diff options
author | Sam James <sam@gentoo.org> | 2020-11-07 01:44:47 +0000 |
---|---|---|
committer | Sam James <sam@gentoo.org> | 2020-11-07 01:44:47 +0000 |
commit | 5ffa42e571f5f14a5a3400a8993a4b7745a852ef (patch) | |
tree | 80d09929b2568f7139960e4796d99a2e3ec5c8fc /net-analyzer/tcpdump | |
parent | app-misc/tmux: ppc64 stable (bug #753206) (diff) | |
download | gentoo-5ffa42e571f5f14a5a3400a8993a4b7745a852ef.tar.gz gentoo-5ffa42e571f5f14a5a3400a8993a4b7745a852ef.tar.bz2 gentoo-5ffa42e571f5f14a5a3400a8993a4b7745a852ef.zip |
net-analyzer/tcpdump: patch CVE-2020-8037
Note that CVE-2020-8036 is already fixed in the version
of 4.10.x packaged in Gentoo and 4.9.x is unaffected
(the relevant functionality simply did not exist).
Bug: https://bugs.gentoo.org/753146
Package-Manager: Portage-3.0.8, Repoman-3.0.2
Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'net-analyzer/tcpdump')
-rw-r--r-- | net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch | 63 | ||||
-rw-r--r-- | net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild | 22 | ||||
-rw-r--r-- | net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild | 86 |
3 files changed, 157 insertions, 14 deletions
diff --git a/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch b/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch new file mode 100644 index 000000000000..2852845eb748 --- /dev/null +++ b/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch @@ -0,0 +1,63 @@ +From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001 +From: Guy Harris <guy@alum.mit.edu> +Date: Sat, 18 Apr 2020 14:04:59 -0700 +Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer. + +The buffer should be big enough to hold the captured data, but it +doesn't need to be big enough to hold the entire on-the-network packet, +if we haven't captured all of it. + +(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334) +--- + print-ppp.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/print-ppp.c b/print-ppp.c +index 891761728..33fb03412 100644 +--- a/print-ppp.c ++++ b/print-ppp.c +@@ -1367,19 +1367,29 @@ print_bacp_config_options(netdissect_options *ndo, + return 0; + } + ++/* ++ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. ++ * The length argument is the on-the-wire length, not the captured ++ * length; we can only un-escape the captured part. ++ */ + static void + ppp_hdlc(netdissect_options *ndo, + const u_char *p, int length) + { ++ u_int caplen = ndo->ndo_snapend - p; + u_char *b, *t, c; + const u_char *s; +- int i, proto; ++ u_int i; ++ int proto; + const void *se; + ++ if (caplen == 0) ++ return; ++ + if (length <= 0) + return; + +- b = (u_char *)malloc(length); ++ b = (u_char *)malloc(caplen); + if (b == NULL) + return; + +@@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo, + * Do this so that we dont overwrite the original packet + * contents. + */ +- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { ++ for (s = p, t = b, i = caplen; i != 0; i--) { + c = *s++; + if (c == 0x7d) { +- if (i <= 1 || !ND_TTEST(*s)) ++ if (i <= 1) + break; + i--; + c = *s++ ^ 0x20; diff --git a/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild b/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild index aa6aa458165d..3133cb51eca1 100644 --- a/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild +++ b/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild @@ -5,21 +5,20 @@ EAPI=7 inherit autotools DESCRIPTION="A Tool for network monitoring and data acquisition" -HOMEPAGE=" - https://www.tcpdump.org/ - https://github.com/the-tcpdump-group/tcpdump -" -LICENSE="BSD" -SRC_URI=" - https://github.com/the-tcpdump-group/${PN}/archive/${P/_}.tar.gz -" +HOMEPAGE="https://www.tcpdump.org/ https://github.com/the-tcpdump-group/tcpdump" +SRC_URI="https://github.com/the-tcpdump-group/${PN}/archive/${P/_}.tar.gz" +S="${WORKDIR}/${PN}-${P/_}" +LICENSE="BSD" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" IUSE="+drop-root libressl +smi +ssl +samba suid test" RESTRICT="!test? ( test )" REQUIRED_USE="test? ( samba )" +BDEPEND=" + drop-root? ( virtual/pkgconfig ) +" RDEPEND=" net-libs/libpcap drop-root? ( @@ -37,9 +36,6 @@ RDEPEND=" acct-user/pcap ) " -BDEPEND=" - drop-root? ( virtual/pkgconfig ) -" DEPEND=" ${RDEPEND} test? ( @@ -50,11 +46,9 @@ DEPEND=" PATCHES=( "${FILESDIR}"/${PN}-9999-libdir.patch ) -S=${WORKDIR}/${PN}-${P/_} src_prepare() { default - eautoreconf } @@ -90,5 +84,5 @@ src_install() { } pkg_postinst() { - use suid && elog "To let normal users run tcpdump add them to the pcap group." + use suid && elog "To let normal users run tcpdump, add them to the pcap group." } diff --git a/net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild b/net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild new file mode 100644 index 000000000000..bfd5bf492128 --- /dev/null +++ b/net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild @@ -0,0 +1,86 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools + +DESCRIPTION="A Tool for network monitoring and data acquisition" +HOMEPAGE="https://www.tcpdump.org/ https://github.com/the-tcpdump-group/tcpdump" +SRC_URI="https://www.tcpdump.org/release/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" +IUSE="+drop-root libressl smi ssl samba suid test" +RESTRICT="!test? ( test )" + +RDEPEND=" + net-libs/libpcap + drop-root? ( + acct-group/pcap + acct-user/pcap + sys-libs/libcap-ng + ) + smi? ( net-libs/libsmi ) + ssl? ( + !libressl? ( >=dev-libs/openssl-0.9.6m:0= ) + libressl? ( dev-libs/libressl:= ) + ) + suid? ( + acct-group/pcap + acct-user/pcap + ) +" +DEPEND=" + ${RDEPEND} + test? ( + >=net-libs/libpcap-1.9.1 + dev-lang/perl + ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-9999-libdir.patch + "${FILESDIR}"/${PN}-4.9.3-CVE-2020-8037.patch +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + econf \ + $(use_enable samba smb) \ + $(use_with drop-root cap-ng) \ + $(use_with drop-root chroot '') \ + $(use_with smi) \ + $(use_with ssl crypto "${ESYSROOT}/usr") \ + $(usex drop-root "--with-user=pcap" "") +} + +src_test() { + if [[ ${EUID} -ne 0 ]] || ! use drop-root; then + emake check + else + ewarn "If you want to run the test suite, make sure you either" + ewarn "set FEATURES=userpriv or set USE=-drop-root" + fi +} + +src_install() { + dosbin tcpdump + doman tcpdump.1 + dodoc *.awk + dodoc CHANGES CREDITS README.md + + if use suid; then + fowners root:pcap /usr/sbin/tcpdump + fperms 4110 /usr/sbin/tcpdump + fi +} + +pkg_postinst() { + use suid && elog "To let normal users run tcpdump, add them to the pcap group." +} |