From: Steve Chew (stechew) Date: Mon, 7 Nov 2022 20:21:50 +0000 (+0000) Subject: Pull request #3655: build: generate and tag 3.1.46.0 X-Git-Tag: 3.1.47.0~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7070c568234d623426bd9b9bd444f319a158fa46;p=thirdparty%2Fsnort3.git Pull request #3655: build: generate and tag 3.1.46.0 Merge in SNORT/snort3 from ~STECHEW/snort3:build_3.1.46.0 to master Squashed commit of the following: commit a52e843f4354300a9ca301a6f37b1bf4efec0a4d Author: Steve Chew Date: Sun Nov 6 23:50:43 2022 -0500 build: generate and tag 3.1.46.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index af463b95b..98739843a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 1) -set (VERSION_PATCH 45) +set (VERSION_PATCH 46) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog.md b/ChangeLog.md index 608724a7e..6322750e5 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,20 @@ +2022-11-04: 3.1.46.0 + +* appid: check for empty patterns in lua detector api input +* appid: publish client and payload ids set in eve process event handler and ssl lookup api only after appid discovery is complete +* detection: add config option for SSE +* detection: skip a rule variable copy for a single-branched node +* doc: add information about handling multiple detection in SSE +* doc: specified which packages are sent on rejection +* helpers: fix duplicate scratch_handler +* http_inspect: add override to destructor +* http_inspect: move LiteralSearch::setup for http_param to its module +* main: add variables to lua environment +* netflow: if LAST_SWITCHED isn't provided, use packet time +* parser: improve port_object hash function +* ports: align fields of PortObject and PortObject2 +* ports: enable checks in debug build only + 2022-10-25: 3.1.45.0 * detection: check Pig run number in node state conditions. Fixes crash introduced in 3.1.44.0. diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index 12f1ed96c..76a85cff9 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.1.45.0 2022-10-25 11:19:35 EDT TST +Revision 3.1.46.0 2022-11-06 23:55:31 EST TST --------------------------------------------------------------------- @@ -598,6 +598,8 @@ Configuration: * bool detection.enable_strict_reduction = false: enable strict deduplication of rule headers by ports (saves memory, but loses some speed during config reading) + * int detection.max_continuations_per_flow = 1024: maximum number + of continuations stored simultaneously on the flow { 0:65535 } Peg counts: @@ -9277,6 +9279,8 @@ libraries see the Getting Started section of the manual. against all policies * bool detection.hyperscan_literals = false: use hyperscan for content literal searches instead of boyer-moore + * int detection.max_continuations_per_flow = 1024: maximum number + of continuations stored simultaneously on the flow { 0:65535 } * int detection.offload_limit = 99999: minimum sizeof PDU to offload fast pattern search (defaults to disabled) { 0:max32 } * int detection.offload_threads = 0: maximum number of simultaneous diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index 37d15dfc2..fb541970a 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.1.45.0 2022-10-25 11:19:21 EDT TST +Revision 3.1.46.0 2022-11-06 23:55:16 EST TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index bab3fc305..ad411dd08 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.1.45.0 2022-10-25 11:19:21 EDT TST +Revision 3.1.46.0 2022-11-06 23:55:16 EST TST --------------------------------------------------------------------- @@ -370,6 +370,18 @@ with a lua config using -c option. SNORT_PATCH_VERSION = 2 + * SNORT_DEP_VERSIONS: Snort dependencies version numbers table. If + snort wasn’t built with some dependency, its value will be nil. + + SNORT_DEP_VERSIONS.DAQ = 3.0.7 + SNORT_DEP_VERSIONS.LUAJIT = 2.1.0 + SNORT_DEP_VERSIONS.OPENSSL = 3.0.5 + SNORT_DEP_VERSIONS.LIBPCAP = 1.9.1 + SNORT_DEP_VERSIONS.PCRE = 8.45 + SNORT_DEP_VERSIONS.ZLIB = 1.2.11 + SNORT_DEP_VERSIONS.HYPERSCAN = 5.4.8 + SNORT_DEP_VERSIONS.LZMA = 5.0.5 + 1.2.4. Whitelist When Snort is run with the --warn-conf-strict option, warnings will @@ -1723,8 +1735,8 @@ This section explains how to use key features of Snort. Snort can take more active role in securing network by sending active responses to shutdown offending sessions. When active responses is -enabled, snort will send TCP RST or ICMP unreachable when dropping a -session. +enabled, snort will send TCP RST and ICMP unreachable when dropping a +TCP session and ICMP unreachable packets for UDP. 5.1.1. Changes from Snort 2.9 @@ -1785,8 +1797,8 @@ active = 5.1.3. Reject IPS action reject perform active response to shutdown hostile network -session by injecting TCP resets (TCP connections) or ICMP unreachable -packets. +session by injecting TCP resets and ICMP unreachable for TCP +connections, and ICMP unreachable packets for UDP. Example: