--- a/components/snort/Makefile Mon Feb 06 22:51:03 2017 -0800
+++ b/components/snort/Makefile Tue Feb 07 09:08:08 2017 -0800
@@ -20,53 +20,41 @@
#
#
-# Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
#
BUILD_BITS= 64
+COMPILER= gcc
include ../../make-rules/shared-macros.mk
COMPONENT_NAME= snort
-COMPONENT_VERSION= 2.9.6.2
+COMPONENT_VERSION= 2.9.9.0
COMPONENT_ARCHIVE_HASH= \
- sha256:8e1d7fc5e1523a786d845ca0102cc474abfcebfcc7e964a1653680034b5b5d77
+ sha256:71b147125e96390a12f3d55796ed5073df77206bd3563d84d3e5a1f19e7d7a56
COMPONENT_PROJECT_URL= http://www.snort.org/
-COMPONENT_ARCHIVE_URL= http://sourceforge.net/projects/snort.mirror/files/Snort%202.9.6.2/$(COMPONENT_ARCHIVE)/download
+COMPONENT_ARCHIVE_URL= $(COMPONENT_PROJECT_URL)downloads/$(COMPONENT_NAME)/$(COMPONENT_ARCHIVE)
-TPNO= 19385
+TPNO= 33599
TEST_TARGET= $(NO_TESTS)
include $(WS_MAKE_RULES)/common.mk
-PATCH_LEVEL = 0
-
-# without this we bus error on sparc. sadly I don't see any patches
-# that might relate from the upstream (though maybe that's really
-# "happily", as this is simpler)
-studio_ALIGN.sparc.64= -xmemalign=1i
+# snort 2.9.8.3 (and later) requires automake/autoconf >= 1.14, but Userland
+# default is older than what is needed. So hard-coding to the next available,
+# 1.15: "--add-missing" needed to use default "compile" script.
+AUTOMAKE=/usr/bin/automake-1.15 --add-missing
+ACLOCAL=/usr/bin/aclocal-1.15
# Need to recreate the configure script for gethrtime checks.
-COMPONENT_PREP_ACTION += (cd $(@D); autoconf);
+COMPONENT_PREP_ACTION += (cd $(@D); autoreconf -fiv);
CONFIGURE_OPTIONS += --with-libpcre-libraries="$(USRLIBDIR64)"
CONFIGURE_OPTIONS += --with-dnet-libraries="$(USRLIBDIR64)"
-CONFIGURE_OPTIONS += --without-mysql
-CONFIGURE_OPTIONS += --without-postgresql
-CONFIGURE_OPTIONS += --enable-zlib
-CONFIGURE_OPTIONS += --enable-ipv6
CONFIGURE_OPTIONS += --disable-static-daq
-# cheesy, but if we turn off visibility then it doesn't
-# save the CFLAGS right and then nulls them.
-CONFIGURE_OPTIONS += "gl_cv_cc_visibility=no"
-CONFIGURE_OPTIONS += gl_save_CFLAGS="$(CFLAGS)"
-
-# Move snort shared objects to 64-bit path to stop pkglint bitching.
-COMPONENT_POST_INSTALL_ACTION += \
- $(MV) $(PROTOUSRLIBDIR)/snort_dynamicengine $(PROTOUSRLIBDIR64); \
- $(MV) $(PROTOUSRLIBDIR)/snort_dynamicpreprocessor $(PROTOUSRLIBDIR64) ;
-
+REQUIRED_PACKAGES += compress/xz
REQUIRED_PACKAGES += developer/lexer/flex
REQUIRED_PACKAGES += developer/parser/bison
+REQUIRED_PACKAGES += library/nghttp2
REQUIRED_PACKAGES += library/pcre
REQUIRED_PACKAGES += library/security/openssl
REQUIRED_PACKAGES += library/security/openssl/openssl-fips-140
--- a/components/snort/patches/snort.8.patch Mon Feb 06 22:51:03 2017 -0800
+++ b/components/snort/patches/snort.8.patch Tue Feb 07 09:08:08 2017 -0800
@@ -1,12 +1,9 @@
Fix the comments w.r.t. configuration file usage with the -T option.
This change has been submitted upstream.
-Adjust the reference to "networks(4)" to be "networks(5)".
-This change should be sent upstream.
-
---- snort.8.orig 2016-04-20 10:13:29.946194815 -0700
-+++ snort.8 2016-04-20 10:14:01.254235607 -0700
-@@ -339,8 +339,7 @@
+--- snort-2.9.9.0/snort.8.orig 2017-01-25 12:23:22.383189188 +0000
++++ snort-2.9.9.0/snort.8 2017-01-25 12:23:56.475130490 +0000
+@@ -341,8 +341,7 @@
indicating that everything is ready to proceed. This is a good
switch to use if daemon mode is going to be used, it verifies that
the Snort configuration that is about to be used is valid and won't fail at
@@ -16,12 +13,3 @@
.I config-file.
.IP "-u user"
Change the user/UID Snort runs under to
-@@ -603,7 +602,7 @@
- .IP "\fBdst net \fInet\fR"
- True if the IP destination address of the packet has a network
- number of \fInet\fP. \fINet\fP may be either a name from /etc/networks
--or a network number (see \fInetworks(4)\fP for details).
-+or a network number (see \fInetworks(5)\fP for details).
- .IP "\fBsrc net \fInet\fR"
- True if the IP source address of the packet has a network
- number of \fInet\fP.
--- a/components/snort/patches/snort.c.patch Mon Feb 06 22:51:03 2017 -0800
+++ b/components/snort/patches/snort.c.patch Tue Feb 07 09:08:08 2017 -0800
@@ -43,9 +43,9 @@
/usr/lib/64/daq
---- src/snort.c.orig 2014-09-25 07:53:43.356728058 -0700
-+++ src/snort.c 2014-09-25 07:55:05.650780347 -0700
-@@ -4039,6 +4039,9 @@
+--- snort-2.9.9.0/src/snort.c.orig 2017-01-25 10:28:13.663208245 +0000
++++ snort-2.9.9.0/src/snort.c 2017-01-25 10:29:22.601448936 +0000
+@@ -4190,6 +4190,9 @@
{
SnortConfig *sc = (SnortConfig *)SnortAlloc(sizeof(SnortConfig));
--- a/components/snort/patches/snort.conf.patch Mon Feb 06 22:51:03 2017 -0800
+++ b/components/snort/patches/snort.conf.patch Tue Feb 07 09:08:08 2017 -0800
@@ -3,9 +3,9 @@
These changes will not be submitted upstream.
---- etc/snort.conf.orig 2014-09-25 07:56:45.270217768 -0700
-+++ etc/snort.conf 2014-10-06 06:02:57.202660631 -0700
-@@ -101,13 +101,13 @@
+--- snort-2.9.9.0/etc/snort.conf.orig 2017-01-25 10:31:22.399873705 +0000
++++ snort-2.9.9.0/etc/snort.conf 2017-01-25 10:33:48.196169768 +0000
+@@ -101,17 +101,17 @@
# Path to your rules files (this can be a relative path)
# Note for Windows users: You are advised to make this an absolute path,
# such as: c:\snort\rules
@@ -17,6 +17,10 @@
+var PREPROC_RULE_PATH preproc_rules
# If you are using reputation preprocessor set these
+ # Currently there is a bug with relative paths, they are relative to where snort is
+ # not relative to snort.conf like the above variables
+ # This is completely inconsistent with how other vars work, BUG 89986
+ # Set the absolute path appropriately
-var WHITE_LIST_PATH ../rules
-var BLACK_LIST_PATH ../rules
+var WHITE_LIST_PATH rules
@@ -24,7 +28,7 @@
###################################################
# Step #2: Configure the decoder. For more information, see README.decode
-@@ -153,7 +153,7 @@
+@@ -157,7 +157,7 @@
# Configure DAQ related options for inline operation. For more information, see README.daq
#
# config daq: <type>
@@ -33,7 +37,7 @@
# config daq_mode: <mode>
# config daq_var: <var>
#
-@@ -240,13 +240,13 @@
+@@ -244,13 +244,13 @@
###################################################
# path to dynamic preprocessor libraries
@@ -50,7 +54,7 @@
###################################################
# Step #5: Configure preprocessors
-@@ -499,12 +499,12 @@
+@@ -504,12 +504,12 @@
check_crc
# Reputation preprocessor. For more information see README.reputation
@@ -69,12 +73,12 @@
###################################################
# Step #6: Configure output plugins
-@@ -538,123 +538,123 @@
+@@ -543,112 +543,112 @@
###################################################
# site specific rules
-include $RULE_PATH/local.rules
-+# include $RULE_PATH/local.rules
++#include $RULE_PATH/local.rules
-include $RULE_PATH/app-detect.rules
-include $RULE_PATH/attack-responses.rules
@@ -100,7 +104,6 @@
-include $RULE_PATH/file-flash.rules
-include $RULE_PATH/file-identify.rules
-include $RULE_PATH/file-image.rules
--include $RULE_PATH/file-java.rules
-include $RULE_PATH/file-multimedia.rules
-include $RULE_PATH/file-office.rules
-include $RULE_PATH/file-other.rules
@@ -112,7 +115,6 @@
-include $RULE_PATH/imap.rules
-include $RULE_PATH/indicator-compromise.rules
-include $RULE_PATH/indicator-obfuscation.rules
--include $RULE_PATH/indicator-scan.rules
-include $RULE_PATH/indicator-shellcode.rules
-include $RULE_PATH/info.rules
-include $RULE_PATH/malware-backdoor.rules
@@ -126,7 +128,6 @@
-include $RULE_PATH/nntp.rules
-include $RULE_PATH/oracle.rules
-include $RULE_PATH/os-linux.rules
--include $RULE_PATH/os-mobile.rules
-include $RULE_PATH/os-other.rules
-include $RULE_PATH/os-solaris.rules
-include $RULE_PATH/os-windows.rules
@@ -140,19 +141,12 @@
-include $RULE_PATH/policy-spam.rules
-include $RULE_PATH/pop2.rules
-include $RULE_PATH/pop3.rules
--include $RULE_PATH/protocol-dns.rules
-include $RULE_PATH/protocol-finger.rules
-include $RULE_PATH/protocol-ftp.rules
-include $RULE_PATH/protocol-icmp.rules
-include $RULE_PATH/protocol-imap.rules
--include $RULE_PATH/protocol-nntp.rules
-include $RULE_PATH/protocol-pop.rules
--include $RULE_PATH/protocol-rpc.rules
--include $RULE_PATH/protocol-scada.rules
-include $RULE_PATH/protocol-services.rules
--include $RULE_PATH/protocol-snmp.rules
--include $RULE_PATH/protocol-telnet.rules
--include $RULE_PATH/protocol-tftp.rules
-include $RULE_PATH/protocol-voip.rules
-include $RULE_PATH/pua-adware.rules
-include $RULE_PATH/pua-other.rules
@@ -169,7 +163,6 @@
-include $RULE_PATH/server-mysql.rules
-include $RULE_PATH/server-oracle.rules
-include $RULE_PATH/server-other.rules
--include $RULE_PATH/server-samba.rules
-include $RULE_PATH/server-webapp.rules
-include $RULE_PATH/shellcode.rules
-include $RULE_PATH/smtp.rules
@@ -191,121 +184,110 @@
-include $RULE_PATH/web-misc.rules
-include $RULE_PATH/web-php.rules
-include $RULE_PATH/x11.rules
-+# include $RULE_PATH/app-detect.rules
-+# include $RULE_PATH/attack-responses.rules
-+# include $RULE_PATH/backdoor.rules
-+# include $RULE_PATH/bad-traffic.rules
-+# include $RULE_PATH/blacklist.rules
-+# include $RULE_PATH/botnet-cnc.rules
-+# include $RULE_PATH/browser-chrome.rules
-+# include $RULE_PATH/browser-firefox.rules
-+# include $RULE_PATH/browser-ie.rules
-+# include $RULE_PATH/browser-other.rules
-+# include $RULE_PATH/browser-plugins.rules
