Personal patches
e28db1fea4
security/bro: Update to 2.6.2 and address several denial of service vulnerabilities: https://raw.githubusercontent.com/zeek/zeek/bb979702cf9a2fa67b8d1a1c7f88d0b56c6af104/NEWS - Integer type mismatches in BinPAC-generated parser code and Bro analyzer code may allow for crafted packet data to cause unintentional code paths in the analysis logic to be taken due to unsafe integer conversions causing the parser and analysis logic to each expect different fields to have been parsed. One such example, reported by Maksim Shudrak, causes the Kerberos analyzer to dereference a null pointer. CVE-2019-12175 was assigned for this issue. - The Kerberos parser allows for several fields to be left uninitialized, but they were not marked with an &optional attribute and several usages lacked existence checks. Crafted packet data could potentially cause an attempt to access such uninitialized fields, generate a runtime error/exception, and leak memory. Existence checks and &optional attributes have been added to the relevent Kerberos fields. - BinPAC-generated protocol parsers commonly contain fields whose length is derived from other packet input, and for those that allow for incremental parsing, BinPAC did not impose a limit on how large such a field could grow, allowing for remotely-controlled packet data to cause growth of BinPAC's flowbuffer bounded only by the numeric limit of an unsigned 64-bit integer, leading to memory exhaustion. There is now a generalized limit for how large flowbuffers are allowed to grow, tunable by setting "BinPAC::flowbuffer_capacity_max". Approved by: ler (mentor, implicit) Security: 177fa455-48fc-4ded-ba1b-9975caa7f62a Approved by: ports-secteam (miwi) |
||
|---|---|---|
| accessibility | ||
| arabic | ||
| archivers | ||
| astro | ||
| audio | ||
| base | ||
| benchmarks | ||
| biology | ||
| cad | ||
| chinese | ||
| comms | ||
| converters | ||
| databases | ||
| deskutils | ||
| devel | ||
| dns | ||
| editors | ||
| emulators | ||
| finance | ||
| french | ||
| ftp | ||
| games | ||
| german | ||
| graphics | ||
| hebrew | ||
| hungarian | ||
| irc | ||
| japanese | ||
| java | ||
| Keywords | ||
| korean | ||
| lang | ||
| math | ||
| misc | ||
| Mk | ||
| multimedia | ||
| net | ||
| net-im | ||
| net-mgmt | ||
| net-p2p | ||
| news | ||
| palm | ||
| polish | ||
| ports-mgmt | ||
| portuguese | ||
| russian | ||
| science | ||
| security | ||
| shells | ||
| sysutils | ||
| Templates | ||
| textproc | ||
| Tools | ||
| ukrainian | ||
| vietnamese | ||
| www | ||
| x11 | ||
| x11-clocks | ||
| x11-drivers | ||
| x11-fm | ||
| x11-fonts | ||
| x11-servers | ||
| x11-themes | ||
| x11-toolkits | ||
| x11-wm | ||
| .arcconfig | ||
| .gitattributes | ||
| .gitauthors | ||
| .gitignore | ||
| .gitmessage | ||
| CHANGES | ||
| CONTRIBUTING.md | ||
| COPYRIGHT | ||
| GIDs | ||
| LEGAL | ||
| Makefile | ||
| MOVED | ||
| README | ||
| UIDs | ||
| UPDATING | ||
This is the FreeBSD Ports Collection. For an easy to use WEB-based interface to it, please see: https://www.FreeBSD.org/ports For general information on the Ports Collection, please see the FreeBSD Handbook ports section which is available from: https://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/ports.html for the latest official version or: The ports(7) manual page (man ports). These will explain how to use ports and packages. If you would like to search for a port, you can do so easily by saying (in /usr/ports): make search name="<name>" or: make search key="<keyword>" which will generate a list of all ports matching <name> or <keyword>. make search also supports wildcards, such as: make search name="gtk*" For information about contributing to FreeBSD ports, please see the Porter's Handbook, available at: https://www.FreeBSD.org/doc/en_US.ISO8859-1/books/porters-handbook/ NOTE: This tree will GROW significantly in size during normal usage! The distribution tar files can and do accumulate in /usr/ports/distfiles, and the individual ports will also use up lots of space in their work subdirectories unless you remember to "make clean" after you're done building a given port. /usr/ports/distfiles can also be periodically cleaned without ill-effect.