snort (2.9.15.1-6) unstable; urgency=medium * debian/rules: Rename the cron.daily script from snort-common to 0snort-common * debian/snort-common.{pre,post}inst, debian/snort-common.postrm: Move the cron.daily snort-common file to cron.daily/0snort-common in order for Snort to send reports to the system administrator. With the previous setup logrotate was running before snort-common which left the log file to 0 bytes and prevent the package from sending any email reports (Closes: #991977) * debian/snort-common.preinst, debian/snort-common.postrm: Apply patch provided by Andreas Beckmann to call dpkg-maintscript-helper for all actions (Closes: #991630) * Fix FTCBFS with patch provided by Helmut Grohne: (Closes: #977394) + Pass reasonable --build and --host to configure. + cross.patch: Replace a number of AC_RUN_IFELSE with cross-compatible variants. * debian/control: Update to Standards Version 4.6.0 (no changes) * debian/patches/snort_binary_typos: New patch fixing typos detected by lintian in the snort binary and libraries * debian/snort-rules-default.README.Debian: Fix typo [lintian fix] * Add debian/upstream/metadata (pointing to Snort 3 as there is no Snort 2.x code repository available) -- Javier Fernández-Sanguino Peña Sun, 05 Sep 2021 15:38:14 +0200 snort (2.9.15.1-5) unstable; urgency=medium * debian/snort-common.{preinst,postinst,postrm}: - Handle using dpkg-maintscript-helper mv_conffile the relocation of the cronjob /etc/cron.daily/5snort to /etc/cron.daily/snort-common instead of moving it manually to prevent dpkg from prompting the user upon upgrades from older snort version. Thank you Chris Hofstaedtler for the tip (Closes: #984614) * debian/control: Add Pre-Depends: dpkg (>= 1.17.14) as we are now using dpkg-maintscript-helper * debian/snort-common.{postrm,preinst}, debian/snort.{postinst,postrm,preinst,prerm}: Add DEBIAN_SCRIPT_DEBUG to all maintainer scripts * debian/snort.logrotate: Correct name of the alert files (snort.alert and not 'alert') this error prevented files from being properly logrotated * configure.in: Added patch to check if rpc/rpc.h is required and is provided by libtirpc-dev to warn Ubuntu users that libtirpc-dev is required. Note: not added libtirpc-dev to Build-Depends as Debian's glibc6-dev includes the RPC headers (LP: #1906572) * debian/patches/decoding_do_not_assume_ipv4: Add patch provided by Hugh Davenport to not assume that all raw packets are IPv4 packets. (Closes: 633066) -- Javier Fernández-Sanguino Peña Sat, 10 Apr 2021 22:55:04 +0200 snort (2.9.15.1-4) unstable; urgency=high * debian/snort.docs, debian/snort-doc.docs debian/rules: Add README.csv and README.PLUGINS to the snort package and remove from the snort-doc. This fixes errors when upgrading from 2.9.7.0-5 which included these documents. (Closes: #959858) * debian/patches/fix_compile_errors: Add a patch to fix a compile error * debian/rules: Disable performance profiling to fix a compile error when linking (and also because it is not required in production systems) * debian/snort.postinst: Replace tempfile (deprecated) with mktemp * debian/snort.install: Add the binaries from the debian/tmp to avoid errors from dh_missing -- Javier Fernández-Sanguino Peña Sun, 06 Dec 2020 17:23:14 +0100 snort (2.9.15.1-3) unstable; urgency=medium * debian/watch: Created new file to watch for new versions * debian/snort.logrotate: Added missing snort log files to the logrotate script (e.g. /var/log/snort/snort.alert.fast) and include contents similar to the logrotate distributed in rpm packages (rpm/snort.logrotate) * debian/rules, debian/snort-common-libraries.dirs, debian/patches/config: Do not use multi-arch directories for the Snort libraries, instead, locate all of the compiled under libraries /usr/lib/snort (Closes: #962275) This fixes the error "FATAL ERROR: /etc/snort/snort.conf(271) Could not stat dynamic module path "/usr/lib/i386-linux-gnu/snort_dynamicpreprocessor/": No such file or directory" (LP: #1901466, #1902405, #1905164) * debian/rules: Drop configure options which are not anymore relevant * debian/po: - Update Dutch translation, thanks to Frans Spiesschaert (Closes: #961214) - Update German translation, thanks to Chris Leick (Closes: #958766) * Convert from ISO-8859-1 to UTF-8 several files under debian: debian/my/FAQ.txt, debian/po/ca.po, debian/po/es.po [Lintian fix] * debian/control: - Remove dh-autoreconf as it is no longer required [Lintian fix] - Remove duplicate Priority in snort-doc [Lintian fix] * debian/patches/signature_documentation: Add description [Lintian fix] -- Javier Fernández-Sanguino Peña Sun, 19 Jul 2020 14:54:29 +0200 snort (2.9.15.1-2) unstable; urgency=medium * debian/control: - Add libssl-dev as Build-Dep (Closes:#956812) - Update Standards version - Fix Git-VCS url - Make snort-doc Multi-Arch: foreign * debian/patches/documentation_debian: Document the use of /etc/default/snort -- Javier Fernández-Sanguino Peña Sat, 18 Apr 2020 11:56:13 +0200 snort (2.9.15.1-1) unstable; urgency=medium * Updated to latest upstream release (Closes: #861842, #827593) (LP: #1669257) * debian/patches: Refresh patches with changes of new release - config: Update location of libraries from /usr/lib/snort_dynamicengine/ to usr/lib/i386-linux-gnu/snort_dynamicengine/ * debian/compat Use debhelper compatibility version 12 * debian/rules: Switch to dh - Fixes build errors with the PDF file (Closes: #952296) - Fixes configure for the build architecture (Closes: #902554) * debian/control: - Update sources to point to new repository in Salsa - Add additional libraries required by the latest upstream - Add dependency on lsb-base in snort as it ships a init.d file - Move to https homepage * debian/{snort-doc.doc-base.manual,snort-doc.doc-base.paper}: Adjust file to new location of file at /usr/doc/snort (was /usr/doc/snort-doc) * debian/snort.logrotate: Created to install the logrotate file using debhelper * rename snort.cron.daily to snort-common.cron.daily so it is install in the snort-common package by debelper * debian/snort.preinst: - Instead of recursively changing the logdir change the logdir first and then all the files in it (if any) [lintian fix] * debian/snort-doc.docs: Remove documents that are already provided by the snort package * debian/{snort.init-d,snort.postinst}: Use /run instead of /var/run and place the PIDFILES under /run/snort, creating it if it is required. Also provide the pidfile location to the Snort program, otherwise it would be created in /var/log/snort/ (LP: #1006982) * debian/snort.init-d: Do not set a default value for DEBIAN_SNORT_HOME_NET, if it is not defined then the value is not passed over to Snort. This allows users to set an empty value and define the configuration in /etc/snort/snort.conf (or /etc/snort/snort.$interface.conf instead. (LP: #566543) * debian/copyright: Update list of maintainers as well as copyright holders * debian/patches/documentation_debian: Create a patch to document Debian specific changes and configuration (e.g. alert and logging) describing how to read the Snort logs (Closes: 910452) * debian/patches/config: Change the configuration to also log an alert file log and log also alerts to Syslog * debian/snort.config: - Try to find the system network interface instead of using a default (eth0) name. This should make unattended package installation work for those systems indepently of how their network names are defined (e.g. laptops). This was suggested by Thomas d'Otreppe in the Ubuntu bugs and based on the number of bugs in Ubuntu appears to be a fairly common need. (LP: #996450, #95868, #876616, #655116, #642682, #585523) (LP: #572639, #524992, #477590, #465387, #465340, #402936) (LP: #290456, #1805338, #1794931, #1791438, #1771690, #1756664) (LP: #1735010, #1710478, #1707324, #1626325, #1604184, #1588960) (LP: #1570517, #1484733, #1398969, #1310182, #1273021, #1231833) (LP: #1222754, #1215408, #1207981, #1207237, #1181514, #1175892) (LP: #1175264, #1161358, #1158169, #1116013, #1065121, #1064478) (LP: #1061459, #1031917, #1905137, #1897344, #1896849, #1882601) (LP: #1881141, #1877638) - Add also debugging messages as, based on the number of reports in Ubuntu, there seems to be many cases where the users install the package (with high debconf priority) and the proper network interface is not defined, leading to errors in Snort startup. This should help debuggin better automated bug reports by providing more information. - Remove code fixing obsolete options from 2.8.5.2-2 as this version is already quite old (LP: #996450) * debian/snort.preinst: Enable debugging using $DEBIAN_SCRIPT_DEBUG variable as already used in snort.config and snort.postint * debian/snort.debian.conf: Document the configuration file better and remove references to the flavour packages as these were removed already in 2.9.3.1-1 * debian/po: Update pt_BR translation (Closes: #816964) * debian/po: Update ES translation * debian/patches/config, debian/snort-common.cron.daily, debian/snort-stat.8: Add a new log file for fast alert logging under /var/log/snort/snort.alert.fast to be used by the snort-stat script. Adjust the default configuration, the manual page accordingly. This should fix the issues encountered when enabling the daily reports. (Closes: #862100) * debian/patches/config_disabled_rules: refresh and disable also ICMP informational rules (very chatty in normal environments, but useful for debugging Snort) -- Javier Fernández-Sanguino Peña Wed, 25 Mar 2020 21:59:30 +0100 snort (2.9.7.3-1) unstable; urgency=low * New upstream release -- Javier Fernández-Sanguino Peña Tue, 30 Jun 2015 01:07:59 +0200 snort (2.9.7.0-5) unstable; urgency=medium * debian/control: Depend on perl, not perl-modules (Closes: #779126) -- Javier Fernández-Sanguino Peña Tue, 30 Jun 2015 00:54:42 +0200 snort (2.9.7.0-4) unstable; urgency=low * debian/control: Updated deprecated VCs URL to git://anonscm.debian.org/pkg-snort/pkg-snort.git * Include Snort tools u2boat and u2spewfoo to parse Unified2 log format files (Closes: #770882) (LP: #1246952) - debian/snort.install: Install the files in the Snort package - debian/{u2boat,u2spewfoo}.1 create new manpages for the tools - debian/snort.manpages: add the new manpages to the package - debian/snort.dirs: create usr/bin/ for the new tools * debian/rules: - Use dh_prep instead of dh_clean -k * debian/snort.manpages: Add the manpage for snort-stat, which was not included in the snort package (but the script was) * Rebuild with the latest daq library upstream (libdaq2). Libdaq0 is deprecated/obsolete and not maintained upstrea -- Javier Fernández-Sanguino Peña Tue, 09 Dec 2014 20:37:03 +0100 snort (2.9.7.0-3) unstable; urgency=high * debian/control: - Add pkg-config in Build-Depends, it provides the PKG_CHECK_MODULES macro used in configure.in. This fixes a FTBFS observed in the buildds - Add libzma-dev dependency in Build-Depends as it is used in configure.in if available -- Javier Fernández-Sanguino Peña Fri, 24 Oct 2014 23:04:34 +0200 snort (2.9.7.0-2) unstable; urgency=high * The new upstream release, as seen with the previous upload, fixes the Out of Memory errors found in buildds when building (Closes: #765637) * debian/control: Add zlib1g-dev dependency in Build-Depends to fix FTFBFS -- Javier Fernández-Sanguino Peña Fri, 24 Oct 2014 16:14:20 +0200 snort (2.9.7.0-1) unstable; urgency=high * Upgrade to latest upstream version. Rules updates have been dropped by Snort upstream for older releases. Snort 2.9.5.3 is not supported for rule updates since December 2013 (Closes: #753915) (LP: #1402159) For more information see: https://www.snort.org/eol * debian/patches/{config,config_disabled_rules,fix_upstream_typos}: Refresh to apply to the newest source * debian/rules: + Use dpkg-buildflags to setup the defult compiler and link flags. + Enable hardening options when building * debian/control: Build-Depend on (dpkg-dev >= 1.16.1~) due to above change * debian/patches/configure_werror: New patch to fix configure.in so that it can work properly when setting the hardening flags * debian/patches/hardening_werror: New patch to fix issues found when building with -Werror * Debconf updated Translations: - Updated Dutch translation, contributed by Frans Spiesschaert (Closes: #764319) -- Javier Fernández-Sanguino Peña Fri, 24 Oct 2014 02:04:35 +0200 snort (2.9.5.3-4) unstable; urgency=medium * debian/control: Drop libgnutls-dev, as it is not longer required and it is scheduled for removal in sid, and (apparently) uninstallable. (Closes: #764108) * debian/control, debian/rules: Run dh-autoreconf when building to update config.{sub, guess} and {libtool, aclocal}.m4 (Closes: #748713) * debian/snort.init.d: Change the permissions of the snort PIDFILE once snort is started in order to prevent the following error messages when snort is *re*started: snort[xxxx]: Could not remove pid file /var/run//snort_eth0.pid: Permission denied (Closes: #753914) * debian/snort-stat.8: Fix filename of the alert log file and point to the correct location. (Closes: #709246) * Debconf updated Translations: - Updated Russian translation, contributed by Yuri Kozlov (Closes: 729710, #721483) -- Javier Fernández-Sanguino Peña Mon, 06 Oct 2014 20:11:15 +0200 snort (2.9.5.3-3) unstable; urgency=low * debian/control: Add texlive-binaries and texlive-font-utils to Build-Depends-Indep to make sure that buildds have the binaries required to build the documentation as suggested by Hideki Yamane. Kept the texlive metapackage however in debian/control just int case. (Closes: 713254) * Debconf updated Translations: - Updated Russian translation, contributed by Yuri Kozlov (Closes: 722987) -- Javier Fernández-Sanguino Peña Mon, 21 Oct 2013 19:39:20 +0200 snort (2.9.5.3-2) unstable; urgency=low * Debconf templates and debian/control reviewed by the debian-l10n-english team as part of the Smith review project. (Closes: 720061) * Debconf updated Translations: - Update Spanish translation, contributed by Javier Fernandez-Sanguino - Updated Russian translation, contributed by Yuri Kozlov (Closes: 722987) - Updated German translation, contributed by Chris Leick (Closes: 723769) - Updated Portuguese translation, contributed by Miguel Figueiredo (Closes: 723779) - Add Simplified Chinese debconf, contributed by Yi Mingjing (Closes: 723818) - Updated Czech translation, contributed by Michal Šimůnek (Closes: 724289) - Updated French translation, contributed by JP Guillonneau (Closes: 724300) - Updated Janapese translation (Closes: 724706) - Updated Italian translation provided by Daniele Forsi (Closes: 724707) - Updated Danish translation provided by Joe Hansen (Closes: 724932) - Updated Swedish translation provided by Martin Bagge (Closes: 725104) -- Javier Fernández-Sanguino Peña Tue, 24 Sep 2013 03:39:00 +0200 snort (2.9.5.3-1) unstable; urgency=low * New upstream release. - Remove faq from the build since it is no longer provided upstream * Lintian fix typo in debian/snort-rules-default.README.Debian * debian/patches: Refresh all patches with new upstream - config_disabled_rules: Disable more .rules files which are not provided in the upstream sources (but might be in the VRT Sourcefire) * debian/control: Add latex2html to Build-Depends-Indep as the html.sty file is required for building the documentation -- Javier Fernández-Sanguino Peña Fri, 16 Aug 2013 20:51:02 +0200 snort (2.9.3.1-1) experimental; urgency=low * New upstream release, target towards experimental due to the current freeze. * The most relevant change in this release is that support by Snort to output directly in a database has been dropped, which means that the snort-pgsql and snort-mysql packages are no longer possible. This is documented in the NEWS file. Also relevant is that support for Prelude is no longer available. * Since this release does not include the snort database packages any longer, bugs associated with them are no longer relevant (Closes: #526511, #567495, #292699, #276565, #527113, #388963, #388962, #321046, #369951) * debian/rules: Update the configuration options to adjust to those used in the snort.conf script provided upstream * debian/patches/fix_upstream_typos: Do typo fixes to more source files * debian/patches/config: Add more comments in the default configuration file, enable at least one output plugin (unified2) and set some configurations values as recommended in Jason Weir's "Building a Debian\Snort based IDS" available in http://www.snort.org/docs (Closes: #193544) * debian/patches/*: Refresh the patches to apply to the new upstream release * debian/po/*: Refresh all templates since the previous templates for database configuration have gone along with the snort database 'flavor' packages. * debian/snort-common.preinst: Remove the /etc/snort/database.conf on upgrades * debian/snort.preinst: Control output of usermod * debian/snort-common.{config,templates}: - Add code to detect old configuration files with content (which might happen on upgrades to 2.9.3 coming from the snort-mysql or snort-pgsql packages) and warn the user if they exist. - Update the list of valid preprocessors for this release -- Javier Fernández-Sanguino Peña Wed, 08 Aug 2012 22:12:35 +0200 snort (2.9.2.2-3) unstable; urgency=medium [ Upload target towards Wheezy fixing some important bugs and substantially improving the information provided on the packages to clarify user expectations ] * Acknowledge previous NMU * debian/patches/config: Update the patch to: - use absolute paths instead of relative paths to point to the white list and black list used by the reputation pre-processor. - disable the reputation as we do not ship any white/black lists by default (which causes it to fail at startup) and also because this preprocessor is experimental. Both changes fix the bug that prevented the package from being configured due to errors when starting up Snort with the default configuration (Closes: #677810) - Add a comment to /etc/snort/snort.conf documenting for users reading the file that preinstalled rules are surely out of date. * debian/patches/config_disabled_rules: Comment out shellcode rules as these have a huge impact in performance unless properly tuned. * debian/patches/rules: Fix the definition of many SIP rules (defined as 'alert ip any any'. These were generating a lot of false positives in environment were enabled. Regardless of the change comment out SIP rules since they are outdate can generate many false alarms unless properly defined. (Closes: #626596, #680303). * debian/control: Adjust description of snort-rules-default to indicate users that the ruleset provided should not be considered up-to-date. Encourage users to obtain additional/upgraded rules elsewhere. * debian/snort-rules-default.README.Debian: Include more information to potential users on the issues related to the default ruleset provided (and why it is out of date) as well as pointers as to where obtain additional rulesets. Some of this information is also in the NEWS file but is easy to miss to new users. -- Javier Fernández-Sanguino Peña Tue, 07 Aug 2012 23:53:24 +0200 snort (2.9.2.2-2.1) unstable; urgency=low [ gregor herrmann ] * Non-maintainer upload. * Drop quilt framework, the package uses source format "3.0 (quilt)". * Fix FBTFS when called with build-arch: - don't remove configure-stamp in debian/clean_sources.sh; otherwise build-basic gets called again - update target dependencies in debian/rules -- Nicholas Bamber Fri, 22 Jun 2012 10:49:16 +0100 snort (2.9.2.2-2) unstable; urgency=low * Fix "FTBFS with multiarch libmysqlclient-dev" using the patch supplied by Gregor Herrmann : + apply patch from Ubuntu / Jean-Louis Dupond: - debian/rules: use mysql_config to find libraries to fix FTBFS with multiarch libmysqlclient. + debian/control: Build-Depends: drop virtual libmysqlclient15-dev, make libmysqlclient-dev versioned to get mysql_config's --variable= switch. (Closes: #650060) -- Javier Fernández-Sanguino Peña Sun, 02 Jun 2012 17:56:00 +0200 snort (2.9.2.2-1) unstable; urgency=low * New upstream version (bug fix release) (Closes: #666125) - Provides portvar $FILE_DATA_PORTS in etc/snort.conf (Closes: #661944) * Acknowledge NMU (Closes: #669524) * debian/check-snort-conf.sh: New script to check the validity of the etc/snort.conf file provided * debian/patches/series, debian/patches/config_disabled_rules, debian/patches/config: Create independent patch to comment the rules files which are not provided in the Debian package. -- Javier Fernández-Sanguino Peña Sun, 06 May 2012 01:01:30 +0200 snort (2.9.2-3.1) unstable; urgency=low * Non-maintainer upload. * Correct tex .sty path (Closes: #669524) -- Emfox Zhou Mon, 30 Apr 2012 15:57:48 +0800 snort (2.9.2-4) unstable; urgency=low * Fix typo (appropiate --> apppropriate) in all the Snort templates. Also update translations and manually unfuzzy them -- Javier Fernandez-Sanguino Pen~a Tue, 14 Feb 2012 00:38:01 +0100 snort (2.9.2-3) unstable; urgency=low * Restore code from the 2.8.5.2-5 package onwards which was lost when the version of experimental was moved to the archive. - Now /var/lib/snort is created through package configuration, as it should have been - Remove md5sum files when purging (Closes: #657038) * debian/rules: - Enable IPv6 support which was optional in version 2.8 for the Snort binary package. This is not enabled for the database binary packages (snort-pgsql and snort-mysql) as the database schemas do not support IPv6. (Closes: #633064) (LP: #703707) - Include the quilt makefile and add dependencies in -stamp and clean targets * debian/snort.init.d: - Do not abort if the package is not configured to use a database but the db-pending-config semaphore is found. Remove it instead and continue. This can happen if a database-related package was installed, removed and then 'snort' is installed afterwards. (LP: #316878, #639755, #722488, #754230, #798608, #876615, #816634) (LP: #891904, #918250) * debian/snort-{mysql,pgsql}.postrm: - Remove the db-pending-config semaphore file when removing the package. This prevents errors with the snort.init.d logic if a database package is left unconfigured and then replaced with the snort (non-database) package. * debian/README-database.Debian: Indicate that database support will be deprecated in 2.9 and document that IPv6 is not supported either * debian/control: - Add Build-Depends on quilt - Add VCS entries - Put the complete maintainer's name in UTF-8 - Change Uploaders, add Andrew Pollock and remove Pascal Hakim - Update Standards Version -- Javier Fernández-Sanguino Peña Wed, 25 Jan 2012 22:24:30 +0100 snort (2.9.2-2) unstable; urgency=low * debian/control: Add net-tools to Depends: of snort, snort-mysql and snort-pgsql since 'ifconfig' is required for the configuration script to work. (Closes: #656445) * debian/snort{,-mysql,-psql}.postinst: Create the checksum directory if it does not exist right at the beginning since it might not be created. (Closes: #656445) -- Javier Fernandez-Sanguino Pen~a Thu, 19 Jan 2012 20:34:02 +0100 snort (2.9.2-1) unstable; urgency=low [ Andrew Pollock ] * New upstream release, upload to unstable - Fixes CVE-2009-3641: DoS while printing specially-crafted IPv6 packet using the -v option (Closes: 553584) - The package no longer build-depends on iptables-dev and the negated list of architectures is no longer used (Closes: 634660) - debian/patches/config: Patch the configuration file to remove include files not currently available (Closes: #619446) - This version is fully supported rule-wise (LP: #872582) * Switch to dpkg-source 3.0 (quilt) format * Port across all changes from Snort 2.8.5.2-5 and later in unstable * debian/snort.postinst: create the directory that the checksum for snort.debian.conf will be created in if it doesn't already exist * debian/rules: tell dh_makeshlibs to not call ldconfig in the preinst/postinst of snort-common-libraries * debian/rules: don't install README.WIN32 into snort-doc [ Javier Fernandez-Sanguino Peña ] * debian/rules: - Set enable-zlib when configuring all packages to force it to be enabled as this is required by the http_inspect preprocessor which is enabled by default (Closes: #631854) - Included (commented) the patch provided by Clint Byrum and included in Ubuntu to prevent snort from FTFS with libmysqlclient-dev which will be multiarch in the future. The patch uses mysql_config to find libraries to fix FTBFS with multiarch libmysqlclient. Not enabled since the version of libmysqlclient in unstable currently does not support the --variable=pkglibdir option * debian/snort{,-inline}.config: Use LC_ALL=C when calling ifconfig to make the postinst work when ifconfig's output is internationalised (Closes: 577033) * debian/control: Fix link in the rules package, point to http://www.snort.org/snort-rules/ (Closes: 646547) * debian/my/snort-stat: Modify so that alerts with Priority but without classification are analysed when parsing syslog information. Also set the class to 'Undefined' instead of leaving it empty. (Closes: 590061) * po-debconf translation updates: - Danish, provided by Joe Dalton (Closes: 638678) - Dutch, provided by Jeroen Schot (Closes: 654239) -- Javier Fernandez-Sanguino Pen~a Fri, 13 Jan 2012 21:54:25 +0100 snort (2.8.5.2-9.1) unstable; urgency=low * Non-maintainer upload. * Empty dependency_libs in libtool la file(s). http://wiki.debian.org/ReleaseGoals/LAFileRemoval Closes: #621859 -- Andreas Metzler Sat, 18 Jun 2011 14:08:33 +0200 snort (2.8.5.2-9) unstable; urgency=low * debian/rules: Change gs-common Build-Depends-Indep to ghostscript fo fix FTBFS, thanks to Andreas Metzler for the solution. (Closes: 618197) -- Javier Fernandez-Sanguino Pen~a Sun, 10 Apr 2011 10:57:55 +0200 snort (2.8.5.2-8) unstable; urgency=low * debian/snort{,-mysql,-pgsql}.config: Remove the '-o' from DEBIAN_SNORT_OPTIONS that was prepended by the postinst script in version 2.8.5.2-2 on upgrades. * debian/snort{,-mysql,-pgsql}.prerm: Change /usr/sbin/nessus to /usr/sbin/snort -- Javier Fernandez-Sanguino Pen~a Thu, 22 Jan 2011 12:18:03 +0100 snort (2.8.5.2-7) unstable; urgency=low * debian/snort{,-mysql,-pgsql}.config: Remove the '-p' from DEBIAN_SNORT_OPTIONS that is prepended by the postinst script (if disable promiscuous is set) before adding it to the debconf value to prevent this option from being readded again and again on reinstall. (Closes: #608635) * debian/snort{,-mysql,-pgsql}.postinst: Remove the temporary file used to test if the configuration files has not been modified when upgrading to a new version. -- Javier Fernandez-Sanguino Pen~a Sun, 02 Jan 2011 20:47:26 +0100 snort (2.8.5.2-6) unstable; urgency=high * debian/snort{,-mysql,-pgsql}.postinst: Introduce code to be able to manage the situation in which a local admin has introduced changes in the /etc/snort/snort.debian.conf configuration file manually. Keep the local changes and leave the file untouched on upgrades. (Closes: #608590) * debian/snort-{mysql,-pgsql}.postinst: - Introduce code to be able to manage the situation in which a local admin has introduced changes in /etc/snort/database.conf and has not used dpkg-reconfigure. Keep the local changes and do not touch the file on upgrades. - Generate the database.conf regardless of the status of the db-pending-config file as we need the configuration file in any case. * debian/snort{,-mysql,-pgsql}.config: Read the values of the configuration file /etc/snort/snort.debian.conf and use them to set to preseed all the debconf values. This ensures that local changes are reloaded into debconf if any changes are made in the file and makes it possible to regenerate the file with dpkg-reconfigure. * debian/snort{,-mysql,-inline,-pgsq}.config: Make it possible to debug the scripts through the use of the DEBIAN_SCRIPT_DEBUG environment variable * debian/snort-{mysql,pgsql}.config: Fix error in call of template which belongs to the snort package. Use the proper template now. * debian/README-database.Debian: Fix syntax error in MySQL example calls and reword the text a bit to clarify that the provided information are just examples on how to setup the databases. * debian/po/: Use debconf-updatepo to remove obsolete translations from PO files. * debian/NEWS: Remove the indication that database.conf should not be manually edited. -- Javier Fernandez-Sanguino Pen~a Sat, 01 Jan 2011 23:40:30 +0100 snort (2.8.5.2-5) unstable; urgency=high * Final RC bug fix: * snort-common: Create the database.conf file on package's configuration not on the preinstallation script (Closes: #607801) * Lintian fixes: * debian/control: Upgrade standards version, no changes required * debian/snort.init.d: add $remote_fs to Required-Start and Required-Stop * debian/snort.templates: Move the config_error template over to debian/snort-common.templates as it is used there * debian/snort-{mysql,pgsql}.templates: remove the config_error template there as it is not used * debian/control: Upgrade the Build-Depends on debhelper * src/parser.c: Typo fix argu*e*ment -> argument * src/preprocessors/spp_perfmonitor.c, src/dynamic-preprocessors/dns/spp_dns.c: Typo fix: sep*e*rated --> separated * rules/web-misc.rules: Limit the depth when searching for an HTTP version to prevent false positives from apt-get User-Agent string (LP: #258155) * debian/snort.init.d: Separate warning message from main messages. * debian/TODO: review contents and update -- Javier Fernandez-Sanguino Pen~a Sun, 26 Dec 2010 13:20:25 +0100 snort (2.9.0.1-2) experimental; urgency=low * [ The Merry Xmas for experimental users Release ! ] * Forward port the changes introduced in the unstable package to experimental tool to make for smoother upgrades to the upstream release. -- Javier Fernandez-Sanguino Pen~a Fri, 24 Dec 2010 19:52:48 +0100 snort (2.8.5.2-4) unstable; urgency=high * [ The Merry Xmas and Merry RC bug fixing Release! ] * debian/snort-common.preinst: - Fix how the files are generated and use Perl instead of bash's echo as the latter will interpret content in the configuration file and will botch it - Fix typo in the configuration file which moved the configuration file to database.conf instead of just the database configuration. - Only generate content in database.conf if the default configuration file contains the DBSTART line from previous versions. - Be cautious, if an empty configuration file is generated then abort. (Closes: 607951) * debian/snort.preinst: Do not output information from usermod as this is not needed * Disable an error in rules/comunity-smtp.rules that prevents snort from loading due to the use of !any (Closes: 607751) * debian/snort-{pgsql,mysql}.postinst: Fix syntax error in postinst scripts (Closes: 607678) -- Javier Fernandez-Sanguino Pen~a Fri, 24 Dec 2010 19:39:51 +0100 snort (2.8.5.2-3) unstable; urgency=low * Move the database configuration code for the -mysql and -pgsql packages into an independent file (/etc/snort/database.conf). This prevents the debconf script from modifying /etc/snort/snort.conf, which is a conffile. And, consequentely, prevents upgrade prompts for users as well as some other issues when upgrading (Closes: #603428, #566308) * Adding snort-common-preinst to split off exiting config or touch the new database config file on new installations to ensure it exists. * Modify etc/snort.conf to include the new database configuration file. * Modify snort-{mysql,pgsql}.postinst to use new configuration file. * Modify snort-{mysql,pgsql,common}.postrm to purge new configuration file if it exists. Thanks to Alexander Reichle-Schmehl for the initial patch used to fix this issue * debian/NEWS: describe the new change on database handling * debian/snort{,-inline,-mysql,-pgsql}.prerm: Move the code in charge of killing snort astray children over to the proper location and also ignore errors if there are (process might appear spurously in the process table due to race conditions) (Closes: 557729) -- Javier Fernandez-Sanguino Pen~a Mon, 20 Dec 2010 15:25:49 +0100 snort (2.9.0.1-1) experimental; urgency=low * New upstream release. * Change configure.in to use 'dumbnet' instead of 'dnet' since the library is renamed in Debian * debian/control: - Make it Build-Depend on libdumbnet-dev since this release now requires it (it was previously optional) - Remove iptables-dev (no longer required) (Closes: 634660) * debian/rules: - Do not use --enable-smbalerts (no longer available) when configuring * Remove the following documentation from the installation as it is no longer available: doc/README.FLEXRESP, doc/README.FLEXRESP2 * Upload to experimental until I get wider testing. -- Javier Fernandez-Sanguino Pen~a Thu, 11 Nov 2010 00:32:49 +0100 snort (2.8.5.2-2) unstable; urgency=low * Remove the reverse_order debconf option since Snort no longer supports the -o option. The default now in Snort is to have Pass|Alert|Log (Closes: 565567) * Change error message in the init.d script to point to /var/log/daemon.log for Snort log messages. -- Javier Fernandez-Sanguino Pen~a Fri, 22 Jan 2010 00:12:52 +0100 snort (2.8.5.2-1) unstable; urgency=low * New upstream release - Fixes CVE-2009-3641: possible DoS due to crafted IPv6 packet when then -v option is enabled * Fix src/snort.c since it is not buildable, it seems that the distributed source code has a bug. -- Javier Fernandez-Sanguino Pen~a Mon, 11 Jan 2010 23:53:05 +0100 snort (2.8.4.1-6) unstable; urgency=low * Package rebuild to fix libmysql depedency (Closes: #548831) * Remove use_static_footprint_sizes option from the stream5_tcp disassembler in etc/snort.conf as the use in production systems is actually discouraged [ see http://sourceforge.net/mailarchive/message.php?msg_name=d3a3e6ac0912080843i17a0302te36548e032b4b013%40mail.gmail.com ] * Lintian fixes: - Remove dh_undocumented from debian/rules - Add ${misc:Depends} to all binary packages - Use updated debhelper version (5) - Update Standards-Version (3.8.3) -- Javier Fernandez-Sanguino Pen~a Wed, 09 Dec 2009 02:05:57 +0100 snort (2.8.4.1-5) unstable; urgency=low * Fix snort-stat so that it can generate proper emails even if Classification is missing from the alert log, use fix suggested by Pavel Mateja. -- Javier Fernandez-Sanguino Pen~a Sun, 01 Nov 2009 00:43:02 +0100 snort (2.8.4.1-4) unstable; urgency=low * Fix init.d so that if 'restart' is executed when no instance is running (no pidfile) it will try to start all of instances, just if 'start' was executed. (Closes: #540450) * Add information on how the init.d script works (Closes: #512810) * Fix name of file in README-database.Debian, remove the database information from the main README.Debian file. (LP: #302218) * Fix bug in debian/clean-sources.sh script (Closes: #547316) * Use a patch provided by Dave Walker to prevent starting snort-mysql|pgsql if the database is not configured yet. This bug cannot be really fixed until we use dbconfig-common here to ask for all the database information to the user through Debconf. (LP: #222091) (Closes: #545082) -- Javier Fernandez-Sanguino Pen~a Wed, 23 Sep 2009 01:35:05 +0200 snort (2.8.4.1-3) unstable; urgency=low * Change the log message in debian/snort.init.d so people are not led to believe they need a /etc/snort/snort.$iface.conf configuration file, /etc/snort/snort.conf is usually just fine. * Lintian fixes: - Fix long lines in changelog - Fix debconf priority in configuration scripts (error -> high) - Do not install README.WIN32 in snort-doc's documentation - Do not ignore errors on snort-rules-default.{postrm, preinst} -- Javier Fernandez-Sanguino Pen~a Sun, 02 Aug 2009 18:27:04 +0200 snort (2.8.4.1-2) unstable; urgency=low * Rebuild and upload to unstable. (Closes: 528496) * As acknowledged by upstream and confirmed by users, this release fixes a segfault in snort-mysql (Closes: 536144) * Updated Russian po-debconf translation provided by Yuri Kozlov (Closes: 528677) * Change syslogd dependency in snort, snort-pgsql and snort-mysql to rsyslog since that is the default syslog daemon now. (Closes: 526916) * Remove the syslog dependency from snort-common and snort-rules-default -- Javier Fernandez-Sanguino Pen~a Sat, 01 Aug 2009 17:50:30 +0200 snort (2.8.4.1-1) experimental; urgency=low * New upstream release. * Only provided the latest release notes at debian/snort-common.docs, move older RELEASE notes to docs/ * Update the doc list at debian/snort-doc.docs with the contents from doc/ (new READMEs). Add also the old RELEASE notes for reference. -- Javier Fernandez-Sanguino Pen~a Tue, 09 Jun 2009 02:33:43 +0200 snort (2.7.0-26) unstable; urgency=low * Fix bug in snort-pgsql and snort-mysql's configuration script introduced in the previous upload. They were using the wrong debconf keys which made maintainer scripts fail. (Closes: #526915) -- Javier Fernandez-Sanguino Pen~a Tue, 05 May 2009 01:29:37 +0200 snort (2.7.0-25) unstable; urgency=low * Use src/output-plugins/spo_database.c from the 2.8.4.1 release. This version includes the necessary code to configure the mysql connection so that it reconnects to the database in case the connection gets lost. This might happen if too few events are logged in Snort and the database connection timeouts. (Closes: #449568) * Copy over src/ipv6_port.h from 2.8.4.1 and include it in src/output-plugins/spo_database.c * Update Japanese translation for the templates, thanks to Hideki Yamane (Closes: 510704) * Move the code that detects if interfaces are down over to snort-pgsql and snort-mysql. This way, if the interface defined is not available it will prompt again, raising the debconf priority (Closes: #502084) (LP: #477590, #655116) * Change all the config_parameters debconf input from 'medium' to 'error' * Change all the needs_db_config debconf questions from 'medium' to 'high' since users that do not see this note will end up with a non-functioning package. -- Javier Fernandez-Sanguino Pen~a Sun, 03 May 2009 23:40:26 +0200 snort (2.7.0-24) unstable; urgency=low * Remove the LogMessage associated with fragmented traffic since it shows up even in systems that do not have ttl_limit set. -- Javier Fernandez-Sanguino Pen~a Sat, 28 Feb 2009 13:03:22 +0100 snort (2.7.0-23) unstable; urgency=high * Fix error in call to LogMessage (missing parameters) which caused a segfault when fragmented packages were received and ttl_limit was set. This bug was introduced in the patch to fix CVE-2008-1804. Urgency set to 'high' as in some circunstances it makes Snort fail to start on startup or die after working for only a few minutes. Also, this could be used as a DoS attack against an IDS sensor rendering it useless.(Closes: 503992) -- Javier Fernandez-Sanguino Pen~a Sat, 21 Feb 2009 12:11:33 +0100 snort (2.7.0-22) unstable; urgency=low * Include patch from dato to make the package binNMU-safe * Remove debian/CVS and debian/my/CVS * Fix bug in snort-stat that made it miss alerts generated by preprocessors (they only contain Priority) as well as fix the setting of $alert->{PRIORITY} for alerts generated by rules. Thanks for Gabor Gombas for the patch. (Closes: #500215) * Lintian fixes: - Use Standards Version 3.8.0, no changes needed. - Make snort-rules-default.postrm run with 'set +e' and append '|| true' to rmdir calls so that the script does not abort if the directories are not empty. -- Javier Fernandez-Sanguino Pen~a Wed, 05 Nov 2008 00:15:40 +0100 snort (2.7.0-21) unstable; urgency=low * Reupload to unstable, build with proper libraries. Fix mess introduced by previous upload. -- Javier Fernandez-Sanguino Pen~a Wed, 29 Oct 2008 00:01:54 +0100 snort (2.7.0-20.3) testing-proposed-updates; urgency=low * Reupload to testing to *really* depend on newer libpcre. * Include patch from dato to make the package binNMU-safe * Remove debian/CVS and debian/my/CVS -- Javier Fernandez-Sanguino Pen~a Tue, 04 Nov 2008 22:35:26 +0100 snort (2.7.0-20.2) testing-proposed-updates; urgency=high * Upload to testing-proposed-updates to fix security bug CVE-2008-1804 (see below). This package cannot go through sid since the sid build uses a newer libpcre version not available in lenny. (Closes: #483160) -- Javier Fernandez-Sanguino Pen~a Tue, 28 Oct 2008 21:32:48 +0100 snort (2.7.0-20) unstable; urgency=high [ CVE-2008-1804 ] * Fix error in preprocessors/spp_frag3.c that prevented Snort from properly identifying packet fragments that had dissimilar TTL values, which allowed remote attackers to bypass detection rules by using a different TTL for each fragment. Also update src/generators.h to include the new FRAG3_MIN_TTL defines (Closes: #483160) -- Javier Fernandez-Sanguino Pen~a Wed, 22 Oct 2008 01:33:34 +0200 snort (2.7.0-19) unstable; urgency=low * Make the snort_rules_update example script use bash instead of sh. (Closes: #489662) -- Javier Fernandez-Sanguino Pen~a Sat, 09 Aug 2008 22:31:47 +0200 snort (2.7.0-18) unstable; urgency=low * Romain debconf translation provided by Eddy Petrior (Closes: 486137) * Swedish debconf translation provided by Martin Bagge (Closes: 491785) -- Javier Fernandez-Sanguino Pen~a Mon, 28 Jul 2008 22:39:37 +0200 snort (2.7.0-17) unstable; urgency=low * Include the README-database-upgrade.Debian in the documentation of the database packages, I forgot to do this in -15 -- Javier Fernandez-Sanguino Pen~a Fri, 02 May 2008 11:52:12 +0200 snort (2.7.0-16) unstable; urgency=low * Lintian fixes: - NEWS file now says unstable instead of experimental - copyright file is now UTF-8 - wrap around files in the changelog - remove empty /usr/src directory from snort-common-libraries - fix spelling error in NEWS file - fix manpage error in snort.8 - change doc-base sections to Network/Monitoring -- Javier Fernandez-Sanguino Pen~a Fri, 02 May 2008 10:28:21 +0200 snort (2.7.0-15) unstable; urgency=low * Update to Standards-Version 3.7.3: - Have the logrotate script call invoke-rc.d if available to do the 'right thing' if the admin has configured Snort to not run by default. * Copyright review: - Add copyright statements to the debian/copyright - Note that the Snort source code is distributed as GPL 2 only (not version 3) - Create a copyright_review.sh shell script to review the contents of the sources and find new copyright statements - Point in debian/copyright to the GPL-2 file, not to GPL (which is v3) * Expand brace-expanded content in debian/rules to prevent bashism (Closes: #478627) * Modify the provided snort_rules_update to use oinkcodes, note in the script that the use of 'oinkmaster' should be preferred (Closes: 314483) * Remove Homepage: from binaries package when redundant with the source package. * Handle in the init.d script the case of interfaces being available but not up, thanks to Drew Parsons for an exhaustive analysis and patch (Closes: #471462) * Remove header files from the snort-common-libraries package. If users request it back I will create a snort-common-libraries-dev package providing these headers (Closes: 440842) * Database upgrade: - Added README-database-upgrade.Debian to describe the steps that need to be done to upgrade the Database, also update upstream's (cursory) documentation to describe the v107 changes (Closes: 445334) - [src/output-plugins/spo_database.c] Modify the text messages to point users to the proper location of documentation in Debian systems as well as to the (Debian-specific) documentation related to databases. - Tell users (through NEWS.Debian) that the schema changed from 2.6 to 2.7 and they will need to upgrade their database. * Include the RELEASE NOTES for older releases and provide all of them (for the 2.3, 2.4, and 2.6 releases) as users might find them useful for upgrade purposes (Changelog might be too detailed) * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. Thanks to Christian Perrier for his hard work getting this done (Closes: #469803) * [Debconf translation updates] - Italian translation, updated by Gianluca Cotr (Closes: #477056) - Galician translation, updated by Jacobo Tarrio (Closes: #474622) - Portuguese translation, updated by Traduz (Closes: #475086) - German translation, updated by Erik Schanze (Closes: #477082) - Vietnamese translation, updated by Clytie Siddall (Closes: #477324, #478223) - French translation, updated by Christian Perrier (Closes: #478229, #478230) - Czech translation, updated by Jan Outrata (Closes: #478246) - Russian translation, updated by Yuri Kozlov (Closes: 478303) - Dutch translation, updated by Peter Vandenabeele - Spanish translation, updated by myself * [New Debconf translations] - Basque translation, provided by Piarres Beobide (Closes: #475457) - Finnish translation, provided by Esko Esko Arajärvi (Closes: #475648, #478211) -- Javier Fernandez-Sanguino Pen~a Sun, 27 Apr 2008 21:58:37 +0200 snort (2.7.0-14) unstable; urgency=high * Move installation of the snort.default file from the install-indep rule to the install rule. This error was preventing /etc/snort/default from being created in the Snort binary packages and, consequently, the init.d would fail to start properly and the package would not install (Closes: #471895, #473282) * Add libgnutls-dev Build-Depend (Closes: #476651) * Fix typo in the name of the community rules in snort.conf, thanks to David Gil for providing a patch (Closes: #470881) -- Javier Fernandez-Sanguino Pen~a Sun, 20 Apr 2008 21:39:47 +0200 snort (2.7.0-13) unstable; urgency=low * Make the build: target be an empty one, instead of having it depend on both build-arch and build-indep * Remove texlive-latex-recommended from Build-Depends-Indep as suggested by James Vega -- Javier Fernandez-Sanguino Pen~a Sun, 16 Mar 2008 00:16:47 +0100 snort (2.7.0-12) unstable; urgency=low * Add texlive-latex-recommended to Build-Depends-Indep since refcount.sty and kvoptions.sty are used * Have the binary-{arch,indep} depend on install-{arch,indep} instead of in the install target. - Move install calls related to snort-common to the install-indep target * Add some sty files to the build-indep checks in debian/rules so that the documentation is not compiled unless all are available. Yes, buildds are stupid enough to pre-install latex, make the previous checks insufficient and *still* call the build (not build-arch) target! (Closes: #445113) * Unindent comments in debian/rules so that they do not show up. -- Javier Fernandez-Sanguino Pen~a Sat, 15 Mar 2008 20:13:34 +0100 snort (2.7.0-11) unstable; urgency=low * Make the init.d script not depend on the availability of iproute. (Closes: #463020, #466674) * Added a Recommends on iproute, as it can be used to improve the behaviour of the initd script. * Modify the init.d script to remove also the lockfiles for PIDFILEs * Move snort-doc to Suggests in the snort package and add it to snort-pgsl and snort-mysql too. * Fix FTBFS on GNU/kFreeBSD (due to unsatisfied Build-Depends on iptables-dev), thanks to Petr Salinger for the fix (Closes: #466073) * Modify src/snort.c to prevent it from showing a message when it tries to remove the PIDFILE. This fails in Debian since Snort is not running as the root user and the daemon cannot modify /var/run. The code is changed so that the error message related to not being able to remove the PIDFILE is only presented if running as root or writing the PIDFILE to a directory that is not /var/run. (Closes: #462423) * Po-debconf translation updates: - Fix error in Italian translation (Closes: #462865) - Japanese translation update, provided by Hideki Yamane (Closes: #463650) -- Javier Fernandez-Sanguino Pen~a Sun, 24 Feb 2008 22:21:09 +0100 snort (2.7.0-10) unstable; urgency=low * Add a new ALLOW_UNAVAILABLE definition in /etc/default/snort which makes the init.d not complain if a configured interface is not available. Also make the init.d script not break if no instances are configured through debconf (to make it possible to use snort using just if-up.d by providing a given interface instance as a 'start' parameter) (Closes: #458823) * Fix typo in templates, unfuzzy translations I can "understand" and which seem to have fixed the typo themselves. * Po-debconf updates: - Update German translation provided by Erik Schanze (Closes: #462674) - Updated Italian translation provided by Gianluca Cotr (Closes: #462865) - Romanian translation provided by Eddy Petrisor (Closes: #460344) -- Javier Fernandez-Sanguino Pen~a Sun, 27 Jan 2008 11:12:05 +0100 snort (2.7.0-9) unstable; urgency=low * Modify debian/rules to prevent autobuilders from building the binary-independent components: (Closes: #445113) (Thanks dato for the tip) * Create a new Build-Depends-Indep with all the TeX components used to build documentation * Since autobuilders call build, which in turns calls build-indep, hack the debian rules file so that the documentation is only built if ps2pdf, dvips and pslatex are available. * Enable prelude support in all variants (Closes: #458790) * Debconf translation updates: - Dutch, provided by Peter Vandenabeele - Vietnamese, provided by Clytie Siddall (Closes: #458161) - Portuguese, provided by Miguel Figueiredo (Closes: #458214) - Galician, provided by Jacobo Tarrio (Closes: #458533) - French, provided by Christian Perrier (Closes: #458621) -- Javier Fernandez-Sanguino Pen~a Mon, 31 Dec 2007 00:31:13 +0100 snort (2.7.0-8) unstable; urgency=low * Rewrite debian/rules: - the documentation does not get build on the binary-arch target, (Closes: #445113) - there is now a install-dep and install-arch - install-* dependencies do not depend on build - create a 'clean-sources' target, used only by the 'clean' target - create a clean_sources.sh script to clean the sources properly before each run - call 'clean_sources.sh' before a binary (pgsql, mysql...) is built to prevent the binary-* rule from calling 'distclean' at the end of each run (and thus making issues more difficult to debug) - generate a configure target and use it when building both -arch and -indep (needed to generate doc/Makefile) - copy, instead of moving, the binaries, so the 'install' target is more idempotent (still have to use dh_install more to make it so) * Change Maintainer's email address * Create a mechanism to generate all the templates using a "template of templates" since all the questions where the same with small differences per package. - Also fixed snort-inline templates, which were not correct (pointed to the wrong configuration file) - Update Spanish translation myself * Change the init.d script so it behaves like LSB demands: - Do not exit with error if there are no running instances and we try to stop - With 'status', exit with a 1/3 error based on the existence (or not of the pidfiles) - Dot not exit with error when trying to start an instance that is already started (use running() for that) - Check if the user is root before attempting to star/stop/restart - Adjust to LSB exit values (instead of just using always '1', use 3-6 to indicate several different errors) * Lintian cleanup: - Move Homepage: from the description to a pseudo-header in debian/control - do not ignore distclean errors - remove call to dh_suidregister, we did not use it - add DEBHELPER token to snort-common.postinst - update config.guess and config.sub with automake's 1.7 versions (this is not done automatically in the package, however) - replace ${Source-Version} substvar with ${binary:version} - Move the configuration check of snort-common over to the config script and leave the postinst only to check the status of the init.d script. Also, modify the snort-common.postinst so it only does the configuration check if invoke-rc.d (if installed) - Fix 'malformed-title-in-templates' in all templates by removing the ending dot - Fix the 'malformed-prompt-in-templates' by adjusting the contents of all the titles affected - Shorten the length of the 'interface' template - Fix syntax on debian/NEWS - Remove empty dirs -- Javier Fernandez-Sanguino Pen~a Thu, 27 Dec 2007 09:14:00 +0100 snort (2.7.0-7) unstable; urgency=low * Remove empty comment line in lsb headers -- Javier Fernandez-Sanguino Pen~a Mon, 01 Oct 2007 03:01:26 +0200 snort (2.7.0-6) unstable; urgency=low * Create a separate snort-libraries package and move all the libraries that were previously (wrongly) included in the snort-common package there (Closes: #439642) * Add proper LSB headers, license and copyright to the init.d file * Also add proper messages to the init script and proper checks to generate the correct errors when non-root users try to run the script. Exit status of the script should now reflect better the problems found. * Removed dependencies on essential packages (coreutils) * Recode Debian changelog to UTF-8 -- Javier Fernandez-Sanguino Pen~a Mon, 01 Oct 2007 01:24:32 +0200 snort (2.7.0-5) unstable; urgency=low * Initialise variables in preinst to prevent collisions with predefined environment variables (Closes: #443481) -- Javier Fernandez-Sanguino Pen~a Fri, 21 Sep 2007 22:49:25 +0200 snort (2.7.0-4) unstable; urgency=low * Fix phrase in the NEWS file -- Javier Fernandez-Sanguino Pen~a Wed, 29 Aug 2007 18:26:45 +0200 snort (2.7.0-3) unstable; urgency=low * Move over the package to unstable. * Fix FBTFS at Ubuntu due to snort_manual.tex still using latex2html's html.sty. Thanks Michael Bienia for spotting this and point at the issue with a patch (Closes: 436244) * Fixed a typo in the French translation (Closes: 432840) * Fix documentation errors in debian/README-database.debian. (Closes: 416400) -- Javier Fernandez-Sanguino Pen~a Mon, 06 Aug 2007 23:28:02 +0200 snort (2.7.0-2) experimental; urgency=low * Fix generation of the common snort binary, which was distributed without prelude support. * Fix location of dynamic engines in snort.conf * Change signatures 1443 and 1444 since there was an error in their definition ( Cannot use 'rawbytes' and 'http_uri' as modifiers for the same "content" nor use 'rawbytes' with "uricontent". ) -- Javier Fernandez-Sanguino Pen~a Wed, 01 Aug 2007 02:49:50 +0200 snort (2.7.0-1) experimental; urgency=low * New upstream release (Closes: #435417, #404991, #320920, #323985) - Fixes DOS attack: CVE-2006-6931 - "Backtracking Algorithmic Complexity" DoS against IDS engine (Closes: #407421) * Introduce all the rules available from the 2.4 release which are GPL and are non-VRT certified, that is, all rules which are outside of the range [3,465-1,000,000]. This amounts to a total of 3935 rules (820 of which are Community released). * In order to handle rulesets with mixed GPL and non-GPL rules two scripts have been made available in the source rules/ subdirectory: - remove-non-gpl.pl - Given a rules file removes all rules outside the above range - purge-non-gpl.sh - Given a directory dumps on the local directory only rules outside this range. In order to limit maintainer overhead the header for modified rulesets has not been changed. * Include the VRT license file. This file is kept for reference under the rules/ dir, although *no* rule in this package is under that non-free license. * Include a NEWS.Debian item describing the license change and the rules distributed within this package. not in the database packages (Closes: #320920) * As a consequence of the above Build-Depend on libprelude-dev, iptables-dev * Provide support for Prelude in both snort and snort-inline packages but * The examples are now included in the -common package instead of having them in all the binary packages This package provides support to make an experimental separate binary package for inline support: snort-inline, which most of the configuration is shared with the snort binary package but the PPP related options have been removed. However, snort-inline does not support libnet 1.1 so we cannot provide it yet. This has been changed in Snort's code but it's far from complete: - Make the configure script work with libnet 1.1. - Port parts of the API (some declarations) to 1.1 -- Javier Fernandez-Sanguino Pen~a Tue, 31 Jul 2007 23:35:06 +0200 snort (2.3.3-15) unstable; urgency=low * Include all the community signatures available as of today into the snort-signatures package. This means 820 new signatures go in. * Sync mappings: * Updated the gen-msg.map under rules/ with the maps under etc/ * Updated the sid-msg.map under etc/ with the maps under rules/ -- Javier Fernandez-Sanguino Pen~a Tue, 31 Jul 2007 21:57:46 +0200 snort (2.3.3-14) unstable; urgency=low * Use the patch provided by Matt Kraai to fix the FTBFS due to the tetex -> Texlive transition. Also make the package Build-Depend on texlive and texlive-latex-base instead of tetex-bin and tetex-extra (Closes: 419454) -- Javier Fernandez-Sanguino Pen~a Sun, 22 Apr 2007 16:41:50 +0200 snort (2.3.3-13) unstable; urgency=low * Translations added: - Tamil translation, provided by Tirumurti Vasudevan (Closes: #413830) - Russian translation, provided by Yuriy Talakan' (Closes: #411822) -- Javier Fernandez-Sanguino Pen~a Tue, 13 Mar 2007 16:30:52 +0100 snort (2.3.3-12) unstable; urgency=low * Translations updated: - Czech (Closes: #408619) - Swedish * New translations - Galician, provided by Jacobo Tarrio (Closes: #409651) - Italian, provided by Gianluca Cotrino. Slightly edited to fix header. (Closes: #411270) - Romanian, provided by Eddy Petrisor (Closes: #409505) - Portuguese, provided by Miguel Figueiredo -- Javier Fernandez-Sanguino Pen~a Sun, 18 Feb 2007 12:25:45 +0100 snort (2.3.3-11) unstable; urgency=low * Restore German translation (somehow removed in previous upload), courtesy of Erik Schanze (Closes: #397017) -- Javier Fernandez-Sanguino Pen~a Tue, 2 Jan 2007 17:26:10 +0100 snort (2.3.3-10) unstable; urgency=low * Fix snort-mysql template to prevent translators from duplicating work (two templates were nearly identical except for a double space) [ Translations update ] * Updated Spanish translation * Updated Japanese translation, courtesy of Hideki Yamane (Closes: #391894) * Updated German translation, courtesy of Erik Schanze (Closes: #397017) * Updated Dutch translation, courtesy of Peter Vandenabeele. * Updated Vietnamese translation, courtesy of Clytie Siddall * Fix error in Catalan translation (which made msgstat fail) -- Javier Fernandez-Sanguino Pen~a Thu, 21 Dec 2006 19:52:38 +0100 snort (2.3.3-9) unstable; urgency=low * Do not try to remove /etc/snort in postrm if it does not exist anymore when purging (Closes: #389766) * Simplify coreutils dependencies (Closes: #381836) -- Javier Fernandez-Sanguino Pen~a Sun, 1 Oct 2006 23:29:20 +0200 snort (2.3.3-8) unstable; urgency=medium * Fix security issue CVE-2006-2769, potential evasion in URI content buffers. This evasion only applies to Apache protected servers since that server supports some characters. The patch used is from 2.4.5 and is *not* the one provided by Demarc (which is not fully comprehensive and is much more intrusive). Since this is an evasion issue and not a real security issue thus the 'medium' urgency even though it fixes security bug (Closes: #381726) From upstream (snort.org webpage, News item "Possible Evasion in http_inspect"): «The Apache web server supports special characters in HTTP requests that do not affect the processing of the particular request. The current target-based profiles for Apache in the http_inspect preprocessor do not properly handle these requests, resulting in the possibility that an attacker can bypass detection of rules that use the "uricontent" keyword by embedding special characters in a HTTP request.» «It is important to note that this is an evasion and not a vulnerability. This means that while it is possible for an attacker to bypass detection, Snort sensors and the networks they protect are not at a heightened risk of other attacks.» * Backport fix of another (different) potential evasion in Stream4 (also in the Snort 2.4.5 release, no CVE name) * Relocate Czech translation, it was not under debian/po * Add a warning in /etc/default/snort that the SNORT_USER will be modified (with usermod) every time you reinstall the package (don't change it to 'root'!) -- Javier Fernandez-Sanguino Pen~a Thu, 10 Aug 2006 00:44:36 +0200 snort (2.3.3-7) unstable; urgency=low * *Really* recompile to use latest libmysqlclient libraries (Closes: #366748) -- Javier Fernandez-Sanguino Pen~a Sat, 3 Jun 2006 15:20:57 +0200 snort (2.3.3-6) unstable; urgency=medium * Recompile to use latest libmysqlclient libraries (Closes: #366748) * Remove the following unused dependencies as suggested by Stefan Huehner: libsnmp4.2-dev and libssl-dev (and their --with calls in debian/rules) . I'm still keeping the coreutils | fileutils dependency since I still want to compile this package in woody.(Closes: #365874) * Also remove DH_COMPAT from debian/rules as suggested by Stefan Huehner in #365874 * Move 'debian/my/lisapaper.txt' to snort-doc.docs and remove from snort, snort-pgsql and snort-mysql doc files (Closes: #340091) * Have faq.tex use hyperref.sty instead of latex2html's html.sty and comment the \latexonly definitions. This makes latex2html unnecessary to build the package (Closes: #365872) * doc-base files now point to the compressed PDF documents (lintian fix) * Updated debconf translations: - French translation provided by Christian Perrier (Closes: #359285) -- Javier Fernandez-Sanguino Pen~a Mon, 29 May 2006 20:05:29 +0200 snort (2.3.3-5) unstable; urgency=low * Updated Build-Dependencies to use libmysqlclient15-dev instead of the old libmysqlclient10 library (Closes: #356706) * Add a 'DEBIAN_SNORT_SEND_STATS' option (controlled by debconf) to allow users to define if snort should send daily stats. Users that want to change the frequency should manually move over the cron.daily script to other cron.XXX locations (Closes: #353035) * Updated debconf translations: - Dutch translation with patch provided by Peter Vandenabeele - Spanish Debconf translation ('send_stats' template) * Do not indent '@' in the e-mail of users that receive the stats (Closes: #335803) * Preliminary code (only in snort.config) to detect if the default interface is up when configuring Snort, the Debconf question priority is raised if the interface is not up or it does not exist and the user is pestered if he still provides an invalid answer (unless he doesn't see the question, which is the case if running with debconf priority set to 'high', in this case, we bail out) Note: will introduce this in the DB packages after it gets some testing out there. * Change the Debconf priority of the note that warns that the configuration is not working to 'critical' (was 'high') * Acknowledge NMU made by Margarita: * Drop automake1.6 dependency in Build-Depends (Closes: #335143) * Updated config.guess and config.sub with the latest versions available to prevent FTBFS on GNU/k*BSD (Closes: #342446) * Updated german debconf translation with patch provided by Erik Schanze (Closes: #345855) -- Javier Fernandez-Sanguino Pen~a Wed, 22 Mar 2006 02:09:01 +0100 snort (2.3.3-4) unstable; urgency=low * Build-Depend on newer automake version: 1.7 (Closes: #335143) -- Javier Fernandez-Sanguino Pen~a Tue, 17 Jan 2006 02:10:41 +0100 snort (2.3.3-3) unstable; urgency=low * Properly remove the snort user on purge. -- Javier Fernandez-Sanguino Pen~a Thu, 20 Oct 2005 01:13:47 +0200 snort (2.3.3-2.1) unstable; urgency=low * NMU to drop automake1.6 dependency (Closes: #335143) * Updated config.guess and config.sub (Closes: #342446) * Updated german debconf translation (Closes: #345855) -- Margarita Manterola Sun, 22 Jan 2006 21:54:43 -0300 snort (2.3.3-2) unstable; urgency=high * Backport the following changes introduced in 2.4.1. Upstream changelog: * src/log.c: Fix problem in sniffer mode when incomplete TCP option data is received. Thanks A Hernandez for the find. (Closes: #328134) Note: This is a "security" bug but no CVE is assigned, it is actually something that can happen only if a Snort user willingly shoots himself on the foot (uses ASCII logging mode) or if he uses the fast output mode with some non-default options. For a detailed view see: Martin Roesch's mail "Snort DoS Fallacies" to snort-users and bugtraq: http://marc.theaimsgroup.com/?l=bugtraq&m=112665341207363&w=2 http://marc.theaimsgroup.com/?l=snort-users&m=112657845119746&w=2 http://marc.theaimsgroup.com/?l=snort-users&m=112667020331513&w=2 http://marc.theaimsgroup.com/?l=snort-devel&m=112672013010948&w=2 and also http://www.snort.org/pub-bin/snortnews.cgi#58 To summarise: The only recommended alert methods in a production sensor are unified, syslog or database. And unified is The Right Way to run a sensor (others have important performance issues under high load ) NOTE to Debian Security teams: I don't believe this bug merits a DSA (or a DTSA for that matter) (Closes: #328134) * Backport the following changes introduced in 2.4.2. Upstream changelog: * src/output-plugins/spo_log_database.c: * schemas/create_mysql: Fixes to address schema being a keyword in MySQL 5.0. Thanks Wes Young, Adolfo Gomez, and Aleem Mawji for the updates. (Closes: #327791) * Added Swedish translation provided by Daniel Nylander (Closes: #330834) -- Javier Fernandez-Sanguino Pen~a Fri, 30 Sep 2005 21:21:43 +0200 snort (2.3.3-1) unstable; urgency=low * New upstream release. * Use upstream's FAQ in PDF format instead of debian/my/FAQ.txt, also have the FAQ available only in the snort-doc package (after fixing the Makefile so that the faq.tex file does not get removed on distclean) * Fix typo in snort.8 manpage (Closes: #326538) * Fixed address of the FSF in debian/copyright * Updated debconf translations: - Vietnamese provided by Clytie Siddall -- Javier Fernandez-Sanguino Pen~a Wed, 31 Aug 2005 19:47:16 +0200 snort (2.3.2-8) unstable; urgency=low * _Really_ use debhelper compat version 4 now * Remove debian/*conffiles since debhelper now marks them as config files -- Javier Fernandez-Sanguino Pen~a Sat, 27 Aug 2005 01:50:40 +0200 snort (2.3.2-7) unstable; urgency=low * Fix lintian warnings * Fix error in database config scripts (when not upgrading, the wait_for_db_config key does not exist) (Closes: #325223) * Updated debconf translations: - French provided by Christian Perrier -- Javier Fernandez-Sanguino Pen~a Thu, 25 Aug 2005 21:52:19 +0200 snort (2.3.2-6) unstable; urgency=low * Add Dependency on "debconf | debconf-2.0" as requested by Joey Hess * Use Debhelper compatibility version 4 * New mechanism for database packages: - Introduce a mechanism to create /etc/snort/db-pending-config on initial installation of the database packages. - Have the init.d script abort the start attempt if the /etc/snort/db-pending-config file exists. - Describe how to setup the database support in README-database.Debian and install this document in the database packages. (Closes: #205683, #219696, #265735, #265878, #290104, #291616) * po-debconf changes: (still waiting a little bit before switching to dbconfig-common) - Sinchronise all the debconf templates of the different snort variants. - Change the wait_for_db_config message, now called 'needs_db_config' and provides slightly different information. - Fixed typos in German debconf translation courtesy of Jens Seidel (Closes: #313906) - Added Japanese translation contributed by Hideki Yamane (Closes: #310096) - Added Vietnamese translation contributed by Clytie Siddall (Closes: #318695) - Added Czech translation contributed by Jan Outrata (Closes: #321738) - Updated the Spanish translation. - Improve the debconf dialog with suggestions from Justin B Rye (Closes: #306269) - Fix the templates so that all the files use the same strings, that should reduce the workload of translating almost identical lines. (but also fuzzies more of the translations above) -- Javier Fernandez-Sanguino Pen~a Thu, 25 Aug 2005 14:59:29 +0200 snort (2.3.2-5) unstable; urgency=medium * Medium priority since it seems some buildds are not auto building snort ok and this changes fix it. * Use PostgreSQL 8.0 now as requested by Martin Pitt. Basicly just changed the build-depends and use 'pg_config --includedir' when setting the location of the PostgreSQL location. * Changes to configure.in: (Closes: #313499) * Fixed configure.in so that it uses the --with dir directly first (intead of looking for $i/include and stuff like that). * Fixed configure.in so that it outputs the PostgreSQL directories it tested by fixing a typo. * Have all ERROR messages abort with an exit 1 so that the Makefile breaks and we will notice the error if doing an automatic build. -- Javier Fernandez-Sanguino Pen~a Tue, 14 Jun 2005 19:33:49 +0200 snort (2.3.2-4) unstable; urgency=low * Snort, snort-pgsql and snort-mysql now depend on either coreutils or earlier packages which provided 'stat'. This should prevent partial-upgrades of woody systems which prevent snort's init scripts from running (Closes: #311616) -- Javier Fernandez-Sanguino Pen~a Fri, 3 Jun 2005 16:24:50 +0200 snort (2.3.2-3) unstable; urgency=high * Pre-Depend on adduser since we use it on preinst * Changed debian/TODO * Snort-common now Replaces old snort versions (1.8.4beta1-1) since the configuration files where moved there from snort. Save for the ppp configuration file which was moved from snort-common to snort. Snort now Replaces snort-common versions previous to 2.0.2-3, that introduced the change, cannot conflict since we will end up with circular dependencies. (Closes: #311257) * Check MD5sums before rule files are moved from the old location to the new one in snort-rules-default's preinst when upgrading. If the files have not been changed from the ones provided by the woody version then remove them (Closes: #311263) -- Javier Fernandez-Sanguino Pen~a Wed, 1 Jun 2005 09:47:04 +0200 snort (2.3.2-2) unstable; urgency=low * Have snort-common Conflict on versions prior to the Source-Version to prevent users upgrading snort-common without upgrading snort. (Closes: #300785 * Fixed homepage location of Snort (Closes: #300727) * Fixed snort-stat so it can be used when the -y option is used with Snort, thanks to the patch provided by Chirik (Closes: #200276) * Updated German translation courtesy of Erik Schanze -- Javier Fernandez-Sanguino Pen~a Tue, 22 Mar 2005 01:26:55 +0100 snort (2.3.2-1) unstable; urgency=low * New upstream release. - Fixes some bugs in preprocessors - Rules updates * Fixed format of NEWS file, updated the version of the changelog entry so that everybody will read it on next upgrade (Closes: #299334) * Added debconf french translation provided by Christian Perrier (Closes: #299016) * Updated debconf dutch translation provided by Peter Vandenabeele (Closes: #296152) * The PPP script will now use the new /etc/default/snort mechanism (Closes: 298003 -- Javier Fernandez-Sanguino Pen~a Mon, 14 Mar 2005 13:26:45 +0100 snort (2.3.0-7) unstable; urgency=low * Do not change the permissions of /var/log/snort/ and /etc/snort/snort.conf if the administrator has setup an override using dpkg-statoverride (Closes: #296927) * Updated translation to Catalan with the one provided by Aleix Badia i Bosch -- Javier Fernandez-Sanguino Pen~a Sat, 26 Feb 2005 13:09:14 +0100 snort (2.3.0-6) unstable; urgency=low * Added tetex-extra to Build-Depends (Closes: #296814) * Refer to the proper file in debconf template (Closes: #296809) * Updated the spanish debconf translation. -- Javier Fernandez-Sanguino Pen~a Fri, 25 Feb 2005 00:43:19 +0100 snort (2.3.0-5) unstable; urgency=low * Upload of the experimental package to unstable Even though I don't get to fix #205683 and friends (and I would like to, before the release) This release Closes #283816, #241995, #289405, #247603 * Do not rotate log files if empty (Closes: #193299) * Added dutch translation (Closes: #247603) * Added yet another TODO item -- Javier Fernandez-Sanguino Pen~a Tue, 22 Feb 2005 21:36:40 +0100 snort (2.3.0-4) experimental; urgency=low * Call dh_installdocs with -i or -a depending on target, rename (Closes: #295228, #294755) * NEWS.Debian file to NEWS -- Javier Fernandez-Sanguino Pen~a Tue, 15 Feb 2005 08:33:34 +0100 snort (2.3.0-3) experimental; urgency=low * Create manual in build-indep location (Closes: #294755) * Fixed location of snort_manual and lisapaper in their respective doc-base files. * Added a reference to the FAQ through a new doc-base file. -- Javier Fernandez-Sanguino Pen~a Sat, 12 Feb 2005 12:23:35 +0100 snort (2.3.0-2) experimental; urgency=low * Improved postrm purge action by removing also obsolete configuration (since it's no longer in the conffiles) and the group. Also, synced all postrm scripts (mysql did not included the rmdir /etc/snort code) -- Javier Fernandez-Sanguino Pen~a Wed, 9 Feb 2005 08:44:05 +0100 snort (2.3.0-1) experimental; urgency=low (First attempt at experimental, to avoid breaking installations running sid) * New upstream release * This version now uses libnet1, changed Build-Depends (Closes: #241995) * Introduced /etc/default/snort and removed /etc/snort/common.parameters this makes it easier to check for common situations (parsing the parameter file is quite complicated). The old common.parameters file is moved over to /etc/default/snort automatically, but retained in case the parsing has not been done properly (and will not be used until the common.parameters file is removed). This is described in the NEWS.Debian file. * Fixed the postint call so that the passwd and group are checked before they are created. Also fix chown call (still used '.' instead of ':') * Introduce a check for the status of Snort's logdirectory, it checks if it belongs to Snort (Closes: #247603) * This release provides debconf support for snort sensors in multiple interfaces (Closes: #283816) * Run update-debconf, seems I had not done this when I last made changes in the templates in 2.2.0-8 * Included the documentation available, including signatures. Also added the LaTeX manual included as well as the additional Build-Depends on tetex-bin and gs-common * Updated the FAQ (was about time!) from http://www.snort.org/docs/FAQ.txt * Added a README.docs file (pointing people to more documents) * Updated translations: - German, provided by Erik Schanze (Closes: #289405) -- Javier Fernandez-Sanguino Pen~a Wed, 26 Jan 2005 09:18:53 +0100 snort (2.2.0-9) unstable; urgency=low * Removed old (obsolete) convertion of PPPENV in /var/tmp in postinst which actually might open up security holes when using dialup access and installing/upgrading the package. * Updated translations: - Japanese, provided by Hideki Yamane (closes: #283128) - French, provided by Christian Perrier (closes: #284559) -- Javier Fernandez-Sanguino Pen~a Mon, 20 Dec 2004 01:35:21 +0100 snort (2.2.0-8) unstable; urgency=low * Updated the README.Debian file with proper information on how to setup multiple interfaces and rewrote the Debconf question to specify that it can be used to define multiple interfaces (Closes: #283816) * Added some additional TODO notes -- Javier Fernandez-Sanguino Pen~a Wed, 1 Dec 2004 17:04:38 +0100 snort (2.2.0-7) unstable; urgency=low * Make snort-common Arch: all (Closes: #278987) * The installation will now check if you are using a configuration that will not be able to work with the current Snort version and will forewarn you. The package installation will still fail (if Snort is started automatically) but the administrator will be pointed to where the error is (Closes: #165107) * Use dh_installman instead of dh_installmanpages and provide proper PACKAGE.manpages file since dh_installmanpages now fails to create the snort-common package properly. * Updated to the latest rules snapshot * Added an 'update-rules' target in debian/rules that downloads the latest rules snapshot and installs it in the package. [ Translations ] * Dutch update, provided by cobaco (Closes: #278719) * Japanese update, provided by Hideki Yamane (Closes: #279028) * French update, provided by Christian Perrier (Closes: #279833) * German update, provided by Erik Schanze (Closes: #280964) -- Javier Fernandez-Sanguino Pen~a Sat, 30 Oct 2004 22:47:34 +0200 snort (2.2.0-6) unstable; urgency=low * Added a 'config-check' option in init.d to test the user's configuration file. This could be used to determine (in postinst) if snort should be restarted and warn the user (not yet done). This will help fix #165107, #165351 (since similar user mistakes would be detected), #276565 and #247665. * Added more information to the TODOs * Moved DEBIAN_TRESHOLD to DEBIAN_THRESHOLD (save for the debconf value in order to avoid reseting it) (Closes: #256581) * Removed double space in template (Closes: #275936) * The snort-rules package now Suggests: snort instead of depending on it (Closes: #249697) * Updated rules with the latest snapshot. -- Javier Fernandez-Sanguino Pen~a Mon, 25 Oct 2004 23:47:45 +0200 snort (2.2.0-5) unstable; urgency=low * Rules update -- Javier Fernandez-Sanguino Pen~a Wed, 13 Oct 2004 12:11:21 +0200 snort (2.2.0-4) unstable; urgency=medium * Fix typo introduced in previous upload that prevents ppp init script from loading properly common.parameters (Closes: #275439) -- Javier Fernandez-Sanguino Pen~a Fri, 8 Oct 2004 09:50:06 +0200 snort (2.2.0-3) unstable; urgency=high * Added config-file discovery to ppp init.scripts so that Snort is started (-c) with the proper configuration file if available or snort.conf if not. Setting high severity so that users running Snort with PPP don't end up with a full /var filesystem (Closes: #268707) * Fixed bashism in /etc/ppp/if-up.d/snort * Modified the init.d an if-up.d scripts so that /etc/snort/snort.common.parameters is only used if it exists. * Snort-rules-default now Recommends: oinkmaster now that it is in the archive (accepted 01 Oct 2004), this does not close #191105 since IMHO a better signature update mechanism should be introduced. Also updated the related TODO item. * Added a FAQ Q&A regarding rule updates in README.Debian * Added code to detect for deprecated preprocessors and warn the user, curretnly the code will not touch the configuration files himself and will not detect if you are using the standard package configuration file. It will prevent users from having configuration issues, however (Closes: #247665) * Modified the init.d file so you can use 'status' to determine if the Snort sensors are up or not. * Updated the 2.2 rule set with the snapshot provided at snort.org, new rules include detection of the recent JPEG exploit (Closes: #274244) * Fixed typo in templates (unfuzzied modified entries) and updated JA translation provided by Hideki Yamane (Closes: #273138) -- Javier Fernandez-Sanguino Pen~a Sat, 2 Oct 2004 12:41:50 +0200 snort (2.2.0-2) unstable; urgency=low * Taking over maintainership of this package (Closes: #265343) * Have Snort{,-mysql,-pgsql} depend on the same versions of the common packages (was not done in the previous release) * Updated JA translation (Closes: #271755) * Added a list of todo items in debian/TODO -- Javier Fernandez-Sanguino Pen~a Wed, 15 Sep 2004 10:42:43 +0200 snort (2.2.0-1) unstable; urgency=low + The 'Please Adopt Me!' release. + Fixed build-depends on libpcap0.8-dev closes: #263923 + Fixed failure to start on multiple interfaces, each interface now uses it's own configuration file. Closes: #248908 + Snort{,-mysql,-pgsql} depend on the same versioned rules + common Closes: #257078 + NL, DE, pt_BR, FR, JA translations added Closes: #265508, #264301, #246553, #246374, #239206 + New upstream release closes: #262297 -- Sander Smeenk Sun, 15 Aug 2004 15:24:39 +0200 snort (2.1.2-2) unstable; urgency=low ! Once again: Thanks Mario 'BitKoenig' Holbe for your great help: + Moved 'dialup' interface guessing from ppp/ip-up to postinst + Cleanup restart: only restart current running interfaces This also cleans up: 'dialup' logcheck failure, if no snort running + Prepare for multisensor support + Use start-stop-daemon --retry instead of sleep and kill -9 + Use invoke-rc.d only, if it exists Closes: #191574 + Correct please_restart to please_restart_manually + Re-Unified prerm and postinst scripts + Fix the backward-compatible just-kill-them-all in prerm; do we really need it? It definitely didn't work before and since the old-package prerm is called anyways, we shouldn't. + Simplify snort.debian.conf creation + snort-doc/examples now has a snort-rules auto-update script! Closes: #242521, thanks Marcel! + Updated fr.po by Christian Perrier Closes: #244048, thanks Christian! + Recent changes to init / ip-{up,down} scripts fixed this bug: Closes: #226236 + Fixed database schema's in {pg,my}sql packages. This does not fix the 'schema is not installed when debconf prompts for it'-problem. Closes: #244017 + Problem with snort-pgsql.template fixed. Closes: #244175 -- Sander Smeenk Sun, 18 Apr 2004 14:39:19 +0200 snort (2.1.2-1) unstable; urgency=low + New upstream release + Templates corrected (reflect same text at shared options, typos) + -b switch removed from snort startup, log_tcpdump changed to snort.log Closes: #241425, #171190 + French debconf translation by Christian Perrier Closes: #241991 + Added checks on purge of snort-rules-default. Fixed breakage Closes: #239542 + Firewall interaction is explained in the FAQ Closes: #217174 + Snort now has snort.common.options, and no -b anymore. Closes: #217244 + Changed helptext in snort.debian.conf to be more generic. Closes: #196694 + Improved dialup suppport. MANY Thanks to Mario 'BitKoenig' Holbe for his great work on this subject and the changes to the init script! Closes: #226236 -- Sander Smeenk Sun, 4 Apr 2004 15:12:27 +0100 snort (2.1.1-1) unstable; urgency=low + New upstream release Closes: #238427 + Added catalan debconf templates (debian/po/ca.po) Closes: #236644 + Fixed packaging bugs. + Applied following changes by Javier Fernández-Sanguino Peña. Thanks!! * Snort group is now created using --system in all packages Closes: #231580 * Both the cron.daily script and the postinst scripts set a default value for STATS_RCPT and STATS_TRESHOLD to avoid buggy behaviours if the user does not setup a proper value when interfacing with debconf. Still, these values should be checked in the config scripts. (Closes: #173331) * Snort-stat now exists if there are no results which will avoid it from sending empty emails (Closes: #217913, #174508, #192401, #172529) * Improved the explanations in several templates (Closes: #217173) * Updated Japanese translation (and fixed some po format errors, hopefully without damaging the po file) (Closes: #226680) * Included Catalan debconf translation (Closes: #236644) * Updated pt-BR debconf translation (Closes: #228244) * Re-Added (partial) spanish debconf translation (it seems that the work I did back in december 2001 has not been moved to po-debconf!) -- Sander Smeenk Wed, 17 Mar 2004 18:46:28 +0100 snort (2.1.0-4) unstable; urgency=low + Fixed FTBFS with -B flag specified to dpkg-buildpackage Thanks Pascal Hakim. + Restart target in init.d script requires a sleep on slow systems. Thanks Marco Gaiarin. + Updated the ja.po templates -- Sander Smeenk Wed, 1 Mar 2004 00:00:00 +0100 snort (2.1.0-3) unstable; urgency=low + Split binary-indep packages from binary-arch target Closes: #226072, #157708, #185806 + ip-up.d script now correctly guesses the PPPENV settings Closes: #225956 + Updated the fr.po templates Closes: #225906 -- Sander Smeenk Sun, 04 Jan 2004 12:51:38 +0100 snort (2.1.0-2) unstable; urgency=low + Added example init.d script to manage multiple sensors. + No longer kills custom daemons at init.d stop Closes: #181637 + Fixed build-dependency on libpcre3-dev Closes: #225707 + Fixed manpage to reflect new SIGHUP handling Closes: #122689 + Already implemented 'statesaving' dialup scripts Closes: #101725 + Changed default flow-portscan configuration Closes: #225506 -- Sander Smeenk Fri, 02 Jan 2004 13:01:54 +0100 snort (2.1.0-1) unstable; urgency=low + New upstream version + Depend on perl-modules for perlscripts Closes: #212805 + Fixed breakage of upgrades when conffiles were removed by user Closes: #207970 + Added japanese translation of templates Closes: #224191 -- Sander Smeenk Sun, 21 Dec 2003 15:48:55 +0100 snort (2.0.2-3) unstable; urgency=low * ip-up.d/snort and init.d/snort now use the same startup arguments with an extra config file that holds the common parameters. Closes: #217244 + ip-{up,down}.d/snort moved from snort-common to snort{,-mysql,-pgsql} * Clarified debconf questions. Fixed typos, corrected grammar. Closes: #217173 * Updated what documenation files are included. Closes: #217174 -- Sander Smeenk Fri, 24 Oct 2003 18:05:26 +0200 snort (2.0.2-2) unstable; urgency=low * Fixed 'native package' problem Closes: #216326 * Fixed syntaxerrors in init script Closes: #215142 -- Sander Smeenk Sun, 19 Oct 2003 16:11:09 +0200 snort (2.0.2-1) unstable; urgency=low Pascal: * Make snort-rules-default depend on a recent version of snort Closes: #135603 * Delete configuration files and log files on purge. Closes: #180043 Sander: * Fixed the init.d script to not start snort in dialup mode at boot. Closes: #207291, #208003 -- Sander Smeenk Wed, 08 Oct 2003 21:09:34 +1000 snort (2.0.1-3) unstable; urgency=low + Fixed FTBFS: automake1.6 dependency (Closes: #207010) -- Sander Smeenk Mon, 25 Aug 2003 10:45:31 +0200 snort (2.0.1-2) unstable; urgency=low + Snort now co-maintained by Pascal Hakim + fr.po added, forgot the NMU by Christian Perrier + Untranslatable strings marked for translation fixed Closes: #206972, #192952 + create_postgresql.gz has been updated and now uses 'TIMESTAMP' Closes: #206372 + Changed the init.d's "start" section to support dialup mode Closes: #205873 + SNMP support has been removed upstream, I forgot to remove the MIB message from snort-common Closes: #206668 + Since the MIB note was removed, this also fixes inapropriate use of debconf, which Closes: #205085 -- Sander Smeenk Sun, 24 Aug 2003 11:41:23 +0200 snort (2.0.1-1) unstable; urgency=low + New upstream source -- Sander Smeenk Tue, 19 Aug 2003 16:32:46 +0200 snort (2.0.0-3.1) unstable; urgency=low + Eeps! Forgot my versioned dependencies! -- Sander Smeenk Mon, 05 May 2003 21:02:13 +0200 snort (2.0.0-3) unstable; urgency=low + Added 'Provides: Snort' to snort-{pg,my}sql (Closes: #190064) + Moved parameter -b to snort.conf (Closes: #190748) + Seems fixed, according to submitter (Closes: #184596) + Fixed ppp/ip-up.d/snort, first source, then test (Closes: #190999, #191894) + Dependency on libpq3 isn't mandatory since postgresql-dev depends on it. (Closes: #191570) -- Sander Smeenk Mon, 05 May 2003 20:27:03 +0200 snort (2.0.0-2) unstable; urgency=low + Fixed PPP environment variables in ip-up.d. (Closes: #190107) I really don't know how to support multiple instances of snort here + Versioned depends on snort-rules-default (Closes: #190111) + Fixed wrong pid-finding init.d script (Closes: #190154) + cronjob 'snort' renamed to '5snort' again (Closes: #190303) -- Sander Smeenk Wed, 23 Apr 2003 21:00:23 +0200 snort (2.0.0-1) unstable; urgency=high + New Upstream version + SECURITY FIXES (Closes: #189267) - XML logging and SNMP notification seems to be removed upstream ? + The init.d script has added intelligence that will hopefully detect wether snort was running in manual mode / dialup mode when logrotate ran, and leave it in that state (Closes: #186060) + Tried to fix snort-stat by adding -a option (Closes: #186214) + Renamed cronjob 5snort to snort (Closes: #186380) + Rebuilt with new libsnmp-0.4.2 linking (Closes: #186415) + po-debconf patch applied, thanks (Closes: #186881) + Including sid-msg.map and gen-msg.map (Closes: #187291) -- Sander Smeenk Sat, 05 Apr 2003 13:32:18 +0200 snort (1.9.1-4) unstable; urgency=low + Added dependency on perl-modules to snort-common (Closes: #185180) + Attempt 1 at fixing snort-stat again (Closes: #184622) + init.d script tells how to start snort on dialup system (Closes: #181074) + snort-stat supports -a now (scan whole file) (Closes: #184282) -- Sander Smeenk Tue, 18 Mar 2003 21:37:47 +0100 snort (1.9.1-3) unstable; urgency=low + Fixed Override Disparities + Added section to snort-paper (Closes: #183988, #183388) -- Sander Smeenk Wed, 12 Mar 2003 09:04:30 +0100 snort (1.9.1-2) unstable; urgency=low + Fixed PostgreSQL CreateDB-scheme (Closes: #181733) + Fixed snort-doc (Closes: #183988, #183388) + A supposed fix for #181477 introduced a new bug which is now fixed (Closes: #184128, #184071) + Fixed -s commandline argument. It doesn't need an argument. (Closes: #183790) + Startup arguments for init.d invocation and pppd invocation are now 'the same' (Closes: #183554) -- Sander Smeenk Mon, 10 Mar 2003 23:57:12 +0100 snort (1.9.1-1) unstable; urgency=high * SECURITY FIX ISS X-Force has discovered a remotely exploitable buffer overflow condition in Snort. A buffer overflow flaw exists in Snort RPC preprocessing code that is vulnerable to attack. -- Sander Smeenk Mon, 03 Mar 2003 21:15:27 +0100 snort (1.9.0rel-4) unstable; urgency=low + Changed logrotate (Closes: #176495) + Renamed 'portscan2' to 'portscan2.log' (Closes: #173978) + Recompile Fixed PostgreSQL dependency (Closes: #175977) + Applied patch against snort-stat (Closes: #175657) + Added 'portscan2-ignorehosts' example + enabled for $HOME_NET (Closes: #173985) + Marks old 'snort.rules.files' OBSOLETE (Closes: #173981) + Fixed snort-stat manpage to reflect alert.log (Closes: #175364) + Fixed snort-pgsql logging bug with last_cid (Closes: #166722) + Updated snort-rules-default to latest version + Recompile fixed libsnmp5 dependency (Closes: #183094, #182722) + Init scripts fixed (Closes: #181497) + Changed rights on /var/log/snort to snort.adm (Closes: #180216) + Fixed mkdir -p in snort-rules-default preinst (Closes: #180046) -- Sander Smeenk Sat, 25 Jan 2003 16:48:40 +0100 snort (1.9.0rel-3) unstable; urgency=low + Using invoke-rc.d instead of direct /etc/init.d calls (Closes: #165135) -- Sander Smeenk Thu, 17 Oct 2002 11:35:42 +0200 snort (1.9.0rel-2) unstable; urgency=low + Fixed Startup in Manual mode (Closes: #164644) + Fixed failing preinst in snort-rules-default (Closes: #164643) + No more useless cron messages (Closes: #158490) + Manually changed snort.c to fix -s cmdline problem (Closes: #164969) + DISABLED OLD PORTSCAN PREPROCESSOR, REPLACED BY PORTSCAN2 PREPROCESSOR -- Sander Smeenk Wed, 16 Oct 2002 19:58:29 +0200 snort (1.9.0rel-1) unstable; urgency=low + New Upstream Version + Moves old /etc/snort/*.rules to new rules/ directory (Closes: #158447, #160888) + Closes: #158845, leftover bug fixed in previous upload. + Files *were* created with incorrect permissions (Closes: #162386) + Fixed Logrotate (Closes: #158042, #159456) -- Sander Smeenk Sat, 31 Aug 2002 15:59:16 +0200 snort (1.9.0beta4-5) unstable; urgency=low + ASN.1 Decoder turned OFF because of TOO MANY LOGENTRIES! * Fixed Bugs (Closes: #157443) + Commented out the 'Initializing Output Plugins!' message. + Changed to logrotate to rotate logfiles (Closes: #157706) * Unreproducable, but changed to new rotation system (Closes: #156896) + Specified 'portscan2.log' as portscan2 preprocessor logfile + Supports 'any' in the address range question to not trust any side of the network. Wishlist but no bug was filed for this. + Fixed faulty information in templates (Closes: #158708) + Added README.PHP in contrib/ for clearness (Closes: #158714) + snort-stat reported hostname with \n at the end, chomped off now. -- Sander Smeenk Fri, 23 Aug 2002 22:17:20 +0200 snort (1.9.0beta4-4) unstable; urgency=low + Severe postinst breakage when installing newer versions of Snort from scratch. Fixed. + Fixed world-writable logfiles problem (Closes: #155893) + Password-field must be filled in. + snort-mysql's postinst put postgresql config in snort.conf :( -- Sander Smeenk Tue, 20 Aug 2002 13:21:42 +0200 snort (1.9.0beta4-3) unstable; urgency=low + Fixed world-writable logfiles problem (Closes: #155893) + Password-field must be filled in. + snort-mysql's postinst put postgresql config in snort.conf :( -- Sander Smeenk Tue, 20 Aug 2002 11:11:35 +0200 snort (1.9.0beta4-2) unstable; urgency=low + Found nicer way of fixing #155893 (Closes: #155893) + Typo two typos in bugnumbers. Previous #153221 should be (Closes: #153211) Previous #156119 should be (Closes: #156199) Sorry for the mixups. It was late :/ + Fixed b0rking preinsts (Closes: #157085) -- Sander Smeenk Fri, 16 Aug 2002 00:03:41 +0200 snort (1.9.0beta4-1) unstable; urgency=low + Fixes world readable configuration file problem (Closes: #154977, #155484) + XML output should work in this release (Closes: #153845) + MIB's moved to /usr/share/snmp/mibs (Closes: #153221) + snort-stat now uses threshold (Closes: #147197) + SMTP rules have been disabled per default (Closes: #153817) + Fixed typo's in debconf screens (Closes: #154687) + 'Hacked around' the logfiles-not-group-readable problem (Closes: #155893) + Upload accepted (Closes: #156119) + Leftover bugs that have been fixed earlier (Closes: #134979) * Fixed but no-bugreports: + 'Initializing Plugins' log-message removed from src/plugbase.c + Rules have moved from /etc/snort to /etc/snort/rules/ + snort-{pg,my}sql now update the snort.conf file properly + stream4 evasion-detection disabled + more... -- Sander Smeenk Wed, 14 Aug 2002 22:00:24 +0200 snort (1.8.7-4) unstable; urgency=low + Typo in snort-stat, fixed. -- Sander Smeenk Sat, 03 Aug 2002 11:21:49 +0200 snort (1.8.7-3) unstable; urgency=low + snort-stat now shows hostname from where it's reporting. + ruleset tuning (Closes: #155084) + i see no rules with <- direction specifier, snort starts just the way it should with telnet.rules and backdoor.rules (Closes: #153400) + Specific major-version Build-Depends on libsnmp4.2-dev (Closes: #155163) -- Sander Smeenk Sat, 03 Aug 2002 01:34:49 +0200 snort (1.8.7-2) unstable; urgency=low + Fixed situations where snort got restarted by cronscript while being started in dialup-mode. Snort should support -HUP'ing. + Fixed typo in /etc/snort/snort.conf (Closes: #152840, #152671) + Fixed stupid snmpd.conf auto-addition, that was bad (Closes: #153074) + Each MTA supplies 'sendmail' and each system has 'MTA' (Closes: #151678) + Snort-pgsql has debconf 'help' on configuring a DB (Closes: #149661) + Fixed snort-mysql.config problem (Closes: #110952) + Multiple subnets problem fixed (Closes: #146861) * Maintainer Wipes Forehead. -- Sander Smeenk Thu, 11 Jul 2002 21:06:50 +0200 snort (1.8.7-1) unstable; urgency=low + NEW UPSTREAM! * No more local-{first,last} creation in preinst (Closes: #152184) * var EXTERNAL_NET !$HOME_NET in snort.conf (Closes: #152182) -- Sander Smeenk Mon, 8 Jul 2002 10:59:16 +0200 snort (1.8.6-6) unstable; urgency=low * Fixed serious log-rotation problem (Closes: #151922) * Fixed typo in rules file: --enable-snmp versus --with-snmp + Reported in private mail, no bugs to close. * New ruleset & config & classification (Closes: #152070) * Not a bug (Closes: #152068) -- Sander Smeenk Fri, 5 Jul 2002 23:23:09 +0200 snort (1.8.6-5) unstable; urgency=low * Fixed 5snort cronjob, thanks for the patches. + Closes: #151336, #151341, #151393, #151395 * Can't check this problem, it looks fixed to me. + Closes: #94709 * Cronjob has been reworked so it uses /var/log/snort/alert, also snort.conf has been configured to log to syslog by default. + Closes: #146680 * Debconf frontend now supports multiple addresses (ranges) in address_range question. + Closes: #66932 * Bug-submitter thinks this bug is fixes now. + Closes: #104074 * Weird unaligned traps on alpha are unconfirmed snort-related. Also, haven't heard anyone else about this. + Closes: #130675 * Fixed the debconf script's perl-regexp to support multiple subnet-definition separated by commas + Closes: #146945 * Once more fixed /etc/snort/snort.conf _NOT_ to log to syslog, since that would stop logging to /var/log/snort/alert, and that would break the snort-stat cronjob, and more. -- Sander Smeenk Sun, 30 Jun 2002 00:29:26 +0200 snort (1.8.6-4) unstable; urgency=low + Fixed POSIX shell incompatibility (Closes: #150409) + Fixed Suggests instead of Recommends on snort-doc. (Closes: #150768, #150702) + Fixed RULE_PATH setting in snort.conf + Fixed syslog default log-type in snort.conf (Closes: #46680, #124169) + The cronjob in this release _tries_ syslogd-listfiles, and if that is not available defaults to /var/log/auth.log. (Closes: #120991) + Added section in README.Debian about FLEXRESP rules and snort-not-starting because of permission denied (Closes: #132577) + Fixed Subject: in body instead of headers (Closes: #132220, #145836) + Fixed 'misleading comments' in snort.conf (Closes: #145749) + The empty snort.conf problem was fixed in 1.8.6-1? (Closes: #144218) + This was fixed in an earlier release (Closes: #134792) + Applied patch against cronjob (Closes: #151229) + Package 'debianutils' is in base and required, so no dependancies are nescasary (Closes: #145837) + Subjectless email fixed (Closes: #145876) + Cronjob emails daily-alerts instead of weekly (Closes: #145901) + Looks fixed to me (Closes: #136220) + Thanks for the patches everyone!! Greatly appreciated! (Closes: #151257) -- Sander Smeenk Fri, 28 Jun 2002 11:22:13 +0200 snort (1.8.6-3) unstable; urgency=low * New Maintainer! Sander Smeenk + POSTGRESQL SUPPORT WHOO (Closes: #108348) -- Sander Smeenk Tue, 4 Jun 2002 21:28:15 +0200 snort (1.8.6-2) unstable; urgency=low * [debian/snort-rules-default.conffiles] Added missing entries. * [debian/rules] Honour DEB_BUILD_OPTIONS. * [debian/rules] Use a variable to hold configure options that are common to the variant packages. * [debian/rules] Use debhelper *.dirs . * [debian/*.doc-base] New. * Bumped Standards-Version. * Previous uploads fixed more bugs than noted. (Closes: #142508, #143294, #131948) * Enabled SNMP support. * Added Spanish translations to debconf templates. (Closes: #126725) * Changes above by JHM (thanks!) * Added a new snort_stat.pl (Closes: #143875, #131887, #143962) -- Robert van der Meulen Mon, 29 Apr 2002 13:03:24 +0200 snort (1.8.6-1) unstable; urgency=low * Sander Smeenk fixed: + Closes: #111533, #131047 * Changed snort.template and made a clear text about what HOME_NET is used for. I had to remove the de_DE and pt_BR translations though. + Closes: #134063 * The postinst now creates /etc/snort/snort.debian.conf if it doesn't exist by echoing a basic content into the file. Kinda ugly, but it works. + Closes: #132220, #134898, #136848, #139143, #139423 * These are all about snort-stat and empty daily emails. Reported against version 1.7-9, and it seems to be fixed now. + Closes: #109135, #117010 * Typo. Fixed. + Closes: #104447 * Ooooooh ns.somehost.tld is portscanning me! Add the nameservers to the DNS_SERVER value in snort.conf. Although I think this was fixed in 1.8.4beta2 + Closes: #116169 * I added 1 or 2 lines of short descriptive text to each package's description. It should be more clear now. + Closes: #67176, #130242, #133591, #79095, #102320 * These are left-over bugs. Fixed in earlier releases. + Closes: #128689, #131049 * Fixed the init.d script so that it doesn't say "already started" on errors. Snort returns 0(good) or 1(bad), not 2. + Closes: #143268 * The supplied patch didn't contain any valid patchable entries. The script has changed that much that I assume it has been fixed already. * Thanks, smeenk :) -- Robert van der Meulen Fri, 19 Apr 2002 16:21:35 +0200 snort (1.8.4beta1-2) unstable; urgency=low * Fixed 'Depends:' of 'snort' package to depend on new-style snort-common package. (Closes: #131730) * Marked some /etc/ files as conffiles (Closes: #132823) * Fixed build problems on some arches (Closes: #132912, #131741) * Fixed quoting error in virus.rules (Closes: #131947) * Fixed snort-common Replaces: line (Closes: #131701, #133106) * Removed snort.debian.conf from the package (Closes: #132517) * Fixed initscript to allow for multiple subnets (Closes: #125686) -- Robert van der Meulen Sun, 10 Feb 2002 16:11:55 +0100 snort (1.8.4beta1-1) unstable; urgency=low * New upstream release (Closes: #131517, #106093, #115955, #118270, #127564) * Moved config stuff to snort-common (Closes: #109862) * Fixed debconf instuctions for dialup (Closes: #113250) * Fixed snort-stat (Closes: #115873, #116964) * New upstream has icmp-info rules reordered (Closes: #111832) * Gave 'count' a bit more room in email reports (Closes: #102657) * Fixed snort cron script to not kill snort in dialup mode (Closes: #97950) * Fixed snort cron script to not send empty emails (Closes: #112100,#117079) * Fixed HOME_NET variable passing in init script (Closes: #117886) -- Robert van der Meulen Sun, 10 Feb 2002 15:41:40 +0100 snort (1.8p1-1) unstable; urgency=low * New upstream release * Depend on system-log-daemon|syslogd (Closes: #102511) * Fixed snort-stat empty log reports (Closes: #107515, #98944, #103542) * Fixed logfile pattern (Closes: #102787) -- Robert van der Meulen Tue, 14 Aug 2001 20:37:43 +0200 snort (1.7-9) unstable; urgency=low * Removed 'snort.debian.conf' from the 'conffiles' to avoid it being replaced. (Closes: #96950) * Fixed a lot of errors in the manpage. (Closes: #99873, #101868) * Removed '-s' option, and enabled logging to syslog in snort.conf. (Closes: #101873) * Fixed inconsequent ip-up.d and init.d behaviour (Closes: #101874) * Added pt_BR support (Closes: #93219) * Make snort stop before purging/removing. -- Robert van der Meulen Sun, 15 Jul 2001 14:04:35 +0200 snort (1.7-8) unstable; urgency=low * Have snort depend on system-log-daemon (Closes: #99203) * Changed package description (Closes: #99302) * Changed debconf 'extra options' question (Closes: #99303) -- Robert van der Meulen Sun, 17 Jun 2001 19:16:59 +0200 snort (1.7-7) unstable; urgency=low * Added a modified version of 'snort-stat', from Christian Hammers (Closes: #93739) * Changed '5snort' to do syslogd-listfiles --auth, to correctly list logfiles using the 'auth' facility. (Closes: #97467) * Modified crontab file to correctly keep /var/log/snort clean. (Closes: #97465, #97003) -- Robert van der Meulen Tue, 15 May 2001 20:40:03 +0200 snort (1.7-6) unstable; urgency=low * Added more paths in /etc/init.d/snort (Closes: #94651) * Removed non-US dependency on libssl096 (Closes: #92748) * Fixed old man-page synopsis bug (Closes: #90889) * Added 'please restart' notice for dialup users that upgrade(Closes: #90979). * Fixed 'snort.conf' indiscrepancy (comma-separated versus whitespace-separated) (Closes: #93742) * Added '-d' option for startup (Closes: #78667) * Added snort FAQ (Closes: #91219) -- Robert van der Meulen Mon, 30 Apr 2001 01:34:25 +0200 snort (1.7-5) unstable; urgency=low * fixed no-pidfile bug when using dialup interfaces. (Closes: #89133) * forgot to close host-timeout bug (Closes: #87838) * Removed bashisms from cron script (Closes: #88596) * Fixed start-stop-daemon paths in init.d script (Closes: #88678) * Corrected multiple -i startup option typo (Closes: #89131) * Added mysql support (Closes: #89840) * Applied 'unaligned trap on alpha' patches from Paul Slootman (Closes: #85684, #81092) -- Robert van der Meulen Thu, 22 Mar 2001 22:40:51 +0100 snort (1.7-4) unstable; urgency=low * lets-fix-lots-of-bugs release * Fixed snort-stat: - output is now 79 chars wide. (Closes: #70649) - output written to tempfile first, to work around 'host' timing out sometimes. (Closes: #74937) * There is no 'WARNING' message on startup, anymore (Closes: #79289) * Fixed crontab script to reflect /var/log/portscan.log -> /var/log/snort/portscan.log change. (Closes: #85571) * Fixed syntax error in cron file (*shame*) (Closes: #85686) * added check for existence of /var/log/snort/portscan.log in cron file (Closes: #86596 ) * Fixed syslog dependency problem (syslogd|syslog-ng) (Closes: #85807) * Changed crontab file to allow for multiple auth.* files (Closes: #84183) * Snort doesn't crash on empty logfiles. (Closes: #85284 ) * Snort generates correct snort-stat messages on a dialup link now. (Closes: #82504) -- Robert van der Meulen Fri, 2 Mar 2001 23:32:40 +0100 snort (1.7-3) unstable; urgency=low * Fixed a couple of bugs in the startup scripts for dialup. Closes: #85201 * Made postinst modify /etc/snort/snort.debian.conf. Closes: #85156 * 'hardwired' /etc/ppp/ip-up.d/snort to use the PPP interface. Closes: #85218 * Fixed problem with multiple 'auth' logfiles. Closes: #84316 -- Robert van der Meulen Fri, 9 Feb 2001 23:47:19 +0100 snort (1.7-2) unstable; urgency=low * Fixed a small bug in the cron.daily script; snort.conf -> snort.debian.conf -- Robert van der Meulen Tue, 6 Feb 2001 23:47:31 +0100 snort (1.7-1) unstable; urgency=low * New upstream version. * New maintainer * Moved /etc/snort/snort-lib to /etc/snort/snort.conf /etc/snort/snort.conf was a script to set DEBIAN config variables, it now is the base rule file. /etc/snort/snort.debian.conf does the 'old' job. * modified startup parameters for 'new style' -- Robert van der Meulen Sun, 4 Feb 2001 23:31:02 +0100 snort (1.6.3a-5) unstable; urgency=low * Accidently typed "echo" instead of "kill" in init script. Closes: #84345 -- Christian Hammers Thu, 1 Feb 2001 11:05:16 +0100 snort (1.6.3a-4) unstable; urgency=low * Enhanced init.d script. Fixes problems with cron rotations. * Now depends on debhelper. Closes: #75462 * Added german translation for debconf menus. Closes: #83873 * Is no longer accidently a "native Debian" package. Closes: #82097 * Problem with libmysqlclient.so.9 fixed long ago. Closes: #74798, 74806 * Debconf should be work fine now. Closes: #59726, #70711 * Adopted new homepage URL. Closes: #69805 * Problem no longer reproducable. Closes: #67732, #67734 * Added dependency to the virtual package "syslogd". Closes: #84183 -- Christian Hammers Wed, 31 Jan 2001 00:38:22 +0100 snort (1.6.3a-3) unstable; urgency=low * Changed the "interface" debconf question to medium. Closes: #80996 -- Christian Hammers Wed, 31 Jan 2001 00:10:01 +0100 snort (1.6.3a-2) testing unstable; urgency=low * Ok, forgot the ">/dev/null" after a savelog cron command... -- Christian Hammers Sun, 31 Dec 2000 01:11:37 +0100 snort (1.6.3a-1) testing unstable; urgency=low * This is still 1.6.3! Somehow the .orig.tar.gz got renamed so I have to make a new -1 upload. * Added rotation of /var/log/portscan.log. Closes: #80864 -- Christian Hammers Sat, 30 Dec 2000 17:52:58 +0100 snort (1.6.3-8) unstable; urgency=low * writed more good english in debconf template. Closes: #78367 * Adjusted debconf question for email recipient to "medium". -- Christian Hammers Fri, 1 Dec 2000 20:01:38 +0100 snort (1.6.3-7) unstable; urgency=low * Recompiled against new kernel to handle pppeo. (requested by jeffml@pobox.com) -- Christian Hammers Sun, 26 Nov 2000 14:55:25 +0100 snort (1.6.3-6) unstable; urgency=low * Added debhelper to build depends. Closes #75462 -- Christian Hammers Wed, 25 Oct 2000 10:51:23 +0200 snort (1.6.3-5) unstable; urgency=medium * Recompiled against libmysqlclient10. -- Christian Hammers Tue, 17 Oct 2000 11:00:11 +0200 snort (1.6.3-4) unstable; urgency=low * Added dependencies to adduser >= 3.11. Closes: #69425 -- Christian Hammers Sun, 20 Aug 2000 08:53:50 +0200 snort (1.6.3-3) unstable; urgency=low * Made postinst/preinst idempotent. Closes: 67732, 67734 -- Christian Hammers Sun, 20 Aug 2000 08:53:37 +0200 snort (1.6.3-2) unstable; urgency=low * Disabled defrag-preprocessor due to upstream bugs. -- Christian Hammers Mon, 24 Jul 2000 17:21:18 +0200 snort (1.6.3-1) unstable; urgency=low * New upstream release. * Now chrooted to /var/log/snort and running as snort:snort! * More scan detections added. * Applied fixed from Ian Zimmerman. Thanks. Closes: #66057 -- Christian Hammers Sun, 23 Jul 2000 14:11:50 +0200 snort (1.6.2.2-1) unstable; urgency=low * New upstream release 1.6.2.2. Minor patches. -- Christian Hammers Sun, 9 Jul 2000 23:21:16 +0200 snort (1.6.1-1) unstable; urgency=low * Many new scans for known vulnerabilities included! -- Christian Hammers Sat, 8 Jul 2000 17:06:47 +0200 snort (1.6-1) unstable; urgency=low * New upstream major release. -- Christian Hammers Tue, 4 Jul 2000 18:40:34 +0200 snort (1.5.1-12) unstable; urgency=low * Removed warning for port 53 source port traffic because old BINDs generated them. Closes: #65107 -- Christian Hammers Tue, 6 Jun 2000 19:07:06 +0200 snort (1.5.1-11) frozen unstable; urgency=low * Package could not be build on powerpc because there were some obsolete AM_PROG_INSTALL (now AC_PROG_INSTALL) statements in aclocal.m4. Closes: #57916 * Improved documentation about reading the tcpdump-style binary log file. Closes: #57789 -- Christian Hammers Sun, 13 Feb 2000 18:23:58 +0100 snort (1.5.1-10) frozen unstable; urgency=low * Make sure that snort's cron.daily script gets renamed to the new name in snort.preinst so that it won't be called twice. -- Christian Hammers Wed, 9 Feb 2000 12:37:53 +0100 snort (1.5.1-9) frozen unstable; urgency=low * Argh! Forgot to remove a malicious line in cron.daily. Closes: #57611 -- Christian Hammers Wed, 9 Feb 2000 11:10:53 +0100 snort (1.5.1-8) frozen unstable; urgency=low * Added "exit 0" to cron.daily script. -- Christian Hammers Sat, 5 Feb 2000 16:07:05 +0100 snort (1.5.1-7) frozen unstable; urgency=low * Applied upstream patch to get binary mode working. Now this is really 1.5.1 and not 1.5patch1, btw. * switched logging to tcpdump compatible binary mode so that snort is usable on 100MBit networks. Closes: #55949 * fixed daily report of the weekly rotated auth.log. Closes: #56476 * cron job restarts snort correctly. Closes: #56608 * postinst should start snort only if $startup=="boot". * sanified snort.config (thank to Mario Holbe, again) * removed debconf-bug compatibility. Closes: #54990 -- Christian Hammers Sat, 29 Jan 2000 17:57:34 +0100 snort (1.5.1-5) frozen unstable; urgency=low * User may only enter one interface and no comma separated list that confuses the postscript, too. Closes: #55567 * Explained a debconf question. Closes: #55568 * Fixed email address in copyright. * uncommented all backdoor-lib rules that do only whatch for a port >=1024, ignoring the content since they produce too much false-positives. (as requested by chirik@castlefur.com) * Added a note that this isn't actually 1.5.1 but 1.5patch1. * Included "real" manpage that upstream author wrote. -- Christian Hammers Sat, 22 Jan 2000 15:30:32 +0100 snort (1.5.1-4) frozen unstable; urgency=low * Workaroung for debconf bug (#55317). * Do not ask user for IP range when using dialup-mode. (They normally wouldn't know!) * -- Christian Hammers Sat, 22 Jan 2000 15:00:25 +0100 snort (1.5.1-3) frozen unstable; urgency=medium * Fixed cron script. Closes: #54553 * The following was done by --- Mario Holbe --- thanks again! * Fixed quoting of metacharacters in postinst. Closes: #54984 * replaced the snort.options thingy by a sh-based snort.conf - removed it from snort-lib - changed the README.Maintainer comment - changed rule for it - created snort.conf with slightly beautified variables * modified ip-down.d to work with new snort.conf * modified ip-up.d to work with new snort.conf * modified snort.init.d to work with new snort.conf Closes: #54553 - this closes some bugs in 1.5.1-2, which i've not submitted :-) * modified snort-stat to work with new snort.conf Closes: #54555 * modified snort.cron.daily to work with new snort.conf/snort-stat * added new snort/stats_treshold to snort.templates * modified snort.config to work with new config variable * modified snort.postinst to work with new snort.conf * modified snort.postrm to remove snort.conf if purge * all over all: did some beauifying :) -- Christian Hammers Fri, 14 Jan 2000 21:09:42 +0100 snort (1.5.1-2) unstable; urgency=low * I was diligently and added five more debconf options :) Closing: #54227 - receipient of the daily statistic mail - start at boot/ip-up/manual - interface - promiscuous mode - reverse order * Enhanced the snort-stat script with help from Mario Holbe. Closes: #54369 -- Christian Hammers Fri, 14 Jan 2000 21:09:36 +0100 snort (1.5.1-1) unstable; urgency=low * Fixed cron script with the new logging method. Closes: #54226, #54275 * Applied upstream patch1 and one from the mailing list. Closes: #54225, #54224 * Added README.Debian with a small FAQ. * Changed configuration and added a /etc/snort/snort.options file. -- Christian Hammers Tue, 11 Jan 2000 22:56:33 +0100 snort (1.5-2) unstable; urgency=low * Fixed typo. Closes: #54269 -- Christian Hammers Sun, 9 Jan 2000 18:58:45 +0100 snort (1.5-1) unstable; urgency=low * New upstream release. Features speed burst and modularization of the rules file. * Now using syslog facility to log to /var/log/auth.log. (Details are still available in /var/log/snort/) * Daily generation of scan statistic via cron script. -- Christian Hammers Sun, 9 Jan 2000 18:58:39 +0100 snort (1.3.1-8) unstable; urgency=low * Sorry, future timestamps in package. Closes: #51848 (too much Y2K testing, I guess) -- Christian Hammers Sun, 5 Dec 1999 16:49:56 +0100 snort (1.3.1-7) unstable; urgency=medium * Changed prio to high since it's an grave bug that was closed. * Closes: #51130 -- Christian Hammers Tue, 15 Feb 2000 00:34:59 +0100 snort (1.3.1-6) unstable; urgency=medium * Snort stalles after installation due to debconf misuse. * Closes: #51130 -- Christian Hammers Wed, 24 Nov 1999 00:29:39 +0100 snort (1.3.1-5) unstable; urgency=low * Added debconf support to enter address range. -- Christian Hammers Mon, 22 Nov 1999 20:13:41 +0100 snort (1.3.1-4) unstable; urgency=low * Extended archiving of log files. Closes: #50176 -- Christian Hammers Mon, 22 Nov 1999 00:56:38 +0100 snort (1.3.1-3) unstable; urgency=low * Registered cron script as config file. Closes: #48391 -- Christian Hammers Wed, 27 Oct 1999 18:36:06 +0200 snort (1.3.1-2) unstable; urgency=low * Added the non-promiscuous flag (-p) to the man-page. -- Christian Hammers Sun, 24 Oct 1999 18:52:20 +0200 snort (1.3.1-1) unstable; urgency=low * New upstream version. * Many bugfixes. -- Christian Hammers Thu, 14 Oct 1999 00:20:35 +0200 snort (1.2.1-3) unstable; urgency=low * Included the LISA'99 Conference paper as documentation. * FHS compliant. * Improved /etc/cron.daily script. Fixes: #44568. -- Christian Hammers Fri, 10 Sep 1999 01:55:22 +0200 snort (1.2.1-2) unstable; urgency=low * Added a nice manpage (thanks to Peter T. Breuer). Closes #44127. -- Christian Hammers Tue, 7 Sep 1999 17:15:51 +0200 snort (1.2.1-1) unstable; urgency=low * New upstream release with fixes and speed improvement. (fixes: #43049) -- Christian Hammers Mon, 30 Aug 1999 21:15:10 +0200 snort (1.2-2) unstable; urgency=low * Made cron.daily a bit quieter. (fixes: #43049) -- Christian Hammers Mon, 16 Aug 1999 23:05:16 +0200 snort (1.2-1) unstable; urgency=low * New upstream version with great performance improve. -- Christian Hammers Mon, 2 Aug 1999 20:37:09 +0200 snort (1.1-2) unstable; urgency=low * Made better default IP in config file and fixed typo. -- Christian Hammers Tue, 13 Jul 1999 00:02:48 +0200 snort (1.1-1) unstable; urgency=low * Initial Release. -- Christian Hammers Mon, 12 Jul 1999 21:30:57 +0200