FreeBSD ports tree https://cgit-dev.freebsd.org/ports/atom?h=release%2F13.2.0 2023-03-09T19:50:37Z 2023-03-09T19:50:37Z Dmitri Goutnik dmgk@FreeBSD.org 2023-03-09T19:45:22Z urn:sha1:636f0a9700972e851eb2139edc655a613f8c5a25 Direct commit to quarterly to bump Go ports revisions after 61a665d2d8d2 Approved by: ports-secteam (blanket) 2023-03-09T15:46:01Z Yasuhiro Kimura yasu@FreeBSD.org 2023-03-07T08:09:01Z urn:sha1:212d8d8f9cb00c16dbc52affa3e1668daf1fe599 PR 270002 Approved by: garga (maintainer - private email to myself, implicit) message-id: 816dd4b5-0a0d-3dd2-4bcc-c9b3b1a4ddfd@FreeBSD.org ChangeLog: https://www.sudo.ws/releases/stable/#1.9.13p3 (cherry picked from commit 6ab8398875fba68be034a9a0ab12047c9ea929c6) 2023-03-07T22:15:04Z Jan Beich jbeich@FreeBSD.org 2023-02-09T14:59:03Z urn:sha1:7dea16e20b5371b61605dfaec269121ff2c0b142 Changes: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/hSYAJS__-rw Changes: https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/zleRGChurmo Changes: https://hg.mozilla.org/projects/nss/shortlog/NSS_3_88_1_RTM Reported by: Repology (cherry picked from commit 909032bc67293b5debcd0f6bac7b41084ce14f20) 2023-03-02T00:00:27Z Cy Schubert cy@FreeBSD.org 2023-02-27T18:04:08Z urn:sha1:070b02bcc05be2fe69ba156ee9da9add5b98e79d Major changes between sudo 1.9.13p2 and 1.9.13p1: * Fixed the --enable-static-sudoers option, broken in sudo 1.9.13. GitHub issue #245. * Fixed a potential double-free bug when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir). This bug was introduced in sudo 1.9.8. PR: 269854 Approved by: garga (cherry picked from commit e974396d4c309caf72beca2db8bdd7282bf2c8e1) 2023-02-23T01:32:50Z Ashish SHUKLA ashish@FreeBSD.org 2023-02-23T00:49:56Z urn:sha1:8fb878c56085691f1dc1137a5d934eaf6e159107 (cherry picked from commit 1925a004841faf17870e0413d984ed0cee5fcc87) 2023-02-21T22:59:06Z Craig Leres leres@FreeBSD.org 2023-02-21T22:39:32Z urn:sha1:4533313d493cce2213a2b30f2e93e17c959b52f0 https://github.com/zeek/zeek/releases/tag/v5.0.7 This release fixes the following potential DoS vulnerabilities: - Receiving DNS responses from async DNS requests (via the lookup_addr, etc BIF methods) with the TTL set to zero could cause the DNS manager to eventually stop being able to make new requests. - Specially-crafted FTP packets with excessively long usernames, passwords, or other fields could cause log writes to use large amounts of disk space. - The find_all and find_all_ordered BIF methods could take extremely large amounts of time to process incoming data depending on the size of the input. This release fixes the following bugs: - Various issues with signed/unsigned character discrepancies on arm64 builds are fixed. - A performance degredation in debug builds involving hashing large keys for Dictionaries was fixed. Reported by: Tim Wojtulewicz Security: 7a425536-74f7-4ce4-9768-0079a9d44d11 (cherry picked from commit 4e0e0f48d7e3d4f0c495e2f6ac03fd70988f8777) 2023-02-21T22:59:05Z Craig Leres leres@FreeBSD.org 2023-02-01T19:06:38Z urn:sha1:88e61376dbdfcb40d5454c1bc6e154835b8060a5 https://github.com/zeek/zeek/releases/tag/v5.0.6 This release fixes the following potential DoS vulnerabilities: - A missing field in the SMB FSControl script-land record could cause a heap buffer overflow when receiving packets containing those header types. - Receiving a series of packets that start with HTTP/1.0 and then switch to HTTP/0.9 could cause Zeek to spend a large amount of time processing the packets. - Receiving large numbers of FTP commands sequentially from the network with bad data in them could cause Zeek to spend a large amount of time processing the packets, and generate a large amount of events. This release fixes the following bugs: - Zeek could throw a scripting error when receiving SMB1 packets containing connect_andx_response messages prior to receiving an associated request. - A performance regression from 4.2 to 5.0 when reading pcap files related to Broker's internal clock was fixed. - Notices created for files transferred over multiple connections will now be associated with one of the connections rather than none. - A new file_over_new_connection event was added to the Intel framework, for use when receiving files over established connections (for example, HTTP). - The error message returned when trying use invalid enums in scripts now correctly includes the script location. Reported by: Tim Wojtulewicz Security: 2b5fc9c4-eaca-46e0-83d0-9b10c51c4b1b (cherry picked from commit 85faac2f4c4a9a545a15ffb797ecb41ea3d985e5) 2023-02-21T22:59:05Z Craig Leres leres@FreeBSD.org 2023-01-10T01:07:31Z urn:sha1:03ceef365dec9882d2ef982bc3cd09f1ba6a75d4 https://github.com/zeek/zeek/releases/tag/v5.0.5 This release fixes the following bugs: - Update broker to version 2.3.6. This broker release fixes some failures when building against Python 3.11 and above. Reported by: Tim Wojtulewicz (cherry picked from commit 5f6df5b5e8a9b58c3b75c0057680bc85a2583871) 2023-02-20T14:24:18Z Renato Botelho garga@FreeBSD.org 2023-02-20T14:23:21Z urn:sha1:82154fe15a961dfb5dd23161b84be4ac379c57c0 Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 375637c7c8bf537201236f0370fa9afde5143274) 2023-02-17T10:49:10Z Dmitri Goutnik dmgk@FreeBSD.org 2023-02-16T11:44:13Z urn:sha1:9ff952570bc5120a01d31a8406f17ad49ddfb2e9 Direct commit to quarterly to bump Go ports revisions after f30271912e48 Approved by: riggs (ports-secteam)