buildroot/package/tcpdump, branch 2019.02-op-build

tcpdump: security bump to version 4.9.2

2017-09-09T20:11:18+00:00

Fixes the following security issues (descriptions not public yet): Fix buffer overflow vulnerabilities: CVE-2017-11543 (SLIP) CVE-2017-13011 (bittok2str_internal) Fix infinite loop vulnerabilities: CVE-2017-12989 (RESP) CVE-2017-12990 (ISAKMP) CVE-2017-12995 (DNS) CVE-2017-12997 (LLDP) Fix buffer over-read vulnerabilities: CVE-2017-11541 (safeputs) CVE-2017-11542 (PIMv1) CVE-2017-12893 (SMB/CIFS) CVE-2017-12894 (lookup_bytestring) CVE-2017-12895 (ICMP) CVE-2017-12896 (ISAKMP) CVE-2017-12897 (ISO CLNS) CVE-2017-12898 (NFS) CVE-2017-12899 (DECnet) CVE-2017-12900 (tok2strbuf) CVE-2017-12901 (EIGRP) CVE-2017-12902 (Zephyr) CVE-2017-12985 (IPv6) CVE-2017-12986 (IPv6 routing headers) CVE-2017-12987 (IEEE 802.11) CVE-2017-12988 (telnet) CVE-2017-12991 (BGP) CVE-2017-12992 (RIPng) CVE-2017-12993 (Juniper) CVE-2017-11542 (PIMv1) CVE-2017-11541 (safeputs) CVE-2017-12994 (BGP) CVE-2017-12996 (PIMv2) CVE-2017-12998 (ISO IS-IS) CVE-2017-12999 (ISO IS-IS) CVE-2017-13000 (IEEE 802.15.4) CVE-2017-13001 (NFS) CVE-2017-13002 (AODV) CVE-2017-13003 (LMP) CVE-2017-13004 (Juniper) CVE-2017-13005 (NFS) CVE-2017-13006 (L2TP) CVE-2017-13007 (Apple PKTAP) CVE-2017-13008 (IEEE 802.11) CVE-2017-13009 (IPv6 mobility) CVE-2017-13010 (BEEP) CVE-2017-13012 (ICMP) CVE-2017-13013 (ARP) CVE-2017-13014 (White Board) CVE-2017-13015 (EAP) CVE-2017-11543 (SLIP) CVE-2017-13016 (ISO ES-IS) CVE-2017-13017 (DHCPv6) CVE-2017-13018 (PGM) CVE-2017-13019 (PGM) CVE-2017-13020 (VTP) CVE-2017-13021 (ICMPv6) CVE-2017-13022 (IP) CVE-2017-13023 (IPv6 mobility) CVE-2017-13024 (IPv6 mobility) CVE-2017-13025 (IPv6 mobility) CVE-2017-13026 (ISO IS-IS) CVE-2017-13027 (LLDP) CVE-2017-13028 (BOOTP) CVE-2017-13029 (PPP) CVE-2017-13030 (PIM) CVE-2017-13031 (IPv6 fragmentation header) CVE-2017-13032 (RADIUS) CVE-2017-13033 (VTP) CVE-2017-13034 (PGM) CVE-2017-13035 (ISO IS-IS) CVE-2017-13036 (OSPFv3) CVE-2017-13037 (IP) CVE-2017-13038 (PPP) CVE-2017-13039 (ISAKMP) CVE-2017-13040 (MPTCP) CVE-2017-13041 (ICMPv6) CVE-2017-13042 (HNCP) CVE-2017-13043 (BGP) CVE-2017-13044 (HNCP) CVE-2017-13045 (VQP) CVE-2017-13046 (BGP) CVE-2017-13047 (ISO ES-IS) CVE-2017-13048 (RSVP) CVE-2017-13049 (Rx) CVE-2017-13050 (RPKI-Router) CVE-2017-13051 (RSVP) CVE-2017-13052 (CFM) CVE-2017-13053 (BGP) CVE-2017-13054 (LLDP) CVE-2017-13055 (ISO IS-IS) CVE-2017-13687 (Cisco HDLC) CVE-2017-13688 (OLSR) CVE-2017-13689 (IKEv1) CVE-2017-13690 (IKEv2) CVE-2017-13725 (IPv6 routing headers) While we're at it, add a hash for the license file. Signed-off-by: Peter Korsgaard Signed-off-by: Thomas Petazzoni

tcpdump: security bump to 4.9.1

2017-07-26T14:53:32+00:00

Fixes CVE-2017-11108/Fix bounds checking for STP Changelog: http://www.tcpdump.org/tcpdump-changes.txt [Peter: add signature link as suggested by Baruch] Signed-off-by: Thomas De Schampheleire Signed-off-by: Peter Korsgaard

boot, package: use SPDX short identifier for BSD-3c

2017-04-01T13:26:57+00:00

We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-3c is BSD-3-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g' Signed-off-by: Rahul Bedarkar Signed-off-by: Thomas Petazzoni

tcpdump: security bump to version 4.9.0

2017-02-03T13:14:49+00:00

Security fixes in this release (from the Debian changelog): + CVE-2016-7922: buffer overflow in print-ah.c:ah_print(). + CVE-2016-7923: buffer overflow in print-arp.c:arp_print(). + CVE-2016-7924: buffer overflow in print-atm.c:oam_print(). + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print(). + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print(). + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print(). + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print(). + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header(). + CVE-2016-7930: buffer overflow in print-llc.c:llc_print(). + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print(). + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum(). + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print(). + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print(). + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print(). + CVE-2016-7936: buffer overflow in print-udp.c:udp_print(). + CVE-2016-7937: buffer overflow in print-udp.c:vat_print(). + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame(). + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions. + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions. + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions. + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions. + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print(). + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print(). + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print(). + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print(). + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions. + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print(). + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print(). + CVE-2016-8575: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print(). + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print(). + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print(). + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print(). + CVE-2017-5341: buffer overflow in print-otv.c:otv_print(). + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). + CVE-2017-5482: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse(). + CVE-2017-5484: buffer overflow in print-atm.c:sig_print(). + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap(). + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print(). Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard

tcpdump: bump version to 4.8.1

2016-10-26T10:29:33+00:00

Signed-off-by: Vicente Olivert Riera Signed-off-by: Thomas Petazzoni

tcpdump: bump version to 4.8.0

2016-08-02T11:07:51+00:00

Signed-off-by: Vicente Olivert Riera Signed-off-by: Peter Korsgaard

tcpdump: drop unneeded security patches

2015-10-02T14:34:25+00:00

Version 4.7.4 of tcpdump is not vulnerable to these issues according to: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8767 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8768 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8769 The tcpdump commit log seems to indicate that these issues were fixes in a different way in the following commits: CVE-2014-8767: 4038f83ebf654804829b258dde5e0a508c1c2003 CVE-2014-8768: 9255c9b05b0a04b8d89739b3efcb9f393a617fe9 CVE-2014-8769: 9ed7ddb48fd557dc993e73f22a50dda6cedf4df7 Just drop these patches. Cc: Gustavo Zacarias Signed-off-by: Baruch Siach Acked-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard

packages: use backtick instead of $(shell ...) make function

2015-07-14T22:42:01+00:00

It is often difficult to know exactly when make will expand the variable, and usually it can only be expanded after the dependencies have been built (e.g. pkg-config or the .pc file). Using a backtick instead makes it very clear that it will be expanded only while executing the command. This change is useful for two cases: 1. The per-package staging (and host) directory will be created as part of the configure step, so any $(shell ...) variable that is used in the configure step will fail because the directory doesn't exist yet. 2. 'make printvars' evaluates the variables it prints. It will therefore trigger a lot of errors from missing .pc files and others. The backticks, on the other hand, are not expanded, so with this change the output of 'make printvars' becomes clean again. This commit contains only the easy changes: replace $(shell ...) with `...`, and also replace ' with " where needed. Follow-up commits will tackle the more complicated cases that need additional explanation. After this change, the following instances of $(shell ...) will remain: - All assignments that use := - All variables that are used in make conditionals (which don't expand the backticks). - All variables that only refer to system executables and make variables that don't change. - The calls to check-host-* in dependencies.mk, because it is eval'ed. [Original patch by Fabio Porcedda, but extended quite a bit by Arnout.] Signed-off-by: Fabio Porcedda Signed-off-by: Arnout Vandecappelle (Essensium/Mind) Signed-off-by: Thomas Petazzoni

tcpdump: bump to version 4.7.4

2015-06-01T21:56:17+00:00

Signed-off-by: Baruch Siach Signed-off-by: Peter Korsgaard

tcpdump: security bump to version 4.7.3

2015-03-11T16:08:44+00:00

Fixes: CVE-2015-0261 - issues with IPv6 mobility printer. CVE-2015-2153 - issue with tcp printer. CVE-2015-2154 - issue with ethernet printer. CVE-2015-2155 - issue with force printer. CVE-2014-9140 fix is upstream so patch dropped. System libpcap upstream as well so dropped. CVE-2014-8767, CVE-2014-8768 and CVE-2014-8769 don't seem to be upstream so keep. And add hash file. Signed-off-by: Gustavo Zacarias Signed-off-by: Peter Korsgaard