Update to 2.8.5.1, to resolve a security issue.

Upstream NEWS is weak; release notes for 2.8.5.1 follow. [*] Improvements * Fixed syslog output when running on Windows. * Fixed potential segfault when printing IPv6 packets using the -v option. Thanks to Laurent Gaffie for reporting this issue. * Fixed segfault when additional policies were added during a configuration reload.
author: gdt <gdt@pkgsrc.org> 2011-04-01 16:48:36 +0000
committer: gdt <gdt@pkgsrc.org> 2011-04-01 16:48:36 +0000
commit: c62ec4adb2356d884e325132215b113ddf9bacb2 (patch)
tree: 55a001121ce4be5f58169207ce64935358722a8e /net/snort
parent: 9fc67e7dc11fe4a18b6660f284d9ebc347bfcc47 (diff)
download: pkgsrc-c62ec4adb2356d884e325132215b113ddf9bacb2.tar.gz
6 files changed, 46 insertions, 47 deletions
diff --git a/net/snort/Makefile b/net/snort/Makefile
index 5c712e262f5..6764bc23ea3 100644
--- a/net/snort/Makefile
+++ b/net/snort/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.42 2009/12/09 11:42:35 obache Exp $
+# $NetBSD: Makefile,v 1.43 2011/04/01 16:48:36 gdt Exp $
 #
 
-DISTNAME=		snort-2.8.3.1
+DISTNAME=		snort-2.8.5.1
 CATEGORIES=		net security
 MASTER_SITES=		http://www.snort.org/dl/ \
 			http://www.snort.org/dl/current/ \
@@ -11,6 +11,8 @@ MAINTAINER=		pkgsrc-users@NetBSD.org
 HOMEPAGE=		http://www.snort.org/
 COMMENT=		The Open Source Network Intrusion Detection System
 
+LICENSE=		gnu-gpl-v2
+
 PKG_DESTDIR_SUPPORT=	user-destdir
 
 CONFLICTS+=		snort-mysql-[0-9]*
diff --git a/net/snort/PLIST b/net/snort/PLIST
index 0fd4a173eac..2ec63fe998b 100644
--- a/net/snort/PLIST
+++ b/net/snort/PLIST
@@ -1,14 +1,16 @@
-@comment $NetBSD: PLIST,v 1.30 2009/06/14 21:00:05 joerg Exp $
+@comment $NetBSD: PLIST,v 1.31 2011/04/01 16:48:36 gdt Exp $
 bin/snort
+lib/pkgconfig/snort.pc
 lib/snort_dynamicengine/libsf_engine.la
-lib/snort_dynamicrules/lib_sfdynamic_example_rule.la
+lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la
+lib/snort_dynamicpreprocessor/libsf_dce2_preproc.la
 lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
 lib/snort_dynamicpreprocessor/libsf_dns_preproc.la
 lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la
-lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la
 lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la
 lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la
-lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la
+lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la
+lib/snort_dynamicrules/lib_sfdynamic_example_rule.la
 man/man8/snort.8
 share/doc/snort/AUTHORS
 share/doc/snort/BUGS
@@ -31,12 +33,12 @@ share/doc/snort/README.asn1
 share/doc/snort/README.csv
 share/doc/snort/README.database
 share/doc/snort/README.dcerpc
-share/doc/snort/README.decoder_preproc_rules
+share/doc/snort/README.dcerpc2
 share/doc/snort/README.decode
+share/doc/snort/README.decoder_preproc_rules
 share/doc/snort/README.dns
 share/doc/snort/README.event_queue
-share/doc/snort/README.flow
-share/doc/snort/README.flow-portscan
+share/doc/snort/README.filters
 share/doc/snort/README.flowbits
 share/doc/snort/README.frag3
 share/doc/snort/README.ftptelnet
@@ -44,23 +46,24 @@ share/doc/snort/README.gre
 share/doc/snort/README.http_inspect
 share/doc/snort/README.ipip
 share/doc/snort/README.ipv6
+share/doc/snort/README.multipleconfigs
 share/doc/snort/README.pcap_readmode
 share/doc/snort/README.ppm
+share/doc/snort/README.reload
 share/doc/snort/README.sfportscan
 share/doc/snort/README.ssh
 share/doc/snort/README.ssl
-share/doc/snort/README.stream4
 share/doc/snort/README.stream5
 share/doc/snort/README.tag
 share/doc/snort/README.thresholding
 share/doc/snort/README.variables
 share/doc/snort/README.wireless
-share/doc/snort/generators
 share/doc/snort/TODO
 share/doc/snort/USAGE
 share/doc/snort/WISHLIST
 share/doc/snort/faq.pdf
 share/doc/snort/faq.tex
+share/doc/snort/generators
 share/doc/snort/schemas/create_db2
 share/doc/snort/schemas/create_mssql
 share/doc/snort/schemas/create_mysql
@@ -83,6 +86,8 @@ share/snort/src/snort_dynamicsrc/debug.h
 share/snort/src/snort_dynamicsrc/pcap_pkthdr32.h
 share/snort/src/snort_dynamicsrc/preprocids.h
 share/snort/src/snort_dynamicsrc/profiler.h
+share/snort/src/snort_dynamicsrc/sfPolicyUserData.c
+share/snort/src/snort_dynamicsrc/sfPolicyUserData.h
 share/snort/src/snort_dynamicsrc/sf_dynamic_common.h
 share/snort/src/snort_dynamicsrc/sf_dynamic_meta.h
 share/snort/src/snort_dynamicsrc/sf_dynamic_preproc_lib.c
diff --git a/net/snort/distinfo b/net/snort/distinfo
index 480c5586de4..dfe974b8fae 100644
--- a/net/snort/distinfo
+++ b/net/snort/distinfo
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.46 2008/10/25 18:35:19 adrianp Exp $
+$NetBSD: distinfo,v 1.47 2011/04/01 16:48:36 gdt Exp $
 
-SHA1 (snort-2.8.3.1.tar.gz) = 384203f68e2000c490bbc5a5a2724b0b74d10e74
-RMD160 (snort-2.8.3.1.tar.gz) = 53ab2df684ba327718d3dac1c8efa21c3ae05248
-Size (snort-2.8.3.1.tar.gz) = 4309333 bytes
-SHA1 (patch-aa) = 4fe3bb6a40aea972249e4b21b7142b548c761978
+SHA1 (snort-2.8.5.1.tar.gz) = b971052cdd4b3527a0603854953103fe9ad8a45b
+RMD160 (snort-2.8.5.1.tar.gz) = fbfab45f1d7d815516043592eab8cf1cc6ec93d0
+Size (snort-2.8.5.1.tar.gz) = 4715078 bytes
+SHA1 (patch-aa) = 3e59b984e5cb21f3fc12e07cdd0560f7cab4f2eb
 SHA1 (patch-ab) = 0ea7deb91de5d3d68558a30e80dcbd8bd81f8a5e
-SHA1 (patch-ac) = 6cdf26fcaeb8dad9cd9562b77377bd56b49c9f38
+SHA1 (patch-ac) = 95e08ebd8a57295540923a49c54177e81ec601c5
 SHA1 (patch-ad) = d4bf1dee02af1f1730263a78a868bbdae5d8846d
 SHA1 (patch-ae) = ca74cfab6d9010d037a1e72e7c39b7982888c476
-SHA1 (patch-af) = ce5129f0337514c9a2a9a482e2f1ed9a405112ec
+SHA1 (patch-af) = 03df09e853819816034109429762a3bb01b59fb0
 SHA1 (patch-ag) = 1dfcb56284528b307f44d911f84f64832d907139
 SHA1 (patch-ah) = 1dee26c42c30e60be83a5e574183f2394d23e340
diff --git a/net/snort/patches/patch-aa b/net/snort/patches/patch-aa
index 93826cf886f..d4f1450950f 100644
--- a/net/snort/patches/patch-aa
+++ b/net/snort/patches/patch-aa
@@ -1,18 +1,10 @@
-$NetBSD: patch-aa,v 1.16 2007/10/21 00:22:53 adrianp Exp $
+$NetBSD: patch-aa,v 1.17 2011/04/01 16:48:36 gdt Exp $
 
---- src/snort.c.orig	2007-09-07 19:01:56.000000000 +0100
+--- src/snort.c.orig	2009-10-19 17:44:03.000000000 +0000
 +++ src/snort.c
-@@ -158,7 +158,6 @@ extern OutputFuncNode *LogList;
- time_t start_time;    /* tracks how many seconds snort actually ran */
- #endif
- 
--extern int errno;
- 
- /* exported variables *********************************************************/
- u_int8_t runMode = 0;   /* snort run mode */
-@@ -3194,6 +3193,19 @@ int SetPktProcessor(void)
- 
+@@ -2737,6 +2737,19 @@ static int SetPktProcessor(void)
              break;
+ #endif  // NO_NON_ETHER_DECODER
  
