notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.

Get notified when packages are built

A new feature has been added. FreshPorts already tracks package built by the FreeBSD project. This information is displayed on each port page. You can now get an email when FreshPorts notices a new package is available for something on one of your watch lists. However, you must opt into that. Click on Report Subscriptions on the right, and New Package Notification box, and click on Update.

Finally, under Watch Lists, click on ABI Package Subscriptions to select your ABI (e.g. FreeBSD:14:amd64) & package set (latest/quarterly) combination for a given watch list. This is what FreshPorts will look for.

non port: security/zeek/distinfo

Number of commits found: 37

Thursday, 16 May 2024
21:56 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 6.0.4

    https://github.com/zeek/zeek/releases/tag/v6.0.4

This release fixes the following bugs:

 - The Mozilla CA and Google CT lists were updated to their latest
   versions.

 - A crash with ICMP packets involving errant length checking was
   fixed.

 - When a shadow file is empty/missing during rotation, Zeek aborts
   with an error message, but if the shadow file was empty, it will
   still be there after the restart.

 - A new function remove_exclude was added to the PacketFilter
   framework which can be used to remove a previously added exclude
   filter by name.

 - A new option --localversion was added to the configure script.

 - The highwayhash submodule was updated to fix a build issue for
   FreeBSD.

Reported by:	Tim Wojtulewicz
commit hash: 1b47158c705af2a09f9b62a7434d276a0055a3bd commit hash: 1b47158c705af2a09f9b62a7434d276a0055a3bd commit hash: 1b47158c705af2a09f9b62a7434d276a0055a3bd commit hash: 1b47158c705af2a09f9b62a7434d276a0055a3bd 1b47158
Monday, 22 Jan 2024
17:53 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 6.0.3

    https://github.com/zeek/zeek/releases/tag/v6.0.3

This release fixes the following potential DoS vulnerability:

 - A specially-crafted series of packets containing nested MIME
   entities can cause Zeek to spend large amounts of time parsing
   the entities.

This release fixes the following bugs:

 - CMake correctly passes along third-party package information
   when building plugins.

 - Fix a problem with the HTTP analyzer where a signature regex
   ending in '$' used to match against 'http-request-body' or
   'http-reply-bdoy' will never succeed.

 - The DNS analyzer now understands the Ed25519 and Ed448 signature
   algorithms.

 - The SMB::State$recent_files field was not correctly expiring
   entries, leading to unbounded state growth.

 - The &create_expire attribute is now kept valid after clearing a
   table.

Reported by:	Tim Wojtulewicz
Security:	fedf7e71-61bd-49ec-aaf0-6da14bdbb319
commit hash: e81dfaab6a0511eeb704adfffeb68c6be034bb4c commit hash: e81dfaab6a0511eeb704adfffeb68c6be034bb4c commit hash: e81dfaab6a0511eeb704adfffeb68c6be034bb4c commit hash: e81dfaab6a0511eeb704adfffeb68c6be034bb4c e81dfaa
Friday, 27 Oct 2023
22:46 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 6.0.2

    https://github.com/zeek/zeek/releases/tag/v6.0.2

This release fixes the following potential DoS vulnerabilities:

 - A specially-crafted SSL packet could cause Zeek to leak memory
   and potentially crash.

 - A specially-crafted series of FTP packets could cause Zeek to
   log entries for requests that have already been completed, using
   resources unnecessarily and potentially causing Zeek to lose
   other traffic.

 - A specially-crafted series of SSL packets could cause Zeek to
   output a very large number of unnecessary alerts for the same
   record.

 - A specially-crafted series of SSL packets could cause Zeek to
   generate very long ssl_history fields in the ssl.log, potentially
   using a large amount of memory due to unbounded state growth

 - A specially-crafted IEEE802.11 packet could cause Zeek to overflow
   memory and potentially crash

This release fixes the following bugs:

 - Fixed Spicy type names from causing collisions with existing
   Zeek types.

 - On some systems with low values for the maximum number of file
   descriptors, it was possible to run into crashes when doing DNS
   lookups if all of the file descriptors were used.

 - Tables backed by a Broker backend now correctly support deletion
   if they have complex index types.

 - A significant performance issue with Zeek's supervisor code was
   fixed, revolving around the re-initialization of the Event Manager
   object used to track events.

 - The MaxMind DB code now cleans up after itself, resolving a
   memory leak with the loaded database files.

 - The ZeekJS submodule was updated to version 0.9.6, bringing fixes
   for zeek.invoke and zeek.event crashes, garbage collection, and
   an issue where Zeek may stop executing events from ZeekJS.

Reported by:	Tim Wojtulewicz
Security:	386a14bb-1a21-41c6-a2cf-08d79213379b
commit hash: 5f0ef242a10cb712c5e1e930e490b197b3d997af commit hash: 5f0ef242a10cb712c5e1e930e490b197b3d997af commit hash: 5f0ef242a10cb712c5e1e930e490b197b3d997af commit hash: 5f0ef242a10cb712c5e1e930e490b197b3d997af 5f0ef24
22:43 Craig Leres (leres) search for other commits by this committer
security/zeek: revert f85e384: inadvertent update

I accidently commited changes to security/vuxml and security/zeek.
commit hash: 7758ba113e1b45552219d19fb2dae1efaec229e9 commit hash: 7758ba113e1b45552219d19fb2dae1efaec229e9 commit hash: 7758ba113e1b45552219d19fb2dae1efaec229e9 commit hash: 7758ba113e1b45552219d19fb2dae1efaec229e9 7758ba1
22:25 Craig Leres (leres) search for other commits by this committer
security/vuxml: Mark zeek < 6.0.2 as vulnerable as per:

    https://github.com/zeek/zeek/releases/tag/v6.0.2

This release fixes the following potential DoS vulnerabilities:

 - A specially-crafted SSL packet could cause Zeek to leak memory
   and potentially crash.

 - A specially-crafted series of FTP packets could cause Zeek to
   log entries for requests that have already been completed, using
   resources unnecessarily and potentially causing Zeek to lose
   other traffic.

 - A specially-crafted series of SSL packets could cause Zeek to
   output a very large number of unnecessary alerts for the same
   record.

 - A specially-crafted series of SSL packets could cause Zeek to
   generate very long ssl_history fields in the ssl.log, potentially
   using a large amount of memory due to unbounded state growth

 - A specially-crafted IEEE802.11 packet could cause Zeek to overflow
   memory and potentially crash

Reported by:	Tim Wojtulewicz
commit hash: f85e384228a28b33a3bd9c076a2ad4d1f22d021d commit hash: f85e384228a28b33a3bd9c076a2ad4d1f22d021d commit hash: f85e384228a28b33a3bd9c076a2ad4d1f22d021d commit hash: f85e384228a28b33a3bd9c076a2ad4d1f22d021d f85e384
Tuesday, 12 Sep 2023
21:27 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 6.0.0

    https://github.com/zeek/zeek/releases/tag/v6.0.1

This release fixes the following potential DoS vulnerabilities:

 - File extraction limits were not correctly enforced for files
   containing large amounts of missing bytes.

 - Sessions are sometimes not cleaned up completely within Zeek
   during shutdown,
   potentially causing a crash when using the -B dpd flag for debug logging.

 - A specially-crafted HTTP packet can cause Zeek's filename
   extraction code to take a long time to process the data.

 - A specially-crafted series of FTP packets made up of a CWD request
   followed by a large amount of ERPT requests may cause Zeek to
   spend a long time logging the commands.

 - A specially-crafted VLAN packet can cause Zeek to overflow memory
   and potentially crash.

This release fixes the following bugs:

 - Fixed a base64 decoding issue with the authorization field of
   HTTP request headers that was sometimes causing Zeek to output
   error messages.

 - Ensure that Zeek builds use the internal version of Spicy instead
   of external installations, unless specifically configured for
   that mode.

 - Support was added for switch fields when exporting Spicy types
   to Zeek.

 - A number of fixes were added to protect against potential unbounded
   state growth with the SMB and DCE-RPC analyzers. SMB close
   requests will properly tear down an related DCE-RPC analyzers.

 - Fixed a regression in the UDP and TCP analyzers that was causing
   more data than necessary to be forwarded to the next analyzer
   in the chain.

 - A connection's value is now updated in-place when its directionality
   is flipped due to Zeek's heuristics (for example, SYN/SYN-ACK
   reversal or protocol specific approaches).

 - Fixed undefined symbols being reported from Spicy when building
   some of the binary packages for Zeek.

 - Loading policy/frameworks/notice/community-id.zeek now also
   automatically community ID logging.

 - Spicy no longer registers an extra port for every port registered
   in a plugin's .evt file.

 - Timeouts in DNS resolution no longer cause uncontrolled memory
   growth.

 - Fix check to skip DNS hostname lookups for notices that are not
   delivered via email in policy/frameworks/notice/extend-email/hostnames.

Reported by:	Tim Wojtulewicz
Security:	8eefa87f-31f1-496d-bf8e-2b465b6e4e8a
commit hash: 730455c58e931465b3b8b9abf2e1edfb58863c29 commit hash: 730455c58e931465b3b8b9abf2e1edfb58863c29 commit hash: 730455c58e931465b3b8b9abf2e1edfb58863c29 commit hash: 730455c58e931465b3b8b9abf2e1edfb58863c29 730455c
Tuesday, 22 Aug 2023
20:34 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 6.0.0

    https://github.com/zeek/zeek/releases/tag/v6.0.0

This is the latest major version number Long-Term Support (LTS)
release of Zeek.

The NETMAP option has been removed; it was too difficult to build
it without zeek being installed in %%PREFIX%%. The consensus was
that this was a rarely used feature, please reach out to me if need
this (I've done some work on a new security/zeek-netmap port that
is probably the right way forward).

When I upgraded zeek on my systems I found some cruft left over
from previous versions. The way I recommend upgrading from 5.0.9
to 6.0.0 is:

    service zeek stop
    pkg delete -fy zeek py311-zkg
    [clean up leftover files in /usr/local/lib/zeek]
    pkg install -y zeek
    service zeek deploy

Changes:

 - Zeek now treats private address space (i.e., non-routable IP
   address ranges) as local by default

 - Telemetry centralization and Prometheus exposition is not enabled
   by default anymore

 - Custom source tarballs require a repo-info.json file.

 - Plugin authors should raise the minimum required CMake version
   to 3.15 to ensure compatibility with new CMake scaffolding
   included in this release

 - Zeek container images are not pushed to the zeekurity organization
   anymore

 - The error message returned when using bro_init, bro_done, and
   bro_script_loaded events is now removed

Reported by:	Tim Wojtulewicz
commit hash: 2dbcea6bbf5b3d15f261fd581ed6259566de1c64 commit hash: 2dbcea6bbf5b3d15f261fd581ed6259566de1c64 commit hash: 2dbcea6bbf5b3d15f261fd581ed6259566de1c64 commit hash: 2dbcea6bbf5b3d15f261fd581ed6259566de1c64 2dbcea6
Friday, 19 May 2023
17:37 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 5.0.9

    https://github.com/zeek/zeek/releases/tag/v5.0.9

This release fixes the following potential DoS vulnerabilities:

 - A specially-crafted series of FTP packets with a CMD command
   with a large path followed by a very large number of replies
   could cause Zeek to spend a long time processing the data.

