Tested on two systems, and until works perfectly.
Changelog snort-2.7.0.1:
* etc/snort.conf:
Turn off flow since Stream5 is now enabled by default.
* src/snort.c:
Fix printing of threshold counts until after all rules are read.
This issue did not affect thresholding, only display of thresholding.
Thanks to Jeffrey Denton for reporting the problem.
* src/sfutil/ipobj.c:
Fix free of invalid pointer when using a negated IP list.
This is used by sfportscan preprocessor configuration parsing.
Thanks to Anders Ostrem for reporting the problem.
* src/preprocessors/Stream5/snort_stream5_session.c:
Fixed issue when experimental ICMP tracking is used without using
the TCP or UDP session tracking. ICMP was attempting to lookup
TCP or UDP sessions from uninitialized session cache. Thanks to
Koji Shikata for reporting the problem.
* src/preprocessors/Stream5/snort_stream5_tcp.c:
Fixed invalid session pointer when rule tries to use flowbits after
session ends. Thanks to rmkml for initially reporting the problem.
PR: ports/115294
Submitted by: Robin Gruyters <r dot gruyters_AT_yirdis dot nl>
Update includes:
- Target-based stream reassembly, including handling of TCP dataoverlaps and
anomalous TCP header flags on a per-destination basis. 11 different
target-based policies are supported. See README.stream5 for specific
configuration options for operating system targets.
- UDP session tracking
- Option to emulate Stream4 flushing behaviour
- Stream5 replaces BOTH Stream4 and Flow -- should disable both of these when
Stream5 is enabled.
- Security and memory footprint improvements
PR: ports/114806
Submitted by: Robin Gruyters <r dot gruyters_AT_yirdis dot nl>
was supposed to work is useless, because if we can't trust the distfile from
the remote machine, we can't trust the signature from the same machine either.
Our MD5 and SHA256 are good for checking both the sanity and the
trustiness of distfiles.
Approved by: portmgr (erwin), erwin (mentor)
- library version update of related ports
Changelog libprelude:
- Hook class comparison function. Accept NULL, equal, not equal operator.
- Introduce better error checking in the idmef-class API, which is now
considered public and might be used by external application. Rename
error code to reflect the API.
- Change to the way IDMEF listed element are handled. Specifying negative
number as the position of the element from the low level API now allow
to position the element at the specified (reversed) index. Using the
high level API a negative index permit to address a list of element
backward (replace an element).
- Build fixes for SWIG > 1.3.27.
- Modify idmef_value_match() so that it always unroll listed value
(do it for both val1 and val2. Remove assertion, and let
idmef_value_type_compare() return an error code in case there is an issue.
- Handle path using IDMEF_LIST_APPEND or IDMEF_LIST_PREPEND as
path using an undefined list index on idmef_path_get() call.
- Make criteria parser accept (*) list index.
- Implement comparison function for all IDMEF object.
PR: ports/104328
Submitted by: maintainer (Robin Gruyters)
Approved by: portmgr (pav)
I have jumped in over my head with maintaining the port, both in terms of my
skills with significantly modifying a port (particularly in getting the port
from 2.4.5 to 2.6.0), not using snort enough to really test the full package,
and not enough time to improve the port.
With that said, there still is ports/99862 that is still open (re: bring
security/snort to 2.6.0) which I have it the wall on trying to get the port
to deinstall cleanly due to the optional nature of some components. I will
continue to help out with other ports that I can take on and those that I
can still take on maintainership.
PR: ports/101526
Submitted by: Linh Pham <question+fbsdports@closedsrc.org> (maintainer)
SourceFire, the maintainers of Snort, have updated the tarball for Snort
2.4.4 to include support for building binaries. The updated tarball has a
different size and checksum and I have verified with the Snort team that the
change is in fact valid.
PR: ports/96017
Submitted by: maintainer
- move 1.0 obsoleted version to net/libnet10
net/libnet is latest Stable Version
net/libnet is latest Beta Version
- Fix all depended ports with a new DEPENDS scheme
- While I'm here fix security/yersinia build on 4.x
(getopt_long and ncurses issues)
PR: ports/85519 (based on)
Submitted by: Stas Yakovlev <stas.yakovlev_at_gmail.com>
in the Back Orifice preprocessor.
- Transfer maintainership to the submitter, who seems to be tracking
Snort development much closer than I do, and submitted most of
the Snort update PRs in last couple of years
PR: ports/87628
Submitted by: Linh Pham <question+fbsdports@closedsrc.org>
- Snort distribution no longer includes rules - download them seperately
(or consider using security/oinkmaster to simplify that process)
- Change default config dir to ${PREFIX}/etc/snort (to avoid cluttering)
- Install database schemas scripts into EXAMPLESDIR
- Removed end-of-line parser fix (introduced in 2.3.1) in favor of
completely reworking this at the next parser overhaul.
PR: ports/78846
Submitted by: Linh Pham <question+fbsdports@closedsrc.org>
All ports depending on postgresql shall use the USE_PGSQL=yes knob
defined in Mk/bsd.ports.mk. Bumping portrevisions where needed.
PR: 75344
Approved by: portmgr@ (kris), ade & sean (mentors)
