diff --git a/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch b/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch deleted file mode 100644 index d6973ac..0000000 --- a/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 954c235f6db6f601d732b6fce48d2e8183c05d49 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 20 Oct 2014 14:43:04 +0200 -Subject: [PATCH 4/8] tcpslice: update tcpslice patch to 1.2a3 - ---- - tcpslice-1.2a3/search.c | 22 +++++++++++++++------- - tcpslice-1.2a3/tcpslice.h | 20 ++++++++++++++++++++ - 2 files changed, 35 insertions(+), 7 deletions(-) - -diff --git a/tcpslice-1.2a3/search.c b/tcpslice-1.2a3/search.c -index 1e2d051..23aa105 100644 ---- a/tcpslice-1.2a3/search.c -+++ b/tcpslice-1.2a3/search.c -@@ -53,7 +53,7 @@ static const char rcsid[] = - /* Size of a packet header in bytes; easier than typing the sizeof() all - * the time ... - */ --#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr )) -+#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr )) - - extern int snaplen; - -@@ -111,16 +111,24 @@ reasonable_header( struct pcap_pkthdr *hdr, time_t first_time, time_t last_time - static void - extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr ) - { -- memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr)); -+ struct pcap_sf_pkthdr hdri; -+ -+ memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr)); - - if ( pcap_is_swapped( p ) ) - { -- hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec); -- hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec); -- hdr->len = SWAPLONG(hdr->len); -- hdr->caplen = SWAPLONG(hdr->caplen); -+ hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec); -+ hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec); -+ hdr->len = SWAPLONG(hdri.len); -+ hdr->caplen = SWAPLONG(hdri.caplen); -+ } -+ else -+ { -+ hdr->ts.tv_sec = hdri.ts.tv_sec; -+ hdr->ts.tv_usec = hdri.ts.tv_usec; -+ hdr->len = hdri.len; -+ hdr->caplen = hdri.caplen; - } -- - /* - * From bpf/libpcap/savefile.c: - * -diff --git a/tcpslice-1.2a3/tcpslice.h b/tcpslice-1.2a3/tcpslice.h -index de4a01c..9dcd1a1 100644 ---- a/tcpslice-1.2a3/tcpslice.h -+++ b/tcpslice-1.2a3/tcpslice.h -@@ -20,6 +20,26 @@ - */ - - -+#include -+/* #include */ -+ -+/* -+ * This is a timeval as stored in disk in a dumpfile. -+ * It has to use the same types everywhere, independent of the actual -+ * `struct timeval' -+ */ -+ -+struct pcap_timeval { -+ bpf_int32 tv_sec; /* seconds */ -+ bpf_int32 tv_usec; /* microseconds */ -+}; -+ -+struct pcap_sf_pkthdr { -+ struct pcap_timeval ts; /* time stamp */ -+ bpf_u_int32 caplen; /* length of portion present */ -+ bpf_u_int32 len; /* length this packet (off wire) */ -+}; -+ - time_t gwtm2secs( struct tm *tm ); - - int sf_find_end( struct pcap *p, struct timeval *first_timestamp, --- -2.9.3 - diff --git a/0005-tcpslice-remove-unneeded-include.patch b/0005-tcpslice-remove-unneeded-include.patch deleted file mode 100644 index 2413575..0000000 --- a/0005-tcpslice-remove-unneeded-include.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d32956586bfb50b189132d5a15db8a50ef871278 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 20 Oct 2014 15:06:54 +0200 -Subject: [PATCH 5/8] tcpslice: remove unneeded include - -net/bpf.h doesn't exist on Linux. ---- - tcpslice-1.2a3/tcpslice.