[Oisf-devel] [COMMIT] OISF branch, master-2.0.x, updated. suricata-2.0.8

OISF Git noreply at openinfosecfoundation.org
Wed May 6 15:57:25 UTC 2015

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".

The branch, master-2.0.x has been updated
       via  15dd771fdc1539bce2fc8dc34b95f839265c8f89 (commit)
       via  54870be2e553a0c2fa8c0cb4dc60c699ce37bcd3 (commit)
       via  5f26824a4b3a4dbfe158db218067bed4aa4741b5 (commit)
       via  c0bdac7c5c0835aff241a1136d552ccf7106d147 (commit)
       via  62c96ae312c74d1318a20f06b855262c59781040 (commit)
       via  e97b347df4a7f725e4b9e9242f66b331266edd11 (commit)
       via  66eb569eb63c451305c2a0dc51ef49d5deea92a5 (commit)
       via  8ba5d288137378696aaaa59fe81e440866669148 (commit)
       via  94795615a0e4a5ca9fb26d517cd7389c6a4e3a0f (commit)
       via  46e9beffebdc8c1b18a0a67361bd47678c87cd4f (commit)
       via  4f614defe2ac64e111ac91410720575bec01f70d (commit)
       via  4ff85ba2e6369b75eb0aa7a4427134d79b7e1267 (commit)
       via  20e5c969340a928d33c4fb8aae50b70c987937e2 (commit)
       via  f92568b8479764efb8ddfced61eb3934cc01db50 (commit)
      from  f76e5de349839474bd362260e41a0484bbd619b9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 15dd771fdc1539bce2fc8dc34b95f839265c8f89
Author: Victor Julien <victor at inliniac.net>
Date:   Wed May 6 16:51:49 2015 +0200

    Update changelog for 2.0.8 release

commit 54870be2e553a0c2fa8c0cb4dc60c699ce37bcd3
Author: Victor Julien <victor at inliniac.net>
Date:   Tue Apr 21 19:29:12 2015 +0200

    pcap-file: fix malformed timestamp crash
    A bad timestamp would lead to SCLocalTime returning NULL. This case
    wasn't checked, leading to a NULL deref.
    Reported-by: Kostya Kortchinsky of the Google Security Team

commit 5f26824a4b3a4dbfe158db218067bed4aa4741b5
Author: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>
Date:   Sat Apr 18 14:24:45 2015 +0200

    Fix possible wrap in uint32_t addition in DER parser
    Signed-off-by: Pierre Chifflier <pierre.chifflier at ssi.gouv.fr>

commit c0bdac7c5c0835aff241a1136d552ccf7106d147
Author: Victor Julien <victor at inliniac.net>
Date:   Wed May 6 13:08:32 2015 +0200

    stream: fix --disable-detection reassembly issue
    Due to an error at initialization, the stream engine would not disable
    'raw' reassembly automatically when --disable-detection was used.
    This lead to segments not getting cleared from the segment lists.

commit 62c96ae312c74d1318a20f06b855262c59781040
Author: Victor Julien <victor at inliniac.net>
Date:   Fri May 1 15:12:47 2015 +0200

    tls: force 'raw' reassembly after each record
    Trigger raw reassembly after each record and after the handshake.

commit e97b347df4a7f725e4b9e9242f66b331266edd11
Author: Alexander Gozman <a.gozman at securitycode.ru>
Date:   Mon Mar 23 20:06:47 2015 +0300

    DetectAddressParseString(): fix IPv6 address handling

commit 66eb569eb63c451305c2a0dc51ef49d5deea92a5
Author: Victor Julien <victor at inliniac.net>
Date:   Mon Apr 20 14:46:57 2015 +0200

    tcp-reuse: fix potential dead lock
    If the capture method would offer the packets of a new flow to a
    different thread, and this flow would still be in use for the previous
    TCP session, a deadlock could happen.
    Suricata didn't consider a flow to be timed out, while the capture
    method considered it to be a new session that could be send to a
    different thread.
    This patch defers the flow's de_state cleanup to the next 'Detect()'
    invocation, so that we preserve the proper locking order.

commit 8ba5d288137378696aaaa59fe81e440866669148
Author: Victor Julien <victor at inliniac.net>
Date:   Thu Apr 23 09:32:01 2015 +0200

    threading: add missing locks to threading storage
    Lock threading root lock when walking or updating the threading
    storage for 'ThreadVars' objects.

commit 94795615a0e4a5ca9fb26d517cd7389c6a4e3a0f
Author: Jason Ish <ish at unx.ca>
Date:   Thu Apr 16 15:56:51 2015 -0600

    spelling - dubbed -> duped (for duplicate)

commit 46e9beffebdc8c1b18a0a67361bd47678c87cd4f
Author: Jason Ish <ish at unx.ca>
Date:   Thu Apr 16 15:33:32 2015 -0600

    DetectGidSet - safer stripping of quotes.
    Discovered by AFL when using a rule like:
        alert tcp any any -> any any (content:"ABC"; gid:";)
    resulting a negative array index.

commit 4f614defe2ac64e111ac91410720575bec01f70d
Author: Jason Ish <ish at unx.ca>
Date:   Thu Apr 16 14:46:24 2015 -0600

    DetectSidSetup - safer stripping of quotes.
    Discovered by AFL when using a rule like:
        alert tcp any any -> any any (content:"ABC"; sid:";)
    would result in a negative array index.

commit 4ff85ba2e6369b75eb0aa7a4427134d79b7e1267
Author: Jason Ish <ish at unx.ca>
Date:   Thu Apr 16 11:44:55 2015 -0600

    ParseSizeString - don't abort on unknown unit type.

commit 20e5c969340a928d33c4fb8aae50b70c987937e2
Author: Jason Ish <jason.ish at emulex.com>
Date:   Thu Jan 22 10:08:31 2015 -0600

    Fix alert-debuglog file rotation.
    The alert-debuglog writer for non-decoder events was writing
    directly to the log file so the write wrapper was not checking
    for file rotation like it would in the decoder event case.

commit f92568b8479764efb8ddfced61eb3934cc01db50
Author: Jason Ish <ish at unx.ca>
Date:   Fri Feb 27 11:30:47 2015 -0600

    When re-opening a log file on HUP, always append.
    This will prevent log files that have not been rotated by some
    external tool from being deleted, but log files that were
    rotated (moved out of the way) will be re-opened.
    This is a better default behaviour, especially when not all
    log files are rotated at the same time.
    Thanks to iro on IRC.


Summary of changes:
 ChangeLog                   |   9 ++++
 src/alert-debuglog.c        |   4 +-
 src/app-layer-ssl.c         |   7 +++
 src/detect-engine-address.c |   6 ++-
 src/detect-gid.c            |  48 +++++++++++++++-----
 src/detect-sid.c            | 104 +++++++++++++++++++++++++++++++++++++++-----
 src/detect.c                |   4 ++
 src/flow.h                  |   5 ++-
 src/stream-tcp.c            |   7 +--
 src/suricata.c              |   8 ++--
 src/tm-threads.c            |  24 ++++++++--
 src/util-decode-der.c       |  31 ++++++++++---
 src/util-logopenfile.c      |   7 +--
 src/util-misc.c             |  10 ++++-
 src/util-time.c             |  20 ++++++---
 15 files changed, 242 insertions(+), 52 deletions(-)


More information about the Oisf-devel mailing list