be sure not to use them (NULL pointers) when showing information to the user.
Fixes crashes when clicking on saved keyring items.
Bump PKGREVISION to 2.
This fixes gnome-keyring under NetBSD which, AFAICT, didn't work at all.
There are still some problems remaining in gnome-keyring-manager, but I
think these are not related to this issue.
- In case an IDMEF-Service object contain neither name or port
attribute, set name to "unknown" in order to avoid IDMEF DTD
validation issue.
- Normalize analyzer(*).node.
PKG_SYSCONFDIR: 1) prelude-manager and 2) prelude (install by libprelude).
Consequently, PKG_SYSCONFSUBDIR can't be set to prelude-manager.
Corrected and PKGREVISION bumped.
For OpenSSL 0.9.8b SSLeay_add_all_algorithms() does not setup any
algorithms, wheras SSL_library_init() does. The net result was that
SSL_CTX_new() would return a NULL pointer causing a perl coredump
in such cases as:
my $request = HTTP::Request->new( "GET", 'https://<some_url>' );
my $ua = LWP::UserAgent->new;
my $response = $ua->request($request);
Tracking this down was an entire flaming evening and change of my
life that I'm never going to get back, but at least my NetBSD-4
retail machines can now run NetBSD-4 built perl binaries again.
Changes include:
1.5a
* A typo in an assert caused Honeyd to crash for most services.
* The subsystem support did not correctly support
getsockname for sockets coming via accept().
1.5b
* A crash when processing ARP packets.
* Correct default action handling for UDP packets.
* Fixed --without-python flag when using configure.
- Use preludedb_delete_(alert|heartbeat)_from_list(). Require
libpreludedb 0.9.9. Provide a deletion performance improvement
of around 3000%.
- Handle multiple listed source/target properly. Separate
source/target in the message listing.
- Make host command/Information link available from the Sensor
listing.
- Always take care of the "external_link_new_window" configuration
parameter.
- Make external command handling more generic. Allow to specify
command line arguments.
- Allow to define unlimited number of external commands rather than
only a defined subset (fix#134).
- Avoid toggling several popup at once in the HeartbeatListing.
- Only provide lookup capability for known network address type (fix#76).
- New address and node name lookup provided through prelude-ids.com service.
- Link to new prelude-ids.com port lookup instead of broken portsdb
database (fix#162).
- Various bug fixes.
- Implement an idea from Lex van Roon <r3boot@r3blog.nl.eu.org> providing
an alert/heartbeat deletion performance improvement in the order of
3000% (preludedb-admin already benefit from it, next Prewikka release
will benefit from it too).
- Fix --with-(perl|python|swig) detection path ordering.
- Verbose error reporting on logfile opening error.
- Various bug fixes.
- Fix checking for swig/perl/python when full path to the
application is specified.
- Fix OpenBSD getaddrinfo() AI_ADDRCONFIG issue (apply to
some other system as well).
- Fix workaround for system with broken libtool,
that prevented the use of plugin (#168).
From debian changelog:
signing-party (0.4.7-1) unstable; urgency=low
* gpg-mailkeys: use right content-type for attached key,
thanks Wesley Landaker
* gpgsigs: recognize rvk (revoker), found in ksp-dc6.txt.
v0.998
- declare socket as opened before calling fatal_ssl_error
because the SSL_error_trap set up from HTTP::Daemon
needs this
- accept_SSL sets errors on $socket (the accepted socket)
not $self (the listening socket if called from accept)
so it can be queried from SSL_error_trap
- note in BUGS section that IO::Socket::SSL is not thread-safe
Note: The previous update from 0.97 broke all https:// URLs in p5-libwww,
will address that in next commit (to p5-libwww)
host monkeybyte.org[69.16.221.13] said: 550-"The
recipient cannot be verified. Please check all recipients of this 550
message to verify they are valid." (in reply to RCPT TO command)
"A security issue has been reported in Heimdal, which potentially can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
The security issue is caused due to missing checks for whether the
"setuid()" call has succeeded in the bundled rcp application. This may
be exploited to perform certain actions with root privileges if the
"setuid()" call fails due to e.g. resource limits."
http://secunia.com/advisories/21436/http://www.pdc.kth.se/heimdal/advisory/2006-08-08/
Bump PKGREVISION.
v0.997
- fix readline (e.g. getline,getlines,<>) so that it behaves
regarding $/ like written in the $/ dokumentation.
v0.996
- removed links and comments to inofficial release of
Net::SSLeay, because there is a newer version already
v0.995
- add support for Diffie Hellman Key Exchange.
See parameter SSL_dh_file and SSL_dh.
v0.994
- hide DEBUG statements and remove test to load Debug.pm
because packets like Spamassisin cannot cope with it
(at least the OpenBSD port)
v0.993
- added SSL_cert and SSL_key parameter which do not take
a file name like SSL_cert_file and SSL_key_file but
an internal X509* resp. EVP_PKEY* value. Useful for
dynamically created certificates and keys.
- added test for sysread/syswrite behavior (which was changed
in v0.991)
v0.992
- _set_rw_error does $!||=EAGAIN only if error is one of
SSL_WANT_READ|SSL_WANT_WRITE (patch from Mike Smith
<mike at mailchannels dot com>)
- Fix Makefile.PL to allow detectection of failures in PREREQ_PM
(http://rt.cpan.org/Public/Bug/Display.html?id=20563, patch
by alexchorny at gmail dot com)
v0.991
- sysread and syswrite ar no longer the same as read and write,
but can return already if only parts of the data are read
or written (which is the usual semantic for sysread and syswrite)
This should fix problems with HTTP::Daemon::SSL
v0.99
- just upgrade Version number because I've screwed up upload
of v0.98 to cpan
v0.98
- Maintainer changed to <Steffen_Ullrich at genua dot de>
- Better support for nonblocking sockets:
. exports $SSL_ERROR which contains the latest error from
the openssl library. Exports constants SSL_WANT_READ and
SSL_WANT_WRITE es special errors which will be set if
openssl wants to write or read during nonblocking connects,
accepts, reads or writes.
. accept,accept_SSL,connect and connect_SSL don't block
anymore if the socket is nonblocking.
Instead $! will be set from the underlying IO::Socket::INET
connect or accept if it failed there (usually EAGAIN or
EINPROGRESS) or if the underlying openssl needs to read or
write $! will be set to EAGAIN and $SSL_ERROR will be set
to SSL_WANT_READ or SSL_WANT_WRITE
. syswrite returns undef and sets $!,$SSL_ERROR if it fails
to write instead of returning 0.
- Bugfixes (http://rt.cpan.org/Public/Bug/Display.html?id=Bugid)
. Bug 18439: fileno 0 should be valid
. Bug 15001: sysread interpretes buffer "0" as ""
- peer_certifcate returns X509 struct string if no field
for extraction was specified
- get_peer_certificate returns the certificate instead of the
IO::Socket::SSL object
security update, recommended by gnupg.org
(fixes CVE-2006-3746)
changes:
* More DSA2 tweaks.
* Fixed a problem uploading certain keys to the smart card.
* Fixed 2 more possible memory allocation attacks.
* Added Norwegian translation.
since they always need a C compiler, even when the source code is
completely in C++.
For some other packages, stated in the comment that a C compiler is
really not needed.
in PR 32761.
Noteworthy changes in version 1.1.0 (2005-10-01)
------------------------------------------------
* You can now configure the backend engine file name and home
directory to be used, as default and per context.
* Information about the recipients of an encrypted text is now
available at decryption time.
* New status GPGME_STATUS_PLAINTEXT. This is analyzed by the decrypt
and verify handlers, the information about the plaintext filename,
if available is made available in the new field file_name of the
respective result structure.
* The code for "automagically detecting the thread library" has been
removed from libgpgme. It is deprecated since version 0.4.3.
Since then, you had to link against libgpgme-pthread for
applications using pthread and libgpgme-pth for applications using
GNU Pth.
The code was removed because it caused compilation problems on
systems where the pthread.h header from GNU Pth is available in
addition to the system header (FreeBSD 6 and later for example).
* There is a new flag for keys and subkeys, is_qualified, which
indicates if a key can be used for qualified signatures according
to local government regulations.
* You can associate a filename with a data object using the new
function gpgme_data_set_file_name(). This filename will be stored
in the output when encrypting or signing the data and will be
returned when decrypting or verifying the output data.
* You can now set notation data at signature creation with the new
function gpgme_sig_notation_add().
