diff --git a/tcpdump-4.9.1.tar.gz b/tcpdump-4.9.1.tar.gz deleted file mode 100644 index a96604a..0000000 --- a/tcpdump-4.9.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f9448cf4deb2049acf713655c736342662e652ef40dbe0a8f6f8d5b9ce5bd8f3 -size 1258108 diff --git a/tcpdump-4.9.1.tar.gz.sig b/tcpdump-4.9.1.tar.gz.sig deleted file mode 100644 index c4436ce..0000000 Binary files a/tcpdump-4.9.1.tar.gz.sig and /dev/null differ diff --git a/tcpdump-4.9.2.tar.gz b/tcpdump-4.9.2.tar.gz new file mode 100644 index 0000000..c8a88b7 --- /dev/null +++ b/tcpdump-4.9.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:798b3536a29832ce0cbb07fafb1ce5097c95e308a6f592d14052e1ef1505fe79 +size 2298386 diff --git a/tcpdump-4.9.2.tar.gz.sig b/tcpdump-4.9.2.tar.gz.sig new file mode 100644 index 0000000..b7d93ea Binary files /dev/null and b/tcpdump-4.9.2.tar.gz.sig differ diff --git a/tcpdump-ikev2pI2-test-fails-ppc.patch b/tcpdump-ikev2pI2-test-fails-ppc.patch deleted file mode 100644 index 146fe99..0000000 --- a/tcpdump-ikev2pI2-test-fails-ppc.patch +++ /dev/null @@ -1,20 +0,0 @@ -Index: tcpdump-4.9.1/tests/crypto.sh -=================================================================== ---- tcpdump-4.9.1.orig/tests/crypto.sh -+++ tcpdump-4.9.1/tests/crypto.sh -@@ -28,8 +28,13 @@ then - [ $? -eq 0 ] || exitcode=1 - ./TESTonce espudp1 espudp1.pcap espudp1.out '-nnnn -E "file esp-secrets.txt"' - [ $? -eq 0 ] || exitcode=1 -- ./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-E "file ikev2pI2-secrets.txt" -v -v -v -v' -- [ $? -eq 0 ] || exitcode=1 -+ case $(uname -m) in -+ "ppc" | "ppc64" | "ppc64le" ) echo "skipping test ikev2pI2" -+ ;; -+ * ) ./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-E "file ikev2pI2-secrets.txt" -v -v -v -v' -+ [ $? -eq 0 ] || exitcode=1 -+ ;; -+ esac - ./TESTonce isakmp4 isakmp4500.pcap isakmp4.out '-E "file esp-secrets.txt"' - [ $? -eq 0 ] || exitcode=1 - fi diff --git a/tcpdump-ikev2pI2.patch b/tcpdump-ikev2pI2.patch new file mode 100644 index 0000000..5f8822b --- /dev/null +++ b/tcpdump-ikev2pI2.patch @@ -0,0 +1,20 @@ +Index: tcpdump-4.9.2/tests/crypto.sh +=================================================================== +--- tcpdump-4.9.2.orig/tests/crypto.sh ++++ tcpdump-4.9.2/tests/crypto.sh +@@ -72,15 +72,6 @@ then + echo $failed >.failed + exitcode=1 + fi +- if ./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-E "file ikev2pI2-secrets.txt" -v -v -v -v' +- then +- passed=`expr $passed + 1` +- echo $passed >.passed +- else +- failed=`expr $failed + 1` +- echo $failed >.failed +- exitcode=1 +- fi + if ./TESTonce isakmp4 isakmp4500.pcap isakmp4.out '-E "file esp-secrets.txt"' + then + passed=`expr $passed + 1` diff --git a/tcpdump.changes b/tcpdump.changes index 47b0f71..8a99349 100644 --- a/tcpdump.changes +++ b/tcpdump.changes @@ -1,3 +1,116 @@ +------------------------------------------------------------------- +Tue Sep 12 15:23:04 UTC 2017 - pmonrealgonzalez@suse.com + +- Disabled ikev2pI2 test that fails on some architectures + * Added patch tcpdump-ikev2pI2.patch + +------------------------------------------------------------------- +Tue Sep 12 14:51:00 UTC 2017 - pmonrealgonzalez@suse.com + +- Update to version 4.9.2 [bsc#1057247] + * Security fixes: + - CVE-2017-11108 segfault in STP decoder + - Segfault in ESP decoder with OpenSSL 1.1 + - CVE-2017-11543 buffer overflow in SLIP decoder + - CVE-2017-13011 buffer overflow in bittok2str_internal() + - CVE-2017-12989 infinite loop in the RESP parser + - CVE-2017-12990 infinite loop in the ISAKMP parser + - CVE-2017-12995 infinite loop in the DNS parser + - CVE-2017-12997 infinite loop in the LLDP parser + - CVE-2017-11541 buffer over-read in safeputs() + - CVE-2017-11542 buffer over-read in PIMv1 decoder + - CVE-2017-12893 buffer over-read in the SMB/CIFS parser + - CVE-2017-12894 buffer over-read in several protocol parsers + - CVE-2017-12895 buffer over-read in the ICMP parser + - CVE-2017-12896 buffer over-read in the ISAKMP parser + - CVE-2017-12897 buffer over-read in the ISO CLNS parser + - CVE-2017-12898 buffer over-read in the NFS parser + - CVE-2017-12899 buffer over-read in the DECnet parser + - CVE-2017-12900 buffer over-read in the in several protocol parsers + - CVE-2017-12901 buffer over-read in the EIGRP parser + - CVE-2017-12902 buffer over-read in the Zephyr parser + - CVE-2017-12985 buffer over-read in the IPv6 parser + - CVE-2017-12986 buffer over-read in the IPv6 routing header parser + - CVE-2017-12987 buffer over-read in the 802.11 parser + - CVE-2017-12988 buffer over-read in the telnet parser + - CVE-2017-12991 buffer over-read in the BGP parser + - CVE-2017-12992 buffer over-read in the RIPng parser + - CVE-2017-12993 buffer over-read in the Juniper protocols parser + - CVE-2017-12994 buffer over-read in the BGP parser + - CVE-2017-12996 buffer over-read in the PIMv2 parser + - CVE-2017-12998 buffer over-read in the IS-IS parser + - CVE-2017-12999 buffer over-read in the IS-IS parser + - CVE-2017-13000 buffer over-read in the IEEE 802.15.4 parser + - CVE-2017-13001 buffer over-read in the NFS parser + - CVE-2017-13002 buffer over-read in the AODV parser + - CVE-2017-13003 buffer over-read in the LMP parser + - CVE-2017-13004 buffer over-read in the Juniper protocols parser + - CVE-2017-13005 buffer over-read in the NFS parser + - CVE-2017-13006 buffer over-read in the L2TP parser + - CVE-2017-13007 buffer over-read in the Apple PKTAP parser + - CVE-2017-13008 buffer over-read in the IEEE 802.11 parser + - CVE-2017-13009 buffer over-read in the IPv6 mobility parser + - CVE-2017-13010 buffer over-read in the BEEP parser + - CVE-2017-13012 buffer over-read in the ICMP parser + - CVE-2017-13013 buffer over-read in the ARP parser + - CVE-2017-13014 buffer over-read in the White Board protocol parser + - CVE-2017-13015 buffer over-read in the EAP parser + - CVE-2017-13016 buffer over-read in the ISO ES-IS parser + - CVE-2017-13017 buffer over-read in the DHCPv6 parser + - CVE-2017-13018 buffer over-read in the PGM parser + - CVE-2017-13019 buffer over-read in the PGM parser + - CVE-2017-13020 buffer over-read in the VTP parser + - CVE-2017-13021 buffer over-read in the ICMPv6 parser + - CVE-2017-13022 buffer over-read in the IP parser + - CVE-2017-13023 buffer over-read in the IPv6 mobility parser + - CVE-2017-13024 buffer over-read in the IPv6 mobility parser + - CVE-2017-13025 buffer over-read in the IPv6 mobility parser + - CVE-2017-13026 buffer over-read in the ISO IS-IS parser + - CVE-2017-13027 buffer over-read in the LLDP parser + - CVE-2017-13028 buffer over-read in the BOOTP parser + - CVE-2017-13029 buffer over-read in the PPP parser + - CVE-2017-13030 buffer over-read in the PIM parser + - CVE-2017-13031 buffer over-read in the IPv6 fragmentation header parser + - CVE-2017-13032 buffer over-read in the RADIUS parser + - CVE-2017-13033 buffer over-read in the VTP parser + - CVE-2017-13034 buffer over-read in the PGM parser + - CVE-2017-13035 buffer over-read in the ISO IS-IS parser + - CVE-2017-13036 buffer over-read in the OSPFv3 parser + - CVE-2017-13037 buffer over-read in the IP parser + - CVE-2017-13038 buffer over-read in the PPP parser + - CVE-2017-13039 buffer over-read in the ISAKMP parser + - CVE-2017-13040 buffer over-read in the MPTCP parser + - CVE-2017-13041 buffer over-read in the ICMPv6 parser + - CVE-2017-13042 buffer over-read in the HNCP parser + - CVE-2017-13043 buffer over-read in the BGP parser + - CVE-2017-13044 buffer over-read in the HNCP parser + - CVE-2017-13045 buffer over-read in the VQP parser + - CVE-2017-13046 buffer over-read in the BGP parser + - CVE-2017-13047 buffer over-read in the ISO ES-IS parser + - CVE-2017-13048 buffer over-read in the RSVP parser + - CVE-2017-13049 buffer over-read in the Rx protocol parser + - CVE-2017-13050 buffer over-read in the RPKI-Router parser + - CVE-2017-13051 buffer over-read in the RSVP parser + - CVE-2017-13052 buffer over-read in the CFM parser + - CVE-2017-13053 buffer over-read in the BGP parser + - CVE-2017-13054 buffer over-read in the LLDP parser + - CVE-2017-13055 buffer over-read in the ISO IS-IS parser + - CVE-2017-13687 buffer over-read in the Cisco HDLC parser + - CVE-2017-13688 buffer over-read in the OLSR parser + - CVE-2017-13689 buffer over-read in the IKEv1 parser + - CVE-2017-13690 buffer over-read in the IKEv2 parser + - CVE-2017-13725 buffer over-read in the IPv6 routing header parser + * Dropped patch tcpdump-reverted-test-scripts-fix.patch + +------------------------------------------------------------------- +Wed Aug 23 13:51:30 UTC 2017 - pmonrealgonzalez@suse.com + +- Reverted upstream commit that makes some tests to fail when + compiling with openssl-1.1.0 + * Upstream commit 68cc39dd64688829be2632d9cd24f7efa3da79bb + * Added patch tcpdump-reverted-test-scripts-fix.patch + * Removed patch tcpdump-ikev2pI2-test-fails-ppc.patch + ------------------------------------------------------------------- Wed Jul 26 12:33:53 UTC 2017 - pmonrealgonzalez@suse.com diff --git a/tcpdump.spec b/tcpdump.spec index c451ccc..3720797 100644 --- a/tcpdump.spec +++ b/tcpdump.spec @@ -18,7 +18,7 @@ %define min_libpcap_version 1.8.1 Name: tcpdump -Version: 4.9.1 +Version: 4.9.2 Release: 0 Summary: A Packet Sniffer License: BSD-3-Clause @@ -28,8 +28,8 @@ Source: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz Source1: tcpdump-qeth Source2: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig Source3: http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring -# PATCH-FIX-OPENSUSE tcpdump-ikev2pI2-test-fails-ppc.patch -- Disable ikev2pI2 test on ppc, ppc64 and ppc64le -Patch0: tcpdump-ikev2pI2-test-fails-ppc.patch +# PATCH-FIX-OPENSUSE tcpdump-ikev2pI2.patch - disabled failing test +Patch0: tcpdump-ikev2pI2.patch BuildRequires: libpcap-devel >= %{min_libpcap_version} BuildRequires: libsmi-devel BuildRequires: openssl-devel