Subject: CVS commit: [pkgsrc-2009Q1] pkgsrc/security/base
From: Matthias Scheler
Date: 2009-06-07 12:15:56
Message id: 20090607101556.6386F175D0@cvs.netbsd.org

Log Message:
Pullup ticket #2787 - requested by adrianp
base: security update

Revisions pulled up:
- security/base/Makefile			1.24
- security/base/PLIST				1.9
- security/base/distinfo			1.11
- security/base/patches/patch-aa		1.3
---
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Sat Jun  6 11:26:19 UTC 2009

Modified Files:
	pkgsrc/security/base: Makefile PLIST distinfo
	pkgsrc/security/base/patches: patch-aa

Log Message:
4/03/2009 1.4.2 (chandy)
- EmThreats_link opens now in separate browser window -- Juergen Leising
for Micah Gersten
- A new reference "[rule]" points now to base_local_rules.php,
which displays a particular rule for a given rules id (sid).
Prerequisite for this is that "local_rules_dir" in base_conf.php
points to an actually existing and readable/searchable directory which
contains the snort rules.  Please note, that a web server
is usually NOT allowed to access any files outside of its
document root.  Feature request by Chris Ryan, cf.
https://sourceforge.net/forum/message.php?msg_id=5310420
https://sourceforge.net/forum/message.php?msg_id=5311517
-- Juergen Leising
- Update of base.spec; works with fedora 10 -- Juergen Leising
- I have applied two patches submitted by asavenkov
with regard to the oci8 driver (oracle 10), cf.
https://sourceforge.net/forum/message.php?msg_id=5795641
https://sourceforge.net/forum/message.php?msg_id=5796556
-- Juergen Leising
- The "email-the-alerts"-variables were defined twice at different
locations in base_conf.php.  Fixed this.  -- Juergen Leising
- Emails from BASE containing one or more alerts include now a
"To:"-header, as well.  Bug report no. 2234733 -- Juergen Leising
- $sort_order, once it has been chosen, survives now a possible "action",
even in base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
base_stat_class.php and base_stat_sensor.php.
Bug no. 2234745. -- Juergen Leising
- The refresh-problem, when an "action" has been taken, is now fixed in
base_stat_uaddr.php, base_stat_ports.php, base_stat_iplink.php,
base_stat_class.php and base_stat_sensor.php, as well.
Bug no. 1681012. -- Juergen Leising
- I have corrected the way ICMP redirect messages are displayed
by BASE, inspired by Bruno G. San Alejo. -- Juergen Leising
- Several preprocessor events that did not get stored in the acid_event
table, so far, are now processed and displayed by BASE.  This affects
all those preprocessors which have sig names that do NOT start with
a "spp_" prefix. -- Juergen Leising
- Fixed bug with archiving IP options. -- Juergen Leising

5/14/09 1.4.3 (gabi)
- XSS Flaws fixed in alert groups -- Kevin Johnson
- Possible SQL injection flaw fixed in AG -- Kevin Johnson
- XSS Flaws fixed in base_qry files -- Kevin Johnson
- Multiple XSS flaws fixed in citems -- Kevin Johnson

5/30/09 1.4.3.1 (zig)
- Multiple XSS flaws fixed in User and Role management -- Kevin Johnson

Files:
RevisionActionfile
1.23.4.1modifypkgsrc/security/base/Makefile
1.8.4.1modifypkgsrc/security/base/PLIST
1.10.4.1modifypkgsrc/security/base/distinfo
1.2.28.1modifypkgsrc/security/base/patches/patch-aa