head 1.54; access; symbols pkgsrc-2023Q4:1.54.0.18 pkgsrc-2023Q4-base:1.54 pkgsrc-2023Q3:1.54.0.16 pkgsrc-2023Q3-base:1.54 pkgsrc-2023Q2:1.54.0.14 pkgsrc-2023Q2-base:1.54 pkgsrc-2023Q1:1.54.0.12 pkgsrc-2023Q1-base:1.54 pkgsrc-2022Q4:1.54.0.10 pkgsrc-2022Q4-base:1.54 pkgsrc-2022Q3:1.54.0.8 pkgsrc-2022Q3-base:1.54 pkgsrc-2022Q2:1.54.0.6 pkgsrc-2022Q2-base:1.54 pkgsrc-2022Q1:1.54.0.4 pkgsrc-2022Q1-base:1.54 pkgsrc-2021Q4:1.54.0.2 pkgsrc-2021Q4-base:1.54 pkgsrc-2021Q3:1.52.0.8 pkgsrc-2021Q3-base:1.52 pkgsrc-2021Q2:1.52.0.6 pkgsrc-2021Q2-base:1.52 pkgsrc-2021Q1:1.52.0.4 pkgsrc-2021Q1-base:1.52 pkgsrc-2020Q4:1.52.0.2 pkgsrc-2020Q4-base:1.52 pkgsrc-2020Q3:1.51.0.6 pkgsrc-2020Q3-base:1.51 pkgsrc-2020Q2:1.51.0.4 pkgsrc-2020Q2-base:1.51 pkgsrc-2020Q1:1.51.0.2 pkgsrc-2020Q1-base:1.51 pkgsrc-2019Q4:1.50.0.26 pkgsrc-2019Q4-base:1.50 pkgsrc-2019Q3:1.50.0.22 pkgsrc-2019Q3-base:1.50 pkgsrc-2019Q2:1.50.0.20 pkgsrc-2019Q2-base:1.50 pkgsrc-2019Q1:1.50.0.18 pkgsrc-2019Q1-base:1.50 pkgsrc-2018Q4:1.50.0.16 pkgsrc-2018Q4-base:1.50 pkgsrc-2018Q3:1.50.0.14 pkgsrc-2018Q3-base:1.50 pkgsrc-2018Q2:1.50.0.12 pkgsrc-2018Q2-base:1.50 pkgsrc-2018Q1:1.50.0.10 pkgsrc-2018Q1-base:1.50 pkgsrc-2017Q4:1.50.0.8 pkgsrc-2017Q4-base:1.50 pkgsrc-2017Q3:1.50.0.6 pkgsrc-2017Q3-base:1.50 pkgsrc-2017Q2:1.50.0.2 pkgsrc-2017Q2-base:1.50 pkgsrc-2017Q1:1.49.0.12 pkgsrc-2017Q1-base:1.49 pkgsrc-2016Q4:1.49.0.10 pkgsrc-2016Q4-base:1.49 pkgsrc-2016Q3:1.49.0.8 pkgsrc-2016Q3-base:1.49 pkgsrc-2016Q2:1.49.0.6 pkgsrc-2016Q2-base:1.49 pkgsrc-2016Q1:1.49.0.4 pkgsrc-2016Q1-base:1.49 pkgsrc-2015Q4:1.49.0.2 pkgsrc-2015Q4-base:1.49 pkgsrc-2015Q3:1.48.0.22 pkgsrc-2015Q3-base:1.48 pkgsrc-2015Q2:1.48.0.20 pkgsrc-2015Q2-base:1.48 pkgsrc-2015Q1:1.48.0.18 pkgsrc-2015Q1-base:1.48 pkgsrc-2014Q4:1.48.0.16 pkgsrc-2014Q4-base:1.48 pkgsrc-2014Q3:1.48.0.14 pkgsrc-2014Q3-base:1.48 pkgsrc-2014Q2:1.48.0.12 pkgsrc-2014Q2-base:1.48 pkgsrc-2014Q1:1.48.0.10 pkgsrc-2014Q1-base:1.48 pkgsrc-2013Q4:1.48.0.8 pkgsrc-2013Q4-base:1.48 pkgsrc-2013Q3:1.48.0.6 pkgsrc-2013Q3-base:1.48 pkgsrc-2013Q2:1.48.0.4 pkgsrc-2013Q2-base:1.48 pkgsrc-2013Q1:1.48.0.2 pkgsrc-2013Q1-base:1.48 pkgsrc-2012Q4:1.47.0.16 pkgsrc-2012Q4-base:1.47 pkgsrc-2012Q3:1.47.0.14 pkgsrc-2012Q3-base:1.47 pkgsrc-2012Q2:1.47.0.12 pkgsrc-2012Q2-base:1.47 pkgsrc-2012Q1:1.47.0.10 pkgsrc-2012Q1-base:1.47 pkgsrc-2011Q4:1.47.0.8 pkgsrc-2011Q4-base:1.47 pkgsrc-2011Q3:1.47.0.6 pkgsrc-2011Q3-base:1.47 pkgsrc-2011Q2:1.47.0.4 pkgsrc-2011Q2-base:1.47 pkgsrc-2011Q1:1.47.0.2 pkgsrc-2011Q1-base:1.47 pkgsrc-2010Q4:1.46.0.18 pkgsrc-2010Q4-base:1.46 pkgsrc-2010Q3:1.46.0.16 pkgsrc-2010Q3-base:1.46 pkgsrc-2010Q2:1.46.0.14 pkgsrc-2010Q2-base:1.46 pkgsrc-2010Q1:1.46.0.12 pkgsrc-2010Q1-base:1.46 pkgsrc-2009Q4:1.46.0.10 pkgsrc-2009Q4-base:1.46 pkgsrc-2009Q3:1.46.0.8 pkgsrc-2009Q3-base:1.46 pkgsrc-2009Q2:1.46.0.6 pkgsrc-2009Q2-base:1.46 pkgsrc-2009Q1:1.46.0.4 pkgsrc-2009Q1-base:1.46 pkgsrc-2008Q4:1.46.0.2 pkgsrc-2008Q4-base:1.46 pkgsrc-2008Q3:1.45.0.4 pkgsrc-2008Q3-base:1.45 cube-native-xorg:1.45.0.2 cube-native-xorg-base:1.45 pkgsrc-2008Q2:1.44.0.4 pkgsrc-2008Q2-base:1.44 cwrapper:1.44.0.2 pkgsrc-2008Q1:1.42.0.2 pkgsrc-2008Q1-base:1.42 pkgsrc-2007Q4:1.41.0.2 pkgsrc-2007Q4-base:1.41 pkgsrc-2007Q3:1.40.0.2 pkgsrc-2007Q3-base:1.40 pkgsrc-2007Q2:1.39.0.2 pkgsrc-2007Q2-base:1.39 pkgsrc-2007Q1:1.38.0.2 pkgsrc-2007Q1-base:1.38 pkgsrc-2006Q4:1.35.0.6 pkgsrc-2006Q4-base:1.35 pkgsrc-2006Q3:1.35.0.4 pkgsrc-2006Q3-base:1.35 pkgsrc-2006Q2:1.35.0.2 pkgsrc-2006Q2-base:1.35 pkgsrc-2006Q1:1.34.0.2 pkgsrc-2006Q1-base:1.34 pkgsrc-2005Q4:1.32.0.2 pkgsrc-2005Q4-base:1.32 pkgsrc-2005Q3:1.30.0.2 pkgsrc-2005Q3-base:1.30 pkgsrc-2005Q2:1.27.0.2 pkgsrc-2005Q2-base:1.27 pkgsrc-2005Q1:1.25.0.2 pkgsrc-2005Q1-base:1.25 pkgsrc-2004Q4:1.23.0.2 pkgsrc-2004Q4-base:1.23 pkgsrc-2004Q3:1.22.0.2 pkgsrc-2004Q3-base:1.22 pkgsrc-2004Q2:1.21.0.2 pkgsrc-2004Q2-base:1.21 pkgsrc-2004Q1:1.20.0.2 pkgsrc-2004Q1-base:1.20 pkgsrc-2003Q4:1.18.0.2 pkgsrc-2003Q4-base:1.18 netbsd-1-6-1:1.13.0.2 netbsd-1-6-1-base:1.13 netbsd-1-6:1.12.0.6 netbsd-1-6-RELEASE-base:1.12 pkgviews:1.12.0.2 pkgviews-base:1.12 buildlink2:1.11.0.2 buildlink2-base:1.11 netbsd-1-5-PATCH003:1.11 netbsd-1-5-PATCH001:1.2; locks; strict; comment @# @; 1.54 date 2021.10.26.11.06.57; author nia; state Exp; branches; next 1.53; commitid G83yJyZF8er6kjeD; 1.53 date 2021.10.07.14.42.48; author nia; state Exp; branches; next 1.52; commitid EMvsIaZgYm1t8TbD; 1.52 date 2020.10.01.19.45.02; author nils; state Exp; branches; next 1.51; commitid ZiX3GlYLXyJqGeqC; 1.51 date 2020.02.18.23.00.26; author sevan; state Exp; branches; next 1.50; commitid MLUJHChwJZ0P4dXB; 1.50 date 2017.06.15.18.27.50; author nils; state Exp; branches; next 1.49; commitid N8mah66giRHeOuVz; 1.49 date 2015.11.04.00.35.37; author agc; state Exp; branches; next 1.48; commitid K5R8pkzReRJy0IHy; 1.48 date 2013.02.22.12.05.34; author jperkin; state Exp; branches; next 1.47; 1.47 date 2011.04.01.16.48.36; author gdt; state Exp; branches; next 1.46; 1.46 date 2008.10.25.18.35.19; author adrianp; state Exp; branches; next 1.45; 1.45 date 2008.08.03.19.30.16; author adrianp; state Exp; branches; next 1.44; 1.44 date 2008.06.21.21.44.21; author joerg; state Exp; branches; next 1.43; 1.43 date 2008.05.25.23.49.07; author adrianp; state Exp; branches; next 1.42; 1.42 date 2008.01.06.00.28.44; author adrianp; state Exp; branches 1.42.2.1; next 1.41; 1.41 date 2007.10.21.00.22.53; author adrianp; state Exp; branches; next 1.40; 1.40 date 2007.08.20.20.28.18; author adrianp; state Exp; branches; next 1.39; 1.39 date 2007.05.18.22.20.10; author adrianp; state Exp; branches; next 1.38; 1.38 date 2007.02.20.17.29.36; author joerg; state Exp; branches; next 1.37; 1.37 date 2007.02.19.19.40.35; author adrianp; state Exp; branches; next 1.36; 1.36 date 2007.02.17.19.08.06; author adrianp; state Exp; branches; next 1.35; 1.35 date 2006.06.06.18.51.52; author adrianp; state Exp; branches; next 1.34; 1.34 date 2006.03.09.09.37.44; author adrianp; state Exp; branches 1.34.2.1; next 1.33; 1.33 date 2006.02.16.20.45.51; author joerg; state Exp; branches; next 1.32; 1.32 date 2005.10.18.15.15.04; author adrianp; state Exp; branches 1.32.2.1; next 1.31; 1.31 date 2005.10.11.20.53.22; author adrianp; state Exp; branches; next 1.30; 1.30 date 2005.09.20.18.01.26; author adrianp; state Exp; branches 1.30.2.1; next 1.29; 1.29 date 2005.09.14.12.46.52; author adrianp; state Exp; branches; next 1.28; 1.28 date 2005.08.13.19.56.47; author adrianp; state Exp; branches; next 1.27; 1.27 date 2005.04.27.18.36.25; author adrianp; state Exp; branches; next 1.26; 1.26 date 2005.03.25.18.28.28; author adrianp; state Exp; branches; next 1.25; 1.25 date 2005.02.24.12.14.04; author agc; state Exp; branches; next 1.24; 1.24 date 2005.01.29.03.27.58; author taca; state Exp; branches; next 1.23; 1.23 date 2004.09.21.15.50.26; author adrianp; state Exp; branches 1.23.2.1; next 1.22; 1.22 date 2004.07.01.17.10.22; author adrianp; state Exp; branches; next 1.21; 1.21 date 2004.04.10.03.09.45; author snj; state Exp; branches; next 1.20; 1.20 date 2004.01.31.20.43.41; author kristerw; state Exp; branches; next 1.19; 1.19 date 2003.12.31.14.11.42; author salo; state Exp; branches; next 1.18; 1.18 date 2003.09.23.15.43.51; author salo; state Exp; branches; next 1.17; 1.17 date 2003.07.26.11.13.17; author salo; state Exp; branches; next 1.16; 1.16 date 2003.04.16.15.51.23; author salo; state Exp; branches; next 1.15; 1.15 date 2003.04.16.06.37.19; author salo; state Exp; branches; next 1.14; 1.14 date 2003.03.04.01.02.25; author salo; state Exp; branches; next 1.13; 1.13 date 2002.10.13.04.42.12; author hubertf; state Exp; branches 1.13.2.1; next 1.12; 1.12 date 2002.07.15.14.41.26; author wiz; state Exp; branches; next 1.11; 1.11 date 2002.04.10.22.01.10; author rh; state Exp; branches; next 1.10; 1.10 date 2002.04.02.21.34.08; author rh; state Exp; branches; next 1.9; 1.9 date 2002.03.13.08.28.23; author jmc; state Exp; branches; next 1.8; 1.8 date 2001.12.02.14.43.49; author kleink; state Exp; branches; next 1.7; 1.7 date 2001.11.28.13.44.51; author kleink; state Exp; branches; next 1.6; 1.6 date 2001.11.07.03.03.05; author hubertf; state Exp; branches; next 1.5; 1.5 date 2001.08.22.18.07.50; author hubertf; state Exp; branches; next 1.4; 1.4 date 2001.08.22.10.31.07; author wiz; state Exp; branches; next 1.3; 1.3 date 2001.08.03.06.35.11; author itojun; state Exp; branches; next 1.2; 1.2 date 2001.04.21.11.23.33; author wiz; state Exp; branches; next 1.1; 1.1 date 2001.04.17.11.53.36; author agc; state Exp; branches; next ; 1.42.2.1 date 2008.05.26.07.50.33; author rtr; state Exp; branches; next ; 1.34.2.1 date 2006.06.06.23.46.35; author salo; state Exp; branches; next ; 1.32.2.1 date 2006.03.11.03.35.58; author snj; state Exp; branches; next ; 1.30.2.1 date 2005.10.24.00.05.11; author seb; state Exp; branches; next ; 1.23.2.1 date 2005.02.04.08.02.38; author salo; state Exp; branches; next ; 1.13.2.1 date 2003.03.07.07.46.51; author jmc; state Exp; branches; next 1.13.2.2; 1.13.2.2 date 2003.04.16.15.44.29; author grant; state Exp; branches; next 1.13.2.3; 1.13.2.3 date 2003.04.20.10.00.26; author grant; state Exp; branches; next ; desc @@ 1.54 log @ net: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Not committed (merge conflicts...): net/radsecproxy/distinfo The following distfiles could not be fetched (fetched conditionally?): ./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz ./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch ./net/djbdns/distinfo djbdns-1.05-test28.diff.xz ./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch ./net/djbdns/distinfo djbdns-1.05-multiip.diff ./net/djbdns/distinfo djbdns-cachestats.patch @ text @$NetBSD: distinfo,v 1.53 2021/10/07 14:42:48 nia Exp $ BLAKE2s (snort-2.9.16.1.tar.gz) = b16ef3efa589cb5a934af44d85965dcfb57bb93132263b16e21f47d6529e9c72 SHA512 (snort-2.9.16.1.tar.gz) = 9462bd38a032c96298a6b6abea8502dadbab53f6f5163b90abb9ae247262c0e76afdeef31748a6bbd216a7c9d65d14e18b7096865135d88087ea27cc32596155 Size (snort-2.9.16.1.tar.gz) = 6947960 bytes SHA1 (patch-src_dynamic-preprocessors_appid_service__plugins_service__rpc.c) = 73ba0e37d37cc919957d4bb5b660a581bc6af9a2 SHA1 (patch-src_target-based_sftarget__reader.c) = 60f053d990af6329e48a1a26c89d9c4a59a0ffce @ 1.53 log @net: Remove SHA1 hashes for distfiles @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.52 2020/10/01 19:45:02 nils Exp $ d3 1 a3 1 RMD160 (snort-2.9.16.1.tar.gz) = 0716e9647d86d56d82761b0ffc6e491dcd4985a0 @ 1.52 log @Updated net/snort to version 2.9.16.1. Upstream changelog from 2.9.15.1 to 2.9.16 : * src/preprocessors/Stream6/snort_stream_tcp.c : Addressed an issue when out-of-order FIN is received by dropping it. * src/output-plugins/spo_unified2.c, src/preprocessors/Stream6/snort_stream_tcp.c : Fixed an issue in which xtradata is not added to the alert in unified file. * src/reload.c, src/snort.c : Fixed potential race condition between reload and exit path (main thread). * etc/file_magic.conf : Updated the file magic to detect ALZ file types. * src/sfutil/sf_ip.h : Added support for gcc version 9.2.1. * src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c : Fixed an issue in which APPID returns no match. * src/dynamic-preprocessors/dcerpc2/sf_dce2.vcxproj, src/dynamic-preprocessors/dnp3/sf_dnp3.vcxproj, src/dynamic-preprocessors/dns/sf_dns.vcxproj, src/dynamic-preprocessors/dynamic_preprocessors.vcxproj, src/dynamic-preprocessors/ftptelnet/sf_ftptelnet.vcxproj, src/dynamic-preprocessors/gtp/sf_gtp.vcxproj, src/dynamic-preprocessors/imap/sf_imap.vcxproj, src/dynamic-preprocessors/libs/sfdynamic_preproc_libs.vcxproj, src/dynamic-preprocessors/modbus/sf_modbus.vcxproj, src/dynamic-preprocessors/pop/sf_pop.vcxproj, src/dynamic-preprocessors/reputation/sf_reputation.vcxproj, src/dynamic-preprocessors/sdf/sf_sdf.vcxproj, src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.vcxproj, src/dynamic-preprocessors/sip/sf_sip.vcxproj, src/dynamic-preprocessors/smtp/sf_smtp.vcxproj, src/dynamic-preprocessors/ssh/sf_ssh.vcxproj, src/dynamic-preprocessors/ssl/sf_ssl.vcxproj, src/win32/WIN32-Prj/build_all.vcxproj, src/win32/WIN32-Prj/sf_engine.vcxproj, src/win32/WIN32-Prj/sf_engine_initialize.vcxproj, src/win32/WIN32-Prj/snort.vcxproj, src/win32/WIN32-Prj/snort_initialize.vcxproj, src/win32/WIN32-Prj/snort_installer_x64.nsi, src/win32/WIN32-Prj/snort_x64.dsw, src/win64/WIN64-Libraries/Packet.lib, src/win64/WIN64-Libraries/libdnet/dnet.lib, src/win64/WIN64-Libraries/pcre.lib, src/win64/WIN64-Libraries/wpcap.lib, src/win64/WIN64-Libraries/zlib.lib, tools/u2spewfoo/u2spewfoo.vcxproj : Added 64-bit support for Windows 10 operating system. * src/dynamic-preprocessors/pop/snort_pop.c : Fixed an issue where POP preprocessor was not generating alert in some cases. * src/dynamic-preprocessors/gtp/gtp_parser.c : Fixed the alerting logic for GTP v2 with missing TEID. * src/preprocessors/HttpInspect/utils/hi_paf.c : Fixed file policy not working with character prefix in chunk size. * configure.in, src/reload.c, src/side-channel/sidechannel.c, src/snort.c, src/target-based/sftarget_reader.c, src/util.h : Added support for glibc version 2.30. * src/decode.h, src/dynamic-plugins/sf_engine/sf_snort_packet.h, src/preprocessors/HttpInspect/utils/hi_paf.c, src/preprocessors/Stream6/snort_stream_tcp.c, src/preprocessors/Stream6/stream_paf.c, src/preprocessors/snort_httpinspect.c, src/preprocessors/snort_httpinspect.h, src/preprocessors/stream_api.h : Added support for early inspection of HTTP payload before flushing in pre-ack mode. * src/file-process/file_api.h, src/file-process/file_service.c, src/preprocessors/HttpInspect/include/hi_norm.h, src/preprocessors/HttpInspect/include/hi_ui_config.h, src/preprocessors/HttpInspect/server/hi_server_norm.c, src/preprocessors/snort_httpinspect.c : Normalize randomly encoded nulls interspersed in the HTTP server response to UTF-8. Upstream changelog from 2.9.16 to 2.9.16.1 : * src/dynamic-preprocessors/appid/appIdConfig.h, src/dynamic-preprocessors/appid/appInfoTable.c, src/dynamic-preprocessors/appid/flow.h, src/dynamic-preprocessors/appid/fw_appid.c : Added packet counters to make sure flows with one-way data don't pend forever. * src/detection-plugins/sp_flowbits.c, src/snort.c : Fixed potential race condition between reload and exit path. * src/detection-plugins/sp_session.c, src/preprocessors/Stream6/stream_paf.h, src/sfutil/util_jsnorm.c : Added support for GCC version 10.1.1. Pkgsrc changes : * added patch for NetBSD to get the definition for endrpcent(), which fixes compilation * snort now depends on bash since a bundled tool is a bash shell script * some pkglint compliance changes in Makefile and options.mk @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.51 2020/02/18 23:00:26 sevan Exp $ a2 1 SHA1 (snort-2.9.16.1.tar.gz) = cbee25cd793f40eddb72ff7b2cf4d2025a7df43d @ 1.51 log @Update to Snort 2.9.15.1 2019-12-15 - Snort 2.9.15.1 New Additions Added support for glibc version 2.30. Improvements/Fix Fixed Snort core seen during SSL re-configuration. Fixed file access issues on files from SMB share. Snort 2.9.15.0 New Additions Added new debugs to print detection, file_processing and Preproc time consumption info and verdict. Added support to detect new Korean file formats .egg and .alg in the file preprocessor. Added support to detect new RAR file-type in the file preprocessor. Improvements / Fix Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets. Fix to whitelist FTP data sessions when no file policy exists. Fix RTF file magic to a more generic value to prevent evasions. Added debug logs during HTTP reload. Added rule SID check during validation. Fix an issue where HTTP was processing non-HTTP traffic on port 443. Added new debugs to print detection, file processing, and Prepro time consumption info and verdicts. Snort 2.9.14.1 [*] New Additions * Added support for wild card port numbers in host cache and overwriting port service AppId. * Added support for new STLS client patterns to help better detect POP3S over SSL. * Added support for detecting Mac based SMTP Microsoft Outlook client application. * Added a new preprocessor alert 120:27 to alert if there is no proper end of header. [*] Improvements / Fix * Improved appId detection for proxied traffic. * Fix for enabling flow profiling mode without restarting snort detection engine. * Fixed packet drop scenario. Snort 2.9.13.0 New Additions Snort now supports reload on snort rules update. Addition of a scenario to add a packet to blacklist verdict to ensure the new session will be allowed. Handled a new pre-processor alert in case of the improper end of t HTTP header. Improvements Modified the calculation of file hash for FTP/HTTP with offset values. Fixed portal authentication connection stuck in half closed state. Updated UDP global timeout for a non-standard port. This release also patched the following two vulnerabilities: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort Snort 2.9.12.0 New Additions Parsing HTTP CONNECT to extract the tunnel IP and port information. Alerting and dechunking for chunked encoding in HTTP1.0 request and response. Improvements Fixed an issue where, if we have a junk line before HTTP response header, the header was wrongly parsed. Fixed GZIP evasions where an HTTP response with content-encoding:gzip contains a body that has a GZIP-related anomaly. Fixed an issue in certain scenarios where a BitTorrent pattern is seen only on the third packet of the session, causing us to miss our client detection. SMB improvements for file detection and processing. 2017-12-06 - Snort 2.9.11.1 New Additions Added support to block portscan. In addition to tracking the scanning packets, action(drop/sdrop/reject) will be taken for all the packets, which means Snort will block the packet and generate logs. Added support to re-evaluate reputation after reputation update for all flows except those that have already been blacklisted. Improvements Fixed issue to detect RTP up to two SSRC switches in each traffic direction. Fixed issues related to HTTP POST header flushing, calling file processing directly if it is not a multipart header and changes to avoid expensive copy of segment data by not splitting them when flushing headers. Fixed issue of triggering protocol sweep alert when there are multiple destinations from single source ip protocol scan. Added changes to fix IP portscan for protocol other than ICMP and fixed issue of bad fragment size event not being generated for oversized packets. Added changes to use raw data in case of PDF and SWF files during file processing for SHA calculation and Malware Cloud Lookup. Fixed issue of correct session matching for TCP SYN packets without window scale option so that FTP data channels match the same rule as FTP control channels. Fixed issue of applying new configuration in file inspection after Snort reload. Snort 2.9.11 [*] New additions Changes to eliminate Snort restart when there are changes to the memory allocated for preprocessors, by releasing unused or least recently used memory when needed. Added support for storing filenames in Unicode for SMB protocol. Added implementation of hostPortCache versioning for unknown flows in AppID to detect and block BitTorrent. [*] Improvements Enhanced RTSP metadata parsing to match the user-agent field to detect RTSP traffic over Windows Media. Performance improvement when SYN rate limit has reached and drop is configured as next action Control-socket and side-channel support for FreeBSD platform. Fixed issue in file signature lookup for retransmitted FTP packet. Enhanced the processing of SIP/RTP future flows without ignoring them. Changes made in PDF/SWF decompression by adding boundary to the size of the decompressed data. Added a null check to prevent copy unless debugHostIp is configured in AppId. Fixed issue where FTP file type block doesn't work for retried download. Resolved issue where Snort is inappropriately handling traffic for which AppId was creating future flow. Performance improvements for SIP/RTP audio and video data flow in AppId. Performance and stability improvements in FTP preprocessor like incorrect referencing of ftp_data_session after its pruned. Stability improvement by resolving valgrind reported issues in AppId. Improved flushing mechanism for HTTP POST header. Added changes to display AppId for IPv6 unified events. Fixed issues with printing of messages for out-of-order packets. Fixed issue in increment of detection filter counter when rule is used in multiple configurations. Fixed dynamic preprocessor compilation failure in OpenBSD platform. Added changes to improve performance of ipvar list comparison. Enhanced SMTP client detection by allowing line folding and all authentication methods. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.50 2017/06/15 18:27:50 nils Exp $ d3 5 a7 4 SHA1 (snort-2.9.15.1.tar.gz) = dc8c89125c27153ffd69f27fbd60b95b9d1cbfe0 RMD160 (snort-2.9.15.1.tar.gz) = 10ed066819c6021367245f59598509aeaeaef197 SHA512 (snort-2.9.15.1.tar.gz) = 9940f5bcdcf04823f9cb5c3f8efda72f98f6a47bce9f40399dec9ec41d23a386c7f7e44861d82368de31546123b920f9fc617197bbf9c5e750724bf8b9e19590 Size (snort-2.9.15.1.tar.gz) = 6618999 bytes @ 1.50 log @Upgraded to version 2.9.9.0. This is a HUGE bump, so look at the changelog on the Snort website ! For example, Snort does not natively handle MySQL anymore. As for the pkgsrc changes : - updated deps (net/daq) ; - updated config files ; - updated MASTER_SITE ; - some substitution to handle pkgsrc paths ; - updated compile options. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.48 2013/02/22 12:05:34 jperkin Exp $ d3 5 a7 5 SHA1 (snort-2.9.9.0.tar.gz) = c522b6130655e0d12299af6fd1a613b20259b4e3 RMD160 (snort-2.9.9.0.tar.gz) = cfe3f7bb4203411e40376607c6bd1ee1fe7c4f84 SHA512 (snort-2.9.9.0.tar.gz) = 2c17539c80484c90198a2e5d5efd1e70f26afb79ce7c28e745ded356b6f1a1f97763ff21fde986652af1768fa3bcdafbbcc3c82ee8ad6d2ef0471f360cfcab83 Size (snort-2.9.9.0.tar.gz) = 6364482 bytes SHA1 (patch-src_target-based_sftarget__reader.c) = c0f4bde7a1a0fa00e4efecf26eb579cc2b1cb2ee @ 1.49 log @Add SHA512 digests for distfiles for net category Problems found with existing digests: Package haproxy distfile haproxy-1.5.14.tar.gz 159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded] da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated] Problems found locating distfiles: Package bsddip: missing distfile bsddip-1.02.tar.Z Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2 Package djbdns: missing distfile djbdns-cachestats.patch Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch Package gated: missing distfile gated-3-5-11.tar.gz Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz Package poink: missing distfile poink-1.6.tar.gz Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch Package waste: missing distfile waste-source.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail. @ text @d3 4 a6 12 SHA1 (snort-2.8.5.1.tar.gz) = b971052cdd4b3527a0603854953103fe9ad8a45b RMD160 (snort-2.8.5.1.tar.gz) = fbfab45f1d7d815516043592eab8cf1cc6ec93d0 SHA512 (snort-2.8.5.1.tar.gz) = c152d01c6548a3260018686e4f6f3817c6818582500da8be7bb07cd54947ede03b41af19db6a6a45be14f86729511bd96a8d1740e0d8dded4ed4703dad4b4906 Size (snort-2.8.5.1.tar.gz) = 4715078 bytes SHA1 (patch-aa) = 3e59b984e5cb21f3fc12e07cdd0560f7cab4f2eb SHA1 (patch-ab) = 0ea7deb91de5d3d68558a30e80dcbd8bd81f8a5e SHA1 (patch-ac) = 95e08ebd8a57295540923a49c54177e81ec601c5 SHA1 (patch-ad) = d4bf1dee02af1f1730263a78a868bbdae5d8846d SHA1 (patch-ae) = ca74cfab6d9010d037a1e72e7c39b7982888c476 SHA1 (patch-af) = 03df09e853819816034109429762a3bb01b59fb0 SHA1 (patch-ag) = 1dfcb56284528b307f44d911f84f64832d907139 SHA1 (patch-ah) = 1dee26c42c30e60be83a5e574183f2394d23e340 @ 1.48 log @Sun's ar needs at least one symbol in a library. Fixes SunOS build. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.47 2011/04/01 16:48:36 gdt Exp $ d5 1 @ 1.47 log @Update to 2.8.5.1, to resolve a security issue. Upstream NEWS is weak; release notes for 2.8.5.1 follow. [*] Improvements * Fixed syslog output when running on Windows. * Fixed potential segfault when printing IPv6 packets using the -v option. Thanks to Laurent Gaffie for reporting this issue. * Fixed segfault when additional policies were added during a configuration reload. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.46 2008/10/25 18:35:19 adrianp Exp $ d14 1 @ 1.46 log @Update to 2.8.3.1 * Update rule latency thresholding * The flow and stream4 preprocessors will be deprecated in a future release. * DCE/RPC preprocessor changes to handle abnormal TCP segmentation. Added option to reassemble fragmentation buffers early. Updated documentation. * Fixed handling of MPLS label in checking Stream session uniqueness when IPv4 packets are received and build is IPv6. See the ChangeLog for all the details @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.45 2008/08/03 19:30:16 adrianp Exp $ d3 4 a6 4 SHA1 (snort-2.8.3.1.tar.gz) = 384203f68e2000c490bbc5a5a2724b0b74d10e74 RMD160 (snort-2.8.3.1.tar.gz) = 53ab2df684ba327718d3dac1c8efa21c3ae05248 Size (snort-2.8.3.1.tar.gz) = 4309333 bytes SHA1 (patch-aa) = 4fe3bb6a40aea972249e4b21b7142b548c761978 d8 1 a8 1 SHA1 (patch-ac) = 6cdf26fcaeb8dad9cd9562b77377bd56b49c9f38 d11 1 a11 1 SHA1 (patch-af) = ce5129f0337514c9a2a9a482e2f1ed9a405112ec @ 1.45 log @Set MAKE_JOBS_SAFE=NO Fix non-priv'ed builds which should fix PR 39260 2008-07-24 - Snort 2.8.2.2 [*] Improvements * Fix issue with evaluating PCRE rule options with /U modifier that are followed by a relative content rule option. * Fix issue with dsize range check. 2008-06-12 - Snort 2.8.2.1 [*] Improvements * Fix support for pass rules that sometimes did not take precedence over alert and/or drop rules. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.44 2008/06/21 21:44:21 joerg Exp $ d3 3 a5 3 SHA1 (snort-2.8.2.2.tar.gz) = a361cf796a425d3217ad0bfb860f0ec80098ed58 RMD160 (snort-2.8.2.2.tar.gz) = 965fb3caa1e4962e4d3ac361d1cdf1f5b20fb025 Size (snort-2.8.2.2.tar.gz) = 4374606 bytes @ 1.44 log @Use stdbool.h instead of defining bool manually. Fixes issues e.g. on NetBSD where bool is defined by system headers. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.43 2008/05/25 23:49:07 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.8.1.tar.gz) = 1551ffc7bf60f5330304f3f222fa4f7c4929f5c5 RMD160 (snort-2.8.1.tar.gz) = cb7cc76c07abbfdddcb4b3a5b5fc39371faf0a0c Size (snort-2.8.1.tar.gz) = 4320384 bytes @ 1.43 log @Update to 2.8.1 Includes fix for CVE-2008-1804 [*] New Additions * Target-Based support to allow rules to use an attribute table describing services running on various hosts on the network. Eliminates reliance on port-based rules. * Support for GRE encapsulation for both IPv4 & IPv6. * Support for IP over IP tunneling for both IPv4 & IPv6. * SSL preprocessor to allow ability to not inspect encrypted traffic. * Ability to read mulitple PCAPs from the command line. * Support for new CVS rule detection options. [*] Improvements * Update to HTTP Inspect to identify overly long HTTP header fields. * Updates to IPv6 support, including changes to avoid namespace conflicts for certain Operating systems. * Updates to address issues seen on various Sparc platforms. * Stricter enforcement of shared object versions to avoid API conflicts. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.42 2008/01/06 00:28:44 adrianp Exp $ d12 2 @ 1.42 log @Update to 2.8.0.1 [*] Improvements * Updates to build with new versions of libPCRE. * Fix Stream5 debugging output to actually compile and have correct output for normal & IPv6 enabled builds. * Correct perfmonitor statistic calculation for pattern matcher percentage. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.41 2007/10/21 00:22:53 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.8.0.1.tar.gz) = b3b45fa6d50372f6587cd776af43b41525119630 RMD160 (snort-2.8.0.1.tar.gz) = a0b0bec2f7cca0d47a598708bbfc69cacaf44a12 Size (snort-2.8.0.1.tar.gz) = 4331731 bytes @ 1.42.2.1 log @pullup ticket #2398 - requested by adrianp snort: update for fixes & security vulnerability revisions pulled up: - pkgsrc/net/snort/Makefile 1.37 - pkgsrc/net/snort/PLIST 1.27 - pkgsrc/net/snort/distinfo 1.43 Module Name: pkgsrc Committed By: adrianp Date: Sun May 25 23:49:07 UTC 2008 Modified Files: pkgsrc/net/snort: Makefile PLIST distinfo Log Message: Update to 2.8.1 Includes fix for CVE-2008-1804 [*] New Additions * Target-Based support to allow rules to use an attribute table describing services running on various hosts on the network. Eliminates reliance on port-based rules. * Support for GRE encapsulation for both IPv4 & IPv6. * Support for IP over IP tunneling for both IPv4 & IPv6. * SSL preprocessor to allow ability to not inspect encrypted traffic. * Ability to read mulitple PCAPs from the command line. * Support for new CVS rule detection options. [*] Improvements * Update to HTTP Inspect to identify overly long HTTP header fields. * Updates to IPv6 support, including changes to avoid namespace conflicts for certain Operating systems. * Updates to address issues seen on various Sparc platforms. * Stricter enforcement of shared object versions to avoid API conflicts. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.42 2008/01/06 00:28:44 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.8.1.tar.gz) = 1551ffc7bf60f5330304f3f222fa4f7c4929f5c5 RMD160 (snort-2.8.1.tar.gz) = cb7cc76c07abbfdddcb4b3a5b5fc39371faf0a0c Size (snort-2.8.1.tar.gz) = 4320384 bytes @ 1.41 log @Update to 2.8.0 * Port lists * IPv6 support * Packet performance monitoring * Experimental support for target-based stream and IP frag reassembly * Ability to take actions on preprocessor events * Detection for TCP session hijacking based on MAC address * Unified2 output plugin * Improved performance and detection capabilities @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.40 2007/08/20 20:28:18 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.8.0.tar.gz) = f07b84a0872d861006b56a8c6a79a60308dd68b4 RMD160 (snort-2.8.0.tar.gz) = dac36a4a1fda60b66ccdc5c774ab61aaa0f6c8a8 Size (snort-2.8.0.tar.gz) = 4278872 bytes @ 1.40 log @Update to 2.7.0.1 Fixed header files to avoid conflicts with system files on BSD for IPv6 data structures. Added code to prevent URI-related alerts from firing when the body is being normalized. Make Stream5 the default stream engine. Add alert for multiple GRE encapsulations. Added ability for Snort to track fragmented ICMPv6 to check for the remote BSD exploit (Bugtraq ID 22901, CVE-2007-1365). Code cleanup, change malloc/calloc to SnortAlloc, use safer functions SnortSnprintf, SnortStrncpy, etc. Check pointers before use. Additional updates for bounds checking. And many more . . . check the ChangeLog for all the details @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.39 2007/05/18 22:20:10 adrianp Exp $ d3 4 a6 4 SHA1 (snort-2.7.0.1.tar.gz) = 9b751a73c611126c32e2dccd0a0e99aaff4e9653 RMD160 (snort-2.7.0.1.tar.gz) = c88b71231bfa65e2c1eabd8931f4d6121e92a26a Size (snort-2.7.0.1.tar.gz) = 3905846 bytes SHA1 (patch-aa) = 978f49b2c297305330f0a1c8b9224dab702078bb d10 1 a10 1 SHA1 (patch-ae) = 4a669e664ccbce2b9e689fe3d281c46f6549b72c @ 1.39 log @Update to 2.6.1.5 Snort v2.6.1.5 includes: * A new http_post rule keyword used to search for content in normalized HTTP posts * A fix for a potential memory leak when generating HTTP Inspection events Snort v2.6.1.4 includes detection functionality for a BSD IPv6 fragmentation overflow, and addresses a number of potential security-related issues in Snort as reported by customers, uncovered by internal investigations, and through third-party code audits. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.38 2007/02/20 17:29:36 joerg Exp $ d3 4 a6 4 SHA1 (snort-2.6.1.5.tar.gz) = 14e65990f70dab4e740e0b8116c671364d3ca8c4 RMD160 (snort-2.6.1.5.tar.gz) = 2a21bf1dfef13e4e73c575d43f57eb57ec6b0120 Size (snort-2.6.1.5.tar.gz) = 3725149 bytes SHA1 (patch-aa) = e5562b4f6e268afea81c19ba5d685d8cdfdc3405 @ 1.38 log @Kill an useless, unportable check. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.37 2007/02/19 19:40:35 adrianp Exp $ d3 4 a6 4 SHA1 (snort-2.6.1.3.tar.gz) = cb944d74ab6c254f88d356d45e4492ba560dfc3c RMD160 (snort-2.6.1.3.tar.gz) = 0c390bd7cdbe705ba43ce8c8894bfec53c3179f6 Size (snort-2.6.1.3.tar.gz) = 3700149 bytes SHA1 (patch-aa) = 0ab8a524a1e78545cb2f6875cc1da7d0e848b3cd d11 1 a11 1 SHA1 (patch-af) = 0480c59f59a616148002732dae8364425f892069 @ 1.37 log @Update to 2.6.1.3 * src/dynamic-preprocessors/Makefile.am: * src/dynamic-preprocessors/dcerpc/smb_andx_decode.c: * src/dynamic-preprocessors/dcerpc/dcerpc.c: Add bounds checking to ReassembleSMBWriteX; use Safememcpy for calculated length buffer copies. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.36 2007/02/17 19:08:06 adrianp Exp $ d11 1 @ 1.36 log @Update to snort 2.6.1.2 2.6.1 provides new functionality including the following: * New pattern matcher with a significantly reduced memory footprint * Introduction of stream5 for experimental use * Improvements to stream4, including UDP session tracking and optimizations for the reassembly buffer * Handling for reassembly of SMB fragmented data in DCE/RPC * An ssh preprocessor for experimental use * Updated Snort decoder that can decode GRE encapsulated packets * Output plugin to allow Snort to configure Aruba access control Snort 2.6.0: * Tcp stream properly reassembled after failed sequence check, which may lead to possible detection evasion. * Added configurable stream flushpoints. * Improved rpc processing. * Improved portscan detection. * Improved http request processing and handling of possible evasion cases. * Improved performance monitoring. The Snort 2.6 release also introduces the ability to use dynamic rules and dynamic preprocessors and contains further improvements to the Snort detection engine. Remove snort-{pgsql,mysql,prelude}. The new snort package uses options.mk to specify build options. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.35 2006/06/06 18:51:52 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.6.1.2.tar.gz) = 745f56806a0bae128a5c93c93c5eda9a4b80f593 RMD160 (snort-2.6.1.2.tar.gz) = bd0ce3a4629a6e594a5f24723254e85d36597d04 Size (snort-2.6.1.2.tar.gz) = 3511538 bytes @ 1.35 log @Update to 2.4.5 These releases have better performance, numerous new features and incorporate many bug fixes. Notable bug fixes and improvements include: * Tcp stream properly reassembled after failed sequence check, which may lead to possible detection evasion. * Added configurable stream flushpoints. * Improved rpc processing. * Improved portscan detection. * Improved http request processing and handling of possible evasion cases. * Improved performance monitoring. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.34 2006/03/09 09:37:44 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.4.5.tar.gz) = 3ba7dae8058aecf4e4eb1c7a816a7c8a4fb7c550 RMD160 (snort-2.4.5.tar.gz) = 1b697ccd84e1c10406ac20ccc0c46f79ea661e11 Size (snort-2.4.5.tar.gz) = 2817837 bytes d9 1 @ 1.34 log @Update to 2.4.4 This includes the fix for: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0839 > +2006-02-20 Steven Sturges > + * src/preprocessors/spp_frag3.c: > + * configure.in: > + Fix ip options handling. Thanks to Vyacheslav Burdjanadze for > + finding the issue. > + > +2006-01-09 Steven Sturges > + * src/sfutil/mwm.c: > + Fixed bug with multiple recurring patterns in Wu-Manbher implementation. > + Thanks to Evan Stawnyczy for pointing it out an Marc Norton for the > + fix. > + * src/parser/IpAddrSet.c: > + Fixed problem with parsing conf file and rules when DNS is not working. > + Thanks Martin Olsson for mentioning this and testing the fix. > + * src/preprocessors/spp_perfmonitor.c: > + * src/preprocessors/perf-base.c: > + Handle wrapping on 64-bit platforms > + > +2005-11-17 Andrew Mullican > + * src/sfutil/sfxhash.c: > + * src/preprocessors/portscan.c: > + Add tracker without using bogus data, to avoid internal buffer overrun. > + Thanks Sandro Poppi for the find. > + > +2005-11-11 Steven Sturges > + * src/snort.c: > + Allow value of 0 to be used with -G flag > + * src/preprocessors/spp_bo.c: > + Code Cleanup > + * src/preprocessors/spp_frag3.c: > + Fix memory leak and mishandling of IP Options. Thanks Yin > + Zhaohui for the find. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.33 2006/02/16 20:45:51 joerg Exp $ d3 3 a5 3 SHA1 (snort-2.4.4.tar.gz) = 80783bfae2854c8cb9d604747251ba584522a053 RMD160 (snort-2.4.4.tar.gz) = 5c0ff9aafdb083438cb10e82bdcdba43f806f86e Size (snort-2.4.4.tar.gz) = 2825187 bytes @ 1.34.2.1 log @Pullup ticket 1688 - requested by adrianp security update for snort Revisions pulled up: - pkgsrc/net/snort/Makefile.common 1.35 - pkgsrc/net/snort/distinfo 1.35 Module Name: pkgsrc Committed By: adrianp Date: Tue Jun 6 18:51:52 UTC 2006 Modified Files: pkgsrc/net/snort: Makefile.common distinfo Log Message: Update to 2.4.5 These releases have better performance, numerous new features and incorporate many bug fixes. Notable bug fixes and improvements include: * Tcp stream properly reassembled after failed sequence check, which may lead to possible detection evasion. * Added configurable stream flushpoints. * Improved rpc processing. * Improved portscan detection. * Improved http request processing and handling of possible evasion cases. * Improved performance monitoring. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.35 2006/06/06 18:51:52 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.4.5.tar.gz) = 3ba7dae8058aecf4e4eb1c7a816a7c8a4fb7c550 RMD160 (snort-2.4.5.tar.gz) = 1b697ccd84e1c10406ac20ccc0c46f79ea661e11 Size (snort-2.4.5.tar.gz) = 2817837 bytes @ 1.33 log @Fix errno. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.32 2005/10/18 15:15:04 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.4.3.tar.gz) = 5b38b558b73252c048f23dba2499bcd902ebdd9e RMD160 (snort-2.4.3.tar.gz) = 1cba0a9d843da1cfa8c8dbaae5b18a16574cb7d2 Size (snort-2.4.3.tar.gz) = 2733590 bytes @ 1.32 log @Update to snort 2.4.3 - Fixed potential buffer overflow in BackOrifice preprocessor and added an alert on attempt to overflow buffer in snort. Thanks Andy Mullican for the fix. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.31 2005/10/11 20:53:22 adrianp Exp $ d6 1 a6 1 SHA1 (patch-aa) = f8cd982f2fbc5ed828bf021a489097408f1c9d43 @ 1.32.2.1 log @Pullup ticket 1212 - requested by Adrian Portelli security update for snort Revisions pulled up: - pkgsrc/net/snort/distinfo 1.33, 1.34 - pkgsrc/net/snort/patches/patch-aa 1.13 - pkgsrc/net/snort/Makefile.common 1.32 Module Name: pkgsrc Committed By: joerg Date: Thu Feb 16 20:45:52 UTC 2006 Modified Files: pkgsrc/net/snort: distinfo pkgsrc/net/snort/patches: patch-aa Log Message: Fix errno. --- Module Name: pkgsrc Committed By: adrianp Date: Thu Mar 9 09:37:44 UTC 2006 Modified Files: pkgsrc/net/snort: Makefile.common distinfo Log Message: Update to 2.4.4 This includes the fix for: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0839 > +2006-02-20 Steven Sturges > + * src/preprocessors/spp_frag3.c: > + * configure.in: > + Fix ip options handling. Thanks to Vyacheslav Burdjanadze for > + finding the issue. > + > +2006-01-09 Steven Sturges > + * src/sfutil/mwm.c: > + Fixed bug with multiple recurring patterns in Wu-Manbher > + implementation. > + Thanks to Evan Stawnyczy for pointing it out an Marc Norton for > + the fix. > + * src/parser/IpAddrSet.c: > + Fixed problem with parsing conf file and rules when DNS is not > + working. > + Thanks Martin Olsson for mentioning this and testing the fix. > + * src/preprocessors/spp_perfmonitor.c: > + * src/preprocessors/perf-base.c: > + Handle wrapping on 64-bit platforms > + > +2005-11-17 Andrew Mullican > + * src/sfutil/sfxhash.c: > + * src/preprocessors/portscan.c: > + Add tracker without using bogus data, to avoid internal buffer > + overrun. > + Thanks Sandro Poppi for the find. > + > +2005-11-11 Steven Sturges > + * src/snort.c: > + Allow value of 0 to be used with -G flag > + * src/preprocessors/spp_bo.c: > + Code Cleanup > + * src/preprocessors/spp_frag3.c: > + Fix memory leak and mishandling of IP Options. Thanks Yin > + Zhaohui for the find. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.32 2005/10/18 15:15:04 adrianp Exp $ d3 4 a6 4 SHA1 (snort-2.4.4.tar.gz) = 80783bfae2854c8cb9d604747251ba584522a053 RMD160 (snort-2.4.4.tar.gz) = 5c0ff9aafdb083438cb10e82bdcdba43f806f86e Size (snort-2.4.4.tar.gz) = 2825187 bytes SHA1 (patch-aa) = 0ab8a524a1e78545cb2f6875cc1da7d0e848b3cd @ 1.31 log @Update to 2.4.2 - don't try to actually open the log file when in test mode - Fixes to address schema being a keyword in MySQL 5.0 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.30 2005/09/20 18:01:26 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.4.2.tar.gz) = ce770b4c2ab8b501509e7fa82e3bed2c389e6835 RMD160 (snort-2.4.2.tar.gz) = 76b2c40f31fdeca20ff42a7ff732024dc25aa62b Size (snort-2.4.2.tar.gz) = 2785710 bytes @ 1.30 log @Update snort to 2.4.1 From the ChangeLog: > 2005-09-16 - Snort 2.4.1 Released > [*] New additions > * Added a -K command line option to manually select the logging mode using > a single switch. The -b and -N switches will be deprecated in version > 2.7. Pcap logging is now the default for Snort at startup, use "-K ascii" > to revert to old behavior. > > [*] Improvements > * Win32 version now supports winpcap 3.1 and MySQL client 4.13. > * Added event on zero-length RPC fragments. > * Fixed TCP SACK processing for text based outputs that could result in a > DoS. > * General improvements to frag3 including Teardrop detection fix. > * Fixed a bug in the PPPoE decoder. > * Added patch for time stats from Bill Parker. Enable with configure > --enable-timestats. > * Fixed IDS mode bailing at startup if logdir is specified in snort.conf > and /var/log/snort doesn't exist. > * Added decoder for IPEnc for OpenBSD. Thanks Jason Ish for the patch > (long time ago) and Chris Kuethe for reraising the issue. > * Allow snort to use usernames (-u) and groupnames (-g) that include > numbers. Thanks to Shaick for the patch. > * Fixed broken -T option. > * Change ip_proto to ip for portscan configuration. Thanks David Bianco > for pointing this out. > * Fix for prelude initialization. Thanks Yoann Vandoorselaere for the > update. > * For content matches, when subsequent rule options fail, start searching > again in correct location. > * Updated Win32 to handle pflog patch. > * Added support for new OpenBSD pflog format. Older pflog format, > OpenBSD 3.3 and earlier is still supported. Thanks Breno Leitao > and Christian Reis for the patch. > * Added statistics counter for ETH_LOOPBACK packets. Thanks rmkml > for the patch. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.29 2005/09/14 12:46:52 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.4.1.tar.gz) = 9aa408848ce3c1958e8a1854332800366376f1d6 RMD160 (snort-2.4.1.tar.gz) = d0926557579e5bd0f5e73d749e43412738f823e1 Size (snort-2.4.1.tar.gz) = 2695304 bytes @ 1.30.2.1 log @Pullup ticket 848 - requested by Adrian Portelli sync net/snort with HEAD, including a security update Revisions pulled up: - pkgsrc/net/snort/Makefile.common 1.26, 1.27 - pkgsrc/net/snort/distinfo 1.31, 1.32 Module Name: pkgsrc Committed By: adrianp Date: Tue Oct 11 20:53:22 UTC 2005 Modified Files: pkgsrc/net/snort: Makefile.common distinfo Log Message: Update to 2.4.2 - don't try to actually open the log file when in test mode - Fixes to address schema being a keyword in MySQL 5.0 --- Module Name: pkgsrc Committed By: adrianp Date: Tue Oct 18 15:15:04 UTC 2005 Modified Files: pkgsrc/net/snort: Makefile.common distinfo Log Message: Update to snort 2.4.3 - Fixed potential buffer overflow in BackOrifice preprocessor and added an alert on attempt to overflow buffer in snort. Thanks Andy Mullican for the fix. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.32 2005/10/18 15:15:04 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.4.3.tar.gz) = 5b38b558b73252c048f23dba2499bcd902ebdd9e RMD160 (snort-2.4.3.tar.gz) = 1cba0a9d843da1cfa8c8dbaae5b18a16574cb7d2 Size (snort-2.4.3.tar.gz) = 2733590 bytes @ 1.29 log @Add patch from snort CVS to address a security issue: http://secunia.com/advisories/16786/ Whitespace police on MESSAGE Bump to nb1 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.28 2005/08/13 19:56:47 adrianp Exp $ d3 3 a5 3 SHA1 (snort-2.4.0.tar.gz) = 9fb3fd59a9bb0a4232beece59f21cc4f346545bb RMD160 (snort-2.4.0.tar.gz) = 8a7e602e5ae8f86d8849bdffc2c259668cf0eedc Size (snort-2.4.0.tar.gz) = 2126176 bytes a9 1 SHA1 (patch-af) = ac7f9d6c97c07712a1d2faba0cec2fa0ad1674da @ 1.28 log @Update snort to 2.4.0 If you are using this package make note of the distribution change mentioned below. I have update the MESSAGE to inform users of this and there is now also a net/snort-rules package with the community rules. > [*] Distribution Change > * Rules are no longer distributed as part of the Snort releases, they are > available as a separate download from snort.org. This was done for > three reasons: > 1) To better manage the new rules licensing. > 2) To reduce the size of the engine download. > 3) To move the thousands of documentation files for the rules into > the rules tarballs. If you've ever checked Snort out of CVS you'll > know why this is a Good Thing. > > [*] New additions > * Added new IP defragmentation preprocessor, Frag3. The frag3 preprocessor > is a target-based IP defragmentation module, and is intended as a > replacement for the frag2 module. Check out the README.frag3 for full > info on this new preprocessor. > > * Libprelude support has been added (enable with --enable-prelude). > Thanks Yoann Vandoorselaere! > > * An "ftpbounce" rule detection plugin was added for easier detection of > FTP bounce attacks. > > * Added a new Snort config option, "ignore_ports," to ignore packets > based on port number. This is similar to bpf filters, but done within > snort.conf. > > [*] Improvements > * Snort startup messages printed in syslog now contain a PID before each > entry. Thanks Sekure for initially bringing this up. > > * Stream4: Performance improvements. > > * Stream4: Added 'max_session_limit' option which limits number of > concurrent sessions tracked. Added favor_old/favor_new options that > affect order in which packets are put together for reassembly. > > * Stream4: New configuration options to manage flushpoints for improved > anti-evasion. The flush_behavior option selects flushpoint management > mode. New flush_base, flush_range, and flush_seed manage randomized > flushing. Check out the snort.conf file for full config data on the > new flush options. > > * Added two more alerts for BackOrifice client and server packets. This > allows specific alerts to be suppressed. > > * PerfMon preprocessor updated to include more detailed stats for rebuilt > packets (applayer, wire, fragmented & TCP). Also added 'atexitonly' > option that dumps stats at exit of snort, and command line -Z flag to > specify the file to which stats are logged. > > * Added new Http Inspect config item, "tab_uri_delimiter," which if > specified, lets a tab character (0x09) act as the delimiter for a URI. > > * Added a '-G' command line flag to snort that specifies the Snort > instance log identifier. It takes a single argument that can be either > hex (prefaced with 0x) or decimal. The unified log files will include > the instance ID when the -G flag is used. > > * "Same SRC/DST" (sid 527) and "Loopback Traffic" (sid 528) are now > handled in the IP decoder. Those sids are now considered obsolete. > > * Http_Inspect "flow_depth" option now accepts a -1 value which tells > Snort to ignore all server-side traffic. > > * RPMs have been updated to be more portable, and also now include a > "--with inline" option for those wanting to build Inline RPMs. Thanks > Daniel Wittenberg and JP Vossen for your help! > > * Many, many bug fixes have also gone into this release, please see the > ChangeLog for details. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.27 2005/04/27 18:36:25 adrianp Exp $ d10 1 @ 1.27 log @- Update snort to 2.3.3 - Fix /var => ${VARBASE} - Changes Include: > * Issues with suppressing sfPortscan Open Ports have been fixed. > > * Added a new mini-preprocessor to catch the X-Link2State > vulnerability. This preprocessor can be configured to drop the > offending connection when in Inline-mode. Please read snort.conf or > the snort manual for more details. This preprocessor is enabled by > default in snort.conf. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.26 2005/03/25 18:28:28 adrianp Exp $ d3 4 a6 4 SHA1 (snort-2.3.3.tar.gz) = 6d05c995f0eef5adde9d63157436c0088747d435 RMD160 (snort-2.3.3.tar.gz) = 6bb635df1c62d293d8dd4b2fec55cfa486916908 Size (snort-2.3.3.tar.gz) = 2631270 bytes SHA1 (patch-aa) = 08bbfc795c7db4d06f1a1a887369df2c6b1a0a79 a8 1 SHA1 (patch-ad) = 983317cb82d13de66ac88127d3eea7d3b3186da4 @ 1.26 log @- Update snort from 2.3.0 -> 2.3.2 2005-03-10 - Snort 2.3.2 Released * Removed end-of-line parser fix in favor of completely reworking this at the next parser overhaul. 2005-03-09 - Snort 2.3.1 Released * Fixed issue where the number of flowbits were too small. Thanks Marc Norton for the fix. * Fixed parsing of comments at end of line in config file. In snort.conf, anything that follows a # on a line is considered a comment. Thanks Steve Sturges for the fix. * Fixed alignment issue causing sfPortscan to crash on Solaris/HPUX. Thanks Andy Mullican for the fix. Thanks Senthil Prabu.S and Jonathan Miner for working with us on this. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.25 2005/02/24 12:14:04 agc Exp $ d3 3 a5 3 SHA1 (snort-2.3.2.tar.gz) = 0171d47eb398e5fffa15f36e4d4787ad55808342 RMD160 (snort-2.3.2.tar.gz) = 7928a74fed6fe404f355617b5ec77c72cd821c42 Size (snort-2.3.2.tar.gz) = 2620487 bytes @ 1.25 log @Add RMD160 digests. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2005/01/29 03:27:58 taca Exp $ d3 3 a5 3 SHA1 (snort-2.3.0.tar.gz) = 49defb3abaa312bf54f430bba167f38f20866eb9 RMD160 (snort-2.3.0.tar.gz) = b9793fdcab3bb2c1fbd26b9071db2aa0ce8a2601 Size (snort-2.3.0.tar.gz) = 2633245 bytes @ 1.24 log @Update distinfo for snort-2.3.0. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.23 2004/09/21 15:50:26 adrianp Exp $ d4 1 @ 1.23 log @- Update snort to 2.2.0 - ok'ed snj@@, wiz@@ - Install database scripts which goes a part-way to addressing PR 18996 Updated database schema diagram from Chris Reid. Schema can be found in ./doc/snort_schema_v106.pdf Added --include-pcre* configuration option to help cross compiling. Thanks Erik de Castro Lopo. Fixed thresholding/suppression issue with queuing multiple events per packet. Thanks Andreas Ostling. When a rebuilt stream causes an alert, log out the original packets instead of the rebuilt packet. Thanks sekure@@gmail.com for the report. Turned off http_inspect alerts that were causing false positives in the preset webserver profiles (Thanks Dan Roelker). Turn off encoding alerts in HTTP parameter field. The parameter field is still normalized, it just doesn't alert. This helps reduce alerts that are generated from complex parameter queries (Thanks Dan Roelker). Fixed memory leak in "fast" output. Thanks for your bug report sekure@@gmail.com. Clear error code which under Windows was causing a subsequent false failure in parsing threshold rules. (Thanks to Rich Adamson) Further details can be found in Changelog and RELEASE.NOTES. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.22 2004/07/01 17:10:22 adrianp Exp $ d3 2 a4 2 SHA1 (snort-2.2.0.tar.gz) = 80975f71ac2e6d123b881b60b49e97b96264045d Size (snort-2.2.0.tar.gz) = 2498466 bytes @ 1.23.2.1 log @Pullup ticket 267 - requested by Adrian Portelli security fix for snort Revisions pulled up: - pkgsrc/net/snort/Makefile.common 1.17 - pkgsrc/net/snort/PLIST 1.18 - pkgsrc/net/snort/distinfo 1.24 - pkgsrc/net/snort-mysql/Makefile 1.12 - pkgsrc/net/snort-contrib/DESCR removed - pkgsrc/net/snort-contrib/Makefile removed - pkgsrc/net/snort-contrib/PLIST removed - pkgsrc/net/snort-contrib/distinfo removed Module Name: pkgsrc Committed By: adrianp Date: Fri Jan 28 23:02:41 UTC 2005 Modified Files: pkgsrc/net/snort: Makefile Makefile.common PLIST Log Message: Update to snort 2.3.0 2005-01-25 - Snort 2.3.0 Final Released * Fixed issue with sfPortscan reporting incorrect IP datagram length. Thanks Jon Hart for the test case and finding the bug, and Marc Norton for resolving the issue. * Threshold/Suppression now prints properly when logging to syslog. Thanks Sekure for pointing out the problem. Thanks Steve Sturges for working on the fix. * Threshold memcap argument now correctly handles non-integer input. Thanks nnposter for the patch. * Fixed issue reported by Allan Jensen, where on MacOS X, ppp links were not decoded properly. Thanks Dan Roelker for the fix. * Snort manual and FAQ are updated for 2.3. Thanks Jen Harvey for your work on putting it all together. 2004-12-15 - Snort 2.3.0 RC2 Released * Small performance improvement to arpspoof and also fixed a problem where the list of configured IP/MAC entries would contain only one entry and leaked memory (Jeff Nathan). * Fixed a problem affecting MacOS X where linking may fail with non-standard libraries when global symbols are encountered multiple times (Jeff Nathan). * Ignore RST|ACK midstream pickup case so we don't get an evasive TCP alerts. Thanks for the report, Sekure. Thanks Dan Roelker for the fix. * Moved CheckLogDir() to after parsing snort.conf (for IDS mode) so the logdir config will work if the default or command-line logdir does not exist on the system. Thanks Dan Roelker. * Fixed bug when setting the doe_ptr on a successful pcre match. It is now set relative to base_ptr. Thanks Steve Sturges for the fix. * Added from_beginning and multiplier options for byte_jump. from_beginning skips bytes from the beginning of the content, instead of from the location immediately following the number of bytes to skip. multiplier takes a numeric argument, and skips x times that number of bytes. Thanks again to Steve Sturges. * In "fast" output, now log only actual packet contents when UDP data length is greater than actual data length. Thanks Brian Caswell for spotting this, and Andrew Mullican for working on the fix. * Please check the ChangeLog for further details. 2004-11-18 - Snort 2.3.0 RC1 Released * Added IPS functionality from Snort-Inline. A big thanks to the Snort-Inline guys (Jed Haile, Rob McMillen, William Metcalf, and Victor Julien). Also, Thanks Dan Roelker for doing the integrating of Snort-Inline into the official Snort project. * Added new portscan detector. The design and implementation was headed up by Dan Roelker, and included Marc Norton and Jeremy Hewlett. * Numerous changes for better 64bit Snort support from Jeremy Hewlett and Marc Norton. Additionally, an --enable-64bit-gcc option was added to configure. However, there are still some memory alignment issues to work out before 64bit mode is fully functional, patches are welcomed. Thanks Chris Baker for doing 64bit testing. * Added not_established keyword to the flow detection option. This allows snort to do dynamic firewall rulesets. Experimental for now. * Added an enforce_state keyword to stream4 so we won't pick up midstream sessions. This works well for asynchronous links and also for just monitoring legitimate traffic. * Relocated ./contrib files to http://www.snort.org/dl/contrib as many are not maintained by Sourcefire and are out of date. The rpm and schema files have been relocated in their respective 'rpm' and 'schemas' directories under the snort parent directory. * perfmonitor config line can now be configured with "accumulate" or "reset." Thanks Marc Norton for the feature, and Barry Basselgia for pointing out the issue. Thanks Scott Dexter and Andreas Ostling for doing some initial testing. * Fixed 64-bit bug in sfmemcap.c found and tested by Ryan Matteson and Clay McClure. Thanks guys. * Fixed reference times to match log time for first packet, for an event generated by a reassembled packet. Incremented event ID to give unique ID for each packet. Also made unified logging compatible with Windows. Thanks Andrew Mullican for the fix. * Fixed linux perfmonitoring stats for the 2.6 kernel. Thanks to everyone that reported this bug. Thanks Dan Roelker for the fix. * Get thresholding/suppression to work for alerts that do not contain an ip header (primarily decode alerts). Thanks Brian Caswell. * Fix conditions where snort would log double web alerts that contained only content options (no uricontents). Thanks to kawa for finding and reporting this bug. * Fix suppression/thresholding bug for non-rule alerts. Thanks to Alex Butcher for reporting it to us. * Many other bug fixes, please check the ChangeLog for details. --- Module Name: pkgsrc Committed By: taca Date: Sat Jan 29 03:27:58 UTC 2005 Modified Files: pkgsrc/net/snort: distinfo Log Message: Update distinfo for snort-2.3.0. --- Module Name: pkgsrc Committed By: adrianp Date: Fri Jan 28 23:03:59 UTC 2005 Modified Files: pkgsrc/net/snort-mysql: Makefile Log Message: Sync and minor tidy up for snort 2.3.0 release. --- Module Name: pkgsrc Committed By: adrianp Date: Fri Jan 28 22:51:27 UTC 2005 Removed Files: pkgsrc/net/snort-contrib: DESCR Makefile PLIST distinfo Log Message: As of snort 2.3.0 all contrib files are now available from: http://www.snort.org/dl/contrib/ @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.24 2005/01/29 03:27:58 taca Exp $ d3 2 a4 2 SHA1 (snort-2.3.0.tar.gz) = 49defb3abaa312bf54f430bba167f38f20866eb9 Size (snort-2.3.0.tar.gz) = 2633245 bytes @ 1.22 log @- Upgrade snort to 2.1.3 - Grab maintainership of the package (with ok of previous owner) - Use SUBST_* code Ok'ed wiz@@, snj@@, salo@@ From the changelog: 2004-05-06 Daniel Roelker * src/detection-plugins/sp_pattern_match.c: Fixed rule read up error when parsing hexmode content options. Thanks for pointing it out Toni Maatta. (Roelker) * src/preprocessors/spp_stream4.c: Fixed null pointer dereference when detect_scans were enabled and creating a new session that had funky flags. Thanks to Chad Kreimendahl for reporting the bug and testing the fix. (Roelker) 2004-04-20 Daniel Roelker * src/event_queue.c: * src/event_queue.h: * src/sfutil/sfeventq.c: * src/sfutil/sfeventq.h: Added