From 20e3621f523e3815a26ede1331a6493b70fcd939 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Wed, 2 Oct 2019 23:33:11 -0500 Subject: user/libpcap: [CVE] bump to 1.9.1 --- user/libpcap/APKBUILD | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/user/libpcap/APKBUILD b/user/libpcap/APKBUILD index f1c3cd9d7..714e098f2 100644 --- a/user/libpcap/APKBUILD +++ b/user/libpcap/APKBUILD @@ -1,6 +1,6 @@ # Maintainer: pkgname=libpcap -pkgver=1.9.0 +pkgver=1.9.1 pkgrel=0 pkgdesc="System-independent interface for user-level packet capture" url="http://www.tcpdump.org/" @@ -14,8 +14,16 @@ source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz add-missing-header.patch " +# secfixes: +# 1.9.1-r0: +# - CVE-2018-16301 +# - CVE-2019-15161 +# - CVE-2019-15162 +# - CVE-2019-15163 +# - CVE-2019-15164 +# - CVE-2019-15165 + build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -33,9 +41,8 @@ build() { } package() { - cd "$builddir" make -j1 DESTDIR="$pkgdir" install install-shared } -sha512sums="0ff25641f1e9d29082766caef45888c19214f770c4f378818caa73fcbc4ae54ad9195549c2499d4879ff46e35741d93b2b02cc5f3d6aa99e85a32194cf10bfe7 libpcap-1.9.0.tar.gz +sha512sums="ae0d6b0ad8253e7e059336c0f4ed3850d20d7d2f4dc1d942c2951f99a5443a690f0cc42c6f8fdc4a0ccb19e9e985192ba6f399c4bde2c7076e420f547fddfb08 libpcap-1.9.1.tar.gz d9bee430f26e647c4a7ddd5b1ddd588fadefd3a034710e9bdfa9ff1d8c18ad8f6c0be1c29c2261e7be89db7d7e545e30c7910f09f3f53701ce04421449328be2 add-missing-header.patch" -- cgit v1.2.3-60-g2f50 From f716c7057e137b586d2b8914346bdc5a486da397 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Wed, 2 Oct 2019 23:34:03 -0500 Subject: user/tcpdump: [CVE] bump to 4.9.3 --- user/tcpdump/APKBUILD | 38 ++++++++++++++++++++++++++++++-------- user/tcpdump/CVE-2017-16808.patch | 26 -------------------------- 2 files changed, 30 insertions(+), 34 deletions(-) delete mode 100644 user/tcpdump/CVE-2017-16808.patch diff --git a/user/tcpdump/APKBUILD b/user/tcpdump/APKBUILD index d273d4acc..f39d5c9d5 100644 --- a/user/tcpdump/APKBUILD +++ b/user/tcpdump/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Natanael Copa # Maintainer: Dan Theisen pkgname=tcpdump -pkgver=4.9.2 -pkgrel=2 +pkgver=4.9.3 +pkgrel=0 pkgdesc="A tool for network monitoring and data acquisition" url="http://www.tcpdump.org" arch="all" @@ -11,7 +11,6 @@ depends="" makedepends="libpcap-dev openssl-dev perl" subpackages="$pkgname-doc" source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz - CVE-2017-16808.patch CVE-2018-19519.patch " @@ -20,9 +19,35 @@ source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz # - CVE-2018-19519 # 4.9.2-r2: # - CVE-2017-16808 +# 4.9.3-r0: +# - CVE-2018-10103 +# - CVE-2018-10105 +# - CVE-2018-14461 +# - CVE-2018-14462 +# - CVE-2018-14463 +# - CVE-2018-14464 +# - CVE-2018-14465 +# - CVE-2018-14466 +# - CVE-2018-14467 +# - CVE-2018-14468 +# - CVE-2018-14469 +# - CVE-2018-14470 +# - CVE-2018-14879 +# - CVE-2018-14880 +# - CVE-2018-14881 +# - CVE-2018-14882 +# - CVE-2018-16227 +# - CVE-2018-16228 +# - CVE-2018-16229 +# - CVE-2018-16230 +# - CVE-2018-16300 +# - CVE-2018-16301 +# - CVE-2018-16451 +# - CVE-2018-16452 +# - CVE-2019-15166 +# - CVE-2019-15167 build () { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -34,16 +59,13 @@ build () { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install rm -f "$pkgdir"/usr/sbin/tcpdump.4* } -sha512sums="e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b tcpdump-4.9.2.tar.gz -d7f4761bee96ec69cdb93602ea59518f238089967d1ede4e91d139febe0ffe0818d49ad19b96c741a379938c369952405dadd3be2766b6524c43c70066cb4fc4 CVE-2017-16808.patch +sha512sums="3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22 tcpdump-4.9.3.tar.gz eb4232e434064ec59b07840aa394cfcc05c89e817f2d4ebeb4da1dbb1c910fe1805857356d6304ebdb16e32aa6476ce90f164aabc60501b493fd5601b380af7e CVE-2018-19519.patch" diff --git a/user/tcpdump/CVE-2017-16808.patch b/user/tcpdump/CVE-2017-16808.patch deleted file mode 100644 index 6b41aad8c..000000000 --- a/user/tcpdump/CVE-2017-16808.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 28f610026d901660dd370862b62ec328727446a2 Mon Sep 17 00:00:00 2001 -From: Denis Ovsienko -Date: Thu, 31 Aug 2017 21:15:37 +0100 -Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check. - -In aoev1_reserve_print() check bounds before trying to print an Ethernet -address. - -This fixes a buffer over-read discovered by Bhargava Shastry, -SecT/TU Berlin. ---- - print-aoe.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/print-aoe.c b/print-aoe.c -index 97e93df2e..2c78a55d3 100644 ---- a/print-aoe.c -+++ b/print-aoe.c -@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo, - goto invalid; - /* addresses */ - for (i = 0; i < nmacs; i++) { -+ ND_TCHECK2(*cp, ETHER_ADDR_LEN); - ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp))); - cp += ETHER_ADDR_LEN; - } -- cgit v1.2.3-60-g2f50