From c62ec4adb2356d884e325132215b113ddf9bacb2 Mon Sep 17 00:00:00 2001 From: gdt Date: Fri, 1 Apr 2011 16:48:36 +0000 Subject: Update to 2.8.5.1, to resolve a security issue. Upstream NEWS is weak; release notes for 2.8.5.1 follow. [*] Improvements * Fixed syslog output when running on Windows. * Fixed potential segfault when printing IPv6 packets using the -v option. Thanks to Laurent Gaffie for reporting this issue. * Fixed segfault when additional policies were added during a configuration reload. --- net/snort/Makefile | 6 ++++-- net/snort/PLIST | 23 ++++++++++++++--------- net/snort/distinfo | 14 +++++++------- net/snort/patches/patch-aa | 20 ++++++-------------- net/snort/patches/patch-ac | 10 +++++----- net/snort/patches/patch-af | 20 ++++++++++---------- 6 files changed, 46 insertions(+), 47 deletions(-) (limited to 'net/snort') diff --git a/net/snort/Makefile b/net/snort/Makefile index 5c712e262f5..6764bc23ea3 100644 --- a/net/snort/Makefile +++ b/net/snort/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.42 2009/12/09 11:42:35 obache Exp $ +# $NetBSD: Makefile,v 1.43 2011/04/01 16:48:36 gdt Exp $ # -DISTNAME= snort-2.8.3.1 +DISTNAME= snort-2.8.5.1 CATEGORIES= net security MASTER_SITES= http://www.snort.org/dl/ \ http://www.snort.org/dl/current/ \ @@ -11,6 +11,8 @@ MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.snort.org/ COMMENT= The Open Source Network Intrusion Detection System +LICENSE= gnu-gpl-v2 + PKG_DESTDIR_SUPPORT= user-destdir CONFLICTS+= snort-mysql-[0-9]* diff --git a/net/snort/PLIST b/net/snort/PLIST index 0fd4a173eac..2ec63fe998b 100644 --- a/net/snort/PLIST +++ b/net/snort/PLIST @@ -1,14 +1,16 @@ -@comment $NetBSD: PLIST,v 1.30 2009/06/14 21:00:05 joerg Exp $ +@comment $NetBSD: PLIST,v 1.31 2011/04/01 16:48:36 gdt Exp $ bin/snort +lib/pkgconfig/snort.pc lib/snort_dynamicengine/libsf_engine.la -lib/snort_dynamicrules/lib_sfdynamic_example_rule.la +lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la +lib/snort_dynamicpreprocessor/libsf_dce2_preproc.la lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la lib/snort_dynamicpreprocessor/libsf_dns_preproc.la lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la -lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la -lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la +lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la +lib/snort_dynamicrules/lib_sfdynamic_example_rule.la man/man8/snort.8 share/doc/snort/AUTHORS share/doc/snort/BUGS @@ -31,12 +33,12 @@ share/doc/snort/README.asn1 share/doc/snort/README.csv share/doc/snort/README.database share/doc/snort/README.dcerpc -share/doc/snort/README.decoder_preproc_rules +share/doc/snort/README.dcerpc2 share/doc/snort/README.decode +share/doc/snort/README.decoder_preproc_rules share/doc/snort/README.dns share/doc/snort/README.event_queue -share/doc/snort/README.flow -share/doc/snort/README.flow-portscan +share/doc/snort/README.filters share/doc/snort/README.flowbits share/doc/snort/README.frag3 share/doc/snort/README.ftptelnet @@ -44,23 +46,24 @@ share/doc/snort/README.gre share/doc/snort/README.http_inspect share/doc/snort/README.ipip share/doc/snort/README.ipv6 +share/doc/snort/README.multipleconfigs share/doc/snort/README.pcap_readmode share/doc/snort/README.ppm +share/doc/snort/README.reload share/doc/snort/README.sfportscan share/doc/snort/README.ssh share/doc/snort/README.ssl -share/doc/snort/README.stream4 share/doc/snort/README.stream5 share/doc/snort/README.tag share/doc/snort/README.thresholding share/doc/snort/README.variables share/doc/snort/README.wireless -share/doc/snort/generators share/doc/snort/TODO share/doc/snort/USAGE share/doc/snort/WISHLIST share/doc/snort/faq.pdf share/doc/snort/faq.tex +share/doc/snort/generators share/doc/snort/schemas/create_db2 share/doc/snort/schemas/create_mssql share/doc/snort/schemas/create_mysql @@ -83,6 +86,8 @@ share/snort/src/snort_dynamicsrc/debug.h share/snort/src/snort_dynamicsrc/pcap_pkthdr32.h share/snort/src/snort_dynamicsrc/preprocids.h share/snort/src/snort_dynamicsrc/profiler.h +share/snort/src/snort_dynamicsrc/sfPolicyUserData.c +share/snort/src/snort_dynamicsrc/sfPolicyUserData.h share/snort/src/snort_dynamicsrc/sf_dynamic_common.h share/snort/src/snort_dynamicsrc/sf_dynamic_meta.h share/snort/src/snort_dynamicsrc/sf_dynamic_preproc_lib.c diff --git a/net/snort/distinfo b/net/snort/distinfo index 480c5586de4..dfe974b8fae 100644 --- a/net/snort/distinfo +++ b/net/snort/distinfo @@ -1,13 +1,13 @@ -$NetBSD: distinfo,v 1.46 2008/10/25 18:35:19 adrianp Exp $ +$NetBSD: distinfo,v 1.47 2011/04/01 16:48:36 gdt Exp $ -SHA1 (snort-2.8.3.1.tar.gz) = 384203f68e2000c490bbc5a5a2724b0b74d10e74 -RMD160 (snort-2.8.3.1.tar.gz) = 53ab2df684ba327718d3dac1c8efa21c3ae05248 -Size (snort-2.8.3.1.tar.gz) = 4309333 bytes -SHA1 (patch-aa) = 4fe3bb6a40aea972249e4b21b7142b548c761978 +SHA1 (snort-2.8.5.1.tar.gz) = b971052cdd4b3527a0603854953103fe9ad8a45b +RMD160 (snort-2.8.5.1.tar.gz) = fbfab45f1d7d815516043592eab8cf1cc6ec93d0 +Size (snort-2.8.5.1.tar.gz) = 4715078 bytes +SHA1 (patch-aa) = 3e59b984e5cb21f3fc12e07cdd0560f7cab4f2eb SHA1 (patch-ab) = 0ea7deb91de5d3d68558a30e80dcbd8bd81f8a5e -SHA1 (patch-ac) = 6cdf26fcaeb8dad9cd9562b77377bd56b49c9f38 +SHA1 (patch-ac) = 95e08ebd8a57295540923a49c54177e81ec601c5 SHA1 (patch-ad) = d4bf1dee02af1f1730263a78a868bbdae5d8846d SHA1 (patch-ae) = ca74cfab6d9010d037a1e72e7c39b7982888c476 -SHA1 (patch-af) = ce5129f0337514c9a2a9a482e2f1ed9a405112ec +SHA1 (patch-af) = 03df09e853819816034109429762a3bb01b59fb0 SHA1 (patch-ag) = 1dfcb56284528b307f44d911f84f64832d907139 SHA1 (patch-ah) = 1dee26c42c30e60be83a5e574183f2394d23e340 diff --git a/net/snort/patches/patch-aa b/net/snort/patches/patch-aa index 93826cf886f..d4f1450950f 100644 --- a/net/snort/patches/patch-aa +++ b/net/snort/patches/patch-aa @@ -1,18 +1,10 @@ -$NetBSD: patch-aa,v 1.16 2007/10/21 00:22:53 adrianp Exp $ +$NetBSD: patch-aa,v 1.17 2011/04/01 16:48:36 