PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
authorRich Burridge <rich.burridge@oracle.com>
Mon, 10 Nov 2014 19:14:43 -0800
changeset 2198 168b8acace5f
parent 2197 22c15b329605
child 2199 ce636b4fc3b2
PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2 PSARC 2014/347 snort 2.9.6.2 16915792 The default state of the snort.conf file should be reexamined. 16915848 snort should put files under /etc/snort not directly under /etc 19557337 ipfw DAQ module shouldn't be enabled on Solaris 19696371 Update daq to version 2.0.2 19696436 Update snort to version 2.9.6.2
components/daq/Makefile
components/daq/daq.p5m
components/snort/Makefile
components/snort/Solaris/snort.pc
components/snort/Solaris/snort_preproc.pc
components/snort/patches/snort.8.patch
components/snort/patches/snort.c.patch
components/snort/patches/snort.conf.patch
components/snort/patches/solaris-build.patch
components/snort/resolve.deps
components/snort/snort.p5m
--- a/components/daq/Makefile	Mon Nov 10 15:24:46 2014 -0800
+++ b/components/daq/Makefile	Mon Nov 10 19:14:43 2014 -0800
@@ -23,16 +23,16 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		daq
-COMPONENT_VERSION=	0.6.2
+COMPONENT_VERSION=	2.0.2
 COMPONENT_PROJECT_URL=	http://www.snort.org/
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:0159865b5dc127ed2faf8d6732d781939f27e38b7c7deabcd369a22ea9e42f26
-COMPONENT_ARCHIVE_URL=	$(COMPONENT_PROJECT_URL)downloads/1525
+    sha256:d65d1e67c4994e02c3142c49a648642e780b7e3d942b4a51f605309beac269a8
+COMPONENT_ARCHIVE_URL=	http://sourceforge.net/projects/snort/files/snort/$(COMPONENT_ARCHIVE)/download
 COMPONENT_BUGDB=	library/daq
 
-TPNO=			11060
+TPNO=			19384
 
 include ../../make-rules/prep.mk
 include ../../make-rules/configure.mk
@@ -46,6 +46,7 @@
 # Set -m32 or -m64 correctly for 32 and 64 bit versions.
 CC +=		$(CC_BITS)
 
+CONFIGURE_OPTIONS +=	--disable-ipfw-module
 CONFIGURE_OPTIONS +=    --enable-static=no
 CONFIGURE_OPTIONS +=	CFLAGS="$(CFLAGS)"
 
--- a/components/daq/daq.p5m	Mon Nov 10 15:24:46 2014 -0800
+++ b/components/daq/daq.p5m	Mon Nov 10 19:14:43 2014 -0800
@@ -30,29 +30,28 @@
     value=org.opensolaris.category.2008:System/Libraries
 set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
 set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
-set name=org.opensolaris.arc-caseid value=PSARC/2012/203
+set name=org.opensolaris.arc-caseid value=PSARC/2012/203 value=PSARC/2014/346
 set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
 file path=usr/bin/daq-modules-config
+file path=usr/bin/$(MACH64)/daq-modules-config
 file path=usr/include/daq.h
 file path=usr/include/daq_api.h
 file path=usr/include/daq_common.h
 file path=usr/include/sfbpf.h
 file path=usr/include/sfbpf_dlt.h
 file path=usr/lib/$(MACH64)/daq/daq_dump.so
-file path=usr/lib/$(MACH64)/daq/daq_ipfw.so
 file path=usr/lib/$(MACH64)/daq/daq_pcap.so
-link path=usr/lib/$(MACH64)/libdaq.so target=libdaq.so.0.0.1
-link path=usr/lib/$(MACH64)/libdaq.so.0 target=libdaq.so.0.0.1
-file path=usr/lib/$(MACH64)/libdaq.so.0.0.1
+link path=usr/lib/$(MACH64)/libdaq.so target=libdaq.so.$(COMPONENT_VERSION)
+link path=usr/lib/$(MACH64)/libdaq.so.2 target=libdaq.so.$(COMPONENT_VERSION)
+file path=usr/lib/$(MACH64)/libdaq.so.$(COMPONENT_VERSION)
 link path=usr/lib/$(MACH64)/libsfbpf.so target=libsfbpf.so.0.0.1
 link path=usr/lib/$(MACH64)/libsfbpf.so.0 target=libsfbpf.so.0.0.1
 file path=usr/lib/$(MACH64)/libsfbpf.so.0.0.1
 file path=usr/lib/daq/daq_dump.so
-file path=usr/lib/daq/daq_ipfw.so
 file path=usr/lib/daq/daq_pcap.so
-link path=usr/lib/libdaq.so target=libdaq.so.0.0.1
-link path=usr/lib/libdaq.so.0 target=libdaq.so.0.0.1
-file path=usr/lib/libdaq.so.0.0.1
+link path=usr/lib/libdaq.so target=libdaq.so.$(COMPONENT_VERSION)
+link path=usr/lib/libdaq.so.2 target=libdaq.so.$(COMPONENT_VERSION)
+file path=usr/lib/libdaq.so.$(COMPONENT_VERSION)
 link path=usr/lib/libsfbpf.so target=libsfbpf.so.0.0.1
 link path=usr/lib/libsfbpf.so.0 target=libsfbpf.so.0.0.1
 file path=usr/lib/libsfbpf.so.0.0.1
--- a/components/snort/Makefile	Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/Makefile	Mon Nov 10 19:14:43 2014 -0800
@@ -26,21 +26,23 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		snort
-COMPONENT_VERSION=	2.9.2
+COMPONENT_VERSION=	2.9.6.2
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:04d375b627dd256d6257f2cbe5a770e4552e3f35d5e2100b97f75426b600d8cb
+    sha256:8e1d7fc5e1523a786d845ca0102cc474abfcebfcc7e964a1653680034b5b5d77
 COMPONENT_PROJECT_URL=	http://www.snort.org/
-COMPONENT_ARCHIVE_URL=	$(COMPONENT_PROJECT_URL)dl/snort-current/$(COMPONENT_ARCHIVE)
+COMPONENT_ARCHIVE_URL=	http://sourceforge.net/projects/snort.mirror/files/Snort%202.9.6.2/$(COMPONENT_ARCHIVE)/download
 COMPONENT_BUGDB=	utility/snort
 
