summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/krb5-121/Makefile12
-rw-r--r--security/krb5-122/Makefile12
-rw-r--r--security/krb5-devel/Makefile12
-rw-r--r--security/vuxml/vuln/2025.xml165
-rw-r--r--security/wazuh-manager/distinfo8
-rw-r--r--security/xray-core/Makefile1
-rw-r--r--security/xray-core/files/xray.in3
7 files changed, 190 insertions, 23 deletions
diff --git a/security/krb5-121/Makefile b/security/krb5-121/Makefile
index e5b2c56906d2..3fd6a66b5c37 100644
--- a/security/krb5-121/Makefile
+++ b/security/krb5-121/Makefile
@@ -43,10 +43,10 @@ CPE_PRODUCT= kerberos
FLAVORS= default ldap
OPTIONS_DEFINE= EXAMPLES NLS DOCS DNS_FOR_REALM LDAP LMDB
-OPTIONS_DEFAULT= DOCS READLINE BUILTIN
+OPTIONS_DEFAULT= DOCS READLINE CRYPTO_BUILTIN
OPTIONS_RADIO= CMD_LINE_EDITING CRYPTO
OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT LIBEDIT_BASE
-OPTIONS_RADIO_CRYPTO= BUILTIN OPENSSL
+OPTIONS_RADIO_CRYPTO= CRYPTO_BUILTIN CRYPTO_OPENSSL
CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil
DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names
DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm
@@ -65,10 +65,10 @@ LIBEDIT_USES= libedit
LIBEDIT_CONFIGURE_WITH= libedit
LIBEDIT_BASE_CONFIGURE_WITH= libedit
LIBEDIT_BASE_DESC= Use libedit in FreeBSD base
-BUILTIN_DESC= Use crypto built into KRB5
-BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin
-OPENSSL_DESC= Use OpenSSL crypto
-OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl
+CRYPTO_BUILTIN_DESC= Use crypto built into KRB5
+CRYPTO_BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin
+CRYPTO_OPENSSL_DESC= Use OpenSSL crypto
+CRYPTO_OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl
.if ${FLAVOR:U} == ldap
OPTIONS_DEFAULT+= LDAP LMDB
diff --git a/security/krb5-122/Makefile b/security/krb5-122/Makefile
index 2ae37b61fd34..af51d1ea6fdc 100644
--- a/security/krb5-122/Makefile
+++ b/security/krb5-122/Makefile
@@ -42,10 +42,10 @@ CPE_PRODUCT= kerberos
FLAVORS= default ldap
OPTIONS_DEFINE= EXAMPLES NLS DOCS DNS_FOR_REALM LDAP LMDB
-OPTIONS_DEFAULT= DOCS READLINE BUILTIN
+OPTIONS_DEFAULT= DOCS READLINE CRYPTO_BUILTIN
OPTIONS_RADIO= CMD_LINE_EDITING CRYPTO
OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT LIBEDIT_BASE
-OPTIONS_RADIO_CRYPTO= BUILTIN OPENSSL
+OPTIONS_RADIO_CRYPTO= CRYPTO_BUILTIN CRYPTO_OPENSSL
CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil
DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names
DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm
@@ -64,10 +64,10 @@ LIBEDIT_USES= libedit
LIBEDIT_CONFIGURE_WITH= libedit
LIBEDIT_BASE_CONFIGURE_WITH= libedit
LIBEDIT_BASE_DESC= Use libedit in FreeBSD base
-BUILTIN_DESC= Use crypto built into KRB5
-BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin
-OPENSSL_DESC= Use OpenSSL crypto
-OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl
+CRYPTO_BUILTIN_DESC= Use crypto built into KRB5
+CRYPTO_BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin
+CRYPTO_OPENSSL_DESC= Use OpenSSL crypto
+CRYPTO_OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl
.if ${FLAVOR:U} == ldap
OPTIONS_DEFAULT+= LDAP LMDB
diff --git a/security/krb5-devel/Makefile b/security/krb5-devel/Makefile
index b7f77986aee8..0bb9349d6ca7 100644
--- a/security/krb5-devel/Makefile
+++ b/security/krb5-devel/Makefile
@@ -45,10 +45,10 @@ CPE_PRODUCT= kerberos
FLAVORS= default ldap
OPTIONS_DEFINE= EXAMPLES NLS DNS_FOR_REALM LDAP LMDB
-OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML READLINE BUILTIN
+OPTIONS_DEFAULT= KRB5_PDF KRB5_HTML READLINE CRYPTO_BUILTIN
OPTIONS_RADIO= CMD_LINE_EDITING CRYPTO
OPTIONS_RADIO_CMD_LINE_EDITING= READLINE LIBEDIT LIBEDIT_BASE
-OPTIONS_RADIO_CRYPTO= BUILTIN OPENSSL
+OPTIONS_RADIO_CRYPTO= CRYPTO_BUILTIN CRYPTO_OPENSSL
CMD_LINE_EDITING_DESC= Command line editing for kadmin and ktutil
DNS_FOR_REALM_DESC= Enable DNS lookups for Kerberos realm names
DNS_FOR_REALM_CONFIGURE_ENABLE= dns-for-realm
@@ -67,10 +67,10 @@ LIBEDIT_USES= libedit
LIBEDIT_CONFIGURE_WITH= libedit
LIBEDIT_BASE_CONFIGURE_WITH= libedit
LIBEDIT_BASE_DESC= Use libedit in FreeBSD base
-BUILTIN_DESC= Use crypto built into KRB5
-BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin
-OPENSSL_DESC= Use OpenSSL crypto
-OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl
+CRYPTO_BUILTIN_DESC= Use crypto built into KRB5
+CRYPTO_BUILTIN_CONFIGURE_ON= --with-crypto-impl=builtin
+CRYPTO_OPENSSL_DESC= Use OpenSSL crypto
+CRYPTO_OPENSSL_CONFIGURE_ON= --with-crypto-impl=openssl
.if ${FLAVOR:U} == ldap
OPTIONS_DEFAULT+= LDAP LMDB
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 8daf847a93d7..3fa157e87559 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,168 @@
+ <vuln vid="dc7e30db-de67-11f0-b893-5404a68ad561">
+ <topic>traefik -- Inverted TLS Verification Logic in Kubernetes NGINX Provider</topic>
+ <affects>
+<package>
+<name>traefik</name>
+<range><lt>3.6.3</lt></range>
+</package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The traefik project reports:</p>
+ <blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-7vww-mvcr-x6vj">
+ <p>
+ There is a potential vulnerability in Traefik NGINX
+ provider managing the
+ nginx.ingress.kubernetes.io/proxy-ssl-verify annotation.
+ The provider inverts the semantics of the
+ nginx.ingress.kubernetes.io/proxy-ssl-verify annotation.
+ Setting the annotation to "on" (intending to enable
+ backend TLS certificate verification) actually disables
+ verification, allowing man-in-the-middle attacks against
+ HTTPS backends when operators believe they are
+ protected.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-66491</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-66491</url>
+ </references>
+ <dates>
+ <discovery>2025-12-08</discovery>
+ <entry>2025-12-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="91b9790e-de65-11f0-b893-5404a68ad561">
+ <topic>traefik -- Bypassing security controls via special characters</topic>
+ <affects>
+<package>
+<name>traefik</name>
+<range><lt>3.6.3</lt></range>
+</package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The traefik project reports:</p>
+ <blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-gm3x-23wp-hc2c">
+ <p>There is a potential vulnerability in Traefik managing
+ the requests using a PathPrefix, Path or PathRegex
+ matcher.
+ When Traefik is configured to route the requests to a
+ backend using a matcher based on the path; if the
+ request path contains an encoded restricted character
+ from the following set ('/', '', 'Null', ';', '?', '#'),
+ it is possible to target a backend, exposed using
+ another router, by-passing the middlewares chain.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-66490</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-66490</url>
+ </references>
+ <dates>
+ <discovery>2025-12-08</discovery>
+ <entry>2025-12-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c32cb4b7-ddcb-11f0-902c-b42e991fc52e">
+ <topic>smb4k -- Critical vulnerabilities in Mount Helper</topic>
+ <affects>
+<package>
+<name>smb4k</name>
+<range><lt>4.0.4</lt></range>
+</package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>vulndb reports:</p>
+ <blockquote cite="https://vuldb.com/?id.336198">
+ <p>A vulnerability, which was classified as critical, was
+ found in smb4k up to 4.0.4. Affected is some unknown
+ functionality of the component Mount Helper. The
+ manipulation with an unknown input leads to a access control
+ vulnerability. CWE is classifying the issue as CWE-284. The
+ product does not restrict or incorrectly restricts access to
+ a resource from an unauthorized actor. This is going to have
+ an impact on integrity, and availability. The advisory is
+ available at seclists.org. The exploitability is told to be
+ easy. Local access is required to approach this attack. The
+ technical details are unknown and an exploit is not
+ available.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-66002</cvename>
+ <url>https://vuldb.com/?id.336198</url>
+ <cvename>CVE-2025-66003</cvename>
+ <url>https://vuldb.com/?id.336199</url>
+ </references>
+ <dates>
+ <discovery>2025-12-20</discovery>
+ <entry>2025-12-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="2a33d28e-ddc0-11f0-902c-b42e991fc52e">
+ <topic>Firefox -- Use-after-free</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>146.0.1,2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>https://bugzilla.mozilla.org/show_bug.cgi?id=2000597 reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=2000597">
