diff -pruN 7.5.4-1/debian/changelog 7.5.4-1ubuntu1/debian/changelog --- 7.5.4-1/debian/changelog 2020-10-04 18:40:40.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/changelog 2020-11-05 04:28:07.000000000 +0000 @@ -1,3 +1,45 @@ +logwatch (7.5.4-1ubuntu1) hirsute; urgency=medium + + * Merge with Debian unstable. Remaining changes: + - Drop libsys-cpu-perl and libsys-meminfo-perl from Recommends to + Suggests as they are in universe. + - d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch: + postfix: Ignore Resolved loghost to 127.0.0.1. + (LP #1583705) + - d/p/0012-postfix-Handle-backwards-compatible-mode.patch: + postfix: Handle backwards-compatible mode. + (LP #1583705) + - d/p/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch: + secure: Ignore warnings about gnome-keyring-daemon items already + registered. + (LP #1890752) + - d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch: + zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing. + These are not installed by default in Ubuntu's logwatch packaging. + (LP #1890749) + - d/p/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch: + pam_unix: Ignore issues about /etc/securetty being missing. + (LP #1890751) + - d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch + audit: Don't handle "unconfined" profile changes distinct from ordinary loads + - d/p/0018-audit-Handle-apparmor-errors-on-DENIED-messages.patch: + audit: Treat Denial Errors same as Denied + (LP #1577948) + - d/p/0019-exim-Handle-self-signed-certs-warnings.patch: + exim: Handle self-signed certs warnings. + (LP #1892269) + - d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch: + dhcpd: Ignore lease age under threshold messages + (LP #1578001) + - d/p/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch: + audit: use the term ALLOWED instead of Grants + (LP #1577948) + * Dropped: + - d/control: Update upstream's homepage + [Taken in 7.5.4-1] + + -- Bryce Harrington Thu, 05 Nov 2020 04:28:07 +0000 + logwatch (7.5.4-1) unstable; urgency=medium * New upstream version 7.5.4 (closes: #970684) @@ -7,6 +49,91 @@ logwatch (7.5.4-1) unstable; urgency=med -- Willi Mann Sun, 04 Oct 2020 20:40:40 +0200 +logwatch (7.5.4-0ubuntu3) groovy; urgency=medium + + * d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch: + Update DEP3 to indicate this patch does not need forwarded upstream + since it corrects a distro packaging issue. + * d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch: + Update DEP3 to link to where this patch was forwarded upstream. + * d/p/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch: + Fix typo in variable '$allawed'; refresh patch. + + -- Bryce Harrington Fri, 04 Sep 2020 16:08:47 -0700 + +logwatch (7.5.4-0ubuntu2) groovy; urgency=medium + + [ Bryce Harrington ] + * d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch: + dhcpd: Ignore lease age under threshold messages + (LP: #1578001) + * d/p/0019-exim-Handle-self-signed-certs-warnings.patch: + exim: Handle self-signed certs warnings. + (LP: #1892269) + * d/p/0018-audit-Treat-Denial-Errors-same-as-Denied.patch: + audit: Treat Denial-Errors same as Denied. + (LP: #1577948) + * d/p/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch: + audit: Apparmor DENIED entries don't always include parent=N. + (LP: #1577948) + * d/p/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch: + pam_unix: Ignore issues about /etc/securetty being missing. + (LP: #1890751) + * d/p/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch: + zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo are missing. + These are not installed by default in Ubuntu's logwatch packaging. + (LP: #1890749) + * d/p/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch: + secure: Ignore warnings about gnome-keyring-daemon items already + registered. + (LP: #1890752) + * d/p/0012-postfix-Handle-backwards-compatible-mode.patch: + postfix: Handle backwards-compatible mode. + (LP: #1583705) + * d/p/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch: + postfix: Ignore Resolved loghost to 127.0.0.1. + (LP: #1583705) + * d/control: Update upstream's homepage + (LP: #1891604) + + [ Lucas Kanashiro ] + * d/p/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch: + audit: use the term ALLOWED instead of Grants. + + -- Bryce Harrington Fri, 21 Aug 2020 01:30:10 +0000 + +logwatch (7.5.4-0ubuntu1) groovy; urgency=medium + + * New upstream version 7.5.4. Remaining changes: + - Drop libsys-cpu-perl and libsys-meminfo-perl from Recommends to + Suggests as they are in universe. + * Dropped: + - Drop 0005-Match-connection-shutdown-by-couriertls.patch + [Taken upstream in 7.5.4] + - Drop 0006-imapd-Handle-SSL3-connection-errors.patch + [Taken upstream in 7.5.4] + + -- Bryce Harrington Mon, 03 Aug 2020 18:27:31 -0700 + +logwatch (7.5.2-1ubuntu2) groovy; urgency=medium + + * 0006-imapd-Handle-SSL3-connection-errors.patch: Handle SSL3 + connection errors for couriertls in imapd. + * 0005-Match-connection-shutdown-by-couriertls.patch: Match connection + shutdown entries by couriertls. These are likely just client errors + and do not represent real problems. + (LP: #1578004) + + -- Bryce Harrington Fri, 05 Jun 2020 23:16:23 +0000 + +logwatch (7.5.2-1ubuntu1) focal; urgency=medium + + * Merge with Debian unstable. Remaining changes: + - Drop libsys-cpu-perl and libsys-meminfo-perl from Recommends to + Suggests as they are in universe. + + -- Bryce Harrington Thu, 23 Jan 2020 11:53:10 -0800 + logwatch (7.5.2-1) unstable; urgency=medium * New upstream version 7.5.2 @@ -15,12 +142,40 @@ logwatch (7.5.2-1) unstable; urgency=med -- Willi Mann Sun, 12 Jan 2020 12:25:08 +0100 +logwatch (7.5.0-2ubuntu1) eoan; urgency=medium + + * Merge with Debian unstable. Remaining changes: + - Drop libsys-cpu-perl and libsys-meminfo-perl from Recommends to + Suggests as they are in universe. + * Dropped: + - debian/control: depend on postfix rather than exim4. + [default-mta is provided by postfix as of precise at least] + - debian/dist.conf/logfiles/maillog.conf: adjust for logrotation. + [While the file is no longer present, it'll just be silently + ignored if it's listed in the config file, so no need to maintain + a delta against debian for this.] + + -- Bryce Harrington Thu, 23 May 2019 10:40:17 -0700 + logwatch (7.5.0-2) unstable; urgency=high * s/s/kernel: fix typo. closes: 917836 -- Willi Mann Sat, 09 Mar 2019 18:14:03 +0100 +logwatch (7.5.0-1ubuntu1) disco; urgency=medium + + * Merge with Debian unstable (LP: #1810928). Remaining changes: + - debian/control: depend on postfix rather than exim4. + - debian/dist.conf/logfiles/maillog.conf: adjust for logrotation + - Drop libsys-cpu-perl and libsys-meminfo-perl from Recommends to + Suggests as they are in universe. + * Dropped Changes: + - d/p/ssh-ignore-disconnected.patch: [sshd] ignore disconnected from user + [upstream] + + -- Karl Stenerud Wed, 09 Jan 2019 10:55:11 +0100 + logwatch (7.5.0-1) unstable; urgency=medium * New upstream version @@ -59,6 +214,23 @@ logwatch (7.4.3+git20180713-1) unstable; -- Willi Mann Tue, 02 Oct 2018 19:52:16 +0200 +logwatch (7.4.3+git20161207-2ubuntu2) cosmic; urgency=medium + + * d/p/ssh-ignore-disconnected.patch: [sshd] ignore disconnected from user + USER (LP: 1644057) + + -- Karl Stenerud Fri, 31 Aug 2018 09:44:50 -0700 + +logwatch (7.4.3+git20161207-2ubuntu1) zesty; urgency=medium + + * Merge from Debian testing. Remaining changes: + - debian/control: depend on postfix rather than exim4. + - debian/dist.conf/logfiles/maillog.conf: adjust for logrotation + - Drop libsys-cpu-perl and libsys-meminfo-perl from Recommends to + Suggests as they are in universe. + + -- Christian Ehrhardt Thu, 16 Feb 2017 09:08:52 +0100 + logwatch (7.4.3+git20161207-2) unstable; urgency=medium * Revert upstream's change of the declared mail charset. @@ -78,6 +250,16 @@ logwatch (7.4.3+git20161207-1) unstable; -- Willi Mann Fri, 16 Dec 2016 20:15:26 +0100 +logwatch (7.4.3-2ubuntu1) zesty; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - debian/control: depend on postfix rather than exim4. + - debian/dist.conf/logfiles/maillog.conf: adjust for logrotation + - Drop libsys-cpu-perl and libsys-meminfo-perl from Recommends to + Suggests as they are in universe. + + -- Christian Ehrhardt Thu, 01 Dec 2016 16:46:22 +0100 + logwatch (7.4.3-2) unstable; urgency=medium * s/s/amavis: Fix perl warning "redundant argument in sprintf". @@ -86,6 +268,16 @@ logwatch (7.4.3-2) unstable; urgency=med -- Willi Mann Wed, 02 Nov 2016 19:32:35 +0100 +logwatch (7.4.3-1ubuntu1) yakkety; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - debian/control: depend on postfix rather than exim4. + - debian/dist.conf/logfiles/maillog.conf: adjust for logrotation + - Drop libsys-cpu-perl and libsys-meminfo-perl from Recommends to + Suggests as they are in universe. + + -- Christian Ehrhardt Tue, 26 Jul 2016 12:56:34 +0200 + logwatch (7.4.3-1) unstable; urgency=medium * Imported Upstream version 7.4.3 @@ -93,6 +285,16 @@ logwatch (7.4.3-1) unstable; urgency=med -- Willi Mann Sat, 30 Apr 2016 14:40:57 +0200 +logwatch (7.4.2-1ubuntu1) xenial; urgency=medium + + * Merge from Debian unstable (LP: #1552983). Remaining changes: + - debian/control: depend on postfix rather than exim4. + - debian/dist.conf/logfiles/maillog.conf: adjust for logrotation + - Drop libsys-cpu-perl and libsys-meminfo-perl from Recommends to + Suggests as they are in universe. + + -- Nishanth Aravamudan Fri, 04 Mar 2016 11:42:51 -0800 + logwatch (7.4.2-1) unstable; urgency=medium * Imported Upstream version 7.4.2 @@ -108,6 +310,18 @@ logwatch (7.4.1+svn20160106rev308-1) uns -- Willi Mann Sun, 24 Jan 2016 19:17:34 +0100 +logwatch (7.4.1+svn20151218rev302-1ubuntu1) xenial; urgency=medium + + * Merge from Debian unstable (LP: #1531262). Remaining changes: + - debian/control: depend on postfix rather than exim4. + - debian/dist.conf/logfiles/maillog.conf: adjust for logrotation + - Drop libsys-cpu-perl from Recommends to Suggests as it is in + universe. + * Drop libsys-meminfo-perl from Recommends to Suggests as it is in + universe. + + -- Nishanth Aravamudan Thu, 07 Jan 2016 20:53:20 -0800 + logwatch (7.4.1+svn20151218rev302-1) unstable; urgency=medium * Imported Upstream version 7.4.1+svn20151218rev302 @@ -135,6 +349,21 @@ logwatch (7.4.1+svn20150731rev294-1) uns -- Willi Mann Wed, 02 Sep 2015 18:50:14 +0200 +logwatch (7.4.1-2ubuntu2) vivid; urgency=medium + + * Drop libsys-cpu-perl from Recommends to Suggests as it is in + universe. + + -- Robie Basak Fri, 06 Feb 2015 14:29:06 +0000 + +logwatch (7.4.1-2ubuntu1) vivid; urgency=medium + + * Merge from Debian unstable (LP: #1387817). Remaining changes: + - debian/control: depend on postfix rather than exim4. + - debian/dist.conf/logfiles/maillog.conf: adjust for logrotation + + -- Robie Basak Mon, 02 Feb 2015 04:03:21 +0000 + logwatch (7.4.1-2) unstable; urgency=medium * Revert upstream change on fail2ban service config. This makes fail2ban @@ -195,6 +424,15 @@ logwatch (7.4.0+svn20131108rev175-1) uns -- Willi Mann Thu, 28 Nov 2013 20:10:09 +0100 +logwatch (7.4.0+svn20130529rev144-1ubuntu1) saucy; urgency=low + + * Merge from Debian unstable. Remaining changes: + + debian/control: + - Depend on postfix rather than exim4. + + debian/dist.conf/logfiles/maillog.conf: adjust for logrotation + + -- Robie Basak Tue, 09 Jul 2013 15:06:43 +0000 + logwatch (7.4.0+svn20130529rev144-1) unstable; urgency=low * Imported Upstream version 7.4.0+svn20130529rev144 @@ -207,6 +445,20 @@ logwatch (7.4.0+svn20130529rev144-1) uns -- Willi Mann Sat, 01 Jun 2013 14:03:28 +0200 +logwatch (7.4.0+svn20120502rev103-1ubuntu1) raring; urgency=low + + * Merge from Debian testing (LP: #1102414). Remaining changes: + + debian/control: + - Depend on postfix rather than exim4. + + debian/dist.conf/logfiles/maillog.conf: adjust for logrotation + + * Dropped changes, merged in Debian: + + debian/dist.conf/services/cron.conf: this change already disappeared + previously, looks related to Debian bug 615006 which is already applied + and thus presumed no longer needed. + + -- Robie Basak Mon, 21 Jan 2013 13:53:24 +0000 + logwatch (7.4.0+svn20120502rev103-1) unstable; urgency=low * Set VDate in logwatch.pl to svn date for svn snapshots @@ -230,6 +482,17 @@ logwatch (7.4.0+svn20120227rev85-1) unst -- Willi Mann Fri, 06 Apr 2012 21:11:23 +0200 +logwatch (7.4.0+svn20111221rev79-1ubuntu1) precise; urgency=low + + [ Chuck Short ] + * Merge from Debian testing. Remaining changes: + + debian/conrol: + - Depend on postfix rather than exim4. + + debian/dist.conf/services_cron.conf, + debian/dist.conf/logfiles_maillog.conf: Adjust for logrotation + + -- Chuck Short Mon, 06 Feb 2012 08:59:12 -0500 + logwatch (7.4.0+svn20111221rev79-1) unstable; urgency=low * Imported Upstream version 7.4.0+svn20111221rev79 @@ -259,6 +522,19 @@ logwatch (7.4.0+svn20111018rev68-1) unst -- Willi Mann Sat, 05 Nov 2011 20:44:36 +0100 +logwatch (7.4.0+svn20110808rev66-1ubuntu1) precise; urgency=low + + * Merged from Debian testing, remaining changes are: + + debian/conrol: + - Depend on postfix rather than exim4. + + debian/dist.conf/services_cron.conf, debian/dist.conf/logfiles_maillog.conf, + debian/dist.conf/logfiles_messages.conf: Adjust for logrotation. + + Dropped: + - debian/patches/lp-809753-comify: No longer needed. + - debian/rules: Dont use quilt anymore logwatch uses source 3.0 + + -- Chuck Short Mon, 14 Nov 2011 09:39:15 -0500 + logwatch (7.4.0+svn20110808rev66-1) unstable; urgency=low * New Upstream snapshot 7.4.0+svn20110808rev66 (closes: #644053) @@ -288,6 +564,57 @@ logwatch (7.3.6.cvs20090906-2) unstable; -- Willi Mann Wed, 02 Mar 2011 08:57:07 +0100 +logwatch (7.3.6.cvs20090906-1ubuntu5) oneiric; urgency=low + + * debian/patches/lp-809753-commify: + - return undef is not defined, instead of error (LP: #809753) + * debian/control: + - build depend on quilt + * debian/rules: + - add dh_quilt_patch and dh_quilt_unpatch + + -- Ante Karamatic Wed, 17 Aug 2011 19:28:17 +0200 + +logwatch (7.3.6.cvs20090906-1ubuntu4) natty; urgency=low + + * SECURITY UPDATE: privileged code execution via badly named logfiles + - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile + names don't contain '. + - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26 + - CVE-2011-1018 + * debian/dist.conf/services/cron.conf: adjust to capture cron entries, + thanks to Oliver Brakmann (LP: #719898) + * scripts/services/named: update to upstream version to correctly + capture more information (LP: #584229) + - http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/services/named?revision=19 + * logwatch.8: replace examples containing obsolete --print argument + with --output=stdout (LP: #564796) + + -- Steve Beattie Wed, 02 Mar 2011 13:44:53 +0100 + +logwatch (7.3.6.cvs20090906-1ubuntu3) maverick; urgency=low + + * conf/logfiles/*, debian/dist.conf/logfiles/*: + Due to migration to rsyslog, the first rotation is now .1 and not .0 + (fixes LP: #606715) + + -- Thierry Carrez (ttx) Mon, 06 Sep 2010 14:57:14 +0200 + +logwatch (7.3.6.cvs20090906-1ubuntu2) lucid; urgency=low + + * conf/html/{footer.html,header.html} Re-add dropped from the + previous version of logtwatch. (LP: #481327) + + -- Chuck Short Tue, 17 Nov 2009 14:57:58 -0500 + +logwatch (7.3.6.cvs20090906-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable (LP: #228917, #391077, #425206, #443252), + remaining changes: + - Use postfix rather than exim4. + + -- Kees Cook Mon, 05 Oct 2009 09:20:31 -0700 + logwatch (7.3.6.cvs20090906-1) unstable; urgency=low * New CVS snapshot + postfix-logwatch 1.38.01 @@ -311,6 +638,16 @@ logwatch (7.3.6.cvs20090906-1) unstable; -- Willi Mann Mon, 07 Sep 2009 17:04:43 +0200 +logwatch (7.3.6.cvs20080702-2ubuntu1) jaunty; urgency=low + + [ Bhavani Shankar ] + * Merge from debian unstable, remaining changes: LP: #314620 + - Use postfix rather than exim4. + - Fix logwatch.pl for servers that have the same hostname as a config + variable (ie: medium). Thanks for Nathan Crawford. (LP: #296349) + + -- Mathias Gug Wed, 07 Jan 2009 19:23:58 -0500 + logwatch (7.3.6.cvs20080702-2) unstable; urgency=low * add Michael Tautschnig to changelog of former version, crediting @@ -326,6 +663,33 @@ logwatch (7.3.6.cvs20080702-2) unstable; -- Willi Mann Sun, 07 Dec 2008 08:20:06 +0100 +logwatch (7.3.6.cvs20080702-1ubuntu4) jaunty; urgency=low + + * Fix typo. (LP: #296349) + + -- Chuck Short Wed, 03 Dec 2008 15:22:33 +0000 + +logwatch (7.3.6.cvs20080702-1ubuntu3) jaunty; urgency=low + + * Fix logwatch.pl for servers that have the same hostname as a config + variable (ie: medium). Thanks for Nathan Crawford. (LP: #296349) + + -- Chuck Short Mon, 10 Nov 2008 16:46:59 +0000 + +logwatch (7.3.6.cvs20080702-1ubuntu2) intrepid; urgency=low + + * Corrected FTBFS from the merge by correcting arch from any to all + + -- Michael Casadevall Fri, 05 Sep 2008 19:20:30 -0400 + +logwatch (7.3.6.cvs20080702-1ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - Use postfix rather than exim4. + - Update maintainers according to spec. + + -- Chuck Short Sat, 05 Jul 2008 11:49:54 +0100 + logwatch (7.3.6.cvs20080702-1) unstable; urgency=medium * New upstream CVS snapshot @@ -345,6 +709,15 @@ logwatch (7.3.6.cvs20080702-1) unstable; -- Willi Mann Fri, 04 Jul 2008 16:51:36 +0200 +logwatch (7.3.6-1ubuntu1) hardy; urgency=low + + * Added patch from Paul Schulz to fix 'pam_unix unknown entries' + for authlog. (LP: #181690) + * Bumped starndards version to 3.7.3 + * Use postfix rather than exim4. + + -- Chuck Short Thu, 21 Feb 2008 08:35:13 -0500 + logwatch (7.3.6-1) unstable; urgency=low * New upstream version: @@ -770,3 +1143,4 @@ logwatch (5.0-1) unstable; urgency=low to the logfile(s). That's most likely the problem. -- Willi Mann Wed, 12 Nov 2003 20:14:15 +0100 + diff -pruN 7.5.4-1/debian/control 7.5.4-1ubuntu1/debian/control --- 7.5.4-1/debian/control 2020-10-04 18:37:51.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/control 2020-11-05 04:28:07.000000000 +0000 @@ -1,7 +1,8 @@ Source: logwatch Section: admin Priority: optional -Maintainer: Willi Mann +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Willi Mann Build-Depends: debhelper (>> 11.0.0~) Standards-Version: 4.5.0 Homepage: https://sourceforge.net/projects/logwatch/ @@ -11,7 +12,8 @@ Vcs-Git: https://salsa.debian.org/debian Package: logwatch Architecture: all Depends: ${perl:Depends}, ${misc:Depends}, default-mta | mail-transport-agent -Recommends: libdate-manip-perl, libsys-cpu-perl, libsys-meminfo-perl +Recommends: libdate-manip-perl +Suggests: libsys-cpu-perl, libsys-meminfo-perl Description: log analyser with nice output written in Perl Logwatch is a modular log analyser that runs every night and mails you the results. It can also be run from command line. diff -pruN 7.5.4-1/debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch 7.5.4-1ubuntu1/debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch --- 7.5.4-1/debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch 1970-01-01 00:00:00.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/patches/0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch 2020-11-05 04:08:21.000000000 +0000 @@ -0,0 +1,42 @@ +From 6373191438fb8f4699aaeb8c53aaf7abcd4d8999 Mon Sep 17 00:00:00 2001 +From: Bryce Harrington +Date: Wed, 19 Aug 2020 03:29:42 +0000 +Subject: [PATCH 01/10] postfix: Ignore Resolved loghost to 127.0.0.1 + +Ref: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705 +Signed-off-by: Bryce Harrington +--- + scripts/services/postfix | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +Origin: vendor +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705 +Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/ +Last-Updated: 2020-08-20 + +diff --git a/scripts/services/postfix b/scripts/services/postfix +index b5cb2ec..6550e3d 100644 +--- a/scripts/services/postfix ++++ b/scripts/services/postfix +@@ -2286,7 +2286,7 @@ sub postfix_postgrey($) { + #TDpg unrecognized request type: '' + #TDpg rm /var/spool/postfix/postgrey/log.0000000002 + #TDpg 2007/01/25-14:48:00 Pid_file already exists for running process (4775)... aborting at line 232 in file /usr/lib/perl5/vendor_perl/5.8.7/Net/Server.pm +- ++ #TDpg Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4 + + $line =~ /^cleaning / or + $line =~ /^delayed / or +@@ -2301,7 +2301,8 @@ sub postfix_postgrey($) { + # unanchored last + $line =~ /Pid_file already exists/ or + $line =~ /postgrey .* starting!/ or +- $line =~ /Server closing!/ ++ $line =~ /Server closing!/ or ++ $line =~ /Resolved .*localhost.*IPv4/ + ); + + my ($action,$reason,$delay,$host,$ip,$sender,$recip); +-- +2.27.0 + diff -pruN 7.5.4-1/debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch 7.5.4-1ubuntu1/debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch --- 7.5.4-1/debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch 1970-01-01 00:00:00.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/patches/0012-postfix-Handle-backwards-compatible-mode.patch 2020-11-05 04:12:55.000000000 +0000 @@ -0,0 +1,74 @@ +From 44848e3237ddbdc593a938b543f897117049bb36 Mon Sep 17 00:00:00 2001 +From: Bryce Harrington +Date: Wed, 19 Aug 2020 04:01:24 +0000 +Subject: [PATCH 02/10] postfix: Handle backwards-compatible mode + +Fixes: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705 +Signed-off-by: Bryce Harrington +--- + scripts/services/postfix | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +Origin: vendor +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1583705 +Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/ +Last-Updated: 2020-08-20 + +diff --git a/scripts/services/postfix b/scripts/services/postfix +index 6550e3d..253401c 100644 +--- a/scripts/services/postfix ++++ b/scripts/services/postfix +@@ -2609,6 +2609,7 @@ sub postfix_fatal; + sub postfix_error; + sub postfix_warning; + sub postfix_script; ++sub backwards_compatible; + sub postfix_postsuper; + sub process_delivery_attempt; + sub cleanhostreply; +@@ -2815,6 +2816,9 @@ sys 0m3.005s + if ($p1 =~ /^panic: +(.*)$/) { postfix_panic($1); next; } + if ($p1 =~ /^error: +(.*)$/) { postfix_error($1); next; } + ++ # Backwards compatibility mode ++ if ($p1 =~ /compati/i) { backwards_compatible($p1); next; } # backwards-compatible default settings ++ + # output by all services that use table lookups - process before specific messages + if ($p1 =~ /(?:lookup )?table (?:[^ ]+ )?has changed -- (?:restarting|exiting)$/) { + #TD table hash:/var/mailman/data/virtual-mailman(0,lock|fold_fix) has changed -- restarting +@@ -4806,6 +4810,22 @@ sub postfix_script($) { + } + } + ++# Handles postfix backwards compatibility mode lines ++# ++sub backwards_compatible($) { ++ my $line = shift; ++ ++ if ($line =~ /^Postfix is running with backwards-compatible default settings/o) { ++ $Totals{'backwardscompatible'}++; ++ } ++ elsif ($line =~ /^See http.*COMPATIBILITY_README.html for details/o) { ++ $Totals{'backwardscompatible'}++; ++ } ++ elsif ($line =~ /^To disable backwards compatibility use.*/o) { ++ $Totals{'backwardscompatible'}++; ++ } ++} ++ + # Clean up a server's reply, to give some uniformity to reports + # + sub cleanhostreply($ $ $ $) { +@@ -5213,6 +5233,9 @@ sub build_sect_table() { + add_section ($S, 'postfixwaiting', 0, 'd', 'Postfix waiting to terminate'); + end_section_group ($S, 'postfixstate'); + ++ begin_section_group ($S, 'backwardscompatible', "\n"); ++ add_section ($S, 'backwardscompatible', 1, 'd', 'Running in backwards compatibile mode'); ++ end_section_group ($S, 'backwardscompatible'); + + if ($Opts{'debug'} & Logreporters::D_SECT) { + print "\tSection table\n"; +-- +2.27.0 + diff -pruN 7.5.4-1/debian/patches/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch 7.5.4-1ubuntu1/debian/patches/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch --- 7.5.4-1/debian/patches/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch 1970-01-01 00:00:00.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/patches/0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch 2020-11-05 04:26:12.000000000 +0000 @@ -0,0 +1,32 @@ +From f07ae467270712186b66ab7b670f0740c3b3bc0f Mon Sep 17 00:00:00 2001 +From: Bryce Harrington +Date: Wed, 19 Aug 2020 04:19:41 +0000 +Subject: [PATCH 03/10] secure: Ignore warnings about gnome-keyring-daemon + items already registered + +Fixes: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1890752 +Signed-off-by: Bryce Harrington +--- + scripts/services/secure | 1 + + 1 file changed, 1 insertion(+) + +Origin: vendor +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1890752 +Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/ +Last-Updated: 2020-08-20 + +diff --git a/scripts/services/secure b/scripts/services/secure +index 769356a..25feace 100644 +--- a/scripts/services/secure ++++ b/scripts/services/secure +@@ -156,6 +156,7 @@ while (defined($ThisLine = )) { + ( $ThisLine =~ /sshguard\[\d+\]: (?:message repeated \d+ times: \[ )?\S+: not blocking /) or + ( $ThisLine =~ /sshguard\[\d+\]: Received EOF from stdin/) or + ( $ThisLine =~ /sshguard\[\d+\]: .*has already been blocked/) or ++ ( $ThisLine =~ /gnome-keyring-daemon\[\d+\]: asked to register item.*already registered/) or + 0 # This line prevents blame shifting as lines are added above + ) { + # Ignore these entries +-- +2.27.0 + diff -pruN 7.5.4-1/debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch 7.5.4-1ubuntu1/debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch --- 7.5.4-1/debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch 1970-01-01 00:00:00.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/patches/0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch 2020-11-05 04:26:15.000000000 +0000 @@ -0,0 +1,52 @@ +From 488a232634c1d383f4ec356d776b4ee292e48b0a Mon Sep 17 00:00:00 2001 +From: Bryce Harrington +Date: Wed, 19 Aug 2020 04:39:22 +0000 +Subject: [PATCH 04/10] zz-sys: Suppress warnings if Sys::CPU or Sys::MemInfo + are missing + +Neither of these perl modules are installed by default with a logwatch +installation, by intention, so the missing module warnings are +inappropriate. These modules only provide a minor amount of detail when +installed, and their information is volatile which can trigger false +test failures in some cases. + +Fixes: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1890749 +Signed-off-by: Bryce Harrington +--- + scripts/services/zz-sys | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +Origin: vendor +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1890749 +Forwarded: not-needed +Last-Updated: 2020-08-20 + +diff --git a/scripts/services/zz-sys b/scripts/services/zz-sys +index 39f94ce..6bbf3fe 100644 +--- a/scripts/services/zz-sys ++++ b/scripts/services/zz-sys +@@ -35,8 +35,8 @@ + + eval "require Sys::CPU"; + if ($@) { +- print STDERR "No Sys::CPU module installed. To install, execute the command:\n"; +- print STDERR " perl -MCPAN -e 'install Sys::CPU' \n\n"; ++ # Sys::CPU (and Sys::MemInfo) are intentionally not installed on Ubuntu. ++ # Silently skip this if not present. + } else { + import Sys::CPU; + print " CPU: " . Sys::CPU::cpu_count() . " " . Sys::CPU::cpu_type() . " at " . Sys::CPU::cpu_clock() . "MHz\n"; +@@ -52,8 +52,8 @@ print " Release: $OStitle $release\n"; + + eval "require Sys::MemInfo"; + if ($@) { +- print STDERR "No Sys::MemInfo module installed. To install, execute the command:\n"; +- print STDERR " perl -MCPAN -e 'install Sys::MemInfo' \n\n"; ++ # Sys::CPU (and Sys::MemInfo) are intentionally not installed on Ubuntu. ++ # Silently skip this if not present. + } else { + import Sys::MemInfo qw(totalmem freemem totalswap freeswap); + my $swapused = &totalswap - &freeswap; +-- +2.27.0 + diff -pruN 7.5.4-1/debian/patches/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch 7.5.4-1ubuntu1/debian/patches/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch --- 7.5.4-1/debian/patches/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch 1970-01-01 00:00:00.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/patches/0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch 2020-11-05 04:26:16.000000000 +0000 @@ -0,0 +1,51 @@ +From 1b471a45e1a0bb55302d65e3cffb72fa0ea66391 Mon Sep 17 00:00:00 2001 +From: Bryce Harrington +Date: Wed, 19 Aug 2020 04:43:25 +0000 +Subject: [PATCH 05/10] pam_unix: Ignore issues about /etc/securetty being + missing + +Fixes: https://bugs.launchpad.net/ubuntu/focal/+source/logwatch/+bug/1890751 +Signed-off-by: Bryce Harrington +--- + scripts/services/pam_unix | 5 +++++ + scripts/services/sudo | 3 +++ + 2 files changed, 8 insertions(+) + +Origin: vendor +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/focal/+source/logwatch/+bug/1890751 +Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/ +Last-Updated: 2020-08-20 + +diff --git a/scripts/services/pam_unix b/scripts/services/pam_unix +index dea1d15..80f7b32 100644 +--- a/scripts/services/pam_unix ++++ b/scripts/services/pam_unix +@@ -74,6 +74,11 @@ while ($line = ) { + $data{"all"}{'Password Expiring'}{"$1 in $2 days"}++; + next; + } ++ # handle all missing /etc/securetty warnings ++ if ($line =~ /Couldn.t open \/etc\/securetty/) { ++ # Ignore - see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674857#25 ++ next; ++ } + #lowercase the service + $service = lc($service); + if ( grep $_ eq $service, qw/ssh sshd login ftp vsftpd proftpd rsh remote rlogin rexec systemd-user/) { +diff --git a/scripts/services/sudo b/scripts/services/sudo +index 6c0ff52..be3ffb2 100644 +--- a/scripts/services/sudo ++++ b/scripts/services/sudo +@@ -72,6 +72,9 @@ while (defined(my $ThisLine = )) { + or $ThisLine =~ /pam_systemd\(sudo:session\): Cannot create session: Already (running in|occupied by) a session/ + ) { + # Ignore ++ # handle all missing /etc/securetty warnings ++ } elsif ($ThisLine =~ /pam_unix\(sudo:auth\): Couldn.t open \/etc\/securetty/) { ++ # Ignore - see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674857#25 + } elsif ($ThisLine =~ /(.+): conversation failed/) { + $ConFailed{$1}++; + } elsif ( ($user, $error, $tty, $dir, $euser, $egroup, $cmd, $args) = $ThisLine =~ m/^\s*(\S+) : (.*; )?TTY=(\S+) ; PWD=(.*?) ; USER=(\S+) ;(?: GROUP=(\S+) ;)? COMMAND=(\S+)( ?.*)/) { +-- +2.27.0 + diff -pruN 7.5.4-1/debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch 7.5.4-1ubuntu1/debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch --- 7.5.4-1/debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch 1970-01-01 00:00:00.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/patches/0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch 2020-11-05 04:26:16.000000000 +0000 @@ -0,0 +1,28 @@ +From: Bryce Harrington +Date: Thu, 20 Aug 2020 04:56:08 +0000 +Subject: [PATCH 07/10] audit: Apparmor DENIED entries don't always include + parent=N + +Ref: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948 +Signed-off-by: Bryce Harrington +--- + scripts/services/audit | 1 + + 1 file changed, 1 insertion(+) + +Origin: vendor +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948 +Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/ +Last-Updated: 2020-08-20 + +diff --git a/scripts/services/audit b/scripts/services/audit +index b12f710..46e300e 100644 +--- a/scripts/services/audit ++++ b/scripts/services/audit +@@ -134,6 +134,7 @@ while ($ThisLine = ) { + } elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" parent=\d+ profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) { + # type=1400 audit(1314853822.672:33649): apparmor="DENIED" operation="mknod" parent=27250 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/share/wordpress/1114140474e5f13bea68a4.tmp" pid=27289 comm="apache2" requested_mask="c" denied_mask="c" fsuid=33 ouid=33 + # type=1400 audit(1315353795.331:33657): apparmor="DENIED" operation="exec" parent=14952 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/lib/sm.bin/sendmail" pid=14953 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0 ++ # type=1400 audit(1597683992.796:8057): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/usr/lib/uim/uim-helper-server" pid=1687330 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0: 1 Time(s) + $denials{$1.' '.$3.' ('.$2.' via '.$4 . ')'}++; + } elsif ( $ThisLine =~ /apparmor="ALLOWED" operation="([^"]+)" (info="([^"]+)" )?(error=[+-]?\d+ )?(parent=\d+ )?profile="([^"]+)" (name="([^"]+)" )?pid=\d+ comm="([^"]+)"/ ) { + # type=1400 audit(1369519203.141:259049): apparmor="ALLOWED" operation="exec" parent=3733 profile="/usr/sbin/dovecot//null-1c//null-1d" name="/usr/lib/dovecot/pop3-login" pid=24634 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/sbin/dovecot//null-1c//null-1d//null-d12" diff -pruN 7.5.4-1/debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch 7.5.4-1ubuntu1/debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch --- 7.5.4-1/debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch 1970-01-01 00:00:00.