From: Steve Chew (stechew) Date: Thu, 16 Jun 2022 22:01:53 +0000 (+0000) Subject: Pull request #3475: build: generate and tag 3.1.32.0 X-Git-Tag: 3.1.32.0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0aff315ad395206c01ac91db1f93453d1852b9f0;p=thirdparty%2Fsnort3.git Pull request #3475: build: generate and tag 3.1.32.0 Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.32.0 to master Squashed commit of the following: commit 2905c73152e863100139167d5e5efaa5c03a0806 Author: Steve Chew Date: Wed Jun 15 09:58:05 2022 -0400 build: generate and tag 3.1.32.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index fe10de3fe..1b67b9188 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 1) -set (VERSION_PATCH 31) +set (VERSION_PATCH 32) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog b/ChangeLog index 23b35afe5..e9344301a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,31 @@ +2022/06/16 - 3.1.32.0 + +appid: config for logging eve process to client mappings +dce_smb: reduce smb_max_credit range to avoid uint16_t overflow +detection: remove redundant FIXIT +ftp_telnet: correct the implementation for check_encrypted and encrypted_data config, handle form-feed as non-encrypted traffic +ftp_telnet: handle all space characters as a seperator between FTP request command and arguments +http_inspect: add explicit check for HTML script opening tag ending +http_inspect: remove unneeded header inclusions and improve cleanup before trailers +ips_options: improve ips_hash and ips_cvs code coverage +log: Fixed missing include for Clear Linux build. +logger: added reload function to create new files when snort reloads +main: add null check for scratch handler +mime: cleanup +modules: resolve int type mismatch in config options +netflow: fix build on MacOS +netflow: implement RNA integration for host/service discovery +netflow: support memcap reconfiguration upon reload +openssl: Openssl minimum version is set to 1.1.1 +profiler: fix issue with negative number cast to unsigned for max_depth +rna: reduce range for ttl, fix cast for df, minor and major options. Thanks to liangxwa01 for pointing this out. +stream_tcp: fix splitter abort handling +stream_tcp: flip the server_side flag in fallback() and assert what it should be +utils, parser: remove redundant fixits +utils: remove curly brace parsing from regex literals +utils: remove redundant checks in regex groups +wizard: use const reference instead of copying + 2022/06/02 - 3.1.31.0 appid: add lock_guard to prevent data race on reload diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index a870b6bda..a9f8b6006 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.1.31.0 2022-06-01 13:59:47 EDT TST +Revision 3.1.32.0 2022-06-15 10:02:53 EDT TST --------------------------------------------------------------------- @@ -2784,7 +2784,7 @@ Configuration: * string dce_smb.smb_invalid_shares: SMB shares to alert on * bool dce_smb.smb_legacy_mode = false: inspect only SMBv1 * int dce_smb.smb_max_credit = 8192: Maximum number of outstanding - request { 1:65536 } + request { 1:65535 } * int dce_smb.memcap = 8388608: Memory utilization limit on smb { 512:maxSZ } @@ -4326,6 +4326,8 @@ Configuration: in bytes, 0 = unlimited { 0:maxSZ } * int netflow.template_memcap = 0: maximum memory for template cache in bytes, 0 = unlimited { 0:maxSZ } + * string netflow.netflow_service_id_path: path to file containing + service IDs for NetFlow Peg counts: @@ -4912,7 +4914,7 @@ Configuration: * int rna.tcp_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.tcp_fingerprints[].type = 0: fingerprint type { 0:max32 } * string rna.tcp_fingerprints[].uuid: fingerprint uuid - * int rna.tcp_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } + * int rna.tcp_fingerprints[].ttl = 0: fingerprint ttl { 0:255 } * string rna.tcp_fingerprints[].tcp_window: fingerprint tcp window * string rna.tcp_fingerprints[].mss = X: fingerprint mss * string rna.tcp_fingerprints[].id = X: id @@ -4934,7 +4936,7 @@ Configuration: * int rna.ua_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.ua_fingerprints[].type = 0: fingerprint type { 0:max32 } * string rna.ua_fingerprints[].uuid: fingerprint uuid - * int rna.ua_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } + * int rna.ua_fingerprints[].ttl = 0: fingerprint ttl { 0:255 } * string rna.ua_fingerprints[].tcp_window: fingerprint tcp window * string rna.ua_fingerprints[].mss = X: fingerprint mss * string rna.ua_fingerprints[].id = X: id @@ -4956,7 +4958,7 @@ Configuration: * int rna.udp_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.udp_fingerprints[].type = 0: fingerprint type { 0:max32 } * string rna.udp_fingerprints[].uuid: fingerprint uuid - * int rna.udp_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } + * int rna.udp_fingerprints[].ttl = 0: fingerprint ttl { 0:255 } * string rna.udp_fingerprints[].tcp_window: fingerprint tcp window * string rna.udp_fingerprints[].mss = X: fingerprint mss * string rna.udp_fingerprints[].id = X: id @@ -4978,7 +4980,7 @@ Configuration: * int rna.smb_fingerprints[].fpid = 0: fingerprint id { 0:max32 } * int rna.smb_fingerprints[].type = 0: fingerprint type { 0:max32 } * string rna.smb_fingerprints[].uuid: fingerprint uuid - * int rna.smb_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } + * int rna.smb_fingerprints[].ttl = 0: fingerprint ttl { 0:255 } * string rna.smb_fingerprints[].tcp_window: fingerprint tcp window * string rna.smb_fingerprints[].mss = X: fingerprint mss * string rna.smb_fingerprints[].id = X: id @@ -9122,7 +9124,7 @@ libraries see the Getting Started section of the manual. * int dce_smb.smb_max_chain = 3: SMB max chain size { 0:255 } * int dce_smb.smb_max_compound = 3: SMB max compound size { 0:255 } * int dce_smb.smb_max_credit = 8192: Maximum number of outstanding - request { 1:65536 } + request { 1:65535 } * multi dce_smb.valid_smb_versions = all: valid SMB versions { v1 | v2 | all } * bool dce_tcp.disable_defrag = false: disable DCE/RPC @@ -9768,6 +9770,8 @@ libraries see the Getting Started section of the manual. shutdown; won’t dump by default * int netflow.flow_memcap = 0: maximum memory for flow record cache in bytes, 0 = unlimited { 0:maxSZ } + * string netflow.netflow_service_id_path: path to file containing + service IDs for NetFlow * bool netflow.rules[].create_host = false: generate a new host event * bool netflow.rules[].create_service = false: generate a new or @@ -10150,7 +10154,7 @@ libraries see the Getting Started section of the manual. * string rna.smb_fingerprints[].mss = X: fingerprint mss * string rna.smb_fingerprints[].tcp_window: fingerprint tcp window * string rna.smb_fingerprints[].topts: fingerprint tcp options - * int rna.smb_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } + * int rna.smb_fingerprints[].ttl = 0: fingerprint ttl { 0:255 } * int rna.smb_fingerprints[].type = 0: fingerprint type { 0:max32 } * enum rna.smb_fingerprints[].ua_type = os: type of user agent fingerprints { os | device | jail-broken | jail-broken-host } @@ -10172,7 +10176,7 @@ libraries see the Getting Started section of the manual. * string rna.tcp_fingerprints[].mss = X: fingerprint mss * string rna.tcp_fingerprints[].tcp_window: fingerprint tcp window * string rna.tcp_fingerprints[].topts: fingerprint tcp options - * int rna.tcp_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } + * int rna.tcp_fingerprints[].ttl = 0: fingerprint ttl { 0:255 } * int rna.tcp_fingerprints[].type = 0: fingerprint type { 0:max32 } * enum rna.tcp_fingerprints[].ua_type = os: type of user agent fingerprints { os | device | jail-broken | jail-broken-host } @@ -10194,7 +10198,7 @@ libraries see the Getting Started section of the manual. * string rna.ua_fingerprints[].mss = X: fingerprint mss * string rna.ua_fingerprints[].tcp_window: fingerprint tcp window * string rna.ua_fingerprints[].topts: fingerprint tcp options - * int rna.ua_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } + * int rna.ua_fingerprints[].ttl = 0: fingerprint ttl { 0:255 } * int rna.ua_fingerprints[].type = 0: fingerprint type { 0:max32 } * enum rna.ua_fingerprints[].ua_type = os: type of user agent fingerprints { os | device | jail-broken | jail-broken-host } @@ -10216,7 +10220,7 @@ libraries see the Getting Started section of the manual. * string rna.udp_fingerprints[].mss = X: fingerprint mss * string rna.udp_fingerprints[].tcp_window: fingerprint tcp window * string rna.udp_fingerprints[].topts: fingerprint tcp options - * int rna.udp_fingerprints[].ttl = 0: fingerprint ttl { 0:256 } + * int rna.udp_fingerprints[].ttl = 0: fingerprint ttl { 0:255 } * int rna.udp_fingerprints[].type = 0: fingerprint type { 0:max32 } * enum rna.udp_fingerprints[].ua_type = os: type of user agent fingerprints { os | device | jail-broken | jail-broken-host } diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index 59d1d2ace..3a948977a 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.1.31.0 2022-06-01 13:59:36 EDT TST +Revision 3.1.32.0 2022-06-15 10:02:42 EDT TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index e12c03655..173b24266 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.1.31.0 2022-06-01 13:59:36 EDT TST +Revision 3.1.32.0 2022-06-15 10:02:42 EDT TST ---------------------------------------------------------------------