-+# include $RULE_PATH/browser-webkit.rules
-+# include $RULE_PATH/chat.rules
-+# include $RULE_PATH/content-replace.rules
-+# include $RULE_PATH/ddos.rules
-+# include $RULE_PATH/dns.rules
-+# include $RULE_PATH/dos.rules
-+# include $RULE_PATH/experimental.rules
-+# include $RULE_PATH/exploit-kit.rules
-+# include $RULE_PATH/exploit.rules
-+# include $RULE_PATH/file-executable.rules
-+# include $RULE_PATH/file-flash.rules
-+# include $RULE_PATH/file-identify.rules
-+# include $RULE_PATH/file-image.rules
-+# include $RULE_PATH/file-java.rules
-+# include $RULE_PATH/file-multimedia.rules
-+# include $RULE_PATH/file-office.rules
-+# include $RULE_PATH/file-other.rules
-+# include $RULE_PATH/file-pdf.rules
-+# include $RULE_PATH/finger.rules
-+# include $RULE_PATH/ftp.rules
-+# include $RULE_PATH/icmp-info.rules
-+# include $RULE_PATH/icmp.rules
-+# include $RULE_PATH/imap.rules
-+# include $RULE_PATH/indicator-compromise.rules
-+# include $RULE_PATH/indicator-obfuscation.rules
-+# include $RULE_PATH/indicator-scan.rules
-+# include $RULE_PATH/indicator-shellcode.rules
-+# include $RULE_PATH/info.rules
-+# include $RULE_PATH/malware-backdoor.rules
-+# include $RULE_PATH/malware-cnc.rules
-+# include $RULE_PATH/malware-other.rules
-+# include $RULE_PATH/malware-tools.rules
-+# include $RULE_PATH/misc.rules
-+# include $RULE_PATH/multimedia.rules
-+# include $RULE_PATH/mysql.rules
-+# include $RULE_PATH/netbios.rules
-+# include $RULE_PATH/nntp.rules
-+# include $RULE_PATH/oracle.rules
-+# include $RULE_PATH/os-linux.rules
-+# include $RULE_PATH/os-mobile.rules
-+# include $RULE_PATH/os-other.rules
-+# include $RULE_PATH/os-solaris.rules
-+# include $RULE_PATH/os-windows.rules
-+# include $RULE_PATH/other-ids.rules
-+# include $RULE_PATH/p2p.rules
-+# include $RULE_PATH/phishing-spam.rules
-+# include $RULE_PATH/policy-multimedia.rules
-+# include $RULE_PATH/policy-other.rules
-+# include $RULE_PATH/policy.rules
-+# include $RULE_PATH/policy-social.rules
-+# include $RULE_PATH/policy-spam.rules
-+# include $RULE_PATH/pop2.rules
-+# include $RULE_PATH/pop3.rules
-+# include $RULE_PATH/protocol-dns.rules
-+# include $RULE_PATH/protocol-finger.rules
-+# include $RULE_PATH/protocol-ftp.rules
-+# include $RULE_PATH/protocol-icmp.rules
-+# include $RULE_PATH/protocol-imap.rules
-+# include $RULE_PATH/protocol-nntp.rules
-+# include $RULE_PATH/protocol-pop.rules
-+# include $RULE_PATH/protocol-rpc.rules
-+# include $RULE_PATH/protocol-scada.rules
-+# include $RULE_PATH/protocol-services.rules
-+# include $RULE_PATH/protocol-snmp.rules
-+# include $RULE_PATH/protocol-telnet.rules
-+# include $RULE_PATH/protocol-tftp.rules
-+# include $RULE_PATH/protocol-voip.rules
-+# include $RULE_PATH/pua-adware.rules
-+# include $RULE_PATH/pua-other.rules
-+# include $RULE_PATH/pua-p2p.rules
-+# include $RULE_PATH/pua-toolbars.rules
-+# include $RULE_PATH/rpc.rules
-+# include $RULE_PATH/rservices.rules
-+# include $RULE_PATH/scada.rules
-+# include $RULE_PATH/scan.rules
-+# include $RULE_PATH/server-apache.rules
-+# include $RULE_PATH/server-iis.rules
-+# include $RULE_PATH/server-mail.rules
-+# include $RULE_PATH/server-mssql.rules
-+# include $RULE_PATH/server-mysql.rules
-+# include $RULE_PATH/server-oracle.rules
-+# include $RULE_PATH/server-other.rules
-+# include $RULE_PATH/server-samba.rules
-+# include $RULE_PATH/server-webapp.rules
-+# include $RULE_PATH/shellcode.rules
-+# include $RULE_PATH/smtp.rules
-+# include $RULE_PATH/snmp.rules
-+# include $RULE_PATH/specific-threats.rules
-+# include $RULE_PATH/spyware-put.rules
-+# include $RULE_PATH/sql.rules
-+# include $RULE_PATH/telnet.rules
-+# include $RULE_PATH/tftp.rules
-+# include $RULE_PATH/virus.rules
-+# include $RULE_PATH/voip.rules
-+# include $RULE_PATH/web-activex.rules
-+# include $RULE_PATH/web-attacks.rules
-+# include $RULE_PATH/web-cgi.rules
-+# include $RULE_PATH/web-client.rules
-+# include $RULE_PATH/web-coldfusion.rules
-+# include $RULE_PATH/web-frontpage.rules
-+# include $RULE_PATH/web-iis.rules
-+# include $RULE_PATH/web-misc.rules
-+# include $RULE_PATH/web-php.rules
-+# include $RULE_PATH/x11.rules
++#include $RULE_PATH/app-detect.rules
++#include $RULE_PATH/attack-responses.rules
++#include $RULE_PATH/backdoor.rules
++#include $RULE_PATH/bad-traffic.rules
++#include $RULE_PATH/blacklist.rules
++#include $RULE_PATH/botnet-cnc.rules
++#include $RULE_PATH/browser-chrome.rules
++#include $RULE_PATH/browser-firefox.rules
++#include $RULE_PATH/browser-ie.rules
++#include $RULE_PATH/browser-other.rules