 +#if defined(__NetBSD__)
 +#  if defined(__NetBSD_Version__)
@@ -28,9 +20,9 @@ $NetBSD: patch-aa,v 1.16 2007/10/21 00:22:53 adrianp Exp $
 +#endif /* NetBSD */
 +
          case DLT_PPP:                /* point-to-point protocol */
-             if(!pv.readmode_flag)
+             if (!ScReadMode())
              {
-@@ -3743,7 +3755,7 @@ static char *ConfigFileSearch()
+@@ -3379,7 +3392,7 @@ static char *ConfigFileSearch(void)
  {
      struct stat st;
      int i;
diff --git a/net/snort/patches/patch-ac b/net/snort/patches/patch-ac
index 4bf04b6926c..c3bc79f28a4 100644
--- a/net/snort/patches/patch-ac
+++ b/net/snort/patches/patch-ac
@@ -1,13 +1,13 @@
-$NetBSD: patch-ac,v 1.1 2002/10/13 04:42:13 hubertf Exp $
+$NetBSD: patch-ac,v 1.2 2011/04/01 16:48:36 gdt Exp $
 
---- src/plugbase.h.orig	Thu Jun 27 00:40:44 2002
+--- src/plugbase.h.orig	2009-05-06 22:28:18.000000000 +0000
 +++ src/plugbase.h
-@@ -46,7 +46,7 @@
-     #undef Free
+@@ -50,7 +50,7 @@
+ # undef Free
  #endif
  
 -#if defined(SOLARIS) || defined(FREEBSD) || defined(OPENBSD)
 +#if defined(SOLARIS) || defined(FREEBSD) || defined(OPENBSD) || defined(NETBSD)
-     #include <sys/param.h>
+ # include <sys/param.h>
  #endif
  
diff --git a/net/snort/patches/patch-af b/net/snort/patches/patch-af
index 011e76b4a0f..e91f8e86621 100644
--- a/net/snort/patches/patch-af
+++ b/net/snort/patches/patch-af
@@ -1,14 +1,14 @@
-$NetBSD: patch-af,v 1.4 2007/05/18 22:20:10 adrianp Exp $
+$NetBSD: patch-af,v 1.5 2011/04/01 16:48:36 gdt Exp $
 
---- src/dynamic-plugins/sf_dynamic_plugins.c.orig	2007-03-14 16:58:10.000000000 +0000
+--- src/dynamic-plugins/sf_dynamic_plugins.c.orig	2009-08-10 21:26:41.000000000 +0000
 +++ src/dynamic-plugins/sf_dynamic_plugins.c
-@@ -210,8 +210,7 @@ void LoadAllLibs(char *path, LoadLibrary
-         dirEntry = readdir(directory);
-         while (dirEntry)
+@@ -244,8 +244,7 @@ void LoadAllLibs(char *path, LoadLibrary
+         dir_entry = readdir(directory);
+         while (dir_entry != NULL)
          {
--            if (dirEntry->d_reclen &&
--                !fnmatch(EXT, dirEntry->d_name, FNM_PATHNAME | FNM_PERIOD))
-+            if (!fnmatch(EXT, dirEntry->d_name, FNM_PATHNAME | FNM_PERIOD))
+-            if ((dir_entry->d_reclen != 0) &&
+-                (fnmatch(MODULE_EXT, dir_entry->d_name, FNM_PATHNAME | FNM_PERIOD) == 0))
++            if (fnmatch(MODULE_EXT, dir_entry->d_name, FNM_PATHNAME | FNM_PERIOD) == 0)
              {
-                 SnortSnprintf(path_buf, PATH_MAX, "%s%s%s", path, "/", dirEntry->d_name);
-                 loadFunc(path_buf, 1);
+                 /* Get the string up until the first dot.  This will be
+                  * considered the file prefix. */
author	gdt <gdt@pkgsrc.org>	2011-04-01 16:48:36 +0000
committer	gdt <gdt@pkgsrc.org>	2011-04-01 16:48:36 +0000
commit	c62ec4adb2356d884e325132215b113ddf9bacb2 (patch)
tree	55a001121ce4be5f58169207ce64935358722a8e /net/snort
parent	9fc67e7dc11fe4a18b6660f284d9ebc347bfcc47 (diff)
download	pkgsrc-c62ec4adb2356d884e325132215b113ddf9bacb2.tar.gz