libpcap: Backport fixes for CVE-2024-8006 (#10793)

Author: realsdx

SPECS/libpcap/CVE-2024-8006.patch

@@ -0,0 +1,38 @@
+From 1af34597acf0ad0392c16c20d35522c35126738f Mon Sep 17 00:00:00 2001
+From: Sudipta Pandit <[email protected]>
+Date: Mon, 21 Oct 2024 13:38:21 +0530
+Subject: [PATCH] Backport patch for CVE-2024-8006
+
+Original Reference: https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6
+---
+ pcap-new.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/pcap-new.c b/pcap-new.c
+index 7c006595..eadc3c9c 100644
+--- a/pcap-new.c
++++ b/pcap-new.c
+@@ -231,13 +231,19 @@ int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t
+ #else
+ 		/* opening the folder */
+ 		unixdir= opendir(path);
++		if (unixdir == NULL) {
++			snprintf(errbuf, PCAP_ERRBUF_SIZE,
++			    "Error when listing files: does folder '%s' exist?", path);
++			return -1;
++		}
+ 
+ 		/* get the first file into it */
+ 		filedata= readdir(unixdir);
+ 
+ 		if (filedata == NULL)
+ 		{
+-			snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path);
++			snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' contain files?", path);
++			closedir(unixdir);
+ 			return -1;
+ 		}
+ #endif
+-- 
+2.34.1
+

SPECS/libpcap/libpcap.spec

@@ -1,14 +1,15 @@
 Summary:        C/C++ library for network traffic capture
 Name:           libpcap
 Version:        1.10.1
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
 Group:          Networking/Libraries
 URL:            https://www.tcpdump.org/
 #Source0:       https://github.com/the-tcpdump-group/%{name}/archive/%{name}-%{version}.tar.gz
 Source0:        %{name}-%{name}-%{version}.tar.gz
+Patch0:         CVE-2024-8006.patch
 
 %description
 Libpcap provides a portable framework for low-level network
@@ -38,7 +39,7 @@ Requires:       %{name}-devel = %{version}-%{release}
 This package contains static lib for %{name}.
 
 %prep
-%setup -q -n %{name}-%{name}-%{version}
+%autosetup -p1 -n %{name}-%{name}-%{version}
 
 %build
 %configure
@@ -77,6 +78,9 @@ make DESTDIR=%{buildroot} install
 %{_libdir}/*.a
 
 %changelog
+* Mon Oct 21 2024 Sudipta Pandit <[email protected]> - 1.10.1-3
+- Backport patch for CVE-2024-8006
+
 * Wed Dec 13 2023 Zhichun Wan <[email protected]> - 1.10.1-2
 - Add static library as sub package