- Fix log file permission error, that could happen thought the user
Prelude-LML was running as could access the file (#291).
- ModSecurity ruleset update, by Dan Kopecek <dkopecek@redhat.com>:
provides much more descriptive classification.text, add regexps for
[file ..], [line ...], [tag ...] fields and fine tune targets/types
(#321).
- Deprecate Gamin/FAM support in favor of libev: the previous
implementation had problem on SELinux enabled system due to Gamin server
startup being triggered by other program, and thus using improper role
for Prelude-LML.
(#326).
- Improved polling architecture by using Operating System specific
backend when possible.
- We now monitor files that are not immediately available for reading on
startup: once the file can be monitored, libev provide us with a
notification.
- Fix an assertion warning upon sensor start in case the address
for the local machine could not be found.
- Consistency rework of EasyBindings IDMEFCriteria API.
- Add refcount support for prelude_client_t and
prelude_client_profile_t, and update EasyBindings destructor to use
them.
- Fix a bug where EasyBindings would be built although they were not
enabled.
- Fix path issue in case libprelude was configured with specific path
outside of $prefix (fix#319).
* libgnutls: Correct printing and parsing of IPv6 addresses.
* libgnutls-openssl: fix out of bounds access.
* certtool: Use inet_pton for parsing IPv6 addresses.
* Added API to replace and update the crypto backend.
* certtool: can add several subject alternative names via template file.
* opencdk: Parse (but not decrypt) encrypted secret keys.
* more...
VERSION 4.0.7: 10/17/2008
Changed Makefile.in to compile configuration.c in two steps: first use gcc
to produce the preprocessed source, then use gcc to compile it. For some
reason, gcc crashes on FreeBSD 6.0 when the file is compiled in one step.
Thanks to K. Shantanu for reporting this one and Felix Buenemann for
suggesting the fix.
VERSION 4.0.6: 10/16/2008
Fixed a problem in examine_ip_in_rdns_keyword_entry() that was not correctly
terminating the end of the keyword buffer, causing strstr() to search too
far, leading to false negatives (and potentially segmentation faults).
Thanks to Erald Troja for reporting this one.
Fixed another problem in middleman() that was not correctly replacing _all_
of qmail's AUTH advertisements when the "smtp-auth-level" option is
"always" or "always-encrypted". Thanks to Youri Kravatsky for reporting
this one (again).
Fixed the fix to a bug in nihdns_query() that was setting
return_target_name_index to 0 in all cases. This was causing log messages
to print the first RBL/RHSBL name instead of the one that actually matched.
Thanks to Arthur Girardi for reporting this one (again).
Reverted a change from 4.0.5 -- removing the usable_buf_input flag from
middleman() meant could only tell if there was input in the buffer, not if
any of it was actually usable. If the remote server delays sending its
data for any reason, middleman() will loop rapidly to continually check if
its buffered data can be sent to qmail. Removing the flag meant spamdyke
was consuming 100% CPU while receiving messages with large attachments.
Thanks to Paulo Henrique Fonseca for reporting this one.
Added the "cputime" program to the "tests" folder to measure the CPU time
used by a process. Neither the shell "time" command nor the POSIX "time"
command seem to do that.
Changed sendrecv to always wait() for its child processes so CPU accounting
will be performed correctly.
Fixed check_rhsbl() to correctly return the name of the matching RHSBL instead
of an index that could be beyond the end of the array.
Changed the values of LOG_USE_CONFIG_TEST, LOG_USE_STDERR and LOG_USE_SYSLOG
to make none of them equal to 0. Because the "log-target" option is a
CONFIG_TYPE_NAME_MULTIPLE option, it is set to 0 until the command line and
all configuration files are parsed. When LOG_USE_CONFIG_TEST is 0, the
progress messages from process_config_file() are sent to stderr until the
configuration file is completely loaded. For Plesk users, xinetd sends
stderr to the network connection, so the remote server gets the output.
Thanks to Arthur Girdari for reporting this one and helping track it down.
- shp2pgsql, pgsql2shp improvements
- regression tests on Windows
- OS/X 10.5 compatibility
- DBF-only loading flag (-n)
- fix to Date DBF output
- ST_SimplifyPreserveTopology(geometry, float8)
Allows simplification of polygons without creating
invalid geometries.
- Fix to |>> and <<| operators
- Build system more sensitive to GEOS version number
- KML support updates (from Eduin Carillo)
- SVG support updates (from Marco Hugentobler)
Server(tm) and Microsoft Internet Explorer(tm). While it is not really
secure, it offers background authentication (the workstation logon
credentials of users are passed through to the web server). This feature is
widely used in intranets based on these Microsoft products.
This module is implementing NTLM authentication for Apache on Unix
platforms. It is available free of charges under the BSD License.
o Documentation fix: the blbump script does not print the names of
the package directories it succeeded in bumping, only the ones
which it failed to bump
o Code fix: remove a pointless assignment / substitution in blbump
* libwrap related fixes, better debugging messages, MS Visual C++ support
Changes 4.25:
* delay libwrap process spawning after dropping privs, other improvements
