* [Buildroot] [PATCH 1/1] package/tcpreplay: security bump to version 4.3.4
@ 2021-12-30 22:36 Fabrice Fontaine
2021-12-30 22:49 ` Thomas Petazzoni
2022-01-26 13:01 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2021-12-30 22:36 UTC (permalink / raw)
To: buildroot; +Cc: Fabrice Fontaine
- heap buffer overflow in tcpreplay fast_edit_packet
- heap buffer overflow in tcpreplay get_next_packet
- CVE-2020-24266 heap buffer overflow in tcpprep get_l2len
- CVE-2020-24265 heap buffer overflow in tcpprep
- Drop patch (already in version) and so autoreconf
- Update hash of license file (http -> https with
https://github.com/appneta/tcpreplay/commit/ad8a18005347b3cef84a9b478d56de96d1ad254f)
https://github.com/appneta/tcpreplay/releases/tag/v4.3.4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
...001-configure-ac-fix-without-libdnet.patch | 76 -------------------
package/tcpreplay/tcpreplay.hash | 6 +-
package/tcpreplay/tcpreplay.mk | 4 +-
3 files changed, 4 insertions(+), 82 deletions(-)
delete mode 100644 package/tcpreplay/0001-configure-ac-fix-without-libdnet.patch
diff --git a/package/tcpreplay/0001-configure-ac-fix-without-libdnet.patch b/package/tcpreplay/0001-configure-ac-fix-without-libdnet.patch
deleted file mode 100644
index 75ed4f94de..0000000000
--- a/package/tcpreplay/0001-configure-ac-fix-without-libdnet.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From acee9c0c46f71f1f4c33c2dadf69d19e24b90f27 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Tue, 13 Aug 2019 20:19:23 +0200
-Subject: [PATCH] configure.ac: fix --without-libdnet
-
-Allow the user to disable libdnet check through --without-libdnet.
-This option is useful to cross-compile tcpreplay to avoid build failures
-if libdnet is installed on host but not on target, see
-https://bugs.buildroot.org/show_bug.cgi?id=12096
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/appneta/tcpreplay/pull/567]
----
- configure.ac | 48 +++++++++++++++++++++++++-----------------------
- 1 file changed, 25 insertions(+), 23 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 39ba58b7..5de3dcb5 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1464,30 +1464,32 @@ if test $have_cygwin = no ; then
- AC_HELP_STRING([--with-libdnet=DIR], [Use libdnet in DIR]),
- [trydnetdir=$withval])
-
-- case "$build_os" in
-- linux*)
-- dnl # Debian/Ubuntu already have a package called libdnet
-- dnl # so you the package you want to install libdumbnet-dev
-- for testdir in $trydnetdir /usr/local /opt/local /usr ; do
-- if test -x ${testdir}/bin/dumbnet-config -a $founddnet = no ; then
-- LDNETINC="$($testdir/bin/dumbnet-config --cflags)"
-- LDNETLIB="$($testdir/bin/dumbnet-config --libs)"
-- libdnet_version="$($testdir/bin/dumbnet-config --version) (libdumbnet)"
-- founddnet=$testdir
-- fi
-- done
-- ;;
-- esac
-+ if test $trydnetdir != no; then
-+ case "$build_os" in
-+ linux*)
-+ dnl # Debian/Ubuntu already have a package called libdnet
-+ dnl # so you the package you want to install libdumbnet-dev
-+ for testdir in $trydnetdir /usr/local /opt/local /usr ; do
-+ if test -x ${testdir}/bin/dumbnet-config -a $founddnet = no ; then
-+ LDNETINC="$($testdir/bin/dumbnet-config --cflags)"
-+ LDNETLIB="$($testdir/bin/dumbnet-config --libs)"
-+ libdnet_version="$($testdir/bin/dumbnet-config --version) (libdumbnet)"
-+ founddnet=$testdir
-+ fi
-+ done
-+ ;;
-+ esac
-
-- if test $founddnet = no ; then
-- for testdir in $trydnetdir /usr/local /opt/local $MACOSX_SDK_PATH/usr /usr ; do
-- if test -x ${testdir}/bin/dnet-config -a $founddnet = no ; then
-- LDNETINC="$($testdir/bin/dnet-config --cflags)"
-- LDNETLIB="$($testdir/bin/dnet-config --libs)"
-- libdnet_version="$($testdir/bin/dnet-config --version)"
-- founddnet=$testdir
-- fi
-- done
-+ if test $founddnet = no ; then
-+ for testdir in $trydnetdir /usr/local /opt/local $MACOSX_SDK_PATH/usr /usr ; do
-+ if test -x ${testdir}/bin/dnet-config -a $founddnet = no ; then
-+ LDNETINC="$($testdir/bin/dnet-config --cflags)"
-+ LDNETLIB="$($testdir/bin/dnet-config --libs)"
-+ libdnet_version="$($testdir/bin/dnet-config --version)"
-+ founddnet=$testdir
-+ fi
-+ done
-+ fi
- fi
-
- if test $founddnet = no ; then
diff --git a/package/tcpreplay/tcpreplay.hash b/package/tcpreplay/tcpreplay.hash
