[Oisf-devel] [COMMIT] OISF annotated tag, suricata-1.2rc1, created. suricata-1.2rc1

noreply at openinfosecfoundation.org noreply at openinfosecfoundation.org
Wed Jan 11 18:47:12 UTC 2012 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The annotated tag, suricata-1.2rc1 has been created
        at  29d3294412b93c8fec909c9dc47aa810c7efbefb (tag)
   tagging  5886ef82492d5bbef5ab8bf1e3accc777df33749 (commit)
  replaces  suricata-1.2beta1
 tagged by  Victor Julien
        on  Wed Jan 11 19:46:46 2012 +0100

- Log -----------------------------------------------------------------
Tag 1.2rc1 release.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEABECAAYFAk8N2SIACgkQiSMBBAuniMeNLwCfYrvpAE6jYRpDzXXA8CaFluzV
i/oAniDjCHW8ORmGW7sy+IlsbgXzGBB9
=bwgD
-----END PGP SIGNATURE-----

Anoop Saldanha (17):
      bug #341 - support for urilen check on both norm and raw buffers
      remove unnecessary if/else checks
      fix indentation
      refactor all http mpm engine code
      introduce separate mpm ctxs for tcp/udp/other_protos
      update cuda mpm to support per proto mpm contexts. Fix faulty stream mpm usage of cuda
      reclaim mpm contexts if no patterns are added to it, even in non-full mode
      indendation fix
      fix detection engine for alert stability. Fix cases where we have multiple rules having same pattern. We should see good perf increase(~5%) with this change, now that we avoid unnecessary inspection"
      indentation fix
      Support for app layer decoder events added + app_layer_event keyword added
      Support for smtp decoder events
      bug 389 - support http response header inspection + fix bug with stateful inspection for sigs that would have both request/response inpection
      carry out hhd mpm on both request/response headers
      hhd unittests for response headers
      support http response raw header inspection + carry out hrhd mpm on both request/response headers + add unittests for the same
      Enable http raw response header inspection only if libhtp supports raw response header buffering which should be available post 0.2.6

Chris Wakelin (1):
      Fix PF_RING BPF filter availability check

Eric Leblond (28):
      pcre: compile jit by default if available.
      pcap: fix auto runmode
      runmode: export running mode
      nfq: do not use mutex in 'worker' mode
      ipfw: don't use socket lock in 'worker' mode
      ipfw: suppress poll before sendto
      logging: use SCLogDebug instead of printf
      logging: don't display debug message before setting params.
      Fix compilation warning.
      Treat incomplete checksum.
      pf-ring: Mark emitted traffic as non checksummed
      af-packet: parse message to find lack of checksum
      af-packet: add variable to disable offloading detection
      detect-csum: incomplete checksum is a valid checksum
      af-packet: Fix typo in error message.
      decode: introduce checksum mode enum.
      af-packet: add support for checksum verif mode
      pcap: add support for checksum verif mode
      Rename LiveGetDevice to LiveGetDeviceName
      Introduce LiveGetDevice function
      Add per-interface counter for invalid checksum.
      af-packet: auto mode support
      af-packet: fallback if 'kernel' mode is not supported
      pcap: add auto mode support
      pcap: fix typo
      pf-ring: add support for checksum verif mode
      config: Add explanation for checksum-checks options
      runmode: Add Reject to IPS worker mode.

Mike Pomraning (5):
      SCConfLogOpenGeneric() abstraction for regular and AF_UNIX logs.
      Switch 'fast', 'http-log', 'drop' and 'alert-debug' to SCConfLogOpenGeneric.
      Touch up Makefile for SCConfLogOpenGeneric.
      Document new "filetype" argument for 'fast', 'http-log', etc.
      Use strlcpy

Victor Julien (45):
      file inspection: unset new file available flag when appropriate, prevents duplicate alerts.
      file-extraction: improve handling of complex multipart bodies.
      file-inspection: inspect new files in same tx but opposite direction as well.
      Stream engine: handling packets with ACK|CWR.
      Disable the drop.log in the default config.
      Fix invalid direction error message.
      IP Only cleanup: make most functions static. Add error message on address parsing issues.
      Use strtoul instead of strtol for sid parsing. Fixes parsing of really large sid numbers. Fixes #393.
      Reshuffle version printing so -V prints it only once.
      Add Init and DeInit calls to the thread module API.
      file extraction: add waldo option to file log module. This will store the last used file_id so extracted files won't get overwritten is Suricata is restarted.
      Add functions to determine whether a path is absolute or relative.
      Switch log-file module to use new absolute path detection code.
      Fix 2 compiler warnings.
      Add tcp-pkt and tcp-stream 'protocols' to force a signature to inspect only packet or stream data.
      Let flow:only_stream and flow:no_stream set the require packet and require stream flags. Toss out sigs with conflicting settings. Rename flow:stream_only to flow:only_stream. Fixes #261.
      Add counters for SYN, SYN/ACK and RST TCP packets. Issue #251.
      Fix icmpv6 ip-only rule not firing. #363.
      Clean up csum detection output, misc fixes.
      Allow non-existing flowints to be incremented. A 'set' to 0 is implied in this case.
      Allow flowint names to have dots in them.
      Rename app_layer_events to app-layer-events. Misc fixes/changes.
      Simplify detection loop. Inspect packet keywords before the state.
      Add signature direction (flow:toserver/flow:toclient) as a signature flag.
      Make sure that continued stateful detection only inspects sigs in the proper direction.
      Add example smtp decoding events rules file.
      Set 'livedev' in pcap acquisition module for older libpcap version as well. Fixes a segv.
      Clean up configure check for htp_tx_get_response_headers_raw. Misc changes.
      Add check to invalidate signatures that inspect raw http headers in the to_client direction (response headers) if libhtp hasn't been patched yet. Also add hack to disable the test for unittests, many tests fail and we'll fix those ASAP.
      Convert error logging for HTTP to use new app layer event API. Expose libhtp warnings to this as well.
      Add http-events.rules with an example rule for each HTTP event.
      Disable printing dreaded app layer error messages to the screen: app layer events are here to safe us.
      Trigger raw stream reassembly on receiving a full HTTP request or response.
      Fix HTTP state and raw stream not being inspected at the same time. Adds an exception to transaction id handling for HTTP.
      Set DROP flag for reject action so in addition to sending the rst, in IPS mode also drop the offending packet.
      Print elapsed time with millisecond precision.
      Add reject support to live single, autofp and workers runmodes.
      Add export of wiki install docs to our doc/ dir.
      Add post-match list, move flowbits set, etc functions to it. Move flowint set, etc functions to it as well.
      Let timing out flow use pseudo packets also if state is not fully closed.
      Implement post match support for ip-only.
      Adapt signature ordering to new flowbits post-match handling.
      Fix various minor clang/scan-build warnings.
      Update ChangeLog to reflect changes between 1.2beta1 and 1.2rc1.
      Don't print error about missing git repo if building from tarball. Don't define REVISION in that case.

William (1):
      Add simple socket to gzip file PoC.

-----------------------------------------------------------------------


hooks/post-receive
-- 
OISF

More information about the Oisf-devel mailing list