commit b066d81a2e61a9c194064bdfb8fa913da5f998ae Author: Adrian Schröter Date: Thu Sep 19 15:18:51 2024 +0200 Sync from SUSE:ALP:Source:Standard:1.0 libpcap revision 93e337343c3f62810b3bf0bfbde2251b diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..48d3c64 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,4 @@ +libpcap1 +libpcap-devel + requires -libpcap- + requires "libpcap1- = " diff --git a/libpcap-1.0.0-ppp.patch b/libpcap-1.0.0-ppp.patch new file mode 100644 index 0000000..c8f4b9e --- /dev/null +++ b/libpcap-1.0.0-ppp.patch @@ -0,0 +1,12 @@ +Index: gencode.c +=================================================================== +--- gencode.c.orig ++++ gencode.c +@@ -8204,6 +8204,7 @@ gen_inbound(compiler_state_t *cstate, in + */ + switch (cstate->linktype) { + case DLT_SLIP: ++ case DLT_PPP: + b0 = gen_relation_internal(cstate, BPF_JEQ, + gen_load_internal(cstate, Q_LINK, gen_loadi_internal(cstate, 0), 1), + gen_loadi_internal(cstate, 0), diff --git a/libpcap-1.0.0-s390.patch b/libpcap-1.0.0-s390.patch new file mode 100644 index 0000000..5806cbe --- /dev/null +++ b/libpcap-1.0.0-s390.patch @@ -0,0 +1,25 @@ +From b9fa92532328daad84766753422e8a21fd474e6f Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Mon, 29 Sep 2014 08:37:25 +0200 +Subject: [PATCH 3/4] pcap-linux: apparently ctc interfaces on s390 has + ethernet DLT + +--- + pcap-linux.c | 4 ++++ + 1 file changed, 4 insertions(+) + +Index: libpcap-1.10.0/pcap-linux.c +=================================================================== +--- libpcap-1.10.0.orig/pcap-linux.c ++++ libpcap-1.10.0/pcap-linux.c +@@ -2461,6 +2461,10 @@ activate_pf_packet(pcap_t *handle, int i + } + } + ++ /* Hack to make things work on s390 ctc interfaces */ ++ if (strncmp("ctc", device, 3) == 0) ++ handle->linktype = DLT_EN10MB; ++ + handlep->ifindex = iface_get_id(sock_fd, device, + handle->errbuf); + if (handlep->ifindex == -1) { diff --git a/libpcap-1.10.4.tar.gz b/libpcap-1.10.4.tar.gz new file mode 100644 index 0000000..dd95c34 --- /dev/null +++ b/libpcap-1.10.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f +size 952153 diff --git a/libpcap-1.10.4.tar.gz.sig b/libpcap-1.10.4.tar.gz.sig new file mode 100644 index 0000000..82fd796 Binary files /dev/null and b/libpcap-1.10.4.tar.gz.sig differ diff --git a/libpcap-CVE-2023-7256.patch b/libpcap-CVE-2023-7256.patch new file mode 100644 index 0000000..f1dbc52 --- /dev/null +++ b/libpcap-CVE-2023-7256.patch @@ -0,0 +1,366 @@ +From 2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Thu, 28 Sep 2023 00:37:57 -0700 +Subject: [PATCH] Have sock_initaddress() return the list of addrinfo + structures or NULL. + +Its return address is currently 0 for success and -1 for failure, with a +pointer to the first element of the list of struct addrinfos returned +through a pointer on success; change it to return that pointer on +success and NULL on failure. + +That way, we don't have to worry about what happens to the pointer +pointeed to by the argument in question on failure; we know that we got +NULL back if no struct addrinfos were found because getaddrinfo() +failed. Thus, we know that we have something to free iff +sock_initaddress() returned a pointer to that something rather than +returning NULL. + +This avoids a double-free in some cases. + +--- + pcap-rpcap.c | 48 ++++++++++++++++++++-------------------- + rpcapd/daemon.c | 8 +++++-- + rpcapd/rpcapd.c | 8 +++++-- + sockutils.c | 58 ++++++++++++++++++++++++++++--------------------- + sockutils.h | 5 ++--- + 5 files changed, 72 insertions(+), 55 deletions(-) + +Index: libpcap-1.10.4/pcap-rpcap.c +=================================================================== +--- libpcap-1.10.4.orig/pcap-rpcap.c ++++ libpcap-1.10.4/pcap-rpcap.c +@@ -1021,7 +1021,6 @@ rpcap_remoteact_getsock(const char *host + { + struct activehosts *temp; /* temp var needed to scan the host list chain */ + struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */ +- int retval; + + /* retrieve the network address corresponding to 'host' */ + addrinfo = NULL; +@@ -1029,9 +1028,9 @@ rpcap_remoteact_getsock(const char *host + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + +- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf, ++ addrinfo = sock_initaddress(host, NULL, &hints, errbuf, + PCAP_ERRBUF_SIZE); +- if (retval != 0) ++ if (addrinfo == NULL) + { + *error = 1; + return NULL; +@@ -1183,7 +1182,9 @@ static int pcap_startcapture_remote(pcap + hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */ + + /* Let's the server pick up a free network port for us */ +- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress(NULL, NULL, &hints, fp->errbuf, ++ PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + goto error_nodiscard; + + if ((sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, +@@ -1308,7 +1309,9 @@ static int pcap_startcapture_remote(pcap + snprintf(portstring, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata)); + + /* Let's the server pick up a free network port for us */ +- if (sock_initaddress(host, portstring, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress(host, portstring, &hints, ++ fp->errbuf, PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + goto error; + + if ((sockdata = sock_open(host, addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) +@@ -2337,16 +2340,16 @@ rpcap_setup_session(const char *source, + if (port[0] == 0) + { + /* the user chose not to specify the port */ +- if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT, +- &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) +- return -1; ++ addrinfo = sock_initaddress(host, RPCAP_DEFAULT_NETPORT, ++ &hints, errbuf, PCAP_ERRBUF_SIZE); + } + else + { +- if (sock_initaddress(host, port, &hints, &addrinfo, +- errbuf, PCAP_ERRBUF_SIZE) == -1) +- return -1; ++ addrinfo = sock_initaddress(host, port, &hints, ++ errbuf, PCAP_ERRBUF_SIZE); + } ++ if (addrinfo == NULL) ++ return -1; + + if ((*sockctrlp = sock_open(host, addrinfo, SOCKOPEN_CLIENT, 0, + errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) +@@ -2947,19 +2950,19 @@ SOCKET pcap_remoteact_accept_ex(const ch + /* Do the work */ + if ((port == NULL) || (port[0] == 0)) + { +- if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) +- { +- return (SOCKET)-2; +- } ++ addrinfo = sock_initaddress(address, ++ RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, errbuf, ++ PCAP_ERRBUF_SIZE); + } + else + { +- if (sock_initaddress(address, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) +- { +- return (SOCKET)-2; +- } ++ addrinfo = sock_initaddress(address, port, &hints, errbuf, ++ PCAP_ERRBUF_SIZE); ++ } ++ if (addrinfo == NULL) ++ { ++ return (SOCKET)-2; + } +- + + if ((sockmain = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) + { +@@ -3119,7 +3122,6 @@ int pcap_remoteact_close(const char *hos + { + struct activehosts *temp, *prev; /* temp var needed to scan the host list chain */ + struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */ +- int retval; + + temp = activeHosts; + prev = NULL; +@@ -3130,9 +3132,9 @@ int pcap_remoteact_close(const char *hos + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + +- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf, ++ addrinfo = sock_initaddress(host, NULL, &hints, errbuf, + PCAP_ERRBUF_SIZE); +- if (retval != 0) ++ if (addrinfo == NULL) + { + return -1; + } +Index: libpcap-1.10.4/rpcapd/daemon.c +=================================================================== +--- libpcap-1.10.4.orig/rpcapd/daemon.c ++++ libpcap-1.10.4/rpcapd/daemon.c +@@ -2085,7 +2085,9 @@ daemon_msg_startcap_req(uint8 ver, struc + goto error; + } + +- if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress(peerhost, portdata, &hints, ++ errmsgbuf, PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + goto error; + + if ((session->sockdata = sock_open(peerhost, addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) +@@ -2096,7 +2098,9 @@ daemon_msg_startcap_req(uint8 ver, struc + hints.ai_flags = AI_PASSIVE; + + // Make the server socket pick up a free network port for us +- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress(NULL, NULL, &hints, errmsgbuf, ++ PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + goto error; + + if ((session->sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET) +Index: libpcap-1.10.4/rpcapd/rpcapd.c +=================================================================== +--- libpcap-1.10.4.orig/rpcapd/rpcapd.c ++++ libpcap-1.10.4/rpcapd/rpcapd.c +@@ -611,7 +611,9 @@ void main_startup(void) + // + // Get a list of sockets on which to listen. + // +- if (sock_initaddress((address[0]) ? address : NULL, port, &mainhints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress((address[0]) ? address : NULL, ++ port, &mainhints, errbuf, PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + { + rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf); + return; +@@ -1350,7 +1352,9 @@ main_active(void *ptr) + memset(errbuf, 0, sizeof(errbuf)); + + // Do the work +- if (sock_initaddress(activepars->address, activepars->port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1) ++ addrinfo = sock_initaddress(activepars->address, activepars->port, ++ &hints, errbuf, PCAP_ERRBUF_SIZE); ++ if (addrinfo == NULL) + { + rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf); + return 0; +Index: libpcap-1.10.4/sockutils.c +=================================================================== +--- libpcap-1.10.4.orig/sockutils.c ++++ libpcap-1.10.4/sockutils.c +@@ -1069,20 +1069,21 @@ get_gai_errstring(char *errbuf, int errb + * \param errbuflen: length of the buffer that will contains the error. The error message cannot be + * larger than 'errbuflen - 1' because the last char is reserved for the string terminator. + * +- * \return '0' if everything is fine, '-1' if some errors occurred. The error message is returned +- * in the 'errbuf' variable. The addrinfo variable that has to be used in the following sockets calls is +- * returned into the addrinfo parameter. ++ * \return a pointer to the first element in a list of addrinfo structures ++ * if everything is fine, NULL if some errors occurred. The error message ++ * is returned in the 'errbuf' variable. + * +- * \warning The 'addrinfo' variable has to be deleted by the programmer by calling freeaddrinfo() when +- * it is no longer needed. ++ * \warning The list of addrinfo structures returned has to be deleted by ++ * the programmer by calling freeaddrinfo() when it is no longer needed. + * + * \warning This function requires the 'hints' variable as parameter. The semantic of this variable is the same + * of the one of the corresponding variable used into the standard getaddrinfo() socket function. We suggest + * the programmer to look at that function in order to set the 'hints' variable appropriately. + */ +-int sock_initaddress(const char *host, const char *port, +- struct addrinfo *hints, struct addrinfo **addrinfo, char *errbuf, int errbuflen) ++struct addrinfo *sock_initaddress(const char *host, const char *port, ++ struct addrinfo *hints, char *errbuf, int errbuflen) + { ++ struct addrinfo *addrinfo; + int retval; + + /* +@@ -1094,9 +1095,13 @@ int sock_initaddress(const char *host, c + * as those messages won't talk about a problem with the port if + * no port was specified. + */ +- retval = getaddrinfo(host, port == NULL ? "0" : port, hints, addrinfo); ++ retval = getaddrinfo(host, port == NULL ? "0" : port, hints, &addrinfo); + if (retval != 0) + { ++ /* ++ * That call failed. ++ * Determine whether the problem is that the host is bad. ++ */ + if (errbuf) + { + if (host != NULL && port != NULL) { +@@ -1108,7 +1113,7 @@ int sock_initaddress(const char *host, c + int try_retval; + + try_retval = getaddrinfo(host, NULL, hints, +- addrinfo); ++ &addrinfo); + if (try_retval == 0) { + /* + * Worked with just the host, +@@ -1117,14 +1122,16 @@ int sock_initaddress(const char *host, c + * + * Free up the address info first. + */ +- freeaddrinfo(*addrinfo); ++ freeaddrinfo(addrinfo); + get_gai_errstring(errbuf, errbuflen, + "", retval, NULL, port); + } else { + /* + * Didn't work with just the host, + * so assume the problem is +- * with the host. ++ * with the host; we assume ++ * the original error indicates ++ * the underlying problem. + */ + get_gai_errstring(errbuf, errbuflen, + "", retval, host, NULL); +@@ -1132,13 +1139,14 @@ int sock_initaddress(const char *host, c + } else { + /* + * Either the host or port was null, so +- * there's nothing to determine. ++ * there's nothing to determine; report ++ * the error from the original call. + */ + get_gai_errstring(errbuf, errbuflen, "", + retval, host, port); + } + } +- return -1; ++ return NULL; + } + /* + * \warning SOCKET: I should check all the accept() in order to bind to all addresses in case +@@ -1153,30 +1161,28 @@ int sock_initaddress(const char *host, c + * ignore all addresses that are neither? (What, no IPX + * support? :-)) + */ +- if (((*addrinfo)->ai_family != PF_INET) && +- ((*addrinfo)->ai_family != PF_INET6)) ++ if ((addrinfo->ai_family != PF_INET) && ++ (addrinfo->ai_family != PF_INET6)) + { + if (errbuf) + snprintf(errbuf, errbuflen, "getaddrinfo(): socket type not supported"); +- freeaddrinfo(*addrinfo); +- *addrinfo = NULL; +- return -1; ++ freeaddrinfo(addrinfo); ++ return NULL; + } + + /* + * You can't do multicast (or broadcast) TCP. + */ +- if (((*addrinfo)->ai_socktype == SOCK_STREAM) && +- (sock_ismcastaddr((*addrinfo)->ai_addr) == 0)) ++ if ((addrinfo->ai_socktype == SOCK_STREAM) && ++ (sock_ismcastaddr(addrinfo->ai_addr) == 0)) + { + if (errbuf) + snprintf(errbuf, errbuflen, "getaddrinfo(): multicast addresses are not valid when using TCP streams"); +- freeaddrinfo(*addrinfo); +- *addrinfo = NULL; +- return -1; ++ freeaddrinfo(addrinfo); ++ return NULL; + } + +- return 0; ++ return addrinfo; + } + + /* +@@ -2082,7 +2088,6 @@ int sock_getascii_addrport(const struct + */ + int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, int addr_family, char *errbuf, int errbuflen) + { +- int retval; + struct addrinfo *addrinfo; + struct addrinfo hints; + +@@ -2090,7 +2095,9 @@ int sock_present2network(const char *add + + hints.ai_family = addr_family; + +- if ((retval = sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen)) == -1) ++ addrinfo = sock_initaddress(address, "22222" /* fake port */, &hints, ++ errbuf, errbuflen); ++ if (addrinfo == NULL) + return 0; + + if (addrinfo->ai_family == PF_INET) +Index: libpcap-1.10.4/sockutils.h +=================================================================== +--- libpcap-1.10.4.orig/sockutils.h ++++ libpcap-1.10.4/sockutils.h +@@ -138,9 +138,8 @@ void sock_fmterrmsg(char *errbuf, size_t + PCAP_FORMAT_STRING(const char *fmt), ...) PCAP_PRINTFLIKE(4, 5); + void sock_geterrmsg(char *errbuf, size_t errbuflen, + PCAP_FORMAT_STRING(const char *fmt), ...) PCAP_PRINTFLIKE(3, 4); +-int sock_initaddress(const char *address, const char *port, +- struct addrinfo *hints, struct addrinfo **addrinfo, +- char *errbuf, int errbuflen); ++struct addrinfo *sock_initaddress(const char *address, const char *port, ++ struct addrinfo *hints, char *errbuf, int errbuflen); + int sock_recv(SOCKET sock, SSL *, void *buffer, size_t size, int receiveall, + char *errbuf, int errbuflen); + int sock_recv_dgram(SOCKET sock, SSL *, void *buffer, size_t size, diff --git a/libpcap-CVE-2024-8006.patch b/libpcap-CVE-2024-8006.patch new file mode 100644 index 0000000..d4fd3c1 --- /dev/null +++ b/libpcap-CVE-2024-8006.patch @@ -0,0 +1,37 @@ +From 7bfeb10956692e5ef0fe435090144be35d33dafc Mon Sep 17 00:00:00 2001 +From: Nicolas Badoux +Date: Mon, 19 Aug 2024 12:31:53 +0200 +Subject: [PATCH 1/2] makes pcap_findalldevs_ex errors out if the directory + does not exist + +--- + pcap.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +Index: libpcap-1.10.4/pcap-new.c +=================================================================== +--- libpcap-1.10.4.orig/pcap-new.c ++++ libpcap-1.10.4/pcap-new.c +@@ -232,6 +232,13 @@ int pcap_findalldevs_ex(const char *sour + #else + /* opening the folder */ + unixdir= opendir(path); ++ if (unixdir == NULL) { ++ DIAG_OFF_FORMAT_TRUNCATION ++ snprintf(errbuf, PCAP_ERRBUF_SIZE, ++ "Error when listing files: does folder '%s' exist?", path); ++ DIAG_ON_FORMAT_TRUNCATION ++ return -1; ++ } + + /* get the first file into it */ + filedata= readdir(unixdir); +@@ -239,7 +246,7 @@ int pcap_findalldevs_ex(const char *sour + if (filedata == NULL) + { + DIAG_OFF_FORMAT_TRUNCATION +- snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path); ++ snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' contain files?", path); + DIAG_ON_FORMAT_TRUNCATION + closedir(unixdir); + return -1; diff --git a/libpcap.changes b/libpcap.changes new file mode 100644 index 0000000..988dc87 --- /dev/null +++ b/libpcap.changes @@ -0,0 +1,865 @@ +------------------------------------------------------------------- +Fri Sep 6 10:14:02 UTC 2024 - Pedro Monreal + +- Security fix: [bsc#1230034, CVE-2024-8006] + * libpcap: NULL pointer derefence in pcap_findalldevs_ex() + * Add libpcap-CVE-2024-8006.patch + +------------------------------------------------------------------- +Fri Sep 6 10:13:13 UTC 2024 - Pedro Monreal + +- Security fix: [bsc#1230020, CVE-2023-7256] + * libpcap: double free via addrinfo in sock_initaddress() + * Add libpcap-CVE-2023-7256.patch + +------------------------------------------------------------------- +Sat Apr 8 10:47:29 UTC 2023 - Andreas Stieger + +- update to 1.10.4: + * rpcap: Fix name of launchd service. + * documentation updates and build system tweaks + +------------------------------------------------------------------- +Wed Jan 18 09:34:17 UTC 2023 - Dirk Müller + +- update to 1.10.3: + * Sort the PUBHDR variable in Makefile.in in "ls" order. + * Fix typo in comment in pflog.h. + * Remove two no-longer-present files from .gitignore. + * Update code and comments for handling failure to set promiscuous + mode based on new information. + +------------------------------------------------------------------- +Sun Jan 1 12:37:49 UTC 2023 - Andreas Stieger + +- update to 1.10.2: + * Build system updates + * Developer visible fixes + * Fix some formatting string issues found by cppcheck + * "Dead" pcap_ts from pcap_open_dead() and ..._with_tstamp_precision(): + Don't crash if pcap_breakloop() is called. + * Savefiles: multiple bug fixes handling files + * Capture: Never process more than INT_MAX packets in a + pcap_dispatch() call, to avoid integer overflow + * Packet filtering: PFLOG bug fixes and improvements + * Fix memory leak in capture device open + * Fix detection of CAN/CAN FD packets in direction check + * Fix double-free crashes on errors such as running on a kernel + with CONFIG_PACKET_MMAP not configured + * Multiple CANbus bug fixes + * Fix pcap_findalldevs() to find usbmon devices + * Fix handling of VLAN tagged packets if the link-layer type is + changed from DLT_LINUX_SLL to DLT_LINUX_SLL2 + * Always turn on PACKET_AUXDATA + * Correctly compute the "real" length for isochronous USB transfers + +------------------------------------------------------------------- +Fri Jun 11 12:02:38 UTC 2021 - Paolo Stivanin + +- Update to 1.10.1 + * Fix "type XXX subtype YYY" giving a parse error + * Add PCAP_AVAILABLE_1_11. + * Rename struct bpf_aux_data to avoid NetBSD compile errors + * Fix cross-builds with older kernels lacking BPF_MOD and BPF_XOR + * Fix Bison detection for minor version 0. + * Fix parallel build with FreeBSD make. + * Get DLT_MATCHING_MAX right in gencode.c on NetBSD. + * Define timeradd() and timersub() if necessary. + * Fix Cygwin/MSYS target directories. + * Fix symlinking with DESTDIR. + * Fix generation of libpcap.pc with CMake when not building + a shared library. + * Support reading version 1.2, which some writers produce, + and which is the same as 1.0 + * Drop support for text-mode USB captures, as we require a 2.6.27 + or later kernel + * Bluetooth: fix non-blocking mode. Don't assume that all compilers + used to build for Linux support the __atomic builtins + +------------------------------------------------------------------- +Sun Feb 14 18:51:03 UTC 2021 - Pedro Monreal + +- Update to 1.10.0 + * Require, and assume, some level of C99 support in the C compiler + * Add support for capturing on DPDK devices + * rpcap: support rpcap-over-TLS + * Fix some memory leaks, including in pcap_compile() + * Linux: handle systems without AF_INET or AF_UNIX socket support + * Catch invalid IPv4 addresses in filters + * Show special Linux BPF offsets symbolically in bpf_image() + and bpf_dump() + * Linux: get rid of Wireless Extensions for turning monitor mode on + * Linux: proper memory sync for PACKET_MMAP + * Linux: drop support for libnl 1 and 2. + * Linux: Require PF_PACKET support, and kernel 2.6.27 or later + * Add DLT_LINUX_SLL2 + * Add a new filter "ifindex" for DLT_LINUX_SLL2 files and live + Linux captures + * optimizer: add a hack to try to catch certain optimizer loops + * Probe CONFIGURATION descriptor of connected USB devices + * Linux: return error on interface going away, but not if it just + went down + * Linux: set socket protocol only after packet ring configured, + reducing bogus packet drop reports + * Linux: get ifdrop stats from sysfs. + * Fix various security issues reported by Charles Smith at + Tangible Security + * Fix various security issues reported by Include Security + * rpcapd: on UN*X, don't tell the client why authentication failed + * Linux: when adjusting BPF programs, do not subtract the + SLL[2]_HDR_LEN if the location is negative (special + metadata offset) + * Linux: with a timeout of zero, wait indefinitely + * Linux: clean up support for some non-GNU libc C libraries + * Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP + * Fix handling of some ioctls that fail with "permission denied" + even when the ioctl isn't supported at all + * Added support for ICMPv6 types 1-4 as tokens in filters + * Report the DLT description in error messages + * Linux: Add support for DSA data link types + * Linux USB: use the snapshot length to set the buffer size, + and set the len field to reflect the length in the URB + * rpcapd: allow rpcapd to rebind more rapidly + * Add Haiku pcap implementation + * rpcap: redo protocol version negotiation to avoid problems + with old servers (it still works with servers using the old + negotiation, as well as servers not supporting negotiation) + * Remove (unused) SITA support here. + * Correctly handle pcapng captures with more than one IDB with a + snspshot length greater than the supported maximum +- Remove libpcap-no-old-socket.patch +- Rebase libpcap-1.0.0-s390.patch + +------------------------------------------------------------------- +Wed Oct 2 13:40:23 UTC 2019 - Pedro Monreal + +- Update to 1.9.1 [bsc#1153332] + * Five CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15165 + * Fixes for CVE-2018-16301, errors in pcapng reading. + * Mention pcap_get_required_select_timeout() in the main pcap man page + * Fix pcap-usb-linux.c build on systems with musl + * Fix assorted man page and other documentation issues + * Plug assorted memory leaks + * Documentation changes to use https: + * Changes to how time stamp calculations are done + * Lots of tweaks to make newer compilers happier and warning-free and + to fix instances of C undefined behavior + * Warn if AC_PROG_CC_C99 can't enable C99 support + * Rename pcap_set_protocol() to pcap_set_protocol_linux(). + * Align pcap_t private data on an 8-byte boundary. + * Fix various error messages + * Use 64-bit clean API in dag_findalldevs() + * Fix cleaning up after some errors + * Work around some ethtool ioctl bugs in newer Linux kernels + * Add backwards compatibility sections to some man pages + * Fix autotool configuration on AIX and macOS + * Don't export bpf_filter_with_aux_data() or struct bpf_aux_data; + they're internal-only and subject to change + * Fix pcapng block size checking + * Fix reading of capture statistics for Linux USB + * Fix packet size values for Linux USB packets + * Check only VID in VLAN test in filterss + * Fix pcap_list_datalinks on 802.11 devices on macOS + * Fix overflows with very large snapshot length in pcap file + * Improve parsing of rpcapd configuration file + * Handle systems without strlcpy() or strlcat() better + * Fix crashes and other errors with invalid filter expressions + * Fix use of uninitialized file descriptor in remote capture + * Fix some CMake issues + * Fix some divide-by-zero issues with the filter compiler + * Work around a GNU libc bug in pcap_nametonetaddr() + * Add support for DLT_LINUX_SLL2 + * Fix handling of the packet-count argument for Myricom SNF devices + * Fix --disable-rdma in configure script + * Fix compilation of TurboCap support + * Constify first argument to pcap_findalldevs_ex() + * Fix a number of issues when running rpcapd as an inetd-style daemon + * Fix CMake issues with D-Bus libraries + * In rpcapd, clean up termination of a capture session + * Redo remote capture protocol negotiation + * In rpcapd, report the same error for "invalid user name" and + "invalid password", to make brute-forcing harder + * For remote captures, add an error code for "the server requires TLS" + * Fix building as part of Npcap + * Allow rpcapd to rebind more rapidly + * Fix building shared libpcap library on midipix (midipix.org) + * Fix hack to detect UTF-16LE adapter names on Windows not to go past + the end of the string + * Have pcap_dump_open_append() create the dump file if it doesn't exists + * Fix the maxmum snapshot length for DLT_USBPCAP + * Use -fPIC when building for 64-bit SPARC on Linux + * Fix CMake 64-bit library installation directory on some Linux distributions + * Boost the TPACKET_V3 timeout to the maximum if a timeout of 0 was specified + * PCAPNG reader applies some sanity checks before doing malloc(). +- Drop patch fixed upstream: + * Check-only-VID-in-VLAN-test-issue-461.patch +- Rebase patch: + * libpcap-1.0.0-ppp.patch + +------------------------------------------------------------------- +Fri Aug 2 07:06:13 UTC 2019 - Martin Liška + +- Use FAT LTO objects in order to provide proper static library. + +------------------------------------------------------------------- +Mon Sep 24 17:46:26 UTC 2018 - mkubecek@suse.cz + +- update to 1.9.0 + * add testing system to libpcap, independent of tcpdump + * changes to how pcap_t is activated + * update included copies of BSD 4-clause license to 3-clause + * additions to TCP header parsing, per RFC3168 + * support setting non-blocking mode before activating + * fixes so that non-AF_INET addresses, are not ==AF_INET6 addresses + * pcap_compile() in 1.8.0 and later is newly thread-safe + * bound snaplen for linux tpacket_v2 to ~64k + * make VLAN filter handle both metadata and inline tags + (bsc#874131 bsc#993691 fate#321405) + * D-Bus captures can now be up to 128MB in size + * add DLT_LORATAP and DLT_VSOCK + * allow specifying a specific capture protocol + * RDMA sniffing support for pcap + * increase minimum autoconf version requirement to 2.64 + * rpcapd: support for xinetd.conf and systemd units + * provide pkgconfig file +- add BuildRequires for autoconf >= 2.64 +- package (newly added) pkgconfig file +- Check-only-VID-in-VLAN-test-issue-461.patch: + fix "vlan " test to check only VID, not complete TCI +- drop disable-remote.diff (superseded by upstream changes) + +------------------------------------------------------------------- +Thu Mar 1 14:49:43 UTC 2018 - jengelh@inai.de + +- Fix SRPM group + +------------------------------------------------------------------- +Tue Sep 12 20:33:09 UTC 2017 - asterios.dramis@gmail.com + +- Added a patch (disable-remote.diff) to fix applications to FTBFS + if they define HAVE_REMOTE (deb#843384). Patch taken from Debian. + +------------------------------------------------------------------- +Thu Mar 23 15:42:52 UTC 2017 - jengelh@inai.de + +- Restore section setting $pic + +------------------------------------------------------------------- +Wed Mar 1 10:12:45 UTC 2017 - tchvatal@suse.com + +- Do not put conditions about the provides for < 11.0 + +------------------------------------------------------------------- +Wed Feb 15 10:03:07 UTC 2017 - pmonrealgonzalez@suse.com + +- Dropped patches not required after review + * libpcap-1.0.0-pcap-bpf.patch + * libpcap-1.5.2-filter-fix.patch +- Reference of the pull request for the rest of the patches + * https://github.com/the-tcpdump-group/libpcap/issues/196 +- Changed libpcap-1.0.0-s390.patch to the git formatted one + +------------------------------------------------------------------- +Thu Feb 2 13:37:19 UTC 2017 - pmonrealgonzalez@suse.com + +- Formatted the specs file using spec-cleaner. + +------------------------------------------------------------------- +Thu Feb 2 13:28:11 UTC 2017 - pmonrealgonzalez@suse.com + +- Allow bluetooth monitoring support unconditionally. + +------------------------------------------------------------------- +Thu Feb 2 13:09:23 UTC 2017 - pmonrealgonzalez@suse.com + +- update to 1.8.1 + * Clean up the name-to-DLT mapping table. + * Add some newer DLT_ values: + IPMI_HPM_2,ZWAVE_R1_R2,ZWAVE_R3,WATTSTOPPER_DLM,ISO_14443,RDS + * Fix handling of packet count in the TPACKET_V3 inner loop: GitHub issue + #493. + * Filter out duplicate looped back CAN frames. + * Fix the handling of loopback filters for IPv6 packets. + * Add a link-layer header type for RDS (IEC 62106) groups. + * On Linux, handle all CAN captures with pcap-linux.c, in cooked mode. + * Removes the need for the "host-endian" link-layer header type. + * Compile with '-Wused-but-marked-unused' in devel mode if supported + * Have separate DLTs for big-endian and host-endian SocketCAN headers. + * Require that version.h be generated: all build procedures we support generate version.h (autoconf, CMake, MSVC)! + * Properly check for sock_recv() errors. + * Re-impose some of Winsock's limitations on sock_recv(). + * Replace sprintf() with pcap_snprintf(). + * Fix signature of pcap_stats_ex_remote(). + * Have rpcap_remoteact_getsock() return a SOCKET and supply an "is active" flag. + * Clean up {DAG, Septel, Myricom SNF}-only builds. + * pcap_create_interface() needs the interface name on Linux. + * Clean up hardware time stamp support: the "any" device does not support any time stamp types. + * Recognize 802.1ad nested VLAN tag in vlan filter. +- dropped libpcap-ocloexec.patch, never upstreamed. +- refreshed libpcap-1.0.0-ppp.patch + +------------------------------------------------------------------- +Sun Apr 17 02:42:52 UTC 2016 - crrodriguez@opensuse.org + +- libpcap-no-old-socket.patch: never fallback to the obsolete + SOCK_PACKET (kernel < 2.2) interface, this still happens + for example, when you update the kernel, run iftop and + the old kernel af_packet module wasn't loaded, program fails + and the kernel prints "iftop uses obsolete (PF_INET,SOCK_PACKET)" + +------------------------------------------------------------------- +Sun Jun 21 04:41:13 UTC 2015 - crrodriguez@opensuse.org + +- remove dependency on libusb-devel, only libusb-1.0 is used for + build. +- split a -devel-static subpackage that contains the static + libraries and all the extra dependencies which are not needed + for dynamic linking. + +------------------------------------------------------------------- +Sun Apr 26 18:55:17 UTC 2015 - astieger@suse.com + +- libpcap 1.7.3: + * work around a Linux bonding driver bug. + +------------------------------------------------------------------- +Fri Mar 13 12:02:35 UTC 2015 - vcizek@suse.com + +- update to 1.7.2 + * Support for filtering Geneve encapsulated packets. + * Fix handling of zones for BPF on Solaris + * new DLT for ZWAVE + * clarifications for read timeouts. + * added bpf_filter1() with extensions + * some fixes to compilation without stdint.h + * EBUSY can now be returned by SNFv3 code. +- refreshed libpcap-ocloexec.patch + +------------------------------------------------------------------- +Fri Nov 14 09:18:45 UTC 2014 - dimstar@opensuse.org + +- No longer perform gpg validation; osc source_validator does it + implicit: + + Drop gpg-offline BuildRequires. + + No longer execute gpg_verify. + +------------------------------------------------------------------- +Wed Sep 3 18:46:50 UTC 2014 - andreas.stieger@gmx.de + +- libpcap 1.6.2: + * Don't crash on filters testing a non-existent link-layer type + field. + * Fix sending in non-blocking mode on Linux with memory-mapped + capture. + * Fix timestamps when reading pcap-ng files on big-endian + machines. + +------------------------------------------------------------------- +Sun Aug 17 19:50:37 UTC 2014 - andreas.stieger@gmx.de + +- libpcap 1.6.1: + * some fixes for the any device + * changes for how --enable-XXX works +- includes changes from 1.6.0: + * fixes for byte order issues with NFLOG captures + * Handle using cooked mode for DLT_NETLINK in activate_new(). + removing libpcap-netlink.patch, upstream, [bnc#863823] + * on platforms where you can not capture on down interfaces, do + not list them, but: do list interfaces which are down, if you + can capture on them! +- libpcap does not build with bluez 5.21, disable bluetooth + ( bluetooth/mgmt.h moved to kernel ) + +------------------------------------------------------------------- +Thu Feb 13 16:18:19 UTC 2014 - vcizek@suse.com + +- added support for netlink (bnc#863823) + * libpcap-netlink.patch + +------------------------------------------------------------------- +Thu Feb 13 15:14:48 UTC 2014 - vcizek@suse.com + +- update to 1.5.3 + * Don't let packets that don't match the current filter get to the + application when TPACKET_V3 is used. (GitHub issue #331) + * Fix handling of pcap_loop()/pcap_dispatch() with a packet count + of 0 on some platforms (including Linux with TPACKET_V3). + (GitHub issue #333) + * Work around TPACKET_V3 deficiency that causes packets to be lost + when a timeout of 0 is specified. (GitHub issue #335) + * Man page formatting fixes. +- refreshed libpcap-1.5.2-filter-fix.patch + +------------------------------------------------------------------- +Sat Dec 14 12:08:46 UTC 2013 - andreas.stieger@gmx.de + +- update to 1.5.2 + Version 1.5.0 revised for non-code related edits Version, + 1.5.1 revised for for interop against Linux 3.1.0 + * TPACKET_V3 support added for Linux + * Point users to the the-tcpdump-group repository on GitHub + rather than the mcr repository + * Checks added for malloc()/realloc()/etc. failures + * Support filtering filtering E1 SS7 traffic on MTP2 layer Annex A + * Use "ln -s" to link man pages by default + * Added pcap_open_dead_with_tstamp_precision API interface. + * Many changes to autoconf to deal better with non-GCC compilers + added many new DLT types +- require pkg-config for devel library support detection +- add support for D-Bus capture +- modified patches for upstream changes: + * libpcap-ocloexec.patch + * libpcap-1.0.0-filter-fix.patch to libpcap-1.5.2-filter-fix.patch + +------------------------------------------------------------------- +Fri Sep 13 19:35:02 UTC 2013 - andreas.stieger@gmx.de + +- update to 1.4.0: + * add netfilter/nfqueue interface + * support IPv6 filter expressions when no IPv6 address resolution + availavle + * Fix pcap-config to include -lpthread if canusb support is + present + * Try to fix "pcap_parse not defined" problems when --without-flex + and --without-bison are used when you have Flex and Bison + * Fix some issues with the pcap_loop man page. + * Fix pcap_getnonblock() and pcap_setnonblock() to fill