rpms/tcpdump
6
0
Fork 0
Code Issues Pull Requests Releases Activity

new version 4.8.0

Browse Source
This commit is contained in:
Luboš Uhliarik 2016-08-10 16:46:42 +02:00
parent 674af76d36
commit 561100c24a
7 changed files with 71 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -11,3 +11,4 @@ tcpdump-4.1.1.tar.gz
/tcpdump-4.6.2.tar.gz /tcpdump-4.6.2.tar.gz
/tcpdump-4.7.3.tar.gz /tcpdump-4.7.3.tar.gz
/tcpdump-4.7.4.tar.gz /tcpdump-4.7.4.tar.gz
/tcpdump-4.8.0.tar.gz

7
0001-icmp6-print-Reachable-Time-and-Retransmit-Time-from-.patch
View File

@ -9,11 +9,11 @@ Subject: [PATCH 1/7] icmp6: print Reachable Time and Retransmit Time from
1 file changed, 1 insertion(+), 1 deletion(-) 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/print-icmp6.c b/print-icmp6.c diff --git a/print-icmp6.c b/print-icmp6.c
index 553bb46..e288630 100644 index 135f6ef..28e124c 100644
--- a/print-icmp6.c --- a/print-icmp6.c
+++ b/print-icmp6.c +++ b/print-icmp6.c
@@ -1053,7 +1053,7 @@ icmp6_print(netdissect_options *ndo, @@ -1032,7 +1032,7 @@ icmp6_print(netdissect_options *ndo,
p = (struct nd_router_advert *)dp; p = (const struct nd_router_advert *)dp;
ND_TCHECK(p->nd_ra_retransmit); ND_TCHECK(p->nd_ra_retransmit);
ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \ ND_PRINT((ndo,"\n\thop limit %u, Flags [%s]" \
- ", pref %s, router lifetime %us, reachable time %us, retrans time %us", - ", pref %s, router lifetime %us, reachable time %us, retrans time %us",
@ -23,4 +23,3 @@ index 553bb46..e288630 100644
get_rtpref(p->nd_ra_flags_reserved), get_rtpref(p->nd_ra_flags_reserved),
-- --
1.8.3.1 1.8.3.1

20
0002-Use-getnameinfo-instead-of-gethostbyaddr.patch
View File

@ -8,18 +8,18 @@ Subject: [PATCH 2/7] Use getnameinfo instead of gethostbyaddr
1 file changed, 46 insertions(+), 2 deletions(-) 1 file changed, 46 insertions(+), 2 deletions(-)
diff --git a/addrtoname.c b/addrtoname.c diff --git a/addrtoname.c b/addrtoname.c
index eb0b2ae..277751d 100644 index 571a952..0caa8a9 100644
--- a/addrtoname.c --- a/addrtoname.c
+++ b/addrtoname.c +++ b/addrtoname.c
@@ -221,7 +221,6 @@ static uint32_t f_localnet; @@ -220,7 +220,6 @@ static uint32_t f_localnet;
const char * const char *
getname(netdissect_options *ndo, const u_char *ap) getname(netdissect_options *ndo, const u_char *ap)
{ {
- register struct hostent *hp; - register struct hostent *hp;
uint32_t addr; uint32_t addr;
static struct hnamemem *p; /* static for longjmp() */ struct hnamemem *p;
@@ -243,6 +242,28 @@ getname(netdissect_options *ndo, const u_char *ap) @@ -242,6 +241,28 @@ getname(netdissect_options *ndo, const u_char *ap)
*/ */
if (!ndo->ndo_nflag && if (!ndo->ndo_nflag &&
(addr & f_netmask) == f_localnet) { (addr & f_netmask) == f_localnet) {
@ -48,15 +48,15 @@ index eb0b2ae..277751d 100644
hp = gethostbyaddr((char *)&addr, 4, AF_INET); hp = gethostbyaddr((char *)&addr, 4, AF_INET);
if (hp) { if (hp) {
char *dotp; char *dotp;
@@ -256,6 +277,7 @@ getname(netdissect_options *ndo, const u_char *ap) @@ -258,6 +279,7 @@ getname(netdissect_options *ndo, const u_char *ap)
} }
return (p->name); return (p->name);
} }
+#endif +#endif
} }
p->name = strdup(intoa(addr)); p->name = strdup(intoa(addr));
return (p->name); if (p->name == NULL)
@@ -269,7 +291,6 @@ getname(netdissect_options *ndo, const u_char *ap) @@ -272,7 +294,6 @@ getname(netdissect_options *ndo, const u_char *ap)
const char * const char *
getname6(netdissect_options *ndo, const u_char *ap) getname6(netdissect_options *ndo, const u_char *ap)
{ {
@ -64,7 +64,7 @@ index eb0b2ae..277751d 100644
union { union {
struct in6_addr addr; struct in6_addr addr;
struct for_hash_addr { struct for_hash_addr {
@@ -294,6 +315,28 @@ getname6(netdissect_options *ndo, const u_char *ap) @@ -297,6 +318,28 @@ getname6(netdissect_options *ndo, const u_char *ap)
* Do not print names if -n was given. * Do not print names if -n was given.
*/ */
if (!ndo->ndo_nflag) { if (!ndo->ndo_nflag) {
@ -93,13 +93,13 @@ index eb0b2ae..277751d 100644
hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6); hp = gethostbyaddr((char *)&addr, sizeof(addr), AF_INET6);
if (hp) { if (hp) {
char *dotp; char *dotp;
@@ -307,6 +350,7 @@ getname6(netdissect_options *ndo, const u_char *ap) @@ -313,6 +356,7 @@ getname6(netdissect_options *ndo, const u_char *ap)
} }
return (p->name); return (p->name);
} }
+#endif +#endif
} }
cp = inet_ntop(AF_INET6, &addr, ntop_buf, sizeof(ntop_buf)); cp = addrtostr6(ap, ntop_buf, sizeof(ntop_buf));
p->name = strdup(cp); p->name = strdup(cp);
-- --
1.8.3.1 1.8.3.1

26
0003-Drop-root-priviledges-before-opening-first-savefile-.patch
View File

@ -35,26 +35,27 @@ index f9522cb..3f1bc5f 100644
.RS .RS
selects which packets will be dumped. selects which packets will be dumped.
diff --git a/tcpdump.c b/tcpdump.c diff --git a/tcpdump.c b/tcpdump.c
index 2fd1617..4cbeb05 100644 index a3cccc8..043191a 100644
--- a/tcpdump.c --- a/tcpdump.c
+++ b/tcpdump.c +++ b/tcpdump.c
@@ -1029,6 +1029,7 @@ main(int argc, char **argv) @@ -780,6 +780,7 @@ main(int argc, char **argv)
cap_rights_t rights; cap_rights_t rights;
int cansandbox; int cansandbox;
#endif /* HAVE_CAPSICUM */ #endif /* HAVE_CAPSICUM */
+ int chown_flag = 0; + int chown_flag = 0;
int Bflag = 0; /* buffer size */
#ifdef WIN32 int jflag = -1; /* packet time stamp source */
if(wsockinit() != 0) return 1; int Oflag = 1; /* run filter code optimizer */
@@ -1841,10 +1842,23 @@ main(int argc, char **argv) @@ -1598,9 +1599,22 @@ main(int argc, char **argv)
} }
capng_apply(CAPNG_SELECT_BOTH); capng_apply(CAPNG_SELECT_BOTH);
#endif /* HAVE_LIBCAP_NG */ #endif /* HAVE_LIBCAP_NG */
- if (username || chroot_dir) - if (username || chroot_dir)
- droproot(username, chroot_dir); - droproot(username, chroot_dir);
-
+ /* If user is running tcpdump as root and wants to write to the savefile, + /* If user is running tcpdump as root and wants to write to the savefile,
+ * we will check if -C is set and if it is, we will drop root + * we will check if -C is set and if it is, we will drop root
+ * privileges right away and consequent call to pcap_dump_open() + * privileges right away and consequent call to>pcap_dump_open()
+ * will most likely fail for the first file. If -C flag is not set we + * will most likely fail for the first file. If -C flag is not set we
+ * will create file as root then change ownership of file to proper + * will create file as root then change ownership of file to proper
+ * user(default tcpdump) and drop root privileges. + * user(default tcpdump) and drop root privileges.
@ -67,13 +68,11 @@ index 2fd1617..4cbeb05 100644
+ else + else
+ if (username || chroot_dir) + if (username || chroot_dir)
+ droproot(username, chroot_dir); + droproot(username, chroot_dir);
+ } +
}
#endif /* _WIN32 */
- } @@ -1636,6 +1650,22 @@ main(int argc, char **argv)
#endif /* WIN32 */
if (pcap_setfilter(pd, &fcode) < 0)
@@ -1879,6 +1893,21 @@ main(int argc, char **argv)
MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0); MakeFilename(dumpinfo.CurrentFileName, WFileName, 0, 0);
p = pcap_dump_open(pd, dumpinfo.CurrentFileName); p = pcap_dump_open(pd, dumpinfo.CurrentFileName);
@ -92,6 +91,7 @@ index 2fd1617..4cbeb05 100644
+ if (username || chroot_dir) + if (username || chroot_dir)
+ droproot(username, chroot_dir); + droproot(username, chroot_dir);
+ } + }
+
#ifdef HAVE_LIBCAP_NG #ifdef HAVE_LIBCAP_NG
/* Give up CAP_DAC_OVERRIDE capability. /* Give up CAP_DAC_OVERRIDE capability.
* Only allow it to be restored if the -C or -G flag have been * Only allow it to be restored if the -C or -G flag have been

15
0008-Don-t-print-out-we-dropped-root-we-are-always-droppi.patch
View File

@ -8,20 +8,19 @@ Subject: [PATCH] Don't print out we dropped root, we are always dropping it
1 file changed, 6 deletions(-) 1 file changed, 6 deletions(-)
diff --git a/tcpdump.c b/tcpdump.c diff --git a/tcpdump.c b/tcpdump.c
index 1a17361..7d45924 100644 index 5598ec2..a3cccc8 100644
--- a/tcpdump.c --- a/tcpdump.c
+++ b/tcpdump.c +++ b/tcpdump.c
@@ -758,9 +758,6 @@ droproot(const char *username, const char *chroot_dir) @@ -552,8 +552,6 @@ droproot(const char *username, const char *chroot_dir)
int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG);
if (ret < 0) { if (ret < 0) {
fprintf(stderr, "error : ret %d\n", ret); fprintf(stderr, "error : ret %d\n", ret);
} - } else {
- else {
- fprintf(stderr, "dropped privs to %s\n", username); - fprintf(stderr, "dropped privs to %s\n", username);
- } }
}
#else #else
if (initgroups(pw->pw_name, pw->pw_gid) != 0 || @@ -566,9 +564,6 @@ droproot(const char *username, const char *chroot_dir)
setgid(pw->pw_gid) != 0 || setuid(pw->pw_uid) != 0) {
@@ -771,9 +768,6 @@ droproot(const char *username, const char *chroot_dir)
pcap_strerror(errno)); pcap_strerror(errno));
exit(1); exit(1);
} }

2
sources
View File

@ -1,2 +1,2 @@
58af728de36f499341918fc4b8e827c3 tcpdump-4.7.4.tar.gz 68778081ed0a0654f491fbf17ad1a8e5 tcpdump-4.8.0.tar.gz
e329cbeb7e589f132d92c3447c477190 tcpslice-1.2a3.tar.gz e329cbeb7e589f132d92c3447c477190 tcpslice-1.2a3.tar.gz

7
tcpdump.spec
View File

@ -1,8 +1,8 @@
Summary: A network traffic monitoring tool Summary: A network traffic monitoring tool
Name: tcpdump Name: tcpdump
Epoch: 14 Epoch: 14
Version: 4.7.4 Version: 4.8.0
Release: 4%{?dist} Release: 1%{?dist}
License: BSD with advertising License: BSD with advertising
URL: http://www.tcpdump.org URL: http://www.tcpdump.org
Group: Applications/Internet Group: Applications/Internet
@ -82,6 +82,9 @@ exit 0
%{_mandir}/man8/tcpdump.8* %{_mandir}/man8/tcpdump.8*
%changelog %changelog
* Tue Aug 09 2016 Luboš Uhliarik <luhliari@redhat.com> - 14:4.8.0-1
- new version 4.8.0
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 14:4.7.4-4 * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 14:4.7.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild