Re: Please unfreeze snort 2.7.0-20

To: debian-release@lists.debian.org
Subject: Re: Please unfreeze snort 2.7.0-20
From: Adeodato Simó <dato@net.com.org.es>
Date: Wed, 5 Nov 2008 10:31:52 +0100
Message-id: <20081105093152.GD20304@chistera.yi.org>
Mail-followup-to: debian-release@lists.debian.org
In-reply-to: <20081105002740.GD1973@javifsp.no-ip.org>
References: <20081027205652.GA18651@javifsp.no-ip.org> <20081102113104.GB10279@chistera.yi.org> <20081105002740.GD1973@javifsp.no-ip.org>

* Javier Fernández-Sanguino Peña [Wed, 05 Nov 2008 01:27:40 +0100]:

> On Sun, Nov 02, 2008 at 12:31:04PM +0100, Adeodato Simó wrote:
> > * Javier Fernández-Sanguino Peña [Mon, 27 Oct 2008 21:56:52 +0100]:

> > Hello, Javier.

> > > Snort 2.7.0-20, recently uploaded to unstable, introduces a fix for a known
> > > security vulnerability (CVE-2008-1804). Please unfreeze this package so that
> > > the fix can move into Lenny.

> > The i386 binaries that were uploaded to t-p-u depended on the pcre3 on
> > unstable (they were built in an unstable system/chroot and not in a
> > testing one). They hence can't migrate to testing.

> I've recompiled and reuploaded new packages for t-p-u and sid fixing ths
> issues (pcre3 version in t-p-u and fixing binNMUability in both). Please
> review them.

Thanks for the upload. I've reviewed them, and I'll the version in t-p-u
once it's built for all arches.

Regarding the version in sid (2.7.0-22), this puzzles me a bit:

> +    - Make snort-rules-default.postrm run with 'set +e' and append '|| true' to
> +      rmdir calls so that the script does not abort if the directories are not
> +      empty.

> -set -e
> +set +e

This is incoherent: set +e precisely ignores errors, so the "|| true" is
not needed. set -e OTOH makes the script terminate of errors, hence the
"|| true" could be needed for commands that you know could potentially
fail.

However:

>         purge|disappear)
>                 if [ -d /etc/snort/rules ]; then
> -                       rmdir --ignore-fail-on-non-empty /etc/snort/rules
> +                       rmdir --ignore-fail-on-non-empty /etc/snort/rules || true
>                 fi
>                 if [ -d /etc/snort ]; then
> -                       rmdir --ignore-fail-on-non-empty /etc/snort
> +                       rmdir --ignore-fail-on-non-empty /etc/snort || true

If the objective of the "|| true" here is, as the changelog says, "not
abort if the directories are not empty", that is already guaranteed by
the --ignore-fail-on-non-empty flag, so the "|| true" is redundant here.

HTH,

-- 
Adeodato Simó                                     dato at net.com.org.es
Debian Developer                                  adeodato at debian.org
 
«Ara que ets la meva dona, te la fotré fins a la melsa, bacona!»
                -- Terenci Moix, “Chulas y famosas”

Reply to:

References:
- Re: Please unfreeze snort 2.7.0-20
  - From: Adeodato Simó <dato@net.com.org.es>
- Re: Please unfreeze snort 2.7.0-20
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Re: approval for planned upload of postfwd 1.10pre7c-3
Next by Date: Please unblock ssmtp-2.26-2.1
Previous by thread: Re: Please unfreeze snort 2.7.0-20
Next by thread: Re: Freeze exception for csound
Index(es):
- Date
- Thread