gdt Exp $ ---- src/snort.c.orig 2007-09-07 19:01:56.000000000 +0100 +--- src/snort.c.orig 2009-10-19 17:44:03.000000000 +0000 +++ src/snort.c -@@ -158,7 +158,6 @@ extern OutputFuncNode *LogList; - time_t start_time; /* tracks how many seconds snort actually ran */ - #endif - --extern int errno; - - /* exported variables *********************************************************/ - u_int8_t runMode = 0; /* snort run mode */ -@@ -3194,6 +3193,19 @@ int SetPktProcessor(void) - +@@ -2737,6 +2737,19 @@ static int SetPktProcessor(void) break; + #endif // NO_NON_ETHER_DECODER +#if defined(__NetBSD__) +# if defined(__NetBSD_Version__) @@ -28,9 +20,9 @@ $NetBSD: patch-aa,v 1.16 2007/10/21 00:22:53 adrianp Exp $ +#endif /* NetBSD */ + case DLT_PPP: /* point-to-point protocol */ - if(!pv.readmode_flag) + if (!ScReadMode()) { -@@ -3743,7 +3755,7 @@ static char *ConfigFileSearch() +@@ -3379,7 +3392,7 @@ static char *ConfigFileSearch(void) { struct stat st; int i; diff --git a/net/snort/patches/patch-ac b/net/snort/patches/patch-ac index 4bf04b6926c..c3bc79f28a4 100644 --- a/net/snort/patches/patch-ac +++ b/net/snort/patches/patch-ac @@ -1,13 +1,13 @@ -$NetBSD: patch-ac,v 1.1 2002/10/13 04:42:13 hubertf Exp $ +$NetBSD: patch-ac,v 1.2 2011/04/01 16:48:36 gdt Exp $ ---- src/plugbase.h.orig Thu Jun 27 00:40:44 2002 +--- src/plugbase.h.orig 2009-05-06 22:28:18.000000000 +0000 +++ src/plugbase.h -@@ -46,7 +46,7 @@ - #undef Free +@@ -50,7 +50,7 @@ + # undef Free #endif -#if defined(SOLARIS) || defined(FREEBSD) || defined(OPENBSD) +#if defined(SOLARIS) || defined(FREEBSD) || defined(OPENBSD) || defined(NETBSD) - #include + # include #endif diff --git a/net/snort/patches/patch-af b/net/snort/patches/patch-af index 011e76b4a0f..e91f8e86621 100644 --- a/net/snort/patches/patch-af +++ b/net/snort/patches/patch-af @@ -1,14 +1,14 @@ -$NetBSD: patch-af,v 1.4 2007/05/18 22:20:10 adrianp Exp $ +$NetBSD: patch-af,v 1.5 2011/04/01 16:48:36 gdt Exp $ ---- src/dynamic-plugins/sf_dynamic_plugins.c.orig 2007-03-14 16:58:10.000000000 +0000 +--- src/dynamic-plugins/sf_dynamic_plugins.c.orig 2009-08-10 21:26:41.000000000 +0000 +++ src/dynamic-plugins/sf_dynamic_plugins.c -@@ -210,8 +210,7 @@ void LoadAllLibs(char *path, LoadLibrary - dirEntry = readdir(directory); - while (dirEntry) +@@ -244,8 +244,7 @@ void LoadAllLibs(char *path, LoadLibrary + dir_entry = readdir(directory); + while (dir_entry != NULL) { -- if (dirEntry->d_reclen && -- !fnmatch(EXT, dirEntry->d_name, FNM_PATHNAME | FNM_PERIOD)) -+ if (!fnmatch(EXT, dirEntry->d_name, FNM_PATHNAME | FNM_PERIOD)) +- if ((dir_entry->d_reclen != 0) && +- (fnmatch(MODULE_EXT, dir_entry->d_name, FNM_PATHNAME | FNM_PERIOD) == 0)) ++ if (fnmatch(MODULE_EXT, dir_entry->d_name, FNM_PATHNAME | FNM_PERIOD) == 0) { - SnortSnprintf(path_buf, PATH_MAX, "%s%s%s", path, "/", dirEntry->d_name); - loadFunc(path_buf, 1); + /* Get the string up until the first dot. This will be + * considered the file prefix. */ -- cgit v1.2.3