diff options
Diffstat (limited to '')
-rw-r--r-- | debian/changelog | 1048 |
1 files changed, 1048 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..a1bfe78 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1048 @@ +tcpdump (4.99.4-3) unstable; urgency=medium + + * Allow *.pcapng in AppArmor policy, thanks to Chris Kuethe for the + patch (closes: #1039993). + * Pick up patch from upstream PR#812 to avoid the call to droproot() + altogether if called with `-Z root', thanks to Tj (closes: #1035842). + * Override 'spelling-error-in-binary' and move 'set -e' inside maintscripts. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 22 Jul 2023 17:23:56 +0200 + +tcpdump (4.99.4-2) unstable; urgency=medium + + * Upload to unstable. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 17 Jun 2023 17:29:12 +0200 + +tcpdump (4.99.4-1) experimental; urgency=medium + + * New upstream release. + * Mark Debian-specific patches as "Forwarded: not-needed" in metadata. + + -- Romain Francoise <rfrancoise@debian.org> Mon, 10 Apr 2023 16:57:18 +0200 + +tcpdump (4.99.3-1) unstable; urgency=medium + + * New upstream release. + * Drop Hurd build patch, which doesn't seem to be right anymore. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 14 Jan 2023 18:23:25 +0100 + +tcpdump (4.99.2-1) unstable; urgency=medium + + * New upstream release. + * Re-enable all tests. + * Bump Standards-Version to 4.6.2. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 01 Jan 2023 18:19:40 +0100 + +tcpdump (4.99.1-4) unstable; urgency=medium + + * debian/usr.bin.tcpdump: account for numerical suffix in filenames + added by -W (closes: #1010688). + + -- Romain Francoise <rfrancoise@debian.org> Sun, 08 May 2022 18:25:45 +0200 + +tcpdump (4.99.1-3) unstable; urgency=medium + + * Clean up AppArmor local profile for /usr/sbin/tcpdump, if it's still + empty (closes: #990554). + * Switch to debhelper compat level 13. + * Set `Rules-Requires-Root' to "no". + * Bump Standards-Version to 4.6.0. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 12 Sep 2021 18:55:44 +0200 + +tcpdump (4.99.1-2) unstable; urgency=medium + + * Upload to unstable. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 15 Aug 2021 17:29:54 +0200 + +tcpdump (4.99.1-1) experimental; urgency=medium + + * New upstream release. + * debian/usr.bin.tcpdump: grant access to *.cap (closes: #989433). + + -- Romain Francoise <rfrancoise@debian.org> Sun, 20 Jun 2021 20:48:30 +0200 + +tcpdump (4.99.0-2) unstable; urgency=medium + + * Add autopkgtest support, running the upstream test suite. + + -- Romain Francoise <rfrancoise@debian.org> Fri, 15 Jan 2021 23:41:47 +0100 + +tcpdump (4.99.0-1) unstable; urgency=medium + + * New upstream release. + * Mention in debian/NEWS that tcpdump is now installed to /usr/bin + instead of /usr/sbin. + * Rename AppArmor profile to match new binary location and add + maintscript stanza to move the previous conffile if present. + * Temporarily disable tests that require the just-released libpcap 1.10, + we don't want to tie the migration of the two just before the bullseye + freeze. + * Drop unused lintian override. + * Bump Standards-Version to 4.5.1. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 03 Jan 2021 21:28:16 +0100 + +tcpdump (4.9.3-7) unstable; urgency=high + + * Cherry-pick commit 32027e1993 from the upstream tcpdump-4.9 branch to fix + untrusted input issue in the PPP printer (CVE-2020-8037, closes: #973877). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 07 Nov 2020 13:19:14 +0100 + +tcpdump (4.9.3-6) unstable; urgency=medium + + [ Simon Deziel ] + * debian/usr.sbin.tcpdump: use profile name specifier instead of + '/usr/sbin/tcpdump'. + + -- Romain Francoise <rfrancoise@debian.org> Thu, 28 May 2020 19:23:57 +0200 + +tcpdump (4.9.3-5) unstable; urgency=medium + + * Minor packaging fixes courtesy of the Janitor bot and lintian-brush: + + Set upstream metadata fields: Bug-Submit, Repository, Repository- + Browse. + * Bump Standards-Version to 4.5.0. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 09 May 2020 20:42:57 +0200 + +tcpdump (4.9.3-4) unstable; urgency=medium + + * Set upstream metadata fields: Bug-Database. + + -- Romain Francoise <rfrancoise@debian.org> Tue, 31 Dec 2019 19:24:04 +0100 + +tcpdump (4.9.3-3) unstable; urgency=medium + + * Minor packaging fixes courtesy of the Janitor bot and lintian-brush: + + Use secure URI in debian/watch. + + Use secure URI in Homepage field. + + Bump debhelper from old 11 to 12. + + Set debhelper-compat version in Build-Depends. + + Re-export upstream signing key without extra signatures. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 08 Dec 2019 13:56:42 +0100 + +tcpdump (4.9.3-2) unstable; urgency=medium + + * Disable failing IKEv2 test yet again to fix build on ppc64el (again) + (closes: #942171). + + -- Romain Francoise <rfrancoise@debian.org> Fri, 11 Oct 2019 20:48:04 +0200 + +tcpdump (4.9.3-1) unstable; urgency=medium + + * New upstream release, with fixes for 24 different CVEs (closes: #941698). + * Build-depend on libpcap >= 1.9.1 to make all build-time tests pass. + * Re-enable IKEv2 test. + * Bump Standards-Version to 4.4.1. + + -- Romain Francoise <rfrancoise@debian.org> Thu, 10 Oct 2019 21:31:38 +0200 + +tcpdump (4.9.3~git20190901-2) unstable; urgency=medium + + * Disable failing IKEv2 test again to fix build on ppc64el. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 07 Sep 2019 12:14:43 +0200 + +tcpdump (4.9.3~git20190901-1) unstable; urgency=low + + * New upstream snapshot from the tcpdump-4.9 branch: + + Includes fix for CVE-2017-16808 (closes: #881862). + + Fixes ESP decryption on ppc64el (and others), re-enable tests. + * Drop root privileges by default (closes: #935112): + + debian/rules: Configure --with-user=tcpdump. + + debian/tcpdump.post{inst,rm}: Create/delete a 'tcpdump' system group + and user. + + debian/control: Add dependency on adduser. + + debian/patches/drop-privs-after-opening-savefile.diff: New patch + (from Fedora) to drop root privileges *after* opening the savefile + when possible, to alleviate possible inconvenience if the target + directory is not writable by user tcpdump. + + debian/patches/drop-privs-silently.diff: New patch (from Fedora) to + drop root privileges silently. + + debian/usr.sbin.tcpdump: Add chown capability, and update rules + about device discovery. + + debian/NEWS: Mention how to run tcpdump as root. + * Bump Standards-Version to 4.4.0. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 01 Sep 2019 13:05:24 +0200 + +tcpdump (4.9.2-3) unstable; urgency=medium + + [ Jamie Strandboge ] + * debian/usr.sbin.tcpdump: drop 'capability sys_module' since we already + have 'net_admin' and network module loading (which happens with -D) is + allowed with 'net_admin' (LP: #1759029) (closes: #894161) + + [ Romain Francoise ] + * Switch to debhelper compatibility level 11. + * Bump Standards-Version to 4.1.3. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 31 Mar 2018 22:22:36 +0200 + +tcpdump (4.9.2-2) unstable; urgency=medium + + * Use new URLs on salsa.debian.org for Vcs-* fields. + * Bump Standards-Version to 4.1.2. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 31 Dec 2017 15:53:41 +0100 + +tcpdump (4.9.2-1) unstable; urgency=high + + * New upstream release: + + Fixes 86 new CVEs, see the upstream changelog for the full list. + + Now supports OpenSSL 1.1, so move back to libssl-dev (closes: #859740). + * Urgency high due to security fixes. + + -- Romain Francoise <rfrancoise@debian.org> Fri, 08 Sep 2017 21:30:47 +0200 + +tcpdump (4.9.1-3) unstable; urgency=high + + * Cherry-pick three upstream commits to fix the following: + + CVE-2017-11541: buffer over-read in safeputs() (closes: #873804) + + CVE-2017-11542: buffer over-read in pimv1_print() (closes: #873805) + + CVE-2017-11543: buffer overflow in sliplink_print() (closes: #873806) + * Urgency high due to security fixes. + + -- Romain Francoise <rfrancoise@debian.org> Mon, 04 Sep 2017 19:45:45 +0200 + +tcpdump (4.9.1-2) unstable; urgency=medium + + * Disable IKEv2 test which mysteriously fails on ppc64el (closes: #873377). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 02 Sep 2017 11:01:30 +0200 + +tcpdump (4.9.1-1) unstable; urgency=medium + + * New upstream release, fixes CVE-2017-11108 (closes: #867718). + * Bump Standards-Version to 4.1.0. + * debian/watch: add pgpsigurlmangle option. + * Add upstream signing key in debian/upstream. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 26 Aug 2017 18:48:32 +0200 + +tcpdump (4.9.0-3) unstable; urgency=medium + + [ intrigeri ] + * Include AppArmor profile from Ubuntu (closes: #866682). + + [ Romain Francoise ] + * Bump Standards-Version to 4.0.0. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 02 Jul 2017 12:13:53 +0200 + +tcpdump (4.9.0-2) unstable; urgency=medium + + * Re-enable crypto support, targeting OpenSSL 1.0 as upstream still + doesn't support OpenSSL 1.1. + * Drop --enable-ipv6 from configure line, it has been the default for + years now. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 11 Feb 2017 16:40:05 +0100 + +tcpdump (4.9.0-1) unstable; urgency=high + + * New upstream security release, fixing the following: + + CVE-2016-7922: buffer overflow in print-ah.c:ah_print(). + + CVE-2016-7923: buffer overflow in print-arp.c:arp_print(). + + CVE-2016-7924: buffer overflow in print-atm.c:oam_print(). + + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print(). + + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print(). + + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print(). + + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print(). + + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header(). + + CVE-2016-7930: buffer overflow in