From 68add83a26bd018b5395c5e3692a066180413862 Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@fedoraproject.org>
Date: Mar 15 2007 12:20:46 +0000
Subject: - fix buffer overflow in 802.11 printer (#232349, CVE-2007-1218)

- spec cleanup (#226481) Resolves: #232349 #226481

---

diff --git a/tcpdump-3.9.5-80211.patch b/tcpdump-3.9.5-80211.patch
new file mode 100644
index 0000000..20ecb17
--- /dev/null
+++ b/tcpdump-3.9.5-80211.patch
@@ -0,0 +1,17 @@
+Index: tcpdump/print-802_11.c
+===================================================================
+RCS file: /tcpdump/master/tcpdump/print-802_11.c,v
+retrieving revision 1.42
+retrieving revision 1.43
+diff -u -r1.42 -r1.43
+--- tcpdump/print-802_11.c	13 Jun 2006 22:25:30 -0000	1.42
++++ tcpdump/print-802_11.c	1 Feb 2007 02:18:18 -0000	1.43
+@@ -264,7 +264,7 @@
+ 
+ 			if (pbody->tim.length <= 3)
+ 				break;
+-			if (pbody->rates.length > sizeof pbody->tim.bitmap)
++			if (pbody->tim.length - 3 > sizeof pbody->tim.bitmap)
+ 				return;
+ 			if (!TTEST2(*(p + offset), pbody->tim.length - 3))
+ 				return;
diff --git a/tcpdump.spec b/tcpdump.spec
index 7e78b4a..82413ce 100644
--- a/tcpdump.spec
+++ b/tcpdump.spec
@@ -2,7 +2,7 @@ Summary: A network traffic monitoring tool
 Name: tcpdump
 Epoch: 14
 Version: 3.9.5
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: BSD
 URL: http://www.tcpdump.org
 Group: Applications/Internet
@@ -18,6 +18,7 @@ Patch3: tcpdump-3.9.4-ring-buffers.patch
 Patch4: tcpdump-3.9.5-nolocalpcap.patch
 Patch5: tcpdump-3.6.2-tcpslice-time.patch
 Patch6: tcpslice-CVS.20010207-bpf.patch
+Patch7: tcpdump-3.9.5-80211.patch
 
 %define tcpslice_dir tcpslice
 
@@ -38,11 +39,14 @@ Install tcpdump if you need a program to monitor network traffic.
 %patch4 -p1 -b .nolocalpcap
 %patch5 -p1 -b .tcpslicetime
 %patch6 -p0 -b .bpf
+%patch7 -p1 -b .80211
+
+find . -name '*.c' -o -name '*.h' | xargs chmod 644
 
 %build
 pushd %tcpslice_dir
 %configure
-make
+make %{?_smp_mflags}
 popd
 
 %configure --with-user=tcpdump
@@ -80,6 +84,10 @@ exit 0
 %{_mandir}/man8/tcpdump.8*
 
 %changelog
+* Thu Mar 15 2007 Miroslav Lichvar <mlichvar@redhat.com> - 14:3.9.5-3
+- fix buffer overflow in 802.11 printer (#232349, CVE-2007-1218)
+- spec cleanup (#226481)
+
 * Tue Dec 12 2006 Miroslav Lichvar <mlichvar@redhat.com> - 14:3.9.5-2
 - use tcpdump user, fix scriptlet (#219268)
 
@@ -313,12 +321,12 @@ exit 0
 
 * Sat Apr 14 2001 Pekka Savola <pekkas@netcore.fi>
 - fix building of tcpslice on glibc 2.2.2 (time.h)
-- disable /etc/init.d requirement and fix %post scripts in arpwatch
+- disable /etc/init.d requirement and fix %%post scripts in arpwatch
 
 * Wed Feb 14 2001 Harald Hoyer <harald@redhat.de>
 - glibc sys/time -> time include patch
 
-* Wed Feb  7 2001 Trond Eivind Glomsr�d <teg@redhat.com>
+* Wed Feb  7 2001 Trond Eivind Glomsrød <teg@redhat.com>
 - Add space to this check
 
 * Wed Feb 07 2001 Harald Hoyer <harald@redhat.com>
@@ -328,7 +336,7 @@ exit 0
 - update to 3.6.2, 0.6.2 and new CVS of tcpslice.
 - i18n'ize arpwatch init script
 
-* Fri Feb  2 2001 Trond Eivind Glomsr�d <teg@redhat.com>
+* Fri Feb  2 2001 Trond Eivind Glomsrød <teg@redhat.com>
 - i18nize initscript
 
 * Mon Jan 29 2001 Harald Hoyer <harald@redhat.com>
@@ -490,7 +498,7 @@ exit 0
 
 * Tue Oct 21 1997 Erik Troan <ewt@redhat.com>
 - updated to release 3.4a5
-- uses a buildroot and %attr 
+- uses a buildroot and %%attr 
 
 * Thu Jul 17 1997 Erik Troan <ewt@redhat.com>
 - built against glibc