Bug#794407: jessie-pu: package tcpdump/4.6.2-5+deb8u1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hello,
I am seeking permission to upload a new version of tcpdump to
stable-proposed-updates to fix bug #793479, which makes tcpdump unusable
for people who use -Z to drop privileges and stream the output of
tcpdump to another program.
Full debdiff attached.
Thanks,
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (650, 'testing'), (600, 'unstable'), (550, 'experimental'), (550, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.1.3 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diffstat for tcpdump-4.6.2 tcpdump-4.6.2
changelog | 8 ++++++++
patches/50_droproot_stderr.diff | 28 ++++++++++++++++++++++++++++
patches/series | 1 +
3 files changed, 37 insertions(+)
diff -Nru tcpdump-4.6.2/debian/changelog tcpdump-4.6.2/debian/changelog
--- tcpdump-4.6.2/debian/changelog 2015-04-04 19:20:52.000000000 +0200
+++ tcpdump-4.6.2/debian/changelog 2015-08-02 20:01:20.000000000 +0200
@@ -1,3 +1,11 @@
+tcpdump (4.6.2-5+deb8u1) stable; urgency=low
+
+ * Cherry-pick commit 3f15ae25c2 from upstream Git to fix -Z confirmation
+ log being sent to stdout, where it can get mixed with pcap stream
+ data if '-w -' is used (closes: #793479).
+
+ -- Romain Francoise <rfrancoise@debian.org> Sun, 02 Aug 2015 19:57:22 +0200
+
tcpdump (4.6.2-5) unstable; urgency=high
* Cherry-pick commit fb6e5377f3 from upstream Git to fix regressions in the
diff -Nru tcpdump-4.6.2/debian/patches/50_droproot_stderr.diff tcpdump-4.6.2/debian/patches/50_droproot_stderr.diff
--- tcpdump-4.6.2/debian/patches/50_droproot_stderr.diff 1970-01-01 01:00:00.000000000 +0100
+++ tcpdump-4.6.2/debian/patches/50_droproot_stderr.diff 2015-08-02 20:01:08.000000000 +0200
@@ -0,0 +1,28 @@
+commit 3f15ae25c25046b9ebdf8ab0283f2e6382a4df0e
+Author: Denis Ovsienko <denis@ovsienko.info>
+Date: Mon Feb 9 01:21:51 2015 +0000
+
+ droproot(): always print to stderr (GH #425)
+
+ Otherwise it interferes with the output of "tcpdump -w -".
+
+--- a/tcpdump.c
++++ b/tcpdump.c
+@@ -727,7 +727,7 @@
+ fprintf(stderr, "error : ret %d\n", ret);
+ }
+ else {
+- printf("dropped privs to %s\n", username);
++ fprintf(stderr, "dropped privs to %s\n", username);
+ }
+ /* We don't need CAP_SETUID and CAP_SETGID */
+ capng_update(CAPNG_DROP, CAPNG_EFFECTIVE, CAP_SETUID);
+@@ -747,7 +747,7 @@
+ exit(1);
+ }
+ else {
+- printf("dropped privs to %s\n", username);
++ fprintf(stderr, "dropped privs to %s\n", username);
+ }
+ #endif /* HAVE_CAP_NG_H */
+ }
diff -Nru tcpdump-4.6.2/debian/patches/series tcpdump-4.6.2/debian/patches/series
--- tcpdump-4.6.2/debian/patches/series 2015-04-04 19:08:59.000000000 +0200
+++ tcpdump-4.6.2/debian/patches/series 2015-08-02 19:53:02.000000000 +0200
@@ -3,6 +3,7 @@
20_man_fixes.diff
50_hurd.diff
50_kfreebsd.diff
+50_droproot_stderr.diff
50_autotools-dev.diff
60_cve-2014-8767.diff
60_cve-2014-8768.diff
Reply to: