Re: Please unfreeze snort 2.7.0-20
* Javier Fernández-Sanguino Peña [Wed, 05 Nov 2008 01:27:40 +0100]: > On Sun, Nov 02, 2008 at 12:31:04PM +0100, Adeodato Simó wrote: > > * Javier Fernández-Sanguino Peña [Mon, 27 Oct 2008 21:56:52 +0100]: > > Hello, Javier. > > > Snort 2.7.0-20, recently uploaded to unstable, introduces a fix for a > > > known > > > security vulnerability (CVE-2008-1804). Please unfreeze this package so > > > that > > > the fix can move into Lenny. > > The i386 binaries that were uploaded to t-p-u depended on the pcre3 on > > unstable (they were built in an unstable system/chroot and not in a > > testing one). They hence can't migrate to testing. > I've recompiled and reuploaded new packages for t-p-u and sid fixing ths > issues (pcre3 version in t-p-u and fixing binNMUability in both). Please > review them. Thanks for the upload. I've reviewed them, and I'll the version in t-p-u once it's built for all arches. Regarding the version in sid (2.7.0-22), this puzzles me a bit: > +- Make snort-rules-default.postrm run with 'set +e' and append '|| true' > to > + rmdir calls so that the script does not abort if the directories are > not > + empty. > -set -e > +set +e This is incoherent: set +e precisely ignores errors, so the "|| true" is not needed. set -e OTOH makes the script terminate of errors, hence the "|| true" could be needed for commands that you know could potentially fail. However: > purge|disappear) > if [ -d /etc/snort/rules ]; then > - rmdir --ignore-fail-on-non-empty /etc/snort/rules > + rmdir --ignore-fail-on-non-empty /etc/snort/rules || > true > fi > if [ -d /etc/snort ]; then > - rmdir --ignore-fail-on-non-empty /etc/snort > + rmdir --ignore-fail-on-non-empty /etc/snort || true If the objective of the "|| true" here is, as the changelog says, "not abort if the directories are not empty", that is already guaranteed by the --ignore-fail-on-non-empty flag, so the "|| true" is redundant here. HTH, -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org «Ara que ets la meva dona, te la fotré fins a la melsa, bacona!» -- Terenci Moix, “Chulas y famosas” -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Please unfreeze snort 2.7.0-20
On Sun, Nov 02, 2008 at 12:31:04PM +0100, Adeodato Simó wrote: > * Javier Fernández-Sanguino Peña [Mon, 27 Oct 2008 21:56:52 +0100]: > > Hello, Javier. > > > Snort 2.7.0-20, recently uploaded to unstable, introduces a fix for a known > > security vulnerability (CVE-2008-1804). Please unfreeze this package so that > > the fix can move into Lenny. > > The i386 binaries that were uploaded to t-p-u depended on the pcre3 on > unstable (they were built in an unstable system/chroot and not in a > testing one). They hence can't migrate to testing. I've recompiled and reuploaded new packages for t-p-u and sid fixing ths issues (pcre3 version in t-p-u and fixing binNMUability in both). Please review them. Regards Javier signature.asc Description: Digital signature
Re: Please unfreeze snort 2.7.0-20
On Sun, Nov 02, 2008 at 12:31:04PM +0100, Adeodato Simó wrote: > Please make a new sourceful upload of snort to t-p-u, but please fix > binNMUability at the same time; I'm attaching a patch. Please make sure > that the fix is included on the next upload to unstable as well. I have found out the 'pbuilder --create' did not work properly for me. It created a sid pbuild even though I instructed it to be lenny :( I'm making new packages for t-p-u with the fixes you mentioned and, once I upload those, I will apply the fixes to sid too. Regards Javier signature.asc Description: Digital signature
Re: Please unfreeze snort 2.7.0-20
2008/11/2 Adeodato Simó <[EMAIL PROTECTED]>: > * Javier Fernández-Sanguino Peña [Mon, 27 Oct 2008 21:56:52 +0100]: > > Hello, Javier. > >> Snort 2.7.0-20, recently uploaded to unstable, introduces a fix for a known >> security vulnerability (CVE-2008-1804). Please unfreeze this package so that >> the fix can move into Lenny. > > The i386 binaries that were uploaded to t-p-u depended on the pcre3 on > unstable (they were built in an unstable system/chroot and not in a > testing one). They hence can't migrate to testing. I'm postitive I built them in a lenny chroot. I don't know what happened there. Will check. Regards Javier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Please unfreeze snort 2.7.0-20
* Javier Fernández-Sanguino Peña [Mon, 27 Oct 2008 21:56:52 +0100]:
Hello, Javier.
> Snort 2.7.0-20, recently uploaded to unstable, introduces a fix for a known
> security vulnerability (CVE-2008-1804). Please unfreeze this package so that
> the fix can move into Lenny.
The i386 binaries that were uploaded to t-p-u depended on the pcre3 on
unstable (they were built in an unstable system/chroot and not in a
testing one). They hence can't migrate to testing.
I scheduled a binNMU of snort/i386/t-p-u to fix this, but as it happens
snort is not binNMUable.
Please make a new sourceful upload of snort to t-p-u, but please fix
binNMUability at the same time; I'm attaching a patch. Please make sure
that the fix is included on the next upload to unstable as well.
And it'd be great to see the CVS files gone from the t-p-u packages too.
Thanks,
--
Adeodato Simó dato at net.com.org.es
Debian Developer adeodato at debian.org
Faced with the choice between changing one's mind and proving that there
is no need to do so, almost everyone gets busy with the proof.
-- J.K. Galbraith
diff -u -r snort-2.7.0-20.2.orig/debian/control snort-2.7.0-20.2/debian/control
--- snort-2.7.0-20.2.orig/debian/control 2008-05-01 22:58:44.0 +0200
+++ snort-2.7.0-20.2/debian/control 2008-11-02 12:28:32.0 +0100
@@ -11,7 +11,7 @@
Package: snort
Architecture: any
Pre-Depends: adduser (>= 3.11)
-Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
+Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${source:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${source:Version}), logrotate
Conflicts: snort-mysql, snort-pgsql
Replaces: snort-common (<< 2.0.2-3)
Recommends: iproute
@@ -68,7 +68,7 @@
Architecture: any
Priority: extra
Pre-Depends: adduser (>= 3.11)
-Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
+Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${source:Version}), debconf (>= 0.2.80) | debconf-2.0, syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${source:Version}), logrotate
Recommends: iproute
Suggests: snort-doc
Conflicts: snort, snort-pgsql
@@ -89,7 +89,7 @@
Provides: snort
Architecture: any
Priority: optional
-Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${binary:Version}), debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${binary:Version}), logrotate
+Depends: snort-common-libraries (>=${binary:Version}), snort-rules-default (>= ${source:Version}), debconf (>= 0.2.80) | debconf-2.0, adduser (>= 3.11), syslogd | system-log-daemon, ${shlibs:Depends}, snort-common (>= ${source:Version}), logrotate
Recommends: iproute
Suggests: snort-doc
Conflicts: snort, snort-mysql
Re: Please unfreeze snort 2.7.0-20
Adeodato Simó <[EMAIL PROTECTED]> writes: > * Javier Fernández-Sanguino Peña [Mon, 27 Oct 2008 21:56:52 +0100]: >> Snort 2.7.0-20, recently uploaded to unstable, introduces a fix for a known >> security vulnerability (CVE-2008-1804). Please unfreeze this package so that >> the fix can move into Lenny. > I see it got re-uploaded to t-p-u due to pcre3. It will get accepted > from there once it's built in all arches. Approved now. Marc -- Fachbegriffe der Informatik - Einfach erklärt 129: Knigge Kofler des erfolgreichen Kommunizierens (Heinrich Konrad Bartels) pgpNwx0XPxqn2.pgp Description: PGP signature
Re: Please unfreeze snort 2.7.0-20
* Javier Fernández-Sanguino Peña [Mon, 27 Oct 2008 21:56:52 +0100]: > Snort 2.7.0-20, recently uploaded to unstable, introduces a fix for a known > security vulnerability (CVE-2008-1804). Please unfreeze this package so that > the fix can move into Lenny. I see it got re-uploaded to t-p-u due to pcre3. It will get accepted from there once it's built in all arches. (Btw some CVS files made its way into the .diff.gz. You're welcome to fix that if you so wish.) Cheers, -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: Antònia Font - Dins aquest iglú -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
