[pkgsrc/trunk]: pkgsrc/net/snort Update to snort 2.3.0

[adrianp <adrianp%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/a62025fc5eee
branches:  trunk
changeset: 488363:a62025fc5eee
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Fri Jan 28 23:02:41 2005 +0000

description:
Update to snort 2.3.0

2005-01-25 - Snort 2.3.0 Final Released

* Fixed issue with sfPortscan reporting incorrect IP datagram length.
  Thanks Jon Hart for the test case and finding the bug, and Marc Norton
  for resolving the issue.

* Threshold/Suppression now prints properly when logging to syslog.
  Thanks Sekure for pointing out the problem. Thanks Steve Sturges for
  working on the fix.

* Threshold memcap argument now correctly handles non-integer input.
  Thanks nnposter for the patch.

* Fixed issue reported by Allan Jensen, where on MacOS X, ppp links were
  not decoded properly. Thanks Dan Roelker for the fix.

* Snort manual and FAQ are updated for 2.3. Thanks Jen Harvey for your
  work on putting it all together.

2004-12-15 - Snort 2.3.0 RC2 Released

* Small performance improvement to arpspoof and also fixed a problem
  where the list of configured IP/MAC entries would contain only one
  entry and leaked memory (Jeff Nathan).

* Fixed a problem affecting MacOS X where linking may fail with
  non-standard libraries when global symbols are encountered multiple
  times (Jeff Nathan).

* Ignore RST|ACK midstream pickup case so we don't get an evasive TCP
  alerts.  Thanks for the report, Sekure. Thanks Dan Roelker for the fix.

* Moved CheckLogDir() to after parsing snort.conf (for IDS mode) so the
  logdir config will work if the default or command-line logdir does not
  exist on the system. Thanks Dan Roelker.

* Fixed bug when setting the doe_ptr on a successful pcre match.
  It is now set relative to base_ptr. Thanks Steve Sturges for the
  fix.

* Added from_beginning and multiplier options for byte_jump.
  from_beginning skips bytes from the beginning of the content,
  instead of from the location immediately following the number
  of bytes to skip.  multiplier takes a numeric argument, and
  skips x times that number of bytes. Thanks again to Steve Sturges.

* In "fast" output, now log only actual packet contents when UDP
  data length is greater than actual data length. Thanks Brian
  Caswell for spotting this, and Andrew Mullican for working on the fix.

* Please check the ChangeLog for further details.

2004-11-18 - Snort 2.3.0 RC1 Released

* Added IPS functionality from Snort-Inline.  A big thanks to the
  Snort-Inline guys (Jed Haile, Rob McMillen, William Metcalf, and Victor
  Julien).  Also, Thanks Dan Roelker for doing the integrating of
  Snort-Inline into the official Snort project.

* Added new portscan detector.  The design and implementation was headed
  up by Dan Roelker, and included Marc Norton and Jeremy Hewlett.

* Numerous changes for better 64bit Snort support from Jeremy Hewlett and
  Marc Norton.  Additionally, an --enable-64bit-gcc option was added to
  configure.  However, there are still some memory alignment issues to
  work out before 64bit mode is fully functional, patches are welcomed.
  Thanks Chris Baker for doing 64bit testing.

* Added not_established keyword to the flow detection option.  This allows
  snort to do dynamic firewall rulesets.  Experimental for now.

* Added an enforce_state keyword to stream4 so we won't pick up midstream
  sessions.  This works well for asynchronous links and also for
  just monitoring legitimate traffic.

* Relocated ./contrib files to http://www.snort.org/dl/contrib as many
  are not maintained by Sourcefire and are out of date. The rpm and
  schema files have been relocated in their respective 'rpm' and 'schemas'
  directories under the snort parent directory.

* perfmonitor config line can now be configured with "accumulate" or
  "reset."  Thanks Marc Norton for the feature, and Barry Basselgia for
  pointing out the issue.  Thanks Scott Dexter and Andreas Ostling for
  doing some initial testing.

