tcpdump: Update to 4.9.2

Message ID 20170908161339.18821-1-matthias.fischer@ipfire.org
State Accepted
Commit 77090f6d13263ee4810d34a8bca5b01f97f5f9b1
Headers show
Series
  • tcpdump: Update to 4.9.2
Related show

Commit Message

Matthias Fischer Sept. 8, 2017, 4:13 p.m.
Changelog:

"Sunday September 3, 2017 denis@ovsienko.info
  Summary for 4.9.2 tcpdump release
    Do not use getprotobynumber() for protocol name resolution.  Do not do
      any protocol name resolution if -n is specified.
      Improve errors detection in the test scripts.
      Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
      Clean up IS-IS printing.
      Fix buffer overflow vulnerabilities:
      CVE-2017-11543 (SLIP)
      CVE-2017-13011 (bittok2str_internal)
      Fix infinite loop vulnerabilities:
      CVE-2017-12989 (RESP)
      CVE-2017-12990 (ISAKMP)
      CVE-2017-12995 (DNS)
      CVE-2017-12997 (LLDP)
      Fix buffer over-read vulnerabilities:
      CVE-2017-11541 (safeputs)
      CVE-2017-11542 (PIMv1)
      CVE-2017-12893 (SMB/CIFS)
      CVE-2017-12894 (lookup_bytestring)
      CVE-2017-12895 (ICMP)
      CVE-2017-12896 (ISAKMP)
      CVE-2017-12897 (ISO CLNS)
      CVE-2017-12898 (NFS)
      CVE-2017-12899 (DECnet)
      CVE-2017-12900 (tok2strbuf)
      CVE-2017-12901 (EIGRP)
      CVE-2017-12902 (Zephyr)
      CVE-2017-12985 (IPv6)
      CVE-2017-12986 (IPv6 routing headers)
      CVE-2017-12987 (IEEE 802.11)
      CVE-2017-12988 (telnet)
      CVE-2017-12991 (BGP)
      CVE-2017-12992 (RIPng)
      CVE-2017-12993 (Juniper)
      CVE-2017-11542 (PIMv1)
      CVE-2017-11541 (safeputs)
      CVE-2017-12994 (BGP)
      CVE-2017-12996 (PIMv2)
      CVE-2017-12998 (ISO IS-IS)
      CVE-2017-12999 (ISO IS-IS)
      CVE-2017-13000 (IEEE 802.15.4)
      CVE-2017-13001 (NFS)
      CVE-2017-13002 (AODV)
      CVE-2017-13003 (LMP)
      CVE-2017-13004 (Juniper)
      CVE-2017-13005 (NFS)
      CVE-2017-13006 (L2TP)
      CVE-2017-13007 (Apple PKTAP)
      CVE-2017-13008 (IEEE 802.11)
      CVE-2017-13009 (IPv6 mobility)
      CVE-2017-13010 (BEEP)
      CVE-2017-13012 (ICMP)
      CVE-2017-13013 (ARP)
      CVE-2017-13014 (White Board)
      CVE-2017-13015 (EAP)
      CVE-2017-11543 (SLIP)
      CVE-2017-13016 (ISO ES-IS)
      CVE-2017-13017 (DHCPv6)
      CVE-2017-13018 (PGM)
      CVE-2017-13019 (PGM)
      CVE-2017-13020 (VTP)
      CVE-2017-13021 (ICMPv6)
      CVE-2017-13022 (IP)
      CVE-2017-13023 (IPv6 mobility)
      CVE-2017-13024 (IPv6 mobility)
      CVE-2017-13025 (IPv6 mobility)
      CVE-2017-13026 (ISO  IS-IS)
      CVE-2017-13027 (LLDP)
      CVE-2017-13028 (BOOTP)
      CVE-2017-13029 (PPP)
      CVE-2017-13030 (PIM)
      CVE-2017-13031 (IPv6 fragmentation header)
      CVE-2017-13032 (RADIUS)
      CVE-2017-13033 (VTP)
      CVE-2017-13034 (PGM)
      CVE-2017-13035 (ISO IS-IS)
      CVE-2017-13036 (OSPFv3)
      CVE-2017-13037 (IP)
      CVE-2017-13038 (PPP)
      CVE-2017-13039 (ISAKMP)
      CVE-2017-13040 (MPTCP)
      CVE-2017-13041 (ICMPv6)
      CVE-2017-13042 (HNCP)
      CVE-2017-13043 (BGP)
      CVE-2017-13044 (HNCP)
      CVE-2017-13045 (VQP)
      CVE-2017-13046 (BGP)
      CVE-2017-13047 (ISO ES-IS)
      CVE-2017-13048 (RSVP)
      CVE-2017-13049 (Rx)
      CVE-2017-13050 (RPKI-Router)
      CVE-2017-13051 (RSVP)
      CVE-2017-13052 (CFM)
      CVE-2017-13053 (BGP)
      CVE-2017-13054 (LLDP)
      CVE-2017-13055 (ISO IS-IS)
      CVE-2017-13687 (Cisco HDLC)
      CVE-2017-13688 (OLSR)
      CVE-2017-13689 (IKEv1)
      CVE-2017-13690 (IKEv2)
      CVE-2017-13725 (IPv6 routing headers)

Sunday July 23, 2017 denis@ovsienko.info
  Summary for 4.9.1 tcpdump release
    CVE-2017-11108/Fix bounds checking for STP.
    Make assorted documentation updates and fix a few typos in tcpdump output.
    Fixup -C for file size >2GB (GH #488).
    Show AddressSanitizer presence in version output.
    Fix a bug in test scripts (exposed in GH #613).
    On FreeBSD adjust Capsicum capabilities for netmap.
    On Linux fix a use-after-free when the requested interface does not exist."

Best,
Matthias

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
 lfs/tcpdump | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Michael Tremer Sept. 11, 2017, 8:15 p.m. | #1
Wow, that is a lot of CVE numbers.

Merged!

-Michael

On Fri, 2017-09-08 at 18:13 +0200, Matthias Fischer wrote:
> Changelog:
> 
> "Sunday September 3, 2017 denis@ovsienko.info
>   Summary for 4.9.2 tcpdump release
>     Do not use getprotobynumber() for protocol name resolution.  Do not do
>       any protocol name resolution if -n is specified.
>       Improve errors detection in the test scripts.
>       Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
>       Clean up IS-IS printing.
>       Fix buffer overflow vulnerabilities:
>       CVE-2017-11543 (SLIP)
>       CVE-2017-13011 (bittok2str_internal)
>       Fix infinite loop vulnerabilities:
>       CVE-2017-12989 (RESP)
>       CVE-2017-12990 (ISAKMP)
>       CVE-2017-12995 (DNS)
>       CVE-2017-12997 (LLDP)
>       Fix buffer over-read vulnerabilities:
>       CVE-2017-11541 (safeputs)
>       CVE-2017-11542 (PIMv1)
>       CVE-2017-12893 (SMB/CIFS)
>       CVE-2017-12894 (lookup_bytestring)
>       CVE-2017-12895 (ICMP)
>       CVE-2017-12896 (ISAKMP)
>       CVE-2017-12897 (ISO CLNS)
>       CVE-2017-12898 (NFS)
>       CVE-2017-12899 (DECnet)
>       CVE-2017-12900 (tok2strbuf)
>       CVE-2017-12901 (EIGRP)
>       CVE-2017-12902 (Zephyr)
>       CVE-2017-12985 (IPv6)
>       CVE-2017-12986 (IPv6 routing headers)
>       CVE-2017-12987 (IEEE 802.11)
>       CVE-2017-12988 (telnet)
>       CVE-2017-12991 (BGP)
>       CVE-2017-12992 (RIPng)
>       CVE-2017-12993 (Juniper)
>       CVE-2017-11542 (PIMv1)
>       CVE-2017-11541 (safeputs)
>       CVE-2017-12994 (BGP)
>       CVE-2017-12996 (PIMv2)
>       CVE-2017-12998 (ISO IS-IS)
>       CVE-2017-12999 (ISO IS-IS)
>       CVE-2017-13000 (IEEE 802.15.4)
>       CVE-2017-13001 (NFS)
>       CVE-2017-13002 (AODV)
>       CVE-2017-13003 (LMP)
>       CVE-2017-13004 (Juniper)
>       CVE-2017-13005 (NFS)
>       CVE-2017-13006 (L2TP)
>       CVE-2017-13007 (Apple PKTAP)
>       CVE-2017-13008 (IEEE 802.11)
>       CVE-2017-13009 (IPv6 mobility)
>       CVE-2017-13010 (BEEP)
>       CVE-2017-13012 (ICMP)
>       CVE-2017-13013 (ARP)
>       CVE-2017-13014 (White Board)
>       CVE-2017-13015 (EAP)
>       CVE-2017-11543 (SLIP)
>       CVE-2017-13016 (ISO ES-IS)
>       CVE-2017-13017 (DHCPv6)
>       CVE-2017-13018 (PGM)
>       CVE-2017-13019 (PGM)
>       CVE-2017-13020 (VTP)
>       CVE-2017-13021 (ICMPv6)
>       CVE-2017-13022 (IP)
>       CVE-2017-13023 (IPv6 mobility)
>       CVE-2017-13024 (IPv6 mobility)
>       CVE-2017-13025 (IPv6 mobility)
>       CVE-2017-13026 (ISO  IS-IS)
>       CVE-2017-13027 (LLDP)
>       CVE-2017-13028 (BOOTP)
>       CVE-2017-13029 (PPP)
>       CVE-2017-13030 (PIM)
>       CVE-2017-13031 (IPv6 fragmentation header)
>       CVE-2017-13032 (RADIUS)
>       CVE-2017-13033 (VTP)
>       CVE-2017-13034 (PGM)
>       CVE-2017-13035 (ISO IS-IS)
>       CVE-2017-13036 (OSPFv3)
>       CVE-2017-13037 (IP)
>       CVE-2017-13038 (PPP)
>       CVE-2017-13039 (ISAKMP)
>       CVE-2017-13040 (MPTCP)
>       CVE-2017-13041 (ICMPv6)
>       CVE-2017-13042 (HNCP)
>       CVE-2017-13043 (BGP)
>       CVE-2017-13044 (HNCP)
>       CVE-2017-13045 (VQP)
>       CVE-2017-13046 (BGP)
>       CVE-2017-13047 (ISO ES-IS)
>       CVE-2017-13048 (RSVP)
>       CVE-2017-13049 (Rx)
>       CVE-2017-13050 (RPKI-Router)
>       CVE-2017-13051 (RSVP)
>       CVE-2017-13052 (CFM)
>       CVE-2017-13053 (BGP)
>       CVE-2017-13054 (LLDP)
>       CVE-2017-13055 (ISO IS-IS)
>       CVE-2017-13687 (Cisco HDLC)
>       CVE-2017-13688 (OLSR)
>       CVE-2017-13689 (IKEv1)
>       CVE-2017-13690 (IKEv2)
>       CVE-2017-13725 (IPv6 routing headers)
> 
> Sunday July 23, 2017 denis@ovsienko.info
>   Summary for 4.9.1 tcpdump release
>     CVE-2017-11108/Fix bounds checking for STP.
>     Make assorted documentation updates and fix a few typos in tcpdump output.
>     Fixup -C for file size >2GB (GH #488).
>     Show AddressSanitizer presence in version output.
>     Fix a bug in test scripts (exposed in GH #613).
>     On FreeBSD adjust Capsicum capabilities for netmap.
>     On Linux fix a use-after-free when the requested interface does not exist."
> 
> Best,
> Matthias
> 
> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
> ---
>  lfs/tcpdump | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lfs/tcpdump b/lfs/tcpdump
> index 42536f16a..acf752ce2 100644
> --- a/lfs/tcpdump
> +++ b/lfs/tcpdump
> @@ -24,7 +24,7 @@
>  
>  include Config
>  
> -VER        = 4.9.0
> +VER        = 4.9.2
>  
>  THISAPP    = tcpdump-$(VER)
>  DL_FILE    = $(THISAPP).tar.gz
> @@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
>  DIR_APP    = $(DIR_SRC)/$(THISAPP)
>  TARGET     = $(DIR_INFO)/$(THISAPP)
>  PROG       = tcpdump
> -PAK_VER    = 8
> +PAK_VER    = 9
>  
>  DEPS       = ""
>  
> @@ -44,7 +44,7 @@ objects = $(DL_FILE)
>  
>  $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>  
> -$(DL_FILE)_MD5 = 2b83364eef53b63ca3181b4eb56dab0c
> +$(DL_FILE)_MD5 = 9bbc1ee33dab61302411b02dd0515576
>  
>  install : $(TARGET)
>

Patch

diff --git a/lfs/tcpdump b/lfs/tcpdump
index 42536f16a..acf752ce2 100644
--- a/lfs/tcpdump
+++ b/lfs/tcpdump
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 4.9.0
+VER        = 4.9.2
 
 THISAPP    = tcpdump-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@  DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = tcpdump
-PAK_VER    = 8
+PAK_VER    = 9
 
 DEPS       = ""
 
@@ -44,7 +44,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 2b83364eef53b63ca3181b4eb56dab0c
+$(DL_FILE)_MD5 = 9bbc1ee33dab61302411b02dd0515576
 
 install : $(TARGET)