import OL tcpdump-4.99.0-7.el9_3.1

.gitignore

@@ -1,2 +1,3 @@
 SOURCES/tcpdump-4.99.0.tar.gz
+SOURCES/tcpdump-4.99.0.tar.gz.sig
 SOURCES/tcpslice-1.3.tar.gz

.tcpdump.metadata

@@ -1,2 +1,3 @@
 4348a93b47a5b35a9c04abcee4d84a04b1a681f8 SOURCES/tcpdump-4.99.0.tar.gz
+3fadebc3d3edaa3f4326a11864a0034ba1f2ccb7 SOURCES/tcpdump-4.99.0.tar.gz.sig
 4445c159ce45fa6fd9767658918eaf59175afac3 SOURCES/tcpslice-1.3.tar.gz

SOURCES/0012-CVE-2021-41043.patch

@@ -0,0 +1,48 @@
+From 030859fce9c77417de657b9bb29c0f78c2d68f4a Mon Sep 17 00:00:00 2001
+From: Denis Ovsienko <denis@ovsienko.info>
+Date: Thu, 30 Dec 2021 17:52:52 +0000
+Subject: [PATCH] CVE-2021-41043: Fix a use-after-free in extract_slice().
+
+This issue was discovered by Mohammad Hosein Askari (@C0NSTANTINE110),
+see GitHub issue #11.
+
+In extract_slice() pcap_dump_open() takes a pcap_t argument to tell
+which DLT to use for the output file.  This used to be the pcap_t of the
+first input file, as main() requires at least one input file.  However,
+the loop before pcap_dump_open() closes all, including the first, input
+files that don't meet a test condition.  This way, when the first file
+didn't meet the condition, the call to pcap_dump_open() would end up as
+a use-after-free.  Make the pcap_dump_open() call before the loop, when
+the first array element is always valid, and fix this problem.
+---
+diff --git a/tcpslice-1.3/tcpslice.c b/tcpslice-1.3/tcpslice.c
+index e7b9ba8..507dd1b 100644
+--- a/tcpslice-1.3/tcpslice.c
++++ b/tcpslice-1.3/tcpslice.c
+@@ -838,6 +838,13 @@ extract_slice(struct state *states, int numfiles, const char *write_file_name,
+ 	TV_SUB(start_time, base_time, &relative_start);
+ 	TV_SUB(stop_time, base_time, &relative_stop);
+ 
++	/* Always write the output file, use the first input file's DLT. */
++	global_dumper = pcap_dump_open(states[0].p, write_file_name);
++	if (!global_dumper) {
++		error("error creating output file '%s': %s",
++		      write_file_name, pcap_geterr(states[0].p));
++	}
++
+ 	for (i = 0; i < numfiles; ++i) {
+ 		s = &states[i];
+ 
+@@ -876,12 +883,6 @@ extract_slice(struct state *states, int numfiles, const char *write_file_name,
+ 		get_next_packet(s);
+ 	}
+ 
+-	global_dumper = pcap_dump_open(states->p, write_file_name);
+-	if (!global_dumper) {
+-		error( "error creating output file %s: %s",
+-			write_file_name, pcap_geterr( states->p ) );
+-	}
+-
+ 
+ 	/*
+ 	 * Now, loop thru all the packets in all the files,

SPECS/tcpdump.spec

@@ -2,7 +2,7 @@ Summary: A network traffic monitoring tool
 Name: tcpdump
 Epoch: 14
 Version: 4.99.0
-Release: 6%{?dist}
+Release: 7%{?dist}.1
 License: BSD with advertising
 URL: http://www.tcpdump.org
 Requires(pre): shadow-utils
@@ -17,6 +17,7 @@ Patch0002:      0002-Use-getnameinfo-instead-of-gethostbyaddr.patch
 Patch0003:      0003-Drop-root-priviledges-before-opening-first-savefile-.patch
 Patch0007:      0007-Introduce-nn-option.patch
 Patch0009:      0009-Change-n-flag-to-nn-in-TESTonce.patch
+Patch0012:      0012-CVE-2021-41043.patch
 
 %define tcpslice_dir tcpslice-1.3
 
@@ -32,7 +33,7 @@ Install tcpdump if you need a program to monitor network traffic.
 %autosetup -a 1 -S git
 
 %build
-export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -fno-strict-aliasing"
+export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -fno-strict-aliasing -DGUESS_TSO"
 
 pushd %{tcpslice_dir}
 # update config.{guess,sub}
@@ -81,6 +82,12 @@ exit 0
 %{_mandir}/man8/tcpdump.8*
 
 %changelog
+* Wed Mar 06 2024 Craig Guiller <craig.guiller@oracle.com> - 14:4.99.0-7.1
+- Resolves: RHEL-21558 - tcpslice: use-after-free in extract_slice()
+
+* Wed May 24 2023 Michal Ruprich <mruprich@redhat.com> - 14:4.99.0-7
+- Resolves: #2188429 - enable GUESS_TSO for large packets
+
 * Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 14:4.99.0-6
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688