Date: Thu, 30 Aug 2018 00:13:32 +0000 (UTC) From: Craig Leres <leres@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r478427 - head/security/bro Message-ID: <201808300013.w7U0DWx6029677@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: leres Date: Thu Aug 30 00:13:32 2018 New Revision: 478427 URL: https://svnweb.freebsd.org/changeset/ports/478427 Log: Update to 2.5.5 which addresses security issues: - Fix array bounds checking in BinPAC: for arrays that are fields within a record, the bounds check was based on a pointer to the start of the record rather than the start of the array field, potentially resulting in a buffer over-read. - Fix SMTP command string comparisons: the number of bytes compared was based on the user-supplied string length and can lead to incorrect matches. e.g. giving a command of "X" incorrectly matched "X-ANONYMOUSTLS" (and an empty commands match anything). - Weird" events are now generally suppressed/sampled by default according to some tunable parameters. - Improved handling of empty lines in several text protocol analyzers that can cause performance issues when seen in long sequences. - Add `smtp_excessive_pending_cmds' weird which serves as a notification for when the "pending command" queue has reached an upper limit and been cleared to prevent one from attempting to slowly exhaust memory. Approved by: ler (mentor, implicit) MFH: 2018Q3 Security: d0be41fe-2a20-4633-b057-4e8b25c41780 Modified: head/security/bro/Makefile head/security/bro/distinfo head/security/bro/pkg-plist Modified: head/security/bro/Makefile ============================================================================== --- head/security/bro/Makefile Thu Aug 30 00:09:58 2018 (r478426) +++ head/security/bro/Makefile Thu Aug 30 00:13:32 2018 (r478427) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= bro -PORTVERSION= 2.5.4 -PORTREVISION= 1 +PORTVERSION= 2.5.5 CATEGORIES= security MASTER_SITES= https://www.bro.org/downloads/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} Modified: head/security/bro/distinfo ============================================================================== --- head/security/bro/distinfo Thu Aug 30 00:09:58 2018 (r478426) +++ head/security/bro/distinfo Thu Aug 30 00:13:32 2018 (r478427) @@ -1,6 +1,6 @@ -TIMESTAMP = 1528300945 -SHA256 (bro-2.5.4.tar.gz) = 80daea433fa654f2602cf67b19b9121ff6ad57761bad73cc29020c4f490c5f1f -SIZE (bro-2.5.4.tar.gz) = 18520847 +TIMESTAMP = 1535578356 +SHA256 (bro-2.5.5.tar.gz) = 18f2aeb10b4d935d85c115a1e4a93464b9750be19b34997cf6196b29118e73cf +SIZE (bro-2.5.5.tar.gz) = 18525979 SHA256 (actor-framework-actor-framework-0.14.6_GH0.tar.gz) = cbc2033896fe41e42604de2f74673971718a40684996650157484485755f7720 SIZE (actor-framework-actor-framework-0.14.6_GH0.tar.gz) = 1239451 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b Modified: head/security/bro/pkg-plist ============================================================================== --- head/security/bro/pkg-plist Thu Aug 30 00:09:58 2018 (r478426) +++ head/security/bro/pkg-plist Thu Aug 30 00:13:32 2018 (r478427) @@ -574,6 +574,7 @@ man/man8/bro.8.gz %%DATADIR%%/policy/misc/scan.bro %%DATADIR%%/policy/misc/stats.bro %%DATADIR%%/policy/misc/trim-trace-file.bro +%%DATADIR%%/policy/misc/weird-stats.bro %%DATADIR%%/policy/protocols/conn/known-hosts.bro %%DATADIR%%/policy/protocols/conn/known-services.bro %%DATADIR%%/policy/protocols/conn/mac-logging.bro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808300013.w7U0DWx6029677>