From owner-svn-ports-branches@freebsd.org Sun Jun 2 15:41:15 2019 Return-Path: Delivered-To: svn-ports-branches@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 39C9A15B88FA; Sun, 2 Jun 2019 15:41:15 +0000 (UTC) (envelope-from leres@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CA8FD6D30B; Sun, 2 Jun 2019 15:41:14 +0000 (UTC) (envelope-from leres@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 9967A28E8A; Sun, 2 Jun 2019 15:41:14 +0000 (UTC) (envelope-from leres@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x52FfEvQ015394; Sun, 2 Jun 2019 15:41:14 GMT (envelope-from leres@FreeBSD.org) Received: (from leres@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x52FfELG015392; Sun, 2 Jun 2019 15:41:14 GMT (envelope-from leres@FreeBSD.org) Message-Id: <201906021541.x52FfELG015392@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: leres set sender to leres@FreeBSD.org using -f From: Craig Leres Date: Sun, 2 Jun 2019 15:41:14 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r503318 - branches/2019Q2/security/bro X-SVN-Group: ports-branches X-SVN-Commit-Author: leres X-SVN-Commit-Paths: branches/2019Q2/security/bro X-SVN-Commit-Revision: 503318 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: CA8FD6D30B X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.94 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.94)[-0.944,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 02 Jun 2019 15:41:15 -0000 Author: leres Date: Sun Jun 2 15:41:13 2019 New Revision: 503318 URL: https://svnweb.freebsd.org/changeset/ports/503318 Log: MFH: r503191 security/bro: Update to 2.6.2 and address several denial of service vulnerabilities: https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS - Integer type mismatches in BinPAC-generated parser code and Bro analyzer code may allow for crafted packet data to cause unintentional code paths in the analysis logic to be taken due to unsafe integer conversions causing the parser and analysis logic to each expect different fields to have been parsed. One such example, reported by Maksim Shudrak, causes the Kerberos analyzer to dereference a null pointer. CVE-2019-12175 was assigned for this issue. - The Kerberos parser allows for several fields to be left uninitialized, but they were not marked with an &optional attribute and several usages lacked existence checks. Crafted packet data could potentially cause an attempt to access such uninitialized fields, generate a runtime error/exception, and leak memory. Existence checks and &optional attributes have been added to the relevent Kerberos fields. - BinPAC-generated protocol parsers commonly contain fields whose length is derived from other packet input, and for those that allow for incremental parsing, BinPAC did not impose a limit on how large such a field could grow, allowing for remotely-controlled packet data to cause growth of BinPAC's flowbuffer bounded only by the numeric limit of an unsigned 64-bit integer, leading to memory exhaustion. There is now a generalized limit for how large flowbuffers are allowed to grow, tunable by setting "BinPAC::flowbuffer_capacity_max". Approved by: ler (mentor, implicit) Security: 177fa455-48fc-4ded-ba1b-9975caa7f62a Approved by: ports-secteam (miwi) Modified: branches/2019Q2/security/bro/Makefile branches/2019Q2/security/bro/distinfo Directory Properties: branches/2019Q2/ (props changed) Modified: branches/2019Q2/security/bro/Makefile ============================================================================== --- branches/2019Q2/security/bro/Makefile Sun Jun 2 15:30:33 2019 (r503317) +++ branches/2019Q2/security/bro/Makefile Sun Jun 2 15:41:13 2019 (r503318) @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= bro -PORTVERSION= 2.6.1 -PORTREVISION= 2 +PORTVERSION= 2.6.2 CATEGORIES= security MASTER_SITES= https://www.zeek.org/downloads/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} Modified: branches/2019Q2/security/bro/distinfo ============================================================================== --- branches/2019Q2/security/bro/distinfo Sun Jun 2 15:30:33 2019 (r503317) +++ branches/2019Q2/security/bro/distinfo Sun Jun 2 15:41:13 2019 (r503318) @@ -1,5 +1,5 @@ -TIMESTAMP = 1545247794 -SHA256 (bro-2.6.1.tar.gz) = d9718b83fdae0c76eea5254a4b9470304c4d1d3778687de9a4fe0b5dffea521b -SIZE (bro-2.6.1.tar.gz) = 28432762 +TIMESTAMP = 1559318790 +SHA256 (bro-2.6.2.tar.gz) = 6df6876f3f7b1dd8afeb3d5f88bfb9269f52d5d796258c4414bdd91aa2eac0a6 +SIZE (bro-2.6.2.tar.gz) = 28477996 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b SIZE (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 24630