22:38 Craig Leres (leres) 

security/zeek: Update to 4.0.5

Changes since 4.0.4:

 - The highwayhash module was updated to fix a build failure on
   FreeBSD.

 - A number of fixes for various problems on the CI infrastructure.

 - Writers were not being cleaned up correctly when recreating log
   streams with the same ID as an existing stream. This could lead
   to a crash.

 - IP packets with bad/incorrect IP header lengths were not reporting
   weirds as they should be.

Reported by:	Tim Wojtulewicz

    02c1f1a

10:37 Piotr Kubaj (pkubaj) 

security/zeek: fix build on powerpc64*

In file included from
/wrkdirs/usr/ports/security/zeek/work/zeek-4.0.3/auxil/highwayhash/highwayhash/arch_specific.cc:27:
/usr/include/sys/sysctl.h:1185:25: error: unknown type name 'u_int'
int     sysctl(const int *, u_int, void *, size_t *, const void *, size_t);

    b91d1bd

21:31 Craig Leres (leres) 

security/zeek: Update to 4.0.3

    https://github.com/zeek/zeek/releases/tag/v4.0.3

This release fixes the following bugs:

 - Zeek now accepts unset fields in the input data only when the
   corresponding record field is &optional.

 - The version field in ssh.log is now optional and will not be set
   if we cannot determine the version that was negotiated by the
   client and server.

 - Zeekctl could crash at startup on certain compilers and platforms
   due to a memory corruption issue in the Broker python bindings.

 - The highwayhash submodule was updated to fix a build failure on
   FreeBSD for PowerPC.

This release deprecates the following functionality:

 - The stepping-stone analyzer is marked as deprecated. It was
   partially marked as deprecated in 2.0, and will be fully removed
   in v4.1.

Reported by:	Tim Wojtulewicz

    9ffa415

17:35 Piotr Kubaj (pkubaj) 

security/zeek: fix build on powerpc64le

Fix typo in systlbyname().

    0072507

21:11 Craig Leres (leres) 

security/zeek: Update to 4.0.1 to fix null-pointer dereference and potential DOS

    https://github.com/zeek/zeek/releases/tag/v4.0.1

This release fixes the following vulnerability:

 - Fix null-pointer dereference when encountering an invalid enum
   name in a config/input file that tries to read it into a set[enum].
   For those that have such an input feed whose contents may come
   from external/remote sources, this is a potential DoS vulnerability.

Other fixes:

 - Fix mime type detection bug in IRC/FTP file_transferred event
   for file data containing null-bytes

 - Fix potential for missing timestamps in SMB logs

 - Remove use of LeakSanitizer API on FreeBSD where it's unsupported

 - Fix incorrect parsing of ERSPAN Type I

 - Fix incorrect/overflowed n value for SSL_Heartbeat_Many_Requests
   notices where number of server heartbeats is greater than number
   of client heartbeats.

 - Fix missing user_agent existence check in smtp/software.zeek
   (causes reporter.log error noise, but no functional difference)

 - Fix include order of bundled headers to avoid conflicts with
   pre-existing/system-wide installs

 - Fix musl build (e.g. Void, Alpine, etc.)

 - Fix build with -DENABLE_MOBILE_IPV6 / ./configure --enable-mobile-ipv6

 - Add check for null packet data in pcap IOSource, which is an
   observed state in Myricom libpcap that crashes Zeek via null-pointer
   dereference

 - Allow CRLF line-endings in Zeek scripts and signature files

 - Fix armv7 build

 - Fix unserialization of set[function], generally now used by
   connection record removal hooks, and specifically breaking
   intel.log of Zeek clusters

 - Fix indexing of set/table types with a vector

 - Fix precision loss in ASCII logging/printing of large double,
   time, or interval values

 - Improve handling of invalid SIP data before requests

 - Fix copy()/cloning vectors that have holes (indices w/ null
   values)

Reported by:	Jon Siwek

    274b20e

18:43 pkubaj 

security/zeek: fix build on powerpc64 elfv2

-mpowerp8-vector is now necessary due to use of highwayhash.

Fix typo on sysctlbyname.

Also correct typo in BROKEN entries.