• https://download.zeek.org/ (Download)
• https://old.zeek.org/downloads/ (Download)

• (2021-10-04) Updated to version: zeek-4.0.4
• (2021-07-07) Updated to version: zeek-4.0.3
• (2021-06-05) Updated to version: zeek-4.0.2
• (2021-04-24) Updated to version: zeek-4.0.1
• (2021-03-06) Updated to version: zeek-4.0.0
• (2021-02-27) Updated to version: zeek-3.2.4
• (2020-12-16) Updated to version: zeek-3.2.3
• (2020-10-25) Updated to version: zeek-3.2.2
• (2020-08-01) Updated to version: zeek-3.1.5
• (2020-06-11) Updated to version: zeek-3.1.4

Log message:
SECURITY update to zeek-4.0.4.
- Paths from log stream make it into system() unchecked, potentially leading
to commands being run on the system unintentionally. This requires either
bad scripting or a malicious package to be installed, and is considered
low severity.
- Fix potential unbounded state growth in the PIA analyzer when receiving a
connection with either a large number of zero-length packets, or one which
continues ack-ing unseen segments. It is possible to run Zeek out of memory
in these instances and cause it to crash. Due to the possibility of this
happening with packets received from the network, this is a potential DoS
vulnerability.

Log message:
SECURITY update to zeek-4.0.4.

Log message:
PORTROACH: skip development version.

Log message:
Update to zeek-4.0.3.

Log message:
Update to zeek-4.0.2.

Log message:
Bump to be ahead of stable.

Log message:
SECURITY update to zeek-4.0.1.

Log message:
Update to zeek-4.0.1.

Log message:
Update to zeek-4.0.0 (LTS version).
The issue with cluster mode is still present unfortunately...

Log message:
Update to zeek-3.2.4.

Log message:
Reverse the polarity of MODPY_VERSION; default is now 3.x,
if a port needs 2.x then set MODPY_VERSION=${MODPY_DEFAULT_VERSION_2}.
This commit doesn't change any versions currently used; it may be that
some ports have MODPY_DEFAULT_VERSION_2 but don't require it, those
should be cleaned up in the course of updating ports where possible.
Python module ports providing py3-* packages should still use
FLAVOR=python3 so that we don't have a mixture of dependencies some
using ${MODPY_FLAVOR} and others not.

Log message:
Rework patches and garbage collect uneeded ones.
Still trying to figure out why we're not logging anything in cluster mode.

Log message:
Update to zeek-3.2.3.

Log message:
Update to zeek-3.2.2.
Committing early in the release process to give time to test this.
Please contact me if you see any regression.

Log message:
fix typo in README; ok aja@

Log message:
Unbreak with clang >=10

Log message:
Update to zeek-3.1.5.

Log message:
Add support for DLT_LOOP.
Adapted from a patch by Matt Dunwoodie

Log message:
Don't use libexecinfo.

Log message:
Update to zeek-3.1.4.

Log message:
Update to zeek-3.1.3.

Log message:
SECURITY update to zeek-3.1.2.

Log message:
bro: don't require `-latomic' anymore on powerpc, since
this arch has been switched to clang
OK aja@ (maintainer)

Log message:
Update to zeek-3.1.1.

Log message:
Update to zeek-3.1.0.

Log message:
Fix bogus bro symlink; reported by espie@

Log message:
Update to zeek-3.0.1.
- fix picking up libexecinfo (and failing when junking); reported by naddy

Log message:
Update to zeek-3.0.0.
- everything (utilities, rc.d scripts, configuration files etc.) has been
renamed from bro to zeek.

Log message:
Bump to be ahead of stable. This is usually not needed but here we will
have a PKGNAME change between 6.5 and 6.6.

Log message:
SECURITY update to bro-2.6.4.
- The NTLM analyzer did not properly handle AV Pair sequences that were
either empty or unterminated, resulting in invalid memory access or
heap buffer over-read.  The NTLM analyzer is enabled by default and
used in the analysis of SMB, DCE/RPC, and GSSAPI protocols.

Log message:
SECURITY update to zeek-2.6.4.
- The NTLM analyzer did not properly handle AV Pair sequences that were
either empty or unterminated, resulting in invalid memory access or
heap buffer over-read.  The NTLM analyzer is enabled by default and
used in the analysis of SMB, DCE/RPC, and GSSAPI protocols.

Log message:
Rename from Bro to Zeek since it's the new upstream name.

Log message:
bro-2.6.3: SECURITY patch release to address potential Denial of Service
vulnerabilities; see https://github.com/zeek/zeek/blob/release/NEWS for
details

Log message:
bro-2.6.3: SECURITY patch release to address potential Denial of Service
vulnerabilities; see https://github.com/zeek/zeek/blob/release/NEWS for
details

Log message:
replace simple PERMIT_PACKAGE_CDROM=Yes with PERMIT_PACKAGE=Yes

Log message:
SECURITY update to bro-2.6.2
- CVE-2019-12175

Log message:
SECURITY update to bro-2.6.2.
- CVE-2019-12175

Log message:
bro: needs atomics on powerpc, and probably hppa.
Sucessfully tested on powerpc.
OK jca@

Log message:
Update to bro-2.6.1.

Log message:
and of course some would conflict... finish PKGSTEM changes manually

Log message:
SECURITY update to bro-2.5.5.
For details, see:
https://www.bro.org/sphinx/install/release-notes.html#bro-2-5-5

Log message:
Update to bro-2.5.5.

Log message:
Update to bro-2.5.4.

Log message:
SECURITY update to bro-2.5.3.
- fix for an integer overflow in code generated by binpac

Log message:
SECURITY update to bro-2.5.3.
- fix for an integer overflow in code generated by binpac

Log message:
Change the shebang line from /bin/sh to /bin/ksh in all ports rc.d
daemon scripts and bump subpackages that contain the *.rc scripts.
discussed with and OK aja@
OK tb

Log message:
add COMPILER_LIBCXX to WANTLIB and bump

Log message:
Update to bro-2.5.1.

Log message:
switch everything to new COMPILER idiom, even stuff that won't build with clang
yet, but at least that part is done.

Log message:
first batch of WANT_CXX

Log message:
Conflict with archivers/brotli.

Log message:
The bundled sqlite seems to pick up ICU4C if present and will error out if
it gets junked during the build; I could not find a proper way to disable
it...
So just BDEP on textproc/icu4c for now and hope this will workaround the
issue.
breakage reported by naddy@ a couple of times

Log message:
Rename patch, from Daniel Thayer.

Log message:
Tweak.

Log message:
Make it possible to load dynamic plugins.
from Daniel Thayer (upstream)

Log message:
Drop the setrlimit patch, it's not needed anymore; prodded by Daniel Thayer
http -> https in README while here.

Log message:
Needs gfind to run some of the bro scripts.
@sample local-logger.bro which was forgotten after the update to 2.5.
reported by Daniel Thayer, thanks!

Log message:
Update to bro-2.5.

Log message:
Add a small entry for 'broctl cron'.

Log message:
Handle the ${PREFIX}/share/broctl/scripts/broctl-config.sh symlink at
install time (@exec-add/@exec-delete). The target changes according to the
spooldir and "@comment no checksum" does not work for symlinks.

Log message:
Revert the cmake patch again and use LDFLAGS. We want to make sure libbind
is used to prevent conflicts.

Log message:
Use setrlimit() in broctl, at least 256 FDs are needed.
Fix rc_reload().

Log message:
Properly @sample local site files so that they can be modified by the admin.
Noticed by and input from semarie

Log message:
512 openfiles seems to be enough.

Log message:
Use the right cmake lingo to set a non-standard RPATH.
ok aja@

Log message:
Drop cmake/FindBIND.cmake and use LDFLAGS until I understand what magic is
needed to handle RPATH.

Log message:
Add a couple of build patches from Michael Shirk.
While here, fix a warning.

Log message:
Make sure we pick up the correct python version.
reported by naddy@

Log message:
Missing bdep on bison.

Log message:
Depends on several GeoIP DBs.
Few tweaks while here.

Log message:
Tweak README a bit.

Log message:
Long overdue update to bro-2.4.1.
Take maintainer while here.
Only slightly tested so far; so may get a few tweaks in the next days if
needed.

Log message:
bump (GeoIP pkgpath change)

Log message:
change SSLv3_method to SSLv23_method, not tested but the former isn't
going to work anyway.

Log message:
Replace dead mirror and update homepage.

Log message:
fold lib-only PFRAG.shared into PLIST, regen PLIST, and bump

Log message:
Remove Kevin Lo as maintainer, by request.

Log message:
Drop remaining MD5/RMD160/SHA1 checksums.

Log message:
sync WANTLIB

Log message:
Accept --disable-silent-rules.
ok naddy@

Log message:
new depends

Log message:
WANTLIB conversion

Log message:
Fix OpenSSL update fallout by using a diff from bro ticket #247
which checks and uses the correct API