diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/boringssl/Makefile | 4 | ||||
| -rw-r--r-- | security/boringssl/distinfo | 6 | ||||
| -rw-r--r-- | security/netbird/Makefile | 10 | ||||
| -rw-r--r-- | security/netbird/distinfo | 10 | ||||
| -rw-r--r-- | security/netbird/files/netbird.in | 28 | ||||
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 159 | ||||
| -rw-r--r-- | security/wolfssl/Makefile | 3 |
7 files changed, 201 insertions, 19 deletions
diff --git a/security/boringssl/Makefile b/security/boringssl/Makefile index 27f7c73d1a2a..d72689f75660 100644 --- a/security/boringssl/Makefile +++ b/security/boringssl/Makefile @@ -1,5 +1,5 @@ PORTNAME= boringssl -PORTVERSION= 0.0.0.0.2025.06.05.01 +PORTVERSION= 0.0.0.0.2025.06.25.01 CATEGORIES= security EXTRACT_ONLY= ${GH_ACCOUNT}-${PORTNAME}-${PORTVERSION}-${GH_TAGNAME}_GH0.tar.gz @@ -19,7 +19,7 @@ CPE_VENDOR= google USE_GITHUB= yes GH_ACCOUNT= google -GH_TAGNAME= 5622da9 +GH_TAGNAME= 78b48c1 CMAKE_ARGS+= -DBUILD_SHARED_LIBS=1 CFLAGS_i386= -msse2 diff --git a/security/boringssl/distinfo b/security/boringssl/distinfo index c05036202f73..64e40c2a4f5f 100644 --- a/security/boringssl/distinfo +++ b/security/boringssl/distinfo @@ -1,4 +1,4 @@ -TIMESTAMP = 1749831968 +TIMESTAMP = 1750950234 SHA256 (filippo.io/edwards25519/@v/v1.1.0.zip) = 9ac43a686d06fdebd719f7af3866c87eb069302272dfb131007adf471c308b65 SIZE (filippo.io/edwards25519/@v/v1.1.0.zip) = 55809 SHA256 (filippo.io/edwards25519/@v/v1.1.0.mod) = 099556fc4d7e6f5cb135efdd8b6bb4c0932e38ea058c53fc5fa5ce285572fb61 @@ -11,5 +11,5 @@ SHA256 (golang.org/x/sys/@v/v0.32.0.zip) = 85d47075d21fd7ef35d9a47fc73f2356fb3cd SIZE (golang.org/x/sys/@v/v0.32.0.zip) = 1991164 SHA256 (golang.org/x/sys/@v/v0.32.0.mod) = f67e3e18f4c08e60a7e80726ab36b691fdcea5b81ae1c696ff64caf518bcfe3d SIZE (golang.org/x/sys/@v/v0.32.0.mod) = 35 -SHA256 (google-boringssl-0.0.0.0.2025.06.05.01-5622da9_GH0.tar.gz) = ae4f97f3adf33f578fc58bfa946e74f16cd1afec4bd213cc53d77c87be027c72 -SIZE (google-boringssl-0.0.0.0.2025.06.05.01-5622da9_GH0.tar.gz) = 46161255 +SHA256 (google-boringssl-0.0.0.0.2025.06.25.01-78b48c1_GH0.tar.gz) = 2cfaa5f01ecedb7d662d7b01cac6f2f5f873a52f694a44af69de9b8efcdb6e90 +SIZE (google-boringssl-0.0.0.0.2025.06.25.01-78b48c1_GH0.tar.gz) = 46168678 diff --git a/security/netbird/Makefile b/security/netbird/Makefile index c5ddbbccf8b7..4c189fbd0f94 100644 --- a/security/netbird/Makefile +++ b/security/netbird/Makefile @@ -1,6 +1,6 @@ PORTNAME= netbird DISTVERSIONPREFIX= v -DISTVERSION= 0.47.2 +DISTVERSION= 0.49.0 CATEGORIES= security net net-vpn MAINTAINER= hakan.external@netbird.io @@ -16,15 +16,15 @@ NOT_FOR_ARCHS_REASON= "no 32-bit builds supported" RUN_DEPENDS= ca_root_nss>0:security/ca_root_nss USES= go:modules -USE_RC_SUBR= netbird +USE_RC_SUBR= ${PORTNAME} GO_MODULE= github.com/netbirdio/netbird -GO_TARGET= ./client:netbird +GO_TARGET= ./client:${PORTNAME} GO_BUILDFLAGS= -tags freebsd -o ${PORTNAME} -ldflags \ "-s -w -X github.com/netbirdio/netbird/version.version=${DISTVERSION}" -WRKSRC= ${WRKDIR}/netbird-${DISTVERSION} +WRKSRC= ${WRKDIR}/${PORTNAME}-${DISTVERSION} -PLIST_FILES= bin/netbird +PLIST_FILES= bin/${PORTNAME} .include <bsd.port.mk> diff --git a/security/netbird/distinfo b/security/netbird/distinfo index 76ba6e320c5e..0806cc6f24f0 100644 --- a/security/netbird/distinfo +++ b/security/netbird/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1749687672 -SHA256 (go/security_netbird/netbird-v0.47.2/v0.47.2.mod) = dd8e2b5f3ee570d2ef933101c6fb7bc5de05dae258f0c7ea7602e8db42238acb -SIZE (go/security_netbird/netbird-v0.47.2/v0.47.2.mod) = 12507 -SHA256 (go/security_netbird/netbird-v0.47.2/v0.47.2.zip) = 8671becd05ff5437daa98b34e76819cd0908c1a040f49a369c9e26ed8cc64831 -SIZE (go/security_netbird/netbird-v0.47.2/v0.47.2.zip) = 2917482 +TIMESTAMP = 1750840361 +SHA256 (go/security_netbird/netbird-v0.49.0/v0.49.0.mod) = dd8e2b5f3ee570d2ef933101c6fb7bc5de05dae258f0c7ea7602e8db42238acb +SIZE (go/security_netbird/netbird-v0.49.0/v0.49.0.mod) = 12507 +SHA256 (go/security_netbird/netbird-v0.49.0/v0.49.0.zip) = c1aa8b8749cdb1a471425ce5aac7d90e318e6f6280f51a8b72ca18ad241f7bfb +SIZE (go/security_netbird/netbird-v0.49.0/v0.49.0.zip) = 2921705 diff --git a/security/netbird/files/netbird.in b/security/netbird/files/netbird.in index a05f7f099ee0..ddd19f27cd52 100644 --- a/security/netbird/files/netbird.in +++ b/security/netbird/files/netbird.in @@ -16,8 +16,8 @@ # Default: 'info' # netbird_logfile (path): Path to the client log file. # Default: /var/log/netbird/client.log -# netbird_env (str): Extra environment variables for the daemon, in KEY=VALUE format. -# Default: 'IS_DAEMON=1' +# netbird_tun_dev (str): Name of the TUN device used by Netbird for its VPN tunnel. +# Default: wt0 # . /etc/rc.subr @@ -32,11 +32,33 @@ load_rc_config "$name" : ${netbird_socket:="/var/run/netbird.sock"} : ${netbird_loglevel:="info"} : ${netbird_logfile:="/var/log/netbird/client.log"} -: ${netbird_env:="IS_DAEMON=1"} +: ${netbird_tun_dev:="wt0"} pidfile="/var/run/${name}.pid" command="/usr/sbin/daemon" daemon_args="-P ${pidfile} -r -t \"${name}: daemon\"" command_args="${daemon_args} %%PREFIX%%/bin/netbird service run --config ${netbird_config} --log-level ${netbird_loglevel} --daemon-addr unix://${netbird_socket} --log-file ${netbird_logfile}" +start_precmd="${name}_start_precmd" +stop_postcmd="${name}_stop_postcmd" + +netbird_start_precmd() { + logger -s -t netbird "Starting ${name}." + # Check for orphaned netbird tunnel interface + # And if it exists, then destroy it + if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then + if ! /sbin/ifconfig ${netbird_tun_dev} | fgrep -qw PID; then + logger -s -t netbird "Found orphaned tunnel interface ${netbird_tun_dev}, destroying" + /sbin/ifconfig ${netbird_tun_dev} destroy + fi + fi +} + +netbird_stop_postcmd() { + if /sbin/ifconfig ${netbird_tun_dev} >/dev/null 2>&1; then + logger -s -t netbird "Destroying tunnel interface ${netbird_tun_dev}" + /sbin/ifconfig ${netbird_tun_dev} destroy || \ + logger -s -t netbird "Failed to destroy interface ${netbird_tun_dev}" + fi +} run_rc_command "$1" diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 042957fdf1f6..a13b0b1015ce 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,162 @@ + <vuln vid="5e64770c-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Running certain aggregation operations with the SBE engine may lead to unexpected behavior</topic> + <affects> + <package> + <name>mongodb60</name> + <range><lt>6.0.21</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.17</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@mongodb.com reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-106746"> + <p>An authenticated user may trigger a use after free that may result + in MongoDB Server crash and other unexpected behavior, even if the + user does not have authorization to shut down a server. The crash + is triggered on affected versions by issuing an aggregation framework + operation using a specific combination of rarely-used aggregation + pipeline expressions. This issue affects MongoDB Server v6.0 version + prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and + MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is + enabled.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6706</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6706</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="5cd2bd2b-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Race condition in privilege cache invalidation cycle</topic> + <affects> + <package> + <name>mongodb50</name> + <range><lt>5.0.31</lt></range> + </package> + <package> + <name>mongodb60</name> + <range><lt>6.0.24</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.21</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>NVD reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6707"> + <p>Under certain conditions, an authenticated user request + may execute with stale privileges following an intentional + change by an authorized administrator.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6707</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6707</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="5b87eef6-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Pre-Authentication Denial of Service Vulnerability in MongoDB Server's OIDC Authentication</topic> + <affects> + <package> + <name>mongodb60</name> + <range><lt>6.0.21</lt></range> + </package> + <package> + <name>mongodb70</name> + <range><lt>7.0.17</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>NVD reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2025-6709"> + <p>The MongoDB Server is susceptible to a denial of service + vulnerability due to improper handling of specific date + values in JSON input when using OIDC authentication. + This can be reproduced using the mongo shell to send a + malicious JSON payload leading to an invariant failure + and server crash. </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6709</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6709</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + + <vuln vid="59ed4b19-52aa-11f0-b522-b42e991fc52e"> + <topic>MongoDB -- Pre-authentication Denial of Service Stack Overflow Vulnerability in JSON Parsing via Excessive Recursion in MongoDB</topic> + <affects> + <package> + <name>mongodb70</name> + <range><lt>7.0.17</lt></range> + </package> + <package> + <name>mongodb80</name> + <range><lt>8.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>cna@mongodb.com reports:</p> + <blockquote cite="https://jira.mongodb.org/browse/SERVER-106749"> + <p>MongoDB Server may be susceptible to stack overflow due to JSON + parsing mechanism, where specifically crafted JSON inputs may induce + unwarranted levels of recursion, resulting in excessive stack space + consumption. Such inputs can lead to a stack overflow that causes + the server to crash which could occur pre-authorisation. This issue + affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB + Server v8.0 versions prior to 8.0.5. + The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, + but an attacker can only induce denial of service after authenticating.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-6710</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-6710</url> + </references> + <dates> + <discovery>2025-06-26</discovery> + <entry>2025-06-26</entry> + </dates> + </vuln> + <vuln vid="e26608ff-5266-11f0-b522-b42e991fc52e"> <topic>kanboard -- Password Reset Poisoning via Host Header Injection</topic> <affects> diff --git a/security/wolfssl/Makefile b/security/wolfssl/Makefile index 87fa1c88c8d7..b9b9ed9ede8f 100644 --- a/security/wolfssl/Makefile +++ b/security/wolfssl/Makefile @@ -1,6 +1,6 @@ PORTNAME= wolfssl PORTVERSION= 5.8.0 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security devel MASTER_SITES= https://www.wolfssl.com/ \ LOCAL/fox @@ -41,6 +41,7 @@ CONFIGURE_ARGS= --disable-dependency-tracking \ --enable-context-extra-user-data TEST_TARGET= check CFLAGS+= -DWOLFSSL_ALT_NAMES -DWOLFSSL_GETRANDOM=1 +CFLAGS_i386+= -DWOLFSSL_SHA224 OPTIONS_DEFINE= DEBUG DOCS |