diff options
author | wxs <wxs@FreeBSD.org> | 2011-02-19 04:06:36 +0800 |
---|---|---|
committer | wxs <wxs@FreeBSD.org> | 2011-02-19 04:06:36 +0800 |
commit | d7cf29a31403b265f3ff2dce23d32e3fe7b6b57b (patch) | |
tree | 6082736a0b2975e4d06363dc4346324a589b5d47 /security/snort | |
parent | 59b2627b9c15f75637a71cb05d0e803506ad49b3 (diff) | |
download | freebsd-ports-graphics-d7cf29a31403b265f3ff2dce23d32e3fe7b6b57b.tar.gz freebsd-ports-graphics-d7cf29a31403b265f3ff2dce23d32e3fe7b6b57b.tar.zst freebsd-ports-graphics-d7cf29a31403b265f3ff2dce23d32e3fe7b6b57b.zip |
Apply two patches:
- Fix build when --enable-dynamicplugins is not given to configure. [1]
- Fix a segfault in HttpInspect
PR: ports/154868
Submitted by: Dean Freeman <wfreeman@sourcefire.com> (maintainer)
[1]: Michael Scheidell
Diffstat (limited to 'security/snort')
-rw-r--r-- | security/snort/Makefile | 2 | ||||
-rw-r--r-- | security/snort/files/patch-DisableDynamic | 95 | ||||
-rw-r--r-- | security/snort/files/patch-HttpInspect | 27 |
3 files changed, 123 insertions, 1 deletions
diff --git a/security/snort/Makefile b/security/snort/Makefile index c59ac80892e..9f76c882cd1 100644 --- a/security/snort/Makefile +++ b/security/snort/Makefile @@ -7,7 +7,7 @@ PORTNAME= snort PORTVERSION= 2.9.0.4 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= SF/snort/snort diff --git a/security/snort/files/patch-DisableDynamic b/security/snort/files/patch-DisableDynamic new file mode 100644 index 00000000000..e9a7fbfab36 --- /dev/null +++ b/security/snort/files/patch-DisableDynamic @@ -0,0 +1,95 @@ +Index: src/fpcreate.c +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v +retrieving revision 1.107.2.2 +diff -u -p -r1.107.2.2 fpcreate.c +--- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2 ++++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000 +@@ -70,6 +70,8 @@ + #include "dynamic-plugins/sp_preprocopt.h" + #endif + ++#include "dynamic-plugins/sf_dynamic_define.h" ++ + + /* + * Content flag values +@@ -1810,9 +1812,11 @@ static int fpAddPortGroupRule(PORT_GROUP + fpAddAllContents(pg->pgPms[PM_TYPE__CONTENT], otn, id, pmd, fp); + #endif + ++#ifdef DYNAMIC_PLUGIN + /* No content added */ + if (pmd == preproc_opt_pmds) + FreePmdList(pmd); ++#endif + + if (fpFinishPortGroupRule(pg, PM_TYPE__MAX, otn, NULL, fp) != 0) + return -1; +Index: src/dynamic-plugins/sf_dynamic_define.h +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v +retrieving revision 1.15.4.1 +diff -u -p -r1.15.4.1 sf_dynamic_define.h +--- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1 ++++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000 +@@ -96,5 +96,15 @@ typedef enum { + #endif + #endif + ++/* Parameters are rule info pointer, int to indicate URI or NORM, ++ * and list pointer */ ++#define CONTENT_NORMAL 0x01 ++#define CONTENT_HTTP_URI 0x02 ++#define CONTENT_HTTP_HEADER 0x04 ++#define CONTENT_HTTP_CLIENT_BODY 0x08 ++#define CONTENT_HTTP_METHOD 0x10 ++#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ ++ CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) ++ + #endif /* _SF_DYNAMIC_DEFINE_H_ */ + +Index: src/dynamic-plugins/sf_dynamic_engine.h +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v +retrieving revision 1.54.2.1 +diff -u -p -r1.54.2.1 sf_dynamic_engine.h +--- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1 ++++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000 +@@ -77,15 +77,6 @@ typedef struct _FPContentInfo + + } FPContentInfo; + +-/* Parameters are rule info pointer, int to indicate URI or NORM, +- * and list pointer */ +-#define CONTENT_NORMAL 0x01 +-#define CONTENT_HTTP_URI 0x02 +-#define CONTENT_HTTP_HEADER 0x04 +-#define CONTENT_HTTP_CLIENT_BODY 0x08 +-#define CONTENT_HTTP_METHOD 0x10 +-#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\ +- CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD) + typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **); + typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **); + typedef void (*RuleFreeFunc)(void *); +Index: src/preprocessors/Stream5/snort_stream5_tcp.c +=================================================================== +RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v +retrieving revision 1.296.2.5 +diff -u -p -r1.296.2.5 snort_stream5_tcp.c +--- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5 ++++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000 +@@ -816,12 +816,12 @@ void Stream5TcpRegisterRuleOptions(void) + RegisterPreprocessorRuleOption("stream_reassemble", &s5TcpStreamReassembleRuleOptionInit, + &s5TcpStreamReassembleRuleOptionEval, &s5TcpStreamReassembleRuleOptionCleanup, + NULL, NULL, NULL, NULL); +-#endif + + #ifdef PERF_PROFILING + RegisterPreprocessorProfile("stream_size", &streamSizePerfStats, 4, &preprocRuleOptionPerfStats); + RegisterPreprocessorProfile("reassemble", &streamReassembleRuleOptionPerfStats, 4, &preprocRuleOptionPerfStats); + #endif ++#endif + + } + diff --git a/security/snort/files/patch-HttpInspect b/security/snort/files/patch-HttpInspect new file mode 100644 index 00000000000..c0ab68ebcc9 --- /dev/null +++ b/security/snort/files/patch-HttpInspect @@ -0,0 +1,27 @@ +Index: src/preprocessors/HttpInspect/client/hi_client.c +=================================================================== +diff -u -p -r1.97.2.2 hi_client.c +--- src/preprocessors/HttpInspect/client/hi_client.c 27 Jan 2011 00:15:39 -0000 1.97.2.2 ++++ src/preprocessors/HttpInspect/client/hi_client.c 17 Feb 2011 18:48:41 -0000 +@@ -1907,6 +1907,8 @@ static INLINE const u_char *hi_client_ex + return p; + } + header_ptr->content_len.len = 0; ++ header_ptr->header.uri = start; ++ header_ptr->header.uri_end = end; + + /* This is to skip past the HTTP/1.0 (or 1.1) version string */ + if (IsHttpVersion(&p, end)) +Index: src/preprocessors/HttpInspect/server/hi_server.c +===================================================================ls +diff -u -p -r1.59.2.3 hi_server.c +--- src/preprocessors/HttpInspect/server/hi_server.c 27 Jan 2011 00:15:56 -0000 1.59.2.3 ++++ src/preprocessors/HttpInspect/server/hi_server.c 17 Feb 2011 18:48:41 -0000 +@@ -601,6 +601,7 @@ static INLINE const u_char *hi_server_ex + offset = (u_char*)p; + + header_ptr->header.uri = p; ++ header_ptr->header.uri_end = end; + header_ptr->content_encoding.compress_fmt = 0; + header_ptr->content_len.len = 0; + |