87408 2005-03-31 05:22 0000 Version bump to prelude-* ebuils are needed (to 0.9.0-rc1) 2005-09-24 19:34:19 0000 1 1 1 Unclassified Gentoo Linux Ebuilds unspecified All Linux RESOLVED FIXED http://www.prelude-ids.org P2 enhancement --- 87577 87617 92968 1 r3pek@gentoo.org netmon@gentoo.org soulse@gmail.com weeve@gentoo.org yoann@prelude-ids.org r3pek@gentoo.org 2005-03-31 05:22:54 0000 3 days ago, the prelude team released a rc version of the new prelude software. The new version have much more new features... :) so, i think it's a need. I anything information is needed from upstream, you can ping me on irc 'cause i talk to the guys everyday :) Reproducible: Always Steps to Reproduce: ka0ttic@gentoo.org 2005-03-31 05:56:12 0000 tsk tsk you should know better than submitting to bug-wranglers :) r3pek@gentoo.org 2005-03-31 07:28:54 0000 buah :/ sorry.... forgot to change that.... :) anyway, libprelude and libpreludedb -rc2 will be released tonight so if anyone is working on this bug, that should be taken in atention. (prewikka is already rc2) vanquirius@gentoo.org 2005-04-01 08:24:21 0000 So far I have bumped: app-admin/prelude-lml app-admin/prelude-manager dev-libs/libprelude TODO: Look into other packages in the prelude suite prelude flag for Snort prelude flag for PAM (will probably open a bug with pam guys) vanquirius@gentoo.org 2005-04-01 09:54:48 0000 Created an attachment (id=55047) snort-2.3.2-r1.ebuild.diff Can people give their opinions on this modification of the snort ebuild? Basically, it should drop current prelude patches, and use the snort version from prelude-ids.org if the USE flag prelude is set. vanquirius@gentoo.org 2005-04-01 15:02:58 0000 Added dev-libs/libpreludedb vanquirius@gentoo.org 2005-04-01 18:46:17 0000 Prelude suite: net-analyzer/prewikka is an interesting package to complete prelude's suite. All other important packages are in Portage, with the exception of prelude-pflogger. I will add the last if there is enough demand. I think it may also be interesting to create a meta ebuild to pull everything prelude-related, a la nessus. r3pek@gentoo.org 2005-04-04 03:23:45 0000 I agree with that :) j.d@geolab.cz 2005-04-26 04:32:51 0000 re #6: "I think it may also be interesting to create a meta ebuild to pull everything prelude-related, a la nessus." I'm not sure this would be a wise idea - what'd you put in such a meta ebuild? preludelib, snort, prelude-manager, prelude-lml, prewikka, ...? Every prelude setup I've made so far had different components intalled (there are different sensor hosts, manager hosts and manager hosts with web interface). I'm not sure that there is some general setup that most people would use (as there is with nessus). Correct me if I'm wrong... vanquirius@gentoo.org 2005-05-06 18:25:31 0000 re #8 Makes sense. Maybe it would be just bloat after all. My current plan is not to do it anymore. yoann@prelude-ids.org 2005-05-16 04:36:44 0000 Short note on current prelude-* ebuild: * prelude-manager: - The "ssl" use flag should be dropped: SSL support is not optional. - The "mysql" and "postgresql" use flag should be dropped, these are obsoleted by libpreludedb. - a "database" use flags should be added (which should trigger a dependencie on libpreludedb). - an "xml" use flag should be added (for optional compilation of the xmlmod plugin). * libprelude: - the "pcre" use flag should be dropped. PCRE support has been dropped due to several PCRE bugs when using libpcre from another library. weeve@gentoo.org 2005-05-16 09:21:30 0000 Please add a new version of prelude-nids as the current ~arch version of prelude-nids (0.8.6) cannot compile against the current ~arch version of libprelude (0.9.0_rc5-r1) on both ~x86 and ~sparc. vanquirius@gentoo.org 2005-05-17 12:40:49 0000 prelude-manager: got it fixed, waiting for ~sparc keyword for libpreludedb before committing. libprelude: pcre flag dropped. prelude-nids: couldn't get a recent snapshot, so I changed DEPEND to <dev-libs/libprelude-0.9.0_rc1 for now. weeve@gentoo.org 2005-05-17 14:36:04 0000 Added the ~sparc keyword to dev-libs/libpreludedb vanquirius@gentoo.org 2005-05-17 14:57:09 0000 prelude-manager fixed. Thanks Jason. yoann@prelude-ids.org 2005-05-19 06:50:46 0000 Prelude-NIDS is deprecated. Snort is now the 'official' Prelude NIDS sensor. We are currently distributing a Snort tarball including Prelude support on the prelude-ids.org website. Future Snort version (starting at 2.4.0) will officialy include Prelude support. weeve@gentoo.org 2005-05-19 08:05:18 0000 Then any SPARC box or SPARC64 box running a 32 bit userland will no longer be able to run the network sensor portion of Prelude. Snort has a known runtime crashing issue when being built with gcc in 32 bits on SPARC and SPARC64 architectures that cannot be fixed short of some major reworking of gcc's C compiler. You can view bug #29661 for more information if you like. yoann@prelude-ids.org 2005-05-19 08:36:31 0000 The Snort Solaris crash has been known for a long time and is even what resulted in some people switching to Prelude-NIDS (which suffered, at that time from the same problem - but we were quick to correct it). The problem in question, as I remember it, is an alignement issue in header capture, and AFAICT it is not related to a GCC bug. I'd be interested to read any paper demonstrating this stuff to be a GCC problem. Prelude-NIDS will for sure stay deprecated, and won't be ported to version 0.9 of the framework unless someone volunteer to do it. However, I might take some time to look at that Snort issue (so if you have pointers about this specific Snort issue, don't hesitate to send them to me). yoann@prelude-ids.org 2005-05-19 08:45:36 0000 Just finished reading #29661. This definitly is not a GCC issue. Prelude-NIDS used to suffer from the exact same problem. You might want to have a look to https://trac.prelude-ids.org/file/trunk/libprelude/src/include/prelude-extract.h One of the reason for this code was to be able to align network data in Prelude-NIDS. The unaligned access used as an example in #29661 could, for example, be corrected to use these macro. weeve@gentoo.org 2005-05-19 11:06:49 0000 OK, I'll take a look at it, thanks for the info. The INSTALL file from Snort was the one that specifically referenced the problem I mentioned with regards to GCC. vanquirius@gentoo.org 2005-09-24 19:34:19 0000 Okies, 0.9.0 made it to the tree, might as well close this bug :-). pam version bump request remains in bug 87577. Please re-open if necessary. 55047 2005-04-01 09:54 0000 snort-2.3.2-r1.ebuild.diff snort-2.3.2-r1.ebuild.diff text/plain LS0tIHNub3J0LTIuMy4yLmVidWlsZAkyMDA1LTA0LTAxIDE0OjE2OjU5LjAwMDAwMDAwMCAtMDMw MAorKysgc25vcnQtMi4zLjItcjEuZWJ1aWxkCTIwMDUtMDQtMDEgMTQ6NDk6MDQuMDAwMDAwMDAw IC0wMzAwCkBAIC02LDkgKzYsMTEgQEAKIAogREVTQ1JJUFRJT049IkxpYnBjYXAtYmFzZWQgcGFj a2V0IHNuaWZmZXIvbG9nZ2VyL2xpZ2h0d2VpZ2h0IElEUyIKIEhPTUVQQUdFPSJodHRwOi8vd3d3 LnNub3J0Lm9yZy8iCi1TUkNfVVJJPSJodHRwOi8vd3d3LnNub3J0Lm9yZy9kbC9jdXJyZW50LyR7 UH0udGFyLmd6CitNWV9QPSIke1B9LTAuOS4wLXJjMSIKK01ZX1BSRUxVREU9IiR7UH0tcHJlbHVk ZS0wLjkuMC1yYzEiCitTUkNfVVJJPSIhcHJlbHVkZT8gKCBodHRwOi8vd3d3LnNub3J0Lm9yZy9k bC9jdXJyZW50LyR7UH0udGFyLmd6ICkKIAlzbm9ydHNhbT8gKCBtaXJyb3I6Ly9nZW50b28vc25v cnRzYW0tMjAwNTAxMTAudGFyLmd6ICkKLQlwcmVsdWRlPyAoIGh0dHA6Ly93d3cucHJlbHVkZS1p ZHMub3JnL2Rvd25sb2FkL3JlbGVhc2VzL3Nub3J0LXByZWx1ZGUtcmVwb3J0aW5nLXBhdGNoLTAu My42LnRhci5neiApCisJcHJlbHVkZT8gKCBodHRwOi8vd3d3LnByZWx1ZGUtaWRzLm9yZy9kb3du bG9hZC9yZWxlYXNlcy8ke01ZX1B9LnRhci5neiApCiAJc2d1aWw/ICggbWlycm9yOi8vc291cmNl Zm9yZ2Uvc2d1aWwvc2d1aWwtc2Vuc29yLTAuNS4zLnRhci5neiApIgogCiAjCXNub3J0c2FtPyAo IGh0dHA6Ly93d3cuc25vcnRzYW0ubmV0L2ZpbGVzL3Nub3J0LXBsdWdpbi9zbm9ydHNhbS1wYXRj aC50YXIuZ3ogKQpAQCAtMjksNyArMzEsNyBAQAogCXBvc3RncmVzPyAoID49ZGV2LWRiL3Bvc3Rn cmVzcWwtNy4yICkKIAlteXNxbD8gKCA+PWRldi1kYi9teXNxbC0zLjIzLjI2ICkKIAlzc2w/ICgg Pj1kZXYtbGlicy9vcGVuc3NsLTAuOS42YiApCi0JcHJlbHVkZT8gKCA+PWRldi1saWJzL2xpYnBy ZWx1ZGUtMC44ICkKKwlwcmVsdWRlPyAoID49ZGV2LWxpYnMvbGlicHJlbHVkZS0wLjkuMF9yYzEg KQogCW9kYmM/ICggZGV2LWRiL3VuaXhPREJDICkKIAlpbmxpbmU/ICgKIAkJCQl+bmV0LWxpYnMv bGlibmV0LTEuMC4yYQpAQCAtNDEsNiArNDMsMTAgQEAKIAlzZWxpbnV4PyAoIHNlYy1wb2xpY3kv c2VsaW51eC1zbm9ydCApCiAJc25vcnRzYW0/ICggbmV0LWFuYWx5emVyL3Nub3J0c2FtICkiCiAK K2lmIHVzZSBwcmVsdWRlOyB0aGVuCisJUz0iJHtXT1JLRElSfS8ke01ZX1BSRUxVREV9IgorZmkK Kwogc3JjX3VucGFjaygpIHsKIAl1bnBhY2sgJHtBfQogCWNkICR7U30KQEAgLTU0LDEyICs2MCw2 IEBACiAJc2VkIC1pICJzOnZhciBSVUxFX1BBVEggLi4vcnVsZXM6dmFyIFJVTEVfUEFUSCAvZXRj L3Nub3J0OiIgXAogCQlldGMvc25vcnQuY29uZiB8fCBkaWUgInNlZCBzbm9ydC5jb25mIGZhaWxl ZCIKIAotCWlmIHVzZSBwcmVsdWRlIDsgdGhlbgotCQllcGF0Y2ggLi4vc25vcnQtMi4yLjAtcHJl bHVkZS0wLjMuNi5kaWZmCi0JCXNlZCAtaSAtZSAiczpBQ19QUk9HX1JBTkxJQjpBQ19QUk9HX0xJ QlRPT0w6IiBjb25maWd1cmUuaW4gXAotCQkJfHwgZGllICJzZWQgY29uZmlndXJlLmluIGZhaWxl ZCIKLQlmaQotCiAJaWYgdXNlIHNndWlsIDsgdGhlbgogCQljZCAke1N9L3NyYy9wcmVwcm9jZXNz b3JzCiAJCWVwYXRjaCAke1dPUktESVJ9L3NndWlsLTAuNS4zL3NlbnNvci9zbm9ydF9tb2RzLzJf MS9zcHBfcG9ydHNjYW5fc2d1aWwucGF0Y2ggfHwgZGllCg==