From 5e9f60e210528a7286f48f564dc945eb58a651739740d489bd77875b15acd201 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Tue, 9 Mar 2021 12:01:20 +0000 Subject: [PATCH] Accepting request 873794 from home:pmonrealgonzalez:branches:network:utilities - Fix excess of precission in floating point registers for i586 until resolved upstream. - Update to 4.99.0 IMPORTANT: Upsteam moved the default install directory to bindir. For compatibility, tcpdump is still being installed in sbindir and a symlink in bindir has been added. * Print unsupported link-layer protocol packets in hex. * Add support for new network protocols and DLTs: Arista, Autosar SOME/IP, Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS, ZigBee Encapsulation Protocol (ZEP). * Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP, ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS, NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD, VXLAN-GPE. * User interface: - Make SLL2 the default for Linux "any" pseudo-device. - Add --micro and --nano shorthands. - Add --count to print a counter only instead of decoding. - Add --print, to cause packet printing even with -w. - Add support for remote capture if libpcap supports it. - Flush the output packet buffer on a SIGUSR2. - Handle very large -f files by rejecting them. * Source code: - Introduce new helper functions, including GET_*(), nd_print_protocol(), nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others. - Put integer signedness right in many cases. OBS-URL: https://build.opensuse.org/request/show/873794 OBS-URL: https://build.opensuse.org/package/show/network:utilities/tcpdump?expand=0&rev=58 --- tcpdump-4.9.3.tar.gz | 3 -- tcpdump-4.9.3.tar.gz.sig | Bin 442 -> 0 bytes tcpdump-4.99.0.tar.gz | 3 ++ tcpdump-4.99.0.tar.gz.sig | Bin 0 -> 442 bytes tcpdump-CVE-2018-19519.patch | 23 ------------- tcpdump-CVE-2020-8037.patch | 63 ----------------------------------- tcpdump.changes | 51 ++++++++++++++++++++++++++++ tcpdump.spec | 34 +++++++++---------- 8 files changed, 71 insertions(+), 106 deletions(-) delete mode 100644 tcpdump-4.9.3.tar.gz delete mode 100644 tcpdump-4.9.3.tar.gz.sig create mode 100644 tcpdump-4.99.0.tar.gz create mode 100644 tcpdump-4.99.0.tar.gz.sig delete mode 100644 tcpdump-CVE-2018-19519.patch delete mode 100644 tcpdump-CVE-2020-8037.patch diff --git a/tcpdump-4.9.3.tar.gz b/tcpdump-4.9.3.tar.gz deleted file mode 100644 index 544e0d8..0000000 --- a/tcpdump-4.9.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2cd47cb3d460b6ff75f4a9940f594317ad456cfbf2bd2c8e5151e16559db6410 -size 2333119 diff --git a/tcpdump-4.9.3.tar.gz.sig b/tcpdump-4.9.3.tar.gz.sig deleted file mode 100644 index 0d935624d2de41b093168cd6a075162b8368cab8eaa8b573173a852b4e7ea61d..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 442 zcmV;r0Y(0a0k;GI0SEvc79j*57HU^QtGVDLnvF2viQe(q!Cegn0$q|DkN^q^5a5a4 z@!7#$4Q#~>A4IO*)nFcHUfv5*8k5$`S*%%gcm@B$eL!06>_ak%79e+c?^$S;^bu-=V06PyKFg`}WZI_>RXBO&AD%3*)$=bRnO} zJD}e4bV1mM_sSFRbY6*UX+T#Dc)c_@=#X@LMqaRT;q0@kIZuAK+nmvS`hJ~*OWETM krD>GSGQJq+S0^^kT3vUF;1k_r^*i6ag|Muj`ed%cdDiC}5a5a4 z@!7#$4d65kAd3BlB;{awY1ianb5bJZT5(7480p#ix~AzEkm(9hW@#j zfRlnaQ&e_7!>NPPu8LAVN1zx;JA_ug9$1JRQ$FG_@0PWAyS@?@`=e9x)pQ#eu(&zAK*w~UCw;>$@}vw@v{ycf=wS9sV6Q)3Xik8JeOkt!Wgfzgd1#;5xGL7+5Zr_-Wve|bbRvk3X1^j#wRbW4SKw!r5f&aDb6vqH z|D*+PlvrSjrA!S3k0H@3>I}b)J{`@~RsaA1 literal 0 HcmV?d00001 diff --git a/tcpdump-CVE-2018-19519.patch b/tcpdump-CVE-2018-19519.patch deleted file mode 100644 index de1ca04..0000000 --- a/tcpdump-CVE-2018-19519.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 32af00b05a6ef573d0b340f97b54c13eb9509dc7 Mon Sep 17 00:00:00 2001 -From: Pedro Monreal -Date: Thu, 6 Dec 2018 12:18:38 +0100 -Subject: [PATCH] CVE-2018-19519 buffer overread. Initialize buf in - print-hncp.c:print_prefix. - ---- - print-hncp.c | 2 ++ - 1 file changed, 2 insertions(+) - -Index: tcpdump-4.9.2/print-hncp.c -=================================================================== ---- tcpdump-4.9.2.orig/print-hncp.c -+++ tcpdump-4.9.2/print-hncp.c -@@ -206,6 +206,8 @@ print_prefix(netdissect_options *ndo, co - int plenbytes; - char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")]; - -+ buf[0] = '\0'; -+ - if (prefix[0] >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 && - is_ipv4_mapped_address(&prefix[1])) { - struct in_addr addr; diff --git a/tcpdump-CVE-2020-8037.patch b/tcpdump-CVE-2020-8037.patch deleted file mode 100644 index 3ba237b..0000000 --- a/tcpdump-CVE-2020-8037.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Sat, 18 Apr 2020 14:04:59 -0700 -Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer. - -The buffer should be big enough to hold the captured data, but it -doesn't need to be big enough to hold the entire on-the-network packet, -if we haven't captured all of it. - -(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334) ---- - print-ppp.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -diff --git a/print-ppp.c b/print-ppp.c -index 891761728..33fb03412 100644 ---- a/print-ppp.c -+++ b/print-ppp.c -@@ -1367,19 +1367,29 @@ print_bacp_config_options(netdissect_options *ndo, - return 0; - } - -+/* -+ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. -+ * The length argument is the on-the-wire length, not the captured -+ * length; we can only un-escape the captured part. -+ */ - static void - ppp_hdlc(netdissect_options *ndo, - const u_char *p, int length) - { -+ u_int caplen = ndo->ndo_snapend - p; - u_char *b, *t, c; - const u_char *s; -- int i, proto; -+ u_int i; -+ int proto; - const void *se; - -+ if (caplen == 0) -+ return; -+ - if (length <= 0) - return; - -- b = (u_char *)malloc(length); -+ b = (u_char *)malloc(caplen); - if (b == NULL) - return; - -@@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo, - * Do this so that we dont overwrite the original packet - * contents. - */ -- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { -+ for (s = p, t = b, i = caplen; i != 0; i--) { - c = *s++; - if (c == 0x7d) { -- if (i <= 1 || !ND_TTEST(*s)) -+ if (i <= 1) - break; - i--; - c = *s++ ^ 0x20; diff --git a/tcpdump.changes b/tcpdump.changes index 0b68309..fc49b05 100644 --- a/tcpdump.changes +++ b/tcpdump.changes @@ -1,3 +1,54 @@ +------------------------------------------------------------------- +Fri Feb 19 14:07:16 UTC 2021 - Pedro Monreal + +- Fix excess of precission in floating point registers for i586 + until resolved upstream. + +------------------------------------------------------------------- +Mon Jan 4 13:01:06 UTC 2021 - Pedro Monreal + +- Update to 4.99.0 + IMPORTANT: Upsteam moved the default install directory to bindir. + For compatibility, tcpdump is still being installed in + sbindir and a symlink in bindir has been added. + * Print unsupported link-layer protocol packets in hex. + * Add support for new network protocols and DLTs: Arista, Autosar + SOME/IP, Broadcom LI and Ethernet switches tag, IEEE 802.15.9, + IP-over-InfiniBand (IPoIB), Linux SLL2, Linux vsockmon, MACsec, + Marvell Distributed Switch Architecture, OpenFlow 1.3, Precision + Time Protocol (PTP), SSH, WHOIS, ZigBee Encapsulation Protocol (ZEP). + * Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, + HNCP, ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP + ping, MPTCP, NFS, NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, + RSVP, Rx, SMB, UDLD, VXLAN-GPE. + * User interface: + - Make SLL2 the default for Linux "any" pseudo-device. + - Add --micro and --nano shorthands. + - Add --count to print a counter only instead of decoding. + - Add --print, to cause packet printing even with -w. + - Add support for remote capture if libpcap supports it. + - Flush the output packet buffer on a SIGUSR2. + - Handle very large -f files by rejecting them. + * Source code: + - Introduce new helper functions, including GET_*(), + nd_print_protocol(), nd_print_invalid(), nd_print_trunc(), + nd_trunc_longjmp() and others. + - Put integer signedness right in many cases. + - Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types + to fix alignment issues, especially on SPARC. + - Use a table instead of getprotobynumber(). + - Get rid of ND_UNALIGNED and ND_TCHECK(). + - Make roundup2() generally available. + - Resync SMI list against Wireshark. +- Remove patches fixed upstream: + * tcpdump-CVE-2018-19519.patch + * tcpdump-CVE-2020-8037.patch + +------------------------------------------------------------------- +Mon Jan 4 12:53:10 UTC 2021 - Pedro Monreal + +- Remove unrecognized configure option: enable-ipv6 + ------------------------------------------------------------------- Thu Nov 5 10:58:11 UTC 2020 - Pedro Monreal diff --git a/tcpdump.spec b/tcpdump.spec index 517755e..98f482e 100644 --- a/tcpdump.spec +++ b/tcpdump.spec @@ -1,7 +1,7 @@ # # spec file for package tcpdump # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %define min_libpcap_version 1.9.1 Name: tcpdump -Version: 4.9.3 +Version: 4.99.0 Release: 0 Summary: A Packet Sniffer License: BSD-3-Clause @@ -27,10 +27,6 @@ Source: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz Source1: tcpdump-qeth Source2: https://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig Source3: https://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring -# PATCH-FIX-OPENSUSE tcpdump-CVE-2018-19519.patch - Initialize buf in print-hncp.c:print_prefix -Patch0: tcpdump-CVE-2018-19519.patch -# PATCH-FIX-UPSTREAM bsc#1178466 CVE-2020-8037 PPP decapsulator: Allocate the right buffer size -Patch1: tcpdump-CVE-2020-8037.patch BuildRequires: libpcap-devel >= %{min_libpcap_version} BuildRequires: libsmi-devel BuildRequires: openssl-devel @@ -41,35 +37,39 @@ This program can "read" all or only certain packets going over the ethernet. It can be used to debug specific network problems. %prep -%setup -q -%autopatch -p1 +%autosetup -p1 %build # guessing TSO needed in print-ip.c export CFLAGS="%{optflags} -DGUESS_TSO" -%configure \ - --enable-ipv6 +%ifarch i586 +export CFLAGS="$CFLAGS -ffloat-store" +%endif +%configure %make_build %install -%make_install +mkdir -p %{buildroot}%{_sbindir} +mkdir -p %{buildroot}%{_mandir}/man1 +mkdir -p %{buildroot}%{_libdir} +install -m755 tcpdump %{buildroot}%{_sbindir} +install -m644 tcpdump.1 %{buildroot}%{_mandir}/man1/ %ifarch s390 s390x install -D -m 755 %{SOURCE1} %{buildroot}%{_sbindir} %endif -rm %{buildroot}/%{_sbindir}/tcpdump.%{version} +# Add a symlink in /usr/bin to be accessed by users +mkdir -p %{buildroot}%{_bindir} +ln -sf %{_sbindir}/tcpdump %{buildroot}%{_bindir}/tcpdump %check -%ifarch ppc ppc64 ppc64le -make check %{?_smp_mflags} || { echo "ignore ikev2pI2 failure tracked by https://github.com/the-tcpdump-group/tcpdump/issues/814"; } -%else -make check %{?_smp_mflags} -%endif +%make_build check %files %license LICENSE %doc CHANGES CREDITS README* *.awk %{_mandir}/man?/* %{_sbindir}/tcpdump +%{_bindir}/tcpdump %ifarch s390 s390x %{_sbindir}/tcpdump-qeth %endif