--- ippl-1.4.14.orig/debian/control +++ ippl-1.4.14/debian/control @@ -0,0 +1,47 @@ +Source: ippl +Section: net +Priority: extra +Maintainer: Marc Haber +Uploaders: RISKO Gergely +Build-Depends: cdbs, + dpatch, debhelper (>= 5), bison, flex +Homepage: http://pltplp.net/ippl/ +Standards-Version: 3.9.0 + +Package: ippl +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, perl5-base, logrotate, adduser (>> 3.51), lsb-base (>= 3.0-6) +Description: IP protocols logger + writes information about incoming ICMP messages, TCP connections and + UDP datagrams to syslog. + . + It is highly configurable and has a built-in DNS cache. + . + Please note that upstream is rather inactive lately (no release since + 2001), and that there are some rather nasty bugs. + . + An incomplete list of the bugs includes: + - random packets don't get logged sometimes + - stops logging at all after some weeks + - ipv6 never got implemented + - documentation is out of sync. + . + Trying to fix these bugs is not easy. Please do not expect the Debian + maintainer to do this, but patches are appreciated. + . + Please consider using a fully-grown intrusion detection system (like + snort) instead of ippl. + . + Upstream URL: http://pltplp.net/ippl/ + +Package: ippl-dbg +Section: debug +Architecture: any +Depends: ippl (= ${binary:Version}), ${misc:Depends} +Description: debugging systems for ippl + writes information about incoming ICMP messages, TCP connections and + UDP datagrams to syslog. + . + This package contains the debugging symbols for ippl. + . + Upstream URL: http://pltplp.net/ippl/ --- ippl-1.4.14.orig/debian/ippl.logrotate +++ ippl-1.4.14/debian/ippl.logrotate @@ -0,0 +1,23 @@ +# Logrotate file for ippl + +/var/log/ippl/all.log { + notifempty + rotate 4 + weekly + compress + missingok + postrotate + invoke-rc.d --quiet ippl restart > /dev/null + endscript +} + +/var/log/ippl/udp.log { + notifempty + rotate 4 + weekly + compress + missingok + postrotate + invoke-rc.d --quiet ippl restart > /dev/null + endscript +} --- ippl-1.4.14.orig/debian/ippl.postinst +++ ippl-1.4.14/debian/ippl.postinst @@ -0,0 +1,31 @@ +#!/bin/bash -e +# postinst + +USERNAME="Debian-ippl" + +# purge debconf database entries on upgrade from 1.4.14-4 and 1.4.14-5 + +[ -n "$IPPLDEBUG" ] && set -x + +if [ "$1" = "configure" ]; then + if dpkg --compare-versions "$2" le-nl "1.4.14-4" || \ + dpkg --compare-versions "$2" le-nl "1.4.14-5"; then + if [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_purge + db_stop + fi + fi +fi + +# Add user +if [ "$1" = "configure" ]; then + echo >&2 'Adding system user' + adduser --system --group --home /var/run/ippl \ + --disabled-login --force-badname $USERNAME +fi + +#DEBHELPER# + +# zap old run files. Starting with 1.4.14-6, we are in /var/run/ippl/ +rm -f /var/run/ippl.conf /var/run/ippl.pid --- ippl-1.4.14.orig/debian/copyright +++ ippl-1.4.14/debian/copyright @@ -0,0 +1,17 @@ +This package was debianized by Hugo Haas on Sat Jan 23 22:33:48 GMT +1999, and has been maintained by RISKO Gergely from 2000 until 2005. +Since March 2005, Marc Haber is maintaining the Debian package. + +Upstream URL: http://pltplp.net/ippl/ + +Copyright: GNU General Public License. + +Some of the modifications for Debian are copyright (C) 1999-2000 Hugo +Haas, and also released under the terms of the GPL -- version 2, or +any later version. + +A copy of the GNU General Public License is available as +`/usr/share/common-licenses/GPL' in the Debian GNU/Linux distribution or +on the World Wide Web at http://www.gnu.org/copyleft/gpl.html. You can +also obtain it by writing to the Free Software Foundation, Inc., +51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. --- ippl-1.4.14.orig/debian/watch +++ ippl-1.4.14/debian/watch @@ -0,0 +1,3 @@ +version=2 + +http://pltplp.net/ippl/archive/ippl-([0-9\.]*)\.tar\.gz --- ippl-1.4.14.orig/debian/ippl.dirs +++ ippl-1.4.14/debian/ippl.dirs @@ -0,0 +1,6 @@ +usr/sbin +usr/share +usr/share/man/man5 +usr/share/man/man8 +etc +var/log/ippl --- ippl-1.4.14.orig/debian/ippl.preinst +++ ippl-1.4.14/debian/ippl.preinst @@ -0,0 +1,6 @@ +#!/bin/sh -e +if [ "$1" = "upgrade" ]; then + echo Removing /etc/cron.weekly/ippl + rm -rf /etc/cron.weekly/ippl +fi +#DEBHELPER# --- ippl-1.4.14.orig/debian/compat +++ ippl-1.4.14/debian/compat @@ -0,0 +1 @@ +5 --- ippl-1.4.14.orig/debian/ippl.init +++ ippl-1.4.14/debian/ippl.init @@ -0,0 +1,218 @@ +#!/bin/bash +# +# Written by Hugo Haas . +# Modified by Marc Haber . + +### BEGIN INIT INFO +# Provides: ippl +# Required-Start: $local_fs $remote_fs $syslog $named $network $time +# Required-Stop: $local_fs $remote_fs $syslog $named $network +# Should-Start: +# Should-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: IP protocols logger +# Description: ippl writes information about incoming network traffic +### END INIT INFO + +set -e + +if [ -r "/lib/lsb/init-functions" ]; then + . /lib/lsb/init-functions +else + echo "E: /lib/lsb/init-functions not found, lsb-base (>= 3.0-6) needed" + exit 1 +fi + +PATH="/bin:/usr/bin:/sbin:/usr/sbin" + +RUNDIR="/var/run/ippl" +PIDFILE="$RUNDIR/ippl.pid" +CONFDIR="/etc" +CONFDDIR="$CONFDIR/ippl.conf.d" +CONFFILE="$RUNDIR/ippl.conf" +IPPLCOMMENTS="no" + +DAEMON="/usr/sbin/ippl" +NAME="ippl" +DESC="IP protocols logger" + +test -f $DAEMON || exit 0 + +# this is from madduck on IRC, 2006-07-06 +# There should be a better possibility to give daemon error messages +# and/or to log things +log() +{ + case "$1" in + [[:digit:]]*) success=$1; shift;; + *) :;; + esac + log_action_begin_msg "$1"; shift + log_action_end_msg ${success:-0} "$*" +} + + +# run-parts emulation, stolen from Branden's /etc/X11/Xsession +# Addition: Use file.rul instead if file if it exists. +run_parts () { + # reset LC_COLLATE + unset LANG LC_COLLATE LC_ALL + + if [ -z "$1" ]; then + log "internal run_parts called without an argument" + fi + if [ ! -d "$1" ]; then + log "internal run_parts called, but $1 does not exist or is not a directory." + fi + for F in $(ls $1); do + if expr "$F" : '[[:alnum:]_-]\+$' > /dev/null 2>&1; then + if [ -f "$1/$F" ] ; then + if [ -f "$1/${F}.rul" ] ; then + echo "$1/${F}.rul" + else + echo "$1/$F" + fi + fi + fi + done; +} + +cat_parts() { + if [ -z "$1" ]; then + log "internal cat_parts called without an argument" + fi + if [ ! -d "$1" ]; then + exit 0 + fi + for file in $(run_parts $1); do + echo "#####################################################" + echo "### $file" + echo "#####################################################" + cat $file + echo + echo "#####################################################" + echo "### end $file" + echo "#####################################################" + done +} + +removecomments() { + if [ "x${IPPLCOMMENTS}" = "xno" ] ; then + grep -E -v '^[[:space:]]*#' | sed -e '/^$/N;/\n$/D' ; + else + cat + fi +} + + +update_ippl_conf() { +cat << EOF > ${CONFFILE}.tmp +######### +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# this file is generated dynamically from /etc/ippl/ippl.conf and the files +# in /etc/ippl/ippl.conf.d +# Any changes you make here will be lost. +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +# WARNING WARNING WARNING +######### +EOF + +(cat ${CONFDIR}/ippl.conf 2>/dev/null; cat_parts ${CONFDDIR}) | \ + removecomments \ + >> ${CONFFILE}.tmp + +# test validity if called without -o +# this is not currently possible with ippl, +# but can be easily enabled with this (of course untested) example code +#if [ "x${CONFFILE}" = "x${AUTOCONFIGFILE}" ] && \ +# [ -x ${DAEMON} ] ; then +# if ! ${DAEMON} --config "${CONFFILE}.tmp" > /dev/null ; then +# log "Invalid new configfile ${CONFFILE}.tmp" +# log "not installing ${CONFFILE}.tmp to ${CONFFILE}" +# exit 1 +# fi +#fi + +mv -f ${CONFFILE}.tmp ${CONFFILE} +} + +check_started () { + pidofproc -p $PIDFILE $DAEMON > /dev/null +} + +start () { + if ! check_started; then + start_daemon -p $PIDFILE $DAEMON -c /var/run/ippl/ippl.conf + ret=$? + else + log_failure_msg "already running!" + log_end_msg 1 + exit 1 + fi + return $ret +} + +stop () { + killproc -p $PIDFILE $DAEMON + return $? +} + +status() +{ + log_action_begin_msg "checking $DAEMON" + if check_started; then + log_action_end_msg 0 "running" + else + if [ -e "$PIDFILE" ]; then + log_action_end_msg 1 "$DAEMON failed" + exit 1 + else + log_action_end_msg 0 "not running" + exit 3 + fi + fi +} + + +[ -e /var/run/ippl ] || \ + install -d -oDebian-ippl -gDebian-ippl -m755 /var/run/ippl + +case "$1" in + start) + log_daemon_msg "Starting $DESC" "$NAME" + update_ippl_conf + start + log_end_msg $? + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + stop + log_end_msg $? + ;; + restart|force-reload) + log_daemon_msg "Restarting $DESC" "$NAME" + stop + if [ -z "$?" -o "$?" = "0" ]; then + update_ippl_conf + start + fi + log_end_msg $? + ;; + status) + status + ;; + *) + log_failure_msg "Usage: $0 {start|stop|restart|force-reload|status}" >&2 + exit 1 + ;; +esac + +exit 0 --- ippl-1.4.14.orig/debian/README.source +++ ippl-1.4.14/debian/README.source @@ -0,0 +1,3 @@ +this package uses dpatch and cdbs. + +See /usr/share/doc/dpatch/README.source.gz for Details. --- ippl-1.4.14.orig/debian/changelog +++ ippl-1.4.14/debian/changelog @@ -0,0 +1,429 @@ +ippl (1.4.14-12.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix "FTBFS: log.c:150:5: error: format not a string literal and no + format arguments [-Werror=format-security]": new patch + 60-format-security.dpatch: adds format arguments. + Closes: #643409 + + -- gregor herrmann Wed, 21 Dec 2011 18:00:26 +0100 + +ippl (1.4.14-12) unstable; urgency=low + + * Fix wrong logic in /lib/lsb/init-functions processing. Closes: #565495 + * depend on lsb-base + * run update_ippl_conf even on restart. duh. + * put -dbg package in Section debug + * add Homepage: field + * add debian/README.source + * add ${misc:Depends} to binary packages + * Yes, this package is going to keep 1.0 format, add debian/source/format + * re-generate debian/control + * depend on debhelper 5 + * Standards-Version: 3.9.0 (no other changes necessary) + + -- Marc Haber Tue, 29 Jun 2010 15:54:50 +0200 + +ippl (1.4.14-11) unstable; urgency=low + + * init script: + - do not call start-stop-daemon directly in favor + of LSB functions. Closes: #450647 + - update ippl.conf in case of restart. Closes: #453454 + * Standards-Version: 3.7.3 (no changes necessary) + + -- Marc Haber Sat, 02 Feb 2008 16:36:52 +0100 + +ippl (1.4.14-10) unstable; urgency=low + + * restart ippl instead of the now-defunct reload in logrotate script. + Thanks to TANAKA Atushi. + * do not strip binary during installation. + Thanks to Julien Danjou. Closes: #437218 + * Add -dbg package, set debian/compat to 5 + * re-generate debian/control + * move package-specific debian/ files to ippl.* + * postrm: do not abort if perl-modules not found during deluser. + Thanks to Josip Rodin. Closes: #421094 + + -- Marc Haber Sat, 11 Aug 2007 10:03:24 +0200 + +ippl (1.4.14-9) unstable; urgency=low + + * rm -f config.* on clean. Thanks to Patrick Winnert and Sune Vuorela. + Closes: #424420. + * Add patch from Narayanan R S to fix privilege drop and + re-attachment to sockets. This removes the capability to reload the + configuration. Adapt the init script appropriately. Closes: #420933. + + -- Marc Haber Sun, 20 May 2007 12:06:50 +0200 + +ippl (1.4.14-8) unstable; urgency=low + + * postrm: + * Fix deluser call, the --home parameter does not exist any more. + * Handle gracefully the case that deluser does not exist during + package purge. + * Thanks to Bill Allombert and Vincent Zweije. Closes: #389765 + * Create /var/run/ippl in init script. Closes: #390154 + * lsb-ize init script. Closes: #377027 + * give absolute time for upstream inactivity + * regenerate debian/control + * Standards-Version: 3.7.2: + * use invoke-rc.d in logrotate file + * debian/rules: remove workaround for cdbs bug #284231 + + -- Marc Haber Sun, 1 Oct 2006 14:24:27 +0000 + +ippl (1.4.14-7) unstable; urgency=low + + * add upstream URL to package