git: b9d6624c2bf0 - main - security/zeek: Update to 4.0.2

Craig Leres leres at FreeBSD.org
Thu Jun 3 00:15:56 UTC 2021 

The branch main has been updated by leres:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b9d6624c2bf0584095d15260716597c9e31e37a4

commit b9d6624c2bf0584095d15260716597c9e31e37a4
Author:     Craig Leres <leres at FreeBSD.org>
AuthorDate: 2021-06-03 00:14:47 +0000
Commit:     Craig Leres <leres at FreeBSD.org>
CommitDate: 2021-06-03 00:14:47 +0000

    security/zeek: Update to 4.0.2
    
        https://github.com/zeek/zeek/releases/tag/v4.0.2
    
    This release fixes several potential DoS vulnerabilities:
    
     - Fix potential Undefined Behavior in decode_netbios_name() and
       decode_netbios_name_type() BIFs. The latter has a possibility
       of a remote heap-buffer-overread, making this a potential DoS
       vulnerability.
    
     - Add some extra length checking when parsing mobile ipv6 packets.
       Due to the possibility of reading invalid headers from remote
       sources, this is a potential DoS vulnerability.
    
    Other fixes:
    
     - Fix heap-use-after-free after clear_table() on a table that uses
       expiration attributes.
    
     - Add fatal error for if table/Dictionary state ever becomes invalid
       since the behavior becomes unexpected/unclear at that point (e.g.
       when table bucket positions become large enough to overflow their
       16-bit storage due to aggressive expiration-check settings
       preventing the re-positioning items)
    
     - Add missing "zeek/" to header includes, which can prevent external
       plugins from compiling against Zeek source-tree (e.g. via
       ./configure --zeek-dist=)
    
     - Fix reading empty set[enum] values and any vector of enum values
       from config files
    
     - Fix type-checks related to list-type equality
    
    Reported by:    Tim Wojtulewicz
    MFH:            2021Q2
    Security:       a550d62c-f78d-4407-97d9-93876b6741b9
---
 security/zeek/Makefile | 4 ++--
 security/zeek/distinfo | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/security/zeek/Makefile b/security/zeek/Makefile
index 1d52451ba418..428551c714ce 100644
--- a/security/zeek/Makefile
+++ b/security/zeek/Makefile
@@ -1,9 +1,9 @@
 # Created by: David O'Brien <obrien at FreeBSD.org>
 
 PORTNAME=	zeek
-PORTVERSION=	4.0.1
+PORTVERSION=	4.0.2
 CATEGORIES=	security
-MASTER_SITES=	https://old.zeek.org/downloads/
+MASTER_SITES=	https://download.zeek.org/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER=	leres at FreeBSD.org
diff --git a/security/zeek/distinfo b/security/zeek/distinfo
index 791c7d2127f7..b9a6ff91c026 100644
--- a/security/zeek/distinfo
+++ b/security/zeek/distinfo
@@ -1,5 +1,5 @@
-TIMESTAMP = 1619038578
-SHA256 (zeek-4.0.1.tar.gz) = 659a890f433cb730519966bdc41f1a03fb67e27e94b5d52ad9ee890022a12c3a
-SIZE (zeek-4.0.1.tar.gz) = 29450307
+TIMESTAMP = 1622678290
+SHA256 (zeek-4.0.2.tar.gz) = 550713a9d3fd348783f39c959af7e569164c95b96cc3be28d7d5557bdeebfd95
+SIZE (zeek-4.0.2.tar.gz) = 29428156
 SHA256 (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = d37a69babfbb62a51a2413d6b83ae792ce1e7f1ccb1d51bd6b209a10fe5c4d75
 SIZE (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = 9100

More information about the dev-commits-ports-all mailing list