From 561100c24afcf334c5c2e8747768c52dd0ee6ab1 Mon Sep 17 00:00:00 2001 From: Luboš Uhliarik Date: Aug 10 2016 14:46:42 +0000 Subject: new version 4.8.0 --- diff --git a/.gitignore b/.gitignore index b10bb33..f16d738 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ tcpdump-4.1.1.tar.gz /tcpdump-4.6.2.tar.gz /tcpdump-4.7.3.tar.gz /tcpdump-4.7.4.tar.gz +/tcpdump-4.8.0.tar.gz diff --git a/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch b/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch index 29d6a4f..c1c0e89 100644 --- a/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch +++ b/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch @@ -9,11 +9,11 @@ Subject: [PATCH 1/7] icmp6: print Reachable Time and Retransmit Time from 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/print-icmp6.c b/print-icmp6.c -index 553bb46..e288630 100644 +index 135f6ef..28e124c 100644 --- a/print-icmp6.c +++ b/print-icmp6.c -@@ -1053,7 +1053,7 @@ icmp6_print(netdissect_options *ndo, - p = (struct nd_router_advert *)dp; +@@ -1032,7 +1032,7 @@ icmp6_print(netdissect_options *ndo, + p = (const struct nd_router_advert *)dp; ND_TCHECK(p->nd_ra_retransmit); ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \ - ", pref %s, router lifetime %us, reachable time %us, retrans time %us", @@ -22,5 +22,4 @@ index 553bb46..e288630 100644 bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)), get_rtpref(p->nd_ra_flags_reserved), -- -1.8.3.1 - +1.8.3.1 \ No newline at end of file diff --git a/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch b/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch index 514cb90..c3e2d16 100644 --- a/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch +++ b/0002-Use-getnameinfo-instead-of-gethostbyaddr.patch @@ -8,18 +8,18 @@ Subject: [PATCH 2/7] Use getnameinfo instead of gethostbyaddr 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/addrtoname.c b/addrtoname.c -index eb0b2ae..277751d 100644 +index 571a952..0caa8a9 100644 --- a/addrtoname.c +++ b/addrtoname.c -@@ -221,7 +221,6 @@ static uint32_t f_localnet; +@@ -220,7 +220,6 @@ static uint32_t f_localnet; const char * getname(netdissect_options *ndo, const u_char *ap) { - register struct hostent *hp; uint32_t addr; - static struct hnamemem *p; /* static for longjmp() */ + struct hnamemem *p; -@@ -243,6 +242,28 @@ getname(netdissect_options *ndo, const u_char *ap) +@@ -242,6 +241,28 @@ getname(netdissect_options *ndo, const u_char *ap) */ if (!ndo->ndo_nflag && (addr & f_netmask) == f_localnet) { @@ -48,15 +48,15 @@ index eb0b2ae..277751d 100644 hp = gethostbyaddr((char *)&addr, 4, AF_INET); if (hp) { char *dotp; -@@ -256,6 +277,7 @@ getname(netdissect_options *ndo, const u_char *ap) +@@ -258,6 +279,7 @@ getname(netdissect_options *ndo, const u_char *ap) } return (p->name); } +#endif } p->name = strdup(intoa(addr)); - return (p->name); -@@ -269,7 +291,6 @@ getname(netdissect_options *ndo, const u_char *ap) + if (p->name == NULL) +@@ -272,7 +294,6 @@ getname(netdissect_options *ndo, const u_char *ap) const char * getname6(netdissect_options *ndo, const u_char *ap) { @@ -64,7 +64,7 @@ index eb0b2ae..277751d 100644 union { struct in6_addr addr; struct for_hash_addr { -@@ -294,6 +315,28 @@ getname6(netdissect_options *ndo, const u_char *ap) +@@ -297,6 +318,28 @@ getname6(netdissect_options *ndo, const u_char *ap) * Do not print names if -n was given. */ if (!ndo->ndo_nflag) { @@ -93,13 +93,13 @@ index eb0b2ae..277751d 100644 hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); if (hp) { char *dotp; -@@ -307,6 +350,7 @@ getname6(netdissect_options *ndo, const u_char *ap) +@@ -313,6 +356,7 @@ getname6(netdissect_options *ndo, const u_char *ap) } return (p->name); } +#endif } - cp = inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf)); + cp = addrtostr6(ap, ntop_buf, sizeof(ntop_buf)); p->name = strdup(cp); -- 1.8.3.1 diff --git a/0003-Drop-root-priviledges-before-opening-first-savefile-.patch b/0003-Drop-root-priviledges-before-opening-first-savefile-.patch index 2956649..d68c944 100644 --- a/0003-Drop-root-priviledges-before-opening-first-savefile-.patch +++ b/0003-Drop-root-priviledges-before-opening-first-savefile-.patch @@ -35,63 +35,63 @@ index f9522cb..3f1bc5f 100644 .RS selects which packets will be dumped. diff --git a/tcpdump.c b/tcpdump.c -index 2fd1617..4cbeb05 100644 +index a3cccc8..043191a 100644 --- a/tcpdump.c +++ b/tcpdump.c -@@ -1029,6 +1029,7 @@ main(int argc, char **argv) +@@ -780,6 +780,7 @@ main(int argc, char **argv) cap_rights_t rights; int cansandbox; #endif /* HAVE_CAPSICUM */ -+ int chown_flag = 0; - - #ifdef WIN32 - if(wsockinit() != 0) return 1; -@@ -1841,10 +1842,23 @@ main(int argc, char **argv) ++ int chown_flag = 0; + int Bflag = 0; /* buffer size */ + int jflag = -1; /* packet time stamp source */ + int Oflag = 1; /* run filter code optimizer */ +@@ -1598,9 +1599,22 @@ main(int argc, char **argv) } capng_apply(CAPNG_SELECT_BOTH); #endif /* HAVE_LIBCAP_NG */ - if (username || chroot_dir) - droproot(username, chroot_dir); -+ /* If user is running tcpdump as root and wants to write to the savefile, -+ * we will check if -C is set and if it is, we will drop root -+ * privileges right away and consequent call to pcap_dump_open() -+ * will most likely fail for the first file. If -C flag is not set we -+ * will create file as root then change ownership of file to proper -+ * user(default tcpdump) and drop root privileges. -+ */ -+ if (WFileName) -+ if (Cflag && (username || chroot_dir)) -+ droproot(username, chroot_dir); -+ else -+ chown_flag = 1; +- ++ /* If user is running tcpdump as root and wants to write to the savefile, ++ * we will check if -C is set and if it is, we will drop root ++ * privileges right away and consequent call to>pcap_dump_open() ++ * will most likely fail for the first file. If -C flag is not set we ++ * will create file as root then change ownership of file to proper ++ * user(default tcpdump) and drop root privileges. ++ */ ++ if (WFileName) ++ if (Cflag && (username || chroot_dir)) ++ droproot(username, chroot_dir); + else -+ if (username || chroot_dir) -+ droproot(username, chroot_dir); -+ } - -- } - #endif /* WIN32 */ - - if (pcap_setfilter(pd, &fcode) < 0) -@@ -1879,6 +1893,21 @@ main(int argc, char **argv) ++ chown_flag = 1; ++ else ++ if (username || chroot_dir) ++ droproot(username, chroot_dir); ++ + } + #endif /* _WIN32 */ + +@@ -1636,6 +1650,22 @@ main(int argc, char **argv) MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); - + p = pcap_dump_open(pd, dumpinfo.CurrentFileName); + -+ /* Change ownership of file and drop root privileges */ -+ if (chown_flag) { -+ struct passwd *pwd; ++ /* Change ownership of file and drop root privileges */ ++ if (chown_flag) { ++ struct passwd *pwd; ++ ++ pwd = getpwnam(username); ++ if (!pwd) ++ error("Couldn't find user '%s'", username); + -+ pwd = getpwnam(username); -+ if (!pwd) -+ error("Couldn't find user '%s'", username); ++ if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0) ++ error("Couldn't change ownership of savefile"); + -+ if (strcmp(WFileName, "-") && chown(dumpinfo.CurrentFileName, pwd->pw_uid, pwd->pw_gid) < 0) -+ error("Couldn't change ownership of savefile"); ++ if (username || chroot_dir) ++ droproot(username, chroot_dir); ++ } + -+ if (username || chroot_dir) -+ droproot(username, chroot_dir); -+ } #ifdef HAVE_LIBCAP_NG /* Give up CAP_DAC_OVERRIDE capability. * Only allow it to be restored if the -C or -G flag have been diff --git a/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch b/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch index 8aeb96a..5933bed 100644 --- a/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch +++ b/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch @@ -8,21 +8,20 @@ Subject: [PATCH] Don't print out we dropped root, we are always dropping it 1 file changed, 6 deletions(-) diff --git a/tcpdump.c b/tcpdump.c -index 1a17361..7d45924 100644 +index 5598ec2..a3cccc8 100644 --- a/tcpdump.c +++ b/tcpdump.c -@@ -758,9 +758,6 @@ droproot(const char *username, const char *chroot_dir) - if (ret < 0) { - fprintf(stderr, "error : ret %d\n", ret); +@@ -552,8 +552,6 @@ droproot(const char *username, const char *chroot_dir) + int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); + if (ret < 0) { + fprintf(stderr, "error : ret %d\n", ret); +- } else { +- fprintf(stderr, "dropped privs to %s\n", username); + } } -- else { -- fprintf(stderr, "dropped privs to %s\n", username); -- } #else - if (initgroups(pw->pw_name, pw->pw_gid) != 0 || - setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) { -@@ -771,9 +768,6 @@ droproot(const char *username, const char *chroot_dir) - pcap_strerror(errno)); +@@ -566,9 +564,6 @@ droproot(const char *username, const char *chroot_dir) + pcap_strerror(errno)); exit(1); } - else { diff --git a/sources b/sources index d8dd4fb..0dccfd2 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -58af728de36f499341918fc4b8e827c3 tcpdump-4.7.4.tar.gz +68778081ed0a0654f491fbf17ad1a8e5 tcpdump-4.8.0.tar.gz e329cbeb7e589f132d92c3447c477190 tcpslice-1.2a3.tar.gz diff --git a/tcpdump.spec b/tcpdump.spec index 8895859..b682adc 100644 --- a/tcpdump.spec +++ b/tcpdump.spec @@ -1,8 +1,8 @@ Summary: A network traffic monitoring tool Name: tcpdump Epoch: 14 -Version: 4.7.4 -Release: 4%{?dist} +Version: 4.8.0 +Release: 1%{?dist} License: BSD with advertising URL: http://www.tcpdump.org Group: Applications/Internet @@ -82,6 +82,9 @@ exit 0 %{_mandir}/man8/tcpdump.8* %changelog +* Tue Aug 09 2016 Luboš Uhliarik - 14:4.8.0-1 +- new version 4.8.0 + * Fri Feb 05 2016 Fedora Release Engineering - 14:4.7.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild