- Update snort to 2.2.0

- ok'ed snj@, wiz@
- Install database scripts which goes a part-way to addressing PR 18996

Updated database schema diagram from Chris Reid. Schema can be found in
./doc/snort_schema_v106.pdf
Added --include-pcre* configuration option to help cross compiling. Thanks
Erik de Castro Lopo.
Fixed thresholding/suppression issue with queuing multiple events per packet.
Thanks Andreas Ostling.
When a rebuilt stream causes an alert, log out the original packets instead of
the rebuilt packet. Thanks sekure@gmail.com for the report.
Turned off http_inspect alerts that were causing false positives in the preset
webserver profiles (Thanks Dan Roelker).
Turn off encoding alerts in HTTP parameter field. The parameter field is still
normalized, it just doesn't alert. This helps reduce alerts that are generated
from complex parameter queries (Thanks Dan Roelker).
Fixed memory leak in "fast" output. Thanks for your bug report
sekure@gmail.com.
Clear error code which under Windows was causing a subsequent false failure in
parsing threshold rules. (Thanks to Rich Adamson)

Further details can be found in Changelog and RELEASE.NOTES.

4 files changed, 139 insertions, 14 deletions

diff --git a/net/snort/Makefile.common b/net/snort/Makefile.common
index f02ab28b8ce..2ceb8ae63ed 100644
--- a/net/snort/Makefile.common
+++ b/net/snort/Makefile.common
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.15 2004/07/01 17:10:22 adrianp Exp $
+# $NetBSD: Makefile.common,v 1.16 2004/09/21 15:50:26 adrianp Exp $
 #
 
-DISTNAME=		snort-2.1.3
+DISTNAME=		snort-2.2.0
 CATEGORIES=		net security
-MASTER_SITES=		http://www.snort.org/dl/				\
+MASTER_SITES=		http://www.snort.org/dl/ \
 			ftp://the.wiretapped.net/pub/security/network-intrusion-detection/snort/ \
 			ftp://gd.tuwien.ac.at/infosys/security/snort/dl/
 
@@ -49,6 +49,7 @@ SUPPORT_FILES+=		${EGDIR}/unicode.map \
 			${PKG_SYSCONFDIR}/unicode.map
 
 EGDIR=			${PREFIX}/share/examples/snort
+SNORTDIR=		${PREFIX}/share/snort
 
 SUBST_CLASSES=		paths
 SUBST_STAGE.paths=	post-patch
@@ -79,6 +80,7 @@ post-install:
 		${INSTALL_DATA} $$i ${PREFIX}/share/snort/rules ; \
 	done
 	${INSTALL_MAN} ${WRKSRC}/snort.8 ${PREFIX}/man/man8
+	${INSTALL_DATA} ${WRKSRC}/contrib/create_* ${SNORTDIR}
 
