SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for snort-2.9.9.0-1.fc21.i686.rpm :
Wed Dec 14 13:00:00 2016 Lawrence R. Rogers 2.9.9.0-1
- Release 2.9.9.0-1

New additions

* New rule option for byte_math. See the Snort manual for details.

* Added bitmask and from_end operations to byte_test. See the Snort manual for details.

* Added a Buffer Dump utility to trace all of the buffers used by snort during inspection.
Enable this by --enable-buffer-dump option to configure prior to building. See the Snort manual for details.

* Added new HTTP preprocessor alerts to detect multiple content encoding and multiple content length.

* Added support for SMTP Traffic detection over SSL (SMTPS).
Improvements

* Fixed an issue which reduces extra service discovery to improve performance.

* Fixed multiple issues in AppID.
- Reconstructed the call to port-service detection.
- Fixed issue where AppId for Facebook over SPDY/HTTP 1.1 was incorrect.
- Preventing third-party application identification for expected connections.

* Stability improvement for Stream preprocessor.
- Addressed incorrect flushing of packets whose size is greater than MAXIMUM_PAF_MAX.
- Fixed an issue where incorrect length argument in memcpy caused out of bound memory access.

* Fixed multiple issues in HttpInspect preprocessor.
- Handling chunk encoding followed by \\r\\r\\r\
and \
\
\
\\r\\r\
.
- Fixed an issue with LZMA flash decompression.

* Fixed mime data processing issue in SMTP stateless inspection.

* Added support to decode packets that contains VLAN with Secure Group Tag (SGT).

* Fixed Issue related to DLL-Load in Snort on windows platforms for CVE-2016-1417.

Tue Apr 26 14:00:00 2016 Lawrence R. Rogers 2.9.8.3-1
- Release 2.9.8.3-1

2016-04-26 Rahul Burman
Snort 2.9.8.3

* src/build.h: updating build number to 383

* configure.in, src/preprocessors/HttpInspect/server/hi_server.c:
Modified Http header parsing of multiline content-encoding header.

* src/preprocessors/: snort_httpinspect.c,
HttpInspect/server/hi_server.c:
Fixed an issue where file position pointer was incorrectly set for HTTP response
containing chunked and gzip data.

* src/preprocessors/Stream6/: snort_stream_tcp.c
Added sanity check to TCP trimming in out-of-order FIN case.

* src/parser.c:
Disabled port groups that are not useful unless adapative profiling is enabled.

* src/: dynamic-preprocessors/sdf/spp_sdf.c, obfuscation.c:
Fixed an issue of incorrect masking of sensitive data.

2016-03-18 Gaurav Nagare
Snort 2.9.8.2

* src/build.h: updating build number to 335

* src/dynamic-plugins/: sf_engine/examples/detection_lib_meta.h,
sf_dynamic_meta.h:
Updated detection API version to 2.6 to use the latest snort SO rules.

* src/: dynamic-preprocessors/sdf/spp_sdf.c,
preprocessors/Stream6/snort_stream_tcp.c, obfuscation.c:
Fixed several issues with SDF and obfuscation.

* src/: profiler.h, preprocessors/perf_indicators.c,
preprocessors/perf_indicators.h:
Resolved snort build issue with \"--disable-perfprofiling\" configure
option.

* src/: decode.c, decode.h:
Added Double VLAN tagging support.

* src/file-process/file_mime_process.c:
Enhanced mime parsing by adding support for detecting files
after unknown headers and no headers.

* src/preprocessors/HttpInspect/server/hi_server.c:
Fixed memory leak.

* src/preprocessors/HttpInspect/utils/hi_paf.c:
Fixed issue with gzip decompression. If the server response specifies
Content-Encoding as GZIP, but no Content-Length field for HTTP version 1.0.

* doc/snort_manual.pdf, src/preprocessors/snort_httpinspect.c,
src/preprocessors/spp_httpinspect.c:
Fixed Snort memory leak in parsing HTTP xff options.

* src/preprocessors/spp_httpinspect.c:
Fixed Coverity issues.

* src/preprocessors/: snort_httpinspect.c, snort_httpinspect.h,
HttpInspect/include/hi_paf.h, HttpInspect/server/hi_server.c,
HttpInspect/utils/hi_paf.c:
Improved End of Header(EOH) identification for response header spanning multiple
reassembled packets.

* src/preprocessors/: HttpInspect/utils/hi_paf.c,
Stream6/snort_stream_tcp.c, Stream6/stream_paf.c:
Improved packet reassembly for HTTP, added code to purge segment correctly when
PAF decides to ignore packet upon reaching paf_max.

* src/fpdetect.c:
Fixed to use outer header callback functions when checking IP rule against outer IPs
and inner header callback when checking against inner IPs.

* src/preprocessors/spp_httpinspect.c:
Fixed an issue where http_inspect current and default config had
different file depth.

* src/dynamic-preprocessors/appid/detector_plugins/detector_dns.c:
Handled malformed DNS host in AppId.

* src/file-process/: file_api.h, file_segment_process.c, file_service.c:
Prevented access to file contexts which are pruned when memcap is
reached.

* src/dynamic-preprocessors/appid/: app_forecast.c, app_forecast.h,
flow.h, fw_appid.c, spp_appid.c, thirdparty_appid_types.h:
Performance improvements to AppID.

* src/dynamic-preprocessors/appid/luaDetectorApi.c:
Created a future-flow API for lua detector.
Exposed DNS API to lua detector.

* src/dynamic-preprocessors/ftptelnet/pp_ftp.c:
Fixed an issue where unexpected SSL negotiation starts for FTP
with explicit SSL.

* src/preprocessors/HttpInspect/utils/hi_paf.c:
Updated HTTP PAF to accept all tokens between method and version
string in request URI.

* src/preprocessors/HttpInspect/files/file_decomp_SWF.c:
Fixed Flash LZMA decompression issue.

* src/preprocessors/spp_httpinspect.c:
Fixed file_depth intialization issue during Snort reload.

Tue Nov 17 13:00:00 2015 Lawrence R. Rogers 2.9.8.0-1
- Release 2.9.8.0-1
[
*] New additions

* SMBv2/SMBv3 support for file inspection.

* Port override for metadata service in IPS rules.

* AppID Lua detector performance profiling.

* Perfmon dumps stats at fixed intervals from absolute time.

* New preprocessor alert (120:18) to detect SSH tunneling over HTTP

* New config option |disable_replace| to disable replace rule option.

* New Stream configuration |log_asymmetric_traffic| to control logging to syslog.

* New shell script in tools to create simple Lua detectors for AppID.
[
*] Improvements

* sfip_t refactored to use struct in6_addr for all ip addresses.

* Post-detection callback for preprocessors.

* AppID support for multiple server/client detectors evaluating on same flow.

* AppID API for DNS packets.

* Memory optimizations throughout.

* Support sending UDP active responses.

* Fix perfmon tracking of pruned packets.

* Stability improvements for AppID.

* Stability improvements for Stream6 preprocessor.

* Added improved support to block malware in FTP preprocessor.

* Added support to differentiate between active and passive FTP connections.

* Improvements done in Stream6 preprocessor to avoid having duplicate packets
in the DAQ retry queue.

* Resolved an issue where reputation config incorrectly displayed \'blacklist\' in
priority field even though \'whitelist\' option was configured.

* Added support for multiple expected sessions created per packet

* Active response now supports MPLS

Thu Aug 13 14:00:00 2015 Lawrence R. Rogers 2.9.7.6-1
- Release 2.9.7.6-1

* src/build.h:
updating build number to 285


* src/dynamic-preprocessors/reputation/reputation_config.c:
Fixed unexpected behaviour in reputation config where blacklist is displayed
in priority field even though whitelist option is set [reported by Mike Cox].


* src/preprocessors/Stream6/snort_stream_tcp.c:
Fixed issue where XFF/ExtraData is not always logged when \'drop\' rules trigger [reported by Mike Cox].
Fixed issue in TCP session deletion when being called from Stream5 HA.


* src/: active.h, file-process/file_service.c:
ACTIVE_DROP is changed to ACTIVE_FORCE_DROP when file_verdict is pending.


* src/dynamic-preprocessors/appid/fw_appid.c:
Fixed issue where openappid does not provide the Content-Type field for use with CHPAddAction.


* doc/snort_manual.tex:
Corrected errors in snort_manual.tex [reported by Gabriel Corre].


* preproc_rules/preprocessor.rules
src/preprocessors/: session_api.h, snort_httpinspect.c,
HttpInspect/event_output/hi_eo_log.c, HttpInspect/include/hi_eo_events.h
Stream6/snort_stream_tcp.c:
Enhancement done to detect \'SSH tunneling over HTTP\'.


