1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403 1404 1405 1406 1407 1408 1409 1410 1411 1412 1413 1414 1415 1416 1417 1418 1419 1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591 1592 1593 1594 1595 1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 1615 1616 1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701 1702 1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805 1806 1807 1808 1809 1810 1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825 1826 1827 1828 1829 1830 1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843 1844 1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860 1861 1862 1863 1864 1865 1866 1867 1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899 1900 1901 1902 1903 1904 1905 1906 1907 1908 1909 1910 1911 1912 1913 1914 1915 1916 1917 1918 1919 1920 1921 1922 1923 1924 1925 1926 1927 1928 1929 1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 2036 2037 2038 2039 2040 2041 2042 2043 2044 2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426 2427 2428 2429 2430 2431 2432 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2462 2463 2464 2465 2466 2467 2468 2469 2470 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 2542 2543 2544 2545 2546 2547 2548 2549 2550 2551 2552 2553 2554 2555 2556 2557 2558 2559 2560 2561 2562 2563 2564 2565 2566 2567 2568 2569 2570 2571 2572 2573 2574 2575 2576 2577 2578 2579 2580 2581 2582 2583 2584 2585 2586 2587 2588 2589 2590 2591 2592 2593 2594 2595 2596 2597 2598 2599 2600 2601 2602 2603 2604 2605 2606 2607 2608 2609 2610 2611 2612 2613 2614 2615 2616 2617 2618 2619 2620 2621 2622 2623 2624 2625 2626 2627 2628 2629 2630 2631 2632 2633 2634 2635 2636 2637 2638 2639 2640 2641 2642 2643 2644 2645 2646 2647 2648 2649 2650 2651 2652 2653 2654 2655 2656
|
snort (2.9.7.0-5) unstable; urgency=medium
* debian/control: Depend on perl, not perl-modules (Closes: #779126)
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Tue, 30 Jun 2015 00:54:42 +0200
snort (2.9.7.0-4) unstable; urgency=low
* debian/control: Updated deprecated VCs URL to
git://anonscm.debian.org/pkg-snort/pkg-snort.git
* Include Snort tools u2boat and u2spewfoo to parse Unified2 log format
files (Closes: #770882):
- debian/snort.install: Install the files in the Snort package
- debian/{u2boat,u2spewfoo}.1 create new manpages for the tools
- debian/snort.manpages: add the new manpages to the package
- debian/snort.dirs: create usr/bin/ for the new tools
* debian/rules:
- Use dh_prep instead of dh_clean -k
* debian/snort.manpages: Add the manpage for snort-stat, which was not
included in the snort package (but the script was)
* Rebuild with the latest daq library upstream (libdaq2). Libdaq0 is
deprecated/obsolete and not maintained upstrea
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Tue, 09 Dec 2014 20:37:03 +0100
snort (2.9.7.0-3) unstable; urgency=high
* debian/control:
- Add pkg-config in Build-Depends, it provides the PKG_CHECK_MODULES
macro used in configure.in. This fixes a FTBFS observed in the
buildds
- Add libzma-dev dependency in Build-Depends as it is used in
configure.in if available
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Fri, 24 Oct 2014 23:04:34 +0200
snort (2.9.7.0-2) unstable; urgency=high
* The new upstream release, as seen with the previous upload, fixes the Out
of Memory errors found in buildds when building (Closes: #765637)
* debian/control: Add zlib1g-dev dependency in Build-Depends to fix FTFBFS
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Fri, 24 Oct 2014 16:14:20 +0200
snort (2.9.7.0-1) unstable; urgency=high
* Upgrade to latest upstream version. Rules updates have been dropped
by Snort upstream for older releases. Snort 2.9.5.3 is not supported for
rule updates since December 2013 (Closes: #753915)
For more information see: https://www.snort.org/eol
* debian/patches/{config,config_disabled_rules,fix_upstream_typos}: Refresh
to apply to the newest source
* debian/rules:
+ Use dpkg-buildflags to setup the defult compiler and link flags.
+ Enable hardening options when building
* debian/control: Build-Depend on (dpkg-dev >= 1.16.1~) due to above change
* debian/patches/configure_werror: New patch to fix configure.in so
that it can work properly when setting the hardening flags
* debian/patches/hardening_werror: New patch to fix issues found
when building with -Werror
* Debconf updated Translations:
- Updated Dutch translation, contributed by Frans Spiesschaert (Closes:
#764319)
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Fri, 24 Oct 2014 02:04:35 +0200
snort (2.9.5.3-4) unstable; urgency=medium
* debian/control: Drop libgnutls-dev, as it is not longer required and it is scheduled
for removal in sid, and (apparently) uninstallable. (Closes: #764108)
* debian/control, debian/rules: Run dh-autoreconf when building to update
config.{sub, guess} and {libtool, aclocal}.m4 (Closes: #748713)
* debian/snort.init.d: Change the permissions of the snort PIDFILE once
snort is started in order to prevent the following error messages when
snort is *re*started:
snort[xxxx]: Could not remove pid file /var/run//snort_eth0.pid: Permission denied
(Closes: #753914)
* debian/snort-stat.8: Fix filename of the alert log file and point to the
correct location. (Closes: #709246)
* Debconf updated Translations:
- Updated Russian translation, contributed by Yuri Kozlov
(Closes: 729710, #721483)
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Mon, 06 Oct 2014 20:11:15 +0200
snort (2.9.5.3-3) unstable; urgency=low
* debian/control: Add texlive-binaries and texlive-font-utils to
Build-Depends-Indep to make sure that buildds have the binaries
required to build the documentation as suggested by Hideki Yamane.
Kept the texlive metapackage however in debian/control just int case.
(Closes: 713254)
* Debconf updated Translations:
- Updated Russian translation, contributed by Yuri Kozlov (Closes: 722987)
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Mon, 21 Oct 2013 19:39:20 +0200
snort (2.9.5.3-2) unstable; urgency=low
* Debconf templates and debian/control reviewed by the debian-l10n-english
team as part of the Smith review project. (Closes: 720061)
* Debconf updated Translations:
- Update Spanish translation, contributed by Javier Fernandez-Sanguino
- Updated Russian translation, contributed by Yuri Kozlov (Closes: 722987)
- Updated German translation, contributed by Chris Leick (Closes: 723769)
- Updated Portuguese translation, contributed by Miguel Figueiredo
(Closes: 723779)
- Add Simplified Chinese debconf, contributed by Yi Mingjing
(Closes: 723818)
- Updated Czech translation, contributed by Michal Šimůnek
(Closes: 724289)
- Updated French translation, contributed by JP Guillonneau
(Closes: 724300)
- Updated Janapese translation (Closes: 724706)
- Updated Italian translation provided by Daniele Forsi (Closes: 724707)
- Updated Danish translation provided by Joe Hansen (Closes: 724932)
- Updated Swedish translation provided by Martin Bagge (Closes: 725104)
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Tue, 24 Sep 2013 03:39:00 +0200
snort (2.9.5.3-1) unstable; urgency=low
* New upstream release.
- Remove faq from the build since it is no longer provided upstream
* Lintian fix typo in debian/snort-rules-default.README.Debian
* debian/patches: Refresh all patches with new upstream
- config_disabled_rules: Disable more .rules files which are not
provided in the upstream sources (but might be in the VRT
Sourcefire)
* debian/control: Add latex2html to Build-Depends-Indep as the html.sty
file is required for building the documentation
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Fri, 16 Aug 2013 20:51:02 +0200
snort (2.9.3.1-1) experimental; urgency=low
* New upstream release, target towards experimental due to the current freeze.
* The most relevant change in this release is that support by Snort to
output directly in a database has been dropped, which means that the
snort-pgsql and snort-mysql packages are no longer possible. This
is documented in the NEWS file. Also relevant is that support for
Prelude is no longer available.
* Since this release does not include the snort database packages any
longer, bugs associated with them are no longer relevant
(Closes: #526511, #567495, #292699, #276565, #527113, #388963, #388962,
#321046, #369951)
* debian/rules: Update the configuration options to adjust to those used
in the snort.conf script provided upstream
* debian/patches/fix_upstream_typos: Do typo fixes to more source files
* debian/patches/config: Add more comments in the default configuration
file, enable at least one output plugin (unified2) and set some
configurations values as recommended in Jason Weir's "Building a
Debian\Snort based IDS" available in http://www.snort.org/docs
(Closes: #193544)
* debian/patches/*: Refresh the patches to apply to the new upstream release
* debian/po/*: Refresh all templates since the previous templates for
database configuration have gone along with the snort database 'flavor'
packages.
* debian/snort-common.preinst: Remove the /etc/snort/database.conf on
upgrades
* debian/snort.preinst: Control output of usermod
* debian/snort-common.{config,templates}:
- Add code to detect old configuration files with content (which might
happen on upgrades to 2.9.3 coming from the snort-mysql or snort-pgsql
packages) and warn the user if they exist.
- Update the list of valid preprocessors for this release
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Wed, 08 Aug 2012 22:12:35 +0200
snort (2.9.2.2-3) unstable; urgency=medium
[ Upload target towards Wheezy fixing some important bugs
and substantially improving the information provided on the
packages to clarify user expectations ]
* Acknowledge previous NMU
* debian/patches/config: Update the patch to:
- use absolute paths instead of relative paths to point to
the white list and black list used by the reputation
pre-processor.
- disable the reputation as we do not ship any white/black lists
by default (which causes it to fail at startup) and also
because this preprocessor is experimental.
Both changes fix the bug that prevented the package from being
configured due to errors when starting up Snort with the
default configuration (Closes: #677810)
- Add a comment to /etc/snort/snort.conf documenting for users
reading the file that preinstalled rules are surely out of date.
* debian/patches/config_disabled_rules: Comment out shellcode rules as these
have a huge impact in performance unless properly tuned.
* debian/patches/rules: Fix the definition of many SIP rules (defined
as 'alert ip any any'. These were generating a lot of false positives
in environment were enabled. Regardless of the change comment out SIP
rules since they are outdate can generate many false alarms unless
properly defined. (Closes: #626596, #680303).
* debian/control: Adjust description of snort-rules-default to indicate
users that the ruleset provided should not be considered up-to-date.
Encourage users to obtain additional/upgraded rules elsewhere.
* debian/snort-rules-default.README.Debian: Include more information to
potential users on the issues related to the default ruleset provided
(and why it is out of date) as well as pointers as to where obtain
additional rulesets. Some of this information is also in the NEWS file
but is easy to miss to new users.
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Tue, 07 Aug 2012 23:53:24 +0200
snort (2.9.2.2-2.1) unstable; urgency=low
[ gregor herrmann ]
* Non-maintainer upload.
* Drop quilt framework, the package uses source format "3.0 (quilt)".
* Fix FBTFS when called with build-arch:
- don't remove configure-stamp in debian/clean_sources.sh; otherwise
build-basic gets called again
- update target dependencies in debian/rules
-- Nicholas Bamber <nicholas@periapt.co.uk> Fri, 22 Jun 2012 10:49:16 +0100
snort (2.9.2.2-2) unstable; urgency=low
* Fix "FTBFS with multiarch libmysqlclient-dev" using the
patch supplied by Gregor Herrmann :
+ apply patch from Ubuntu / Jean-Louis Dupond:
- debian/rules: use mysql_config to find libraries to fix FTBFS
with multiarch libmysqlclient.
+ debian/control: Build-Depends: drop virtual libmysqlclient15-dev,
make libmysqlclient-dev versioned to get mysql_config's --variable=
switch.
(Closes: #650060)
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Sun, 02 Jun 2012 17:56:00 +0200
snort (2.9.2.2-1) unstable; urgency=low
* New upstream version (bug fix release) (Closes: #666125)
- Provides portvar $FILE_DATA_PORTS in etc/snort.conf (Closes: #661944)
* Acknowledge NMU (Closes: #669524)
* debian/check-snort-conf.sh: New script to check the validity
of the etc/snort.conf file provided
* debian/patches/series, debian/patches/config_disabled_rules,
debian/patches/config: Create independent patch to comment
the rules files which are not provided in the Debian package.
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Sun, 06 May 2012 01:01:30 +0200
snort (2.9.2-3.1) unstable; urgency=low
* Non-maintainer upload.
* Correct tex .sty path (Closes: #669524)
-- Emfox Zhou <emfox@debian.org> Mon, 30 Apr 2012 15:57:48 +0800
snort (2.9.2-4) unstable; urgency=low
* Fix typo (appropiate --> apppropriate) in all the Snort templates. Also
update translations and manually unfuzzy them
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Tue, 14 Feb 2012 00:38:01 +0100
snort (2.9.2-3) unstable; urgency=low
* Restore code from the 2.8.5.2-5 package onwards which was lost when
the version of experimental was moved to the archive.
- Now /var/lib/snort is created through package configuration, as
it should have been
- Remove md5sum files when purging (Closes: #657038)
* debian/rules:
- Enable IPv6 support which was optional in version 2.8 for the Snort
binary package. This is not enabled for the database binary packages
(snort-pgsql and snort-mysql) as the database schemas do not support
IPv6. (Closes: #633064) (LP: #703707)
- Include the quilt makefile and add dependencies in -stamp and
clean targets
* debian/snort.init.d:
- Do not abort if the package is not configured to use a database but
the db-pending-config semaphore is found. Remove it instead and
continue. This can happen if a database-related package was installed,
removed and then 'snort' is installed afterwards.
(LP: #316878, #639755, #722488, #754230, #798608, #876615, #816634)
(LP: #891904, #918250)
* debian/snort-{mysql,pgsql}.postrm:
- Remove the db-pending-config semaphore file when removing the package.
This prevents errors with the snort.init.d logic if a database package
is left unconfigured and then replaced with the snort (non-database)
package.
* debian/README-database.Debian: Indicate that database support will be
deprecated in 2.9 and document that IPv6 is not supported either
* debian/control:
- Add Build-Depends on quilt
- Add VCS entries
- Put the complete maintainer's name in UTF-8
- Change Uploaders, add Andrew Pollock and remove Pascal Hakim
- Update Standards Version
-- Javier Fernández-Sanguino Peña <jfs@debian.org> Wed, 25 Jan 2012 22:24:30 +0100
snort (2.9.2-2) unstable; urgency=low
* debian/control: Add net-tools to Depends: of snort, snort-mysql and
snort-pgsql since 'ifconfig' is required for the configuration script
to work. (Closes: #656445)
* debian/snort{,-mysql,-psql}.postinst: Create the checksum directory if it
does not exist right at the beginning since it might not be created.
(Closes: #656445)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 19 Jan 2012 20:34:02 +0100
snort (2.9.2-1) unstable; urgency=low
[ Andrew Pollock ]
* New upstream release, upload to unstable
- Fixes CVE-2009-3641: DoS while printing specially-crafted IPv6 packet
using the -v option (Closes: 553584)
- The package no longer build-depends on iptables-dev and the negated list
of architectures is no longer used (Closes: 634660)
- debian/patches/config: Patch the configuration file to remove include
files not currently available (Closes: #619446)
- This version is fully supported rule-wise (LP: #872582)
* Switch to dpkg-source 3.0 (quilt) format
* Port across all changes from Snort 2.8.5.2-5 and later in unstable
* debian/snort.postinst: create the directory that the checksum for
snort.debian.conf will be created in if it doesn't already exist
* debian/rules: tell dh_makeshlibs to not call ldconfig in the
preinst/postinst of snort-common-libraries
* debian/rules: don't install README.WIN32 into snort-doc
[ Javier Fernandez-Sanguino Peña ]
* debian/rules:
- Set enable-zlib when configuring all packages to force it to be
enabled as this is required by the http_inspect preprocessor which
is enabled by default (Closes: #631854)
- Included (commented) the patch provided by Clint Byrum and included in
Ubuntu to prevent snort from FTFS with libmysqlclient-dev which will be
multiarch in the future. The patch uses mysql_config to find libraries
to fix FTBFS with multiarch libmysqlclient. Not enabled since the
version of libmysqlclient in unstable currently does not support the
--variable=pkglibdir option
* debian/snort{,-inline}.config: Use LC_ALL=C when calling ifconfig to make
the postinst work when ifconfig's output is internationalised (Closes: 577033)
* debian/control: Fix link in the rules package, point to
http://www.snort.org/snort-rules/ (Closes: 646547)
* debian/my/snort-stat: Modify so that alerts with Priority but without classification
are analysed when parsing syslog information. Also set the class to 'Undefined'
instead of leaving it empty. (Closes: 590061)
* po-debconf translation updates:
- Danish, provided by Joe Dalton (Closes: 638678)
- Dutch, provided by Jeroen Schot (Closes: 654239)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Fri, 13 Jan 2012 21:54:25 +0100
snort (2.8.5.2-9.1) unstable; urgency=low
* Non-maintainer upload.
* Empty dependency_libs in libtool la file(s).
http://wiki.debian.org/ReleaseGoals/LAFileRemoval Closes: #621859
-- Andreas Metzler <ametzler@debian.org> Sat, 18 Jun 2011 14:08:33 +0200
snort (2.8.5.2-9) unstable; urgency=low
* debian/rules: Change gs-common Build-Depends-Indep to ghostscript fo fix
FTBFS, thanks to Andreas Metzler for the solution. (Closes: 618197)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 10 Apr 2011 10:57:55 +0200
snort (2.8.5.2-8) unstable; urgency=low
* debian/snort{,-mysql,-pgsql}.config: Remove the '-o' from
DEBIAN_SNORT_OPTIONS that was prepended by the postinst script in
version 2.8.5.2-2 on upgrades.
* debian/snort{,-mysql,-pgsql}.prerm: Change /usr/sbin/nessus to /usr/sbin/snort
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 22 Jan 2011 12:18:03 +0100
snort (2.8.5.2-7) unstable; urgency=low
* debian/snort{,-mysql,-pgsql}.config: Remove the '-p' from
DEBIAN_SNORT_OPTIONS that is prepended by the postinst script (if disable
promiscuous is set) before adding it to the debconf value to prevent this
option from being readded again and again on reinstall. (Closes: #608635)
* debian/snort{,-mysql,-pgsql}.postinst: Remove the temporary file used to
test if the configuration files has not been modified when upgrading to
a new version.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 02 Jan 2011 20:47:26 +0100
snort (2.8.5.2-6) unstable; urgency=high
* debian/snort{,-mysql,-pgsql}.postinst: Introduce code to be able to manage
the situation in which a local admin has introduced changes in the
/etc/snort/snort.debian.conf configuration file manually. Keep the
local changes and leave the file untouched on upgrades. (Closes: #608590)
* debian/snort-{mysql,-pgsql}.postinst:
- Introduce code to be able to manage the situation in which a local
admin has introduced changes in /etc/snort/database.conf and has not
used dpkg-reconfigure. Keep the local changes and do not touch the
file on upgrades.
- Generate the database.conf regardless of the status of the
db-pending-config file as we need the configuration file in any case.
* debian/snort{,-mysql,-pgsql}.config: Read the values of the configuration
file /etc/snort/snort.debian.conf and use them to set to preseed all the
debconf values. This ensures that local changes are reloaded into debconf
if any changes are made in the file and makes it possible to regenerate
the file with dpkg-reconfigure.
* debian/snort{,-mysql,-inline,-pgsq}.config: Make it possible to debug the
scripts through the use of the DEBIAN_SCRIPT_DEBUG environment variable
* debian/snort-{mysql,pgsql}.config: Fix error in call of template which
belongs to the snort package. Use the proper template now.
* debian/README-database.Debian: Fix syntax error in MySQL example calls and
reword the text a bit to clarify that the provided information are just
examples on how to setup the databases.
* debian/po/: Use debconf-updatepo to remove obsolete translations from PO
files.
* debian/NEWS: Remove the indication that database.conf should not be
manually edited.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 01 Jan 2011 23:40:30 +0100
snort (2.8.5.2-5) unstable; urgency=high
* Final RC bug fix:
* snort-common: Create the database.conf file on package's configuration not
on the preinstallation script (Closes: #607801)
* Lintian fixes:
* debian/control: Upgrade standards version, no changes required
* debian/snort.init.d: add $remote_fs to Required-Start and Required-Stop
* debian/snort.templates: Move the config_error template over to
debian/snort-common.templates as it is used there
* debian/snort-{mysql,pgsql}.templates: remove the config_error template
there as it is not used
* debian/control: Upgrade the Build-Depends on debhelper
* src/parser.c: Typo fix argu*e*ment -> argument
* src/preprocessors/spp_perfmonitor.c,
src/dynamic-preprocessors/dns/spp_dns.c:
Typo fix: sep*e*rated --> separated
* rules/web-misc.rules: Limit the depth when searching for an HTTP version
to prevent false positives from apt-get User-Agent string (LP: #258155)
* debian/snort.init.d: Separate warning message from main messages.
* debian/TODO: review contents and update
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 26 Dec 2010 13:20:25 +0100
snort (2.9.0.1-2) experimental; urgency=low
* [ The Merry Xmas for experimental users Release ! ]
* Forward port the changes introduced in the unstable package
to experimental tool to make for smoother upgrades to the
upstream release.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Fri, 24 Dec 2010 19:52:48 +0100
snort (2.8.5.2-4) unstable; urgency=high
* [ The Merry Xmas and Merry RC bug fixing Release! ]
* debian/snort-common.preinst:
- Fix how the files are generated and use Perl instead of bash's echo
as the latter will interpret content in the configuration file
and will botch it
- Fix typo in the configuration file which moved the configuration
file to database.conf instead of just the database configuration.
- Only generate content in database.conf if the default configuration
file contains the DBSTART line from previous versions.
- Be cautious, if an empty configuration file is generated then
abort.
(Closes: 607951)
* debian/snort.preinst: Do not output information from usermod as this is
not needed
* Disable an error in rules/comunity-smtp.rules that prevents snort from
loading due to the use of !any (Closes: 607751)
* debian/snort-{pgsql,mysql}.postinst: Fix syntax error in postinst scripts
(Closes: 607678)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Fri, 24 Dec 2010 19:39:51 +0100
snort (2.8.5.2-3) unstable; urgency=low
* Move the database configuration code for the -mysql and -pgsql packages
into an independent file (/etc/snort/database.conf). This prevents the
debconf script from modifying /etc/snort/snort.conf, which is a conffile.
And, consequentely, prevents upgrade prompts for users as well as some
other issues when upgrading (Closes: #603428, #566308)
* Adding snort-common-preinst to split off exiting config or touch the
new database config file on new installations to ensure it exists.
* Modify etc/snort.conf to include the new database configuration file.
* Modify snort-{mysql,pgsql}.postinst to use new configuration file.
* Modify snort-{mysql,pgsql,common}.postrm to purge new configuration file if
it exists.
Thanks to Alexander Reichle-Schmehl for the initial patch used to fix this issue
* debian/NEWS: describe the new change on database handling
* debian/snort{,-inline,-mysql,-pgsql}.prerm: Move the code in charge of killing
snort astray children over to the proper location and also ignore errors
if there are (process might appear spurously in the process table due to
race conditions) (Closes: 557729)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Mon, 20 Dec 2010 15:25:49 +0100
snort (2.9.0.1-1) experimental; urgency=low
* New upstream release.
* Change configure.in to use 'dumbnet' instead of 'dnet' since the library
is renamed in Debian
* debian/control:
- Make it Build-Depend on libdumbnet-dev since this release now requires
it (it was previously optional)
- Remove iptables-dev (no longer required) (Closes: 634660)
* debian/rules:
- Do not use --enable-smbalerts (no longer available) when configuring
* Remove the following documentation from the installation as it is no longer
available: doc/README.FLEXRESP, doc/README.FLEXRESP2
* Upload to experimental until I get wider testing.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 11 Nov 2010 00:32:49 +0100
snort (2.8.5.2-2) unstable; urgency=low
* Remove the reverse_order debconf option since Snort no longer supports the
-o option. The default now in Snort is to have Pass|Alert|Log
(Closes: 565567)
* Change error message in the init.d script to point to /var/log/daemon.log
for Snort log messages.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Fri, 22 Jan 2010 00:12:52 +0100
snort (2.8.5.2-1) unstable; urgency=low
* New upstream release
- Fixes CVE-2009-3641: possible DoS due to crafted IPv6 packet when
then -v option is enabled
* Fix src/snort.c since it is not buildable, it seems that the distributed
source code has a bug.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Mon, 11 Jan 2010 23:53:05 +0100
snort (2.8.4.1-6) unstable; urgency=low
* Package rebuild to fix libmysql depedency (Closes: #548831)
* Remove use_static_footprint_sizes option from the stream5_tcp disassembler
in etc/snort.conf as the use in production systems is actually discouraged
[ see http://sourceforge.net/mailarchive/message.php?msg_name=d3a3e6ac0912080843i17a0302te36548e032b4b013%40mail.gmail.com ]
* Lintian fixes:
- Remove dh_undocumented from debian/rules
- Add ${misc:Depends} to all binary packages
- Use updated debhelper version (5)
- Update Standards-Version (3.8.3)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Wed, 09 Dec 2009 02:05:57 +0100
snort (2.8.4.1-5) unstable; urgency=low
* Fix snort-stat so that it can generate proper emails even if Classification
is missing from the alert log, use fix suggested by Pavel Mateja.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 01 Nov 2009 00:43:02 +0100
snort (2.8.4.1-4) unstable; urgency=low
* Fix init.d so that if 'restart' is executed when no instance is
running (no pidfile) it will try to start all of instances, just
if 'start' was executed. (Closes: #540450)
* Add information on how the init.d script works (Closes: #512810)
* Fix name of file in README-database.Debian, remove the database
information from the main README.Debian file. (LP: #302218)
* Fix bug in debian/clean-sources.sh script (Closes: #547316)
* Use a patch provided by Dave Walker <DaveWalker_AT_ubuntu.com>
to prevent starting snort-mysql|pgsql if the database is not configured
yet. This bug cannot be really fixed until we use dbconfig-common
here to ask for all the database information to the user
through Debconf. (LP: #222091) (Closes: #545082)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Wed, 23 Sep 2009 01:35:05 +0200
snort (2.8.4.1-3) unstable; urgency=low
* Change the log message in debian/snort.init.d so people are not led to
believe they need a /etc/snort/snort.$iface.conf configuration file,
/etc/snort/snort.conf is usually just fine.
* Lintian fixes:
- Fix long lines in changelog
- Fix debconf priority in configuration scripts (error -> high)
- Do not install README.WIN32 in snort-doc's documentation
- Do not ignore errors on snort-rules-default.{postrm, preinst}
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 02 Aug 2009 18:27:04 +0200
snort (2.8.4.1-2) unstable; urgency=low
* Rebuild and upload to unstable. (Closes: 528496)
* As acknowledged by upstream and confirmed by users, this release fixes a
segfault in snort-mysql (Closes: 536144)
* Updated Russian po-debconf translation provided by Yuri Kozlov
(Closes: 528677)
* Change syslogd dependency in snort, snort-pgsql and snort-mysql to rsyslog
since that is the default syslog daemon now. (Closes: 526916)
* Remove the syslog dependency from snort-common and snort-rules-default
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 01 Aug 2009 17:50:30 +0200
snort (2.8.4.1-1) experimental; urgency=low
* New upstream release.
* Only provided the latest release notes at debian/snort-common.docs, move
older RELEASE notes to docs/
* Update the doc list at debian/snort-doc.docs with the contents from
doc/ (new READMEs). Add also the old RELEASE notes for reference.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Tue, 09 Jun 2009 02:33:43 +0200
snort (2.7.0-26) unstable; urgency=low
* Fix bug in snort-pgsql and snort-mysql's configuration script introduced in
the previous upload. They were using the wrong debconf keys which made
maintainer scripts fail. (Closes: #526915)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Tue, 05 May 2009 01:29:37 +0200
snort (2.7.0-25) unstable; urgency=low
* Use src/output-plugins/spo_database.c from the 2.8.4.1 release. This
version includes the necessary code to configure the mysql connection so
that it reconnects to the database in case the connection gets lost. This
might happen if too few events are logged in Snort and the database
connection timeouts. (Closes: #449568)
* Copy over src/ipv6_port.h from 2.8.4.1 and include it in
src/output-plugins/spo_database.c
* Update Japanese translation for the templates, thanks to Hideki Yamane
(Closes: 510704)
* Move the code that detects if interfaces are down over to snort-pgsql and
snort-mysql. This way, if the interface defined is not available it will
prompt again, raising the debconf priority (Closes: #502084)
(LP: #477590, #655116)
* Change all the config_parameters debconf input from 'medium' to 'error'
* Change all the needs_db_config debconf questions from 'medium' to 'high'
since users that do not see this note will end up with a non-functioning
package.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 03 May 2009 23:40:26 +0200
snort (2.7.0-24) unstable; urgency=low
* Remove the LogMessage associated with fragmented traffic since it shows up
even in systems that do not have ttl_limit set.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 28 Feb 2009 13:03:22 +0100
snort (2.7.0-23) unstable; urgency=high
* Fix error in call to LogMessage (missing parameters) which caused a segfault
when fragmented packages were received and ttl_limit was set. This bug was
introduced in the patch to fix CVE-2008-1804. Urgency set to 'high' as in
some circunstances it makes Snort fail to start on startup or die after
working for only a few minutes. Also, this could be used as a DoS attack
against an IDS sensor rendering it useless.(Closes: 503992)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 21 Feb 2009 12:11:33 +0100
snort (2.7.0-22) unstable; urgency=low
* Include patch from dato to make the package binNMU-safe
* Remove debian/CVS and debian/my/CVS
* Fix bug in snort-stat that made it miss alerts generated by preprocessors (they only contain
Priority) as well as fix the setting of $alert->{PRIORITY} for alerts
generated by rules. Thanks for Gabor Gombas for the patch. (Closes: #500215)
* Lintian fixes:
- Use Standards Version 3.8.0, no changes needed.
- Make snort-rules-default.postrm run with 'set +e' and append '|| true' to
rmdir calls so that the script does not abort if the directories are not
empty.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Wed, 05 Nov 2008 00:15:40 +0100
snort (2.7.0-21) unstable; urgency=low
* Reupload to unstable, build with proper libraries. Fix mess introduced
by previous upload.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Wed, 29 Oct 2008 00:01:54 +0100
snort (2.7.0-20.3) testing-proposed-updates; urgency=low
* Reupload to testing to *really* depend on newer libpcre.
* Include patch from dato to make the package binNMU-safe
* Remove debian/CVS and debian/my/CVS
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Tue, 04 Nov 2008 22:35:26 +0100
snort (2.7.0-20.2) testing-proposed-updates; urgency=high
* Upload to testing-proposed-updates to fix security bug CVE-2008-1804 (see
below). This package cannot go through sid since the sid build uses a
newer libpcre version not available in lenny. (Closes: #483160)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Tue, 28 Oct 2008 21:32:48 +0100
snort (2.7.0-20) unstable; urgency=high
[ CVE-2008-1804 ]
* Fix error in preprocessors/spp_frag3.c that prevented Snort from properly
identifying packet fragments that had dissimilar TTL values, which allowed
remote attackers to bypass detection rules by using a different TTL for
each fragment. Also update src/generators.h to include the new FRAG3_MIN_TTL
defines (Closes: #483160)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Wed, 22 Oct 2008 01:33:34 +0200
snort (2.7.0-19) unstable; urgency=low
* Make the snort_rules_update example script use bash instead of sh.
(Closes: #489662)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 09 Aug 2008 22:31:47 +0200
snort (2.7.0-18) unstable; urgency=low
* Romain debconf translation provided by Eddy Petrior (Closes: 486137)
* Swedish debconf translation provided by Martin Bagge (Closes: 491785)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Mon, 28 Jul 2008 22:39:37 +0200
snort (2.7.0-17) unstable; urgency=low
* Include the README-database-upgrade.Debian in the documentation of the
database packages, I forgot to do this in -15
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Fri, 02 May 2008 11:52:12 +0200
snort (2.7.0-16) unstable; urgency=low
* Lintian fixes:
- NEWS file now says unstable instead of experimental
- copyright file is now UTF-8
- wrap around files in the changelog
- remove empty /usr/src directory from snort-common-libraries
- fix spelling error in NEWS file
- fix manpage error in snort.8
- change doc-base sections to Network/Monitoring
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Fri, 02 May 2008 10:28:21 +0200
snort (2.7.0-15) unstable; urgency=low
* Update to Standards-Version 3.7.3:
- Have the logrotate script call invoke-rc.d if available to do the
'right thing' if the admin has configured Snort to not run by default.
* Copyright review:
- Add copyright statements to the debian/copyright
- Note that the Snort source code is distributed as GPL 2 only (not
version 3)
- Create a copyright_review.sh shell script to review the contents of
the sources and find new copyright statements
- Point in debian/copyright to the GPL-2 file, not to GPL (which is v3)
* Expand brace-expanded content in debian/rules to prevent bashism
(Closes: #478627)
* Modify the provided snort_rules_update to use oinkcodes, note
in the script that the use of 'oinkmaster' should be preferred
(Closes: 314483)
* Remove Homepage: from binaries package when redundant with the
source package.
* Handle in the init.d script the case of interfaces being available
but not up, thanks to Drew Parsons for an exhaustive analysis and
patch (Closes: #471462)
* Remove header files from the snort-common-libraries package. If users
request it back I will create a snort-common-libraries-dev package
providing these headers (Closes: 440842)
* Database upgrade:
- Added README-database-upgrade.Debian to describe the steps that
need to be done to upgrade the Database, also update upstream's
(cursory) documentation to describe the v107 changes (Closes: 445334)
- [src/output-plugins/spo_database.c] Modify the text messages to
point users to the proper location of documentation in Debian
systems as well as to the (Debian-specific) documentation
related to databases.
- Tell users (through NEWS.Debian) that the schema changed from
2.6 to 2.7 and they will need to upgrade their database.
* Include the RELEASE NOTES for older releases and provide all of them
(for the 2.3, 2.4, and 2.6 releases) as users might find them useful
for upgrade purposes (Changelog might be too detailed)
* Debconf templates and debian/control reviewed by the debian-l10n-
english team as part of the Smith review project. Thanks to
Christian Perrier for his hard work getting this done (Closes: #469803)
* [Debconf translation updates]
- Italian translation, updated by Gianluca Cotr (Closes: #477056)
- Galician translation, updated by Jacobo Tarrio (Closes: #474622)
- Portuguese translation, updated by Traduz (Closes: #475086)
- German translation, updated by Erik Schanze (Closes: #477082)
- Vietnamese translation, updated by Clytie Siddall
(Closes: #477324, #478223)
- French translation, updated by Christian Perrier
(Closes: #478229, #478230)
- Czech translation, updated by Jan Outrata (Closes: #478246)
- Russian translation, updated by Yuri Kozlov (Closes: 478303)
- Dutch translation, updated by Peter Vandenabeele
- Spanish translation, updated by myself
* [New Debconf translations]
- Basque translation, provided by Piarres Beobide (Closes: #475457)
- Finnish translation, provided by Esko Esko Arajärvi
(Closes: #475648, #478211)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 27 Apr 2008 21:58:37 +0200
snort (2.7.0-14) unstable; urgency=high
* Move installation of the snort.default file from the install-indep rule to
the install rule. This error was preventing /etc/snort/default from being
created in the Snort binary packages and, consequently, the init.d would
fail to start properly and the package would not install (Closes: #471895,
#473282)
* Add libgnutls-dev Build-Depend (Closes: #476651)
* Fix typo in the name of the community rules in snort.conf, thanks to
David Gil for providing a patch (Closes: #470881)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 20 Apr 2008 21:39:47 +0200
snort (2.7.0-13) unstable; urgency=low
* Make the build: target be an empty one, instead of having it depend on
both build-arch and build-indep
* Remove texlive-latex-recommended from Build-Depends-Indep as suggested by
James Vega
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 16 Mar 2008 00:16:47 +0100
snort (2.7.0-12) unstable; urgency=low
* Add texlive-latex-recommended to Build-Depends-Indep since refcount.sty
and kvoptions.sty are used
* Have the binary-{arch,indep} depend on install-{arch,indep} instead
of in the install target.
- Move install calls related to snort-common to the install-indep target
* Add some sty files to the build-indep checks in debian/rules so that the
documentation is not compiled unless all are available. Yes, buildds are
stupid enough to pre-install latex, make the previous checks insufficient
and *still* call the build (not build-arch) target! (Closes: #445113)
* Unindent comments in debian/rules so that they do not show up.
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sat, 15 Mar 2008 20:13:34 +0100
snort (2.7.0-11) unstable; urgency=low
* Make the init.d script not depend on the availability of iproute.
(Closes: #463020, #466674)
* Added a Recommends on iproute, as it can be used to improve the
behaviour of the initd script.
* Modify the init.d script to remove also the lockfiles for PIDFILEs
* Move snort-doc to Suggests in the snort package and add it to snort-pgsl
and snort-mysql too.
* Fix FTBFS on GNU/kFreeBSD (due to unsatisfied Build-Depends on
iptables-dev), thanks to Petr Salinger for the fix (Closes: #466073)
* Modify src/snort.c to prevent it from showing a message when it tries to
remove the PIDFILE. This fails in Debian since Snort is not running
as the root user and the daemon cannot modify /var/run. The code is
changed so that the error message related to not being able to remove the
PIDFILE is only presented if running as root or writing the PIDFILE to a
directory that is not /var/run. (Closes: #462423)
* Po-debconf translation updates:
- Fix error in Italian translation (Closes: #462865)
- Japanese translation update, provided by Hideki Yamane (Closes: #463650)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 24 Feb 2008 22:21:09 +0100
snort (2.7.0-10) unstable; urgency=low
* Add a new ALLOW_UNAVAILABLE definition in /etc/default/snort which
makes the init.d not complain if a configured interface is not available.
Also make the init.d script not break if no instances are configured
through debconf (to make it possible to use snort using just if-up.d
by providing a given interface instance as a 'start' parameter)
(Closes: #458823)
* Fix typo in templates, unfuzzy translations I can "understand" and
which seem to have fixed the typo themselves.
* Po-debconf updates:
- Update German translation provided by Erik Schanze (Closes: #462674)
- Updated Italian translation provided by Gianluca Cotr (Closes: #462865)
- Romanian translation provided by Eddy Petrisor (Closes: #460344)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Sun, 27 Jan 2008 11:12:05 +0100
snort (2.7.0-9) unstable; urgency=low
* Modify debian/rules to prevent autobuilders from building
the binary-independent components: (Closes: #445113)
(Thanks dato for the tip)
* Create a new Build-Depends-Indep with all the TeX components used
to build documentation
* Since autobuilders call build, which in turns calls build-indep, hack
the debian rules file so that the documentation is only built
if ps2pdf, dvips and pslatex are available.
* Enable prelude support in all variants (Closes: #458790)
* Debconf translation updates:
- Dutch, provided by Peter Vandenabeele
- Vietnamese, provided by Clytie Siddall (Closes: #458161)
- Portuguese, provided by Miguel Figueiredo (Closes: #458214)
- Galician, provided by Jacobo Tarrio (Closes: #458533)
- French, provided by Christian Perrier (Closes: #458621)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Mon, 31 Dec 2007 00:31:13 +0100
snort (2.7.0-8) unstable; urgency=low
* Rewrite debian/rules:
- the documentation does not get build on the binary-arch target,
(Closes: #445113)
- there is now a install-dep and install-arch
- install-* dependencies do not depend on build
- create a 'clean-sources' target, used only by the 'clean' target
- create a clean_sources.sh script to clean the sources properly before
each run
- call 'clean_sources.sh' before a binary (pgsql, mysql...) is built to
prevent the binary-* rule from calling 'distclean' at the end of each
run (and thus making issues more difficult to debug)
- generate a configure target and use it when building both -arch
and -indep (needed to generate doc/Makefile)
- copy, instead of moving, the binaries, so the 'install' target
is more idempotent (still have to use dh_install more to make it so)
* Change Maintainer's email address
* Create a mechanism to generate all the templates using a "template of
templates" since all the questions where the same with small differences
per package.
- Also fixed snort-inline templates, which were not correct (pointed
to the wrong configuration file)
- Update Spanish translation myself
* Change the init.d script so it behaves like LSB demands:
- Do not exit with error if there are no running instances and we
try to stop
- With 'status', exit with a 1/3 error based on the existence (or not
of the pidfiles)
- Dot not exit with error when trying to start an instance that is
already started (use running() for that)
- Check if the user is root before attempting to star/stop/restart
- Adjust to LSB exit values (instead of just using always '1', use
3-6 to indicate several different errors)
* Lintian cleanup:
- Move Homepage: from the description to a pseudo-header in
debian/control
- do not ignore distclean errors
- remove call to dh_suidregister, we did not use it
- add DEBHELPER token to snort-common.postinst
- update config.guess and config.sub with automake's 1.7 versions
(this is not done automatically in the package, however)
- replace ${Source-Version} substvar with ${binary:version}
- Move the configuration check of snort-common over to the config
script and leave the postinst only to check the status of the
init.d script. Also, modify the snort-common.postinst so it only
does the configuration check if invoke-rc.d (if installed)
- Fix 'malformed-title-in-templates' in all templates by removing
the ending dot
- Fix the 'malformed-prompt-in-templates' by adjusting the contents
of all the titles affected
- Shorten the length of the 'interface' template
- Fix syntax on debian/NEWS
- Remove empty dirs
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Thu, 27 Dec 2007 09:14:00 +0100
snort (2.7.0-7) unstable; urgency=low
* Remove empty comment line in lsb headers
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Mon, 01 Oct 2007 03:01:26 +0200
snort (2.7.0-6) unstable; urgency=low
* Create a separate snort-libraries package and move all the libraries that
were previously (wrongly) included in the snort-common package there
(Closes: #439642)
* Add proper LSB headers, license and copyright to the init.d file
* Also add proper messages to the init script and proper checks to generate
the correct errors when non-root users try to run the script. Exit status
of the script should now reflect better the problems found.
* Removed dependencies on essential packages (coreutils)
* Recode Debian changelog to UTF-8
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Mon, 01 Oct 2007 01:24:32 +0200
snort (2.7.0-5) unstable; urgency=low
* Initialise variables in preinst to prevent collisions with predefined
environment variables (Closes: #443481)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Fri, 21 Sep 2007 22:49:25 +0200
snort (2.7.0-4) unstable; urgency=low
* Fix phrase in the NEWS file
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Wed, 29 Aug 2007 18:26:45 +0200
snort (2.7.0-3) unstable; urgency=low
* Move over the package to unstable.
* Fix FBTFS at Ubuntu due to snort_manual.tex still using latex2html's
html.sty. Thanks Michael Bienia for spotting this and point at the
issue with a patch (Closes: 436244)
* Fixed a typo in the French translation (Closes: 432840)
* Fix documentation errors in debian/README-database.debian. (Closes: 416400)
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Mon, 06 Aug 2007 23:28:02 +0200
snort (2.7.0-2) experimental; urgency=low
* Fix generation of the common snort binary, which was distributed without
prelude support.
* Fix location of dynamic engines in snort.conf
* Change signatures 1443 and 1444 since there was an error in their
definition ( Cannot use 'rawbytes' and 'http_uri' as modifiers for the
same "content" nor use 'rawbytes' with "uricontent". )
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Wed, 01 Aug 2007 02:49:50 +0200
snort (2.7.0-1) experimental; urgency=low
* New upstream release (Closes: #435417, #404991, #320920, #323985)
- Fixes DOS attack: CVE-2006-6931 - "Backtracking Algorithmic Complexity"
DoS against IDS engine (Closes: #407421)
* Introduce all the rules available from the 2.4 release which are GPL and
are non-VRT certified, that is, all rules which are outside of the range
[3,465-1,000,000]. This amounts to a total of 3935 rules (820 of which are
Community released).
* In order to handle rulesets with mixed GPL and non-GPL rules two scripts
have been made available in the source rules/ subdirectory:
- remove-non-gpl.pl - Given a rules file removes all rules outside
the above range
- purge-non-gpl.sh - Given a directory dumps on the local directory
only rules outside this range.
In order to limit maintainer overhead the header for modified rulesets has
not been changed.
* Include the VRT license file. This file is kept for reference under the
rules/ dir, although *no* rule in this package is under that non-free license.
* Include a NEWS.Debian item describing the license change and the rules
distributed within this package.
not in the database packages (Closes: #320920)
* As a consequence of the above Build-Depend on libprelude-dev, iptables-dev
* Provide support for Prelude in both snort and snort-inline packages but
* The examples are now included in the -common package instead of having
them in all the binary packages
This package provides support to make an experimental separate binary
package for inline support: snort-inline, which most of the configuration is
shared with the snort binary package but the PPP related options have been
removed. However, snort-inline does not support libnet 1.1 so we cannot
provide it yet. This has been changed in Snort's code but it's far from
complete:
- Make the configure script work with libnet 1.1.
- Port parts of the API (some declarations) to 1.1
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Tue, 31 Jul 2007 23:35:06 +0200
snort (2.3.3-15) unstable; urgency=low
* Include all the community signatures available as of today into the
snort-signatures package. This means 820 new signatures go in.
* Sync mappings:
* Updated the gen-msg.map under rules/ with the maps under etc/
* Updated the sid-msg.map under etc/ with the maps under rules/
-- Javier Fernandez-Sanguino Pen~a <jfs@debian.org> Tue, 31 Jul 2007 21:57:46 +0200
snort (2.3.3-14) unstable; urgency=low
* Use the patch provided by Matt Kraai to fix the FTBFS due to the
tetex -> Texlive transition. Also make the package Build-Depend
on texlive and texlive-latex-base instead of tetex-bin and tetex-extra
(Closes: 419454)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 22 Apr 2007 16:41:50 +0200
snort (2.3.3-13) unstable; urgency=low
* Translations added:
- Tamil translation, provided by Tirumurti Vasudevan (Closes: #413830)
- Russian translation, provided by Yuriy Talakan' (Closes: #411822)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 13 Mar 2007 16:30:52 +0100
snort (2.3.3-12) unstable; urgency=low
* Translations updated:
- Czech (Closes: #408619)
- Swedish
* New translations
- Galician, provided by Jacobo Tarrio (Closes: #409651)
- Italian, provided by Gianluca Cotrino. Slightly edited to fix header. (Closes: #411270)
- Romanian, provided by Eddy Petrisor (Closes: #409505)
- Portuguese, provided by Miguel Figueiredo
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 18 Feb 2007 12:25:45 +0100
snort (2.3.3-11) unstable; urgency=low
* Restore German translation (somehow removed in previous upload), courtesy
of Erik Schanze (Closes: #397017)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 2 Jan 2007 17:26:10 +0100
snort (2.3.3-10) unstable; urgency=low
* Fix snort-mysql template to prevent translators from duplicating work
(two templates were nearly identical except for a double space)
[ Translations update ]
* Updated Spanish translation
* Updated Japanese translation, courtesy of Hideki Yamane (Closes: #391894)
* Updated German translation, courtesy of Erik Schanze (Closes: #397017)
* Updated Dutch translation, courtesy of Peter Vandenabeele.
* Updated Vietnamese translation, courtesy of Clytie Siddall
* Fix error in Catalan translation (which made msgstat fail)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 21 Dec 2006 19:52:38 +0100
snort (2.3.3-9) unstable; urgency=low
* Do not try to remove /etc/snort in postrm if it does not exist anymore
when purging (Closes: #389766)
* Simplify coreutils dependencies (Closes: #381836)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sun, 1 Oct 2006 23:29:20 +0200
snort (2.3.3-8) unstable; urgency=medium
* Fix security issue CVE-2006-2769, potential evasion in URI content
buffers. This evasion only applies to Apache protected servers since
that server supports some characters. The patch used is from 2.4.5
and is *not* the one provided by Demarc (which is not fully
comprehensive and is much more intrusive).
Since this is an evasion issue and not a real security issue
thus the 'medium' urgency even though it fixes security bug (Closes:
#381726)
From upstream (snort.org webpage, News item "Possible Evasion in
http_inspect"):
«The Apache web server supports special characters in HTTP requests that
do not affect the processing of the particular request. The current
target-based profiles for Apache in the http_inspect preprocessor do not
properly handle these requests, resulting in the possibility that an
attacker can bypass detection of rules that use the "uricontent" keyword
by embedding special characters in a HTTP request.»
«It is important to note that this is an evasion and not a vulnerability.
This means that while it is possible for an attacker to bypass detection,
Snort sensors and the networks they protect are not at a heightened risk
of other attacks.»
* Backport fix of another (different) potential evasion in Stream4 (also in
the Snort 2.4.5 release, no CVE name)
* Relocate Czech translation, it was not under debian/po
* Add a warning in /etc/default/snort that the SNORT_USER will be
modified (with usermod) every time you reinstall the package
(don't change it to 'root'!)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 10 Aug 2006 00:44:36 +0200
snort (2.3.3-7) unstable; urgency=low
* *Really* recompile to use latest libmysqlclient libraries (Closes:
#366748)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 3 Jun 2006 15:20:57 +0200
snort (2.3.3-6) unstable; urgency=medium
* Recompile to use latest libmysqlclient libraries (Closes: #366748)
* Remove the following unused dependencies as suggested by Stefan Huehner:
libsnmp4.2-dev and libssl-dev (and their --with calls in debian/rules) . I'm
still keeping the coreutils | fileutils dependency since I still want to
compile this package in woody.(Closes: #365874)
* Also remove DH_COMPAT from debian/rules as suggested by Stefan Huehner in
#365874
* Move 'debian/my/lisapaper.txt' to snort-doc.docs and remove from snort,
snort-pgsql and snort-mysql doc files (Closes: #340091)
* Have faq.tex use hyperref.sty instead of latex2html's html.sty and comment
the \latexonly definitions. This makes latex2html unnecessary to
build the package (Closes: #365872)
* doc-base files now point to the compressed PDF documents (lintian fix)
* Updated debconf translations:
- French translation provided by Christian Perrier (Closes: #359285)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 29 May 2006 20:05:29 +0200
snort (2.3.3-5) unstable; urgency=low
* Updated Build-Dependencies to use libmysqlclient15-dev instead of the
old libmysqlclient10 library (Closes: #356706)
* Add a 'DEBIAN_SNORT_SEND_STATS' option (controlled by debconf) to allow
users to define if snort should send daily stats. Users that want to
change the frequency should manually move over the cron.daily script
to other cron.XXX locations (Closes: #353035)
* Updated debconf translations:
- Dutch translation with patch provided by Peter Vandenabeele
- Spanish Debconf translation ('send_stats' template)
* Do not indent '@' in the e-mail of users that receive the stats (Closes: #335803)
* Preliminary code (only in snort.config) to detect if the default interface
is up when configuring Snort, the Debconf question priority is raised if
the interface is not up or it does not exist and the user is pestered
if he still provides an invalid answer (unless he doesn't see the
question, which is the case if running with debconf priority set to
'high', in this case, we bail out)
Note: will introduce this in the DB packages after it gets some testing
out there.
* Change the Debconf priority of the note that warns that the configuration
is not working to 'critical' (was 'high')
* Acknowledge NMU made by Margarita:
* Drop automake1.6 dependency in Build-Depends (Closes: #335143)
* Updated config.guess and config.sub with the latest versions available
to prevent FTBFS on GNU/k*BSD (Closes: #342446)
* Updated german debconf translation with patch provided by Erik Schanze
(Closes: #345855)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 22 Mar 2006 02:09:01 +0100
snort (2.3.3-4) unstable; urgency=low
* Build-Depend on newer automake version: 1.7 (Closes: #335143)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 17 Jan 2006 02:10:41 +0100
snort (2.3.3-3) unstable; urgency=low
* Properly remove the snort user on purge.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 20 Oct 2005 01:13:47 +0200
snort (2.3.3-2.1) unstable; urgency=low
* NMU to drop automake1.6 dependency (Closes: #335143)
* Updated config.guess and config.sub (Closes: #342446)
* Updated german debconf translation (Closes: #345855)
-- Margarita Manterola <marga@debian.org> Sun, 22 Jan 2006 21:54:43 -0300
snort (2.3.3-2) unstable; urgency=high
* Backport the following changes introduced in 2.4.1. Upstream changelog:
* src/log.c:
Fix problem in sniffer mode when incomplete TCP option data is received.
Thanks A Hernandez for the find.
(Closes: #328134)
Note: This is a "security" bug but no CVE is assigned, it is actually
something that can happen only if a Snort user willingly shoots himself
on the foot (uses ASCII logging mode) or if he uses the fast output
mode with some non-default options.
For a detailed view see:
Martin Roesch's mail "Snort DoS Fallacies" to snort-users and bugtraq:
http://marc.theaimsgroup.com/?l=bugtraq&m=112665341207363&w=2
http://marc.theaimsgroup.com/?l=snort-users&m=112657845119746&w=2
http://marc.theaimsgroup.com/?l=snort-users&m=112667020331513&w=2
http://marc.theaimsgroup.com/?l=snort-devel&m=112672013010948&w=2
and also
http://www.snort.org/pub-bin/snortnews.cgi#58
To summarise: The only recommended alert methods in a production sensor
are unified, syslog or database. And unified is The Right Way to run
a sensor (others have important performance issues under high load )
NOTE to Debian Security teams: I don't believe this bug merits a DSA
(or a DTSA for that matter)
(Closes: #328134)
* Backport the following changes introduced in 2.4.2. Upstream changelog:
* src/output-plugins/spo_log_database.c:
* schemas/create_mysql:
Fixes to address schema being a keyword in MySQL 5.0. Thanks Wes Young,
Adolfo Gomez, and Aleem Mawji for the updates.
(Closes: #327791)
* Added Swedish translation provided by Daniel Nylander (Closes: #330834)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 30 Sep 2005 21:21:43 +0200
snort (2.3.3-1) unstable; urgency=low
* New upstream release.
* Use upstream's FAQ in PDF format instead of debian/my/FAQ.txt, also
have the FAQ available only in the snort-doc package (after fixing
the Makefile so that the faq.tex file does not get removed on distclean)
* Fix typo in snort.8 manpage (Closes: #326538)
* Fixed address of the FSF in debian/copyright
* Updated debconf translations:
- Vietnamese provided by Clytie Siddall
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 31 Aug 2005 19:47:16 +0200
snort (2.3.2-8) unstable; urgency=low
* _Really_ use debhelper compat version 4 now
* Remove debian/*conffiles since debhelper now marks them as config files
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 27 Aug 2005 01:50:40 +0200
snort (2.3.2-7) unstable; urgency=low
* Fix lintian warnings
* Fix error in database config scripts (when not upgrading, the
wait_for_db_config key does not exist) (Closes: #325223)
* Updated debconf translations:
- French provided by Christian Perrier
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 25 Aug 2005 21:52:19 +0200
snort (2.3.2-6) unstable; urgency=low
* Add Dependency on "debconf | debconf-2.0" as requested by Joey Hess
* Use Debhelper compatibility version 4
* New mechanism for database packages:
- Introduce a mechanism to create /etc/snort/db-pending-config on
initial installation of the database packages.
- Have the init.d script abort the start attempt if the
/etc/snort/db-pending-config file exists.
- Describe how to setup the database support in README-database.Debian
and install this document in the database packages.
(Closes: #205683, #219696, #265735, #265878, #290104, #291616)
* po-debconf changes:
(still waiting a little bit before switching to dbconfig-common)
- Sinchronise all the debconf templates of the different snort
variants.
- Change the wait_for_db_config message, now called 'needs_db_config'
and provides slightly different information.
- Fixed typos in German debconf translation courtesy of Jens Seidel
(Closes: #313906)
- Added Japanese translation contributed by Hideki Yamane
(Closes: #310096)
- Added Vietnamese translation contributed by Clytie Siddall
(Closes: #318695)
- Added Czech translation contributed by Jan Outrata (Closes: #321738)
- Updated the Spanish translation.
- Improve the debconf dialog with suggestions from Justin B Rye
(Closes: #306269)
- Fix the templates so that all the files use the same strings, that
should reduce the workload of translating almost identical lines.
(but also fuzzies more of the translations above)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Thu, 25 Aug 2005 14:59:29 +0200
snort (2.3.2-5) unstable; urgency=medium
* Medium priority since it seems some buildds are not auto building
snort ok and this changes fix it.
* Use PostgreSQL 8.0 now as requested by Martin Pitt. Basicly just
changed the build-depends and use 'pg_config --includedir' when
setting the location of the PostgreSQL location.
* Changes to configure.in: (Closes: #313499)
* Fixed configure.in so that it uses the --with dir directly first
(intead of looking for $i/include and stuff like that).
* Fixed configure.in so that it outputs the PostgreSQL directories
it tested by fixing a typo.
* Have all ERROR messages abort with an exit 1 so that the Makefile breaks
and we will notice the error if doing an automatic build.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 14 Jun 2005 19:33:49 +0200
snort (2.3.2-4) unstable; urgency=low
* Snort, snort-pgsql and snort-mysql now depend on either coreutils
or earlier packages which provided 'stat'. This should prevent
partial-upgrades of woody systems which prevent snort's init scripts
from running (Closes: #311616)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 3 Jun 2005 16:24:50 +0200
snort (2.3.2-3) unstable; urgency=high
* Pre-Depend on adduser since we use it on preinst
* Changed debian/TODO
* Snort-common now Replaces old snort versions (1.8.4beta1-1) since
the configuration files where moved there from snort.
Save for the ppp configuration file which was moved from snort-common to
snort. Snort now Replaces snort-common versions previous to 2.0.2-3,
that introduced the change, cannot conflict since we will end up with
circular dependencies. (Closes: #311257)
* Check MD5sums before rule files are moved from the old location to the
new one in snort-rules-default's preinst when upgrading.
If the files have not been changed from the ones provided
by the woody version then remove them (Closes: #311263)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 1 Jun 2005 09:47:04 +0200
snort (2.3.2-2) unstable; urgency=low
* Have snort-common Conflict on versions prior to the Source-Version to
prevent users upgrading snort-common without upgrading snort.
(Closes: #300785
* Fixed homepage location of Snort (Closes: #300727)
* Fixed snort-stat so it can be used when the -y option is used with Snort,
thanks to the patch provided by Chirik (Closes: #200276)
* Updated German translation courtesy of Erik Schanze
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 22 Mar 2005 01:26:55 +0100
snort (2.3.2-1) unstable; urgency=low
* New upstream release.
- Fixes some bugs in preprocessors
- Rules updates
* Fixed format of NEWS file, updated the version of the changelog entry so
that everybody will read it on next upgrade (Closes: #299334)
* Added debconf french translation provided by Christian Perrier (Closes: #299016)
* Updated debconf dutch translation provided by Peter Vandenabeele (Closes: #296152)
* The PPP script will now use the new /etc/default/snort mechanism
(Closes: 298003
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 14 Mar 2005 13:26:45 +0100
snort (2.3.0-7) unstable; urgency=low
* Do not change the permissions of /var/log/snort/ and
/etc/snort/snort.conf if the administrator has setup an override
using dpkg-statoverride (Closes: #296927)
* Updated translation to Catalan with the one provided by Aleix Badia i
Bosch
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 26 Feb 2005 13:09:14 +0100
snort (2.3.0-6) unstable; urgency=low
* Added tetex-extra to Build-Depends (Closes: #296814)
* Refer to the proper file in debconf template (Closes: #296809)
* Updated the spanish debconf translation.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 25 Feb 2005 00:43:19 +0100
snort (2.3.0-5) unstable; urgency=low
* Upload of the experimental package to unstable
Even though I don't get to fix #205683 and friends (and I would
like to, before the release)
This release Closes #283816, #241995, #289405, #247603
* Do not rotate log files if empty (Closes: #193299)
* Added dutch translation (Closes: #247603)
* Added yet another TODO item
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 22 Feb 2005 21:36:40 +0100
snort (2.3.0-4) experimental; urgency=low
* Call dh_installdocs with -i or -a depending on target, rename
(Closes: #295228, #294755)
* NEWS.Debian file to NEWS
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Tue, 15 Feb 2005 08:33:34 +0100
snort (2.3.0-3) experimental; urgency=low
* Create manual in build-indep location (Closes: #294755)
* Fixed location of snort_manual and lisapaper in their respective
doc-base files.
* Added a reference to the FAQ through a new doc-base file.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 12 Feb 2005 12:23:35 +0100
snort (2.3.0-2) experimental; urgency=low
* Improved postrm purge action by removing also obsolete configuration
(since it's no longer in the conffiles) and the group. Also, synced all
postrm scripts (mysql did not included the rmdir /etc/snort code)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 9 Feb 2005 08:44:05 +0100
snort (2.3.0-1) experimental; urgency=low
(First attempt at experimental, to avoid breaking installations running sid)
* New upstream release
* This version now uses libnet1, changed Build-Depends (Closes: #241995)
* Introduced /etc/default/snort and removed /etc/snort/common.parameters
this makes it easier to check for common situations (parsing the parameter
file is quite complicated). The old common.parameters file is moved
over to /etc/default/snort automatically, but retained in case
the parsing has not been done properly (and will not be used until
the common.parameters file is removed). This is described in the
NEWS.Debian file.
* Fixed the postint call so that the passwd and group are checked before
they are created. Also fix chown call (still used '.' instead of ':')
* Introduce a check for the status of Snort's logdirectory, it checks if
it belongs to Snort (Closes: #247603)
* This release provides debconf support for snort sensors in
multiple interfaces (Closes: #283816)
* Run update-debconf, seems I had not done this when I last made changes
in the templates in 2.2.0-8
* Included the documentation available, including signatures. Also
added the LaTeX manual included as well as the additional Build-Depends
on tetex-bin and gs-common
* Updated the FAQ (was about time!) from http://www.snort.org/docs/FAQ.txt
* Added a README.docs file (pointing people to more documents)
* Updated translations:
- German, provided by Erik Schanze (Closes: #289405)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 26 Jan 2005 09:18:53 +0100
snort (2.2.0-9) unstable; urgency=low
* Removed old (obsolete) converstion of PPPENV in /var/tmp in postinst
which actually might open up security holes when using dialup access
and installing/upgrading the package.
* Updated translations:
- Japanese, provided by Hideki Yamane (closes: #283128)
- French, provided by Christian Perrier (closes: #284559)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 20 Dec 2004 01:35:21 +0100
snort (2.2.0-8) unstable; urgency=low
* Updated the README.Debian file with proper information on how to setup
multiple interfaces and rewrote the Debconf question to specify that
it can be used to define multiple interfaces (Closes: #283816)
* Added some additional TODO notes
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 1 Dec 2004 17:04:38 +0100
snort (2.2.0-7) unstable; urgency=low
* Make snort-common Arch: all (Closes: #278987)
* The installation will now check if you are using a configuration that
will not be able to work with the current Snort version and will forewarn
you. The package installation will still fail (if Snort is started
automatically) but the administrator will be pointed to where the
error is (Closes: #165107)
* Use dh_installman instead of dh_installmanpages and provide proper
PACKAGE.manpages file since dh_installmanpages now fails to create the
snort-common package properly.
* Updated to the latest rules snapshot
* Added an 'update-rules' target in debian/rules that downloads the
latest rules snapshot and installs it in the package.
[ Translations ]
* Dutch update, provided by cobaco (Closes: #278719)
* Japanese update, provided by Hideki Yamane (Closes: #279028)
* French update, provided by Christian Perrier (Closes: #279833)
* German update, provided by Erik Schanze (Closes: #280964)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 30 Oct 2004 22:47:34 +0200
snort (2.2.0-6) unstable; urgency=low
* Added a 'config-check' option in init.d to test the user's configuration
file. This could be used to determine (in postinst) if snort should be
restarted and warn the user (not yet done). This will help fix #165107,
#165351 (since similar user mistakes would be detected), #276565 and
#247665.
* Added more information to the TODOs
* Moved DEBIAN_TRESHOLD to DEBIAN_THRESHOLD (save for the debconf value
in order to avoid reseting it) (Closes: #256581)
* Removed double space in template (Closes: #275936)
* The snort-rules package now Suggests: snort instead of depending on it
(Closes: #249697)
* Updated rules with the latest snapshot.
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Mon, 25 Oct 2004 23:47:45 +0200
snort (2.2.0-5) unstable; urgency=low
* Rules update
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 13 Oct 2004 12:11:21 +0200
snort (2.2.0-4) unstable; urgency=medium
* Fix typo introduced in previous upload that prevents
ppp init script from loading properly common.parameters (Closes: #275439)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Fri, 8 Oct 2004 09:50:06 +0200
snort (2.2.0-3) unstable; urgency=high
* Added config-file discovery to ppp init.scripts so that Snort is
started (-c) with the proper configuration file if available or
snort.conf if not. Setting high severity so that users running
Snort with PPP don't end up with a full /var filesystem (Closes: #268707)
* Fixed bashism in /etc/ppp/if-up.d/snort
* Modified the init.d an if-up.d scripts so that
/etc/snort/snort.common.parameters is only used if it exists.
* Snort-rules-default now Recommends: oinkmaster
now that it is in the archive (accepted 01 Oct 2004), this does not
close #191105 since IMHO a better signature update mechanism should
be introduced. Also updated the related TODO item.
* Added a FAQ Q&A regarding rule updates in README.Debian
* Added code to detect for deprecated preprocessors and warn the user,
curretnly the code will not touch the configuration files himself and
will not detect if you are using the standard package configuration file.
It will prevent users from having configuration issues, however
(Closes: #247665)
* Modified the init.d file so you can use 'status' to determine if
the Snort sensors are up or not.
* Updated the 2.2 rule set with the snapshot provided at snort.org, new rules
include detection of the recent JPEG exploit (Closes: #274244)
* Fixed typo in templates (unfuzzied modified entries) and updated
JA translation provided by Hideki Yamane (Closes: #273138)
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Sat, 2 Oct 2004 12:41:50 +0200
snort (2.2.0-2) unstable; urgency=low
* Taking over maintainership of this package (Closes: #265343)
* Have Snort{,-mysql,-pgsql} depend on the same versions of the
common packages (was not done in the previous release)
* Updated JA translation (Closes: #271755)
* Added a list of todo items in debian/TODO
-- Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Wed, 15 Sep 2004 10:42:43 +0200
snort (2.2.0-1) unstable; urgency=low
+ The 'Please Adopt Me!' release.
+ Fixed build-depends on libpcap0.8-dev closes: #263923
+ Fixed failure to start on multiple interfaces, each interface
now uses it's own configuration file. Closes: #248908
+ Snort{,-mysql,-pgsql} depend on the same versioned rules + common
Closes: #257078
+ NL, DE, pt_BR, FR, JA translations added
Closes: #265508, #264301, #246553, #246374, #239206
+ New upstream release closes: #262297
-- Sander Smeenk <ssmeenk@debian.org> Sun, 15 Aug 2004 15:24:39 +0200
snort (2.1.2-2) unstable; urgency=low
! Once again: Thanks Mario 'BitKoenig' Holbe for your great help:
+ Moved 'dialup' interface guessing from ppp/ip-up to postinst
+ Cleanup restart: only restart current running interfaces
This also cleans up: 'dialup' logcheck failure, if no snort running
+ Prepare for multisensor support
+ Use start-stop-daemon --retry instead of sleep and kill -9
+ Use invoke-rc.d only, if it exists
Closes: #191574
+ Correct please_restart to please_restart_manually
+ Re-Unified prerm and postinst scripts
+ Fix the backward-compatible just-kill-them-all in prerm;
do we really need it? It definitely didn't work before and
since the old-package prerm is called anyways, we shouldn't.
+ Simplify snort.debian.conf creation
+ snort-doc/examples now has a snort-rules auto-update script!
Closes: #242521, thanks Marcel!
+ Updated fr.po by Christian Perrier
Closes: #244048, thanks Christian!
+ Recent changes to init / ip-{up,down} scripts fixed this bug:
Closes: #226236
+ Fixed database schema's in {pg,my}sql packages. This does not fix
the 'schema is not installed when debconf prompts for it'-problem.
Closes: #244017
+ Problem with snort-pgsql.template fixed.
Closes: #244175
-- Sander Smeenk <ssmeenk@debian.org> Sun, 18 Apr 2004 14:39:19 +0200
snort (2.1.2-1) unstable; urgency=low
+ New upstream release
+ Templates corrected (reflect same text at shared options, typos)
+ -b switch removed from snort startup, log_tcpdump changed to snort.log
Closes: #241425, #171190
+ French debconf translation by Christian Perrier
Closes: #241991
+ Added checks on purge of snort-rules-default. Fixed breakage
Closes: #239542
+ Firewall interaction is explained in the FAQ
Closes: #217174
+ Snort now has snort.common.options, and no -b anymore.
Closes: #217244
+ Changed helptext in snort.debian.conf to be more generic.
Closes: #196694
+ Improved dialup suppport. MANY Thanks to Mario 'BitKoenig' Holbe for
his great work on this subject and the changes to the init script!
Closes: #226236
-- Sander Smeenk <ssmeenk@debian.org> Sun, 4 Apr 2004 15:12:27 +0100
snort (2.1.1-1) unstable; urgency=low
+ New upstream release
Closes: #238427
+ Added catalan debconf templates (debian/po/ca.po)
Closes: #236644
+ Fixed packaging bugs.
+ Applied following changes by Javier Fernández-Sanguino Peña. Thanks!!
* Snort group is now created using --system in all packages
Closes: #231580
* Both the cron.daily script and the postinst scripts set a default
value for STATS_RCPT and STATS_TRESHOLD to avoid buggy behaviours
if the user does not setup a proper value when interfacing with
debconf. Still, these values should be checked in the config
scripts. (Closes: #173331)
* Snort-stat now exists if there are no results which will avoid
it from sending empty emails
(Closes: #217913, #174508, #192401, #172529)
* Improved the explanations in several templates (Closes: #217173)
* Updated Japanese translation (and fixed some po format errors,
hopefully without damaging the po file) (Closes: #226680)
* Included Catalan debconf translation (Closes: #236644)
* Updated pt-BR debconf translation (Closes: #228244)
* Re-Added (partial) spanish debconf translation (it seems that
the work I did back in december 2001 has not been moved to po-debconf!)
-- Sander Smeenk <ssmeenk@debian.org> Wed, 17 Mar 2004 18:46:28 +0100
snort (2.1.0-4) unstable; urgency=low
+ Fixed FTBFS with -B flag specified to dpkg-buildpackage
Thanks Pascal Hakim.
+ Restart target in init.d script requires a sleep on slow systems.
Thanks Marco Gaiarin.
+ Updated the ja.po templates
-- Sander Smeenk <ssmeenk@debian.org> Wed, 1 Mar 2004 00:00:00 +0100
snort (2.1.0-3) unstable; urgency=low
+ Split binary-indep packages from binary-arch target
Closes: #226072, #157708, #185806
+ ip-up.d script now correctly guesses the PPPENV settings
Closes: #225956
+ Updated the fr.po templates
Closes: #225906
-- Sander Smeenk <ssmeenk@debian.org> Sun, 04 Jan 2004 12:51:38 +0100
snort (2.1.0-2) unstable; urgency=low
+ Added example init.d script to manage multiple sensors.
+ No longer kills custom daemons at init.d stop
Closes: #181637
+ Fixed build-dependency on libpcre3-dev
Closes: #225707
+ Fixed manpage to reflect new SIGHUP handling
Closes: #122689
+ Already implemented 'statesaving' dialup scripts
Closes: #101725
+ Changed default flow-portscan configuration
Closes: #225506
-- Sander Smeenk <ssmeenk@debian.org> Fri, 02 Jan 2004 13:01:54 +0100
snort (2.1.0-1) unstable; urgency=low
+ New upstream version
+ Depend on perl-modules for perlscripts
Closes: #212805
+ Fixed breakage of upgrades when conffiles were removed by user
Closes: #207970
+ Added japanese translation of templates
Closes: #224191
-- Sander Smeenk <ssmeenk@debian.org> Sun, 21 Dec 2003 15:48:55 +0100
snort (2.0.2-3) unstable; urgency=low
* ip-up.d/snort and init.d/snort now use the same startup arguments
with an extra config file that holds the common parameters.
Closes: #217244
+ ip-{up,down}.d/snort moved from snort-common to snort{,-mysql,-pgsql}
* Clarified debconf questions. Fixed typos, corrected grammar.
Closes: #217173
* Updated what documenation files are included.
Closes: #217174
-- Sander Smeenk <ssmeenk@debian.org> Fri, 24 Oct 2003 18:05:26 +0200
snort (2.0.2-2) unstable; urgency=low
* Fixed 'native package' problem
Closes: #216326
* Fixed syntaxerrors in init script
Closes: #215142
-- Sander Smeenk <ssmeenk@debian.org> Sun, 19 Oct 2003 16:11:09 +0200
snort (2.0.2-1) unstable; urgency=low
Pascal:
* Make snort-rules-default depend on a recent version of snort
Closes: #135603
* Delete configuration files and log files on purge.
Closes: #180043
Sander:
* Fixed the init.d script to not start snort in dialup mode at boot.
Closes: #207291, #208003
-- Sander Smeenk <ssmeenk@debian.org> Wed, 08 Oct 2003 21:09:34 +1000
snort (2.0.1-3) unstable; urgency=low
+ Fixed FTBFS: automake1.6 dependency (Closes: #207010)
-- Sander Smeenk <ssmeenk@debian.org> Mon, 25 Aug 2003 10:45:31 +0200
snort (2.0.1-2) unstable; urgency=low
+ Snort now co-maintained by Pascal Hakim
+ fr.po added, forgot the NMU by Christian Perrier
+ Untranslatable strings marked for translation fixed
Closes: #206972, #192952
+ create_postgresql.gz has been updated and now uses 'TIMESTAMP'
Closes: #206372
+ Changed the init.d's "start" section to support dialup mode
Closes: #205873
+ SNMP support has been removed upstream, I forgot to remove the MIB
message from snort-common
Closes: #206668
+ Since the MIB note was removed, this also fixes inapropriate use of
debconf, which Closes: #205085
-- Sander Smeenk <ssmeenk@debian.org> Sun, 24 Aug 2003 11:41:23 +0200
snort (2.0.1-1) unstable; urgency=low
+ New upstream source
-- Sander Smeenk <ssmeenk@debian.org> Tue, 19 Aug 2003 16:32:46 +0200
snort (2.0.0-3.1) unstable; urgency=low
+ Eeps! Forgot my versioned dependencies!
-- Sander Smeenk <ssmeenk@debian.org> Mon, 05 May 2003 21:02:13 +0200
snort (2.0.0-3) unstable; urgency=low
+ Added 'Provides: Snort' to snort-{pg,my}sql (Closes: #190064)
+ Moved parameter -b to snort.conf (Closes: #190748)
+ Seems fixed, according to submitter (Closes: #184596)
+ Fixed ppp/ip-up.d/snort, first source, then test (Closes: #190999, #191894)
+ Dependency on libpq3 isn't mandatory since postgresql-dev depends on it.
(Closes: #191570)
-- Sander Smeenk <ssmeenk@debian.org> Mon, 05 May 2003 20:27:03 +0200
snort (2.0.0-2) unstable; urgency=low
+ Fixed PPP environment variables in ip-up.d. (Closes: #190107)
I really don't know how to support multiple instances of snort here
+ Versioned depends on snort-rules-default (Closes: #190111)
+ Fixed wrong pid-finding init.d script (Closes: #190154)
+ cronjob 'snort' renamed to '5snort' again (Closes: #190303)
-- Sander Smeenk <ssmeenk@debian.org> Wed, 23 Apr 2003 21:00:23 +0200
snort (2.0.0-1) unstable; urgency=high
+ New Upstream version
+ SECURITY FIXES (Closes: #189267)
- XML logging and SNMP notification seems to be removed upstream ?
+ The init.d script has added intelligence that will hopefully detect
wether snort was running in manual mode / dialup mode when logrotate
ran, and leave it in that state (Closes: #186060)
+ Tried to fix snort-stat by adding -a option (Closes: #186214)
+ Renamed cronjob 5snort to snort (Closes: #186380)
+ Rebuilt with new libsnmp-0.4.2 linking (Closes: #186415)
+ po-debconf patch applied, thanks (Closes: #186881)
+ Including sid-msg.map and gen-msg.map (Closes: #187291)
-- Sander Smeenk <ssmeenk@debian.org> Sat, 05 Apr 2003 13:32:18 +0200
snort (1.9.1-4) unstable; urgency=low
+ Added dependency on perl-modules to snort-common (Closes: #185180)
+ Attempt 1 at fixing snort-stat again (Closes: #184622)
+ init.d script tells how to start snort on dialup system (Closes: #181074)
+ snort-stat supports -a now (scan whole file) (Closes: #184282)
-- Sander Smeenk <ssmeenk@debian.org> Tue, 18 Mar 2003 21:37:47 +0100
snort (1.9.1-3) unstable; urgency=low
+ Fixed Override Disparities
+ Added section to snort-paper (Closes: #183988, #183388)
-- Sander Smeenk <ssmeenk@debian.org> Wed, 12 Mar 2003 09:04:30 +0100
snort (1.9.1-2) unstable; urgency=low
+ Fixed PostgreSQL CreateDB-scheme (Closes: #181733)
+ Fixed snort-doc (Closes: #183988, #183388)
+ A supposed fix for #181477 introduced a new bug which is now fixed
(Closes: #184128, #184071)
+ Fixed -s commandline argument. It doesn't need an argument.
(Closes: #183790)
+ Startup arguments for init.d invocation and pppd invocation are now
'the same' (Closes: #183554)
-- Sander Smeenk <ssmeenk@debian.org> Mon, 10 Mar 2003 23:57:12 +0100
snort (1.9.1-1) unstable; urgency=high
* SECURITY FIX
ISS X-Force has discovered a remotely exploitable buffer overflow
condition in Snort. A buffer overflow flaw exists in Snort RPC
preprocessing code that is vulnerable to attack.
-- Sander Smeenk <ssmeenk@debian.org> Mon, 03 Mar 2003 21:15:27 +0100
snort (1.9.0rel-4) unstable; urgency=low
+ Changed logrotate (Closes: #176495)
+ Renamed 'portscan2' to 'portscan2.log' (Closes: #173978)
+ Recompile Fixed PostgreSQL dependency (Closes: #175977)
+ Applied patch against snort-stat (Closes: #175657)
+ Added 'portscan2-ignorehosts' example + enabled for $HOME_NET
(Closes: #173985)
+ Marks old 'snort.rules.files' OBSOLETE (Closes: #173981)
+ Fixed snort-stat manpage to reflect alert.log (Closes: #175364)
+ Fixed snort-pgsql logging bug with last_cid (Closes: #166722)
+ Updated snort-rules-default to latest version
+ Recompile fixed libsnmp5 dependency (Closes: #183094, #182722)
+ Init scripts fixed (Closes: #181497)
+ Changed rights on /var/log/snort to snort.adm (Closes: #180216)
+ Fixed mkdir -p in snort-rules-default preinst (Closes: #180046)
-- Sander Smeenk <ssmeenk@debian.org> Sat, 25 Jan 2003 16:48:40 +0100
snort (1.9.0rel-3) unstable; urgency=low
+ Using invoke-rc.d instead of direct /etc/init.d calls (Closes: #165135)
-- Sander Smeenk <ssmeenk@debian.org> Thu, 17 Oct 2002 11:35:42 +0200
snort (1.9.0rel-2) unstable; urgency=low
+ Fixed Startup in Manual mode (Closes: #164644)
+ Fixed failing preinst in snort-rules-default (Closes: #164643)
+ No more useless cron messages (Closes: #158490)
+ Manually changed snort.c to fix -s cmdline problem (Closes: #164969)
+ DISABLED OLD PORTSCAN PREPROCESSOR, REPLACED BY PORTSCAN2 PREPROCESSOR
-- Sander Smeenk <ssmeenk@debian.org> Wed, 16 Oct 2002 19:58:29 +0200
snort (1.9.0rel-1) unstable; urgency=low
+ New Upstream Version
+ Moves old /etc/snort/*.rules to new rules/ directory
(Closes: #158447, #160888)
+ Closes: #158845, leftover bug fixed in previous upload.
+ Files *were* created with incorrect permissions (Closes: #162386)
+ Fixed Logrotate (Closes: #158042, #159456)
-- Sander Smeenk <ssmeenk@debian.org> Sat, 31 Aug 2002 15:59:16 +0200
snort (1.9.0beta4-5) unstable; urgency=low
+ ASN.1 Decoder turned OFF because of TOO MANY LOGENTRIES!
* Fixed Bugs (Closes: #157443)
+ Commented out the 'Initializing Output Plugins!' message.
+ Changed to logrotate to rotate logfiles (Closes: #157706)
* Unreproducable, but changed to new rotation system (Closes: #156896)
+ Specified 'portscan2.log' as portscan2 preprocessor logfile
+ Supports 'any' in the address range question to not trust
any side of the network. Wishlist but no bug was filed for this.
+ Fixed faulty information in templates (Closes: #158708)
+ Added README.PHP in contrib/ for clearness (Closes: #158714)
+ snort-stat reported hostname with \n at the end, chomped off now.
-- Sander Smeenk <ssmeenk@debian.org> Fri, 23 Aug 2002 22:17:20 +0200
snort (1.9.0beta4-4) unstable; urgency=low
+ Severe postinst breakage when installing newer versions
of Snort from scratch. Fixed.
+ Fixed world-writable logfiles problem (Closes: #155893)
+ Password-field must be filled in.
+ snort-mysql's postinst put postgresql config in snort.conf :(
-- Sander Smeenk <ssmeenk@debian.org> Tue, 20 Aug 2002 13:21:42 +0200
snort (1.9.0beta4-3) unstable; urgency=low
+ Fixed world-writable logfiles problem (Closes: #155893)
+ Password-field must be filled in.
+ snort-mysql's postinst put postgresql config in snort.conf :(
-- Sander Smeenk <ssmeenk@debian.org> Tue, 20 Aug 2002 11:11:35 +0200
snort (1.9.0beta4-2) unstable; urgency=low
+ Found nicer way of fixing #155893 (Closes: #155893)
+ Typo two typos in bugnumbers.
Previous #153221 should be (Closes: #153211)
Previous #156119 should be (Closes: #156199)
Sorry for the mixups. It was late :/
+ Fixed b0rking preinsts (Closes: #157085)
-- Sander Smeenk <ssmeenk@debian.org> Fri, 16 Aug 2002 00:03:41 +0200
snort (1.9.0beta4-1) unstable; urgency=low
+ Fixes world readable configuration file problem (Closes: #154977, #155484)
+ XML output should work in this release (Closes: #153845)
+ MIB's moved to /usr/share/snmp/mibs (Closes: #153221)
+ snort-stat now uses threshold (Closes: #147197)
+ SMTP rules have been disabled per default (Closes: #153817)
+ Fixed typo's in debconf screens (Closes: #154687)
+ 'Hacked around' the logfiles-not-group-readable problem (Closes: #155893)
+ Upload accepted (Closes: #156119)
+ Leftover bugs that have been fixed earlier (Closes: #134979)
* Fixed but no-bugreports:
+ 'Initializing Plugins' log-message removed from src/plugbase.c
+ Rules have moved from /etc/snort to /etc/snort/rules/
+ snort-{pg,my}sql now update the snort.conf file properly
+ stream4 evasion-detection disabled
+ more...
-- Sander Smeenk <ssmeenk@debian.org> Wed, 14 Aug 2002 22:00:24 +0200
snort (1.8.7-4) unstable; urgency=low
+ Typo in snort-stat, fixed.
-- Sander Smeenk <ssmeenk@debian.org> Sat, 03 Aug 2002 11:21:49 +0200
snort (1.8.7-3) unstable; urgency=low
+ snort-stat now shows hostname from where it's reporting.
+ ruleset tuning (Closes: #155084)
+ i see no rules with <- direction specifier, snort starts
just the way it should with telnet.rules and backdoor.rules
(Closes: #153400)
+ Specific major-version Build-Depends on libsnmp4.2-dev (Closes: #155163)
-- Sander Smeenk <ssmeenk@debian.org> Sat, 03 Aug 2002 01:34:49 +0200
snort (1.8.7-2) unstable; urgency=low
+ Fixed situations where snort got restarted by cronscript while
being started in dialup-mode. Snort should support -HUP'ing.
+ Fixed typo in /etc/snort/snort.conf (Closes: #152840, #152671)
+ Fixed stupid snmpd.conf auto-addition, that was bad (Closes: #153074)
+ Each MTA supplies 'sendmail' and each system has 'MTA' (Closes: #151678)
+ Snort-pgsql has debconf 'help' on configuring a DB (Closes: #149661)
+ Fixed snort-mysql.config problem (Closes: #110952)
+ Multiple subnets problem fixed (Closes: #146861)
* Maintainer Wipes Forehead.
-- Sander Smeenk <ssmeenk@debian.org> Thu, 11 Jul 2002 21:06:50 +0200
snort (1.8.7-1) unstable; urgency=low
+ NEW UPSTREAM!
* No more local-{first,last} creation in preinst (Closes: #152184)
* var EXTERNAL_NET !$HOME_NET in snort.conf (Closes: #152182)
-- Sander Smeenk <ssmeenk@debian.org> Mon, 8 Jul 2002 10:59:16 +0200
snort (1.8.6-6) unstable; urgency=low
* Fixed serious log-rotation problem (Closes: #151922)
* Fixed typo in rules file: --enable-snmp versus --with-snmp
+ Reported in private mail, no bugs to close.
* New ruleset & config & classification (Closes: #152070)
* Not a bug (Closes: #152068)
-- Sander Smeenk <ssmeenk@debian.org> Fri, 5 Jul 2002 23:23:09 +0200
snort (1.8.6-5) unstable; urgency=low
* Fixed 5snort cronjob, thanks for the patches.
+ Closes: #151336, #151341, #151393, #151395
* Can't check this problem, it looks fixed to me.
+ Closes: #94709
* Cronjob has been reworked so it uses /var/log/snort/alert, also
snort.conf has been configured to log to syslog by default.
+ Closes: #146680
* Debconf frontend now supports multiple addresses (ranges) in
address_range question.
+ Closes: #66932
* Bug-submitter thinks this bug is fixes now.
+ Closes: #104074
* Weird unaligned traps on alpha are unconfirmed snort-related.
Also, haven't heard anyone else about this.
+ Closes: #130675
* Fixed the debconf script's perl-regexp to support multiple
subnet-definition separated by commas
+ Closes: #146945
* Once more fixed /etc/snort/snort.conf _NOT_ to log to syslog,
since that would stop logging to /var/log/snort/alert, and that
would break the snort-stat cronjob, and more.
-- Sander Smeenk <ssmeenk@debian.org> Sun, 30 Jun 2002 00:29:26 +0200
snort (1.8.6-4) unstable; urgency=low
+ Fixed POSIX shell incompatibility (Closes: #150409)
+ Fixed Suggests instead of Recommends on snort-doc.
(Closes: #150768, #150702)
+ Fixed RULE_PATH setting in snort.conf
+ Fixed syslog default log-type in snort.conf (Closes: #46680, #124169)
+ The cronjob in this release _tries_ syslogd-listfiles, and if
that is not available defaults to /var/log/auth.log. (Closes: #120991)
+ Added section in README.Debian about FLEXRESP rules and
snort-not-starting because of permission denied (Closes: #132577)
+ Fixed Subject: in body instead of headers (Closes: #132220, #145836)
+ Fixed 'misleading comments' in snort.conf (Closes: #145749)
+ The empty snort.conf problem was fixed in 1.8.6-1? (Closes: #144218)
+ This was fixed in an earlier release (Closes: #134792)
+ Applied patch against cronjob (Closes: #151229)
+ Package 'debianutils' is in base and required, so no dependancies
are nescasary (Closes: #145837)
+ Subjectless email fixed (Closes: #145876)
+ Cronjob emails daily-alerts instead of weekly (Closes: #145901)
+ Looks fixed to me (Closes: #136220)
+ Thanks for the patches everyone!! Greatly appreciated! (Closes: #151257)
-- Sander Smeenk <ssmeenk@debian.org> Fri, 28 Jun 2002 11:22:13 +0200
snort (1.8.6-3) unstable; urgency=low
* New Maintainer! Sander Smeenk <ssmeenk@debian.org>
+ POSTGRESQL SUPPORT WHOO (Closes: #108348)
-- Sander Smeenk <ssmeenk@debian.org> Tue, 4 Jun 2002 21:28:15 +0200
snort (1.8.6-2) unstable; urgency=low
* [debian/snort-rules-default.conffiles] Added missing entries.
* [debian/rules] Honour DEB_BUILD_OPTIONS.
* [debian/rules] Use a variable to hold configure options that are common
to the variant packages.
* [debian/rules] Use debhelper *.dirs .
* [debian/*.doc-base] New.
* Bumped Standards-Version.
* Previous uploads fixed more bugs than noted.
(Closes: #142508, #143294, #131948)
* Enabled SNMP support.
* Added Spanish translations to debconf templates. (Closes: #126725)
* Changes above by JHM (thanks!)
* Added a new snort_stat.pl (Closes: #143875, #131887, #143962)
-- Robert van der Meulen <rvdm@debian.org> Mon, 29 Apr 2002 13:03:24 +0200
snort (1.8.6-1) unstable; urgency=low
* Sander Smeenk <ssmeenk@debian.org> fixed:
+ Closes: #111533, #131047
* Changed snort.template and made a clear text about what HOME_NET
is used for. I had to remove the de_DE and pt_BR translations though.
+ Closes: #134063
* The postinst now creates /etc/snort/snort.debian.conf if it doesn't
exist by echoing a basic content into the file. Kinda ugly, but it
works.
+ Closes: #132220, #134898, #136848, #139143, #139423
* These are all about snort-stat and empty daily emails.
Reported against version 1.7-9, and it seems to be fixed now.
+ Closes: #109135, #117010
* Typo. Fixed.
+ Closes: #104447
* Ooooooh ns.somehost.tld is portscanning me! Add the nameservers
to the DNS_SERVER value in snort.conf. Although I think this was fixed
in 1.8.4beta2
+ Closes: #116169
* I added 1 or 2 lines of short descriptive text to each package's
description. It should be more clear now.
+ Closes: #67176, #130242, #133591, #79095, #102320
* These are left-over bugs. Fixed in earlier releases.
+ Closes: #128689, #131049
* Fixed the init.d script so that it doesn't say "already started" on
errors. Snort returns 0(good) or 1(bad), not 2.
+ Closes: #143268
* The supplied patch didn't contain any valid patchable entries. The
script has changed that much that I assume it has been fixed already.
* Thanks, smeenk :)
-- Robert van der Meulen <rvdm@debian.org> Fri, 19 Apr 2002 16:21:35 +0200
snort (1.8.4beta1-2) unstable; urgency=low
* Fixed 'Depends:' of 'snort' package to depend on new-style snort-common
package. (Closes: #131730)
* Marked some /etc/ files as conffiles (Closes: #132823)
* Fixed build problems on some arches (Closes: #132912, #131741)
* Fixed quoting error in virus.rules (Closes: #131947)
* Fixed snort-common Replaces: line (Closes: #131701, #133106)
* Removed snort.debian.conf from the package (Closes: #132517)
* Fixed initscript to allow for multiple subnets (Closes: #125686)
-- Robert van der Meulen <rvdm@debian.org> Sun, 10 Feb 2002 16:11:55 +0100
snort (1.8.4beta1-1) unstable; urgency=low
* New upstream release (Closes: #131517, #106093, #115955, #118270, #127564)
* Moved config stuff to snort-common (Closes: #109862)
* Fixed debconf instuctions for dialup (Closes: #113250)
* Fixed snort-stat (Closes: #115873, #116964)
* New upstream has icmp-info rules reordered (Closes: #111832)
* Gave 'count' a bit more room in email reports (Closes: #102657)
* Fixed snort cron script to not kill snort in dialup mode (Closes: #97950)
* Fixed snort cron script to not send empty emails (Closes: #112100,#117079)
* Fixed HOME_NET variable passing in init script (Closes: #117886)
-- Robert van der Meulen <rvdm@debian.org> Sun, 10 Feb 2002 15:41:40 +0100
snort (1.8p1-1) unstable; urgency=low
* New upstream release
* Depend on system-log-daemon|syslogd (Closes: #102511)
* Fixed snort-stat empty log reports (Closes: #107515, #98944, #103542)
* Fixed logfile pattern (Closes: #102787)
-- Robert van der Meulen <rvdm@debian.org> Tue, 14 Aug 2001 20:37:43 +0200
snort (1.7-9) unstable; urgency=low
* Removed 'snort.debian.conf' from the 'conffiles' to avoid it being
replaced. (Closes: #96950)
* Fixed a lot of errors in the manpage. (Closes: #99873, #101868)
* Removed '-s' option, and enabled logging to syslog in snort.conf.
(Closes: #101873)
* Fixed inconsequent ip-up.d and init.d behaviour (Closes: #101874)
* Added pt_BR support (Closes: #93219)
* Make snort stop before purging/removing.
-- Robert van der Meulen <rvdm@debian.org> Sun, 15 Jul 2001 14:04:35 +0200
snort (1.7-8) unstable; urgency=low
* Have snort depend on system-log-daemon (Closes: #99203)
* Changed package description (Closes: #99302)
* Changed debconf 'extra options' question (Closes: #99303)
-- Robert van der Meulen <rvdm@debian.org> Sun, 17 Jun 2001 19:16:59 +0200
snort (1.7-7) unstable; urgency=low
* Added a modified version of 'snort-stat', from Christian Hammers
(Closes: #93739)
* Changed '5snort' to do syslogd-listfiles --auth, to correctly list
logfiles using the 'auth' facility. (Closes: #97467)
* Modified crontab file to correctly keep /var/log/snort clean.
(Closes: #97465, #97003)
-- Robert van der Meulen <rvdm@debian.org> Tue, 15 May 2001 20:40:03 +0200
snort (1.7-6) unstable; urgency=low
* Added more paths in /etc/init.d/snort (Closes: #94651)
* Removed non-US dependency on libssl096 (Closes: #92748)
* Fixed old man-page synopsis bug (Closes: #90889)
* Added 'please restart' notice for dialup users that upgrade(Closes: #90979).
* Fixed 'snort.conf' indiscrepancy (comma-separated versus
whitespace-separated) (Closes: #93742)
* Added '-d' option for startup (Closes: #78667)
* Added snort FAQ (Closes: #91219)
-- Robert van der Meulen <rvdm@debian.org> Mon, 30 Apr 2001 01:34:25 +0200
snort (1.7-5) unstable; urgency=low
* fixed no-pidfile bug when using dialup interfaces. (Closes: #89133)
* forgot to close host-timeout bug (Closes: #87838)
* Removed bashisms from cron script (Closes: #88596)
* Fixed start-stop-daemon paths in init.d script (Closes: #88678)
* Corrected multiple -i startup option typo (Closes: #89131)
* Added mysql support (Closes: #89840)
* Applied 'unaligned trap on alpha' patches from Paul Slootman
(Closes: #85684, #81092)
-- Robert van der Meulen <rvdm@debian.org> Thu, 22 Mar 2001 22:40:51 +0100
snort (1.7-4) unstable; urgency=low
* lets-fix-lots-of-bugs release
* Fixed snort-stat:
- output is now 79 chars wide. (Closes: #70649)
- output written to tempfile first, to work around 'host' timing out
sometimes. (Closes: #74937)
* There is no 'WARNING' message on startup, anymore (Closes: #79289)
* Fixed crontab script to reflect /var/log/portscan.log ->
/var/log/snort/portscan.log change. (Closes: #85571)
* Fixed syntax error in cron file (*shame*) (Closes: #85686)
* added check for existence of /var/log/snort/portscan.log in
cron file (Closes: #86596 )
* Fixed syslog dependency problem (syslogd|syslog-ng) (Closes: #85807)
* Changed crontab file to allow for multiple auth.* files (Closes: #84183)
* Snort doesn't crash on empty logfiles. (Closes: #85284 )
* Snort generates correct snort-stat messages on a dialup link now.
(Closes: #82504)
-- Robert van der Meulen <rvdm@debian.org> Fri, 2 Mar 2001 23:32:40 +0100
snort (1.7-3) unstable; urgency=low
* Fixed a couple of bugs in the startup scripts for dialup. Closes: #85201
* Made postinst modify /etc/snort/snort.debian.conf. Closes: #85156
* 'hardwired' /etc/ppp/ip-up.d/snort to use the PPP interface. Closes: #85218
* Fixed problem with multiple 'auth' logfiles. Closes: #84316
-- Robert van der Meulen <rvdm@debian.org> Fri, 9 Feb 2001 23:47:19 +0100
snort (1.7-2) unstable; urgency=low
* Fixed a small bug in the cron.daily script; snort.conf -> snort.debian.conf
-- Robert van der Meulen <rvdm@debian.org> Tue, 6 Feb 2001 23:47:31 +0100
snort (1.7-1) unstable; urgency=low
* New upstream version.
* New maintainer
* Moved /etc/snort/snort-lib to /etc/snort/snort.conf
/etc/snort/snort.conf was a script to set DEBIAN config variables,
it now is the base rule file.
/etc/snort/snort.debian.conf does the 'old' job.
* modified startup parameters for 'new style'
-- Robert van der Meulen <rvdm@debian.org> Sun, 4 Feb 2001 23:31:02 +0100
snort (1.6.3a-5) unstable; urgency=low
* Accidently typed "echo" instead of "kill" in init script. Closes: #84345
-- Christian Hammers <ch@debian.org> Thu, 1 Feb 2001 11:05:16 +0100
snort (1.6.3a-4) unstable; urgency=low
* Enhanced init.d script. Fixes problems with cron rotations.
* Now depends on debhelper. Closes: #75462
* Added german translation for debconf menus. Closes: #83873
* Is no longer accidently a "native Debian" package. Closes: #82097
* Problem with libmysqlclient.so.9 fixed long ago. Closes: #74798, 74806
* Debconf should be work fine now. Closes: #59726, #70711
* Adopted new homepage URL. Closes: #69805
* Problem no longer reproducable. Closes: #67732, #67734
* Added dependency to the virtual package "syslogd". Closes: #84183
-- Christian Hammers <ch@debian.org> Wed, 31 Jan 2001 00:38:22 +0100
snort (1.6.3a-3) unstable; urgency=low
* Changed the "interface" debconf question to medium. Closes: #80996
-- Christian Hammers <ch@debian.org> Wed, 31 Jan 2001 00:10:01 +0100
snort (1.6.3a-2) testing unstable; urgency=low
* Ok, forgot the ">/dev/null" after a savelog cron command...
-- Christian Hammers <ch@debian.org> Sun, 31 Dec 2000 01:11:37 +0100
snort (1.6.3a-1) testing unstable; urgency=low
* This is still 1.6.3!
Somehow the .orig.tar.gz got renamed so I have to make a new
-1 upload.
* Added rotation of /var/log/portscan.log. Closes: #80864
-- Christian Hammers <ch@debian.org> Sat, 30 Dec 2000 17:52:58 +0100
snort (1.6.3-8) unstable; urgency=low
* writed more good english in debconf template. Closes: #78367
* Adjusted debconf question for email recipient to "medium".
-- Christian Hammers <ch@debian.org> Fri, 1 Dec 2000 20:01:38 +0100
snort (1.6.3-7) unstable; urgency=low
* Recompiled against new kernel to handle pppeo.
(requested by jeffml@pobox.com)
-- Christian Hammers <ch@debian.org> Sun, 26 Nov 2000 14:55:25 +0100
snort (1.6.3-6) unstable; urgency=low
* Added debhelper to build depends. Closes #75462
-- Christian Hammers <ch@debian.org> Wed, 25 Oct 2000 10:51:23 +0200
snort (1.6.3-5) unstable; urgency=medium
* Recompiled against libmysqlclient10.
-- Christian Hammers <ch@debian.org> Tue, 17 Oct 2000 11:00:11 +0200
snort (1.6.3-4) unstable; urgency=low
* Added dependencies to adduser >= 3.11. Closes: #69425
-- Christian Hammers <ch@debian.org> Sun, 20 Aug 2000 08:53:50 +0200
snort (1.6.3-3) unstable; urgency=low
* Made postinst/preinst idempotent. Closes: 67732, 67734
-- Christian Hammers <ch@debian.org> Sun, 20 Aug 2000 08:53:37 +0200
snort (1.6.3-2) unstable; urgency=low
* Disabled defrag-preprocessor due to upstream bugs.
-- Christian Hammers <ch@debian.org> Mon, 24 Jul 2000 17:21:18 +0200
snort (1.6.3-1) unstable; urgency=low
* New upstream release.
* Now chrooted to /var/log/snort and running as snort:snort!
* More scan detections added.
* Applied fixed from Ian Zimmerman. Thanks. Closes: #66057
-- Christian Hammers <ch@debian.org> Sun, 23 Jul 2000 14:11:50 +0200
snort (1.6.2.2-1) unstable; urgency=low
* New upstream release 1.6.2.2. Minor patches.
-- Christian Hammers <ch@debian.org> Sun, 9 Jul 2000 23:21:16 +0200
snort (1.6.1-1) unstable; urgency=low
* Many new scans for known vulnerabilities included!
-- Christian Hammers <ch@debian.org> Sat, 8 Jul 2000 17:06:47 +0200
snort (1.6-1) unstable; urgency=low
* New upstream major release.
-- Christian Hammers <ch@debian.org> Tue, 4 Jul 2000 18:40:34 +0200
snort (1.5.1-12) unstable; urgency=low
* Removed warning for port 53 source port traffic because old BINDs
generated them. Closes: #65107
-- Christian Hammers <ch@debian.org> Tue, 6 Jun 2000 19:07:06 +0200
snort (1.5.1-11) frozen unstable; urgency=low
* Package could not be build on powerpc because there were some
obsolete AM_PROG_INSTALL (now AC_PROG_INSTALL) statements in
aclocal.m4. Closes: #57916
* Improved documentation about reading the tcpdump-style binary log
file. Closes: #57789
-- Christian Hammers <ch@debian.org> Sun, 13 Feb 2000 18:23:58 +0100
snort (1.5.1-10) frozen unstable; urgency=low
* Make sure that snort's cron.daily script gets renamed to the new
name in snort.preinst so that it won't be called twice.
-- Christian Hammers <ch@debian.org> Wed, 9 Feb 2000 12:37:53 +0100
snort (1.5.1-9) frozen unstable; urgency=low
* Argh! Forgot to remove a malicious line in cron.daily. Closes: #57611
-- Christian Hammers <ch@debian.org> Wed, 9 Feb 2000 11:10:53 +0100
snort (1.5.1-8) frozen unstable; urgency=low
* Added "exit 0" to cron.daily script.
-- Christian Hammers <ch@debian.org> Sat, 5 Feb 2000 16:07:05 +0100
snort (1.5.1-7) frozen unstable; urgency=low
* Applied upstream patch to get binary mode working.
Now this is really 1.5.1 and not 1.5patch1, btw.
* switched logging to tcpdump compatible binary mode so that
snort is usable on 100MBit networks. Closes: #55949
* fixed daily report of the weekly rotated auth.log. Closes: #56476
* cron job restarts snort correctly. Closes: #56608
* postinst should start snort only if $startup=="boot".
* sanified snort.config (thank to Mario Holbe, again)
* removed debconf-bug compatibility. Closes: #54990
-- Christian Hammers <ch@debian.org> Sat, 29 Jan 2000 17:57:34 +0100
snort (1.5.1-5) frozen unstable; urgency=low
* User may only enter one interface and no comma separated list that
confuses the postscript, too. Closes: #55567
* Explained a debconf question. Closes: #55568
* Fixed email address in copyright.
* uncommented all backdoor-lib rules that do only whatch for a
port >=1024, ignoring the content since they produce too much
false-positives. (as requested by chirik@castlefur.com)
* Added a note that this isn't actually 1.5.1 but 1.5patch1.
* Included "real" manpage that upstream author wrote.
-- Christian Hammers <ch@debian.org> Sat, 22 Jan 2000 15:30:32 +0100
snort (1.5.1-4) frozen unstable; urgency=low
* Workaroung for debconf bug (#55317).
* Do not ask user for IP range when using dialup-mode.
(They normally wouldn't know!)
*
-- Christian Hammers <ch@debian.org> Sat, 22 Jan 2000 15:00:25 +0100
snort (1.5.1-3) frozen unstable; urgency=medium
* Fixed cron script. Closes: #54553
* The following was done by --- Mario Holbe --- thanks again!
* Fixed quoting of metacharacters in postinst. Closes: #54984
* replaced the snort.options thingy by a sh-based snort.conf
- removed it from snort-lib
- changed the README.Maintainer comment
- changed rule for it
- created snort.conf with slightly beautified variables
* modified ip-down.d to work with new snort.conf
* modified ip-up.d to work with new snort.conf
* modified snort.init.d to work with new snort.conf Closes: #54553
- this closes some bugs in 1.5.1-2, which i've not submitted :-)
* modified snort-stat to work with new snort.conf Closes: #54555
* modified snort.cron.daily to work with new snort.conf/snort-stat
* added new snort/stats_treshold to snort.templates
* modified snort.config to work with new config variable
* modified snort.postinst to work with new snort.conf
* modified snort.postrm to remove snort.conf if purge
* all over all: did some beauifying :)
-- Christian Hammers <ch@debian.org> Fri, 14 Jan 2000 21:09:42 +0100
snort (1.5.1-2) unstable; urgency=low
* I was diligently and added five more debconf options :) Closing: #54227
- receipient of the daily statistic mail
- start at boot/ip-up/manual
- interface
- promiscuous mode
- reverse order
* Enhanced the snort-stat script with help from Mario Holbe. Closes: #54369
-- Christian Hammers <ch@debian.org> Fri, 14 Jan 2000 21:09:36 +0100
snort (1.5.1-1) unstable; urgency=low
* Fixed cron script with the new logging method.
Closes: #54226, #54275
* Applied upstream patch1 and one from the mailing list.
Closes: #54225, #54224
* Added README.Debian with a small FAQ.
* Changed configuration and added a /etc/snort/snort.options file.
-- Christian Hammers <ch@debian.org> Tue, 11 Jan 2000 22:56:33 +0100
snort (1.5-2) unstable; urgency=low
* Fixed typo. Closes: #54269
-- Christian Hammers <ch@debian.org> Sun, 9 Jan 2000 18:58:45 +0100
snort (1.5-1) unstable; urgency=low
* New upstream release.
Features speed burst and modularization of the rules file.
* Now using syslog facility to log to /var/log/auth.log.
(Details are still available in /var/log/snort/)
* Daily generation of scan statistic via cron script.
-- Christian Hammers <ch@debian.org> Sun, 9 Jan 2000 18:58:39 +0100
snort (1.3.1-8) unstable; urgency=low
* Sorry, future timestamps in package. Closes: #51848
(too much Y2K testing, I guess)
-- Christian Hammers <ch@debian.org> Sun, 5 Dec 1999 16:49:56 +0100
snort (1.3.1-7) unstable; urgency=medium
* Changed prio to high since it's an grave bug that was closed.
* Closes: #51130
-- Christian Hammers <ch@debian.org> Tue, 15 Feb 2000 00:34:59 +0100
snort (1.3.1-6) unstable; urgency=medium
* Snort stalles after installation due to debconf misuse.
* Closes: #51130
-- Christian Hammers <ch@debian.org> Wed, 24 Nov 1999 00:29:39 +0100
snort (1.3.1-5) unstable; urgency=low
* Added debconf support to enter address range.
-- Christian Hammers <ch@debian.org> Mon, 22 Nov 1999 20:13:41 +0100
snort (1.3.1-4) unstable; urgency=low
* Extended archiving of log files. Closes: #50176
-- Christian Hammers <ch@debian.org> Mon, 22 Nov 1999 00:56:38 +0100
snort (1.3.1-3) unstable; urgency=low
* Registered cron script as config file. Closes: #48391
-- Christian Hammers <ch@debian.org> Wed, 27 Oct 1999 18:36:06 +0200
snort (1.3.1-2) unstable; urgency=low
* Added the non-promiscuous flag (-p) to the man-page.
-- Christian Hammers <ch@debian.org> Sun, 24 Oct 1999 18:52:20 +0200
snort (1.3.1-1) unstable; urgency=low
* New upstream version.
* Many bugfixes.
-- Christian Hammers <ch@debian.org> Thu, 14 Oct 1999 00:20:35 +0200
snort (1.2.1-3) unstable; urgency=low
* Included the LISA'99 Conference paper as documentation.
* FHS compliant.
* Improved /etc/cron.daily script. Fixes: #44568.
-- Christian Hammers <ch@debian.org> Fri, 10 Sep 1999 01:55:22 +0200
snort (1.2.1-2) unstable; urgency=low
* Added a nice manpage (thanks to Peter T. Breuer). Closes #44127.
-- Christian Hammers <ch@debian.org> Tue, 7 Sep 1999 17:15:51 +0200
snort (1.2.1-1) unstable; urgency=low
* New upstream release with fixes and speed improvement. (fixes: #43049)
-- Christian Hammers <ch@debian.org> Mon, 30 Aug 1999 21:15:10 +0200
snort (1.2-2) unstable; urgency=low
* Made cron.daily a bit quieter. (fixes: #43049)
-- Christian Hammers <ch@debian.org> Mon, 16 Aug 1999 23:05:16 +0200
snort (1.2-1) unstable; urgency=low
* New upstream version with great performance improve.
-- Christian Hammers <ch@debian.org> Mon, 2 Aug 1999 20:37:09 +0200
snort (1.1-2) unstable; urgency=low
* Made better default IP in config file and fixed typo.
-- Christian Hammers <ch@debian.org> Tue, 13 Jul 1999 00:02:48 +0200
snort (1.1-1) unstable; urgency=low
* Initial Release.
-- Christian Hammers <ch@debian.org> Mon, 12 Jul 1999 21:30:57 +0200
|