diff options
author | Leo Famulari <leo@famulari.name> | 2017-09-05 14:57:21 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-09-07 17:44:20 -0400 |
commit | 81635ad03ecb3a51b5248db65919621bde9039f4 (patch) | |
tree | 6820057f02bdaeed08cb2035ca276c9354361e3c /gnu | |
parent | 3b2802f8c451f7d8f0e02ee81a55046648c0735e (diff) |
gnu: tcpdump: Update to 4.9.2 [security fixes].
Fixes CVE-2017-{12893,12894,12895,12896,12897,12898,12899,12900,12901,12902,
12985,12986,12987,12988,12989,12990,12991,12992,12993,12994,12995,12996,12997,
12998,12999,13000,13001,13002,13003,13004,13005,13006,13007,13008,13009,13010,
13012,13013,13014,13015,13016,13017,13018,13019,13020,13021,13022,13023,13024,
13025,13026,13027,13028,13029,13030,13031,13032,13033,13034,13035,13036,13037,
13038,13039,13040,13041,13042,13043,13044,13045,13046,13047,13048,13049,13050,
13051,13052,13053,13054,13055,13687,13688,13689,13690,13725}.
* gnu/packages/admin.scm (tcpdump): Update to 4.9.2.
[source]: Remove patches and add alternate source URL.
* gnu/packages/patches/tcpdump-CVE-2017-11541.patch,
gnu/packages/patches/tcpdump-CVE-2017-11542.patch,
gnu/packages/patches/tcpdump-CVE-2017-11543.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 3 | ||||
-rw-r--r-- | gnu/packages/admin.scm | 17 | ||||
-rw-r--r-- | gnu/packages/patches/tcpdump-CVE-2017-11541.patch | 47 | ||||
-rw-r--r-- | gnu/packages/patches/tcpdump-CVE-2017-11542.patch | 37 | ||||
-rw-r--r-- | gnu/packages/patches/tcpdump-CVE-2017-11543.patch | 79 |
5 files changed, 10 insertions, 173 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 9df17110b6..2f85510767 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1034,9 +1034,6 @@ dist_patch_DATA = \ %D%/packages/patches/tar-skip-unreliable-tests.patch \ %D%/packages/patches/tcl-mkindex-deterministic.patch \ %D%/packages/patches/tclxml-3.2-install.patch \ - %D%/packages/patches/tcpdump-CVE-2017-11541.patch \ - %D%/packages/patches/tcpdump-CVE-2017-11542.patch \ - %D%/packages/patches/tcpdump-CVE-2017-11543.patch \ %D%/packages/patches/tcsh-fix-autotest.patch \ %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch \ %D%/packages/patches/teensy-loader-cli-help.patch \ diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm index f047bcaef3..c67491c534 100644 --- a/gnu/packages/admin.scm +++ b/gnu/packages/admin.scm @@ -661,17 +661,20 @@ network statistics collection, security monitoring, network debugging, etc.") (define-public tcpdump (package (name "tcpdump") - (version "4.9.1") + (version "4.9.2") (source (origin (method url-fetch) - (uri (string-append "http://www.tcpdump.org/release/tcpdump-" - version ".tar.gz")) - (patches (search-patches "tcpdump-CVE-2017-11541.patch" - "tcpdump-CVE-2017-11542.patch" - "tcpdump-CVE-2017-11543.patch")) + (uri (list (string-append "http://www.tcpdump.org/release/tcpdump-" + version ".tar.gz") + ;; The tarball is not yet distributed from tcpdump.org, + ;; so we fetch it from Arch. For more information see + ;; <https://bugs.gnu.org/28387>. + (string-append "https://sources.archlinux.org/other/" + "packages/tcpdump/tcpdump-" version + ".tar.gz"))) (sha256 (base32 - "1wyqbg7bkmgqyslf1ns0xx9fcqi66hvcfm9nf77rl15jvvs8qi7r")))) + "0ygy0layzqaj838r5xd613iraz09wlfgpyh7pc6cwclql8v3b2vr")))) (build-system gnu-build-system) (inputs `(("libpcap" ,libpcap) ("openssl" ,openssl))) diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch b/gnu/packages/patches/tcpdump-CVE-2017-11541.patch deleted file mode 100644 index a9fc632dc2..0000000000 --- a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch +++ /dev/null @@ -1,47 +0,0 @@ -Fix CVE-2017-11541 - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541 - -Patch copied from upstream source repository: - -https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280 - -From 21d702a136c5c16882e368af7c173df728242280 Mon Sep 17 00:00:00 2001 -From: Guy Harris <guy@alum.mit.edu> -Date: Tue, 7 Feb 2017 11:40:36 -0800 -Subject: [PATCH] CVE-2017-11541: In safeputs(), check the length before - checking for a NUL terminator. - -safeputs() doesn't do packet bounds checking of its own; it assumes that -the caller has checked the availability in the packet data of all maxlen -bytes of data. This means we should check that we're within the -specified limit before looking at the byte. - -This fixes a buffer over-read discovered by Kamil Frankowicz. - -Add a test using the capture file supplied by the reporter(s). ---- - tests/TESTLIST | 1 + - tests/hoobr_safeputs.out | 2 ++ - tests/hoobr_safeputs.pcap | Bin 0 -> 88 bytes - util-print.c | 2 +- - 4 files changed, 4 insertions(+), 1 deletion(-) - create mode 100644 tests/hoobr_safeputs.out - create mode 100644 tests/hoobr_safeputs.pcap - -diff --git a/util-print.c b/util-print.c -index 394e7d59..ec3e8de8 100644 ---- a/util-print.c -+++ b/util-print.c -@@ -904,7 +904,7 @@ safeputs(netdissect_options *ndo, - { - u_int idx = 0; - -- while (*s && idx < maxlen) { -+ while (idx < maxlen && *s) { - safeputchar(ndo, *s); - idx++; - s++; --- -2.14.1 - diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch b/gnu/packages/patches/tcpdump-CVE-2017-11542.patch deleted file mode 100644 index 24849d5187..0000000000 --- a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch +++ /dev/null @@ -1,37 +0,0 @@ -Fix CVE-2017-11542: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542 - -Patch copied from upstream source repository: - -https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae - -From bed48062a64fca524156d7684af19f5b4a116fae Mon Sep 17 00:00:00 2001 -From: Guy Harris <guy@alum.mit.edu> -Date: Tue, 7 Feb 2017 11:10:04 -0800 -Subject: [PATCH] CVE-2017-11542/PIMv1: Add a bounds check. - -This fixes a buffer over-read discovered by Kamil Frankowicz. - -Add a test using the capture file supplied by the reporter(s). ---- - print-pim.c | 1 + - tests/TESTLIST | 1 + - tests/hoobr_pimv1.out | 25 +++++++++++++++++++++++++ - tests/hoobr_pimv1.pcap | Bin 0 -> 3321 bytes - 4 files changed, 27 insertions(+) - create mode 100644 tests/hoobr_pimv1.out - create mode 100644 tests/hoobr_pimv1.pcap - -diff --git a/print-pim.c b/print-pim.c -index 25525953..ed880ae7 100644 ---- a/print-pim.c -+++ b/print-pim.c -@@ -306,6 +306,7 @@ pimv1_print(netdissect_options *ndo, - pimv1_join_prune_print(ndo, &bp[8], len - 8); - break; - } -+ ND_TCHECK(bp[4]); - if ((bp[4] >> 4) != 1) - ND_PRINT((ndo, " [v%d]", bp[4] >> 4)); - return; diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch b/gnu/packages/patches/tcpdump-CVE-2017-11543.patch deleted file mode 100644 index c973503983..0000000000 --- a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch +++ /dev/null @@ -1,79 +0,0 @@ -Fix CVE-2017-11543: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543 - -Patch copied from upstream source repository: - -https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3 - -From 7039327875525278d17edee59720e29a3e76b7b3 Mon Sep 17 00:00:00 2001 -From: Guy Harris <guy@alum.mit.edu> -Date: Fri, 17 Mar 2017 12:49:04 -0700 -Subject: [PATCH] CVE-2017-11543/Make sure the SLIP direction octet is valid. - -Report if it's not, and don't use it as an out-of-bounds index into an -array. - -This fixes a buffer overflow discovered by Wilfried Kirsch. - -Add a test using the capture file supplied by the reporter(s), modified -so the capture file won't be rejected as an invalid capture. ---- - print-sl.c | 25 +++++++++++++++++++++++-- - tests/TESTLIST | 3 +++ - tests/slip-bad-direction.out | 1 + - tests/slip-bad-direction.pcap | Bin 0 -> 79 bytes - 4 files changed, 27 insertions(+), 2 deletions(-) - create mode 100644 tests/slip-bad-direction.out - create mode 100644 tests/slip-bad-direction.pcap - -diff --git a/print-sl.c b/print-sl.c -index 3fd7e898..a02077b3 100644 ---- a/print-sl.c -+++ b/print-sl.c -@@ -131,8 +131,21 @@ sliplink_print(netdissect_options *ndo, - u_int hlen; - - dir = p[SLX_DIR]; -- ND_PRINT((ndo, dir == SLIPDIR_IN ? "I " : "O ")); -+ switch (dir) { - -+ case SLIPDIR_IN: -+ ND_PRINT((ndo, "I ")); -+ break; -+ -+ case SLIPDIR_OUT: -+ ND_PRINT((ndo, "O ")); -+ break; -+ -+ default: -+ ND_PRINT((ndo, "Invalid direction %d ", dir)); -+ dir = -1; -+ break; -+ } - if (ndo->ndo_nflag) { - /* XXX just dump the header */ - register int i; -@@ -155,13 +168,21 @@ sliplink_print(netdissect_options *ndo, - * has restored the IP header copy to IPPROTO_TCP. - */ - lastconn = ((const struct ip *)&p[SLX_CHDR])->ip_p; -+ ND_PRINT((ndo, "utcp %d: ", lastconn)); -+ if (dir == -1) { -+ /* Direction is bogus, don't use it */ -+ return; -+ } - hlen = IP_HL(ip); - hlen += TH_OFF((const struct tcphdr *)&((const int *)ip)[hlen]); - lastlen[dir][lastconn] = length - (hlen << 2); -- ND_PRINT((ndo, "utcp %d: ", lastconn)); - break; - - default: -+ if (dir == -1) { -+ /* Direction is bogus, don't use it */ -+ return; -+ } - if (p[SLX_CHDR] & TYPE_COMPRESSED_TCP) { - compressed_sl_print(ndo, &p[SLX_CHDR], ip, - length, dir); |