diff --git a/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch b/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch deleted file mode 100644 index c5e54ae..0000000 --- a/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From f19e0376b8e98b38240d28eb9e6f78c465bb1c6e Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 20 Oct 2014 13:34:24 +0200 -Subject: [PATCH 1/8] icmp6: print Reachable Time and Retransmit Time from - ICMPv6 as milliseconds - ---- - print-icmp6.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/print-icmp6.c b/print-icmp6.c -index 7fe639d..cfaa2df 100644 ---- a/print-icmp6.c -+++ b/print-icmp6.c -@@ -1034,7 +1034,7 @@ icmp6_print(netdissect_options *ndo, - p = (const struct nd_router_advert *)dp; - ND_TCHECK(p->nd_ra_retransmit); - ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \ -- ", pref %s, router lifetime %us, reachable time %us, retrans time %us", -+ ", pref %s, router lifetime %us, reachable time %ums, retrans time %ums", - (u_int)p->nd_ra_curhoplimit, - bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)), - get_rtpref(p->nd_ra_flags_reserved), --- -2.9.3 - diff --git a/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch b/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch deleted file mode 100644 index 2e4551c..0000000 --- a/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch +++ /dev/null @@ -1,36 +0,0 @@ -From d5508c13119404102104a3935e7445c9fddf79b5 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Fri, 3 Feb 2017 09:43:03 +0100 -Subject: [PATCH 8/8] Don't print out we dropped root, we are always dropping - it - ---- - tcpdump.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/tcpdump.c b/tcpdump.c -index 29f7f87..18c4a5c 100644 ---- a/tcpdump.c -+++ b/tcpdump.c -@@ -618,8 +618,6 @@ droproot(const char *username, const char *chroot_dir) - int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); - if (ret < 0) { - fprintf(stderr, "error : ret %d\n", ret); -- } else { -- fprintf(stderr, "dropped privs to %s\n", username); - } - } - #else -@@ -632,9 +630,6 @@ droproot(const char *username, const char *chroot_dir) - pcap_strerror(errno)); - exit_tcpdump(1); - } -- else { -- fprintf(stderr, "dropped privs to %s\n", username); -- } - #endif /* HAVE_LIBCAP_NG */ - } - else { --- -2.9.3 - diff --git a/0009-Change-n-flag-to-nn-in-TESTonce.patch b/0009-Change-n-flag-to-nn-in-TESTonce.patch index 53a9556..d106be3 100644 --- a/0009-Change-n-flag-to-nn-in-TESTonce.patch +++ b/0009-Change-n-flag-to-nn-in-TESTonce.patch @@ -10,18 +10,15 @@ flag than upstream does. We use -nn in those cases. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/TESTonce b/tests/TESTonce -index 7026624..e348701 100755 +index 425abaa..81283d9 100755 --- a/tests/TESTonce +++ b/tests/TESTonce -@@ -21,7 +21,7 @@ if ($^O eq 'MSWin32') { +@@ -43,7 +43,7 @@ if ($^O eq 'MSWin32') { else { # we used to do this as a nice pipeline, but the problem is that $r fails to # to be set properly if the tcpdump core dumps. -- $r = system "../tcpdump 2>/dev/null -n -t -r $input $options >NEW/$output"; -+ $r = system "../tcpdump 2>/dev/null -nn -t -r $input $options >NEW/$output"; - if($r != 0) { - # this means tcpdump failed. - open(OUTPUT, ">>"."NEW/$output") || die "fail to open $output\n"; --- -2.13.5 - +- $cmd = "$TCPDUMP 2>${rawstderrlog} -t -n -r $input $options >tests/NEW/${outputbase}"; ++ $cmd = "$TCPDUMP 2>${rawstderrlog} -t -nn -r $input $options >tests/NEW/${outputbase}"; + print "CMD: $cmd\n" if $debug; + $r = system $cmd; + if($r == -1) { diff --git a/0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch b/0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch deleted file mode 100644 index 30502b8..0000000 --- a/0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0ae4aa1881bbe40443bff802b5e4aa6ca0696dd9 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 11 Apr 2017 09:37:53 +0200 -Subject: [PATCH 10/13] Expect miliseconds instead of seconds in icmp capture. - -Again this is caused by our patch, so we need to modify tests -accordingly. ---- - tests/icmpv6.out | 2 +- - tests/icmpv6_opt24-v.out | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tests/icmpv6.out b/tests/icmpv6.out -index bb7775e..8979540 100644 ---- a/tests/icmpv6.out -+++ b/tests/icmpv6.out -@@ -1,5 +1,5 @@ - IP6 (hlim 255, next-header ICMPv6 (58) payload length: 176) fe80::b299:28ff:fec8:d66c > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 176 -- hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0s, retrans time 0s -+ hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0ms, retrans time 0ms - prefix info option (3), length 32 (4): 2222:3333:4444:5555:6600::/72, Flags [onlink, auto], valid time 2592000s, pref. time 604800s - 0x0000: 48c0 0027 8d00 0009 3a80 0000 0000 2222 - 0x0010: 3333 4444 5555 6600 0000 0000 0000 -diff --git a/tests/icmpv6_opt24-v.out b/tests/icmpv6_opt24-v.out -index 2b7cf09..00512df 100644 ---- a/tests/icmpv6_opt24-v.out -+++ b/tests/icmpv6_opt24-v.out -@@ -1,5 +1,5 @@ - IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120 -- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s -+ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms - source link-address option (1), length 8 (1): 14:cf:92:87:23:d6 - mtu option (5), length 8 (1): 1500 - prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s -@@ -7,7 +7,7 @@ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87 - rdnss option (25), length 24 (3): lifetime 1800s, addr: fd8d:4fb3:5b2e::1 - dnssl option (31), length 16 (2): lifetime 1800s, domain(s): lan. - IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120 -- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s -+ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms - source link-address option (1), length 8 (1): 14:cf:92:87:23:d6 - mtu option (5), length 8 (1): 1500 - prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s --- -2.13.5 diff --git a/0011-Evp-cipher-buffers.patch b/0011-Evp-cipher-buffers.patch index a271419..057f888 100644 --- a/0011-Evp-cipher-buffers.patch +++ b/0011-Evp-cipher-buffers.patch @@ -1,133 +1,29 @@ diff --git a/print-esp.c b/print-esp.c -index 511ee8a3..5b282526 100644 +index 6fabff1..5818cc8 100644 --- a/print-esp.c +++ b/print-esp.c -@@ -192,8 +192,8 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, - const u_char *iv; - unsigned int len; - EVP_CIPHER_CTX *ctx; -- unsigned int block_size, output_buffer_size; -- u_char *output_buffer; -+ unsigned int block_size, buffer_size; -+ u_char *input_buffer, *output_buffer; - - /* initiator arg is any non-zero value */ - if(initiator) initiator=1; -@@ -228,19 +228,41 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, - (*ndo->ndo_warning)(ndo, "espkey init failed"); - set_cipher_parameters(ctx, NULL, NULL, iv, 0); - /* -- * Allocate a buffer for the decrypted data. -- * The output buffer must be separate from the input buffer, and -- * its size must be a multiple of the cipher block size. -+ * Allocate buffers for the encrypted and decrypted data. -+ * Both buffers' sizes must be a multiple of the cipher block -+ * size, and the output buffer must be separate from the input -+ * buffer. - */ - block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx); -- output_buffer_size = len + (block_size - len % block_size); -- output_buffer = (u_char *)malloc(output_buffer_size); -+ buffer_size = len + (block_size - len % block_size); -+ -+ /* -+ * Attempt to allocate the input buffer. -+ */ -+ input_buffer = (u_char *)malloc(buffer_size); -+ if (input_buffer == NULL) { -+ (*ndo->ndo_warning)(ndo, "can't allocate memory for encrypted data buffer"); -+ EVP_CIPHER_CTX_free(ctx); -+ return 0; -+ } -+ /* -+ * Copy the input data to the encrypted data buffer, and pad it -+ * with zeroes. -+ */ -+ memcpy(input_buffer, buf, len); -+ memset(input_buffer + len, 0, buffer_size - len); -+ -+ /* -+ * Attempt to allocate the output buffer. -+ */ -+ output_buffer = (u_char *)malloc(buffer_size); - if (output_buffer == NULL) { - (*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer"); -+ free(input_buffer); +@@ -242,6 +242,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, + if (input_buffer == NULL) { EVP_CIPHER_CTX_free(ctx); - return 0; + (*ndo->ndo_error)(ndo, "can't allocate memory for encrypted data buffer"); ++ return 0; } -- EVP_Cipher(ctx, output_buffer, buf, len); + /* + * Copy the input data to the encrypted data buffer, and pad it +@@ -259,7 +260,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, + EVP_CIPHER_CTX_free(ctx); + (*ndo->ndo_error)(ndo, "can't