rpms/tcpdump/F-7 tcpdump-3.9.7-droproot.patch, NONE, 1.1 tcpslice-1.2a3-time.patch, NONE, 1.1 .cvsignore, 1.13, 1.14 sources, 1.13, 1.14 tcpdump.spec, 1.59, 1.60 tcpdump-3.6.2-tcpslice-time.patch, 1.1, NONE tcpdump-3.9.4-ring-buffers.patch, 1.1, NONE tcpdump-3.9.5-80211.patch, 1.1, NONE tcpdump-3.9.5-man.patch, 1.1, NONE tcpdump-3.9.5-nolocalpcap.patch, 1.1, NONE

Miroslav Lichvar (mlichvar) fedora-extras-commits at redhat.com
Tue Jul 31 14:48:36 UTC 2007


Author: mlichvar

Update of /cvs/pkgs/rpms/tcpdump/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22364

Modified Files:
	.cvsignore sources tcpdump.spec 
Added Files:
	tcpdump-3.9.7-droproot.patch tcpslice-1.2a3-time.patch 
Removed Files:
	tcpdump-3.6.2-tcpslice-time.patch 
	tcpdump-3.9.4-ring-buffers.patch tcpdump-3.9.5-80211.patch 
	tcpdump-3.9.5-man.patch tcpdump-3.9.5-nolocalpcap.patch 
Log Message:
- update to 3.9.7
- with -C option, drop root privileges before opening first savefile (#244860)
- update tcpslice to 1.2a3
- include time patch from Debian to fix tcpslice on 64-bit architectures


tcpdump-3.9.7-droproot.patch:

--- NEW FILE tcpdump-3.9.7-droproot.patch ---
--- tcpdump-3.9.7/tcpdump.c.droproot	2006-09-19 21:07:57.000000000 +0200
+++ tcpdump-3.9.7/tcpdump.c	2007-07-24 16:15:54.000000000 +0200
@@ -958,6 +958,11 @@ main(int argc, char **argv)
 		(void)setsignal(SIGHUP, oldhandler);
 #endif /* WIN32 */
 
+	if (Cflag != 0 && (getuid() == 0 || geteuid() == 0)) {
+		if (username || chroot_dir)
+			droproot(username, chroot_dir);
+	}
+
 	if (pcap_setfilter(pd, &fcode) < 0)
 		error("%s", pcap_geterr(pd));
 	if (WFileName) {
@@ -999,7 +1004,7 @@ main(int argc, char **argv)
 	 * We cannot do this earlier, because we want to be able to open
 	 * the file (if done) for writing before giving up permissions.
 	 */
-	if (getuid() == 0 || geteuid() == 0) {
+	if (Cflag == 0 && (getuid() == 0 || geteuid() == 0)) {
 		if (username || chroot_dir)
 			droproot(username, chroot_dir);
 	}
--- tcpdump-3.9.7/tcpdump.1.droproot	2007-07-24 16:15:54.000000000 +0200
+++ tcpdump-3.9.7/tcpdump.1	2007-07-24 16:15:54.000000000 +0200
@@ -264,6 +264,9 @@ have the name specified with the
 flag, with a number after it, starting at 1 and continuing upward.
 The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
 not 1,048,576 bytes).
+
+Note that when used with \fB\-Z\fR option (enabled by default), privileges
+are dropped before opening first savefile.
 .TP
 .B \-d
 Dump the compiled packet-matching code in a human readable form to
@@ -592,7 +595,9 @@ Drops privileges (if root) and changes u
 and the group ID to the primary group of
 .IR user .
 .IP
-This behavior can also be enabled by default at compile time.
+This behavior is enabled by default (\fB\-Z pcap\fR), and can
+be disabled by \fB\-Z root\fR.
+
 .IP "\fI expression\fP"
 .RS
 selects which packets will be dumped.

tcpslice-1.2a3-time.patch:

--- NEW FILE tcpslice-1.2a3-time.patch ---
--- tcpslice-1.2a3.orig/search.c	2000-09-10 10:52:40.000000000 +0200
+++ tcpslice-1.2a3/search.c	2006-07-28 14:56:55.000000000 +0200
@@ -53,7 +53,7 @@
 /* Size of a packet header in bytes; easier than typing the sizeof() all
  * the time ...
  */
-#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr ))
+#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr ))
 
 extern int snaplen;
 
@@ -111,16 +111,24 @@
 static void
 extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr )
 	{
-	memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr));
+	struct pcap_sf_pkthdr hdri;
+
+	memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr));
 
 	if ( pcap_is_swapped( p ) )
 		{
-		hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec);
-		hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec);
-		hdr->len = SWAPLONG(hdr->len);
-		hdr->caplen = SWAPLONG(hdr->caplen);
+		hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec);
+		hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec);
+		hdr->len = SWAPLONG(hdri.len);
+		hdr->caplen = SWAPLONG(hdri.caplen);
+		}
+	else
+		{
+		hdr->ts.tv_sec = hdri.ts.tv_sec;
+		hdr->ts.tv_usec = hdri.ts.tv_usec;
+		hdr->len = hdri.len;
+		hdr->caplen = hdri.caplen;
 		}
-
 	/*
 	 * From bpf/libpcap/savefile.c:
 	 *
--- tcpslice-1.2a3.orig/tcpslice.h	1995-11-02 00:40:53.000000000 +0100
+++ tcpslice-1.2a3/tcpslice.h	2006-07-28 14:56:55.000000000 +0200
@@ -20,6 +20,26 @@
  */
 
 
+#include <time.h>
+/* #include <net/bpf.h> */
+
+/*
+ * This is a timeval as stored in disk in a dumpfile.
+ * It has to use the same types everywhere, independent of the actual
+ * `struct timeval'
+ */
+                                                                                
+struct pcap_timeval {
+    bpf_int32 tv_sec;           /* seconds */
+    bpf_int32 tv_usec;          /* microseconds */
+};
+
+struct pcap_sf_pkthdr {
+    struct pcap_timeval ts;     /* time stamp */
+    bpf_u_int32 caplen;         /* length of portion present */
+    bpf_u_int32 len;            /* length this packet (off wire) */
+};
+
 time_t	gwtm2secs( struct tm *tm );
 
 int	sf_find_end( struct pcap *p, struct timeval *first_timestamp,


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/tcpdump/F-7/.cvsignore,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- .cvsignore	29 Nov 2006 12:36:46 -0000	1.13
+++ .cvsignore	31 Jul 2007 14:48:03 -0000	1.14
@@ -1,2 +1,2 @@
-tcpslice-CVS.20010207.tar.gz
-tcpdump-3.9.5.tar.gz
+tcpslice-1.2a3.tar.gz
+tcpdump-3.9.7.tar.gz


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/tcpdump/F-7/sources,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- sources	29 Nov 2006 12:36:46 -0000	1.13
+++ sources	31 Jul 2007 14:48:03 -0000	1.14
@@ -1,2 +1,2 @@
-97cc59ddb3202f74d22261e49aa07115  tcpslice-CVS.20010207.tar.gz
-2135e7b1f09af0eaf66d2af822bed44a  tcpdump-3.9.5.tar.gz
+e329cbeb7e589f132d92c3447c477190  tcpslice-1.2a3.tar.gz
+2aacf4dc9a3bc500a8b4f3887a32cdd5  tcpdump-3.9.7.tar.gz


Index: tcpdump.spec
===================================================================
RCS file: /cvs/pkgs/rpms/tcpdump/F-7/tcpdump.spec,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- tcpdump.spec	15 Mar 2007 12:20:46 -0000	1.59
+++ tcpdump.spec	31 Jul 2007 14:48:03 -0000	1.60
@@ -1,8 +1,8 @@
 Summary: A network traffic monitoring tool
 Name: tcpdump
 Epoch: 14
-Version: 3.9.5
-Release: 3%{?dist}
+Version: 3.9.7
+Release: 1%{?dist}
 License: BSD
 URL: http://www.tcpdump.org
 Group: Applications/Internet
@@ -11,16 +11,13 @@
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Source0: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz
-Source1: tcpslice-CVS.20010207.tar.gz
-Patch1: tcpdump-3.9.5-man.patch
+Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz
+Patch1: tcpdump-3.9.7-droproot.patch
 Patch2: tcpdump-3.6.1-portnumbers.patch
-Patch3: tcpdump-3.9.4-ring-buffers.patch
-Patch4: tcpdump-3.9.5-nolocalpcap.patch
-Patch5: tcpdump-3.6.2-tcpslice-time.patch
+Patch5: tcpslice-1.2a3-time.patch
 Patch6: tcpslice-CVS.20010207-bpf.patch
-Patch7: tcpdump-3.9.5-80211.patch
 
-%define tcpslice_dir tcpslice
+%define tcpslice_dir tcpslice-1.2a3
 
 %description
 Tcpdump is a command-line tool for monitoring network traffic.
@@ -33,17 +30,19 @@
 %prep
 %setup -q -a 1
 
-%patch1 -p1 -b .man
+%patch1 -p1 -b .droproot
 %patch2 -p1 -b .portnumbers
-%patch3 -p1 -b .ring
-%patch4 -p1 -b .nolocalpcap
-%patch5 -p1 -b .tcpslicetime
-%patch6 -p0 -b .bpf
-%patch7 -p1 -b .80211
+
+pushd %{tcpslice_dir}
+%patch5 -p1 -b .time
+%patch6 -p1 -b .bpf
+popd
 
 find . -name '*.c' -o -name '*.h' | xargs chmod 644
 
 %build
+export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS)"
+
 pushd %tcpslice_dir
 %configure
 make %{?_smp_mflags}
@@ -66,6 +65,10 @@
 install -m755 tcpdump ${RPM_BUILD_ROOT}%{_sbindir}
 install -m644 tcpdump.1 ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdump.8
 
+# fix section numbers
+sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' \
+	${RPM_BUILD_ROOT}%{_mandir}/man8/*
+
 %clean
 rm -rf ${RPM_BUILD_ROOT}
 
@@ -84,6 +87,12 @@
 %{_mandir}/man8/tcpdump.8*
 
 %changelog
+* Tue Jul 31 2007 Miroslav Lichvar <mlichvar at redhat.com> - 14:3.9.7-1
+- update to 3.9.7
+- with -C option, drop root privileges before opening first savefile (#244860)
+- update tcpslice to 1.2a3
+- include time patch from Debian to fix tcpslice on 64-bit architectures
+
 * Thu Mar 15 2007 Miroslav Lichvar <mlichvar at redhat.com> - 14:3.9.5-3
 - fix buffer overflow in 802.11 printer (#232349, CVE-2007-1218)
 - spec cleanup (#226481)


--- tcpdump-3.6.2-tcpslice-time.patch DELETED ---


--- tcpdump-3.9.4-ring-buffers.patch DELETED ---


--- tcpdump-3.9.5-80211.patch DELETED ---


--- tcpdump-3.9.5-man.patch DELETED ---


--- tcpdump-3.9.5-nolocalpcap.patch DELETED ---




More information about the fedora-extras-commits mailing list