FreeBSD Bugzilla – Attachment 105221 Details for
Bug 145635
[patch] port security/base update to 1.4.5
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
patch_security_base.txt
patch_security_base.txt (text/plain), 11.97 KB, created by
Olli Hauer
on 2010-04-11 23:50:00 UTC
(
hide
)
Description:
patch_security_base.txt
Filename:
MIME Type:
Creator:
Olli Hauer
Created:
2010-04-11 23:50:00 UTC
Size:
11.97 KB
patch
obsolete
>diff -Nru base/Makefile base/Makefile >--- base/Makefile 2009-09-17 23:16:19.000000000 +0200 >+++ base/Makefile 2010-04-11 22:34:49.000000000 +0200 >@@ -6,14 +6,14 @@ > # > > PORTNAME= base >-PORTVERSION= 1.4.4 >+PORTVERSION= 1.4.5 > CATEGORIES= security > MASTER_SITES= SF/secureideas/BASE/${PORTNAME}-${PORTVERSION} > > MAINTAINER= miwi@FreeBSD.org > COMMENT= Basic Analysis and Security Engine - analyzing Snort alerts > >-RUN_DEPENDS= ${ADODB_DIR}/adodb.inc.php:${PORTSDIR}/databases/adodb \ >+RUN_DEPENDS= ${ADODB_DIR}/adodb.inc.php:${PORTSDIR}/databases/adodb5 \ > ${LOCALBASE}/share/pear/Image/Graph.php:${PORTSDIR}/graphics/pear-Image_Graph \ > ${LOCALBASE}/share/pear/Mail.php:${PORTSDIR}/mail/pear-Mail \ > ${LOCALBASE}/share/pear/Mail/mime.php:${PORTSDIR}/mail/pear-Mail_Mime >diff -Nru base/distinfo base/distinfo >--- base/distinfo 2009-09-17 23:16:19.000000000 +0200 >+++ base/distinfo 2010-04-11 22:26:04.000000000 +0200 >@@ -1,3 +1,3 @@ >-MD5 (base-1.4.4.tar.gz) = bb8c10cf033113585155c6fa4c77c9cb >-SHA256 (base-1.4.4.tar.gz) = 5a5e5a1b2b20efca2fe7f57edfacf78a92aeea60f4f5c4f3b49af7dcdb37639d >-SIZE (base-1.4.4.tar.gz) = 966138 >+MD5 (base-1.4.5.tar.gz) = 2ce7de089b7b860f8230731f94a02044 >+SHA256 (base-1.4.5.tar.gz) = 23910f5277ceb43398442074e444182941bf7f6da85efd84ecdd0cf62c4b8935 >+SIZE (base-1.4.5.tar.gz) = 958567 >diff -Nru base/files/patch-base_graph_display.php base/files/patch-base_graph_display.php >--- base/files/patch-base_graph_display.php 1970-01-01 01:00:00.000000000 +0100 >+++ base/files/patch-base_graph_display.php 2010-04-11 23:52:39.000000000 +0200 >@@ -0,0 +1,35 @@ >+--- ./base_graph_display.php.orig 2010-03-05 16:06:17.000000000 +0100 >++++ ./base_graph_display.php 2010-04-11 23:52:13.000000000 +0200 >+@@ -320,27 +320,27 @@ >+ >+ // special case '"I0" => "private network (rfc 1918)"' and >+ // '"** (private network) " => "private network (rfc 1918)"' >+- if (ereg("rfc 1918", $tmp, $substring) || (ereg("[*][*] \(private network\) ", $tmp_lower, $substring))) >++ if (preg_match("/rfc 1918/", $tmp, $substring) || (preg_match("/[*][*] \(private network\) /", $tmp_lower, $substring))) >+ { >+ $Dataset->addPoint("private network (rfc 1918)", $xdata[$i][1]); >+ } >+ // special case '?? (Not Found) ' => 'unknown' >+- elseif(ereg("[?][?][ \t]+\(Not Found\)[ \t]*", $tmp, $substring)) >++ elseif(preg_match("/[?][?][ \t]+\(Not Found\)[ \t]*/", $tmp, $substring)) >+ { >+ $Dataset->addPoint("unknown", $xdata[$i][1]); >+ } >+ // anything inside parentheses, following a 2-letter TLD: >+- elseif (ereg("^[-a-zA-Z0-9]{2}[ \t]\((.+)\)[ \t]*$", $tmp, $substring)) >++ elseif (preg_match("/^[-a-zA-Z0-9]{2}[ \t]\((.+)\)[ \t]*$/", $tmp, $substring)) >+ { >+ $Dataset->addPoint($substring[1], $xdata[$i][1]); >+ } >+ // anything after two-letter top level domain names and after one space or tab: >+- elseif (ereg("[ \t]*[-a-zA-Z0-9]{2}[ \t]([-a-zA-Z0-9]+[-a-zA-Z0-9 ]*)", $tmp, $substring)) >++ elseif (preg_match("/[ \t]*[-a-zA-Z0-9]{2}[ \t]([-a-zA-Z0-9]+[-a-zA-Z0-9 ]*)/", $tmp, $substring)) >+ { >+ $Dataset->addPoint($substring[1], $xdata[$i][1]); >+ } >+ // two-letter top level domain names right at the beginning: >+- elseif (ereg("[ \t]*([-a-zA-Z0-9]{2})[ \t]", $tmp_lower, $substring)) >++ elseif (preg_match("/[ \t]*([-a-zA-Z0-9]{2})[ \t]/", $tmp_lower, $substring)) >+ { >+ $Dataset->addPoint($substring[1], $xdata[$i][1]); >+ } >diff -Nru base/files/patch-base_qry_common.php base/files/patch-base_qry_common.php >--- base/files/patch-base_qry_common.php 1970-01-01 01:00:00.000000000 +0100 >+++ base/files/patch-base_qry_common.php 2010-04-11 23:52:39.000000000 +0200 >@@ -0,0 +1,16 @@ >+--- ./base_qry_common.php.orig 2010-03-05 16:06:17.000000000 +0100 >++++ ./base_qry_common.php 2010-04-11 23:52:13.000000000 +0200 >+@@ -773,10 +773,10 @@ >+ } >+ } >+ /* if have chosen the address type to be both source and destination */ >+- if ( ereg("ip_both", $tmp) ) >++ if ( preg_match("/ip_both/", $tmp) ) >+ { >+- $tmp_src = ereg_replace("ip_both","ip_src",$tmp); >+- $tmp_dst = ereg_replace("ip_both","ip_dst",$tmp); >++ $tmp_src = preg_replace("/ip_both/","ip_src",$tmp); >++ $tmp_dst = preg_replace("/ip_both/","ip_dst",$tmp); >+ >+ if ( $ip_addr[$i][2] == '=' ) >+ $tmp = "(".$tmp_src.') OR ('.$tmp_dst.')'; >diff -Nru base/files/patch-base_qry_sqlcalls.php base/files/patch-base_qry_sqlcalls.php >--- base/files/patch-base_qry_sqlcalls.php 1970-01-01 01:00:00.000000000 +0100 >+++ base/files/patch-base_qry_sqlcalls.php 2010-04-11 23:52:39.000000000 +0200 >@@ -0,0 +1,14 @@ >+--- ./base_qry_sqlcalls.php.orig 2010-03-05 16:06:17.000000000 +0100 >++++ ./base_qry_sqlcalls.php 2010-04-11 23:52:13.000000000 +0200 >+@@ -259,9 +259,9 @@ >+ $line = split (" ", $current_sig_txt); >+ foreach ($line as $ps_element) >+ { >+- if ( ereg("[0-9]*\.[0-9]*\.[0-9]*\.[0-9]", $ps_element) ) >++ if ( preg_match("/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]/", $ps_element) ) >+ { >+- $ps_element = ereg_replace (":", "", $ps_element); >++ $ps_element = preg_replace ("/:/", "", $ps_element); >+ qroPrintEntry("<A HREF=\"base_stat_ipaddr.php?ip=".$ps_element."&netmask=32\">". >+ $ps_element."</A>"); >+ } >diff -Nru base/files/patch-base_stat_ipaddr.php base/files/patch-base_stat_ipaddr.php >--- base/files/patch-base_stat_ipaddr.php 1970-01-01 01:00:00.000000000 +0100 >+++ base/files/patch-base_stat_ipaddr.php 2010-04-11 23:52:39.000000000 +0200 >@@ -0,0 +1,38 @@ >+--- ./base_stat_ipaddr.php.orig 2010-03-05 16:06:17.000000000 +0100 >++++ ./base_stat_ipaddr.php 2010-04-11 23:52:13.000000000 +0200 >+@@ -135,7 +135,7 @@ >+ print "</PRE><BR>\n"; >+ */ >+ >+- if(ereg($ip, $contents)) { >++ if(preg_match("/$ip/", $contents)) { >+ $total++; >+ if( $total % 2 == 0 ) { >+ $color="DDDDDD"; >+@@ -143,7 +143,7 @@ >+ $color="FFFFFF"; >+ } >+ >+- $contents = ereg_replace(" ", " ", $contents); >++ $contents = preg_replace("/ /", " ", $contents); >+ $elements = explode(" ", $contents); >+ >+ echo '<tr bgcolor="'.$color.'"><td align="center">'. >+@@ -183,7 +183,7 @@ >+ print "</PRE></TD>"; >+ >+ /* >+- ereg("([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)",$elements[3],$store); >++ preg_match("/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)/",$elements[3],$store); >+ $source_ip = $store[1]; >+ $source_port = $store[2]; >+ if (empty($source_ip)) >+@@ -197,7 +197,7 @@ >+ echo '<td align="center">' . $source_ip . '</td>'; >+ echo '<td align="center">' . $source_port . '</td>'; >+ >+- ereg("([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)",$elements[5],$store); >++ preg_match("/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*):([0-9]*)/",$elements[5],$store); >+ $destination_ip = $store[1]; >+ $destination_port = $store[2]; >+ if (empty($destination_ip)) >diff -Nru base/files/patch-includes__base_db.inc.php base/files/patch-includes__base_db.inc.php >--- base/files/patch-includes__base_db.inc.php 1970-01-01 01:00:00.000000000 +0100 >+++ base/files/patch-includes__base_db.inc.php 2010-04-11 23:52:39.000000000 +0200 >@@ -0,0 +1,11 @@ >+--- ./includes/base_db.inc.php.orig 2010-03-05 16:06:18.000000000 +0100 >++++ ./includes/base_db.inc.php 2010-04-11 23:52:13.000000000 +0200 >+@@ -209,7 +209,7 @@ >+ /* ** Begin DB specific SQL fix-up ** */ >+ if ($this->DB_type == "mssql") >+ { >+- $sql = eregi_replace("''", "NULL", $sql); >++ $sql = preg_replace("/''/i", "NULL", $sql); >+ } >+ >+ if ($this->DB_type == "oci8") >diff -Nru base/files/patch-includes__base_net.inc.php base/files/patch-includes__base_net.inc.php >--- base/files/patch-includes__base_net.inc.php 1970-01-01 01:00:00.000000000 +0100 >+++ base/files/patch-includes__base_net.inc.php 2010-04-11 23:52:39.000000000 +0200 >@@ -0,0 +1,11 @@ >+--- ./includes/base_net.inc.php.orig 2010-03-05 16:06:18.000000000 +0100 >++++ ./includes/base_net.inc.php 2010-04-11 23:52:13.000000000 +0200 >+@@ -391,7 +391,7 @@ >+ $line = explode(" ", $response_l[$i]); >+ for ($j=0; $j < sizeof($line); $j++ ) >+ { >+- if ( eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $line[$j]) ) >++ if ( preg_match("/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/i", $line[$j]) ) >+ { >+ if ( $email == "" ) >+ $email = $line[$j]; >diff -Nru base/files/patch-includes__base_signature.inc.php base/files/patch-includes__base_signature.inc.php >--- base/files/patch-includes__base_signature.inc.php 1970-01-01 01:00:00.000000000 +0100 >+++ base/files/patch-includes__base_signature.inc.php 2010-04-11 23:52:39.000000000 +0200 >@@ -0,0 +1,11 @@ >+--- ./includes/base_signature.inc.php.orig 2010-03-05 16:06:18.000000000 +0100 >++++ ./includes/base_signature.inc.php 2010-04-11 23:52:13.000000000 +0200 >+@@ -139,7 +139,7 @@ >+ { >+ if ($tmp_ref_system_name == "snort") >+ { >+- if (ereg("([0-9]+):([0-9]+)", $ref_tag, $backref)) >++ if (preg_match("/([0-9]+):([0-9]+)/", $ref_tag, $backref)) >+ { >+ if ($backref[1] == "1") >+ { >diff -Nru base/files/patch-includes__base_state_citems.inc.php base/files/patch-includes__base_state_citems.inc.php >--- base/files/patch-includes__base_state_citems.inc.php 1970-01-01 01:00:00.000000000 +0100 >+++ base/files/patch-includes__base_state_citems.inc.php 2010-04-11 23:52:39.000000000 +0200 >@@ -0,0 +1,11 @@ >+--- ./includes/base_state_citems.inc.php.orig 2010-03-05 16:06:18.000000000 +0100 >++++ ./includes/base_state_citems.inc.php 2010-04-11 23:52:13.000000000 +0200 >+@@ -963,7 +963,7 @@ >+ for ( $i = 0; $i < $this->criteria_cnt; $i++ ) >+ { >+ if ( (isset ($this->criteria[$i][3])) && >+- (ereg("([0-9]*)\.([0-9]*)\.([0-9]*)\.([0-9]*)", $this->criteria[$i][3])) ) >++ (preg_match("/([0-9]*)\.([0-9]*)\.([0-9]*)\.([0-9]*)/", $this->criteria[$i][3])) ) >+ { >+ $tmp_ip_str = $this->criteria[$i][7] = $this->criteria[$i][3]; >+ $this->criteria[$i][3] = strtok($tmp_ip_str, "."); >diff -Nru base/files/patch-includes__base_state_common.inc.php base/files/patch-includes__base_state_common.inc.php >--- base/files/patch-includes__base_state_common.inc.php 1970-01-01 01:00:00.000000000 +0100 >+++ base/files/patch-includes__base_state_common.inc.php 2010-04-11 23:52:39.000000000 +0200 >@@ -0,0 +1,11 @@ >+--- ./includes/base_state_common.inc.php.orig 2010-03-05 16:06:18.000000000 +0100 >++++ ./includes/base_state_common.inc.php 2010-04-11 23:52:13.000000000 +0200 >+@@ -181,7 +181,7 @@ >+ if ( ($valid_data & VAR_SCORE) > 0 ) >+ $regex_mask = $regex_mask . "\-"; >+ >+- return ereg_replace("[^".$regex_mask."]", "", $item); >++ return preg_replace("/[^".$regex_mask."]/", "", $item); >+ } >+ >+ /* *********************************************************************** >diff -Nru base/files/patch-includes__base_state_criteria.inc.php base/files/patch-includes__base_state_criteria.inc.php >--- base/files/patch-includes__base_state_criteria.inc.php 1970-01-01 01:00:00.000000000 +0100 >+++ base/files/patch-includes__base_state_criteria.inc.php 2010-04-11 23:52:39.000000000 +0200 >@@ -0,0 +1,11 @@ >+--- ./includes/base_state_criteria.inc.php.orig 2010-03-05 16:06:18.000000000 +0100 >++++ ./includes/base_state_criteria.inc.php 2010-04-11 23:52:13.000000000 +0200 >+@@ -252,7 +252,7 @@ >+ if ( isset($_POST['current_view']) ) $query_string .= "&current_view=".$_POST['current_view']; >+ if ( isset($_POST['submit']) ) $query_string .= "&submit=".$_POST['submit']; >+ >+- $query_string = ereg_replace("back=1&", "", CleanVariable($query_string, VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER)); >++ $query_string = preg_replace("/back=1&/", "", CleanVariable($query_string, VAR_PERIOD | VAR_DIGIT | VAR_PUNC | VAR_LETTER)); >+ >+ ++$_SESSION['back_list_cnt']; >+ $_SESSION['back_list'][$_SESSION['back_list_cnt']] =
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=105221">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 145635
: 105221