Add patch from snort CVS to address a security issue:

http://secunia.com/advisories/16786/ Whitespace police on MESSAGE Bump to nb1
author: adrianp <adrianp> 2005-09-14 12:46:52 +0000
committer: adrianp <adrianp> 2005-09-14 12:46:52 +0000
commit: f3efa85e6b3c1c24486cf3f4d9d6f8be16ccce56 (patch)
tree: 66a357bb1a5b04b5a14e900c56086af584dba47d /net/snort
parent: baaaa8cad1d6ce3a4c68c99c584dfcbbd06cb52e (diff)
download: pkgsrc-f3efa85e6b3c1c24486cf3f4d9d6f8be16ccce56.tar.gz
4 files changed, 124 insertions, 5 deletions
diff --git a/net/snort/MESSAGE b/net/snort/MESSAGE
index db5e440b994..1a64f9dc4a6 100644
--- a/net/snort/MESSAGE
+++ b/net/snort/MESSAGE
@@ -1,5 +1,5 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.4 2005/08/13 19:56:47 adrianp Exp $
+$NetBSD: MESSAGE,v 1.5 2005/09/14 12:46:52 adrianp Exp $
 
 To use snort, you will need to perform the following steps:
 
@@ -12,9 +12,9 @@ To use snort, you will need to perform the following steps:
 
 	/etc/rc.d/snort start
 
-As of snort v2.4.0 rules are no longer distributed with the main 
+As of snort v2.4.0 rules are no longer distributed with the main
 distribution.  You can either install the net/snort-rules package
-which contains the GPL "Community Rules" or download your appropriate 
+which contains the GPL "Community Rules" or download your appropriate
 rules from:
 
 	http://www.snort.org/pub-bin/downloads.cgi
diff --git a/net/snort/Makefile.common b/net/snort/Makefile.common
index 7a089288d8e..b41816d97b5 100644
--- a/net/snort/Makefile.common
+++ b/net/snort/Makefile.common
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile.common,v 1.23 2005/08/23 11:48:50 rillig Exp $
+# $NetBSD: Makefile.common,v 1.24 2005/09/14 12:46:52 adrianp Exp $
 #
 
 DISTNAME=		snort-2.4.0
+PKGREVISION=		1
 CATEGORIES=		net security
 MASTER_SITES=		http://www.snort.org/dl/current/ \
 			ftp://the.wiretapped.net/pub/security/network-intrusion-detection/snort/ \
diff --git a/net/snort/distinfo b/net/snort/distinfo
index dd54a7983b6..e17911266d5 100644
--- a/net/snort/distinfo
+++ b/net/snort/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.28 2005/08/13 19:56:47 adrianp Exp $
+$NetBSD: distinfo,v 1.29 2005/09/14 12:46:52 adrianp Exp $
 