-TPNO=			9027
+TPNO=			19385
 
 include ../../make-rules/prep.mk
 include ../../make-rules/configure.mk
 include ../../make-rules/ips.mk
 
+PATCH_LEVEL =		0
+
 # without this we bus error on sparc. sadly I don't see any patches
 # that might relate from the upstream (though maybe that's really
 # "happily", as this is simpler)
@@ -49,6 +51,11 @@
 # Need to recreate the configure script for gethrtime checks.
 COMPONENT_PREP_ACTION +=	(cd $(@D); autoconf);
 
+# This option has the side-effect of getting the bindir lines correct in
+# snort_output.pc, snort_preproc.pc and snort.pc under
+# /usr/lib/$(MACH64)/pkgconfig/
+CONFIGURE_OPTIONS +=	--bindir=/usr/bin
+
 CONFIGURE_OPTIONS +=	--with-libpcre-libraries="/usr/lib/$(MACH64)"
 CONFIGURE_OPTIONS +=	--with-dnet-libraries="/usr/lib/$(MACH64)"
 CONFIGURE_OPTIONS +=	--without-mysql
--- a/components/snort/Solaris/snort.pc	Mon Nov 10 15:24:46 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,11 +0,0 @@
-prefix=/usr
-exec_prefix=${prefix}
-libdir=/usr/lib/64
-includedir=${prefix}/include
-
-Name: Snort
-Description: Snort dynamic plugins/detection/rules
-URL: www.snort.org
-Version: 2.9.2
-Libs: -L${libdir} -lcurl -lz -ldnet -lpcre -lpcap -lsocket -lnsl -lrt -luuid -lm -ldl -ldaq -lpthread
-Cflags: -m64 -mt -I/usr/include/pcre -DDYNAMIC_PLUGIN -DZLIB -DGRE -DMPLS -DPREPROCESSOR_AND_DECODER_RULE_EVENTS -DPPM_MGR -DENABLE_PAF -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3 -DBSD_COMP -D_REENTRANT -DSF_WCHAR -DSUP_IP6 -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD -DNORMALIZER -DACTIVE_RESPONSE
--- a/components/snort/Solaris/snort_preproc.pc	Mon Nov 10 15:24:46 2014 -0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-prefix=/usr
-exec_prefix=${prefix}
-libdir=/usr/lib/64
-package=snort
-includedir=${prefix}/include
-
-Name: Snort
-Description: Snort dynamic preprocessors
-URL: www.snort.org
-Version: 2.9.2
-Libs: -L${libdir}/${package}/dynamic_preproc -lsf_dynamic_preproc
-Cflags: -I/usr/include/pcre -I${includedir}/${package}/dynamic_preproc  -DBSD_COMP -D_REENTRANT -DSF_WCHAR -DSUP_IP6 -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD -DNORMALIZER -DACTIVE_RESPONSE
--- a/components/snort/patches/snort.8.patch	Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/patches/snort.8.patch	Mon Nov 10 19:14:43 2014 -0800
@@ -1,7 +1,10 @@
-Adjust snort man page to be in section 1M.
+Adjust snort man page to be in section 1M and fix the comments w.r.t.
+configuration file usage with the -T option.
 
