GitHub user JonZeolla opened a pull request:

    https://github.com/apache/metron/pull/1101

    METRON-1658: Upgrade bro to 2.5.4

    ## Contributor Comments
    This upgrades bro to 2.5.4.  The changes are all security or bugfix related 
and shouldn't impact anything in the way of Metron configs.
    
    ### Testing
    ```
    cd metron-deployment/development/centos6
    vagrant --ansible-skip-tags='' up
    vagrant ssh
    sudo su -
    export PATH=$PATH:/usr/local/bro/bin
    if [[ "$(bro -v)" == "bro version 2.5.4" ]]; then echo 'Success!'; else 
echo 'ERROR:  Not running bro 2.5.4'; fi
    ```
    
    You could also take a look at the testing steps in apache/metron#844 if you 
want to do some more thorough validation.
    
    ### Release Notes
    **Bro 2.5.3**
    - Security fixes
      - Bro 2.5.3 fixes a security issue in Binpac generated code. In some 
cases the code generated by binpac could lead to an integer overflow which can 
lead to out of bound reads and allow a remote attacker to crash Bro; there is 
also a possibility that this can be exploited in other ways.
    
    **Bro 2.5.4**
    - Security fixes
      - Multiple fixes and improvements to BinPAC generated code related to 
array parsing, with potential impact to all Bro’s BinPAC-generated analyzers 
in the form of buffer over-reads or other invalid memory accesses depending on 
whether a particular analyzer incorrectly assumed that the 
evaulated-array-length expression is actually the number of elements that were 
parsed out from the input.
      - The NCP analyzer (not enabled by default and also updated to actually 
work with newer Bro APIs in the release) performed a memory allocation based 
directly on a field in the input packet and using signed integer storage. This 
could result in a signed integer overflow and memory allocations of negative or 
very large size, leading to a crash or memory exhaustion. The new 
NCP::max_frame_size tuning option now limits the maximum amount of memory that 
can be allocated.
    - Bug fixes
      - A memory leak in the SMBv1 analyzer.
      - The MySQL analyzer was generally not working as intended, for example, 
it now is able to parse responses that contain multiple results/rows.
    
    ## Pull Request Checklist
    
    Thank you for submitting a contribution to Apache Metron.  
    Please refer to our [Development 
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
 for the complete guide to follow for contributions.  
    Please refer also to our [Build Verification 
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
 for complete smoke testing guides.  
    
    
    In order to streamline the review of the contribution we ask you follow 
these guidelines and ask you to double check the following:
    
    ### For all changes:
    - [X] Is there a JIRA ticket associated with this PR? If not one needs to 
be created at [Metron 
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
    - [X] Does your PR title start with METRON-XXXX where XXXX is the JIRA 
number you are trying to resolve? Pay particular attention to the hyphen "-" 
character.
    - [X] Has your PR been rebased against the latest commit within the target 
branch (typically master)?
    
    
    ### For code changes:
    - [ ] Have you included steps to reproduce the behavior or problem that is 
being changed or addressed?
    - [X] Have you included steps or a guide to how the change may be verified 
and tested manually?
    - [ ] Have you ensured that the full suite of tests and checks have been 
executed in the root metron folder via:
      ```
      mvn -q clean integration-test install && 
dev-utilities/build-utils/verify_licenses.sh 
      ```
    
    - [ ] Have you written or updated unit tests and or integration tests to 
verify your changes?
    - [ ] If adding new dependencies to the code, are these dependencies 
licensed in a way that is compatible for inclusion under [ASF 
2.0](http://www.apache.org/legal/resolved.html#category-a)?
    - [X] Have you verified the basic functionality of the build by building 
and running locally with Vagrant full-dev environment or the equivalent?
    
    ### For documentation related changes:
    - [ ] Have you ensured that format looks appropriate for the output in 
which it is rendered by building and verifying the site-book? If not then run 
the following commands and the verify changes via 
`site-book/target/site/index.html`:
    
      ```
      cd site-book
      mvn site
      ```
    
    #### Note:
    Please ensure that once the PR is submitted, you check travis-ci for build 
issues and submit an update to your PR as soon as possible.
    It is also recommended that [travis-ci](https://travis-ci.org) is set up 
for your personal repository such that your branches are built there before 
submitting a pull request.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/JonZeolla/metron METRON-1658

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/metron/pull/1101.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1101
    
----
commit f85946e73ae95fee5b556468586e3b0fc3d3206d
Author: Jon Zeolla <zeolla@...>
Date:   2018-07-10T14:55:32Z

    METRON-1658: Upgrade bro to 2.5.4

----


---

Reply via email to