Bug#862485: marked as done (fwsnort mustn't set iptables rules when purged)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 14 May 2017 21:18:36 +0000
with message-id <E1dA0uS-000AuT-JF@fasolo.debian.org>
and subject line Bug#862485: fixed in fwsnort 1.6.5-4
has caused the Debian Bug report #862485,
regarding fwsnort mustn't set iptables rules when purged
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
862485: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862485
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: fwsnort mustn't set iptables rules when purged
• From: Adrian Bunk <bunk@debian.org>
• Date: Sat, 13 May 2017 17:03:14 +0300
• Message-id: <[🔎] 149468419444.453.5347700095890788448.reportbug@localhost>

Package: fwsnort
Version: 1.6.5-3
Severity: critical
Tags: security

The #861999 fix adds the following on purging:
  grep -v FWSNORT /var/lib/fwsnort/fwsnort.save | iptables-restore

Imagine the following:
1. today I install fwsnort and try it
2. later today I uninstall it
3. 2 years later I purge all long-removed packages

This would in 2 years set the iptables rules to what they
were today before I shortly played with fwsnort.


A case could be made for "fwsnort --ipt-flush" in prerm.

Or considering that activating any fwsnort rules is not done
automatically and that the package should not interfere with
what the the admin has done.

--- End Message ---

--- Begin Message ---

• To: 862485-close@bugs.debian.org
• Subject: Bug#862485: fixed in fwsnort 1.6.5-4
• From: Axel Beckert <abe@debian.org>
• Date: Sun, 14 May 2017 21:18:36 +0000
• Message-id: <E1dA0uS-000AuT-JF@fasolo.debian.org>

Source: fwsnort
Source-Version: 1.6.5-4

We believe that the bug you reported is fixed in the latest version of
fwsnort, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 862485@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Axel Beckert <abe@debian.org> (supplier of updated fwsnort package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 14 May 2017 22:57:20 +0200
Source: fwsnort
Binary: fwsnort
Architecture: source all
Version: 1.6.5-4
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Axel Beckert <abe@debian.org>
Description:
 fwsnort    - Snort-to-iptables rule translator
Closes: 862485
Changes:
 fwsnort (1.6.5-4) unstable; urgency=medium
 .
   * QA upload.
   * Flush all fwsnort firewall rules during prerm at package removal time
     instead of restoring the firewall state from before "fwsnort
     --ipt-apply" was called the last time at package purging time.
     (Closes: #862485)
Checksums-Sha1:
 d8add5b8cae07fafd32ca5928df52ae0362a06ce 1888 fwsnort_1.6.5-4.dsc
 fbfdee09b30ef7bfeb41195179f1934a16692666 8268 fwsnort_1.6.5-4.debian.tar.xz
 bbf12d9040670fa7a2db669fd4abba567fa82677 62422 fwsnort_1.6.5-4_all.deb
 b7ef99042befb502a0b53098631be36d1eba42eb 5381 fwsnort_1.6.5-4_amd64.buildinfo
Checksums-Sha256:
 c951e49c36751fb6f1543f6df5e64aa745f4d4c5ee9c72cf58d6c14045f69536 1888 fwsnort_1.6.5-4.dsc
 81a4601aa9e144743a99c38b299887ae89fdcd2a195c542f813357eeb792490a 8268 fwsnort_1.6.5-4.debian.tar.xz
 8e4f120971c2c8b46d538a72aada91a4ff9a98a2620d3955210efe05094aef22 62422 fwsnort_1.6.5-4_all.deb
 f2fa42c23033329d5279e0b418d57891d8d3caaf5f5344956e91da9a83fc4368 5381 fwsnort_1.6.5-4_amd64.buildinfo
Files:
 f2ad711890aa3729305463272f4d2e70 1888 admin optional fwsnort_1.6.5-4.dsc
 964440b45d5b646e551a1f4853ccc56b 8268 admin optional fwsnort_1.6.5-4.debian.tar.xz
 215847d2920b3763f8e5687746ff8351 62422 admin optional fwsnort_1.6.5-4_all.deb
 6f4273f9b2c17564d67548abc1d0f87a 5381 admin optional fwsnort_1.6.5-4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAlkYxTgACgkQa+Zjx1o1
yXXGNw/+KGUaqVPxWPrqnPI+coxehyZMfF+d+u5K3wBrACZOVlrMmg2m6aMS4nls
U7FtV29c3aTxJLikw6GNMKg+OnqP6OhuH/dGBr0dPRxQ5hTfGNfPNb5nUrkNR29g
iTUmzxxjE27AITt2J4JcGuog9qwJ9in+BRHgmMH4izdjiYH09I5tSRwpSKYpH3/O
cwbN0tIgTjVbE6RUjx47VY7ODaGh9wE58crU405mt6eS7n7vCbgruQIoa3iKba83
mRFyt1taKh/RHcImPYgKLP24EeYkHMwFtvb6UiBNDb4GMmGqsJl6Yeq8lTdnbyvr
rl9rubpl0RQAZER1e9lPK6tw62/1HvGmD1XM3kHN3mPIghH0VOMyQ7YKQyBatJFn
Z7g2YirLiiaOtnB1PW/I1M8v0wKPjTjYd4rKrimWZtuRECrZMheyeFLggfTKc2N7
BpxRoMzxkfS+Nr3XsNFEOtk5Y/WYtQbNlzJsGo063rb1VAmK3jRmamSYoARxksOJ
hu6EcPgJym0nFUGyICn5QYK9VWq+ZnAAwj0nBO6tSdad72DI+js1l78Oigw9ZL7h
adM5rUmvLv44Z+itm9ibLQz6AgCLoVuEd0fuHIklj9RMDr6f04oKw0a7a4vr5jKl
znUvLL8zy7yRdAWvPfNnDl/T0/W/19N329NbElTgd/Gd9n4dhA8=
=R30d
-----END PGP SIGNATURE-----

--- End Message ---