Date: Wed, 22 Sep 2021 22:20:02 GMT From: Craig Leres <leres@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: b45eb65a92c2 - main - security/zeek: Update to 4.0.4 Message-ID: <202109222220.18MMK2xQ047952@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by leres: URL: https://cgit.FreeBSD.org/ports/commit/?id=b45eb65a92c227e19553d291f1855c203d472e0f commit b45eb65a92c227e19553d291f1855c203d472e0f Author: Craig Leres <leres@FreeBSD.org> AuthorDate: 2021-09-22 22:15:09 +0000 Commit: Craig Leres <leres@FreeBSD.org> CommitDate: 2021-09-22 22:15:09 +0000 security/zeek: Update to 4.0.4 https://github.com/zeek/zeek/releases/tag/v4.0.4 This release fixes two vulnerabilities: - Paths from log stream make it into system() unchecked, potentially leading to commands being run on the system unintentionally. This requires either bad scripting or a malicious package to be installed, and is considered low severity. - Fix potential unbounded state growth in the PIA analyzer when receiving a connection with either a large number of zero-length packets, or one which continues ack-ing unseen segments. It is possible to run Zeek out of memory in these instances and cause it to crash. Due to the possibility of this happening with packets received from the network, this is a potential DoS vulnerability. Other fixes: - The highwayhash submodule was updated to fix a build failure on FreeBSD 14. - Packet sources that don't have a selectable file descriptor could potentially prevent the network time from ever updating, which would have adverse effects on the primary run loop such as preventing timers from executing. - Specific conditions in the run loop could lead RotationTimers to get into an infinite loop. - Specially crafted HTTP packets could avoid the HTTP analyzer. - Zeekctl crashes using the zeekctl status command if the StatusCmdShowAll option is set to 1 in zeekctl.cfg. - The ignore_checksum_nets option does not work correctly if configured with multiple subnets. Reported by: Tim Wojtulewicz Security: d4d21998-bdc4-4a09-9849-2898d9b41459 --- security/zeek/Makefile | 3 +-- security/zeek/distinfo | 6 +++--- .../patch-auxil_highwayhash_highwayhash_os__specific.cc | 12 ------------ 3 files changed, 4 insertions(+), 17 deletions(-) diff --git a/security/zeek/Makefile b/security/zeek/Makefile index 079fe58c9824..06325a3c57be 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,8 +1,7 @@ # Created by: David O'Brien <obrien@FreeBSD.org> PORTNAME= zeek -PORTVERSION= 4.0.3 -PORTREVISION= 1 +PORTVERSION= 4.0.4 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} diff --git a/security/zeek/distinfo b/security/zeek/distinfo index 3256e42c8908..2d836a70b137 100644 --- a/security/zeek/distinfo +++ b/security/zeek/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1625606511 -SHA256 (zeek-4.0.3.tar.gz) = 33ee6b2aa96d127b7273ce337552bc7b2abf4910aa7a431dfc9ec606a4e233db -SIZE (zeek-4.0.3.tar.gz) = 29432987 +TIMESTAMP = 1632345196 +SHA256 (zeek-4.0.4.tar.gz) = d9991de344fa8ed8c92d130837309655dc9e22c4f5e53c141dce6deee5c0505c +SIZE (zeek-4.0.4.tar.gz) = 30981125 SHA256 (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = d37a69babfbb62a51a2413d6b83ae792ce1e7f1ccb1d51bd6b209a10fe5c4d75 SIZE (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = 9100 diff --git a/security/zeek/files/patch-auxil_highwayhash_highwayhash_os__specific.cc b/security/zeek/files/patch-auxil_highwayhash_highwayhash_os__specific.cc deleted file mode 100644 index 65ac1859a18b..000000000000 --- a/security/zeek/files/patch-auxil_highwayhash_highwayhash_os__specific.cc +++ /dev/null @@ -1,12 +0,0 @@ ---- auxil/highwayhash/highwayhash/os_specific.cc.orig 2021-07-06 20:10:10 UTC -+++ auxil/highwayhash/highwayhash/os_specific.cc -@@ -53,8 +53,8 @@ - - #ifdef __FreeBSD__ - #define OS_FREEBSD 1 --#include <sys/cpuset.h> - #include <sys/param.h> -+#include <sys/cpuset.h> /* must come after sys/param.h */ - #include <unistd.h> - #else - #define OS_FREEBSD 0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202109222220.18MMK2xQ047952>