diff -Nur acidlab-0.9.6b20/debian/acid_conf.php-0.9.6b20-10 acidlab-0.9.6b20-matt/debian/acid_conf.php-0.9.6b20-10
--- acidlab-0.9.6b20/debian/acid_conf.php-0.9.6b20-10	1970-01-01 12:00:00.000000000 +1200
+++ acidlab-0.9.6b20-matt/debian/acid_conf.php-0.9.6b20-10	2006-02-13 23:28:16.000000000 +1300
@@ -0,0 +1,275 @@
+<?php
+
+$ACID_VERSION = "0.9.6b20-5.1";
+
+/* Path to the DB abstraction library 
+ *  (Note: DO NOT include a trailing backslash after the directory)
+ *   e.g. $foo = "/tmp"      [OK]
+ *        $foo = "/tmp/"     [OK]
+ *        $foo = "c:\tmp"    [OK]
+ *        $foo = "c:\tmp\"   [WRONG]
+ */
+$DBlib_path = "/usr/share/adodb";
+
+/* The type of underlying alert database
+ * 
+ *  MySQL       : "mysql"
+ *  PostgresSQL : "postgres"
+ *  MS SQL Server : "mssql"
+ */
+$DBtype = "DBTYPE";
+
+/* Alert DB connection parameters
+ *   - $alert_dbname   : MySQL database name of Snort alert DB
+ *   - $alert_host     : host on which the DB is stored
+ *   - $alert_port     : port on which to access the DB
+ *   - $alert_user     : login to the database with this user
+ *   - $alert_password : password of the DB user
+ *
+ *  This information can be gleaned from the Snort database
+ *  output plugin configuration.
+ */
+$alert_dbname   = "ALERT_NAME";
+$alert_host     = "ALERT_HOST";
+$alert_port     = "ALERT_PORT";
+$alert_user     = "ALERT_USER";
+$alert_password = "ALERT_PASSWORD";
+
+/* Archive DB connection parameters */
+$archive_dbname   = "ARCHIVE_NAME";
+$archive_host     = "ARCHIVE_HOST";
+$archive_port     = "ARCHIVE_PORT";
+$archive_user     = "ARCHIVE_USER";
+$archive_password = "ARCHIVE_PASSWORD";
+
+/* Type of DB connection to use
+ *   1  : use a persistant connection (pconnect)
+ *   2  : use a normal connection (connect)
+ */
+$db_connect_method = 1;
+
+/* Use referential integrity
+ *   1  : use
+ *   0  : ignore (not installed)
+ *
+ * Note: Only PostgreSQL and MS-SQL Server databases support
+ *       referential integrity.  Use the associated
+ *       create_acid_tbls_?_extra.sql script to add this
+ *       functionality to the database.
+ *
+ *       Referential integrity will greatly improve the
+ *       speed of record deletion, but also slow record
+ *       insertion.
+ */
+$use_referential_integrity = 0;
+
+/* Path to the graphing library 
+ *  (Note: DO NOT include a trailing backslash after the directory)
+ */
+$ChartLib_path = "/usr/share/phplot";
+
+/* File format of charts ('png', 'jpeg', 'gif') */
+$chart_file_format = "png";
+
+/* Chart default colors - (red, green, blue)
+ *    - $chart_bg_color_default    : background color of chart
+ *    - $chart_lgrid_color_default : gridline color of chart
+ *    - $chart_bar_color_default   : bar/line color of chart
+ */
+$chart_bg_color_default     = array(255,255,255);
+$chart_lgrid_color_default  = array(205,205,205);
+$chart_bar_color_default    = array(190, 5, 5);
+
+/* Maximum number of rows per criteria element */
+$MAX_ROWS = 10;
+
+/* Number of rows to display for any query results */
+$show_rows = 50;
+
+/* Number of items to return during a snapshot
+ *  Last _X_ # of alerts/unique alerts/ports/IP
+ */
+$last_num_alerts = 15;
+$last_num_ualerts = 15;
+$last_num_uports = 15;
+$last_num_uaddr = 15;
+
+/* Number of items to return during a snapshot
+ *  Most Frequent unique alerts/IPs/ports
+ */
+$freq_num_alerts = 5;
+$freq_num_uaddr = 15;
+$freq_num_uports = 15;
+
+/* Number of scroll buttons to use when displaying query results */
+$max_scroll_buttons = 12;
+
+/* Debug mode     - how much debugging information should be shown
+ * Timing mode    - display timing information
+ * SQL trace mode - log SQL statements
+ *   0 : no extra information
+ *   1 : debugging information
+ *   2 : extended debugging information
+ *
+ * HTML no cache - whether a no-cache directive should be sent
+ *                 to the browser (should be = 1 for IE)
+ * 
+ * SQL trace file - file to log SQL traces
+ */
+$debug_mode = 0;
+$debug_time_mode = 1;
+$html_no_cache = 1;
+$sql_trace_mode = 0;
+$sql_trace_file = "";
+
+/* Auto-Screen refresh
+ * - Refresh_Stat_Page - Should certain statistics pages refresh?
+ * - Stat_Page_Refresh_Time - refresh interval (in seconds)
+ */
+$refresh_stat_page = 1;
+$stat_page_refresh_time = 180;
+
+/* Display First/Previous/Last timestamps for alerts or
+ * just First/Last on the Unique Alert listing.
+ *    1: yes
+ *    0: no
+ */
+$show_previous_alert = 0;
+
+/* Sets maximum execution time (in seconds) of any particular page. 
+ * Note: this overrides the PHP configuration file variable 
+ *       max_execution_time.  Thus script can run for a total of
+ *       ($max_script_runtime + max_execution_time) seconds 
+ */
+$max_script_runtime = 180;
+
+/* How should the IP address criteria be entered in the Search screen?
+ *   1 : each octet is a separate field
+ *   2 : entire address is as a single field
+ */
+$ip_address_input = 2;
+
+/* Should a combo box with possible signatures be displayed on the
+ * search form. (Requires Javascript)
+ *   0 : disabled
+ *   1 : show only non pre-processor signatures (e.g., ignore portscans)
+ *   2 : show all signatures
+ */
+$use_sig_list = 0;
+
+/* Resolve IP to FQDN (on certain queries?) 
+ *    1 : yes
+ *    0 : no 
+ */
+$resolve_IP = 1;
+
+/* Should summary stats be calculated on every Query Results page
+ * (Enabling this option will slow page loading time)
+ */
+$show_summary_stats = 0;
+
+/* DNS cache lifetime (in minutes) */
+$dns_cache_lifetime = 20160;
+
+/* Whois information cache lifetime (in minutes) */
+$whois_cache_lifetime = 40320;
+
+/* Snort spp_portscan log file */
+$portscan_file = "";
+
+/* Event cache Auto-update
+ *
+ *  Should the event cache be verified and updated on every
+ *  page log?  Otherwise, the cache will have to be explicitly
+ *  updated from the 'cache and status' page.
+ *
+ *  Note: enabling this option could substantially slow down
+ *  the page loading time when there are many uncached alerts.
+ *  However, this is only a one-time penalty.
+ *
+ *   1 : yes
+ *   0 : no
+ */
+$event_cache_auto_update = 1;
+
+/* Maintain a history of the visited pages so that the "Back"
+ * button can be used.
+ *
+ * Note: Enabling this option will cause the PHP-session to
+ * grow substantially after many pages have been viewed causing
+ * a slow down in page loading time. Periodically return to the
+ * main page to clear the history.
+ *
+ *   1 : yes
+ *   0 : no
+ */
+$maintain_history = 1;
+
+/* Level of detail to display on the main page.
+ *
+ * Note: The presence of summary statistics will slow page loading time
+ *
+ *   1 : show both the links and summary statistics
+ *   0 : show only the links and a count of the number of alerts
+ */
+$main_page_detail = 1;
+
+/*
+ * External URLs
+ */
+
+/* Whois query */
+$external_whois_link = "http://www.samspade.org/t/ipwhois?a=";
+//$external_whois_link = "http://www.geektools.com/cgi-bin/proxy.cgi?targetnic=auto&query="
+
+ /* DNS query */
+$external_dns_link = "http://www.samspade.org/t/dns?a=";
+
+/* SamSpade "all" query */
+$external_all_link = "http://www.samspade.org/t/lookat?a=";
+
+/* TCP/UDP port database */
+$external_port_link = "http://www.snort.org/ports.html?port=";
+//$external_port_link = "http://www.portsdb.org/bin/portsdb.cgi?portnumber=";
+
+/* Signature references */
+$external_sig_link = array("bugtraq"   => array("http://www.securityfocus.com/bid/", ""),
+                           "snort"     => array("http://www.snort.org/snort-db/sid.html?sid=", ""),
+                           "cve"       => array("http://cve.mitre.org/cgi-bin/cvename.cgi?name=", ""),
+                           "nessus"       => array("http://cgi.nessus.org/plugins/dump.php3?id=", ""),
+                           "arachnids" => array("http://www.whitehats.com/info/ids", ""),
+                           "mcafee"    => array("http://vil.nai.com/vil/content/v_", ".htm"),
+                           "icat"      => array("http://icat.nist.gov/icat.cfm?cvename=", ""));
+
+/* Email Alert action
+ *
+ * - action_email_from : email address to use in the FROM field of the mail message
+ * - action_email_subject : subject to use for the mail message
+ * - action_email_msg : additional text to include in the body of the mail message
+ * - action_email_mode : specifies how the alert information should be enclosed
+ *     0 : alerts should be in the body of the message
+ *     1 : alerts should be enclosed in an attachment
+ */
+$action_email_from = "ACID Alert <acid>";
+$action_email_subject = "ACID Incident Report";
+$action_email_msg = "";
+$action_email_mode = 0;
+
+/* Custom (user) PHP session handlers
+ *
+ * - use_user_session : sets whether user PHP session can be used (configured
+ *                      with the session.save_handler variable in php.ini)
+ *      0 : no
+ *      1 : yes (assuming that 'user_session_path' and 'user_session_function'
+ *               are configured correctly)
+ * - user_session_path : file to include that implements the custom PHP session
+ *                       handler
+ * - user_session_function : function to invoke in the custom session
+ *                           implementation that will register the session handler
+ *                           functions
+ */
+$use_user_session = 0;
+$user_session_path = "";
+$user_session_function = "";
+
+?>
diff -Nur acidlab-0.9.6b20/debian/changelog acidlab-0.9.6b20-matt/debian/changelog
--- acidlab-0.9.6b20/debian/changelog	2006-02-13 23:28:31.000000000 +1300
+++ acidlab-0.9.6b20-matt/debian/changelog	2006-02-13 23:28:16.000000000 +1300
@@ -1,3 +1,16 @@
+acidlab (0.9.6b20-13.1) unstable; urgency=low
+
+  * Non-maintainer upload
+  * Fixed incorrect handling of /etc/acidlab/acid_conf.php (Closes: #337992)
+    - acid_conf.php cannot be a conffile as the maintainer scripts modify it
+    - Added dependency on ucf and use that to manage acid_conf.php
+    - Attempt to recreate previous 'unmodified' acid_conf.php from the 
+      0.9.6b20-10 package and use its md5sum to prevent unccessary prompting
+      if possible. This should make sarge -> etch upgrades go smoothly if 
+      the user has not modified the conf file.
+      
+ -- Matt Brown <debian@mattb.net.nz>  Mon, 13 Feb 2006 23:12:43 +1300
+
 acidlab (0.9.6b20-13) unstable; urgency=high
 
   * Patch [013] SECURITY fix:
diff -Nur acidlab-0.9.6b20/debian/control acidlab-0.9.6b20-matt/debian/control
--- acidlab-0.9.6b20/debian/control	2006-02-13 23:28:31.000000000 +1300
+++ acidlab-0.9.6b20-matt/debian/control	2006-02-13 23:28:16.000000000 +1300
@@ -22,7 +22,7 @@
 
 Package: acidlab
 Architecture: all
-Depends: php4 | php3 | php4-cli | php3-cgi, php4-gd | php3-gd | php3-cgi-gd, apache | httpd, wwwconfig-common (>= 0.0.7), libphp-phplot (>= 4.4.6-3), libphp-adodb (>= 4.50-1), debconf | debconf-2.0, acidlab-pgsql | acidlab-mysql
+Depends: php4 | php3 | php4-cli | php3-cgi, php4-gd | php3-gd | php3-cgi-gd, apache | httpd, wwwconfig-common (>= 0.0.7), libphp-phplot (>= 4.4.6-3), libphp-adodb (>= 4.50-1), debconf | debconf-2.0, acidlab-pgsql | acidlab-mysql, ucf
 Suggests: snort-mysql | snort-pgsql
 Description: Analysis Console for Intrusion Databases
  The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis
diff -Nur acidlab-0.9.6b20/debian/packages acidlab-0.9.6b20-matt/debian/packages
--- acidlab-0.9.6b20/debian/packages	2006-02-13 23:28:31.000000000 +1300
+++ acidlab-0.9.6b20-matt/debian/packages	2006-02-13 23:28:16.000000000 +1300
@@ -65,7 +65,7 @@
 
 Package: acidlab
 Architecture: all
-Depends: php4 | php3 | php4-cli | php3-cgi, php4-gd | php3-gd | php3-cgi-gd, apache | httpd, wwwconfig-common (>= 0.0.7), libphp-phplot (>= 4.4.6-3), libphp-adodb (>= 4.50-1), debconf | debconf-2.0, acidlab-pgsql | acidlab-mysql
+Depends: php4 | php3 | php4-cli | php3-cgi, php4-gd | php3-gd | php3-cgi-gd, apache | httpd, wwwconfig-common (>= 0.0.7), libphp-phplot (>= 4.4.6-3), libphp-adodb (>= 4.50-1), debconf | debconf-2.0, acidlab-pgsql | acidlab-mysql, ucf
 Suggests: snort-mysql | snort-pgsql 
 Description: Analysis Console for Intrusion Databases
  The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis 
@@ -107,15 +107,13 @@
  yada install -data -into /usr/share/acidlab *.php *.html *.css *.sql *.inc
  yada install -dir /etc/acidlab
  rm -f $ROOT/usr/share/acidlab/acid_conf.php 
- yada install -conffile -into /etc/acidlab acid_conf.php 
  ln -s /etc/acidlab/acid_conf.php $ROOT/usr/share/acidlab/acid_conf.php
+ yada install -into /usr/share/acidlab -as acid_conf.dist acid_conf.php 
+ yada install -into /usr/share/acidlab -as acid_conf-0.9.6b20-10.dist debian/acid_conf.php-0.9.6b20-10
  yada install -conffile -subdir acidlab -as apache.conf debian/acidlab.apache.conf
  yada install -doc README README.mssql TODO CREDITS html-doc/*html* html-doc/*gif* html-doc/*jpg*
  yada install -doc -as changelog CHANGELOG
  yada install -doc -as README.Debian debian/README
-Finalize: sh
- chown root:www-data $ROOT/etc/acidlab/acid_conf.php
- chmod 0640 $ROOT/etc/acidlab/acid_conf.php
 Templates:
  Template: acidlab/webserver
  Type: select
@@ -285,10 +283,33 @@
  s@ARCHIVE_USER@$archive_user@
  s@ARCHIVE_PASSWORD@$archive_password@
  EOF
-     cat /etc/acidlab/acid_conf.php | sed -f /etc/acidlab/acidlab$$.conf \
-         > /etc/acidlab/acid_conf.php.$$ && mv /etc/acidlab/acid_conf.php.$$ \
-         /etc/acidlab/acid_conf.php
-     rm -f /etc/acidlab/acidlab$$.conf
+     # If we're upgrading from 0.9.6b20-13 or earlier deal with acid_conf.php
+     # which was mistakenly marked as a conffile!
+      if [ "$2" != "" -a "$2" != "<>" ]; then
+         if /usr/bin/dpkg --compare-versions "$2" lt "0.9.6b20-13.1"; then
+             # Try our best to recreate the old 'unmodified' conffile with
+             # only the DB parameters substituted in
+             cat /usr/share/acidlab/acid_conf-0.9.6b20-10.dist | \
+                 sed -f /etc/acidlab/acidlab$$.conf > \
+                 /etc/acidlab/acid_conf-10.php.$$
+             # Save an MD5sum of it for ucf to use
+             /usr/bin/md5sum /etc/acidlab/acid_conf-10.php.$$ | \
+                 sed 's/  .*/ 0.9.6b20-10/' > /etc/acidlab/acid_conf.php.md5sum
+             # Clean up
+             rm -f /etc/acidlab/acid_conf-10.php.$$
+         fi
+     fi
+     # Ensure md5sum file exists
+     touch /etc/acidlab/acid_conf.php.md5sum
+     # Generate new config file
+     cat /usr/share/acidlab/acid_conf.dist | \
+     	 sed -f /etc/acidlab/acidlab$$.conf > \
+	 /etc/acidlab/acid_conf.php.$$ &&  \
+         /usr/bin/ucf --sum-file /etc/acidlab/acid_conf.php.md5sum \
+	 /etc/acidlab/acid_conf.php.$$ \
+         /etc/acidlab/acid_conf.php </dev/tty >/dev/tty
+     rm -f /etc/acidlab/acidlab$$.conf &>/dev/null 
+     rm -f /etc/acidlab/acid_conf.php.$$ &>/dev/null
  fi
  chmod 0640 /etc/acidlab/acid_conf.php
  chown root:www-data /etc/acidlab/acid_conf.php
@@ -313,6 +334,11 @@
                  restart="$restart $server"
              fi
          done
+         # Clean up ucf 
+         rm -f /etc/acidlab/acid_conf.php
+         ucf --purge /etc/acidlab/acid_conf.php
+         rm -f /etc/acidlab/acid_conf.php.md5sum
+         # Clean up directory
          test -d /etc/acidlab && rm -rf /etc/acidlab
      fi
  .
diff -Nur acidlab-0.9.6b20/debian/rules acidlab-0.9.6b20-matt/debian/rules
--- acidlab-0.9.6b20/debian/rules	2006-02-13 23:28:31.000000000 +1300
+++ acidlab-0.9.6b20-matt/debian/rules	2006-02-13 23:28:16.000000000 +1300
@@ -271,8 +271,9 @@
 	echo -E 'yada install -data -into /usr/share/acidlab *.php *.html *.css *.sql *.inc';\
 	echo -E 'yada install -dir /etc/acidlab';\
 	echo -E 'rm -f $$ROOT/usr/share/acidlab/acid_conf.php';\
-	echo -E 'yada install -conffile -into /etc/acidlab acid_conf.php';\
 	echo -E 'ln -s /etc/acidlab/acid_conf.php $$ROOT/usr/share/acidlab/acid_conf.php';\
+	echo -E 'yada install -into /usr/share/acidlab -as acid_conf.dist acid_conf.php';\
+	echo -E 'yada install -into /usr/share/acidlab -as acid_conf-0.9.6b20-10.dist debian/acid_conf.php-0.9.6b20-10';\
 	echo -E 'yada install -conffile -subdir acidlab -as apache.conf debian/acidlab.apache.conf';\
 	echo -E 'yada install -doc README README.mssql TODO CREDITS html-doc/*html* html-doc/*gif* html-doc/*jpg*';\
 	echo -E 'yada install -doc -as changelog CHANGELOG';\
@@ -349,23 +350,6 @@
 	@[ -f $(shell which yada) -a -f debian/rules ]
 	chown -R 0.0 debian/tmp-acidlab
 	chmod -R u=rwX,go=rX debian/tmp-acidlab
-	@umask 022 \
-	  && export pwd="$$(pwd)" \
-	  && export ROOT="$$(pwd)/debian/tmp-acidlab" \
-	  && export TMPROOT="$$(pwd)/debian/tmp" \
-	  && export CONTROL="$$(pwd)/debian/tmp-acidlab/DEBIAN" \
-	  && export PACKAGE="acidlab" \
-	  && export SOURCE="acidlab" \
-	  && export VERSION="$(VERSION)" \
-	  && export DEB_HOST_GNU_CPU="$(DEB_HOST_GNU_CPU)" \
-	  && export DEB_HOST_GNU_TYPE="$(DEB_HOST_GNU_TYPE)" \
-	  && export DEB_HOST_GNU_SYSTEM="$(DEB_HOST_GNU_SYSTEM)" \
-	  && export DEB_BUILD_GNU_CPU="$(DEB_BUILD_GNU_CPU)" \
-	  && export DEB_BUILD_GNU_TYPE="$(DEB_BUILD_GNU_TYPE)" \
-	  && export DEB_BUILD_GNU_SYSTEM="$(DEB_BUILD_GNU_SYSTEM)" && (\
-	echo -E 'eval "yada () { perl $$(which yada) \"\$$@\"; }"; set -e; set -v';\
-	echo -E 'chown root:www-data $$ROOT/etc/acidlab/acid_conf.php';\
-	echo -E 'chmod 0640 $$ROOT/etc/acidlab/acid_conf.php') | /bin/sh
 	@if [ -d debian/tmp-acidlab/usr/doc/acidlab ]; then \
 	  echo "*** Yada warning: /usr/doc/acidlab should be /usr/share/doc/acidlab";\
 	fi