Bug 900 - [UPDATE REQUEST] snort
: [UPDATE REQUEST] snort
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Marathon
: All Linux
: Normal normal
: ---
Assigned To: Ilya Porvin
: ROSA Linux Bugs
:
Depends on: 980
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-11 20:33 MSD by Dmitry Romashkin
Modified: 2015-03-25 16:50 MSK (History)
4 users (show)

See Also:
RPM Package: snort
ISO-related:
Bad POT generating:
Upstream:
danila.leontiev: secteam_verified+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry Romashkin 2012-10-11 20:33:51 MSD
Update request for latest stable release of snort with some bug fixes.

References:
http://www.snort.org/snort-downloads
Comment 1 Danila Leontiev 2012-10-14 16:49:45 MSD
Advisory: 
Description:
Snort 2.9.3.1
    * src/sfutil/acsmx2.c: 
      Release memory during return. 

    * src/dynamic-preprocessors/sip/sip_config.c: 
      Free method struct when method->methodName is NULL.

    * src/: detection-plugins/detection_options.c,
	  detection-plugins/sp_byte_check.c,
	  detection-plugins/sp_byte_extract.c,
	  detection-plugins/sp_byte_jump.c, dynamic-plugins/sp_dynamic.c,
	  dynamic-plugins/sp_preprocopt.c:
      Fix constant expression in hashing routines for 64bit platforms.

    * src/dynamic-preprocessors/dcerpc2/dce2_smb.c: 
      Fix Samba chained OpenAndX -> Write command handling.  

    * src/active.c: 
      Check for TCP RST flag regardless of other flags to block resetting 
      resets.

    * src/: active.c, decode.c, detection-plugins/sp_pcre.c,
	  dynamic-plugins/sf_convert_dynamic.c,
	  dynamic-plugins/sf_dynamic_plugins.c,
	  dynamic-plugins/sf_dynamic_preprocessor.h,
	  dynamic-plugins/sp_dynamic.c,
	  dynamic-preprocessors/dnp3/dnp3_map.c,
	  dynamic-preprocessors/reputation/reputation_config.c,
	  dynamic-preprocessors/sdf/spp_sdf.c,
	  dynamic-preprocessors/sip/sip_config.c,
	  dynamic-preprocessors/sip/sip_roptions.c,
	  dynamic-preprocessors/smtp/spp_smtp.c,
	  output-plugins/spo_alert_unixsock.c,
	  preprocessors/spp_httpinspect.c, preprocessors/spp_perfmonitor.c,
	  preprocessors/HttpInspect/client/hi_client.c,
	  preprocessors/HttpInspect/server/hi_server.c,
	  sfutil/bnfa_search.c, sfutil/sf_iph.c,
	  target-based/sf_attribute_table_parser.l:
       Parse time memory cleanup

    * src/dynamic-preprocessors/dcerpc2/dce2_utils.h:
       Fixed issue on big endian systems where behaviour was incorrect.


References:
http://www.snort.org/snort-downloads

buildlists:
https://abf.rosalinux.ru/build_lists/751641
https://abf.rosalinux.ru/build_lists/751642 (64)
Comment 2 Vladimir Potapov 2012-10-17 16:33:56 MSD
How to test this package?

starting snort: [FAILED]
snort.service: control process exited, code=exited status=1
Comment 3 Alexander Burmashev 2012-10-17 16:34:50 MSD
what does `systemctl status snort.service`  says ?
Comment 4 Dmitry Romashkin 2012-10-17 16:59:26 MSD
Need to add some to config.
Comment 5 Vladimir Potapov 2012-10-18 02:55:25 MSD
systemctl status snort.service
snort.service - LSB: Start/Stop the snort IDS daemon.
          Loaded: loaded (/etc/rc.d/init.d/snort)
          Active: failed since Thu, 18 Oct 2012 07:50:59 +0900; 1min 53s ago
         Process: 2413 ExecStart=/etc/rc.d/init.d/snort start (code=exited, status=1/FAILURE)
          CGroup: name=systemd:/system/snort.service
Comment 6 Dmitry Romashkin 2012-10-19 13:09:08 MSD
Updated spec and config. For build on ABF first need to publish libdaq from #980.

How to do simple test of Snort later.

1) From root run
snort -c /etc/snort/snort.conf -l /var/log/snort
2) ping google.com
3) Look logs at /var/log/snort/
Comment 7 alexander barakin 2012-12-21 17:59:19 MSK
(In reply to comment #6)
> Updated spec and config. For build on ABF first need to publish libdaq from
> #980.

libdaq published a long time ago.
probably need to repeat the request.
Comment 8 Denis Silakov 2015-03-25 16:50:12 MSK
This will be finally fixed in the next Enterprise release.

We are not going to push this update to old Marathon, since it doesn't contain security or crucial bug fixes.