Subject: CVS commit: pkgsrc/net/snort
From: Nils Ratusznik
Date: 2020-10-01 21:45:02
Message id: 20201001194502.C6B18FB28@cvs.NetBSD.org

Log Message:
Updated net/snort to version 2.9.16.1.

Upstream changelog from 2.9.15.1 to 2.9.16 :
* src/preprocessors/Stream6/snort_stream_tcp.c :
  Addressed an issue when out-of-order FIN is received by dropping it.

* src/output-plugins/spo_unified2.c,
  src/preprocessors/Stream6/snort_stream_tcp.c :
  Fixed an issue in which xtradata is not added to the alert in unified file.

* src/reload.c,
  src/snort.c :
  Fixed potential race condition between reload and exit path (main thread).

* etc/file_magic.conf :
  Updated the file magic to detect ALZ file types.

* src/sfutil/sf_ip.h :
  Added support for gcc version 9.2.1.

* src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c :
  Fixed an issue in which APPID returns no match.

* src/dynamic-preprocessors/dcerpc2/sf_dce2.vcxproj,
  src/dynamic-preprocessors/dnp3/sf_dnp3.vcxproj,
  src/dynamic-preprocessors/dns/sf_dns.vcxproj,
  src/dynamic-preprocessors/dynamic_preprocessors.vcxproj,
  src/dynamic-preprocessors/ftptelnet/sf_ftptelnet.vcxproj,
  src/dynamic-preprocessors/gtp/sf_gtp.vcxproj,
  src/dynamic-preprocessors/imap/sf_imap.vcxproj,
  src/dynamic-preprocessors/libs/sfdynamic_preproc_libs.vcxproj,
  src/dynamic-preprocessors/modbus/sf_modbus.vcxproj,
  src/dynamic-preprocessors/pop/sf_pop.vcxproj,
  src/dynamic-preprocessors/reputation/sf_reputation.vcxproj,
  src/dynamic-preprocessors/sdf/sf_sdf.vcxproj,
  src/dynamic-preprocessors/sf_dynamic_initialize/sf_dynamic_initialize.vcxproj,
  src/dynamic-preprocessors/sip/sf_sip.vcxproj,
  src/dynamic-preprocessors/smtp/sf_smtp.vcxproj,
  src/dynamic-preprocessors/ssh/sf_ssh.vcxproj,
  src/dynamic-preprocessors/ssl/sf_ssl.vcxproj,
  src/win32/WIN32-Prj/build_all.vcxproj,
  src/win32/WIN32-Prj/sf_engine.vcxproj,
  src/win32/WIN32-Prj/sf_engine_initialize.vcxproj,
  src/win32/WIN32-Prj/snort.vcxproj,
  src/win32/WIN32-Prj/snort_initialize.vcxproj,
  src/win32/WIN32-Prj/snort_installer_x64.nsi,
  src/win32/WIN32-Prj/snort_x64.dsw,
  src/win64/WIN64-Libraries/Packet.lib,
  src/win64/WIN64-Libraries/libdnet/dnet.lib,
  src/win64/WIN64-Libraries/pcre.lib,
  src/win64/WIN64-Libraries/wpcap.lib,
  src/win64/WIN64-Libraries/zlib.lib,
  tools/u2spewfoo/u2spewfoo.vcxproj :
  Added 64-bit support for Windows 10 operating system.

* src/dynamic-preprocessors/pop/snort_pop.c :
  Fixed an issue where POP preprocessor was not generating alert in some cases.

* src/dynamic-preprocessors/gtp/gtp_parser.c :
  Fixed the alerting logic for GTP v2 with missing TEID.

* src/preprocessors/HttpInspect/utils/hi_paf.c :
  Fixed file policy not working with character prefix in chunk size.

* configure.in,
  src/reload.c,
  src/side-channel/sidechannel.c,
  src/snort.c,
  src/target-based/sftarget_reader.c,
  src/util.h :
  Added support for glibc version 2.30.

* src/decode.h,
  src/dynamic-plugins/sf_engine/sf_snort_packet.h,
  src/preprocessors/HttpInspect/utils/hi_paf.c,
  src/preprocessors/Stream6/snort_stream_tcp.c,
  src/preprocessors/Stream6/stream_paf.c,
  src/preprocessors/snort_httpinspect.c,
  src/preprocessors/snort_httpinspect.h,
  src/preprocessors/stream_api.h :
  Added support for early inspection of HTTP payload before flushing in pre-ack mode.

* src/file-process/file_api.h,
  src/file-process/file_service.c,
  src/preprocessors/HttpInspect/include/hi_norm.h,
  src/preprocessors/HttpInspect/include/hi_ui_config.h,
  src/preprocessors/HttpInspect/server/hi_server_norm.c,
  src/preprocessors/snort_httpinspect.c :
  Normalize randomly encoded nulls interspersed in the HTTP server response to UTF-8.

Upstream changelog from 2.9.16 to 2.9.16.1 :

* src/dynamic-preprocessors/appid/appIdConfig.h,
  src/dynamic-preprocessors/appid/appInfoTable.c,
  src/dynamic-preprocessors/appid/flow.h,
  src/dynamic-preprocessors/appid/fw_appid.c :
  Added packet counters to make sure flows with one-way data don't pend forever.

* src/detection-plugins/sp_flowbits.c,
  src/snort.c :
  Fixed potential race condition between reload and exit path.

* src/detection-plugins/sp_session.c,
  src/preprocessors/Stream6/stream_paf.h,
  src/sfutil/util_jsnorm.c :
  Added support for GCC version 10.1.1.

Pkgsrc changes :
* added patch for NetBSD to get the definition for endrpcent(), which fixes \ 
compilation
* snort now depends on bash since a bundled tool is a bash shell script
* some pkglint compliance changes in Makefile and options.mk

Files:
RevisionActionfile
1.66modifypkgsrc/net/snort/Makefile
1.52modifypkgsrc/net/snort/distinfo
1.10modifypkgsrc/net/snort/options.mk
1.1addpkgsrc/net/snort/patches/patch-src_dynamic-preprocessors_appid_service__plugins_service__rpc.c