tcpdump: update to 4.99.1
Adjust
- 100-tcpdump_mini.patch
Remove upstreamed patches:
- 101-CVE-2020-8037.patch
- 102-CVE-2018-16301.patch
Changelog:
Wednesday, June 9, 2021 by gharris
Summary for 4.99.1 tcpdump release
Source code:
Squelch some compiler warnings
ICMP: Update the snapend for some nested IP packets.
MACsec: Update the snapend thus the ICV field is not payload
for the caller.
EIGRP: Fix packet header fields
SMB: Disable printer by default in CMake builds
OLSR: Print the protocol name even if the packet is invalid
MSDP: Print ": " before the protocol name
ESP: Remove padding, padding length and next header from the buffer
DHCPv6: Update the snapend for nested DHCPv6 packets
OpenFlow 1.0: Get snapend right for nested frames.
TCP: Update the snapend before decoding a MPTCP option
Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks
ForCES: Refine SPARSEDATA-TLV length check.
ASCII/hex: Use nd_trunc_longjmp() in truncation cases
GeoNet: Add a ND_TCHECK_LEN() call
Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES().
BGP: Fix overwrites of global 'astostr' temporary buffer
ARP: fix overwrites of static buffer in q922_string().
Frame Relay: have q922_string() handle errors better.
Building and testing:
Rebuild configure script when building release
Fix "make clean" for out-of-tree autotools builds
CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
Documentation:
man: Update a reference as www.cifs.org is gone. [skip ci]
man: Update DNS sections
Solaris:
Fix a compile error with Sun C
Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl.
Summary for 4.99.0 tcpdump release
CVE-2018-16301: For the -F option handle large input files safely.
Improve the contents, wording and formatting of the man page.
Print unsupported link-layer protocol packets in hex.
Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,
Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand
(IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch
Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS,
ZigBee Encapsulation Protocol (ZEP).
Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP,
ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS,
NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD,
VXLAN-GPE.
User interface:
Make SLL2 the default for Linux "any" pseudo-device.
Add --micro and --nano shorthands.
Add --count to print a counter only instead of decoding.
Add --print, to cause packet printing even with -w.
Add support for remote capture if libpcap supports it.
Display the "wireless" flag and connection status.
Flush the output packet buffer on a SIGUSR2.
Add the snapshot length to the "reading from file ..." message.
Fix local time printing (DST offset in timestamps).
Allow -C arguments > 2^31-1 GB if they can fit into a long.
Handle very large -f files by rejecting them.
Report periodic stats only when safe to do so.
Print the number of packets captured only as often as necessary.
With no -s, or with -s 0, don't specify the snapshot length with newer
versions of libpcap.
Improve version and usage message printing.
Building and testing:
Install into bindir, not sbindir.
autoconf: replace --with-system-libpcap with --disable-local-libpcap.
Require the compiler to support C99.
Better detect and use various C compilers and their features.
Add CMake as the second build system.
Make out-of-tree builds more reliable.
Use pkg-config to detect libpcap if available.
Improve Windows support.
Add more tests and improve the scripts that run them.
Test both with "normal" and "x87" floating-point.
Eliminate dependency on libdnet.
FreeBSD:
Print a proper error message about monitor mode VAP.
Use libcasper if available.
Fix failure to capture on RDMA device.
Include the correct capsicum header.
Source code:
Start the transition to longjmp() for packet truncation handling.
Introduce new helper functions, including GET_*(), nd_print_protocol(),
nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others.
Put integer signedness right in many cases.
Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix
alignment issues, especially on SPARC.
Fix many C compiler, Coverity, UBSan and cppcheck warnings.
Fix issues detected with AddressSanitizer.
Remove many workarounds for older compilers and OSes.
Add a sanity check on packet header length.
Add and remove plenty of bounds checks.
Clean up pcap_findalldevs() call to find the first interface.
Use a short timeout, rather than immediate mode, for text output.
Handle DLT_ENC files *not* written on the same OS and byte-order host.
Add, and use, macros to do locale-independent case mapping.
Use a table instead of getprotobynumber().
Get rid of ND_UNALIGNED and ND_TCHECK().
Make roundup2() generally available.
Resync SMI list
against Wireshark.
Fix many typos.
Co-Developed-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
This commit is contained in:
Nick Hainke
committed by
Hauke Mehrtens
Hauke Mehrtens
parent
353d3eafb6
commit
86b0d3b00b
@@ -8,12 +8,12 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=tcpdump
|
||||
PKG_VERSION:=4.9.3
|
||||
PKG_RELEASE:=4
|
||||
PKG_VERSION:=4.99.1
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=http://www.tcpdump.org/release/
|
||||
PKG_HASH:=2cd47cb3d460b6ff75f4a9940f594317ad456cfbf2bd2c8e5151e16559db6410
|
||||
PKG_HASH:=79b36985fb2703146618d87c4acde3e068b91c553fb93f021a337f175fd10ebe
|
||||
|
||||
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
|
||||
PKG_LICENSE:=BSD-3-Clause
|
||||
@@ -58,8 +58,8 @@ ifeq ($(BUILD_VARIANT),mini)
|
||||
endif
|
||||
|
||||
define Package/tcpdump/install
|
||||
$(INSTALL_DIR) $(1)/usr/sbin
|
||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/tcpdump $(1)/usr/sbin/
|
||||
$(INSTALL_DIR) $(1)/usr/bin
|
||||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/tcpdump $(1)/usr/bin/
|
||||
endef
|
||||
|
||||
Package/tcpdump-mini/install = $(Package/tcpdump/install)
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -6183,97 +6183,6 @@ $as_echo "no" >&6; }
|
||||
fi
|
||||
fi
|
||||
@@ -6230,97 +6230,6 @@ fi
|
||||
|
||||
|
||||
|
||||
-#
|
||||
-# Check for special debugging functions
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,47 +0,0 @@
|
||||
--- a/print-ppp.c
|
||||
+++ b/print-ppp.c
|
||||
@@ -1368,19 +1368,29 @@ trunc:
|
||||
}
|
||||
|
||||
#ifndef TCPDUMP_MINI
|
||||
+/*
|
||||
+ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes.
|
||||
+ * The length argument is the on-the-wire length, not the captured
|
||||
+ * length; we can only un-escape the captured part.
|
||||
+ */
|
||||
static void
|
||||
ppp_hdlc(netdissect_options *ndo,
|
||||
const u_char *p, int length)
|
||||
{
|
||||
+ u_int caplen = ndo->ndo_snapend - p;
|
||||
u_char *b, *t, c;
|
||||
const u_char *s;
|
||||
- int i, proto;
|
||||
+ u_int i;
|
||||
+ int proto;
|
||||
const void *se;
|
||||
|
||||
+ if (caplen == 0)
|
||||
+ return;
|
||||
+
|
||||
if (length <= 0)
|
||||
return;
|
||||
|
||||
- b = (u_char *)malloc(length);
|
||||
+ b = (u_char *)malloc(caplen);
|
||||
if (b == NULL)
|
||||
return;
|
||||
|
||||
@@ -1389,10 +1399,10 @@ ppp_hdlc(netdissect_options *ndo,
|
||||
* Do this so that we dont overwrite the original packet
|
||||
* contents.
|
||||
*/
|
||||
- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) {
|
||||
+ for (s = p, t = b, i = caplen; i != 0; i--) {
|
||||
c = *s++;
|
||||
if (c == 0x7d) {
|
||||
- if (i <= 1 || !ND_TTEST(*s))
|
||||
+ if (i <= 1)
|
||||
break;
|
||||
i--;
|
||||
c = *s++ ^ 0x20;
|
||||
@@ -1,101 +0,0 @@
|
||||
From 8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 Mon Sep 17 00:00:00 2001
|
||||
From: Guy Harris <gharris@sonic.net>
|
||||
Date: Wed, 30 Sep 2020 11:37:30 -0700
|
||||
Subject: [PATCH] Handle very large -f files by rejecting them.
|
||||
|
||||
_read(), on Windows, has a 32-bit size argument and a 32-bit return
|
||||
value, so reject -f files that have more than 2^31-1 characters.
|
||||
|
||||
Add some #defines so that, on Windows, we use _fstati64 to get the size
|
||||
of that file, to handle large files.
