Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
7.0.4 19 Nov 2024 21:30:34 |
Craig Leres (leres) |
security/zeek: Update to 7.0.4
https://github.com/zeek/zeek/releases/tag/v7.0.4
This release fixes the following bugs:
- The community-id-logging.zeek policy script was used to set
c$conn$community_id during new_connection() rather than
connection_state_remove(), allowing other scripts to reuse its
value early.
- The input framework will no longer get stuck and use 100% of the
CPU when encountering lines not immediately terminated by a new
line.
(Only the first 15 lines of the commit message are shown above ) |
7.0.3_1 29 Oct 2024 17:53:56 |
Craig Leres (leres) |
security/zeek: Fix build with clang 19
https://github.com/zeek/zeek/issues/3994
https://github.com/zeek/zeek/pull/3997
Clang 19 with libc++ started failing to compile because the
default implementation of std::char_traits was removed, making
uses of std::char_traits<unsigned char> invalid (by consequence,
also std::basic_string<unsigned char>). |
7.0.3 05 Oct 2024 01:33:24 |
Craig Leres (leres) |
security/zeek: Update to 7.0.3
https://github.com/zeek/zeek/releases/tag/v7.0.3
This release fixes the following potential DoS vulnerability:
- Adding to the POP3 hardening in 7.0.2, the parser now simply
discards too many pending commands, rather than any attempting
to process them. Further, invalid server responses do not result
in command completion anymore. Processing out-of-order commands
or finishing commands based on invalid server responses could
result in inconsistent analyzer state, potentially triggering
null pointer references for crafted traffic.
Reported by: Tim Wojtulewicz |
7.0.2 24 Sep 2024 05:46:46 |
Craig Leres (leres) |
security/zeek: Update to 7.0.2
https://github.com/zeek/zeek/releases/tag/v7.0.2
This release fixes the following potential DoS vulnerability:
- The POP3 parser has been hardened to avoid unbounded state growth
in the face of one-sided traffic capture or when enabled for
non-POP3 traffic.
This release fixes the following bugs:
- Support for SASL+SPNEGO+NTLMSSP was added to the LDAP analyzer.
- Telemetry callbacks are now handled via Zeek instead of depending
on the prometehus-cpp library to handle them.
Reported by: Tim Wojtulewicz |
7.0.1 03 Sep 2024 23:29:36 |
Craig Leres (leres) |
security/zeek: Update to 7.0.1
https://github.com/zeek/zeek/releases/tag/v7.0.1
This release fixes the following bugs:
- HTTP passwords with colon characters in them are now correctly
logged.
- The LDAP analyzer now supports handling of non-sealed GSS-API
WRAP tokens.
- Heuristics for parsing SASL encrypted and signed LDAP traffic
have been made more strict and predictable.
- StartTLS support was added to the LDAP analyzer.
- Specify less-strict permissions for directories and files created
by zeek-archiver to play more nicely with user's umask setting.
Reported by: Tim Wojtulewicz |
7.0.0_1 03 Aug 2024 17:37:29 |
Craig Leres (leres) |
security/zeek: Clean up some stage nits
- Change the legacy lib/broctl symlink from an absolute to a
relative path.
- Remove unnecessary USES=gettext-runtime
- Add @dir pkg-plist entries for empty directories.
Reported by: Daniel Engberg |
7.0.0 01 Aug 2024 21:04:36 |
Craig Leres (leres) |
security/zeek: Update to 7.0.0
https://github.com/zeek/zeek/releases/tag/v7.0.0
This is the latest major version number Long-Term Support (LTS)
release of Zeek.
- The Telemetry framework has had a major rework, and includes a
number of breaking changes. The biggest change is a move towards
a Prometheus-first model.
- All of the metrics-related script-level options, type, and methods
have been
moved to the Telemetry framework.
(Only the first 15 lines of the commit message are shown above ) |
6.0.4_1 19 Jun 2024 20:24:47 |
Craig Leres (leres) |
security/zeek: Fix intermittent crash
Also fix trace-summary python backtrace.
Intermittent crash:
https://github.com/zeek/zeek/commit/8c337bd7693a2002dcfe8a15b35dc92eb9e78de9
threading/MsgThread: Decouple IO source and thread
A MsgThread acting as an IO source itself can result in the
scenario where the threading manager's heartbeat timer deletes
a terminated MsgThread instance, but at the same time this
instance is in the list of ready IO sources as determined by
the IO loop in the current iteration. (Only the first 15 lines of the commit message are shown above ) |
6.0.4 16 May 2024 21:56:46 |
Craig Leres (leres) |
security/zeek: Update to 6.0.4
https://github.com/zeek/zeek/releases/tag/v6.0.4
This release fixes the following bugs:
- The Mozilla CA and Google CT lists were updated to their latest
versions.
- A crash with ICMP packets involving errant length checking was
fixed.
