Hello community, here is the log from the commit of package tcpdump for openSUSE:Factory checked in at 2019-10-11 15:11:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tcpdump (Old) and /work/SRC/openSUSE:Factory/.tcpdump.new.2352 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tcpdump" Fri Oct 11 15:11:24 2019 rev:39 rq:734985 version:4.9.3 Changes: -------- --- /work/SRC/openSUSE:Factory/tcpdump/tcpdump.changes 2019-07-28 10:18:15.800601471 +0200 +++ /work/SRC/openSUSE:Factory/.tcpdump.new.2352/tcpdump.changes 2019-10-11 15:11:43.221026732 +0200 @@ -1,0 +2,38 @@ +Wed Oct 2 14:01:31 UTC 2019 - Pedro Monreal Gonzalez <[email protected]> + +- Update to 4.9.3 + * Fix buffer overflow/overread vulnerabilities: + - CVE-2017-16808 (AoE) + - CVE-2018-14468 (FrameRelay) + - CVE-2018-14469 (IKEv1) + - CVE-2018-14470 (BABEL) + - CVE-2018-14466 (AFS/RX) + - CVE-2018-14461 (LDP) + - CVE-2018-14462 (ICMP) + - CVE-2018-14465 (RSVP) + - CVE-2018-14881 (BGP) + - CVE-2018-14464 (LMP) + - CVE-2018-14463 (VRRP) + - CVE-2018-14467 (BGP) + - CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled) + - CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled) + - CVE-2018-14880 (OSPF6) + - CVE-2018-16451 (SMB) + - CVE-2018-14882 (RPL) + - CVE-2018-16227 (802.11) + - CVE-2018-16229 (DCCP) + - CVE-2018-16301 (was fixed in libpcap) + - CVE-2018-16230 (BGP) + - CVE-2018-16452 (SMB) + - CVE-2018-16300 (BGP) + - CVE-2018-16228 (HNCP) + - CVE-2019-15166 (LMP) + - CVE-2019-15167 (VRRP) + * Fix for cmdline argument/local issues: + - CVE-2018-14879 (tcpdump -V) +- Drop patches fixed upstream: + * tcpdump-CVE-2017-16808.patch + * tcpdump-CVE-2019-1010220.patch + * tcpdump-ikev2pI2.patch + +------------------------------------------------------------------- Old: ---- tcpdump-4.9.2.tar.gz tcpdump-4.9.2.tar.gz.sig tcpdump-CVE-2017-16808.patch tcpdump-CVE-2019-1010220.patch tcpdump-ikev2pI2.patch New: ---- tcpdump-4.9.3.tar.gz tcpdump-4.9.3.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tcpdump.spec ++++++ --- /var/tmp/diff_new_pack.se0Fgd/_old 2019-10-11 15:11:44.241023929 +0200 +++ /var/tmp/diff_new_pack.se0Fgd/_new 2019-10-11 15:11:44.245023917 +0200 @@ -16,31 +16,24 @@ # -%define min_libpcap_version 1.8.1 +%define min_libpcap_version 1.9.1 Name: tcpdump -Version: 4.9.2 +Version: 4.9.3 Release: 0 Summary: A Packet Sniffer License: BSD-3-Clause Group: Productivity/Networking/Diagnostic -Url: http://www.tcpdump.org/ -Source: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz +Url: https://www.tcpdump.org/ +Source: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz Source1: tcpdump-qeth -Source2: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig -Source3: http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring -# PATCH-FIX-OPENSUSE tcpdump-ikev2pI2.patch - disabled failing test -Patch0: tcpdump-ikev2pI2.patch +Source2: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig +Source3: https://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring # PATCH-FIX-OPENSUSE tcpdump-CVE-2018-19519.patch - Initialize buf in print-hncp.c:print_prefix -Patch1: tcpdump-CVE-2018-19519.patch -# PATCH-FIX-UPSTREAM bsc#1068716 CVE-2017-16808 Heap-based buffer over-read related to aoe_print and lookup_emem -Patch2: tcpdump-CVE-2017-16808.patch -# PATCH-FIX-UPSTREAM bsc#1142439 CVE-2019-1010220 Buffer Over-read in print_prefix -Patch3: tcpdump-CVE-2019-1010220.patch +Patch0: tcpdump-CVE-2018-19519.patch BuildRequires: libpcap-devel >= %{min_libpcap_version} BuildRequires: libsmi-devel BuildRequires: openssl-devel Requires: libpcap >= %{min_libpcap_version} -BuildRoot: %{_tmppath}/%{name}-%{version}-build %description This program can "read" all or only certain packets going over the @@ -49,9 +42,6 @@ %prep %setup -q %patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 %build export CFLAGS="%{optflags} -Wall -DGUESS_TSO -fstack-protector -fno-strict-aliasing" @@ -70,7 +60,6 @@ make check %{?_smp_mflags} %files -%defattr(-,root,root) %license LICENSE %doc CHANGES CREDITS README* *.awk %{_mandir}/man?/* ++++++ tcpdump-4.9.2.tar.gz -> tcpdump-4.9.3.tar.gz ++++++ ++++ 11594 lines of diff (skipped)