---- snort-2.9.2/snort.8.orig	2013-03-18 12:26:58.589074327 -0700
-+++ snort-2.9.2/snort.8	2013-03-18 12:28:26.378646691 -0700
+The second part of this patch (the -T changes) has been submitted upstream.
+
+--- snort.8.orig	2014-09-25 07:44:55.175565999 -0700
++++ snort.8	2014-09-26 11:19:43.998692220 -0700
 @@ -1,8 +1,8 @@
  .\" Process this file with
 -.\" groff -man -Tascii snort.8
@@ -13,7 +16,17 @@
  .SH NAME
  Snort \- open source network intrusion detection system
  .SH SYNOPSIS
[email protected]@ -913,15 +913,15 @@
[email protected]@ -339,8 +339,7 @@
+ indicating that everything is ready to proceed.  This is a good
+ switch to use if daemon mode is going to be used, it verifies that
+ the Snort configuration that is about to be used is valid and won't fail at
+-run time. Note, Snort looks for either /etc/snort.conf or ./snort.conf.
+-If your config lives elsewhere, use the -c option to specify a valid
++run time. Note that you will need to use the -c option to specify a valid
+ .I config-file.
+ .IP "-u user"
+ Change the user/UID Snort runs under to
[email protected]@ -930,15 +929,15 @@
  Causes the daemon to close all opened files and restart.
  Please \fBnote\fR that this will only work if the \fBfull\fR pathname is
  used to invoke snort in daemon mode, otherwise snort will just exit with an
--- a/components/snort/patches/snort.c.patch	Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/patches/snort.c.patch	Mon Nov 10 19:14:43 2014 -0800
@@ -6,7 +6,7 @@
 On Linux systems, DAQ installs two static libraries:
 
   /usr/lib/libdaq_static.a
-  /usr/lib/libdaq_static_modules.a 
+  /usr/lib/libdaq_static_modules.a
 
 When snort is being configured, you see:
 
@@ -43,16 +43,15 @@
 
   /usr/lib/64/daq
 
-
---- snort-2.9.2/src/snort.c.orig	2013-05-15 11:52:06.640833897 -0700
-+++ snort-2.9.2/src/snort.c	2013-05-15 11:58:03.040482526 -0700
[email protected]@ -3677,6 +3677,9 @@
+--- src/snort.c.orig	2014-09-25 07:53:43.356728058 -0700
++++ src/snort.c	2014-09-25 07:55:05.650780347 -0700
[email protected]@ -4039,6 +4039,9 @@
  {
      SnortConfig *sc = (SnortConfig *)SnortAlloc(sizeof(SnortConfig));
  
 +    /* Define where to look for DAQ modules. */
 +    ConfigDaqDir(sc, "/usr/lib/64/daq");
 +
-     sc->pkt_cnt = -1;
-     sc->pkt_snaplen = -1;
-     /*user_id and group_id should be initialized to -1 by default, because
+     sc->pkt_cnt = 0;
+ #ifdef REG_TEST
+     sc->pkt_skip = 0;
--- a/components/snort/patches/snort.conf.patch	Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/patches/snort.conf.patch	Mon Nov 10 19:14:43 2014 -0800
@@ -1,6 +1,30 @@
---- snort-2.9.2/etc/snort.conf.orig	2013-05-15 07:26:24.138736340 -0700
-+++ snort-2.9.2/etc/snort.conf	2013-05-15 07:36:06.628399989 -0700
[email protected]@ -143,7 +143,7 @@
+Solaris specific changes to the snort configuration file that will be
+installed under /etc/snort/.
+
+These changes will not be submitted upstream.
+
+--- etc/snort.conf.orig	2014-09-25 07:56:45.270217768 -0700
++++ etc/snort.conf	2014-10-06 06:02:57.202660631 -0700
[email protected]@ -101,13 +101,13 @@
+ # Path to your rules files (this can be a relative path)
+ # Note for Windows users:  You are advised to make this an absolute path,
+ # such as:  c:\snort\rules
+-var RULE_PATH ../rules
+-var SO_RULE_PATH ../so_rules
+-var PREPROC_RULE_PATH ../preproc_rules
++var RULE_PATH rules
++var SO_RULE_PATH so_rules
++var PREPROC_RULE_PATH preproc_rules
+ 
+ # If you are using reputation preprocessor set these
+-var WHITE_LIST_PATH ../rules
+-var BLACK_LIST_PATH ../rules
++var WHITE_LIST_PATH rules
++var BLACK_LIST_PATH rules
+ 
+ ###################################################
+ # Step #2: Configure the decoder.  For more information, see README.decode
[email protected]@ -153,7 +153,7 @@
  # Configure DAQ related options for inline operation. For more information, see README.daq
  #
  # config daq: <type>
@@ -9,7 +33,7 @@
  # config daq_mode: <mode>
  # config daq_var: <var>
  #
[email protected]@ -217,13 +217,13 @@
[email protected]@ -240,13 +240,13 @@
  ###################################################
  
