From 7cf26d5662af86c94b8c844eec1b7c6edb211449ee3eab65a176db2d69f9abb4 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 18 Feb 2021 09:53:12 +0000 Subject: [PATCH] Accepting request 872631 from home:pmonrealgonzalez:branches:Base:System - Update to 1.10.0 * Require, and assume, some level of C99 support in the C compiler * Add support for capturing on DPDK devices * rpcap: support rpcap-over-TLS * Fix some memory leaks, including in pcap_compile() * Linux: handle systems without AF_INET or AF_UNIX socket support * Catch invalid IPv4 addresses in filters * Show special Linux BPF offsets symbolically in bpf_image() and bpf_dump() * Linux: get rid of Wireless Extensions for turning monitor mode on * Linux: proper memory sync for PACKET_MMAP * Linux: drop support for libnl 1 and 2. * Linux: Require PF_PACKET support, and kernel 2.6.27 or later * Add DLT_LINUX_SLL2 * Add a new filter "ifindex" for DLT_LINUX_SLL2 files and live Linux captures * optimizer: add a hack to try to catch certain optimizer loops * Probe CONFIGURATION descriptor of connected USB devices * Linux: return error on interface going away, but not if it just went down * Linux: set socket protocol only after packet ring configured, reducing bogus packet drop reports * Linux: get ifdrop stats from sysfs. * Fix various security issues reported by Charles Smith at Tangible Security * Fix various security issues reported by Include Security * rpcapd: on UN*X, don't tell the client why authentication failed * Linux: when adjusting BPF programs, do not subtract the SLL[2]_HDR_LEN if the location is negative (special metadata offset) OBS-URL: https://build.opensuse.org/request/show/872631 OBS-URL: https://build.opensuse.org/package/show/Base:System/libpcap?expand=0&rev=71 --- libpcap-1.0.0-s390.patch | 15 ++++------ libpcap-1.10.0.tar.gz | 3 ++ libpcap-1.10.0.tar.gz.sig | Bin 0 -> 442 bytes libpcap-1.9.1.tar.gz | 3 -- libpcap-1.9.1.tar.gz.sig | Bin 442 -> 0 bytes libpcap-no-old-socket.patch | 25 ---------------- libpcap.changes | 56 +++++++++++++++++++++++++++++++++++- libpcap.spec | 6 ++-- 8 files changed, 66 insertions(+), 42 deletions(-) create mode 100644 libpcap-1.10.0.tar.gz create mode 100644 libpcap-1.10.0.tar.gz.sig delete mode 100644 libpcap-1.9.1.tar.gz delete mode 100644 libpcap-1.9.1.tar.gz.sig delete mode 100644 libpcap-no-old-socket.patch diff --git a/libpcap-1.0.0-s390.patch b/libpcap-1.0.0-s390.patch index 4015251..2156ae8 100644 --- a/libpcap-1.0.0-s390.patch +++ b/libpcap-1.0.0-s390.patch @@ -8,12 +8,12 @@ Subject: [PATCH 3/4] pcap-linux: apparently ctc interfaces on s390 has pcap-linux.c | 4 ++++ 1 file changed, 4 insertions(+) -diff --git a/pcap-linux.c b/pcap-linux.c -index 900ebbc..58292c3 100644 ---- a/pcap-linux.c -+++ b/pcap-linux.c -@@ -3197,6 +3197,10 @@ activate_new(pcap_t *handle) - handle->linktype = DLT_LINUX_SLL; +Index: libpcap-1.10.0/pcap-linux.c +=================================================================== +--- libpcap-1.10.0.orig/pcap-linux.c ++++ libpcap-1.10.0/pcap-linux.c +@@ -2461,6 +2461,10 @@ activate_pf_packet(pcap_t *handle, int i + } } + /* Hack to make things work on s390 ctc interfaces */ @@ -23,6 +23,3 @@ index 900ebbc..58292c3 100644 handlep->ifindex = iface_get_id(sock_fd, device, handle->errbuf); if (handlep->ifindex == -1) { --- -1.8.3.1 - diff --git a/libpcap-1.10.0.tar.gz b/libpcap-1.10.0.tar.gz new file mode 100644 index 0000000..8b8a9df --- /dev/null +++ b/libpcap-1.10.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8d12b42623eeefee872f123bd0dc85d535b00df4d42e865f993c40f7bfc92b1e +size 934559 diff --git a/libpcap-1.10.0.tar.gz.sig b/libpcap-1.10.0.tar.gz.sig new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..a86ace29d970a2a5081808a67bcf84092594306fa5d1fd88f45cfa0581471d47 GIT binary patch literal 442 zcmV;r0Y(0a0k;GI0SW*e79j*57HU^QtGVDLnvF2viQe(q!Cegn0$=RYkpKz_5a5a4 z@!7#$4WKLxAjwP(8Z&+fIAJM)btP?n>RT=pZ4+{Loc%pw1J8dTIZwjFKnLc$4Emqt zcDFZmdV5vMdkC%1EG#YA*8(7$&gRYP;x>8U(I}Z%w+9ZaT(j{MT+sIr_j#2{*fXK% zCH2TbCS@?55XD%QlYLR%<>Akzl66ql$O(iO^0>NRM{GFG#9|J$65>PECro=!5ano+ zb7!|q;^^jf$m*G5tQsNZ!#*3XjxZlB)nUIS9h#ad>QdLLcsKm+u&32#gq> zAsH8SRE?1n?0?Ojww3I~25SAbM&v=-4NP2eC%EY%`>vn4|M9u^Ez4xYub{eUIl#3C z@r3=L)bD3e^ZnVmof=@zbM=I1RIRWNVaT)j?6NR@MkKyVq4b6A*H?dfMg@jTjzaNDvLYO@6RMBsSfY(g?n&5H)K$a~|y$eM~b;Bbi8JYjonE1=VZW kGB|NatDOgt)HjM2>xgxI_4lYh#1#!=X9tDMT}1Er**j;~s{jB1 literal 0 HcmV?d00001 diff --git a/libpcap-1.9.1.tar.gz b/libpcap-1.9.1.tar.gz deleted file mode 100644 index 719b2a7..0000000 --- a/libpcap-1.9.