Update to 0.9.18. Changes: - Add support for newer GnuTLS 2.2.0 session priority functions. When the option is available, the user might specify TLS settings through the "tls-options" configuration entry. - Workaround a GnuTLS issue where the client wouldn't be able to negotiate a supported compression protocol with the server (#299). - Implement variable substitution in Prelude configuration files. - Allow IDMEF criteria with multiples values for a single path, as can be seen in the following example: alert.classification.text = (A || B || C || D) - Implement negation of idmef-criteria, allowing to write criteria like: ! (alert.classification.text = A || alert.classification.text = B) - Fix an IDMEF-Criteria matching problem, where the match function would not attempt to match a OR after multiple consecutive AND that failed. Thanks Alexander Afonyashin <firm(at)iname.com> for pointing out the problem. - Never use non-pointer field, always use the "required" keyword. Fix API consistency issue, that could lead to unexpected behavior. - Fix multiples problem with prelude_read_multiline / prelude_read_multiline2, (fix a problem with prelude-manager idmef-criteria that wouldn't read external ruleset). - Error out if GnuTLS initialization fail.diff -r1.31 -r1.32 pkgsrc/security/libprelude/Makefile
(shannonjr)
| @@ -1,20 +1,18 @@ | @@ -1,20 +1,18 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.31 2008/06/10 13:57:10 shannonjr Exp $ | 1 | # $NetBSD: Makefile,v 1.32 2008/07/21 12:10:48 shannonjr Exp $ | |
| 2 | # | 2 | # | |
| 3 | DISTNAME= libprelude-0.9.17 | 3 | DISTNAME= libprelude-0.9.18 | |
| 4 | PKGREVISION= 1 | |||
| 5 | CATEGORIES= security | 4 | CATEGORIES= security | |
| 6 | MASTER_SITES= http://www.prelude-ids.org/download/releases/ \ | 5 | MASTER_SITES= http://www.prelude-ids.com/download/releases/libprelude/ | |
| 7 | http://www.prelude-ids.org/download/releases/old/ | |||
| 8 | 6 | |||
| 9 | MAINTAINER= shannonjr@NetBSD.org | 7 | MAINTAINER= shannonjr@NetBSD.org | |
| 10 | HOMEPAGE= http://www.prelude-ids.org/download/releases/ | 8 | HOMEPAGE= http://www.prelude-ids.org/download/releases/ | |
| 11 | COMMENT= Provides the framework for using the Prelude system | 9 | COMMENT= Provides the framework for using the Prelude system | |
| 12 | 10 | |||
| 13 | .include "../../mk/bsd.prefs.mk" | 11 | .include "../../mk/bsd.prefs.mk" | |
| 14 | .include "options.mk" | 12 | .include "options.mk" | |
| 15 | 13 | |||
| 16 | PRELUDE_USER?= _prelude | 14 | PRELUDE_USER?= _prelude | |
| 17 | PRELUDE_GROUP?= _prelude | 15 | PRELUDE_GROUP?= _prelude | |
| 18 | 16 | |||
| 19 | PKG_GROUPS_VARS+= PRELUDE_GROUP | 17 | PKG_GROUPS_VARS+= PRELUDE_GROUP | |
| 20 | PKG_USERS_VARS+= PRELUDE_USER | 18 | PKG_USERS_VARS+= PRELUDE_USER |
| @@ -1,9 +1,9 @@ | @@ -1,9 +1,9 @@ | |||
| 1 | $NetBSD: distinfo,v 1.23 2008/06/10 13:57:10 shannonjr Exp $ | 1 | $NetBSD: distinfo,v 1.24 2008/07/21 12:10:48 shannonjr Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (libprelude-0.9.17.tar.gz) = b2f93d3eff67ef8e1a756df6a2adab12ceb8740d | 3 | SHA1 (libprelude-0.9.18.tar.gz) = 37f91e6f0dfa4b1ae51bff607ba3b3e37a52fa36 | |
| 4 | RMD160 (libprelude-0.9.17.tar.gz) = 08abb60654fd06c376b8023609fb3ea9c804c47c | 4 | RMD160 (libprelude-0.9.18.tar.gz) = 7097537e9e0cc8c4b17b9a708d362a815ae48c74 | |
| 5 | Size (libprelude-0.9.17.tar.gz) = 2028451 bytes | 5 | Size (libprelude-0.9.18.tar.gz) = 2040342 bytes | |
| 6 | SHA1 (patch-aa) = d6674584a7514dc3a57551215a15413d055f3d38 | 6 | SHA1 (patch-aa) = d6674584a7514dc3a57551215a15413d055f3d38 | |
| 7 | SHA1 (patch-ab) = 3fa1b01b728cd1210cf22717e2f6c81a3d3b70cc | 7 | SHA1 (patch-ab) = 96418b2ce697bdfef83780e0dbc47d95568d3a16 | |
| 8 | SHA1 (patch-ad) = e89900459ed7834801ae22b7a4a711163ec3f86b | 8 | SHA1 (patch-ad) = e89900459ed7834801ae22b7a4a711163ec3f86b | |
| 9 | SHA1 (patch-ae) = ec362a79320f8ab189597ddd4641e4718536c629 | 9 | SHA1 (patch-ae) = ec362a79320f8ab189597ddd4641e4718536c629 |
| @@ -1,22 +1,22 @@ | @@ -1,22 +1,22 @@ | |||
| 1 | $NetBSD: patch-ab,v 1.2 2007/09/03 13:43:40 shannonjr Exp $ | 1 | $NetBSD: patch-ab,v 1.3 2008/07/21 12:10:49 shannonjr Exp $ | |
| 2 | 2 | |||
| 3 | --- src/tls-auth.c.orig 2007-08-23 10:25:39.000000000 -0600 | 3 | --- src/tls-auth.c.orig 2008-07-18 08:32:52.000000000 -0600 | |
| 4 | +++ src/tls-auth.c | 4 | +++ src/tls-auth.c | |
| 5 | @@ -189,6 +189,7 @@ int tls_auth_connection(prelude_client_p | 5 | @@ -269,6 +269,7 @@ int tls_auth_connection(prelude_client_p | |
| 6 | int ret, fd; | |||
| 7 | void *cred; | 6 | void *cred; | |
| 7 | int ret, fd; | |||
| 8 | gnutls_session session; | 8 | gnutls_session session; | |
| 9 | + int cipher_list[2]; | 9 | + int cipher_list[2]; | |
| 10 | 10 | |||
| 11 | ret = prelude_client_profile_get_credentials(cp, &cred); | 11 | if ( ! priority_set ) { | |
| 12 | if ( ret < 0 ) | 12 | ret = tls_auth_init_priority(NULL); | |
| 13 | @@ -196,6 +197,9 @@ int tls_auth_connection(prelude_client_p | 13 | @@ -285,6 +286,9 @@ int tls_auth_connection(prelude_client_p | |
| 14 | return prelude_error_verbose(PRELUDE_ERROR_PROFILE, "TLS initialization error: %s", gnutls_strerror(ret)); | |||
| 14 | 15 | |||
| 15 | gnutls_init(&session, GNUTLS_CLIENT); | 16 | set_default_priority(session); | |
| 16 | gnutls_set_default_priority(session); | |||
| 17 | + cipher_list[0] = GNUTLS_CIPHER_AES_128_CBC; | 17 | + cipher_list[0] = GNUTLS_CIPHER_AES_128_CBC; | |
| 18 | + cipher_list[1] = 0; | 18 | + cipher_list[1] = 0; | |
| 19 | + gnutls_cipher_set_priority (session, cipher_list); | 19 | + gnutls_cipher_set_priority (session, cipher_list); | |
| 20 | gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred); | 20 | gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred); | |
| 21 | 21 | |||
| 22 | fd = prelude_io_get_fd(io); | 22 | fd = prelude_io_get_fd(io); |