- Added two patches due to some system umask settlement(s).
Added file(s):
- files/patch-prelude-admin__prelude-admin.c
- files/patch-src__prelude-failover.c
Changelog libprelude-0.9.16:
- Implement prelude-admin list [-l] command, which provide the ability to
list existing profile name, permission, registration permission, analyzerID,
and Issuer analyzerid.
- Implement multiple analyzer deletion in prelude-admin.
- Correct printing of IDMEF time field using non local GMT offset.
- Patch to avoid struct typespec redefinition, due to variable mispelling.
This fixes a compilation problem on OpenBSD 3.8.
- Various bug fixes.
PR: ports/117417
Submitted by: maintainer (Robin Gruyters)
Changelog prelude-manager-0.9.10:
- Make threshold act like a real threshold: pass every Nth events
in the defined amount of seconds.
- Allow mixing Limit and Threshold.
- Do not share the tresholding hash accross thresholding plugin instance:
previously, the shared hash would result in strange thresholding plugin
behavior if you had several instance of thresholding loaded.
- Various bug fixes concerning plugin instance un-subscribtion
(unsubscribtion of certain plugin was not triggered).
PR: ports/117416
Submitted by: maintainer (Robin Gruyters)
GNOME 2.20 release notes can be found at
http://www.gnome.org/start/2.20/notes/en/ . Beyond that, this update
includes the new GIMP 2.4 (courtesy of ahze).
The GNOME 2.20 update also includes a huge change in the FreeBSD GNOME
hierarchy. We are now using the more standard DATADIR of ${PREFIX}/share
rather than ${PREFIX}/share/gnome. The result is that fewer patches and
hacks are needed to port GNOME components to FreeBSD. This will mean some
user changes may be required, so be sure to read /usr/ports/UPDATING for
more details.
This release and the things we accomplished in it would not have been
possible without mezz's crazy idea to collapse DATADIR, and his persistence
to make it happen successfully. Ahze and pav also deserve thanks for
their work on porting modules and testing the whole ball of wax on
pointyhat (respectively).
The FreeBSD GNOME team would also like to thank our various testers and
contributors:
Yasuda Keisuke
Frank Jahnke
Pawel Worach
Brian Gruber
Franz Klammer
Yuri Pankov
Nick Barkas
Cristian KLEIN
Tony Maher
Scot Hetzel
Martin Matuska (mm)
Benoit Dejean
Martin Wilke (miwi)
(And anyone else I may have missed)
PRs fixed in this release:
111272, 113470, 115995, 116338
fix for BUG#291:
don't suppress password policy errors which should not be suppressed
fix for BUG#312:
pam_ldap does not try to reconnect when LDAP server closed the connection
PR: 116176
Submitted by: mm
1.1.0 fixes a pretty serious bug which resulted in BSM records without
pathname tokens being processed in some cases.
Additionally, timeout-window and timeout-probability features were added
to allow people defining sequences with timeouts to add an element of
randomness to the timeout, in theory making it more difficult for people
to attack.
timeout 60;
timeout-window 10;
timeout-probability 65;
Basically equates to:
"This sequence should timeout in a random amount of time, where the
probability of the timeout being from 60-70 is 65%"
It should be noted that there is a probability of 35% that the value will
be completely random. So naturally, the lower the timeout-probability, the
more random the timeout will be.
Approved by: tmclaugh
software supports ike v1 communications between two gateways or a
a client and a gateway.
For more information please visit ...
WWW: http://www.shrew.net/
PR: ports/116684
Submitted by: mgrooms at shrew.net
of TIS fwtk and maintains API backwards compatibility. The design goal
is to make it simple yet powerful; no performance hacks allowed in the
code and library dependencies are reduced to minimum.
WWW: http://sourceforge.net/projects/openfwtk
PR: ports/117194
Submitted by: Anton Karpov <toxa at toxahost.ru>
- Fix MASTER_SITES (adding local mirror)
The old master sites referenced distinct distfiles with the same filename.
Primary site carries the latest version which includes minor bugfixes.
Patches in previous commit were broken as they matched the older release.
to reduce confusion when "WITHOUT_LDAP and WITH_GPGSM selected, but
OpenLDAP dependency exists" situcation.
PR: ports/116558
Reported by: Jo Rhett <jrhett@netconsonance.com>
- bump libprelude library
Changelog libpreludedb:
- Source and Target now use a 16 bits index (required for CorrelationAlert
with large number of source/target). CorrelationAlert Alertident now use a
32 bits index (required to link large number of Alert together).
- Fix compilation on system without ENOTSUP (fix#227):
Include modified patch from Alexandre Anriot <aanriot@atlantilde.com>.
- [pgsql] Patch by Pierre Chifflier <chifflier@inl.fr>, that fixes type
conversions preventing PostgreSQL to use indexes (fix#225).
- [preludedb-admin] Use separate alert / heartbeat command: this is done to
have a coherent implementation of the --offset and --count command line
options.
- [preludedb-admin] Fix --offset with the load command.
- [preludedb-admin] Give the delete table a decent size, should speedup the
delete command.
- [documentation] preludedb-admin manpage (fix#230), by Pierre Chifflier
<chifflier@inl.fr>.
PR: ports/116109
Submitted by: maintainer (Robin Gruyters)
- Updated patch-Makefile.in
- Added Man page
Changelog libprelude:
- prelude-adduser has been renamed to prelude-admin, and now include command
to print or send files containing binary IDMEF data.
- Brand new failover implementation, Feature a real 'journaling' log,
allowing to restart where we were interupted. Allow multiple process to write to
the same failover, and is chroot safe.
- prelude-admin manpage, thanks to Frederic Motte <fred at ubixis com>.
- Use SHA1 in place of MD5 for Analyzer checksum.
- Do not set TCP option on UNIX socket, avoid un-necessary warning.
- New measure all over the public interface to protect against bad API
usage, when a function is not used correctly, a critical warning is triggered.
- [logging]: New PRELUDE_LOG_CRIT logging priority.
- [logging]: Correctly map Prelude log level to Syslog priority.
- [logging]: Improved logging format (include timestamp, level, process pid).
- [logging]: New LIBPRELUDE_ABORT variable, useful if you'd like libprelude
to abord on critical assertion.
- [logging]: Automatically switch to syslog mode if we detect stdout/stderr
closure.
- [IDMEF-Criteria]: When we try to match a value against a path that is not
part of a message using a 'not' operator, the match should succeed
(Example:
alert.classification.text != 'stuff' should match if the message has no
classification object).
- [IDMEF-Criteria]: When matching multiple listed values within the same
path using a 'not' operator, return an explicit 'no match' if the provided
comparison value was found at least once.
- [IDMEF-Path] (fix#251): Fixes NULL pointer dereference when the last
element of an IDMEF path to an enumeration is not the enumeration itself
(S??ébastien Tricaud <toady at gscore.org>
- Fix a possible race condition with the internal libprelude reference to
the program idmef_analyzer_t when asynchronous timer were used.
- Workaround possible deadlock at exit on OpenBSD, Linux Glibc.
- Only configure libltdl if it is required.
- Various bug fixes, minor enhancements.
- Write the children PID into specified pidfile (fixes#257).
- Fix double free on idmef_criterion_value_t cloned regexp object (thanks
to Helmut Azbest <helmut.azbest at gmail.com>).
- Allow Python thread to run, while entering libprelude C function.
- Return PRELUDE_ERROR_ASSERTION when API check fail, in place of
PRELUDE_ERROR_GENERIC.
- Make prelude_plugin_unsubcribe() work as expected (call the plugin
instance destroy function).
- Various bug fixes, minor enhancements.
PR: ports/116107
Submitted by: maintainer (Robin Gruyters)
It performs "black-box" scans, i.e. it does not study the source code of
the application but will scans the webpages of the deployed webapp,
looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to
see if a script is vulnerable.
WWW: http://wapiti.sourceforge.net/
PR: ports/116873
Submitted by: Philippe Audeoud <jadawin at tuxaco.net>
Update to latest release. Suggest all users upgrade as there
is a remote code exploit in versions less than 2.0.7
PR: ports/115534
Submitted by: Peter Thoenen <peter.thoenen@yahoo.com>
is reset by the if command. Therefore, the script does not fail when
starts with broken configuration files
- While I'm here, use %%RC_SUBR%% instead of /etc/rc.subr
PR: ports/110320
Submitted by: Dominic Fandrey <lon_kamikaze at gmx.de>
Approved by: maintainer timeout (6 months)
The attached patch fixes security/sfs so it builds with
gcc42. The only change I made that I am wary of is commenting
out the LIBTOOL variable in ${WRKSRC}/sfsrwcd/Makefile.
However, this seems to work fine on both 7.0-CURRENT and
6.2-STABLE.
In addition, I would not mind maintaining the port.
PR: ports/116389
Submitted by: Dave Grochowski <malus.x@gmail.com>
unfortunately it seems that there is no newer PHP release to
fix these issue for 4.x series, so mark it as so.
While I'm there add a new CVE that was not mentioned in
previous revision of entry.
had not been updated yet, 1.8.x is not vulnerable by default unless you are
using the $wgEnableAPI = true; statement, in that case please set it to
$wgEnableAPI = false; (where possible ofcourse, else upgrade to 1.8.5).
all current versions marked vulnerable, everything as of 2.3 is
believed to be fixed, but we do not have that yet ( I am also not
sure whether the -devel version has the correct fix or not ) so
lets be on the safe side till we know what version will be fixed
in our repro.
