MFH: r472014

Update to 2.5.4 which fixes multiple memory allocation issues: - Multiple fixes and improvements to BinPAC generated code related to array parsing, with potential impact to all Bro's BinPAC-generated analyzers in the form of buffer over-reads or other invalid memory accesses depending on whether a particular analyzer incorrectly assumed that the evaulated-array-length expression is actually the number of elements that were parsed out from the input. - The NCP analyzer (not enabled by default and also updated to actually work with newer Bro APIs in the release) performed a memory allocation based directly on a field in the input packet and using signed integer storage. This could result in a signed integer overflow and memory allocations of negative or very large size, leading to a crash or memory exhaustion. The new NCP::max_frame_size tuning option now limits the maximum amount of memory that can be allocated. Other fixes: - A memory leak in the SMBv1 analyzer. - The MySQL analyzer was generally not working as intended, for example, it now is able to parse responses that contain multiple results/rows. Add gettext-runtime to USES to address a poudriere testport warning. Reviewed by: matthew (mentor) Approved by: matthew (mentor) Security: 2f4fd3aa-32f8-4116-92f2-68f05398348e Differential Revision: https://reviews.freebsd.org/D15678 Approved by: ports-secteam (feld), matthew (mentor)
svn path=/branches/2018Q2/; revision=472022
2018-06-08 19:52:02 +00:00 · 2018-06-08 19:52:02 +00:00 · a887982e58 · 2021-03-31 03:12:20 +00:00
commit a887982e58
parent 2541f340fe
3 changed files with 6 additions and 5 deletions
--- a/security/bro/Makefile
+++ b/security/bro/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME=	bro
-PORTVERSION=	2.5.3
+PORTVERSION=	2.5.4
 CATEGORIES=	security
 MASTER_SITES=	https://www.bro.org/downloads/
 DISTFILES=	${DISTNAME}${EXTRACT_SUFX}
@ -16,7 +16,7 @@ BROKEN_powerpc64=	Does not build: error: zero-size array 'names'

 LIB_DEPENDS=	libGeoIP.so:net/GeoIP

-USES=		bison cmake:outsource compiler:c++11-lang ninja perl5 python shebangfix ssl
+USES=		bison cmake:outsource compiler:c++11-lang gettext-runtime ninja perl5 python shebangfix ssl

 CMAKE_ARGS+=	-DPYTHON_EXECUTABLE:PATH=${PYTHON_CMD}
 CXXFLAGS+=	-std=c++11 -Wall
--- a/security/bro/distinfo
+++ b/security/bro/distinfo
@ -1,6 +1,6 @@
-TIMESTAMP = 1518744511
-SHA256 (bro-2.5.3.tar.gz) = 7384fa14e6cebc86488040877fc0bfd50868e969f0fa05178cef0116e4116225
-SIZE (bro-2.5.3.tar.gz) = 18514905
+TIMESTAMP = 1528300945
+SHA256 (bro-2.5.4.tar.gz) = 80daea433fa654f2602cf67b19b9121ff6ad57761bad73cc29020c4f490c5f1f
+SIZE (bro-2.5.4.tar.gz) = 18520847
 SHA256 (actor-framework-actor-framework-0.14.6_GH0.tar.gz) = cbc2033896fe41e42604de2f74673971718a40684996650157484485755f7720
 SIZE (actor-framework-actor-framework-0.14.6_GH0.tar.gz) = 1239451
 SHA256 (bro-bro-netmap-cf88debf487b31ab30dc3b5bac64783b4e49997e_GH0.tar.gz) = 383423f92932c3ef244194954708b3a237b4f37ebc358014f51dcb3b9786896b
--- a/security/bro/pkg-plist
+++ b/security/bro/pkg-plist
@ -188,6 +188,7 @@ man/man8/bro.8.gz
 %%DATADIR%%/base/bif/plugins/Bro_MIME.events.bif.bro
 %%DATADIR%%/base/bif/plugins/Bro_Modbus.events.bif.bro
 %%DATADIR%%/base/bif/plugins/Bro_MySQL.events.bif.bro
+%%DATADIR%%/base/bif/plugins/Bro_NCP.consts.bif.bro
 %%DATADIR%%/base/bif/plugins/Bro_NCP.events.bif.bro
 %%DATADIR%%/base/bif/plugins/Bro_NTLM.events.bif.bro
 %%DATADIR%%/base/bif/plugins/Bro_NTLM.types.bif.bro