From 2558fa3aed71de563f16efa2027e1f4e01bf2cf4 Mon Sep 17 00:00:00 2001 From: Martin Sehnoutka Date: Feb 03 2017 09:12:29 +0000 Subject: New upstream version 4.9.0 --- diff --git a/.gitignore b/.gitignore index fd8ae1b..7bc1a85 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ tcpdump-4.1.1.tar.gz /tcpdump-4.7.4.tar.gz /tcpdump-4.8.0.tar.gz /tcpdump-4.8.1.tar.gz +/tcpdump-4.9.0.tar.gz diff --git a/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch b/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch index c1c0e89..c5e54ae 100644 --- a/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch +++ b/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch @@ -1,7 +1,7 @@ -From 854d1a18df48e793b627b638c6df7fd6fdf57554 Mon Sep 17 00:00:00 2001 +From f19e0376b8e98b38240d28eb9e6f78c465bb1c6e Mon Sep 17 00:00:00 2001 From: rpm-build Date: Mon, 20 Oct 2014 13:34:24 +0200 -Subject: [PATCH 1/7] icmp6: print Reachable Time and Retransmit Time from +Subject: [PATCH 1/8] icmp6: print Reachable Time and Retransmit Time from ICMPv6 as milliseconds --- @@ -9,10 +9,10 @@ Subject: [PATCH 1/7] icmp6: print Reachable Time and Retransmit Time from 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/print-icmp6.c b/print-icmp6.c -index 135f6ef..28e124c 100644 +index 7fe639d..cfaa2df 100644 --- a/print-icmp6.c +++ b/print-icmp6.c -@@ -1032,7 +1032,7 @@ icmp6_print(netdissect_options *ndo, +@@ -1034,7 +1034,7 @@ icmp6_print(netdissect_options *ndo, p = (const struct nd_router_advert *)dp; ND_TCHECK(p->nd_ra_retransmit); ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \ @@ -22,4 +22,5 @@ index 135f6ef..28e124c 100644 bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)), get_rtpref(p->nd_ra_flags_reserved), -- -1.8.3.1 \ No newline at end of file +2.9.3 + diff --git a/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch b/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch index c3e2d16..28bce58 100644 --- a/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch +++ b/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch @@ -1,14 +1,14 @@ -From e003824412501b060b1c4301c5cef7138c51d630 Mon Sep 17 00:00:00 2001 +From c48fba64fbbff9c75c79e32ab33aa65742c197d9 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Mon, 20 Oct 2014 14:12:46 +0200 -Subject: [PATCH 2/7] Use getnameinfo instead of gethostbyaddr +Subject: [PATCH 2/8] Use getnameinfo instead of gethostbyaddr --- addrtoname.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/addrtoname.c b/addrtoname.c -index 571a952..0caa8a9 100644 +index 6975b71..949acb7 100644 --- a/addrtoname.c +++ b/addrtoname.c @@ -220,7 +220,6 @@ static uint32_t f_localnet; @@ -102,5 +102,5 @@ index 571a952..0caa8a9 100644 cp = addrtostr6(ap, ntop_buf, sizeof(ntop_buf)); p->name = strdup(cp); -- -1.8.3.1 +2.9.3 diff --git a/0003-Drop-root-priviledges-before-opening-first-savefile-.patch b/0003-Drop-root-priviledges-before-opening-first-savefile-.patch index d68c944..c7ffc59 100644 --- a/0003-Drop-root-priviledges-before-opening-first-savefile-.patch +++ b/0003-Drop-root-priviledges-before-opening-first-savefile-.patch @@ -1,16 +1,16 @@ -From ec4e1a40fcf43d96a121a1ead877f2db4953dabb Mon Sep 17 00:00:00 2001 +From 9bee0dffaebbc53b9762df7a6d84a553969e7b00 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Wed, 25 Mar 2015 13:13:49 +0100 -Subject: [PATCH] Drop root priviledges before opening first savefile if +Date: Fri, 3 Feb 2017 09:36:26 +0100 +Subject: [PATCH 3/8] Drop root priviledges before opening first savefile if running with -Z root --- tcpdump.1.in | 7 ++++++- - tcpdump.c | 35 ++++++++++++++++++++++++++++++++--- - 2 files changed, 38 insertions(+), 4 deletions(-) + tcpdump.c | 30 ++++++++++++++++++++++++++++++ + 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/tcpdump.1.in b/tcpdump.1.in -index f9522cb..3f1bc5f 100644 +index f04a579..ca5cff2 100644 --- a/tcpdump.1.in +++ b/tcpdump.1.in @@ -249,6 +249,9 @@ have the name specified with the @@ -23,7 +23,7 @@ index f9522cb..3f1bc5f 100644 .TP .B \-d Dump the compiled packet-matching code in a human readable form to -@@ -865,7 +868,9 @@ but before opening any savefiles for output, change the user ID to +@@ -860,7 +863,9 @@ but before opening any savefiles for output, change the user ID to and the group ID to the primary group of .IR user . .IP @@ -35,24 +35,21 @@ index f9522cb..3f1bc5f 100644 .RS selects which packets will be dumped. diff --git a/tcpdump.c b/tcpdump.c -index a3cccc8..043191a 100644 +index 73bf138..29f7f87 100644 --- a/tcpdump.c +++ b/tcpdump.c -@@ -780,6 +780,7 @@ main(int argc, char **argv) +@@ -1133,6 +1133,7 @@ main(int argc, char **argv) cap_rights_t rights; int cansandbox; #endif /* HAVE_CAPSICUM */ + int chown_flag = 0; - int Bflag = 0; /* buffer size */ - int jflag = -1; /* packet time stamp source */ int Oflag = 1; /* run filter code optimizer */ -@@ -1598,9 +1599,22 @@ main(int argc, char **argv) + int yflag_dlt = -1; + const char *yflag_dlt_name = NULL; +@@ -1843,6 +1844,19 @@ main(int argc, char **argv) } capng_apply(CAPNG_SELECT_BOTH); #endif /* HAVE_LIBCAP_NG */ -- if (username || chroot_dir) -- droproot(username, chroot_dir); -- + /* If user is running tcpdump as root and wants to write to the savefile, + * we will check if -C is set and if it is, we will drop root + * privileges right away and consequent call to>pcap_dump_open() @@ -66,13 +63,10 @@ index a3cccc8..043191a 100644 + else + chown_flag = 1; + else -+ if (username || chroot_dir) -+ droproot(username, chroot_dir); -+ - } - #endif /* _WIN32 */ + if (username || chroot_dir) + droproot(username, chroot_dir); -@@ -1636,6 +1650,22 @@ main(int argc, char **argv) +@@ -1881,6 +1895,22 @@ main(int argc, char **argv) MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); p = pcap_dump_open(pd, dumpinfo.CurrentFileName); @@ -95,5 +89,6 @@ index a3cccc8..043191a 100644 #ifdef HAVE_LIBCAP_NG /* Give up CAP_DAC_OVERRIDE capability. * Only allow it to be restored if the -C or -G flag have been --- -2.3.4 +-- +2.9.3 + diff --git a/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch b/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch index 30539aa..d6973ac 100644 --- a/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch +++ b/0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch @@ -1,7 +1,7 @@ -From e029973991cf404936e67bafb4b5f94efd3a06cc Mon Sep 17 00:00:00 2001 +From 954c235f6db6f601d732b6fce48d2e8183c05d49 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Mon, 20 Oct 2014 14:43:04 +0200 -Subject: [PATCH 4/7] tcpslice: update tcpslice patch to 1.2a3 +Subject: [PATCH 4/8] tcpslice: update tcpslice patch to 1.2a3 --- tcpslice-1.2a3/search.c | 22 +++++++++++++++------- @@ -18,9 +18,9 @@ index 1e2d051..23aa105 100644 */ -#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr )) +#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr )) - + extern int snaplen; - + @@ -111,16 +111,24 @@ reasonable_header( struct pcap_pkthdr *hdr, time_t first_time, time_t last_time static void extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr ) @@ -29,7 +29,7 @@ index 1e2d051..23aa105 100644 + struct pcap_sf_pkthdr hdri; + + memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr)); - + if ( pcap_is_swapped( p ) ) { - hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec); @@ -53,13 +53,13 @@ index 1e2d051..23aa105 100644 * From bpf/libpcap/savefile.c: * diff --git a/tcpslice-1.2a3/tcpslice.h b/tcpslice-1.2a3/tcpslice.h -index de4a01c..9b220de 100644 +index de4a01c..9dcd1a1 100644 --- a/tcpslice-1.2a3/tcpslice.h +++ b/tcpslice-1.2a3/tcpslice.h @@ -20,6 +20,26 @@ */ - - + + +#include +/* #include */ + @@ -81,7 +81,8 @@ index de4a01c..9b220de 100644 +}; + time_t gwtm2secs( struct tm *tm ); - + int sf_find_end( struct pcap *p, struct timeval *first_timestamp, --- -1.8.3.1 +-- +2.9.3 + diff --git a/0005-tcpslice-remove-unneeded-include.patch b/0005-tcpslice-remove-unneeded-include.patch index cb2b542..2413575 100644 --- a/0005-tcpslice-remove-unneeded-include.patch +++ b/0005-tcpslice-remove-unneeded-include.patch @@ -1,7 +1,7 @@ -From c919edf76b8bd2360e50a6155588abdf03481244 Mon Sep 17 00:00:00 2001 +From d32956586bfb50b189132d5a15db8a50ef871278 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Mon, 20 Oct 2014 15:06:54 +0200 -Subject: [PATCH 5/7] tcpslice: remove unneeded include +Subject: [PATCH 5/8] tcpslice: remove unneeded include net/bpf.h doesn't exist on Linux. --- @@ -22,5 +22,5 @@ index e73d76f..895e54f 100644 #ifdef HAVE_FCNTL_H #include -- -1.8.3.1 +2.9.3 diff --git a/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch b/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch index 4438157..60efc1c 100644 --- a/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch +++ b/0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch @@ -1,7 +1,7 @@ -From a6a4b6fdb966ca408411d9002082f3a112b1c365 Mon Sep 17 00:00:00 2001 +From e159008d2f126d92112858269fb6b2fbca63ffc2 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Mon, 20 Oct 2014 15:19:44 +0200 -Subject: [PATCH 6/7] tcpslice: don't test the pointer but pointee for NULL +Subject: [PATCH 6/8] tcpslice: don't test the pointer but pointee for NULL --- tcpslice-1.2a3/tcpslice.c | 4 +++- @@ -23,5 +23,5 @@ index 895e54f..a91439b 100644 time_string, t_start); -- -1.8.3.1 +2.9.3 diff --git a/0007-Introduce-nn-option.patch b/0007-Introduce-nn-option.patch index b7682b6..1e64d8b 100644 --- a/0007-Introduce-nn-option.patch +++ b/0007-Introduce-nn-option.patch @@ -1,7 +1,7 @@ -From c653dd118fce60a16f0d17e983fc4693bf1287bd Mon Sep 17 00:00:00 2001 +From 9ea43c6c97d3653cb58c1934f8770b951917bf9a Mon Sep 17 00:00:00 2001 From: rpm-build Date: Mon, 20 Oct 2014 13:26:38 +0200 -Subject: [PATCH 7/7] Introduce -nn option +Subject: [PATCH 7/8] Introduce -nn option This changes the semantics on -n option so only namelookups are skipped. Port numbers *are* translated to their string representations. Option -nn then has @@ -12,10 +12,10 @@ the same semantics as -n had originally. 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/addrtoname.c b/addrtoname.c -index 277751d..ed8376b 100644 +index 949acb7..9dd78d8 100644 --- a/addrtoname.c +++ b/addrtoname.c -@@ -787,7 +787,7 @@ init_servarray(netdissect_options *ndo) +@@ -810,7 +810,7 @@ init_servarray(netdissect_options *ndo) while (table->name) table = table->nxt; @@ -24,7 +24,7 @@ index 277751d..ed8376b 100644 (void)snprintf(buf, sizeof(buf), "%d", port); table->name = strdup(buf); } else -@@ -1187,7 +1187,7 @@ init_addrtoname(netdissect_options *ndo, uint32_t localnet, uint32_t mask) +@@ -1233,7 +1233,7 @@ init_addrtoname(netdissect_options *ndo, uint32_t localnet, uint32_t mask) f_localnet = localnet; f_netmask = mask; } @@ -34,10 +34,10 @@ index 277751d..ed8376b 100644 * Simplest way to suppress names. */ diff --git a/tcpdump.1.in b/tcpdump.1.in -index e3a6ef4..a8e65c2 100644 +index ca5cff2..c711a24 100644 --- a/tcpdump.1.in +++ b/tcpdump.1.in -@@ -532,7 +532,11 @@ Use \fIsecret\fP as a shared secret for validating the digests found in +@@ -547,7 +547,11 @@ Use \fIsecret\fP as a shared secret for validating the digests found in TCP segments with the TCP-MD5 option (RFC 2385), if present. .TP .B \-n @@ -51,5 +51,5 @@ index e3a6ef4..a8e65c2 100644 .B \-N Don't print domain name qualification of host names. -- -1.8.3.1 +2.9.3 diff --git a/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch b/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch index 5933bed..2e4551c 100644 --- a/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch +++ b/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch @@ -1,17 +1,18 @@ -From 6a204e4e6d2268594858c85c642d98c082190787 Mon Sep 17 00:00:00 2001 +From d5508c13119404102104a3935e7445c9fddf79b5 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Wed, 25 Mar 2015 13:38:54 +0100 -Subject: [PATCH] Don't print out we dropped root, we are always dropping it +Date: Fri, 3 Feb 2017 09:43:03 +0100 +Subject: [PATCH 8/8] Don't print out we dropped root, we are always dropping + it --- - tcpdump.c | 6 ------ - 1 file changed, 6 deletions(-) + tcpdump.c | 5 ----- + 1 file changed, 5 deletions(-) diff --git a/tcpdump.c b/tcpdump.c -index 5598ec2..a3cccc8 100644 +index 29f7f87..18c4a5c 100644 --- a/tcpdump.c +++ b/tcpdump.c -@@ -552,8 +552,6 @@ droproot(const char *username, const char *chroot_dir) +@@ -618,8 +618,6 @@ droproot(const char *username, const char *chroot_dir) int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); if (ret < 0) { fprintf(stderr, "error : ret %d\n", ret); @@ -20,9 +21,9 @@ index 5598ec2..a3cccc8 100644 } } #else -@@ -566,9 +564,6 @@ droproot(const char *username, const char *chroot_dir) +@@ -632,9 +630,6 @@ droproot(const char *username, const char *chroot_dir) pcap_strerror(errno)); - exit(1); + exit_tcpdump(1); } - else { - fprintf(stderr, "dropped privs to %s\n", username); @@ -31,5 +32,5 @@ index 5598ec2..a3cccc8 100644 } else { -- -2.3.4 +2.9.3 diff --git a/sources b/sources index 49d0f10..af2feb9 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -32f57943649f276e09236ba66622bb0c tcpdump-4.8.1.tar.gz e329cbeb7e589f132d92c3447c477190 tcpslice-1.2a3.tar.gz +SHA512 (tcpdump-4.9.0.tar.gz) = e98d73ae706d42e96b4069e196cf17af892eb97935664eebd08779b55b4da858bc1732d714efd16924f862aad0ba5550ceb2213c68414ed48907c46456c9fc82 diff --git a/tcpdump.spec b/tcpdump.spec index 7d41480..9e8b7ba 100644 --- a/tcpdump.spec +++ b/tcpdump.spec @@ -1,7 +1,7 @@ Summary: A network traffic monitoring tool Name: tcpdump Epoch: 14 -Version: 4.8.1 +Version: 4.9.0 Release: 1%{?dist} License: BSD with advertising URL: http://www.tcpdump.org @@ -75,13 +75,17 @@ exit 0 %files %defattr(-,root,root) -%doc LICENSE README.md CHANGES CREDITS +%license LICENSE +%doc README.md CHANGES CREDITS %{_sbindir}/tcpdump %{_sbindir}/tcpslice %{_mandir}/man8/tcpslice.8* %{_mandir}/man8/tcpdump.8* %changelog +* Fri Feb 03 2017 Martin Sehnoutka - 14:4.9.0-1 +- New upstream version 4.9.0 + * Mon Oct 31 2016 Luboš Uhliarik - 14:4.8.1-1 - new version 4.8.1