svn commit: r508458 - head/security/bro

Craig Leres leres at FreeBSD.org
Fri Aug 9 16:59:53 UTC 2019 

Author: leres
Date: Fri Aug  9 16:59:52 2019
New Revision: 508458
URL: https://svnweb.freebsd.org/changeset/ports/508458

Log:
  security/bro: Update to 2.6.3 and address potential denial of service
  vulnerabilities:
  
      https://raw.githubusercontent.com/zeek/zeek/1d874e5548a58b3b8fd2a342fe4aa0944e779809/NEWS
  
   - Null pointer dereference in the RPC analysis code. RPC analyzers
     (e.g. MOUNT or NFS) are not enabled in the default configuration.
  
   - Signed integer overflow in BinPAC-generated parser code.  The
     result of this is Undefined Behavior with respect to the array
     bounds checking conditions that BinPAC generates, so it's
     unpredictable what an optimizing compiler may actually do under
     the assumption that signed integer overlows should never happen.
     The specific symptom which lead to finding this issue was with
     the PE analyzer causing out-of-memory crashes due to large
     allocations that were otherwise prevented when the array bounds
     checking logic was changed to prevent any possible signed integer
     overlow.
  
  Approved by:	matthew (mentor, implicit)
  MFH:		2019Q3
  Security:	f56669f5-d799-4ff5-9174-64a6d571c451

Modified:
  head/security/bro/Makefile
  head/security/bro/distinfo

Modified: head/security/bro/Makefile
==============================================================================
--- head/security/bro/Makefile	Fri Aug  9 16:47:32 2019	(r508457)
+++ head/security/bro/Makefile	Fri Aug  9 16:59:52 2019	(r508458)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	bro
-PORTVERSION=	2.6.2
-PORTREVISION=	1
+PORTVERSION=	2.6.3
 CATEGORIES=	security
 MASTER_SITES=	https://www.zeek.org/downloads/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}

Modified: head/security/bro/distinfo
==============================================================================
--- head/security/bro/distinfo	Fri Aug  9 16:47:32 2019	(r508457)
+++ head/security/bro/distinfo	Fri Aug  9 16:59:52 2019	(r508458)
@@ -1,5 +1,5 @@
-TIMESTAMP = 1559318790
-SHA256 (bro-2.6.2.tar.gz) = 6df6876f3f7b1dd8afeb3d5f88bfb9269f52d5d796258c4414bdd91aa2eac0a6
-SIZE (bro-2.6.2.tar.gz) = 28477996
+TIMESTAMP = 1565320389
+SHA256 (bro-2.6.3.tar.gz) = 469dd7456af388ba65d8722fbfdd5b9182f14def16149aa5ebceb1cfd881697f
+SIZE (bro-2.6.3.tar.gz) = 28480249
 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b
 SIZE (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 24630

More information about the svn-ports-all mailing list