---
- branch: MAIN
  date: Tue Feb 18 23:00:26 UTC 2020
  files:
  - new: '1.61'
    old: '1.60'
    path: pkgsrc/net/snort/Makefile
    pathrev: pkgsrc/net/snort/Makefile@1.61
    type: modified
  - new: '1.34'
    old: '1.33'
    path: pkgsrc/net/snort/PLIST
    pathrev: pkgsrc/net/snort/PLIST@1.34
    type: modified
  - new: '1.51'
    old: '1.50'
    path: pkgsrc/net/snort/distinfo
    pathrev: pkgsrc/net/snort/distinfo@1.51
    type: modified
  - new: '1.9'
    old: '1.8'
    path: pkgsrc/net/snort/options.mk
    pathrev: pkgsrc/net/snort/options.mk@1.9
    type: modified
  - new: '1.2'
    old: '1.1'
    path: pkgsrc/net/snort/patches/patch-src_target-based_sftarget__reader.c
    pathrev: pkgsrc/net/snort/patches/patch-src_target-based_sftarget__reader.c@1.2
    type: modified
  id: 20200218T230026Z.855303e1f662d5bd09ba9d3dd921320112c42fa9
  log: |
    Update to Snort 2.9.15.1

    2019-12-15 - Snort 2.9.15.1
    New Additions

        Added support for glibc version 2.30.

    Improvements/Fix

        Fixed Snort core seen during SSL re-configuration.
        Fixed file access issues on files from SMB share.

    Snort 2.9.15.0
    New Additions

        Added new debugs to print detection, file_processing and Preproc time
    consumption info and verdict.
        Added support to detect new Korean file formats .egg and .alg in the file
    preprocessor.
        Added support to detect new RAR file-type in the file preprocessor.

    Improvements / Fix

        Fix to generate ALERT if TEID value is zero in GTP v1 and v2 packets.
        Fix to whitelist FTP data sessions when no file policy exists.
        Fix RTF file magic to a more generic value to prevent evasions.
        Added debug logs during HTTP reload.
        Added rule SID check during validation.
        Fix an issue where HTTP was processing non-HTTP traffic on port 443.
        Added new debugs to print detection, file processing, and Prepro time
    consumption info and verdicts.

    Snort 2.9.14.1
    [*] New Additions

     * Added support for wild card port numbers in host cache and overwriting port
    service AppId.

     * Added support for new STLS client patterns to help better detect POP3S over
    SSL.

     * Added support for detecting Mac based SMTP Microsoft Outlook client
    application.

     * Added a new preprocessor alert 120:27 to alert if there is no proper end of
    header.

    [*] Improvements / Fix

     * Improved appId detection for proxied traffic.

     * Fix for enabling flow profiling mode without restarting snort detection
    engine.

     * Fixed packet drop scenario.

    Snort 2.9.13.0
    New Additions

        Snort now supports reload on snort rules update.
        Addition of a scenario to add a packet to blacklist verdict to ensure the
    new session will be allowed.
        Handled a new pre-processor alert in case of the improper end of t HTTP
    header.

    Improvements

        Modified the calculation of file hash for FTP/HTTP with offset values.
        Fixed portal authentication connection stuck in half closed state.
        Updated UDP global timeout for a non-standard port.

    This release also patched the following two vulnerabilities:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-frpwr-smb-snort

    Snort 2.9.12.0
    New Additions

        Parsing HTTP CONNECT to extract the tunnel IP and port information.
        Alerting and dechunking for chunked encoding in HTTP1.0 request and
    response.

    Improvements

        Fixed an issue where, if we have a junk line before HTTP response header,
    the header was wrongly parsed.
        Fixed GZIP evasions where an HTTP response with content-encoding:gzip
    contains a body that has a GZIP-related anomaly.
        Fixed an issue in certain scenarios where a BitTorrent pattern is seen
    only on the third packet of the session, causing us to miss our client
    detection.
        SMB improvements for file detection and processing.

    2017-12-06 - Snort 2.9.11.1
    New Additions

        Added support to block portscan. In addition to tracking the scanning
    packets, action(drop/sdrop/reject) will be taken for all the packets, which
    means Snort will block the packet and generate logs.
        Added support to re-evaluate reputation after reputation update for all
    flows except those that have already been blacklisted.

    Improvements

        Fixed issue to detect RTP up to two SSRC switches in each traffic
    direction.
        Fixed issues related to HTTP POST header flushing, calling file processing
    directly if it is not a multipart header and changes to avoid expensive copy
    of segment data by not splitting them when flushing headers.
        Fixed issue of triggering protocol sweep alert when there are multiple
    destinations from single source ip protocol scan.
        Added changes to fix IP portscan for protocol other than ICMP and fixed
    issue of bad fragment size event not being generated for oversized packets.
        Added changes to use raw data in case of PDF and SWF files during file
    processing for SHA calculation and Malware Cloud Lookup.
        Fixed issue of correct session matching for TCP SYN packets without window
    scale option so that FTP data channels match the same rule as FTP control
    channels.
        Fixed issue of applying new configuration in file inspection after Snort
    reload.

    Snort 2.9.11
    [*] New additions

        Changes to eliminate Snort restart when there are changes to the memory
    allocated for preprocessors, by releasing unused or least recently used memory
    when needed.
        Added support for storing filenames in Unicode for SMB protocol.
        Added implementation of hostPortCache versioning for unknown flows in
    AppID to detect and block BitTorrent.

    [*] Improvements

        Enhanced RTSP metadata parsing to match the user-agent field to detect
    RTSP traffic over Windows Media.
        Performance improvement when SYN rate limit has reached and drop is
    configured as next action
        Control-socket and side-channel support for FreeBSD platform.
        Fixed issue in file signature lookup for retransmitted FTP packet.
        Enhanced the processing of SIP/RTP future flows without ignoring them.
        Changes made in PDF/SWF decompression by adding boundary to the size of
    the decompressed data.
        Added a null check to prevent copy unless debugHostIp is configured in
    AppId.
        Fixed issue where FTP file type block doesn't work for retried download.
        Resolved issue where Snort is inappropriately handling traffic for which
    AppId was creating future flow.
        Performance improvements for SIP/RTP audio and video data flow in AppId.
        Performance and stability improvements in FTP preprocessor like incorrect
    referencing of ftp_data_session after its pruned.
        Stability improvement by resolving valgrind reported issues in AppId.
        Improved flushing mechanism for HTTP POST header.
        Added changes to display AppId for IPv6 unified events.
        Fixed issues with printing of messages for out-of-order packets.
        Fixed issue in increment of detection filter counter when rule is used in
    multiple configurations.
        Fixed dynamic preprocessor compilation failure in OpenBSD platform.
        Added changes to improve performance of ipvar list comparison.
        Enhanced SMTP client detection by allowing line folding and all
    authentication methods.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/net/snort'
  unixtime: '1582066826'
  user: sevan