multi-event queueing in Snort. Snort now supports logging multiple events per packet, and prioritizing those events using different methods. Thanks to H.D. Moore for illustrating event obfuscations when snort only logged one event per packet. (Roelker) * src/snort.c: * src/decode.c: * src/detect.c: * src/fpcreate.c: * src/fpdetect.c: * src/preprocessors/spp_arpspoof.c: * src/preprocessors/spp_bo.c: * src/preprocessors/spp_frag2.c: * src/preprocessors/snort_httpinspect.c: * src/preprocessors/spp_rpc_decode.c: * src/preprocessors/spp_stream4.c: Updated event generators to use new event queueing sytem. (Roelker) * src/output-plugins/spo_alert_fast.c: Added newline to 'cmg' alert output, so IP decode is easier to read. (Roelker) * src/output-plugins/spo_database.c: Updated how current/utc times are calculated, as well as how they are formatted, thanks Marcus Janoski. (Reid) * src/parser.c: Error on unterminated IP lists. Added 'config event_queue' parameter. Configuration changes to 'config checksum_mode' for specifying which checksums to do. (Norton) * src/plugbase.h: Fixes from Chris Reid for timestamp routines. (Reid) * src/tag.c: Revert to old tag functionality. Will add proposed tagging configurations in the future. (Roelker) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.21 2004/04/10 03:09:45 snj Exp $ d3 2 a4 2 SHA1 (snort-2.1.3.tar.gz) = 34859591085607d964f063a404ea06e597ba6df6 Size (snort-2.1.3.tar.gz) = 2379344 bytes d9 1 a9 1 SHA1 (patch-ae) = 2e2f6373b9859959e161a106ab4b1122fbc5a06c @ 1.21 log @Update to snort-2.1.2. From Adrian Portelli in PR pkg/25029. While here, convert to buildlink3. Changes: * Various portability fixes. * Fixed conversation parsing faults so users can operate this preprocessor * Detect non-rfc standard chunk encodings. Detect abnormal HTTP requests with newlines, spaces, etc. before the request method. * Fix negative stats output on snort exit or SIGUSR1. * Removed escaping of '%' and '_' characters in MySQL * Various documentation fixes/updates. * Added Flowbits detection functionality. * Added utility to parse out perfmon stats. * Tagged Packets no longer have NULL msg name. * Fixed http_inspect double alerting on pkts and rebuilt streams. * http_inspect proxy_alert now supports normal proxy networks setups. http_inspect default server only valid if specified in config. * Close Socket when Snort receives SIGHUP. * Added GID, SID, and Rev to csv output. * config chroot readded. * Added additional error checking for custom rules. * Flow now honors -q (quiet). * Removed non_rfc_chars from default profiles. * Added suppression negation. * Better support for ODBC. Better memory management. Improved escaping of SQL strings. * Other miscellaneous bugfixes. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.20 2004/01/31 20:43:41 kristerw Exp $ d3 2 a4 2 SHA1 (snort-2.1.2.tar.gz) = 6a3c81b9d13fd8e847cf3e1f44d49f3406ace2b3 Size (snort-2.1.2.tar.gz) = 2315827 bytes @ 1.20 log @Make this package build on NetBSD 1.6. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.19 2003/12/31 14:11:42 salo Exp $ d3 2 a4 2 SHA1 (snort-2.1.0.tar.gz) = fa54d1ccdddde5ba1a793c6ab88006534933c66e Size (snort-2.1.0.tar.gz) = 2244701 bytes @ 1.19 log @Update to version 2.1.0. Changes: 2.1.0: ====== - A new connection tracking module, Flow (replaces conversation) - A new portscan detector based off of Flow, Flow-Portscan (replaces portscan2) - A new http preprocessor, HttpInspect (replaces http_decode) - Alert Thresholding and Suppression - PCRE rule keyword (Perl Compat Regular Expressions) - isdataat rule keyword (buffer length detection) - A ton of new and updated rules. 2.0.6: ====== - 64-bit update for detection engine. (Thanks, Silio d'Angelo) - Added better PPP decoding. (Thanks Jesper Peterson) - Updated ip_proto optimization for high-speed detection engine. - Fixed infinite loop problem that was introduced by the recursive pattern matching patch. Reported by Lawrence Reed, thanks for testing out the changes for us! - Various changes to help respond (version 1) work a little better. - spp_http_decode 64-bit patch from Dirk Mueller. - Out-of-order ACK problem from Andrew Rucker. Also, updated stream4 to the most recent version from HEAD. - Minor fixes to tagging related to 'src' and 'dst' directives - When counting one byte patterns in 'ningroup' added a check for psLen==1 (wu-manber pattern matcher). Thanks Josh Sakofsky and Dennis McGuire for helping us test this. 2.0.5: ====== - Stream4 fixes from Andrew Rucker Jones. - Allow memcap to be configured for threshold features. 2.0.4: ====== - Fixed a core dump introduced with 2.0.3 when dealing with negated patterns 2.0.3: ====== - doe_ptr handling in byte_test/byte_jump slightly modified to work better with the pcre patch - content processing is now recursive to make distance/within processing better ( thanks to Shai Rubin for patch! ) - fixed a bug in the mwm.c pattern matcher that resulted in some alerts not firing in a particular configuration of rules 2.0.2: ====== - Added Thresholding and Suppression features (Marc Norton/Sourcefire) - Fixed TCP RST processing bug found (Shai Rubin) - Cleanup of spp_arpspoof (Jeff Nathan) - Cleanup of win32 version including proper Event Log support (Chris Reid) - Munged data fixes for stream4 (Chris Green) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.18 2003/09/23 15:43:51 salo Exp $ d5 1 a5 1 SHA1 (patch-aa) = 33a0a8014ce8458f99da8eefb68127ef02d8628c @ 1.18 log @Update to version 2.0.2. Patch from Adrian Portelli via PR pkg/22900. Changes: - Added Thresholding and Suppression features (Marc Norton/Sourcefire) - Fixed TCP RST processing bug found (Shai Rubin) - Cleanup of spp_arpspoof (Jeff Nathan) - Cleanup of win32 version including proper Event Log support (Chris Reid) - Munged data fixes for stream4 (Chris Green) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.17 2003/07/26 11:13:17 salo Exp $ d3 2 a4 2 SHA1 (snort-2.0.2.tar.gz) = e79733bc1a17b2cb9cb0d64cc94c7cc9d16fba18 Size (snort-2.0.2.tar.gz) = 1885220 bytes d9 1 a9 1 SHA1 (patch-ae) = 5a5123c5352e87650a4ce91123a196c576f37ea8 @ 1.17 log @Updated to version 2.0.1. Changes: - fix host endianess problem in udp decoder - vlan decoding fixes from Michael Pomraning - add tcp state checking to httpflow - ignoring bad checksums throughout snort if checksumming is turned on - config disable_ttcp_alerts is now also config disable_tcpopt_ttcp_alerts - better initialization handling of low memory conditions pointing to the - low memory search engine - byte_jump / byte_test 2 byte cases handled and unified - correctly assign port numbers on tcpoption events - pass rule logic changed to "win" in specific multiple event cases - named interface support for win32 from the winpcap folks - spp_bo now also will work with log-only output plugins - added window detection plugin documentation to manual - lots of new rules and tons of rule documentation @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2003/04/16 15:51:23 salo Exp $ d3 2 a4 2 SHA1 (snort-2.0.1.tar.gz) = d5a83f65a7a619ea7c4f50f19ab82a0a4f38f685 Size (snort-2.0.1.tar.gz) = 1817646 bytes @ 1.16 log @Bump PKGREVISION: honour PKG_SYSCONFDIR for real. (i thought i fixed this before but apparently i did not :/) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2003/04/16 06:37:19 salo Exp $ d3 2 a4 2 SHA1 (snort-2.0.0.tar.gz) = 1fdb5656b7a84439da0cd9118f5a977098f0652b Size (snort-2.0.0.tar.gz) = 1556540 bytes @ 1.15 log @Updated to version 2.0.0. IMPORTANT: This version fixes remotely exploitable heap overflow in the stream4 preprocessor module. Advisory: http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10 Changes: 2.0.0: ====== - Enhanced high-performance detection engine - Stateful Pattern Matching - New detection keywords: byte_test & byte_jump - The Snort code base has undergone an external third party professional security audit funded by Sourcefire (http://www.sourcefire.com) - Many new and updated rules - snort.conf has been updated - Enhancements to self preservation mechanisms in stream4 and frag2 - State tracking fixes in stream4 - New HTTP flow analyzer - Enhanced protocol decoding (TCP options, 802.1q, etc) - Enhanced protocol anomaly detection (IP, TCP, UDP, ICMP, RPC, HTTP, etc) - Enhanced flexresp mode for real-time TCP session sniping - Better chroot()'ing - Tagging system updated - Several million bugs addressed.... - Updated FAQ (thanks to Erek Adams and Dragos Ruiu) Snort 2.0 can be downloaded at http://www.snort.org/dl/snort-2.0.0.tar.gz. Binary versions of the codebase will be built over the next several days and made available at here. 2.0.rc4: ======== - byte_jump/byte_test don't force relative content options - byte_jump/byte_test absolute offsets work - Better FIN handling in Stream4 2.0.rc3: ======== - A low memory usage detection method (enabled via "config detection: search-method lowmem") - Moved the default unix socket location to LOGDIR 2.0.rc2: ======== - syslog should work on win32 and unix - major tagging updates - new UDP decoding alerts - snort.conf updates 2.0.rc1: ======== - Higher performance (due to a new pattern matcher and rebuilt detection engine) - Better decoders - Enhanced stream reassembly and defragmentation - Tons of bug fixes - Updated rules - Updated snort.conf - New detection keywords (byte_test, byte_jump, distance, within) & stateful pattern matching - New HTTP flow analyzer - Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc) - Better self preservation in stateful subsystems - Xrefs fixed - Flexresp works faster and more effectively - Better chroot()'ing - Fixed 802.1q decoding - Better async state handling - New alerting option: -A cmg!! @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.14 2003/03/04 01:02:25 salo Exp $ d5 1 a5 1 SHA1 (patch-aa) = 8cb1b83611eb6cf82197c9b27b91d967bfd4fcd7 d8 1 a8 1 SHA1 (patch-ad) = 6853a0e7105e97089bbee8a8abb535cef9f905f1 @ 1.14 log @Updated to version 1.9.1. This version fixes the buffer overflow issue noted in: http://www.kb.cert.org/vuls/id/916785 Changes: - follow PKG_SYSCONFDIR - added rc.d script - create own user and group - added MESSAGE with post-install instructions - removed DEINSTALL - minor cleanups (this package was really half-baked..) 1.9.1: ====== - src/preprocessors/spp_rpc_decode.c (PreprocRpcDecode): - alignment errors on non-x86 platforms - added new space delimited options alert_fragments no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete - corrected buffer overflow in fragment normalization - src/snort.c - Win32 '-s' parameter wasn't configured to accept an optarg, but code expected one, causing null-pointer violation. - Backport of 2.0 fixes for stream4 ( off by one errors on reassembly ) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.13 2002/10/13 04:42:12 hubertf Exp $ d3 3 a5 3 SHA1 (snort-1.9.1.tar.gz) = a176beab3cac249da491d81081c0ca6d82fd405a Size (snort-1.9.1.tar.gz) = 1466151 bytes SHA1 (patch-aa) = ce6d9a13823dd1ca25a0ff250a3e134f71227ca4 d8 2 a9 2 SHA1 (patch-ad) = 5472fc78db0c0668a1d8ff8f1c66eee6ba7f6a7e SHA1 (patch-ae) = b402289267cebc0721104c6e8c8f7ce6a6b11a59 @ 1.13 log @Update snort to 1.9.0. Changes: Lots of new rules, extended analyzing of packages etc. Fixes PR 18637 by Adrian Portelli @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.12 2002/07/15 14:41:26 wiz Exp $ d3 2 a4 2 SHA1 (snort-1.9.0.tar.gz) = ad376504dd866dd0bbf79d65c0b547902a3f2739 Size (snort-1.9.0.tar.gz) = 1866556 bytes d9 1 @ 1.13.2.1 log @Pullup rev 1.14 (from ticket 1192 requested by salo) Snort RPC preprocessing buffer overflow when decoding fragmented RPC records (http://www.kb.cert.org/vuls/id/916785). Versions affected <1.9.1. @ text @d1 1 a1 1 $NetBSD$ d3 2 a4 2 SHA1 (snort-1.9.1.tar.gz) = a176beab3cac249da491d81081c0ca6d82fd405a Size (snort-1.9.1.tar.gz) = 1466151 bytes a8 1 SHA1 (patch-ae) = b402289267cebc0721104c6e8c8f7ce6a6b11a59 @ 1.13.2.2 log @Pull up revision 1.15 (requested by salo in ticket #1257): Updated to version 2.0.0. [security fix] @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.15 2003/04/16 06:37:19 salo Exp $ d3 3 a5 3 SHA1 (snort-2.0.0.tar.gz) = 1fdb5656b7a84439da0cd9118f5a977098f0652b Size (snort-2.0.0.tar.gz) = 1556540 bytes SHA1 (patch-aa) = 8cb1b83611eb6cf82197c9b27b91d967bfd4fcd7 d8 2 a9 2 SHA1 (patch-ad) = 6853a0e7105e97089bbee8a8abb535cef9f905f1 SHA1 (patch-ae) = 5a5123c5352e87650a4ce91123a196c576f37ea8 @ 1.13.2.3 log @Pull up revision 1.16 (requested by salo in ticket #1258): Bump PKGREVISION: honour PKG_SYSCONFDIR for real. (i thought i fixed this before but apparently i did not :/) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.16 2003/04/16 15:51:23 salo Exp $ d5 1 a5 1 SHA1 (patch-aa) = 33a0a8014ce8458f99da8eefb68127ef02d8628c d8 1 a8 1 SHA1 (patch-ad) = 983317cb82d13de66ac88127d3eea7d3b3186da4 @ 1.12 log @Update to 1.8.7, prompted by Mipam. Changes: The main purpose of this release is a stable target with many fragroute and tcp connection oriented fixes. This is also the last release of the 1.8.7 line and signals the start of the beta cycle for the 1.9 branch. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.11 2002/04/10 22:01:10 rh Exp $ d3 3 a5 3 SHA1 (snort-1.8.7.tar.gz) = e33d85acfa110c62ab139f5bfe2be1fa623c0ca8 Size (snort-1.8.7.tar.gz) = 1726082 bytes SHA1 (patch-aa) = ed057aa75c405130c6d7d62d7e217f8cba26f49c d7 2 @ 1.11 log @Update snort to 1.8.6. Patch provided in private mail by Mipam . From the release notes: 1.8.4 and 1.8.5 both had bugs that were found right as we were ready to do a full release and represented good midway points but 1.8.6 should be the stable target. Changes include: * The ICMP decoders have been rewritten. * (This is a summary of recent changes -- not all mine) * Fixed stream4 offset initialization * Double Open of snort log file * Lots of new rules * Fatal error on problems other than -> and <> * Fixed stream4 several low memory conditions * Error checking in stream4/frag2 argument parsing * snort-db schema updates to 1.05 * --with-pcap-includes should now look at specified pcap * packet statistics now should be more accurate with regards to lost frags * double PID file write * S4 alignment problems on SPARC fixed ( rpc_decode still has SPARC alignment errors ) * new snmptrap code * documentation updates * Stability fixes in frag2 * SEQ / ACK checking should be correct * Reassembled packets with stream4 will now also be inspected when using -z est * ip fragments are now calculated correctly * rule headers correctly matched ( multiple CIDR performance greatly increased ) @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.10 2002/04/02 21:34:08 rh Exp $ d3 3 a5 3 SHA1 (snort-1.8.6.tar.gz) = e60b6a0b3398e61a103ebc5a75da759fe86d710d Size (snort-1.8.6.tar.gz) = 1770604 bytes SHA1 (patch-aa) = e3153843b43f32f9db934b8adb57ce80498c78dd @ 1.10 log @Update snort to 1.8.4 (update was provided by Mipam in a private mail -- thanks!) Changes are: * Fixed stream4 offset initialization * Double Open of snort log file * Lots of new rules * Fatal error on problems other than -> and <> * Fixed stream4 several low memory conditions * Error checking in stream4/frag2 argument parsing * snortdb schema updates to 1.05 * --with-pcap-includes should now look at specified pcap * packet statistics now should be more accurate with regards to lost packets werwerwerwerwer * double PID file write * S4 alignment problems on Sparc fixed * new snmptrap code * documentation updates * Stability fixes in frag2 @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.9 2002/03/13 08:28:23 jmc Exp $ d3 2 a4 2 SHA1 (snort-1.8.4.tar.gz) = 5130d0372c8a7b7608f8092d83a432de7b357777 Size (snort-1.8.4.tar.gz) = 1766532 bytes @ 1.9 log @Add powerpc/macppc support @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.8 2001/12/02 14:43:49 kleink Exp $ d3 4 a6 4 SHA1 (snort-1.8.3.tar.gz) = c1cc80b5495efeceb6fb07f2dfa6aa813ddf2051 Size (snort-1.8.3.tar.gz) = 1706939 bytes SHA1 (patch-aa) = 289c515c2eaf62dcba44bea668dc60a0abd57d51 SHA1 (patch-ab) = 6518ad8c2b5202ec3567f31cabf23253353b837a @ 1.8 log @Update snort to 1.8.3; changes since 1.8.2 include: Major repairs include a fix to frag2 on Linux platforms, the icmp decoder and printout routines were updated to match the data structures that I implemented in 1.8.1 and the flexresp code was repaired and should now be faster, plus the usual rule updates. I also added a new "-B" command line switch to convert IP addresses in a pcap file to a new specified IP subnet addresses. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.7 2001/11/28 13:44:51 kleink Exp $ d6 1 @ 1.7 log @Update snort to 1.8.2; changes since 1.8.1 include: * fixed UTC timestamps * fixed SIGUSR1 handling, should reset properly now after getting a signal * fixed PID path generation code, PID files go in the right place now * fixed stability problems in stream4 * fixed stability problems in frag2 * tweaks to spo_unified for better integration with barnyard * added -f switch to turn off fflush() calls in binary logging mode * added new config keyword to stream4, "log_flushed_streams", which causes all buffered packets in the stream reassembler for that session to be logged in the event of an event on that stream (must be used in conjunction with spo_log_tcpdump) * added packet precacheing for flexresp TCP packets, responses should be generated more quickly * fixed rules parser code for various failure modes * several new rules files and a new classification system @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.6 2001/11/07 03:03:05 hubertf Exp $ d3 2 a4 2 SHA1 (snort-1.8.2.tar.gz) = fb992923f1998cd090693d640dafbd38fe232387 Size (snort-1.8.2.tar.gz) = 909339 bytes @ 1.6 log @Only use DLT_PPP_{SERIAL,ETHER} on systems that actually have it (i.e. on 1.5 and up). (I *love* digging such stuff out of CVS logs...) Requested by wiz in private mail. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.5 2001/08/22 18:07:50 hubertf Exp $ d3 3 a5 3 SHA1 (snort-1.8.1-RELEASE.tar.gz) = 0a167b87b51a62bc9bbf06ef84e2941574327af9 Size (snort-1.8.1-RELEASE.tar.gz) = 1026894 bytes SHA1 (patch-aa) = cb6a8ec346646a3e1a28163eccea773f152c3cfc @ 1.5 log @Upgrade snort to 1.8.1. Changes: * SNMP alerts * IDMEF XML output (the Silicon Defense plugin is integrated into the main codebase now) * Limited regex support in the rules language * New packet counters for stream4 and frag2 * New normalization mode for http_decode @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 SHA1 (patch-aa) = 99f6d436940ab8ddc80f123ac2438380983e8953 @ 1.4 log @regen @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.3 2001/08/03 06:35:11 itojun Exp $ d3 2 a4 2 SHA1 (snort-1.8p1.tar.gz) = ae9ef94381ff7b163a75277ea710964e797dd769 Size (snort-1.8p1.tar.gz) = 1024604 bytes @ 1.3 log @upgrade to 1.8p1. for list of changes, see http://www.snort.org/snort-files.htm default rule files are now named *.rules, not *-lib. @ text @d1 1 a1 1 $NetBSD: distinfo,v 1.2 2001/04/21 11:23:33 wiz Exp $ d5 1 @ 1.2 log @Move to sha1 checksum, and/or add distfile sizes. @ text @d1 1 a1 1 $NetBSD$ d3 2 a4 2 SHA1 (snort-1.7.tar.gz) = e2bbc55a55d53ab0dae4428ff94c0aaab7610a5f Size (snort-1.7.tar.gz) = 653702 bytes @ 1.1 log @+ move the distfile digest/checksum value from files/md5 to distinfo + move the patch digest/checksum values from files/patch-sum to distinfo @ text @d1 1 a1 1 $NetBSD: md5,v 1.7 2001/02/26 20:43:27 wiz Exp $ d3 2 a4 1 MD5 (snort-1.7.tar.gz) = 0eae2f987f663a2fbf236e38d1f8e960 @