 .include "../../devel/pcre/buildlink3.mk"
 .include "../../net/libpcap/buildlink3.mk"
diff --git a/net/snort/PLIST b/net/snort/PLIST
index 1be494562f0..aefae074e8b 100644
--- a/net/snort/PLIST
+++ b/net/snort/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.15 2004/07/01 17:10:22 adrianp Exp $
+@comment $NetBSD: PLIST,v 1.16 2004/09/21 15:50:26 adrianp Exp $
 bin/snort
 man/man8/snort.8
 share/doc/snort/AUTHORS
@@ -14,6 +14,7 @@ share/doc/snort/README.PLUGINS
 share/doc/snort/README.UNSOCK
 share/doc/snort/README.WIN32
 share/doc/snort/README.alert_order
+share/doc/snort/README.asn1
 share/doc/snort/README.csv
 share/doc/snort/README.database
 share/doc/snort/README.event_queue
@@ -221,6 +222,24 @@ share/doc/snort/signatures/1186.txt
 share/doc/snort/signatures/1187.txt
 share/doc/snort/signatures/1188.txt
 share/doc/snort/signatures/1189.txt
+share/doc/snort/signatures/119-1.txt
+share/doc/snort/signatures/119-10.txt
+share/doc/snort/signatures/119-11.txt
+share/doc/snort/signatures/119-12.txt
+share/doc/snort/signatures/119-13.txt
+share/doc/snort/signatures/119-14.txt
+share/doc/snort/signatures/119-15.txt
+share/doc/snort/signatures/119-16.txt
+share/doc/snort/signatures/119-17.txt
+share/doc/snort/signatures/119-18.txt
+share/doc/snort/signatures/119-2.txt
+share/doc/snort/signatures/119-3.txt
+share/doc/snort/signatures/119-4.txt
+share/doc/snort/signatures/119-5.txt
+share/doc/snort/signatures/119-6.txt
+share/doc/snort/signatures/119-7.txt
+share/doc/snort/signatures/119-8.txt
+share/doc/snort/signatures/119-9.txt
 share/doc/snort/signatures/119.txt
 share/doc/snort/signatures/1190.txt
 share/doc/snort/signatures/1191.txt
@@ -232,6 +251,7 @@ share/doc/snort/signatures/1196.txt
 share/doc/snort/signatures/1197.txt
 share/doc/snort/signatures/1198.txt
 share/doc/snort/signatures/1199.txt
+share/doc/snort/signatures/120-1.txt
 share/doc/snort/signatures/120.txt
 share/doc/snort/signatures/1200.txt
 share/doc/snort/signatures/1201.txt
@@ -1452,6 +1472,7 @@ share/doc/snort/signatures/2384.txt
 share/doc/snort/signatures/2385.txt
 share/doc/snort/signatures/2386.txt
 share/doc/snort/signatures/2387.txt
+share/doc/snort/signatures/2388.txt
 share/doc/snort/signatures/2389.txt
 share/doc/snort/signatures/239.txt
 share/doc/snort/signatures/2390.txt
@@ -1470,8 +1491,13 @@ share/doc/snort/signatures/2401.txt
 share/doc/snort/signatures/2402.txt
 share/doc/snort/signatures/2403.txt
 share/doc/snort/signatures/2404.txt
+share/doc/snort/signatures/2405.txt
+share/doc/snort/signatures/2406.txt
+share/doc/snort/signatures/2407.txt
+share/doc/snort/signatures/2408.txt
 share/doc/snort/signatures/2409.txt
 share/doc/snort/signatures/241.txt
+share/doc/snort/signatures/2410.txt
 share/doc/snort/signatures/2411.txt
 share/doc/snort/signatures/2412.txt
 share/doc/snort/signatures/2413.txt
@@ -1499,6 +1525,7 @@ share/doc/snort/signatures/2433.txt
 share/doc/snort/signatures/2434.txt
 share/doc/snort/signatures/2435.txt
 share/doc/snort/signatures/2436.txt
+share/doc/snort/signatures/2437.txt
 share/doc/snort/signatures/2438.txt
 share/doc/snort/signatures/2439.txt
 share/doc/snort/signatures/244.txt
@@ -1639,14 +1666,105 @@ share/doc/snort/signatures/2561.txt
 share/doc/snort/signatures/2562.txt
 share/doc/snort/signatures/2563.txt
 share/doc/snort/signatures/2564.txt
+share/doc/snort/signatures/2565.txt
+share/doc/snort/signatures/2566.txt
+share/doc/snort/signatures/2567.txt
+share/doc/snort/signatures/2568.txt
+share/doc/snort/signatures/2569.txt
 share/doc/snort/signatures/257.txt
+share/doc/snort/signatures/2570.txt
+share/doc/snort/signatures/2571.txt
+share/doc/snort/signatures/2572.txt
+share/doc/snort/signatures/2573.txt
+share/doc/snort/signatures/2574.txt
+share/doc/snort/signatures/2575.txt
+share/doc/snort/signatures/2576.txt
+share/doc/snort/signatures/2577.txt
+share/doc/snort/signatures/2578.txt
+share/doc/snort/signatures/2579.txt
 share/doc/snort/signatures/258.txt
+share/doc/snort/signatures/2580.txt
+share/doc/snort/signatures/2581.txt
+share/doc/snort/signatures/2582.txt
+share/doc/snort/signatures/2583.txt
+share/doc/snort/signatures/2584.txt
+share/doc/snort/signatures/2585.txt
+share/doc/snort/signatures/2586.txt
+share/doc/snort/signatures/2587.txt
+share/doc/snort/signatures/2588.txt
+share/doc/snort/signatures/2589.txt
 share/doc/snort/signatures/259.txt
+share/doc/snort/signatures/2590.txt
+share/doc/snort/signatures/2591.txt
+share/doc/snort/signatures/2592.txt
+share/doc/snort/signatures/2593.txt
+share/doc/snort/signatures/2594.txt
+share/doc/snort/signatures/2595.txt
+share/doc/snort/signatures/2596.txt
+share/doc/snort/signatures/2597.txt
+share/doc/snort/signatures/2598.txt
+share/doc/snort/signatures/2599.txt
 share/doc/snort/signatures/260.txt
+share/doc/snort/signatures/2600.txt
+share/doc/snort/signatures/2601.txt
+share/doc/snort/signatures/2602.txt
+share/doc/snort/signatures/2603.txt
+share/doc/snort/signatures/2604.txt
+share/doc/snort/signatures/2605.txt
+share/doc/snort/signatures/2606.txt
+share/doc/snort/signatures/2607.txt
+share/doc/snort/signatures/2608.txt
+share/doc/snort/signatures/2609.txt
 share/doc/snort/signatures/261.txt
+share/doc/snort/signatures/2610.txt
+share/doc/snort/signatures/2611.txt
+share/doc/snort/signatures/2612.txt
+share/doc/snort/signatures/2613.txt
+share/doc/snort/signatures/2614.txt
+share/doc/snort/signatures/2615.txt
+share/doc/snort/signatures/2616.txt
+share/doc/snort/signatures/2617.txt
+share/doc/snort/signatures/2618.txt
+share/doc/snort/signatures/2619.txt
 share/doc/snort/signatures/262.txt
+share/doc/snort/signatures/2620.txt
+share/doc/snort/signatures/2621.txt
+share/doc/snort/signatures/2622.txt
+share/doc/snort/signatures/2623.txt
+share/doc/snort/signatures/2624.txt
+share/doc/snort/signatures/2625.txt
+share/doc/snort/signatures/2626.txt
+share/doc/snort/signatures/2627.txt
+share/doc/snort/signatures/2628.txt
+share/doc/snort/signatures/2629.txt
+share/doc/snort/signatures/2630.txt
+share/doc/snort/signatures/2631.txt
+share/doc/snort/signatures/2632.txt
+share/doc/snort/signatures/2633.txt
+share/doc/snort/signatures/2634.txt
+share/doc/snort/signatures/2635.txt
+share/doc/snort/signatures/2636.txt
+share/doc/snort/signatures/2637.txt
+share/doc/snort/signatures/2638.txt
+share/doc/snort/signatures/2639.txt
 share/doc/snort/signatures/264.txt
+share/doc/snort/signatures/2640.txt
+share/doc/snort/signatures/2641.txt
+share/doc/snort/signatures/2642.txt
+share/doc/snort/signatures/2643.txt
+share/doc/snort/signatures/2644.txt
+share/doc/snort/signatures/2645.txt
+share/doc/snort/signatures/2646.txt
+share/doc/snort/signatures/2647.txt
+share/doc/snort/signatures/2648.txt
+share/doc/snort/signatures/2649.txt
 share/doc/snort/signatures/265.txt
+share/doc/snort/signatures/2650.txt
+share/doc/snort/signatures/2651.txt
+share/doc/snort/signatures/2652.txt
+share/doc/snort/signatures/2653.txt
+share/doc/snort/signatures/2654.txt
+share/doc/snort/signatures/2655.txt
 share/doc/snort/signatures/266.txt
 share/doc/snort/signatures/267.txt
 share/doc/snort/signatures/268.txt
@@ -2283,6 +2401,7 @@ share/doc/snort/signatures/999.txt
 share/doc/snort/signatures/snort-sid-template.txt
 share/doc/snort/snort_manual.pdf
 share/doc/snort/snort_manual.tex
+share/doc/snort/snort_schema_v106.pdf
 share/examples/snort/classification.config
 share/examples/snort/gen-msg.map
 share/examples/snort/generators
@@ -2292,6 +2411,10 @@ share/examples/snort/sid-msg.map
 share/examples/snort/snort.conf.default
 share/examples/snort/threshold.conf
 share/examples/snort/unicode.map
+share/snort/create_mssql
+share/snort/create_mysql
+share/snort/create_oracle.sql
+share/snort/create_postgresql
 share/snort/rules/attack-responses.rules
 share/snort/rules/backdoor.rules
 share/snort/rules/bad-traffic.rules
diff --git a/net/snort/distinfo b/net/snort/distinfo
index dde9ba94fbb..120df437186 100644
--- a/net/snort/distinfo
+++ b/net/snort/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.22 2004/07/01 17:10:22 adrianp Exp $
+$NetBSD: distinfo,v 1.23 2004/09/21 15:50:26 adrianp Exp $
 
