Import from AlmaLinux stable repository

.gitignore

@@ -1,2 +1,3 @@
 SOURCES/tcpdump-4.9.3.tar.gz
+SOURCES/tcpdump-4.9.3.tar.gz.sig
 SOURCES/tcpslice-1.2a3.tar.gz

.tcpdump.metadata

@@ -1,2 +0,0 @@
-59b309f3620ac4b709de2eaf7bf3a83bf04bc048 SOURCES/tcpdump-4.9.3.tar.gz
-98790301cb1bf4399a95153bc62d49b3f5808994 SOURCES/tcpslice-1.2a3.tar.gz

SOURCES/0017-pgm-fix-the-way-we-step-through-the-packet.patch

@@ -0,0 +1,155 @@
+From 1ef47c304f226ca9f8a8d6bff1b43e617eafef19 Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Mon, 21 Aug 2023 23:15:14 -0700
+Subject: [PATCH] pgm: fix the way we step through the packet.
+
+Step past the PGM header after we finish processing it and before we
+process the message-type-specific header.
+
+Step past the message-type-specific fixed-length header before we
+process the stuff after that header.
+
+This makes the code a bit clearer (by explicitly advancing bp by the
+size of the stuff we just processed, rather than doing so by trickery
+involving adding 1 to a pointer to a structure), and fixes the
+processing of message types that don't have a message-type-specific
+header (where we weren't stepping past the PGM header).  It also affects
+the way we handle messages of an unknown type.
+
+(cherry picked from commit 9a3eebde95cf1032ac68ae4312e2db14bb1fe58d)
+---
+ print-pgm.c               | 29 +++++++++++++++--------------
+ tests/pgm_opts_asan.out   |  2 +-
+ tests/pgm_opts_asan_2.out |  2 +-
+ tests/pgm_opts_asan_3.out |  2 +-
+ 4 files changed, 18 insertions(+), 17 deletions(-)
+
+diff --git a/print-pgm.c b/print-pgm.c
+index 7672b616..f5ef7702 100644
+--- a/print-pgm.c
++++ b/print-pgm.c
+@@ -218,13 +218,14 @@ pgm_print(netdissect_options *ndo,
+ 		     pgm->pgm_gsid[3],
+                      pgm->pgm_gsid[4],
+                      pgm->pgm_gsid[5]));
++	bp += sizeof(struct pgm_header);
+ 	switch (pgm->pgm_type) {
+ 	case PGM_SPM: {
+ 	    const struct pgm_spm *spm;
+ 
+-	    spm = (const struct pgm_spm *)(pgm + 1);
++	    spm = (const struct pgm_spm *)bp;
+ 	    ND_TCHECK(*spm);
+-	    bp = (const u_char *) (spm + 1);
++	    bp += sizeof(struct pgm_spm);
+ 
+ 	    switch (EXTRACT_16BITS(&spm->pgms_nla_afi)) {
+ 	    case AFNUM_INET:
+@@ -253,21 +254,21 @@ pgm_print(netdissect_options *ndo,
+ 	case PGM_POLL: {
+ 	    const struct pgm_poll *poll_msg;
+ 
+-	    poll_msg = (const struct pgm_poll *)(pgm + 1);
++	    poll_msg = (const struct pgm_poll *)bp;
+ 	    ND_TCHECK(*poll_msg);
+ 	    ND_PRINT((ndo, "POLL seq %u round %u",
+ 			 EXTRACT_32BITS(&poll_msg->pgmp_seq),
+                          EXTRACT_16BITS(&poll_msg->pgmp_round)));
+-	    bp = (const u_char *) (poll_msg + 1);
++	    bp += sizeof(struct pgm_poll);
+ 	    break;
+ 	}
+ 	case PGM_POLR: {
+ 	    const struct pgm_polr *polr;
+ 	    uint32_t ivl, rnd, mask;
+ 
+-	    polr = (const struct pgm_polr *)(pgm + 1);
++	    polr = (const struct pgm_polr *)bp;
+ 	    ND_TCHECK(*polr);
+-	    bp = (const u_char *) (polr + 1);
++	    bp += sizeof(struct pgm_polr);
+ 
+ 	    switch (EXTRACT_16BITS(&polr->pgmp_nla_afi)) {
+ 	    case AFNUM_INET:
+@@ -305,24 +306,24 @@ pgm_print(netdissect_options *ndo,
+ 	case PGM_ODATA: {
+ 	    const struct pgm_data *odata;
+ 
+-	    odata = (const struct pgm_data *)(pgm + 1);
++	    odata = (const struct pgm_data *)bp;
+ 	    ND_TCHECK(*odata);
+ 	    ND_PRINT((ndo, "ODATA trail %u seq %u",
+ 			 EXTRACT_32BITS(&odata->pgmd_trailseq),
+ 			 EXTRACT_32BITS(&odata->pgmd_seq)));
+-	    bp = (const u_char *) (odata + 1);
++	    bp += sizeof(struct pgm_data);
+ 	    break;
+ 	}
+ 
+ 	case PGM_RDATA: {
+ 	    const struct pgm_data *rdata;
+ 
+-	    rdata = (const struct pgm_data *)(pgm + 1);
++	    rdata = (const struct pgm_data *)bp;
+ 	    ND_TCHECK(*rdata);
+ 	    ND_PRINT((ndo, "RDATA trail %u seq %u",
+ 			 EXTRACT_32BITS(&rdata->pgmd_trailseq),
+ 			 EXTRACT_32BITS(&rdata->pgmd_seq)));
+-	    bp = (const u_char *) (rdata + 1);
++	    bp += sizeof(struct pgm_data);
+ 	    break;
+ 	}
+ 
+@@ -332,9 +333,9 @@ pgm_print(netdissect_options *ndo,
+ 	    const struct pgm_nak *nak;
+ 	    char source_buf[INET6_ADDRSTRLEN], group_buf[INET6_ADDRSTRLEN];
+ 
+-	    nak = (const struct pgm_nak *)(pgm + 1);
++	    nak = (const struct pgm_nak *)bp;
+ 	    ND_TCHECK(*nak);
+-	    bp = (const u_char *) (nak + 1);
++	    bp += sizeof(struct pgm_nak);
+ 
+ 	    /*
+ 	     * Skip past the source, saving info along the way
+@@ -402,11 +403,11 @@ pgm_print(netdissect_options *ndo,
+ 	case PGM_ACK: {
+ 	    const struct pgm_ack *ack;
+ 
+-	    ack = (const struct pgm_ack *)(pgm + 1);
++	    ack = (const struct pgm_ack *)bp;
+ 	    ND_TCHECK(*ack);
+ 	    ND_PRINT((ndo, "ACK seq %u",
+ 			 EXTRACT_32BITS(&ack->pgma_rx_max_seq)));
+-	    bp = (const u_char *) (ack + 1);
++	    bp += sizeof(struct pgm_ack);
+ 	    break;
+ 	}
+ 
+diff --git a/tests/pgm_opts_asan.out b/tests/pgm_opts_asan.out
+index cc0607a4..b75868ac 100644
+--- a/tests/pgm_opts_asan.out
++++ b/tests/pgm_opts_asan.out
+@@ -1,2 +1,2 @@
+ IP (tos 0x41,ECT(1), id 0, offset 0, flags [none], proto PGM (113), length 32639, options (unknown 89 [bad length 232]), bad cksum 5959 (->9eb9)!)
+-    128.121.89.107 > 89.89.16.63: 128.121.89.107.4 > 89.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f OPTS LEN 225 OPT_1F [13]  OPT_06 [26]  PATH_NLA [4] [|OPT]
++    128.121.89.107 > 89.89.16.63: 128.121.89.107.4 > 89.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f[Bad OPT_LENGTH option, length 0 != 4]
+diff --git a/tests/pgm_opts_asan_2.out b/tests/pgm_opts_asan_2.out
+index 7e948d41..21cd69a7 100644
+--- a/tests/pgm_opts_asan_2.out
++++ b/tests/pgm_opts_asan_2.out
+@@ -1,2 +1,2 @@
+ IP (tos 0x41,ECT(1), id 0, offset 0, flags [none], proto PGM (113), length 32639, options (unknown 89 [bad length 232]), bad cksum 5959 (->96b9)!)
+-    128.121.89.107 > 89.89.16.63: 128.121.89.107.4 > 89.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f OPTS LEN 225 OPT_1F [13]  OPT_06 [26] [Bad OPT_PGMCC_DATA option, length 4 < 12]
++    128.121.89.107 > 89.89.16.63: 128.121.89.107.4 > 89.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f[Bad OPT_LENGTH option, length 0 != 4]
+diff --git a/tests/pgm_opts_asan_3.out b/tests/pgm_opts_asan_3.out
+index 8a6bffd3..f3da1d38 100644
+--- a/tests/pgm_opts_asan_3.out
++++ b/tests/pgm_opts_asan_3.out
+@@ -1,2 +1,2 @@
+ IP (tos 0x41,ECT(1), id 0, offset 0, flags [none], proto PGM (113), length 32639, options (unknown 89 [bad length 232]), bad cksum 5959 (->f814)!)
+-    128.121.89.16 > 0.89.16.63: 128.121.89.16.4 > 0.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f OPTS LEN 225 OPT_1F [13]  OPT_06 [26] [Bad OPT_REDIRECT option, length 4 < 8]
++    128.121.89.16 > 0.89.16.63: 128.121.89.16.4 > 0.89.16.63.225: PGM, length 0 0x3414eb1f0022 UNKNOWN type 0x1f[Bad OPT_LENGTH option, length 0 != 4]
+-- 
+2.41.0
+

SOURCES/0018-pgm-don-t-advance-bp-by-the-option-haeder-length-twi.patch

@@ -0,0 +1,48 @@
+From 5109a65f791280b3549377851e4bdd77f802c207 Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Tue, 22 Aug 2023 12:23:20 -0700
+Subject: [PATCH] pgm: don't advance bp by the option haeder length twice.
+
+At those points, we've already advanced it by the option header length,
+and opt_len includes that length, so advance bp by opt_len minus the
+option header length.
+
+(cherry picked from commit 09b0447fad52298440e05e7368f9d24492d0b0fe)
+---
+ print-pgm.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/print-pgm.c b/print-pgm.c
+index 8340f2c3..7672b616 100644
+--- a/print-pgm.c
++++ b/print-pgm.c
+@@ -668,7 +668,7 @@ pgm_print(netdissect_options *ndo,
+ 
+ 		case PGM_OPT_PATH_NLA:
+ 		    ND_PRINT((ndo, " PATH_NLA [%d]", opt_len));
+-		    bp += opt_len;
++		    bp += opt_len - 2;
+ 		    opts_len -= opt_len;
+ 		    break;
+ 
+@@ -710,7 +710,7 @@ pgm_print(netdissect_options *ndo,
+ 
+ 		case PGM_OPT_CR:
+ 		    ND_PRINT((ndo, " CR"));
+-		    bp += opt_len;
++		    bp += opt_len - 2;
+ 		    opts_len -= opt_len;
+ 		    break;
+ 
+@@ -814,7 +814,7 @@ pgm_print(netdissect_options *ndo,
+ 
+ 		default:
+ 		    ND_PRINT((ndo, " OPT_%02X [%d] ", opt_type, opt_len));
+-		    bp += opt_len;
++		    bp += opt_len - 2;
+ 		    opts_len -= opt_len;
+ 		    break;
+ 		}
+-- 
+2.41.0
+

