[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unblock request for suricata 1.0.2

On Tue, 2010-11-09 at 17:58 +0100, Pierre Chifflier wrote:
> Suricata 1.0.2 was released after the freeze, and it fixes several
> bugs (exactly, "half a dozen TCP evasions").
> See http://www.packetstan.com/2010/09/suricata-tcp-evasions.html
> The git commits are more or less exactly the fixes, so I am proposing to unblock
> suricata 1.0.2 since porting the fixes would be equivalent to the
> entire release ..

>From a quick look at the diff, and the upstream release announcement, I
have to admit that my initial impression is that there's quite a bit
more than the security fixes here.

The raw diffstat (some of which is indentation and layout changes,
variable renaming, etc.) is:

 53 files changed, 7819 insertions(+), 397 deletions(-)

and the release announcement includes (with extracts from the diffstat

- Added an SSH application layer module, improving performance and accuracy

src/app-layer-ssh.c               | 1787 ++++++++++++++++++++++++++++++++++++++
src/app-layer-ssh.h               |   98 ++

- Added two new SSH rule keywords: "ssh.protoversion" and

src/detect-ssh-proto-version.c    |  668 ++++++++++++++
src/detect-ssh-proto-version.h    |   40 
src/detect-ssh-software-version.c |  629 +++++++++++++
src/detect-ssh-software-version.h |   37 

- Added support for missing HTTP related PCRE modifiers /H, /M and /C
(bug #220)

src/detect-pcre.c                 | 1728 +++++++++++++++++++++++++++++++++++-
src/detect-pcre.h                 |   27 

Not all of the changes to detect-pcre.* are for that change, admittedly.
The other files are easier to judge, as they're completely new.

Even if we completely ignore the changes to detect-pcre.*, we're still
looking at over 3000 lines of new code implementing new features.  I
realise the new version has been in unstable for over a month now, but
I'm a little uneasy about just unblocking it at this stage.



Reply to: