SHA256 (ropgadget-7.6.tar.gz) = 8883c54e4627073a2ce7cd8adbaf7ef72478442c0a5da1308c3c2e37641174c3 -SIZE (ropgadget-7.6.tar.gz) = 25848 +TIMESTAMP = 1760594765 +SHA256 (ropgadget-7.7.tar.gz) = 8aa7db0ce48ae6b09707fecc40bdd88ee5f76afd64249885ef3c9feab5bd9cfb +SIZE (ropgadget-7.7.tar.gz) = 26077 diff --git a/security/py-scramp/Makefile b/security/py-scramp/Makefile index 7d9ab89a65e3..4a6a7eaf594f 100644 --- a/security/py-scramp/Makefile +++ b/security/py-scramp/Makefile @@ -1,5 +1,5 @@ PORTNAME= scramp -PORTVERSION= 1.4.5 +PORTVERSION= 1.4.6 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-scramp/distinfo b/security/py-scramp/distinfo index 3a28992a6d79..ac3438466ee0 100644 --- a/security/py-scramp/distinfo +++ b/security/py-scramp/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1715050187 -SHA256 (scramp-1.4.5.tar.gz) = be3fbe774ca577a7a658117dca014e5d254d158cecae3dd60332dfe33ce6d78e -SIZE (scramp-1.4.5.tar.gz) = 16169 +TIMESTAMP = 1759908629 +SHA256 (scramp-1.4.6.tar.gz) = fe055ebbebf4397b9cb323fcc4b299f219cd1b03fd673ca40c97db04ac7d107e +SIZE (scramp-1.4.6.tar.gz) = 16306 diff --git a/security/py-wassima/Makefile b/security/py-wassima/Makefile index 66269e93a79e..239b3a9c5fbd 100644 --- a/security/py-wassima/Makefile +++ b/security/py-wassima/Makefile @@ -1,5 +1,5 @@ PORTNAME= wassima -PORTVERSION= 2.0.1 +PORTVERSION= 2.0.2 CATEGORIES= security python MASTER_SITES= PYPI \ https://github.com/jawah/wassima/releases/download/${PORTVERSION}/ diff --git a/security/py-wassima/distinfo b/security/py-wassima/distinfo index 578757f6e63e..f022bae6c2e7 100644 --- a/security/py-wassima/distinfo +++ b/security/py-wassima/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1757120826 -SHA256 (wassima-2.0.1.tar.gz) = c383285e1fafdf21fc6f8486fd3f46778ed1295ddfd1595c03e592a8aa248e83 -SIZE (wassima-2.0.1.tar.gz) = 150452 +TIMESTAMP = 1759774717 +SHA256 (wassima-2.0.2.tar.gz) = 45de4ddf2a99e9277cc33616b3b34eee7dfcaaf5059b6e8c19ca62a6c5a65fbf +SIZE (wassima-2.0.2.tar.gz) = 150476 diff --git a/security/py-yubikey-manager/Makefile b/security/py-yubikey-manager/Makefile index 6c3692766307..af0428348488 100644 --- a/security/py-yubikey-manager/Makefile +++ b/security/py-yubikey-manager/Makefile @@ -1,5 +1,5 @@ PORTNAME= yubikey-manager -PORTVERSION= 5.2.0 +PORTVERSION= 5.7.2 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-yubikey-manager/distinfo b/security/py-yubikey-manager/distinfo index 222bb2ba71c4..31053ff43246 100644 --- a/security/py-yubikey-manager/distinfo +++ b/security/py-yubikey-manager/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1693744660 -SHA256 (yubikey_manager-5.2.0.tar.gz) = 45e0f09e3cee2375b6f930dd5d89c1d3a7ca5d5cccb599b16a12f8f7d989fd36 -SIZE (yubikey_manager-5.2.0.tar.gz) = 184873 +TIMESTAMP = 1758393581 +SHA256 (yubikey_manager-5.7.2.tar.gz) = 9aeb4035dcff8f6cb792e83f36e6a9152a9b5b65ac2c2e25e5f20d53c6064e62 +SIZE (yubikey_manager-5.7.2.tar.gz) = 222299 diff --git a/security/rekor/Makefile b/security/rekor/Makefile index 558b50c586fc..e0f0d3921e99 100644 --- a/security/rekor/Makefile +++ b/security/rekor/Makefile @@ -1,7 +1,7 @@ PORTNAME= rekor DISTVERSIONPREFIX= v DISTVERSION= 1.3.10 -PORTREVISION= 5 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/rubygem-acme-client/Makefile b/security/rubygem-acme-client/Makefile index ebd58343040c..4c6bf2db4a4a 100644 --- a/security/rubygem-acme-client/Makefile +++ b/security/rubygem-acme-client/Makefile @@ -1,5 +1,5 @@ PORTNAME= acme-client -PORTVERSION= 2.0.25 +PORTVERSION= 2.0.26 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-acme-client/distinfo b/security/rubygem-acme-client/distinfo index 79a4a4fcfdbd..a544bd690561 100644 --- a/security/rubygem-acme-client/distinfo +++ b/security/rubygem-acme-client/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1757121850 -SHA256 (rubygem/acme-client-2.0.25.gem) = e0bba7b9f785fd9ffe0933f8733ca81357ac46e4a979cb4f84806ab88fee0f31 -SIZE (rubygem/acme-client-2.0.25.gem) = 22016 +TIMESTAMP = 1759816936 +SHA256 (rubygem/acme-client-2.0.26.gem) = 060e5ea5dd2f66b1b2be3f710ac0884dd469ce3a8b3125c8a5c08e09fb6523bd +SIZE (rubygem/acme-client-2.0.26.gem) = 22528 diff --git a/security/rubygem-omniauth-atlassian-oauth2/Makefile b/security/rubygem-omniauth-atlassian-oauth2/Makefile index 84adfad8551b..2950bb0bf995 100644 --- a/security/rubygem-omniauth-atlassian-oauth2/Makefile +++ b/security/rubygem-omniauth-atlassian-oauth2/Makefile @@ -1,6 +1,6 @@ PORTNAME= omniauth-atlassian-oauth2 PORTVERSION= 0.2.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security rubygems MASTER_SITES= RG @@ -10,7 +10,7 @@ WWW= https://github.com/aguynamedben/omniauth-atlassian-oauth2 LICENSE= MIT -RUN_DEPENDS= rubygem-omniauth>=1.1.1:security/rubygem-omniauth \ +RUN_DEPENDS= rubygem-omniauth-gl>=1.1.1:security/rubygem-omniauth-gl \ rubygem-omniauth-oauth2-gitlab>=1.5:net/rubygem-omniauth-oauth2-gitlab USES= gem diff --git a/security/rubygem-omniauth-gl/Makefile b/security/rubygem-omniauth-gl/Makefile new file mode 100644 index 000000000000..ab0fee80121c --- /dev/null +++ b/security/rubygem-omniauth-gl/Makefile @@ -0,0 +1,25 @@ +PORTNAME= omniauth +PORTVERSION= 2.1.4 +CATEGORIES= security rubygems +MASTER_SITES= RG +# this port is a replacement for rubygem-omniauth which fixes depedency conflicts +# normally suffix gitlab is used, but that package already exists, so use gl here +PKGNAMESUFFIX= -gl + +MAINTAINER= mfechner@FreeBSD.org +COMMENT= Generalized Rack framework for multiple-provider authentication +WWW= https://github.com/omniauth/omniauth + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE.md + +RUN_DEPENDS= rubygem-hashie>=3.4.6:devel/rubygem-hashie \ + rubygem-logger-gitlab>=0:devel/rubygem-logger-gitlab \ + rubygem-rack>=2.2.3,3:www/rubygem-rack \ + rubygem-rack-protection3>=0:www/rubygem-rack-protection3 + +USES= cpe gem + +NO_ARCH= yes + +.include <bsd.port.mk> diff --git a/security/rubygem-omniauth-gl/distinfo b/security/rubygem-omniauth-gl/distinfo new file mode 100644 index 000000000000..c01bb1905045 --- /dev/null +++ b/security/rubygem-omniauth-gl/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1759774917 +SHA256 (rubygem/omniauth-2.1.4.gem) = 42a05b0496f0d22e1dd85d42aaf602f064e36bb47a6826a27ab55e5ba608763c +SIZE (rubygem/omniauth-2.1.4.gem) = 23552 diff --git a/security/rubygem-omniauth-gl/pkg-descr b/security/rubygem-omniauth-gl/pkg-descr new file mode 100644 index 000000000000..af12500a727f --- /dev/null +++ b/security/rubygem-omniauth-gl/pkg-descr @@ -0,0 +1 @@ +A generalized Rack framework for multiple-provider authentication. diff --git a/security/rubygem-omniauth-saml-gitlab/Makefile b/security/rubygem-omniauth-saml-gitlab/Makefile index df26eba1210b..f509842c6e31 100644 --- a/security/rubygem-omniauth-saml-gitlab/Makefile +++ b/security/rubygem-omniauth-saml-gitlab/Makefile @@ -1,5 +1,6 @@ PORTNAME= omniauth-saml PORTVERSION= 2.2.4 +PORTREVISION= 1 CATEGORIES= security rubygems MASTER_SITES= RG PKGNAMESUFFIX= -gitlab @@ -11,7 +12,7 @@ WWW= https://github.com/omniauth/omniauth-saml LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE.md -RUN_DEPENDS= rubygem-omniauth>=2.1<3:security/rubygem-omniauth \ +RUN_DEPENDS= rubygem-omniauth-gl>=2.1<3:security/rubygem-omniauth-gl \ rubygem-ruby-saml-gitlab>=1.18<2:security/rubygem-ruby-saml-gitlab USES= gem diff --git a/security/rubygem-omniauth-shibboleth-redux-gitlab/Makefile b/security/rubygem-omniauth-shibboleth-redux-gitlab/Makefile new file mode 100644 index 000000000000..bea66395f74c --- /dev/null +++ b/security/rubygem-omniauth-shibboleth-redux-gitlab/Makefile @@ -0,0 +1,19 @@ +PORTNAME= omniauth-shibboleth-redux +PORTVERSION= 2.0.0 +CATEGORIES= security rubygems +MASTER_SITES= RG +PKGNAMESUFFIX= -gitlab + +MAINTAINER= mfechner@FreeBSD.org +COMMENT= OmniAuth strategy for Shibboleth +WWW= https://www.rubydoc.info/gems/omniauth-shibboleth-redux/2.0.0 + +LICENSE= MIT + +RUN_DEPENDS= rubygem-omniauth-gl>=2.0:security/rubygem-omniauth-gl + +USES= gem + +NO_ARCH= yes + +.include <bsd.port.mk> diff --git a/security/rubygem-omniauth-shibboleth-redux-gitlab/distinfo b/security/rubygem-omniauth-shibboleth-redux-gitlab/distinfo new file mode 100644 index 000000000000..b846c1942b39 --- /dev/null +++ b/security/rubygem-omniauth-shibboleth-redux-gitlab/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1687445435 +SHA256 (rubygem/omniauth-shibboleth-redux-2.0.0.gem) = e9b353fd103405fcc8549e8510b9cad857acf0b286d764fac5dba8a93ab8ffe1 +SIZE (rubygem/omniauth-shibboleth-redux-2.0.0.gem) = 11776 diff --git a/security/rubygem-omniauth-shibboleth-redux-gitlab/pkg-descr b/security/rubygem-omniauth-shibboleth-redux-gitlab/pkg-descr new file mode 100644 index 000000000000..7b858f7c62ae --- /dev/null +++ b/security/rubygem-omniauth-shibboleth-redux-gitlab/pkg-descr @@ -0,0 +1 @@ +OmniAuth Shibboleth strategies for OmniAuth 2.x diff --git a/security/rubygem-omniauth/Makefile b/security/rubygem-omniauth/Makefile index cfb97f146d21..1208c794df85 100644 --- a/security/rubygem-omniauth/Makefile +++ b/security/rubygem-omniauth/Makefile @@ -1,5 +1,5 @@ PORTNAME= omniauth -PORTVERSION= 2.1.3 +PORTVERSION= 2.1.4 CATEGORIES= security rubygems MASTER_SITES= RG @@ -11,6 +11,7 @@ LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE.md RUN_DEPENDS= rubygem-hashie>=3.4.6:devel/rubygem-hashie \ + rubygem-logger>=0:devel/rubygem-logger \ rubygem-rack>=2.2.3,3:www/rubygem-rack \ rubygem-rack-protection3>=0:www/rubygem-rack-protection3 diff --git a/security/rubygem-omniauth/distinfo b/security/rubygem-omniauth/distinfo index 644b0f04cc74..c01bb1905045 100644 --- a/security/rubygem-omniauth/distinfo +++ b/security/rubygem-omniauth/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1740836340 -SHA256 (rubygem/omniauth-2.1.3.gem) = 8d24e2e55c41926c96e4a93fd566bc026dfd6f2c850408748e89945a565956c2 -SIZE (rubygem/omniauth-2.1.3.gem) = 23552 +TIMESTAMP = 1759774917 +SHA256 (rubygem/omniauth-2.1.4.gem) = 42a05b0496f0d22e1dd85d42aaf602f064e36bb47a6826a27ab55e5ba608763c +SIZE (rubygem/omniauth-2.1.4.gem) = 23552 diff --git a/security/rubygem-openssl/Makefile b/security/rubygem-openssl/Makefile index bf4a0ed7825a..c4ce496478bf 100644 --- a/security/rubygem-openssl/Makefile +++ b/security/rubygem-openssl/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssl -PORTVERSION= 3.3.0 +PORTVERSION= 3.3.1 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-openssl/distinfo b/security/rubygem-openssl/distinfo index 172cb0d65bc6..d68cc66857f8 100644 --- a/security/rubygem-openssl/distinfo +++ b/security/rubygem-openssl/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1735228172 -SHA256 (rubygem/openssl-3.3.0.gem) = ff3a573fc97ab30f69483fddc80029f91669bf36532859bd182d1836f45aee79 -SIZE (rubygem/openssl-3.3.0.gem) = 207872 +TIMESTAMP = 1759774919 +SHA256 (rubygem/openssl-3.3.1.gem) = d6682286baedc205e57928111bafa595d6902b086c1dc7abd88ae20acb1cf837 +SIZE (rubygem/openssl-3.3.1.gem) = 207872 diff --git a/security/rubygem-pundit/Makefile b/security/rubygem-pundit/Makefile index 2b64cad6e68b..25fb493ccb6e 100644 --- a/security/rubygem-pundit/Makefile +++ b/security/rubygem-pundit/Makefile @@ -1,5 +1,5 @@ PORTNAME= pundit -PORTVERSION= 2.5.1 +PORTVERSION= 2.5.2 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-pundit/distinfo b/security/rubygem-pundit/distinfo index e753cdb6927e..8f614b016c26 100644 --- a/security/rubygem-pundit/distinfo +++ b/security/rubygem-pundit/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1759324332 -SHA256 (rubygem/pundit-2.5.1.gem) = 0f5a21b1fa2921638d6b21925ad2219e3336e9ef7da486b614e7bb18e299f2de -SIZE (rubygem/pundit-2.5.1.gem) = 24576 +TIMESTAMP = 1759816938 +SHA256 (rubygem/pundit-2.5.2.gem) = e374152baa24f90b630428293faf4b4c5468fc3cc010165f7d8fcb44ce108bbd +SIZE (rubygem/pundit-2.5.2.gem) = 25088 diff --git a/security/sequoia-chameleon-gnupg/Makefile.crates b/security/sequoia-chameleon-gnupg/Makefile.crates index e3dde225d52d..688411394b06 100644 --- a/security/sequoia-chameleon-gnupg/Makefile.crates +++ b/security/sequoia-chameleon-gnupg/Makefile.crates @@ -220,10 +220,10 @@ CARGO_CRATES= addr2line-0.24.2 \ opaque-debug-0.3.1 \ openpgp-cert-d-0.3.4 \ openssh-keys-0.6.4 \ - openssl-0.10.73 \ + openssl-0.10.74 \ openssl-macros-0.1.1 \ openssl-probe-0.1.6 \ - openssl-sys-0.9.109 \ + openssl-sys-0.9.110 \ option-ext-0.2.0 \ parking_lot-0.12.3 \ parking_lot_core-0.9.10 \ diff --git a/security/sequoia-chameleon-gnupg/distinfo b/security/sequoia-chameleon-gnupg/distinfo index f6ee191a5176..6e900ff6b60b 100644 --- a/security/sequoia-chameleon-gnupg/distinfo +++ b/security/sequoia-chameleon-gnupg/distinfo @@ -1,4 +1,4 @@ -TIMESTAMP = 1749443849 +TIMESTAMP = 1760869516 SHA256 (rust/crates/addr2line-0.24.2.crate) = dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1 SIZE (rust/crates/addr2line-0.24.2.crate) = 39015 SHA256 (rust/crates/adler2-2.0.0.crate) = 512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627 @@ -443,14 +443,14 @@ SHA256 (rust/crates/openpgp-cert-d-0.3.4.crate) = d3dd47b0b6df1022ca8a9a06791261 SIZE (rust/crates/openpgp-cert-d-0.3.4.crate) = 32033 SHA256 (rust/crates/openssh-keys-0.6.4.crate) = abb830a82898b2ac17c9620ddce839ac3b34b9cb8a1a037cbdbfb9841c756c3e SIZE (rust/crates/openssh-keys-0.6.4.crate) = 22213 -SHA256 (rust/crates/openssl-0.10.73.crate) = 8505734d46c8ab1e19a1dce3aef597ad87dcb4c37e7188231769bd6bd51cebf8 -SIZE (rust/crates/openssl-0.10.73.crate) = 283994 +SHA256 (rust/crates/openssl-0.10.74.crate) = 24ad14dd45412269e1a30f52ad8f0664f0f4f4a89ee8fe28c3b3527021ebb654 +SIZE (rust/crates/openssl-0.10.74.crate) = 285425 SHA256 (rust/crates/openssl-macros-0.1.1.crate) = a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c SIZE (rust/crates/openssl-macros-0.1.1.crate) = 5601 SHA256 (rust/crates/openssl-probe-0.1.6.crate) = d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e SIZE (rust/crates/openssl-probe-0.1.6.crate) = 8128 -SHA256 (rust/crates/openssl-sys-0.9.109.crate) = 90096e2e47630d78b7d1c20952dc621f957103f8bc2c8359ec81290d75238571 -SIZE (rust/crates/openssl-sys-0.9.109.crate) = 78247 +SHA256 (rust/crates/openssl-sys-0.9.110.crate) = 0a9f0075ba3c21b09f8e8b2026584b1d18d49388648f2fbbf3c97ea8deced8e2 +SIZE (rust/crates/openssl-sys-0.9.110.crate) = 80412 SHA256 (rust/crates/option-ext-0.2.0.crate) = 04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d SIZE (rust/crates/option-ext-0.2.0.crate) = 7345 SHA256 (rust/crates/parking_lot-0.12.3.crate) = f1bf18183cf54e8d6059647fc3063646a1801cf30896933ec2311622cc4b9a27 diff --git a/security/sequoia-sq/Makefile.crates b/security/sequoia-sq/Makefile.crates index e024b9ff73bc..387830b068c5 100644 --- a/security/sequoia-sq/Makefile.crates +++ b/security/sequoia-sq/Makefile.crates @@ -268,10 +268,10 @@ CARGO_CRATES= addr2line-0.24.2 \ once_cell-1.20.3 \ opaque-debug-0.3.1 \ openpgp-cert-d-0.3.4 \ - openssl-0.10.72 \ + openssl-0.10.74 \ openssl-macros-0.1.1 \ openssl-probe-0.1.6 \ - openssl-sys-0.9.108 \ + openssl-sys-0.9.110 \ option-ext-0.2.0 \ overload-0.1.1 \ p256-0.13.2 \ diff --git a/security/sequoia-sq/distinfo b/security/sequoia-sq/distinfo index e61f47d57d32..5a90c1cccb31 100644 --- a/security/sequoia-sq/distinfo +++ b/security/sequoia-sq/distinfo @@ -1,4 +1,4 @@ -TIMESTAMP = 1746324651 +TIMESTAMP = 1760869288 SHA256 (rust/crates/addr2line-0.24.2.crate) = dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1 SIZE (rust/crates/addr2line-0.24.2.crate) = 39015 SHA256 (rust/crates/adler2-2.0.0.crate) = 512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627 @@ -539,14 +539,14 @@ SHA256 (rust/crates/opaque-debug-0.3.1.crate) = c08d65885ee38876c4f86fa503fb49d7 SIZE (rust/crates/opaque-debug-0.3.1.crate) = 7066 SHA256 (rust/crates/openpgp-cert-d-0.3.4.crate) = d3dd47b0b6df1022ca8a9a06791261c3153028abef191fe53aa326b7f443f2d6 SIZE (rust/crates/openpgp-cert-d-0.3.4.crate) = 32033 -SHA256 (rust/crates/openssl-0.10.72.crate) = fedfea7d58a1f73118430a55da6a286e7b044961736ce96a16a17068ea25e5da -SIZE (rust/crates/openssl-0.10.72.crate) = 283852 +SHA256 (rust/crates/openssl-0.10.74.crate) = 24ad14dd45412269e1a30f52ad8f0664f0f4f4a89ee8fe28c3b3527021ebb654 +SIZE (rust/crates/openssl-0.10.74.crate) = 285425 SHA256 (rust/crates/openssl-macros-0.1.1.crate) = a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c SIZE (rust/crates/openssl-macros-0.1.1.crate) = 5601 SHA256 (rust/crates/openssl-probe-0.1.6.crate) = d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e SIZE (rust/crates/openssl-probe-0.1.6.crate) = 8128 -SHA256 (rust/crates/openssl-sys-0.9.108.crate) = e145e1651e858e820e4860f7b9c5e169bc1d8ce1c86043be79fa7b7634821847 -SIZE (rust/crates/openssl-sys-0.9.108.crate) = 78190 +SHA256 (rust/crates/openssl-sys-0.9.110.crate) = 0a9f0075ba3c21b09f8e8b2026584b1d18d49388648f2fbbf3c97ea8deced8e2 +SIZE (rust/crates/openssl-sys-0.9.110.crate) = 80412 SHA256 (rust/crates/option-ext-0.2.0.crate) = 04744f49eae99ab78e0d5c0b603ab218f515ea8cfe5a456d7629ad883a3b6e7d SIZE (rust/crates/option-ext-0.2.0.crate) = 7345 SHA256 (rust/crates/overload-0.1.1.crate) = b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39 diff --git a/security/snort3/Makefile b/security/snort3/Makefile index 7064f6c2546e..fa6259073b73 100644 --- a/security/snort3/Makefile +++ b/security/snort3/Makefile @@ -1,5 +1,5 @@ PORTNAME= snort -DISTVERSION= 3.9.5.0 +DISTVERSION= 3.9.6.0 PORTEPOCH= 1 CATEGORIES= security PKGNAMESUFFIX= 3 diff --git a/security/snort3/distinfo b/security/snort3/distinfo index 4822b69ada6a..47f4b7749cf7 100644 --- a/security/snort3/distinfo +++ b/security/snort3/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1757072847 -SHA256 (snort3-snort3-3.9.5.0_GH0.tar.gz) = e2e36a8db2c4c26a6ff58ea58839339260319eba25d0eb901ddb7210f4fa4b4c -SIZE (snort3-snort3-3.9.5.0_GH0.tar.gz) = 3525177 +TIMESTAMP = 1760113964 +SHA256 (snort3-snort3-3.9.6.0_GH0.tar.gz) = 2335678bc5ff4f876dcdb6985407a5312b0f3bb470da29e2926f57f942ce3b94 +SIZE (snort3-snort3-3.9.6.0_GH0.tar.gz) = 3531813 diff --git a/security/snort3/pkg-plist b/security/snort3/pkg-plist index 6e0c9db565da..62725f115b01 100644 --- a/security/snort3/pkg-plist +++ b/security/snort3/pkg-plist @@ -216,6 +216,7 @@ include/snort/pub_sub/intrinsic_event_ids.h include/snort/pub_sub/netflow_event.h include/snort/pub_sub/opportunistic_tls_event.h include/snort/pub_sub/packet_events.h +include/snort/pub_sub/quic_events.h include/snort/pub_sub/reputation_events.h include/snort/pub_sub/rna_events.h include/snort/pub_sub/shadowtraffic_aggregator.h diff --git a/security/snowflake-tor/Makefile b/security/snowflake-tor/Makefile index 0e82f830ff48..0f0d6d166705 100644 --- a/security/snowflake-tor/Makefile +++ b/security/snowflake-tor/Makefile @@ -1,7 +1,7 @@ PORTNAME= snowflake DISTVERSIONPREFIX= v PORTVERSION= 2.5.1 -PORTREVISION= 23 +PORTREVISION= 25 CATEGORIES= security net PKGNAMESUFFIX= -tor diff --git a/security/sops/Makefile b/security/sops/Makefile index c955061044a7..f51b8bcf5c76 100644 --- a/security/sops/Makefile +++ b/security/sops/Makefile @@ -1,6 +1,7 @@ PORTNAME= sops DISTVERSIONPREFIX= v DISTVERSION= 3.11.0 +PORTREVISION= 2 CATEGORIES= security editors MAINTAINER= bofh@FreeBSD.org diff --git a/security/spass-qt5/Makefile b/security/spass-qt5/Makefile index cb0362e8c3aa..81a97faab303 100644 --- a/security/spass-qt5/Makefile +++ b/security/spass-qt5/Makefile @@ -1,4 +1,4 @@ -PORTREVISION= 6 +PORTREVISION= 7 PKGNAMESUFFIX= -qt5 COMMENT= Secure password generator with a true RNG (Qt5 GUI) diff --git a/security/spass/Makefile b/security/spass/Makefile index 02b0b6eb7a2f..85ab68d86e82 100644 --- a/security/spass/Makefile +++ b/security/spass/Makefile @@ -2,7 +2,7 @@ PORTNAME= spass DISTVERSIONPREFIX= v DISTVERSION= 3.2-5 DISTVERSIONSUFFIX= -gd38d173 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/ssb/Makefile b/security/ssb/Makefile index d0938babaec5..1d74b16ca88e 100644 --- a/security/ssb/Makefile +++ b/security/ssb/Makefile @@ -1,7 +1,7 @@ PORTNAME= ssb DISTVERSIONPREFIX= v DISTVERSION= 0.1.1 -PORTREVISION= 29 +PORTREVISION= 31 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/ssl-checker/Makefile b/security/ssl-checker/Makefile index 93673abb45d9..8a185d71eb5d 100644 --- a/security/ssl-checker/Makefile +++ b/security/ssl-checker/Makefile @@ -1,7 +1,7 @@ PORTNAME= ssl-checker DISTVERSIONPREFIX= v DISTVERSION= 0.1.7 -PORTREVISION= 2 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= olgeni@FreeBSD.org diff --git a/security/ssllabs-scan/Makefile b/security/ssllabs-scan/Makefile index a36d64259294..825d5add606a 100644 --- a/security/ssllabs-scan/Makefile +++ b/security/ssllabs-scan/Makefile @@ -1,7 +1,7 @@ PORTNAME= ssllabs-scan DISTVERSIONPREFIX= v DISTVERSION= 1.5.0 -PORTREVISION= 29 +PORTREVISION= 31 CATEGORIES= security net MAINTAINER= egypcio@FreeBSD.org diff --git a/security/stegify/Makefile b/security/stegify/Makefile index 06d7e41a9747..34dc80e26750 100644 --- a/security/stegify/Makefile +++ b/security/stegify/Makefile @@ -2,7 +2,7 @@ PORTNAME= stegify DISTVERSIONPREFIX= v DISTVERSION= 1.2-2 DISTVERSIONSUFFIX= -g62518ca -PORTREVISION= 29 +PORTREVISION= 31 CATEGORIES= security graphics MAINTAINER= yuri@FreeBSD.org diff --git a/security/stunnel/Makefile b/security/stunnel/Makefile index d7821765d699..dcf88a4b70db 100644 --- a/security/stunnel/Makefile +++ b/security/stunnel/Makefile @@ -1,5 +1,5 @@ PORTNAME= stunnel -DISTVERSION= 5.75 +DISTVERSION= 5.76 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= https://www.stunnel.org/downloads/archive/5.x/ \ diff --git a/security/stunnel/distinfo b/security/stunnel/distinfo index 476e706b3102..c492d2481db0 100644 --- a/security/stunnel/distinfo +++ b/security/stunnel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752001963 -SHA256 (stunnel-5.75.tar.gz) = 0c1ef0ed85240974dccb94fe74fb92d6383474c7c0d10e8796d1f781a3ba5683 -SIZE (stunnel-5.75.tar.gz) = 921591 +TIMESTAMP = 1760885143 +SHA256 (stunnel-5.76.tar.gz) = cda37eb4d0fb1e129718ed27ad77b5735e899394ce040bb2be28bbb937fd79e1 +SIZE (stunnel-5.76.tar.gz) = 925880 diff --git a/security/su-exec/Makefile b/security/su-exec/Makefile index 78174b9f1690..051ae374a935 100644 --- a/security/su-exec/Makefile +++ b/security/su-exec/Makefile @@ -1,6 +1,6 @@ PORTNAME= su-exec DISTVERSIONPREFIX= v -DISTVERSION= 0.2 +DISTVERSION= 0.3 CATEGORIES= security MAINTAINER= dtxdf@FreeBSD.org diff --git a/security/su-exec/distinfo b/security/su-exec/distinfo index bb9ae6f6cb03..c45c08386870 100644 --- a/security/su-exec/distinfo +++ b/security/su-exec/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1690896135 -SHA256 (ncopa-su-exec-v0.2_GH0.tar.gz) = ec4acbd8cde6ceeb2be67eda1f46c709758af6db35cacbcde41baac349855e25 -SIZE (ncopa-su-exec-v0.2_GH0.tar.gz) = 2426 +TIMESTAMP = 1760647029 +SHA256 (ncopa-su-exec-v0.3_GH0.tar.gz) = 1de7479857879b6d14772792375290a87eac9a37b0524d39739a4a0739039620 +SIZE (ncopa-su-exec-v0.3_GH0.tar.gz) = 3921 diff --git a/security/tailscale/Makefile b/security/tailscale/Makefile index fbddd7a9b73d..f39f1869caf6 100644 --- a/security/tailscale/Makefile +++ b/security/tailscale/Makefile @@ -1,6 +1,7 @@ PORTNAME= tailscale PORTVERSION= 1.88.3 DISTVERSIONPREFIX= v +PORTREVISION= 2 CATEGORIES= security net-vpn MAINTAINER= ashish@FreeBSD.org diff --git a/security/teleport/Makefile b/security/teleport/Makefile index 498f279fe1dd..ec200d472e03 100644 --- a/security/teleport/Makefile +++ b/security/teleport/Makefile @@ -1,7 +1,7 @@ PORTNAME= teleport DISTVERSIONPREFIX= v DISTVERSION= 5.2.5 -PORTREVISION= 18 +PORTREVISION= 20 CATEGORIES= security MAINTAINER= kraileth@elderlinux.org diff --git a/security/theonionbox/Makefile b/security/theonionbox/Makefile index 0fa3e888427d..c76915ba3af4 100644 --- a/security/theonionbox/Makefile +++ b/security/theonionbox/Makefile @@ -1,6 +1,6 @@ PORTNAME= theonionbox DISTVERSION= 4.3.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security net python MASTER_SITES= PYPI @@ -17,7 +17,7 @@ RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}APScheduler>=3.4:devel/py-apscheduler@${PY_F ${PYTHON_PKGNAMEPREFIX}requests>2.18:www/py-requests@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}stem>=1.5.4:security/py-stem@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}tzlocal>=1.5:devel/py-tzlocal@${PY_FLAVOR} \ - ${PYTHON_PKGNAMEPREFIX}urllib3>=1.21.1,1<1.27,1:net/py-urllib3@${PY_FLAVOR} + ${PYTHON_PKGNAMEPREFIX}urllib3>=1.21.1,1:net/py-urllib3@${PY_FLAVOR} RUN_DEPENDS+= ${PYTHON_PKGNAMEPREFIX}sqlite3>=0:databases/py-sqlite3@${PY_FLAVOR} # workaround for bug#230613: missing internal sqlite3 module in python USES= python diff --git a/security/theonionbox/files/patch-setup.py b/security/theonionbox/files/patch-setup.py index 0447f6547c50..3b045a2a553a 100644 --- a/security/theonionbox/files/patch-setup.py +++ b/security/theonionbox/files/patch-setup.py @@ -32,7 +32,7 @@ 'tzlocal>=1.5', 'futures>=3.2; python_version<"3.0"', - 'urllib3>=1.24.2, <1.25' # '<1.25' due to requests 2.21 requirement -+ 'urllib3>=1.21.1,<1.27' # copied (except the exclusions) from requests 2.25.1 ++ 'urllib3>=1.21.1' # copied (except the exclusions) from requests 2.25.1 ], long_description_content_type='text/x-rst; charset=UTF-8', classifiers=[ diff --git a/security/timestamp-authority/Makefile b/security/timestamp-authority/Makefile index 32ac2a2a5c2a..6e6d42f51e03 100644 --- a/security/timestamp-authority/Makefile +++ b/security/timestamp-authority/Makefile @@ -1,6 +1,7 @@ PORTNAME= timestamp-authority DISTVERSIONPREFIX= v DISTVERSION= 1.2.9 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/tlsc/Makefile b/security/tlsc/Makefile index 6b51b60916c8..62a7008de6f7 100644 --- a/security/tlsc/Makefile +++ b/security/tlsc/Makefile @@ -4,13 +4,16 @@ CATEGORIES= security MASTER_SITES= https://github.com/Zirias/%SUBDIR%/ MASTER_SITE_SUBDIR= ${PORTNAME}/releases/download/v${DISTVERSION} -MAINTAINER= zirias@FreeBSD.org +MAINTAINER= ports@FreeBSD.org COMMENT= TLS connect daemon WWW= https://github.com/Zirias/tlsc LICENSE= BSD2CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE.txt +DEPRECATED= Unmaintained port +EXPIRATION_DATE=2025-12-31 + LIB_DEPENDS= libposercore.so:devel/poser USES= compiler:c11 gmake pkgconfig tar:xz diff --git a/security/totp-cli/Makefile b/security/totp-cli/Makefile index b6fad616d90f..0f2e324d34ba 100644 --- a/security/totp-cli/Makefile +++ b/security/totp-cli/Makefile @@ -1,7 +1,7 @@ PORTNAME= totp-cli PORTVERSION= 1.9.2 DISTVERSIONPREFIX= v -PORTREVISION= 6 +PORTREVISION= 8 CATEGORIES= security MAINTAINER= sunpoet@FreeBSD.org diff --git a/security/trillian/Makefile b/security/trillian/Makefile index 7bdeb3e299f9..0b1ab83c64e0 100644 --- a/security/trillian/Makefile +++ b/security/trillian/Makefile @@ -1,7 +1,7 @@ PORTNAME= trillian DISTVERSIONPREFIX= v DISTVERSION= 1.7.2 -PORTREVISION= 5 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/trivy/Makefile b/security/trivy/Makefile index a3a64eed48e0..29b172020359 100644 --- a/security/trivy/Makefile +++ b/security/trivy/Makefile @@ -1,6 +1,6 @@ PORTNAME= trivy DISTVERSIONPREFIX= v -DISTVERSION= 0.66.0 +DISTVERSION= 0.67.2 PORTREVISION= 1 CATEGORIES= security @@ -13,14 +13,19 @@ LICENSE_FILE= ${WRKSRC}/LICENSE BROKEN_i386= not supported, see https://github.com/aquasecurity/trivy/pull/9102 -USES= go:modules,1.24 +USES= go:modules,1.25 +USE_GITHUB= yes +GH_ACCOUNT= aquasecurity +GH_PROJECT= trivy +GO_MOD_DIST= github GO_MODULE= github.com/aquasecurity/trivy GO_TARGET= ./cmd/trivy GO_BUILDFLAGS= -ldflags=" \ -extldflags '-static' \ -X github.com/aquasecurity/trivy/pkg/version.ver=${DISTVERSION} \ -s -w" +MAKE_ENV= GOEXPERIMENT=jsonv2 PLIST_FILES= bin/${PORTNAME} diff --git a/security/trivy/distinfo b/security/trivy/distinfo index c7848514d223..28fde0ce1daa 100644 --- a/security/trivy/distinfo +++ b/security/trivy/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1756878437 -SHA256 (go/security_trivy/trivy-v0.66.0/v0.66.0.mod) = 41bedcea560a0f606080b34320349b4c21d920aeadb0e57a81d5fcbc4cf58823 -SIZE (go/security_trivy/trivy-v0.66.0/v0.66.0.mod) = 25763 -SHA256 (go/security_trivy/trivy-v0.66.0/v0.66.0.zip) = 78fb7cca5602ee1927808488e3306a9d0d1ba26c4817ceff055d10ed04da9d1b -SIZE (go/security_trivy/trivy-v0.66.0/v0.66.0.zip) = 59145292 +TIMESTAMP = 1760123985 +SHA256 (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/go.mod) = 130a0a0c893125dadbcc30ec66370aac6f848cc1b116a5d1acae4ceecb5a256d +SIZE (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/go.mod) = 26741 +SHA256 (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/aquasecurity-trivy-v0.67.2_GH0.tar.gz) = 280ff8cfb17d05d6b4d1b07bdd3cd26971032301bedb3b800a14886e64ce75eb +SIZE (go/security_trivy/aquasecurity-trivy-v0.67.2_GH0/aquasecurity-trivy-v0.67.2_GH0.tar.gz) = 57236343 diff --git a/security/trufflehog/Makefile b/security/trufflehog/Makefile index 740f6c9cdd47..0d373bc6e467 100644 --- a/security/trufflehog/Makefile +++ b/security/trufflehog/Makefile @@ -1,7 +1,7 @@ PORTNAME= trufflehog DISTVERSIONPREFIX= v -DISTVERSION= 3.88.20 -PORTREVISION= 2 +DISTVERSION= 3.90.8 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org @@ -15,7 +15,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE BROKEN_armv7= compilation fails see details here: https://github.com/trufflesecurity/trufflehog/issues/3791 BROKEN_i386= compilation fails see details here: https://github.com/trufflesecurity/trufflehog/issues/3791 -USES= go:1.23,modules +USES= go:1.24,modules GO_MODULE= github.com/trufflesecurity/trufflehog/v3 #GO_TARGET= ./${PORTNAME} diff --git a/security/trufflehog/distinfo b/security/trufflehog/distinfo index 069cda51bc9b..688ef8f8fab7 100644 --- a/security/trufflehog/distinfo +++ b/security/trufflehog/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1743223582 -SHA256 (go/security_trufflehog/trufflehog-v3.88.20/v3.88.20.mod) = 6e4ae6fff686ae7d42abd0e3228b573b74ca7d46931246769afdd1d00962083c -SIZE (go/security_trufflehog/trufflehog-v3.88.20/v3.88.20.mod) = 17238 -SHA256 (go/security_trufflehog/trufflehog-v3.88.20/v3.88.20.zip) = 2f2cf8aa3d24ac2b90417cc9928ce16cf183a67a12d28df149b7245838e5f455 -SIZE (go/security_trufflehog/trufflehog-v3.88.20/v3.88.20.zip) = 7009160 +TIMESTAMP = 1759988240 +SHA256 (go/security_trufflehog/trufflehog-v3.90.8/v3.90.8.mod) = de478c71728abac849a656174a47126cadef2b9deb59991c2c74deaee0a1d8b5 +SIZE (go/security_trufflehog/trufflehog-v3.90.8/v3.90.8.mod) = 16492 +SHA256 (go/security_trufflehog/trufflehog-v3.90.8/v3.90.8.zip) = 1dce73537429b8174dadb63e7cb11e4148e6c316b1d65cc7b68009055d811789 +SIZE (go/security_trufflehog/trufflehog-v3.90.8/v3.90.8.zip) = 7427851 diff --git a/security/trufflehog/pkg-descr b/security/trufflehog/pkg-descr index b7e8bddc4a15..a13e135d0c34 100644 --- a/security/trufflehog/pkg-descr +++ b/security/trufflehog/pkg-descr @@ -1,2 +1,10 @@ -TruffleHog scans for sensitive keys in hidden content and version history from -commonly used tools across your company. +TruffleHog is a security tool that scans for secrets and credentials in your +code. It can scan git repositories, GitHub, GitLab, S3 buckets, and more. +TruffleHog finds API keys, private keys, and other sensitive information +before they can be compromised. + +Features: +* Scans for over 700 types of credentials. +* Verifies found secrets to reduce false positives. +* Can be integrated into CI/CD pipelines. +* Scans the entire commit history of git repositories. diff --git a/security/tscli/Makefile b/security/tscli/Makefile index 730a440763dc..d818f759e101 100644 --- a/security/tscli/Makefile +++ b/security/tscli/Makefile @@ -1,7 +1,7 @@ PORTNAME= tscli DISTVERSIONPREFIX= v DISTVERSION= 0.0.15 -PORTREVISION= 2 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= dtxdf@FreeBSD.org diff --git a/security/unix-selfauth-helper/Makefile b/security/unix-selfauth-helper/Makefile index 9273cdff3650..7ca163de3985 100644 --- a/security/unix-selfauth-helper/Makefile +++ b/security/unix-selfauth-helper/Makefile @@ -4,12 +4,15 @@ PORTREVISION= 1 CATEGORIES= security MASTER_SITES= ${WWW}/releases/download/v${DISTVERSION}/ -MAINTAINER= zirias@FreeBSD.org +MAINTAINER= ports@FreeBSD.org COMMENT= Local self-authentication for pam_exec WWW= https://github.com/Zirias/${PORTNAME} LICENSE= BSD2CLAUSE +DEPRECATED= Unmaintained port +EXPIRATION_DATE=2025-12-31 + USES= tar:xz MAKE_ARGS+= MANDIR=${PREFIX}/share/man/man diff --git a/security/vault/Makefile b/security/vault/Makefile index 7906ac22206e..70a7c7f51c21 100644 --- a/security/vault/Makefile +++ b/security/vault/Makefile @@ -1,6 +1,7 @@ PORTNAME= vault DISTVERSIONPREFIX= v DISTVERSION= 1.20.3 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://raw.githubusercontent.com/hashicorp/vault/${DISTVERSIONFULL}/ \ LOCAL/bofh/security/${PORTNAME}/:web_ui diff --git a/security/vouch-proxy/Makefile b/security/vouch-proxy/Makefile index f430df7765fd..3101f03a39b9 100644 --- a/security/vouch-proxy/Makefile +++ b/security/vouch-proxy/Makefile @@ -1,7 +1,7 @@ PORTNAME= vouch-proxy DISTVERSIONPREFIX=v DISTVERSION= 0.45.1 -PORTREVISION= 2 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= decke@FreeBSD.org diff --git a/security/vuls/Makefile b/security/vuls/Makefile index 2985112994c9..f00c2b561b70 100644 --- a/security/vuls/Makefile +++ b/security/vuls/Makefile @@ -1,6 +1,6 @@ PORTNAME= vuls DISTVERSIONPREFIX=v -DISTVERSION= 0.35.0 +DISTVERSION= 0.35.1 CATEGORIES= security MAINTAINER= girgen@FreeBSD.org diff --git a/security/vuls/distinfo b/security/vuls/distinfo index ef235beca798..c1d0d4295ddc 100644 --- a/security/vuls/distinfo +++ b/security/vuls/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1759132452 -SHA256 (go/security_vuls/vuls-v0.35.0/v0.35.0.mod) = 521aaa89e904b2b4373aaf7362e4d26858ec201a28fc7c42a3e35c781655a906 -SIZE (go/security_vuls/vuls-v0.35.0/v0.35.0.mod) = 20129 -SHA256 (go/security_vuls/vuls-v0.35.0/v0.35.0.zip) = abfb9672c98bcc57afe74d5f42146bf917f67cfb284f0979e726e842e978a71e -SIZE (go/security_vuls/vuls-v0.35.0/v0.35.0.zip) = 1402114 +TIMESTAMP = 1760726777 +SHA256 (go/security_vuls/vuls-v0.35.1/v0.35.1.mod) = 3eb926833e78730f85a28c7100ae7f069ae9fe750139831f0a273d8ca212eadb +SIZE (go/security_vuls/vuls-v0.35.1/v0.35.1.mod) = 20130 +SHA256 (go/security_vuls/vuls-v0.35.1/v0.35.1.zip) = 9e665e4e40f50de6dbb8f04dcb3e34fb86956fe13e5bc21c87e42428efa6d5e0 +SIZE (go/security_vuls/vuls-v0.35.1/v0.35.1.zip) = 1402841 diff --git a/security/vulsrepo/Makefile b/security/vulsrepo/Makefile index da2e8927160c..083a81530d90 100644 --- a/security/vulsrepo/Makefile +++ b/security/vulsrepo/Makefile @@ -1,7 +1,7 @@ PORTNAME= vulsrepo PORTVERSION= 0.7.1 DISTVERSIONPREFIX=v -PORTREVISION= 13 +PORTREVISION= 15 CATEGORIES= security www MASTER_SITES= https://raw.githubusercontent.com/${GH_ACCOUNT}/${PORTNAME}/v${PORTVERSION}/server/:gomod DISTFILES= go.mod:gomod diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 40c4f7ffc7bb..bc28d678e584 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,892 @@ + <vuln vid="269c2de7-afaa-11f0-b4c8-792b26d8a051"> + <topic>RT -- XSS via calendar invitations</topic> + <affects> + <package> + <name>rt60</name> + <name>rt50</name> + <range><ge>6.0.0</ge><lt>6.0.2</lt></range> + <range><ge>5.0.4</ge><lt>5.0.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mateusz Szymaniec and CERT Polska Reports:</p> + <blockquote cite="https://github.com/bestpractical/rt/releases/tag/rt-6.0.2"> + <p>RT is vulnerable to XSS via calendar invitations added to a + ticket. Thanks to Mateusz Szymaniec and CERT Polska for + reporting this finding.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9158</cvename> + <url>https://github.com/bestpractical/rt/releases/tag/rt-6.0.2</url> + </references> + <dates> + <discovery>2025-10-23</discovery> + <entry>2025-10-23</entry> + </dates> + </vuln> + + <vuln vid="b374df95-afa8-11f0-b4c8-792b26d8a051"> + <topic>RT -- CSV injection</topic> + <affects> + <package> + <name>rt60</name> + <name>rt50</name> + <name>rt44</name> + <range><ge>6.0.0</ge><lt>6.0.2</lt></range> + <range><ge>5.0.0</ge><lt>5.0.9</lt></range> + <range><ge>4.4.0</ge><lt>4.4.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gareth Watkin-Jones from 4armed reports:</p> + <blockquote cite="https://github.com/bestpractical/rt/releases/tag/rt-6.0.2"> + <p>RT is vulnerable to CSV injection via ticket values with + special characters that are exported to a TSV from search + results. Thanks to Gareth Watkin-Jones from 4armed for + reporting this finding.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-61873</cvename> + <url>https://github.com/bestpractical/rt/releases/tag/rt-6.0.2</url> + </references> + <dates> + <discovery>2025-10-23</discovery> + <entry>2025-10-23</entry> + </dates> + </vuln> + + <vuln vid="114cc98b-afad-11f0-af12-bc241121aa0a"> + <topic>FreeBSD -- SO_REUSEPORT_LB breaks connect(2) for UDP sockets</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>14.3</ge><lt>14.3_5</lt></range> + <range><ge>13.5</ge><lt>13.5_6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>Connected sockets are not intended to belong to load-balancing + groups. However, the kernel failed to check the connection state + of sockets when adding them to load-balancing groups. Furthermore, + when looking up the destination socket for an incoming packet, the + kernel will match a socket belonging to a load-balancing group even + if it is connected.</p> + <p>Connected sockets are only supposed to receive packets originating + from the connected host. The above behavior violates this contract.</p> + <h1>Impact:</h1> + <p>Software which sets SO_REUSEPORT_LB on a socket and then connects + it to a host will not observe any problems. However, due to its + membership in a load-balancing group, that socket will receive + packets originating from any host. This breaks the contract of the + connect(2) and implied connect via sendto(2), and may leave the + application vulnerable to spoofing attacks.</p> + </body> + </description> + <references> + <cvename>CVE-2025-24934</cvename> + <freebsdsa>SA-25:09.netinet</freebsdsa> + </references> + <dates> + <discovery>2025-10-22</discovery> + <entry>2025-10-23</entry> + </dates> + </vuln> + + <vuln vid="f741ea93-af61-11f0-98b5-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.5.0</ge><lt>18.5.1</lt></range> + <range><ge>18.4.0</ge><lt>18.4.3</lt></range> + <range><ge>10.6.0</ge><lt>18.3.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/"> + <p>Improper access control issue in runner API impacts GitLab EE</p> + <p>Denial of service issue in event collection impacts GitLab CE/EE</p> + <p>Denial of service issue in JSON validation impacts GitLab CE/EE</p> + <p>Denial of service issue in upload impacts GitLab CE/EE</p> + <p>Incorrect Authorization issue in pipeline builds impacts GitLab CE</p> + <p>Business logic error issue in group memberships impacts GitLab EE</p> + <p>Missing authorization issue in quick actions impacts GitLab EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11702</cvename> + <cvename>CVE-2025-10497</cvename> + <cvename>CVE-2025-11447</cvename> + <cvename>CVE-2025-11974</cvename> + <cvename>CVE-2025-11971</cvename> + <cvename>CVE-2025-6601</cvename> + <cvename>CVE-2025-11989</cvename> + <url>https://about.gitlab.com/releases/2025/10/22/patch-release-gitlab-18-5-1-released/</url> + </references> + <dates> + <discovery>2025-10-22</discovery> + <entry>2025-10-22</entry> + </dates> + </vuln> + + <vuln vid="88f34edb-ae9b-11f0-b3f7-a8a1599412c6"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>141.0.7390.107</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>141.0.7390.107</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html"> + <p>This update includes 1 security fix:</p> + <ul> + <li>[447192722] High CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine on 2025-09-25</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11756</cvename> + <url>https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_14.html</url> + </references> + <dates> + <discovery>2025-10-14</discovery> + <entry>2025-10-21</entry> + </dates> + </vuln> + + <vuln vid="60ddafd2-ae9e-11f0-b3f7-a8a1599412c6"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>141.0.7390.65</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>141.0.7390.65</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html"> + <p>This update includes 3 security fixes:</p> + <ul> + <li>[443196747] High CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab on 2025-09-05</li> + <li>[446722008] High CVE-2025-11460: Use after free in Storage. Reported by Sombra on 2025-09-23</li> + <li>[441917796] Medium CVE-2025-11211: Out of bounds read in WebCodecs. Reported by Jakob Košir on 2025-08-29</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11458</cvename> + <cvename>CVE-2025-11460</cvename> + <cvename>CVE-2025-11211</cvename> + <url>https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html</url> + </references> + <dates> + <discovery>2025-10-07</discovery> + <entry>2025-10-21</entry> + </dates> + </vuln> + + <vuln vid="cdf2abf7-ae83-11f0-b5fb-b42e991fc52e"> + <topic>Mongodb -- Use-after-free in the MongoDB</topic> + <affects> + <package> + <name>mongodb70</name> + <range><lt>7.0.25</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.15</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@mongodb.com reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-105873"> + <p>An authorized user may crash the MongoDB server by + causing buffer over-read. This can be done by issuing a DDL + operation while queries are being issued, under some + conditions.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11979</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11979</url> + </references> + <dates> + <discovery>2025-10-20</discovery> + <entry>2025-10-21</entry> + </dates> + </vuln> + + <vuln vid="4553e4b3-addf-11f0-9b8d-40a6b7c3b3b8"> + <topic>Hidden/Protected custom variables are prone to filter enumeration</topic> + <affects> + <package> + <name>icingaweb2-module-icingadb-php81</name> + <range><lt>1.1.4</lt></range> + <range><ge>1.2</ge><lt>1.2.3,1</lt></range> + </package> + <package> + <name>icingaweb2-module-icingadb-php82</name> + <range><lt>1.1.4</lt></range> + <range><ge>1.2</ge><lt>1.2.3,1</lt></range> + </package> + <package> + <name>icingaweb2-module-icingadb-php83</name> + <range><lt>1.1.4</lt></range> + <range><ge>1.2</ge><lt>1.2.3,1</lt></range> + </package> + <package> + <name>icingaweb2-module-icingadb-php84</name> + <range><lt>1.1.4</lt></range> + <range><ge>1.2</ge><lt>1.2.3,1</lt></range> + </package> + <package> + <name>icingaweb2-module-icingadb-php85</name> + <range><lt>1.1.4</lt></range> + <range><ge>1.2</ge><lt>1.2.3,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Icinga reports:</p> + <blockquote cite="https://github.com/Icinga/icingadb-web/security/advisories/GHSA-w57j-28jc-8429"> + <p>An authorized user with access to Icinga DB Web, can use + a custom variable in a filter that is either protected by + icingadb/protect/variables or hidden by icingadb/denylist/variables, + to guess values assigned to it.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-61789</cvename> + <url>https://github.com/Icinga/icingadb-web/security/advisories/GHSA-w57j-28jc-8429</url> + </references> + <dates> + <discovery>2025-10-16</discovery> + <entry>2025-10-20</entry> + </dates> + </vuln> + + <vuln vid="4355ce42-ad06-11f0-b2aa-b42e991fc52e"> + <topic>Mozilla -- XSS in sites without content-type header</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>144.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.4.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>144.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1979536"> + <p>A malicious page could have used the type attribute of an OBJECT + tag to override the default browser behavior when encountering a + web resource served without a content-type. This could have + contributed to an XSS on a site that unsafely serves files without + a content-type header.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11712</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11712</url> + </references> + <dates> + <discovery>2025-10-14</discovery> + <entry>2025-10-19</entry> + </dates> + </vuln> + + <vuln vid="fff839db-ad04-11f0-b2aa-b42e991fc52e"> + <topic>Mozilla -- JavaScript Object property overriding</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>144.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.4.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>144.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1989978"> + <p>There was a way to change the value of JavaScript Object + properties that were supposed to be non-writeable.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11711</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11711</url> + </references> + <dates> + <discovery>2025-10-14</discovery> + <entry>2025-10-19</entry> + </dates> + </vuln> + + <vuln vid="f7047dfc-ad02-11f0-b2aa-b42e991fc52e"> + <topic>Mozilla -- Memory disclosure</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>144.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.4.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>144.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1989899"> + <p>A compromised web process using malicious IPC messages + could have caused the privileged browser process to reveal + blocks of its memory to the compromised process.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11710</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11710</url> + </references> + <dates> + <discovery>2025-10-14</discovery> + <entry>2025-10-19</entry> + </dates> + </vuln> + + <vuln vid="b760c618-ad02-11f0-b2aa-b42e991fc52e"> + <topic>Mozilla -- Out-of-bounds reads and writes</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>144.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.4.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>144.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1989127"> + <p>A compromised web process was able to trigger out of + bounds reads and writes in a more privileged process using + manipulated WebGL textures.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11709</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11709</url> + </references> + <dates> + <discovery>2025-10-14</discovery> + <entry>2025-10-19</entry> + </dates> + </vuln> + + <vuln vid="85c17eb8-ad02-11f0-b2aa-b42e991fc52e"> + <topic>Mozilla -- Use-after-free</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>144.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.4.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>144.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1988931"> + <p>Use-after-free in MediaTrackGraphImpl::GetInstance()</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11708</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11708</url> + </references> + <dates> + <discovery>2025-10-14</discovery> + <entry>2025-10-19</entry> + </dates> + </vuln> + + <vuln vid="247bc43f-ad02-11f0-b2aa-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>144.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.4</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>144.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1973699%2C1989945%2C1990970%2C1991040%2C1992113"> + <p>Memory safety bugs. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11714</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11714</url> + </references> + <dates> + <discovery>2025-10-14</discovery> + <entry>2025-10-19</entry> + </dates> + </vuln> + + <vuln vid="20840621-ab82-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>144.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.4.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>140.4.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1983838%2C1987624%2C1988244%2C1988912%2C1989734%2C1990085%2C1991899"> + <p>Memory safety bugs. Some of these bugs showed evidence of + memory corruption and we presume that with enough effort + some of these could have been exploited to run arbitrary + code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11715</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11715</url> + </references> + <dates> + <discovery>2025-10-14</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="ed132d42-ab81-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>144.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>144.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1986816"> + <p>Memory safety bug. This bug showed evidence of memory + corruption and we presume that with enough effort this could + have been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11721</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11721</url> + </references> + <dates> + <discovery>2025-10-14</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="f3550d26-ab7d-11f0-b961-b42e991fc52e"> + <topic>Firefox -- Sandbox escape</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.3,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1987246"> + <p>Sandbox excape due to integer overflow in the Graphics: + Canvas2D component</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11152</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11152</url> + </references> + <dates> + <discovery>2025-09-30</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="7b9a8247-ab7b-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- Memory safety bugs</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>142.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.2.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>142.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1938220%2C1980730%2C1981280%2C1981283%2C1984505%2C1985067"> + <p>Some of these bugs showed evidence of memory corruption + and we presume that with enough effort some of these could + have been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10537</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10537</url> + </references> + <dates> + <discovery>2025-09-16</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="4fe6f98e-ab7b-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- Information disclosure</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>140.3.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>143.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1981502"> + <p>This vulnerability affects Firefox < 143, Firefox ESR < 140.3, + Thunderbird < 143, and Thunderbird < 140.3.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10536</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10536</url> + </references> + <dates> + <discovery>2025-09-16</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="1e8a6581-ab7b-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- spoofing</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>143.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1665334"> + <p>Spoofing issue in the Site Permission component</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10534</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10534</url> + </references> + <dates> + <discovery>2025-09-16</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="c7383de4-ab7a-11f0-b961-b42e991fc52e"> + <topic>Mozilla -- integer overflow</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>115.28.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>143.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1980788"> + <p>Integer overflow in the SVG component</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-10533</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-10533</url> + </references> + <dates> + <discovery>2025-09-16</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="511f5aac-ab46-11f0-9446-f02f7497ecda"> + <topic>minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS</topic> + <affects> + <package> + <name>minio</name> + <range><lt>RELEASE.2025-10-15T17-29-55Z</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>mino reports:</p> + <blockquote cite="https://github.com/minio/minio/security/advisories/GHSA-jjjj-jwhf-8rgr"> + <p>A privilege escalation vulnerability allows service accounts and STS + (Security Token Service) accounts with restricted session policies to + bypass their inline policy restrictions when performing "own" account + operations, specifically when creating new service accounts for the same + user.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-62506</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-62506</url> + </references> + <dates> + <discovery>2025-10-17</discovery> + <entry>2025-10-17</entry> + </dates> + </vuln> + + <vuln vid="50fd6a75-0587-4987-bef2-bb933cd78ea1"> + <topic>zeek -- information leak vulnerability</topic> + <affects> + <package> + <name>zeek</name> + <range><lt>8.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Tim Wojtulewicz of Corelight reports:</p> + <blockquote cite="INSERT URL HERE"> + <p>The KRB analyzer can leak information about hosts in + analyzed traffic via external DNS lookups.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/zeek/zeek/releases/tag/v8.0.2</url> + </references> + <dates> + <discovery>2025-10-13</discovery> + <entry>2025-10-13</entry> + </dates> + </vuln> + + <vuln vid="6dd86212-a859-11f0-bd95-b42e991fc52e"> + <topic>Firefox -- JIT miscompilation in the JavaScript Engine</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>143.0.3,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1987481"> + <p>JIT miscompilation in the JavaScript Engine: JIT + component.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11153</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-11153</url> + </references> + <dates> + <discovery>2025-09-30</discovery> + <entry>2025-10-13</entry> + </dates> + </vuln> + + <vuln vid="87fdaf3c-a5b5-11f0-98b5-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.4.0</ge><lt>18.4.2</lt></range> + <range><ge>18.3.0</ge><lt>18.3.4</lt></range> + <range><ge>5.2.0</ge><lt>18.2.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/"> + <p>Incorrect authorization issue in GraphQL mutations impacts GitLab EE</p> + <p>Denial of Service issue in GraphQL blob type impacts GitLab CE/EE</p> + <p>Missing authorization issue in manual jobs impacts GitLab CE/EE</p> + <p>Denial of Service issue in webhook endpoints impacts GitLab CE/EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11340</cvename> + <cvename>CVE-2025-10004</cvename> + <cvename>CVE-2025-9825</cvename> + <cvename>CVE-2025-2934</cvename> + <url>https://about.gitlab.com/releases/2025/10/08/patch-release-gitlab-18-4-2-released/</url> + </references> + <dates> + <discovery>2025-10-08</discovery> + <entry>2025-10-10</entry> + </dates> + </vuln> + + <vuln vid="0b5145e9-a500-11f0-a136-10ffe07f9334"> + <topic>Mailpit -- Performance information disclosure</topic> + <affects> + <package> + <name>mailpit</name> + <range><lt>1.27.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Ralph Slooten (Mailpit developer) reports:</p> + <blockquote cite="https://github.com/axllent/mailpit/releases/tag/v1.27.10"> + <p>An HTTP endpoint was found which exposed expvar runtime + information (memory usage, goroutine counts, GC behavior, + uptime and potential runtime flags) due to the Prometheus + client library dependency.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/axllent/mailpit/releases/tag/v1.27.10</url> + </references> + <dates> + <discovery>2025-10-09</discovery> + <entry>2025-10-09</entry> + </dates> + </vuln> + <vuln vid="f60c790a-a394-11f0-9617-b42e991fc52e"> <topic>Mozilla -- Incorrect boundary conditions</topic> <affects> diff --git a/security/webtunnel-tor/Makefile b/security/webtunnel-tor/Makefile index e8f1ab7cd74f..553aef51d8bf 100644 --- a/security/webtunnel-tor/Makefile +++ b/security/webtunnel-tor/Makefile @@ -1,6 +1,6 @@ PORTNAME= webtunnel PORTVERSION= 0.0.1 -PORTREVISION= 17 +PORTREVISION= 19 CATEGORIES= security net PKGNAMESUFFIX= -tor diff --git a/security/wpa_supplicant-devel/Makefile b/security/wpa_supplicant-devel/Makefile index 379d1fee6e03..537f5acf92a5 100644 --- a/security/wpa_supplicant-devel/Makefile +++ b/security/wpa_supplicant-devel/Makefile @@ -1,5 +1,6 @@ PORTNAME= wpa_supplicant PORTVERSION= ${COMMIT_DATE} +PORTREVISION= 2 CATEGORIES= security net PKGNAMESUFFIX= -devel @@ -17,6 +18,7 @@ LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/README USES= cpe gmake pkgconfig:build readline ssl +USE_LDCONFIG= yes BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant INSTALL_WRKSRC= ${WRKSRC}/src CPPFLAGS+= -Wno-incompatible-function-pointer-types @@ -43,7 +45,7 @@ OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC WPS_UPNP PKCS12 SMARTCARD \ HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \ IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \ DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \ - IEEE8021X_EAPOL EAPOL_TEST \ + IEEE8021X_EAPOL EAPOL_TEST IPV6 LIBWPA\ HS20 NO_ROAMING P2P PASN TDLS DBUS MATCH DOCS \ SIM_SIMULATOR USIM_SIMULATOR WNM MBO RSN_PREAUTH WEP OPTIONS_DEFAULT= BSD WIRED \ @@ -52,7 +54,7 @@ OPTIONS_DEFAULT= BSD WIRED \ INTERWORKING HS20 DBUS MATCH IEEE80211R IEEE80211W \ IEEE8021X_EAPOL WPS_ER WPS_NFC WPS_UPNP \ FAST PWD PAX SAKE GPSK TNC IKEV2 EKE \ - WNM MBO RSN_PREAUTH WEP PASN + WNM MBO RSN_PREAUTH WEP PASN IPV6 LIBWPA OPTIONS_SUB= WPS_DESC= Wi-Fi Protected Setup @@ -71,6 +73,7 @@ IEEE80211R_DESC= Fast BSS Transition (IEEE 802.11r-2008) IEEE80211W_DESC= Management Frame Protection (IEEE 802.11w) IEEE8021X_EAPOL_DESC= EAP over LAN support EAPOL_TEST_DESC= Development testing +IPV6_DESC= Development testing IPv6 support DEBUG_FILE_DESC= Support for writing debug log to a file DEBUG_SYSLOG_DESC= Send debug messages to syslog instead of stdout PRIVSEP_DESC= Privilege separation @@ -118,6 +121,7 @@ TNC_DESC= Trusted Network Connect WNM_DESC= Wireless Network Monitoring MBO_DESC= Multi Band Operation (Enables WNM) RSN_PREAUTH= RSN Preauthentication +LIBWPA_DESC= libwpa_client Shared Library PRIVSEP_PLIST_FILES= sbin/wpa_priv DBUS_PLIST_FILES= share/dbus-1/system-services/fi.w1.wpa_supplicant1.service \ @@ -167,7 +171,7 @@ post-patch: .endif .for simple in WPS WPS_ER WPS_NFC WPS_UPNP PKCS12 SMARTCARD HT_OVERRIDES \ VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \ - IEEE8021X_EAPOL EAPOL_TEST \ + IEEE8021X_EAPOL EAPOL_TEST IPV6 \ INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P \ PASN TDLS WNM MBO RSN_PREAUTH . if ${PORT_OPTIONS:M${simple}} diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile index a40c862c2b61..9bc1270c55f2 100644 --- a/security/wpa_supplicant/Makefile +++ b/security/wpa_supplicant/Makefile @@ -1,6 +1,6 @@ PORTNAME= wpa_supplicant PORTVERSION= 2.11 -PORTREVISION= 5 +PORTREVISION= 7 CATEGORIES= security net MASTER_SITES= https://w1.fi/releases/ @@ -12,6 +12,7 @@ LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/README USES= cpe gmake pkgconfig:build readline ssl +USE_LDCONFIG= yes BUILD_WRKSRC= ${WRKSRC}/wpa_supplicant INSTALL_WRKSRC= ${WRKSRC}/src CFLAGS+= ${CPPFLAGS} # USES=readline only augments CPPFLAGS and LDFLAGS @@ -37,15 +38,15 @@ OPTIONS_DEFINE= WPS WPS_ER WPS_NOREG WPS_NFC WPS_UPNP PKCS12 SMARTCARD \ HT_OVERRIDES VHT_OVERRIDES TLSV12 IEEE80211W \ IEEE80211R DEBUG_FILE DEBUG_SYSLOG PRIVSEP \ DELAYED_MIC IEEE80211N IEEE80211AC INTERWORKING \ - IEEE8021X_EAPOL EAPOL_TEST \ + IEEE8021X_EAPOL EAPOL_TEST IPV6 \ HS20 NO_ROAMING P2P TDLS DBUS MATCH DOCS \ - SIM_SIMULATOR USIM_SIMULATOR WEP PASN + SIM_SIMULATOR USIM_SIMULATOR WEP PASN LIBWPA OPTIONS_DEFAULT= BSD WIRED \ TLS PEAP TTLS MD5 MSCHAPV2 GTC LEAP OTP PSK \ WPS PKCS12 SMARTCARD IEEE80211R DEBUG_SYSLOG \ INTERWORKING HS20 DBUS MATCH IEEE80211R IEEE80211W \ IEEE8021X_EAPOL WPS_ER WPS_NFC WPS_UPNP \ - FAST PWD PAX SAKE GPSK TNC IKEV2 EKE WEP PASN + FAST PWD PAX SAKE GPSK TNC IKEV2 EKE WEP PASN LIBWPA IPV6 OPTIONS_SUB= WPS_DESC= Wi-Fi Protected Setup @@ -64,6 +65,7 @@ IEEE80211R_DESC= Fast BSS Transition (IEEE 802.11r-2008) IEEE80211W_DESC= Management Frame Protection (IEEE 802.11w) IEEE8021X_EAPOL_DESC= EAP over LAN support EAPOL_TEST_DESC= Development testing +IPV6_DESC= Development testing IPv6 support DEBUG_FILE_DESC= Support for writing debug log to a file DEBUG_SYSLOG_DESC= Send debug messages to syslog instead of stdout PRIVSEP_DESC= Privilege separation @@ -108,10 +110,14 @@ SAKE_DESC= Shared-Secret Authentication & Key Establishment GPSK_DESC= Generalized Pre-Shared Key TNC_DESC= Trusted Network Connect PASN_DESC= Pre-Association Security Negotiation +LIBWPA_DESC= libwpa_client Shared Library PRIVSEP_PLIST_FILES= sbin/wpa_priv DBUS_PLIST_FILES= share/dbus-1/system-services/fi.w1.wpa_supplicant1.service \ etc/dbus-1/system.d/dbus-wpa_supplicant.conf +LIBWPA_PLIST_FILES= lib/libwpa_client.so \ + lib/libwpa_client.so.2 \ + include/wpa_ctrl.h .include <bsd.port.pre.mk> @@ -154,7 +160,7 @@ post-patch: .endif .for simple in WPS WPS_ER WPS_NFC WPS_UPNP PKCS12 SMARTCARD HT_OVERRIDES \ VHT_OVERRIDES TLSV12 IEEE80211AC IEEE80211N IEEE80211R IEEE80211W \ - IEEE8021X_EAPOL EAPOL_TEST \ + IEEE8021X_EAPOL EAPOL_TEST IPV6\ INTERWORKING DEBUG_FILE DEBUG_SYSLOG HS20 NO_ROAMING PRIVSEP P2P TDLS \ PASN . if ${PORT_OPTIONS:M${simple}} @@ -190,6 +196,9 @@ post-patch: .if ${PORT_OPTIONS:MSIM_SIMULATOR} @${ECHO_CMD} CONFIG_SIM_SIMULATOR=y >> ${CFG} .endif +.if ${PORT_OPTIONS:MLIBWPA} + @${ECHO_CMD} CONFIG_BUILD_WPA_CLIENT_SO=y >> ${CFG} +.endif @${ECHO_CMD} CONFIG_OS=unix >> ${CFG} @${ECHO_CMD} CONFIG_CTRL_IFACE=unix >> ${CFG} @${ECHO_CMD} CONFIG_BACKEND=file >> ${CFG} @@ -224,4 +233,11 @@ do-install-DBUS-on: ${INSTALL_DATA} ${BUILD_WRKSRC}/dbus/dbus-wpa_supplicant.conf \ ${STAGEDIR}${PREFIX}/etc/dbus-1/system.d/ +do-install-LIBWPA-on: + ${INSTALL_LIB} ${BUILD_WRKSRC}/libwpa_client.so \ + ${STAGEDIR}${PREFIX}/lib/libwpa_client.so.2 + ${LN} -s libwpa_client.so.2 ${STAGEDIR}${PREFIX}/lib/libwpa_client.so + ${INSTALL_DATA} ${INSTALL_WRKSRC}/common/wpa_ctrl.h \ + ${STAGEDIR}${PREFIX}/include + .include <bsd.port.post.mk> diff --git a/security/wpa_supplicant/files/patch-src_common_dhcp.h b/security/wpa_supplicant/files/patch-src_common_dhcp.h index f88d1921a380..d25233a070b7 100644 --- a/security/wpa_supplicant/files/patch-src_common_dhcp.h +++ b/security/wpa_supplicant/files/patch-src_common_dhcp.h @@ -1,5 +1,5 @@ ---- src/common/dhcp.h.orig 2018-12-02 11:34:59.000000000 -0800 -+++ src/common/dhcp.h 2018-12-06 00:01:11.429254000 -0800 +--- src/common/dhcp.h.orig 2024-07-20 18:04:37 UTC ++++ src/common/dhcp.h @@ -9,6 +9,22 @@ #ifndef DHCP_H #define DHCP_H diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c index 7c22ee2a372c..6e83ddc25b46 100644 --- a/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c +++ b/security/wpa_supplicant/files/patch-src_drivers_driver__bsd.c @@ -1,5 +1,5 @@ ---- src/drivers/driver_bsd.c.orig 2024-07-20 11:04:37.000000000 -0700 -+++ src/drivers/driver_bsd.c 2025-04-07 12:47:28.984390000 -0700 +--- src/drivers/driver_bsd.c.orig 2024-07-20 18:04:37 UTC ++++ src/drivers/driver_bsd.c @@ -9,11 +9,13 @@ #include "includes.h" @@ -14,7 +14,7 @@ #include "common/wpa_common.h" #include <ifaddrs.h> -@@ -293,8 +295,9 @@ +@@ -293,8 +295,9 @@ static int } static int @@ -25,7 +25,7 @@ struct ifreq ifr; os_memset(&ifr, 0, sizeof(ifr)); -@@ -306,7 +309,34 @@ +@@ -306,7 +309,34 @@ bsd_get_iface_flags(struct bsd_driver_data *drv) return -1; } drv->flags = ifr.ifr_flags; @@ -60,7 +60,7 @@ } static int -@@ -349,6 +379,20 @@ +@@ -349,6 +379,20 @@ bsd_set_key(void *priv, struct wpa_driver_set_key_para case WPA_ALG_CCMP: wk.ik_type = IEEE80211_CIPHER_AES_CCM; break; @@ -81,7 +81,7 @@ default: wpa_printf(MSG_ERROR, "%s: unknown alg=%d", __func__, alg); return -1; -@@ -413,13 +457,34 @@ +@@ -413,13 +457,34 @@ bsd_configure_wpa(void *priv, struct wpa_bss_params *p { #ifndef IEEE80211_IOC_APPIE static const char *ciphernames[] = @@ -116,7 +116,7 @@ case WPA_CIPHER_TKIP: v = IEEE80211_CIPHER_TKIP; break; -@@ -456,8 +521,18 @@ +@@ -456,8 +521,18 @@ bsd_configure_wpa(void *priv, struct wpa_bss_params *p } v = 0; @@ -135,7 +135,7 @@ if (params->wpa_pairwise & WPA_CIPHER_TKIP) v |= 1<<IEEE80211_CIPHER_TKIP; if (params->wpa_pairwise & WPA_CIPHER_NONE) -@@ -525,7 +600,7 @@ +@@ -525,7 +600,7 @@ bsd_set_ieee8021x(void *priv, struct wpa_bss_params *p __func__); return -1; } @@ -144,7 +144,7 @@ } static void -@@ -586,6 +661,7 @@ +@@ -586,6 +661,7 @@ bsd_set_freq(void *priv, struct hostapd_freq_params *f mode = IFM_IEEE80211_11B; } else { mode = @@ -152,7 +152,7 @@ freq->ht_enabled ? IFM_IEEE80211_11NA : IFM_IEEE80211_11A; } -@@ -853,14 +929,18 @@ +@@ -853,14 +929,18 @@ bsd_wireless_event_receive(int sock, void *ctx, void * drv = bsd_get_drvindex(global, ifm->ifm_index); if (drv == NULL) return; @@ -174,7 +174,7 @@ wpa_printf(MSG_DEBUG, "RTM_IFINFO: Interface '%s' UP", drv->ifname); wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, -@@ -1027,7 +1107,8 @@ +@@ -1027,7 +1107,8 @@ bsd_init(struct hostapd_data *hapd, struct wpa_init_pa if (l2_packet_get_own_addr(drv->sock_xmit, params->own_addr)) goto bad; @@ -184,7 +184,7 @@ goto bad; if (bsd_set_mediaopt(drv, IFM_OMASK, IFM_IEEE80211_HOSTAP) < 0) { -@@ -1052,12 +1133,13 @@ +@@ -1052,12 +1133,13 @@ bsd_deinit(void *priv) { struct bsd_driver_data *drv = priv; @@ -199,7 +199,7 @@ static int bsd_set_sta_authorized(void *priv, const u8 *addr, unsigned int total_flags, unsigned int flags_or, -@@ -1199,13 +1281,41 @@ +@@ -1199,13 +1281,41 @@ static int } static int @@ -242,7 +242,7 @@ wpa_printf(MSG_DEBUG, "%s: ssid '%.*s' wpa ie len %u pairwise %u group %u key mgmt %u" -@@ -1222,7 +1332,10 @@ +@@ -1222,7 +1332,10 @@ wpa_driver_bsd_associate(void *priv, struct wpa_driver mode = 0 /* STA */; break; case IEEE80211_MODE_IBSS: @@ -253,7 +253,7 @@ break; case IEEE80211_MODE_AP: mode = IFM_IEEE80211_HOSTAP; -@@ -1251,22 +1364,31 @@ +@@ -1251,24 +1364,33 @@ wpa_driver_bsd_associate(void *priv, struct wpa_driver ret = -1; if (wpa_driver_bsd_set_auth_alg(drv, params->auth_alg) < 0) ret = -1; @@ -266,9 +266,6 @@ - params->key_mgmt_suite == WPA_KEY_MGMT_NONE && - params->wpa_ie_len == 0); - wpa_printf(MSG_DEBUG, "%s: set PRIVACY %u", __func__, privacy); -- -- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) -- return -1; + if (params->wpa_ie_len) { + rsn_ie = get_ie(params->wpa_ie, params->wpa_ie_len, + WLAN_EID_RSN); @@ -288,9 +285,7 @@ + } + } -- if (params->wpa_ie_len && -- set80211param(drv, IEEE80211_IOC_WPA, -- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) +- if (set80211param(drv, IEEE80211_IOC_PRIVACY, privacy) < 0) + /* + * NB: interface must be marked UP for association + * or scanning (ap_scan=2) @@ -298,8 +293,15 @@ + if (bsd_ctrl_iface(drv, 1) < 0) return -1; +- if (params->wpa_ie_len && +- set80211param(drv, IEEE80211_IOC_WPA, +- params->wpa_ie[0] == WLAN_EID_RSN ? 2 : 1) < 0) +- return -1; +- os_memset(&mlme, 0, sizeof(mlme)); -@@ -1311,11 +1433,8 @@ + mlme.im_op = IEEE80211_MLME_ASSOC; + if (params->ssid != NULL) +@@ -1311,11 +1433,8 @@ wpa_driver_bsd_scan(void *priv, struct wpa_driver_scan } /* NB: interface must be marked UP to do a scan */ @@ -312,7 +314,7 @@ #ifdef IEEE80211_IOC_SCAN_MAX_SSID os_memset(&sr, 0, sizeof(sr)); -@@ -1495,6 +1614,12 @@ +@@ -1495,6 +1614,12 @@ static int wpa_driver_bsd_capa(struct bsd_driver_data drv->capa.enc |= WPA_DRIVER_CAPA_ENC_TKIP; if (devcaps.dc_cryptocaps & IEEE80211_CRYPTO_AES_CCM) drv->capa.enc |= WPA_DRIVER_CAPA_ENC_CCMP; @@ -325,7 +327,7 @@ if (devcaps.dc_drivercaps & IEEE80211_C_HOSTAP) drv->capa.flags |= WPA_DRIVER_FLAGS_AP; -@@ -1547,6 +1672,8 @@ +@@ -1547,6 +1672,8 @@ get80211opmode(struct bsd_driver_data *drv) } if (ifmr.ifm_current & IFM_IEEE80211_HOSTAP) return IEEE80211_M_HOSTAP; @@ -334,7 +336,7 @@ if (ifmr.ifm_current & IFM_IEEE80211_MONITOR) return IEEE80211_M_MONITOR; #ifdef IEEE80211_M_MBSS -@@ -1607,7 +1734,7 @@ +@@ -1607,7 +1734,7 @@ wpa_driver_bsd_init(void *ctx, const char *ifname, voi drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt; /* Down interface during setup. */ @@ -343,13 +345,13 @@ goto fail; /* Proven to work, lets go! */ -@@ -1631,6 +1758,9 @@ +@@ -1630,6 +1757,9 @@ wpa_driver_bsd_deinit(void *priv) + if (drv->ifindex != 0 && !drv->if_removed) { wpa_driver_bsd_set_wpa(drv, 0); - ++ + /* NB: mark interface down */ + bsd_ctrl_iface(drv, 0); -+ + wpa_driver_bsd_set_wpa_internal(drv, drv->prev_wpa, drv->prev_privacy); - diff --git a/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c b/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c index 5c58337c4b3d..3fa5a11bd8e2 100644 --- a/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c +++ b/security/wpa_supplicant/files/patch-src_drivers_driver__ndis.c @@ -1,6 +1,6 @@ ---- src/drivers/driver_ndis.c.orig 2019-08-07 13:25:25 UTC +--- src/drivers/driver_ndis.c.orig 2024-07-20 18:04:37 UTC +++ src/drivers/driver_ndis.c -@@ -504,13 +504,13 @@ static int ndis_get_oid(struct wpa_drive +@@ -504,13 +504,13 @@ static int ndis_get_oid(struct wpa_driver_ndis_data *d o->Length = len; if (!PacketRequest(drv->adapter, FALSE, o)) { @@ -16,7 +16,7 @@ __func__, oid, (unsigned int) o->Length, len); os_free(buf); return -1; -@@ -573,7 +573,7 @@ static int ndis_set_oid(struct wpa_drive +@@ -573,7 +573,7 @@ static int ndis_set_oid(struct wpa_driver_ndis_data *d os_memcpy(o->Data, data, len); if (!PacketRequest(drv->adapter, TRUE, o)) { @@ -25,7 +25,7 @@ __func__, oid, len); os_free(buf); return -1; -@@ -1531,7 +1531,7 @@ static void wpa_driver_ndis_event_auth(s +@@ -1543,7 +1543,7 @@ static void wpa_driver_ndis_event_auth(struct wpa_driv if (data_len < sizeof(*req)) { wpa_printf(MSG_DEBUG, "NDIS: Too short Authentication Request " @@ -34,7 +34,7 @@ return; } req = (NDIS_802_11_AUTHENTICATION_REQUEST *) data; -@@ -1565,7 +1565,7 @@ static void wpa_driver_ndis_event_pmkid( +@@ -1577,7 +1577,7 @@ static void wpa_driver_ndis_event_pmkid(struct wpa_dri if (data_len < 8) { wpa_printf(MSG_DEBUG, "NDIS: Too short PMKID Candidate List " @@ -43,7 +43,7 @@ return; } pmkid = (NDIS_802_11_PMKID_CANDIDATE_LIST *) data; -@@ -1587,7 +1587,7 @@ static void wpa_driver_ndis_event_pmkid( +@@ -1599,7 +1599,7 @@ static void wpa_driver_ndis_event_pmkid(struct wpa_dri os_memset(&event, 0, sizeof(event)); for (i = 0; i < pmkid->NumCandidates; i++) { PMKID_CANDIDATE *p = &pmkid->CandidateList[i]; @@ -52,7 +52,7 @@ i, MAC2STR(p->BSSID), (int) p->Flags); os_memcpy(event.pmkid_candidate.bssid, p->BSSID, ETH_ALEN); event.pmkid_candidate.index = i; -@@ -1778,7 +1778,7 @@ static void wpa_driver_ndis_get_capabili +@@ -1790,7 +1790,7 @@ static void wpa_driver_ndis_get_capability(struct wpa_ "overflow"); break; } @@ -61,7 +61,7 @@ i, (int) ae->AuthModeSupported, (int) ae->EncryptStatusSupported); switch (ae->AuthModeSupported) { -@@ -2106,7 +2106,11 @@ static int wpa_driver_ndis_get_names(str +@@ -2118,7 +2118,11 @@ static int wpa_driver_ndis_get_names(struct wpa_driver dlen = dpos - desc; else dlen = os_strlen(desc); @@ -74,7 +74,7 @@ os_free(b); if (drv->adapter_desc == NULL) return -1; -@@ -2274,7 +2278,11 @@ static int wpa_driver_ndis_get_names(str +@@ -2286,7 +2290,11 @@ static int wpa_driver_ndis_get_names(struct wpa_driver } else { dlen = os_strlen(desc[i]); } diff --git a/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c b/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c index 2ec52fcdcd85..cd0c9a56f055 100644 --- a/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c +++ b/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c @@ -1,5 +1,5 @@ ---- src/l2_packet/l2_packet_freebsd.c.orig 2023-10-30 10:53:18.000000000 -0700 -+++ src/l2_packet/l2_packet_freebsd.c 2023-10-30 14:10:36.396969000 -0700 +--- src/l2_packet/l2_packet_freebsd.c.orig 2024-07-20 18:04:37 UTC ++++ src/l2_packet/l2_packet_freebsd.c @@ -8,7 +8,10 @@ */ diff --git a/security/wpa_supplicant/files/patch-src_utils_os__unix.c b/security/wpa_supplicant/files/patch-src_utils_os__unix.c index d3ebadbba827..3feccd7f0b28 100644 --- a/security/wpa_supplicant/files/patch-src_utils_os__unix.c +++ b/security/wpa_supplicant/files/patch-src_utils_os__unix.c @@ -1,6 +1,6 @@ ---- src/utils/os_unix.c.orig 2024-05-10 09:57:55.000000000 -0700 -+++ src/utils/os_unix.c 2024-06-01 22:18:54.999484000 -0700 -@@ -103,10 +103,12 @@ +--- src/utils/os_unix.c.orig 2024-07-20 18:04:37 UTC ++++ src/utils/os_unix.c +@@ -103,9 +103,11 @@ int os_get_reltime(struct os_reltime *t) break; #endif #ifdef CLOCK_MONOTONIC @@ -8,8 +8,7 @@ case CLOCK_MONOTONIC: clock_id = CLOCK_REALTIME; break; - #endif +#endif + #endif case CLOCK_REALTIME: return -1; - } diff --git a/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c b/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c index ee10b79e48aa..2a0e56329a07 100644 --- a/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c +++ b/security/wpa_supplicant/files/patch-src_wps_wps__upnp.c @@ -1,6 +1,6 @@ ---- src/wps/wps_upnp.c.orig 2021-03-16 13:50:10.000000000 -0700 -+++ src/wps/wps_upnp.c 2021-03-18 12:49:19.537874000 -0700 -@@ -963,7 +963,8 @@ +--- src/wps/wps_upnp.c.orig 2024-07-20 18:04:37 UTC ++++ src/wps/wps_upnp.c +@@ -963,7 +963,8 @@ int get_netif_info(const char *net_if, unsigned *ip_ad goto fail; } os_memcpy(mac, req.ifr_addr.sa_data, 6); diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile b/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile index 9f1393fb85da..1efb42a0844f 100644 --- a/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile +++ b/security/wpa_supplicant/files/patch-wpa__supplicant_Makefile @@ -1,6 +1,6 @@ ---- wpa_supplicant/Makefile.orig 2015-03-15 17:30:39 UTC +--- wpa_supplicant/Makefile.orig 2024-07-20 18:04:37 UTC +++ wpa_supplicant/Makefile -@@ -99,6 +99,14 @@ OBJS += ../src/utils/os_$(CONFIG_OS).o +@@ -140,6 +140,14 @@ OBJS_c += ../src/utils/os_$(CONFIG_OS).o OBJS_p += ../src/utils/os_$(CONFIG_OS).o OBJS_c += ../src/utils/os_$(CONFIG_OS).o @@ -15,3 +15,12 @@ ifdef CONFIG_WPA_TRACE CFLAGS += -DWPA_TRACE OBJS += ../src/utils/trace.o +@@ -2050,7 +2058,7 @@ libwpa_client.so: $(LIBCTRLSO) + + libwpa_client.so: $(LIBCTRLSO) + @$(E) " CC $@ ($^)" +- $(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -shared -fPIC $^ ++ $(Q)$(CC) $(LDFLAGS) -o $@ $(CFLAGS) -Wl,-soname,$@.2 -shared -fPIC $^ + + OBJS_wpatest := libwpa_test.o + _OBJS_VAR := OBJS_wpatest diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c b/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c index cc73ac35cd35..80a0c9d7cf1a 100644 --- a/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c +++ b/security/wpa_supplicant/files/patch-wpa__supplicant_ctrl__iface__unix.c @@ -1,6 +1,6 @@ ---- wpa_supplicant/ctrl_iface_unix.c.orig 2022-01-16 12:51:29.000000000 -0800 -+++ wpa_supplicant/ctrl_iface_unix.c 2023-11-29 08:12:07.843443000 -0800 -@@ -506,6 +506,10 @@ +--- wpa_supplicant/ctrl_iface_unix.c.orig 2024-07-20 18:04:37 UTC ++++ wpa_supplicant/ctrl_iface_unix.c +@@ -509,6 +509,10 @@ static int wpas_ctrl_iface_open_sock(struct wpa_suppli struct group *grp; char *endp; int flags; @@ -11,7 +11,7 @@ buf = os_strdup(wpa_s->conf->ctrl_interface); if (buf == NULL) -@@ -678,6 +682,22 @@ +@@ -681,6 +685,22 @@ havesock: /* Not fatal, continue on.*/ } } diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_main.c b/security/wpa_supplicant/files/patch-wpa__supplicant_main.c index 3042768f44d9..f9db90635a4c 100644 --- a/security/wpa_supplicant/files/patch-wpa__supplicant_main.c +++ b/security/wpa_supplicant/files/patch-wpa__supplicant_main.c @@ -1,6 +1,6 @@ ---- wpa_supplicant/main.c.orig 2016-11-05 20:56:30 UTC +--- wpa_supplicant/main.c.orig 2024-07-20 18:04:37 UTC +++ wpa_supplicant/main.c -@@ -66,7 +66,7 @@ static void usage(void) +@@ -67,7 +67,7 @@ static void usage(void) " -c = Configuration file\n" " -C = ctrl_interface parameter (only used if -c is not)\n" " -d = increase debugging verbosity (-dd even more)\n" @@ -9,7 +9,7 @@ " -e = entropy file\n" #ifdef CONFIG_DEBUG_FILE " -f = log output to debug file instead of stdout\n" -@@ -105,8 +105,7 @@ static void usage(void) +@@ -106,8 +106,7 @@ static void usage(void) " -W = wait for a control interface monitor before starting\n"); printf("example:\n" @@ -20,14 +20,14 @@ } @@ -199,6 +198,11 @@ int main(int argc, char *argv[]) + iface_count = 1; wpa_supplicant_fd_workaround(1); - ++ +#ifdef CONFIG_DRIVER_NDIS + void driver_ndis_init_ops(void); + driver_ndis_init_ops(); +#endif /* CONFIG_DRIVER_NDIS */ -+ + for (;;) { c = getopt(argc, argv, - "b:Bc:C:D:de:f:g:G:hi:I:KLMm:No:O:p:P:qsTtuvW"); diff --git a/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c b/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c index 42f150b3595c..8013244d9f7f 100644 --- a/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c +++ b/security/wpa_supplicant/files/patch-wpa__supplicant_wpa__supplicant.c @@ -1,6 +1,6 @@ ---- wpa_supplicant/wpa_supplicant.c.orig 2019-04-21 03:10:22.000000000 -0400 -+++ wpa_supplicant/wpa_supplicant.c 2019-05-15 22:44:44.919859000 -0400 -@@ -6357,13 +6357,6 @@ +--- wpa_supplicant/wpa_supplicant.c.orig 2024-07-20 18:04:37 UTC ++++ wpa_supplicant/wpa_supplicant.c +@@ -7983,13 +7983,6 @@ struct wpa_global * wpa_supplicant_init(struct wpa_par if (params == NULL) return NULL; diff --git a/security/xhash/Makefile b/security/xhash/Makefile index 7436f73301cb..dc1073d84ff4 100644 --- a/security/xhash/Makefile +++ b/security/xhash/Makefile @@ -1,7 +1,7 @@ PORTNAME= xhash DISTVERSIONPREFIX= v DISTVERSION= 3.6.3 -PORTREVISION= 5 +PORTREVISION= 7 CATEGORIES= security MAINTAINER= rbranco@suse.com diff --git a/security/xray-core/Makefile b/security/xray-core/Makefile index 310320cfe4ab..0257451a9cbb 100644 --- a/security/xray-core/Makefile +++ b/security/xray-core/Makefile @@ -1,7 +1,7 @@ PORTNAME= xray-core DISTVERSIONPREFIX= v DISTVERSION= 25.7.26 -PORTREVISION= 2 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= https://github.com/v2fly/geoip/releases/download/202507050144/:geoip \ https://github.com/v2fly/domain-list-community/releases/download/20250627153051/:geosite diff --git a/security/yubikey-agent/Makefile b/security/yubikey-agent/Makefile index 5c886fbca140..28bfd67a7030 100644 --- a/security/yubikey-agent/Makefile +++ b/security/yubikey-agent/Makefile @@ -1,7 +1,7 @@ PORTNAME= yubikey-agent DISTVERSIONPREFIX= v DISTVERSION= 0.1.6 -PORTREVISION= 22 +PORTREVISION= 24 CATEGORIES= security sysutils MAINTAINER= egypcio@FreeBSD.org diff --git a/security/zeek/Makefile b/security/zeek/Makefile index 15dd7d7a4249..fbdd47952775 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,5 +1,5 @@ PORTNAME= zeek -DISTVERSION= 8.0.1 +DISTVERSION= 8.0.3 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ @@ -82,8 +82,10 @@ CMAKE_ARGS= -DCARES_ROOT_DIR:PATH=${PREFIX} \ -DINSTALL_ZKG:BOOL=OFF \ -DPY_MOD_INSTALL_DIR:PATH=${PREFIX}/lib/zeekctl \ -DZEEK_ETC_INSTALL_DIR:PATH=${PREFIX}/etc \ + -DZEEK_LOG_DIR:PATH=/var/log/zeek \ -DZEEK_ROOT_DIR:PATH=${PREFIX} \ - -DZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek + -DZEEK_SCRIPT_INSTALL_PATH:PATH=${PREFIX}/share/zeek \ + -DZEEK_SPOOL_DIR:PATH=/var/spool/zeek ZEEKUSER?= zeek ZEEKGROUP?= zeek @@ -158,28 +160,26 @@ STRIP= USE_RC_SUBR= zeek .endif +post-install: + ${MV} ${STAGEDIR}${DATADIR}/site/local.zeek \ + ${STAGEDIR}${DATADIR}/site/local.zeek.sample + @${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/zeek-cut + @${RM} ${STAGEDIR}${PREFIX}/share/zeek/tests + ${LN} -s ../btest/data ${STAGEDIR}${PREFIX}/share/zeek/tests + post-install-ZEEKCTL-on: - ${MKDIR} ${STAGEDIR}${PREFIX}/logs - ${MKDIR} ${STAGEDIR}${PREFIX}/spool/tmp - ${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/auto - ${MKDIR} ${STAGEDIR}${PREFIX}/spool/installed-scripts-do-not-touch/site + ${MKDIR} ${STAGEDIR}/var/spool/zeek/installed-scripts-do-not-touch/auto + ${MKDIR} ${STAGEDIR}/var/spool/zeek/installed-scripts-do-not-touch/site .for F in zeekctl.cfg networks.cfg node.cfg ${MV} ${STAGEDIR}${PREFIX}/etc/${F} ${STAGEDIR}${PREFIX}/etc/${F}.sample .endfor + # Do this here because later zeek won't be running as root ${RM} ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh - ${LN} -s ../../../spool/zeekctl-config.sh \ + ${LN} -s ../../../../../var/spool/zeek/zeekctl-config.sh \ ${STAGEDIR}${PREFIX}/share/zeekctl/scripts/zeekctl-config.sh ${RM} ${STAGEDIR}${PREFIX}/lib/broctl ${LN} -s zeek/python/zeekctl ${STAGEDIR}${PREFIX}/lib/broctl -post-install: - ${MV} ${STAGEDIR}${DATADIR}/site/local.zeek \ - ${STAGEDIR}${DATADIR}/site/local.zeek.sample - @${RM} -rf ${STAGEDIR}${PREFIX}/var - @${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/zeek-cut - @${RM} ${STAGEDIR}${PREFIX}/share/zeek/tests - ${LN} -s ../btest/data ${STAGEDIR}${PREFIX}/share/zeek/tests - post-install-SPICY-on: @${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Archive @${RM} -rf ${STAGEDIR}${PREFIX}/include/hilti/rt/3rdparty/SafeInt/Test diff --git a/security/zeek/distinfo b/security/zeek/distinfo index cf681afb7421..8d3fd5d0c12e 100644 --- a/security/zeek/distinfo +++ b/security/zeek/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1756236375 -SHA256 (zeek-8.0.1.tar.gz) = ee916387e762345a6ffa84514cc3b66761f110d845a08b88e4a8da48db97ce8a -SIZE (zeek-8.0.1.tar.gz) = 99592537 +TIMESTAMP = 1760556081 +SHA256 (zeek-8.0.3.tar.gz) = c178a85e502835cef9584e9a5cb049b4a6abc00bd2bd3c07d4bc3466e5df6eee +SIZE (zeek-8.0.3.tar.gz) = 99613493 diff --git a/security/zeek/files/pkg-message.in b/security/zeek/files/pkg-message.in index 5b311b6cda33..ba18b01c0a45 100644 --- a/security/zeek/files/pkg-message.in +++ b/security/zeek/files/pkg-message.in @@ -35,10 +35,30 @@ EOM During deinstall of this package, the cfg files for zeekctl are not deleted if you have edited them. Instead the software will create a .sample file and the edited files will remain in place when you -upgrade. If you want to delete them, you have to remove the -%%PREFIX%%/etc directory manually. +upgrade. If you want to delete them, you have to remove +%%PREFIX%%/etc/zeekctl.cfg manually. -You may also need to manually remove %%PREFIX%%/spool/state.db +You may also need to manually remove /var/spool/state.db +EOM +} +{ type: upgrade + message: <<EOM +The default LogDir and SpoolDir have moved from %%PREFIX%% to /var. + +To migrate an existing installation to the new layout: + + - service zeek stop + + - pkg upgrade -y zeek + + - edit %%PREFIX%%/etc/zeekctl.cfg and make these changes: + + LogDir = /var/log/zeek + SpoolDir = /var/spool/zeek + + - move/create the log directory + + - service zeek deploy EOM } ] diff --git a/security/zeek/pkg-plist b/security/zeek/pkg-plist index c913e47f378d..2888ca696ecb 100644 --- a/security/zeek/pkg-plist +++ b/security/zeek/pkg-plist @@ -1,7 +1,10 @@ -@postexec chown %%ZEEKUSER%%:%%ZEEKGROUP%% %D/logs -%%ZEEKCTL%%@postexec chown %%ZEEKUSER%%:%%ZEEKGROUP%% %D/spool -%%ZEEKCTL%%@postexec chown %%ZEEKUSER%%:%%ZEEKGROUP%% %D/spool/tmp -%%ZEEKCTL%%@postexec chown -R %%ZEEKUSER%%:%%ZEEKGROUP%% %D/spool/installed-scripts-do-not-touch +@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/log/zeek +@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/spool/zeek +@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/spool/zeek/tmp +%%ZEEKCTL%%@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/spool/zeek/installed-scripts-do-not-touch +%%ZEEKCTL%%@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/spool/zeek/installed-scripts-do-not-touch/auto +%%ZEEKCTL%%@dir(%%ZEEKUSER%%,%%ZEEKGROUP%%,) /var/spool/zeek/installed-scripts-do-not-touch/site +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/state.db bin/bifcl bin/binpac %%ZEEKCTL%%bin/capstats @@ -2284,32 +2287,22 @@ share/zeek/tests %%ZEEKCTL%%share/zeekctl/scripts/set-zeek-path %%ZEEKCTL%%share/zeekctl/scripts/stats-to-csv %%ZEEKCTL%%share/zeekctl/scripts/zeekctl-config.sh -%%ZEEKCTL%%spool/zeekctl-config.sh -%%ZEEKCTL%%@preunexec rm -f %D/logs/current -%%ZEEKCTL%%@preunexec rm -f %D/spool/zeekctl.dat -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/auto/zeekctl-config.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/auto/local-networks.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/auto/standalone-layout.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local-logger.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local-manager.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local-proxy.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local-worker.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local.zeek -%%ZEEKCTL%%@preunexec rm -f %D/spool/installed-scripts-do-not-touch/site/local.zeek.sample -%%ZEEKCTL%%@preunexec rm -f %D/spool/state.db -%%ZEEKCTL%%@dir spool/tmp -%%ZEEKCTL%%@dir spool/installed-scripts-do-not-touch/site -%%ZEEKCTL%%@dir spool/installed-scripts-do-not-touch/auto -%%ZEEKCTL%%@dir spool/installed-scripts-do-not-touch -%%ZEEKCTL%%@dir spool/extract_files -%%ZEEKCTL%%@dir spool/brokerstore -%%ZEEKCTL%%@dir spool +%%ZEEKCTL%%@preunexec rm -f /var/log/zeek/current +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/zeekctl.dat +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/auto/zeekctl-config.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/auto/local-networks.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/auto/standalone-layout.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local-logger.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local-manager.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local-proxy.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local-worker.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local.zeek +%%ZEEKCTL%%@preunexec rm -f /var/spool/zeek/installed-scripts-do-not-touch/site/local.zeek.sample @dir share/man/man8 @dir share/man/man1 @dir share/man -%%ZEEKCTL%%@dir logs %%SPICY%%@dir lib/zeek/spicy @dir lib/zeek/plugins @dir include/zeek/analyzer/protocol/quic @dir include/zeek/analyzer/protocol/ldap -%%ZEEKCTL%%@postexec su -fm %%ZEEKUSER%% -c '%D/bin/zeekctl install; rm -f %D/spool/debug.log' +%%ZEEKCTL%%@postexec su -fm %%ZEEKUSER%% -c '%D/bin/zeekctl install; rm -f /var/spool/zeek/debug.log' |