snapshot length corruption on live captures

Debian Bug report logs - #623868
snapshot length corruption on live captures

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Robert Edmonds <edmonds@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: snapshot length corruption on live captures

Date: Sat, 23 Apr 2011 17:20:39 -0400

[Message part 1 (text/plain, inline)]

Package: libpcap0.8
Version: 1.1.1-2
Severity: grave
Tags: squeeze sid
Justification: causes data loss

see: http://thread.gmane.org/gmane.network.tcpdump.devel/5018

this can be trivially reproduced on squeeze or sid:

    edmonds@zappa{0}:~$ tcpdump --version                 
    tcpdump version 4.1.1
    libpcap version 1.1.1
    Usage: tcpdump [-aAbdDefIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
            [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
            [ -i interface ] [ -M secret ] [ -r file ]
            [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]
            [ -y datalinktype ] [ -z command ] [ -Z user ]
            [ expression ]
    edmonds@zappa{1}:~$ sudo tcpdump -s 128 -c 2 -pni lo -w /tmp/lo.pcap 1>/dev/null 2>&1 &
    [1] 22573
    edmonds@zappa{1}:~$ ping -c 1 -s 512 127.0.0.1
    PING 127.0.0.1 (127.0.0.1) 512(540) bytes of data.
    520 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.034 ms

    --- 127.0.0.1 ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 0.034/0.034/0.034/0.000 ms
    edmonds@zappa{0}:~$ 
    [1]  + done       sudo tcpdump -s 128 -c 2 -pni lo -w /tmp/lo.pcap > /dev/null 2>&1
    edmonds@zappa{0}:~$ tshark -r /tmp/lo.pcap -V -T text -n | grep '^Frame '
    Frame 1 (554 bytes on wire, 122 bytes captured)
    Frame 2 (554 bytes on wire, 122 bytes captured)
    edmonds@zappa{0}:~$ 

with the latest git tip of libpcap:

    sql1rd2:~# tcpdump --version
    tcpdump version 4.3.0-PRE-GIT_2011_04_23
    libpcap version 1.3.0-PRE-GIT_2011_04_23
    Usage: tcpdump [-aAbdDefhIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
            [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
            [ -i interface ] [ -j tstamptype ] [ -M secret ]
            [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
            [ -W filecount ] [ -y datalinktype ] [ -z command ]
            [ -Z user ] [ expression ]
    sql1rd2:~# tcpdump -s 128 -c 2 -pni lo -w /tmp/lo.pcap &
    [1] 15377
    sql1rd2:~# tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 128 bytes

    sql1rd2:~# ping -c 1 -s 512 127.0.0.1
    PING 127.0.0.1 (127.0.0.1) 512(540) bytes of data.
    2 packets captured
    4 packets received by filter
    0 packets dropped by kernel
    520 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.023 ms

    --- 127.0.0.1 ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 0.023/0.023/0.023/0.000 ms
    sql1rd2:~# tshark -r /tmp/lo.pcap -V -T text -n | grep '^Frame '
    Running as user "root" and group "root". This could be dangerous.
    Frame 1 (554 bytes on wire, 128 bytes captured)
    Frame 2 (554 bytes on wire, 128 bytes captured)
    [1]+  Done                    tcpdump -s 128 -c 2 -pni lo -w /tmp/lo.pcap
    sql1rd2:~# 

note "122 bytes captured" in the first listing versus "128 bytes
captured" in the second.

this is fixed in upstream commit ea9432fabdf4b33cbc76d9437200e028f1c47c93,
"Fix the calculation of the frame size in memory-mapped captures."

there has not yet been a release on the 1.1 branch (or, well, any
release) since 1.1.1 that contains this fix.  but the fix should most
likely be backported to the version in squeeze anyway.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (800, 'testing'), (700, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libpcap0.8 depends on:
ii  libc6                         2.11.2-13  Embedded GNU C Library: Shared lib

libpcap0.8 recommends no packages.

libpcap0.8 suggests no packages.

