diff options
Diffstat (limited to 'net-analyzer/tcpdump')
| -rw-r--r-- | net-analyzer/tcpdump/Manifest | 10 | ||||
| -rw-r--r-- | net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch | 63 | ||||
| -rw-r--r-- | net-analyzer/tcpdump/metadata.xml | 12 | ||||
| -rw-r--r-- | net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild (renamed from net-analyzer/tcpdump/tcpdump-4.10.0_rc1.ebuild) | 52 | ||||
| -rw-r--r-- | net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild (renamed from net-analyzer/tcpdump/tcpdump-4.9.3-r1.ebuild) | 46 | ||||
| -rw-r--r-- | net-analyzer/tcpdump/tcpdump-4.9.3.ebuild | 92 | ||||
| -rw-r--r-- | net-analyzer/tcpdump/tcpdump-9999.ebuild | 32 |
7 files changed, 128 insertions, 179 deletions
diff --git a/net-analyzer/tcpdump/Manifest b/net-analyzer/tcpdump/Manifest index e67fccb6e06a..40b3c15b80ab 100644 --- a/net-analyzer/tcpdump/Manifest +++ b/net-analyzer/tcpdump/Manifest @@ -1,8 +1,8 @@ +AUX tcpdump-4.9.3-CVE-2020-8037.patch 1732 BLAKE2B f9ebe8862e6316443bec5b3103882eca6298104e64a7e121c81129367a984c6580e1be480e7aa263dfdf664d04547ea6cead7e16866978dffa33c2dba7c13dcb SHA512 f53b5557ad2c68c28bbd6121b637ade43937ce4956fa9c2c8b187e8c62726c018509eb728f7f7479d078c9018f091f64114944b2d6106e6214662899f880445a AUX tcpdump-9999-libdir.patch 505 BLAKE2B 903bbbd4d860053168c92a3bf2ef76bf8ab32a45da05d0b47894368d39d2c8432f68ff47740d30c34868a60e6e300e08a1a1b5b8e17bb9519c945e39f81014a6 SHA512 eb12b115c8c6f0a2b7bb84712fe3dda5ddde3e6acb56d00000e97abc007b26a1411ddf6be793205bf7c76ccecc3915c417124870326745e3896ae6963bb42341 DIST tcpdump-4.10.0rc1.tar.gz 1823212 BLAKE2B aa274e548163eacb09a98edbaa1127dbb06b6fe2f6eb23ffa968a577081d9d9323c339a885a198ee08d7dced04302cf50301ca575fbe95e082a6ed89e115de05 SHA512 b226ca569eeda7cee45fc7a1e42766f404d55ebca8133da544ecd75f975701532346f0cfdbefd4fc708fca12a8d094790c99a7276bd9b563885ef036a3912493 DIST tcpdump-4.9.3.tar.gz 2333119 BLAKE2B 21e13fc40d98cfac0bbd5513580cf98313df1f8fea24c48f045f70d494aea3e75230b8481049660c109f9179015c3164f3e3b31acc76c0bfb1f2da5039f1834e SHA512 3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22 -EBUILD tcpdump-4.10.0_rc1.ebuild 2007 BLAKE2B 76de68cff518dc99ead39c4c0051b5a6d13b9c7c215b36262f50cd3b371ced18ae198785abe8fa8fba01da728c2aaccb3c2e69c89dda231d445a1e98cc993947 SHA512 9dbd38f528da1f6b068aee1888b633726dd94f638480da8bf4aa67bda7355b21f7ab15d569b97d1f20ef577303be471bc670adb892834b6444c2c831c5885aed -EBUILD tcpdump-4.9.3-r1.ebuild 1879 BLAKE2B 65e3958ba8cad7dc7b7d2b77d6010e8f839c89fdb0d2fae5c15b338dab2d1b6f2758b86bfa94e72589a7578b3f3a7f299ba298a15414ee4847f014f9047915c9 SHA512 caada4ddb50725f408d1559b8d53c1ac8c996a5eee4ca41d645731f378c35ff7b1d74e75e7c728bb546c5c678d984015f702e5ba350048540f77cfc3fab56e1f -EBUILD tcpdump-4.9.3.ebuild 1938 BLAKE2B 3fbeee3f62778f3347d509c2daa7a70ece06f40e3a8d37b85f3a67f53a6c3ed1eaa09bc52b48239db0c51739ad2f94239f9ebe11ed9c1e4bc2dbde8b8eff94b9 SHA512 f627bd6a18482bbc70724491eb69acfbba095d5193bfee673da5f275ce8b40383450776aa1e22444595116df42bc5b6d23a2ffd16a5b94cbc3144253f64e104a -EBUILD tcpdump-9999.ebuild 1874 BLAKE2B 1ed3229b920e1dbaf9475165c8a46b9f03df687b638997f48df58ff041a45fe307f4818d539fbeab13a5eb0c04131b359b7109e4f80527da6469c5eff55aa305 SHA512 32234b09024c788595fa6f9b32e698ef40133253dae1042fb7e730590d6673ffc2e898295b42ebaa679d97cc95b45413979c161b4caf92ba92e411bc43e4c56c -MISC metadata.xml 639 BLAKE2B 2bbc5e38a9e172b7aa6dc69d211311d263007bb0da6e268cb9de953f0f862de3562b12e2ba3be267963ed2ef78254e7622951ab997550d78eb56fb057621e3ab SHA512 b765372f84fc597e257acf7d7e7daa5d9b220831ceb041851a9ef08da0fd419f36b12244cae9da0c3ef2b1b5c3fae9e4d234818ab4d58caf209c2c22604de392 +EBUILD tcpdump-4.10.0_rc1-r1.ebuild 1847 BLAKE2B 9dab89ac03e15253288ec3b3f71da253766183d4ad3ce5d37ff768d95a79e84b882c995e02f63870dd92531bdfa27719c36ff7474bd79c9ad2e1fc848f8926d9 SHA512 5a482da138d7fd148a71aa98edd6e1d80722e317c773068692cd9702d93382e44f78f45f3e0e6027372a90b4dd788029dd923b72fb7d55f93b0ce5d735b09a3d +EBUILD tcpdump-4.9.3-r4.ebuild 1758 BLAKE2B 12844ec4d7b49fcf249e21191cec0d98fa42a8ea83fb52de4d5202dacd989161a23dc931bec4776722b92b9f3ba21564fb71cd6aaaa96197ee3a3546c434ee5f SHA512 b6d7c8218540e3a6f374b6a827f40e136c665578e5a2a800241b7c0ba66c8cbc8a840cb51f8230455f48669ce7d78cc9d281eec5e9877d184160ac6ec2923aca +EBUILD tcpdump-9999.ebuild 1719 BLAKE2B 538b1b4f0519fcd589a9d9c20935c84c9fee5136337ce13f519f0a22cce6ac0331a37310574cc60d1db3f0eaff030f75ca756c729bc81989b3cfc1230ae27bfa SHA512 9fcbc567c7be186a19181a0daf3014e4df3acf16b7a578bb7a782802afa449a21f7174d6a5eb75f7ee313453e46a12488b18957000757b8e23110d6f72ebf4a4 +MISC metadata.xml 700 BLAKE2B 05ec78b920be862d58cb8ff1ec914ab7dd0be1a1b21cfacf106e127a51e0059afe61060ff6b647eb721a000b2b5433ee462f0463cba0004f344773fbcb3de7b9 SHA512 545888840227ad3a50cf4cc2a83a7f808ebeac4864ecae37efabf1723c9d5d7b7a59c62c9cdf7436f3fe5353c18f4b913eb6ea6f92ff7256312d7e0446cd09da diff --git a/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch b/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch new file mode 100644 index 000000000000..2852845eb748 --- /dev/null +++ b/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch @@ -0,0 +1,63 @@ +From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001 +From: Guy Harris <guy@alum.mit.edu> +Date: Sat, 18 Apr 2020 14:04:59 -0700 +Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer. + +The buffer should be big enough to hold the captured data, but it +doesn't need to be big enough to hold the entire on-the-network packet, +if we haven't captured all of it. + +(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334) +--- + print-ppp.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +diff --git a/print-ppp.c b/print-ppp.c +index 891761728..33fb03412 100644 +--- a/print-ppp.c ++++ b/print-ppp.c +@@ -1367,19 +1367,29 @@ print_bacp_config_options(netdissect_options *ndo, + return 0; + } + ++/* ++ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. ++ * The length argument is the on-the-wire length, not the captured ++ * length; we can only un-escape the captured part. ++ */ + static void + ppp_hdlc(netdissect_options *ndo, + const u_char *p, int length) + { ++ u_int caplen = ndo->ndo_snapend - p; + u_char *b, *t, c; + const u_char *s; +- int i, proto; ++ u_int i; ++ int proto; + const void *se; + ++ if (caplen == 0) ++ return; ++ + if (length <= 0) + return; + +- b = (u_char *)malloc(length); ++ b = (u_char *)malloc(caplen); + if (b == NULL) + return; + +@@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo, + * Do this so that we dont overwrite the original