Summary: | [MAINTAINER] security/bro, security/broccoli: Update to 2.3.2 (includes two CVE fixes) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Craig Leres <leres> | ||||||||
Component: | Individual Port(s) | Assignee: | Kurt Jaeger <pi> | ||||||||
Status: | Closed FIXED | ||||||||||
Severity: | Affects Many People | CC: | pi | ||||||||
Priority: | --- | Keywords: | patch, patch-ready | ||||||||
Version: | Latest | ||||||||||
Hardware: | Any | ||||||||||
OS: | Any | ||||||||||
Attachments: |
|
Created attachment 152210 [details]
poudriere log for security/bro
Created attachment 152211 [details]
poudriere log for security/broccoli
Q: Where does bug 193231 fit into this? Does this supersede the former? Please update this or bug 193231 accordingly. Q: Must security/bro and security/broccoli be updated in a single commit atomically? If not please separate the patches (per port) and indicate which one must be committed first if required. Given you are the maintainer for both, and both seem related to the same update, individual PR's ought not be necessary this time around. For Bonus Points: Write a VuXML entry [1] and add CPE information [2] [1] https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/book.html#security-notify [2] https://www.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/book.html#uses Otherwise a good issue report, good stuff! > Q: Where does bug 193231 fit into this? Does this supersede the former? > > Please update this or bug 193231 accordingly. Done. > Q: Must security/bro and security/broccoli be updated in a single commit atomically? > > If not please separate the patches (per port) and indicate which one must be committed first if required. > > Given you are the maintainer for both, and both seem related to the same update, individual PR's ought not be necessary this time around. In the case of a version upgrade I think it's better to insure both ports are at the same version. Certainly I test changes by upgrading both at the same time. > For Bonus Points: > > Write a VuXML entry [1] and add CPE information [2] I sent a note to ports-secteam@freebsd.org yesterday after filing this PR. poudriere build logs are at http://people.freebsd.org/~pi/logs/security__broccoli-10x-1422915189.txt http://people.freebsd.org/~pi/logs/security__broccoli-93a-1422915189.txt http://people.freebsd.org/~pi/logs/security__broccoli-84i-1422915189.txt http://people.freebsd.org/~pi/logs/security__bro-10x-1422912106.txt http://people.freebsd.org/~pi/logs/security__bro-93a-1422912106.txt http://people.freebsd.org/~pi/logs/security__bro-84i-1422912106.txt looks fine. A commit references this bug: Author: pi Date: Mon Feb 2 22:25:26 UTC 2015 New revision: 378333 URL: https://svnweb.freebsd.org/changeset/ports/378333 Log: security/bro, security/broccoli: 2.3 -> 2.3.2 This updates bro and broccoli from 2.3 and 2.3.2, which is a security update. Changes to the bro port: - Rework openssl option logic - Remove obsolete - pkgng related changes Changes to the broccoli port: - Remove unused DOCS option - Enable PYTHON by default - pkgng related changes - Minor portlint changes Changes in 2.3.2: - DNP3: fix reachable assertion and buffer over-read/overflow. CVE number pending. (Travis Emmert, Jon Siwek) - Update binpac: Fix potential out-of-bounds memory reads in generated code. CVE-2014-9586. (John Villamil and Chris Rohlf - Yahoo Paranoids, Jon Siwek) - BIT-1234: Fix build on systems that already have ntohll/htonll. (Jon Siwek) - BIT-1291: Delete prebuilt python bytecode files from git. (Jon Siwek) - Adding call to new binpac::init() function. (Robin Sommer) Changes in 2.3.1: - Fix a reference counting bug in ListVal ctor. (Jon Siwek) - Fix possible buffer over-read in DNS TSIG parsing. (Jon Siwek) - Change EDNS parsing code to use rdlength more cautiously. (Jon Siwek) - Fix null pointer dereference in OCSP verification code in case no certificate is sent as part as the ocsp reply. Addresses BIT-1212. (Johanna Amann) - Fix OCSP reply validation. Addresses BIT-1212 (Johanna Amann) - Make links in documentation templates protocol relative. (Johanna Amann) PR: 197107 Submitted by: Craig Leres <leres@ee.lbl.gov> (maintainer) Reviewed by: koobs Changes: head/security/bro/Makefile head/security/bro/distinfo head/security/bro/pkg-plist head/security/broccoli/Makefile head/security/broccoli/distinfo head/security/broccoli/pkg-plist Committed, thanks. |
Created attachment 152209 [details] Patchset for security/bro and security/broccoli This updates bro and broccoli from 2.3 and 2.3.2, which is a security update. Changes to the bro port: * Rework openssl option logic * Remove obsolete * pkgng related changes Changes to the broccoli port: * Remove unused DOCS option * Enable PYTHON by default * pkgng related changes * Minor portlint changes Changes in 2.3.2: * DNP3: fix reachable assertion and buffer over-read/overflow. CVE number pending. (Travis Emmert, Jon Siwek) * Update binpac: Fix potential out-of-bounds memory reads in generated code. CVE-2014-9586. (John Villamil and Chris Rohlf - Yahoo Paranoids, Jon Siwek) * BIT-1234: Fix build on systems that already have ntohll/htonll. (Jon Siwek) * BIT-1291: Delete prebuilt python bytecode files from git. (Jon Siwek) * Adding call to new binpac::init() function. (Robin Sommer) Changes in 2.3.1: * Fix a reference counting bug in ListVal ctor. (Jon Siwek) * Fix possible buffer over-read in DNS TSIG parsing. (Jon Siwek) * Change EDNS parsing code to use rdlength more cautiously. (Jon Siwek) * Fix null pointer dereference in OCSP verification code in case no certificate is sent as part as the ocsp reply. Addresses BIT-1212. (Johanna Amann) * Fix OCSP reply validation. Addresses BIT-1212 (Johanna Amann) * Make links in documentation templates protocol relative. (Johanna Amann)