++#include $RULE_PATH/browser-plugins.rules
++#include $RULE_PATH/browser-webkit.rules
++#include $RULE_PATH/chat.rules
++#include $RULE_PATH/content-replace.rules
++#include $RULE_PATH/ddos.rules
++#include $RULE_PATH/dns.rules
++#include $RULE_PATH/dos.rules
++#include $RULE_PATH/experimental.rules
++#include $RULE_PATH/exploit-kit.rules
++#include $RULE_PATH/exploit.rules
++#include $RULE_PATH/file-executable.rules
++#include $RULE_PATH/file-flash.rules
++#include $RULE_PATH/file-identify.rules
++#include $RULE_PATH/file-image.rules
++#include $RULE_PATH/file-multimedia.rules
++#include $RULE_PATH/file-office.rules
++#include $RULE_PATH/file-other.rules
++#include $RULE_PATH/file-pdf.rules
++#include $RULE_PATH/finger.rules
++#include $RULE_PATH/ftp.rules
++#include $RULE_PATH/icmp-info.rules
++#include $RULE_PATH/icmp.rules
++#include $RULE_PATH/imap.rules
++#include $RULE_PATH/indicator-compromise.rules
++#include $RULE_PATH/indicator-obfuscation.rules
++#include $RULE_PATH/indicator-shellcode.rules
++#include $RULE_PATH/info.rules
++#include $RULE_PATH/malware-backdoor.rules
++#include $RULE_PATH/malware-cnc.rules
++#include $RULE_PATH/malware-other.rules
++#include $RULE_PATH/malware-tools.rules
++#include $RULE_PATH/misc.rules
++#include $RULE_PATH/multimedia.rules
++#include $RULE_PATH/mysql.rules
++#include $RULE_PATH/netbios.rules
++#include $RULE_PATH/nntp.rules
++#include $RULE_PATH/oracle.rules
++#include $RULE_PATH/os-linux.rules
++#include $RULE_PATH/os-other.rules
++#include $RULE_PATH/os-solaris.rules
++#include $RULE_PATH/os-windows.rules
++#include $RULE_PATH/other-ids.rules
++#include $RULE_PATH/p2p.rules
++#include $RULE_PATH/phishing-spam.rules
++#include $RULE_PATH/policy-multimedia.rules
++#include $RULE_PATH/policy-other.rules
++#include $RULE_PATH/policy.rules
++#include $RULE_PATH/policy-social.rules
++#include $RULE_PATH/policy-spam.rules
++#include $RULE_PATH/pop2.rules
++#include $RULE_PATH/pop3.rules
++#include $RULE_PATH/protocol-finger.rules
++#include $RULE_PATH/protocol-ftp.rules
++#include $RULE_PATH/protocol-icmp.rules
++#include $RULE_PATH/protocol-imap.rules
++#include $RULE_PATH/protocol-pop.rules
++#include $RULE_PATH/protocol-services.rules
++#include $RULE_PATH/protocol-voip.rules
++#include $RULE_PATH/pua-adware.rules
++#include $RULE_PATH/pua-other.rules
++#include $RULE_PATH/pua-p2p.rules
++#include $RULE_PATH/pua-toolbars.rules
++#include $RULE_PATH/rpc.rules
++#include $RULE_PATH/rservices.rules
++#include $RULE_PATH/scada.rules
++#include $RULE_PATH/scan.rules
++#include $RULE_PATH/server-apache.rules
++#include $RULE_PATH/server-iis.rules
++#include $RULE_PATH/server-mail.rules
++#include $RULE_PATH/server-mssql.rules
++#include $RULE_PATH/server-mysql.rules
++#include $RULE_PATH/server-oracle.rules
++#include $RULE_PATH/server-other.rules
++#include $RULE_PATH/server-webapp.rules
++#include $RULE_PATH/shellcode.rules
++#include $RULE_PATH/smtp.rules
++#include $RULE_PATH/snmp.rules
++#include $RULE_PATH/specific-threats.rules
++#include $RULE_PATH/spyware-put.rules
++#include $RULE_PATH/sql.rules
++#include $RULE_PATH/telnet.rules
++#include $RULE_PATH/tftp.rules
++#include $RULE_PATH/virus.rules
++#include $RULE_PATH/voip.rules
++#include $RULE_PATH/web-activex.rules
++#include $RULE_PATH/web-attacks.rules
++#include $RULE_PATH/web-cgi.rules
++#include $RULE_PATH/web-client.rules
++#include $RULE_PATH/web-coldfusion.rules
++#include $RULE_PATH/web-frontpage.rules
++#include $RULE_PATH/web-iis.rules
++#include $RULE_PATH/web-misc.rules
++#include $RULE_PATH/web-php.rules
++#include $RULE_PATH/x11.rules
###################################################
# Step #8: Customize your preprocessor and decoder alerts
--- a/components/snort/patches/solaris-build.patch Mon Feb 06 22:51:03 2017 -0800
+++ b/components/snort/patches/solaris-build.patch Tue Feb 07 09:08:08 2017 -0800
@@ -1,17 +1,27 @@
-This patch does three things:
+Changes needed to get snort to successfully build on Solaris.
-1/ Uses gethrtime() rather than trying to read the %tick register (the
+1/ We need to define our own equivalent (snort_in6_addr) of the in6_addr
+ struct from /usr/include/netinet/in.h because on Solaris we do not have
+ a s6_addr16 definition. We then have to use snort_in6_addr instead of
+ in6_addr in numerous places.
+ CR #25300643 has been filed for this Solaris include file omission.
+
+2/ Uses gethrtime() rather than trying to read the %tick register (the
latter has issues in MP environments)
-2/ Allows Studio to compile in 64-bit and normal optimization.
-3/ Removed the need to define lines like "CFLAGS += -Du_int8_t=uint8_t"
- in the snort component Makefile.
+
+3/ Remove the need to define lines like "CFLAGS += -Du_int8_t=uint8_t"
+ in the snort component Makefile by #include'ing "sf_types.h" in
+ snort-2.9.9.0/src/sfutil/sf_ip.h
-It has been sent upstream for consideration by the snort maintainers for
-a future release.
+4/ Prevent "-Wall" being added to CFLAGS by removing a bogus piece of
+ code in configure.in
---- configure.in.orig 2014-09-25 08:05:35.171512464 -0700
-+++ configure.in 2014-09-25 08:06:12.896272259 -0700
-@@ -746,27 +746,8 @@
+The gethrtime() changes will be pushed upstream and the other configure.in
+change. The others should be fixed by changes to standard Solaris headers.
+
+--- snort-2.9.9.0.orig/configure.in 2016-11-14 21:27:15.000000000 +0000
++++ snort-2.9.9.0/configure.in 2017-01-25 09:36:56.282142284 +0000
+@@ -889,27 +889,8 @@
AC_MSG_RESULT(no)
fi
@@ -41,8 +51,21 @@
# modified from gnulib/m4/visibility.m4
AC_DEFUN([CC_VISIBILITY],
---- src/cpuclock.h.orig 2014-09-25 08:07:00.139948870 -0700
-+++ src/cpuclock.h 2014-09-25 08:08:38.401237764 -0700
+@@ -1489,11 +1470,6 @@
+ fi
+ fi
+
+-# Question: Does ICC not support -Wall (VJR - Jan 14, 2015)
+-if test "$ICC" = "no"; then
+- CFLAGS="$CFLAGS -Wall"
+-fi
+-
+ echo $CFLAGS > cflags.out
+ echo $CPPFLAGS > cppflags.out
+
+diff -urN snort-2.9.9.0.orig/src/cpuclock.h snort-2.9.9.0/src/cpuclock.h
+--- snort-2.9.9.0.orig/src/cpuclock.h 2016-06-07 00:47:47.000000000 +0000
++++ snort-2.9.9.0/src/cpuclock.h 2017-01-25 09:41:13.229685320 +0000
@@ -84,26 +84,15 @@
val = ((uint64_t)tbl) | (((uint64_t)tbu0) << 32); \
}
@@ -74,9 +97,200 @@
#endif /* POWERPC || PPC */
#endif /* IA64 && HPUX */
#endif /* IA64 && GNUC */
---- src/sfutil/sf_ip.h.orig 2014-09-25 08:09:20.181312683 -0700
-+++ src/sfutil/sf_ip.h 2014-09-25 08:09:41.442009279 -0700
-@@ -39,6 +39,7 @@
+diff -urN snort-2.9.9.0.orig/src/decode.c snort-2.9.9.0/src/decode.c
+--- snort-2.9.9.0.orig/src/decode.c 2016-08-16 01:55:56.000000000 +0000
++++ snort-2.9.9.0/src/decode.c 2017-01-25 07:29:26.221313664 +0000
+@@ -3152,7 +3152,7 @@
+ {
+ IP6RawHdr* hdr6 = (IP6RawHdr*)p->iph;
+ uint8_t multicast_scope;
+- struct in6_addr* ip_dst;
++ struct snort_in6_addr* ip_dst;
+ uint32_t h_ip_dst;
+
+ if ( hdr6->ip6_src.s6_addr[0] == IP6_MULTICAST )
+diff -urN snort-2.9.9.0.orig/src/decode.h snort-2.9.9.0/src/decode.h
+--- snort-2.9.9.0.orig/src/decode.h 2016-06-07 00:47:47.000000000 +0000
++++ snort-2.9.9.0/src/decode.h 2017-01-25 07:29:41.049530830 +0000
+@@ -1135,7 +1135,7 @@
+
+ /* IPv6 address */
+ #ifndef s6_addr
+-struct in6_addr
++struct snort_in6_addr
+ {
+ union
+ {
+@@ -1157,8 +1157,8 @@
+ uint8_t ip6_next; /* next header */
+ uint8_t ip6_hoplim; /* hop limit */
+
+- struct in6_addr ip6_src; /* source address */
+- struct in6_addr ip6_dst; /* destination address */
++ struct snort_in6_addr ip6_src; /* source address */
++ struct snort_in6_addr ip6_dst; /* destination address */
+ } IP6RawHdr;
+
+ #define ip6flow ip6_vtf
+@@ -1241,7 +1241,7 @@
+ uint8_t ip6rte0_seg_left;
+ uint8_t ip6rte0_reserved;
+ uint8_t ip6rte0_bitmap[3];
+- struct in6_addr ip6rte0_addr[1]; /* Up to 23 IP6 addresses */
++ struct snort_in6_addr ip6rte0_addr[1]; /* Up to 23 IP6 addresses */
+ } IP6Route0;
+
+ /* Fragment header */
+diff -urN snort-2.9.9.0.orig/src/dynamic-preprocessors/appid/fw_appid.c snort-2.9.9.0/src/dynamic-preprocessors/appid/fw_appid.c
+--- snort-2.9.9.0.orig/src/dynamic-preprocessors/appid/fw_appid.c 2016-11-14 03:48:57.000000000 +0000
++++ snort-2.9.9.0/src/dynamic-preprocessors/appid/fw_appid.c 2017-01-25 07:40:47.816227342 +0000
+@@ -569,8 +569,8 @@
+ (!info->dip_flag || memcmp(&info->dip, key->ip_l, sizeof(info->dip)) == 0))))
+ {
+ int af;
+- const struct in6_addr* sip;
+- const struct in6_addr* dip;
++ const struct snort_in6_addr* sip;
++ const struct snort_in6_addr* dip;
+ unsigned offset;
+ uint16_t sport;
+ uint16_t dport;
+@@ -582,38 +582,38 @@
+ {
+ if (session->common.initiator_port == key->port_l)
+ {
+- sip = (const struct in6_addr*)key->ip_l;
+- dip = (const struct in6_addr*)key->ip_h;
++ sip = (const struct snort_in6_addr*)key->ip_l;
++ dip = (const struct snort_in6_addr*)key->ip_h;
+ sport = key->port_l;
+ dport = key->port_h;
+ }
+ else
+ {
+- sip = (const struct in6_addr*)key->ip_h;
+- dip = (const struct in6_addr*)key->ip_l;
++ sip = (const struct snort_in6_addr*)key->ip_h;
++ dip = (const struct snort_in6_addr*)key->ip_l;
+ sport = key->port_h;
+ dport = key->port_l;
+ }
+ }
