- Add STAGE support [1]
- Remove SNORTSAM support due to lack of upstream support [1]
- Makefile cleanup [1]
- Use new configure magic [1]
PR: ports/185274 [1]
Submitted by: ohauer@ [1]
- Add debugging OPTION to build snort with debug symbols, etc.
- Add sourcefire OPTION to build snort with --enable-sourcefire
- Take maintainership per private email conversation with current maintainer
PR: ports/161876
Submitted by: Ryan Steinmetz <zi@FreeBSD.org>
Approved by: Dean Freeman <wfreeman@sourcefire.com> (maintainer)
- pass maintainership to William Freeman <wfreeman_AT_sourcefire dot com>
Note: This attached patch replaces the one in ports/153998.
Also fixes the location of the dynamic libs/rules in ports/153224.
PR: ports/154514 [1], ports/153998 [2]
Submitted by: Michael Scheidell <scheidell_AT_secnap dot net>
- From the release notes:
* Eliminate false positives when using fast_pattern:only and having only
one http content in the pattern matcher.
* Address false positives in FTP preprocessor with string format verification.
Also addressed issue with handling of response codes to data transfer
commands where the response code didn't contain a message.
PR: ports/148878
Submitted by: olli hauer <ohauer_AT_gmx dot de>
RELEASE.NOTES
2009-12-15 - Snort 2.8.5.2
[*] Improvements
* Improvements to HTTP Inspect for handling of pipelined requests
and chunked encodings.
* Updated the documentation for output plugins and log limits.
* Fixed building on AIX 6.
* Fixed reloading of auto-iface variables when privileges had been dropped.
* Fixed issues at startup and perfstats rotation with old versions of
libc (2.2, 2.3) & linux threads.
PR: ports/142885
Submitted by: olli hauer <ohauer_AT_gmx dot de>
- 2008-06-12 - Snort 2.8.2.1
[*] Improvements
* Fix support for pass rules that sometimes did not take precedence
over alert and/or drop rules.
PR: ports/124717
Submitted by: Michael Scheidell <scheidell_AT_secnap dot net>
Tested on two systems, and until works perfectly.
Changelog snort-2.7.0.1:
* etc/snort.conf:
Turn off flow since Stream5 is now enabled by default.
* src/snort.c:
Fix printing of threshold counts until after all rules are read.
This issue did not affect thresholding, only display of thresholding.
Thanks to Jeffrey Denton for reporting the problem.
* src/sfutil/ipobj.c:
Fix free of invalid pointer when using a negated IP list.
This is used by sfportscan preprocessor configuration parsing.
Thanks to Anders Ostrem for reporting the problem.
* src/preprocessors/Stream5/snort_stream5_session.c:
Fixed issue when experimental ICMP tracking is used without using
the TCP or UDP session tracking. ICMP was attempting to lookup
TCP or UDP sessions from uninitialized session cache. Thanks to
Koji Shikata for reporting the problem.
* src/preprocessors/Stream5/snort_stream5_tcp.c:
Fixed invalid session pointer when rule tries to use flowbits after
session ends. Thanks to rmkml for initially reporting the problem.
PR: ports/115294
Submitted by: Robin Gruyters <r dot gruyters_AT_yirdis dot nl>
Update includes:
- Target-based stream reassembly, including handling of TCP dataoverlaps and
anomalous TCP header flags on a per-destination basis. 11 different
target-based policies are supported. See README.stream5 for specific
configuration options for operating system targets.
- UDP session tracking
- Option to emulate Stream4 flushing behaviour
- Stream5 replaces BOTH Stream4 and Flow -- should disable both of these when
Stream5 is enabled.
- Security and memory footprint improvements
PR: ports/114806
Submitted by: Robin Gruyters <r dot gruyters_AT_yirdis dot nl>