SOURCES/0019-CVE-2021-41043.patch

@@ -15,17 +15,17 @@ didn't meet the condition, the call to pcap_dump_open() would end up as
 a use-after-free.  Make the pcap_dump_open() call before the loop, when
 the first array element is always valid, and fix this problem.
 ---
-diff --git a/tcpslice-1.3/tcpslice.c b/tcpslice-1.3/tcpslice.c
+diff --git a/tcpslice-1.2a3/tcpslice.c b/tcpslice-1.2a3/tcpslice.c
-index e7b9ba8..507dd1b 100644
+index 6d08473..7c0f4a0 100644
---- a/tcpslice-1.3/tcpslice.c
+--- a/tcpslice-1.2a3/tcpslice.c
-+++ b/tcpslice-1.3/tcpslice.c
++++ b/tcpslice-1.2a3/tcpslice.c
-@@ -838,6 +838,13 @@ extract_slice(struct state *states, int numfiles, const char *write_file_name,
+@@ -841,6 +841,13 @@ extract_slice(struct state *states, const int numfiles, const char *write_file_n
  	TV_SUB(start_time, base_time, &relative_start);
  	TV_SUB(stop_time, base_time, &relative_stop);
  
 +	/* Always write the output file, use the first input file's DLT. */
-+	global_dumper = pcap_dump_open(states[0].p, write_file_name);
++	dumper = pcap_dump_open(states[0].p, write_file_name);
-+	if (!global_dumper) {
++	if (!dumper) {
 +		error("error creating output file '%s': %s",
 +		      write_file_name, pcap_geterr(states[0].p));
 +	}
@@ -33,13 +33,13 @@ index e7b9ba8..507dd1b 100644
  	for (i = 0; i < numfiles; ++i) {
  		s = &states[i];
  
-@@ -876,12 +883,6 @@ extract_slice(struct state *states, int numfiles, const char *write_file_name,
+@@ -879,12 +886,6 @@ extract_slice(struct state *states, const int numfiles, const char *write_file_n
  		get_next_packet(s);
  	}
  
--	global_dumper = pcap_dump_open(states->p, write_file_name);
+-	dumper = pcap_dump_open(states->p, write_file_name);
--	if (!global_dumper) {
+-	if (! dumper) {
--		error( "error creating output file %s: %s",
+-		error( "error creating output file %s: ",
 -			write_file_name, pcap_geterr( states->p ) );
 -	}
 -

SPECS/tcpdump.spec

@@ -2,7 +2,7 @@ Summary: A network traffic monitoring tool
 Name: tcpdump
 Epoch: 14
 Version: 4.9.3
-Release: 3%{?dist}.1.alma.1
+Release: 5%{?dist}
 License: BSD with advertising
 URL: http://www.tcpdump.org
 Group: Applications/Internet
@@ -26,10 +26,9 @@ Patch0013:      0013-tcpslice-stdlib.patch
 Patch0014:      0014-enhance-mptcp.patch
 Patch0015:      0015-CVE-2020-8037.patch
 Patch0016:      0016-direction-for-any.patch
-
+Patch0017:      0017-pgm-fix-the-way-we-step-through-the-packet.patch
-# Patches were taken from:
+Patch0018:      0018-pgm-don-t-advance-bp-by-the-option-haeder-length-twi.patch
-# https://gitlab.com/redhat/centos-stream/rpms/tcpdump/-/commit/aefd74dff4685a47468cd619ee6c88d282ce298a
+Patch0019:      0019-CVE-2021-41043.patch
-Patch0017:      0017-CVE-2021-41043.patch
 
 %define tcpslice_dir tcpslice-1.2a3
 
@@ -95,8 +94,11 @@ exit 0
 %{_mandir}/man8/tcpdump.8*
 
 %changelog
-* Mon Feb 12 2024 Eduard Abdullin <eabdullin@almalinux.org> - 14:4.9.3-3.1.alma.1
+* Fri Jan 05 2024 Michal Ruprich <mruprich@redhat.com> - 14:4.9.3-5
-- tcpslice: use-after-free in extract_slice()
+- Resolves: RHEL-7858 - tcpslice: use-after-free in extract_slice()
+
+* Wed Nov 01 2023 Pavol Žáčik <pzacik@redhat.com> - 14:4.9.3-4
+- Resolves: RHEL-10708 - Fix PGM option printing
 
 * Mon Jan 10 2022 Michal Ruprich <mruprich@redhat.com> - 14:4.9.3-3
 - Resolves: #2005451 - tcpdump support for direction and interface needed in RHEL8