diff options
Diffstat (limited to 'security')
98 files changed, 1012 insertions, 614 deletions
diff --git a/security/boringssl/Makefile b/security/boringssl/Makefile index 1cd5757ffbba..da35c8c3c48b 100644 --- a/security/boringssl/Makefile +++ b/security/boringssl/Makefile @@ -1,8 +1,8 @@ PORTNAME= boringssl -PORTVERSION= 0.0.0.0.2025.07.01.01 -PORTREVISION= 2 +PORTVERSION= 0.20250807.0 +PORTREVISION= 1 CATEGORIES= security -EXTRACT_ONLY= ${GH_ACCOUNT}-${PORTNAME}-${PORTVERSION}-${GH_TAGNAME}_GH0.tar.gz +EXTRACT_ONLY= ${GH_ACCOUNT}-${PORTNAME}-${PORTVERSION}_GH0.tar.gz MAINTAINER= osa@FreeBSD.org COMMENT= Fork of OpenSSL @@ -14,13 +14,12 @@ LICENSE_FILE= ${WRKSRC}/LICENSE USES= cmake:insource cpe go:no_targets,1.24 localbase perl5 CONFLICTS_INSTALL= libressl libressl-devel openssl openssl111 \ - openssl3[12345] openssl-quictls openssl31-quictls + openssl3[2345] openssl-quictls openssl33-quictls CPE_VENDOR= google USE_GITHUB= yes GH_ACCOUNT= google -GH_TAGNAME= f3dcc46 CMAKE_ARGS+= -DBUILD_SHARED_LIBS=1 CFLAGS_i386= -msse2 diff --git a/security/boringssl/distinfo b/security/boringssl/distinfo index 2e858a1aa0eb..e9a598fd2289 100644 --- a/security/boringssl/distinfo +++ b/security/boringssl/distinfo @@ -1,4 +1,4 @@ -TIMESTAMP = 1751480474 +TIMESTAMP = 1754855712 SHA256 (filippo.io/edwards25519/@v/v1.1.0.zip) = 9ac43a686d06fdebd719f7af3866c87eb069302272dfb131007adf471c308b65 SIZE (filippo.io/edwards25519/@v/v1.1.0.zip) = 55809 SHA256 (filippo.io/edwards25519/@v/v1.1.0.mod) = 099556fc4d7e6f5cb135efdd8b6bb4c0932e38ea058c53fc5fa5ce285572fb61 @@ -11,5 +11,5 @@ SHA256 (golang.org/x/sys/@v/v0.32.0.zip) = 85d47075d21fd7ef35d9a47fc73f2356fb3cd SIZE (golang.org/x/sys/@v/v0.32.0.zip) = 1991164 SHA256 (golang.org/x/sys/@v/v0.32.0.mod) = f67e3e18f4c08e60a7e80726ab36b691fdcea5b81ae1c696ff64caf518bcfe3d SIZE (golang.org/x/sys/@v/v0.32.0.mod) = 35 -SHA256 (google-boringssl-0.0.0.0.2025.07.01.01-f3dcc46_GH0.tar.gz) = b81478b62838ddaa32f4b304a39659ee4c858289263f73d52a3684364774f94e -SIZE (google-boringssl-0.0.0.0.2025.07.01.01-f3dcc46_GH0.tar.gz) = 46169690 +SHA256 (google-boringssl-0.20250807.0_GH0.tar.gz) = 0cd3a2ba242ead4b3365b8c66cfed4a5f3f0ae511e9c0fd627edee1252d3dbe2 +SIZE (google-boringssl-0.20250807.0_GH0.tar.gz) = 47303805 diff --git a/security/boringssl/pkg-plist b/security/boringssl/pkg-plist index f10d68ce5f6d..7f697389e1b1 100644 --- a/security/boringssl/pkg-plist +++ b/security/boringssl/pkg-plist @@ -80,6 +80,7 @@ include/openssl/rsa.h include/openssl/safestack.h include/openssl/service_indicator.h include/openssl/sha.h +include/openssl/sha2.h include/openssl/siphash.h include/openssl/slhdsa.h include/openssl/span.h diff --git a/security/ca_root_nss/Makefile b/security/ca_root_nss/Makefile index 83be0230b7e3..581eaf31b155 100644 --- a/security/ca_root_nss/Makefile +++ b/security/ca_root_nss/Makefile @@ -27,7 +27,7 @@ ETCSYMLINK_CONFLICTS_INSTALL= ca-roots-[0-9]* CERTDIR?= share/certs PLIST_SUB+= CERTDIR=${CERTDIR} -VERSION_NSS= 3.108 +VERSION_NSS= 3.115 CERTDATA_TXT_PATH= lib/ckfw/builtins/certdata.txt BUNDLE_PROCESSOR= MAca-bundle.pl diff --git a/security/ca_root_nss/distinfo b/security/ca_root_nss/distinfo index 653848f9f15e..dd0317cb9911 100644 --- a/security/ca_root_nss/distinfo +++ b/security/ca_root_nss/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1739303198 -SHA256 (nss-3.108.tar.gz) = a0f6fcb5dbadc1635b43827517a979e3a6d005d0788527802a6b31e2c5f66eec -SIZE (nss-3.108.tar.gz) = 76630022 +TIMESTAMP = 1755292668 +SHA256 (nss-3.115.tar.gz) = ac2a47fb33bd79320159144e01c0d4af9a937a2d928c7c77ff06f5d9507861ab +SIZE (nss-3.115.tar.gz) = 76656357 diff --git a/security/fizz/Makefile b/security/fizz/Makefile index d4cc9634a72a..d68034ee302b 100644 --- a/security/fizz/Makefile +++ b/security/fizz/Makefile @@ -1,6 +1,7 @@ PORTNAME= fizz DISTVERSIONPREFIX= v DISTVERSION= 2025.08.04.00 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/keepassxc/Makefile b/security/keepassxc/Makefile index 1cd13b8eb820..a9974bd60ec9 100644 --- a/security/keepassxc/Makefile +++ b/security/keepassxc/Makefile @@ -13,54 +13,58 @@ LICENSE= APACHE20 BSD3CLAUSE CC0-1.0 GPLv2 GPLv3 LGPL21 LGPL3 MIT \ LICENSE_COMB= multi LICENSE_NAME_NOKIA-LGPL-EXCEPTION= Nokia Qt LGPL Exception version 1.1 LICENSE_FILE_NOKIA-LGPL-EXCEPTION= ${WRKSRC}/LICENSE.NOKIA-LGPL-EXCEPTION -LICENSE_PERMS_NOKIA-LGPL-EXCEPTION= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept +LICENSE_PERMS_NOKIA-LGPL-EXCEPTION= dist-mirror dist-sell pkg-mirror \ + pkg-sell auto-accept BUILD_DEPENDS= asciidoctor:textproc/rubygem-asciidoctor LIB_DEPENDS= libargon2.so:security/libargon2 \ - libqrencode.so:graphics/libqrencode \ - libbotan-3.so:security/botan3 + libbotan-3.so:security/botan3 \ + libqrencode.so:graphics/libqrencode -USES= cmake compiler:c++17-lang desktop-file-utils pkgconfig qt:5 \ - readline shared-mime-info tar:xz xorg -USE_QT= concurrent core dbus gui network svg widgets buildtools:build \ - linguisttools:build qmake:build testlib:build x11extras +USES= cmake compiler:c++17-lang desktop-file-utils minizip \ + pkgconfig qt:5 readline shared-mime-info tar:xz xorg + +USE_QT= concurrent core dbus gui network svg widgets x11extras \ + buildtools:build linguisttools:build qmake:build testlib:build USE_XORG= x11 -WRKSRC= ${WRKDIR}/${DISTNAME:S/-src//} CMAKE_OFF= WITH_XC_UPDATECHECK -CONFLICTS_INSTALL= keepassx-0.* keepassx2 keepassx keepassxc276 +CONFLICTS_INSTALL= keepassx keepassx-0.* keepassx2 keepassxc276 + +WRKSRC= ${WRKDIR}/${DISTNAME:S/-src//} -OPTIONS_DEFINE= AUTOTYPE BROWSER FDOSECRETS KEESHARE NETWORKING SSHAGENT YUBIKEY TEST -OPTIONS_DEFAULT= AUTOTYPE BROWSER FDOSECRETS KEESHARE NETWORKING SSHAGENT YUBIKEY +OPTIONS_DEFINE= AUTOTYPE BROWSER FDOSECRETS KEESHARE NETWORKING \ + SSHAGENT TEST YUBIKEY +OPTIONS_DEFAULT= AUTOTYPE BROWSER FDOSECRETS KEESHARE NETWORKING \ + SSHAGENT YUBIKEY OPTIONS_SUB= yes -AUTOTYPE_CMAKE_BOOL= WITH_XC_AUTOTYPE AUTOTYPE_DESC= Auto-type passwords in input fields +BROWSER_DESC= Browser integration with KeePassXC-Browser +FDOSECRETS_DESC= freedesktop.org secrets service support +KEESHARE_DESC= Sharing integration with KeeShare +NETWORKING_DESC= Networking support (e.g. for downloading website icons) +SSHAGENT_DESC= SSH agent support +YUBIKEY_DESC= YubiKey support + AUTOTYPE_USE= XORG=xi,xtst +AUTOTYPE_CMAKE_BOOL= WITH_XC_AUTOTYPE BROWSER_CMAKE_BOOL= WITH_XC_BROWSER -BROWSER_DESC= Browser integration with KeePassXC-Browser FDOSECRETS_CMAKE_BOOL= WITH_XC_FDOSECRETS -FDOSECRETS_DESC= freedesktop.org secrets service support KEESHARE_CMAKE_BOOL= WITH_XC_KEESHARE -KEESHARE_DESC= Sharing integration with KeeShare -KEESHARE_USES= minizip -# Legacy/Deprecated. NETWORKING_CMAKE_BOOL= WITH_XC_NETWORKING -NETWORKING_DESC= Networking support (e.g. for downloading website icons) SSHAGENT_CMAKE_BOOL= WITH_XC_SSHAGENT -SSHAGENT_DESC= SSH agent support - -YUBIKEY_CMAKE_BOOL= WITH_XC_YUBIKEY -YUBIKEY_DESC= YubiKey support -YUBIKEY_LIB_DEPENDS= libpcsclite.so:devel/pcsc-lite -TEST_CMAKE_BOOL= WITH_TESTS WITH_GUI_TESTS +TEST_CMAKE_BOOL= WITH_GUI_TESTS WITH_TESTS TEST_TEST_TARGET= test +YUBIKEY_LIB_DEPENDS= libpcsclite.so:devel/pcsc-lite +YUBIKEY_CMAKE_BOOL= WITH_XC_YUBIKEY + .include <bsd.port.mk> diff --git a/security/keepassxc/files/patch-CMakeLists.txt b/security/keepassxc/files/patch-CMakeLists.txt index 38c92ebea387..2b8b5fb5c912 100644 --- a/security/keepassxc/files/patch-CMakeLists.txt +++ b/security/keepassxc/files/patch-CMakeLists.txt @@ -1,13 +1,11 @@ ---- CMakeLists.txt.orig 2024-06-19 14:32:55.000000000 -0700 -+++ CMakeLists.txt 2024-06-20 07:26:46.907481000 -0700 -@@ -575,8 +575,8 @@ +--- CMakeLists.txt.orig 2025-07-25 11:50:52 UTC ++++ CMakeLists.txt +@@ -575,7 +575,7 @@ if(WITH_XC_YUBIKEY) include_directories(SYSTEM ${PCSC_INCLUDE_DIRS}) if(UNIX AND NOT APPLE) - find_library(LIBUSB_LIBRARIES NAMES usb-1.0 REQUIRED) -- find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb-1.0" "libusb" REQUIRED) -+ find_library(LIBUSB_LIBRARIES NAMES usb REQUIRED) -+ find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb" "libusb" REQUIRED) ++ find_library(LIBUSB_LIBRARIES NAMES usb-1.0 usb REQUIRED) + find_path(LIBUSB_INCLUDE_DIR NAMES libusb.h PATH_SUFFIXES "libusb-1.0" "libusb" REQUIRED) include_directories(SYSTEM ${LIBUSB_INCLUDE_DIR}) endif() - endif() diff --git a/security/keepassxc/files/patch-src_thirdparty_ykcore_CMakeLists.txt b/security/keepassxc/files/patch-src_thirdparty_ykcore_CMakeLists.txt index af4cb68d5d09..28106f838730 100644 --- a/security/keepassxc/files/patch-src_thirdparty_ykcore_CMakeLists.txt +++ b/security/keepassxc/files/patch-src_thirdparty_ykcore_CMakeLists.txt @@ -1,8 +1,8 @@ ---- src/thirdparty/ykcore/CMakeLists.txt.orig 2022-03-21 22:47:20 UTC +--- src/thirdparty/ykcore/CMakeLists.txt.orig 2025-03-02 22:31:21 UTC +++ src/thirdparty/ykcore/CMakeLists.txt -@@ -27,7 +27,7 @@ elseif(UNIX AND NOT APPLE)
- elseif(UNIX AND NOT APPLE)
- target_sources(ykcore PRIVATE ykcore_libusb-1.0.c)
+@@ -29,7 +29,7 @@ elseif(UNIX AND NOT APPLE)
+
+ find_package(Threads REQUIRED)
- find_library(LIBUSB_LIBRARY NAMES usb-1.0)
+ find_library(LIBUSB_LIBRARY NAMES usb-1.0 usb)
diff --git a/security/keysmith/distinfo b/security/keysmith/distinfo index 32a474b7923f..35f288229720 100644 --- a/security/keysmith/distinfo +++ b/security/keysmith/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751381646 -SHA256 (KDE/release-service/25.04.3/keysmith-25.04.3.tar.xz) = 7c823ac8a6f7d70dfb0d2b8a5c4bbca5c0bfa43959671776d0178c4e5969ae90 -SIZE (KDE/release-service/25.04.3/keysmith-25.04.3.tar.xz) = 237392 +TIMESTAMP = 1754646550 +SHA256 (KDE/release-service/25.08.0/keysmith-25.08.0.tar.xz) = 0e5f21ebffb21856e22dfd2fa961f5d14c5c565a88002a32ce1f4117bad60987 +SIZE (KDE/release-service/25.08.0/keysmith-25.08.0.tar.xz) = 237728 diff --git a/security/kf6-kdesu/distinfo b/security/kf6-kdesu/distinfo index 52e78e907b29..8c98e35c7322 100644 --- a/security/kf6-kdesu/distinfo +++ b/security/kf6-kdesu/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752529520 -SHA256 (KDE/frameworks/6.16/kdesu-6.16.0.tar.xz) = f9cbfae88596cfd00b269744c89a042dfbc048273e35f1c7e158429db55c8d68 -SIZE (KDE/frameworks/6.16/kdesu-6.16.0.tar.xz) = 57016 +TIMESTAMP = 1754127975 +SHA256 (KDE/frameworks/6.17/kdesu-6.17.0.tar.xz) = 666899ad546b7bd002e3fc1697032f8920ce7261df2ef519e81d4aae91971123 +SIZE (KDE/frameworks/6.17/kdesu-6.17.0.tar.xz) = 57012 diff --git a/security/kgpg/distinfo b/security/kgpg/distinfo index d651c8c80ffd..e639670f58dd 100644 --- a/security/kgpg/distinfo +++ b/security/kgpg/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751381649 -SHA256 (KDE/release-service/25.04.3/kgpg-25.04.3.tar.xz) = 3f2ec6dc5b1221908730066274bd0d2f6efe5c04c2a79b720cb25dce547e0e4e -SIZE (KDE/release-service/25.04.3/kgpg-25.04.3.tar.xz) = 3048996 +TIMESTAMP = 1754646553 +SHA256 (KDE/release-service/25.08.0/kgpg-25.08.0.tar.xz) = c343f27b1d024a9497d6df81439fdfc5a6d13016725a225d7a1d195fdb002427 +SIZE (KDE/release-service/25.08.0/kgpg-25.08.0.tar.xz) = 3049812 diff --git a/security/kleopatra/Makefile b/security/kleopatra/Makefile index afa65c5857a7..82203c6914d6 100644 --- a/security/kleopatra/Makefile +++ b/security/kleopatra/Makefile @@ -2,11 +2,6 @@ PORTNAME= kleopatra DISTVERSION= ${KDE_APPLICATIONS_VERSION} CATEGORIES= security kde kde-applications -PATCH_SITES= https://invent.kde.org/pim/kleopatra/-/commit/ -PATCHFILES+= 10b618703d74618c09b5e2b16e2db9d829aed93b.patch:-p1 # Prep for Qgpgme 2.0.0 -PATCHFILES+= b1f3736de7ed3c2d4f58aa454064a4cd0f423250.patch:-p1 # Prep for Qgpgme 2.0.0 -PATCHFILES+= d4f777ffa137148302ca39d5a2238c01c896605d.patch:-p1 # Prep for Qgpgme 2.0.0 - MAINTAINER= kde@FreeBSD.org COMMENT= Certificate manager for KDE WWW= https://www.kde.org/applications/utilities/kleopatra/ diff --git a/security/kleopatra/distinfo b/security/kleopatra/distinfo index 3462d27fed3b..4264a1a02270 100644 --- a/security/kleopatra/distinfo +++ b/security/kleopatra/distinfo @@ -1,9 +1,3 @@ -TIMESTAMP = 1751381652 -SHA256 (KDE/release-service/25.04.3/kleopatra-25.04.3.tar.xz) = 7c9ad9d10cd368d58cdadd41f78b8a41853b8cd2b15eb55472f3b5ce707ad1c2 -SIZE (KDE/release-service/25.04.3/kleopatra-25.04.3.tar.xz) = 2850224 -SHA256 (KDE/release-service/25.04.3/10b618703d74618c09b5e2b16e2db9d829aed93b.patch) = 75f5c94d85eadad74dcef21f66c019946217a051a9e8b90803d5eceaadb3fcd4 -SIZE (KDE/release-service/25.04.3/10b618703d74618c09b5e2b16e2db9d829aed93b.patch) = 1241 -SHA256 (KDE/release-service/25.04.3/b1f3736de7ed3c2d4f58aa454064a4cd0f423250.patch) = c2796b58683b07eabeae48a517192460c474a1722d7022e796b94df6553d933d -SIZE (KDE/release-service/25.04.3/b1f3736de7ed3c2d4f58aa454064a4cd0f423250.patch) = 1585 -SHA256 (KDE/release-service/25.04.3/d4f777ffa137148302ca39d5a2238c01c896605d.patch) = 0120d812f9a57cbd4a5a2718fbbc9acef090841701cb2c6b4f11a596986840e6 -SIZE (KDE/release-service/25.04.3/d4f777ffa137148302ca39d5a2238c01c896605d.patch) = 1573 +TIMESTAMP = 1754646555 +SHA256 (KDE/release-service/25.08.0/kleopatra-25.08.0.tar.xz) = f3cba816041732ed915e4941f728f04ef9cb3129f31d845bfe8df3f4e0f0b3db +SIZE (KDE/release-service/25.08.0/kleopatra-25.08.0.tar.xz) = 2861400 diff --git a/security/kpkpass/distinfo b/security/kpkpass/distinfo index 0a1d98b0270a..ee3a7ed3c2ea 100644 --- a/security/kpkpass/distinfo +++ b/security/kpkpass/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751381655 -SHA256 (KDE/release-service/25.04.3/kpkpass-25.04.3.tar.xz) = 68a9a069cd2ed7c911b6c4a515feec75a88507a445294d5a5391bbb8030081de -SIZE (KDE/release-service/25.04.3/kpkpass-25.04.3.tar.xz) = 29684 +TIMESTAMP = 1754646557 +SHA256 (KDE/release-service/25.08.0/kpkpass-25.08.0.tar.xz) = 2ee2a25ff90f23026dd687e2b62ac1a908c1c55fdf685a42583d67472a1badbb +SIZE (KDE/release-service/25.08.0/kpkpass-25.08.0.tar.xz) = 31868 diff --git a/security/krb5-122/Makefile b/security/krb5-122/Makefile index 08ee5eb50c71..f68506489590 100644 --- a/security/krb5-122/Makefile +++ b/security/krb5-122/Makefile @@ -3,7 +3,7 @@ PORTVERSION= 1.22 CATEGORIES= security MASTER_SITES= http://web.mit.edu/kerberos/dist/${PORTNAME}/${PORTVERSION:C/^[0-9]*\.[0-9]*/&X/:C/X\.[0-9]*$//:C/X//}/ .if !defined(MASTERDIR) -PKGNAME_X= -${FLAVOR:S/default//}-121 +PKGNAME_X= -${FLAVOR:S/default//}-122 .else PKGNAME_X= -${FLAVOR:S/default//} .endif diff --git a/security/krb5-devel/Makefile b/security/krb5-devel/Makefile index 426d14533066..3d978d02618f 100644 --- a/security/krb5-devel/Makefile +++ b/security/krb5-devel/Makefile @@ -8,8 +8,8 @@ PKGNAME_X= -${FLAVOR:S/default//} .endif PKGNAMESUFFIX= ${PKGNAME_X:S/--/-/:C/-$//} -HASH= 820a7277e -MIT_COMMIT_DATE= 2025.08.01 +HASH= f458ddf03 +MIT_COMMIT_DATE= 2025.08.11 PATCH_SITES= http://web.mit.edu/kerberos/advisories/ PATCH_DIST_STRIP= -p2 diff --git a/security/krb5-devel/distinfo b/security/krb5-devel/distinfo index 442184bd4eed..dc8d9cde94ff 100644 --- a/security/krb5-devel/distinfo +++ b/security/krb5-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1754464954 -SHA256 (krb5-krb5-1.22.2025.08.01-820a7277e_GH0.tar.gz) = 5cd6af2f2ae1c88a95d2b2615e710f20b9f626693fd8ca417e0b5735bed3d010 -SIZE (krb5-krb5-1.22.2025.08.01-820a7277e_GH0.tar.gz) = 4677042 +TIMESTAMP = 1755218758 +SHA256 (krb5-krb5-1.22.2025.08.11-f458ddf03_GH0.tar.gz) = 5e689d186e0520ef6f2fea0e539ac4d24535fc41e664698815230b445bd7f821 +SIZE (krb5-krb5-1.22.2025.08.11-f458ddf03_GH0.tar.gz) = 4676985 diff --git a/security/kwalletmanager/distinfo b/security/kwalletmanager/distinfo index 0f541d8d4a38..84d27d4eab2b 100644 --- a/security/kwalletmanager/distinfo +++ b/security/kwalletmanager/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751381657 -SHA256 (KDE/release-service/25.04.3/kwalletmanager-25.04.3.tar.xz) = 25b66d8e3da9548ecb0236fd0cfc50d6e98a385ca2092d6565f75a753f3229ea -SIZE (KDE/release-service/25.04.3/kwalletmanager-25.04.3.tar.xz) = 1053004 +TIMESTAMP = 1754646560 +SHA256 (KDE/release-service/25.08.0/kwalletmanager-25.08.0.tar.xz) = 0110bbc55733392f49d2de333082d29c1929a1073af27799f6c277289c8359a3 +SIZE (KDE/release-service/25.08.0/kwalletmanager-25.08.0.tar.xz) = 1052868 diff --git a/security/lasso/Makefile b/security/lasso/Makefile index b8cbb53f54e1..8f1593af9858 100644 --- a/security/lasso/Makefile +++ b/security/lasso/Makefile @@ -1,16 +1,8 @@ PORTNAME= lasso -PORTVERSION= 2.8.2 -PORTREVISION= 2 +DISTVERSION= 2.9.0 CATEGORIES= security MASTER_SITES= https://dev.entrouvert.org/releases/lasso/ -PATCH_SITES= https://git.entrouvert.org/entrouvert/lasso/commit/ -PATCHFILES= 46caef81855e58629516f09b101e40bf8778981d.patch:-p1 \ - 1ca8e8699ce1ed072f99ed881a7348f9a78b1e1f.patch:-p1 \ - 66c9f50f1f6b00d621a9a0ca2f924875f94d14ae.patch:-p1 \ - 21c224cfefa1018be9e40fab9a7e36865bf4d0d6.patch:-p1 \ - 3768f1bedf1502a54634195dbb88e5a54869d9b9.patch:-p1 - MAINTAINER= bofh@FreeBSD.org COMMENT= Free Liberty Alliance Implementation WWW= https://lasso.entrouvert.org/ @@ -33,8 +25,13 @@ CONFIGURE_ARGS= --disable-java \ --disable-php5 \ --with-zlib +BINARY_ALIAS= make=${GMAKE} + INSTALL_TARGET= install-strip +SOLIB= 3.16.0 +PLIST_SUB= SOLIB=${SOLIB} + OPTIONS_DEFINE= DOCS PERL PYTHON OPTIONS_SUB= yes @@ -42,17 +39,8 @@ PERL_USES= perl5 PERL_CONFIGURE_ENABLE= perl PYTHON_CONFIGURE_ENABLE= python -.include <bsd.port.options.mk> - -.if ${OPSYS} == FreeBSD -CFLAGS+= -Wno-error=int-conversion -Wno-error=incompatible-function-pointer-types -.endif - post-patch: @${REINPLACE_CMD} -E 's,(xmlsec1-openssl >= 1\.2\.6) openssl,\1,' \ ${CONFIGURE_WRKSRC}/configure -# Fix build with new xmlsec1 as this function was deprecated - @${REINPLACE_CMD} -e 's|BAD_CAST XMLSEC_CRYPTO|BAD_CAST xmlSecGetDefaultCrypto()|g' \ - ${WRKSRC}/lasso/lasso.c .include <bsd.port.mk> diff --git a/security/lasso/distinfo b/security/lasso/distinfo index 11510da7d298..2fb7ab9fe6b8 100644 --- a/security/lasso/distinfo +++ b/security/lasso/distinfo @@ -1,13 +1,3 @@ -TIMESTAMP = 1731049457 -SHA256 (lasso-2.8.2.tar.gz) = 6a1831bfdbf8f424c7508aba47b045d51341ec0fde9122f38b0b86b096ef533e -SIZE (lasso-2.8.2.tar.gz) = 4023587 -SHA256 (46caef81855e58629516f09b101e40bf8778981d.patch) = 7488edb10ee44c841fd569c8d2cd54954e3392b787d26575284da2b0cefa7830 -SIZE (46caef81855e58629516f09b101e40bf8778981d.patch) = 710 -SHA256 (1ca8e8699ce1ed072f99ed881a7348f9a78b1e1f.patch) = 528f544f9955a5c04e1b65539a0f4eb0da979a444617a4ca2e63ffe2eb03c00b -SIZE (1ca8e8699ce1ed072f99ed881a7348f9a78b1e1f.patch) = 657 -SHA256 (66c9f50f1f6b00d621a9a0ca2f924875f94d14ae.patch) = bb11e0532b86f956144117cd7ab66c8ec4701c41915f217060965abfadd4e77d -SIZE (66c9f50f1f6b00d621a9a0ca2f924875f94d14ae.patch) = 1794 -SHA256 (21c224cfefa1018be9e40fab9a7e36865bf4d0d6.patch) = 3277e6e32540c80077347fbed01afcaacacb0df0a5c50d5a80a8bcd1afbcb540 -SIZE (21c224cfefa1018be9e40fab9a7e36865bf4d0d6.patch) = 2227 -SHA256 (3768f1bedf1502a54634195dbb88e5a54869d9b9.patch) = afa47c582976bfe4a58993abf401f3b5a6bea9805a5f17ac69d2e3f9a6d4abee -SIZE (3768f1bedf1502a54634195dbb88e5a54869d9b9.patch) = 1619 +TIMESTAMP = 1755074639 +SHA256 (lasso-2.9.0.tar.gz) = 63816c8219df48cdefeccb1acb35e04014ca6395b5263c70aacd5470ea95c351 +SIZE (lasso-2.9.0.tar.gz) = 4053813 diff --git a/security/lasso/files/patch-bindings_perl_Makefile.in b/security/lasso/files/patch-bindings_perl_Makefile.in index 2d62565cd050..9044b3d1c77b 100644 --- a/security/lasso/files/patch-bindings_perl_Makefile.in +++ b/security/lasso/files/patch-bindings_perl_Makefile.in @@ -1,53 +1,10 @@ ---- bindings/perl/Makefile.in.orig 2023-02-28 15:54:51 UTC +--- bindings/perl/Makefile.in.orig 2025-08-13 08:50:13 UTC +++ bindings/perl/Makefile.in -@@ -122,11 +122,11 @@ am__v_GEN_0 = @echo " GEN " $@; - AM_V_GEN = $(am__v_GEN_@AM_V@) - am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) - am__v_GEN_0 = @echo " GEN " $@; --am__v_GEN_1 = -+am__v_GEN_1 = - AM_V_at = $(am__v_at_@AM_V@) - am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) - am__v_at_0 = @ --am__v_at_1 = -+am__v_at_1 = - SOURCES = - DIST_SOURCES = - am__can_run_installinfo = \ -@@ -572,7 +572,7 @@ CLEANFILES = Lasso.pm Lasso.xs Lasso.so typemap Lasso. - MAINTAINERCLEANFILES = Makefile.in - DISTCLEANFILES = __init__.pyc lang.pyc Makefile.perl.old - CLEANFILES = Lasso.pm Lasso.xs Lasso.so typemap Lasso.o Lasso.bs pm_to_blib Lasso.c --LASSO_XS_CFLAGS = -fno-strict-aliasing $(LASSO_CFLAGS) $(LASSO_CORE_CFLAGS) $(PERL_CFLAGS) $(AM_CFLAGS) -Wno-unused-but-set-variable -+LASSO_XS_CFLAGS = -fno-strict-aliasing $(LASSO_CFLAGS) $(LASSO_CORE_CFLAGS) $(PERL_CFLAGS) $(AM_CFLAGS) - TESTS_ENVIRONMENT = TOP_SRCDIR=$(top_srcdir) - TESTS = test.sh - @PERL_ENABLED_TRUE@AM_CPPFLAGS = \ -@@ -750,7 +750,7 @@ $(TEST_SUITE_LOG): $(TEST_LOGS) - fi; \ - $$success || exit 1 - --check-TESTS: -+check-TESTS: - @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list - @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) -@@ -760,7 +760,7 @@ check-TESTS: - log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ - $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ - exit $$?; --recheck: all -+recheck: all - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - @set +e; $(am__set_TESTS_bases); \ - bases=`for i in $$bases; do echo $$i; done \ -@@ -964,7 +964,8 @@ uninstall-am: uninstall-local - @PERL_ENABLED_TRUE@ done; \ +@@ -999,6 +999,7 @@ uninstall-am: uninstall-local @PERL_ENABLED_TRUE@ chmod -R u+rwX $(TOCOPY); \ @PERL_ENABLED_TRUE@ fi; --@PERL_ENABLED_TRUE@ $(AM_V_SUBMAKE) $(PERL) Makefile.PL INSTALLDIRS=vendor DESTDIR=$(DESTDIR) PREFIX=$(prefix) CCFLAGS="$(LASSO_XS_CFLAGS)" INC="-I. -I$(top_srcdir) -I$(srcdir)" LIBS="`$(top_builddir)/lasso-src-config --libs` $(LDFLAGS)" OPTIMIZE="-g" $(AM_V_SUBMAKE_POSTFIX) -+@PERL_ENABLED_TRUE@ $(AM_V_SUBMAKE) $(PERL) Makefile.PL CCFLAGS="$(LASSO_XS_CFLAGS)" INC="-I. -I$(top_srcdir) -I$(srcdir)" LIBS="`$(top_builddir)/lasso-src-config --libs`" OPTIMIZE="-g" $(AM_V_SUBMAKE_POSTFIX) -+ + @PERL_ENABLED_TRUE@ $(AM_V_SUBMAKE) $(PERL) Makefile.PL INSTALLDIRS=vendor DESTDIR=$(DESTDIR) PREFIX=$(prefix) CCFLAGS="$(LASSO_XS_CFLAGS)" INC="-I. -I$(top_srcdir) -I$(srcdir)" LIBS="`$(top_builddir)/lasso-src-config --libs` $(LDFLAGS)" OPTIMIZE="-g" $(AM_V_SUBMAKE_POSTFIX) ++@PERL_ENABLED_TRUE@ $(AM_V_SUBMAKE) $(PERL) Makefile.PL CCFLAGS="$(LASSO_XS_CFLAGS)" INC="-I. -I$(top_srcdir) -I$(srcdir)" LIBS="`$(top_builddir)/lasso-src-config --libs`" OPTIMIZE="-g" $(AM_V_SUBMAKE_POSTFIX) @PERL_ENABLED_TRUE@Lasso.xs Lasso.pm: lang.py typemap-in typemap-out @PERL_ENABLED_TRUE@ $(AM_V_GEN) $(PYTHON) $(top_srcdir)/bindings/bindings.py -l perl --src-dir=$(top_srcdir)/lasso/ $(EXTRA_ARGS) diff --git a/security/lasso/files/patch-bindings_php5_Makefile.in b/security/lasso/files/patch-bindings_php5_Makefile.in deleted file mode 100644 index 3aa6801a3236..000000000000 --- a/security/lasso/files/patch-bindings_php5_Makefile.in +++ /dev/null @@ -1,12 +0,0 @@ ---- bindings/php5/Makefile.in.orig 2024-11-08 07:04:20 UTC -+++ bindings/php5/Makefile.in -@@ -500,8 +500,7 @@ lasso_la_CFLAGS = -fno-strict-aliasing $(LASSO_CORE_CF - php_config_DATA = lasso.ini - lasso_la_CFLAGS = -fno-strict-aliasing $(LASSO_CORE_CFLAGS) \ - -I$(top_srcdir) -I$(top_builddir) $(PHP5_INCLUDES) \ -- $(AM_CFLAGS) -Wno-unused-parameter -Wno-sign-compare # problem \ -- in zend.h -+ $(AM_CFLAGS) -Wno-unused-parameter -Wno-sign-compare # problem in zend.h - lasso_la_LDFLAGS = -export-dynamic -prefer-pic -module -avoid-version - lasso_la_LIBADD = $(top_builddir)/lasso/liblasso.la $(LASSO_LIBS) $(PHP5_LDFLAGS) - nodist_lasso_la_SOURCES = _lasso.c diff --git a/security/lasso/files/patch-lasso_xml_saml-2.0_samlp2__logout__request.c b/security/lasso/files/patch-lasso_xml_saml-2.0_samlp2__logout__request.c deleted file mode 100644 index e05fe42f9f09..000000000000 --- a/security/lasso/files/patch-lasso_xml_saml-2.0_samlp2__logout__request.c +++ /dev/null @@ -1,17 +0,0 @@ ---- lasso/xml/saml-2.0/samlp2_logout_request.c.orig 2024-11-08 07:04:30 UTC -+++ lasso/xml/saml-2.0/samlp2_logout_request.c -@@ -128,14 +128,10 @@ get_xmlNode(LassoNode *node, gboolean lasso_dump) - lasso_foreach(it, other_session_index) { - xmlNode *child = xmlSecAddChild(xmlnode, BAD_CAST SESSION_INDEX, - BAD_CAST LASSO_SAML2_PROTOCOL_HREF); --#if (XMLSEC_MAJOR > 1) || (XMLSEC_MAJOR == 1 && XMLSEC_MINOR > 2) || (XMLSEC_MAJOR == 1 && XMLSEC_MINOR == 2 && XMLSEC_SUBMINOR > 12) -- xmlSecNodeEncodeAndSetContent(child, BAD_CAST it->data); --#else - xmlChar *content; - content = xmlEncodeSpecialChars(child->doc, BAD_CAST it->data); - xmlNodeSetContent(child, content); - xmlFree(content); --#endif - } - ((LassoSamlp2LogoutRequest*)node)->SessionIndex = keep_session_index; - lasso_release_list_of_strings(other_session_index); diff --git a/security/lasso/pkg-plist b/security/lasso/pkg-plist index 6cec03ed1621..7d99ecdc1613 100644 --- a/security/lasso/pkg-plist +++ b/security/lasso/pkg-plist @@ -172,5 +172,5 @@ include/lasso/xml/xml_enc.h lib/liblasso.a lib/liblasso.so lib/liblasso.so.3 -lib/liblasso.so.3.15.2 +lib/liblasso.so.%%SOLIB%% libdata/pkgconfig/lasso.pc diff --git a/security/lego/Makefile b/security/lego/Makefile index 50563d9bb779..cdc574d87bc1 100644 --- a/security/lego/Makefile +++ b/security/lego/Makefile @@ -1,7 +1,6 @@ PORTNAME= lego DISTVERSIONPREFIX= v -DISTVERSION= 4.25.1 -PORTREVISION= 1 +DISTVERSION= 4.25.2 CATEGORIES= security MAINTAINER= matt@matthoran.com diff --git a/security/lego/distinfo b/security/lego/distinfo index 38327b4fc1b1..c7efe10364c1 100644 --- a/security/lego/distinfo +++ b/security/lego/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1753224987 -SHA256 (go/security_lego/lego-v4.25.1/v4.25.1.mod) = d4a62b1d418a18edeb1389150c8d2b6726ce7dd8fb4b4f17958562a5e0136884 -SIZE (go/security_lego/lego-v4.25.1/v4.25.1.mod) = 10758 -SHA256 (go/security_lego/lego-v4.25.1/v4.25.1.zip) = 3227df424f99eabfb24cba0a636fb710a5084212fd9051385a63fea6c9f7321b -SIZE (go/security_lego/lego-v4.25.1/v4.25.1.zip) = 1562186 +TIMESTAMP = 1754576407 +SHA256 (go/security_lego/lego-v4.25.2/v4.25.2.mod) = d4a62b1d418a18edeb1389150c8d2b6726ce7dd8fb4b4f17958562a5e0136884 +SIZE (go/security_lego/lego-v4.25.2/v4.25.2.mod) = 10758 +SHA256 (go/security_lego/lego-v4.25.2/v4.25.2.zip) = ecf3cd5c1056d13a6a0d7f841834df8492c7a0877d4934cfade0dbdddfc6d551 +SIZE (go/security_lego/lego-v4.25.2/v4.25.2.zip) = 1562189 diff --git a/security/libgcrypt/Makefile b/security/libgcrypt/Makefile index ce6a12016303..51d5823b6d49 100644 --- a/security/libgcrypt/Makefile +++ b/security/libgcrypt/Makefile @@ -1,5 +1,5 @@ PORTNAME= libgcrypt -DISTVERSION= 1.11.1 +DISTVERSION= 1.11.2 CATEGORIES= security MASTER_SITES= GNUPG diff --git a/security/libgcrypt/distinfo b/security/libgcrypt/distinfo index 887341684d62..55cba79dd5d5 100644 --- a/security/libgcrypt/distinfo +++ b/security/libgcrypt/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1746795683 -SHA256 (libgcrypt-1.11.1.tar.bz2) = 24e91c9123a46c54e8371f3a3a2502f1198f2893fbfbf59af95bc1c21499b00e -SIZE (libgcrypt-1.11.1.tar.bz2) = 4233557 +TIMESTAMP = 1754803260 +SHA256 (libgcrypt-1.11.2.tar.bz2) = 6ba59dd192270e8c1d22ddb41a07d95dcdbc1f0fb02d03c4b54b235814330aac +SIZE (libgcrypt-1.11.2.tar.bz2) = 4237802 diff --git a/security/libgcrypt/pkg-plist b/security/libgcrypt/pkg-plist index f68d1412bd9f..657968ff3ac0 100644 --- a/security/libgcrypt/pkg-plist +++ b/security/libgcrypt/pkg-plist @@ -6,7 +6,7 @@ include/gcrypt.h %%STATIC%%lib/libgcrypt.a lib/libgcrypt.so lib/libgcrypt.so.20 -lib/libgcrypt.so.20.5.1 +lib/libgcrypt.so.20.6.0 libdata/pkgconfig/libgcrypt.pc share/man/man1/hmac256.1.gz share/aclocal/libgcrypt.m4 diff --git a/security/libkleo/distinfo b/security/libkleo/distinfo index 7d0f179e2181..e75aa8c676d4 100644 --- a/security/libkleo/distinfo +++ b/security/libkleo/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751381660 -SHA256 (KDE/release-service/25.04.3/libkleo-25.04.3.tar.xz) = 7c9b334b226c990d5193b2e66a3ce8de1c5ea6c2afc9175280e6f44d02a7caa8 -SIZE (KDE/release-service/25.04.3/libkleo-25.04.3.tar.xz) = 655108 +TIMESTAMP = 1754646562 +SHA256 (KDE/release-service/25.08.0/libkleo-25.08.0.tar.xz) = 20c9553c7652f8bc59949cf4b92711c7b0e5a486fc4b10d851346439056d2bd4 +SIZE (KDE/release-service/25.08.0/libkleo-25.08.0.tar.xz) = 663320 diff --git a/security/libkleo/pkg-plist b/security/libkleo/pkg-plist index a896f4faa23f..25a2223e34e3 100644 --- a/security/libkleo/pkg-plist +++ b/security/libkleo/pkg-plist @@ -1,5 +1,6 @@ etc/xdg/libkleopatrarc include/KPim6/Libkleo/Libkleo/Algorithm +include/KPim6/Libkleo/Libkleo/ApplicationPaletteWatcher include/KPim6/Libkleo/Libkleo/Assuan include/KPim6/Libkleo/Libkleo/AuditLogEntry include/KPim6/Libkleo/Libkleo/AuditLogViewer @@ -16,6 +17,7 @@ include/KPim6/Libkleo/Libkleo/DefaultKeyFilter include/KPim6/Libkleo/Libkleo/DefaultKeyGenerationJob include/KPim6/Libkleo/Libkleo/DirectoryServicesWidget include/KPim6/Libkleo/Libkleo/Dn +include/KPim6/Libkleo/Libkleo/DnAttributes include/KPim6/Libkleo/Libkleo/DocAction include/KPim6/Libkleo/Libkleo/EditDirectoryServiceDialog include/KPim6/Libkleo/Libkleo/Enum @@ -70,13 +72,13 @@ include/KPim6/Libkleo/Libkleo/SystemInfo include/KPim6/Libkleo/Libkleo/Test include/KPim6/Libkleo/Libkleo/TreeView include/KPim6/Libkleo/Libkleo/TreeWidget -include/KPim6/Libkleo/Libkleo/UniqueLock include/KPim6/Libkleo/Libkleo/UserIDListModel include/KPim6/Libkleo/Libkleo/UserIDListProxyModel include/KPim6/Libkleo/Libkleo/UserIDProxyModel include/KPim6/Libkleo/Libkleo/UserIDSelectionCombo include/KPim6/Libkleo/Libkleo/Validation include/KPim6/Libkleo/libkleo/algorithm.h +include/KPim6/Libkleo/libkleo/applicationpalettewatcher.h include/KPim6/Libkleo/libkleo/assuan.h include/KPim6/Libkleo/libkleo/auditlogentry.h include/KPim6/Libkleo/libkleo/auditlogviewer.h @@ -94,6 +96,7 @@ include/KPim6/Libkleo/libkleo/defaultkeygenerationjob.h include/KPim6/Libkleo/libkleo/directoryserviceswidget.h include/KPim6/Libkleo/libkleo/dn.h include/KPim6/Libkleo/libkleo/dnattributeorderconfigwidget.h +include/KPim6/Libkleo/libkleo/dnattributes.h include/KPim6/Libkleo/libkleo/docaction.h include/KPim6/Libkleo/libkleo/editdirectoryservicedialog.h include/KPim6/Libkleo/libkleo/enum.h @@ -150,7 +153,6 @@ include/KPim6/Libkleo/libkleo/systeminfo.h include/KPim6/Libkleo/libkleo/test.h include/KPim6/Libkleo/libkleo/treeview.h include/KPim6/Libkleo/libkleo/treewidget.h -include/KPim6/Libkleo/libkleo/uniquelock.h include/KPim6/Libkleo/libkleo/useridlistmodel.h include/KPim6/Libkleo/libkleo/useridlistproxymodel.h include/KPim6/Libkleo/libkleo/useridproxymodel.h @@ -191,6 +193,7 @@ share/locale/fr/LC_MESSAGES/libkleopatra6.mo share/locale/fy/LC_MESSAGES/libkleopatra6.mo share/locale/ga/LC_MESSAGES/libkleopatra6.mo share/locale/gl/LC_MESSAGES/libkleopatra6.mo +share/locale/he/LC_MESSAGES/libkleopatra6.mo share/locale/hi/LC_MESSAGES/libkleopatra6.mo share/locale/hne/LC_MESSAGES/libkleopatra6.mo share/locale/hr/LC_MESSAGES/libkleopatra6.mo diff --git a/security/logcheck/Makefile b/security/logcheck/Makefile index 870facde151b..4f25c9303239 100644 --- a/security/logcheck/Makefile +++ b/security/logcheck/Makefile @@ -1,5 +1,5 @@ PORTNAME= logcheck -DISTVERSION= 1.4.4 +DISTVERSION= 1.4.6 PORTREVISION= 1 CATEGORIES= security MASTER_SITES= DEBIAN_POOL @@ -17,6 +17,7 @@ RUN_DEPENDS= bash:shells/bash \ lockfile-create:sysutils/lockfile-progs \ mime-construct:mail/mime-construct + # Enable Perl dependency for logtail script USES= perl5 shebangfix tar:xz SHEBANG_FILES= src/detectrotate/*.dtr src/logcheck src/logtail src/logtail2 @@ -26,7 +27,7 @@ SUB_LIST+= CRON=${PORT_OPTIONS:MCRON} \ DBDIR=${DBDIR} \ LOGCHECK_GROUP=${LOGCHECK_GROUP} \ LOGCHECK_USER=${LOGCHECK_USER} -WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION} +WRKSRC= ${WRKDIR}/${PORTNAME} USERS= ${LOGCHECK_USER} GROUPS= ${LOGCHECK_GROUP} PLIST_SUB+= CHGRP=${CHGRP} \ diff --git a/security/logcheck/distinfo b/security/logcheck/distinfo index a361a9724258..85c870f831b1 100644 --- a/security/logcheck/distinfo +++ b/security/logcheck/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1746315311 -SHA256 (logcheck_1.4.4.tar.xz) = d40e1a92707e19581cdc5f1596a56d26396f18b061612e84fb0fbd957bc03864 -SIZE (logcheck_1.4.4.tar.xz) = 143220 +TIMESTAMP = 1754867993 +SHA256 (logcheck_1.4.6.tar.xz) = 1c038ac8bfce551e84d7be5022bfd56482f2d70ee6a8cb7a4499227f318b627d +SIZE (logcheck_1.4.6.tar.xz) = 143620 diff --git a/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_ssh b/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_ssh new file mode 100644 index 000000000000..6b8987a2c2fc --- /dev/null +++ b/security/logcheck/files/patch-rulefiles_linux_ignore.d.paranoid_ssh @@ -0,0 +1,10 @@ +--- rulefiles/linux/ignore.d.paranoid/ssh.orig 2025-08-06 20:24:39 UTC ++++ rulefiles/linux/ignore.d.paranoid/ssh +@@ -1,5 +1,5 @@ + # https://sources.debian.org/src/pam/1.5.3-7/modules/pam_unix/pam_unix_sess.c/#L100 +-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session opened for user [^[:space:]]+\(uid=[0-9]+\) by \(uid=[0-9]+\)$ ++^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session opened for user [^[:space:]]+\(uid=[0-9]+\) by \(uid=[0-9]+\)$ + + # https://sources.debian.org/src/pam/1.5.3-7/modules/pam_unix/pam_unix_sess.c/#L130 +-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session closed for user [^[:space:]]+$ ++^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)\[[0-9]+\]: pam_[[:alnum:]]+\(sshd?:session\): session closed for user [^[:space:]]+$ diff --git a/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_ssh b/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_ssh new file mode 100644 index 000000000000..ce4fbbc0d9f5 --- /dev/null +++ b/security/logcheck/files/patch-rulefiles_linux_ignore.d.server_ssh @@ -0,0 +1,147 @@ +--- rulefiles/linux/ignore.d.server/ssh.orig 2025-08-06 20:24:39 UTC ++++ rulefiles/linux/ignore.d.server/ssh +@@ -2,108 +2,108 @@ + # gssapi-keyex is added by https://salsa.debian.org/ssh-team/openssh/-/blob/master/debian/patches/gssapi.patch -- this may be moved to a different package in future! + # sshd_config(5) lists: gssapi-with-mic,hostbased, keyboard-interactive, none, password, publickey + +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [.:[:xdigit:]]+ port [[:digit:]]+ ssh2(: (RSA|ECDSA|ED25519) (SHA256:[0-9a-zA-Z+/=]{43}|(MD5:)?([[:xdigit:]]{2}:){15}[[:xdigit:]]{2}))?$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [.:[:xdigit:]]+ port [[:digit:]]+ ssh2(: (RSA|ECDSA|ED25519) (SHA256:[0-9a-zA-Z+/=]{43}|(MD5:)?([[:xdigit:]]{2}:){15}[[:xdigit:]]{2}))?$ + + # https://salsa.debian.org/ssh-team/openssh/-/blob/master/gss-serv-krb5.c#L103 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Authorized to [^[:space:]]+, krb5 principal [^[:space:]]+ \(krb5_kuserok\)$ + + # possibly https://salsa.debian.org/ssh-team/openssh/-/blob/master/packet.c#L1985 and #L1508 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Bad packet length [[:digit:]]+\.$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Disconnecting: Bad packet length [[:digit:]]+\.$ + # # possibly https://salsa.debian.org/ssh-team/openssh/-/blob/master/packet.c#L1586 (via #L1985) +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Corrupted MAC on input\.$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Disconnecting: Corrupted MAC on input\.$ + + # https://salsa.debian.org/ssh-team/openssh/-/blob/master/packet.c#L1735 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:xdigit:]]+ port [[:digit:]]+:[[:digit:]]+: .+$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Received disconnect from [.:[:xdigit:]]+ port [[:digit:]]+:[[:digit:]]+: .+$ + + # https://salsa.debian.org/ssh-team/openssh/-/blob/master/packet.c#1912 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnected from ((invalid|authenticating) )?(user [^[:space:]]+ )?[.:[:xdigit:]]+ port [[:digit:]]+( \[preauth\])?$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Disconnected from ((invalid|authenticating) )?(user [^[:space:]]+ )?[.:[:xdigit:]]+ port [[:digit:]]+( \[preauth\])?$ + + # https://salsa.debian.org/ssh-team/openssh/-/blob/master/packet.c#1905 and 1906 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection (closed|reset) by ((invalid|authenticating) )?(user [^[:space:]]+ )?[.:[:xdigit:]]+ port [[:digit:]]+( \[preauth\])?$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Connection (closed|reset) by ((invalid|authenticating) )?(user [^[:space:]]+ )?[.:[:xdigit:]]+ port [[:digit:]]+( \[preauth\])?$ + ^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening on [.:[:xdigit:]]+ port [[:digit:]]+\.$ + + ## packet.c#1927 (logdie("Unable to negotiate with %s: %s. "...)) + # offer is something like diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 or ecdsa-sha2-nistp256-cert-v01@openssh.com +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Unable to negotiate with [.:[:xdigit:]]+ port [[:digit:]]+: no matching (key exchange|host key) method found\. Their offer: [[:alnum:]@.,-]+ \[preauth\]$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Unable to negotiate with [.:[:xdigit:]]+ port [[:digit:]]+: no matching (key exchange|host key) method found\. Their offer: [[:alnum:]@.,-]+ \[preauth\]$ + + # packet.c#L133 (message is at ssherr.c#L87) +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from user [^[:space:]]+ [.:[:xdigit:]]+ port [[:digit:]]+: message authentication code incorrect$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: ssh_dispatch_run_fatal: Connection from user [^[:space:]]+ [.:[:xdigit:]]+ port [[:digit:]]+: message authentication code incorrect$ + + # possibly https://salsa.debian.org/ssh-team/openssh/-/blob/master/auth.c#L344 (via packet.c#L1985) +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Disconnecting: Too many authentication failures for [^[:space:]]* \[preauth\]$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Disconnecting: Too many authentication failures for [^[:space:]]* \[preauth\]$ + + # https://salsa.debian.org/ssh-team/openssh/-/blob/master/auth.c#L290-297 + # 'invalid user' and UNKNOWN can be returned by ssh_remote_ipaddr() - see packet.c +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for (invalid user )?[^[:space:]]+ from ([.:[:xdigit:]]+|UNKNOWN) port [[:digit:]]+ ssh2$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Failed (keyboard-interactive/pam|password|none) for (invalid user )?[^[:space:]]+ from ([.:[:xdigit:]]+|UNKNOWN) port [[:digit:]]+ ssh2$ + + # https://salsa.debian.org/ssh-team/openssh/-/blob/master/auth.c#L494 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Invalid user [^[:space:]]+ from ([.:[:xdigit:]]+|UNKNOWN) port [[:digit:]]+$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Invalid user [^[:space:]]+ from ([.:[:xdigit:]]+|UNKNOWN) port [[:digit:]]+$ + + # auth.c #L286 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [.:[:xdigit:]]+ port [[:digit:]]+ ssh2( \[preauth\])?$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [.:[:xdigit:]]+ port [[:digit:]]+ ssh2( \[preauth\])?$ + + # not found in code? +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: input_userauth_request: invalid user [^[:space:]]+ \[preauth\]$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: input_userauth_request: invalid user [^[:space:]]+ \[preauth\]$ + + # https://salsa.debian.org/ssh-team/openssh/-/blob/master/auth.c#L157-158 and #L185-186 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [^[:space:]]+ from [-_.[:alnum:]]+ not allowed because (listed in Deny|not listed in Allow)Users$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: User [^[:space:]]+ from [-_.[:alnum:]]+ not allowed because (listed in Deny|not listed in Allow)Users$ + + #https://salsa.debian.org/ssh-team/openssh/-/blob/master/auth.c#L208-209 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [^[:space:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups are listed in AllowGroups$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: User [^[:space:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups are listed in AllowGroups$ + + #' https://salsa.debian.org/ssh-team/openssh/-/blob/master/auth.c#L195-196 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [^[:space:]]+ from [-_.[:alnum:]]+ not allowed because a group is listed in DenyGroups$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: User [^[:space:]]+ from [-_.[:alnum:]]+ not allowed because a group is listed in DenyGroups$ + + # not found - auth_pam.c#L397 is close (but wont match without a ":" after "PAM") +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: PAM pam_putenv: delete non-existent entry; [[:alnum:]]+$ + + # canohost.c#L85 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Nasty PTR record "[.:[:xdigit:]]+" is set up for [.:[:xdigit:]]+, ignoring$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: Nasty PTR record "[.:[:xdigit:]]+" is set up for [.:[:xdigit:]]+, ignoring$ + + # possibly from auth-shadow.c#L96? think you would want to know if this was happening +-#^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$ ++#^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: error: Could not get shadow information for NOUSER$ + + # sshd.c#L380 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Timeout before authentication for [.:[:xdigit:]]+ port [[:digit:]]+$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: fatal: Timeout before authentication for [.:[:xdigit:]]+ port [[:digit:]]+$ + + # sshd.c#L977 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: recv_rexec_state: ssh_msg_recv failed$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: fatal: recv_rexec_state: ssh_msg_recv failed$ + + # eg from auth2-pubkey.c#L291 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: userauth_pubkey: send packet: Connection reset by peer \[preauth\]$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: fatal: userauth_pubkey: send packet: Connection reset by peer \[preauth\]$ + + # kex.c#1630 (verbose_f("Connection closed by remote host")) +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: Connection closed by remote host$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: error: kex_exchange_identification: Connection closed by remote host$ + +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: read: Connection reset by peer$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: error: kex_exchange_identification: read: Connection reset by peer$ + + # kex.c#L1672 (verbose_f("client sent invalid protocol identifier "...)) +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: client sent invalid protocol identifier ".+"$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: error: kex_exchange_identification: client sent invalid protocol identifier ".+"$ + + # sshconnect.c#L1585 (sshpkt_fatal(ssh, r, "banner exchange")) +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: banner exchange: Connection from [.:[:xdigit:]]+ port [[:digit:]]+: invalid format$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: banner exchange: Connection from [.:[:xdigit:]]+ port [[:digit:]]+: invalid format$ + + # kex.c#L1646-1647 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: kex_exchange_identification: banner line contains invalid characters$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: error: kex_exchange_identification: banner line contains invalid characters$ + + # kex.c#L1720 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: Protocol major versions differ: 2 vs\. 1$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: error: Protocol major versions differ: 2 vs\. 1$ + + # ssherr.c#L101 (SSH_ERR_NO_PROTOCOL_VERSION) +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: banner exchange: Connection from [.:[:xdigit:]]+ port [[:digit:]]+: could not read protocol version$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: banner exchange: Connection from [.:[:xdigit:]]+ port [[:digit:]]+: could not read protocol version$ + + # subsystem.c#L1964 +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: subsystem request for sftp by user [^[:space:]]+$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: subsystem request for sftp by user [^[:space:]]+$ + + # loginrec.c#L1439 --- you would want this message reported? +-#^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: syslogin_perform_logout: logout\(\) returned an error$ ++#^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: syslogin_perform_logout: logout\(\) returned an error$ + + # not sure where this is from +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: refused connect from [:[:alnum:]._-]+ \([:[:alnum:].]+\)$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: refused connect from [:[:alnum:]._-]+ \([:[:alnum:].]+\)$ + + # unclear if this is still generated +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [[:digit:]]+ attempt\(s\))$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [[:digit:]]+ attempt\(s\))$ + + # tcp wrappers - not sure what generates these, or if they are up-to-date +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: warning: /etc/hosts\.(allow|deny), line [[:digit:]]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$ +-^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: warning: /etc/hosts\.(allow|deny), line [[:digit:]]+: host name/(name|address) mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: warning: /etc/hosts\.(allow|deny), line [[:digit:]]+: can't verify hostname: getaddrinfo\([._[:alnum:]-]+, AF_INET\) failed$ ++^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ sshd(-session)?\[[[:digit:]]+\]: warning: /etc/hosts\.(allow|deny), line [[:digit:]]+: host name/(name|address) mismatch: [._[:alnum:]-]+ != [._[:alnum:]-]+$ diff --git a/security/logcheck/files/patch-src_logcheck b/security/logcheck/files/patch-src_logcheck index dc1f0636f23b..fc153e9a4ae9 100644 --- a/security/logcheck/files/patch-src_logcheck +++ b/security/logcheck/files/patch-src_logcheck @@ -1,4 +1,4 @@ ---- src/logcheck.orig 2025-05-03 23:35:17 UTC +--- src/logcheck.orig 2025-08-10 23:32:15 UTC +++ src/logcheck @@ -24,16 +24,16 @@ if [ "$(id -u)" = 0 ]; then @@ -43,16 +43,16 @@ SYSLOG_SUMMARY="/usr/bin/syslog-summary" # Defaults for options -@@ -92,7 +92,7 @@ SYSLOGSUMMARY=0 - SORTUNIQ=0 - SUPPORT_CRACKING_IGNORE=0 - SYSLOGSUMMARY=0 --LOCKDIR=/run/lock/logcheck -+LOCKDIR=/var/run/logcheck +@@ -99,7 +99,7 @@ else + elif [ -d "$TMPDIR" ] && [ -w "$TMPDIR" ]; then + LOCKDIR="$TMPDIR/logcheck" + else +- LOCKDIR="/tmp/logcheck" ++ LOCKDIR=/var/run/logcheck + fi LOCKFILE="$LOCKDIR/logcheck" - # Allow globs to return zero files -@@ -183,8 +183,8 @@ logfiles specified in; +@@ -191,8 +191,8 @@ logfiles specified in; } - verify that the logcheck user can read all logfiles specified in; @@ -63,7 +63,7 @@ - check the system has enough space; (df -h output follows): $(df -h 2>&1|| :) - check the settings (environment follows): -@@ -237,7 +237,7 @@ cleanrules() { +@@ -245,7 +245,7 @@ cleanrules() { error "Could not read $x" fi done @@ -72,7 +72,7 @@ rulefile="$(basename "$rulefile")" if [ -f "${dir}/${rulefile}" ]; then debug "cleanrules: ${dir}/${rulefile} -> $cleaned/$rulefile" -@@ -503,7 +503,7 @@ logoutput() { +@@ -511,7 +511,7 @@ logoutput() { >> "$TMPDIR/report" || error "Could not write message about first-time check of journal to report" echo "Only recent entries (from the last 5 hours) will be checked" \ >> "$TMPDIR/report" || error "Could not write message about first-time check of journal to report" @@ -81,7 +81,7 @@ >> "$TMPDIR/report" || error "Could not write message about first-time check of journal to report" offsettime="--since=-5h" fi -@@ -589,7 +589,7 @@ if [ -r "$CONFFILE" ]; then +@@ -597,7 +597,7 @@ if [ -r "$CONFFILE" ]; then # Now source the config file - before things that should not be changed if [ -r "$CONFFILE" ]; then @@ -90,7 +90,7 @@ . "$CONFFILE" elif [ -f "$CONFFILE" ]; then error "Config file $CONFFILE could not be read" -@@ -620,9 +620,9 @@ if [ "$FQDN" -eq 1 ]; then +@@ -628,9 +628,9 @@ if [ "$FQDN" -eq 1 ]; then # HOSTNAME is either 'fully qualified' or 'short' if [ "$FQDN" -eq 1 ]; then @@ -102,7 +102,7 @@ fi # Now check for the other options -@@ -727,8 +727,8 @@ fi +@@ -735,8 +735,8 @@ fi fi # Create a secure temporary working directory (or exit) diff --git a/security/mailzu/Makefile b/security/mailzu/Makefile index 7a2c9271de78..d0fa985fcd04 100644 --- a/security/mailzu/Makefile +++ b/security/mailzu/Makefile @@ -21,6 +21,7 @@ RUN_DEPENDS= ${LOCALBASE}/sbin/amavisd:security/amavisd-new \ USES= php:flavors,web USE_PHP= sockets +IGNORE_WITH_PHP= 81 NO_ARCH= yes NO_BUILD= yes diff --git a/security/netbird/Makefile b/security/netbird/Makefile index 09ae137949e5..dc8447a8b75a 100644 --- a/security/netbird/Makefile +++ b/security/netbird/Makefile @@ -1,7 +1,6 @@ PORTNAME= netbird DISTVERSIONPREFIX= v -DISTVERSION= 0.52.2 -PORTREVISION= 1 +DISTVERSION= 0.54.2 CATEGORIES= security net net-vpn MAINTAINER= hakan.external@netbird.io diff --git a/security/netbird/distinfo b/security/netbird/distinfo index 30303e730edc..f6c3b17e6d44 100644 --- a/security/netbird/distinfo +++ b/security/netbird/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1753909987 -SHA256 (go/security_netbird/netbird-v0.52.2/v0.52.2.mod) = 9faca275525c7b46083fcf1e3160017832c72ef72242d04026d15caa77799fbd -SIZE (go/security_netbird/netbird-v0.52.2/v0.52.2.mod) = 12507 -SHA256 (go/security_netbird/netbird-v0.52.2/v0.52.2.zip) = adfcda9d4b297724d74e75230b6717a3bf3364ffed2a22282ced507b211e687b -SIZE (go/security_netbird/netbird-v0.52.2/v0.52.2.zip) = 3010706 +TIMESTAMP = 1755202526 +SHA256 (go/security_netbird/netbird-v0.54.2/v0.54.2.mod) = 43abe2b40255386b6bbc9e083cd7ae4cc4a1f93e8537977228e3329449225bab +SIZE (go/security_netbird/netbird-v0.54.2/v0.54.2.mod) = 12507 +SHA256 (go/security_netbird/netbird-v0.54.2/v0.54.2.zip) = ce927616e2f09722829814f1fa41aec53aefc7388a92ac5284b770a6a4473668 +SIZE (go/security_netbird/netbird-v0.54.2/v0.54.2.zip) = 3088930 diff --git a/security/nextcloud-twofactor_webauthn/Makefile b/security/nextcloud-twofactor_webauthn/Makefile index c1a18bd7c8ad..c1bbf6628f89 100644 --- a/security/nextcloud-twofactor_webauthn/Makefile +++ b/security/nextcloud-twofactor_webauthn/Makefile @@ -1,5 +1,5 @@ PORTNAME= twofactor_webauthn -PORTVERSION= 2.2.0 +PORTVERSION= 2.2.1 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/nextcloud-twofactor_webauthn/distinfo b/security/nextcloud-twofactor_webauthn/distinfo index 174a8f9fdc8e..5162cc2923a5 100644 --- a/security/nextcloud-twofactor_webauthn/distinfo +++ b/security/nextcloud-twofactor_webauthn/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1748452221 -SHA256 (nextcloud/twofactor_webauthn-v2.2.0.tar.gz) = 71f8adc8cbe5e812ecc641a4477326eb5019b32902eca8c3903448c850103f87 -SIZE (nextcloud/twofactor_webauthn-v2.2.0.tar.gz) = 14689773 +TIMESTAMP = 1755081999 +SHA256 (nextcloud/twofactor_webauthn-v2.2.1.tar.gz) = 7da631d8605b790f03a7015a399c622105fcf2e767ef68e91e2d9065fea310cb +SIZE (nextcloud/twofactor_webauthn-v2.2.1.tar.gz) = 14685658 diff --git a/security/nss/Makefile b/security/nss/Makefile index f8c7e5630703..781d9e0aabd5 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -1,5 +1,5 @@ PORTNAME= nss -PORTVERSION= 3.114 +PORTVERSION= 3.115 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src diff --git a/security/nss/distinfo b/security/nss/distinfo index df00638ab54d..50adf9c0dbc3 100644 --- a/security/nss/distinfo +++ b/security/nss/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1752847969 -SHA256 (nss-3.114.tar.gz) = cac3c0d67028804fb316e9695f81749fa4dc118e731d674b4c4c347bd849c2f1 -SIZE (nss-3.114.tar.gz) = 76653541 +TIMESTAMP = 1755280243 +SHA256 (nss-3.115.tar.gz) = ac2a47fb33bd79320159144e01c0d4af9a937a2d928c7c77ff06f5d9507861ab +SIZE (nss-3.115.tar.gz) = 76656357 diff --git a/security/openconnect-gui/Makefile b/security/openconnect-gui/Makefile index 9747d8d4378c..5537472de9de 100644 --- a/security/openconnect-gui/Makefile +++ b/security/openconnect-gui/Makefile @@ -1,7 +1,7 @@ PORTNAME= openconnect-gui PORTVERSION= 1.5.3 DISTVERSIONPREFIX=v -PORTREVISION= 4 +PORTREVISION= 5 MASTER_SITES= https://gitlab.com/openconnect/openconnect-gui/-/archive/v${PORTVERSION}/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} CATEGORIES= security net-vpn diff --git a/security/openssl32/Makefile b/security/openssl32/Makefile index 597dd245415c..7d7665c242e3 100644 --- a/security/openssl32/Makefile +++ b/security/openssl32/Makefile @@ -11,7 +11,8 @@ WWW= https://www.openssl.org/ LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE.txt -EXPIRATION_DATE= 2025-11-23 +DEPRECATED= Please use security/openssl35 (LTS) +EXPIRATION_DATE= 2025-09-30 CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl111 openssl3[1345] openssl*-quictls diff --git a/security/openssl33/Makefile b/security/openssl33/Makefile index f4cdbb7a8866..652a325e8d5c 100644 --- a/security/openssl33/Makefile +++ b/security/openssl33/Makefile @@ -11,7 +11,8 @@ WWW= https://www.openssl.org/ LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE.txt -EXPIRATION_DATE= 2026-04-09 +DEPRECATED= Please use security/openssl35 (LTS) +EXPIRATION_DATE= 2026-03-31 CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl111 openssl3[1245] openssl*-quictls diff --git a/security/openssl34/Makefile b/security/openssl34/Makefile index 4bc0fe6c59a2..4f6eef7378f4 100644 --- a/security/openssl34/Makefile +++ b/security/openssl34/Makefile @@ -11,7 +11,8 @@ WWW= https://www.openssl.org/ LICENSE= APACHE20 LICENSE_FILE= ${WRKSRC}/LICENSE.txt -EXPIRATION_DATE= 2026-10-22 +DEPRECATED= Please use security/openssl35 (LTS) +EXPIRATION_DATE= 2026-09-30 CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl111 openssl3[1235] openssl*-quictls diff --git a/security/openvpn-auth-oauth2/Makefile b/security/openvpn-auth-oauth2/Makefile index ae1db19cedff..444fc1962136 100644 --- a/security/openvpn-auth-oauth2/Makefile +++ b/security/openvpn-auth-oauth2/Makefile @@ -1,7 +1,6 @@ PORTNAME= openvpn-auth-oauth2 DISTVERSIONPREFIX= v -DISTVERSION= 1.25.1 -PORTREVISION= 1 +DISTVERSION= 1.25.2 CATEGORIES= security net net-vpn MAINTAINER= otis@FreeBSD.org diff --git a/security/openvpn-auth-oauth2/distinfo b/security/openvpn-auth-oauth2/distinfo index e05ed0fe31c5..ef958b0b6d12 100644 --- a/security/openvpn-auth-oauth2/distinfo +++ b/security/openvpn-auth-oauth2/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1754336625 -SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.1/v1.25.1.mod) = 3de74a0050149736ffe906c0dc53229ed622c7e524a44c9a2986e549321a875d -SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.1/v1.25.1.mod) = 1370 -SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.1/v1.25.1.zip) = 0f362a03ebbe71c84c3d4105786d4bebbda18564ef2e8c924138d8f1895aa809 -SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.1/v1.25.1.zip) = 1875945 +TIMESTAMP = 1754885003 +SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.mod) = d0f750c04d64d7442d246f72b825d2f9fc0ed4210e066ea5f6787b9eb877f963 +SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.mod) = 1370 +SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.zip) = 0ac1f121f8eb6842a65e67e4b2a16a52c6c2f2cc068e79b06a5f90b04cce0a4e +SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.25.2/v1.25.2.zip) = 1875487 diff --git a/security/osv-scanner/Makefile b/security/osv-scanner/Makefile index 7a487abc074b..a67332b5ff08 100644 --- a/security/osv-scanner/Makefile +++ b/security/osv-scanner/Makefile @@ -1,7 +1,6 @@ PORTNAME= osv-scanner DISTVERSIONPREFIX= v -DISTVERSION= 2.1.0 -PORTREVISION= 2 +DISTVERSION= 2.2.1 CATEGORIES= security MAINTAINER= dutra@FreeBSD.org @@ -14,7 +13,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE USES= go:1.24,modules,run _BUILD_VERSION= ${DISTVERSION} -_BUILD_COMMIT= 9267fda +_BUILD_COMMIT= 04a8728 _BUILD_DATE= $$(date +%Y-%m-%d) GO_MODULE= github.com/google/${PORTNAME}/v2 diff --git a/security/osv-scanner/distinfo b/security/osv-scanner/distinfo index 0bb9d35b4b24..265d20a79f1b 100644 --- a/security/osv-scanner/distinfo +++ b/security/osv-scanner/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1752902973 -SHA256 (go/security_osv-scanner/osv-scanner-v2.1.0/v2.1.0.mod) = 47c1c8a3532bdbc1d13ec28192a526fcd369cc0d1ef66183da43912d0e5187a0 -SIZE (go/security_osv-scanner/osv-scanner-v2.1.0/v2.1.0.mod) = 9478 -SHA256 (go/security_osv-scanner/osv-scanner-v2.1.0/v2.1.0.zip) = 26944055bd68077d904d55d8d9b59cde9d4c4273beb2687a2a283ba1ed67e759 -SIZE (go/security_osv-scanner/osv-scanner-v2.1.0/v2.1.0.zip) = 5197089 +TIMESTAMP = 1754949434 +SHA256 (go/security_osv-scanner/osv-scanner-v2.2.1/v2.2.1.mod) = 0dce5dbfafb99b5582b02777a4a2b0b806fde168be423da7ed1ac6f0d9529abd +SIZE (go/security_osv-scanner/osv-scanner-v2.2.1/v2.2.1.mod) = 9801 +SHA256 (go/security_osv-scanner/osv-scanner-v2.2.1/v2.2.1.zip) = d249264cb9bfef83ef63567466dd7321032e7e7c44532be933fc12b920151637 +SIZE (go/security_osv-scanner/osv-scanner-v2.2.1/v2.2.1.zip) = 5234820 diff --git a/security/p5-Authen-SASL/Makefile b/security/p5-Authen-SASL/Makefile index 9ac8f0fab374..476ddab022e5 100644 --- a/security/p5-Authen-SASL/Makefile +++ b/security/p5-Authen-SASL/Makefile @@ -1,6 +1,5 @@ PORTNAME= Authen-SASL -PORTVERSION= 2.18 -DISTVERSIONSUFFIX= 00 +PORTVERSION= 2.1900 CATEGORIES= security perl5 MASTER_SITES= CPAN PKGNAMEPREFIX= p5- @@ -13,10 +12,11 @@ LICENSE= ART10 GPLv1+ LICENSE_COMB= dual BUILD_DEPENDS= ${RUN_DEPENDS} -RUN_DEPENDS= p5-Digest-HMAC>=0:security/p5-Digest-HMAC +RUN_DEPENDS= p5-Crypt-URandom>=0:security/p5-Crypt-URandom \ + p5-Digest-HMAC>=0:security/p5-Digest-HMAC TEST_DEPENDS= p5-Pod-Coverage-TrustPod>=0:devel/p5-Pod-Coverage-TrustPod \ - p5-Test-Pod>=0:devel/p5-Test-Pod \ - p5-Test-Pod-Coverage>=0:devel/p5-Test-Pod-Coverage + p5-Test-Pod-Coverage>=0:devel/p5-Test-Pod-Coverage \ + p5-Test-Pod>=0:devel/p5-Test-Pod USES= perl5 USE_PERL5= configure diff --git a/security/p5-Authen-SASL/distinfo b/security/p5-Authen-SASL/distinfo index b84d42118800..64a35e878733 100644 --- a/security/p5-Authen-SASL/distinfo +++ b/security/p5-Authen-SASL/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1745759767 -SHA256 (Authen-SASL-2.1800.tar.gz) = 0b03686bddbbf7d5c6548e468d079a4051c9b73851df740ae28cfd2db234e922 -SIZE (Authen-SASL-2.1800.tar.gz) = 39499 +TIMESTAMP = 1755072887 +SHA256 (Authen-SASL-2.1900.tar.gz) = be3533a6891b2e677150b479c1a0d4bf11c8bbeebed3e7b8eba34053e93923b0 +SIZE (Authen-SASL-2.1900.tar.gz) = 40345 diff --git a/security/p5-Crypt-CBC/Makefile b/security/p5-Crypt-CBC/Makefile index 886b6e474243..7e50fa1e8d04 100644 --- a/security/p5-Crypt-CBC/Makefile +++ b/security/p5-Crypt-CBC/Makefile @@ -8,13 +8,13 @@ MAINTAINER= perl@FreeBSD.org COMMENT= Perl5 interface to Cipher Block Chaining with DES and IDEA WWW= https://metacpan.org/release/Crypt-CBC -LICENSE= ART10 +LICENSE= ART20 +LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= ${RUN_DEPENDS} RUN_DEPENDS= p5-Crypt-PBKDF2>=0:security/p5-Crypt-PBKDF2 \ p5-Crypt-URandom>=0:security/p5-Crypt-URandom \ p5-CryptX>=0:security/p5-CryptX - TEST_DEPENDS= p5-Crypt-Blowfish>=0:security/p5-Crypt-Blowfish \ p5-Crypt-Blowfish_PP>=0:security/p5-Crypt-Blowfish_PP \ p5-Crypt-CAST5>=0:security/p5-Crypt-CAST5 \ diff --git a/security/p5-GnuPG-Interface/Makefile b/security/p5-GnuPG-Interface/Makefile index 7e4a345ae288..b801b479e9a1 100644 --- a/security/p5-GnuPG-Interface/Makefile +++ b/security/p5-GnuPG-Interface/Makefile @@ -1,5 +1,5 @@ PORTNAME= GnuPG-Interface -PORTVERSION= 1.04 +PORTVERSION= 1.05 CATEGORIES= security perl5 MASTER_SITES= CPAN PKGNAMEPREFIX= p5- diff --git a/security/p5-GnuPG-Interface/distinfo b/security/p5-GnuPG-Interface/distinfo index bf7fdd2cddbc..cc8fe0ae46a9 100644 --- a/security/p5-GnuPG-Interface/distinfo +++ b/security/p5-GnuPG-Interface/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1702543814 -SHA256 (GnuPG-Interface-1.04.tar.gz) = d5faf042446dbb27788e9da48b20d8303ef7d12c62d2b6a3ba416f604bfac673 -SIZE (GnuPG-Interface-1.04.tar.gz) = 77435 +TIMESTAMP = 1755077281 +SHA256 (GnuPG-Interface-1.05.tar.gz) = 54435dfda4fbb689329420b1355166105ee178040d863aa3e059eca085cae045 +SIZE (GnuPG-Interface-1.05.tar.gz) = 77449 diff --git a/security/py-fail2ban/Makefile b/security/py-fail2ban/Makefile index 9cbaf89b9b2f..c571d8418ec6 100644 --- a/security/py-fail2ban/Makefile +++ b/security/py-fail2ban/Makefile @@ -1,6 +1,6 @@ PORTNAME= fail2ban DISTVERSION= 1.1.0 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -63,6 +63,7 @@ post-patch: ${MAN_FILES} @${REINPLACE_CMD} -e 's, sed , ${SED} ,g' \ ${WRKSRC}/config/action.d/hostsdeny.conf + @${RM} ${WRKSRC}/config/filter.d/sshd.conf # XXX Ideally this should be in do-build but it only works in # XXX post-patch @@ -78,6 +79,7 @@ post-install: post-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} (cd ${WRKSRC}/ && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}) + @${RM} ${STAGEDIR}/${ETCDIR}/filter.d/selinux-sshd.conf do-test: @cd ${WRKSRC} && ${PYTHON_CMD} ${PYDISTUTILS_SETUP} test diff --git a/security/py-fail2ban/files/patch-config_filter.d_bsd-sshd.conf b/security/py-fail2ban/files/patch-config_filter.d_bsd-sshd.conf deleted file mode 100644 index 153cdfb3bb3c..000000000000 --- a/security/py-fail2ban/files/patch-config_filter.d_bsd-sshd.conf +++ /dev/null @@ -1,44 +0,0 @@ ---- config/filter.d/bsd-sshd.conf.orig 2020-03-27 11:15:56 UTC -+++ config/filter.d/bsd-sshd.conf -@@ -0,0 +1,41 @@ -+# Fail2Ban configuration file -+# -+# Author: Cyril Jaquier -+# -+# $Revision: 663 $ -+# -+ -+[INCLUDES] -+ -+# Read common prefixes. If any customizations available -- read them from -+# common.local -+before = common.conf -+ -+ -+[Definition] -+ -+_daemon = sshd -+ -+# Option: failregex -+# Notes.: regex to match the password failures messages in the logfile. The -+# host must be matched by a group named "host". The tag "<HOST>" can -+# be used for standard IP/hostname matching and is only an alias for -+# (?:::f{4,6}:)?(?P<host>\S+) -+# Values: TEXT -+# -+failregex = ^%(__prefix_line)s(?:error: PAM: )?[A|a]uthentication (?:failure|error) for .* from <HOST>\s*$ -+ ^%(__prefix_line)sDid not receive identification string from <HOST>$ -+ ^%(__prefix_line)sFailed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$ -+ ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$ -+ ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$ -+ ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST> port \d*$ -+ ^%(__prefix_line)sUser \S+ from <HOST> not allowed because not listed in AllowUsers$ -+ ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$ -+ ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$ -+ ^%(__prefix_line)sreverse mapping checking getaddrinfo for .* \[<HOST>\] .* POSSIBLE BREAK-IN ATTEMPT!$ -+ -+# Option: ignoreregex -+# Notes.: regex to ignore. If this regex matches, the line is ignored. -+# Values: TEXT -+# -+ignoreregex = diff --git a/security/py-google-auth-oauthlib/Makefile b/security/py-google-auth-oauthlib/Makefile index fbc33ecb3641..5417ab6c7294 100644 --- a/security/py-google-auth-oauthlib/Makefile +++ b/security/py-google-auth-oauthlib/Makefile @@ -1,9 +1,9 @@ PORTNAME= google-auth-oauthlib -PORTVERSION= 1.2.0 -PORTREVISION= 1 +PORTVERSION= 1.2.2 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} +DISTNAME= google_auth_oauthlib-${PORTVERSION} MAINTAINER= sunpoet@FreeBSD.org COMMENT= Google Authentication Library diff --git a/security/py-google-auth-oauthlib/distinfo b/security/py-google-auth-oauthlib/distinfo index 275f2ccc819f..fb7824988191 100644 --- a/security/py-google-auth-oauthlib/distinfo +++ b/security/py-google-auth-oauthlib/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1702543696 -SHA256 (google-auth-oauthlib-1.2.0.tar.gz) = 292d2d3783349f2b0734a0a0207b1e1e322ac193c2c09d8f7c613fb7cc501ea8 -SIZE (google-auth-oauthlib-1.2.0.tar.gz) = 24829 +TIMESTAMP = 1753796094 +SHA256 (google_auth_oauthlib-1.2.2.tar.gz) = 11046fb8d3348b296302dd939ace8af0a724042e8029c1b872d87fabc9f41684 +SIZE (google_auth_oauthlib-1.2.2.tar.gz) = 20955 diff --git a/security/py-paramiko/Makefile b/security/py-paramiko/Makefile index dc6d57a9845b..dcb01dc7366b 100644 --- a/security/py-paramiko/Makefile +++ b/security/py-paramiko/Makefile @@ -1,6 +1,6 @@ PORTNAME= paramiko PORTVERSION= 2.11.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -20,7 +20,7 @@ TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}invoke>=0:devel/py-invoke@${PY_FLAVOR} \ ${PYTHON_PKGNAMEPREFIX}pytest-relaxed>=0:devel/py-pytest-relaxed@${PY_FLAVOR} USES= cpe python -USE_PYTHON= autoplist cryptography distutils pytest4 +USE_PYTHON= autoplist cryptography distutils pytest NO_ARCH= yes TEST_ARGS= -p no:relaxed diff --git a/security/py-pass-git-helper/Makefile b/security/py-pass-git-helper/Makefile index 76d09fe1775b..bdb5b07ba12f 100644 --- a/security/py-pass-git-helper/Makefile +++ b/security/py-pass-git-helper/Makefile @@ -1,6 +1,6 @@ PORTNAME= pass-git-helper DISTVERSIONPREFIX= v -DISTVERSION= 3.4.0 +DISTVERSION= 4.0.0 CATEGORIES= security python PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-pass-git-helper/distinfo b/security/py-pass-git-helper/distinfo index 987023672933..0662fe442d9a 100644 --- a/security/py-pass-git-helper/distinfo +++ b/security/py-pass-git-helper/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1754030834 -SHA256 (languitar-pass-git-helper-v3.4.0_GH0.tar.gz) = ef077b5f645a6de143712725b169e654f27444e99bd6ee03f3d036f7cea86c4b -SIZE (languitar-pass-git-helper-v3.4.0_GH0.tar.gz) = 113833 +TIMESTAMP = 1754683103 +SHA256 (languitar-pass-git-helper-v4.0.0_GH0.tar.gz) = 988738b5956cd4efbcc789500860c6dcc051e8a3918edd3fac4b8af69323730e +SIZE (languitar-pass-git-helper-v4.0.0_GH0.tar.gz) = 113787 diff --git a/security/qgpgme/Makefile b/security/qgpgme/Makefile index f45cb981a8f8..6ae113d7dd72 100644 --- a/security/qgpgme/Makefile +++ b/security/qgpgme/Makefile @@ -1,5 +1,6 @@ PORTNAME= qgpgme PORTVERSION= 2.0.0 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= GNUPG PKGNAMESUFFIX= -${FLAVOR} diff --git a/security/qgpgme/files/patch-src_dn.cpp b/security/qgpgme/files/patch-src_dn.cpp new file mode 100644 index 000000000000..f8df815f4e41 --- /dev/null +++ b/security/qgpgme/files/patch-src_dn.cpp @@ -0,0 +1,12 @@ +--- src/dn.cpp.orig 2025-06-03 15:55:22 UTC ++++ src/dn.cpp +@@ -215,6 +215,9 @@ static std::pair<std::optional<std::string_view>, std: + /* hexstring */ + stringv.remove_prefix(1); + auto endHex = stringv.find_first_not_of("1234567890abcdefABCDEF"sv); ++ if (endHex == std::string_view::npos) { ++ endHex = stringv.size(); ++ } + auto value = parseHexString(stringv.substr(0, endHex)); + if (!value.has_value()) { + return {}; diff --git a/security/rubygem-gpgme/Makefile b/security/rubygem-gpgme/Makefile index 01afb9d78c35..edc525455b78 100644 --- a/security/rubygem-gpgme/Makefile +++ b/security/rubygem-gpgme/Makefile @@ -1,6 +1,5 @@ PORTNAME= gpgme -PORTVERSION= 2.0.24 -PORTREVISION= 2 +PORTVERSION= 2.0.25 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-gpgme/distinfo b/security/rubygem-gpgme/distinfo index d759a77b3ae6..86f7c7605002 100644 --- a/security/rubygem-gpgme/distinfo +++ b/security/rubygem-gpgme/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1708450562 -SHA256 (rubygem/gpgme-2.0.24.gem) = 53eccd7042abb4fd5c78f30bc9ed075b1325e6450eab207f2f6a1e7e28ae3b64 -SIZE (rubygem/gpgme-2.0.24.gem) = 3498496 +TIMESTAMP = 1753796218 +SHA256 (rubygem/gpgme-2.0.25.gem) = 9242408b28720513145deb6150f25f5fe5149f3728ebaea635050cc3fc84dc34 +SIZE (rubygem/gpgme-2.0.25.gem) = 3160064 diff --git a/security/rubygem-gpgme/files/patch-ext_gpgme_extconf.rb b/security/rubygem-gpgme/files/patch-ext-gpgme-extconf.rb index e0a3bbcbbf76..e0a3bbcbbf76 100644 --- a/security/rubygem-gpgme/files/patch-ext_gpgme_extconf.rb +++ b/security/rubygem-gpgme/files/patch-ext-gpgme-extconf.rb diff --git a/security/rubygem-gpgme/files/patch-ext_gpgme_gpgme__n.c b/security/rubygem-gpgme/files/patch-ext_gpgme_gpgme__n.c deleted file mode 100644 index d0c71e09bb17..000000000000 --- a/security/rubygem-gpgme/files/patch-ext_gpgme_gpgme__n.c +++ /dev/null @@ -1,59 +0,0 @@ -The trustlist feature, which only worked for a short period in 2003, was -removed in GpgME 2.0.0. - -The gpgme_attr_t enums and their functions, which have been marked deprecated -since 2003, were removed in GpgME 2.0.0. - ---- ext/gpgme/gpgme_n.c.orig 2025-06-23 05:28:53 UTC -+++ ext/gpgme/gpgme_n.c -@@ -1633,6 +1633,7 @@ rb_s_gpgme_op_card_edit_start (VALUE dummy, VALUE vctx - return LONG2NUM(err); - } - -+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000 - static VALUE - rb_s_gpgme_op_trustlist_start (VALUE dummy, VALUE vctx, VALUE vpattern, - VALUE vmax_level) -@@ -1696,6 +1697,7 @@ rb_s_gpgme_op_trustlist_end (VALUE dummy, VALUE vctx) - err = gpgme_op_trustlist_end (ctx); - return LONG2NUM(err); - } -+#endif - - static VALUE - rb_s_gpgme_op_decrypt (VALUE dummy, VALUE vctx, VALUE vcipher, VALUE vplain) -@@ -2558,13 +2560,15 @@ Init_gpgme_n (void) - rb_define_module_function (mGPGME, "gpgme_op_card_edit_start", - rb_s_gpgme_op_card_edit_start, 5); - -- /* Trust Item Management */ -+ /* Trust Item Management removed in 2.0.0 */ -+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000 - rb_define_module_function (mGPGME, "gpgme_op_trustlist_start", - rb_s_gpgme_op_trustlist_start, 3); - rb_define_module_function (mGPGME, "gpgme_op_trustlist_next", - rb_s_gpgme_op_trustlist_next, 2); - rb_define_module_function (mGPGME, "gpgme_op_trustlist_end", - rb_s_gpgme_op_trustlist_end, 1); -+#endif - - /* Decrypt */ - rb_define_module_function (mGPGME, "gpgme_op_decrypt", -@@ -2805,7 +2809,8 @@ Init_gpgme_n (void) - rb_define_const (mGPGME, "GPGME_SIG_MODE_CLEAR", - INT2FIX(GPGME_SIG_MODE_CLEAR)); - -- /* gpgme_attr_t */ -+ /* gpgme_attr_t removed in 2.0.0 */ -+#if defined(GPGME_VERSION_NUMBER) && GPGME_VERSION_NUMBER < 0x020000 - rb_define_const (mGPGME, "GPGME_ATTR_KEYID", - INT2FIX(GPGME_ATTR_KEYID)); - rb_define_const (mGPGME, "GPGME_ATTR_FPR", -@@ -2868,6 +2873,7 @@ Init_gpgme_n (void) - INT2FIX(GPGME_ATTR_ERRTOK)); - rb_define_const (mGPGME, "GPGME_ATTR_SIG_SUMMARY", - INT2FIX(GPGME_ATTR_SIG_SUMMARY)); -+#endif - - /* gpgme_validity_t */ - rb_define_const (mGPGME, "GPGME_VALIDITY_UNKNOWN", diff --git a/security/rubygem-gpgme/files/patch-lib_gpgme_constants.rb b/security/rubygem-gpgme/files/patch-lib_gpgme_constants.rb deleted file mode 100644 index 19766f99d845..000000000000 --- a/security/rubygem-gpgme/files/patch-lib_gpgme_constants.rb +++ /dev/null @@ -1,75 +0,0 @@ -The gpgme_attr_t enums and their functions, which have been marked deprecated -since 2003, were removed in GpgME 2.0.0. - ---- lib/gpgme/constants.rb.orig 2025-06-23 05:42:19 UTC -+++ lib/gpgme/constants.rb -@@ -1,36 +1,38 @@ module GPGME - module GPGME - -- ATTR_ALGO = GPGME_ATTR_ALGO -- ATTR_CAN_CERTIFY = GPGME_ATTR_CAN_CERTIFY -- ATTR_CAN_ENCRYPT = GPGME_ATTR_CAN_ENCRYPT -- ATTR_CAN_SIGN = GPGME_ATTR_CAN_SIGN -- ATTR_CHAINID = GPGME_ATTR_CHAINID -- ATTR_COMMENT = GPGME_ATTR_COMMENT -- ATTR_CREATED = GPGME_ATTR_CREATED -- ATTR_EMAIL = GPGME_ATTR_EMAIL -- ATTR_ERRTOK = GPGME_ATTR_ERRTOK -- ATTR_EXPIRE = GPGME_ATTR_EXPIRE -- ATTR_FPR = GPGME_ATTR_FPR -- ATTR_ISSUER = GPGME_ATTR_ISSUER -- ATTR_IS_SECRET = GPGME_ATTR_IS_SECRET -- ATTR_KEYID = GPGME_ATTR_KEYID -- ATTR_KEY_CAPS = GPGME_ATTR_KEY_CAPS -- ATTR_KEY_DISABLED = GPGME_ATTR_KEY_DISABLED -- ATTR_KEY_EXPIRED = GPGME_ATTR_KEY_EXPIRED -- ATTR_KEY_INVALID = GPGME_ATTR_KEY_INVALID -- ATTR_KEY_REVOKED = GPGME_ATTR_KEY_REVOKED -- ATTR_LEN = GPGME_ATTR_LEN -- ATTR_LEVEL = GPGME_ATTR_LEVEL -- ATTR_NAME = GPGME_ATTR_NAME -- ATTR_OTRUST = GPGME_ATTR_OTRUST -- ATTR_SERIAL = GPGME_ATTR_SERIAL -- ATTR_SIG_STATUS = GPGME_ATTR_SIG_STATUS -- ATTR_SIG_SUMMARY = GPGME_ATTR_SIG_SUMMARY -- ATTR_TYPE = GPGME_ATTR_TYPE -- ATTR_UID_INVALID = GPGME_ATTR_UID_INVALID -- ATTR_UID_REVOKED = GPGME_ATTR_UID_REVOKED -- ATTR_USERID = GPGME_ATTR_USERID -- ATTR_VALIDITY = GPGME_ATTR_VALIDITY -+ if defined?