From owner-dev-commits-ports-all@freebsd.org Wed Apr 21 21:18:47 2021 Return-Path: Delivered-To: dev-commits-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 63E405F2042; Wed, 21 Apr 2021 21:18:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FQYMC2LvVz4VZc; Wed, 21 Apr 2021 21:18:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4394C54AF; Wed, 21 Apr 2021 21:18:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 13LLIlBt082760; Wed, 21 Apr 2021 21:18:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 13LLIlRe082759; Wed, 21 Apr 2021 21:18:47 GMT (envelope-from git) Date: Wed, 21 Apr 2021 21:18:47 GMT Message-Id: <202104212118.13LLIlRe082759@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Craig Leres Subject: git: 274b20e4c81e - main - security/zeek: Update to 4.0.1 to fix null-pointer dereference and potential DOS MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: leres X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 274b20e4c81e57d232a19ad490684374227862c7 Auto-Submitted: auto-generated X-BeenThere: dev-commits-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for all branches of the ports repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Apr 2021 21:18:47 -0000 The branch main has been updated by leres: URL: https://cgit.FreeBSD.org/ports/commit/?id=274b20e4c81e57d232a19ad490684374227862c7 commit 274b20e4c81e57d232a19ad490684374227862c7 Author: Craig Leres AuthorDate: 2021-04-21 21:11:05 +0000 Commit: Craig Leres CommitDate: 2021-04-21 21:11:05 +0000 security/zeek: Update to 4.0.1 to fix null-pointer dereference and potential DOS https://github.com/zeek/zeek/releases/tag/v4.0.1 This release fixes the following vulnerability: - Fix null-pointer dereference when encountering an invalid enum name in a config/input file that tries to read it into a set[enum]. For those that have such an input feed whose contents may come from external/remote sources, this is a potential DoS vulnerability. Other fixes: - Fix mime type detection bug in IRC/FTP file_transferred event for file data containing null-bytes - Fix potential for missing timestamps in SMB logs - Remove use of LeakSanitizer API on FreeBSD where it's unsupported - Fix incorrect parsing of ERSPAN Type I - Fix incorrect/overflowed n value for SSL_Heartbeat_Many_Requests notices where number of server heartbeats is greater than number of client heartbeats. - Fix missing user_agent existence check in smtp/software.zeek (causes reporter.log error noise, but no functional difference) - Fix include order of bundled headers to avoid conflicts with pre-existing/system-wide installs - Fix musl build (e.g. Void, Alpine, etc.) - Fix build with -DENABLE_MOBILE_IPV6 / ./configure --enable-mobile-ipv6 - Add check for null packet data in pcap IOSource, which is an observed state in Myricom libpcap that crashes Zeek via null-pointer dereference - Allow CRLF line-endings in Zeek scripts and signature files - Fix armv7 build - Fix unserialization of set[function], generally now used by connection record removal hooks, and specifically breaking intel.log of Zeek clusters - Fix indexing of set/table types with a vector - Fix precision loss in ASCII logging/printing of large double, time, or interval values - Improve handling of invalid SIP data before requests - Fix copy()/cloning vectors that have holes (indices w/ null values) Reported by: Jon Siwek --- security/zeek/Makefile | 2 +- security/zeek/distinfo | 6 +++--- .../patch-auxil_highwayhash_highwayhash_arch__specific.cc | 11 ----------- security/zeek/files/patch-src_CMakeLists.txt | 10 ---------- 4 files changed, 4 insertions(+), 25 deletions(-) diff --git a/security/zeek/Makefile b/security/zeek/Makefile index 53c8a38718c8..a77ecf53c0b5 100644 --- a/security/zeek/Makefile +++ b/security/zeek/Makefile @@ -1,7 +1,7 @@ # Created by: David O'Brien PORTNAME= zeek -PORTVERSION= 4.0.0 +PORTVERSION= 4.0.1 CATEGORIES= security MASTER_SITES= https://old.zeek.org/downloads/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} diff --git a/security/zeek/distinfo b/security/zeek/distinfo index fca030af5023..791c7d2127f7 100644 --- a/security/zeek/distinfo +++ b/security/zeek/distinfo @@ -1,5 +1,5 @@ -TIMESTAMP = 1615852305 -SHA256 (zeek-4.0.0.tar.gz) = f2eedab3262eaa3f58a83442b1f38bad35ed72399564917b71bba42266f1ff54 -SIZE (zeek-4.0.0.tar.gz) = 29441929 +TIMESTAMP = 1619038578 +SHA256 (zeek-4.0.1.tar.gz) = 659a890f433cb730519966bdc41f1a03fb67e27e94b5d52ad9ee890022a12c3a +SIZE (zeek-4.0.1.tar.gz) = 29450307 SHA256 (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = d37a69babfbb62a51a2413d6b83ae792ce1e7f1ccb1d51bd6b209a10fe5c4d75 SIZE (zeek-zeek-netmap-v2.0.0_GH0.tar.gz) = 9100 diff --git a/security/zeek/files/patch-auxil_highwayhash_highwayhash_arch__specific.cc b/security/zeek/files/patch-auxil_highwayhash_highwayhash_arch__specific.cc deleted file mode 100644 index eda7565aad24..000000000000 --- a/security/zeek/files/patch-auxil_highwayhash_highwayhash_arch__specific.cc +++ /dev/null @@ -1,11 +0,0 @@ ---- auxil/highwayhash/highwayhash/arch_specific.cc.orig 2021-03-23 17:45:40 UTC -+++ auxil/highwayhash/highwayhash/arch_specific.cc -@@ -150,7 +150,7 @@ double DetectNominalClockRate() { - } - #elif __FreeBSD__ - size_t length = sizeof(freq); -- sysctlbyname("dev.cpu.0.freq"), &freq, &length, NULL, 0); -+ sysctlbyname("dev.cpu.0.freq", &freq, &length, NULL, 0); - freq *= 1E6; - return freq; - #endif diff --git a/security/zeek/files/patch-src_CMakeLists.txt b/security/zeek/files/patch-src_CMakeLists.txt deleted file mode 100644 index de12b5954a97..000000000000 --- a/security/zeek/files/patch-src_CMakeLists.txt +++ /dev/null @@ -1,10 +0,0 @@ ---- src/CMakeLists.txt.orig 2021-04-09 11:46:37 UTC -+++ src/CMakeLists.txt -@@ -344,6 +344,7 @@ set(HH_SRCS - ) - - if (${COMPILER_ARCHITECTURE} STREQUAL "arm") -+ list(APPEND HH_SRCS ../auxil/highwayhash/highwayhash/hh_neon.cc) - set_source_files_properties(${HH_SRCS} PROPERTIES COMPILE_FLAGS - -mfloat-abi=hard -march=armv7-a -mfpu=neon) - elseif (${COMPILER_ARCHITECTURE} STREQUAL "aarch64")