- fix buffer overflow in 802.11 printer (#232349, CVE-2007-1218)

- spec cleanup (#226481) Resolves: #232349 #226481
2007-03-15 12:20:46 +00:00 · 2007-03-15 12:20:46 +00:00 · 68add83a26
commit 68add83a26
parent 2af905112d
2 changed files with 31 additions and 6 deletions
--- a/tcpdump-3.9.5-80211.patch
+++ b/tcpdump-3.9.5-80211.patch
@ -0,0 +1,17 @@
+Index: tcpdump/print-802_11.c
+===================================================================
+RCS file: /tcpdump/master/tcpdump/print-802_11.c,v
+retrieving revision 1.42
+retrieving revision 1.43
+diff -u -r1.42 -r1.43
+--- tcpdump/print-802_11.c	13 Jun 2006 22:25:30 -0000	1.42
+++ tcpdump/print-802_11.c	1 Feb 2007 02:18:18 -0000	1.43
+@@ -264,7 +264,7 @@
+ 
+ 			if (pbody->tim.length <= 3)
+ 				break;
+-			if (pbody->rates.length > sizeof pbody->tim.bitmap)
+			if (pbody->tim.length - 3 > sizeof pbody->tim.bitmap)
+ 				return;
+ 			if (!TTEST2(*(p + offset), pbody->tim.length - 3))
+ 				return;
--- a/tcpdump.spec
+++ b/tcpdump.spec
@ -2,7 +2,7 @@ Summary: A network traffic monitoring tool
 Name: tcpdump
 Epoch: 14
 Version: 3.9.5
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: BSD
 URL: http://www.tcpdump.org
 Group: Applications/Internet
@ -18,6 +18,7 @@ Patch3: tcpdump-3.9.4-ring-buffers.patch
 Patch4: tcpdump-3.9.5-nolocalpcap.patch
 Patch5: tcpdump-3.6.2-tcpslice-time.patch
 Patch6: tcpslice-CVS.20010207-bpf.patch
+Patch7: tcpdump-3.9.5-80211.patch

 %define tcpslice_dir tcpslice

@ -38,11 +39,14 @@ Install tcpdump if you need a program to monitor network traffic.
 %patch4 -p1 -b .nolocalpcap
 %patch5 -p1 -b .tcpslicetime
 %patch6 -p0 -b .bpf
+%patch7 -p1 -b .80211
+
+find . -name '*.c' -o -name '*.h' | xargs chmod 644

 %build
 pushd %tcpslice_dir
 %configure
-make
+make %{?_smp_mflags}
 popd

 %configure --with-user=tcpdump
@ -80,6 +84,10 @@ exit 0
 %{_mandir}/man8/tcpdump.8*

 %changelog
+* Thu Mar 15 2007 Miroslav Lichvar <mlichvar@redhat.com> - 14:3.9.5-3
+- fix buffer overflow in 802.11 printer (#232349, CVE-2007-1218)
+- spec cleanup (#226481)
+
 * Tue Dec 12 2006 Miroslav Lichvar <mlichvar@redhat.com> - 14:3.9.5-2
 - use tcpdump user, fix scriptlet (#219268)

@ -313,12 +321,12 @@ exit 0

 * Sat Apr 14 2001 Pekka Savola <pekkas@netcore.fi>
 - fix building of tcpslice on glibc 2.2.2 (time.h)
- disable /etc/init.d requirement and fix %post scripts in arpwatch
+- disable /etc/init.d requirement and fix %%post scripts in arpwatch

 * Wed Feb 14 2001 Harald Hoyer <harald@redhat.de>
 - glibc sys/time -> time include patch

-* Wed Feb  7 2001 Trond Eivind Glomsrød <teg@redhat.com>
+* Wed Feb  7 2001 Trond Eivind Glomsrød <teg@redhat.com>
 - Add space to this check

 * Wed Feb 07 2001 Harald Hoyer <harald@redhat.com>
@ -328,7 +336,7 @@ exit 0
 - update to 3.6.2, 0.6.2 and new CVS of tcpslice.
 - i18n'ize arpwatch init script

-* Fri Feb  2 2001 Trond Eivind Glomsrød <teg@redhat.com>
+* Fri Feb  2 2001 Trond Eivind Glomsrød <teg@redhat.com>
 - i18nize initscript

 * Mon Jan 29 2001 Harald Hoyer <harald@redhat.com>
@ -490,7 +498,7 @@ exit 0

 * Tue Oct 21 1997 Erik Troan <ewt@redhat.com>
 - updated to release 3.4a5
- uses a buildroot and %attr 
+- uses a buildroot and %%attr 

 * Thu Jul 17 1997 Erik Troan <ewt@redhat.com>
 - built against glibc