Accepting request 873794 from home:pmonrealgonzalez:branches:network:utilities

- Fix excess of precission in floating point registers for i586
  until resolved upstream.

- Update to 4.99.0
  IMPORTANT: Upsteam moved the default install directory to bindir.
      For compatibility, tcpdump is still being installed in
      sbindir and a symlink in bindir has been added.
  * Print unsupported link-layer protocol packets in hex.
  * Add support for new network protocols and DLTs: Arista, Autosar
    SOME/IP, Broadcom LI and Ethernet switches tag, IEEE 802.15.9,
    IP-over-InfiniBand (IPoIB), Linux SLL2, Linux vsockmon, MACsec,
    Marvell Distributed Switch Architecture, OpenFlow 1.3, Precision
    Time Protocol (PTP), SSH, WHOIS, ZigBee Encapsulation Protocol (ZEP).
  * Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16,
    HNCP, ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP
    ping, MPTCP, NFS, NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS,
    RSVP, Rx, SMB, UDLD, VXLAN-GPE.
  * User interface:
    - Make SLL2 the default for Linux "any" pseudo-device.
    - Add --micro and --nano shorthands.
    - Add --count to print a counter only instead of decoding.
    - Add --print, to cause packet printing even with -w.
    - Add support for remote capture if libpcap supports it.
    - Flush the output packet buffer on a SIGUSR2.
    - Handle very large -f files by rejecting them.
  * Source code:
    - Introduce new helper functions, including GET_*(),
      nd_print_protocol(), nd_print_invalid(), nd_print_trunc(),
      nd_trunc_longjmp() and others.
    - Put integer signedness right in many cases.

OBS-URL: https://build.opensuse.org/request/show/873794
OBS-URL: https://build.opensuse.org/package/show/network:utilities/tcpdump?expand=0&rev=58

tcpdump-4.9.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:2cd47cb3d460b6ff75f4a9940f594317ad456cfbf2bd2c8e5151e16559db6410
-size 2333119

tcpdump-4.99.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8cf2f17a9528774a7b41060323be8b73f76024f7778f59c34efa65d49d80b842
+size 2008080

tcpdump-CVE-2018-19519.patch

@@ -1,23 +0,0 @@
-From 32af00b05a6ef573d0b340f97b54c13eb9509dc7 Mon Sep 17 00:00:00 2001
-From: Pedro Monreal <pmgdeb@gmail.com>
-Date: Thu, 6 Dec 2018 12:18:38 +0100
-Subject: [PATCH] CVE-2018-19519 buffer overread. Initialize buf in
- print-hncp.c:print_prefix.
-
----
- print-hncp.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-Index: tcpdump-4.9.2/print-hncp.c
-===================================================================
---- tcpdump-4.9.2.orig/print-hncp.c
-+++ tcpdump-4.9.2/print-hncp.c
-@@ -206,6 +206,8 @@ print_prefix(netdissect_options *ndo, co
-     int plenbytes;
-     char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx::/128")];
- 
-+    buf[0] = '\0';
-+
-     if (prefix[0] >= 96 && max_length >= IPV4_MAPPED_HEADING_LEN + 1 &&
-         is_ipv4_mapped_address(&prefix[1])) {
-         struct in_addr addr;

tcpdump-CVE-2020-8037.patch

@@ -1,63 +0,0 @@
-From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001
-From: Guy Harris <guy@alum.mit.edu>
-Date: Sat, 18 Apr 2020 14:04:59 -0700
-Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer.
-
-The buffer should be big enough to hold the captured data, but it
-doesn't need to be big enough to hold the entire on-the-network packet,
-if we haven't captured all of it.
-
-(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334)
----
- print-ppp.c | 18 ++++++++++++++----
- 1 file changed, 14 insertions(+), 4 deletions(-)
-
-diff --git a/print-ppp.c b/print-ppp.c
-index 891761728..33fb03412 100644
---- a/print-ppp.c
-+++ b/print-ppp.c
-@@ -1367,19 +1367,29 @@ print_bacp_config_options(netdissect_options *ndo,
- 	return 0;
- }
- 
-+/*
-+ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes.
-+ * The length argument is the on-the-wire length, not the captured
-+ * length; we can only un-escape the captured part.
-+ */
- static void
- ppp_hdlc(netdissect_options *ndo,
-          const u_char *p, int length)
- {
-+	u_int caplen = ndo->ndo_snapend - p;
- 	u_char *b, *t, c;
- 	const u_char *s;
--	int i, proto;
-+	u_int i;
-+	int proto;
- 	const void *se;
- 
-+	if (caplen == 0)
-+		return;
-+
-         if (length <= 0)
-                 return;
- 
--	b = (u_char *)malloc(length);
-+	b = (u_char *)malloc(caplen);
- 	if (b == NULL)
- 		return;
- 
-@@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo,
- 	 * Do this so that we dont overwrite the original packet
- 	 * contents.
- 	 */
--	for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) {
-+	for (s = p, t = b, i = caplen; i != 0; i--) {
- 		c = *s++;
- 		if (c == 0x7d) {
--			if (i <= 1 || !ND_TTEST(*s))
-+			if (i <= 1)
- 				break;
- 			i--;
- 			c = *s++ ^ 0x20;

tcpdump.changes

@@ -1,3 +1,54 @@
+-------------------------------------------------------------------
+Fri Feb 19 14:07:16 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix excess of precission in floating point registers for i586
+  until resolved upstream.
+
+-------------------------------------------------------------------
+Mon Jan  4 13:01:06 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 4.99.0
+  IMPORTANT: Upsteam moved the default install directory to bindir.
+      For compatibility, tcpdump is still being installed in
+      sbindir and a symlink in bindir has been added.
+  * Print unsupported link-layer protocol packets in hex.
+  * Add support for new network protocols and DLTs: Arista, Autosar
+    SOME/IP, Broadcom LI and Ethernet switches tag, IEEE 802.15.9,
+    IP-over-InfiniBand (IPoIB), Linux SLL2, Linux vsockmon, MACsec,
+    Marvell Distributed Switch Architecture, OpenFlow 1.3, Precision
+    Time Protocol (PTP), SSH, WHOIS, ZigBee Encapsulation Protocol (ZEP).
+  * Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16,
+    HNCP, ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP
+    ping, MPTCP, NFS, NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS,
+    RSVP, Rx, SMB, UDLD, VXLAN-GPE.
+  * User interface:
+    - Make SLL2 the default for Linux "any" pseudo-device.
+    - Add --micro and --nano shorthands.
+    - Add --count to print a counter only instead of decoding.
+    - Add --print, to cause packet printing even with -w.
+    - Add support for remote capture if libpcap supports it.
+    - Flush the output packet buffer on a SIGUSR2.
+    - Handle very large -f files by rejecting them.
+  * Source code:
+    - Introduce new helper functions, including GET_*(),
+      nd_print_protocol(), nd_print_invalid(), nd_print_trunc(),
+      nd_trunc_longjmp() and others.
+    - Put integer signedness right in many cases.
+    - Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types
+      to fix alignment issues, especially on SPARC.
+    - Use a table instead of getprotobynumber().
+    - Get rid of ND_UNALIGNED and ND_TCHECK().
+    - Make roundup2() generally available.
+    - Resync SMI list against Wireshark.
+- Remove patches fixed upstream:
+  * tcpdump-CVE-2018-19519.patch
+  * tcpdump-CVE-2020-8037.patch
+
+-------------------------------------------------------------------
+Mon Jan  4 12:53:10 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Remove unrecognized configure option: enable-ipv6
+
 -------------------------------------------------------------------
 Thu Nov  5 10:58:11 UTC 2020 - Pedro Monreal <pmonreal@suse.com>
 

tcpdump.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package tcpdump
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %define min_libpcap_version 1.9.1
 Name:           tcpdump
-Version:        4.9.3
+Version:        4.99.0
 Release:        0
 Summary:        A Packet Sniffer
 License:        BSD-3-Clause
@@ -27,10 +27,6 @@ Source:         https://www.tcpdump.org/release/%{name}-%{version}.tar.gz
 Source1:        tcpdump-qeth
 Source2:        https://www.tcpdump.org/release/%{name}-%{version}.tar.gz.sig
 Source3:        https://www.tcpdump.org/tcpdump-workers.asc#/%{name}.keyring
-# PATCH-FIX-OPENSUSE tcpdump-CVE-2018-19519.patch - Initialize buf in print-hncp.c:print_prefix
-Patch0:         tcpdump-CVE-2018-19519.patch
-# PATCH-FIX-UPSTREAM bsc#1178466 CVE-2020-8037 PPP decapsulator: Allocate the right buffer size
-Patch1:         tcpdump-CVE-2020-8037.patch
 BuildRequires:  libpcap-devel >= %{min_libpcap_version}
 BuildRequires:  libsmi-devel
 BuildRequires:  openssl-devel
@@ -41,35 +37,39 @@ This program can "read" all or only certain packets going over the
 ethernet. It can be used to debug specific network problems.
 
 %prep
-%setup -q
+%autosetup -p1
-%autopatch -p1
 
 %build
 # guessing TSO needed in print-ip.c
 export CFLAGS="%{optflags} -DGUESS_TSO"
-%configure \
+%ifarch i586
-  --enable-ipv6
+export CFLAGS="$CFLAGS -ffloat-store"
+%endif
+%configure
 %make_build
 
 %install
-%make_install
+mkdir -p %{buildroot}%{_sbindir}
+mkdir -p %{buildroot}%{_mandir}/man1
+mkdir -p %{buildroot}%{_libdir}
+install -m755 tcpdump %{buildroot}%{_sbindir}
+install -m644 tcpdump.1 %{buildroot}%{_mandir}/man1/
 %ifarch s390 s390x
   install -D -m 755 %{SOURCE1} %{buildroot}%{_sbindir}
 %endif
-rm %{buildroot}/%{_sbindir}/tcpdump.%{version}
+# Add a symlink in /usr/bin to be accessed by users
+mkdir -p %{buildroot}%{_bindir}
+ln -sf %{_sbindir}/tcpdump %{buildroot}%{_bindir}/tcpdump
 
 %check
-%ifarch ppc ppc64 ppc64le
+%make_build check
-make check %{?_smp_mflags} || { echo "ignore ikev2pI2 failure tracked by https://github.com/the-tcpdump-group/tcpdump/issues/814"; }
-%else
-make check %{?_smp_mflags}
-%endif
 
 %files
 %license LICENSE
 %doc CHANGES CREDITS README* *.awk
 %{_mandir}/man?/*
 %{_sbindir}/tcpdump
+%{_bindir}/tcpdump
 %ifarch s390 s390x
 %{_sbindir}/tcpdump-qeth
 %endif