--- conntrack-1.0.0.orig/src/read_config_lex.c +++ conntrack-1.0.0/src/read_config_lex.c @@ -4290,7 +4290,8 @@ /* This used to be an fputs(), but since the string might contain NUL's, * we now use fwrite(). */ -#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0) + +#define ECHO if (fwrite( yytext, yyleng, 1, yyout )) yy_fatal_error (strerror (errno)); #endif /* Gets input and stuffs it into "buf". number of characters read, or YY_NULL, --- conntrack-1.0.0.orig/src/main.c +++ conntrack-1.0.0/src/main.c @@ -333,7 +333,10 @@ exit(EXIT_FAILURE); } - chdir("/"); + if (chdir("/")<0) { + perror("chdir"); + exit(EXIT_FAILURE); + } close(STDIN_FILENO); /* Daemonize conntrackd */ --- conntrack-1.0.0.orig/debian/conntrackd.conf +++ conntrack-1.0.0/debian/conntrackd.conf @@ -0,0 +1,101 @@ +# +# General settings +# +General { + # + # Number of buckets in the caches: hash table + # + HashSize 8192 + + # + # Maximum number of conntracks: + # it must be >= $ cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max + # + HashLimit 65535 + + # + # Logfile: on (/var/log/conntrackd.log), off, or a filename + # Default: off + # + #LogFile on + + # + # Syslog: on, off or a facility name (daemon (default) or local0..7) + # Default: off + # + Syslog on + + # + # Lockfile + # + LockFile /var/lock/conntrackd.lock + + # + # Unix socket configuration + # + UNIX { + Path /var/run/conntrackd.sock + Backlog 20 + } + + # + # Netlink socket buffer size + # + SocketBufferSize 262142 + + # + # Increase the socket buffer up to maximun if required + # + SocketBufferSizeMaxGrown 655355 + + # + # Event filtering: This clause allows you to filter certain traffic, + # There are currently three filter-sets: Protocol, Address and + # State. The filter is attached to an action that can be: Accept or + # Ignore. Thus, you can define the event filtering policy of the + # filter-sets in positive or negative logic depending on your needs. + # + Filter { + # + # Accept only certain protocols: You may want to log the + # state of flows depending on their layer 4 protocol. + # + Protocol Accept { + TCP + } + + # + # Ignore traffic for a certain set of IP's. + # + Address Ignore { + IPv4_address 127.0.0.1 # loopback + } + + # + # Uncomment this line below if you want to filter by flow state. + # The existing TCP states are: SYN_SENT, SYN_RECV, ESTABLISHED, + # FIN_WAIT, CLOSE_WAIT, LAST_ACK, TIME_WAIT, CLOSED, LISTEN. + # + # State Accept { + # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP + # } + } +} + +Stats { + # + # If you enable this option, the daemon writes the information about + # destroyed connections to a logfile. Default is off. + # Logfile: on, off, or a filename + # Default file: (/var/log/conntrackd-stats.log) + # + LogFile on + + # + # Enable connection logging via Syslog. Default is off. + # Syslog: on, off or a facility name (daemon (default) or local0..7) + # If you set the facility, use the same as in the General clause, + # otherwise you'll get a warning message. + # + #Syslog on +} --- conntrack-1.0.0.orig/debian/rules +++ conntrack-1.0.0/debian/rules @@ -0,0 +1,98 @@ +#!/usr/bin/make -f +# -*- mode: makefile; coding: utf-8 -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +CFLAGS = -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 -fno-strict-aliasing +endif + +# fix "read_config_lex.c:4451: error: 'input' defined but not used" +CFLAGS += -DYY_NO_INPUT + +build: debian/stamp-build +debian/stamp-build: patch + dh_testdir + + # ./configure + CFLAGS="$(CFLAGS)" ./configure --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \ + --disable-dependency-tracking \ + --prefix=/usr + + # Build libnetfilter-conntrack + $(MAKE) + + touch $@ + +clean: clean1 unpatch +clean1: + dh_testdir + dh_testroot + rm -f debian/stamp-* + + [ ! -f Makefile ] || $(MAKE) distclean + + dh_clean + +install: debian/stamp-install +debian/stamp-install: debian/stamp-build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) DESTDIR=`pwd`/debian/tmp install + + touch $@ + +# And now the simple things for dpatch. Here we only apply/unapply the patches. +# You can do more things with dpatch, like having patches only applied on +# a special architecture - see the non-dh version of the sample for this! +patch: patch-stamp +patch-stamp: + dpatch apply-all + dpatch cat-all >patch-stamp + touch patch-stamp + +unpatch: + dpatch deapply-all + rm -rf patch-stamp debian/patched + + + +# Build architecture-independent files here. +binary-indep: + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir -a + dh_testroot -a + dh_installdocs -a -A AUTHORS + dh_installchangelogs -a + dh_installlogrotate -a + dh_installinit -a + dh_install -a -X.svn + dh_link -a + dh_strip -a + dh_compress -a + dh_fixperms -a + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install patch unpatch \ + clean1 --- conntrack-1.0.0.orig/debian/conntrackd.preinst +++ conntrack-1.0.0/debian/conntrackd.preinst @@ -0,0 +1,25 @@ +#!/bin/sh +set -e + +action=$1 +version=$2 + +if [ "$action" = upgrade -a -n "$version" ] && + dpkg --compare-versions "$version" lt "1:0.9.8-1" && + test -f /etc/conntrackd.conf && + ! test -e /etc/conntrackd/conntrackd.conf; then + # package versions < 0.9.8-1 had the configuration file in a + # non-standard location + mkdir -p /etc/conntrackd + if md5sum /etc/conntrackd.conf 2> /dev/null | + grep -q 9e463d9bb7902e513da1b90b326bd43d + then + # unmodified version, dpkg should not prompt, delete in postinst + mv /etc/conntrackd.conf /etc/conntrackd.conf.dpkg-updating + else + # move to new location to make dpkg prompt + mv /etc/conntrackd.conf /etc/conntrackd/conntrackd.conf + fi +fi + +#DEBHELPER# --- conntrack-1.0.0.orig/debian/conntrack.install +++ conntrack-1.0.0/debian/conntrack.install @@ -0,0 +1,2 @@ +debian/tmp/usr/sbin/conntrack +debian/tmp/usr/share/man/man8/conntrack.8 --- conntrack-1.0.0.orig/debian/conntrackd.postinst +++ conntrack-1.0.0/debian/conntrackd.postinst @@ -0,0 +1,17 @@ +#!/bin/sh +set -e + +action=$1 +version=$2 + +# package versions < 0.9.8-1 had the configuration file in a +# non-standard location +if [ "$action" = configure -a -n "$version" ] && + dpkg --compare-versions "$version" lt "1:0.9.8-1" && + test -f /etc/conntrackd.conf.dpkg-updating +then + # unmodified version, delete without prompting + rm /etc/conntrackd.conf.dpkg-updating +fi + +#DEBHELPER# --- conntrack-1.0.0.orig/debian/copyright +++ conntrack-1.0.0/debian/copyright @@ -0,0 +1,21 @@ +This package was debianized by Max Kellermann on +Thu Sep 21 00:09:44 CEST 2006 + +It was downloaded from http://conntrack-tools.netfilter.org/downloads.html + +Upstream Authors: +Pablo Neira Ayuso +Harald Welte + +Copyright: + +(C) 2005 by Pablo Neira Ayuso + + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or (at + your option) any later version. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. --- conntrack-1.0.0.orig/debian/conntrackd.postrm +++ conntrack-1.0.0/debian/conntrackd.postrm @@ -0,0 +1,19 @@ +#!/bin/sh +set -e + +action=$1 + +# package versions < 0.9.8-1 had the configuration file in a +# non-standard location +if [ "$action" = "abort-upgrade" ] && + [ -f /etc/conntrackd.conf.dpkg-updating ] +then + # unmodified version, restore + mv /etc/conntrackd.conf.dpkg-updating /etc/conntrackd.conf +fi + +if [ "$action" = "purge" ] ; then + rm -f /etc/conntrackd.conf.dpkg-updating +fi + +#DEBHELPER# --- conntrack-1.0.0.orig/debian/watch +++ conntrack-1.0.0/debian/watch @@ -0,0 +1,4 @@ +version=3 + +opts="uversionmangle=s/beta/~beta/" \ +http://ftp.netfilter.org/pub/conntrack-tools/conntrack-tools-(\S+)\.tar\.bz2 --- conntrack-1.0.0.orig/debian/control +++ conntrack-1.0.0/debian/control @@ -0,0 +1,25 @@ +Source: conntrack +Section: net +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Alexander Wirt +Homepage: http://conntrack-tools.netfilter.org/ +Build-Depends: debhelper (>= 5), libnfnetlink-dev (>= 1.0.0), + libnetfilter-conntrack-dev (>= 0.9.1), bison, flex, dpatch +Standards-Version: 3.9.1 + +Package: conntrack +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Program to modify the conntrack tables + conntrack is a userspace command line program targeted at system + administrators. It enables them to view and manage the in-kernel + connection tracking state table. + +Package: conntrackd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Connection tracking daemon + Conntrackd can replicate the status of the connections that are + currently being processed by your stateful firewall based on Linux. + Conntrackd can also run as statistics daemon. --- conntrack-1.0.0.orig/debian/compat +++ conntrack-1.0.0/debian/compat @@ -0,0 +1 @@ +5 --- conntrack-1.0.0.orig/debian/conntrackd.install +++ conntrack-1.0.0/debian/conntrackd.install @@ -0,0 +1,4 @@ +debian/tmp/usr/sbin/conntrackd +debian/tmp/usr/share/man/man8/conntrackd.8 +debian/conntrackd.conf etc/conntrackd +doc/stats doc/sync usr/share/doc/conntrackd/examples --- conntrack-1.0.0.orig/debian/conntrackd.logrotate +++ conntrack-1.0.0/debian/conntrackd.logrotate @@ -0,0 +1,9 @@ +/var/log/conntrackd-stats.log { + weekly + rotate 2 + missingok + + postrotate + invoke-rc.d conntrackd restart > /dev/null + endscript +} --- conntrack-1.0.0.orig/debian/conntrackd.default +++ conntrack-1.0.0/debian/conntrackd.default @@ -0,0 +1,5 @@ +# Which configuration file? +#CONFIG=/etc/conntrackd/conntrackd.conf + +# Additional options for daemon startup. +#OPTIONS="" --- conntrack-1.0.0.orig/debian/changelog +++ conntrack-1.0.0/debian/changelog @@ -0,0 +1,207 @@ +conntrack (1:1.0.0-2ubuntu1) oneiric; urgency=low + + * Merge from debian unstable. (LP: #778690) Remaining changes: + - Error on fwrite failure in src/read_config_lex.c. + - Patch from Kees Cook to not ignore return value of chdir call. + + -- Angel Abad Tue, 07 Jun 2011 15:17:56 +0200 + +conntrack (1:1.0.0-2) unstable; urgency=low + + * Build depend on libnetfilter-conntrack >= 0.9.1 + (Closes: #616410) + + -- Alexander Wirt Fri, 04 Mar 2011 10:07:00 +0100 + +conntrack (1:1.0.0-1) unstable; urgency=low + + * New upstream version (Closes: #589202, #589203, #589204) + - Fix removing of conntrack entries (Closes: #496769) + * Bump standards version + * Force deb source 1.0 + * Use invoke-rc.d in logrotate.de (Closes: #613512) + * Make logrotate silent (Closes: #605247) + + -- Alexander Wirt Thu, 03 Mar 2011 23:07:26 +0100 + +conntrack (1:0.9.14-2ubuntu1) maverick; urgency=low + + * Merge from debian unstable (LP: #599148), remaining changes: + - Error on fwrite failure in src/read_config_lex.c. + - Patch from Kees Cook to not ignore return value of chdir call. + + -- Lorenzo De Liso Sun, 27 Jun 2010 23:47:14 +0200 + +conntrack (1:0.9.14-2) unstable; urgency=low + + * Integrate lost NMU from Stefan Fritsch. Thanks Stefan + * Prevent dpkg conffile prompt for unmodified conntrackd.conf when upgrading + from pre 1:0.9.12-1 (closes: #542662). + + -- Alexander Wirt Sat, 13 Feb 2010 11:17:59 +0100 + +conntrack (1:0.9.14-1) unstable; urgency=low + + * New upstream version + * Add ${misc:Depends} to all binary packages + * Add dpatch support + * Bump standards version (no changes) + * Remove Max from Uploaders. Thanks for your work! + * Backport patch from HEAD to fix UDP filtering. + Thanks tino for the hint + + -- Alexander Wirt Sat, 30 Jan 2010 18:34:09 +0100 + +conntrack (1:0.9.13-1.1ubuntu1) lucid; urgency=low + + * Merge from debian testing. Remaining changes: LP: #506831 + - Error on fwrite failure in src/read_config_lex.c. + - Patch from Kees Cook to not ignore return value of chdir call. + + -- Bhavani Shankar Wed, 13 Jan 2010 10:36:40 +0530 + +conntrack (1:0.9.13-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Prevent dpkg conffile prompt for unmodified conntrackd.conf when upgrading + from pre 1:0.9.12-1 (closes: #542662). + + -- Stefan Fritsch Sat, 28 Nov 2009 20:41:03 +0100 + +conntrack (1:0.9.13-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release (Closes: #537896, #545918) + - require libnfnetlink 1.0.0, libnetfilter_conntrack 0.0.100 + - ChangeLog was removed by upstream + * updated home page in the copyright file (Closes: #533583) + * correct LSB dependencies in init script, patch by Petter Reinholdtsen + (Closes: #541079) + + [ Alexander Wirt ] + * Bump standards version + + -- Alexander Wirt Thu, 17 Sep 2009 12:32:19 +0200 + +conntrack (1:0.9.12-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable (LP: #380358), remaining changes: + - Error on fwrite failure in src/read_config_lex.c. + - Patch from Kees Cook to not ignore return value of chdir call. + * debian/copyright: Updated download site. + + -- Andres Rodriguez Thu, 18 Jun 2009 18:27:31 -0500 + +conntrack (1:0.9.12-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + - build-depend on libnfnetlink 0.0.40, libnetfilter-conntrack 0.0.99 + - fixes FTBS (undeclared variable) + (Closes: #522181, #518891) + * moved conntrackd.conf to /etc/conntrackd/conntrackd.conf (Closes: #477679) + * updated sample configuration file + * updated home page to http://conntrack-tools.netfilter.org/ + * restart conntrackd after logrotate (Closes: #513079) + + [ Alexander Wirt ] + * Bump standards version + + -- Alexander Wirt Thu, 02 Apr 2009 11:37:25 +0200 + +conntrack (1:0.9.7-1.1ubuntu2) jaunty; urgency=low + + * Patch from Kees Cook to not ignore return value of chdir call. Thanks + Kees (LP: #256380) + * Remove undef of _FORTIFY_SOURCE. + * Error on fwrite failure in src/read_config_lex.c. + + -- James Westby Mon, 24 Nov 2008 01:27:09 +0000 + +conntrack (1:0.9.7-1.1ubuntu1) jaunty; urgency=low + + * Merge from debian unstable (LP: 256380), remaining changes: + + #include in {main,ignore_pool}.c to get PATH_MAX and INT_MAX + + local.c: Fix insecure printf usage + + debian/rules: + -undef _FORTIFY_SOURCE so that it doesn't fail about ignored chdir() + return value. + + -- Manny Vindiola Fri, 21 Nov 2008 18:36:33 -0500 + +conntrack (1:0.9.7-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Add casts to printf() statement in event_cb() to avoid a compiler + warning on sparc which results in build failure (Closes: #492813) + + -- Jurij Smakov Sat, 23 Aug 2008 20:51:33 +0100 + +conntrack (1:0.9.7-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + - dropped all patches because they have been merged by upstream + - depend on libnfnetlink 0.0.33, libnetfilter-conntrack 0.0.94 + + [ Alexander Wirt ] + * Bump standards version (No changes) + + -- Alexander Wirt Tue, 22 Jul 2008 23:33:30 +0200 + +conntrack (1:0.9.6-4ubuntu1) intrepid; urgency=low + + * debian/patches: Add fix_includes_and_printf_usage.dpatch + - #include in {main,ignore_pool}.c to get PATH_MAX and INT_MAX + - local.c: Fix insecure