PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
PSARC 2014/347 snort 2.9.6.2
16915792 The default state of the snort.conf file should be reexamined.
16915848 snort should put files under /etc/snort not directly under /etc
19557337 ipfw DAQ module shouldn't be enabled on Solaris
19696371 Update daq to version 2.0.2
19696436 Update snort to version 2.9.6.2
--- a/components/daq/Makefile Mon Nov 10 15:24:46 2014 -0800
+++ b/components/daq/Makefile Mon Nov 10 19:14:43 2014 -0800
@@ -23,16 +23,16 @@
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= daq
-COMPONENT_VERSION= 0.6.2
+COMPONENT_VERSION= 2.0.2
COMPONENT_PROJECT_URL= http://www.snort.org/
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:0159865b5dc127ed2faf8d6732d781939f27e38b7c7deabcd369a22ea9e42f26
-COMPONENT_ARCHIVE_URL= $(COMPONENT_PROJECT_URL)downloads/1525
+ sha256:d65d1e67c4994e02c3142c49a648642e780b7e3d942b4a51f605309beac269a8
+COMPONENT_ARCHIVE_URL= http://sourceforge.net/projects/snort/files/snort/$(COMPONENT_ARCHIVE)/download
COMPONENT_BUGDB= library/daq
-TPNO= 11060
+TPNO= 19384
include ../../make-rules/prep.mk
include ../../make-rules/configure.mk
@@ -46,6 +46,7 @@
# Set -m32 or -m64 correctly for 32 and 64 bit versions.
CC += $(CC_BITS)
+CONFIGURE_OPTIONS += --disable-ipfw-module
CONFIGURE_OPTIONS += --enable-static=no
CONFIGURE_OPTIONS += CFLAGS="$(CFLAGS)"
--- a/components/daq/daq.p5m Mon Nov 10 15:24:46 2014 -0800
+++ b/components/daq/daq.p5m Mon Nov 10 19:14:43 2014 -0800
@@ -30,29 +30,28 @@
value=org.opensolaris.category.2008:System/Libraries
set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
-set name=org.opensolaris.arc-caseid value=PSARC/2012/203
+set name=org.opensolaris.arc-caseid value=PSARC/2012/203 value=PSARC/2014/346
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
file path=usr/bin/daq-modules-config
+file path=usr/bin/$(MACH64)/daq-modules-config
file path=usr/include/daq.h
file path=usr/include/daq_api.h
file path=usr/include/daq_common.h
file path=usr/include/sfbpf.h
file path=usr/include/sfbpf_dlt.h
file path=usr/lib/$(MACH64)/daq/daq_dump.so
-file path=usr/lib/$(MACH64)/daq/daq_ipfw.so
file path=usr/lib/$(MACH64)/daq/daq_pcap.so
-link path=usr/lib/$(MACH64)/libdaq.so target=libdaq.so.0.0.1
-link path=usr/lib/$(MACH64)/libdaq.so.0 target=libdaq.so.0.0.1
-file path=usr/lib/$(MACH64)/libdaq.so.0.0.1
+link path=usr/lib/$(MACH64)/libdaq.so target=libdaq.so.$(COMPONENT_VERSION)
+link path=usr/lib/$(MACH64)/libdaq.so.2 target=libdaq.so.$(COMPONENT_VERSION)
+file path=usr/lib/$(MACH64)/libdaq.so.$(COMPONENT_VERSION)
link path=usr/lib/$(MACH64)/libsfbpf.so target=libsfbpf.so.0.0.1
link path=usr/lib/$(MACH64)/libsfbpf.so.0 target=libsfbpf.so.0.0.1
file path=usr/lib/$(MACH64)/libsfbpf.so.0.0.1
file path=usr/lib/daq/daq_dump.so
-file path=usr/lib/daq/daq_ipfw.so
file path=usr/lib/daq/daq_pcap.so
-link path=usr/lib/libdaq.so target=libdaq.so.0.0.1
-link path=usr/lib/libdaq.so.0 target=libdaq.so.0.0.1
-file path=usr/lib/libdaq.so.0.0.1
+link path=usr/lib/libdaq.so target=libdaq.so.$(COMPONENT_VERSION)
+link path=usr/lib/libdaq.so.2 target=libdaq.so.$(COMPONENT_VERSION)
+file path=usr/lib/libdaq.so.$(COMPONENT_VERSION)
link path=usr/lib/libsfbpf.so target=libsfbpf.so.0.0.1
link path=usr/lib/libsfbpf.so.0 target=libsfbpf.so.0.0.1
file path=usr/lib/libsfbpf.so.0.0.1
--- a/components/snort/Makefile Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/Makefile Mon Nov 10 19:14:43 2014 -0800
@@ -26,21 +26,23 @@
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= snort
-COMPONENT_VERSION= 2.9.2
+COMPONENT_VERSION= 2.9.6.2
COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:04d375b627dd256d6257f2cbe5a770e4552e3f35d5e2100b97f75426b600d8cb
+ sha256:8e1d7fc5e1523a786d845ca0102cc474abfcebfcc7e964a1653680034b5b5d77
COMPONENT_PROJECT_URL= http://www.snort.org/
-COMPONENT_ARCHIVE_URL= $(COMPONENT_PROJECT_URL)dl/snort-current/$(COMPONENT_ARCHIVE)
+COMPONENT_ARCHIVE_URL= http://sourceforge.net/projects/snort.mirror/files/Snort%202.9.6.2/$(COMPONENT_ARCHIVE)/download
