diff options
| author | salo <salo@pkgsrc.org> | 2003-04-16 06:37:19 +0000 |
|---|---|---|
| committer | salo <salo@pkgsrc.org> | 2003-04-16 06:37:19 +0000 |
| commit | 8dd2d2ad1d34f90875e380e2e21091677d393763 (patch) | |
| tree | c1c4b6e5449d3a48997a05aca28fa1ac46c772bb /net/snort/patches | |
| parent | e88489b19454038603fd537d33852ffe1f578bd5 (diff) | |
| download | pkgsrc-8dd2d2ad1d34f90875e380e2e21091677d393763.tar.gz | |
Updated to version 2.0.0.
IMPORTANT: This version fixes remotely exploitable heap overflow in the stream4
preprocessor module.
Advisory: http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
Changes:
2.0.0:
======
- Enhanced high-performance detection engine
- Stateful Pattern Matching
- New detection keywords: byte_test & byte_jump
- The Snort code base has undergone an external third party professional
security audit funded by Sourcefire (http://www.sourcefire.com)
- Many new and updated rules
- snort.conf has been updated
- Enhancements to self preservation mechanisms in stream4 and frag2
- State tracking fixes in stream4
- New HTTP flow analyzer
- Enhanced protocol decoding (TCP options, 802.1q, etc)
- Enhanced protocol anomaly detection (IP, TCP, UDP, ICMP, RPC, HTTP, etc)
- Enhanced flexresp mode for real-time TCP session sniping
- Better chroot()'ing
- Tagging system updated
- Several million bugs addressed....
- Updated FAQ (thanks to Erek Adams and Dragos Ruiu) Snort 2.0 can be
downloaded at http://www.snort.org/dl/snort-2.0.0.tar.gz. Binary
versions of the codebase will be built over the next several days and
made available at here.
2.0.rc4:
========
- byte_jump/byte_test don't force relative content options
- byte_jump/byte_test absolute offsets work
- Better FIN handling in Stream4
2.0.rc3:
========
- A low memory usage detection method (enabled via "config detection:
search-method lowmem")
- Moved the default unix socket location to LOGDIR
2.0.rc2:
========
- syslog should work on win32 and unix
- major tagging updates
- new UDP decoding alerts
- snort.conf updates
2.0.rc1:
========
- Higher performance (due to a new pattern matcher and rebuilt detection
engine)
- Better decoders
- Enhanced stream reassembly and defragmentation
- Tons of bug fixes
- Updated rules
- Updated snort.conf
- New detection keywords (byte_test, byte_jump, distance, within) &
stateful pattern matching
- New HTTP flow analyzer
- Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc)
- Better self preservation in stateful subsystems
- Xrefs fixed
- Flexresp works faster and more effectively
- Better chroot()'ing
- Fixed 802.1q decoding
- Better async state handling
- New alerting option: -A cmg!!
Diffstat (limited to 'net/snort/patches')
| -rw-r--r-- | net/snort/patches/patch-aa | 16 | ||||
| -rw-r--r-- | net/snort/patches/patch-ad | 20 | ||||
| -rw-r--r-- | net/snort/patches/patch-ae | 10 |
3 files changed, 23 insertions, 23 deletions
diff --git a/net/snort/patches/patch-aa b/net/snort/patches/patch-aa index 3eaf24c2739..24f19f28302 100644 --- a/net/snort/patches/patch-aa +++ b/net/snort/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.8 2002/10/13 04:42:13 hubertf Exp $ +$NetBSD: patch-aa,v 1.9 2003/04/16 06:37:20 salo Exp $ ---- src/snort.c.orig Wed Sep 25 21:56:53 2002 -+++ src/snort.c -@@ -1437,6 +1437,19 @@ +--- src/snort.c.orig 2003-04-03 23:10:52.000000000 +0200 ++++ src/snort.c 2003-04-16 08:03:06.000000000 +0200 +@@ -1355,6 +1355,19 @@ break; @@ -22,12 +22,12 @@ $NetBSD: patch-aa,v 1.8 2002/10/13 04:42:13 hubertf Exp $ case DLT_PPP: /* point-to-point protocol */ if(!pv.readmode_flag) { -@@ -2193,7 +2206,7 @@ +@@ -1729,7 +1742,7 @@ + { struct stat st; - int found; int i; - char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL}; + char *conf_files[]={ PREFIX "/etc/snort.conf", "./snort.conf", NULL}; char *fname = NULL; - char *home_dir; - char *tmp; + char *home_dir = NULL; + char *rval = NULL; diff --git a/net/snort/patches/patch-ad b/net/snort/patches/patch-ad index 3795b8026e1..e4220a21f69 100644 --- a/net/snort/patches/patch-ad +++ b/net/snort/patches/patch-ad @@ -1,13 +1,13 @@ -$NetBSD: patch-ad,v 1.1 2002/10/13 04:42:13 hubertf Exp $ +$NetBSD: patch-ad,v 1.2 2003/04/16 06:37:20 salo Exp $ ---- src/Makefile.in.orig Sun Oct 13 05:25:01 2002 -+++ src/Makefile.in -@@ -59,7 +59,7 @@ - POST_UNINSTALL = : - host_alias = @host_alias@ - host_triplet = @host@ +--- src/Makefile.in.orig 2003-04-09 18:01:40.000000000 +0200 ++++ src/Makefile.in 2003-04-16 08:07:17.000000000 +0200 +@@ -67,7 +67,7 @@ + PATH_SEPARATOR = @PATH_SEPARATOR@ + AMTAR = @AMTAR@ + AWK = @AWK@ -CC = @CC@ +CC = @CC@ -DPREFIX=\"@prefix@\" - MAKEINFO = @MAKEINFO@ - PACKAGE = @PACKAGE@ - RANLIB = @RANLIB@ + DEPDIR = @DEPDIR@ + + INCLUDES = @INCLUDES@ diff --git a/net/snort/patches/patch-ae b/net/snort/patches/patch-ae index 34d7fe710f5..49b0ca26d84 100644 --- a/net/snort/patches/patch-ae +++ b/net/snort/patches/patch-ae @@ -1,7 +1,7 @@ -$NetBSD: patch-ae,v 1.1 2003/03/04 01:02:26 salo Exp $ +$NetBSD: patch-ae,v 1.2 2003/04/16 06:37:20 salo Exp $ ---- etc/snort.conf.orig 2003-02-23 20:29:24.000000000 +0100 -+++ etc/snort.conf 2003-03-04 00:51:11.000000000 +0100 +--- etc/snort.conf.orig 2003-04-03 23:10:50.000000000 +0200 ++++ etc/snort.conf 2003-04-16 08:09:48.000000000 +0200 @@ -99,7 +99,7 @@ var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] @@ -9,5 +9,5 @@ $NetBSD: patch-ae,v 1.1 2003/03/04 01:02:26 salo Exp $ -var RULE_PATH ../rules +var RULE_PATH @PREFIX@/share/snort/rules - ################################################### - # Step #2: Configure preprocessors + # Configure the snort decoder: + # ============================ |