- When a shadow file is empty/missing during rotation, Zeek aborts
with an error message, but if the shadow file was empty, it will
still be there after the restart. (Only the first 15 lines of the commit message are shown above ) |
6.0.3 07 May 2024 01:14:27 |
Craig Leres (leres) |
security/zeek: Convert post-extract to EXTRACT_AFTER_ARGS
"Saves I/O by not extracting unused dependency"
PR: 278766
Reported by: diizzy |
6.0.3 11 Apr 2024 21:26:13 |
Craig Leres (leres) |
security/zeek: Fix package when BUILD_TYPE is not "release"
This is a simple pkg-plist change. |
6.0.3 22 Jan 2024 17:53:28 |
Craig Leres (leres) |
security/zeek: Update to 6.0.3
https://github.com/zeek/zeek/releases/tag/v6.0.3
This release fixes the following potential DoS vulnerability:
- A specially-crafted series of packets containing nested MIME
entities can cause Zeek to spend large amounts of time parsing
the entities.
This release fixes the following bugs:
- CMake correctly passes along third-party package information
when building plugins.
(Only the first 15 lines of the commit message are shown above ) |
6.0.2_1 21 Jan 2024 23:43:48 |
Craig Leres (leres) |
security/zeek: Remove reference to MANPREFIX
Remove ZEEK_MAN_INSTALL_PATH and let cmake default to share/man.
Reported by: bofh |
6.0.2_1 21 Jan 2024 23:16:25 |
Craig Leres (leres) |
security/zeek: Install man pages in share/man |
6.0.2 31 Dec 2023 00:37:05 |
Muhammad Moinur Rahman (bofh) |
*/*: Sunset 12.4-RELEASE/12-STABLE from ports tree
- Remove all references to defunct ARCH arm
- Remove all references to defunct ARCH sparc64
- Remove x11-drivers/xf86-video-sunffb which requires defunct sparc64
ARCH
- Remove sysutils/afbinit requires defunct sparc64 ARCH
- Remove all references to bktr driver
- Remove all references to defunct FreeBSD_12
- Remove all references to OSVERSION/OSREL corresponding to 12
- Remove conditionals in Mk/Uses/cabal.mk
- Remove sparc reference from Mk/Uses/qt-dist.mk
- Remove BROKEN_sparc64/NOT_FOR_ARCH=sparc64
- Remove BROKEN_FreeBSD_12* from:
- Remove OpenSSL patches from:
- Remove conditional flags for OSVERSION >= 1300000 to fixed flags.
Also move conditional flags for non sparc64/arm ARCH to fixed flags.
Reviewed by: brooks, jbeich, rene, salvadore
Differential Revision: https://reviews.freebsd.org/D42068 |
6.0.2 27 Oct 2023 22:46:35 |
Craig Leres (leres) |
security/zeek: Update to 6.0.2
https://github.com/zeek/zeek/releases/tag/v6.0.2
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted SSL packet could cause Zeek to leak memory
and potentially crash.
- A specially-crafted series of FTP packets could cause Zeek to
log entries for requests that have already been completed, using
resources unnecessarily and potentially causing Zeek to lose
other traffic.
- A specially-crafted series of SSL packets could cause Zeek to (Only the first 15 lines of the commit message are shown above ) |
6.0.1 27 Oct 2023 22:43:01 |
Craig Leres (leres) |
security/zeek: revert f85e384: inadvertent update
I accidently commited changes to security/vuxml and security/zeek. |
6.0.2 27 Oct 2023 22:25:39 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 6.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v6.0.2
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted SSL packet could cause Zeek to leak memory
and potentially crash.
- A specially-crafted series of FTP packets could cause Zeek to
log entries for requests that have already been completed, using
resources unnecessarily and potentially causing Zeek to lose
other traffic.
- A specially-crafted series of SSL packets could cause Zeek to (Only the first 15 lines of the commit message are shown above ) |
6.0.1 15 Oct 2023 13:48:58 |
Daniel Engberg (diizzy) |
security/zeek: Remove duplicated and incorrect build dependency of CMake
CMake binary is provided by devel/cmake-core not devel/cmake which
is a metaport and we don't need to safeguard for a version that's
over 3 years old
Approved by: portmgr (blanket) |
6.0.1 12 Sep 2023 21:27:54 |
Craig Leres (leres) |
security/zeek: Update to 6.0.0
https://github.com/zeek/zeek/releases/tag/v6.0.1
This release fixes the following potential DoS vulnerabilities:
- File extraction limits were not correctly enforced for files
containing large amounts of missing bytes.
- Sessions are sometimes not cleaned up completely within Zeek
during shutdown,
potentially causing a crash when using the -B dpd flag for debug logging.
- A specially-crafted HTTP packet can cause Zeek's filename
extraction code to take a long time to process the data. (Only the first 15 lines of the commit message are shown above ) |
6.0.0 06 Sep 2023 20:50:46 |
Po-Chuan Hsieh (sunpoet) |
security/zeek: Clean up USES=python
- While I'm here, fix PLIST
====> Checking for pkg-plist issues (check-plist)
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
Error: Orphaned: @dir lib/%%ZEEKUSER%%/plugins
Error: Orphaned: @dir lib/%%ZEEKUSER%%/spicy
===> Checking for items in pkg-plist which are not in STAGEDIR
===> Error: Plist issues found.
*** Error code 1
Approved by: portmgr (blanket)
With hat: python |
6.0.0 31 Aug 2023 00:31:24 |
Craig Leres (leres) |
security/zeek: revert b6a8929a2551 for pkg-plist
I get package errors with that version (for 13.2/amd64 at least):
=======================<phase: package >============================
===> Building package for zeek-6.0.0
pkg-static: Unable to access file
/wrkdirs/usr/ports/security/zeek/work/stage/usr/local/include/zeek/analyzer/protocol/finger/legacy/events.bif.h:No
such file or directory
pkg-static: Unable to access file
/wrkdirs/usr/ports/security/zeek/work/stage/usr/local/include/zeek/analyzer/protocol/syslog/legacy/events.bif.h:No
such file or directory
pkg-static: Unable to access file
/wrkdirs/usr/ports/security/zeek/work/stage/usr/local/share/zeek/base/bif/plugins/Zeek_Finger.events.bif.zeek:No
such file or directory
pkg-static: Unable to access file
/wrkdirs/usr/ports/security/zeek/work/stage/usr/local/share/zeek/base/bif/plugins/Zeek_Syslog.events.bif.zeek:No
such file or directory
*** Error code 1
Maybe it's an options thing? I have everything set except PERFTOOLS
and BUILD_TYPE set to RELEASE.
While here update LICENSE. |
6.0.0 29 Aug 2023 14:25:27 |
Piotr Kubaj (pkubaj) |
security/zeek: add shebangfix to zeek-client, fix pkg-plist
Noticed while building on powerpc64. |
6.0.0 23 Aug 2023 16:34:00 |
Craig Leres (leres) |
security/zeek: Update PORTSCOUT
According to upstream, "LTS releases will always be x.0.y"
Adjust PORTSCOUT accordingly. |
6.0.0 22 Aug 2023 20:34:35 |
Craig Leres (leres) |
security/zeek: Update to 6.0.0
https://github.com/zeek/zeek/releases/tag/v6.0.0
This is the latest major version number Long-Term Support (LTS)
release of Zeek.
The NETMAP option has been removed; it was too difficult to build
it without zeek being installed in %%PREFIX%%. The consensus was
that this was a rarely used feature, please reach out to me if need
this (I've done some work on a new security/zeek-netmap port that
is probably the right way forward).
When I upgraded zeek on my systems I found some cruft left over
from previous versions. The way I recommend upgrading from 5.0.9 (Only the first 15 lines of the commit message are shown above ) |
5.0.9 19 May 2023 17:37:41 |
Craig Leres (leres) |
security/zeek: Update to 5.0.9
https://github.com/zeek/zeek/releases/tag/v5.0.9
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of FTP packets with a CMD command
with a large path followed by a very large number of replies
could cause Zeek to spend a long time processing the data.
- A specially-crafted with a truncated header can cause Zeek to
overflow memory and potentially crash.
- A specially-crafted series of SMTP packets can cause Zeek to
generate a very large number of events and take a long time to (Only the first 15 lines of the commit message are shown above ) |
5.0.8 12 Apr 2023 06:18:39 |
Craig Leres (leres) |
security/zeek: Update to 5.0.8
https://github.com/zeek/zeek/releases/tag/v5.0.8
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted stream of FTP packets containing a command
reply with many intermediate lines can cause Zeek to spend a
large amount of time processing data.
- A specially-crafted set of packets containing extremely large
file offsets cause cause the reassembler code to allocate large
amounts of memory.
- The DNS manager does not correctly expire responses that don't (Only the first 15 lines of the commit message are shown above ) |
5.0.7 21 Feb 2023 22:39:32 |
Craig Leres (leres) |
security/zeek: Update to 5.0.7
https://github.com/zeek/zeek/releases/tag/v5.0.7
This release fixes the following potential DoS vulnerabilities:
- Receiving DNS responses from async DNS requests (via the
lookup_addr, etc BIF methods) with the TTL set to zero could
cause the DNS manager to eventually stop being able to make new
requests.
- Specially-crafted FTP packets with excessively long usernames,
passwords, or other fields could cause log writes to use large
amounts of disk space.
(Only the first 15 lines of the commit message are shown above ) |
5.0.6 01 Feb 2023 19:06:38 |
Craig Leres (leres) |
security/zeek: Update to 5.0.6
https://github.com/zeek/zeek/releases/tag/v5.0.6
This release fixes the following potential DoS vulnerabilities:
- A missing field in the SMB FSControl script-land record could
cause a heap buffer overflow when receiving packets containing
those header types.
- Receiving a series of packets that start with HTTP/1.0 and then
switch to HTTP/0.9 could cause Zeek to spend a large amount of
time processing the packets.
- Receiving large numbers of FTP commands sequentially from the (Only the first 15 lines of the commit message are shown above ) |
5.0.5 10 Jan 2023 01:07:31 |
Craig Leres (leres) |
security/zeek: Update to 5.0.5
https://github.com/zeek/zeek/releases/tag/v5.0.5
This release fixes the following bugs:
- Update broker to version 2.3.6. This broker release fixes some
failures when building against Python 3.11 and above.
Reported by: Tim Wojtulewicz |
5.0.4 24 Nov 2022 18:29:18 |
Craig Leres (leres) |
security/zeek: Update to 5.0.4
https://github.com/zeek/zeek/releases/tag/v5.0.4
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of HTTP 0.9 packets can cause Zeek
to spend large amounts of time processing the packets.
- A specially-crafted FTP packet can cause Zeek to spend large
amounts of time processing the command.
- A specially-crafted IPv6 packet can cause Zeek to overflow memory
and potentially crash.
This release fixes the following bugs:
- Fix a potential stall in Broker’s internal data pipeline.
Reported by: Tim Wojtulewicz
Security: ??? |
5.0.3 09 Nov 2022 02:42:45 |
Craig Leres (leres) |
security/zeek: Update to 5.0.3
https://github.com/zeek/zeek/releases/tag/v5.0.3
This release fixes the following potential DoS vulnerabilities:
- Fix an issue where a specially-crafted FTP packet can cause Zeek
to spend large amounts of time attempting to search for valid
commands in the data stream.
- Fix a possible overflow in the Zeek dictionary code that may
lead to a memory leak.
- Fix an issue where a specially-crafted packet can cause Zeek to
spend large amounts of time reporting analyzer violations. (Only the first 15 lines of the commit message are shown above ) |
5.0.2 20 Sep 2022 00:02:32 |
Craig Leres (leres) |
security/zeek: Update to 5.0.2
https://github.com/zeek/zeek/releases/tag/v5.0.2
Security fixes:
- Fix a possible overflow and crash in the ICMP analyzer when
receiving a specially crafted packet
- Fix a possible overflow and crash in the IRC analyzer when
receiving a specially crafted packet
- Fix a possible overflow and crash in the SMB analyzer when
receiving a specially crafted packet
(Only the first 15 lines of the commit message are shown above ) |
5.0.1 15 Sep 2022 00:53:25 |
Craig Leres (leres) |
security/zeek: Port improvements
- Remove useless BROKER option.
- Remove USES=ninja (now implied by USES=cmake).
- Make bison, flex, and swig hard dependencies.
- Strip several installed binaries.
- Remove some test files and directories mistakenly installed by
spicy.
- While we're here, run portfmt.
Thanks to @diizzy for the bulk of these changes.
PR: 266345
Reported by: diizzy |
07 Sep 2022 21:58:51 |
Stefan Eßer (se) |
Remove WWW entries moved into port Makefiles
Commit b7f05445c00f has added WWW entries to port Makefiles based on
WWW: lines in pkg-descr files.
This commit removes the WWW: lines of moved-over URLs from these
pkg-descr files.
Approved by: portmgr (tcberner) |
5.0.1 07 Sep 2022 21:10:59 |
Stefan Eßer (se) |
Add WWW entries to port Makefiles
It has been common practice to have one or more URLs at the end of the
ports' pkg-descr files, one per line and prefixed with "WWW:". These
URLs should point at a project website or other relevant resources.
Access to these URLs required processing of the pkg-descr files, and
they have often become stale over time. If more than one such URL was
present in a pkg-descr file, only the first one was tarnsfered into
the port INDEX, but for many ports only the last line did contain the
port specific URL to further information.
There have been several proposals to make a project URL available as
a macro in the ports' Makefiles, over time.
(Only the first 15 lines of the commit message are shown above ) |
5.0.1 26 Aug 2022 23:54:26 |
Craig Leres (leres) |
security/zeek: Update to 5.0.1
https://github.com/zeek/zeek/releases/tag/v5.0.1
Security fixes since 5.0.0:
- Fix a possible overflow and crash in the ARP analyzer when
receiving a specially crafted packet.
- Fix a possible overflow and crash in the Modbus analyzer when
receiving a specially crafted packet.
- Fix two possible crashes when converting IP headers for output
via the raw_packet event.
(Only the first 15 lines of the commit message are shown above ) |
5.0.0_2 20 Jul 2022 14:22:56 |
Tobias C. Berner (tcberner) |
security: remove 'Created by' lines
A big Thank You to the original contributors of these ports:
* <ports@c0decafe.net>
* Aaron Dalton <aaron@FreeBSD.org>
* Adam Weinberger <adamw@FreeBSD.org>
* Ade Lovett <ade@FreeBSD.org>
* Aldis Berjoza <aldis@bsdroot.lv>
* Alex Dupre <ale@FreeBSD.org>
* Alex Kapranoff <kappa@rambler-co.ru>
* Alex Samorukov <samm@freebsd.org>
* Alexander Botero-Lowry <alex@foxybanana.com>
* Alexander Kriventsov <avk@vl.ru>
* Alexander Leidinger <netchild@FreeBSD.org> (Only the first 15 lines of the commit message are shown above ) |
5.0.0_2 18 Jul 2022 07:16:39 |
Piotr Kubaj (pkubaj) |
security/zeek: fix build on non aarch64 / amd64 / armv? / i386
1. Enable SPICY only on aarch64 / amd64 / armv? / i386 as specified in
https://github.com/zeek/spicy/blob/d0bc60537b53c3a951a0bdcb7b1c080bbb068abf/hilti/runtime/src/fiber.cc#L252
2. Correct a parameter passed to CMake to disable Spicy.
3. Correct pkg-plist for build with disabled Spicy.
Approved by: portmgr (blanket) |
5.0.0_2 13 Jul 2022 16:50:29 |
Craig Leres (leres) |
security/zeek: Update input framework patch
https://github.com/zeek/zeek/pull/2266
This version of the patch fixes tail -F semantics when want_record=F. |
5.0.0_1 09 Jul 2022 19:52:20 |
Craig Leres (leres) |
security/zeek: Patch to allow building without ENABLE_ZEEK_UNIT_TESTS
5.0.0 does not build without ENABLE_ZEEK_UNIT_TESTS enabled.
Apply upstream patch which solves this:
https://github.com/zeek/zeek/pull/2256
Obtained from: Benjamin Bannier |
5.0.0 09 Jul 2022 02:44:49 |
Craig Leres (leres) |
security/zeek: Update to 5.0.0 (latest LTS release)
https://github.com/zeek/zeek/releases/tag/v5.0.0
Changes incompatiable with 4.0.7:
- The script-land ``union`` and ``timer`` types have been removed.
They haven't had any actual semantics backing them for some time
and shouldn't have functioned in any useable way. We opted to
skip the deprecation cycle for these types for that reason.
- Broker now uses a new network backend with a custom network
protocol that is incompatible with the pre-5.0 backend. In
practice, this means Zeek 4.x will not be able to exchange events
with Zeek 5.x. Going forward, this new backend will allow us to
keep the Broker protocol more stable and add new capabilities
in a backwards compatible way.
While we're here add a comment explaining why we really need uname
-p instead of using ARCH (uname -m). Also solve a portlint nag.
Reported by: Tim Wojtulewicz |
4.0.7_1 01 Jul 2022 21:19:09 |
Craig Leres (leres) |
security/zeek: Patch to provide tail -F semantics for input framework
MODE_STREAM
This is a backport of this github pull request:
https://github.com/zeek/zeek/pull/2097 |
4.0.7 03 Jun 2022 17:34:06 |
Craig Leres (leres) |
security/zeek: Update to 4.0.7
https://github.com/zeek/zeek/releases/tag/v4.0.7
Security fixes since 4.0.6:
- Fix potential hang in the DNS analyzer when receiving a
specially-crafted packet. Due to the possibility of this happening
with packets received from the network, this is a potential DoS
vulnerability.
Other changes:
- Fix issue with broken libpcaps that return repeat packets, most
notably the version provided with Myricom hardware.
Reported by: Tim Wojtulewicz |
4.0.6 21 Apr 2022 22:48:28 |
Craig Leres (leres) |
security/zeek: Update to 4.0.6
https://github.com/zeek/zeek/releases/tag/v4.0.6
Security fixes since 4.0.5:
- Fix potential unbounded state growth in the FTP analyzer when
receiving a specially-crafted stream of commands. This may lead
to a buffer overflow and cause Zeek to crash. Due to the possibility
of this happening with packets received from the network, this
is a potential DoS vulnerabilty.
Other changes:
- Empty table constructors with &default attributes may cause a
crash.
- Fix a bug in ZAM when a function containing a loop is inlined
- Fix a number of bugs with robust dictionary iteration.
- Fix missing "Reporter" entries when reporting hooks via zeek.
Reported by: Tim Wojtulewicz |
4.0.5 25 Jan 2022 22:38:12 |
Craig Leres (leres) |
security/zeek: Update to 4.0.5
Changes since 4.0.4:
- The highwayhash module was updated to fix a build failure on
FreeBSD.
- A number of fixes for various problems on the CI infrastructure.
- Writers were not being cleaned up correctly when recreating log
streams with the same ID as an existing stream. This could lead
to a crash.
- IP packets with bad/incorrect IP header lengths were not reporting
weirds as they should be.
Reported by: Tim Wojtulewicz |
4.0.4 16 Oct 2021 09:51:39 |
Jimmy Olgeni (olgeni) |
*: fix tab vs. space issues, and comments according to the guide. |
4.0.4 30 Sep 2021 21:23:30 |
Rene Ladan (rene) |
cleanup: drop support for EOL FreeBSD 11.X
Search criteria used:
- 11.4
- OSREL*
- OSVER*
- *_FreeBSD_11
Input from:
- adridg: devel/qca-legacy
- jbeich: _WITH_DPRINTF, _WITH_GETLINE, GNU bfd workarounds
- sunpoet: security/p5-*OpenSSL*
Reviewed by: doceng, kde, multimedia, perl, python, ruby, rust
Differential Revision: https://reviews.freebsd.org/D32008
Test Plan: make index |
4.0.4 22 Sep 2021 22:15:09 |
Craig Leres (leres) |
security/zeek: Update to 4.0.4
https://github.com/zeek/zeek/releases/tag/v4.0.4
This release fixes two vulnerabilities:
- Paths from log stream make it into system() unchecked, potentially
leading to commands being run on the system unintentionally.
This requires either bad scripting or a malicious package to be
installed, and is considered low severity.
- Fix potential unbounded state growth in the PIA analyzer when
receiving a connection with either a large number of zero-length
packets, or one which continues ack-ing unseen segments. It is
possible to run Zeek out of memory in these instances and cause (Only the first 15 lines of the commit message are shown above ) |
4.0.3_1 02 Sep 2021 09:03:25 |
Bernhard Froehlich (decke) |
security/zeek: Add CPE information
Approved by: portmgr (blanket) |
4.0.3_1 19 Jul 2021 17:08:37 |
Craig Leres (leres) |
security/zeek: Add @sample for local.zeek
This github issue:
https://github.com/zeek/zeekctl/issues/35
complained about the lack of a local.zeek file on a fresh install;
adding @sample for local.zeek solves this.
Reported by: shadonet |
4.0.3 15 Jul 2021 10:37:24 |
Piotr Kubaj (pkubaj) |
security/zeek: fix build on powerpc64*
In file included from
/wrkdirs/usr/ports/security/zeek/work/zeek-4.0.3/auxil/highwayhash/highwayhash/arch_specific.cc:27:
/usr/include/sys/sysctl.h:1185:25: error: unknown type name 'u_int'
int sysctl(const int *, u_int, void *, size_t *, const void *, size_t); |
4.0.3 12 Jul 2021 01:57:05 |
Craig Leres (leres) |
security/zeek: Unbreak build under 14.0-CURRENT
According to the cpuset(2) man page, sys/param.h must be included
before sys/cpuset.h. This was fixed in zeek (in the highwayhash
submodule) in May of 2020 and undone in August of 2020. Add a patch
that matches the pull request I just created with upstream:
https://github.com/zeek/highwayhash/pull/1
Thanks to @pluknet for diagnosing the build failure.
Reported by: pkg-fallout |
4.0.3 06 Jul 2021 21:31:18 |
Craig Leres (leres) |
security/zeek: Update to 4.0.3
https://github.com/zeek/zeek/releases/tag/v4.0.3
This release fixes the following bugs:
- Zeek now accepts unset fields in the input data only when the
corresponding record field is &optional.
- The version field in ssh.log is now optional and will not be set
if we cannot determine the version that was negotiated by the
client and server.
- Zeekctl could crash at startup on certain compilers and platforms
due to a memory corruption issue in the Broker python bindings. (Only the first 15 lines of the commit message are shown above ) |
4.0.2_1 24 Jun 2021 02:05:45 |
Craig Leres (leres) |
security/zeek: Add a ZKG option to pull in py-zkg |
4.0.2 03 Jun 2021 00:14:47 |
Craig Leres (leres) |
security/zeek: Update to 4.0.2
https://github.com/zeek/zeek/releases/tag/v4.0.2
This release fixes several potential DoS vulnerabilities:
- Fix potential Undefined Behavior in decode_netbios_name() and
decode_netbios_name_type() BIFs. The latter has a possibility
of a remote heap-buffer-overread, making this a potential DoS
vulnerability.
- Add some extra length checking when parsing mobile ipv6 packets.
Due to the possibility of reading invalid headers from remote
sources, this is a potential DoS vulnerability.
(Only the first 15 lines of the commit message are shown above ) |
4.0.1 12 May 2021 23:47:01 |
Craig Leres (leres) |
security/zeek: Unbreak build when PREFIX is not /usr/local |
4.0.1 11 May 2021 04:42:39 |
Craig Leres (leres) |
security/zeek: Unbreak package when CMAKE_BUILD_TYPE is not Release |
4.0.1 11 May 2021 02:09:19 |
Craig Leres (leres) |
security/zeek: Add fine grained DEBUG options
Allow the user to pick from DEBUG, MINSIZEREL, RELEASE, and
RELWITHDEBINFO options instead of just DEBUG. Don't STRIP with DEBUG
or RELWITHDEBINFO. Make some minor whitespace changes suggested by
portfmt. |
4.0.1 27 Apr 2021 17:35:28 |
Piotr Kubaj (pkubaj) |
security/zeek: fix build on powerpc64le
Fix typo in systlbyname(). |
4.0.1 21 Apr 2021 21:11:05 |
Craig Leres (leres) |
security/zeek: Update to 4.0.1 to fix null-pointer dereference and potential DOS
https://github.com/zeek/zeek/releases/tag/v4.0.1
This release fixes the following vulnerability:
- Fix null-pointer dereference when encountering an invalid enum
name in a config/input file that tries to read it into a set[enum].
For those that have such an input feed whose contents may come
from external/remote sources, this is a potential DoS vulnerability.
Other fixes:
- Fix mime type detection bug in IRC/FTP file_transferred event
for file data containing null-bytes (Only the first 15 lines of the commit message are shown above ) |
4.0.0 14 Apr 2021 05:13:29 |
Craig Leres (leres) |
security/zeek: Unbreak armv7 build and fix testport issue
Add a patch from upstream to fix building on armv7 (used by pfsense):
https://github.com/zeek/zeek/issues/1496
Thanks to @garga for the pointer.
Fix a testport "left over" file @adridg reported. When zeek is run
as part of package installation, it copies some config files to
spool/installed-scripts-do-not-touch/site and local.zeek.sample
hitches a ride and needs to be removed on uninstall. But it is not
really a @sample candidate.
While we're here fix some minor portlint (env -> ${SETENV}) and
clean up some commented out directives.
Reported by: garga adridg |
4.0.0 06 Apr 2021 14:31:13 |
Mathieu Arnold (mat) |
all: Remove all other $FreeBSD keywords. |
4.0.0 06 Apr 2021 14:31:07 |
Mathieu Arnold (mat) |
Remove # $FreeBSD$ from Makefiles. |
4.0.0 23 Mar 2021 18:43:26 |
pkubaj |
security/zeek: fix build on powerpc64 elfv2
-mpowerp8-vector is now necessary due to use of highwayhash.
Fix typo on sysctlbyname.
Also correct typo in BROKEN entries. |
4.0.0 20 Mar 2021 01:16:38 |
leres |
security/zeek: Update to 4.0.0
This is the next Long-Term Support (LTS) major version:
https://github.com/zeek/zeek/releases/tag/v4.0.0
https://zeek.org/2020/12/15/zeek-4-0-release-candidate/
Support for the previous LTS (3.0.x) will end in about two months.
Reported by: Jon Siwek |
3.0.13 23 Feb 2021 01:54:20 |
leres |
security/zeek: Update to 3.0.13
https://github.com/zeek/zeek/releases/tag/v3.0.13
This release fixes the following vulnerability:
- Fix ASCII Input reader's treatment of input files containing
null-bytes. An input file containing null-bytes could lead to a
buffer-over-read, crash Zeek, and be exploited to cause Denial
of Service.
And fixes the following bugs:
- MIME sub-entities overwrote top-level header values cause
misleading SMTP log
- Fix incorrect major_subsys_version field in pe_optional_header
event
Reported by: Jon Siwek |
3.0.12_2 22 Dec 2020 17:02:54 |
pkubaj |
security/zeek: enable on powerpc64 head |
3.0.12_2 17 Dec 2020 22:01:31 |
leres |
security/zeek: Install cmake files
Unstream requested that share/zeek/cmake/* be installed as the files
are used to build zeek plugins.
While here update some pkg-plist @preunexec entries (*.bro -> *.zeek).
Reported by: Robin Sommer, Benjamin Bannier |
3.0.12_1 16 Dec 2020 01:05:01 |
leres |
security/zeek: Improve the pkg upgrade experience
Don't remove %%PREFIX%%/spool/state.db otherwise when zeek is
upgraded zeekctl doesn't detect the running instance and "restart"
fails.
Split uninstall related info in pkg-message.in to a new remove
section (and fix some typos). |
3.0.12 15 Dec 2020 22:17:29 |
leres |
security/zeek: Update to 3.0.12
https://github.com/zeek/zeek/releases/tag/v3.0.12
This release fixes the following bugs:
- Incorrect ICMP Neighbor Discovery Option length calculation
- Fix SMB2 response status parsing
- Fix excessive connection_status_update events for ICMP connections
Reported by: Jon Siwek |
3.0.11_2 19 Nov 2020 00:34:21 |
leres |
security/zeek: Remove deprecated security/broccoli option
Upstream confirms that support for the broccoli protocol will be
removed in a future version of zeek. And given that security/broccoli
requires python2 which will be deprecated at the end of December,
lets remove broccoli support from zeek now. |
3.0.11_1 06 Nov 2020 18:38:46 |
leres |
security/zeek: Fix build on armv7 and allow running as non-root user
Apply Renato Botelho's fix for the ARCH used in PLIST_SUB (with
some changes). Essentially use uname -m instead of trying to fix
up the ARCH defined by bsd.port.mk (uname -p).
While we're here:
- Convert networks.cfg, node.cfg, and zeekctl.cfg to use @sample
- Use @sample to avoid clobbering site.zeek (oops).
- Remove unnecessary subshell for the post-build-NETMAP-on target.
- Silence the annoying "use ZeekControl.plugin instead of (Only the first 15 lines of the commit message are shown above ) |
3.0.11 07 Oct 2020 21:29:54 |
leres |
security/zeek: Update to 3.0.11 to fix memory leaks and potential DOS:
https://github.com/zeek/zeek/releases/tag/v3.0.11
- A memory leak in multipart MIME code has potential for remote
exploitation and cause for Denial of Service via resource
exhaustion.
Other fixes:
- Fix incorrect RSTOS0 conn_state determinations
Reported by: Jon Siwek
MFH: 2020Q4
Security: 769a4f60-9056-4c27-89a1-1758a59a21f8 |
3.0.10 10 Sep 2020 00:15:49 |
leres |
security/zeek: Update to 3.0.10 to fix memory leaks and potential DOS:
https://github.com/zeek/zeek/releases/tag/v3.0.10
- Fix memory leak caused by re-entering AYIYA parsing
- Fix memory leak caused by re-entering GTPv1 parsing
Other fixes:
- Fix Input Framework 'change' events for 'set' destinations
- Fix reported body-length of HTTP messages w/ sub-entities
Reported by: Jon Siwek
MFH: 2020Q3
Security: 2c92fdd3-896c-4a5a-a0d8-52acee69182d |
3.0.8 28 Jul 2020 01:09:39 |
leres |
security/zeek: Update to 3.0.8 and address various vulnerabilities:
https://github.com/zeek/zeek/releases/tag/v3.0.8
- Fix potential DNS analyzer stack overflow
- Fix potential NetbiosSSN analyzer stack overflow
Other fixes:
- Fix DHCP Client ID Option misformat for Hardware Type 0
- Fix/allow copying/cloning of opaque of Broker::Store
- Fix ConnPolling memory over-use (Only the first 15 lines of the commit message are shown above ) |
3.0.7 05 Jul 2020 09:44:25 |
mikael |
security/zeek: fix packaging on aarch64
pkg-static: Unable to access file
/wrkdirs/usr/ports/security/zeek/work/stage/usr/local/lib/zeek/plugins/Bro_Netmap/lib/Bro-Netmap.freebsd-aarch64.so:No
such file or directory
Approved by: portmgr (tier-2 blanket) |
3.0.7 17 Jun 2020 18:17:45 |
sunpoet |
Move devel/swig30 to devel/swig and update to 4.0.1
- Do not silence installation message
- Update dependent ports:
- Fix build with swig 4.0.1
- Update *_DEPENDS
- Remove BINARY_ALIAS
Changes: http://www.swig.org/news.php
PR: 246613
Exp-run by: antoine |
3.0.7 10 Jun 2020 19:15:07 |
leres |
security/zeek: Update to 3.0.7 and address various vulnerabilities:
https://raw.githubusercontent.com/zeek/zeek/v3.0.7/NEWS
- Fix potential stack overflow in NVT analyzer
- Fix NVT analyzer memory leak from multiple telnet authn name options
- Fix multiple content-transfer-encoding headers causing a memory leak
- Fix potential leak of Analyzers added to tree during Analyzer::Done
- Prevent IP fragment reassembly on packets without minimal IP header
Other fixes: (Only the first 15 lines of the commit message are shown above ) |
3.0.6_1 08 May 2020 20:51:23 |
leres |
security/zeek: Fix build with PERFTOOLS which needed BUILD_DEPENDS.
While we're here sort options related.
Reported by: James Welcher |
3.0.6 06 May 2020 23:37:35 |
leres |
security/zeek: Update to 3.0.6 and address multiple vulnerabilites:
https://raw.githubusercontent.com/zeek/zeek/v3.0.6/NEWS
- Fix buffer over-read in Ident analyzer
- Fix SSL scripting error leading to uninitialized field access
and memory leak
- Fix POP3 analyzer global buffer over-read
- Fix potential stack overflows due to use of Variable-Length-Arrays
Other changes since 3.0.5 include:
(Only the first 15 lines of the commit message are shown above ) |
3.0.5 15 Apr 2020 00:01:37 |
leres |
security/zeek: Update to 3.0.5
Chase latest version number that contains a simple fix not relevant
to supported versions of FreeBSD (hence no MFH).
https://raw.githubusercontent.com/zeek/zeek/3ad19762770c567edc3498b3c1f9f216f46970b0/NEWS
- Same as 3.0.4 but fixes compilation on various platforms with
older compilers, for example GCC 4.8.x. |
3.0.4 14 Apr 2020 20:55:15 |
leres |
security/zeek: Update to 3.0.4 and address a remote crash vulnerability:
https://github.com/zeek/zeek/blob/e059d4ec2e689b3c8942f4aa08b272f24ed3f612/NEWS
- Fix stack overflow in POP3 analyzer. An attacker can crash Zeek
remotely via crafted packet sequence.
Other fixes:
- Fix use-after-free in Zeek lambda functions with uninitialized
locals
- Fix buffer overflow due to tables/records created at parse-time
not rebuilt on record redef
(Only the first 15 lines of the commit message are shown above ) |
3.0.3_1 14 Apr 2020 18:10:15 |
leres |
security/zeek: Fix typo in the rc.d script
(From the PR) "bro_stop" should say "zeek_stop" instead.
PR: 245612
Reported by: bugs@codejammer.se
MFH: 2020Q2 |
3.0.3 18 Mar 2020 00:34:19 |
leres |
security/zeek: Limit portscout to even long term support release versions
https://github.com/zeek/zeek/releases
Zeek 3.0.x is the Long-Term Support release, receiving bug fixes
until at least October 2020 while Zeek 3.1.x is the current
feature release, receiving bug fixes until approximately July
2020 when the 3.2.x release series begins.
Approved by: matthew (mentor, implicit) |
3.0.3 15 Mar 2020 22:44:26 |
leres |
security/bro: Update to 3.0.3 and address a number of potential
denial of service issues:
https://github.com/zeek/zeek/releases/tag/v3.0.2
https://github.com/zeek/zeek/releases/tag/v3.0.3
- Potential Denial of Service due to memory leak in DNS TSIG message
parsing.
- Potential Denial of Service due to memory leak (or assertion
when compiling with assertions enabled) when receiving a second
SSH KEX message after a first.
- Potential Denial of Service due to buffer read overflow and/or
memory leaks in Kerberos analyzer. The buffer read overflow (Only the first 15 lines of the commit message are shown above ) |
3.0.1 11 Dec 2019 21:43:22 |
leres |
security/bro: Update to 3.0.1. As announced by Jon Siwek:
This is a bug-fix release that most notably addresses a JSON
logging performance regression in 3.0.0, but also fixes other
minor bugs. A list which details the changes can be found here:
https://github.com/zeek/zeek/releases/tag/v3.0.1
Approved by: ler (mentor, implicit) |
3.0.0 17 Nov 2019 01:03:04 |
leres |
security/zeek: This adds security/zeek, the new version of security/bro.
This is being done as svn copy instead of rename so that users of
security/bro can have some time to migrate. It also allows for
possible security updates to the old bro port which upstream has
indicated is possible for at least a few months.
Reviewed by: ler (mentor)
Approved by: ler (mentor)
Differential Revision: https://reviews.freebsd.org/D22376 |