COMPONENT_BUGDB= utility/snort
-TPNO= 9027
+TPNO= 19385
include ../../make-rules/prep.mk
include ../../make-rules/configure.mk
include ../../make-rules/ips.mk
+PATCH_LEVEL = 0
+
# without this we bus error on sparc. sadly I don't see any patches
# that might relate from the upstream (though maybe that's really
# "happily", as this is simpler)
@@ -49,6 +51,11 @@
# Need to recreate the configure script for gethrtime checks.
COMPONENT_PREP_ACTION += (cd $(@D); autoconf);
+# This option has the side-effect of getting the bindir lines correct in
+# snort_output.pc, snort_preproc.pc and snort.pc under
+# /usr/lib/$(MACH64)/pkgconfig/
+CONFIGURE_OPTIONS += --bindir=/usr/bin
+
CONFIGURE_OPTIONS += --with-libpcre-libraries="/usr/lib/$(MACH64)"
CONFIGURE_OPTIONS += --with-dnet-libraries="/usr/lib/$(MACH64)"
CONFIGURE_OPTIONS += --without-mysql
--- a/components/snort/Solaris/snort.pc Mon Nov 10 15:24:46 2014 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,11 +0,0 @@
-prefix=/usr
-exec_prefix=${prefix}
-libdir=/usr/lib/64
-includedir=${prefix}/include
-
-Name: Snort
-Description: Snort dynamic plugins/detection/rules
-URL: www.snort.org
-Version: 2.9.2
-Libs: -L${libdir} -lcurl -lz -ldnet -lpcre -lpcap -lsocket -lnsl -lrt -luuid -lm -ldl -ldaq -lpthread
-Cflags: -m64 -mt -I/usr/include/pcre -DDYNAMIC_PLUGIN -DZLIB -DGRE -DMPLS -DPREPROCESSOR_AND_DECODER_RULE_EVENTS -DPPM_MGR -DENABLE_PAF -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3 -DBSD_COMP -D_REENTRANT -DSF_WCHAR -DSUP_IP6 -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD -DNORMALIZER -DACTIVE_RESPONSE
--- a/components/snort/Solaris/snort_preproc.pc Mon Nov 10 15:24:46 2014 -0800
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-prefix=/usr
-exec_prefix=${prefix}
-libdir=/usr/lib/64
-package=snort
-includedir=${prefix}/include
-
-Name: Snort
-Description: Snort dynamic preprocessors
-URL: www.snort.org
-Version: 2.9.2
-Libs: -L${libdir}/${package}/dynamic_preproc -lsf_dynamic_preproc
-Cflags: -I/usr/include/pcre -I${includedir}/${package}/dynamic_preproc -DBSD_COMP -D_REENTRANT -DSF_WCHAR -DSUP_IP6 -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD -DNORMALIZER -DACTIVE_RESPONSE
--- a/components/snort/patches/snort.8.patch Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/patches/snort.8.patch Mon Nov 10 19:14:43 2014 -0800
@@ -1,7 +1,10 @@
-Adjust snort man page to be in section 1M.
+Adjust snort man page to be in section 1M and fix the comments w.r.t.
+configuration file usage with the -T option.
---- snort-2.9.2/snort.8.orig 2013-03-18 12:26:58.589074327 -0700
-+++ snort-2.9.2/snort.8 2013-03-18 12:28:26.378646691 -0700
+The second part of this patch (the -T changes) has been submitted upstream.
