package/snort: security bump to version 2.9.18.1

Fix CVE-2021-40114: Multiple Cisco products are affected by a
vulnerability in the way the Snort detection engine processes ICMP
traffic that could allow an unauthenticated, remote attacker to cause a
denial of service (DoS) condition on an affected device. The
vulnerability is due to improper memory resource management while the
Snort detection engine is processing ICMP packets. An attacker could
exploit this vulnerability by sending a series of ICMP packets through
an affected device. A successful exploit could allow the attacker to
exhaust resources on the affected device, causing the device to reload.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU
https://www.snort.org/downloads/snort/changelog_2.9.18.1.txt

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/snort/0007-Fix-error-when-building-on-a-Fedora-host-machine.patch

@@ -7,6 +7,8 @@ Remove the code that adds unsafe header/library path when
 cross-compiling on a Fedora host machine.
 
 Signed-off-by: Sergio Prado <sergio.prado@e-labworks.com>
+[Fabrice: Update for 2.9.18.1 (also fix build on Centos host machine)]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 ---
  configure.in | 24 ------------------------
  1 file changed, 24 deletions(-)
@@ -15,7 +17,7 @@ diff --git a/configure.in b/configure.in
 index e6586f399898..fb35d4d7e3e3 100644
 --- a/configure.in
 +++ b/configure.in
-@@ -957,30 +957,6 @@ if test "x$enable_dlclose" = "xno"; then
+@@ -957,54 +957,6 @@ if test "x$enable_dlclose" = "xno"; then
      AC_DEFINE([DISABLE_DLCLOSE_FOR_VALGRIND_TESTING],[1],[Don't close opened shared objects for valgrind leak testing of dynamic libraries])
  fi
  
@@ -42,6 +44,30 @@ index e6586f399898..fb35d4d7e3e3 100644
 -        extra_incl="-I/usr/include/tirpc"
 -    fi
 -fi
+-
+-##################################################
+-# Centos 8+ does not have inbuilt SunRPC support  #
+-# in glibc and is separately availble in tirpc   #
+-# package. Make sure we've got the library and   #
+-# link it                                        #
+-##################################################
+-if test -f /etc/centos-release ; then
+-    LINUX_FLAVOUR=$(awk '{ print $1 }' /etc/centos-release)
+-    DISTRO_VERSION=`cut -d ' ' -f 4 /etc/centos-release | cut -d '.' -f 1`
+-    if [[ "$LINUX_FLAVOUR" == "CentOS" ]] && [[ $DISTRO_VERSION -ge 8 ]]; then
+-        TIRPC=""
+-        AC_CHECK_LIB(tirpc,bindresvport,, TIRPC="no")
+-        echo "$TIRPC"
+-        if test "x$TIRPC" = "xno"; then
+-            echo
+-            echo " ERROR! tirpc not found, get it by running "
+-            echo " yum install libtirpc-devel or dnf install libtirpc-devel"
+-            exit
+-        fi
+-        LIBS="${LIBS} -ltirpc"
+-        extra_incl="-I/usr/include/tirpc"
+-    fi
+-fi
 -
  Z_LIB=""
  AC_CHECK_HEADERS(zlib.h,, Z_LIB="no")

package/snort/snort.hash

@@ -1,8 +1,8 @@
 # From https://www.snort.org/downloads/snort/md5s
-md5  006d6b0d71c6c7bd23eac74670f5b4e6  snort-2.9.17.1.tar.gz
+md5  2b4e30300ef6feca1f60c267e727c6c0  snort-2.9.18.1.tar.gz
 
 # Locally computed:
-sha256  303d3d5dc5affecfeaad3a331d3163f901d48d960fdd6598cb55c6d1591eed82  snort-2.9.17.1.tar.gz
+sha256  da8af0f1b2e4f247d970c6a3c0e83fb6dcd5c84faa21aea49f306f269e8e28aa  snort-2.9.18.1.tar.gz
 
 # Hash for license files:
 sha256  f98260a6d3e5ef4ede8a2a6b698e5ac91d64c09243f7171e1c5b17b920a835c7  LICENSE

package/snort/snort.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-SNORT_VERSION = 2.9.17.1
+SNORT_VERSION = 2.9.18.1
 SNORT_SITE = https://www.snort.org/downloads/snort
 SNORT_LICENSE = GPL-2.0
 SNORT_LICENSE_FILES = LICENSE COPYING