- 2008-06-12 - Snort 2.8.2.1
[*] Improvements
* Fix support for pass rules that sometimes did not take precedence
over alert and/or drop rules.
PR: ports/124717
Submitted by: Michael Scheidell <scheidell_AT_secnap dot net>
- Snort distribution no longer includes rules - download them seperately
(or consider using security/oinkmaster to simplify that process)
- Change default config dir to ${PREFIX}/etc/snort (to avoid cluttering)
- Install database schemas scripts into EXAMPLESDIR
This is a sample script for ${PREFIX}/etc/rc.d that will
wake snort up on boot, and take it down on shutdown. Nothing
fancy here. This is needed, because I'm planning on teaching
ACID many new things, and ACID expects snort to help itself.
There is only one thing that requires thinking here: This
should run only after {MySQL|PostgreSQL} server is up, as
snort might want to report to the local server.
PR: ports/49047
Submitted by: Yonatan@xpert.com <Yonatan@xpert.com>
Approved by: maintainer timeout
The Sourcefire Vulnerability Research Team has learned of an integer
overflow in the Snort stream4 preprocessor used by the Sourcefire
Network Sensor product line. The Snort stream4 preprocessor
(spp_stream4) incorrectly calculates segment size parameters during
stream reassembly for certain sequence number ranges which can lead to
an integer overflow that can be expanded to a heap overflow.
PR: 51106
Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru>
A buffer overflow has been found in the snort RPC normalization
routines by ISS X-Force. This can cause snort to execute
arbitrary code embedded within sniffed network packets. This
preprocessor is enabled by default.
find its installed ruleset [1]. Install config files by default if there is
not already one present, and remove on deinstall if they are unchanged
from the default.
Submitted by: The Anarcat <anarcat@anarcat.dyndns.org> [1] (based on)
PR: ports/33887 [1]
Also install the complete set of rules files; some were missed in the
last upgrade.
PR: ports/32112 (rules updates)
Submitted by: Rob Simmons <rsimmons@mail.wlcg.com>