+
+--- snort.8.orig 2014-09-25 07:44:55.175565999 -0700
++++ snort.8 2014-09-26 11:19:43.998692220 -0700
@@ -1,8 +1,8 @@
.\" Process this file with
-.\" groff -man -Tascii snort.8
@@ -13,7 +16,17 @@
.SH NAME
Snort \- open source network intrusion detection system
.SH SYNOPSIS
-@@ -913,15 +913,15 @@
+@@ -339,8 +339,7 @@
+ indicating that everything is ready to proceed. This is a good
+ switch to use if daemon mode is going to be used, it verifies that
+ the Snort configuration that is about to be used is valid and won't fail at
+-run time. Note, Snort looks for either /etc/snort.conf or ./snort.conf.
+-If your config lives elsewhere, use the -c option to specify a valid
++run time. Note that you will need to use the -c option to specify a valid
+ .I config-file.
+ .IP "-u user"
+ Change the user/UID Snort runs under to
+@@ -930,15 +929,15 @@
Causes the daemon to close all opened files and restart.
Please \fBnote\fR that this will only work if the \fBfull\fR pathname is
used to invoke snort in daemon mode, otherwise snort will just exit with an
--- a/components/snort/patches/snort.c.patch Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/patches/snort.c.patch Mon Nov 10 19:14:43 2014 -0800
@@ -6,7 +6,7 @@
On Linux systems, DAQ installs two static libraries:
/usr/lib/libdaq_static.a
- /usr/lib/libdaq_static_modules.a
+ /usr/lib/libdaq_static_modules.a
When snort is being configured, you see:
@@ -43,16 +43,15 @@
/usr/lib/64/daq
-
---- snort-2.9.2/src/snort.c.orig 2013-05-15 11:52:06.640833897 -0700
-+++ snort-2.9.2/src/snort.c 2013-05-15 11:58:03.040482526 -0700
-@@ -3677,6 +3677,9 @@
+--- src/snort.c.orig 2014-09-25 07:53:43.356728058 -0700
++++ src/snort.c 2014-09-25 07:55:05.650780347 -0700
+@@ -4039,6 +4039,9 @@
{
SnortConfig *sc = (SnortConfig *)SnortAlloc(sizeof(SnortConfig));
+ /* Define where to look for DAQ modules. */
+ ConfigDaqDir(sc, "/usr/lib/64/daq");
+
- sc->pkt_cnt = -1;
- sc->pkt_snaplen = -1;
- /*user_id and group_id should be initialized to -1 by default, because
+ sc->pkt_cnt = 0;
+ #ifdef REG_TEST
+ sc->pkt_skip = 0;
--- a/components/snort/patches/snort.conf.patch Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/patches/snort.conf.patch Mon Nov 10 19:14:43 2014 -0800
@@ -1,6 +1,30 @@
---- snort-2.9.2/etc/snort.conf.orig 2013-05-15 07:26:24.138736340 -0700
-+++ snort-2.9.2/etc/snort.conf 2013-05-15 07:36:06.628399989 -0700
-@@ -143,7 +143,7 @@
+Solaris specific changes to the snort configuration file that will be
+installed under /etc/snort/.
+
+These changes will not be submitted upstream.
+
+--- etc/snort.conf.orig 2014-09-25 07:56:45.270217768 -0700
++++ etc/snort.conf 2014-10-06 06:02:57.202660631 -0700
+@@ -101,13 +101,13 @@
+ # Path to your rules files (this can be a relative path)
+ # Note for Windows users: You are advised to make this an absolute path,
+ # such as: c:\snort\rules
+-var RULE_PATH ../rules
+-var SO_RULE_PATH ../so_rules
+-var PREPROC_RULE_PATH ../preproc_rules
++var RULE_PATH rules
++var SO_RULE_PATH so_rules
++var PREPROC_RULE_PATH preproc_rules
+
+ # If you are using reputation preprocessor set these
+-var WHITE_LIST_PATH ../rules
+-var BLACK_LIST_PATH ../rules
++var WHITE_LIST_PATH rules
++var BLACK_LIST_PATH rules
+
+ ###################################################
+ # Step #2: Configure the decoder. For more information, see README.decode
+@@ -153,7 +153,7 @@
# Configure DAQ related options for inline operation. For more information, see README.daq
#
# config daq: <type>
@@ -9,7 +33,7 @@
# config daq_mode: <mode>
# config daq_var: <var>
#
-@@ -217,13 +217,13 @@
+@@ -240,13 +240,13 @@
###################################################
# path to dynamic preprocessor libraries
@@ -26,120 +50,127 @@
###################################################
# Step #5: Configure preprocessors
-@@ -264,34 +264,34 @@
- # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000
+@@ -499,12 +499,12 @@
+ check_crc
- # HTTP normalization and anomaly detection. For more information, see README.http_inspect
--preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
--preprocessor http_inspect_server: server default \
-- chunk_length 500000 \
-- server_flow_depth 0 \
-- client_flow_depth 0 \
-- post_depth 65495 \
-- oversize_dir_length 500 \
-- max_header_length 750 \
-- max_headers 100 \
-- ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \
-- non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
-- enable_cookie \
-- extended_response_inspection \
-- inspect_gzip \
-- normalize_utf \
-- unlimited_decompress \
-- apache_whitespace no \
-- ascii no \
-- bare_byte no \
-- directory no \
-- double_decode no \
-- iis_backslash no \
-- iis_delimiter no \
-- iis_unicode no \
-- multi_slash no \
-- utf_8 no \
-- u_encode yes \
-- webroot no
-+#preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
-+#preprocessor http_inspect_server: server default \
-+# chunk_length 500000 \
-+# server_flow_depth 0 \
-+# client_flow_depth 0 \
-+# post_depth 65495 \
-+# oversize_dir_length 500 \
-+# max_header_length 750 \
-+# max_headers 100 \
-+# ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \
-+# non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
-+# enable_cookie \
-+# extended_response_inspection \
-+# inspect_gzip \
-+# normalize_utf \
-+# unlimited_decompress \
-+# apache_whitespace no \
-+# ascii no \
-+# bare_byte no \
-+# directory no \
-+# double_decode no \
-+# iis_backslash no \
-+# iis_delimiter no \
-+# iis_unicode no \
-+# multi_slash no \
-+# utf_8 no \
-+# u_encode yes \
-+# webroot no
-
- # ONC-RPC normalization and anomaly detection. For more information, see the Snort Manual, Configuring Snort - Preprocessors - RPC Decode
- preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete
-@@ -487,8 +487,8 @@
- # output alert_prelude
-
- # metadata reference data. do not modify these lines
--include classification.config
--include reference.config
-+# include classification.config
-+# include reference.config
-
+ # Reputation preprocessor. For more information see README.reputation
+-preprocessor reputation: \
+- memcap 500, \
+- priority whitelist, \
+- nested_ip inner, \
+- whitelist $WHITE_LIST_PATH/white_list.rules, \
+- blacklist $BLACK_LIST_PATH/black_list.rules
++#preprocessor reputation: \
++# memcap 500, \
++# priority whitelist, \
++# nested_ip inner, \
++# whitelist $WHITE_LIST_PATH/white_list.rules, \
++# blacklist $BLACK_LIST_PATH/black_list.rules
###################################################
-@@ -499,61 +499,61 @@
+ # Step #6: Configure output plugins
+@@ -538,123 +538,123 @@
###################################################
# site specific rules
-include $RULE_PATH/local.rules
+# include $RULE_PATH/local.rules
+-include $RULE_PATH/app-detect.rules
-include $RULE_PATH/attack-responses.rules
-include $RULE_PATH/backdoor.rules
-include $RULE_PATH/bad-traffic.rules
-include $RULE_PATH/blacklist.rules
-include $RULE_PATH/botnet-cnc.rules
+-include $RULE_PATH/browser-chrome.rules
+-include $RULE_PATH/browser-firefox.rules
+-include $RULE_PATH/browser-ie.rules
+-include $RULE_PATH/browser-other.rules
+-include $RULE_PATH/browser-plugins.rules
+-include $RULE_PATH/browser-webkit.rules
-include $RULE_PATH/chat.rules
-include $RULE_PATH/content-replace.rules
-include $RULE_PATH/ddos.rules
-include $RULE_PATH/dns.rules
-include $RULE_PATH/dos.rules
+-include $RULE_PATH/experimental.rules
+-include $RULE_PATH/exploit-kit.rules
-include $RULE_PATH/exploit.rules
+-include $RULE_PATH/file-executable.rules
