tcpdump (4.9.3-4ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: buffer overflow in read_infile - debian/patches/CVE-2018-16301.patch: Add check of file size before allocating and reading content in tcpdump.c and netdissect-stdinc.h. - CVE-2018-16301 * SECURITY UPDATE: resource exhaustion with big packets - debian/patches/CVE-2020-8037.patch: Add a limit to the amount of space that can be allocated when reading the packet. - CVE-2020-8037 -- David Fernandez Gonzalez Thu, 07 Apr 2022 13:15:51 +0200 tcpdump (4.9.3-4) unstable; urgency=medium * Set upstream metadata fields: Bug-Database. -- Romain Francoise Tue, 31 Dec 2019 19:24:04 +0100 tcpdump (4.9.3-3) unstable; urgency=medium * Minor packaging fixes courtesy of the Janitor bot and lintian-brush: + Use secure URI in debian/watch. + Use secure URI in Homepage field. + Bump debhelper from old 11 to 12. + Set debhelper-compat version in Build-Depends. + Re-export upstream signing key without extra signatures. -- Romain Francoise Sun, 08 Dec 2019 13:56:42 +0100 tcpdump (4.9.3-2) unstable; urgency=medium * Disable failing IKEv2 test yet again to fix build on ppc64el (again) (closes: #942171). -- Romain Francoise Fri, 11 Oct 2019 20:48:04 +0200 tcpdump (4.9.3-1) unstable; urgency=medium * New upstream release, with fixes for 24 different CVEs (closes: #941698). * Build-depend on libpcap >= 1.9.1 to make all build-time tests pass. * Re-enable IKEv2 test. * Bump Standards-Version to 4.4.1. -- Romain Francoise Thu, 10 Oct 2019 21:31:38 +0200 tcpdump (4.9.3~git20190901-2) unstable; urgency=medium * Disable failing IKEv2 test again to fix build on ppc64el. -- Romain Francoise Sat, 07 Sep 2019 12:14:43 +0200 tcpdump (4.9.3~git20190901-1) unstable; urgency=low * New upstream snapshot from the tcpdump-4.9 branch: + Includes fix for CVE-2017-16808 (closes: #881862). + Fixes ESP decryption on ppc64el (and others), re-enable tests. * Drop root privileges by default (closes: #935112): + debian/rules: Configure --with-user=tcpdump. + debian/tcpdump.post{inst,rm}: Create/delete a 'tcpdump' system group and user. + debian/control: Add dependency on adduser. + debian/patches/drop-privs-after-opening-savefile.diff: New patch (from Fedora) to drop root privileges *after* opening the savefile when possible, to alleviate possible inconvenience if the target directory is not writable by user tcpdump. + debian/patches/drop-privs-silently.diff: New patch (from Fedora) to drop root privileges silently. + debian/usr.sbin.tcpdump: Add chown capability, and update rules about device discovery. + debian/NEWS: Mention how to run tcpdump as root. * Bump Standards-Version to 4.4.0. -- Romain Francoise Sun, 01 Sep 2019 13:05:24 +0200 tcpdump (4.9.2-3) unstable; urgency=medium [ Jamie Strandboge ] * debian/usr.sbin.tcpdump: drop 'capability sys_module' since we already have 'net_admin' and network module loading (which happens with -D) is allowed with 'net_admin' (LP: #1759029) (closes: #894161) [ Romain Francoise ] * Switch to debhelper compatibility level 11. * Bump Standards-Version to 4.1.3. -- Romain Francoise Sat, 31 Mar 2018 22:22:36 +0200 tcpdump (4.9.2-2) unstable; urgency=medium * Use new URLs on salsa.debian.org for Vcs-* fields. * Bump Standards-Version to 4.1.2. -- Romain Francoise Sun, 31 Dec 2017 15:53:41 +0100 tcpdump (4.9.2-1) unstable; urgency=high * New upstream release: + Fixes 86 new CVEs, see the upstream changelog for the full list. + Now supports OpenSSL 1.1, so move back to libssl-dev (closes: #859740). * Urgency high due to security fixes. -- Romain Francoise Fri, 08 Sep 2017 21:30:47 +0200 tcpdump (4.9.1-3) unstable; urgency=high * Cherry-pick three upstream commits to fix the following: + CVE-2017-11541: buffer over-read in safeputs() (closes: #873804) + CVE-2017-11542: buffer over-read in pimv1_print() (closes: #873805) + CVE-2017-11543: buffer overflow in sliplink_print() (closes: #873806) * Urgency high due to security fixes. -- Romain Francoise Mon, 04 Sep 2017 19:45:45 +0200 tcpdump (4.9.1-2) unstable; urgency=medium * Disable IKEv2 test which mysteriously fails on ppc64el (closes: #873377). -- Romain Francoise Sat, 02 Sep 2017 11:01:30 +0200 tcpdump (4.9.1-1) unstable; urgency=medium * New upstream release, fixes CVE-2017-11108 (closes: #867718). * Bump Standards-Version to 4.1.0. * debian/watch: add pgpsigurlmangle option. * Add upstream signing key in debian/upstream. -- Romain Francoise Sat, 26 Aug 2017 18:48:32 +0200 tcpdump (4.9.0-3) unstable; urgency=medium [ intrigeri ] * Include AppArmor profile from Ubuntu (closes: #866682). [ Romain Francoise ] * Bump Standards-Version to 4.0.0. -- Romain Francoise Sun, 02 Jul 2017 12:13:53 +0200 tcpdump (4.9.0-2) unstable; urgency=medium * Re-enable crypto support, targeting OpenSSL 1.0 as upstream still doesn't support OpenSSL 1.1. * Drop --enable-ipv6 from configure line, it has been the default for years now. -- Romain Francoise Sat, 11 Feb 2017 16:40:05 +0100 tcpdump (4.9.0-1) unstable; urgency=high * New upstream security release, fixing the following: + CVE-2016-7922: buffer overflow in print-ah.c:ah_print(). + CVE-2016-7923: buffer overflow in print-arp.c:arp_print(). + CVE-2016-7924: buffer overflow in print-atm.c:oam_print(). + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print(). + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print(). + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print(). + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print(). + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header(). + CVE-2016-7930: buffer overflow in print-llc.c:llc_print(). + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print(). + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum(). + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print(). + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print(). + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print(). + CVE-2016-7936: buffer overflow in print-udp.c:udp_print(). + CVE-2016-7937: buffer overflow in print-udp.c:vat_print(). + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame(). + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions. + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions. + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions. + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions. + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print(). + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print(). + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print(). + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print(). + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions. + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print(). + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print(). + CVE-2016-8575: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print(). + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print(). + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print(). + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print(). + CVE-2017-5341: buffer overflow in print-otv.c:otv_print(). + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). + CVE-2017-5482: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse(). + CVE-2017-5484: buffer overflow in print-atm.c:sig_print(). + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap(). + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print(). * Re-enable all tests and bump build-dep on libpcap0.8-dev to >= 1.8 accordingly. * Switch Vcs-Git URL to the https one. * Adjust lintian override name about dh 9. -- Romain Francoise Thu, 26 Jan 2017 20:04:11 +0100 tcpdump (4.8.1-2) unstable; urgency=medium * Disable new HNCP test, which fails on some buildds for some as-of-yet unexplained reason. -- Romain Francoise Sat, 29 Oct 2016 19:40:01 +0200 tcpdump (4.8.1-1) unstable; urgency=medium * New upstream release. * Re-enable Geneve tests (disabled in 4.7.4-1) and bump build-dep on libpcap0.8-dev to >= 1.7 accordingly. * Disable new pcap version tests which require libpcap 1.8+. -- Romain Francoise Sat, 29 Oct 2016 17:16:06 +0200 tcpdump (4.7.4-3) unstable; urgency=medium * Use dh-autoreconf instead of calling autoconf directly and patching config.