(GPGME_ATTR_ALGO) -+ ATTR_ALGO = GPGME_ATTR_ALGO -+ ATTR_CAN_CERTIFY = GPGME_ATTR_CAN_CERTIFY -+ ATTR_CAN_ENCRYPT = GPGME_ATTR_CAN_ENCRYPT -+ ATTR_CAN_SIGN = GPGME_ATTR_CAN_SIGN -+ ATTR_CHAINID = GPGME_ATTR_CHAINID -+ ATTR_COMMENT = GPGME_ATTR_COMMENT -+ ATTR_CREATED = GPGME_ATTR_CREATED -+ ATTR_EMAIL = GPGME_ATTR_EMAIL -+ ATTR_ERRTOK = GPGME_ATTR_ERRTOK -+ ATTR_EXPIRE = GPGME_ATTR_EXPIRE -+ ATTR_FPR = GPGME_ATTR_FPR -+ ATTR_ISSUER = GPGME_ATTR_ISSUER -+ ATTR_IS_SECRET = GPGME_ATTR_IS_SECRET -+ ATTR_KEYID = GPGME_ATTR_KEYID -+ ATTR_KEY_CAPS = GPGME_ATTR_KEY_CAPS -+ ATTR_KEY_DISABLED = GPGME_ATTR_KEY_DISABLED -+ ATTR_KEY_EXPIRED = GPGME_ATTR_KEY_EXPIRED -+ ATTR_KEY_INVALID = GPGME_ATTR_KEY_INVALID -+ ATTR_KEY_REVOKED = GPGME_ATTR_KEY_REVOKED -+ ATTR_LEN = GPGME_ATTR_LEN -+ ATTR_LEVEL = GPGME_ATTR_LEVEL -+ ATTR_NAME = GPGME_ATTR_NAME -+ ATTR_OTRUST = GPGME_ATTR_OTRUST -+ ATTR_SERIAL = GPGME_ATTR_SERIAL -+ ATTR_SIG_STATUS = GPGME_ATTR_SIG_STATUS -+ ATTR_SIG_SUMMARY = GPGME_ATTR_SIG_SUMMARY -+ ATTR_TYPE = GPGME_ATTR_TYPE -+ ATTR_UID_INVALID = GPGME_ATTR_UID_INVALID -+ ATTR_UID_REVOKED = GPGME_ATTR_UID_REVOKED -+ ATTR_USERID = GPGME_ATTR_USERID -+ ATTR_VALIDITY = GPGME_ATTR_VALIDITY -+ end - DATA_ENCODING_ARMOR = GPGME_DATA_ENCODING_ARMOR - DATA_ENCODING_BASE64 = GPGME_DATA_ENCODING_BASE64 - DATA_ENCODING_BINARY = GPGME_DATA_ENCODING_BINARY diff --git a/security/rubygem-omniauth-cas/Makefile b/security/rubygem-omniauth-cas/Makefile index 9b79b1047393..8e96e53b6540 100644 --- a/security/rubygem-omniauth-cas/Makefile +++ b/security/rubygem-omniauth-cas/Makefile @@ -1,5 +1,5 @@ PORTNAME= omniauth-cas -PORTVERSION= 3.0.1 +PORTVERSION= 3.0.2 CATEGORIES= security rubygems MASTER_SITES= RG diff --git a/security/rubygem-omniauth-cas/distinfo b/security/rubygem-omniauth-cas/distinfo index 3e72d501f81c..cca5032e20a6 100644 --- a/security/rubygem-omniauth-cas/distinfo +++ b/security/rubygem-omniauth-cas/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1742070842 -SHA256 (rubygem/omniauth-cas-3.0.1.gem) = a1338efe4164454312aed1c3256c411e20c8c8408be523c39a9b31d84b9ad6fb -SIZE (rubygem/omniauth-cas-3.0.1.gem) = 12288 +TIMESTAMP = 1753796236 +SHA256 (rubygem/omniauth-cas-3.0.2.gem) = 1838b15d63b9459a5b61d0e93ab1c73b160bae866735c2a8e3b2c8572319600d +SIZE (rubygem/omniauth-cas-3.0.2.gem) = 12288 diff --git a/security/rubygem-rack-oauth2-gitlab/Makefile b/security/rubygem-rack-oauth2-gitlab/Makefile index 5620c2b4660c..bb98e437ccdb 100644 --- a/security/rubygem-rack-oauth2-gitlab/Makefile +++ b/security/rubygem-rack-oauth2-gitlab/Makefile @@ -1,5 +1,6 @@ PORTNAME= rack-oauth2 PORTVERSION= 2.2.1 +PORTREVISION= 1 CATEGORIES= security rubygems MASTER_SITES= RG PKGNAMESUFFIX= -gitlab @@ -11,7 +12,7 @@ WWW= https://github.com/nov/rack-oauth2 LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE -RUN_DEPENDS= rubygem-activesupport70>=0:devel/rubygem-activesupport70 \ +RUN_DEPENDS= rubygem-activesupport-gitlab>=0:devel/rubygem-activesupport-gitlab \ rubygem-attr_required>=0:devel/rubygem-attr_required \ rubygem-faraday-gitlab>=2.0<3:www/rubygem-faraday-gitlab \ rubygem-faraday-follow_redirects-gitlab>=0:www/rubygem-faraday-follow_redirects-gitlab \ diff --git a/security/sequoia-chameleon-gnupg/Makefile b/security/sequoia-chameleon-gnupg/Makefile index b93f3584cd69..31ac7bb3e6d0 100644 --- a/security/sequoia-chameleon-gnupg/Makefile +++ b/security/sequoia-chameleon-gnupg/Makefile @@ -62,4 +62,11 @@ post-install-ZSH-on: ${CARGO_TARGET_DIR}/shell-completions/_gpgv-sq.ps1 \ ${STAGEDIR}${PREFIX}/share/zsh/site-functions -.include <bsd.port.mk> +.include <bsd.port.pre.mk> + +.if ${ARCH:Marmv?} +LTO_UNSAFE= yes +CARGO_ENV+= CARGO_PROFILE_RELEASE_LTO=false +.endif + +.include <bsd.port.post.mk> diff --git a/security/shibboleth-idp/Makefile b/security/shibboleth-idp/Makefile index f2ac1111ad69..72fca3a32fa8 100644 --- a/security/shibboleth-idp/Makefile +++ b/security/shibboleth-idp/Makefile @@ -1,5 +1,5 @@ PORTNAME= shibboleth -PORTVERSION= 5.1.4 +PORTVERSION= 5.1.5 CATEGORIES= security www MASTER_SITES= http://shibboleth.net/downloads/identity-provider/${PORTVERSION}/ \ http://shibboleth.net/downloads/identity-provider/latest5/${PORTVERSION}/ \ @@ -30,7 +30,10 @@ NO_ARCH= yes NO_BUILD= yes LOGBACKVER= 1.5.6 -SHIBVER= 9.1.4 +SHIBVER= 9.1.5 +SPRINGVER1= 6.2.9 +SPRINGVER2= 3.0.1 +MMVER= 1.14.9 SHIBUSER= shibd SHIBGROUP= shibd LOGDIR= /var/log/${PORTNAME} @@ -44,7 +47,9 @@ SUB_LIST+= SHIBUSER=${SHIBUSER} SHIBGROUP=${SHIBGROUP} \ RUNDIR=${RUNDIR} LOGDIR=${LOGDIR} PLIST_SUB+= SHIBUSER=${SHIBUSER} SHIBGROUP=${SHIBGROUP} \ RUNDIR=${RUNDIR} LOGDIR=${LOGDIR} SHIBVER=${SHIBVER} \ - LOGBACKVER=${LOGBACKVER} PORTVERSION=${PORTVERSION} + SPRINGVER1=${SPRINGVER1} SPRINGVER2=${SPRINGVER2} \ + MMVER=${MMVER} LOGBACKVER=${LOGBACKVER} \ + PORTVERSION=${PORTVERSION} do-install: @${MKDIR} ${STAGEDIR}${DATADIR} ${STAGEDIR}${ETCDIR} diff --git a/security/shibboleth-idp/distinfo b/security/shibboleth-idp/distinfo index 3e9d2dd36d62..58901a444952 100644 --- a/security/shibboleth-idp/distinfo +++ b/security/shibboleth-idp/distinfo @@ -1,6 +1,6 @@ -TIMESTAMP = 1750430454 -SHA256 (shibboleth-identity-provider-5.1.4.tar.gz) = 824e9e151cf003e05e3f8855ec21cacba24de070454ef3da2da813fe13cc96eb -SIZE (shibboleth-identity-provider-5.1.4.tar.gz) = 44358580 +TIMESTAMP = 1755099081 +SHA256 (shibboleth-identity-provider-5.1.5.tar.gz) = 618b8cb5c3bc4921822f4e86b9cfdea538c50b925d5d3efd050152272559c150 +SIZE (shibboleth-identity-provider-5.1.5.tar.gz) = 44718961 SHA256 (logback-classic-1.5.6.jar) = 6115c6cac5ed1d9db810d14f2f7f4dd6a9f21f0acbba8016e4daaca2ba0f5eb8 SIZE (logback-classic-1.5.6.jar) = 293697 SHA256 (logback-core-1.5.6.jar) = 898c7d120199f37e1acc8118d97ab15a4d02b0e72e27ba9f05843cb374e160c6 diff --git a/security/shibboleth-idp/pkg-plist b/security/shibboleth-idp/pkg-plist index 67791f4737be..b826f3e66a45 100644 --- a/security/shibboleth-idp/pkg-plist +++ b/security/shibboleth-idp/pkg-plist @@ -83,8 +83,8 @@ sbin/shibboleth-idp.sh %%DATADIR%%/webapp/WEB-INF/lib/metrics-core-4.2.26.jar %%DATADIR%%/webapp/WEB-INF/lib/metrics-json-4.2.26.jar %%DATADIR%%/webapp/WEB-INF/lib/metrics-jvm-4.2.26.jar -%%DATADIR%%/webapp/WEB-INF/lib/micrometer-commons-1.12.12.jar -%%DATADIR%%/webapp/WEB-INF/lib/micrometer-observation-1.12.12.jar +%%DATADIR%%/webapp/WEB-INF/lib/micrometer-commons-%%MMVER%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/micrometer-observation-%%MMVER%%.jar %%DATADIR%%/webapp/WEB-INF/lib/netty-buffer-4.1.108.Final.jar %%DATADIR%%/webapp/WEB-INF/lib/netty-codec-4.1.108.Final.jar %%DATADIR%%/webapp/WEB-INF/lib/netty-common-4.1.108.Final.jar @@ -141,16 +141,16 @@ sbin/shibboleth-idp.sh %%DATADIR%%/webapp/WEB-INF/lib/shib-velocity-%%SHIBVER%%.jar %%DATADIR%%/webapp/WEB-INF/lib/shib-velocity-spring-%%SHIBVER%%.jar %%DATADIR%%/webapp/WEB-INF/lib/slf4j-api-2.0.13.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-aop-6.1.18.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-beans-6.1.18.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-binding-3.0.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-context-6.1.18.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-core-6.1.18.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-expression-6.1.18.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-jcl-6.1.18.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-web-6.1.18.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-webflow-3.0.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-webmvc-6.1.18.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-aop-%%SPRINGVER1%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-beans-%%SPRINGVER1%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-binding-%%SPRINGVER2%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-context-%%SPRINGVER1%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-core-%%SPRINGVER1%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-expression-%%SPRINGVER1%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-jcl-%%SPRINGVER1%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-web-%%SPRINGVER1%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-webflow-%%SPRINGVER2%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-webmvc-%%SPRINGVER1%%.jar %%DATADIR%%/webapp/WEB-INF/lib/spymemcached-2.12.3.jar %%DATADIR%%/webapp/WEB-INF/lib/velocity-engine-core-2.3.jar %%DATADIR%%/webapp/WEB-INF/lib/xmlsec-3.0.5.jar diff --git a/security/snort3/Makefile b/security/snort3/Makefile index a8aa50e7c196..8a7d723304fe 100644 --- a/security/snort3/Makefile +++ b/security/snort3/Makefile @@ -1,5 +1,5 @@ PORTNAME= snort -DISTVERSION= 3.9.2.0 +DISTVERSION= 3.9.3.0 PORTEPOCH= 1 CATEGORIES= security PKGNAMESUFFIX= 3 diff --git a/security/snort3/distinfo b/security/snort3/distinfo index b0b61e634faf..5149faaa6b94 100644 --- a/security/snort3/distinfo +++ b/security/snort3/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1753181972 -SHA256 (snort3-snort3-3.9.2.0_GH0.tar.gz) = edf0aa5e72d673702bca161e235b7b8f8c3e5a49b81e8ddf2ea7e10736ab0cdd -SIZE (snort3-snort3-3.9.2.0_GH0.tar.gz) = 3507676 +TIMESTAMP = 1754971093 +SHA256 (snort3-snort3-3.9.3.0_GH0.tar.gz) = c7c2f7488b1a9ec5b60b9706fc3f2f3f9c0e1eb57f384e077676c452570468cf +SIZE (snort3-snort3-3.9.3.0_GH0.tar.gz) = 3521227 diff --git a/security/softether-devel/files/patch-increase-nat-sessions b/security/softether-devel/files/patch-increase-nat-sessions index d4113bd6d54a..bf68cc98424b 100644 --- a/security/softether-devel/files/patch-increase-nat-sessions +++ b/security/softether-devel/files/patch-increase-nat-sessions @@ -1,3 +1,5 @@ +# Copyright (c) 2019, Koichiro Iwao <meta@FreeBSD.org> (https://github.com/metalefty) +# SPDX-License-Identifier: Apache-2.0 --- src/Cedar/Cedar.h.orig2 2020-07-25 22:58:57.344813000 +0900 +++ src/Cedar/Cedar.h 2020-07-25 23:00:25.740997000 +0900 @@ -208,7 +208,7 @@ diff --git a/security/softether-devel/files/patch-log-db-pid-dir b/security/softether-devel/files/patch-log-db-pid-dir index 8538d16572b0..b3486d46c9a7 100644 --- a/security/softether-devel/files/patch-log-db-pid-dir +++ b/security/softether-devel/files/patch-log-db-pid-dir @@ -1,3 +1,5 @@ +# Copyright (c) 2019, Koichiro Iwao <meta@FreeBSD.org> (https://github.com/metalefty) +# SPDX-License-Identifier: Apache-2.0 --- src/Cedar/Admin.c.orig 2019-09-18 01:40:24 UTC +++ src/Cedar/Admin.c @@ -11482,7 +11482,7 @@ void SiReadLocalLogFile(SERVER *s, char *filepath, UIN diff --git a/security/softether-devel/files/patch-unrestrict-enterprise-functions b/security/softether-devel/files/patch-unrestrict-enterprise-functions index 72ab925376c1..382e914446ee 100644 --- a/security/softether-devel/files/patch-unrestrict-enterprise-functions +++ b/security/softether-devel/files/patch-unrestrict-enterprise-functions @@ -1,3 +1,5 @@ +# Copyright (c) 2019, Koichiro Iwao <meta@FreeBSD.org> (https://github.com/metalefty) +# SPDX-License-Identifier: Apache-2.0 --- src/Cedar/Server.c.orig 2016-04-24 14:49:31 UTC +++ src/Cedar/Server.c @@ -10822,23 +10822,7 @@ bool SiCheckCurrentRegion(CEDAR *c, char diff --git a/security/softether-devel/files/vpncmd.in b/security/softether-devel/files/vpncmd.in index 28216eaec721..d0f97f1b3bea 100644 --- a/security/softether-devel/files/vpncmd.in +++ b/security/softether-devel/files/vpncmd.in @@ -1,6 +1,6 @@ #!/bin/sh # # wrapper script for vpncmd, the configuration binary for -# SoftEther vpn +# SoftEther VPN # %%PREFIX%%/libexec/softether/vpncmd ${1+"$@"} diff --git a/security/softether/files/patch-increase-nat-sessions b/security/softether/files/patch-increase-nat-sessions index d4113bd6d54a..bf68cc98424b 100644 --- a/security/softether/files/patch-increase-nat-sessions +++ b/security/softether/files/patch-increase-nat-sessions @@ -1,3 +1,5 @@ +# Copyright (c) 2019, Koichiro Iwao <meta@FreeBSD.org> (https://github.com/metalefty) +# SPDX-License-Identifier: Apache-2.0 --- src/Cedar/Cedar.h.orig2 2020-07-25 22:58:57.344813000 +0900 +++ src/Cedar/Cedar.h 2020-07-25 23:00:25.740997000 +0900 @@ -208,7 +208,7 @@ diff --git a/security/softether/files/patch-log-db-pid-dir b/security/softether/files/patch-log-db-pid-dir index 8538d16572b0..b3486d46c9a7 100644 --- a/security/softether/files/patch-log-db-pid-dir +++ b/security/softether/files/patch-log-db-pid-dir @@ -1,3 +1,5 @@ +# Copyright (c) 2019, Koichiro Iwao <meta@FreeBSD.org> (https://github.com/metalefty) +# SPDX-License-Identifier: Apache-2.0 --- src/Cedar/Admin.c.orig 2019-09-18 01:40:24 UTC +++ src/Cedar/Admin.c @@ -11482,7 +11482,7 @@ void SiReadLocalLogFile(SERVER *s, char *filepath, UIN diff --git a/security/softether/files/patch-unrestrict-enterprise-functions b/security/softether/files/patch-unrestrict-enterprise-functions index 72ab925376c1..382e914446ee 100644 --- a/security/softether/files/patch-unrestrict-enterprise-functions +++ b/security/softether/files/patch-unrestrict-enterprise-functions @@ -1,3 +1,5 @@ +# Copyright (c) 2019, Koichiro Iwao <meta@FreeBSD.org> (https://github.com/metalefty) +# SPDX-License-Identifier: Apache-2.0 --- src/Cedar/Server.c.orig 2016-04-24 14:49:31 UTC +++ src/Cedar/Server.c @@ -10822,23 +10822,7 @@ bool SiCheckCurrentRegion(CEDAR *c, char diff --git a/security/softether/files/vpncmd.in b/security/softether/files/vpncmd.in index 28216eaec721..d0f97f1b3bea 100644 --- a/security/softether/files/vpncmd.in +++ b/security/softether/files/vpncmd.in @@ -1,6 +1,6 @@ #!/bin/sh # # wrapper script for vpncmd, the configuration binary for -# SoftEther vpn +# SoftEther VPN # %%PREFIX%%/libexec/softether/vpncmd ${1+"$@"} diff --git a/security/sssd2/files/patch-src__external__pac_responder.m4 b/security/sssd2/files/patch-src__external__pac_responder.m4 new file mode 100644 index 000000000000..d52e249e7ab0 --- /dev/null +++ b/security/sssd2/files/patch-src__external__pac_responder.m4 @@ -0,0 +1,12 @@ +--- src/external/pac_responder.m4.orig 2025-08-08 04:17:31.487369000 +0200 ++++ src/external/pac_responder.m4 2025-08-08 04:17:52.437575000 +0200 +@@ -23,7 +23,8 @@ + Kerberos\ 5\ release\ 1.18* | \ + Kerberos\ 5\ release\ 1.19* | \ + Kerberos\ 5\ release\ 1.20* | \ +- Kerberos\ 5\ release\ 1.21*) ++ Kerberos\ 5\ release\ 1.21* | \ ++ Kerberos\ 5\ release\ 1.22*) + krb5_version_ok=yes + AC_MSG_RESULT([yes]) + ;; diff --git a/security/starttls/Makefile b/security/starttls/Makefile index c1470d82216e..b355d3417036 100644 --- a/security/starttls/Makefile +++ b/security/starttls/Makefile @@ -1,6 +1,6 @@ PORTNAME= starttls PORTVERSION= 0.10 -PORTREVISION= 35 +PORTREVISION= 36 CATEGORIES= security MASTER_SITES= ftp://ftp.opaopa.org/pub/elisp/ PKGNAMESUFFIX= ${EMACS_PKGNAMESUFFIX} diff --git a/security/tailscale/Makefile b/security/tailscale/Makefile index 255e7129c1c3..0673446306c3 100644 --- a/security/tailscale/Makefile +++ b/security/tailscale/Makefile @@ -1,7 +1,6 @@ PORTNAME= tailscale -PORTVERSION= 1.86.2 +PORTVERSION= 1.86.4 DISTVERSIONPREFIX= v -PORTREVISION= 1 CATEGORIES= security net-vpn MAINTAINER= ashish@FreeBSD.org diff --git a/security/tailscale/distinfo b/security/tailscale/distinfo index 4acab039eac9..08daa50120f4 100644 --- a/security/tailscale/distinfo +++ b/security/tailscale/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1753900486 -SHA256 (go/security_tailscale/tailscale-v1.86.2/v1.86.2.mod) = ad5983e44eecba029c80a179d58e6cfa074ea5508ce0f4c3cceffd1c67e4c9f5 -SIZE (go/security_tailscale/tailscale-v1.86.2/v1.86.2.mod) = 20667 -SHA256 (go/security_tailscale/tailscale-v1.86.2/v1.86.2.zip) = 8d450f7fec66f90dd46dd38ac3e82bd34cd9d390df2f0b2371626535a793ce54 -SIZE (go/security_tailscale/tailscale-v1.86.2/v1.86.2.zip) = 5178300 +TIMESTAMP = 1755178462 +SHA256 (go/security_tailscale/tailscale-v1.86.4/v1.86.4.mod) = ad5983e44eecba029c80a179d58e6cfa074ea5508ce0f4c3cceffd1c67e4c9f5 +SIZE (go/security_tailscale/tailscale-v1.86.4/v1.86.4.mod) = 20667 +SHA256 (go/security_tailscale/tailscale-v1.86.4/v1.86.4.zip) = 157f4bfb56c489ff46b9afabbd3234e6a2a6bfeff7ed51802c8154c41d2d81a2 +SIZE (go/security_tailscale/tailscale-v1.86.4/v1.86.4.zip) = 5178809 diff --git a/security/vault/Makefile b/security/vault/Makefile index ee72a2eeae66..590a93f11d40 100644 --- a/security/vault/Makefile +++ b/security/vault/Makefile @@ -1,7 +1,6 @@ PORTNAME= vault DISTVERSIONPREFIX= v -DISTVERSION= 1.20.1 -PORTREVISION= 1 +DISTVERSION= 1.20.2 CATEGORIES= security MASTER_SITES= https://raw.githubusercontent.com/hashicorp/vault/${DISTVERSIONFULL}/ \ LOCAL/bofh/security/${PORTNAME}/:web_ui @@ -47,7 +46,7 @@ GROUPS= vault PLIST_FILES= bin/${PORTNAME} -GITID= b403b1a27c8db6038ffefb296d7be0962e08039d +GITID= 824d12909d5b596ddd3f34d9c8f169b4f9701a0c .include <bsd.port.pre.mk> @@ -60,7 +59,7 @@ post-patch: ${CP} -Rf ${WRKDIR}/web_ui ${WRKSRC}/http/ .if defined(MAINTAINER_MODE) -_make-web_ui: extract +_make-web_ui: clean extract cd ${WRKSRC}/ui && ${SETENV} ${MAKE_ENV} yarn cd ${WRKSRC}/ui && ${SETENV} ${MAKE_ENV} npm rebuild node-sass cd ${WRKSRC}/ui && ${SETENV} ${MAKE_ENV} yarn run build diff --git a/security/vault/distinfo b/security/vault/distinfo index 4c4993013a29..c17babae63fa 100644 --- a/security/vault/distinfo +++ b/security/vault/distinfo @@ -1,17 +1,17 @@ -TIMESTAMP = 1753447248 -SHA256 (go/security_vault/hashicorp-vault-v1.20.1_GH0/go.mod) = c8f1b608608d7aa2d2d00b12f70708f660e2bccc3c42bfbafeac735f16182958 -SIZE (go/security_vault/hashicorp-vault-v1.20.1_GH0/go.mod) = 30389 -SHA256 (go/security_vault/hashicorp-vault-v1.20.1_GH0/api/go.mod) = c0d25838a7b72c0a5450c0c346e22eea9d24074c637f99e13941fd74980330e5 -SIZE (go/security_vault/hashicorp-vault-v1.20.1_GH0/api/go.mod) = 1659 -SHA256 (go/security_vault/hashicorp-vault-v1.20.1_GH0/api/auth/approle/go.mod) = 94d14c8d7b0e143e5cda121829d639935bcd5bab9cc4961ca4ac432ec675a5b9 -SIZE (go/security_vault/hashicorp-vault-v1.20.1_GH0/api/auth/approle/go.mod) = 1065 -SHA256 (go/security_vault/hashicorp-vault-v1.20.1_GH0/api/auth/kubernetes/go.mod) = bb4af50f74cdf95fd886651b1911dff90e118c62270497102ce144f5c76c9b1d -SIZE (go/security_vault/hashicorp-vault-v1.20.1_GH0/api/auth/kubernetes/go.mod) = 1068 -SHA256 (go/security_vault/hashicorp-vault-v1.20.1_GH0/api/auth/userpass/go.mod) = e92fff72dd8294c27b29ba8fc653d28edf322d8f59d98258ea87691dd5777b56 -SIZE (go/security_vault/hashicorp-vault-v1.20.1_GH0/api/auth/userpass/go.mod) = 1066 -SHA256 (go/security_vault/hashicorp-vault-v1.20.1_GH0/sdk/go.mod) = a3da120c91c4a0a9a2ad7e2fac36034da35a1527668359a6c9f19800aa88f2f1 -SIZE (go/security_vault/hashicorp-vault-v1.20.1_GH0/sdk/go.mod) = 6759 -SHA256 (go/security_vault/hashicorp-vault-v1.20.1_GH0/vault-web_ui-1.20.1.tar.gz) = e1d18425e75765ec86e969dfa48a96b00efe6b49d5e645efc728bb53118ca02d -SIZE (go/security_vault/hashicorp-vault-v1.20.1_GH0/vault-web_ui-1.20.1.tar.gz) = 3586905 -SHA256 (go/security_vault/hashicorp-vault-v1.20.1_GH0/hashicorp-vault-v1.20.1_GH0.tar.gz) = 48b2accd96118c0c239019d7c6017cddebc7ef80ef1f8191d4836865e395302b -SIZE (go/security_vault/hashicorp-vault-v1.20.1_GH0/hashicorp-vault-v1.20.1_GH0.tar.gz) = 41636436 +TIMESTAMP = 1754685277 +SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/go.mod) = cd83bd31fc0bfb55d172ae8fc8f8bc3930bc52602a5b73b2cccbf5428e144241 +SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/go.mod) = 30390 +SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/go.mod) = c0d25838a7b72c0a5450c0c346e22eea9d24074c637f99e13941fd74980330e5 +SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/go.mod) = 1659 +SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/approle/go.mod) = 94d14c8d7b0e143e5cda121829d639935bcd5bab9cc4961ca4ac432ec675a5b9 +SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/approle/go.mod) = 1065 +SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/kubernetes/go.mod) = bb4af50f74cdf95fd886651b1911dff90e118c62270497102ce144f5c76c9b1d +SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/kubernetes/go.mod) = 1068 +SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/userpass/go.mod) = e92fff72dd8294c27b29ba8fc653d28edf322d8f59d98258ea87691dd5777b56 +SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/api/auth/userpass/go.mod) = 1066 +SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/sdk/go.mod) = a3da120c91c4a0a9a2ad7e2fac36034da35a1527668359a6c9f19800aa88f2f1 +SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/sdk/go.mod) = 6759 +SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/vault-web_ui-1.20.2.tar.gz) = 5d6a244ae81312a78c847abeec525a01cfe92fdf2f7df6d812a884f14561cc96 +SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/vault-web_ui-1.20.2.tar.gz) = 3584329 +SHA256 (go/security_vault/hashicorp-vault-v1.20.2_GH0/hashicorp-vault-v1.20.2_GH0.tar.gz) = cff7c65f4cfdebbf2a419e77debe5dda1abd93d48f673e8bbbd4c5e5161233e2 +SIZE (go/security_vault/hashicorp-vault-v1.20.2_GH0/hashicorp-vault-v1.20.2_GH0.tar.gz) = 41645004 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 0a4aaff0759b..1572fa6cd69e 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,347 @@ + <vuln vid="eb03714d-79f0-11f0-b4c1-ac5afc632ba3"> + <topic>nginx -- worker process memory disclosure</topic> + <affects> + <package> + <name>nginx-devel</name> + <range><lt>1.29.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>F5 reports:</p> + <blockquote cite="https://my.f5.com/manage/s/article/K000152786"> + <p>NGINX Open Source and NGINX Plus have a vulnerability in the + ngx_mail_smtp_module that might allow an unauthenticated attacker to + over-read NGINX SMTP authentication process memory; as a result, the + server side may leak arbitrary bytes sent in a request to the + authentication server. This issue happens during the NGINX SMTP + authentication process and requires the attacker to make preparations + against the target system to extract the leaked data. The issue + affects NGINX only if (1) it is built with the ngx_mail_smtp_module, + (2) the smtp_auth directive is configured with method "none," + and (3) the authentication server returns the "Auth-Wait" response + header.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-53859</cvename> + <url>https://www.cve.org/CVERecord?id=CVE-2025-53859</url> + </references> + <dates> + <discovery>2025-08-13</discovery> + <entry>2025-08-15</entry> + </dates> + </vuln> + + <vuln vid="a60e73e0-7942-11f0-b3f7-a8a1599412c6"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>139.0.7258.127</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>139.0.7258.127</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html"> + <p>This update includes 6 security fixes:</p> + <ul> + <li>[432035817] High CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous on 2025-07-15</li> + <li>[433533359] High CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n) on 2025-07-23</li> + <li>[435139154] High CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep on 2025-07-30</li> + <li>[433800617] Medium CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz on 2025-07-23</li> + <li>[435623339] Medium CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq on 2025-08-01</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8579</cvename> + <cvename>CVE-2025-8580</cvename> + <cvename>CVE-2025-8901</cvename> + <cvename>CVE-2025-8881</cvename> + <cvename>CVE-2025-8882</cvename> + <url>https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html</url> + </references> + <dates> + <discovery>2025-08-12</discovery> + <entry>2025-08-14</entry> + </dates> + </vuln> + + <vuln vid="fc048b51-7909-11f0-90a2-6cc21735f730"> + <topic>PostgreSQL -- vulnerabilities</topic> + <affects> + <package> + <name>postgresql17-server</name> + <range><lt>17.6</lt></range> + </package> + <package> + <name>postgresql16-server</name> + <range><lt>16.10</lt></range> + </package> + <package> + <name>postgresql15-server</name> + <range><lt>14.14</lt></range> + </package> + <package> + <name>postgresql14-server</name> + <range><lt>14.19</lt></range> + </package> + <package> + <name>postgresql13-server</name> + <range><lt>13.22</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>PostgreSQL project reports:</p> + <blockquote cite="https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/"> + <p>Tighten security checks in planner estimation functions.</p> + <p>Prevent pg_dump scripts from being used to attack the user running the restore.</p> + <p>Convert newlines to spaces in names included in comments in pg_dump output.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8713</cvename> + <cvename>CVE-2025-8714</cvename> + <cvename>CVE-2025-8715</cvename> + <url>https://www.postgresql.org/about/news/postgresql-176-1610-1514-1419-1322-and-18-beta-3-released-3118/</url> + </references> + <dates> + <discovery>2025-08-11</discovery> + <entry>2025-08-14</entry> + </dates> + </vuln> + + <vuln vid="7bfe6f39-78be-11f0-9d03-2cf05da270f3"> + <topic>Gitlab -- vulnerabilities</topic> + <affects> + <package> + <name>gitlab-ce</name> + <name>gitlab-ee</name> + <range><ge>18.2.0</ge><lt>18.2.2</lt></range> + <range><ge>18.1.0</ge><lt>18.1.4</lt></range> + <range><ge>8.14.0</ge><lt>18.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gitlab reports:</p> + <blockquote cite="https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/"> + <p>Cross-site scripting issue in blob viewer impacts GitLab CE/EE</p> + <p>Cross-site scripting issue in labels impacts GitLab CE/EE</p> + <p>Cross-site scripting issue in Workitem impacts GitLab CE/EE</p> + <p>Improper Handling of Permissions issue in project API impacts GitLab CE/EE</p> + <p>Incorrect Privilege Assignment issue in delete issues operation impacts GitLab CE/EE</p> + <p>Allocation of Resources Without Limits issue in release name creation impacts GitLab CE/EE</p> + <p>Incorrect Authorization issue in jobs API impacts GitLab CE/EE</p> + <p>Authorization issue in Merge request approval policy impacts GitLab EE</p> + <p>Inefficient Regular Expression Complexity issue in wiki impacts GitLab CE/EE</p> + <p>Allocation of Resources Without Limits issue in Mattermost integration impacts GitLab CE/EE</p> + <p>Incorrect Permission Assignment issue in ID token impacts GitLab CE/EE</p> + <p>Insufficient Access Control issue in IP Restriction impacts GitLab EE</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-7734</cvename> + <cvename>CVE-2025-7739</cvename> + <cvename>CVE-2025-6186</cvename> + <cvename>CVE-2025-8094</cvename> + <cvename>CVE-2024-12303</cvename> + <cvename>CVE-2025-2614</cvename> + <cvename>CVE-2024-10219</cvename> + <cvename>CVE-2025-8770</cvename> + <cvename>CVE-2025-2937</cvename> + <cvename>CVE-2025-1477</cvename> + <cvename>CVE-2025-5819</cvename> + <cvename>CVE-2025-2498</cvename> + <url>https://about.gitlab.com/releases/2025/08/13/patch-release-gitlab-18-2-2-released/</url> + </references> + <dates> + <discovery>2025-08-13</discovery> + <entry>2025-08-14</entry> + </dates> + </vuln> + + <vuln vid="e2d49973-785a-11f0-a1c0-0050569f0b83"> + <topic>www/varnish7 -- Denial of Service in HTTP/2</topic> + <affects> + <package> + <name>varnish7</name> + <range><lt>7.7.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Varnish Development Team reports:</p> + <blockquote cite="https://varnish-cache.org/security/VSV00017.html#vsv00017"> + <p>A denial of service attack can be performed on Varnish Cache servers + that have the HTTP/2 protocol turned on. An attacker can create a + large number of streams and immediately reset them without ever + reaching the maximum number of concurrent streams allowed for the + session, causing the Varnish server to consume unnecessary + resources processing requests for which the response will not be + delivered.</p> + <p>This attack is a variant of the HTTP/2 Rapid Reset Attack, which was + partially handled as VSV00013.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8671</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-8671</url> + </references> + <dates> + <discovery>2025-08-13</discovery> + <entry>2025-08-13</entry> + </dates> + </vuln> + + <vuln vid="defe9a20-781e-11f0-97c4-40b034429ecf"> + <topic>p5-Authen-SASL -- Insecure source of randomness</topic> + <affects> + <package> + <name>p5-Authen-SASL</name> + <range><lt>2.1900</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>p5-Authen-SASL project reports:</p> + <blockquote cite="https://github.com/advisories/GHSA-496q-8ph2-c4fj"> + <p>Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely.</p> + <p>The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. + The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. + The built-in rand function is unsuitable for cryptographic usage.</p> + <p>According to RFC 2831, The cnonce-value is an opaque quoted string value provided by the client and used by both client and server + to avoid chosen plaintext attacks, and to provide mutual authentication. The security of the implementation depends on a good choice. + It is RECOMMENDED that it contain at least 64 bits of entropy.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-40918</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-40918</url> + </references> + <dates> + <discovery>2025-07-16</discovery> + <entry>2025-08-13</entry> + </dates> + </vuln> + + <vuln vid="15fd1321-768a-11f0-b3f7-a8a1599412c6"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>139.0.7258.66</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>139.0.7258.66</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html"> + <p>This update includes 12 security fixes:</p> + <ul> + <li>[414760982] Medium CVE-2025-8576: Use after free in Extensions. Reported by asnine on 2025-04-30</li> + <li>[384050903] Medium CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq on 2024-12-14</li> + <li>[423387026] Medium CVE-2025-8578: Use after free in Cast. Reported by Fayez on 2025-06-09</li> + <li>[407791462] Low CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz on 2025-04-02</li> + <li>[411544197] Low CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu on 2025-04-18</li> + <li>[416942878] Low CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea on 2025-05-11</li> + <li>[40089450] Low CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous on 2017-10-31</li> + <li>[373794472] Low CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim on 2024-10-16</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-8576</cvename> + <cvename>CVE-2025-8577</cvename> + <cvename>CVE-2025-8578</cvename> + <cvename>CVE-2025-8579</cvename> + <cvename>CVE-2025-8580</cvename> + <cvename>CVE-2025-8581</cvename> + <cvename>CVE-2025-8582</cvename> + <cvename>CVE-2025-8583</cvename> + <url>https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html</url> + </references> + <dates> + <discovery>2025-08-05</discovery> + <entry>2025-08-11</entry> + </dates> + </vuln> + + <vuln vid="fb08d146-752a-11f0-952c-8447094a420f"> + <topic>Apache httpd -- evaluation always true</topic> + <affects> + <package> + <name>apache24</name> + <range><ge>2.4.64</ge><lt>2.4.65</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Apache httpd project reports:</p> + <blockquote cite="https://downloads.apache.org/httpd/CHANGES_2.4.65"> + <p>'RewriteCond expr' always evaluates to true in 2.4.64.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-54090</cvename> + <url>https://downloads.apache.org/httpd/CHANGES_2.4.65</url> + </references> + <dates> + <discovery>2025-07-23</discovery> + <entry>2025-08-09</entry> + </dates> + </vuln> + + <vuln vid="66f35fd9-73f5-11f0-8e0e-002590c1f29c"> + <topic>FreeBSD -- Integer overflow in libarchive leading to double free</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>14.3</ge><lt>14.3_2</lt></range> + <range><ge>14.2</ge><lt>14.2_5</lt></range> + <range><ge>13.5</ge><lt>13.5_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>An integer overflow in the archive_read_format_rar_seek_data() + function may lead to a double free problem.</p> + <h1>Impact:</h1> + <p>Exploiting a double free vulnerability can cause memory corruption. + This in turn could enable a threat actor to execute arbitrary code. + It might also result in denial of service.</p> + </body> + </description> + <references> + <cvename>CVE-2025-5914</cvename> + <freebsdsa>SA-25:07.libarchive</freebsdsa> + </references> + <dates> + <discovery>2025-08-08</discovery> + <entry>2025-08-08</entry> + </dates> + </vuln> + <vuln vid="b945ce3f-6f9b-11f0-bd96-b42e991fc52e"> <topic>sqlite -- integer overflow</topic> <affects> diff --git a/security/zeek/Makefile b/security/zeek/Makefile index e9a2bcc78a26..7910ab0c92a2 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,5 +1,5 @@ PORTNAME= zeek -DISTVERSION= 7.0.9 +DISTVERSION= 8.0.0 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ @@ -12,11 +12,12 @@ LICENSE= CC-BY-4.0 BUILD_DEPENDS= bison>=3.3:devel/bison \ flex>=2.6:textproc/flex \ swig>=4.0.2:devel/swig -LIB_DEPENDS= libcares.so:dns/c-ares +LIB_DEPENDS= libcares.so:dns/c-ares \ + libzmq.so:net/libzmq4 RUN_DEPENDS= c-ares>=1.25.0:dns/c-ares -USES= bison cmake compiler:c++17-lang cpe perl5 python \ - shebangfix ssl +USES= bison cmake compiler:c++17-lang cpe gettext-runtime perl5 \ + python shebangfix ssl USE_LDCONFIG= yes diff --git a/security/zeek/distinfo b/security/zeek/distinfo index 716e78e681b4..7421c6c5bdb1 100644 --- a/security/zeek/distinfo +++ b/security/zeek/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1753129322 -SHA256 (zeek-7.0.9.tar.gz) = bebec9a71242da250ef8476bfce632c43892995c247d8dfafcef80ce42f6adbc -SIZE (zeek-7.0.9.tar.gz) = 95973519 +TIMESTAMP = 1755544345 +SHA256 (zeek-8.0.0.tar.gz) = 385150bf06d6434a510c15b6643febe8599b3c2d7b5158fd2d1c302eeed9ae78 +SIZE (zeek-8.0.0.tar.gz) = 99581715 diff --git a/security/zeek/pkg-plist b/security/zeek/pkg-plist index 9305a9eda9d9..563ec915eb1f 100644 --- a/security/zeek/pkg-plist +++ b/security/zeek/pkg-plist @@ -65,10 +65,8 @@ include/broker/detail/monotonic_buffer_resource.hh include/broker/detail/native_socket.hh include/broker/detail/next_tick.hh include/broker/detail/opaque_type.hh -include/broker/detail/operators.hh include/broker/detail/overload.hh include/broker/detail/peer_status_map.hh -include/broker/detail/pp.hh include/broker/detail/prefix_matcher.hh include/broker/detail/promote.hh include/broker/detail/radix_tree.hh @@ -85,6 +83,8 @@ include/broker/entity_id.hh include/broker/enum_value.hh include/broker/envelope.hh include/broker/error.hh +include/broker/event.hh +include/broker/event_observer.hh include/broker/expected.hh include/broker/filter_type.hh include/broker/format/bin.hh @@ -92,13 +92,17 @@ include/broker/format/json.hh include/broker/format/txt.hh include/broker/frontend.hh include/broker/fwd.hh +include/broker/hub.hh +include/broker/hub_id.hh include/broker/internal_command.hh include/broker/intrusive_ptr.hh include/broker/lamport_timestamp.hh +include/broker/logger.hh include/broker/mailbox.hh include/broker/message.hh include/broker/network_info.hh include/broker/none.hh +include/broker/overflow_policy.hh include/broker/p2p_message_type.hh include/broker/peer_flags.hh include/broker/peer_info.hh @@ -111,7 +115,6 @@ include/broker/publisher_id.hh include/broker/routing_update_envelope.hh include/broker/shutdown_options.hh include/broker/snapshot.hh -include/broker/span.hh include/broker/status.hh include/broker/status_subscriber.hh include/broker/store.hh @@ -189,8 +192,8 @@ include/broker/zeek.hh %%SPICY%%include/hilti/ast/expressions/assign.h %%SPICY%%include/hilti/ast/expressions/builtin-function.h %%SPICY%%include/hilti/ast/expressions/coerced.h +%%SPICY%%include/hilti/ast/expressions/condition-test.h %%SPICY%%include/hilti/ast/expressions/ctor.h -%%SPICY%%include/hilti/ast/expressions/deferred.h %%SPICY%%include/hilti/ast/expressions/grouping.h %%SPICY%%include/hilti/ast/expressions/keyword.h %%SPICY%%include/hilti/ast/expressions/list-comprehension.h @@ -313,6 +316,7 @@ include/broker/zeek.hh %%SPICY%%include/hilti/autogen/config.h %%SPICY%%include/hilti/base/cache.h %%SPICY%%include/hilti/base/code-formatter.h +%%SPICY%%include/hilti/base/graph.h %%SPICY%%include/hilti/base/id-base.h %%SPICY%%include/hilti/base/intrusive-ptr.h %%SPICY%%include/hilti/base/logger.h @@ -324,6 +328,7 @@ include/broker/zeek.hh %%SPICY%%include/hilti/compiler/coercer.h %%SPICY%%include/hilti/compiler/context.h %%SPICY%%include/hilti/compiler/detail/ast-dumper.h +%%SPICY%%include/hilti/compiler/detail/cfg.h %%SPICY%%include/hilti/compiler/detail/codegen/codegen.h %%SPICY%%include/hilti/compiler/detail/constant-folder.h %%SPICY%%include/hilti/compiler/detail/cxx/all.h @@ -347,14 +352,6 @@ include/broker/zeek.hh %%SPICY%%include/hilti/hilti.h %%SPICY%%include/hilti/rt/3rdparty/ArticleEnumClass-v2/EnumClass.h %%SPICY%%include/hilti/rt/3rdparty/SafeInt/SafeInt.hpp -%%SPICY%%include/hilti/rt/3rdparty/any/any.hpp -%%SPICY%%include/hilti/rt/3rdparty/any/test_shared_lib.hpp -%%SPICY%%include/hilti/rt/3rdparty/ghc/filesystem.hpp -%%SPICY%%include/hilti/rt/3rdparty/ghc/fs_fwd.hpp -%%SPICY%%include/hilti/rt/3rdparty/ghc/fs_impl.hpp -%%SPICY%%include/hilti/rt/3rdparty/ghc/fs_std.hpp -%%SPICY%%include/hilti/rt/3rdparty/ghc/fs_std_fwd.hpp -%%SPICY%%include/hilti/rt/3rdparty/ghc/fs_std_impl.hpp %%SPICY%%include/hilti/rt/3rdparty/nlohmann/json.hpp %%SPICY%%include/hilti/rt/3rdparty/nlohmann/json_fwd.hpp %%SPICY%%include/hilti/rt/3rdparty/tinyformat/tinyformat.h @@ -367,7 +364,6 @@ include/broker/zeek.hh %%SPICY%%include/hilti/rt/configuration.h %%SPICY%%include/hilti/rt/context.h %%SPICY%%include/hilti/rt/debug-logger.h -%%SPICY%%include/hilti/rt/deferred-expression.h %%SPICY%%include/hilti/rt/doctest.h %%SPICY%%include/hilti/rt/exception.h %%SPICY%%include/hilti/rt/extension-points.h @@ -425,6 +421,7 @@ include/broker/zeek.hh %%SPICY%%include/hilti/rt/types/union.h %%SPICY%%include/hilti/rt/types/vector.h %%SPICY%%include/hilti/rt/types/vector_fwd.h +%%SPICY%%include/hilti/rt/unicode.h %%SPICY%%include/hilti/rt/unpack.h %%SPICY%%include/hilti/rt/util.h include/paraglob/exceptions.h @@ -432,6 +429,7 @@ include/paraglob/node.h include/paraglob/paraglob.h include/paraglob/serializer.h %%SPICY%%include/spicy/ast/all.h +%%SPICY%%include/spicy/ast/attribute.h %%SPICY%%include/spicy/ast/builder/builder.h %%SPICY%%include/spicy/ast/builder/node-factory.h %%SPICY%%include/spicy/ast/ctors/all.h @@ -454,6 +452,7 @@ include/paraglob/serializer.h %%SPICY%%include/spicy/ast/types/sink.h %%SPICY%%include/spicy/ast/types/unit-item.h %%SPICY%%include/spicy/ast/types/unit-items/all.h +%%SPICY%%include/spicy/ast/types/unit-items/block.h %%SPICY%%include/spicy/ast/types/unit-items/field.h %%SPICY%%include/spicy/ast/types/unit-items/property.h %%SPICY%%include/spicy/ast/types/unit-items/sink.h @@ -471,7 +470,7 @@ include/paraglob/serializer.h %%SPICY%%include/spicy/compiler/detail/codegen/parser-builder.h %%SPICY%%include/spicy/compiler/detail/codegen/production.h %%SPICY%%include/spicy/compiler/detail/codegen/productions/all.h -%%SPICY%%include/spicy/compiler/detail/codegen/productions/boolean.h +%%SPICY%%include/spicy/compiler/detail/codegen/productions/block.h %%SPICY%%include/spicy/compiler/detail/codegen/productions/counter.h %%SPICY%%include/spicy/compiler/detail/codegen/productions/ctor.h %%SPICY%%include/spicy/compiler/detail/codegen/productions/deferred.h @@ -524,13 +523,8 @@ include/paraglob/serializer.h include/zeek/3rdparty/ConvertUTF.h include/zeek/3rdparty/bsd-getopt-long.h include/zeek/3rdparty/doctest.h -include/zeek/3rdparty/ghc/filesystem.hpp -include/zeek/3rdparty/ghc/fs_fwd.hpp -include/zeek/3rdparty/ghc/fs_impl.hpp -include/zeek/3rdparty/ghc/fs_std.hpp -include/zeek/3rdparty/ghc/fs_std_fwd.hpp -include/zeek/3rdparty/ghc/fs_std_impl.hpp include/zeek/3rdparty/modp_numtoa.h +include/zeek/3rdparty/nonstd/expected.hpp include/zeek/3rdparty/patricia.h include/zeek/3rdparty/prometheus-cpp/include/prometheus/check_names.h include/zeek/3rdparty/prometheus-cpp/include/prometheus/client_metric.h @@ -553,44 +547,6 @@ include/zeek/3rdparty/prometheus-cpp/include/prometheus/registry.h include/zeek/3rdparty/prometheus-cpp/include/prometheus/serializer.h include/zeek/3rdparty/prometheus-cpp/include/prometheus/summary.h include/zeek/3rdparty/prometheus-cpp/include/prometheus/text_serializer.h -include/zeek/3rdparty/rapidjson/include/rapidjson/allocators.h -include/zeek/3rdparty/rapidjson/include/rapidjson/cursorstreamwrapper.h -include/zeek/3rdparty/rapidjson/include/rapidjson/document.h -include/zeek/3rdparty/rapidjson/include/rapidjson/encodedstream.h -include/zeek/3rdparty/rapidjson/include/rapidjson/encodings.h -include/zeek/3rdparty/rapidjson/include/rapidjson/error/en.h -include/zeek/3rdparty/rapidjson/include/rapidjson/error/error.h -include/zeek/3rdparty/rapidjson/include/rapidjson/filereadstream.h -include/zeek/3rdparty/rapidjson/include/rapidjson/filewritestream.h -include/zeek/3rdparty/rapidjson/include/rapidjson/fwd.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/biginteger.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/clzll.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/diyfp.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/dtoa.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/ieee754.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/itoa.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/meta.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/pow10.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/regex.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/stack.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/strfunc.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/strtod.h -include/zeek/3rdparty/rapidjson/include/rapidjson/internal/swap.h -include/zeek/3rdparty/rapidjson/include/rapidjson/istreamwrapper.h -include/zeek/3rdparty/rapidjson/include/rapidjson/memorybuffer.h -include/zeek/3rdparty/rapidjson/include/rapidjson/memorystream.h -include/zeek/3rdparty/rapidjson/include/rapidjson/msinttypes/inttypes.h -include/zeek/3rdparty/rapidjson/include/rapidjson/msinttypes/stdint.h -include/zeek/3rdparty/rapidjson/include/rapidjson/ostreamwrapper.h -include/zeek/3rdparty/rapidjson/include/rapidjson/pointer.h -include/zeek/3rdparty/rapidjson/include/rapidjson/prettywriter.h -include/zeek/3rdparty/rapidjson/include/rapidjson/rapidjson.h -include/zeek/3rdparty/rapidjson/include/rapidjson/reader.h -include/zeek/3rdparty/rapidjson/include/rapidjson/schema.h -include/zeek/3rdparty/rapidjson/include/rapidjson/stream.h -include/zeek/3rdparty/rapidjson/include/rapidjson/stringbuffer.h -include/zeek/3rdparty/rapidjson/include/rapidjson/uri.h -include/zeek/3rdparty/rapidjson/include/rapidjson/writer.h include/zeek/3rdparty/setsignal.h include/zeek/3rdparty/sqlite3.h include/zeek/3rdparty/zeek_inet_ntop.h @@ -602,6 +558,7 @@ include/zeek/CPP-load.bif.func_h include/zeek/CPP-load.bif.netvar_h include/zeek/CompHash.h include/zeek/Conn.h +include/zeek/ConnKey.h include/zeek/DFA.h include/zeek/DNS_Mapping.h include/zeek/DNS_Mgr.h @@ -972,6 +929,8 @@ include/zeek/analyzer/protocol/ssl/tls-handshake-protocol.pac include/zeek/analyzer/protocol/ssl/tls-handshake-signed_certificate_timestamp.pac include/zeek/analyzer/protocol/ssl/tls-handshake.pac include/zeek/analyzer/protocol/ssl/types.bif.h +include/zeek/analyzer/protocol/stream_event/StreamEvent.h +include/zeek/analyzer/protocol/stream_event/events.bif.h include/zeek/analyzer/protocol/syslog/legacy/Syslog.h include/zeek/analyzer/protocol/syslog/legacy/syslog-analyzer.pac include/zeek/analyzer/protocol/syslog/legacy/syslog-protocol.pac @@ -1004,13 +963,92 @@ include/zeek/binpac_zeek-lib.pac include/zeek/binpac_zeek.h include/zeek/broker/Data.h include/zeek/broker/Manager.h +include/zeek/broker/Plugin.h include/zeek/broker/Store.h +include/zeek/broker/WebSocketShim.h include/zeek/broker/comm.bif.h include/zeek/broker/data.bif.h include/zeek/broker/messaging.bif.h include/zeek/broker/store.bif.h +include/zeek/cluster/Backend.h +include/zeek/cluster/BifSupport.h +include/zeek/cluster/Component.h +include/zeek/cluster/Event.h +include/zeek/cluster/Manager.h +include/zeek/cluster/OnLoop.h +include/zeek/cluster/Serializer.h +include/zeek/cluster/Telemetry.h +include/zeek/cluster/backend/zeromq/Plugin.h +include/zeek/cluster/backend/zeromq/ZeroMQ-Proxy.h +include/zeek/cluster/backend/zeromq/ZeroMQ.h +include/zeek/cluster/backend/zeromq/cluster_backend_zeromq.bif.h +include/zeek/cluster/cluster.bif.h +include/zeek/cluster/serializer/binary-serialization-format/Plugin.h +include/zeek/cluster/serializer/binary-serialization-format/Serializer.h +include/zeek/cluster/serializer/broker/Plugin.h +include/zeek/cluster/serializer/broker/Serializer.h +include/zeek/cluster/websocket/Plugin.h +include/zeek/cluster/websocket/WebSocket.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXBase64.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXBench.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXCancellationRequest.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXConnectionState.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXDNSLookup.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXExponentialBackoff.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXGetFreePort.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXGzipCodec.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXHttp.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXHttpClient.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXHttpServer.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXNetSystem.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXProgressCallback.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSelectInterrupt.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSelectInterruptEvent.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSelectInterruptFactory.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSelectInterruptPipe.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSetThreadName.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSocket.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSocketAppleSSL.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSocketConnect.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSocketFactory.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSocketMbedTLS.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSocketOpenSSL.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSocketServer.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXSocketTLSOptions.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXStrCaseCompare.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXUdpSocket.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXUniquePtr.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXUrlParser.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXUserAgent.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXUtf8Validator.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXUuid.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocket.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketCloseConstants.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketCloseInfo.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketErrorInfo.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketHandshake.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketHandshakeKeyGen.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketHttpHeaders.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketInitResult.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketMessage.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketMessageType.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketOpenInfo.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketPerMessageDeflate.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketPerMessageDeflateCodec.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketPerMessageDeflateOptions.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketProxyServer.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketSendData.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketSendInfo.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketServer.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketTransport.h +include/zeek/cluster/websocket/auxil/IXWebSocket/ixwebsocket/IXWebSocketVersion.h +include/zeek/cluster/websocket/auxil/IXWebSocket/test/IXTest.h +include/zeek/cluster/websocket/events.bif.h include/zeek/communityid.bif.func_h include/zeek/communityid.bif.netvar_h +include/zeek/conn_key/Component.h +include/zeek/conn_key/Factory.h +include/zeek/conn_key/Manager.h include/zeek/const.bif.func_h include/zeek/const.bif.netvar_h include/zeek/digest.h @@ -1083,6 +1121,7 @@ include/zeek/iosource/pcap/Source.h include/zeek/iosource/pcap/pcap.bif.h include/zeek/logging/Component.h include/zeek/logging/Manager.h +include/zeek/logging/Types.h include/zeek/logging/WriterBackend.h include/zeek/logging/WriterFrontend.h include/zeek/logging/logging.bif.h @@ -1111,6 +1150,7 @@ include/zeek/packet_analysis/protocol/ethernet/Ethernet.h include/zeek/packet_analysis/protocol/fddi/FDDI.h include/zeek/packet_analysis/protocol/geneve/Geneve.h include/zeek/packet_analysis/protocol/geneve/events.bif.h +include/zeek/packet_analysis/protocol/geneve/functions.bif.h include/zeek/packet_analysis/protocol/gre/GRE.h include/zeek/packet_analysis/protocol/gtpv1/GTPv1.h include/zeek/packet_analysis/protocol/gtpv1/events.bif.h @@ -1126,6 +1166,9 @@ include/zeek/packet_analysis/protocol/ieee802_11_radio/IEEE802_11_Radio.h include/zeek/packet_analysis/protocol/ip/IP.h include/zeek/packet_analysis/protocol/ip/IPBasedAnalyzer.h include/zeek/packet_analysis/protocol/ip/SessionAdapter.h +include/zeek/packet_analysis/protocol/ip/conn_key/IPBasedConnKey.h +include/zeek/packet_analysis/protocol/ip/conn_key/fivetuple/Factory.h +include/zeek/packet_analysis/protocol/ip/conn_key/vlan_fivetuple/Factory.h include/zeek/packet_analysis/protocol/iptunnel/IPTunnel.h include/zeek/packet_analysis/protocol/linux_sll/LinuxSLL.h include/zeek/packet_analysis/protocol/linux_sll2/LinuxSLL2.h @@ -1138,6 +1181,7 @@ include/zeek/packet_analysis/protocol/pbb/PBB.h include/zeek/packet_analysis/protocol/ppp/PPP.h include/zeek/packet_analysis/protocol/ppp_serial/PPPSerial.h include/zeek/packet_analysis/protocol/pppoe/PPPoE.h +include/zeek/packet_analysis/protocol/pppoe/functions.bif.h include/zeek/packet_analysis/protocol/root/Root.h include/zeek/packet_analysis/protocol/skip/Skip.h include/zeek/packet_analysis/protocol/snap/SNAP.h @@ -1150,11 +1194,12 @@ include/zeek/packet_analysis/protocol/teredo/functions.bif.h include/zeek/packet_analysis/protocol/udp/UDP.h include/zeek/packet_analysis/protocol/udp/UDPSessionAdapter.h include/zeek/packet_analysis/protocol/udp/events.bif.h +include/zeek/packet_analysis/protocol/unknown_ip_transport/UnknownIPSessionAdapter.h +include/zeek/packet_analysis/protocol/unknown_ip_transport/UnknownIPTransport.h include/zeek/packet_analysis/protocol/vlan/VLAN.h include/zeek/packet_analysis/protocol/vntag/VNTag.h include/zeek/packet_analysis/protocol/vxlan/VXLAN.h include/zeek/packet_analysis/protocol/vxlan/events.bif.h -include/zeek/packet_analysis/protocol/wrapper/Wrapper.h include/zeek/plugin/Component.h include/zeek/plugin/ComponentManager.h include/zeek/plugin/Manager.h @@ -1170,17 +1215,28 @@ include/zeek/probabilistic/cardinality-counter.bif.h include/zeek/probabilistic/top-k.bif.h include/zeek/reporter.bif.func_h include/zeek/reporter.bif.netvar_h +include/zeek/script_opt/CPP/AttrExprType.h include/zeek/script_opt/CPP/Attrs.h include/zeek/script_opt/CPP/Compile.h +include/zeek/script_opt/CPP/Consts.h +include/zeek/script_opt/CPP/DeclFunc.h +include/zeek/script_opt/CPP/Driver.h +include/zeek/script_opt/CPP/Emit.h +include/zeek/script_opt/CPP/Exprs.h include/zeek/script_opt/CPP/Func.h +include/zeek/script_opt/CPP/GenFunc.h +include/zeek/script_opt/CPP/Inits.h