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/patches/0018-audit-Treat-Denial-Errors-same-as-Denied.patch 2020-11-05 04:26:16.000000000 +0000 @@ -0,0 +1,28 @@ +From: Bryce Harrington +Date: Tue, 25 Aug 2020 18:02:43 -0300 +Subject: audit: Treat Denial Errors same as Denied + +Ubuntu Security says, "I think this would be more useful as DENIED, as +that's how we discuss these line events elsewhere." +--- + scripts/services/audit | 3 +++ + 1 file changed, 3 insertions(+) + +Origin: vendor, https://sourceforge.net/p/logwatch/git/ci/c827d09423489fcdd840c670528a05573bd90278/ +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948 +Last-Updated: 2020-08-25 + +diff --git a/scripts/services/audit b/scripts/services/audit +index 46e300e..a590c5e 100644 +--- a/scripts/services/audit ++++ b/scripts/services/audit +@@ -136,6 +136,9 @@ while ($ThisLine = ) { + # type=1400 audit(1315353795.331:33657): apparmor="DENIED" operation="exec" parent=14952 profile="/usr/lib/apache2/mpm-prefork/apache2//example.com" name="/usr/lib/sm.bin/sendmail" pid=14953 comm="sh" requested_mask="x" denied_mask="x" fsuid=33 ouid=0 + # type=1400 audit(1597683992.796:8057): apparmor="DENIED" operation="exec" profile="/usr/bin/evince" name="/usr/lib/uim/uim-helper-server" pid=1687330 comm="evince" requested_mask="x" denied_mask="x" fsuid=1000 ouid=0: 1 Time(s) + $denials{$1.' '.$3.' ('.$2.' via '.$4 . ')'}++; ++ } elsif ( $ThisLine =~ /apparmor="DENIED" operation="([^"]+)" info="([^"]+)" error=-*[0-9]+ profile="([^"]+)" name="([^"]+)" pid=\d+ comm="([^"]+)"/ ) { ++ # type=1400 audit(1597690743.153:8073): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxd-open-iscsi-review-mp389234-groovy_" name="/run/" pid=1694826 comm="mount" flags="rw, nosuid, nodev, remount": 1 Time(s) ++ $denials{$1.' '.$4.' ('.$3.' via '.$5 .': '.$2. ')'}++; + } elsif ( $ThisLine =~ /apparmor="ALLOWED" operation="([^"]+)" (info="([^"]+)" )?(error=[+-]?\d+ )?(parent=\d+ )?profile="([^"]+)" (name="([^"]+)" )?pid=\d+ comm="([^"]+)"/ ) { + # type=1400 audit(1369519203.141:259049): apparmor="ALLOWED" operation="exec" parent=3733 profile="/usr/sbin/dovecot//null-1c//null-1d" name="/usr/lib/dovecot/pop3-login" pid=24634 comm="dovecot" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 target="/usr/sbin/dovecot//null-1c//null-1d//null-d12" + # type=1400 audit(1369627891.522:447576): apparmor="ALLOWED" operation="capable" parent=1 profile="/usr/sbin/dovecot//null-1c//null-1d" pid=3733 comm="dovecot" capability=5 capname="kill" diff -pruN 7.5.4-1/debian/patches/0019-exim-Handle-self-signed-certs-warnings.patch 7.5.4-1ubuntu1/debian/patches/0019-exim-Handle-self-signed-certs-warnings.patch --- 7.5.4-1/debian/patches/0019-exim-Handle-self-signed-certs-warnings.patch 1970-01-01 00:00:00.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/patches/0019-exim-Handle-self-signed-certs-warnings.patch 2020-11-05 04:26:16.000000000 +0000 @@ -0,0 +1,73 @@ +From 684b9ad38e41aab5a44fc2b8c2585015cef01245 Mon Sep 17 00:00:00 2001 +From: Bryce Harrington +Date: Thu, 20 Aug 2020 22:34:43 +0000 +Subject: [PATCH 09/10] exim: Handle self-signed certs warnings + +This generates a 2-line warning, so handle the second line as part of +the warning message, not as "BAD FORMAT". + +Fixes: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269 +Signed-off-by: Bryce Harrington +--- + scripts/services/exim | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +Origin: vendor +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1892269 +Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/ +Last-Updated: 2020-08-20 + +diff --git a/scripts/services/exim b/scripts/services/exim +index d2068a4..af1556a 100644 +--- a/scripts/services/exim ++++ b/scripts/services/exim +@@ -93,6 +93,10 @@ while (defined($ThisLine = )) { + $KeepEnv++ if $MatchedDate; + next; + } ++ if ( $ThisLine =~ /^ Suggested action: either install a certificate or change tls_advertise_hosts option/ ) { ++ push @SelfSignedH, $ThisLine; ++ next; ++ } + $BadFormat{$ThisLine}++; + next; + } unless ($year1,$month1,$day1,$h1,$m1,$s1) = ($ThisLine =~ /^(\d+)\-(\d+)\-(\d+)\s(\d+):(\d+):(\d+)\s.+/); +@@ -266,6 +270,10 @@ while (defined($ThisLine = )) { + $Lookup++; + push @LookupH, $ThisLine; + } ++ elsif ( $ThisLine =~ /No server certificate defined; will use a selfsigned one/ ) { ++ $SelfSigned++; ++ push @SelfSignedH, $ThisLine; ++ } + elsif ( $ThisLine =~ /DKIM: .* \[verification succeeded\]/ ) { + # Ignore successful DKIM verification reports + # http://www.exim.org/exim-html-current/doc/html/spec_html/ch-support_for_dkim_domainkeys_identified_mail.html +@@ -321,6 +329,16 @@ if ($Detail >= $LvlRuns) { + } + } + ++if (@SelfSignedH) { ++ print "\n--- Self-Signed Certificate in use ($SelfSigned Time(s))\n"; ++ ++ if ($Detail >= $LvlMsgs) { ++ foreach $ThisOne (@SelfSignedH) { ++ print "$ThisOne\n"; ++ } ++ } ++} ++ + if ($Detail >= $LvlVerify) { + if ((@SendVerify) and (@RecipVerify)) { + print "\n--- Address Verification ---\n"; +@@ -749,6 +767,7 @@ if ($Detail >= $LvlProtocol) { + } + } + } ++ + } + } + +-- +2.27.0 + diff -pruN 7.5.4-1/debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch 7.5.4-1ubuntu1/debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch --- 7.5.4-1/debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch 1970-01-01 00:00:00.