Re: Unblock request for suricata 1.0.2
On Tue, 2010-11-09 at 17:58 +0100, Pierre Chifflier wrote:
> Suricata 1.0.2 was released after the freeze, and it fixes several
> bugs (exactly, "half a dozen TCP evasions").
> See http://www.packetstan.com/2010/09/suricata-tcp-evasions.html
> The git commits are more or less exactly the fixes, so I am proposing to unblock
> suricata 1.0.2 since porting the fixes would be equivalent to the
> entire release ..
>From a quick look at the diff, and the upstream release announcement, I
have to admit that my initial impression is that there's quite a bit
more than the security fixes here.
The raw diffstat (some of which is indentation and layout changes,
variable renaming, etc.) is:
53 files changed, 7819 insertions(+), 397 deletions(-)
and the release announcement includes (with extracts from the diffstat
- Added an SSH application layer module, improving performance and accuracy
src/app-layer-ssh.c | 1787 ++++++++++++++++++++++++++++++++++++++
src/app-layer-ssh.h | 98 ++
- Added two new SSH rule keywords: "ssh.protoversion" and
src/detect-ssh-proto-version.c | 668 ++++++++++++++
src/detect-ssh-proto-version.h | 40
src/detect-ssh-software-version.c | 629 +++++++++++++
src/detect-ssh-software-version.h | 37
- Added support for missing HTTP related PCRE modifiers /H, /M and /C
src/detect-pcre.c | 1728 +++++++++++++++++++++++++++++++++++-
src/detect-pcre.h | 27
Not all of the changes to detect-pcre.* are for that change, admittedly.
The other files are easier to judge, as they're completely new.
Even if we completely ignore the changes to detect-pcre.*, we're still
looking at over 3000 lines of new code implementing new features. I
realise the new version has been in unstable for over a month now, but
I'm a little uneasy about just unblocking it at this stage.