{guess,sub}. * Call dh_auto_configure instead of configure in override target, patch by Helmut Grohne (closes: #837951). -- Romain Francoise Sat, 17 Sep 2016 11:18:45 +0200 tcpdump (4.7.4-2) unstable; urgency=medium * Disable crypto support as it causes FTBFS with OpenSSL 1.1.x and we don't have a working fix upstream yet (closes: #828569). * Bump Standards-Version to 3.9.8. * Use cgit URL for Vcs-Browser. -- Romain Francoise Sun, 28 Aug 2016 18:16:50 +0200 tcpdump (4.7.4-1) unstable; urgency=medium * New upstream release. * Disable two geneve tests that require libpcap 1.7+. * Bump Standards-Version to 3.9.6. -- Romain Francoise Sat, 23 May 2015 18:25:01 +0200 tcpdump (4.6.2-5) unstable; urgency=high * Cherry-pick commit fb6e5377f3 from upstream Git to fix regressions in the RPKI/RTR printer after the CVE-2015-2153 changes. Thanks to Artur Rona from Ubuntu for the heads-up (closes: #781362). -- Romain Francoise Sat, 04 Apr 2015 19:10:27 +0200 tcpdump (4.6.2-4) unstable; urgency=high * Cherry-pick changes from upstream Git to fix the following security issues: + CVE-2015-0261: missing bounds checks in IPv6 Mobility printer. + CVE-2015-2153: missing bounds checks in RPKI/RTR printer. + CVE-2015-2154: missing bounds checks in ISOCLNS printer. + CVE-2015-2155: missing bounds checks in ForCES printer. -- Romain Francoise Sat, 14 Mar 2015 18:43:44 +0100 tcpdump (4.6.2-3) unstable; urgency=high * Cherry-pick commit 0f95d441e4 from upstream Git to fix a buffer overflow in the PPP dissector (CVE-2014-9140). -- Romain Francoise Sat, 29 Nov 2014 12:23:53 +0100 tcpdump (4.6.2-2) unstable; urgency=high * Urgency high due to security fixes. * Add three patches extracted from various upstream commits fixing vulnerabilities in three dissectors: + CVE-2014-8767: missing bounds checks in OLSR dissector (closes: #770434). + CVE-2014-8768: missing bounds checks in Geonet dissector (closes: #770415). + CVE-2014-8769: missing bounds checks in AOVD dissector (closes: #770424). -- Romain Francoise Sat, 22 Nov 2014 11:48:08 +0100 tcpdump (4.6.2-1) unstable; urgency=medium * New upstream release. -- Romain Francoise Thu, 04 Sep 2014 18:53:34 +0200 tcpdump (4.6.1-3) unstable; urgency=medium * Bump build-dep on libpcap0.8-dev to >= 1.5 as the pppoes_id test case requires a pcap version that supports PPPoE session ID filtering. -- Romain Francoise Sat, 16 Aug 2014 17:38:28 +0200 tcpdump (4.6.1-2) unstable; urgency=medium * Expand configure check for net/pfvar.h to also check for existence of net/if_pflog.h to fix build on GNU/kFreeBSD, which ships the former but not the latter, see #756553 (closes: #756790). -- Romain Francoise Mon, 04 Aug 2014 22:37:24 +0200 tcpdump (4.6.1-1) unstable; urgency=medium * New upstream release. * debian/control: Mark tcpdump 'Multi-Arch: foreign' (closes: #700727). -- Romain Francoise Wed, 30 Jul 2014 19:16:49 +0200 tcpdump (4.5.1-2) unstable; urgency=low * Disable nflog-e testcase, the NFLOG header length is specified in host byte order which makes capture files order-dependent (closes: #731031). -- Romain Francoise Sun, 01 Dec 2013 12:13:16 +0100 tcpdump (4.5.1-1) unstable; urgency=low * New upstream release. * Disable new pppoes testcase which uses a new pcap feature to avoid tying the two upstream versions together. * debian/control: Set Standards-Version to 3.9.5. -- Romain Francoise Sat, 30 Nov 2013 23:54:03 +0100 tcpdump (4.4.0-1) unstable; urgency=low * New upstream release: + Fixes format error in NTP printer (closes: #686276). + Rewords -e description (closes: #648768). * debian/control: Set Standards-Version to 3.9.4. * Use canonical locations in Vcs-* fields. -- Romain Francoise Sat, 25 May 2013 13:50:30 +0200 tcpdump (4.3.0-1) unstable; urgency=low * New upstream release. * Re-enable test suite. -- Romain Francoise Wed, 13 Jun 2012 22:55:54 +0200 tcpdump (4.2.1-3) unstable; urgency=low * Fix CPPFLAGS handling in upstream configure.in to avoid losing hardening flags, patch by Simon Ruderich (closes: #662016). * Fix some misspellings pointed out by lintian. * debian/control: Set Standards-Version to 3.9.3. -- Romain Francoise Sat, 03 Mar 2012 17:11:48 +0100 tcpdump (4.2.1-2) unstable; urgency=low * Drop debian/patches/50_kfreebsd.diff (closes: #658848). -- Romain Francoise Mon, 06 Feb 2012 19:01:12 +0100 tcpdump (4.2.1-1) unstable; urgency=low * New upstream release. * Upload to unstable. -- Romain Francoise Mon, 02 Jan 2012 20:19:22 +0100 tcpdump (4.2.0~rc1-2) experimental; urgency=low * Make sure OpenSSL support gets enabled: since it moved to multiarch paths, the configure script doesn't find libcrypto.so and disables crypto support. To fix this, simplify detection logic in configure.in and run autoconf before configuring. * Redo build flags handling: + Enable hardening flags via dpkg-buildflags, not hardening-includes. + Switch to debhelper compat level 9 to have build flags exported automatically. + Adjust build-depends accordingly. * Enable parallel build in debhelper. -- Romain Francoise Sun, 06 Nov 2011 19:14:23 +0100 tcpdump (4.2.0~rc1-1) experimental; urgency=low * New upstream beta release (closes: #636806); now switches to the -Z user before opening the first output file (closes: #434603). * debian/control: Set Standards-Version to 3.9.2. -- Romain Francoise Sun, 14 Aug 2011 10:44:58 +0200 tcpdump (4.1.1-2) unstable; urgency=low * Fix FTBFS on GNU/Hurd; patch from Svante Signell (closes: #622287). * debian/control: Tweak short and long descriptions, set Standards-Version to 3.9.1. -- Romain Francoise Mon, 11 Apr 2011 22:37:29 +0200 tcpdump (4.1.1-1) unstable; urgency=low * New upstream release (closes: #576001). * debian/rules: Disable dh_auto_test (for now). * debian/control: Set Standards-Version to 3.8.4. * debian/patches/30_uflag_flushopen.diff: New patch: when saving to a capture file with -U, flush the file immediately after opening it. Suggested by Ferenc Wagner (closes: #533625). * debian/patches/20_man_fixes.diff: Fix TCP flags description, thanks to Christophe Rhodes (closes: #575724). -- Romain Francoise Tue, 06 Apr 2010 19:58:14 +0200 tcpdump (4.0.0-6) unstable; urgency=low * debian/control: Build-depend on hardening-includes. * debian/rules: Use hardening.make. -- Romain Francoise Thu, 24 Dec 2009 11:51:12 +0100 tcpdump (4.0.0-5) unstable; urgency=low * Switch to 3.0 (quilt) source format: + Drop build-depends on quilt. + Remove patch/unpatch logic from debian/rules. + Remove README.source. + Refresh debian/patches/30_tcp_seq.diff. * Use dh(1): + debian/compat: Bump to 7. + debian/control: Build-depend on debhelper (>= 7.0.50~). + debian/rules: Simplify. + debian/tcpdump.dirs: Removed. -- Romain Francoise Sun, 08 Nov 2009 17:25:38 +0100 tcpdump (4.0.0-4) unstable; urgency=low * debian/control: + Add ${misc:Depends} to Depends. + Set Standards-Version to 3.8.3; no changes needed. * debian/{watch,README.source}: New files. * debian/copyright: Remove link to original file. -- Romain Francoise Thu, 08 Oct 2009 19:00:23 +0200 tcpdump (4.0.0-3) unstable; urgency=low * debian/patches/20_man_fixes.diff: Update; pcap-filter is in section 7, not 4 (closes: #527599). * debian/control: Set Standards-Version to 3.8.1. -- Romain Francoise Tue, 16 Jun 2009 11:51:14 +0200 tcpdump (4.0.0-2) unstable; urgency=low * debian/patches/30_tcp_seq.diff: Patch from Ilpo Järvinen adding back default display of sequence numbers in TCP printer (closes: #517661). * debian/patches/series: Update. -- Romain Francoise Sun, 01 Mar 2009 14:51:25 +0100 tcpdump (4.0.0-1) unstable; urgency=low * Upload to unstable. -- Romain Francoise Wed, 18 Feb 2009 18:55:35 +0100 tcpdump (4.0.0-1~exp1) experimental; urgency=low * New upstream release. * debian/control: Set Standards-Version to 3.8.0. * debian/rules: Don't set DH_VERBOSE. * debian/patches/15_install.diff: New patch, don't install two identical tcpdump binaries. -- Romain Francoise Sun, 30 Nov 2008 22:55:39 +0100 tcpdump (3.9.8-4) unstable; urgency=low * debian/control: Build-Depend on libpcap0.8-dev (>= 0.9.3), not (>= 0.9.3-1). -- Romain Francoise Sat, 08 Mar 2008 19:24:02 +0100 tcpdump (3.9.8-3) unstable; urgency=low * debian/copyright: Convert to UTF-8 encoding. * debian/control: Set Standards-Version to 3.7.3, no changes needed. -- Romain Francoise Sun, 23 Dec 2007 14:32:17 +0100 tcpdump (3.9.8-2) unstable; urgency=low * debian/control: Add Vcs-Browser and Vcs-Git fields. * debian/patches/50_kfreebsd.diff: New patch by Petr Salinger fixing FTBFS on Debian GNU/kFreeBSD (closes: #448695). -- Romain Francoise Sat, 03 Nov 2007 11:12:53 +0100 tcpdump (3.9.8-1) unstable; urgency=low * New upstream release. -- Romain Francoise Thu, 27 Sep 2007 22:41:53 +0200 tcpdump (3.9.7-2) unstable; urgency=low * debian/control: Move upstream URL to the Homepage header. -- Romain Francoise Fri, 21 Sep 2007 19:48:05 +0200 tcpdump (3.9.7-1) unstable; urgency=low * New upstream release. * debian/patches/41_cve-2007-3798.diff: Deleted. * debian/patches/40_cve-2007-1218.diff: Deleted. * debian/patches/series: Update. -- Romain Francoise Sun, 12 Aug 2007 12:45:31 +0200 tcpdump (3.9.5-4) unstable; urgency=low * debian/rules: Don't ignore errors in clean target. * debian/patches/50_autotools-dev.diff: New patch, make config.{guess,sub} exec newer versions of themselves if autotools-dev is installed. * debian/patches/series: Update. * debian/control: Add build-depends on autotools-dev. -- Romain Francoise Sat, 11 Aug 2007 20:18:34 +0200 tcpdump (3.9.5-3) unstable; urgency=medium * Convert to quilt for patch management: + debian/control: Build-Depend on quilt (>= 0.40) instead of dpatch. + debian/rules: Include /usr/share/quilt/quilt.make. + Convert all dpatch patches to regular patches. * debian/patches/41_cve-2007-3798.diff: New patch, fixes an integer overflow in the BGP dissector (CVE-2007-3798), thanks to Daniel Leidert (closes: #434030). * debian/patches/series: Update. -- Romain Francoise Wed, 01 Aug 2007 19:56:04 +0200 tcpdump (3.9.5-2) unstable; urgency=medium * debian/patches/40_cve-2007-1218.dpatch: New patch, fixes a potential buffer overflow in the 802.11 printer (CVE-2007-1218), thanks to Moritz Muehlenhoff (closes: #413430). * debian/patches/00list: Update. -- Romain Francoise Mon, 5 Mar 2007 20:22:50 +0100 tcpdump (3.9.5-1) unstable; urgency=low * New upstream release. * debian/patches/20_man_fixes.dpatch: Resync. -- Romain Francoise Sat, 23 Sep 2006 21:13:07 +0200 tcpdump (3.9.4-4) unstable; urgency=low * debian/compat: Switch to debhelper compatibility level 5. * debian/control: + Build-Depend on debhelper (>= 5). + Remove Uploaders field. + Bump Standards-Version to 3.7.2, no changes needed. * debian/rules: Misc. cleanups. -- Romain Francoise Sat, 20 May 2006 13:07:45 +0200 tcpdump (3.9.4-3) unstable; urgency=low * debian/patches/20_man_fixes.dpatch: Merge patch from A Costa fixing a few typos (closes: #351014). -- Romain Francoise Thu, 2 Feb 2006 22:24:04 +0100 tcpdump (3.9.4-2) unstable; urgency=low * debian/patches/20_man_fixes.dpatch: Merge patch from A Costa fixing a few typos (closes: #342310). -- Romain Francoise Sat, 10 Dec 2005 14:26:20 +0100 tcpdump (3.9.4-1) unstable; urgency=low * New upstream release. * debian/patches/40_spelling.dpatch: Dropped (included upstream). * debian/patches/30_version.dpatch: Dropped. * debian/patches/30_vlan_eflag: New patch, reverse test for