[pkgsrc/trunk]: pkgsrc/security/base 4/03/2009 1.4.2 (chandy)

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/base 4/03/2009 1.4.2 (chandy)
From: adrianp <adrianp%pkgsrc.org@localhost>
Date: Mon, 16 Jan 2023 19:21:42 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/da4799c204d7
branches:  trunk
changeset: 394152:da4799c204d7
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sat Jun 06 11:26:19 2009 +0000

description:
4/03/2009 1.4.2 (chandy)
- EmThreats_link opens now in separate browser window -- Juergen Leising for Micah Gersten
- A new reference "[rule]" points now to base_local_rules.php,
which displays a particular rule for a given rules id (sid).
Prerequisite for this is that "local_rules_dir" in base_conf.php
points to an actually existing and readable/searchable directory which
contains the snort rules.  Please note, that a web server
is usually NOT allowed to access any files outside of its
document root.  Feature request by Chris Ryan, cf.
https://sourceforge.net/forum/message.php?msg_id=5310420
https://sourceforge.net/forum/message.php?msg_id=5311517
-- Juergen Leising
- Update of base.spec; works with fedora 10 -- Juergen Leising
- I have applied two patches submitted by asavenkov
with regard to the oci8 driver (oracle 10), cf.
https://sourceforge.net/forum/message.php?msg_id=5795641
https://sourceforge.net/forum/message.php?msg_id=5796556
-- Juergen Leising
- The "email-the-alerts"-variables were defined twice at different
locations in base_conf.php.  Fixed this.  -- Juergen Leising
- Emails from BASE containing one or more alerts include now a
"To:"-header, as well.  Bug report no. 2234733 -- Juergen Leising
- $sort_order, once it has been chosen, survives now a possible "action",
even in base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
base_stat_class.php and base_stat_sensor.php.
Bug no. 2234745. -- Juergen Leising
- The refresh-problem, when an "action" has been taken, is now fixed in
base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
base_stat_class.php and base_stat_sensor.php, as well.
Bug no. 1681012. -- Juergen Leising
- I have corrected the way ICMP redirect messages are displayed
by BASE, inspired by Bruno G. San Alejo. -- Juergen Leising
- Several preprocessor events that did not get stored in the acid_event
table, so far, are now processed and displayed by BASE.  This affects
all those preprocessors which have sig names that do NOT start with
a "spp_" prefix. -- Juergen Leising
- Fixed bug with archiving IP options. -- Juergen Leising

5/14/09 1.4.3 (gabi)
- XSS Flaws fixed in alert groups -- Kevin Johnson
- Possible SQL injection flaw fixed in AG -- Kevin Johnson
- XSS Flaws fixed in base_qry files -- Kevin Johnson
- Multiple XSS flaws fixed in citems -- Kevin Johnson

5/30/09 1.4.3.1 (zig)
- Multiple XSS flaws fixed in User and Role management -- Kevin Johnson

diffstat:

 security/base/Makefile         |   7 +++----
 security/base/PLIST            |   3 ++-
 security/base/distinfo         |  10 +++++-----
 security/base/patches/patch-aa |  12 ++++++------
 4 files changed, 16 insertions(+), 16 deletions(-)

diffs (90 lines):

diff -r ebea33b4e2da -r da4799c204d7 security/base/Makefile
--- a/security/base/Makefile    Sat Jun 06 10:28:55 2009 +0000
+++ b/security/base/Makefile    Sat Jun 06 11:26:19 2009 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.23 2008/12/07 22:41:25 adrianp Exp $
+# $NetBSD: Makefile,v 1.24 2009/06/06 11:26:19 adrianp Exp $
 #
 
-DISTNAME=      base-1.4.1
-PKGREVISION=   1
+DISTNAME=      base-1.4.3.1
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=secureideas/}
 
@@ -29,7 +28,7 @@
 DEPENDS+=      ${APACHE_PKG_PREFIX}-${PHP_PKG_PREFIX}>=4.0.4:../../www/ap-php
 
 NO_BUILD=      YES
-WRKSRC=                ${WRKDIR}/base-php4
+#WRKSRC=               ${WRKDIR}/base-php4
 
