pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/snort Update to Snort 2.9.15.1
details: https://anonhg.NetBSD.org/pkgsrc/rev/2fa3f6604ec5
branches: trunk
changeset: 411702:2fa3f6604ec5
user: sevan <sevan%pkgsrc.org@localhost>
date: Tue Feb 18 23:00:26 2020 +0000
description:
Update to Snort 2.9.15.1
2019-12-15 - Snort 2.9.15.1
New Additions
Added support for glibc version 2.30.
Improvements/Fix
Fixed Snort core seen during SSL re-configuration.
Fixed file access issues on files from SMB share.
Snort 2.9.15.0
New Additions
Added new debugs to print detection, file_processing and Preproc time
consumption info and verdict.
Added support to detect new Korean file formats .egg and .alg in the file
preprocessor.
Added support to detect new RAR file-type in the file preprocessor.
Improvements / Fix
Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets.
Fix to whitelist FTP data sessions when no file policy exists.
Fix RTF file magic to a more generic value to prevent evasions.
Added debug logs during HTTP reload.
Added rule SID check during validation.
Fix an issue where HTTP was processing non-HTTP traffic on port 443.
Added new debugs to print detection, file processing, and Prepro time
consumption info and verdicts.
Snort 2.9.14.1
[*] New Additions
* Added support for wild card port numbers in host cache and overwriting port
service AppId.
* Added support for new STLS client patterns to help better detect POP3S over
SSL.
* Added support for detecting Mac based SMTP Microsoft Outlook client
application.
* Added a new preprocessor alert 120:27 to alert if there is no proper end of
header.
[*] Improvements / Fix
* Improved appId detection for proxied traffic.
* Fix for enabling flow profiling mode without restarting snort detection
engine.
* Fixed packet drop scenario.
Snort 2.9.13.0
New Additions
Snort now supports reload on snort rules update.
Addition of a scenario to add a packet to blacklist verdict to ensure the
new session will be allowed.
Handled a new pre-processor alert in case of the improper end of t HTTP
header.
Improvements
Modified the calculation of file hash for FTP/HTTP with offset values.
Fixed portal authentication connection stuck in half closed state.
Updated UDP global timeout for a non-standard port.
This release also patched the following two vulnerabilities:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort
Snort 2.9.12.0
New Additions
Parsing HTTP CONNECT to extract the tunnel IP and port information.
Alerting and dechunking for chunked encoding in HTTP1.0 request and
response.
Improvements
Fixed an issue where, if we have a junk line before HTTP response header,
the header was wrongly parsed.
Fixed GZIP evasions where an HTTP response with content-encoding:gzip
contains a body that has a GZIP-related anomaly.
Fixed an issue in certain scenarios where a BitTorrent pattern is seen
only on the third packet of the session, causing us to miss our client
detection.
SMB improvements for file detection and processing.
2017-12-06 - Snort 2.9.11.1
New Additions
Added support to block portscan. In addition to tracking the scanning
packets, action(drop/sdrop/reject) will be taken for all the packets, which
means Snort will block the packet and generate logs.
Added support to re-evaluate reputation after reputation update for all
flows except those that have already been blacklisted.
Improvements
Fixed issue to detect RTP up to two SSRC switches in each traffic
direction.
Fixed issues related to HTTP POST header flushing, calling file processing
directly if it is not a multipart header and changes to avoid expensive copy
of segment data by not splitting them when flushing headers.
Fixed issue of triggering protocol sweep alert when there are multiple
destinations from single source ip protocol scan.
Added changes to fix IP portscan for protocol other than ICMP and fixed
issue of bad fragment size event not being generated for oversized packets.
Added changes to use raw data in case of PDF and SWF files during file
processing for SHA calculation and Malware Cloud Lookup.
Fixed issue of correct session matching for TCP SYN packets without window
scale option so that FTP data channels match the same rule as FTP control
channels.
Fixed issue of applying new configuration in file inspection after Snort
reload.
Snort 2.9.11
[*] New additions
Changes to eliminate Snort restart when there are changes to the memory
allocated for preprocessors, by releasing unused or least recently used memory
when needed.
Added support for storing filenames in Unicode for SMB protocol.
Added implementation of hostPortCache versioning for unknown flows in
AppID to detect and block BitTorrent.
[*] Improvements
Enhanced RTSP metadata parsing to match the user-agent field to detect
RTSP traffic over Windows Media.
Performance improvement when SYN rate limit has reached and drop is
configured as next action
Control-socket and side-channel support for FreeBSD platform.
