aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-11-20 21:42:11 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-11-21 02:47:41 +0000
commitd68aa1f756f1ecdbbef5ff7081c83fd129058da7 (patch)
tree150db0ecd7ac07d5cfff32a3ccfe1d6987e469a4
parent42f619918dddc768c34de4e230a4cdd1c4d7cacd (diff)
downloadaports-d68aa1f756f1ecdbbef5ff7081c83fd129058da7.tar.gz
aports-d68aa1f756f1ecdbbef5ff7081c83fd129058da7.tar.bz2
aports-d68aa1f756f1ecdbbef5ff7081c83fd129058da7.tar.xz
main/tcpdump: fix CVE-2020-8037
See: #12120
-rw-r--r--main/tcpdump/APKBUILD11
1 files changed, 8 insertions, 3 deletions
diff --git a/main/tcpdump/APKBUILD b/main/tcpdump/APKBUILD
index aafb62c736..4fde221f31 100644
--- a/main/tcpdump/APKBUILD
+++ b/main/tcpdump/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=tcpdump
pkgver=4.9.3
-pkgrel=1
+pkgrel=2
pkgdesc="A tool for network monitoring and data acquisition"
url="https://www.tcpdump.org/"
arch="all"
@@ -9,9 +9,13 @@ license="BSD-3-Clause"
options="!check" # fail on ppc64le
makedepends="libpcap-dev openssl-dev perl"
subpackages="$pkgname-doc"
-source="https://www.tcpdump.org/release/tcpdump-$pkgver.tar.gz"
+source="https://www.tcpdump.org/release/tcpdump-$pkgver.tar.gz
+ CVE-2020-8037.patch::https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231.patch
+ "
# secfixes:
+# 4.9.3-r1:
+# - CVE-2020-8037
# 4.9.3-r0:
# - CVE-2017-16808 (AoE)
# - CVE-2018-14468 (FrameRelay)
@@ -107,4 +111,5 @@ package() {
rm -f "$pkgdir"/usr/sbin/tcpdump.4*
}
-sha512sums="3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22 tcpdump-4.9.3.tar.gz"
+sha512sums="3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22 tcpdump-4.9.3.tar.gz
+f53b5557ad2c68c28bbd6121b637ade43937ce4956fa9c2c8b187e8c62726c018509eb728f7f7479d078c9018f091f64114944b2d6106e6214662899f880445a CVE-2020-8037.patch"