non port: security/bro/pkg-plist |
Number of commits found: 20 |
Thursday, 20 Dec 2018
|
01:25 leres
Update to 2.6.1:
- Update the embedded SQLite library from 3.18.0 to 3.26.0 to
address a remote code execution vulnerability ("Magellan").
- Uses a bundled version of the actor-framework (caf) library so
we can remove the port-local build for caf.
Replace broctl-config.sh absolute symlink with a relative one.
Approved by: ler (mentor, implicit)
MFH: 2018Q4
Security: b80f039d-579e-4b82-95ad-b534a709f220
|
Thursday, 30 Aug 2018
|
00:13 leres
Update to 2.5.5 which addresses security issues:
- Fix array bounds checking in BinPAC: for arrays that are
fields within a record, the bounds check was based on a pointer
to the start of the record rather than the start of the array
field, potentially resulting in a buffer over-read.
- Fix SMTP command string comparisons: the number of bytes
compared was based on the user-supplied string length and can
lead to incorrect matches. e.g. giving a command of "X"
incorrectly matched "X-ANONYMOUSTLS" (and an empty commands
match anything).
- Weird" events are now generally suppressed/sampled by default
according to some tunable parameters.
- Improved handling of empty lines in several text protocol
analyzers that can cause performance issues when seen in long
sequences.
- Add `smtp_excessive_pending_cmds' weird which serves as a
notification for when the "pending command" queue has reached
an upper limit and been cleared to prevent one from attempting
to slowly exhaust memory.
Approved by: ler (mentor, implicit)
MFH: 2018Q3
Security: d0be41fe-2a20-4633-b057-4e8b25c41780
|
Friday, 8 Jun 2018
|
16:40 leres
Update to 2.5.4 which fixes multiple memory allocation issues:
- Multiple fixes and improvements to BinPAC generated code
related to array parsing, with potential impact to all Bro's
BinPAC-generated analyzers in the form of buffer over-reads
or other invalid memory accesses depending on whether a
particular analyzer incorrectly assumed that the
evaulated-array-length expression is actually the number of
elements that were parsed out from the input.
- The NCP analyzer (not enabled by default and also updated
to actually work with newer Bro APIs in the release) performed
a memory allocation based directly on a field in the input
packet and using signed integer storage. This could result
in a signed integer overflow and memory allocations of
negative or very large size, leading to a crash or memory
exhaustion. The new NCP::max_frame_size tuning option now
limits the maximum amount of memory that can be allocated.
Other fixes:
- A memory leak in the SMBv1 analyzer.
- The MySQL analyzer was generally not working as intended,
for example, it now is able to parse responses that contain
multiple results/rows.
Add gettext-runtime to USES to address a poudriere testport
warning.
Reviewed by: matthew (mentor)
Approved by: matthew (mentor)
MFH: 2018Q2
Security: 2f4fd3aa-32f8-4116-92f2-68f05398348e
Differential Revision: https://reviews.freebsd.org/D15678
|
Monday, 19 Feb 2018
|
22:04 leres
Add a NETMAP option to build and install the bro netmap plugin.
PR: 224918
Reported by: Shane Peters
Reviewed by: matthew (mentor)
Approved by: matthew (mentor)
Differential Revision: https://reviews.freebsd.org/D14378
|
Monday, 21 Aug 2017
|
02:12 swills
security/bro: Update to 2.5.1
Also, unbreak build with BROKER, add rc.d script
PR: 217656
Submitted by: leres@ee.lbl.gov (maintainer)
|
Friday, 23 Oct 2015
|
19:04 riggs
Update to upstream version 2.4.1, add BROKER OPTION
PR: 203849
Submitted by: leres@ee.lbl.gov (maintainer)
|
Monday, 2 Feb 2015
|
22:25 pi
security/bro, security/broccoli: 2.3 -> 2.3.2
This updates bro and broccoli from 2.3 and 2.3.2, which is a security
update.
Changes to the bro port:
- Rework openssl option logic
- Remove obsolete
- pkgng related changes
Changes to the broccoli port:
- Remove unused DOCS option
- Enable PYTHON by default
- pkgng related changes
- Minor portlint changes
Changes in 2.3.2:
- DNP3: fix reachable assertion and buffer over-read/overflow.
CVE number pending. (Travis Emmert, Jon Siwek)
- Update binpac: Fix potential out-of-bounds memory reads in
generated code. CVE-2014-9586. (John Villamil and Chris Rohlf
- Yahoo Paranoids, Jon Siwek)
- BIT-1234: Fix build on systems that already have ntohll/htonll.
(Jon Siwek)
- BIT-1291: Delete prebuilt python bytecode files from git. (Jon Siwek)
- Adding call to new binpac::init() function. (Robin Sommer)
Changes in 2.3.1:
- Fix a reference counting bug in ListVal ctor. (Jon Siwek)
- Fix possible buffer over-read in DNS TSIG parsing. (Jon Siwek)
- Change EDNS parsing code to use rdlength more cautiously. (Jon Siwek)
- Fix null pointer dereference in OCSP verification code in
case no certificate is sent as part as the ocsp reply. Addresses
BIT-1212. (Johanna Amann)
- Fix OCSP reply validation. Addresses BIT-1212 (Johanna Amann)
- Make links in documentation templates protocol relative. (Johanna Amann)
PR: 197107
Submitted by: Craig Leres <leres@ee.lbl.gov> (maintainer)
Reviewed by: koobs
|
Friday, 15 Aug 2014
|
00:05 marino
security/bro: Add su flags so pkg initialization works
PR: 192646
Submitted by: maintainer (Craig Leres)
|
Sunday, 10 Aug 2014
|
21:51 cs
Update to 2.3
PR: 192105
Submitted by: leres@ee.lbl.gov (maintainer)
|
Friday, 22 Nov 2013
|
15:02 jadawin
- Update to 2.2
- Support STAGE
- Update MASTER_SITES
- Add LICENSE
PR: ports/183940
Submitted by: maintainer
|
Wednesday, 16 Oct 2013
|
22:56 tabthorpe
- Split broccoli library into separate port
- Use new infrastructure
- Bump PORTREVISION
PR: ports/182475
Submitted by: Craig Leres <leres@ee.lbl.gov> (maintainer)
|
Saturday, 30 Mar 2013
|
13:47 miwi
- Unbreak build
Reported by: pointyhat
Approved by: portmgr
|
Monday, 3 Dec 2012
|
05:20 kevlo
Update to 2.1.
Feature safe: yes
PR: ports/174016
Submitted by: Paul Schmehl <pauls at utdallas dot edu>
|
Wednesday, 12 Sep 2012
|
08:09 kevlo
Update to 2.0; with some help from rm@
PR: ports/169690
Submitted by: Paul Dokas <paul at dokas dot name>
|
Friday, 15 Oct 2010
|
06:42 kevlo
Update to 1.5.1
PR: ports/150987
Submitted by: dikshie <dikshie at sfc dot wide dot ad dot jp>
|
Saturday, 20 Dec 2008
|
05:35 kevlo
- Fix pkg-plist
- Bump PORTREVISION
|
Thursday, 18 Dec 2008
|
06:43 kevlo
- Update to 1.4
- Take maintainership
PR: ports/129715
Submitted by: kevlo
|
Monday, 10 Sep 2007
|
13:28 edwin
security/bro, port upgrade to version 1.2.1, take over maintainership
This is an upgrade of the security/bro port to the current
stable version. The port is very complex, so it needs to
be tested carefully to make sure that I'm not screwing
anything up or using wrong conventions. Also, I'm willing
to take over maintainership of the port if it's accepted
into the tree.
Please note, there are several files that need to be removed
from the port and quite a few that need to be added. All
these files are in FILESDIR. I have provided blank patches
for the files that need to be removed, so the patches will
create blank files.
Added IS_INTERACTIVE to the port
Left original freebsd header comments in it.
Next time please use one big patch-file instead of lots of little ones :-)
PR: ports/114999
Submitted by: Paul Schmehl <pauls@utdallas.edu>
|
Tuesday, 14 Oct 2003
|
14:50 osa
Update to 0.8, fix RESTRICTED.
|
Wednesday, 22 Nov 2000
|
00:17 obrien
Add $FreeBSD$'s which help me in problem reports.
|
Number of commits found: 20 |