Pull request #4156: build: generate and tag 3.1.77.0

Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.77.0 to master

Squashed commit of the following:

commit 1a7cd88c533952f1b55a1aa9ef367edc245019a3
Author: Priyanka Gurudev <prbg@cisco.com>
Date:   Wed Dec 20 20:42:30 2023 -0500

    build: generate and tag 3.1.77.0

diff --git a/CMakeLists.txt b/CMakeLists.txt
index ceb70d8aa13cc3a40e7230957dfd1a79ac377699..5fa6f075244c1fa9f0f046503727cf75c99504b8 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -3,7 +3,7 @@ project (snort CXX C)
 
 set (VERSION_MAJOR 3)
 set (VERSION_MINOR 1)
-set (VERSION_PATCH 76)
+set (VERSION_PATCH 77)
 set (VERSION_SUBLEVEL 0)
 set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}")
 

diff --git a/ChangeLog.md b/ChangeLog.md
index efb9789d4c907a5a176055b7c9497124620ff694..0a16fa0fd211b12aa8f8f33df48e71a1a00219df 100644 (file)
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,24 @@
+2023-12-20: 3.1.77.0
+
+* appid: add http3 to the list of ssl protocols as http3 will always be inside quic and encrypted
+* appid: do not delete hsession for http3
+* appid: fix coverity issues
+* appid: lua logging doc update
+* build: arm compilation support
+* catch: add boost software license for catch.hpp
+* detection: adjust built-in GID range to 40-999
+* detection: collect matched buffers on IpsContext
+* flow: add tenant ID to FlowKey
+* host_cache: fix race condition on peg counts
+* http_inspect: publish HTTP/1 request bodies, track MIME boundary
+* main: fix reload_id data race
+* parser: add CWD to conf search order
+* profiler: change time tracking for "rule_time (%)" field in rule_profiler output
+* profiler: dump memory profiler stats at frequent interval
+* pub_sub: add get_client_body and is_mime methods
+* ssl: stopping inspection once client or server app packet is found
+* utils: add get_file_size
+
 2023-12-03: 3.1.76.0
 
 * appid: added missed cppcheck warning

diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text
index f7de7c9421c932addfd387e8e16c75cb82de8366..124f56ca23f42bc2d445b5248b33f7610fddd1ee 100644 (file)
--- a/doc/reference/snort_reference.text
+++ b/doc/reference/snort_reference.text
@@ -8,7 +8,7 @@ Snort 3 Reference Manual
 The Snort Team
 
 Revision History
-Revision 3.1.76.0 2023-12-03 22:56:58 EST TST
+Revision 3.1.77.0 2023-12-21 17:02:00 EST TST
 
 ---------------------------------------------------------------------
 
@@ -670,6 +670,8 @@ Peg counts:
     by matched continuations (sum)
   * detection.cont_mismatch_distance: total number of bytes jumped
     over by mismatched continuations (sum)
+  * detection.buf_dumps: total number of IPS buffers collected from
+    matched rules (sum)
 
 
 2.8. event_filter
@@ -1328,6 +1330,8 @@ Configuration:
     none | allocations | total_used | avg_allocation }
   * int profiler.memory.max_depth = -1: limit depth to max_depth (-1
     = no limit) { -1:255 }
+  * int profiler.memory.dump_file_size = 1073741824: files will be
+    rolled over if they exceed this size { 4096:max53 }
   * bool profiler.rules.show = true: show rule time profile stats
   * int profiler.rules.count = 0: print results to given level (0 =
     all) { 0:max32 }
@@ -3929,9 +3933,9 @@ Configuration:
   * string http_inspect.xff_headers = x-forwarded-for true-client-ip:
     specifies the xff type headers to parse and consider in the same
     order of preference as defined
-  * bool http_inspect.request_body_app_detection = true: make HTTP/2
+  * bool http_inspect.request_body_app_detection = true: make HTTP
     request message bodies available for application detection
-    (detection requires AppId)
+    (AppId) and other inspectors
   * string http_inspect.allowed_methods: list of allowed methods
   * string http_inspect.disallowed_methods: list of disallowed
     methods
@@ -8581,6 +8585,9 @@ Configuration:
   * bool alert_fast.file = false: output to alert_fast.txt instead of
     stdout
   * bool alert_fast.packet = false: output packet dump with alert
+  * bool alert_fast.buffers = false: output IPS buffer dump
+  * int alert_fast.buffers_depth = 0: number of IPS buffer bytes to
+    dump per buffer (0 is unlimited) { 0:maxSZ }
   * int alert_fast.limit = 0: set maximum size in MB before rollover
     (0 is unlimited) { 0:maxSZ }
 