eflag in print-ether.c to match the intended effect (closes: #324706). * This upload also transitions tcpdump to OpenSSL 0.9.8. -- Romain Francoise Sun, 9 Oct 2005 20:11:49 +0200 tcpdump (3.9.3-2) unstable; urgency=low * debian/patches/40_spelling.dpatch: New patch, fixes spelling errors ("advertisment" vs. "advertisement"), thanks to Michael Shields (closes: #318676). * debian/patches/00list: Update. -- Romain Francoise Sun, 17 Jul 2005 12:28:22 +0200 tcpdump (3.9.3-1) unstable; urgency=low * New upstream release. * Build-Depend on libpcap0.8-dev (which is really libpcap 0.9.3). * debian/patches/30_ascii-output.dpatch: Dropped (merged upstream). * debian/patches/30_version: New patch, fixes upstream version (still at 3.9.2 while this is version 3.9.3). * debian/patches/00list: Update. -- Romain Francoise Sat, 16 Jul 2005 14:59:30 +0200 tcpdump (3.9.1-1) unstable; urgency=low * New upstream release. * debian/patches/30_ascii-output.dpatch: New patch, fixes -x, -X and -A priorities and removes extra newline and tab characters in the ascii output (closes: #285764, #316908). * debian/patches/00list: Update. -- Romain Francoise Wed, 6 Jul 2005 20:17:19 +0200 tcpdump (3.9.0.cvs.20050622-1) unstable; urgency=low * New CVS snapshot. * debian/control: Bump Standards-Version to 3.6.2.1, no changes needed. -- Romain Francoise Wed, 22 Jun 2005 19:52:31 +0200 tcpdump (3.9.0.cvs.20050614-1) unstable; urgency=low * New CVS snapshot. * Upload to unstable. -- Romain Francoise Tue, 14 Jun 2005 19:43:24 +0200 tcpdump (3.9.0.cvs.20050529-1) experimental; urgency=low * New upstream CVS snapshot for experimental. -- Romain Francoise Sun, 29 May 2005 12:55:31 +0200 tcpdump (3.9.0.cvs.20050511-1) experimental; urgency=low * Upstream CVS snapshot of tcpdump 3.9 for experimental. * debian/patches/20_man_fixes.dpatch: Resynchronized. * debian/patches/30_openssl_des.dpatch: Dropped (fixed upstream). * debian/patches/40_ipv6cp.dpatch: Ditto. * debian/patches/50_misc_dos.dpatch: Ditto. * debian/patches/00list: Update. * debian/control: Build with libpcap0.9, also in experimental. -- Romain Francoise Wed, 11 May 2005 20:00:31 +0200 tcpdump (3.8.3-5) unstable; urgency=low * debian/copyright: Clarify license conditions, some files in the distribution are still under the 4-clause BSD license (closes: #283008). * debian/changelog: Revise 3.8.3-4 entry to add CAN numbers (which have been assigned in the meantime). -- Romain Francoise Sun, 1 May 2005 17:23:45 +0200 tcpdump (3.8.3-4) unstable; urgency=high * Urgency set to high due to security fixes. * debian/patches/50_misc_dos.dpatch: Security fixes stolen from the 3.8 branch fix infinite loops in the BGP, ISIS, LDP and RSVP dissectors [CAN-2005-1278, CAN-2005-1279, CAN-2005-1280] (closes: #306529). * debian/patches/00list: Add 50_misc_dos. -- Romain Francoise Wed, 27 Apr 2005 21:05:37 +0200 tcpdump (3.8.3-3) unstable; urgency=low * debian/patches/40_ipv6cp.dpatch: New patch, do not try to print IPV6CP ppp packets, the dissector doesn't support it (closes: #255179). * debian/patches/00list: Add 40_ipv6cp. -- Romain Francoise Sat, 19 Jun 2004 15:01:27 +0200 tcpdump (3.8.3-2) unstable; urgency=low * debian/rules: Enable crypto support (closes: #82581, #93428). * debian/control: + Build-Depend on libssl-dev. + Put back URL markers in description. + Switch Maintainer and Uploaders fields to match reality. * debian/patches/30_openssl_des.dpatch: Patch to make upstream's configure script check for DES_cbc_encrypt instead of des_cbc_encrypt, (the function got renamed in OpenSSL 0.9.7), which saves us the hassle of re-running autoconf. Temporary hack since upstream has fixed this in CVS already. * debian/patches/00list: Add 30_openssl_des. -- Romain Francoise Fri, 14 May 2004 22:14:08 +0200 tcpdump (3.8.3-1) unstable; urgency=low * New upstream release. * debian/rules: + Add -D_FILE_OFFSET_BITS=64 to default CFLAGS to match libpcap (closes: #154762). + Use dpatch for patch management. + Clean up CFLAGS handling. + Support DEB_BUILD_OPTIONS. * debian/control: + Build-Depend on libpcap0.8-dev, dpatch. + Add versioned Build-Depends on debhelper. + Remove Emacs-style URL markers from description. * debian/compat: New file. * debian/copyright: Update. * debian/tcpdump.docs: Do not install upstream INSTALL file. * debian/patches: New directory. * debian/patches/10_man_install.dpatch: Patch split off the Debian diff to change man install paths in upstream Makefile.in. * debian/patches/20_man_fixes.dpatch: Patch split off the Debian diff to fix some inconsistencies in the upstream man page. * debian/patches/00list: New file (patch list). -- Romain Francoise Tue, 11 May 2004 14:02:09 +0200 tcpdump (3.7.2-4) unstable; urgency=high * Urgency high due to security fixes. * Backport changes from upstream CVS to fix ISAKMP payload handling denial-of-service vulnerabilities (CAN-2004-0183, CAN-2004-0184). Detailed changes (with corresponding upstream revisions): + Add length checks in isakmp_id_print() (print-isakmp.c, rev. 1.47) + Add data checks all over the place, change rawprint() prototype and add corresponding return value checks (print-isakmp.c, rev. 1.46) + Add missing ntohs() and change length initialization in isakmp_id_print(), not porting prototype changes (print-isakmp.c, rev. 1.45) -- Romain Francoise Tue, 6 Apr 2004 19:39:24 +0200 tcpdump (3.7.2-3) unstable; urgency=low * Backport changes from upstream CVS to fix several vulnerabilities in ISAKMP, L2TP and Radius parsing (closes: #227844, #227845, #227846). -- Romain Francoise Sat, 17 Jan 2004 14:12:30 +0100 tcpdump (3.7.2-2) unstable; urgency=low * Acknowledge NMU by Romain (closes: #208543). * Apply man page fixes by Romain: + networks(4) changed to networks(5) (closes: #194180). + ethers(3N) changed to ethers(5) (closes: #197888). * debian/control: Added Romain Francoise as co maintainer. Thanks for your help, Romain! -- Torsten Landschoff Sun, 19 Oct 2003 04:12:31 +0200 tcpdump (3.7.2-1.1) unstable; urgency=low * NMU * Reverse order of #include directives in print-sctp.c so that IPPROTO_SCTP is defined (closes: #208543). -- Romain Francoise Sun, 12 Oct 2003 17:06:01 +0200 tcpdump (3.7.2-1) unstable; urgency=low * New upstream release (closes: #195816). -- Torsten Landschoff Sun, 8 Jun 2003 00:14:44 +0200 tcpdump (3.7.1-1.2) unstable; urgency=high * Non-maintainer upload * Apply security fixes from 3.7.2 - Fixed infinite loop when parsing malformed isakmp packets. (CAN-2003-0108) - Fixed infinite loop when parsing malformed BGP packets. - Fixed buffer overflow with certain malformed NFS packets. -- Matt Zimmerman Thu, 27 Feb 2003 11:00:32 -0500 tcpdump (3.7.1-1.1) unstable; urgency=low * NMU * Simple rebuild to deal with libpcap0->libpcap0.7 transition. Sourceful NMU so that every arch rebuilds it. -- LaMont Jones Wed, 14 Aug 2002 21:25:45 -0600 tcpdump (3.7.1-1) unstable; urgency=low * New upstream release (closes: #138052). -- Torsten Landschoff Sat, 3 Aug 2002 23:54:04 +0200 tcpdump (3.6.2-2) unstable; urgency=HIGH * print-rx.c: Take the version from current CVS fixing the remote buffer overflow reported in FreeBSD Security Advisory SA-01:48 yesterday. Thanks to Matt Zimmerman for forwarding the report, I might have missed it. * debian/control: Clean the Build-Depends from build-essential packages. -- Torsten Landschoff Thu, 19 Jul 2001 15:03:48 +0200 tcpdump (3.6.2-1) unstable; urgency=low * New upstream release. -- Torsten Landschoff Tue, 6 Mar 2001 04:18:16 +0100 tcpdump (3.6.1-2) unstable; urgency=low * debian/rules: Force support for IPv6 (closes: #82665). * print-icmp6.c: Removed duplicate definition also in icmp6.h to get the package to compile with IPv6. * Rebuild should fix the missing libpcap0-dependency (closes: #82666). Additional info: The missing dependency was because the configure script found my libpcap sources in the parent directory. Black magic always works against you :( -- Torsten Landschoff Thu, 18 Jan 2001 00:44:01 +0100 tcpdump (3.6.1-1) unstable; urgency=high * Taking back the package. Kudos to Anand for his help. * New upstream release. This release fixes a security hole in print-rx.c. * debian/rules: Disable crypto support (closes: #81969). * Removed empty README.Debian (closes: #81966). -- Torsten Landschoff Tue, 16 Jan 2001 16:04:03 +0100 tcpdump (3.5.2-3) unstable; urgency=low * Fixup dependancy stuff. Sheesh. (Closes: #78063, #78081, #78082) -- Anand Kumria Tue, 28 Nov 2000 02:16:01 +1100 tcpdump (3.5.2-2) unstable; urgency=low * Update both config.guess and config.sub (Closes: #36692, #53145) * Opps, make the .diff available. * We require a particular libpcap version to work (Closes: #77877) -- Anand Kumria Mon, 27 Nov 2000 01:13:55 +1100 tcpdump (3.5.2-1) unstable; urgency=low * New Maintainer * New upstream release (Closes: #75889) * Upstream added hex dump (-x) and ascii dump (-X) Closes: #23514, #29418) * Acknowledge and incorporate security fixes (Closes: #63708, #77489) * Appletalk / Ethertalk patches are in (Closes: #67642) -- Anand Kumria Wed, 22 Nov 2000 13:19:33 +1100 tcpdump (3.4a6-4.1) frozen unstable; urgency=high * Non-maintainer upload by security team * Apply patch from tcpdump-workers mailinglist to fix DNS DoS attack against tcpdump. Based on patch from Guy Harris as found on http://www.tcpdump.org/lists/workers/1999/msg00607.html * Fix Build-Depends entry in debian/control -- Wichert Akkerman Sun, 7 May 2000 15:17:33 +0200 tcpdump (3.4a6-4) unstable; urgency=low * New maintainer. * tcpdump.c (main): Reestablish priviliges before closing the device (closes: #19959). * It seems the problem with ppp came from the kernel - I can dump packages on ppp0 just fine... (closes: #25757) * print-tcp.c (tcp_print): Applied patch from David S. Miller submitted by Andrea Arcangeli to fix tcpdump sack TCP option interpretation (closes: #28530). * print-bootp.c (rfc1048_print): Interpret timezone offset as signed (closes: #40376). Fixed byte order problem in printing internet addresses (closes: #40375). Thanks to Roderick Schertler for the patch. * Several files: Applied SMB patch from samba.org (closes: #27653). * print-ip.c (ip_print): Check for ip headers with less than 5 longs. Patch taken from RedHat's source package. * Redid debian/rules using debhelper. * Makefile.in: Install the manpage into man8 instead of man1. * tcpdump.1: Moved to section 8 (admin commands). * print-smb.c (print_smb): Disabled anything but printing the command info by default. Otherwise we would get flooded with smb information. You can get all info using -vvv. Two -v's will give you the SMB headers. * tcpdump.1: Documented the behaviour described above. -- Torsten Landschoff Mon, 22 Nov 1999 01:31:44 +0100 tcpdump (3.4a6-3) frozen unstable; urgency=low * fixed permissions -- Peter Tobias Mon, 30 Mar 1998 02:28:39 +0200 tcpdump (3.4a6-2) frozen unstable; urgency=low * rebuild with latest debmake, fixes #19415 (should also fix the lintian warnings) * updated standards-version -- Peter Tobias Mon, 30 Mar 1998 00:28:39 +0200 tcpdump (3.4a6-1) unstable; urgency=low * updated to latest upstream version, fixes: Bug#17163 * install changelog.Debian compressed, fixes: Bug#15417 -- Peter Tobias Sun, 1 Feb 1998 00:08:31 +0100 tcpdump (3.4a4-1) unstable; urgency=low * updated to latest upstream version * libc6 version -- Peter Tobias Wed, 17 Sep 1997 23:22:54 +0200 tcpdump (3.3.1a2-1) frozen stable unstable; urgency=medium * updated to latest upstream version (works with new libpcap now) -- Peter Tobias Sat, 24 May 1997 00:49:17 +0200 tcpdump (3.3-2) unstable; urgency=low * fixed SLIP support -- Peter Tobias Sun, 16 Feb 1997 21:06:51 +0100 tcpdump (3.3-1) unstable; urgency=low * updated to latest upstream version -- Peter Tobias Thu, 16 Jan 1997 01:34:00 +0100