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c -index e73d76f..895e54f 100644 ---- a/tcpslice-1.2a3/tcpslice.c -+++ b/tcpslice-1.2a3/tcpslice.c -@@ -35,8 +35,6 @@ static const char rcsid[] = - #include - #include - --#include -- - #include - #ifdef HAVE_FCNTL_H - #include --- -2.9.3 - diff --git a/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch b/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch deleted file mode 100644 index 60efc1c..0000000 --- a/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e159008d2f126d92112858269fb6b2fbca63ffc2 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 20 Oct 2014 15:19:44 +0200 -Subject: [PATCH 6/8] tcpslice: don't test the pointer but pointee for NULL - ---- - tcpslice-1.2a3/tcpslice.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c -index 895e54f..a91439b 100644 ---- a/tcpslice-1.2a3/tcpslice.c -+++ b/tcpslice-1.2a3/tcpslice.c -@@ -402,7 +402,9 @@ fill_tm(char *time_string, int is_delta, struct tm *t, time_t *usecs_addr) - - while (isdigit(*t_stop)) - ++t_stop; -- if (! t_stop) -+ -+ if (!(*t_stop)) -+ /* we've reached end of string -> bad date format */ - error("bad date format %s, problem starting at %s", - time_string, t_start); - --- -2.9.3 - diff --git a/0009-Change-n-flag-to-nn-in-TESTonce.patch b/0009-Change-n-flag-to-nn-in-TESTonce.patch deleted file mode 100644 index d106be3..0000000 --- a/0009-Change-n-flag-to-nn-in-TESTonce.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 04e23aa3f91ff137237daf68f02e7b3c0c1a9168 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 11 Apr 2017 09:19:48 +0200 -Subject: [PATCH 09/13] Change -n flag to -nn in TESTonce - -We need to change this because we have a different meaning of -n -flag than upstream does. We use -nn in those cases. ---- - tests/TESTonce | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tests/TESTonce b/tests/TESTonce -index 425abaa..81283d9 100755 ---- a/tests/TESTonce -+++ b/tests/TESTonce -@@ -43,7 +43,7 @@ if ($^O eq 'MSWin32') { - else { - # we used to do this as a nice pipeline, but the problem is that $r fails to - # to be set properly if the tcpdump core dumps. -- $cmd = "$TCPDUMP 2>${rawstderrlog} -t -n -r $input $options >tests/NEW/${outputbase}"; -+ $cmd = "$TCPDUMP 2>${rawstderrlog} -t -nn -r $input $options >tests/NEW/${outputbase}"; - print "CMD: $cmd\n" if $debug; - $r = system $cmd; - if($r == -1) { diff --git a/0011-Evp-cipher-buffers.patch b/0011-Evp-cipher-buffers.patch deleted file mode 100644 index 057f888..0000000 --- a/0011-Evp-cipher-buffers.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff --git a/print-esp.c b/print-esp.c -index 6fabff1..5818cc8 100644 ---- a/print-esp.c -+++ b/print-esp.c -@@ -242,6 +242,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, - if (input_buffer == NULL) { - EVP_CIPHER_CTX_free(ctx); - (*ndo->ndo_error)(ndo, "can't allocate memory for encrypted data buffer"); -+ return 0; - } - /* - * Copy the input data to the encrypted data buffer, and pad it -@@ -259,7 +260,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, - EVP_CIPHER_CTX_free(ctx); - (*ndo->ndo_error)(ndo, "can't allocate memory for decryption buffer"); - } -- EVP_Cipher(ctx, output_buffer, input_buffer, len); -+ EVP_Cipher(ctx, output_buffer, input_buffer, buffer_size); - EVP_CIPHER_CTX_free(ctx); - - /* -@@ -815,6 +816,7 @@ esp_print(netdissect_options *ndo, - if (input_buffer == NULL) { - EVP_CIPHER_CTX_free(ctx); - (*ndo->ndo_error)(ndo, "can't allocate memory for encrypted data buffer"); -+ return 0; - } - /* - * Copy the input data to the encrypted data buffer, diff --git a/0012-Add-printing-support-for-vsockmon-devices.patch b/0012-Add-printing-support-for-vsockmon-devices.patch deleted file mode 100644 index 0808c3e..0000000 --- a/0012-Add-printing-support-for-vsockmon-devices.patch +++ /dev/null @@ -1,318 +0,0 @@ -From 66a5b93dee386bc2f57033a150341752923b8b41 Mon Sep 17 00:00:00 2001 -From: Gerard Garcia -Date: Tue, 14 Jun 2016 16:45:44 +0200 -Subject: [PATCH 13/13] Add printing support for vsockmon devices. - -Print Linux 4.12 vsockmon captures: - - # modprobe vsockmon - # ip link add type vsockmon - # ip link set vsockmon0 up - # tcpdump -i vsockmon0 - 16:25:24.987917 VIRTIO 3.1025 > 2.1234 CONNECT, length 76 - 16:25:24.987963 VIRTIO 2.1234 > 3.1025 CONNECT, length 76 - 16:25:26.568271 VIRTIO 3.1025 > 2.1234 PAYLOAD, length 82 - 16:25:26.568512 VIRTIO 2.1234 > 3.1025 CONTROL, length 76 - 16:25:28.411335 VIRTIO 3.1025 > 2.1234 DISCONNECT, length 76 - 16:25:28.411628 VIRTIO 2.1234 > 3.1025 DISCONNECT, length 76 - -For more information about vsock see: -http://wiki.qemu.org/Features/VirtioVsock ---- - Makefile.in | 1 + - netdissect.h | 1 + - print-vsock.c | 243 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - print.c | 3 + - 4 files changed, 248 insertions(+) - create mode 100644 print-vsock.c - -diff --git a/Makefile.in b/Makefile.in -index 0941f0e..a301878 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -226,6 +226,7 @@ LIBNETDISSECT_SRC=\ - print-vjc.c \ - print-vqp.c \ - print-vrrp.c \ -+ print-vsock.c \ - print-vtp.c \ - print-vxlan.c \ - print-vxlan-gpe.c \ -diff --git a/netdissect.h b/netdissect.h -index 089b040..c89fcf1 100644 ---- a/netdissect.h -+++ b/netdissect.h -@@ -444,6 +444,7 @@ extern u_int symantec_if_print IF_PRINTER_ARGS; - extern u_int token_if_print IF_PRINTER_ARGS; - extern u_int usb_linux_48_byte_print IF_PRINTER_ARGS; - extern u_int usb_linux_64_byte_print IF_PRINTER_ARGS; -+extern u_int vsock_print IF_PRINTER_ARGS; - - /* - * Structure passed to some printers to allow them to print -diff --git a/print-vsock.c b/print-vsock.c -new file mode 100644 -index 0000000..fc5694d ---- /dev/null -+++ b/print-vsock.c -@@ -0,0 +1,243 @@ -+/* -+ * Copyright (c) 2016 Gerard Garcia -+ * Copyright (c) 2017 Red Hat, Inc. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * 3. The names of the authors may not be used to endorse or promote -+ * products derived from this software without specific prior -+ * written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -+ */ -+ -+/* \summary: Linux vsock printer */ -+ -+#ifdef HAVE_CONFIG_H -+#include "config.h" -+#endif -+ -+#include -+#include -+ -+#include "netdissect.h" -+#include "extract.h" -+ -+static const char tstr[] = " [|vsock]"; -+ -+enum af_vsockmon_transport { -+ AF_VSOCK_TRANSPORT_UNKNOWN = 0, -+ AF_VSOCK_TRANSPORT_NO_INFO = 1, /* No transport information */ -+ AF_VSOCK_TRANSPORT_VIRTIO = 2, /* Virtio transport header */ -+}; -+ -+static const struct tok vsock_transport[] = { -+ {AF_VSOCK_TRANSPORT_UNKNOWN, "UNKNOWN"}, -+ {AF_VSOCK_TRANSPORT_NO_INFO, "NO_INFO"}, -+ {AF_VSOCK_TRANSPORT_VIRTIO, "VIRTIO"}, -+ { 0, NULL } -+}; -+ -+enum af_vsockmon_op { -+ AF_VSOCK_OP_UNKNOWN = 0, -+ AF_VSOCK_OP_CONNECT = 1, -+ AF_VSOCK_OP_DISCONNECT = 2, -+ AF_VSOCK_OP_CONTROL = 3, -+ AF_VSOCK_OP_PAYLOAD = 4, -+}; -+ -+static const struct tok vsock_op[] = { -+ {AF_VSOCK_OP_UNKNOWN, "UNKNOWN"}, -+ {AF_VSOCK_OP_CONNECT, "CONNECT"}, -+ {AF_VSOCK_OP_DISCONNECT, "DISCONNECT"}, -+ {AF_VSOCK_OP_CONTROL, "CONTROL"}, -+ {AF_VSOCK_OP_PAYLOAD, "PAYLOAD"}, -+ { 0, NULL } -+}; -+ -+enum virtio_vsock_type { -+ VIRTIO_VSOCK_TYPE_STREAM = 1, -+}; -+ -+static const struct tok virtio_type[] = { -+ {VIRTIO_VSOCK_TYPE_STREAM, "STREAM"}, -+ { 0, NULL } -+}; -+ -+enum virtio_vsock_op { -+ VIRTIO_VSOCK_OP_INVALID = 0, -+ VIRTIO_VSOCK_OP_REQUEST = 1, -+ VIRTIO_VSOCK_OP_RESPONSE = 2, -+ VIRTIO_VSOCK_OP_RST = 3, -+ VIRTIO_VSOCK_OP_SHUTDOWN = 4, -+ VIRTIO_VSOCK_OP_RW = 5, -+ VIRTIO_VSOCK_OP_CREDIT_UPDATE = 6, -+ VIRTIO_VSOCK_OP_CREDIT_REQUEST = 7, -+}; -+ -+static const struct tok virtio_op[] = { -+ {VIRTIO_VSOCK_OP_INVALID, "INVALID"}, -+ {VIRTIO_VSOCK_OP_REQUEST, "REQUEST"}, -+ {VIRTIO_VSOCK_OP_RESPONSE, "RESPONSE"}, -+ {VIRTIO_VSOCK_OP_RST, "RST"}, -+ {VIRTIO_VSOCK_OP_SHUTDOWN, "SHUTDOWN"}, -+ {VIRTIO_VSOCK_OP_RW, "RW"}, -+ {VIRTIO_VSOCK_OP_CREDIT_UPDATE, "CREDIT UPDATE"}, -+ {VIRTIO_VSOCK_OP_CREDIT_REQUEST, "CREDIT REQUEST"}, -+ { 0, NULL } -+}; -+ -+/* All fields are little-endian */ -+ -+struct virtio_vsock_hdr { -+ uint64_t src_cid; -+ uint64_t dst_cid; -+ uint32_t src_port; -+ uint32_t dst_port; -+ uint32_t len; -+ uint16_t type; /* enum virtio_vsock_type */ -+ uint16_t op; /* enum virtio_vsock_op */ -+ uint32_t flags; -+ uint32_t buf_alloc; -+ uint32_t fwd_cnt; -+} UNALIGNED; -+ -+struct af_vsockmon_hdr { -+ uint64_t src_cid; -+ uint64_t dst_cid; -+ uint32_t src_port; -+ uint32_t dst_port; -+ uint16_t op; /* enum af_vsockmon_op */ -+ uint16_t transport; /* enum af_vosckmon_transport */ -+ uint16_t len; /* size of transport header */ -+ uint8_t reserved[2]; -+}; -+ -+static void -+vsock_virtio_hdr_print(netdissect_options *ndo, const struct virtio_vsock_hdr *hdr) -+{ -+ uint16_t u16_v; -+ uint32_t u32_v; -+ -+ u32_v = EXTRACT_LE_32BITS(&hdr->len); -+ ND_PRINT((ndo, "len %u", u32_v)); -+ -+ u16_v = EXTRACT_LE_16BITS(&hdr->type); -+ ND_PRINT((ndo, ", type %s", -+ tok2str(virtio_type, "Invalid type (%hu)", u16_v))); -+ -+ u16_v = EXTRACT_LE_16BITS(&hdr->op); -+ ND_PRINT((ndo, ", op %s", -+ tok2str(virtio_op, "Invalid op (%hu)", u16_v))); -+ -+ u32_v = EXTRACT_LE_32BITS(&hdr->flags); -+ ND_PRINT((ndo, ", flags %x", u32_v)); -+ -+ u32_v = EXTRACT_LE_32BITS(&hdr->buf_alloc); -+ ND_PRINT((ndo, ", buf_alloc %u", u32_v)); -+ -+ u32_v = EXTRACT_LE_32BITS(&hdr->fwd_cnt); -+ ND_PRINT((ndo, ", fwd_cnt %u", u32_v)); -+} -+ -+static size_t -+vsock_transport_hdr_size(uint16_t transport) -+{ -+ switch (transport) { -+ case AF_VSOCK_TRANSPORT_VIRTIO: -+ return sizeof(struct virtio_vsock_hdr); -+ default: -+ return 0; -+ } -+} -+ -+static void -+vsock_transport_hdr_print(netdissect_options *ndo, uint16_t transport, -+ const u_char *p, const u_int len) -+{ -+ size_t transport_size = vsock_transport_hdr_size(transport); -+ const void *hdr; -+ -+ if (len < sizeof(struct af_vsockmon_hdr) + transport_size) -+ return; -+ -+ hdr = p + sizeof(struct af_vsockmon_hdr); -+ switch (transport) { -+ case AF_VSOCK_TRANSPORT_VIRTIO: -+ ND_PRINT((ndo, " (")); -+ vsock_virtio_hdr_print(ndo, hdr); -+ ND_PRINT((ndo, ")")); -+ break; -+ default: -+ break; -+ } -+} -+ -+static void -+vsock_hdr_print(netdissect_options *ndo, const u_char *p, const u_int len) -+{ -+ uint16_t hdr_transport, hdr_op; -+ uint32_t hdr_src_port, hdr_dst_port; -+ uint64_t hdr_src_cid, hdr_dst_cid; -+ size_t total_hdr_size; -+ -+ const struct af_vsockmon_hdr *hdr = (struct af_vsockmon_hdr *)p; -+ -+ hdr_transport = EXTRACT_LE_16BITS(&hdr->transport); -+ ND_PRINT((ndo, "%s", -+ tok2str(vsock_transport, "Invalid transport (%u)", -+ hdr_transport))); -+ -+ /* If verbose level is more than 0 print transport details */ -+ if (ndo->ndo_vflag) { -+ vsock_transport_hdr_print(ndo, hdr_transport, p, len); -+ ND_PRINT((ndo, "\n\t")); -+ } else -+ ND_PRINT((ndo, " ")); -+ -+ hdr_src_cid = EXTRACT_LE_64BITS(&hdr->src_cid); -+ hdr_dst_cid = EXTRACT_LE_64BITS(&hdr->dst_cid); -+ hdr_src_port = EXTRACT_LE_32BITS(&hdr->src_port); -+ hdr_dst_port = EXTRACT_LE_32BITS(&hdr->dst_port); -+ hdr_op = EXTRACT_LE_16BITS(&hdr->op); -+ ND_PRINT((ndo, "%lu.%hu > %lu.%hu %s, length %u", -+ hdr_src_cid, hdr_src_port, -+ hdr_dst_cid, hdr_dst_port, -+ tok2str(vsock_op, " invalid op (%u)", hdr_op), -+ len)); -+ -+ /* If debug level is more than 1 print payload contents */ -+ total_hdr_size = sizeof(struct af_vsockmon_hdr) + -+ vsock_transport_hdr_size(hdr_transport); -+ if (ndo->ndo_vflag > 1 && -+ hdr_op == AF_VSOCK_OP_PAYLOAD && -+ len > total_hdr_size) { -+ const u_char *payload = p + total_hdr_size; -+ -+ ND_PRINT((ndo, "\n")); -+ print_unknown_data(ndo, payload, "\t", len - total_hdr_size); -+ } -+} -+ -+u_int -+vsock_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *cp) -+{ -+ u_int len = h->len; -+ -+ if (len < sizeof(struct af_vsockmon_hdr)) -+ ND_PRINT((ndo, "%s", tstr)); -+ else -+ vsock_hdr_print(ndo, cp, len); -+ -+ return len; -+} -diff --git a/print.c b/print.c -index c76f344..1945cfd 100644 ---- a/print.c -+++ b/print.c -@@ -220,6 +220,9 @@ static const struct printer printers[] = { - #ifdef DLT_PPP_SERIAL - { ppp_hdlc_if_print, DLT_PPP_SERIAL }, - #endif -+#ifdef DLT_VSOCK -+ { vsock_print, DLT_VSOCK }, -+#endif - { NULL, 0 }, - }; - --- -2.13.5 - diff --git a/CVE-2020-8037.patch b/CVE-2020-8037.patch deleted file mode 100644 index b321549..0000000 --- a/CVE-2020-8037.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Sat, 18 Apr 2020 14:04:59 -0700 -Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large -buffer. - -The buffer should be big enough to hold the captured data, but it -doesn't need to be big enough to hold the entire on-the-network packet, -if we haven't captured all of it. - -(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334) ---- - print-ppp.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -diff --git a/print-ppp.c b/print-ppp.c -index 891761728..33fb03412 100644 ---- a/print-ppp.c -+++ b/print-ppp.c -@@ -1367,19 +1367,29 @@ - return 0; - } - -+/* -+ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. -+ * The length argument is the on-the-wire length, not the captured -+ * length; we can only un-escape the captured part. -+ */ - static void - ppp_hdlc(netdissect_options *ndo, - const u_char *p, int length) - { -+ u_int caplen = ndo->ndo_snapend - p; - u_char *b, *t, c; - const u_char *s; -- int i, proto; -+ u_int i; -+ int proto; - const void *se; - -+ if (caplen == 0) -+ return; -+ - if (length <= 0) - return; - -- b = (u_char *)malloc(length); -+ b = (u_char *)malloc(caplen); - if (b == NULL) - return; - -@@ -1388,10 +1398,10 @@ - * Do this so that we dont overwrite the original packet - * contents. - */ -- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { -+ for (s = p, t = b, i = caplen; i != 0; i--) { - c = *s++; - if (c == 0x7d) { -- if (i <= 1 || !ND_TTEST(*s)) -+ if (i <= 1) - break; - i--; - c = *s++ ^ 0x20; - diff --git a/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch b/backport-0002-Use-getnameinfo-instead-of-gethostbyaddr.patch similarity index 56% rename from 0002-Use-getnameinfo-instead-of-gethostbyaddr.patch rename to backport-0002-Use-getnameinfo-instead-of-gethostbyaddr.patch index 28bce58..6aebd98 100644 --- a/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch +++ b/backport-0002-Use-getnameinfo-instead-of-gethostbyaddr.patch @@ -1,28 +1,26 @@ -From c48fba64fbbff9c75c79e32ab33aa65742c197d9 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 20 Oct 2014 14:12:46 +0200 -Subject: [PATCH 2/8] Use getnameinfo instead of gethostbyaddr - ---- - addrtoname.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 46 insertions(+), 2 deletions(-) - diff --git a/addrtoname.c b/addrtoname.c -index 6975b71..949acb7 100644 +index 33b9378..426839c 100644 --- a/addrtoname.c +++ b/addrtoname.c -@@ -220,7 +220,6 @@ static uint32_t f_localnet; +@@ -277,7 +277,6 @@ extern cap_channel_t *capdns; const char * - getname(netdissect_options *ndo, const u_char *ap) + ipaddr_string(netdissect_options *ndo, const u_char *ap) { -- register struct hostent *hp; +- struct hostent *hp; uint32_t addr; struct hnamemem *p; -@@ -242,6 +241,28 @@ getname(netdissect_options *ndo, const u_char *ap) +@@ -299,13 +298,29 @@ ipaddr_string(netdissect_options *ndo, const u_char *ap) */ if (!ndo->ndo_nflag && (addr & f_netmask) == f_localnet) { +-#ifdef HAVE_CASPER +- if (capdns != NULL) { +- hp = cap_gethostbyaddr(capdns, (char *)&addr, 4, +- AF_INET); +- } else +-#endif +- hp = gethostbyaddr((char *)&addr, 4, AF_INET); +#ifdef HAVE_GETNAMEINFO + struct sockaddr_in sa; + char hbuf[NI_MAXHOST]; @@ -44,11 +42,12 @@ index 6975b71..949acb7 100644 + return p->name; + } +#else -+ register struct hostent *hp; - hp = gethostbyaddr((char *)&addr, 4, AF_INET); ++ struct hostent *hp; ++ hp = gethostbyaddr((char *)&addr, 4, AF_INET); if (hp) { char *dotp; -@@ -258,6 +279,7 @@ getname(netdissect_options *ndo, const u_char *ap) + +@@ -321,6 +336,7 @@ ipaddr_string(netdissect_options *ndo, const u_char *ap) } return (p->name); } @@ -56,18 +55,25 @@ index 6975b71..949acb7 100644 } p->name = strdup(intoa(addr)); if (p->name == NULL) -@@ -272,7 +294,6 @@ getname(netdissect_options *ndo, const u_char *ap) +@@ -336,7 +352,6 @@ ipaddr_string(netdissect_options *ndo, const u_char *ap) const char * - getname6(netdissect_options *ndo, const u_char *ap) + ip6addr_string(netdissect_options *ndo, const u_char *ap) { -- register struct hostent *hp; +- struct hostent *hp; union { - struct in6_addr addr; + nd_ipv6 addr; struct for_hash_addr { -@@ -297,6 +318,28 @@ getname6(netdissect_options *ndo, const u_char *ap) +@@ -361,13 +376,29 @@ ip6addr_string(netdissect_options *ndo, const u_char *ap) * Do not print names if -n was given. */ if (!ndo->ndo_nflag) { +-#ifdef HAVE_CASPER +- if (capdns != NULL) { +- hp = cap_gethostbyaddr(capdns, (char *)&addr, +- sizeof(addr), AF_INET6); +- } else +-#endif +- hp = gethostbyaddr((char *)&addr, sizeof(addr), +#ifdef HAVE_GETNAMEINFO + struct sockaddr_in6 sa; + char hbuf[NI_MAXHOST]; @@ -89,11 +95,12 @@ index 6975b71..949acb7 100644 + return p->name; + } +#else -+ register struct hostent *hp; - hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); ++ struct hostent *hp; ++ hp = gethostbyaddr((char *)&addr, sizeof(addr), + AF_INET6); if (hp) { char *dotp; -@@ -313,6 +356,7 @@ getname6(netdissect_options *ndo, const u_char *ap) +@@ -384,6 +415,7 @@ ip6addr_string(netdissect_options *ndo, const u_char *ap) } return (p->name); } @@ -101,6 +108,3 @@ index 6975b71..949acb7 100644 } cp = addrtostr6(ap, ntop_buf, sizeof(ntop_buf)); p->name = strdup(cp); --- -2.9.3 - diff --git a/0003-Drop-root-priviledges-before-opening-first-savefile-.patch b/backport-0003-Drop-root-priviledges-before-opening-first-savefile-.patch similarity index 85% rename from 0003-Drop-root-priviledges-before-opening-first-savefile-.patch rename to backport-0003-Drop-root-priviledges-before-opening-first-savefile-.patch index c7ffc59..685a86d 100644 --- a/0003-Drop-root-priviledges-before-opening-first-savefile-.patch +++ b/backport-0003-Drop-root-priviledges-before-opening-first-savefile-.patch @@ -19,7 +19,7 @@ index f04a579..ca5cff2 100644 not 1,048,576 bytes). + +Note that when used with \fB\-Z\fR option (enabled by default), privileges -+are dropped before opening first savefile. ++are dropped before opening the first savefile. .TP .B \-d Dump the compiled packet-matching code in a human readable form to @@ -34,6 +34,17 @@ index f04a579..ca5cff2 100644 .IP "\fI expression\fP" .RS selects which packets will be dumped. +@@ -366,6 +366,10 @@ If no time format is specified, each new file will overwrite the previous. + If used in conjunction with the + .B \-C + option, filenames will take the form of `\fIfile\fP'. ++.IP ++Note that when used with ++.B \-Z ++option (enabled by default), privileges are dropped before opening the first savefile. + .TP + .B \-h + .PD 0 diff --git a/tcpdump.c b/tcpdump.c index 73bf138..29f7f87 100644 --- a/tcpdump.c @@ -58,7 +69,7 @@ index 73bf138..29f7f87 100644 + * user(default tcpdump) and drop root privileges. + */ + if (WFileName) -+ if (Cflag && (username || chroot_dir)) ++ if ((Cflag || Gflag) && (username || chroot_dir)) + droproot(username, chroot_dir); + else + chown_flag = 1; @@ -69,7 +80,7 @@ index 73bf138..29f7f87 100644 @@ -1881,6 +1895,22 @@ main(int argc, char **argv) MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); - p = pcap_dump_open(pd, dumpinfo.CurrentFileName); + pdd = pcap_dump_open(pd, dumpinfo.CurrentFileName); + + /* Change ownership of file and drop root privileges */ + if (chown_flag) { @@ -91,4 +102,3 @@ index 73bf138..29f7f87 100644 * Only allow it to be restored if the -C or -G flag have been -- 2.9.3 - diff --git a/0007-Introduce-nn-option.patch b/backport-0007-Introduce-nn-option.patch similarity index 100% rename from 0007-Introduce-nn-option.patch rename to backport-0007-Introduce-nn-option.patch diff --git a/backport-0009-Change-n-flag-to-nn-in-TESTonce.patch b/backport-0009-Change-n-flag-to-nn-in-TESTonce.patch new file mode 100644 index 0000000..659b7d1 --- /dev/null +++ b/backport-0009-Change-n-flag-to-nn-in-TESTonce.patch @@ -0,0 +1,13 @@ +diff --git a/tests/TESTrun b/tests/TESTrun +index b423627..aa3c97d 100755 +--- a/tests/TESTrun ++++ b/tests/TESTrun +@@ -102,7 +102,7 @@ sub runtest { + # + # Furthermore, on Windows, fc can't read the standard input, so we + # can't do it as a pipeline in any case. +- $r = system "$TCPDUMP -# -n -r $input $options >tests/NEW/${outputbase} 2>${rawstderrlog}"; ++ $r = system "$TCPDUMP -# -nn -r $input $options >tests/NEW/${outputbase} 2>${rawstderrlog}"; + if($r != 0) { + # + # Something other than "tcpdump opened the file, read it, and diff --git a/tcpdump-4.9.3.tar.gz b/tcpdump-4.9.3.tar.gz deleted file mode 100644 index 5c878d5..0000000 Binary files a/tcpdump-4.9.3.tar.gz and /dev/null differ diff --git a/tcpdump-4.9.3.tar.gz.sig b/tcpdump-4.9.3.tar.gz.sig deleted file mode 100644 index ef927bf..0000000 Binary files a/tcpdump-4.9.3.tar.gz.sig and /dev/null differ diff --git a/tcpdump-4.99.1.tar.gz b/tcpdump-4.99.1.tar.gz new file mode 100644 index 0000000..b97693b Binary files /dev/null and b/tcpdump-4.99.1.tar.gz differ diff --git a/tcpdump-4.99.1.tar.gz.sig b/tcpdump-4.99.1.tar.gz.sig new file mode 100644 index 0000000..389fe58 Binary files /dev/null and b/tcpdump-4.99.1.tar.gz.sig differ diff --git a/tcpdump.spec b/tcpdump.spec index 7f6c314..663ffc9 100644 --- a/tcpdump.spec +++ b/tcpdump.spec @@ -1,30 +1,24 @@ Name: tcpdump Epoch: 14 -Version: 4.9.3 -Release: 4 +Version: 4.99.1 +Release: 1 Summary: A network traffic monitoring tool License: BSD with advertising URL: http://www.tcpdump.org Source0: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz -Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz +Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.3.tar.gz Source2: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz.sig -Patch0: 0002-Use-getnameinfo-instead-of-gethostbyaddr.patch -Patch1: 0003-Drop-root-priviledges-before-opening-first-savefile-.patch -Patch2: 0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch -Patch3: 0005-tcpslice-remove-unneeded-include.patch -Patch4: 0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch -Patch5: 0007-Introduce-nn-option.patch -Patch6: 0009-Change-n-flag-to-nn-in-TESTonce.patch -Patch7: 0011-Evp-cipher-buffers.patch -Patch8: 0012-Add-printing-support-for-vsockmon-devices.patch -Patch9: CVE-2020-8037.patch +Patch0: backport-0002-Use-getnameinfo-instead-of-gethostbyaddr.patch +Patch1: backport-0003-Drop-root-priviledges-before-opening-first-savefile-.patch +Patch2: backport-0007-Introduce-nn-option.patch +Patch3: backport-0009-Change-n-flag-to-nn-in-TESTonce.patch Requires(pre): shadow-utils BuildRequires: automake openssl-devel libpcap-devel git-core gcc -%define tcpslice_dir tcpslice-1.2a3 +%define tcpslice_dir tcpslice-1.3 %description Tcpdump is a command-line tool for monitoring network traffic. @@ -90,6 +84,12 @@ exit 0 %{_mandir}/man8/tcpdump.8* %changelog +* Mon Mar 21 2022 yanglu - 4.99.1-1 +- Type:requirements +- ID:NA +- SUG:NA +- DESC:update tcpdump to 4.99.1 + * Fri Dec 18 2020 seuzw <930zhaowei@163.com> - 4.9.3-4 - Type:CVE - ID:CVE-2020-8037 diff --git a/tcpslice-1.2a3.tar.gz b/tcpslice-1.2a3.tar.gz deleted file mode 100644 index c36c8a5..0000000 Binary files a/tcpslice-1.2a3.tar.gz and /dev/null differ diff --git a/tcpslice-1.3.tar.gz b/tcpslice-1.3.tar.gz new file mode 100644 index 0000000..6bf65ce Binary files /dev/null and b/tcpslice-1.3.tar.gz differ