path: root/debian/changelog

tcpdump (4.99.4-4) unstable; urgency=medium

  * debian/watch: switch to .tar.xz URLs as upstream homepage no longer
    lists the .tar.gz.
  * Mark latest patch as "Forwarded: not-needed".
  * Bump Standards-Version to 4.7.0.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 28 Apr 2024 17:07:15 +0200

tcpdump (4.99.4-3~progress7.99u1) graograman-backports; urgency=medium

  * Initial reupload to graograman-backports.
  * Updating maintainer field.
  * Updating uploaders field.
  * Updating bugs field.
  * Updating vcs fields.

 -- Daniel Baumann <daniel.baumann@progress-linux.org>  Mon, 15 Apr 2024 19:13:11 +0200

tcpdump (4.99.4-3) unstable; urgency=medium

  * Allow *.pcapng in AppArmor policy, thanks to Chris Kuethe for the
    patch (closes: #1039993).
  * Pick up patch from upstream PR#812 to avoid the call to droproot()
    altogether if called with `-Z root', thanks to Tj (closes: #1035842).
  * Override 'spelling-error-in-binary' and move 'set -e' inside maintscripts.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 22 Jul 2023 17:23:56 +0200

tcpdump (4.99.4-2) unstable; urgency=medium

  * Upload to unstable.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 17 Jun 2023 17:29:12 +0200

tcpdump (4.99.4-1) experimental; urgency=medium

  * New upstream release.
  * Mark Debian-specific patches as "Forwarded: not-needed" in metadata.

 -- Romain Francoise <rfrancoise@debian.org>  Mon, 10 Apr 2023 16:57:18 +0200

tcpdump (4.99.3-1) unstable; urgency=medium

  * New upstream release.
  * Drop Hurd build patch, which doesn't seem to be right anymore.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 14 Jan 2023 18:23:25 +0100

tcpdump (4.99.2-1) unstable; urgency=medium

  * New upstream release.
  * Re-enable all tests.
  * Bump Standards-Version to 4.6.2.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 01 Jan 2023 18:19:40 +0100

tcpdump (4.99.1-4) unstable; urgency=medium

  * debian/usr.bin.tcpdump: account for numerical suffix in filenames
    added by -W (closes: #1010688).

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 08 May 2022 18:25:45 +0200

tcpdump (4.99.1-3) unstable; urgency=medium

  * Clean up AppArmor local profile for /usr/sbin/tcpdump, if it's still
    empty (closes: #990554).
  * Switch to debhelper compat level 13.
  * Set `Rules-Requires-Root' to "no".
  * Bump Standards-Version to 4.6.0.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 12 Sep 2021 18:55:44 +0200

tcpdump (4.99.1-2) unstable; urgency=medium

  * Upload to unstable.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 15 Aug 2021 17:29:54 +0200

tcpdump (4.99.1-1) experimental; urgency=medium

  * New upstream release.
  * debian/usr.bin.tcpdump: grant access to *.cap (closes: #989433).

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 20 Jun 2021 20:48:30 +0200

tcpdump (4.99.0-2) unstable; urgency=medium

  * Add autopkgtest support, running the upstream test suite.

 -- Romain Francoise <rfrancoise@debian.org>  Fri, 15 Jan 2021 23:41:47 +0100

tcpdump (4.99.0-1) unstable; urgency=medium

  * New upstream release.
  * Mention in debian/NEWS that tcpdump is now installed to /usr/bin
    instead of /usr/sbin.
  * Rename AppArmor profile to match new binary location and add
    maintscript stanza to move the previous conffile if present.
  * Temporarily disable tests that require the just-released libpcap 1.10,
    we don't want to tie the migration of the two just before the bullseye
    freeze.
  * Drop unused lintian override.
  * Bump Standards-Version to 4.5.1.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 03 Jan 2021 21:28:16 +0100

tcpdump (4.9.3-7) unstable; urgency=high

  * Cherry-pick commit 32027e1993 from the upstream tcpdump-4.9 branch to fix
    untrusted input issue in the PPP printer (CVE-2020-8037, closes: #973877).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 07 Nov 2020 13:19:14 +0100

tcpdump (4.9.3-6) unstable; urgency=medium

  [ Simon Deziel ]
  * debian/usr.sbin.tcpdump: use profile name specifier instead of
    '/usr/sbin/tcpdump'.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 28 May 2020 19:23:57 +0200

tcpdump (4.9.3-5) unstable; urgency=medium

  * Minor packaging fixes courtesy of the Janitor bot and lintian-brush:
    + Set upstream metadata fields: Bug-Submit, Repository, Repository-
      Browse.
  * Bump Standards-Version to 4.5.0.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 09 May 2020 20:42:57 +0200

tcpdump (4.9.3-4) unstable; urgency=medium

  * Set upstream metadata fields: Bug-Database.

 -- Romain Francoise <rfrancoise@debian.org>  Tue, 31 Dec 2019 19:24:04 +0100

tcpdump (4.9.3-3) unstable; urgency=medium

  * Minor packaging fixes courtesy of the Janitor bot and lintian-brush:
    + Use secure URI in debian/watch.
    + Use secure URI in Homepage field.
    + Bump debhelper from old 11 to 12.
    + Set debhelper-compat version in Build-Depends.
    + Re-export upstream signing key without extra signatures.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 08 Dec 2019 13:56:42 +0100

tcpdump (4.9.3-2) unstable; urgency=medium

  * Disable failing IKEv2 test yet again to fix build on ppc64el (again)
    (closes: #942171).

 -- Romain Francoise <rfrancoise@debian.org>  Fri, 11 Oct 2019 20:48:04 +0200

tcpdump (4.9.3-1) unstable; urgency=medium

  * New upstream release, with fixes for 24 different CVEs (closes: #941698).
  * Build-depend on libpcap >= 1.9.1 to make all build-time tests pass.
  * Re-enable IKEv2 test.
  * Bump Standards-Version to 4.4.1.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 10 Oct 2019 21:31:38 +0200

tcpdump (4.9.3~git20190901-2) unstable; urgency=medium

  * Disable failing IKEv2 test again to fix build on ppc64el.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 07 Sep 2019 12:14:43 +0200

tcpdump (4.9.3~git20190901-1) unstable; urgency=low

  * New upstream snapshot from the tcpdump-4.9 branch:
    + Includes fix for CVE-2017-16808 (closes: #881862).
    + Fixes ESP decryption on ppc64el (and others), re-enable tests.
  * Drop root privileges by default (closes: #935112):
    + debian/rules: Configure --with-user=tcpdump.
    + debian/tcpdump.post{inst,rm}: Create/delete a 'tcpdump' system group
      and user.
    + debian/control: Add dependency on adduser.
    + debian/patches/drop-privs-after-opening-savefile.diff: New patch
      (from Fedora) to drop root privileges *after* opening the savefile
      when possible, to alleviate possible inconvenience if the target
      directory is not writable by user tcpdump.
    + debian/patches/drop-privs-silently.diff: New patch (from Fedora) to
      drop root privileges silently.
    + debian/usr.sbin.tcpdump: Add chown capability, and update rules
      about device discovery.
    + debian/NEWS: Mention how to run tcpdump as root.
  * Bump Standards-Version to 4.4.0.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 01 Sep 2019 13:05:24 +0200

tcpdump (4.9.2-3) unstable; urgency=medium

  [ Jamie Strandboge ]
  * debian/usr.sbin.tcpdump: drop 'capability sys_module' since we already
    have 'net_admin' and network module loading (which happens with -D) is
    allowed with 'net_admin' (LP: #1759029) (closes: #894161)

  [ Romain Francoise ]
  * Switch to debhelper compatibility level 11.
  * Bump Standards-Version to 4.1.3.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 31 Mar 2018 22:22:36 +0200

tcpdump (4.9.2-2) unstable; urgency=medium

  * Use new URLs on salsa.debian.org for Vcs-* fields.
  * Bump Standards-Version to 4.1.2.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 31 Dec 2017 15:53:41 +0100

tcpdump (4.9.2-1) unstable; urgency=high

  * New upstream release:
    + Fixes 86 new CVEs, see the upstream changelog for the full list.
    + Now supports OpenSSL 1.1, so move back to libssl-dev (closes: #859740).
  * Urgency high due to security fixes.

 -- Romain Francoise <rfrancoise@debian.org>  Fri, 08 Sep 2017 21:30:47 +0200

tcpdump (4.9.1-3) unstable; urgency=high

  * Cherry-pick three upstream commits to fix the following:
    + CVE-2017-11541: buffer over-read in safeputs() (closes: #873804)
    + CVE-2017-11542: buffer over-read in pimv1_print() (closes: #873805)
    + CVE-2017-11543: buffer overflow in sliplink_print() (closes: #873806)
  * Urgency high due to security fixes.

 -- Romain Francoise <rfrancoise@debian.org>  Mon, 04 Sep 2017 19:45:45 +0200

tcpdump (4.9.1-2) unstable; urgency=medium

  * Disable IKEv2 test which mysteriously fails on ppc64el (closes: #873377).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 02 Sep 2017 11:01:30 +0200

tcpdump (4.9.1-1) unstable; urgency=medium

  * New upstream release, fixes CVE-2017-11108 (closes: #867718).
  * Bump Standards-Version to 4.1.0.
  * debian/watch: add pgpsigurlmangle option.
  * Add upstream signing key in debian/upstream.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 26 Aug 2017 18:48:32 +0200

tcpdump (4.9.0-3) unstable; urgency=medium

  [ intrigeri ]
  * Include AppArmor profile from Ubuntu (closes: #866682).

