New version 4.9.3
Fixes CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452, CVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167
This commit is contained in:
parent
75ba4869e0
commit
40612b3036
2
.gitignore
vendored
2
.gitignore
vendored
@ -18,3 +18,5 @@ tcpdump-4.1.1.tar.gz
|
|||||||
/tcpdump-4.9.1.tar.gz
|
/tcpdump-4.9.1.tar.gz
|
||||||
/tcpdump-4.9.2.tar.gz.sig
|
/tcpdump-4.9.2.tar.gz.sig
|
||||||
/tcpdump-4.9.2.tar.gz
|
/tcpdump-4.9.2.tar.gz
|
||||||
|
/tcpdump-4.9.3.tar.gz
|
||||||
|
/tcpdump-4.9.3.tar.gz.sig
|
||||||
|
@ -1,26 +0,0 @@
|
|||||||
From f19e0376b8e98b38240d28eb9e6f78c465bb1c6e Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Mon, 20 Oct 2014 13:34:24 +0200
|
|
||||||
Subject: [PATCH 1/8] icmp6: print Reachable Time and Retransmit Time from
|
|
||||||
ICMPv6 as milliseconds
|
|
||||||
|
|
||||||
---
|
|
||||||
print-icmp6.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/print-icmp6.c b/print-icmp6.c
|
|
||||||
index 7fe639d..cfaa2df 100644
|
|
||||||
--- a/print-icmp6.c
|
|
||||||
+++ b/print-icmp6.c
|
|
||||||
@@ -1034,7 +1034,7 @@ icmp6_print(netdissect_options *ndo,
|
|
||||||
p = (const struct nd_router_advert *)dp;
|
|
||||||
ND_TCHECK(p->nd_ra_retransmit);
|
|
||||||
ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \
|
|
||||||
- ", pref %s, router lifetime %us, reachable time %us, retrans time %us",
|
|
||||||
+ ", pref %s, router lifetime %us, reachable time %ums, retrans time %ums",
|
|
||||||
(u_int)p->nd_ra_curhoplimit,
|
|
||||||
bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)),
|
|
||||||
get_rtpref(p->nd_ra_flags_reserved),
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -1,36 +0,0 @@
|
|||||||
From d5508c13119404102104a3935e7445c9fddf79b5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Fri, 3 Feb 2017 09:43:03 +0100
|
|
||||||
Subject: [PATCH 8/8] Don't print out we dropped root, we are always dropping
|
|
||||||
it
|
|
||||||
|
|
||||||
---
|
|
||||||
tcpdump.c | 5 -----
|
|
||||||
1 file changed, 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tcpdump.c b/tcpdump.c
|
|
||||||
index 29f7f87..18c4a5c 100644
|
|
||||||
--- a/tcpdump.c
|
|
||||||
+++ b/tcpdump.c
|
|
||||||
@@ -618,8 +618,6 @@ droproot(const char *username, const char *chroot_dir)
|
|
||||||
int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
|
|
||||||
if (ret < 0) {
|
|
||||||
fprintf(stderr, "error : ret %d\n", ret);
|
|
||||||
- } else {
|
|
||||||
- fprintf(stderr, "dropped privs to %s\n", username);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
@@ -632,9 +630,6 @@ droproot(const char *username, const char *chroot_dir)
|
|
||||||
pcap_strerror(errno));
|
|
||||||
exit_tcpdump(1);
|
|
||||||
}
|
|
||||||
- else {
|
|
||||||
- fprintf(stderr, "dropped privs to %s\n", username);
|
|
||||||
- }
|
|
||||||
#endif /* HAVE_LIBCAP_NG */
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
--
|
|
||||||
2.9.3
|
|
||||||
|
|
@ -10,18 +10,15 @@ flag than upstream does. We use -nn in those cases.
|
|||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
diff --git a/tests/TESTonce b/tests/TESTonce
|
diff --git a/tests/TESTonce b/tests/TESTonce
|
||||||
index 7026624..e348701 100755
|
index 425abaa..81283d9 100755
|
||||||
--- a/tests/TESTonce
|
--- a/tests/TESTonce
|
||||||
+++ b/tests/TESTonce
|
+++ b/tests/TESTonce
|
||||||
@@ -21,7 +21,7 @@ if ($^O eq 'MSWin32') {
|
@@ -43,7 +43,7 @@ if ($^O eq 'MSWin32') {
|
||||||
else {
|
else {
|
||||||
# we used to do this as a nice pipeline, but the problem is that $r fails to
|
# we used to do this as a nice pipeline, but the problem is that $r fails to
|
||||||
# to be set properly if the tcpdump core dumps.
|
# to be set properly if the tcpdump core dumps.
|
||||||
- $r = system "../tcpdump 2>/dev/null -n -t -r $input $options >NEW/$output";
|
- $cmd = "$TCPDUMP 2>${rawstderrlog} -t -n -r $input $options >tests/NEW/${outputbase}";
|
||||||
+ $r = system "../tcpdump 2>/dev/null -nn -t -r $input $options >NEW/$output";
|
+ $cmd = "$TCPDUMP 2>${rawstderrlog} -t -nn -r $input $options >tests/NEW/${outputbase}";
|
||||||
if($r != 0) {
|
print "CMD: $cmd\n" if $debug;
|
||||||
# this means tcpdump failed.
|
$r = system $cmd;
|
||||||
open(OUTPUT, ">>"."NEW/$output") || die "fail to open $output\n";
|
if($r == -1) {
|
||||||
--
|
|
||||||
2.13.5
|
|
||||||
|
|
||||||
|
@ -1,45 +0,0 @@
|
|||||||
From 0ae4aa1881bbe40443bff802b5e4aa6ca0696dd9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: rpm-build <rpm-build>
|
|
||||||
Date: Tue, 11 Apr 2017 09:37:53 +0200
|
|
||||||
Subject: [PATCH 10/13] Expect miliseconds instead of seconds in icmp capture.
|
|
||||||
|
|
||||||
Again this is caused by our patch, so we need to modify tests
|
|
||||||
accordingly.
|
|
||||||
---
|
|
||||||
tests/icmpv6.out | 2 +-
|
|
||||||
tests/icmpv6_opt24-v.out | 4 ++--
|
|
||||||
2 files changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/icmpv6.out b/tests/icmpv6.out
|
|
||||||
index bb7775e..8979540 100644
|
|
||||||
--- a/tests/icmpv6.out
|
|
||||||
+++ b/tests/icmpv6.out
|
|
||||||
@@ -1,5 +1,5 @@
|
|
||||||
IP6 (hlim 255, next-header ICMPv6 (58) payload length: 176) fe80::b299:28ff:fec8:d66c > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 176
|
|
||||||
- hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0s, retrans time 0s
|
|
||||||
+ hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0ms, retrans time 0ms
|
|
||||||
prefix info option (3), length 32 (4): 2222:3333:4444:5555:6600::/72, Flags [onlink, auto], valid time 2592000s, pref. time 604800s
|
|
||||||
0x0000: 48c0 0027 8d00 0009 3a80 0000 0000 2222
|
|
||||||
0x0010: 3333 4444 5555 6600 0000 0000 0000
|
|
||||||
diff --git a/tests/icmpv6_opt24-v.out b/tests/icmpv6_opt24-v.out
|
|
||||||
index 2b7cf09..00512df 100644
|
|
||||||
--- a/tests/icmpv6_opt24-v.out
|
|
||||||
+++ b/tests/icmpv6_opt24-v.out
|
|
||||||
@@ -1,5 +1,5 @@
|
|
||||||
IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120
|
|
||||||
- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s
|
|
||||||
+ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms
|
|
||||||
source link-address option (1), length 8 (1): 14:cf:92:87:23:d6
|
|
||||||
mtu option (5), length 8 (1): 1500
|
|
||||||
prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s
|
|
||||||
@@ -7,7 +7,7 @@ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87
|
|
||||||
rdnss option (25), length 24 (3): lifetime 1800s, addr: fd8d:4fb3:5b2e::1
|
|
||||||
dnssl option (31), length 16 (2): lifetime 1800s, domain(s): lan.
|
|
||||||
IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120
|
|
||||||
- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s
|
|
||||||
+ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms
|
|
||||||
source link-address option (1), length 8 (1): 14:cf:92:87:23:d6
|
|
||||||
mtu option (5), length 8 (1): 1500
|
|
||||||
prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s
|
|
||||||
--
|
|
||||||
2.13.5
|
|
@ -1,133 +1,29 @@
|
|||||||
diff --git a/print-esp.c b/print-esp.c
|
diff --git a/print-esp.c b/print-esp.c
|
||||||
index 511ee8a3..5b282526 100644
|
index 6fabff1..5818cc8 100644
|
||||||
--- a/print-esp.c
|
--- a/print-esp.c
|
||||||
+++ b/print-esp.c
|
+++ b/print-esp.c
|
||||||
@@ -192,8 +192,8 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo,
|
@@ -242,6 +242,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo,
|
||||||
const u_char *iv;
|
if (input_buffer == NULL) {
|
||||||
unsigned int len;
|
|
||||||
EVP_CIPHER_CTX *ctx;
|
|
||||||
- unsigned int block_size, output_buffer_size;
|
|
||||||
- u_char *output_buffer;
|
|
||||||
+ unsigned int block_size, buffer_size;
|
|
||||||
+ u_char *input_buffer, *output_buffer;
|
|
||||||
|
|
||||||
/* initiator arg is any non-zero value */
|
|
||||||
if(initiator) initiator=1;
|
|
||||||
@@ -228,19 +228,41 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo,
|
|
||||||
(*ndo->ndo_warning)(ndo, "espkey init failed");
|
|
||||||
set_cipher_parameters(ctx, NULL, NULL, iv, 0);
|
|
||||||
/*
|
|
||||||
- * Allocate a buffer for the decrypted data.
|
|
||||||
- * The output buffer must be separate from the input buffer, and
|
|
||||||
- * its size must be a multiple of the cipher block size.
|
|
||||||
+ * Allocate buffers for the encrypted and decrypted data.
|
|
||||||
+ * Both buffers' sizes must be a multiple of the cipher block
|
|
||||||
+ * size, and the output buffer must be separate from the input
|
|
||||||
+ * buffer.
|
|
||||||
*/
|
|
||||||
block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx);
|
|
||||||
- output_buffer_size = len + (block_size - len % block_size);
|
|
||||||
- output_buffer = (u_char *)malloc(output_buffer_size);
|
|
||||||
+ buffer_size = len + (block_size - len % block_size);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Attempt to allocate the input buffer.
|
|
||||||
+ */
|
|
||||||
+ input_buffer = (u_char *)malloc(buffer_size);
|
|
||||||
+ if (input_buffer == NULL) {
|
|
||||||
+ (*ndo->ndo_warning)(ndo, "can't allocate memory for encrypted data buffer");
|
|
||||||
+ EVP_CIPHER_CTX_free(ctx);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ /*
|
|
||||||
+ * Copy the input data to the encrypted data buffer, and pad it
|
|
||||||
+ * with zeroes.
|
|
||||||
+ */
|
|
||||||
+ memcpy(input_buffer, buf, len);
|
|
||||||
+ memset(input_buffer + len, 0, buffer_size - len);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Attempt to allocate the output buffer.
|
|
||||||
+ */
|
|
||||||
+ output_buffer = (u_char *)malloc(buffer_size);
|
|
||||||
if (output_buffer == NULL) {
|
|
||||||
(*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer");
|
|
||||||
+ free(input_buffer);
|
|
||||||
EVP_CIPHER_CTX_free(ctx);
|
EVP_CIPHER_CTX_free(ctx);
|
||||||
return 0;
|
(*ndo->ndo_error)(ndo, "can't allocate memory for encrypted data buffer");
|
||||||
|
+ return 0;
|
||||||
}
|
}
|
||||||
- EVP_Cipher(ctx, output_buffer, buf, len);
|
/*
|
||||||
|
* Copy the input data to the encrypted data buffer, and pad it
|
||||||
|
@@ -259,7 +260,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo,
|
||||||
|
EVP_CIPHER_CTX_free(ctx);
|
||||||
|
(*ndo->ndo_error)(ndo, "can't allocate memory for decryption buffer");
|
||||||
|
}
|
||||||
|
- EVP_Cipher(ctx, output_buffer, input_buffer, len);
|
||||||
+ EVP_Cipher(ctx, output_buffer, input_buffer, buffer_size);
|
+ EVP_Cipher(ctx, output_buffer, input_buffer, buffer_size);
|
||||||
EVP_CIPHER_CTX_free(ctx);
|
EVP_CIPHER_CTX_free(ctx);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -249,6 +272,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo,
|
@@ -815,6 +816,7 @@ esp_print(netdissect_options *ndo,
|
||||||
* but changing this would require a more complicated fix.
|
if (input_buffer == NULL) {
|
||||||
*/
|
EVP_CIPHER_CTX_free(ctx);
|
||||||
memcpy(buf, output_buffer, len);
|
(*ndo->ndo_error)(ndo, "can't allocate memory for encrypted data buffer");
|
||||||
+ free(input_buffer);
|
|
||||||
free(output_buffer);
|
|
||||||
|
|
||||||
ndo->ndo_packetp = buf;
|
|
||||||
@@ -666,8 +690,8 @@ esp_print(netdissect_options *ndo,
|
|
||||||
const u_char *ivoff;
|
|
||||||
const u_char *p;
|
|
||||||
EVP_CIPHER_CTX *ctx;
|
|
||||||
- unsigned int block_size, output_buffer_size;
|
|
||||||
- u_char *output_buffer;
|
|
||||||
+ unsigned int block_size, buffer_size;
|
|
||||||
+ u_char *input_buffer, *output_buffer;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
esp = (const struct newesp *)bp;
|
|
||||||
@@ -784,21 +808,43 @@ esp_print(netdissect_options *ndo,
|
|
||||||
len = ep - (p + ivlen);
|
|
||||||
|
|
||||||
/*
|
|
||||||
- * Allocate a buffer for the decrypted data.
|
|
||||||
- * The output buffer must be separate from the
|
|
||||||
- * input buffer, and its size must be a multiple
|
|
||||||
- * of the cipher block size.
|
|
||||||
+ * Allocate buffers for the encrypted and decrypted
|
|
||||||
+ * data. Both buffers' sizes must be a multiple of
|
|
||||||
+ * the cipher block size, and the output buffer must
|
|
||||||
+ * be separate from the input buffer.
|
|
||||||
*/
|
|
||||||
block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx);
|
|
||||||
- output_buffer_size = len + (block_size - len % block_size);
|
|
||||||
- output_buffer = (u_char *)malloc(output_buffer_size);
|
|
||||||
+ buffer_size = len + (block_size - len % block_size);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Attempt to allocate the input buffer.
|
|
||||||
+ */
|
|
||||||
+ input_buffer = (u_char *)malloc(buffer_size);
|
|
||||||
+ if (input_buffer == NULL) {
|
|
||||||
+ (*ndo->ndo_warning)(ndo, "can't allocate memory for encrypted data buffer");
|
|
||||||
+ EVP_CIPHER_CTX_free(ctx);
|
|
||||||
+ return 0;
|
+ return 0;
|
||||||
+ }
|
|
||||||
+ /*
|
|
||||||
+ * Copy the input data to the encrypted data buffer,
|
|
||||||
+ * and pad it with zeroes.
|
|
||||||
+ */
|
|
||||||
+ memcpy(input_buffer, p + ivlen, len);
|
|
||||||
+ memset(input_buffer + len, 0, buffer_size - len);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Attempt to allocate the output buffer.
|
|
||||||
+ */
|
|
||||||
+ output_buffer = (u_char *)malloc(buffer_size);
|
|
||||||
if (output_buffer == NULL) {
|
|
||||||
(*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer");
|
|
||||||
+ free(input_buffer);
|
|
||||||
EVP_CIPHER_CTX_free(ctx);
|
|
||||||
return -1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
- EVP_Cipher(ctx, output_buffer, p + ivlen, len);
|
|
||||||
+ EVP_Cipher(ctx, output_buffer, input_buffer, len);
|
|
||||||
+ free(input_buffer);
|
|
||||||
EVP_CIPHER_CTX_free(ctx);
|
|
||||||
/*
|
/*
|
||||||
* XXX - of course this is wrong, because buf is a
|
* Copy the input data to the encrypted data buffer,
|
||||||
|
4
sources
4
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (tcpslice-1.2a3.tar.gz) = 04e12d592807022c78eb4941580ed103995680c69af885bb8f13828a12ec570f7fe93c34c1b20a01d3d99f445d5da17a1fcfbe25b2e3b41abe28304c034654c5
|
SHA512 (tcpslice-1.2a3.tar.gz) = 04e12d592807022c78eb4941580ed103995680c69af885bb8f13828a12ec570f7fe93c34c1b20a01d3d99f445d5da17a1fcfbe25b2e3b41abe28304c034654c5
|
||||||
SHA512 (tcpdump-4.9.2.tar.gz.sig) = 76a41de2fc414018e01a9177e6946d9792fa8ded575ec264c7eb67a036bcdad3f451aa76e7b611430b8dd55de2403977c990e00f8b735aa8e6e4395463c8b1a6
|
SHA512 (tcpdump-4.9.3.tar.gz) = 22354dbbf6ab3f7519035b41702a8dc93472dc808e88e76414a06dd69eca822e3d6b94ec608cfeffe25572125757824e97e6a4a7ec81d45e990429e8faf774cb
|
||||||
SHA512 (tcpdump-4.9.2.tar.gz) = e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b
|
SHA512 (tcpdump-4.9.3.tar.gz.sig) = b8b189a522b924c717c30f09a9d60ede76cfbb0ffc6cd185fec1887230d06117663b6f55e7489c0e34b744a89e05e78509ca8a1551a94f6e091cbafc643b0c8c
|
||||||
|
11
tcpdump.spec
11
tcpdump.spec
@ -1,8 +1,8 @@
|
|||||||
Summary: A network traffic monitoring tool
|
Summary: A network traffic monitoring tool
|
||||||
Name: tcpdump
|
Name: tcpdump
|
||||||
Epoch: 14
|
Epoch: 14
|
||||||
Version: 4.9.2
|
Version: 4.9.3
|
||||||
Release: 9%{?dist}
|
Release: 1%{?dist}
|
||||||
License: BSD with advertising
|
License: BSD with advertising
|
||||||
URL: http://www.tcpdump.org
|
URL: http://www.tcpdump.org
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
@ -12,16 +12,13 @@ Source0: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz
|
|||||||
Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz
|
Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz
|
||||||
Source2: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz.sig
|
Source2: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz.sig
|
||||||
|
|
||||||
Patch0001: 0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch
|
|
||||||
Patch0002: 0002-Use-getnameinfo-instead-of-gethostbyaddr.patch
|
Patch0002: 0002-Use-getnameinfo-instead-of-gethostbyaddr.patch
|
||||||
Patch0003: 0003-Drop-root-priviledges-before-opening-first-savefile-.patch
|
Patch0003: 0003-Drop-root-priviledges-before-opening-first-savefile-.patch
|
||||||
Patch0004: 0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch
|
Patch0004: 0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch
|
||||||
Patch0005: 0005-tcpslice-remove-unneeded-include.patch
|
Patch0005: 0005-tcpslice-remove-unneeded-include.patch
|
||||||
Patch0006: 0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch
|
Patch0006: 0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch
|
||||||
Patch0007: 0007-Introduce-nn-option.patch
|
Patch0007: 0007-Introduce-nn-option.patch
|
||||||
Patch0008: 0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch
|
|
||||||
Patch0009: 0009-Change-n-flag-to-nn-in-TESTonce.patch
|
Patch0009: 0009-Change-n-flag-to-nn-in-TESTonce.patch
|
||||||
Patch0010: 0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch
|
|
||||||
Patch0011: 0011-Evp-cipher-buffers.patch
|
Patch0011: 0011-Evp-cipher-buffers.patch
|
||||||
Patch0012: 0012-Add-printing-support-for-vsockmon-devices.patch
|
Patch0012: 0012-Add-printing-support-for-vsockmon-devices.patch
|
||||||
|
|
||||||
@ -88,6 +85,10 @@ exit 0
|
|||||||
%{_mandir}/man8/tcpdump.8*
|
%{_mandir}/man8/tcpdump.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 15 2019 Michal Ruprich <mruprich@redhat.com> - 14:4.9.3-1
|
||||||
|
- New version 4.9.3
|
||||||
|
- Fixes CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452, CVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167
|
||||||
|
|
||||||
* Mon Sep 16 2019 Michal Ruprich <mruprich@redhat.com> - 14:4.9.2-9
|
* Mon Sep 16 2019 Michal Ruprich <mruprich@redhat.com> - 14:4.9.2-9
|
||||||
- Adding getent to pre scriptlet to avoid audit messages (rhbz#1715420)
|
- Adding getent to pre scriptlet to avoid audit messages (rhbz#1715420)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user