in the + supplied error message buffer + * Fix typo that, it appeared, would cause pcap-libdlpi.c not to + compile (perhaps systems with libdlpi also have BPF and use + that instead) + * Catch attempts to call pcap_compile() on a non-activated pcap_t + * Fix crash on Linux with CAN-USB support without usbfs + * Fix addition of VLAN tags for Linux cooked captures + * Check for both EOPNOTSUPP and EINVAL after SIOCETHTOOL ioctl, so + that the driver can report either one if it doesn't support + SIOCETHTOOL + * Add DLT_INFINIBAND and DLT_SCTP + * Describe "proto XXX" and "protochain XXX" in the pcap-filter man + page + * Handle either directories, or symlinks to directories, that + correspond to interfaces in /sys/class/net + * Fix handling of VLAN tag insertion to check, on Linux 3.x + kernels, for VLAN tag valid flag + * Clean up some man pages + * Support libnl3 as well as libnl1 and libnl2 on Linux +- packaging changes: + * build with libnl + * refresh libpcap-ocloexec.patch for upstream changes + * verify source signatures + +------------------------------------------------------------------- +Mon Aug 27 01:52:32 UTC 2012 - crrodriguez@opensuse.org + +- BuildRequire libusb-devel for "usb sniffing" + +------------------------------------------------------------------- +Mon Aug 27 00:11:52 UTC 2012 - crrodriguez@opensuse.org + +- Added libpcap-ocloexec.patch: + Use O_CLOEXEC in all internal fds so they do not + leak on fork()..execve() + +------------------------------------------------------------------- +Fri Jun 15 15:24:46 CEST 2012 - jslaby@suse.de + +- remove some patches + - libpcap-1.0.0-fcode.patch -- not needed, if this emitted a warning, + it was a compiler bug + - libpcap-1.0.0-mac_syntax.patch -- already handled by MAC rule + - libpcap-1.0.0-man.patch -- tcpdump is man 1, not 8 + - libpcap-1.1.1-scanif.patch -- misapplied, this was fixed upstream + already + - libpcap-1.2.1-netfilter-dont-fail-on-EPROTONOSUPPORT.patch + +------------------------------------------------------------------- +Thu Jun 14 23:21:10 CEST 2012 - jslaby@suse.de + +- update to 1.3.0 + - Handle DLT_PFSYNC in {FreeBSD, other *BSD+Mac OS X, other}. + - Linux: Don't fail if netfilter isn't enabled in the kernel. + - Add new link-layer type for NFC Forum LLCP. + - Put the CANUSB stuff into EXTRA_DIST, so it shows up in the release tarball. + - Add LINKTYPE_NG40/DLT_NG40. + - Add DLT_MPEG_2_TS/LINKTYPE_MPEG_2_TS for MPEG-2 transport streams. + - [PATCH] Fix AIX-3.5 crash with read failure during stress + - AIX fixes. + - Introduce --disable-shared configure option. + - Added initial support for canusb devices. + - Include the pcap(3PCAP) additions as 1.2.1 changes. + - many updates to documentation: pcap.3pcap.in + - Improve 'inbound'/'outbound' capture filters under Linux. + - Note the cleanup of handling of new DLT_/LINKTYPE_ values. + - On Lion, don't build for PPC. + - For mac80211 devices we need to clean up monitor mode on exit. + +------------------------------------------------------------------- +Tue Feb 28 14:43:12 CET 2012 - jslaby@suse.de + +- make it work also on kernels without netfilter (bnc#746356) + +------------------------------------------------------------------- +Tue Jan 3 14:35:47 UTC 2012 - puzel@suse.com + +- update to libpcap-1.2.1 + - Support 802.1 QinQ as a form of VLAN in filters. + - Treat "carp" as equivalent to "vrrp" in filters. + - Fix code generated for "ip6 protochain". + - Add some new link-layer header types. + - Support capturing NetFilter log messages on Linux. + - Turn off monitor mode on exit for mac80211 interfaces on Linux. + - Fix problems turning monitor mode on for non-mac80211 interfaces + - on Linux. + - Properly fail if /sys/class/net or /proc/net/dev exist but can't + - be opened. + - Fail if pcap_activate() is called on an already-activated + - pcap_t, and add a test program for that. + - Fix filtering in pcap-ng files. + - Simplify handling of new DLT_/LINKTYPE_ values. + - Expand pcap(3PCAP) man page. +- drop libpcap-fix-calculation-of-frame-size.patch (upstream) + +------------------------------------------------------------------- +Fri Sep 16 17:25:31 UTC 2011 - jengelh@medozas.de + +- Add libpcap-devel to baselibs +- Remove redundant tags/sections + +------------------------------------------------------------------- +Thu May 19 14:12:36 UTC 2011 - puzel@novell.com + +- add libpcap-fix-calculation-of-frame-size.patch (bnc#694779) +- clean up specfile + +------------------------------------------------------------------- +Mon Mar 14 14:19:41 CST 2011 - cyliu@novell.com +- fix bug#674278: pcap_findalldevs error with bonding device + libpcap-1.1.1-scanif.patch + +------------------------------------------------------------------- +Tue Apr 6 08:19:41 UTC 2010 - puzel@novell.com + +- update to libpcap-1.1.1 + - notable changes : + - Add SocketCAN capture support + - Add Myricom SNF API support + - Update Endace DAG and ERF support + - Support monitor mode on mac80211 devices on Linux + - Fix USB memory-mapped capturing on Linux + - On Linux, scan /sys/class/net for devices if we have it + - Add limited support for reading pcap-ng files + - see /usr/share/doc/packages/libpcap1/CHANGES for + full list of changes +- drop fix-any-interface-handling.patch (fixed upstream) +- drop fix-usb-nic.patch (fixed upstream) + +------------------------------------------------------------------- +Tue Jan 26 22:11:20 CET 2010 - jengelh@medozas.de + +- large PIC model is required on SPARC + +------------------------------------------------------------------- +Wed Dec 16 09:51:52 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source +- enable parallel building + +------------------------------------------------------------------- +Tue Nov 3 19:09:28 UTC 2009 - coolo@novell.com + +- updated patches to apply with fuzz=0 + +------------------------------------------------------------------- +Thu Oct 29 17:07:48 UTC 2009 - puzel@novell.com + +- move pcap-filter and pcap-linktype out from -devel subpackage + (bnc#550372) + +------------------------------------------------------------------- +Tue May 26 14:50:36 CEST 2009 - poeml@suse.de + +- don't obsolete an old libpcap (0.9.x) package on openSUSE 11.0 or + older (bnc#507083) + +------------------------------------------------------------------- +Thu Mar 19 18:14:56 CET 2009 - puzel@suse.cz + +- add fix-usb-nic.patch (bnc#455774) + +------------------------------------------------------------------- +Fri Feb 20 16:37:53 CET 2009 - puzel@suse.cz + +- fix-any-interface-handling.patch (bnc#463182) + +------------------------------------------------------------------- +Wed Jan 14 16:38:27 CET 2009 - prusnak@suse.cz + +- updated to 1.0.0 + * Compile with IPv6 support by default + * Compile with large file support on by default + * Add pcap-config script, which deals with -I/-L flags + for compiling + * DLT: Add IPMB + * DLT: Add LAPD + * DLT: Add AX25 (AX.25 w/KISS header) + * DLT: Add JUNIPER_ST + * 802.15.4 support + * Variable length 802.11 header support + * X2E data type support + * SITA ACN Interface support - see README.sita + * Support for zerocopy BPF on platforms that support it + * Better support for dealing with VLAN tagging/stripping on Linux + * Fix dynamic library support on OSX + * Return PCAP_ERROR_IFACE_NOT_UP if the interface isn't 'UP', so + applications can print better diagnostic information + * Return PCAP_ERROR_PERM_DENIED if we don't have permission to open + a device, so applications can tell the user they need to go play + with permissions + * On Linux, ignore ENETDOWN so we can continue to capture packets + if the interface goes down and comes back up again. + * On Linux, support new tpacket frame headers (2.6.27+) + * On Mac OS X, add scripts for changing permissions on /dev/pbf* and + launchd plist + * On Solaris, support 'passive mode' on systems that support it + * Fixes to autoconf and general build environment + * Man page reorganization + cleanup + * Autogenerate VERSION numbers better +- dropped obsoleted shared.patch + +------------------------------------------------------------------- +Tue Jan 13 12:34:56 CET 2009 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Mon Sep 15 17:08:47 CEST 2008 - dmueller@suse.de + +- adjust buildrequires + +------------------------------------------------------------------- +Thu Sep 4 17:07:17 CEST 2008 - prusnak@suse.cz + +- updated to CVS-20080503 + * support for USB and Bluetooth capture + +------------------------------------------------------------------- +Wed Aug 20 16:34:47 CEST 2008 - prusnak@suse.cz + +- renamed libpcap package to libpcap0 +- added ppp.patch and s390.patch (small issues) + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Tue Jan 8 17:44:31 CET 2008 - prusnak@suse.cz + +- update to 0.9.8 + * Change build process to put public libpcap headers into pcap subdir + * DLT: Add value for IPMI IPMB packets + * DLT: Add value for u10 Networks boards + * Require for pf definitions - allows reading of pflog + formatted libpcap files on an OS other than where the file was generated +- added pcap-bpf.patch + * add two structs needed for tahi testsuite + +------------------------------------------------------------------- +Thu Jul 26 15:57:36 CEST 2007 - prusnak@suse.cz + +- updated to 0.9.7 + * added flags/configuration for cloning bpf device. + * added DLT_MTP2_WITH_PHDR support (PPI) + * introduced support for the DAG ERF type TYPE_COLOR_MC_HDLC_POS + * added basic BPF filtering support for DLT_MTP2_WITH_PHDR + * add support for DLT_JUNIPER_ISM + * allocate DLT_ for 802.15.4 without any header munging + * header for 802.16 MAC Common Part Sublayer plus a radiotap radio header +- branch -devel subpackage + +------------------------------------------------------------------- +Thu Jul 12 11:00:38 CEST 2007 - prusnak@suse.cz + +- updated to 0.9.6 + * added Bluetooth support + * added USB capturing support + * added support for the binary USB sniffing interface + * added additional filter operations for 802.11 frame types + * added support for filtering on MTP2 frame types + * added LINKTYPE_ for IEEE 802.15.4, with address fields padded + * added LINKTYPE_ value corresponding to DLT_IEEE802_16_MAC_CPS + * added DLT for IEEE 802.16 (WiMAX) MAC Common Part Sublayer + * added DLT for Bluetooth HCI UART transport layer + * fixed discarding of unread packets when changing filters + * fixed a bug in pcap_open_live() + +------------------------------------------------------------------- +Wed May 2 16:40:08 CEST 2007 - pth@suse.de + +- Use correct version for naming the shared library (#270226) + +------------------------------------------------------------------- +Thu Mar 29 11:33:50 CEST 2007 - rguenther@suse.de + +- add flex and bison BuildRequires + +------------------------------------------------------------------- +Tue Jan 16 15:18:20 CET 2007 - prusnak@suse.cz + +- implemented socket timeout (socket-timeout.diff) [#234034] + +------------------------------------------------------------------- +Wed Jan 3 15:25:29 CET 2007 - prusnak@suse.cz + +- update to 0.9.5 + * Support for LAPD frames with vISDN + * Support for ERF on channelized T1/E1 cards via DAG API + * Better failure detection on PacketGetAdapterNames() + * Fixes for MPLS packet generation (link layer) + * OP_PACKET now matches the beginning of the packet, instead of beginning+link-layer + * Fix allocation of buffer for list of link-layer types + * Add support for DLT_JUNIPER_VP + * Don't double-count received packets on Linux systems + +------------------------------------------------------------------- +Wed Jan 25 21:37:40 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Mon Jan 9 17:34:05 CET 2006 - mjancar@suse.cz + +- update to 0.9.4 + +------------------------------------------------------------------- +Wed Aug 10 00:31:47 CEST 2005 - kkeil@suse.de + +- Reverse the -fno-strict-aliasing work around + +------------------------------------------------------------------- +Sun Aug 7 10:47:54 CEST 2005 - aj@suse.de + +- Compile with -fno-strict-aliasing to work around compiler bug for now. + +------------------------------------------------------------------- +Fri Aug 5 01:02:50 CEST 2005 - ro@suse.de + +- do not package all of libdir (debuginfo) + +------------------------------------------------------------------- +Tue Aug 2 18:35:42 CEST 2005 - mjancar@suse.cz + +- update to 0.9.3 + +------------------------------------------------------------------- +Tue Apr 12 23:18:22 CEST 2005 - ro@suse.de + +- added return value to non-void functions + +------------------------------------------------------------------- +Thu Nov 18 01:57:38 CET 2004 - ro@suse.de + +- fixed file list + +------------------------------------------------------------------- +Tue Aug 24 17:30:55 CEST 2004 - kkeil@suse.de + +- add DLT_PPP_WITHDIRECTION from libpcap cvs to handle PPP filters + in a compatible way + Thanks to Hannes Gredler for implementing it + +------------------------------------------------------------------- +Wed Aug 04 16:45:40 CEST 2004 - postadal@suse.cz + +- updated to version 0.8.3 + +------------------------------------------------------------------- +Mon Feb 09 18:02:42 CET 2004 - postadal@suse.cz + +- updated to version 0.8.1 + * the include file include/net/bpf.h renamed to include/pcap-bpf +- fixed config (LIBOBJS issue) + +------------------------------------------------------------------- +Sat Jan 10 01:27:25 CET 2004 - schwab@suse.de + +- Use autoreconf. + +------------------------------------------------------------------- +Thu Jul 24 12:55:09 CEST 2003 - postadal@suse.cz + +- update to version 0.7.2 + * support frame relay + * support for ARPHRD_RAWHDLC + * support eg (Octane/O2xxx/O3xxx Gigabit) devices + * add new reserved DLT types + +------------------------------------------------------------------- +Mon May 20 14:39:56 CEST 2002 - postadal@suse.de + +- security fix (get spurious packets before kernel filter kicks in) +- update to 0.7.1 + * pcap_stats() has been documented as to what its counters mean on + each platform + * Added pcap_findalldevs() call to get list of interfaces in + a MI way + +------------------------------------------------------------------- +Wed Mar 13 21:04:35 CET 