svn commit: r531729 - head/security/zeek

Craig Leres leres at FreeBSD.org
Tue Apr 14 20:55:16 UTC 2020 

Author: leres
Date: Tue Apr 14 20:55:15 2020
New Revision: 531729
URL: https://svnweb.freebsd.org/changeset/ports/531729

Log:
  security/zeek: Update to 3.0.4 and address a remote crash vulnerability:
  
     https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS
  
   - Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
     remotely via crafted packet sequence.
  
  Other fixes:
  
   - Fix use-after-free in Zeek lambda functions with uninitialized
     locals
  
   - Fix buffer overflow due to tables/records created at parse-time
     not rebuilt on record redef
  
   - Fix SMB NegotiateContextList parsing
  
   - Fix binpac flowbuffer frame length parsing doing too much bounds
     checking
  
   - Fix parsing ERSPAN III optional sub-header
  
   - Fix bug in intel indicator normalization
  
   - Fix connection duration thresholding
  
   - Fix X509Common.h header include for external plugins
  
   - Fix incorrect targeting of node-specific Broker/Cluster messages
  
  MFH:		2020Q2

Modified:
  head/security/zeek/Makefile
  head/security/zeek/distinfo

Modified: head/security/zeek/Makefile
==============================================================================
--- head/security/zeek/Makefile	Tue Apr 14 20:53:37 2020	(r531728)
+++ head/security/zeek/Makefile	Tue Apr 14 20:55:15 2020	(r531729)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	zeek
-PORTVERSION=	3.0.3
-PORTREVISION=	1
+PORTVERSION=	3.0.4
 CATEGORIES=	security
 MASTER_SITES=	https://old.zeek.org/downloads/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}

Modified: head/security/zeek/distinfo
==============================================================================
--- head/security/zeek/distinfo	Tue Apr 14 20:53:37 2020	(r531728)
+++ head/security/zeek/distinfo	Tue Apr 14 20:55:15 2020	(r531729)
@@ -1,5 +1,5 @@
-TIMESTAMP = 1584248063
-SHA256 (zeek-3.0.3.tar.gz) = 42a178cc9d28e4f20373e415727845a2c52bacdab535d6f810fe2d3cd02e9c76
-SIZE (zeek-3.0.3.tar.gz) = 29270043
+TIMESTAMP = 1586896367
+SHA256 (zeek-3.0.4.tar.gz) = 73d609dde02936a8711f0bdede7e1143ad27693253a2ee0ca3d18560ca752207
+SIZE (zeek-3.0.4.tar.gz) = 29329199
 SHA256 (bro-bro-netmap-f3620df_GH0.tar.gz) = e51f420781c9a01b0494f93d82f94a1b045725c1cff406c33887974a9940c655
 SIZE (bro-bro-netmap-f3620df_GH0.tar.gz) = 24661

More information about the svn-ports-head mailing list