Bug#986908: unblock: snort 2.9.15.1-5
Control: tags -1 - moreinfo
Hi there,
Am 22.04.21 um 11:03 schrieb Javier Fernandez-Sanguino:
On Mon, 19 Apr 2021 at 23:24, Chris Hofstaedtler <zeha@debian.org
<mailto:zeha@debian.org>> wrote:
> $ debdiff snort_2.9.15.1-4_i386.deb snort_2.9.15.1-5_i386.deb
[..]
The debdiff does not seem to show any actual packaging changes. Are
you sure you diffed the correct files?
Apologies, I sent a debdiff of the binary packages. I will send a
debdiff of the source packages soon.
here is the debdiff between 2.9.15.1-4 and 2.9.15.1-5.
Cheers, Jan.
--
Never write mail to <waja@spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M+ V- PS
PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
------END GEEK CODE BLOCK------
diff -Nru snort-2.9.15.1/debian/changelog snort-2.9.15.1/debian/changelog
--- snort-2.9.15.1/debian/changelog 2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/changelog 2021-04-10 22:55:04.000000000 +0200
@@ -1,3 +1,30 @@
+snort (2.9.15.1-5) unstable; urgency=medium
+
+ * debian/snort-common.{preinst,postinst,postrm}:
+ - Handle using dpkg-maintscript-helper mv_conffile the relocation
+ of the cronjob /etc/cron.daily/5snort to /etc/cron.daily/snort-common
+ instead of moving it manually to prevent dpkg from prompting the
+ user upon upgrades from older snort version. Thank you
+ Chris Hofstaedtler for the tip (Closes: #984614)
+ * debian/control: Add Pre-Depends: dpkg (>= 1.17.14) as we
+ are now using dpkg-maintscript-helper
+ * debian/snort-common.{postrm,preinst},
+ debian/snort.{postinst,postrm,preinst,prerm}:
+ Add DEBIAN_SCRIPT_DEBUG to all maintainer scripts
+ * debian/snort.logrotate: Correct name of the alert files (snort.alert
+ and not 'alert') this error prevented files from being properly
+ logrotated
+ * configure.in: Added patch to check if rpc/rpc.h is required and is
+ provided by libtirpc-dev to warn Ubuntu users that libtirpc-dev is
+ required.
+ Note: not added libtirpc-dev to Build-Depends as Debian's glibc6-dev
+ includes the RPC headers (LP: #1906572)
+ * debian/patches/decoding_do_not_assume_ipv4: Add patch provided by Hugh
+ Davenport to not assume that all raw packets are IPv4 packets.
+ (Closes: 633066)
+
+ -- Javier Fernández-Sanguino Peña <jfs@debian.org> Sat, 10 Apr 2021 22:55:04 +0200
+
snort (2.9.15.1-4) unstable; urgency=high
* debian/snort.docs, debian/snort-doc.docs debian/rules: Add README.csv and
@@ -21,6 +48,9 @@
* debian/rules, debian/snort-common-libraries.dirs, debian/patches/config:
Do not use multi-arch directories for the Snort libraries, instead, locate all
of the compiled under libraries /usr/lib/snort (Closes: #962275)
+ This fixes the error "FATAL ERROR: /etc/snort/snort.conf(271) Could not stat
+ dynamic module path "/usr/lib/i386-linux-gnu/snort_dynamicpreprocessor/": No
+ such file or directory" (LP: #1901466, #1902405, #1905164)
* debian/rules: Drop configure options which are not anymore relevant
* debian/po:
- Update Dutch translation, thanks to Frans Spiesschaert (Closes: #961214)
@@ -101,7 +131,8 @@
(LP: #1570517, #1484733, #1398969, #1310182, #1273021, #1231833)
(LP: #1222754, #1215408, #1207981, #1207237, #1181514, #1175892)
(LP: #1175264, #1161358, #1158169, #1116013, #1065121, #1064478)
- (LP: #1061459, #1031917)
+ (LP: #1061459, #1031917, #1905137, #1897344, #1896849, #1882601)
+ (LP: #1881141, #1877638)
- Add also debugging messages as, based on the number of reports in
Ubuntu, there seems to be many cases where the users install the
package (with high debconf priority) and the proper network interface
diff -Nru snort-2.9.15.1/debian/control snort-2.9.15.1/debian/control
--- snort-2.9.15.1/debian/control 2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/control 2021-04-10 22:55:04.000000000 +0200
@@ -65,7 +65,7 @@
Package: snort-common
Architecture: all
-Pre-Depends: adduser (>= 3.11), ${misc:Pre-Depends}
+Pre-Depends: adduser (>= 3.11), dpkg (>= 1.17.14), ${misc:Pre-Depends}
Depends:
perl,
debconf (>= 0.2.80) | debconf-2.0,
diff -Nru snort-2.9.15.1/debian/patches/decoding_do_not_assume_ipv4 snort-2.9.15.1/debian/patches/decoding_do_not_assume_ipv4
--- snort-2.9.15.1/debian/patches/decoding_do_not_assume_ipv4 1970-01-01 01:00:00.000000000 +0100
+++ snort-2.9.15.1/debian/patches/decoding_do_not_assume_ipv4 2021-04-10 22:55:04.000000000 +0200
@@ -0,0 +1,48 @@
+Description: Do not assume IPv4 packets when decoding
+ When using Snort on a interface without a link level layer, for example a
+ AIYIA tunnel for IPv6 through SixXs, then snort assumes that the packets will
+ be IPv4. I have a patch that adds a check on the IP version number in the
+ header, and if it is not an IPv4 packet, try decoding as IPv6.
+.
+ Without this patch, listening on such an interface, when IPv6 traffic is
+ seen will result in warning messages as below:
+ Not IPv4 datagram! ([ver: 0x6][len: 0x0])
+Author: Hugh Davenport <hugh@davenport.net.nz>
+Reviewed-by: Javier Fernandez-Sanguino <jfs@debian.org>
+Origin: vendor
+Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633066
+Forwarded: no
+Last-Update: 2020-12-06
+
+
+--- a/src/decode.c
++++ b/src/decode.c
+@@ -2063,7 +2063,7 @@
+ *
+ * Purpose: Decodes packets coming in raw on layer 2, like PPP. Coded and
+ * in by Jed Pickle (thanks Jed!) and modified for a few little tweaks
+- * by me.
++ * by me, and by Hugh Davenport.
+ *
+ * Arguments: p => pointer to decoded packet struct
+ * pkthdr => ptr to the packet header
+@@ -2084,9 +2084,17 @@
+ p->pkth = pkthdr;
+ p->pkt = pkt;
+
+- DEBUG_WRAP(DebugMessage(DEBUG_DECODE, "Raw IP4 Packet!\n"););
+
+- DecodeIP(pkt, p->pkth->caplen, p);
++ if (IP_VER((IPHdr *)pkt) == 4)
++ {
++ DEBUG_WRAP(DebugMessage(DEBUG_DECODE, "Raw IP4 Packet!\n"););
++ DecodeIP(pkt, p->pkth->caplen, p);
++ }
++ else
++ {
++ DEBUG_WRAP(DebugMessage(DEBUG_DECODE, "Raw IP6 Packet!\n"););
++ DecodeIPV6(pkt, p->pkth->caplen, p);
++ }
+
+ PREPROC_PROFILE_END(decodePerfStats);
+ return;
diff -Nru snort-2.9.15.1/debian/patches/fix_ftbfs_rpc snort-2.9.15.1/debian/patches/fix_ftbfs_rpc
--- snort-2.9.15.1/debian/patches/fix_ftbfs_rpc 1970-01-01 01:00:00.000000000 +0100
+++ snort-2.9.15.1/debian/patches/fix_ftbfs_rpc 2021-04-10 22:55:04.000000000 +0200
@@ -0,0 +1,78 @@
+Description: Fix detection of libtirpc for Debian-based systems
+Author: Javier Fernández-Sanguino Peña <jfs@debian.org>
+Origin: vendor
+Last-Update: 2020-12-06
+
+--- a/configure.in
++++ b/configure.in
+@@ -1037,13 +1037,69 @@
+ echo
+ echo " ERROR! tirpc not found, get it by running "
+ echo " yum install libtirpc-devel "
+- exit
++ exit 1
+ fi
+ LIBS="${LIBS} -ltirpc"
+ extra_incl="-I/usr/include/tirpc"
+ fi
+ fi
+
++###########################################################
++# Debian and Ubuntu do not have inbuilt SunRPC support #
++# in glibc 2.26 and later and is separately available #
++# in the libtirpc-dev package. #
++# Make sure we've got the library and link it #
++###########################################################
++
++if test -f /etc/os-release ; then
++ DISTRO_ID=$(cat /etc/os-release |grep ^ID | awk -F = '{print $2}')
++ DISTRO_LIKE=$(cat /etc/os-release |grep ^ID_LIKE | awk -F = '{print $2}')
++ # Only continue if /usr/include/rpc/rpc.h does not exist or it exist but it is not provided by libc6
++ if test -f /usr/include/rpc/rpc.h || dpkg -S /usr/include/rpc/rpc.h 2>&1 |grep ^libc6 >/dev/null; then
++ echo " Found RPC (provided by glibc, via libc6-dev package)"
++ else
++ if test $DISTRO_ID = "debian" || test $DISTRO_LIKE = "debian" ; then
++ TIRPC=""
++ AC_CHECK_LIB(tirpc,bindresvport,, TIRPC="no")
++ echo "$TIRPC"
++ if test "x$TIRPC" = "xno"; then
++ echo
++ echo " ERROR! tirpc not found, get it by running "
++ echo " apt install libtirpc-devel "
++ exit 1
++ fi
++ LIBS="${LIBS} -ltirpc"
++ extra_incl="-I/usr/include/tirpc"
++ fi
++ fi
++fi
++
++
++# Alternative code to providing switchable RPC implementation
++# from https://wiki.gentoo.org/wiki/Glibc_2.26_porting_notes/RPC_implementation
++#AC_ARG_WITH([libtirpc],
++# [AS_HELP_STRING([--with-libtirpc], [Use libtirpc as RPC implementation (instead of sunrpc)])])
++#
++#AS_IF([test "x$with_libtirpc" = xyes],
++# [PKG_CHECK_MODULES([TIRPC],
++# [libtirpc],
++# [RPC_CFLAGS=$TIRPC_CFLAGS; RPC_LIBS=$TIRPC_LIBS;],
++# [AC_MSG_ERROR([libtirpc requested, but library not found.])]
++# )],
++# [AC_CHECK_HEADER(rpc/rpc.h,
++# [RPC_CFLAGS=""; RPC_LIBS="";],
++# [AC_MSG_ERROR([sunrpc requested, but headers are not present.])]
++# )]
++#)
++#
++
++#AC_SUBST(RPC_CFLAGS)
++#AC_SUBST(RPC_LIBS)
++#
++# or
++# CFLAGS="$CFLAGS $RPC_CFLAGS"
++# LIBS="${LIBS} $RPC_LIBS"
++
+ Z_LIB=""
+ AC_CHECK_HEADERS(zlib.h,, Z_LIB="no")
+ if test "x$Z_LIB" = "xno"; then
diff -Nru snort-2.9.15.1/debian/patches/series snort-2.9.15.1/debian/patches/series
--- snort-2.9.15.1/debian/patches/series 2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/patches/series 2021-04-10 22:55:04.000000000 +0200
@@ -12,3 +12,5 @@
config_disabled_rules
documentation_debian
fix_compile_errors
+fix_ftbfs_rpc
+decoding_do_not_assume_ipv4
diff -Nru snort-2.9.15.1/debian/snort-common.postinst snort-2.9.15.1/debian/snort-common.postinst
--- snort-2.9.15.1/debian/snort-common.postinst 2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort-common.postinst 2021-04-10 22:55:04.000000000 +0200
@@ -36,4 +36,16 @@
#DEBHELPER#
+
+# rename probably existing cron job with old name using dpkg-maintscript-helper
+if dpkg-maintscript-helper supports mv_conffile; then
+ dpkg-maintscript-helper mv_conffile /etc/cron.daily/5snort /etc/cron.daily/snort-common 2.9.15.1-5~ snort-common -- "$@"
+fi
+# Handle old configuration file
+if dpkg-maintscript-helper supports rm_conffile; then
+ dpkg-maintscript-helper rm_conffile /etc/snort/database.conf 2.9.3~ snort-common -- "$@"
+fi
+
+
+
exit 0
diff -Nru snort-2.9.15.1/debian/snort-common.postrm snort-2.9.15.1/debian/snort-common.postrm
--- snort-2.9.15.1/debian/snort-common.postrm 2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort-common.postrm 2021-04-10 22:55:04.000000000 +0200
@@ -4,6 +4,7 @@
# see: dh_installdeb(1)
set -e
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
# summary of how this script can be called:
# * <postrm> `remove'
@@ -32,10 +33,25 @@
rm -f /etc/snort/database.conf
fi
;;
+ abort-install|abort-upgrade)
+ # if installation was aborted then revert the rename of the cron job using dpkg-maintscript-helper
+ if dpkg-maintscript-helper supports mv_conffile; then
+ dpkg-maintscript-helper mv_conffile \
+ /etc/cron.daily/5snort /etc/cron.daily/snort-common 2.9.15.1-5~ snort-common -- "$@"
+ fi
+ # Restore the old configuration file
+ if dpkg-maintscript-helper supports rm_conffile; then
+ dpkg-maintscript-helper rm_conffile /etc/snort/database.conf 2.9.3~ snort-common -- "$@"
+ fi
+ ;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade)
- # nothing
+ # nothing
+ ;;
esac
+
+
+
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
diff -Nru snort-2.9.15.1/debian/snort-common.preinst snort-2.9.15.1/debian/snort-common.preinst
--- snort-2.9.15.1/debian/snort-common.preinst 2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort-common.preinst 2021-04-10 22:55:04.000000000 +0200
@@ -1,6 +1,7 @@
#!/bin/sh
set -e
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
# summary of how this script can be called:
# * <new-preinst> `install'
@@ -28,12 +29,23 @@
# Remove the database configuration file it is exists and is empty
if [ -e "$DBCONF" ] && ! [ -s "$DBCONF" ]
then
+ if dpkg-maintscript-helper supports rm_conffile; then
+ dpkg-maintscript-helper rm_conffile $DBCONF 2.9.3~ snort-common -- "$@"
+ else
rm -f $DBCONF
+ fi
fi
# rename probably existing cron job with old name
- if [ -e /etc/cron.daily/5snort ]; then
- mv /etc/cron.daily/5snort /etc/cron.daily/snort-common
+ # try first to use dpkg-maintscript-helper
+ if dpkg-maintscript-helper supports mv_conffile; then
+ dpkg-maintscript-helper mv_conffile /etc/cron.daily/5snort /etc/cron.daily/snort-common 2.9.15.1-5~ snort-common -- "$@"
+ else
+ # Manually move the file, this will generate a dpkg prompt to
+ # approve the changes
+ if [ -e /etc/cron.daily/5snort ]; then
+ mv /etc/cron.daily/5snort /etc/cron.daily/snort-common
+ fi
fi
;;
diff -Nru snort-2.9.15.1/debian/snort.logrotate snort-2.9.15.1/debian/snort.logrotate
--- snort-2.9.15.1/debian/snort.logrotate 2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort.logrotate 2021-04-10 22:55:04.000000000 +0200
@@ -1,4 +1,4 @@
-/var/log/snort/alert /var/log/snort/alert.fast /var/log/snort/*log /var/log/snort/*/alert /var/log/snort/*/*log {
+/var/log/snort/snort.alert /var/log/snort/snort.alert.fast /var/log/snort/*log /var/log/snort/*/alert /var/log/snort/*/*log {
daily
rotate 7
compress
diff -Nru snort-2.9.15.1/debian/snort.postinst snort-2.9.15.1/debian/snort.postinst
--- snort-2.9.15.1/debian/snort.postinst 2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort.postinst 2021-04-10 22:55:04.000000000 +0200
@@ -1,5 +1,7 @@
#!/bin/sh -e
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
+
CONFIG=/etc/snort/snort.debian.conf
CONFIG_CHECKSUM=/var/lib/snort/snort.debian.conf.md5sum
# Create the checksum directory if it does not exist
diff -Nru snort-2.9.15.1/debian/snort.postrm snort-2.9.15.1/debian/snort.postrm
--- snort-2.9.15.1/debian/snort.postrm 2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort.postrm 2021-04-10 22:55:04.000000000 +0200
@@ -4,6 +4,7 @@
# see: dh_installdeb(1)
set -e
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
# summary of how this script can be called:
# * <postrm> `remove'
diff -Nru snort-2.9.15.1/debian/snort.preinst snort-2.9.15.1/debian/snort.preinst
--- snort-2.9.15.1/debian/snort.preinst 2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort.preinst 2021-04-10 22:55:04.000000000 +0200
@@ -1,8 +1,7 @@
#!/bin/sh
-test $DEBIAN_SCRIPT_DEBUG && set -v -x
-
set -e
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
# summary of how this script can be called:
# * <new-preinst> `install'
diff -Nru snort-2.9.15.1/debian/snort.prerm snort-2.9.15.1/debian/snort.prerm
--- snort-2.9.15.1/debian/snort.prerm 2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort.prerm 2021-04-10 22:55:04.000000000 +0200
@@ -4,6 +4,7 @@
# see: dh_installdeb(1)
set -e
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
# summary of how this script can be called:
# * <prerm> `remove'
Reply to: