diff --git a/0003-Drop-root-priviledges-before-opening-first-savefile-.patch b/0003-Drop-root-priviledges-before-opening-first-savefile-.patch index c7ffc59..a5309e2 100644 --- a/0003-Drop-root-priviledges-before-opening-first-savefile-.patch +++ b/0003-Drop-root-priviledges-before-opening-first-savefile-.patch @@ -19,7 +19,7 @@ index f04a579..ca5cff2 100644 not 1,048,576 bytes). + +Note that when used with \fB\-Z\fR option (enabled by default), privileges -+are dropped before opening first savefile. ++are dropped before opening the first savefile. .TP .B \-d Dump the compiled packet-matching code in a human readable form to @@ -34,6 +34,17 @@ index f04a579..ca5cff2 100644 .IP "\fI expression\fP" .RS selects which packets will be dumped. +@@ -366,6 +366,10 @@ If no time format is specified, each new file will overwrite the previous. + If used in conjunction with the + .B \-C + option, filenames will take the form of `\fIfile\fP'. ++.IP ++Note that when used with ++.B \-Z ++option (enabled by default), privileges are dropped before opening the first savefile. + .TP + .B \-h + .PD 0 diff --git a/tcpdump.c b/tcpdump.c index 73bf138..29f7f87 100644 --- a/tcpdump.c @@ -58,7 +69,7 @@ index 73bf138..29f7f87 100644 + * user(default tcpdump) and drop root privileges. + */ + if (WFileName) -+ if (Cflag && (username || chroot_dir)) ++ if ((Cflag || Gflag) && (username || chroot_dir)) + droproot(username, chroot_dir); + else + chown_flag = 1; @@ -91,4 +102,3 @@ index 73bf138..29f7f87 100644 * Only allow it to be restored if the -C or -G flag have been -- 2.9.3 - diff --git a/tcpdump.spec b/tcpdump.spec index a463de2..bc0b2b5 100644 --- a/tcpdump.spec +++ b/tcpdump.spec @@ -2,7 +2,7 @@ Summary: A network traffic monitoring tool Name: tcpdump Epoch: 14 Version: 4.9.3 -Release: 1%{?dist} +Release: 2%{?dist} License: BSD with advertising URL: http://www.tcpdump.org Requires(pre): shadow-utils @@ -85,6 +85,9 @@ exit 0 %{_mandir}/man8/tcpdump.8* %changelog +* Wed Jul 22 2020 Michal Ruprich - 14:4.9.3-2 +- Fixing a -G option bug in one of our patches + * Tue Oct 15 2019 Michal Ruprich - 14:4.9.3-1 - New version 4.9.3 - Fixes CVE-2017-16808, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14466, CVE-2018-14461, CVE-2018-14462, CVE-2018-14465, CVE-2018-14881, CVE-2018-14464, CVE-2018-14463, CVE-2018-14467, CVE-2018-10103, CVE-2018-10105, CVE-2018-14880, CVE-2018-16451, CVE-2018-14882, CVE-2018-16227, CVE-2018-16229, CVE-2018-16301, CVE-2018-16230, CVE-2018-16452, CVE-2018-16300, CVE-2018-16228, CVE-2019-15166, CVE-2019-15167