Log message:
Update to 2.4.2
- don't try to actually open the log file when in test mode
- Fixes to address schema being a keyword in MySQL 5.0

Log message:
Update snort to 2.4.1

Log message:
Add patch from snort CVS to address a security issue:
	http://secunia.com/advisories/16786/
Whitespace police on MESSAGE
Bump to nb1

Log message:
The real user name in PKG_USERS does not need to be escaped with double
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.

Log message:
Merge CONF_FILES/SUPPORT_FILES and CONF_FILES_PERMS/SUPPORT_FILES_PERMS
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files.  Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.

Log message:
Update snort to 2.4.0
If you are using this package make note of the distribution change
mentioned below.  I have update the MESSAGE to inform users of this and
there is now also a net/snort-rules package with the community rules.

> [*] Distribution Change
>     * Rules are no longer distributed as part of the Snort releases, they are
>       available as a separate download from snort.org.  This was done for
>       three reasons:
>         1) To better manage the new rules licensing.
>         2) To reduce the size of the engine download.
>         3) To move the thousands of documentation files for the rules into
>            the rules tarballs.  If you've ever checked Snort out of CVS you'll
>            know why this is a Good Thing.
>
> [*] New additions
>     * Added new IP defragmentation preprocessor, Frag3. The frag3 preprocessor
>       is a target-based IP defragmentation module, and is intended as a
>       replacement for the frag2 module.  Check out the README.frag3 for full
>       info on this new preprocessor.
>
>     * Libprelude support has been added (enable with --enable-prelude).
>       Thanks Yoann Vandoorselaere!
>
>     * An "ftpbounce" rule detection plugin was added for easier \ 
detection of
>       FTP bounce attacks.
>
>     * Added a new Snort config option, "ignore_ports," to ignore \ 
packets
>       based on port number.  This is similar to bpf filters, but done within
>       snort.conf.
>
> [*] Improvements
>     * Snort startup messages printed in syslog now contain a PID before each
>       entry. Thanks Sekure for initially bringing this up.
>
>     * Stream4: Performance improvements.
>
>     * Stream4: Added 'max_session_limit' option which limits number of
>       concurrent sessions tracked.  Added favor_old/favor_new options that
>       affect order in which packets are put together for reassembly.
>
>     * Stream4: New configuration options to manage flushpoints for improved
>       anti-evasion.  The flush_behavior option selects flushpoint management
>       mode.  New flush_base, flush_range, and flush_seed manage randomized
>       flushing.  Check out the snort.conf file for full config data on the
>       new flush options.
>
>     * Added two more alerts for BackOrifice client and server packets. This
>       allows specific alerts to be suppressed.
>
>     * PerfMon preprocessor updated to include more detailed stats for rebuilt
>       packets (applayer, wire, fragmented & TCP). Also added 'atexitonly'
>       option that dumps stats at exit of snort, and command line -Z flag to
>       specify the file to which stats are logged.
>
>     * Added new Http Inspect config item, "tab_uri_delimiter," \ 
which if
>       specified, lets a tab character (0x09) act as the delimiter for a URI.
>
>     * Added a '-G' command line flag to snort that specifies the Snort
>       instance log identifier. It takes a single argument that can be either
>       hex (prefaced with 0x) or decimal. The unified log files will include
>       the instance ID when the -G flag is used.
>
>     * "Same SRC/DST" (sid 527) and "Loopback Traffic" \ 
(sid 528) are now
>       handled in the IP decoder. Those sids are now considered obsolete.
>
>     * Http_Inspect "flow_depth" option now accepts a -1 value \ 
which tells
>       Snort to ignore all server-side traffic.
>
>     * RPMs have been updated to be more portable, and also now include a
>       "--with inline" option for those wanting to build Inline \ 
RPMs. Thanks
>       Daniel Wittenberg and JP Vossen for your help!
>
>     * Many, many bug fixes have also gone into this release, please see the
>       ChangeLog for details.

Log message:
RCD_SCRIPTS_EXAMPLEDIR is no longer customizable.
And always is defined as share/examples/rc.d
which was the default before.

This rc.d scripts are not automatically added to PLISTs now also.
So add to each corresponding PLIST as required.

This was discussed on tech-pkg in late January and late April.

Todo: remove the RCD_SCRIPTS_EXAMPLEDIR uses in MESSAGES and elsewhere
and remove the RCD_SCRIPTS_EXAMPLEDIR itself.

Log message:
- Update snort to 2.3.3
- Fix /var => ${VARBASE}
- Changes Include:
> * Issues with suppressing sfPortscan Open Ports have been fixed.
>
> * Added a new mini-preprocessor to catch the X-Link2State
>   vulnerability.  This preprocessor can be configured to drop the
>   offending connection when in Inline-mode. Please read snort.conf or
>   the snort manual for more details.  This preprocessor is enabled by
>   default in snort.conf.

Log message:
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.

Log message:
- Update snort from 2.3.0 -> 2.3.2

2005-03-10 - Snort 2.3.2 Released

* Removed end-of-line parser fix in favor of completely reworking
  this at the next parser overhaul.

2005-03-09 - Snort 2.3.1 Released

* Fixed issue where the number of flowbits were too small. Thanks Marc
  Norton for the fix.

* Fixed parsing of comments at end of line in config file.  In
  snort.conf, anything that follows a # on a line is considered a
  comment. Thanks Steve Sturges for the fix.

* Fixed alignment issue causing sfPortscan to crash on Solaris/HPUX.
  Thanks Andy Mullican for the fix. Thanks Senthil Prabu.S and
  Jonathan Miner for working with us on this.