head 1.6; access; symbols pkgsrc-2017Q1:1.5.0.80 pkgsrc-2017Q1-base:1.5 pkgsrc-2016Q4:1.5.0.78 pkgsrc-2016Q4-base:1.5 pkgsrc-2016Q3:1.5.0.76 pkgsrc-2016Q3-base:1.5 pkgsrc-2016Q2:1.5.0.74 pkgsrc-2016Q2-base:1.5 pkgsrc-2016Q1:1.5.0.72 pkgsrc-2016Q1-base:1.5 pkgsrc-2015Q4:1.5.0.70 pkgsrc-2015Q4-base:1.5 pkgsrc-2015Q3:1.5.0.68 pkgsrc-2015Q3-base:1.5 pkgsrc-2015Q2:1.5.0.66 pkgsrc-2015Q2-base:1.5 pkgsrc-2015Q1:1.5.0.64 pkgsrc-2015Q1-base:1.5 pkgsrc-2014Q4:1.5.0.62 pkgsrc-2014Q4-base:1.5 pkgsrc-2014Q3:1.5.0.60 pkgsrc-2014Q3-base:1.5 pkgsrc-2014Q2:1.5.0.58 pkgsrc-2014Q2-base:1.5 pkgsrc-2014Q1:1.5.0.56 pkgsrc-2014Q1-base:1.5 pkgsrc-2013Q4:1.5.0.54 pkgsrc-2013Q4-base:1.5 pkgsrc-2013Q3:1.5.0.52 pkgsrc-2013Q3-base:1.5 pkgsrc-2013Q2:1.5.0.50 pkgsrc-2013Q2-base:1.5 pkgsrc-2013Q1:1.5.0.48 pkgsrc-2013Q1-base:1.5 pkgsrc-2012Q4:1.5.0.46 pkgsrc-2012Q4-base:1.5 pkgsrc-2012Q3:1.5.0.44 pkgsrc-2012Q3-base:1.5 pkgsrc-2012Q2:1.5.0.42 pkgsrc-2012Q2-base:1.5 pkgsrc-2012Q1:1.5.0.40 pkgsrc-2012Q1-base:1.5 pkgsrc-2011Q4:1.5.0.38 pkgsrc-2011Q4-base:1.5 pkgsrc-2011Q3:1.5.0.36 pkgsrc-2011Q3-base:1.5 pkgsrc-2011Q2:1.5.0.34 pkgsrc-2011Q2-base:1.5 pkgsrc-2011Q1:1.5.0.32 pkgsrc-2011Q1-base:1.5 pkgsrc-2010Q4:1.5.0.30 pkgsrc-2010Q4-base:1.5 pkgsrc-2010Q3:1.5.0.28 pkgsrc-2010Q3-base:1.5 pkgsrc-2010Q2:1.5.0.26 pkgsrc-2010Q2-base:1.5 pkgsrc-2010Q1:1.5.0.24 pkgsrc-2010Q1-base:1.5 pkgsrc-2009Q4:1.5.0.22 pkgsrc-2009Q4-base:1.5 pkgsrc-2009Q3:1.5.0.20 pkgsrc-2009Q3-base:1.5 pkgsrc-2009Q2:1.5.0.18 pkgsrc-2009Q2-base:1.5 pkgsrc-2009Q1:1.5.0.16 pkgsrc-2009Q1-base:1.5 pkgsrc-2008Q4:1.5.0.14 pkgsrc-2008Q4-base:1.5 pkgsrc-2008Q3:1.5.0.12 pkgsrc-2008Q3-base:1.5 cube-native-xorg:1.5.0.10 cube-native-xorg-base:1.5 pkgsrc-2008Q2:1.5.0.8 pkgsrc-2008Q2-base:1.5 cwrapper:1.5.0.6 pkgsrc-2008Q1:1.5.0.4 pkgsrc-2008Q1-base:1.5 pkgsrc-2007Q4:1.5.0.2 pkgsrc-2007Q4-base:1.5 pkgsrc-2007Q3:1.4.0.24 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.22 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.20 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.18 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.16 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.14 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.12 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.4.0.10 pkgsrc-2005Q4-base:1.4 pkgsrc-2005Q3:1.4.0.8 pkgsrc-2005Q3-base:1.4 pkgsrc-2005Q2:1.4.0.6 pkgsrc-2005Q2-base:1.4 pkgsrc-2005Q1:1.4.0.4 pkgsrc-2005Q1-base:1.4 pkgsrc-2004Q4:1.4.0.2 pkgsrc-2004Q4-base:1.4 pkgsrc-2004Q3:1.3.0.6 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.3.0.4 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.3.0.2 pkgsrc-2004Q1-base:1.3 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2 netbsd-1-6-1:1.1.0.2; locks; strict; comment @# @; 1.6 date 2017.06.15.18.27.50; author nils; state dead; branches; next 1.5; commitid N8mah66giRHeOuVz; 1.5 date 2007.10.21.00.22.53; author adrianp; state Exp; branches; next 1.4; 1.4 date 2004.09.21.15.50.26; author adrianp; state Exp; branches; next 1.3; 1.3 date 2003.12.31.14.11.42; author salo; state Exp; branches; next 1.2; 1.2 date 2003.04.16.06.37.20; author salo; state Exp; branches; next 1.1; 1.1 date 2003.03.04.01.02.26; author salo; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2003.03.04.01.02.26; author grant; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2003.04.16.15.43.12; author grant; state Exp; branches; next ; desc @@ 1.6 log @Upgraded to version 2.9.9.0. This is a HUGE bump, so look at the changelog on the Snort website ! For example, Snort does not natively handle MySQL anymore. As for the pkgsrc changes : - updated deps (net/daq) ; - updated config files ; - updated MASTER_SITE ; - some substitution to handle pkgsrc paths ; - updated compile options. @ text @$NetBSD: patch-ae,v 1.5 2007/10/21 00:22:53 adrianp Exp $ --- etc/snort.conf.orig 2007-09-07 19:32:45.000000000 +0100 +++ etc/snort.conf @@@@ -107,8 +107,8 @@@@ var AIM_SERVERS [64.12.24.0/23,64.12.28. # Path to your rules files (this can be a relative path) # Note for Windows users: You are advised to make this an absolute path, # such as: c:\snort\rules -var RULE_PATH ../rules -var PREPROC_RULE_PATH ../preproc_rules +var RULE_PATH @@PREFIX@@/share/snort/rules +var PREPROC_RULE_PATH @@PREFIX@@/share/snort/preproc_rules # Configure the snort decoder # ============================ @@@@ -191,27 +191,27 @@@@ var PREPROC_RULE_PATH ../preproc_rules # Load all dynamic preprocessors from the install path # (same as command line option --dynamic-preprocessor-lib-dir) # -dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ +dynamicpreprocessor directory @@PREFIX@@/lib/snort_dynamicpreprocessor/ # # Load a specific dynamic preprocessor library from the install path # (same as command line option --dynamic-preprocessor-lib) # -# dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libdynamicexample.so +# dynamicpreprocessor file @@PREFIX@@/lib/snort_dynamicpreprocessor/libdynamicexample.so # # Load a dynamic engine from the install path # (same as command line option --dynamic-engine-lib) # -dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so +dynamicengine @@PREFIX@@/lib/snort_dynamicengine/libsf_engine.so # # Load all dynamic rules libraries from the install path # (same as command line option --dynamic-detection-lib-dir) # -# dynamicdetection directory /usr/local/lib/snort_dynamicrule/ +# dynamicdetection directory @@PREFIX@@/lib/snort_dynamicrule/ # # Load a specific dynamic rule library from the install path # (same as command line option --dynamic-detection-lib) # -# dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so +# dynamicdetection file @@PREFIX@@/lib/snort_dynamicrule/libdynamicexamplerule.so # ################################################### @ 1.5 log @Update to 2.8.0 * Port lists * IPv6 support * Packet performance monitoring * Experimental support for target-based stream and IP frag reassembly * Ability to take actions on preprocessor events * Detection for TCP session hijacking based on MAC address * Unified2 output plugin * Improved performance and detection capabilities @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @- Update snort to 2.2.0 - ok'ed snj@@, wiz@@ - Install database scripts which goes a part-way to addressing PR 18996 Updated database schema diagram from Chris Reid. Schema can be found in ./doc/snort_schema_v106.pdf Added --include-pcre* configuration option to help cross compiling. Thanks Erik de Castro Lopo. Fixed thresholding/suppression issue with queuing multiple events per packet. Thanks Andreas Ostling. When a rebuilt stream causes an alert, log out the original packets instead of the rebuilt packet. Thanks sekure@@gmail.com for the report. Turned off http_inspect alerts that were causing false positives in the preset webserver profiles (Thanks Dan Roelker). Turn off encoding alerts in HTTP parameter field. The parameter field is still normalized, it just doesn't alert. This helps reduce alerts that are generated from complex parameter queries (Thanks Dan Roelker). Fixed memory leak in "fast" output. Thanks for your bug report sekure@@gmail.com. Clear error code which under Windows was causing a subsequent false failure in parsing threshold rules. (Thanks to Rich Adamson) Further details can be found in Changelog and RELEASE.NOTES. @ text @d3 3 a5 3 --- etc/snort.conf.orig Mon Sep 6 13:21:50 2004 +++ etc/snort.conf Mon Sep 6 13:24:34 2004 @@@@ -106,7 +106,7 @@@@ d10 1 d12 1 d16 33 @ 1.3 log @Update to version 2.1.0. Changes: 2.1.0: ====== - A new connection tracking module, Flow (replaces conversation) - A new portscan detector based off of Flow, Flow-Portscan (replaces portscan2) - A new http preprocessor, HttpInspect (replaces http_decode) - Alert Thresholding and Suppression - PCRE rule keyword (Perl Compat Regular Expressions) - isdataat rule keyword (buffer length detection) - A ton of new and updated rules. 2.0.6: ====== - 64-bit update for detection engine. (Thanks, Silio d'Angelo) - Added better PPP decoding. (Thanks Jesper Peterson) - Updated ip_proto optimization for high-speed detection engine. - Fixed infinite loop problem that was introduced by the recursive pattern matching patch. Reported by Lawrence Reed, thanks for testing out the changes for us! - Various changes to help respond (version 1) work a little better. - spp_http_decode 64-bit patch from Dirk Mueller. - Out-of-order ACK problem from Andrew Rucker. Also, updated stream4 to the most recent version from HEAD. - Minor fixes to tagging related to 'src' and 'dst' directives - When counting one byte patterns in 'ningroup' added a check for psLen==1 (wu-manber pattern matcher). Thanks Josh Sakofsky and Dennis McGuire for helping us test this. 2.0.5: ====== - Stream4 fixes from Andrew Rucker Jones. - Allow memcap to be configured for threshold features. 2.0.4: ====== - Fixed a core dump introduced with 2.0.3 when dealing with negated patterns 2.0.3: ====== - doe_ptr handling in byte_test/byte_jump slightly modified to work better with the pcre patch - content processing is now recursive to make distance/within processing better ( thanks to Shai Rubin for patch! ) - fixed a bug in the mwm.c pattern matcher that resulted in some alerts not firing in a particular configuration of rules 2.0.2: ====== - Added Thresholding and Suppression features (Marc Norton/Sourcefire) - Fixed TCP RST processing bug found (Shai Rubin) - Cleanup of spp_arpspoof (Jeff Nathan) - Cleanup of win32 version including proper Event Log support (Chris Reid) - Munged data fixes for stream4 (Chris Green) @ text @d3 3 a5 5 --- etc/snort.conf.orig 2003-12-18 18:14:35.000000000 +0100 +++ etc/snort.conf 2003-12-30 02:25:47.000000000 +0100 @@@@ -104,7 +104,7 @@@@ var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] d7 2 @ 1.2 log @Updated to version 2.0.0. IMPORTANT: This version fixes remotely exploitable heap overflow in the stream4 preprocessor module. Advisory: http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10 Changes: 2.0.0: ====== - Enhanced high-performance detection engine - Stateful Pattern Matching - New detection keywords: byte_test & byte_jump - The Snort code base has undergone an external third party professional security audit funded by Sourcefire (http://www.sourcefire.com) - Many new and updated rules - snort.conf has been updated - Enhancements to self preservation mechanisms in stream4 and frag2 - State tracking fixes in stream4 - New HTTP flow analyzer - Enhanced protocol decoding (TCP options, 802.1q, etc) - Enhanced protocol anomaly detection (IP, TCP, UDP, ICMP, RPC, HTTP, etc) - Enhanced flexresp mode for real-time TCP session sniping - Better chroot()'ing - Tagging system updated - Several million bugs addressed.... - Updated FAQ (thanks to Erek Adams and Dragos Ruiu) Snort 2.0 can be downloaded at http://www.snort.org/dl/snort-2.0.0.tar.gz. Binary versions of the codebase will be built over the next several days and made available at here. 2.0.rc4: ======== - byte_jump/byte_test don't force relative content options - byte_jump/byte_test absolute offsets work - Better FIN handling in Stream4 2.0.rc3: ======== - A low memory usage detection method (enabled via "config detection: search-method lowmem") - Moved the default unix socket location to LOGDIR 2.0.rc2: ======== - syslog should work on win32 and unix - major tagging updates - new UDP decoding alerts - snort.conf updates 2.0.rc1: ======== - Higher performance (due to a new pattern matcher and rebuilt detection engine) - Better decoders - Enhanced stream reassembly and defragmentation - Tons of bug fixes - Updated rules - Updated snort.conf - New detection keywords (byte_test, byte_jump, distance, within) & stateful pattern matching - New HTTP flow analyzer - Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc) - Better self preservation in stateful subsystems - Xrefs fixed - Flexresp works faster and more effectively - Better chroot()'ing - Fixed 802.1q decoding - Better async state handling - New alerting option: -A cmg!! @ text @d3 3 a5 3 --- etc/snort.conf.orig 2003-04-03 23:10:50.000000000 +0200 +++ etc/snort.conf 2003-04-16 08:09:48.000000000 +0200 @@@@ -99,7 +99,7 @@@@ d12 1 a12 1 # Configure the snort decoder: @ 1.1 log @Updated to version 1.9.1. This version fixes the buffer overflow issue noted in: http://www.kb.cert.org/vuls/id/916785 Changes: - follow PKG_SYSCONFDIR - added rc.d script - create own user and group - added MESSAGE with post-install instructions - removed DEINSTALL - minor cleanups (this package was really half-baked..) 1.9.1: ====== - src/preprocessors/spp_rpc_decode.c (PreprocRpcDecode): - alignment errors on non-x86 platforms - added new space delimited options alert_fragments no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete - corrected buffer overflow in fragment normalization - src/snort.c - Win32 '-s' parameter wasn't configured to accept an optarg, but code expected one, causing null-pointer violation. - Backport of 2.0 fixes for stream4 ( off by one errors on reassembly ) @ text @d3 2 a4 2 --- etc/snort.conf.orig 2003-02-23 20:29:24.000000000 +0100 +++ etc/snort.conf 2003-03-04 00:51:11.000000000 +0100 d12 2 a13 2 ################################################### # Step #2: Configure preprocessors @ 1.1.2.1 log @file patch-ae was added on branch netbsd-1-6-1 on 2003-04-16 15:43:12 +0000 @ text @d1 13 @ 1.1.2.2 log @Pull up revision 1.2 (requested by salo in ticket #1257): Updated to version 2.0.0. [security fix] @ text @a0 13 $NetBSD: patch-ae,v 1.1.2.1 2003/04/16 15:43:12 grant Exp $ --- etc/snort.conf.orig 2003-04-03 23:10:50.000000000 +0200 +++ etc/snort.conf 2003-04-16 08:09:48.000000000 +0200 @@@@ -99,7 +99,7 @@@@ var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] # Path to your rules files (this can be a relative path) -var RULE_PATH ../rules +var RULE_PATH @@PREFIX@@/share/snort/rules # Configure the snort decoder: # ============================ @