CC: tcpdump: upgrade to 4.9.2

Fixes:
CVE-2017-11541
CVE-2017-11541
CVE-2017-11542
CVE-2017-11542
CVE-2017-11543
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725
[thanks to Stijn Tintel for listing the CVEs in LEDE 2375e27.]

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>

diff --git a/package/network/utils/tcpdump/Makefile b/package/network/utils/tcpdump/Makefile
index a3a4a62..3a760c1 100644 (file)
--- a/package/network/utils/tcpdump/Makefile
+++ b/package/network/utils/tcpdump/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tcpdump
-PKG_VERSION:=4.9.1
+PKG_VERSION:=4.9.2
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.tcpdump.org/release/ \
        http://www.at.tcpdump.org/
-PKG_MD5SUM:=1e0293210b0dea5ef18e88e4150394b7
+PKG_MD5SUM:=9bbc1ee33dab61302411b02dd0515576
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_BUILD_PARALLEL:=1

diff --git a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
index 618ea08..5d8a269 100644 (file)
--- a/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
+++ b/package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
@@ -92,7 +92,7 @@
  LIBOBJS = @LIBOBJS@
 --- a/addrtoname.c
 +++ b/addrtoname.c
-@@ -566,8 +566,10 @@ linkaddr_string(netdissect_options *ndo,
+@@ -578,8 +578,10 @@ linkaddr_string(netdissect_options *ndo,
        if (type == LINKADDR_ETHER && len == ETHER_ADDR_LEN)
                return (etheraddr_string(ndo, ep));
  
@@ -102,8 +102,8 @@
 +#endif
  
        tp = lookup_bytestring(ndo, ep, len);
-       if (tp->e_name)
-@@ -1202,6 +1204,7 @@ init_addrtoname(netdissect_options *ndo,
+       if (tp->bs_name)
+@@ -1214,6 +1216,7 @@ init_addrtoname(netdissect_options *ndo,
        init_ipxsaparray(ndo);
  }
  
@@ -111,7 +111,7 @@
  const char *
  dnaddr_string(netdissect_options *ndo, u_short dnaddr)
  {
-@@ -1221,6 +1224,7 @@ dnaddr_string(netdissect_options *ndo, u
+@@ -1233,6 +1236,7 @@ dnaddr_string(netdissect_options *ndo, u
  
        return(tp->name);
  }
@@ -224,7 +224,7 @@
                return (1);
 @@ -368,6 +369,7 @@ ethertype_print(netdissect_options *ndo,
                }
-               isoclns_print(ndo, p + 1, length - 1, caplen - 1);
+               isoclns_print(ndo, p + 1, length - 1);
                return(1);
 +#endif
  
@@ -312,7 +312,7 @@
          break;
 --- a/print-ip6.c
 +++ b/print-ip6.c
-@@ -303,6 +303,7 @@ ip6_print(netdissect_options *ndo, const
+@@ -305,6 +305,7 @@ ip6_print(netdissect_options *ndo, const
                                return;
                        nh = *cp;
                        break;
@@ -320,13 +320,16 @@
                case IPPROTO_FRAGMENT:
                        advance = frag6_print(ndo, cp, (const u_char *)ip6);
                        if (advance < 0 || ndo->ndo_snapend <= cp + advance)
-@@ -324,16 +325,19 @@ ip6_print(netdissect_options *ndo, const
-                       advance = mobility_print(ndo, cp, (const u_char *)ip6);
+@@ -328,6 +329,7 @@ ip6_print(netdissect_options *ndo, const
+                               return;
                        nh = *cp;
                        return;
 +#endif
                case IPPROTO_ROUTING:
+                       ND_TCHECK(*cp);
                        advance = rt6_print(ndo, cp, (const u_char *)ip6);
+@@ -335,12 +337,14 @@ ip6_print(netdissect_options *ndo, const
+                               return;
                        nh = *cp;
                        break;
 +#ifndef TCPDUMP_MINI
@@ -340,15 +343,15 @@
                case IPPROTO_TCP:
                        tcp_print(ndo, cp, len, (const u_char *)ip6, fragmented);
                        return;
-@@ -343,6 +347,7 @@ ip6_print(netdissect_options *ndo, const
+@@ -350,6 +354,7 @@ ip6_print(netdissect_options *ndo, const
                case IPPROTO_ICMPV6:
                        icmp6_print(ndo, cp, len, (const u_char *)ip6, fragmented);
                        return;
 +#ifndef TCPDUMP_MINI
                case IPPROTO_AH:
                        advance = ah_print(ndo, cp);
-                       nh = *cp;
-@@ -371,6 +376,7 @@ ip6_print(netdissect_options *ndo, const
+                       if (advance < 0)
+@@ -382,6 +387,7 @@ ip6_print(netdissect_options *ndo, const
                case IPPROTO_PIM:
                        pim_print(ndo, cp, len, (const u_char *)ip6);
                        return;
@@ -356,7 +359,7 @@
  
