diff options
Diffstat (limited to 'security')
31 files changed, 437 insertions, 54 deletions
diff --git a/security/Makefile b/security/Makefile index b697cb9b4465..54b0a4ba353f 100644 --- a/security/Makefile +++ b/security/Makefile @@ -400,6 +400,7 @@ SUBDIR += ncrack SUBDIR += ncrypt SUBDIR += nebula + SUBDIR += netbird SUBDIR += nettle SUBDIR += nextcloud-end_to_end_encryption SUBDIR += nextcloud-passman diff --git a/security/amavisd-new/Makefile b/security/amavisd-new/Makefile index fbc8af55b11d..84620ebff7bc 100644 --- a/security/amavisd-new/Makefile +++ b/security/amavisd-new/Makefile @@ -1,6 +1,6 @@ PORTNAME= amavisd-new DISTVERSION= 2.12.3 -PORTREVISION= 6 +PORTREVISION= 7 PORTEPOCH= 1 CATEGORIES= security diff --git a/security/amavisd-new/files/patch-amavisd b/security/amavisd-new/files/patch-amavisd index a3d157a8b453..84c632588d27 100644 --- a/security/amavisd-new/files/patch-amavisd +++ b/security/amavisd-new/files/patch-amavisd @@ -1,6 +1,6 @@ ---- amavisd.orig 2022-02-07 16:26:10 UTC +--- amavisd.orig 2025-05-11 13:36:08 UTC +++ amavisd -@@ -1740,13 +1740,13 @@ BEGIN { +@@ -1741,13 +1741,13 @@ BEGIN { ['tnef', \&Amavis::Unpackers::do_tnef], # ['lha', \&Amavis::Unpackers::do_lha, \$lha], # not safe, use 7z instead # ['sit', \&Amavis::Unpackers::do_unstuff, \$unstuff], # not safe @@ -18,3 +18,23 @@ ['exe', \&Amavis::Unpackers::do_executable, \$unrar, \$lha, \$unarj], ); +@@ -18812,7 +18812,7 @@ sub fetch_modules_extra() { + auto::Net::SSLeay::dump_peer_certificate)); + } + push(@modules, qw(Net::DNS::RR::TXT Text::ParseWords +- auto::Crypt::OpenSSL::RSA::new_public_key)) if $extra_code_dkim; ++ )) if $extra_code_dkim; + push(@modules, 'Anomy::Sanitizer') if $enable_anomy_sanitizer; + Amavis::Boot::fetch_modules('REQUIRED ADDITIONAL MODULES', 1, @modules); + +@@ -30849,10 +30849,6 @@ sub getSAPlugins { + $mod_names{'Mail::SpamAssassin::Plugin::DKIM'}) { + push(@modules, qw( + Crypt::OpenSSL::RSA +- auto::Crypt::OpenSSL::RSA::new_public_key +- auto::Crypt::OpenSSL::RSA::new_key_from_parameters +- auto::Crypt::OpenSSL::RSA::get_key_parameters +- auto::Crypt::OpenSSL::RSA::import_random_seed + Digest::SHA Error)); + } + # HTML/HeadParser.pm diff --git a/security/fakeroot/Makefile b/security/fakeroot/Makefile index f8a9e8bc2dc7..8fe1685435e6 100644 --- a/security/fakeroot/Makefile +++ b/security/fakeroot/Makefile @@ -1,5 +1,5 @@ PORTNAME= fakeroot -PORTVERSION= 1.37.1.1 +PORTVERSION= 1.37.1.2 CATEGORIES= security MASTER_SITES= DEBIAN DISTNAME= ${PORTNAME}_${PORTVERSION}.orig diff --git a/security/fakeroot/distinfo b/security/fakeroot/distinfo index 28735cbb6158..a938ca8fcddc 100644 --- a/security/fakeroot/distinfo +++ b/security/fakeroot/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1744921082 -SHA256 (fakeroot_1.37.1.1.orig.tar.gz) = 86b0b75bf319ca42e525c098675b6ed10a06b76e69ec9ccf20ef5e03883b3a14 -SIZE (fakeroot_1.37.1.1.orig.tar.gz) = 595265 +TIMESTAMP = 1747131024 +SHA256 (fakeroot_1.37.1.2.orig.tar.gz) = 959496928c8a676ec8377f665ff6a19a707bfad693325f9cc4a4126642f53224 +SIZE (fakeroot_1.37.1.2.orig.tar.gz) = 594008 diff --git a/security/fizz/Makefile b/security/fizz/Makefile index 8bf1cfeab4b0..69356dd3585d 100644 --- a/security/fizz/Makefile +++ b/security/fizz/Makefile @@ -1,6 +1,6 @@ PORTNAME= fizz DISTVERSIONPREFIX= v -DISTVERSION= 2025.05.05.00 +DISTVERSION= 2025.05.12.00 CATEGORIES= security MAINTAINER= yuri@FreeBSD.org diff --git a/security/fizz/distinfo b/security/fizz/distinfo index a96749dd9f1f..b92c50f7c07e 100644 --- a/security/fizz/distinfo +++ b/security/fizz/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1746504537 -SHA256 (facebookincubator-fizz-v2025.05.05.00_GH0.tar.gz) = 424c8bfb229ff3e46ab878cb7fb91b79ce785f9b61d85d4dc0eb5a0cd370cda6 -SIZE (facebookincubator-fizz-v2025.05.05.00_GH0.tar.gz) = 754049 +TIMESTAMP = 1747102733 +SHA256 (facebookincubator-fizz-v2025.05.12.00_GH0.tar.gz) = d3608b4595fff4e0d59585b1b12bead6f6ce4bf2d3bee41fb084f7128a28e4b2 +SIZE (facebookincubator-fizz-v2025.05.12.00_GH0.tar.gz) = 754096 diff --git a/security/go-tuf/Makefile b/security/go-tuf/Makefile index 7152df99c051..2aeed17e14ad 100644 --- a/security/go-tuf/Makefile +++ b/security/go-tuf/Makefile @@ -1,6 +1,6 @@ PORTNAME= go-tuf DISTVERSIONPREFIX= v -DISTVERSION= 2.1.0 +DISTVERSION= 2.1.1 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/go-tuf/distinfo b/security/go-tuf/distinfo index af63009e6e0d..52b70b32b66c 100644 --- a/security/go-tuf/distinfo +++ b/security/go-tuf/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1746776391 -SHA256 (go/security_go-tuf/go-tuf-v2.1.0/v2.1.0.mod) = 01abcafde3e6211d004bc6a5a052e588f541396559d23954bda5472dd008d23f -SIZE (go/security_go-tuf/go-tuf-v2.1.0/v2.1.0.mod) = 1120 -SHA256 (go/security_go-tuf/go-tuf-v2.1.0/v2.1.0.zip) = 3f05b7bf8673eeaef7091c2cc81cbf63edc478d6037fc9c3e7745f905e5fe840 -SIZE (go/security_go-tuf/go-tuf-v2.1.0/v2.1.0.zip) = 165133 +TIMESTAMP = 1747045552 +SHA256 (go/security_go-tuf/go-tuf-v2.1.1/v2.1.1.mod) = 01abcafde3e6211d004bc6a5a052e588f541396559d23954bda5472dd008d23f +SIZE (go/security_go-tuf/go-tuf-v2.1.1/v2.1.1.mod) = 1120 +SHA256 (go/security_go-tuf/go-tuf-v2.1.1/v2.1.1.zip) = 67a08defddf0d88cda636b83d6f15daf3c61fe3fd781979ee485802004644676 +SIZE (go/security_go-tuf/go-tuf-v2.1.1/v2.1.1.zip) = 165204 diff --git a/security/modsecurity3/Makefile b/security/modsecurity3/Makefile index 98a04a3147ba..15147e278ed0 100644 --- a/security/modsecurity3/Makefile +++ b/security/modsecurity3/Makefile @@ -1,6 +1,6 @@ PORTNAME= modsecurity DISTVERSIONPREFIX= v -DISTVERSION= 3.0.13 +DISTVERSION= 3.0.14 CATEGORIES= security www MASTER_SITES= https://github.com/owasp-modsecurity/ModSecurity/releases/download/v${PORTVERSION}/ PKGNAMESUFFIX= 3 diff --git a/security/modsecurity3/distinfo b/security/modsecurity3/distinfo index c039c9a54753..482023ee9036 100644 --- a/security/modsecurity3/distinfo +++ b/security/modsecurity3/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1726168534 -SHA256 (modsecurity-v3.0.13.tar.gz) = 86b4881164a161b822a49df3501e83b254323206906134bdc34a6f3338f4d3f2 -SIZE (modsecurity-v3.0.13.tar.gz) = 9677566 +TIMESTAMP = 1745827976 +SHA256 (modsecurity-v3.0.14.tar.gz) = f7599057b35e67ab61764265daddf9ab03c35cee1e55527547afb073ce8f04e8 +SIZE (modsecurity-v3.0.14.tar.gz) = 9755566 diff --git a/security/netbird/Makefile b/security/netbird/Makefile new file mode 100644 index 000000000000..ac0494289a48 --- /dev/null +++ b/security/netbird/Makefile @@ -0,0 +1,30 @@ +PORTNAME= netbird +DISTVERSIONPREFIX= v +DISTVERSION= 0.41.2 +CATEGORIES= security net net-vpn + +MAINTAINER= hakan.external@netbird.io +COMMENT= Peer-to-peer VPN that seamlessly connects your devices +WWW= https://netbird.io/ + +LICENSE= BSD3CLAUSE +LICENSE_FILE= ${WRKSRC}/LICENSE + +NOT_FOR_ARCHS= i386 +NOT_FOR_ARCHS_REASON= "no 32-bit builds supported" + +RUN_DEPENDS= ca_root_nss>0:security/ca_root_nss + +USES= go:1.23,modules +USE_RC_SUBR= netbird + +GO_MODULE= github.com/netbirdio/netbird +GO_TARGET= ./client:netbird +GO_BUILDFLAGS= -tags freebsd -o ${PORTNAME} -ldflags "\ + -s -w -X github.com/netbirdio/netbird/version.version=${PORTVERSION}" + +WRKSRC= ${WRKDIR}/netbird-${PORTVERSION} + +PLIST_FILES= bin/netbird + +.include <bsd.port.mk> diff --git a/security/netbird/distinfo b/security/netbird/distinfo new file mode 100644 index 000000000000..e17c221ae8c9 --- /dev/null +++ b/security/netbird/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1742927796 +SHA256 (go/security_netbird/netbird-v0.41.2/v0.41.2.mod) = 3649cbceb472822d76d4ce2db77665ff47ba2573b0151b3e63a69ec063518320 +SIZE (go/security_netbird/netbird-v0.41.2/v0.41.2.mod) = 12115 +SHA256 (go/security_netbird/netbird-v0.41.2/v0.41.2.zip) = b1c371b36075221150f53a6d651ec9cab9e30263a2d55975b1587c43e6c29bb9 +SIZE (go/security_netbird/netbird-v0.41.2/v0.41.2.zip) = 2821494 diff --git a/security/netbird/files/netbird.in b/security/netbird/files/netbird.in new file mode 100644 index 000000000000..191491ea3604 --- /dev/null +++ b/security/netbird/files/netbird.in @@ -0,0 +1,18 @@ +#!/bin/sh +# +# PROVIDE: netbird +# REQUIRE: SERVERS +# KEYWORD: shutdown +# + +. /etc/rc.subr + +name="netbird" +netbird_env="IS_DAEMON=1" +pidfile="/var/run/${name}.pid" +command="/usr/sbin/daemon" +daemon_args="-P ${pidfile} -r -t \"${name}: daemon\"" +command_args="${daemon_args} /usr/local/bin/netbird service run --config /var/db/netbird/config.json --log-level info --daemon-addr unix:///var/run/netbird.sock --log-file /var/log/netbird/client.log" + +run_rc_command "$1" + diff --git a/security/netbird/pkg-descr b/security/netbird/pkg-descr new file mode 100644 index 000000000000..e3c155b98d5e --- /dev/null +++ b/security/netbird/pkg-descr @@ -0,0 +1,18 @@ +NetBird is an open-source WireGuard-based overlay network combined with +Zero Trust Network Access, providing secure and reliable connectivity +to internal resources. + +Key features: +- Zero-config VPN: Easily create secure connections between devices without +manual network setup. +- Built on WireGuard: Leverages WireGuard's high-performance encryption for +fast and secure communication. +- Self-hosted or Cloud-managed: Users can deploy their own NetBird management +server or use NetBird Cloud for centralized control. +- Access Control & Routing: Fine-grained access control policies and automatic +network routing simplify connectivity. +- This FreeBSD port provides the NetBird client daemon and CLI tools, allowing +FreeBSD systems to join a NetBird mesh network and securely communicate with +other peers. + +For more details, visit: https://netbird.io diff --git a/security/nss/Makefile b/security/nss/Makefile index 09562fac998f..95cf763e709b 100644 --- a/security/nss/Makefile +++ b/security/nss/Makefile @@ -1,5 +1,5 @@ PORTNAME= nss -PORTVERSION= 3.110 +PORTVERSION= 3.111 CATEGORIES= security MASTER_SITES= MOZILLA/security/${PORTNAME}/releases/${DISTNAME:tu:C/[-.]