pkgsrc-changes: CVS commit: pkgsrc/net/snort

Subject: CVS commit: pkgsrc/net/snort
To: None <pkgsrc-changes@NetBSD.org>
From: Adrian Portelli <adrianp@netbsd.org>
List: pkgsrc-changes
Date: 08/13/2005 19:56:47
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Sat Aug 13 19:56:47 UTC 2005

Modified Files:
	pkgsrc/net/snort: MESSAGE Makefile.common PLIST distinfo
	pkgsrc/net/snort/patches: patch-aa
Removed Files:
	pkgsrc/net/snort/patches: patch-ad

Log Message:
Update snort to 2.4.0
If you are using this package make note of the distribution change
mentioned below.  I have update the MESSAGE to inform users of this and
there is now also a net/snort-rules package with the community rules.

> [*] Distribution Change
>     * Rules are no longer distributed as part of the Snort releases, they are
>       available as a separate download from snort.org.  This was done for
>       three reasons:
>         1) To better manage the new rules licensing.
>         2) To reduce the size of the engine download.
>         3) To move the thousands of documentation files for the rules into
>            the rules tarballs.  If you've ever checked Snort out of CVS you'll
>            know why this is a Good Thing.
>
> [*] New additions
>     * Added new IP defragmentation preprocessor, Frag3. The frag3 preprocessor
>       is a target-based IP defragmentation module, and is intended as a
>       replacement for the frag2 module.  Check out the README.frag3 for full
>       info on this new preprocessor.
>
>     * Libprelude support has been added (enable with --enable-prelude).
>       Thanks Yoann Vandoorselaere!
>
>     * An "ftpbounce" rule detection plugin was added for easier detection of
>       FTP bounce attacks.
>
>     * Added a new Snort config option, "ignore_ports," to ignore packets
>       based on port number.  This is similar to bpf filters, but done within
>       snort.conf.
>
> [*] Improvements
>     * Snort startup messages printed in syslog now contain a PID before each
>       entry. Thanks Sekure for initially bringing this up.
>
>     * Stream4: Performance improvements.
>
>     * Stream4: Added 'max_session_limit' option which limits number of
>       concurrent sessions tracked.  Added favor_old/favor_new options that
>       affect order in which packets are put together for reassembly.
>
>     * Stream4: New configuration options to manage flushpoints for improved
>       anti-evasion.  The flush_behavior option selects flushpoint management
>       mode.  New flush_base, flush_range, and flush_seed manage randomized
>       flushing.  Check out the snort.conf file for full config data on the
>       new flush options.
>
>     * Added two more alerts for BackOrifice client and server packets. This
>       allows specific alerts to be suppressed.
>
>     * PerfMon preprocessor updated to include more detailed stats for rebuilt
>       packets (applayer, wire, fragmented & TCP). Also added 'atexitonly'
>       option that dumps stats at exit of snort, and command line -Z flag to
>       specify the file to which stats are logged.
>
>     * Added new Http Inspect config item, "tab_uri_delimiter," which if
>       specified, lets a tab character (0x09) act as the delimiter for a URI.
>
>     * Added a '-G' command line flag to snort that specifies the Snort
>       instance log identifier. It takes a single argument that can be either
>       hex (prefaced with 0x) or decimal. The unified log files will include
>       the instance ID when the -G flag is used.
>
>     * "Same SRC/DST" (sid 527) and "Loopback Traffic" (sid 528) are now
>       handled in the IP decoder. Those sids are now considered obsolete.
>
>     * Http_Inspect "flow_depth" option now accepts a -1 value which tells
>       Snort to ignore all server-side traffic.
>
>     * RPMs have been updated to be more portable, and also now include a
>       "--with inline" option for those wanting to build Inline RPMs. Thanks
>       Daniel Wittenberg and JP Vossen for your help!
>
>     * Many, many bug fixes have also gone into this release, please see the
>       ChangeLog for details.


To generate a diff of this commit:
cvs rdiff -r1.3 -r1.4 pkgsrc/net/snort/MESSAGE
cvs rdiff -r1.20 -r1.21 pkgsrc/net/snort/Makefile.common
cvs rdiff -r1.21 -r1.22 pkgsrc/net/snort/PLIST
cvs rdiff -r1.27 -r1.28 pkgsrc/net/snort/distinfo
cvs rdiff -r1.11 -r1.12 pkgsrc/net/snort/patches/patch-aa
cvs rdiff -r1.3 -r0 pkgsrc/net/snort/patches/patch-ad

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.