Resneptacle/openwrt-cghmn-mt300n
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tcpdump: update to 4.99.1

Browse Source 
Adjust
- 100-tcpdump_mini.patch

Remove upstreamed patches:
- 101-CVE-2020-8037.patch
- 102-CVE-2018-16301.patch

Changelog:

  Wednesday, June 9, 2021 by gharris
  Summary for 4.99.1 tcpdump release
    Source code:
      Squelch some compiler warnings
      ICMP: Update the snapend for some nested IP packets.
      MACsec: Update the snapend thus the ICV field is not payload
        for the caller.
      EIGRP: Fix packet header fields
      SMB: Disable printer by default in CMake builds
      OLSR: Print the protocol name even if the packet is invalid
      MSDP: Print ": " before the protocol name
      ESP: Remove padding, padding length and next header from the buffer
      DHCPv6: Update the snapend for nested DHCPv6 packets
      OpenFlow 1.0: Get snapend right for nested frames.
      TCP: Update the snapend before decoding a MPTCP option
      Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks
      ForCES: Refine SPARSEDATA-TLV length check.
      ASCII/hex: Use nd_trunc_longjmp() in truncation cases
      GeoNet: Add a ND_TCHECK_LEN() call
      Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES().
      BGP: Fix overwrites of global 'astostr' temporary buffer
      ARP: fix overwrites of static buffer in q922_string().
      Frame Relay: have q922_string() handle errors better.
    Building and testing:
      Rebuild configure script when building release
      Fix "make clean" for out-of-tree autotools builds
      CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
    Documentation:
      man: Update a reference as www.cifs.org is gone. [skip ci]
      man: Update DNS sections
    Solaris:
      Fix a compile error with Sun C

  Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl.
  Summary for 4.99.0 tcpdump release
    CVE-2018-16301: For the -F option handle large input files safely.
    Improve the contents, wording and formatting of the man page.
    Print unsupported link-layer protocol packets in hex.
    Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,
      Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand
      (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch
      Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS,
      ZigBee Encapsulation Protocol (ZEP).
    Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP,
      ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS,
      NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD,
      VXLAN-GPE.
    User interface:
      Make SLL2 the default for Linux "any" pseudo-device.
      Add --micro and --nano shorthands.
      Add --count to print a counter only instead of decoding.
      Add --print, to cause packet printing even with -w.
      Add support for remote capture if libpcap supports it.
      Display the "wireless" flag and connection status.
      Flush the output packet buffer on a SIGUSR2.
      Add the snapshot length to the "reading from file ..." message.
      Fix local time printing (DST offset in timestamps).
      Allow -C arguments > 2^31-1 GB if they can fit into a long.
      Handle very large -f files by rejecting them.
      Report periodic stats only when safe to do so.
      Print the number of packets captured only as often as necessary.
      With no -s, or with -s 0, don't specify the snapshot length with newer
        versions of libpcap.
      Improve version and usage message printing.
    Building and testing:
      Install into bindir, not sbindir.
      autoconf: replace --with-system-libpcap with --disable-local-libpcap.
      Require the compiler to support C99.
      Better detect and use various C compilers and their features.
      Add CMake as the second build system.
      Make out-of-tree builds more reliable.
      Use pkg-config to detect libpcap if available.
      Improve Windows support.
      Add more tests and improve the scripts that run them.
      Test both with "normal" and "x87" floating-point.
      Eliminate dependency on libdnet.
    FreeBSD:
      Print a proper error message about monitor mode VAP.
      Use libcasper if available.
      Fix failure to capture on RDMA device.
      Include the correct capsicum header.
    Source code:
      Start the transition to longjmp() for packet truncation handling.
      Introduce new helper functions, including GET_*(), nd_print_protocol(),
        nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others.
      Put integer signedness right in many cases.
      Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix
        alignment issues, especially on SPARC.
      Fix many C compiler, Coverity, UBSan and cppcheck warnings.
      Fix issues detected with AddressSanitizer.
      Remove many workarounds for older compilers and OSes.
      Add a sanity check on packet header length.
      Add and remove plenty of bounds checks.
      Clean up pcap_findalldevs() call to find the first interface.
      Use a short timeout, rather than immediate mode, for text output.
      Handle DLT_ENC files *not* written on the same OS and byte-order host.
      Add, and use, macros to do locale-independent case mapping.
      Use a table instead of getprotobynumber().
      Get rid of ND_UNALIGNED and ND_TCHECK().
      Make roundup2() generally available.
      Resync SMI list
 against Wireshark.
      Fix many typos.

Co-Developed-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
This commit is contained in:
Nick Hainke 2022-06-25 16:59:30 +02:00 committed by Hauke Mehrtens
parent 353d3eafb6
commit 86b0d3b00b
5 changed files with 359 additions and 504 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
package/network/utils/tcpdump/Makefile
View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=tcpdump PKG_NAME:=tcpdump
PKG_VERSION:=4.9.3 PKG_VERSION:=4.99.1
PKG_RELEASE:=4 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://www.tcpdump.org/release/ PKG_SOURCE_URL:=http://www.tcpdump.org/release/
PKG_HASH:=2cd47cb3d460b6ff75f4a9940f594317ad456cfbf2bd2c8e5151e16559db6410 PKG_HASH:=79b36985fb2703146618d87c4acde3e068b91c553fb93f021a337f175fd10ebe
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name> PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-3-Clause PKG_LICENSE:=BSD-3-Clause
@ -58,8 +58,8 @@ ifeq ($(BUILD_VARIANT),mini)
endif endif
define Package/tcpdump/install define Package/tcpdump/install
$(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/tcpdump $(1)/usr/sbin/ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/tcpdump $(1)/usr/bin/
endef endef
Package/tcpdump-mini/install = $(Package/tcpdump/install) Package/tcpdump-mini/install = $(Package/tcpdump/install)

