Accepting request 525837 from network:utilities

1

OBS-URL: https://build.opensuse.org/request/show/525837
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/tcpdump?expand=0&rev=36

tcpdump-4.9.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f9448cf4deb2049acf713655c736342662e652ef40dbe0a8f6f8d5b9ce5bd8f3
-size 1258108

tcpdump-4.9.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:798b3536a29832ce0cbb07fafb1ce5097c95e308a6f592d14052e1ef1505fe79
+size 2298386

tcpdump-ikev2pI2-test-fails-ppc.patch

@@ -1,20 +0,0 @@
-Index: tcpdump-4.9.1/tests/crypto.sh
-===================================================================
---- tcpdump-4.9.1.orig/tests/crypto.sh
-+++ tcpdump-4.9.1/tests/crypto.sh
-@@ -28,8 +28,13 @@ then
- 		[ $? -eq 0 ] || exitcode=1
- 		./TESTonce espudp1 espudp1.pcap espudp1.out '-nnnn -E "file esp-secrets.txt"'
- 		[ $? -eq 0 ] || exitcode=1
--		./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-E "file ikev2pI2-secrets.txt" -v -v -v -v'
--		[ $? -eq 0 ] || exitcode=1
-+		case $(uname -m) in 
-+		    "ppc" | "ppc64" | "ppc64le" ) echo "skipping test ikev2pI2"
-+			;; 
-+		    * ) ./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-E "file ikev2pI2-secrets.txt" -v -v -v -v' 
-+			[ $? -eq 0 ] || exitcode=1 
-+			;;
-+		esac
- 		./TESTonce isakmp4 isakmp4500.pcap isakmp4.out '-E "file esp-secrets.txt"'
- 		[ $? -eq 0 ] || exitcode=1
- 	fi

tcpdump-ikev2pI2.patch

@@ -0,0 +1,20 @@
+Index: tcpdump-4.9.2/tests/crypto.sh
+===================================================================
+--- tcpdump-4.9.2.orig/tests/crypto.sh
++++ tcpdump-4.9.2/tests/crypto.sh
+@@ -72,15 +72,6 @@ then
+ 			echo $failed >.failed
+ 			exitcode=1
+ 		fi
+-		if ./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-E "file ikev2pI2-secrets.txt" -v -v -v -v'
+-		then
+-			passed=`expr $passed + 1`
+-			echo $passed >.passed
+-		else
+-			failed=`expr $failed + 1`
+-			echo $failed >.failed
+-			exitcode=1
+-		fi
+ 		if ./TESTonce isakmp4 isakmp4500.pcap isakmp4.out '-E "file esp-secrets.txt"'
+ 		then
+ 			passed=`expr $passed + 1`

tcpdump.changes

@@ -1,3 +1,116 @@
+-------------------------------------------------------------------
+Tue Sep 12 15:23:04 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Disabled ikev2pI2 test that fails on some architectures
+  * Added patch tcpdump-ikev2pI2.patch
+
+-------------------------------------------------------------------
+Tue Sep 12 14:51:00 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Update to version 4.9.2 [bsc#1057247]
+  * Security fixes:
+    - CVE-2017-11108 segfault in STP decoder
+    - Segfault in ESP decoder with OpenSSL 1.1
+    - CVE-2017-11543 buffer overflow in SLIP decoder
+    - CVE-2017-13011 buffer overflow in bittok2str_internal()
+    - CVE-2017-12989 infinite loop in the RESP parser
+    - CVE-2017-12990 infinite loop in the ISAKMP parser
+    - CVE-2017-12995 infinite loop in the DNS parser
+    - CVE-2017-12997 infinite loop in the LLDP parser
+    - CVE-2017-11541 buffer over-read in safeputs()
+    - CVE-2017-11542 buffer over-read in PIMv1 decoder
+    - CVE-2017-12893 buffer over-read in the SMB/CIFS parser
+    - CVE-2017-12894 buffer over-read in several protocol parsers
+    - CVE-2017-12895 buffer over-read in the ICMP parser
+    - CVE-2017-12896 buffer over-read in the ISAKMP parser
+    - CVE-2017-12897 buffer over-read in the ISO CLNS parser
+    - CVE-2017-12898 buffer over-read in the NFS parser
+    - CVE-2017-12899 buffer over-read in the DECnet parser
+    - CVE-2017-12900 buffer over-read in the in several protocol parsers
+    - CVE-2017-12901 buffer over-read in the EIGRP parser
+    - CVE-2017-12902 buffer over-read in the Zephyr parser
+    - CVE-2017-12985 buffer over-read in the IPv6 parser
+    - CVE-2017-12986 buffer over-read in the IPv6 routing header parser
+    - CVE-2017-12987 buffer over-read in the 802.11 parser
+    - CVE-2017-12988 buffer over-read in the telnet parser
+    - CVE-2017-12991 buffer over-read in the BGP parser
+    - CVE-2017-12992 buffer over-read in the RIPng parser
+    - CVE-2017-12993 buffer over-read in the Juniper protocols parser
+    - CVE-2017-12994 buffer over-read in the BGP parser
+    - CVE-2017-12996 buffer over-read in the PIMv2 parser
+    - CVE-2017-12998 buffer over-read in the IS-IS parser
+    - CVE-2017-12999 buffer over-read in the IS-IS parser
+    - CVE-2017-13000 buffer over-read in the IEEE 802.15.4 parser
+    - CVE-2017-13001 buffer over-read in the NFS parser
+    - CVE-2017-13002 buffer over-read in the AODV parser
+    - CVE-2017-13003 buffer over-read in the LMP parser
+    - CVE-2017-13004 buffer over-read in the Juniper protocols parser
+    - CVE-2017-13005 buffer over-read in the NFS parser
+    - CVE-2017-13006 buffer over-read in the L2TP parser
+    - CVE-2017-13007 buffer over-read in the Apple PKTAP parser
+    - CVE-2017-13008 buffer over-read in the IEEE 802.11 parser
+    - CVE-2017-13009 buffer over-read in the IPv6 mobility parser
+    - CVE-2017-13010 buffer over-read in the BEEP parser
+    - CVE-2017-13012 buffer over-read in the ICMP parser
+    - CVE-2017-13013 buffer over-read in the ARP parser
+    - CVE-2017-13014 buffer over-read in the White Board protocol parser
+    - CVE-2017-13015 buffer over-read in the EAP parser
+    - CVE-2017-13016 buffer over-read in the ISO ES-IS parser
+    - CVE-2017-13017 buffer over-read in the DHCPv6 parser
+    - CVE-2017-13018 buffer over-read in the PGM parser
+    - CVE-2017-13019 buffer over-read in the PGM parser
+    - CVE-2017-13020 buffer over-read in the VTP parser
+    - CVE-2017-13021 buffer over-read in the ICMPv6 parser
+    - CVE-2017-13022 buffer over-read in the IP parser
+    - CVE-2017-13023 buffer over-read in the IPv6 mobility parser
+    - CVE-2017-13024 buffer over-read in the IPv6 mobility parser
+    - CVE-2017-13025 buffer over-read in the IPv6 mobility parser
+    - CVE-2017-13026 buffer over-read in the ISO IS-IS parser
+    - CVE-2017-13027 buffer over-read in the LLDP parser
+    - CVE-2017-13028 buffer over-read in the BOOTP parser
+    - CVE-2017-13029 buffer over-read in the PPP parser
+    - CVE-2017-13030 buffer over-read in the PIM parser
+    - CVE-2017-13031 buffer over-read in the IPv6 fragmentation header parser
+    - CVE-2017-13032 buffer over-read in the RADIUS parser
+    - CVE-2017-13033 buffer over-read in the VTP parser
+    - CVE-2017-13034 buffer over-read in the PGM parser
+    - CVE-2017-13035 buffer over-read in the ISO IS-IS parser
+    - CVE-2017-13036 buffer over-read in the OSPFv3 parser
+    - CVE-2017-13037 buffer over-read in the IP parser
+    - CVE-2017-13038 buffer over-read in the PPP parser
+    - CVE-2017-13039 buffer over-read in the ISAKMP parser
+    - CVE-2017-13040 buffer over-read in the MPTCP parser
+    - CVE-2017-13041 buffer over-read in the ICMPv6 parser
+    - CVE-2017-13042 buffer over-read in the HNCP parser
+    - CVE-2017-13043 buffer over-read in the BGP parser
+    - CVE-2017-13044 buffer over-read in the HNCP parser
+    - CVE-2017-13045 buffer over-read in the VQP parser
+    - CVE-2017-13046 buffer over-read in the BGP parser
+    - CVE-2017-13047 buffer over-read in the ISO ES-IS parser
+    - CVE-2017-13048 buffer over-read in the RSVP parser
+    - CVE-2017-13049 buffer over-read in the Rx protocol parser
+    - CVE-2017-13050 buffer over-read in the RPKI-Router parser
+    - CVE-2017-13051 buffer over-read in the RSVP parser
+    - CVE-2017-13052 buffer over-read in the CFM parser
+    - CVE-2017-13053 buffer over-read in the BGP parser
+    - CVE-2017-13054 buffer over-read in the LLDP parser
+    - CVE-2017-13055 buffer over-read in the ISO IS-IS parser
+    - CVE-2017-13687 buffer over-read in the Cisco HDLC parser
+    - CVE-2017-13688 buffer over-read in the OLSR parser
+    - CVE-2017-13689 buffer over-read in the IKEv1 parser
+    - CVE-2017-13690 buffer over-read in the IKEv2 parser
+    - CVE-2017-13725 buffer over-read in the IPv6 routing header parser
+  * Dropped patch tcpdump-reverted-test-scripts-fix.patch
+
+-------------------------------------------------------------------
+Wed Aug 23 13:51:30 UTC 2017 - pmonrealgonzalez@suse.com
+
+- Reverted upstream commit that makes some tests to fail when
+  compiling with openssl-1.1.0
+  * Upstream commit 68cc39dd64688829be2632d9cd24f7efa3da79bb
+  * Added patch tcpdump-reverted-test-scripts-fix.patch
+  * Removed patch tcpdump-ikev2pI2-test-fails-ppc.patch
+
 -------------------------------------------------------------------
 Wed Jul 26 12:33:53 UTC 2017 - pmonrealgonzalez@suse.com
 

tcpdump.spec

@@ -18,7 +18,7 @@
 
 %define min_libpcap_version 1.8.1
 Name:           tcpdump
-Version:        4.9.1
+Version:        4.9.2
 Release:        0
 Summary:        A Packet Sniffer
 License:        BSD-3-Clause
@@ -28,8 +28,8 @@ Source:         http://www.tcpdump.org/release/%{name}-%{version}.tar.gz
 Source1:        tcpdump-qeth
 Source2:        http://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig
 Source3:        http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring
-# PATCH-FIX-OPENSUSE tcpdump-ikev2pI2-test-fails-ppc.patch -- Disable ikev2pI2 test on ppc, ppc64 and ppc64le
+# PATCH-FIX-OPENSUSE tcpdump-ikev2pI2.patch - disabled failing test
-Patch0:         tcpdump-ikev2pI2-test-fails-ppc.patch
+Patch0:         tcpdump-ikev2pI2.patch
 BuildRequires:  libpcap-devel >= %{min_libpcap_version}
 BuildRequires:  libsmi-devel
 BuildRequires:  openssl-devel