From owner-dev-commits-ports-all@freebsd.org Wed Sep 22 22:20:03 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 07F63673215; Wed, 22 Sep 2021 22:20:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HFCQp6rL5z3jK2; Wed, 22 Sep 2021 22:20:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id C7BF91F1DC; Wed, 22 Sep 2021 22:20:02 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 18MMK2ta047956; Wed, 22 Sep 2021 22:20:02 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 18MMK2xQ047952; Wed, 22 Sep 2021 22:20:02 GMT (envelope-from git) Date: Wed, 22 Sep 2021 22:20:02 GMT Message-Id: <202109222220.18MMK2xQ047952@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Craig Leres Subject: git: b45eb65a92c2 - main - security/zeek: Update to 4.0.4 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: leres X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: b45eb65a92c227e19553d291f1855c203d472e0f Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2021 22:20:03 -0000 The branch main has been updated by leres: URL: https://cgit.FreeBSD.org/ports/commit/?id=b45eb65a92c227e19553d291f1855c203d472e0f commit b45eb65a92c227e19553d291f1855c203d472e0f Author: Craig Leres AuthorDate: 2021-09-22 22:15:09 +0000 Commit: Craig Leres CommitDate: 2021-09-22 22:15:09 +0000 security/zeek: Update to 4.0.4 https://github.com/zeek/zeek/releases/tag/v4.0.4 This release fixes two vulnerabilities: - Paths from log stream make it into system() unchecked, potentially leading to commands being run on the system unintentionally. This requires either bad scripting or a malicious package to be installed, and is considered low severity. - Fix potential unbounded state growth in the PIA analyzer when receiving a connection with either a large number of zero-length packets, or one which continues ack-ing unseen segments. It is possible to run Zeek out of memory in these instances and cause it to crash. Due to the possibility of this happening with packets received from the network, this is a potential DoS vulnerability. Other fixes: - The highwayhash submodule was updated to fix a build failure on FreeBSD 14. - Packet sources that don't have a selectable file descriptor could potentially prevent the network time from ever updating, which would have adverse effects on the primary run loop such as preventing timers from executing. - Specific conditions in the run loop could lead RotationTimers to get into an infinite loop. - Specially crafted HTTP packets could avoid the HTTP analyzer. - Zeekctl crashes using the zeekctl status command if the StatusCmdShowAll option is set to 1 in zeekctl.cfg. - The ignore_checksum_nets option does not work correctly if configured with multiple subnets. Reported by: Tim Wojtulewicz Security: d4d21998-bdc4-4a09-9849-2898d9b41459 --- security/zeek/Makefile | 3 +-- security/zeek/distinfo | 6 +++--- .../patch-auxil_highwayhash_highwayhash_os__specific.cc | 12 ------------ 3 files changed, 4 insertions(+), 17 deletions(-) diff --git a/security/zeek/Makefile b/security/zeek/Makefile index 079fe58c9824..06325a3c57be 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,8 +1,7 @@ # Created by: David O'Brien PORTNAME= zeek -PORTVERSION= 4.0.3 -PORTREVISION= 1 +PORTVERSION= 4.0.4 CATEGORIES= security MASTER_SITES= https://download.zeek.org/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} diff --git a/security/zeek/distinfo b/security/zeek/distinfo index 3256e42c8908..2d836a70b137 100644 --- a/security/zeek/distinfo +++ b/security/zeek/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1625606511 -SHA256 (zeek-4.0.3.tar.gz) = 33ee6b2aa96d127b7273ce337552bc7b2abf4910aa7a431dfc9ec606a4e233db -SIZE (zeek-4.0.3.tar.gz) = 29432987 +TIMESTAMP = 1632345196 +SHA256 (zeek-4.0.4.tar.gz) = d9991de344fa8ed8c92d130837309655dc9e22c4f5e53c141dce6deee5c0505c +SIZE (zeek-4.0.4.tar.gz) = 30981125 SHA256 (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = d37a69babfbb62a51a2413d6b83ae792ce1e7f1ccb1d51bd6b209a10fe5c4d75 SIZE (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = 9100 diff --git a/security/zeek/files/patch-auxil_highwayhash_highwayhash_os__specific.cc b/security/zeek/files/patch-auxil_highwayhash_highwayhash_os__specific.cc deleted file mode 100644 index 65ac1859a18b..000000000000 --- a/security/zeek/files/patch-auxil_highwayhash_highwayhash_os__specific.cc +++ /dev/null @@ -1,12 +0,0 @@ ---- auxil/highwayhash/highwayhash/os_specific.cc.orig 2021-07-06 20:10:10 UTC -+++ auxil/highwayhash/highwayhash/os_specific.cc -@@ -53,8 +53,8 @@ - - #ifdef __FreeBSD__ - #define OS_FREEBSD 1 --#include - #include -+#include /* must come after sys/param.h */ - #include - #else - #define OS_FREEBSD 0