Date: Sat, 10 Aug 2019 16:46:45 +0000 (UTC) From: Craig Leres <leres@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r508498 - branches/2019Q3/security/bro Message-ID: <201908101646.x7AGkjYm059244@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: leres Date: Sat Aug 10 16:46:45 2019 New Revision: 508498 URL: https://svnweb.freebsd.org/changeset/ports/508498 Log: MFH: r508458 security/bro: Update to 2.6.3 and address potential denial of service vulnerabilities: https://raw.githubusercontent.com/zeek/zeek/1d874e5548a58b3b8fd2a342fe4aa0944e779809/NEWS - Null pointer dereference in the RPC analysis code. RPC analyzers (e.g. MOUNT or NFS) are not enabled in the default configuration. - Signed integer overflow in BinPAC-generated parser code. The result of this is Undefined Behavior with respect to the array bounds checking conditions that BinPAC generates, so it's unpredictable what an optimizing compiler may actually do under the assumption that signed integer overlows should never happen. The specific symptom which lead to finding this issue was with the PE analyzer causing out-of-memory crashes due to large allocations that were otherwise prevented when the array bounds checking logic was changed to prevent any possible signed integer overlow. Approved by: matthew (mentor, implicit) Security: f56669f5-d799-4ff5-9174-64a6d571c451 Approved by: ports-secteam (miwi) Modified: branches/2019Q3/security/bro/Makefile branches/2019Q3/security/bro/distinfo Directory Properties: branches/2019Q3/ (props changed) Modified: branches/2019Q3/security/bro/Makefile ============================================================================== --- branches/2019Q3/security/bro/Makefile Sat Aug 10 15:40:38 2019 (r508497) +++ branches/2019Q3/security/bro/Makefile Sat Aug 10 16:46:45 2019 (r508498) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= bro -PORTVERSION= 2.6.2 +PORTVERSION= 2.6.3 CATEGORIES= security MASTER_SITES= https://www.zeek.org/downloads/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} Modified: branches/2019Q3/security/bro/distinfo ============================================================================== --- branches/2019Q3/security/bro/distinfo Sat Aug 10 15:40:38 2019 (r508497) +++ branches/2019Q3/security/bro/distinfo Sat Aug 10 16:46:45 2019 (r508498) @@ -1,5 +1,5 @@ -TIMESTAMP = 1559318790 -SHA256 (bro-2.6.2.tar.gz) = 6df6876f3f7b1dd8afeb3d5f88bfb9269f52d5d796258c4414bdd91aa2eac0a6 -SIZE (bro-2.6.2.tar.gz) = 28477996 +TIMESTAMP = 1565320389 +SHA256 (bro-2.6.3.tar.gz) = 469dd7456af388ba65d8722fbfdd5b9182f14def16149aa5ebceb1cfd881697f +SIZE (bro-2.6.3.tar.gz) = 28480249 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b SIZE (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 24630
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908101646.x7AGkjYm059244>