Updated to version 2.0.0.

IMPORTANT: This version fixes remotely exploitable heap overflow in the stream4 preprocessor module. Advisory: http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10 Changes: 2.0.0: ====== - Enhanced high-performance detection engine - Stateful Pattern Matching - New detection keywords: byte_test & byte_jump - The Snort code base has undergone an external third party professional security audit funded by Sourcefire (http://www.sourcefire.com) - Many new and updated rules - snort.conf has been updated - Enhancements to self preservation mechanisms in stream4 and frag2 - State tracking fixes in stream4 - New HTTP flow analyzer - Enhanced protocol decoding (TCP options, 802.1q, etc) - Enhanced protocol anomaly detection (IP, TCP, UDP, ICMP, RPC, HTTP, etc) - Enhanced flexresp mode for real-time TCP session sniping - Better chroot()'ing - Tagging system updated - Several million bugs addressed.... - Updated FAQ (thanks to Erek Adams and Dragos Ruiu) Snort 2.0 can be downloaded at http://www.snort.org/dl/snort-2.0.0.tar.gz. Binary versions of the codebase will be built over the next several days and made available at here. 2.0.rc4: ======== - byte_jump/byte_test don't force relative content options - byte_jump/byte_test absolute offsets work - Better FIN handling in Stream4 2.0.rc3: ======== - A low memory usage detection method (enabled via "config detection: search-method lowmem") - Moved the default unix socket location to LOGDIR 2.0.rc2: ======== - syslog should work on win32 and unix - major tagging updates - new UDP decoding alerts - snort.conf updates 2.0.rc1: ======== - Higher performance (due to a new pattern matcher and rebuilt detection engine) - Better decoders - Enhanced stream reassembly and defragmentation - Tons of bug fixes - Updated rules - Updated snort.conf - New detection keywords (byte_test, byte_jump, distance, within) & stateful pattern matching - New HTTP flow analyzer - Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc) - Better self preservation in stateful subsystems - Xrefs fixed - Flexresp works faster and more effectively - Better chroot()'ing - Fixed 802.1q decoding - Better async state handling - New alerting option: -A cmg!!
author: salo <salo@pkgsrc.org> 2003-04-16 06:37:19 +0000
committer: salo <salo@pkgsrc.org> 2003-04-16 06:37:19 +0000
commit: 8dd2d2ad1d34f90875e380e2e21091677d393763 (patch)
tree: c1c4b6e5449d3a48997a05aca28fa1ac46c772bb /net/snort
parent: e88489b19454038603fd537d33852ffe1f578bd5 (diff)
download: pkgsrc-8dd2d2ad1d34f90875e380e2e21091677d393763.tar.gz
6 files changed, 40 insertions, 47 deletions
diff --git a/net/snort/Makefile.common b/net/snort/Makefile.common
index 697169dcfc8..858d2790380 100644
--- a/net/snort/Makefile.common
+++ b/net/snort/Makefile.common
@@ -1,21 +1,17 @@
-# $NetBSD: Makefile.common,v 1.7 2003/03/04 01:02:25 salo Exp $
+# $NetBSD: Makefile.common,v 1.8 2003/04/16 06:37:19 salo Exp $
 #
 
-DISTNAME=	snort-1.9.1
+DISTNAME=	snort-2.0.0
 CATEGORIES=	net security
-MASTER_SITES=	http://www.snort.org/releases/				\
+MASTER_SITES=	http://www.snort.org/dl/				\
 		ftp://the.wiretapped.net/pub/security/network-intrusion-detection/snort/ \
-		http://www.centus.com/snort/				\
-		http://snort.whitehats.com/				\
-		http://snort.safenetworks.com/				\
-		ftp://gd.tuwien.ac.at/infosys/security/snort/		\
-		http://snort.sourcefire.com/releases/
+		ftp://gd.tuwien.ac.at/infosys/security/snort/dl/
 
-MAINTAINER=	packages@netbsd.org
+MAINTAINER=	salo@netbsd.org
 HOMEPAGE=	http://www.snort.org/
 
-USE_PKGINSTALL=		YES
-GNU_CONFIGURE=		YES
+USE_PKGINSTALL=	YES
+GNU_CONFIGURE=	YES
 
 CONFIGURE_ARGS+=	--with-libpcap-includes=${BUILDLINK_PREFIX.libpcap}/include
 CONFIGURE_ARGS+=	--with-libpcap-libraries=${BUILDLINK_PREFIX.libpcap}/lib
@@ -56,7 +52,7 @@ post-install:
 	done
 	${INSTALL_DATA_DIR} ${PREFIX}/share/snort/rules
 	cd ${WRKSRC}/etc ; \
-	for i in *.map *.txt sid ; do \
+	for i in *.map sid ; do \
 		${INSTALL_DATA} $$i ${PREFIX}/share/snort/rules ; \
 	done
 	cd ${WRKSRC}/rules ; \
diff --git a/net/snort/PLIST b/net/snort/PLIST
index c24cb079597..571c2fabcdf 100644
--- a/net/snort/PLIST
+++ b/net/snort/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2003/03/04 01:02:25 salo Exp $
+@comment $NetBSD: PLIST,v 1.9 2003/04/16 06:37:19 salo Exp $
 bin/snort
 etc/rc.d/snort
 man/man8/snort.8
@@ -11,19 +11,16 @@ share/doc/snort/NEWS
 share/doc/snort/README
 share/doc/snort/README.FLEXRESP
 share/doc/snort/README.PLUGINS
-share/doc/snort/README.SNMP
 share/doc/snort/README.csv
 share/doc/snort/README.database
-share/doc/snort/README.xml
 share/doc/snort/RULES.todo
 share/doc/snort/SnortUsersManual.pdf
 share/doc/snort/TODO
 share/doc/snort/USAGE
+share/doc/snort/snortman.tex
 share/examples/snort/classification.config
 share/examples/snort/reference.config
 share/examples/snort/snort.conf.default
-share/snort/rules/SnortCommonMIB.txt
-share/snort/rules/SnortIDAlertMIB.txt
 share/snort/rules/attack-responses.rules
 share/snort/rules/backdoor.rules
 share/snort/rules/bad-traffic.rules
@@ -76,6 +73,6 @@ share/snort/rules/web-misc.rules
 share/snort/rules/web-php.rules
 share/snort/rules/x11.rules
 @dirrm share/snort/rules
+@dirrm share/snort
 @dirrm share/examples/snort
 @dirrm share/doc/snort
-@dirrm share/snort
diff --git a/net/snort/distinfo b/net/snort/distinfo
index 362518d1e9a..bd415f70140 100644
--- a/net/snort/distinfo
+++ b/net/snort/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.14 2003/03/04 01:02:25 salo Exp $
+$NetBSD: distinfo,v 1.15 2003/04/16 06:37:19 salo Exp $
 
-SHA1 (snort-1.9.1.tar.gz) = a176beab3cac249da491d81081c0ca6d82fd405a
-Size (snort-1.9.1.tar.gz) = 1466151 bytes
-SHA1 (patch-aa) = ce6d9a13823dd1ca25a0ff250a3e134f71227ca4
+SHA1 (snort-2.0.0.tar.gz) = 1fdb5656b7a84439da0cd9118f5a977098f0652b
+Size (snort-2.0.0.tar.gz) = 1556540 bytes
+SHA1 (patch-aa) = 8cb1b83611eb6cf82197c9b27b91d967bfd4fcd7
 SHA1 (patch-ab) = 0ea7deb91de5d3d68558a30e80dcbd8bd81f8a5e
 SHA1 (patch-ac) = 6cdf26fcaeb8dad9cd9562b77377bd56b49c9f38
-SHA1 (patch-ad) = 5472fc78db0c0668a1d8ff8f1c66eee6ba7f6a7e
-SHA1 (patch-ae) = b402289267cebc0721104c6e8c8f7ce6a6b11a59
+SHA1 (patch-ad) = 6853a0e7105e97089bbee8a8abb535cef9f905f1
+SHA1 (patch-ae) = 5a5123c5352e87650a4ce91123a196c576f37ea8
diff --git a/net/snort/patches/patch-aa b/net/snort/patches/patch-aa
index 3eaf24c2739..24f19f28302 100644
--- a/net/snort/patches/patch-aa
+++ b/net/snort/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.8 2002/10/13 04:42:13 hubertf Exp $
+$NetBSD: patch-aa,v 1.9 2003/04/16 06:37:20 salo Exp $
 
---- src/snort.c.orig	Wed Sep 25 21:56:53 2002
-+++ src/snort.c
-@@ -1437,6 +1437,19 @@
+--- src/snort.c.orig	2003-04-03 23:10:52.000000000 +0200
++++ src/snort.c	2003-04-16 08:03:06.000000000 +0200
+@@ -1355,6 +1355,19 @@
  
              break;
  
@@ -22,12 +22,12 @@ $NetBSD: patch-aa,v 1.8 2002/10/13 04:42:13 hubertf Exp $
          case DLT_PPP:                /* point-to-point protocol */
              if(!pv.readmode_flag)
              {
-@@ -2193,7 +2206,7 @@
+@@ -1729,7 +1742,7 @@
+ {
      struct stat st;
-     int found;
      int i;
 -    char *conf_files[]={"/etc/snort.conf", "./snort.conf", NULL};
 +    char *conf_files[]={ PREFIX "/etc/snort.conf", "./snort.conf", NULL};
      char *fname = NULL;
-     char *home_dir;
-     char *tmp;
+     char *home_dir = NULL;
+     char *rval = NULL;
diff --git a/net/snort/patches/patch-ad b/net/snort/patches/patch-ad
index 3795b8026e1..e4220a21f69 100644
--- a/net/snort/patches/patch-ad
+++ b/net/snort/patches/patch-ad
@@ -1,13 +1,13 @@
-$NetBSD: patch-ad,v 1.1 2002/10/13 04:42:13 hubertf Exp $
+$NetBSD: patch-ad,v 1.2 2003/04/16 06:37:20 salo Exp $
 
---- src/Makefile.in.orig	Sun Oct 13 05:25:01 2002
-+++ src/Makefile.in
-@@ -59,7 +59,7 @@
- POST_UNINSTALL = :
- host_alias = @host_alias@
- host_triplet = @host@
+--- src/Makefile.in.orig	2003-04-09 18:01:40.000000000 +0200
++++ src/Makefile.in	2003-04-16 08:07:17.000000000 +0200
+@@ -67,7 +67,7 @@
+ PATH_SEPARATOR = @PATH_SEPARATOR@
+ AMTAR = @AMTAR@
+ AWK = @AWK@
 -CC = @CC@
 +CC = @CC@ -DPREFIX=\"@prefix@\"
- MAKEINFO = @MAKEINFO@
- PACKAGE = @PACKAGE@
- RANLIB = @RANLIB@
+ DEPDIR = @DEPDIR@
+ 
+ INCLUDES = @INCLUDES@
diff --git a/net/snort/patches/patch-ae b/net/snort/patches/patch-ae
index 34d7fe710f5..49b0ca26d84 100644
--- a/net/snort/patches/patch-ae
+++ b/net/snort/patches/patch-ae
@@ -1,7 +1,7 @@
-$NetBSD: patch-ae,v 1.1 2003/03/04 01:02:26 salo Exp $
+$NetBSD: patch-ae,v 1.2 2003/04/16 06:37:20 salo Exp $
 
---- etc/snort.conf.orig	2003-02-23 20:29:24.000000000 +0100
-+++ etc/snort.conf	2003-03-04 00:51:11.000000000 +0100
+--- etc/snort.conf.orig	2003-04-03 23:10:50.000000000 +0200
++++ etc/snort.conf	2003-04-16 08:09:48.000000000 +0200
 @@ -99,7 +99,7 @@
  var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
  
@@ -9,5 +9,5 @@ $NetBSD: patch-ae,v 1.1 2003/03/04 01:02:26 salo Exp $
 -var RULE_PATH ../rules
 +var RULE_PATH @PREFIX@/share/snort/rules
  
- ###################################################
- # Step #2: Configure preprocessors
+ # Configure the snort decoder:
+ # ============================
author	salo <salo@pkgsrc.org>	2003-04-16 06:37:19 +0000
committer	salo <salo@pkgsrc.org>	2003-04-16 06:37:19 +0000
commit	8dd2d2ad1d34f90875e380e2e21091677d393763 (patch)
tree	c1c4b6e5449d3a48997a05aca28fa1ac46c772bb /net/snort
parent	e88489b19454038603fd537d33852ffe1f578bd5 (diff)
download	pkgsrc-8dd2d2ad1d34f90875e380e2e21091677d393763.tar.gz