Verified Commit f716c705 authored by Max Rees's avatar Max Rees

user/tcpdump: [CVE] bump to 4.9.3

parent 20e3621f
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Dan Theisen <djt@hxx.in>
pkgname=tcpdump
pkgver=4.9.2
pkgrel=2
pkgver=4.9.3
pkgrel=0
pkgdesc="A tool for network monitoring and data acquisition"
url="http://www.tcpdump.org"
arch="all"
......@@ -11,7 +11,6 @@ depends=""
makedepends="libpcap-dev openssl-dev perl"
subpackages="$pkgname-doc"
source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz
CVE-2017-16808.patch
CVE-2018-19519.patch
"
......@@ -20,9 +19,35 @@ source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz
# - CVE-2018-19519
# 4.9.2-r2:
# - CVE-2017-16808
# 4.9.3-r0:
# - CVE-2018-10103
# - CVE-2018-10105
# - CVE-2018-14461
# - CVE-2018-14462
# - CVE-2018-14463
# - CVE-2018-14464
# - CVE-2018-14465
# - CVE-2018-14466
# - CVE-2018-14467
# - CVE-2018-14468
# - CVE-2018-14469
# - CVE-2018-14470
# - CVE-2018-14879
# - CVE-2018-14880
# - CVE-2018-14881
# - CVE-2018-14882
# - CVE-2018-16227
# - CVE-2018-16228
# - CVE-2018-16229
# - CVE-2018-16230
# - CVE-2018-16300
# - CVE-2018-16301
# - CVE-2018-16451
# - CVE-2018-16452
# - CVE-2019-15166
# - CVE-2019-15167
build () {
cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
......@@ -34,16 +59,13 @@ build () {
}
check() {
cd "$builddir"
make check
}
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
rm -f "$pkgdir"/usr/sbin/tcpdump.4*
}
sha512sums="e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b tcpdump-4.9.2.tar.gz
d7f4761bee96ec69cdb93602ea59518f238089967d1ede4e91d139febe0ffe0818d49ad19b96c741a379938c369952405dadd3be2766b6524c43c70066cb4fc4 CVE-2017-16808.patch
sha512sums="3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22 tcpdump-4.9.3.tar.gz
eb4232e434064ec59b07840aa394cfcc05c89e817f2d4ebeb4da1dbb1c910fe1805857356d6304ebdb16e32aa6476ce90f164aabc60501b493fd5601b380af7e CVE-2018-19519.patch"
From 28f610026d901660dd370862b62ec328727446a2 Mon Sep 17 00:00:00 2001
From: Denis Ovsienko <denis@ovsienko.info>
Date: Thu, 31 Aug 2017 21:15:37 +0100
Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check.
In aoev1_reserve_print() check bounds before trying to print an Ethernet
address.
This fixes a buffer over-read discovered by Bhargava Shastry,
SecT/TU Berlin.
---
print-aoe.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/print-aoe.c b/print-aoe.c
index 97e93df2e..2c78a55d3 100644
--- a/print-aoe.c
+++ b/print-aoe.c
@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo,
goto invalid;
/* addresses */
for (i = 0; i < nmacs; i++) {
+ ND_TCHECK2(*cp, ETHER_ADDR_LEN);
ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp)));
cp += ETHER_ADDR_LEN;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment