- bump libprelude library
Changelog libpreludedb:
- Source and Target now use a 16 bits index (required for CorrelationAlert
with large number of source/target). CorrelationAlert Alertident now use a
32 bits index (required to link large number of Alert together).
- Fix compilation on system without ENOTSUP (fix#227):
Include modified patch from Alexandre Anriot <aanriot@atlantilde.com>.
- [pgsql] Patch by Pierre Chifflier <chifflier@inl.fr>, that fixes type
conversions preventing PostgreSQL to use indexes (fix#225).
- [preludedb-admin] Use separate alert / heartbeat command: this is done to
have a coherent implementation of the --offset and --count command line
options.
- [preludedb-admin] Fix --offset with the load command.
- [preludedb-admin] Give the delete table a decent size, should speedup the
delete command.
- [documentation] preludedb-admin manpage (fix#230), by Pierre Chifflier
<chifflier@inl.fr>.
PR: ports/116109
Submitted by: maintainer (Robin Gruyters)
- Updated patch-Makefile.in
- Added Man page
Changelog libprelude:
- prelude-adduser has been renamed to prelude-admin, and now include command
to print or send files containing binary IDMEF data.
- Brand new failover implementation, Feature a real 'journaling' log,
allowing to restart where we were interupted. Allow multiple process to write to
the same failover, and is chroot safe.
- prelude-admin manpage, thanks to Frederic Motte <fred at ubixis com>.
- Use SHA1 in place of MD5 for Analyzer checksum.
- Do not set TCP option on UNIX socket, avoid un-necessary warning.
- New measure all over the public interface to protect against bad API
usage, when a function is not used correctly, a critical warning is triggered.
- [logging]: New PRELUDE_LOG_CRIT logging priority.
- [logging]: Correctly map Prelude log level to Syslog priority.
- [logging]: Improved logging format (include timestamp, level, process pid).
- [logging]: New LIBPRELUDE_ABORT variable, useful if you'd like libprelude
to abord on critical assertion.
- [logging]: Automatically switch to syslog mode if we detect stdout/stderr
closure.
- [IDMEF-Criteria]: When we try to match a value against a path that is not
part of a message using a 'not' operator, the match should succeed
(Example:
alert.classification.text != 'stuff' should match if the message has no
classification object).
- [IDMEF-Criteria]: When matching multiple listed values within the same
path using a 'not' operator, return an explicit 'no match' if the provided
comparison value was found at least once.
- [IDMEF-Path] (fix#251): Fixes NULL pointer dereference when the last
element of an IDMEF path to an enumeration is not the enumeration itself
(S??ébastien Tricaud <toady at gscore.org>
- Fix a possible race condition with the internal libprelude reference to
the program idmef_analyzer_t when asynchronous timer were used.
- Workaround possible deadlock at exit on OpenBSD, Linux Glibc.
- Only configure libltdl if it is required.
- Various bug fixes, minor enhancements.
- Write the children PID into specified pidfile (fixes#257).
- Fix double free on idmef_criterion_value_t cloned regexp object (thanks
to Helmut Azbest <helmut.azbest at gmail.com>).
- Allow Python thread to run, while entering libprelude C function.
- Return PRELUDE_ERROR_ASSERTION when API check fail, in place of
PRELUDE_ERROR_GENERIC.
- Make prelude_plugin_unsubcribe() work as expected (call the plugin
instance destroy function).
- Various bug fixes, minor enhancements.
PR: ports/116107
Submitted by: maintainer (Robin Gruyters)
It performs "black-box" scans, i.e. it does not study the source code of
the application but will scans the webpages of the deployed webapp,
looking for scripts and forms where it can inject data.
Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to
see if a script is vulnerable.
WWW: http://wapiti.sourceforge.net/
PR: ports/116873
Submitted by: Philippe Audeoud <jadawin at tuxaco.net>
Update to latest release. Suggest all users upgrade as there
is a remote code exploit in versions less than 2.0.7
PR: ports/115534
Submitted by: Peter Thoenen <peter.thoenen@yahoo.com>
is reset by the if command. Therefore, the script does not fail when
starts with broken configuration files
- While I'm here, use %%RC_SUBR%% instead of /etc/rc.subr
PR: ports/110320
Submitted by: Dominic Fandrey <lon_kamikaze at gmx.de>
Approved by: maintainer timeout (6 months)
The attached patch fixes security/sfs so it builds with
gcc42. The only change I made that I am wary of is commenting
out the LIBTOOL variable in ${WRKSRC}/sfsrwcd/Makefile.
However, this seems to work fine on both 7.0-CURRENT and
6.2-STABLE.
In addition, I would not mind maintaining the port.
PR: ports/116389
Submitted by: Dave Grochowski <malus.x@gmail.com>
unfortunately it seems that there is no newer PHP release to
fix these issue for 4.x series, so mark it as so.
While I'm there add a new CVE that was not mentioned in
previous revision of entry.
had not been updated yet, 1.8.x is not vulnerable by default unless you are
using the $wgEnableAPI = true; statement, in that case please set it to
$wgEnableAPI = false; (where possible ofcourse, else upgrade to 1.8.5).
all current versions marked vulnerable, everything as of 2.3 is
believed to be fixed, but we do not have that yet ( I am also not
sure whether the -devel version has the correct fix or not ) so
lets be on the safe side till we know what version will be fixed
in our repro.
- Fixed a bug in the IP address matching introduced by the IPV6 merge.
- Fixed sudoedit when used on a non-existent file.
- Groups and netgroups are now valid in an LDAP sudoRunas statement.
- Use php5 to cover php 5.x as the port did.
- Add more information about the vulnerability.
Submitted by: Nick Barkas <snb threerings net>
PR: ports/116182
This is an upgrade of the security/bro port to the current
stable version. The port is very complex, so it needs to
be tested carefully to make sure that I'm not screwing
anything up or using wrong conventions. Also, I'm willing
to take over maintainership of the port if it's accepted
into the tree.
Please note, there are several files that need to be removed
from the port and quite a few that need to be added. All
these files are in FILESDIR. I have provided blank patches
for the files that need to be removed, so the patches will
create blank files.
Added IS_INTERACTIVE to the port
Left original freebsd header comments in it.
Next time please use one big patch-file instead of lots of little ones :-)
PR: ports/114999
Submitted by: Paul Schmehl <pauls@utdallas.edu>
Update from 0.06 to 0.07. Changelog:
- Added utf8 support and symlinks from real filenames to
numbered filenames
PR: ports/116063
Submitted by: "R.Mahmatkhanov" <R.Mahmatkhanov@SKYLINK.ru>
AfterGlow is a collection of scripts which facilitate the
process of generating event graphs and treemaps. AfterGlow
1.x is written in Perl and generates output that can be
read by GraphViz or LGL. All the scripts and other files
for afterglow are installed in ${DATADIR}
WWW: http://sourceforge.net/projects/afterglow
PR: ports/115186
Submitted by: Paul Schmehl <pauls@utdallas.edu>
ssss is an implementation of Shamir's secret sharing scheme
for UNIX/linux machines. It is free software, the code is
licensed under the GNU GPL. ssss does both: the generation
of shares for a known secret and the reconstruction of a
secret using user provided shares. The software was written
in 2006 by B. Poettering, it links against the GNU libgmp
multiprecision library (version 4.1.4 works well) and
requires the /dev/random entropy source.
PR: ports/115949
Submitted by: Lukasz Komsta <luke@novum.am.lublin.pl>
The seccure toolset implements a selection of asymmetric
algorithms based on elliptic curve cryptography (ECC). In
particular it offers public key encryption / decryption,
signature generation / verification and key establishment.
ECC schemes offer a much better key size to security ratio
than classical systems (RSA, DSA). Keys are short enough
to make direct specification of keys on the command line
possible (sometimes this is more convenient than the
management of PGP-like key rings). seccure builds on this
feature and therefore is the tool of choice whenever
lightweight asymmetric cryptography -- independent of key
servers, revocation certificates, the Web of Trust or even
configuration files -- is required.
PR: ports/115943
Submitted by: Lukasz Komsta <luke@novum.am.lublin.pl>
New port of Hamachi VPN, using Linux official binary and a
patch on tuncfg.c based on the official OSX release.
Hamachi is a software that eases the creation of secure
VPNs even between nodes that would not be able to connect
to each other (server-assisted connection can be established
from two NATted client, if at least one of the two NAT
associates the port to the client not checking remote host).
UPX port is required in order to decompress the linux binary
and avoid run-time dependency on /proc.
PR: ports/112982
Submitted by: Lapo Luchini <lapo@lapo.it>
The OpenVPN Auth-LDAP Plugin implements username/password
authentication via LDAP for OpenVPN 2.x. It also includes
some integration with the OpenBSD packet filter, supporting
adding and removing VPN clients from PF tables.
WWW: http://dpw.threerings.net/projects/openvpn-auth-ldap/
PR: ports/113925
Submitted by: Nick Barkas <snb@threerings.net>
This is a Python based package of tools that can be used to assess
the security of a web server (including automated advanced tests,
e.g. for XSS or SQL injection vulnerabilities).
I did not get this port to work with the py-google port, there for
a local copy of pygoogle is included and packaged with this port.
2. Update the MASTER_SITES
3. Add a verify target for the PGP signature, and download the signature
4. Add USE_GMAKE
5. Add an unconditional USE_GETTEXT since there is no way to disable it
6. Update pkg-plist with the *.mo files
Approved by: maintainer timeout
PR: ports/115664 (pkg-plist fix)
Submitted by: Matthias Andree <matthias.andree@gmx.de>
2. Add a verify target for the PGP signature, and download the signature
Approved by: maintainer
PR: ports/115664 (pkg-plist fix)
Submitted by: Matthias Andree <matthias.andree@gmx.de>
and extracts sessions for a number of different appplications:
ssh, telnet, smtp, irc, ftp, etc. The data are formatted into
an html file and can be used to replay some sessions.
Sshkeydata is a perl script that attempts to recreate ssh
sessions extracted by chaosreader by estimating what commands
may have been typed.
Both scripts are installed in ${PREFIX}/bin
WWW: http://sourceforge.net/projects/chaosreader
PR: ports/115125
Submitted by: pauls
Net::Server::Mail::ESMTP::AUTH is an extension to provide
support for SMTP authentication with Net::Server::Mail::ESMTP
module.
Currently only LOGIN and PLAIN methods are supported.
WWW: http://search.cpan.org/dist/Net-Server-Mail-ESMTP-AUTH/
Author: Sylvain Cresto <scresto [_at_] gmail.com>
PR: ports/114785 (with corrections)
Submitted by: Zane C. Bowers <vvelox@vvelox.net>
- Fix error when changing ownership of spool directory
Changelog prelude-manager 0.9.9:
- Update configuration template, add documentation for Prelude
generic TCP options.
- Implement modified patch from Pierre Chifflier <chifflier@inl.fr>
to fix the example log path (fix#224).
- Move IDMEF message normalization in the scheduler, rather than
doing it upon reception. This remove some load from the server
and allow Prelude-Manager own IDMEF messages to go through the
normalizer path.
- Implement heartbeat->analyzer normalization.
- Improve IPv4 / IPv6 address normalization.
IPv4 mapped IPv6 addresses are now mapped back to IPv4.
Additionally, the Normalize plugin now provide two additionals option:
ipv6-only: Map any incoming IPv4 address to IPv6.
keep-ipv4-mapped-ipv6: do not map IPv4 mapped IPv6 addresses back to
IPv4.
- Make a difference between exceptional report plugin failure (example:
a single message couldn't be processed) and "global" plugin failure
(example: database server is down). We use a different failover for
'exceptional' failure, so that we don't try to reinsert a bogus message
(fix#247).
- Start of a Prelude-Manager manpages (#236).
- Various bug fixes.
PR: ports/115233
Submitted by: maintainer (Robin Gruyters)
- Use libxml2 in USE_GNOME (instead of LIB_DEPENDS)
- Use USE_PYTHON_BUILD instead of USE_PYTHON
- bump PORTREVISION
PR: ports/115457
Submitted by: maintainer (Gea-Suan Lin)
