From b397cfea3d5cea8925927ff1602b7a64b984092e Mon Sep 17 00:00:00 2001 From: Steven Williamson Date: Fri, 12 Jan 2018 10:35:55 +0000 Subject: [PATCH] Backports tcpdump from 2017Q4 for security fixes Too many CVE to list see https://www.tcpdump.org/tcpdump-changes.txt --- net/tcpdump/Makefile | 14 +++++++++++--- net/tcpdump/distinfo | 10 +++++----- net/tcpdump/options.mk | 12 +++--------- 3 files changed, 19 insertions(+), 17 deletions(-) diff --git a/net/tcpdump/Makefile b/net/tcpdump/Makefile index 5965af87bf315..23c6da5af46a7 100644 --- a/net/tcpdump/Makefile +++ b/net/tcpdump/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.42.4.1 2017/02/12 13:40:36 spz Exp $ +# $NetBSD: Makefile,v 1.47 2017/09/08 11:10:41 wiz Exp $ -DISTNAME= tcpdump-4.9.0 +DISTNAME= tcpdump-4.9.2 CATEGORIES= net MASTER_SITES= http://www.tcpdump.org/release/ @@ -12,8 +12,16 @@ LICENSE= modified-bsd GNU_CONFIGURE= yes CONFIGURE_ARGS.Darwin+= --disable-universal +BUILD_DEFS+= VARBASE +OWN_DIRS= ${VARBASE}/tcpdump +PKG_GROUPS= _tcpdump +PKG_USERS= _tcpdump:_tcpdump + +# drop privileges when running +CONFIGURE_ARGS+= --with-user=_tcpdump +CONFIGURE_ARGS+= --with-chroot=${VARBASE}/tcpdump + .include "options.mk" .include "../../net/libpcap/buildlink3.mk" -.include "../../security/openssl/buildlink3.mk" .include "../../mk/bsd.pkg.mk" diff --git a/net/tcpdump/distinfo b/net/tcpdump/distinfo index 7b12a95af653b..1fbbd13f6320c 100644 --- a/net/tcpdump/distinfo +++ b/net/tcpdump/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.24.4.1 2017/02/12 13:40:36 spz Exp $ +$NetBSD: distinfo,v 1.26 2017/09/08 11:10:41 wiz Exp $ -SHA1 (tcpdump-4.9.0.tar.gz) = 2c4193685edb1040506a9ec0f15cd85825085697 -RMD160 (tcpdump-4.9.0.tar.gz) = fd558121691cacd4ea1412ef422792a1aca525e1 -SHA512 (tcpdump-4.9.0.tar.gz) = e98d73ae706d42e96b4069e196cf17af892eb97935664eebd08779b55b4da858bc1732d714efd16924f862aad0ba5550ceb2213c68414ed48907c46456c9fc82 -Size (tcpdump-4.9.0.tar.gz) = 1260309 bytes +SHA1 (tcpdump-4.9.2.tar.gz) = f7dccebe94c3d07ac8744d43297ea2b98b35a13f +RMD160 (tcpdump-4.9.2.tar.gz) = 966b95adee5c405dc7e631f73b43ced849ee1e80 +SHA512 (tcpdump-4.9.2.tar.gz) = e1bc19a5867d6e3628f3941bdf3ec831bf13784f1233ca1bccc46aac1702f47ee9357d7ff0ca62cddf211b3c8884488c21144cabddd92c861e32398cd8f7c44b +Size (tcpdump-4.9.2.tar.gz) = 2298386 bytes SHA1 (patch-ah) = 75dbc11440b32349014919ac04a628d8d4d8c45c diff --git a/net/tcpdump/options.mk b/net/tcpdump/options.mk index f07cc31c00ea5..aeb9dff50b8fb 100644 --- a/net/tcpdump/options.mk +++ b/net/tcpdump/options.mk @@ -1,17 +1,11 @@ -# $NetBSD: options.mk,v 1.3 2012/06/12 15:46:01 wiz Exp $ +# $NetBSD: options.mk,v 1.4 2017/09/08 11:10:41 wiz Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.tcpdump -PKG_SUPPORTED_OPTIONS= inet6 ssl libsmi -PKG_SUGGESTED_OPTIONS= inet6 ssl +PKG_SUPPORTED_OPTIONS= ssl libsmi +PKG_SUGGESTED_OPTIONS= ssl .include "../../mk/bsd.options.mk" -.if !empty(PKG_OPTIONS:Minet6) -CONFIGURE_ARGS+= --enable-ipv6 -.else -CONFIGURE_ARGS+= --disable-ipv6 -.endif - .if !empty(PKG_OPTIONS:Mssl) USE_OLD_DES_API= yes .include "../../security/openssl/buildlink3.mk"