* src/sfutil/sfportobject.c:
Fixed Memory leaks [reported by Bill Parker].


* doc/snort_manual.tex:
Corrected the information about unified2 record structure [reported by Avery Rozar].


* etc/snort.conf, src/preprocessors/snort_httpinspect.c,
src/preprocessors/snort_httpinspect.h,
src/preprocessors/HttpInspect/client/hi_client.c,
src/preprocessors/HttpInspect/server/hi_server.c,
src/preprocessors/Stream6/stream_paf.c:
Fixed issue where original client IP in intrusion event is incorrectly
populated with XFF of the last GET request.


* src/preprocessors/: snort_httpinspect.c, snort_httpinspect.h,
HttpInspect/server/hi_server.c,
snort_httpinspect.c, snort_httpinspect.h,
HttpInspect/server/hi_server.c:
Http unlimited decompression will now decompress the entire stream.


* src/decode.c:
Added a check so that min_ttl decoder do not drop packet in alert mode.


* etc/snort.conf, src/preprocessors/snort_httpinspect.c,
src/preprocessors/snort_httpinspect.h,
src/preprocessors/HttpInspect/client/hi_client.c,
src/preprocessors/HttpInspect/server/hi_server.c
Fixed issue where original client IP in intrusion event is incorrectly populated with XFF of the last GET request.

Wed Jul 1 14:00:00 2015 Lawrence R. Rogers 2.9.7.5-1
- Release 2.9.7.5-1

* src/build.h:
updating build number to 262


* src/preprocessors/Stream6/snort_stream_tcp.c:
Improved handling of asymmetric traffic


* src/active.c:
Active responses no longer set the FIN flag on the last segment
transmitted


* src/dynamic-preprocessors/appid/luaDetectorApi.c:
Added sanity checks to client api


* doc/snort_manual.pdf,
src/: dynamic-preprocessors/dcerpc2/dce2_paf.c,
dynamic-preprocessors/dnp3/dnp3_paf.c,
dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
dynamic-preprocessors/imap/imap_paf.c,
dynamic-preprocessors/pop/pop_paf.c,
dynamic-preprocessors/sip/sip_paf.c,
dynamic-preprocessors/smtp/smtp_paf.c,
preprocessors/session_api.h, preprocessors/spp_stream6.c,
preprocessors/stream_api.h,
preprocessors/HttpInspect/utils/hi_paf.c,
preprocessors/Session/session_common.h,
preprocessors/Stream6/snort_stream_tcp.c,
preprocessors/Stream6/snort_stream_tcp.h,
preprocessors/Stream6/stream_paf.c,
preprocessors/Stream6/stream_paf.h:
Multiple PAF clients can Read/Write to the same user data


* src/: file-process/file_api.h, file-process/file_mail_common.h,
file-process/file_mime_process.c,
sfutil/sf_email_attach_decode.c, sfutil/sf_email_attach_decode.h:
Fixed filename parsing from Mime body for UUencoded MIME


* src/preprocessors/perf-base.c,
src/preprocessors/Stream6/snort_stream_tcp.c:
Prunes triggered by timeouts are now accounted by perfmonitor.


* src/preprocessors/spp_session.c:
Log warning instead of Fatal Error
if a stream5_global config is in a non-default policy


* src/detection-plugins/sp_base64_decode.c:
Removed unused checks


* src/snort.c:
Improved reliability of configuration reloads


* src/preprocessors/snort_httpinspect.c:
Fixed issue in http
file processing where SHAs may not always be correct.


* doc/snort_manual.pdf,
src/sfutil/sf_email_attach_decode.c:
Fixed handling new line chars in QP encoding



* src/preprocessors/snort_httpinspect.c:
Fixed inconsistent behavior when configuring \"max_gzip_mem -1\"

Wed Apr 22 14:00:00 2015 Lawrence R. Rogers 2.9.7.3-1
- Release 2.9.7.3-1

* src/build.h:
updating build number to 217


* src/: decode.h, detection-plugins/sp_clientserver.c,
dynamic-plugins/sf_engine/sf_snort_packet.h,
dynamic-plugins/sf_engine/sf_snort_plugin_api.c,
dynamic-preprocessors/dcerpc2/dce2_session.h,
dynamic-preprocessors/sdf/spp_sdf.c,
preprocessors/HttpInspect/server/hi_server.c,
preprocessors/Stream6/snort_stream_tcp.c,
preprocessors/snort_httpinspect.c, preprocessors/spp_normalize.c:
Added mode safety checks to normalization.
Fixed an issue in PAF where the start of the PDU after flushing was not
being set correctly in some case.
Improved Stream reassembly of HTTPS sessions


* src/dynamic-preprocessors/ftptelnet/snort_ftptelnet.c:
Stability improvements for ftp_telnet preprocessor


* doc/snort_manual.pdf, doc/snort_manual.tex,
src/detection-plugins/sp_base64_decode.c,
src/detection-plugins/sp_base64_decode.h,
src/detection-plugins/sp_file_data.c:
Improved performance for file preprocessor
Documentation changes


* src/dynamic-preprocessors/appid/: service_plugins/service_base.c,
service_state.c:
Various OpenAppId improvements


* configure.in:
Fixed issue with configure script handling of -Werror compiler flags


* src/decode.c:
Improved decoding of IPv6 extensions


* src/detection-plugins/detection_options.c:
Fixed an issue where the protected_content rule option was not
backtracking correctly in some cases


* src/snort.c:
Fixed snort handling of PID files


* tools/: u2openappid/u2openappid.c, u2spewfoo/u2spewfoo.c:
Fixed usage info.


* src/dynamic-preprocessors/sip/: Makefile.am, sf_sip.dsp, sip_dialog.c,
sip_parser.c, spp_sip.c:
Added PAF support for TCP traffic


* src/: log_text.c, log_text.h, output-plugins/spo_alert_fast.c,
output-plugins/spo_alert_full.c:
Extended support for OpenAppId logging to cmg and console output loggers


* src/dynamic-preprocessors/appid/service_plugins/service_ssl.c:
Improved SSLv3 handling for OpenAppId

Mon Mar 23 13:00:00 2015 Lawrence R. Rogers 2.9.7.2-2
- Release 2.9.7.2-2
Added the following tools to /usr/bin
u2openappid
u2streamer
snort_dump_packets_control

Wed Dec 24 13:00:00 2014 Lawrence R. Rogers 2.9.7.2-1
- Release 2.9.7.2-1
Snort 2.9.7.2

* src/build.h:
updating build number to 177


* src/preprocessors/Stream6/snort_stream_tcp.c:
Documentation: Fixed issue in which TCP trim normalization would occur when it was not necessary.


* src/decode.c, src/encode.c:
Added support for Cisco FabricPath decoding/encoding.
Ensure flow_id is copied into the DAQ_PktHdr_t.


* src/snort.h, src/sfutil/sfrt.c, src/sfutil/sfrt.h
src/target-based/sftarget_reader.c:
Moved ntohl conversion inside of the sfrt api for both IPv4 and IPv6.


* src/target-based/sftarget_protocol_reference.c
Lookup application protocol id only after the session is established.
Assign application protocol id to the session when using host attribute table.


* src/util.c:
Changes for suppressing configuration logging.


* src/file-process/file_service.c:
Assign the file config to a file context prior to checking if HTTP continuation.

Fri Oct 10 14:00:00 2014 Lawrence R. Rogers 2.9.7.0-1
- Release 2.9.7.0-1
See https://github.com/jasonish/snort/blob/master/ChangeLog for the list of changes.

Wed Jul 9 14:00:00 2014 Lawrence R. Rogers 2.9.6.2-1
- Release 2.9.6.2-1

* src/build.h:
updating build number to 77


* src/: encode.c, encode.h :
Fixed handling of ICMPv6 traffic.


* src/preprocessors/Stream5/snort_stream5_tcp.c :
Fixed inline stream reassembly during file processing.


* src/preprocessors/spp_perfmonitor.c :
Fixed race condition in performance monitor.


* src/preprocessors/:
snort_httpinspect.c,
HttpInspect/client/hi_client.c,
HttpInspect/include/hi_client.h,
HttpInspect/include/hi_ui_config.h,
HttpInspect/user_interface/hi_ui_config.c :
Added the ability to specify additional custom \'x-forwarder-for\'
http field names. A new http inspection configuration element is used to
specify a set of field names and their respective precedence order.


* src/preprocessors/Stream5/snort_stream5_session.c :
Add cache flow timeout for ip.

Thu Jul 3 14:00:00 2014 Dilbagh Chahal 2.9.7
- added --with openappid command line option

Wed Apr 23 14:00:00 2014 Lawrence R. Rogers 2.9.6.1-1
- Release 2.9.6.1-1
See http://www.snort.org/downloads/2895 for a list of changes.

Mon Dec 30 13:00:00 2013 Lawrence R. Rogers 2.9.6.0-1
- Release 2.9.6.0-1
See http://www.snort.org/downloads/2771 for a list of changes.

Tue Sep 3 14:00:00 2013 Lawrence R. Rogers 2.9.5.5-1
- Release 2.9.5.5-1
See http://www.snort.org/downloads/2539 for a list of changes.

Wed Jul 3 14:00:00 2013 Lawrence R. Rogers 2.9.5.3-1
- Release 2.9.5.3-1
See http://www.snort.org/downloads/2469 for a list of changes.

Thu Apr 18 14:00:00 2013 Lawrence R. Rogers 2.9.4.6-1
- Release 2.9.4.6-1

* src/build.h:
updating build number to 73


* doc/README.counts, doc/snort_manual.pdf, doc/snort_manual.tex, src/decode.c, src/parser.c, src/snort.h:
Added config tunnel_verdicts and tunnel bypass for whitelist and blacklist verdicts for 6in4 or 4in6 encapsulated traffic.


* src/preprocessors/spp_frag3.c:
Don\'t update IP options length and count in frag3 after allocating option buffer when receiving duplicate 0 offset fragments with IP options.

Wed Apr 3 14:00:00 2013 Lawrence R. Rogers 2.9.4.5-1
- Release 2.9.4.5-1

* src/build.h:
updating build number to 71


* src/preprocessors/Stream5/snort_stream5_tcp.c:
prevent pruning when dup\'ing a seglist node to avoid broken flushed packets


* src/detection-plugins/detection_options.c:
recursively search patterns within the HTTP uri buffers until the buffer ends.


* src/preprocessors/HttpInspect/: client/hi_client.c,
client/hi_client_norm.c, include/hi_client.h:
Remove proxy information from the normalized URI buffer. Thanks to L0rd Ch0de1m0rt for reporting the issue.


* src/: control/sfcontrol.c, preprocessors/Stream5/snort_stream5_tcp.c:
fix logging of unified2 packet data when alerting on a packet containing multiple HTTP PDUs

Tue Feb 19 13:00:00 2013 Lawrence R. Rogers 2.9.4.1
- See http://www.snort.org/downloads/2209 for a list of changes.

Wed May 9 14:00:00 2012 Todd Wease 2.9.3
- Removed --enable-decoder-preprocessor-rules since this is now the default
- behavior and not configurable.

Fri Apr 27 14:00:00 2012 Russ Combs 2.9.3
- Removed schemas related foo.

Fri Mar 30 14:00:00 2012 Steve Sturges 2.9.3
- Removed --with flexresp, --with inline, database output specific builds.

Wed Apr 2 14:00:00 2008 Steve Sturges 2.8.3
- Added --enable-targetbased --enable-decoder-preprocessor-rules by default.

Wed Apr 2 14:00:00 2008 Steve Sturges 2.8.1
- Added ssl

Fri Aug 3 14:00:00 2007 Russ Combs 2.8.0
- Removed README.build_rpms from description
- Removed 2nd \"doc/\" component from doc install path
- Changed doc file attributes to mode 0644
- Moved schemas from doc to data dir
- Added installation of schemas/create_
*
- Removed redundant \'/\'s from mkdir path specs
- Eliminated find warning by moving -maxdepth ahead of -type
- Fixed \"warning: File listed twice: ...\" for libsf so files

Wed Feb 28 13:00:00 2007 Steve Sturges 2.7.0
- Removed smp flags to make command

Wed Jan 17 13:00:00 2007 Steve Sturges 2.7.0
- Updated version to 2.7.0

Tue Nov 7 13:00:00 2006 Steve Sturges 2.6.0
- Updated version to 2.6.1

Thu Aug 31 14:00:00 2006 Steve Sturges 2.6.0
- Added dynamic DNS preprocessor

Wed May 24 14:00:00 2006 Steve Sturges 2.6.0
- Updated to version 2.6.0

Fri Apr 14 14:00:00 2006 Justin Heath 2.6.0RC1
- Added conf fix for dynamic engine paths
- Added conf fix for dynamic preprocessors paths
- Added dynamic attributes in file list
- Added epoch to Requires for postgres, oracle and unixodbc
- Removed rule/signature references as these are not distributed with this tarball

Thu Apr 13 14:00:00 2006 Steve Sturges 2.6.0RC1
- Updated to 2.6.0RC1
- Added targets for dynamic engine
- Added targets for dynamic preprocessors

Sun Dec 11 13:00:00 2005 Vlatko Kosturjak 2.6.0RC1
- Added unixODBC support

Sun Oct 16 14:00:00 2005 Marc Norton 2.4.3
- Fixed buffer overflow in bo preprocessor
- Added alert for potential buffer overflow attack against snort
- Added noalert and drop options for all bo preprocessor events

Fri Jul 22 14:00:00 2005 Martin Roesch 2.4.0
- Modified to reflect rules not being distributed with Snort distros

Tue May 3 14:00:00 2005 Daniel Wittenberg 2.4.0RC1
- Removed more Fedora-specific options
- Renamed spec from snort.org.spec to snort.spec
- Removed CHANGES.rpms file since we have a changelog here no sense
- in maintaining two of them
- Replaced a ton of program names with macros to make more portable
- Removed all references to rpmsAATTsnort.org since it just gets used
- for spam so the address is being nuked
- Updates to inline support for 2.4.0 Release and fedora changes
- Replaced initDir with system-provided _initdir macro for more portability
- Added Epoch back in so that way upgrades will work correctly. It will be
- removed at some point breaking upgrades for that version

Tue Mar 29 14:00:00 2005 Jeremy Hewlett
- Added Inline capability to RPMs. Thanks Matt Brannigan
- for helping with the RPM foo.

Fri Mar 25 13:00:00 2005 Jeremy Hewlett
- Add schemas to rpm distro
- Add sharedscripts to logrotate
- Remove installing unnecessary contrib remnants

Sun Mar 13 13:00:00 2005 Daniel Wittenberg
- Updates to conform to new Fedora Packageing guidelines

Wed Dec 1 13:00:00 2004 Jeff Ball
- Added initDir and noShell for more building compatibility.

Wed Nov 17 13:00:00 2004 Brian Caswell 2.3.0RC1
- handle the moving of RPM and the axing of contrib

Thu Jun 3 14:00:00 2004 JP Vossen
- Bugfix for \'snortd condrestart\' redirect to /dev/null in %postun

Wed May 12 14:00:00 2004 JP Vossen
- Added code for cAos autobuilder
- Added buildrequires and requires for libpcap

Thu May 6 14:00:00 2004 Daniel Wittenberg
- Added JP\'s stats option to the standard rc script

Sat Mar 6 13:00:00 2004 JP Vossen
- Added gen-msg.map and sid-msg.map to /etc/snort

Sat Feb 7 13:00:00 2004 Daniel Wittenberg
- Applied postun/snortd patches from Nick Urbanik
Mon Dec 22 13:00:00 2003 Daniel Wittenberg
- Added threshold.conf, unicode.map and generators to /etc/snort thanks
- to notes from Nick Urbanik

Sat Dec 20 13:00:00 2003 Daniel Wittenberg 2.1.0-2
- Added condrestart option to rc script from patch by
- Nick Urbanik
- Fixed condrestart bug for installs
- Fixed gzip bug that happens on some builds

Wed Dec 10 13:00:00 2003 JP Vossen
- Removed flexresp from plain rpm package description
- Added a line about pcre to the package description
- Trivial tweaks to package description

Sat Nov 29 13:00:00 2003 Daniel Wittenberg 2.1.0-1
- Applied some updates from rh0212msAATTarcor.de
- Applied some updates from Torsten Schuetze
- Applied some updates from Nick Urbanik
- Fixed ALERTMODE rc script error reported by DFarinoAATTStamps.com
- Fixed CONF rc script error reported by ??
- Gzip signature files to save some space
- Added BuildRequires pcre-devel and Requires pcre
- Re-did %post sections so the links are added and removed
- correctly when you add/remove various packages

Fri Nov 7 13:00:00 2003 Daniel WIttenberg
- Updated snort.logrotate

Thu Nov 6 13:00:00 2003 Daniel Wittenberg 2.0.4
- Minor updates for 2.0.4

Tue Nov 4 13:00:00 2003 Daniel Wittenberg 2.0.3
- Updated for 2.0.3
- Removed 2.0.2 patch
- Remove flexresp2 as it caused too many build problems and doesn\'t work
- cleanly with 2.0.3 anyway
- Minor documentation updated for 2.0.3

Mon Oct 20 14:00:00 2003 Daniel Wittenberg 2.0.2-6
- New release version
- Changed /etc/rc.d/init.d to /etc/init.d for more compatibility

Fri Oct 17 14:00:00 2003 Daniel Wittenberg
- Changed as many hard-coded references to programs and paths to use
- standard defined macros

Fri Oct 10 14:00:00 2003 Daniel Wittenberg
- Include SnortRulesDir in %files section
- Added classification.config and reference.config in %files section
- Minor cleanup of the for_fedora macro

Sat Oct 4 14:00:00 2003 Dainel Wittenberg
- Nuked post-install message as it caused too many problems
- Changed default ruledir to /etc/snort/rules
- Fixed problem with non-snort-plain symlinks getting created

Fri Oct 3 14:00:00 2003 Dainel Wittenberg
- Somehow the snort.logrotate cvs file got copied into the build tree
- and the wrong file got pushed out
- snort.logrotate wasn\'t included in the %files section, so added
- it as a config(noreplace) file

Thu Oct 2 14:00:00 2003 Dainel Wittenberg 2.0.2-5
- Added --with fedora for building Fedora RPM\'s
- Removed references to old snort config patch
- Added noreplace option to /etc/rc.d/init.d/snortd just in case
- Gzip the man page to save (a small tiny) amount of space and make it
- more \"standard\"
- Added version number to changelog entries to denote when packages were
- released

Wed Oct 1 14:00:00 2003 Dainel Wittenberg
- Fixed permission problem with /etc/snort being 644
- Added noreplace option to /etc/sysconfig/snort

Fri Sep 26 14:00:00 2003 Daniel Wittenberg
- Fixed incorrect Version string in cvs version of the spec
- Added snort logrotate file
- Removed |more from output as it confuses some package managers

Tue Sep 23 14:00:00 2003 Daniel Wittenberg 2.0.2-4
- Released 2.0.2-3 and then 2.0.2-4

Sat Sep 20 14:00:00 2003 Daniel Wittenberg
- Added --with flexresp2 build option

Fri Sep 19 14:00:00 2003 Daniel Wittenberg 2.0.2-2
- Gave into JP and changed version back to stable :)

Fri Sep 19 14:00:00 2003 Daniel Wittenberg
- Fixed problems in snortd with \"ALL\" interfaces working correctly
- Removed history from individual files as they will get too big
- and unreadable quickly

Thu Sep 18 14:00:00 2003 Daniel Wittenberg 2.0.2-1
- Updated for 2.0.2 and release 2.0.2-1

Tue Aug 26 14:00:00 2003 JP Vossen
- Added code to run autojunk.sh for CVS tarball builds

Mon Aug 25 14:00:00 2003 JP Vossen
- Added missing comments to changelog

Wed Aug 20 14:00:00 2003 Daniel Wittenberg
- Moved snortd and snortd.sysconfig to contrib/rpm
- Changed contrib install to a cp -a so the build stops complaining

Mon Aug 11 14:00:00 2003 JP Vossen
- Removed the commented patch clutter and a TO DO note
- Fussed with white space

Sun Aug 10 14:00:00 2003 Daniel Wittenberg
- Fixed a couple minor install complaints
- userdel/groupdel added back into %postun
- useradd/groupadd added to %pre

Sat Aug 9 14:00:00 2003 JP Vossen
- Doubled all percent signs in this changelog due to crazy RH9 RPM bug.
- http://www.fedora.us/pipermail/fedora-devel/2003-June/001561.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88620
- Turn off rpm debug due to RH9 RPM issue
- http://www.cs.helsinki.fi/linux/linux-kernel/2003-15/0763.html
- Removed unnecessary SourceX: since they will be in the tarball

Thu Aug 7 14:00:00 2003 JP Vossen
- Changed perms from 755 to 644 for %{_mandir}/man8/snort.8
*

Sun Aug 3 14:00:00 2003 JP Vossen
- Removed the conf patch (again) as we moved the funcationality
- Added sed to buildrequires and sed it to fix RULE_PATH
- Removed Dan\'s SPEC code that made a default sysconfig/snort file.