Fixed issue in file signature lookup for retransmitted FTP packet.
Enhanced the processing of SIP/RTP future flows without ignoring them.
Changes made in PDF/SWF decompression by adding boundary to the size of
the decompressed data.
Added a null check to prevent copy unless debugHostIp is configured in
AppId.
Fixed issue where FTP file type block doesn't work for retried download.
Resolved issue where Snort is inappropriately handling traffic for which
AppId was creating future flow.
Performance improvements for SIP/RTP audio and video data flow in AppId.
Performance and stability improvements in FTP preprocessor like incorrect
referencing of ftp_data_session after its pruned.
Stability improvement by resolving valgrind reported issues in AppId.
Improved flushing mechanism for HTTP POST header.
Added changes to display AppId for IPv6 unified events.
Fixed issues with printing of messages for out-of-order packets.
Fixed issue in increment of detection filter counter when rule is used in
multiple configurations.
Fixed dynamic preprocessor compilation failure in OpenBSD platform.
Added changes to improve performance of ipvar list comparison.
Enhanced SMTP client detection by allowing line folding and all
authentication methods.
diffstat:
net/snort/Makefile | 13 ++++-
net/snort/PLIST | 27 ++++++++++++-
net/snort/distinfo | 12 ++--
net/snort/options.mk | 15 +------
net/snort/patches/patch-src_target-based_sftarget__reader.c | 8 +-
5 files changed, 48 insertions(+), 27 deletions(-)
diffs (196 lines):
diff -r f6631e152b5b -r 2fa3f6604ec5 net/snort/Makefile
--- a/net/snort/Makefile Tue Feb 18 22:56:43 2020 +0000
+++ b/net/snort/Makefile Tue Feb 18 23:00:26 2020 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.60 2019/07/20 22:46:41 wiz Exp $
+# $NetBSD: Makefile,v 1.61 2020/02/18 23:00:26 sevan Exp $
#
-DISTNAME= snort-2.9.9.0
-PKGREVISION= 2
+DISTNAME= snort-2.9.15.1
CATEGORIES= net security
MASTER_SITES= https://www.snort.org/downloads/archive/snort/
@@ -21,6 +20,7 @@
GNU_CONFIGURE= YES
USE_LIBTOOL= YES
+USE_TOOLS+= pkg-config
PKG_SYSCONFSUBDIR= snort
RCD_SCRIPTS= snort
SNORT_USER?= snort
@@ -90,6 +90,8 @@
CONFIGURE_ARGS+= --with-libpcap-libraries=${BUILDLINK_PREFIX.libpcap}/lib
CONFIGURE_ARGS+= --disable-so_with_static_lib
+BUILD_DEPENDS+= bison-[0-9]*:../../devel/bison
+
pre-build:
${CP} ${WRKSRC}/etc/snort.conf ${WRKSRC}/etc/snort.conf.default
@@ -115,6 +117,11 @@
${FILESDIR}/white_list.rules ${DESTDIR}${EGDIR}/rules/
${INSTALL_MAN} ${WRKSRC}/snort.8 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man8
+.include "../../www/nghttp2/buildlink3.mk"
+.include "../../security/openssl/buildlink3.mk"
+.include "../../lang/LuaJIT2/buildlink3.mk"
+.include "../../devel/flex/buildlink3.mk"
+.include "../../devel/zlib/buildlink3.mk"
.include "../../net/daq/buildlink3.mk"
.include "../../net/libdnet/buildlink3.mk"
.include "../../net/libpcap/buildlink3.mk"
diff -r f6631e152b5b -r 2fa3f6604ec5 net/snort/PLIST
--- a/net/snort/PLIST Tue Feb 18 22:56:43 2020 +0000
+++ b/net/snort/PLIST Tue Feb 18 23:00:26 2020 +0000
@@ -1,9 +1,14 @@
-@comment $NetBSD: PLIST,v 1.33 2017/06/15 18:27:50 nils Exp $
+@comment $NetBSD: PLIST,v 1.34 2020/02/18 23:00:26 sevan Exp $
+bin/appid_detector_builder.sh
bin/snort
bin/u2boat
+bin/u2openappid
bin/u2spewfoo
+bin/u2streamer
+lib/libsf_sorules.la
lib/pkgconfig/snort.pc
lib/snort_dynamicengine/libsf_engine.la
+lib/snort_dynamicpreprocessor/libsf_appid_preproc.la
lib/snort_dynamicpreprocessor/libsf_dce2_preproc.la
lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.la
lib/snort_dynamicpreprocessor/libsf_dns_preproc.la
@@ -95,11 +100,18 @@
share/examples/snort/threshold.conf
share/examples/snort/unicode.map
share/snort/src/snort_dynamicsrc/Unified2_common.h
+share/snort/src/snort_dynamicsrc/appId.h
+share/snort/src/snort_dynamicsrc/appIdApi.h
+share/snort/src/snort_dynamicsrc/appdata_adjuster.c
+share/snort/src/snort_dynamicsrc/appdata_adjuster.h
share/snort/src/snort_dynamicsrc/bitop.h
+share/snort/src/snort_dynamicsrc/cip_common.h
+share/snort/src/snort_dynamicsrc/dns_defs.h
share/snort/src/snort_dynamicsrc/event.h
share/snort/src/snort_dynamicsrc/file_api.h
share/snort/src/snort_dynamicsrc/file_mail_common.h
share/snort/src/snort_dynamicsrc/idle_processing.h
+share/snort/src/snort_dynamicsrc/md5.h
share/snort/src/snort_dynamicsrc/mpse_methods.h
share/snort/src/snort_dynamicsrc/obfuscation.h
share/snort/src/snort_dynamicsrc/pcap_pkthdr32.h
@@ -107,6 +119,9 @@
share/snort/src/snort_dynamicsrc/plugin_enum.h
share/snort/src/snort_dynamicsrc/preprocids.h
share/snort/src/snort_dynamicsrc/profiler.h
+share/snort/src/snort_dynamicsrc/reg_test.c
+share/snort/src/snort_dynamicsrc/reg_test.h
+share/snort/src/snort_dynamicsrc/reload_api.h
share/snort/src/snort_dynamicsrc/rule_option_types.h
share/snort/src/snort_dynamicsrc/session_api.h
share/snort/src/snort_dynamicsrc/sfPolicyUserData.c
@@ -114,6 +129,7 @@
share/snort/src/snort_dynamicsrc/sf_base64decode.c
share/snort/src/snort_dynamicsrc/sf_base64decode.h
share/snort/src/snort_dynamicsrc/sf_decompression.h
+share/snort/src/snort_dynamicsrc/sf_decompression_define.h
share/snort/src/snort_dynamicsrc/sf_dynamic_common.h
share/snort/src/snort_dynamicsrc/sf_dynamic_define.h
share/snort/src/snort_dynamicsrc/sf_dynamic_engine.h
@@ -132,10 +148,17 @@
share/snort/src/snort_dynamicsrc/sfcontrol.h
share/snort/src/snort_dynamicsrc/sfdebug.h
share/snort/src/snort_dynamicsrc/sfghash.h
+share/snort/src/snort_dynamicsrc/sfhashfcn.c
share/snort/src/snort_dynamicsrc/sfhashfcn.h
+share/snort/src/snort_dynamicsrc/sfmemcap.c
+share/snort/src/snort_dynamicsrc/sfmemcap.h
share/snort/src/snort_dynamicsrc/sfparser.c
+share/snort/src/snort_dynamicsrc/sfprimetable.c
+share/snort/src/snort_dynamicsrc/sfprimetable.h
share/snort/src/snort_dynamicsrc/sfsnort_dynamic_detection_lib.c
share/snort/src/snort_dynamicsrc/sfsnort_dynamic_detection_lib.h
+share/snort/src/snort_dynamicsrc/sfxhash.c
+share/snort/src/snort_dynamicsrc/sfxhash.h
share/snort/src/snort_dynamicsrc/sidechannel_define.h
share/snort/src/snort_dynamicsrc/signature.h
share/snort/src/snort_dynamicsrc/sip_common.h
@@ -152,6 +175,8 @@
share/snort/src/snort_dynamicsrc/ssl_session.h
share/snort/src/snort_dynamicsrc/str_search.h
share/snort/src/snort_dynamicsrc/stream_api.h
+share/snort/src/snort_dynamicsrc/thirdparty_appid_api.h
+share/snort/src/snort_dynamicsrc/thirdparty_appid_types.h
share/snort/src/snort_dynamicsrc/treenodes.h
share/snort/src/snort_dynamicsrc/util_unfold.c
share/snort/src/snort_dynamicsrc/util_unfold.h
diff -r f6631e152b5b -r 2fa3f6604ec5 net/snort/distinfo
--- a/net/snort/distinfo Tue Feb 18 22:56:43 2020 +0000
+++ b/net/snort/distinfo Tue Feb 18 23:00:26 2020 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.50 2017/06/15 18:27:50 nils Exp $
+$NetBSD: distinfo,v 1.51 2020/02/18 23:00:26 sevan Exp $
-SHA1 (snort-2.9.9.0.tar.gz) = c522b6130655e0d12299af6fd1a613b20259b4e3
-RMD160 (snort-2.9.9.0.tar.gz) = cfe3f7bb4203411e40376607c6bd1ee1fe7c4f84
-SHA512 (snort-2.9.9.0.tar.gz) = 2c17539c80484c90198a2e5d5efd1e70f26afb79ce7c28e745ded356b6f1a1f97763ff21fde986652af1768fa3bcdafbbcc3c82ee8ad6d2ef0471f360cfcab83
-Size (snort-2.9.9.0.tar.gz) = 6364482 bytes
-SHA1 (patch-src_target-based_sftarget__reader.c) = c0f4bde7a1a0fa00e4efecf26eb579cc2b1cb2ee
+SHA1 (snort-2.9.15.1.tar.gz) = dc8c89125c27153ffd69f27fbd60b95b9d1cbfe0
+RMD160 (snort-2.9.15.1.tar.gz) = 10ed066819c6021367245f59598509aeaeaef197
+SHA512 (snort-2.9.15.1.tar.gz) = 9940f5bcdcf04823f9cb5c3f8efda72f98f6a47bce9f40399dec9ec41d23a386c7f7e44861d82368de31546123b920f9fc617197bbf9c5e750724bf8b9e19590
+Size (snort-2.9.15.1.tar.gz) = 6618999 bytes
+SHA1 (patch-src_target-based_sftarget__reader.c) = 60f053d990af6329e48a1a26c89d9c4a59a0ffce
diff -r f6631e152b5b -r 2fa3f6604ec5 net/snort/options.mk
--- a/net/snort/options.mk Tue Feb 18 22:56:43 2020 +0000
+++ b/net/snort/options.mk Tue Feb 18 23:00:26 2020 +0000
@@ -1,14 +1,10 @@
-# $NetBSD: options.mk,v 1.8 2017/06/15 18:27:50 nils Exp $
+# $NetBSD: options.mk,v 1.9 2020/02/18 23:00:26 sevan Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.snort
PKG_SUPPORTED_OPTIONS= debug snort-prelude ssl snmp snort-gre
PKG_SUPPORTED_OPTIONS+= snort-dynamicplugin snort-timestats
-PKG_SUPPORTED_OPTIONS+= snort-rulestate inet6
-# does not work on SunOS
-.if ${OPSYS} != "SunOS"
-PKG_SUGGESTED_OPTIONS= inet6
-.endif
+PKG_SUPPORTED_OPTIONS+= snort-rulestate
PKG_OPTIONS_OPTIONAL_GROUPS= flex
@@ -37,13 +33,6 @@
.endif
###
-### Enable ipv6 support
-###
-.if !empty(PKG_OPTIONS:Minet6)
-CONFIGURE_ARGS+= --enable-ipv6
-.endif
-
-###
### Enable real-time performance statistics
###
.if !empty(PKG_OPTIONS:Msnort-timestats)
diff -r f6631e152b5b -r 2fa3f6604ec5 net/snort/patches/patch-src_target-based_sftarget__reader.c
--- a/net/snort/patches/patch-src_target-based_sftarget__reader.c Tue Feb 18 22:56:43 2020 +0000
+++ b/net/snort/patches/patch-src_target-based_sftarget__reader.c Tue Feb 18 23:00:26 2020 +0000
@@ -1,11 +1,11 @@
-$NetBSD: patch-src_target-based_sftarget__reader.c,v 1.1 2013/02/22 12:05:34 jperkin Exp $
+$NetBSD: patch-src_target-based_sftarget__reader.c,v 1.2 2020/02/18 23:00:26 sevan Exp $
Sun ar needs at least one symbol in a library.
---- src/target-based/sftarget_reader.c.orig 2009-10-02 20:30:03.000000000 +0000
+--- src/target-based/sftarget_reader.c.orig 2020-02-18 13:13:04.326915274 +0000
+++ src/target-based/sftarget_reader.c
-@@ -26,6 +26,10 @@
- #include "config.h"
+@@ -31,6 +31,10 @@
+ #define _GNU_SOURCE
#endif
+#ifdef __sun
Home |
Main Index |
Thread Index |
Old Index