+-include $RULE_PATH/file-flash.rules
+-include $RULE_PATH/file-identify.rules
+-include $RULE_PATH/file-image.rules
+-include $RULE_PATH/file-java.rules
+-include $RULE_PATH/file-multimedia.rules
+-include $RULE_PATH/file-office.rules
+-include $RULE_PATH/file-other.rules
+-include $RULE_PATH/file-pdf.rules
-include $RULE_PATH/finger.rules
-include $RULE_PATH/ftp.rules
+-include $RULE_PATH/icmp-info.rules
-include $RULE_PATH/icmp.rules
--include $RULE_PATH/icmp-info.rules
-include $RULE_PATH/imap.rules
+-include $RULE_PATH/indicator-compromise.rules
+-include $RULE_PATH/indicator-obfuscation.rules
+-include $RULE_PATH/indicator-scan.rules
+-include $RULE_PATH/indicator-shellcode.rules
-include $RULE_PATH/info.rules
+-include $RULE_PATH/malware-backdoor.rules
+-include $RULE_PATH/malware-cnc.rules
+-include $RULE_PATH/malware-other.rules
+-include $RULE_PATH/malware-tools.rules
-include $RULE_PATH/misc.rules
-include $RULE_PATH/multimedia.rules
-include $RULE_PATH/mysql.rules
-include $RULE_PATH/netbios.rules
-include $RULE_PATH/nntp.rules
-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/os-linux.rules
+-include $RULE_PATH/os-mobile.rules
+-include $RULE_PATH/os-other.rules
+-include $RULE_PATH/os-solaris.rules
+-include $RULE_PATH/os-windows.rules
-include $RULE_PATH/other-ids.rules
-include $RULE_PATH/p2p.rules
-include $RULE_PATH/phishing-spam.rules
+-include $RULE_PATH/policy-multimedia.rules
+-include $RULE_PATH/policy-other.rules
-include $RULE_PATH/policy.rules
+-include $RULE_PATH/policy-social.rules
+-include $RULE_PATH/policy-spam.rules
-include $RULE_PATH/pop2.rules
-include $RULE_PATH/pop3.rules
+-include $RULE_PATH/protocol-dns.rules
+-include $RULE_PATH/protocol-finger.rules
+-include $RULE_PATH/protocol-ftp.rules
+-include $RULE_PATH/protocol-icmp.rules
+-include $RULE_PATH/protocol-imap.rules
+-include $RULE_PATH/protocol-nntp.rules
+-include $RULE_PATH/protocol-pop.rules
+-include $RULE_PATH/protocol-rpc.rules
+-include $RULE_PATH/protocol-scada.rules
+-include $RULE_PATH/protocol-services.rules
+-include $RULE_PATH/protocol-snmp.rules
+-include $RULE_PATH/protocol-telnet.rules
+-include $RULE_PATH/protocol-tftp.rules
+-include $RULE_PATH/protocol-voip.rules
+-include $RULE_PATH/pua-adware.rules
+-include $RULE_PATH/pua-other.rules
+-include $RULE_PATH/pua-p2p.rules
+-include $RULE_PATH/pua-toolbars.rules
-include $RULE_PATH/rpc.rules
-include $RULE_PATH/rservices.rules
-include $RULE_PATH/scada.rules
-include $RULE_PATH/scan.rules
+-include $RULE_PATH/server-apache.rules
+-include $RULE_PATH/server-iis.rules
+-include $RULE_PATH/server-mail.rules
+-include $RULE_PATH/server-mssql.rules
+-include $RULE_PATH/server-mysql.rules
+-include $RULE_PATH/server-oracle.rules
+-include $RULE_PATH/server-other.rules
+-include $RULE_PATH/server-samba.rules
+-include $RULE_PATH/server-webapp.rules
-include $RULE_PATH/shellcode.rules
-include $RULE_PATH/smtp.rules
-include $RULE_PATH/snmp.rules
@@ -160,39 +191,101 @@
-include $RULE_PATH/web-misc.rules
-include $RULE_PATH/web-php.rules
-include $RULE_PATH/x11.rules
++# include $RULE_PATH/app-detect.rules
+# include $RULE_PATH/attack-responses.rules
+# include $RULE_PATH/backdoor.rules
+# include $RULE_PATH/bad-traffic.rules
+# include $RULE_PATH/blacklist.rules
+# include $RULE_PATH/botnet-cnc.rules
++# include $RULE_PATH/browser-chrome.rules
++# include $RULE_PATH/browser-firefox.rules
++# include $RULE_PATH/browser-ie.rules
++# include $RULE_PATH/browser-other.rules
++# include $RULE_PATH/browser-plugins.rules
++# include $RULE_PATH/browser-webkit.rules
+# include $RULE_PATH/chat.rules
+# include $RULE_PATH/content-replace.rules
+# include $RULE_PATH/ddos.rules
+# include $RULE_PATH/dns.rules
