[Oisf-devel] [COMMIT] OISF annotated tag, suricata-3.0RC1, created. suricata-3.0RC1
OISF Git
noreply at openinfosecfoundation.org
Wed Nov 25 13:46:15 UTC 2015
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The annotated tag, suricata-3.0RC1 has been created
at feccf7250d5caafcfe3335d8b489df1a865f0efc (tag)
tagging 737c99dd308d437765fc7d74b64b437884febe0a (commit)
replaces suricata-2.1beta4
tagged by Victor Julien
on Wed Nov 25 14:45:51 2015 +0100
- Log -----------------------------------------------------------------
Tag 3.0RC1 release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWVbuXAAoJEMH0leOSaFa0t1sH/jlEaTL8AUwqhObadASAascd
HlCq1EwKd6nGhzY+Kru1rADPpEVBMoS2LfFISQa//IYFhqBkZ2s/KTEmyVl6/iPz
u5cnO+Mj1W3p8CJnC84k743kEXHnUigS3ECHcj+cW/oUHhjAhOJgkV7ouklAkeM8
/o7DOz2EItiJjGXBk3OZOvFG2lDMQjl8aISNOwDbTng46A0+gNZDbhNPU5SQjHdu
60z8Zt6YfpUtnQ/Qmg1tV/MQjicvNBVAs/82BopN9yn0E0+uElMhbZU6/AOsG7JA
cOXvQLlUgANFPKUDTpF8nGZJIjgI5Azcn1Q0fQpw+E1VTTrcRFK7IjC/672HlFg=
=rtVs
-----END PGP SIGNATURE-----
Aaron Campbell (1):
Fix out-of-bounds memory access in DNS TXT record parser.
Aleksey Katargin (4):
netmap: support non-equal count of Rx and Tx rings on interface.
netmap: fixed autofp mode.
netmap: strict check for zero copy mode
netmap: support SW rings
Alessandro Guido (2):
Add option to omit payload in unified2 output
Describe new unified2-alert "payload" option
Alexander Gozman (7):
Feature #1440: support wildcards in rule filenames
Fix issues #1493 and #1494
Issue 1491: fix capabilities for pf_ring mode when running under non-root account
suricatasc: remove "u" prefix when printing JSON output.
In non interactive mode, print errors to stderr
Feature 1527: ability to compile as a position independent executable
unix-manager: log client (dis)connection with DEBUG level.
Antti Tönkyrä (2):
Allow colon in SSH version, at least some trojaned PuTTY clients have version like Putty-Local: Timestamp HH:MM:SS
source-pfring: don't set cluster mode when using ZC and VLAN tracking is disabled
DIALLO David (1):
modbus: fix heap-buffer-overflow in Modbus parser
David Cannings (1):
Fix rcode parsing, as noticed by Coverity.
Eric Leblond (101):
output-json: fix type of data parameter
suricata.yaml: fix the name of EVE module
log file: add type flag
output-json: suppress global variable
suri-graphite: fix port option
suri-graphite: add daemonization capability
suri-graphite: add ouput to file option
output-lua: sync variable name with yaml
logging: fix modules ordering during logging
app-layer: add modbus to AppProtoToString
tls-store: now a separate module
tls-store: backward compatibility
filestore: use SCFree instead of free
tls-store: avoid log flooding
af-packet: sync header with latest features
af-packet: implement new load balancing modes
af-packet: implement rollover option
file-json: add file_id to message
af-packet: don't activate rollover by default
docker: add ASAN to pcaps build
configure: use pkg_config for libhtp
host-storage: document host storage API
email-json: move email fields to email section
app-layer-smtp: extract and store HELO and MAIL FROM
smtp-json: update SMTP EVE messages
app-layer-smtp: parse and extract RCPT TO fields
output-json-smtp: output RCPT TO fields
app-layer-stmp: simplify code
decode-mime: compute body md5
email-json: export md5sum of body
smtp: add 'body-md5' mime option
decode-mime: add function to get status
email-json: output MIME parsing status
http-json: introduce JsonHttpAddMetadata function
alert-json: use new JsonHttpAddMetadata function
file-json: log http data using common function
smtp-json: introduce function to output smtp data
file-json: output smtp proto info
email-json: add function to export data
file-json: log 'email' information
decode-mime: introduce MimeDecFindFieldsForEach
email-json: add custom fields support
email-json: add LOG_EMAIL_COMMA type
email-json: factorize the code
email-json: delete leading white spaces
email-json: delete white space from "from"
decode-mime: fix typo in comment
email-json: don't log subject by default
email-json: add capa to display subject md5
email-json: body md5 logging is optional
email-json: add some fields
yaml: document new MIME features
email-json: add author
email-json: improve log message
unittests: finally register MIME tests
util-decode-mime: add unittests for field fetching
email-json: add 'date' field extraction
yaml: add comment describing smtp extended
smtp-layer: add HELO parsing test in unittest
smtp-layer: add MAIL FROM parsing test in unittest
email-json: add bcc to extended fields
json-smtp: fix a debug message
json-alert: add smtp elements in alert
json-smtp: change copyright date
json-smtp: add tx_id param to metadata generation
json-http: gen metadata function with tx_id param
json-email: JsonEmailAddMetadata update
output-json: add create header with tx function
output-json: add tx_id to events
smtp-layer: remove FIXME and del excessive newline
util-decode-mime: fix IsIpv6Host function
util-decode-mime: fix some unittests
decode-mime: fix body md5 computation
util-debug: don't colorize if a redirect is used
json-email-common: can now log same header twice
json-email-common: suppress commented code
json-email-common: fix email extended logging
json-email: fix coverity alert
json-file: avoid allocation
output-json: add redis support
output-json: improve hiredis define
travis: add libjansson and hiredis
output-json: add sensor-name config variable
util-logopenfile: add write function
util-logopenfile: introduce SCConfLogOpenRedis
util-logopenfile: implement redis pipelining
util-logopenfile: reconnect handling
redis-output: fix sensor-name code
util-logopenfile: use a function for redis write
util-logopenfile: don't use atomic for batch_count
util-logopenfile: cleaner free function
util-logopenfile: don't lock syslog write
util-logopenfile: log queued events at exit
util-logopenfile: move sensor_name to filectx
util-logopenfile: don't allocate redis command
suricata: clean dump-config output
config: don't use hardcoded path
handle MTU discovery in multi iface case
prscript: docker do not need sudo
prscript: add rm command
rules-reload: fix reload with -s or -S
Giuseppe Longo (5):
app-layer-htp: add http_body_inline setting
hsbd: inspect buffer depending on the engine mode
http: rework UT
file_data: check for signature alproto and flow
decode: add flow memcap counter
Helmut Schaa (1):
Disable pcap-config use during cross compilation
Jason Ish (29):
Bug 1281 - Accept rule content with lengths greater than 255.
Bug 1281 - Add tests for rule content of lengths > 255.
radix-tree - prevent out of bounds array access
conf - process includes even if not at root node.
conf - function declaration style
--set - handle spaces on either side of '='
flowbits: strip leading and trailing spaces in name
json-stats: log uptime in seconds, instead of a string
json-stats: reorg threads and totals
hostbits: ignore leading and trailing white space
json-stats: log deltas
rule vars: strip leading white space before looking up var.
logging: integrate rotation into SCConfLogOpenGeneric.
app-layer: template for application layer parser
app-layer: template for application layer tx logger
app-layer: template for application layer content inspection
app-layer: scripts to setup app-layer templates
app-layer setup scripts: fix header substitution.
defrag: unit test for tracker reuse (current fails)
defrag: don't use trackers marked for removal
defrag: tracker initialization cleanup
defrag: stop reassembly at the first packet with more flags not set
detect-pcre: allow upper cases metachars for host (/W).
fix util-host-os-info unit tests.
GPL license sync with official gpl-2.0.txt
template app-layer: disable if not in config file (default)
app-layer setup scripts: enable new modules on copy
util-base64: strict mode - all characters must be valid
base64_decode, base64_data: decode and match base64
Jeff Barber (1):
Support for reconnecting unix domain socket log files
Mats Klepsland (7):
lua: TLS lua output support
lua: SSH support
lua: SSH output support
app-layer-ssl: get server name from SNI extension
output-json-tls: added SNI field to extended output
log-tls: added SNI field to extended output
lua: added function TlsGetSNI()
Schnaffon (1):
Use unlikely for error treatment in alert-prelude.c
Tom DeCanio (2):
eve-log: add JSON stats logging
eve-log: stats logging code cleanup.
Torgeir Natvig (1):
Bugfix for detect-engine.luajit-states
Victor Julien (267):
threads: fix missing unlock in error handling
http: add event for leading spaces on request line
lua: fix error handling
engine-analysis: print fast_pattern summary
detect-events: set SIG_MASK_REQUIRE_*_STATE for events
detect-http-header: improve buffer handling
detect-state: fix state storing
detect: add de_state duplication check
detect-state: handle duplicate inspect/match
detect-state: update test to check state storing
app-layer: de_state optimization
app-layer: add DisableAppLayer
stream: improve 'no app layer' handling
stream: remove FLOW_NO_APPLAYER_INSPECTION use from tests
stream: remove FLOW_NO_APPLAYER_INSPECTION flag
stream: fix --disable-detection reassembly issue
classification: remove global from parsing
reference: remove global
classification: update pcre globals use
reference: update pcre globals use
reference/classification: call global init for unittests
unix-manager: convert to thread module
threading: remove unused cmd thread create func
flow: don't hold tv_root_lock longer than needed
threading: explain purpose of threadvars mucond
parsing: s/strtok/strtok_r/g
detect: minor cleanups
threads: add untimed control cond call
alert-json: fix stream logging for IPS mode
logfile: rename ALERT_ types to LOGFILE_TYPE_
counters: minor cleanups
counters: s/SCPerfCounterArray/SCPerfPrivateContext/g
counters: s/SCPerfContext/SCPerfPublicContext/g
counters: rename threadvars public counters
counters: threadvars s/sc_perf_pca/perf_private_ctx/g
counters: make increment call take threadvars
counters: remove references to SCPerfCounterAddDouble
counters: SCPerfGetLocalCounterValue cleanup
counters: make threadvars::perf_private_ctx static
counters: introduce SCPerfSetupPrivate for thread setup
counters: minor cleanups
counters: make SCPerfSetupPrivate a function
counters: remove unused public API calls and make them private
counters: merge counters from threads for output
counters: remove unused description
Fix harmless typo in IPOnlyCIDRItemNew's SCReturnPtr use
counters: global counters registration
stream: make tcp.reassembly_memuse counter global
counters: remove thread module name from counters API
counters: remove threadvars arg from SCPerfAddToClubbedTMTable
counters: simplify and speedup counters sync
counters: start using Stats prefix
counters: split API init
counters: call global counters funcs
counters: rename widely used pctmi var to sts (stats thread store)
counters: pass per thread stats to output api
stats-json: fixes and improvements
stats json: replace strndup
stats: support per thread stats in json output
log-stats: make global/threads logging configurable
counters: rename register API calls
counters: clean up defines
counters: s/SCPerfCounterAddUI64/StatsAddUI64/g
counters: s/SCPerfCounterIncr/StatsIncr/g
counters: s/SCPerfCounterSetUI64/StatsSetUI64/g
counters: various renames and cleanups
counters: s/SCPerfPublicContext/StatsPublicThreadContext/g
counters: s/SCPerfPrivateContext/StatsPrivateThreadContext/g
counters: remaining s/SCPerf/Stats/g
counters: minor header cleanup
counters: rename unparsable SCPCAElem to StatsLocalCounter
counters: minor internal API cleanups
counters: remove old unix socket json logic
counters: remove last and now unused tm_name reference
counters: remove references to 'perf' counters
http: make http.memuse a global counter
counters: make tcp.memuse a global counter
counters: make DNS counters globals
counters: turn flow.memuse into a global counter
counters: clean up global context
counters: make threads cleanup all memory
counters: work around unix-socket init issues
counters: don't run if no counters have been registered
counters: use ptr to name instead of copy
http-client-body: create unittest util func
http: fix body tracking
http: improve body pruning
detect: remove unused match_flags from inspect engines
detect: remove struct/union tricks from Signature
detect: various header cleanups
decode: clean up tunnel decode logic
decode: add ERSPANv1 decoder
decode: add erspan counter
decode: optimize DecodeThreadVars layout
suppress: support ip-lists
suppress: add track by_either mode
alproto: improve AppProtoToString
file extract: add app_proto to logging
detect-state: remove/hide BUG_ON statements
decode: create util function for basic counter updates
nfq: add ips stats
ips: move counters in common struct and funcs
http: body pruning update
http: improve inline body tracking
flow timeout: prevent dead locks
smtp file_data: fix wrong free
http: memcap HTTP server inspect body code
stream: remove STREAMTCP_STREAM_FLAG_CLOSE_INITIATED logic
stream: update StreamMsg to don't have fixed size
print: make PrintRawDataFp take a const arg
app-layer: improve EOF handling
app-layer: update all protocols to accept NULL+EOF
detect hsbd: simplify resize logic
fast log: clean up tests
htp: fix test
dce_opnum: improve memory handling on parsing error
counters: reduce global usage
pfring runmode: remove set that is never read
smb: fix coverity warning
file_data smtp: fix minor coverity warning
detect analizer: fix minor coverity warning
smtp json: fix potential crash on malloc failure
htp: hide BUG_ON's behind DEBUG_VALIDATION
erspan: respect vlan.use-for-tracking setting
app-layer: fix coverity warnings
Minor unittest cleanups
detect: fix settings override for reloads
log: reorganize SCLogOPIfaceCtx to make it more efficient
logging: cleanup output API
output: cleanup
logging: change newline handling
logging: optional colors output
logging: fix per output log formats
logging: json output
config: update yaml to show json logging option
lua: initial DNS logging support
lua: dns extensions
dns: rename type so it's purpose is more clear
dns: generic request/response detect lists
detect: add AppLayerTxMatch call
dns: generic inspect engines for DNS
lua: dns support
introduce fatal error macro's
detect: default to u32 for SigIntId
detect: optimize Signature layout
flow/stream: xfer noinspect flags to pseudo pkts
http: harden tx inspection code
Sync alversion/appversion types
app-layer: fix args to state progress calls
dns: fix state progress handling
detect: constify some DetectMpmPrefilter args
detect: clean up flag usage
app-layer: disruption flags
app-layer: pass full flags around in tx handling
output-tx: use disrupt flags
detect: pass flags to inspect_id update logic
detect: optimize http prefilter handing
detect: make http prefilter use disrupt flags
http: destroy htp_tx_t even if incomplete
detect: set flow noinspect on pass in applayer/stream
detect: fix pass transaction handling
eve alert: fix stream payload printing
multi-detect: (un)register-tenant unix socket commands
detect: initial MT lookup logic
tenants: apply added/removed tenant
detect: make multi tenancy a global switch
detect: use multi tenant thread init if MT enabled
suricatasc: allow for tenant id in pcap-file
pcap-file: set tenant-id if available
unix-socket: allow tenant id with pcap-file
detect: select detect engine at Detect entry
multi-detect: initial selectors for tenants
unix-socket: implement register-tenant-handler
multi-detect: allow start up with 0 tenants
multi-detect: register counters on 'master' det_ctx
multi-detect: error on start if no selector registered
multi-detect: set selector from yaml
detect: don't error out on no de_ctx
multi-detect: implement unregister-tenant-handler
suricatasc: add register-tenant-handler command
suricatasc: add unregister-tenant-handler
multi-detect: load tenants from yaml file
multi-detect: cleanup, reuse tenant loading code
multi-detect: refuse to add duplicate tenant
multi-detect: store tenant id in packet
multi-detect: add tenant id to alert json output
multi-detect: add reload-tenant command
multi-detect: implement reload tenant in suricatasc
multi-detect: make classification prefix aware
multi-detect: make reference prefix aware
multi-detect: make threshold prefix aware
detect: clean up thread free code
multi-detect: hash lookup for tenants
multi-detect: set tenant id on pseudo packets
detect: create loader threads
multi-detect: detect loader for unix socket
multi-detect: improve memory handling of setup code
unittests: use a global packetpool
debug: packet pool init/destroy validation
detect-loaders: configurable amount of loaders
detect loader: move to own file
xff: support ports and more ipv6 notations
transaction inspection: fix limit enforcement
autotools: cleanup
Fix minor format string issues
yaml: add missing ippair section
DNS: refactor tx completion logic
lua: add direction support
detect-lua: set direction
lua: TLS support
decoder: add template/example
development tools: add script to setup new decoder
detect plugin: add template
development tools: add script to setup detect module
stream: optimize proto detect segment handling
stream: fix protocol detection issue for GAPs
stream: use reassembly fast path after proto detect
stream: allow next_seq catch up after pkt loss
detect: fix issue with smsg and seq wraps
debug validation: add segment list sanity check
proto detect: more bypass conditions
stream: RST last_ack update fix
stream: improve handling of GAPs at stream start
mpm: minor fixes and cleanups
debug validation: introduce DEBUG_VALIDATE_BUG_ON
mpm: change direction checking in mpm wrappers
mpm: indent fix, no functional change
mpm: assume we'll likely have a mpm_ctx
mpm: optimize & debug validate
mpm: use IPPROTO_TCP for readability
mpm: improve debug output
mpm: remove bloated counting logic
mpm: remove used counter
detect: improve comments on mpm
mpm: redo uri maxlen logic
mpm: improve SGH content len tracking
mpm: SGH maxlen was actually minlen, so rename
stream: improve retransmission detection
ippair: update ippair size logic
host: update host size logic
flow: add missing storage size to checks, output
threshold: remove debug message from info loglevel
defrag tests: fix compiler warnings
htp: cleanup, remove unused declaration
threading: store thread module flags in threadvars
threads: add func to count running threads of types
threading: avoid autofp deadlock
profiling: cleanup, remove MIN declaration
rule profiling: json output
output-json: don't alloc for JSON to string
output: cleanup JSON logging
json: fix malformed output
base64: code style fixups
multi-detect: clean up output
multi-detect: use default tenant
multi-detect: validate vlan_id
multi-detect: consider vlan tracking
multi-detect: handle missing mappings
multi-detect: improve error handling
multi-detect: fix and simplify config
http: test cleanups
http: don't run unittests twice
http: add test for plain http over connect
tls: fix compiler warnings
rule vars: fix compiler warning
Update dev version to reflect we're doing 3.0 now
Update changelog for 3.0RC1
Zachary Rasmor (1):
Add Feature #1454. Generic eve-log prefix support.
Zopieux (1):
stream_size operator comparison (fix issue #1488)
cardigliano (5):
workers runmode: allow multiple input devices
pfring pkt acq: use zero-copy recv in workers runmode
pfring pkt acq: removed reentrant flag
pfring pkt acq: capture loop optimisation
pfring pkt acq: keep running on 'pfring_set_cluster' failure when cluster is not required
gureedo (2):
netmap: extended comments for options in configuration file.
netmap: enable zero-copy mode only when copy-mode is specified.
sfd (1):
Fix compile bad dereferences
-----------------------------------------------------------------------
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list