summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorshannonjr <shannonjr>2008-07-21 12:10:48 +0000
committershannonjr <shannonjr>2008-07-21 12:10:48 +0000
commitcfe9e8ff3d737e1af835436b66c024928d7f5f20 (patch)
treebed1f2f56559d057a62ed57bbd27a9f919570af3 /security
parent31a1b5a920f8c4258e74339146044aada92aa1f8 (diff)
downloadpkgsrc-cfe9e8ff3d737e1af835436b66c024928d7f5f20.tar.gz
Update to 0.9.18. Changes:
- Add support for newer GnuTLS 2.2.0 session priority functions. When the option is available, the user might specify TLS settings through the "tls-options" configuration entry. - Workaround a GnuTLS issue where the client wouldn't be able to negotiate a supported compression protocol with the server (#299). - Implement variable substitution in Prelude configuration files. - Allow IDMEF criteria with multiples values for a single path, as can be seen in the following example: alert.classification.text = (A || B || C || D) - Implement negation of idmef-criteria, allowing to write criteria like: ! (alert.classification.text = A || alert.classification.text = B) - Fix an IDMEF-Criteria matching problem, where the match function would not attempt to match a OR after multiple consecutive AND that failed. Thanks Alexander Afonyashin <firm(at)iname.com> for pointing out the problem. - Never use non-pointer field, always use the "required" keyword. Fix API consistency issue, that could lead to unexpected behavior. - Fix multiples problem with prelude_read_multiline / prelude_read_multiline2, (fix a problem with prelude-manager idmef-criteria that wouldn't read external ruleset). - Error out if GnuTLS initialization fail.
Diffstat (limited to 'security')
-rw-r--r--security/libprelude/Makefile8
-rw-r--r--security/libprelude/distinfo10
-rw-r--r--security/libprelude/patches/patch-ab18
3 files changed, 17 insertions, 19 deletions
diff --git a/security/libprelude/Makefile b/security/libprelude/Makefile
index 6e8b8485742..ab7ddac4c93 100644
--- a/security/libprelude/Makefile
+++ b/security/libprelude/Makefile
@@ -1,10 +1,8 @@
-# $NetBSD: Makefile,v 1.31 2008/06/10 13:57:10 shannonjr Exp $
+# $NetBSD: Makefile,v 1.32 2008/07/21 12:10:48 shannonjr Exp $
#
-DISTNAME= libprelude-0.9.17
-PKGREVISION= 1
+DISTNAME= libprelude-0.9.18
CATEGORIES= security
-MASTER_SITES= http://www.prelude-ids.org/download/releases/ \
- http://www.prelude-ids.org/download/releases/old/
+MASTER_SITES= http://www.prelude-ids.com/download/releases/libprelude/
MAINTAINER= shannonjr@NetBSD.org
HOMEPAGE= http://www.prelude-ids.org/download/releases/
diff --git a/security/libprelude/distinfo b/security/libprelude/distinfo
index 9135e2cc9da..48a1eccaa1c 100644
--- a/security/libprelude/distinfo
+++ b/security/libprelude/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.23 2008/06/10 13:57:10 shannonjr Exp $
+$NetBSD: distinfo,v 1.24 2008/07/21 12:10:48 shannonjr Exp $
-SHA1 (libprelude-0.9.17.tar.gz) = b2f93d3eff67ef8e1a756df6a2adab12ceb8740d
-RMD160 (libprelude-0.9.17.tar.gz) = 08abb60654fd06c376b8023609fb3ea9c804c47c
-Size (libprelude-0.9.17.tar.gz) = 2028451 bytes
+SHA1 (libprelude-0.9.18.tar.gz) = 37f91e6f0dfa4b1ae51bff607ba3b3e37a52fa36
+RMD160 (libprelude-0.9.18.tar.gz) = 7097537e9e0cc8c4b17b9a708d362a815ae48c74
+Size (libprelude-0.9.18.tar.gz) = 2040342 bytes
SHA1 (patch-aa) = d6674584a7514dc3a57551215a15413d055f3d38
-SHA1 (patch-ab) = 3fa1b01b728cd1210cf22717e2f6c81a3d3b70cc
+SHA1 (patch-ab) = 96418b2ce697bdfef83780e0dbc47d95568d3a16
SHA1 (patch-ad) = e89900459ed7834801ae22b7a4a711163ec3f86b
SHA1 (patch-ae) = ec362a79320f8ab189597ddd4641e4718536c629
diff --git a/security/libprelude/patches/patch-ab b/security/libprelude/patches/patch-ab
index 36b480c5202..f5e1cf21848 100644
--- a/security/libprelude/patches/patch-ab
+++ b/security/libprelude/patches/patch-ab
@@ -1,19 +1,19 @@
-$NetBSD: patch-ab,v 1.2 2007/09/03 13:43:40 shannonjr Exp $
+$NetBSD: patch-ab,v 1.3 2008/07/21 12:10:49 shannonjr Exp $
---- src/tls-auth.c.orig 2007-08-23 10:25:39.000000000 -0600
+--- src/tls-auth.c.orig 2008-07-18 08:32:52.000000000 -0600
+++ src/tls-auth.c
-@@ -189,6 +189,7 @@ int tls_auth_connection(prelude_client_p
- int ret, fd;
+@@ -269,6 +269,7 @@ int tls_auth_connection(prelude_client_p
void *cred;
+ int ret, fd;
gnutls_session session;
+ int cipher_list[2];
- ret = prelude_client_profile_get_credentials(cp, &cred);
- if ( ret < 0 )
-@@ -196,6 +197,9 @@ int tls_auth_connection(prelude_client_p
+ if ( ! priority_set ) {
+ ret = tls_auth_init_priority(NULL);
+@@ -285,6 +286,9 @@ int tls_auth_connection(prelude_client_p
+ return prelude_error_verbose(PRELUDE_ERROR_PROFILE, "TLS initialization error: %s", gnutls_strerror(ret));
- gnutls_init(&session, GNUTLS_CLIENT);
- gnutls_set_default_priority(session);
+ set_default_priority(session);
+ cipher_list[0] = GNUTLS_CIPHER_AES_128_CBC;
+ cipher_list[1] = 0;
+ gnutls_cipher_set_priority (session, cipher_list);