[Oisf-devel] [COMMIT] OISF annotated tag, suricata-1.3beta2, created. suricata-1.3beta2

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Fri Jun 8 16:35:28 UTC 2012 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The annotated tag, suricata-1.3beta2 has been created
        at  75213625917d7968704f9047add74dcaa5212bdb (tag)
   tagging  ed9b07ef1f406a523c5858f959ad8e7c7432b0cb (commit)
  replaces  suricata-1.3beta1
 tagged by  Victor Julien
        on  Fri Jun 8 18:34:56 2012 +0200

- Log -----------------------------------------------------------------
Tag 1.3beta2 release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEABECAAYFAk/SKbwACgkQiSMBBAuniMfNNQCZAWIZQw9+L2GMLwgQUFK3MlRf
XkEAn0r5GQhNGNDCM5N8eEUGr+G4octZ
=WTQD
-----END PGP SIGNATURE-----

Anoop Saldanha (38):
      update handling negative offsets in byte_extract. Also improve validation in byte_extract to not extract values out of the buffer range
      minor code cleanup
      csum function fixes. Improves alert accuracy. FPs on invalid-csums decoder rules fixed
      Introduce new buffer API that lets you create and manage a buffer. Update http log to use this as well
      flag recieve acq tms that previously missed the receive_tm flag
      Free membuffer before clearing enclosing parent instance
      remove unused stream ssn flag - STREAMTCP_FLAG_TOSERVER_REASSEMBLY_STARTED
      bug 452 - enable http extra callbacks for configs other than the default configs
      bug 452 - fix detection bug for sigs that don't have a content but need payload inspection
      code cleanup - indentation fix
      fix FNs for flow- only_stream and no_stream options
      fix detection filter. Had one extra alert than normal previously, now fixed
      considering the tenths of a seconds in a packet, when calculating thresholds
      code cleanup
      fix detection filter unittests to reflect recent fixes
      fix failing fast pattern unittests
      bug 456 fix for byte_extract to have array of the right size to update values with
      bug 454 - Provide better error message when the user supplies a NULL address range
      coverity fixes
      more coverity fixes
      fix rate filter alert suppression. Log error if rate filter has count of 0. Other minor fixes as well
      indentation fix
      fix rate filters that reset the sig ctx data and handled action timeouts wrongly
      fix failing rate filter unittest
      bug 418 - update http log to escape backslashes
      bug #461 - http header shouldn't match on cookie header
      bug #451 fix for parsing address. Increase buffer size
      Add a nice error message when we exceeded address buffer limit for a rule
      libhtp fix for response body processing. Increment data counter for response body processing when no contentlength or chunked scheme is used but the server closes the connection
      set stream_eof flag per stream, only when the stream initiates a close. Fix htp parser to close connection per direction based on this
      bug #454 - global check to see if address and port vars are properly configured
      bug #454 - add unittests for the address/port conf var validation function
      bug #454 - rebase fix. Also use better error code to indicate invalid address var yaml entry
      debuglog now uses the new mem buffer API. Improve file ctx locking to just the file write
      We have a new probing parser to detect sslv2 records. todos to be covered later
      ssl parser fix/updates
      ssl connection error message event added. Remove warning log for the same error alert
      bug #458 - unittest that uses clamav FPing payload disabled for now. Needs to be rewritten though with new payloads

Chris Wakelin (1):
      Fix missing timestamps in some flavours of PF_RING

Eileen Donlon (6):
      allow only one content to use fast_pattern
      reject pcre modifiers U with B
      disallow file_data with flow:to_server/from_client
      allow only one flow option in a rule
      disallow http_server_body with flow:to_server
      disallow pcre /P/I/U with flow:to_client/from_svr

Eric Leblond (8):
      Fix OpenBSD compilation.
      htp OpenBSD: fix inline related warning
      Openbsd: Fix some warning related to inline usage.
      OpenBSD: don't close std* to avoid problem.
      OpenBSD: setup specific place for magic file.
      pfring: follow API change
      OpenBSD: introduce SCLocalTime function.
      Autotools: make 'install-full' now run 'install' too.

Jason Ish (1):
      Fix linking with libdag

Martin Holste (2):
      Added Syslog action for logging to local syslog
      Included Action::Syslog by default in config

Victor Julien (42):
      http: improve multipart parsing, skip empty records.
      Fix minor memleak in an start up error condition.
      Add missing space to http.log.
      Misc buffer API update.
      Flag napatech receive tm as well.
      Add htp error debug printing.
      http: body inspection improvement
      ipv6: improve handling of packets with duplicate (or more) ipv6 extension headers.
      Use less queues and threads in nfq autofp mode.
      Minor textual update.
      Don't enable UNITTESTS in AF_PACKET detection.
      Add TLS decoder event rule file.
      Disable some stream rules by default, fix sid no typo.
      Improve error message for malformed urilen value.
      ipv6: fix an AH header parsing issue. Add decoder event for non-null reserved fields.
      stream: keep segments in memory until we are sure the stream/state is inspected.
      No longer pass StreamMsg to output for alert logging, instead use the same callback code as is used for state alerts.
      pcre: print filename and line number for JIT warning.
      alert-debuglog: add size info for stream chunks and fix a typo.
      pcap: fix double free issue with bpf filter and multiple interfaces.
      pcap: lock pcap_compile and pcap_setfilter calls as they are not thread safe. Fixes issues with bpf filters and multiple interfaces.
      unified2: minor cleanups.
      Make sure all fake packets have datalink type DLT_RAW. Make sure stream end packets set pkt size.
      replace: add missing malloc return value check.
      stream: improve error checking.
      Support FNAME and FCOMMENT extensions in gzip'd http content.
      Add debug messages to HTTP error/warning handling.
      unified2: big rewrite to clean up code that deals with tcp segment logging.
      http: add test to make sure a missing space between header name and value is not a problem (ref #474).
      pfring: move missing timestamp handling code to PfringProcessPacket.
      #449: fix md5 calculation in daemon mode.
      file: fix file length and md5 tracking when file storing is disabled
      Improve error reporting in case of syntax errors in the address and port vars.
      unified2: minor cleanups
      pfring: protect pfring_set_bpf_filter with a lock as it's not thread safe.
      Add a new hash datatype to do speedy lookups of read only uniform data, like md5's.
      Add filemd5 keyword that loads a list of md5's to match a file's md5 against.
      filemd5: handle case where no md5 support is compiled it.
      tls: debug compilation fixes, new tls decoder rule for tls.error_message_encountered event.
      Fix compilation warning.
      Disable dce unittests that tick off clamav. #458.
      Update changelog to reflect 1.3beta2 changes.

-----------------------------------------------------------------------


hooks/post-receive
-- 
OISF

More information about the Oisf-devel mailing list