2002 - postadal@suse.cz + +- fixed Makefile.in to created shared library + +------------------------------------------------------------------- +Thu Jan 10 10:04:40 CET 2002 - cihlar@suse.cz + +- use %{_lib} + +------------------------------------------------------------------- +Fri Feb 23 14:15:48 CET 2001 - cihlar@suse.cz + +- update to 0.6.2 - it should handle isdn without patch + +------------------------------------------------------------------- +Thu Dec 7 13:44:02 CET 2000 - schwab@suse.de + +- Compile with -fpic so that it can be included in a shared library. + +------------------------------------------------------------------- +Wed Oct 11 09:58:55 CEST 2000 - smid@suse.cz + +- new version 0.5.2 + +------------------------------------------------------------------- +Thu Jun 8 08:26:58 MEST 2000 - cihlar@suse.cz + +- Group sorted + +------------------------------------------------------------------- +Fri Apr 21 15:41:02 CEST 2000 - smid@suse.cz + +- buildroot added + +------------------------------------------------------------------- +Thu Mar 2 15:32:37 CET 2000 - uli@suse.de + +- moved man page to %{_mandir} + +------------------------------------------------------------------- +Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de + +- ran old prepare_spec on spec file to switch to new prepare_spec. + +------------------------------------------------------------------- +Thu Sep 9 12:15:28 CEST 1999 - bs@suse.de + +- fixed call of Check at the end of %install section + +------------------------------------------------------------------- +Sun Jul 11 14:04:46 MEST 1999 - @suse.de + +- new package: libpcap + now an extra package, because many network tools use it (so far + it was included in .srpm packages that needed it, like tcpdump) + diff --git a/libpcap.keyring b/libpcap.keyring new file mode 100644 index 0000000..a623393 --- /dev/null +++ b/libpcap.keyring @@ -0,0 +1,31 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQGRBFGRD2gBDCDcthM1N9jeWic9tD17LsHwWyh/IelKgFMVFShgHk31YsQUetKn +5hGKlW0WU7+r3dsECiqxgyuqeUKvqiZneqma0GDk1n8ucXLc7oFFLrF7qbvssPPM +831014FlzsN82OZZ1SnNUGacdyNzV5myPybKILWemsLuAJaGU60IkAJkTReiaMFR +pB0QmBiqM5KY2SHAkeja2+UhupBw/lHyAwU/KVhkohmvUTJeUBJaKK2gRY7jJQmf +ouTbIe0nKIqDzMmE9GvFhyQmMJzbxAwTfSxSZq3bMCpsyQtjoi2LGQFoMVkI6g7K +IRNWgCqSTHF238VIdOkLzbwuoZAmS+oacXszIln2jLJsKkbiCCOb/lV+5u5O6/wJ +M4RHxCBnkRgBmMLyXSM9qAo1FU5suPqf01msqvKMsa99lTF6kIWurR/7rw4S2bNl +iaMqHNHliFNfaAE42S8as+Pw5Rhq2SJczWyd8rYw/q1IIZyKLO1oGn6ZRt+EQ7BS +8nlREmT/MDqP0rgrpvRrABEBAAG0PVRoZSBUY3BkdW1wIEdyb3VwIChQYWNrYWdl +IHNpZ25pbmcga2V5KSA8cmVsZWFzZUB0Y3BkdW1wLm9yZz6JAcIEEwECACgFAlGR +D2gCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOCJ3vHZwV0N +wPAMH22fmTbjByMSvR/gxDFA26ULgf02qZzqYlRLKB7EDbEjB1Ga6PrLB22Sn/b5 +8fxNw/9zH0EPkorv0YnBhinE51jLmZ99Sk5eGFIMcCkNAOOhadFZGGKarekEPwNB +oDtxCuSuOQ0JVvyn5fLcbA5u3+LBvHvbnUKgCpiXahpq15bZiS1aoVkdXknUQVO+ +bU6Y2lj3m8Q1C6t+J29UvbyixgQhFeTkl25NZkTS6Cqds5F9q3nUBD/7gvQbATBy +A+p+iWLHqt1s4c5UHRzriuLyBbnJgOEI13pNbgFIoKhbCSGQj0uQVZORmzzqs0nh +QXtj+JPOAMd619mHjmhXItgqu2llywQ36tXTEdRoUjJmgMkoqXtZQ8XDVdJ6f/sG +OJDHCctr5aVanWierzePl1PvWPWeC9mnB6Nnxuah+8zQFb4wXUnYO09OX47UgQlu +mE9/lZfY7okIODVrXjqbPVxSBLzCzptBrkeZ3brkrl5oCdYlWsUiQCY0hO6jzMEd +CnxEp1kkn2eJATAEEAECAAYFAlGaR8gACgkQbzNW3/yhb5DWLgigkgtM5wXCQkJz +VyXdCVTfdP9KXEZ1LM1NpRVHbk8lRmgWn4LHb2y1zmH8TDioAyz7GMSFDvqK5kqc +ZPOFi3YZOqLwtcYjAk+jW0ekmx7ao1fIsMjsTvAMVq/EKNRq8IeiKhJSD4KCttFa +qvtD5IfxlgsMoVAdsXF0tyTtC457zWCof3FP7Wbm3MRN3TV4eJInEZhKFgLt4xM6 +dCI4ifizu4aPe/TptNl+MuyYTXmPghkQgoeTB9b2qhklp5ccX+8HYeWrpMuCM4er +YYG/j5tZ5YJ/13HDO7S22Wxp94h0hy7NgZ7DRXP0XGp5NvS1stLMGwPm6wyYsjtL +m+jWKltF1WFO1z8zSpZaC+u1GSe48qpqA40k +=1rmx +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libpcap.spec b/libpcap.spec new file mode 100644 index 0000000..f96e76c --- /dev/null +++ b/libpcap.spec @@ -0,0 +1,132 @@ +# +# spec file for package libpcap +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: libpcap +Version: 1.10.4 +Release: 0 +Summary: A Library for Network Sniffers +License: BSD-3-Clause +Group: Development/Libraries/C and C++ +URL: https://www.tcpdump.org/ +Source: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz +Source2: baselibs.conf +Source3: https://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring +Source4: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig +Patch2: libpcap-1.0.0-ppp.patch +Patch3: libpcap-1.0.0-s390.patch +# PATCH-FIX-UPSTREAM bsc#1230020 CVE-2023-7256: double free via addrinfo in sock_initaddress() +Patch4: libpcap-CVE-2023-7256.patch +# PATCH-FIX-UPSTREAM bsc#1230034 CVE-2024-8006: NULL pointer derefence in pcap_findalldevs_ex() +Patch5: libpcap-CVE-2024-8006.patch +BuildRequires: autoconf >= 2.69 +BuildRequires: automake +BuildRequires: bison +BuildRequires: bluez-devel +BuildRequires: dbus-1-devel +BuildRequires: flex +BuildRequires: libnl3-devel +BuildRequires: pkgconfig >= 0.17.0 +BuildRequires: pkgconfig(libusb-1.0) + +%description +libpcap is a library used by packet sniffer programs. It provides an +interface for them to capture and analyze packets from network devices. +This package is only needed if you plan to compile or write such a +program yourself. + +%package -n libpcap1 +Summary: A Library for Network Sniffers +Group: System/Libraries +Provides: libpcap = %{version} +Obsoletes: libpcap < %{version} + +%description -n libpcap1 +libpcap is a library used by packet sniffer programs. It provides an +interface for them to capture and analyze packets from network devices. +This package is only needed if you plan to compile or write such a +program yourself. + +%package devel +Summary: A Library for Network Sniffers +Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: libpcap1 = %{version} + +%description devel +libpcap is a library used by packet sniffer programs. It provides an +interface for them to capture and analyze packets from network devices. +This package is only needed if you plan to compile or write such a +program yourself. + +%package devel-static +Summary: A Library for Network Sniffers +Group: Development/Libraries/C and C++ +Requires: %{name}-devel = %{version} +Requires: bluez-devel +Requires: dbus-1-devel +Requires: libnl3-devel +Requires: pkgconfig(libusb-1.0) + +%description devel-static +libpcap static libraries + +%prep +%setup -q +%patch2 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 + +%build +%global _lto_cflags %{_lto_cflags} -ffat-lto-objects +autoreconf -fiv +%ifarch %{sparc} +pic="PIC" +%else +pic="pic" +%endif +export CFLAGS="%{optflags} -f$pic" CXXFLAGS="%{optflags} -f$pic" +%configure \ + --enable-bluetooth=yes \ + --enable-ipv6 +%make_build all shared + +%install +mkdir -p %{buildroot}%{_bindir} +make DESTDIR=%{buildroot} install install-shared + +%post -n libpcap1 -p /sbin/ldconfig +%postun -n libpcap1 -p /sbin/ldconfig + +%files -n libpcap1 +%license LICENSE +%doc CHANGES CREDITS README.md doc/README.linux TODO +%{_libdir}/*.so.* +%{_mandir}/man7/* + +%files devel-static +%{_libdir}/*.*a + +%files devel +%{_mandir}/man[1-6]/* +%{_includedir}/* +%{_bindir}/pcap-config +%{_libdir}/*.so +%{_libdir}/pkgconfig/%{name}.pc + +%changelog