April 22, 2002
New releases of RATS and EGADS
RATS 1.4 and EGADS 0.9 have been released. In addition to bugfixes for
both RATS and EGADS, RATS 1.4 includes additional win32 functions in
the database.
- Fixed COMMENT
- Updated DESCR
Changes :
- The SvPVbyte in perl-5.6.1 is buggy. Use the one from 5.7.3
instead.
- Give warning if the function interface is used as instance
methods: $md5->md5_hex().
file descriptor leak fix.
null encryption algorithm key length fix (should use 0).
couple of null-pointer reference fixes.
set port # to 500 in ID payload (possible interop issue - spec is unclear).
correctly match address pair on informational exchange.
- fmt on DESCR
Changes :
- calling context_init twice destroyed global context. fix from
Jason Heiss <jheiss@ofb.net>.
- file handle tying interface implementation moved to a separate
class to prevent problems resulting from self-tying filehandles.
Harmon S. Nine <hnine@netarx.com>.
- docs/debugging.txt file added
- require Net::SSLeay v1.08
- preliminary support for non-blocking read/write
- socketToSSL() now respects context's SSL verify setting
reported by Uri Guttman <uri@stemsystems.com>.
- change my email address
Changes since p5-Net-SSLeay-1.13 :
- added code to Makefile.PL to verify that the same C compiler
is used for both perl and openssl
- added code to Makefile.PL to support aCC on HPUX. Detective
work contributed by Marko Asplund.
- added peer certificate support to hilevel API, inspired
by mock@@_obscurity.org
- added `use bytes' from Marcus Taylor <marcus@@semantico_.com>
This avoids unicode/utf8 (as may appear in some XML docs)
from fooling the length comuptations.
OK'd by martti and garbled.
Changelog:
04 Mar 2002; changed license from "GPL, v2 or later" to "GPL v2".
04 Mar 2002; added "keychain.cygwin" for Cygwin systems. It may be time to
follow this pattern and start building separate, optimized scripts for each
platform so they don't get too sluggish. Maybe I could use a C preprocessor
for this.
06 Dec 2001; several people: Solaris doesn't like '-e' comparisons; switched
to '-f'
Rationale: get rid of the dependency on kth-krb4 on NetBSD>=1.5 systems.
For older systems, we provide full functionality via a (now buildlinked)
kth-krb4.
- Change DH group handling in the pre-generated parts of the
configuration. Add a -GRP{1,2,5} component to transform and suite
names to directly specify which group to use. If no group is
specified, use DH group 2 (MODP_1024). Earlier transforms and suites
using the MD5 hash defaulted to DH group 1, this is no longer true.
- Unbreak MD5 and SHA1 passphrases in policy check.
- Don't message_dump_raw() bad length messages, i.e too short.
- Fix a couple of snprintf length bugs.
- Compile without warnings for older/newer OpenSSL.
PR 15799
NeTraMet Version History
========================
v4.4 20 Feb 02
In examples/ directory, moved old rules.* examples
to non_srl. The srl examples are now in the
examples/ directory.
SNMP security issues. I've tested NeTraMet's
SNMP code using the PROTOS test suite. A test
for negative lengths in the ASN.1 parsing code
has been added - that was the only change needed.
The SNMP routines (in snmplib/) perform a lot of
parameter checks, and calls on an ERROR() define.
By default ERROR does nothing. If you're tesing
an SNMP manager against NeTraMet, you can turn
those messages on by adding -DDEBUG to the CFLAGS=
line in snmplib/Makefile and rebuilding the
snmp library.
Change 'interface number' attributes to use
16-bit integers instead of 8-bit. This can
be useful when using NetFlowMet.
v4.4b11 25 Nov 01 Implement -C option for nm_rc, exactly as in
NeMaC. This allows you to use nm_rc to test
rulesets against trace files being read by
crl_ntm or dd_ntm. Sample commands to do this
are:
./crl_ntm -T5 -m1234 -Strace_file -wW~com
./nm_rc -C -m1234 -rpeers.rules localhost W~com
Note: you need CoralReef version 3.5 to build
crl_ntm!
Speed improvements in flowhash:
- move code which doesn't need to be executed
on every call outside blocks in match()
- implement list of running rulesets, instead
of doing serial searches of ri[] table
- use 32-bit hash values for flow and stream
hash tables, use table size specified by
user (rather than trying to pick a prime
above it - that doesn't help, since we
use a set of distinct primes for hashing)
Use long long integers (8 bytes) for counter64
if the host supports them. Newer Pentiums do,
this provides a useful speedup.
Change 'shutdown' request character. It was
a single ESC, but it's too easy to hit a key
which sends an escape sequence! Now you have
to type ESC ESC Return to shut down the meter.
Fix little problems which gave warning messages
when building NeTraMet on an alpha running
Digital Unix. The configure script wasn't
recognising the OS correctly; this didn't
cause problems because none of the programs
have defines testing this any more.
MinPDUs gave compilation errors on alpha,
fixed by adding c64geint() define.
Linux kernel reset promiscuous mode when
forking a NeTraMet daemon. Changed meter_ux.c
to fork first, then open the interfaces.
NeTraMet, NetFlowMet, LfapMet, crl_ntm, dd_ntm
(i.e. all the meters) write error messages and
summary information to a log file using log_msg(),
in the same way as NeMaC. The name of the log
file is meter.log, it will be written in the
directory where the meter starts running.
v4.4b10 23 May 01 LfapMet: RTFM meter for LFAP, code contributed
by Remco Poortinga, <r.poortinga@home.nl>
Added files in src/meter
- README_LfapMet Notes about LfapMet
- lfapmet.h LfapMet globals
- lfapmet.c LfapMet support routines
Added two new MIB variables to reader row,
MinPDUs (default 0) and TimeMark. A flow must
have at least MinPDUs either to or from before
it will be read by a meter reader. TimeMark
is needed to associate an SNMP getnext request
with a particular reader.
MinPDUs can be set using the -M option.
nifty default is -M20, NeMaC default is -M0
Improved save.sav so that it only saves the
files we really need in the NeTraMet distribution.
v4.4b9 11 Apr 01 Fixed bug in NeMaC include statement.
getarg() no longer allows semicolon in an
argument.
Fixed srl compiler bug; optimise 3 wasn't
recognising the end of AND expressions
properly.
NeMaC could fail to open a flow data file
(e.g. because it already existed with
no write access); it now reports this
and doesn't try to run that meter/ruleset.
NeTraMet Coral interface improved to handle
two Dag cards properly. Reads blocks of
cells from each then merges them by timestamp.
NeTraMet uses -Siii to specify a Coral source
(instead of -C'source iii' *****).
- USE_GMAKE.
- use tcl's buildlink.mk.
* Release 2.3.1 (2002/03/15)
Changed any potentially unsafe sprintf/vsprintf instances to
snprintf/vsnprintf. There should never have been a remote exploit possible,
this just eliminates any theoretical local ones in case someone has a reason
to run this as root ... (Note that use of these functions may be an issue
on some platforms although they do appear in the UNIX98 spec and exist
on Windows).
Allowed CIDR address specifications for target (and server name in listenmode).
Added IP address checking with the "checkaddress" keyword.
Finally caved in and added "httpproxy" to allow connection via a web proxy
server using "CONNECT".
Added "transparent" keyword to attempt to act as a transparent proxy and
forward on the client IP address. It may work on Linux 2.0/2.2. But then
again, it might not ...
* Release 2.3.0 (2002/03/07)
New functionality (at last!).
Added "listenip" and -b option to set listening address.
Added "tcptimeout" and "idletimeout" to allow inactive TCP tunnels to be
closed.
Added "ipmode" and -U option to support mixed traffic mode for a single
client or server.
Makefile changes for Irix and HPUX from Kyle Dent. Others to use latest
version of mingw gcc and force use of "native" perl.
Note that Zebedee will now be linked with MSVCRT.DLL. That should only
be a problem on an old Win95 machine.
Japanese documentation NOT YET updated.
From DESCR:
GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG
easier for applications. It provides a High-Level Crypto API for
encryption, decryption, signing, signature verification and key
management.
- eliminated initializing random numbers using /etc/passwd per
comments by Matt Messier <matt@@securesw_.com>
- tested against openssl-0.9.6c (not in pkg now :-)
