[Buildroot] [PATCH] tcpdump: security bump to 4.9.1

Baruch Siach baruch at tkos.co.il
Wed Jul 26 14:34:44 UTC 2017


Hi Thomas,

On Wed, Jul 26, 2017 at 11:41:04AM +0200, Thomas De Schampheleire wrote:
> Fixes CVE-2017-11108/Fix bounds checking for STP
> 
> Changelog: http://www.tcpdump.org/tcpdump-changes.txt
> 
> Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire at nokia.com>
> ---
> 
> Could someone please double-check the hash? I checked the PGP key but do not
> have the full trust mechanism so cannot be sure that the server public key is
> valid.

I verified both the hash and the signature.

>  package/tcpdump/tcpdump.hash | 2 +-
>  package/tcpdump/tcpdump.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/package/tcpdump/tcpdump.hash b/package/tcpdump/tcpdump.hash
> index 966db1f3aa..ecd02275fe 100644
> --- a/package/tcpdump/tcpdump.hash
> +++ b/package/tcpdump/tcpdump.hash
> @@ -1,2 +1,2 @@
>  # Locally calculated after checking pgp signature

It would be nice to add the URL of the signature here:

http://www.tcpdump.org/release/tcpdump-4.9.1.tar.gz.sig

> -sha256 eae98121cbb1c9adbedd9a777bf2eae9fa1c1c676424a54740311c8abcee5a5e  tcpdump-4.9.0.tar.gz
> +sha256 f9448cf4deb2049acf713655c736342662e652ef40dbe0a8f6f8d5b9ce5bd8f3  tcpdump-4.9.1.tar.gz

A hash of the license file would also be nice.

> diff --git a/package/tcpdump/tcpdump.mk b/package/tcpdump/tcpdump.mk
> index 0e779a53c3..8349748ceb 100644
> --- a/package/tcpdump/tcpdump.mk
> +++ b/package/tcpdump/tcpdump.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -TCPDUMP_VERSION = 4.9.0
> +TCPDUMP_VERSION = 4.9.1
>  TCPDUMP_SITE = http://www.tcpdump.org/release
>  TCPDUMP_LICENSE = BSD-3-Clause
>  TCPDUMP_LICENSE_FILES = LICENSE

baruch

-- 
     http://baruch.siach.name/blog/                  ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -


More information about the buildroot mailing list