packages/net/snort3/Makefile, branch master

snort3: update to 3.12.1.0

2026-03-23T02:42:18Z

Changelog: https://github.com/snort3/snort3/releases/tag/3.12.1.0 Signed-off-by: John Audia

snort3: update to v3.11.1.0

2026-03-11T17:55:56Z

Changelog: https://github.com/snort3/snort3/releases/tag/3.11.1.0 Signed-off-by: John Audia

snort3: update to 3.10.2.0

2026-01-25T05:00:01Z

New upstream release. Changelog: appid: configurable midstream service discovery appid: prefer QUIC client appid over SSL appid: prevent out-of-bounds read in bootp option parsing appid: prevent out-of-bounds read in sslv2 server-hello detection control: refactor connection ownership model and improve thread safety extractor: avoid reporting default values for missing SSL fields file_api: coverity fix flow: refactor dump_flows command to dump flow state in binary format mime: fix compile issues react: block flow when packets are not reset candidates show_flows: implement utility program to convert dump_flows binary files to text Flow state data for each flow smtp: handle split CRLF in multi-line response parsing ssl: ssl client hello event is published with empty hostname % snort --version ,,_ -*> Snort++ <*- o" )~ Version 3.10.2.0 '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 3.0.24 Using Vectorscan version 5.4.12 2026-01-11 Using libpcap version 1.10.5 (with TPACKET_V3) Using LuaJIT version 2.1.0-beta3 Using LZMA version 5.8.1 Using OpenSSL 3.5.4 30 Sep 2025 Using PCRE2 version 10.47 2025-10-21 Using ZLIB version 1.3.1 Signed-off-by: John Audia

snort3: update to 3.10.1.0

2026-01-25T05:00:01Z

New upstream release. Changelog: alert_fast: ensure call_once definition doesn't collide in std vs glibc, thanks to krag on GitHub for suggesting this fix alert_json: add support for logging appid, thanks to ssam18 on GitHub for suggesting this change appid: add check to avoid setting brute force state for pending sessions that are pruned appid: allow out-of-order packet inspection in third-party engine appid: check for Lua table errors during initialization and cleanup appid: enable out-of-order inspection by default appid: fix client process regex mapping logic appid: fix eve process handler event debug logging appid: fix setting global ssh ignore flag appid: fix size check in TFTP service detector appid: mDNS TXT records parsing and deviceinfo event generation appid: prevent multiple out-of-bounds reads in ssl build: address compilation warnings build: fix Coverity warnings in related components cmake: fix pkg-config path for libdir, thanks to brianmcgillion on GitHub for submitting a similar fix decoder: adding encode function for TransbridgeCodec dns: add fix infinite recursion vulnerability file: use new EVP functions rather than deprecated SHA functions flow: add logs to show different ways a flow can fail to create ftp_telnet: fix coverity errors and improve cmd_len configurability ftp_telnet: fix ftp_cmd_pipe_index handling ftp_telnet: Handle malformed traffic in ftp to generate alert hash: update hashes to use new EVP functions, thanks to http_inspect: add urlencoded to content-type list http_inspect: fix coverity error iec104: fix IEC 104 SQ0 bounds checks by removing duplicate asdu_size_map entries and using IO_GROUP sizes, preventing out-of-bounds reads iec104: validate Type I length to prevent ASDU out-of-bounds read ips_options: fix cursor position for byte_extract ips_options: reset PCRE rule counts on new configuration loaded main: update dioctl daqSnort latency common change mime: add unit tests for data fitting memory limit mime: add unit tests for data over memory limit mime: add unit tests for file logging mime: fix mime boundary parsing mime: ignore field collection if not configured mime: implement content parsing of multipart/form_data mime: improve form-data collection for incomplete boundaries mime: leave room for null-character in case of size limit hit mime: remove unused forward-declaration mime: rename class field to comply with the style mime: return error code if cannot add headers for logging pub_sub: add is_urlencoded method sip: fix out-of-bounds reads in sip_parse_sdp_m smb,dlp: update filename,filesize of FileInfo handling to enable dlp evaluation for repeated txns smtp: usage of config cmds snort2lua: fix failure in converting patterns containing commas snort_ml: enable client body scanning by default snort_ml: scan multipart form data ssl: free certificate data if certificate length is 0 ssl: tls client hello check out of bounds fix unified2: use proper API for obtaining VLAN ID from packet % snort --version ,,_ -*> Snort++ <*- o" )~ Version 3.10.1.0 '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 3.0.24 Using Vectorscan version 5.4.12 2026-01-11 Using libpcap version 1.10.5 (with TPACKET_V3) Using LuaJIT version 2.1.0-beta3 Using LZMA version 5.8.1 Using OpenSSL 3.5.4 30 Sep 2025 Using PCRE2 version 10.47 2025-10-21 Using ZLIB version 1.3.1 Signed-off-by: John Audia

snort3: update to 3.10.0.0

2025-11-28T08:45:55Z

Changelog: https://github.com/snort3/snort3/releases/tag/3.10.0.0 Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc (Intel N150) Signed-off-by: John Audia

snort3: update to 3.9.7.0

2025-11-07T17:36:24Z

Changelog: https://github.com/snort3/snort3/releases/tag/3.9.7.0 % snort --version ,,_ -*> Snort++ <*- o" )~ Version 3.9.7.0 '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 3.0.22 Using Vectorscan version 5.4.12 2025-11-02 Using libpcap version 1.10.5 (with TPACKET_V3) Using LuaJIT version 2.1.0-beta3 Using LZMA version 5.8.1 Using OpenSSL 3.5.4 30 Sep 2025 Using PCRE2 version 10.46 2025-08-27 Using ZLIB version 1.3.1 Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc Signed-off-by: John Audia

snort3: run as regular user rather than as root

2025-10-17T19:31:54Z

Running as a dedicated user is better from both a security and an isolation perspective than running as root. Signed-off-by: John Audia

snort3: inform user of optional dependencies

2025-10-17T03:49:05Z

Add a comment to the package description to inform users that the build system will not automatically pick gperftools-runtime and vectorscan- runtime when building from source. References to performance benefits of using them: c1b4e80825d6855d66899dc32490b0ce9537aff5 b6b2d1e3059c049bf0af4330dfde944c1689be9f Signed-off-by: John Audia

snort3: update to 3.9.6.0

2025-10-17T03:49:05Z

Release notes: https://github.com/snort3/snort3/releases/tag/3.9.6.0 % snort --version ,,_ -*> Snort++ <*- o" )~ Version 3.9.6.0 '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 3.0.21 Using Vectorscan version 5.4.12 2025-10-06 Using libpcap version 1.10.5 (with TPACKET_V3) Using LuaJIT version 2.1.0-beta3 Using LZMA version 5.8.1 Using OpenSSL 3.6.0 1 Oct 2025 Using PCRE2 version 10.46 2025-08-27 Using ZLIB version 1.3.1 Build system: x86/64 Build-tested: x86/64-glibc Run-tested: x86/64-glibc Signed-off-by: John Audia

snort3: fix typo preventing vectorscan detection

2025-10-17T03:49:05Z

Since vectorscan-runtime was dropped in the following commit, need to replace references to it with just vectorscan in order to compile snort3 against it: https://github.com/openwrt/packages/commit/8a3c7a69e649a9a5cbb0a642a661dd480b8583ff Without this change, even having CONFIG_PACKAGE_vectorscan=y in the .config will result in a failure to compile against it, e.g: ... Feature options: DAQ Modules: Dynamic libatomic: User-specified Hyperscan: OFF ... Signed-off-by: John Audia