6
package/network/utils/tcpdump/patches/001-remove_pcap_debug.patch
View File

@ -1,8 +1,8 @@
--- a/configure --- a/configure
+++ b/configure +++ b/configure
@@ -6183,97 +6183,6 @@ $as_echo "no" >&6; } @@ -6230,97 +6230,6 @@ fi
fi
fi
-# -#
-# Check for special debugging functions -# Check for special debugging functions

667
package/network/utils/tcpdump/patches/100-tcpdump_mini.patch
View File

File diff suppressed because it is too large Load Diff

47
package/network/utils/tcpdump/patches/101-CVE-2020-8037.patch
View File

@ -1,47 +0,0 @@
--- a/print-ppp.c
+++ b/print-ppp.c
@@ -1368,19 +1368,29 @@ trunc:
}
#ifndef TCPDUMP_MINI
+/*
+ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes.
+ * The length argument is the on-the-wire length, not the captured
+ * length; we can only un-escape the captured part.
+ */
static void
ppp_hdlc(netdissect_options *ndo,
const u_char *p, int length)
{
+ u_int caplen = ndo->ndo_snapend - p;
u_char *b, *t, c;
const u_char *s;
- int i, proto;
+ u_int i;
+ int proto;
const void *se;
+ if (caplen == 0)
+ return;
+
if (length <= 0)
return;
- b = (u_char *)malloc(length);
+ b = (u_char *)malloc(caplen);
if (b == NULL)
return;
@@ -1389,10 +1399,10 @@ ppp_hdlc(netdissect_options *ndo,
* Do this so that we dont overwrite the original packet
* contents.
*/
- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) {
+ for (s = p, t = b, i = caplen; i != 0; i--) {
c = *s++;
if (c == 0x7d) {
- if (i <= 1 || !ND_TTEST(*s))
+ if (i <= 1)
break;
i--;
c = *s++ ^ 0x20;

101
package/network/utils/tcpdump/patches/102-CVE-2018-16301.patch
View File

@ -1,101 +0,0 @@
From 8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Wed, 30 Sep 2020 11:37:30 -0700
Subject: [PATCH] Handle very large -f files by rejecting them.
_read(), on Windows, has a 32-bit size argument and a 32-bit return
value, so reject -f files that have more than 2^31-1 characters.
Add some #defines so that, on Windows, we use _fstati64 to get the size
of that file, to handle large files.
Don't assume that our definition for ssize_t is the same size as size_t;
by the time we want to print the return value of the read, we know it'll
fit into an int, so just cast it to int and print it with %d.
(cherry picked from commit faf8fb70af3a013e5d662b8283dec742fd6b1a77)
---
netdissect-stdinc.h | 16 +++++++++++++++-
tcpdump.c | 15 ++++++++++++---
2 files changed, 27 insertions(+), 4 deletions(-)
--- a/netdissect-stdinc.h
+++ b/netdissect-stdinc.h
@@ -149,10 +149,17 @@
#ifdef _MSC_VER
#define stat _stat
#define open _open
-#define fstat _fstat
#define read _read
#define close _close
#define O_RDONLY _O_RDONLY
+
+/*
+ * We define our_fstat64 as _fstati64, and define our_statb as
+ * struct _stati64, so we get 64-bit file sizes.
+ */
+#define our_fstat _fstati64
+#define our_statb struct _stati64
+
#endif /* _MSC_VER */
/*
@@ -211,6 +218,13 @@ typedef char* caddr_t;
#include <arpa/inet.h>
+/*
+ * We should have large file support enabled, if it's available,
+ * so just use fstat as our_fstat and struct stat as our_statb.
+ */
+#define our_fstat fstat
+#define our_statb struct stat
+
#endif /* _WIN32 */
#ifndef HAVE___ATTRIBUTE__
--- a/tcpdump.c
+++ b/tcpdump.c
@@ -108,6 +108,7 @@ The Regents of the University of Califor
#endif /* HAVE_CAP_NG_H */
#endif /* HAVE_LIBCAP_NG */
+#include "netdissect-stdinc.h"
#include "netdissect.h"
#include "interface.h"
#include "addrtoname.h"
@@ -861,15 +862,22 @@ read_infile(char *fname)
{
register int i, fd, cc;
register char *cp;
- struct stat buf;
+ our_statb buf;
fd = open(fname, O_RDONLY|O_BINARY);
if (fd < 0)
error("can't open %s: %s", fname, pcap_strerror(errno));
- if (fstat(fd, &buf) < 0)
+ if (our_fstat(fd, &buf) < 0)
error("can't stat %s: %s", fname, pcap_strerror(errno));
+ /*
+ * Reject files whose size doesn't fit into an int; a filter
+ * *that* large will probably be too big.
+ */
+ if (buf.st_size > INT_MAX)
+ error("%s is too large", fname);
+
cp = malloc((u_int)buf.st_size + 1);
if (cp == NULL)
error("malloc(%d) for %s: %s", (u_int)buf.st_size + 1,
@@ -878,7 +886,8 @@ read_infile(char *fname)
if (cc < 0)
error("read %s: %s", fname, pcap_strerror(errno));
if (cc != buf.st_size)
- error("short read %s (%d != %d)", fname, cc, (int)buf.st_size);
+ error("short read %s (%d != %d)", fname, (int) cc,
+ (int)buf.st_size);
close(fd);
/* replace "# comment" with spaces */