+ <p>Use-after-free in the Disability Access APIs component.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-14860</cvename>
+ <url>https://cveawg.mitre.org/api/cve/CVE-2025-14860</url>
+ </references>
+ <dates>
+ <discovery>2025-12-18</discovery>
+ <entry>2025-12-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="23437e07-ddc0-11f0-902c-b42e991fc52e">
+ <topic>Firefox -- Memory safety bugs</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>146.0.1,2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>https://bugzilla.mozilla.org/buglist.cgi?bug_id=1996570%2C1999700 reports:</p>
+ <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1996570%2C1999700">
+ <p>Memory safety bugs present in Firefox 146. Some of these
+ bugs showed evidence of memory corruption and we presume
+ that with enough effort some of these could have been
+ exploited to run arbitrary code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-14861</cvename>
+ <url>https://cveawg.mitre.org/api/cve/CVE-2025-14861</url>
+ </references>
+ <dates>
+ <discovery>2025-12-18</discovery>
+ <entry>2025-12-20</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f99e70c2-dcb8-11f0-a15a-a8a1599412c6">
<topic>chromium -- multiple security fixes</topic>
<affects>
diff --git a/security/wazuh-manager/distinfo b/security/wazuh-manager/distinfo
index b6ada3611ec3..2dcbd4f32364 100644
--- a/security/wazuh-manager/distinfo
+++ b/security/wazuh-manager/distinfo
@@ -67,12 +67,12 @@ SHA256 (wazuh-4.14.1/wazuh-cache-fbsd14-amd64-4.14.1.tar.gz) = f2b26a36b116348e3
SIZE (wazuh-4.14.1/wazuh-cache-fbsd14-amd64-4.14.1.tar.gz) = 25055515
SHA256 (wazuh-4.14.1/wazuh-cache-fbsd15-aarch64-4.14.1.tar.gz) = c63484af8fd157f61b6bf0297b4233c3e2a3eee481f35c7d15fcb5b90d711489
SIZE (wazuh-4.14.1/wazuh-cache-fbsd15-aarch64-4.14.1.tar.gz) = 24690859
-SHA256 (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = bf77697d47df3eeb6ccc0d1e43841f5dd3570a7e11e8dd669d5098890b985657
-SIZE (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = 26650464
+SHA256 (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = 3818a9e752e29e661d4b577b3fb0a5a8bf691da6bde264453f2323d37b46408e
+SIZE (wazuh-4.14.1/wazuh-cache-fbsd15-amd64-4.14.1.tar.gz) = 26650237
SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 1510ef710bcae78e22db88f443504d006e9e4b45d27c66bb84984211409f7e65
SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-aarch64-4.14.1.tar.gz) = 24863114
-SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = f706a10b1e31dc959e1751a015b3ec2e74ddbda0362ab192ba3918852731635c
-SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 26653845
+SHA256 (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 03e92ad3b8cc1d06f9e31d07aa13d1ba3dca85b302d869ec5ec3a2b517d3dbf0
+SIZE (wazuh-4.14.1/wazuh-cache-fbsd16-amd64-4.14.1.tar.gz) = 26653557
SHA256 (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = aa59cb2baa7e7d38d8bb4ff6a22afbf2945de4fb555f9b8bb2657b6f89a773ed
SIZE (wazuh-4.14.1/wazuh-wazuh-v4.14.1_GH0.tar.gz) = 19810038
SHA256 (wazuh-4.14.1/alonsobsd-wazuh-freebsd-2f1307c_GH0.tar.gz) = a955c569217122779ab5b6b58bdfabbfa1cd452b4719cc35c791f7047b1f364f
diff --git a/security/xray-core/Makefile b/security/xray-core/Makefile
index 8874c68da3a4..744509ed5a3c 100644
--- a/security/xray-core/Makefile
+++ b/security/xray-core/Makefile
@@ -1,6 +1,7 @@
PORTNAME= xray-core
DISTVERSIONPREFIX= v
DISTVERSION= 25.12.8
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= https://github.com/v2fly/geoip/releases/download/202512050148/:geoip \
https://github.com/v2fly/domain-list-community/releases/download/20251212112114/:geosite
diff --git a/security/xray-core/files/xray.in b/security/xray-core/files/xray.in
index 87516c9759d0..18c9beeb4f5c 100644
--- a/security/xray-core/files/xray.in
+++ b/security/xray-core/files/xray.in
@@ -20,6 +20,8 @@
name="xray"
rcvar="xray_enable"
+load_rc_config "$name"
+
: ${xray_enable="NO"}
: ${xray_config="%%PREFIX%%/etc/${name}-core"}
: ${xray_logdir="/var/log/${name}-core"}
@@ -43,5 +45,4 @@ xray_startprecmd() {
chown -R ${xray_user}:${xray_group} "${xray_logdir}"
}
-load_rc_config "$name"
run_rc_command "$1"
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 20:25:53 +0000