* Interface changes relative to the 1.0.3 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgme_set_engine_info NEW
gpgme_ctx_get_engine_info NEW
gpgme_ctx_set_engine_info NEW
gpgme_recipient_t NEW
gpgme_decrypt_result_t EXTENDED: New field recipients.
gpgme_verify_result_t EXTENDED: New fields pubkey_algo, hash_algo.
gpgme_decrypt_result_t EXTENDED: New field plaintext_filename.
gpgme_verify_result_t EXTENDED: New field plaintext_filename.
GPGME_STATUS_PLAINTEXT NEW
gpgme_key_t EXTENDED: New field is_qualified.
gpgme_subkey_t EXTENDED: New field is_qualified.
gpgme_data_get_file_name NEW
gpgme_data_set_file_name NEW
gpgme_sig_notation_flags_t NEW
GPGME_SIG_NOTATION_HUMAN_READABLE NEW
GPGME_SIG_NOTATAION_CRITICAL NEW
gpgme_sig_notation_clear NEW
gpgme_sig_notation_add NEW
gpgme_sig_notation_get NEW
had actually been ignoring LTCONFIG_OVERRIDE anyway and just using
the default LIBTOOL_OVERRIDE to replace libtool scripts in packages.
This just formalizes the fact that LTCONFIG_OVERRIDE is not used
meaningfully by pkgsrc.
* Version 1.4.1 (released 2006-06-14)
** Replaced inactive ifdefs to enable openpgp support in test programs.
** Fixed bug in OpenPGP authentication handshake.
** Fixed typographical in man pages.
** Build fixes of the manual.
** Added Swedish translation.
** API and ABI modifications:
No changes since last version.
2.0.12:
Bugs fixed in this release:
bug #1455772: Implement more portable fix for converting UTF-8 in
comments. The previous one broke the Windows installer.
2.0.11:
Bugs fixed in this release:
* fixes to make code compile with g++ 4.1.
* bug #1455772: Properly convert comments to/from UTF-8 to ensure the
script is not corrupted when copied to the firewall
* bug #1455748: "make firewall script executable".
Bugs fixed in policy compiler for iptables:
* bug #1375432: avoid using '-m state' twice for stateless rules with
with custom services.
* bug#1364060: change shell pattern to match names of conntrack modules
in Linux 2.6.
Bugs fixed in policy compiler for ipfilter:
* bug #1386226: removed nat.conf when nat rules are removed.
* bug #1393004: use 'egrep -s' on Solaris.
- Fix a bug where some rules marked silent would trigger an alert.
- Load Sonicwall and Spamassassin ruleset by default.
- Fix rule syntax problem in Sonicwall ruleset.
- Fix rule indexing problem in Squid ruleset.
- Postfix rule consistency fix.
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
set OVERRIDE_DIRDEPTH to find any libtool scripts deeper in the WRKSRC
tree unless they're named something other than "libtool".
SHLIBTOOL_OVERRIDE generally doesn't need to be specified either -- just
define it to the empty list and shlibtool-override will look for libtool
scripts.
Since the heimdal install process will install additional headers in
${PREFIX}/include/krb5 depending on what the configure process detects,
simply query the source Makefile at install-time for the extra headers
that it will install and dynamically add them to the PLIST.
changes:
- Fix asn1_octet_der to handle writes of zero-length buffers, before
it did not write the ASN.1 length for a zero-length buffer. This caused
ASN.1 encodings to be incorrect on 64-bit platforms.
- Add self test that attempt to trigger the above bug.
- Fix test of -Wno-pointer-sign.
- Improve cross-compilation to MinGW by using AC_LIBTOOL_WIN32_DLL.
Noteworthy changes in version 1.4.4 (2006-06-25)
------------------------------------------------
* User IDs are now capped at 2048 byte. This avoids a memory
allocation attack (see CVE-2006-3082).
[was already fixed in pkgsrc]
* Added support for the SHA-224 hash. Like the SHA-384 hash, it
is mainly useful when DSS (the US Digital Signature Standard)
compatibility is desired.
* Added support for the latest update to DSA keys and signatures.
This allows for larger keys than 1024 bits and hashes other than
SHA-1 and RIPEMD/160. Note that not all OpenPGP implementations
can handle these new keys and signatures yet. See
"--enable-dsa2" in the manual for more information.
"parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions,
allows remote attackers to cause a denial of service (gpg crash) and
possibly overwrite memory via a message packet with a large length,
which could lead to an integer overflow, as demonstrated using the
--no-armor option."
Patch from GnuPG CVS repository.
Bump PKGREVISION.
Always use "man" instead of catpages.
Make sure "run" directory is precreated, so you don't get:
/usr/bin/sudo sudo: can't mkdir /var/run/sudo: No such file or directory
Bump PKGREVISION.
Okayed by maintainer back in December. The only concern was
that /var/run may not be for all platforms, but this is same
as other packages to (not specific to sudo).
Pkgsrc changes:
- none
Relevant changes since version 5.31:
====================================
- modified addfile to accept indirect filehandles
-- ref. rt.cpan.org #19627 and #19641
- modified shasum to warn rather than die for file errors
-- to follow conventions of GNU sha1sum/md5sum
- added new capabilities to the "addfile" method
-- now able to accept file names as well as handles
-- includes mode for portable digest calculation
-- thanks to Adam Kennedy for emails and ideas
ref. File::LocalizeNewlines
- used expanded addfile interface to simplify shasum (sumfile)
-- regex a tad less general than 5.37, but handles all
known newline variants in UNIX/Windows/MacOS
- enhanced WARNING messages from shasum checkfile processing
-- to mimic behavior of md5sum
- improved error handling of checksum files in shasum
-- to better mimic the behavior of md5sum
- refined line-break regex in shasum (ref. sub sumfile)
-- catches multiple CR's preceding LF
thanks to Gisle Aas for suggested patch
- changed loop vars to signed int's in shadump (ref. src/sha.c)
-- to prevent type mismatch warnings
- added "portable" option to shasum
-- to make digests match across Windows/Unix/MacOS
- enabled bundling of shasum command line options
-- to mimic behavior of md5sum
- removed \r's from text files in t/nist directory
-- resolves SIGNATURE clashes (rt.cpan.org #18983)
- changed suffix on SHA64_MAX (src/sha.h) to ULL
-- eliminates gcc warnings (rt.cpan.org #18988)
- specified minimum Perl version for module and Makefile.PL
-- closes rt.cpan.org #18984
- made minor code changes to silence compiler warnings
-- resulting from signed/unsigned integer mixing
> - 6/4/2006 1.2.5 (sarah)
> - Added base64 encoding support for MAC addresses presented on the screen for FLoP extended database -- Juergen Leising
> - Added base64 encoding support for rebuild of packet in pcap format for FLoP extended database -- Juergen Leising
> - Fixed issue with Oracle and schema version in base_db.inc.php -- Nikns
> - Fixed bug when alerts with sig references would fail to archive causing duplicates error -- Nikns
> - Added base64 encoding support for ICMP payload additional table in base_qry_alert.php -- Juergen Leising
> - Added check for PHP Logging Level against E_NOTICES in setup/index.php -- Nikns
> - Fixed bug when certain preprocessor alerts would not be cached (for example arpspoof) -- Nikns
> - Added setup/setup_db.inc.php with CreateBASEAG() to resolve redundancy in setup and base_db_setup.php -- Nikns
> - Removed unnecessary and broken search index stuff from Create BASE AG, since schemas are already with them -- Nikns
> - Added XSSPrintSafe() (array safe htmlspecilchars() function) and made filterSql() use ADOdb qmagic() -- Nikns
> - Changed input type of the password field to actually be password in setup3.php -- Nikns
> - Filtered all unfiltred (mainly auth system stuff) $_POST and $_GET variables using filterSql() -- Nikns
> - Santized all $_SERVER variables to be protected against XSS attacks -- Nikns
> - Added "Clear Data Tables" option in base_maintenance.php and "Repair Tables" option to execute CreateBASEAG() -- Nikns
> - Make use of FLoP's event reference. Signature name of alert which trigered "Tagged Packet" alert is shown too -- Nikns
> - Updated chinese.lang.php -- Johnson Chiang
> - Fixed Time error in searches -- Jeff Kell
> - Fixed refresh issue with ~ directories -- Kevin Johnson
> - Fixed cookie stored data and authentication scheme to correct Nikns' report on session forge issue -- GaRaGeD
> - Updated link to the Nessus plug in DB -- Jonathan W Miner
> - Fixed display after deleting alerts -- Bruce Briggs
> - Fixed Bug #1466392 - Back button doesn't work after refresh. -- Juergen Leising
> - Patches from jhart@spoofed.org to add missing ICMP and TCP type and codes - GaRaGeD
> - add support for ICMP redirect decoding. - Jon Hart
> - add decoding support for ICMP source quench and ICMP parameter problem - Jon Hart
> - split up "flags" into DF and MF, much like tcp flags are currently handled - Jon Hart
these indices web browser will often timeout before delete operation completes.