+ else if (memcmp(&session->common.initiator_ip, key->ip_l, sizeof(session->common.initiator_ip))==0)
+ {
+- sip = (const struct in6_addr*)key->ip_l;
+- dip = (const struct in6_addr*)key->ip_h;
++ sip = (const struct snort_in6_addr*)key->ip_l;
++ dip = (const struct snort_in6_addr*)key->ip_h;
+ sport = key->port_l;
+ dport = key->port_h;
+ }
+ else
+ {
+- sip = (const struct in6_addr*)key->ip_h;
+- dip = (const struct in6_addr*)key->ip_l;
++ sip = (const struct snort_in6_addr*)key->ip_h;
++ dip = (const struct snort_in6_addr*)key->ip_l;
+ sport = key->port_h;
+ dport = key->port_l;
+ }
+ }
+ else
+ {
+- sip = (const struct in6_addr*)key->ip_l;
+- dip = (const struct in6_addr*)key->ip_h;
++ sip = (const struct snort_in6_addr*)key->ip_l;
++ dip = (const struct snort_in6_addr*)key->ip_h;
+ sport = key->port_l;
+ dport = key->port_h;
+ }
+diff -urN snort-2.9.9.0.orig/src/dynamic-preprocessors/appid/util/ip_funcs.h snort-2.9.9.0/src/dynamic-preprocessors/appid/util/ip_funcs.h
+--- snort-2.9.9.0.orig/src/dynamic-preprocessors/appid/util/ip_funcs.h 2016-06-07 00:47:48.000000000 +0000
++++ snort-2.9.9.0/src/dynamic-preprocessors/appid/util/ip_funcs.h 2017-01-25 07:44:56.916628622 +0000
+@@ -55,7 +55,7 @@
+
+ RNAIpv6AddrSet *ParseIpv6Cidr(char *);
+
+-static inline void copyIpv4ToIpv6Network(struct in6_addr *keyIp, const uint32_t ip)
++static inline void copyIpv4ToIpv6Network(struct snort_in6_addr *keyIp, const uint32_t ip)
+ {
+ keyIp->s6_addr32[0] = keyIp->s6_addr32[1] = 0;
+ keyIp->s6_addr16[4] = 0;
+diff -urN snort-2.9.9.0.orig/src/file-process/file_resume_block.c snort-2.9.9.0/src/file-process/file_resume_block.c
+--- snort-2.9.9.0.orig/src/file-process/file_resume_block.c 2016-06-07 00:47:49.000000000 +0000
++++ snort-2.9.9.0/src/file-process/file_resume_block.c 2017-01-25 07:35:43.838234514 +0000
+@@ -48,8 +48,8 @@
+
+ typedef struct _FileHashKey
+ {
+- struct in6_addr sip;
+- struct in6_addr dip;
++ struct snort_in6_addr sip;
++ struct snort_in6_addr dip;
+ uint32_t file_sig;
+ } FileHashKey;
+
+diff -urN snort-2.9.9.0.orig/src/file-process/file_segment_process.h snort-2.9.9.0/src/file-process/file_segment_process.h
+--- snort-2.9.9.0.orig/src/file-process/file_segment_process.h 2016-06-07 00:47:49.000000000 +0000
++++ snort-2.9.9.0/src/file-process/file_segment_process.h 2017-01-25 07:35:48.265314566 +0000
+@@ -61,8 +61,8 @@
+
+ typedef struct _FileKey
+ {
+- struct in6_addr sip;
+- struct in6_addr dip;
++ struct snort_in6_addr sip;
++ struct snort_in6_addr dip;
+ uint64_t file_id;
+ } FileKey;
+
+diff -urN snort-2.9.9.0.orig/src/preprocessors/portscan.c snort-2.9.9.0/src/preprocessors/portscan.c
+--- snort-2.9.9.0.orig/src/preprocessors/portscan.c 2016-06-07 00:47:49.000000000 +0000
++++ snort-2.9.9.0/src/preprocessors/portscan.c 2017-01-25 07:36:50.781966468 +0000
+@@ -129,8 +129,8 @@
+ typedef struct s_PS_HASH_KEY
+ {
+ int protocol;
+- struct in6_addr scanner;
+- struct in6_addr scanned;
++ struct snort_in6_addr scanner;
++ struct snort_in6_addr scanned;
+ tSfPolicyId policyId;
+ } PS_HASH_KEY;
+
+diff -urN snort-2.9.9.0.orig/src/preprocessors/Session/session_expect.c snort-2.9.9.0/src/preprocessors/Session/session_expect.c
+--- snort-2.9.9.0.orig/src/preprocessors/Session/session_expect.c 2016-08-16 01:55:56.000000000 +0000
++++ snort-2.9.9.0/src/preprocessors/Session/session_expect.c 2017-01-25 07:42:04.457716140 +0000
+@@ -94,8 +94,8 @@
+
+ typedef struct _ExpectHashKey
+ {
+- struct in6_addr ip1;
+- struct in6_addr ip2;
++ struct snort_in6_addr ip1;
++ struct snort_in6_addr ip2;
+ uint16_t port1;
+ uint16_t port2;
+ uint32_t protocol;
+diff -urN snort-2.9.9.0.orig/src/preprocessors/Session/stream5_ha.c snort-2.9.9.0/src/preprocessors/Session/stream5_ha.c
+--- snort-2.9.9.0.orig/src/preprocessors/Session/stream5_ha.c 2016-06-07 00:47:49.000000000 +0000
++++ snort-2.9.9.0/src/preprocessors/Session/stream5_ha.c 2017-01-25 07:42:14.881222982 +0000
+@@ -128,9 +128,9 @@
+ typedef struct _HADebugSessionConstraints
+ {
+ int sip_flag;
+- struct in6_addr sip;
++ struct snort_in6_addr sip;
+ int dip_flag;
+- struct in6_addr dip;
++ struct snort_in6_addr dip;
+ uint16_t sport;
+ uint16_t dport;
+ uint8_t protocol;
+diff -urN snort-2.9.9.0.orig/src/sfutil/sf_ip.h snort-2.9.9.0/src/sfutil/sf_ip.h
+--- snort-2.9.9.0.orig/src/sfutil/sf_ip.h 2016-11-14 03:48:57.000000000 +0000
++++ snort-2.9.9.0/src/sfutil/sf_ip.h 2017-01-25 09:41:42.567822087 +0000
+@@ -43,6 +43,7 @@
#endif
#include "snort_debug.h" /* for inline definition */
@@ -84,3 +298,125 @@
/* define SFIP_ROBUST to check pointers passed into the sfip libs.
* Robustification should not be enabled if the client code is trustworthy.
+@@ -87,9 +88,28 @@
+ #pragma pack(push,1)
+ #endif
+
++/* Workaround the struct in6_addr definition in /usr/include/netinet/in.h
++ * on Solaris not having a s6_addr16 definition.
++ */
++
++#undef s6_addr
++#undef s6_addr16
++#undef s6_addr32
++
++struct snort_in6_addr {
++ union {
++ uint8_t _S6_u8[16];
++ uint16_t _S6_u16[8];
++ uint32_t _S6_u32[4];
++ } in6_u;
++#define s6_addr in6_u._S6_u8
++#define s6_addr16 in6_u._S6_u16
++#define s6_addr32 in6_u._S6_u32
++};
++
+ struct _sfaddr
+ {
+- struct in6_addr ip;
++ struct snort_in6_addr ip;
+ uint16_t family;
+ # define ia8 ip.s6_addr
+ # define ia16 ip.s6_addr16
+@@ -143,7 +163,7 @@
+
+ #pragma pack(push,1)
+ struct _sfaddr {
+- struct in6_addr ip;
++ struct snort_in6_addr ip;
+ uint16_t family;
+ # define ia8 ip.s6_addr
+ # define ia16 ip.s6_addr16
+@@ -269,7 +289,7 @@
+ /* Returns 1 if the IP is non-zero. 0 otherwise */
+ /* XXX This is a performance critical function, \
+ * need to determine if it's safe to not check these pointers */\
+-static inline int sfraw_is_set(const struct in6_addr *addr) {
++static inline int sfraw_is_set(const struct snort_in6_addr *addr) {
+ /* ARG_CHECK1(ip, -1); */
+ return (addr->s6_addr32[3] || addr->s6_addr32[0] || addr->s6_addr32[1] || addr->s6_addr16[4] ||
+ (addr->s6_addr16[5] && addr->s6_addr16[5] != 0xFFFF)) ? 1 : 0;
+@@ -558,7 +578,7 @@
+ return 0;
+ }
+
+-static inline void sfaddr_copy_to_raw(struct in6_addr *dst, const sfaddr_t *src)
++static inline void sfaddr_copy_to_raw(struct snort_in6_addr *dst, const sfaddr_t *src)
+ {
+ dst->s6_addr32[0] = src->ia32[0];
+ dst->s6_addr32[1] = src->ia32[1];
+diff -urN snort-2.9.9.0.orig/src/sfutil/sfrf.c snort-2.9.9.0/src/sfutil/sfrf.c
+--- snort-2.9.9.0.orig/src/sfutil/sfrf.c 2016-06-07 00:47:49.000000000 +0000
++++ snort-2.9.9.0/src/sfutil/sfrf.c 2017-01-25 07:26:36.583837363 +0000
+@@ -77,7 +77,7 @@
+ * whether dos threshold is tracking by source or destination IP address. For tracking
+ * by rule, it is cleared out (all 0s).
+ */
+- struct in6_addr ip;
++ struct snort_in6_addr ip;
+
+ } tSFRFTrackingNodeKey ;
+
+diff -urN snort-2.9.9.0.orig/src/sfutil/sfthd.h snort-2.9.9.0/src/sfutil/sfthd.h
+--- snort-2.9.9.0.orig/src/sfutil/sfthd.h 2016-11-14 03:48:57.000000000 +0000
++++ snort-2.9.9.0/src/sfutil/sfthd.h 2017-01-25 07:26:13.854480513 +0000
+@@ -104,7 +104,7 @@
+ typedef struct{
+
+ int thd_id;
+- struct in6_addr ip;
++ struct snort_in6_addr ip;
+ tSfPolicyId policyId;
+
+ } THD_IP_NODE_KEY ;
+@@ -113,7 +113,7 @@
+
+ unsigned gen_id;
+ unsigned sig_id;
+- struct in6_addr ip;
++ struct snort_in6_addr ip;
+ tSfPolicyId policyId;
+
+ } THD_IP_GNODE_KEY ;
+diff -urN snort-2.9.9.0.orig/src/tag.c snort-2.9.9.0/src/tag.c
+--- snort-2.9.9.0.orig/src/tag.c 2016-06-07 00:47:48.000000000 +0000
++++ snort-2.9.9.0/src/tag.c 2017-01-25 07:30:03.102551584 +0000
+@@ -63,8 +63,8 @@
+ */
+ typedef struct _tagSessionKey
+ {
+- struct in6_addr sip; ///source IP address
+- struct in6_addr dip; ///destination IP address
++ struct snort_in6_addr sip; ///source IP address
++ struct snort_in6_addr dip; ///destination IP address
+
+ /* ports */
+ uint16_t sp; ///source port
+@@ -317,7 +317,7 @@
+ */
+ static inline void SwapTag(TagNode *np)
+ {
+- struct in6_addr tip;
++ struct snort_in6_addr tip;
+ uint16_t tport;
+
+ tip = np->key.sip;
+@@ -345,7 +345,7 @@
+
+ host_tag_cache_ptr = sfxhash_new(
+ hashTableSize, /* number of hash buckets */
+- sizeof(struct in6_addr), /* size of the key we're going to use */
++ sizeof(struct snort_in6_addr), /* size of the key we're going to use */
+ 0, /* size of the storage node */
+ 0, /* disable memcap*/
+ 0, /* use auto node recovery */
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/snort/patches/sparc-alignment.patch Tue Feb 07 09:08:08 2017 -0800
@@ -0,0 +1,27 @@
+Fix alignment problems on SPARC. Based on similar fixes found at:
+
+ https://lists.debian.org/debian-sparc/2012/01/msg00012.html
+
+and:
+
+ https://www.winehq.org/pipermail/wine-patches/2011-February/098547.html
+
+This change needs to be sent upstream.
+
+--- snort-2.9.9.0/src/snort.c.orig 2017-01-25 10:28:13.663208245 +0000
++++ snort-2.9.9.0/src/snort.c 2017-01-30 13:20:41.973411707 +0000
+@@ -847,6 +847,14 @@
+ snort_argc = argc;
+ snort_argv = argv;
+
++/*
++ * 'ta 6' tells the kernel to synthesize any unaligned accesses this process
++ * makes, instead of just signalling an error and terminating the process.
++ */
++#ifdef __sparc
++ __asm("ta 6");
++#endif
++
+ return SnortMain(argc, argv);
+ }
+
--- a/components/snort/snort.p5m Mon Feb 06 22:51:03 2017 -0800
+++ b/components/snort/snort.p5m Tue Feb 07 09:08:08 2017 -0800
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
#
<transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
@@ -79,13 +79,18 @@
file path=usr/include/snort/dynamic_preproc/bitop.h
file path=usr/include/snort/dynamic_preproc/cpuclock.h
file path=usr/include/snort/dynamic_preproc/file_api.h
+file path=usr/include/snort/dynamic_preproc/file_mail_common.h
file path=usr/include/snort/dynamic_preproc/idle_processing.h
file path=usr/include/snort/dynamic_preproc/ipv6_port.h
file path=usr/include/snort/dynamic_preproc/mempool.h
+file path=usr/include/snort/dynamic_preproc/mpse_methods.h
file path=usr/include/snort/dynamic_preproc/obfuscation.h
+file path=usr/include/snort/dynamic_preproc/packet_time.h
+file path=usr/include/snort/dynamic_preproc/perf_indicators.h
file path=usr/include/snort/dynamic_preproc/preprocids.h
file path=usr/include/snort/dynamic_preproc/profiler.h
file path=usr/include/snort/dynamic_preproc/segment_mem.h
+file path=usr/include/snort/dynamic_preproc/session_api.h
file path=usr/include/snort/dynamic_preproc/sfPolicy.h
file path=usr/include/snort/dynamic_preproc/sfPolicyUserData.h
file path=usr/include/snort/dynamic_preproc/sf_decompression.h
@@ -104,14 +109,22 @@
file path=usr/include/snort/dynamic_preproc/sf_snort_plugin_api.h
file path=usr/include/snort/dynamic_preproc/sfcommon.h
file path=usr/include/snort/dynamic_preproc/sfcontrol.h
+file path=usr/include/snort/dynamic_preproc/sfdebug.h
file path=usr/include/snort/dynamic_preproc/sfrt.h
file path=usr/include/snort/dynamic_preproc/sfrt_dir.h
file path=usr/include/snort/dynamic_preproc/sfrt_flat.h
file path=usr/include/snort/dynamic_preproc/sfrt_flat_dir.h
file path=usr/include/snort/dynamic_preproc/sfrt_trie.h
+file path=usr/include/snort/dynamic_preproc/sidechannel_define.h
+file path=usr/include/snort/dynamic_preproc/sip_common.h
file path=usr/include/snort/dynamic_preproc/snort_bounds.h
file path=usr/include/snort/dynamic_preproc/snort_debug.h
file path=usr/include/snort/dynamic_preproc/ssl.h
+file path=usr/include/snort/dynamic_preproc/ssl_config.h
+file path=usr/include/snort/dynamic_preproc/ssl_ha.h
+file path=usr/include/snort/dynamic_preproc/ssl_include.h
+file path=usr/include/snort/dynamic_preproc/ssl_inspect.h
+file path=usr/include/snort/dynamic_preproc/ssl_session.h
file path=usr/include/snort/dynamic_preproc/str_search.h
file path=usr/include/snort/dynamic_preproc/stream_api.h
file path=usr/lib/$(MACH64)/pkgconfig/snort.pc
@@ -221,6 +234,7 @@
file path=usr/share/doc/snort/CREDITS
file path=usr/share/doc/snort/INSTALL
file path=usr/share/doc/snort/NEWS
+file path=usr/share/doc/snort/OpenDetectorDeveloperGuide.pdf
file path=usr/share/doc/snort/PROBLEMS
file path=usr/share/doc/snort/README
file path=usr/share/doc/snort/README.GTP
@@ -231,6 +245,7 @@
file path=usr/share/doc/snort/README.WIN32
file path=usr/share/doc/snort/README.active
file path=usr/share/doc/snort/README.alert_order
+file path=usr/share/doc/snort/README.appid
file path=usr/share/doc/snort/README.asn1
file path=usr/share/doc/snort/README.counts
file path=usr/share/doc/snort/README.csv
@@ -261,7 +276,6 @@
file path=usr/share/doc/snort/README.ppm
file path=usr/share/doc/snort/README.reload
file path=usr/share/doc/snort/README.reputation
-file path=usr/share/doc/snort/README.rzb_saac
file path=usr/share/doc/snort/README.sensitive_data
file path=usr/share/doc/snort/README.sfportscan
file path=usr/share/doc/snort/README.sip