diff options
| author | Gustavo Zacarias <gustavo@zacarias.com.ar> | 2015-03-11 10:43:48 -0300 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2015-03-11 17:08:44 +0100 |
| commit | 6029d1b81b475032069307e95558e7a8f766253a (patch) | |
| tree | e0188107b61ed1f95fd953bb4d0162ce8ee6b66c /package/tcpdump | |
| parent | f57423064ef0c22717db370d126bff832e7e1fd5 (diff) | |
tcpdump: security bump to version 4.7.3
Fixes:
CVE-2015-0261 - issues with IPv6 mobility printer.
CVE-2015-2153 - issue with tcp printer.
CVE-2015-2154 - issue with ethernet printer.
CVE-2015-2155 - issue with force printer.
CVE-2014-9140 fix is upstream so patch dropped.
System libpcap upstream as well so dropped.
CVE-2014-8767, CVE-2014-8768 and CVE-2014-8769 don't seem to be upstream
so keep.
And add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/tcpdump')
| -rw-r--r-- | package/tcpdump/0001-Use-system-libpcap-when-configured-with-with-system-.patch | 78 | ||||
| -rw-r--r-- | package/tcpdump/0005-fix-CVE-2014-9140.patch | 59 | ||||
| -rw-r--r-- | package/tcpdump/tcpdump.hash | 2 | ||||
| -rw-r--r-- | package/tcpdump/tcpdump.mk | 4 |
4 files changed, 3 insertions, 140 deletions
diff --git a/package/tcpdump/0001-Use-system-libpcap-when-configured-with-with-system-.patch b/package/tcpdump/0001-Use-system-libpcap-when-configured-with-with-system-.patch deleted file mode 100644 index 7f8b7151c..000000000 --- a/package/tcpdump/0001-Use-system-libpcap-when-configured-with-with-system-.patch +++ /dev/null @@ -1,78 +0,0 @@ -From 4289e62c7966e5abeb95307717cef30a51fcdccf Mon Sep 17 00:00:00 2001 -From: Baruch Siach <baruch@tkos.co.il> -Date: Wed, 29 Oct 2014 13:21:05 +0200 -Subject: [PATCH] Use system libpcap when configured with --with-system-pcap - -Don't force the local libpcap build when the system provides one. When ---with-system-pcap is given to configure, don't try to locate a local libpcap -build. This help build systems like Buildroot that store build trees in the -same directory, but still prefer dynamically linking against system wide -libpcap.so to save space. - -Signed-off-by: Baruch Siach <baruch@tkos.co.il> ---- -Status: sent upstream (https://github.com/the-tcpdump-group/tcpdump/pull/408) - - aclocal.m4 | 46 +++++++++++++++++++++++++--------------------- - 1 file changed, 25 insertions(+), 21 deletions(-) - -diff --git a/aclocal.m4 b/aclocal.m4 -index 80614cf21050..cd0a94414bbf 100644 ---- a/aclocal.m4 -+++ b/aclocal.m4 -@@ -438,27 +438,31 @@ AC_DEFUN(AC_LBL_LIBPCAP, - LIBS="$LIBS $pfopen" - fi - fi -- AC_MSG_CHECKING(for local pcap library) -- libpcap=FAIL -- lastdir=FAIL -- places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \ -- egrep '/libpcap-[[0-9]]+\.[[0-9]]+(\.[[0-9]]*)?([[ab]][[0-9]]*|-PRE-GIT)?$'` -- places2=`ls .. | sed -e 's,/$,,' -e "s,^,../," | \ -- egrep '/libpcap-[[0-9]]+\.[[0-9]]+(\.[[0-9]]*)?([[ab]][[0-9]]*|-PRE-GIT)?$'` -- for dir in $places $srcdir/../libpcap ../libpcap $srcdir/libpcap $places2 ; do -- basedir=`echo $dir | sed -e 's/[[ab]][[0-9]]*$//' | \ -- sed -e 's/-PRE-GIT$//' ` -- if test $lastdir = $basedir ; then -- dnl skip alphas when an actual release is present -- continue; -- fi -- lastdir=$dir -- if test -r $dir/libpcap.a ; then -- libpcap=$dir/libpcap.a -- d=$dir -- dnl continue and select the last one that exists -- fi -- done -+ libpcap=FAIL -+ AC_MSG_CHECKING(for local pcap library) -+ AC_ARG_WITH([system-libpcap], -+ [AS_HELP_STRING([--with-system-libpcap], [don't use local pcap library])]) -+ if test "x$with_system_libpcap" != xyes ; then -+ lastdir=FAIL -+ places=`ls $srcdir/.. | sed -e 's,/$,,' -e "s,^,$srcdir/../," | \ -+ egrep '/libpcap-[[0-9]]+\.[[0-9]]+(\.[[0-9]]*)?([[ab]][[0-9]]*|-PRE-GIT)?$'` -+ places2=`ls .. | sed -e 's,/$,,' -e "s,^,../," | \ -+ egrep '/libpcap-[[0-9]]+\.[[0-9]]+(\.[[0-9]]*)?([[ab]][[0-9]]*|-PRE-GIT)?$'` -+ for dir in $places $srcdir/../libpcap ../libpcap $srcdir/libpcap $places2 ; do -+ basedir=`echo $dir | sed -e 's/[[ab]][[0-9]]*$//' | \ -+ sed -e 's/-PRE-GIT$//' ` -+ if test $lastdir = $basedir ; then -+ dnl skip alphas when an actual release is present -+ continue; -+ fi -+ lastdir=$dir -+ if test -r $dir/libpcap.a ; then -+ libpcap=$dir/libpcap.a -+ d=$dir -+ dnl continue and select the last one that exists -+ fi -+ done -+ fi - if test $libpcap = FAIL ; then - AC_MSG_RESULT(not found) - --- -2.1.1 - diff --git a/package/tcpdump/0005-fix-CVE-2014-9140.patch b/package/tcpdump/0005-fix-CVE-2014-9140.patch deleted file mode 100644 index 86365d0b7..000000000 --- a/package/tcpdump/0005-fix-CVE-2014-9140.patch +++ /dev/null @@ -1,59 +0,0 @@ -From 0f95d441e4b5d7512cc5c326c8668a120e048eda Mon Sep 17 00:00:00 2001 -From: Guy Harris <guy@alum.mit.edu> -Date: Wed, 22 Oct 2014 12:31:21 -0700 -Subject: [PATCH] Do bounds checking when unescaping PPP. - -Clean up a const issue while we're at it. - -Upstream commit 0f95d441e4b5d. - -Signed-off-by: Baruch Siach <baruch@tkos.co.il> ---- - print-ppp.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/print-ppp.c b/print-ppp.c -index 8e098f05a953..9a983e6179cd 100644 ---- a/print-ppp.c -+++ b/print-ppp.c -@@ -1351,14 +1351,15 @@ static void - ppp_hdlc(netdissect_options *ndo, - const u_char *p, int length) - { -- u_char *b, *s, *t, c; -+ u_char *b, *t, c; -+ const u_char *s; - int i, proto; - const void *se; - - if (length <= 0) - return; - -- b = (uint8_t *)malloc(length); -+ b = (u_char *)malloc(length); - if (b == NULL) - return; - -@@ -1367,14 +1368,13 @@ ppp_hdlc(netdissect_options *ndo, - * Do this so that we dont overwrite the original packet - * contents. - */ -- for (s = (u_char *)p, t = b, i = length; i > 0; i--) { -+ for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { - c = *s++; - if (c == 0x7d) { -- if (i > 1) { -- i--; -- c = *s++ ^ 0x20; -- } else -- continue; -+ if (i <= 1 || !ND_TTEST(*s)) -+ break; -+ i--; -+ c = *s++ ^ 0x20; - } - *t++ = c; - } --- -2.1.3 - diff --git a/package/tcpdump/tcpdump.hash b/package/tcpdump/tcpdump.hash new file mode 100644 index 000000000..36e1c3bd5 --- /dev/null +++ b/package/tcpdump/tcpdump.hash @@ -0,0 +1,2 @@ +# Locally calculated after checking pgp signature +sha256 1f87fb652ce996d41e7a06c601bc6ea29b13fee922945b23770c29490f1d8ace tcpdump-4.7.3.tar.gz diff --git a/package/tcpdump/tcpdump.mk b/package/tcpdump/tcpdump.mk index 69eb717c9..71b844ab3 100644 --- a/package/tcpdump/tcpdump.mk +++ b/package/tcpdump/tcpdump.mk @@ -4,7 +4,7 @@ # ################################################################################ -TCPDUMP_VERSION = 4.6.2 +TCPDUMP_VERSION = 4.7.3 TCPDUMP_SITE = http://www.tcpdump.org/release TCPDUMP_LICENSE = BSD-3c TCPDUMP_LICENSE_FILES = LICENSE @@ -17,8 +17,6 @@ TCPDUMP_CONF_OPTS = \ --with-system-libpcap \ $(if $(BR2_PACKAGE_TCPDUMP_SMB),--enable-smb,--disable-smb) TCPDUMP_DEPENDENCIES = zlib libpcap -# Patching aclocal.m4 -TCPDUMP_AUTORECONF = YES ifeq ($(BR2_STATIC_LIBS),y) TCPDUMP_CONF_OPTS += LIBS="$(shell $(STAGING_DIR)/usr/bin/pcap-config --static --additional-libs)" |