On Tue, 2010-11-09 at 17:58 +0100, Pierre Chifflier wrote: > Suricata 1.0.2 was released after the freeze, and it fixes several > bugs (exactly, "half a dozen TCP evasions"). > See http://www.packetstan.com/2010/09/suricata-tcp-evasions.html > > The git commits are more or less exactly the fixes, so I am proposing to > unblock > suricata 1.0.2 since porting the fixes would be equivalent to the > entire release ..
>From a quick look at the diff, and the upstream release announcement, I have to admit that my initial impression is that there's quite a bit more than the security fixes here. The raw diffstat (some of which is indentation and layout changes, variable renaming, etc.) is: 53 files changed, 7819 insertions(+), 397 deletions(-) and the release announcement includes (with extracts from the diffstat added): - Added an SSH application layer module, improving performance and accuracy src/app-layer-ssh.c | 1787 ++++++++++++++++++++++++++++++++++++++ src/app-layer-ssh.h | 98 ++ - Added two new SSH rule keywords: "ssh.protoversion" and "ssh.softwareversion" src/detect-ssh-proto-version.c | 668 ++++++++++++++ src/detect-ssh-proto-version.h | 40 src/detect-ssh-software-version.c | 629 +++++++++++++ src/detect-ssh-software-version.h | 37 - Added support for missing HTTP related PCRE modifiers /H, /M and /C (bug #220) src/detect-pcre.c | 1728 +++++++++++++++++++++++++++++++++++- src/detect-pcre.h | 27 Not all of the changes to detect-pcre.* are for that change, admittedly. The other files are easier to judge, as they're completely new. Even if we completely ignore the changes to detect-pcre.*, we're still looking at over 3000 lines of new code implementing new features. I realise the new version has been in unstable for over a month now, but I'm a little uneasy about just unblocking it at this stage. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