 .include "../../mk/bsd.prefs.mk"
 
diff -r ebea33b4e2da -r da4799c204d7 security/base/PLIST
--- a/security/base/PLIST       Sat Jun 06 10:28:55 2009 +0000
+++ b/security/base/PLIST       Sat Jun 06 11:26:19 2009 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2008/11/05 22:50:00 adrianp Exp $
+@comment $NetBSD: PLIST,v 1.9 2009/06/06 11:26:19 adrianp Exp $
 share/base/admin/base_roleadmin.php
 share/base/admin/base_useradmin.php
 share/base/admin/index.php
@@ -17,6 +17,7 @@
 share/base/base_hdr2.php
 share/base/base_main.php
 share/base/base_maintenance.php
+share/base/base_local_rules.php
 share/base/base_logout.php
 share/base/base_payload.php
 share/base/base_qry_alert.php
diff -r ebea33b4e2da -r da4799c204d7 security/base/distinfo
--- a/security/base/distinfo    Sat Jun 06 10:28:55 2009 +0000
+++ b/security/base/distinfo    Sat Jun 06 11:26:19 2009 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.10 2008/11/05 22:47:13 adrianp Exp $
+$NetBSD: distinfo,v 1.11 2009/06/06 11:26:19 adrianp Exp $
 
-SHA1 (base-1.4.1.tar.gz) = cc779ac3fea50d9b5bbb806cd7f6aa5a09b39b9a
-RMD160 (base-1.4.1.tar.gz) = dec378e107843baba75545d161607f8506740b2a
-Size (base-1.4.1.tar.gz) = 954823 bytes
-SHA1 (patch-aa) = 71c95cbf0bfe45ee818c409bfe9d57753b71689d
+SHA1 (base-1.4.3.1.tar.gz) = bf0a9bbc7131eb84d4b85d25e2fe878da31582c4
+RMD160 (base-1.4.3.1.tar.gz) = e12ec80997df17f4bf3e8ea016da6fc0414044c1
+Size (base-1.4.3.1.tar.gz) = 968771 bytes
+SHA1 (patch-aa) = e51e3b97c0dbba659fb628c3105ff46a93f13bc4
diff -r ebea33b4e2da -r da4799c204d7 security/base/patches/patch-aa
--- a/security/base/patches/patch-aa    Sat Jun 06 10:28:55 2009 +0000
+++ b/security/base/patches/patch-aa    Sat Jun 06 11:26:19 2009 +0000
@@ -1,17 +1,17 @@
-$NetBSD: patch-aa,v 1.2 2006/05/12 22:31:38 adrianp Exp $
+$NetBSD: patch-aa,v 1.3 2009/06/06 11:26:19 adrianp Exp $
 
---- base_conf.php.dist.orig    2006-03-19 22:22:43.000000000 +0000
+--- base_conf.php.dist.orig    2009-05-31 03:06:08.000000000 +0100
 +++ base_conf.php.dist
-@@ -40,7 +40,7 @@ $Use_Auth_System = 0;
-  But also put the preceding slash. e.g. Your URL is http://127.0.0.1/base
+@@ -47,7 +47,7 @@ $BASE_display_sig_links = 1;
   set this to /base
+ 
   */
 -$BASE_urlpath = '';
 +$BASE_urlpath = '/base';
  
  /* Unique BASE ID.  The below variable, if set, will append its value to the
   * title bar of the browser.  This is for people who manage multiple installs
-@@ -62,7 +62,7 @@ $base_custom_footer = '';
+@@ -69,7 +69,7 @@ $base_custom_footer = '';
   *        $foo = 'c:\tmp'    [OK]
   *        $foo = 'c:\tmp\'   [WRONG]
   */
@@ -20,7 +20,7 @@
  
  
  /* The type of underlying alert database
-@@ -72,7 +72,7 @@ $DBlib_path = '';
+@@ -79,7 +79,7 @@ $DBlib_path = '';
   *  MS SQL Server : 'mssql'
   *  Oracle      : 'oci8'
   */

Prev by Date: [pkgsrc/trunk]: pkgsrc/doc Updated security/base to 1.4.3.1
Next by Date: [pkgsrc/trunk]: pkgsrc/www/ap2-auth-mellon Update to 0.2.1:
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc Updated security/base to 1.4.3.1
Next by Thread: [pkgsrc/trunk]: pkgsrc/www/ap2-auth-mellon Update to 0.2.1:
Indexes:

Home | Main Index | Thread Index | Old Index