@@ -9053,6 +9060,9 @@ libraries see the Getting Started section of the manual.
     character sequence
   * bool alert_ex.upper = false: true/false → convert to upper/lower
     case
+  * int alert_fast.buffers_depth = 0: number of IPS buffer bytes to
+    dump per buffer (0 is unlimited) { 0:maxSZ }
+  * bool alert_fast.buffers = false: output IPS buffer dump
   * bool alert_fast.file = false: output to alert_fast.txt instead of
     stdout
   * int alert_fast.limit = 0: set maximum size in MB before rollover
@@ -9725,9 +9735,9 @@ libraries see the Getting Started section of the manual.
     encodings
   * bool http_inspect.plus_to_space = true: replace + with <sp> when
     normalizing URIs
-  * bool http_inspect.request_body_app_detection = true: make HTTP/2
+  * bool http_inspect.request_body_app_detection = true: make HTTP
     request message bodies available for application detection
-    (detection requires AppId)
+    (AppId) and other inspectors
   * int http_inspect.request_depth = -1: maximum request message body
     bytes to examine (-1 no limit) { -1:max53 }
   * int http_inspect.response_depth = -1: maximum response message
@@ -10337,6 +10347,8 @@ libraries see the Getting Started section of the manual.
     (seconds, 0 to disable) { 0:60 }
   * int profiler.memory.count = 0: limit results to count items per
     level (0 = no limit) { 0:max32 }
+  * int profiler.memory.dump_file_size = 1073741824: files will be
+    rolled over if they exceed this size { 4096:max53 }
   * int profiler.memory.max_depth = -1: limit depth to max_depth (-1
     = no limit) { -1:255 }
   * bool profiler.memory.show = true: show module memory profile
@@ -11488,6 +11500,8 @@ libraries see the Getting Started section of the manual.
   * detection.alt_searches: alt fast pattern searches in packet data
     (sum)
   * detection.analyzed: total packets processed (now)
+  * detection.buf_dumps: total number of IPS buffers collected from
+    matched rules (sum)
   * detection.cont_creations: total number of continuations created
     (sum)
   * detection.cont_evals: total number of condition-met continuations

diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text
index dd43481a11ded4cdc6021a390dfe0cd4fb9c9e90..ccbe235c7a6768541576aa70b2ce9904318a4590 100644 (file)
--- a/doc/upgrade/snort_upgrade.text
+++ b/doc/upgrade/snort_upgrade.text
@@ -8,7 +8,7 @@ Snort 3 Upgrade Manual
 The Snort Team
 
 Revision History
-Revision 3.1.76.0 2023-12-03 22:58:05 EST TST
+Revision 3.1.77.0 2023-12-21 17:03:07 EST TST
 
 ---------------------------------------------------------------------
 

diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text
index 28717da0017323f4921cfde4c9b01093e38b6e50..132da95c5bd44174962552a7dd484093d260572e 100644 (file)
--- a/doc/user/snort_user.text
+++ b/doc/user/snort_user.text
@@ -8,7 +8,7 @@ Snort 3 User Manual
 The Snort Team
 
 Revision History
-Revision 3.1.76.0 2023-12-03 22:57:21 EST TST
+Revision 3.1.77.0 2023-12-21 17:02:23 EST TST
 
 ---------------------------------------------------------------------
 
@@ -433,6 +433,7 @@ the following order:
  2. Snort will try the directory containing the including file.
  3. Snort will try the directory containing the -c configuration
     file.
+ 4. Snort will try the current working directory.
 
 Some things to keep in mind: