--- /dev/null
+--- /dev/null
++++ b/acinclude.m4
+@@ -0,0 +1 @@
++sinclude(m4/libprelude.m4)
--- /dev/null
+--- a/configure.in
++++ b/configure.in
+@@ -163,28 +163,6 @@ else
+ AC_MSG_RESULT(no)
+ fi
+
+-# check for sparc %time register
+-if eval "echo $host_cpu|grep -i sparc >/dev/null"; then
+- OLD_CFLAGS="$CFLAGS"
+- CFLAGS="$CFLAGS -mcpu=v9 "
+- AC_MSG_CHECKING([for sparc %time register])
+- AC_RUN_IFELSE(
+- [AC_LANG_PROGRAM(
+- [[]],
+- [[
+- int val;
+- __asm__ __volatile__("rd %%tick, %0" : "=r"(val));
+- ]])],
+- [sparcv9="yes"],
+- [sparcv9="no"])
+- AC_MSG_RESULT($sparcv9)
+- if test "x$sparcv9" = "xyes"; then
+- AC_DEFINE([SPARCV9], [], [For sparc v9 with %time register])
+- else
+- CFLAGS="$OLD_CFLAGS"
+- fi
+-fi
+-
+ dnl checking headers
+ AC_CHECK_HEADERS(strings.h)
+ AC_CHECK_HEADERS(string.h)
+@@ -282,22 +260,12 @@ AC_CHECK_FUNCS(vswprintf)
+ AC_CHECK_FUNCS(wprintf)
+
+ AC_MSG_CHECKING([for sizeof(unsigned long)])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[],
+-[[
+- if (sizeof(unsigned long) == 8)
+- return 0;
+-
+- return 1;
+-]])],
+-[ulong_is_64_bit="yes"],
+-[ulong_is_64_bit="no"])
+-if test "x$ulong_is_64_bit" = "xyes"; then
+- AC_MSG_RESULT([64 bits])
+- AC_DEFINE([ULONGIS64BIT], [], [If unsigned long is 64 bits])
++AC_CHECK_SIZEOF([unsigned long])
++if test $ac_cv_sizeof_unsigned_long = 8; then
++ AC_MSG_RESULT([64 bits])
++ AC_DEFINE([ULONGIS64BIT], [], [If unsigned long is 64 bits])
+ else
+- AC_MSG_RESULT([32 bits])
++ AC_MSG_RESULT([32 bits])
+ fi
+
+ AC_TRY_COMPILE([
+@@ -412,88 +380,7 @@ if test "x$LPCAP" = "xno"; then
+ fi
+
+
+-# This is to determine which pcap library version is being used. The reason being
+-# that versions < 0.9 do not accumulate packet statistics whereas >= 0.9 do accumulate.
+-# This is Linux only. The check is done after pcre because the code below uses pcre.
+-# It seems Phil Wood's pcap does not accumulate - 0.9x
+-pcap_version_check="yes"
+-if test "x$linux" = "xyes"; then
+- if test "x$pcap_version_check" = "xyes"; then
+- AC_MSG_CHECKING([for libpcap version >= 0.9])
+- AC_RUN_IFELSE(
+- [AC_LANG_PROGRAM(
+- [[
+- #include <pcap.h>
+- #include <string.h>
+- extern char pcap_version[];
+- ]],
+- [[
+- if (strcmp(pcap_version, "0.9x") == 0)
+- return 1;
+-
+- if (strcmp(pcap_version, "0.9.0") < 0)
+- return 1;
+- ]])],
+- [libpcap_version_09="yes"],
+- [libpcap_version_09="no"])
+- AC_MSG_RESULT($libpcap_version_09)
+- if test "x$libpcap_version_09" = "xyes"; then
+- AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats])
+- fi
+- else
+- libpcap_version_09="no"
+- AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats])
+- fi
+-
+- # there is a bug in the Linux code in 0.9.0 - 0.9.4 where the pcap
+- # stats are doubled.
+- if test "x$libpcap_version_09" = "xyes"; then
+- AC_MSG_CHECKING(for libpcap version 0.9.0 - 0.9.4)
+- AC_RUN_IFELSE(
+- [AC_LANG_PROGRAM(
+- [[
+- #include <pcap.h>
+- #include <string.h>
+- extern char pcap_version[];
+- ]],
+- [[
+- if (strcmp(pcap_version, "0.9.5") < 0)
+- return 1;
+- ]])],
+- [libpcap_version_09_bug="no"],
+- [libpcap_version_09_bug="yes"])
+- AC_MSG_RESULT($libpcap_version_09_bug)
+- else
+- libpcap_version_09_bug="no"
+- fi
+-
+- if test "x$libpcap_version_09_bug" = "xyes"; then
+- AC_DEFINE([LINUX_LIBPCAP_DOUBLES_STATS], [], [For Linux libpcap versions 0.9.0 to 0.9.4])
+- fi
+-else
+- AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats])
+-fi
+-
+-# In case INADDR_NONE is not defined (like on Solaris)
+-have_inaddr_none="no"
+-AC_MSG_CHECKING([for INADDR_NONE])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <sys/types.h>
+-#include <netinet/in.h>
+-]],
+-[[
+- if (inet_addr("10,5,2") == INADDR_NONE);
+-]])],
+-[have_inaddr_none="yes"],
+-[have_inaddr_none="no"])
+-AC_MSG_RESULT($have_inaddr_none)
+-if test "x$have_inaddr_none" = "xno"; then
+- AC_DEFINE([INADDR_NONE], [-1], [For INADDR_NONE definition])
+-fi
+-
+-default_directory="/usr /usr/local"
++AC_DEFINE([LIBPCAP_ACCUMULATES], [], [For libpcap versions that accumulate stats])
+
+ AC_DEFUN([FAIL_MESSAGE],[
+ echo
+@@ -745,64 +632,6 @@ if test "x$with_mysql" != "xno"; then
+ LIBS="-lmysqlclient ${LIBS}"
+ fi
+ fi
+-
+- AC_MSG_CHECKING([for mysql default client reconnect])
+-
+- AC_RUN_IFELSE(
+- [AC_LANG_PROGRAM(
+- [[
+- #include <mysql.h>
+- ]],
+- [[
+- if (mysql_get_client_version() < 50003)
+- return 1;
+- ]])],
+- [mysql_default_reconnect="no"],
+- [mysql_default_reconnect="yes"])
+-
+- AC_MSG_RESULT($mysql_default_reconnect)
+-
+- if test "x$mysql_default_reconnect" = "xno"; then
+- AC_MSG_CHECKING([for mysql reconnect option])
+-
+- AC_RUN_IFELSE(
+- [AC_LANG_PROGRAM(
+- [[
+- #include <mysql.h>
+- ]],
+- [[
+- if (mysql_get_client_version() < 50013)
+- return 1;
+- ]])],
+- [mysql_has_reconnect="yes"],
+- [mysql_has_reconnect="no"])
+-
+- AC_MSG_RESULT($mysql_has_reconnect)
+-
+- if test "x$mysql_has_reconnect" = "xyes"; then
+- AC_DEFINE([MYSQL_HAS_OPT_RECONNECT], [], [For MySQL versions 5.0.13 and greater])
+-
+- AC_MSG_CHECKING([for mysql setting of reconnect option before connect bug])
+-
+- AC_RUN_IFELSE(
+- [AC_LANG_PROGRAM(
+- [[
+- #include <mysql.h>
+- ]],
+- [[
+- if (mysql_get_client_version() < 50019)
+- return 1;
+- ]])],
+- [mysql_has_reconnect_bug="no"],
+- [mysql_has_reconnect_bug="yes"])
+-
+- AC_MSG_RESULT($mysql_has_reconnect_bug)
+-
+- if test "x$mysql_has_reconnect_bug" = "xyes"; then
+- AC_DEFINE([MYSQL_HAS_OPT_RECONNECT_BUG], [], [For MySQL versions 5.0.13 to 5.0.18])
+- fi
+- fi
+- fi
+ fi
+
+ AC_ARG_WITH(odbc,
--- /dev/null
+--- a/configure.in
++++ b/configure.in
+@@ -115,7 +115,6 @@ case "$host" in
+ # libpcap doesn't even LOOK at the timeout you give it under Linux
+ AC_DEFINE(PCAP_TIMEOUT_IGNORED,,[Define if PCAP_TIMEOUT_IGNORED])
+ AC_SUBST(extra_incl)
+- extra_incl=-I/usr/include/pcap
+ ;;
+ *-hpux10*|*-hpux11*)
+ AC_DEFINE(HPUX,,[Define if HPUX])
+@@ -719,13 +718,13 @@ AC_ARG_WITH(pgsql_includes,
+
+ if test "x$with_postgresql" != "xno"; then
+ if test "x$with_postgresql" = "xyes"; then
+- postgresql_directory="$default_directory /usr/local/pgsql /usr/pgsql /usr/local"
++ postgresql_directory="$default_directory"
+ postgresql_fail="yes"
+ elif test -d $withval; then
+- postgresql_directory="$withval $default_directory /usr/local/pgsql /usr/pgsql"
++ postgresql_directory="$withval $default_directory"
+ postgresql_fail="yes"
+ elif test "$with_postgresql" = ""; then
+- postgresql_directory="$default_directory /usr/local/pgsql /usr/pgsql"
++ postgresql_directory="$default_directory"
+ postgresql_fail="no"
+ fi
+
+@@ -1040,8 +1039,6 @@ if test "$enable_inline" != "no"; then
+ LIBNET_INC_DIR=""
+ if test -n "$with_libnet_includes" -a "$with_libnet_includes" != "no"; then
+ libnet_dir="${with_libnet_includes}"
+- else
+- libnet_dir="/usr/include /usr/local/include /sw/include"
+ fi
+ AC_MSG_CHECKING("for libnet.h version 1.0.x")
+ for i in $libnet_dir; do
+@@ -1089,7 +1086,6 @@ if test "x$enable_flexresp" != "xno" -a
+ fi
+
+ if test `libnet-config --cflags | wc -c` = "1"; then
+- CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include"
+ LIBNET_CONFIG_BROKEN_CFLAGS="yes"
+ fi
+
+@@ -1097,7 +1093,6 @@ if test "x$enable_flexresp" != "xno" -a
+ AC_MSG_WARN(libnet-config --libs is broken on your system. If you)
+ AC_MSG_WARN(are using a precompiled package please notify the)
+ AC_MSG_WARN(maintainer.)
+- LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib"
+ LIBS="${LIBS} -lnet"
+ fi
+
+@@ -1116,8 +1111,6 @@ if test "x$enable_flexresp" != "xno" -a
+ if test "x${LIBNET_CONFIG_BROKEN_CFLAGS}" = "xyes"; then
+ if test -n "$with_libnet_includes" -a "x$with_libnet_includes" != "xno"; then
+ libnet_dir="${with_libnet_includes}"
+- else
+- libnet_dir="/usr/include /usr/local/include /sw/include"
+ fi
+ else
+ libnet_dir=`libnet-config --cflags | cut -dI -f2`
+@@ -1210,7 +1203,6 @@ if test "x$enable_react" != "xno" -a "x$
+ fi
+
+ if test `libnet-config --cflags | wc -c` = "1"; then
+- CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/sw/include"
+ LIBNET_CONFIG_BROKEN_CFLAGS="yes"
+ fi
+
+@@ -1218,7 +1210,6 @@ if test "x$enable_react" != "xno" -a "x$
+ AC_MSG_WARN(libnet-config --libs is broken on your system. If you)
+ AC_MSG_WARN(are using a precompiled package please notify the)
+ AC_MSG_WARN(maintainer.)
+- LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/sw/lib"
+ LIBS="${LIBS} -lnet"
+ fi
+
+@@ -1237,8 +1228,6 @@ if test "x$enable_react" != "xno" -a "x$
+ if test "x${LIBNET_CONFIG_BROKEN_CFLAGS}" = "xyes"; then
+ if test -n "$with_libnet_includes" -a "x$with_libnet_includes" != "xno"; then
+ libnet_dir="${with_libnet_includes}"
+- else
+- libnet_dir="/usr/include /usr/local/include /sw/include"
+ fi
+ else
+ libnet_dir=`libnet-config --cflags | cut -dI -f2`
-diff --git a/configure b/configure
-index 205be9c..df159e3 100755
--- a/configure
+++ b/configure
@@ -20668,8 +20668,6 @@ cat >>confdefs.h <<\_ACEOF
;;
*-hpux10*|*-hpux11*)
-@@ -26209,7 +26207,6 @@ if test "x$enable_flexresp" != "xno" -a "x$enable_flexresp" = "xyes"; then
+@@ -26218,7 +26216,6 @@ if test "x$enable_flexresp" != "xno" -a
fi
if test `libnet-config --cflags | wc -c` = "1"; then
LIBNET_CONFIG_BROKEN_CFLAGS="yes"
fi
-@@ -26220,7 +26217,6 @@ echo "$as_me: WARNING: libnet-config --libs is broken on your system. If you" >
+@@ -26229,7 +26226,6 @@ echo "$as_me: WARNING: libnet-config --l
echo "$as_me: WARNING: are using a precompiled package please notify the" >&2;}
{ echo "$as_me:$LINENO: WARNING: maintainer." >&5
echo "$as_me: WARNING: maintainer." >&2;}
LIBS="${LIBS} -lnet"
fi
-@@ -26795,7 +26791,6 @@ if test "x$enable_react" != "xno" -a "x$enable_react" = "xyes"; then
+@@ -26804,7 +26800,6 @@ if test "x$enable_react" != "xno" -a "x$
fi
if test `libnet-config --cflags | wc -c` = "1"; then
LIBNET_CONFIG_BROKEN_CFLAGS="yes"
fi
-@@ -26806,7 +26801,6 @@ echo "$as_me: WARNING: libnet-config --libs is broken on your system. If you" >
+@@ -26815,7 +26810,6 @@ echo "$as_me: WARNING: libnet-config --l
echo "$as_me: WARNING: are using a precompiled package please notify the" >&2;}
{ echo "$as_me:$LINENO: WARNING: maintainer." >&5
echo "$as_me: WARNING: maintainer." >&2;}
--- a/configure
+++ b/configure
-@@ -20770,8 +20770,7 @@
+@@ -20768,8 +20768,7 @@ echo $ECHO_N "checking for sparc %time r
{ { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
See \`config.log' for more details." >&5
echo "$as_me: error: cannot run test program while cross compiling
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
-@@ -22981,8 +22980,7 @@
+@@ -22979,8 +22978,7 @@ if test "$cross_compiling" = yes; then
{ { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
See \`config.log' for more details." >&5
echo "$as_me: error: cannot run test program while cross compiling
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
-@@ -23766,8 +23764,7 @@
+@@ -23764,8 +23762,7 @@ echo $ECHO_N "checking for libpcap versi
{ { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
See \`config.log' for more details." >&5
echo "$as_me: error: cannot run test program while cross compiling
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
-@@ -23854,8 +23851,7 @@
+@@ -23852,8 +23849,7 @@ echo $ECHO_N "checking for libpcap versi
{ { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
See \`config.log' for more details." >&5
echo "$as_me: error: cannot run test program while cross compiling
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
-diff -urN snort-2.8.4.1/configure snort-2.8.4.1.new/configure
---- snort-2.8.4.1/configure 2009-04-21 21:39:16.000000000 +0200
-+++ snort-2.8.4.1.new/configure 2009-07-12 19:59:26.000000000 +0200
-@@ -23766,8 +23766,7 @@
+@@ -23939,8 +23935,7 @@ if test "$cross_compiling" = yes; then
{ { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
See \`config.log' for more details." >&5
echo "$as_me: error: cannot run test program while cross compiling
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
---- snort-2.8.4.1/configure 2009-07-12 20:33:36.000000000 +0200
-+++ snort-2.8.4.1.new/configure 2009-07-12 20:34:10.000000000 +0200
-@@ -24651,8 +24651,7 @@
+@@ -24654,8 +24649,7 @@ echo $ECHO_N "checking for mysql default
{ { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
See \`config.log' for more details." >&5
echo "$as_me: error: cannot run test program while cross compiling
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
-@@ -24719,8 +24718,7 @@
+@@ -24722,8 +24716,7 @@ echo $ECHO_N "checking for mysql reconne
{ { echo "$as_me:$LINENO: error: cannot run test program while cross compiling
See \`config.log' for more details." >&5
echo "$as_me: error: cannot run test program while cross compiling
--- a/src/snort.c
+++ b/src/snort.c
-@@ -4140,7 +4140,7 @@
+@@ -4198,7 +4198,7 @@ static char *ConfigFileSearch(void)
{
struct stat st;
int i;
char *fname = NULL;
char *rval = NULL;
-@@ -4159,30 +4159,6 @@
+@@ -4217,30 +4217,6 @@ static char *ConfigFileSearch(void)
i++;
}
-Index: snort-2.8.4.1/etc/snort.conf
-===================================================================
---- snort-2.8.4.1.orig/etc/snort.conf 2009-04-21 21:39:51.000000000 +0200
-+++ snort-2.8.4.1/etc/snort.conf 2009-07-12 19:54:47.000000000 +0200
+--- a/etc/snort.conf
++++ b/etc/snort.conf
@@ -6,6 +6,7 @@
#
###################################################
# Configure your server lists. This allows snort to only look for attacks to
# systems that have a service up. Why look for HTTP attacks if you are not
-@@ -107,8 +108,8 @@
+@@ -107,8 +108,8 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28.
# Path to your rules files (this can be a relative path)
# Note for Windows users: You are advised to make this an absolute path,
# such as: c:\snort\rules
# Configure the snort decoder
# ============================
-@@ -307,11 +308,11 @@
+@@ -307,11 +308,11 @@ preprocessor stream5_tcp: policy first,
# lots of options available here. See doc/README.http_inspect.
# unicode.map should be wherever your snort.conf lives, or given
# a full path to where snort can find it.
#
# Example unique server configuration
-@@ -345,7 +346,7 @@
+@@ -345,7 +346,7 @@ preprocessor http_inspect_server: server
# no_alert_incomplete - don't alert when a single segment
# exceeds the current packet size
# bo: Back Orifice detector
# -------------------------
-@@ -368,7 +369,7 @@
+@@ -368,7 +369,7 @@ preprocessor rpc_decode: 111 32771
# 3 Back Orifice Server Traffic Detected
# 4 Back Orifice Snort Buffer Attack
# ftp_telnet: FTP & Telnet normalizer, protocol enforcement and buff overflow
# ---------------------------------------------------------------------------
-@@ -391,32 +392,32 @@
+@@ -391,32 +392,32 @@ preprocessor bo
# or use commandline option
# --dynamic-preprocessor-lib <full path to libsf_ftptelnet_preproc.so>
# smtp: SMTP normalizer, protocol enforcement and buffer overflow
# ---------------------------------------------------------------------------
-@@ -434,15 +435,15 @@
+@@ -434,15 +435,15 @@ preprocessor ftp_telnet_protocol: ftp cl
# or use commandline option
# --dynamic-preprocessor-lib <full path to libsf_smtp_preproc.so>
# sfPortscan
# ----------
-@@ -498,9 +499,9 @@
+@@ -498,9 +499,9 @@ preprocessor smtp: \
# false alerts, especially under heavy load with dropped packets; which is why
# the option is off by default.
#
# arpspoof
#----------------------------------------
-@@ -623,9 +624,9 @@
+@@ -623,9 +624,9 @@ preprocessor dcerpc2_server: default
# or use commandline option
# --dynamic-preprocessor-lib <full path to libsf_dns_preproc.so>
# SSL
#----------------------------------------
-@@ -649,7 +650,7 @@
+@@ -649,7 +650,7 @@ preprocessor dns: \
# To add reassembly on port 443 to Stream5, use 'port both 443' in the
# Stream5 configuration.
####################################################################
-@@ -811,41 +812,41 @@
+@@ -811,41 +812,41 @@ include $RULE_PATH/local.rules
include $RULE_PATH/bad-traffic.rules
include $RULE_PATH/exploit.rules
include $RULE_PATH/scan.rules
# include $RULE_PATH/web-attacks.rules
# include $RULE_PATH/backdoor.rules
# include $RULE_PATH/shellcode.rules
-@@ -859,7 +860,7 @@
+@@ -859,7 +860,7 @@ include $RULE_PATH/other-ids.rules
# include $RULE_PATH/p2p.rules
# include $RULE_PATH/spyware-put.rules
# include $RULE_PATH/specific-threats.rules