From: Priyanka Bangalore Gurudev (prbg) Date: Mon, 31 Jul 2023 15:47:49 +0000 (+0000) Subject: Pull request #3938: build: generate and tag 3.1.67.0 X-Git-Tag: 3.1.67.0^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f940578039138f7a9b97b24f5aca9d1a5284c5c4;p=thirdparty%2Fsnort3.git Pull request #3938: build: generate and tag 3.1.67.0 Merge in SNORT/snort3 from ~PRBG/snort3:build_3.1.67.0 to master Squashed commit of the following: commit 3473c773d17abe367718db98914829680038c401 Author: Priyanka Gurudev Date: Sun Jul 30 10:02:06 2023 -0400 build: generate and tag 3.1.67.0 --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 2f284fbc9..0b7d3649d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project (snort CXX C) set (VERSION_MAJOR 3) set (VERSION_MINOR 1) -set (VERSION_PATCH 66) +set (VERSION_PATCH 67) set (VERSION_SUBLEVEL 0) set (VERSION "${VERSION_MAJOR}.${VERSION_MINOR}.${VERSION_PATCH}.${VERSION_SUBLEVEL}") diff --git a/ChangeLog.md b/ChangeLog.md index 807c50182..8437c99fa 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,27 @@ +2023-07-30: 3.1.67.0 + +* appid: do not raise SMTP response overflow IPS alert on SSL traffic +* appid: SSL regex pattern implementation +* build: fix cstdint related clearlinux errors +* build: fix issues with local build +* build: fix type resolution for OSX build environment +* control: fix descriptor polling implementation (POSIX) +* control: follow code style and formatting +* detection: service_extension config +* flow: fix ha_test use of stack variable +* flow: make sure cpputest mock objects are initialized +* ips_options: remove FIXIT comment from sd_pattern +* lua: change cip binder rule from 22222 to 2222 (thanks to animator-ra on GitHub for this fix). +* main: increase the user policy id range to 0 - 2^64-1 +* perf_mon: continue even when pegcounts can't be resolved +* profiler: handle reload scenarios and tsan issues +* profiler: remove interdependency with time and memory for accumulation +* profiler: shell commands for time profiler +* ssl: extract common name in the SSL certificate using openssl apis +* ssl: parse and publish server common name from server certificate +* ssl: remove wildcard character from common name string extracted from ssl certificate +* style: fix whitespace + 2023-07-14: 3.1.66.0 * appid: cache Complex HTTP Pattern glossary before detectors reload diff --git a/doc/reference/snort_reference.text b/doc/reference/snort_reference.text index 7bbd2ec15..73f6c5cbf 100644 --- a/doc/reference/snort_reference.text +++ b/doc/reference/snort_reference.text @@ -8,7 +8,7 @@ Snort 3 Reference Manual The Snort Team Revision History -Revision 3.1.66.0 2023-07-14 16:06:42 EDT TST +Revision 3.1.67.0 2023-07-30 09:54:39 EDT TST --------------------------------------------------------------------- @@ -601,6 +601,10 @@ Configuration: some speed during config reading) * int detection.max_continuations_per_flow = 1024: maximum number of continuations stored simultaneously on the flow { 0:65535 } + * string detection.service_extension[].service: service to perform + extension for + * string detection.service_extension[].extend_to + [].extend_to_service: service to extend to Peg counts: @@ -924,7 +928,7 @@ Usage: inspect Configuration: * int inspection.id = 0: correlate policy and events with other - items in configuration { 0:65535 } + items in configuration { 0:max64 } * string inspection.uuid: correlate events by uuid * enum inspection.mode = inline-test: set policy mode { inline | inline-test } @@ -954,7 +958,7 @@ Configuration: * bool ips.enable_builtin_rules = false: enable events from builtin rules w/o stubs * int ips.id = 0: correlate unified2 events with configuration { - 0:65535 } + 0:max64 } * string ips.include: snort rules and includes * enum ips.mode: set policy mode { tap | inline | inline-test } * bool ips.obfuscate_pii = true: mask all but the last 4 characters @@ -1127,7 +1131,7 @@ Configuration: * multi network.checksum_eval = all: checksums to verify { all | ip | noip | tcp | notcp | udp | noudp | icmp | noicmp | none } * int network.id = 0: correlate unified2 events with configuration - { 0:max32 } + { 0:18446744073709551614 } * int network.min_ttl = 1: alert / normalize packets with lower TTL / hop limit (you must enable rules and / or normalization also) { 1:255 } @@ -1333,6 +1337,10 @@ Commands: * profiler.rule_status(): print rule profiler status * profiler.rule_dump(output): print rule statistics in table or json format (json format prints dates as Unix epoch) + * profiler.module_start(): enable module time profiling + * profiler.module_stop(): disable module time profiling + * profiler.module_dump(): print module time profiling statistics + * profiler.module_status(): show module time profiler status 2.27. rate_filter @@ -9365,6 +9373,10 @@ libraries see the Getting Started section of the manual. overrides when pattern matching (ie ignore /O) * bool detection.pcre_to_regex = false: enable the use of regex instead of pcre for compatible expressions + * string detection.service_extension[].extend_to + [].extend_to_service: service to extend to + * string detection.service_extension[].service: service to perform + extension for * bool dnp3.check_crc = false: validate checksums in DNP3 link layer frames * string dnp3_func.~: match DNP3 function code or name @@ -9872,7 +9884,7 @@ libraries see the Getting Started section of the manual. * int imap.uu_decode_depth = -1: Unix-to-Unix decoding depth (-1 no limit) { -1:65535 } * int inspection.id = 0: correlate policy and events with other - items in configuration { 0:65535 } + items in configuration { 0:max64 } * int inspection.max_aux_ip = 16: maximum number of auxiliary IPs per flow to detect and save (-1 = disable, 0 = detect but don’t save, 1+ = save in FIFO manner) { -1:127 } @@ -9891,7 +9903,7 @@ libraries see the Getting Started section of the manual. * bool ips.enable_builtin_rules = false: enable events from builtin rules w/o stubs * int ips.id = 0: correlate unified2 events with configuration { - 0:65535 } + 0:max64 } * string ips.include: snort rules and includes * enum ips.mode: set policy mode { tap | inline | inline-test } * bool ips.obfuscate_pii = true: mask all but the last 4 characters @@ -10006,7 +10018,7 @@ libraries see the Getting Started section of the manual. * multi network.checksum_eval = all: checksums to verify { all | ip | noip | tcp | notcp | udp | noudp | icmp | noicmp | none } * int network.id = 0: correlate unified2 events with configuration - { 0:max32 } + { 0:18446744073709551614 } * int network.layers = 40: the maximum number of protocols that Snort can correctly decode { 3:255 } * int network.max_ip6_extensions = 0: the maximum number of IP6 @@ -15590,6 +15602,10 @@ alert is raised by the enhanced JavaScript normalizer. * profiler.rule_status(): print rule profiler status * profiler.rule_dump(output): print rule statistics in table or json format (json format prints dates as Unix epoch) + * profiler.module_start(): enable module time profiling + * profiler.module_stop(): disable module time profiling + * profiler.module_dump(): print module time profiling statistics + * profiler.module_status(): show module time profiler status * reputation.reload(): reload reputation data * rna.dump_macs(): dump rna’s internal MAC trackers * rna.delete_mac_host(mac): delete a MAC from rna’s MAC cache diff --git a/doc/upgrade/snort_upgrade.text b/doc/upgrade/snort_upgrade.text index f79fb2a00..aa9159c6d 100644 --- a/doc/upgrade/snort_upgrade.text +++ b/doc/upgrade/snort_upgrade.text @@ -8,7 +8,7 @@ Snort 3 Upgrade Manual The Snort Team Revision History -Revision 3.1.66.0 2023-07-14 16:07:46 EDT TST +Revision 3.1.67.0 2023-07-30 09:55:44 EDT TST --------------------------------------------------------------------- diff --git a/doc/user/snort_user.text b/doc/user/snort_user.text index 6271f3a57..05f8a4a96 100644 --- a/doc/user/snort_user.text +++ b/doc/user/snort_user.text @@ -8,7 +8,7 @@ Snort 3 User Manual The Snort Team Revision History -Revision 3.1.66.0 2023-07-14 16:07:03 EDT TST +Revision 3.1.67.0 2023-07-30 09:55:01 EDT TST --------------------------------------------------------------------- @@ -734,6 +734,8 @@ Parameter limits: * max32 = 4294967295 * max53 = 9007199254740992 * maxSZ = 9007199254740992 + * max63 = 9223372036854775807 + * max64 = 18446744073709551615 2.4. Plugins