                case IPPROTO_OSPF:
                        ospf6_print(ndo, cp, len);
-@@ -384,9 +390,11 @@ ip6_print(netdissect_options *ndo, const
+@@ -395,9 +401,11 @@ ip6_print(netdissect_options *ndo, const
                        ip_print(ndo, cp, len);
                        return;
  
@@ -370,7 +373,7 @@
                        gre_print(ndo, cp, len);
 --- a/print-ip.c
 +++ b/print-ip.c
-@@ -329,6 +329,7 @@ ip_print_demux(netdissect_options *ndo,
+@@ -344,6 +344,7 @@ ip_print_demux(netdissect_options *ndo,
  again:
        switch (ipds->nh) {
  
@@ -378,7 +381,7 @@
        case IPPROTO_AH:
                if (!ND_TTEST(*ipds->cp)) {
                        ND_PRINT((ndo, "[|AH]"));
-@@ -367,7 +368,9 @@ again:
+@@ -382,7 +383,9 @@ again:
                 */
                break;
        }
@@ -388,7 +391,7 @@
        case IPPROTO_SCTP:
                sctp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len);
                break;
-@@ -375,6 +378,7 @@ again:
+@@ -390,6 +393,7 @@ again:
        case IPPROTO_DCCP:
                dccp_print(ndo, ipds->cp, (const u_char *)ipds->ip, ipds->len);
                break;
@@ -396,7 +399,7 @@
  
        case IPPROTO_TCP:
                /* pass on the MF bit plus the offset to detect fragments */
-@@ -394,6 +398,7 @@ again:
+@@ -409,6 +413,7 @@ again:
                           ipds->off & (IP_MF|IP_OFFMASK));
                break;
  
@@ -404,7 +407,7 @@
        case IPPROTO_PIGP:
                /*
                 * XXX - the current IANA protocol number assignments
-@@ -414,14 +419,17 @@ again:
+@@ -429,14 +434,17 @@ again:
        case IPPROTO_EIGRP:
                eigrp_print(ndo, ipds->cp, ipds->len);
                break;
@@ -422,7 +425,7 @@
  
        case IPPROTO_OSPF:
                ospf_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
-@@ -454,6 +462,7 @@ again:
+@@ -469,6 +477,7 @@ again:
                gre_print(ndo, ipds->cp, ipds->len);
                break;
  
@@ -430,14 +433,14 @@
        case IPPROTO_MOBILE:
                mobile_print(ndo, ipds->cp, ipds->len);
                break;
-@@ -482,6 +491,7 @@ again:
+@@ -497,6 +506,7 @@ again:
        case IPPROTO_PGM:
                pgm_print(ndo, ipds->cp, ipds->len, (const u_char *)ipds->ip);
                break;
 +#endif
  
        default:
-               if (ndo->ndo_nflag==0 && (proto = getprotobynumber(ipds->nh)) != NULL)
+               if (ndo->ndo_nflag==0 && (p_name = netdb_protoname(ipds->nh)) != NULL)
 --- a/print-llc.c
 +++ b/print-llc.c
 @@ -206,6 +206,7 @@ llc_print(netdissect_options *ndo, const
@@ -472,21 +475,22 @@
  
  #ifdef ENABLE_SMB
        if (ssap == LLCSAP_NETBEUI && dsap == LLCSAP_NETBEUI
-@@ -322,11 +326,13 @@ llc_print(netdissect_options *ndo, const
+@@ -322,12 +326,13 @@ llc_print(netdissect_options *ndo, const
                return (hdrlen);
        }
  #endif
 +#ifndef TCPDUMP_MINI
        if (ssap == LLCSAP_ISONS && dsap == LLCSAP_ISONS
            && control == LLC_UI) {
-               isoclns_print(ndo, p, length, caplen);
+               isoclns_print(ndo, p, length);
                return (hdrlen);
        }
+-
 +#endif
- 
        if (!ndo->ndo_eflag) {
                if (ssap == dsap) {
-@@ -480,6 +486,7 @@ snap_print(netdissect_options *ndo, cons
+                       if (src == NULL || dst == NULL)
+@@ -480,6 +485,7 @@ snap_print(netdissect_options *ndo, cons
  
        case OUI_CISCO:
                  switch (et) {
@@ -494,7 +498,7 @@
                  case PID_CISCO_CDP:
                          cdp_print(ndo, p, length, caplen);
                          return (1);
-@@ -492,6 +499,7 @@ snap_print(netdissect_options *ndo, cons
+@@ -492,6 +498,7 @@ snap_print(netdissect_options *ndo, cons
                  case PID_CISCO_VTP:
                          vtp_print(ndo, p, length);
                          return (1);
@@ -502,7 +506,7 @@
                  case PID_CISCO_PVST:
                  case PID_CISCO_VLANBRIDGE:
                          stp_print(ndo, p, length);
-@@ -504,6 +512,7 @@ snap_print(netdissect_options *ndo, cons
+@@ -504,6 +511,7 @@ snap_print(netdissect_options *ndo, cons
        case OUI_RFC2684:
                switch (et) {
  
@@ -510,7 +514,7 @@
                case PID_RFC2684_ETH_FCS:
                case PID_RFC2684_ETH_NOFCS:
                        /*
-@@ -565,6 +574,7 @@ snap_print(netdissect_options *ndo, cons
+@@ -565,6 +573,7 @@ snap_print(netdissect_options *ndo, cons
                         */
                        fddi_print(ndo, p, length, caplen);
                        return (1);
@@ -526,7 +530,7 @@
  
 +#ifndef TCPDUMP_MINI
        case BSD_AFNUM_ISO:
-               isoclns_print(ndo, p, length, caplen);
+               isoclns_print(ndo, p, length);
                break;
 @@ -127,6 +128,7 @@ null_if_print(netdissect_options *ndo, c
        case BSD_AFNUM_IPX:
@@ -538,7 +542,7 @@
                /* unknown AF_ value */
 --- a/print-ppp.c
 +++ b/print-ppp.c
-@@ -1358,6 +1358,7 @@ trunc:
+@@ -1367,6 +1367,7 @@ trunc:
        return 0;
  }
  
@@ -546,7 +550,7 @@
  static void
  ppp_hdlc(netdissect_options *ndo,
           const u_char *p, int length)
-@@ -1436,6 +1437,7 @@ trunc:
+@@ -1445,6 +1446,7 @@ trunc:
        free(b);
        ND_PRINT((ndo, "[|ppp]"));
  }
@@ -554,7 +558,7 @@
  
  
  /* PPP */
-@@ -1443,10 +1445,12 @@ static void
+@@ -1452,10 +1454,12 @@ static void
  handle_ppp(netdissect_options *ndo,
             u_int proto, const u_char *p, int length)
  {
@@ -567,7 +571,7 @@
  
        switch (proto) {
        case PPP_LCP: /* fall through */
-@@ -1479,6 +1483,7 @@ handle_ppp(netdissect_options *ndo,
+@@ -1488,6 +1492,7 @@ handle_ppp(netdissect_options *ndo,
        case PPP_IPV6:
                ip6_print(ndo, p, length);
                break;
@@ -575,7 +579,7 @@
        case ETHERTYPE_IPX:     /*XXX*/
        case PPP_IPX:
                ipx_print(ndo, p, length);
-@@ -1490,6 +1495,7 @@ handle_ppp(netdissect_options *ndo,
+@@ -1499,6 +1504,7 @@ handle_ppp(netdissect_options *ndo,
        case PPP_MPLS_MCAST:
                mpls_print(ndo, p, length);
                break;
@@ -583,7 +587,7 @@
        case PPP_COMP:
                ND_PRINT((ndo, "compressed PPP data"));
                break;
-@@ -1630,6 +1636,7 @@ ppp_if_print(netdissect_options *ndo,
+@@ -1639,6 +1645,7 @@ ppp_if_print(netdissect_options *ndo,
        return (0);
  }
  
@@ -591,7 +595,7 @@
  /*
   * PPP I/F printer to use if we know that RFC 1662-style PPP in HDLC-like
   * framing, or Cisco PPP with HDLC framing as per section 4.3.1 of RFC 1547,
-@@ -1857,6 +1864,7 @@ printx:
+@@ -1866,6 +1873,7 @@ printx:
  #endif /* __bsdi__ */
        return (hdrlength);
  }