From owner-svn-ports-all@freebsd.org  Sat Aug 10 16:46:46 2019
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 24C93C067C;
 Sat, 10 Aug 2019 16:46:46 +0000 (UTC)
 (envelope-from leres@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 465SgV052rz3QHF;
 Sat, 10 Aug 2019 16:46:46 +0000 (UTC)
 (envelope-from leres@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D45DCB73;
 Sat, 10 Aug 2019 16:46:45 +0000 (UTC)
 (envelope-from leres@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x7AGkjIV059245;
 Sat, 10 Aug 2019 16:46:45 GMT (envelope-from leres@FreeBSD.org)
Received: (from leres@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x7AGkjYm059244;
 Sat, 10 Aug 2019 16:46:45 GMT (envelope-from leres@FreeBSD.org)
Message-Id: <201908101646.x7AGkjYm059244@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: leres set sender to
 leres@FreeBSD.org using -f
From: Craig Leres <leres@FreeBSD.org>
Date: Sat, 10 Aug 2019 16:46:45 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-branches@freebsd.org
Subject: svn commit: r508498 - branches/2019Q3/security/bro
X-SVN-Group: ports-branches
X-SVN-Commit-Author: leres
X-SVN-Commit-Paths: branches/2019Q3/security/bro
X-SVN-Commit-Revision: 508498
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Aug 2019 16:46:46 -0000

Author: leres
Date: Sat Aug 10 16:46:45 2019
New Revision: 508498
URL: https://svnweb.freebsd.org/changeset/ports/508498

Log:
  MFH: r508458
  
  security/bro: Update to 2.6.3 and address potential denial of service
  vulnerabilities:
  
      https://raw.githubusercontent.com/zeek/zeek/1d874e5548a58b3b8fd2a342fe4aa0944e779809/NEWS
  
   - Null pointer dereference in the RPC analysis code. RPC analyzers
     (e.g. MOUNT or NFS) are not enabled in the default configuration.
  
   - Signed integer overflow in BinPAC-generated parser code.  The
     result of this is Undefined Behavior with respect to the array
     bounds checking conditions that BinPAC generates, so it's
     unpredictable what an optimizing compiler may actually do under
     the assumption that signed integer overlows should never happen.
     The specific symptom which lead to finding this issue was with
     the PE analyzer causing out-of-memory crashes due to large
     allocations that were otherwise prevented when the array bounds
     checking logic was changed to prevent any possible signed integer
     overlow.
  
  Approved by:	matthew (mentor, implicit)
  Security:	f56669f5-d799-4ff5-9174-64a6d571c451
  
  Approved by:	ports-secteam (miwi)

Modified:
  branches/2019Q3/security/bro/Makefile
  branches/2019Q3/security/bro/distinfo
Directory Properties:
  branches/2019Q3/   (props changed)

Modified: branches/2019Q3/security/bro/Makefile
==============================================================================
--- branches/2019Q3/security/bro/Makefile	Sat Aug 10 15:40:38 2019	(r508497)
+++ branches/2019Q3/security/bro/Makefile	Sat Aug 10 16:46:45 2019	(r508498)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	bro
-PORTVERSION=	2.6.2
+PORTVERSION=	2.6.3
 CATEGORIES=	security
 MASTER_SITES=	https://www.zeek.org/downloads/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}

Modified: branches/2019Q3/security/bro/distinfo
==============================================================================
--- branches/2019Q3/security/bro/distinfo	Sat Aug 10 15:40:38 2019	(r508497)
+++ branches/2019Q3/security/bro/distinfo	Sat Aug 10 16:46:45 2019	(r508498)
@@ -1,5 +1,5 @@
-TIMESTAMP = 1559318790
-SHA256 (bro-2.6.2.tar.gz) = 6df6876f3f7b1dd8afeb3d5f88bfb9269f52d5d796258c4414bdd91aa2eac0a6
-SIZE (bro-2.6.2.tar.gz) = 28477996
+TIMESTAMP = 1565320389
+SHA256 (bro-2.6.3.tar.gz) = 469dd7456af388ba65d8722fbfdd5b9182f14def16149aa5ebceb1cfd881697f
+SIZE (bro-2.6.3.tar.gz) = 28480249
 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b
 SIZE (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 24630