 SHA1 (snort-2.4.0.tar.gz) = 9fb3fd59a9bb0a4232beece59f21cc4f346545bb
 RMD160 (snort-2.4.0.tar.gz) = 8a7e602e5ae8f86d8849bdffc2c259668cf0eedc
@@ -7,3 +7,4 @@ SHA1 (patch-aa) = f8cd982f2fbc5ed828bf021a489097408f1c9d43
 SHA1 (patch-ab) = 0ea7deb91de5d3d68558a30e80dcbd8bd81f8a5e
 SHA1 (patch-ac) = 6cdf26fcaeb8dad9cd9562b77377bd56b49c9f38
 SHA1 (patch-ae) = 4a669e664ccbce2b9e689fe3d281c46f6549b72c
+SHA1 (patch-af) = ac7f9d6c97c07712a1d2faba0cec2fa0ad1674da
diff --git a/net/snort/patches/patch-af b/net/snort/patches/patch-af
new file mode 100644
index 00000000000..8eb38678b07
--- /dev/null
+++ b/net/snort/patches/patch-af
@@ -0,0 +1,117 @@
+$NetBSD: patch-af,v 1.1 2005/09/14 12:46:52 adrianp Exp $
+
+--- src/log.c.orig	2005-07-11 15:41:40.000000000 +0100
++++ src/log.c	2005-08-23 16:52:19.000000000 +0100
+@@ -1478,7 +1478,10 @@
+                 {
+                     for(j = 0; j < p->ip_options[i].len; j++)
+                     {
+-                        fprintf(fp, "%02X", p->ip_options[i].data[j]);
++                        if (p->ip_options[i].data)
++                            fprintf(fp, "%02X", p->ip_options[i].data[j]);
++                        else
++                            fprintf(fp, "%02X", 0);
+                         
+                         if((j % 2) == 0)
+                             fprintf(fp, " ");
+@@ -1522,7 +1525,8 @@
+             case TCPOPT_MAXSEG:
+                 bzero((char *) tmp, 5);
+                 fwrite("MSS: ", 5, 1, fp);
+-                memcpy(tmp, p->tcp_options[i].data, 2);
++                if (p->tcp_options[i].data)
++                    memcpy(tmp, p->tcp_options[i].data, 2);
+                 fprintf(fp, "%u ", EXTRACT_16BITS(tmp));
+                 break;
+ 
+@@ -1535,15 +1539,20 @@
+                 break;
+ 
+             case TCPOPT_WSCALE:
+-                fprintf(fp, "WS: %u ", p->tcp_options[i].data[0]);
++                if (p->tcp_options[i].data)
++                    fprintf(fp, "WS: %u ", p->tcp_options[i].data[0]);
++                else
++                    fprintf(fp, "WS: %u ", 0);
+                 break;
+ 
+             case TCPOPT_SACK:
+                 bzero((char *) tmp, 5);
+-                memcpy(tmp, p->tcp_options[i].data, 2);
++                if (p->tcp_options[i].data)
++                    memcpy(tmp, p->tcp_options[i].data, 2);
+                 fprintf(fp, "Sack: %u@", EXTRACT_16BITS(tmp));
+                 bzero((char *) tmp, 5);
+-                memcpy(tmp, (p->tcp_options[i].data) + 2, 2);
++                if (p->tcp_options[i].data)
++                    memcpy(tmp, (p->tcp_options[i].data) + 2, 2);
+                 fprintf(fp, "%u ", EXTRACT_16BITS(tmp));
+                 break;
+ 
+@@ -1553,40 +1562,47 @@
+ 
+             case TCPOPT_ECHO:
+                 bzero((char *) tmp, 5);
+-                memcpy(tmp, p->tcp_options[i].data, 4);
++                if (p->tcp_options[i].data)
++                    memcpy(tmp, p->tcp_options[i].data, 4);
+                 fprintf(fp, "Echo: %u ", EXTRACT_32BITS(tmp));
+                 break;
+ 
+             case TCPOPT_ECHOREPLY:
+                 bzero((char *) tmp, 5);
+-                memcpy(tmp, p->tcp_options[i].data, 4);
++                if (p->tcp_options[i].data)
++                    memcpy(tmp, p->tcp_options[i].data, 4);
+                 fprintf(fp, "Echo Rep: %u ", EXTRACT_32BITS(tmp));
+                 break;
+ 
+             case TCPOPT_TIMESTAMP:
+                 bzero((char *) tmp, 5);
+-                memcpy(tmp, p->tcp_options[i].data, 4);
++                if (p->tcp_options[i].data)
++                    memcpy(tmp, p->tcp_options[i].data, 4);
+                 fprintf(fp, "TS: %u ", EXTRACT_32BITS(tmp));
+                 bzero((char *) tmp, 5);
+-                memcpy(tmp, (p->tcp_options[i].data) + 4, 4);
++                if (p->tcp_options[i].data)
++                    memcpy(tmp, (p->tcp_options[i].data) + 4, 4);
+                 fprintf(fp, "%u ", EXTRACT_32BITS(tmp));
+                 break;
+ 
+             case TCPOPT_CC:
+                 bzero((char *) tmp, 5);
+-                memcpy(tmp, p->tcp_options[i].data, 4);
++                if (p->tcp_options[i].data)
++                    memcpy(tmp, p->tcp_options[i].data, 4);
+                 fprintf(fp, "CC %u ", EXTRACT_32BITS(tmp));
+                 break;
+ 
+             case TCPOPT_CCNEW:
+                 bzero((char *) tmp, 5);
+-                memcpy(tmp, p->tcp_options[i].data, 4);
++                if (p->tcp_options[i].data)
++                    memcpy(tmp, p->tcp_options[i].data, 4);
+                 fprintf(fp, "CCNEW: %u ", EXTRACT_32BITS(tmp));
+                 break;
+ 
+             case TCPOPT_CCECHO:
+                 bzero((char *) tmp, 5);
+-                memcpy(tmp, p->tcp_options[i].data, 4);
++                if (p->tcp_options[i].data)
++                    memcpy(tmp, p->tcp_options[i].data, 4);
+                 fprintf(fp, "CCECHO: %u ", EXTRACT_32BITS(tmp));
+                 break;
+ 
+@@ -1598,7 +1614,10 @@
+ 
+                     for(j = 0; j < p->tcp_options[i].len; j++)
+                     {
+-                        fprintf(fp, "%02X", p->tcp_options[i].data[j]);
++                        if (p->tcp_options[i].data)
++                            fprintf(fp, "%02X", p->tcp_options[i].data[j]);
++                        else
++                            fprintf(fp, "%02X", 0);
+                         
+                         if((j % 2) == 0)
+                             fprintf(fp, " ");
author	adrianp <adrianp>	2005-09-14 12:46:52 +0000
committer	adrianp <adrianp>	2005-09-14 12:46:52 +0000
commit	f3efa85e6b3c1c24486cf3f4d9d6f8be16ccce56 (patch)
tree	66a357bb1a5b04b5a14e900c56086af584dba47d /net/snort
parent	baaaa8cad1d6ce3a4c68c99c584dfcbbd06cb52e (diff)
download	pkgsrc-f3efa85e6b3c1c24486cf3f4d9d6f8be16ccce56.tar.gz