openwrt/upstream - upstream openwrt

	Commit message (Collapse)	Author	Age	Files	Lines
*	tcpdump: update to 4.99.2	Nick Hainke	2023-01-06	2	-34/+35
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Update to latest version. For release information look into CHANGES file [0]. Automatically refreshed: - 001-remove_pcap_debug.patch Manually refreshed: - 100-tcpdump_mini.patch old ipkg sizes: 316554 bin/packages/mips_24kc/base/tcpdump_4.99.1-1_mips_24kc.ipk 141457 bin/packages/mips_24kc/base/tcpdump-mini_4.99.1-1_mips_24kc.ipk new ipkg sizes: 318089 bin/packages/mips_24kc/base/tcpdump_4.99.2-1_mips_24kc.ipk 141941 bin/packages/mips_24kc/base/tcpdump-mini_4.99.2-1_mips_24kc.ipk [0] - https://github.com/the-tcpdump-group/tcpdump/blob/master/CHANGES Signed-off-by: Nick Hainke <vincent@systemli.org>
*	tcpdump: update to 4.99.1	Nick Hainke	2022-07-03	4	-501/+356
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Adjust - 100-tcpdump_mini.patch Remove upstreamed patches: - 101-CVE-2020-8037.patch - 102-CVE-2018-16301.patch Changelog: Wednesday, June 9, 2021 by gharris Summary for 4.99.1 tcpdump release Source code: Squelch some compiler warnings ICMP: Update the snapend for some nested IP packets. MACsec: Update the snapend thus the ICV field is not payload for the caller. EIGRP: Fix packet header fields SMB: Disable printer by default in CMake builds OLSR: Print the protocol name even if the packet is invalid MSDP: Print ": " before the protocol name ESP: Remove padding, padding length and next header from the buffer DHCPv6: Update the snapend for nested DHCPv6 packets OpenFlow 1.0: Get snapend right for nested frames. TCP: Update the snapend before decoding a MPTCP option Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks ForCES: Refine SPARSEDATA-TLV length check. ASCII/hex: Use nd_trunc_longjmp() in truncation cases GeoNet: Add a ND_TCHECK_LEN() call Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES(). BGP: Fix overwrites of global 'astostr' temporary buffer ARP: fix overwrites of static buffer in q922_string(). Frame Relay: have q922_string() handle errors better. Building and testing: Rebuild configure script when building release Fix "make clean" for out-of-tree autotools builds CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH. Documentation: man: Update a reference as www.cifs.org is gone. [skip ci] man: Update DNS sections Solaris: Fix a compile error with Sun C Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl. Summary for 4.99.0 tcpdump release CVE-2018-16301: For the -F option handle large input files safely. Improve the contents, wording and formatting of the man page. Print unsupported link-layer protocol packets in hex. Add support for new network protocols and DLTs: Arista, Autosar SOME/IP, Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS, ZigBee Encapsulation Protocol (ZEP). Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP, ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS, NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD, VXLAN-GPE. User interface: Make SLL2 the default for Linux "any" pseudo-device. Add --micro and --nano shorthands. Add --count to print a counter only instead of decoding. Add --print, to cause packet printing even with -w. Add support for remote capture if libpcap supports it. Display the "wireless" flag and connection status. Flush the output packet buffer on a SIGUSR2. Add the snapshot length to the "reading from file ..." message. Fix local time printing (DST offset in timestamps). Allow -C arguments > 2^31-1 GB if they can fit into a long. Handle very large -f files by rejecting them. Report periodic stats only when safe to do so. Print the number of packets captured only as often as necessary. With no -s, or with -s 0, don't specify the snapshot length with newer versions of libpcap. Improve version and usage message printing. Building and testing: Install into bindir, not sbindir. autoconf: replace --with-system-libpcap with --disable-local-libpcap. Require the compiler to support C99. Better detect and use various C compilers and their features. Add CMake as the second build system. Make out-of-tree builds more reliable. Use pkg-config to detect libpcap if available. Improve Windows support. Add more tests and improve the scripts that run them. Test both with "normal" and "x87" floating-point. Eliminate dependency on libdnet. FreeBSD: Print a proper error message about monitor mode VAP. Use libcasper if available. Fix failure to capture on RDMA device. Include the correct capsicum header. Source code: Start the transition to longjmp() for packet truncation handling. Introduce new helper functions, including GET_(), nd_print_protocol(), nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others. Put integer signedness right in many cases. Introduce nd_uint, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix alignment issues, especially on SPARC. Fix many C compiler, Coverity, UBSan and cppcheck warnings. Fix issues detected with AddressSanitizer. Remove many workarounds for older compilers and OSes. Add a sanity check on packet header length. Add and remove plenty of bounds checks. Clean up pcap_findalldevs() call to find the first interface. Use a short timeout, rather than immediate mode, for text output. Handle DLT_ENC files not written on the same OS and byte-order host. Add, and use, macros to do locale-independent case mapping. Use a table instead of getprotobynumber(). Get rid of ND_UNALIGNED and ND_TCHECK(). Make roundup2() generally available. Resync SMI list against Wireshark. Fix many typos. Co-Developed-by: Ivan Pavlov <AuthorReflex@gmail.com> Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> Signed-off-by: Nick Hainke <vincent@systemli.org>
*	tcpdump: Fix CVE-2018-16301	Hauke Mehrtens	2022-02-12	1	-0/+101
\| \| \| \| \| \| \| \| \| \| \|	This fixes the following security problem: The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
*	tcpdump: fix pcap-config issues	Rosen Penev	2020-12-22	1	-92/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The patch removes a libpcap check to avoid a problem with libpcap. Fix libpcap instead. Modernize Makefile: Use a normal autoconf bool instead of checking for CONFIG_IPV6. Remove old configure and MAKE_FLAGS hacks. Removing them results in compilation continuing to work without a problem. Signed-off-by: Rosen Penev <rosenp@gmail.com>
*	tcpdump: patch CVE-2020-8037	Jan Pavlinec	2020-11-25	1	-0/+47
\| \| \| \| \| \| \| \| \|	This PR backports upstream fix for CVE-2020-8037. This fix is only relevant for tcpdump package, tcpdump-mini is not affeted by this issue. Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz> [added missing commit description] Signed-off-by: Petr Štetiar <ynezz@true.cz>
*	tcpdump: update to 4.9.3	DENG Qingfang	2019-10-12	3	-17/+17
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Fixed CVEs: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 CVE-2019-15167 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
*	tcpdump: bump to 4.9.2	Stijn Tintel	2017-09-11	1	-35/+39
\| \| \| \|	Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
*	tcpdump: fix tcpdump-mini build on glibc 2.25	Felix Fietkau	2017-02-11	1	-30/+7
\| \| \| \|	Signed-off-by: Felix Fietkau <nbd@nbd.name>
*	tcpdump: update to version 4.9.0	Hauke Mehrtens	2017-02-06	3	-79/+79
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This fixes the following 41 security problems: + CVE-2016-7922: buffer overflow in print-ah.c:ah_print(). + CVE-2016-7923: buffer overflow in print-arp.c:arp_print(). + CVE-2016-7924: buffer overflow in print-atm.c:oam_print(). + CVE-2016-7925: buffer overflow in print-sl.c:sl_if_print(). + CVE-2016-7926: buffer overflow in print-ether.c:ethertype_print(). + CVE-2016-7927: buffer overflow in print-802_11.c:ieee802_11_radio_print(). + CVE-2016-7928: buffer overflow in print-ipcomp.c:ipcomp_print(). + CVE-2016-7929: buffer overflow in print-juniper.c:juniper_parse_header(). + CVE-2016-7930: buffer overflow in print-llc.c:llc_print(). + CVE-2016-7931: buffer overflow in print-mpls.c:mpls_print(). + CVE-2016-7932: buffer overflow in print-pim.c:pimv2_check_checksum(). + CVE-2016-7933: buffer overflow in print-ppp.c:ppp_hdlc_if_print(). + CVE-2016-7934: buffer overflow in print-udp.c:rtcp_print(). + CVE-2016-7935: buffer overflow in print-udp.c:rtp_print(). + CVE-2016-7936: buffer overflow in print-udp.c:udp_print(). + CVE-2016-7937: buffer overflow in print-udp.c:vat_print(). + CVE-2016-7938: integer overflow in print-zeromq.c:zmtp1_print_frame(). + CVE-2016-7939: buffer overflow in print-gre.c, multiple functions. + CVE-2016-7940: buffer overflow in print-stp.c, multiple functions. + CVE-2016-7973: buffer overflow in print-atalk.c, multiple functions. + CVE-2016-7974: buffer overflow in print-ip.c, multiple functions. + CVE-2016-7975: buffer overflow in print-tcp.c:tcp_print(). + CVE-2016-7983: buffer overflow in print-bootp.c:bootp_print(). + CVE-2016-7984: buffer overflow in print-tftp.c:tftp_print(). + CVE-2016-7985: buffer overflow in print-calm-fast.c:calm_fast_print(). + CVE-2016-7986: buffer overflow in print-geonet.c, multiple functions. + CVE-2016-7992: buffer overflow in print-cip.c:cip_if_print(). + CVE-2016-7993: a bug in util-print.c:relts_print() could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM). + CVE-2016-8574: buffer overflow in print-fr.c:frf15_print(). + CVE-2016-8575: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5202: buffer overflow in print-isoclns.c:clnp_print(). + CVE-2017-5203: buffer overflow in print-bootp.c:bootp_print(). + CVE-2017-5204: buffer overflow in print-ip6.c:ip6_print(). + CVE-2017-5205: buffer overflow in print-isakmp.c:ikev2_e_print(). + CVE-2017-5341: buffer overflow in print-otv.c:otv_print(). + CVE-2017-5342: a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print(). + CVE-2017-5482: buffer overflow in print-fr.c:q933_print(). + CVE-2017-5483: buffer overflow in print-snmp.c:asn1_parse(). + CVE-2017-5484: buffer overflow in print-atm.c:sig_print(). + CVE-2017-5485: buffer overflow in addrtoname.c:lookup_nsap(). + CVE-2017-5486: buffer overflow in print-isoclns.c:clnp_print(). The size of the package is only incread very little: new size: 306430 tcpdump_4.9.0-1_mips_24kc.ipk 130324 tcpdump-mini_4.9.0-1_mips_24kc.ipk old size: 302782 tcpdump_4.8.1-1_mips_24kc.ipk 129033 tcpdump-mini_4.8.1-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
*	tcpdump: reduce size of -mini by removing more infrequently used protocols	Felix Fietkau	2016-12-12	1	-23/+25
\| \| \| \| \| \| \| \| \| \| \|	This removes: - BGP - CDP - SCTP MIPS binary .ipk size is reduced from ~150k to ~130k Signed-off-by: Felix Fietkau <nbd@nbd.name>
*	net/utils/tcpdump: update to 4.8.1	p-wassi	2016-12-12	3	-570/+696
\| \| \| \| \| \|	Update tcpdump to upstream release 4.8.1 Signed-off-by: Paul Wassi <p.wassi@gmx.at>
*	tcpdump: update to current upstream version 4.5.1	Felix Fietkau	2014-02-05	4	-112/+161
\| \| \| \| \| \| \| \| \| \|	-size_of(old tcpdump-mini 4.2.1) = 145245 Byte -size_of(new tcpdump-mini 4.5.1) = 149416 Byte => ~4.2 KByte increase Signed-off-by: Thomas Huehn <thomas@net.t-labs.tu-berlin.de> SVN-Revision: 39474
*	tcpdump: add SLL parsing support to tcpdump-mini, use -ffunction-sections, ↵	Felix Fietkau	2013-01-22	1	-51/+66
\| \| \| \| \| \|	-fdata-sections and --gc-sections to reduce size SVN-Revision: 35288
*	tcpdump: move to trunk and add myself as maintainer	Felix Fietkau	2012-10-10	4	-0/+876
	SVN-Revision: 33690