Bug 1474052 - tcpdump-4.9.2 is available
tcpdump-4.9.2 is available
Status: NEW
Product: Fedora
Classification: Fedora
Component: tcpdump (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Michal Ruprich
Fedora Extras Quality Assurance
: FutureFeature, Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-23 08:23 EDT by Upstream Release Monitoring
Modified: 2017-09-15 04:16 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Upstream Release Monitoring 2017-07-23 08:23:59 EDT
Latest upstream release: 4.9.1
Current version/release in rawhide: 4.9.0-2.fc26
URL: http://www.tcpdump.org/release/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring

Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.

Based on the information from anitya:  https://release-monitoring.org/project/4947/
Comment 1 Upstream Release Monitoring 2017-07-23 08:24:08 EDT
One or more of the new sources for this package are identical to the old sources. It's likely this package does not use the version macro in its Source URLs. If possible, please update the specfile to include the version macro in the Source URLs
Comment 2 Martin Sehnoutka 2017-07-25 08:34:27 EDT
We can rebase to the newest version once there are signatures available:
http://www.tcpdump.org/#latest-releases
Comment 3 Upstream Release Monitoring 2017-07-26 08:41:54 EDT
msehnout's tcpdump-4.9.1-1.fc27 completed http://koji.fedoraproject.org/koji/buildinfo?buildID=925226
Comment 4 Upstream Release Monitoring 2017-07-31 02:38:48 EDT
fweimer's tcpdump-4.9.1-2.fc27 completed http://koji.fedoraproject.org/koji/buildinfo?buildID=942106
Comment 5 Upstream Release Monitoring 2017-08-12 23:28:35 EDT
robert's tcpdump-4.9.1-3.fc27 completed http://koji.fedoraproject.org/koji/buildinfo?buildID=951584
Comment 6 Upstream Release Monitoring 2017-09-04 20:25:28 EDT
Latest upstream release: 4.9.2
Current version/release in rawhide: 4.9.1-3.fc27
URL: http://www.tcpdump.org/release/

Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy

More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring

Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream.

Based on the information from anitya:  https://release-monitoring.org/project/4947/
Comment 7 Upstream Release Monitoring 2017-09-04 20:25:38 EDT
One or more of the new sources for this package are identical to the old sources. It's likely this package does not use the version macro in its Source URLs. If possible, please update the specfile to include the version macro in the Source URLs
Comment 8 Stuart D Gathman 2017-09-08 22:00:49 EDT
On 7 September 2017 at 22:06, Leo Famulari <leo@famulari.name> wrote:
> My understanding is that tcpdump 4.9.2 was supposed to be embargoed
> until September 25.
>
> However, it's already being distributed publicly
>
> So, I recommend that everyone update ASAP.

Quoting the CHANGES file of the tarball[1]:

> Sunday September 3, 2017 denis@ovsienko.info
>   Summary for 4.9.2 tcpdump release
>     Do not use getprotobynumber() for protocol name resolution.  Do not do
>       any protocol name resolution if -n is specified.
>     Improve errors detection in the test scripts.
>     Fix a segfault with OpenSSL 1.1 and improve OpenSSL usage.
>     Clean up IS-IS printing.
>     Fix buffer overflow vulnerabilities:
>       CVE-2017-11543 (SLIP)
>       CVE-2017-13011 (bittok2str_internal)
>     Fix infinite loop vulnerabilities:
>       CVE-2017-12989 (RESP)
>       CVE-2017-12990 (ISAKMP)
>       CVE-2017-12995 (DNS)
>       CVE-2017-12997 (LLDP)
>     Fix buffer over-read vulnerabilities:
>       CVE-2017-11541 (safeputs)
>       CVE-2017-11542 (PIMv1)
>       CVE-2017-12893 (SMB/CIFS)
>       CVE-2017-12894 (lookup_bytestring)
>       CVE-2017-12895 (ICMP)
>       CVE-2017-12896 (ISAKMP)
>       CVE-2017-12897 (ISO CLNS)
>       CVE-2017-12898 (NFS)
>       CVE-2017-12899 (DECnet)
>       CVE-2017-12900 (tok2strbuf)
>       CVE-2017-12901 (EIGRP)
>       CVE-2017-12902 (Zephyr)
>       CVE-2017-12985 (IPv6)
>       CVE-2017-12986 (IPv6 routing headers)
>       CVE-2017-12987 (IEEE 802.11)
>       CVE-2017-12988 (telnet)
>       CVE-2017-12991 (BGP)
>       CVE-2017-12992 (RIPng)
>       CVE-2017-12993 (Juniper)
>       CVE-2017-11542 (PIMv1)
>       CVE-2017-11541 (safeputs)
>       CVE-2017-12994 (BGP)
>       CVE-2017-12996 (PIMv2)
>       CVE-2017-12998 (ISO IS-IS)
>       CVE-2017-12999 (ISO IS-IS)
>       CVE-2017-13000 (IEEE 802.15.4)
>       CVE-2017-13001 (NFS)
>       CVE-2017-13002 (AODV)
>       CVE-2017-13003 (LMP)
>       CVE-2017-13004 (Juniper)
>       CVE-2017-13005 (NFS)
>       CVE-2017-13006 (L2TP)
>       CVE-2017-13007 (Apple PKTAP)
>       CVE-2017-13008 (IEEE 802.11)
>       CVE-2017-13009 (IPv6 mobility)
>       CVE-2017-13010 (BEEP)
>       CVE-2017-13012 (ICMP)
>       CVE-2017-13013 (ARP)
>       CVE-2017-13014 (White Board)
>       CVE-2017-13015 (EAP)
>       CVE-2017-11543 (SLIP)
>       CVE-2017-13016 (ISO ES-IS)
>       CVE-2017-13017 (DHCPv6)
>       CVE-2017-13018 (PGM)
>       CVE-2017-13019 (PGM)
>       CVE-2017-13020 (VTP)
>       CVE-2017-13021 (ICMPv6)
>       CVE-2017-13022 (IP)
>       CVE-2017-13023 (IPv6 mobility)
>       CVE-2017-13024 (IPv6 mobility)
>       CVE-2017-13025 (IPv6 mobility)
>       CVE-2017-13026 (ISO IS-IS)
>       CVE-2017-13027 (LLDP)
>       CVE-2017-13028 (BOOTP)
>       CVE-2017-13029 (PPP)
>       CVE-2017-13030 (PIM)
>       CVE-2017-13031 (IPv6 fragmentation header)
>       CVE-2017-13032 (RADIUS)
>       CVE-2017-13033 (VTP)
>       CVE-2017-13034 (PGM)
>       CVE-2017-13035 (ISO IS-IS)
>       CVE-2017-13036 (OSPFv3)
>       CVE-2017-13037 (IP)
>       CVE-2017-13038 (PPP)
>       CVE-2017-13039 (ISAKMP)
>       CVE-2017-13040 (MPTCP)
>       CVE-2017-13041 (ICMPv6)
>       CVE-2017-13042 (HNCP)
>       CVE-2017-13043 (BGP)
>       CVE-2017-13044 (HNCP)
>       CVE-2017-13045 (VQP)
>       CVE-2017-13046 (BGP)
>       CVE-2017-13047 (ISO ES-IS)
>       CVE-2017-13048 (RSVP)
>       CVE-2017-13049 (Rx)
>       CVE-2017-13050 (RPKI-Router)
>       CVE-2017-13051 (RSVP)
>       CVE-2017-13052 (CFM)
>       CVE-2017-13053 (BGP)
>       CVE-2017-13054 (LLDP)
>       CVE-2017-13055 (ISO IS-IS)
>       CVE-2017-13687 (Cisco HDLC)
>       CVE-2017-13688 (OLSR)
>       CVE-2017-13689 (IKEv1)
>       CVE-2017-13690 (IKEv2)
>       CVE-2017-13725 (IPv6 routing headers)

Note You need to log in before you can comment on or make changes to this bug.