+# include $RULE_PATH/dos.rules
++# include $RULE_PATH/experimental.rules
++# include $RULE_PATH/exploit-kit.rules
+# include $RULE_PATH/exploit.rules
++# include $RULE_PATH/file-executable.rules
++# include $RULE_PATH/file-flash.rules
++# include $RULE_PATH/file-identify.rules
++# include $RULE_PATH/file-image.rules
++# include $RULE_PATH/file-java.rules
++# include $RULE_PATH/file-multimedia.rules
++# include $RULE_PATH/file-office.rules
++# include $RULE_PATH/file-other.rules
++# include $RULE_PATH/file-pdf.rules
+# include $RULE_PATH/finger.rules
+# include $RULE_PATH/ftp.rules
++# include $RULE_PATH/icmp-info.rules
+# include $RULE_PATH/icmp.rules
-+# include $RULE_PATH/icmp-info.rules
+# include $RULE_PATH/imap.rules
++# include $RULE_PATH/indicator-compromise.rules
++# include $RULE_PATH/indicator-obfuscation.rules
++# include $RULE_PATH/indicator-scan.rules
++# include $RULE_PATH/indicator-shellcode.rules
+# include $RULE_PATH/info.rules
++# include $RULE_PATH/malware-backdoor.rules
++# include $RULE_PATH/malware-cnc.rules
++# include $RULE_PATH/malware-other.rules
++# include $RULE_PATH/malware-tools.rules
+# include $RULE_PATH/misc.rules
+# include $RULE_PATH/multimedia.rules
+# include $RULE_PATH/mysql.rules
+# include $RULE_PATH/netbios.rules
+# include $RULE_PATH/nntp.rules
+# include $RULE_PATH/oracle.rules
++# include $RULE_PATH/os-linux.rules
++# include $RULE_PATH/os-mobile.rules
++# include $RULE_PATH/os-other.rules
++# include $RULE_PATH/os-solaris.rules
++# include $RULE_PATH/os-windows.rules
+# include $RULE_PATH/other-ids.rules
+# include $RULE_PATH/p2p.rules
+# include $RULE_PATH/phishing-spam.rules
++# include $RULE_PATH/policy-multimedia.rules
++# include $RULE_PATH/policy-other.rules
+# include $RULE_PATH/policy.rules
++# include $RULE_PATH/policy-social.rules
++# include $RULE_PATH/policy-spam.rules
+# include $RULE_PATH/pop2.rules
+# include $RULE_PATH/pop3.rules
++# include $RULE_PATH/protocol-dns.rules
++# include $RULE_PATH/protocol-finger.rules
++# include $RULE_PATH/protocol-ftp.rules
++# include $RULE_PATH/protocol-icmp.rules
++# include $RULE_PATH/protocol-imap.rules
++# include $RULE_PATH/protocol-nntp.rules
++# include $RULE_PATH/protocol-pop.rules
++# include $RULE_PATH/protocol-rpc.rules
++# include $RULE_PATH/protocol-scada.rules
++# include $RULE_PATH/protocol-services.rules
++# include $RULE_PATH/protocol-snmp.rules
++# include $RULE_PATH/protocol-telnet.rules
++# include $RULE_PATH/protocol-tftp.rules
++# include $RULE_PATH/protocol-voip.rules
++# include $RULE_PATH/pua-adware.rules
++# include $RULE_PATH/pua-other.rules
++# include $RULE_PATH/pua-p2p.rules
++# include $RULE_PATH/pua-toolbars.rules
+# include $RULE_PATH/rpc.rules
+# include $RULE_PATH/rservices.rules
+# include $RULE_PATH/scada.rules
+# include $RULE_PATH/scan.rules
++# include $RULE_PATH/server-apache.rules
++# include $RULE_PATH/server-iis.rules
++# include $RULE_PATH/server-mail.rules
++# include $RULE_PATH/server-mssql.rules
++# include $RULE_PATH/server-mysql.rules
++# include $RULE_PATH/server-oracle.rules
++# include $RULE_PATH/server-other.rules
++# include $RULE_PATH/server-samba.rules
++# include $RULE_PATH/server-webapp.rules
+# include $RULE_PATH/shellcode.rules
+# include $RULE_PATH/smtp.rules
+# include $RULE_PATH/snmp.rules
--- a/components/snort/patches/solaris-build.patch Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/patches/solaris-build.patch Mon Nov 10 19:14:43 2014 -0800
@@ -6,12 +6,12 @@
3/ Removed the need to define lines like "CFLAGS += -Du_int8_t=uint8_t"
in the snort component Makefile.
-It has been sent upstream for consideration by the snort maintainers for
+It has been sent upstream for consideration by the snort maintainers for
a future release.
---- snort-2.9.2/configure.in.orig 2013-06-04 14:05:22.814684109 -0700
-+++ snort-2.9.2/configure.in 2013-06-04 14:41:42.703306013 -0700
-@@ -686,27 +686,8 @@
+--- configure.in.orig 2014-09-25 08:05:35.171512464 -0700
++++ configure.in 2014-09-25 08:06:12.896272259 -0700
+@@ -746,27 +746,8 @@
AC_MSG_RESULT(no)
fi
@@ -41,9 +41,9 @@
# modified from gnulib/m4/visibility.m4
AC_DEFUN([CC_VISIBILITY],
---- snort-2.9.2/src/cpuclock.h.orig 2013-06-04 12:30:59.362777817 -0700
-+++ snort-2.9.2/src/cpuclock.h 2013-06-04 14:19:42.869930833 -0700
-@@ -83,26 +83,15 @@
+--- src/cpuclock.h.orig 2014-09-25 08:07:00.139948870 -0700
++++ src/cpuclock.h 2014-09-25 08:08:38.401237764 -0700
+@@ -84,26 +84,15 @@
val = ((uint64_t)tbl) | (((uint64_t)tbu0) << 32); \
}
#else
@@ -74,9 +74,9 @@
#endif /* POWERPC || PPC */
#endif /* IA64 && HPUX */
#endif /* IA64 && GNUC */
---- snort-2.9.2/src/sfutil/sf_ip.h.orig 2013-06-04 12:33:38.923475148 -0700
-+++ snort-2.9.2/src/sfutil/sf_ip.h 2013-06-04 12:33:52.951704625 -0700
-@@ -38,6 +38,7 @@
+--- src/sfutil/sf_ip.h.orig 2014-09-25 08:09:20.181312683 -0700
++++ src/sfutil/sf_ip.h 2014-09-25 08:09:41.442009279 -0700
+@@ -39,6 +39,7 @@
#endif
#include "snort_debug.h" /* for inline definition */
--- a/components/snort/resolve.deps Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/resolve.deps Mon Nov 10 19:14:43 2014 -0800
@@ -1,4 +1,6 @@
library/pcre
+library/security/openssl
+library/security/openssl/openssl-fips-140
library/zlib
shell/ksh93
system/core-os
--- a/components/snort/snort.p5m Mon Nov 10 15:24:46 2014 -0800
+++ b/components/snort/snort.p5m Mon Nov 10 19:14:43 2014 -0800
@@ -32,29 +32,55 @@
value=org.opensolaris.category.2008:Applications/Internet
set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
-set name=org.opensolaris.arc-caseid value=PSARC/2009/256 value=PSARC/2013/113
+set name=org.opensolaris.arc-caseid value=PSARC/2009/256 \
+ value=PSARC/2013/113 value=PSARC/2014/347
set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
-file path=etc/attribute_table.dtd
-file path=etc/classification.config mode=0644 \
- original_name=SUNWsnort:etc/classification.config overlay=allow \
- preserve=renamenew
-file path=etc/gen-msg.map
-file path=etc/reference.config mode=0644 \
- original_name=SUNWsnort:etc/reference.config overlay=allow \
- preserve=renamenew
+file etc/attribute_table.dtd path=etc/snort/attribute_table.dtd
+file etc/classification.config path=etc/snort/classification.config mode=0644 \
+ original_name=SUNWsnort:etc/classification.config \
+ overlay=allow preserve=renamenew
+file etc/gen-msg.map path=etc/snort/gen-msg.map
+file etc/reference.config path=etc/snort/reference.config mode=0644 \
+ original_name=SUNWsnort:etc/reference.config \
+ overlay=allow preserve=renamenew
file Solaris/auth_attr path=etc/security/auth_attr.d/snort
file Solaris/exec_attr path=etc/security/exec_attr.d/snort
-file path=etc/snort.conf mode=0644 original_name=SUNWsnort:etc/snort.conf \
+file etc/snort.conf path=etc/snort/snort.conf mode=0644 \
+ original_name=SUNWsnort:etc/snort.conf \
+ overlay=allow preserve=renamenew
+file etc/threshold.conf path=etc/snort/threshold.conf mode=0644 \
+ original_name=SUNWsnort:etc/threshold.conf \
overlay=allow preserve=renamenew
-file path=etc/threshold.conf mode=0644 \
- original_name=SUNWsnort:etc/threshold.conf overlay=allow preserve=renamenew
-file path=etc/unicode.map
+# Directories for snort rules.