include/zeek/script_opt/CPP/InitsInfo.h include/zeek/script_opt/CPP/Runtime.h include/zeek/script_opt/CPP/RuntimeInitSupport.h include/zeek/script_opt/CPP/RuntimeInits.h include/zeek/script_opt/CPP/RuntimeOps.h include/zeek/script_opt/CPP/RuntimeVec.h +include/zeek/script_opt/CPP/Stmts.h include/zeek/script_opt/CPP/Tracker.h +include/zeek/script_opt/CPP/Types.h include/zeek/script_opt/CPP/Util.h +include/zeek/script_opt/CPP/Vars.h include/zeek/script_opt/CSE.h include/zeek/script_opt/Expr.h include/zeek/script_opt/FuncInfo.h @@ -1195,15 +1251,24 @@ include/zeek/script_opt/StmtOptInfo.h include/zeek/script_opt/TempVar.h include/zeek/script_opt/UsageAnalyzer.h include/zeek/script_opt/UseDefs.h +include/zeek/script_opt/ZAM/AM-Opt.h +include/zeek/script_opt/ZAM/Branches.h include/zeek/script_opt/ZAM/BuiltIn.h include/zeek/script_opt/ZAM/BuiltInSupport.h include/zeek/script_opt/ZAM/Compile.h +include/zeek/script_opt/ZAM/Driver.h +include/zeek/script_opt/ZAM/Expr.h +include/zeek/script_opt/ZAM/Frame.h include/zeek/script_opt/ZAM/Inst-Gen.h include/zeek/script_opt/ZAM/IterInfo.h +include/zeek/script_opt/ZAM/Low-Level.h include/zeek/script_opt/ZAM/Profile.h +include/zeek/script_opt/ZAM/Stmt.h include/zeek/script_opt/ZAM/Support.h +include/zeek/script_opt/ZAM/Vars.h include/zeek/script_opt/ZAM/ZBody.h include/zeek/script_opt/ZAM/ZInst.h +include/zeek/script_opt/ZAM/ZInstAux.h include/zeek/script_opt/ZAM/ZOp.h include/zeek/session/Key.h include/zeek/session/Manager.h @@ -1222,6 +1287,18 @@ include/zeek/spicy/spicyz/glue-compiler.h include/zeek/spicy/spicyz/zeek-version.h include/zeek/stats.bif.func_h include/zeek/stats.bif.netvar_h +include/zeek/storage/Backend.h +include/zeek/storage/Component.h +include/zeek/storage/Manager.h +include/zeek/storage/ReturnCode.h +include/zeek/storage/Serializer.h +include/zeek/storage/backend/redis/Redis.h +include/zeek/storage/backend/sqlite/SQLite.h +include/zeek/storage/serializer/json/JSON.h +include/zeek/storage/storage-async.bif.h +include/zeek/storage/storage-events.bif.h +include/zeek/storage/storage-sync.bif.h +include/zeek/storage/storage.bif.h include/zeek/strings.bif.func_h include/zeek/strings.bif.netvar_h include/zeek/supervisor.bif.func_h @@ -1236,8 +1313,12 @@ include/zeek/telemetry/Opaques.h include/zeek/telemetry/ProcessStats.h include/zeek/telemetry/Timer.h include/zeek/telemetry/Utils.h -include/zeek/telemetry/consts.bif.h -include/zeek/telemetry/telemetry.bif.h +include/zeek/telemetry_consts.bif.func_h +include/zeek/telemetry_consts.bif.netvar_h +include/zeek/telemetry_functions.bif.func_h +include/zeek/telemetry_functions.bif.netvar_h +include/zeek/telemetry_types.bif.func_h +include/zeek/telemetry_types.bif.netvar_h include/zeek/threading/BasicThread.h include/zeek/threading/Formatter.h include/zeek/threading/Manager.h @@ -1248,6 +1329,7 @@ include/zeek/threading/formatters/Ascii.h include/zeek/threading/formatters/JSON.h include/zeek/types.bif.func_h include/zeek/types.bif.netvar_h +include/zeek/util-types.h include/zeek/util.h include/zeek/zeek-affinity.h include/zeek/zeek-bif.h @@ -1301,10 +1383,6 @@ lib/zeek/python/zeekclient/logs.py lib/zeek/python/zeekclient/ssl.py lib/zeek/python/zeekclient/types.py lib/zeek/python/zeekclient/utils.py -lib/zeek/python/zeekctl/BroControl/__init__.py -lib/zeek/python/zeekctl/BroControl/cmdresult.py -lib/zeek/python/zeekctl/BroControl/config.py -lib/zeek/python/zeekctl/BroControl/plugin.py lib/zeek/python/zeekctl/ZeekControl/__init__.py lib/zeek/python/zeekctl/ZeekControl/cmdresult.py lib/zeek/python/zeekctl/ZeekControl/config.py @@ -1329,6 +1407,9 @@ lib/zeek/python/zeekctl/ZeekControl/version.py lib/zeek/python/zeekctl/ZeekControl/zeekcmd.py lib/zeek/python/zeekctl/ZeekControl/zeekctl.py lib/zeek/python/zeekctl/plugins/TestPlugin.py +lib/zeek/python/zeekctl/plugins/cluster_backend_broker.py +lib/zeek/python/zeekctl/plugins/cluster_backend_check.py +lib/zeek/python/zeekctl/plugins/cluster_backend_zeromq.py lib/zeek/python/zeekctl/plugins/lb_custom.py lib/zeek/python/zeekctl/plugins/lb_myricom.py lib/zeek/python/zeekctl/plugins/lb_pf_ring.py @@ -1352,6 +1433,7 @@ share/btest/scripts/diff-clean-doctest share/btest/scripts/diff-remove-abspath share/btest/scripts/diff-remove-fields share/btest/scripts/diff-remove-file-ids +share/btest/scripts/diff-remove-first-timestamp share/btest/scripts/diff-remove-fractions share/btest/scripts/diff-remove-openclose-timestamps share/btest/scripts/diff-remove-spicy-abspath @@ -1362,7 +1444,6 @@ share/btest/scripts/diff-remove-x509-key-info share/btest/scripts/diff-remove-x509-names share/btest/scripts/diff-sort share/btest/scripts/diff-sort-and-remove-abspath -share/btest/scripts/diff-sort-conn-service share/btest/scripts/diff-sort-set-elements share/btest/scripts/spicy/diff-remove-abspath share/btest/scripts/spicy/diff-remove-timestamps @@ -1378,7 +1459,11 @@ share/man/man8/zeek.8.gz %%SPICY%%share/spicy/ldap/asn1.spicy %%SPICY%%share/spicy/ldap/ldap.spicy %%SPICY%%share/spicy/ldap/ldap_zeek.spicy +%%SPICY%%share/spicy/postgresql/postgresql.spicy +%%SPICY%%share/spicy/postgresql/postgresql_zeek.spicy %%SPICY%%share/spicy/quic/QUIC.spicy +%%SPICY%%share/spicy/redis/redis.spicy +%%SPICY%%share/spicy/redis/resp.spicy %%SPICY%%share/spicy/spicy-driver-host.cc %%SPICY%%share/spicy/spicy.spicy %%SPICY%%share/spicy/spicy_rt.hlt @@ -1389,10 +1474,10 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/bif/analyzer.bif.zeek %%DATADIR%%/base/bif/bloom-filter.bif.zeek %%DATADIR%%/base/bif/cardinality-counter.bif.zeek +%%DATADIR%%/base/bif/cluster.bif.zeek %%DATADIR%%/base/bif/comm.bif.zeek %%DATADIR%%/base/bif/communityid.bif.zeek %%DATADIR%%/base/bif/const.bif.zeek -%%DATADIR%%/base/bif/consts.bif.zeek %%DATADIR%%/base/bif/data.bif.zeek %%DATADIR%%/base/bif/event.bif.zeek %%DATADIR%%/base/bif/file_analysis.bif.zeek @@ -1409,6 +1494,8 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/bif/plugins/Zeek_BenchmarkReader.benchmark.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_BinaryReader.binary.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_BitTorrent.events.bif.zeek +%%DATADIR%%/base/bif/plugins/Zeek_Cluster_Backend_ZeroMQ.cluster_backend_zeromq.bif.zeek +%%DATADIR%%/base/bif/plugins/Zeek_Cluster_WebSocket.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_ConfigReader.config.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_ConnSize.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_ConnSize.functions.bif.zeek @@ -1430,6 +1517,7 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/bif/plugins/Zeek_GTPv1.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_GTPv1.functions.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_Geneve.events.bif.zeek +%%DATADIR%%/base/bif/plugins/Zeek_Geneve.functions.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_Gnutella.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_HTTP.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_HTTP.functions.bif.zeek @@ -1459,6 +1547,7 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/bif/plugins/Zeek_PE.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_POP3.consts.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_POP3.events.bif.zeek +%%DATADIR%%/base/bif/plugins/Zeek_PPPoE.functions.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_RADIUS.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_RDP.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_RDP.types.bif.zeek @@ -1513,6 +1602,7 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/bif/plugins/Zeek_SSL.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_SSL.functions.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_SSL.types.bif.zeek +%%DATADIR%%/base/bif/plugins/Zeek_StreamEvent.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_TCP.events.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_TCP.functions.bif.zeek %%DATADIR%%/base/bif/plugins/Zeek_TCP.types.bif.zeek @@ -1533,10 +1623,16 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/bif/reporter.bif.zeek %%DATADIR%%/base/bif/spicy.bif.zeek %%DATADIR%%/base/bif/stats.bif.zeek +%%DATADIR%%/base/bif/storage-async.bif.zeek +%%DATADIR%%/base/bif/storage-events.bif.zeek +%%DATADIR%%/base/bif/storage-sync.bif.zeek +%%DATADIR%%/base/bif/storage.bif.zeek %%DATADIR%%/base/bif/store.bif.zeek %%DATADIR%%/base/bif/strings.bif.zeek %%DATADIR%%/base/bif/supervisor.bif.zeek -%%DATADIR%%/base/bif/telemetry.bif.zeek +%%DATADIR%%/base/bif/telemetry_consts.bif.zeek +%%DATADIR%%/base/bif/telemetry_functions.bif.zeek +%%DATADIR%%/base/bif/telemetry_types.bif.zeek %%DATADIR%%/base/bif/top-k.bif.zeek %%DATADIR%%/base/bif/types.bif.zeek %%DATADIR%%/base/bif/zeek.bif.zeek @@ -1557,11 +1653,14 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/frameworks/analyzer/logging.zeek %%DATADIR%%/base/frameworks/analyzer/main.zeek %%DATADIR%%/base/frameworks/broker/__load__.zeek +%%DATADIR%%/base/frameworks/broker/backpressure.zeek %%DATADIR%%/base/frameworks/broker/log.zeek %%DATADIR%%/base/frameworks/broker/main.zeek %%DATADIR%%/base/frameworks/broker/store.zeek %%DATADIR%%/base/frameworks/cluster/__load__.zeek +%%DATADIR%%/base/frameworks/cluster/broker-backpressure.zeek %%DATADIR%%/base/frameworks/cluster/broker-stores.zeek +%%DATADIR%%/base/frameworks/cluster/broker-telemetry.zeek %%DATADIR%%/base/frameworks/cluster/main.zeek %%DATADIR%%/base/frameworks/cluster/nodes/logger.zeek %%DATADIR%%/base/frameworks/cluster/nodes/manager.zeek @@ -1570,6 +1669,7 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/frameworks/cluster/pools.zeek %%DATADIR%%/base/frameworks/cluster/setup-connections.zeek %%DATADIR%%/base/frameworks/cluster/supervisor.zeek +%%DATADIR%%/base/frameworks/cluster/telemetry.zeek %%DATADIR%%/base/frameworks/config/__load__.zeek %%DATADIR%%/base/frameworks/config/input.zeek %%DATADIR%%/base/frameworks/config/main.zeek @@ -1588,6 +1688,7 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/frameworks/files/magic/libmagic.sig %%DATADIR%%/base/frameworks/files/magic/office.sig %%DATADIR%%/base/frameworks/files/magic/programming.sig +%%DATADIR%%/base/frameworks/files/magic/python.sig %%DATADIR%%/base/frameworks/files/magic/video.sig %%DATADIR%%/base/frameworks/files/main.zeek %%DATADIR%%/base/frameworks/input/__load__.zeek @@ -1657,6 +1758,10 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/frameworks/spicy/init-bare.zeek %%DATADIR%%/base/frameworks/spicy/init-framework.zeek %%DATADIR%%/base/frameworks/spicy/main.zeek +%%DATADIR%%/base/frameworks/storage/__load__.zeek +%%DATADIR%%/base/frameworks/storage/async.zeek +%%DATADIR%%/base/frameworks/storage/main.zeek +%%DATADIR%%/base/frameworks/storage/sync.zeek %%DATADIR%%/base/frameworks/sumstats/__load__.zeek %%DATADIR%%/base/frameworks/sumstats/cluster.zeek %%DATADIR%%/base/frameworks/sumstats/main.zeek @@ -1774,6 +1879,7 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/protocols/dnp3/dpd.sig %%DATADIR%%/base/protocols/dnp3/main.zeek %%DATADIR%%/base/protocols/dns/__load__.zeek +%%DATADIR%%/base/protocols/dns/check-event-handlers.zeek %%DATADIR%%/base/protocols/dns/consts.zeek %%DATADIR%%/base/protocols/dns/main.zeek %%DATADIR%%/base/protocols/finger/__load__.zeek @@ -1827,6 +1933,11 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/protocols/ntp/main.zeek %%DATADIR%%/base/protocols/pop3/__load__.zeek %%DATADIR%%/base/protocols/pop3/dpd.sig +%%DATADIR%%/base/protocols/postgresql/__load__.zeek +%%DATADIR%%/base/protocols/postgresql/consts.zeek +%%DATADIR%%/base/protocols/postgresql/dpd.sig +%%DATADIR%%/base/protocols/postgresql/main.zeek +%%DATADIR%%/base/protocols/postgresql/spicy-events.zeek %%DATADIR%%/base/protocols/quic/__load__.zeek %%DATADIR%%/base/protocols/quic/consts.zeek %%DATADIR%%/base/protocols/quic/main.zeek @@ -1838,6 +1949,10 @@ share/man/man8/zeek.8.gz %%DATADIR%%/base/protocols/rdp/consts.zeek %%DATADIR%%/base/protocols/rdp/dpd.sig %%DATADIR%%/base/protocols/rdp/main.zeek +%%DATADIR%%/base/protocols/redis/__load__.zeek +%%DATADIR%%/base/protocols/redis/dpd.sig +%%DATADIR%%/base/protocols/redis/main.zeek +%%DATADIR%%/base/protocols/redis/spicy-events.zeek %%DATADIR%%/base/protocols/rfb/__load__.zeek %%DATADIR%%/base/protocols/rfb/dpd.sig %%DATADIR%%/base/protocols/rfb/main.zeek @@ -1931,7 +2046,6 @@ share/man/man8/zeek.8.gz %%DATADIR%%/cmake/FindBinPAC.cmake %%DATADIR%%/cmake/FindCAres.cmake %%DATADIR%%/cmake/FindCapstats.cmake -%%DATADIR%%/cmake/FindClangTidy.cmake %%DATADIR%%/cmake/FindFTS.cmake %%DATADIR%%/cmake/FindGooglePerftools.cmake %%DATADIR%%/cmake/FindJeMalloc.cmake @@ -1960,7 +2074,7 @@ share/man/man8/zeek.8.gz %%DATADIR%%/cmake/PCAPTests.cmake %%DATADIR%%/cmake/ProhibitInSourceBuild.cmake %%DATADIR%%/cmake/README -%%DATADIR%%/cmake/RequireCXX17.cmake +%%DATADIR%%/cmake/RequireCXXStd.cmake %%DATADIR%%/cmake/SetDefaultCompileFlags.cmake %%DATADIR%%/cmake/SetupRPATH.cmake %%DATADIR%%/cmake/UserChangedWarning.cmake @@ -1981,8 +2095,16 @@ share/man/man8/zeek.8.gz %%DATADIR%%/cmake/zeek-plugin-create-package.sh %%DATADIR%%/cmake/zeek-plugin-install-package.sh %%DATADIR%%/policy/files/x509/disable-certificate-events-known-certs.zeek +%%DATADIR%%/policy/frameworks/analyzer/debug-logging.zeek +%%DATADIR%%/policy/frameworks/analyzer/deprecated-dpd-log.zeek +%%DATADIR%%/policy/frameworks/analyzer/detect-protocols.zeek +%%DATADIR%%/policy/frameworks/analyzer/packet-segment-logging.zeek +%%DATADIR%%/policy/frameworks/cluster/backend/zeromq/__load__.zeek +%%DATADIR%%/policy/frameworks/cluster/backend/zeromq/connect.zeek +%%DATADIR%%/policy/frameworks/cluster/backend/zeromq/main.zeek %%DATADIR%%/policy/frameworks/cluster/experimental.zeek %%DATADIR%%/policy/frameworks/cluster/nodes-experimental/manager.zeek +%%DATADIR%%/policy/frameworks/conn_key/vlan_fivetuple.zeek %%DATADIR%%/policy/frameworks/control/controllee.zeek %%DATADIR%%/policy/frameworks/control/controller.zeek %%DATADIR%%/policy/frameworks/dpd/detect-protocols.zeek @@ -2001,6 +2123,7 @@ share/man/man8/zeek.8.gz %%DATADIR%%/policy/frameworks/intel/seen/file-names.zeek %%DATADIR%%/policy/frameworks/intel/seen/http-headers.zeek %%DATADIR%%/policy/frameworks/intel/seen/http-url.zeek +%%DATADIR%%/policy/frameworks/intel/seen/manage-event-groups.zeek %%DATADIR%%/policy/frameworks/intel/seen/pubkey-hashes.zeek %%DATADIR%%/policy/frameworks/intel/seen/smb-filenames.zeek %%DATADIR%%/policy/frameworks/intel/seen/smtp-url-extraction.zeek @@ -2048,8 +2171,11 @@ share/man/man8/zeek.8.gz %%DATADIR%%/policy/frameworks/software/windows-version-detection.zeek %%DATADIR%%/policy/frameworks/spicy/record-spicy-batch.zeek %%DATADIR%%/policy/frameworks/spicy/resource-usage.zeek +%%DATADIR%%/policy/frameworks/storage/backend/redis/__load__.zeek +%%DATADIR%%/policy/frameworks/storage/backend/redis/main.zeek +%%DATADIR%%/policy/frameworks/storage/backend/sqlite/__load__.zeek +%%DATADIR%%/policy/frameworks/storage/backend/sqlite/main.zeek %%DATADIR%%/policy/frameworks/telemetry/log.zeek -%%DATADIR%%/policy/frameworks/telemetry/prometheus.zeek %%DATADIR%%/policy/integration/collective-intel/__load__.zeek %%DATADIR%%/policy/integration/collective-intel/main.zeek %%DATADIR%%/policy/misc/capture-loss.zeek @@ -2057,7 +2183,6 @@ share/man/man8/zeek.8.gz %%DATADIR%%/policy/misc/detect-traceroute/detect-low-ttls.sig %%DATADIR%%/policy/misc/detect-traceroute/main.zeek %%DATADIR%%/policy/misc/dump-events.zeek -%%DATADIR%%/policy/misc/load-balancing.zeek %%DATADIR%%/policy/misc/loaded-scripts.zeek %%DATADIR%%/policy/misc/profiling.zeek %%DATADIR%%/policy/misc/stats.zeek @@ -2065,9 +2190,13 @@ share/man/man8/zeek.8.gz %%DATADIR%%/policy/misc/unknown-protocols.zeek %%DATADIR%%/policy/misc/weird-stats.zeek %%DATADIR%%/policy/protocols/conn/community-id-logging.zeek +%%DATADIR%%/policy/protocols/conn/disable-unknown-ip-proto-support.zeek +%%DATADIR%%/policy/protocols/conn/failed-service-logging.zeek +%%DATADIR%%/policy/protocols/conn/ip-proto-name-logging.zeek %%DATADIR%%/policy/protocols/conn/known-hosts.zeek %%DATADIR%%/policy/protocols/conn/known-services.zeek %%DATADIR%%/policy/protocols/conn/mac-logging.zeek +%%DATADIR%%/policy/protocols/conn/pppoe-session-id-logging.zeek %%DATADIR%%/policy/protocols/conn/speculative-service.zeek %%DATADIR%%/policy/protocols/conn/vlan-logging.zeek %%DATADIR%%/policy/protocols/conn/weirds.zeek @@ -2080,6 +2209,7 @@ share/man/man8/zeek.8.gz %%DATADIR%%/policy/protocols/ftp/detect-bruteforcing.zeek %%DATADIR%%/policy/protocols/ftp/detect.zeek %%DATADIR%%/policy/protocols/ftp/software.zeek +%%DATADIR%%/policy/protocols/http/detect-sql-injection.zeek %%DATADIR%%/policy/protocols/http/detect-sqli.zeek %%DATADIR%%/policy/protocols/http/detect-webapps.sig %%DATADIR%%/policy/protocols/http/detect-webapps.zeek @@ -2115,11 +2245,6 @@ share/man/man8/zeek.8.gz %%DATADIR%%/policy/protocols/ssl/validate-ocsp.zeek %%DATADIR%%/policy/protocols/ssl/validate-sct.zeek %%DATADIR%%/policy/protocols/ssl/weak-keys.zeek -%%DATADIR%%/policy/tuning/__load__.zeek -%%DATADIR%%/policy/tuning/defaults/__load__.zeek -%%DATADIR%%/policy/tuning/defaults/extracted_file_limits.zeek -%%DATADIR%%/policy/tuning/defaults/packet-fragments.zeek -%%DATADIR%%/policy/tuning/defaults/warnings.zeek %%DATADIR%%/policy/tuning/json-logs.zeek %%DATADIR%%/policy/tuning/track-all-assets.zeek @sample %%DATADIR%%/site/local.zeek.sample @@ -2184,8 +2309,6 @@ share/man/man8/zeek.8.gz %%ZEEKCTL%%@dir logs %%SPICY%%@dir lib/zeek/spicy @dir lib/zeek/plugins -@dir include/zeek/script_opt/ZAM/maint -@dir include/zeek/script_opt/ZAM/OPs @dir include/zeek/analyzer/protocol/quic @dir include/zeek/analyzer/protocol/ldap %%ZEEKCTL%%@postexec su -fm %%ZEEKUSER%% -c '%D/bin/zeekctl install; rm -f %D/spool/debug.log' |