tcpdump (4.9.3-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Updated to 4.9.3 to fix multiple security issues
    - debian/patches/disable-tests.diff: disable tests that require newer
      libpcap.
    - CVE-2017-16808, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461,
      CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465,
      CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469,
      CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881,
      CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229,
      CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452,
      CVE-2018-19519, CVE-2019-1010220, CVE-2019-15166, CVE-2019-15167

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 24 Jan 2020 07:57:54 -0500

tcpdump (4.9.2-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues in tcpdump
    - CVE-2017-13011: buffer overflow in util-print.c:
      bittok2str_internal().
    - CVE-2017-12989: RESP parser infinite loop in print-resp.c:
      resp_get_length().
    - CVE-2017-12990: ISAKMP parser infinite loops in print-isakmp.c,
      several functions.
    - CVE-2017-12995 DNS parser infinite loop in print-domain.c:
      ns_print().
    - CVE-2017-12997: LLDP parser infinite loop in print-lldp.c:
      lldp_private_8021_print().
    - CVE-2017-12893: buffer over-read in smbutil.c:name_len().
    - CVE-2017-12894: buffer over-read in addrtoname.c:
      lookup_bytestring().
    - CVE-2017-12895: buffer over-read in print-icmp.c:icmp_print().
    - CVE-2017-12896: buffer over-read in print-isakmp.c:
      isakmp_rfc3948_print().
    - CVE-2017-12897: buffer over-read in print-isoclns.c:
      isoclns_print().
    - CVE-2017-12898: buffer over-read in print-nfs.c:interp_reply().
    - CVE-2017-12899: buffer over-read in print-decnet.c:
      decnet_print().
    - CVE-2017-12900: buffer over-read in util-print.c:tok2strbuf().
    - CVE-2017-12901: buffer over-read in print-eigrp.c:eigrp_print().
    - CVE-2017-12902: buffer over-read in print-zephyr.c, several
      functions.
    - CVE-2017-12985: buffer over-read in print-ip6.c:ip6_print().
    - CVE-2017-12986: buffer over-read in print-rt6.c:rt6_print().
    - CVE-2017-12987: buffer over-read in print-802_11.c:
      parse_elements().
    - CVE-2017-12988: buffer over-read in print-telnet.c:
      telnet_parse().
    - CVE-2017-12991: buffer over-read in print-bgp.c:bgp_attr_print().
    - CVE-2017-12992: buffer over-read in print-ripng.c:ripng_print().
    - CVE-2017-12993: buffer over-read in print-juniper.c, several
      functions.
    - CVE-2017-12994: buffer over-read in print-bgp.c:bgp_attr_print().
    - CVE-2017-12996: buffer over-read in print-pim.c:pimv2_print().
    - CVE-2017-12998: buffer over-read in print-isoclns.c:
      isis_print_extd_ip_reach().
    - CVE-2017-12999: buffer over-read in print-isoclns.c:isis_print().
    - CVE-2017-13000: buffer over-read in print-802_15_4.c:
      ieee802_15_4_if_print().
    - CVE-2017-13001: buffer over-read in print-nfs.c:nfs_printfh().
    - CVE-2017-13002: buffer over-read in print-aodv.c:
      aodv_extension().
    - CVE-2017-13003: buffer over-read in print-lmp.c:lmp_print().
    - CVE-2017-13004: buffer over-read in print-juniper.c:
      juniper_parse_header().
    - CVE-2017-13005: buffer over-read in print-nfs.c:xid_map_enter().
    - CVE-2017-13006: buffer over-read in print-l2tp.c, several
      functions.
    - CVE-2017-13007: buffer over-read in print-pktap.c:
      pktap_if_print().
    - CVE-2017-13008: buffer over-read in print-802_11.c:
      parse_elements().
    - CVE-2017-13009: buffer over-read in print-mobility.c:
      mobility_print().
    - CVE-2017-13010: buffer over-read in print-beep.c:l_strnstart().
    - CVE-2017-13012: buffer over-read in print-icmp.c:icmp_print().
    - CVE-2017-13013: buffer over-read in print-arp.c, several
      functions.
    - CVE-2017-13014: buffer over-read in print-wb.c:wb_prep(), several
      functions.
    - CVE-2017-13015: buffer over-read in print-eap.c:eap_print().
    - CVE-2017-13016: buffer over-read in print-isoclns.c:esis_print().
    - CVE-2017-13017: buffer over-read in print-dhcp6.c:
      dhcp6opt_print().
    - CVE-2017-13018: buffer over-read in print-pgm.c:pgm_print().
    - CVE-2017-13019: buffer over-read in print-pgm.c:pgm_print().
    - CVE-2017-13020: buffer over-read in print-vtp.c:vtp_print().
    - CVE-2017-13021: buffer over-read in print-icmp6.c:icmp6_print().
    - CVE-2017-13022: buffer over-read in print-ip.c:ip_printroute().
    - CVE-2017-13023, CVE-2017-13024, CVE-2017-13025: multiple buffer
      over-reads in print-mobility.c:mobility_opt_print().
    - CVE-2017-13026: buffer over-read in print-isoclns.c, several functions.
    - CVE-2017-13027: buffer over-read in print-lldp.c:
      lldp_mgmt_addr_tlv_print().
    - CVE-2017-13028: buffer over-read in print-bootp.c:bootp_print().
    - CVE-2017-13029: buffer over-read in print-ppp.c:
      print_ccp_config_options().
    - CVE-2017-13030: buffer over-read in print-pim.c, several functions.
    - CVE-2017-13031: buffer over-read in print-frag6.c:frag6_print().
    - CVE-2017-13032: buffer over-read in print-radius.c:print_attr_string().
    - CVE-2017-13033: buffer over-read in print-vtp.c:vtp_print().
    - CVE-2017-13034: buffer over-read in print-pgm.c:pgm_print().
    - CVE-2017-13035: buffer over-read in print-isoclns.c:isis_print_id().
    - CVE-2017-13036: buffer over-read in print-ospf6.c:ospf6_decode_v3().
    - CVE-2017-13037: buffer over-read in print-ip.c:ip_printts().
    - CVE-2017-13038: buffer over-read in print-ppp.c:handle_mlppp().
    - CVE-2017-13039: buffer over-read in print-isakmp.c, several
      functions.
    - CVE-2017-13040: buffer over-read in print-mptcp.c, several
      functions.
    - CVE-2017-13041: buffer over-read in print-icmp6.c:
      icmp6_nodeinfo_print().
    - CVE-2017-13042: buffer over-read in print-hncp.c:dhcpv6_print().
    - CVE-2017-13043: buffer over-read in print-bgp.c:
      decode_multicast_vpn().
    - CVE-2017-13044: buffer over-read in print-hncp.c:dhcpv4_print().
    - CVE-2017-13045: buffer over-read in print-vqp.c:vqp_print().
    - CVE-2017-13046: buffer over-read in print-bgp.c:bgp_attr_print().
    - CVE-2017-13047: buffer over-read in print-isoclns.c:esis_print().
    - CVE-2017-13048: buffer over-read in print-rsvp.c:
      rsvp_obj_print().
    - CVE-2017-13049: buffer over-read in print-rx.c:ubik_print().
    - CVE-2017-13050: buffer over-read in print-rpki-rtr.c:
      rpki_rtr_pdu_print().
    - CVE-2017-13051: buffer over-read in print-rsvp.c:
      rsvp_obj_print().
    - CVE-2017-13052: buffer over-read in print-cfm.c:cfm_print().
    - CVE-2017-13053: buffer over-read in print-bgp.c:
      decode_rt_routing_info().
    - CVE-2017-13054: buffer over-read in print-lldp.c:
      lldp_private_8023_print().
    - CVE-2017-13055: buffer over-read in print-isoclns.c:
      isis_print_is_reach_subtlv().
    - CVE-2017-13687: buffer over-read in print-chdlc.c:chdlc_print().
    - CVE-2017-13688: buffer over-read in print-olsr.c:olsr_print().
    - CVE-2017-13689: buffer over-read in print-isakmp.c:
      ikev1_id_print().
    - CVE-2017-13690: buffer over-read in print-isakmp.c, several
      functions.
    - CVE-2017-13725: buffer over-read in print-rt6.c:rt6_print().
  * Merge from Debian unstable. Remaining changes:
    - debian/control:
      + keep older libpcap0.8-dev dependency
      + don't add breaks/replaces on apparmor-profiles-extras, as
        tcpdump profile is already dropped from there.
    - debian/patches/disable_tests.diff:  disable additional tests
      failing with older pcap versions
    - debian/patches/90_man_apparmor.diff: mention apparmor profile
    - debian/tcpdump.dirs: for apparmor force-complain dir

 -- Steve Beattie <sbeattie@ubuntu.com>  Wed, 13 Sep 2017 02:29:51 -0700

tcpdump (4.9.2-1) unstable; urgency=high

  * New upstream release:
    + Fixes 86 new CVEs, see the upstream changelog for the full list.
    + Now supports OpenSSL 1.1, so move back to libssl-dev (closes: #859740).
  * Urgency high due to security fixes.

 -- Romain Francoise <rfrancoise@debian.org>  Fri, 08 Sep 2017 21:30:47 +0200

tcpdump (4.9.1-3) unstable; urgency=high

  * Cherry-pick three upstream commits to fix the following:
    + CVE-2017-11541: buffer over-read in safeputs() (closes: #873804)
    + CVE-2017-11542: buffer over-read in pimv1_print() (closes: #873805)
    + CVE-2017-11543: buffer overflow in sliplink_print() (closes: #873806)
  * Urgency high due to security fixes.

 -- Romain Francoise <rfrancoise@debian.org>  Mon, 04 Sep 2017 19:45:45 +0200

tcpdump (4.9.1-2) unstable; urgency=medium

  * Disable IKEv2 test which mysteriously fails on ppc64el (closes: #873377).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 02 Sep 2017 11:01:30 +0200

tcpdump (4.9.1-1) unstable; urgency=medium

  * New upstream release, fixes CVE-2017-11108 (closes: #867718).
  * Bump Standards-Version to 4.1.0.
  * debian/watch: add pgpsigurlmangle option.
  * Add upstream signing key in debian/upstream.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 26 Aug 2017 18:48:32 +0200

tcpdump (4.9.0-3) unstable; urgency=medium

  [ intrigeri ]
  * Include AppArmor profile from Ubuntu (closes: #866682).

  [ Romain Francoise ]
  * Bump Standards-Version to 4.0.0.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 02 Jul 2017 12:13:53 +0200

tcpdump (4.9.0-2) unstable; urgency=medium

  * Re-enable crypto support, targeting OpenSSL 1.0 as upstream still
    doesn't support OpenSSL 1.1.
  * Drop --enable-ipv6 from configure line, it has been the default for
    years now.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 11 Feb 2017 16:40:05 +0100

tcpdump (4.9.0-1ubuntu1~ubuntu16.04.1) xenial-security; urgency=medium

  * Backport to xenial to fix CVEs (LP: #1662177).
  * Reset libpcap dependency to xenial version
  * Enable crypto support, dropped in zesty because of openssl.
  * Disable some tests failing with older pcap versions

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Sun, 05 Feb 2017 20:39:58 +0100

tcpdump (4.9.0-1ubuntu1) zesty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/{control, README.Debian, tcpdump.dirs, usr.sbin.tcpdump,
      install, rules, patches/patches/90_man_apparmor.diff}:
      + Add AppArmor profile.
    - debian/usr.sbin.tcpdump:
      + Allow capability net_admin to support '-j'.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Wed, 01 Feb 2017 15:39:27 +0100

tcpdump (4.9.0-1) unstable; urgency=high

  * New upstream security release, fixing the following:
    + CVE-2016-7922: buffer overflow in print-ah.c:ah_print().
    + CVE-2016-7923: buffer overflow in print-arp.c:arp_print().
    + CVE-2016-7924: buffer overflow in print-atm.c:oam_print().
    + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print().
    + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print().
    + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print().
    + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print().
    + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header().
    + CVE-2016-7930: buffer overflow in print-llc.c:llc_print().
    + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print().
    + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum().
    + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print().
    + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print().
    + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print().
    + CVE-2016-7936: buffer overflow in print-udp.c:udp_print().
    + CVE-2016-7937: buffer overflow in print-udp.c:vat_print().
    + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame().
    + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions.
    + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions.
    + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions.
    + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions.
    + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print().
    + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print().
    + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print().
    + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print().
    + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions.
    + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print().
    + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a
      buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP,
      lightweight resolver protocol, PIM).
    + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print().
    + CVE-2016-8575: buffer overflow in print-fr.c:q933_print().
    + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print().
    + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print().
    + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print().
    + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print().
    + CVE-2017-5341: buffer overflow in print-otv.c:otv_print().
    + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH,
      OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in
      print-ether.c:ether_print().
    + CVE-2017-5482: buffer overflow in print-fr.c:q933_print().
    + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse().
    + CVE-2017-5484: buffer overflow in print-atm.c:sig_print().
    + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap().
    + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print().
  * Re-enable all tests and bump build-dep on libpcap0.8-dev to >= 1.8
    accordingly.
  * Switch Vcs-Git URL to the https one.
  * Adjust lintian override name about dh 9.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 26 Jan 2017 20:04:11 +0100

tcpdump (4.8.1-2ubuntu1) zesty; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/{control, README.Debian, tcpdump.dirs, usr.sbin.tcpdump,
      install, rules, patches/patches/90_man_apparmor.diff}:
      + Add AppArmor profile.
    - debian/usr.sbin.tcpdump:
      + Allow capability net_admin to support '-j'.

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 06 Dec 2016 23:51:56 +0100

tcpdump (4.8.1-2) unstable; urgency=medium

  * Disable new HNCP test, which fails on some buildds for some
    as-of-yet unexplained reason.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 29 Oct 2016 19:40:01 +0200

tcpdump (4.8.1-1) unstable; urgency=medium

  * New upstream release.
  * Re-enable Geneve tests (disabled in 4.7.4-1) and bump build-dep on
    libpcap0.8-dev to >= 1.7 accordingly.
  * Disable new pcap version tests which require libpcap 1.8+.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 29 Oct 2016 17:16:06 +0200

tcpdump (4.7.4-3ubuntu1) zesty; urgency=medium

  * Merge from Debian unstable. (LP: #1624633) Remaining changes:
    - debian/{control, README.Debian, tcpdump.dirs, usr.sbin.tcpdump,
      install, rules, patches/patches/90_man_apparmor.diff}:
      + Add AppArmor profile.
    - debian/usr.sbin.tcpdump:
      + Allow capability net_admin to support '-j'.
    - fix 2015-0261 test with upstream e32088572e960f7d5e1baac2f530793ed7f42e4d

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Mon, 28 Nov 2016 15:02:07 +0100

tcpdump (4.7.4-3) unstable; urgency=medium

  * Use dh-autoreconf instead of calling autoconf directly and patching
    config.{guess,sub}.
  * Call dh_auto_configure instead of configure in override target, patch
    by Helmut Grohne (closes: #837951).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 17 Sep 2016 11:18:45 +0200

tcpdump (4.7.4-2) unstable; urgency=medium

  * Disable crypto support as it causes FTBFS with OpenSSL 1.1.x and we
    don't have a working fix upstream yet (closes: #828569).
  * Bump Standards-Version to 3.9.8.
  * Use cgit URL for Vcs-Browser.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 28 Aug 2016 18:16:50 +0200

tcpdump (4.7.4-1ubuntu1.16.10.1) yakkety; urgency=medium

  * debian/usr.sbin.tcpdump: Allow the tcpdump binary to be mapped as required
    by version 4.8 and newer kernels. tcpdump was immediately segfaulting when
    used inside of LXD containers before this AppArmor profile change.
    (LP: #1632399)

 -- Tyler Hicks <tyhicks@canonical.com>  Thu, 13 Oct 2016 04:58:52 +0000

tcpdump (4.7.4-1ubuntu1) wily; urgency=low

  * Merge from Debian unstable. (LP: #1460170) Remaining changes:
    - debian/{control, README.Debian, tcpdump.dirs, usr.sbin.tcpdump,
      install, rules, patches/patches/90_man_apparmor.diff}:
      + Add AppArmor profile.
    - debian/usr.sbin.tcpdump:
      + Allow capability net_admin to support '-j'.
    - Drop 60_cve-2015-2153-fix-regression.diff: upstream

 -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it>  Fri, 29 May 2015 20:13:33 +0200

tcpdump (4.7.4-1) unstable; urgency=medium

  * New upstream release.
  * Disable two geneve tests that require libpcap 1.7+.
  * Bump Standards-Version to 3.9.6.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 23 May 2015 18:25:01 +0200

tcpdump (4.6.2-5) unstable; urgency=high

  * Cherry-pick commit fb6e5377f3 from upstream Git to fix regressions in the
    RPKI/RTR printer after the CVE-2015-2153 changes. Thanks to Artur Rona
    from Ubuntu for the heads-up (closes: #781362).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 04 Apr 2015 19:10:27 +0200

tcpdump (4.6.2-4ubuntu1) vivid; urgency=low

  * Merge from Debian unstable. (LP: #1433815) Remaining changes:
    - debian/{control, README.Debian, tcpdump.dirs, usr.sbin.tcpdump,
      install, rules, patches/patches/90_man_apparmor.diff}:
      + Add AppArmor profile.
    - debian/usr.sbin.tcpdump:
      + Allow capability net_admin to support '-j'.
  * debian/patches/60_cve-2015-2153-fix-regression.diff:
    - Fix regression due to 60_cve-2015-2153.diff

 -- Artur Rona <ari-tczew@ubuntu.com>  Mon, 23 Mar 2015 00:42:29 +0100

tcpdump (4.6.2-4) unstable; urgency=high

  * Cherry-pick changes from upstream Git to fix the following security
    issues:
    + CVE-2015-0261: missing bounds checks in IPv6 Mobility printer.
    + CVE-2015-2153: missing bounds checks in RPKI/RTR printer.
    + CVE-2015-2154: missing bounds checks in ISOCLNS printer.
    + CVE-2015-2155: missing bounds checks in ForCES printer.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 14 Mar 2015 18:43:44 +0100

tcpdump (4.6.2-3ubuntu1) vivid; urgency=low

  * Merge from Debian unstable (LP: #1397558).  Remaining changes:
  * debian/control:
    - Build-Depends on dh-apparmor.
    - Suggests apparmor
  * debian/README.Debian, debian/tcpdump.dirs, debian/usr.sbin.tcpdump,
    debian/patches/patches/90_man_apparmor.diff,
    debian/install, debian/rules:
    - Install enforcing AppArmor profile.
  * debian/usr.sbin.tcpdump: allow capability net_admin to support '-j'. Patch
    thanks to Graeme Hewson. (LP: #1229664)

 -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it>  Sat, 29 Nov 2014 17:52:14 +0100

tcpdump (4.6.2-3) unstable; urgency=high

  * Cherry-pick commit 0f95d441e4 from upstream Git to fix a buffer overflow
    in the PPP dissector (CVE-2014-9140).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 29 Nov 2014 12:23:53 +0100

tcpdump (4.6.2-2) unstable; urgency=high

  * Urgency high due to security fixes.
  * Add three patches extracted from various upstream commits fixing
    vulnerabilities in three dissectors:
    + CVE-2014-8767: missing bounds checks in OLSR dissector (closes: #770434).
    + CVE-2014-8768: missing bounds checks in Geonet dissector
      (closes: #770415).
    + CVE-2014-8769: missing bounds checks in AOVD dissector (closes: #770424).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 22 Nov 2014 11:48:08 +0100

tcpdump (4.6.2-1ubuntu1) utopic; urgency=low

  * Merge from Debian unstable (LP; #1367260).  Remaining changes:
  * debian/control:
    - Build-Depends on dh-apparmor.
    - Suggests apparmor
  * debian/README.Debian, debian/tcpdump.dirs, debian/usr.sbin.tcpdump,
    debian/patches/patches/90_man_apparmor.diff,
    debian/install, debian/rules:
    - Install enforcing AppArmor profile.
  * debian/usr.sbin.tcpdump: allow capability net_admin to support '-j'. Patch
    thanks to Graeme Hewson. (LP: #1229664)

 -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it>  Tue, 09 Sep 2014 14:13:32 +0200

tcpdump (4.6.2-1) unstable; urgency=medium

  * New upstream release.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 04 Sep 2014 18:53:34 +0200

tcpdump (4.6.1-3) unstable; urgency=medium

  * Bump build-dep on libpcap0.8-dev to >= 1.5 as the pppoes_id test case
    requires a pcap version that supports PPPoE session ID filtering.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 16 Aug 2014 17:38:28 +0200

tcpdump (4.6.1-2ubuntu1) utopic; urgency=low

  * Merge from Debian unstable (LP: #1352750).  Remaining changes:
  * debian/control:
    - Build-Depends on dh-apparmor.
    - Suggests apparmor
  * debian/README.Debian, debian/tcpdump.dirs, debian/usr.sbin.tcpdump,
    debian/patches/patches/90_man_apparmor.diff,
    debian/install, debian/rules:
    - Install enforcing AppArmor profile.
  * debian/usr.sbin.tcpdump: allow capability net_admin to support '-j'. Patch
    thanks to Graeme Hewson. (LP: #1229664)

 -- Gianfranco Costamagna <costamagnagianfranco@yahoo.it>  Tue, 05 Aug 2014 09:38:30 +0200

tcpdump (4.6.1-2) unstable; urgency=medium

  * Expand configure check for net/pfvar.h to also check for existence of
    net/if_pflog.h to fix build on GNU/kFreeBSD, which ships the former
    but not the latter, see #756553 (closes: #756790).

 -- Romain Francoise <rfrancoise@debian.org>  Mon, 04 Aug 2014 22:37:24 +0200

tcpdump (4.6.1-1) unstable; urgency=medium

  * New upstream release.
  * debian/control: Mark tcpdump 'Multi-Arch: foreign' (closes: #700727).

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 30 Jul 2014 19:16:49 +0200

tcpdump (4.5.1-2ubuntu2) utopic; urgency=medium

  * debian/usr.sbin.tcpdump: allow capability net_admin to support '-j'. Patch
    thanks to Graeme Hewson. (LP: #1229664)

 -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 26 Jun 2014 08:08:07 -0500

tcpdump (4.5.1-2ubuntu1) trusty; urgency=medium

  * Resynchronize on Debian remaining differences:
  * debian/control: 
    - Build-Depends on dh-apparmor.
    - Suggests apparmor
  * debian/README.Debian, debian/tcpdump.dirs, debian/usr.sbin.tcpdump,
    debian/patches/patches/90_man_apparmor.diff,
    debian/install, debian/rules:
    - Install enforcing AppArmor profile.

 -- Sebastien Bacher <seb128@ubuntu.com>  Mon, 13 Jan 2014 16:22:22 +0100

tcpdump (4.5.1-2) unstable; urgency=low

  * Disable nflog-e testcase, the NFLOG header length is specified in host
    byte order which makes capture files order-dependent (closes: #731031).

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 01 Dec 2013 12:13:16 +0100

tcpdump (4.5.1-1) unstable; urgency=low

  * New upstream release.
  * Disable new pppoes testcase which uses a new pcap feature to avoid tying
    the two upstream versions together.
  * debian/control: Set Standards-Version to 3.9.5.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 30 Nov 2013 23:54:03 +0100

tcpdump (4.4.0-1ubuntu1) saucy; urgency=low

  * Resynchronize on Debian remaining differences:
  * debian/control: 
    - Build-Depends on dh-apparmor.
    - Suggests apparmor
  * debian/README.Debian, debian/tcpdump.dirs, debian/usr.sbin.tcpdump,
    debian/patches/patches/90_man_apparmor.diff,
    debian/install, debian/rules:
    - Install enforcing AppArmor profile.

 -- Sebastien Bacher <seb128@ubuntu.com>  Wed, 29 May 2013 15:24:34 +0200

tcpdump (4.4.0-1) unstable; urgency=low

  * New upstream release:
    + Fixes format error in NTP printer (closes: #686276).
    + Rewords -e description (closes: #648768).
  * debian/control: Set Standards-Version to 3.9.4.
  * Use canonical locations in Vcs-* fields.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 25 May 2013 13:50:30 +0200

tcpdump (4.3.0-1ubuntu1) quantal; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Add enforcing AppArmor profile.
    - debian/control: Build-Depends on dh-apparmor.

 -- Logan Rosen <logatronico@gmail.com>  Wed, 08 Aug 2012 20:06:38 -0400

tcpdump (4.3.0-1) unstable; urgency=low

  * New upstream release.
  * Re-enable test suite.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 13 Jun 2012 22:55:54 +0200

tcpdump (4.2.1-3) unstable; urgency=low

  * Fix CPPFLAGS handling in upstream configure.in to avoid losing
    hardening flags, patch by Simon Ruderich <simon@ruderich.org>
    (closes: #662016).
  * Fix some misspellings pointed out by lintian.
  * debian/control: Set Standards-Version to 3.9.3.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 03 Mar 2012 17:11:48 +0100

tcpdump (4.2.1-2) unstable; urgency=low

  * Drop debian/patches/50_kfreebsd.diff (closes: #658848).

 -- Romain Francoise <rfrancoise@debian.org>  Mon, 06 Feb 2012 19:01:12 +0100

tcpdump (4.2.1-1ubuntu2) precise; urgency=low

  * debian/control: Build-Depends on dh-apparmor (LP: #948095)

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 06 Mar 2012 09:18:56 -0600

tcpdump (4.2.1-1ubuntu1) precise; urgency=low

  * Resynchronise with Debian.  Remaining changes (LP: #892285):
    - Add enforcing AppArmor profile.
  * Refreshed manpage patch to apply to new upstream.

 -- Stéphane Graber <stgraber@ubuntu.com>  Wed, 04 Jan 2012 10:33:48 +0100

tcpdump (4.2.1-1) unstable; urgency=low

  * New upstream release.
  * Upload to unstable.

 -- Romain Francoise <rfrancoise@debian.org>  Mon, 02 Jan 2012 20:19:22 +0100

tcpdump (4.2.0~rc1-2) experimental; urgency=low

  * Make sure OpenSSL support gets enabled: since it moved to multiarch
    paths, the configure script doesn't find libcrypto.so and disables
    crypto support. To fix this, simplify detection logic in configure.in
    and run autoconf before configuring.
  * Redo build flags handling:
    + Enable hardening flags via dpkg-buildflags, not hardening-includes.
    + Switch to debhelper compat level 9 to have build flags exported
      automatically.
    + Adjust build-depends accordingly.
  * Enable parallel build in debhelper.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 06 Nov 2011 19:14:23 +0100

tcpdump (4.2.0~rc1-1) experimental; urgency=low

  * New upstream beta release (closes: #636806); now switches to the -Z
    user before opening the first output file (closes: #434603).
  * debian/control: Set Standards-Version to 3.9.2.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 14 Aug 2011 10:44:58 +0200

tcpdump (4.1.1-2ubuntu2) oneiric; urgency=low

  * debian/usr.sbin.tcpdump:
    - allow gzip and bzip2 (LP: #722856)
    - allow read and write to .pcap files
    - allow read of /var/log/snort/*log* files
  * debian/patches/90_man_apparmor.diff: update man page to reference AppArmor
    confinement

 -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 22 Jun 2011 09:13:45 -0500

tcpdump (4.1.1-2ubuntu1) oneiric; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Add enforcing AppArmor profile.
  * Remove unnecessary debian/postinst and debian/postrm files;
    dh_installdeb will generate these itself.

 -- Colin Watson <cjwatson@ubuntu.com>  Thu, 26 May 2011 16:11:16 +0100

tcpdump (4.1.1-2) unstable; urgency=low

  * Fix FTBFS on GNU/Hurd; patch from Svante Signell (closes: #622287).
  * debian/control: Tweak short and long descriptions, set
    Standards-Version to 3.9.1.

 -- Romain Francoise <rfrancoise@debian.org>  Mon, 11 Apr 2011 22:37:29 +0200

tcpdump (4.1.1-1ubuntu4) oneiric; urgency=low

  * Rebuild for OpenSSL 1.0.0.

 -- Colin Watson <cjwatson@ubuntu.com>  Wed, 25 May 2011 22:43:20 +0100

tcpdump (4.1.1-1ubuntu3) natty; urgency=low

  * debian/usr.sbin.tcpdump: allow read access to /etc/ethers (LP: #660904)

 -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 07 Jan 2011 12:56:05 -0600

tcpdump (4.1.1-1ubuntu2) maverick; urgency=low

  * debian/control: Build-Depends on debhelper >= 7.4.20ubuntu5
  * debian/usr.sbin.tcpdump: include local override file
  * debian/rules, debian/postrm, debian/postinst: use dh_apparmor

 -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 06 Aug 2010 12:46:37 -0500

tcpdump (4.1.1-1ubuntu1) maverick; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - add enforcing AppArmor profile:
      - create debian/usr.sbin.tcpdump
      - debian/control: suggest apparmor >= 2.3
      - create debian/postrm: remove force-complain and disable links on purge
      - create debian/README.Debian: give information on AppArmor
      - create debian/postinst: reload tcpdump profile
      - create debian/install: install profile to /etc/apparmor.d
      - create debian/tcpdump.dirs: create etc/apparmor.d/force-complain

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 22 Jun 2010 12:44:32 -0500

tcpdump (4.1.1-1) unstable; urgency=low

  * New upstream release (closes: #576001).
  * debian/rules: Disable dh_auto_test (for now).
  * debian/control: Set Standards-Version to 3.8.4.
  * debian/patches/30_uflag_flushopen.diff: New patch: when saving to a
    capture file with -U, flush the file immediately after opening it.
    Suggested by Ferenc Wagner <wferi@niif.hu> (closes: #533625).
  * debian/patches/20_man_fixes.diff: Fix TCP flags description, thanks to
    Christophe Rhodes <csr21@cantab.net> (closes: #575724).

 -- Romain Francoise <rfrancoise@debian.org>  Tue, 06 Apr 2010 19:58:14 +0200

tcpdump (4.0.0-6ubuntu4) maverick; urgency=low

  * debian/usr.sbin.tcpdump:
    - allow device probing (LP: #585150)
    - allow 'w' access to /dev/bus/usb/**/[0-9]*, needed for proper USB
      probing with libpcap 1.1 and higher

 -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 10 Jun 2010 14:54:22 -0500

tcpdump (4.0.0-6ubuntu3) lucid; urgency=low

  * debian/usr.sbin.tcpdump: allow access for usbmon (LP: #523345)

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 23 Mar 2010 14:31:59 -0500

tcpdump (4.0.0-6ubuntu2) lucid; urgency=low

  * clean up installation of apparmor profile. Thanks to Colin Watson for
    helping me diagnose the problem (LP: #504903)
    - debian/rules: remove 'binary' target
    - add debian/install

 -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 08 Jan 2010 13:34:56 -0600

tcpdump (4.0.0-6ubuntu1) lucid; urgency=low

  * Merge from debian testing. Remaining changes:
    - add enforcing AppArmor profile
      - create debian/usr.sbin.tcpdump
      - debian/control: suggest apparmor >= 2.3
      - debian/postrm: remove force-complain and disable links on purge
      - debian/rules: update 'binary' target to add profile
      - debian/README.Debian: give information on AppArmor
      - debian/postinst: reload tcpdump profile
      - debian/tcpdump.dirs: added back for AppArmor directories

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 05 Jan 2010 08:21:25 -0600

tcpdump (4.0.0-6) unstable; urgency=low

  * debian/control: Build-depend on hardening-includes.
  * debian/rules: Use hardening.make.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 24 Dec 2009 11:51:12 +0100

tcpdump (4.0.0-5) unstable; urgency=low

  * Switch to 3.0 (quilt) source format:
    + Drop build-depends on quilt.
    + Remove patch/unpatch logic from debian/rules.
    + Remove README.source.
    + Refresh debian/patches/30_tcp_seq.diff.
  * Use dh(1):
    + debian/compat: Bump to 7.
    + debian/control: Build-depend on debhelper (>= 7.0.50~).
    + debian/rules: Simplify.
    + debian/tcpdump.dirs: Removed.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 08 Nov 2009 17:25:38 +0100

tcpdump (4.0.0-4ubuntu2) lucid; urgency=low

  * debian/usr.sbin.tcpdump: require 'owner' for file in @{HOME}

 -- Jamie Strandboge <jamie@ubuntu.com>  Fri, 04 Dec 2009 09:02:14 -0600

tcpdump (4.0.0-4ubuntu1) lucid; urgency=low

  * Merge from debian unstable (LP: #473236), remaining changes:
    - add enforcing apparmor profile
      - create debian/usr.sbin.tcpdump
      - debian/control: suggest apparmor >= 2.3
      - debian/postinst: reload apparmor
      - debian/postrm: remove force-complain link
      - debian/tcpdump.install: add profile
      - debian/rules: install the profile
      - debian/README.Debian: give information on Apparmor
      - debian/postinst: reload individual tcpdump profile, not all of apparmor
      - debian/postrm: also remove any symlinks in the /etc/apparmor.d/disable
        directory on purge 

 -- Nicolas Valcárcel Scerpella (Canonical) <nvalcarcel@canonical.com>  Tue, 03 Nov 2009 14:47:48 -0500

tcpdump (4.0.0-4) unstable; urgency=low

  * debian/control:
    + Add ${misc:Depends} to Depends.
    + Set Standards-Version to 3.8.3; no changes needed.
  * debian/{watch,README.source}: New files.
  * debian/copyright: Remove link to original file.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 08 Oct 2009 19:00:23 +0200

tcpdump (4.0.0-3) unstable; urgency=low

  * debian/patches/20_man_fixes.diff: Update; pcap-filter is in section 7,
    not 4 (closes: #527599).
  * debian/control: Set Standards-Version to 3.8.1.

 -- Romain Francoise <rfrancoise@debian.org>  Tue, 16 Jun 2009 11:51:14 +0200

tcpdump (4.0.0-2ubuntu2) karmic; urgency=low

  * debian/postinst: reload individual tcpdump profile, not all of apparmor
    (LP: #412749)
  * debian/postrm: also remove any symlinks in the /etc/apparmor.d/disable
    directory on purge

 -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 12 Aug 2009 16:58:28 -0500

tcpdump (4.0.0-2ubuntu1) karmic; urgency=low

  * Merge from debian unstable, remaining changes:
    - add enforcing apparmor profile
      - create debian/usr.sbin.tcpdump
      - debian/control: suggest apparmor >= 2.3
      - debian/postinst: reload apparmor
      - debian/postrm: remove force-complain link
      - debian/tcpdump.install: add profile
      - debian/rules: install the profile
      - debian/README.Debian: give information on Apparmor

 -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 14 May 2009 12:58:52 -0500

tcpdump (4.0.0-2) unstable; urgency=low

  * debian/patches/30_tcp_seq.diff: Patch from Ilpo Järvinen adding back
    default display of sequence numbers in TCP printer (closes: #517661).
  * debian/patches/series: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 01 Mar 2009 14:51:25 +0100

tcpdump (4.0.0-1) unstable; urgency=low

  * Upload to unstable.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 18 Feb 2009 18:55:35 +0100

tcpdump (4.0.0-1~exp1) experimental; urgency=low

  * New upstream release.
  * debian/control: Set Standards-Version to 3.8.0.
  * debian/rules: Don't set DH_VERBOSE.
  * debian/patches/15_install.diff: New patch, don't install two identical
    tcpdump binaries.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 30 Nov 2008 22:55:39 +0100

tcpdump (3.9.8-4ubuntu2) jaunty; urgency=low

  * debian/usr.sbin.tcpdump: use 'audit deny' instead of 'deny' (LP: #348592)

 -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 25 Mar 2009 13:33:28 -0500

tcpdump (3.9.8-4ubuntu1) jaunty; urgency=low

  * add enforcing apparmor profile
    - create debian/usr.sbin.tcpdump
    - debian/control: suggest apparmor >= 2.3
    - debian/postinst: reload apparmor
    - debian/postrm: remove force-complain link
    - debian/tcpdump.install: add profile
    - debian/rules: install the profile
    - debian/README.Debian: give information on Apparmor

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 03 Feb 2009 01:54:34 +0100

tcpdump (3.9.8-4) unstable; urgency=low

  * debian/control: Build-Depend on libpcap0.8-dev (>= 0.9.3),
    not (>= 0.9.3-1).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 08 Mar 2008 19:24:02 +0100

tcpdump (3.9.8-3) unstable; urgency=low

  * debian/copyright: Convert to UTF-8 encoding.
  * debian/control: Set Standards-Version to 3.7.3, no changes needed.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 23 Dec 2007 14:32:17 +0100

tcpdump (3.9.8-2) unstable; urgency=low

  * debian/control: Add Vcs-Browser and Vcs-Git fields.
  * debian/patches/50_kfreebsd.diff: New patch by Petr Salinger fixing
    FTBFS on Debian GNU/kFreeBSD (closes: #448695).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 03 Nov 2007 11:12:53 +0100

tcpdump (3.9.8-1) unstable; urgency=low

  * New upstream release.

 -- Romain Francoise <rfrancoise@debian.org>  Thu, 27 Sep 2007 22:41:53 +0200

tcpdump (3.9.7-2) unstable; urgency=low

  * debian/control: Move upstream URL to the Homepage header.

 -- Romain Francoise <rfrancoise@debian.org>  Fri, 21 Sep 2007 19:48:05 +0200

tcpdump (3.9.7-1) unstable; urgency=low

  * New upstream release.
  * debian/patches/41_cve-2007-3798.diff: Deleted.
  * debian/patches/40_cve-2007-1218.diff: Deleted.
  * debian/patches/series: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 12 Aug 2007 12:45:31 +0200

tcpdump (3.9.5-4) unstable; urgency=low

  * debian/rules: Don't ignore errors in clean target.
  * debian/patches/50_autotools-dev.diff: New patch, make config.{guess,sub}
    exec newer versions of themselves if autotools-dev is installed.
  * debian/patches/series: Update.
  * debian/control: Add build-depends on autotools-dev.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 11 Aug 2007 20:18:34 +0200

tcpdump (3.9.5-3) unstable; urgency=medium

  * Convert to quilt for patch management:
    + debian/control: Build-Depend on quilt (>= 0.40) instead of dpatch.
    + debian/rules: Include /usr/share/quilt/quilt.make.
    + Convert all dpatch patches to regular patches.

  * debian/patches/41_cve-2007-3798.diff: New patch, fixes an integer
    overflow in the BGP dissector (CVE-2007-3798), thanks to Daniel Leidert
    (closes: #434030).
  * debian/patches/series: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 01 Aug 2007 19:56:04 +0200

tcpdump (3.9.5-2) unstable; urgency=medium

  * debian/patches/40_cve-2007-1218.dpatch: New patch, fixes a potential
    buffer overflow in the 802.11 printer (CVE-2007-1218), thanks to
    Moritz Muehlenhoff <jmm@debian.org> (closes: #413430).
  * debian/patches/00list: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Mon,  5 Mar 2007 20:22:50 +0100

tcpdump (3.9.5-1) unstable; urgency=low

  * New upstream release.
  * debian/patches/20_man_fixes.dpatch: Resync.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 23 Sep 2006 21:13:07 +0200

tcpdump (3.9.4-4) unstable; urgency=low

  * debian/compat: Switch to debhelper compatibility level 5.
  * debian/control:
    + Build-Depend on debhelper (>= 5).
    + Remove Uploaders field.
    + Bump Standards-Version to 3.7.2, no changes needed.
  * debian/rules: Misc. cleanups.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 20 May 2006 13:07:45 +0200

tcpdump (3.9.4-3) unstable; urgency=low

  * debian/patches/20_man_fixes.dpatch: Merge patch from A Costa
    <agcosta@gis.net> fixing a few typos (closes: #351014).

 -- Romain Francoise <rfrancoise@debian.org>  Thu,  2 Feb 2006 22:24:04 +0100

tcpdump (3.9.4-2) unstable; urgency=low

  * debian/patches/20_man_fixes.dpatch: Merge patch from A Costa
    <agcosta@gis.net> fixing a few typos (closes: #342310).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 10 Dec 2005 14:26:20 +0100

tcpdump (3.9.4-1) unstable; urgency=low

  * New upstream release.

  * debian/patches/40_spelling.dpatch: Dropped (included upstream).
  * debian/patches/30_version.dpatch: Dropped.
  * debian/patches/30_vlan_eflag: New patch, reverse test for eflag in
    print-ether.c to match the intended effect (closes: #324706).

  * This upload also transitions tcpdump to OpenSSL 0.9.8.

 -- Romain Francoise <rfrancoise@debian.org>  Sun,  9 Oct 2005 20:11:49 +0200

tcpdump (3.9.3-2) unstable; urgency=low

  * debian/patches/40_spelling.dpatch: New patch, fixes spelling errors
    ("advertisment" vs. "advertisement"), thanks to Michael Shields
    <shields@msrl.com> (closes: #318676).
  * debian/patches/00list: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 17 Jul 2005 12:28:22 +0200

tcpdump (3.9.3-1) unstable; urgency=low

  * New upstream release.
  * Build-Depend on libpcap0.8-dev (which is really libpcap 0.9.3).