-- no debconf information

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 623868@bugs.debian.org (full text, mbox, reply):

From: Robert Edmonds <edmonds@debian.org>

To: 623868@bugs.debian.org

Cc: control@bugs.debian.org

Subject: Re: Bug#623868: snapshot length corruption on live captures

Date: Sat, 23 Apr 2011 23:08:42 -0400

[Message part 1 (text/plain, inline)]

tag 623868 + patch
thanks

Robert Edmonds wrote:
> this is fixed in upstream commit ea9432fabdf4b33cbc76d9437200e028f1c47c93,
> "Fix the calculation of the frame size in memory-mapped captures."

attached is a backport of this commit to 1.1.1, and a patch to the
debian package containing the fix.

-- 
Robert Edmonds
edmonds@debian.org

[0001-Fix-the-calculation-of-the-frame-size-in-memory-mapp.patch (text/x-diff, attachment)]

[0001-backport-commit-ea9432fabd-from-upstream-for-623868.patch (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #17 received at 623868@bugs.debian.org (full text, mbox, reply):

From: Romain Francoise <rfrancoise@debian.org>

To: Robert Edmonds <edmonds@debian.org>

Cc: 623868@bugs.debian.org

Subject: Re: Bug#623868: snapshot length corruption on live captures

Date: Sun, 24 Apr 2011 11:16:40 +0200

Robert Edmonds <edmonds@debian.org> writes:

> attached is a backport of this commit to 1.1.1, and a patch to the
> debian package containing the fix.

Thanks, I'll merge this for the next upload.

However, I don't think this issue is really "grave". It doesn't
cause data loss, it just results in less data than requested being
captured.

-- 
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/

Message #22 received at 623868@bugs.debian.org (full text, mbox, reply):

From: Robert Edmonds <edmonds@debian.org>

To: Romain Francoise <rfrancoise@debian.org>

Cc: 623868@bugs.debian.org

Subject: Re: Bug#623868: snapshot length corruption on live captures

Date: Sun, 24 Apr 2011 12:20:02 -0400

[Message part 1 (text/plain, inline)]

Romain Francoise wrote:
> Robert Edmonds <edmonds@debian.org> writes:
> 
> > attached is a backport of this commit to 1.1.1, and a patch to the
> > debian package containing the fix.
> 
> Thanks, I'll merge this for the next upload.
> 
> However, I don't think this issue is really "grave". It doesn't
> cause data loss, it just results in less data than requested being
> captured.

true, it doesn't result in loss of _existing_ data, but i think this bug
is certainly serious enough to warrant a stable or security update.  for
instance, a snapshot length of 1514 actually results in only a maximum
of 1498 bytes being captured, so those who think they are doing "full
packet capture" actually are not, thus breaking TCP stream reassembly
and IP defragmentation, potentially blinding sensors that depend on
libpcap.

in fact, we could go all the way up to critical :)  "makes unrelated
software on the system (or the whole system) break, or causes serious
data loss, or introduces a security hole on systems where you install
the package."

-- 
Robert Edmonds
edmonds@debian.org

[signature.asc (application/pgp-signature, inline)]

Message #27 received at 623868@bugs.debian.org (full text, mbox, reply):

From: Romain Francoise <rfrancoise@debian.org>

To: Robert Edmonds <edmonds@debian.org>

Cc: 623868@bugs.debian.org

Subject: Re: Bug#623868: snapshot length corruption on live captures

Date: Mon, 25 Apr 2011 11:17:13 +0200

Robert Edmonds <edmonds@debian.org> writes:

> for instance, a snapshot length of 1514 actually results in only a
> maximum of 1498 bytes being captured, so those who think they are
> doing "full packet capture" actually are not, thus breaking TCP
> stream reassembly and IP defragmentation, potentially blinding
> sensors that depend on libpcap.

Sure it's possible, but quite unlikely. People who want to do "full
packet capture" usually set snaplen to 65535, which is the default
for tcpdump, ngrep, tcpflow, etc.

-- 
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/

Message #32 received at 623868@bugs.debian.org (full text, mbox, reply):

From: Robert Edmonds <edmonds@debian.org>

To: Romain Francoise <rfrancoise@debian.org>

Cc: 623868@bugs.debian.org

Subject: Re: Bug#623868: snapshot length corruption on live captures

Date: Mon, 25 Apr 2011 13:33:38 -0400

Romain Francoise wrote:
> Robert Edmonds <edmonds@debian.org> writes:
> 
> > for instance, a snapshot length of 1514 actually results in only a
> > maximum of 1498 bytes being captured, so those who think they are
> > doing "full packet capture" actually are not, thus breaking TCP
> > stream reassembly and IP defragmentation, potentially blinding
> > sensors that depend on libpcap.
> 
> Sure it's possible, but quite unlikely. People who want to do "full
> packet capture" usually set snaplen to 65535, which is the default
> for tcpdump, ngrep, tcpflow, etc.

no, we don't.  setting the snaplen to ~64K means the MMAP'd packet
capture ring needs to allocate ~64K of unswappable kernel memory for
each frame in the ring buffer.  the default ring buffer size used in
libpcap is 2 megabytes, which means only a tiny number of frames can be
buffered with a 64K snaplen.  generally 2 MB is a quite small buffer to
use on a busy network even with a correctly tuned snapshot length, so
one needs to increase the ring buffer size as well.

snort sets the default snapshot length to 1514, so it is quite broken by
this bug.

-- 
Robert Edmonds
edmonds@debian.org

Message #39 received at 623868-close@bugs.debian.org (full text, mbox, reply):

From: Romain Francoise <rfrancoise@debian.org>

To: 623868-close@bugs.debian.org

Subject: Bug#623868: fixed in libpcap 1.1.1-4

Date: Sat, 30 Apr 2011 10:48:36 +0000

Source: libpcap
Source-Version: 1.1.1-4

We believe that the bug you reported is fixed in the latest version of
libpcap, which is due to be installed in the Debian FTP archive:

libpcap-dev_1.1.1-4_all.deb
  to main/libp/libpcap/libpcap-dev_1.1.1-4_all.deb
libpcap0.8-dbg_1.1.1-4_amd64.deb
  to main/libp/libpcap/libpcap0.8-dbg_1.1.1-4_amd64.deb
libpcap0.8-dev_1.1.1-4_amd64.deb
  to main/libp/libpcap/libpcap0.8-dev_1.1.1-4_amd64.deb
libpcap0.8_1.1.1-4_amd64.deb
  to main/libp/libpcap/libpcap0.8_1.1.1-4_amd64.deb
libpcap_1.1.1-4.debian.tar.gz
  to main/libp/libpcap/libpcap_1.1.1-4.debian.tar.gz
libpcap_1.1.1-4.dsc
  to main/libp/libpcap/libpcap_1.1.1-4.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 623868@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Romain Francoise <rfrancoise@debian.org> (supplier of updated libpcap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 30 Apr 2011 12:30:27 +0200
Source: libpcap
Binary: libpcap-dev libpcap0.8-dev libpcap0.8 libpcap0.8-dbg
Architecture: source all amd64
Version: 1.1.1-4
Distribution: unstable
Urgency: low
Maintainer: Romain Francoise <rfrancoise@debian.org>
Changed-By: Romain Francoise <rfrancoise@debian.org>
Description: 
 libpcap-dev - development library for libpcap (transitional package)
 libpcap0.8 - system interface for user-level packet capture
 libpcap0.8-dbg - debugging symbols for libpcap0.8
 libpcap0.8-dev - development library and header files for libpcap0.8
Closes: 612803 623868
Changes: 
 libpcap (1.1.1-4) unstable; urgency=low
 .
   [ Romain Francoise ]
   * Cherry-pick commit 073a8b37f9 from upstream to fix device detection
     when the bonding module is loaded (closes: #612803).
   * debian/patches/50_kfreebsd.diff: Enable zerocopy BPF again.
 .
   [ Robert S. Edmonds ]
   * Backport commit ea9432fabd from upstream to fix corruption of snapshot
     length on live captures (closes: #623868).
Checksums-Sha1: 
 cf0414efa52a10fb4b8155509f410469f652044d 1257 libpcap_1.1.1-4.dsc
 2803a24594e28e9d212c997cd50b2447bd6997d7 16948 libpcap_1.1.1-4.debian.tar.gz
 7b9dd8c109f0451017e88d2078d985b8f237333e 19710 libpcap-dev_1.1.1-4_all.deb
 916f401fdf36e5d538a51b6402acf50307bade4a 234884 libpcap0.8-dev_1.1.1-4_amd64.deb
 473c95a8706f20fa53fb10ec635529b37999846f 131230 libpcap0.8_1.1.1-4_amd64.deb
 fa6011b8307b0454d9bbdc6c358d01e9e8cb57f5 155640 libpcap0.8-dbg_1.1.1-4_amd64.deb
Checksums-Sha256: 
 98c46337022b88b5dd502742810c6120bd6a4ea541be9017719296c615943388 1257 libpcap_1.1.1-4.dsc
 168c62f7f6d96df70e49676ffd1b5162196fcad9f64b8c2a308e2d1866298454 16948 libpcap_1.1.1-4.debian.tar.gz
 1d14b879199829a8bdb3956ecd1fa00d42101fcb18542653a2c99534e024109a 19710 libpcap-dev_1.1.1-4_all.deb
 b0efa6abe0f3fbbf1a5309f8ef64ca0b6a17c1094bc07675d8a4ea86609b3b3b 234884 libpcap0.8-dev_1.1.1-4_amd64.deb
 65c28b4b0701b640804f841cb446bfc4cb0dc31bf10143b30c8093b5ebb288d9 131230 libpcap0.8_1.1.1-4_amd64.deb
 ecd646baa9d9a5041238023f931836408743b3aef41d2acd4e361ffc214f36e8 155640 libpcap0.8-dbg_1.1.1-4_amd64.deb
Files: 
 d43fc81a0bc5c56df50b6d4a9a3b005c 1257 devel optional libpcap_1.1.1-4.dsc
 d973b914529ea90f2b7eac1d5095ed86 16948 devel optional libpcap_1.1.1-4.debian.tar.gz
 606f300d4491849302f5fc1bbea55a25 19710 libdevel optional libpcap-dev_1.1.1-4_all.deb
 0ad4bd27620f3163670c993ed8eb4995 234884 libdevel optional libpcap0.8-dev_1.1.1-4_amd64.deb
 95ddcf46ddcd029920a6ebf1feb10c0d 131230 libs optional libpcap0.8_1.1.1-4_amd64.deb
 5a9921d5eccc9360cbef05916df45061 155640 debug extra libpcap0.8-dbg_1.1.1-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFNu+byogN2vsA8Vt8RAvfVAJ9gA06+39zrvxPYHe1kIhC90JF77QCgubeh
IAGUwuM2ZbiwNb3VNfBEm2I=
=8nQp
-----END PGP SIGNATURE-----

Message #44 received at 623868@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>

To: 623868@bugs.debian.org

Subject: Re: (PRSC) Bug#623868: snapshot length corruption on live captures

Date: Wed, 6 Jul 2011 20:33:59 +0100

[Message part 1 (text/plain, inline)]

Dear maintainer,

Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:

lenny (5.0.9)
squeeze (6.0.2)

Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

I will happily assist you at any stage if the patch is straightforward and
you need help or lack time. Please keep me in CC at all times so I can
track the progress of this request.

For details of this process and the rationale, please see the original
announcement [1] and my blog post [2].

0: debian-release@lists.debian.org
1: <201101232332.11736.thijs@debian.org>
2: http://deb.li/prsc

Thanks,

with his security hat on:
-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

[signature.asc (application/pgp-signature, inline)]

Message #49 received at 623868@bugs.debian.org (full text, mbox, reply):

From: Romain Francoise <rfrancoise@debian.org>

To: Jonathan Wiltshire <jmw@debian.org>

Cc: 623868@bugs.debian.org

Subject: Re: Bug#623868: (PRSC) Bug#623868: snapshot length corruption on live captures

Date: Wed, 06 Jul 2011 23:00:25 +0200

Hi,

Yes, I was planning a s-p-u upload to address this (and also #612803), but
the fix needs further changes to address #625443. Upstream made the
required changes in Git, I just have to backport them to our version.

Regarding an update in lenny: as far as I can tell the combination of
lenny's kernel (2.6.26) and pcap version (0.9.8) is not affected by this
bug so no upload is necessary.

Thanks,
-- 
Romain Francoise <rfrancoise@debian.org>
http://people.debian.org/~rfrancoise/

Message #54 received at 623868@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>

To: Romain Francoise <rfrancoise@debian.org>

Cc: 623868@bugs.debian.org

Subject: Re: Bug#623868: (PRSC) Bug#623868: snapshot length corruption on live captures

Date: Wed, 6 Jul 2011 22:22:09 +0100

[Message part 1 (text/plain, inline)]

On Wed, Jul 06, 2011 at 11:00:25PM +0200, Romain Francoise wrote:
> Yes, I was planning a s-p-u upload to address this (and also #612803), but
> the fix needs further changes to address #625443. Upstream made the
> required changes in Git, I just have to backport them to our version.

Great, thanks for taking care of it.

> Regarding an update in lenny: as far as I can tell the combination of
> lenny's kernel (2.6.26) and pcap version (0.9.8) is not affected by this
> bug so no upload is necessary.

Ok, I've updated the security tracker with this information.

> 
> Thanks,
> -- 
> Romain Francoise <rfrancoise@debian.org>
> http://people.debian.org/~rfrancoise/

Cheers,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

[signature.asc (application/pgp-signature, inline)]

Message #59 received at 623868-close@bugs.debian.org (full text, mbox, reply):

From: Romain Francoise <rfrancoise@debian.org>

To: 623868-close@bugs.debian.org

Subject: Bug#623868: fixed in libpcap 1.1.1-2+squeeze1

Date: Fri, 19 Aug 2011 13:52:32 +0000

Source: libpcap
Source-Version: 1.1.1-2+squeeze1

We believe that the bug you reported is fixed in the latest version of
libpcap, which is due to be installed in the Debian FTP archive:

libpcap-dev_1.1.1-2+squeeze1_all.deb
  to main/libp/libpcap/libpcap-dev_1.1.1-2+squeeze1_all.deb
libpcap0.8-dbg_1.1.1-2+squeeze1_amd64.deb
  to main/libp/libpcap/libpcap0.8-dbg_1.1.1-2+squeeze1_amd64.deb
libpcap0.8-dbg_1.1.1-2+squeeze1_i386.deb
  to main/libp/libpcap/libpcap0.8-dbg_1.1.1-2+squeeze1_i386.deb
libpcap0.8-dev_1.1.1-2+squeeze1_amd64.deb
  to main/libp/libpcap/libpcap0.8-dev_1.1.1-2+squeeze1_amd64.deb
libpcap0.8-dev_1.1.1-2+squeeze1_i386.deb
  to main/libp/libpcap/libpcap0.8-dev_1.1.1-2+squeeze1_i386.deb
libpcap0.8_1.1.1-2+squeeze1_amd64.deb
  to main/libp/libpcap/libpcap0.8_1.1.1-2+squeeze1_amd64.deb
libpcap0.8_1.1.1-2+squeeze1_i386.deb
  to main/libp/libpcap/libpcap0.8_1.1.1-2+squeeze1_i386.deb
libpcap_1.1.1-2+squeeze1.debian.tar.gz
  to main/libp/libpcap/libpcap_1.1.1-2+squeeze1.debian.tar.gz
libpcap_1.1.1-2+squeeze1.dsc
  to main/libp/libpcap/libpcap_1.1.1-2+squeeze1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 623868@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Romain Francoise <rfrancoise@debian.org> (supplier of updated libpcap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 10 Jul 2011 19:26:04 +0200
Source: libpcap
Binary: libpcap-dev libpcap0.8-dev libpcap0.8 libpcap0.8-dbg
Architecture: all amd64 i386 source
Version: 1.1.1-2+squeeze1
Distribution: stable
Urgency: low
Maintainer: Romain Francoise <rfrancoise@debian.org>
Changed-By: Romain Francoise <rfrancoise@debian.org>
Closes: 612803 623868
Description: 
 libpcap0.8-dbg - debugging symbols for libpcap0.8
 libpcap0.8-dev - development library and header files for libpcap0.8
 libpcap0.8 - system interface for user-level packet capture
 libpcap-dev - development library for libpcap (transitional package)
Changes: 
 libpcap (1.1.1-2+squeeze1) stable; urgency=low
 .
   * Backport changes from upstream to fix corruption of snapshot length on
     live captures (CVE-2011-1935) (closes: #623868).
   * Backport fix from upstream to fix device detection when the bonding
     module is loaded (closes: #612803).
Checksums-Sha1: 
 e183a3e013e5bbc3b5e4de855562e8daa44928f4 19168 libpcap-dev_1.1.1-2+squeeze1_all.deb
 52cff064f2657a1a6f019cbb73ae1869f795cc6d 238834 libpcap0.8-dev_1.1.1-2+squeeze1_amd64.deb
 10155408ed2ba2ceb68150bac83a5c6fd4b0ca06 130948 libpcap0.8_1.1.1-2+squeeze1_amd64.deb
 8f4d5e536b6b1e5b5dee8cdfbc05d6caf9e24963 139264 libpcap0.8-dbg_1.1.1-2+squeeze1_amd64.deb
 bdbbd3e48c3cf97391bad32e6b6ac2681d9e5cd7 225494 libpcap0.8-dev_1.1.1-2+squeeze1_i386.deb
 7d001dc12ea2d0352246115fb8f03c102b99de5c 125258 libpcap0.8_1.1.1-2+squeeze1_i386.deb
 74ec06e14380eb51cc5d07cc920af3b3826d841b 142694 libpcap0.8-dbg_1.1.1-2+squeeze1_i386.deb
 78319ee0f1c344acf34f78783f3358a273bd3b76 1293 libpcap_1.1.1-2+squeeze1.dsc
 98aa7cf55ccc7d14a51650cf90f899e7f5e690af 16834 libpcap_1.1.1-2+squeeze1.debian.tar.gz
Checksums-Sha256: 
 be544629af3f0c15e43a95a5e676093d61b6e614a9d5e6c76c52247e23b5a6fe 19168 libpcap-dev_1.1.1-2+squeeze1_all.deb
 de54e018b1aee3c620c76e59581db7b3769e1bb29417fea2b7d07e971e3d9cbb 238834 libpcap0.8-dev_1.1.1-2+squeeze1_amd64.deb
 223663614338f9886b493b725ae4ed991f0ef874dcebfcf90fc2ca339afda607 130948 libpcap0.8_1.1.1-2+squeeze1_amd64.deb
 67057afd093c425066765be6a37b7491af75edb011c2d6281f3664f7538a4ce5 139264 libpcap0.8-dbg_1.1.1-2+squeeze1_amd64.deb
 4a51adf733ff57ea861a27cd5a8149e3173fdb525622d4d7b579663e23267c96 225494 libpcap0.8-dev_1.1.1-2+squeeze1_i386.deb
 098026e09aeee4acc4c69844ee6a397f9b0ddbb5efa377c87d8be5c9b111cd8f 125258 libpcap0.8_1.1.1-2+squeeze1_i386.deb
 f5506f1482c874052267f6740acc11612a549778e58d16eba5e7d388a64cbbea 142694 libpcap0.8-dbg_1.1.1-2+squeeze1_i386.deb
 1f7a30d23b6b6b4b38baa9fbc4fe6cdd7852a6c73563fde7a2d7b64f891e782b 1293 libpcap_1.1.1-2+squeeze1.dsc
 be006c2d86ff3a18b55c11d6f6d9043d549ed3dbe4efe9a701101f5fc91bf51b 16834 libpcap_1.1.1-2+squeeze1.debian.tar.gz
Files: 
 d5a9c8c5c6d8e02704229eb4842356bf 19168 libdevel optional libpcap-dev_1.1.1-2+squeeze1_all.deb
 d36d495d8c0c7af3cf4924f12ed71bfc 238834 libdevel optional libpcap0.8-dev_1.1.1-2+squeeze1_amd64.deb
 7d06683fae2d8b7ac5b170110bd30ef1 130948 libs optional libpcap0.8_1.1.1-2+squeeze1_amd64.deb
 4ba51dd2ec268921447af9a280f82150 139264 debug extra libpcap0.8-dbg_1.1.1-2+squeeze1_amd64.deb
 f9bde569bd658b66816dab84e121b90f 225494 libdevel optional libpcap0.8-dev_1.1.1-2+squeeze1_i386.deb
 935f78f9c731c682f324571a038c2121 125258 libs optional libpcap0.8_1.1.1-2+squeeze1_i386.deb
 17f862532fcd77ff0308bc47be35e2bd 142694 debug extra libpcap0.8-dbg_1.1.1-2+squeeze1_i386.deb
 0384beeab77ffa914c4bff0a4a702488 1293 devel optional libpcap_1.1.1-2+squeeze1.dsc
 e0eccf117143a6f8f4004fc684a56966 16834 devel optional libpcap_1.1.1-2+squeeze1.debian.tar.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOTUpzogN2vsA8Vt8RAhrMAKDMa2Sjj/EMzpAflyrgIs6+XtCXiACfelpX
fYBw0bO2y2fVxWrmqXTHtRM=
=vLBQ
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.