  [ Romain Francoise ]
  * Bump Standards-Version to 4.0.0.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 02 Jul 2017 12:13:53 +0200

tcpdump (4.9.0-2) unstable; urgency=medium

  * Re-enable crypto support, targeting OpenSSL 1.0 as upstream still
    doesn't support OpenSSL 1.1.
  * Drop --enable-ipv6 from configure line, it has been the default for
    years now.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 11 Feb 2017 16:40:05 +0100

tcpdump (4.9.0-1) unstable; urgency=high

  * New upstream security release, fixing the following:
    + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
    + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
    + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
    + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
    + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
    + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
    + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
    + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
    + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
    + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
    + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
    + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
    + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
    + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
    + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
    + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
    + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
    + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
    + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
    + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
    + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
    + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
    + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
    + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
    + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
    + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
    + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
    + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
    + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
    + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
    + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
    + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
    + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
    + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
    + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
    + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
    + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
    + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
    + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
    + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
    + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
  * Re-enable all tests and bump build-dep on libpcap0.8-dev to >= 1.8
    accordingly.
  * Switch Vcs-Git URL to the https one.
  * Adjust lintian override name about dh 9.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 26 Jan 2017 20:04:11 +0100

tcpdump (4.8.1-2) unstable; urgency=medium

  * Disable new HNCP test, which fails on some buildds for some
    as-of-yet unexplained reason.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 29 Oct 2016 19:40:01 +0200

tcpdump (4.8.1-1) unstable; urgency=medium

  * New upstream release.
  * Re-enable Geneve tests (disabled in 4.7.4-1) and bump build-dep on
    libpcap0.8-dev to >= 1.7 accordingly.
  * Disable new pcap version tests which require libpcap 1.8+.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 29 Oct 2016 17:16:06 +0200

tcpdump (4.7.4-3) unstable; urgency=medium

  * Use dh-autoreconf instead of calling autoconf directly and patching
    config.{guess,sub}.
  * Call dh_auto_configure instead of configure in override target, patch
    by Helmut Grohne (closes: #837951).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 17 Sep 2016 11:18:45 +0200

tcpdump (4.7.4-2) unstable; urgency=medium

  * Disable crypto support as it causes FTBFS with OpenSSL 1.1.x and we
    don't have a working fix upstream yet (closes: #828569).
  * Bump Standards-Version to 3.9.8.
  * Use cgit URL for Vcs-Browser.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 28 Aug 2016 18:16:50 +0200

tcpdump (4.7.4-1) unstable; urgency=medium

  * New upstream release.
  * Disable two geneve tests that require libpcap 1.7+.
  * Bump Standards-Version to 3.9.6.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 23 May 2015 18:25:01 +0200

tcpdump (4.6.2-5) unstable; urgency=high

  * Cherry-pick commit fb6e5377f3 from upstream Git to fix regressions in the
    RPKI/RTR printer after the CVE-2015-2153 changes. Thanks to Artur Rona
    from Ubuntu for the heads-up (closes: #781362).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 04 Apr 2015 19:10:27 +0200

tcpdump (4.6.2-4) unstable; urgency=high

  * Cherry-pick changes from upstream Git to fix the following security
    issues:
    + CVE-2015-0261: missing bounds checks in IPv6 Mobility printer.
    + CVE-2015-2153: missing bounds checks in RPKI/RTR printer.
    + CVE-2015-2154: missing bounds checks in ISOCLNS printer.
    + CVE-2015-2155: missing bounds checks in ForCES printer.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 14 Mar 2015 18:43:44 +0100

tcpdump (4.6.2-3) unstable; urgency=high

  * Cherry-pick commit 0f95d441e4 from upstream Git to fix a buffer overflow
    in the PPP dissector (CVE-2014-9140).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 29 Nov 2014 12:23:53 +0100

tcpdump (4.6.2-2) unstable; urgency=high

  * Urgency high due to security fixes.
  * Add three patches extracted from various upstream commits fixing
    vulnerabilities in three dissectors:
    + CVE-2014-8767: missing bounds checks in OLSR dissector (closes: #770434).
    + CVE-2014-8768: missing bounds checks in Geonet dissector
      (closes: #770415).
    + CVE-2014-8769: missing bounds checks in AOVD dissector (closes: #770424).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 22 Nov 2014 11:48:08 +0100

tcpdump (4.6.2-1) unstable; urgency=medium

  * New upstream release.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 04 Sep 2014 18:53:34 +0200

tcpdump (4.6.1-3) unstable; urgency=medium

  * Bump build-dep on libpcap0.8-dev to >= 1.5 as the pppoes_id test case
    requires a pcap version that supports PPPoE session ID filtering.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 16 Aug 2014 17:38:28 +0200

tcpdump (4.6.1-2) unstable; urgency=medium

  * Expand configure check for net/pfvar.h to also check for existence of
    net/if_pflog.h to fix build on GNU/kFreeBSD, which ships the former
    but not the latter, see #756553 (closes: #756790).

 -- Romain Francoise <rfrancoise@debian.org>  Mon, 04 Aug 2014 22:37:24 +0200

tcpdump (4.6.1-1) unstable; urgency=medium

  * New upstream release.
  * debian/control: Mark tcpdump 'Multi-Arch: foreign' (closes: #700727).

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 30 Jul 2014 19:16:49 +0200

tcpdump (4.5.1-2) unstable; urgency=low

  * Disable nflog-e testcase, the NFLOG header length is specified in host
    byte order which makes capture files order-dependent (closes: #731031).

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 01 Dec 2013 12:13:16 +0100

tcpdump (4.5.1-1) unstable; urgency=low

  * New upstream release.
  * Disable new pppoes testcase which uses a new pcap feature to avoid tying
    the two upstream versions together.
  * debian/control: Set Standards-Version to 3.9.5.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 30 Nov 2013 23:54:03 +0100

tcpdump (4.4.0-1) unstable; urgency=low

  * New upstream release:
    + Fixes format error in NTP printer (closes: #686276).
    + Rewords -e description (closes: #648768).
  * debian/control: Set Standards-Version to 3.9.4.
  * Use canonical locations in Vcs-* fields.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 25 May 2013 13:50:30 +0200

tcpdump (4.3.0-1) unstable; urgency=low

  * New upstream release.
  * Re-enable test suite.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 13 Jun 2012 22:55:54 +0200

tcpdump (4.2.1-3) unstable; urgency=low

  * Fix CPPFLAGS handling in upstream configure.in to avoid losing
    hardening flags, patch by Simon Ruderich <simon@ruderich.org>
    (closes: #662016).
  * Fix some misspellings pointed out by lintian.
  * debian/control: Set Standards-Version to 3.9.3.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 03 Mar 2012 17:11:48 +0100

tcpdump (4.2.1-2) unstable; urgency=low

  * Drop debian/patches/50_kfreebsd.diff (closes: #658848).

 -- Romain Francoise <rfrancoise@debian.org>  Mon, 06 Feb 2012 19:01:12 +0100

tcpdump (4.2.1-1) unstable; urgency=low

  * New upstream release.
  * Upload to unstable.

 -- Romain Francoise <rfrancoise@debian.org>  Mon, 02 Jan 2012 20:19:22 +0100

tcpdump (4.2.0~rc1-2) experimental; urgency=low

  * Make sure OpenSSL support gets enabled: since it moved to multiarch
    paths, the configure script doesn't find libcrypto.so and disables
    crypto support. To fix this, simplify detection logic in configure.in
    and run autoconf before configuring.
  * Redo build flags handling:
    + Enable hardening flags via dpkg-buildflags, not hardening-includes.
    + Switch to debhelper compat level 9 to have build flags exported
      automatically.
    + Adjust build-depends accordingly.
  * Enable parallel build in debhelper.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 06 Nov 2011 19:14:23 +0100

tcpdump (4.2.0~rc1-1) experimental; urgency=low

  * New upstream beta release (closes: #636806); now switches to the -Z
    user before opening the first output file (closes: #434603).
  * debian/control: Set Standards-Version to 3.9.2.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 14 Aug 2011 10:44:58 +0200

tcpdump (4.1.1-2) unstable; urgency=low

  * Fix FTBFS on GNU/Hurd; patch from Svante Signell (closes: #622287).
  * debian/control: Tweak short and long descriptions, set
    Standards-Version to 3.9.1.

 -- Romain Francoise <rfrancoise@debian.org>  Mon, 11 Apr 2011 22:37:29 +0200

tcpdump (4.1.1-1) unstable; urgency=low

  * New upstream release (closes: #576001).
  * debian/rules: Disable dh_auto_test (for now).
  * debian/control: Set Standards-Version to 3.8.4.
  * debian/patches/30_uflag_flushopen.diff: New patch: when saving to a
    capture file with -U, flush the file immediately after opening it.
    Suggested by Ferenc Wagner <wferi@niif.hu> (closes: #533625).
  * debian/patches/20_man_fixes.diff: Fix TCP flags description, thanks to
    Christophe Rhodes <csr21@cantab.net> (closes: #575724).

 -- Romain Francoise <rfrancoise@debian.org>  Tue, 06 Apr 2010 19:58:14 +0200

tcpdump (4.0.0-6) unstable; urgency=low

  * debian/control: Build-depend on hardening-includes.
  * debian/rules: Use hardening.make.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 24 Dec 2009 11:51:12 +0100

tcpdump (4.0.0-5) unstable; urgency=low

  * Switch to 3.0 (quilt) source format:
    + Drop build-depends on quilt.
    + Remove patch/unpatch logic from debian/rules.
    + Remove README.source.
    + Refresh debian/patches/30_tcp_seq.diff.
  * Use dh(1):
    + debian/compat: Bump to 7.
    + debian/control: Build-depend on debhelper (>= 7.0.50~).
    + debian/rules: Simplify.
    + debian/tcpdump.dirs: Removed.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 08 Nov 2009 17:25:38 +0100

tcpdump (4.0.0-4) unstable; urgency=low

  * debian/control:
    + Add ${misc:Depends} to Depends.
    + Set Standards-Version to 3.8.3; no changes needed.
  * debian/{watch,README.source}: New files.
  * debian/copyright: Remove link to original file.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 08 Oct 2009 19:00:23 +0200

tcpdump (4.0.0-3) unstable; urgency=low

  * debian/patches/20_man_fixes.diff: Update; pcap-filter is in section 7,
    not 4 (closes: #527599).
  * debian/control: Set Standards-Version to 3.8.1.

 -- Romain Francoise <rfrancoise@debian.org>  Tue, 16 Jun 2009 11:51:14 +0200

tcpdump (4.0.0-2) unstable; urgency=low

  * debian/patches/30_tcp_seq.diff: Patch from Ilpo Järvinen adding back
    default display of sequence numbers in TCP printer (closes: #517661).
  * debian/patches/series: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 01 Mar 2009 14:51:25 +0100

tcpdump (4.0.0-1) unstable; urgency=low

  * Upload to unstable.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 18 Feb 2009 18:55:35 +0100

tcpdump (4.0.0-1~exp1) experimental; urgency=low

  * New upstream release.
  * debian/control: Set Standards-Version to 3.8.0.
  * debian/rules: Don't set DH_VERBOSE.
  * debian/patches/15_install.diff: New patch, don't install two identical
    tcpdump binaries.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 30 Nov 2008 22:55:39 +0100

tcpdump (3.9.8-4) unstable; urgency=low

  * debian/control: Build-Depend on libpcap0.8-dev (>= 0.9.3),
    not (>= 0.9.3-1).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 08 Mar 2008 19:24:02 +0100

tcpdump (3.9.8-3) unstable; urgency=low

  * debian/copyright: Convert to UTF-8 encoding.
  * debian/control: Set Standards-Version to 3.7.3, no changes needed.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 23 Dec 2007 14:32:17 +0100

tcpdump (3.9.8-2) unstable; urgency=low

  * debian/control: Add Vcs-Browser and Vcs-Git fields.
  * debian/patches/50_kfreebsd.diff: New patch by Petr Salinger fixing
    FTBFS on Debian GNU/kFreeBSD (closes: #448695).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 03 Nov 2007 11:12:53 +0100

tcpdump (3.9.8-1) unstable; urgency=low

  * New upstream release.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 27 Sep 2007 22:41:53 +0200

tcpdump (3.9.7-2) unstable; urgency=low

  * debian/control: Move upstream URL to the Homepage header.

 -- Romain Francoise <rfrancoise@debian.org>  Fri, 21 Sep 2007 19:48:05 +0200

tcpdump (3.9.7-1) unstable; urgency=low

  * New upstream release.
  * debian/patches/41_cve-2007-3798.diff: Deleted.
  * debian/patches/40_cve-2007-1218.diff: Deleted.
  * debian/patches/series: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 12 Aug 2007 12:45:31 +0200

tcpdump (3.9.5-4) unstable; urgency=low

  * debian/rules: Don't ignore errors in clean target.
  * debian/patches/50_autotools-dev.diff: New patch, make config.{guess,sub}
    exec newer versions of themselves if autotools-dev is installed.
  * debian/patches/series: Update.
  * debian/control: Add build-depends on autotools-dev.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 11 Aug 2007 20:18:34 +0200

tcpdump (3.9.5-3) unstable; urgency=medium

  * Convert to quilt for patch management:
    + debian/control: Build-Depend on quilt (>= 0.40) instead of dpatch.
    + debian/rules: Include /usr/share/quilt/quilt.make.
    + Convert all dpatch patches to regular patches.

  * debian/patches/41_cve-2007-3798.diff: New patch, fixes an integer
    overflow in the BGP dissector (CVE-2007-3798), thanks to Daniel Leidert
    (closes: #434030).
  * debian/patches/series: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 01 Aug 2007 19:56:04 +0200

tcpdump (3.9.5-2) unstable; urgency=medium

  * debian/patches/40_cve-2007-1218.dpatch: New patch, fixes a potential
    buffer overflow in the 802.11 printer (CVE-2007-1218), thanks to
    Moritz Muehlenhoff <jmm@debian.org> (closes: #413430).
  * debian/patches/00list: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Mon,  5 Mar 2007 20:22:50 +0100

tcpdump (3.9.5-1) unstable; urgency=low

  * New upstream release.
  * debian/patches/20_man_fixes.dpatch: Resync.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 23 Sep 2006 21:13:07 +0200

tcpdump (3.9.4-4) unstable; urgency=low

  * debian/compat: Switch to debhelper compatibility level 5.
  * debian/control:
    + Build-Depend on debhelper (>= 5).
    + Remove Uploaders field.
    + Bump Standards-Version to 3.7.2, no changes needed.
  * debian/rules: Misc. cleanups.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 20 May 2006 13:07:45 +0200

tcpdump (3.9.4-3) unstable; urgency=low

  * debian/patches/20_man_fixes.dpatch: Merge patch from A Costa
    <agcosta@gis.net> fixing a few typos (closes: #351014).

 -- Romain Francoise <rfrancoise@debian.org>  Thu,  2 Feb 2006 22:24:04 +0100

tcpdump (3.9.4-2) unstable; urgency=low

  * debian/patches/20_man_fixes.dpatch: Merge patch from A Costa
    <agcosta@gis.net> fixing a few typos (closes: #342310).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 10 Dec 2005 14:26:20 +0100

tcpdump (3.9.4-1) unstable; urgency=low

  * New upstream release.

  * debian/patches/40_spelling.dpatch: Dropped (included upstream).
  * debian/patches/30_version.dpatch: Dropped.
  * debian/patches/30_vlan_eflag: New patch, reverse test for eflag in
    print-ether.c to match the intended effect (closes: #324706).

  * This upload also transitions tcpdump to OpenSSL 0.9.8.

 -- Romain Francoise <rfrancoise@debian.org>  Sun,  9 Oct 2005 20:11:49 +0200

tcpdump (3.9.3-2) unstable; urgency=low

  * debian/patches/40_spelling.dpatch: New patch, fixes spelling errors
    ("advertisment" vs. "advertisement"), thanks to Michael Shields
    <shields@msrl.com> (closes: #318676).
  * debian/patches/00list: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 17 Jul 2005 12:28:22 +0200

tcpdump (3.9.3-1) unstable; urgency=low

  * New upstream release.
  * Build-Depend on libpcap0.8-dev (which is really libpcap 0.9.3).

  * debian/patches/30_ascii-output.dpatch: Dropped (merged upstream).
  * debian/patches/30_version: New patch, fixes upstream version (still at
    3.9.2 while this is version 3.9.3).
  * debian/patches/00list: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 16 Jul 2005 14:59:30 +0200

tcpdump (3.9.1-1) unstable; urgency=low

  * New upstream release.
  * debian/patches/30_ascii-output.dpatch: New patch, fixes -x, -X and -A
    priorities and removes extra newline and tab characters in the ascii
    output (closes: #285764, #316908).
  * debian/patches/00list: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Wed,  6 Jul 2005 20:17:19 +0200

tcpdump (3.9.0.cvs.20050622-1) unstable; urgency=low

  * New CVS snapshot.
  * debian/control: Bump Standards-Version to 3.6.2.1, no changes needed.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 22 Jun 2005 19:52:31 +0200

tcpdump (3.9.0.cvs.20050614-1) unstable; urgency=low

  * New CVS snapshot.
  * Upload to unstable.

 -- Romain Francoise <rfrancoise@debian.org>  Tue, 14 Jun 2005 19:43:24 +0200

tcpdump (3.9.0.cvs.20050529-1) experimental; urgency=low

  * New upstream CVS snapshot for experimental.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 29 May 2005 12:55:31 +0200

tcpdump (3.9.0.cvs.20050511-1) experimental; urgency=low

  * Upstream CVS snapshot of tcpdump 3.9 for experimental.
  * debian/patches/20_man_fixes.dpatch: Resynchronized.
  * debian/patches/30_openssl_des.dpatch: Dropped (fixed upstream).
  * debian/patches/40_ipv6cp.dpatch: Ditto.
  * debian/patches/50_misc_dos.dpatch: Ditto.
  * debian/patches/00list: Update.
  * debian/control: Build with libpcap0.9, also in experimental.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 11 May 2005 20:00:31 +0200

tcpdump (3.8.3-5) unstable; urgency=low

  * debian/copyright: Clarify license conditions, some files in the
    distribution are still under the 4-clause BSD license (closes: #283008).
  * debian/changelog: Revise 3.8.3-4 entry to add CAN numbers (which have
    been assigned in the meantime).

 -- Romain Francoise <rfrancoise@debian.org>  Sun,  1 May 2005 17:23:45 +0200

tcpdump (3.8.3-4) unstable; urgency=high

  * Urgency set to high due to security fixes.
  * debian/patches/50_misc_dos.dpatch: Security fixes stolen from the 3.8
    branch fix infinite loops in the BGP, ISIS, LDP and RSVP dissectors
    [CAN-2005-1278, CAN-2005-1279, CAN-2005-1280] (closes: #306529).
  * debian/patches/00list: Add 50_misc_dos.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 27 Apr 2005 21:05:37 +0200

tcpdump (3.8.3-3) unstable; urgency=low

  * debian/patches/40_ipv6cp.dpatch: New patch, do not try to print IPV6CP
    ppp packets, the dissector doesn't support it (closes: #255179).
  * debian/patches/00list: Add 40_ipv6cp.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 19 Jun 2004 15:01:27 +0200

tcpdump (3.8.3-2) unstable; urgency=low

  * debian/rules: Enable crypto support (closes: #82581, #93428).
  * debian/control:
    + Build-Depend on libssl-dev.
    + Put back URL markers in description.
    + Switch Maintainer and Uploaders fields to match reality.
  * debian/patches/30_openssl_des.dpatch: Patch to make upstream's
    configure script check for DES_cbc_encrypt instead of des_cbc_encrypt,
    (the function got renamed in OpenSSL 0.9.7), which saves us the hassle
    of re-running autoconf.  Temporary hack since upstream has fixed this
    in CVS already.
  * debian/patches/00list: Add 30_openssl_des.

 -- Romain Francoise <rfrancoise@debian.org>  Fri, 14 May 2004 22:14:08 +0200

tcpdump (3.8.3-1) unstable; urgency=low

  * New upstream release.
  * debian/rules:
    + Add -D_FILE_OFFSET_BITS=64 to default CFLAGS to match libpcap
      (closes: #154762).
    + Use dpatch for patch management.
    + Clean up CFLAGS handling.
    + Support DEB_BUILD_OPTIONS.
  * debian/control:
    + Build-Depend on libpcap0.8-dev, dpatch.
    + Add versioned Build-Depends on debhelper.
    + Remove Emacs-style URL markers from description.
  * debian/compat: New file.
  * debian/copyright: Update.
  * debian/tcpdump.docs: Do not install upstream INSTALL file.
  * debian/patches: New directory.
  * debian/patches/10_man_install.dpatch: Patch split off the Debian diff
    to change man install paths in upstream Makefile.in.
  * debian/patches/20_man_fixes.dpatch: Patch split off the Debian diff to
    fix some inconsistencies in the upstream man page.
  * debian/patches/00list: New file (patch list).

 -- Romain Francoise <rfrancoise@debian.org>  Tue, 11 May 2004 14:02:09 +0200

tcpdump (3.7.2-4) unstable; urgency=high

  * Urgency high due to security fixes.
  * Backport changes from upstream CVS to fix ISAKMP payload handling
    denial-of-service vulnerabilities (CAN-2004-0183, CAN-2004-0184).
    Detailed changes (with corresponding upstream revisions):
    + Add length checks in isakmp_id_print() (print-isakmp.c, rev. 1.47)
    + Add data checks all over the place, change rawprint() prototype and
      add corresponding return value checks (print-isakmp.c, rev. 1.46)
    + Add missing ntohs() and change length initialization in
      isakmp_id_print(), not porting prototype changes (print-isakmp.c,
      rev. 1.45)

 -- Romain Francoise <rfrancoise@debian.org>  Tue,  6 Apr 2004 19:39:24 +0200

tcpdump (3.7.2-3) unstable; urgency=low

  * Backport changes from upstream CVS to fix several vulnerabilities in
    ISAKMP, L2TP and Radius parsing (closes: #227844, #227845, #227846).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 17 Jan 2004 14:12:30 +0100

tcpdump (3.7.2-2) unstable; urgency=low

  * Acknowledge NMU by Romain (closes: #208543).
  * Apply man page fixes by Romain:
    + networks(4) changed to networks(5) (closes: #194180).
    + ethers(3N) changed to ethers(5) (closes: #197888).
  * debian/control: Added Romain Francoise as co maintainer. Thanks for
    your help, Romain!

 -- Torsten Landschoff <torsten@debian.org>  Sun, 19 Oct 2003 04:12:31 +0200

tcpdump (3.7.2-1.1) unstable; urgency=low

  * NMU
  * Reverse order of #include directives in print-sctp.c so that
    IPPROTO_SCTP is defined (closes: #208543).

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 12 Oct 2003 17:06:01 +0200

tcpdump (3.7.2-1) unstable; urgency=low

  * New upstream release (closes: #195816).

 -- Torsten Landschoff <torsten@debian.org>  Sun,  8 Jun 2003 00:14:44 +0200

tcpdump (3.7.1-1.2) unstable; urgency=high

  * Non-maintainer upload
  * Apply security fixes from 3.7.2
    - Fixed infinite loop when parsing malformed isakmp packets.
      (CAN-2003-0108)
    - Fixed infinite loop when parsing malformed BGP packets.
    - Fixed buffer overflow with certain malformed NFS packets.

 -- Matt Zimmerman <mdz@debian.org>  Thu, 27 Feb 2003 11:00:32 -0500

tcpdump (3.7.1-1.1) unstable; urgency=low

  * NMU
  * Simple rebuild to deal with libpcap0->libpcap0.7 transition.
    Sourceful NMU so that every arch rebuilds it.

 -- LaMont Jones <lamont@debian.org>  Wed, 14 Aug 2002 21:25:45 -0600

tcpdump (3.7.1-1) unstable; urgency=low

  * New upstream release (closes: #138052).

 -- Torsten Landschoff <torsten@debian.org>  Sat,  3 Aug 2002 23:54:04 +0200

tcpdump (3.6.2-2) unstable; urgency=HIGH

  * print-rx.c: Take the version from current CVS fixing the remote
    buffer overflow reported in FreeBSD Security Advisory SA-01:48
    yesterday. Thanks to Matt Zimmerman for forwarding the report,
    I might have missed it.
  * debian/control: Clean the Build-Depends from build-essential
    packages.

 -- Torsten Landschoff <torsten@debian.org>  Thu, 19 Jul 2001 15:03:48 +0200

tcpdump (3.6.2-1) unstable; urgency=low

  * New upstream release.

