| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Fixes SunOS build.
|
|
|
|
|
|
PKG_SUGGESTED_OPTIONS for SunOS.
PR 46947.
|
|
|
|
|
|
|
|
|
|
Upstream NEWS is weak; release notes for 2.8.5.1 follow.
[*] Improvements
* Fixed syslog output when running on Windows.
* Fixed potential segfault when printing IPv6 packets using the -v option.
Thanks to Laurent Gaffie for reporting this issue.
* Fixed segfault when additional policies were added during a configuration
reload.
|
|
|
|
|
|
|
|
|
|
* Update rule latency thresholding
* The flow and stream4 preprocessors will be deprecated in a future release.
* DCE/RPC preprocessor changes to handle abnormal TCP segmentation.
Added option to reassemble fragmentation buffers early. Updated
documentation.
* Fixed handling of MPLS label in checking Stream session uniqueness
when IPv4 packets are received and build is IPv6.
See the ChangeLog for all the details
|
|
Fix non-priv'ed builds which should fix PR 39260
2008-07-24 - Snort 2.8.2.2
[*] Improvements
* Fix issue with evaluating PCRE rule options with /U modifier that
are followed by a relative content rule option.
* Fix issue with dsize range check.
2008-06-12 - Snort 2.8.2.1
[*] Improvements
* Fix support for pass rules that sometimes did not take precedence
over alert and/or drop rules.
|
|
Fixes issues e.g. on NetBSD where bool is defined by system headers.
|
|
|
|
Includes fix for CVE-2008-1804
[*] New Additions
* Target-Based support to allow rules to use an attribute table
describing services running on various hosts on the network.
Eliminates reliance on port-based rules.
* Support for GRE encapsulation for both IPv4 & IPv6.
* Support for IP over IP tunneling for both IPv4 & IPv6.
* SSL preprocessor to allow ability to not inspect encrypted traffic.
* Ability to read mulitple PCAPs from the command line.
* Support for new CVS rule detection options.
[*] Improvements
* Update to HTTP Inspect to identify overly long HTTP header fields.
* Updates to IPv6 support, including changes to avoid namespace
conflicts for certain Operating systems.
* Updates to address issues seen on various Sparc platforms.
* Stricter enforcement of shared object versions to avoid API
conflicts.
|
|
[*] Improvements
* Updates to build with new versions of libPCRE.
* Fix Stream5 debugging output to actually compile and have correct output
for normal & IPv6 enabled builds.
* Correct perfmonitor statistic calculation for pattern matcher percentage.
|
|
This change should fix a problem with CHECK_FILES=yes.
|
|
|
|
|
|
* Port lists
* IPv6 support
* Packet performance monitoring
* Experimental support for target-based stream and IP frag reassembly
* Ability to take actions on preprocessor events
* Detection for TCP session hijacking based on MAC address
* Unified2 output plugin
* Improved performance and detection capabilities
|
|
not required. From John R. Shannon.
|
|
Fixed header files to avoid conflicts with system files on BSD for
IPv6 data structures.
Added code to prevent URI-related alerts from firing when the
body is being normalized.
Make Stream5 the default stream engine.
Add alert for multiple GRE encapsulations.
Added ability for Snort to track fragmented ICMPv6 to check for the
remote BSD exploit (Bugtraq ID 22901, CVE-2007-1365).
Code cleanup, change malloc/calloc to SnortAlloc, use safer functions
SnortSnprintf, SnortStrncpy, etc. Check pointers before use.
Additional updates for bounds checking.
And many more . . . check the ChangeLog for all the details
|
|
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
|
|
Snort v2.6.1.5 includes:
* A new http_post rule keyword used to search for content in normalized
HTTP posts
* A fix for a potential memory leak when generating HTTP Inspection events
Snort v2.6.1.4 includes detection functionality for a BSD IPv6 fragmentation
overflow, and addresses a number of potential security-related issues in
Snort as reported by customers, uncovered by internal investigations, and
through third-party code audits.
|
|
Fix snort-flexresp{2} so that they actually can be tested and work properly
with the new libnet{10,11} laoyout
Pointed out by wiz@ in private email
|
|
|
|
* src/dynamic-preprocessors/Makefile.am:
* src/dynamic-preprocessors/dcerpc/smb_andx_decode.c:
* src/dynamic-preprocessors/dcerpc/dcerpc.c:
Add bounds checking to ReassembleSMBWriteX; use Safememcpy for calculated
length buffer copies.
|
|
|
|
|
|
2.6.1 provides new functionality including the following:
* New pattern matcher with a significantly reduced memory footprint
* Introduction of stream5 for experimental use
* Improvements to stream4, including UDP session tracking and optimizations for the reassembly buffer
* Handling for reassembly of SMB fragmented data in DCE/RPC
* An ssh preprocessor for experimental use
* Updated Snort decoder that can decode GRE encapsulated packets
* Output plugin to allow Snort to configure Aruba access control
Snort 2.6.0:
* Tcp stream properly reassembled after failed sequence check, which may lead to possible detection evasion.
* Added configurable stream flushpoints.
* Improved rpc processing.
* Improved portscan detection.
* Improved http request processing and handling of possible evasion cases.
* Improved performance monitoring.
The Snort 2.6 release also introduces the ability to use dynamic rules and dynamic preprocessors and contains further improvements to the Snort detection engine.
Remove snort-{pgsql,mysql,prelude}. The new snort package uses options.mk
to specify build options.
|
|
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.
Fixes PR 35265, although I did not use the patch provided therein.
|
|
|
|
These releases have better performance, numerous new features and
incorporate many bug fixes. Notable bug fixes and improvements include:
* Tcp stream properly reassembled after failed sequence check,
which may lead to possible detection evasion.
* Added configurable stream flushpoints.
* Improved rpc processing.
* Improved portscan detection.
* Improved http request processing and handling of possible
evasion cases.
* Improved performance monitoring.
|
|
syntax as specified in pkgsrc/mk/install/bsd.pkginstall.mk:1.47.
|
|
Suggested by Jason Miller in private email
|
|
This includes the fix for:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0839
> +2006-02-20 Steven Sturges <ssturges@sourcefire.com>
> + * src/preprocessors/spp_frag3.c:
> + * configure.in:
> + Fix ip options handling. Thanks to Vyacheslav Burdjanadze for
> + finding the issue.
> +
> +2006-01-09 Steven Sturges <ssturges@sourcefire.com>
> + * src/sfutil/mwm.c:
> + Fixed bug with multiple recurring patterns in Wu-Manbher implementation.
> + Thanks to Evan Stawnyczy for pointing it out an Marc Norton for the
> + fix.
> + * src/parser/IpAddrSet.c:
> + Fixed problem with parsing conf file and rules when DNS is not working.
> + Thanks Martin Olsson for mentioning this and testing the fix.
> + * src/preprocessors/spp_perfmonitor.c:
> + * src/preprocessors/perf-base.c:
> + Handle wrapping on 64-bit platforms
> +
> +2005-11-17 Andrew Mullican <amullican@sourcefire.com>
> + * src/sfutil/sfxhash.c:
> + * src/preprocessors/portscan.c:
> + Add tracker without using bogus data, to avoid internal buffer overrun.
> + Thanks Sandro Poppi for the find.
> +
> +2005-11-11 Steven Sturges <ssturges@sourcefire.com>
> + * src/snort.c:
> + Allow value of 0 to be used with -G flag
> + * src/preprocessors/spp_bo.c:
> + Code Cleanup
> + * src/preprocessors/spp_frag3.c:
> + Fix memory leak and mishandling of IP Options. Thanks Yin
> + Zhaohui for the find.
|
|
|
|
Bump snort{-mysql,-pgsql} to nb1
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
- Fixed potential buffer overflow in BackOrifice preprocessor and
added an alert on attempt to overflow buffer in snort. Thanks
Andy Mullican for the fix.
|
|
- don't try to actually open the log file when in test mode
- Fixes to address schema being a keyword in MySQL 5.0
|
|
From the ChangeLog:
> 2005-09-16 - Snort 2.4.1 Released
> [*] New additions
> * Added a -K command line option to manually select the logging mode using
> a single switch. The -b and -N switches will be deprecated in version
> 2.7. Pcap logging is now the default for Snort at startup, use "-K ascii"
> to revert to old behavior.
>
> [*] Improvements
> * Win32 version now supports winpcap 3.1 and MySQL client 4.13.
> * Added event on zero-length RPC fragments.
> * Fixed TCP SACK processing for text based outputs that could result in a
> DoS.
> * General improvements to frag3 including Teardrop detection fix.
> * Fixed a bug in the PPPoE decoder.
> * Added patch for time stats from Bill Parker. Enable with configure
> --enable-timestats.
> * Fixed IDS mode bailing at startup if logdir is specified in snort.conf
> and /var/log/snort doesn't exist.
> * Added decoder for IPEnc for OpenBSD. Thanks Jason Ish for the patch
> (long time ago) and Chris Kuethe for reraising the issue.
> * Allow snort to use usernames (-u) and groupnames (-g) that include
> numbers. Thanks to Shaick for the patch.
> * Fixed broken -T option.
> * Change ip_proto to ip for portscan configuration. Thanks David Bianco
> for pointing this out.
> * Fix for prelude initialization. Thanks Yoann Vandoorselaere for the
> update.
> * For content matches, when subsequent rule options fail, start searching
> again in correct location.
> * Updated Win32 to handle pflog patch.
> * Added support for new OpenBSD pflog format. Older pflog format,
> OpenBSD 3.3 and earlier is still supported. Thanks Breno Leitao
> and Christian Reis for the patch.
> * Added statistics counter for ETH_LOOPBACK packets. Thanks rmkml
> for the patch.
|
|
http://secunia.com/advisories/16786/
Whitespace police on MESSAGE
Bump to nb1
|
|
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
|
