Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 10 Aug 2019 16:46:45 +0000 (UTC)
From:      Craig Leres <leres@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r508498 - branches/2019Q3/security/bro
Message-ID:  <201908101646.x7AGkjYm059244@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: leres
Date: Sat Aug 10 16:46:45 2019
New Revision: 508498
URL: https://svnweb.freebsd.org/changeset/ports/508498

Log:
  MFH: r508458
  
  security/bro: Update to 2.6.3 and address potential denial of service
  vulnerabilities:
  
      https://raw.githubusercontent.com/zeek/zeek/1d874e5548a58b3b8fd2a342fe4aa0944e779809/NEWS
  
   - Null pointer dereference in the RPC analysis code. RPC analyzers
     (e.g. MOUNT or NFS) are not enabled in the default configuration.
  
   - Signed integer overflow in BinPAC-generated parser code.  The
     result of this is Undefined Behavior with respect to the array
     bounds checking conditions that BinPAC generates, so it's
     unpredictable what an optimizing compiler may actually do under
     the assumption that signed integer overlows should never happen.
     The specific symptom which lead to finding this issue was with
     the PE analyzer causing out-of-memory crashes due to large
     allocations that were otherwise prevented when the array bounds
     checking logic was changed to prevent any possible signed integer
     overlow.
  
  Approved by:	matthew (mentor, implicit)
  Security:	f56669f5-d799-4ff5-9174-64a6d571c451
  
  Approved by:	ports-secteam (miwi)

Modified:
  branches/2019Q3/security/bro/Makefile
  branches/2019Q3/security/bro/distinfo
Directory Properties:
  branches/2019Q3/   (props changed)

Modified: branches/2019Q3/security/bro/Makefile
==============================================================================
--- branches/2019Q3/security/bro/Makefile	Sat Aug 10 15:40:38 2019	(r508497)
+++ branches/2019Q3/security/bro/Makefile	Sat Aug 10 16:46:45 2019	(r508498)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	bro
-PORTVERSION=	2.6.2
+PORTVERSION=	2.6.3
 CATEGORIES=	security
 MASTER_SITES=	https://www.zeek.org/downloads/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}

Modified: branches/2019Q3/security/bro/distinfo
==============================================================================
--- branches/2019Q3/security/bro/distinfo	Sat Aug 10 15:40:38 2019	(r508497)
+++ branches/2019Q3/security/bro/distinfo	Sat Aug 10 16:46:45 2019	(r508498)
@@ -1,5 +1,5 @@
-TIMESTAMP = 1559318790
-SHA256 (bro-2.6.2.tar.gz) = 6df6876f3f7b1dd8afeb3d5f88bfb9269f52d5d796258c4414bdd91aa2eac0a6
-SIZE (bro-2.6.2.tar.gz) = 28477996
+TIMESTAMP = 1565320389
+SHA256 (bro-2.6.3.tar.gz) = 469dd7456af388ba65d8722fbfdd5b9182f14def16149aa5ebceb1cfd881697f
+SIZE (bro-2.6.3.tar.gz) = 28480249
 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b
 SIZE (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 24630



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908101646.x7AGkjYm059244>