--- changetrack-4.5.orig/debian/cron.daily +++ changetrack-4.5/debian/cron.daily @@ -0,0 +1,30 @@ +#!/bin/sh + +## +## This code was put in the Public Domain by Jens Peter Secher. +## + +## No arms, no cookies +PROGRAM=/usr/bin/changetrack +[ -x $PROGRAM ] || exit 0 + +## Get default settings +[ -r /etc/default/changetrack ] && . /etc/default/changetrack + +## Clear list of tracked files +cat /dev/null > ${CONFFILES_LIST:?} + +## Collect administrators choice of tracked files +[ -r /etc/changetrack.conf ] && cat /etc/changetrack.conf >> $CONFFILES_LIST + +if [ "${AUTO_TRACK_ALL_CONFFILES}" = "yes" ]; then + + ## Collect all conffiles known to dpkg, except for gnome schema + ## files since they get very large and their diff is not of much + ## use. + nice \ + find /var/lib/dpkg/info -name '*.conffiles' -exec grep -v '.schemas$' '{}' ';' | \ + sort | uniq >> $CONFFILES_LIST +fi + +## The actual tracking is performed by /etc/cron.hourly/changetrack --- changetrack-4.5.orig/debian/changelog +++ changetrack-4.5/debian/changelog @@ -0,0 +1,308 @@ +changetrack (4.5-3) unstable; urgency=medium + + * [reject-weird-filenames.diff] Also reject filenames with exclamation + marks, avoid spaces in auxiliary files, and quote filenames whereever + possible. Urgency due to security implications. + + -- Jens Peter Secher Sun, 20 Sep 2009 15:01:44 +0200 + +changetrack (4.5-2) unstable; urgency=low + + * [reject-weird-filenames.diff] Fix possible local exploit by rejecting + filenames with unsafe characters (cf. CVE-2009-3233). Thanks to Marek + Grzybowski and Andrzej Lemieszek. + (Closes: #546791) + + -- Jens Peter Secher Thu, 17 Sep 2009 22:32:43 +0200 + +changetrack (4.5-1) unstable; urgency=low + + * New upstream version. + * Use quilt instead of dpatch for patches, and describe how to use + quilt in Debian.source (thanks to Russ Allbery). + * Added a Vcs-Hg control filed to indicate the location of the public + repository. + * Added Homepage for upstream. + * Upgraded to Standards-Version to 3.8.1 and debhelper compatibility to + 7. + + -- Jens Peter Secher Sat, 18 Apr 2009 21:43:09 +0200 + +changetrack (4.3-3) unstable; urgency=low + + * Send mail via /usr/sbin/sendmail instead of Mail::Sendmail to avoid + assuming that there is something listening on port 25, thanks to Ian + Zimmerman. (Closes: bug#367987) + * Bump Standards-Version to 3.7.1 and debhelper compatibility to 5. + + -- Jens Peter Secher Sat, 20 May 2006 15:58:43 +0200 + +changetrack (4.3-2) unstable; urgency=low + + * Update FSF address in copyright file. + * Updated upstream contact points. + * Bump Standards-Version to 3.6.2. + + -- Jens Peter Secher Wed, 28 Sep 2005 10:49:50 +0200 + +changetrack (4.3-1) unstable; urgency=low + + * New upstream release. + + -- Jens Peter Secher Wed, 27 Apr 2005 20:17:26 +0200 + +changetrack (3.18-8) unstable; urgency=low + + * Escaped hyphens in manpage where necessary to distinguish hard from + soft hyphens. + * Changed comments in conf file to match the default settings. + + -- Jens Peter Secher Wed, 27 Apr 2005 20:11:07 +0200 + +changetrack (3.18-7) unstable; urgency=low + + * cron.hourly: Fixed compatibility problem by using "=" instead of "==" + (closes: bug#293295) and improved comments. + + * watch: Anticipate a change to uscan that makes it possible to extract + weird upstream version numbering, see bug#282255. + + -- Jens Peter Secher Sun, 6 Feb 2005 20:58:48 +0100 + +changetrack (3.18-6) unstable; urgency=low + + * Do not track Gnome schema files automatically, thanks to Achim + Bohnet. (closes: bug#265143) + + -- Jens Peter Secher Mon, 16 Aug 2004 22:56:14 +0200 + +changetrack (3.18-5) unstable; urgency=low + + * Set AUTO_TRACK_ALL_CONFFILES=no be default to avoid annoying + space-conscious, thanks to Ingmar Schrey. (closes: bug#249451) + + -- Jens Peter Secher Mon, 17 May 2004 23:44:07 +0200 + +changetrack (3.18-4) unstable; urgency=low + + * cron.hourly boot-straps by running cron.daily. + + * Ignore non-files, thanks to Markus Kucborski. + + -- Jens Peter Secher Mon, 3 May 2004 19:46:17 +0200 + +changetrack (3.18-3) unstable; urgency=low + + * Include examples of what I use in the /etc/changetrack.conf. + + * Run cronjobs using nice. + + -- Jens Peter Secher Mon, 26 Apr 2004 22:37:04 +0200 + +changetrack (3.18-2) experimental; urgency=low + + * Automatically place all conffiles under the prying eyes of + changetrack. + + * Run changetrack hourly. + + * Changed Build-Depends-Indep to Build-Depends because dh_clean in used + in clean target. + + -- Jens Peter Secher Mon, 29 Mar 2004 00:36:23 +0200 + +changetrack (3.18-1) unstable; urgency=low + + * New upstream release + * Corrected Maintainer and Section fields. + + -- Jens Peter Secher Thu, 11 Sep 2003 23:01:06 +0200 + +changetrack (3.17-3) unstable; urgency=low + + * Patch to use fully qualified domain name in From and To fields when + emailing result. Thanks to Nathaniel W. Turner (closes: bug#207152) + + -- Jens Peter Secher Sun, 7 Sep 2003 22:07:21 +0200 + +changetrack (3.17-2) unstable; urgency=medium + + * Patch changetrack to avoid security problem when using ed scripts + instead of RCS. Send upstream as well. + + -- Jens Peter Secher Sun, 27 Jul 2003 22:24:16 +0200 + +changetrack (3.17-1) unstable; urgency=low + + * New upstream release with my patch to alleviate changetrack from + susceptibility to the output format of ls. Thanks to Nathaniel + W. Turner, Michael Stone and Ron Murray for complaining. + (closes: #193492,196494) + * Bundle changeweb.cgi which can assist remote monitoring. + * Clean-up and extend the use of debhelper and move to compatibility + level four, and refrain from using debconf. + + -- Jens Peter Secher Mon, 21 Jul 2003 16:19:15 +0200 + +changetrack (3.16-5) unstable; urgency=low + + * debian/rules: make var/lib/changetrack directory the rigth place. + (closes: bug#179032) + + -- Jens Peter Secher Sat, 1 Feb 2003 09:38:41 +0100 + +changetrack (3.16-4) unstable; urgency=low + + * debian/cron.daily: Correct misspelling. + + -- Jens Peter Secher Wed, 30 Oct 2002 12:13:07 +0100 + +changetrack (3.16-3) unstable; urgency=low + + * Re-hardwired all settings in the Perl script, since they are not + likely to change. debian/installer is thus eliminated. + * Bumped Standards-Version: 3.5.7. + + -- Jens Peter Secher Thu, 26 Sep 2002 19:52:01 +0200 + +changetrack (3.16-2) unstable; urgency=low + + * debian/installer: Added PERLPATH (without which changetrack did not + work). + * Made changetrack take the hostname from the environment. + + -- Jens Peter Secher Sat, 21 Sep 2002 18:09:24 +0200 + +changetrack (3.16-1) unstable; urgency=low + + * New upstream release. + + -- Jens Peter Secher Sat, 27 Jul 2002 23:51:06 +0200 + +changetrack (3.12-3) unstable; urgency=low + + * Applied patch so that the "From" header can be set by an "-f" option. + (closes: bug#144529) + + -- Jens Peter Secher Fri, 26 Apr 2002 16:33:46 +0200 + +changetrack (3.12-2) unstable; urgency=low + + * Added Russian template for one of the debconf questions, thanks to + Ilgiz Kalmetev. (closes: bug#137624) + * Make sure the history & statistics files are writable. + + -- Jens Peter Secher Tue, 23 Apr 2002 16:30:30 +0200 + +changetrack (3.12-1) unstable; urgency=low + + * New upstream release + + -- Jens Peter Secher Fri, 19 Apr 2002 11:56:11 +0200 + +changetrack (3.11-1) unstable; urgency=low + + * Changed dependency of cron to suggestion. + * Do not move old repository. + + -- Jens Peter Secher Thu, 18 Apr 2002 18:11:49 +0200 + +changetrack (3.9-1) unstable; urgency=low + + * New upstream version: Uses File::NCopy perl module, which means that + the repository (/var/lib/changetrack) does have to be for root's eyes + only. + * Default behaviour is now to send email to root@localhost . + * Simplified configuration (removed unnecessary debconf stuff). + + -- Jens Peter Secher Wed, 20 Feb 2002 23:23:44 +0100 + +changetrack (3.7-3) unstable; urgency=low + + * Removed /etc/default/changetrack from conffiles and specifically + remove it in postrm. + + -- Jens Peter Secher Thu, 29 Nov 2001 13:34:50 +0100 + +changetrack (3.7-2) unstable; urgency=low + + * Changed sender address to "changetrack@localhost". + + -- Jens Peter Secher Thu, 29 Nov 2001 13:34:50 +0100 + +changetrack (3.7-1) unstable; urgency=low + + * New upstream version: make program quieter when desired. + * Do not overwrite existing default file /etc/default/changetrack + if it exists (postinst). + * Bumped Standards-Version: 3.5.6. + + -- Jens Peter Secher Wed, 28 Nov 2001 12:42:25 +0100 + +changetrack (3.6-4) unstable; urgency=low + + * Fix the permission in of /var/lib/changetrack in postinst. + + -- Jens Peter Secher Mon, 29 Oct 2001 10:25:17 +0100 + +changetrack (3.6-3) unstable; urgency=high + + * Fix the permission of /var/lib/changetrack by excluding it from + dh_fixperms treatment. (closes: bug#117075) + * Removed obsolete info from man page. + * Additional clean-up. + + -- Jens Peter Secher Fri, 26 Oct 2001 09:56:53 +0200 + +changetrack (3.6-2) unstable; urgency=low + + * In postrm: "rm -rf /var/lib/changetrack/*" + --> "rm -rf /var/lib/changetrack" . + + -- Jens Peter Secher Fri, 5 Oct 2001 09:17:51 +0200 + +changetrack (3.6-1) unstable; urgency=low + + * New upstream release + + -- Jens Peter Secher Wed, 3 Oct 2001 09:53:03 +0200 + +changetrack (3.5-4) unstable; urgency=low + + * Changed "Build-Depends" to "Build-Depends-Indep" in control, as required + by policy 7.6. + * Changed "Upstream Authors" to "Upstream Author". + * Added a debian/watch file to facilitate automatic upstream updates. + + -- Jens Peter Secher Wed, 3 Oct 2001 09:42:20 +0200 + +changetrack (3.5-3) unstable; urgency=low + + * Unnecessary information about old versions and dependencies have been + removed from the documentation. + * Use debconf to ask questions. + * Enabled report to a list of users through email. + * Removed changeweb package suggestion (and fixed the rest). + + -- Jens Peter Secher Sun, 9 Sep 2001 10:54:16 +0200 + +changetrack (3.5-2) unstable; urgency=low + + * Parameters can be set in /etc/default/changetrack file. Initially + copied from file ./defaults . + * Changed perl module dependencies to libxxx-yyy-perl. + * For non-root users, the defaults configuration file is now + ~/.changetrackrc and the output directory is ~/.changetrack/ . + * The debian/copyright now refers to GPL (instead of quoting it). + + -- Jens Peter Secher Thu, 23 Aug 2001 14:55:18 +0200 + +changetrack (3.5-1) unstable; urgency=low + + * Initial Release. + * Created a Makefile from scratch. + * Made changetrack operate quietly and check existence of changetrack + when invoked from the cron.daily script. + + -- Jens Peter Secher Fri, 17 Aug 2001 13:21:12 +0200 + --- changetrack-4.5.orig/debian/control +++ changetrack-4.5/debian/control @@ -0,0 +1,22 @@ +Source: changetrack +Section: utils +Priority: optional +Maintainer: Jens Peter Secher +Build-Depends: debhelper (>= 7), quilt +Standards-Version: 3.8.1 +Vcs-Hg: http://hg.debian.org/hg/collab-maint/changetrack/changetrack +Homepage: http://changetrack.sourceforge.net + +Package: changetrack +Architecture: all +Depends: ${perl:Depends}, libfile-ncopy-perl +Recommends: cron, ed | rcs +Description: monitor changes to (configuration) files + A program to automatically monitor changes to a set of files. If + files are modified one day, and the machine stops working correctly + some days later, changetrack provides information on which files were + modified, and thus helps locate the problem. If you tell changetrack + to use either the line editor ed (the default) or The Revision + Control System (RCS), you can recover files to any previous stage. + If you do not want to install Perl, try out the filetraq or diffmon + package. Another similar program is etckeeper. --- changetrack-4.5.orig/debian/README.source +++ changetrack-4.5/debian/README.source @@ -0,0 +1,49 @@ +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +To get the fully patched source after unpacking the source package, cd to +the root level of the source package and run: + + quilt push -a + +The last patch listed in debian/patches/series will become the current +patch. + +To add a new set of changes, first run quilt push -a, and then run: + + quilt new + +where is a descriptive name for the patch, used as the filename in +debian/patches. Then, for every file that will be modified by this patch, +run: + + quilt add + +before editing those files. You must tell quilt with quilt add what files +will be part of the patch before making changes or quilt will not work +properly. After editing the files, run: + + quilt refresh + +to save the results as a patch. + +Alternately, if you already have an external patch and you just want to +add it to the build system, run quilt push -a and then: + + quilt import -P /path/to/patch + quilt push -a + +(add -p 0 to quilt import if needed). as above is the filename to +use in debian/patches. The last quilt push -a will apply the patch to +make sure it works properly. + +To remove an existing patch from the list of patches that will be applied, +run: + + quilt delete + +You may need to run quilt pop -a to unapply patches first before running +this command. + + -- Jens Peter Secher , Sat, 18 Apr 2009 22:08:07 +0200 --- changetrack-4.5.orig/debian/NEWS +++ changetrack-4.5/debian/NEWS @@ -0,0 +1,7 @@ +changetrack (3.18-5) unstable; urgency=low + + * All conffiles on your system can now be tracked automatically by + changetrack if you change the settings in /etc/defaults/changetrack. + + -- Jens Peter Secher Mon, 17 May 2004 23:50:34 +0200 + --- changetrack-4.5.orig/debian/cron.hourly +++ changetrack-4.5/debian/cron.hourly @@ -0,0 +1,27 @@ +#!/bin/sh + +## +## This code was pu in the Public Domain by Jens Peter Secher. +## + +## No arms, no cookies +PROGRAM=/usr/bin/changetrack +[ -x $PROGRAM ] || exit 0 + +## Get default settings +[ -r /etc/default/changetrack ] && . /etc/default/changetrack + +## If RCS is not installed, do not use it +if [ ! -x /usr/bin/rcs ]; then + PARAMS="-r $PARAMS" + ## If ed is available, use him instead + if [ -x /bin/ed ]; then + PARAMS="-e $PARAMS" + fi +fi + +## Try to generate a list of files to watch +[ -r ${CONFFILES_LIST:?} ] || /etc/cron.daily/changetrack + +## Only run if there is a list of files to watch +[ -r ${CONFFILES_LIST:?} ] && nice $PROGRAM $PARAMS -c $CONFFILES_LIST > /dev/null 2>&1 --- changetrack-4.5.orig/debian/docs +++ changetrack-4.5/debian/docs @@ -0,0 +1 @@ +README --- changetrack-4.5.orig/debian/compat +++ changetrack-4.5/debian/compat @@ -0,0 +1 @@ +7 --- changetrack-4.5.orig/debian/watch +++ changetrack-4.5/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://changetrack.sourceforge.net/ change([0-9]+)_([0-9]+)\.tar\.gz debian --- changetrack-4.5.orig/debian/README.Debian +++ changetrack-4.5/debian/README.Debian @@ -0,0 +1,10 @@ +changetrack for Debian +---------------------- + + * See /etc/default/changetrack for how to configure changetrack. + + * The CGI script changeweb is included as an example of remote + monitoring. + + -- Jens Peter Secher , Mon Apr 26 22:30:19 2004 + --- changetrack-4.5.orig/debian/postinst +++ changetrack-4.5/debian/postinst @@ -0,0 +1,20 @@ +#!/bin/sh + +set -e + +## The version in Woody had a now obsolete question about a defaults +## file. We do not need that question anymore. +if dpkg --compare-versions 3.7-3 le-nl "$2"; then + + # Source debconf library, if present. + if [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + ## Remove all questions in the debconf database. + db_purge + fi + +fi + +#DEBHELPER# + +exit 0 --- changetrack-4.5.orig/debian/copyright +++ changetrack-4.5/debian/copyright @@ -0,0 +1,25 @@ +This is the Debian package for changetrack. + +It was downloaded from http://changetrack.sourceforge.net/. + +Upstream Author: Cameron J. Morland + + Copyright (C) 1999-2006 Cameron J. Morland + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; either version 2 + of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, + USA. + +The full GNU General Public License is located in the file +/usr/share/common-licenses/GPL-2 on a Debian system. --- changetrack-4.5.orig/debian/examples +++ changetrack-4.5/debian/examples @@ -0,0 +1 @@ +debian/changeweb --- changetrack-4.5.orig/debian/dirs +++ changetrack-4.5/debian/dirs @@ -0,0 +1 @@ +var/lib/changetrack --- changetrack-4.5.orig/debian/postrm +++ changetrack-4.5/debian/postrm @@ -0,0 +1,23 @@ +#! /bin/sh +# postrm script for changetrack + +set -e + +case "$1" in + purge) + ## Remove the repository + rm -rf /var/lib/changetrack + ;; + remove) + ;; + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 0 + +esac + +#DEBHELPER# + +exit 0 --- changetrack-4.5.orig/debian/defaults +++ changetrack-4.5/debian/defaults @@ -0,0 +1,12 @@ +## Default setting for changetrack. -*-shell-script-*- +## This file is sourced from /etc/cron.{hourly,daily}/changetrack. + +## Standard parameters: quiet, unified diffs, and mail to root. +PARAMS="-q -u -o root@`/bin/hostname -f`" + +## The location of the list of conffiles +CONFFILES_LIST=/var/lib/changetrack/all_conffiles.txt + +## When set to yes, all conffiles on your system is tracked for changes +## in addition to the ones you put in /etc/changetrack.conf +AUTO_TRACK_ALL_CONFFILES=no --- changetrack-4.5.orig/debian/rules +++ changetrack-4.5/debian/rules @@ -0,0 +1,55 @@ +#!/usr/bin/make -f +# debian/rules for changetrack. + +PACKAGE=changetrack +SITE=http://changetrack.sourceforge.net/ +SOURCE=change +MAJOR=4 +MINOR=5 + +# Use quilt for patching. +include /usr/share/quilt/quilt.make + +get-orig-source: + wget $(SITE)/$(SOURCE)$(MAJOR)_$(MINOR).tar.gz + ln -s $(SOURCE)$(MAJOR)_$(MINOR).tar.gz $(PACKAGE)-$(MAJOR).$(MINOR).tar.gz + +build: patch + dh_testdir + +install: build + dh_testdir + dh_testroot + dh_clean + dh_installdirs + install -D -m 755 changetrack debian/$(PACKAGE)/usr/bin/changetrack + install -D -m 644 debian/changetrack.conf debian/$(PACKAGE)/etc/changetrack.conf + install -D -m 644 debian/defaults debian/$(PACKAGE)/etc/default/changetrack + dh_installman changetrack.man + +binary-indep: build install + dh_installdocs + dh_installexamples + dh_installchangelogs + dh_installcron + dh_compress + dh_fixperms + dh_installdeb + dh_perl + dh_gencontrol + dh_md5sums + dh_builddeb + +binary-arch: build install + +binary: binary-indep binary-arch + +clean: clean-patched unpatch + +clean-patched: + dh_testdir + dh_testroot + dh_clean + +.PHONY: build clean clean-patched binary-indep binary-arch binary install \ + get-orig-source --- changetrack-4.5.orig/debian/changetrack.conf +++ changetrack-4.5/debian/changetrack.conf @@ -0,0 +1,33 @@ +## This is a list of files that you want changetrack to track. You +## can use ls-compatible wildcards, like /etc/h* or +## /opt/apache/cgi-bin/*.sh. If you omit the leading '/' then +## changetrack assumes that the files are relative to /. + +## You can change /etc/default/changetrack so that all dpkg conffiles +## on your system will be tracked automatically. Any files you list +## here will then be tracked in addition to your conffiles. + +## To email changes to users, use a line like: +## /etc/passwd : root@localhost foo@bar.com +## Note: one email will be sent to each user, unless none of the files +## monitored by that user are modified. + +#/boot/grub/menu.lst +#/etc/aliases +#/etc/apt/preferences +#/etc/default/* +#/etc/fetchmailrc +#/etc/hosts +#/etc/lprfilter +#/etc/modprobe.d/blacklist +#/etc/network/* +#/etc/news/leafnode/config +#/etc/pam.d/* +#/etc/printcap +#/etc/samba/smb.conf +#/etc/snort/snort.debian.conf +#/etc/squid/squid.conf +#/etc/ssh/sshd_config +#/etc/sudoers +#/root/.bash* +#/root/.profile --- changetrack-4.5.orig/debian/changeweb/changeweb.cgi +++ changetrack-4.5/debian/changeweb/changeweb.cgi @@ -0,0 +1,485 @@ +#!/usr/bin/perl + +$version = 0.02; +$this = "changeweb.cgi"; + +$path = "/var/lib/changetrack/"; + +@months = +("","January","February","March","April","May","June","July","August","September","October","November","December"); +# couldn't be zero-based because I want the months to be all true. +# Also I think there's some other reason it didn't work. + +use Text::ParseWords; +use Time::Local; + +print "Content-type: text/html\n\n"; + +$| = 1; # flush STDOUT + +open(STDERR,">&STDOUT"); +# let the web user see any errors. + +$args = $ENV{QUERY_STRING}; + +# translate ampersands to semicolons, so we can be W3C compliant. +while($args =~ m/&/) { $args =~ s/&/;/; } + +$args = $args . ";"; +@ARGV = quotewords(";",0,$args); +%things = {}; + +foreach $arg (@ARGV) + { + $arg = $arg . "="; + ($thing,$value) = quotewords("=",0,$arg); + if(!$value) {$value=1;} + $things{$thing} = $value; + } + +$year = $things{"year"}; if(!$year) {$year = 1999;} +$month= $things{"month"};if(!$month){$month= 1;} +$day = $things{"day"}; if(!$day) {$day = 1;} elsif($day > 31) {$day = 31;} + +$file = $things{"file"}; +while($file =~ m/\.\./) {$file =~ s/\.\.//;} + +$sort = $things{"sort"}; if(!$sort || $sort == 1) {$sort = "";} # deals with 'sort=' url problem + +$date = timelocal(0,0,0,$day,$month-1,$year-1900); + +# feel free to add other groups of servers to monitor. +# note that each needs to have the same setup as the current ones; +# that should be cleaned up. + +if($file) + { + $file =~ s/\.history//; + $title = $file; + $file .= ".history"; + while($title =~ m/:/) {$title =~ s/:/\//} + $title = $title; + } +else + { + $title = "Changetrack: $months[$month] $day, $year"; + } +print " + + + $title + +

$title

+
+ "; + +print "
"; +# needs to be a table to be in one line. + +print " + Since: + "; +print ""; +print "
"; + +# table to keep arrows in place + print " + "; +print ""; +print "
\n"; + # table to put arrows above each other + +if($month < 12) # month 'up' arrow + { + # not into next year; increment month + print ""; + } +else + { + # next year; month -> Jan + print ""; + } +#print ""; +print "+"; +print ""; +print "
"; + +if($month > 1) # month 'down' arrow + { + print ""; + } +else + { + print ""; + } +#print ""; +print "-"; +print ""; +print "
"; +print "
"; + +print "		"; +print "
"; +print ""; +print ""; +print "
"; + +@lens = (0,31,29,31,30,31,30,31,31,30,31,30,31); # Easiest to just assume Feb is always long. +$monlen = $lens[$month]; +if($day < $monlen) + {print "";} +else + { + if($month < 12) + {print "";} + else + {print "";} + } +#print ""; +print "+"; +print ""; +print "
"; +if($day > 1) + {print "";} +else + { + if($month > 1) + {print "";} + else + {print "";} + } +#print ""; +print "-"; +print ""; +print "
"; +print "
"; + +print "		"; +print ""; +print ""; +print "
\n"; + +@i = stat "$path/etc:shutdownlog.history"; +($i,$i,$i,$bootday,$bootmonth,$bootyear,$i,$i,$i) = localtime($i[9]); +$bootmonth++; $bootyear += 1900; + +print "
"; + +if($file) + { + open(FILE,"$path/$file") or die "Can't open $path/$file: +$!\n"; + print "
";
+	$found = 0;
+	if(($month >= 1) && ($month <= 12))
+		{
+		while()
+	 		{
+	    $line = $_;
+	    if(substr($line,0,2) ne "  ")
+	     	{
+	     	$fyear = substr($line,36,4);
+				$fmonth= substr($line,20,3);
+				$fday  = substr($line,24,2);	
+
+				if(!$fday || !$fmonth || !$fyear)
+					{
+					next;	
+					}
+
+				# this is for reading from the file.
+				($fmonth =~ s/Jan/1/) || ($fmonth =~
+s/Feb/2/) || ($fmonth =~ s/Mar/3/) ||
+					($fmonth =~ s/Apr/4/) || ($fmonth =~
+s/May/5/) || ($fmonth =~ s/Jun/6/) ||
+	        ($fmonth =~ s/Jul/7/) || ($fmonth =~ s/Aug/8/) || ($fmonth
+=~ s/Sep/9/) ||
+	        ($fmonth =~ s/Oct/10/)|| ($fmonth =~ s/Nov/11/)|| ($fmonth
+=~ s/Dec/12/);
+
+				$fdate =
+timelocal(0,0,0,$fday,$fmonth-1,$fyear-1900); 
+				if($fdate >= $date)
+					{
+	        print $line;
+	        $found++;
+	        last;   
+					}
+				}
+      }       
+    }
+
+	if(!$found) {print "No changes since that date.\n";}
+
+	while()
+    {
+    print $_;       
+    }
+	close(FILE);
+	print "
"; + } +else + { + print "\n"; + print "\n"; + + $selectedc = "#b0b0b0"; + + if(!$sort) + { + print "\n"; + + if($sort eq "name") + { + print "\n"; + + if($sort eq "size") + { + print "\n"; + + if($sort eq "date") + { + print "\n"; + + + # There is no file, so show the directory listing. + chdir("$path"); + open(LS,"ls *.history |") or die "Can't open ls $path: $!\n"; + + $j = 1; + @files = (); + while() + { + # list the files + chomp; + $cname = $_; + $hname = $_; + @finfo = stat $cname; + @fmdate = localtime($finfo[9]); + $fyear = $fmdate[5] + 1900; + $fmonth= $fmdate[4] + 1; + $fday = $fmdate[3]; + $filesize = $finfo[7]; + + $fdate = $finfo[9]; + $fdate = substr($fdate,0,10)." ".substr($fdate,-4,4); + + if(($month < 1) || ($month > 12)) {$fyear = 65535} + #while($hname =~ m/:/) {$hname =~ s/:/\//;} + $hname =~ s/.history$//; + + if($finfo[9] >= $date) + { + if($sort eq "size") + { + $line = "$filesize\t$cname\t$fdate\t$j\t"; + } + elsif($sort eq "date") + { + $line = "$fdate\t$filesize\t$cname\t$j\t"; + + } + else + { + # name or invalid + $line = "$cname\t$filesize\t$fdate\t$j\t"; + + } + @files = (@files,$line); + } + else + { + next; + # we can ignore this file. + } + + while($hname =~ m/:/) {$hname =~ s/:/\//;} + $hname =~ s/\.history$//; + $j++; + } + + if($sort) + { + if($sort eq "name") + {@files = sort @files;} + else + { + # descending numeric sort + # shows largest/newest files first. + sub numerically {$b <=> $a} + @files = sort numerically @files; + } + } + + # extract everything from the list, and print it. + $j = 0; + foreach $file (@files) + { + if($j%10 < 5) + { + $color = "#ffffff"; + $hcolor= "#e4e4e4"; + } + else + { + $color = "#ddddff"; + $hcolor= "#ddddff"; + } + $j++; + + if($sort eq "size") + { + ($fsize,$fname,$fdate,$fnum) = +quotewords("\t",0,$file); + } + elsif($sort eq "date") + { + ($fdate,$fsize,$fname,$fnum) = +quotewords("\t",0,$file); + } + else + { + # name or invalid + ($fname,$fsize,$fdate,$fnum) = +quotewords("\t",0,$file); + } + + $fdate = scalar localtime($fdate); + $fdate = substr($fdate,0,11) . substr($fdate,-4,4); + + $hname = $fname; + while($hname =~ m/:/) {$hname =~ s/:/\//;} + $hname =~ s/\.history$//; + $fname = "$hname"; + + print ""; + if($sort eq "name") + { + print ""; + } + elsif($sort eq "size") + { + print ""; + } + elsif($sort eq "date") + { + print ""; + } + else + { + print ""; + } + print "\n"; + } + + print "
"; + print "
[--]"; + } + else + { + print "
"; + print "[--] +"; + } + print "
"; + print "
Filename"; + } + else + { + print "
"; + print "
Filename"; + } + print "
"; + print "
Log Size"; + } + else + { + print "
"; + print "
Log Size"; + } + print "
"; + print "
Date Modified"; + } + else + { + print "
"; + print "Date Modified"; + } + print "
$fnum$fname$fsize$fdate$fnum$fname$fsize$fdate$fnum$fname$fsize$fdate$fnum$fname$fsize$fdate
"; + if($month > 0 && $month < 13) {print "$j files modified since +$months[$month] $day, $year.";} + close(LS); + } + +print "
+
+ + + +
+\"Valid + + +Copyright © 2003 Cameron Morland +Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved. +
+"; --- changetrack-4.5.orig/debian/changeweb/README +++ changetrack-4.5/debian/changeweb/README @@ -0,0 +1,40 @@ +USE + +This program is a cgi script intended to be used as an interface for +changetrack, available from . +It allows display of changetrack log files, sorting by date, size, and +filename. Files listed can also be made to only show what modifications +have been made since a specific date. + +The httpd probabaly runs as nobody, so that user must be able to read +the log files for this to work. Consider the security implications of +this move. + +INSTALLATION REQUIREMENTS + +This program is useless unless changetrack is installed. changeweb requires +Perl to be installed. + +INSTALLATION + +To install changeweb, copy it to the cgi-bin directory for your web server, +then ensure that it can be run by 'nobody', or whatever uid the server runs +as. Take note that changeweb assumes that the changetrack files are stored +in /var/lib/changetrack/, which is the default. A different location can be +selected by modifying the "$path = " line in changeweb. + +The cgi-bin directory is likely /opt/apache/cgi-bin/ on Suns, +/usr/lib/cgi-bin on Debian, and /home/httpd/cgi-bin/ on other machines. + +Consider the security implications of allowing anyone to see information +about the system configuration. Implementing a password for web-users of this +program may be a good idea. + +TODO + +* Make it work with one web server, and multiple monitored computers, + instead of requiring each monitored computer to run a web server. + +GETTING CHANGEWEB/CHANGETRACK + +Changetrack is available from . --- changetrack-4.5.orig/debian/patches/reject-weird-filenames.diff +++ changetrack-4.5/debian/patches/reject-weird-filenames.diff @@ -0,0 +1,167 @@ +Description: Reject unsafe filename +Bug-Debian: http://bugs.debian.org/546791 +Forwarded: Yes +Author: Jens Peter Secher + +Reject filenames containing potentially dangerous characters to avoid +local users to execute arbitrary commands via CRLF sequences and shell +metacharacters. + +CVE-2009-3233 + +Index: changetrack/changetrack +=================================================================== +--- changetrack.orig/changetrack 2009-09-17 22:45:48.000000000 +0200 ++++ changetrack/changetrack 2009-09-20 14:56:25.000000000 +0200 +@@ -164,26 +164,26 @@ + + my $anyfile = 0; # flag in case we find nothing + +- #print "[", $filename, "] => "; +- #print "{"; +- #foreach my $realfile ( @files ) { +- # print $realfile, " "; +- #} +- #print "}\n"; +- + foreach my $realfile ( @files ) { + my @diff = (); + my @ed = (); + ++ if( "$realfile" =~ m/[\r\n\f\t<>`\$&!'"{}()\[\]\|]/ ) { ++ if(!$opt_q) ++ { print "Skipping unsafe filename '$realfile'\n";} ++ @diff = (@diff, "unsafe: '$realfile'\n"); ++ next; ++ } ++ + # skip backup files not explicitly included +- if((substr($realfile,-1,1) eq "~") && ($filename =~ m/\*/)) { ++ if((substr("$realfile",-1,1) eq "~") && ($filename =~ m/\*/)) { + if(!$opt_q) + { print "Skipping backup file $realfile\n";} + next; + } + + # skip directories +- if(-d $realfile) { ++ if(-d "$realfile") { + if(!$opt_q) + { print "Skipping directory $realfile\n";} + @diff = (@diff, "Is a directory: $realfile\n"); +@@ -210,7 +210,7 @@ + @diff = (@diff, "Is not readable: $realfile\n"); + next; + } +- ++ + $anyfile = 1; # at least one real file found + $compfile = $realfile; # file for comparison + +@@ -219,8 +219,9 @@ + $fileuid = $temp[4]; # owner + $filegid = $temp[5]; # group + +- $compfile =~ s/\//:/g; # replace '/' with ':' +- $compfile =~ s/^://; # trash leading ':' ++ $compfile =~ s|/|:|g; # replace '/' with ':' ++ $compfile =~ s| |_|g; # replace ' ' with '_' ++ $compfile =~ s|^:||; # trash leading ':' + + $compfile = $historypath . $compfile; + $logfile = $compfile . ".history"; # stores past events +@@ -233,12 +234,12 @@ + $yestfile = $compfile . ".yesterday"; # stores current data + + if( ! -r "$yestfile" ) { # can't open yesterday, doesn't exist. +- @diff = (@diff, "New file $realfile\n"); ++ @diff = (@diff, "New file '$realfile'\n"); + if($opt_e) { + @ed = (@ed,"# cat this file into ed, eg 'cat $edfile | ed'\n"); + @ed = (@ed,"# output goes into $outfile\n"); + @ed = (@ed,"# edit this file to get rid of commands you don't want.\n"); +- @ed = (@ed,"\n!cp $origfile $outfile\n"); ++ @ed = (@ed,"\n!cp \"$origfile\" \"$outfile\"\n"); + @ed = (@ed,"E $outfile\n"); + + # keep a copy of original file +@@ -251,12 +252,12 @@ + printf STAT "%o\n%s\n%s\n", $filemode, $fileuid, $filegid; + close(STAT); + if(!$opt_r) { +- `cp $realfile $compfile`; ++ copy($realfile, $compfile); + chdir($historypath); +- `co $rcs_quiet $compfile`; # hack to make rcs work. +- system("rcs $rcs_quiet -i -t-'this is $realfile' $compfile"); +- `rcs $rcs_quiet -U $compfile`; +- `rm -f $compfile`; ++ `co $rcs_quiet "$compfile"`; # hack to make rcs work. ++ system("rcs $rcs_quiet -i -t-'this is \"$realfile\"' \"$compfile\""); ++ `rcs $rcs_quiet -U "$compfile"`; ++ `rm -f "$compfile"`; + } + } + +@@ -303,7 +304,7 @@ + close(STAT); + } + +- open(DIFF, "diff $diffargs $yestfile $realfile |") or die "Exiting: can't run diff:$!\n"; ++ open(DIFF, "diff $diffargs \"$yestfile\" \"$realfile\" |") or die "Exiting: can't run diff:$!\n"; + + if(!$opt_q) { + print "$realfile";}; +@@ -322,7 +323,7 @@ + close(DIFF); + + if($diff) { +- open(DIFF, "diff -e $yestfile $realfile |") or die "Can't do diff -e:$!\n"; ++ open(DIFF, "diff -e \"$yestfile\" \"$realfile\" |") or die "Can't do diff -e:$!\n"; + # use -e to create ed commands + while() { + @ed = (@ed,"$_"); # get the 'ed'-styled diffs. No need to understand them. +@@ -337,7 +338,7 @@ + foreach $email (@emails) + { + # it's ok to append to things that don't exist. +- $emessages{$email} .= "Changes made to $realfile follow:\n"; ++ $emessages{$email} .= "Changes made to '$realfile' follow:\n"; + foreach my $line (@diff) { + $emessages{$email} .= " $line"; + } +@@ -369,6 +370,7 @@ + + my $chmodfile = $realfile; + $chmodfile =~ s|/|:|g; ++ $chmodfile =~ s| |_|g; + $chmodfile =~ s|^:||g; + # the RCS file should never be writable. + chmod($filemode & 0444, "$historypath/RCS/$chmodfile,v"); +@@ -392,13 +394,11 @@ + if(!$opt_r) { + chdir($historypath) or die "Can't chdir to $historypath for ci: $!\n"; + my $quiet = ""; +- print "cp $realfile $compfile\n" unless defined($opt_q); +- `co $compfile`; # hack to make rcs work here too! +- `cp $realfile $compfile`; # make backup copy +- #`mv $realfile $realfile.track`; # copy backwards, to keep modification date +- #`cp $realfile.track $realfile`; # make backup copy +- system("ci $rcs_quiet -m'modification of $realfile on $date' -l $compfile"); +- `rm $compfile`; ++ print "cp \"$realfile\" \"$compfile\"\n" unless defined($opt_q); ++ `co "$compfile"`; # hack to make rcs work here too! ++ copy($realfile, $compfile); # make backup copy ++ system("ci $rcs_quiet -m'modification of \"$realfile\" on $date' -l \"$compfile\""); ++ `rm "$compfile"`; + } + } + } +@@ -407,6 +407,7 @@ + # no file was matched by 'ls', so create message for misspelled files + $origfile = $filename; + $filename =~ s|/|:|g; # replace each '/' by ':' ++ $filename =~ s| |_|g; # replace each ' ' by '_' + $filename =~ s|^:||; # remove leading ':' + open(LOG, ">>$historypath$filename"); + print LOG "$date No files match `$origfile'\n"; --- changetrack-4.5.orig/debian/patches/series +++ changetrack-4.5/debian/patches/series @@ -0,0 +1,3 @@ +reject-weird-filenames.diff +hostname.diff +manpage.diff --- changetrack-4.5.orig/debian/patches/manpage.diff +++ changetrack-4.5/debian/patches/manpage.diff @@ -0,0 +1,92 @@ +## manpage.diff by Jens Peter Secher +## +## Describe -f option. +## Describe cron files. + +Index: changetrack/changetrack.man +=================================================================== +--- changetrack.orig/changetrack.man 2009-04-18 22:28:36.000000000 +0200 ++++ changetrack/changetrack.man 2009-04-18 22:47:01.000000000 +0200 +@@ -1,13 +1,13 @@ + .TH CHANGETRACK 1 "" "" \" -*- nroff -*- + .SH NAME +-changetrack \- track changes to configuration files ++changetrack \- track changes to files + .SH SYNOPSIS + .B changetrack +-[-h] [\-c configfile] [\-d directory] [-e] [-r] [-q] [\-m message] [\-M message] [-v] [-u] [\-o emailaddress] ++[-h] [\-c configfile] [\-d directory] [\-e] [\-r] [\-q] [\-m message] [\-M message] [\-v] [\-u] [\-o toaddress] [\-f fromaddress] + .SH DESCRIPTION + .B changetrack + is a program to monitor changes to a bunch of files. If files are +-modify one day, and the machine starts working incorrectly some days later, ++modified one day, and the machine starts working incorrectly some days later, + .B changetrack + can provide information on which files were modified, and help locate + the problem. +@@ -15,6 +15,14 @@ + Normally + .B changetrack + uses ++.B ed ++to keep track of various revisions of the files by maintaining an ++.I .ed ++script with the change history for each file. ++.PP ++Alternatively, ++.B changetrack ++can use + .B rcs + to keep track of various revisions of the files. Each file is "installed" + in the +@@ -95,9 +103,9 @@ + .TP + .BI \-o "emailaddress" + Mail output to emailaddress. This is supplementary to emails specified in the config file. +-+ .TP +-+ .BI \-f "emailaddress" +-+ Set "From" header to emailaddress (which must be a valid). ++.TP ++.BI \-f "emailaddress" ++Set "From" header to emailaddress, which must be fully qualified. + + .SH REQUIREMENTS + This program requires +@@ -111,6 +119,7 @@ + switch is used, + .B ed + is required. ++ + .SH FILES + .TP + ~/.changetrackrc +@@ -132,6 +141,17 @@ + exists, in which case the + .B rcs + files are stored in that directory. ++.TP ++/etc/cron.daily/changetrack ++Script that creates the list of all files monitor. ++.TP ++/etc/cron.hourly/changetrack ++Script that invocates ++.B changetrack. ++.TP ++/etc/default/changetrack ++Configuration for the above two scripts. ++ + .SH DIAGNOSTICS + Each filename is written to standard output. + .B rcs +@@ -145,8 +165,10 @@ + Manual Page Revision: 2.1 Release Date: 2001-03-06. + .br + Copyright \(co 2001-2005 Cameron J. Morland. ++.br ++Changed by Jens Peter Secher to reflect the Debian modifications. + .SH "SEE ALSO" +-rcsintro(1), co(1) ++ed(1), rcsintro(1), co(1) + + .SH TODO + Automate removal of out-of-date changes, to save disk space and clarify --- changetrack-4.5.orig/debian/patches/hostname.diff +++ changetrack-4.5/debian/patches/hostname.diff @@ -0,0 +1,17 @@ +## hostname.diff by Jens Peter Secher +## +## Use fully qualified hostname when non is specified. + +Index: changetrack/changetrack +=================================================================== +--- changetrack.orig/changetrack 2009-04-18 23:03:47.000000000 +0200 ++++ changetrack/changetrack 2009-04-18 23:04:05.000000000 +0200 +@@ -25,7 +25,7 @@ + my $version = $temp[1]; + + my $homedir = $ENV{"HOME"} || $ENV{"LOGDIR"} || (getpwuid($<))[7]; +-my $hostname = `hostname`; chomp($hostname); ++my $hostname = `hostname -f`; chomp($hostname); + if(substr($homedir,-1,1) ne "/") {$homedir = $homedir . "/";} + + my ($rcs_quiet, $diffargs);