From: Priyanka Bangalore Gurudev (prbg) Date: Thu, 4 Sep 2025 20:09:59 +0000 (+0000) Subject: Pull request #4894: build: generate and tag 3.9.5.0 X-Git-Tag: 3.9.5.0 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=59df71026f92b5ecebccec53cc0308c43b9eed9b;p=thirdparty%2Fsnort3.git Pull request #4894: build: generate and tag 3.9.5.0 Merge in SNORT/snort3 from ~PRBG/snort3:build_3.9.5.0 to master Squashed commit of the following: commit 53c1e55430e2903cd0b7ff0f43b66209d183ddb7 Author: Priyanka Gurudev Date: Wed Sep 3 21:40:01 2025 -0400 build: generate and tag 3.9.5.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 54d7c2d53..1eb67a0c5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 9) -set (VERSION_PATCH 4) +set (VERSION_PATCH 5) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog.md b/ChangeLog.md index 32e01ecb7..0579a0bbc 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,22 @@ +2025-09-03: 3.9.5.0 + +* appid: first packet API fixes for using asd instead of odp +* appid: fix multiple mdns issues +* appid: move tls metadata handling into single place +* codecs: override default encode for ciscometadata codec +* control: fix heap-use-after-free in is_local +* decompress: add unit test for vba decompression - infinite loops, divide-by-zero, integer overflow and out-of-bound +* file_api: clear file meta group before setting it during reload +* flow: clear flow ref in pkt on stale flow cleanup +* helpers: add syscall to flush new data written by SigSafePrinter to disk +* http_inspect: partial inspection for headers +* http_inspect: publish OPPORTUNISTIC_TLS +* imap: abort fallback functionality +* mp_dbus: make MPDataBusModule stats thread safe +* protocols: add sanity checks for tcp and ipv4 options to prevent out-of-buffer access +* ssl: fix unit test for OpenSSL v3+ +* watchdog: replace watchdog command with atomic kicking from packet threads + 2025-08-10: 3.9.3.0 * appid: accounting for tmp offset in RPC diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index 122cb23dc..5c5f850ab 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.9.4.0 2025-08-12 10:56:17 EDT TST +Revision 3.9.5.0 2025-09-03 21:10:35 EDT TST --------------------------------------------------------------------- @@ -4081,6 +4081,8 @@ Configuration: bytes to examine (-1 no limit) { -1:max53 } * int http_inspect.response_depth = -1: maximum response message body bytes to examine (-1 no limit) { -1:max53 } + * int http_inspect.partial_depth_header = 0: maximum request header + to send to early detection (0 disabled, -1 no limit) { -1:max53 } * int http_inspect.partial_depth_body = 0: maximum request body to send to early detection (0 disabled, -1 no limit) { -1:16384 } * bool http_inspect.unzip = true: decompress gzip and deflate @@ -10270,6 +10272,8 @@ libraries see the Getting Started section of the manual. URL directory { 1:65535 } * int http_inspect.partial_depth_body = 0: maximum request body to send to early detection (0 disabled, -1 no limit) { -1:16384 } + * int http_inspect.partial_depth_header = 0: maximum request header + to send to early detection (0 disabled, -1 no limit) { -1:max53 } * bool http_inspect.percent_u = false: normalize %uNNNN and %UNNNN encodings * bool http_inspect.plus_to_space = true: replace + with when diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index 3831f98e1..b36a7487f 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.9.4.0 2025-08-12 10:57:24 EDT TST +Revision 3.9.5.0 2025-09-03 21:11:29 EDT TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index 1ff0c2379..500c554b7 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.9.4.0 2025-08-12 10:56:39 EDT TST +Revision 3.9.5.0 2025-09-03 21:10:53 EDT TST --------------------------------------------------------------------- @@ -4094,21 +4094,26 @@ consumes somewhat more of the sensor’s resources. This feature is off by default. script_detection = true will activate it. -5.10.3.4. partial_depth_body - -Partial depth detection is a feature that enables Snort to more -quickly detect and block malicious requests. It is configured by the -partial_depth_body parameter which can take values in the range --1-16384 bytes. The feature is enabled by setting partial_depth_body -to some non zero value. When the feature is enabled and either, the -number of bytes received in the request body is below the value -specified by partial_depth_body, or partial_depth_body is set to -1, -unlimited; it immediately forwards the available part of the message -body for early detection. This enables earlier threat detection but -consumes somewhat more of the sensor’s resources. +5.10.3.4. partial_depth_body and partial_depth_header + +Partial depth detection enables faster threat detection by +immediately forwarding partial message data to the detection engine +before the complete message arrives. This feature can be configured +independently for HTTP request bodies (partial_depth_body) and +headers (partial_depth_header). + +Configuration options: +0 (default): Feature disabled +-1 (unlimited): Enable for all partial messages regardless of size +Positive value: Enable only when received bytes are below the specified threshold + +For HTTP request bodies only, the maximum configurable value is +16,384 bytes. Use partial_depth_body = -1 when early detection is +needed beyond this limit. HTTP headers have no such limitation. This feature is turned off by default by setting partial_depth_body = -0. To activate it, set partial_depth_body to the desired value. +0 and partial_depth_header = 0. To activate it, set the corresponding +parameter to the desired value. 5.10.3.5. gzip