* Switched license to GPLv3.
* Fixed bug when using the --p12-charset without --armor.
* The command --gen-key may now be used instead of the
gpgsm-gencert.sh script.
* Changed key generation to reveal less information about the
machine. Bug fixes for gpg2's card key generation.
- Update configuration template, add documentation for Prelude
generic TCP options.
- Implement modified patch from Pierre Chifflier <chifflier@inl.fr>
to fix the example log path (fix#224).
- Move IDMEF message normalization in the scheduler, rather than
doing it upon reception. This remove some load from the server
and allow Prelude-Manager own IDMEF messages to go through the
normalizer path.
- Implement heartbeat->analyzer normalization.
- Improve IPv4 / IPv6 address normalization.
IPv4 mapped IPv6 addresses are now mapped back to IPv4.
Additionally, the Normalize plugin now provide two additionals option:
ipv6-only: Map any incoming IPv4 address to IPv6.
keep-ipv4-mapped-ipv6: do not map IPv4 mapped IPv6 addresses back to IPv4.
- Make a difference between exceptional report plugin failure (example:
a single message couldn't be processed) and "global" plugin failure
(example: database server is down). We use a different failover for
'exceptional' failure, so that we don't try to reinsert a bogus message
(fix#247).
- Start of a Prelude-Manager manpages (#236).
- Various bug fixes.
- Ability to use regular expressions in plugins.rules to define
monitored sources, this can be very useful when combined to file
globing.
- [SPEEDUP] When the "*" keyword is used, the data is passed to the
upper layer without trying to match anything.
- Fix NULL pointer dereference when a rule reference an existing,
but empty context (fix#226).
- Remove deprecated use of prelude_client_print_setup_error(),
directly handled via prelude_perror().
- Make the log parser more robust.
- Implement an Auto-Refresh system (fix#231). (including code from
Paul Robert Marino <prmarino1@gmail.com>).
- Ability to filter on missing/offline/online/unknown agents. Make more easier
to read each agent status in collapsed mode.
- Fix filter load/save/delete issue with translation.
- New 'My account' tabs, under the Settings section (fix#241).
- New messageid and analyzerid parameters, allowing link to a Prewikka alert
from an external tool (previously required a database query in order to
retrieve the database event id).
- Don't redirect to user listing once an user preference are recorded. Fix
changing of another user language by an user with PERM_USER_MANAGEMENT.
Display target user language rather than current user language.
- Improve the timeline control table layout.
- Fix translation of string possibly using plural.
http://denyhosts.sourceforge.net/
DenyHosts is a script intended to be run by system administrators
to help thwart SSH server attacks (also known as dictionary based
attacks and brute force attacks).
In short, it does this by monitoring your syslog output for failed
login attempts and tweaking /etc/hosts.deny accordingly, and it can
optionally send and fetch lists of ssh probers from a central server.
Thanks to joerg@ for review and corrections.
* Major changes in 0.0.14
** epa-file can handle remote files over Tramp.
** Workaround for a face initialization bug of GNU Emacs.
** Follow the face naming convention of GNU Emacs.
* Major changes in 0.0.13
** epa-file bug fixes.
*** Fixed a compatibility bug on XEmacs 21.5.
*** Do not mark the buffer as modified.
* Major changes in 0.0.12
** epa-file.el usability improvements.
*** Ask recipients only the first time.
*** Respect epa-armor and epa-textmode.
*** Customizing epa-file-name-regexp now works.
*** Backup files for "*.gpg" are also encrypted.
* Major changes in 0.0.11
** Include the EasyPG Assistant user's manual
** Decode user-id's encoded in UTF-8 with "%" or "\" escape
** If a user attempt to encrypt data to an untrusted recipient, EasyPG
prompt the key-id (it requires GnuPG version 2.0.2 or later)
** epa-file.el turns off auto-saving by default
binary-only packages that require binary "emulation" on the native
operating system. Please see pkgsrc/mk/emulator/README for more
details.
* Teach the plist framework to automatically use any existing
PLIST.${EMUL_PLATFORM} as part of the default PLIST_SRC definition.
* Convert all of the binary-only packages in pkgsrc to use the
emulator framework. Most of them have been tested to install and
deinstall correctly. This involves the following cleanup actions:
* Remove use of custom PLIST code and use PLIST.${EMUL_PLATFORM}
more consistently.
* Simplify packages by using default INSTALL and DEINSTALL scripts
instead of custom INSTALL/DEINSTALL code.
* Remove "SUSE_COMPAT32" and "PKG_OPTIONS.suse" from pkgsrc.
Packages only need to state exactly which emulations they support,
and the framework handles any i386-on-x86_64 or sparc-on-sparc64
uses.
* Remove "USE_NATIVE_LINUX" from pkgsrc. The framework will
automatically detect when the package is installing on Linux.
Specific changes to packages include:
* Bump the PKGREVISIONs for all of the suse100* and suse91* packages
due to changes in the +INSTALL/+DEINSTALL scripts used in all
of the packages.
* Remove pkgsrc/emulators/suse_linux, which is unused by any
packages.
* cad/lc -- remove custom code to create the distinfo file for
all supported platforms; just use "emul-fetch" and "emul-distinfo"
instead.
* lang/Cg-compiler -- install the shared libraries under ${EMULDIR}
instead of ${PREFIX}/lib so that compiled programs will find
the shared libraries.
* mail/thunderbird-bin-nightly -- update to latest binary
distributions for supported platforms.
* multimedia/ns-flash -- update Linux version to 9.0.48 as the
older version is no longer available for interactive fetch.
* security/uvscan -- set LD_LIBRARY_PATH explicitly so that
it's not necessary to install library symlinks into
${EMULDIR}/usr/local/lib.
* www/firefox-bin-flash -- update Linux version to 9.0.48 as the
older version is no longer available for interactive fetch.
Packages Collection.
The Perl 5 module Crypt::RC4 provides a simple implementation of
the RC4 algorithm, developed by RSA Security, Inc.
Disclaimer: Strictly speaking, this module uses the "alleged" RC4
algorithm. The Algorithm known as "RC4" is a trademark of RSA
Security Inc., and this document [the module documentation] makes
no claims one way or another that this is the correct algorithm,
and further, make no claims about the quality of the source code
nor any licensing requirements for commercial use.
changes:
- More protection : Automatic identification and
removal of viruses delivering the next generation
of best-of-breed anti-virus scanning engines.
It offers improved protection against existing,
new and potential threats and increases the depth
and breadth of the protection we provide.
- It's faster than before : We've listened to our
customers who asked for a faster Engine and it
delivers superior performance to current McAfee
Anti-Virus products on all supported platforms.
- Support for many more packed-executable formats
in which known malware is often re-packaged
for obfuscation purposes.
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
and visudo manpages in man/man1, and the sudoers manpage in man/man5.
Remove the platform-specific PLISTs that only differed in the location
of the man pages.
Bump the PKGREVISION to 5.
BUG FIXES
- in a milter setup log_id was left undefined, which resulted in log lines
without id, and a SQL constraint violation "Column 'am_id' cannot be null"
when logging to SQL was enabled. The bug was introduced in 2.5.1;
problem reported by Martin Svensson;
- suppress a quarantining attempt if the message also needs to be archived
to the same location (same sql key or same local filename);
reported by Wazir Shpoon;
- adjust $socketname in amavisd-release to match its default counterpart
in amavisd (i.e. /var/amavis/amavisd.sock); reported by Stanley Appel;
And more... please review the Changelog file.
(in fact, it's not clear that there is a good way to do so). The resulting
configuration works fine *except* if it encounters a host that has 3DES
but no DES service keys in its keytab.
Fix this by explicitly passing 0 ("default enctype") to Kerberos.
install script. The latter are special install-sh script options that
check whether the invoking user is the root user or not, which is
completely unnecessary.
cleanse environment of variables that alter behavior of Kerberos library
so the user can't override the default keytab location, and do *not*
ignore missing keytab errors. Prevents root compromise via spoofed KDC
on systems with Kerberos libraries but no host key in keytab, no keytab,
or keytab overidden via environment.
Don't insist that the keytab key be DES -- some Kerberos sites are 3DES/AES
only.
Somewhat less invasive than the fix Todd incorporated into the 1.6.9 branch
of sudo (presently beta) but equivalent (though not as clean).
things are restricted, pkgsrc's labeling rules aren't intended to
address export control issues, and there are vast numbers of packages
with apparently similar export control status and no RESTRICTED.)
