Bug#781956: unblock: tcpdump/4.6.2-5
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi
(X-Debbugs--CC'in Romain Francoise)
Please unblock package tcpdump
The recent update of tcpdump/4.6.2-5 fixes a regression introduced by
the 4.6.2-4 update in the fixes for CVE-2015-2153. It is tracked as
#781362. Attached is the debdiff addressing the regression.
> tcpdump (4.6.2-5) unstable; urgency=high
> .
> * Cherry-pick commit fb6e5377f3 from upstream Git to fix regressions in the
> RPKI/RTR printer after the CVE-2015-2153 changes. Thanks to Artur Rona
> from Ubuntu for the heads-up (closes: #781362).
Could you please unblock it to have the fix in jessie as well?
unblock tcpdump/4.6.2-5
Regards,
Salvatore
diff -Nru tcpdump-4.6.2/debian/changelog tcpdump-4.6.2/debian/changelog
--- tcpdump-4.6.2/debian/changelog 2015-03-14 18:43:44.000000000 +0100
+++ tcpdump-4.6.2/debian/changelog 2015-04-04 19:20:52.000000000 +0200
@@ -1,3 +1,11 @@
+tcpdump (4.6.2-5) unstable; urgency=high
+
+ * Cherry-pick commit fb6e5377f3 from upstream Git to fix regressions in the
+ RPKI/RTR printer after the CVE-2015-2153 changes. Thanks to Artur Rona
+ from Ubuntu for the heads-up (closes: #781362).
+
+ -- Romain Francoise <rfrancoise@debian.org> Sat, 04 Apr 2015 19:10:27 +0200
+
tcpdump (4.6.2-4) unstable; urgency=high
* Cherry-pick changes from upstream Git to fix the following security
diff -Nru tcpdump-4.6.2/debian/patches/60_cve-2015-2153-2.diff tcpdump-4.6.2/debian/patches/60_cve-2015-2153-2.diff
--- tcpdump-4.6.2/debian/patches/60_cve-2015-2153-2.diff 1970-01-01 01:00:00.000000000 +0100
+++ tcpdump-4.6.2/debian/patches/60_cve-2015-2153-2.diff 2015-04-04 19:06:28.000000000 +0200
@@ -0,0 +1,54 @@
+Description: RPKI to Router Protocol: Fix Segmentation Faults and other problems.
+ - Fix/add ND_TCHECK2 tests,
+ - Fix a buffer overflow,
+ - Remove a debug printf
+Origin: upstream, https://github.com/the-tcpdump-group/tcpdump/commit/fb6e5377f392555b8c725f66b8b701f0061a3695
+
+diff -pruN -x '*~' tcpdump-4.6.2.orig/print-rpki-rtr.c tcpdump-4.6.2/print-rpki-rtr.c
+--- tcpdump-4.6.2.orig/print-rpki-rtr.c 2015-03-22 12:55:55.349173971 +0100
++++ tcpdump-4.6.2/print-rpki-rtr.c 2015-03-22 12:49:56.987396951 +0100
+@@ -178,7 +178,7 @@ rpki_rtr_pdu_print (netdissect_options *
+ pdu_header = (rpki_rtr_pdu *)tptr;
+ pdu_type = pdu_header->pdu_type;
+ pdu_len = EXTRACT_32BITS(pdu_header->length);
+- ND_TCHECK2(tptr, pdu_len);
++ ND_TCHECK2(*tptr, pdu_len);
+ hexdump = FALSE;
+
+ ND_PRINT((ndo, "%sRPKI-RTRv%u, %s PDU (%u), length: %u",
+@@ -255,6 +255,7 @@ rpki_rtr_pdu_print (netdissect_options *
+
+ pdu = (rpki_rtr_pdu_error_report *)tptr;
+ encapsulated_pdu_length = EXTRACT_32BITS(pdu->encapsulated_pdu_length);
++ ND_TCHECK2(*tptr, encapsulated_pdu_length);
+ tlen = pdu_len;
+
+ error_code = EXTRACT_16BITS(pdu->pdu_header.u.error_code);
+@@ -287,9 +288,10 @@ rpki_rtr_pdu_print (netdissect_options *
+ tptr += 4;
+ tlen -= 4;
+ }
++ ND_TCHECK2(*tptr, text_length);
+ if (text_length && (text_length <= tlen )) {
+ memcpy(buf, tptr, min(sizeof(buf)-1, text_length));
+- buf[text_length] = '\0';
++ buf[min(sizeof(buf) - 1, text_length)] = '\0';
+ ND_PRINT((ndo, "%sError text: %s", indent_string(indent+2), buf));
+ }
+ }
+@@ -336,13 +338,13 @@ rpki_rtr_print(netdissect_options *ndo,
+ pdu_header = (rpki_rtr_pdu *)tptr;
+ pdu_type = pdu_header->pdu_type;
+ pdu_len = EXTRACT_32BITS(pdu_header->length);
++ ND_TCHECK2(*tptr, pdu_len);
+
+ /* infinite loop check */
+ if (!pdu_type || !pdu_len) {
+ break;
+ }
+
+- ND_TCHECK2(*tptr, pdu_len);
+ if (tlen < pdu_len) {
+ goto trunc;
+ }
+
diff -Nru tcpdump-4.6.2/debian/patches/series tcpdump-4.6.2/debian/patches/series
--- tcpdump-4.6.2/debian/patches/series 2015-03-14 18:44:30.000000000 +0100
+++ tcpdump-4.6.2/debian/patches/series 2015-04-04 19:08:59.000000000 +0200
@@ -10,5 +10,6 @@
60_cve-2014-9140.diff
60_cve-2015-0261.diff
60_cve-2015-2153.diff
+60_cve-2015-2153-2.diff
60_cve-2015-2154.diff
60_cve-2015-2155.diff
Reply to: