Hello community, here is the log from the commit of package tcpdump for openSUSE:Factory checked in at 2017-09-18 19:54:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tcpdump (Old) and /work/SRC/openSUSE:Factory/.tcpdump.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tcpdump" Mon Sep 18 19:54:05 2017 rev:36 rq:525837 version:4.9.2 Changes: -------- --- /work/SRC/openSUSE:Factory/tcpdump/tcpdump.changes 2017-07-28 09:44:51.763758211 +0200 +++ /work/SRC/openSUSE:Factory/.tcpdump.new/tcpdump.changes 2017-09-18 19:54:09.085764601 +0200 @@ -1,0 +2,113 @@ +Tue Sep 12 15:23:04 UTC 2017 - pmonrealgonza...@suse.com + +- Disabled ikev2pI2 test that fails on some architectures + * Added patch tcpdump-ikev2pI2.patch + +------------------------------------------------------------------- +Tue Sep 12 14:51:00 UTC 2017 - pmonrealgonza...@suse.com + +- Update to version 4.9.2 [bsc#1057247] + * Security fixes: + - CVE-2017-11108 segfault in STP decoder + - Segfault in ESP decoder with OpenSSL 1.1 + - CVE-2017-11543 buffer overflow in SLIP decoder + - CVE-2017-13011 buffer overflow in bittok2str_internal() + - CVE-2017-12989 infinite loop in the RESP parser + - CVE-2017-12990 infinite loop in the ISAKMP parser + - CVE-2017-12995 infinite loop in the DNS parser + - CVE-2017-12997 infinite loop in the LLDP parser + - CVE-2017-11541 buffer over-read in safeputs() + - CVE-2017-11542 buffer over-read in PIMv1 decoder + - CVE-2017-12893 buffer over-read in the SMB/CIFS parser + - CVE-2017-12894 buffer over-read in several protocol parsers + - CVE-2017-12895 buffer over-read in the ICMP parser + - CVE-2017-12896 buffer over-read in the ISAKMP parser + - CVE-2017-12897 buffer over-read in the ISO CLNS parser + - CVE-2017-12898 buffer over-read in the NFS parser + - CVE-2017-12899 buffer over-read in the DECnet parser + - CVE-2017-12900 buffer over-read in the in several protocol parsers + - CVE-2017-12901 buffer over-read in the EIGRP parser + - CVE-2017-12902 buffer over-read in the Zephyr parser + - CVE-2017-12985 buffer over-read in the IPv6 parser + - CVE-2017-12986 buffer over-read in the IPv6 routing header parser + - CVE-2017-12987 buffer over-read in the 802.11 parser + - CVE-2017-12988 buffer over-read in the telnet parser + - CVE-2017-12991 buffer over-read in the BGP parser + - CVE-2017-12992 buffer over-read in the RIPng parser + - CVE-2017-12993 buffer over-read in the Juniper protocols parser + - CVE-2017-12994 buffer over-read in the BGP parser + - CVE-2017-12996 buffer over-read in the PIMv2 parser + - CVE-2017-12998 buffer over-read in the IS-IS parser + - CVE-2017-12999 buffer over-read in the IS-IS parser + - CVE-2017-13000 buffer over-read in the IEEE 802.15.4 parser + - CVE-2017-13001 buffer over-read in the NFS parser + - CVE-2017-13002 buffer over-read in the AODV parser + - CVE-2017-13003 buffer over-read in the LMP parser + - CVE-2017-13004 buffer over-read in the Juniper protocols parser + - CVE-2017-13005 buffer over-read in the NFS parser + - CVE-2017-13006 buffer over-read in the L2TP parser + - CVE-2017-13007 buffer over-read in the Apple PKTAP parser + - CVE-2017-13008 buffer over-read in the IEEE 