non port: security/zeek/Makefile |
Number of commits found: 71 |
Monday, 22 Jan 2024
|
17:53 Craig Leres (leres)
security/zeek: Update to 6.0.3
https://github.com/zeek/zeek/releases/tag/v6.0.3
This release fixes the following potential DoS vulnerability:
- A specially-crafted series of packets containing nested MIME
entities can cause Zeek to spend large amounts of time parsing
the entities.
This release fixes the following bugs:
- CMake correctly passes along third-party package information
when building plugins.
- Fix a problem with the HTTP analyzer where a signature regex
ending in '$' used to match against 'http-request-body' or
'http-reply-bdoy' will never succeed.
- The DNS analyzer now understands the Ed25519 and Ed448 signature
algorithms.
- The SMB::State$recent_files field was not correctly expiring
entries, leading to unbounded state growth.
- The &create_expire attribute is now kept valid after clearing a
table.
Reported by: Tim Wojtulewicz
Security: fedf7e71-61bd-49ec-aaf0-6da14bdbb319
e81dfaa |
Sunday, 21 Jan 2024
|
23:43 Craig Leres (leres)
security/zeek: Remove reference to MANPREFIX
Remove ZEEK_MAN_INSTALL_PATH and let cmake default to share/man.
Reported by: bofh
8ba791d |
23:16 Craig Leres (leres)
security/zeek: Install man pages in share/man
59df11e |
Sunday, 31 Dec 2023
|
00:37 Muhammad Moinur Rahman (bofh)
*/*: Sunset 12.4-RELEASE/12-STABLE from ports tree
- Remove all references to defunct ARCH arm
- Remove all references to defunct ARCH sparc64
- Remove x11-drivers/xf86-video-sunffb which requires defunct sparc64
ARCH
- Remove sysutils/afbinit requires defunct sparc64 ARCH
- Remove all references to bktr driver
- Remove all references to defunct FreeBSD_12
- Remove all references to OSVERSION/OSREL corresponding to 12
- Remove conditionals in Mk/Uses/cabal.mk
- Remove sparc reference from Mk/Uses/qt-dist.mk
- Remove BROKEN_sparc64/NOT_FOR_ARCH=sparc64
- Remove BROKEN_FreeBSD_12* from:
- Remove OpenSSL patches from:
- Remove conditional flags for OSVERSION >= 1300000 to fixed flags.
Also move conditional flags for non sparc64/arm ARCH to fixed flags.
Reviewed by: brooks, jbeich, rene, salvadore
Differential Revision: https://reviews.freebsd.org/D42068
bbab7f5 |
Friday, 27 Oct 2023
|
22:46 Craig Leres (leres)
security/zeek: Update to 6.0.2
https://github.com/zeek/zeek/releases/tag/v6.0.2
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted SSL packet could cause Zeek to leak memory
and potentially crash.
- A specially-crafted series of FTP packets could cause Zeek to
log entries for requests that have already been completed, using
resources unnecessarily and potentially causing Zeek to lose
other traffic.
- A specially-crafted series of SSL packets could cause Zeek to
output a very large number of unnecessary alerts for the same
record.
- A specially-crafted series of SSL packets could cause Zeek to
generate very long ssl_history fields in the ssl.log, potentially
using a large amount of memory due to unbounded state growth
- A specially-crafted IEEE802.11 packet could cause Zeek to overflow
memory and potentially crash
This release fixes the following bugs:
- Fixed Spicy type names from causing collisions with existing
Zeek types.
- On some systems with low values for the maximum number of file
descriptors, it was possible to run into crashes when doing DNS
lookups if all of the file descriptors were used.
- Tables backed by a Broker backend now correctly support deletion
if they have complex index types.
- A significant performance issue with Zeek's supervisor code was
fixed, revolving around the re-initialization of the Event Manager
object used to track events.
- The MaxMind DB code now cleans up after itself, resolving a
memory leak with the loaded database files.
- The ZeekJS submodule was updated to version 0.9.6, bringing fixes
for zeek.invoke and zeek.event crashes, garbage collection, and
an issue where Zeek may stop executing events from ZeekJS.
Reported by: Tim Wojtulewicz
Security: 386a14bb-1a21-41c6-a2cf-08d79213379b
5f0ef24 |
22:43 Craig Leres (leres)
security/zeek: revert f85e384: inadvertent update
I accidently commited changes to security/vuxml and security/zeek.
7758ba1 |
22:25 Craig Leres (leres)
security/vuxml: Mark zeek < 6.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v6.0.2
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted SSL packet could cause Zeek to leak memory
and potentially crash.
- A specially-crafted series of FTP packets could cause Zeek to
log entries for requests that have already been completed, using
resources unnecessarily and potentially causing Zeek to lose
other traffic.
- A specially-crafted series of SSL packets could cause Zeek to
output a very large number of unnecessary alerts for the same
record.
- A specially-crafted series of SSL packets could cause Zeek to
generate very long ssl_history fields in the ssl.log, potentially
using a large amount of memory due to unbounded state growth
- A specially-crafted IEEE802.11 packet could cause Zeek to overflow
memory and potentially crash
Reported by: Tim Wojtulewicz
f85e384 |
Sunday, 15 Oct 2023
|
13:48 Daniel Engberg (diizzy)
security/zeek: Remove duplicated and incorrect build dependency of CMake
CMake binary is provided by devel/cmake-core not devel/cmake which
is a metaport and we don't need to safeguard for a version that's
over 3 years old
Approved by: portmgr (blanket)
4f7637c |
Tuesday, 12 Sep 2023
|
21:27 Craig Leres (leres)
security/zeek: Update to 6.0.0
https://github.com/zeek/zeek/releases/tag/v6.0.1
This release fixes the following potential DoS vulnerabilities:
- File extraction limits were not correctly enforced for files
containing large amounts of missing bytes.
- Sessions are sometimes not cleaned up completely within Zeek
during shutdown,
potentially causing a crash when using the -B dpd flag for debug logging.
- A specially-crafted HTTP packet can cause Zeek's filename
extraction code to take a long time to process the data.
- A specially-crafted series of FTP packets made up of a CWD request
followed by a large amount of ERPT requests may cause Zeek to
spend a long time logging the commands.
- A specially-crafted VLAN packet can cause Zeek to overflow memory
and potentially crash.
This release fixes the following bugs:
- Fixed a base64 decoding issue with the authorization field of
HTTP request headers that was sometimes causing Zeek to output
error messages.
- Ensure that Zeek builds use the internal version of Spicy instead
of external installations, unless specifically configured for
that mode.
- Support was added for switch fields when exporting Spicy types
to Zeek.
- A number of fixes were added to protect against potential unbounded
state growth with the SMB and DCE-RPC analyzers. SMB close
requests will properly tear down an related DCE-RPC analyzers.
- Fixed a regression in the UDP and TCP analyzers that was causing
more data than necessary to be forwarded to the next analyzer
in the chain.
- A connection's value is now updated in-place when its directionality
is flipped due to Zeek's heuristics (for example, SYN/SYN-ACK
reversal or protocol specific approaches).
- Fixed undefined symbols being reported from Spicy when building
some of the binary packages for Zeek.
- Loading policy/frameworks/notice/community-id.zeek now also
automatically community ID logging.
- Spicy no longer registers an extra port for every port registered
in a plugin's .evt file.
- Timeouts in DNS resolution no longer cause uncontrolled memory
growth.
- Fix check to skip DNS hostname lookups for notices that are not
delivered via email in policy/frameworks/notice/extend-email/hostnames.
Reported by: Tim Wojtulewicz
Security: 8eefa87f-31f1-496d-bf8e-2b465b6e4e8a
730455c |
Wednesday, 6 Sep 2023
|
20:50 Po-Chuan Hsieh (sunpoet)
security/zeek: Clean up USES=python
- While I'm here, fix PLIST
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
Error: Orphaned: @dir lib/%%ZEEKUSER%%/plugins
Error: Orphaned: @dir lib/%%ZEEKUSER%%/spicy
===> Checking for items in pkg-plist which are not in STAGEDIR
===> Error: Plist issues found.
*** Error code 1
Approved by: portmgr (blanket)
With hat: python
1d00d48 |
Thursday, 31 Aug 2023
|
00:31 Craig Leres (leres)
security/zeek: revert b6a8929a2551 for pkg-plist
I get package errors with that version (for 13.2/amd64 at least):
=======================<phase: package >============================
===> Building package for zeek-6.0.0
pkg-static: Unable to access file
/wrkdirs/usr/ports/security/zeek/work/stage/usr/local/include/zeek/analyzer/protocol/finger/legacy/events.bif.h:No
such file or directory
pkg-static: Unable to access file
/wrkdirs/usr/ports/security/zeek/work/stage/usr/local/include/zeek/analyzer/protocol/syslog/legacy/events.bif.h:No
such file or directory
pkg-static: Unable to access file
/wrkdirs/usr/ports/security/zeek/work/stage/usr/local/share/zeek/base/bif/plugins/Zeek_Finger.events.bif.zeek:No
such file or directory
pkg-static: Unable to access file
/wrkdirs/usr/ports/security/zeek/work/stage/usr/local/share/zeek/base/bif/plugins/Zeek_Syslog.events.bif.zeek:No
such file or directory
*** Error code 1
Maybe it's an options thing? I have everything set except PERFTOOLS
and BUILD_TYPE set to RELEASE.
While here update LICENSE.
75702bc |
Tuesday, 29 Aug 2023
|
14:25 Piotr Kubaj (pkubaj)
security/zeek: add shebangfix to zeek-client, fix pkg-plist
Noticed while building on powerpc64.
b6a8929 |
Wednesday, 23 Aug 2023
|
16:34 Craig Leres (leres)
security/zeek: Update PORTSCOUT
According to upstream, "LTS releases will always be x.0.y"
Adjust PORTSCOUT accordingly.
bcad316 |
Tuesday, 22 Aug 2023
|
20:34 Craig Leres (leres)
security/zeek: Update to 6.0.0
https://github.com/zeek/zeek/releases/tag/v6.0.0
This is the latest major version number Long-Term Support (LTS)
release of Zeek.
The NETMAP option has been removed; it was too difficult to build
it without zeek being installed in %%PREFIX%%. The consensus was
that this was a rarely used feature, please reach out to me if need
this (I've done some work on a new security/zeek-netmap port that
is probably the right way forward).
When I upgraded zeek on my systems I found some cruft left over
from previous versions. The way I recommend upgrading from 5.0.9
to 6.0.0 is:
service zeek stop
pkg delete -fy zeek py311-zkg
[clean up leftover files in /usr/local/lib/zeek]
pkg install -y zeek
service zeek deploy
Changes:
- Zeek now treats private address space (i.e., non-routable IP
address ranges) as local by default
- Telemetry centralization and Prometheus exposition is not enabled
by default anymore
- Custom source tarballs require a repo-info.json file.
- Plugin authors should raise the minimum required CMake version
to 3.15 to ensure compatibility with new CMake scaffolding
included in this release
- Zeek container images are not pushed to the zeekurity organization
anymore
- The error message returned when using bro_init, bro_done, and
bro_script_loaded events is now removed
Reported by: Tim Wojtulewicz
2dbcea6 |
Friday, 19 May 2023
|
17:37 Craig Leres (leres)
security/zeek: Update to 5.0.9
https://github.com/zeek/zeek/releases/tag/v5.0.9
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of FTP packets with a CMD command
with a large path followed by a very large number of replies
could cause Zeek to spend a long time processing the data.
- A specially-crafted with a truncated header can cause Zeek to
overflow memory and potentially crash.
- A specially-crafted series of SMTP packets can cause Zeek to
generate a very large number of events and take a long time to
process them.
- A specially-crafted series of POP3 packets containing MIME data
can cause Zeek to spend a long time dealing with each individual
file ID.
This release fixes the following bug:
- This release includes a fixes to Zeek and updates to the Broker
and Spicy submodules to support building against GCC 13.
Reported by: Tim Wojtulewicz
Security: 1ab7357f-a3c2-406a-89fb-fd00e49a71b5
21ea6c3 |
Wednesday, 12 Apr 2023
|
06:18 Craig Leres (leres)
security/zeek: Update to 5.0.8
https://github.com/zeek/zeek/releases/tag/v5.0.8
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted stream of FTP packets containing a command
reply with many intermediate lines can cause Zeek to spend a
large amount of time processing data.
- A specially-crafted set of packets containing extremely large
file offsets cause cause the reassembler code to allocate large
amounts of memory.
- The DNS manager does not correctly expire responses that don't
contain any data, such those containing NXDOMAIN or NODATA status
codes. This can lead to Zeek allocating large amounts of memory
for these responses and never deallocating them.
- A specially-crafted stream of RDP packets can cause Zeek to spend
large protocol validation.
- A specially-crafted stream of SMTP packets can cause Zeek to
spend large amounts of time processing data.
This release fixes the following bugs:
- Data stores used by the known-{hosts,certs,services} policies
now default to using local stores instead of Broker stores.
- The VXLAN and Geneve report analyzer confirmations once their
protocols have been fully parsed, but before attempting to forward
to the tunneled packets to other analyzers.
- New wierds were added to the AYIYA, Geneve, and VXLAN analyzers
(ayiya_empty_packet, geneve_empty_packet, and vxlan_empty_packet).
- A new script-level option Pcap::non_fd_timeout was added to allow
fine-tuning the amount of time to sleep on each IO loop when
using a packet source that doesn't provide a file descriptor
(e.g. Myricom).
- Avoid attempting to retrieve packets during every loop for a
packet source, instead switching to a predictive approach that
keeps track of whether or not that packet source has previously
seen traffic.
Reported by: Tim Wojtulewicz
Security: 96d6809a-81df-46d4-87ed-2f78c79f06b1
7705f7bbc |
Tuesday, 21 Feb 2023
|
22:39 Craig Leres (leres)
security/zeek: Update to 5.0.7
https://github.com/zeek/zeek/releases/tag/v5.0.7
This release fixes the following potential DoS vulnerabilities:
- Receiving DNS responses from async DNS requests (via the
lookup_addr, etc BIF methods) with the TTL set to zero could
cause the DNS manager to eventually stop being able to make new
requests.
- Specially-crafted FTP packets with excessively long usernames,
passwords, or other fields could cause log writes to use large
amounts of disk space.
- The find_all and find_all_ordered BIF methods could take extremely
large amounts of time to process incoming data depending on the
size of the input.
This release fixes the following bugs:
- Various issues with signed/unsigned character discrepancies on
arm64 builds are fixed.
- A performance degredation in debug builds involving hashing large
keys for Dictionaries was fixed.
Reported by: Tim Wojtulewicz
Security: 7a425536-74f7-4ce4-9768-0079a9d44d11
4e0e0f4 |
Wednesday, 1 Feb 2023
|
19:06 Craig Leres (leres)
security/zeek: Update to 5.0.6
https://github.com/zeek/zeek/releases/tag/v5.0.6
This release fixes the following potential DoS vulnerabilities:
- A missing field in the SMB FSControl script-land record could
cause a heap buffer overflow when receiving packets containing
those header types.
- Receiving a series of packets that start with HTTP/1.0 and then
switch to HTTP/0.9 could cause Zeek to spend a large amount of
time processing the packets.
- Receiving large numbers of FTP commands sequentially from the
network with bad data in them could cause Zeek to spend a large
amount of time processing the packets, and generate a large
amount of events.
This release fixes the following bugs:
- Zeek could throw a scripting error when receiving SMB1 packets
containing connect_andx_response messages prior to receiving an
associated request.
- A performance regression from 4.2 to 5.0 when reading pcap files
related to Broker's internal clock was fixed.
- Notices created for files transferred over multiple connections
will now be associated with one of the connections rather than
none.
- A new file_over_new_connection event was added to the Intel
framework, for use when receiving files over established connections
(for example, HTTP).
- The error message returned when trying use invalid enums in
scripts now correctly includes the script location.
Reported by: Tim Wojtulewicz
Security: 2b5fc9c4-eaca-46e0-83d0-9b10c51c4b1b
85faac2 |
Tuesday, 10 Jan 2023
|
01:07 Craig Leres (leres)
security/zeek: Update to 5.0.5
https://github.com/zeek/zeek/releases/tag/v5.0.5
This release fixes the following bugs:
- Update broker to version 2.3.6. This broker release fixes some
failures when building against Python 3.11 and above.
Reported by: Tim Wojtulewicz
5f6df5b |
Thursday, 24 Nov 2022
|
18:29 Craig Leres (leres)
security/zeek: Update to 5.0.4
https://github.com/zeek/zeek/releases/tag/v5.0.4
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of HTTP 0.9 packets can cause Zeek
to spend large amounts of time processing the packets.
- A specially-crafted FTP packet can cause Zeek to spend large
amounts of time processing the command.
- A specially-crafted IPv6 packet can cause Zeek to overflow memory
and potentially crash.
This release fixes the following bugs:
- Fix a potential stall in Broker’s internal data pipeline.
Reported by: Tim Wojtulewicz
Security: ???
a940eea |
Wednesday, 9 Nov 2022
|
02:42 Craig Leres (leres)
security/zeek: Update to 5.0.3
https://github.com/zeek/zeek/releases/tag/v5.0.3
This release fixes the following potential DoS vulnerabilities:
- Fix an issue where a specially-crafted FTP packet can cause Zeek
to spend large amounts of time attempting to search for valid
commands in the data stream.
- Fix a possible overflow in the Zeek dictionary code that may
lead to a memory leak.
- Fix an issue where a specially-crafted packet can cause Zeek to
spend large amounts of time reporting analyzer violations.
- Fix a possible assert and crash in the HTTP analyzer when receiving
a specially-crafted packet.
- Fix an issue where a specially-crafted HTTP or SMTP packet can
cause Zeek to spend a large amount of time attempting to search
for filenames within the packet data.
- Fix two separate possible crashes when converting processed IP
headers for logging via the raw_packet event handlers.
This release fixes the following bugs:
- Fix a possible crash with when statements where lambda captures
of local variables sometimes overflowed the frame counter.
- Reduced the amount of analyzer_confirmation events that are
raised for packets that contain tunnels.
- Fix a long-standing bug where TCP reassembly would not function
correctly for some analyzers if dpd_reassemble_first_packets was
set to false.
- Fix a performance bug in the Zeek dictionary code in certain
cases, such as copying a large number of entries from one
dictionary into another.
- Fix a performance issue when inserting large numbers of elements
into a Broker store when Broker::scheduler_policy is set to
stealing.
- Fix a Broker performance issue when distributing large amounts
of data from the input framework to proxies/workers at startup.
- Fix an issue with messaging between proxies and workers that
resulted in error messages being reported.
- Updated the list of DNS type strings to reflect the correct.
Reported by: Tim Wojtulewicz
Security: 60d4d31a-a573-41bd-8c1e-5af7513c1ee9
f7beb19 |
Tuesday, 20 Sep 2022
|
00:02 Craig Leres (leres)
security/zeek: Update to 5.0.2
https://github.com/zeek/zeek/releases/tag/v5.0.2
Security fixes:
- Fix a possible overflow and crash in the ICMP analyzer when
receiving a specially crafted packet
- Fix a possible overflow and crash in the IRC analyzer when
receiving a specially crafted packet
- Fix a possible overflow and crash in the SMB analyzer when
receiving a specially crafted packet
- Fix two possible crashes when converting IP headers for output
via the raw_packet event
Other changes:
- Fix a bug that prevented Broker nodes to recover from OpenSSL errors.
- Fix handling of buffer sizes that caused Broker to stall despite
having sufficient capacity.
- Fix an issue with signal handling that could prevent Zeek from
exiting via ctrl-c when reading scripts from stdin.
Also fix new PR 266345 issue reported by @pkubaj ("fails to build
without SPICY enabled").
PR: 266345
Reported by: Tim Wojtulewicz, pkubaj
2f3600b |
Thursday, 15 Sep 2022
|
00:53 Craig Leres (leres)
security/zeek: Port improvements
- Remove useless BROKER option.
- Remove USES=ninja (now implied by USES=cmake).
- Make bison, flex, and swig hard dependencies.
- Strip several installed binaries.
- Remove some test files and directories mistakenly installed by
spicy.
- While we're here, run portfmt.
Thanks to @diizzy for the bulk of these changes.
PR: 266345
Reported by: diizzy
0957887 |
Wednesday, 7 Sep 2022
|
21:10 Stefan Eßer (se)
Add WWW entries to port Makefiles
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
This commit implements such a proposal and moves one of the WWW: entries
of each pkg-descr file into the respective port's Makefile. A heuristic
attempts to identify the most relevant URL in case there is more than
one WWW: entry in some pkg-descr file. URLs that are not moved into the
Makefile are prefixed with "See also:" instead of "WWW:" in the pkg-descr
files in order to preserve them.
There are 1256 ports that had no WWW: entries in pkg-descr files. These
ports will not be touched in this commit.
The portlint port has been adjusted to expect a WWW entry in each port
Makefile, and to flag any remaining "WWW:" lines in pkg-descr files as
deprecated.
Approved by: portmgr (tcberner)
b7f0544 |
Friday, 26 Aug 2022
|
23:54 Craig Leres (leres)
security/zeek: Update to 5.0.1
https://github.com/zeek/zeek/releases/tag/v5.0.1
Security fixes since 5.0.0:
- Fix a possible overflow and crash in the ARP analyzer when
receiving a specially crafted packet.
- Fix a possible overflow and crash in the Modbus analyzer when
receiving a specially crafted packet.
- Fix two possible crashes when converting IP headers for output
via the raw_packet event.
- Fix an abort related to an error related to the ordering of
record fields when processing DNS EDNS headers via events
Other changes:
- Fix a number of typos in the weak-keys.zeek script in the SSL
framework.
- Fix build of internal Spicy when using the --disable-cpp-tests
configure flag.
- Avoid calling safe_realloc unnecessarily from ODesc::Grow(),
providing a peformance improvement in some cases.
- Remove use of fallible get_conn_transport_proto() in analyzer_violation
event handlers.
- Remove a warning when receiving packets with invalid or unknown
IP protocol types, preventing it from spamming reporter.log.
- Fix workers failing to peer with proxies if they take too long
to start.
- Fix Zeek build failures when building against an external version
of Spicy.
- Update Spicy to version 1.5.1 and spicy-plugin to 1.3.17.
Reported by: Tim Wojtulewicz
8afc679 |
Wednesday, 20 Jul 2022
|
14:22 Tobias C. Berner (tcberner)
security: remove 'Created by' lines
A big Thank You to the original contributors of these ports:
* <ports@c0decafe.net>
* Aaron Dalton <aaron@FreeBSD.org>
* Adam Weinberger <adamw@FreeBSD.org>
* Ade Lovett <ade@FreeBSD.org>
* Aldis Berjoza <aldis@bsdroot.lv>
* Alex Dupre <ale@FreeBSD.org>
* Alex Kapranoff <kappa@rambler-co.ru>
* Alex Samorukov <samm@freebsd.org>
* Alexander Botero-Lowry <alex@foxybanana.com>
* Alexander Kriventsov <avk@vl.ru>
* Alexander Leidinger <netchild@FreeBSD.org>
* Alexander Logvinov <ports@logvinov.com>
* Alexander Y. Grigoryev <alexander.4mail@gmail.com>
* Alexey Dokuchaev <danfe@FreeBSD.org>
* Alfred Perlstein
* Alfred Perlstein <alfred@FreeBSD.org>
* Anders Nordby <anders@FreeBSD.org>
* Anders Nordby <anders@fix.no>
* Andreas Klemm <andreas@klemm.gtn.com>
* Andrew Lewis <freeghb@gmail.com>
* Andrew Pantyukhin <infofarmer@FreeBSD.org>
* Andrew St. Jean <andrew@arda.homeunix.net>
* Anes Mukhametov <anes@anes.su>
* Antoine Brodin <antoine@FreeBSD.org>
* Anton Berezin <tobez@FreeBSD.org>
* Antonio Carlos Venancio Junior (<antonio@inf.ufsc.br>)
* Antonio Carlos Venancio Junior <antonio@inf.ufsc.br>
* Ashish SHUKLA <ashish@FreeBSD.org>
* Attila Nagy <bra@fsn.hu>
* Autrijus Tang <autrijus@autrijus.org>
* Axel Rau <axel.rau@chaos1.de>
* Babak Farrokhi <farrokhi@FreeBSD.org>
* Ben Woods <woodsb02@FreeBSD.org>
* Bernard Spil <brnrd@FreeBSD.org>
* Bernard Spil <brnrd@freebsd.org>
* Blaz Zupan <blaz@si.FreeBSD.org>
* Bob Hockney <zeus@ix.netcom.com>
* Boris Kochergin <spawk@acm.poly.edu>
* Brendan Molloy <brendan+freebsd@bbqsrc.net>
* Bruce M Simpson
* Bruce M Simpson <bms@FreeBSD.org>
* Bruce M. Simpson <bms@FreeBSD.org>
* Carlo Strub
* Carlo Strub <cs@FreeBSD.org>
* Carlos J Puga Medina <cpm@FreeBSD.org>
* Carlos J Puga Medina <cpm@fbsd.es>
* Charlie Root <se@FreeBSD.org>
* Cheng-Lung Sung <clsung@FreeBSD.org>
* Cheng-Lung Sung <clsung@dragon2.net>
* Chie Taguchi <taguchi.ch@gmail.com>
* Chris Cowart <ccowart@rescomp.berkeley.edu>
* Chris D. Faulhaber <jedgar@FreeBSD.org>
* Christer Edwards <christer.edwards@gmail.com>
* Christian Lackas
* Christopher Hall <hsw@bitmark.com>
* Clement Laforet <sheepkiller@cultdeadsheep.org>
* Clive Lin <clive@CirX.ORG>
* Colin Percival
* Cory McIntire (loon@noncensored.com)
* Craig Leres <leres@FreeBSD.org>
* Cristiano Deana <cris@gufi.org>
* Cy Schubert (Cy.Schubert@uumail.gov.bc.ca)
* Cy Schubert <Cy.Schubert@uumail.gov.bc.ca>
* Cy Schubert <cy@FreeBSD.org>
* Damian Gerow <dgerow@afflictions.org>
* Damien Bobillot
* Dan Langille
* Dan Langille <dan@freebsddiary.org>
* Dan Langille <dvl@FreeBSD.org>
* Dan Langille <dvl@freebsd.org>
* Dan Langille <dvl@sourcefire.com>
* Daniel Kahn Gillmor <dkg@fifthhorseman.net>
* Daniel Roethlisberger <daniel@roe.ch>
* Danilo Egea Gondolfo <danilo@FreeBSD.org>
* Danton Dorati <urisso@bsd.com.br>
* Dave McKay <dave@mu.org>
* David E. Thiel <lx@FreeBSD.org>
* David O'Brien (obrien@NUXI.com)
* David O'Brien <obrien@FreeBSD.org>
* David Thiel <lx@redundancy.redundancy.org>
* Dean Hollister <dean@odyssey.apana.org.au>
* Denis Shaposhnikov <dsh@vlink.ru>
* Dereckson <dereckson@gmail.com>
* Dirk Froemberg <dirk@FreeBSD.org>
* Ditesh Shashikant Gathani <ditesh@gathani.org>
* Dom Mitchell <dom@happygiraffe.net>
* Dominic Marks <dominic.marks@btinternet.com>
* Don Croyle <croyle@gelemna.org>
* Douglas Thrift <douglas@douglasthrift.net>
* Edson Brandi <ebrandi@fugspbr.org>
* Edwin Groothuis <edwin@mavetju.org>
* Ekkehard 'Ekki' Gehm <gehm@physik.tu-berlin.de>
* Emanuel Haupt <ehaupt@FreeBSD.org>
* Emanuel Haupt <ehaupt@critical.ch>
* Eric Crist <ecrist@secure-computing.net>
* Erwin Lansing <erwin@FreeBSD.org>
* Eugene Grosbein <eugen@FreeBSD.org>
* Fabian Keil <fk@fabiankeil.de>
* Felix Palmen <felix@palmen-it.de>
* Florent Thoumie <flz@xbsd.org>
* Foxfair Hu <foxfair@FreeBSD.org>
* Frank Laszlo <laszlof@vonostingroup.com>
* Frank Wall <fw@moov.de>
* Franz Bettag <franz@bett.ag>
* Gabor Kovesdan
* Gabor Kovesdan <gabor@FreeBSD.org>
* Gabriel M. Dutra <0xdutra@gmail.com>
* Gary Hayers <Gary@Hayers.net>
* Gasol Wu <gasol.wu@gmail.com>
* Gea-Suan Lin <gslin@gslin.org>
* George Reid <greid@ukug.uk.freebsd.org>
* George Reid <services@nevernet.net>
* Greg Larkin <glarkin@FreeBSD.org>
* Greg V <greg@unrelenting.technology>
* Gregory Neil Shapiro <gshapiro@FreeBSD.org>
* Grzegorz Blach <gblach@FreeBSD.org>
* Guangyuan Yang <ygy@FreeBSD.org>
* Hakisho Nukama <nukama@gmail.com>
* Hammurabi Mendes <hmendes@brturbo.com>
* Henk van Oers <hvo.pm@xs4all.nl>
* Horia Racoviceanu <horia@racoviceanu.com>
* Hung-Yi Chen <gaod@hychen.org>
* Jaap Akkerhuis <jaap@NLnetLabs.nl>
* Jaap Boender <jaapb@kerguelen.org>
* Jacek Serwatynski <tutus@trynet.eu.org>
* James FitzGibbon <jfitz@FreeBSD.org>
* James Thomason <james@divide.org>
* Jan-Peter Koopmann <Jan-Peter.Koopmann@seceidos.de>
* Janky Jay <ek@purplehat.org>
* Janos Mohacsi
* Janos Mohacsi <janos.mohacsi@bsd.hu>
* Jean-Yves Lefort <jylefort@brutele.be>
* Jim Geovedi <jim@corebsd.or.id>
* Jim Ohlstein <jim@ohlste.in>
* Joe Clarke <marcus@marcuscom.com>
* Joe Marcus Clarke <marcus@FreeBSD.org>
* Johann Visagie <johann@egenetics.com>
* Johann Visagie <wjv@FreeBSD.org>
* John Ferrell <jdferrell3@yahoo.com>
* John Hixson <jhixson@gmail.com>
* John Polstra <jdp@polstra.com>
* John W. O'Brien <john@saltant.com>
* John-Mark Gurney <jmg@FreeBSD.org>
* Jose Alonso Cardenas Marquez <acardenas@bsd.org.pe>
* Joseph Benden <joe@thrallingpenguin.com>
* Joshua D. Abraham <jabra@ccs.neu.edu>
* Jov <amutu@amutu.com>
* Jui-Nan Lin <jnlin@freebsd.cs.nctu.edu.tw>
* Ka Ho Ng <khng300@gmail.com>
* Kay Lehmann <kay_lehmann@web.de>
* Keith J. Jones <kjones@antihackertoolkit.com>
* Kevin Zheng <kevinz5000@gmail.com>
* Kimura Fuyuki <fuyuki@hadaly.org>
* Kimura Fuyuki <fuyuki@mj.0038.net>
* Klayton Monroe <klm@uidzero.org>
* Konstantin Menshikov <kostjnspb@yandex.ru>
* Koop Mast <kwm@FreeBSD.org>
* Kris Kennaway <kris@FreeBSD.org>
* Kubilay Kocak <koobs@FreeBSD.org>
* Kurt Jaeger <fbsd-ports@opsec.eu>
* LEVAI Daniel <leva@ecentrum.hu>
* Lars Engels <lme@FreeBSD.org>
* Lars Thegler <lth@FreeBSD.org>
* Laurent LEVIER <llevier@argosnet.com>
* Luiz Eduardo R. Cordeiro
* Lukas Slebodnik <lukas.slebodnik@intrak.sk>
* Lukasz Komsta
* Mageirias Anastasios <anastmag@gmail.com>
* Marcel Prisi <marcel.prisi@virtua.ch>
* Marcello Coutinho
* Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org>
* Mark Felder <feld@FreeBSD.org>
* Mark Hannon <markhannon@optusnet.com.au>
* Mark Murray <markm@FreeBSD.org>
* Mark Pulford <mark@kyne.com.au>
* Marko Njezic <sf@maxempire.com>
* Martin Matuska <martin@tradex.sk>
* Martin Matuska <mm@FreeBSD.org>
* Martin Mersberger
* Martin Wilke <miwi@FreeBSD.org>
* Martti Kuparinen <martti.kuparinen@ericsson.com>
* Mateusz Piotrowski <0mp@FreeBSD.org>
* Matt <matt@xtaz.net>
* Matt Behrens <matt@zigg.com>
* Matthias Andree <mandree@FreeBSD.org>
* Matthias Fechner <mfechner@FreeBSD.org>
* Matthieu BOUTHORS <matthieu@labs.fr>
* Maxim Sobolev <sobomax@FreeBSD.org>
* Meno Abels <meno.abels@adviser.com>
* Michael Haro <mharo@FreeBSD.org>
* Michael Johnson <ahze@FreeBSD.org>
* Michael Nottebrock <lofi@FreeBSD.org>
* Michael Reifenberger <mr@FreeBSD.org>
* Michael Schout <mschout@gkg.net>
* Michal Bielicki <m.bielicki@llizardfs.com>
* Michiel van Baak <michiel@vanbaak.eu
* Mij <mij@bitchx.it>
* Mike Heffner <mheffner@vt.edu>
* Mikhail T. <m.tsatsenko@gmail.com>
* Mikhail Teterin <mi@aldan.algebra.com>
* Milan Obuch
* Mosconi <mosconi.rmg@gmail.com>
* Muhammad Moinur Rahman <5u623l20@gmail.com>
* Mustafa Arif <ma499@doc.ic.ac.uk>
* Neil Booth
* Neil Booth <kyuupichan@gmail.com>
* Nick Barkas <snb@threerings.net>
* Nicola Vitale <nivit@FreeBSD.org>
* Niels Heinen
* Nikola Kolev <koue@chaosophia.net>
* Nobutaka Mantani <nobutaka@FreeBSD.org>
* Oliver Lehmann
* Oliver Lehmann <oliver@FreeBSD.org>
* Olivier Duchateau
* Olivier Duchateau <duchateau.olivier@gmail.com>
* Olli Hauer
* Patrick Li <pat@databits.net>
* Paul Chvostek <paul@it.ca>
* Paul Schmehl <pauls@utdallas.edu>
* Pavel I Volkov <pavelivolkov@googlemail.com>
* Pete Fritchman <petef@databits.net>
* Peter Ankerstal <peter@pean.org>
* Peter Haight <peterh@sapros.com>
* Peter Johnson <johnson.peter@gmail.com>
* Peter Pentchev <roam@FreeBSD.org>
* Petr Rehor <rx@rx.cz>
* Philippe Audeoud <jadawin@tuxaco.net>
* Philippe Rocques <phil@teaser.fr>
* Piotr Kubaj <pkubaj@FreeBSD.org>
* Piotr Kubaj <pkubaj@anongoth.pl>
* Po-Chuan Hsieh <sunpoet@FreeBSD.org>
* RaRa Rasputin <rasputin@submonkey.net>
* Radim Kolar
* Ralf Meister
* Remington Lang <MrL0Lz@gmail.com>
* Renaud Chaput <renchap@cocoa-x.com>
* Roderick van Domburg <r.s.a.vandomburg@student.utwente.nl>
* Roland van Laar <roland@micite.net>
* Romain Tartiere <romain@blogreen.org>
* Roman Bogorodskiy
* Roman Bogorodskiy <novel@FreeBSD.org>
* Roman Shterenzon <roman@xpert.com>
* Rong-En Fan <rafan@FreeBSD.org>
* Ryan Steinmetz <zi@FreeBSD.org>
* Sahil Tandon <sahil@tandon.net>
* Sascha Holzleiter <sascha@root-login.org>
* SeaD
* Seamus Venasse <svenasse@polaris.ca>
* Sean Greven <sean.greven@gmail.com>
* Sebastian Schuetz <sschuetz@fhm.edu>
* Sergei Kolobov <sergei@FreeBSD.org>
* Sergei Kolobov <sergei@kolobov.com>
* Sergei Vyshenski
* Sergei Vyshenski <svysh.fbsd@gmail.com>
* Sergey Skvortsov <skv@protey.ru>
* Seth Kingsley <sethk@meowfishies.com>
* Shaun Amott <shaun@inerd.com>
* Simeon Simeonov <sgs@pichove.org>
* Simon Dick <simond@irrelevant.org>
* Sofian Brabez <sbrabez@gmail.com>
* Stanislav Sedov <ssedov@mbsd.msk.ru>
* Stefan Esser <se@FreeBSD.org>
* Stefan Grundmann
* Stefan Walter <sw@gegenunendlich.de>
* Stephon Chen <stephon@gmail.com>
* Steve Wills <steve@mouf.net>
* Steve Wills <swills@FreeBSD.org>
* Steven Kreuzer
* Steven Kreuzer <skreuzer@exit2shell.com>
* Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
* TAKAHASHI Kaoru <kaoru@kaisei.org>
* TAKATSU Tomonari <tota@FreeBSD.org>
* Tatsuki Makino <tatsuki_makino@hotmail.com>
* Thibault Payet <monwarez@mailoo.org>
* Thierry Thomas (<thierry@pompo.net>)
* Thierry Thomas <thierry@pompo.net>
* Thomas Hurst <tom@hur.st>
* Thomas Quinot <thomas@cuivre.fr.eu.org>
* Thomas Zander <riggs@FreeBSD.org>
* Thomas von Dein <freebsd@daemon.de>
* Tilman Linneweh <arved@FreeBSD.org>
* Tim Bishop <tim@bishnet.net>
* Tom Judge <tom@tomjudge.com>
* Tomoyuki Sakurai <cherry@trombik.org>
* Toni Viemerö <toni.viemero@iki.fi>
* Tony Maher
* Torsten Zuhlsdorff <ports@toco-domains.de>
* Travis Campbell <hcoyote@ghostar.org>
* Tsung-Han Yeh <snowfly@yuntech.edu.tw>
* Ulf Lilleengen
* Vaida Bogdan <vaida.bogdan@gmail.com>
* Valentin Zahariev <curly@e-card.bg>
* Valerio Daelli <valerio.daelli@gmail.com>
* Veniamin Gvozdikov <vg@FreeBSD.org>
* Victor Popov
* Victor Popov <v.a.popov@gmail.com>
* Vsevolod Stakhov
* Vsevolod Stakhov <vsevolod@FreeBSD.org>
* Wen Heping <wen@FreeBSD.org>
* Wen Heping <wenheping@gmail.com>
* Yarodin <yarodin@gmail.com>
* Yen-Ming Lee <leeym@FreeBSD.org>
* Yen-Ming Lee <leeym@cae.ce.ntu.edu.tw>
* Yen-Ming Lee <leeym@leeym.com>
* Ying-Chieh Liao <ijliao@FreeBSD.org>
* Yonatan <Yonatan@Xpert.com>
* Yonatan <onatan@gmail.com>
* Yoshisato YANAGISAWA
* Yuri Victorovich
* Yuri Victorovich <yuri@rawbw.com>
* Zach Thompson <hideo@lastamericanempire.com>
* Zane C. Bowers <vvelox@vvelox.net>
* Zeus Panchenko <zeus@gnu.org.ua>
* ache
* adamw
* ajk@iu.edu
* alex@FreeBSD.org
* allan@saddi.com
* alm
* andrej@ebert.su
* andrew@scoop.co.nz
* andy@fud.org.nz
* antoine@FreeBSD.org
* arved
* barner
* brix@FreeBSD.org
* buganini@gmail.com
* chinsan
* chris@still.whet.org
* clement
* clsung
* crow
* cy@FreeBSD.org
* dominik karczmarski <dominik@karczmarski.com>
* dwcjr@inethouston.net
* eivind
* erich@rrnet.com
* erwin@FreeBSD.org
* girgen@FreeBSD.org
* glen.j.barber@gmail.com
* hbo@egbok.com
* ijliao
* jesper
* jfitz
* johans
* joris
* kftseng@iyard.org
* kris@FreeBSD.org
* lx
* markm
* mharo@FreeBSD.org
* michaelnottebrock@gmx.net
* mnag@FreeBSD.org
* mp39590@gmail.com
* nbm
* nectar@FreeBSD.org
* nork@FreeBSD.org
* nork@cityfujisawa.ne.jp
* nsayer@FreeBSD.org
* nsayer@quack.kfu.com
* ntarmos@cs.uoi.gr
* oly
* onatan@gmail.com
* pandzilla
* patrick@mindstep.com
* pauls
* perl@FreeBSD.org
* petef@FreeBSD.org
* peter.thoenen@yahoo.com
* ports@c0decafe.net
* ports@rbt.ca
* roam@FreeBSD.org
* rokaz
* sada@FreeBSD.org
* scrappy
* se
* shane@freebsdhackers.net aka modsix@gmail.com
* snb@threerings.net
* sumikawa
* sviat
* teramoto@comm.eng.osaka-u.ac.jp
* thierry@pompo.net
* tobez@FreeBSD.org
* torstenb@FreeBSD.org
* trasz <trasz@pin.if.uz.zgora.pl>
* trevor
* truckman
* vanhu
* vanilla@
* wen@FreeBSD.org
* will
With hat: portmgr
857c05f |
Monday, 18 Jul 2022
|
07:16 Piotr Kubaj (pkubaj)
security/zeek: fix build on non aarch64 / amd64 / armv? / i386
1. Enable SPICY only on aarch64 / amd64 / armv? / i386 as specified in
https://github.com/zeek/spicy/blob/d0bc60537b53c3a951a0bdcb7b1c080bbb068abf/hilti/runtime/src/fiber.cc#L252
2. Correct a parameter passed to CMake to disable Spicy.
3. Correct pkg-plist for build with disabled Spicy.
Approved by: portmgr (blanket)
f7731a4 |
Wednesday, 13 Jul 2022
|
16:50 Craig Leres (leres)
security/zeek: Update input framework patch
https://github.com/zeek/zeek/pull/2266
This version of the patch fixes tail -F semantics when want_record=F.
818eb4c |
Saturday, 9 Jul 2022
|
19:52 Craig Leres (leres)
security/zeek: Patch to allow building without ENABLE_ZEEK_UNIT_TESTS
5.0.0 does not build without ENABLE_ZEEK_UNIT_TESTS enabled.
Apply upstream patch which solves this:
https://github.com/zeek/zeek/pull/2256
Obtained from: Benjamin Bannier
619c9ef |
02:44 Craig Leres (leres)
security/zeek: Update to 5.0.0 (latest LTS release)
https://github.com/zeek/zeek/releases/tag/v5.0.0
Changes incompatiable with 4.0.7:
- The script-land ``union`` and ``timer`` types have been removed.
They haven't had any actual semantics backing them for some time
and shouldn't have functioned in any useable way. We opted to
skip the deprecation cycle for these types for that reason.
- Broker now uses a new network backend with a custom network
protocol that is incompatible with the pre-5.0 backend. In
practice, this means Zeek 4.x will not be able to exchange events
with Zeek 5.x. Going forward, this new backend will allow us to
keep the Broker protocol more stable and add new capabilities
in a backwards compatible way.
While we're here add a comment explaining why we really need uname
-p instead of using ARCH (uname -m). Also solve a portlint nag.
Reported by: Tim Wojtulewicz
c356da8 |
Friday, 1 Jul 2022
|
21:19 Craig Leres (leres)
security/zeek: Patch to provide tail -F semantics for input framework
MODE_STREAM
This is a backport of this github pull request:
https://github.com/zeek/zeek/pull/2097
b8b4094 |
Friday, 3 Jun 2022
|
17:34 Craig Leres (leres)
security/zeek: Update to 4.0.7
https://github.com/zeek/zeek/releases/tag/v4.0.7
Security fixes since 4.0.6:
- Fix potential hang in the DNS analyzer when receiving a
specially-crafted packet. Due to the possibility of this happening
with packets received from the network, this is a potential DoS
vulnerability.
Other changes:
- Fix issue with broken libpcaps that return repeat packets, most
notably the version provided with Myricom hardware.
Reported by: Tim Wojtulewicz
d1628eb |
Thursday, 21 Apr 2022
|
22:48 Craig Leres (leres)
security/zeek: Update to 4.0.6
https://github.com/zeek/zeek/releases/tag/v4.0.6
Security fixes since 4.0.5:
- Fix potential unbounded state growth in the FTP analyzer when
receiving a specially-crafted stream of commands. This may lead
to a buffer overflow and cause Zeek to crash. Due to the possibility
of this happening with packets received from the network, this
is a potential DoS vulnerabilty.
Other changes:
- Empty table constructors with &default attributes may cause a
crash.
- Fix a bug in ZAM when a function containing a loop is inlined
- Fix a number of bugs with robust dictionary iteration.
- Fix missing "Reporter" entries when reporting hooks via zeek.
Reported by: Tim Wojtulewicz
23f90b9 |
Tuesday, 25 Jan 2022
|
22:38 Craig Leres (leres)
security/zeek: Update to 4.0.5
Changes since 4.0.4:
- The highwayhash module was updated to fix a build failure on
FreeBSD.
- A number of fixes for various problems on the CI infrastructure.
- Writers were not being cleaned up correctly when recreating log
streams with the same ID as an existing stream. This could lead
to a crash.
- IP packets with bad/incorrect IP header lengths were not reporting
weirds as they should be.
Reported by: Tim Wojtulewicz
02c1f1a |
Saturday, 16 Oct 2021
|
09:51 Jimmy Olgeni (olgeni)
*: fix tab vs. space issues, and comments according to the guide.
4460cf7 |
Thursday, 30 Sep 2021
|
21:23 Rene Ladan (rene)
cleanup: drop support for EOL FreeBSD 11.X
Search criteria used:
- 11.4
- OSREL*
- OSVER*
- *_FreeBSD_11
Input from:
- adridg: devel/qca-legacy
- jbeich: _WITH_DPRINTF, _WITH_GETLINE, GNU bfd workarounds
- sunpoet: security/p5-*OpenSSL*
Reviewed by: doceng, kde, multimedia, perl, python, ruby, rust
Differential Revision: https://reviews.freebsd.org/D32008
Test Plan: make index
620968a |
Wednesday, 22 Sep 2021
|
22:15 Craig Leres (leres)
security/zeek: Update to 4.0.4
https://github.com/zeek/zeek/releases/tag/v4.0.4
This release fixes two vulnerabilities:
- Paths from log stream make it into system() unchecked, potentially
leading to commands being run on the system unintentionally.
This requires either bad scripting or a malicious package to be
installed, and is considered low severity.
- Fix potential unbounded state growth in the PIA analyzer when
receiving a connection with either a large number of zero-length
packets, or one which continues ack-ing unseen segments. It is
possible to run Zeek out of memory in these instances and cause
it to crash. Due to the possibility of this happening with packets
received from the network, this is a potential DoS vulnerability.
Other fixes:
- The highwayhash submodule was updated to fix a build failure on
FreeBSD 14.
- Packet sources that don't have a selectable file descriptor could
potentially prevent the network time from ever updating, which
would have adverse effects on the primary run loop such as
preventing timers from executing.
- Specific conditions in the run loop could lead RotationTimers
to get into an infinite loop.
- Specially crafted HTTP packets could avoid the HTTP analyzer.
- Zeekctl crashes using the zeekctl status command if the
StatusCmdShowAll option is set to 1 in zeekctl.cfg.
- The ignore_checksum_nets option does not work correctly if
configured with multiple subnets.
Reported by: Tim Wojtulewicz
Security: d4d21998-bdc4-4a09-9849-2898d9b41459
b45eb65 |
Thursday, 2 Sep 2021
|
09:03 Bernhard Froehlich (decke)
security/zeek: Add CPE information
Approved by: portmgr (blanket)
d95d0cf |
Monday, 19 Jul 2021
|
17:08 Craig Leres (leres)
security/zeek: Add @sample for local.zeek
This github issue:
https://github.com/zeek/zeekctl/issues/35
complained about the lack of a local.zeek file on a fresh install;
adding @sample for local.zeek solves this.
Reported by: shadonet
7c9b2f4 |
Tuesday, 6 Jul 2021
|
21:31 Craig Leres (leres)
security/zeek: Update to 4.0.3
https://github.com/zeek/zeek/releases/tag/v4.0.3
This release fixes the following bugs:
- Zeek now accepts unset fields in the input data only when the
corresponding record field is &optional.
- The version field in ssh.log is now optional and will not be set
if we cannot determine the version that was negotiated by the
client and server.
- Zeekctl could crash at startup on certain compilers and platforms
due to a memory corruption issue in the Broker python bindings.
- The highwayhash submodule was updated to fix a build failure on
FreeBSD for PowerPC.
This release deprecates the following functionality:
- The stepping-stone analyzer is marked as deprecated. It was
partially marked as deprecated in 2.0, and will be fully removed
in v4.1.
Reported by: Tim Wojtulewicz
9ffa415 |
Thursday, 24 Jun 2021
|
02:05 Craig Leres (leres)
security/zeek: Add a ZKG option to pull in py-zkg
fbc0775 |
Thursday, 3 Jun 2021
|
00:14 Craig Leres (leres)
security/zeek: Update to 4.0.2
https://github.com/zeek/zeek/releases/tag/v4.0.2
This release fixes several potential DoS vulnerabilities:
- Fix potential Undefined Behavior in decode_netbios_name() and
decode_netbios_name_type() BIFs. The latter has a possibility
of a remote heap-buffer-overread, making this a potential DoS
vulnerability.
- Add some extra length checking when parsing mobile ipv6 packets.
Due to the possibility of reading invalid headers from remote
sources, this is a potential DoS vulnerability.
Other fixes:
- Fix heap-use-after-free after clear_table() on a table that uses
expiration attributes.
- Add fatal error for if table/Dictionary state ever becomes invalid
since the behavior becomes unexpected/unclear at that point (e.g.
when table bucket positions become large enough to overflow their
16-bit storage due to aggressive expiration-check settings
preventing the re-positioning items)
- Add missing "zeek/" to header includes, which can prevent external
plugins from compiling against Zeek source-tree (e.g. via
./configure --zeek-dist=)
- Fix reading empty set[enum] values and any vector of enum values
from config files
- Fix type-checks related to list-type equality
Reported by: Tim Wojtulewicz
MFH: 2021Q2
Security: a550d62c-f78d-4407-97d9-93876b6741b9
b9d6624 |
Wednesday, 12 May 2021
|
23:47 Craig Leres (leres)
security/zeek: Unbreak build when PREFIX is not /usr/local
560db24 |
Tuesday, 11 May 2021
|
02:09 Craig Leres (leres)
security/zeek: Add fine grained DEBUG options
Allow the user to pick from DEBUG, MINSIZEREL, RELEASE, and
RELWITHDEBINFO options instead of just DEBUG. Don't STRIP with DEBUG
or RELWITHDEBINFO. Make some minor whitespace changes suggested by
portfmt.
e068ee2 |
Wednesday, 21 Apr 2021
|
21:11 Craig Leres (leres)
security/zeek: Update to 4.0.1 to fix null-pointer dereference and potential DOS
https://github.com/zeek/zeek/releases/tag/v4.0.1
This release fixes the following vulnerability:
- Fix null-pointer dereference when encountering an invalid enum
name in a config/input file that tries to read it into a set[enum].
For those that have such an input feed whose contents may come
from external/remote sources, this is a potential DoS vulnerability.
Other fixes:
- Fix mime type detection bug in IRC/FTP file_transferred event
for file data containing null-bytes
- Fix potential for missing timestamps in SMB logs
- Remove use of LeakSanitizer API on FreeBSD where it's unsupported
- Fix incorrect parsing of ERSPAN Type I
- Fix incorrect/overflowed n value for SSL_Heartbeat_Many_Requests
notices where number of server heartbeats is greater than number
of client heartbeats.
- Fix missing user_agent existence check in smtp/software.zeek
(causes reporter.log error noise, but no functional difference)
- Fix include order of bundled headers to avoid conflicts with
pre-existing/system-wide installs
- Fix musl build (e.g. Void, Alpine, etc.)
- Fix build with -DENABLE_MOBILE_IPV6 / ./configure --enable-mobile-ipv6
- Add check for null packet data in pcap IOSource, which is an
observed state in Myricom libpcap that crashes Zeek via null-pointer
dereference
- Allow CRLF line-endings in Zeek scripts and signature files
- Fix armv7 build
- Fix unserialization of set[function], generally now used by
connection record removal hooks, and specifically breaking
intel.log of Zeek clusters
- Fix indexing of set/table types with a vector
- Fix precision loss in ASCII logging/printing of large double,
time, or interval values
- Improve handling of invalid SIP data before requests
- Fix copy()/cloning vectors that have holes (indices w/ null
values)
Reported by: Jon Siwek
274b20e |
Wednesday, 14 Apr 2021
|
05:13 Craig Leres (leres)
security/zeek: Unbreak armv7 build and fix testport issue
Add a patch from upstream to fix building on armv7 (used by pfsense):
https://github.com/zeek/zeek/issues/1496
Thanks to @garga for the pointer.
Fix a testport "left over" file @adridg reported. When zeek is run
as part of package installation, it copies some config files to
spool/installed-scripts-do-not-touch/site and local.zeek.sample
hitches a ride and needs to be removed on uninstall. But it is not
really a @sample candidate.
While we're here fix some minor portlint (env -> ${SETENV}) and
clean up some commented out directives.
Reported by: garga adridg
9c36d02 |
Tuesday, 6 Apr 2021
|
14:31 Mathieu Arnold (mat)
Remove # $FreeBSD$ from Makefiles.
305f148 |
Tuesday, 23 Mar 2021
|
18:43 pkubaj
security/zeek: fix build on powerpc64 elfv2
-mpowerp8-vector is now necessary due to use of highwayhash.
Fix typo on sysctlbyname.
Also correct typo in BROKEN entries.
|
Saturday, 20 Mar 2021
|
01:16 leres
security/zeek: Update to 4.0.0
This is the next Long-Term Support (LTS) major version:
https://github.com/zeek/zeek/releases/tag/v4.0.0
https://zeek.org/2020/12/15/zeek-4-0-release-candidate/
Support for the previous LTS (3.0.x) will end in about two months.
Reported by: Jon Siwek
|
Tuesday, 23 Feb 2021
|
01:54 leres
security/zeek: Update to 3.0.13
https://github.com/zeek/zeek/releases/tag/v3.0.13
This release fixes the following vulnerability:
- Fix ASCII Input reader's treatment of input files containing
null-bytes. An input file containing null-bytes could lead to a
buffer-over-read, crash Zeek, and be exploited to cause Denial
of Service.
And fixes the following bugs:
- MIME sub-entities overwrote top-level header values cause
misleading SMTP log
- Fix incorrect major_subsys_version field in pe_optional_header
event
Reported by: Jon Siwek
|
Tuesday, 22 Dec 2020
|
17:02 pkubaj
security/zeek: enable on powerpc64 head
|
Thursday, 17 Dec 2020
|
22:01 leres
security/zeek: Install cmake files
Unstream requested that share/zeek/cmake/* be installed as the files
are used to build zeek plugins.
While here update some pkg-plist @preunexec entries (*.bro -> *.zeek).
Reported by: Robin Sommer, Benjamin Bannier
|
Wednesday, 16 Dec 2020
|
01:05 leres
security/zeek: Improve the pkg upgrade experience
Don't remove %%PREFIX%%/spool/state.db otherwise when zeek is
upgraded zeekctl doesn't detect the running instance and "restart"
fails.
Split uninstall related info in pkg-message.in to a new remove
section (and fix some typos).
|
Tuesday, 15 Dec 2020
|
22:17 leres
security/zeek: Update to 3.0.12
https://github.com/zeek/zeek/releases/tag/v3.0.12
This release fixes the following bugs:
- Incorrect ICMP Neighbor Discovery Option length calculation
- Fix SMB2 response status parsing
- Fix excessive connection_status_update events for ICMP connections
Reported by: Jon Siwek
|
Thursday, 19 Nov 2020
|
00:34 leres
security/zeek: Remove deprecated security/broccoli option
Upstream confirms that support for the broccoli protocol will be
removed in a future version of zeek. And given that security/broccoli
requires python2 which will be deprecated at the end of December,
lets remove broccoli support from zeek now.
|
Friday, 6 Nov 2020
|
18:38 leres
security/zeek: Fix build on armv7 and allow running as non-root user
Apply Renato Botelho's fix for the ARCH used in PLIST_SUB (with
some changes). Essentially use uname -m instead of trying to fix
up the ARCH defined by bsd.port.mk (uname -p).
While we're here:
- Convert networks.cfg, node.cfg, and zeekctl.cfg to use @sample
- Use @sample to avoid clobbering site.zeek (oops).
- Remove unnecessary subshell for the post-build-NETMAP-on target.
- Silence the annoying "use ZeekControl.plugin instead of
BroControl.plugin" nag.
- Reformat the rc.d script.
- Update the rc.d script to honor the zeek_user rc.d variable and
update pkg-message.in with hints on how to run as user zeek.
- Explain how to configure zeek to ignore checksum errors when NIC
checksum offloading is in use.
- Make share/zeekctl/scripts owned by user zeek to allow "zeekctl
install" when running as user zeek.
PR: 250886
Reported by: garga
|
Wednesday, 7 Oct 2020
|
21:29 leres
security/zeek: Update to 3.0.11 to fix memory leaks and potential DOS:
https://github.com/zeek/zeek/releases/tag/v3.0.11
- A memory leak in multipart MIME code has potential for remote
exploitation and cause for Denial of Service via resource
exhaustion.
Other fixes:
- Fix incorrect RSTOS0 conn_state determinations
Reported by: Jon Siwek
MFH: 2020Q4
Security: 769a4f60-9056-4c27-89a1-1758a59a21f8
|
Thursday, 10 Sep 2020
|
00:15 leres
security/zeek: Update to 3.0.10 to fix memory leaks and potential DOS:
https://github.com/zeek/zeek/releases/tag/v3.0.10
- Fix memory leak caused by re-entering AYIYA parsing
- Fix memory leak caused by re-entering GTPv1 parsing
Other fixes:
- Fix Input Framework 'change' events for 'set' destinations
- Fix reported body-length of HTTP messages w/ sub-entities
Reported by: Jon Siwek
MFH: 2020Q3
Security: 2c92fdd3-896c-4a5a-a0d8-52acee69182d
|
Tuesday, 28 Jul 2020
|
01:09 leres
security/zeek: Update to 3.0.8 and address various vulnerabilities:
https://github.com/zeek/zeek/releases/tag/v3.0.8
- Fix potential DNS analyzer stack overflow
- Fix potential NetbiosSSN analyzer stack overflow
Other fixes:
- Fix DHCP Client ID Option misformat for Hardware Type 0
- Fix/allow copying/cloning of opaque of Broker::Store
- Fix ConnPolling memory over-use
- Fix compress_path not normalizing some paths correctly
- Fix integer conversion error for Tag subtypes/enums
- Fix bro_prng() results not staying within modulus
- Prevent providing a 0 seed to bro_prng() since the LCG parameters
don't allow that
Reported by: Jon Siwek
MFH: 2020Q3
Security: e333084c-9588-4eee-8bdc-323e02cb4fe0
|
Sunday, 5 Jul 2020
|
09:44 mikael
security/zeek: fix packaging on aarch64
pkg-static: Unable to access file
/wrkdirs/usr/ports/security/zeek/work/stage/usr/local/lib/zeek/plugins/Bro_Netmap/lib/Bro-Netmap.freebsd-aarch64.so:No
such file or directory
Approved by: portmgr (tier-2 blanket)
|
Wednesday, 17 Jun 2020
|
18:17 sunpoet
Move devel/swig30 to devel/swig and update to 4.0.1
- Do not silence installation message
- Update dependent ports:
- Fix build with swig 4.0.1
- Update *_DEPENDS
- Remove BINARY_ALIAS
Changes: http://www.swig.org/news.php
PR: 246613
Exp-run by: antoine
|
Wednesday, 10 Jun 2020
|
19:15 leres
security/zeek: Update to 3.0.7 and address various vulnerabilities:
https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS
- Fix potential stack overflow in NVT analyzer
- Fix NVT analyzer memory leak from multiple telnet authn name options
- Fix multiple content-transfer-encoding headers causing a memory leak
- Fix potential leak of Analyzers added to tree during Analyzer::Done
- Prevent IP fragment reassembly on packets without minimal IP header
Other fixes:
- Limit rate of logging MaxMind DB diagnostic messages
- Fix wrong return value type for `topk_get_top()` BIF
- Fix opaque Broker types lacking a Type after (de)serialization
- Fix lack of descriptive printing for intervals converted from
`double_to_interval()`
- Fix some cases of known-services not being logged
MFH: 2020Q3
Security: 9f7ae7ea-da93-4f86-b257-ba76707f6d5d
|
Friday, 8 May 2020
|
20:51 leres
security/zeek: Fix build with PERFTOOLS which needed BUILD_DEPENDS.
While we're here sort options related.
Reported by: James Welcher
|
Wednesday, 6 May 2020
|
23:37 leres
security/zeek: Update to 3.0.6 and address multiple vulnerabilites:
https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS
- Fix buffer over-read in Ident analyzer
- Fix SSL scripting error leading to uninitialized field access
and memory leak
- Fix POP3 analyzer global buffer over-read
- Fix potential stack overflows due to use of Variable-Length-Arrays
Other changes since 3.0.5 include:
- Fix unusable `subscriber.poll()` method in Broker Python bindings
- Fix uninitialized field access in `ssl/log-hostcerts-only.zeek`
- Fix missing default function for Kerberos constant-lookup-tables
- Fix cloning of `TypeType` values
- Remove misleading error message on empty bloomfilter lookup
- Fix `misc/stats.zeek` skipping log entry on termination
MFH: 2020Q2
|
Wednesday, 15 Apr 2020
|
00:01 leres
security/zeek: Update to 3.0.5
Chase latest version number that contains a simple fix not relevant
to supported versions of FreeBSD (hence no MFH).
https://raw.githubusercontent.com/zeek/zeek/3ad19762770c567edc3498b3c1f9f216f46970b0/NEWS
- Same as 3.0.4 but fixes compilation on various platforms with
older compilers, for example GCC 4.8.x.
|
Tuesday, 14 Apr 2020
|
20:55 leres
security/zeek: Update to 3.0.4 and address a remote crash vulnerability:
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS
- Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
remotely via crafted packet sequence.
Other fixes:
- Fix use-after-free in Zeek lambda functions with uninitialized
locals
- Fix buffer overflow due to tables/records created at parse-time
not rebuilt on record redef
- Fix SMB NegotiateContextList parsing
- Fix binpac flowbuffer frame length parsing doing too much bounds
checking
- Fix parsing ERSPAN III optional sub-header
- Fix bug in intel indicator normalization
- Fix connection duration thresholding
- Fix X509Common.h header include for external plugins
- Fix incorrect targeting of node-specific Broker/Cluster messages
MFH: 2020Q2
|
18:10 leres
security/zeek: Fix typo in the rc.d script
(From the PR) "bro_stop" should say "zeek_stop" instead.
PR: 245612
Reported by: bugs@codejammer.se
MFH: 2020Q2
|
Wednesday, 18 Mar 2020
|
00:34 leres
security/zeek: Limit portscout to even long term support release versions
https://github.com/zeek/zeek/releases
Zeek 3.0.x is the Long-Term Support release, receiving bug fixes
until at least October 2020 while Zeek 3.1.x is the current
feature release, receiving bug fixes until approximately July
2020 when the 3.2.x release series begins.
Approved by: matthew (mentor, implicit)
|
Sunday, 15 Mar 2020
|
22:44 leres
security/bro: Update to 3.0.3 and address a number of potential
denial of service issues:
https://github.com/zeek/zeek/releases/tag/v3.0.2
https://github.com/zeek/zeek/releases/tag/v3.0.3
- Potential Denial of Service due to memory leak in DNS TSIG message
parsing.
- Potential Denial of Service due to memory leak (or assertion
when compiling with assertions enabled) when receiving a second
SSH KEX message after a first.
- Potential Denial of Service due to buffer read overflow and/or
memory leaks in Kerberos analyzer. The buffer read overflow
could occur when the Kerberos message indicates it contains an
IPv6 address, but does not send enough data to parse out a full
IPv6 address. A memory leak could occur when processing KRB_KDC_REQ
KRB_KDC_REP messages for message types that do not match a
known/expected type.
- Potential Denial of Service when sending many zero-length SSL/TLS
certificate data. Such messages underwent the full Zeek file
analysis treatment which is expensive (and meaninguless here)
compared to how cheaply one can "create" or otherwise indicate
many zero-length contained in an SSL message.
- Potential Denial of Service due to buffer read overflow in SMB
transaction data string handling. The length of strings being
parsed from SMB messages was trusted to be whatever the message
claimed instead of the actual length of data found in the message.
- Potential Denial of Service due to null pointer dereference in
FTP ADAT Base64 decoding.
- Potential Denial of Service due buffer read overflow in FTP
analyzer word/whitespace handling. This typically won't be a
problem in most default deployments of Zeek since the FTP analyzer
receives data from a ContentLine (NVT) support analyzer which
first null-terminates the buffer used for further FTP parsing.
Approved by: ler (mentor, implicit)
MFH: 2020Q1
Security: 4ae135f7-85cd-4c32-ad94-358271b31f7f
|
Wednesday, 11 Dec 2019
|
21:43 leres
security/bro: Update to 3.0.1. As announced by Jon Siwek:
This is a bug-fix release that most notably addresses a JSON
logging performance regression in 3.0.0, but also fixes other
minor bugs. A list which details the changes can be found here:
https://github.com/zeek/zeek/releases/tag/v3.0.1
Approved by: ler (mentor, implicit)
|
Sunday, 17 Nov 2019
|
01:03 leres
security/zeek: This adds security/zeek, the new version of security/bro.
This is being done as svn copy instead of rename so that users of
security/bro can have some time to migrate. It also allows for
possible security updates to the old bro port which upstream has
indicated is possible for at least a few months.
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Differential Revision: https://reviews.freebsd.org/D22376
|
Number of commits found: 71 |