Subject: CVS commit: pkgsrc/net
To: None <>
From: Lubomir Sedlacik <>
List: pkgsrc-changes
Date: 12/31/2003 14:11:42
Module Name:	pkgsrc
Committed By:	salo
Date:		Wed Dec 31 14:11:42 UTC 2003

Modified Files:
	pkgsrc/net/snort: Makefile Makefile.common PLIST distinfo
	pkgsrc/net/snort-mysql: Makefile
	pkgsrc/net/snort-pgsql: Makefile
	pkgsrc/net/snort/patches: patch-ae

Log Message:
Update to version 2.1.0.


- A new connection tracking module, Flow (replaces conversation)
- A new portscan detector based off of Flow, Flow-Portscan (replaces
- A new http preprocessor, HttpInspect (replaces http_decode)
- Alert Thresholding and Suppression
- PCRE rule keyword (Perl Compat Regular Expressions)
- isdataat rule keyword (buffer length detection)
- A ton of new and updated rules.

- 64-bit update for detection engine. (Thanks, Silio d'Angelo)
- Added better PPP decoding. (Thanks Jesper Peterson)
- Updated ip_proto optimization for high-speed detection engine.
- Fixed infinite loop problem that was introduced by the recursive pattern
  matching patch. Reported by Lawrence Reed, thanks for testing out the
  changes for us!
- Various changes to help respond (version 1) work a little better.
- spp_http_decode 64-bit patch from Dirk Mueller.
- Out-of-order ACK problem from Andrew Rucker. Also, updated stream4 to the
  most recent version from HEAD.
- Minor fixes to tagging related to 'src' and 'dst' directives
- When counting one byte patterns in 'ningroup' added a check for
  psLen==1 (wu-manber pattern matcher). Thanks Josh Sakofsky and Dennis
  McGuire for helping us test this.

- Stream4 fixes from Andrew Rucker Jones.
- Allow memcap to be configured for threshold features.

- Fixed a core dump introduced with 2.0.3 when dealing with negated patterns

- doe_ptr handling in byte_test/byte_jump slightly modified to work
  better with the pcre patch
- content processing is now recursive to make distance/within processing
  better ( thanks to Shai Rubin for patch! )
- fixed a bug in the mwm.c pattern matcher that resulted in some alerts
  not firing in a particular configuration of rules

- Added Thresholding and Suppression features (Marc Norton/Sourcefire)
- Fixed TCP RST processing bug found (Shai Rubin)
- Cleanup of spp_arpspoof (Jeff Nathan)
- Cleanup of win32 version including proper Event Log support (Chris Reid)
- Munged data fixes for stream4 (Chris Green)

To generate a diff of this commit:
cvs rdiff -r1.23 -r1.24 pkgsrc/net/snort/Makefile
cvs rdiff -r1.12 -r1.13 pkgsrc/net/snort/Makefile.common
cvs rdiff -r1.11 -r1.12 pkgsrc/net/snort/PLIST
cvs rdiff -r1.18 -r1.19 pkgsrc/net/snort/distinfo
cvs rdiff -r1.7 -r1.8 pkgsrc/net/snort-mysql/Makefile
cvs rdiff -r1.11 -r1.12 pkgsrc/net/snort-pgsql/Makefile
cvs rdiff -r1.2 -r1.3 pkgsrc/net/snort/patches/patch-ae

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.