From: russ Date: Thu, 28 Jul 2022 13:44:42 +0000 (-0400) Subject: build: generate and tag 3.1.38.0 X-Git-Tag: 3.1.38.0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1329877d0c4f6f4ab1507e10d165a231fe61bc01;p=thirdparty%2Fsnort3.git build: generate and tag 3.1.38.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index b1efafe8e..9404eff48 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 1) -set (VERSION_PATCH 37) +set (VERSION_PATCH 38) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog b/ChangeLog index b2a2009c7..86776e45b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,23 @@ +2022/07/28 - 3.1.38.0 + +appid: restart inspection for ssl session inside http tunnel +appid: set persistent flag for sunrpc expected session +appid: send more packets to third-party for FTP user name extraction +detection: separate the branch/leaf result to different variables +http_inspect: remove dependency of JS normalization depth on HTTP depth +http_inspect: add more explicit js type values to otag type check +http_inspect: do not stop normalization in case of opening script tag +http2_inspect: add support for GOAWAY frames +http2_inspect: add support for PRIORITY frames +http_inspect: directly call detection +http2_inspect: interface to http_inspect now uses real reassembled packet +pub_sub: add definitions for ssl block and block with reset messages +snort2lua: change the conversion of sensitive data rules +stream: removed all instances of 'cap_weight' config parameter +stream: removed macro references for 'cap_weight' config parameter +utils: add static initialization of norm_names +utils: continue JS normalization after opening tag seen + 2022/07/19 - 3.1.37.0 reputation: print LogMessage in reputation only when in verbose mode diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index 29d8e2dde..cf8cadac7 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.1.37.0 2022-07-18 16:24:41 EDT TST +Revision 3.1.38.0 2022-07-28 09:09:42 EDT TST --------------------------------------------------------------------- @@ -3662,6 +3662,8 @@ Rules: bytes * 121:39 (http2_inspect) not HTTP/2 traffic or unrecoverable HTTP/2 protocol error + * 121:40 (http2_inspect) invalid HTTP/2 PRIORITY frame + * 121:41 (http2_inspect) invalid HTTP/2 GOAWAY frame Peg counts: @@ -5438,28 +5440,16 @@ Configuration: for held packets { 1:max32 } * int stream.ip_cache.idle_timeout = 180: maximum inactive time before retiring session tracker { 1:max32 } - * int stream.ip_cache.cap_weight = 0: additional bytes to track per - flow for better estimation against cap { 0:65535 } * int stream.icmp_cache.idle_timeout = 180: maximum inactive time before retiring session tracker { 1:max32 } - * int stream.icmp_cache.cap_weight = 0: additional bytes to track - per flow for better estimation against cap { 0:65535 } * int stream.tcp_cache.idle_timeout = 3600: maximum inactive time before retiring session tracker { 1:max32 } - * int stream.tcp_cache.cap_weight = 11000: additional bytes to - track per flow for better estimation against cap { 0:65535 } * int stream.udp_cache.idle_timeout = 180: maximum inactive time before retiring session tracker { 1:max32 } - * int stream.udp_cache.cap_weight = 0: additional bytes to track - per flow for better estimation against cap { 0:65535 } * int stream.user_cache.idle_timeout = 180: maximum inactive time before retiring session tracker { 1:max32 } - * int stream.user_cache.cap_weight = 0: additional bytes to track - per flow for better estimation against cap { 0:65535 } * int stream.file_cache.idle_timeout = 180: maximum inactive time before retiring session tracker { 1:max32 } - * int stream.file_cache.cap_weight = 32: additional bytes to track - per flow for better estimation against cap { 0:65535 } Rules: @@ -10658,21 +10648,15 @@ libraries see the Getting Started section of the manual. * implied ssl_version.!tls1.2: check for records that are not tls1.2 * implied ssl_version.tls1.2: check for tls1.2 - * int stream.file_cache.cap_weight = 32: additional bytes to track - per flow for better estimation against cap { 0:65535 } * int stream.file_cache.idle_timeout = 180: maximum inactive time before retiring session tracker { 1:max32 } * bool stream_file.upload = false: indicate file transfer direction * int stream.held_packet_timeout = 1000: timeout in milliseconds for held packets { 1:max32 } - * int stream.icmp_cache.cap_weight = 0: additional bytes to track - per flow for better estimation against cap { 0:65535 } * int stream.icmp_cache.idle_timeout = 180: maximum inactive time before retiring session tracker { 1:max32 } * int stream_icmp.session_timeout = 60: session tracking timeout { 1:max31 } - * int stream.ip_cache.cap_weight = 0: additional bytes to track per - flow for better estimation against cap { 0:65535 } * int stream.ip_cache.idle_timeout = 180: maximum inactive time before retiring session tracker { 1:max32 } * bool stream.ip_frags_only = false: don’t process non-frag flows @@ -10703,8 +10687,6 @@ libraries see the Getting Started section of the manual. direction(s) { either|to_server|to_client|both } * interval stream_size.~range: check if the stream size is in the given range { 0: } - * int stream.tcp_cache.cap_weight = 11000: additional bytes to - track per flow for better estimation against cap { 0:65535 } * int stream.tcp_cache.idle_timeout = 3600: maximum inactive time before retiring session tracker { 1:max32 } * int stream_tcp.flush_factor = 0: flush upon seeing a drop in @@ -10742,14 +10724,10 @@ libraries see the Getting Started section of the manual. * int stream_tcp.small_segments.maximum_size = 0: minimum bytes for a TCP segment not to be considered small (129:12) { 0:2048 } * bool stream_tcp.track_only = false: disable reassembly if true - * int stream.udp_cache.cap_weight = 0: additional bytes to track - per flow for better estimation against cap { 0:65535 } * int stream.udp_cache.idle_timeout = 180: maximum inactive time before retiring session tracker { 1:max32 } * int stream_udp.session_timeout = 30: session tracking timeout { 1:max31 } - * int stream.user_cache.cap_weight = 0: additional bytes to track - per flow for better estimation against cap { 0:65535 } * int stream.user_cache.idle_timeout = 180: maximum inactive time before retiring session tracker { 1:max32 } * int stream_user.session_timeout = 60: session tracking timeout { @@ -13806,6 +13784,15 @@ is not actually using HTTP/2 or some sort of unrecoverable HTTP/2 protocol error has occurred. This conclusion applies only to one direction of the flow. The opposite direction may be OK. +121:40 (http2_inspect) invalid HTTP/2 PRIORITY frame + +Invalid HTTP/2 PRIORITY frame. Stream ID is 0 or length is not 5. + +121:41 (http2_inspect) invalid HTTP/2 GOAWAY frame + +Invalid HTTP/2 GOAWAY frame. R bit is set or stream ID is not 0 or +length is less than 8. + 122:1 (port_scan) TCP portscan Basic one host to one host TCP portscan where multiple TCP ports are diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index 11ff8eb21..b64f8cf30 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.1.37.0 2022-07-18 16:25:29 EDT TST +Revision 3.1.38.0 2022-07-28 09:10:30 EDT TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index 50fdce0ba..a8dd43879 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.1.37.0 2022-07-18 16:24:26 EDT TST +Revision 3.1.38.0 2022-07-28 09:09:27 EDT TST ---------------------------------------------------------------------