I have been installing snort (various ebuild) on sparc for the last year. All seems to work as expected.
Steps to Reproduce:
from the Changelog: Masked on sparc wrt bugs #29661 and #75395.
sparc herd: I'm not sure how to resolve this. Any news or WONT?
Ah ha! Sorry, I had missed bug #75395. Since the 2.3.0_rc states that 2.3 is not vulnerable, can that portion be marked as ~sparc? I'm fine with just editing the ebuild too.. I couldn't figure out how I had installed ebuilds when I noticed that 2.3.0_rc2 was -sparc.
And since the following might explain a bit...
Portage 2.0.51-r3 (default-linux/sparc/sparc64/2004.3, gcc-3.3.5, glibc-18.104.22.16840420-r2, 2.4.28-sparc sparc64)
System uname: 2.4.28-sparc sparc64 sun4u
Gentoo Base System version 1.4.16
CFLAGS="-mcpu=ultrasparc -O3 -pipe"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
FEATURES="autoaddcvs autoconfig ccache distlocks sandbox"
GENTOO_MIRRORS="http://mirrors.tds.net/gentoo http://22.214.171.124/gentoo/ http://gentoo.chem.wisc.edu/gentoo/ http://gentoo.seren.com/gentoo ftp://ftp.ussg.iu.edu/pub/linux/gentoo"
USE="sparc arts avi berkdb bitmap-fonts crypt cups encode esd f77 fbcon font-server foomaticdb fortran gcc64 gdbm gif gnome gpm gtk gtk2 imlib jpeg kde libwww mad mikmod motif mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png python readline sdl slang spell ssl tcpd tiff truetype truetype-fonts type1-fonts xml2 xmms xv zlib"
(You know.. I'm probably just talking myself out of this bug...)
Did you try throwing an nmap at it with no running iptables rules?
I had not run nmap against it personally, and it was after filing that I morphed it to 2.3 specific (rather than just a general request for snort).
However, I have had it up and running in a production environment for the better part of the last year. I have tweaked my configuration a bit and have it monitoring 5 interfaces (2 unprotected, and on 3 different protected nets). No ipfiltering is taking place local to the server.
(Server is a 2x360 U60 w/ 2G Ram, 1 qfe and 2 hme cards.)
At least 3 out of 3 sparc devels have been able to crash it in no time consistently by just testing it (which includes me).
nmap is one of the ways to do so.
Just nmap the sparc box from another box against an unprotected listening interface (nmap -O is enough) and you'll see.
So for the time being, i'll close as WONTFIX.
Fair enough. Thanks for your time.