print-llc.c:llc_print(). + + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print(). + + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum(). + + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print(). + + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print(). + + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print(). + + CVE-2016-7936: buffer overflow in print-udp.c:udp_print(). + + CVE-2016-7937: buffer overflow in print-udp.c:vat_print(). + + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame(). + + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions. + + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions. + + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions. + + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions. + + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print(). + + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print(). + + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print(). + + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print(). + + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions. + + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print(). + + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a + buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, + lightweight resolver protocol, PIM). + + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print(). + + CVE-2016-8575: buffer overflow in print-fr.c:q933_print(). + + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print(). + + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print(). + + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print(). + + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print(). + + CVE-2017-5341: buffer overflow in print-otv.c:otv_print(). + + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH, + OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in + print-ether.c:ether_print(). + + CVE-2017-5482: buffer overflow in print-fr.c:q933_print(). + + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse(). + + CVE-2017-5484: buffer overflow in print-atm.c:sig_print(). + + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap(). + + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print(). + * Re-enable all tests and bump build-dep on libpcap0.8-dev to >= 1.8 + accordingly. + * Switch Vcs-Git URL to the https one. + * Adjust lintian override name about dh 9. + + -- Romain Francoise <rfrancoise@debian.org> Thu, 26 Jan 2017 20:04:11 +0100 + +tcpdump (4.8.1-2) unstable; urgency=medium + + * Disable new HNCP test, which fails on some buildds for some + as-of-yet unexplained reason. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 29 Oct 2016 19:40:01 +0200 + +tcpdump (4.8.1-1) unstable; urgency=medium + + * New upstream release. + * Re-enable Geneve tests (disabled in 4.7.4-1) and bump build-dep on + libpcap0.8-dev to >= 1.7 accordingly. + * Disable new pcap version tests which require libpcap 1.8+. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 29 Oct 2016 17:16:06 +0200 + +tcpdump (4.7.4-3) unstable; urgency=medium + + * Use dh-autoreconf instead of calling autoconf directly and patching + config.{guess,sub}. + * Call dh_auto_configure instead of configure in override target, patch + by Helmut Grohne (closes: #837951). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 17 Sep 2016 11:18:45 +0200 + +tcpdump (4.7.4-2) unstable; urgency=medium + + * Disable crypto support as it causes FTBFS with OpenSSL 1.1.x and we + don't have a working fix upstream yet (closes: #828569). + * Bump Standards-Version to 3.9.8. + * Use cgit URL for Vcs-Browser. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 28 Aug 2016 18:16:50 +0200 + +tcpdump (4.7.4-1) unstable; urgency=medium + + * New upstream release. + * Disable two geneve tests that require libpcap 1.7+. + * Bump Standards-Version to 3.9.6. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 23 May 2015 18:25:01 +0200 + +tcpdump (4.6.2-5) unstable; urgency=high + + * Cherry-pick commit fb6e5377f3 from upstream Git to fix regressions in the + RPKI/RTR printer after the CVE-2015-2153 changes. Thanks to Artur Rona + from Ubuntu for the heads-up (closes: #781362). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 04 Apr 2015 19:10:27 +0200 + +tcpdump (4.6.2-4) unstable; urgency=high + + * Cherry-pick changes from upstream Git to fix the following security + issues: + + CVE-2015-0261: missing bounds checks in IPv6 Mobility printer. + + CVE-2015-2153: missing bounds checks in RPKI/RTR printer. + + CVE-2015-2154: missing bounds checks in ISOCLNS printer. + + CVE-2015-2155: missing bounds checks in ForCES printer. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 14 Mar 2015 18:43:44 +0100 + +tcpdump (4.6.2-3) unstable; urgency=high + + * Cherry-pick commit 0f95d441e4 from upstream Git to fix a buffer overflow + in the PPP dissector (CVE-2014-9140). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 29 Nov 2014 12:23:53 +0100 + +tcpdump (4.6.2-2) unstable; urgency=high + + * Urgency high due to security fixes. + * Add three patches extracted from various upstream commits fixing + vulnerabilities in three dissectors: + + CVE-2014-8767: missing bounds checks in OLSR dissector (closes: #770434). + + CVE-2014-8768: missing bounds checks in Geonet dissector + (closes: #770415). + + CVE-2014-8769: missing bounds checks in AOVD dissector (closes: #770424). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 22 Nov 2014 11:48:08 +0100 + +tcpdump (4.6.2-1) unstable; urgency=medium + + * New upstream release. + + -- Romain Francoise <rfrancoise@debian.org> Thu, 04 Sep 2014 18:53:34 +0200 + +tcpdump (4.6.1-3) unstable; urgency=medium + + * Bump build-dep on libpcap0.8-dev to >= 1.5 as the pppoes_id test case + requires a pcap version that supports PPPoE session ID filtering. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 16 Aug 2014 17:38:28 +0200 + +tcpdump (4.6.1-2) unstable; urgency=medium + + * Expand configure check for net/pfvar.h to also check for existence of + net/if_pflog.h to fix build on GNU/kFreeBSD, which ships the former + but not the latter, see #756553 (closes: #756790). + + -- Romain Francoise <rfrancoise@debian.org> Mon, 04 Aug 2014 22:37:24 +0200 + +tcpdump (4.6.1-1) unstable; urgency=medium + + * New upstream release. + * debian/control: Mark tcpdump 'Multi-Arch: foreign' (closes: #700727). + + -- Romain Francoise <rfrancoise@debian.org> Wed, 30 Jul 2014 19:16:49 +0200 + +tcpdump (4.5.1-2) unstable; urgency=low + + * Disable nflog-e testcase, the NFLOG header length is specified in host + byte order which makes capture files order-dependent (closes: #731031). + + -- Romain Francoise <rfrancoise@debian.org> Sun, 01 Dec 2013 12:13:16 +0100 + +tcpdump (4.5.1-1) unstable; urgency=low + + * New upstream release. + * Disable new pppoes testcase which uses a new pcap feature to avoid tying + the two upstream versions together. + * debian/control: Set Standards-Version to 3.9.5. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 30 Nov 2013 23:54:03 +0100 + +tcpdump (4.4.0-1) unstable; urgency=low + + * New upstream release: + + Fixes format error in NTP printer (closes: #686276). + + Rewords -e description (closes: #648768). + * debian/control: Set Standards-Version to 3.9.4. + * Use canonical locations in Vcs-* fields. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 25 May 2013 13:50:30 +0200 + +tcpdump (4.3.0-1) unstable; urgency=low + + * New upstream release. + * Re-enable test suite. + + -- Romain Francoise <rfrancoise@debian.org> Wed, 13 Jun 2012 22:55:54 +0200 + +tcpdump (4.2.1-3) unstable; urgency=low + + * Fix CPPFLAGS handling in upstream configure.in to avoid losing + hardening flags, patch by Simon Ruderich <simon@ruderich.org> + (closes: #662016). + * Fix some misspellings pointed out by lintian. + * debian/control: Set Standards-Version to 3.9.3. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 03 Mar 2012 17:11:48 +0100 + +tcpdump (4.2.1-2) unstable; urgency=low + + * Drop debian/patches/50_kfreebsd.diff (closes: #658848). + + -- Romain Francoise <rfrancoise@debian.org> Mon, 06 Feb 2012 19:01:12 +0100 + +tcpdump (4.2.1-1) unstable; urgency=low + + * New upstream release. + * Upload to unstable. + + -- Romain Francoise <rfrancoise@debian.org> Mon, 02 Jan 2012 20:19:22 +0100 + +tcpdump (4.2.0~rc1-2) experimental; urgency=low + + * Make sure OpenSSL support gets enabled: since it moved to multiarch + paths, the configure script doesn't find libcrypto.so and disables + crypto support. To fix this, simplify detection logic in configure.in + and run autoconf before configuring. + * Redo build flags handling: + + Enable hardening flags via dpkg-buildflags, not hardening-includes. + + Switch to debhelper compat level 9 to have build flags exported + automatically. + + Adjust build-depends accordingly. + * Enable parallel build in debhelper. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 06 Nov 2011 19:14:23 +0100 + +tcpdump (4.2.0~rc1-1) experimental; urgency=low + + * New upstream beta release (closes: #636806); now switches to the -Z + user before opening the first output file (closes: #434603). + * debian/control: Set Standards-Version to 3.9.2. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 14 Aug 2011 10:44:58 +0200 + +tcpdump (4.1.1-2) unstable; urgency=low + + * Fix FTBFS on GNU/Hurd; patch from Svante Signell (closes: #622287). + * debian/control: Tweak short and long descriptions, set + Standards-Version to 3.9.1. + + -- Romain Francoise <rfrancoise@debian.org> Mon, 11 Apr 2011 22:37:29 +0200 + +tcpdump (4.1.1-1) unstable; urgency=low + + * New upstream release (closes: #576001). + * debian/rules: Disable dh_auto_test (for now). + * debian/control: Set Standards-Version to 3.8.4. + * debian/patches/30_uflag_flushopen.diff: New patch: when saving to a + capture file with -U, flush the file immediately after opening it. + Suggested by Ferenc Wagner <wferi@niif.hu> (closes: #533625). + * debian/patches/20_man_fixes.diff: Fix TCP flags description, thanks to + Christophe Rhodes <csr21@cantab.net> (closes: #575724). + + -- Romain Francoise <rfrancoise@debian.org> Tue, 06 Apr 2010 19:58:14 +0200 + +tcpdump (4.0.0-6) unstable; urgency=low + + * debian/control: Build-depend on hardening-includes. + * debian/rules: Use hardening.make. + + -- Romain Francoise <rfrancoise@debian.org> Thu, 24 Dec 2009 11:51:12 +0100 + +tcpdump (4.0.0-5) unstable; urgency=low + + * Switch to 3.0 (quilt) source format: + + Drop build-depends on quilt. + + Remove patch/unpatch logic from debian/rules. + + Remove README.source. + + Refresh debian/patches/30_tcp_seq.diff. + * Use dh(1): + + debian/compat: Bump to 7. + + debian/control: Build-depend on debhelper (>= 7.0.50~). + + debian/rules: Simplify. + + debian/tcpdump.dirs: Removed. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 08 Nov 2009 17:25:38 +0100 + +tcpdump (4.0.0-4) unstable; urgency=low + + * debian/control: + + Add ${misc:Depends} to Depends. + + Set Standards-Version to 3.8.3; no changes needed. + * debian/{watch,README.source}: New files. + * debian/copyright: Remove link to original file. + + -- Romain Francoise <rfrancoise@debian.org> Thu, 08 Oct 2009 19:00:23 +0200 + +tcpdump (4.0.0-3) unstable; urgency=low + + * debian/patches/20_man_fixes.diff: Update; pcap-filter is in section 7, + not 4 (closes: #527599). + * debian/control: Set Standards-Version to 3.8.1. + + -- Romain Francoise <rfrancoise@debian.org> Tue, 16 Jun 2009 11:51:14 +0200 + +tcpdump (4.0.0-2) unstable; urgency=low + + * debian/patches/30_tcp_seq.diff: Patch from Ilpo Järvinen adding back + default display of sequence numbers in TCP printer (closes: #517661). + * debian/patches/series: Update. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 01 Mar 2009 14:51:25 +0100 + +tcpdump (4.0.0-1) unstable; urgency=low + + * Upload to unstable. + + -- Romain Francoise <rfrancoise@debian.org> Wed, 18 Feb 2009 18:55:35 +0100 + +tcpdump (4.0.0-1~exp1) experimental; urgency=low + + * New upstream release. + * debian/control: Set Standards-Version to 3.8.0. + * debian/rules: Don't set DH_VERBOSE. + * debian/patches/15_install.diff: New patch, don't install two identical + tcpdump binaries. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 30 Nov 2008 22:55:39 +0100 + +tcpdump (3.9.8-4) unstable; urgency=low + + * debian/control: Build-Depend on libpcap0.8-dev (>= 0.9.3), + not (>= 0.9.3-1). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 08 Mar 2008 19:24:02 +0100 + +tcpdump (3.9.8-3) unstable; urgency=low + + * debian/copyright: Convert to UTF-8 encoding. + * debian/control: Set Standards-Version to 3.7.3, no changes needed. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 23 Dec 2007 14:32:17 +0100 + +tcpdump (3.9.8-2) unstable; urgency=low + + * debian/control: Add Vcs-Browser and Vcs-Git fields. + * debian/patches/50_kfreebsd.diff: New patch by Petr Salinger fixing + FTBFS on Debian GNU/kFreeBSD (closes: #448695). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 03 Nov 2007 11:12:53 +0100 + +tcpdump (3.9.8-1) unstable; urgency=low + + * New upstream release. + + -- Romain Francoise <rfrancoise@debian.org> Thu, 27 Sep 2007 22:41:53 +0200 + +tcpdump (3.9.7-2) unstable; urgency=low + + * debian/control: Move upstream URL to the Homepage header. + + -- Romain Francoise <rfrancoise@debian.org> Fri, 21 Sep 2007 19:48:05 +0200 + +tcpdump (3.9.7-1) unstable; urgency=low + + * New upstream release. + * debian/patches/41_cve-2007-3798.diff: Deleted. + * debian/patches/40_cve-2007-1218.diff: Deleted. + * debian/patches/series: Update. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 12 Aug 2007 12:45:31 +0200 + +tcpdump (3.9.5-4) unstable; urgency=low + + * debian/rules: Don't ignore errors in clean target. + * debian/patches/50_autotools-dev.diff: New patch, make config.{guess,sub} + exec newer versions of themselves if autotools-dev is installed. + * debian/patches/series: Update. + * debian/control: Add build-depends on autotools-dev. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 11 Aug 2007 20:18:34 +0200 + +tcpdump (3.9.5-3) unstable; urgency=medium + + * Convert to quilt for patch management: + + debian/control: Build-Depend on quilt (>= 0.40) instead of dpatch. + + debian/rules: Include /usr/share/quilt/quilt.make. + + Convert all dpatch patches to regular patches. + + * debian/patches/41_cve-2007-3798.diff: New patch, fixes an integer + overflow in the BGP dissector (CVE-2007-3798), thanks to Daniel Leidert + (closes: #434030). + * debian/patches/series: Update. + + -- Romain Francoise <rfrancoise@debian.org> Wed, 01 Aug 2007 19:56:04 +0200 + +tcpdump (3.9.5-2) unstable; urgency=medium + + * debian/patches/40_cve-2007-1218.dpatch: New patch, fixes a potential + buffer overflow in the 802.11 printer (CVE-2007-1218), thanks to + Moritz Muehlenhoff <jmm@debian.org> (closes: #413430). + * debian/patches/00list: Update. + + -- Romain Francoise <rfrancoise@debian.org> Mon, 5 Mar 2007 20:22:50 +0100 + +tcpdump (3.9.5-1) unstable; urgency=low + + * New upstream release. + * debian/patches/20_man_fixes.dpatch: Resync. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 23 Sep 2006 21:13:07 +0200 + +tcpdump (3.9.4-4) unstable; urgency=low + + * debian/compat: Switch to debhelper compatibility level 5. + * debian/control: + + Build-Depend on debhelper (>= 5). + + Remove Uploaders field. + + Bump Standards-Version to 3.7.2, no changes needed. + * debian/rules: Misc. cleanups. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 20 May 2006 13:07:45 +0200 + +tcpdump (3.9.4-3) unstable; urgency=low + + * debian/patches/20_man_fixes.dpatch: Merge patch from A Costa + <agcosta@gis.net> fixing a few typos (closes: #351014). + + -- Romain Francoise <rfrancoise@debian.org> Thu, 2 Feb 2006 22:24:04 +0100 + +tcpdump (3.9.4-2) unstable; urgency=low + + * debian/patches/20_man_fixes.dpatch: Merge patch from A Costa + <agcosta@gis.net> fixing a few typos (closes: #342310). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 10 Dec 2005 14:26:20 +0100 + +tcpdump (3.9.4-1) unstable; urgency=low + + * New upstream release. + + * debian/patches/40_spelling.dpatch: Dropped (included upstream). + * debian/patches/30_version.dpatch: Dropped. + * debian/patches/30_vlan_eflag: New patch, reverse test for eflag in + print-ether.c to match the intended effect (closes: #324706). + + * This upload also transitions tcpdump to OpenSSL 0.9.8. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 9 Oct 2005 20:11:49 +0200 + +tcpdump (3.9.3-2) unstable; urgency=low + + * debian/patches/40_spelling.dpatch: New patch, fixes spelling errors + ("advertisment" vs. "advertisement"), thanks to Michael Shields + <shields@msrl.com> (closes: #318676). + * debian/patches/00list: Update. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 17 Jul 2005 12:28:22 +0200 + +tcpdump (3.9.3-1) unstable; urgency=low + + * New upstream release. + * Build-Depend on libpcap0.8-dev (which is really libpcap 0.9.3). + + * debian/patches/30_ascii-output.dpatch: Dropped (merged upstream). + * debian/patches/30_version: New patch, fixes upstream version (still at + 3.9.2 while this is version 3.9.3). + * debian/patches/00list: Update. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 16 Jul 2005 14:59:30 +0200 + +tcpdump (3.9.1-1) unstable; urgency=low + + * New upstream release. + * debian/patches/30_ascii-output.dpatch: New patch, fixes -x, -X and -A + priorities and removes extra newline and tab characters in the ascii + output (closes: #285764, #316908). + * debian/patches/00list: Update. + + -- Romain Francoise <rfrancoise@debian.org> Wed, 6 Jul 2005 20:17:19 +0200 + +tcpdump (3.9.0.cvs.20050622-1) unstable; urgency=low + + * New CVS snapshot. + * debian/control: Bump Standards-Version to 3.6.2.1, no changes needed. + + -- Romain Francoise <rfrancoise@debian.org> Wed, 22 Jun 2005 19:52:31 +0200 + +tcpdump (3.9.0.cvs.20050614-1) unstable; urgency=low + + * New CVS snapshot. + * Upload to unstable. + + -- Romain Francoise <rfrancoise@debian.org> Tue, 14 Jun 2005 19:43:24 +0200 + +tcpdump (3.9.0.cvs.20050529-1) experimental; urgency=low + + * New upstream CVS snapshot for experimental. + + -- Romain Francoise <rfrancoise@debian.org> Sun, 29 May 2005 12:55:31 +0200 + +tcpdump (3.9.0.cvs.20050511-1) experimental; urgency=low + + * Upstream CVS snapshot of tcpdump 3.9 for experimental. + * debian/patches/20_man_fixes.dpatch: Resynchronized. + * debian/patches/30_openssl_des.dpatch: Dropped (fixed upstream). + * debian/patches/40_ipv6cp.dpatch: Ditto. + * debian/patches/50_misc_dos.dpatch: Ditto. + * debian/patches/00list: Update. + * debian/control: Build with libpcap0.9, also in experimental. + + -- Romain Francoise <rfrancoise@debian.org> Wed, 11 May 2005 20:00:31 +0200 + +tcpdump (3.8.3-5) unstable; urgency=low + + * debian/copyright: Clarify license conditions, some files in the + distribution are still under the 4-clause BSD license (closes: #283008). + * debian/changelog: Revise 3.8.3-4 entry to add CAN numbers (which have + been assigned in the meantime). + + -- Romain Francoise <rfrancoise@debian.org> Sun, 1 May 2005 17:23:45 +0200 + +tcpdump (3.8.3-4) unstable; urgency=high + + * Urgency set to high due to security fixes. + * debian/patches/50_misc_dos.dpatch: Security fixes stolen from the 3.8 + branch fix infinite loops in the BGP, ISIS, LDP and RSVP dissectors + [CAN-2005-1278, CAN-2005-1279, CAN-2005-1280] (closes: #306529). + * debian/patches/00list: Add 50_misc_dos. + + -- Romain Francoise <rfrancoise@debian.org> Wed, 27 Apr 2005 21:05:37 +0200 + +tcpdump (3.8.3-3) unstable; urgency=low + + * debian/patches/40_ipv6cp.dpatch: New patch, do not try to print IPV6CP + ppp packets, the dissector doesn't support it (closes: #255179). + * debian/patches/00list: Add 40_ipv6cp. + + -- Romain Francoise <rfrancoise@debian.org> Sat, 19 Jun 2004 15:01:27 +0200 + +tcpdump (3.8.3-2) unstable; urgency=low + + * debian/rules: Enable crypto support (closes: #82581, #93428). + * debian/control: + + Build-Depend on libssl-dev. + + Put back URL markers in description. + + Switch Maintainer and Uploaders fields to match reality. + * debian/patches/30_openssl_des.dpatch: Patch to make upstream's + configure script check for DES_cbc_encrypt instead of des_cbc_encrypt, + (the function got renamed in OpenSSL 0.9.7), which saves us the hassle + of re-running autoconf. Temporary hack since upstream has fixed this + in CVS already. + * debian/patches/00list: Add 30_openssl_des. + + -- Romain Francoise <rfrancoise@debian.org> Fri, 14 May 2004 22:14:08 +0200 + +tcpdump (3.8.3-1) unstable; urgency=low + + * New upstream release. + * debian/rules: + + Add -D_FILE_OFFSET_BITS=64 to default CFLAGS to match libpcap + (closes: #154762). + + Use dpatch for patch management. + + Clean up CFLAGS handling. + + Support DEB_BUILD_OPTIONS. + * debian/control: + + Build-Depend on libpcap0.8-dev, dpatch. + + Add versioned Build-Depends on debhelper. + + Remove Emacs-style URL markers from description. + * debian/compat: New file. + * debian/copyright: Update. + * debian/tcpdump.docs: Do not install upstream INSTALL file. + * debian/patches: New directory. + * debian/patches/10_man_install.dpatch: Patch split off the Debian diff + to change man install paths in upstream Makefile.in. + * debian/patches/20_man_fixes.dpatch: Patch split off the Debian diff to + fix some inconsistencies in the upstream man page. + * debian/patches/00list: New file (patch list). + + -- Romain Francoise <rfrancoise@debian.org> Tue, 11 May 2004 14:02:09 +0200 + +tcpdump (3.7.2-4) unstable; urgency=high + + * Urgency high due to security fixes. + * Backport changes from upstream CVS to fix ISAKMP payload handling + denial-of-service vulnerabilities (CAN-2004-0183, CAN-2004-0184). + Detailed changes (with corresponding upstream revisions): + + Add length checks in isakmp_id_print() (print-isakmp.c, rev. 1.47) + + Add data checks all over the place, change rawprint() prototype and + add corresponding return value checks (print-isakmp.c, rev. 1.46) + + Add missing ntohs() and change length initialization in + isakmp_id_print(), not porting prototype changes (print-isakmp.c, + rev. 1.45) + + -- Romain Francoise <rfrancoise@debian.org> Tue, 6 Apr 2004 19:39:24 +0200 + +tcpdump (3.7.2-3) unstable; urgency=low + + * Backport changes from upstream CVS to fix several vulnerabilities in + ISAKMP, L2TP and Radius parsing (closes: #227844, #227845, #227846). + + -- Romain Francoise <rfrancoise@debian.org> Sat, 17 Jan 2004 14:12:30 +0100 + +tcpdump (3.7.2-2) unstable; urgency=low + + * Acknowledge NMU by Romain (closes: #208543). + * Apply man page fixes by Romain: + + networks(4) changed to networks(5) (closes: #194180). + + ethers(3N) changed to ethers(5) (closes: #197888). + * debian/control: Added Romain Francoise as co maintainer. Thanks for + your help, Romain! + + -- Torsten Landschoff <torsten@debian.org> Sun, 19 Oct 2003 04:12:31 +0200 + +tcpdump (3.7.2-1.1) unstable; urgency=low + + * NMU + * Reverse order of #include directives in print-sctp.c so that + IPPROTO_SCTP is defined (closes: #208543). + + -- Romain Francoise <rfrancoise@debian.org> Sun, 12 Oct 2003 17:06:01 +0200 + +tcpdump (3.7.2-1) unstable; urgency=low + + * New upstream release (closes: #195816). + + -- Torsten Landschoff <torsten@debian.org> Sun, 8 Jun 2003 00:14:44 +0200 + +tcpdump (3.7.1-1.2) unstable; urgency=high + + * Non-maintainer upload + * Apply security fixes from 3.7.2 + - Fixed infinite loop when parsing malformed isakmp packets. + (CAN-2003-0108) + - Fixed infinite loop when parsing malformed BGP packets. + - Fixed buffer overflow with certain malformed NFS packets. + + -- Matt Zimmerman <mdz@debian.org> Thu, 27 Feb 2003 11:00:32 -0500 + +tcpdump (3.7.1-1.1) unstable; urgency=low + + * NMU + * Simple rebuild to deal with libpcap0->libpcap0.7 transition. + Sourceful NMU so that every arch rebuilds it. + + -- LaMont Jones <lamont@debian.org> Wed, 14 Aug 2002 21:25:45 -0600 + +tcpdump (3.7.1-1) unstable; urgency=low + + * New upstream release (closes: #138052). + + -- Torsten Landschoff <torsten@debian.org> Sat, 3 Aug 2002 23:54:04 +0200 + +tcpdump (3.6.2-2) unstable; urgency=HIGH + + * print-rx.c: Take the version from current CVS fixing the remote + buffer overflow reported in FreeBSD Security Advisory SA-01:48 + yesterday. Thanks to Matt Zimmerman for forwarding the report, + I might have missed it. + * debian/control: Clean the Build-Depends from build-essential + packages. + + -- Torsten Landschoff <torsten@debian.org> Thu, 19 Jul 2001 15:03:48 +0200 + +tcpdump (3.6.2-1) unstable; urgency=low + + * New upstream release. + + -- Torsten Landschoff <torsten@debian.org> Tue, 6 Mar 2001 04:18:16 +0100 + +tcpdump (3.6.1-2) unstable; urgency=low + + * debian/rules: Force support for IPv6 (closes: #82665). + * print-icmp6.c: Removed duplicate definition also in icmp6.h to + get the package to compile with IPv6. + * Rebuild should fix the missing libpcap0-dependency (closes: #82666). + Additional info: The missing dependency was because the configure + script found my libpcap sources in the parent directory. Black magic + always works against you :( + + -- Torsten Landschoff <torsten@debian.org> Thu, 18 Jan 2001 00:44:01 +0100 + +tcpdump (3.6.1-1) unstable; urgency=high + + * Taking back the package. Kudos to Anand for his help. + * New upstream release. This release fixes a security hole in print-rx.c. + * debian/rules: Disable crypto support (closes: #81969). + * Removed empty README.Debian (closes: #81966). + + -- Torsten Landschoff <torsten@debian.org> Tue, 16 Jan 2001 16:04:03 +0100 + +tcpdump (3.5.2-3) unstable; urgency=low + + * Fixup dependancy stuff. Sheesh. (Closes: #78063, #78081, #78082) + + -- Anand Kumria <wildfire@progsoc.org> Tue, 28 Nov 2000 02:16:01 +1100 + +tcpdump (3.5.2-2) unstable; urgency=low + + * Update both config.guess and config.sub (Closes: #36692, #53145) + * Opps, make the .diff available. + * We require a particular libpcap version to work (Closes: #77877) + + -- Anand Kumria <wildfire@progsoc.org> Mon, 27 Nov 2000 01:13:55 +1100 + +tcpdump (3.5.2-1) unstable; urgency=low + + * New Maintainer + * New upstream release (Closes: #75889) + * Upstream added hex dump (-x) and ascii dump (-X) Closes: #23514, #29418) + * Acknowledge and incorporate security fixes (Closes: #63708, #77489) + * Appletalk / Ethertalk patches are in (Closes: #67642) + + -- Anand Kumria <wildfire@progsoc.org> Wed, 22 Nov 2000 13:19:33 +1100 + +tcpdump (3.4a6-4.1) frozen unstable; urgency=high + + * Non-maintainer upload by security team + * Apply patch from tcpdump-workers mailinglist to fix DNS DoS attack + against tcpdump. Based on patch from Guy Harris <gharris@flashcom.net> as + found on http://www.tcpdump.org/lists/workers/1999/msg00607.html + * Fix Build-Depends entry in debian/control + + -- Wichert Akkerman <wakkerma@debian.org> Sun, 7 May 2000 15:17:33 +0200 + +tcpdump (3.4a6-4) unstable; urgency=low + + * New maintainer. + * tcpdump.c (main): Reestablish priviliges before closing the device + (closes: #19959). + * It seems the problem with ppp came from the kernel - I can dump + packages on ppp0 just fine... (closes: #25757) + * print-tcp.c (tcp_print): Applied patch from David S. Miller submitted + by Andrea Arcangeli to fix tcpdump sack TCP option interpretation + (closes: #28530). + * print-bootp.c (rfc1048_print): Interpret timezone offset as signed + (closes: #40376). Fixed byte order problem in printing internet + addresses (closes: #40375). Thanks to Roderick Schertler for the patch. + * Several files: Applied SMB patch from samba.org (closes: #27653). + * print-ip.c (ip_print): Check for ip headers with less than 5 longs. + Patch taken from RedHat's source package. + * Redid debian/rules using debhelper. + * Makefile.in: Install the manpage into man8 instead of man1. + * tcpdump.1: Moved to section 8 (admin commands). + * print-smb.c (print_smb): Disabled anything but printing the command + info by default. Otherwise we would get flooded with smb information. + You can get all info using -vvv. Two -v's will give you the SMB headers. + * tcpdump.1: Documented the behaviour described above. + + -- Torsten Landschoff <torsten@debian.org> Mon, 22 Nov 1999 01:31:44 +0100 + +tcpdump (3.4a6-3) frozen unstable; urgency=low + + * fixed permissions + + -- Peter Tobias <tobias@et-inf.fho-emden.de> Mon, 30 Mar 1998 02:28:39 +0200 + + +tcpdump (3.4a6-2) frozen unstable; urgency=low + + * rebuild with latest debmake, fixes #19415 + (should also fix the lintian warnings) + * updated standards-version + + -- Peter Tobias <tobias@et-inf.fho-emden.de> Mon, 30 Mar 1998 00:28:39 +0200 + + +tcpdump (3.4a6-1) unstable; urgency=low + + * updated to latest upstream version, fixes: Bug#17163 + * install changelog.Debian compressed, fixes: Bug#15417 + + -- Peter Tobias <tobias@et-inf.fho-emden.de> Sun, 1 Feb 1998 00:08:31 +0100 + + +tcpdump (3.4a4-1) unstable; urgency=low + + * updated to latest upstream version + * libc6 version + + -- Peter Tobias <tobias@et-inf.fho-emden.de> Wed, 17 Sep 1997 23:22:54 +0200 + + +tcpdump (3.3.1a2-1) frozen stable unstable; urgency=medium + + * updated to latest upstream version (works with new libpcap now) + + -- Peter Tobias <tobias@et-inf.fho-emden.de> Sat, 24 May 1997 00:49:17 +0200 + + +tcpdump (3.3-2) unstable; urgency=low + + * fixed SLIP support + + -- Peter Tobias <tobias@et-inf.fho-emden.de> Sun, 16 Feb 1997 21:06:51 +0100 + + +tcpdump (3.3-1) unstable; urgency=low + + * updated to latest upstream version + + -- Peter Tobias <tobias@et-inf.fho-emden.de> Thu, 16 Jan 1997 01:34:00 +0100 |