Subject: CVS commit: pkgsrc/net/snort
To: None <>
From: Lubomir Sedlacik <>
List: pkgsrc-changes
Date: 04/16/2003 06:37:20
Module Name:	pkgsrc
Committed By:	salo
Date:		Wed Apr 16 06:37:20 UTC 2003

Modified Files:
	pkgsrc/net/snort: Makefile.common PLIST distinfo
	pkgsrc/net/snort/patches: patch-aa patch-ad patch-ae

Log Message:
Updated to version 2.0.0.

IMPORTANT: This version fixes remotely exploitable heap overflow in the stream4
           preprocessor module.



- Enhanced high-performance detection engine
- Stateful Pattern Matching
- New detection keywords: byte_test & byte_jump
- The Snort code base has undergone an external third party professional
  security audit funded by Sourcefire (
- Many new and updated rules
- snort.conf has been updated
- Enhancements to self preservation mechanisms in stream4 and frag2
- State tracking fixes in stream4
- New HTTP flow analyzer
- Enhanced protocol decoding (TCP options, 802.1q, etc)
- Enhanced protocol anomaly detection (IP, TCP, UDP, ICMP, RPC, HTTP, etc)
- Enhanced flexresp mode for real-time TCP session sniping
- Better chroot()'ing
- Tagging system updated
- Several million bugs addressed....
- Updated FAQ (thanks to Erek Adams and Dragos Ruiu) Snort 2.0 can be
  downloaded at Binary
  versions of the codebase will be built over the next several days and
  made available at here.

- byte_jump/byte_test don't force relative content options
- byte_jump/byte_test absolute offsets work
- Better FIN handling in Stream4

- A low memory usage detection method (enabled via "config detection:
  search-method lowmem")
- Moved the default unix socket location to LOGDIR

- syslog should work on win32 and unix
- major tagging updates
- new UDP decoding alerts
- snort.conf updates

- Higher performance (due to a new pattern matcher and rebuilt detection
- Better decoders
- Enhanced stream reassembly and defragmentation
- Tons of bug fixes
- Updated rules
- Updated snort.conf
- New detection keywords (byte_test, byte_jump, distance, within) &
  stateful pattern matching
- New HTTP flow analyzer
- Enhanced anomaly detection (HTTP, RPC, TCP, IP, etc)
- Better self preservation in stateful subsystems
- Xrefs fixed
- Flexresp works faster and more effectively
- Better chroot()'ing
- Fixed 802.1q decoding
- Better async state handling
- New alerting option: -A cmg!!

To generate a diff of this commit:
cvs rdiff -r1.7 -r1.8 pkgsrc/net/snort/Makefile.common
cvs rdiff -r1.8 -r1.9 pkgsrc/net/snort/PLIST
cvs rdiff -r1.14 -r1.15 pkgsrc/net/snort/distinfo
cvs rdiff -r1.8 -r1.9 pkgsrc/net/snort/patches/patch-aa
cvs rdiff -r1.1 -r1.2 pkgsrc/net/snort/patches/patch-ad \

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.