Fix vulnerability reported in bug 184815. Thank mu-b <mu-b AT digit-labs.org>. Force tcpdump to drop privileges by default. Thank Jukka Ruohonen <drear AT iki.fi> for report (bug #176391).

(Portage version: 2.1.3_rc7)

6 files changed, 210 insertions, 1 deletions

diff --git a/net-analyzer/tcpdump/ChangeLog b/net-analyzer/tcpdump/ChangeLog
index 96f1b519259f..089be2b681a7 100644
--- a/net-analyzer/tcpdump/ChangeLog
+++ b/net-analyzer/tcpdump/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for net-analyzer/tcpdump
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/ChangeLog,v 1.98 2007/06/23 09:39:49 cedk Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/ChangeLog,v 1.99 2007/07/10 13:41:14 pva Exp $
+
+*tcpdump-3.9.6-r1 (10 Jul 2007)
+*tcpdump-3.9.5-r3 (10 Jul 2007)
+
+  10 Jul 2007; <pva@gentoo.org>
+  +files/tcpdump-3.9.6-bgp-integer-overflow.patch, +tcpdump-3.9.5-r3.ebuild,
+  +tcpdump-3.9.6-r1.ebuild:
+  Fix vulnerability reported in bug 184815. Thank mu-b <mu-b AT
+  digit-labs.org>. Force tcpdump to drop privileges by default. Thank Jukka
+  Ruohonen <drear AT iki.fi> for report (bug #176391).
 
 *tcpdump-3.9.6 (23 Jun 2007)
 
diff --git a/net-analyzer/tcpdump/files/digest-tcpdump-3.9.5-r3 b/net-analyzer/tcpdump/files/digest-tcpdump-3.9.5-r3
new file mode 100644
index 000000000000..c7b2ab6bf4ef
--- /dev/null
+++ b/net-analyzer/tcpdump/files/digest-tcpdump-3.9.5-r3
@@ -0,0 +1,3 @@
+MD5 2135e7b1f09af0eaf66d2af822bed44a tcpdump-3.9.5.tar.gz 712411
+RMD160 e0409ad55deda1b2a74950522720610c6c94d771 tcpdump-3.9.5.tar.gz 712411
+SHA256 6a1617253f12bf2ac440eeb8709baeb907c6b801442bf2229a6bb84489cf38f4 tcpdump-3.9.5.tar.gz 712411
diff --git a/net-analyzer/tcpdump/files/digest-tcpdump-3.9.6-r1 b/net-analyzer/tcpdump/files/digest-tcpdump-3.9.6-r1
new file mode 100644
index 000000000000..ce08b07ecc8b
--- /dev/null
+++ b/net-analyzer/tcpdump/files/digest-tcpdump-3.9.6-r1
@@ -0,0 +1,3 @@
+MD5 f564e46e595603ce908b54074e3709d3 tcpdump-3.9.6.tar.gz 712992
+RMD160 9b098d50ab381ab8cc7d59a96a9acc41b570d929 tcpdump-3.9.6.tar.gz 712992
+SHA256 242b27388ada00d0c40097cef0d56ac5bdbb0a5d81dffb480cdd91b109e10d8d tcpdump-3.9.6.tar.gz 712992
diff --git a/net-analyzer/tcpdump/files/tcpdump-3.9.6-bgp-integer-overflow.patch b/net-analyzer/tcpdump/files/tcpdump-3.9.6-bgp-integer-overflow.patch
new file mode 100644
index 000000000000..76cd330c0aa3
--- /dev/null
+++ b/net-analyzer/tcpdump/files/tcpdump-3.9.6-bgp-integer-overflow.patch
@@ -0,0 +1,21 @@
+diff -Nuar tcpdump-3.9.5.orig/print-bgp.c tcpdump-3.9.5/print-bgp.c
+--- tcpdump-3.9.5.orig/print-bgp.c	2007-07-10 17:16:02.000000000 +0400
++++ tcpdump-3.9.5/print-bgp.c	2007-07-10 17:16:45.000000000 +0400
+@@ -669,7 +669,7 @@
+         tlen-=15;
+ 
+         /* ok now the variable part - lets read out TLVs*/
+-        while (tlen>0) {
++        while (tlen>0 && strlen <= buflen) {
+             if (tlen < 3)
+                 return -1;
+             TCHECK2(pptr[0], 3);
+@@ -684,7 +684,7 @@
+                                  tlv_type,
+                                  tlv_len);
+                 ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ? */
+-                while (ttlv_len>0) {
++                while (ttlv_len>0 && strlen <= buflen) {
+                     TCHECK(pptr[0]);
+                     strlen+=snprintf(buf+strlen,buflen-strlen, "%02x",*pptr++);
+                     ttlv_len--;
diff --git a/net-analyzer/tcpdump/tcpdump-3.9.5-r3.ebuild b/net-analyzer/tcpdump/tcpdump-3.9.5-r3.ebuild
new file mode 100644
index 000000000000..5c7e8f559f82
--- /dev/null
+++ b/net-analyzer/tcpdump/tcpdump-3.9.5-r3.ebuild
@@ -0,0 +1,86 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/tcpdump-3.9.5-r3.ebuild,v 1.1 2007/07/10 13:41:14 pva Exp $
+
+inherit flag-o-matic toolchain-funcs eutils
+
+DESCRIPTION="A Tool for network monitoring and data acquisition"
+HOMEPAGE="http://www.tcpdump.org/"
+SRC_URI="http://www.tcpdump.org/release/${P}.tar.gz
+	http://www.jp.tcpdump.org/release/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="ssl ipv6 samba"
+
+DEPEND="net-libs/libpcap
+	ssl? ( >=dev-libs/openssl-0.9.6m )"
+
+pkg_setup() {
+	if use samba ; then
+		ewarn
+		ewarn "CAUTION !!! CAUTION !!! CAUTION"
+		ewarn
+		ewarn "You're about to compile tcpdump with samba printing support"
+		ewarn "Upstream tags it as 'possibly-buggy SMB printer'"
+		ewarn "So think twice whether this is fine with you"
+		ewarn
+		ewarn "CAUTION !!! CAUTION !!! CAUTION"
+		ewarn
+		ewarn "(Giving you 10 secs to think about it)"
+		ewarn
+		ebeep 5
+		epause 5
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	# bug 168916 - off-by-one heap overflow in 802.11 printer
+	epatch "${FILESDIR}"/${P}-print-802_11.c.diff
+
+	# bug #184815 - <= 3.9.6 BGP dissector integer overflow
+	epatch "${FILESDIR}"/tcpdump-3.9.6-bgp-integer-overflow.patch
+}
+
+src_compile() {
+	# tcpdump needs some optymalization. see bug #108391
+	( ! is-flag -O? || is-flag -O0 ) && append-flags -O
+
+	replace-flags -O[3-9] -O2
+	filter-flags -finline-functions
+
+	# Fix wrt bug #48747
+	if [[ $(gcc-major-version) -gt 3 ]] || \
+		[[ $(gcc-major-version) -eq 3 && $(gcc-minor-version) -ge 4 ]]
+	then
+		filter-flags -funit-at-a-time
+		append-flags -fno-unit-at-a-time
+	fi
+
+	local myconf
+	if ! use ssl ; then
+		myconf="--without-crypto"
+	fi
+
+	econf --with-user=tcpdump \
+		$(use_enable ipv6) \
+		$(use_enable samba smb) \
+		${myconf} || die "configure failed"
+
+	make CCOPT="$CFLAGS" || die "make failed"
+}
+
+pkg_preinst() {
+	enewgroup tcpdump || die "Failed to add group tcpdump"
+	enewuser tcpdump -1 -1 -1 tcpdump || die "Failed to add user tcpdump"
+}
+
+src_install() {
+	dosbin tcpdump || die
+	doman tcpdump.1
+	dodoc *.awk
+	dodoc README FILES VERSION CHANGES
+}
diff --git a/net-analyzer/tcpdump/tcpdump-3.9.6-r1.ebuild b/net-analyzer/tcpdump/tcpdump-3.9.6-r1.ebuild
new file mode 100644
index 000000000000..2cb415a40883
--- /dev/null
+++ b/net-analyzer/tcpdump/tcpdump-3.9.6-r1.ebuild
@@ -0,0 +1,86 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/tcpdump-3.9.6-r1.ebuild,v 1.1 2007/07/10 13:41:14 pva Exp $
+
+inherit flag-o-matic toolchain-funcs eutils
+
+DESCRIPTION="A Tool for network monitoring and data acquisition"
+HOMEPAGE="http://www.tcpdump.org/"
+SRC_URI="http://www.tcpdump.org/release/${P}.tar.gz
+	http://www.jp.tcpdump.org/release/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="ssl ipv6 samba"
+
+DEPEND="net-libs/libpcap
+	ssl? ( >=dev-libs/openssl-0.9.6m )"
+
+pkg_setup() {
+	if use samba ; then
+		ewarn
+		ewarn "CAUTION !!! CAUTION !!! CAUTION"
+		ewarn
+		ewarn "You're about to compile tcpdump with samba printing support"
+		ewarn "Upstream tags it as 'possibly-buggy SMB printer'"
+		ewarn "So think twice whether this is fine with you"
+		ewarn
+		ewarn "CAUTION !!! CAUTION !!! CAUTION"
+		ewarn
+		ewarn "(Giving you 10 secs to think about it)"
+		ewarn
+		ebeep 5
+		epause 5
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	# bug 168916 - off-by-one heap overflow in 802.11 printer
+	epatch "${FILESDIR}"/${PN}-3.9.5-print-802_11.c.diff
+
+	# bug #184815 - <= 3.9.6 BGP dissector integer overflow
+	epatch "${FILESDIR}"/${P}-bgp-integer-overflow.patch
+}
+
+src_compile() {
+	# tcpdump needs some optymalization. see bug #108391
+	( ! is-flag -O? || is-flag -O0 ) && append-flags -O
+
+	replace-flags -O[3-9] -O2
+	filter-flags -finline-functions
+
+	# Fix wrt bug #48747
+	if [[ $(gcc-major-version) -gt 3 ]] || \
+		[[ $(gcc-major-version) -eq 3 && $(gcc-minor-version) -ge 4 ]]
+	then
+		filter-flags -funit-at-a-time
+		append-flags -fno-unit-at-a-time
+	fi
+
+	local myconf
+	if ! use ssl ; then
+		myconf="--without-crypto"
+	fi
+
+	econf --with-user=tcpdump \
+		$(use_enable ipv6) \
+		$(use_enable samba smb) \
+		${myconf} || die "configure failed"
+
+	make CCOPT="$CFLAGS" || die "make failed"
+}
+
+pkg_preinst() {
+	enewgroup tcpdump || die "Failed to add group tcpdump"
+	enewuser tcpdump -1 -1 -1 tcpdump || die "Failed to add user tcpdump"
+}
+
+src_install() {
+	dosbin tcpdump
+	doman tcpdump.1
+	dodoc *.awk
+	dodoc README FILES VERSION CHANGES CREDITS TODO
+}