packet + * contents. + */ +- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { ++ for (s = p, t = b, i = caplen; i != 0; i--) { + c = *s++; + if (c == 0x7d) { +- if (i <= 1 || !ND_TTEST(*s)) ++ if (i <= 1) + break; + i--; + c = *s++ ^ 0x20; diff --git a/net-analyzer/tcpdump/metadata.xml b/net-analyzer/tcpdump/metadata.xml index 926985b6a8cb..1f6e1c98b574 100644 --- a/net-analyzer/tcpdump/metadata.xml +++ b/net-analyzer/tcpdump/metadata.xml @@ -1,13 +1,17 @@ <?xml version='1.0' encoding='UTF-8'?> <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> - <maintainer type="project"> - <email>netmon@gentoo.org</email> - <name>Gentoo network monitoring and analysis project</name> + <maintainer type="person"> + <email>zlogene@gentoo.org</email> + <name>Mikle Kolyada</name> + </maintainer> + <maintainer type="person"> + <email>sam@gentoo.org</email> + <name>Sam James</name> </maintainer> <use> <flag name="smi">Build with <pkg>net-libs/libsmi</pkg> to load MIBs on the fly to decode SNMP packets</flag> - <flag name="drop-root">Drop privileges to tcpdump:tcpdump when run as root</flag> + <flag name="drop-root">Drop privileges to pcap:pcap when run as root</flag> </use> <upstream> <remote-id type="cpe">cpe:/a:tcpdump:tcpdump</remote-id> diff --git a/net-analyzer/tcpdump/tcpdump-4.10.0_rc1.ebuild b/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild index c2cf8713eaca..3133cb51eca1 100644 --- a/net-analyzer/tcpdump/tcpdump-4.10.0_rc1.ebuild +++ b/net-analyzer/tcpdump/tcpdump-4.10.0_rc1-r1.ebuild @@ -2,35 +2,39 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=7 -inherit autotools user +inherit autotools DESCRIPTION="A Tool for network monitoring and data acquisition" -HOMEPAGE=" - https://www.tcpdump.org/ - https://github.com/the-tcpdump-group/tcpdump -" -LICENSE="BSD" -SRC_URI=" - https://github.com/the-tcpdump-group/${PN}/archive/${P/_}.tar.gz -" +HOMEPAGE="https://www.tcpdump.org/ https://github.com/the-tcpdump-group/tcpdump" +SRC_URI="https://github.com/the-tcpdump-group/${PN}/archive/${P/_}.tar.gz" +S="${WORKDIR}/${PN}-${P/_}" +LICENSE="BSD" SLOT="0" KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" IUSE="+drop-root libressl +smi +ssl +samba suid test" RESTRICT="!test? ( test )" REQUIRED_USE="test? ( samba )" +BDEPEND=" + drop-root? ( virtual/pkgconfig ) +" RDEPEND=" net-libs/libpcap - drop-root? ( sys-libs/libcap-ng ) + drop-root? ( + acct-group/pcap + acct-user/pcap + sys-libs/libcap-ng + ) smi? ( net-libs/libsmi ) ssl? ( !libressl? ( >=dev-libs/openssl-0.9.6m:0= ) libressl? ( dev-libs/libressl:= ) ) -" -BDEPEND=" - drop-root? ( virtual/pkgconfig ) + suid? ( + acct-group/pcap + acct-user/pcap + ) " DEPEND=" ${RDEPEND} @@ -42,18 +46,9 @@ DEPEND=" PATCHES=( "${FILESDIR}"/${PN}-9999-libdir.patch ) -S=${WORKDIR}/${PN}-${P/_} - -pkg_setup() { - if use drop-root || use suid; then - enewgroup tcpdump - enewuser tcpdump -1 -1 -1 tcpdump - fi -} src_prepare() { default - eautoreconf } @@ -64,7 +59,7 @@ src_configure() { $(use_with drop-root chroot '') \ $(use_with smi) \ $(use_with ssl crypto "${ESYSROOT}/usr") \ - $(usex drop-root "--with-user=tcpdump" "") + $(usex drop-root "--with-user=pcap" "") } src_test() { @@ -83,18 +78,11 @@ src_install() { dodoc CHANGES CREDITS README.md if use suid; then - fowners