From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59511)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dq2vD-0004zj-Gt
	for guix-patches@gnu.org; Thu, 07 Sep 2017 15:57:13 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dq2v7-0007Wy-Up
	for guix-patches@gnu.org; Thu, 07 Sep 2017 15:57:07 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:46032)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dq2v7-0007Wu-S4
	for guix-patches@gnu.org; Thu, 07 Sep 2017 15:57:01 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dq2v7-0003tf-Kp
	for guix-patches@gnu.org; Thu, 07 Sep 2017 15:57:01 -0400
Subject: [bug#28387] [PATCH] gnu: tcpdump: Update to 4.9.2 [security fixes].
Resent-Message-ID: <handler.28387.B.150481421214959@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59297)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1dq2uY-0004sn-Og
	for guix-patches@gnu.org; Thu, 07 Sep 2017 15:56:32 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <leo@famulari.name>) id 1dq2uT-0007H1-CZ
	for guix-patches@gnu.org; Thu, 07 Sep 2017 15:56:26 -0400
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:40649)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <leo@famulari.name>) id 1dq2uT-0007Gj-8P
	for guix-patches@gnu.org; Thu, 07 Sep 2017 15:56:21 -0400
Received: from jasmine.lan (c-73-165-108-70.hsd1.pa.comcast.net
	[73.165.108.70])
	by mail.messagingengine.com (Postfix) with ESMTPA id DBF407F980
	for <guix-patches@gnu.org>; Thu,  7 Sep 2017 15:56:19 -0400 (EDT)
From: Leo Famulari <leo@famulari.name>
Date: Thu,  7 Sep 2017 15:56:15 -0400
Message-Id: <36ba9e7de8581353fb60ba72d687e123f6cfe5ef.1504814010.git.leo@famulari.name>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 28387@debbugs.gnu.org

Fixes CVE-2017-{12893,12894,12895,12896,12897,12898,12899,12900,12901,12902,
12985,12986,12987,12988,12989,12990,12991,12992,12993,12994,12995,12996,12997,
12998,12999,13000,13001,13002,13003,13004,13005,13006,13007,13008,13009,13010,
13012,13013,13014,13015,13016,13017,13018,13019,13020,13021,13022,13023,13024,
13025,13026,13027,13028,13029,13030,13031,13032,13033,13034,13035,13036,13037,
13038,13039,13040,13041,13042,13043,13044,13045,13046,13047,13048,13049,13050,
13051,13052,13053,13054,13055,13687,13688,13689,13690,13725}.

* gnu/packages/admin.scm (tcpdump): Update to 4.9.2.
[source]: Remove patches.
* gnu/packages/patches/tcpdump-CVE-2017-11541.patch,
gnu/packages/patches/tcpdump-CVE-2017-11542.patch,
gnu/packages/patches/tcpdump-CVE-2017-11543.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
---
 gnu/local.mk                                      |  3 -
 gnu/packages/admin.scm                            |  7 +-
 gnu/packages/patches/tcpdump-CVE-2017-11541.patch | 47 --------------
 gnu/packages/patches/tcpdump-CVE-2017-11542.patch | 37 -----------
 gnu/packages/patches/tcpdump-CVE-2017-11543.patch | 79 -----------------------
 5 files changed, 2 insertions(+), 171 deletions(-)
 delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11541.patch
 delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11542.patch
 delete mode 100644 gnu/packages/patches/tcpdump-CVE-2017-11543.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 9df17110b..2f8551076 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1034,9 +1034,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/tar-skip-unreliable-tests.patch		\
   %D%/packages/patches/tcl-mkindex-deterministic.patch		\
   %D%/packages/patches/tclxml-3.2-install.patch			\
-  %D%/packages/patches/tcpdump-CVE-2017-11541.patch		\
-  %D%/packages/patches/tcpdump-CVE-2017-11542.patch		\
-  %D%/packages/patches/tcpdump-CVE-2017-11543.patch		\
   %D%/packages/patches/tcsh-fix-autotest.patch			\
   %D%/packages/patches/tcsh-fix-out-of-bounds-read.patch	\
   %D%/packages/patches/teensy-loader-cli-help.patch		\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index f047bcaef..e6d5afe76 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -661,17 +661,14 @@ network statistics collection, security monitoring, network debugging, etc.")
 (define-public tcpdump
   (package
     (name "tcpdump")
-    (version "4.9.1")
+    (version "4.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.tcpdump.org/release/tcpdump-"
                                   version ".tar.gz"))
-              (patches (search-patches "tcpdump-CVE-2017-11541.patch"
-                                       "tcpdump-CVE-2017-11542.patch"
-                                       "tcpdump-CVE-2017-11543.patch"))
               (sha256
                (base32
-                "1wyqbg7bkmgqyslf1ns0xx9fcqi66hvcfm9nf77rl15jvvs8qi7r"))))
+                "0ygy0layzqaj838r5xd613iraz09wlfgpyh7pc6cwclql8v3b2vr"))))
     (build-system gnu-build-system)
     (inputs `(("libpcap" ,libpcap)
               ("openssl" ,openssl)))
diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch b/gnu/packages/patches/tcpdump-CVE-2017-11541.patch
deleted file mode 100644
index a9fc632dc..000000000
--- a/gnu/packages/patches/tcpdump-CVE-2017-11541.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Fix CVE-2017-11541
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11541
-
-Patch copied from upstream source repository:
-
-https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280
-
-From 21d702a136c5c16882e368af7c173df728242280 Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Tue, 7 Feb 2017 11:40:36 -0800
-Subject: [PATCH] CVE-2017-11541: In safeputs(), check the length before
- checking for a NUL terminator.
-
-safeputs() doesn't do packet bounds checking of its own; it assumes that
-the caller has checked the availability in the packet data of all maxlen
-bytes of data.  This means we should check that we're within the
-specified limit before looking at the byte.
-
-This fixes a buffer over-read discovered by Kamil Frankowicz.
-
-Add a test using the capture file supplied by the reporter(s).
----
- tests/TESTLIST            |   1 +
- tests/hoobr_safeputs.out  |   2 ++
- tests/hoobr_safeputs.pcap | Bin 0 -> 88 bytes
- util-print.c              |   2 +-
- 4 files changed, 4 insertions(+), 1 deletion(-)
- create mode 100644 tests/hoobr_safeputs.out
- create mode 100644 tests/hoobr_safeputs.pcap
-
-diff --git a/util-print.c b/util-print.c
-index 394e7d59..ec3e8de8 100644
---- a/util-print.c
-+++ b/util-print.c
-@@ -904,7 +904,7 @@ safeputs(netdissect_options *ndo,
- {
- 	u_int idx = 0;
- 
--	while (*s && idx < maxlen) {
-+	while (idx < maxlen && *s) {
- 		safeputchar(ndo, *s);
- 		idx++;
- 		s++;
--- 
-2.14.1
-
diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch b/gnu/packages/patches/tcpdump-CVE-2017-11542.patch
deleted file mode 100644
index 24849d518..000000000
--- a/gnu/packages/patches/tcpdump-CVE-2017-11542.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-Fix CVE-2017-11542:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11542
-
-Patch copied from upstream source repository:
-
-https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae
-
-From bed48062a64fca524156d7684af19f5b4a116fae Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Tue, 7 Feb 2017 11:10:04 -0800
-Subject: [PATCH] CVE-2017-11542/PIMv1: Add a bounds check.
-
-This fixes a buffer over-read discovered by Kamil Frankowicz.
-
-Add a test using the capture file supplied by the reporter(s).
----
- print-pim.c            |   1 +
- tests/TESTLIST         |   1 +
- tests/hoobr_pimv1.out  |  25 +++++++++++++++++++++++++
- tests/hoobr_pimv1.pcap | Bin 0 -> 3321 bytes
- 4 files changed, 27 insertions(+)
- create mode 100644 tests/hoobr_pimv1.out
- create mode 100644 tests/hoobr_pimv1.pcap
-
-diff --git a/print-pim.c b/print-pim.c
-index 25525953..ed880ae7 100644
---- a/print-pim.c
-+++ b/print-pim.c
-@@ -306,6 +306,7 @@ pimv1_print(netdissect_options *ndo,
- 			pimv1_join_prune_print(ndo, &bp[8], len - 8);
- 		break;
- 	}
-+	ND_TCHECK(bp[4]);
- 	if ((bp[4] >> 4) != 1)
- 		ND_PRINT((ndo, " [v%d]", bp[4] >> 4));
- 	return;
diff --git a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch b/gnu/packages/patches/tcpdump-CVE-2017-11543.patch
deleted file mode 100644
index c97350398..000000000
--- a/gnu/packages/patches/tcpdump-CVE-2017-11543.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-Fix CVE-2017-11543:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11543
-
-Patch copied from upstream source repository:
-
-https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3
-
-From 7039327875525278d17edee59720e29a3e76b7b3 Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Fri, 17 Mar 2017 12:49:04 -0700
-Subject: [PATCH] CVE-2017-11543/Make sure the SLIP direction octet is valid.
-
-Report if it's not, and don't use it as an out-of-bounds index into an
-array.
-
-This fixes a buffer overflow discovered by Wilfried Kirsch.
-
-Add a test using the capture file supplied by the reporter(s), modified
-so the capture file won't be rejected as an invalid capture.
----
- print-sl.c                    |  25 +++++++++++++++++++++++--
- tests/TESTLIST                |   3 +++
- tests/slip-bad-direction.out  |   1 +
- tests/slip-bad-direction.pcap | Bin 0 -> 79 bytes
- 4 files changed, 27 insertions(+), 2 deletions(-)
- create mode 100644 tests/slip-bad-direction.out
- create mode 100644 tests/slip-bad-direction.pcap
-
-diff --git a/print-sl.c b/print-sl.c
-index 3fd7e898..a02077b3 100644
---- a/print-sl.c
-+++ b/print-sl.c
-@@ -131,8 +131,21 @@ sliplink_print(netdissect_options *ndo,
- 	u_int hlen;
- 
- 	dir = p[SLX_DIR];
--	ND_PRINT((ndo, dir == SLIPDIR_IN ? "I " : "O "));
-+	switch (dir) {
- 
-+	case SLIPDIR_IN:
-+		ND_PRINT((ndo, "I "));
-+		break;
-+
-+	case SLIPDIR_OUT:
-+		ND_PRINT((ndo, "O "));
-+		break;
-+
-+	default:
-+		ND_PRINT((ndo, "Invalid direction %d ", dir));
-+		dir = -1;
-+		break;
-+	}
- 	if (ndo->ndo_nflag) {
- 		/* XXX just dump the header */
- 		register int i;
-@@ -155,13 +168,21 @@ sliplink_print(netdissect_options *ndo,
- 		 * has restored the IP header copy to IPPROTO_TCP.
- 		 */
- 		lastconn = ((const struct ip *)&p[SLX_CHDR])->ip_p;
-+		ND_PRINT((ndo, "utcp %d: ", lastconn));
-+		if (dir == -1) {
-+			/* Direction is bogus, don't use it */
-+			return;
-+		}
- 		hlen = IP_HL(ip);
- 		hlen += TH_OFF((const struct tcphdr *)&((const int *)ip)[hlen]);
- 		lastlen[dir][lastconn] = length - (hlen << 2);
--		ND_PRINT((ndo, "utcp %d: ", lastconn));
- 		break;
- 
- 	default:
-+		if (dir == -1) {
-+			/* Direction is bogus, don't use it */
-+			return;
-+		}
- 		if (p[SLX_CHDR] & TYPE_COMPRESSED_TCP) {
- 			compressed_sl_print(ndo, &p[SLX_CHDR], ip,
- 			    length, dir);
-- 
2.14.1