diff options
Diffstat (limited to 'user/tcpdump')
-rw-r--r-- | user/tcpdump/APKBUILD | 45 | ||||
-rw-r--r-- | user/tcpdump/CVE-2017-16808.patch | 26 | ||||
-rw-r--r-- | user/tcpdump/CVE-2018-19519.patch | 10 | ||||
-rw-r--r-- | user/tcpdump/rm-vendor-specific-tests.patch | 34 |
4 files changed, 68 insertions, 47 deletions
diff --git a/user/tcpdump/APKBUILD b/user/tcpdump/APKBUILD index d273d4acc..81b99632b 100644 --- a/user/tcpdump/APKBUILD +++ b/user/tcpdump/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Natanael Copa <ncopa@alpinelinux.org> # Maintainer: Dan Theisen <djt@hxx.in> pkgname=tcpdump -pkgver=4.9.2 -pkgrel=2 +pkgver=4.99.1 +pkgrel=0 pkgdesc="A tool for network monitoring and data acquisition" url="http://www.tcpdump.org" arch="all" @@ -11,18 +11,44 @@ depends="" makedepends="libpcap-dev openssl-dev perl" subpackages="$pkgname-doc" source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz - CVE-2017-16808.patch - CVE-2018-19519.patch - " + rm-vendor-specific-tests.patch" # secfixes: +# 4.99.1-r0: +# - CVE-2020-8037 # 4.9.2-r1: # - CVE-2018-19519 # 4.9.2-r2: # - CVE-2017-16808 +# 4.9.3-r0: +# - CVE-2018-10103 +# - CVE-2018-10105 +# - CVE-2018-14461 +# - CVE-2018-14462 +# - CVE-2018-14463 +# - CVE-2018-14464 +# - CVE-2018-14465 +# - CVE-2018-14466 +# - CVE-2018-14467 +# - CVE-2018-14468 +# - CVE-2018-14469 +# - CVE-2018-14470 +# - CVE-2018-14879 +# - CVE-2018-14880 +# - CVE-2018-14881 +# - CVE-2018-14882 +# - CVE-2018-16227 +# - CVE-2018-16228 +# - CVE-2018-16229 +# - CVE-2018-16230 +# - CVE-2018-16300 +# - CVE-2018-16301 +# - CVE-2018-16451 +# - CVE-2018-16452 +# - CVE-2019-15166 +# - CVE-2019-15167 build () { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -34,16 +60,13 @@ build () { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install rm -f "$pkgdir"/usr/sbin/tcpdump.4* } -sha512sums="e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b tcpdump-4.9.2.tar.gz -d7f4761bee96ec69cdb93602ea59518f238089967d1ede4e91d139febe0ffe0818d49ad19b96c741a379938c369952405dadd3be2766b6524c43c70066cb4fc4 CVE-2017-16808.patch -eb4232e434064ec59b07840aa394cfcc05c89e817f2d4ebeb4da1dbb1c910fe1805857356d6304ebdb16e32aa6476ce90f164aabc60501b493fd5601b380af7e CVE-2018-19519.patch" +sha512sums="53d31355e1a6ef5a65bb3bf72454169fc80adf973a327a5768840e6ccf0550fbeb3c8a41f959635076d871df0619680321910a3a97879607f481cdaa8b7ceda7 tcpdump-4.99.1.tar.gz +83e731c2c253e69a9fb5d2d42abbe8cc6439d3d9dadd2e412ed0e2a83d820228a1f4018fa1627568c723d376562a85bd099dd2738fd79dcc63abcfc8306fece3 rm-vendor-specific-tests.patch" diff --git a/user/tcpdump/CVE-2017-16808.patch b/user/tcpdump/CVE-2017-16808.patch deleted file mode 100644 index 6b41aad8c..000000000 --- a/user/tcpdump/CVE-2017-16808.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 28f610026d901660dd370862b62ec328727446a2 Mon Sep 17 00:00:00 2001 -From: Denis Ovsienko <denis@ovsienko.info> -Date: Thu, 31 Aug 2017 21:15:37 +0100 -Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check. - -In aoev1_reserve_print() check bounds before trying to print an Ethernet -address. - -This fixes a buffer over-read discovered by Bhargava Shastry, -SecT/TU Berlin. ---- - print-aoe.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/print-aoe.c b/print-aoe.c -index 97e93df2e..2c78a55d3 100644 ---- a/print-aoe.c -+++ b/print-aoe.c -@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo, - goto invalid; - /* addresses */ - for (i = 0; i < nmacs; i++) { -+ ND_TCHECK2(*cp, ETHER_ADDR_LEN); - ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp))); - cp += ETHER_ADDR_LEN; - } diff --git a/user/tcpdump/CVE-2018-19519.patch b/user/tcpdump/CVE-2018-19519.patch deleted file mode 100644 index ac3293927..000000000 --- a/user/tcpdump/CVE-2018-19519.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- tcpdump-4.9.2/print-hncp.c.old 2017-09-03 23:17:14.000000000 +0000 -+++ tcpdump-4.9.2/print-hncp.c 2018-12-07 19:31:24.360000000 +0000 -@@ -228,6 +228,7 @@ - snprintf(buf, sizeof(buf), "%s/%d", ipaddr_string(ndo, &addr), plen); - plenbytes += 1 + IPV4_MAPPED_HEADING_LEN; - } else { -+ buf[0] = '\0'; - plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf)); - } - diff --git a/user/tcpdump/rm-vendor-specific-tests.patch b/user/tcpdump/rm-vendor-specific-tests.patch new file mode 100644 index 000000000..234124b00 --- /dev/null +++ b/user/tcpdump/rm-vendor-specific-tests.patch @@ -0,0 +1,34 @@ +--- ./tests/TESTLIST 2021-10-04 13:24:39.359685770 +0000 ++++ ./tests/TESTLIST 2021-10-04 13:26:27.408368225 +0000 +@@ -36,24 +36,24 @@ + bgp-rt-prefix bgp-rt-prefix.pcap bgp-rt-prefix.out -v + + # Broadcom tag tests +-brcmtag brcm-tag.pcap brcm-tag.out +-brcmtag-e brcm-tag.pcap brcm-tag-e.out -e +-brcmtagprepend brcm-tag-prepend.pcap brcm-tag-prepend.out -e ++#brcmtag brcm-tag.pcap brcm-tag.out ++#brcmtag-e brcm-tag.pcap brcm-tag-e.out -e ++#brcmtagprepend brcm-tag-prepend.pcap brcm-tag-prepend.out -e + + # Broadcom LI + bcm-li bcm-li.pcap bcm-li.out + bcm-li-v bcm-li.pcap bcm-li-v.out -v + + # Marvell DSA tag tests +-dsa dsa.pcap dsa.out +-dsa-e dsa.pcap dsa-e.out -e ++#dsa dsa.pcap dsa.out ++#dsa-e dsa.pcap dsa-e.out -e + + # EAP tests + # now in smb.tests + + # Marvell DSA tag tests +-edsa edsa.pcap edsa.out +-edsa-e edsa.pcap edsa-e.out -e ++#edsa edsa.pcap edsa.out ++#edsa-e edsa.pcap edsa-e.out -e + + # ESP tests + esp0 02-sunrise-sunset-esp.pcap esp0.out |