[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#736168: marked as done (pu: package samhain/2.8.3a-1)



Your message dated Tue, 21 Jan 2014 23:17:05 +0000
with message-id <E1W5kZ7-0002mG-Ho@franck.debian.org>
and subject line Bug#736168: fixed in samhain 2.8.3a-1+deb7u1
has caused the Debian Bug report #736168,
regarding pu: package samhain/2.8.3a-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
736168: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736168
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

Dear Release Managers,

I have recently updated Samhain in sid and have fixed some important bugs.  As
requested by DSA, since samhain is used in many project machines, I would like
to make an upload to the wheezy release including some of these fixes.

Most relevant bugs that would be fixed by this upload are:

 Bugs associated with the use of dnmalloc in different architectures:

 - #733875 broken on s390x 
 - #657307 does not reap children (in armhf hosts)
 - #533860 samhain: frequent segfaults on lenny alpha

 Miscellaneous bugs which can be easily fixed in stable too:

 - #689902 Ships a folder in /var/run 
 - #709753 mail reports with default config fail almost silently


The full diff is attached, it is hopefully self-explanatory. Please don't
hesitate to ask, should you need any additional information.


-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 3.11-2-686-pae (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog
index 0d18487..71faf11 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,27 @@
+samhain (2.8.3a-2) stable; urgency=medium
+
+  [ Backport fixes from unstable version to fix serious/important bugs ]
+  * debian/rules:
+      - Disable dnmalloc for all architectures expect those known to work. It
+        seems to be the source of problems and segfaults in many different
+        architectures (Closes: #533860, #657307)
+      - Disable dnmalloc for s390x, as it is done for s390 already 
+        (Closes: #733875)
+  * Fix use of /var/run/samhain, which is created by the init.d script since
+    version 2.6.2-1:
+        - Remove the /var/run/samhain directory when the package is purged
+        - Do not ship /var/run/samhain in the package file
+    Thanks go to Thomas Goirand for spotting this issue and providing a
+    patch, which I used as a basis for the above changes
+    (Closes: #689902)
+  * Default samhainrc now uses SetMailAddress=root, SetMailRelay=localhost
+    since there have been reports of the previous confguration
+    (SetMailAddress=root@localhost, SetMailRelay=NULL) not working since
+    samhain tries to retrieve an MX record for 'localhost' from the DNS
+    (Closes: 709754)
+
+ -- Javier Fernández-Sanguino Peña <jfs@debian.org>  Sun, 19 Jan 2014 11:53:32 +0100
+
 samhain (2.8.3a-1) unstable; urgency=low
 
   * New upstream release (Closes: #602678)
diff --git a/debian/postrm b/debian/postrm
index 51bbc12..c189cb5 100644
--- a/debian/postrm
+++ b/debian/postrm
@@ -7,7 +7,7 @@ set -e
 
 case "$1" in
 	purge)
-		for dir in /var/log/samhain/supervise /var/log/samhain /var/state/samhain
+		for dir in /var/log/samhain/supervise /var/log/samhain /var/state/samhain /var/run/samhain
 		do
 			[ -d "$dir" ] &&  {
 			 	find $dir -type f -exec rm -f {} \;
diff --git a/debian/rules b/debian/rules
index 083f6a9..a1a868a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,17 +11,27 @@
 # This is the debhelper compatability version to use.
 # export DH_COMPAT=5
 
+# Disable dnmalloc for most architectures except for
+# those known to work (i386 and amd64).
+# For more information see:
+# http://www.la-samhna.de/samhain/manual/dnmalloc.html
 ifeq (linux,$(DEB_HOST_ARCH_OS))
-ifeq (ia64,$(DEB_HOST_ARCH))
-DNMALLOC = --disable-dnmalloc
-else ifeq (s390,$(DEB_HOST_ARCH))
+ifeq (amd64,$(DEB_HOST_ARCH))
+DNMALLOC = --enable-dnmalloc
+else ifeq (i386,$(DEB_HOST_ARCH))
+DNMALLOC = --enable-dnmalloc
+else
 DNMALLOC = --disable-dnmalloc
+endif
 else
+ifeq (amd64,$(DEB_HOST_ARCH))
+DNMALLOC = --enable-dnmalloc
+else ifeq (i386,$(DEB_HOST_ARCH))
 DNMALLOC = --enable-dnmalloc
-endif
 else
 DNMALLOC = --disable-dnmalloc
 endif
+endif
 
 build: build-stamp
 build-stamp:
@@ -100,6 +110,8 @@ binary-arch: build install
 	dh_installchangelogs docs/Changelog
 	dh_link
 	dh_strip
+	# Remove /var/run/samhain from the package, it is created by the init script
+	-rm -rf `pwd`/debian/samhain/var/run/samhain
 	dh_compress
 	dh_fixperms
 	dh_installdeb
diff --git a/debian/samhainrc b/debian/samhainrc
index 01724f4..992caac 100644
--- a/debian/samhainrc
+++ b/debian/samhainrc
@@ -591,11 +591,12 @@ SetMailNum = 10
 
 ## Recipient (max. 8)
 #
-SetMailAddress=root@localhost
+#SetMailAddress=root@localhost
+SetMailAddress=root
 
 ## Mail relay (IP address)
 #
-# SetMailRelay = NULL
+SetMailRelay = localhost
 
 ## Custom subject format
 #
diff --git a/sql_init/samhain.mysql.init~ b/sql_init/samhain.mysql.init~
deleted file mode 100644
index e6eb065..0000000
--- a/sql_init/samhain.mysql.init~
+++ /dev/null
@@ -1,95 +0,0 @@
-CREATE DATABASE samhain;
-USE mysql;
-INSERT INTO db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('localhost','samhain','','N','Y','N','N','N','N');
-USE samhain;
-CREATE TABLE    samhain.log (
-	log_index BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
-	log_ref   BIGINT UNSIGNED NULL,
-	log_host  VARCHAR(64)   NOT NULL DEFAULT "localhost",
-	INDEX ix_log_host (log_host),
-	log_time  DATETIME      NOT NULL,
-	log_sev   ENUM("DEBG","INFO","NOTE","WARN","MARK","ERRO","CRIT","ALRT","RCVT")       NOT NULL,
-	log_msg   BLOB,
-
-	log_hash  VARCHAR(32) NOT NULL,
-	KEY ix_hash (log_hash),
-
-	entry_status  VARCHAR(16) NOT NULL DEFAULT "NEW",
-	INDEX ix_entry_status (entry_status),
-
-  	path          BLOB,         
-  	userid        VARCHAR(8),
-  	grp           VARCHAR(8),
-  	program       VARCHAR(8),
-  	subroutine    VARCHAR(16),
-  	status        VARCHAR(12),
-  	hash          VARCHAR(50),
-  	path_data     BLOB,         
-  	hash_data     VARCHAR(50),
-  	key_uid       VARCHAR(64),
-  	key_uid_data  VARCHAR(64),
-  	key_id        VARCHAR(16),
-  	module        VARCHAR(8),
-  	return_code   INTEGER,
-  	syscall       VARCHAR(16),
-  	ip            VARCHAR(16),
-  	tty           VARCHAR(16),
-        peer          VARCHAR(64),
-	fromhost      VARCHAR(64),
-        obj           BLOB,
-        interface     VARCHAR(64),
-        time          VARCHAR(64),
-        dir           BLOB,
-        linked_path   BLOB,
-	port          INTEGER,
-        service       VARCHAR(64),
-        facility      VARCHAR(32),
-        priority      VARCHAR(32),
-        syslog_msg    BLOB,
-
-        mode_old      VARCHAR(16),
-        mode_new      VARCHAR(16),
-	attr_old      VARCHAR(16),
-	attr_new      VARCHAR(16),
-
-        device_old    VARCHAR(16),
-        device_new    VARCHAR(16),
-        owner_old     VARCHAR(9),
-        owner_new     VARCHAR(9),
-        group_old     VARCHAR(9),
-        group_new     VARCHAR(9),
-        ctime_old     DATETIME,
-        ctime_new     DATETIME,
-        atime_old     DATETIME,
-        atime_new     DATETIME,
-        mtime_old     DATETIME,
-        mtime_new     DATETIME,
-        chksum_old    VARCHAR(50),
-        chksum_new    VARCHAR(50),
-        link_old      BLOB,
-        link_new      BLOB,
-	
-        size_old      BIGINT,
-        size_new      BIGINT,
-        hardlinks_old BIGINT,
-        hardlinks_new BIGINT,
-        inode_old     BIGINT,
-        inode_new     BIGINT,
-
-	imode_old     BIGINT,