allocate memory for decryption buffer"); + } +- EVP_Cipher(ctx, output_buffer, input_buffer, len); + EVP_Cipher(ctx, output_buffer, input_buffer, buffer_size); EVP_CIPHER_CTX_free(ctx); /* -@@ -249,6 +272,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, - * but changing this would require a more complicated fix. - */ - memcpy(buf, output_buffer, len); -+ free(input_buffer); - free(output_buffer); - - ndo->ndo_packetp = buf; -@@ -666,8 +690,8 @@ esp_print(netdissect_options *ndo, - const u_char *ivoff; - const u_char *p; - EVP_CIPHER_CTX *ctx; -- unsigned int block_size, output_buffer_size; -- u_char *output_buffer; -+ unsigned int block_size, buffer_size; -+ u_char *input_buffer, *output_buffer; - #endif - - esp = (const struct newesp *)bp; -@@ -784,21 +808,43 @@ esp_print(netdissect_options *ndo, - len = ep - (p + ivlen); - - /* -- * Allocate a buffer for the decrypted data. -- * The output buffer must be separate from the -- * input buffer, and its size must be a multiple -- * of the cipher block size. -+ * Allocate buffers for the encrypted and decrypted -+ * data. Both buffers' sizes must be a multiple of -+ * the cipher block size, and the output buffer must -+ * be separate from the input buffer. - */ - block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx); -- output_buffer_size = len + (block_size - len % block_size); -- output_buffer = (u_char *)malloc(output_buffer_size); -+ buffer_size = len + (block_size - len % block_size); -+ -+ /* -+ * Attempt to allocate the input buffer. -+ */ -+ input_buffer = (u_char *)malloc(buffer_size); -+ if (input_buffer == NULL) { -+ (*ndo->ndo_warning)(ndo, "can't allocate memory for encrypted data buffer"); -+ EVP_CIPHER_CTX_free(ctx); -+ return 0; -+ } -+ /* -+ * Copy the input data to the encrypted data buffer, -+ * and pad it with zeroes. -+ */ -+ memcpy(input_buffer, p + ivlen, len); -+ memset(input_buffer + len, 0, buffer_size - len); -+ -+ /* -+ * Attempt to allocate the output buffer. -+ */ -+ output_buffer = (u_char *)malloc(buffer_size); - if (output_buffer == NULL) { - (*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer"); -+ free(input_buffer); +@@ -815,6 +816,7 @@ esp_print(netdissect_options *ndo, + if (input_buffer == NULL) { EVP_CIPHER_CTX_free(ctx); - return -1; + (*ndo->ndo_error)(ndo, "can't allocate memory for encrypted data buffer"); ++ return 0; } - -- EVP_Cipher(ctx, output_buffer, p + ivlen, len); -+ EVP_Cipher(ctx, output_buffer, input_buffer, len); -+ free(input_buffer); - EVP_CIPHER_CTX_free(ctx); /* - * XXX - of course this is wrong, because buf is a + * Copy the input data to the encrypted data buffer, diff --git a/tcpdump-4.9.2.tar.gz b/tcpdump-4.9.2.tar.gz deleted file mode 100644 index 86e02e9..0000000 Binary files a/tcpdump-4.9.2.tar.gz and /dev/null differ diff --git a/tcpdump-4.9.2.tar.gz.sig b/tcpdump-4.9.2.tar.gz.sig deleted file mode 100644 index 6456b34..0000000 Binary files a/tcpdump-4.9.2.tar.gz.sig and /dev/null differ diff --git a/tcpdump-4.9.3.tar.gz b/tcpdump-4.9.3.tar.gz new file mode 100644 index 0000000..52052ba Binary files /dev/null and b/tcpdump-4.9.3.tar.gz differ diff --git a/tcpdump-4.9.3.tar.gz.sig b/tcpdump-4.9.3.tar.gz.sig new file mode 100644 index 0000000..ef927bf Binary files /dev/null and b/tcpdump-4.9.3.tar.gz.sig differ diff --git a/tcpdump.spec b/tcpdump.spec index 4f2bd9c..6192a4d 100644 --- a/tcpdump.spec +++ b/tcpdump.spec @@ -1,83 +1,93 @@ -Name: tcpdump -Epoch: 14 -Version: 4.9.2 -Release: 7 -Summary: A powerful command-line packet analyzer and library for network traffic capture. -License: BSD with advertising -URL: http://www.tcpdump.org -Source0: http://www.tcpdump.org/release/%{name}-%{version}.tar.gz -Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz +Name: tcpdump +Epoch: 14 +Version: 4.9.3 +Release: 2 +Summary: A network traffic monitoring tool +License: BSD with advertising +URL: http://www.tcpdump.org -Patch0001: 0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch -Patch0002: 0002-Use-getnameinfo-instead-of-gethostbyaddr.patch -Patch0003: 0003-Drop-root-priviledges-before-opening-first-savefile-.patch -Patch0004: 0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch -Patch0005: 0005-tcpslice-remove-unneeded-include.patch -Patch0006: 0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch -Patch0007: 0007-Introduce-nn-option.patch -Patch0008: 0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch -Patch0009: 0009-Change-n-flag-to-nn-in-TESTonce.patch -Patch0010: 0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch -Patch0011: 0011-Evp-cipher-buffers.patch -Patch0012: 0012-Add-printing-support-for-vsockmon-devices.patch +Source0: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz +Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz +Source2: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz.sig -BuildRequires: automake openssl-devel libpcap-devel git-core -Requires: shadow-utils +Patch0002: 0002-Use-getnameinfo-instead-of-gethostbyaddr.patch +Patch0003: 0003-Drop-root-priviledges-before-opening-first-savefile-.patch +Patch0004: 0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch +Patch0005: 0005-tcpslice-remove-unneeded-include.patch +Patch0006: 0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch +Patch0007: 0007-Introduce-nn-option.patch +Patch0009: 0009-Change-n-flag-to-nn-in-TESTonce.patch +Patch0011: 0011-Evp-cipher-buffers.patch +Patch0012: 0012-Add-printing-support-for-vsockmon-devices.patch + +Requires(pre): shadow-utils +BuildRequires: automake openssl-devel libpcap-devel git-core gcc + +%define tcpslice_dir tcpslice-1.2a3 %description -Tcpdump is a common packet analyzer that runs under the command line. -It allows the user to captureand display TCP/IP and other packets being -transmitted or received over a network to which the computer is attached. +Tcpdump is a command-line tool for monitoring network traffic. +Tcpdump can capture and display the packet headers on a particular +network interface or on all interfaces. Tcpdump can display all of +the packet headers, or just the ones that match particular criteria. -%package help -Summary: Help documents for tcpdump +Install tcpdump if you need a program to monitor network traffic. -%description help +%package help +Summary: Help documents for tcpdump + +%description help Man pages and other related help documents for tcpdump. %prep -%autosetup -n %{name}-%{version} -a 1 -S git +%autosetup -a 1 -S git %build -export CFLAGS="%{optflags} $(getconf LFS_CFLAGS) -fno-strict-aliasing" -pushd tcpslice-1.2a3 +export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -fno-strict-aliasing" + +pushd %{tcpslice_dir} +# update config.{guess,sub} automake -a -f 2> /dev/null || : %configure -%make_build +make %{?_smp_mflags} popd %configure --with-crypto --with-user=tcpdump --without-smi -%make_build +make %{?_smp_mflags} %install -install -d %{buildroot}%{_libdir} %{buildroot}%{_sbindir} %{buildroot}%{_mandir}/man8 +mkdir -p ${RPM_BUILD_ROOT}%{_libdir} +mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man8 +mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} -pushd tcpslice-1.2a3 -install -m755 tcpslice %{buildroot}%{_sbindir} -install -m644 tcpslice.1 %{buildroot}%{_mandir}/man8/tcpslice.8 +pushd %{tcpslice_dir} +install -m755 tcpslice ${RPM_BUILD_ROOT}%{_sbindir} +install -m644 tcpslice.1 ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpslice.8 popd -install -m755 tcpdump %{buildroot}%{_sbindir} -install -m644 tcpdump.1 %{buildroot}%{_mandir}/man8/tcpdump.8 +install -m755 tcpdump ${RPM_BUILD_ROOT}%{_sbindir} +install -m644 tcpdump.1 ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdump.8 -sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' %{buildroot}%{_mandir}/man8/* - -%check -make check +# fix section numbers +sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' \ + ${RPM_BUILD_ROOT}%{_mandir}/man8/* %pre /usr/sbin/groupadd -g 72 tcpdump 2> /dev/null -/usr/sbin/useradd -u 72 -g 72 -s /sbin/nologin -M -r -d / tcpdump 2> /dev/null +/usr/sbin/useradd -u 72 -g 72 -s /sbin/nologin -M -r \ + -d / tcpdump 2> /dev/null exit 0 %files +%doc README.md CHANGES CREDITS %license LICENSE -%{_sbindir}/tcp* +%{_sbindir}/tcpdump +%{_sbindir}/tcpslice %files help -%doc README.md CHANGES CREDITS -%{_mandir}/man8/tcp*.8* +%{_mandir}/man8/tcpslice.8* +%{_mandir}/man8/tcpdump.8* %changelog -* Fri Sep 20 2019 chenzhenyu - 14:4.9.2-7 +* Sat Dec 21 2019 openEuler Buildteam - 4.9.3-2 - Package init