- Fix build when --enable-dynamicplugins is not given to configure. [1]
- Fix a segfault in HttpInspect
PR: ports/154868
Submitted by: Dean Freeman <wfreeman@sourcefire.com> (maintainer)
[1]: Michael Scheidell
- pass maintainership to William Freeman <wfreeman_AT_sourcefire dot com>
Note: This attached patch replaces the one in ports/153998.
Also fixes the location of the dynamic libs/rules in ports/153224.
PR: ports/154514 [1], ports/153998 [2]
Submitted by: Michael Scheidell <scheidell_AT_secnap dot net>
Change a manual build depend line on automake110 (which is dead)
to a autotools line.
PR: ports/152171
Submitted by: "Tom Judge" <tom@tomjudge.com>
Approved by: maintainer timeout (clsung, 21 days)
- From the release notes:
* Eliminate false positives when using fast_pattern:only and having only
one http content in the pattern matcher.
* Address false positives in FTP preprocessor with string format verification.
Also addressed issue with handling of response codes to data transfer
commands where the response code didn't contain a message.
PR: ports/148878
Submitted by: olli hauer <ohauer_AT_gmx dot de>
- name for one patch has changed from patch-snort.conf to patch-etc__snort.conf
(easier to build diffs with 'make makepatch')
- snort.conf was replaced with the version shiped in the rules tarball
(Maybe users shoud be pointed to the Changelog)
PR: ports/146155
Submitted by: olli hauer <ohauer_AT_gmx dot de>
RELEASE.NOTES
2009-12-15 - Snort 2.8.5.2
[*] Improvements
* Improvements to HTTP Inspect for handling of pipelined requests
and chunked encodings.
* Updated the documentation for output plugins and log limits.
* Fixed building on AIX 6.
* Fixed reloading of auto-iface variables when privileges had been dropped.
* Fixed issues at startup and perfstats rotation with old versions of
libc (2.2, 2.3) & linux threads.
PR: ports/142885
Submitted by: olli hauer <ohauer_AT_gmx dot de>
-Update libtool and libltdl to 2.2.6a.
-Remove devel/libtool15 and devel/libltdl15.
-Fix ports build with libtool22/libltdl22.
-Bump ports that depend on libltdl22 due to shared library version change.
-Explain what to do update in the UPDATING.
It has been tested with GNOME2, XFCE4, KDE3, KDE4 and other many wm/desktop
and applications in the runtime.
With help: marcus and kwm
Pointyhat-exp: a few times by pav
Tested by: pgollucci, "Romain Tartière" <romain@blogreen.org>, and
a few MarcusCom CVS users. Also, I might have missed a few.
Repocopy by: marcus
Approved by: portmgr
- fix libprelude version
One of the config options for security/snort is WITH_PRELUDE. Last
time libprelude has changed to new version, but Makefile for snort is not
updated. This patch corrects this issue.
PointyHat to: beech (ports/127339)
PR: ports/127818
Submitted by: Krzysztof Stryjek <wtp_AT_bsdguru dot org>
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.
To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.
To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.
Changes to Mk/*:
- Add runtime detection magic in bsd.port.mk
- Remove CONFIGURE_TARGET hack in various bsd.*.mk
- USE_GNOME=gnometarget is now an no-op
Changes to individual ports, other than removing the CONFIGURE_TARGET hack:
= pkg-plist changed (due to the ugly CONFIGURE_TARGET prefix in * executables)
- comms/gnuradio
- science/abinit
- science/elmer-fem
- science/elmer-matc
- science/elmer-meshgen2d
- science/elmerfront
- science/elmerpost
= use x86_64 as ARCH
- devel/g-wrap
= other changes
- print/magicfilter
GNU_CONFIGURE -> HAS_CONFIGURE since it's not generated by autoconf
Total # of ports modified: 1,027
Total # of ports affected: ~7,000 (set GNU_CONFIGURE to yes)
PR: 126524 (obsoletes 52917)
Submitted by: rafan
Tested on: two pointyhat 7-amd64 exp runs (by pav)
Approved by: portmgr (pav)
- 2008-06-12 - Snort 2.8.2.1
[*] Improvements
* Fix support for pass rules that sometimes did not take precedence
over alert and/or drop rules.
PR: ports/124717
Submitted by: Michael Scheidell <scheidell_AT_secnap dot net>
Tested on two systems, and until works perfectly.
Changelog snort-2.7.0.1:
* etc/snort.conf:
Turn off flow since Stream5 is now enabled by default.
* src/snort.c:
Fix printing of threshold counts until after all rules are read.
This issue did not affect thresholding, only display of thresholding.
Thanks to Jeffrey Denton for reporting the problem.
* src/sfutil/ipobj.c:
Fix free of invalid pointer when using a negated IP list.
This is used by sfportscan preprocessor configuration parsing.
Thanks to Anders Ostrem for reporting the problem.
* src/preprocessors/Stream5/snort_stream5_session.c:
Fixed issue when experimental ICMP tracking is used without using
the TCP or UDP session tracking. ICMP was attempting to lookup
TCP or UDP sessions from uninitialized session cache. Thanks to
Koji Shikata for reporting the problem.
* src/preprocessors/Stream5/snort_stream5_tcp.c:
Fixed invalid session pointer when rule tries to use flowbits after
session ends. Thanks to rmkml for initially reporting the problem.
PR: ports/115294
Submitted by: Robin Gruyters <r dot gruyters_AT_yirdis dot nl>