index e83efd78b1..8bcdae958c 100644
--- a/package/tcpreplay/tcpreplay.hash
+++ b/package/tcpreplay/tcpreplay.hash
@@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature
-# https://github.com/appneta/tcpreplay/releases/download/v4.3.3/tcpreplay-4.3.3.tar.xz.asc
+# https://github.com/appneta/tcpreplay/releases/download/v4.3.4/tcpreplay-4.3.4.tar.xz.asc
# using key 84E4FA215C934A7D97DC76D5E9E2149793BDE17E
-sha256 5e960e2a4432f583adbd11fa0855d17b73d9e0f2d6453b749f27aacaee53bab5 tcpreplay-4.3.3.tar.xz
-sha256 5971b0c544622f4b210a9cc56436a970685d3b0666e373c09e3cf9304db15d05 docs/LICENSE
+sha256 42c055106e55852c29d94bb6e1b9e001a0723349f2985eb893a47d384c85002b tcpreplay-4.3.4.tar.xz
+sha256 07cf5e92d475287a7d1663b33097f40cae5adf03ed8920fcd4374e3dfb48c8ad docs/LICENSE
diff --git a/package/tcpreplay/tcpreplay.mk b/package/tcpreplay/tcpreplay.mk
index 9208cb8176..ef65403974 100644
--- a/package/tcpreplay/tcpreplay.mk
+++ b/package/tcpreplay/tcpreplay.mk
@@ -4,7 +4,7 @@
#
################################################################################
-TCPREPLAY_VERSION = 4.3.3
+TCPREPLAY_VERSION = 4.3.4
TCPREPLAY_SITE = https://github.com/appneta/tcpreplay/releases/download/v$(TCPREPLAY_VERSION)
TCPREPLAY_SOURCE = tcpreplay-$(TCPREPLAY_VERSION).tar.xz
TCPREPLAY_LICENSE = GPL-3.0
@@ -15,8 +15,6 @@ TCPREPLAY_CONF_ENV = \
TCPREPLAY_CONF_OPTS = --with-libpcap=$(STAGING_DIR)/usr \
--enable-pcapconfig
TCPREPLAY_DEPENDENCIES = libpcap
-# We're patching configure.ac
-TCPREPLAY_AUTORECONF = YES
ifeq ($(BR2_STATIC_LIBS),y)
TCPREPLAY_CONF_OPTS += --enable-dynamic-link=no
--
2.33.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [Buildroot] [PATCH 1/1] package/tcpreplay: security bump to version 4.3.4
2021-12-30 22:36 [Buildroot] [PATCH 1/1] package/tcpreplay: security bump to version 4.3.4 Fabrice Fontaine
@ 2021-12-30 22:49 ` Thomas Petazzoni
2022-01-26 13:01 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2021-12-30 22:49 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
On Thu, 30 Dec 2021 23:36:06 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> - heap buffer overflow in tcpreplay fast_edit_packet
> - heap buffer overflow in tcpreplay get_next_packet
> - CVE-2020-24266 heap buffer overflow in tcpprep get_l2len
> - CVE-2020-24265 heap buffer overflow in tcpprep
> - Drop patch (already in version) and so autoreconf
> - Update hash of license file (http -> https with
> https://github.com/appneta/tcpreplay/commit/ad8a18005347b3cef84a9b478d56de96d1ad254f)
>
> https://github.com/appneta/tcpreplay/releases/tag/v4.3.4
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> ...001-configure-ac-fix-without-libdnet.patch | 76 -------------------
> package/tcpreplay/tcpreplay.hash | 6 +-
> package/tcpreplay/tcpreplay.mk | 4 +-
> 3 files changed, 4 insertions(+), 82 deletions(-)
> delete mode 100644 package/tcpreplay/0001-configure-ac-fix-without-libdnet.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/tcpreplay: security bump to version 4.3.4
2021-12-30 22:36 [Buildroot] [PATCH 1/1] package/tcpreplay: security bump to version 4.3.4 Fabrice Fontaine
2021-12-30 22:49 ` Thomas Petazzoni
@ 2022-01-26 13:01 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2022-01-26 13:01 UTC (permalink / raw)
To: Fabrice Fontaine; +Cc: buildroot
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
> - heap buffer overflow in tcpreplay fast_edit_packet
> - heap buffer overflow in tcpreplay get_next_packet
> - CVE-2020-24266 heap buffer overflow in tcpprep get_l2len
> - CVE-2020-24265 heap buffer overflow in tcpprep
> - Drop patch (already in version) and so autoreconf
> - Update hash of license file (http -> https with
> https://github.com/appneta/tcpreplay/commit/ad8a18005347b3cef84a9b478d56de96d1ad254f)
> https://github.com/appneta/tcpreplay/releases/tag/v4.3.4
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Committed to 2021.02.x and 2021.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-26 13:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-12-30 22:36 [Buildroot] [PATCH 1/1] package/tcpreplay: security bump to version 4.3.4 Fabrice Fontaine
2021-12-30 22:49 ` Thomas Petazzoni
2022-01-26 13:01 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox