From owner-svn-ports-head@freebsd.org  Fri Aug  9 16:59:53 2019
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C35E9CD1B0;
 Fri,  9 Aug 2019 16:59:53 +0000 (UTC)
 (envelope-from leres@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 464s154q9Sz3Ht4;
 Fri,  9 Aug 2019 16:59:53 +0000 (UTC)
 (envelope-from leres@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 81E0A18B46;
 Fri,  9 Aug 2019 16:59:53 +0000 (UTC)
 (envelope-from leres@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x79GxrLm014292;
 Fri, 9 Aug 2019 16:59:53 GMT (envelope-from leres@FreeBSD.org)
Received: (from leres@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x79GxrrV014291;
 Fri, 9 Aug 2019 16:59:53 GMT (envelope-from leres@FreeBSD.org)
Message-Id: <201908091659.x79GxrrV014291@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: leres set sender to
 leres@FreeBSD.org using -f
From: Craig Leres <leres@FreeBSD.org>
Date: Fri, 9 Aug 2019 16:59:53 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r508458 - head/security/bro
X-SVN-Group: ports-head
X-SVN-Commit-Author: leres
X-SVN-Commit-Paths: head/security/bro
X-SVN-Commit-Revision: 508458
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Aug 2019 16:59:53 -0000

Author: leres
Date: Fri Aug  9 16:59:52 2019
New Revision: 508458
URL: https://svnweb.freebsd.org/changeset/ports/508458

Log:
  security/bro: Update to 2.6.3 and address potential denial of service
  vulnerabilities:
  
      https://raw.githubusercontent.com/zeek/zeek/1d874e5548a58b3b8fd2a342fe4aa0944e779809/NEWS
  
   - Null pointer dereference in the RPC analysis code. RPC analyzers
     (e.g. MOUNT or NFS) are not enabled in the default configuration.
  
   - Signed integer overflow in BinPAC-generated parser code.  The
     result of this is Undefined Behavior with respect to the array
     bounds checking conditions that BinPAC generates, so it's
     unpredictable what an optimizing compiler may actually do under
     the assumption that signed integer overlows should never happen.
     The specific symptom which lead to finding this issue was with
     the PE analyzer causing out-of-memory crashes due to large
     allocations that were otherwise prevented when the array bounds
     checking logic was changed to prevent any possible signed integer
     overlow.
  
  Approved by:	matthew (mentor, implicit)
  MFH:		2019Q3
  Security:	f56669f5-d799-4ff5-9174-64a6d571c451

Modified:
  head/security/bro/Makefile
  head/security/bro/distinfo

Modified: head/security/bro/Makefile
==============================================================================
--- head/security/bro/Makefile	Fri Aug  9 16:47:32 2019	(r508457)
+++ head/security/bro/Makefile	Fri Aug  9 16:59:52 2019	(r508458)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	bro
-PORTVERSION=	2.6.2
-PORTREVISION=	1
+PORTVERSION=	2.6.3
 CATEGORIES=	security
 MASTER_SITES=	https://www.zeek.org/downloads/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}

Modified: head/security/bro/distinfo
==============================================================================
--- head/security/bro/distinfo	Fri Aug  9 16:47:32 2019	(r508457)
+++ head/security/bro/distinfo	Fri Aug  9 16:59:52 2019	(r508458)
@@ -1,5 +1,5 @@
-TIMESTAMP = 1559318790
-SHA256 (bro-2.6.2.tar.gz) = 6df6876f3f7b1dd8afeb3d5f88bfb9269f52d5d796258c4414bdd91aa2eac0a6
-SIZE (bro-2.6.2.tar.gz) = 28477996
+TIMESTAMP = 1565320389
+SHA256 (bro-2.6.3.tar.gz) = 469dd7456af388ba65d8722fbfdd5b9182f14def16149aa5ebceb1cfd881697f
+SIZE (bro-2.6.3.tar.gz) = 28480249
 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b
 SIZE (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 24630