From cf831b344ca48614e45ed50c775d504cc2306a0b104a2fcc890f38d20f90442e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Fri, 4 Oct 2019 12:00:58 +0000
Subject: [PATCH] Accepting request 734759 from
 home:pmonrealgonzalez:branches:network:utilities

- Update to 4.9.3
  * Fix buffer overflow/overread vulnerabilities:
    - CVE-2017-16808 (AoE)
    - CVE-2018-14468 (FrameRelay)
    - CVE-2018-14469 (IKEv1)
    - CVE-2018-14470 (BABEL)
    - CVE-2018-14466 (AFS/RX)
    - CVE-2018-14461 (LDP)
    - CVE-2018-14462 (ICMP)
    - CVE-2018-14465 (RSVP)
    - CVE-2018-14881 (BGP)
    - CVE-2018-14464 (LMP)
    - CVE-2018-14463 (VRRP)
    - CVE-2018-14467 (BGP)
    - CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
    - CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)
    - CVE-2018-14880 (OSPF6)
    - CVE-2018-16451 (SMB)
    - CVE-2018-14882 (RPL)
    - CVE-2018-16227 (802.11)
    - CVE-2018-16229 (DCCP)
    - CVE-2018-16301 (was fixed in libpcap)
    - CVE-2018-16230 (BGP)
    - CVE-2018-16452 (SMB)
    - CVE-2018-16300 (BGP)
    - CVE-2018-16228 (HNCP)
    - CVE-2019-15166 (LMP)
    - CVE-2019-15167 (VRRP)
  * Fix for cmdline argument/local issues:
    - CVE-2018-14879 (tcpdump -V)

OBS-URL: https://build.opensuse.org/request/show/734759
OBS-URL: https://build.opensuse.org/package/show/network:utilities/tcpdump?expand=0&rev=49
---
 tcpdump-4.9.2.tar.gz           |   3 ---
 tcpdump-4.9.2.tar.gz.sig       | Bin 442 -> 0 bytes
 tcpdump-4.9.3.tar.gz           |   3 +++
 tcpdump-4.9.3.tar.gz.sig       | Bin 0 -> 442 bytes
 tcpdump-CVE-2017-16808.patch   |  26 ----------------------
 tcpdump-CVE-2019-1010220.patch |  28 ------------------------
 tcpdump-ikev2pI2.patch         |  20 -----------------
 tcpdump.changes                |  38 +++++++++++++++++++++++++++++++++
 tcpdump.spec                   |  25 ++++++----------------
 9 files changed, 48 insertions(+), 95 deletions(-)
 delete mode 100644 tcpdump-4.9.2.tar.gz
 delete mode 100644 tcpdump-4.9.2.tar.gz.sig
 create mode 100644 tcpdump-4.9.3.tar.gz
 create mode 100644 tcpdump-4.9.3.tar.gz.sig
 delete mode 100644 tcpdump-CVE-2017-16808.patch
 delete mode 100644 tcpdump-CVE-2019-1010220.patch
 delete mode 100644 tcpdump-ikev2pI2.patch

diff --git a/tcpdump-4.9.2.tar.gz b/tcpdump-4.9.2.tar.gz
deleted file mode 100644
index c8a88b7..0000000
--- a/tcpdump-4.9.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:798b3536a29832ce0cbb07fafb1ce5097c95e308a6f592d14052e1ef1505fe79
-size 2298386
diff --git a/tcpdump-4.9.2.tar.gz.sig b/tcpdump-4.9.2.tar.gz.sig
deleted file mode 100644
index b7d93ea8dd192e5dad838ebe6f44bf39e32e9bc59ae22c2985eaeb781dd6b412..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 442
zcmV;r0Y(0a0k;GI0SEvc79j*57HU^QtGVDLnvF2viQe(q!Cegn0$Ht(7yt?h5a5a4
z@!7#$4M;c)AgDC~CV8>3^xdUrckOV7a-5_T05ZU{6kI#FTB5=5jpO~@e{zdxW-AS(
zA>8w@c^98;l$~#2h0|t}K7=D;wKE-CzILSK1$K-r-T7bl@2p^b(EVu^o4<>cput09
z-zi0e57YQQNweCNQ95W3g5aWleR7jfQ|Z{=83Q-sw{sb`FKDoY%2Vpv6}7z5MUP7P
z@JQIRCQ^gw5YyI1T71|YO1g#Bgp0eit^5Q`?>7Ba58!1uW}Vq{)AN8$YH<y7&<{4I
zvqX09doK1j=K&ziDato|i7(jA2?!ngQvif>!f4}5vh<4UT}PV@=iT8e`=yp->LPg_
zKSE#~6%~FkeXJ&OQ<Qml0B8&!A5eu1{K@_c(>uOfOm0nMfZuy3>y#wQr3HS;GIR{D
zWNY1zz@;sho<dxTr;c%pg>FH&-BCM6D@FTkQ+dj)3L?1Tpc7`$r%O616GHR2^S#ve
k>c+IQlNIxzC%MEW2A$)CM4nX{geu{O*3V!#w)~-fos#X>e*gdg

diff --git a/tcpdump-4.9.3.tar.gz b/tcpdump-4.9.3.tar.gz
new file mode 100644
index 0000000..544e0d8
--- /dev/null
+++ b/tcpdump-4.9.3.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2cd47cb3d460b6ff75f4a9940f594317ad456cfbf2bd2c8e5151e16559db6410
+size 2333119
diff --git a/tcpdump-4.9.3.tar.gz.sig b/tcpdump-4.9.3.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..0d935624d2de41b093168cd6a075162b8368cab8eaa8b573173a852b4e7ea61d
GIT binary patch
literal 442
zcmV;r0Y(0a0k;GI0SEvc79j*57HU^QtGVDLnvF2viQe(q!Cegn0$q|DkN^q^5a5a4
z@!7#$4Q#~>A4IO*)nFcHUfv5*8k5$`S*%%g<oD9&)pz7?w?dCM+XB;n<UwM3xN2g{
z`cL$Z<d?fv;vbxuw^YNgC7T<BSEaEf=Dueg`w0ZjB=X+mKpq460glC@adsxF)LM}e
zeUVu|)5Y_p|I@sN;h9aQ9}EW`)t4sM-2Dj%McG{WyrOoPH~qW=ys}ZtZAoPL?B$E-
z+H#X*mmvBqYHesjMvr<3ag1DsNTVJ)CnhA+l?b_>cm@B$eL<ZgfQ#z_sQE;w6h1^=
zl$@R(vpJEa+85IhLE!gG(@2T)6WYStt<5wA_X7dY%N)qc4Z*86?s2|$5JVb4VxgxO
zrO~O{rxy>!06>_ak%79e+c?^$S;^bu-=V06PyKFg`}WZI_>RXBO&AD%3*)$=bRnO}
zJD}e4bV1mM_sSFRbY6*UX+T#Dc)c_@=#X@LMqaRT;q0@kIZuAK+nmvS`hJ~*OWETM
krD>GSGQJq+S0^^kT3vUF;1k_r^*i6ag|Muj`ed%cdD<l5{{R30

literal 0
HcmV?d00001

diff --git a/tcpdump-CVE-2017-16808.patch b/tcpdump-CVE-2017-16808.patch
deleted file mode 100644
index cf5dd94..0000000
--- a/tcpdump-CVE-2017-16808.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 28f610026d901660dd370862b62ec328727446a2 Mon Sep 17 00:00:00 2001
-From: Denis Ovsienko <denis@ovsienko.info>
-Date: Thu, 31 Aug 2017 21:15:37 +0100
-Subject: [PATCH] CVE-2017-16808/AoE: Add a missing bounds check.
-
-In aoev1_reserve_print() check bounds before trying to print an Ethernet
-address.
-
-This fixes a buffer over-read discovered by Bhargava Shastry,
-SecT/TU Berlin.
----
- print-aoe.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/print-aoe.c b/print-aoe.c
-index 97e93df2e..2c78a55d3 100644
---- a/print-aoe.c
-+++ b/print-aoe.c
-@@ -325,6 +325,7 @@ aoev1_reserve_print(netdissect_options *ndo,
- 		goto invalid;
- 	/* addresses */
- 	for (i = 0; i < nmacs; i++) {
-+		ND_TCHECK2(*cp, ETHER_ADDR_LEN);
- 		ND_PRINT((ndo, "\n\tEthernet Address %u: %s", i, etheraddr_string(ndo, cp)));
- 		cp += ETHER_ADDR_LEN;
- 	}
diff --git a/tcpdump-CVE-2019-1010220.patch b/tcpdump-CVE-2019-1010220.patch
deleted file mode 100644
index 2d69aef..0000000
--- a/tcpdump-CVE-2019-1010220.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 511915bef7e4de2f31b8d9f581b4a44b0cfbcf53 Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Sat, 1 Jun 2019 14:42:09 -0700
-Subject: [PATCH] If decode_prefix6() returns a negative number, don't print
- buf.
-
-If it returns a negative number, it hasn't necessarily filled in buf, so
-just return immediately; this is similar to the IPv4 code path, wherein
-we just return a negative number, and print nothing, on an error.
-
-This should fix GitHub issue #763.
----
- print-hncp.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-Index: tcpdump-4.9.2/print-hncp.c
-===================================================================
---- tcpdump-4.9.2.orig/print-hncp.c
-+++ tcpdump-4.9.2/print-hncp.c
-@@ -231,6 +231,8 @@ print_prefix(netdissect_options *ndo, co
-         plenbytes += 1 + IPV4_MAPPED_HEADING_LEN;
-     } else {
-         plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf));
-+        if (plenbytes < 0)
-+            return plenbytes;
-     }
- 
-     ND_PRINT((ndo, "%s", buf));
diff --git a/tcpdump-ikev2pI2.patch b/tcpdump-ikev2pI2.patch
deleted file mode 100644
index 5f8822b..0000000
--- a/tcpdump-ikev2pI2.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-Index: tcpdump-4.9.2/tests/crypto.sh
-===================================================================
---- tcpdump-4.9.2.orig/tests/crypto.sh
-+++ tcpdump-4.9.2/tests/crypto.sh
-@@ -72,15 +72,6 @@ then
- 			echo $failed >.failed
- 			exitcode=1
- 		fi
--		if ./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-E "file ikev2pI2-secrets.txt" -v -v -v -v'
--		then
--			passed=`expr $passed + 1`
--			echo $passed >.passed
--		else
--			failed=`expr $failed + 1`
--			echo $failed >.failed
--			exitcode=1
--		fi
- 		if ./TESTonce isakmp4 isakmp4500.pcap isakmp4.out '-E "file esp-secrets.txt"'
- 		then
- 			passed=`expr $passed + 1`
diff --git a/tcpdump.changes b/tcpdump.changes
index 629b2cc..93f29f1 100644
--- a/tcpdump.changes
+++ b/tcpdump.changes
@@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Wed Oct  2 14:01:31 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Update to 4.9.3
+  * Fix buffer overflow/overread vulnerabilities:
+    - CVE-2017-16808 (AoE)
+    - CVE-2018-14468 (FrameRelay)
+    - CVE-2018-14469 (IKEv1)
+    - CVE-2018-14470 (BABEL)
+    - CVE-2018-14466 (AFS/RX)
+    - CVE-2018-14461 (LDP)
+    - CVE-2018-14462 (ICMP)
+    - CVE-2018-14465 (RSVP)
+    - CVE-2018-14881 (BGP)
+    - CVE-2018-14464 (LMP)
+    - CVE-2018-14463 (VRRP)
+    - CVE-2018-14467 (BGP)
+    - CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
+    - CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled)
+    - CVE-2018-14880 (OSPF6)
+    - CVE-2018-16451 (SMB)
+    - CVE-2018-14882 (RPL)
+    - CVE-2018-16227 (802.11)
+    - CVE-2018-16229 (DCCP)
+    - CVE-2018-16301 (was fixed in libpcap)
+    - CVE-2018-16230 (BGP)
+    - CVE-2018-16452 (SMB)
+    - CVE-2018-16300 (BGP)
+    - CVE-2018-16228 (HNCP)
+    - CVE-2019-15166 (LMP)
+    - CVE-2019-15167 (VRRP)
+  * Fix for cmdline argument/local issues:
+    - CVE-2018-14879 (tcpdump -V)
+- Drop patches fixed upstream:
+  * tcpdump-CVE-2017-16808.patch
+  * tcpdump-CVE-2019-1010220.patch
+  * tcpdump-ikev2pI2.patch
+
 -------------------------------------------------------------------
 Tue Jul 23 11:45:46 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
 
diff --git a/tcpdump.spec b/tcpdump.spec
index f605bb9..cfbe469 100644
--- a/tcpdump.spec
+++ b/tcpdump.spec
@@ -16,31 +16,24 @@
 #
 
 
-%define min_libpcap_version 1.8.1
+%define min_libpcap_version 1.9.1
 Name:           tcpdump
-Version:        4.9.2
+Version:        4.9.3
 Release:        0
 Summary:        A Packet Sniffer
 License:        BSD-3-Clause
 Group:          Productivity/Networking/Diagnostic
-Url:            http://www.tcpdump.org/
-Source:         http://www.tcpdump.org/release/%{name}-%{version}.tar.gz
+Url:            https://www.tcpdump.org/
+Source:         https://www.tcpdump.org/release/%{name}-%{version}.tar.gz
 Source1:        tcpdump-qeth
-Source2:        http://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig
-Source3:        http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring
-# PATCH-FIX-OPENSUSE tcpdump-ikev2pI2.patch - disabled failing test
-Patch0:         tcpdump-ikev2pI2.patch
+Source2:        https://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig
+Source3:        https://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring
 # PATCH-FIX-OPENSUSE tcpdump-CVE-2018-19519.patch - Initialize buf in print-hncp.c:print_prefix
-Patch1:         tcpdump-CVE-2018-19519.patch
-# PATCH-FIX-UPSTREAM bsc#1068716 CVE-2017-16808 Heap-based buffer over-read related to aoe_print and lookup_emem
-Patch2:         tcpdump-CVE-2017-16808.patch
-# PATCH-FIX-UPSTREAM bsc#1142439 CVE-2019-1010220 Buffer Over-read in print_prefix
-Patch3:         tcpdump-CVE-2019-1010220.patch
+Patch0:         tcpdump-CVE-2018-19519.patch
 BuildRequires:  libpcap-devel >= %{min_libpcap_version}
 BuildRequires:  libsmi-devel
 BuildRequires:  openssl-devel
 Requires:       libpcap >= %{min_libpcap_version}
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
 This program can "read" all or only certain packets going over the
@@ -49,9 +42,6 @@ ethernet. It can be used to debug specific network problems.
 %prep
 %setup -q
 %patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
 
 %build
 export CFLAGS="%{optflags} -Wall -DGUESS_TSO -fstack-protector -fno-strict-aliasing"
@@ -70,7 +60,6 @@ rm %{buildroot}/%{_sbindir}/tcpdump.%{version}
 make check %{?_smp_mflags}
 
 %files
-%defattr(-,root,root)
 %license LICENSE
 %doc CHANGES CREDITS README* *.awk
 %{_mandir}/man?/*