Message ID | 20170908161339.18821-1-matthias.fischer@ipfire.org |
---|---|
State | Accepted |
Commit | 77090f6d13263ee4810d34a8bca5b01f97f5f9b1 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (unknown [172.28.1.200]) by web02.ipfire.org (Postfix) with ESMTP id D52156146E for <patchwork@ipfire.org>; Fri, 8 Sep 2017 18:13:47 +0200 (CEST) Received: from mail01.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 636B127C7; Fri, 8 Sep 2017 18:13:45 +0200 (CEST) Received: from Devel.localdomain (p5DD82971.dip0.t-ipconnect.de [93.216.41.113]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id D419D27C5 for <development@lists.ipfire.org>; Fri, 8 Sep 2017 18:13:43 +0200 (CEST) From: Matthias Fischer <matthias.fischer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] tcpdump: Update to 4.9.2 Date: Fri, 8 Sep 2017 18:13:39 +0200 Message-Id: <20170908161339.18821-1-matthias.fischer@ipfire.org> X-Mailer: git-send-email 2.14.1 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
tcpdump: Update to 4.9.2
|
|
Commit Message
Matthias Fischer
Sept. 9, 2017, 2:13 a.m. UTC
Changelog:
"Sunday September 3, 2017 denis@ovsienko.info
Summary for 4.9.2 tcpdump release
Do not use getprotobynumber() for protocol name resolution. Do not do
any protocol name resolution if -n is specified.
Improve errors detection in the test scripts.
Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
Clean up IS-IS printing.
Fix buffer overflow vulnerabilities:
CVE-2017-11543 (SLIP)
CVE-2017-13011 (bittok2str_internal)
Fix infinite loop vulnerabilities:
CVE-2017-12989 (RESP)
CVE-2017-12990 (ISAKMP)
CVE-2017-12995 (DNS)
CVE-2017-12997 (LLDP)
Fix buffer over-read vulnerabilities:
CVE-2017-11541 (safeputs)
CVE-2017-11542 (PIMv1)
CVE-2017-12893 (SMB/CIFS)
CVE-2017-12894 (lookup_bytestring)
CVE-2017-12895 (ICMP)
CVE-2017-12896 (ISAKMP)
CVE-2017-12897 (ISO CLNS)
CVE-2017-12898 (NFS)
CVE-2017-12899 (DECnet)
CVE-2017-12900 (tok2strbuf)
CVE-2017-12901 (EIGRP)
CVE-2017-12902 (Zephyr)
CVE-2017-12985 (IPv6)
CVE-2017-12986 (IPv6 routing headers)
CVE-2017-12987 (IEEE 802.11)
CVE-2017-12988 (telnet)
CVE-2017-12991 (BGP)
CVE-2017-12992 (RIPng)
CVE-2017-12993 (Juniper)
CVE-2017-11542 (PIMv1)
CVE-2017-11541 (safeputs)
CVE-2017-12994 (BGP)
CVE-2017-12996 (PIMv2)
CVE-2017-12998 (ISO IS-IS)
CVE-2017-12999 (ISO IS-IS)
CVE-2017-13000 (IEEE 802.15.4)
CVE-2017-13001 (NFS)
CVE-2017-13002 (AODV)
CVE-2017-13003 (LMP)
CVE-2017-13004 (Juniper)
CVE-2017-13005 (NFS)
CVE-2017-13006 (L2TP)
CVE-2017-13007 (Apple PKTAP)
CVE-2017-13008 (IEEE 802.11)
CVE-2017-13009 (IPv6 mobility)
CVE-2017-13010 (BEEP)
CVE-2017-13012 (ICMP)
CVE-2017-13013 (ARP)
CVE-2017-13014 (White Board)
CVE-2017-13015 (EAP)
CVE-2017-11543 (SLIP)
CVE-2017-13016 (ISO ES-IS)
CVE-2017-13017 (DHCPv6)
CVE-2017-13018 (PGM)
CVE-2017-13019 (PGM)
CVE-2017-13020 (VTP)
CVE-2017-13021 (ICMPv6)
CVE-2017-13022 (IP)
CVE-2017-13023 (IPv6 mobility)
CVE-2017-13024 (IPv6 mobility)
CVE-2017-13025 (IPv6 mobility)
CVE-2017-13026 (ISO IS-IS)
CVE-2017-13027 (LLDP)
CVE-2017-13028 (BOOTP)
CVE-2017-13029 (PPP)
CVE-2017-13030 (PIM)
CVE-2017-13031 (IPv6 fragmentation header)
CVE-2017-13032 (RADIUS)
CVE-2017-13033 (VTP)
CVE-2017-13034 (PGM)
CVE-2017-13035 (ISO IS-IS)
CVE-2017-13036 (OSPFv3)
CVE-2017-13037 (IP)
CVE-2017-13038 (PPP)
CVE-2017-13039 (ISAKMP)
CVE-2017-13040 (MPTCP)
CVE-2017-13041 (ICMPv6)
CVE-2017-13042 (HNCP)
CVE-2017-13043 (BGP)
CVE-2017-13044 (HNCP)
CVE-2017-13045 (VQP)
CVE-2017-13046 (BGP)
CVE-2017-13047 (ISO ES-IS)
CVE-2017-13048 (RSVP)
CVE-2017-13049 (Rx)
CVE-2017-13050 (RPKI-Router)
CVE-2017-13051 (RSVP)
CVE-2017-13052 (CFM)
CVE-2017-13053 (BGP)
CVE-2017-13054 (LLDP)
CVE-2017-13055 (ISO IS-IS)
CVE-2017-13687 (Cisco HDLC)
CVE-2017-13688 (OLSR)
CVE-2017-13689 (IKEv1)
CVE-2017-13690 (IKEv2)
CVE-2017-13725 (IPv6 routing headers)
Sunday July 23, 2017 denis@ovsienko.info
Summary for 4.9.1 tcpdump release
CVE-2017-11108/Fix bounds checking for STP.
Make assorted documentation updates and fix a few typos in tcpdump output.
Fixup -C for file size >2GB (GH #488).
Show AddressSanitizer presence in version output.
Fix a bug in test scripts (exposed in GH #613).
On FreeBSD adjust Capsicum capabilities for netmap.
On Linux fix a use-after-free when the requested interface does not exist."
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
lfs/tcpdump | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Comments
Wow, that is a lot of CVE numbers. Merged! -Michael On Fri, 2017-09-08 at 18:13 +0200, Matthias Fischer wrote: > Changelog: > > "Sunday September 3, 2017 denis@ovsienko.info > Summary for 4.9.2 tcpdump release > Do not use getprotobynumber() for protocol name resolution. Do not do > any protocol name resolution if -n is specified. > Improve errors detection in the test scripts. > Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage. > Clean up IS-IS printing. > Fix buffer overflow vulnerabilities: > CVE-2017-11543 (SLIP) > CVE-2017-13011 (bittok2str_internal) > Fix infinite loop vulnerabilities: > CVE-2017-12989 (RESP) > CVE-2017-12990 (ISAKMP) > CVE-2017-12995 (DNS) > CVE-2017-12997 (LLDP) > Fix buffer over-read vulnerabilities: > CVE-2017-11541 (safeputs) > CVE-2017-11542 (PIMv1) > CVE-2017-12893 (SMB/CIFS) > CVE-2017-12894 (lookup_bytestring) > CVE-2017-12895 (ICMP) > CVE-2017-12896 (ISAKMP) > CVE-2017-12897 (ISO CLNS) > CVE-2017-12898 (NFS) > CVE-2017-12899 (DECnet) > CVE-2017-12900 (tok2strbuf) > CVE-2017-12901 (EIGRP) > CVE-2017-12902 (Zephyr) > CVE-2017-12985 (IPv6) > CVE-2017-12986 (IPv6 routing headers) > CVE-2017-12987 (IEEE 802.11) > CVE-2017-12988 (telnet) > CVE-2017-12991 (BGP) > CVE-2017-12992 (RIPng) > CVE-2017-12993 (Juniper) > CVE-2017-11542 (PIMv1) > CVE-2017-11541 (safeputs) > CVE-2017-12994 (BGP) > CVE-2017-12996 (PIMv2) > CVE-2017-12998 (ISO IS-IS) > CVE-2017-12999 (ISO IS-IS) > CVE-2017-13000 (IEEE 802.15.4) > CVE-2017-13001 (NFS) > CVE-2017-13002 (AODV) > CVE-2017-13003 (LMP) > CVE-2017-13004 (Juniper) > CVE-2017-13005 (NFS) > CVE-2017-13006 (L2TP) > CVE-2017-13007 (Apple PKTAP) > CVE-2017-13008 (IEEE 802.11) > CVE-2017-13009 (IPv6 mobility) > CVE-2017-13010 (BEEP) > CVE-2017-13012 (ICMP) > CVE-2017-13013 (ARP) > CVE-2017-13014 (White Board) > CVE-2017-13015 (EAP) > CVE-2017-11543 (SLIP) > CVE-2017-13016 (ISO ES-IS) > CVE-2017-13017 (DHCPv6) > CVE-2017-13018 (PGM) > CVE-2017-13019 (PGM) > CVE-2017-13020 (VTP) > CVE-2017-13021 (ICMPv6) > CVE-2017-13022 (IP) > CVE-2017-13023 (IPv6 mobility) > CVE-2017-13024 (IPv6 mobility) > CVE-2017-13025 (IPv6 mobility) > CVE-2017-13026 (ISO IS-IS) > CVE-2017-13027 (LLDP) > CVE-2017-13028 (BOOTP) > CVE-2017-13029 (PPP) > CVE-2017-13030 (PIM) > CVE-2017-13031 (IPv6 fragmentation header) > CVE-2017-13032 (RADIUS) > CVE-2017-13033 (VTP) > CVE-2017-13034 (PGM) > CVE-2017-13035 (ISO IS-IS) > CVE-2017-13036 (OSPFv3) > CVE-2017-13037 (IP) > CVE-2017-13038 (PPP) > CVE-2017-13039 (ISAKMP) > CVE-2017-13040 (MPTCP) > CVE-2017-13041 (ICMPv6) > CVE-2017-13042 (HNCP) > CVE-2017-13043 (BGP) > CVE-2017-13044 (HNCP) > CVE-2017-13045 (VQP) > CVE-2017-13046 (BGP) > CVE-2017-13047 (ISO ES-IS) > CVE-2017-13048 (RSVP) > CVE-2017-13049 (Rx) > CVE-2017-13050 (RPKI-Router) > CVE-2017-13051 (RSVP) > CVE-2017-13052 (CFM) > CVE-2017-13053 (BGP) > CVE-2017-13054 (LLDP) > CVE-2017-13055 (ISO IS-IS) > CVE-2017-13687 (Cisco HDLC) > CVE-2017-13688 (OLSR) > CVE-2017-13689 (IKEv1) > CVE-2017-13690 (IKEv2) > CVE-2017-13725 (IPv6 routing headers) > > Sunday July 23, 2017 denis@ovsienko.info > Summary for 4.9.1 tcpdump release > CVE-2017-11108/Fix bounds checking for STP. > Make assorted documentation updates and fix a few typos in tcpdump output. > Fixup -C for file size >2GB (GH #488). > Show AddressSanitizer presence in version output. > Fix a bug in test scripts (exposed in GH #613). > On FreeBSD adjust Capsicum capabilities for netmap. > On Linux fix a use-after-free when the requested interface does not exist." > > Best, > Matthias > > Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org> > --- > lfs/tcpdump | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lfs/tcpdump b/lfs/tcpdump > index 42536f16a..acf752ce2 100644 > --- a/lfs/tcpdump > +++ b/lfs/tcpdump > @@ -24,7 +24,7 @@ > > include Config > > -VER = 4.9.0 > +VER = 4.9.2 > > THISAPP = tcpdump-$(VER) > DL_FILE = $(THISAPP).tar.gz > @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) > DIR_APP = $(DIR_SRC)/$(THISAPP) > TARGET = $(DIR_INFO)/$(THISAPP) > PROG = tcpdump > -PAK_VER = 8 > +PAK_VER = 9 > > DEPS = "" > > @@ -44,7 +44,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = 2b83364eef53b63ca3181b4eb56dab0c > +$(DL_FILE)_MD5 = 9bbc1ee33dab61302411b02dd0515576 > > install : $(TARGET) >
diff --git a/lfs/tcpdump b/lfs/tcpdump index 42536f16a..acf752ce2 100644 --- a/lfs/tcpdump +++ b/lfs/tcpdump @@ -24,7 +24,7 @@ include Config -VER = 4.9.0 +VER = 4.9.2 THISAPP = tcpdump-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tcpdump -PAK_VER = 8 +PAK_VER = 9 DEPS = "" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 2b83364eef53b63ca3181b4eb56dab0c +$(DL_FILE)_MD5 = 9bbc1ee33dab61302411b02dd0515576 install : $(TARGET)