* Fixed 64-bit bug in sfmemcap.c found and tested by Ryan Matteson
  and Clay McClure.  Thanks guys.

* Fixed reference times to match log time for first packet, for an event
  generated by a reassembled packet.  Incremented event ID to give
  unique ID for each packet.  Also made unified logging compatible with
  Windows.  Thanks Andrew Mullican for the fix.

* Fixed linux perfmonitoring stats for the 2.6 kernel.  Thanks to
  everyone that reported this bug.  Thanks Dan Roelker for the fix.

* Get thresholding/suppression to work for alerts that do not
  contain an ip header (primarily decode alerts).  Thanks
  Brian Caswell.

* Fix conditions where snort would log double web alerts that
  contained only content options (no uricontents).  Thanks to kawa for
  finding and reporting this bug.

* Fix suppression/thresholding bug for non-rule alerts.  Thanks to
  Alex Butcher for reporting it to us.

* Many other bug fixes, please check the ChangeLog for details.

diffstat:

 net/snort/Makefile        |    3 +-
 net/snort/Makefile.common |    5 +-
 net/snort/PLIST           |  431 +++++++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 427 insertions(+), 12 deletions(-)

diffs (truncated from 561 to 300 lines):

diff -r 04b2fa954e02 -r a62025fc5eee net/snort/Makefile
--- a/net/snort/Makefile        Fri Jan 28 22:53:36 2005 +0000
+++ b/net/snort/Makefile        Fri Jan 28 23:02:41 2005 +0000
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.25 2004/12/28 02:47:48 reed Exp $
+# $NetBSD: Makefile,v 1.26 2005/01/28 23:02:41 adrianp Exp $
 #
 
 .include "Makefile.common"
 
-PKGREVISION=   1
 COMMENT=       The Open Source Network Intrusion Detection System
 
 .include "../../mk/bsd.pkg.mk"
diff -r 04b2fa954e02 -r a62025fc5eee net/snort/Makefile.common
--- a/net/snort/Makefile.common Fri Jan 28 22:53:36 2005 +0000
+++ b/net/snort/Makefile.common Fri Jan 28 23:02:41 2005 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile.common,v 1.16 2004/09/21 15:50:26 adrianp Exp $
+# $NetBSD: Makefile.common,v 1.17 2005/01/28 23:02:41 adrianp Exp $
 #
 
-DISTNAME=              snort-2.2.0
+DISTNAME=              snort-2.3.0
 CATEGORIES=            net security
 MASTER_SITES=          http://www.snort.org/dl/ \
                        ftp://the.wiretapped.net/pub/security/network-intrusion-detection/snort/ \
@@ -80,7 +80,6 @@
                ${INSTALL_DATA} $$i ${PREFIX}/share/snort/rules ; \
        done
        ${INSTALL_MAN} ${WRKSRC}/snort.8 ${PREFIX}/man/man8
-       ${INSTALL_DATA} ${WRKSRC}/contrib/create_* ${SNORTDIR}
 
 .include "../../devel/pcre/buildlink3.mk"
 .include "../../net/libpcap/buildlink3.mk"
diff -r 04b2fa954e02 -r a62025fc5eee net/snort/PLIST
--- a/net/snort/PLIST   Fri Jan 28 22:53:36 2005 +0000
+++ b/net/snort/PLIST   Fri Jan 28 23:02:41 2005 +0000
@@ -1,15 +1,15 @@
-@comment $NetBSD: PLIST,v 1.17 2004/09/23 20:01:34 adrianp Exp $
+@comment $NetBSD: PLIST,v 1.18 2005/01/28 23:02:41 adrianp Exp $
 bin/snort
 man/man8/snort.8
 share/doc/snort/AUTHORS
 share/doc/snort/BUGS
 share/doc/snort/CREDITS
-share/doc/snort/FAQ
 share/doc/snort/INSTALL
 share/doc/snort/NEWS
 share/doc/snort/PROBLEMS
 share/doc/snort/README
 share/doc/snort/README.FLEXRESP
+share/doc/snort/README.INLINE
 share/doc/snort/README.PLUGINS
 share/doc/snort/README.UNSOCK
 share/doc/snort/README.WIN32
@@ -22,12 +22,15 @@
 share/doc/snort/README.flow-portscan
 share/doc/snort/README.flowbits
 share/doc/snort/README.http_inspect
+share/doc/snort/README.sfportscan
 share/doc/snort/README.thresholding
 share/doc/snort/README.wireless
 share/doc/snort/RULES.todo
 share/doc/snort/TODO
 share/doc/snort/USAGE
 share/doc/snort/WISHLIST
+share/doc/snort/faq.pdf
+share/doc/snort/faq.tex
 share/doc/snort/signatures/1000.txt
 share/doc/snort/signatures/1001.txt
 share/doc/snort/signatures/1002.txt
@@ -141,6 +144,23 @@
 share/doc/snort/signatures/1107.txt
 share/doc/snort/signatures/1108.txt
 share/doc/snort/signatures/1109.txt
+share/doc/snort/signatures/111-1.txt
+share/doc/snort/signatures/111-10.txt
+share/doc/snort/signatures/111-11.txt
+share/doc/snort/signatures/111-12.txt
+share/doc/snort/signatures/111-13.txt
+share/doc/snort/signatures/111-14.txt
+share/doc/snort/signatures/111-15.txt
+share/doc/snort/signatures/111-16.txt
+share/doc/snort/signatures/111-17.txt
+share/doc/snort/signatures/111-2.txt
+share/doc/snort/signatures/111-3.txt
+share/doc/snort/signatures/111-4.txt
+share/doc/snort/signatures/111-5.txt
+share/doc/snort/signatures/111-6.txt
+share/doc/snort/signatures/111-7.txt
+share/doc/snort/signatures/111-8.txt
+share/doc/snort/signatures/111-9.txt
 share/doc/snort/signatures/111.txt
 share/doc/snort/signatures/1110.txt
 share/doc/snort/signatures/1111.txt
@@ -1765,43 +1785,444 @@
 share/doc/snort/signatures/2653.txt
 share/doc/snort/signatures/2654.txt
 share/doc/snort/signatures/2655.txt
+share/doc/snort/signatures/2656.txt
+share/doc/snort/signatures/2657.txt
+share/doc/snort/signatures/2658.txt
+share/doc/snort/signatures/2659.txt
 share/doc/snort/signatures/266.txt
+share/doc/snort/signatures/2660.txt
+share/doc/snort/signatures/2661.txt
+share/doc/snort/signatures/2662.txt
+share/doc/snort/signatures/2663.txt
+share/doc/snort/signatures/2664.txt
+share/doc/snort/signatures/2665.txt
+share/doc/snort/signatures/2666.txt
+share/doc/snort/signatures/2667.txt
+share/doc/snort/signatures/2668.txt
+share/doc/snort/signatures/2669.txt
 share/doc/snort/signatures/267.txt
+share/doc/snort/signatures/2670.txt
+share/doc/snort/signatures/2671.txt
+share/doc/snort/signatures/2672.txt
+share/doc/snort/signatures/2673.txt
+share/doc/snort/signatures/2674.txt
+share/doc/snort/signatures/2675.txt
+share/doc/snort/signatures/2676.txt
+share/doc/snort/signatures/2677.txt
+share/doc/snort/signatures/2678.txt
+share/doc/snort/signatures/2679.txt
 share/doc/snort/signatures/268.txt
+share/doc/snort/signatures/2680.txt
+share/doc/snort/signatures/2681.txt
+share/doc/snort/signatures/2682.txt
+share/doc/snort/signatures/2683.txt
+share/doc/snort/signatures/2684.txt
+share/doc/snort/signatures/2685.txt
+share/doc/snort/signatures/2686.txt
+share/doc/snort/signatures/2687.txt
+share/doc/snort/signatures/2688.txt
+share/doc/snort/signatures/2689.txt
 share/doc/snort/signatures/269.txt
+share/doc/snort/signatures/2690.txt
+share/doc/snort/signatures/2691.txt
+share/doc/snort/signatures/2692.txt
+share/doc/snort/signatures/2693.txt
+share/doc/snort/signatures/2694.txt
+share/doc/snort/signatures/2695.txt
+share/doc/snort/signatures/2696.txt
+share/doc/snort/signatures/2697.txt
+share/doc/snort/signatures/2698.txt
+share/doc/snort/signatures/2699.txt
 share/doc/snort/signatures/270.txt
+share/doc/snort/signatures/2700.txt
+share/doc/snort/signatures/2701.txt
+share/doc/snort/signatures/2702.txt
+share/doc/snort/signatures/2703.txt
+share/doc/snort/signatures/2704.txt
+share/doc/snort/signatures/2705.txt
+share/doc/snort/signatures/2706.txt
+share/doc/snort/signatures/2707.txt
+share/doc/snort/signatures/2708.txt
+share/doc/snort/signatures/2709.txt
 share/doc/snort/signatures/271.txt
+share/doc/snort/signatures/2710.txt
+share/doc/snort/signatures/2711.txt
+share/doc/snort/signatures/2712.txt
+share/doc/snort/signatures/2713.txt
+share/doc/snort/signatures/2714.txt
+share/doc/snort/signatures/2715.txt
+share/doc/snort/signatures/2716.txt
+share/doc/snort/signatures/2717.txt
+share/doc/snort/signatures/2718.txt
+share/doc/snort/signatures/2719.txt
 share/doc/snort/signatures/272.txt
+share/doc/snort/signatures/2720.txt
+share/doc/snort/signatures/2721.txt
+share/doc/snort/signatures/2722.txt
+share/doc/snort/signatures/2723.txt
+share/doc/snort/signatures/2724.txt
+share/doc/snort/signatures/2725.txt
+share/doc/snort/signatures/2726.txt
+share/doc/snort/signatures/2727.txt
+share/doc/snort/signatures/2728.txt
+share/doc/snort/signatures/2729.txt
 share/doc/snort/signatures/273.txt
+share/doc/snort/signatures/2730.txt
+share/doc/snort/signatures/2731.txt
+share/doc/snort/signatures/2732.txt
+share/doc/snort/signatures/2733.txt
+share/doc/snort/signatures/2734.txt
+share/doc/snort/signatures/2735.txt
+share/doc/snort/signatures/2736.txt
+share/doc/snort/signatures/2737.txt
+share/doc/snort/signatures/2738.txt
+share/doc/snort/signatures/2739.txt
 share/doc/snort/signatures/274.txt
+share/doc/snort/signatures/2740.txt
+share/doc/snort/signatures/2741.txt
+share/doc/snort/signatures/2742.txt
+share/doc/snort/signatures/2743.txt
+share/doc/snort/signatures/2744.txt
+share/doc/snort/signatures/2745.txt
+share/doc/snort/signatures/2746.txt
+share/doc/snort/signatures/2747.txt
+share/doc/snort/signatures/2748.txt
+share/doc/snort/signatures/2749.txt
 share/doc/snort/signatures/275.txt
+share/doc/snort/signatures/2750.txt
+share/doc/snort/signatures/2751.txt
+share/doc/snort/signatures/2752.txt
+share/doc/snort/signatures/2753.txt
+share/doc/snort/signatures/2754.txt
+share/doc/snort/signatures/2755.txt
+share/doc/snort/signatures/2756.txt
+share/doc/snort/signatures/2757.txt
+share/doc/snort/signatures/2758.txt
+share/doc/snort/signatures/2759.txt
 share/doc/snort/signatures/276.txt
+share/doc/snort/signatures/2760.txt
+share/doc/snort/signatures/2761.txt
+share/doc/snort/signatures/2762.txt
+share/doc/snort/signatures/2763.txt
+share/doc/snort/signatures/2764.txt
+share/doc/snort/signatures/2765.txt
+share/doc/snort/signatures/2766.txt
+share/doc/snort/signatures/2767.txt
+share/doc/snort/signatures/2768.txt
+share/doc/snort/signatures/2769.txt
 share/doc/snort/signatures/277.txt
+share/doc/snort/signatures/2770.txt
+share/doc/snort/signatures/2771.txt
+share/doc/snort/signatures/2772.txt
+share/doc/snort/signatures/2773.txt
+share/doc/snort/signatures/2774.txt
+share/doc/snort/signatures/2775.txt
+share/doc/snort/signatures/2776.txt
+share/doc/snort/signatures/2777.txt
+share/doc/snort/signatures/2778.txt
+share/doc/snort/signatures/2779.txt
 share/doc/snort/signatures/278.txt
+share/doc/snort/signatures/2780.txt
+share/doc/snort/signatures/2781.txt
+share/doc/snort/signatures/2782.txt
+share/doc/snort/signatures/2783.txt
+share/doc/snort/signatures/2784.txt
+share/doc/snort/signatures/2785.txt
+share/doc/snort/signatures/2786.txt
+share/doc/snort/signatures/2787.txt
+share/doc/snort/signatures/2788.txt
+share/doc/snort/signatures/2789.txt
 share/doc/snort/signatures/279.txt
+share/doc/snort/signatures/2790.txt
+share/doc/snort/signatures/2791.txt
+share/doc/snort/signatures/2792.txt
+share/doc/snort/signatures/2793.txt
+share/doc/snort/signatures/2794.txt
+share/doc/snort/signatures/2795.txt
+share/doc/snort/signatures/2796.txt
+share/doc/snort/signatures/2797.txt
+share/doc/snort/signatures/2798.txt
+share/doc/snort/signatures/2799.txt
+share/doc/snort/signatures/2800.txt
+share/doc/snort/signatures/2801.txt
+share/doc/snort/signatures/2802.txt
+share/doc/snort/signatures/2803.txt
+share/doc/snort/signatures/2804.txt
+share/doc/snort/signatures/2805.txt
+share/doc/snort/signatures/2806.txt
+share/doc/snort/signatures/2807.txt
+share/doc/snort/signatures/2808.txt
+share/doc/snort/signatures/2809.txt
 share/doc/snort/signatures/281.txt
+share/doc/snort/signatures/2810.txt
+share/doc/snort/signatures/2811.txt
+share/doc/snort/signatures/2812.txt
+share/doc/snort/signatures/2813.txt
+share/doc/snort/signatures/2814.txt
+share/doc/snort/signatures/2815.txt
+share/doc/snort/signatures/2816.txt
+share/doc/snort/signatures/2817.txt
+share/doc/snort/signatures/2818.txt
+share/doc/snort/signatures/2819.txt
 share/doc/snort/signatures/282.txt
+share/doc/snort/signatures/2820.txt
+share/doc/snort/signatures/2821.txt
+share/doc/snort/signatures/2822.txt
+share/doc/snort/signatures/2823.txt
+share/doc/snort/signatures/2824.txt
+share/doc/snort/signatures/2825.txt
+share/doc/snort/signatures/2826.txt
+share/doc/snort/signatures/2827.txt
+share/doc/snort/signatures/2828.txt
+share/doc/snort/signatures/2829.txt
 share/doc/snort/signatures/283.txt
+share/doc/snort/signatures/2830.txt
+share/doc/snort/signatures/2831.txt
+share/doc/snort/signatures/2832.txt
+share/doc/snort/signatures/2833.txt
+share/doc/snort/signatures/2834.txt
+share/doc/snort/signatures/2835.txt
+share/doc/snort/signatures/2836.txt
+share/doc/snort/signatures/2837.txt
+share/doc/snort/signatures/2838.txt