+dir path=etc/snort/rules
+dir path=etc/snort/so_rules
+dir path=etc/snort/preproc_rules
+#
+file etc/file_magic.conf path=etc/snort/file_magic.conf
+file etc/unicode.map path=etc/snort/unicode.map
file Solaris/snort.xml path=lib/svc/manifest/network/snort.xml
file Solaris/snortd path=lib/svc/method/snortd
-file usr/bin/$(MACH64)/snort path=usr/bin/snort
-file path=usr/include/snort/dynamic_preproc/attribute_table_api.h
+file path=usr/bin/snort
+file path=usr/include/snort/dynamic_output/bitop.h
+file path=usr/include/snort/dynamic_output/ipv6_port.h
+file path=usr/include/snort/dynamic_output/obfuscation.h
+file path=usr/include/snort/dynamic_output/output_api.h
+file path=usr/include/snort/dynamic_output/output_common.h
+file path=usr/include/snort/dynamic_output/output_lib.h
+file path=usr/include/snort/dynamic_output/preprocids.h
+file path=usr/include/snort/dynamic_output/sf_dynamic_common.h
+file path=usr/include/snort/dynamic_output/sf_ip.h
+file path=usr/include/snort/dynamic_output/sf_protocols.h
+file path=usr/include/snort/dynamic_output/sf_snort_packet.h
+file path=usr/include/snort/dynamic_output/sfPolicy.h
+file path=usr/include/snort/dynamic_output/sfrt_dir.h
+file path=usr/include/snort/dynamic_output/sfrt_trie.h
+file path=usr/include/snort/dynamic_output/sfrt.h
+file path=usr/include/snort/dynamic_output/snort_debug.h
+file path=usr/include/snort/dynamic_output/stream_api.h
file path=usr/include/snort/dynamic_preproc/bitop.h
file path=usr/include/snort/dynamic_preproc/cpuclock.h
+file path=usr/include/snort/dynamic_preproc/file_api.h
file path=usr/include/snort/dynamic_preproc/idle_processing.h
file path=usr/include/snort/dynamic_preproc/ipv6_port.h
file path=usr/include/snort/dynamic_preproc/mempool.h
@@ -75,6 +101,7 @@
file path=usr/include/snort/dynamic_preproc/sf_preproc_info.h
file path=usr/include/snort/dynamic_preproc/sf_protocols.h
file path=usr/include/snort/dynamic_preproc/sf_sdlist_types.h
+file path=usr/include/snort/dynamic_preproc/sf_seqnums.h
file path=usr/include/snort/dynamic_preproc/sf_snort_packet.h
file path=usr/include/snort/dynamic_preproc/sf_snort_plugin_api.h
file path=usr/include/snort/dynamic_preproc/sfcommon.h
@@ -89,8 +116,9 @@
file path=usr/include/snort/dynamic_preproc/ssl.h
file path=usr/include/snort/dynamic_preproc/str_search.h
file path=usr/include/snort/dynamic_preproc/stream_api.h
-file Solaris/snort.pc path=usr/lib/$(MACH64)/pkgconfig/snort.pc
-file Solaris/snort_preproc.pc path=usr/lib/$(MACH64)/pkgconfig/snort_preproc.pc
+file path=usr/lib/$(MACH64)/pkgconfig/snort_output.pc
+file path=usr/lib/$(MACH64)/pkgconfig/snort_preproc.pc
+file path=usr/lib/$(MACH64)/pkgconfig/snort.pc
#
link path=usr/lib/$(MACH64)/snort_dynamicengine/libsf_engine.so \
target=libsf_engine.so.0.0.0
@@ -197,7 +225,6 @@
file path=usr/share/doc/snort/NEWS
file path=usr/share/doc/snort/PROBLEMS
file path=usr/share/doc/snort/README
-file path=usr/share/doc/snort/README.ARUBA
file path=usr/share/doc/snort/README.GTP
file path=usr/share/doc/snort/README.PLUGINS
file path=usr/share/doc/snort/README.PerfProfiling
@@ -210,18 +237,20 @@
file path=usr/share/doc/snort/README.counts
file path=usr/share/doc/snort/README.csv
file path=usr/share/doc/snort/README.daq
-file path=usr/share/doc/snort/README.database
file path=usr/share/doc/snort/README.dcerpc2
file path=usr/share/doc/snort/README.decode
file path=usr/share/doc/snort/README.decoder_preproc_rules
file path=usr/share/doc/snort/README.dnp3
file path=usr/share/doc/snort/README.dns
file path=usr/share/doc/snort/README.event_queue
+file path=usr/share/doc/snort/README.file
+file path=usr/share/doc/snort/README.file_ips
file path=usr/share/doc/snort/README.filters
file path=usr/share/doc/snort/README.flowbits
file path=usr/share/doc/snort/README.frag3
file path=usr/share/doc/snort/README.ftptelnet
file path=usr/share/doc/snort/README.gre
+file path=usr/share/doc/snort/README.ha
file path=usr/share/doc/snort/README.http_inspect
file path=usr/share/doc/snort/README.imap
file path=usr/share/doc/snort/README.ipip
@@ -244,6 +273,7 @@
file path=usr/share/doc/snort/README.tag
file path=usr/share/doc/snort/README.thresholding
file path=usr/share/doc/snort/README.u2boat
+file path=usr/share/doc/snort/README.unified2
file path=usr/share/doc/snort/README.variables
file path=usr/share/doc/snort/TODO
file path=usr/share/doc/snort/USAGE