printf usage + * debian/rules: undef _FORTIFY_SOURCE so that it doesn't fail about ignored + chdir() return value. + * Modify Maintainer value to match the DebianMaintainerField specification. + + -- Albin Tonnerre Sun, 15 Jun 2008 18:39:30 +0200 + +conntrack (1:0.9.6-4) unstable; urgency=low + + [ Max Kellermann ] + * fix compilation on SPARC (printf argument mismatch) + + -- Alexander Wirt Mon, 14 Apr 2008 23:09:22 +0200 + +conntrack (1:0.9.6-3) unstable; urgency=low + + [ Max Kellermann ] + * fix gcc 4.3 compilation errors: + - "large integer implicitly truncated to unsigned type" (Closes: #472812) + - "'input' defined but not used" (Closes: #474768) + + -- Alexander Wirt Tue, 08 Apr 2008 22:08:10 +0200 + +conntrack (1:0.9.6-2) unstable; urgency=low + + * Build depend on bison (Closes: #472442) + + -- Alexander Wirt Mon, 24 Mar 2008 12:35:44 +0100 + +conntrack (1:0.9.6-1) unstable; urgency=low + + [ Max Kellermann ] + * new upstream release + * added package "conntrackd" + * updated watchfile for new upstream name "conntrack-tools" (Closes: + #449899) + * removed "-Wall" from CFLAGS override + * moved DH_COMPAT to debian/compat + * don't ignore "make distclean" errors + * bumped Standards-Version to 3.7.3 + * install upstream changelog + * added Homepage header to debian/control + * call dh_install with -X.svn because upstream accidently distributed + the .svn directories + + -- Alexander Wirt Fri, 21 Mar 2008 22:46:22 +0100 + +conntrack (1.00~beta2-1) unstable; urgency=low + + * initial debian release (Closes: #388615) + + -- Max Kellermann Thu, 21 Sep 2006 18:04:51 +0200 --- conntrack-1.0.0.orig/debian/conntrackd.README.Debian +++ conntrack-1.0.0/debian/conntrackd.README.Debian @@ -0,0 +1,8 @@ +conntrackd can run in two modes: +- statistics mode +- synchronization mode + +This package comes with a sample configuration file for the statistics +mode in (/etc/conntrackd/conntrackd.conf). There are also sample +configuration files for the synchronization mode in +/usr/share/doc/conntrackd/examples. --- conntrack-1.0.0.orig/debian/README.source +++ conntrack-1.0.0/debian/README.source @@ -0,0 +1,2 @@ +We use dpatch for patch handling inside our nagios packages. Please see +/usr/share/doc/dpatch/README.source.gz (if you have installed dpatch) for documentation about dpatch. --- conntrack-1.0.0.orig/debian/conntrackd.init +++ conntrack-1.0.0/debian/conntrackd.init @@ -0,0 +1,61 @@ +#!/bin/bash +# +# conntrackd Start conntrackd using /etc/conntrackd.conf +# +# Written by Max Kellermann +# +### BEGIN INIT INFO +# Provides: conntrackd +# Required-Start: $network $syslog $remote_fs +# Required-Stop: $network $syslog $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Description: Starts conntrackd +# short-description: Starts conntrackd +### END INIT INFO + +#includes lsb functions +source /lib/lsb/init-functions + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/conntrackd + +test -x $DAEMON || exit 0 + +CONFIG=/etc/conntrackd/conntrackd.conf +OPTIONS="" + +test -f /etc/default/conntrackd && source /etc/default/conntrackd + +test -f $CONFIG || exit 0 + +case "$1" in + start) + log_begin_msg "Starting conntrackd" + start-stop-daemon --start --quiet \ + --exec $DAEMON \ + -- \ + -d \ + -C "$CONFIG" \ + $OPTIONS + log_end_msg $? + ;; + stop) + log_begin_msg "Stopping conntrackd" + $DAEMON \ + -C "$CONFIG" \ + -k + log_end_msg $? + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + *) + log_action_msg "Usage: /etc/init.d/conntrackd {start|stop|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 --- conntrack-1.0.0.orig/debian/source/format +++ conntrack-1.0.0/debian/source/format @@ -0,0 +1 @@ +1.0