 -- Torsten Landschoff <torsten@debian.org>  Tue,  6 Mar 2001 04:18:16 +0100

tcpdump (3.6.1-2) unstable; urgency=low

  * debian/rules: Force support for IPv6 (closes: #82665).
  * print-icmp6.c: Removed duplicate definition also in icmp6.h to
    get the package to compile with IPv6.
  * Rebuild should fix the missing libpcap0-dependency (closes: #82666).
    Additional info: The missing dependency was because the configure
    script found my libpcap sources in the parent directory. Black magic
    always works against you :(

 -- Torsten Landschoff <torsten@debian.org>  Thu, 18 Jan 2001 00:44:01 +0100

tcpdump (3.6.1-1) unstable; urgency=high

  * Taking back the package. Kudos to Anand for his help.
  * New upstream release. This release fixes a security hole in print-rx.c.
  * debian/rules: Disable crypto support (closes: #81969).
  * Removed empty README.Debian (closes: #81966).

 -- Torsten Landschoff <torsten@debian.org>  Tue, 16 Jan 2001 16:04:03 +0100

tcpdump (3.5.2-3) unstable; urgency=low

  * Fixup dependancy stuff. Sheesh. (Closes: #78063, #78081, #78082)

 -- Anand Kumria <wildfire@progsoc.org>  Tue, 28 Nov 2000 02:16:01 +1100

tcpdump (3.5.2-2) unstable; urgency=low

  * Update both config.guess and config.sub (Closes: #36692, #53145)
  * Opps, make the .diff available.
  * We require a particular libpcap version to work (Closes: #77877)

 -- Anand Kumria <wildfire@progsoc.org>  Mon, 27 Nov 2000 01:13:55 +1100

tcpdump (3.5.2-1) unstable; urgency=low

  * New Maintainer
  * New upstream release (Closes: #75889)
  * Upstream added hex dump (-x) and ascii dump (-X) Closes: #23514, #29418)
  * Acknowledge and incorporate security fixes (Closes: #63708, #77489)
  * Appletalk / Ethertalk patches are in (Closes: #67642)

 -- Anand Kumria <wildfire@progsoc.org>  Wed, 22 Nov 2000 13:19:33 +1100

tcpdump (3.4a6-4.1) frozen unstable; urgency=high

  * Non-maintainer upload by security team
  * Apply patch from tcpdump-workers mailinglist to fix DNS DoS attack
    against tcpdump. Based on patch from Guy Harris <gharris@flashcom.net> as
    found on http://www.tcpdump.org/lists/workers/1999/msg00607.html
  * Fix Build-Depends entry in debian/control

 -- Wichert Akkerman <wakkerma@debian.org>  Sun,  7 May 2000 15:17:33 +0200

tcpdump (3.4a6-4) unstable; urgency=low

  * New maintainer.
  * tcpdump.c (main): Reestablish priviliges before closing the device
    (closes: #19959).
  * It seems the problem with ppp came from the kernel - I can dump
    packages on ppp0 just fine... (closes: #25757)
  * print-tcp.c (tcp_print): Applied patch from David S. Miller submitted
    by Andrea Arcangeli to fix tcpdump sack TCP option interpretation
    (closes: #28530).
  * print-bootp.c (rfc1048_print): Interpret timezone offset as signed
    (closes: #40376). Fixed byte order problem in printing internet
    addresses (closes: #40375). Thanks to Roderick Schertler for the patch.
  * Several files: Applied SMB patch from samba.org (closes: #27653).
  * print-ip.c (ip_print): Check for ip headers with less than 5 longs.
    Patch taken from RedHat's source package.
  * Redid debian/rules using debhelper.
  * Makefile.in: Install the manpage into man8 instead of man1.
  * tcpdump.1: Moved to section 8 (admin commands).
  * print-smb.c (print_smb): Disabled anything but printing the command
    info by default. Otherwise we would get flooded with smb information.
    You can get all info using -vvv. Two -v's will give you the SMB headers.
  * tcpdump.1: Documented the behaviour described above.

 -- Torsten Landschoff <torsten@debian.org>  Mon, 22 Nov 1999 01:31:44 +0100

tcpdump (3.4a6-3) frozen unstable; urgency=low

  * fixed permissions

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Mon, 30 Mar 1998 02:28:39 +0200


tcpdump (3.4a6-2) frozen unstable; urgency=low

  * rebuild with latest debmake, fixes #19415
    (should also fix the lintian warnings)
  * updated standards-version

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Mon, 30 Mar 1998 00:28:39 +0200


tcpdump (3.4a6-1) unstable; urgency=low

  * updated to latest upstream version, fixes: Bug#17163
  * install changelog.Debian compressed, fixes: Bug#15417

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Sun,  1 Feb 1998 00:08:31 +0100


tcpdump (3.4a4-1) unstable; urgency=low

  * updated to latest upstream version
  * libc6 version

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Wed, 17 Sep 1997 23:22:54 +0200


tcpdump (3.3.1a2-1) frozen stable unstable; urgency=medium

  * updated to latest upstream version (works with new libpcap now)

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Sat, 24 May 1997 00:49:17 +0200


tcpdump (3.3-2) unstable; urgency=low

  * fixed SLIP support

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Sun, 16 Feb 1997 21:06:51 +0100


tcpdump (3.3-1) unstable; urgency=low

  * updated to latest upstream version

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Thu, 16 Jan 1997 01:34:00 +0100