diff options
| author | adrianp <adrianp@pkgsrc.org> | 2005-09-14 12:46:52 +0000 |
|---|---|---|
| committer | adrianp <adrianp@pkgsrc.org> | 2005-09-14 12:46:52 +0000 |
| commit | 5def448eea01cad2acc87a2da3a69a6f45b671ef (patch) | |
| tree | 66a357bb1a5b04b5a14e900c56086af584dba47d /net/snort | |
| parent | f1aa9fe777a88bd712d2a74fa7241665802d46cb (diff) | |
| download | pkgsrc-5def448eea01cad2acc87a2da3a69a6f45b671ef.tar.gz | |
Add patch from snort CVS to address a security issue:
http://secunia.com/advisories/16786/
Whitespace police on MESSAGE
Bump to nb1
Diffstat (limited to 'net/snort')
| -rw-r--r-- | net/snort/MESSAGE | 6 | ||||
| -rw-r--r-- | net/snort/Makefile.common | 3 | ||||
| -rw-r--r-- | net/snort/distinfo | 3 | ||||
| -rw-r--r-- | net/snort/patches/patch-af | 117 |
4 files changed, 124 insertions, 5 deletions
diff --git a/net/snort/MESSAGE b/net/snort/MESSAGE index db5e440b994..1a64f9dc4a6 100644 --- a/net/snort/MESSAGE +++ b/net/snort/MESSAGE @@ -1,5 +1,5 @@ =========================================================================== -$NetBSD: MESSAGE,v 1.4 2005/08/13 19:56:47 adrianp Exp $ +$NetBSD: MESSAGE,v 1.5 2005/09/14 12:46:52 adrianp Exp $ To use snort, you will need to perform the following steps: @@ -12,9 +12,9 @@ To use snort, you will need to perform the following steps: /etc/rc.d/snort start -As of snort v2.4.0 rules are no longer distributed with the main +As of snort v2.4.0 rules are no longer distributed with the main distribution. You can either install the net/snort-rules package -which contains the GPL "Community Rules" or download your appropriate +which contains the GPL "Community Rules" or download your appropriate rules from: http://www.snort.org/pub-bin/downloads.cgi diff --git a/net/snort/Makefile.common b/net/snort/Makefile.common index 7a089288d8e..b41816d97b5 100644 --- a/net/snort/Makefile.common +++ b/net/snort/Makefile.common @@ -1,7 +1,8 @@ -# $NetBSD: Makefile.common,v 1.23 2005/08/23 11:48:50 rillig Exp $ +# $NetBSD: Makefile.common,v 1.24 2005/09/14 12:46:52 adrianp Exp $ # DISTNAME= snort-2.4.0 +PKGREVISION= 1 CATEGORIES= net security MASTER_SITES= http://www.snort.org/dl/current/ \ ftp://the.wiretapped.net/pub/security/network-intrusion-detection/snort/ \ diff --git a/net/snort/distinfo b/net/snort/distinfo index dd54a7983b6..e17911266d5 100644 --- a/net/snort/distinfo +++ b/net/snort/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.28 2005/08/13 19:56:47 adrianp Exp $ +$NetBSD: distinfo,v 1.29 2005/09/14 12:46:52 adrianp Exp $ SHA1 (snort-2.4.0.tar.gz) = 9fb3fd59a9bb0a4232beece59f21cc4f346545bb RMD160 (snort-2.4.0.tar.gz) = 8a7e602e5ae8f86d8849bdffc2c259668cf0eedc @@ -7,3 +7,4 @@ SHA1 (patch-aa) = f8cd982f2fbc5ed828bf021a489097408f1c9d43 SHA1 (patch-ab) = 0ea7deb91de5d3d68558a30e80dcbd8bd81f8a5e SHA1 (patch-ac) = 6cdf26fcaeb8dad9cd9562b77377bd56b49c9f38 SHA1 (patch-ae) = 4a669e664ccbce2b9e689fe3d281c46f6549b72c +SHA1 (patch-af) = ac7f9d6c97c07712a1d2faba0cec2fa0ad1674da diff --git a/net/snort/patches/patch-af b/net/snort/patches/patch-af new file mode 100644 index 00000000000..8eb38678b07 --- /dev/null +++ b/net/snort/patches/patch-af @@ -0,0 +1,117 @@ +$NetBSD: patch-af,v 1.1 2005/09/14 12:46:52 adrianp Exp $ + +--- src/log.c.orig 2005-07-11 15:41:40.000000000 +0100 ++++ src/log.c 2005-08-23 16:52:19.000000000 +0100 +@@ -1478,7 +1478,10 @@ + { + for(j = 0; j < p->ip_options[i].len; j++) + { +- fprintf(fp, "%02X", p->ip_options[i].data[j]); ++ if (p->ip_options[i].data) ++ fprintf(fp, "%02X", p->ip_options[i].data[j]); ++ else ++ fprintf(fp, "%02X", 0); + + if((j % 2) == 0) + fprintf(fp, " "); +@@ -1522,7 +1525,8 @@ + case TCPOPT_MAXSEG: + bzero((char *) tmp, 5); + fwrite("MSS: ", 5, 1, fp); +- memcpy(tmp, p->tcp_options[i].data, 2); ++ if (p->tcp_options[i].data) ++ memcpy(tmp, p->tcp_options[i].data, 2); + fprintf(fp, "%u ", EXTRACT_16BITS(tmp)); + break; + +@@ -1535,15 +1539,20 @@ + break; + + case TCPOPT_WSCALE: +- fprintf(fp, "WS: %u ", p->tcp_options[i].data[0]); ++ if (p->tcp_options[i].data) ++ fprintf(fp, "WS: %u ", p->tcp_options[i].data[0]); ++ else ++ fprintf(fp, "WS: %u ", 0); + break; + + case TCPOPT_SACK: + bzero((char *) tmp, 5); +- memcpy(tmp, p->tcp_options[i].data, 2); ++ if (p->tcp_options[i].data) ++ memcpy(tmp, p->tcp_options[i].data, 2); + fprintf(fp, "Sack: %u@", EXTRACT_16BITS(tmp)); + bzero((char *) tmp, 5); +- memcpy(tmp, (p->tcp_options[i].data) + 2, 2); ++ if (p->tcp_options[i].data) ++ memcpy(tmp, (p->tcp_options[i].data) + 2, 2); + fprintf(fp, "%u ", EXTRACT_16BITS(tmp)); + break; + +@@ -1553,40 +1562,47 @@ + + case TCPOPT_ECHO: + bzero((char *) tmp, 5); +- memcpy(tmp, p->tcp_options[i].data, 4); ++ if (p->tcp_options[i].data) ++ memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "Echo: %u ", EXTRACT_32BITS(tmp)); + break; + + case TCPOPT_ECHOREPLY: + bzero((char *) tmp, 5); +- memcpy(tmp, p->tcp_options[i].data, 4); ++ if (p->tcp_options[i].data) ++ memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "Echo Rep: %u ", EXTRACT_32BITS(tmp)); + break; + + case TCPOPT_TIMESTAMP: + bzero((char *) tmp, 5); +- memcpy(tmp, p->tcp_options[i].data, 4); ++ if (p->tcp_options[i].data) ++ memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "TS: %u ", EXTRACT_32BITS(tmp)); + bzero((char *) tmp, 5); +- memcpy(tmp, (p->tcp_options[i].data) + 4, 4); ++ if (p->tcp_options[i].data) ++ memcpy(tmp, (p->tcp_options[i].data) + 4, 4); + fprintf(fp, "%u ", EXTRACT_32BITS(tmp)); + break; + + case TCPOPT_CC: + bzero((char *) tmp, 5); +- memcpy(tmp, p->tcp_options[i].data, 4); ++ if (p->tcp_options[i].data) ++ memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "CC %u ", EXTRACT_32BITS(tmp)); + break; + + case TCPOPT_CCNEW: + bzero((char *) tmp, 5); +- memcpy(tmp, p->tcp_options[i].data, 4); ++ if (p->tcp_options[i].data) ++ memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "CCNEW: %u ", EXTRACT_32BITS(tmp)); + break; + + case TCPOPT_CCECHO: + bzero((char *) tmp, 5); +- memcpy(tmp, p->tcp_options[i].data, 4); ++ if (p->tcp_options[i].data) ++ memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "CCECHO: %u ", EXTRACT_32BITS(tmp)); + break; + +@@ -1598,7 +1614,10 @@ + + for(j = 0; j < p->tcp_options[i].len; j++) + { +- fprintf(fp, "%02X", p->tcp_options[i].data[j]); ++ if (p->tcp_options[i].data) ++ fprintf(fp, "%02X", p->tcp_options[i].data[j]); ++ else ++ fprintf(fp, "%02X", 0); + + if((j % 2) == 0) + fprintf(fp, " "); |