diff options
Diffstat (limited to 'package/snort')
27 files changed, 994 insertions, 9 deletions
diff --git a/package/snort/Makefile b/package/snort/Makefile index 1c9832c53..cc38c43cc 100644 --- a/package/snort/Makefile +++ b/package/snort/Makefile @@ -4,21 +4,23 @@ include ${TOPDIR}/rules.mk PKG_NAME:= snort -PKG_VERSION:= 2.6.1.2 -PKG_RELEASE:= 8 -PKG_BUILDDEP+= libnet libpcap pcre -PKG_MD5SUM:= 22c448e25538cdf74c62abe586aeac0a +PKG_VERSION:= 2.8.5.1 +PKG_RELEASE:= 1 +PKG_MD5SUM:= b1abf3a9fa3486720c9a2b5eff920417 PKG_DESCR:= a flexible Network Intrusion Detection System (NIDS) PKG_SECTION:= net +PKG_NOPARALLEL:= 1 PKG_DEPENDS:= libnet libpcap pcre -PKG_SITES:= http://www.snort.org/dl/current/ +PKG_BUILDDEP+= libnet libpcap pcre +PKG_URL:= http://www.snort.org/ +PKG_SITES:= http://dl.snort.org/snort-current/ include ${TOPDIR}/mk/package.mk $(eval $(call PKG_template,SNORT,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) -CONFIGURE_STYLE= gnu -CONFIGURE_ARGS+= --enable-flexresp \ +CONFIGURE_STYLE:= gnu +CONFIGURE_ARGS+= --disable-flexresp \ --with-libnet-includes="${STAGING_DIR}/usr/include" \ --with-libnet-libraries="${STAGING_DIR}/usr/lib" \ --with-libpcap-includes="${STAGING_DIR}/usr/include" \ @@ -28,8 +30,8 @@ CONFIGURE_ARGS+= --enable-flexresp \ --without-mysql \ --without-postgresql \ --disable-inline -BUILD_STYLE= auto -INSTALL_STYLE= auto +BUILD_STYLE:= auto +INSTALL_STYLE:= auto post-install: ${INSTALL_DIR} ${IDIR_SNORT}/usr/bin diff --git a/package/snort/patches/patch-configure b/package/snort/patches/patch-configure new file mode 100644 index 000000000..ddf3d5bba --- /dev/null +++ b/package/snort/patches/patch-configure @@ -0,0 +1,83 @@ +--- snort-2.8.5.1.orig/configure 2009-10-19 23:08:11.000000000 +0200 ++++ snort-2.8.5.1/configure 2009-12-27 15:59:57.000000000 +0100 +@@ -24242,70 +24242,7 @@ _ACEOF + fi + + +-# In case INADDR_NONE is not defined (like on Solaris) +-have_inaddr_none="no" +-echo "$as_me:$LINENO: checking for INADDR_NONE" >&5 +-echo $ECHO_N "checking for INADDR_NONE... $ECHO_C" >&6 +-if test "$cross_compiling" = yes; then +- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling +-See \`config.log' for more details." >&5 +-echo "$as_me: error: cannot run test program while cross compiling +-See \`config.log' for more details." >&2;} +- { (exit 1); exit 1; }; } +-else +- cat >conftest.$ac_ext <<_ACEOF +-/* confdefs.h. */ +-_ACEOF +-cat confdefs.h >>conftest.$ac_ext +-cat >>conftest.$ac_ext <<_ACEOF +-/* end confdefs.h. */ +- +-#include <sys/types.h> +-#include <netinet/in.h> +-#include <arpa/inet.h> +- +-int +-main () +-{ +- +- if (inet_addr("10,5,2") == INADDR_NONE); +- return 0; +- +- ; +- return 0; +-} +-_ACEOF +-rm -f conftest$ac_exeext +-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 +- (eval $ac_link) 2>&5 +- ac_status=$? +- echo "$as_me:$LINENO: \$? = $ac_status" >&5 +- (exit $ac_status); } && { ac_try='./conftest$ac_exeext' +- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 +- (eval $ac_try) 2>&5 +- ac_status=$? +- echo "$as_me:$LINENO: \$? = $ac_status" >&5 +- (exit $ac_status); }; }; then +- have_inaddr_none="yes" +-else +- echo "$as_me: program exited with status $ac_status" >&5 +-echo "$as_me: failed program was:" >&5 +-sed 's/^/| /' conftest.$ac_ext >&5 +- +-( exit $ac_status ) +-have_inaddr_none="no" +-fi +-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +-fi +-echo "$as_me:$LINENO: result: $have_inaddr_none" >&5 +-echo "${ECHO_T}$have_inaddr_none" >&6 +-if test "x$have_inaddr_none" = "xno"; then +- +-cat >>confdefs.h <<\_ACEOF +-#define INADDR_NONE -1 +-_ACEOF +- +-fi ++have_inaddr_none="yes" + + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ +@@ -24959,7 +24896,7 @@ fi + # that versions < 0.9 do not accumulate packet statistics whereas >= 0.9 do accumulate. + # This is Linux only. The check is done after pcre because the code below uses pcre. + # It seems Phil Wood's pcap does not accumulate - 0.9x +-pcap_version_check="yes" ++pcap_version_check="no" + if test "x$linux" = "xyes"; then + if test "x$pcap_version_check" = "xyes"; then + echo "$as_me:$LINENO: checking for libpcap version >= 0.9" >&5 diff --git a/package/snort/patches/patch-configure.orig b/package/snort/patches/patch-configure.orig new file mode 100644 index 000000000..c2a99e2ae --- /dev/null +++ b/package/snort/patches/patch-configure.orig @@ -0,0 +1,74 @@ +--- snort-2.8.5.1.orig/configure 2009-10-19 23:08:11.000000000 +0200 ++++ snort-2.8.5.1/configure 2009-12-27 15:47:57.000000000 +0100 +@@ -24242,70 +24242,7 @@ _ACEOF + fi + + +-# In case INADDR_NONE is not defined (like on Solaris) +-have_inaddr_none="no" +-echo "$as_me:$LINENO: checking for INADDR_NONE" >&5 +-echo $ECHO_N "checking for INADDR_NONE... $ECHO_C" >&6 +-if test "$cross_compiling" = yes; then +- { { echo "$as_me:$LINENO: error: cannot run test program while cross compiling +-See \`config.log' for more details." >&5 +-echo "$as_me: error: cannot run test program while cross compiling +-See \`config.log' for more details." >&2;} +- { (exit 1); exit 1; }; } +-else +- cat >conftest.$ac_ext <<_ACEOF +-/* confdefs.h. */ +-_ACEOF +-cat confdefs.h >>conftest.$ac_ext +-cat >>conftest.$ac_ext <<_ACEOF +-/* end confdefs.h. */ +- +-#include <sys/types.h> +-#include <netinet/in.h> +-#include <arpa/inet.h> +- +-int +-main () +-{ +- +- if (inet_addr("10,5,2") == INADDR_NONE); +- return 0; +- +- ; +- return 0; +-} +-_ACEOF +-rm -f conftest$ac_exeext +-if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 +- (eval $ac_link) 2>&5 +- ac_status=$? +- echo "$as_me:$LINENO: \$? = $ac_status" >&5 +- (exit $ac_status); } && { ac_try='./conftest$ac_exeext' +- { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 +- (eval $ac_try) 2>&5 +- ac_status=$? +- echo "$as_me:$LINENO: \$? = $ac_status" >&5 +- (exit $ac_status); }; }; then +- have_inaddr_none="yes" +-else +- echo "$as_me: program exited with status $ac_status" >&5 +-echo "$as_me: failed program was:" >&5 +-sed 's/^/| /' conftest.$ac_ext >&5 +- +-( exit $ac_status ) +-have_inaddr_none="no" +-fi +-rm -f core *.core gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +-fi +-echo "$as_me:$LINENO: result: $have_inaddr_none" >&5 +-echo "${ECHO_T}$have_inaddr_none" >&6 +-if test "x$have_inaddr_none" = "xno"; then +- +-cat >>confdefs.h <<\_ACEOF +-#define INADDR_NONE -1 +-_ACEOF +- +-fi ++have_inaddr_none="yes" + + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ diff --git a/package/snort/patches/patch-src_detection-plugins_sp_ip_tos_check_c b/package/snort/patches/patch-src_detection-plugins_sp_ip_tos_check_c new file mode 100644 index 000000000..3f755d349 --- /dev/null +++ b/package/snort/patches/patch-src_detection-plugins_sp_ip_tos_check_c @@ -0,0 +1,26 @@ +--- snort-2.8.5.1.orig/src/detection-plugins/sp_ip_tos_check.c 2009-05-07 00:28:33.000000000 +0200 ++++ snort-2.8.5.1/src/detection-plugins/sp_ip_tos_check.c 2009-12-27 16:51:48.000000000 +0100 +@@ -191,19 +191,19 @@ void ParseIpTos(char *data, OptTreeNode + ds_ptr->not_flag = 1; + } + +- if(index(data, (int) 'x') == NULL && index(data, (int)'X') == NULL) ++ if(strchr(data, (int) 'x') == NULL && strchr(data, (int)'X') == NULL) + { + ds_ptr->ip_tos = atoi(data); + } + else + { +- if(index(data,(int)'x')) ++ if(strchr(data,(int)'x')) + { +- ds_ptr->ip_tos = (u_char) strtol((index(data, (int)'x')+1), NULL, 16); ++ ds_ptr->ip_tos = (u_char) strtol((strchr(data, (int)'x')+1), NULL, 16); + } + else + { +- ds_ptr->ip_tos = (u_char) strtol((index(data, (int)'X')+1), NULL, 16); ++ ds_ptr->ip_tos = (u_char) strtol((strchr(data, (int)'X')+1), NULL, 16); + } + } + diff --git a/package/snort/patches/patch-src_detection-plugins_sp_pattern_match_c b/package/snort/patches/patch-src_detection-plugins_sp_pattern_match_c new file mode 100644 index 000000000..6c03a3417 --- /dev/null +++ b/package/snort/patches/patch-src_detection-plugins_sp_pattern_match_c @@ -0,0 +1,85 @@ +--- snort-2.8.5.1.orig/src/detection-plugins/sp_pattern_match.c 2009-08-10 22:41:44.000000000 +0200 ++++ snort-2.8.5.1/src/detection-plugins/sp_pattern_match.c 2009-12-27 17:24:45.000000000 +0100 +@@ -831,7 +831,7 @@ void PayloadSearchListInit(char *data, O + data++; + + /* grab everything between the starting " and the end one */ +- sptr = index(data, '"'); ++ sptr = strchr(data, '"'); + eptr = strrchr(data, '"'); + + if(sptr != NULL && eptr != NULL) +@@ -862,21 +862,21 @@ static char *PayloadExtractParameter(cha + char *quote_one = NULL, *quote_two = NULL; + char *comma = NULL; + +- quote_one = index(data, '"'); ++ quote_one = strchr(data, '"'); + if (quote_one) + { +- quote_two = index(quote_one+1, '"'); ++ quote_two = strchr(quote_one+1, '"'); + while ( quote_two && quote_two[-1] == '\\' ) +- quote_two = index(quote_two+1, '"'); ++ quote_two = strchr(quote_two+1, '"'); + } + + if (quote_one && quote_two) + { +- comma = index(quote_two, ','); ++ comma = strchr(quote_two, ','); + } + else if (!quote_one) + { +- comma = index(data, ','); ++ comma = strchr(data, ','); + } + + if (comma) +@@ -2016,7 +2016,7 @@ void ParsePattern(char *rule, OptTreeNod + PatternMatchData *ds_idx; + + /* clear out the temp buffer */ +- bzero(tmp_buf, MAX_PATTERN_SIZE); ++ memset(tmp_buf, 0, MAX_PATTERN_SIZE); + + if(rule == NULL) + { +@@ -2035,7 +2035,7 @@ void ParsePattern(char *rule, OptTreeNod + } + + /* find the start of the data */ +- start_ptr = index(rule, '"'); ++ start_ptr = strchr(rule, '"'); + + if(start_ptr != rule) + { +@@ -2089,7 +2089,7 @@ void ParsePattern(char *rule, OptTreeNod + dummy_end = (dummy_idx + size); + + /* why is this buffer so small? */ +- bzero(hex_buf, 3); ++ memset(hex_buf, 0, 3); + memset(hex_buf, '0', 2); + + /* BEGIN BAD JUJU..... */ +@@ -2204,7 +2204,7 @@ void ParsePattern(char *rule, OptTreeNod + strtol(hex_buf, (char **) NULL, 16)&0xFF; + + dummy_size++; +- bzero(hex_buf, 3); ++ memset(hex_buf, 0, 3); + memset(hex_buf, '0', 2); + } + else +@@ -2759,8 +2759,8 @@ static void ParseContentListFile(char *f + } + + /* clear the line and rule buffers */ +- bzero((char *) buf, STD_BUF); +- bzero((char *) rule_buf, STD_BUF); ++ memset((char *) buf, 0, STD_BUF); ++ memset((char *) rule_buf, 0, STD_BUF); + frazes_count = 0; + + /* loop thru each list_file line and content to the rule */ diff --git a/package/snort/patches/patch-src_detection-plugins_sp_pattern_match_c.orig