From 76383e903232a094106a2c4f291a051a07a3aa5bfbd46eb493485d59cdc40ebf Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Fri, 15 Jun 2012 07:27:29 +0000 Subject: [PATCH 1/4] Accepting request 125061 from home:jirislaby:branches:Base:System update to 1.3.0 OBS-URL: https://build.opensuse.org/request/show/125061 OBS-URL: https://build.opensuse.org/package/show/Base:System/libpcap?expand=0&rev=27 --- ...tfilter-dont-fail-on-EPROTONOSUPPORT.patch | 31 ------------------- libpcap-1.2.1.tar.gz | 3 -- libpcap-1.3.0.tar.gz | 3 ++ libpcap.changes | 21 +++++++++++++ libpcap.spec | 4 +-- 5 files changed, 25 insertions(+), 37 deletions(-) delete mode 100644 libpcap-1.2.1-netfilter-dont-fail-on-EPROTONOSUPPORT.patch delete mode 100644 libpcap-1.2.1.tar.gz create mode 100644 libpcap-1.3.0.tar.gz diff --git a/libpcap-1.2.1-netfilter-dont-fail-on-EPROTONOSUPPORT.patch b/libpcap-1.2.1-netfilter-dont-fail-on-EPROTONOSUPPORT.patch deleted file mode 100644 index aa2a861..0000000 --- a/libpcap-1.2.1-netfilter-dont-fail-on-EPROTONOSUPPORT.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5fad270aaa970512fc2aaf8f2ea361b247bb7477 Mon Sep 17 00:00:00 2001 -From: Jiri Slaby -Date: Tue, 28 Feb 2012 14:36:43 +0100 -Subject: [PATCH] netfilter: don't fail on EPROTONOSUPPORT - -EPROTONOSUPPORT is what I get from the kernel if I don't have netfilter enabled. - -This bug prevents tcpdump/wireshark to work properly: -tcpdump: Can't open netlink socket 93:Protocol not supported ---- - pcap-netfilter-linux.c | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/pcap-netfilter-linux.c b/pcap-netfilter-linux.c -index 225e49f..86235d1 100644 ---- a/pcap-netfilter-linux.c -+++ b/pcap-netfilter-linux.c -@@ -452,8 +452,8 @@ struct my_nfattr { - - sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER); - if (sock < 0) { -- /* if netlink is not supported this this is not fatal */ -- if (errno == EAFNOSUPPORT) -+ /* if netlink is not supported, this is not fatal */ -+ if (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) - return 0; - snprintf(err_str, PCAP_ERRBUF_SIZE, "Can't open netlink socket %d:%s", - errno, pcap_strerror(errno)); --- -1.7.5.4 - diff --git a/libpcap-1.2.1.tar.gz b/libpcap-1.2.1.tar.gz deleted file mode 100644 index 837411f..0000000 --- a/libpcap-1.2.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a135a6ef7e539729a57c7ed345bdb9b64159e13404174006a7972eb33f00debd -size 603208 diff --git a/libpcap-1.3.0.tar.gz b/libpcap-1.3.0.tar.gz new file mode 100644 index 0000000..f3fa84c --- /dev/null +++ b/libpcap-1.3.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:41cbd9ed68383afd9f1fda279cb78427d36879d9e34ee707e31a16a1afd872b9 +size 608967 diff --git a/libpcap.changes b/libpcap.changes index 004fed5..92f8ffd 100644 --- a/libpcap.changes +++ b/libpcap.changes @@ -1,3 +1,24 @@ +------------------------------------------------------------------- +Thu Jun 14 23:21:10 CEST 2012 - jslaby@suse.de + +- update to 1.3.0 + - Handle DLT_PFSYNC in {FreeBSD, other *BSD+Mac OS X, other}. + - Linux: Don't fail if netfilter isn't enabled in the kernel. + - Add new link-layer type for NFC Forum LLCP. + - Put the CANUSB stuff into EXTRA_DIST, so it shows up in the release tarball. + - Add LINKTYPE_NG40/DLT_NG40. + - Add DLT_MPEG_2_TS/LINKTYPE_MPEG_2_TS for MPEG-2 transport streams. + - [PATCH] Fix AIX-3.5 crash with read failure during stress + - AIX fixes. + - Introduce --disable-shared configure option. + - Added initial support for canusb devices. + - Include the pcap(3PCAP) additions as 1.2.1 changes. + - many updates to documentation: pcap.3pcap.in + - Improve 'inbound'/'outbound' capture filters under Linux. + - Note the cleanup of handling of new DLT_/LINKTYPE_ values. + - On Lion, don't build for PPC. + - For mac80211 devices we need to clean up monitor mode on exit. + ------------------------------------------------------------------- Tue Feb 28 14:43:12 CET 2012 - jslaby@suse.de diff --git a/libpcap.spec b/libpcap.spec index 1aff025..7d4a42b 100644 --- a/libpcap.spec +++ b/libpcap.spec @@ -17,7 +17,7 @@ Name: libpcap -Version: 1.2.1 +Version: 1.3.0 Release: 0 Summary: A Library for Network Sniffers License: BSD-3-Clause @@ -33,7 +33,6 @@ Patch4: libpcap-1.0.0-s390.patch Patch5: libpcap-1.0.0-man.patch Patch6: libpcap-1.0.0-mac_syntax.patch Patch7: libpcap-1.1.1-scanif.patch -Patch8: libpcap-1.2.1-netfilter-dont-fail-on-EPROTONOSUPPORT.patch BuildRequires: bison BuildRequires: bluez-devel BuildRequires: flex @@ -85,7 +84,6 @@ program yourself. %patch5 %patch6 %patch7 -%patch8 -p1 %build %ifarch %sparc From 44d50157e9271a595bff923c77bc3b75020ead8477954911bf3bd0383c8ae915 Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Sat, 16 Jun 2012 08:08:35 +0000 Subject: [PATCH 2/4] Accepting request 125176 from home:jirislaby:branches:Base:System remove some patches OBS-URL: https://build.opensuse.org/request/show/125176 OBS-URL: https://build.opensuse.org/package/show/Base:System/libpcap?expand=0&rev=28 --- libpcap-1.0.0-fcode.patch | 23 ----------------------- libpcap-1.0.0-mac_syntax.patch | 21 --------------------- libpcap-1.0.0-man.patch | 13 ------------- libpcap-1.1.1-scanif.patch | 22 ---------------------- libpcap.changes | 11 +++++++++++ libpcap.spec | 14 +++----------- 6 files changed, 14 insertions(+), 90 deletions(-) delete mode 100644 libpcap-1.0.0-fcode.patch delete mode 100644 libpcap-1.0.0-mac_syntax.patch delete mode 100644 libpcap-1.0.0-man.patch delete mode 100644 libpcap-1.1.1-scanif.patch diff --git a/libpcap-1.0.0-fcode.patch b/libpcap-1.0.0-fcode.patch deleted file mode 100644 index df724b0..0000000 --- a/libpcap-1.0.0-fcode.patch +++ /dev/null @@ -1,23 +0,0 @@ -Index: pcap-linux.c -=================================================================== ---- pcap-linux.c.orig -+++ pcap-linux.c -@@ -2313,6 +2313,9 @@ pcap_setfilter_linux_common(pcap_t *hand - struct sock_fprog fcode; - int can_filter_in_kernel; - int err = 0; -+ memset(&fcode, 0, sizeof(fcode)); -+ fcode.len = 0; -+ fcode.filter = NULL; - #endif - - if (!handle) -@@ -2347,8 +2350,6 @@ pcap_setfilter_linux_common(pcap_t *hand - * sake of correctness I added this check. - */ - fprintf(stderr, "Warning: Filter too complex for kernel\n"); -- fcode.len = 0; -- fcode.filter = NULL; - can_filter_in_kernel = 0; - } else - #endif /* USHRT_MAX */ diff --git a/libpcap-1.0.0-mac_syntax.patch b/libpcap-1.0.0-mac_syntax.patch deleted file mode 100644 index 355a0c2..0000000 --- a/libpcap-1.0.0-mac_syntax.patch +++ /dev/null @@ -1,21 +0,0 @@ -Index: scanner.l -=================================================================== ---- scanner.l.orig -+++ scanner.l -@@ -96,6 +96,7 @@ N ([0-9]+|(0X|0x)[0-9A-Fa-f]+) - B ([0-9A-Fa-f][0-9A-Fa-f]?) - B2 ([0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f][0-9A-Fa-f]) - W ([0-9A-Fa-f][0-9A-Fa-f]?