-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

tripwire-2.3.1-20.fdr.1

* Revision bump to supersede Fedora Legacy

* Fixed a bogus entry in twpol.txt.in (modeprobe.conf -> modprobe.conf)

tripwire-2.3.1-18.fdr.9

* Paul Herman discovered a format string vulnerability in the fprintf()
  function of pipedmailmessage.cpp, thanks to Robert C. Jacobson filing
  a bug against tripwire.

  http://www.securityfocus.com/archive/1/365036/2004-06-01/2004-06-07/2

  The patch from the above page has now been added to this release.

tripwire-2.3.1-18.fdr.8:

* I've given the default Policy plaintext  file  a  complete  overhaul.
  Many of the legacy entries are living on borrowed time, and  are  due
  for removal (pending further research,  consultation  and  approval).
  I've also cleaned up a lot of the "lint" in the Policy file. Comments
  are  usefull,  but  some  of  the  comment  blocks  in  the  original
  distribution looked like someone was practising ASCII art!

* Cleaned up ugly sed entry in Spec (I really should start using perl).
  (thanks to Michael Schwendt.)

* More macro substitutions. Good ol' macros, eh?

######

tripwire-2.3.1-18.fdr.7:

* See changelog.

######

tripwire-2.3.1-18.fdr.6:

* See changelog.

######

tripwire-2.3.1-18.fdr.5:

* Finally the "non-conf-file in config dir" bug has been addressed. The
  script twinstall.sh is not, and never has been, a configuration file,
  but has lived in sysconfdir since the beginning. Well it's got a  new
  home and a new name now; it's been moved to the sbindir  and  is  now
  called tripwire-setup-keyfiles. The  original  name  was  misleading,
  since it implied that it  installed  Tripwire,  rather  than  set  up
  keyfiles. It's ironic that such a simple bug  should  have  taken  so
  long to fix (something for which I am partly responsible). The change
  certainly doesn't break anything, and is extremely trivial (except in
  terms of FHS compliance). I guess you can put the longevity  of  this
  bug down to apathy. Fixes Red Hat bug #61855, if  it  makes  it  back
  upstream.

* Line 145 of the original  twinstall.sh,  incorrectly  referenced  the
  site key, as follows:

  echo "The site key file \"$LOCAL_KEY\""

  Of course that should read:

  echo "The local key file \"$LOCAL_KEY\""

  It's  a  relatively  minor  semantic  error,  but  still  wrong  (and
  potentially confusing), so has been fixed in tripwire-setup-keyfiles.

* Updating the default Tripwire policy file, has been long overdue. All
  that has changed (this time around) is  that  various  references  to
  outdated and non-existent files has been commented out, thus  greatly
  reducing the number of "filesystem error" warnings displayed after an
  initial setup. Please do not use this as an excuse to  not  tune  the
  Tripwire policy more carefully and precisely  for  your  own  system.
  This is a *security* tool, after all. If you are not going to use  it
  conscientiously, then why bother at all?

######

tripwire-2.3.1-18.fdr.4:

* This file (newest entries first)

* The siggen.8 man file had a broken command synopsis syntax.  Reported
  and patched by Eric S. Raymond (docbook).

* The biggest request has finally been implemented:  setting  the  real
  hostname %post install. Previously,  a  virgin  install  of  Tripwire
  caused the unexpected problem of Tripwire failing  to  find  it's own
  report files, due to the fact that those  files  contained  the  real
  hostname as part of the filenames.  During  one  operation,  Tripwire
  would create report files using a naming  convention  which  included
  the real hostname, but during another operation, it  would  look  for
  report files with names that contained the literal word  "localhost",
  and subsequently failed. This problem was very simple to  fix,  i.e.,
  edit twpol.txt and replace the line which read  "HOSTNAME=localhost;"
  with a reference to the real hostname, followed by invoking  Tripwire
  in "policy update mode", but it did cause a lot of initial confusion,
  and so has been fixed.

* Work is ongoing in the process of updating Tripwire. The four primary
  goals are:

	1) Lose dependency from the dreaded STLport
	2) Ween Tripwire off Crypto++, and onto (the more GPL friendly)
	   libmcrypt
	3) Modernise the code (64bit, SELinux, non-x86, etc).
	4) And by virtue of all the above, fully  modularise  Tripwire,
	   so we're no longer distributing three applications in one.

  Progress is slow (I'm a one man show, and I  have  a  day  job),  but
  there are at  least  two  other  developers  who  are  actively  (but
  separately) working on Tripwire:

	Stephen Zander (Debian)
	Paul Herman (independent)

  During the next few months, I'll be  talking  to  both  parties,  and
  negotiating some kind of working arrangement. One way or another, I'm
  determined to finish the project this year (2004).

Keith G. Robertson-Turner <tripwire-devel[AT]genesis-x.nildram.co.uk>

######

tripwire-2.3.1-18.fdr.3:

* Thanks to Michael Schwendt for really cleaning up the Spec file

	All the hard coded paths have now been replaced with variables,
	including some nice rpm macros and templates

* Proper debuginfo packages build now

* The remaining parts of the  original  tripwire-2.3.1-gcc3.patch  have
  now been implemented

	The new  patch  is  called  tripwire-2.3.1-gcc3.new.patch,  and
	basically just patches references to gmake to ${MAKE}.  There's
        also a small function patch that was part of the original

######

tripwire-2.3.1-18.fdr.2:

* Removed version specific grep dependency, since grep >= 2.3 is common

* Added openssl-devel and autoconf to build dependencies

* The tripwire-jbj.patch is now confirmed to be merged with
  tw-20030919.patch

* Added RPM optimisation flags option

	Unfortunately, this breaks the code

	To quote Michael Schwendt <mailto:rh0212ms[AT]arcor.de>
	"RPM opt flags break "cryptlib". twadmin enters a  deadlock  in
	SubatomicDivide() (cryptlib/integer.cpp) while generating a
	key."

	Therefore this option has been commented out until  integer.cpp
	is fixed

* set umask 022 during install, rather  than  allowing  group  writable
  permissions

* Added License-Issues to documentation

######

tripwire-2.3.1-18.fdr.1:

* First Fedora release

* Implemented Paul  Herman's  <pherman[AT]frenchfries.net>  tw-20030919
  patch

Features:
	multi-platform configuration via Autoconf's "./configure"
	optional linking against OpenSSL
	optional linking against STLport

This patch has been known to work with the following OSes:
	RedHat 7.x, 8.0
	FreeBSD 4.x, 5.0
	NetBSD 1.6.1 (requires pthreads port)
	OpenBSD 3.x (3.3 must disable propolice)
	Solaris 8
	Cygwin (version?)
	MacOS X 10.2.6/Darwin 6.6
	(prebinding compatibility not available)

Furthermore, the following compiler  versions  have  been  successfully
tested: 
	GCC 2.95, 3.0, 3.1, 3.2, 3.3
	Apple Computer, Inc. GCC version 1175

* Both the mkstemp and rfc822 patches are still implemented

* Missing Patches

tripwire-jbj.patch:		Obsoleted by tw-20030919.patch
tripwire-2.3.1-2-fhs.patch:	Unknown status. Further testing  needed
tripwire-2.3.1-gcc3.patch:	Partially implemented/obsoleted

* RPM Spec file given complete overhaul for stricter compliance

######

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAzzGM2XoLj+pGfn8RAouiAJ9EVwQzr2xqLq6xrWn0DnvpMqSgtQCeIJRD
rCoprE5+omwmJuKoxnP0OCk=
=CXcq
-----END PGP SIGNATURE-----
