Hello, Here is a short diff to net/sniproxy 0.9.17.
This solves a security issue found by continous fuzzing.An attacker (or fuzzer) could craft a message with generation = UINT32_MAX, causing up to 4 billion loop iterations before the function returns. This triggered the fuzzer's timeout detection.
This probably doesn't need a backport to -stable as -stable is using a version which doesn't use this crypto.
Best Regards
Index: Makefile =================================================================== RCS file: /cvs/ports/net/sniproxy/Makefile,v diff -u -p -r1.13 Makefile --- Makefile 16 Dec 2025 13:56:27 -0000 1.13 +++ Makefile 19 Dec 2025 09:25:38 -0000 @@ -2,7 +2,7 @@ COMMENT = name-based proxying of HTTPS w GH_ACCOUNT = renaudallard GH_PROJECT = sniproxy -GH_TAGNAME = 0.9.16 +GH_TAGNAME = 0.9.17 CATEGORIES = net Index: distinfo =================================================================== RCS file: /cvs/ports/net/sniproxy/distinfo,v diff -u -p -r1.9 distinfo --- distinfo 16 Dec 2025 13:56:27 -0000 1.9 +++ distinfo 19 Dec 2025 09:25:38 -0000 @@ -1,2 +1,2 @@ -SHA256 (sniproxy-0.9.16.tar.gz) = 6FHywjIHDwbA7jkpxibhEqLSqcCs9JPCMNTPFaUFi6I= -SIZE (sniproxy-0.9.16.tar.gz) = 366744 +SHA256 (sniproxy-0.9.17.tar.gz) = 7IfhFQMVW07L2G0mrf34bQmtT4hFQxqDY8Yp3oh5s8g= +SIZE (sniproxy-0.9.17.tar.gz) = 367381
smime.p7s
Description: S/MIME Cryptographic Signature
