- Make the Prelude-LML UDP server IPv6 compatible.
- Implement 'idmef-alter' and 'idmef-alter-force' option, alloing
to include static values into IDMEF events generated using a given
format.
- New PPP/PPTPD/L2TP ruleset, by Alexander Afonyashin <firm <at> iname.com>,
with slight modification from Pierre Chifflier <p.chifflier <at> inl.fr>.
Close#340.
- Fix CISCO VPN ruleset so that the 'Authentication rejected' rule will
trigger even if the 'server' field does not contain a word (fix#328).
- Remove dos-style end-of-lines (Closes#338)
- Fixes possible off by one when parsing variable reference number, and
remove un-needed check that would always evaluate to TRUE.Thanks
Steve Grubb <sgrubb <at> redhat.com> for reporting this problem (and
running flexelint on the Prelude sources)!
- Update for libtool 2.x compatibility.
- This simplify the whole regular expression handling a lot, making the
code much easier to read, and fixing potential problem with ovector
assignement. This code should also improve performance by a small
factor.
- Change CISCO references urls to their new location, add CISCO ASA rule
to handle discarded tcp or udp packets.
- Various fixes and update.
Added security/libprelude-lua version 0.9.24
Added security/libprelude-perl version 0.9.24
Added security/libprelude-python version 0.9.24
Added security/libprelude-ruby version 0.9.24
Fix ordering of event handler vs queue modification. This can result in
queue corruption or use after free when the master can't handle a
request before the next arrives. From Matt Dillon.
1.520 (upstream 1.52).
Pkgsrc changes:
- Set LICENSE
- Drop dependencies on devel/p5-Test-Pod and p5-Test-Pod-Coverage
Upstream changes:
1.52 Mon Jul 27 01:25:03 CDT 2009
* Support for more licenses. Thanks to Shlomi Fish.
* Fix slashing problems for Windows. Thanks Olivier Mengue
* Complains about extra unparsed options to try to detect
problems that come out of misquoted variables. Thanks to Gunnar Wolf.
* The list of files to ignore is now called ignore.txt,
which you can turn into .cvsignore, .gitignore, MANIFEST.SKIP
or whatever.
* Handles authors with apostrophes in their names better.
Thanks to, not surprisingly, Dave O'Neill.
* Removed module requirements on Test::Pod and Test::Pod::Coverage
for Module::Starter to be built and installed. However,
t/pod.t and t/pod-coverage.t do still both get created even
if either of their two main modules are not installed.
1.004004).
Pkgsrc changes:
- Set LICENSE
- Set PERL5_MODULE_TYPE to Module::Install
- Add patch to prevent the ad hoc execution of interactive CPAN.pm's first time
configuration by Makefile.PL
Upstream changes:
1.004004 2009-08-05
- Add dependency on Extutils::Install 1.43 and install in --bootstrap
otherwise we fail to build with latest MakeMaker on OpenSolaris (t0m)
- Fix Win32 / Cygwin detection (emazep).
1.004003 2009-16-16
- Stop Makefile.PL exploding if your CPAN is too old to have
CPAN::HandleConfig. Needed when installing local::lib via CPAN
using an old CPAN version (t0m)
- Fix warning from Makefile.PL about ExtUtils::MakeMaker::prompt (t0m)
- Set PERL5LIB back to calculated @INC with --self-contained, to stop
invoking other perl scripts from losing the local::lib if they
mangle @INC from $ENV{PERL5LIB}, and fix install of 'difficult'
modules with such as Test::Deep (t0m)
1.004002 2009-06-15
- Fixed up INC untaint procedure to skip/ignore CODE, ARRAY,
blessed entries. (grink)
- Include test in xt/ for the above
- Put PERL5LIB first, so it'll be favored over privlibexp and
archlibexp when self contained.
- Automatically untaint @INC (t0m)
- Prevent @INC from growing when you have multiple scripts using
--self-contained called from inside one another. (grink by way of t0m)
- eg/scripted_install.pl now no longer requires TARGET, but still
respects it. (confound)
1.004001 2009-05-21
- Clean up CPAN.pm's environment variable the same way we do for
CPANPLUS. Add an example program showing local::lib employed
programmatically (confound).
- Add the beginnings of a troubleshooting section (pattern).
1.004000 2009-05-14
- Don't allow dangerous settings for CPAN.pm that affect where CPAN
installs stuff, as this conflicts with what we're trying to do.
- Make sure that our Makefile is written to the correct directory when
bootstrapping (confound).
1.003004 2009-05-12
- Additional documentation and examples concerning having multiple
local::lib enviornments (amiri)
- Some install tests courtesy of Hans Dieter Pearcey <hdp@cpan.org>.
Thanks!
1.003003 2009-04-09
- Expose the internals per RT #36846.
- Fix the MANIFEST up a bit.
(21 Aug 2009, from /branches/1.6.x)
http://svn.collab.net/repos/svn/tags/1.6.5
User-visible changes:
* fix mod_dav_svn directory view links to preserve peg revisions (r38201)
* do not error on Windows when ALLUSERPROFILE dir nonexistent (r38053, -5, -7)
* properly escape lock comments over ra_neon (r38101, -2)
* allow syncing copies of '/' over ra_neon and ra_serf (issue #3438)
* make 'svnlook diff' show empty added or deleted files (r38458)
* fix building with Apache 2.4 (r36720)
* fix possible data loss on ext4 and GPFS filesystems (issue #3442)
* resolve symlinks when checking for ~/.subversion (r36023)
* don't let svn+ssh SIGKILL ssh processes (issue #2580)
* allow PLAIN and LOGIN mechanisms with SASL in svnserve (r38205)
* fix peg revision parsing in filenames like 'dir/@file.txt' (issue #3416)
* fix detection of Apache <2.0.56 (r38290, -3, -4)
* don't pretend to do tree conflict resolution (r38799, -801, -805)
* fix data corruption when syncing from svnserve to mod_dav_svn (r38686, -7)
* fix GNOME Keyring with '--non-interactive' option (r38222, -3, -61, -410)
* fixed: false "File '...' already exists" error during commit (issue #3119)
Developer-visible changes:
* avoid referencing uninitialized variables (r38388)
* plug a couple of error leaks (r38572)
* improve windows test output (r38616, -7, -9, -49)
Changes in 1.6.0_16 (6u16)
6u16 contains Olson time zone data version 2009i.
Bug Fixes
6862295 hotspot jvmti JDWP threadid changes during debugging session (leading to ignored breakpoints)
Changes in 1.6.0_15 (6u15)
Root Certificates
Root Certificates are included in this release.
* Added one new root certificate and removed 3 root certificates from Entrust. (Refer to 6805338.)
* Added three new root certificates from Keynectis. (Refer to 6845457.)
* Added three new root certificates from Quovadis. (Refer to 6846473.)
Blacklist Entries
This update release includes the following new entry to the Blacklist:
* JNLPAppletLauncher (See Sun Alert 263490 .)
Note: Users should install JDK and JRE 6 Update 15 or later on systems running JDK and JRE 5.0 and SDK and JRE 1.4.2 to take advantage of this blacklist feature. For more information see the Blacklist Jar Feature section in the 6u14 Release Notes.
Debug Issue
Java ™ Virtual Machine Tool Interface (JVM TI) breakpoints are reliable only when either the Parallel Scavenge garbage collector (-XX:+UseParallelGC) or the Parallel Compacting garbage collector (-XX:+UseParallelOldGC) is used.
When other collectors are used, breakpoints may stop functioning, and JVM TI object tags may become unusable after a full GC operation is performed. Java ™ Debug Interface (JDI) ThreadReferences have an embedded thread ID that depends on JVM TI object tags, thus the embedded thread ID may change unexpectedly. This may cause confusion in thread based JDI events.
Note that the Serial garbage collector (-XX:+UseSerialGC) is vulnerable to this problem and is selected by default on some platforms. The work around is to explicitly select the Parallel Scavenge collector using the command line option -XX:+UseParallelGC.
(Refer to 6862295.)
Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 263408 , 263409 , 263428 , 263429 , 263488 , 263489 , and 264648.
Bug fixes for vulnerabilities are listed in the following table.
BugId Category Subcategory Description 6656610 java accessibility AccessibleResourceBundle.getContents exposes mutable static (findbugs)
6656586 java classes_awt Cursor.predefined is protected static mutable (findbugs)
6805231 java classes_awt Security Warning Icon is missing in Windows 2000 Prof from Jdk build 6u12
6818787 java classes_awt It is possible to reposition the security icon too far from the border of the window on X11
6823373 java classes_awt [ZDI-CAN-460] Java Web Start JPEG header parsing needs more scruity
6660539 java classes_beans Introspector cache mutable static
6777487 java classes_beans Encoder allows reading private variables with certain names
6801071 java classes_net Remote sites can compromise user privacy and possibly hijack web session
6801497 java classes_net Proxy is assumed to be immutable but is non-final
6657695 java classes_security AbstractSaslImpl.logger is a static mutable (findbugs)
6824440 java classes_security XML Signature HMAC issue
6657625 java classes_sound RmfFileReader/StandardMidiFileWriter.types are public mutable statics (findbugs)
6738524 java classes_sound JDK13Services allows read access to system properties from untrusted code
6777448 java classes_sound JDK13Services.getProviders creates instances with full privileges
6588003 java classes_swing LayoutQueue mutable statics
6660049 java classes_swing Synth Region.uiToRegionMap/lowerCaseNameMap are mutable statics
6849518 java classes_swing NPE is thrown in jemmy library since 6u15 b01 at javax.swing.plaf.synth.SynthContext.isSubregion()
6656625 java imageio ImageReaderSpi.STANDARD_INPUT_TYPE/ImageWriterSpi.STANDARD_OUTPUT_TYPE are mutable static (findbugs)
6657133 java imageio Mutable statics in imageio plugins (findbugs)
6830335 java jar Java JAR Pack200 Decompression Integer Overflow Vulnerability
6755840 java_plugin plugin Version selection allows old zip and certificate handling to be exploited
6848964 javawebstart general TCK jnlp test jnlp_file/appletDesc/index.html#misc fails with NPE starting 6u15 b01
6862844 javawebstart other java web start ActiveX control security problem caused by ATL PROP_ENTRY macro
6845701 jaxp parse Xerces2 Java XML library infinite loop with malformed XML input
6813167 jax-ws other 6u14 JAX-WS audit mutable static bugs
6736293 jmx classes OpenType checks can be bypassed through finalizer resurrection
6657619 jndi dns DnsContext.debug is public static mutable (findbugs)
Other bug fixes are listed in the following table.
BugId Category Subcategory Description 6786503 hotspot garbage_collector Overflow list performance can be improved
6787254 hotspot garbage_collector Work queue capacity can be increased substantially on some platforms
6805338 java classes_security Add 1 new Entrust root CA cert and remove 3 others with 1024 bit keys
6845457 java classes_security Add root certs for Keynectis CA
6846473 java classes_security Add QuoVadis root CA certs to the JRE
6848984 java classes_util_i18n (tz) Support tzdata2009i
6851214 java classes_util_i18n (tz) New Jordan rule creates a failure for SimpleTimeZone parsing post tzdata2009h
6845077 java install silent JDK should install JRE/Java DB silently
6846531 javawebstart other REGRESSION application from ocie.net does not work with 6.0_14
6461727 jce pkcs11_csp TripleDES KeyGenerators in SunPKCS11 and SunJCE do not agree on key length
Changes in 1.6.0_16 (6u16)
6u16 contains Olson time zone data version 2009i.
Bug Fixes
6862295 hotspot jvmti JDWP threadid changes during debugging session (leading to ignored breakpoints)
Changes in 1.6.0_15 (6u15)
Root Certificates
Root Certificates are included in this release.
* Added one new root certificate and removed 3 root certificates from Entrust. (Refer to 6805338.)
* Added three new root certificates from Keynectis. (Refer to 6845457.)
* Added three new root certificates from Quovadis. (Refer to 6846473.)
Blacklist Entries
This update release includes the following new entry to the Blacklist:
* JNLPAppletLauncher (See Sun Alert 263490 .)
Note: Users should install JDK and JRE 6 Update 15 or later on systems running JDK and JRE 5.0 and SDK and JRE 1.4.2 to take advantage of this blacklist feature. For more information see the Blacklist Jar Feature section in the 6u14 Release Notes.
Debug Issue
Java ™ Virtual Machine Tool Interface (JVM TI) breakpoints are reliable only when either the Parallel Scavenge garbage collector (-XX:+UseParallelGC) or the Parallel Compacting garbage collector (-XX:+UseParallelOldGC) is used.
When other collectors are used, breakpoints may stop functioning, and JVM TI object tags may become unusable after a full GC operation is performed. Java ™ Debug Interface (JDI) ThreadReferences have an embedded thread ID that depends on JVM TI object tags, thus the embedded thread ID may change unexpectedly. This may cause confusion in thread based JDI events.
Note that the Serial garbage collector (-XX:+UseSerialGC) is vulnerable to this problem and is selected by default on some platforms. The work around is to explicitly select the Parallel Scavenge collector using the command line option -XX:+UseParallelGC.
(Refer to 6862295.)
Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 263408 , 263409 , 263428 , 263429 , 263488 , 263489 , and 264648.
Bug fixes for vulnerabilities are listed in the following table.
BugId Category Subcategory Description 6656610 java accessibility AccessibleResourceBundle.getContents exposes mutable static (findbugs)
6656586 java classes_awt Cursor.predefined is protected static mutable (findbugs)
6805231 java classes_awt Security Warning Icon is missing in Windows 2000 Prof from Jdk build 6u12
6818787 java classes_awt It is possible to reposition the security icon too far from the border of the window on X11
6823373 java classes_awt [ZDI-CAN-460] Java Web Start JPEG header parsing needs more scruity
6660539 java classes_beans Introspector cache mutable static
6777487 java classes_beans Encoder allows reading private variables with certain names
6801071 java classes_net Remote sites can compromise user privacy and possibly hijack web session
6801497 java classes_net Proxy is assumed to be immutable but is non-final
6657695 java classes_security AbstractSaslImpl.logger is a static mutable (findbugs)
6824440 java classes_security XML Signature HMAC issue
6657625 java classes_sound RmfFileReader/StandardMidiFileWriter.types are public mutable statics (findbugs)
6738524 java classes_sound JDK13Services allows read access to system properties from untrusted code
6777448 java classes_sound JDK13Services.getProviders creates instances with full privileges
6588003 java classes_swing LayoutQueue mutable statics
6660049 java classes_swing Synth Region.uiToRegionMap/lowerCaseNameMap are mutable statics
6849518 java classes_swing NPE is thrown in jemmy library since 6u15 b01 at javax.swing.plaf.synth.SynthContext.isSubregion()
6656625 java imageio ImageReaderSpi.STANDARD_INPUT_TYPE/ImageWriterSpi.STANDARD_OUTPUT_TYPE are mutable static (findbugs)
6657133 java imageio Mutable statics in imageio plugins (findbugs)
6830335 java jar Java JAR Pack200 Decompression Integer Overflow Vulnerability
6755840 java_plugin plugin Version selection allows old zip and certificate handling to be exploited
6848964 javawebstart general TCK jnlp test jnlp_file/appletDesc/index.html#misc fails with NPE starting 6u15 b01
6862844 javawebstart other java web start ActiveX control security problem caused by ATL PROP_ENTRY macro
6845701 jaxp parse Xerces2 Java XML library infinite loop with malformed XML input
6813167 jax-ws other 6u14 JAX-WS audit mutable static bugs
6736293 jmx classes OpenType checks can be bypassed through finalizer resurrection
6657619 jndi dns DnsContext.debug is public static mutable (findbugs)
Other bug fixes are listed in the following table.
BugId Category Subcategory Description 6786503 hotspot garbage_collector Overflow list performance can be improved
6787254 hotspot garbage_collector Work queue capacity can be increased substantially on some platforms
6805338 java classes_security Add 1 new Entrust root CA cert and remove 3 others with 1024 bit keys
6845457 java classes_security Add root certs for Keynectis CA
6846473 java classes_security Add QuoVadis root CA certs to the JRE
6848984 java classes_util_i18n (tz) Support tzdata2009i
6851214 java classes_util_i18n (tz) New Jordan rule creates a failure for SimpleTimeZone parsing post tzdata2009h
6845077 java install silent JDK should install JRE/Java DB silently
6846531 javawebstart other REGRESSION application from ocie.net does not work with 6.0_14
6461727 jce pkcs11_csp TripleDES KeyGenerators in SunPKCS11 and SunJCE do not agree on key length
