From 3b8db97a528e72de2d162af71e912ff81c1ef1a3 Mon Sep 17 00:00:00 2001 From: DENG Qingfang Date: Sun, 13 Oct 2019 00:29:13 +0800 Subject: [PATCH] tcpdump: update to 4.9.3 Fixed CVEs: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 CVE-2019-15167 Signed-off-by: DENG Qingfang (cherry picked from commit 394273c066b8f4317b77f3ede216cfcdd45250c1) --- package/network/utils/tcpdump/Makefile | 4 +-- .../patches/001-remove_pcap_debug.patch | 2 +- .../002-remove_static_libpcap_check.patch | 4 +-- .../tcpdump/patches/100-tcpdump_mini.patch | 28 +++++++++---------- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/package/network/utils/tcpdump/Makefile b/package/network/utils/tcpdump/Makefile index 712617fd25..6da5a97f62 100644 --- a/package/network/utils/tcpdump/Makefile +++ b/package/network/utils/tcpdump/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=tcpdump -PKG_VERSION:=4.9.2 +PKG_VERSION:=4.9.3 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://www.us.tcpdump.org/release/ \ http://www.tcpdump.org/release/ -PKG_HASH:=798b3536a29832ce0cbb07fafb1ce5097c95e308a6f592d14052e1ef1505fe79 +PKG_HASH:=2cd47cb3d460b6ff75f4a9940f594317ad456cfbf2bd2c8e5151e16559db6410 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) PKG_BUILD_PARALLEL:=1 diff --git a/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch b/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch index 0588f39cca..3da979dd35 100644 --- a/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch +++ b/package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -6259,97 +6259,6 @@ $as_echo "no" >&6; } +@@ -6183,97 +6183,6 @@ $as_echo "no" >&6; } fi fi diff --git a/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch b/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch index 6d96c2eacd..fdebfcc6d8 100644 --- a/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch +++ b/package/network/utils/tcpdump/patches/002-remove_static_libpcap_check.patch @@ -1,6 +1,6 @@ --- a/configure +++ b/configure -@@ -5471,37 +5471,6 @@ $as_echo "Using $pfopen" >&6; } +@@ -5395,37 +5395,6 @@ $as_echo "Using $pfopen" >&6; } LIBS="$LIBS $pfopen" fi fi @@ -38,7 +38,7 @@ # # Look for pcap-config. -@@ -5657,51 +5626,6 @@ if test "x$ac_cv_lib_pcap_main" = xyes; +@@ -5581,51 +5550,6 @@ if test "x$ac_cv_lib_pcap_main" = xyes; libpcap="-lpcap" fi diff --git a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch index 48cc470bf9..17477d2799 100644 --- a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch +++ b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch @@ -102,7 +102,7 @@ +#endif tp = lookup_bytestring(ndo, ep, len); - if (tp->bs_name) + if (tp->bs_name) @@ -1214,6 +1216,7 @@ init_addrtoname(netdissect_options *ndo, init_ipxsaparray(ndo); } @@ -111,7 +111,7 @@ const char * dnaddr_string(netdissect_options *ndo, u_short dnaddr) { -@@ -1233,6 +1236,7 @@ dnaddr_string(netdissect_options *ndo, u +@@ -1230,6 +1233,7 @@ dnaddr_string(netdissect_options *ndo, u return(tp->name); } @@ -224,7 +224,7 @@ return (1); @@ -368,6 +369,7 @@ ethertype_print(netdissect_options *ndo, } - isoclns_print(ndo, p + 1, length - 1); + isoclns_print(ndo, p + 1, length - 1); return(1); +#endif @@ -321,15 +321,15 @@ advance = frag6_print(ndo, cp, (const u_char *)ip6); if (advance < 0 || ndo->ndo_snapend <= cp + advance) @@ -328,6 +329,7 @@ ip6_print(netdissect_options *ndo, const - return; + return; nh = *cp; return; +#endif case IPPROTO_ROUTING: - ND_TCHECK(*cp); + ND_TCHECK(*cp); advance = rt6_print(ndo, cp, (const u_char *)ip6); @@ -335,12 +337,14 @@ ip6_print(netdissect_options *ndo, const - return; + return; nh = *cp; break; +#ifndef TCPDUMP_MINI @@ -350,7 +350,7 @@ +#ifndef TCPDUMP_MINI case IPPROTO_AH: advance = ah_print(ndo, cp); - if (advance < 0) + if (advance < 0) @@ -382,6 +387,7 @@ ip6_print(netdissect_options *ndo, const case IPPROTO_PIM: pim_print(ndo, cp, len, (const u_char *)ip6); @@ -440,7 +440,7 @@ +#endif default: - if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL) + if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL) --- a/print-llc.c +++ b/print-llc.c @@ -206,6 +206,7 @@ llc_print(netdissect_options *ndo, const @@ -482,14 +482,14 @@ +#ifndef TCPDUMP_MINI if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS && control == LLC_UI) { - isoclns_print(ndo, p, length); + isoclns_print(ndo, p, length); return (hdrlen); } - +#endif if (!ndo->ndo_eflag) { if (ssap == dsap) { - if (src == NULL || dst == NULL) + if (src == NULL || dst == NULL) @@ -480,6 +485,7 @@ snap_print(netdissect_options *ndo, cons case OUI_CISCO: @@ -530,7 +530,7 @@ +#ifndef TCPDUMP_MINI case BSD_AFNUM_ISO: - isoclns_print(ndo, p, length); + isoclns_print(ndo, p, length); break; @@ -127,6 +128,7 @@ null_if_print(netdissect_options *ndo, c case BSD_AFNUM_IPX: @@ -605,7 +605,7 @@ /* --- a/print-sll.c +++ b/print-sll.c -@@ -238,12 +238,14 @@ recurse: +@@ -249,12 +249,14 @@ recurse: */ switch (ether_type) { @@ -683,7 +683,7 @@ else if (IS_SRC_OR_DST_PORT(FTP_PORT)) { ND_PRINT((ndo, ": ")); ftp_print(ndo, bp, length); -@@ -719,6 +730,7 @@ tcp_print(netdissect_options *ndo, +@@ -725,6 +736,7 @@ tcp_print(netdissect_options *ndo, * XXX packet could be unaligned, it can go strange */ ns_print(ndo, bp + 2, length - 2, 0); @@ -691,7 +691,7 @@ } else if (IS_SRC_OR_DST_PORT(MSDP_PORT)) { msdp_print(ndo, bp, length); } else if (IS_SRC_OR_DST_PORT(RPKI_RTR_PORT)) { -@@ -726,6 +738,7 @@ tcp_print(netdissect_options *ndo, +@@ -732,6 +744,7 @@ tcp_print(netdissect_options *ndo, } else if (length > 0 && (IS_SRC_OR_DST_PORT(LDP_PORT))) { ldp_print(ndo, bp, length);