Sun Aug 3 14:00:00 2003 JP Vossen
- Trivial changes and additions to documentation and references
- Added --with flexresp option
- Changed libnet buildrequires per Chris
- Added docs and contrib back in, and moved sig docs out of doc.
- Moved CSV and signature \'fixes\' into %install where they should have
- been. Also fixed them.
- Added Dan\'s new snortd and snort.sysconfig
- Commented out alternate method of creating /etc/sysconfig/snort
- Created %{OracleHome}
- Added BuildRequires: findutils
- Uncommented the patch and added the patch file

Sat Jul 26 14:00:00 2003 Daniel Wittenberg
- commented out the patch for now since it doesn\'t exist
- if doing a new install echo \"INTERFACE=eth0\" > /etc/sysconfig/snort
- changed --with-libpcap-includes=/usr/include/pcap to /usr/include since
- that is where the libpcap-snort rpm Chris sent puts things
- added missing \" at the end of the SNORT_BASE_CONFIG
- minor change to the ./configure for plain so it actually works
- during an rpm -e of snort do a rm -f to make it a little more quiet in
- case of problems
- massive re-write of multi-package build system
- initial support for compiling with Oracle

Sun Jul 20 14:00:00 2003 JP Vossen
- Took over maintenance of Snort.org RPM releases just before v2.0.1
- Various cleanup of SPEC file and changes to support building from tarball
- Removed some old packages (like SNMP and Bloat), per Chris
- First attempt at using --with option for multi-package build system
- Added a patch to snort.conf for $RULE_PATH and default output plugins

Wed Sep 25 14:00:00 2002 Chris Green
- updated to 1.9.0

Tue Nov 6 13:00:00 2001 Chris Green
- merged in Hugo\'s changes
- updated to 1.8.3
- fixing symlinks on upgrades

Tue Nov 6 13:00:00 2001 Hugo van der Kooij
- added libpcap to the list as configure couldn\'t find it on RedHat 7.2
- added several packages to the build requirements

Fri Nov 2 13:00:00 2001 Chris Green
- updated to 1.8.2-RELEASE
- adding SQL defines
- created tons of packages so that all popular snort configs are accounted for

Sat Aug 18 14:00:00 2001 Chris Green
- 1.8.1-RELEASE
- cleaned up enough to release to general public

Tue May 8 14:00:00 2001 Chris Green
- moved to 1.8cvs
- changed rules files
- removed initial configuration

Mon Nov 27 13:00:00 2000 Chris Green
- removed strip
- upgrade to cvs version
- moved /var/snort/dev/null creation to install time

Tue Nov 21 13:00:00 2000 Chris Green
- changed to %{SnortPrefix}
- upgrade to patch2

Mon Jul 31 14:00:00 2000 Wim Vandersmissen
- Integrated the -t (chroot) option and build a /home/snort chroot jail
- Installs a statically linked/stripped snort
- Updated /etc/rc.d/init.d/snortd to work with the chroot option

Tue Jul 25 14:00:00 2000 Wim Vandersmissen
- Added some checks to find out if we\'re upgrading or removing the package

Sat Jul 22 14:00:00 2000 Wim Vandersmissen
- Updated to version 1.6.3
- Fixed the user/group stuff (moved to %post)
- Added userdel/groupdel to %postun
- Automagically adds the right IP, nameservers to /etc/snort/rules.base

Sat Jul 8 14:00:00 2000 Dave Wreski
- Updated to version 1.6.2
- Removed references to xntpd
- Fixed minor problems with snortd init script

Fri Jul 7 14:00:00 2000 Dave Wreski
- Updated to version 1.6.1
- Added user/group snort

Sat Jun 10 14:00:00 2000 Dave Wreski
- Added snort init.d script (snortd)
- Added Dave Dittrich\'s snort rules header file (ruiles.base)
- Added Dave Dittrich\'s wget rules fetch script (check-snort)
- Fixed permissions on /var/log/snort
- Created /var/log/snort/archive for archival of snort logs
- Added post/preun to add/remove snortd to/from rc?.d directories
- Defined configuration files as %config

Tue Mar 28 14:00:00 2000 William Stearns
- Quick update to 1.6.
- Sanity checks before doing rm-rf in install and clean

Fri Dec 10 13:00:00 1999 Henri Gomez
- 1.5-0 Initial RPM release


  
ICM