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:635237637c5b619bcceba91900666b64d56ecb7be63f298f601ec786ce087094 -size 861228 diff --git a/libpcap-1.9.1.tar.gz.sig b/libpcap-1.9.1.tar.gz.sig deleted file mode 100644 index c7d433977d578dcbed6e706b0b8ef22efbb3819a32abc724f5fccd83eb9b6726..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 442 zcmV;r0Y(0a0k;GI0SEvc79j*57HU^QtGVDLnvF2viQe(q!Cegn0$r189smjn5a5a4 z@!7#$4eCA&Ad7up>+`Kio-aOr9B72sA;XhE2?#61vMIyC<*1&;>xN~U#ySOafH4_L zF@~MCy;yA5eVwqRj_QPHM7=i+F0K20h&Tb|Wf;K7z;G_68g#BZS6V%%ObB4WTQ!3+^^OmC; z9OUrA?A-hQ0Mu(Hn5Z7(q8~OlDvE_1y+;I3Sn&a^V+o?ba7OTE(*K!P8-FlAI+bi0 ksH{2b`Xf31;k`|f<-X^PFIv@*UBV%ZAiz_)0dserrbuf -- * is expected to be set by the functions above). -- */ -- status = ret; -- goto fail; -- } -+ snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, -+ "af_packet module unavailable, missing a reboot to new kernel?"); -+ status = PCAP_ERROR; -+ goto fail; - } - - /* diff --git a/libpcap.changes b/libpcap.changes index 99c8edf..20267a6 100644 --- a/libpcap.changes +++ b/libpcap.changes @@ -1,5 +1,59 @@ ------------------------------------------------------------------- -Wed Oct 2 13:40:23 UTC 2019 - Pedro Monreal Gonzalez +Sun Feb 14 18:51:03 UTC 2021 - Pedro Monreal + +- Update to 1.10.0 + * Require, and assume, some level of C99 support in the C compiler + * Add support for capturing on DPDK devices + * rpcap: support rpcap-over-TLS + * Fix some memory leaks, including in pcap_compile() + * Linux: handle systems without AF_INET or AF_UNIX socket support + * Catch invalid IPv4 addresses in filters + * Show special Linux BPF offsets symbolically in bpf_image() + and bpf_dump() + * Linux: get rid of Wireless Extensions for turning monitor mode on + * Linux: proper memory sync for PACKET_MMAP + * Linux: drop support for libnl 1 and 2. + * Linux: Require PF_PACKET support, and kernel 2.6.27 or later + * Add DLT_LINUX_SLL2 + * Add a new filter "ifindex" for DLT_LINUX_SLL2 files and live + Linux captures + * optimizer: add a hack to try to catch certain optimizer loops + * Probe CONFIGURATION descriptor of connected USB devices + * Linux: return error on interface going away, but not if it just + went down + * Linux: set socket protocol only after packet ring configured, + reducing bogus packet drop reports + * Linux: get ifdrop stats from sysfs. + * Fix various security issues reported by Charles Smith at + Tangible Security + * Fix various security issues reported by Include Security + * rpcapd: on UN*X, don't tell the client why authentication failed + * Linux: when adjusting BPF programs, do not subtract the + SLL[2]_HDR_LEN if the location is negative (special + metadata offset) + * Linux: with a timeout of zero, wait indefinitely + * Linux: clean up support for some non-GNU libc C libraries + * Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP + * Fix handling of some ioctls that fail with "permission denied" + even when the ioctl isn't supported at all + * Added support for ICMPv6 types 1-4 as tokens in filters + * Report the DLT description in error messages + * Linux: Add support for DSA data link types + * Linux USB: use the snapshot length to set the buffer size, + and set the len field to reflect the length in the URB + * rpcapd: allow rpcapd to rebind more rapidly + * Add Haiku pcap implementation + * rpcap: redo protocol version negotiation to avoid problems + with old servers (it still works with servers using the old + negotiation, as well as servers not supporting negotiation) + * Remove (unused) SITA support here. + * Correctly handle pcapng captures with more than one IDB with a + snspshot length greater than the supported maximum +- Remove libpcap-no-old-socket.patch +- Rebase libpcap-1.0.0-s390.patch + +------------------------------------------------------------------- +Wed Oct 2 13:40:23 UTC 2019 - Pedro Monreal - Update to 1.9.1 [bsc#1153332] * Five CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15165 diff --git a/libpcap.spec b/libpcap.spec index 3f1870c..d46502e 100644 --- a/libpcap.spec +++ b/libpcap.spec @@ -1,7 +1,7 @@ # # spec file for package libpcap # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: libpcap -Version: 1.9.1 +Version: 1.10.0 Release: 0 Summary: A Library for Network Sniffers License: BSD-3-Clause @@ -29,7 +29,6 @@ Source3: https://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring Source4: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig Patch2: libpcap-1.0.0-ppp.patch Patch3: libpcap-1.0.0-s390.patch -Patch5: libpcap-no-old-socket.patch BuildRequires: autoconf >= 2.64 BuildRequires: automake BuildRequires: bison @@ -86,7 +85,6 @@ libpcap static libraries %setup -q %patch2 %patch3 -p1 -%patch5 -p1 %build %global _lto_cflags %{_lto_cflags} -ffat-lto-objects