-	imode_new     BIGINT,
-	iattr_old     BIGINT,
-	iattr_new     BIGINT,
-	idevice_old   BIGINT,
-	idevice_new   BIGINT,
-	iowner_old    BIGINT,
-	iowner_new    BIGINT,
-	igroup_old    BIGINT,
-	igroup_new    BIGINT,
-	
-
-        acl_old       BLOB,
-        acl_new       BLOB
-                 
-        );
-	
diff --git a/sql_init/samhain.oracle.init~ b/sql_init/samhain.oracle.init~
deleted file mode 100644
index ebd7e3f..0000000
--- a/sql_init/samhain.oracle.init~
+++ /dev/null
@@ -1,93 +0,0 @@
-CREATE SEQUENCE log_log_index_seq START WITH 1;
-CREATE TABLE log (
-        log_index INTEGER NOT NULL,
-        log_ref   NUMBER(20) NULL,
-        log_host  VARCHAR2(64)   DEFAULT 'localhost' NOT NULL,
-        log_time  DATE          NOT NULL,
-        log_sev   VARCHAR2(4)    NOT NULL,
-        log_msg   VARCHAR2(4000),
-        log_hash  VARCHAR2(32),
-        entry_status  VARCHAR2(16) DEFAULT 'NEW' NOT NULL,
-        path          CLOB,         
-        userid        VARCHAR2(8),
-        grp           VARCHAR2(8),
-        program       VARCHAR2(8),
-        subroutine    VARCHAR2(16),
-        status        VARCHAR2(12),
-        hash          VARCHAR2(50),
-        path_data     VARCHAR2(4000),
-        hash_data     VARCHAR2(50),
-        key_uid       VARCHAR2(64),
-        key_uid_data  VARCHAR2(64),
-        key_id        VARCHAR2(16),
-        module        VARCHAR2(8),
-        return_code   INTEGER,
-        syscall       VARCHAR2(16),
-        ip            VARCHAR2(16),
-        tty           VARCHAR2(16),
-        peer          VARCHAR2(64),
-        fromhost      VARCHAR2(64),
-        obj           VARCHAR2(128),
-        interface     VARCHAR2(64),
-        time          VARCHAR2(64),
-        dir           CLOB,
-        linked_path   CLOB,
-        port          INTEGER,
-        service       VARCHAR2(64),
-        facility      VARCHAR2(32),
-        priority      VARCHAR2(32),
-        syslog_msg    VARCHAR2(4000),
-        mode_old      VARCHAR2(16),
-        mode_new      VARCHAR2(16),
-        attr_old      VARCHAR2(16),
-        attr_new      VARCHAR2(16),
-        device_old    VARCHAR2(16),
-        device_new    VARCHAR2(16),
-        owner_old     VARCHAR2(9),
-        owner_new     VARCHAR2(9),
-        group_old     VARCHAR2(9),
-        group_new     VARCHAR2(9),
-        ctime_old     VARCHAR2(25),
-        ctime_new     VARCHAR2(25),
-        atime_old     VARCHAR2(25),
-        atime_new     VARCHAR2(25),
-        mtime_old     VARCHAR2(25),
-        mtime_new     VARCHAR2(25),
-        chksum_old    VARCHAR2(50),
-        chksum_new    VARCHAR2(50),
-        link_old      CLOB,
-        link_new      CLOB,
-        size_old      NUMBER(20),
-        size_new      NUMBER(20),
-        hardlinks_old NUMBER(20),
-        hardlinks_new NUMBER(20),
-        inode_old     NUMBER(20),
-        inode_new     NUMBER(20),
-        imode_old     NUMBER(20),
-        imode_new     NUMBER(20),
-        iattr_old     NUMBER(20),
-        iattr_new     NUMBER(20),
-        idevice_old   NUMBER(20),
-        idevice_new   NUMBER(20),
-        iowner_old    NUMBER(20),
-        iowner_new    NUMBER(20),
-        igroup_old    NUMBER(20),
-        igroup_new    NUMBER(20),
-        acl_old       VARCHAR2(4000),
-        acl_new       VARCHAR2(4000)
-        );
-
-CREATE UNIQUE INDEX log_log_index_key on log (log_index);
-
-CREATE INDEX ix_hash ON log (log_hash);
-
-CREATE INDEX ix_log_host  ON log (log_host);
-CREATE INDEX ix_log_ref   ON log (log_ref);
-CREATE INDEX ix_entry_status ON log (entry_status);
-
-GRANT INSERT ON log TO samhain;
-GRANT ALTER ON log_log_index_seq TO samhain;
-GRANT SELECT ON log_log_index_seq TO samhain;
-
-
-
diff --git a/sql_init/samhain.postgres.init~ b/sql_init/samhain.postgres.init~
deleted file mode 100644
index e5edb25..0000000
--- a/sql_init/samhain.postgres.init~
+++ /dev/null
@@ -1,98 +0,0 @@
-CREATE SEQUENCE log_log_index_seq START 1;
-CREATE TABLE    log (
-	log_index INTEGER NOT NULL,
-	log_ref   BIGINT NULL,
-	log_host  VARCHAR(64)   NOT NULL DEFAULT 'localhost',
-	log_time  TIMESTAMP     NOT NULL,
-	log_sev   VARCHAR(4)    NOT NULL,
-	log_msg   TEXT,
-
-	log_hash  VARCHAR(32),
-
-	entry_status  VARCHAR(16) NOT NULL DEFAULT 'NEW',
-
-  	path          TEXT,         
-  	userid        VARCHAR(8),
-  	grp           VARCHAR(8),
-  	program       VARCHAR(8),
-  	subroutine    VARCHAR(16),
-  	status        VARCHAR(12),
-  	hash          VARCHAR(50),
-  	path_data     TEXT,         
-  	hash_data     VARCHAR(50),
-  	key_uid       VARCHAR(64),
-  	key_uid_data  VARCHAR(64),
-  	key_id        VARCHAR(16),
-  	module        VARCHAR(8),
-  	return_code   INTEGER,
-  	syscall       VARCHAR(16),
-  	ip            VARCHAR(16),
-  	tty           VARCHAR(16),
-        peer          VARCHAR(64),
-        fromhost      VARCHAR(64),
-        obj           TEXT,
-        interface     VARCHAR(64),
-        time          VARCHAR(64),
-        dir           TEXT,
-        linked_path   TEXT,
-	port          INTEGER,
-        service       VARCHAR(64),
-        facility      VARCHAR(32),
-        priority      VARCHAR(32),
-        syslog_msg    TEXT,
-
-        mode_old      VARCHAR(16),
-        mode_new      VARCHAR(16),
-        attr_old      VARCHAR(16),
-        attr_new      VARCHAR(16),
-
-        device_old    VARCHAR(16),
-        device_new    VARCHAR(16),
-        owner_old     VARCHAR(9),
-        owner_new     VARCHAR(9),
-        group_old     VARCHAR(9),
-        group_new     VARCHAR(9),
-        ctime_old     TIMESTAMP,
-        ctime_new     TIMESTAMP,
-        atime_old     TIMESTAMP,
-        atime_new     TIMESTAMP,
-        mtime_old     TIMESTAMP,
-        mtime_new     TIMESTAMP,
-        chksum_old    VARCHAR(50),
-        chksum_new    VARCHAR(50),
-        link_old      TEXT,
-        link_new      TEXT,
-	
-        size_old      BIGINT,
-        size_new      BIGINT,
-        hardlinks_old BIGINT,
-        hardlinks_new BIGINT,
-        inode_old     BIGINT,
-        inode_new     BIGINT,
-
-	imode_old     BIGINT,
-	imode_new     BIGINT,
-	iattr_old     BIGINT,
-	iattr_new     BIGINT,
-	idevice_old   BIGINT,
-	idevice_new   BIGINT,
-	iowner_old    BIGINT,
-	iowner_new    BIGINT,
-	igroup_old    BIGINT,
-	igroup_new    BIGINT,
-                 
-        acl_old       TEXT,
-        acl_new       TEXT
-        );
-
-
-CREATE UNIQUE INDEX log_log_index_key on log (log_index);
-CREATE INDEX ix_hash ON log (log_hash);
-
-CREATE INDEX ix_log_host  ON log (log_host);
-CREATE INDEX ix_entry_status ON log (entry_status);
-
-GRANT INSERT ON log TO samhain;
-GRANT UPDATE ON log_log_index_seq TO samhain;
-GRANT SELECT ON log_log_index_seq TO samhain;
-

--- End Message ---
--- Begin Message ---
Source: samhain
Source-Version: 2.8.3a-1+deb7u1

We believe that the bug you reported is fixed in the latest version of
samhain, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 736168@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernández-Sanguino Peña <jfs@debian.org> (supplier of updated samhain package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 19 Jan 2014 11:53:32 +0100
Source: samhain
Binary: samhain
Architecture: source i386
Version: 2.8.3a-1+deb7u1
Distribution: stable
Urgency: medium
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Changed-By: Javier Fernández-Sanguino Peña <jfs@debian.org>
Description: 
 samhain    - Data integrity and host intrusion alert system
Closes: 533860 657307 689902 709753 733875 736168
Changes: 
 samhain (2.8.3a-1+deb7u1) stable; urgency=medium
 .
   * Backport fixes from unstable version to fix serious/important bugs
     with approval from the Release Managers (Closes: #736168)
   * debian/rules:
       - Disable dnmalloc for all architectures expect those known to work. It
         seems to be the source of problems and segfaults in many different
         architectures (Closes: #533860, #657307)
       - Disable dnmalloc for s390x, as it is done for s390 already
         (Closes: #733875)
   * Fix use of /var/run/samhain, which is created by the init.d script since
     version 2.6.2-1:
         - Remove the /var/run/samhain directory when the package is purged
         - Do not ship /var/run/samhain in the package file
     Thanks go to Thomas Goirand for spotting this issue and providing a
     patch, which I used as a basis for the above changes
     (Closes: #689902)
   * Default samhainrc now uses SetMailAddress=root@localhost,
     SetMailRelay=localhost since there have been reports of the previous
     configuration (SetMailAddress=root@localhost, SetMailRelay=NULL) not
     working since samhain tries to retrieve an MX record for 'localhost' from
     the DNS.  This ensures that integrity reports are sent to the correct
     location (i.e. root) when installated and using default configuration.
     (Closes: #709753)
   * Remove the following cruft files from the source:
     sql_init/samhain.mysql.init~, sql_init/samhain.oracle.init~, and
     sql_init/samhain.postgres.init~
Checksums-Sha1: 
 4a7b76e409534413404f561ef74614165d02283b 1148 samhain_2.8.3a-1+deb7u1.dsc
 7e6db974ac01f15eb3d15906b60e331e3e49740e 53669 samhain_2.8.3a-1+deb7u1.diff.gz
 dbed3210a2b310f2bf8de65d5da01f6bb266278a 1167782 samhain_2.8.3a-1+deb7u1_i386.deb
Checksums-Sha256: 
 bcf2c8a3918b1276158eb65e00062282816e90659f9d9f501ff615f993ef50aa 1148 samhain_2.8.3a-1+deb7u1.dsc
 4d916dcb240b6b50b039bf5cb3f8991b5ae07efe77b15f49836bbeb7dc5448b9 53669 samhain_2.8.3a-1+deb7u1.diff.gz
 e808729311f044584f2db1f4a114a09d042d3faead84e946f899a885dac1c9b3 1167782 samhain_2.8.3a-1+deb7u1_i386.deb
Files: 
 dd57421903f0f9f58eccdeeb16105596 1148 admin optional samhain_2.8.3a-1+deb7u1.dsc
 5f17f18220831fba81fafa6ef90753f7 53669 admin optional samhain_2.8.3a-1+deb7u1.diff.gz
 805b582f164f12041459726c88988032 1167782 admin optional samhain_2.8.3a-1+deb7u1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iD8DBQFS3uHZsandgtyBSwkRAmw6AJ0c1GZFc9cnP5ZwNw7iFIoRDhG6JQCfTKa2
YsBBVG6DByPCweAx4hFtuMc=
=ONwD
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: