- name for one patch has changed from patch-snort.conf to patch-etc__snort.conf
(easier to build diffs with 'make makepatch')
- snort.conf was replaced with the version shiped in the rules tarball
(Maybe users shoud be pointed to the Changelog)
PR: ports/146155
Submitted by: olli hauer <ohauer_AT_gmx dot de>
RELEASE.NOTES
2009-12-15 - Snort 2.8.5.2
[*] Improvements
* Improvements to HTTP Inspect for handling of pipelined requests
and chunked encodings.
* Updated the documentation for output plugins and log limits.
* Fixed building on AIX 6.
* Fixed reloading of auto-iface variables when privileges had been dropped.
* Fixed issues at startup and perfstats rotation with old versions of
libc (2.2, 2.3) & linux threads.
PR: ports/142885
Submitted by: olli hauer <ohauer_AT_gmx dot de>
- 2008-06-12 - Snort 2.8.2.1
[*] Improvements
* Fix support for pass rules that sometimes did not take precedence
over alert and/or drop rules.
PR: ports/124717
Submitted by: Michael Scheidell <scheidell_AT_secnap dot net>
- Snort distribution no longer includes rules - download them seperately
(or consider using security/oinkmaster to simplify that process)
- Change default config dir to ${PREFIX}/etc/snort (to avoid cluttering)
- Install database schemas scripts into EXAMPLESDIR
This is a sample script for ${PREFIX}/etc/rc.d that will
wake snort up on boot, and take it down on shutdown. Nothing
fancy here. This is needed, because I'm planning on teaching
ACID many new things, and ACID expects snort to help itself.
There is only one thing that requires thinking here: This
should run only after {MySQL|PostgreSQL} server is up, as
snort might want to report to the local server.
PR: ports/49047
Submitted by: Yonatan@xpert.com <Yonatan@xpert.com>
Approved by: maintainer timeout
The Sourcefire Vulnerability Research Team has learned of an integer
overflow in the Snort stream4 preprocessor used by the Sourcefire
Network Sensor product line. The Snort stream4 preprocessor
(spp_stream4) incorrectly calculates segment size parameters during
stream reassembly for certain sequence number ranges which can lead to
an integer overflow that can be expanded to a heap overflow.
PR: 51106
Submitted by: Sergey A. Osokin <osa@FreeBSD.org.ru>
A buffer overflow has been found in the snort RPC normalization
routines by ISS X-Force. This can cause snort to execute
arbitrary code embedded within sniffed network packets. This
preprocessor is enabled by default.
find its installed ruleset [1]. Install config files by default if there is
not already one present, and remove on deinstall if they are unchanged
from the default.
Submitted by: The Anarcat <anarcat@anarcat.dyndns.org> [1] (based on)
PR: ports/33887 [1]
Also install the complete set of rules files; some were missed in the
last upgrade.
PR: ports/32112 (rules updates)
Submitted by: Rob Simmons <rsimmons@mail.wlcg.com>