 - A specially-crafted with a truncated header can cause Zeek to
   overflow memory and potentially crash.

 - A specially-crafted series of SMTP packets can cause Zeek to
   generate a very large number of events and take a long time to
   process them.

 - A specially-crafted series of POP3 packets containing MIME data
   can cause Zeek to spend a long time dealing with each individual
   file ID.

This release fixes the following bug:

 - This release includes a fixes to Zeek and updates to the Broker
   and Spicy submodules to support building against GCC 13.

Reported by:	Tim Wojtulewicz
Security:	1ab7357f-a3c2-406a-89fb-fd00e49a71b5
commit hash: 21ea6c36f4c73c801e038519a0bed76cf212059c commit hash: 21ea6c36f4c73c801e038519a0bed76cf212059c commit hash: 21ea6c36f4c73c801e038519a0bed76cf212059c commit hash: 21ea6c36f4c73c801e038519a0bed76cf212059c 21ea6c3
Wednesday, 12 Apr 2023
06:18 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 5.0.8

    https://github.com/zeek/zeek/releases/tag/v5.0.8

This release fixes the following potential DoS vulnerabilities:

 - A specially-crafted stream of FTP packets containing a command
   reply with many intermediate lines can cause Zeek to spend a
   large amount of time processing data.

 - A specially-crafted set of packets containing extremely large
   file offsets cause cause the reassembler code to allocate large
   amounts of memory.

 - The DNS manager does not correctly expire responses that don't
   contain any data, such those containing NXDOMAIN or NODATA status
   codes. This can lead to Zeek allocating large amounts of memory
   for these responses and never deallocating them.

 - A specially-crafted stream of RDP packets can cause Zeek to spend
   large protocol validation.

 - A specially-crafted stream of SMTP packets can cause Zeek to
   spend large amounts of time processing data.

This release fixes the following bugs:

 - Data stores used by the known-{hosts,certs,services} policies
   now default to using local stores instead of Broker stores.

 - The VXLAN and Geneve report analyzer confirmations once their
   protocols have been fully parsed, but before attempting to forward
   to the tunneled packets to other analyzers.

 - New wierds were added to the AYIYA, Geneve, and VXLAN analyzers
   (ayiya_empty_packet, geneve_empty_packet, and vxlan_empty_packet).

 - A new script-level option Pcap::non_fd_timeout was added to allow
   fine-tuning the amount of time to sleep on each IO loop when
   using a packet source that doesn't provide a file descriptor
   (e.g. Myricom).

 - Avoid attempting to retrieve packets during every loop for a
   packet source, instead switching to a predictive approach that
   keeps track of whether or not that packet source has previously
   seen traffic.

Reported by:	Tim Wojtulewicz
Security:	96d6809a-81df-46d4-87ed-2f78c79f06b1
commit hash: 7705f7bbc42db52bc8bb6686738580b89b49f347 commit hash: 7705f7bbc42db52bc8bb6686738580b89b49f347 commit hash: 7705f7bbc42db52bc8bb6686738580b89b49f347 commit hash: 7705f7bbc42db52bc8bb6686738580b89b49f347 7705f7bbc
Tuesday, 21 Feb 2023
22:39 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 5.0.7

    https://github.com/zeek/zeek/releases/tag/v5.0.7

This release fixes the following potential DoS vulnerabilities:

 - Receiving DNS responses from async DNS requests (via the
   lookup_addr, etc BIF methods) with the TTL set to zero could
   cause the DNS manager to eventually stop being able to make new
   requests.

 - Specially-crafted FTP packets with excessively long usernames,
   passwords, or other fields could cause log writes to use large
   amounts of disk space.

 - The find_all and find_all_ordered BIF methods could take extremely
   large amounts of time to process incoming data depending on the
   size of the input.

This release fixes the following bugs:

 - Various issues with signed/unsigned character discrepancies on
   arm64 builds are fixed.

 - A performance degredation in debug builds involving hashing large
   keys for Dictionaries was fixed.

Reported by:	Tim Wojtulewicz
Security:	7a425536-74f7-4ce4-9768-0079a9d44d11
commit hash: 4e0e0f48d7e3d4f0c495e2f6ac03fd70988f8777 commit hash: 4e0e0f48d7e3d4f0c495e2f6ac03fd70988f8777 commit hash: 4e0e0f48d7e3d4f0c495e2f6ac03fd70988f8777 commit hash: 4e0e0f48d7e3d4f0c495e2f6ac03fd70988f8777 4e0e0f4
Wednesday, 1 Feb 2023
19:06 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 5.0.6

    https://github.com/zeek/zeek/releases/tag/v5.0.6

This release fixes the following potential DoS vulnerabilities:

 - A missing field in the SMB FSControl script-land record could
   cause a heap buffer overflow when receiving packets containing
   those header types.

 - Receiving a series of packets that start with HTTP/1.0 and then
   switch to HTTP/0.9 could cause Zeek to spend a large amount of
   time processing the packets.

 - Receiving large numbers of FTP commands sequentially from the
   network with bad data in them could cause Zeek to spend a large
   amount of time processing the packets, and generate a large
   amount of events.

This release fixes the following bugs:

 - Zeek could throw a scripting error when receiving SMB1 packets
   containing connect_andx_response messages prior to receiving an
   associated request.

 - A performance regression from 4.2 to 5.0 when reading pcap files
   related to Broker's internal clock was fixed.

 - Notices created for files transferred over multiple connections
   will now be associated with one of the connections rather than
   none.

 - A new file_over_new_connection event was added to the Intel
   framework, for use when receiving files over established connections
   (for example, HTTP).

 - The error message returned when trying use invalid enums in
   scripts now correctly includes the script location.

Reported by:	Tim Wojtulewicz
Security:	2b5fc9c4-eaca-46e0-83d0-9b10c51c4b1b
commit hash: 85faac2f4c4a9a545a15ffb797ecb41ea3d985e5 commit hash: 85faac2f4c4a9a545a15ffb797ecb41ea3d985e5 commit hash: 85faac2f4c4a9a545a15ffb797ecb41ea3d985e5 commit hash: 85faac2f4c4a9a545a15ffb797ecb41ea3d985e5 85faac2
Tuesday, 10 Jan 2023
01:07 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 5.0.5

    https://github.com/zeek/zeek/releases/tag/v5.0.5

This release fixes the following bugs:

 - Update broker to version 2.3.6. This broker release fixes some
   failures when building against Python 3.11 and above.

Reported by:	Tim Wojtulewicz
commit hash: 5f6df5b5e8a9b58c3b75c0057680bc85a2583871 commit hash: 5f6df5b5e8a9b58c3b75c0057680bc85a2583871 commit hash: 5f6df5b5e8a9b58c3b75c0057680bc85a2583871 commit hash: 5f6df5b5e8a9b58c3b75c0057680bc85a2583871 5f6df5b
Thursday, 24 Nov 2022
18:29 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 5.0.4

    https://github.com/zeek/zeek/releases/tag/v5.0.4

This release fixes the following potential DoS vulnerabilities:

 - A specially-crafted series of HTTP 0.9 packets can cause Zeek
   to spend large amounts of time processing the packets.

 - A specially-crafted FTP packet can cause Zeek to spend large
   amounts of time processing the command.

 - A specially-crafted IPv6 packet can cause Zeek to overflow memory
   and potentially crash.

This release fixes the following bugs:

 - Fix a potential stall in Broker’s internal data pipeline.

Reported by:	Tim Wojtulewicz
Security:	???
commit hash: a940eea46e391fb788b2663c20ccdf6a8554fe4f commit hash: a940eea46e391fb788b2663c20ccdf6a8554fe4f commit hash: a940eea46e391fb788b2663c20ccdf6a8554fe4f commit hash: a940eea46e391fb788b2663c20ccdf6a8554fe4f a940eea
Wednesday, 9 Nov 2022
02:42 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 5.0.3

    https://github.com/zeek/zeek/releases/tag/v5.0.3

This release fixes the following potential DoS vulnerabilities:

 - Fix an issue where a specially-crafted FTP packet can cause Zeek
   to spend large amounts of time attempting to search for valid
   commands in the data stream.

 - Fix a possible overflow in the Zeek dictionary code that may
   lead to a memory leak.

 - Fix an issue where a specially-crafted packet can cause Zeek to
   spend large amounts of time reporting analyzer violations.

 - Fix a possible assert and crash in the HTTP analyzer when receiving
   a specially-crafted packet.

 - Fix an issue where a specially-crafted HTTP or SMTP packet can
   cause Zeek to spend a large amount of time attempting to search
   for filenames within the packet data.

 - Fix two separate possible crashes when converting processed IP
   headers for logging via the raw_packet event handlers.

This release fixes the following bugs:

 - Fix a possible crash with when statements where lambda captures
   of local variables sometimes overflowed the frame counter.

 - Reduced the amount of analyzer_confirmation events that are
   raised for packets that contain tunnels.

 - Fix a long-standing bug where TCP reassembly would not function
   correctly for some analyzers if dpd_reassemble_first_packets was
   set to false.

 - Fix a performance bug in the Zeek dictionary code in certain
   cases, such as copying a large number of entries from one
   dictionary into another.

 - Fix a performance issue when inserting large numbers of elements
   into a Broker store when Broker::scheduler_policy is set to
   stealing.

 - Fix a Broker performance issue when distributing large amounts
   of data from the input framework to proxies/workers at startup.

 - Fix an issue with messaging between proxies and workers that
   resulted in error messages being reported.

 - Updated the list of DNS type strings to reflect the correct.

Reported by:	Tim Wojtulewicz
Security:	60d4d31a-a573-41bd-8c1e-5af7513c1ee9
commit hash: f7beb19cdf537aacb741f1f19fccff683954371b commit hash: f7beb19cdf537aacb741f1f19fccff683954371b commit hash: f7beb19cdf537aacb741f1f19fccff683954371b commit hash: f7beb19cdf537aacb741f1f19fccff683954371b f7beb19
Tuesday, 20 Sep 2022
00:02 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 5.0.2

    https://github.com/zeek/zeek/releases/tag/v5.0.2

Security fixes:

 - Fix a possible overflow and crash in the ICMP analyzer when
   receiving a specially crafted packet

 - Fix a possible overflow and crash in the IRC analyzer when
   receiving a specially crafted packet

 - Fix a possible overflow and crash in the SMB analyzer when
   receiving a specially crafted packet

 - Fix two possible crashes when converting IP headers for output
   via the raw_packet event

Other changes:

 - Fix a bug that prevented Broker nodes to recover from OpenSSL errors.

 - Fix handling of buffer sizes that caused Broker to stall despite
   having sufficient capacity.

 - Fix an issue with signal handling that could prevent Zeek from
   exiting via ctrl-c when reading scripts from stdin.

Also fix new PR 266345 issue reported by @pkubaj ("fails to build
without SPICY enabled").

PR:		266345
Reported by:	Tim Wojtulewicz, pkubaj
commit hash: 2f3600ba29635cc0d536f58f6feea755cc4c7c94 commit hash: 2f3600ba29635cc0d536f58f6feea755cc4c7c94 commit hash: 2f3600ba29635cc0d536f58f6feea755cc4c7c94 commit hash: 2f3600ba29635cc0d536f58f6feea755cc4c7c94 2f3600b
Friday, 26 Aug 2022
23:54 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 5.0.1

    https://github.com/zeek/zeek/releases/tag/v5.0.1

Security fixes since 5.0.0:

 - Fix a possible overflow and crash in the ARP analyzer when
   receiving a specially crafted packet.

 - Fix a possible overflow and crash in the Modbus analyzer when
   receiving a specially crafted packet.

 - Fix two possible crashes when converting IP headers for output
   via the raw_packet event.

 - Fix an abort related to an error related to the ordering of
   record fields when processing DNS EDNS headers via events

Other changes:

 - Fix a number of typos in the weak-keys.zeek script in the SSL
   framework.

 - Fix build of internal Spicy when using the --disable-cpp-tests
   configure flag.

 - Avoid calling safe_realloc unnecessarily from ODesc::Grow(),
   providing a peformance improvement in some cases.

 - Remove use of fallible get_conn_transport_proto() in analyzer_violation
   event handlers.

 - Remove a warning when receiving packets with invalid or unknown
   IP protocol types, preventing it from spamming reporter.log.

 - Fix workers failing to peer with proxies if they take too long
   to start.

 - Fix Zeek build failures when building against an external version
   of Spicy.

 - Update Spicy to version 1.5.1 and spicy-plugin to 1.3.17.

Reported by:	Tim Wojtulewicz
commit hash: 8afc679517af7a25ec736e5a44cea6a1c548c35d commit hash: 8afc679517af7a25ec736e5a44cea6a1c548c35d commit hash: 8afc679517af7a25ec736e5a44cea6a1c548c35d commit hash: 8afc679517af7a25ec736e5a44cea6a1c548c35d 8afc679
Saturday, 9 Jul 2022
02:44 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 5.0.0 (latest LTS release)

    https://github.com/zeek/zeek/releases/tag/v5.0.0

Changes incompatiable with 4.0.7:

 - The script-land ``union`` and ``timer`` types have been removed.
   They haven't had any actual semantics backing them for some time
   and shouldn't have functioned in any useable way. We opted to
   skip the deprecation cycle for these types for that reason.

 - Broker now uses a new network backend with a custom network
   protocol that is incompatible with the pre-5.0 backend. In
   practice, this means Zeek 4.x will not be able to exchange events
   with Zeek 5.x. Going forward, this new backend will allow us to
   keep the Broker protocol more stable and add new capabilities
   in a backwards compatible way.

While we're here add a comment explaining why we really need uname
-p instead of using ARCH (uname -m). Also solve a portlint nag.

Reported by:	Tim Wojtulewicz
commit hash: c356da85916e14c0844fdf42340a8429e34990f2 commit hash: c356da85916e14c0844fdf42340a8429e34990f2 commit hash: c356da85916e14c0844fdf42340a8429e34990f2 commit hash: c356da85916e14c0844fdf42340a8429e34990f2 c356da8
Friday, 3 Jun 2022
17:34 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 4.0.7

    https://github.com/zeek/zeek/releases/tag/v4.0.7

Security fixes since 4.0.6:

 - Fix potential hang in the DNS analyzer when receiving a
   specially-crafted packet. Due to the possibility of this happening
   with packets received from the network, this is a potential DoS
   vulnerability.

Other changes:

 - Fix issue with broken libpcaps that return repeat packets, most
   notably the version provided with Myricom hardware.

Reported by:	Tim Wojtulewicz
commit hash: d1628eb541ac68c1cc0d21c2906a75d8fe11d972 commit hash: d1628eb541ac68c1cc0d21c2906a75d8fe11d972 commit hash: d1628eb541ac68c1cc0d21c2906a75d8fe11d972 commit hash: d1628eb541ac68c1cc0d21c2906a75d8fe11d972 d1628eb
Thursday, 21 Apr 2022
22:48 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 4.0.6

    https://github.com/zeek/zeek/releases/tag/v4.0.6

Security fixes since 4.0.5:

 - Fix potential unbounded state growth in the FTP analyzer when
   receiving a specially-crafted stream of commands. This may lead
   to a buffer overflow and cause Zeek to crash. Due to the possibility
   of this happening with packets received from the network, this
   is a potential DoS vulnerabilty.

Other changes:

 - Empty table constructors with &default attributes may cause a
   crash.

 - Fix a bug in ZAM when a function containing a loop is inlined

 - Fix a number of bugs with robust dictionary iteration.

 - Fix missing "Reporter" entries when reporting hooks via zeek.

Reported by:    Tim Wojtulewicz
commit hash: 23f90b966845047ab40be2f9921d5d95f785d6e6 commit hash: 23f90b966845047ab40be2f9921d5d95f785d6e6 commit hash: 23f90b966845047ab40be2f9921d5d95f785d6e6 commit hash: 23f90b966845047ab40be2f9921d5d95f785d6e6 23f90b9
Tuesday, 25 Jan 2022
22:38 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 4.0.5

Changes since 4.0.4:

 - The highwayhash module was updated to fix a build failure on
   FreeBSD.

 - A number of fixes for various problems on the CI infrastructure.

 - Writers were not being cleaned up correctly when recreating log
   streams with the same ID as an existing stream. This could lead
   to a crash.

 - IP packets with bad/incorrect IP header lengths were not reporting
   weirds as they should be.

Reported by:	Tim Wojtulewicz
commit hash: 02c1f1a6efdc5211e1c5dead4ec2393cd134daf6 commit hash: 02c1f1a6efdc5211e1c5dead4ec2393cd134daf6 commit hash: 02c1f1a6efdc5211e1c5dead4ec2393cd134daf6 commit hash: 02c1f1a6efdc5211e1c5dead4ec2393cd134daf6 02c1f1a
Wednesday, 22 Sep 2021
22:15 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 4.0.4

    https://github.com/zeek/zeek/releases/tag/v4.0.4

This release fixes two vulnerabilities:

 - Paths from log stream make it into system() unchecked, potentially
   leading to commands being run on the system unintentionally.
   This requires either bad scripting or a malicious package to be
   installed, and is considered low severity.

 - Fix potential unbounded state growth in the PIA analyzer when
   receiving a connection with either a large number of zero-length
   packets, or one which continues ack-ing unseen segments. It is
   possible to run Zeek out of memory in these instances and cause
   it to crash. Due to the possibility of this happening with packets
   received from the network, this is a potential DoS vulnerability.

Other fixes:

 - The highwayhash submodule was updated to fix a build failure on
   FreeBSD 14.

 - Packet sources that don't have a selectable file descriptor could
   potentially prevent the network time from ever updating, which
   would have adverse effects on the primary run loop such as
   preventing timers from executing.

 - Specific conditions in the run loop could lead RotationTimers
   to get into an infinite loop.

 - Specially crafted HTTP packets could avoid the HTTP analyzer.

 - Zeekctl crashes using the zeekctl status command if the
   StatusCmdShowAll option is set to 1 in zeekctl.cfg.

 - The ignore_checksum_nets option does not work correctly if
   configured with multiple subnets.

Reported by:	Tim Wojtulewicz
Security:	d4d21998-bdc4-4a09-9849-2898d9b41459
commit hash: b45eb65a92c227e19553d291f1855c203d472e0f commit hash: b45eb65a92c227e19553d291f1855c203d472e0f commit hash: b45eb65a92c227e19553d291f1855c203d472e0f commit hash: b45eb65a92c227e19553d291f1855c203d472e0f b45eb65
Tuesday, 6 Jul 2021
21:31 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 4.0.3

    https://github.com/zeek/zeek/releases/tag/v4.0.3

This release fixes the following bugs:

 - Zeek now accepts unset fields in the input data only when the
   corresponding record field is &optional.

 - The version field in ssh.log is now optional and will not be set
   if we cannot determine the version that was negotiated by the
   client and server.

 - Zeekctl could crash at startup on certain compilers and platforms
   due to a memory corruption issue in the Broker python bindings.

 - The highwayhash submodule was updated to fix a build failure on
   FreeBSD for PowerPC.

This release deprecates the following functionality:

 - The stepping-stone analyzer is marked as deprecated. It was
   partially marked as deprecated in 2.0, and will be fully removed
   in v4.1.

Reported by:	Tim Wojtulewicz
commit hash: 9ffa41537310b846c210cdbaa9217c9fd361c6ae commit hash: 9ffa41537310b846c210cdbaa9217c9fd361c6ae commit hash: 9ffa41537310b846c210cdbaa9217c9fd361c6ae commit hash: 9ffa41537310b846c210cdbaa9217c9fd361c6ae 9ffa415
Thursday, 3 Jun 2021
00:14 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 4.0.2

    https://github.com/zeek/zeek/releases/tag/v4.0.2

This release fixes several potential DoS vulnerabilities:

 - Fix potential Undefined Behavior in decode_netbios_name() and
   decode_netbios_name_type() BIFs. The latter has a possibility
   of a remote heap-buffer-overread, making this a potential DoS
   vulnerability.

 - Add some extra length checking when parsing mobile ipv6 packets.
   Due to the possibility of reading invalid headers from remote
   sources, this is a potential DoS vulnerability.

Other fixes:

 - Fix heap-use-after-free after clear_table() on a table that uses
   expiration attributes.

 - Add fatal error for if table/Dictionary state ever becomes invalid
   since the behavior becomes unexpected/unclear at that point (e.g.
   when table bucket positions become large enough to overflow their
   16-bit storage due to aggressive expiration-check settings
   preventing the re-positioning items)

 - Add missing "zeek/" to header includes, which can prevent external
   plugins from compiling against Zeek source-tree (e.g. via
   ./configure --zeek-dist=)

 - Fix reading empty set[enum] values and any vector of enum values
   from config files

 - Fix type-checks related to list-type equality

Reported by:	Tim Wojtulewicz
MFH:		2021Q2
Security:	a550d62c-f78d-4407-97d9-93876b6741b9
commit hash: b9d6624c2bf0584095d15260716597c9e31e37a4 commit hash: b9d6624c2bf0584095d15260716597c9e31e37a4 commit hash: b9d6624c2bf0584095d15260716597c9e31e37a4 commit hash: b9d6624c2bf0584095d15260716597c9e31e37a4 b9d6624
Wednesday, 21 Apr 2021
21:11 Craig Leres (leres) search for other commits by this committer
security/zeek: Update to 4.0.1 to fix null-pointer dereference and potential DOS

    https://github.com/zeek/zeek/releases/tag/v4.0.1

This release fixes the following vulnerability:

 - Fix null-pointer dereference when encountering an invalid enum
   name in a config/input file that tries to read it into a set[enum].
   For those that have such an input feed whose contents may come
   from external/remote sources, this is a potential DoS vulnerability.

Other fixes:

 - Fix mime type detection bug in IRC/FTP file_transferred event
   for file data containing null-bytes

 - Fix potential for missing timestamps in SMB logs

 - Remove use of LeakSanitizer API on FreeBSD where it's unsupported

 - Fix incorrect parsing of ERSPAN Type I

 - Fix incorrect/overflowed n value for SSL_Heartbeat_Many_Requests
   notices where number of server heartbeats is greater than number
   of client heartbeats.

 - Fix missing user_agent existence check in smtp/software.zeek
   (causes reporter.log error noise, but no functional difference)

 - Fix include order of bundled headers to avoid conflicts with
   pre-existing/system-wide installs

 - Fix musl build (e.g. Void, Alpine, etc.)

 - Fix build with -DENABLE_MOBILE_IPV6 / ./configure --enable-mobile-ipv6

 - Add check for null packet data in pcap IOSource, which is an
   observed state in Myricom libpcap that crashes Zeek via null-pointer
   dereference

 - Allow CRLF line-endings in Zeek scripts and signature files

 - Fix armv7 build

 - Fix unserialization of set[function], generally now used by
   connection record removal hooks, and specifically breaking
   intel.log of Zeek clusters

 - Fix indexing of set/table types with a vector

 - Fix precision loss in ASCII logging/printing of large double,
   time, or interval values

 - Improve handling of invalid SIP data before requests

 - Fix copy()/cloning vectors that have holes (indices w/ null
   values)

Reported by:	Jon Siwek
commit hash: 274b20e4c81e57d232a19ad490684374227862c7 commit hash: 274b20e4c81e57d232a19ad490684374227862c7 commit hash: 274b20e4c81e57d232a19ad490684374227862c7 commit hash: 274b20e4c81e57d232a19ad490684374227862c7 274b20e
Saturday, 20 Mar 2021
01:16 leres search for other commits by this committer
security/zeek: Update to 4.0.0

This is the next Long-Term Support (LTS) major version:

    https://github.com/zeek/zeek/releases/tag/v4.0.0
    https://zeek.org/2020/12/15/zeek-4-0-release-candidate/

Support for the previous LTS (3.0.x) will end in about two months.

Reported by:	Jon Siwek
Original commitRevision:568827 
Tuesday, 23 Feb 2021
01:54 leres search for other commits by this committer
security/zeek: Update to 3.0.13

    https://github.com/zeek/zeek/releases/tag/v3.0.13

This release fixes the following vulnerability:

 - Fix ASCII Input reader's treatment of input files containing
   null-bytes. An input file containing null-bytes could lead to a
   buffer-over-read, crash Zeek, and be exploited to cause Denial
   of Service.

And fixes the following bugs:

 - MIME sub-entities overwrote top-level header values cause
   misleading SMTP log

 - Fix incorrect major_subsys_version field in pe_optional_header
   event

Reported by:	Jon Siwek
Original commitRevision:566365 
Tuesday, 15 Dec 2020
22:17 leres search for other commits by this committer
security/zeek: Update to 3.0.12

    https://github.com/zeek/zeek/releases/tag/v3.0.12

This release fixes the following bugs:

 - Incorrect ICMP Neighbor Discovery Option length calculation

 - Fix SMB2 response status parsing

 - Fix excessive connection_status_update events for ICMP connections

Reported by:	Jon Siwek
Original commitRevision:558190 
Wednesday, 7 Oct 2020
21:29 leres search for other commits by this committer
security/zeek: Update to 3.0.11 to fix memory leaks and potential DOS:

    https://github.com/zeek/zeek/releases/tag/v3.0.11

 - A memory leak in multipart MIME code has potential for remote
   exploitation and cause for Denial of Service via resource
   exhaustion.

Other fixes:

 - Fix incorrect RSTOS0 conn_state determinations

Reported by:	Jon Siwek
MFH:		2020Q4
Security:	769a4f60-9056-4c27-89a1-1758a59a21f8
Original commitRevision:551667 
Thursday, 10 Sep 2020
00:15 leres search for other commits by this committer
security/zeek: Update to 3.0.10 to fix memory leaks and potential DOS:

    https://github.com/zeek/zeek/releases/tag/v3.0.10

 - Fix memory leak caused by re-entering AYIYA parsing

 - Fix memory leak caused by re-entering GTPv1 parsing

Other fixes:

 - Fix Input Framework 'change' events for 'set' destinations

 - Fix reported body-length of HTTP messages w/ sub-entities

Reported by:	Jon Siwek
MFH:		2020Q3
Security:	2c92fdd3-896c-4a5a-a0d8-52acee69182d
Original commitRevision:548170 
Tuesday, 28 Jul 2020
01:09 leres search for other commits by this committer
security/zeek: Update to 3.0.8 and address various vulnerabilities:

    https://github.com/zeek/zeek/releases/tag/v3.0.8

 - Fix potential DNS analyzer stack overflow

 - Fix potential NetbiosSSN analyzer stack overflow

Other fixes:

 - Fix DHCP Client ID Option misformat for Hardware Type 0

 - Fix/allow copying/cloning of opaque of Broker::Store

 - Fix ConnPolling memory over-use

 - Fix compress_path not normalizing some paths correctly

 - Fix integer conversion error for Tag subtypes/enums

 - Fix bro_prng() results not staying within modulus

 - Prevent providing a 0 seed to bro_prng() since the LCG parameters
   don't allow that

Reported by:	Jon Siwek
MFH:		2020Q3
Security:	e333084c-9588-4eee-8bdc-323e02cb4fe0
Original commitRevision:543560 
Wednesday, 10 Jun 2020
19:15 leres search for other commits by this committer
security/zeek: Update to 3.0.7 and address various vulnerabilities:

    https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS

 - Fix potential stack overflow in NVT analyzer

 - Fix NVT analyzer memory leak from multiple telnet authn name options

 - Fix multiple content-transfer-encoding headers causing a memory leak

 - Fix potential leak of Analyzers added to tree during Analyzer::Done

 - Prevent IP fragment reassembly on packets without minimal IP header

Other fixes:

 - Limit rate of logging MaxMind DB diagnostic messages

 - Fix wrong return value type for `topk_get_top()` BIF

 - Fix opaque Broker types lacking a Type after (de)serialization

 - Fix lack of descriptive printing for intervals converted from
   `double_to_interval()`

 - Fix some cases of known-services not being logged

MFH:		2020Q3
Security:	9f7ae7ea-da93-4f86-b257-ba76707f6d5d
Original commitRevision:538431 
Wednesday, 6 May 2020
23:37 leres search for other commits by this committer
security/zeek: Update to 3.0.6 and address multiple vulnerabilites:

    https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS

 - Fix buffer over-read in Ident analyzer

 - Fix SSL scripting error leading to uninitialized field access
   and memory leak

 - Fix POP3 analyzer global buffer over-read

 - Fix potential stack overflows due to use of Variable-Length-Arrays

Other changes since 3.0.5 include:

 - Fix unusable `subscriber.poll()` method in Broker Python bindings

 - Fix uninitialized field access in `ssl/log-hostcerts-only.zeek`

 - Fix missing default function for Kerberos constant-lookup-tables

 - Fix cloning of `TypeType` values

 - Remove misleading error message on empty bloomfilter lookup

 - Fix `misc/stats.zeek` skipping log entry on termination

MFH:		2020Q2
Original commitRevision:534211 
Wednesday, 15 Apr 2020
00:01 leres search for other commits by this committer
security/zeek: Update to 3.0.5

Chase latest version number that contains a simple fix not relevant
to supported versions of FreeBSD (hence no MFH).

  
https://raw.githubusercontent.com/zeek/zeek/3ad19762770c567edc3498b3c1f9f216f46970b0/NEWS

 - Same as 3.0.4 but fixes compilation on various platforms with
   older compilers, for example GCC 4.8.x.
Original commitRevision:531735 
Tuesday, 14 Apr 2020
20:55 leres search for other commits by this committer
security/zeek: Update to 3.0.4 and address a remote crash vulnerability:

  
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS

 - Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
   remotely via crafted packet sequence.

Other fixes:

 - Fix use-after-free in Zeek lambda functions with uninitialized
   locals

 - Fix buffer overflow due to tables/records created at parse-time
   not rebuilt on record redef

 - Fix SMB NegotiateContextList parsing

 - Fix binpac flowbuffer frame length parsing doing too much bounds
   checking

 - Fix parsing ERSPAN III optional sub-header

 - Fix bug in intel indicator normalization

 - Fix connection duration thresholding

 - Fix X509Common.h header include for external plugins

 - Fix incorrect targeting of node-specific Broker/Cluster messages

MFH:		2020Q2
Original commitRevision:531729 
Sunday, 15 Mar 2020
22:44 leres search for other commits by this committer
security/bro: Update to 3.0.3 and address a number of potential
denial of service issues:

   https://github.com/zeek/zeek/releases/tag/v3.0.2
   https://github.com/zeek/zeek/releases/tag/v3.0.3

 - Potential Denial of Service due to memory leak in DNS TSIG message
   parsing.

 - Potential Denial of Service due to memory leak (or assertion
   when compiling with assertions enabled) when receiving a second
   SSH KEX message after a first.

 - Potential Denial of Service due to buffer read overflow and/or
   memory leaks in Kerberos analyzer.  The buffer read overflow
   could occur when the Kerberos message indicates it contains an
   IPv6 address, but does not send enough data to parse out a full
   IPv6 address.  A memory leak could occur when processing KRB_KDC_REQ
   KRB_KDC_REP messages for message types that do not match a
   known/expected type.

 - Potential Denial of Service when sending many zero-length SSL/TLS
   certificate data.  Such messages underwent the full Zeek file
   analysis treatment which is expensive (and meaninguless here)
   compared to how cheaply one can "create" or otherwise indicate
   many zero-length contained in an SSL message.

 - Potential Denial of Service due to buffer read overflow in SMB
   transaction data string handling.  The length of strings being
   parsed from SMB messages was trusted to be whatever the message
   claimed instead of the actual length of data found in the message.

 - Potential Denial of Service due to null pointer dereference in
   FTP ADAT Base64 decoding.

 - Potential Denial of Service due buffer read overflow in FTP
   analyzer word/whitespace handling.  This typically won't be a
   problem in most default deployments of Zeek since the FTP analyzer
   receives data from a ContentLine (NVT) support analyzer which
   first null-terminates the buffer used for further FTP parsing.

Approved by:	ler (mentor, implicit)
MFH:		2020Q1
Security:	4ae135f7-85cd-4c32-ad94-358271b31f7f
Original commitRevision:528508 
Wednesday, 11 Dec 2019
21:43 leres search for other commits by this committer
security/bro: Update to 3.0.1. As announced by Jon Siwek:

    This is a bug-fix release that most notably addresses a JSON
    logging performance regression in 3.0.0, but also fixes other
    minor bugs. A list which details the changes can be found here:

    https://github.com/zeek/zeek/releases/tag/v3.0.1

Approved by:	ler (mentor, implicit)
Original commitRevision:519842 
Sunday, 17 Nov 2019
01:03 leres search for other commits by this committer
security/zeek: This adds security/zeek, the new version of security/bro.
This is being done as svn copy instead of rename so that users of
security/bro can have some time to migrate. It also allows for
possible security updates to the old bro port which upstream has
indicated is possible for at least a few months.

Reviewed by:	ler (mentor)
Approved by:	ler (mentor)
Differential Revision:	https://reviews.freebsd.org/D22376
Original commitRevision:517788 

Number of commits found: 37