diff --git a/README.md b/README.md index a96215e..72e7d9f 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,4 @@ # tcpdump +Tcpdump prints out the headers of packets on a network interface that match the boolean expression. + diff --git a/tcpdump-3.8.3-rsvp-dos.patch b/tcpdump-3.8.3-rsvp-dos.patch new file mode 100644 index 0000000..19f8d42 --- /dev/null +++ b/tcpdump-3.8.3-rsvp-dos.patch @@ -0,0 +1,31 @@ +--- tcpdump-3.8.3/print-rsvp.c.old 2004-03-24 05:00:38.000000000 +0100 ++++ tcpdump-3.8.3/print-rsvp.c 2005-04-27 17:09:34.000000000 +0200 +@@ -872,6 +872,8 @@ + + case RSVP_OBJ_RRO: + case RSVP_OBJ_ERO: ++ { ++ int step; + switch(rsvp_obj_ctype) { + case RSVP_CTYPE_IPV4: + while(obj_tlen >= 4 ) { +@@ -889,15 +891,16 @@ + "none", + *(obj_tptr+7))); /* rfc3209 says that this field is rsvd. */ + } +- obj_tlen-=*(obj_tptr+1); +- obj_tptr+=*(obj_tptr+1); ++ step = *(obj_tptr+1) ? *(obj_tptr+1) : obj_tlen; ++ obj_tlen -= step; ++ obj_tptr += step; + } + break; + default: + hexdump=TRUE; + } + break; +- ++ } + case RSVP_OBJ_HELLO: + switch(rsvp_obj_ctype) { + case RSVP_CTYPE_1: diff --git a/tcpdump-3.9.1-bgp_dos.patch b/tcpdump-3.9.1-bgp_dos.patch new file mode 100644 index 0000000..74668ac --- /dev/null +++ b/tcpdump-3.9.1-bgp_dos.patch @@ -0,0 +1,11 @@ +--- tcpdump-3.9.1/print-bgp.c.orig 2005-07-06 14:59:51.000000000 +0200 ++++ tcpdump-3.9.1/print-bgp.c 2005-07-06 15:00:36.000000000 +0200 +@@ -1176,7 +1176,7 @@ + printf(", no SNPA"); + } + +- while (len - (tptr - pptr) > 0) { ++ while ((tptr - pptr) > 0 && len - (tptr - pptr) > 0) { + switch (af<<8 | safi) { + case (AFNUM_INET<<8 | SAFNUM_UNICAST): + case (AFNUM_INET<<8 | SAFNUM_MULTICAST): diff --git a/tcpdump-3.9.1-isis_dos.patch b/tcpdump-3.9.1-isis_dos.patch new file mode 100644 index 0000000..d66754c --- /dev/null +++ b/tcpdump-3.9.1-isis_dos.patch @@ -0,0 +1,25 @@ +--- tcpdump-3.9.1/print-isoclns.c.orig 2005-07-06 15:05:30.000000000 +0200 ++++ tcpdump-3.9.1/print-isoclns.c 2005-07-06 15:05:34.000000000 +0200 +@@ -2121,13 +2121,15 @@ static int isis_print (const u_int8_t *p + } + tmp --; + printf("\n\t LAN address length %u bytes ",lan_alen); +- while (tmp >= lan_alen) { +- if (!TTEST2(*tptr, lan_alen)) +- goto trunctlv; +- printf("\n\t\tIS Neighbor: %s",isis_print_id(tptr,lan_alen)); +- tmp -= lan_alen; +- tptr +=lan_alen; +- } ++ if(lan_alen >= SYSTEM_ID_LEN) { ++ while (tmp >= lan_alen) { ++ if (!TTEST2(*tptr, lan_alen)) ++ goto trunctlv; ++ printf("\n\t\tIS Neighbor: %s",isis_print_id(tptr,lan_alen)); ++ tmp -= lan_alen; ++ tptr +=lan_alen; ++ } ++ } + break; + + case ISIS_TLV_PADDING: diff --git a/tcpdump-3.9.1-ldp_dos.patch b/tcpdump-3.9.1-ldp_dos.patch new file mode 100644 index 0000000..abcdbde --- /dev/null +++ b/tcpdump-3.9.1-ldp_dos.patch @@ -0,0 +1,26 @@ +diff -pur tcpdump-3.9.1/print-ascii.c tcpdump-3.9.1-fixed/print-ascii.c +--- tcpdump-3.9.1/print-ascii.c 2004-07-22 00:00:10.000000000 +0200 ++++ tcpdump-3.9.1-fixed/print-ascii.c 2005-07-06 15:28:22.000000000 +0200 +@@ -142,6 +142,9 @@ hex_print_with_offset(register const cha + register int nshorts; + + nshorts = (u_int) length / sizeof(u_short); ++ if(!nshorts) ++ return; ++ + i = 0; + while (--nshorts >= 0) { + if ((i++ % 8) == 0) { +diff -pur tcpdump-3.9.1/print-ldp.c tcpdump-3.9.1-fixed/print-ldp.c +--- tcpdump-3.9.1/print-ldp.c 2005-06-16 03:10:35.000000000 +0200 ++++ tcpdump-3.9.1-fixed/print-ldp.c 2005-07-06 15:21:24.000000000 +0200 +@@ -559,7 +559,8 @@ ldp_msg_print(register const u_char *ppt + return 0; + + msg_tptr=tptr+sizeof(struct ldp_msg_header); +- msg_tlen=msg_len-sizeof(struct ldp_msg_header)+4; /* Type & Length fields not included */ ++ /* Type & Length fields not included */ ++ msg_tlen = (msg_len >= (sizeof(struct ldp_msg_header) + 4)) ? (msg_len - sizeof(struct ldp_msg_header) + 4) : 0; + + /* did we capture enough for fully decoding the message ? */ + if (!TTEST2(*tptr, msg_len)) diff --git a/tcpdump.spec b/tcpdump.spec new file mode 100644 index 0000000..542851b --- /dev/null +++ b/tcpdump.spec @@ -0,0 +1,122 @@ +Name: tcpdump +Version: 4.5.1 +Release: 1mamba +Summary: tcpdump - dump traffic on a network +Group: Network/Monitoring +Vendor: openmamba +Distribution: openmamba +Packager: Aleph0 +URL: http://www.tcpdump.org +Source: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz +Patch0: %{name}-3.8.3-rsvp-dos.patch +Patch1: %{name}-3.9.1-bgp_dos.patch +Patch2: %{name}-3.9.1-isis_dos.patch +Patch3: %{name}-3.9.1-ldp_dos.patch +License: GPL +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libopenssl-devel +BuildRequires: libpcap-devel +## AUTOBUILDREQ-END +BuildRequires: libpcap-devel >= 1.2 +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +Tcpdump prints out the headers of packets on a network interface that match the boolean expression. + +%prep +%setup -q +%patch0 -p1 -b .rsvp_dos +%patch1 -p1 -b .bgp_dos +%patch2 -p1 -b .isis_dos +%patch3 -p1 -b .ldp_dos + +%build +%configure --disable-smb --enable-ipv6 \ +%if "%{_host}" != "%{_build}" + ac_cv_linux_vers=2 \ + ac_cv_search_getaddrinfo=no +%endif +%make + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" +%makeinstall + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%files +%defattr(-,root,root) +%{_sbindir}/tcpdump +%{_sbindir}/tcpdump.%{version} +%{_mandir}/man1/* +%doc CREDITS LICENSE + +%changelog +* Wed Nov 27 2013 Automatic Build System 4.5.1-1mamba +- automatic version update by autodist + +* Mon Apr 29 2013 Automatic Build System 4.4.0-1mamba +- automatic version update by autodist + +* Wed Jul 25 2012 Silvan Calarco 4.3.0-2mamba +- rebuilt with libpcap 1.3.0 + +* Wed Jun 13 2012 Automatic Build System 4.3.0-1mamba +- automatic version update by autodist + +* Mon Jan 02 2012 Automatic Build System 4.2.1-1mamba +- automatic version update by autodist + +* Thu Nov 11 2010 Silvan Calarco 4.1.1-2mamba +- rebuilt with openssl 1.0.0 + +* Tue Apr 06 2010 Automatic Build System 4.1.1-1mamba +- automatic update to 4.1.1 by autodist + +* Wed Mar 31 2010 Automatic Build System 4.1-1mamba +- automatic update to 4.1 by autodist + +* Thu Nov 06 2008 Silvan Calarco 4.0.0-1mamba +- automatic update to 4.0.0 by autodist + +* Tue Oct 02 2007 Aleph0 3.9.8-1mamba +- update to 3.9.8 + +* Tue Jul 24 2007 Aleph0 3.9.7-1mamba +- update to 3.9.7 +- dropped patch against CVE-2007-1218 (merged in this release) + +* Tue Jun 12 2007 Aleph0 3.9.6-1mamba +- update to 3.9.6 + +* Tue Mar 20 2007 Aleph0 3.9.5-2qilnx +- security fix against CVE-2007-1218 + +* Wed Oct 04 2006 Davide Madrisan 3.9.5-1qilnx +- update to version 3.9.5 by autospec + +* Tue Oct 04 2005 Davide Madrisan 3.9.4-1qilnx +- update to version 3.9.4 by autospec + +* Wed Jul 06 2005 Davide Madrisan 3.9.1-1qilnx +- update to version 3.9.1 by autospec +- removed patches for CAN-2005-1267 and GCC-3.4.x +- updated security patches (DoS) for BGP ISIS, LDP + +* Wed Jun 15 2005 Davide Madrisan 3.8.3-3qilnx +- security fix QSA-2005-076 (CAN-2005-1267) + +* Mon May 16 2005 Davide Madrisan 3.8.3-2qilnx +- security fix QSA-2005-064 (CAN-2005-12[78,79,80]) + +* Wed Mar 31 2004 Davide Madrisan 3.8.3-1qilnx +- new version rebuild. Fixes critical flaws: CAN-2004-0183, CAN-2004-0184 +- disabled possibly-buggy SMB printer support, enabled IPv6 protocol support + +* Thu Jan 15 2004 Davide Madrisan 3.8.1-1qilnx +- rebuilt with latest version + +* Thu Jun 19 2003 Silvan Calarco 3.7.2-1qilnx +- first build for tcpdump