pkgsrc-changes: CVS commit: pkgsrc/net/snort

Subject: CVS commit: pkgsrc/net/snort
To: None <pkgsrc-changes@netbsd.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 04/16/2003 06:37:20
Module Name:	pkgsrc
Committed By:	salo
Date:		Wed Apr 16 06:37:20 UTC 2003

Modified Files:
	pkgsrc/net/snort: Makefile.common PLIST distinfo
	pkgsrc/net/snort/patches: patch-aa patch-ad patch-ae

Log Message:
Updated to version 2.0.0.

IMPORTANT: This version fixes remotely exploitable heap overflow in the stream4
           preprocessor module.

Advisory:  http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10

Changes:

2.0.0:
======
- Enhanced high-performance detection engine
- Stateful Pattern Matching
- New detection keywords: byte_test & byte_jump
- The Snort code base has undergone an external third party professional
  security audit funded by Sourcefire (http://www.sourcefire.com)
- Many new and updated rules
- snort.conf has been updated
- Enhancements to self preservation mechanisms in stream4 and frag2
- State tracking fixes in stream4
- New HTTP flow analyzer
- Enhanced protocol decoding (TCP options, 802.1q, etc)
- Enhanced protocol anomaly detection (IP, TCP, UDP, ICMP, RPC, HTTP, etc)
- Enhanced flexresp mode for real-time TCP session sniping
- Better chroot()'ing
- Tagging system updated
- Several million bugs addressed....
- Updated FAQ (thanks to Erek Adams and Dragos Ruiu) Snort 2.0 can be
  downloaded at http://www.snort.org/dl/snort-2.0.0.tar.gz. Binary
  versions of the codebase will be built over the next several days and
  made available at here.

2.0.rc4:
========
- byte_jump/byte_test don't force relative content options
- byte_jump/byte_test absolute offsets work
- Better FIN handling in Stream4

2.0.rc3:
========
- A low memory usage detection method (enabled via "config detection:
  search-method lowmem")
- Moved the default unix socket location to LOGDIR

2.0.rc2:
========
- syslog should work on win32 and unix
- major tagging updates
- new UDP decoding alerts
- snort.conf updates

2.0.rc1:
========
- Higher performance (due to a new pattern matcher and rebuilt detection
  engine)
- Better decoders
- Enhanced stream reassembly and defragmentation
- Tons of bug fixes
- Updated rules
- Updated snort.conf
- New detection keywords (byte_test, byte_jump, distance, within) &
  stateful pattern matching
- New HTTP flow analyzer
- Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc)
- Better self preservation in stateful subsystems
- Xrefs fixed
- Flexresp works faster and more effectively
- Better chroot()'ing
- Fixed 802.1q decoding
- Better async state handling
- New alerting option: -A cmg!!


To generate a diff of this commit:
cvs rdiff -r1.7 -r1.8 pkgsrc/net/snort/Makefile.common
cvs rdiff -r1.8 -r1.9 pkgsrc/net/snort/PLIST
cvs rdiff -r1.14 -r1.15 pkgsrc/net/snort/distinfo
cvs rdiff -r1.8 -r1.9 pkgsrc/net/snort/patches/patch-aa
cvs rdiff -r1.1 -r1.2 pkgsrc/net/snort/patches/patch-ad \
    pkgsrc/net/snort/patches/patch-ae

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.