diff --git a/libpcap-1.0.0-s390.patch b/libpcap-1.0.0-s390.patch index 2156ae8..3d749cf 100644 --- a/libpcap-1.0.0-s390.patch +++ b/libpcap-1.0.0-s390.patch @@ -8,12 +8,12 @@ Subject: [PATCH 3/4] pcap-linux: apparently ctc interfaces on s390 has pcap-linux.c | 4 ++++ 1 file changed, 4 insertions(+) -Index: libpcap-1.10.0/pcap-linux.c +Index: libpcap-1.10.5/pcap-linux.c =================================================================== ---- libpcap-1.10.0.orig/pcap-linux.c -+++ libpcap-1.10.0/pcap-linux.c -@@ -2461,6 +2461,10 @@ activate_pf_packet(pcap_t *handle, int i - } +--- libpcap-1.10.5.orig/pcap-linux.c ++++ libpcap-1.10.5/pcap-linux.c +@@ -2530,6 +2530,10 @@ setup_socket(pcap_t *handle, int is_any_ + handle->linktype = DLT_LINUX_SLL; } + /* Hack to make things work on s390 ctc interfaces */ diff --git a/libpcap-1.10.4.tar.gz b/libpcap-1.10.4.tar.gz deleted file mode 100644 index 3e167e4..0000000 --- a/libpcap-1.10.4.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f -size 952153 diff --git a/libpcap-1.10.4.tar.gz.sig b/libpcap-1.10.4.tar.gz.sig deleted file mode 100644 index a4b6867..0000000 Binary files a/libpcap-1.10.4.tar.gz.sig and /dev/null differ diff --git a/libpcap-1.10.5.tar.xz b/libpcap-1.10.5.tar.xz new file mode 100644 index 0000000..dcba61e --- /dev/null +++ b/libpcap-1.10.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:84fa89ac6d303028c1c5b754abff77224f45eca0a94eb1a34ff0aa9ceece3925 +size 671880 diff --git a/libpcap-1.10.5.tar.xz.sig b/libpcap-1.10.5.tar.xz.sig new file mode 100644 index 0000000..31a74c1 Binary files /dev/null and b/libpcap-1.10.5.tar.xz.sig differ diff --git a/libpcap.changes b/libpcap.changes index 6575c27..1b26c36 100644 --- a/libpcap.changes +++ b/libpcap.changes @@ -1,3 +1,63 @@ +------------------------------------------------------------------- +Mon Sep 2 08:38:49 UTC 2024 - Pedro Monreal + +- Update to 1.10.5: + * Security fixes: + - [bsc#1230020, CVE-2023-7256] double free via addrinfo in sock_initaddress() + - [bsc#1230034, CVE-2024-8006] null pointer derefence in pcap_findalldevs_ex() + * Thread safety: Make some static variables thread-local + * Packet filtering: + - Return an error from pcap_compile() if the scanner fails to initialize. + - Optimizer fix from Archit Shah to recompute dominators after moving + code; (although the resulting filter isn't empty). + - Optimizer fix from Archit Shah to mark value as unknown when store + of that value is deleted. + * Linux: + - Don't use DLT_LINUX_SLL2 for anything other than the "any" device. + - Avoid 32-bit unsigned integer overflow in USB captures. + - Fix a file descriptor leak. + - Fix DLT_CAN_SOCKETCAN handling of CAN FD. + - Add CAN XL support to DLT_CAN_SOCKETCAN. + - Clean up the code that sets the "real" ("original") length for + isochronous USB transfers. + - Avoid unnecessary blocking on recvmsg() in the Bluetooth monitor and + Bluetoth modules. + * Haiku: + - Report non-existent devices correctly. + - Fix handling of packet statistics. + - Fix packet timestamping. + - Fix packet filtering with low snaplen. + - Improve connection status reporting. + - Add support for promiscuous mode. + - Detect DLTs and loopback capture support at run time. + - Report IEEE 802.11 as PCAP_IF_WIRELESS. + * BSD, macOS, AIX, Solaris 11, Linux: + - Add a new error PCAP_ERROR_CAPTURE_NOTSUP, for use if a capture + mechanism is not present, in the hopes that, for example, + attempts to capture on Windows Services for Linux 1, in which + the NT kernel attempts to simulate Linux system calls but does + not support packet sockets, can get an error that better + indicates the underlying problem. + * AirPcap: Format an error message if we run out of memory. + * nflog: Make sure we don't overflow when rounding up the TLV length. + * rpcap: + - Handle routines removed in at least some OpenSSL libraries. + - CVE-2023-7256: Clean up sock_initaddress() and its callers to avoid + double frees in some cases. + - Don't define SOCKET ourselves; instead, define PCAP_SOCKET as int + on UN*Xes and as SOCKET on Windows. + - CVE-2024-8006: Fix pcap_findalldevs_ex() not to crash if passed a + file:// URL with a path to a directory that cannot be opened. + * Savefiles: + - Handle DLT_/LINKTYPE_ mapping better, to handle some + OpenBSD-specific link types better. + - Treat if_tsoffset as signed in pcapng files, as the spec says. + - Don't try to fix the "real" length for isochronous USB + transfers if the number of USB descriptors is too large. + - Reject pcap files where one of the reserved fields in the + "link-layer type plus other stuff" is non-zero. + * Rebase libpcap-1.0.0-s390.patch + ------------------------------------------------------------------- Thu Feb 29 18:52:55 UTC 2024 - pgajdos@suse.com diff --git a/libpcap.spec b/libpcap.spec index 3060a49..1d2c03d 100644 --- a/libpcap.spec +++ b/libpcap.spec @@ -1,7 +1,7 @@ # # spec file for package libpcap # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,16 +17,16 @@ Name: libpcap -Version: 1.10.4 +Version: 1.10.5 Release: 0 Summary: A Library for Network Sniffers License: BSD-3-Clause Group: Development/Libraries/C and C++ URL: https://www.tcpdump.org/ -Source: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz +Source: https://www.tcpdump.org/release/%{name}-%{version}.tar.xz Source2: baselibs.conf Source3: https://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring -Source4: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig +Source4: https://www.tcpdump.org/release/%{name}-%{version}.tar.xz.sig Patch2: libpcap-1.0.0-ppp.patch Patch3: libpcap-1.0.0-s390.patch BuildRequires: autoconf >= 2.69