Update to libpreludedb 0.9.8. Changes:
- Always use prelude_escape_binary() when inserting additional data, even in case
we're inserting a string, since the database field might be of a type that require
binary kind of escaping. Fix#143.
- Implement reading of message_processing_model, security_model, security_level.
Handling of community member is deprecated (IDMEFv16 update).
- Fix a bug where Service->ip_version would not be read from database.
- Error reporting improvement.
The changes since the 2.5 release include:
msfconsole:
* Tab completion improvements
* Remember last used exploit after save
* Improved reload/rexploit/rcheck commands
* Security fixes for handling terminal escapes
msfcli:
* Security fixes for handling terminal escapes
msfweb:
* Security fixes when using defanged mode
meterpreter:
* Addition of the SAM password dump extension
* Improvements to the VNC injection
msfpescan:
* PE fingerprinting via the -S option
* Additional information via the -D option
* Major bug fixes to PE format parser
exploits:
* Major rewrites of many exploit modules
* Reliability improvements across the entire set
* 42 new exploits added since 2.5 was released
* Improved IPS evasion for SMB/DCERPC/HTTP modules
libraries:
* Human-friendly SMB and DCERPC error codes
* Reworking of the entire DCERPC API
* Incremental improvements to the SMB stack
* Integration of commonly-duplicated routines
* Major improvements to PEInfo module
all PEAR packages to php?-pear-* and all Apache packages to ap13-* or
ap2-* respectively. Add new variables to simplify the Makefile
handling. Add CONFLICTS on the old names. Reset revisions of bumped
packages. ap-php will now depend on the default Apache and PHP version.
All programs using it have an implicit option of the Apache version
as well.
OK from jlam@ and adrianp@.
it will live with other "check" targets run after package installation.
Get rid of SHLIB_HANDLING, whose meaning had mutated over the years
from one thing to another. Currently, it is used to basically note
whether the system's "ldd" command can be usefully run on the package's
binaries and libraries. Rename this variable to CHECK_SHLIBS_SUPPORTED
for more clarity.
CHECK_SHLIBS is now a variable set exclusively by the user in /etc/mk.conf
to note whether the check for missing run-time search paths is performed
after a package is installed. It defaults to "no" unless PKG_DEVELOPER
is set.
2) Changed permissions on plugins.rules and prelude-lml.conf so that
prelude-lml can run unpriviledged
3) Changed confdir in configure so that plugins.rules and prelude-lml.conf
are found.
Changes in 0.9.5:
- Experimental context support (ala SEC): we now handle
multiline log matching.
- Update PAX rules so that it use the new context feature.
- Don't exit on statistics signal, improve statistics precision,
make them easier to read.
- Fix some problem with user & group options.
- text-output argument is optional.
- New experimental ruleset: Sonicwall and Spamassassin. These
need to be manually hooked to pcre.rules if you plan to use
them.
- Fix FAM activation switches.
* Version 1.4.0 (released 2006-05-15)
** Remove GnuTLS 0.8.x compatibility functions.
** The libgcrypt RNG is initialized in gnutls_global_init().
** TLS/IA API changes from Emile van Bergen.
A dummy credential structure is not needed now, if you wish to use the
low-level TLS/IA API, simply call gnutls_ia_enable to enable TLS/IA on
a session.
** The self-tests are now run under valgrind, if it is installed.
** Libtasn1 is updated to 0.3.4, and that version is now required.
** The command line tools now use getaddrinfo and support IPv6.
** API and ABI modifications:
_gnutls_x509_get_raw_crt_activation_time,
_gnutls_x509_get_raw_crt_expiration_time: Removed.
gnutls_ia_require_inner_phase: Removed, replaced by gnutls_ia_enable.
gnutls_ia_enable: Added.
Version 0.3.4 (released 2006-05-10)
- Really fix encodings.
- Add new self test, tests/Test_encoding.c.
- Self tests are ran under valgrind, if it is available.
- We test for the -Wno-pointer-sign parameter before using it.
Version 0.3.3 (released 2006-05-07)
- Add some 'const' to prototypes.
- Remove some 'unsigned' keywords.
- Corrected asn1_der_coding() bug introduced when it became reentrant.
Now it produces correct encodings.
Gives access to the routines of the GSSAPI library, as described in
rfc2743 and rfc2744 and implemented by the Kerberos-1.2 distribution
from MIT.
Since 0.14 it also compiles and works with Heimdal. Lacks of Heimdal
support are gss_release_oid(), gss_str_to_oid() and fail of some tests.
The API presented by this module is a mildly object oriented
reinterpretation of the C API, where opaque C structures are Perl
objects, but the style of function call has been left mostly untouched.
As a result, most routines modify one or more of the parameters passed
to them, reflecting the C call-by-reference (or call-by-value-return)
semantics.
All users of this module are therefore strongly advised to localize all
usage of these routines to minimize pain if and when the API changes.
Separate out options.mk functionality
Add in options for subversion and postresql support
> CHANGELOG for 5.3:
> ###########
> * Added NTLM support modules for pop3, imap, smtp-auth and http-proxy.
> Work done by ilo (at) reversing.org. THANKS!
> * Added a http form module, thanks to phil (at) irmplc.com
> * Fixed a bug in the vnc module (thanks to kan (at) dcit.cz)
> * Input files may *not* contain null bytes. I might fix that in the future
> but currently I have enough other things on my todo sheet.
> Thanks to didiln (at) gmail.com for reporting.
> Changes:
> - Fixed issue with PostGRES and schema in base_db.inc.php -- Kevin J and Nikns
> - Fixed bug 1284695 Error in SQL with PostgreSQL -- Kevin J and Nikns
> - Fixed issues displaying PortScans -- Nikns
> - Fixed sig_class (bug 1407325) and sig_priority filter bug -- Nikns and Max Valdez (garaged)
> - Fixed bug 1408387 Archive move and Email summary issues -- Nikns
> - Fixed bug when, after setup, archive database wasn't used -- Nikns
> - Fixed PostgreSQL archive database support -- Nikns
> - Fixed bug 1313261 Unable to use actions in base_stat_sensor.php -- Nikns
> - Fixed bug 1371532 First of month timestamp issue -- Nikns
> - Fixed bug 1406945 Lost alert order when switching between payload display -- Nikns
> - Fixed bug 1413712 base_conf.php file path issue under MS Windows -- garaged
> - Fixed search by signature name -- Nikns
> - Converted sql/create_base_tbls_mssql_extra.sql to CRLF line terminators -- Nikns
> - Fixed broken auth system for MSSQL -- Nikns
> - Changed MSSQL schema for table acid_event, sig_name now has type VARCHAR instead of TEXT -- Nikns
> - Fixed bug 1307250 broken base_stat_alerts.php with MSSQL -- Nikns
> - Fixed bug 1413594 Force to use alert database for auth system stuff -- Nikns
> - Setup fix, on error form values are remembered, default language is English -- garaged
> - Uppercased name 'Archive' in base_main.php (in sync with base_hdr1.php) -- Nikns
> - Fixed support for actions in base_stat_class.php -- Nikns
> - Fixed bug 1418660 Broken search by IP criteria -- Nikns
> - Added checkboxes and fixed support for actions in base_stat_iplink.php -- Nikns
> - Implemented RFE 1123382 support for actions in base_stat_uaddr.php -- Nikns
> - Implemented support for actions in base_stat_ports.php -- Nikns
> - Fixed bug 1422575 when empty email sent even if action unsuccessful -- Nikns
> - Fixed bug 1424033 Unable to Graph Alert Detection Time -- Nikns
> - Fixed bug 1426089 Score removed from email address -- Nikns
> - Fixed bug 1210542 and 1288402 Packet display mode issues -- Nikns
> - Detect archiving duplicates with select queries instead of catching db conflict error -- Nikns
> - Fixed bug 1430686 Update alert cache for archived alert right after it is coppied to archive db -- Nikns
> - Implemented archiving support for schema 107 -- Nikns
> - Added sig_gid (signature generator id) to snort signature reference url for schema 107 -- Nikns
> - session_start() on base_conf.php avoiding repetition, easier to handle with debug output -- garaged
> - debug_mode needs to be off on login (index.php:45 ) -- garaged
> - Fixed bug 1275536 Unable to download binary payload in Internet Explorer when using SSL -- Nikns
> - Implemented archiving support for FLoP extended database schema -- Nikns
> - Implemented rebuild of packet in pcap format for FLoP extended database -- Nikns
> - Added display of MAC addresses in base_query_alert.php for FLoP extended database -- Nikns
> - Fixed BASE authentication bypass in standalone mode for base_maintenance.php -- Nikns
> - Added HTTP response codes on authentication failure in base_maintenance.php for standalone mode -- Nikns
> - Fixed bug 1341286 Show IP header length in bytes, not words -- Juergen Leising
> - In plain display mode several sequential non-ASCII payload characters join together displaying their count -- Nikns
> - Changed input type of the password field in useradmin -- Kevin Johnson
Remove the hostname subst, since it was fixed upstream
Changelog:
caff: - try hostname without -f first to be compatible with BSD
- make local-user a config option, and let it accept a list of keyids
pkg-clean: - add option to allow importing subkeys
Add LICENSE=, and license file.
Set RESTRICTED and NO_BIN_ON_* because permission to distribute
derived works is unclear, limited to some operating systems, and
requires a reciprocal license grant.
Changelog:
* Update FSF addresses.
* caff: tweak documentation.
* caff: note that mailed keys are encrypted (suggested by Sune Vuorela).
* caff: You can now specify additional arguments to pass to the
send method of Mail::Mailer. This allows you to send mails via
SMTP and use authentication for instance. Thanks to Martin von Gagern.
* gpg-key2ps, keylookup: make them less dependent on specific
installation paths and thus better portable outside of Debian
(Closes: #354142).
- Replace patch with official fix 'Filter on Target' link (fix#148).
- Fix alert summary exception with alert including file permission (fix#149).
- Fix creation of an empty __init__.py file in lib/site-packages (#147).
- Print currently installed version on libpreludedb requirement error.
- Make sure /usr/bin/env is expanded.
- Improve idmef-path error reporting.
- Rework configure script so that it use --with[out] in
place of --(en|dis)able where we deal with external dependencies.
- Rework configure script so that --with[out] work as expected (enabling and
disabling the feature, explicit error if "with" feature is explicitly
specified but the feature it is unavailable, etc).
- Rework SNMPService class for IDMEF draft 16 compliance.
- Make sure we set alert CreateTime if the caller did not do it for us.
- Fix handling of \r\n terminated line.
- Ignore character that are part of the option value when comparing
option specified using --option=value. Fix handling of parent option.
Approved by <frueauf>
Changes:
- make it work as binary packages,
- remove useless MESSAGE files,
- add nmap.nasl plugin, not included by default upstream,
- make the installation a bit more sane and easier to configure.
2.2.7:
======
Nessus 2.2.7 contains several fixes for bugs which have been found
during the 3.x developement process and have been backported to this
branch. It also slightly extends the NASL language by adding support for
arrays of arrays. We will use this feature in some key plugins (SMB in
particular) within 6 months, so you should definitely upgrade to 2.2.7
or 3.0.x.
nessus-libraries:
- Fixed a NULL pointer dereferencement in the BPF server (this mostly
affects OpenBSD and FreeBSD < 5)
- The 'service' functions now only deal with the services file provided
- with Nessus (instead of using a mix of /etc/services and others)
libnasl:
- Fixed off-by-one bugs in insstr() and str_replace() which would
sometimes prevent these two functions from properly dealing with the
last character of a string
- Fixed tcp_ping() which was too aggressive and may therefore sometimes
miss a live host
- Fixed a bug in send() which would not properly validate the value of the
'length' variable
- Now handle arrays of arrays
- Fixed open_priv_sock_tcp() which would report a successful connection
when timing out
nessusd:
- Properly install the file 'nessus-services' in $prefix/var/nessus/
- Bigger buffer when receiving preferences from the client (to avoid a
possible truncation of the plugin list in the future)
- Fixed a bug in the preferences parser which would cause nessusd to die
on startup when processing a malformed preference file
nessus client:
- Fixed an unlikely but potential segmentation fault when viewing the
report in the GUI
- Erase the credentials from memory after having used them (thanks to
Sumiut Siddhart for noticing this)
plugins:
- Fixed several bugs in find_services.c which would not properly set the
key Transport/SSL or which may read some data beyond its buffer
- Fixed a bad #if/#endif clause in nessus_tcp_scanner.c which prevented it
from recomputing the RTT, hence negatively impacting the performance
- nmap.nasl has been removed from the main distribution (to use nmap from
within Nessus read http://www.nessus.org/documentation/?doc=nmap-usage)
Add --confirm option and corresponding regression tests for Debian bug 296382.
Thanks to Liyang HU for the patch. Also add initialization for $ssh_timeout
which was being inherited from the environment and add regression tests for
--timeout
- Enable write notification on queued write (Fix reverse relaying).
- Fix IDMEF message scheduler warning when plugin failover is enabled.
- Fix reverse relaying on some architecture due to thread safety
issue.
- Server scalability improvement in case of message burst.
- Start work on a normalization plugin. Very simple for now, mostly
sanitize IDMEF Address and IDMEF Service classes.
- When an analyzer have read and write permission to prelude-manager,
avoid acting as an echo server, don't send received message from this
analyzer to itself.
- When no listen address is specified, try to bind all
system address (both ipv4/ipv6).
- Send an alert to the peer on handshake failure, so that
the peer have some information on what happened.
- Consistency work accross all plugin logfile option.
- Various bug fixes and improvements.
Changes:
- Fix Perl/Python bindings uint64 handling on 32 bits machine.
- Make preludedb_check_version available from Perl/Python bindings.
- Use new IDMEF_LIST_APPEND primitive, require libprelude 0.9.6.
- Add libprelude dependencie to SQL plugins, since they depend on
libprelude symbols. Fix compilation problem with some distribution.
- Use global transaction surrounding all operation in preludedb-admin,
this bring a major performance improvement for insert operation.
- API improvement.
include:
* saslauthd/lak.c: leak fix from Igor Brezac
* saslauthd/krbtf.c: updated from CMUCS
* saslauthd/auth_krb5.c: log the krb5 error return if get_creds fails
* saslauthd/auth_krb5.c, saslauthd/auth_krb4.c,
saslauthd/krbtf.h (added), saslauthd/krbtf.c (added),
saslauthd/cfile.h (added), saslauthd/cfile.c (added),
saslauthd/Makefile.am: Kerberos V4/V5 alternate keytab
in saslauthd, plus common code merging (from David Eckhardt
via Dale Moore)
* saslauthd/auth_krb5.c: verify against the service we
were passed. needs to be made configurable.
hashcash-1.22 - 08-Apr-2006 - Adam Back <adam@cypherspace.org>
[BUG FIXES]
hashcash-1.18 - 05-Jul-2005 - Adam Back <adam@cypherspace.org>
* add a simpler minting API to make it easier to mint stamps
from VB scripting
hashcash-1.17 - 30-Mar-2005 - Adam Back <adam@cypherspace.org>
[BUG FIXES]
hashcash-1.15 - 12-Jan-2005 - Adam Back <adam@cypherspace.org>
* make "Hashcash:" be accepted as well as "X-Hashcash:"
suggestion by Simon Josefsson <jas@extundo.com>. This way
if/when the X- is dropped from hashcash headers we will not
have a backwards compatibility problem. (Well not after
version 1.15).
* implement the -Z option to compress stamps; in fact the
usage changed so -Z takes an argument: 0, 1 or 2. 0 = not
compressed, 1 = compressed but not so the counter + padding
is split, and 2 = very compressed, but slow. (Due to a late
discovered bug 2 is the same as 1 for now until I can fix
that.)
* added -O x -sv to request benchtest of core x only
* make code work with -DOPENSSL, think this slipped during
integration of Jonathan's libfastmint as it uses some lower
level openssl APIs internally. I fixed it but it might be
a bit openssl version specific, if they changed the state
fields at any point. (This change coincidentally I think
should work around the linking with openssl problem that Hal
Finney <hal@finney.org> reported).
* add libhashcash.a intermediate target to make hashcash more
convenient to link into other software on linux. (A
suggestion from Hal Finney who was trying to link to his
RPOW system.)
hashcash-1.14 - 14-Dec-2004 - Adam Back <adam@cypherspace.org>
* make hashcash -cX accept continuation lines starting with
space as well as tab
* add library function to wrap lines and use it from hashcash
command line tool.
* fix long vs time_t prototype mismatch that was giving
compile errors on BSD; also cleaned up some warnings that
can be obtained with gcc -Wall.
PKGLOCALEDIR and which install their locale files directly under
${PREFIX}/${PKGLOCALEDIR} and sort the PLIST file entries. From now
on, pkgsrc/mk/plist/plist-locale.awk will automatically handle
transforming the PLIST to refer to the correct locale directory.
