From: Russ Combs (rucombs) Date: Thu, 7 Jul 2022 18:37:03 +0000 (+0000) Subject: Pull request #3501: build: generate and tag 3.1.34.0 X-Git-Tag: 3.1.34.0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8371be234d7b92908d452a69ae02c5347a07d2a;p=thirdparty%2Fsnort3.git Pull request #3501: build: generate and tag 3.1.34.0 Merge in SNORT/snort3 from ~RUCOMBS/snort3:build_3.1.34.0 to master Squashed commit of the following: commit 3638397d75a75c46d6691ebf9cf80aab9b7c2ec7 Author: russ Date: Thu Jul 7 12:10:19 2022 -0400 build: generate and tag 3.1.34.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 5030257ed..38c19866b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 1) -set (VERSION_PATCH 33) +set (VERSION_PATCH 34) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog b/ChangeLog index 414f1e4f1..01e80a748 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ +2022/07/07 - 3.1.34.0 + +build: remove unnecessary type casts +dce_rpc: set presistent flag for dcerpc pinhole session +file_id: fix rules_file path resolution +http2_inspect: consider continuation when checking headers length +log: add log_value and log_limit overloads with built-in integer types +utils: make shutdown timing stats more precise. Thanks to trevor tao for the update. + 2022/06/30 - 3.1.33.0 file_api: implement file type identification over ips engine diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index 61ed731cc..e04dde5b4 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.1.33.0 2022-06-30 07:50:31 EDT TST +Revision 3.1.34.0 2022-07-07 11:57:12 EDT TST --------------------------------------------------------------------- @@ -929,8 +929,6 @@ Configuration: * int ips.id = 0: correlate unified2 events with configuration { 0:65535 } * string ips.include: snort rules and includes - * string ips.includer: for internal use; where includes are - included from { (optional) } * enum ips.mode: set policy mode { tap | inline | inline-test } * bool ips.obfuscate_pii = false: mask all but the last 4 characters of credit card and social security numbers @@ -9722,8 +9720,6 @@ libraries see the Getting Started section of the manual. rules w/o stubs * int ips.id = 0: correlate unified2 events with configuration { 0:65535 } - * string ips.includer: for internal use; where includes are - included from { (optional) } * string ips.include: snort rules and includes * enum ips.mode: set policy mode { tap | inline | inline-test } * bool ips.obfuscate_pii = false: mask all but the last 4 @@ -13798,7 +13794,9 @@ Nonempty HTTP/2 Data frame where a message body was not expected. 121:38 (http2_inspect) HTTP/2 non-Data frame longer than 63780 bytes -HTTP/2 non-Data frame longer than 63780 bytes +HTTP/2 non-Data frame longer than 63780 bytes. For HEADERS and +PUSH_PROMISE frames this includes the size of any following +continuation frames. 121:39 (http2_inspect) not HTTP/2 traffic or unrecoverable HTTP/2 protocol error diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index 589c1c42c..f2ff9da99 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.1.33.0 2022-06-30 07:50:20 EDT TST +Revision 3.1.34.0 2022-07-07 11:58:00 EDT TST --------------------------------------------------------------------- @@ -826,6 +826,7 @@ change -> config 'checksum_mode' ==> 'network.checksum_eval' change -> config 'daq_dir' ==> 'daq.module_dirs' change -> config 'detection_filter' ==> 'alerts.detection_filter_memcap' change -> config 'enable_deep_teredo_inspection' ==> 'udp.deep_teredo_inspection' +change -> config 'enable_mpls_overlapping_ip' ==> 'packets.mpls_agnostic' change -> config 'event_filter' ==> 'alerts.event_filter_memcap' change -> config 'max_attribute_hosts' ==> 'attribute_table.max_hosts' change -> config 'max_attribute_services_per_host' ==> 'attribute_table.max_services_per_host' @@ -865,17 +866,17 @@ change -> daq: 'config daq:' ==> 'name' change -> daq_mode: 'config daq_mode:' ==> 'mode' change -> daq_var: 'config daq_var:' ==> 'variables' change -> detection: 'ac' ==> 'ac_full' -change -> detection: 'ac-banded' ==> 'ac_banded' +change -> detection: 'ac-banded' ==> 'ac_full' change -> detection: 'ac-bnfa' ==> 'ac_bnfa' change -> detection: 'ac-bnfa-nq' ==> 'ac_bnfa' change -> detection: 'ac-bnfa-q' ==> 'ac_bnfa' change -> detection: 'ac-nq' ==> 'ac_full' change -> detection: 'ac-q' ==> 'ac_full' -change -> detection: 'ac-sparsebands' ==> 'ac_sparse_bands' +change -> detection: 'ac-sparsebands' ==> 'ac_full' change -> detection: 'ac-split' ==> 'ac_full' change -> detection: 'ac-split' ==> 'split_any_any' -change -> detection: 'ac-std' ==> 'ac_std' -change -> detection: 'acs' ==> 'ac_sparse' +change -> detection: 'ac-std' ==> 'ac_full' +change -> detection: 'acs' ==> 'ac_full' change -> detection: 'bleedover-port-limit' ==> 'bleedover_port_limit' change -> detection: 'debug-print-fast-pattern' ==> 'show_fast_patterns' change -> detection: 'intel-cpm' ==> 'hyperscan' @@ -884,7 +885,6 @@ change -> detection: 'lowmem-q' ==> 'lowmem' change -> detection: 'max-pattern-len' ==> 'max_pattern_len' change -> detection: 'no_stream_inserts' ==> 'detect_raw_tcp' change -> detection: 'search-method' ==> 'search_method' -change -> detection: 'search-optimize' ==> 'search_optimize' change -> detection: 'split-any-any' ==> 'split_any_any = true by default' change -> detection: 'split-any-any' ==> 'split_any_any' change -> dnp3: 'ports' ==> 'bindings' @@ -962,6 +962,7 @@ change -> rate_filter: 'sig_id' ==> 'sid' change -> reputation: 'shared_mem' ==> 'list_dir' change -> sfportscan: 'proto' ==> 'protos' change -> sfportscan: 'scan_type' ==> 'scan_types' +change -> sip: 'max_requestName_len' ==> 'max_request_name_len' change -> sip: 'ports' ==> 'bindings' change -> smtp: 'ports' ==> 'bindings' change -> ssh: 'server_ports' ==> 'bindings' @@ -1027,6 +1028,7 @@ deleted -> config 'disable_decode_drops' deleted -> config 'disable_inline_init_failopen' deleted -> config 'disable_ipopt_alerts' deleted -> config 'disable_ipopt_drops' +deleted -> config 'disable_replace' deleted -> config 'disable_tcpopt_alerts' deleted -> config 'disable_tcpopt_drops' deleted -> config 'disable_tcpopt_experimental_alerts' @@ -1043,6 +1045,7 @@ deleted -> config 'enable_decode_oversized_alerts' deleted -> config 'enable_decode_oversized_drops' deleted -> config 'enable_gtp' deleted -> config 'enable_ipopt_drops' +deleted -> config 'enable_mpls_multicast' deleted -> config 'enable_tcpopt_drops' deleted -> config 'enable_tcpopt_experimental_drops' deleted -> config 'enable_tcpopt_obsolete_drops' @@ -1064,10 +1067,12 @@ deleted -> config 'sfalert_unified2' deleted -> config 'sflog_unified2' deleted -> config 'sidechannel' deleted -> config 'so_rule_memcap' +deleted -> config 'stateful' deleted -> csv: ' can no longer be specific' deleted -> csv: 'default' deleted -> csv: 'trheader' deleted -> detection: 'mwm' +deleted -> detection: 'search-optimize is always true' deleted -> dnp3: 'disabled' deleted -> dnp3: 'memcap' deleted -> dns: 'enable_experimental_types' @@ -1081,6 +1086,8 @@ deleted -> ftp_telnet_protocol: 'detect_anomalies' deleted -> full: ' can no longer be specific' deleted -> http_inspect: 'detect_anomalous_servers' deleted -> http_inspect: 'disabled' +deleted -> http_inspect: 'fast_blocking' +deleted -> http_inspect: 'normalize_random_nulls_in_text' deleted -> http_inspect: 'proxy_alert' deleted -> http_inspect_server: 'allow_proxy_use' deleted -> http_inspect_server: 'enable_cookie' @@ -1158,6 +1165,7 @@ deleted -> stream5_tcp: 'ignore_any_rules' deleted -> stream5_tcp: 'log_asymmetric_traffic' deleted -> stream5_tcp: 'policy noack' deleted -> stream5_tcp: 'policy unknown' +deleted -> stream5_tcp: 'use_static_footprint_sizes' deleted -> stream5_udp: 'ignore_any_rules' deleted -> tcpdump: ' can no longer be specific' deleted -> test: 'file' diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index 6f0799a2e..9460962e9 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.1.33.0 2022-06-30 07:50:20 EDT TST +Revision 3.1.34.0 2022-07-07 11:56:57 EDT TST ---------------------------------------------------------------------