b/package/snort/patches/patch-src_detection-plugins_sp_pattern_match_c.orig new file mode 100644 index 000000000..a0a9802ad --- /dev/null +++ b/package/snort/patches/patch-src_detection-plugins_sp_pattern_match_c.orig @@ -0,0 +1,47 @@ +--- snort-2.8.5.1.orig/src/detection-plugins/sp_pattern_match.c 2009-08-10 22:41:44.000000000 +0200 ++++ snort-2.8.5.1/src/detection-plugins/sp_pattern_match.c 2009-12-27 16:06:41.000000000 +0100 +@@ -831,7 +831,7 @@ void PayloadSearchListInit(char *data, O + data++; + + /* grab everything between the starting " and the end one */ +- sptr = index(data, '"'); ++ sptr = strchr(data, '"'); + eptr = strrchr(data, '"'); + + if(sptr != NULL && eptr != NULL) +@@ -862,21 +862,21 @@ static char *PayloadExtractParameter(cha + char *quote_one = NULL, *quote_two = NULL; + char *comma = NULL; + +- quote_one = index(data, '"'); ++ quote_one = strchr(data, '"'); + if (quote_one) + { +- quote_two = index(quote_one+1, '"'); ++ quote_two = strchr(quote_one+1, '"'); + while ( quote_two && quote_two[-1] == '\\' ) +- quote_two = index(quote_two+1, '"'); ++ quote_two = strchr(quote_two+1, '"'); + } + + if (quote_one && quote_two) + { +- comma = index(quote_two, ','); ++ comma = strchr(quote_two, ','); + } + else if (!quote_one) + { +- comma = index(data, ','); ++ comma = strchr(data, ','); + } + + if (comma) +@@ -2035,7 +2035,7 @@ void ParsePattern(char *rule, OptTreeNod + } + + /* find the start of the data */ +- start_ptr = index(rule, '"'); ++ start_ptr = strchr(rule, '"'); + + if(start_ptr != rule) + { diff --git a/package/snort/patches/patch-src_detection-plugins_sp_replace_c b/package/snort/patches/patch-src_detection-plugins_sp_replace_c new file mode 100644 index 000000000..ebf2f0375 --- /dev/null +++ b/package/snort/patches/patch-src_detection-plugins_sp_replace_c @@ -0,0 +1,38 @@ +--- snort-2.8.5.1.orig/src/detection-plugins/sp_replace.c 2009-07-07 17:37:04.000000000 +0200 ++++ snort-2.8.5.1/src/detection-plugins/sp_replace.c 2009-12-27 17:23:47.000000000 +0100 +@@ -111,7 +111,7 @@ static PatternMatchData * Replace_Parse( + file_name, file_line); + } + /* clear out the temp buffer */ +- bzero(tmp_buf, MAX_PATTERN_SIZE); ++ memset(tmp_buf, 0, MAX_PATTERN_SIZE); + + while(isspace((int)*rule)) + rule++; +@@ -122,7 +122,7 @@ static PatternMatchData * Replace_Parse( + } + + /* find the start of the data */ +- start_ptr = index(rule, '"'); ++ start_ptr = strchr(rule, '"'); + + if(start_ptr == NULL) + { +@@ -163,7 +163,7 @@ static PatternMatchData * Replace_Parse( + dummy_end = (dummy_idx + size); + + /* why is this buffer so small? */ +- bzero(hex_buf, 3); ++ memset(hex_buf, 0, 3); + memset(hex_buf, '0', 2); + + /* BEGIN BAD JUJU..... */ +@@ -269,7 +269,7 @@ static PatternMatchData * Replace_Parse( + strtol(hex_buf, (char **) NULL, 16)&0xFF; + + dummy_size++; +- bzero(hex_buf, 3); ++ memset(hex_buf, 0, 3); + memset(hex_buf, '0', 2); + } + else diff --git a/package/snort/patches/patch-src_detection-plugins_sp_replace_c.orig b/package/snort/patches/patch-src_detection-plugins_sp_replace_c.orig new file mode 100644 index 000000000..3e78de505 --- /dev/null +++ b/package/snort/patches/patch-src_detection-plugins_sp_replace_c.orig @@ -0,0 +1,11 @@ +--- snort-2.8.5.1.orig/src/detection-plugins/sp_replace.c 2009-07-07 17:37:04.000000000 +0200 ++++ snort-2.8.5.1/src/detection-plugins/sp_replace.c 2009-12-27 17:14:46.000000000 +0100 +@@ -122,7 +122,7 @@ static PatternMatchData * Replace_Parse( + } + + /* find the start of the data */ +- start_ptr = index(rule, '"'); ++ start_ptr = strchr(rule, '"'); + + if(start_ptr == NULL) + { diff --git a/package/snort/patches/patch-src_detection-plugins_sp_session_c b/package/snort/patches/patch-src_detection-plugins_sp_session_c new file mode 100644 index 000000000..8f874f5ac --- /dev/null +++ b/package/snort/patches/patch-src_detection-plugins_sp_session_c @@ -0,0 +1,13 @@ +--- snort-2.8.5.1.orig/src/detection-plugins/sp_session.c 2009-08-10 22:41:45.000000000 +0200 ++++ snort-2.8.5.1/src/detection-plugins/sp_session.c 2009-12-27 17:24:07.000000000 +0100 +@@ -378,8 +378,8 @@ FILE *OpenSessionFile(Packet *p) + return NULL; + } + +- bzero((char *)session_file, STD_BUF); +- bzero((char *)log_path, STD_BUF); ++ memset((char *)session_file, 0, STD_BUF); ++ memset((char *)log_path, 0, STD_BUF); + + /* figure out which way this packet is headed in relation to the homenet */ + #ifdef SUP_IP6 diff --git a/package/snort/patches/patch-src_detection-plugins_sp_tcp_win_check_c b/package/snort/patches/patch-src_detection-plugins_sp_tcp_win_check_c new file mode 100644 index 000000000..6433539c7 --- /dev/null +++ b/package/snort/patches/patch-src_detection-plugins_sp_tcp_win_check_c @@ -0,0 +1,26 @@ +--- snort-2.8.5.1.orig/src/detection-plugins/sp_tcp_win_check.c 2009-05-07 00:28:39.000000000 +0200 ++++ snort-2.8.5.1/src/detection-plugins/sp_tcp_win_check.c 2009-12-27 16:11:37.000000000 +0100 +@@ -196,19 +196,19 @@ void ParseTcpWin(char *data, OptTreeNode + ds_ptr->not_flag = 1; + } + +- if(index(data, (int) 'x') == NULL && index(data, (int)'X') == NULL) ++ if(strchr(data, (int) 'x') == NULL && strchr(data, (int)'X') == NULL) + { + win_size = atoi(data); + } + else + { +- if(index(data,(int)'x')) ++ if(strchr(data,(int)'x')) + { +- win_size = (uint16_t) strtol((index(data, (int)'x')+1), NULL, 16); ++ win_size = (uint16_t) strtol((strchr(data, (int)'x')+1), NULL, 16); + } + else + { +- win_size = (uint16_t) strtol((index(data, (int)'X')+1), NULL, 16); ++ win_size = (uint16_t) strtol((strchr(data, (int)'X')+1), NULL, 16); + } + } + diff --git a/package/snort/patches/patch-src_dynamic-preprocessors_dns_spp_dns_c b/package/snort/patches/patch-src_dynamic-preprocessors_dns_spp_dns_c new file mode 100644 index 000000000..c8584410b --- /dev/null +++ b/package/snort/patches/patch-src_dynamic-preprocessors_dns_spp_dns_c @@ -0,0 +1,47 @@ +--- snort-2.8.5.1.orig/src/dynamic-preprocessors/dns/spp_dns.c 2009-10-02 22:29:57.000000000 +0200 ++++ snort-2.8.5.1/src/dynamic-preprocessors/dns/spp_dns.c 2009-12-27 17:17:22.000000000 +0100 +@@ -749,7 +749,7 @@ static uint16_t ParseDNSQuestion(const u + if (dnsSessionData->curr_txt.name_state == DNS_RESP_STATE_NAME_COMPLETE) + { + dnsSessionData->curr_rec_state = DNS_RESP_STATE_Q_TYPE; +- bzero(&dnsSessionData->curr_txt, sizeof(DNSNameState)); ++ memset(&dnsSessionData->curr_txt, 0, sizeof(DNSNameState)); + data = data + bytes_used; + bytes_unused = new_bytes_unused; + +@@ -837,7 +837,7 @@ uint16_t ParseDNSAnswer(const unsigned c + if (dnsSessionData->curr_txt.name_state == DNS_RESP_STATE_NAME_COMPLETE) + { + dnsSessionData->curr_rec_state = DNS_RESP_STATE_RR_TYPE; +- bzero(&dnsSessionData->curr_txt, sizeof(DNSNameState)); ++ memset(&dnsSessionData->curr_txt, 0, sizeof(DNSNameState)); + data = data + bytes_used; + } + bytes_unused = new_bytes_unused; +@@ -1272,7 +1272,7 @@ void ParseDNSResponseMessage(SFSnortPack + if (dnsSessionData->curr_rr.type == DNS_RR_TYPE_TXT) + { + /* Reset the state tracking for this record */ +- bzero(&dnsSessionData->curr_txt, sizeof(DNSNameState)); ++ memset(&dnsSessionData->curr_txt, 0, sizeof(DNSNameState)); + } + data = p->payload + (p->payload_size - bytes_unused); + } +@@ -1328,7 +1328,7 @@ void ParseDNSResponseMessage(SFSnortPack + if (dnsSessionData->curr_rr.type == DNS_RR_TYPE_TXT) + { + /* Reset the state tracking for this record */ +- bzero(&dnsSessionData->curr_txt, sizeof(DNSNameState)); ++ memset(&dnsSessionData->curr_txt, 0, sizeof(DNSNameState)); + } + data = p->payload + (p->payload_size - bytes_unused); + } +@@ -1384,7 +1384,7 @@ void ParseDNSResponseMessage(SFSnortPack + if (dnsSessionData->curr_rr.type == DNS_RR_TYPE_TXT) + { + /* Reset the state tracking for this record */ +- bzero(&dnsSessionData->curr_txt, sizeof(DNSNameState)); ++ memset(&dnsSessionData->curr_txt, 0, sizeof(DNSNameState)); + } + data = p->payload + (p->payload_size - bytes_unused); + } diff --git a/package/snort/patches/patch-src_inline_c b/package/snort/patches/patch-src_inline_c new file mode 100644 index 000000000..64c7a226f --- /dev/null +++ b/package/snort/patches/patch-src_inline_c @@ -0,0 +1,11 @@ +--- snort-2.8.5.1.orig/src/inline.c 2009-07-07 17:37:01.000000000 +0200 ++++ snort-2.8.5.1/src/inline.c 2009-12-27 17:20:43.000000000 +0100 +@@ -335,7 +335,7 @@ void IpfwLoop(void) + } + + /* Fill in necessary fields */ +- bzero(&sin, sizeof(sin)); ++ memset(&sin, 0, sizeof(sin)); + sin.sin_family = PF_INET; + sin.sin_addr.s_addr = INADDR_ANY; + sin.sin_port = htons(ScDivertPort()); diff --git a/package/snort/patches/patch-src_log_c b/package/snort/patches/patch-src_log_c new file mode 100644 index 000000000..456b6a033 --- /dev/null +++ b/package/snort/patches/patch-src_log_c @@ -0,0 +1,162 @@ +--- snort-2.8.5.1.orig/src/log.c 2009-10-19 17:48:42.000000000 +0200 ++++ snort-2.8.5.1/src/log.c 2009-12-27 17:19:26.000000000 +0100 +@@ -362,7 +362,7 @@ void PrintIPPkt(FILE * fp, int type, Pac + + DEBUG_WRAP(DebugMessage(DEBUG_LOG, "PrintIPPkt type = %d\n", type);); + +- bzero((char *) timestamp, TIMEBUF_SIZE); ++ memset((char *) timestamp, 0, TIMEBUF_SIZE); + ts_print((struct timeval *) & p->pkth->ts, timestamp); + + /* dump the timestamp */ +@@ -863,8 +863,8 @@ void PrintArpHeader(FILE * fp, Packet * + const uint8_t *mac_src = NULL; + const uint8_t *mac_dst = NULL; + +- bzero((struct in_addr *) &ip_addr, sizeof(struct in_addr)); +- bzero((char *) timestamp, TIMEBUF_SIZE); ++ memset((struct in_addr *) &ip_addr, 0, sizeof(struct in_addr)); ++ memset((char *) timestamp, 0, TIMEBUF_SIZE); + ts_print((struct timeval *) & p->pkth->ts, timestamp); + + /* determine what to use as MAC src and dst */ +@@ -916,7 +916,7 @@ void PrintArpHeader(FILE * fp, Packet * + switch(ntohs(p->ah->ea_hdr.ar_op)) + { + case ARPOP_REQUEST: +- bcopy((void *)p->ah->arp_tpa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_tpa, sizeof(ip_addr)); + fprintf(fp, "ARP who-has %s", inet_ntoa(ip_addr)); + + if(memcmp((char *) ezero, (char *) p->ah->arp_tha, 6) != 0) +@@ -925,7 +925,7 @@ void PrintArpHeader(FILE * fp, Packet * + p->ah->arp_tha[1], p->ah->arp_tha[2], p->ah->arp_tha[3], + p->ah->arp_tha[4], p->ah->arp_tha[5]); + } +- bcopy((void *)p->ah->arp_spa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_spa, sizeof(ip_addr)); + + fprintf(fp, " tell %s", inet_ntoa(ip_addr)); + +@@ -938,7 +938,7 @@ void PrintArpHeader(FILE * fp, Packet * + break; + + case ARPOP_REPLY: +- bcopy((void *)p->ah->arp_spa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_spa, sizeof(ip_addr)); + fprintf(fp, "ARP reply %s", inet_ntoa(ip_addr)); + + /* print out the originating request if we're on a weirder +@@ -971,7 +971,7 @@ void PrintArpHeader(FILE * fp, Packet * + break; + + case ARPOP_RREPLY: +- bcopy((void *)p->ah->arp_tpa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_tpa, sizeof(ip_addr)); + fprintf(fp, "RARP reply %X:%X:%X:%X:%X:%X at %s", + p->ah->arp_tha[0], p->ah->arp_tha[1], p->ah->arp_tha[2], + p->ah->arp_tha[3], p->ah->arp_tha[4], p->ah->arp_tha[5], +@@ -1467,7 +1467,7 @@ void PrintICMPEmbeddedIP(FILE *fp, Packe + if (fp == NULL || p == NULL) + return; + +- bzero((char *) &op, sizeof(Packet)); ++ memset((char *) &op, 0, sizeof(Packet)); + orig_p = &op; + + orig_p->iph = p->orig_iph; +@@ -1717,7 +1717,7 @@ void PrintTcpOptions(FILE * fp, Packet * + switch(p->tcp_options[i].code) + { + case TCPOPT_MAXSEG: +- bzero((char *) tmp, 5); ++ memset((char *) tmp, 0, 5); + fwrite("MSS: ", 5, 1, fp); + if (p->tcp_options[i].data) + memcpy(tmp, p->tcp_options[i].data, 2); +@@ -1740,11 +1740,11 @@ void PrintTcpOptions(FILE * fp, Packet * + break; + + case TCPOPT_SACK: +- bzero((char *) tmp, 5); ++ memset((char *) tmp, 0, 5); + if (p->tcp_options[i].data && (p->tcp_options[i].len >= 2)) + memcpy(tmp, p->tcp_options[i].data, 2); + fprintf(fp, "Sack: %u@", EXTRACT_16BITS(tmp)); +- bzero((char *) tmp, 5); ++ memset((char *) tmp, 0, 5); + if (p->tcp_options[i].data && (p->tcp_options[i].len >= 4)) + memcpy(tmp, (p->tcp_options[i].data) + 2, 2); + fprintf(fp, "%u ", EXTRACT_16BITS(tmp)); +@@ -1755,46 +1755,46 @@ void PrintTcpOptions(FILE * fp, Packet * + break; + + case TCPOPT_ECHO: +- bzero((char *) tmp, 5); ++ memset((char *) tmp, 0, 5); + if (p->tcp_options[i].data) + memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "Echo: %u ", EXTRACT_32BITS(tmp)); + break; + + case TCPOPT_ECHOREPLY: +- bzero((char *) tmp, 5); ++ memset((char *) tmp, 0, 5); + if (p->tcp_options[i].data) + memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "Echo Rep: %u ", EXTRACT_32BITS(tmp)); + break; + + case TCPOPT_TIMESTAMP: +- bzero((char *) tmp, 5); ++ memset((char *) tmp, 0, 5); + if (p->tcp_options[i].data) + memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "TS: %u ", EXTRACT_32BITS(tmp)); +- bzero((char *) tmp, 5); ++ memset((char *) tmp, 0, 5); + if (p->tcp_options[i].data) + memcpy(tmp, (p->tcp_options[i].data) + 4, 4); + fprintf(fp, "%u ", EXTRACT_32BITS(tmp)); + break; + + case TCPOPT_CC: +- bzero((char *) tmp, 5); ++ memset((char *) tmp, 0, 5); + if (p->tcp_options[i].data) + memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "CC %u ", EXTRACT_32BITS(tmp)); + break; + + case TCPOPT_CCNEW: +- bzero((char *) tmp, 5); ++ memset((char *) tmp, 0, 5); + if (p->tcp_options[i].data) + memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "CCNEW: %u ", EXTRACT_32BITS(tmp)); + break; + + case TCPOPT_CCECHO: +- bzero((char *) tmp, 5); ++ memset((char *) tmp, 0, 5); + if (p->tcp_options[i].data) + memcpy(tmp, p->tcp_options[i].data, 4); + fprintf(fp, "CCECHO: %u ", EXTRACT_32BITS(tmp)); +@@ -1944,7 +1944,7 @@ void PrintEapolPkt(FILE * fp, Packet * p + char timestamp[TIMEBUF_SIZE]; + + +- bzero((char *) timestamp, TIMEBUF_SIZE); ++ memset((char *) timestamp, 0, TIMEBUF_SIZE); + ts_print((struct timeval *) & p->pkth->ts, timestamp); + + /* dump the timestamp */ +@@ -2118,7 +2118,7 @@ void PrintWifiPkt(FILE * fp, Packet * p) + char timestamp[TIMEBUF_SIZE]; + + +- bzero((char *) timestamp, TIMEBUF_SIZE); ++ memset((char *) timestamp, 0, TIMEBUF_SIZE); + ts_print((struct timeval *) & p->pkth->ts, timestamp); + + /* dump the timestamp */ diff --git a/package/snort/patches/patch-src_log_c.orig b/package/snort/patches/patch-src_log_c.orig new file mode 100644 index 000000000..3848941c3 --- /dev/null +++ b/package/snort/patches/patch-src_log_c.orig @@ -0,0 +1,38 @@ +--- snort-2.8.5.1.orig/src/log.c 2009-10-19 17:48:42.000000000 +0200 ++++ snort-2.8.5.1/src/log.c 2009-12-27 16:21:59.000000000 +0100 +@@ -916,7 +916,7 @@ void PrintArpHeader(FILE * fp, Packet * + switch(ntohs(p->ah->ea_hdr.ar_op)) + { + case ARPOP_REQUEST: +- bcopy((void *)p->ah->arp_tpa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_tpa, sizeof(ip_addr)); + fprintf(fp, "ARP who-has %s", inet_ntoa(ip_addr)); + + if(memcmp((char *) ezero, (char *) p->ah->arp_tha, 6) != 0) +@@ -925,7 +925,7 @@ void PrintArpHeader(FILE * fp, Packet * + p->ah->arp_tha[1], p->ah->arp_tha[2], p->ah->arp_tha[3], + p->ah->arp_tha[4], p->ah->arp_tha[5]); + } +- bcopy((void *)p->ah->arp_spa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_spa, sizeof(ip_addr)); + + fprintf(fp, " tell %s", inet_ntoa(ip_addr)); + +@@ -938,7 +938,7 @@ void PrintArpHeader(FILE * fp, Packet * + break; + + case ARPOP_REPLY: +- bcopy((void *)p->ah->arp_spa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_spa, sizeof(ip_addr)); + fprintf(fp, "ARP reply %s", inet_ntoa(ip_addr)); + + /* print out the originating request if we're on a weirder +@@ -971,7 +971,7 @@ void PrintArpHeader(FILE * fp, Packet * + break; + + case ARPOP_RREPLY: +- bcopy((void *)p->ah->arp_tpa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_tpa, sizeof(ip_addr)); + fprintf(fp, "RARP reply %X:%X:%X:%X:%X:%X at %s", + p->ah->arp_tha[0], p->ah->arp_tha[1], p->ah->arp_tha[2], + p->ah->arp_tha[3], p->ah->arp_tha[4], p->ah->arp_tha[5], diff --git a/package/snort/patches/patch-src_log_text_c b/package/snort/patches/patch-src_log_text_c new file mode 100644 index 000000000..6451bbd1e --- /dev/null +++ b/package/snort/patches/patch-src_log_text_c @@ -0,0 +1,38 @@ +--- snort-2.8.5.1.orig/src/log_text.c 2009-05-07 00:28:15.000000000 +0200 ++++ snort-2.8.5.1/src/log_text.c 2009-12-27 16:08:42.000000000 +0100 +@@ -1604,7 +1604,7 @@ void LogArpHeader(TextLog* log, Packet * + switch(ntohs(p->ah->ea_hdr.ar_op)) + { + case ARPOP_REQUEST: +- bcopy((void *)p->ah->arp_tpa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_tpa, sizeof(ip_addr)); + TextLog_Print(log, "ARP who-has %s", inet_ntoa(ip_addr)); + + if(memcmp((char *) ezero, (char *) p->ah->arp_tha, 6) != 0) +@@ -1613,7 +1613,7 @@ void LogArpHeader(TextLog* log, Packet * + p->ah->arp_tha[1], p->ah->arp_tha[2], p->ah->arp_tha[3], + p->ah->arp_tha[4], p->ah->arp_tha[5]); + } +- bcopy((void *)p->ah->arp_spa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_spa, sizeof(ip_addr)); + + TextLog_Print(log, " tell %s", inet_ntoa(ip_addr)); + +@@ -1626,7 +1626,7 @@ void LogArpHeader(TextLog* log, Packet * + break; + + case ARPOP_REPLY: +- bcopy((void *)p->ah->arp_spa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_spa, sizeof(ip_addr)); + TextLog_Print(log, "ARP reply %s", inet_ntoa(ip_addr)); + + /* print out the originating request if we're on a weirder +@@ -1659,7 +1659,7 @@ void LogArpHeader(TextLog* log, Packet * + break; + + case ARPOP_RREPLY: +- bcopy((void *)p->ah->arp_tpa, (void *) &ip_addr, sizeof(ip_addr)); ++ memcpy((void *) &ip_addr, (void *)p->ah->arp_tpa, sizeof(ip_addr)); + TextLog_Print(log, "RARP reply %X:%X:%X:%X:%X:%X at %s", + p->ah->arp_tha[0], p->ah->arp_tha[1], p->ah->arp_tha[2], + p->ah->arp_tha[3], p->ah->arp_tha[4], p->ah->arp_tha[5], diff --git a/package/snort/patches/patch-src_mempool_c b/package/snort/patches/patch-src_mempool_c new file mode 100644 index 000000000..50455ac2a --- /dev/null +++ b/package/snort/patches/patch-src_mempool_c @@ -0,0 +1,11 @@ +--- snort-2.8.5.1.orig/src/mempool.c 2009-08-10 22:41:39.000000000 +0200 ++++ snort-2.8.5.1/src/mempool.c 2009-12-27 17:21:21.000000000 +0100 +@@ -288,7 +288,7 @@ MemBucket *mempool_alloc(MemPool *mempoo + + /* TBD -- make configurable */ + b = li->data; +- bzero(b->data, mempool->obj_size); ++ memset(b->data, 0, mempool->obj_size); + + return b; + } diff --git a/package/snort/patches/patch-src_output-plugins_spo_alert_unixsock_c b/package/snort/patches/patch-src_output-plugins_spo_alert_unixsock_c new file mode 100644 index 000000000..a940ec03a --- /dev/null +++ b/package/snort/patches/patch-src_output-plugins_spo_alert_unixsock_c @@ -0,0 +1,50 @@ +--- snort-2.8.5.1.orig/src/output-plugins/spo_alert_unixsock.c 2009-05-07 00:29:12.000000000 +0200 ++++ snort-2.8.5.1/src/output-plugins/spo_alert_unixsock.c 2009-12-27 17:23:19.000000000 +0100 +@@ -176,16 +176,16 @@ void AlertUnixSock(Packet *p, char *msg, + + DEBUG_WRAP(DebugMessage(DEBUG_LOG, "Logging Alert data!\n");); + +- bzero((char *)&alertpkt,sizeof(alertpkt)); ++ memset((char *)&alertpkt, 0, sizeof(alertpkt)); + if (event) + { +- bcopy((const void *)event,(void *)&alertpkt.event,sizeof(Event)); ++ memcpy((void *)&alertpkt.event,(const void *)event,sizeof(Event)); + } + + if(p && p->pkt) + { +- bcopy((const void *)p->pkth,(void *)&alertpkt.pkth,sizeof(struct pcap_pkthdr)); +- bcopy((const void *)p->pkt,alertpkt.pkt, ++ memcpy((void *)&alertpkt.pkth,(const void *)p->pkth,sizeof(struct pcap_pkthdr)); ++ memcpy(alertpkt.pkt,(const void *)p->pkt, + alertpkt.pkth.caplen > SNAPLEN? SNAPLEN : alertpkt.pkth.caplen); + } + else +@@ -193,7 +193,7 @@ void AlertUnixSock(Packet *p, char *msg, + + if (msg) + { +- bcopy((const void *)msg,(void *)alertpkt.alertmsg, ++ memcpy((void *)alertpkt.alertmsg,(const void *)msg, + strlen(msg)>ALERTMSG_LENGTH-1 ? ALERTMSG_LENGTH - 1 : strlen(msg)); + } + +@@ -236,7 +236,7 @@ void AlertUnixSock(Packet *p, char *msg, + break; + + default: +- /* alertpkt.transhdr is null due to initial bzero */ ++ /* alertpkt.transhdr is null due to initial memset */ + alertpkt.val|=NO_TRANSHDR; + break; + } +@@ -282,7 +282,7 @@ void OpenAlertSock(void) + srv); + } + +- bzero((char *) &alertaddr, sizeof(alertaddr)); ++ memset((char *) &alertaddr, 0, sizeof(alertaddr)); + + /* 108 is the size of sun_path */ + strncpy(alertaddr.sun_path, srv, 108); diff --git a/package/snort/patches/patch-src_output-plugins_spo_alert_unixsock_c.orig b/package/snort/patches/patch-src_output-plugins_spo_alert_unixsock_c.orig new file mode 100644 index 000000000..fd98d8771 --- /dev/null +++ b/package/snort/patches/patch-src_output-plugins_spo_alert_unixsock_c.orig @@ -0,0 +1,32 @@ +--- snort-2.8.5.1.orig/src/output-plugins/spo_alert_unixsock.c 2009-05-07 00:29:12.000000000 +0200 ++++ snort-2.8.5.1/src/output-plugins/spo_alert_unixsock.c 2009-12-27 17:12:45.000000000 +0100 +@@ -176,16 +176,16 @@ void AlertUnixSock(Packet *p, char *msg, + + DEBUG_WRAP(DebugMessage(DEBUG_LOG, "Logging Alert data!\n");); + +- bzero((char *)&alertpkt,sizeof(alertpkt)); ++ memset((char *)&alertpkt, 0, sizeof(alertpkt)); + if (event) + { +- bcopy((const void *)event,(void *)&alertpkt.event,sizeof(Event)); ++ memcpy((void *)&alertpkt.event,(const void *)event,sizeof(Event)); + } + + if(p && p->pkt) + { +- bcopy((const void *)p->pkth,(void *)&alertpkt.pkth,sizeof(struct pcap_pkthdr)); +- bcopy((const void *)p->pkt,alertpkt.pkt, ++ memcpy((void *)&alertpkt.pkth,(const void *)p->pkth,sizeof(struct pcap_pkthdr)); ++ memcpy(alertpkt.pkt,(const void *)p->pkt, + alertpkt.pkth.caplen > SNAPLEN? SNAPLEN : alertpkt.pkth.caplen); + } + else +@@ -193,7 +193,7 @@ void AlertUnixSock(Packet *p, char *msg, + + if (msg) + { +- bcopy((const void *)msg,(void *)alertpkt.alertmsg, ++ memcpy((void *)alertpkt.alertmsg,(const void *)msg, + strlen(msg)>ALERTMSG_LENGTH-1 ? ALERTMSG_LENGTH - 1 : strlen(msg)); + } + diff --git a/package/snort/patches/patch-src_output-plugins_spo_database_c b/package/snort/patches/patch-src_output-plugins_spo_database_c new file mode 100644 index 000000000..3703cd03d --- /dev/null +++ b/package/snort/patches/patch-src_output-plugins_spo_database_c @@ -0,0 +1,11 @@ +--- snort-2.8.5.1.orig/src/output-plugins/spo_database.c 2009-10-02 22:29:59.000000000 +0200 ++++ snort-2.8.5.1/src/output-plugins/spo_database.c 2009-12-27 17:21:41.000000000 +0100 +@@ -333,7 +333,7 @@ static int instances = 0; + /* this is for debugging purposes only */ + static char g_CurrentStatement[2048]; + #define SAVESTATEMENT(str) strncpy(g_CurrentStatement, str, sizeof(g_CurrentStatement) - 1); +- #define CLEARSTATEMENT() bzero((char *) g_CurrentStatement, sizeof(g_CurrentStatement)); ++ #define CLEARSTATEMENT() memset((char *) g_CurrentStatement, 0, sizeof(g_CurrentStatement)); + #else + #define SAVESTATEMENT(str) NULL; + #define CLEARSTATEMENT() NULL; diff --git a/package/snort/patches/patch-src_output-plugins_spo_log_ascii_c b/package/snort/patches/patch-src_output-plugins_spo_log_ascii_c new file mode 100644 index 000000000..3c1e220d0 --- /dev/null +++ b/package/snort/patches/patch-src_output-plugins_spo_log_ascii_c @@ -0,0 +1,15 @@ +--- snort-2.8.5.1.orig/src/output-plugins/spo_log_ascii.c 2009-05-07 00:29:14.000000000 +0200 ++++ snort-2.8.5.1/src/output-plugins/spo_log_ascii.c 2009-12-27 17:22:59.000000000 +0100 +@@ -198,9 +198,9 @@ FILE *OpenLogFile(int mode, Packet * p) + #endif + + /* zero out our buffers */ +- bzero((char *) log_path, STD_BUF); +- bzero((char *) log_file, STD_BUF); +- bzero((char *) proto, 5); ++ memset((char *) log_path, 0, STD_BUF); ++ memset((char *) log_file, 0, STD_BUF); ++ memset((char *) proto, 0, 5); + + if (mode == GENERIC_LOG || mode == DUMP || mode == BOGUS || + mode == NON_IP || mode == ARP) diff --git a/package/snort/patches/patch-src_output-plugins_spo_log_tcpdump_c b/package/snort/patches/patch-src_output-plugins_spo_log_tcpdump_c new file mode 100644 index 000000000..50bdd855b --- /dev/null +++ b/package/snort/patches/patch-src_output-plugins_spo_log_tcpdump_c @@ -0,0 +1,11 @@ +--- snort-2.8.5.1.orig/src/output-plugins/spo_log_tcpdump.c 2009-05-07 00:29:15.000000000 +0200 ++++ snort-2.8.5.1/src/output-plugins/spo_log_tcpdump.c 2009-12-27 17:22:31.000000000 +0100 +@@ -469,7 +469,7 @@ static void SpoLogTcpdumpCleanup(int sig + free (data->filename); + } + +- bzero(data, sizeof(LogTcpdumpData)); ++ memset(data, 0, sizeof(LogTcpdumpData)); + free(data); + } + diff --git a/package/snort/patches/patch-src_output-plugins_spo_unified_c b/package/snort/patches/patch-src_output-plugins_spo_unified_c new file mode 100644 index 000000000..9613b7fd0 --- /dev/null +++ b/package/snort/patches/patch-src_output-plugins_spo_unified_c @@ -0,0 +1,47 @@ +--- snort-2.8.5.1.orig/src/output-plugins/spo_unified.c 2009-08-10 22:41:52.000000000 +0200 ++++ snort-2.8.5.1/src/output-plugins/spo_unified.c 2009-12-27 17:22:15.000000000 +0100 +@@ -302,7 +302,7 @@ static void UnifiedInitFile(UnifiedConfi + FileHeader hdr; + int value; + +- bzero(logdir, STD_BUF); ++ memset(logdir, 0, STD_BUF); + curr_time = time(NULL); + + if(data == NULL) +@@ -398,7 +398,7 @@ void RealUnifiedLogAlert(Packet *p, char + UnifiedConfig *data = (UnifiedConfig *)arg; + UnifiedAlert alertdata; + +- bzero(&alertdata, sizeof(alertdata)); ++ memset(&alertdata, 0, sizeof(alertdata)); + + if(event != NULL) + { +@@ -483,7 +483,7 @@ void RealUnifiedLogAlert6(Packet *p, cha + UnifiedConfig *data = (UnifiedConfig *)arg; + UnifiedIPv6Alert alertdata; + +- bzero(&alertdata, sizeof(alertdata)); ++ memset(&alertdata, 0, sizeof(alertdata)); + + if(event != NULL) + { +@@ -1039,7 +1039,7 @@ void UnifiedInitAlertFile(UnifiedConfig + int value; + UnifiedAlertFileHeader hdr; + +- bzero(logdir, STD_BUF); ++ memset(logdir, 0, STD_BUF); + curr_time = time(NULL); + + if(data->nostamp) +@@ -1167,7 +1167,7 @@ void UnifiedInitLogFile(UnifiedConfig *d + int value; + //UnifiedLogFileHeader hdr; + +- bzero(logdir, STD_BUF); ++ memset(logdir, 0, STD_BUF); + curr_time = time(NULL); + + if(data == NULL) diff --git a/package/snort/patches/patch-src_parser_IpAddrSet_c b/package/snort/patches/patch-src_parser_IpAddrSet_c new file mode 100644 index 000000000..fd365a696 --- /dev/null +++ b/package/snort/patches/patch-src_parser_IpAddrSet_c @@ -0,0 +1,16 @@ +--- snort-2.8.5.1.orig/src/parser/IpAddrSet.c 2009-07-07 17:37:07.000000000 +0200 ++++ snort-2.8.5.1/src/parser/IpAddrSet.c 2009-12-27 16:38:24.000000000 +0100 +@@ -388,11 +388,11 @@ int ParseIP(char *paddr, IpAddrSet *ias, + /* protecting against malicious DNS servers */ + if(host_info->h_length <= (int)sizeof(sin.sin_addr)) + { +- bcopy(host_info->h_addr, (char *) &sin.sin_addr, host_info->h_length); ++ memcpy((char *) &sin.sin_addr, host_info->h_addr, host_info->h_length); + } + else + { +- bcopy(host_info->h_addr, (char *) &sin.sin_addr, sizeof(sin.sin_addr)); ++ memcpy((char *) &sin.sin_addr, host_info->h_addr, sizeof(sin.sin_addr)); + } + } + /* Using h_errno */ diff --git a/package/snort/patches/patch-src_parser_c b/package/snort/patches/patch-src_parser_c new file mode 100644 index 000000000..23ee43347 --- /dev/null +++ b/package/snort/patches/patch-src_parser_c @@ -0,0 +1,40 @@ +--- snort-2.8.5.1.orig/src/parser.c 2009-10-02 22:29:56.000000000 +0200 ++++ snort-2.8.5.1/src/parser.c 2009-12-27 17:20:27.000000000 +0100 +@@ -4362,7 +4362,7 @@ static char * ExpandVars(SnortConfig *sc + if(!string || !*string || !strchr(string, '$')) + return(string); + +- bzero((char *) estring, PARSERULE_SIZE); ++ memset((char *) estring, 0, PARSERULE_SIZE); + + i = j = 0; + l_string = strlen(string); +@@ -4381,7 +4381,7 @@ static char * ExpandVars(SnortConfig *sc + + if(c == '$' && !quote_toggle) + { +- bzero((char *) rawvarname, sizeof(rawvarname)); ++ memset((char *) rawvarname, 0, sizeof(rawvarname)); + varname_completed = 0; + name_only = 1; + iv = i; +@@ -4421,8 +4421,8 @@ static char * ExpandVars(SnortConfig *sc + + varcontents = NULL; + +- bzero((char *) varname, sizeof(varname)); +- bzero((char *) varaux, sizeof(varaux)); ++ memset((char *) varname, 0, sizeof(varname)); ++ memset((char *) varaux, 0, sizeof(varaux)); + varmodifier = ' '; + + p = strchr(rawvarname, ':'); +@@ -4439,7 +4439,7 @@ static char * ExpandVars(SnortConfig *sc + else + SnortStrncpy(varname, rawvarname, sizeof(varname)); + +- bzero((char *) varbuffer, sizeof(varbuffer)); ++ memset((char *) varbuffer, 0, sizeof(varbuffer)); + + varcontents = VarSearch(sc, varname); + diff --git a/package/snort/patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c b/package/snort/patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c new file mode 100644 index 000000000..4948465a3 --- /dev/null +++ b/package/snort/patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c @@ -0,0 +1,11 @@ +--- snort-2.8.5.1.orig/src/preprocessors/Stream5/snort_stream5_tcp.c 2009-10-02 22:30:01.000000000 +0200 ++++ snort-2.8.5.1/src/preprocessors/Stream5/snort_stream5_tcp.c 2009-12-27 17:16:36.000000000 +0100 +@@ -6913,7 +6913,7 @@ static int ProcessTcp(Stream5LWSession * + char timestamp[TIMEBUF_SIZE]; + char src_addr[17]; + char dst_addr[17]; +- bzero((char *)timestamp, TIMEBUF_SIZE); ++ memset((char *)timestamp, 0, TIMEBUF_SIZE); + ts_print((struct timeval *) &p->pkth->ts, timestamp); + SnortSnprintf(src_addr, 17, "%s", + inet_ntoa(GET_SRC_ADDR(p))); diff --git a/package/snort/patches/patch-src_snort_c b/package/snort/patches/patch-src_snort_c new file mode 100644 index 000000000..a3ec23375 --- /dev/null +++ b/package/snort/patches/patch-src_snort_c @@ -0,0 +1,20 @@ +--- snort-2.8.5.1.orig/src/snort.c 2009-10-19 19:44:03.000000000 +0200 ++++ snort-2.8.5.1/src/snort.c 2009-12-27 17:17:42.000000000 +0100 +@@ -3581,7 +3581,7 @@ static void SnortCleanup(int exit_val) + struct timeval difftime; + struct timezone tz; + +- bzero((char *) &tz, sizeof(tz)); ++ memset((char *) &tz, 0, sizeof(tz)); + gettimeofday(&endtime, &tz); + + TIMERSUB(&endtime, &starttime, &difftime); +@@ -3628,7 +3628,7 @@ static void SnortCleanup(int exit_val) + sfActionQueueDestroy (decoderActionQ); + mempool_destroy (&decoderAlertMemPool); + decoderActionQ = NULL; +- bzero(&decoderAlertMemPool, sizeof(decoderAlertMemPool)); ++ memset(&decoderAlertMemPool, 0, sizeof(decoderAlertMemPool)); + } + + /* Print Statistics */ diff --git a/package/snort/patches/patch-src_util_c b/package/snort/patches/patch-src_util_c new file mode 100644 index 000000000..79de72511 --- /dev/null +++ b/package/snort/patches/patch-src_util_c @@ -0,0 +1,20 @@ +--- snort-2.8.5.1.orig/src/util.c 2009-08-10 22:41:42.000000000 +0200 ++++ snort-2.8.5.1/src/util.c 2009-12-27 17:21:05.000000000 +0100 +@@ -227,7 +227,7 @@ void ts_print(register const struct time + if(!tvp) + { + /* manual page (for linux) says tz is never used, so.. */ +- bzero((char *) &tz, sizeof(tz)); ++ memset((char *) &tz, 0, sizeof(tz)); + gettimeofday(&tv, &tz); + tvp = &tv; + } +@@ -2714,7 +2714,7 @@ char *GetCurrentTimestamp() + + buf = (char *)SnortAlloc(SMALLBUFFER * sizeof(char)); + +- bzero((char *)&tz,sizeof(tz)); ++ memset((char *)&tz, 0, sizeof(tz)); + gettimeofday(&tv,&tz); + tvp = &tv; + |