802.11 parser + - CVE-2017-13009 buffer over-read in the IPv6 mobility parser + - CVE-2017-13010 buffer over-read in the BEEP parser + - CVE-2017-13012 buffer over-read in the ICMP parser + - CVE-2017-13013 buffer over-read in the ARP parser + - CVE-2017-13014 buffer over-read in the White Board protocol parser + - CVE-2017-13015 buffer over-read in the EAP parser + - CVE-2017-13016 buffer over-read in the ISO ES-IS parser + - CVE-2017-13017 buffer over-read in the DHCPv6 parser + - CVE-2017-13018 buffer over-read in the PGM parser + - CVE-2017-13019 buffer over-read in the PGM parser + - CVE-2017-13020 buffer over-read in the VTP parser + - CVE-2017-13021 buffer over-read in the ICMPv6 parser + - CVE-2017-13022 buffer over-read in the IP parser + - CVE-2017-13023 buffer over-read in the IPv6 mobility parser + - CVE-2017-13024 buffer over-read in the IPv6 mobility parser + - CVE-2017-13025 buffer over-read in the IPv6 mobility parser + - CVE-2017-13026 buffer over-read in the ISO IS-IS parser + - CVE-2017-13027 buffer over-read in the LLDP parser + - CVE-2017-13028 buffer over-read in the BOOTP parser + - CVE-2017-13029 buffer over-read in the PPP parser + - CVE-2017-13030 buffer over-read in the PIM parser + - CVE-2017-13031 buffer over-read in the IPv6 fragmentation header parser + - CVE-2017-13032 buffer over-read in the RADIUS parser + - CVE-2017-13033 buffer over-read in the VTP parser + - CVE-2017-13034 buffer over-read in the PGM parser + - CVE-2017-13035 buffer over-read in the ISO IS-IS parser + - CVE-2017-13036 buffer over-read in the OSPFv3 parser + - CVE-2017-13037 buffer over-read in the IP parser + - CVE-2017-13038 buffer over-read in the PPP parser + - CVE-2017-13039 buffer over-read in the ISAKMP parser + - CVE-2017-13040 buffer over-read in the MPTCP parser + - CVE-2017-13041 buffer over-read in the ICMPv6 parser + - CVE-2017-13042 buffer over-read in the HNCP parser + - CVE-2017-13043 buffer over-read in the BGP parser + - CVE-2017-13044 buffer over-read in the HNCP parser + - CVE-2017-13045 buffer over-read in the VQP parser + - CVE-2017-13046 buffer over-read in the BGP parser + - CVE-2017-13047 buffer over-read in the ISO ES-IS parser + - CVE-2017-13048 buffer over-read in the RSVP parser + - CVE-2017-13049 buffer over-read in the Rx protocol parser + - CVE-2017-13050 buffer over-read in the RPKI-Router parser + - CVE-2017-13051 buffer over-read in the RSVP parser + - CVE-2017-13052 buffer over-read in the CFM parser + - CVE-2017-13053 buffer over-read in the BGP parser + - CVE-2017-13054 buffer over-read in the LLDP parser + - CVE-2017-13055 buffer over-read in the ISO IS-IS parser + - CVE-2017-13687 buffer over-read in the Cisco HDLC parser + - CVE-2017-13688 buffer over-read in the OLSR parser + - CVE-2017-13689 buffer over-read in the IKEv1 parser + - CVE-2017-13690 buffer over-read in the IKEv2 parser + - CVE-2017-13725 buffer over-read in the IPv6 routing header parser + * Dropped patch tcpdump-reverted-test-scripts-fix.patch + +------------------------------------------------------------------- +Wed Aug 23 13:51:30 UTC 2017 - pmonrealgonza...@suse.com + +- Reverted upstream commit that makes some tests to fail when + compiling with openssl-1.1.0 + * Upstream commit 68cc39dd64688829be2632d9cd24f7efa3da79bb + * Added patch tcpdump-reverted-test-scripts-fix.patch + * Removed patch tcpdump-ikev2pI2-test-fails-ppc.patch + +------------------------------------------------------------------- Old: ---- tcpdump-4.9.1.tar.gz tcpdump-4.9.1.tar.gz.sig tcpdump-ikev2pI2-test-fails-ppc.patch New: ---- tcpdump-4.9.2.tar.gz tcpdump-4.9.2.tar.gz.sig tcpdump-ikev2pI2.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tcpdump.spec ++++++ --- /var/tmp/diff_new_pack.jhBBeB/_old 2017-09-18 19:54:10.037630719 +0200 +++ /var/tmp/diff_new_pack.jhBBeB/_new 2017-09-18 19:54:10.041630157 +0200 @@ -18,7 +18,7 @@ %define min_libpcap_version 1.8.1 Name: tcpdump -Version: 4.9.1 +Version: 4.9.2 Release: 0 Summary: A Packet Sniffer License: BSD-3-Clause @@ -28,8 +28,8 @@ Source1: tcpdump-qeth Source2: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig Source3: http://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring -# PATCH-FIX-OPENSUSE tcpdump-ikev2pI2-test-fails-ppc.patch -- Disable ikev2pI2 test on ppc, ppc64 and ppc64le -Patch0: tcpdump-ikev2pI2-test-fails-ppc.patch +# PATCH-FIX-OPENSUSE tcpdump-ikev2pI2.patch - disabled failing test +Patch0: tcpdump-ikev2pI2.patch BuildRequires: libpcap-devel >= %{min_libpcap_version} BuildRequires: libsmi-devel BuildRequires: openssl-devel ++++++ tcpdump-4.9.1.tar.gz -> tcpdump-4.9.2.tar.gz ++++++ ++++ 352471 lines of diff (skipped) ++++++ tcpdump-ikev2pI2-test-fails-ppc.patch -> tcpdump-ikev2pI2.patch ++++++ --- /work/SRC/openSUSE:Factory/tcpdump/tcpdump-ikev2pI2-test-fails-ppc.patch 2017-07-28 09:44:51.459801023 +0200 +++ /work/SRC/openSUSE:Factory/.tcpdump.new/tcpdump-ikev2pI2.patch 2017-09-18 19:54:09.057768537 +0200 @@ -1,20 +1,20 @@ -Index: tcpdump-4.9.1/tests/crypto.sh +Index: tcpdump-4.9.2/tests/crypto.sh =================================================================== ---- tcpdump-4.9.1.orig/tests/crypto.sh -+++ tcpdump-4.9.1/tests/crypto.sh -@@ -28,8 +28,13 @@ then - [ $? -eq 0 ] || exitcode=1 - ./TESTonce espudp1 espudp1.pcap espudp1.out '-nnnn -E "file esp-secrets.txt"' - [ $? -eq 0 ] || exitcode=1 -- ./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-E "file ikev2pI2-secrets.txt" -v -v -v -v' -- [ $? -eq 0 ] || exitcode=1 -+ case $(uname -m) in -+ "ppc" | "ppc64" | "ppc64le" ) echo "skipping test ikev2pI2" -+ ;; -+ * ) ./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-E "file ikev2pI2-secrets.txt" -v -v -v -v' -+ [ $? -eq 0 ] || exitcode=1 -+ ;; -+ esac - ./TESTonce isakmp4 isakmp4500.pcap isakmp4.out '-E "file esp-secrets.txt"' - [ $? -eq 0 ] || exitcode=1 - fi +--- tcpdump-4.9.2.orig/tests/crypto.sh ++++ tcpdump-4.9.2/tests/crypto.sh +@@ -72,15 +72,6 @@ then + echo $failed >.failed + exitcode=1 + fi +- if ./TESTonce ikev2pI2 ikev2pI2.pcap ikev2pI2.out '-E "file ikev2pI2-secrets.txt" -v -v -v -v' +- then +- passed=`expr $passed + 1` +- echo $passed >.passed +- else +- failed=`expr $failed + 1` +- echo $failed >.failed +- exitcode=1 +- fi + if ./TESTonce isakmp4 isakmp4500.pcap isakmp4.out '-E "file esp-secrets.txt"' + then + passed=`expr $passed + 1`
