summaryrefslogtreecommitdiff
path: root/user/tcpdump
diff options
context:
space:
mode:
Diffstat (limited to 'user/tcpdump')
-rw-r--r--user/tcpdump/APKBUILD45
-rw-r--r--user/tcpdump/CVE-2017-16808.patch26
-rw-r--r--user/tcpdump/CVE-2018-19519.patch10
-rw-r--r--user/tcpdump/rm-vendor-specific-tests.patch34
4 files changed, 68 insertions, 47 deletions
diff --git a/user/tcpdump/APKBUILD b/user/tcpdump/APKBUILD
index d273d4acc..81b99632b 100644
--- a/user/tcpdump/APKBUILD
+++ b/user/tcpdump/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Dan Theisen <djt@hxx.in>
pkgname=tcpdump
-pkgver=4.9.2
-pkgrel=2
+pkgver=4.99.1
+pkgrel=0
pkgdesc="A tool for network monitoring and data acquisition"
url="http://www.tcpdump.org"
arch="all"
@@ -11,18 +11,44 @@ depends=""
makedepends="libpcap-dev openssl-dev perl"
subpackages="$pkgname-doc"
source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz
- CVE-2017-16808.patch
- CVE-2018-19519.patch
- "
+ rm-vendor-specific-tests.patch"
# secfixes:
+# 4.99.1-r0:
+# - CVE-2020-8037
# 4.9.2-r1:
# - CVE-2018-19519
# 4.9.2-r2:
# - CVE-2017-16808
+# 4.9.3-r0:
+# - CVE-2018-10103
+# - CVE-2018-10105
+# - CVE-2018-14461
+# - CVE-2018-14462
+# - CVE-2018-14463
+# - CVE-2018-14464
+# - CVE-2018-14465
+# - CVE-2018-14466
+# - CVE-2018-14467
+# - CVE-2018-14468
+# - CVE-2018-14469
+# - CVE-2018-14470
+# - CVE-2018-14879
+# - CVE-2018-14880
+# - CVE-2018-14881
+# - CVE-2018-14882
+# - CVE-2018-16227
+# - CVE-2018-16228
+# - CVE-2018-16229
+# - CVE-2018-16230
+# - CVE-2018-16300
+# - CVE-2018-16301
+# - CVE-2018-16451
+# - CVE-2018-16452
+# - CVE-2019-15166
+# - CVE-2019-15167
build () {
- cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -34,16 +60,13 @@ build () {
}
check() {
- cd "$builddir"
make check
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
rm -f "$pkgdir"/usr/sbin/tcpdump.4*
}
-sha512sums="e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b tcpdump-4.9.2.tar.gz
-d7f4761bee96ec69cdb93602ea59518f238089967d1ede4e91d139febe0ffe0818d49ad19b96c741a379938c369952405dadd3be2766b6524c43c70066cb4fc4 CVE-2017-16808.patch
-eb4232e434064ec59b07840aa394cfcc05c89e817f2d4ebeb4da1dbb1c910fe1805857356d6304ebdb16e32aa6476ce90f164aabc60501b493fd5601b380af7e CVE-2018-19519.patch"
+sha512sums="53d31355e1a6ef5a65bb3bf72454169fc80adf973a327a5768840e6ccf0550fbeb3c8a41f959635076d871df0619680321910a3a97879607f481cdaa8b7ceda7 tcpdump-4.99.1.tar.gz
+83e731c2c253e69a9fb5d2d42abbe8cc6439d3d9dadd2e412ed0e2a83d820228a1f4018fa1627568c723d376562a85bd099dd2738fd79dcc63abcfc8306fece3 rm-vendor-specific-tests.patch"
diff --git a/user/tcpdump/CVE-2017-16808.patch b/user/tcpdump/CVE-2017-16808.patch
deleted file mode 100644
index 6b41aad8c..000000000
--- a/user/tcpdump/CVE-2017-16808.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 28f610026d901660dd370862b62ec328727446a2 Mon Sep 17 00:00:00 2001
-From: Denis Ovsienko <denis@ovsienko.info>
-Date: Thu, 31 Aug 2017 21:15:37 +0100
-Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check.
-
-In aoev1_reserve_print() check bounds before trying to print an Ethernet
-address.
-
-This fixes a buffer over-read discovered by Bhargava Shastry,
-SecT/TU Berlin.
----
- print-aoe.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/print-aoe.c b/print-aoe.c
-index 97e93df2e..2c78a55d3 100644
---- a/print-aoe.c
-+++ b/print-aoe.c
-@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo,
- goto invalid;
- /* addresses */
- for (i = 0; i < nmacs; i++) {
-+ ND_TCHECK2(*cp, ETHER_ADDR_LEN);
- ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp)));
- cp += ETHER_ADDR_LEN;
- }
diff --git a/user/tcpdump/CVE-2018-19519.patch b/user/tcpdump/CVE-2018-19519.patch
deleted file mode 100644
index ac3293927..000000000
--- a/user/tcpdump/CVE-2018-19519.patch
+++ /dev/null
@@ -1,10 +0,0 @@
---- tcpdump-4.9.2/print-hncp.c.old 2017-09-03 23:17:14.000000000 +0000
-+++ tcpdump-4.9.2/print-hncp.c 2018-12-07 19:31:24.360000000 +0000
-@@ -228,6 +228,7 @@
- snprintf(buf, sizeof(buf), "%s/%d", ipaddr_string(ndo, &addr), plen);
- plenbytes += 1 + IPV4_MAPPED_HEADING_LEN;
- } else {
-+ buf[0] = '\0';
- plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf));
- }
-
diff --git a/user/tcpdump/rm-vendor-specific-tests.patch b/user/tcpdump/rm-vendor-specific-tests.patch
new file mode 100644
index 000000000..234124b00
--- /dev/null
+++ b/user/tcpdump/rm-vendor-specific-tests.patch
@@ -0,0 +1,34 @@
+--- ./tests/TESTLIST 2021-10-04 13:24:39.359685770 +0000
++++ ./tests/TESTLIST 2021-10-04 13:26:27.408368225 +0000
+@@ -36,24 +36,24 @@
+ bgp-rt-prefix bgp-rt-prefix.pcap bgp-rt-prefix.out -v
+
+ # Broadcom tag tests
+-brcmtag brcm-tag.pcap brcm-tag.out
+-brcmtag-e brcm-tag.pcap brcm-tag-e.out -e
+-brcmtagprepend brcm-tag-prepend.pcap brcm-tag-prepend.out -e
++#brcmtag brcm-tag.pcap brcm-tag.out
++#brcmtag-e brcm-tag.pcap brcm-tag-e.out -e
++#brcmtagprepend brcm-tag-prepend.pcap brcm-tag-prepend.out -e
+
+ # Broadcom LI
+ bcm-li bcm-li.pcap bcm-li.out
+ bcm-li-v bcm-li.pcap bcm-li-v.out -v
+
+ # Marvell DSA tag tests
+-dsa dsa.pcap dsa.out
+-dsa-e dsa.pcap dsa-e.out -e
++#dsa dsa.pcap dsa.out
++#dsa-e dsa.pcap dsa-e.out -e
+
+ # EAP tests
+ # now in smb.tests
+
+ # Marvell DSA tag tests
+-edsa edsa.pcap edsa.out
+-edsa-e edsa.pcap edsa-e.out -e
++#edsa edsa.pcap edsa.out
++#edsa-e edsa.pcap edsa-e.out -e
+
+ # ESP tests
+ esp0 02-sunrise-sunset-esp.pcap esp0.out