  # path to dynamic preprocessor libraries
@@ -26,120 +50,127 @@
  
  ###################################################
  # Step #5: Configure preprocessors
[email protected]@ -264,34 +264,34 @@
- # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000
[email protected]@ -499,12 +499,12 @@
+    check_crc
  
- # HTTP normalization and anomaly detection.  For more information, see README.http_inspect
--preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
--preprocessor http_inspect_server: server default \
--    chunk_length 500000 \
--    server_flow_depth 0 \
--    client_flow_depth 0 \
--    post_depth 65495 \
--    oversize_dir_length 500 \
--    max_header_length 750 \
--    max_headers 100 \
--    ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \
--    non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
--    enable_cookie \
--    extended_response_inspection \
--    inspect_gzip \
--    normalize_utf \
--    unlimited_decompress \
--    apache_whitespace no \
--    ascii no \
--    bare_byte no \
--    directory no \
--    double_decode no \
--    iis_backslash no \
--    iis_delimiter no \
--    iis_unicode no \
--    multi_slash no \
--   utf_8 no \
--    u_encode yes \
--    webroot no
-+#preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
-+#preprocessor http_inspect_server: server default \
-+#    chunk_length 500000 \
-+#    server_flow_depth 0 \
-+#    client_flow_depth 0 \
-+#    post_depth 65495 \
-+#    oversize_dir_length 500 \
-+#    max_header_length 750 \
-+#    max_headers 100 \
-+#    ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \
-+#    non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
-+#    enable_cookie \
-+#    extended_response_inspection \
-+#    inspect_gzip \
-+#    normalize_utf \
-+#    unlimited_decompress \
-+#    apache_whitespace no \
-+#    ascii no \
-+#    bare_byte no \
-+#    directory no \
-+#    double_decode no \
-+#    iis_backslash no \
-+#    iis_delimiter no \
-+#    iis_unicode no \
-+#    multi_slash no \
-+#   utf_8 no \
-+#    u_encode yes \
-+#    webroot no
- 
- # ONC-RPC normalization and anomaly detection.  For more information, see the Snort Manual, Configuring Snort - Preprocessors - RPC Decode
- preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete
[email protected]@ -487,8 +487,8 @@
- # output alert_prelude
- 
- # metadata reference data.  do not modify these lines
--include classification.config
--include reference.config
-+# include classification.config
-+# include reference.config
- 
+ # Reputation preprocessor. For more information see README.reputation
+-preprocessor reputation: \
+-   memcap 500, \
+-   priority whitelist, \
+-   nested_ip inner, \
+-   whitelist $WHITE_LIST_PATH/white_list.rules, \
+-   blacklist $BLACK_LIST_PATH/black_list.rules 
++#preprocessor reputation: \
++#   memcap 500, \
++#   priority whitelist, \
++#   nested_ip inner, \
++#   whitelist $WHITE_LIST_PATH/white_list.rules, \
++#   blacklist $BLACK_LIST_PATH/black_list.rules 
  
  ###################################################
[email protected]@ -499,61 +499,61 @@
+ # Step #6: Configure output plugins
[email protected]@ -538,123 +538,123 @@
  ###################################################
  
  # site specific rules
 -include $RULE_PATH/local.rules
 +# include $RULE_PATH/local.rules
  
+-include $RULE_PATH/app-detect.rules
 -include $RULE_PATH/attack-responses.rules
 -include $RULE_PATH/backdoor.rules
 -include $RULE_PATH/bad-traffic.rules
 -include $RULE_PATH/blacklist.rules
 -include $RULE_PATH/botnet-cnc.rules
+-include $RULE_PATH/browser-chrome.rules
+-include $RULE_PATH/browser-firefox.rules
+-include $RULE_PATH/browser-ie.rules
+-include $RULE_PATH/browser-other.rules
+-include $RULE_PATH/browser-plugins.rules
+-include $RULE_PATH/browser-webkit.rules
 -include $RULE_PATH/chat.rules
 -include $RULE_PATH/content-replace.rules
 -include $RULE_PATH/ddos.rules
 -include $RULE_PATH/dns.rules
 -include $RULE_PATH/dos.rules
+-include $RULE_PATH/experimental.rules
+-include $RULE_PATH/exploit-kit.rules
 -include $RULE_PATH/exploit.rules
+-include $RULE_PATH/file-executable.rules
+-include $RULE_PATH/file-flash.rules
+-include $RULE_PATH/file-identify.rules
+-include $RULE_PATH/file-image.rules
+-include $RULE_PATH/file-java.rules
+-include $RULE_PATH/file-multimedia.rules
+-include $RULE_PATH/file-office.rules
+-include $RULE_PATH/file-other.rules
+-include $RULE_PATH/file-pdf.rules
 -include $RULE_PATH/finger.rules
 -include $RULE_PATH/ftp.rules
+-include $RULE_PATH/icmp-info.rules
 -include $RULE_PATH/icmp.rules
--include $RULE_PATH/icmp-info.rules
 -include $RULE_PATH/imap.rules
+-include $RULE_PATH/indicator-compromise.rules
+-include $RULE_PATH/indicator-obfuscation.rules
+-include $RULE_PATH/indicator-scan.rules
+-include $RULE_PATH/indicator-shellcode.rules
 -include $RULE_PATH/info.rules
+-include $RULE_PATH/malware-backdoor.rules
+-include $RULE_PATH/malware-cnc.rules
+-include $RULE_PATH/malware-other.rules
+-include $RULE_PATH/malware-tools.rules
 -include $RULE_PATH/misc.rules
 -include $RULE_PATH/multimedia.rules
 -include $RULE_PATH/mysql.rules
 -include $RULE_PATH/netbios.rules
 -include $RULE_PATH/nntp.rules
 -include $RULE_PATH/oracle.rules
+-include $RULE_PATH/os-linux.rules
+-include $RULE_PATH/os-mobile.rules
+-include $RULE_PATH/os-other.rules
+-include $RULE_PATH/os-solaris.rules
+-include $RULE_PATH/os-windows.rules
 -include $RULE_PATH/other-ids.rules
 -include $RULE_PATH/p2p.rules
 -include $RULE_PATH/phishing-spam.rules
+-include $RULE_PATH/policy-multimedia.rules
+-include $RULE_PATH/policy-other.rules
 -include $RULE_PATH/policy.rules
+-include $RULE_PATH/policy-social.rules
+-include $RULE_PATH/policy-spam.rules
 -include $RULE_PATH/pop2.rules
 -include $RULE_PATH/pop3.rules
+-include $RULE_PATH/protocol-dns.rules
+-include $RULE_PATH/protocol-finger.rules
+-include $RULE_PATH/protocol-ftp.rules
+-include $RULE_PATH/protocol-icmp.rules
+-include $RULE_PATH/protocol-imap.rules
+-include $RULE_PATH/protocol-nntp.rules
+-include $RULE_PATH/protocol-pop.rules
+-include $RULE_PATH/protocol-rpc.rules
+-include $RULE_PATH/protocol-scada.rules
+-include $RULE_PATH/protocol-services.rules
+-include $RULE_PATH/protocol-snmp.rules
+-include $RULE_PATH/protocol-telnet.rules
+-include $RULE_PATH/protocol-tftp.rules
+-include $RULE_PATH/protocol-voip.rules
+-include $RULE_PATH/pua-adware.rules
+-include $RULE_PATH/pua-other.rules
+-include $RULE_PATH/pua-p2p.rules
+-include $RULE_PATH/pua-toolbars.rules
 -include $RULE_PATH/rpc.rules
 -include $RULE_PATH/rservices.rules
 -include $RULE_PATH/scada.rules
 -include $RULE_PATH/scan.rules
+-include $RULE_PATH/server-apache.rules
+-include $RULE_PATH/server-iis.rules
+-include $RULE_PATH/server-mail.rules
+-include $RULE_PATH/server-mssql.rules
+-include $RULE_PATH/server-mysql.rules
+-include $RULE_PATH/server-oracle.rules
+-include $RULE_PATH/server-other.rules
+-include $RULE_PATH/server-samba.rules
+-include $RULE_PATH/server-webapp.rules
 -include $RULE_PATH/shellcode.rules
 -include $RULE_PATH/smtp.rules
 -include $RULE_PATH/snmp.rules
@@ -160,39 +191,101 @@
 -include $RULE_PATH/web-misc.rules
 -include $RULE_PATH/web-php.rules
 -include $RULE_PATH/x11.rules
++# include $RULE_PATH/app-detect.rules
 +# include $RULE_PATH/attack-responses.rules
 +# include $RULE_PATH/backdoor.rules
 +# include $RULE_PATH/bad-traffic.rules
 +# include $RULE_PATH/blacklist.rules
 +# include $RULE_PATH/botnet-cnc.rules
++# include $RULE_PATH/browser-chrome.rules
++# include $RULE_PATH/browser-firefox.rules
++# include $RULE_PATH/browser-ie.rules
++# include $RULE_PATH/browser-other.rules
++# include $RULE_PATH/browser-plugins.rules
++# include $RULE_PATH/browser-webkit.rules
 +# include $RULE_PATH/chat.rules
 +# include $RULE_PATH/content-replace.rules
 +# include $RULE_PATH/ddos.rules
 +# include $RULE_PATH/dns.rules
 +# include $RULE_PATH/dos.rules
++# include $RULE_PATH/experimental.rules
++# include $RULE_PATH/exploit-kit.rules
 +# include $RULE_PATH/exploit.rules
++# include $RULE_PATH/file-executable.rules
++# include $RULE_PATH/file-flash.rules
++# include $RULE_PATH/file-identify.rules
++# include $RULE_PATH/file-image.rules
++# include $RULE_PATH/file-java.rules
++# include $RULE_PATH/file-multimedia.rules
++# include $RULE_PATH/file-office.rules
++# include $RULE_PATH/file-other.rules
++# include $RULE_PATH/file-pdf.rules
 +# include $RULE_PATH/finger.rules
 +# include $RULE_PATH/ftp.rules
++# include $RULE_PATH/icmp-info.rules
 +# include $RULE_PATH/icmp.rules
-+# include $RULE_PATH/icmp-info.rules
 +# include $RULE_PATH/imap.rules
++# include $RULE_PATH/indicator-compromise.rules
++# include $RULE_PATH/indicator-obfuscation.rules
++# include $RULE_PATH/indicator-scan.rules
++# include $RULE_PATH/indicator-shellcode.rules
 +# include $RULE_PATH/info.rules
++# include $RULE_PATH/malware-backdoor.rules
++# include $RULE_PATH/malware-cnc.rules
++# include $RULE_PATH/malware-other.rules
++# include $RULE_PATH/malware-tools.rules
 +# include $RULE_PATH/misc.rules
 +# include $RULE_PATH/multimedia.rules
 +# include $RULE_PATH/mysql.rules
 +# include $RULE_PATH/netbios.rules
 +# include $RULE_PATH/nntp.rules
 +# include $RULE_PATH/oracle.rules
++# include $RULE_PATH/os-linux.rules
++# include $RULE_PATH/os-mobile.rules
++# include $RULE_PATH/os-other.rules
++# include $RULE_PATH/os-solaris.rules
++# include $RULE_PATH/os-windows.rules
 +# include $RULE_PATH/other-ids.rules
 +# include $RULE_PATH/p2p.rules
 +# include $RULE_PATH/phishing-spam.rules
++# include $RULE_PATH/policy-multimedia.rules
++# include $RULE_PATH/policy-other.rules
 +# include $RULE_PATH/policy.rules
++# include $RULE_PATH/policy-social.rules
++# include $RULE_PATH/policy-spam.rules
 +# include $RULE_PATH/pop2.rules
 +# include $RULE_PATH/pop3.rules
++# include $RULE_PATH/protocol-dns.rules
++# include $RULE_PATH/protocol-finger.rules
++# include $RULE_PATH/protocol-ftp.rules
++# include $RULE_PATH/protocol-icmp.rules
++# include $RULE_PATH/protocol-imap.rules
++# include $RULE_PATH/protocol-nntp.rules
++# include $RULE_PATH/protocol-pop.rules
++# include $RULE_PATH/protocol-rpc.rules
++# include $RULE_PATH/protocol-scada.rules
++# include $RULE_PATH/protocol-services.rules
++# include $RULE_PATH/protocol-snmp.rules
++# include $RULE_PATH/protocol-telnet.rules
++# include $RULE_PATH/protocol-tftp.rules
++# include $RULE_PATH/protocol-voip.rules
++# include $RULE_PATH/pua-adware.rules
++# include $RULE_PATH/pua-other.rules
++# include $RULE_PATH/pua-p2p.rules
++# include $RULE_PATH/pua-toolbars.rules
 +# include $RULE_PATH/rpc.rules
 +# include $RULE_PATH/rservices.rules
 +# include $RULE_PATH/scada.rules
 +# include $RULE_PATH/scan.rules
++# include $RULE_PATH/server-apache.rules
++# include $RULE_PATH/server-iis.rules
++# include $RULE_PATH/server-mail.rules
++# include $RULE_PATH/server-mssql.rules
++# include $RULE_PATH/server-mysql.rules
++# include $RULE_PATH/server-oracle.rules
++# include $RULE_PATH/server-other.rules
++# include $RULE_PATH/server-samba.rules
++# include $RULE_PATH/server-webapp.rules
 +# include $RULE_PATH/shellcode.rules
 +# include $RULE_PATH/smtp.rules
 +# include $RULE_PATH/snmp.rules
--- a/components/snort/patches/solaris-build.patch	Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/patches/solaris-build.patch	Mon Nov 10 19:14:43 2014 -0800
@@ -6,12 +6,12 @@
 3/ Removed the need to define lines like "CFLAGS += -Du_int8_t=uint8_t"
    in the snort component Makefile.
 
-It has been sent upstream for consideration by the snort maintainers for 
+It has been sent upstream for consideration by the snort maintainers for
 a future release.
 
---- snort-2.9.2/configure.in.orig	2013-06-04 14:05:22.814684109 -0700
-+++ snort-2.9.2/configure.in	2013-06-04 14:41:42.703306013 -0700
[email protected]@ -686,27 +686,8 @@
+--- configure.in.orig	2014-09-25 08:05:35.171512464 -0700
++++ configure.in	2014-09-25 08:06:12.896272259 -0700
[email protected]@ -746,27 +746,8 @@
      AC_MSG_RESULT(no)
  fi
  
@@ -41,9 +41,9 @@
  
  # modified from gnulib/m4/visibility.m4
  AC_DEFUN([CC_VISIBILITY],
---- snort-2.9.2/src/cpuclock.h.orig	2013-06-04 12:30:59.362777817 -0700
-+++ snort-2.9.2/src/cpuclock.h	2013-06-04 14:19:42.869930833 -0700
[email protected]@ -83,26 +83,15 @@
+--- src/cpuclock.h.orig	2014-09-25 08:07:00.139948870 -0700
++++ src/cpuclock.h	2014-09-25 08:08:38.401237764 -0700
[email protected]@ -84,26 +84,15 @@
      val = ((uint64_t)tbl) | (((uint64_t)tbu0) << 32);  \
  }
  #else
@@ -74,9 +74,9 @@
  #endif /* POWERPC || PPC */
  #endif /* IA64 && HPUX */
  #endif /* IA64 && GNUC */
---- snort-2.9.2/src/sfutil/sf_ip.h.orig	2013-06-04 12:33:38.923475148 -0700
-+++ snort-2.9.2/src/sfutil/sf_ip.h	2013-06-04 12:33:52.951704625 -0700
[email protected]@ -38,6 +38,7 @@
+--- src/sfutil/sf_ip.h.orig	2014-09-25 08:09:20.181312683 -0700
++++ src/sfutil/sf_ip.h	2014-09-25 08:09:41.442009279 -0700
[email protected]@ -39,6 +39,7 @@
  #endif
  
  #include "snort_debug.h" /* for inline definition */
--- a/components/snort/resolve.deps	Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/resolve.deps	Mon Nov 10 19:14:43 2014 -0800
@@ -1,4 +1,6 @@
 library/pcre
+library/security/openssl
+library/security/openssl/openssl-fips-140
 library/zlib
 shell/ksh93
 system/core-os
--- a/components/snort/snort.p5m	Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/snort.p5m	Mon Nov 10 19:14:43 2014 -0800
@@ -32,29 +32,55 @@
     value=org.opensolaris.category.2008:Applications/Internet
 set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
 set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
-set name=org.opensolaris.arc-caseid value=PSARC/2009/256 value=PSARC/2013/113
+set name=org.opensolaris.arc-caseid value=PSARC/2009/256 \
+    value=PSARC/2013/113 value=PSARC/2014/347
 set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
-file path=etc/attribute_table.dtd
-file path=etc/classification.config mode=0644 \
-    original_name=SUNWsnort:etc/classification.config overlay=allow \
-    preserve=renamenew
-file path=etc/gen-msg.map
-file path=etc/reference.config mode=0644 \
-    original_name=SUNWsnort:etc/reference.config overlay=allow \
-    preserve=renamenew
+file etc/attribute_table.dtd path=etc/snort/attribute_table.dtd
+file etc/classification.config path=etc/snort/classification.config mode=0644 \
+    original_name=SUNWsnort:etc/classification.config \
+    overlay=allow preserve=renamenew
+file etc/gen-msg.map path=etc/snort/gen-msg.map
+file etc/reference.config path=etc/snort/reference.config mode=0644 \
+    original_name=SUNWsnort:etc/reference.config \
+    overlay=allow preserve=renamenew
 file Solaris/auth_attr path=etc/security/auth_attr.d/snort
 file Solaris/exec_attr path=etc/security/exec_attr.d/snort
-file path=etc/snort.conf mode=0644 original_name=SUNWsnort:etc/snort.conf \
+file etc/snort.conf path=etc/snort/snort.conf mode=0644 \
+    original_name=SUNWsnort:etc/snort.conf \
+    overlay=allow preserve=renamenew
+file etc/threshold.conf path=etc/snort/threshold.conf mode=0644 \
+    original_name=SUNWsnort:etc/threshold.conf \
     overlay=allow preserve=renamenew
-file path=etc/threshold.conf mode=0644 \
-    original_name=SUNWsnort:etc/threshold.conf overlay=allow preserve=renamenew
-file path=etc/unicode.map
+# Directories for snort rules.
+dir  path=etc/snort/rules
+dir  path=etc/snort/so_rules
+dir  path=etc/snort/preproc_rules
+#
+file etc/file_magic.conf path=etc/snort/file_magic.conf
+file etc/unicode.map path=etc/snort/unicode.map
 file Solaris/snort.xml path=lib/svc/manifest/network/snort.xml
 file Solaris/snortd path=lib/svc/method/snortd
-file usr/bin/$(MACH64)/snort path=usr/bin/snort
-file path=usr/include/snort/dynamic_preproc/attribute_table_api.h
+file path=usr/bin/snort
+file path=usr/include/snort/dynamic_output/bitop.h
+file path=usr/include/snort/dynamic_output/ipv6_port.h
+file path=usr/include/snort/dynamic_output/obfuscation.h
+file path=usr/include/snort/dynamic_output/output_api.h
+file path=usr/include/snort/dynamic_output/output_common.h
+file path=usr/include/snort/dynamic_output/output_lib.h
+file path=usr/include/snort/dynamic_output/preprocids.h
+file path=usr/include/snort/dynamic_output/sf_dynamic_common.h
+file path=usr/include/snort/dynamic_output/sf_ip.h
+file path=usr/include/snort/dynamic_output/sf_protocols.h
+file path=usr/include/snort/dynamic_output/sf_snort_packet.h
+file path=usr/include/snort/dynamic_output/sfPolicy.h
+file path=usr/include/snort/dynamic_output/sfrt_dir.h
+file path=usr/include/snort/dynamic_output/sfrt_trie.h
+file path=usr/include/snort/dynamic_output/sfrt.h
+file path=usr/include/snort/dynamic_output/snort_debug.h
+file path=usr/include/snort/dynamic_output/stream_api.h
 file path=usr/include/snort/dynamic_preproc/bitop.h
 file path=usr/include/snort/dynamic_preproc/cpuclock.h
+file path=usr/include/snort/dynamic_preproc/file_api.h
 file path=usr/include/snort/dynamic_preproc/idle_processing.h
 file path=usr/include/snort/dynamic_preproc/ipv6_port.h
 file path=usr/include/snort/dynamic_preproc/mempool.h
@@ -75,6 +101,7 @@
 file path=usr/include/snort/dynamic_preproc/sf_preproc_info.h
 file path=usr/include/snort/dynamic_preproc/sf_protocols.h
 file path=usr/include/snort/dynamic_preproc/sf_sdlist_types.h
+file path=usr/include/snort/dynamic_preproc/sf_seqnums.h
 file path=usr/include/snort/dynamic_preproc/sf_snort_packet.h
 file path=usr/include/snort/dynamic_preproc/sf_snort_plugin_api.h
 file path=usr/include/snort/dynamic_preproc/sfcommon.h
@@ -89,8 +116,9 @@
 file path=usr/include/snort/dynamic_preproc/ssl.h
 file path=usr/include/snort/dynamic_preproc/str_search.h
 file path=usr/include/snort/dynamic_preproc/stream_api.h
-file Solaris/snort.pc path=usr/lib/$(MACH64)/pkgconfig/snort.pc
-file Solaris/snort_preproc.pc path=usr/lib/$(MACH64)/pkgconfig/snort_preproc.pc
+file path=usr/lib/$(MACH64)/pkgconfig/snort_output.pc
+file path=usr/lib/$(MACH64)/pkgconfig/snort_preproc.pc
+file path=usr/lib/$(MACH64)/pkgconfig/snort.pc
 #
 link path=usr/lib/$(MACH64)/snort_dynamicengine/libsf_engine.so \
     target=libsf_engine.so.0.0.0
@@ -197,7 +225,6 @@
 file path=usr/share/doc/snort/NEWS
 file path=usr/share/doc/snort/PROBLEMS
 file path=usr/share/doc/snort/README
-file path=usr/share/doc/snort/README.ARUBA
 file path=usr/share/doc/snort/README.GTP
 file path=usr/share/doc/snort/README.PLUGINS
 file path=usr/share/doc/snort/README.PerfProfiling
@@ -210,18 +237,20 @@
 file path=usr/share/doc/snort/README.counts
 file path=usr/share/doc/snort/README.csv
 file path=usr/share/doc/snort/README.daq
-file path=usr/share/doc/snort/README.database
 file path=usr/share/doc/snort/README.dcerpc2
 file path=usr/share/doc/snort/README.decode
 file path=usr/share/doc/snort/README.decoder_preproc_rules
 file path=usr/share/doc/snort/README.dnp3
 file path=usr/share/doc/snort/README.dns
 file path=usr/share/doc/snort/README.event_queue
+file path=usr/share/doc/snort/README.file
+file path=usr/share/doc/snort/README.file_ips
 file path=usr/share/doc/snort/README.filters
 file path=usr/share/doc/snort/README.flowbits
 file path=usr/share/doc/snort/README.frag3
 file path=usr/share/doc/snort/README.ftptelnet
 file path=usr/share/doc/snort/README.gre
+file path=usr/share/doc/snort/README.ha
 file path=usr/share/doc/snort/README.http_inspect
 file path=usr/share/doc/snort/README.imap
 file path=usr/share/doc/snort/README.ipip
@@ -244,6 +273,7 @@
 file path=usr/share/doc/snort/README.tag
 file path=usr/share/doc/snort/README.thresholding
 file path=usr/share/doc/snort/README.u2boat
+file path=usr/share/doc/snort/README.unified2
 file path=usr/share/doc/snort/README.variables
 file path=usr/share/doc/snort/TODO
 file path=usr/share/doc/snort/USAGE