Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: pu
Dear Release Managers,
I have recently updated Samhain in sid and have fixed some important bugs. As
requested by DSA, since samhain is used in many project machines, I would like
to make an upload to the wheezy release including some of these fixes.
Most relevant bugs that would be fixed by this upload are:
Bugs associated with the use of dnmalloc in different architectures:
- #733875 broken on s390x
- #657307 does not reap children (in armhf hosts)
- #533860 samhain: frequent segfaults on lenny alpha
Miscellaneous bugs which can be easily fixed in stable too:
- #689902 Ships a folder in /var/run
- #709753 mail reports with default config fail almost silently
The full diff is attached, it is hopefully self-explanatory. Please don't
hesitate to ask, should you need any additional information.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 3.11-2-686-pae (SMP w/4 CPU cores)
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff --git a/debian/changelog b/debian/changelog
index 0d18487..71faf11 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,27 @@
+samhain (2.8.3a-2) stable; urgency=medium
+
+ [ Backport fixes from unstable version to fix serious/important bugs ]
+ * debian/rules:
+ - Disable dnmalloc for all architectures expect those known to work. It
+ seems to be the source of problems and segfaults in many different
+ architectures (Closes: #533860, #657307)
+ - Disable dnmalloc for s390x, as it is done for s390 already
+ (Closes: #733875)
+ * Fix use of /var/run/samhain, which is created by the init.d script since
+ version 2.6.2-1:
+ - Remove the /var/run/samhain directory when the package is purged
+ - Do not ship /var/run/samhain in the package file
+ Thanks go to Thomas Goirand for spotting this issue and providing a
+ patch, which I used as a basis for the above changes
+ (Closes: #689902)
+ * Default samhainrc now uses SetMailAddress=root, SetMailRelay=localhost
+ since there have been reports of the previous confguration
+ (SetMailAddress=root@localhost, SetMailRelay=NULL) not working since
+ samhain tries to retrieve an MX record for 'localhost' from the DNS
+ (Closes: 709754)
+
+ -- Javier Fernández-Sanguino Peña <j...@debian.org> Sun, 19 Jan 2014 11:53:32 +0100
+
samhain (2.8.3a-1) unstable; urgency=low
* New upstream release (Closes: #602678)
diff --git a/debian/postrm b/debian/postrm
index 51bbc12..c189cb5 100644
--- a/debian/postrm
+++ b/debian/postrm
@@ -7,7 +7,7 @@ set -e
case "$1" in
purge)
- for dir in /var/log/samhain/supervise /var/log/samhain /var/state/samhain
+ for dir in /var/log/samhain/supervise /var/log/samhain /var/state/samhain /var/run/samhain
do
[ -d "$dir" ] && {
find $dir -type f -exec rm -f {} \;
diff --git a/debian/rules b/debian/rules
index 083f6a9..a1a868a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,17 +11,27 @@
# This is the debhelper compatability version to use.
# export DH_COMPAT=5
+# Disable dnmalloc for most architectures except for
+# those known to work (i386 and amd64).
+# For more information see:
+# http://www.la-samhna.de/samhain/manual/dnmalloc.html
ifeq (linux,$(DEB_HOST_ARCH_OS))
-ifeq (ia64,$(DEB_HOST_ARCH))
-DNMALLOC = --disable-dnmalloc
-else ifeq (s390,$(DEB_HOST_ARCH))
+ifeq (amd64,$(DEB_HOST_ARCH))
+DNMALLOC = --enable-dnmalloc
+else ifeq (i386,$(DEB_HOST_ARCH))
+DNMALLOC = --enable-dnmalloc
+else
DNMALLOC = --disable-dnmalloc
+endif
else
+ifeq (amd64,$(DEB_HOST_ARCH))
+DNMALLOC = --enable-dnmalloc
+else ifeq (i386,$(DEB_HOST_ARCH))
DNMALLOC = --enable-dnmalloc
-endif
else
DNMALLOC = --disable-dnmalloc
endif
+endif
build: build-stamp
build-stamp:
@@ -100,6 +110,8 @@ binary-arch: build install
dh_installchangelogs docs/Changelog
dh_link
dh_strip
+ # Remove /var/run/samhain from the package, it is created by the init script
+ -rm -rf `pwd`/debian/samhain/var/run/samhain
dh_compress
dh_fixperms
dh_installdeb
diff --git a/debian/samhainrc b/debian/samhainrc
index 01724f4..992caac 100644
--- a/debian/samhainrc
+++ b/debian/samhainrc
@@ -591,11 +591,12 @@ SetMailNum = 10
## Recipient (max. 8)
#
-SetMailAddress=root@localhost
+#SetMailAddress=root@localhost
+SetMailAddress=root
## Mail relay (IP address)
#
-# SetMailRelay = NULL
+SetMailRelay = localhost
## Custom subject format
#
diff --git a/sql_init/samhain.mysql.init~ b/sql_init/samhain.mysql.init~
deleted file mode 100644
index e6eb065..0000000
--- a/sql_init/samhain.mysql.init~
+++ /dev/null
@@ -1,95 +0,0 @@
-CREATE DATABASE samhain;
-USE mysql;
-INSERT INTO db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('localhost','samhain','','N','Y','N','N','N','N');
-USE samhain;
-CREATE TABLE samhain.log (
- log_index BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
- log_ref BIGINT UNSIGNED NULL,
- log_host VARCHAR(64) NOT NULL DEFAULT "localhost",
- INDEX ix_log_host (log_host),
- log_time DATETIME NOT NULL,
- log_sev ENUM("DEBG","INFO","NOTE","WARN","MARK","ERRO","CRIT","ALRT","RCVT") NOT NULL,
- log_msg BLOB,
-
- log_hash VARCHAR(32) NOT NULL,
- KEY ix_hash (log_hash),
-
- entry_status VARCHAR(16) NOT NULL DEFAULT "NEW",
- INDEX ix_entry_status (entry_status),
-
- path BLOB,
- userid VARCHAR(8),
- grp VARCHAR(8),
- program VARCHAR(8),
- subroutine VARCHAR(16),
- status VARCHAR(12),
- hash VARCHAR(50),
- path_data BLOB,
- hash_data VARCHAR(50),
- key_uid VARCHAR(64),
- key_uid_data VARCHAR(64),
- key_id VARCHAR(16),
- module VARCHAR(8),
- return_code INTEGER,
- syscall VARCHAR(16),
- ip VARCHAR(16),
- tty VARCHAR(16),
- peer VARCHAR(64),
- fromhost VARCHAR(64),
- obj BLOB,
- interface VARCHAR(64),
- time VARCHAR(64),
- dir BLOB,
- linked_path BLOB,
- port INTEGER,
- service VARCHAR(64),
- facility VARCHAR(32),
- priority VARCHAR(32),
- syslog_msg BLOB,
-
- mode_old VARCHAR(16),
- mode_new VARCHAR(16),
- attr_old VARCHAR(16),
- attr_new VARCHAR(16),
-
- device_old VARCHAR(16),
- device_new VARCHAR(16),
- owner_old VARCHAR(9),
- owner_new VARCHAR(9),
- group_old VARCHAR(9),
- group_new VARCHAR(9),
- ctime_old DATETIME,
- ctime_new DATETIME,
- atime_old DATETIME,
- atime_new DATETIME,
- mtime_old DATETIME,
- mtime_new DATETIME,
- chksum_old VARCHAR(50),
- chksum_new VARCHAR(50),
- link_old BLOB,
- link_new BLOB,
-
- size_old BIGINT,
- size_new BIGINT,
- hardlinks_old BIGINT,
- hardlinks_new BIGINT,
- inode_old BIGINT,
- inode_new BIGINT,
-
- imode_old BIGINT,
- imode_new BIGINT,
- iattr_old BIGINT,
- iattr_new BIGINT,
- idevice_old BIGINT,
- idevice_new BIGINT,
- iowner_old BIGINT,
- iowner_new BIGINT,
- igroup_old BIGINT,
- igroup_new BIGINT,
-
-
- acl_old BLOB,
- acl_new BLOB
-
- );
-
diff --git a/sql_init/samhain.oracle.init~ b/sql_init/samhain.oracle.init~
deleted file mode 100644
index ebd7e3f..0000000
--- a/sql_init/samhain.oracle.init~
+++ /dev/null
@@ -1,93 +0,0 @@
-CREATE SEQUENCE log_log_index_seq START WITH 1;
-CREATE TABLE log (
- log_index INTEGER NOT NULL,
- log_ref NUMBER(20) NULL,
- log_host VARCHAR2(64) DEFAULT 'localhost' NOT NULL,
- log_time DATE NOT NULL,
- log_sev VARCHAR2(4) NOT NULL,
- log_msg VARCHAR2(4000),
- log_hash VARCHAR2(32),
- entry_status VARCHAR2(16) DEFAULT 'NEW' NOT NULL,
- path CLOB,
- userid VARCHAR2(8),
- grp VARCHAR2(8),
- program VARCHAR2(8),
- subroutine VARCHAR2(16),
- status VARCHAR2(12),
- hash VARCHAR2(50),
- path_data VARCHAR2(4000),
- hash_data VARCHAR2(50),
- key_uid VARCHAR2(64),
- key_uid_data VARCHAR2(64),
- key_id VARCHAR2(16),
- module VARCHAR2(8),
- return_code INTEGER,
- syscall VARCHAR2(16),
- ip VARCHAR2(16),
- tty VARCHAR2(16),
- peer VARCHAR2(64),
- fromhost VARCHAR2(64),
- obj VARCHAR2(128),
- interface VARCHAR2(64),
- time VARCHAR2(64),
- dir CLOB,
- linked_path CLOB,
- port INTEGER,
- service VARCHAR2(64),
- facility VARCHAR2(32),
- priority VARCHAR2(32),
- syslog_msg VARCHAR2(4000),
- mode_old VARCHAR2(16),
- mode_new VARCHAR2(16),
- attr_old VARCHAR2(16),
- attr_new VARCHAR2(16),
- device_old VARCHAR2(16),
- device_new VARCHAR2(16),
- owner_old VARCHAR2(9),
- owner_new VARCHAR2(9),
- group_old VARCHAR2(9),
- group_new VARCHAR2(9),
- ctime_old VARCHAR2(25),
- ctime_new VARCHAR2(25),
- atime_old VARCHAR2(25),
- atime_new VARCHAR2(25),
- mtime_old VARCHAR2(25),
- mtime_new VARCHAR2(25),
- chksum_old VARCHAR2(50),
- chksum_new VARCHAR2(50),
- link_old CLOB,
- link_new CLOB,
- size_old NUMBER(20),
- size_new NUMBER(20),
- hardlinks_old NUMBER(20),
- hardlinks_new NUMBER(20),
- inode_old NUMBER(20),
- inode_new NUMBER(20),
- imode_old NUMBER(20),
- imode_new NUMBER(20),
- iattr_old NUMBER(20),
- iattr_new NUMBER(20),
- idevice_old NUMBER(20),
- idevice_new NUMBER(20),
- iowner_old NUMBER(20),
- iowner_new NUMBER(20),
- igroup_old NUMBER(20),
- igroup_new NUMBER(20),
- acl_old VARCHAR2(4000),
- acl_new VARCHAR2(4000)
- );
-
-CREATE UNIQUE INDEX log_log_index_key on log (log_index);
-
-CREATE INDEX ix_hash ON log (log_hash);
-
-CREATE INDEX ix_log_host ON log (log_host);
-CREATE INDEX ix_log_ref ON log (log_ref);
-CREATE INDEX ix_entry_status ON log (entry_status);
-
-GRANT INSERT ON log TO samhain;
-GRANT ALTER ON log_log_index_seq TO samhain;
-GRANT SELECT ON log_log_index_seq TO samhain;
-
-
-
diff --git a/sql_init/samhain.postgres.init~ b/sql_init/samhain.postgres.init~
deleted file mode 100644
index e5edb25..0000000
--- a/sql_init/samhain.postgres.init~
+++ /dev/null
@@ -1,98 +0,0 @@
-CREATE SEQUENCE log_log_index_seq START 1;
-CREATE TABLE log (
- log_index INTEGER NOT NULL,
- log_ref BIGINT NULL,
- log_host VARCHAR(64) NOT NULL DEFAULT 'localhost',
- log_time TIMESTAMP NOT NULL,
- log_sev VARCHAR(4) NOT NULL,
- log_msg TEXT,
-
- log_hash VARCHAR(32),
-
- entry_status VARCHAR(16) NOT NULL DEFAULT 'NEW',
-
- path TEXT,
- userid VARCHAR(8),
- grp VARCHAR(8),
- program VARCHAR(8),
- subroutine VARCHAR(16),
- status VARCHAR(12),
- hash VARCHAR(50),
- path_data TEXT,
- hash_data VARCHAR(50),
- key_uid VARCHAR(64),
- key_uid_data VARCHAR(64),
- key_id VARCHAR(16),
- module VARCHAR(8),
- return_code INTEGER,
- syscall VARCHAR(16),
- ip VARCHAR(16),
- tty VARCHAR(16),
- peer VARCHAR(64),
- fromhost VARCHAR(64),
- obj TEXT,
- interface VARCHAR(64),
- time VARCHAR(64),
- dir TEXT,
- linked_path TEXT,
- port INTEGER,
- service VARCHAR(64),
- facility VARCHAR(32),
- priority VARCHAR(32),
- syslog_msg TEXT,
-
- mode_old VARCHAR(16),
- mode_new VARCHAR(16),
- attr_old VARCHAR(16),
- attr_new VARCHAR(16),
-
- device_old VARCHAR(16),
- device_new VARCHAR(16),
- owner_old VARCHAR(9),
- owner_new VARCHAR(9),
- group_old VARCHAR(9),
- group_new VARCHAR(9),
- ctime_old TIMESTAMP,
- ctime_new TIMESTAMP,
- atime_old TIMESTAMP,
- atime_new TIMESTAMP,
- mtime_old TIMESTAMP,
- mtime_new TIMESTAMP,
- chksum_old VARCHAR(50),
- chksum_new VARCHAR(50),
- link_old TEXT,
- link_new TEXT,
-
- size_old BIGINT,
- size_new BIGINT,
- hardlinks_old BIGINT,
- hardlinks_new BIGINT,
- inode_old BIGINT,
- inode_new BIGINT,
-
- imode_old BIGINT,
- imode_new BIGINT,
- iattr_old BIGINT,
- iattr_new BIGINT,
- idevice_old BIGINT,
- idevice_new BIGINT,
- iowner_old BIGINT,
- iowner_new BIGINT,
- igroup_old BIGINT,
- igroup_new BIGINT,
-
- acl_old TEXT,
- acl_new TEXT
- );
-
-
-CREATE UNIQUE INDEX log_log_index_key on log (log_index);
-CREATE INDEX ix_hash ON log (log_hash);
-
-CREATE INDEX ix_log_host ON log (log_host);
-CREATE INDEX ix_entry_status ON log (entry_status);
-
-GRANT INSERT ON log TO samhain;
-GRANT UPDATE ON log_log_index_seq TO samhain;
-GRANT SELECT ON log_log_index_seq TO samhain;
-
