diff options
Diffstat (limited to 'security')
107 files changed, 543 insertions, 1774 deletions
diff --git a/security/Makefile b/security/Makefile index ba85ba630aa2..2574d50691c8 100644 --- a/security/Makefile +++ b/security/Makefile @@ -58,7 +58,6 @@ SUBDIR += bitwarden-cli SUBDIR += blst SUBDIR += boringssl - SUBDIR += botan2 SUBDIR += botan3 SUBDIR += bruteblock SUBDIR += bsdsfv @@ -453,7 +452,6 @@ SUBDIR += openssl-quictls SUBDIR += openssl-unsafe SUBDIR += openssl111 - SUBDIR += openssl32 SUBDIR += openssl33 SUBDIR += openssl33-quictls SUBDIR += openssl34 @@ -920,6 +918,7 @@ SUBDIR += py-certbot-dns-standalone SUBDIR += py-certbot-nginx SUBDIR += py-certifi + SUBDIR += py-certipy SUBDIR += py-certomancer SUBDIR += py-certstream SUBDIR += py-ckcc-protocol diff --git a/security/R-cran-openssl/Makefile b/security/R-cran-openssl/Makefile index 31882d609237..a3bbe8410355 100644 --- a/security/R-cran-openssl/Makefile +++ b/security/R-cran-openssl/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssl -DISTVERSION= 2.3.3 +DISTVERSION= 2.3.4 CATEGORIES= security DISTNAME= ${PORTNAME}_${DISTVERSION} diff --git a/security/R-cran-openssl/distinfo b/security/R-cran-openssl/distinfo index c28d46c50229..71b1da1eac98 100644 --- a/security/R-cran-openssl/distinfo +++ b/security/R-cran-openssl/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1748336768 -SHA256 (openssl_2.3.3.tar.gz) = b6b709a98dc3de47ec59adc234d8f0864c4f5b31c5e65478ec5e49c80ba7bf59 -SIZE (openssl_2.3.3.tar.gz) = 1206720 +TIMESTAMP = 1759355959 +SHA256 (openssl_2.3.4.tar.gz) = a24a02e26abc4055a190e7f14c207cec2853eada77485184835c0b220a71d385 +SIZE (openssl_2.3.4.tar.gz) = 1208445 diff --git a/security/acmed/Makefile b/security/acmed/Makefile index 6fec0c7fbe30..35b47483237a 100644 --- a/security/acmed/Makefile +++ b/security/acmed/Makefile @@ -1,7 +1,7 @@ PORTNAME= acmed DISTVERSIONPREFIX= v DISTVERSION= 0.21.0 -PORTREVISION= 22 +PORTREVISION= 23 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/agave/Makefile b/security/agave/Makefile index 44614004e259..179a8edfbce1 100644 --- a/security/agave/Makefile +++ b/security/agave/Makefile @@ -1,7 +1,7 @@ PORTNAME= agave DISTVERSIONPREFIX= v DISTVERSION= 2.2.14 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security PKGNAMESUFFIX= -blockchain diff --git a/security/arti/Makefile b/security/arti/Makefile index 7ff5ced0400a..b339b8ff2d5c 100644 --- a/security/arti/Makefile +++ b/security/arti/Makefile @@ -1,6 +1,6 @@ PORTNAME= arti DISTVERSION= 1.5.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= cs@FreeBSD.org diff --git a/security/authenticator/Makefile b/security/authenticator/Makefile index 191034a9fcca..faedbe606e3d 100644 --- a/security/authenticator/Makefile +++ b/security/authenticator/Makefile @@ -1,6 +1,6 @@ PORTNAME= authenticator DISTVERSION= 4.4.0 -PORTREVISION= 9 +PORTREVISION= 10 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/authoscope/Makefile b/security/authoscope/Makefile index 6645a15213a6..36d3767ae8ec 100644 --- a/security/authoscope/Makefile +++ b/security/authoscope/Makefile @@ -1,7 +1,7 @@ PORTNAME= authoscope DISTVERSIONPREFIX= v DISTVERSION= 0.8.1 -PORTREVISION= 24 +PORTREVISION= 25 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/aws-lc/Makefile b/security/aws-lc/Makefile index 99eff2b0deec..f0b02dbee9e7 100644 --- a/security/aws-lc/Makefile +++ b/security/aws-lc/Makefile @@ -1,5 +1,5 @@ PORTNAME= aws-lc -PORTVERSION= 1.59.0 +PORTVERSION= 1.60.0 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/aws-lc/distinfo b/security/aws-lc/distinfo index ee331f192075..f4e14e3aad46 100644 --- a/security/aws-lc/distinfo +++ b/security/aws-lc/distinfo @@ -1,5 +1,3 @@ -TIMESTAMP = 1757120534 -SHA256 (aws-aws-lc-v1.59.0_GH0.tar.gz) = fcc179ab0f7801b8416bf27cb16cfb8ee7dff78df364afdf432ba5eb50f42b22 -SIZE (aws-aws-lc-v1.59.0_GH0.tar.gz) = 127302583 -SHA256 (125f94c2c26559ed93a22f1cc5880efe46f0b937.patch) = a07ef67b487b47168384d70b7f7bd2b6a8479e037e09087c34f9f083c88411f2 -SIZE (125f94c2c26559ed93a22f1cc5880efe46f0b937.patch) = 2046 +TIMESTAMP = 1757436427 +SHA256 (aws-aws-lc-v1.60.0_GH0.tar.gz) = 3a064651f2454c64b1435dbcc6e623faae35937816b37b0c99ffaf223879c166 +SIZE (aws-aws-lc-v1.60.0_GH0.tar.gz) = 127421131 diff --git a/security/botan2/Makefile b/security/botan2/Makefile deleted file mode 100644 index 5e0f65c0ff07..000000000000 --- a/security/botan2/Makefile +++ /dev/null @@ -1,119 +0,0 @@ -PORTNAME= botan -DISTVERSION= 2.19.5 -PORTREVISION= 5 -CATEGORIES= security -MASTER_SITES= http://botan.randombit.net/releases/ -PKGNAMESUFFIX= 2 -DISTNAME= Botan-${PORTVERSION} - -PATCH_SITES+= https://github.com/randombit/botan/commit/ -PATCHFILES+= 37fec38ff97604f964122cd2d33f5d503f319b10.patch:-p1 \ - 698c383b050591ae1a239c9e6d4ebe05532d2eee.patch:-p1 \ - 0fed26215b52a3d30122deb528f6b4deb824eae7.patch:-p1 \ - 1eb0d14a7c110207479f40c8369faacc73d945c8.patch:-p1 - -MAINTAINER= fluffy@FreeBSD.org -COMMENT= Portable, easy to use and efficient C++ crypto library -WWW= https://botan.randombit.net/ - -LICENSE= BSD2CLAUSE -LICENSE_FILE= ${WRKSRC}/license.txt - -DEPRECATED= End of life 2024-12-31 upstream, consider migrating to security/botan3 -EXPIRATION_DATE=2025-03-31 - -BROKEN_armv6= include/arm_neon.h:28:2: error: "NEON support not enabled" - -LIB_DEPENDS= libboost_filesystem.so:devel/boost-libs - -USES= compiler:c++17-lang cpe gmake shebangfix tar:xz -CPE_VENDOR= ${PORTNAME}_project -USE_LDCONFIG= yes - -SHEBANG_FILES= configure.py src/python/botan2.py src/scripts/install.py - -HAS_CONFIGURE= yes -CONFIGURE_SCRIPT= configure.py -CONFIGURE_ARGS= --cc=${CHOSEN_COMPILER_TYPE} \ - --prefix=${PREFIX:Q} \ - --with-boost \ - --with-bzip2 \ - --with-external-includedir=${LOCALBASE}/include \ - --with-external-libdir=${LOCALBASE}/lib \ - --with-lzma \ - --with-zlib -LDFLAGS+= -pthread - -DOCSDIR= ${LOCALBASE}/share/doc/${PORTNAME}-${PORTVERSION} - -_SOABIVER= 19 -_SHLIBVER= ${DISTVERSION:S/./ /g:[2]} -_SHLIBVERPATCH= ${DISTVERSION:S/./ /g:[3]} -PLIST_SUB= SHLIBVER=${_SHLIBVER} \ - SHLIBVERPATCH=${_SHLIBVERPATCH} \ - SOABIVER=${_SOABIVER} -PORTDOCS= * - -OPTIONS_DEFINE= DOCS MANPAGES PYTHON SQLITE3 -OPTIONS_DEFINE_aarch64= OPENMP -OPTIONS_DEFINE_amd64= OPENMP -OPTIONS_DEFINE_i386= OPENMP -OPTIONS_DEFINE_powerpc64= OPENMP -OPTIONS_DEFINE_powerpc64le= OPENMP -OPTIONS_DEFINE_riscv64= OPENMP -OPTIONS_DEFAULT= MANPAGES -OPTIONS_DEFAULT_aarch64= OPENMP -OPTIONS_DEFAULT_amd64= OPENMP -OPTIONS_DEFAULT_powerpc64= OPENMP -OPTIONS_DEFAULT_powerpc64le= OPENMP -OPTIONS_DEFAULT_riscv64= OPENMP -OPTIONS_SUB= yes - -MANPAGES_BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}sphinx>=0:textproc/py-sphinx@${PY_FLAVOR} -MANPAGES_CONFIGURE_WITH= sphinx - -OPENMP_CONFIGURE_ON= --with-openmp - -PYTHON_USES= python -PYTHON_USES_OFF= python:build -PYTHON_CONFIGURE_ON= --with-python-versions=${PYTHON_VER} -PYTHON_CONFIGURE_OFF= --no-install-python-module - -SQLITE3_USES= sqlite -SQLITE3_CONFIGURE_WITH= sqlite3 - -.include <bsd.port.options.mk> - -.if ${ARCH} == aarch64 -CONFIGURE_ARGS+= --cc-abi="-march=armv8-a+crypto" -.elif ${ARCH} == powerpc64 -CONFIGURE_ARGS+= --cpu="ppc64" -.if !defined(MACHINE_CPU) || (defined(MACHINE_CPU) && !${MACHINE_ABI:Mvsx2}) -CONFIGURE_ARGS+= --disable-powercrypto -.endif -.elif ${ARCH} == powerpc64le -CONFIGURE_ARGS+= --cpu="ppc64le" -.endif - -.if ${ARCH} == i386 || ${ARCH} == amd64 -PLIST_SUB+= HAS_RDRAND_RNG="" -.else -PLIST_SUB+= HAS_RDRAND_RNG="@comment " -.endif - -.if ${ARCH} == i386 || ${ARCH} == amd64 || ${ARCH:Mpowerpc64*} -PLIST_SUB+= HAS_PROCESSOR_RNG="" -.else -PLIST_SUB+= HAS_PROCESSOR_RNG="@comment " -.endif - -post-patch: - @${REINPLACE_CMD} -e 's|^optimization_flags .*|optimization_flags "${CXXFLAGS}"|' \ - ${WRKSRC}/src/build-data/cc/clang.txt - @${REINPLACE_CMD} -e 's|boost_system|boost_filesystem|' \ - ${WRKSRC}/src/lib/utils/boost/info.txt - -post-install: - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/botan ${STAGEDIR}${PREFIX}/lib/libbotan-2.so.${_SOABIVER}.${_SHLIBVER}.${_SHLIBVERPATCH} - -.include <bsd.port.mk> diff --git a/security/botan2/distinfo b/security/botan2/distinfo deleted file mode 100644 index f45a3087e771..000000000000 --- a/security/botan2/distinfo +++ /dev/null @@ -1,11 +0,0 @@ -TIMESTAMP = 1753445434 -SHA256 (Botan-2.19.5.tar.xz) = dfeea0e0a6f26d6724c4af01da9a7b88487adb2d81ba7c72fcaf52db522c9ad4 -SIZE (Botan-2.19.5.tar.xz) = 6140148 -SHA256 (37fec38ff97604f964122cd2d33f5d503f319b10.patch) = 65d185241f6ca5ed5f1ee271855d7733874218df7fccb82a21c12b97e47828c0 -SIZE (37fec38ff97604f964122cd2d33f5d503f319b10.patch) = 15365 -SHA256 (698c383b050591ae1a239c9e6d4ebe05532d2eee.patch) = b3d9c32018fb17035b81191e3d69fe94a0ba2df7513eba0b4f7a66f3417ce187 -SIZE (698c383b050591ae1a239c9e6d4ebe05532d2eee.patch) = 2927 -SHA256 (0fed26215b52a3d30122deb528f6b4deb824eae7.patch) = 5af4a25ee9252829469cdb33de9f8afd212b96520a03b50855f8fc73cb99779a -SIZE (0fed26215b52a3d30122deb528f6b4deb824eae7.patch) = 2512 -SHA256 (1eb0d14a7c110207479f40c8369faacc73d945c8.patch) = 97df96aab5fb3632773b804e077171da48204e81776a945c69672e5c7b0d7396 -SIZE (1eb0d14a7c110207479f40c8369faacc73d945c8.patch) = 1300 diff --git a/security/botan2/pkg-descr b/security/botan2/pkg-descr deleted file mode 100644 index 8016bb1d4668..000000000000 --- a/security/botan2/pkg-descr +++ /dev/null @@ -1,12 +0,0 @@ -Botan is a crypto library written in C++. It provides a variety of -cryptographic algorithms, including common ones such as AES, MD5, SHA, -HMAC, RSA, Diffie-Hellman, DSA, and ECDSA, as well as many others that -are more obscure or specialized. It also offers X.509v3 certificates -and CRLs, and PKCS #10 certificate requests. A message processing -system that uses a filter/pipeline metaphor allows for many common -cryptographic tasks to be completed with just a few lines of code. -Assembly optimizations for common CPUs, including x86, x86-64, and -PowerPC, offers further speedups for critical tasks such as SHA-1 -hashing and multiple precision integer operations. - -Botan is licensed under the same permissive terms as FreeBSD itself. diff --git a/security/botan2/pkg-plist b/security/botan2/pkg-plist deleted file mode 100644 index bfa3fab768e3..000000000000 --- a/security/botan2/pkg-plist +++ /dev/null @@ -1,327 +0,0 @@ -bin/botan -include/botan-2/botan/adler32.h -include/botan-2/botan/aead.h -include/botan-2/botan/aes.h -include/botan-2/botan/alg_id.h -include/botan-2/botan/argon2.h -include/botan-2/botan/aria.h -include/botan-2/botan/asio_async_ops.h -include/botan-2/botan/asio_context.h -include/botan-2/botan/asio_error.h -include/botan-2/botan/asio_stream.h -include/botan-2/botan/asn1_alt_name.h -include/botan-2/botan/asn1_attribute.h -include/botan-2/botan/asn1_obj.h -include/botan-2/botan/asn1_oid.h -include/botan-2/botan/asn1_print.h -include/botan-2/botan/asn1_str.h -include/botan-2/botan/asn1_time.h -include/botan-2/botan/assert.h -include/botan-2/botan/auto_rng.h -include/botan-2/botan/b64_filt.h -include/botan-2/botan/base32.h -include/botan-2/botan/base58.h -include/botan-2/botan/base64.h -include/botan-2/botan/basefilt.h -include/botan-2/botan/bcrypt.h -include/botan-2/botan/bcrypt_pbkdf.h -include/botan-2/botan/ber_dec.h -include/botan-2/botan/bigint.h -include/botan-2/botan/blake2b.h -include/botan-2/botan/blinding.h -include/botan-2/botan/block_cipher.h -include/botan-2/botan/blowfish.h -include/botan-2/botan/botan.h -include/botan-2/botan/bswap.h -include/botan-2/botan/buf_comp.h -include/botan-2/botan/buf_filt.h -include/botan-2/botan/build.h -include/botan-2/botan/bzip2.h -include/botan-2/botan/calendar.h -include/botan-2/botan/camellia.h -include/botan-2/botan/cascade.h -include/botan-2/botan/cast128.h -include/botan-2/botan/cast256.h -include/botan-2/botan/cbc.h -include/botan-2/botan/cbc_mac.h -include/botan-2/botan/ccm.h -include/botan-2/botan/cecpq1.h -include/botan-2/botan/cert_status.h -include/botan-2/botan/certstor.h -include/botan-2/botan/certstor_flatfile.h -include/botan-2/botan/certstor_system.h -include/botan-2/botan/certstor_sql.h -%%SQLITE3%%include/botan-2/botan/certstor_sqlite.h -include/botan-2/botan/cfb.h -include/botan-2/botan/chacha.h -include/botan-2/botan/chacha20poly1305.h -include/botan-2/botan/chacha_rng.h -include/botan-2/botan/charset.h -include/botan-2/botan/cipher_filter.h -include/botan-2/botan/cipher_mode.h -include/botan-2/botan/cmac.h -include/botan-2/botan/comb4p.h -include/botan-2/botan/comp_filter.h -include/botan-2/botan/compiler.h -include/botan-2/botan/compression.h -include/botan-2/botan/cpuid.h -include/botan-2/botan/crc24.h -include/botan-2/botan/crc32.h -include/botan-2/botan/credentials_manager.h -include/botan-2/botan/crl_ent.h -include/botan-2/botan/cryptobox.h -include/botan-2/botan/ctr.h -include/botan-2/botan/curve25519.h -include/botan-2/botan/curve_gfp.h -include/botan-2/botan/curve_nistp.h -include/botan-2/botan/data_snk.h -include/botan-2/botan/data_src.h -include/botan-2/botan/database.h -include/botan-2/botan/datastor.h -include/botan-2/botan/der_enc.h -include/botan-2/botan/des.h -include/botan-2/botan/desx.h -include/botan-2/botan/dh.h -include/botan-2/botan/divide.h -include/botan-2/botan/dl_algo.h -include/botan-2/botan/dl_group.h -include/botan-2/botan/dlies.h -include/botan-2/botan/dsa.h -include/botan-2/botan/dyn_load.h -include/botan-2/botan/eax.h -include/botan-2/botan/ec_group.h -include/botan-2/botan/ecc_key.h -include/botan-2/botan/ecdh.h -include/botan-2/botan/ecdsa.h -include/botan-2/botan/ecgdsa.h -include/botan-2/botan/ecies.h -include/botan-2/botan/eckcdsa.h -include/botan-2/botan/ed25519.h -include/botan-2/botan/elgamal.h -include/botan-2/botan/eme.h -include/botan-2/botan/eme_pkcs.h -include/botan-2/botan/eme_raw.h -include/botan-2/botan/emsa.h -include/botan-2/botan/emsa1.h -include/botan-2/botan/emsa_pkcs1.h -include/botan-2/botan/emsa_raw.h -include/botan-2/botan/emsa_x931.h -include/botan-2/botan/entropy_src.h -include/botan-2/botan/exceptn.h -include/botan-2/botan/fd_unix.h -include/botan-2/botan/ffi.h -include/botan-2/botan/filter.h -include/botan-2/botan/filters.h -include/botan-2/botan/fpe_fe1.h -include/botan-2/botan/gcm.h -include/botan-2/botan/gf2m_small_m.h -include/botan-2/botan/ghash.h -include/botan-2/botan/gmac.h -include/botan-2/botan/gost_28147.h -include/botan-2/botan/gost_3410.h -include/botan-2/botan/gost_3411.h -include/botan-2/botan/hash.h -include/botan-2/botan/hash_id.h -include/botan-2/botan/hex.h -include/botan-2/botan/hex_filt.h -include/botan-2/botan/hkdf.h -include/botan-2/botan/hmac.h -include/botan-2/botan/hmac_drbg.h -include/botan-2/botan/hotp.h -include/botan-2/botan/http_util.h -include/botan-2/botan/idea.h -include/botan-2/botan/init.h -include/botan-2/botan/iso9796.h -include/botan-2/botan/kasumi.h -include/botan-2/botan/kdf.h -include/botan-2/botan/kdf1.h -include/botan-2/botan/kdf1_iso18033.h -include/botan-2/botan/kdf2.h -include/botan-2/botan/keccak.h -include/botan-2/botan/key_constraint.h -include/botan-2/botan/key_filt.h -include/botan-2/botan/key_spec.h -include/botan-2/botan/keypair.h -include/botan-2/botan/lion.h -include/botan-2/botan/loadstor.h -include/botan-2/botan/locking_allocator.h -include/botan-2/botan/lookup.h -include/botan-2/botan/lzma.h -include/botan-2/botan/mac.h -include/botan-2/botan/mceies.h -include/botan-2/botan/mceliece.h -include/botan-2/botan/md4.h -include/botan-2/botan/md5.h -include/botan-2/botan/mdx_hash.h -include/botan-2/botan/mem_ops.h -include/botan-2/botan/mgf1.h -include/botan-2/botan/misty1.h -include/botan-2/botan/mode_pad.h -include/botan-2/botan/monty.h -include/botan-2/botan/mul128.h -include/botan-2/botan/mutex.h -include/botan-2/botan/name_constraint.h -include/botan-2/botan/newhope.h -include/botan-2/botan/nist_keywrap.h -include/botan-2/botan/noekeon.h -include/botan-2/botan/numthry.h -include/botan-2/botan/oaep.h -include/botan-2/botan/ocb.h -include/botan-2/botan/ocsp.h -include/botan-2/botan/ocsp_types.h -include/botan-2/botan/ofb.h -include/botan-2/botan/oids.h -include/botan-2/botan/otp.h -include/botan-2/botan/p11.h -include/botan-2/botan/p11_ecc_key.h -include/botan-2/botan/p11_ecdh.h -include/botan-2/botan/p11_ecdsa.h -include/botan-2/botan/p11_module.h -include/botan-2/botan/p11_object.h -include/botan-2/botan/p11_randomgenerator.h -include/botan-2/botan/p11_rsa.h -include/botan-2/botan/p11_session.h -include/botan-2/botan/p11_slot.h -include/botan-2/botan/p11_types.h -include/botan-2/botan/p11_x509.h -include/botan-2/botan/package.h -include/botan-2/botan/par_hash.h -include/botan-2/botan/parsing.h -include/botan-2/botan/passhash9.h -include/botan-2/botan/pbes2.h -include/botan-2/botan/pbkdf.h -include/botan-2/botan/pbkdf1.h -include/botan-2/botan/pbkdf2.h -include/botan-2/botan/pem.h -include/botan-2/botan/pgp_s2k.h -include/botan-2/botan/pipe.h -include/botan-2/botan/pk_algs.h -include/botan-2/botan/pk_keys.h -include/botan-2/botan/pk_ops.h -include/botan-2/botan/pk_ops_fwd.h -include/botan-2/botan/pkcs10.h -include/botan-2/botan/pkcs11.h -include/botan-2/botan/pkcs11f.h -include/botan-2/botan/pkcs11t.h -include/botan-2/botan/pkcs8.h -include/botan-2/botan/pkix_enums.h -include/botan-2/botan/pkix_types.h -include/botan-2/botan/point_gfp.h -include/botan-2/botan/poly1305.h -include/botan-2/botan/polyn_gf2m.h -include/botan-2/botan/pow_mod.h -include/botan-2/botan/prf_tls.h -include/botan-2/botan/prf_x942.h -%%HAS_PROCESSOR_RNG%%include/botan-2/botan/processor_rng.h -include/botan-2/botan/psk_db.h -include/botan-2/botan/psk_db_sql.h -include/botan-2/botan/pssr.h -include/botan-2/botan/pubkey.h -include/botan-2/botan/pwdhash.h -include/botan-2/botan/rc4.h -%%HAS_RDRAND_RNG%%include/botan-2/botan/rdrand_rng.h -include/botan-2/botan/reducer.h -include/botan-2/botan/rfc3394.h -include/botan-2/botan/rfc6979.h -include/botan-2/botan/rmd160.h -include/botan-2/botan/rng.h -include/botan-2/botan/rotate.h -include/botan-2/botan/roughtime.h -include/botan-2/botan/rsa.h -include/botan-2/botan/salsa20.h -include/botan-2/botan/scan_name.h -include/botan-2/botan/scrypt.h -include/botan-2/botan/secmem.h -include/botan-2/botan/secqueue.h -include/botan-2/botan/seed.h -include/botan-2/botan/serpent.h -include/botan-2/botan/sha160.h -include/botan-2/botan/sha2_32.h -include/botan-2/botan/sha2_64.h -include/botan-2/botan/sha3.h -include/botan-2/botan/shacal2.h -include/botan-2/botan/shake.h -include/botan-2/botan/shake_cipher.h -include/botan-2/botan/siphash.h -include/botan-2/botan/siv.h -include/botan-2/botan/skein_512.h -include/botan-2/botan/sm2.h -include/botan-2/botan/sm2_enc.h -include/botan-2/botan/sm3.h -include/botan-2/botan/sm4.h -include/botan-2/botan/sodium.h -include/botan-2/botan/sp800_108.h -include/botan-2/botan/sp800_56a.h -include/botan-2/botan/sp800_56c.h -%%SQLITE3%%include/botan-2/botan/sqlite3.h -include/botan-2/botan/srp6.h -include/botan-2/botan/stateful_rng.h -include/botan-2/botan/stl_compatibility.h -include/botan-2/botan/stream_cipher.h -include/botan-2/botan/stream_mode.h -include/botan-2/botan/streebog.h -include/botan-2/botan/sym_algo.h -include/botan-2/botan/symkey.h -include/botan-2/botan/system_rng.h -include/botan-2/botan/threefish.h -include/botan-2/botan/threefish_512.h -include/botan-2/botan/tiger.h -include/botan-2/botan/tls_alert.h -include/botan-2/botan/tls_algos.h -include/botan-2/botan/tls_blocking.h -include/botan-2/botan/tls_callbacks.h -include/botan-2/botan/tls_channel.h -include/botan-2/botan/tls_ciphersuite.h -include/botan-2/botan/tls_client.h -include/botan-2/botan/tls_exceptn.h -include/botan-2/botan/tls_extensions.h -include/botan-2/botan/tls_handshake_msg.h -include/botan-2/botan/tls_magic.h -include/botan-2/botan/tls_messages.h -include/botan-2/botan/tls_policy.h -include/botan-2/botan/tls_server.h -include/botan-2/botan/tls_server_info.h -include/botan-2/botan/tls_session.h -include/botan-2/botan/tls_session_manager.h -include/botan-2/botan/tls_session_manager_sql.h -%%SQLITE3%%include/botan-2/botan/tls_session_manager_sqlite.h -include/botan-2/botan/tls_version.h -include/botan-2/botan/totp.h -include/botan-2/botan/tss.h -include/botan-2/botan/twofish.h -include/botan-2/botan/types.h -include/botan-2/botan/uuid.h -include/botan-2/botan/version.h -include/botan-2/botan/whrlpool.h -include/botan-2/botan/workfactor.h -include/botan-2/botan/x509_ca.h -include/botan-2/botan/x509_crl.h -include/botan-2/botan/x509_dn.h -include/botan-2/botan/x509_ext.h -include/botan-2/botan/x509_key.h -include/botan-2/botan/x509_obj.h -include/botan-2/botan/x509cert.h -include/botan-2/botan/x509path.h -include/botan-2/botan/x509self.h -include/botan-2/botan/x919_mac.h -include/botan-2/botan/xmss.h -include/botan-2/botan/xmss_hash.h -include/botan-2/botan/xmss_key_pair.h -include/botan-2/botan/xmss_parameters.h -include/botan-2/botan/xmss_privatekey.h -include/botan-2/botan/xmss_publickey.h -include/botan-2/botan/xmss_wots.h -include/botan-2/botan/xmss_wots_parameters.h -include/botan-2/botan/xmss_wots_privatekey.h -include/botan-2/botan/xmss_wots_publickey.h -include/botan-2/botan/xtea.h -include/botan-2/botan/xts.h -include/botan-2/botan/zfec.h -include/botan-2/botan/zlib.h -lib/libbotan-2.a -lib/libbotan-2.so -lib/libbotan-2.so.%%SOABIVER%% -lib/libbotan-2.so.%%SOABIVER%%.%%SHLIBVER%%.%%SHLIBVERPATCH%% -%%PYTHON%%%%PYTHON_SITELIBDIR%%/botan2.py -libdata/pkgconfig/botan-2.pc -%%MANPAGES%%share/man/man1/botan.1.gz diff --git a/security/ca_root_nss/Makefile b/security/ca_root_nss/Makefile index 8824436587be..1214762865cf 100644 --- a/security/ca_root_nss/Makefile +++ b/security/ca_root_nss/Makefile @@ -1,6 +1,6 @@ PORTNAME= ca_root_nss PORTVERSION= ${VERSION_NSS} -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MASTER_SITES= MOZILLA/security/nss/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src DISTNAME= nss-${VERSION_NSS}${NSS_SUFFIX} @@ -34,7 +34,7 @@ VERSION_NSS= 3.115 CERTDATA_TXT_PATH= lib/ckfw/builtins/certdata.txt BUNDLE_PROCESSOR= MAca-bundle.pl -SUB_FILES= MAca-bundle.pl pkg-message +SUB_FILES= MAca-bundle.pl pkg-deinstall pkg-install pkg-message SUB_LIST= VERSION_NSS=${VERSION_NSS} do-build: diff --git a/security/ca_root_nss/files/pkg-deinstall.in b/security/ca_root_nss/files/pkg-deinstall.in new file mode 100644 index 000000000000..8e5138c10c22 --- /dev/null +++ b/security/ca_root_nss/files/pkg-deinstall.in @@ -0,0 +1,6 @@ +#!/bin/sh + +if [ "$2" = POST-DEINSTALL ]; then + CERTCTL_ARGS="-D ${PKG_ROOTDIR}" + certctl ${CERTCTL_ARGS} rehash +fi diff --git a/security/ca_root_nss/files/pkg-install.in b/security/ca_root_nss/files/pkg-install.in new file mode 100644 index 000000000000..6f05ab7e72ed --- /dev/null +++ b/security/ca_root_nss/files/pkg-install.in @@ -0,0 +1,12 @@ +#!/bin/sh + +if [ "$2" = POST-INSTALL ]; then + CERTCTL_ARGS="-D ${PKG_ROOTDIR}" + if [ -n "${PKG_METALOG}" ]; then + CERTCTL_ARGS="${CERTCTL_ARGS} -U -M ${PKG_METALOG}" + fi + certctl ${CERTCTL_ARGS} rehash + + [ ! -e %%LOCALBASE%%/bin/cert-sync ] || \ + %%LOCALBASE%%/bin/cert-sync --quiet %%PREFIX%%/share/certs/ca-root-nss.crt +fi diff --git a/security/ca_root_nss/pkg-plist b/security/ca_root_nss/pkg-plist index 7899413567aa..79f18017fea6 100644 --- a/security/ca_root_nss/pkg-plist +++ b/security/ca_root_nss/pkg-plist @@ -2,6 +2,3 @@ @sample etc/ssl/cert.pem.sample %%ETCSYMLINK%%openssl/cert.pem %%ETCSYMLINK%%/etc/ssl/cert.pem -@postexec certctl rehash -@postunexec certctl rehash -@postexec [ ! -e %%LOCALBASE%%/bin/cert-sync ] || %%LOCALBASE%%/bin/cert-sync --quiet %%PREFIX%%/share/certs/ca-root-nss.crt diff --git a/security/cargo-audit/Makefile b/security/cargo-audit/Makefile index 968206cde143..a45d7b4b4a7c 100644 --- a/security/cargo-audit/Makefile +++ b/security/cargo-audit/Makefile @@ -1,7 +1,7 @@ PORTNAME= cargo-audit DISTVERSIONPREFIX= ${PORTNAME}/v DISTVERSION= 0.21.2 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= security diff --git a/security/clamav-lts/Makefile b/security/clamav-lts/Makefile index b6539482641f..4f863dabe9f6 100644 --- a/security/clamav-lts/Makefile +++ b/security/clamav-lts/Makefile @@ -1,6 +1,6 @@ PORTNAME= clamav DISTVERSION= 1.0.9 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= https://www.clamav.net/downloads/production/ diff --git a/security/clamav/Makefile b/security/clamav/Makefile index 7a29dc981d0a..413f7af43016 100644 --- a/security/clamav/Makefile +++ b/security/clamav/Makefile @@ -1,6 +1,6 @@ PORTNAME= clamav DISTVERSION= 1.4.3 -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= security MASTER_SITES= https://www.clamav.net/downloads/production/ diff --git a/security/cloak/Makefile b/security/cloak/Makefile index 5e766c9afb4e..11042978be15 100644 --- a/security/cloak/Makefile +++ b/security/cloak/Makefile @@ -1,7 +1,7 @@ PORTNAME= cloak DISTVERSIONPREFIX= v DISTVERSION= 0.3.0 -PORTREVISION= 32 +PORTREVISION= 33 CATEGORIES= security MAINTAINER= ports@FreeBSD.org diff --git a/security/diswall/Makefile b/security/diswall/Makefile index fe69a0d58e55..38bb50c05d26 100644 --- a/security/diswall/Makefile +++ b/security/diswall/Makefile @@ -1,7 +1,7 @@ PORTNAME= diswall DISTVERSIONPREFIX= v DISTVERSION= 0.6.0 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/exploit-pattern/Makefile b/security/exploit-pattern/Makefile index a36d3b4311a6..c35dbe1c8e26 100644 --- a/security/exploit-pattern/Makefile +++ b/security/exploit-pattern/Makefile @@ -2,7 +2,7 @@ PORTNAME= exploit-pattern DISTVERSION= g20230527 CATEGORIES= security -MAINTAINER= tiago.gasiba@gmail.com +MAINTAINER= tiga@FreeBSD.org COMMENT= Generate and search pattern string for exploit development WWW= https://github.com/${GH_ACCOUNT}/${PORTNAME} diff --git a/security/flawz/Makefile b/security/flawz/Makefile index 5888307efb27..b8ede509ef15 100644 --- a/security/flawz/Makefile +++ b/security/flawz/Makefile @@ -1,7 +1,7 @@ PORTNAME= flawz DISTVERSIONPREFIX= v DISTVERSION= 0.3.0 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/fuzz/Makefile b/security/fuzz/Makefile index 3b99b4f85cb0..443e50e85bb7 100644 --- a/security/fuzz/Makefile +++ b/security/fuzz/Makefile @@ -4,7 +4,7 @@ PORTREVISION= 2 CATEGORIES= security MASTER_SITES= SF -MAINTAINER= tiago.gasiba@gmail.com +MAINTAINER= tiga@FreeBSD.org COMMENT= Tool for testing software by bombarding the program with random data WWW= https://fuzz.sourceforge.net/ diff --git a/security/gpg-tui/Makefile b/security/gpg-tui/Makefile index bd53260d9ce8..6dc29b19e639 100644 --- a/security/gpg-tui/Makefile +++ b/security/gpg-tui/Makefile @@ -1,7 +1,7 @@ PORTNAME= gpg-tui DISTVERSIONPREFIX= v DISTVERSION= 0.11.1 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MAINTAINER= se@FreeBSD.org diff --git a/security/hashcat/Makefile b/security/hashcat/Makefile index f2c76ff7fa2b..aae3658efa75 100644 --- a/security/hashcat/Makefile +++ b/security/hashcat/Makefile @@ -1,7 +1,7 @@ PORTNAME= hashcat PORTVERSION= 7.1.2 DISTVERSIONPREFIX= v -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= security diff --git a/security/kanidm/Makefile b/security/kanidm/Makefile index 54b16724b18c..e29028300f7d 100644 --- a/security/kanidm/Makefile +++ b/security/kanidm/Makefile @@ -1,7 +1,7 @@ PORTNAME= kanidm DISTVERSIONPREFIX= v DISTVERSION= 1.7.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security net MAINTAINER= bofh@FreeBSD.org diff --git a/security/keepass-plugin-keepassrpc/Makefile b/security/keepass-plugin-keepassrpc/Makefile index 4b1b44503c1a..e322bb71380c 100644 --- a/security/keepass-plugin-keepassrpc/Makefile +++ b/security/keepass-plugin-keepassrpc/Makefile @@ -4,7 +4,7 @@ DISTVERSIONPREFIX=v CATEGORIES= security PKGNAMEPREFIX= keepass-plugin- -MAINTAINER= tiago.gasiba@gmail.com +MAINTAINER= tiga@FreeBSD.org COMMENT= KeePass plugin which facilitates the Kee Firefox plugin WWW= https://www.kee.pm/ diff --git a/security/keepassxc276/Makefile b/security/keepassxc276/Makefile index e5965d9be9de..b3966eb2c5c3 100644 --- a/security/keepassxc276/Makefile +++ b/security/keepassxc276/Makefile @@ -1,5 +1,6 @@ PORTNAME= keepassxc DISTVERSION= 2.7.6 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://github.com/keepassxreboot/keepassxc/releases/download/${DISTVERSION}/ PKGNAMESUFFIX= 276 @@ -18,13 +19,10 @@ LICENSE_NAME_NOKIA-LGPL-EXCEPTION= Nokia Qt LGPL Exception version 1.1 LICENSE_FILE_NOKIA-LGPL-EXCEPTION= ${WRKSRC}/LICENSE.NOKIA-LGPL-EXCEPTION LICENSE_PERMS_NOKIA-LGPL-EXCEPTION= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept -DEPRECATED= Depends on expired security/botan2 -EXPIRATION_DATE=2025-06-21 - BUILD_DEPENDS= asciidoctor:textproc/rubygem-asciidoctor LIB_DEPENDS= libargon2.so:security/libargon2 \ libqrencode.so:graphics/libqrencode \ - libbotan-2.so:security/botan2 + libbotan-3.so:security/botan3 USES= cmake compiler:c++17-lang desktop-file-utils pkgconfig qt:5 \ readline shared-mime-info tar:xz xorg diff --git a/security/keepassxc276/files/patch-src_keys_FileKey.cpp b/security/keepassxc276/files/patch-src_keys_FileKey.cpp new file mode 100644 index 000000000000..3ea8d551efd4 --- /dev/null +++ b/security/keepassxc276/files/patch-src_keys_FileKey.cpp @@ -0,0 +1,11 @@ +--- src/keys/FileKey.cpp.orig 2023-08-15 22:40:34 UTC ++++ src/keys/FileKey.cpp +@@ -22,6 +22,8 @@ + #include "crypto/CryptoHash.h" + #include "crypto/Random.h" + ++#include <botan/mem_ops.h> ++ + #include <QDataStream> + #include <QFile> + #include <QXmlStreamReader> diff --git a/security/libaegis/Makefile b/security/libaegis/Makefile index 0454fa2b6c28..332a165fdb2e 100644 --- a/security/libaegis/Makefile +++ b/security/libaegis/Makefile @@ -1,5 +1,5 @@ PORTNAME= libaegis -PORTVERSION= 0.4.0 +PORTVERSION= 0.4.1 CATEGORIES= security MAINTAINER= sunpoet@FreeBSD.org diff --git a/security/libaegis/distinfo b/security/libaegis/distinfo index 7223738359e9..31b310a6e0ef 100644 --- a/security/libaegis/distinfo +++ b/security/libaegis/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1739962440 -SHA256 (jedisct1-libaegis-0.4.0_GH0.tar.gz) = bf8d363edc28b9969e9d0decc41b41f818461136619652b1a977c8afa9b81363 -SIZE (jedisct1-libaegis-0.4.0_GH0.tar.gz) = 502083 +TIMESTAMP = 1757436429 +SHA256 (jedisct1-libaegis-0.4.1_GH0.tar.gz) = 881eb13d7d370bf3828542402582e2b2bf897f7bbb7b5f162012efb0935394b4 +SIZE (jedisct1-libaegis-0.4.1_GH0.tar.gz) = 502740 diff --git a/security/libressl-devel/Makefile b/security/libressl-devel/Makefile index c8332538d6d1..b90c18b1308e 100644 --- a/security/libressl-devel/Makefile +++ b/security/libressl-devel/Makefile @@ -1,5 +1,5 @@ PORTNAME= libressl -PORTVERSION= 4.1.0 +PORTVERSION= 4.1.1 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL PKGNAMESUFFIX= -devel diff --git a/security/libressl-devel/distinfo b/security/libressl-devel/distinfo index 88dda4d38cdc..62e0fcbe19c7 100644 --- a/security/libressl-devel/distinfo +++ b/security/libressl-devel/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1746175532 -SHA256 (libressl-4.1.0.tar.gz) = 0f71c16bd34bdaaccdcb96a5d94a4921bfb612ec6e0eba7a80d8854eefd8bb61 -SIZE (libressl-4.1.0.tar.gz) = 9198928 +TIMESTAMP = 1759303143 +SHA256 (libressl-4.1.1.tar.gz) = c7ff7a7d675d5f57730940e5ccff1dbe2dcd5b7405b5397e0f7ffd66a5ed5679 +SIZE (libressl-4.1.1.tar.gz) = 9202355 diff --git a/security/libressl/Makefile b/security/libressl/Makefile index 35de680209e2..749ae4315dc1 100644 --- a/security/libressl/Makefile +++ b/security/libressl/Makefile @@ -1,5 +1,5 @@ PORTNAME= libressl -PORTVERSION= 4.1.0 +PORTVERSION= 4.1.1 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL diff --git a/security/libressl/distinfo b/security/libressl/distinfo index 88dda4d38cdc..62e0fcbe19c7 100644 --- a/security/libressl/distinfo +++ b/security/libressl/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1746175532 -SHA256 (libressl-4.1.0.tar.gz) = 0f71c16bd34bdaaccdcb96a5d94a4921bfb612ec6e0eba7a80d8854eefd8bb61 -SIZE (libressl-4.1.0.tar.gz) = 9198928 +TIMESTAMP = 1759303143 +SHA256 (libressl-4.1.1.tar.gz) = c7ff7a7d675d5f57730940e5ccff1dbe2dcd5b7405b5397e0f7ffd66a5ed5679 +SIZE (libressl-4.1.1.tar.gz) = 9202355 diff --git a/security/lua-bcrypt/Makefile b/security/lua-bcrypt/Makefile index d12a36d730b7..ef891deef73d 100644 --- a/security/lua-bcrypt/Makefile +++ b/security/lua-bcrypt/Makefile @@ -13,7 +13,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE BUILD_DEPENDS= luarocks${LUA_VER_STR}:devel/lua-luarocks@${FLAVOR} -USES= lua:module +USES= lua:53-54,module USE_GITHUB= yes GH_ACCOUNT= mikejsavage GH_PROJECT= lua-bcrypt diff --git a/security/netbird/Makefile b/security/netbird/Makefile index d018c374af81..2b5638e59319 100644 --- a/security/netbird/Makefile +++ b/security/netbird/Makefile @@ -1,7 +1,6 @@ PORTNAME= netbird DISTVERSIONPREFIX= v -DISTVERSION= 0.56.0 -PORTREVISION= 1 +DISTVERSION= 0.59.1 CATEGORIES= security net net-vpn MAINTAINER= hakan.external@netbird.io diff --git a/security/netbird/distinfo b/security/netbird/distinfo index 842834e94dc7..6afd5a561327 100644 --- a/security/netbird/distinfo +++ b/security/netbird/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1756099179 -SHA256 (go/security_netbird/netbird-v0.56.0/v0.56.0.mod) = e817264ac86111dbad8241ebaa0896fceeeb3c5aa2f8a1d36e84100e05975489 -SIZE (go/security_netbird/netbird-v0.56.0/v0.56.0.mod) = 12619 -SHA256 (go/security_netbird/netbird-v0.56.0/v0.56.0.zip) = 750c6be8736b9b960509f57d245711b0d7a4b97f15c0f2a1a3ac07aadf20ba63 -SIZE (go/security_netbird/netbird-v0.56.0/v0.56.0.zip) = 3126909 +TIMESTAMP = 1759481572 +SHA256 (go/security_netbird/netbird-v0.59.1/v0.59.1.mod) = a930885bdb739be4a2fbbb2a63b86d0b33d3c2897b45d5f391ef1d9d29db5975 +SIZE (go/security_netbird/netbird-v0.59.1/v0.59.1.mod) = 12607 +SHA256 (go/security_netbird/netbird-v0.59.1/v0.59.1.zip) = 0e1eca9e038d7bf1db3bf67b59f3fa58356fb856c1a68c8fa02e8a609bc21f68 +SIZE (go/security_netbird/netbird-v0.59.1/v0.59.1.zip) = 3188357 diff --git a/security/nextcloud-twofactor_webauthn/Makefile b/security/nextcloud-twofactor_webauthn/Makefile index 603b0091cae3..d59319649d43 100644 --- a/security/nextcloud-twofactor_webauthn/Makefile +++ b/security/nextcloud-twofactor_webauthn/Makefile @@ -1,5 +1,5 @@ PORTNAME= twofactor_webauthn -PORTVERSION= 2.4.0 +PORTVERSION= 2.4.1 DISTVERSIONPREFIX= v CATEGORIES= security diff --git a/security/nextcloud-twofactor_webauthn/distinfo b/security/nextcloud-twofactor_webauthn/distinfo index 406eef980563..c0adb1ed1dc7 100644 --- a/security/nextcloud-twofactor_webauthn/distinfo +++ b/security/nextcloud-twofactor_webauthn/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1758120166 -SHA256 (nextcloud/twofactor_webauthn-v2.4.0.tar.gz) = c802519aea990a2cb31bb9ab723250aae14e6a605c07bb4fe37af201efd9e146 -SIZE (nextcloud/twofactor_webauthn-v2.4.0.tar.gz) = 16787524 +TIMESTAMP = 1759345150 +SHA256 (nextcloud/twofactor_webauthn-v2.4.1.tar.gz) = 0753a37b9a17ebc8bd43f20616fc6337d43eefc4a7ab7caeb2092077c321dcb4 +SIZE (nextcloud/twofactor_webauthn-v2.4.1.tar.gz) = 16790114 diff --git a/security/nss/Makefile b/security/nss/Makefile index 525635c1e763..f7c77344a5f0 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -1,5 +1,5 @@ PORTNAME= nss -PORTVERSION= 3.116 +PORTVERSION= 3.117 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src diff --git a/security/nss/distinfo b/security/nss/distinfo index c913edb41197..0eb1e4a89c39 100644 --- a/security/nss/distinfo +++ b/security/nss/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1757695731 -SHA256 (nss-3.116.tar.gz) = 3938611de4ad1e3b71f27f3cd5ea717a5b5f83bffc9cd427e6d929dc67f2bb73 -SIZE (nss-3.116.tar.gz) = 76661970 +TIMESTAMP = 1759509202 +SHA256 (nss-3.117.tar.gz) = 5786b523a2f2e9295ed10d711960d2e33cd620bb80d6288443eda43553a51996 +SIZE (nss-3.117.tar.gz) = 76684970 diff --git a/security/openbao/Makefile b/security/openbao/Makefile index 66ad364ac23e..ed9842ccfaff 100644 --- a/security/openbao/Makefile +++ b/security/openbao/Makefile @@ -1,7 +1,6 @@ PORTNAME= openbao DISTVERSIONPREFIX= v -DISTVERSION= 2.1.0 -PORTREVISION= 5 +DISTVERSION= 2.4.1 CATEGORIES= security MASTER_SITES+= https://raw.githubusercontent.com/${PORTNAME}/${PORTNAME}/${DISTVERSIONFULL}/ DISTFILES= go.mod \ @@ -18,7 +17,7 @@ WWW= https://openbao.org/ LICENSE= MPL20 LICENSE_FILE= ${WRKSRC}/LICENSE -USES= go:1.23,modules +USES= go:modules USE_GITHUB= yes USE_RC_SUBR= ${PORTNAME} @@ -37,7 +36,7 @@ GROUPS= ${PORTNAME} PLIST_FILES= bin/${BIN_NAME} BIN_NAME= bao -GITID= 88383dece6b4ff1b3b242280a54aeabef8101495 +GITID= efb9efa12f550e8322f3cec040862355e966f565 SOURCE_DATE_EPOCH= ${TIMEEPOCHNOW:gmtime} TIMEEPOCHNOW= %Y-%m-%dT%H:%M:%SZ diff --git a/security/openbao/distinfo b/security/openbao/distinfo index 88c98bcafb18..fb9e94011d6e 100644 --- a/security/openbao/distinfo +++ b/security/openbao/distinfo @@ -1,15 +1,15 @@ -TIMESTAMP = 1733111056 -SHA256 (go/security_openbao/openbao-openbao-v2.1.0_GH0/go.mod) = 1008f82689ac553a7e461ddcac299b98335ecc32eda279d6a2059a6b60d6ab7c -SIZE (go/security_openbao/openbao-openbao-v2.1.0_GH0/go.mod) = 17703 -SHA256 (go/security_openbao/openbao-openbao-v2.1.0_GH0/api/go.mod) = d3d93a24f13c88e7950506734f98782417b419f7601fa35d96f97c017f3b5eef -SIZE (go/security_openbao/openbao-openbao-v2.1.0_GH0/api/go.mod) = 1386 -SHA256 (go/security_openbao/openbao-openbao-v2.1.0_GH0/api/auth/approle/go.mod) = 37d743ea994960230616092168903b7e806607fbda94757b28d646be105bee4c -SIZE (go/security_openbao/openbao-openbao-v2.1.0_GH0/api/auth/approle/go.mod) = 182 -SHA256 (go/security_openbao/openbao-openbao-v2.1.0_GH0/api/auth/kubernetes/go.mod) = cf1312fefbf43849805eb13b283556f500f246635c4f39f459908d854dacf41a -SIZE (go/security_openbao/openbao-openbao-v2.1.0_GH0/api/auth/kubernetes/go.mod) = 185 -SHA256 (go/security_openbao/openbao-openbao-v2.1.0_GH0/api/auth/userpass/go.mod) = 41994758ed7b2ba521e641b3ea77a46371e748ce675fffd39ed1b87eb64342ec -SIZE (go/security_openbao/openbao-openbao-v2.1.0_GH0/api/auth/userpass/go.mod) = 183 -SHA256 (go/security_openbao/openbao-openbao-v2.1.0_GH0/sdk/go.mod) = 07079788c1a26811ba0ac1806ac8720acdc11763d49f34fc1c771cbe2fd75dfb -SIZE (go/security_openbao/openbao-openbao-v2.1.0_GH0/sdk/go.mod) = 5303 -SHA256 (go/security_openbao/openbao-openbao-v2.1.0_GH0/openbao-openbao-v2.1.0_GH0.tar.gz) = 526080f9f4ce643e7efd947d316a56b40b4de61eaf3441eb11b6b37590de5b8b -SIZE (go/security_openbao/openbao-openbao-v2.1.0_GH0/openbao-openbao-v2.1.0_GH0.tar.gz) = 16653421 +TIMESTAMP = 1759304389 +SHA256 (go/security_openbao/openbao-openbao-v2.4.1_GH0/go.mod) = ea189356b4c13872d79e3966f0014901237783b5ad137788f26435f45900efde +SIZE (go/security_openbao/openbao-openbao-v2.4.1_GH0/go.mod) = 18705 +SHA256 (go/security_openbao/openbao-openbao-v2.4.1_GH0/api/go.mod) = 60a1ac8f4f20a408d77099fcd89f6b5534755748e5e4644e95d609a7c76a168e +SIZE (go/security_openbao/openbao-openbao-v2.4.1_GH0/api/go.mod) = 1698 +SHA256 (go/security_openbao/openbao-openbao-v2.4.1_GH0/api/auth/approle/go.mod) = 16c1d35f624f21049ec5f175f9dad8c0f3fb3ac247f9b3444a4932e7b27d2c3f +SIZE (go/security_openbao/openbao-openbao-v2.4.1_GH0/api/auth/approle/go.mod) = 1087 +SHA256 (go/security_openbao/openbao-openbao-v2.4.1_GH0/api/auth/kubernetes/go.mod) = 8bf6b245793725b07fc6e152a2d707e34a28895a560b401ce8e7fd209c5789ca +SIZE (go/security_openbao/openbao-openbao-v2.4.1_GH0/api/auth/kubernetes/go.mod) = 1090 +SHA256 (go/security_openbao/openbao-openbao-v2.4.1_GH0/api/auth/userpass/go.mod) = 000b76a1b52e94f97a90645003d164652c66adf7511c2b1f9fc4e9dee8b1b383 +SIZE (go/security_openbao/openbao-openbao-v2.4.1_GH0/api/auth/userpass/go.mod) = 1088 +SHA256 (go/security_openbao/openbao-openbao-v2.4.1_GH0/sdk/go.mod) = 2a4a4b60af7a05c7b67a09ca1fe1a011f0eaca8cf3b086225eaf4dabf54044be +SIZE (go/security_openbao/openbao-openbao-v2.4.1_GH0/sdk/go.mod) = 5570 +SHA256 (go/security_openbao/openbao-openbao-v2.4.1_GH0/openbao-openbao-v2.4.1_GH0.tar.gz) = 51755264feea4924c1ee91780c13312a7f762da7ba01f1ac8bc4bf74734fe322 +SIZE (go/security_openbao/openbao-openbao-v2.4.1_GH0/openbao-openbao-v2.4.1_GH0.tar.gz) = 23530108 diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 0c43cf9a6808..4bbd371479e8 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssl -PORTVERSION= 3.0.17 +PORTVERSION= 3.0.18 PORTEPOCH= 1 CATEGORIES= security devel MASTER_SITES= https://github.com/openssl/openssl/releases/download/${DISTNAME}/ diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 110c105d736f..b0235a50d86b 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751448128 -SHA256 (openssl-3.0.17.tar.gz) = dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce -SIZE (openssl-3.0.17.tar.gz) = 15344831 +TIMESTAMP = 1759300749 +SHA256 (openssl-3.0.18.tar.gz) = d80c34f5cf902dccf1f1b5df5ebb86d0392e37049e5d73df1b3abae72e4ffe8b +SIZE (openssl-3.0.18.tar.gz) = 15348046 diff --git a/security/openssl32/Makefile b/security/openssl32/Makefile deleted file mode 100644 index 7d7665c242e3..000000000000 --- a/security/openssl32/Makefile +++ /dev/null @@ -1,200 +0,0 @@ -PORTNAME= openssl -PORTVERSION= 3.2.5 -CATEGORIES= security devel -PKGNAMESUFFIX= 32 -MASTER_SITES= https://github.com/openssl/openssl/releases/download/${DISTNAME}/ - -MAINTAINER= brnrd@FreeBSD.org -COMMENT= TLSv1.3 capable SSL and crypto library -WWW= https://www.openssl.org/ - -LICENSE= APACHE20 -LICENSE_FILE= ${WRKSRC}/LICENSE.txt - -DEPRECATED= Please use security/openssl35 (LTS) -EXPIRATION_DATE= 2025-09-30 - -CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl openssl111 openssl3[1345] openssl*-quictls - -HAS_CONFIGURE= yes -CONFIGURE_SCRIPT= config -CONFIGURE_ENV= PERL="${PERL}" -CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \ - --prefix=${PREFIX} - -USES= cpe perl5 -USE_PERL5= build -TEST_TARGET= test - -LDFLAGS_i386= -Wl,-znotext - -MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}" -MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS= - -EXTRA_PATCHES+= ${.CURDIR}/../openssl/files/patch-crypto_async_arch_async__posix.h - -OPTIONS_GROUP= CIPHERS COMPRESSION HASHES MODULES OPTIMIZE PROTOCOLS -OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS -OPTIONS_GROUP_COMPRESSION= BROTLI ZLIB ZSTD -OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3 -OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS THREADPOOL -OPTIONS_GROUP_MODULES= FIPS LEGACY -OPTIONS_DEFINE_i386= I386 -OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG QUIC SCTP SSL3 TLS1 TLS1_1 TLS1_2 - -OPTIONS_DEFINE= ASYNC CT KTLS MAN3 RFC3779 SHARED - -OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST MAN3 MD4 NEXTPROTONEG \ - QUIC RFC3779 RC2 RC4 RMD160 SCTP SHARED SSE2 \ - THREADPOOL THREADS TLS1 TLS1_1 TLS1_2 -#OPTIONS_DEFAULT+= KTLS pending updated KTLS patch - -OPTIONS_GROUP_OPTIMIZE_amd64= EC - -.if ${MACHINE_ARCH} == "amd64" -OPTIONS_GROUP_OPTIMIZE+= EC -.elif ${MACHINE_ARCH} == "mips64el" -OPTIONS_GROUP_OPTIMIZE+= EC -.endif - -OPTIONS_SUB= yes - -ARIA_DESC= ARIA (South Korean standard) -ASM_DESC= Assembler code -ASYNC_DESC= Asynchronous mode -CIPHERS_DESC= Block Cipher Support -COMPRESSION_DESC= Compression Support -CT_DESC= Certificate Transparency Support -DES_DESC= (Triple) Data Encryption Standard -EC_DESC= Optimize NIST elliptic curves -FIPS_DESC= Build FIPS provider (Note: NOT yet FIPS validated) -GOST_DESC= GOST (Russian standard) -HASHES_DESC= Hash Function Support -I386_DESC= i386 (instead of i486+) -IDEA_DESC= International Data Encryption Algorithm -KTLS_DESC= Use in-kernel TLS (FreeBSD >13) -LEGACY_DESC= Older algorithms -MAN3_DESC= Install API manpages (section 3, 7) -MD2_DESC= MD2 (obsolete) (requires LEGACY) -MD4_DESC= MD4 (unsafe) -MDC2_DESC= MDC-2 (patented, requires DES) -MODULES_DESC= Provider modules -NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY) -OPTIMIZE_DESC= Optimizations -PROTOCOLS_DESC= Protocol Support -QUIC_DESC= HTTP/3 -RC2_DESC= RC2 (unsafe) -RC4_DESC= RC4 (unsafe) -RC5_DESC= RC5 (patented) -RMD160_DESC= RIPEMD-160 -RFC3779_DESC= RFC3779 support (BGP) -SCTP_DESC= SCTP (Stream Control Transmission) -SHARED_DESC= Build shared libraries -SM2_DESC= SM2 Elliptic Curve DH (Chinese standard) -SM3_DESC= SM3 256bit (Chinese standard) -SM4_DESC= SM4 128bit (Chinese standard) -SSE2_DESC= Runtime SSE2 detection -SSL3_DESC= SSLv3 (unsafe) -TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2) -TLS1_1_DESC= TLSv1.1 (requires TLS1_2) -TLS1_2_DESC= TLSv1.2 -THREADPOOL_DESC=Thread Pooling support -WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe) - -# Upstream default disabled options -.for _option in brotli fips md2 ktls rc5 sctp ssl3 weak-ssl-ciphers zlib zstd -${_option:tu}_CONFIGURE_ON= enable-${_option} -.endfor - -# Upstream default enabled options -.for _option in aria asm async ct des gost idea md4 mdc2 legacy \ - nextprotoneg quic rc2 rc4 rfc3779 rmd160 shared sm2 sm3 sm4 \ - sse2 threads tls1 tls1_1 tls1_2 -${_option:tu}_CONFIGURE_OFF= no-${_option} -.endfor - -MD2_IMPLIES= LEGACY -MDC2_IMPLIES= DES -TLS1_IMPLIES= TLS1_1 -TLS1_1_IMPLIES= TLS1_2 - -BROTLI_CFLAGS= -I${PREFIX}/include -BROTLI_CONFIGURE_ON= enable-brotli-dynamic -BROTLI_LIB_DEPENDS= libbrotlicommon.so:archivers/brotli -EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128 -FIPS_VARS= shlibs+=lib/ossl-modules/fips.so -I386_CONFIGURE_ON= 386 -KTLS_BROKEN= Pending updated KTLS patch -KTLS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ktls -LEGACY_VARS= shlibs+=lib/ossl-modules/legacy.so -MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_find-doc-nits -SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER} -SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER} -SHARED_USE= ldconfig=yes -SHARED_VARS= shlibs+="lib/libcrypto.so.${OPENSSL_SHLIBVER} \ - lib/libssl.so.${OPENSSL_SHLIBVER} \ - lib/engines-${OPENSSL_SHLIBVER}/capi.so \ - lib/engines-${OPENSSL_SHLIBVER}/devcrypto.so \ - lib/engines-${OPENSSL_SHLIBVER}/padlock.so" -SSL3_CONFIGURE_ON= enable-ssl3-method -THREADPOOL_CONFIGURE_OFF= no-thread-pool -ZLIB_CONFIGURE_ON= zlib-dynamic -ZSTD_CFLAGS= -I${PREFIX}/include -ZSTD_CONFIGURE_ON= enable-zstd-dynamic -ZSTD_LIB_DEPENDS= libzstd.so:archivers/zstd - -SHLIBS= lib/engines-${OPENSSL_SHLIBVER}/loader_attic.so - -PORTSCOUT= limit:^${DISTVERSION:R:S/./\./g}\. - -.include <bsd.port.options.mk> - -.if ${ARCH} == powerpc64 -CONFIGURE_ARGS+= BSD-ppc64 -.elif ${ARCH} == powerpc64le -CONFIGURE_ARGS+= BSD-ppc64le -.elif ${ARCH} == riscv64 -CONFIGURE_ARGS+= BSD-riscv64 -.endif - -.include <bsd.port.pre.mk> -.if ${PREFIX} == /usr -IGNORE= the OpenSSL port can not be installed over the base version -.endif - -OPENSSLDIR?= ${PREFIX}/openssl -PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} - -.include "version.mk" - -post-patch: - ${REINPLACE_CMD} -Ee 's|^(build\|install)_docs: .*|\1_docs: \1_man_docs|' \ - ${WRKSRC}/Configurations/unix-Makefile.tmpl - ${REINPLACE_CMD} 's|SHLIB_VERSION=3|SHLIB_VERSION=${OPENSSL_SHLIBVER}|' \ - ${WRKSRC}/VERSION.dat - -post-configure: - ( cd ${WRKSRC} ; ${PERL} configdata.pm --dump ) - -post-configure-MAN3-off: - ${REINPLACE_CMD} \ - -e 's|^build_man_docs:.*|build_man_docs: $$(MANDOCS1) $$(MANDOCS5)|' \ - -e 's|dummy $$(MANDOCS[37]); do |dummy; do |' \ - ${WRKSRC}/Makefile - -post-install-SHARED-on: -.for i in ${SHLIBS} - -@${STRIP_CMD} ${STAGEDIR}${PREFIX}/$i -.endfor - -post-install-SHARED-off: - ${RMDIR} ${STAGEDIR}${PREFIX}/lib/engines-12 - -post-install: - ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl - -post-install-MAN3-on: - ( cd ${STAGEDIR}/${PREFIX} ; find share/man/man3 -not -type d ; \ - find share/man/man7 -not -type d ) | sed 's/$$/.gz/' >> ${TMPPLIST} - -.include <bsd.port.post.mk> diff --git a/security/openssl32/distinfo b/security/openssl32/distinfo deleted file mode 100644 index a79020e9f3da..000000000000 --- a/security/openssl32/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1751448354 -SHA256 (openssl-3.2.5.tar.gz) = b36347d024a0f5bd09fefcd6af7a58bb30946080eb8ce8f7be78562190d09879 -SIZE (openssl-3.2.5.tar.gz) = 17800797 diff --git a/security/openssl32/files/extra-patch-ktls b/security/openssl32/files/extra-patch-ktls deleted file mode 100644 index 8a46c272d95c..000000000000 --- a/security/openssl32/files/extra-patch-ktls +++ /dev/null @@ -1,540 +0,0 @@ -diff --git include/internal/ktls.h include/internal/ktls.h -index 95492fd065..3c82cae26b 100644 ---- include/internal/ktls.h -+++ include/internal/ktls.h -@@ -40,6 +40,11 @@ - # define OPENSSL_KTLS_AES_GCM_128 - # define OPENSSL_KTLS_AES_GCM_256 - # define OPENSSL_KTLS_TLS13 -+# ifdef TLS_CHACHA20_IV_LEN -+# ifndef OPENSSL_NO_CHACHA -+# define OPENSSL_KTLS_CHACHA20_POLY1305 -+# endif -+# endif - - typedef struct tls_enable ktls_crypto_info_t; - -diff --git ssl/ktls.c ssl/ktls.c -index 79d980959e..e343d382cc 100644 ---- ssl/ktls.c -+++ ssl/ktls.c -@@ -10,6 +10,67 @@ - #include "ssl_local.h" - #include "internal/ktls.h" - -+#ifndef OPENSSL_NO_KTLS_RX -+ /* -+ * Count the number of records that were not processed yet from record boundary. -+ * -+ * This function assumes that there are only fully formed records read in the -+ * record layer. If read_ahead is enabled, then this might be false and this -+ * function will fail. -+ */ -+static int count_unprocessed_records(SSL *s) -+{ -+ SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); -+ PACKET pkt, subpkt; -+ int count = 0; -+ -+ if (!PACKET_buf_init(&pkt, rbuf->buf + rbuf->offset, rbuf->left)) -+ return -1; -+ -+ while (PACKET_remaining(&pkt) > 0) { -+ /* Skip record type and version */ -+ if (!PACKET_forward(&pkt, 3)) -+ return -1; -+ -+ /* Read until next record */ -+ if (!PACKET_get_length_prefixed_2(&pkt, &subpkt)) -+ return -1; -+ -+ count += 1; -+ } -+ -+ return count; -+} -+ -+/* -+ * The kernel cannot offload receive if a partial TLS record has been read. -+ * Check the read buffer for unprocessed records. If the buffer contains a -+ * partial record, fail and return 0. Otherwise, update the sequence -+ * number at *rec_seq for the count of unprocessed records and return 1. -+ */ -+static int check_rx_read_ahead(SSL *s, unsigned char *rec_seq) -+{ -+ int bit, count_unprocessed; -+ -+ count_unprocessed = count_unprocessed_records(s); -+ if (count_unprocessed < 0) -+ return 0; -+ -+ /* increment the crypto_info record sequence */ -+ while (count_unprocessed) { -+ for (bit = 7; bit >= 0; bit--) { /* increment */ -+ ++rec_seq[bit]; -+ if (rec_seq[bit] != 0) -+ break; -+ } -+ count_unprocessed--; -+ -+ } -+ -+ return 1; -+} -+#endif -+ - #if defined(__FreeBSD__) - # include "crypto/cryptodev.h" - -@@ -37,6 +98,10 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, - case SSL_AES128GCM: - case SSL_AES256GCM: - return 1; -+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 -+ case SSL_CHACHA20POLY1305: -+ return 1; -+# endif - case SSL_AES128: - case SSL_AES256: - if (s->ext.use_etm) -@@ -55,9 +120,9 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, - } - - /* Function to configure kernel TLS structure */ --int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, -+int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - void *rl_sequence, ktls_crypto_info_t *crypto_info, -- unsigned char **rec_seq, unsigned char *iv, -+ int is_tx, unsigned char *iv, - unsigned char *key, unsigned char *mac_key, - size_t mac_secret_size) - { -@@ -71,6 +136,12 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - else - crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; - break; -+# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 -+ case SSL_CHACHA20POLY1305: -+ crypto_info->cipher_algorithm = CRYPTO_CHACHA20_POLY1305; -+ crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd); -+ break; -+# endif - case SSL_AES128: - case SSL_AES256: - switch (s->s3.tmp.new_cipher->algorithm_mac) { -@@ -101,11 +172,11 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - crypto_info->tls_vminor = (s->version & 0x000000ff); - # ifdef TCP_RXTLS_ENABLE - memcpy(crypto_info->rec_seq, rl_sequence, sizeof(crypto_info->rec_seq)); -- if (rec_seq != NULL) -- *rec_seq = crypto_info->rec_seq; -+ if (!is_tx && !check_rx_read_ahead(s, crypto_info->rec_seq)) -+ return 0; - # else -- if (rec_seq != NULL) -- *rec_seq = NULL; -+ if (!is_tx) -+ return 0; - # endif - return 1; - }; -@@ -154,15 +225,20 @@ int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, - } - - /* Function to configure kernel TLS structure */ --int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, -+int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - void *rl_sequence, ktls_crypto_info_t *crypto_info, -- unsigned char **rec_seq, unsigned char *iv, -+ int is_tx, unsigned char *iv, - unsigned char *key, unsigned char *mac_key, - size_t mac_secret_size) - { - unsigned char geniv[12]; - unsigned char *iiv = iv; - -+# ifdef OPENSSL_NO_KTLS_RX -+ if (!is_tx) -+ return 0; -+# endif -+ - if (s->version == TLS1_2_VERSION && - EVP_CIPHER_get_mode(c) == EVP_CIPH_GCM_MODE) { - if (!EVP_CIPHER_CTX_get_updated_iv(dd, geniv, -@@ -186,8 +262,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - memcpy(crypto_info->gcm128.key, key, EVP_CIPHER_get_key_length(c)); - memcpy(crypto_info->gcm128.rec_seq, rl_sequence, - TLS_CIPHER_AES_GCM_128_REC_SEQ_SIZE); -- if (rec_seq != NULL) -- *rec_seq = crypto_info->gcm128.rec_seq; -+ if (!is_tx && !check_rx_read_ahead(s, crypto_info->gcm128.rec_seq)) -+ return 0; - return 1; - # endif - # ifdef OPENSSL_KTLS_AES_GCM_256 -@@ -201,8 +277,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - memcpy(crypto_info->gcm256.key, key, EVP_CIPHER_get_key_length(c)); - memcpy(crypto_info->gcm256.rec_seq, rl_sequence, - TLS_CIPHER_AES_GCM_256_REC_SEQ_SIZE); -- if (rec_seq != NULL) -- *rec_seq = crypto_info->gcm256.rec_seq; -+ if (!is_tx && !check_rx_read_ahead(s, crypto_info->gcm256.rec_seq)) -+ return 0; - return 1; - # endif - # ifdef OPENSSL_KTLS_AES_CCM_128 -@@ -216,8 +292,8 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - memcpy(crypto_info->ccm128.key, key, EVP_CIPHER_get_key_length(c)); - memcpy(crypto_info->ccm128.rec_seq, rl_sequence, - TLS_CIPHER_AES_CCM_128_REC_SEQ_SIZE); -- if (rec_seq != NULL) -- *rec_seq = crypto_info->ccm128.rec_seq; -+ if (!is_tx && !check_rx_read_ahead(s, crypto_info->ccm128.rec_seq)) -+ return 0; - return 1; - # endif - # ifdef OPENSSL_KTLS_CHACHA20_POLY1305 -@@ -231,8 +307,10 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - EVP_CIPHER_get_key_length(c)); - memcpy(crypto_info->chacha20poly1305.rec_seq, rl_sequence, - TLS_CIPHER_CHACHA20_POLY1305_REC_SEQ_SIZE); -- if (rec_seq != NULL) -- *rec_seq = crypto_info->chacha20poly1305.rec_seq; -+ if (!is_tx -+ && !check_rx_read_ahead(s, -+ crypto_info->chacha20poly1305.rec_seq)) -+ return 0; - return 1; - # endif - default: -diff --git ssl/record/ssl3_record.c ssl/record/ssl3_record.c -index d8ef018741..63caac080f 100644 ---- ssl/record/ssl3_record.c -+++ ssl/record/ssl3_record.c -@@ -185,18 +185,23 @@ int ssl3_get_record(SSL *s) - int imac_size; - size_t num_recs = 0, max_recs, j; - PACKET pkt, sslv2pkt; -- int is_ktls_left; -+ int using_ktls; - SSL_MAC_BUF *macbufs = NULL; - int ret = -1; - - rr = RECORD_LAYER_get_rrec(&s->rlayer); - rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); -- is_ktls_left = (SSL3_BUFFER_get_left(rbuf) > 0); - max_recs = s->max_pipelines; - if (max_recs == 0) - max_recs = 1; - sess = s->session; - -+ /* -+ * KTLS reads full records. If there is any data left, -+ * then it is from before enabling ktls. -+ */ -+ using_ktls = BIO_get_ktls_recv(s->rbio) && SSL3_BUFFER_get_left(rbuf) == 0; -+ - do { - thisrr = &rr[num_recs]; - -@@ -361,7 +366,9 @@ int ssl3_get_record(SSL *s) - } - } - -- if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) { -+ if (SSL_IS_TLS13(s) -+ && s->enc_read_ctx != NULL -+ && !using_ktls) { - if (thisrr->type != SSL3_RT_APPLICATION_DATA - && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC - || !SSL_IS_FIRST_HANDSHAKE(s)) -@@ -391,7 +398,13 @@ int ssl3_get_record(SSL *s) - } - - if (SSL_IS_TLS13(s)) { -- if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) { -+ size_t len = SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH; -+ -+ /* KTLS strips the inner record type. */ -+ if (using_ktls) -+ len = SSL3_RT_MAX_ENCRYPTED_LENGTH; -+ -+ if (thisrr->length > len) { - SSLfatal(s, SSL_AD_RECORD_OVERFLOW, - SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - return -1; -@@ -409,7 +422,7 @@ int ssl3_get_record(SSL *s) - #endif - - /* KTLS may use all of the buffer */ -- if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) -+ if (using_ktls) - len = SSL3_BUFFER_get_left(rbuf); - - if (thisrr->length > len) { -@@ -518,11 +531,7 @@ int ssl3_get_record(SSL *s) - return 1; - } - -- /* -- * KTLS reads full records. If there is any data left, -- * then it is from before enabling ktls -- */ -- if (BIO_get_ktls_recv(s->rbio) && !is_ktls_left) -+ if (using_ktls) - goto skip_decryption; - - if (s->read_hash != NULL) { -@@ -677,21 +686,29 @@ int ssl3_get_record(SSL *s) - if (SSL_IS_TLS13(s) - && s->enc_read_ctx != NULL - && thisrr->type != SSL3_RT_ALERT) { -- size_t end; -+ /* -+ * The following logic are irrelevant in KTLS: the kernel provides -+ * unprotected record and thus record type represent the actual -+ * content type, and padding is already removed and thisrr->type and -+ * thisrr->length should have the correct values. -+ */ -+ if (!using_ktls) { -+ size_t end; - -- if (thisrr->length == 0 -- || thisrr->type != SSL3_RT_APPLICATION_DATA) { -- SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE); -- goto end; -+ if (thisrr->length == 0 -+ || thisrr->type != SSL3_RT_APPLICATION_DATA) { -+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_BAD_RECORD_TYPE); -+ goto end; -+ } -+ -+ /* Strip trailing padding */ -+ for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; -+ end--) -+ continue; -+ -+ thisrr->length = end; -+ thisrr->type = thisrr->data[end]; - } -- -- /* Strip trailing padding */ -- for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0; -- end--) -- continue; -- -- thisrr->length = end; -- thisrr->type = thisrr->data[end]; - if (thisrr->type != SSL3_RT_APPLICATION_DATA - && thisrr->type != SSL3_RT_ALERT - && thisrr->type != SSL3_RT_HANDSHAKE) { -@@ -700,7 +717,7 @@ int ssl3_get_record(SSL *s) - } - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE, -- &thisrr->data[end], 1, s, s->msg_callback_arg); -+ &thisrr->type, 1, s, s->msg_callback_arg); - } - - /* -@@ -723,8 +740,7 @@ int ssl3_get_record(SSL *s) - * Therefore we have to rely on KTLS to check the plaintext length - * limit in the kernel. - */ -- if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH -- && (!BIO_get_ktls_recv(s->rbio) || is_ktls_left)) { -+ if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH && !using_ktls) { - SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_R_DATA_LENGTH_TOO_LONG); - goto end; - } -diff --git ssl/ssl_local.h ssl/ssl_local.h -index 5471e900b8..79ced2f468 100644 ---- ssl/ssl_local.h -+++ ssl/ssl_local.h -@@ -2760,9 +2760,9 @@ __owur int ssl_log_secret(SSL *ssl, const char *label, - /* ktls.c */ - int ktls_check_supported_cipher(const SSL *s, const EVP_CIPHER *c, - const EVP_CIPHER_CTX *dd); --int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, -+int ktls_configure_crypto(SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - void *rl_sequence, ktls_crypto_info_t *crypto_info, -- unsigned char **rec_seq, unsigned char *iv, -+ int is_tx, unsigned char *iv, - unsigned char *key, unsigned char *mac_key, - size_t mac_secret_size); - # endif -diff --git ssl/t1_enc.c ssl/t1_enc.c -index 237a19cd93..900ba14fbd 100644 ---- ssl/t1_enc.c -+++ ssl/t1_enc.c -@@ -98,42 +98,6 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num) - return ret; - } - --#ifndef OPENSSL_NO_KTLS -- /* -- * Count the number of records that were not processed yet from record boundary. -- * -- * This function assumes that there are only fully formed records read in the -- * record layer. If read_ahead is enabled, then this might be false and this -- * function will fail. -- */ --# ifndef OPENSSL_NO_KTLS_RX --static int count_unprocessed_records(SSL *s) --{ -- SSL3_BUFFER *rbuf = RECORD_LAYER_get_rbuf(&s->rlayer); -- PACKET pkt, subpkt; -- int count = 0; -- -- if (!PACKET_buf_init(&pkt, rbuf->buf + rbuf->offset, rbuf->left)) -- return -1; -- -- while (PACKET_remaining(&pkt) > 0) { -- /* Skip record type and version */ -- if (!PACKET_forward(&pkt, 3)) -- return -1; -- -- /* Read until next record */ -- if (!PACKET_get_length_prefixed_2(&pkt, &subpkt)) -- return -1; -- -- count += 1; -- } -- -- return count; --} --# endif --#endif -- -- - int tls_provider_set_tls_params(SSL *s, EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *ciph, - const EVP_MD *md) -@@ -201,12 +165,7 @@ int tls1_change_cipher_state(SSL *s, int which) - int reuse_dd = 0; - #ifndef OPENSSL_NO_KTLS - ktls_crypto_info_t crypto_info; -- unsigned char *rec_seq; - void *rl_sequence; --# ifndef OPENSSL_NO_KTLS_RX -- int count_unprocessed; -- int bit; --# endif - BIO *bio; - #endif - -@@ -473,30 +432,11 @@ int tls1_change_cipher_state(SSL *s, int which) - else - rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); - -- if (!ktls_configure_crypto(s, c, dd, rl_sequence, &crypto_info, &rec_seq, -- iv, key, ms, *mac_secret_size)) -+ if (!ktls_configure_crypto(s, c, dd, rl_sequence, &crypto_info, -+ which & SSL3_CC_WRITE, iv, key, ms, -+ *mac_secret_size)) - goto skip_ktls; - -- if (which & SSL3_CC_READ) { --# ifndef OPENSSL_NO_KTLS_RX -- count_unprocessed = count_unprocessed_records(s); -- if (count_unprocessed < 0) -- goto skip_ktls; -- -- /* increment the crypto_info record sequence */ -- while (count_unprocessed) { -- for (bit = 7; bit >= 0; bit--) { /* increment */ -- ++rec_seq[bit]; -- if (rec_seq[bit] != 0) -- break; -- } -- count_unprocessed--; -- } --# else -- goto skip_ktls; --# endif -- } -- - /* ktls works with user provided buffers directly */ - if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) { - if (which & SSL3_CC_WRITE) -diff --git ssl/tls13_enc.c ssl/tls13_enc.c -index 12388922e3..eaab0e2a74 100644 ---- ssl/tls13_enc.c -+++ ssl/tls13_enc.c -@@ -434,6 +434,7 @@ int tls13_change_cipher_state(SSL *s, int which) - const EVP_CIPHER *cipher = NULL; - #if !defined(OPENSSL_NO_KTLS) && defined(OPENSSL_KTLS_TLS13) - ktls_crypto_info_t crypto_info; -+ void *rl_sequence; - BIO *bio; - #endif - -@@ -688,8 +689,7 @@ int tls13_change_cipher_state(SSL *s, int which) - s->statem.enc_write_state = ENC_WRITE_STATE_VALID; - #ifndef OPENSSL_NO_KTLS - # if defined(OPENSSL_KTLS_TLS13) -- if (!(which & SSL3_CC_WRITE) -- || !(which & SSL3_CC_APPLICATION) -+ if (!(which & SSL3_CC_APPLICATION) - || (s->options & SSL_OP_ENABLE_KTLS) == 0) - goto skip_ktls; - -@@ -705,7 +705,10 @@ int tls13_change_cipher_state(SSL *s, int which) - if (!ktls_check_supported_cipher(s, cipher, ciph_ctx)) - goto skip_ktls; - -- bio = s->wbio; -+ if (which & SSL3_CC_WRITE) -+ bio = s->wbio; -+ else -+ bio = s->rbio; - - if (!ossl_assert(bio != NULL)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); -@@ -713,18 +716,26 @@ int tls13_change_cipher_state(SSL *s, int which) - } - - /* All future data will get encrypted by ktls. Flush the BIO or skip ktls */ -- if (BIO_flush(bio) <= 0) -- goto skip_ktls; -+ if (which & SSL3_CC_WRITE) { -+ if (BIO_flush(bio) <= 0) -+ goto skip_ktls; -+ } - - /* configure kernel crypto structure */ -- if (!ktls_configure_crypto(s, cipher, ciph_ctx, -- RECORD_LAYER_get_write_sequence(&s->rlayer), -- &crypto_info, NULL, iv, key, NULL, 0)) -+ if (which & SSL3_CC_WRITE) -+ rl_sequence = RECORD_LAYER_get_write_sequence(&s->rlayer); -+ else -+ rl_sequence = RECORD_LAYER_get_read_sequence(&s->rlayer); -+ -+ if (!ktls_configure_crypto(s, cipher, ciph_ctx, rl_sequence, &crypto_info, -+ which & SSL3_CC_WRITE, iv, key, NULL, 0)) - goto skip_ktls; - - /* ktls works with user provided buffers directly */ -- if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) -- ssl3_release_write_buffer(s); -+ if (BIO_set_ktls(bio, &crypto_info, which & SSL3_CC_WRITE)) { -+ if (which & SSL3_CC_WRITE) -+ ssl3_release_write_buffer(s); -+ } - skip_ktls: - # endif - #endif -diff --git test/sslapitest.c test/sslapitest.c -index 2911d6e94b..faf2eec2bc 100644 ---- test/sslapitest.c -+++ test/sslapitest.c -@@ -1243,7 +1243,7 @@ static int execute_test_ktls(int cis_ktls, int sis_ktls, - #if defined(OPENSSL_NO_KTLS_RX) - rx_supported = 0; - #else -- rx_supported = (tls_version != TLS1_3_VERSION); -+ rx_supported = 1; - #endif - if (!cis_ktls || !rx_supported) { - if (!TEST_false(BIO_get_ktls_recv(clientssl->rbio))) diff --git a/security/openssl32/files/extra-patch-util_find-doc-nits b/security/openssl32/files/extra-patch-util_find-doc-nits deleted file mode 100644 index bf70e9fee1ac..000000000000 --- a/security/openssl32/files/extra-patch-util_find-doc-nits +++ /dev/null @@ -1,20 +0,0 @@ ---- util/find-doc-nits.orig 2023-09-07 09:00:22 UTC -+++ util/find-doc-nits -@@ -80,7 +80,7 @@ my $temp = '/tmp/docnits.txt'; - my $OUT; - my $status = 0; - --$opt_m = "man1,man3,man5,man7" unless $opt_m; -+$opt_m = "man1,man5" unless $opt_m; - die "Argument of -m option may contain only man1, man3, man5, and/or man7" - unless $opt_m =~ /^(man[1357][, ]?)*$/; - my @sections = ( split /[, ]/, $opt_m ); -@@ -725,7 +725,7 @@ sub check { - next if $target eq ''; # Skip if links within page, or - next if $target =~ /::/; # links to a Perl module, or - next if $target =~ /^https?:/; # is a URL link, or -- next if $target =~ /\([1357]\)$/; # it has a section -+ next if $target =~ /\([15]\)$/; # it has a section - err($id, "Missing man section number (likely, $mansect) in L<$target>") - } - # Check for proper links to commands. diff --git a/security/openssl32/files/patch-Configurations_10-main.conf b/security/openssl32/files/patch-Configurations_10-main.conf deleted file mode 100644 index 82503c0ff90c..000000000000 --- a/security/openssl32/files/patch-Configurations_10-main.conf +++ /dev/null @@ -1,35 +0,0 @@ ---- Configurations/10-main.conf.orig 2022-04-12 16:29:42 UTC -+++ Configurations/10-main.conf -@@ -1069,6 +1069,32 @@ my %targets = ( - perlasm_scheme => "linux64", - }, - -+ "BSD-ppc" => { -+ inherit_from => [ "BSD-generic32" ], -+ asm_arch => 'ppc32', -+ perlasm_scheme => "linux32", -+ lib_cppflags => add("-DB_ENDIAN"), -+ }, -+ -+ "BSD-ppc64" => { -+ inherit_from => [ "BSD-generic64" ], -+ cflags => add("-m64"), -+ cxxflags => add("-m64"), -+ lib_cppflags => add("-DB_ENDIAN"), -+ asm_arch => 'ppc64', -+ perlasm_scheme => "linux64", -+ }, -+ -+ "BSD-ppc64le" => { -+ inherit_from => [ "BSD-generic64" ], -+ cflags => add("-m64"), -+ cxxflags => add("-m64"), -+ lib_cppflags => add("-DL_ENDIAN"), -+ asm_arch => 'ppc64', -+ perlasm_scheme => "linux64le", -+ }, -+ -+ - "bsdi-elf-gcc" => { - inherit_from => [ "BASE_unix" ], - CC => "gcc", diff --git a/security/openssl32/files/patch-crypto_threads__pthread.c b/security/openssl32/files/patch-crypto_threads__pthread.c deleted file mode 100644 index 3347170e0bd0..000000000000 --- a/security/openssl32/files/patch-crypto_threads__pthread.c +++ /dev/null @@ -1,13 +0,0 @@ ---- crypto/threads_pthread.c.orig 2022-11-01 14:14:36 UTC -+++ crypto/threads_pthread.c -@@ -29,6 +29,10 @@ - #define BROKEN_CLANG_ATOMICS - #endif - -+#if defined(__FreeBSD__) && defined(__i386__) -+#define BROKEN_CLANG_ATOMICS -+#endif -+ - #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS) - - # if defined(OPENSSL_SYS_UNIX) diff --git a/security/openssl32/pkg-descr b/security/openssl32/pkg-descr deleted file mode 100644 index c7704288547a..000000000000 --- a/security/openssl32/pkg-descr +++ /dev/null @@ -1,13 +0,0 @@ -The OpenSSL Project is a collaborative effort to develop a robust, -commercial-grade, full-featured, and Open Source toolkit implementing -the Secure Sockets Layer (SSL v3) and Transport Layer Security (TLS v1, -v1.1, v1.2, v1.3) protocols with full-strength cryptography world-wide. -The project is managed by a worldwide community of volunteers that use -the Internet to communicate, plan, and develop the OpenSSL tookit -and its related documentation. - -OpenSSL is based on the excellent SSLeay library developed by Eric -A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under -an Apache-style licence, which basically means that you are free -to get and use it for commercial and non-commercial purposes subject -to some simple license conditions. diff --git a/security/openssl32/pkg-plist b/security/openssl32/pkg-plist deleted file mode 100644 index 322870827bf5..000000000000 --- a/security/openssl32/pkg-plist +++ /dev/null @@ -1,279 +0,0 @@ -bin/c_rehash -bin/openssl -include/openssl/aes.h -include/openssl/asn1.h -include/openssl/asn1_mac.h -include/openssl/asn1err.h -include/openssl/asn1t.h -include/openssl/async.h -include/openssl/asyncerr.h -include/openssl/bio.h -include/openssl/bioerr.h -include/openssl/blowfish.h -include/openssl/bn.h -include/openssl/bnerr.h -include/openssl/buffer.h -include/openssl/buffererr.h -include/openssl/camellia.h -include/openssl/cast.h -include/openssl/cmac.h -include/openssl/cmp.h -include/openssl/cmp_util.h -include/openssl/cmperr.h -include/openssl/cms.h -include/openssl/cmserr.h -include/openssl/comp.h -include/openssl/comperr.h -include/openssl/conf.h -include/openssl/conf_api.h -include/openssl/conferr.h -include/openssl/configuration.h -include/openssl/conftypes.h -include/openssl/core.h -include/openssl/core_dispatch.h -include/openssl/core_names.h -include/openssl/core_object.h -include/openssl/crmf.h -include/openssl/crmferr.h -include/openssl/crypto.h -include/openssl/cryptoerr.h -include/openssl/cryptoerr_legacy.h -include/openssl/ct.h -include/openssl/cterr.h -include/openssl/decoder.h -include/openssl/decodererr.h -include/openssl/des.h -include/openssl/dh.h -include/openssl/dherr.h -include/openssl/dsa.h -include/openssl/dsaerr.h -include/openssl/dtls1.h -include/openssl/e_os2.h -include/openssl/e_ostime.h -include/openssl/ebcdic.h -include/openssl/ec.h -include/openssl/ecdh.h -include/openssl/ecdsa.h -include/openssl/ecerr.h -include/openssl/encoder.h -include/openssl/encodererr.h -include/openssl/engine.h -include/openssl/engineerr.h -include/openssl/err.h -include/openssl/ess.h -include/openssl/esserr.h -include/openssl/evp.h -include/openssl/evperr.h -include/openssl/fips_names.h -include/openssl/fipskey.h -include/openssl/hmac.h -include/openssl/hpke.h -include/openssl/http.h -include/openssl/httperr.h -include/openssl/idea.h -include/openssl/kdf.h -include/openssl/kdferr.h -include/openssl/lhash.h -include/openssl/macros.h -include/openssl/md2.h -include/openssl/md4.h -include/openssl/md5.h -include/openssl/mdc2.h -include/openssl/modes.h -include/openssl/obj_mac.h -include/openssl/objects.h -include/openssl/objectserr.h -include/openssl/ocsp.h -include/openssl/ocsperr.h -include/openssl/opensslconf.h -include/openssl/opensslv.h -include/openssl/ossl_typ.h -include/openssl/param_build.h -include/openssl/params.h -include/openssl/pem.h -include/openssl/pem2.h -include/openssl/pemerr.h -include/openssl/pkcs12.h -include/openssl/pkcs12err.h -include/openssl/pkcs7.h -include/openssl/pkcs7err.h -include/openssl/prov_ssl.h -include/openssl/proverr.h -include/openssl/provider.h -include/openssl/quic.h -include/openssl/rand.h -include/openssl/randerr.h -include/openssl/rc2.h -include/openssl/rc4.h -include/openssl/rc5.h -include/openssl/ripemd.h -include/openssl/rsa.h -include/openssl/rsaerr.h -include/openssl/safestack.h -include/openssl/seed.h -include/openssl/self_test.h -include/openssl/sha.h -include/openssl/srp.h -include/openssl/srtp.h -include/openssl/ssl.h -include/openssl/ssl2.h -include/openssl/ssl3.h -include/openssl/sslerr.h -include/openssl/sslerr_legacy.h -include/openssl/stack.h -include/openssl/store.h -include/openssl/storeerr.h -include/openssl/symhacks.h -include/openssl/thread.h -include/openssl/tls1.h -include/openssl/trace.h -include/openssl/ts.h -include/openssl/tserr.h -include/openssl/txt_db.h -include/openssl/types.h -include/openssl/ui.h -include/openssl/uierr.h -include/openssl/whrlpool.h -include/openssl/x509.h -include/openssl/x509_vfy.h -include/openssl/x509err.h -include/openssl/x509v3.h -include/openssl/x509v3err.h -%%SHARED%%lib/engines-%%SHLIBVER%%/capi.so -%%SHARED%%lib/engines-%%SHLIBVER%%/devcrypto.so -%%SHARED%%lib/engines-%%SHLIBVER%%/loader_attic.so -%%SHARED%%lib/engines-%%SHLIBVER%%/padlock.so -lib/libcrypto.a -%%SHARED%%lib/libcrypto.so -%%SHARED%%lib/libcrypto.so.%%SHLIBVER%% -lib/libssl.a -%%SHARED%%lib/libssl.so -%%SHARED%%lib/libssl.so.%%SHLIBVER%% -%%FIPS%%%%SHARED%%lib/ossl-modules/fips.so -%%LEGACY%%%%SHARED%%lib/ossl-modules/legacy.so -libdata/pkgconfig/libcrypto.pc -libdata/pkgconfig/libssl.pc -libdata/pkgconfig/openssl.pc -share/man/man1/CA.pl.1ossl.gz -share/man/man1/asn1parse.1ossl.gz -share/man/man1/c_rehash.1ossl.gz -share/man/man1/ca.1ossl.gz -share/man/man1/ciphers.1ossl.gz -share/man/man1/cmp.1ossl.gz -share/man/man1/cms.1ossl.gz -share/man/man1/crl.1ossl.gz -share/man/man1/crl2pkcs7.1ossl.gz -share/man/man1/dgst.1ossl.gz -share/man/man1/dhparam.1ossl.gz -share/man/man1/dsa.1ossl.gz -share/man/man1/dsaparam.1ossl.gz -share/man/man1/ec.1ossl.gz -share/man/man1/ecparam.1ossl.gz -share/man/man1/enc.1ossl.gz -share/man/man1/engine.1ossl.gz -share/man/man1/errstr.1ossl.gz -share/man/man1/gendsa.1ossl.gz -share/man/man1/genpkey.1ossl.gz -share/man/man1/genrsa.1ossl.gz -share/man/man1/info.1ossl.gz -share/man/man1/kdf.1ossl.gz -share/man/man1/mac.1ossl.gz -share/man/man1/nseq.1ossl.gz -share/man/man1/ocsp.1ossl.gz -share/man/man1/openssl-asn1parse.1ossl.gz -share/man/man1/openssl-ca.1ossl.gz -share/man/man1/openssl-ciphers.1ossl.gz -share/man/man1/openssl-cmds.1ossl.gz -share/man/man1/openssl-cmp.1ossl.gz -share/man/man1/openssl-cms.1ossl.gz -share/man/man1/openssl-crl.1ossl.gz -share/man/man1/openssl-crl2pkcs7.1ossl.gz -share/man/man1/openssl-dgst.1ossl.gz -share/man/man1/openssl-dhparam.1ossl.gz -share/man/man1/openssl-dsa.1ossl.gz -share/man/man1/openssl-dsaparam.1ossl.gz -share/man/man1/openssl-ec.1ossl.gz -share/man/man1/openssl-ecparam.1ossl.gz -share/man/man1/openssl-enc.1ossl.gz -share/man/man1/openssl-engine.1ossl.gz -share/man/man1/openssl-errstr.1ossl.gz -share/man/man1/openssl-fipsinstall.1ossl.gz -share/man/man1/openssl-format-options.1ossl.gz -share/man/man1/openssl-gendsa.1ossl.gz -share/man/man1/openssl-genpkey.1ossl.gz -share/man/man1/openssl-genrsa.1ossl.gz -share/man/man1/openssl-info.1ossl.gz -share/man/man1/openssl-kdf.1ossl.gz -share/man/man1/openssl-list.1ossl.gz -share/man/man1/openssl-mac.1ossl.gz -share/man/man1/openssl-namedisplay-options.1ossl.gz -share/man/man1/openssl-nseq.1ossl.gz -share/man/man1/openssl-ocsp.1ossl.gz -share/man/man1/openssl-passphrase-options.1ossl.gz -share/man/man1/openssl-passwd.1ossl.gz -share/man/man1/openssl-pkcs12.1ossl.gz -share/man/man1/openssl-pkcs7.1ossl.gz -share/man/man1/openssl-pkcs8.1ossl.gz -share/man/man1/openssl-pkey.1ossl.gz -share/man/man1/openssl-pkeyparam.1ossl.gz -share/man/man1/openssl-pkeyutl.1ossl.gz -share/man/man1/openssl-prime.1ossl.gz -share/man/man1/openssl-rand.1ossl.gz -share/man/man1/openssl-rehash.1ossl.gz -share/man/man1/openssl-req.1ossl.gz -share/man/man1/openssl-rsa.1ossl.gz -share/man/man1/openssl-rsautl.1ossl.gz -share/man/man1/openssl-s_client.1ossl.gz -share/man/man1/openssl-s_server.1ossl.gz -share/man/man1/openssl-s_time.1ossl.gz -share/man/man1/openssl-sess_id.1ossl.gz -share/man/man1/openssl-smime.1ossl.gz -share/man/man1/openssl-speed.1ossl.gz -share/man/man1/openssl-spkac.1ossl.gz -share/man/man1/openssl-srp.1ossl.gz -share/man/man1/openssl-storeutl.1ossl.gz -share/man/man1/openssl-ts.1ossl.gz -share/man/man1/openssl-verification-options.1ossl.gz -share/man/man1/openssl-verify.1ossl.gz -share/man/man1/openssl-version.1ossl.gz -share/man/man1/openssl-x509.1ossl.gz -share/man/man1/openssl.1ossl.gz -share/man/man1/passwd.1ossl.gz -share/man/man1/pkcs12.1ossl.gz -share/man/man1/pkcs7.1ossl.gz -share/man/man1/pkcs8.1ossl.gz -share/man/man1/pkey.1ossl.gz -share/man/man1/pkeyparam.1ossl.gz -share/man/man1/pkeyutl.1ossl.gz -share/man/man1/prime.1ossl.gz -share/man/man1/rand.1ossl.gz -share/man/man1/rehash.1ossl.gz -share/man/man1/req.1ossl.gz -share/man/man1/rsa.1ossl.gz -share/man/man1/rsautl.1ossl.gz -share/man/man1/s_client.1ossl.gz -share/man/man1/s_server.1ossl.gz -share/man/man1/s_time.1ossl.gz -share/man/man1/sess_id.1ossl.gz -share/man/man1/smime.1ossl.gz -share/man/man1/speed.1ossl.gz -share/man/man1/spkac.1ossl.gz -share/man/man1/srp.1ossl.gz -share/man/man1/storeutl.1ossl.gz -share/man/man1/ts.1ossl.gz -share/man/man1/tsget.1ossl.gz -share/man/man1/verify.1ossl.gz -share/man/man1/version.1ossl.gz -share/man/man1/x509.1ossl.gz -share/man/man5/config.5ossl.gz -share/man/man5/fips_config.5ossl.gz -share/man/man5/x509v3_config.5ossl.gz -%%OPENSSLDIR%%/misc/CA.pl -@comment %%OPENSSLDIR%%/misc/tsget.pl -%%OPENSSLDIR%%/misc/tsget -@sample %%OPENSSLDIR%%/ct_log_list.cnf.dist %%OPENSSLDIR%%/ct_log_list.cnf -%%FIPS%%%%OPENSSLDIR%%/fipsmodule.cnf -@sample %%OPENSSLDIR%%/openssl.cnf.dist %%OPENSSLDIR%%/openssl.cnf -@dir lib/ossl-modules -@dir %%OPENSSLDIR%%/private -@dir %%OPENSSLDIR%%/certs diff --git a/security/openssl32/version.mk b/security/openssl32/version.mk deleted file mode 100644 index 5d1aa5452724..000000000000 --- a/security/openssl32/version.mk +++ /dev/null @@ -1 +0,0 @@ -OPENSSL_SHLIBVER?= 14 diff --git a/security/openssl33/Makefile b/security/openssl33/Makefile index 652a325e8d5c..fff511aa41c7 100644 --- a/security/openssl33/Makefile +++ b/security/openssl33/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssl -PORTVERSION= 3.3.4 +PORTVERSION= 3.3.5 CATEGORIES= security devel PKGNAMESUFFIX= 33 MASTER_SITES= https://github.com/openssl/openssl/releases/download/${DISTNAME}/ diff --git a/security/openssl33/distinfo b/security/openssl33/distinfo index a6394ed16a43..b6a4a5dd03a9 100644 --- a/security/openssl33/distinfo +++ b/security/openssl33/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751448373 -SHA256 (openssl-3.3.4.tar.gz) = 8d1a5fc323d3fd351dc05458457fd48f78652d2a498e1d70ffea07b4d0eb3fa8 -SIZE (openssl-3.3.4.tar.gz) = 18113350 +TIMESTAMP = 1759303833 +SHA256 (openssl-3.3.5.tar.gz) = 9d62c00a5a6903740c8703f0e006257f429d565d3b91ac1a9bd4a4c700002e01 +SIZE (openssl-3.3.5.tar.gz) = 18125182 diff --git a/security/openssl34/Makefile b/security/openssl34/Makefile index 4f6eef7378f4..a3f4a4b46a77 100644 --- a/security/openssl34/Makefile +++ b/security/openssl34/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssl -DISTVERSION= 3.4.2 +DISTVERSION= 3.4.3 CATEGORIES= security devel PKGNAMESUFFIX= 34 MASTER_SITES= https://github.com/openssl/openssl/releases/download/${DISTNAME}/ diff --git a/security/openssl34/distinfo b/security/openssl34/distinfo index f57015331c43..ae521b255ad8 100644 --- a/security/openssl34/distinfo +++ b/security/openssl34/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1751448388 -SHA256 (openssl-3.4.2.tar.gz) = 17b02459fc28be415470cccaae7434f3496cac1306b86b52c83886580e82834c -SIZE (openssl-3.4.2.tar.gz) = 18357346 +TIMESTAMP = 1759304020 +SHA256 (openssl-3.4.3.tar.gz) = fa727ed1399a64e754030a033435003991aee36bda9a5b080995cb2ac5cf7f37 +SIZE (openssl-3.4.3.tar.gz) = 18369414 diff --git a/security/openssl35/Makefile b/security/openssl35/Makefile index 0640cab4db9d..9682a1c8782d 100644 --- a/security/openssl35/Makefile +++ b/security/openssl35/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssl -PORTVERSION= 3.5.3 +PORTVERSION= 3.5.4 CATEGORIES= security devel PKGNAMESUFFIX= 35 MASTER_SITES= https://github.com/openssl/openssl/releases/download/${DISTNAME}/ diff --git a/security/openssl35/distinfo b/security/openssl35/distinfo index 001c140b0a75..ed8732a161c5 100644 --- a/security/openssl35/distinfo +++ b/security/openssl35/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1758103685 -SHA256 (openssl-3.5.3.tar.gz) = c9489d2abcf943cdc8329a57092331c598a402938054dc3a22218aea8a8ec3bf -SIZE (openssl-3.5.3.tar.gz) = 53183370 +TIMESTAMP = 1759300466 +SHA256 (openssl-3.5.4.tar.gz) = 967311f84955316969bdb1d8d4b983718ef42338639c621ec4c34fddef355e99 +SIZE (openssl-3.5.4.tar.gz) = 53190367 diff --git a/security/openssl36/Makefile b/security/openssl36/Makefile index 9627f4c42676..8575090a660f 100644 --- a/security/openssl36/Makefile +++ b/security/openssl36/Makefile @@ -1,5 +1,5 @@ PORTNAME= openssl -DISTVERSION= 3.6.0-beta1 +DISTVERSION= 3.6.0 CATEGORIES= security devel PKGNAMESUFFIX= 36 MASTER_SITES= https://github.com/openssl/openssl/releases/download/${DISTNAME}/ diff --git a/security/openssl36/distinfo b/security/openssl36/distinfo index 9cb2e1a06ea7..5d9809463414 100644 --- a/security/openssl36/distinfo +++ b/security/openssl36/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1758108619 -SHA256 (openssl-3.6.0-beta1.tar.gz) = 1cfcda5da5d7221861749113b5090038588784e82a3ba5f893e0c347e5bb1626 -SIZE (openssl-3.6.0-beta1.tar.gz) = 54969625 +TIMESTAMP = 1759344047 +SHA256 (openssl-3.6.0.tar.gz) = b6a5f44b7eb69e3fa35dbf15524405b44837a481d43d81daddde3ff21fcbb8e9 +SIZE (openssl-3.6.0.tar.gz) = 54974351 diff --git a/security/openssl36/pkg-message b/security/openssl36/pkg-message deleted file mode 100644 index 5178cb483794..000000000000 --- a/security/openssl36/pkg-message +++ /dev/null @@ -1,14 +0,0 @@ -[ -{ type: install - message: <<EOM -This OpenSSL version is in an BETA stage -Do NOT use for production! -EOM -} -{ type: upgrade - message: <<EOM -This OpenSSL version is in an BETA stage -Do NOT use for production! -EOM -} -] diff --git a/security/pam_rssh/Makefile b/security/pam_rssh/Makefile index 07652f65ae6e..0c6fe51224ed 100644 --- a/security/pam_rssh/Makefile +++ b/security/pam_rssh/Makefile @@ -1,7 +1,7 @@ PORTNAME= pam_rssh DISTVERSIONPREFIX=v DISTVERSION= 1.1.0 -PORTREVISION= 19 +PORTREVISION= 20 CATEGORIES= security MAINTAINER= romain@FreeBSD.org diff --git a/security/pdfrip/Makefile b/security/pdfrip/Makefile index bf4a65566578..43787025a24f 100644 --- a/security/pdfrip/Makefile +++ b/security/pdfrip/Makefile @@ -1,7 +1,7 @@ PORTNAME= pdfrip DISTVERSIONPREFIX= v DISTVERSION= 2.0.1 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= fox@FreeBSD.org diff --git a/security/py-bcrypt/Makefile b/security/py-bcrypt/Makefile index f600a9238ade..283595598671 100644 --- a/security/py-bcrypt/Makefile +++ b/security/py-bcrypt/Makefile @@ -1,6 +1,6 @@ PORTNAME= bcrypt DISTVERSION= 4.3.0 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-certipy/Makefile b/security/py-certipy/Makefile new file mode 100644 index 000000000000..85a58c2c49ba --- /dev/null +++ b/security/py-certipy/Makefile @@ -0,0 +1,32 @@ +PORTNAME= certipy +PORTVERSION= 0.2.2 +CATEGORIES= security python +MASTER_SITES= PYPI +PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} + +MAINTAINER= yuri@FreeBSD.org +COMMENT= Utility to create and sign CAs and certificates +WWW= https://github.com/LLNL/certipy + +LICENSE= BSD3CLAUSE +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= ${PY_SETUPTOOLS} \ + ${PYTHON_PKGNAMEPREFIX}setuptools-scm>=7:devel/py-setuptools-scm@${PY_FLAVOR} \ + ${PYTHON_PKGNAMEPREFIX}wheel>0:devel/py-wheel@${PY_FLAVOR} +RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}cryptography>0:security/py-cryptography@${PY_FLAVOR} +TEST_DEPENDS= ${PYTHON_PKGNAMEPREFIX}flask>0:www/py-flask@${PY_FLAVOR} + +USES= python +USE_PYTHON= pep517 autoplist concurrent pytest + +TEST_ENV= ${MAKE_ENV} PYTHONPATH=${STAGEDIR}${PYTHONPREFIX_SITELIBDIR} + +NO_ARCH= yes + +do-test: + @cd ${TEST_WRKSRC} && ${SETENV} ${TEST_ENV} ${PYTHON_CMD} -m pytest certipy/test/ -v + +# tests as of 0.2.2: 7 passed, 1 warning in 8.94s + +.include <bsd.port.mk> diff --git a/security/py-certipy/distinfo b/security/py-certipy/distinfo new file mode 100644 index 000000000000..2ef868267d23 --- /dev/null +++ b/security/py-certipy/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1759474134 +SHA256 (certipy-0.2.2.tar.gz) = fef1f3d8819ee29c4c67719171c988302823dfe0b6cfbb47d249f374809ba05e +SIZE (certipy-0.2.2.tar.gz) = 20591 diff --git a/security/py-certipy/files/patch-pyproject.toml b/security/py-certipy/files/patch-pyproject.toml new file mode 100644 index 000000000000..6caafb486e20 --- /dev/null +++ b/security/py-certipy/files/patch-pyproject.toml @@ -0,0 +1,11 @@ +--- pyproject.toml.orig 2025-01-02 23:51:00 UTC ++++ pyproject.toml +@@ -10,7 +10,7 @@ + # SPDX-License-Identifier: BSD-3-Clause + ############################################################################### + [build-system] +-requires = ["setuptools>=64", "setuptools_scm>=7"] ++requires = ["setuptools", "setuptools_scm>=7"] + build-backend = "setuptools.build_meta" + + [project] diff --git a/security/py-certipy/pkg-descr b/security/py-certipy/pkg-descr new file mode 100644 index 000000000000..a238de2106b9 --- /dev/null +++ b/security/py-certipy/pkg-descr @@ -0,0 +1,13 @@ +certipy is a simple python tool for creating certificate authorities +and certificates on the fly. + +Certipy was made to simplify the certificate creation process. To that end, +Certipy exposes methods for creating and managing certificate authorities, +certificates, signing and building trust bundles. + +Behind the scenes Certipy: + +* Manages records of all certificates it creates +* External certs can be imported and managed by Certipy +* Maintains signing hierarchy +* Persists certificates to files with appropriate permissions diff --git a/security/py-ckcc-protocol/Makefile b/security/py-ckcc-protocol/Makefile index 01d504e4d6c9..254aca09428c 100644 --- a/security/py-ckcc-protocol/Makefile +++ b/security/py-ckcc-protocol/Makefile @@ -1,6 +1,5 @@ PORTNAME= ckcc-protocol -PORTVERSION= 1.4.0 -PORTREVISION= 1 +PORTVERSION= 1.5.0 CATEGORIES= security MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-ckcc-protocol/distinfo b/security/py-ckcc-protocol/distinfo index 7230355a7a04..7ac687b037d6 100644 --- a/security/py-ckcc-protocol/distinfo +++ b/security/py-ckcc-protocol/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1694699526 -SHA256 (ckcc-protocol-1.4.0.tar.gz) = cd93d4d3e3308ea4580aa6be5b4613a8266fd96b0cc1af51e7168def27bbece5 -SIZE (ckcc-protocol-1.4.0.tar.gz) = 33208 +TIMESTAMP = 1759385369 +SHA256 (ckcc-protocol-1.5.0.tar.gz) = 49d6f7d0eb413a7d93c5f87d37ceb26352402318e4c0beff341f9f03c448d74c +SIZE (ckcc-protocol-1.5.0.tar.gz) = 38818 diff --git a/security/py-cryptography/Makefile b/security/py-cryptography/Makefile index 4196068bf9b6..5c0c9fabfec5 100644 --- a/security/py-cryptography/Makefile +++ b/security/py-cryptography/Makefile @@ -1,6 +1,6 @@ PORTNAME= cryptography PORTVERSION= 44.0.3 -PORTREVISION= 3 +PORTREVISION= 4 PORTEPOCH= 1 CATEGORIES= security python MASTER_SITES= PYPI diff --git a/security/py-joserfc/Makefile b/security/py-joserfc/Makefile index c909e5773db7..7f57e94ff9d8 100644 --- a/security/py-joserfc/Makefile +++ b/security/py-joserfc/Makefile @@ -1,5 +1,5 @@ PORTNAME= joserfc -PORTVERSION= 1.3.1 +PORTVERSION= 1.3.2 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-joserfc/distinfo b/security/py-joserfc/distinfo index d994f1b7109c..facbadb9600a 100644 --- a/security/py-joserfc/distinfo +++ b/security/py-joserfc/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1757120816 -SHA256 (joserfc-1.3.1.tar.gz) = f682710bffbf2052d7a90e5d808dbaf06832ccac24f697b262837ea052eeb2c9 -SIZE (joserfc-1.3.1.tar.gz) = 195967 +TIMESTAMP = 1757436541 +SHA256 (joserfc-1.3.2.tar.gz) = 147bbba5b0b7c29fa270921dc1f17d83b48ccf0fecf51295b8de1ff1b682ca53 +SIZE (joserfc-1.3.2.tar.gz) = 196379 diff --git a/security/py-krb5/Makefile b/security/py-krb5/Makefile index 504fc24d4529..4e3347a350d3 100644 --- a/security/py-krb5/Makefile +++ b/security/py-krb5/Makefile @@ -1,5 +1,5 @@ PORTNAME= krb5 -PORTVERSION= 0.7.1 +PORTVERSION= 0.8.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} @@ -15,7 +15,7 @@ BUILD_DEPENDS= ${PYTHON_PKGNAMEPREFIX}setuptools>=42.0.0:devel/py-setuptools@${P ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR} USES= python ssl -USE_PYTHON= autoplist concurrent cython pep517 +USE_PYTHON= autoplist concurrent cython3 pep517 MAKE_ENV= KRB5_KRB5CONFIG=${KRB5CONFIG} diff --git a/security/py-krb5/distinfo b/security/py-krb5/distinfo index 0ae3e79988f0..a24b53c1c653 100644 --- a/security/py-krb5/distinfo +++ b/security/py-krb5/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1742070460 -SHA256 (krb5-0.7.1.tar.gz) = ed5f13d5031489b10d8655c0ada28a81c2391b3ecb8a08c6d739e1e5835bc450 -SIZE (krb5-0.7.1.tar.gz) = 235732 +TIMESTAMP = 1757436543 +SHA256 (krb5-0.8.0.tar.gz) = daaf580cf563a2435cc889d4a0692e02c5788e1eb91f0246d56114cf4f08ba1c +SIZE (krb5-0.8.0.tar.gz) = 235540 diff --git a/security/py-krb5/files/patch-pyproject.toml b/security/py-krb5/files/patch-pyproject.toml new file mode 100644 index 000000000000..b3fe07055245 --- /dev/null +++ b/security/py-krb5/files/patch-pyproject.toml @@ -0,0 +1,10 @@ +--- pyproject.toml.orig 2025-09-01 04:40:28 UTC ++++ pyproject.toml +@@ -1,6 +1,6 @@ requires = [ + [build-system] + requires = [ +- "Cython == 3.1.3", ++ "Cython >= 3.1.3", + "setuptools >= 42.0.0", # Supports license_files + ] + build-backend = "setuptools.build_meta" diff --git a/security/py-krb5/files/patch-src-krb5-_principal.pyi b/security/py-krb5/files/patch-src-krb5-_principal.pyi index 2efafadd135c..9a101d37eb8b 100644 --- a/security/py-krb5/files/patch-src-krb5-_principal.pyi +++ b/security/py-krb5/files/patch-src-krb5-_principal.pyi @@ -1,10 +1,10 @@ ---- src/krb5/_principal.pyi.orig 2022-08-08 21:14:44 UTC +--- src/krb5/_principal.pyi.orig 2025-09-01 04:40:28 UTC +++ src/krb5/_principal.pyi @@ -13,7 +13,6 @@ class PrincipalParseFlags(enum.IntEnum): - no_realm: PrincipalParseFlags = ... #: Error if realm is present - require_realm: PrincipalParseFlags = ... #: Error if realm is not present - enterprise: PrincipalParseFlags = ... #: Create single-component enterprise principal -- ignore_realm: PrincipalParseFlags = ... #: Ignore realm if present + no_realm = ... #: Error if realm is present + require_realm = ... #: Error if realm is not present + enterprise = ... #: Create single-component enterprise principal +- ignore_realm = ... #: Ignore realm if present class PrincipalUnparseFlags(enum.IntEnum): """Flags used to control :meth:`unparse_name_flags`.""" diff --git a/security/py-pyspnego/Makefile b/security/py-pyspnego/Makefile index ba9ac5e7eb0a..77a90292438d 100644 --- a/security/py-pyspnego/Makefile +++ b/security/py-pyspnego/Makefile @@ -1,5 +1,5 @@ PORTNAME= pyspnego -PORTVERSION= 0.11.2 +PORTVERSION= 0.12.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-pyspnego/distinfo b/security/py-pyspnego/distinfo index 8149b4d44150..7a92eaef742a 100644 --- a/security/py-pyspnego/distinfo +++ b/security/py-pyspnego/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1731679336 -SHA256 (pyspnego-0.11.2.tar.gz) = 994388d308fb06e4498365ce78d222bf4f3570b6df4ec95738431f61510c971b -SIZE (pyspnego-0.11.2.tar.gz) = 225954 +TIMESTAMP = 1757436545 +SHA256 (pyspnego-0.12.0.tar.gz) = e1d9cd3520a87a1d6db8d68783b17edc4e1464eae3d51ead411a51c82dbaae67 +SIZE (pyspnego-0.12.0.tar.gz) = 225764 diff --git a/security/py-pyspnego/files/patch-pyproject.toml b/security/py-pyspnego/files/patch-pyproject.toml new file mode 100644 index 000000000000..6cdc7bdcb44c --- /dev/null +++ b/security/py-pyspnego/files/patch-pyproject.toml @@ -0,0 +1,20 @@ +--- pyproject.toml.orig 2025-09-02 18:23:38 UTC ++++ pyproject.toml +@@ -1,6 +1,6 @@ requires = [ + [build-system] + requires = [ +- "setuptools >= 77.0.3", # license and license-files alignment ++ "setuptools >= 61.0.0", # license and license-files alignment + ] + build-backend = "setuptools.build_meta" + +@@ -9,8 +9,7 @@ requires-python = ">=3.9" + description = "Windows Negotiate Authentication Client and Server" + readme = "README.md" + requires-python = ">=3.9" +-license = "MIT" +-license-files = ["LICENSE"] ++license = {file = "LICENSE"} + authors = [ + { name = "Jordan Borean", email = "jborean93@gmail.com" } + ] diff --git a/security/py-webauthn/Makefile b/security/py-webauthn/Makefile index 0224d6c5af41..230da5a74c9a 100644 --- a/security/py-webauthn/Makefile +++ b/security/py-webauthn/Makefile @@ -1,5 +1,5 @@ PORTNAME= webauthn -PORTVERSION= 2.6.0 +PORTVERSION= 2.7.0 CATEGORIES= security python MASTER_SITES= PYPI PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX} diff --git a/security/py-webauthn/distinfo b/security/py-webauthn/distinfo index 4b6631072a69..ef757ee7b0cd 100644 --- a/security/py-webauthn/distinfo +++ b/security/py-webauthn/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1750188136 -SHA256 (webauthn-2.6.0.tar.gz) = 13cf5b009a64cef569599ffecf24550df1d7c0cd4fbaea870f937148484a80b4 -SIZE (webauthn-2.6.0.tar.gz) = 123608 +TIMESTAMP = 1757436547 +SHA256 (webauthn-2.7.0.tar.gz) = 3c45c25e75a7d7d419220ccd10b8b899984de8012732e10d898f0a8f8c480575 +SIZE (webauthn-2.7.0.tar.gz) = 123770 diff --git a/security/rage-encryption/Makefile b/security/rage-encryption/Makefile index 688f7197901f..e79fef92dda4 100644 --- a/security/rage-encryption/Makefile +++ b/security/rage-encryption/Makefile @@ -1,7 +1,7 @@ PORTNAME= rage DISTVERSIONPREFIX= v DISTVERSION= 0.11.1 -PORTREVISION= 6 +PORTREVISION= 7 CATEGORIES= security PKGNAMESUFFIX= -encryption diff --git a/security/ratify/Makefile b/security/ratify/Makefile index a90853bdb421..d11339ee445b 100644 --- a/security/ratify/Makefile +++ b/security/ratify/Makefile @@ -1,5 +1,6 @@ PORTNAME= ratify DISTVERSION= 2.3.1 +PORTREVISION= 1 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/rpm-sequoia/Makefile b/security/rpm-sequoia/Makefile index 344c34f5b2cf..d0048e6a9974 100644 --- a/security/rpm-sequoia/Makefile +++ b/security/rpm-sequoia/Makefile @@ -1,7 +1,7 @@ PORTNAME= rpm-sequoia DISTVERSIONPREFIX= v DISTVERSION= 1.9.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security archivers MAINTAINER= yuri@FreeBSD.org diff --git a/security/rubygem-gitlab-cloud-connector/Makefile b/security/rubygem-gitlab-cloud-connector/Makefile index 45f94f9b9f71..43aefd6f1e46 100644 --- a/security/rubygem-gitlab-cloud-connector/Makefile +++ b/security/rubygem-gitlab-cloud-connector/Makefile @@ -1,5 +1,6 @@ PORTNAME= gitlab-cloud-connector PORTVERSION= 1.31.0 +PORTREVISION= 1 CATEGORIES= security rubygems MASTER_SITES= RG @@ -11,7 +12,7 @@ LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= rubygem-activesupport-gitlab>=7.0<8:devel/rubygem-activesupport-gitlab \ - rubygem-jwt>=2.9<3:www/rubygem-jwt + rubygem-jwt2>=2.9<3:www/rubygem-jwt2 USES= gem diff --git a/security/rubygem-googleauth-gitlab/Makefile b/security/rubygem-googleauth-gitlab/Makefile index b764b9b82b51..a574ba1de414 100644 --- a/security/rubygem-googleauth-gitlab/Makefile +++ b/security/rubygem-googleauth-gitlab/Makefile @@ -1,5 +1,6 @@ PORTNAME= googleauth PORTVERSION= 1.14.0 +PORTREVISION= 1 CATEGORIES= security rubygems MASTER_SITES= RG PKGNAMESUFFIX= -gitlab @@ -14,7 +15,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= rubygem-faraday-gitlab>=1.0<3.0:www/rubygem-faraday-gitlab \ rubygem-google-cloud-env-gitlab>=2.2<3:net/rubygem-google-cloud-env-gitlab \ rubygem-google-logging-utils>=0.1<1:devel/rubygem-google-logging-utils \ - rubygem-jwt>=1.4<3.0:www/rubygem-jwt \ + rubygem-jwt2>=1.4<3.0:www/rubygem-jwt2 \ rubygem-multi_json>=1.11<2:devel/rubygem-multi_json \ rubygem-os>=0.9<2.0:devel/rubygem-os \ rubygem-signet-gitlab>=0.16<2:security/rubygem-signet-gitlab diff --git a/security/rubygem-safety_net_attestation/Makefile b/security/rubygem-safety_net_attestation/Makefile index 70faa56c99a7..72fca26ac950 100644 --- a/security/rubygem-safety_net_attestation/Makefile +++ b/security/rubygem-safety_net_attestation/Makefile @@ -1,5 +1,6 @@ PORTNAME= safety_net_attestation PORTVERSION= 0.4.0 +PORTREVISION= 1 CATEGORIES= security rubygems MASTER_SITES= RG @@ -9,7 +10,7 @@ WWW= https://github.com/bdewater/safety_net_attestation LICENSE= MIT -RUN_DEPENDS= rubygem-jwt>=2.0<3:www/rubygem-jwt +RUN_DEPENDS= rubygem-jwt2>=2.0<3:www/rubygem-jwt2 USES= gem diff --git a/security/rubygem-signet-gitlab/Makefile b/security/rubygem-signet-gitlab/Makefile index 9233697a634e..d0f7b9ffea03 100644 --- a/security/rubygem-signet-gitlab/Makefile +++ b/security/rubygem-signet-gitlab/Makefile @@ -1,5 +1,6 @@ PORTNAME= signet PORTVERSION= 0.19.0 +PORTREVISION= 1 CATEGORIES= security rubygems MASTER_SITES= RG PKGNAMESUFFIX= -gitlab @@ -13,7 +14,7 @@ LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= rubygem-addressable>=2.8<3:www/rubygem-addressable \ rubygem-faraday-gitlab>=0.17.5<3.0:www/rubygem-faraday-gitlab \ - rubygem-jwt>=1.5<3.0:www/rubygem-jwt \ + rubygem-jwt2>=1.5<3.0:www/rubygem-jwt2 \ rubygem-multi_json>=1.10<2:devel/rubygem-multi_json USES= gem diff --git a/security/rubygem-webpush/Makefile b/security/rubygem-webpush/Makefile index c2b87611eccb..5c075e5de79f 100644 --- a/security/rubygem-webpush/Makefile +++ b/security/rubygem-webpush/Makefile @@ -1,5 +1,6 @@ PORTNAME= webpush PORTVERSION= 1.1.0 +PORTREVISION= 1 CATEGORIES= security rubygems MASTER_SITES= RG @@ -11,7 +12,7 @@ LICENSE= MIT LICENSE_FILE= ${WRKSRC}/LICENSE RUN_DEPENDS= rubygem-hkdf0>=0.2<1:security/rubygem-hkdf0 \ - rubygem-jwt>=2.0<3:www/rubygem-jwt + rubygem-jwt2>=2.0<3:www/rubygem-jwt2 USES= gem diff --git a/security/rustls-ffi/Makefile b/security/rustls-ffi/Makefile index 9c6efa0fa885..f2559fb39df6 100644 --- a/security/rustls-ffi/Makefile +++ b/security/rustls-ffi/Makefile @@ -1,7 +1,7 @@ PORTNAME= rustls-ffi DISTVERSIONPREFIX= v DISTVERSION= 0.15.0 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= brnrd@FreeBSD.org diff --git a/security/rustscan/Makefile b/security/rustscan/Makefile index 403a1d9714a0..4f13108ab023 100644 --- a/security/rustscan/Makefile +++ b/security/rustscan/Makefile @@ -1,6 +1,6 @@ PORTNAME= rustscan PORTVERSION= 2.4.1 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/sequoia-chameleon-gnupg/Makefile b/security/sequoia-chameleon-gnupg/Makefile index f66d9dcdaadb..e9e1ea6e49c6 100644 --- a/security/sequoia-chameleon-gnupg/Makefile +++ b/security/sequoia-chameleon-gnupg/Makefile @@ -1,7 +1,7 @@ PORTNAME= sequoia-chameleon-gnupg DISTVERSIONPREFIX= v DISTVERSION= 0.13.1 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= security MAINTAINER= vishwin@FreeBSD.org diff --git a/security/sequoia-sq/Makefile b/security/sequoia-sq/Makefile index 26e06e16fa59..aaf571000b74 100644 --- a/security/sequoia-sq/Makefile +++ b/security/sequoia-sq/Makefile @@ -1,7 +1,7 @@ PORTNAME= sq DISTVERSIONPREFIX= v DISTVERSION= 1.3.1 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security PKGNAMEPREFIX= sequoia- diff --git a/security/sniffglue/Makefile b/security/sniffglue/Makefile index d7331e6fdaf9..6202160c807c 100644 --- a/security/sniffglue/Makefile +++ b/security/sniffglue/Makefile @@ -1,7 +1,7 @@ PORTNAME= sniffglue DISTVERSIONPREFIX= v DISTVERSION= 0.16.1 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= security MAINTAINER= freebsd@sysctl.cz diff --git a/security/softhsm2/Makefile b/security/softhsm2/Makefile index 9a6aea3a5aa2..e1209054b8ec 100644 --- a/security/softhsm2/Makefile +++ b/security/softhsm2/Makefile @@ -1,6 +1,6 @@ PORTNAME= softhsm PORTVERSION= 2.6.1 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= http://dist.opendnssec.org/source/ \ http://dist.opendnssec.org/source/testing/ @@ -13,53 +13,37 @@ WWW= https://www.opendnssec.org/ LICENSE= BSD2CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE -GNU_CONFIGURE= yes -GNU_CONFIGURE_MANPREFIX=${PREFIX}/share -INSTALL_TARGET= install-strip -USES= compiler:c++11-lang libtool ssl pkgconfig - -SUB_FILES= pkg-message - -CONFLICTS= softhsm-1.* - -USE_LDCONFIG= yes - -LIB_DEPENDS+= libcppunit.so:devel/cppunit MY_DEPENDS+= p11-kit:security/p11-kit BUILD_DEPENDS+= ${MY_DEPENDS} RUN_DEPENDS+= ${MY_DEPENDS} -OPTIONS_DEFINE= SQLITE MIGRATE -MIGRATE_IMPLIES= SQLITE -OPTIONS_SUB= yes -SQLITE_DESC= Build with object store backend DB support (SQLITE3) -MIGRATE_DESC= Build the migration tool +USES= compiler:c++11-lang libtool pkgconfig ssl -OPTIONS_SINGLE= CRYP -OPTIONS_SINGLE_CRYP= CRYP_OPEN CRYP_BOTAN +GNU_CONFIGURE= yes +GNU_CONFIGURE_MANPREFIX=${PREFIX}/share -CRYP_OPEN_DESC= Build with OpenSSL crypto library -CRYP_BOTAN_DESC= Build with Botan crypto library +CONFIGURE_ARGS+= --with-crypto-backend=openssl \ + --with-openssl=${OPENSSLBASE} \ + --disable-gost -OPTIONS_DEFAULT= CRYP_OPEN SQLITE MIGRATE +INSTALL_TARGET= install-strip -SQLITE_CONFIGURE_WITH= sqlite3=${LOCALBASE} objectstore-backend-db -SQLITE_USES= sqlite -MIGRATE_CONFIGURE_WITH= migrate +CONFLICTS= softhsm-1.* -CRYP_BOTAN_CONFIGURE_ON= --with-crypto-backend=botan -CRYP_BOTAN_LIB_DEPENDS= libbotan-2.so:security/botan2 +SUB_FILES= pkg-message -CRYP_OPEN_CONFIGURE_ON= --with-crypto-backend=openssl --with-openssl=${OPENSSLBASE} +OPTIONS_DEFINE= SQLITE MIGRATE +OPTIONS_DEFAULT= CRYP_OPEN SQLITE MIGRATE -.include <bsd.port.options.mk> +OPTIONS_SUB= yes +MIGRATE_DESC= Build the migration tool +SQLITE_DESC= Build with object store backend DB support (SQLITE3) -.if ${SSL_DEFAULT:Mlibressl*} || ${SSL_DEFAULT:Mopenssl} -CONFIGURE_ARGS+= --disable-gost -.endif +MIGRATE_IMPLIES= SQLITE +MIGRATE_CONFIGURE_WITH= migrate -# openssl-1.1.1 (default after 1200080) doesn't support GHOST (yet), punt for now. -CONFIGURE_ARGS+= --disable-gost +SQLITE_USES= sqlite +SQLITE_CONFIGURE_WITH= sqlite3=${LOCALBASE} objectstore-backend-db post-install: ${MKDIR} ${STAGEDIR}${PREFIX}/share/p11-kit/modules diff --git a/security/ssh-vault/Makefile b/security/ssh-vault/Makefile index 7b45ec510645..d713158ceb49 100644 --- a/security/ssh-vault/Makefile +++ b/security/ssh-vault/Makefile @@ -1,6 +1,6 @@ PORTNAME= ssh-vault PORTVERSION= 1.0.10 -PORTREVISION= 14 +PORTREVISION= 15 CATEGORIES= security MASTER_SITES= CRATESIO DISTFILES= ${CARGO_DIST_SUBDIR}/${DISTNAME}${CARGO_CRATE_EXT} diff --git a/security/sudo-rs/Makefile b/security/sudo-rs/Makefile index a76bfdb2f580..909b431a62a6 100644 --- a/security/sudo-rs/Makefile +++ b/security/sudo-rs/Makefile @@ -1,7 +1,7 @@ PORTNAME= sudo-rs DISTVERSIONPREFIX= v DISTVERSION= 0.2.8 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= marc@trifectatech.org diff --git a/security/suricata/Makefile b/security/suricata/Makefile index ac84d4d9587d..3d1c7bd1e0cd 100644 --- a/security/suricata/Makefile +++ b/security/suricata/Makefile @@ -1,6 +1,6 @@ PORTNAME= suricata DISTVERSION= 7.0.11 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://www.openinfosecfoundation.org/download/ diff --git a/security/vaultwarden/Makefile b/security/vaultwarden/Makefile index 82a26d7d1c4b..0a8fe5576b6d 100644 --- a/security/vaultwarden/Makefile +++ b/security/vaultwarden/Makefile @@ -1,6 +1,6 @@ PORTNAME= vaultwarden DISTVERSION= 1.34.3 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MAINTAINER= mr@FreeBSD.org diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 2d619a55664a..b1d04ff02b44 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,262 @@ + <vuln vid="21fba35e-a05f-11f0-a8b8-a1ef31191bc1"> + <topic>fetchmail -- potential crash when authenticating to SMTP server</topic> + <affects> + <package> + <name>fetchmail</name> + <range><ge>5.9.9</ge><lt>6.5.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Matthias Andree reports:</p> + <blockquote cite="https://www.fetchmail.info/fetchmail-SA-2025-01.txt"> + <p> + fetchmail's SMTP client, when configured to authenticate, is + susceptible to a protocol violation where, when a trusted but + malicious or malfunctioning SMTP server responds to an + authentication request with a "334" code but without a following + blank on the line, it will attempt to start reading from memory + address 0x1 to parse the server's SASL challenge. This address is + constant and not under the attacker's control. This event will + usually cause a crash of fetchmail. + </p> + </blockquote> + </body> + </description> + <references> + <!-- cvename has been requested from MITRE but not yet created <cvename>INSERT CVE RECORD IF AVAILABLE</cvename> --> + <url>https://www.fetchmail.info/fetchmail-SA-2025-01.txt</url> + <url>https://gitlab.com/fetchmail/fetchmail/-/raw/legacy_6x/fetchmail-SA-2025-01.txt?ref_type=heads</url> + <url>https://gitlab.com/fetchmail/fetchmail/-/commit/4c3cebfa4e659fb778ca2cae0ccb3f69201609a8</url> + </references> + <dates> + <discovery>2025-10-02</discovery> + <entry>2025-10-03</entry> + </dates> + </vuln> + + <vuln vid="169a87de-a157-4558-9f97-a7395a9ae144"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>141.0.7390.54</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>141.0.7390.54</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html"> + <p>This update includes 21 security fixes:</p> + <ul> + <li>[442444724] High CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG on 2025-09-02</li> + <li>[444755026] High CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl on 2025-09-12</li> + <li>[428189824] Medium CVE-2025-11207: Side-channel information leakage in Storage. Reported by Alesandro Ortiz on 2025-06-27</li> + <li>[397878997] Medium CVE-2025-11208: Inappropriate implementation in Media. Reported by Kevin Joensen on 2025-02-20</li> + <li>[438226517] Medium CVE-2025-11209: Inappropriate implementation in Omnibox. Reported by Hafiizh on 2025-08-13</li> + <li>[440523110] Medium CVE-2025-11210: Side-channel information leakage in Tab. Reported by Umar Farooq on 2025-08-22</li> + <li>[441917796] Medium CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob on 2025-08-29</li> + <li>[420734141] Medium CVE-2025-11212: Inappropriate implementation in Media. Reported by Ameen Basha M K on 2025-05-28</li> + <li>[443408317] Medium CVE-2025-11213: Inappropriate implementation in Omnibox. Reported by Hafiizh on 2025-09-06</li> + <li>[439758498] Medium CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep on 2025-08-19</li> + <li>[419721056] Low CVE-2025-11216: Inappropriate implementation in Storage. Reported by Farras Givari on 2025-05-23</li> + <li>[439772737] Low CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep on 2025-08-19</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-11205</cvename> + <cvename>CVE-2025-11206</cvename> + <cvename>CVE-2025-11207</cvename> + <cvename>CVE-2025-11208</cvename> + <cvename>CVE-2025-11209</cvename> + <cvename>CVE-2025-11210</cvename> + <cvename>CVE-2025-11211</cvename> + <cvename>CVE-2025-11212</cvename> + <cvename>CVE-2025-11213</cvename> + <cvename>CVE-2025-11215</cvename> + <cvename>CVE-2025-11216</cvename> + <cvename>CVE-2025-11219</cvename> + <url>https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html</url> + </references> + <dates> + <discovery>2025-09-30</discovery> + <entry>2025-10-03</entry> + </dates> + </vuln> + + <vuln vid="90fc859e-9fe4-11f0-9fa2-080027836e8b"> + <topic>Django -- multiple vulnerabilities</topic> + <affects> + <package> + <name>py39-django42</name> + <name>py310-django42</name> + <name>py311-django42</name> + <range><lt>4.2.25</lt></range> + </package> + <package> + <name>py310-django51</name> + <name>py311-django51</name> + <range><lt>5.1.13</lt></range> + </package> + <package> + <name>py310-django52</name> + <name>py311-django52</name> + <range><lt>5.2.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Django reports:</p> + <blockquote cite="https://www.djangoproject.com/weblog/2025/oct/01/security-releases/"> + <p>CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB.</p> + <p>CVE-2025-59682: Potential partial directory-traversal via archive.extract().</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-59681</cvename> + <cvename>CVE-2025-59682</cvename> + <url>https://www.djangoproject.com/weblog/2025/oct/01/security-releases/</url> + </references> + <dates> + <discovery>2025-10-01</discovery> + <entry>2025-10-02</entry> + </dates> + </vuln> + + <vuln vid="cb570d6f-9ea9-11f0-9446-f02f7497ecda"> + <topic>py-mysql-connector-python -- Vulnerability in the MySQL Connectors product of Oracle MySQL</topic> + <affects> + <package> + <name>py39-mysql-connector-python</name> + <name>py310-mysql-connector-python</name> + <name>py311-mysql-connector-python</name> + <name>py312-mysql-connector-python</name> + <range><lt>9.2.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Oracle reports:</p> + <blockquote cite="https://www.oracle.com/security-alerts/cpujan2025.html"> + <p>Vulnerability in the MySQL Connectors product of Oracle MySQL + (component: Connector/Python). Supported versions that are affected are + 9.1.0 and prior. Easily exploitable vulnerability allows high privileged + attacker with network access via multiple protocols to compromise MySQL + Connectors. Successful attacks require human interaction from a person + other than the attacker. Successful attacks of this vulnerability can + result in unauthorized creation, deletion or modification access to + critical data or all MySQL Connectors accessible data as well as + unauthorized read access to a subset of MySQL Connectors accessible data + and unauthorized ability to cause a hang or frequently repeatable crash + (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.4 + (Confidentiality, Integrity and Availability impacts). CVSS Vector: + (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-21548</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-21548</url> + </references> + <dates> + <discovery>2025-01-21</discovery> + <entry>2025-10-01</entry> + </dates> + </vuln> + + <vuln vid="00e912c5-9e92-11f0-bc5f-8447094a420f"> + <topic>OpenSSL -- multiple vulnerabilities</topic> + <affects> + <package> + <name>openssl</name> + <range><lt>3.0.18,1</lt></range> + </package> + <package> + <name>openssl32</name> + <range><lt>3.2.6</lt></range> + </package> + <package> + <name>openssl33</name> + <range><lt>3.3.5</lt></range> + </package> + <package> + <name>openssl33-quictls</name> + <range><lt>3.3.5</lt></range> + </package> + <package> + <name>openssl34</name> + <range><lt>3.4.3</lt></range> + </package> + <package> + <name>openssl35</name> + <range><lt>3.5.4</lt></range> + </package> + <package> + <name>openssl36</name> + <range><lt>3.6.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The OpenSSL project reports reports:</p> + <blockquote cite="https://openssl-library.org/news/secadv/20250930.txt"> + <p>Out-of-bounds read & write in RFC 3211 KEK Unwrap</p> + <p>Timing side-channel in SM2 algorithm on 64-bit ARM</p> + <p>Fix Out-of-bounds read in HTTP client no_proxy handling</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9230</cvename> + <cvename>CVE-2025-9231</cvename> + <cvename>CVE-2025-9232</cvename> + <freebsdsa>SA-25:08.openssl</freebsdsa> + <url>https://openssl-library.org/news/secadv/20250930.txt</url> + </references> + <dates> + <discovery>2025-09-30</discovery> + <entry>2025-10-01</entry> + <modified>2025-10-03</modified> + </dates> + </vuln> + + <vuln vid="699ef80f-9e91-11f0-bc5f-8447094a420f"> + <topic>LibreSSL -- overwrite and -read vulnerability</topic> + <affects> + <package> + <name>libressl</name> + <range><lt>4.1.1</lt></range> + </package> + <package> + <name>libressl-devel</name> + <range><lt>4.1.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The LibreSSL project reports:</p> + <blockquote cite="https://github.com/libressl/portable/releases/tag/v4.1.1"> + <p>An incorrect length check can result in a 4-byte overwrite and an 8-byte overread.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-9230</cvename> + <url>https://github.com/libressl/portable/releases/tag/v4.1.1</url> + </references> + <dates> + <discovery>2025-10-01</discovery> + <entry>2025-10-01</entry> + </dates> + </vuln> + <vuln vid="4ccd6222-9c83-11f0-a337-b42e991fc52e"> <topic>goldendict -- dangerous method exposed</topic> <affects> |