From cfe9e8ff3d737e1af835436b66c024928d7f5f20 Mon Sep 17 00:00:00 2001 From: shannonjr Date: Mon, 21 Jul 2008 12:10:48 +0000 Subject: Update to 0.9.18. Changes: - Add support for newer GnuTLS 2.2.0 session priority functions. When the option is available, the user might specify TLS settings through the "tls-options" configuration entry. - Workaround a GnuTLS issue where the client wouldn't be able to negotiate a supported compression protocol with the server (#299). - Implement variable substitution in Prelude configuration files. - Allow IDMEF criteria with multiples values for a single path, as can be seen in the following example: alert.classification.text = (A || B || C || D) - Implement negation of idmef-criteria, allowing to write criteria like: ! (alert.classification.text = A || alert.classification.text = B) - Fix an IDMEF-Criteria matching problem, where the match function would not attempt to match a OR after multiple consecutive AND that failed. Thanks Alexander Afonyashin for pointing out the problem. - Never use non-pointer field, always use the "required" keyword. Fix API consistency issue, that could lead to unexpected behavior. - Fix multiples problem with prelude_read_multiline / prelude_read_multiline2, (fix a problem with prelude-manager idmef-criteria that wouldn't read external ruleset). - Error out if GnuTLS initialization fail. --- security/libprelude/Makefile | 8 +++----- security/libprelude/distinfo | 10 +++++----- security/libprelude/patches/patch-ab | 18 +++++++++--------- 3 files changed, 17 insertions(+), 19 deletions(-) (limited to 'security') diff --git a/security/libprelude/Makefile b/security/libprelude/Makefile index 6e8b8485742..ab7ddac4c93 100644 --- a/security/libprelude/Makefile +++ b/security/libprelude/Makefile @@ -1,10 +1,8 @@ -# $NetBSD: Makefile,v 1.31 2008/06/10 13:57:10 shannonjr Exp $ +# $NetBSD: Makefile,v 1.32 2008/07/21 12:10:48 shannonjr Exp $ # -DISTNAME= libprelude-0.9.17 -PKGREVISION= 1 +DISTNAME= libprelude-0.9.18 CATEGORIES= security -MASTER_SITES= http://www.prelude-ids.org/download/releases/ \ - http://www.prelude-ids.org/download/releases/old/ +MASTER_SITES= http://www.prelude-ids.com/download/releases/libprelude/ MAINTAINER= shannonjr@NetBSD.org HOMEPAGE= http://www.prelude-ids.org/download/releases/ diff --git a/security/libprelude/distinfo b/security/libprelude/distinfo index 9135e2cc9da..48a1eccaa1c 100644 --- a/security/libprelude/distinfo +++ b/security/libprelude/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.23 2008/06/10 13:57:10 shannonjr Exp $ +$NetBSD: distinfo,v 1.24 2008/07/21 12:10:48 shannonjr Exp $ -SHA1 (libprelude-0.9.17.tar.gz) = b2f93d3eff67ef8e1a756df6a2adab12ceb8740d -RMD160 (libprelude-0.9.17.tar.gz) = 08abb60654fd06c376b8023609fb3ea9c804c47c -Size (libprelude-0.9.17.tar.gz) = 2028451 bytes +SHA1 (libprelude-0.9.18.tar.gz) = 37f91e6f0dfa4b1ae51bff607ba3b3e37a52fa36 +RMD160 (libprelude-0.9.18.tar.gz) = 7097537e9e0cc8c4b17b9a708d362a815ae48c74 +Size (libprelude-0.9.18.tar.gz) = 2040342 bytes SHA1 (patch-aa) = d6674584a7514dc3a57551215a15413d055f3d38 -SHA1 (patch-ab) = 3fa1b01b728cd1210cf22717e2f6c81a3d3b70cc +SHA1 (patch-ab) = 96418b2ce697bdfef83780e0dbc47d95568d3a16 SHA1 (patch-ad) = e89900459ed7834801ae22b7a4a711163ec3f86b SHA1 (patch-ae) = ec362a79320f8ab189597ddd4641e4718536c629 diff --git a/security/libprelude/patches/patch-ab b/security/libprelude/patches/patch-ab index 36b480c5202..f5e1cf21848 100644 --- a/security/libprelude/patches/patch-ab +++ b/security/libprelude/patches/patch-ab @@ -1,19 +1,19 @@ -$NetBSD: patch-ab,v 1.2 2007/09/03 13:43:40 shannonjr Exp $ +$NetBSD: patch-ab,v 1.3 2008/07/21 12:10:49 shannonjr Exp $ ---- src/tls-auth.c.orig 2007-08-23 10:25:39.000000000 -0600 +--- src/tls-auth.c.orig 2008-07-18 08:32:52.000000000 -0600 +++ src/tls-auth.c -@@ -189,6 +189,7 @@ int tls_auth_connection(prelude_client_p - int ret, fd; +@@ -269,6 +269,7 @@ int tls_auth_connection(prelude_client_p void *cred; + int ret, fd; gnutls_session session; + int cipher_list[2]; - ret = prelude_client_profile_get_credentials(cp, &cred); - if ( ret < 0 ) -@@ -196,6 +197,9 @@ int tls_auth_connection(prelude_client_p + if ( ! priority_set ) { + ret = tls_auth_init_priority(NULL); +@@ -285,6 +286,9 @@ int tls_auth_connection(prelude_client_p + return prelude_error_verbose(PRELUDE_ERROR_PROFILE, "TLS initialization error: %s", gnutls_strerror(ret)); - gnutls_init(&session, GNUTLS_CLIENT); - gnutls_set_default_priority(session); + set_default_priority(session); + cipher_list[0] = GNUTLS_CIPHER_AES_128_CBC; + cipher_list[1] = 0; + gnutls_cipher_set_priority (session, cipher_list); -- cgit v1.2.3