[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#986908: unblock: snort 2.9.15.1-5



Control: tags -1 - moreinfo

Hi there,

Am 22.04.21 um 11:03 schrieb Javier Fernandez-Sanguino:

On Mon, 19 Apr 2021 at 23:24, Chris Hofstaedtler <zeha@debian.org <mailto:zeha@debian.org>> wrote:

     > $ debdiff snort_2.9.15.1-4_i386.deb snort_2.9.15.1-5_i386.deb
    [..]

    The debdiff does not seem to show any actual packaging changes. Are
    you sure you diffed the correct files?


Apologies, I sent a debdiff of the binary packages. I will send a debdiff of the source packages soon.

here is the debdiff between 2.9.15.1-4 and 2.9.15.1-5.

Cheers, Jan.
--
Never write mail to <waja@spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M+ V- PS PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
------END GEEK CODE BLOCK------
diff -Nru snort-2.9.15.1/debian/changelog snort-2.9.15.1/debian/changelog
--- snort-2.9.15.1/debian/changelog	2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/changelog	2021-04-10 22:55:04.000000000 +0200
@@ -1,3 +1,30 @@
+snort (2.9.15.1-5) unstable; urgency=medium
+
+  * debian/snort-common.{preinst,postinst,postrm}:
+    - Handle using dpkg-maintscript-helper mv_conffile the relocation
+      of the cronjob /etc/cron.daily/5snort to /etc/cron.daily/snort-common
+      instead of moving it manually to prevent dpkg from prompting the
+      user upon upgrades from older snort version. Thank you
+      Chris Hofstaedtler for the tip (Closes: #984614)
+  * debian/control: Add  Pre-Depends: dpkg (>= 1.17.14) as we
+    are now using dpkg-maintscript-helper
+  * debian/snort-common.{postrm,preinst},
+    debian/snort.{postinst,postrm,preinst,prerm}:
+    Add DEBIAN_SCRIPT_DEBUG to all maintainer scripts
+  * debian/snort.logrotate: Correct name of the alert files (snort.alert
+    and not 'alert') this error prevented files from being properly
+    logrotated
+  * configure.in: Added patch to check if rpc/rpc.h is required and is 
+    provided by libtirpc-dev to warn Ubuntu users that libtirpc-dev is 
+    required. 
+    Note: not added libtirpc-dev to Build-Depends as Debian's glibc6-dev
+    includes the RPC headers (LP: #1906572)
+  * debian/patches/decoding_do_not_assume_ipv4: Add patch provided by Hugh
+    Davenport to not assume that all raw packets are IPv4 packets.
+    (Closes: 633066)
+
+ -- Javier Fernández-Sanguino Peña <jfs@debian.org>  Sat, 10 Apr 2021 22:55:04 +0200
+
 snort (2.9.15.1-4) unstable; urgency=high
 
   * debian/snort.docs, debian/snort-doc.docs debian/rules: Add README.csv and
@@ -21,6 +48,9 @@
   * debian/rules, debian/snort-common-libraries.dirs, debian/patches/config:
   Do not use multi-arch directories for the Snort libraries, instead, locate all
   of the compiled under libraries /usr/lib/snort  (Closes: #962275)
+  This fixes the error "FATAL ERROR: /etc/snort/snort.conf(271) Could not stat
+  dynamic module path "/usr/lib/i386-linux-gnu/snort_dynamicpreprocessor/": No
+  such file or directory" (LP: #1901466, #1902405, #1905164)
   * debian/rules: Drop configure options which are not anymore relevant
   * debian/po: 
     - Update Dutch translation, thanks to Frans Spiesschaert (Closes: #961214)
@@ -101,7 +131,8 @@
         (LP: #1570517, #1484733, #1398969, #1310182, #1273021, #1231833)
         (LP: #1222754, #1215408, #1207981, #1207237, #1181514, #1175892)
         (LP: #1175264, #1161358, #1158169, #1116013, #1065121, #1064478)
-        (LP: #1061459, #1031917)
+        (LP: #1061459, #1031917, #1905137, #1897344, #1896849, #1882601)
+        (LP: #1881141, #1877638)
       - Add also debugging messages as, based on the number of reports in
         Ubuntu, there seems to be many cases where the users install the
         package (with high debconf priority) and the proper network interface
diff -Nru snort-2.9.15.1/debian/control snort-2.9.15.1/debian/control
--- snort-2.9.15.1/debian/control	2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/control	2021-04-10 22:55:04.000000000 +0200
@@ -65,7 +65,7 @@
 
 Package: snort-common
 Architecture: all
-Pre-Depends: adduser (>= 3.11), ${misc:Pre-Depends}
+Pre-Depends: adduser (>= 3.11), dpkg (>= 1.17.14), ${misc:Pre-Depends}
 Depends: 
     perl, 
     debconf (>= 0.2.80) | debconf-2.0,
diff -Nru snort-2.9.15.1/debian/patches/decoding_do_not_assume_ipv4 snort-2.9.15.1/debian/patches/decoding_do_not_assume_ipv4
--- snort-2.9.15.1/debian/patches/decoding_do_not_assume_ipv4	1970-01-01 01:00:00.000000000 +0100
+++ snort-2.9.15.1/debian/patches/decoding_do_not_assume_ipv4	2021-04-10 22:55:04.000000000 +0200
@@ -0,0 +1,48 @@
+Description: Do not assume IPv4 packets when decoding
+ When using Snort on a interface without a link level layer, for example a
+ AIYIA tunnel for IPv6 through SixXs, then snort assumes that the packets will
+ be IPv4. I have a patch that adds a check on the IP version number in the
+ header, and if it is not an IPv4 packet, try decoding as IPv6.
+.
+ Without this patch, listening on such an interface, when IPv6 traffic is
+ seen will result in warning messages as below:
+ Not IPv4 datagram! ([ver: 0x6][len: 0x0])
+Author: Hugh Davenport <hugh@davenport.net.nz>
+Reviewed-by: Javier Fernandez-Sanguino <jfs@debian.org>
+Origin: vendor
+Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633066
+Forwarded: no
+Last-Update: 2020-12-06
+
+
+--- a/src/decode.c
++++ b/src/decode.c
+@@ -2063,7 +2063,7 @@
+  *
+  * Purpose: Decodes packets coming in raw on layer 2, like PPP.  Coded and
+  *          in by Jed Pickle (thanks Jed!) and modified for a few little tweaks
+- *          by me.
++ *          by me, and by Hugh Davenport.
+  *
+  * Arguments: p => pointer to decoded packet struct
+  *            pkthdr => ptr to the packet header
+@@ -2084,9 +2084,17 @@
+     p->pkth = pkthdr;
+     p->pkt = pkt;
+ 
+-    DEBUG_WRAP(DebugMessage(DEBUG_DECODE, "Raw IP4 Packet!\n"););
+ 
+-    DecodeIP(pkt, p->pkth->caplen, p);
++    if (IP_VER((IPHdr *)pkt) == 4) 
++    {
++        DEBUG_WRAP(DebugMessage(DEBUG_DECODE, "Raw IP4 Packet!\n"););
++        DecodeIP(pkt, p->pkth->caplen, p);
++    } 
++    else
++    {
++        DEBUG_WRAP(DebugMessage(DEBUG_DECODE, "Raw IP6 Packet!\n"););
++        DecodeIPV6(pkt, p->pkth->caplen, p);
++    }
+ 
+     PREPROC_PROFILE_END(decodePerfStats);
+     return;
diff -Nru snort-2.9.15.1/debian/patches/fix_ftbfs_rpc snort-2.9.15.1/debian/patches/fix_ftbfs_rpc
--- snort-2.9.15.1/debian/patches/fix_ftbfs_rpc	1970-01-01 01:00:00.000000000 +0100
+++ snort-2.9.15.1/debian/patches/fix_ftbfs_rpc	2021-04-10 22:55:04.000000000 +0200
@@ -0,0 +1,78 @@
+Description: Fix detection of libtirpc for Debian-based systems
+Author: Javier Fernández-Sanguino Peña <jfs@debian.org>
+Origin: vendor
+Last-Update: 2020-12-06
+
+--- a/configure.in
++++ b/configure.in
+@@ -1037,13 +1037,69 @@
+             echo
+             echo " ERROR! tirpc not found, get it by running "
+             echo " yum install libtirpc-devel "
+-            exit
++            exit 1
+         fi
+         LIBS="${LIBS} -ltirpc"
+         extra_incl="-I/usr/include/tirpc"
+     fi
+ fi
+ 
++###########################################################
++# Debian and Ubuntu do not have inbuilt SunRPC support    #
++# in glibc 2.26 and later and is separately available     #
++# in the libtirpc-dev package.                            #
++# Make sure we've got the library and link it             #
++###########################################################
++
++if test -f /etc/os-release ; then
++    DISTRO_ID=$(cat /etc/os-release |grep ^ID | awk -F = '{print $2}')
++    DISTRO_LIKE=$(cat /etc/os-release |grep ^ID_LIKE | awk -F = '{print $2}')
++    # Only continue if /usr/include/rpc/rpc.h does not exist or it exist but it is not provided by libc6
++    if test -f /usr/include/rpc/rpc.h ||  dpkg -S /usr/include/rpc/rpc.h 2>&1 |grep ^libc6 >/dev/null; then
++            echo " Found RPC (provided by glibc, via libc6-dev package)"
++    else
++        if test $DISTRO_ID = "debian" || test $DISTRO_LIKE = "debian" ; then
++            TIRPC=""
++            AC_CHECK_LIB(tirpc,bindresvport,, TIRPC="no")
++            echo "$TIRPC"
++            if test "x$TIRPC" = "xno"; then
++                echo
++                echo " ERROR! tirpc not found, get it by running "
++                echo " apt install libtirpc-devel "
++                exit 1
++            fi
++            LIBS="${LIBS} -ltirpc"
++            extra_incl="-I/usr/include/tirpc"
++        fi
++    fi
++fi
++
++
++# Alternative code to providing switchable RPC implementation
++# from https://wiki.gentoo.org/wiki/Glibc_2.26_porting_notes/RPC_implementation
++#AC_ARG_WITH([libtirpc],
++#      [AS_HELP_STRING([--with-libtirpc], [Use libtirpc as RPC implementation (instead of sunrpc)])])
++#
++#AS_IF([test "x$with_libtirpc" = xyes],
++#      [PKG_CHECK_MODULES([TIRPC],
++#                         [libtirpc],
++#                         [RPC_CFLAGS=$TIRPC_CFLAGS; RPC_LIBS=$TIRPC_LIBS;],
++#                        [AC_MSG_ERROR([libtirpc requested, but library not found.])]
++#                       )],
++#      [AC_CHECK_HEADER(rpc/rpc.h,
++#                      [RPC_CFLAGS=""; RPC_LIBS="";],
++#                      [AC_MSG_ERROR([sunrpc requested, but headers are not present.])]
++#                     )]
++#)
++#
++
++#AC_SUBST(RPC_CFLAGS)
++#AC_SUBST(RPC_LIBS)
++#
++# or
++# CFLAGS="$CFLAGS $RPC_CFLAGS"
++# LIBS="${LIBS} $RPC_LIBS"
++
+ Z_LIB=""
+ AC_CHECK_HEADERS(zlib.h,, Z_LIB="no")
+ if test "x$Z_LIB" = "xno"; then
diff -Nru snort-2.9.15.1/debian/patches/series snort-2.9.15.1/debian/patches/series
--- snort-2.9.15.1/debian/patches/series	2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/patches/series	2021-04-10 22:55:04.000000000 +0200
@@ -12,3 +12,5 @@
 config_disabled_rules
 documentation_debian
 fix_compile_errors
+fix_ftbfs_rpc
+decoding_do_not_assume_ipv4
diff -Nru snort-2.9.15.1/debian/snort-common.postinst snort-2.9.15.1/debian/snort-common.postinst
--- snort-2.9.15.1/debian/snort-common.postinst	2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort-common.postinst	2021-04-10 22:55:04.000000000 +0200
@@ -36,4 +36,16 @@
 
 #DEBHELPER# 
 
+
+# rename probably existing cron job with old name using dpkg-maintscript-helper
+if dpkg-maintscript-helper supports mv_conffile; then
+    dpkg-maintscript-helper mv_conffile /etc/cron.daily/5snort /etc/cron.daily/snort-common 2.9.15.1-5~ snort-common -- "$@"
+fi
+# Handle old configuration file
+if dpkg-maintscript-helper supports rm_conffile; then
+    dpkg-maintscript-helper rm_conffile /etc/snort/database.conf 2.9.3~ snort-common -- "$@"
+fi
+
+
+
 exit 0
diff -Nru snort-2.9.15.1/debian/snort-common.postrm snort-2.9.15.1/debian/snort-common.postrm
--- snort-2.9.15.1/debian/snort-common.postrm	2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort-common.postrm	2021-04-10 22:55:04.000000000 +0200
@@ -4,6 +4,7 @@
 # see: dh_installdeb(1)
 
 set -e
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
 
 # summary of how this script can be called:
 #        * <postrm> `remove'
@@ -32,10 +33,25 @@
           rm -f /etc/snort/database.conf
        fi
        ;;
+       abort-install|abort-upgrade)
+       # if installation was aborted then revert the rename of the cron job using dpkg-maintscript-helper
+       if dpkg-maintscript-helper supports mv_conffile; then
+       dpkg-maintscript-helper mv_conffile \
+           /etc/cron.daily/5snort /etc/cron.daily/snort-common 2.9.15.1-5~ snort-common -- "$@"
+       fi
+       # Restore the old configuration file
+       if dpkg-maintscript-helper supports rm_conffile; then
+           dpkg-maintscript-helper rm_conffile /etc/snort/database.conf 2.9.3~ snort-common  -- "$@"
+       fi
+       ;;
        remove|upgrade|failed-upgrade|abort-install|abort-upgrade)
-                # nothing
+        # nothing
+       ;;
 esac
 
+
+
+
 # dh_installdeb will replace this with shell code automatically
 # generated by other debhelper scripts.
 
diff -Nru snort-2.9.15.1/debian/snort-common.preinst snort-2.9.15.1/debian/snort-common.preinst
--- snort-2.9.15.1/debian/snort-common.preinst	2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort-common.preinst	2021-04-10 22:55:04.000000000 +0200
@@ -1,6 +1,7 @@
 #!/bin/sh
 
 set -e
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
 
 # summary of how this script can be called:
 #        * <new-preinst> `install'
@@ -28,12 +29,23 @@
          # Remove the database configuration file it is exists and is empty
          if  [ -e "$DBCONF" ] && ! [ -s "$DBCONF" ] 
          then
+            if dpkg-maintscript-helper supports rm_conffile; then
+                dpkg-maintscript-helper rm_conffile $DBCONF 2.9.3~ snort-common -- "$@" 
+            else
                 rm -f $DBCONF
+            fi
          fi
 
         # rename probably existing cron job with old name
-        if [ -e /etc/cron.daily/5snort ]; then
-            mv /etc/cron.daily/5snort /etc/cron.daily/snort-common
+        # try first to use dpkg-maintscript-helper
+        if dpkg-maintscript-helper supports mv_conffile; then
+            dpkg-maintscript-helper mv_conffile /etc/cron.daily/5snort /etc/cron.daily/snort-common 2.9.15.1-5~ snort-common -- "$@"
+        else
+            # Manually move the file, this will generate a dpkg prompt to
+            # approve the changes
+            if [ -e /etc/cron.daily/5snort ]; then
+                 mv /etc/cron.daily/5snort /etc/cron.daily/snort-common
+            fi
         fi
 
     ;;
diff -Nru snort-2.9.15.1/debian/snort.logrotate snort-2.9.15.1/debian/snort.logrotate
--- snort-2.9.15.1/debian/snort.logrotate	2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort.logrotate	2021-04-10 22:55:04.000000000 +0200
@@ -1,4 +1,4 @@
-/var/log/snort/alert /var/log/snort/alert.fast /var/log/snort/*log /var/log/snort/*/alert /var/log/snort/*/*log {
+/var/log/snort/snort.alert /var/log/snort/snort.alert.fast /var/log/snort/*log /var/log/snort/*/alert /var/log/snort/*/*log {
     daily
     rotate 7
     compress
diff -Nru snort-2.9.15.1/debian/snort.postinst snort-2.9.15.1/debian/snort.postinst
--- snort-2.9.15.1/debian/snort.postinst	2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort.postinst	2021-04-10 22:55:04.000000000 +0200
@@ -1,5 +1,7 @@
 #!/bin/sh -e
 
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
+
 CONFIG=/etc/snort/snort.debian.conf
 CONFIG_CHECKSUM=/var/lib/snort/snort.debian.conf.md5sum
 # Create the checksum directory if it does not exist
diff -Nru snort-2.9.15.1/debian/snort.postrm snort-2.9.15.1/debian/snort.postrm
--- snort-2.9.15.1/debian/snort.postrm	2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort.postrm	2021-04-10 22:55:04.000000000 +0200
@@ -4,6 +4,7 @@
 # see: dh_installdeb(1)
 
 set -e
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
 
 # summary of how this script can be called:
 #        * <postrm> `remove'
diff -Nru snort-2.9.15.1/debian/snort.preinst snort-2.9.15.1/debian/snort.preinst
--- snort-2.9.15.1/debian/snort.preinst	2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort.preinst	2021-04-10 22:55:04.000000000 +0200
@@ -1,8 +1,7 @@
 #!/bin/sh
 
-test $DEBIAN_SCRIPT_DEBUG && set -v -x
-
 set -e
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
 
 # summary of how this script can be called:
 #        * <new-preinst> `install'
diff -Nru snort-2.9.15.1/debian/snort.prerm snort-2.9.15.1/debian/snort.prerm
--- snort-2.9.15.1/debian/snort.prerm	2020-12-06 17:23:14.000000000 +0100
+++ snort-2.9.15.1/debian/snort.prerm	2021-04-10 22:55:04.000000000 +0200
@@ -4,6 +4,7 @@
 # see: dh_installdeb(1)
 
 set -e
+test $DEBIAN_SCRIPT_DEBUG && set -v -x
 
 # summary of how this script can be called:
 #        * <prerm> `remove'

Reply to: