./net/tcpdump, Network monitoring tool

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2016Q4, Version: 4.9.0, Package name: tcpdump-4.9.0, Maintainer: pkgsrc-users

A tool for network monitoring and data acquisition. This software was
originally developed by the Network Research Group at the Lawrence
Berkeley National Laboratory. The original distribution is available
via anonymous ftp to ftp.ee.lbl.gov, in tcpdump.tar.Z. More recent
development is performed at tcpdump.org, http://www.tcpdump.org/


Required to build:
[pkgtools/cwrappers]

Package options: inet6, ssl

Master sites:

SHA1: 2c4193685edb1040506a9ec0f15cd85825085697
RMD160: fd558121691cacd4ea1412ef422792a1aca525e1
Filesize: 1230.771 KB

Version history: (Expand)


CVS history: (Expand)


   2017-02-12 14:40:36 by S.P.Zeidler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #5205 - requested by bsiegert
net/tcpdump: security update

Revisions pulled up:
- net/tcpdump/Makefile                                          1.43
- net/tcpdump/distinfo                                          1.25

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   maya
   Date:           Thu Feb  2 18:08:29 UTC 2017

   Modified Files:
           pkgsrc/net/tcpdump: Makefile distinfo

   Log message:
   tcpdump: update to 4.9.0

   fixes the most crazy number of buffer overflow CVEs in printing
   functions (41 of them).

   changelog
   Wednesday January 18, 2017 devel.fx.lebail%orange.fr@localhost
     Summary for 4.9.0 tcpdump release
       General updates:
       Improve separation frontend/backend (tcpdump/libnetdissect)
       Don't require IPv6 library support in order to support IPv6 addresses
       Introduce data types to use for integral values in packet structures
       Fix display of timestamps with -tt, -ttt and -ttttt options
       Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and \ 
others
           (More information in the log with CVE-2016-* and CVE-2017-*)
       Change the way protocols print link-layer addresses (Fix heap overflows
           in CALM-FAST and GeoNetworking printers)
       Pass correct caplen value to ether_print() and some other functions
       Fix lookup_nsap() to match what isonsap_string() expects
       Clean up relative time stamp printing (Fix an array overflow)
       Fix some alignment issues with GCC on Solaris 10 SPARC
       Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks
       Add a fn_printztn() which returns the number of bytes processed
       Add nd_init() and nd_cleanup() functions. Improve libsmi support
       Add CONTRIBUTING file
       Add a summary comment in all printers
       Compile with more warning options in devel mode if supported \ 
(-Wcast-qual, ...)
       Fix some leaks found by Valgrind/Memcheck
       Fix a bunch of de-constifications
       Squelch some Coverity warnings and some compiler warnings
       Update Coverity and Travis-CI setup
       Update Visual Studio files

       Frontend:
       Fix capsicum support to work with zerocopy buffers in bpf
       Try opening interfaces by name first, then by name-as-index
       Work around pcap_create() failures fetching time stamp type lists
       Fix a segmentation fault with 'tcpdump -J'
       Improve addrtostr6() bounds checking
       Add exit_tcpdump() function
       Don't drop CAP_SYS_CHROOT before chrooting
       Fixes issue where statistics not reported when -G and -W options used

       New printers supporting:
       Generic Protocol Extension for VXLAN (VXLAN-GPE)
       Home Networking Control Protocol (HNCP), RFCs 7787 and 7788
       Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets
       Marvell Extended Distributed Switch Architecture header (MEDSA)
       Network Service Header (NSH)
       REdis Serialization Protocol (RESP)

       Updated printers:
       802.11: Beginnings of 11ac radiotap support
       802.11: Check the Protected bit for management frames
       802.11: Do bounds checking on last_presentp before dereferencing it (Fix \ 
a heap overflow)
       802.11: Fix the radiotap printer to handle the special bits correctly
       802.11: If we have the MCS field, it's 11n
       802.11: Only print unknown frame type or subtype messages once
       802.11: Radiotap dBm values get printed as dB; Update a test output \ 
accordingly
       802.11: Source and destination addresses were backwards
       AH: Add a bounds check
       AH: Report to our caller that dissection failed if a bounds check fails
       AP1394: Print src > dst, not dst > src
       ARP: Don't assume the target hardware address is <= 6 octets long (Fix \ 
a heap overflow)
       ATALK: Add bounds and length checks (Fix heap overflows)
       ATM: Add some bounds checks (Fix a heap overflow)
       ATM: Fix an incorrect bounds check
       BFD: Update specification from draft to RFC 5880
       BFD: Update to print optional authentication field
       BGP: Add decoding of ADD-PATH capability
       BGP: Add support for the AIGP attribute (RFC7311)
       BGP: Print LARGE_COMMUNITY Path Attribute
       BGP: Update BGP numbers from IANA; Print minor values for FSM notification
       BOOTP: Add a bounds check
       Babel: Add decoder for source-specific extension
       CDP: Filter out non-printable characters
       CFM: Fixes to match the IEEE standard, additional bounds and length checks
       CSLIP: Add more bounds checks (Fix a heap overflow)
       ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow)
       DHCP: Fix MUDURL and TZ options
       DHCPv6: Process MUDURL and TZ options
       DHCPv6: Update Status Codes with RFCs/IANA names
       DNS: Represent the "DNSSEC OK" bit as "DO" instead of \ 
"OK". Add a test case
       DTP: Improve packet integrity checks
       EGP: Fix bounds checks
       ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later
       ESP: Handle OpenSSL 1.1.x
       Ethernet: Add some bounds checking before calling isoclns_print (Fix a \ 
heap overflow)
       Ethernet: Print the Length/Type field as length when needed
       FDDI: Fix -e output for FDDI
       FR: Add some packet-length checks and improve Q.933 printing (Fix heap \ 
overflows)
       GRE: Add some bounds checks (Fix heap overflows)
       Geneve: Fix error message with invalid option length; Update list option \ 
classes
       HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes
       ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS()
       ICMP6: dagid is always an IPv6 address, not an opaque 128-bit string
       IGMP: Add a length check
       IP: Add a bounds check (Fix a heap overflow)
       IP: Check before fetching the protocol version (Fix a heap overflow)
       IP: Don't try to dissect if IP version != 4 (Fix a heap overflow)
       IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
       IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow)
       IPoFC: Fix -e output (IP-over-Fibre Channel)
       IPv6: Don't overwrite the destination IPv6 address for routing headers
       IPv6: Fix header printing
       IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP
       ISAKMP: Clean up parsing of IKEv2 Security Associations
       ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and \ 
test cases
       ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature
       ISOCLNS/IS-IS: Filter out non-printable characters
       ISOCLNS/IS-IS: Fix segmentation faults
       ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing
       ISOCLNS: Add some bounds checks
       Juniper: Make sure a Juniper header TLV isn't bigger than what's left in \ 
the packet (Fix a heap overflow)
       LLC/SNAP: With -e, print the LLC header before the SNAP header; without \ 
it, cut the SNAP header
       LLC: Add a bounds check (Fix a heap overflow)
       LLC: Clean up printing of LLC packets
       LLC: Fix the printing of RFC 948-style IP packets
       LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols
       LLDP: Implement IANA OUI and LLDP MUD option
       MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks
       MPLS: "length" is now the *remaining* packet length
       MPLS: Add bounds and length checks (Fix a heap overflow)
       NFS: Add a test that makes unaligned accesses
       NFS: Don't assume the ONC RPC header is nicely aligned
       NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault)
       NFS: Don't run past the end of an NFSv3 file handle
       OLSR: Add a test to cover a HNA sgw case
       OLSR: Fix 'Advertised networks' count
       OLSR: Fix printing of smart-gateway HNAs in IPv4
       OSPF: Add a bounds check for the Hello packet options
       OSPF: Do more bounds checking
       OSPF: Fix a segmentation fault
       OSPF: Fix printing 'ospf_topology_values' default
       OTV: Add missing bounds checks
       PGM: Print the formatted IP address, not the raw binary address, as a string
       PIM: Add some bounds checking (Fix a heap overflow)
       PIMv2: Fix checksumming of Register messages
       PPI: Pass an adjusted struct pcap_pkthdr to the sub-printer
       PPP: Add some bounds checks (Fix a heap overflow)
       PPP: Report invalid PAP AACK/ANAK packets
       Q.933: Add a missing bounds check
       RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute
       RADIUS: Filter out non-printable characters
       RADIUS: Translate UDP/1700 as RADIUS
       RESP: Do better checking of RESP packets
       RPKI-RTR: Add a return value check for "fn_printn" call
       RPKI-RTR: Remove printing when truncated condition already detected
       RPL: Fix 'Consistency Check' control code
       RPL: Fix suboption print
       RSVP: An INTEGRITY object in a submessage covers only the submessage
       RSVP: Fix an infinite loop; Add bounds and length checks
       RSVP: Fix some if statements missing brackets
       RSVP: Have signature_verify() do the copying and clearing
       RTCP: Add some bounds checks
       RTP: Add some bounds checks, fix two segmentation faults
       SCTP: Do more bounds checking
       SFLOW: Fix bounds checking
       SLOW: Fix bugs, add checks
       SMB: Before fetching the flags2 field, make sure we have it
       SMB: Do bounds checks on NBNS resource types and resource data lengths
       SNMP: Clean up the "have libsmi but no modules loaded" case
       SNMP: Clean up the object abbreviation list and fix the code to match them
       SNMP: Do bounds checks when printing character and octet strings
       SNMP: Improve ASN.1 bounds checks
       SNMP: More bounds and length checks
       STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows)
       STP: Filter out non-printable characters
       TCP: Add bounds and length checks for packets with TCP option 20
       TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP
       TCP: Fix two bounds checks (Fix heap overflows)
       TCP: Make sure we have the data offset field before fetching it (Fix a \ 
heap overflow)
       TCP: Put TCP-AO option decoding right
       TFTP: Don't use strchr() to scan packet data (Fix a heap overflow)
       Telnet: Add some bounds checks
       TokenRing: Fix -e output
       UDLD: Fix an infinite loop
       UDP: Add a bounds check (Fix a heap overflow)
       UDP: Check against the packet length first
       UDP: Don't do the DDP-over-UDP heuristic check up front
       VAT: Add some bounds checks
       VTP: Add a test on Mgmt Domain Name length
       VTP: Add bounds checks and filter out non-printable characters
       VXLAN: Add a bound check and a test case
       ZeroMQ: Fix an infinite loop

   Tuesday October 25, 2016 mcr%sandelman.ca@localhost
     Summary for 4.8.1 tcpdump release
           Fix "-x" for Apple PKTAP and PPI packets
           Use PRIx64 to print a 64-bit number in hex.
           Printer for HNCP (RFCs 7787 and 7788).
           dagid is always an IPv6 address, not an opaque 128-bit string, and \ 
other fixes to RPL printer.
           RSVP: Add bounds and length checks
           OSPF: Do more bounds checking
           Handle OpenSSL 1.1.x.
           Initial support for the REdis Serialization Protocol known as RESP.
           Add printing function for Generic Protocol Extension for VXLAN
               draft-ietf-nvo3-vxlan-gpe-01
           Network Service Header: draft-ietf-sfc-nsh-01
           Don't recompile the filter if the new file has the same DLT.
           Pass an adjusted struct pcap_pkthdr to the sub-printer.
           Add three test cases for already fixed CVEs
              CVE-2014-8767: OLSR
              CVE-2014-8768: Geonet
              CVE-2014-8769: AODV
           Don't do the DDP-over-UDP heuristic first: GitHub issue #499.
           Use the new debugging routines in libpcap.
           Harmonize TCP source or destination ports tests with UDP ones
           Introduce data types to use for integral values in packet structures.
           RSVP: Fix an infinite loop
           Support of Type 3 and Type 4 LISP packets.
           Don't require IPv6 library support in order to support IPv6 addresses.
           Many many changes to support libnetdissect usage.
           Add a test that makes unaligned accesses: GitHub issue #478.
           add a DNSSEC test case: GH #445 and GH #467.
           BGP: add decoding of ADD-PATH capability
           fixes to LLC header printing, and RFC948-style IP packets \ 
----------------------------------------------------------------------

   To generate a diff of this commit:
   cvs rdiff -u -r1.42 -r1.43 pkgsrc/net/tcpdump/Makefile
   cvs rdiff -u -r1.24 -r1.25 pkgsrc/net/tcpdump/distinfo