[0-9A-Fa-f]?[0-9A-Fa-f]?) -+X [0-9A-Fa-f] - - %a 18400 - %o 21500 -@@ -360,6 +361,8 @@ ${B} { yylval.e = pcap_ether_aton(((ch - #endif /*INET6*/ - } - {B}:+({B}:+)+ { bpf_error("bogus ethernet address %s", yytext); } -+{X}{12} { yylval.e = pcap_ether_aton((char *)yytext); return EID;} -+ - icmptype { yylval.i = 0; return NUM; } - icmpcode { yylval.i = 1; return NUM; } - icmp-echoreply { yylval.i = 0; return NUM; } diff --git a/libpcap-1.0.0-man.patch b/libpcap-1.0.0-man.patch deleted file mode 100644 index 243d443..0000000 --- a/libpcap-1.0.0-man.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: pcap.3pcap.in -=================================================================== ---- pcap.3pcap.in.orig -+++ pcap.3pcap.in -@@ -860,7 +860,7 @@ use an - script or some other configuration script to check whether the libpcap - 1.0 APIs are available and use them only if they are. - .SH SEE ALSO --autoconf(1), tcpdump(1), tcpslice(1), pcap-filter(@MAN_MISC_INFO@), pfconfig(8), -+autoconf(1), tcpdump(8), tcpslice(1), pcap-filter(@MAN_MISC_INFO@), pfconfig(8), - usermod(1M) - .SH AUTHORS - The original authors of libpcap are: diff --git a/libpcap-1.1.1-scanif.patch b/libpcap-1.1.1-scanif.patch deleted file mode 100644 index 441b5a7..0000000 --- a/libpcap-1.1.1-scanif.patch +++ /dev/null @@ -1,22 +0,0 @@ -pcap_findalldevs was failing when use bonding device. - -In /sys/class/net, there are these for bonding: -drwxr-xr-x 4 root root 0 Apr 27 16:12 bond0 --rw-r--r-- 1 root root 4096 Apr 27 16:11 bonding_masters - -When scan_sys_class_net encounters the bonding_masters file, the ioctl below fails with "no device". - -This patch fixes it. -Index: pcap-linux.c -=================================================================== ---- pcap-linux.c.orig -+++ pcap-linux.c -@@ -2176,7 +2176,7 @@ scan_proc_net_dev(pcap_if_t **devlistp, - */ - strncpy(ifrflags.ifr_name, name, sizeof(ifrflags.ifr_name)); - if (ioctl(fd, SIOCGIFFLAGS, (char *)&ifrflags) < 0) { -- if (errno == ENXIO) -+ if (errno == ENXIO || errno == ENODEV) - continue; - (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, - "SIOCGIFFLAGS: %.*s: %s", diff --git a/libpcap.changes b/libpcap.changes index 92f8ffd..de585bc 100644 --- a/libpcap.changes +++ b/libpcap.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Fri Jun 15 15:24:46 CEST 2012 - jslaby@suse.de + +- remove some patches + - libpcap-1.0.0-fcode.patch -- not needed, if this emitted a warning, + it was a compiler bug + - libpcap-1.0.0-mac_syntax.patch -- already handled by MAC rule + - libpcap-1.0.0-man.patch -- tcpdump is man 1, not 8 + - libpcap-1.1.1-scanif.patch -- misapplied, this was fixed upstream + already + ------------------------------------------------------------------- Thu Jun 14 23:21:10 CEST 2012 - jslaby@suse.de diff --git a/libpcap.spec b/libpcap.spec index 7d4a42b..cfdb193 100644 --- a/libpcap.spec +++ b/libpcap.spec @@ -26,13 +26,9 @@ Url: http://www.tcpdump.org/ Source: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz Source2: baselibs.conf Patch0: libpcap-1.0.0-filter-fix.patch -Patch1: libpcap-1.0.0-fcode.patch -Patch2: libpcap-1.0.0-pcap-bpf.patch -Patch3: libpcap-1.0.0-ppp.patch -Patch4: libpcap-1.0.0-s390.patch -Patch5: libpcap-1.0.0-man.patch -Patch6: libpcap-1.0.0-mac_syntax.patch -Patch7: libpcap-1.1.1-scanif.patch +Patch1: libpcap-1.0.0-pcap-bpf.patch +Patch2: libpcap-1.0.0-ppp.patch +Patch3: libpcap-1.0.0-s390.patch BuildRequires: bison BuildRequires: bluez-devel BuildRequires: flex @@ -80,10 +76,6 @@ program yourself. %patch1 %patch2 %patch3 -%patch4 -%patch5 -%patch6 -%patch7 %build %ifarch %sparc From 8b8ba7711ceb452726aeb4ce238238f3a239e5316ccd9fceecd1ca4b90315b8f Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 27 Aug 2012 19:38:03 +0000 Subject: [PATCH 3/4] Accepting request 131797 from home:elvigia:branches:Base:System - BuildRequire libusb-devel for "usb sniffing" - Use O_CLOEXEC in all internal fds so they do not leak on fork()..execve() OBS-URL: https://build.opensuse.org/request/show/131797 OBS-URL: https://build.opensuse.org/package/show/Base:System/libpcap?expand=0&rev=29 --- libpcap-ocloexec.patch | 355 +++++++++++++++++++++++++++++++++++++++++ libpcap.changes | 11 ++ libpcap.spec | 6 +- 3 files changed, 371 insertions(+), 1 deletion(-) create mode 100644 libpcap-ocloexec.patch diff --git a/libpcap-ocloexec.patch b/libpcap-ocloexec.patch new file mode 100644 index 0000000..66f21cd --- /dev/null +++ b/libpcap-ocloexec.patch @@ -0,0 +1,355 @@ +--- sf-pcap.c.orig ++++ sf-pcap.c +@@ -550,7 +550,7 @@ pcap_dump_open(pcap_t *p, const char *fn + fname = "standard output"; + } else { + #if !defined(WIN32) && !defined(MSDOS) +- f = fopen(fname, "w"); ++ f = fopen(fname, "we"); + #else + f = fopen(fname, "wb"); + #endif +--- pcap-linux.c.orig ++++ pcap-linux.c +@@ -980,7 +980,7 @@ pcap_can_set_rfmon_linux(pcap_t *handle) + * (We assume that if we have Wireless Extensions support + * we also have PF_PACKET support.) + */ +- sock_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); ++ sock_fd = socket(PF_PACKET, SOCK_RAW|SOCK_CLOEXEC, htons(ETH_P_ALL)); + if (sock_fd == -1) { + (void)snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, + "socket: %s", pcap_strerror(errno)); +@@ -1508,7 +1508,7 @@ pcap_read_packet(pcap_t *handle, pcap_ha + } + + #if defined(HAVE_PACKET_AUXDATA) && defined(HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI) +- packet_len = recvmsg(handle->fd, &msg, MSG_TRUNC); ++ packet_len = recvmsg(handle->fd, &msg, MSG_TRUNC|MSG_CMSG_CLOEXEC); + #else /* defined(HAVE_PACKET_AUXDATA) && defined(HAVE_LINUX_TPACKET_AUXDATA_TP_VLAN_TCI) */ + fromlen = sizeof(from); + packet_len = recvfrom( +@@ -1976,7 +1976,7 @@ scan_sys_class_net(pcap_if_t **devlistp, + /* + * Create a socket from which to fetch interface information. + */ +- fd = socket(AF_INET, SOCK_DGRAM, 0); ++ fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); + if (fd < 0) { + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, + "socket: %s", pcap_strerror(errno)); +@@ -2122,7 +2122,7 @@ scan_proc_net_dev(pcap_if_t **devlistp, + /* + * Create a socket from which to fetch interface information. + */ +- fd = socket(AF_INET, SOCK_DGRAM, 0); ++ fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); + if (fd < 0) { + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, + "socket: %s", pcap_strerror(errno)); +@@ -2919,8 +2919,8 @@ activate_new(pcap_t *handle) + * try a SOCK_RAW socket for the raw interface. + */ + sock_fd = is_any_device ? +- socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) : +- socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); ++ socket(PF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, htons(ETH_P_ALL)) : ++ socket(PF_PACKET, SOCK_RAW|SOCK_CLOEXEC, htons(ETH_P_ALL)); + + if (sock_fd == -1) { + if (errno == EINVAL || errno == EAFNOSUPPORT) { +@@ -3036,7 +3036,7 @@ activate_new(pcap_t *handle) + "close: %s", pcap_strerror(errno)); + return PCAP_ERROR; + } +- sock_fd = socket(PF_PACKET, SOCK_DGRAM, ++ sock_fd = socket(PF_PACKET, SOCK_DGRAM|SOCK_CLOEXEC, + htons(ETH_P_ALL)); + if (sock_fd == -1) { + snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, +@@ -5065,7 +5065,7 @@ activate_old(pcap_t *handle) + + /* Open the socket */ + +- handle->fd = socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL)); ++ handle->fd = socket(PF_INET, SOCK_PACKET|SOCK_CLOEXEC, htons(ETH_P_ALL)); + if (handle->fd == -1) { + snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, + "socket: %s", pcap_strerror(errno)); +--- configure.in.orig ++++ configure.in +@@ -22,7 +22,9 @@ AC_INIT(pcap.c) + AC_CANONICAL_SYSTEM + + AC_LBL_C_INIT_BEFORE_CC(V_CCOPT, V_INCLS) +-AC_PROG_CC ++AC_PROG_CC_STDC ++AC_USE_SYSTEM_EXTENSIONS ++AC_SYS_LARGEFILE + AC_LBL_C_INIT(V_CCOPT, V_INCLS) + AC_LBL_SHLIBS_INIT + AC_LBL_C_INLINE +--- pcap-canusb-linux.c.orig ++++ pcap-canusb-linux.c +@@ -36,6 +36,7 @@ + #include "config.h" + #endif + ++#include + #include + + #include "pcap-int.h" +@@ -264,7 +265,7 @@ static int canusb_startcapture(struct ca + { + int pipefd[2]; + +- if (pipe(pipefd) == -1) return -1; ++ if (pipe2(pipefd, O_CLOEXEC) == -1) return -1; + + canusb.rdpipe = pipefd[0]; + canusb.wrpipe = pipefd[1]; +--- inet.c.orig ++++ inet.c +@@ -430,7 +430,7 @@ add_addr_to_iflist(pcap_if_t **alldevs, + */ + memset(&ifrdesc, 0, sizeof ifrdesc); + strlcpy(ifrdesc.ifr_name, name, sizeof ifrdesc.ifr_name); +- s = socket(AF_INET, SOCK_DGRAM, 0); ++ s = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); + if (s >= 0) { + #ifdef __FreeBSD__ + /* +@@ -745,7 +745,7 @@ pcap_lookupnet(device, netp, maskp, errb + return 0; + } + +- fd = socket(AF_INET, SOCK_DGRAM, 0); ++ fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); + if (fd < 0) { + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, "socket: %s", + pcap_strerror(errno)); +--- pcap-netfilter-linux.c.orig ++++ pcap-netfilter-linux.c +@@ -363,7 +363,7 @@ nflog_activate(pcap_t* handle) + handle->stats_op = netfilter_stats_linux; + + /* Create netlink socket */ +- handle->fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER); ++ handle->fd = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_NETFILTER); + if (handle->fd < 0) { + snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't create raw socket %d:%s", errno, pcap_strerror(errno)); + return PCAP_ERROR; +@@ -450,7 +450,7 @@ netfilter_platform_finddevs(pcap_if_t ** + pcap_if_t *found_dev = *alldevsp; + int