diff options
author | Craig Leres <leres@FreeBSD.org> | 2018-06-08 16:40:46 +0000 |
---|---|---|
committer | Craig Leres <leres@FreeBSD.org> | 2018-06-08 16:40:46 +0000 |
commit | 64467380311d245848e7aff1d9f744ec7ead5235 (patch) | |
tree | b22a399e0cd5a04de1b62b0b118cd42901c7c677 /security/bro | |
parent | Rename the git(211) user to just "git user" (diff) |
Update to 2.5.4 which fixes multiple memory allocation issues:
- Multiple fixes and improvements to BinPAC generated code
related to array parsing, with potential impact to all Bro's
BinPAC-generated analyzers in the form of buffer over-reads
or other invalid memory accesses depending on whether a
particular analyzer incorrectly assumed that the
evaulated-array-length expression is actually the number of
elements that were parsed out from the input.
- The NCP analyzer (not enabled by default and also updated
to actually work with newer Bro APIs in the release) performed
a memory allocation based directly on a field in the input
packet and using signed integer storage. This could result
in a signed integer overflow and memory allocations of
negative or very large size, leading to a crash or memory
exhaustion. The new NCP::max_frame_size tuning option now
limits the maximum amount of memory that can be allocated.
Other fixes:
- A memory leak in the SMBv1 analyzer.
- The MySQL analyzer was generally not working as intended,
for example, it now is able to parse responses that contain
multiple results/rows.
Add gettext-runtime to USES to address a poudriere testport
warning.
Reviewed by: matthew (mentor)
Approved by: matthew (mentor)
MFH: 2018Q2
Security: 2f4fd3aa-32f8-4116-92f2-68f05398348e
Differential Revision: https://reviews.freebsd.org/D15678
Notes
Notes:
svn path=/head/; revision=472014
Diffstat (limited to 'security/bro')
-rw-r--r-- | security/bro/Makefile | 4 | ||||
-rw-r--r-- | security/bro/distinfo | 6 | ||||
-rw-r--r-- | security/bro/pkg-plist | 1 |
3 files changed, 6 insertions, 5 deletions
diff --git a/security/bro/Makefile b/security/bro/Makefile index 6d8ad61b760b..f518ff88d98a 100644 --- a/security/bro/Makefile +++ b/security/bro/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= bro -PORTVERSION= 2.5.3 +PORTVERSION= 2.5.4 CATEGORIES= security MASTER_SITES= https://www.bro.org/downloads/ DISTFILES= ${DISTNAME}${EXTRACT_SUFX} @@ -16,7 +16,7 @@ BROKEN_powerpc64= Does not build: error: zero-size array 'names' LIB_DEPENDS= libGeoIP.so:net/GeoIP -USES= bison cmake:outsource compiler:c++11-lang ninja perl5 python shebangfix ssl +USES= bison cmake:outsource compiler:c++11-lang gettext-runtime ninja perl5 python shebangfix ssl CMAKE_ARGS+= -DPYTHON_EXECUTABLE:PATH=${PYTHON_CMD} CXXFLAGS+= -std=c++11 -Wall diff --git a/security/bro/distinfo b/security/bro/distinfo index 5327498eae77..30d9bb99f7ef 100644 --- a/security/bro/distinfo +++ b/security/bro/distinfo @@ -1,6 +1,6 @@ -TIMESTAMP = 1518744511 -SHA256 (bro-2.5.3.tar.gz) = 7384fa14e6cebc86488040877fc0bfd50868e969f0fa05178cef0116e4116225 -SIZE (bro-2.5.3.tar.gz) = 18514905 +TIMESTAMP = 1528300945 +SHA256 (bro-2.5.4.tar.gz) = 80daea433fa654f2602cf67b19b9121ff6ad57761bad73cc29020c4f490c5f1f +SIZE (bro-2.5.4.tar.gz) = 18520847 SHA256 (actor-framework-actor-framework-0.14.6_GH0.tar.gz) = cbc2033896fe41e42604de2f74673971718a40684996650157484485755f7720 SIZE (actor-framework-actor-framework-0.14.6_GH0.tar.gz) = 1239451 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b diff --git a/security/bro/pkg-plist b/security/bro/pkg-plist index e547c95c60ed..bf9d4dbd5ae4 100644 --- a/security/bro/pkg-plist +++ b/security/bro/pkg-plist @@ -188,6 +188,7 @@ man/man8/bro.8.gz %%DATADIR%%/base/bif/plugins/Bro_MIME.events.bif.bro %%DATADIR%%/base/bif/plugins/Bro_Modbus.events.bif.bro %%DATADIR%%/base/bif/plugins/Bro_MySQL.events.bif.bro +%%DATADIR%%/base/bif/plugins/Bro_NCP.consts.bif.bro %%DATADIR%%/base/bif/plugins/Bro_NCP.events.bif.bro %%DATADIR%%/base/bif/plugins/Bro_NTLM.events.bif.bro %%DATADIR%%/base/bif/plugins/Bro_NTLM.types.bif.bro |