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/patches/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch 2020-11-05 04:26:16.000000000 +0000 @@ -0,0 +1,32 @@ +From b5ba9adac18b8b964f1bc8532ef6b9809656777c Mon Sep 17 00:00:00 2001 +From: Bryce Harrington +Date: Thu, 20 Aug 2020 22:53:30 +0000 +Subject: [PATCH 10/10] dhcpd: Ignore lease age under threshold messages + +Fixes: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1578001 +Signed-off-by: Bryce Harrington +--- + scripts/services/dhcpd | 2 ++ + 1 file changed, 2 insertions(+) + +Origin: vendor +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1578001 +Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/46/ +Last-Updated: 2020-08-20 + +diff --git a/scripts/services/dhcpd b/scripts/services/dhcpd +index 98e7fa7..87312f7 100644 +--- a/scripts/services/dhcpd ++++ b/scripts/services/dhcpd +@@ -119,6 +119,8 @@ while (my $line = ) { + ($line =~ /^of the dhcpd.conf file\./) + ) { + # Do nothing ++ } elsif ($line =~ /lease age \d+ \(secs\) under \d+% threshold, reply with unaltered, existing lease/) { ++ # Do nothing + + } elsif ($line =~ s/^exiting./DHCP server exiting./) { + $data{'Generic error'}{$line}++; +-- +2.27.0 + diff -pruN 7.5.4-1/debian/patches/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch 7.5.4-1ubuntu1/debian/patches/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch --- 7.5.4-1/debian/patches/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch 1970-01-01 00:00:00.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/patches/0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch 2020-11-05 04:27:44.000000000 +0000 @@ -0,0 +1,69 @@ +From 0f725a6b489860edb9d92a2254eb994d8606ea47 Mon Sep 17 00:00:00 2001 +From: Lucas Kanashiro +Date: Tue, 25 Aug 2020 17:48:56 -0300 +Subject: [PATCH] audit: use the term ALLOWED instead of Grants + +Grants as a term does not exist in the apparmor world, ALLOWED would be +more meaningful in this case. +--- + scripts/services/audit | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +Origin: vendor +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948 +Forwarded: https://sourceforge.net/p/logwatch/git/merge-requests/48/ +Last-Updated: 2020-09-03 + +--- a/scripts/services/audit ++++ b/scripts/services/audit +@@ -36,7 +36,7 @@ + use strict; + use Logwatch ':all'; + +-my (%denials, %grants, %loads); ++my (%denials, %allowed, %loads); + my %OtherList; + my $othercount = 0; + my $Debug = ($ENV{'LOGWATCH_DEBUG'} || 0); +@@ -153,7 +153,7 @@ + if ( $ThisLine =~ /avc:\s*denied\s*{\s*([^}]+).*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) { + $denials{$2.' '.$3.' ('.$1.$4 . ')'}++; + } elsif ( $ThisLine =~ /avc:\s*granted\s*{\s*([^}]+).*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) { +- $grants{$2.' '.$3.' ('.$1.$4 . ')'}++; ++ $allowed{$2.' '.$3.' ('.$1.$4 . ')'}++; + } elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) { + $InvalidContext{$4." running as ".$2." acting on ".$3." \nshould transit to invalid ".$1}++; + } elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) { +@@ -166,7 +166,7 @@ + if ( $ThisLine =~ /avc:\s*denied\s*{\s*[^}]+.*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) { + $denials{$1.' '.$2.' ('.$3 . ')'}++; + } elsif ( $ThisLine =~ /avc:\s*granted\s*{\s*[^}]+}.*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) { +- $grants{$1.' '.$2.' ('.$3 . ')'}++; ++ $allowed{$1.' '.$2.' ('.$3 . ')'}++; + } elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=\S+\s*tclass=(\S+)/ ) { + $InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++; + } elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) { +@@ -179,7 +179,7 @@ + if ( $ThisLine =~ /avc:\s*denied\s*{\s*[^}]+.*scontext=([^:]+):[^:]+:\S+\s*tcontext=([^:]+):[^:]+:\S+\s*tclass=(\S+)/ ) { + $denials{$1.' '.$2.' ('.$3 . ')'}++; + } elsif ( $ThisLine =~ /avc:\s*granted\s*{\s*[^}]+.*scontext=([^:]+):[^:]+:\S+\s*tcontext=([^:]+):[^:]+:\S+\s*tclass=(\S+)/ ) { +- $grants{$1.' '.$2.' ('.$3 . ')'}++; ++ $allowed{$1.' '.$2.' ('.$3 . ')'}++; + } elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=\S+\s*tclass=(\S+)/ ) { + $InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++; + } elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) { +@@ -204,10 +204,10 @@ + } + } + +-if ( keys %grants ) { +- print "\n\n*** Grants ***\n"; +- foreach my $key (sort keys %grants) { +- print " $key: ". $grants{$key} . " times\n"; ++if ( keys %allowed ) { ++ print "\n\n*** Allowed ***\n"; ++ foreach my $key (sort keys %allowed) { ++ print " $key: ". $allowed{$key} . " times\n"; + } + } + diff -pruN 7.5.4-1/debian/patches/series 7.5.4-1ubuntu1/debian/patches/series --- 7.5.4-1/debian/patches/series 2020-09-28 06:27:04.000000000 +0000 +++ 7.5.4-1ubuntu1/debian/patches/series 2020-11-05 04:27:44.000000000 +0000 @@ -2,3 +2,15 @@ 0002-logfiles-vsftpd.conf-Use-custom-pattern-for-applystd.patch 0003-Ignore-ecryptfs-automounting-messages-in-cron.patch 0004-scripts-mdadm-Fix-parsing-of-mdadm.conf-handle-ignor.patch + +# Ubuntu patches +0011-postfix-Ignore-Resolved-loghost-to-127.0.0.1.patch +0012-postfix-Handle-backwards-compatible-mode.patch +0013-secure-Ignore-warnings-about-gnome-keyring-daemon-it.patch +0014-zz-sys-Suppress-warnings-if-Sys-CPU-or-Sys-MemInfo-a.patch +0015-pam_unix-Ignore-issues-about-etc-securetty-being-mis.patch +0017-audit-Apparmor-DENIED-entries-don-t-always-include-p.patch +0018-audit-Treat-Denial-Errors-same-as-Denied.patch +0019-exim-Handle-self-signed-certs-warnings.patch +0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch +0021-audit-use-the-term-ALLOWED-instead-of-Grants.patch