-SHA1 (snort-2.1.3.tar.gz) = 34859591085607d964f063a404ea06e597ba6df6
-Size (snort-2.1.3.tar.gz) = 2379344 bytes
+SHA1 (snort-2.2.0.tar.gz) = 80975f71ac2e6d123b881b60b49e97b96264045d
+Size (snort-2.2.0.tar.gz) = 2498466 bytes
 SHA1 (patch-aa) = 08bbfc795c7db4d06f1a1a887369df2c6b1a0a79
 SHA1 (patch-ab) = 0ea7deb91de5d3d68558a30e80dcbd8bd81f8a5e
 SHA1 (patch-ac) = 6cdf26fcaeb8dad9cd9562b77377bd56b49c9f38
 SHA1 (patch-ad) = 983317cb82d13de66ac88127d3eea7d3b3186da4
-SHA1 (patch-ae) = 2e2f6373b9859959e161a106ab4b1122fbc5a06c
+SHA1 (patch-ae) = 4a669e664ccbce2b9e689fe3d281c46f6549b72c
diff --git a/net/snort/patches/patch-ae b/net/snort/patches/patch-ae
index 9d57194f5f0..429a8060466 100644
--- a/net/snort/patches/patch-ae
+++ b/net/snort/patches/patch-ae
@@ -1,11 +1,11 @@
-$NetBSD: patch-ae,v 1.3 2003/12/31 14:11:42 salo Exp $
+$NetBSD: patch-ae,v 1.4 2004/09/21 15:50:26 adrianp Exp $
 
---- etc/snort.conf.orig	2003-12-18 18:14:35.000000000 +0100
-+++ etc/snort.conf	2003-12-30 02:25:47.000000000 +0100
-@@ -104,7 +104,7 @@
- var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
- 
+--- etc/snort.conf.orig	Mon Sep  6 13:21:50 2004
++++ etc/snort.conf	Mon Sep  6 13:24:34 2004
+@@ -106,7 +106,7 @@
  # Path to your rules files (this can be a relative path)
+ # Note for Windows users:  You are advised to make this an absolute path,
+ # such as:  c:\snort\rules
 -var RULE_PATH ../rules
 +var RULE_PATH @PREFIX@/share/snort/rules