aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils/tcpdump
Commit message (Collapse)AuthorAgeFilesLines
* tcpdump: update to 4.99.4Nick Hainke2023-04-171-2/+2
| | | | | | | | | Fixes CVE-2023-1801. Changelog can be found here: https://git.tcpdump.org/tcpdump/blob/55bc126b0216cfe409b8d6bd378f65679d136ddf:/CHANGES Signed-off-by: Nick Hainke <vincent@systemli.org>
* treewide: add support for "gc-sections" in PKG_BUILD_FLAGSAndre Heider2023-03-211-3/+1
| | | | | | | | | | | | | | | This reduces open coding and allows to easily add a knob to enable it treewide, where chosen packages can still opt-out via "no-gc-sections". Note: libnl, mbedtls and opkg only used the CFLAGS part without the LDFLAGS counterpart. That doesn't help at all if the goal is to produce smaller binaries. I consider that an accident, and this fixes it. Note: there are also packages using only the LDFLAGS part. I didn't touch those, as gc might have been disabled via CFLAGS intentionally. Signed-off-by: Andre Heider <a.heider@gmail.com>
* tcpdump: update to 4.99.3Nick Hainke2023-01-261-2/+2
| | | | | | | Changes: https://git.tcpdump.org/tcpdump/blob/032e4923e5202ea4d5a6d1cead83ed1927135874:/CHANGES Signed-off-by: Nick Hainke <vincent@systemli.org>
* tcpdump: update to 4.99.2Nick Hainke2023-01-063-36/+37
| | | | | | | | | | | | | | | | | | | | | | | Update to latest version. For release information look into CHANGES file [0]. Automatically refreshed: - 001-remove_pcap_debug.patch Manually refreshed: - 100-tcpdump_mini.patch old ipkg sizes: 316554 bin/packages/mips_24kc/base/tcpdump_4.99.1-1_mips_24kc.ipk 141457 bin/packages/mips_24kc/base/tcpdump-mini_4.99.1-1_mips_24kc.ipk new ipkg sizes: 318089 bin/packages/mips_24kc/base/tcpdump_4.99.2-1_mips_24kc.ipk 141941 bin/packages/mips_24kc/base/tcpdump-mini_4.99.2-1_mips_24kc.ipk [0] - https://github.com/the-tcpdump-group/tcpdump/blob/master/CHANGES Signed-off-by: Nick Hainke <vincent@systemli.org>
* build: prefer HTTPS if available (for packages)Daniel Cousens2022-10-051-1/+1
| | | | | | | | Changes PKG_SOURCE_URL's for arptables, bsdiff, dnsmasq, fortify-headers, ipset, ipset-dns, libaudit, libpcap, libressl, lua, lua5.3, tcpdump and valgrind, to HTTPS Signed-off-by: Daniel Cousens <github@dcousens.com>
* tcpdump: update to 4.99.1Nick Hainke2022-07-035-506/+361
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adjust - 100-tcpdump_mini.patch Remove upstreamed patches: - 101-CVE-2020-8037.patch - 102-CVE-2018-16301.patch Changelog: Wednesday, June 9, 2021 by gharris Summary for 4.99.1 tcpdump release Source code: Squelch some compiler warnings ICMP: Update the snapend for some nested IP packets. MACsec: Update the snapend thus the ICV field is not payload for the caller. EIGRP: Fix packet header fields SMB: Disable printer by default in CMake builds OLSR: Print the protocol name even if the packet is invalid MSDP: Print ": " before the protocol name ESP: Remove padding, padding length and next header from the buffer DHCPv6: Update the snapend for nested DHCPv6 packets OpenFlow 1.0: Get snapend right for nested frames. TCP: Update the snapend before decoding a MPTCP option Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks ForCES: Refine SPARSEDATA-TLV length check. ASCII/hex: Use nd_trunc_longjmp() in truncation cases GeoNet: Add a ND_TCHECK_LEN() call Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES(). BGP: Fix overwrites of global 'astostr' temporary buffer ARP: fix overwrites of static buffer in q922_string(). Frame Relay: have q922_string() handle errors better. Building and testing: Rebuild configure script when building release Fix "make clean" for out-of-tree autotools builds CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH. Documentation: man: Update a reference as www.cifs.org is gone. [skip ci] man: Update DNS sections Solaris: Fix a compile error with Sun C Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl. Summary for 4.99.0 tcpdump release CVE-2018-16301: For the -F option handle large input files safely. Improve the contents, wording and formatting of the man page. Print unsupported link-layer protocol packets in hex. Add support for new network protocols and DLTs: Arista, Autosar SOME/IP, Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS, ZigBee Encapsulation Protocol (ZEP). Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP, ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS, NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD, VXLAN-GPE. User interface: Make SLL2 the default for Linux "any" pseudo-device. Add --micro and --nano shorthands. Add --count to print a counter only instead of decoding. Add --print, to cause packet printing even with -w. Add support for remote capture if libpcap supports it. Display the "wireless" flag and connection status. Flush the output packet buffer on a SIGUSR2. Add the snapshot length to the "reading from file ..." message. Fix local time printing (DST offset in timestamps). Allow -C arguments > 2^31-1 GB if they can fit into a long. Handle very large -f files by rejecting them. Report periodic stats only when safe to do so. Print the number of packets captured only as often as necessary. With no -s, or with -s 0, don't