summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Volkov <pva@gentoo.org>2007-07-10 13:41:14 +0000
committerPeter Volkov <pva@gentoo.org>2007-07-10 13:41:14 +0000
commit49020943b59cfb84abdee8af07e4fe3d56ca56e3 (patch)
treeda16c45451341308cc8ba0f955bd32ed50230fd9 /net-analyzer/tcpdump
parentAdded patch to compile against kernel 2.6.22, thanks to Helmut Auer <helmut@h... (diff)
downloadhistorical-49020943b59cfb84abdee8af07e4fe3d56ca56e3.tar.gz
historical-49020943b59cfb84abdee8af07e4fe3d56ca56e3.tar.bz2
historical-49020943b59cfb84abdee8af07e4fe3d56ca56e3.zip
Fix vulnerability reported in bug 184815. Thank mu-b <mu-b AT digit-labs.org>. Force tcpdump to drop privileges by default. Thank Jukka Ruohonen <drear AT iki.fi> for report (bug #176391).
Package-Manager: portage-2.1.3_rc7
Diffstat (limited to 'net-analyzer/tcpdump')
-rw-r--r--net-analyzer/tcpdump/ChangeLog12
-rw-r--r--net-analyzer/tcpdump/Manifest26
-rw-r--r--net-analyzer/tcpdump/files/digest-tcpdump-3.9.5-r33
-rw-r--r--net-analyzer/tcpdump/files/digest-tcpdump-3.9.6-r13
-rw-r--r--net-analyzer/tcpdump/files/tcpdump-3.9.6-bgp-integer-overflow.patch21
-rw-r--r--net-analyzer/tcpdump/tcpdump-3.9.5-r3.ebuild86
-rw-r--r--net-analyzer/tcpdump/tcpdump-3.9.6-r1.ebuild86
7 files changed, 232 insertions, 5 deletions
diff --git a/net-analyzer/tcpdump/ChangeLog b/net-analyzer/tcpdump/ChangeLog
index 96f1b519259f..089be2b681a7 100644
--- a/net-analyzer/tcpdump/ChangeLog
+++ b/net-analyzer/tcpdump/ChangeLog
@@ -1,6 +1,16 @@
# ChangeLog for net-analyzer/tcpdump
# Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/ChangeLog,v 1.98 2007/06/23 09:39:49 cedk Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/ChangeLog,v 1.99 2007/07/10 13:41:14 pva Exp $
+
+*tcpdump-3.9.6-r1 (10 Jul 2007)
+*tcpdump-3.9.5-r3 (10 Jul 2007)
+
+ 10 Jul 2007; <pva@gentoo.org>
+ +files/tcpdump-3.9.6-bgp-integer-overflow.patch, +tcpdump-3.9.5-r3.ebuild,
+ +tcpdump-3.9.6-r1.ebuild:
+ Fix vulnerability reported in bug 184815. Thank mu-b <mu-b AT
+ digit-labs.org>. Force tcpdump to drop privileges by default. Thank Jukka
+ Ruohonen <drear AT iki.fi> for report (bug #176391).
*tcpdump-3.9.6 (23 Jun 2007)
diff --git a/net-analyzer/tcpdump/Manifest b/net-analyzer/tcpdump/Manifest
index 9c6d8c1363d5..96dd522f0896 100644
--- a/net-analyzer/tcpdump/Manifest
+++ b/net-analyzer/tcpdump/Manifest
@@ -14,20 +14,32 @@ AUX tcpdump-3.9.5-print-802_11.c.diff 365 RMD160 2b1186b691a9e25416eea1c7b1c3599
MD5 361356159496cb5a083bc49a8f4241a4 files/tcpdump-3.9.5-print-802_11.c.diff 365
RMD160 2b1186b691a9e25416eea1c7b1c3599dfc4b703f files/tcpdump-3.9.5-print-802_11.c.diff 365
SHA256 83c188a5bf08199a3c4abf481fa2a2813ff29954e12b5df81002bd40e1d5dab4 files/tcpdump-3.9.5-print-802_11.c.diff 365
+AUX tcpdump-3.9.6-bgp-integer-overflow.patch 905 RMD160 0f344c018dfa373720280b8d68787719365dd171 SHA1 848af722425dead317f02c4f5f72aadc553da006 SHA256 aa4f20c089516657ddee98f69df922cbe2a47917e953249e64d3e5bc52f211f7
+MD5 97255748538244986a75bd74520e91eb files/tcpdump-3.9.6-bgp-integer-overflow.patch 905
+RMD160 0f344c018dfa373720280b8d68787719365dd171 files/tcpdump-3.9.6-bgp-integer-overflow.patch 905
+SHA256 aa4f20c089516657ddee98f69df922cbe2a47917e953249e64d3e5bc52f211f7 files/tcpdump-3.9.6-bgp-integer-overflow.patch 905
DIST tcpdump-3.9.5.tar.gz 712411 RMD160 e0409ad55deda1b2a74950522720610c6c94d771 SHA1 a9850177809196008ed3e6212cb651ed1500353c SHA256 6a1617253f12bf2ac440eeb8709baeb907c6b801442bf2229a6bb84489cf38f4
DIST tcpdump-3.9.6.tar.gz 712992 RMD160 9b098d50ab381ab8cc7d59a96a9acc41b570d929 SHA1 a07907268c200f90a8b7c5dbc6a1427917cc1058 SHA256 242b27388ada00d0c40097cef0d56ac5bdbb0a5d81dffb480cdd91b109e10d8d
EBUILD tcpdump-3.9.5-r2.ebuild 1943 RMD160 50ab9ac319913633766cfce82e08b2648ee9489c SHA1 cc1931e9904c0a6d6794c10e6b92ed22c63dc424 SHA256 393db6ecfb9176290c37c6593498f8decce9c16027e5a7aacbe65c3dcef5c550
MD5 49ef4f339ca898521cf0719482256c59 tcpdump-3.9.5-r2.ebuild 1943
RMD160 50ab9ac319913633766cfce82e08b2648ee9489c tcpdump-3.9.5-r2.ebuild 1943
SHA256 393db6ecfb9176290c37c6593498f8decce9c16027e5a7aacbe65c3dcef5c550 tcpdump-3.9.5-r2.ebuild 1943
+EBUILD tcpdump-3.9.5-r3.ebuild 2238 RMD160 6f59617696cd6c0dd8f585ac9cb1710c92f4bcdb SHA1 2738a8185ffeb2a5169c521076b6f1c83d449124 SHA256 fac0d6608997323fe3800499d7e2030397cb2ebb8b945fb3fb21eac147e2f321
+MD5 461ad6ad490225274b670d0f02ed42e4 tcpdump-3.9.5-r3.ebuild 2238
+RMD160 6f59617696cd6c0dd8f585ac9cb1710c92f4bcdb tcpdump-3.9.5-r3.ebuild 2238
+SHA256 fac0d6608997323fe3800499d7e2030397cb2ebb8b945fb3fb21eac147e2f321 tcpdump-3.9.5-r3.ebuild 2238
+EBUILD tcpdump-3.9.6-r1.ebuild 2242 RMD160 fb9c755e99d5aef11bd9a54e64b3abd58919d147 SHA1 1aabfdda226b63712a653a137ee77d560535f818 SHA256 6694f10de6d11c5b547f3aed64134007324dd4dea75df86a4de3db3a97c0d65a
+MD5 e5a169df4f3c69415e6d70a9b0b69f23 tcpdump-3.9.6-r1.ebuild 2242
+RMD160 fb9c755e99d5aef11bd9a54e64b3abd58919d147 tcpdump-3.9.6-r1.ebuild 2242
+SHA256 6694f10de6d11c5b547f3aed64134007324dd4dea75df86a4de3db3a97c0d65a tcpdump-3.9.6-r1.ebuild 2242
EBUILD tcpdump-3.9.6.ebuild 1962 RMD160 896a372de51d1514205005562df73f4f75022e89 SHA1 eef5edeae74fcd00ca238806db0fb195f22c2912 SHA256 f75b80dbcc87eaaa21ca81eaea9d789b83a7701e525360051748fe017a2044ce
MD5 79ea7b3adcfff574067f6215ae7adaf9 tcpdump-3.9.6.ebuild 1962
RMD160 896a372de51d1514205005562df73f4f75022e89 tcpdump-3.9.6.ebuild 1962
SHA256 f75b80dbcc87eaaa21ca81eaea9d789b83a7701e525360051748fe017a2044ce tcpdump-3.9.6.ebuild 1962
-MISC ChangeLog 12944 RMD160 bd19bc33838637247135eab71d8fbe33807d09a0 SHA1 3810ad70519e6dc028373755d095ea74440be74b SHA256 eab472d9880aefb267a8fe1418e87595865edda590343643d3c09146b6aff9a0
-MD5 41516e6fe94ab5c3cdcd8c1a179987a0 ChangeLog 12944
-RMD160 bd19bc33838637247135eab71d8fbe33807d09a0 ChangeLog 12944
-SHA256 eab472d9880aefb267a8fe1418e87595865edda590343643d3c09146b6aff9a0 ChangeLog 12944
+MISC ChangeLog 13341 RMD160 c60e96dbf13721898c616ce2a9fc60458bcdc4c8 SHA1 27d40eaa2f9162b6fe97f4b1793f87a26001f946 SHA256 82e66f1af175fac3a52de0833690399dfa0d8ef9a04572ec24adeb2c524ecd1c
+MD5 9c9e04a519501a8f5df89873a87ecf22 ChangeLog 13341
+RMD160 c60e96dbf13721898c616ce2a9fc60458bcdc4c8 ChangeLog 13341
+SHA256 82e66f1af175fac3a52de0833690399dfa0d8ef9a04572ec24adeb2c524ecd1c ChangeLog 13341
MISC metadata.xml 268 RMD160 896e1ec3be866fe1d515b55473f0ac763b9f8a12 SHA1 9a77e6e1b7e0c4469583dc9d9a20065d6ac74ab6 SHA256 01030866e2f7de584ec505f71cfbfbbb48f8a790a0ea50a3da1974b74423f827
MD5 1465cdeb961745379a8ae1402b3e51ab metadata.xml 268
RMD160 896e1ec3be866fe1d515b55473f0ac763b9f8a12 metadata.xml 268
@@ -35,6 +47,12 @@ SHA256 01030866e2f7de584ec505f71cfbfbbb48f8a790a0ea50a3da1974b74423f827 metadata
MD5 529ef132e81950340671aa911a76e183 files/digest-tcpdump-3.9.5-r2 241
RMD160 eb77d5212d7f489fa7ff696bfb37f6bb534a5ab9 files/digest-tcpdump-3.9.5-r2 241
SHA256 e7b50f54579db8c825c28d89b19081abf1c5407bd89276f47b03ada1968e085e files/digest-tcpdump-3.9.5-r2 241
+MD5 529ef132e81950340671aa911a76e183 files/digest-tcpdump-3.9.5-r3 241
+RMD160 eb77d5212d7f489fa7ff696bfb37f6bb534a5ab9 files/digest-tcpdump-3.9.5-r3 241
+SHA256 e7b50f54579db8c825c28d89b19081abf1c5407bd89276f47b03ada1968e085e files/digest-tcpdump-3.9.5-r3 241
MD5 32d5d11bfd7605409e0c5c40d704f64c files/digest-tcpdump-3.9.6 241
RMD160 c0864c48cd0c35444a17acf543f82c73d2d29e8e files/digest-tcpdump-3.9.6 241
SHA256 145158cc8bac01f84806a47217b1b318750977d71387d055a6a7a6e4b03b6fdd files/digest-tcpdump-3.9.6 241
+MD5 32d5d11bfd7605409e0c5c40d704f64c files/digest-tcpdump-3.9.6-r1 241
+RMD160 c0864c48cd0c35444a17acf543f82c73d2d29e8e files/digest-tcpdump-3.9.6-r1 241
+SHA256 145158cc8bac01f84806a47217b1b318750977d71387d055a6a7a6e4b03b6fdd files/digest-tcpdump-3.9.6-r1 241
diff --git a/net-analyzer/tcpdump/files/digest-tcpdump-3.9.5-r3 b/net-analyzer/tcpdump/files/digest-tcpdump-3.9.5-r3
new file mode 100644
index 000000000000..c7b2ab6bf4ef
--- /dev/null
+++ b/net-analyzer/tcpdump/files/digest-tcpdump-3.9.5-r3
@@ -0,0 +1,3 @@
+MD5 2135e7b1f09af0eaf66d2af822bed44a tcpdump-3.9.5.tar.gz 712411
+RMD160 e0409ad55deda1b2a74950522720610c6c94d771 tcpdump-3.9.5.tar.gz 712411
+SHA256 6a1617253f12bf2ac440eeb8709baeb907c6b801442bf2229a6bb84489cf38f4 tcpdump-3.9.5.tar.gz 712411
diff --git a/net-analyzer/tcpdump/files/digest-tcpdump-3.9.6-r1 b/net-analyzer/tcpdump/files/digest-tcpdump-3.9.6-r1
new file mode 100644
index 000000000000..ce08b07ecc8b
--- /dev/null
+++ b/net-analyzer/tcpdump/files/digest-tcpdump-3.9.6-r1
@@ -0,0 +1,3 @@
+MD5 f564e46e595603ce908b54074e3709d3 tcpdump-3.9.6.tar.gz 712992
+RMD160 9b098d50ab381ab8cc7d59a96a9acc41b570d929 tcpdump-3.9.6.tar.gz 712992
+SHA256 242b27388ada00d0c40097cef0d56ac5bdbb0a5d81dffb480cdd91b109e10d8d tcpdump-3.9.6.tar.gz 712992
diff --git a/net-analyzer/tcpdump/files/tcpdump-3.9.6-bgp-integer-overflow.patch b/net-analyzer/tcpdump/files/tcpdump-3.9.6-bgp-integer-overflow.patch
new file mode 100644
index 000000000000..76cd330c0aa3
--- /dev/null
+++ b/net-analyzer/tcpdump/files/tcpdump-3.9.6-bgp-integer-overflow.patch
@@ -0,0 +1,21 @@
+diff -Nuar tcpdump-3.9.5.orig/print-bgp.c tcpdump-3.9.5/print-bgp.c
+--- tcpdump-3.9.5.orig/print-bgp.c 2007-07-10 17:16:02.000000000 +0400
++++ tcpdump-3.9.5/print-bgp.c 2007-07-10 17:16:45.000000000 +0400
+@@ -669,7 +669,7 @@
+ tlen-=15;
+
+ /* ok now the variable part - lets read out TLVs*/
+- while (tlen>0) {
++ while (tlen>0 && strlen <= buflen) {
+ if (tlen < 3)
+ return -1;
+ TCHECK2(pptr[0], 3);
+@@ -684,7 +684,7 @@
+ tlv_type,
+ tlv_len);
+ ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ? */
+- while (ttlv_len>0) {
++ while (ttlv_len>0 && strlen <= buflen) {
+ TCHECK(pptr[0]);
+ strlen+=snprintf(buf+strlen,buflen-strlen, "%02x",*pptr++);
+ ttlv_len--;
diff --git a/net-analyzer/tcpdump/tcpdump-3.9.5-r3.ebuild b/net-analyzer/tcpdump/tcpdump-3.9.5-r3.ebuild
new file mode 100644
index 000000000000..5c7e8f559f82
--- /dev/null
+++ b/net-analyzer/tcpdump/tcpdump-3.9.5-r3.ebuild
@@ -0,0 +1,86 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/tcpdump-3.9.5-r3.ebuild,v 1.1 2007/07/10 13:41:14 pva Exp $
+
+inherit flag-o-matic toolchain-funcs eutils
+
+DESCRIPTION="A Tool for network monitoring and data acquisition"
+HOMEPAGE="http://www.tcpdump.org/"
+SRC_URI="http://www.tcpdump.org/release/${P}.tar.gz
+ http://www.jp.tcpdump.org/release/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="ssl ipv6 samba"
+
+DEPEND="net-libs/libpcap
+ ssl? ( >=dev-libs/openssl-0.9.6m )"
+
+pkg_setup() {
+ if use samba ; then
+ ewarn
+ ewarn "CAUTION !!! CAUTION !!! CAUTION"
+ ewarn
+ ewarn "You're about to compile tcpdump with samba printing support"
+ ewarn "Upstream tags it as 'possibly-buggy SMB printer'"
+ ewarn "So think twice whether this is fine with you"
+ ewarn
+ ewarn "CAUTION !!! CAUTION !!! CAUTION"
+ ewarn
+ ewarn "(Giving you 10 secs to think about it)"
+ ewarn
+ ebeep 5
+ epause 5
+ fi
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ # bug 168916 - off-by-one heap overflow in 802.11 printer
+ epatch "${FILESDIR}"/${P}-print-802_11.c.diff
+
+ # bug #184815 - <= 3.9.6 BGP dissector integer overflow
+ epatch "${FILESDIR}"/tcpdump-3.9.6-bgp-integer-overflow.patch
+}
+
+src_compile() {
+ # tcpdump needs some optymalization. see bug #108391
+ ( ! is-flag -O? || is-flag -O0 ) && append-flags -O
+
+ replace-flags -O[3-9] -O2
+ filter-flags -finline-functions
+
+ # Fix wrt bug #48747
+ if [[ $(gcc-major-version) -gt 3 ]] || \
+ [[ $(gcc-major-version) -eq 3 && $(gcc-minor-version) -ge 4 ]]
+ then
+ filter-flags -funit-at-a-time
+ append-flags -fno-unit-at-a-time
+ fi
+
+ local myconf
+ if ! use ssl ; then
+ myconf="--without-crypto"
+ fi
+
+ econf --with-user=tcpdump \
+ $(use_enable ipv6) \
+ $(use_enable samba smb) \
+ ${myconf} || die "configure failed"
+
+ make CCOPT="$CFLAGS" || die "make failed"
+}
+
+pkg_preinst() {
+ enewgroup tcpdump || die "Failed to add group tcpdump"
+ enewuser tcpdump -1 -1 -1 tcpdump || die "Failed to add user tcpdump"
+}
+
+src_install() {
+ dosbin tcpdump || die
+ doman tcpdump.1
+ dodoc *.awk
+ dodoc README FILES VERSION CHANGES
+}
diff --git a/net-analyzer/tcpdump/tcpdump-3.9.6-r1.ebuild b/net-analyzer/tcpdump/tcpdump-3.9.6-r1.ebuild
new file mode 100644
index 000000000000..2cb415a40883
--- /dev/null
+++ b/net-analyzer/tcpdump/tcpdump-3.9.6-r1.ebuild
@@ -0,0 +1,86 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/tcpdump-3.9.6-r1.ebuild,v 1.1 2007/07/10 13:41:14 pva Exp $
+
+inherit flag-o-matic toolchain-funcs eutils
+
+DESCRIPTION="A Tool for network monitoring and data acquisition"
+HOMEPAGE="http://www.tcpdump.org/"
+SRC_URI="http://www.tcpdump.org/release/${P}.tar.gz
+ http://www.jp.tcpdump.org/release/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="ssl ipv6 samba"
+
+DEPEND="net-libs/libpcap
+ ssl? ( >=dev-libs/openssl-0.9.6m )"
+
+pkg_setup() {
+ if use samba ; then
+ ewarn
+ ewarn "CAUTION !!! CAUTION !!! CAUTION"
+ ewarn
+ ewarn "You're about to compile tcpdump with samba printing support"
+ ewarn "Upstream tags it as 'possibly-buggy SMB printer'"
+ ewarn "So think twice whether this is fine with you"
+ ewarn
+ ewarn "CAUTION !!! CAUTION !!! CAUTION"
+ ewarn
+ ewarn "(Giving you 10 secs to think about it)"
+ ewarn
+ ebeep 5
+ epause 5
+ fi
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+ # bug 168916 - off-by-one heap overflow in 802.11 printer
+ epatch "${FILESDIR}"/${PN}-3.9.5-print-802_11.c.diff
+
+ # bug #184815 - <= 3.9.6 BGP dissector integer overflow
+ epatch "${FILESDIR}"/${P}-bgp-integer-overflow.patch
+}
+
+src_compile() {
+ # tcpdump needs some optymalization. see bug #108391
+ ( ! is-flag -O? || is-flag -O0 ) && append-flags -O
+
+ replace-flags -O[3-9] -O2
+ filter-flags -finline-functions
+
+ # Fix wrt bug #48747
+ if [[ $(gcc-major-version) -gt 3 ]] || \
+ [[ $(gcc-major-version) -eq 3 && $(gcc-minor-version) -ge 4 ]]
+ then
+ filter-flags -funit-at-a-time
+ append-flags -fno-unit-at-a-time
+ fi
+
+ local myconf
+ if ! use ssl ; then
+ myconf="--without-crypto"
+ fi
+
+ econf --with-user=tcpdump \
+ $(use_enable ipv6) \
+ $(use_enable samba smb) \
+ ${myconf} || die "configure failed"
+
+ make CCOPT="$CFLAGS" || die "make failed"
+}
+
+pkg_preinst() {
+ enewgroup tcpdump || die "Failed to add group tcpdump"
+ enewuser tcpdump -1 -1 -1 tcpdump || die "Failed to add user tcpdump"
+}
+
+src_install() {
+ dosbin tcpdump
+ doman tcpdump.1
+ dodoc *.awk
+ dodoc README FILES VERSION CHANGES CREDITS TODO
+}