snort-openappid-2.9.7.6-1.fc18.i686
[11.2 MiB] |
Changelog
by Lawrence R. Rogers (2015-08-13):
- Release 2.9.7.6-1
* src/build.h:
updating build number to 285
* src/dynamic-preprocessors/reputation/reputation_config.c:
Fixed unexpected behaviour in reputation config where blacklist is displayed
in priority field even though whitelist option is set [reported by Mike Cox].
* src/preprocessors/Stream6/snort_stream_tcp.c:
Fixed issue where XFF/ExtraData is not always logged when 'drop' rules trigger [reported by Mike Cox].
Fixed issue in TCP session deletion when being called from Stream5 HA.
* src/: active.h, file-process/file_service.c:
ACTIVE_DROP is changed to ACTIVE_FORCE_DROP when file_verdict is pending.
* src/dynamic-preprocessors/appid/fw_appid.c:
Fixed issue where openappid does not provide the Content-Type field for use with CHPAddAction.
* doc/snort_manual.tex:
Corrected errors in snort_manual.tex [reported by Gabriel Corre].
* preproc_rules/preprocessor.rules
src/preprocessors/: session_api.h, snort_httpinspect.c,
HttpInspect/event_output/hi_eo_log.c, HttpInspect/include/hi_eo_events.h
Stream6/snort_stream_tcp.c:
Enhancement done to detect 'SSH tunneling over HTTP'.
* src/sfutil/sfportobject.c:
Fixed Memory leaks [reported by Bill Parker].
* doc/snort_manual.tex:
Corrected the information about unified2 record structure [reported by Avery Rozar].
* etc/snort.conf, src/preprocessors/snort_httpinspect.c,
src/preprocessors/snort_httpinspect.h,
src/preprocessors/HttpInspect/client/hi_client.c,
src/preprocessors/HttpInspect/server/hi_server.c,
src/preprocessors/Stream6/stream_paf.c:
Fixed issue where original client IP in intrusion event is incorrectly
populated with XFF of the last GET request.
* src/preprocessors/: snort_httpinspect.c, snort_httpinspect.h,
HttpInspect/server/hi_server.c,
snort_httpinspect.c, snort_httpinspect.h,
HttpInspect/server/hi_server.c:
Http unlimited decompression will now decompress the entire stream.
* src/decode.c:
Added a check so that min_ttl decoder do not drop packet in alert mode.
* etc/snort.conf, src/preprocessors/snort_httpinspect.c,
src/preprocessors/snort_httpinspect.h,
src/preprocessors/HttpInspect/client/hi_client.c,
src/preprocessors/HttpInspect/server/hi_server.c
Fixed issue where original client IP in intrusion event is incorrectly populated with XFF of the last GET request.
|
snort-openappid-2.9.7.5-1.fc18.i686
[11.2 MiB] |
Changelog
by Lawrence R. Rogers (2015-07-01):
- Release 2.9.7.5-1
* src/build.h:
updating build number to 262
* src/preprocessors/Stream6/snort_stream_tcp.c:
Improved handling of asymmetric traffic
* src/active.c:
Active responses no longer set the FIN flag on the last segment
transmitted
* src/dynamic-preprocessors/appid/luaDetectorApi.c:
Added sanity checks to client api
* doc/snort_manual.pdf,
src/: dynamic-preprocessors/dcerpc2/dce2_paf.c,
dynamic-preprocessors/dnp3/dnp3_paf.c,
dynamic-preprocessors/ftptelnet/snort_ftptelnet.c,
dynamic-preprocessors/imap/imap_paf.c,
dynamic-preprocessors/pop/pop_paf.c,
dynamic-preprocessors/sip/sip_paf.c,
dynamic-preprocessors/smtp/smtp_paf.c,
preprocessors/session_api.h, preprocessors/spp_stream6.c,
preprocessors/stream_api.h,
preprocessors/HttpInspect/utils/hi_paf.c,
preprocessors/Session/session_common.h,
preprocessors/Stream6/snort_stream_tcp.c,
preprocessors/Stream6/snort_stream_tcp.h,
preprocessors/Stream6/stream_paf.c,
preprocessors/Stream6/stream_paf.h:
Multiple PAF clients can Read/Write to the same user data
* src/: file-process/file_api.h, file-process/file_mail_common.h,
file-process/file_mime_process.c,
sfutil/sf_email_attach_decode.c, sfutil/sf_email_attach_decode.h:
Fixed filename parsing from Mime body for UUencoded MIME
* src/preprocessors/perf-base.c,
src/preprocessors/Stream6/snort_stream_tcp.c:
Prunes triggered by timeouts are now accounted by perfmonitor.
* src/preprocessors/spp_session.c:
Log warning instead of Fatal Error
if a stream5_global config is in a non-default policy
* src/detection-plugins/sp_base64_decode.c:
Removed unused checks
* src/snort.c:
Improved reliability of configuration reloads
* src/preprocessors/snort_httpinspect.c:
Fixed issue in http
file processing where SHAs may not always be correct.
* doc/snort_manual.pdf,
src/sfutil/sf_email_attach_decode.c:
Fixed handling new line chars in QP encoding
* src/preprocessors/snort_httpinspect.c:
Fixed inconsistent behavior when configuring "max_gzip_mem -1"
|