specify the snapshot length with newer versions of libpcap. Improve version and usage message printing. Building and testing: Install into bindir, not sbindir. autoconf: replace --with-system-libpcap with --disable-local-libpcap. Require the compiler to support C99. Better detect and use various C compilers and their features. Add CMake as the second build system. Make out-of-tree builds more reliable. Use pkg-config to detect libpcap if available. Improve Windows support. Add more tests and improve the scripts that run them. Test both with "normal" and "x87" floating-point. Eliminate dependency on libdnet. FreeBSD: Print a proper error message about monitor mode VAP. Use libcasper if available. Fix failure to capture on RDMA device. Include the correct capsicum header. Source code: Start the transition to longjmp() for packet truncation handling. Introduce new helper functions, including GET_*(), nd_print_protocol(), nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others. Put integer signedness right in many cases. Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix alignment issues, especially on SPARC. Fix many C compiler, Coverity, UBSan and cppcheck warnings. Fix issues detected with AddressSanitizer. Remove many workarounds for older compilers and OSes. Add a sanity check on packet header length. Add and remove plenty of bounds checks. Clean up pcap_findalldevs() call to find the first interface. Use a short timeout, rather than immediate mode, for text output. Handle DLT_ENC files *not* written on the same OS and byte-order host. Add, and use, macros to do locale-independent case mapping. Use a table instead of getprotobynumber(). Get rid of ND_UNALIGNED and ND_TCHECK(). Make roundup2() generally available. Resync SMI list against Wireshark. Fix many typos. Co-Developed-by: Ivan Pavlov <AuthorReflex@gmail.com> Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> Signed-off-by: Nick Hainke <vincent@systemli.org>
* tcpdump: Fix CVE-2018-16301Hauke Mehrtens2022-02-122-1/+102
| | | | | | | | | | | This fixes the following security problem: The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tcpdump: libpcap: Remove http://www.us.tcpdump.org mirrorHauke Mehrtens2021-12-271-2/+1
| | | | | | | | The http://www.us.tcpdump.org mirror will go offline soon, only use the normal download URL. Reported-by: Denis Ovsienko <denis@ovsienko.info> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tcpdump: fix pcap-config issuesRosen Penev2020-12-222-115/+4
| | | | | | | | | | | | | | The patch removes a libpcap check to avoid a problem with libpcap. Fix libpcap instead. Modernize Makefile: Use a normal autoconf bool instead of checking for CONFIG_IPV6. Remove old configure and MAKE_FLAGS hacks. Removing them results in compilation continuing to work without a problem. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* tcpdump: patch CVE-2020-8037Jan Pavlinec2020-11-252-1/+48
| | | | | | | | | This PR backports upstream fix for CVE-2020-8037. This fix is only relevant for tcpdump package, tcpdump-mini is not affeted by this issue. Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz> [added missing commit description] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* tcpdump: update to 4.9.3DENG Qingfang2019-10-124-19/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed CVEs: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 CVE-2019-15167 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
* build: include BUILD_VARIANT in PKG_BUILD_DIRJeffery To2019-08-051-1/+0
| | | | | | | | | | | This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into account (if set), so that packages do not need to manually override PKG_BUILD_DIR just to handle variants. This also updates most base packages with variants to use the updated default PKG_BUILD_DIR. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* tcpdump: explicitly disable libcap-ng supportStijn Tintel2018-07-301-0/+1
| | | | | | | | When libcap-ng is detected during build, support for it is enabled. This will cause a build failure due to a missing dependency. Explicitly disable libcap-ng support to avoid this. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-171-0/+1
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* tcpdump: noop commit to refer CVEs fixed in 4.9.2Stijn Tintel2017-09-181-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed CVEs in the commit message. As the list of fixed CVEs is quite long, we should probably mention them in the changelogs of the releases to come. This commit will make sure this happens. The following CVEs were fixed in 21014d9708d586becbd62da571effadb488da9fc: CVE-2017-11541 CVE-2017-11541 CVE-2017-11542 CVE-2017-11542 CVE-2017-11543 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* tcpdump: bump to 4.9.2Stijn Tintel2017-09-112-37/+41
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* tcpdump: Update to 4.9.1Daniel Engberg2017-07-281-2/+2
| | | | | | | | | Update tcpdump to 4.9.1 Fixes: * CVE-2017-11108: Fix bounds checking for STP. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* utils/tcpdump: Rework URLsDaniel Engberg2017-03-221-2/+2
| | | | | | | Add actual mirror and use main site as last resport Source: http://www.tcpdump.org/mirrors.html Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* tcpdump: fix tcpdump-mini build on glibc 2.25Felix Fietkau2017-02-111-30/+7
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tcpdump: update to version 4.9.0Hauke Mehrtens2017-02-064-81/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following 41 security problems: + CVE-2016-7922: buffer overflow in print-ah.c:ah_print(). + CVE-2016-7923: buffer overflow in print-arp.c:arp_print(). + CVE-2016-7924: buffer overflow in print-atm.c:oam_print(). + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print(). + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print(). + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print(). + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print(). + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header(). + CVE-2016-7930: buffer overflow in print-llc.c:llc_print(). + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print(). + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum(). + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print(). + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print(). + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print(). + CVE-2016-7936: buffer overflow in print-udp.c:udp_print(). + CVE-2016-7937: buffer overflow in print-udp.c:vat_print(). + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame(). + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions. + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions. + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions. + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions. + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print(). + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print(). + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print(). + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print(). + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions. + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print(). + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print(). + CVE-2016-8575: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print(). + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print(). + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print(). + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print(). + CVE-2017-5341: buffer overflow in print-otv.c:otv_print(). + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). + CVE-2017-5482: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse(). + CVE-2017-5484: buffer overflow in print-atm.c:sig_print(). + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap(). + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print(). The size of the package is only incread very little: new size: 306430 tcpdump_4.9.0-1_mips_24kc.ipk 130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk old size: 302782 tcpdump_4.8.1-1_mips_24kc.ipk 129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tcpdump: reduce size of -mini by removing more infrequently used protocolsFelix Fietkau2016-12-121-23/+25
| | | | | | | | | | | This removes: - BGP - CDP - SCTP MIPS binary .ipk size is reduced from ~150k to ~130k Signed-off-by: Felix Fietkau <nbd@nbd.name>
* net/utils/tcpdump: update to 4.8.1p-wassi2016-12-124-576/+700
| | | | | | Update tcpdump to upstream release 4.8.1 Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* treewide: replace nbd@openwrt.org with nbd@nbd.nameFelix Fietkau2016-06-071-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* license info - revert r43155John Crispin2014-11-031-3/+0
| | | | | | | | turns out that r43155 adds duplicate info. Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 43167
* Add more license tags with SPDX identifiersJohn Crispin2014-11-031-0/+3
| | | | | | | | | | | | | | | | | | Note, that licensing stuff is a nightmare: many packages does not clearly state their licenses, and often multiple source files are simply copied together - each with different licensing information in the file headers. I tried hard to ensure, that the license information extracted into the OpenWRT's makefiles fit the "spirit" of the packages, e.g. such small packages which come without a dedicated source archive "inherites" the OpenWRT's own license in my opinion. However, I can not garantee that I always picked the correct information and/or did not miss license information. Signed-off-by: Michael Heimpold <mhei@heimpold.de> SVN-Revision: 43155
* Add a few SPDX tagsSteven Barth2014-11-021-0/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43151
* tcpdump: update to current upstream version 4.5.1Felix Fietkau2014-02-055-115/+164
| | | | | | | | | | -size_of(old tcpdump-mini 4.2.1) = 145245 Byte -size_of(new tcpdump-mini 4.5.1) = 149416 Byte => ~4.2 KByte increase Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de> SVN-Revision: 39474
* tcpdump: add SLL parsing support to tcpdump-mini, use -ffunction-sections, ↵Felix Fietkau2013-01-222-52/+70
| | | | | | -fdata-sections and --gc-sections to reduce size SVN-Revision: 35288
* tcpdump: move to trunk and add myself as maintainerFelix Fietkau2012-10-105-0/+962
SVN-Revision: 33690