tech-pkg: Re: tcpdump 3.7.2 vulnerabilities

Subject: Re: tcpdump 3.7.2 vulnerabilities
To: Chris Ross <cross+netbsd@distal.com>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-pkg
Date: 01/24/2005 16:49:55
On Mon, 24 Jan 2005, Chris Ross wrote:

>    Hello there.  I see that the HEAD of pkgsrc still has
> tcpdump-3.7.2nb3,
> and that this has [at least] 4 vulnerabilities listed for it.  Why
> hasn't the
> pkgsrc tcpdump been updated to 3.8.3?  Any reason?
>
>    Any possibility of this happening?  I'm trying to get rid of the noted
> vulnerabilities on one of my machines, but don't see how to get rid
> of this one.

I don't know why, but maybe because of some libpcap dependency issue.

Anyways, I updated my own net/tcpdump and it appears to build and work
fine for me under NetBSD 1.6.2-STABLE and Linux 2.6.9. (There was a
problem with untarring under Linux with pax-as-tar because distfile had a
"." subdirectory and failed: tar: Cannot create tcpdump-3.8.3/. (File
exists).)

My patches below. First remove (or move) the net/tcpdump/patches
directory.

Index: net/tcpdump/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/net/tcpdump/Makefile,v
retrieving revision 1.12
diff -b -u -r1.12 Makefile
--- net/tcpdump/Makefile	27 Nov 2004 08:03:37 -0000	1.12
+++ net/tcpdump/Makefile	25 Jan 2005 00:39:30 -0000
@@ -1,7 +1,6 @@
 # $NetBSD: Makefile,v 1.12 2004/11/27 08:03:37 tron Exp $

-DISTNAME=		tcpdump-3.7.2
-PKGREVISION=		3
+DISTNAME=		tcpdump-3.8.3
 CATEGORIES=		net
 MASTER_SITES= 		http://www.tcpdump.org/release/

Index: net/tcpdump/distinfo
===================================================================
RCS file: /cvsroot/pkgsrc/net/tcpdump/distinfo,v
retrieving revision 1.4
diff -b -u -r1.4 distinfo
--- net/tcpdump/distinfo	25 Mar 2003 11:02:56 -0000	1.4
+++ net/tcpdump/distinfo	25 Jan 2005 00:39:30 -0000
@@ -1,6 +1,4 @@
 $NetBSD: distinfo,v 1.4 2003/03/25 11:02:56 wiz Exp $

-SHA1 (tcpdump-3.7.2.tar.gz) = 080a5360360047adee6e78b8d8c690e864092710
-Size (tcpdump-3.7.2.tar.gz) = 427223 bytes
-SHA1 (patch-aa) = 7ccc4b926069df4fb36729f099cd442f019b83b4
-SHA1 (patch-ab) = 41d6949dea26b60393bc3b2fba0aa7b405393b24
+SHA1 (tcpdump-3.8.3.tar.gz) = 7ae3c29fe843fc23ae89acd8b1b1e513213f6042
+Size (tcpdump-3.8.3.tar.gz) = 567116 bytes

 Jeremy C. Reed

 	  	 	 open source, Unix, *BSD, Linux training
	  	 	 http://www.pugetsoundtechnology.com/