/_/g}_RTM/src diff --git a/security/nss/distinfo b/security/nss/distinfo index 3fbdceaaab66..62ed0eddbcaa 100644 --- a/security/nss/distinfo +++ b/security/nss/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1743259058 -SHA256 (nss-3.110.tar.gz) = 9cd610c40422a07771b9b45166be2d052ea2f00b605a7928129e1f2071b3ae27 -SIZE (nss-3.110.tar.gz) = 76616684 +TIMESTAMP = 1746465088 +SHA256 (nss-3.111.tar.gz) = 5a4d5a44e91ef03cdc0c4897cf616e3c92f4e590ea835d3e0ccad8b005bd73c6 +SIZE (nss-3.111.tar.gz) = 76617947 diff --git a/security/quantis-kmod/Makefile b/security/quantis-kmod/Makefile index dfe765e1d376..15b2f7cc4ca1 100644 --- a/security/quantis-kmod/Makefile +++ b/security/quantis-kmod/Makefile @@ -13,9 +13,7 @@ LICENSE= BSD3CLAUSE GPLv2 LICENSE_COMB= dual LICENSE_FILE= ${WRKDIR}/Quantis-${DISTVERSION}/License.txt -USES= kmod uidfix zip:infozip - -EXTRACT_BEFORE_ARGS= -aqo +USES= kmod uidfix zip WRKSRC= ${WRKDIR}/Quantis-${DISTVERSION}/Drivers/Unix/QuantisPci diff --git a/security/timestamp-authority/Makefile b/security/timestamp-authority/Makefile index b2282b914160..4cd5f0730b71 100644 --- a/security/timestamp-authority/Makefile +++ b/security/timestamp-authority/Makefile @@ -1,6 +1,6 @@ PORTNAME= timestamp-authority DISTVERSIONPREFIX= v -DISTVERSION= 1.2.6 +DISTVERSION= 1.2.7 CATEGORIES= security MAINTAINER= bofh@FreeBSD.org diff --git a/security/timestamp-authority/distinfo b/security/timestamp-authority/distinfo index c3840e7d5dd9..03f2671e11af 100644 --- a/security/timestamp-authority/distinfo +++ b/security/timestamp-authority/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1746365906 -SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.6/v1.2.6.mod) = c4aefce5738d70dd5cc0ee2a3556d3642d63b23ff348295668aec953dc417cb1 -SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.6/v1.2.6.mod) = 7778 -SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.6/v1.2.6.zip) = a9fad76a867bc16dbd893a08d286c24eff93b49b00c64e8a051da58df5c154dc -SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.6/v1.2.6.zip) = 196254 +TIMESTAMP = 1747046090 +SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.7/v1.2.7.mod) = da0bc96c124c843139cd1cd9230cbd0a574307b8c225cb42a18855ca2b47dd84 +SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.7/v1.2.7.mod) = 7936 +SHA256 (go/security_timestamp-authority/timestamp-authority-v1.2.7/v1.2.7.zip) = e489c5c7fd2c4aceee11db18f2beb3e0e64c149cf60f7a709d7e6bc56930b8c3 +SIZE (go/security_timestamp-authority/timestamp-authority-v1.2.7/v1.2.7.zip) = 195580 diff --git a/security/tpm2-abrmd/Makefile b/security/tpm2-abrmd/Makefile index 0e4b4e89641a..00e8255f5b4c 100644 --- a/security/tpm2-abrmd/Makefile +++ b/security/tpm2-abrmd/Makefile @@ -1,6 +1,6 @@ PORTNAME= tpm2-abrmd DISTVERSION= 3.0.0 -PORTREVISION= 3 +PORTREVISION= 4 CATEGORIES= security MASTER_SITES= https://github.com/tpm2-software/tpm2-abrmd/releases/download/${DISTVERSION}/ @@ -17,7 +17,7 @@ RUN_DEPENDS= dbus-daemon:devel/dbus USES= gmake libtool pkgconfig gnome USE_LDCONFIG= yes USE_GNOME= glib20 -USE_RC_SUBR= tpm2-abrmd +USE_RC_SUBR= tpm2_abrmd GNU_CONFIGURE= yes GNU_CONFIGURE_MANPREFIX=${PREFIX}/share @@ -28,9 +28,6 @@ USERS= _tss SUB_LIST= DBUS_DAEMON=dbus -pre-install: - @${INSTALL_DATA} ${FILESDIR}/tpm2-abrmd-devd.conf ${STAGEDIR}${PREFIX}/etc/devd - post-install: @${RM} ${STAGEDIR}${PREFIX}/lib/systemd/system-preset/tpm2-abrmd.preset @${RM} ${STAGEDIR}${PREFIX}/lib/systemd/system/tpm2-abrmd.service diff --git a/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf b/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf index 755942458792..29c02ab9640d 100644 --- a/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf +++ b/security/tpm2-abrmd/files/patch-dist_tpm2-abrmd.conf @@ -1,25 +1,37 @@ --- dist/tpm2-abrmd.conf.orig 2022-05-09 15:39:53 UTC +++ dist/tpm2-abrmd.conf -@@ -2,7 +2,7 @@ +@@ -2,27 +2,25 @@ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd"> <busconfig> <!-- ../system.conf have denied everything, so we just punch some holes --> - <policy user="tss"> -+ <policy user="_tss"> - <allow own="com.intel.tss2.Tabrmd"/> - </policy> +- <allow own="com.intel.tss2.Tabrmd"/> +- </policy> +- <policy user="root"> +- <allow own="com.intel.tss2.Tabrmd"/> +- </policy> + <!-- Match /dev/tpmrm0 permissions tss tss 0660 --> <policy user="root"> -@@ -17,11 +17,11 @@ <allow send_destination="com.intel.tss2.Tabrmd"/> <allow receive_sender="com.intel.tss2.Tabrmd"/> ++ <allow own="com.intel.tss2.Tabrmd"/> + </policy> +- <policy group="root"> ++ <policy group="wheel"> + <allow send_destination="com.intel.tss2.Tabrmd"/> + <allow receive_sender="com.intel.tss2.Tabrmd"/> ++ <allow own="com.intel.tss2.Tabrmd"/> </policy> - <policy user="tss"> + <policy user="_tss"> <allow send_destination="com.intel.tss2.Tabrmd"/> <allow receive_sender="com.intel.tss2.Tabrmd"/> ++ <allow own="com.intel.tss2.Tabrmd"/> </policy> - <policy group="tss"> + <policy group="_tss"> <allow send_destination="com.intel.tss2.Tabrmd"/> <allow receive_sender="com.intel.tss2.Tabrmd"/> ++ <allow own="com.intel.tss2.Tabrmd"/> </policy> + </busconfig> diff --git a/security/tpm2-abrmd/files/patch-src_response-sink.c b/security/tpm2-abrmd/files/patch-src_response-sink.c new file mode 100644 index 000000000000..a54debd6835a --- /dev/null +++ b/security/tpm2-abrmd/files/patch-src_response-sink.c @@ -0,0 +1,11 @@ +--- src/response-sink.c.orig 2025-02-22 21:59:15 UTC ++++ src/response-sink.c +@@ -188,7 +188,7 @@ response_sink_process_response (Tpm2Response *response + + g_debug ("%s: writing 0x%x bytes", __func__, size); + g_debug_bytes (buffer, size, 16, 4); +- written = write_all (ostream, buffer, size); ++ written = g_write_all (ostream, buffer, size); + g_object_unref (connection); + + return written; diff --git a/security/tpm2-abrmd/files/patch-src_tcti-tabrmd.c b/security/tpm2-abrmd/files/patch-src_tcti-tabrmd.c new file mode 100644 index 000000000000..4af7e9727b29 --- /dev/null +++ b/security/tpm2-abrmd/files/patch-src_tcti-tabrmd.c @@ -0,0 +1,11 @@ +--- src/tcti-tabrmd.c.orig 2025-02-22 21:59:15 UTC ++++ src/tcti-tabrmd.c +@@ -46,7 +46,7 @@ tss2_tcti_tabrmd_transmit (TSS2_TCTI_CONTEXT *context, + g_debug_bytes (command, size, 16, 4); + ostream = g_io_stream_get_output_stream (TSS2_TCTI_TABRMD_IOSTREAM (context)); + g_debug ("%s: blocking write on ostream", __func__); +- write_ret = write_all (ostream, command, size); ++ write_ret = g_write_all (ostream, command, size); + /* should switch on possible errors to translate to TSS2 error codes */ + switch (write_ret) { + case -1: diff --git a/security/tpm2-abrmd/files/patch-src_util.c b/security/tpm2-abrmd/files/patch-src_util.c new file mode 100644 index 000000000000..32c36126c75b --- /dev/null +++ b/security/tpm2-abrmd/files/patch-src_util.c @@ -0,0 +1,11 @@ +--- src/util.c.orig 2025-02-22 21:59:15 UTC ++++ src/util.c +@@ -68,7 +68,7 @@ ssize_t + /** Write as many of the size bytes from buf to fd as possible. + */ + ssize_t +-write_all (GOutputStream *ostream, ++g_write_all (GOutputStream *ostream, + const uint8_t *buf, + const size_t size) + { diff --git a/security/tpm2-abrmd/files/patch-src_util.h b/security/tpm2-abrmd/files/patch-src_util.h new file mode 100644 index 000000000000..2c8936779c7f --- /dev/null +++ b/security/tpm2-abrmd/files/patch-src_util.h @@ -0,0 +1,11 @@ +--- src/util.h.orig 2025-02-22 21:59:15 UTC ++++ src/util.h +@@ -79,7 +79,7 @@ typedef TSS2_RC (*KeyValueFunc) (const key_value_t* ke + #define TPMA_CC_RES(attrs) (attrs.val & 0xc0000000) + */ + +-ssize_t write_all (GOutputStream *ostream, ++ssize_t g_write_all (GOutputStream *ostream, + const uint8_t *buf, + const size_t size); + int read_data (GInputStream *istream, diff --git a/security/tpm2-abrmd/files/tpm2-abrmd-devd.conf b/security/tpm2-abrmd/files/tpm2-abrmd-devd.conf deleted file mode 100644 index f7f4091a25a5..000000000000 --- a/security/tpm2-abrmd/files/tpm2-abrmd-devd.conf +++ /dev/null @@ -1,9 +0,0 @@ -# Allow members of _tss group to access tpm device - -notify 100 { - match "system" "DEVFS"; - match "subsystem" "CDEV"; - match "type" "CREATE"; - match "cdev" "tpm[0-9]+"; - action "chgrp _tss /dev/tpm0; chmod g+rw /dev/tpm0"; -}; diff --git a/security/tpm2-abrmd/files/tpm2-abrmd.in b/security/tpm2-abrmd/files/tpm2_abrmd.in index 62d61d98b1d6..62d61d98b1d6 100644 --- a/security/tpm2-abrmd/files/tpm2-abrmd.in +++ b/security/tpm2-abrmd/files/tpm2_abrmd.in diff --git a/security/tpm2-abrmd/pkg-message b/security/tpm2-abrmd/pkg-message new file mode 100644 index 000000000000..cfc2c09fdf0b --- /dev/null +++ b/security/tpm2-abrmd/pkg-message @@ -0,0 +1,10 @@ +[ +{ type: install + message: <<EOM +Please add the following lines to /etc/devfs.conf as tpm2-abrmd needs /dev/tpm0 +to be mode 0660 and group _tss: +perm tpm0 0660 +own tpm0 root:_tss +EOM +} +] diff --git a/security/tpm2-abrmd/pkg-plist b/security/tpm2-abrmd/pkg-plist index d20a9a42b2ca..978d156f8219 100644 --- a/security/tpm2-abrmd/pkg-plist +++ b/security/tpm2-abrmd/pkg-plist @@ -1,6 +1,5 @@ include/tss2/tss2-tcti-tabrmd.h etc/dbus-1/system.d/tpm2-abrmd.conf -etc/devd/tpm2-abrmd-devd.conf lib/libtss2-tcti-tabrmd.a lib/libtss2-tcti-tabrmd.so lib/libtss2-tcti-tabrmd.so.0 diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index a9af758de7a4..8bcfd16d2c2e 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,243 @@ + <vuln vid="89c668d5-2f80-11f0-9632-641c67a117d8"> + <topic>www/varnish7 -- Request Smuggling Attack</topic> + <affects> + <package> + <name>varnish7</name> + <range><lt>7.7.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Varnish Development Team reports:</p> + <blockquote cite="https://varnish-cache.org/security/VSV00016.html"> + <p>A client-side desync vulnerability can be triggered in Varnish Cache + and Varnish Enterprise. This vulnerability can be triggered under + specific circumstances involving malformed HTTP/1 requests.</p> + <p>An attacker can abuse a flaw in Varnish's handling of chunked + transfer encoding which allows certain malformed HTTP/1 requests + to exploit improper framing of the message body to smuggle additional + requests. Specifically, Varnish incorrectly permits CRLF to be + skipped to delimit chunk boundaries.</p> + </blockquote> + </body> + </description> + <references> + <url>https://varnish-cache.org/security/VSV00016.html</url> + </references> + <dates> + <discovery>2025-05-12</discovery> + <entry>2025-05-12</entry> + </dates> + </vuln> + + <vuln vid="a8a1a8e7-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- memory corrupton</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1924108%2C1950780%2C1959367"> + <p>Memory safety bugs present in Firefox 137 and Thunderbird 137. + Some of these bugs showed evidence of memory corruption and + we presume that with enough effort some of these could have + been exploited to run arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4092</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4092</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + + <vuln vid="a59bd59e-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- insufficient character escaping</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/buglist.cgi?bug_id=1949994%2C1956698%2C1960198"> + <p>Due to insufficient escaping of special characters in the + "copy as cURL" feature, an attacker could trick + a user into using this command, potentially leading to local + code execution on the user's system.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4089</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4089</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + + <vuln vid="a4422500-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- Cross-Site Request Forgery</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1953521"> + <p>A security vulnerability in Thunderbird allowed malicious + sites to use redirects to send credentialed requests to + arbitrary endpoints on any site that had invoked the Storage + Access API. This enabled potential Cross-Site Request + Forgery attacks across origins.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4088</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4088</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + + <vuln vid="a2d5bd7b-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- XPath parsing undefined behavior</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.10,1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1952465"> + <p>A vulnerability was identified in Thunderbird where XPath + parsing could trigger undefined behavior due to missing null + checks during attribute access. This could lead to + out-of-bounds read access and potentially, memory + corruption.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4087</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4087</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + + <vuln vid="9fa8c4a2-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- Information leak</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1915280"> + <p>An attacker with control over a content process could + potentially leverage the privileged UITour actor to leak + sensitive information or escalate privileges.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4085</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4085</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + + <vuln vid="9c37a02e-2e85-11f0-a989-b42e991fc52e"> + <topic>Mozilla -- javescript content execution</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>138.0,2</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>128.10,1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>138.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>security@mozilla.org reports:</p> + <blockquote cite="https://bugzilla.mozilla.org/show_bug.cgi?id=1958350"> + <p>A process isolation vulnerability in Thunderbird stemmed + from improper handling of javascript: URIs, which could + allow content to execute in the top-level document's + process instead of the intended frame, potentially enabling + a sandbox escape.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-4083</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-4083</url> + </references> + <dates> + <discovery>2025-04-29</discovery> + <entry>2025-05-11</entry> + </dates> + </vuln> + <vuln vid="6943cbf2-2d55-11f0-9471-2cf05da270f3"> <topic>Gitlab -- vulnerabilities</topic> <affects> |