pool/libpcap
SHA256
17
0
Fork 2
Code Issues Pull Requests 2 Activity

Compare commits

base: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
..
compare: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main

2 Commits
slfo-1.2 ... factory

Author SHA256 Message Date
Ana Guerrero
3164de52cf Accepting request 1326305 from Base:System 
- Update to 1.10.6: [bsc#1255765, CVE-2025-11961]
  * General:
    - Fix "tcpdump -i <n>" for something-only libpcap builds.
    - gencode: Fix an undefined behavior in gen_mcode().
    - gencode: Add a missing free() in gen_scode().
    - Remove "DLT_" from the descriptions of two dlt_choices[] entries.
    - Report the size of time_t in the version string.
    - Validate remote capture source strings better.
    - CVE-2025-11961: Fix OOBR and OOBW in pcap_ether_aton().
  * Source code:
    - Clean up code that computes the length of a netmask.
    - Mind netmap support in pcap_lib_version().
  * Link-layer types:
    - Add LINKTYPE_ETW/DLT_ETW.
    - Add LINKTYPE_NETANALYZER_NG/DLT_NETANALYZER_NG (pull request #1008).
    - Add LINKTYPE_ZBOSS_NCP/DLT_ZBOSS_NCP.
    - Add LINKTYPE_USB_2_0_LOW_SPEED/DLT_USB_2_0_LOW_SPEED,
      LINKTYPE_USB_2_0_FULL_SPEED/DLT_USB_2_0_FULL_SPEED,
      LINKTYPE_USB_2_0_HIGH_SPEED/DLT_USB_2_0_HIGH_SPEED
    - Add LINKTYPE_AUERSWALD_LOG/DLT_AUERSWALD_LOG.
    - Add LINKTYPE_ZWAVE_TAP/DLT_ZWAVE_TAP.
    - Add LINKTYPE_SILABS_DEBUG_CHANNEL/DLT_SILABS_DEBUG_CHANNEL.
    - Add LINKTYPE_FIRA_UCI/DLT_FIRA_UCI.
    - Rename LINKTYPE_IPMB_LINUX/DLT_IPMB_LINUX to
      LINKTYPE_I2C_LINUX/DLT_I2C_LINUX, as it's really just an
      encapsulation of I2C, and is also being used for HDMI DDC.
      Keep DLT_IPMB_LINUX around as a #define for backwards
      compatibility.
    - Add LINKTYPE_MDB/DLT_MDB.
    - Add LINKTYPE_DECT_NR/DLT_DECT_NR. (forwarded request 1325077 from pmonrealgonzalez)

OBS-URL: https://build.opensuse.org/request/show/1326305
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libpcap?expand=0&rev=67
 2026-01-12 09:16:02 +00:00
Marcus Meissner
9802e9803e - Update to 1.10.6: [bsc#1255765, CVE-2025-11961] 
* General:
    - Fix "tcpdump -i <n>" for something-only libpcap builds.
    - gencode: Fix an undefined behavior in gen_mcode().
    - gencode: Add a missing free() in gen_scode().
    - Remove "DLT_" from the descriptions of two dlt_choices[] entries.
    - Report the size of time_t in the version string.
    - Validate remote capture source strings better.
    - CVE-2025-11961: Fix OOBR and OOBW in pcap_ether_aton().
  * Source code:
    - Clean up code that computes the length of a netmask.
    - Mind netmap support in pcap_lib_version().
  * Link-layer types:
    - Add LINKTYPE_ETW/DLT_ETW.
    - Add LINKTYPE_NETANALYZER_NG/DLT_NETANALYZER_NG (pull request #1008).
    - Add LINKTYPE_ZBOSS_NCP/DLT_ZBOSS_NCP.
    - Add LINKTYPE_USB_2_0_LOW_SPEED/DLT_USB_2_0_LOW_SPEED,
      LINKTYPE_USB_2_0_FULL_SPEED/DLT_USB_2_0_FULL_SPEED,
      LINKTYPE_USB_2_0_HIGH_SPEED/DLT_USB_2_0_HIGH_SPEED
    - Add LINKTYPE_AUERSWALD_LOG/DLT_AUERSWALD_LOG.
    - Add LINKTYPE_ZWAVE_TAP/DLT_ZWAVE_TAP.
    - Add LINKTYPE_SILABS_DEBUG_CHANNEL/DLT_SILABS_DEBUG_CHANNEL.
    - Add LINKTYPE_FIRA_UCI/DLT_FIRA_UCI.
    - Rename LINKTYPE_IPMB_LINUX/DLT_IPMB_LINUX to
      LINKTYPE_I2C_LINUX/DLT_I2C_LINUX, as it's really just an
      encapsulation of I2C, and is also being used for HDMI DDC.
      Keep DLT_IPMB_LINUX around as a #define for backwards
      compatibility.
    - Add LINKTYPE_MDB/DLT_MDB.
    - Add LINKTYPE_DECT_NR/DLT_DECT_NR.

OBS-URL: https://build.opensuse.org/package/show/Base:System/libpcap?expand=0&rev=86
 2026-01-09 09:47:36 +00:00
8 changed files with 86 additions and 462 deletions
Expand all files Collapse all files

BIN
libpcap-1.10.5.tar.xz LFS
View File

Binary file not shown.

BIN
libpcap-1.10.5.tar.xz.sig
View File

Binary file not shown.

3
libpcap-1.10.6.tar.xz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ec97d1206bdd19cb6bdd043eaa9f0037aa732262ec68e070fd7c7b5f834d5dfc
size 682312

BIN
libpcap-1.10.6.tar.xz.sig Normal file
View File

Binary file not shown.

430
libpcap-CVE-2025-11961.patch
View File

@@ -1,430 +0,0 @@
From b2d2f9a9a0581c40780bde509f7cc715920f1c02 Mon Sep 17 00:00:00 2001
From: Denis Ovsienko <denis@ovsienko.info>
Date: Fri, 19 Dec 2025 17:31:13 +0000
Subject: [PATCH] CVE-2025-11961: Fix OOBR and OOBW in pcap_ether_aton().
pcap_ether_aton() has for a long time required its string argument to be
a well-formed MAC-48 address, which is always the case when the argument
comes from other libpcap code, so the function has never validated the
input and used a simple loop to parse any of the three common MAC-48
address formats. However, the function has also been a part of the
public API, so calling it directly with a malformed address can cause
the loop to read beyond the end of the input string and/or to write
beyond the end of the allocated output buffer.
To handle invalid input more appropriately, replace the simple loop with
new functions and require the input to match a supported address format.
This problem was reported by Jin Wei, Kunwei Qian and Ping Chen.
(backported from commit dd08e53e9380e217ae7c7768da9cc3d7bf37bf83)
---
gencode.c | 5 +
nametoaddr.c | 367 +++++++++++++++++++++++++++++++++++++++++++++++----
3 files changed, 350 insertions(+), 23 deletions(-)
Index: libpcap-1.10.5/gencode.c
===================================================================
--- libpcap-1.10.5.orig/gencode.c
+++ libpcap-1.10.5/gencode.c
@@ -7501,6 +7501,11 @@ gen_ecode(compiler_state_t *cstate, cons
return (NULL);
if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
+ /*
+ * Because the lexer guards the input string format, in this
+ * context the function returns NULL iff the implicit malloc()
+ * has failed.
+ */
cstate->e = pcap_ether_aton(s);
if (cstate->e == NULL)
bpf_error(cstate, "malloc");
Index: libpcap-1.10.5/nametoaddr.c
===================================================================
--- libpcap-1.10.5.orig/nametoaddr.c
+++ libpcap-1.10.5/nametoaddr.c
@@ -696,39 +696,361 @@ __pcap_atodn(const char *s, bpf_u_int32
return(32);
}
+// Man page: "xxxxxxxxxxxx", regexp: "^[0-9a-fA-F]{12}$".
+static u_char
+pcapint_atomac48_xxxxxxxxxxxx(const char *s, uint8_t *addr)
+{
+ if (strlen(s) == 12 &&
+ PCAP_ISXDIGIT(s[0]) &&
+ PCAP_ISXDIGIT(s[1]) &&
+ PCAP_ISXDIGIT(s[2]) &&
+ PCAP_ISXDIGIT(s[3]) &&
+ PCAP_ISXDIGIT(s[4]) &&
+ PCAP_ISXDIGIT(s[5]) &&
+ PCAP_ISXDIGIT(s[6]) &&
+ PCAP_ISXDIGIT(s[7]) &&
+ PCAP_ISXDIGIT(s[8]) &&
+ PCAP_ISXDIGIT(s[9]) &&
+ PCAP_ISXDIGIT(s[10]) &&
+ PCAP_ISXDIGIT(s[11])) {
+ addr[0] = xdtoi(s[0]) << 4 | xdtoi(s[1]);
+ addr[1] = xdtoi(s[2]) << 4 | xdtoi(s[3]);
+ addr[2] = xdtoi(s[4]) << 4 | xdtoi(s[5]);
+ addr[3] = xdtoi(s[6]) << 4 | xdtoi(s[7]);
+ addr[4] = xdtoi(s[8]) << 4 | xdtoi(s[9]);
+ addr[5] = xdtoi(s[10]) << 4 | xdtoi(s[11]);
+ return 1;
+ }
+ return 0;
+}
+
+// Man page: "xxxx.xxxx.xxxx", regexp: "^[0-9a-fA-F]{4}(\.[0-9a-fA-F]{4}){2}$".
+static u_char
+pcapint_atomac48_xxxx_3_times(const char *s, uint8_t *addr)
+{
+ const char sep = '.';
+ if (strlen(s) == 14 &&
+ PCAP_ISXDIGIT(s[0]) &&
+ PCAP_ISXDIGIT(s[1]) &&
+ PCAP_ISXDIGIT(s[2]) &&
+ PCAP_ISXDIGIT(s[3]) &&
+ s[4] == sep &&
+ PCAP_ISXDIGIT(s[5]) &&
+ PCAP_ISXDIGIT(s[6]) &&
+ PCAP_ISXDIGIT(s[7]) &&
+ PCAP_ISXDIGIT(s[8]) &&
+ s[9] == sep &&
+ PCAP_ISXDIGIT(s[10]) &&
+ PCAP_ISXDIGIT(s[11]) &&
+ PCAP_ISXDIGIT(s[12]) &&
+ PCAP_ISXDIGIT(s[13])) {
+ addr[0] = xdtoi(s[0]) << 4 | xdtoi(s[1]);
+ addr[1] = xdtoi(s[2]) << 4 | xdtoi(s[3]);
+ addr[2] = xdtoi(s[5]) << 4 | xdtoi(s[6]);
+ addr[3] = xdtoi(s[7]) << 4 | xdtoi(s[8]);
+ addr[4] = xdtoi(s[10]) << 4 | xdtoi(s[11]);
+ addr[5] = xdtoi(s[12]) << 4 | xdtoi(s[13]);
+ return 1;
+ }
+ return 0;
+}
+
/*
- * Convert 's', which can have the one of the forms:
+ * Man page: "xx:xx:xx:xx:xx:xx", regexp: "^[0-9a-fA-F]{1,2}(:[0-9a-fA-F]{1,2}){5}$".
+ * Man page: "xx-xx-xx-xx-xx-xx", regexp: "^[0-9a-fA-F]{1,2}(-[0-9a-fA-F]{1,2}){5}$".
+ * Man page: "xx.xx.xx.xx.xx.xx", regexp: "^[0-9a-fA-F]{1,2}(\.[0-9a-fA-F]{1,2}){5}$".
+ * (Any "xx" above can be "x", which is equivalent to "0x".)
+ *
+ * An equivalent (and parametrisable for EUI-64) FSM could be implemented using
+ * a smaller graph, but that graph would be neither acyclic nor planar nor
+ * trivial to verify.
*
- * "xx:xx:xx:xx:xx:xx"
- * "xx.xx.xx.xx.xx.xx"
- * "xx-xx-xx-xx-xx-xx"
- * "xxxx.xxxx.xxxx"
- * "xxxxxxxxxxxx"
+ * |
+ * [.] v
+ * +<---------- START
+ * | |
+ * | | [0-9a-fA-F]
+ * | [.] v
+ * +<--------- BYTE0_X ----------+
+ * | | |
+ * | | [0-9a-fA-F] |
+ * | [.] v |
+ * +<--------- BYTE0_XX | [:\.-]
+ * | | |
+ * | | [:\.-] |
+ * | [.] v |
+ * +<----- BYTE0_SEP_BYTE1 <-----+
+ * | |
+ * | | [0-9a-fA-F]
+ * | [.] v
+ * +<--------- BYTE1_X ----------+
+ * | | |
+ * | | [0-9a-fA-F] |
+ * | [.] v |
+ * +<--------- BYTE1_XX | <sep>
+ * | | |
+ * | | <sep> |
+ * | [.] v |
+ * +<----- BYTE1_SEP_BYTE2 <-----+
+ * | |
+ * | | [0-9a-fA-F]
+ * | [.] v
+ * +<--------- BYTE2_X ----------+
+ * | | |
+ * | | [0-9a-fA-F] |
+ * | [.] v |
+ * +<--------- BYTE2_XX | <sep>
+ * | | |
+ * | | <sep> |
+ * | [.] v |
+ * +<----- BYTE2_SEP_BYTE3 <-----+
+ * | |
+ * | | [0-9a-fA-F]
+ * | [.] v
+ * +<--------- BYTE3_X ----------+
+ * | | |
+ * | | [0-9a-fA-F] |
+ * | [.] v |
+ * +<--------- BYTE3_XX | <sep>
+ * | | |
+ * | | <sep> |
+ * | [.] v |
+ * +<----- BYTE3_SEP_BYTE4 <-----+
+ * | |
+ * | | [0-9a-fA-F]
+ * | [.] v
+ * +<--------- BYTE4_X ----------+
+ * | | |
+ * | | [0-9a-fA-F] |
+ * | [.] v |
+ * +<--------- BYTE4_XX | <sep>
+ * | | |
+ * | | <sep> |
+ * | [.] v |
+ * +<----- BYTE4_SEP_BYTE5 <-----+
+ * | |
+ * | | [0-9a-fA-F]
+ * | [.] v
+ * +<--------- BYTE5_X ----------+
+ * | | |
+ * | | [0-9a-fA-F] |
+ * | [.] v |
+ * +<--------- BYTE5_XX | \0
+ * | | |
+ * | | \0 |
+ * | | v
+ * +--> (reject) +---------> (accept)
*
- * (or various mixes of ':', '.', and '-') into a new
- * ethernet address. Assumes 's' is well formed.
+ */
+static u_char
+pcapint_atomac48_x_xx_6_times(const char *s, uint8_t *addr)
+{
+ enum {
+ START,
+ BYTE0_X,
+ BYTE0_XX,
+ BYTE0_SEP_BYTE1,
+ BYTE1_X,
+ BYTE1_XX,
+ BYTE1_SEP_BYTE2,
+ BYTE2_X,
+ BYTE2_XX,
+ BYTE2_SEP_BYTE3,
+ BYTE3_X,
+ BYTE3_XX,
+ BYTE3_SEP_BYTE4,
+ BYTE4_X,
+ BYTE4_XX,
+ BYTE4_SEP_BYTE5,
+ BYTE5_X,
+ BYTE5_XX,
+ } fsm_state = START;
+ uint8_t buf[6];
+ const char *seplist = ":.-";
+ char sep;
+
+ while (*s) {
+ switch (fsm_state) {
+ case START:
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[0] = xdtoi(*s);
+ fsm_state = BYTE0_X;
+ break;
+ }
+ goto reject;
+ case BYTE0_X:
+ if (strchr(seplist, *s)) {
+ sep = *s;
+ fsm_state = BYTE0_SEP_BYTE1;
+ break;
+ }
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[0] = buf[0] << 4 | xdtoi(*s);
+ fsm_state = BYTE0_XX;
+ break;
+ }
+ goto reject;
+ case BYTE0_XX:
+ if (strchr(seplist, *s)) {
+ sep = *s;
+ fsm_state = BYTE0_SEP_BYTE1;
+ break;
+ }
+ goto reject;
+ case BYTE0_SEP_BYTE1:
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[1] = xdtoi(*s);
+ fsm_state = BYTE1_X;
+ break;
+ }
+ goto reject;
+ case BYTE1_X:
+ if (*s == sep) {
+ fsm_state = BYTE1_SEP_BYTE2;
+ break;
+ }
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[1] = buf[1] << 4 | xdtoi(*s);
+ fsm_state = BYTE1_XX;
+ break;
+ }
+ goto reject;
+ case BYTE1_XX:
+ if (*s == sep) {
+ fsm_state = BYTE1_SEP_BYTE2;
+ break;
+ }
+ goto reject;
+ case BYTE1_SEP_BYTE2:
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[2] = xdtoi(*s);
+ fsm_state = BYTE2_X;
+ break;
+ }
+ goto reject;
+ case BYTE2_X:
+ if (*s == sep) {
+ fsm_state = BYTE2_SEP_BYTE3;
+ break;
+ }
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[2] = buf[2] << 4 | xdtoi(*s);
+ fsm_state = BYTE2_XX;
+ break;
+ }
+ goto reject;
+ case BYTE2_XX:
+ if (*s == sep) {
+ fsm_state = BYTE2_SEP_BYTE3;
+ break;
+ }
+ goto reject;
+ case BYTE2_SEP_BYTE3:
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[3] = xdtoi(*s);
+ fsm_state = BYTE3_X;
+ break;
+ }
+ goto reject;
+ case BYTE3_X:
+ if (*s == sep) {
+ fsm_state = BYTE3_SEP_BYTE4;
+ break;
+ }
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[3] = buf[3] << 4 | xdtoi(*s);
+ fsm_state = BYTE3_XX;
+ break;
+ }
+ goto reject;
+ case BYTE3_XX:
+ if (*s == sep) {
+ fsm_state = BYTE3_SEP_BYTE4;
+ break;
+ }
+ goto reject;
+ case BYTE3_SEP_BYTE4:
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[4] = xdtoi(*s);
+ fsm_state = BYTE4_X;
+ break;
+ }
+ goto reject;
+ case BYTE4_X:
+ if (*s == sep) {
+ fsm_state = BYTE4_SEP_BYTE5;
+ break;
+ }
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[4] = buf[4] << 4 | xdtoi(*s);
+ fsm_state = BYTE4_XX;
+ break;
+ }
+ goto reject;
+ case BYTE4_XX:
+ if (*s == sep) {
+ fsm_state = BYTE4_SEP_BYTE5;
+ break;
+ }
+ goto reject;
+ case BYTE4_SEP_BYTE5:
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[5] = xdtoi(*s);
+ fsm_state = BYTE5_X;
+ break;
+ }
+ goto reject;
+ case BYTE5_X:
+ if (PCAP_ISXDIGIT(*s)) {
+ buf[5] = buf[5] << 4 | xdtoi(*s);
+ fsm_state = BYTE5_XX;
+ break;
+ }
+ goto reject;
+ case BYTE5_XX:
+ goto reject;
+ } // switch
+ s++;
+ } // while
+
+ if (fsm_state == BYTE5_X || fsm_state == BYTE5_XX) {
+ // accept
+ memcpy(addr, buf, sizeof(buf));
+ return 1;
+ }
+
+reject:
+ return 0;
+}
+
+// The 'addr' argument must point to an array of at least 6 elements.
+static int
+pcapint_atomac48(const char *s, uint8_t *addr)
+{
+ return s && (
+ pcapint_atomac48_xxxxxxxxxxxx(s, addr) ||
+ pcapint_atomac48_xxxx_3_times(s, addr) ||
+ pcapint_atomac48_x_xx_6_times(s, addr)
+ );
+}
+
+/*
+ * If 's' is a MAC-48 address in one of the forms documented in pcap-filter(7)
+ * for "ether host", return a pointer to an allocated buffer with the binary
+ * value of the address. Return NULL on any error.
*/
u_char *
pcap_ether_aton(const char *s)
{
- register u_char *ep, *e;
- register u_char d;
+ uint8_t tmp[6];
+ if (! pcapint_atomac48(s, tmp))
+ return (NULL);
- e = ep = (u_char *)malloc(6);
+ u_char *e = malloc(6);
if (e == NULL)
return (NULL);
- while (*s) {
- if (*s == ':' || *s == '.' || *s == '-')
- s += 1;
- d = xdtoi(*s++);
- if (PCAP_ISXDIGIT(*s)) {
- d <<= 4;
- d |= xdtoi(*s++);
- }
- *ep++ = d;
- }
-
+ memcpy(e, tmp, sizeof(tmp));
return (e);
}

74
libpcap.changes
View File

@@ -1,10 +1,74 @@
-------------------------------------------------------------------
Mon Jan 5 08:47:46 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
Fri Jan 2 08:59:39 UTC 2026 - Pedro Monreal <pmonreal@suse.com>
- Security fix: [bsc#1255765, CVE-2025-11961]
* Fix out-of-bound-write and out-of-bound-read in pcap_ether_aton()
due to missing validation of provided MAC-48 address string
* Add libpcap-CVE-2025-11961.patch
- Update to 1.10.6: [bsc#1255765, CVE-2025-11961]
* General:
- Fix "tcpdump -i <n>" for something-only libpcap builds.
- gencode: Fix an undefined behavior in gen_mcode().
- gencode: Add a missing free() in gen_scode().
- Remove "DLT_" from the descriptions of two dlt_choices[] entries.
- Report the size of time_t in the version string.
- Validate remote capture source strings better.
- CVE-2025-11961: Fix OOBR and OOBW in pcap_ether_aton().
* Source code:
- Clean up code that computes the length of a netmask.
- Mind netmap support in pcap_lib_version().
* Link-layer types:
- Add LINKTYPE_ETW/DLT_ETW.
- Add LINKTYPE_NETANALYZER_NG/DLT_NETANALYZER_NG (pull request #1008).
- Add LINKTYPE_ZBOSS_NCP/DLT_ZBOSS_NCP.
- Add LINKTYPE_USB_2_0_LOW_SPEED/DLT_USB_2_0_LOW_SPEED,
LINKTYPE_USB_2_0_FULL_SPEED/DLT_USB_2_0_FULL_SPEED,
LINKTYPE_USB_2_0_HIGH_SPEED/DLT_USB_2_0_HIGH_SPEED
- Add LINKTYPE_AUERSWALD_LOG/DLT_AUERSWALD_LOG.
- Add LINKTYPE_ZWAVE_TAP/DLT_ZWAVE_TAP.
- Add LINKTYPE_SILABS_DEBUG_CHANNEL/DLT_SILABS_DEBUG_CHANNEL.
- Add LINKTYPE_FIRA_UCI/DLT_FIRA_UCI.
- Rename LINKTYPE_IPMB_LINUX/DLT_IPMB_LINUX to
LINKTYPE_I2C_LINUX/DLT_I2C_LINUX, as it's really just an
encapsulation of I2C, and is also being used for HDMI DDC.
Keep DLT_IPMB_LINUX around as a #define for backwards
compatibility.
- Add LINKTYPE_MDB/DLT_MDB.
- Add LINKTYPE_DECT_NR/DLT_DECT_NR.
- Add LINKTYPE_EDK2_MM/DLT_EDK2_MM.
- Add LINKTYPE_DEBUG_ONLY/DLT_DEBUG_ONLY.
* Packet filtering:
- Make the chunk allocator's alignment more general and
platform-independent.
- IEEE 802.11: Fix three undefined behaviors in grammar.y.
- Fix IPv4 multicast filtering to only include 224.0.0.0/4.
- Fix "(arp|rarp) host NAME" to ignore IPv6 quietly.
- Fix ARCnet address parsing.
* Linux:
- Fix check for mac80211 phydev.
- Don't create monitor-mode interface if we're capturing on one.
- Expand the table of DSA tag types to include all current types.
- Fix an error message when deleting a monN interface.
- Fix returning PCAP_ERROR_RFMON_NOTSUP with libnl.
- Fix the error message when capure permission is denied.
- Fix the error message if PF_PACKET sockets aren't supported.
- Fix a file descriptor leak in an error case (pull request #1537).
- Handle errors better when checking for a DSA-tagged interface.
- Use DLT_DEBUG_ONLY for DSA tags that do not [yet] have a better support.
* HP-UX:
- Fix attempts to open all-numeric device names to return "no such device".
- Fix error message if there's no /dev/dlpi device.
Return all interfaces in pcap_findalldevs() even if they can't be opened.
* D-Bus:
- Fix message leak.
* Capture file writing:
- Don't close the output stream if it's stdout, just flush it.
* Documentation:
- Explicitly document that closing a pcap_t for a savefile opened
with pcap_fopen_offline() will close the standard I/O stream.
* Building and testing:
- Don't build with sslutils.c if we don't have a TLS library.
- CMake: generalize handling of non-x86 Windows architectures.
- Autoconf: Use AC_SYS_YEAR2038_RECOMMENDED when possible if the
environment variable BUILD_YEAR2038 = yes (via autogen.sh)
- Update Npcap SDK to 1.15.
* Update libpcap.keyring with upstream signing key.
-------------------------------------------------------------------
Wed Sep 25 08:34:52 UTC 2024 - Marcus Meissner <meissner@suse.com>

31
libpcap.keyring
View File

@@ -1,5 +1,4 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)
mQGRBFGRD2gBDCDcthM1N9jeWic9tD17LsHwWyh/IelKgFMVFShgHk31YsQUetKn
5hGKlW0WU7+r3dsECiqxgyuqeUKvqiZneqma0GDk1n8ucXLc7oFFLrF7qbvssPPM
@@ -10,22 +9,16 @@ IRNWgCqSTHF238VIdOkLzbwuoZAmS+oacXszIln2jLJsKkbiCCOb/lV+5u5O6/wJ
M4RHxCBnkRgBmMLyXSM9qAo1FU5suPqf01msqvKMsa99lTF6kIWurR/7rw4S2bNl
iaMqHNHliFNfaAE42S8as+Pw5Rhq2SJczWyd8rYw/q1IIZyKLO1oGn6ZRt+EQ7BS
8nlREmT/MDqP0rgrpvRrABEBAAG0PVRoZSBUY3BkdW1wIEdyb3VwIChQYWNrYWdl
IHNpZ25pbmcga2V5KSA8cmVsZWFzZUB0Y3BkdW1wLm9yZz6JAcIEEwECACgFAlGR
D2gCGwMFCRLMAwAGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEOCJ3vHZwV0N
wPAMH22fmTbjByMSvR/gxDFA26ULgf02qZzqYlRLKB7EDbEjB1Ga6PrLB22Sn/b5
8fxNw/9zH0EPkorv0YnBhinE51jLmZ99Sk5eGFIMcCkNAOOhadFZGGKarekEPwNB
oDtxCuSuOQ0JVvyn5fLcbA5u3+LBvHvbnUKgCpiXahpq15bZiS1aoVkdXknUQVO+
bU6Y2lj3m8Q1C6t+J29UvbyixgQhFeTkl25NZkTS6Cqds5F9q3nUBD/7gvQbATBy
A+p+iWLHqt1s4c5UHRzriuLyBbnJgOEI13pNbgFIoKhbCSGQj0uQVZORmzzqs0nh
QXtj+JPOAMd619mHjmhXItgqu2llywQ36tXTEdRoUjJmgMkoqXtZQ8XDVdJ6f/sG
OJDHCctr5aVanWierzePl1PvWPWeC9mnB6Nnxuah+8zQFb4wXUnYO09OX47UgQlu
mE9/lZfY7okIODVrXjqbPVxSBLzCzptBrkeZ3brkrl5oCdYlWsUiQCY0hO6jzMEd
CnxEp1kkn2eJATAEEAECAAYFAlGaR8gACgkQbzNW3/yhb5DWLgigkgtM5wXCQkJz
VyXdCVTfdP9KXEZ1LM1NpRVHbk8lRmgWn4LHb2y1zmH8TDioAyz7GMSFDvqK5kqc
ZPOFi3YZOqLwtcYjAk+jW0ekmx7ao1fIsMjsTvAMVq/EKNRq8IeiKhJSD4KCttFa
qvtD5IfxlgsMoVAdsXF0tyTtC457zWCof3FP7Wbm3MRN3TV4eJInEZhKFgLt4xM6
dCI4ifizu4aPe/TptNl+MuyYTXmPghkQgoeTB9b2qhklp5ccX+8HYeWrpMuCM4er
YYG/j5tZ5YJ/13HDO7S22Wxp94h0hy7NgZ7DRXP0XGp5NvS1stLMGwPm6wyYsjtL
m+jWKltF1WFO1z8zSpZaC+u1GSe48qpqA40k
=1rmx
IHNpZ25pbmcga2V5KSA8cmVsZWFzZUB0Y3BkdW1wLm9yZz6JAdkEEwEKAD8CGwMG
CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAFiEEHxZqV0KrueAkmo0w4Ine8dnBXQ0F
AmhDCgUFCRhvlZ0ACgkQ4Ine8dnBXQ0iJAwfcYaksBrib3sktV1o1rsBW0VvlzLF
gviSbE5wYXn2zLpurawORKxK6D21TsaF1Q6V2obAxnK1Y86oSe/LsbuJYr2QuVxH
OdWORpaFeqtZDh1N4RnTAgNYb1bd1I3V5V3NdTsVd0bwr+P8tj8gUUTGDHiC3uHs
GBy8MwvzYq6xFhCp2krYELsRDGKSrzQSv3wWNF2PhZc83Un8cb7iAWgcd7HAvRLu
R/5ChQx77pfbBBvQDPvkgKTQK2XKuxmOaHBSzS57mmgpXgN5LQ0dxOB3KdnqKV6e
8pDarnJ+NfihLbHacb+pjVs8YxRCBAWaCxcLBvMoArLrceuPAZf5GI/SFMU176m6
ARmGMCLsdJyhMYjTOmQF0oh6Pwjwg1KFRmd9oSdzIex47Z3uPyOdF3ssyQFywg+8
jOZccPeTceTnu3WgfATS6RdcaYmLsw2+eKY82BAM6+Vy6NeYvYFzV2eHLB7fl9yo
x7ex8dox4Y2RQanD5IqEN183u7oSN9Bdb491Rs4WYA==
=w8PI
-----END PGP PUBLIC KEY BLOCK-----

7
libpcap.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package libpcap
#
# Copyright (c) 2026 SUSE LLC
# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: libpcap
Version: 1.10.5
Version: 1.10.6
Release: 0
Summary: A Library for Network Sniffers
License: BSD-3-Clause
@@ -29,8 +29,6 @@ Source3: https://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring
Source4: https://www.tcpdump.org/release/%{name}-%{version}.tar.xz.sig
Patch2: libpcap-1.0.0-ppp.patch
Patch3: libpcap-1.0.0-s390.patch
# PATCH-FIX-UPSTREAM bsc#1255765 CVE-2025-11961: Fix OOBR and OOBW in pcap_ether_aton()
Patch4: libpcap-CVE-2025-11961.patch
BuildRequires: autoconf >= 2.69
BuildRequires: automake
BuildRequires: bison
@@ -87,7 +85,6 @@ libpcap static libraries
%setup -q
%patch -P 2
%patch -P 3 -p1
%patch -P 4 -p1
%build
%global _lto_cflags %{_lto_cflags} -ffat-lto-objects