From nobody@FreeBSD.org  Fri Feb 18 18:04:47 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B73911065670
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 18 Feb 2011 18:04:47 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 912A28FC17
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 18 Feb 2011 18:04:47 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p1II4lZN026409
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 18 Feb 2011 18:04:47 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p1II4lMv026408;
	Fri, 18 Feb 2011 18:04:47 GMT
	(envelope-from nobody)
Message-Id: <201102181804.p1II4lMv026408@red.freebsd.org>
Date: Fri, 18 Feb 2011 18:04:47 GMT
From: Dean Freeman <wfreeman@sourcefire.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: patches snort 2.9.0.4 for segfault in HttpInspect and failure to build without --enable-dynamicplugins
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         154868
>Category:       ports
>Synopsis:       patches snort 2.9.0.4 for segfault in HttpInspect and failure to build without --enable-dynamicplugins
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    wxs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 18 18:10:08 UTC 2011
>Closed-Date:    Fri Feb 18 20:07:03 UTC 2011
>Last-Modified:  Fri Feb 18 20:10:09 UTC 2011
>Originator:     Dean Freeman
>Release:        8-STABLE
>Organization:
Sourcefire, Inc
>Environment:
FreeBSD wdf-wrk1-freebsd-curr-x64.sfeng.sourcefire.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010     root@mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
Snort 2.9.0.4 will fail to build if --enable-dynamicplugin is not provided to configure.  A patch supplied by Michael Scheidell provides a fix for this.  Also, the VRT has issued a patch to avoid a potential segfault in the HttpInspect hi_client.c and hi_server.c.

This patch bumps the port revision from 2.9.0.4_1 to 2.9.0.4_2.
>How-To-Repeat:

>Fix:
diff -ur snort/Makefile /usr/ports/security/snort/Makefile
--- snort/Makefile	2011-02-18 07:22:59.000000000 -0500
+++ /usr/ports/security/snort/Makefile	2011-02-13 17:17:19.000000000 -0500
@@ -7,7 +7,7 @@
 
 PORTNAME=	snort
 PORTVERSION=	2.9.0.4
-PORTREVISION=	2	
+PORTREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	SF/snort/snort
 
diff -ur snort/files/patch-DisableDynamic /usr/ports/security/snort/files/patch-DisableDynamic
--- snort/files/patch-DisableDynamic	2011-02-18 07:28:02.000000000 -0500
+++ /usr/ports/security/snort/files/patch-DisableDynamic	2011-02-18 07:32:57.000000000 -0500
@@ -1,110 +0,0 @@
-? cflags.out
-? cppflags.out
-? cscope.out
-? disabledynamic.patch
-? http.patch
-? log
-? make.out
-? rules.work
-? snort-build.sh
-? snort.pc
-? ylwrap
-? etc/snort.conf.work
-? src/dynamic-preprocessors/rzb_saac/Makefile
-? tools/u2boat/u2boat
-? tools/u2spewfoo/u2spewfoo
-Index: src/fpcreate.c
-===================================================================
-RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v
-retrieving revision 1.107.2.2
-diff -u -p -r1.107.2.2 fpcreate.c
---- src/fpcreate.c	11 Jan 2011 22:54:40 -0000	1.107.2.2
-+++ src/fpcreate.c	17 Feb 2011 20:06:49 -0000
-@@ -70,6 +70,8 @@
- #include "dynamic-plugins/sp_preprocopt.h"
- #endif
- 
-+#include "dynamic-plugins/sf_dynamic_define.h"
-+
-   
- /*
-  *  Content flag values
-@@ -1810,9 +1812,11 @@ static int fpAddPortGroupRule(PORT_GROUP
-         fpAddAllContents(pg->pgPms[PM_TYPE__CONTENT], otn, id, pmd, fp);
- #endif
- 
-+#ifdef DYNAMIC_PLUGIN
-     /* No content added */
-     if (pmd == preproc_opt_pmds)
-         FreePmdList(pmd);
-+#endif
- 
-     if (fpFinishPortGroupRule(pg, PM_TYPE__MAX, otn, NULL, fp) != 0)
-         return -1;
-Index: src/dynamic-plugins/sf_dynamic_define.h
-===================================================================
-RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v
-retrieving revision 1.15.4.1
-diff -u -p -r1.15.4.1 sf_dynamic_define.h
---- src/dynamic-plugins/sf_dynamic_define.h	3 Jan 2011 19:58:05 -0000	1.15.4.1
-+++ src/dynamic-plugins/sf_dynamic_define.h	17 Feb 2011 20:06:49 -0000
-@@ -96,5 +96,15 @@ typedef enum {
- #endif
- #endif
- 
-+/* Parameters are rule info pointer, int to indicate URI or NORM,
-+ * and list pointer */
-+#define CONTENT_NORMAL            0x01
-+#define CONTENT_HTTP_URI          0x02
-+#define CONTENT_HTTP_HEADER       0x04
-+#define CONTENT_HTTP_CLIENT_BODY  0x08
-+#define CONTENT_HTTP_METHOD       0x10
-+#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\
-+                CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD)
-+
- #endif /* _SF_DYNAMIC_DEFINE_H_ */
- 
-Index: src/dynamic-plugins/sf_dynamic_engine.h
-===================================================================
-RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v
-retrieving revision 1.54.2.1
-diff -u -p -r1.54.2.1 sf_dynamic_engine.h
---- src/dynamic-plugins/sf_dynamic_engine.h	3 Jan 2011 19:58:06 -0000	1.54.2.1
-+++ src/dynamic-plugins/sf_dynamic_engine.h	17 Feb 2011 20:06:49 -0000
-@@ -77,15 +77,6 @@ typedef struct _FPContentInfo
- 
- } FPContentInfo;
- 
--/* Parameters are rule info pointer, int to indicate URI or NORM,
-- * and list pointer */
--#define CONTENT_NORMAL            0x01
--#define CONTENT_HTTP_URI          0x02
--#define CONTENT_HTTP_HEADER       0x04
--#define CONTENT_HTTP_CLIENT_BODY  0x08
--#define CONTENT_HTTP_METHOD       0x10
--#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\
--        CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD)
- typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **);
- typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **);
- typedef void (*RuleFreeFunc)(void *);
-Index: src/preprocessors/Stream5/snort_stream5_tcp.c
-===================================================================
-RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v
-retrieving revision 1.296.2.5
-diff -u -p -r1.296.2.5 snort_stream5_tcp.c
---- src/preprocessors/Stream5/snort_stream5_tcp.c	7 Jan 2011 20:06:05 -0000	1.296.2.5
-+++ src/preprocessors/Stream5/snort_stream5_tcp.c	17 Feb 2011 20:06:49 -0000
-@@ -816,12 +816,12 @@ void Stream5TcpRegisterRuleOptions(void)
-     RegisterPreprocessorRuleOption("stream_reassemble", &s5TcpStreamReassembleRuleOptionInit,
-                                    &s5TcpStreamReassembleRuleOptionEval, &s5TcpStreamReassembleRuleOptionCleanup,
-                                    NULL, NULL, NULL, NULL);
--#endif
- 
- #ifdef PERF_PROFILING
-     RegisterPreprocessorProfile("stream_size", &streamSizePerfStats, 4, &preprocRuleOptionPerfStats);
-     RegisterPreprocessorProfile("reassemble", &streamReassembleRuleOptionPerfStats, 4, &preprocRuleOptionPerfStats);
- #endif
-+#endif
- 
- }
- 
diff -ur snort/files/patch-HttpInspect /usr/ports/security/snort/files/patch-HttpInspect
--- snort/files/patch-HttpInspect	2011-02-18 07:21:22.000000000 -0500
+++ /usr/ports/security/snort/files/patch-HttpInspect	2011-02-18 07:32:51.000000000 -0500
@@ -1,27 +0,0 @@
-Index: src/preprocessors/HttpInspect/client/hi_client.c
-===================================================================
-diff -u -p -r1.97.2.2 hi_client.c
---- src/preprocessors/HttpInspect/client/hi_client.c	27 Jan 2011 00:15:39 -0000	1.97.2.2
-+++ src/preprocessors/HttpInspect/client/hi_client.c	17 Feb 2011 18:48:41 -0000
-@@ -1907,6 +1907,8 @@ static INLINE const u_char *hi_client_ex
-         return p;
-     }
-     header_ptr->content_len.len = 0;
-+    header_ptr->header.uri = start;
-+    header_ptr->header.uri_end = end;
- 
-     /* This is to skip past the HTTP/1.0 (or 1.1) version string */
-     if (IsHttpVersion(&p, end))
-Index: src/preprocessors/HttpInspect/server/hi_server.c
-===================================================================ls
-diff -u -p -r1.59.2.3 hi_server.c
---- src/preprocessors/HttpInspect/server/hi_server.c	27 Jan 2011 00:15:56 -0000	1.59.2.3
-+++ src/preprocessors/HttpInspect/server/hi_server.c	17 Feb 2011 18:48:41 -0000
-@@ -601,6 +601,7 @@ static INLINE const u_char *hi_server_ex
-     offset = (u_char*)p;
- 
-     header_ptr->header.uri = p;
-+    header_ptr->header.uri_end = end;
-     header_ptr->content_encoding.compress_fmt = 0;
-     header_ptr->content_len.len = 0;
- 

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->wxs 
Responsible-Changed-By: wxs 
Responsible-Changed-When: Fri Feb 18 18:57:08 UTC 2011 
Responsible-Changed-Why:  
I'll take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154868 
State-Changed-From-To: open->closed 
State-Changed-By: wxs 
State-Changed-When: Fri Feb 18 20:07:02 UTC 2011 
State-Changed-Why:  
Committed. Thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154868 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/154868: commit references a PR
Date: Fri, 18 Feb 2011 20:06:42 +0000 (UTC)

 wxs         2011-02-18 20:06:37 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/snort       Makefile 
   Added files:
     security/snort/files patch-DisableDynamic patch-HttpInspect 
   Log:
   Apply two patches:
   
   - Fix build when --enable-dynamicplugins is not given to configure. [1]
   - Fix a segfault in HttpInspect
   
   PR:             ports/154868
   Submitted by:   Dean Freeman <wfreeman@sourcefire.com> (maintainer)
                   [1]: Michael Scheidell
   
   Revision  Changes    Path
   1.132     +1 -1      ports/security/snort/Makefile
   1.1       +95 -0     ports/security/snort/files/patch-DisableDynamic (new)
   1.1       +27 -0     ports/security/snort/files/patch-HttpInspect (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
