script not to find any system-installed compile_et.
(This should really be done by using our own PATH that doesn't include
any system paths, but we're not quite ready to do that yet.)
Patch submitted in PR 32598 by pancake <at> phreaker <dot> net
In other words:
- Add more checks and fixups on the engine.
- More keywords in wordlists database.
- Add new mode called 'silent mode'
- more charsets availables for gendict
- add some more examples
- add fine tuning for words in NEC=200
"extract" script for extraction. Many cases where a custom EXTRACT_CMD
simply copied the distfile into the work directory are no longer
needed. The extract script also hides differences between pax and
tar behind a common command-line interface, so we no longer need code
that's conditional on whether EXTRACT_USING is tar or pax.
** New API to access the TLS master secret.
When possible, you should use the TLS PRF functions instead.
** Improved handling when multiple libraries use GnuTLS at the same time.
Now gnutls_global_init() can be called multiple times, and
gnutls_global_deinit() will only deallocate the structure when it has
been called as many times as gnutls_global_init() was called.
** Added a self test of TLS resume functionality.
** Fix crash in TLS resume code, caused by TLS/IA changes.
** Add 'const' keywords in various places, from Frediano ZIGLIO.
** The code was indented again, including the external header files.
** API and ABI modifications:
New functions to retrieve the master secret value:
gnutls_session_get_master_secret
Add a 'const' keyword to existing API:
gnutls_x509_crq_get_challenge_password
Grab maintainership
From the ChangeLog (Summarised)
> * ike-backoff-patterns: Added backoff patterns for Netgear ProSafe
> and Netgear ADSL Firewall Router. Submitted by Paul Askew.
> * ike-scan.c, ike-scan.h, configure.ac: Added new --writepkttofile
> option. This option writes the output packet to the specified file
> rather than sending it to the remote host. It is intended for
> debugging and testing purposes, to allow the IKE packet to be
> easily checked. This option is not documented, because it is
> designed purely for testing.
> * check-packet: New test to check IKE scan packet data. Currently
> tests two sample packets: one default proposal, and one custom
> proposal.
> * ike-scan.c: Added --exchange option to allow the exchange field
> in the ISAKMP header to be set to arbitrary values.
> * ike-scan.c, isakmp.c: Added --hdrflags and --hdrmsgid options to
> allow Flags and MsgID fields in the ISAKMP header to be specified.
> * ike-scan.c: Added --cookie option to allow the initiator cookie in
> the ISAKMP header to be set to a static value.
> * ike-scan.c, isakmp.c: Add --spisize option to allow a random SPI
> of the specified size to be added to the proposal payload.
> * ike-vendor-ids: Added 16 new Vendor IDs, and revised some comments
> on existing entries.
> * ike-scan.c: Added --doi (-D) and --situation (-S) options to allow
> the DOI and Situation in the SA of the outbound packets to be changed
> from the default of DOI_IPSEC and SIT_IDENTITY_ONLY.
> * ike-scan.c: Added --protocol (-j) and --transid (-k) options to
> allow the proposal protocol and transform id of the outbound packets
> to be changed from the defaults.
> * ike-scan.c: Added --certreq (-C) option to add a
> CertificateRequest payload to the outgoing packet.
> * ike-scan.c: Added --headerlen (-L) option to allow the ISAKMP header
> length to be manually specified. Normally, ike-scan will
> automatically calculate the correct length; however, you can use this
> option if you want to use an incorrect length value instead.
> * ike-scan.c, isakmp.c: Added --mbz (-Z) option to allow the value for
> the reserved (MBZ) fields to be set to non-zero values. Doing so
> will make the outgoing packet non-RFC compliant.
> * ike-scan.c, isakmp.c: Added --headerver (-E) option to allow the
> version field in the ISAKMP header to be altered from the default of
> 0x10 (v1.0).
> * ike-scan.c: Added --bandwidth (-B) option to allow the outgoing
> bandwidth to be specified directly instead of using --interval.
> The --bandwidth option calculates the appropriate interval setting,
> taking into account the size of the packet.
> * ike-scan.c: Added --noncelen (-c) option to allow the length of the
> nonce data to be changed. This is only applicable to aggressive
> mode.
This fixes PR pkg/30290 by Nicolas Joly so the latest DAT files are working
again.
- Moved included DAT-files to shares/examples/uvscan/.
- Works with PKG_CONFIG=no.
- PDF manual included in share/doc/uvscan/.
- Some small improvements to update_dat.sh:
Option "-h" shows the available options.
All the "exit" statements use distinct values.
Fixed a small logic bug (-z vs. -n).
Changes according to McAfee's website:
- Includes technology to combat the latest and
future threats.
- Improved detection and cleaning.
- Support for many more Packed Executable formats
in which known malware is often re-packaged
for obfuscation purposes.
- Specific detection and reporting of files
compressed or packaged with known suspicious
applications.
- Enhancements to the emergency DAT file (EXTRA.DAT)
structure allowing a larger DAT file size.
- Enhancements to enable scanning of non-standard
ZIP archives.
Additionally, fix it to compile against openssl-0.9.7i, the
current pkgsrc version; due to its way of checking compatibility,
py-m2crypto is extremely picky about constness.
If this works with other versions too, just add them to the pattern.
Changes since 0.12/0.11
-------------------------
- Patches from Artur Frysiak. Thanks Artur.
= Allow using a passphrase callback in class SMIME.
= Added method get0_signers to class PKCS7, which retrieves signers'
certificates from a PKCS7 blob.
= Added methods as_pem and save_pem to class X509.
= Added file version.py.
= Allow SSL.Context.load_verify_locations to accept both 'cafile' and
'capath'.
- Fixed BIO.read() not reading until EOF. Thanks to Egil Muller
for suggestion.
- Honour 'mode' parameter in SSL.Connection.makefile. Thanks again to Egil
Muller.
- Roger Binns contributed epydoc-generated docs for M2Crypto. Thanks Roger.
- Peter Teniz contributed patches to create X.509 requests and certificates.
Thanks Peter.
- Updated Medusa to 0.54.
- Make various OpenSSL bignum functions (written long ago) available to Python.
long. PR#32378 by Stefan Krüger.
Changes:
Added PS4 and SHELLOPTS to the list of variables to remove from
the environment. (Already in pkgsrc)
Added JAVA_TOOL_OPTIONS to the list of variables to remove from
the environment.
Added PERLLIB, PERL5LIB and PERL5OPT to the list of variables to
remove from the environment. (Already in pkgsrc)
without affecting packages that are currently using it.
Packages which previously didn't set BUILDLINK_DEPMETHOD to neither "full" nor
"build" now set it to "full", but should be checked whether they really need it
(comment added). Packages which previously set it to "build" now don't set it
anymore.
Ok by jlam, wiz.
rather than PKG_FAIL_REASON, so that they provide useful error
messages in build logs, and so that they continue to work on platforms
where they aren't broken.
engine to search and process a database of security events generated by
various IDSes, firewalls, and network monitoring tools. The features currently
include:
o Query-builder and search interface for finding alerts matching
on alert meta information (e.g. signature, detection time) as well as
the underlying network evidence (e.g. source/destination address, ports,
payload, or flags).
o Packet viewer (decoder) will graphically display the layer-3 and
layer-4 packet information of logged alerts
o Alert management by providing constructs to logically group alerts
to create incidents (alert groups), deleting the handled alerts or
false positives, exporting to email for collaboration, or archiving of
alerts to transfer them between alert databases.
o Chart and statistic generation based on time, sensor, signature, protocol,
IP address, TCP/UDP ports, or classification
