commit: 5ffa42e571f5f14a5a3400a8993a4b7745a852ef Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Sat Nov 7 01:44:47 2020 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Sat Nov 7 01:44:47 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ffa42e5
net-analyzer/tcpdump: patch CVE-2020-8037 Note that CVE-2020-8036 is already fixed in the version of 4.10.x packaged in Gentoo and 4.9.x is unaffected (the relevant functionality simply did not exist). Bug: https://bugs.gentoo.org/753146 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Sam James <sam <AT> gentoo.org> .../files/tcpdump-4.9.3-CVE-2020-8037.patch | 63 ++++++++++++++++++++++ net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild | 22 +++----- ....10.0_rc1-r1.ebuild => tcpdump-4.9.3-r4.ebuild} | 24 +++------ 3 files changed, 79 insertions(+), 30 deletions(-) diff --git a/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch b/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch new file mode 100644 index 00000000000..2852845eb74 --- /dev/null +++ b/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch @@ -0,0 +1,63 @@ +From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001 +From: Guy Harris <[email protected]> +Date: Sat, 18 Apr 2020 14:04:59 -0700 +Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer. + +The buffer should be big enough to hold the captured data, but it +doesn't need to be big enough to hold the entire on-the-network packet, +if we haven't captured all of it. + +(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334) +--- + print-ppp.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/print-ppp.c b/print-ppp.c +index 891761728..33fb03412 100644 +--- a/print-ppp.c ++++ b/print-ppp.c +@@ -1367,19 +1367,29 @@ print_bacp_config_options(netdissect_options *ndo, + return 0; + } + ++/* ++ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. ++ * The length argument is the on-the-wire length, not the captured ++ * length; we can only un-escape the captured part. ++ */ + static void + ppp_hdlc(netdissect_options *ndo, + const u_char *p, int length) + { ++ u_int caplen = ndo->ndo_snapend - p; + u_char *b, *t, c; + const u_char *s; +- int i, proto; ++ u_int i; ++ int proto; + const void *se; + ++ if (caplen == 0) ++ return; ++ + if (length <= 0) + return; + +- b = (u_char *)malloc(length); ++ b = (u_char *)malloc(caplen); + if (b == NULL) + return; + +@@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo, + * Do this so that we dont overwrite the original packet + * contents. + */ +- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { ++ for (s = p, t = b, i = caplen; i != 0; i--) { + c = *s++; + if (c == 0x7d) { +- if (i <= 1 || !ND_TTEST(*s)) ++ if (i <= 1) + break; + i--; + c = *s++ ^ 0x20; diff --git a/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild b/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild index aa6aa458165..3133cb51eca 100644 --- a/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild +++ b/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild @@ -5,21 +5,20 @@ EAPI=7 inherit autotools DESCRIPTION="A Tool for network monitoring and data acquisition" -HOMEPAGE=" - https://www.tcpdump.org/ - https://github.com/the-tcpdump-group/tcpdump -" -LICENSE="BSD" -SRC_URI=" - https://github.com/the-tcpdump-group/${PN}/archive/${P/_}.tar.gz -" +HOMEPAGE="https://www.tcpdump.org/ https://github.com/the-tcpdump-group/tcpdump"; +SRC_URI="https://github.com/the-tcpdump-group/${PN}/archive/${P/_}.tar.gz"; +S="${WORKDIR}/${PN}-${P/_}" +LICENSE="BSD" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" IUSE="+drop-root libressl +smi +ssl +samba suid test" RESTRICT="!test? ( test )" REQUIRED_USE="test? ( samba )" +BDEPEND=" + drop-root? ( virtual/pkgconfig ) +" RDEPEND=" net-libs/libpcap drop-root? ( @@ -37,9 +36,6 @@ RDEPEND=" acct-user/pcap ) " -BDEPEND=" - drop-root? ( virtual/pkgconfig ) -" DEPEND=" ${RDEPEND} test? ( @@ -50,11 +46,9 @@ DEPEND=" PATCHES=( "${FILESDIR}"/${PN}-9999-libdir.patch ) -S=${WORKDIR}/${PN}-${P/_} src_prepare() { default - eautoreconf } @@ -90,5 +84,5 @@ src_install() { } pkg_postinst() { - use suid && elog "To let normal users run tcpdump add them to the pcap group." + use suid && elog "To let normal users run tcpdump, add them to the pcap group." } diff --git a/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild b/net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild similarity index 78% copy from net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild copy to net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild index aa6aa458165..bfd5bf49212 100644 --- a/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild +++ b/net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild @@ -2,23 +2,18 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=7 + inherit autotools DESCRIPTION="A Tool for network monitoring and data acquisition" -HOMEPAGE=" - https://www.tcpdump.org/ - https://github.com/the-tcpdump-group/tcpdump -" -LICENSE="BSD" -SRC_URI=" - https://github.com/the-tcpdump-group/${PN}/archive/${P/_}.tar.gz -" +HOMEPAGE="https://www.tcpdump.org/ https://github.com/the-tcpdump-group/tcpdump"; +SRC_URI="https://www.tcpdump.org/release/${P}.tar.gz"; +LICENSE="BSD" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" -IUSE="+drop-root libressl +smi +ssl +samba suid test" +IUSE="+drop-root libressl smi ssl samba suid test" RESTRICT="!test? ( test )" -REQUIRED_USE="test? ( samba )" RDEPEND=" net-libs/libpcap @@ -37,9 +32,6 @@ RDEPEND=" acct-user/pcap ) " -BDEPEND=" - drop-root? ( virtual/pkgconfig ) -" DEPEND=" ${RDEPEND} test? ( @@ -47,14 +39,14 @@ DEPEND=" dev-lang/perl ) " + PATCHES=( "${FILESDIR}"/${PN}-9999-libdir.patch + "${FILESDIR}"/${PN}-4.9.3-CVE-2020-8037.patch ) -S=${WORKDIR}/${PN}-${P/_} src_prepare() { default - eautoreconf } @@ -90,5 +82,5 @@ src_install() { } pkg_postinst() { - use suid && elog "To let normal users run tcpdump add them to the pcap group." + use suid && elog "To let normal users run tcpdump, add them to the pcap group." }
