From 01bdc4f5520fd21860201e4e1892f202f65ac9ab Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 03 2020 11:59:02 +0000 Subject: import tcpdump-4.9.3-1.el8 --- diff --git a/.gitignore b/.gitignore index 8b13cdc..e45ade0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/tcpdump-4.9.2.tar.gz +SOURCES/tcpdump-4.9.3.tar.gz SOURCES/tcpslice-1.2a3.tar.gz diff --git a/.tcpdump.metadata b/.tcpdump.metadata index 0bccb2a..7eaf682 100644 --- a/.tcpdump.metadata +++ b/.tcpdump.metadata @@ -1,2 +1,2 @@ -f7dccebe94c3d07ac8744d43297ea2b98b35a13f SOURCES/tcpdump-4.9.2.tar.gz +59b309f3620ac4b709de2eaf7bf3a83bf04bc048 SOURCES/tcpdump-4.9.3.tar.gz 98790301cb1bf4399a95153bc62d49b3f5808994 SOURCES/tcpslice-1.2a3.tar.gz diff --git a/SOURCES/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch b/SOURCES/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch deleted file mode 100644 index c5e54ae..0000000 --- a/SOURCES/0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From f19e0376b8e98b38240d28eb9e6f78c465bb1c6e Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Mon, 20 Oct 2014 13:34:24 +0200 -Subject: [PATCH 1/8] icmp6: print Reachable Time and Retransmit Time from - ICMPv6 as milliseconds - ---- - print-icmp6.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/print-icmp6.c b/print-icmp6.c -index 7fe639d..cfaa2df 100644 ---- a/print-icmp6.c -+++ b/print-icmp6.c -@@ -1034,7 +1034,7 @@ icmp6_print(netdissect_options *ndo, - p = (const struct nd_router_advert *)dp; - ND_TCHECK(p->nd_ra_retransmit); - ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \ -- ", pref %s, router lifetime %us, reachable time %us, retrans time %us", -+ ", pref %s, router lifetime %us, reachable time %ums, retrans time %ums", - (u_int)p->nd_ra_curhoplimit, - bittok2str(icmp6_opt_ra_flag_values,"none",(p->nd_ra_flags_reserved)), - get_rtpref(p->nd_ra_flags_reserved), --- -2.9.3 - diff --git a/SOURCES/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch b/SOURCES/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch deleted file mode 100644 index 2e4551c..0000000 --- a/SOURCES/0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch +++ /dev/null @@ -1,36 +0,0 @@ -From d5508c13119404102104a3935e7445c9fddf79b5 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Fri, 3 Feb 2017 09:43:03 +0100 -Subject: [PATCH 8/8] Don't print out we dropped root, we are always dropping - it - ---- - tcpdump.c | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/tcpdump.c b/tcpdump.c -index 29f7f87..18c4a5c 100644 ---- a/tcpdump.c -+++ b/tcpdump.c -@@ -618,8 +618,6 @@ droproot(const char *username, const char *chroot_dir) - int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); - if (ret < 0) { - fprintf(stderr, "error : ret %d\n", ret); -- } else { -- fprintf(stderr, "dropped privs to %s\n", username); - } - } - #else -@@ -632,9 +630,6 @@ droproot(const char *username, const char *chroot_dir) - pcap_strerror(errno)); - exit_tcpdump(1); - } -- else { -- fprintf(stderr, "dropped privs to %s\n", username); -- } - #endif /* HAVE_LIBCAP_NG */ - } - else { --- -2.9.3 - diff --git a/SOURCES/0009-Change-n-flag-to-nn-in-TESTonce.patch b/SOURCES/0009-Change-n-flag-to-nn-in-TESTonce.patch index 53a9556..d106be3 100644 --- a/SOURCES/0009-Change-n-flag-to-nn-in-TESTonce.patch +++ b/SOURCES/0009-Change-n-flag-to-nn-in-TESTonce.patch @@ -10,18 +10,15 @@ flag than upstream does. We use -nn in those cases. 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/TESTonce b/tests/TESTonce -index 7026624..e348701 100755 +index 425abaa..81283d9 100755 --- a/tests/TESTonce +++ b/tests/TESTonce -@@ -21,7 +21,7 @@ if ($^O eq 'MSWin32') { +@@ -43,7 +43,7 @@ if ($^O eq 'MSWin32') { else { # we used to do this as a nice pipeline, but the problem is that $r fails to # to be set properly if the tcpdump core dumps. -- $r = system "../tcpdump 2>/dev/null -n -t -r $input $options >NEW/$output"; -+ $r = system "../tcpdump 2>/dev/null -nn -t -r $input $options >NEW/$output"; - if($r != 0) { - # this means tcpdump failed. - open(OUTPUT, ">>"."NEW/$output") || die "fail to open $output\n"; --- -2.13.5 - +- $cmd = "$TCPDUMP 2>${rawstderrlog} -t -n -r $input $options >tests/NEW/${outputbase}"; ++ $cmd = "$TCPDUMP 2>${rawstderrlog} -t -nn -r $input $options >tests/NEW/${outputbase}"; + print "CMD: $cmd\n" if $debug; + $r = system $cmd; + if($r == -1) { diff --git a/SOURCES/0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch b/SOURCES/0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch deleted file mode 100644 index 30502b8..0000000 --- a/SOURCES/0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 0ae4aa1881bbe40443bff802b5e4aa6ca0696dd9 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 11 Apr 2017 09:37:53 +0200 -Subject: [PATCH 10/13] Expect miliseconds instead of seconds in icmp capture. - -Again this is caused by our patch, so we need to modify tests -accordingly. ---- - tests/icmpv6.out | 2 +- - tests/icmpv6_opt24-v.out | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/tests/icmpv6.out b/tests/icmpv6.out -index bb7775e..8979540 100644 ---- a/tests/icmpv6.out -+++ b/tests/icmpv6.out -@@ -1,5 +1,5 @@ - IP6 (hlim 255, next-header ICMPv6 (58) payload length: 176) fe80::b299:28ff:fec8:d66c > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 176 -- hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0s, retrans time 0s -+ hop limit 64, Flags [home agent], pref medium, router lifetime 15s, reachable time 0ms, retrans time 0ms - prefix info option (3), length 32 (4): 2222:3333:4444:5555:6600::/72, Flags [onlink, auto], valid time 2592000s, pref. time 604800s - 0x0000: 48c0 0027 8d00 0009 3a80 0000 0000 2222 - 0x0010: 3333 4444 5555 6600 0000 0000 0000 -diff --git a/tests/icmpv6_opt24-v.out b/tests/icmpv6_opt24-v.out -index 2b7cf09..00512df 100644 ---- a/tests/icmpv6_opt24-v.out -+++ b/tests/icmpv6_opt24-v.out -@@ -1,5 +1,5 @@ - IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120 -- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s -+ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms - source link-address option (1), length 8 (1): 14:cf:92:87:23:d6 - mtu option (5), length 8 (1): 1500 - prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s -@@ -7,7 +7,7 @@ IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87 - rdnss option (25), length 24 (3): lifetime 1800s, addr: fd8d:4fb3:5b2e::1 - dnssl option (31), length 16 (2): lifetime 1800s, domain(s): lan. - IP6 (hlim 255, next-header ICMPv6 (58) payload length: 120) fe80::16cf:92ff:fe87:23d6 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 120 -- hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0s, retrans time 0s -+ hop limit 0, Flags [managed, other stateful], pref medium, router lifetime 0s, reachable time 0ms, retrans time 0ms - source link-address option (1), length 8 (1): 14:cf:92:87:23:d6 - mtu option (5), length 8 (1): 1500 - prefix info option (3), length 32 (4): fd8d:4fb3:5b2e::/64, Flags [onlink, auto], valid time 7200s, pref. time 1800s --- -2.13.5 diff --git a/SOURCES/0011-Evp-cipher-buffers.patch b/SOURCES/0011-Evp-cipher-buffers.patch index a271419..2a507ee 100644 --- a/SOURCES/0011-Evp-cipher-buffers.patch +++ b/SOURCES/0011-Evp-cipher-buffers.patch @@ -1,133 +1,13 @@ diff --git a/print-esp.c b/print-esp.c -index 511ee8a3..5b282526 100644 +index 6fabff1..cdeca9d 100644 --- a/print-esp.c +++ b/print-esp.c -@@ -192,8 +192,8 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, - const u_char *iv; - unsigned int len; - EVP_CIPHER_CTX *ctx; -- unsigned int block_size, output_buffer_size; -- u_char *output_buffer; -+ unsigned int block_size, buffer_size; -+ u_char *input_buffer, *output_buffer; - - /* initiator arg is any non-zero value */ - if(initiator) initiator=1; -@@ -228,19 +228,41 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, - (*ndo->ndo_warning)(ndo, "espkey init failed"); - set_cipher_parameters(ctx, NULL, NULL, iv, 0); - /* -- * Allocate a buffer for the decrypted data. -- * The output buffer must be separate from the input buffer, and -- * its size must be a multiple of the cipher block size. -+ * Allocate buffers for the encrypted and decrypted data. -+ * Both buffers' sizes must be a multiple of the cipher block -+ * size, and the output buffer must be separate from the input -+ * buffer. - */ - block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx); -- output_buffer_size = len + (block_size - len % block_size); -- output_buffer = (u_char *)malloc(output_buffer_size); -+ buffer_size = len + (block_size - len % block_size); -+ -+ /* -+ * Attempt to allocate the input buffer. -+ */ -+ input_buffer = (u_char *)malloc(buffer_size); -+ if (input_buffer == NULL) { -+ (*ndo->ndo_warning)(ndo, "can't allocate memory for encrypted data buffer"); -+ EVP_CIPHER_CTX_free(ctx); -+ return 0; -+ } -+ /* -+ * Copy the input data to the encrypted data buffer, and pad it -+ * with zeroes. -+ */ -+ memcpy(input_buffer, buf, len); -+ memset(input_buffer + len, 0, buffer_size - len); -+ -+ /* -+ * Attempt to allocate the output buffer. -+ */ -+ output_buffer = (u_char *)malloc(buffer_size); - if (output_buffer == NULL) { - (*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer"); -+ free(input_buffer); +@@ -259,7 +259,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, EVP_CIPHER_CTX_free(ctx); - return 0; + (*ndo->ndo_error)(ndo, "can't allocate memory for decryption buffer"); } -- EVP_Cipher(ctx, output_buffer, buf, len); +- EVP_Cipher(ctx, output_buffer, input_buffer, len); + EVP_Cipher(ctx, output_buffer, input_buffer, buffer_size); EVP_CIPHER_CTX_free(ctx); /* -@@ -249,6 +272,7 @@ int esp_print_decrypt_buffer_by_ikev2(netdissect_options *ndo, - * but changing this would require a more complicated fix. - */ - memcpy(buf, output_buffer, len); -+ free(input_buffer); - free(output_buffer); - - ndo->ndo_packetp = buf; -@@ -666,8 +690,8 @@ esp_print(netdissect_options *ndo, - const u_char *ivoff; - const u_char *p; - EVP_CIPHER_CTX *ctx; -- unsigned int block_size, output_buffer_size; -- u_char *output_buffer; -+ unsigned int block_size, buffer_size; -+ u_char *input_buffer, *output_buffer; - #endif - - esp = (const struct newesp *)bp; -@@ -784,21 +808,43 @@ esp_print(netdissect_options *ndo, - len = ep - (p + ivlen); - - /* -- * Allocate a buffer for the decrypted data. -- * The output buffer must be separate from the -- * input buffer, and its size must be a multiple -- * of the cipher block size. -+ * Allocate buffers for the encrypted and decrypted -+ * data. Both buffers' sizes must be a multiple of -+ * the cipher block size, and the output buffer must -+ * be separate from the input buffer. - */ - block_size = (unsigned int)EVP_CIPHER_CTX_block_size(ctx); -- output_buffer_size = len + (block_size - len % block_size); -- output_buffer = (u_char *)malloc(output_buffer_size); -+ buffer_size = len + (block_size - len % block_size); -+ -+ /* -+ * Attempt to allocate the input buffer. -+ */ -+ input_buffer = (u_char *)malloc(buffer_size); -+ if (input_buffer == NULL) { -+ (*ndo->ndo_warning)(ndo, "can't allocate memory for encrypted data buffer"); -+ EVP_CIPHER_CTX_free(ctx); -+ return 0; -+ } -+ /* -+ * Copy the input data to the encrypted data buffer, -+ * and pad it with zeroes. -+ */ -+ memcpy(input_buffer, p + ivlen, len); -+ memset(input_buffer + len, 0, buffer_size - len); -+ -+ /* -+ * Attempt to allocate the output buffer. -+ */ -+ output_buffer = (u_char *)malloc(buffer_size); - if (output_buffer == NULL) { - (*ndo->ndo_warning)(ndo, "can't allocate memory for decryption buffer"); -+ free(input_buffer); - EVP_CIPHER_CTX_free(ctx); - return -1; - } - -- EVP_Cipher(ctx, output_buffer, p + ivlen, len); -+ EVP_Cipher(ctx, output_buffer, input_buffer, len); -+ free(input_buffer); - EVP_CIPHER_CTX_free(ctx); - /* - * XXX - of course this is wrong, because buf is a diff --git a/SOURCES/0014-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch b/SOURCES/0014-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch deleted file mode 100644 index e340c93..0000000 --- a/SOURCES/0014-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch +++ /dev/null @@ -1,26 +0,0 @@ -From bbae61cda27b8d565456c95a697d9e7ed3298937 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 8 Oct 2019 14:32:32 +0200 -Subject: [PATCH] - 0015-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch - ---- - print-hncp.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/print-hncp.c b/print-hncp.c -index 11a6a93..7537a0d 100644 ---- a/print-hncp.c -+++ b/print-hncp.c -@@ -229,6 +229,8 @@ print_prefix(netdissect_options *ndo, const u_char *prefix, u_int max_length) - plenbytes += 1 + IPV4_MAPPED_HEADING_LEN; - } else { - plenbytes = decode_prefix6(ndo, prefix, max_length, buf, sizeof(buf)); -+ if (plenbytes < 0) -+ return plenbytes; - } - - ND_PRINT((ndo, "%s", buf)); --- -2.21.0 - diff --git a/SOURCES/tcpdump-4.9.2.tar.gz.sig b/SOURCES/tcpdump-4.9.2.tar.gz.sig deleted file mode 100644 index 6456b34..0000000 Binary files a/SOURCES/tcpdump-4.9.2.tar.gz.sig and /dev/null differ diff --git a/SOURCES/tcpdump-4.9.3.tar.gz.sig b/SOURCES/tcpdump-4.9.3.tar.gz.sig new file mode 100644 index 0000000..ef927bf Binary files /dev/null and b/SOURCES/tcpdump-4.9.3.tar.gz.sig differ diff --git a/SPECS/tcpdump.spec b/SPECS/tcpdump.spec index e4500d4..ff93b71 100644 --- a/SPECS/tcpdump.spec +++ b/SPECS/tcpdump.spec @@ -1,8 +1,8 @@ Summary: A network traffic monitoring tool Name: tcpdump Epoch: 14 -Version: 4.9.2 -Release: 6%{?dist} +Version: 4.9.3 +Release: 1%{?dist} License: BSD with advertising URL: http://www.tcpdump.org Group: Applications/Internet @@ -13,20 +13,16 @@ Source0: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz Source2: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz.sig -Patch0001: 0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch Patch0002: 0002-Use-getnameinfo-instead-of-gethostbyaddr.patch Patch0003: 0003-Drop-root-priviledges-before-opening-first-savefile-.patch Patch0004: 0004-tcpslice-update-tcpslice-patch-to-1.2a3.patch Patch0005: 0005-tcpslice-remove-unneeded-include.patch Patch0006: 0006-tcpslice-don-t-test-the-pointer-but-pointee-for-NULL.patch Patch0007: 0007-Introduce-nn-option.patch -Patch0008: 0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch Patch0009: 0009-Change-n-flag-to-nn-in-TESTonce.patch -Patch0010: 0010-Expect-miliseconds-instead-of-seconds-in-icmp-captur.patch Patch0011: 0011-Evp-cipher-buffers.patch Patch0012: 0012-Add-printing-support-for-vsockmon-devices.patch Patch0013: 0013-tcpslice-stdlib.patch -Patch0014: 0014-CVE-2018-19519-tcpdump-stack-based-buffer-over-read.patch %define tcpslice_dir tcpslice-1.2a3 @@ -92,6 +88,9 @@ exit 0 %{_mandir}/man8/tcpdump.8* %changelog +* Thu May 07 2020 Michal Ruprich - 14:4.9.3-1 +- Resolves: #1804063 - Rebase tcpdump to 4.9.3 to fix multiple CVEs + * Tue Oct 29 2019 Michal Ruprich - 14:4.9.2-6 - Resolves: #1715423 - tcpdump pre creates user and groups unconditionally - Resolves: #1655622 - CVE-2018-19519 Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap