git: 5dc2ee9224b8 - 2023Q2 - security/zeek: Update to 5.0.8
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 12 Apr 2023 06:21:15 UTC
The branch 2023Q2 has been updated by leres:
URL: https://cgit.FreeBSD.org/ports/commit/?id=5dc2ee9224b8a4f7ce7f49f67d34a43a2a4044a0
commit 5dc2ee9224b8a4f7ce7f49f67d34a43a2a4044a0
Author: Craig Leres <leres@FreeBSD.org>
AuthorDate: 2023-04-12 06:18:39 +0000
Commit: Craig Leres <leres@FreeBSD.org>
CommitDate: 2023-04-12 06:21:00 +0000
security/zeek: Update to 5.0.8
https://github.com/zeek/zeek/releases/tag/v5.0.8
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted stream of FTP packets containing a command
reply with many intermediate lines can cause Zeek to spend a
large amount of time processing data.
- A specially-crafted set of packets containing extremely large
file offsets cause cause the reassembler code to allocate large
amounts of memory.
- The DNS manager does not correctly expire responses that don't
contain any data, such those containing NXDOMAIN or NODATA status
codes. This can lead to Zeek allocating large amounts of memory
for these responses and never deallocating them.
- A specially-crafted stream of RDP packets can cause Zeek to spend
large protocol validation.
- A specially-crafted stream of SMTP packets can cause Zeek to
spend large amounts of time processing data.
This release fixes the following bugs:
- Data stores used by the known-{hosts,certs,services} policies
now default to using local stores instead of Broker stores.
- The VXLAN and Geneve report analyzer confirmations once their
protocols have been fully parsed, but before attempting to forward
to the tunneled packets to other analyzers.
- New wierds were added to the AYIYA, Geneve, and VXLAN analyzers
(ayiya_empty_packet, geneve_empty_packet, and vxlan_empty_packet).
- A new script-level option Pcap::non_fd_timeout was added to allow
fine-tuning the amount of time to sleep on each IO loop when
using a packet source that doesn't provide a file descriptor
(e.g. Myricom).
- Avoid attempting to retrieve packets during every loop for a
packet source, instead switching to a predictive approach that
keeps track of whether or not that packet source has previously
seen traffic.
Reported by: Tim Wojtulewicz
Security: 96d6809a-81df-46d4-87ed-2f78c79f06b1
(cherry picked from commit 7705f7bbc42db52bc8bb6686738580b89b49f347)
---
security/zeek/Makefile | 2 +-
security/zeek/distinfo | 6 +++---
security/zeek/pkg-plist | 1 +
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/security/zeek/Makefile b/security/zeek/Makefile
index bd19db02f84e..c574c4be6b51 100644
--- a/security/zeek/Makefile
+++ b/security/zeek/Makefile
@@ -1,5 +1,5 @@
PORTNAME= zeek
-DISTVERSION= 5.0.7
+DISTVERSION= 5.0.8
CATEGORIES= security
MASTER_SITES= https://download.zeek.org/
DISTFILES= ${DISTNAME}${EXTRACT_SUFX}
diff --git a/security/zeek/distinfo b/security/zeek/distinfo
index e7a1a8a92fc2..a0457e156766 100644
--- a/security/zeek/distinfo
+++ b/security/zeek/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1677013835
-SHA256 (zeek-5.0.7.tar.gz) = dbb9788260269c5a75eb5d18fd9ad0df1f06f00757cdde9d86994b35428b5776
-SIZE (zeek-5.0.7.tar.gz) = 42798267
+TIMESTAMP = 1681277857
+SHA256 (zeek-5.0.8.tar.gz) = 82fd72c7078fbdb4c025569a6e31fa7f8b9876ca37aab8ac24db92b0c589d2bf
+SIZE (zeek-5.0.8.tar.gz) = 42896663
SHA256 (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = d37a69babfbb62a51a2413d6b83ae792ce1e7f1ccb1d51bd6b209a10fe5c4d75
SIZE (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = 9100
diff --git a/security/zeek/pkg-plist b/security/zeek/pkg-plist
index 687552ce21bc..bfae01ab3d1e 100644
--- a/security/zeek/pkg-plist
+++ b/security/zeek/pkg-plist
@@ -1288,6 +1288,7 @@ lib/zeek/python/broker/zeek.py
%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/lb_myricom.py
%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/lb_pf_ring.py
%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/ps.py
+%%ZEEKCTL%%lib/zeek/python/zeekctl/plugins/zeek_port_warning.py
%%ZEEKCTL%%man/man1/trace-summary.1.gz
man/man1/zeek-cut.1.gz
man/man8/zeek.8.gz