  * debian/patches/30_ascii-output.dpatch: Dropped (merged upstream).
  * debian/patches/30_version: New patch, fixes upstream version (still at
    3.9.2 while this is version 3.9.3).
  * debian/patches/00list: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 16 Jul 2005 14:59:30 +0200

tcpdump (3.9.1-1) unstable; urgency=low

  * New upstream release.
  * debian/patches/30_ascii-output.dpatch: New patch, fixes -x, -X and -A
    priorities and removes extra newline and tab characters in the ascii
    output (closes: #285764, #316908).
  * debian/patches/00list: Update.

 -- Romain Francoise <rfrancoise@debian.org>  Wed,  6 Jul 2005 20:17:19 +0200

tcpdump (3.9.0.cvs.20050622-1) unstable; urgency=low

  * New CVS snapshot.
  * debian/control: Bump Standards-Version to 3.6.2.1, no changes needed.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 22 Jun 2005 19:52:31 +0200

tcpdump (3.9.0.cvs.20050614-1) unstable; urgency=low

  * New CVS snapshot.
  * Upload to unstable.

 -- Romain Francoise <rfrancoise@debian.org>  Tue, 14 Jun 2005 19:43:24 +0200

tcpdump (3.9.0.cvs.20050529-1) experimental; urgency=low

  * New upstream CVS snapshot for experimental.

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 29 May 2005 12:55:31 +0200

tcpdump (3.9.0.cvs.20050511-1) experimental; urgency=low

  * Upstream CVS snapshot of tcpdump 3.9 for experimental.
  * debian/patches/20_man_fixes.dpatch: Resynchronized.
  * debian/patches/30_openssl_des.dpatch: Dropped (fixed upstream).
  * debian/patches/40_ipv6cp.dpatch: Ditto.
  * debian/patches/50_misc_dos.dpatch: Ditto.
  * debian/patches/00list: Update.
  * debian/control: Build with libpcap0.9, also in experimental.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 11 May 2005 20:00:31 +0200

tcpdump (3.8.3-5) unstable; urgency=low

  * debian/copyright: Clarify license conditions, some files in the
    distribution are still under the 4-clause BSD license (closes: #283008).
  * debian/changelog: Revise 3.8.3-4 entry to add CAN numbers (which have
    been assigned in the meantime).

 -- Romain Francoise <rfrancoise@debian.org>  Sun,  1 May 2005 17:23:45 +0200

tcpdump (3.8.3-4) unstable; urgency=high

  * Urgency set to high due to security fixes.
  * debian/patches/50_misc_dos.dpatch: Security fixes stolen from the 3.8
    branch fix infinite loops in the BGP, ISIS, LDP and RSVP dissectors
    [CAN-2005-1278, CAN-2005-1279, CAN-2005-1280] (closes: #306529).
  * debian/patches/00list: Add 50_misc_dos.

 -- Romain Francoise <rfrancoise@debian.org>  Wed, 27 Apr 2005 21:05:37 +0200

tcpdump (3.8.3-3) unstable; urgency=low

  * debian/patches/40_ipv6cp.dpatch: New patch, do not try to print IPV6CP
    ppp packets, the dissector doesn't support it (closes: #255179).
  * debian/patches/00list: Add 40_ipv6cp.

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 19 Jun 2004 15:01:27 +0200

tcpdump (3.8.3-2) unstable; urgency=low

  * debian/rules: Enable crypto support (closes: #82581, #93428).
  * debian/control:
    + Build-Depend on libssl-dev.
    + Put back URL markers in description.
    + Switch Maintainer and Uploaders fields to match reality.
  * debian/patches/30_openssl_des.dpatch: Patch to make upstream's
    configure script check for DES_cbc_encrypt instead of des_cbc_encrypt,
    (the function got renamed in OpenSSL 0.9.7), which saves us the hassle
    of re-running autoconf.  Temporary hack since upstream has fixed this
    in CVS already.
  * debian/patches/00list: Add 30_openssl_des.

 -- Romain Francoise <rfrancoise@debian.org>  Fri, 14 May 2004 22:14:08 +0200

tcpdump (3.8.3-1) unstable; urgency=low

  * New upstream release.
  * debian/rules:
    + Add -D_FILE_OFFSET_BITS=64 to default CFLAGS to match libpcap 
      (closes: #154762).
    + Use dpatch for patch management.
    + Clean up CFLAGS handling.
    + Support DEB_BUILD_OPTIONS.
  * debian/control: 
    + Build-Depend on libpcap0.8-dev, dpatch.
    + Add versioned Build-Depends on debhelper.
    + Remove Emacs-style URL markers from description.
  * debian/compat: New file.
  * debian/copyright: Update.
  * debian/tcpdump.docs: Do not install upstream INSTALL file.
  * debian/patches: New directory.
  * debian/patches/10_man_install.dpatch: Patch split off the Debian diff
    to change man install paths in upstream Makefile.in.
  * debian/patches/20_man_fixes.dpatch: Patch split off the Debian diff to
    fix some inconsistencies in the upstream man page.
  * debian/patches/00list: New file (patch list).

 -- Romain Francoise <rfrancoise@debian.org>  Tue, 11 May 2004 14:02:09 +0200

tcpdump (3.7.2-4) unstable; urgency=high

  * Urgency high due to security fixes.
  * Backport changes from upstream CVS to fix ISAKMP payload handling
    denial-of-service vulnerabilities (CAN-2004-0183, CAN-2004-0184).
    Detailed changes (with corresponding upstream revisions):
    + Add length checks in isakmp_id_print() (print-isakmp.c, rev. 1.47)
    + Add data checks all over the place, change rawprint() prototype and
      add corresponding return value checks (print-isakmp.c, rev. 1.46)
    + Add missing ntohs() and change length initialization in
      isakmp_id_print(), not porting prototype changes (print-isakmp.c,
      rev. 1.45)
  
 -- Romain Francoise <rfrancoise@debian.org>  Tue,  6 Apr 2004 19:39:24 +0200

tcpdump (3.7.2-3) unstable; urgency=low

  * Backport changes from upstream CVS to fix several vulnerabilities in
    ISAKMP, L2TP and Radius parsing (closes: #227844, #227845, #227846).

 -- Romain Francoise <rfrancoise@debian.org>  Sat, 17 Jan 2004 14:12:30 +0100

tcpdump (3.7.2-2) unstable; urgency=low

  * Acknowledge NMU by Romain (closes: #208543).
  * Apply man page fixes by Romain:
    + networks(4) changed to networks(5) (closes: #194180).
    + ethers(3N) changed to ethers(5) (closes: #197888).
  * debian/control: Added Romain Francoise as co maintainer. Thanks for 
    your help, Romain!

 -- Torsten Landschoff <torsten@debian.org>  Sun, 19 Oct 2003 04:12:31 +0200

tcpdump (3.7.2-1.1) unstable; urgency=low

  * NMU
  * Reverse order of #include directives in print-sctp.c so that
    IPPROTO_SCTP is defined (closes: #208543).

 -- Romain Francoise <rfrancoise@debian.org>  Sun, 12 Oct 2003 17:06:01 +0200

tcpdump (3.7.2-1) unstable; urgency=low

  * New upstream release (closes: #195816).

 -- Torsten Landschoff <torsten@debian.org>  Sun,  8 Jun 2003 00:14:44 +0200

tcpdump (3.7.1-1.2) unstable; urgency=high

  * Non-maintainer upload
  * Apply security fixes from 3.7.2
    - Fixed infinite loop when parsing malformed isakmp packets.
      (CAN-2003-0108)
    - Fixed infinite loop when parsing malformed BGP packets.
    - Fixed buffer overflow with certain malformed NFS packets.

 -- Matt Zimmerman <mdz@debian.org>  Thu, 27 Feb 2003 11:00:32 -0500

tcpdump (3.7.1-1.1) unstable; urgency=low

  * NMU
  * Simple rebuild to deal with libpcap0->libpcap0.7 transition.
    Sourceful NMU so that every arch rebuilds it.
 
 -- LaMont Jones <lamont@debian.org>  Wed, 14 Aug 2002 21:25:45 -0600

tcpdump (3.7.1-1) unstable; urgency=low

  * New upstream release (closes: #138052).

 -- Torsten Landschoff <torsten@debian.org>  Sat,  3 Aug 2002 23:54:04 +0200

tcpdump (3.6.2-2) unstable; urgency=HIGH

  * print-rx.c: Take the version from current CVS fixing the remote 
    buffer overflow reported in FreeBSD Security Advisory SA-01:48
    yesterday. Thanks to Matt Zimmerman for forwarding the report, 
    I might have missed it.
  * debian/control: Clean the Build-Depends from build-essential 
    packages.

 -- Torsten Landschoff <torsten@debian.org>  Thu, 19 Jul 2001 15:03:48 +0200

tcpdump (3.6.2-1) unstable; urgency=low

  * New upstream release.

 -- Torsten Landschoff <torsten@debian.org>  Tue,  6 Mar 2001 04:18:16 +0100

tcpdump (3.6.1-2) unstable; urgency=low

  * debian/rules: Force support for IPv6 (closes: #82665).
  * print-icmp6.c: Removed duplicate definition also in icmp6.h to 
    get the package to compile with IPv6.
  * Rebuild should fix the missing libpcap0-dependency (closes: #82666).
    Additional info: The missing dependency was because the configure 
    script found my libpcap sources in the parent directory. Black magic
    always works against you :(

 -- Torsten Landschoff <torsten@debian.org>  Thu, 18 Jan 2001 00:44:01 +0100

tcpdump (3.6.1-1) unstable; urgency=high

  * Taking back the package. Kudos to Anand for his help.
  * New upstream release. This release fixes a security hole in print-rx.c.
  * debian/rules: Disable crypto support (closes: #81969).
  * Removed empty README.Debian (closes: #81966).

 -- Torsten Landschoff <torsten@debian.org>  Tue, 16 Jan 2001 16:04:03 +0100

tcpdump (3.5.2-3) unstable; urgency=low

  * Fixup dependancy stuff. Sheesh. (Closes: #78063, #78081, #78082)

 -- Anand Kumria <wildfire@progsoc.org>  Tue, 28 Nov 2000 02:16:01 +1100

tcpdump (3.5.2-2) unstable; urgency=low

  * Update both config.guess and config.sub (Closes: #36692, #53145)
  * Opps, make the .diff available. 
  * We require a particular libpcap version to work (Closes: #77877)

 -- Anand Kumria <wildfire@progsoc.org>  Mon, 27 Nov 2000 01:13:55 +1100

tcpdump (3.5.2-1) unstable; urgency=low

  * New Maintainer
  * New upstream release (Closes: #75889)
  * Upstream added hex dump (-x) and ascii dump (-X) Closes: #23514, #29418)
  * Acknowledge and incorporate security fixes (Closes: #63708, #77489)
  * Appletalk / Ethertalk patches are in (Closes: #67642)

 -- Anand Kumria <wildfire@progsoc.org>  Wed, 22 Nov 2000 13:19:33 +1100

tcpdump (3.4a6-4.1) frozen unstable; urgency=high

  * Non-maintainer upload by security team
  * Apply patch from tcpdump-workers mailinglist to fix DNS DoS attack
    against tcpdump. Based on patch from Guy Harris <gharris@flashcom.net> as
    found on http://www.tcpdump.org/lists/workers/1999/msg00607.html
  * Fix Build-Depends entry in debian/control

 -- Wichert Akkerman <wakkerma@debian.org>  Sun,  7 May 2000 15:17:33 +0200

tcpdump (3.4a6-4) unstable; urgency=low

  * New maintainer.
  * tcpdump.c (main): Reestablish priviliges before closing the device
    (closes: #19959).
  * It seems the problem with ppp came from the kernel - I can dump 
    packages on ppp0 just fine... (closes: #25757)
  * print-tcp.c (tcp_print): Applied patch from David S. Miller submitted 
    by Andrea Arcangeli to fix tcpdump sack TCP option interpretation 
    (closes: #28530).
  * print-bootp.c (rfc1048_print): Interpret timezone offset as signed
    (closes: #40376). Fixed byte order problem in printing internet 
    addresses (closes: #40375). Thanks to Roderick Schertler for the patch.
  * Several files: Applied SMB patch from samba.org (closes: #27653).
  * print-ip.c (ip_print): Check for ip headers with less than 5 longs. 
    Patch taken from RedHat's source package.
  * Redid debian/rules using debhelper.
  * Makefile.in: Install the manpage into man8 instead of man1. 
  * tcpdump.1: Moved to section 8 (admin commands).
  * print-smb.c (print_smb): Disabled anything but printing the command 
    info by default. Otherwise we would get flooded with smb information.
    You can get all info using -vvv. Two -v's will give you the SMB headers.
  * tcpdump.1: Documented the behaviour described above.

 -- Torsten Landschoff <torsten@debian.org>  Mon, 22 Nov 1999 01:31:44 +0100

tcpdump (3.4a6-3) frozen unstable; urgency=low

  * fixed permissions

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Mon, 30 Mar 1998 02:28:39 +0200

tcpdump (3.4a6-2) frozen unstable; urgency=low

  * rebuild with latest debmake, fixes #19415
    (should also fix the lintian warnings)
  * updated standards-version

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Mon, 30 Mar 1998 00:28:39 +0200

tcpdump (3.4a6-1) unstable; urgency=low

  * updated to latest upstream version, fixes: Bug#17163
  * install changelog.Debian compressed, fixes: Bug#15417

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Sun,  1 Feb 1998 00:08:31 +0100

tcpdump (3.4a4-1) unstable; urgency=low

  * updated to latest upstream version
  * libc6 version

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Wed, 17 Sep 1997 23:22:54 +0200

tcpdump (3.3.1a2-1) frozen stable unstable; urgency=medium

  * updated to latest upstream version (works with new libpcap now)

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Sat, 24 May 1997 00:49:17 +0200

tcpdump (3.3-2) unstable; urgency=low

  * fixed SLIP support

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Sun, 16 Feb 1997 21:06:51 +0100

tcpdump (3.3-1) unstable; urgency=low

  * updated to latest upstream version

 -- Peter Tobias <tobias@et-inf.fho-emden.de>  Thu, 16 Jan 1997 01:34:00 +0100

