aboutsummaryrefslogtreecommitdiffstats
path: root/security/snort
diff options
context:
space:
mode:
authorwxs <wxs@FreeBSD.org>2011-02-19 04:06:36 +0800
committerwxs <wxs@FreeBSD.org>2011-02-19 04:06:36 +0800
commitd7cf29a31403b265f3ff2dce23d32e3fe7b6b57b (patch)
tree6082736a0b2975e4d06363dc4346324a589b5d47 /security/snort
parent59b2627b9c15f75637a71cb05d0e803506ad49b3 (diff)
downloadfreebsd-ports-gnome-d7cf29a31403b265f3ff2dce23d32e3fe7b6b57b.tar.gz
freebsd-ports-gnome-d7cf29a31403b265f3ff2dce23d32e3fe7b6b57b.tar.zst
freebsd-ports-gnome-d7cf29a31403b265f3ff2dce23d32e3fe7b6b57b.zip
Apply two patches:
- Fix build when --enable-dynamicplugins is not given to configure. [1] - Fix a segfault in HttpInspect PR: ports/154868 Submitted by: Dean Freeman <wfreeman@sourcefire.com> (maintainer) [1]: Michael Scheidell
Diffstat (limited to 'security/snort')
-rw-r--r--security/snort/Makefile2
-rw-r--r--security/snort/files/patch-DisableDynamic95
-rw-r--r--security/snort/files/patch-HttpInspect27
3 files changed, 123 insertions, 1 deletions
diff --git a/security/snort/Makefile b/security/snort/Makefile
index c59ac80892e0..9f76c882cd13 100644
--- a/security/snort/Makefile
+++ b/security/snort/Makefile
@@ -7,7 +7,7 @@
PORTNAME= snort
PORTVERSION= 2.9.0.4
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= security
MASTER_SITES= SF/snort/snort
diff --git a/security/snort/files/patch-DisableDynamic b/security/snort/files/patch-DisableDynamic
new file mode 100644
index 000000000000..e9a7fbfab369
--- /dev/null
+++ b/security/snort/files/patch-DisableDynamic
@@ -0,0 +1,95 @@
+Index: src/fpcreate.c
+===================================================================
+RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v
+retrieving revision 1.107.2.2
+diff -u -p -r1.107.2.2 fpcreate.c
+--- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2
++++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000
+@@ -70,6 +70,8 @@
+ #include "dynamic-plugins/sp_preprocopt.h"
+ #endif
+
++#include "dynamic-plugins/sf_dynamic_define.h"
++
+
+ /*
+ * Content flag values
+@@ -1810,9 +1812,11 @@ static int fpAddPortGroupRule(PORT_GROUP
+ fpAddAllContents(pg->pgPms[PM_TYPE__CONTENT], otn, id, pmd, fp);
+ #endif
+
++#ifdef DYNAMIC_PLUGIN
+ /* No content added */
+ if (pmd == preproc_opt_pmds)
+ FreePmdList(pmd);
++#endif
+
+ if (fpFinishPortGroupRule(pg, PM_TYPE__MAX, otn, NULL, fp) != 0)
+ return -1;
+Index: src/dynamic-plugins/sf_dynamic_define.h
+===================================================================
+RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v
+retrieving revision 1.15.4.1
+diff -u -p -r1.15.4.1 sf_dynamic_define.h
+--- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1
++++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000
+@@ -96,5 +96,15 @@ typedef enum {
+ #endif
+ #endif
+
++/* Parameters are rule info pointer, int to indicate URI or NORM,
++ * and list pointer */
++#define CONTENT_NORMAL 0x01
++#define CONTENT_HTTP_URI 0x02
++#define CONTENT_HTTP_HEADER 0x04
++#define CONTENT_HTTP_CLIENT_BODY 0x08
++#define CONTENT_HTTP_METHOD 0x10
++#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\
++ CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD)
++
+ #endif /* _SF_DYNAMIC_DEFINE_H_ */
+
+Index: src/dynamic-plugins/sf_dynamic_engine.h
+===================================================================
+RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v
+retrieving revision 1.54.2.1
+diff -u -p -r1.54.2.1 sf_dynamic_engine.h
+--- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1
++++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000
+@@ -77,15 +77,6 @@ typedef struct _FPContentInfo
+
+ } FPContentInfo;
+
+-/* Parameters are rule info pointer, int to indicate URI or NORM,
+- * and list pointer */
+-#define CONTENT_NORMAL 0x01
+-#define CONTENT_HTTP_URI 0x02
+-#define CONTENT_HTTP_HEADER 0x04
+-#define CONTENT_HTTP_CLIENT_BODY 0x08
+-#define CONTENT_HTTP_METHOD 0x10
+-#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\
+- CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD)
+ typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **);
+ typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **);
+ typedef void (*RuleFreeFunc)(void *);
+Index: src/preprocessors/Stream5/snort_stream5_tcp.c
+===================================================================
+RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v
+retrieving revision 1.296.2.5
+diff -u -p -r1.296.2.5 snort_stream5_tcp.c
+--- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5
++++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000
+@@ -816,12 +816,12 @@ void Stream5TcpRegisterRuleOptions(void)
+ RegisterPreprocessorRuleOption("stream_reassemble", &s5TcpStreamReassembleRuleOptionInit,
+ &s5TcpStreamReassembleRuleOptionEval, &s5TcpStreamReassembleRuleOptionCleanup,
+ NULL, NULL, NULL, NULL);
+-#endif
+
+ #ifdef PERF_PROFILING
+ RegisterPreprocessorProfile("stream_size", &streamSizePerfStats, 4, &preprocRuleOptionPerfStats);
+ RegisterPreprocessorProfile("reassemble", &streamReassembleRuleOptionPerfStats, 4, &preprocRuleOptionPerfStats);
+ #endif
++#endif
+
+ }
+
diff --git a/security/snort/files/patch-HttpInspect b/security/snort/files/patch-HttpInspect
new file mode 100644
index 000000000000..c0ab68ebcc9e
--- /dev/null
+++ b/security/snort/files/patch-HttpInspect
@@ -0,0 +1,27 @@
+Index: src/preprocessors/HttpInspect/client/hi_client.c
+===================================================================
+diff -u -p -r1.97.2.2 hi_client.c
+--- src/preprocessors/HttpInspect/client/hi_client.c 27 Jan 2011 00:15:39 -0000 1.97.2.2
++++ src/preprocessors/HttpInspect/client/hi_client.c 17 Feb 2011 18:48:41 -0000
+@@ -1907,6 +1907,8 @@ static INLINE const u_char *hi_client_ex
+ return p;
+ }
+ header_ptr->content_len.len = 0;
++ header_ptr->header.uri = start;
++ header_ptr->header.uri_end = end;
+
+ /* This is to skip past the HTTP/1.0 (or 1.1) version string */
+ if (IsHttpVersion(&p, end))
+Index: src/preprocessors/HttpInspect/server/hi_server.c
+===================================================================ls
+diff -u -p -r1.59.2.3 hi_server.c
+--- src/preprocessors/HttpInspect/server/hi_server.c 27 Jan 2011 00:15:56 -0000 1.59.2.3
++++ src/preprocessors/HttpInspect/server/hi_server.c 17 Feb 2011 18:48:41 -0000
+@@ -601,6 +601,7 @@ static INLINE const u_char *hi_server_ex
+ offset = (u_char*)p;
+
+ header_ptr->header.uri = p;
++ header_ptr->header.uri_end = end;
+ header_ptr->content_encoding.compress_fmt = 0;
+ header_ptr->content_len.len = 0;
+