root:tcpdump /usr/sbin/tcpdump + fowners root:pcap /usr/sbin/tcpdump fperms 4110 /usr/sbin/tcpdump fi } -pkg_preinst() { - if use drop-root || use suid; then - enewgroup tcpdump - enewuser tcpdump -1 -1 -1 tcpdump - fi -} - pkg_postinst() { - use suid && elog "To let normal users run tcpdump add them into tcpdump group." + use suid && elog "To let normal users run tcpdump, add them to the pcap group." } diff --git a/net-analyzer/tcpdump/tcpdump-4.9.3-r1.ebuild b/net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild index e23d799be4ba..398ed0b9b2c5 100644 --- a/net-analyzer/tcpdump/tcpdump-4.9.3-r1.ebuild +++ b/net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild @@ -2,31 +2,35 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=7 -inherit autotools user + +inherit autotools DESCRIPTION="A Tool for network monitoring and data acquisition" -HOMEPAGE=" - https://www.tcpdump.org/ - https://github.com/the-tcpdump-group/tcpdump -" -SRC_URI=" - https://www.tcpdump.org/release/${P}.tar.gz -" +HOMEPAGE="https://www.tcpdump.org/ https://github.com/the-tcpdump-group/tcpdump" +SRC_URI="https://www.tcpdump.org/release/${P}.tar.gz" LICENSE="BSD" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" +KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux" IUSE="+drop-root libressl smi ssl samba suid test" RESTRICT="!test? ( test )" RDEPEND=" net-libs/libpcap - drop-root? ( sys-libs/libcap-ng ) + drop-root? ( + acct-group/pcap + acct-user/pcap + sys-libs/libcap-ng + ) smi? ( net-libs/libsmi ) ssl? ( !libressl? ( >=dev-libs/openssl-0.9.6m:0= ) libressl? ( dev-libs/libressl:= ) ) + suid? ( + acct-group/pcap + acct-user/pcap + ) " DEPEND=" ${RDEPEND} @@ -35,17 +39,12 @@ DEPEND=" dev-lang/perl ) " + PATCHES=( "${FILESDIR}"/${PN}-9999-libdir.patch + "${FILESDIR}"/${PN}-4.9.3-CVE-2020-8037.patch ) -pkg_setup() { - if use drop-root || use suid; then - enewgroup tcpdump - enewuser tcpdump -1 -1 -1 tcpdump - fi -} - src_prepare() { default eautoreconf @@ -58,7 +57,7 @@ src_configure() { $(use_with drop-root chroot '') \ $(use_with smi) \ $(use_with ssl crypto "${ESYSROOT}/usr") \ - $(usex drop-root "--with-user=tcpdump" "") + $(usex drop-root "--with-user=pcap" "") } src_test() { @@ -77,18 +76,11 @@ src_install() { dodoc CHANGES CREDITS README.md if use suid; then - fowners root:tcpdump /usr/sbin/tcpdump + fowners root:pcap /usr/sbin/tcpdump fperms 4110 /usr/sbin/tcpdump fi } -pkg_preinst() { - if use drop-root || use suid; then - enewgroup tcpdump - enewuser tcpdump -1 -1 -1 tcpdump - fi -} - pkg_postinst() { - use suid && elog "To let normal users run tcpdump add them into tcpdump group." + use suid && elog "To let normal users run tcpdump, add them to the pcap group." } diff --git a/net-analyzer/tcpdump/tcpdump-4.9.3.ebuild b/net-analyzer/tcpdump/tcpdump-4.9.3.ebuild deleted file mode 100644 index 3731233ad947..000000000000 --- a/net-analyzer/tcpdump/tcpdump-4.9.3.ebuild +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -inherit flag-o-matic toolchain-funcs user - -DESCRIPTION="A Tool for network monitoring and data acquisition" -HOMEPAGE=" - https://www.tcpdump.org/ - https://github.com/the-tcpdump-group/tcpdump -" -SRC_URI=" - https://www.tcpdump.org/release/${P}.tar.gz -" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux" -IUSE="+drop-root libressl smi ssl samba suid test" -RESTRICT="!test? ( test )" - -RDEPEND=" - drop-root? ( sys-libs/libcap-ng ) - net-libs/libpcap - smi? ( net-libs/libsmi ) - ssl? ( - !libressl? ( >=dev-libs/openssl-0.9.6m:0= ) - libressl? ( dev-libs/libressl:= ) - ) -" -DEPEND=" - ${RDEPEND} - drop-root? ( virtual/pkgconfig ) - test? ( - >=net-libs/libpcap-1.9.1 - dev-lang/perl - app-arch/sharutils - ) -" - -pkg_setup() { - if use drop-root || use suid; then - enewgroup tcpdump - enewuser tcpdump -1 -1 -1 tcpdump - fi -} - -src_configure() { - if use drop-root; then - append-cppflags -DHAVE_CAP_NG_H - export LIBS=$( $(tc-getPKG_CONFIG) --libs libcap-ng ) - fi - - econf \ - $(use_enable samba smb) \ - $(use_with drop-root chroot '') \ - $(use_with smi) \ - $(use_with ssl crypto "${ESYSROOT}/usr") \ - $(usex drop-root "--with-user=tcpdump" "") -} - -src_test() { - if [[ ${EUID} -ne 0 ]] || ! use drop-root; then - emake check - else - ewarn "If you want to run the test suite, make sure you either" - ewarn "set FEATURES=userpriv or set USE=-drop-root" - fi -} - -src_install() { - dosbin tcpdump - doman tcpdump.1 - dodoc *.awk - dodoc CHANGES CREDITS README.md - - if use suid; then - fowners root:tcpdump /usr/sbin/tcpdump - fperms 4110 /usr/sbin/tcpdump - fi -} - -pkg_preinst() { - if use drop-root || use suid; then - enewgroup tcpdump - enewuser tcpdump -1 -1 -1 tcpdump - fi -} - -pkg_postinst() { - use suid && elog "To let normal users run tcpdump add them into tcpdump group." -} diff --git a/net-analyzer/tcpdump/tcpdump-9999.ebuild b/net-analyzer/tcpdump/tcpdump-9999.ebuild index 8352b63b1ccf..6f074f38fb23 100644 --- a/net-analyzer/tcpdump/tcpdump-9999.ebuild +++ b/net-analyzer/tcpdump/tcpdump-9999.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=7 -inherit autotools git-r3 user +inherit autotools git-r3 DESCRIPTION="A Tool for network monitoring and data acquisition" HOMEPAGE=" @@ -20,12 +20,20 @@ REQUIRED_USE="test? ( samba )" RDEPEND=" net-libs/libpcap - drop-root? ( sys-libs/libcap-ng ) + drop-root? ( + acct-group/pcap + acct-user/pcap + sys-libs/libcap-ng + ) smi? ( net-libs/libsmi ) ssl? ( !libressl? ( >=dev-libs/openssl-0.9.6m:0= ) libressl? ( dev-libs/libressl:= ) ) + suid? ( + acct-group/pcap + acct-user/pcap + ) " BDEPEND=" drop-root? ( virtual/pkgconfig ) @@ -41,13 +49,6 @@ PATCHES=( "${FILESDIR}"/${PN}-9999-libdir.patch ) -pkg_setup() { - if use drop-root || use suid; then - enewgroup tcpdump - enewuser tcpdump -1 -1 -1 tcpdump - fi -} - src_prepare() { default @@ -61,7 +62,7 @@ src_configure() { $(use_with drop-root chroot '') \ $(use_with smi) \ $(use_with ssl crypto "${ESYSROOT}/usr") \ - $(usex drop-root "--with-user=tcpdump" "") + $(usex drop-root "--with-user=pcap" "") } src_test() { @@ -80,18 +81,11 @@ src_install() { dodoc CHANGES CREDITS README.md if use suid; then - fowners root:tcpdump /usr/sbin/tcpdump + fowners root:pcap /usr/sbin/tcpdump fperms 4110 /usr/sbin/tcpdump fi } -pkg_preinst() { - if use drop-root || use suid; then - enewgroup tcpdump - enewuser tcpdump -1 -1 -1 tcpdump - fi -} - pkg_postinst() { - use suid && elog "To let normal users run tcpdump add them into tcpdump group." + use suid && elog "To let normal users run tcpdump add them to the pcap group." } |