|
||||
|
||||
Don't assume that our definition for ssize_t is the same size as size_t;
|
||||
by the time we want to print the return value of the read, we know it'll
|
||||
fit into an int, so just cast it to int and print it with %d.
|
||||
|
||||
(cherry picked from commit faf8fb70af3a013e5d662b8283dec742fd6b1a77)
|
||||
---
|
||||
netdissect-stdinc.h | 16 +++++++++++++++-
|
||||
tcpdump.c | 15 ++++++++++++---
|
||||
2 files changed, 27 insertions(+), 4 deletions(-)
|
||||
|
||||
--- a/netdissect-stdinc.h
|
||||
+++ b/netdissect-stdinc.h
|
||||
@@ -149,10 +149,17 @@
|
||||
#ifdef _MSC_VER
|
||||
#define stat _stat
|
||||
#define open _open
|
||||
-#define fstat _fstat
|
||||
#define read _read
|
||||
#define close _close
|
||||
#define O_RDONLY _O_RDONLY
|
||||
+
|
||||
+/*
|
||||
+ * We define our_fstat64 as _fstati64, and define our_statb as
|
||||
+ * struct _stati64, so we get 64-bit file sizes.
|
||||
+ */
|
||||
+#define our_fstat _fstati64
|
||||
+#define our_statb struct _stati64
|
||||
+
|
||||
#endif /* _MSC_VER */
|
||||
|
||||
/*
|
||||
@@ -211,6 +218,13 @@ typedef char* caddr_t;
|
||||
|
||||
#include <arpa/inet.h>
|
||||
|
||||
+/*
|
||||
+ * We should have large file support enabled, if it's available,
|
||||
+ * so just use fstat as our_fstat and struct stat as our_statb.
|
||||
+ */
|
||||
+#define our_fstat fstat
|
||||
+#define our_statb struct stat
|
||||
+
|
||||
#endif /* _WIN32 */
|
||||
|
||||
#ifndef HAVE___ATTRIBUTE__
|
||||
--- a/tcpdump.c
|
||||
+++ b/tcpdump.c
|
||||
@@ -108,6 +108,7 @@ The Regents of the University of Califor
|
||||
#endif /* HAVE_CAP_NG_H */
|
||||
#endif /* HAVE_LIBCAP_NG */
|
||||
|
||||
+#include "netdissect-stdinc.h"
|
||||
#include "netdissect.h"
|
||||
#include "interface.h"
|
||||
#include "addrtoname.h"
|
||||
@@ -861,15 +862,22 @@ read_infile(char *fname)
|
||||
{
|
||||
register int i, fd, cc;
|
||||
register char *cp;
|
||||
- struct stat buf;
|
||||
+ our_statb buf;
|
||||
|
||||
fd = open(fname, O_RDONLY|O_BINARY);
|
||||
if (fd < 0)
|
||||
error("can't open %s: %s", fname, pcap_strerror(errno));
|
||||
|
||||
- if (fstat(fd, &buf) < 0)
|
||||
+ if (our_fstat(fd, &buf) < 0)
|
||||
error("can't stat %s: %s", fname, pcap_strerror(errno));
|
||||
|
||||
+ /*
|
||||
+ * Reject files whose size doesn't fit into an int; a filter
|
||||
+ * *that* large will probably be too big.
|
||||
+ */
|
||||
+ if (buf.st_size > INT_MAX)
|
||||
+ error("%s is too large", fname);
|
||||
+
|
||||
cp = malloc((u_int)buf.st_size + 1);
|
||||
if (cp == NULL)
|
||||
error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1,
|
||||
@@ -878,7 +886,8 @@ read_infile(char *fname)
|
||||
if (cc < 0)
|
||||
error("read %s: %s", fname, pcap_strerror(errno));
|
||||
if (cc != buf.st_size)
|
||||
- error("short read %s (%d != %d)", fname, cc, (int)buf.st_size);
|
||||
+ error("short read %s (%d != %d)", fname, (int) cc,
|
||||
+ (int)buf.st_size);
|
||||
|
||||
close(fd);
|
||||
/* replace "# comment" with spaces */
|
||||
Reference in New Issue
Block a user