description + * adapt debian/copyright + * add debian/watch + * Document portresolve/noportresolve in ippl.conf, re-word man page. + Thanks to Matus Uhlar. Closes: #306243 + * Add --oknodo to s-s-d invocation in init script action reload. + Thanks to Mike Dornberger. Closes: #331235 + * disable DEB_AUTO_UPDATE_DEBIAN_CONTROL in debian/rules. + * use current FSF address + * Standards-Version: 3.6.2 (no changes necessary) + + -- Marc Haber Sun, 2 Oct 2005 18:37:12 +0000 + +ippl (1.4.14-6) unstable; urgency=low + + * New Maintainer. Closes: #300183 + * Put debian/ under version control + * Migrate Package to cdbs + * Add dpatch + * Move portresolve patch to patches, apply via dpatch + * remove debian/conffiles + * remove debconf stuff and depends, purge database entries on + installation. Closes: #299651 + * move warning from debconf template to README.debian + * re-work package description + * Fix wrong comment in ippl.conf. Thanks to Dan Jacobson. + Closes: #236412 + * Remove wrong sentence in ippl.conf.man. Thanks to Dan Jacobson. + Closes: #236414 + * create user Debian-ippl, and run as that user. Closes: #252102 + * create directory /var/run/ippl and use it. + * Use cat_parts from exim4/aide to build config file. Thanks to + Kovacs Baldvin. Closes: #283713, #289169 + + -- Marc Haber Sun, 20 Mar 2005 10:38:33 +0000 + +ippl (1.4.14-5) unstable; urgency=high + + * db_stop added to postinst (closes: #299651) + + -- RISKO Gergely Tue, 15 Mar 2005 21:05:16 +0100 + +ippl (1.4.14-4) unstable; urgency=low + + * debconf note about package removal after sarge + + -- RISKO Gergely Sat, 12 Mar 2005 01:44:16 +0100 + +ippl (1.4.14-3) unstable; urgency=low + + * hurd fix (closes: #218330) + * /etc/ippl.conf.d feature (closes: #217803) + * implemented portresolve/noportresolve (closes: #197143) + + -- RISKO Gergely Sat, 24 Jan 2004 16:06:39 +0100 + +ippl (1.4.14-2) unstable; urgency=low + + * unneeded build-depends (libdb3-dev) removed (closes: Bug#127290) + + -- RISKO Gergely Tue, 1 Jan 2002 11:49:48 +0100 + +ippl (1.4.14-1) unstable; urgency=low + + * new upstream, fixed memory leak (closes: Bug#111190) + + -- RISKO Gergely Mon, 29 Oct 2001 19:33:41 +0100 + +ippl (1.4.13-1) unstable; urgency=low + + * Fixed the - parsing problem in the new upstream version. (closes: Bug#89151) + + -- RISKO Gergely Sat, 28 Jul 2001 11:32:05 +0200 + +ippl (1.4.12-5) unstable; urgency=low + + * Build-Depends fix (bison, flex) (closes: Bug#94144) + + -- RISKO Gergely Mon, 16 Apr 2001 22:40:01 +0200 + +ippl (1.4.12-4) unstable; urgency=low + + * Logrotate changes. + + -- RISKO Gergely Tue, 12 Apr 2001 20:31:01 +0200 + +ippl (1.4.12-3) unstable; urgency=low + + * New maintainer forgot to replace the Maintainer field, now changed. (closes: Bug#75591) + + -- Gergely Risko Tue, 5 Dec 2000 16:31:01 +0100 + +ippl (1.4.12-2) unstable; urgency=low + + * New maintainer. (closes: Bug#75591) + * '/etc/init.d/ippl reload' works well (closes: Bug#60363) + * logrotate instead of ippl-listfiles (closes: Bug#70650, Bug#74994, closes: Bug#44917) + * Build-Depends added. + + -- Gergely Risko Fri, 1 Dec 2000 17:59:18 +0100 + +ippl (1.4.12-1) unstable; urgency=low + + * New upstream release. + + -- Hugo Haas Fri, 10 Nov 2000 21:22:32 -0500 + +ippl (1.4.11-1) unstable; urgency=low + + * New upstream release (closes: #69160, #72323, #75305, #50359). + See: http://www.via.ecp.fr/ml/ippl/200010/msg00003.html + + -- Hugo Haas Sat, 4 Nov 2000 23:29:36 -0500 + +ippl (1.4.10-1) frozen unstable; urgency=low + + * New upstream release: fixes x.x.x.x/n parsing (closes: #62784). + + -- Hugo Haas Fri, 21 Apr 2000 15:35:30 -0400 + +ippl (1.4.9-1) frozen unstable; urgency=low + + * New upstream release: GID change. Fixes release critical bug + (closes: #55864). + + -- Hugo Haas Fri, 11 Feb 2000 15:35:25 -0500 + +ippl (1.4.8-1) unstable; urgency=low + + * New upstream release: now correctly becomes a daemon (closes: #44829); + doesn't complain about options in the IP header anymore. + * Removed duplicate README.[Dd]ebian (closes: #46031). + * Now depends on perl5-base instead of perl-base (closes: #46972). + * Cleaned up debhelper files. + + -- Hugo Haas Sun, 11 Oct 1999 13:07:34 -0400 + +ippl (1.4.7-2) unstable; urgency=low + + * Using FHS-compliant debhelper. + * /etc/cron.weekly/ippl is now a configuration file. + + -- Hugo Haas Mon, 6 Sep 1999 17:55:10 -0400 + +ippl (1.4.7-1) unstable; urgency=low + + * New upstream release: better logging of repeteating events. + * Upgraded to 3.0.1.1 standards. + + -- Hugo Haas Mon, 6 Sep 1999 00:38:19 -0400 + +ippl (1.4.6-1) unstable; urgency=low + + * New upstream release: fixes a configuration parsing problem. + + -- Hugo Haas Wed, 16 Jun 1999 22:25:49 -0400 + +ippl (1.4.5-1) unstable; urgency=medium + + * New upstream: fixes a buffer overflow problem. + + -- Hugo Haas Mon, 19 Apr 1999 18:40:46 +0100 + +ippl (1.4.4-1) unstable; urgency=low + + * New upstream release: fixes a problem in port range parsing. + + -- Hugo Haas Mon, 12 Apr 1999 17:41:30 +0100 + +ippl (1.4.3-1) unstable; urgency=medium + + * New upstream release: correctly fixes a potential denial of service + problem. + + -- Hugo Haas Fri, 9 Apr 1999 18:33:23 +0100 + +ippl (1.4.2-1) unstable; urgency=medium + + * New upstream release: fixes a potential denial of service problem. + + -- Hugo Haas Thu, 8 Apr 1999 18:29:50 +0100 + +ippl (1.4.1-1) unstable; urgency=low + + * New upstream release: bug fixes (fixes #35365). + + -- Hugo Haas Tue, 6 Apr 1999 18:30:02 +0100 + +ippl (1.4.0-1) unstable; urgency=low + + * New upstream version: bug fixes. + + -- Hugo Haas Fri, 26 Mar 1999 19:28:58 +0000 + +ippl (1.3.9-1) unstable; urgency=low + + * New upstream version: bug fixes. Updated man pages. + + -- Hugo Haas Wed, 17 Mar 1999 19:31:44 +0000 + +ippl (1.3.7-1) unstable; urgency=low + + * New upstream version: bug fixes; corrected typos. + + -- Hugo Haas Tue, 16 Mar 1999 02:32:55 -0600 + +ippl (1.3.6-1) unstable; urgency=low + + * New upstream release: bug fixes in the configuration mechanism. + + -- Hugo Haas Sun, 14 Mar 1999 12:30:00 -0600 + +ippl (1.3.5-1) unstable; urgency=low + + * New upstream release: + + bug fixes + + now detects when a TCP connection is closed + + -- Hugo Haas Sat, 13 Mar 1999 23:39:13 +0000 + +ippl (1.3.3-1) unstable; urgency=low + + * New upstream release: major changes: + + ident queries + + improved (!) configurability + + libc5 compatibility + + bug fixes + + -- Hugo Haas Tue, 9 Mar 1999 20:14:23 +0000 + +ippl (1.2.4-1) unstable; urgency=low + + * New upstream release: fixes a problem with the noresolve rule. + * Created a /var/log/ippl directory which will be removed when the + package is purged. + + -- Hugo Haas Sat, 6 Mar 1999 16:49:39 +0000 + +ippl (1.2.3-1) unstable; urgency=low + + * New upstream release: fixes problems in the configuration parsing. + + -- Hugo Haas Sat, 6 Mar 1999 15:23:06 +0000 + +ippl (1.2.2-1) unstable; urgency=low + + * New upstream release: forgot to remove a line used for debugging in + version 1.2.1. + + -- Hugo Haas Thu, 4 Mar 1999 10:13:11 +0000 + +ippl (1.2.1-1) unstable; urgency=low + + * New upstream release: corrects a bug about file logging. + * Log file rotation corrected. + + -- Hugo Haas Wed, 3 Mar 1999 21:53:22 +0000 + +ippl (1.2-2) unstable; urgency=low + + * Removed a garbage line in the config line. + * Added a mechanism to rotate the log files. + * Updated to standards 2.5.0.0. + + -- Hugo Haas Tue, 2 Mar 1999 21:29:48 +0000 + +ippl (1.2-1) unstable; urgency=low + + * New upstream release: bugs fixed; moved command line options to + configuration file; code clean-up; ability to log in a file. + * Note that this package does not have have a script to rotate the logs + or to delete them when removed (I will do that in version 1.2-2 soon). + + -- Hugo Haas Sat, 27 Feb 1999 23:05:23 +0000 + +ippl (1.1-1) unstable; urgency=low + + * New upstream release: possibility to filter using the destination + address; dynamic reloading of the configuration; new options; bug + fixes. + + -- Hugo Haas Sun, 21 Feb 1999 09:40:55 -0600 + +ippl (1.0-1) unstable; urgency=low + + * New upstream release: stable version (source cleaned up since last + release). + + -- Hugo Haas Sun, 14 Feb 1999 10:27:54 -0600 + +ippl (0.13-2) unstable; urgency=low + + * Modified debian/init so that the restart option now works fine. + + -- Hugo Haas Tue, 9 Feb 1999 13:49:48 -0600 + +ippl (0.13-1) unstable; urgency=low + + * New upstream release: now correctly handles PID files. + * Cleaned up debian/rules. + * Modified debian/postrm. + + -- Hugo Haas Mon, 8 Feb 1999 12:04:15 -0600 + +ippl (0.12-1) unstable; urgency=low + + * New upstream release: more bug fixes; expiration of DNS data. + * From now on, only bugfixes to end up with a stable, bug-free, + version 1.0. + + -- Hugo Haas Sun, 7 Feb 1999 09:33:01 -0600 + +ippl (0.11-1) unstable; urgency=low + + * New upstream release: again, bugs fixed. No new feature. + + -- Hugo Haas Fri, 5 Feb 1999 05:44:42 -0600 + +ippl (0.10-1) unstable; urgency=low + + * New upstream release: lots of bug fixed, better documentation. + * UDP disabled by default because too many packets are logged with the + default configuration. + + -- Hugo Haas Wed, 3 Feb 1999 14:57:11 -0600 + +ippl (0.9-1) unstable; urgency=low + + * New upstream version: limits the number of DNS queries by using a cache, + better configuration syntax. + + -- Hugo Haas Tue, 2 Feb 1999 13:00:51 -0600 + +ippl (0.8-2) unstable; urgency=low + + * Oops! Fixed two typos in ippl.conf... + + -- Hugo Haas Mon, 1 Feb 1999 07:35:41 -0600 + +ippl (0.8-1) unstable; urgency=low + + * New upstream version: UDP logging. + + -- Hugo Haas Sat, 30 Jan 1999 12:18:49 -0600 + +ippl (0.7-1) unstable; urgency=low + + * Initial release. + + -- Hugo Haas Sat, 23 Jan 1999 22:46:30 +0000 --- ippl-1.4.14.orig/debian/control.in +++ ippl-1.4.14/debian/control.in @@ -0,0 +1,46 @@ +Source: ippl +Section: net +Priority: extra +Maintainer: Marc Haber +Uploaders: RISKO Gergely +Build-Depends: @cdbs@, debhelper (>= 5), bison, flex +Homepage: http://pltplp.net/ippl/ +Standards-Version: 3.9.0 + +Package: ippl +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, perl5-base, logrotate, adduser (>> 3.51), lsb-base (>= 3.0-6) +Description: IP protocols logger + writes information about incoming ICMP messages, TCP connections and + UDP datagrams to syslog. + . + It is highly configurable and has a built-in DNS cache. + . + Please note that upstream is rather inactive lately (no release since + 2001), and that there are some rather nasty bugs. + . + An incomplete list of the bugs includes: + - random packets don't get logged sometimes + - stops logging at all after some weeks + - ipv6 never got implemented + - documentation is out of sync. + . + Trying to fix these bugs is not easy. Please do not expect the Debian + maintainer to do this, but patches are appreciated. + . + Please consider using a fully-grown intrusion detection system (like + snort) instead of ippl. + . + Upstream URL: http://pltplp.net/ippl/ + +Package: ippl-dbg +Section: debug +Architecture: any +Depends: ippl (= ${binary:Version}), ${misc:Depends} +Description: debugging systems for ippl + writes information about incoming ICMP messages, TCP connections and + UDP datagrams to syslog. + . + This package contains the debugging symbols for ippl. + . + Upstream URL: http://pltplp.net/ippl/ --- ippl-1.4.14.orig/debian/rules +++ ippl-1.4.14/debian/rules @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +# to re-generate debian/control, invoke +# fakeroot debian/rules debian/control DEB_AUTO_UPDATE_DEBIAN_CONTROL:=yes + +# automatic debian/control generation disabled, cdbs bug #311724. + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/cdbs/1/rules/dpatch.mk + +DEB_DESTDIR = debian/ippl +DEB_MAKE_INSTALL_TARGET = install ROOT=$(DEB_DESTDIR) +DEB_MAKE_BUILD_TARGET = all VARRUN=/var/run/ippl +DEB_CONFIGURE_USER_FLAGS = --with-user=Debian-ippl +DEB_DH_STRIP_ARGS := --dbg-package=ippl-dbg + +clean:: + rm -f config.* --- ippl-1.4.14.orig/debian/ippl.postrm +++ ippl-1.4.14/debian/ippl.postrm @@ -0,0 +1,22 @@ +#!/bin/sh -e +# postrm + +USERNAME="Debian-ippl" +HOMEDIR="/var/run/ippl" + +#DEBHELPER# + +if [ "$1" = "purge" ]; then + rm -rf /var/log/ippl + + if command -v deluser >/dev/null; then + echo >&2 'Removing system user' + RET=0 + deluser --remove-home --system $USERNAME || RET=$? + if [ "$RET" != "8" ]; then + exit $RET + fi + else + echo >&2 'Not removing system user, deluser not found' + fi +fi --- ippl-1.4.14.orig/debian/ippl.docs +++ ippl-1.4.14/debian/ippl.docs @@ -0,0 +1,4 @@ +README +BUGS +CREDITS +TODO --- ippl-1.4.14.orig/debian/README.debian +++ ippl-1.4.14/debian/README.debian @@ -0,0 +1,91 @@ +ippl Debian package +------------------- + +===================================== += Upstream inactive, package buggy +===================================== + +Please note that the ippl package is upstreamly unmaintained since 2001, +and that there are some rather nasty bugs. + +The bugs come from fundamental errors in the design and implementation +of ippl. + +An incomplete list of the bugs includes: + - random packets don't get logged sometimes + - stops logging at all after some weeks + - ipv6 never got implemented + - documentation is out of sync + - doesn't handle multiple SIGHUPs in fast consecutive order good, + stops logging + +Trying to fix these bugs is not easy. Please do not expect the Debian +maintainer to do this, but patches are appreciated. + +Please consider using a fully-grown intrusion detection system (like +snort) instead of ippl. + +A possible idea would be re-writing ippl to use iptables' ULOG target +to get hold of the packets, while keeping the log format and the +configuration file format. Example code about how to interface with +the ULOG target is contained in the ulog-acctd package. However, +converting to ULOG means writing a Linux-only program. + +-- Gergely Risko, Marc Haber + +===================================== += Upstream Mailing Lists +===================================== + +Thanks to VIA - Centrale Réseaux, there are two mailing lists for ippl: + +- ippl-announce: News about ippl are posted here. + Archive: http://www.via.ecp.fr/via/ml/ippl-announce/index.html +- ippl: this is the discussion list for development topics. This is the + one you should use to contact upstream. + Archive: http://www.via.ecp.fr/via/ml/ippl/index.html + +If you want to subscribe to one of these mailing lists, send an email +to ecartis@via.ecp.fr containing subscribe list in the body, where +list is the name of the list you wish to subscribe to. + +Upstream's web site is pointing towards listar@via.ecp.fr. This is +obsolete information. + +===================================== += Note about the log files: +===================================== + +The log files which will be rotated weekly are the log files declared +in /etc/logrotate.d/ippl. + +When the package is purged, the directory /var/log/ippl will be +removed. If you have used log files in other directories, they will not +be deleted. This is why I strongly recommend that you put all the log +files in /var/log/ippl. + +-- Gergely Risko + +===================================== += Note about the configuration file: +===================================== + +The syntax of the rules has changed between version 1.2 and version +1.4. You may have to rewrite some of your rules. + +1.4.14-3's new feature: /etc/ippl.conf.d. + (idea from: Marc Haber ) +If your package put something in /etc/ippl.conf.d directory, this +will automatically cat'd to the ippl.conf when ippl starts. +If you think that ippl doesn't work like you configured it in +/etc/ippl.conf, please see /etc/ippl.conf.d directory. If this is +not empty, this can be the reason, rm it. :) +If you don't want the crude shell script, which do the cat, etc. you +can rm -rf /etc/ippl.conf.d. + +* I've also implemented the user requested + (Matus \"fantomas\" Uhlar" ) + noportresolve/portresolve feature. Work EXACTLY as noresolve, but + passing icmp to it in anyways is legal, but not useful. + +-- Gergely Risko --- ippl-1.4.14.orig/debian/patches/20-ippl-conf.dpatch +++ ippl-1.4.14/debian/patches/20-ippl-conf.dpatch @@ -0,0 +1,46 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 20-ippl-conf.dpatch by Marc Haber +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad trunk~/ippl.conf trunk/ippl.conf +--- trunk~/ippl.conf 2001-09-29 13:23:19.000000000 +0000 ++++ trunk/ippl.conf 2005-10-02 18:24:54.000000000 +0000 +@@ -4,13 +4,15 @@ + # User used + # --------- + # Specify the user (declared in /etc/passwd) used to run the +-# logging threads. +-#runas nobody ++# logging threads. The ippl process visible in the process table ++# is still running as root! Look in /proc/pid/task to see the threads ++# running as Debian-ippl ++runas Debian-ippl + + # Resolve hostnames? + # ------------------ +-# Uncomment the line below to disable DNS lookups +-#noresolve all ++# Uncomment the line below to enable DNS lookups ++#resolve all + + # Use ident? + # ---------- +@@ -38,9 +40,14 @@ + # ---------------- + run icmp tcp + # Uncomment the line below to log UDP traffic. +-# See ippl.conf(5) for recommandations. ++# See ippl.conf(5) for recommendations. + #run udp + ++# Resolve tcp/udp port to service name? ++# ------------------------------------- ++# portresolve icmp tcp udp ++# Set noportresolve to log port numbers instead ++ + # Logging format + # ---------------- + # If you want to see the destination address, the ports, etc --- ippl-1.4.14.orig/debian/patches/50-nostrip.dpatch +++ ippl-1.4.14/debian/patches/50-nostrip.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 50-nostrip.dpatch by Marc Haber +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No not strip binary during installation + +@DPATCH@ +diff -urNad trunk~/Makefile.in trunk/Makefile.in +--- trunk~/Makefile.in 2000-04-21 21:37:49.000000000 +0200 ++++ trunk/Makefile.in 2007-08-11 09:10:23.000000000 +0200 +@@ -18,7 +18,7 @@ + + install: all + $(INSTALL) -d -m 755 $(SBINDIR) +- $(INSTALL) -s -m 755 Source/ippl $(SBINDIR)/ippl ++ $(INSTALL) -m 755 Source/ippl $(SBINDIR)/ippl + $(INSTALL) -d -m 755 $(ETCDIR) + [ -f $(CONFIGURATION_FILE) ] || \ + $(INSTALL) -m 644 ippl.conf $(CONFIGURATION_FILE) --- ippl-1.4.14.orig/debian/patches/40-privilege-drop-420933.dpatch +++ ippl-1.4.14/debian/patches/40-privilege-drop-420933.dpatch @@ -0,0 +1,149 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## privilege-drop-420933.dpatch by Marc Haber +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad trunk~/Source/icmp.c trunk/Source/icmp.c +--- trunk~/Source/icmp.c 2001-09-28 20:47:58.000000000 +0200 ++++ trunk/Source/icmp.c 2007-05-20 12:05:24.000000000 +0200 +@@ -39,6 +39,8 @@ + #include "log.h" + #include "filter.h" + #include "configuration.h" ++#include ++#include + + /* Socket */ + int icmp_socket; +@@ -296,14 +298,16 @@ + + icmp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); + if (icmp_socket <= 0) { +- log.log(log.level_or_fd, "FATAL: Unable to open icmp raw socket"); ++ int error = errno; ++ log.log(log.level_or_fd, "FATAL: Unable to open icmp raw socket\nERROR No: %d\nERROR : %s", error, strerror(error)); + exit(1); + } + +- setgid(((struct passwd *)nobody)->pw_gid); ++ /* Don't do this here - race conditions will arise */ ++ /* setgid(((struct passwd *)nobody)->pw_gid); + initgroups(((struct passwd *)nobody)->pw_name, + ((struct passwd *)nobody)->pw_gid); +- setuid(((struct passwd *)nobody)->pw_uid); ++ setuid(((struct passwd *)nobody)->pw_uid); */ + + for(;;) { + if (read(icmp_socket, (__u8 *) &pkt, ICMP_CAPTURE_LENGTH) == -1) { +diff -urNad trunk~/Source/main.c trunk/Source/main.c +--- trunk~/Source/main.c 2000-04-21 21:37:49.000000000 +0200 ++++ trunk/Source/main.c 2007-05-20 12:05:24.000000000 +0200 +@@ -153,6 +153,17 @@ + run_thread(&udp_t, log_udp, (void *)account); + } + ++ /* Sleep 1 sec to allow the other threads to catchup */ ++ /* Not the best way to solve the issue but it works */ ++ sleep(1); ++ ++ /* Drop privileges */ ++ ++ setgid(((struct passwd *)account)->pw_gid); ++ initgroups(((struct passwd *)account)->pw_name, ++ ((struct passwd *)account)->pw_gid); ++ setuid(((struct passwd *)account)->pw_uid); ++ + } + + +@@ -160,8 +171,10 @@ + * reload_configuration + * + * Stops the threads and reloads the configuration ++ * ++ * -- DEPRECATED (due to privilege drop cannot reload - needs a restart!) + */ +-void reload_configuration() { ++void reload_configuration_DEPRECATED() { + extern pthread_mutex_t log_mutex, service_mutex, dns_mutex, r_mux, w_mux; + extern pthread_cond_t w_cond; + extern int readers; +@@ -353,8 +366,10 @@ + * Function executed when we receive a SIHUP signal + */ + void sighup(int sig) { +- reload_configuration(); +- log.log(log.level_or_fd, "IP Protocols Logger: reloaded configuration."); ++ // DEPRECATED - reload_configuration(); ++ // log.log(log.level_or_fd, "IP Protocols Logger: reloaded configuration."); ++ log.log(log.level_or_fd, "IP Protocols Logger: reload configuration is unsupported."); ++ die(sig); + signal(SIGHUP, sighup); + } + +diff -urNad trunk~/Source/tcp.c trunk/Source/tcp.c +--- trunk~/Source/tcp.c 2001-09-29 15:27:01.000000000 +0200 ++++ trunk/Source/tcp.c 2007-05-20 12:05:24.000000000 +0200 +@@ -44,6 +44,8 @@ + #include "filter.h" + #include "configuration.h" + #include "ident.h" ++#include ++#include + + /* Socket */ + int tcp_socket; +@@ -258,14 +260,16 @@ + + tcp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_TCP); + if (tcp_socket <= 0) { +- log.log(log.level_or_fd, "FATAL: Unable to open tcp raw socket"); ++ int error = errno; ++ log.log(log.level_or_fd, "FATAL: Unable to open tcp raw socket\nERROR No: %d\nERROR : %s", error, strerror(error)); + exit(1); + } + +- setgid(((struct passwd *)nobody)->pw_gid); ++ /* Don't do this here - race conditions will arise */ ++ /* setgid(((struct passwd *)nobody)->pw_gid); + initgroups(((struct passwd *)nobody)->pw_name, + ((struct passwd *)nobody)->pw_gid); +- setuid(((struct passwd *)nobody)->pw_uid); ++ setuid(((struct passwd *)nobody)->pw_uid); */ + + for(;;) { + if (read(tcp_socket, (__u8 *) &pkt, TCP_CAPTURE_LENGTH) == -1) { +diff -urNad trunk~/Source/udp.c trunk/Source/udp.c +--- trunk~/Source/udp.c 2001-09-28 20:47:35.000000000 +0200 ++++ trunk/Source/udp.c 2007-05-20 12:05:24.000000000 +0200 +@@ -39,6 +39,8 @@ + #include "filter.h" + #include "configuration.h" + #include "ident.h" ++#include ++#include + + /* Socket */ + int udp_socket; +@@ -138,14 +140,16 @@ + + udp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); + if (udp_socket <= 0) { +- log.log(log.level_or_fd, "FATAL: Unable to open udp raw socket"); ++ int error = errno; ++ log.log(log.level_or_fd, "FATAL: Unable to open udp raw socket\nERROR No: %d\nERROR : %s", error, strerror(error)); + exit(1); + } + +- setgid(((struct passwd *)nobody)->pw_gid); ++ /* Don't do this here - race conditions will arise */ ++ /* setgid(((struct passwd *)nobody)->pw_gid); + initgroups(((struct passwd *)nobody)->pw_name, + ((struct passwd *)nobody)->pw_gid); +- setuid(((struct passwd *)nobody)->pw_uid); ++ setuid(((struct passwd *)nobody)->pw_uid); */ + + for(;;) { + if (read(udp_socket, (__u8 *) &pkt, UDP_CAPTURE_LENGTH) == -1) { --- ippl-1.4.14.orig/debian/patches/30-manpage.dpatch +++ ippl-1.4.14/debian/patches/30-manpage.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 20-manpage.dpatch by Marc Haber +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad ./Docs/ippl.conf.man /tmp/dpep-work.IyOfxu/trunk/Docs/ippl.conf.man +--- ./Docs/ippl.conf.man 2000-11-05 22:03:47.000000000 +0000 ++++ /tmp/dpep-work.IyOfxu/trunk/Docs/ippl.conf.man 2005-03-19 20:53:38.340875122 +0000 +@@ -222,9 +222,7 @@ + .SS Protocol + .PP + protocol is one of the supported protocols (see the protocols +-section), except the +-.I all +-keyword, which is not supported. ++section). + + .SS Description + .PP --- ippl-1.4.14.orig/debian/patches/10-noportresolve.dpatch +++ ippl-1.4.14/debian/patches/10-noportresolve.dpatch @@ -0,0 +1,306 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10-noportresolve.dpatch by Marc Haber +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad trunk~/Docs/ippl.conf.man trunk/Docs/ippl.conf.man +--- trunk~/Docs/ippl.conf.man 2000-11-05 22:03:47.000000000 +0000 ++++ trunk/Docs/ippl.conf.man 2005-10-02 18:27:03.000000000 +0000 +@@ -92,6 +92,13 @@ + .PP + By default, IP address resolution is disabled for all the protocols. + ++Ippl by default resolves tcp/udp port numbers to their respective ++service names. If you pass a protocol to the noportresolve option, ++ippl logs the port number instead. This is a Debian specific extension. ++ ++By default service resolving is enabled, since this is the behaviour ++of the upstream program. ++ + .SH LOGGING FORMAT + + .BR ippl +@@ -198,6 +205,12 @@ + .I noresolve + disable IP address resolution. + .PP ++.I portresolve ++enable IP service resolution. ++.PP ++.I noportresolve ++disable IP service resolution. ++.PP + .I ident + use ident logging (only for TCP). + .PP +diff -urNad trunk~/Source/configuration.c trunk/Source/configuration.c +--- trunk~/Source/configuration.c 2000-10-28 13:42:25.000000000 +0000 ++++ trunk/Source/configuration.c 2005-10-02 18:25:16.000000000 +0000 +@@ -60,6 +60,7 @@ + extern unsigned int dns_expire; + extern unsigned short log_protocols; + extern unsigned short resolve_protocols; ++ extern unsigned short portresolve_protocols; + extern unsigned short icmp_format; + extern unsigned short tcp_format; + extern unsigned short udp_format; +@@ -71,6 +72,7 @@ + dns_expire = DNS_EXPIRE; + log_protocols = NONE; + resolve_protocols = 0; /* Do not resolve by default */ ++ portresolve_protocols = RUN_TCP | RUN_UDP | RUN_ICMP; /* Resolve by default */ + icmp_format = LOGFORMAT_NORMAL; + tcp_format = LOGFORMAT_NORMAL; + udp_format = LOGFORMAT_NORMAL; +diff -urNad trunk~/Source/filter.c trunk/Source/filter.c +--- trunk~/Source/filter.c 2001-09-29 15:50:50.000000000 +0000 ++++ trunk/Source/filter.c 2005-10-02 18:25:16.000000000 +0000 +@@ -46,6 +46,7 @@ + + extern unsigned short use_ident; + extern unsigned short resolve_protocols; ++extern unsigned short portresolve_protocols; + extern unsigned short icmp_format; + extern unsigned short tcp_format; + extern unsigned short udp_format; +@@ -66,7 +67,7 @@ + #ifdef FILTER_DEBUG + void display_info(struct log_info *info, int entries) { + +- log.log(log.level_or_fd, "DBG: (e:%d) log:%d ident:%d resolve:%d closing:%d format:%d", entries, info->log, info->ident, info->resolve, info->logclosing, info->logformat); ++ log.log(log.level_or_fd, "DBG: (e:%d) log:%d ident:%d resolve:%d portresolve: %d, closing:%d format:%d", entries, info->log, info->ident, info->resolve, info->portresolve, info->logclosing, info->logformat); + } + #endif + +@@ -200,6 +201,19 @@ + break; + } + } ++ if (info->portresolve == -1) { ++ switch (protocol) { ++ case IPPROTO_ICMP: ++ info->portresolve = portresolve_protocols & RUN_ICMP; ++ break; ++ case IPPROTO_TCP: ++ info->portresolve = portresolve_protocols & RUN_TCP; ++ break; ++ case IPPROTO_UDP: ++ info->portresolve = portresolve_protocols & RUN_UDP; ++ break; ++ } ++ } + } + + struct log_info do_log(const __u32 from, const __u32 to, const __u16 type, const __u16 srctype, const short protocol) { +@@ -244,6 +258,7 @@ + info.log = p->log; + info.ident = p->ident; + info.resolve = p->resolve; ++ info.portresolve = p->portresolve; + info.logformat = p->logformat; + info.logclosing = p->logclosing; + set_defaults(protocol, &info); +@@ -265,6 +280,7 @@ + info.log = p->log; + info.ident = p->ident; + info.resolve = p->resolve; ++ info.portresolve = p->portresolve; + info.logformat = p->logformat; + set_defaults(protocol, &info); + #ifdef FILTER_DEBUG +@@ -280,7 +296,7 @@ + info.log = TRUE; + info.ident = use_ident; + info.logclosing = log_closing; +- info.logformat = info.resolve = -1; ++ info.logformat = info.resolve = info.portresolve = -1; + set_defaults(protocol, &info); + + #ifdef FILTER_DEBUG +diff -urNad trunk~/Source/filter.h trunk/Source/filter.h +--- trunk~/Source/filter.h 2000-04-21 19:37:49.000000000 +0000 ++++ trunk/Source/filter.h 2005-10-02 18:25:16.000000000 +0000 +@@ -53,6 +53,7 @@ + struct filter_entry { + short log; /* TRUE for "log", FALSE for "ignore" */ + short ident; /* TRUE if we should use ident */ ++ short portresolve; /* TRUE if we should resolve TCP/UDP services */ + short resolve; /* TRUE if we should resolve IP addresses */ + short logformat; /* format used to log */ + short logclosing; /* TRUE to log closing TCP connections */ +@@ -72,6 +73,7 @@ + short log; + short ident; + short resolve; ++ short portresolve; + short logclosing; + short logformat; + }; +diff -urNad trunk~/Source/ippl.l trunk/Source/ippl.l +--- trunk~/Source/ippl.l 2001-04-14 10:30:04.000000000 +0000 ++++ trunk/Source/ippl.l 2005-10-02 18:25:16.000000000 +0000 +@@ -75,6 +75,9 @@ + [lL][oO][gG][cC][lL][oO][sS][iI][nN][gG] return LOGCLOSING; + [nN][oO][lL][oO][gG][cC][lL][oO][sS][iI][nN][gG] return NOLOGCLOSING; + ++[nN][oO][pP][oO][rR][tT][rR][eE][sS][oO][lL][vV][eE] return NOPORTRESOLVE; ++[pP][oO][rR][tT][rR][eE][sS][oO][lL][vV][eE] return PORTRESOLVE; ++ + [nN][oO][rR][eE][sS][oO][lL][vV][eE] return NORESOLVE; + [rR][eE][sS][oO][lL][vV][eE] return RESOLVE; + +diff -urNad trunk~/Source/ippl.y trunk/Source/ippl.y +--- trunk~/Source/ippl.y 2001-09-28 18:28:37.000000000 +0000 ++++ trunk/Source/ippl.y 2005-10-02 18:25:16.000000000 +0000 +@@ -61,6 +61,7 @@ + + /* Should name resolving be done? */ + unsigned short resolve_protocols; ++unsigned short portresolve_protocols; + + /* Logging format for each protocol */ + unsigned short icmp_format; +@@ -100,7 +101,7 @@ + %token IP HOSTMASK IDENTIFIER FILENAME + %token NUMBER + +-%token LOGFORMAT DETAILED SHORT NORMAL RESOLVE NORESOLVE IDENT NOIDENT LOGCLOSING NOLOGCLOSING ++%token LOGFORMAT DETAILED SHORT NORMAL RESOLVE NORESOLVE IDENT NOIDENT LOGCLOSING NOLOGCLOSING PORTRESOLVE NOPORTRESOLVE + %token RUN RUNAS EXPIRE LOG_IN LOG IGNORE FROM TO TYPE PORT SRCPORT OPTION COMMA + %token ICMP TCP UDP ALL + +@@ -138,6 +139,11 @@ + | NORESOLVE ProtoList EOL + { resolve_protocols &= ~$2; } + ++ | PORTRESOLVE ProtoList EOL ++ { portresolve_protocols |= $2; } ++ | NOPORTRESOLVE ProtoList EOL ++ { portresolve_protocols &= ~$2; } ++ + | LOGCLOSING EOL + { log_closing = TRUE; } + | NOLOGCLOSING EOL +@@ -249,6 +255,7 @@ + switches.log = -1; + switches.ident = use_ident; + switches.resolve = -1; ++ switches.portresolve = -1; + switches.logformat = -1; + switches.logclosing = log_closing; + } +@@ -259,6 +266,7 @@ + $$->ident = switches.ident; + $$->logclosing = switches.logclosing; + $$->resolve = switches.resolve; ++ $$->portresolve = switches.portresolve; + $$->logformat = switches.logformat; + $$->protocol = $4.protocol; + $$->loginfo = $4.loginfoval; +@@ -287,6 +295,8 @@ + | NOIDENT { switches.ident = FALSE; } + | RESOLVE { switches.resolve = RUN_ICMP | RUN_TCP | RUN_UDP; } + | NORESOLVE { switches.resolve = 0; } ++ | PORTRESOLVE { switches.portresolve = RUN_ICMP | RUN_TCP | RUN_UDP; } ++ | NOPORTRESOLVE { switches.portresolve = 0; } + | SHORT { switches.logformat = LOGFORMAT_SHORT; } + | NORMAL { switches.logformat = LOGFORMAT_NORMAL; } + | DETAILED { switches.logformat = LOGFORMAT_DETAILED; } +diff -urNad trunk~/Source/main.c trunk/Source/main.c +--- trunk~/Source/main.c 2000-04-21 19:37:49.000000000 +0000 ++++ trunk/Source/main.c 2005-10-02 18:25:16.000000000 +0000 +@@ -48,6 +48,10 @@ + #include "filter.h" + #include "pidfile.h" + ++#ifndef PATH_MAX ++#define PATH_MAX 4096 ++#endif ++ + /* Logging mechanism */ + struct loginfo log; + +diff -urNad trunk~/Source/netutils.c trunk/Source/netutils.c +--- trunk~/Source/netutils.c 2001-09-29 12:45:56.000000000 +0000 ++++ trunk/Source/netutils.c 2005-10-02 18:25:16.000000000 +0000 +@@ -237,15 +237,21 @@ + * Get a service name for a specified protocol + */ + +-void service_lookup(char *proto, char *service, __u16 port) { ++void service_lookup(char *proto, char *service, __u16 port, int portresolve) { + struct servent *se; + + pthread_mutex_lock(&service_mutex); +- se = getservbyport(port, proto); +- if (se == NULL) +- snprintf(service, SERVICE_LENGTH, "port %d", ntohs(port)); ++ if (portresolve) ++ { ++ se = getservbyport(port, proto); ++ if (se == NULL) ++ snprintf(service, SERVICE_LENGTH, "port %d", ntohs(port)); ++ else { ++ snprintf(service, SERVICE_LENGTH, "%s", se->s_name); ++ } ++ } + else { +- snprintf(service, SERVICE_LENGTH, "%s", se->s_name); ++ snprintf(service, SERVICE_LENGTH, "port %d", ntohs(port)); + } + pthread_mutex_unlock(&service_mutex); + } +diff -urNad trunk~/Source/netutils.h trunk/Source/netutils.h +--- trunk~/Source/netutils.h 2000-04-21 19:37:49.000000000 +0000 ++++ trunk/Source/netutils.h 2005-10-02 18:25:16.000000000 +0000 +@@ -53,6 +53,6 @@ + const __u32 src_addr, const __u16 src_port, + const __u32 dst_addr, const __u16 dst_port); + +-void service_lookup(char *proto, char *service, __u16 port); ++void service_lookup(char *proto, char *service, __u16 port, int portresolve); + + #endif +diff -urNad trunk~/Source/tcp.c trunk/Source/tcp.c +--- trunk~/Source/tcp.c 2001-09-29 13:27:01.000000000 +0000 ++++ trunk/Source/tcp.c 2005-10-02 18:25:16.000000000 +0000 +@@ -51,6 +51,7 @@ + struct loginfo tcp_log; + extern struct loginfo log; + extern unsigned short resolve_protocols; ++extern unsigned short portresolve_protocols; + + /* + * Structure of a TCP packet +@@ -88,7 +89,7 @@ + *details ='\0'; + host_print(remote_host, IPHDR.saddr, + info.resolve); +- service_lookup("tcp", service, TCPHDR.dest); ++ service_lookup("tcp", service, TCPHDR.dest, info.portresolve); + if (info.logformat == LOGFORMAT_DETAILED) { + get_details(details, + IPHDR.saddr, +@@ -186,7 +187,7 @@ + *details ='\0'; + host_print(remote_host, IPHDR.saddr, + info.resolve); +- service_lookup("tcp", service, TCPHDR.dest); ++ service_lookup("tcp", service, TCPHDR.dest, info.portresolve); + if (info.logformat == LOGFORMAT_DETAILED) { + get_details(details, + IPHDR.saddr, +diff -urNad trunk~/Source/udp.c trunk/Source/udp.c +--- trunk~/Source/udp.c 2001-09-28 18:47:35.000000000 +0000 ++++ trunk/Source/udp.c 2005-10-02 18:25:16.000000000 +0000 +@@ -81,7 +81,7 @@ + *details ='\0'; + host_print(remote_host, IPHDR.saddr, + info.resolve); +- service_lookup("udp", service, UDPHDR.dest); ++ service_lookup("udp", service, UDPHDR.dest, info.portresolve); + if (info.logformat == LOGFORMAT_DETAILED) { + get_details(details, + IPHDR.saddr, --- ippl-1.4.14.orig/debian/patches/00list +++ ippl-1.4.14/debian/patches/00list @@ -0,0 +1,6 @@ +10-noportresolve +20-ippl-conf +30-manpage +40-privilege-drop-420933 +50-nostrip +60-format-security --- ippl-1.4.14.orig/debian/patches/60-format-security.dpatch +++ ippl-1.4.14/debian/patches/60-format-security.dpatch @@ -0,0 +1,29 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 60-format-security.dpatch by gregor herrmann +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: add format argument to avoid FTBFS with -Werror=format-security +## DP: http://bugs.debian.org/643409 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' ippl-1.4.14~/Source/log.c ippl-1.4.14/Source/log.c +--- ippl-1.4.14~/Source/log.c 2001-09-29 17:48:27.000000000 +0200 ++++ ippl-1.4.14/Source/log.c 2011-12-21 17:59:01.000000000 +0100 +@@ -147,7 +147,7 @@ + } + + if (repeats > 0) { +- snprintf(date, 27, asctime(localtime(&last_repeat))); ++ snprintf(date, 27, "%s", asctime(localtime(&last_repeat))); + snprintf(repeat_message, 40, "last message repeated %d time(s)\n", repeats); + write(fd, date+4, strlen(date)-10); + write(fd, " ", 1); +@@ -155,7 +155,7 @@ + repeats = 0; + } + +- snprintf(date, 27, asctime(localtime(¤t))); ++ snprintf(date, 27, "%s", asctime(localtime(¤t))); + write(fd, date+4, strlen(date)-10); + write(fd, " ", 1); + write(fd, entry, (strlen(entry) < 1023) ? strlen(entry) : 1023 ); --- ippl-1.4.14.orig/debian/source/format +++ ippl-1.4.14/debian/source/format @@ -0,0 +1 @@ +1.0