diff options
author | shannonjr <shannonjr> | 2008-07-21 12:10:48 +0000 |
---|---|---|
committer | shannonjr <shannonjr> | 2008-07-21 12:10:48 +0000 |
commit | cfe9e8ff3d737e1af835436b66c024928d7f5f20 (patch) | |
tree | bed1f2f56559d057a62ed57bbd27a9f919570af3 /security | |
parent | 31a1b5a920f8c4258e74339146044aada92aa1f8 (diff) | |
download | pkgsrc-cfe9e8ff3d737e1af835436b66c024928d7f5f20.tar.gz |
Update to 0.9.18. Changes:
- Add support for newer GnuTLS 2.2.0 session priority functions. When
the option is available, the user might specify TLS settings through
the "tls-options" configuration entry.
- Workaround a GnuTLS issue where the client wouldn't be able
to negotiate a supported compression protocol with the server (#299).
- Implement variable substitution in Prelude configuration files.
- Allow IDMEF criteria with multiples values for a single path,
as can be seen in the following example:
alert.classification.text = (A || B || C || D)
- Implement negation of idmef-criteria, allowing to write criteria like:
! (alert.classification.text = A || alert.classification.text = B)
- Fix an IDMEF-Criteria matching problem, where the match function would
not attempt to match a OR after multiple consecutive AND that failed.
Thanks Alexander Afonyashin <firm(at)iname.com> for pointing out the
problem.
- Never use non-pointer field, always use the "required" keyword. Fix
API consistency issue, that could lead to unexpected behavior.
- Fix multiples problem with prelude_read_multiline /
prelude_read_multiline2,
(fix a problem with prelude-manager idmef-criteria that wouldn't read
external ruleset).
- Error out if GnuTLS initialization fail.
Diffstat (limited to 'security')
-rw-r--r-- | security/libprelude/Makefile | 8 | ||||
-rw-r--r-- | security/libprelude/distinfo | 10 | ||||
-rw-r--r-- | security/libprelude/patches/patch-ab | 18 |
3 files changed, 17 insertions, 19 deletions
diff --git a/security/libprelude/Makefile b/security/libprelude/Makefile index 6e8b8485742..ab7ddac4c93 100644 --- a/security/libprelude/Makefile +++ b/security/libprelude/Makefile @@ -1,10 +1,8 @@ -# $NetBSD: Makefile,v 1.31 2008/06/10 13:57:10 shannonjr Exp $ +# $NetBSD: Makefile,v 1.32 2008/07/21 12:10:48 shannonjr Exp $ # -DISTNAME= libprelude-0.9.17 -PKGREVISION= 1 +DISTNAME= libprelude-0.9.18 CATEGORIES= security -MASTER_SITES= http://www.prelude-ids.org/download/releases/ \ - http://www.prelude-ids.org/download/releases/old/ +MASTER_SITES= http://www.prelude-ids.com/download/releases/libprelude/ MAINTAINER= shannonjr@NetBSD.org HOMEPAGE= http://www.prelude-ids.org/download/releases/ diff --git a/security/libprelude/distinfo b/security/libprelude/distinfo index 9135e2cc9da..48a1eccaa1c 100644 --- a/security/libprelude/distinfo +++ b/security/libprelude/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.23 2008/06/10 13:57:10 shannonjr Exp $ +$NetBSD: distinfo,v 1.24 2008/07/21 12:10:48 shannonjr Exp $ -SHA1 (libprelude-0.9.17.tar.gz) = b2f93d3eff67ef8e1a756df6a2adab12ceb8740d -RMD160 (libprelude-0.9.17.tar.gz) = 08abb60654fd06c376b8023609fb3ea9c804c47c -Size (libprelude-0.9.17.tar.gz) = 2028451 bytes +SHA1 (libprelude-0.9.18.tar.gz) = 37f91e6f0dfa4b1ae51bff607ba3b3e37a52fa36 +RMD160 (libprelude-0.9.18.tar.gz) = 7097537e9e0cc8c4b17b9a708d362a815ae48c74 +Size (libprelude-0.9.18.tar.gz) = 2040342 bytes SHA1 (patch-aa) = d6674584a7514dc3a57551215a15413d055f3d38 -SHA1 (patch-ab) = 3fa1b01b728cd1210cf22717e2f6c81a3d3b70cc +SHA1 (patch-ab) = 96418b2ce697bdfef83780e0dbc47d95568d3a16 SHA1 (patch-ad) = e89900459ed7834801ae22b7a4a711163ec3f86b SHA1 (patch-ae) = ec362a79320f8ab189597ddd4641e4718536c629 diff --git a/security/libprelude/patches/patch-ab b/security/libprelude/patches/patch-ab index 36b480c5202..f5e1cf21848 100644 --- a/security/libprelude/patches/patch-ab +++ b/security/libprelude/patches/patch-ab @@ -1,19 +1,19 @@ -$NetBSD: patch-ab,v 1.2 2007/09/03 13:43:40 shannonjr Exp $ +$NetBSD: patch-ab,v 1.3 2008/07/21 12:10:49 shannonjr Exp $ ---- src/tls-auth.c.orig 2007-08-23 10:25:39.000000000 -0600 +--- src/tls-auth.c.orig 2008-07-18 08:32:52.000000000 -0600 +++ src/tls-auth.c -@@ -189,6 +189,7 @@ int tls_auth_connection(prelude_client_p - int ret, fd; +@@ -269,6 +269,7 @@ int tls_auth_connection(prelude_client_p void *cred; + int ret, fd; gnutls_session session; + int cipher_list[2]; - ret = prelude_client_profile_get_credentials(cp, &cred); - if ( ret < 0 ) -@@ -196,6 +197,9 @@ int tls_auth_connection(prelude_client_p + if ( ! priority_set ) { + ret = tls_auth_init_priority(NULL); +@@ -285,6 +286,9 @@ int tls_auth_connection(prelude_client_p + return prelude_error_verbose(PRELUDE_ERROR_PROFILE, "TLS initialization error: %s", gnutls_strerror(ret)); - gnutls_init(&session, GNUTLS_CLIENT); - gnutls_set_default_priority(session); + set_default_priority(session); + cipher_list[0] = GNUTLS_CIPHER_AES_128_CBC; + cipher_list[1] = 0; + gnutls_cipher_set_priority (session, cipher_list); |