in the Back Orifice preprocessor.
- Transfer maintainership to the submitter, who seems to be tracking
Snort development much closer than I do, and submitted most of
the Snort update PRs in last couple of years
PR: ports/87628
Submitted by: Linh Pham <question+fbsdports@closedsrc.org>
- Snort distribution no longer includes rules - download them seperately
(or consider using security/oinkmaster to simplify that process)
- Change default config dir to ${PREFIX}/etc/snort (to avoid cluttering)
- Install database schemas scripts into EXAMPLESDIR
- Removed end-of-line parser fix (introduced in 2.3.1) in favor of
completely reworking this at the next parser overhaul.
PR: ports/78846
Submitted by: Linh Pham <question+fbsdports@closedsrc.org>
The Sourcefire Vulnerability Research Team has learned of an integer
overflow in the Snort stream4 preprocessor used by the Sourcefire
Network Sensor product line. The Snort stream4 preprocessor
(spp_stream4) incorrectly calculates segment size parameters during
stream reassembly for certain sequence number ranges which can lead to
an integer overflow that can be expanded to a heap overflow.
PR: 51106
Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru>
A buffer overflow has been found in the snort RPC normalization
routines by ISS X-Force. This can cause snort to execute
arbitrary code embedded within sniffed network packets. This
preprocessor is enabled by default.
find its installed ruleset [1]. Install config files by default if there is
not already one present, and remove on deinstall if they are unchanged
from the default.
Submitted by: The Anarcat <anarcat@anarcat.dyndns.org> [1] (based on)
PR: ports/33887 [1]
Also install the complete set of rules files; some were missed in the
last upgrade.
PR: ports/32112 (rules updates)
Submitted by: Rob Simmons <rsimmons@mail.wlcg.com>