Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 36165 - New release - Snort 2.1
Summary: New release - Snort 2.1
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All All
: High enhancement (vote)
Assignee: Michael Boman (RETIRED)
URL: http://snort.org/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-12-20 02:13 UTC by Pol
Modified: 2004-01-06 08:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Proposed snort-2.1 ebuild (snort-2.1.0.ebuild,3.23 KB, text/plain)
2004-01-02 13:21 UTC, Kris Merrill 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pol 2003-12-20 02:13:29 UTC 
Snort 2.1.0 is now available!  	Brian @ Thu Dec 18 17:27:52 2003 GMT
Yes, it's true, it's finally here! We're proud to announce the release of the new stable branch of snort, 2.1, and the first release, 2.1.0.

Major 2.1 features include:

    * A new connection tracking module, Flow (replaces conversation)
    * A new portscan detector based off of Flow, Flow-Portscan (replaces portscan2)
    * A new http preprocessor, HttpInspect (replaces http_decode)
    * Alert Thresholding and Suppression
    * PCRE rule keyword (Perl Compat Regular Expressions)
    * isdataat rule keyword (buffer length detection)
    * A ton of new and updated rules.

This release also includes all the fixes from version 2.0.6.

The Snort manual has been updated to reflect v2.1 and address the many suggestions from users. The manual is still a work in progress.

Many thanks to all those who have contributed to the Snort project, this release wouldn't have been possible without you!

Cheers,
The Snort Team
Comment 1 Michael Boman (RETIRED) gentoo-dev 2003-12-20 10:53:18 UTC 
I already planned to do this ebuild anyway ;)
Comment 2 solar (RETIRED) gentoo-dev 2003-12-20 21:30:37 UTC 
SOme patches need to be fwd ported here. So this release might take a ver days to get in portage
Comment 3 Kris Merrill 2004-01-02 13:15:06 UTC 
This snort build requires dev-libs/libpcre-4.2-r1; I was able to use a modified version of the snort-2.0.6 ebuild and add the dependencies for the above package.  I'll post the ebuild, but Mr. Bowman should take the credit for this ebuild.
Comment 4 Kris Merrill 2004-01-02 13:21:10 UTC 
Created attachment 23035 [details]
Proposed snort-2.1 ebuild

Please be kind, this is my first ebuild submission.
Comment 5 Michael Boman (RETIRED) gentoo-dev 2004-01-03 02:55:27 UTC 
Thanks for your ebuild. I already have a "almost working" ebuild for it already. What is missing is a working prelude patch for it.

Also take note that Snort 2.1.x does not support smbalert output facility anymore, hence the "samba" useflag and their respective ./configure options are no longer in use (bit sad though, I just added the samba USE flag in...)

Anyway, there has been no news if/when the prelude patch will be ported to 2.1.x series (maybe it won't, as prelude-nids is getting much faster then snort). I've decided to commit a ebuild without the said prelude support patch meanwhile.

The ebuild will be commited today or tomorrow.
Comment 6 Michael Boman (RETIRED) gentoo-dev 2004-01-06 08:18:06 UTC 
Snort 2.1.0 should be availble at your local portage mirror now. Please test and give feedback.