sock; + +- sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER); ++ sock = socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_NETFILTER); + if (sock < 0) { + /* if netlink is not supported this is not fatal */ + if (errno == EAFNOSUPPORT || errno == EPROTONOSUPPORT) +--- savefile.c.orig ++++ savefile.c +@@ -189,7 +189,7 @@ pcap_open_offline(const char *fname, cha + } + else { + #if !defined(WIN32) && !defined(MSDOS) +- fp = fopen(fname, "r"); ++ fp = fopen(fname, "re"); + #else + fp = fopen(fname, "rb"); + #endif +--- pcap-snit.c.orig ++++ pcap-snit.c +@@ -297,9 +297,9 @@ pcap_activate_snit(pcap_t *p) + * the device in question) can be indicated at open + * time. + */ +- p->fd = fd = open(dev, O_RDWR); ++ p->fd = fd = open(dev, O_RDWR|O_CLOEXEC); + if (fd < 0 && errno == EACCES) +- p->fd = fd = open(dev, O_RDONLY); ++ p->fd = fd = open(dev, O_RDONLY|O_CLOEXEC); + if (fd < 0) { + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "%s: %s", dev, + pcap_strerror(errno)); +--- fad-glifc.c.orig ++++ fad-glifc.c +@@ -100,7 +100,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, c + * Create a socket from which to fetch the list of interfaces, + * and from which to fetch IPv4 information. + */ +- fd4 = socket(AF_INET, SOCK_DGRAM, 0); ++ fd4 = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); + if (fd4 < 0) { + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, + "socket: %s", pcap_strerror(errno)); +@@ -110,7 +110,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, c + /* + * Create a socket from which to fetch IPv6 information. + */ +- fd6 = socket(AF_INET6, SOCK_DGRAM, 0); ++ fd6 = socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC, 0); + if (fd6 < 0) { + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, + "socket: %s", pcap_strerror(errno)); +--- pcap-nit.c.orig ++++ pcap-nit.c +@@ -259,7 +259,7 @@ pcap_activate_nit(pcap_t *p) + p->snapshot = 96; + + memset(p, 0, sizeof(*p)); +- p->fd = fd = socket(AF_NIT, SOCK_RAW, NITPROTO_RAW); ++ p->fd = fd = socket(AF_NIT, SOCK_RAW|SOCK_CLOEXEC, NITPROTO_RAW); + if (fd < 0) { + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, + "socket: %s", pcap_strerror(errno)); +--- pcap-sita.c.orig ++++ pcap-sita.c +@@ -318,7 +318,7 @@ static int open_with_IOP(unit_t *u, int + u->serv_addr->sin_addr.s_addr = inet_addr(ip); + u->serv_addr->sin_port = htons(IOP_SNIFFER_PORT); + +- if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { ++ if ((sockfd = socket(AF_INET, SOCK_STREAM|SOCK_CLOEXEC, 0)) < 0) { + fprintf(stderr, "pcap can't open a socket for connecting to IOP at %s\n", ip); + return 0; + } +--- pcap-can-linux.c.orig ++++ pcap-can-linux.c +@@ -106,7 +106,7 @@ can_activate(pcap_t* handle) + handle->stats_op = can_stats_linux; + + /* Create socket */ +- handle->fd = socket(PF_CAN, SOCK_RAW, CAN_RAW); ++ handle->fd = socket(PF_CAN, SOCK_RAW|SOCK_CLOEXEC, CAN_RAW); + if (handle->fd < 0) + { + snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "Can't create raw socket %d:%s", +@@ -180,7 +180,7 @@ can_read_linux(pcap_t *handle, int max_p + + do + { +- pkth.caplen = recvmsg(handle->fd, &msg, 0); ++ pkth.caplen = recvmsg(handle->fd, &msg, MSG_CMSG_CLOEXEC); + if (handle->break_loop) + { + handle->break_loop = 0; +--- fad-gifc.c.orig ++++ fad-gifc.c +@@ -156,7 +156,7 @@ pcap_findalldevs(pcap_if_t **alldevsp, c + /* + * Create a socket from which to fetch the list of interfaces. + */ +- fd = socket(AF_INET, SOCK_DGRAM, 0); ++ fd = socket(AF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); + if (fd < 0) { + (void)snprintf(errbuf, PCAP_ERRBUF_SIZE, + "socket: %s", pcap_strerror(errno)); +--- nametoaddr.c.orig ++++ nametoaddr.c +@@ -440,7 +440,7 @@ pcap_ether_hostton(const char *name) + static int init = 0; + + if (!init) { +- fp = fopen(PCAP_ETHERS_FILE, "r"); ++ fp = fopen(PCAP_ETHERS_FILE, "re"); + ++init; + if (fp == NULL) + return (NULL); +--- pcap-usb-linux.c.orig ++++ pcap-usb-linux.c +@@ -252,7 +252,7 @@ probe_devices(int bus) + + snprintf(buf, sizeof(buf), "/dev/bus/usb/%03d/%s", bus, data->d_name); + +- fd = open(buf, O_RDWR); ++ fd = open(buf, O_RDWR|O_CLOEXEC); + if (fd == -1) + continue; + +@@ -323,7 +323,7 @@ usb_activate(pcap_t* handle) + + /*now select the read method: try to open binary interface */ + snprintf(full_path, USB_LINE_LEN, LINUX_USB_MON_DEV"%d", handle->md.ifindex); +- handle->fd = open(full_path, O_RDONLY, 0); ++ handle->fd = open(full_path, O_RDONLY|O_CLOEXEC, 0); + if (handle->fd >= 0) + { + if (handle->opt.rfmon) { +@@ -358,7 +358,7 @@ usb_activate(pcap_t* handle) + else { + /*Binary interface not available, try open text interface */ + snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR"/%dt", handle->md.ifindex); +- handle->fd = open(full_path, O_RDONLY, 0); ++ handle->fd = open(full_path, O_RDONLY|O_CLOEXEC, 0); + if (handle->fd < 0) + { + if (errno == ENOENT) +@@ -368,7 +368,7 @@ usb_activate(pcap_t* handle) + * the old location. + */ + snprintf(full_path, USB_LINE_LEN, USB_TEXT_DIR_OLD"/%dt", handle->md.ifindex); +- handle->fd = open(full_path, O_RDONLY, 0); ++ handle->fd = open(full_path, O_RDONLY|O_CLOEXEC, 0); + } + if (handle->fd < 0) { + /* no more fallback, give it up*/ +@@ -634,7 +634,7 @@ usb_stats_linux(pcap_t *handle, struct p + int fd; + + snprintf(string, USB_LINE_LEN, USB_TEXT_DIR"/%ds", handle->md.ifindex); +- fd = open(string, O_RDONLY, 0); ++ fd = open(string, O_RDONLY|O_CLOEXEC, 0); + if (fd < 0) + { + if (errno == ENOENT) +@@ -644,7 +644,7 @@ usb_stats_linux(pcap_t *handle, struct p + * location. + */ + snprintf(string, USB_LINE_LEN, USB_TEXT_DIR_OLD"/%ds", handle->md.ifindex); +- fd = open(string, O_RDONLY, 0); ++ fd = open(string, O_RDONLY|O_CLOEXEC, 0); + } + if (fd < 0) { + snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, +--- pcap-snoop.c.orig ++++ pcap-snoop.c +@@ -205,7 +205,7 @@ pcap_activate_snoop(pcap_t *p) + int snooplen; + struct ifreq ifr; + +- fd = socket(PF_RAW, SOCK_RAW, RAWPROTO_SNOOP); ++ fd = socket(PF_RAW, SOCK_RAW|SOCK_CLOEXEC, RAWPROTO_SNOOP); + if (fd < 0) { + snprintf(p->errbuf, PCAP_ERRBUF_SIZE, "snoop socket: %s", + pcap_strerror(errno)); +--- pcap-bt-linux.c.orig ++++ pcap-bt-linux.c +@@ -79,7 +79,7 @@ bt_platform_finddevs(pcap_if_t **alldevs + int i, sock; + int ret = 0; + +- sock = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI); ++ sock = socket(AF_BLUETOOTH, SOCK_RAW|SOCK_CLOEXEC, BTPROTO_HCI); + if (sock < 0) + { + /* if bluetooth is not supported this this is not fatal*/ +@@ -181,7 +181,7 @@ bt_activate(pcap_t* handle) + handle->md.ifindex = dev_id; + + /* Create HCI socket */ +- handle->fd = socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI); ++ handle->fd = socket(AF_BLUETOOTH, SOCK_RAW|SOCK_CLOEXEC, BTPROTO_HCI); + if (handle->fd < 0) { + snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, + "Can't create raw socket: %s", strerror(errno)); +@@ -282,7 +282,7 @@ bt_read_linux(pcap_t *handle, int max_pa + + /* ignore interrupt system call error */ + do { +- ret = recvmsg(handle->fd, &msg, 0); ++ ret = recvmsg(handle->fd, &msg, MSG_CMSG_CLOEXEC); + if (handle->break_loop) + { + handle->break_loop = 0; diff --git a/libpcap.changes b/libpcap.changes index de585bc..4731a16 100644 --- a/libpcap.changes +++ b/libpcap.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Aug 27 01:52:32 UTC 2012 - crrodriguez@opensuse.org + +- BuildRequire libusb-devel for "usb sniffing" + +------------------------------------------------------------------- +Mon Aug 27 00:11:52 UTC 2012 - crrodriguez@opensuse.org + +- Use O_CLOEXEC in all internal fds so they do not + leak on fork()..execve() + ------------------------------------------------------------------- Fri Jun 15 15:24:46 CEST 2012 - jslaby@suse.de diff --git a/libpcap.spec b/libpcap.spec index cfdb193..b468dfc 100644 --- a/libpcap.spec +++ b/libpcap.spec @@ -29,9 +29,12 @@ Patch0: libpcap-1.0.0-filter-fix.patch Patch1: libpcap-1.0.0-pcap-bpf.patch Patch2: libpcap-1.0.0-ppp.patch Patch3: libpcap-1.0.0-s390.patch +Patch4: libpcap-ocloexec.patch +BuildRequires: automake BuildRequires: bison BuildRequires: bluez-devel BuildRequires: flex +BuildRequires: libusb-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -76,13 +79,14 @@ program yourself. %patch1 %patch2 %patch3 - +%patch4 %build %ifarch %sparc pic="PIC" %else pic="pic" %endif +autoreconf -fiv export CFLAGS="%{optflags} -f$pic" CXXFLAGS="%{optflags} -f$pic" %configure \ --enable-ipv6 From d265e52164f4daf235e313776a72846ce30e01965f246a2a3cc77534826958d1 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Wed, 29 Aug 2012 11:38:37 +0000 Subject: [PATCH 4/4] - Added libpcap-ocloexec.patch: Use O_CLOEXEC in all internal fds so they do not - libpcap-1.2.1-netfilter-dont-fail-on-EPROTONOSUPPORT.patch OBS-URL: https://build.opensuse.org/package/show/Base:System/libpcap?expand=0&rev=30 --- libpcap.changes | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libpcap.changes b/libpcap.changes index 4731a16..d2f6d48 100644 --- a/libpcap.changes +++ b/libpcap.changes @@ -6,7 +6,8 @@ Mon Aug 27 01:52:32 UTC 2012 - crrodriguez@opensuse.org ------------------------------------------------------------------- Mon Aug 27 00:11:52 UTC 2012 - crrodriguez@opensuse.org -- Use O_CLOEXEC in all internal fds so they do not +- Added libpcap-ocloexec.patch: + Use O_CLOEXEC in all internal fds so they do not leak on fork()..execve() ------------------------------------------------------------------- @@ -19,6 +20,7 @@ Fri Jun 15 15:24:46 CEST 2012 - jslaby@suse.de - libpcap-1.0.0-man.patch -- tcpdump is man 1, not 8 - libpcap-1.1.1-scanif.patch -- misapplied, this was fixed upstream already + - libpcap-1.2.1-netfilter-dont-fail-on-EPROTONOSUPPORT.patch ------------------------------------------------------------------- Thu Jun 14 23:21:10 CEST 2012 - jslaby@suse.de