Log message:
Update distinfo for snort-2.3.0.

Log message:
Update to snort 2.3.0

2005-01-25 - Snort 2.3.0 Final Released

* Fixed issue with sfPortscan reporting incorrect IP datagram length.
  Thanks Jon Hart for the test case and finding the bug, and Marc Norton
  for resolving the issue.

* Threshold/Suppression now prints properly when logging to syslog.
  Thanks Sekure for pointing out the problem. Thanks Steve Sturges for
  working on the fix.

* Threshold memcap argument now correctly handles non-integer input.
  Thanks nnposter for the patch.

* Fixed issue reported by Allan Jensen, where on MacOS X, ppp links were
  not decoded properly. Thanks Dan Roelker for the fix.

* Snort manual and FAQ are updated for 2.3. Thanks Jen Harvey for your
  work on putting it all together.

2004-12-15 - Snort 2.3.0 RC2 Released

* Small performance improvement to arpspoof and also fixed a problem
  where the list of configured IP/MAC entries would contain only one
  entry and leaked memory (Jeff Nathan).

* Fixed a problem affecting MacOS X where linking may fail with
  non-standard libraries when global symbols are encountered multiple
  times (Jeff Nathan).

* Ignore RST|ACK midstream pickup case so we don't get an evasive TCP
  alerts.  Thanks for the report, Sekure. Thanks Dan Roelker for the fix.

* Moved CheckLogDir() to after parsing snort.conf (for IDS mode) so the
  logdir config will work if the default or command-line logdir does not
  exist on the system. Thanks Dan Roelker.

* Fixed bug when setting the doe_ptr on a successful pcre match.
  It is now set relative to base_ptr. Thanks Steve Sturges for the
  fix.

* Added from_beginning and multiplier options for byte_jump.
  from_beginning skips bytes from the beginning of the content,
  instead of from the location immediately following the number
  of bytes to skip.  multiplier takes a numeric argument, and
  skips x times that number of bytes. Thanks again to Steve Sturges.

* In "fast" output, now log only actual packet contents when UDP
  data length is greater than actual data length. Thanks Brian
  Caswell for spotting this, and Andrew Mullican for working on the fix.

* Please check the ChangeLog for further details.

2004-11-18 - Snort 2.3.0 RC1 Released

* Added IPS functionality from Snort-Inline.  A big thanks to the
  Snort-Inline guys (Jed Haile, Rob McMillen, William Metcalf, and Victor
  Julien).  Also, Thanks Dan Roelker for doing the integrating of
  Snort-Inline into the official Snort project.

* Added new portscan detector.  The design and implementation was headed
  up by Dan Roelker, and included Marc Norton and Jeremy Hewlett.

* Numerous changes for better 64bit Snort support from Jeremy Hewlett and
  Marc Norton.  Additionally, an --enable-64bit-gcc option was added to
  configure.  However, there are still some memory alignment issues to
  work out before 64bit mode is fully functional, patches are welcomed.
  Thanks Chris Baker for doing 64bit testing.

* Added not_established keyword to the flow detection option.  This allows
  snort to do dynamic firewall rulesets.  Experimental for now.

* Added an enforce_state keyword to stream4 so we won't pick up midstream
  sessions.  This works well for asynchronous links and also for
  just monitoring legitimate traffic.

* Relocated ./contrib files to http://www.snort.org/dl/contrib as many
  are not maintained by Sourcefire and are out of date. The rpm and
  schema files have been relocated in their respective 'rpm' and 'schemas'
  directories under the snort parent directory.

* perfmonitor config line can now be configured with "accumulate" or
  "reset."  Thanks Marc Norton for the feature, and Barry Basselgia for
  pointing out the issue.  Thanks Scott Dexter and Andreas Ostling for
  doing some initial testing.

* Fixed 64-bit bug in sfmemcap.c found and tested by Ryan Matteson
  and Clay McClure.  Thanks guys.

* Fixed reference times to match log time for first packet, for an event
  generated by a reassembled packet.  Incremented event ID to give
  unique ID for each packet.  Also made unified logging compatible with
  Windows.  Thanks Andrew Mullican for the fix.

* Fixed linux perfmonitoring stats for the 2.6 kernel.  Thanks to
  everyone that reported this bug.  Thanks Dan Roelker for the fix.

* Get thresholding/suppression to work for alerts that do not
  contain an ip header (primarily decode alerts).  Thanks
  Brian Caswell.

* Fix conditions where snort would log double web alerts that
  contained only content options (no uricontents).  Thanks to kawa for
  finding and reporting this bug.

* Fix suppression/thresholding bug for non-rule alerts.  Thanks to
  Alex Butcher for reporting it to us.

* Many other bug fixes, please check the ChangeLog for details.

Log message:
The default location of the pkgsrc-installed rc.d scripts is now
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.

This is from ideas from Greg Woods and others.

Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).

Log message:
RCD_SCRIPTS_EXAMPLEDIR was just changed to be a relative directory
under ${PREFIX} instead of being an absolute path.

So fix the references using RCD_SCRIPTS_EXAMPLEDIR to be
${PREFIX}/${RCD_SCRIPTS_EXAMPLEDIR}.

This should have no changes to use before.

Please note that the MESSAGE files in most cases are wrong in the
first place. We have automated mechanisms and could have an automated
message for explaining rc.d script usage. (This is something to do!)

Log message:
Do a conditional remove of the share/snort directory so it does not conflict
with the new snort-contib package.

Log message:
- Update snort to 2.2.0
- ok'ed snj@, wiz@
- Install database scripts which goes a part-way to addressing PR 18996

Updated database schema diagram from Chris Reid. Schema can be found in
./doc/snort_schema_v106.pdf
Added --include-pcre* configuration option to help cross compiling. Thanks
Erik de Castro Lopo.
Fixed thresholding/suppression issue with queuing multiple events per packet.
Thanks Andreas Ostling.
When a rebuilt stream causes an alert, log out the original packets instead of
the rebuilt packet. Thanks sekure@gmail.com for the report.
Turned off http_inspect alerts that were causing false positives in the preset
webserver profiles (Thanks Dan Roelker).
Turn off encoding alerts in HTTP parameter field. The parameter field is still
normalized, it just doesn't alert. This helps reduce alerts that are generated
from complex parameter queries (Thanks Dan Roelker).
Fixed memory leak in "fast" output. Thanks for your bug report
sekure@gmail.com.
Clear error code which under Windows was causing a subsequent false failure in
parsing threshold rules. (Thanks to Rich Adamson)

Further details can be found in Changelog and RELEASE.NOTES.

Log message:
Fix references to rc.d scripts. This package uses RCD_SCRIPTS
which installs to ${RCD_SCRIPTS_EXAMPLEDIR}. But the MESSAGE
referred to wrong hard-coded location if the RCD_SCRIPTS_EXAMPLEDIR
was not the default. So use RCD_SCRIPTS_EXAMPLEDIR instead.

PKGREVISION not bumped because if someone had changed
RCD_SCRIPTS_EXAMPLEDIR before recent change of autoregistration
of rc.d script in PLIST, then it could not have been packaged
in first place.

Note that this commit does not imply that the MESSAGE is correct.
In some cases, the MESSAGE is clearly wrong such as suggesting
running the rc.d script from the example directory (which will work
although).

Log message:
mk/bsd.pkg.install.mk now automatically registers
the RCD_SCRIPTS rc.d script(s) to the PLIST.

This GENERATE_PLIST idea is part of Greg A. Woods'
PR #22954.

This helps when the RC_SCRIPTS are installed to
a different ${RCD_SCRIPTS_EXAMPLEDIR}. (Later,
the default RCD_SCRIPTS_EXAMPLEDIR will be changed
to be more clear that they are the examples.)

These patches also remove the etc/rc.d/ scripts from PLISTs
(of packages that use RCD_SCRIPTS). (This also removes
now unused references from openssh* makefiles. Note that
qmail package has not been changed yet.)

I have been doing automatic PLIST registration for RC_SCRIPTS
for over a year. Not all of these packages have been tested,
but many have been tested and used.

Somethings maybe to do:
- a few packages still manually install the rc.d scripts to
  hard-coded etc/rc.d. These need to be fixed.
- maybe  remove from mk/${OPSYS}.pkg.dist mtree specifications too.

Log message:
Update to snort-2.1.2.  From Adrian Portelli in PR pkg/25029.

While here, convert to buildlink3.

Changes:
* Various portability fixes.
* Fixed conversation parsing faults so users can operate this
  preprocessor
* Detect non-rfc standard chunk encodings.  Detect abnormal HTTP
  requests with newlines, spaces, etc. before the request method.
* Fix negative stats output on snort exit or SIGUSR1.
* Removed escaping of '%' and '_' characters in MySQL
* Various documentation fixes/updates.
* Added Flowbits detection functionality.
* Added utility to parse out perfmon stats.
* Tagged Packets no longer have NULL msg name.
* Fixed http_inspect double alerting on pkts and rebuilt streams.
* http_inspect proxy_alert now supports normal proxy networks setups.
  http_inspect default server only valid if specified in config.
* Close Socket when Snort receives SIGHUP.
* Added GID, SID, and Rev to csv output.
* config chroot readded.
* Added additional error checking for custom rules.
* Flow now honors -q (quiet).
* Removed non_rfc_chars from default profiles.
* Added suppression negation.
* Better support for ODBC.  Better memory management. Improved escaping
  of SQL strings.
* Other miscellaneous bugfixes.

Log message:
s/capabilty/capability/; s/seperate/separate/