git: 274b20e4c81e - main - security/zeek: Update to 4.0.1 to fix null-pointer dereference and potential DOS

Craig Leres leres at FreeBSD.org
Wed Apr 21 21:18:47 UTC 2021 

The branch main has been updated by leres:

URL: https://cgit.FreeBSD.org/ports/commit/?id=274b20e4c81e57d232a19ad490684374227862c7

commit 274b20e4c81e57d232a19ad490684374227862c7
Author:     Craig Leres <leres at FreeBSD.org>
AuthorDate: 2021-04-21 21:11:05 +0000
Commit:     Craig Leres <leres at FreeBSD.org>
CommitDate: 2021-04-21 21:11:05 +0000

    security/zeek: Update to 4.0.1 to fix null-pointer dereference and potential DOS
    
        https://github.com/zeek/zeek/releases/tag/v4.0.1
    
    This release fixes the following vulnerability:
    
     - Fix null-pointer dereference when encountering an invalid enum
       name in a config/input file that tries to read it into a set[enum].
       For those that have such an input feed whose contents may come
       from external/remote sources, this is a potential DoS vulnerability.
    
    Other fixes:
    
     - Fix mime type detection bug in IRC/FTP file_transferred event
       for file data containing null-bytes
    
     - Fix potential for missing timestamps in SMB logs
    
     - Remove use of LeakSanitizer API on FreeBSD where it's unsupported
    
     - Fix incorrect parsing of ERSPAN Type I
    
     - Fix incorrect/overflowed n value for SSL_Heartbeat_Many_Requests
       notices where number of server heartbeats is greater than number
       of client heartbeats.
    
     - Fix missing user_agent existence check in smtp/software.zeek
       (causes reporter.log error noise, but no functional difference)
    
     - Fix include order of bundled headers to avoid conflicts with
       pre-existing/system-wide installs
    
     - Fix musl build (e.g. Void, Alpine, etc.)
    
     - Fix build with -DENABLE_MOBILE_IPV6 / ./configure --enable-mobile-ipv6
    
     - Add check for null packet data in pcap IOSource, which is an
       observed state in Myricom libpcap that crashes Zeek via null-pointer
       dereference
    
     - Allow CRLF line-endings in Zeek scripts and signature files
    
     - Fix armv7 build
    
     - Fix unserialization of set[function], generally now used by
       connection record removal hooks, and specifically breaking
       intel.log of Zeek clusters
    
     - Fix indexing of set/table types with a vector
    
     - Fix precision loss in ASCII logging/printing of large double,
       time, or interval values
    
     - Improve handling of invalid SIP data before requests
    
     - Fix copy()/cloning vectors that have holes (indices w/ null
       values)
    
    Reported by:    Jon Siwek
---
 security/zeek/Makefile                                        |  2 +-
 security/zeek/distinfo                                        |  6 +++---
 .../patch-auxil_highwayhash_highwayhash_arch__specific.cc     | 11 -----------
 security/zeek/files/patch-src_CMakeLists.txt                  | 10 ----------
 4 files changed, 4 insertions(+), 25 deletions(-)

diff --git a/security/zeek/Makefile b/security/zeek/Makefile
index 53c8a38718c8..a77ecf53c0b5 100644
--- a/security/zeek/Makefile
+++ b/security/zeek/Makefile
@@ -1,7 +1,7 @@
 # Created by: David O'Brien <obrien at FreeBSD.org>
 
 PORTNAME=	zeek
-PORTVERSION=	4.0.0
+PORTVERSION=	4.0.1
 CATEGORIES=	security
 MASTER_SITES=	https://old.zeek.org/downloads/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
diff --git a/security/zeek/distinfo b/security/zeek/distinfo
index fca030af5023..791c7d2127f7 100644
--- a/security/zeek/distinfo
+++ b/security/zeek/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1615852305
-SHA256 (zeek-4.0.0.tar.gz) = f2eedab3262eaa3f58a83442b1f38bad35ed72399564917b71bba42266f1ff54
-SIZE (zeek-4.0.0.tar.gz) = 29441929
+TIMESTAMP = 1619038578
+SHA256 (zeek-4.0.1.tar.gz) = 659a890f433cb730519966bdc41f1a03fb67e27e94b5d52ad9ee890022a12c3a
+SIZE (zeek-4.0.1.tar.gz) = 29450307
 SHA256 (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = d37a69babfbb62a51a2413d6b83ae792ce1e7f1ccb1d51bd6b209a10fe5c4d75
 SIZE (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = 9100
diff --git a/security/zeek/files/patch-auxil_highwayhash_highwayhash_arch__specific.cc b/security/zeek/files/patch-auxil_highwayhash_highwayhash_arch__specific.cc
deleted file mode 100644
index eda7565aad24..000000000000
--- a/security/zeek/files/patch-auxil_highwayhash_highwayhash_arch__specific.cc
+++ /dev/null
@@ -1,11 +0,0 @@
---- auxil/highwayhash/highwayhash/arch_specific.cc.orig	2021-03-23 17:45:40 UTC
-+++ auxil/highwayhash/highwayhash/arch_specific.cc
-@@ -150,7 +150,7 @@ double DetectNominalClockRate() {
-   }
-  #elif __FreeBSD__
-   size_t length = sizeof(freq);
--  sysctlbyname("dev.cpu.0.freq"), &freq, &length, NULL, 0);
-+  sysctlbyname("dev.cpu.0.freq", &freq, &length, NULL, 0);
-   freq *= 1E6;
-   return freq;
- #endif
diff --git a/security/zeek/files/patch-src_CMakeLists.txt b/security/zeek/files/patch-src_CMakeLists.txt
deleted file mode 100644
index de12b5954a97..000000000000
--- a/security/zeek/files/patch-src_CMakeLists.txt
+++ /dev/null
@@ -1,10 +0,0 @@
---- src/CMakeLists.txt.orig	2021-04-09 11:46:37 UTC
-+++ src/CMakeLists.txt
-@@ -344,6 +344,7 @@ set(HH_SRCS
- )
- 
- if (${COMPILER_ARCHITECTURE} STREQUAL "arm")
-+  list(APPEND HH_SRCS ../auxil/highwayhash/highwayhash/hh_neon.cc)
-   set_source_files_properties(${HH_SRCS} PROPERTIES COMPILE_FLAGS
-                               -mfloat-abi=hard -march=armv7-a -mfpu=neon)
- elseif (${COMPILER_ARCHITECTURE} STREQUAL "aarch64")

More information about the dev-commits-ports-all mailing list