Merge branch 'cves.2019.10.02' into 'master'

CVEs for 2019.10.02

See merge request adelie/packages!350

3 files changed, 39 insertions, 34 deletions

diff --git a/user/libpcap/APKBUILD b/user/libpcap/APKBUILD
index 77512f900..714e098f2 100644
--- a/user/libpcap/APKBUILD
+++ b/user/libpcap/APKBUILD
@@ -14,6 +14,15 @@ source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz
 	add-missing-header.patch
 	"
 
+# secfixes:
+#   1.9.1-r0:
+#     - CVE-2018-16301
+#     - CVE-2019-15161
+#     - CVE-2019-15162
+#     - CVE-2019-15163
+#     - CVE-2019-15164
+#     - CVE-2019-15165
+
 build() {
 	./configure \
 		--build=$CBUILD \
diff --git a/user/tcpdump/APKBUILD b/user/tcpdump/APKBUILD
index d273d4acc..f39d5c9d5 100644
--- a/user/tcpdump/APKBUILD
+++ b/user/tcpdump/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Natanael Copa <ncopa@alpinelinux.org>
 # Maintainer: Dan Theisen <djt@hxx.in>
 pkgname=tcpdump
-pkgver=4.9.2
-pkgrel=2
+pkgver=4.9.3
+pkgrel=0
 pkgdesc="A tool for network monitoring and data acquisition"
 url="http://www.tcpdump.org"
 arch="all"
@@ -11,7 +11,6 @@ depends=""
 makedepends="libpcap-dev openssl-dev perl"
 subpackages="$pkgname-doc"
 source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz
-	CVE-2017-16808.patch
 	CVE-2018-19519.patch
 	"
 
@@ -20,9 +19,35 @@ source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz
 #     - CVE-2018-19519
 #   4.9.2-r2:
 #     - CVE-2017-16808
+#   4.9.3-r0:
+#     - CVE-2018-10103
+#     - CVE-2018-10105
+#     - CVE-2018-14461
+#     - CVE-2018-14462
+#     - CVE-2018-14463
+#     - CVE-2018-14464
+#     - CVE-2018-14465
+#     - CVE-2018-14466
+#     - CVE-2018-14467
+#     - CVE-2018-14468
+#     - CVE-2018-14469
+#     - CVE-2018-14470
+#     - CVE-2018-14879
+#     - CVE-2018-14880
+#     - CVE-2018-14881
+#     - CVE-2018-14882
+#     - CVE-2018-16227
+#     - CVE-2018-16228
+#     - CVE-2018-16229
+#     - CVE-2018-16230
+#     - CVE-2018-16300
+#     - CVE-2018-16301
+#     - CVE-2018-16451
+#     - CVE-2018-16452
+#     - CVE-2019-15166
+#     - CVE-2019-15167
 
 build () {
-	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -34,16 +59,13 @@ build () {
 }
 
 check() {
-	cd "$builddir"
 	make check
 }
 
 package() {
-	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 	rm -f "$pkgdir"/usr/sbin/tcpdump.4*
 }
 
-sha512sums="e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b  tcpdump-4.9.2.tar.gz
-d7f4761bee96ec69cdb93602ea59518f238089967d1ede4e91d139febe0ffe0818d49ad19b96c741a379938c369952405dadd3be2766b6524c43c70066cb4fc4  CVE-2017-16808.patch
+sha512sums="3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22  tcpdump-4.9.3.tar.gz
 eb4232e434064ec59b07840aa394cfcc05c89e817f2d4ebeb4da1dbb1c910fe1805857356d6304ebdb16e32aa6476ce90f164aabc60501b493fd5601b380af7e  CVE-2018-19519.patch"
diff --git a/user/tcpdump/CVE-2017-16808.patch b/user/tcpdump/CVE-2017-16808.patch
deleted file mode 100644
index 6b41aad8c..000000000
--- a/user/tcpdump/CVE-2017-16808.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 28f610026d901660dd370862b62ec328727446a2 Mon Sep 17 00:00:00 2001
-From: Denis Ovsienko <denis@ovsienko.info>
-Date: Thu, 31 Aug 2017 21:15:37 +0100
-Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check.
-
-In aoev1_reserve_print() check bounds before trying to print an Ethernet
-address.
-
-This fixes a buffer over-read discovered by Bhargava Shastry,
-SecT/TU Berlin.
----
- print-aoe.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/print-aoe.c b/print-aoe.c
-index 97e93df2e..2c78a55d3 100644
---- a/print-aoe.c
-+++ b/print-aoe.c
-@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo,
- 		goto invalid;
- 	/* addresses */
- 	for (i = 0; i < nmacs; i++) {
-+		ND_TCHECK2(*cp, ETHER_ADDR_LEN);
- 		ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp)));
- 		cp += ETHER_ADDR_LEN;
- 	}