rpms/tcpdump/F-7 tcpdump-3.9.7-droproot.patch, NONE, 1.1 tcpslice-1.2a3-time.patch, NONE, 1.1 .cvsignore, 1.13, 1.14 sources, 1.13, 1.14 tcpdump.spec, 1.59, 1.60 tcpdump-3.6.2-tcpslice-time.patch, 1.1, NONE tcpdump-3.9.4-ring-buffers.patch, 1.1, NONE tcpdump-3.9.5-80211.patch, 1.1, NONE tcpdump-3.9.5-man.patch, 1.1, NONE tcpdump-3.9.5-nolocalpcap.patch, 1.1, NONE
Miroslav Lichvar (mlichvar)
fedora-extras-commits at redhat.com
Tue Jul 31 14:48:36 UTC 2007
Author: mlichvar
Update of /cvs/pkgs/rpms/tcpdump/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22364
Modified Files:
.cvsignore sources tcpdump.spec
Added Files:
tcpdump-3.9.7-droproot.patch tcpslice-1.2a3-time.patch
Removed Files:
tcpdump-3.6.2-tcpslice-time.patch
tcpdump-3.9.4-ring-buffers.patch tcpdump-3.9.5-80211.patch
tcpdump-3.9.5-man.patch tcpdump-3.9.5-nolocalpcap.patch
Log Message:
- update to 3.9.7
- with -C option, drop root privileges before opening first savefile (#244860)
- update tcpslice to 1.2a3
- include time patch from Debian to fix tcpslice on 64-bit architectures
tcpdump-3.9.7-droproot.patch:
--- NEW FILE tcpdump-3.9.7-droproot.patch ---
--- tcpdump-3.9.7/tcpdump.c.droproot 2006-09-19 21:07:57.000000000 +0200
+++ tcpdump-3.9.7/tcpdump.c 2007-07-24 16:15:54.000000000 +0200
@@ -958,6 +958,11 @@ main(int argc, char **argv)
(void)setsignal(SIGHUP, oldhandler);
#endif /* WIN32 */
+ if (Cflag != 0 && (getuid() == 0 || geteuid() == 0)) {
+ if (username || chroot_dir)
+ droproot(username, chroot_dir);
+ }
+
if (pcap_setfilter(pd, &fcode) < 0)
error("%s", pcap_geterr(pd));
if (WFileName) {
@@ -999,7 +1004,7 @@ main(int argc, char **argv)
* We cannot do this earlier, because we want to be able to open
* the file (if done) for writing before giving up permissions.
*/
- if (getuid() == 0 || geteuid() == 0) {
+ if (Cflag == 0 && (getuid() == 0 || geteuid() == 0)) {
if (username || chroot_dir)
droproot(username, chroot_dir);
}
--- tcpdump-3.9.7/tcpdump.1.droproot 2007-07-24 16:15:54.000000000 +0200
+++ tcpdump-3.9.7/tcpdump.1 2007-07-24 16:15:54.000000000 +0200
@@ -264,6 +264,9 @@ have the name specified with the
flag, with a number after it, starting at 1 and continuing upward.
The units of \fIfile_size\fP are millions of bytes (1,000,000 bytes,
not 1,048,576 bytes).
+
+Note that when used with \fB\-Z\fR option (enabled by default), privileges
+are dropped before opening first savefile.
.TP
.B \-d
Dump the compiled packet-matching code in a human readable form to
@@ -592,7 +595,9 @@ Drops privileges (if root) and changes u
and the group ID to the primary group of
.IR user .
.IP
-This behavior can also be enabled by default at compile time.
+This behavior is enabled by default (\fB\-Z pcap\fR), and can
+be disabled by \fB\-Z root\fR.
+
.IP "\fI expression\fP"
.RS
selects which packets will be dumped.
tcpslice-1.2a3-time.patch:
--- NEW FILE tcpslice-1.2a3-time.patch ---
--- tcpslice-1.2a3.orig/search.c 2000-09-10 10:52:40.000000000 +0200
+++ tcpslice-1.2a3/search.c 2006-07-28 14:56:55.000000000 +0200
@@ -53,7 +53,7 @@
/* Size of a packet header in bytes; easier than typing the sizeof() all
* the time ...
*/
-#define PACKET_HDR_LEN (sizeof( struct pcap_pkthdr ))
+#define PACKET_HDR_LEN (sizeof( struct pcap_sf_pkthdr ))
extern int snaplen;
@@ -111,16 +111,24 @@
static void
extract_header( pcap_t *p, u_char *buf, struct pcap_pkthdr *hdr )
{
- memcpy((char *) hdr, (char *) buf, sizeof(struct pcap_pkthdr));
+ struct pcap_sf_pkthdr hdri;
+
+ memcpy((char *) &hdri, (char *) buf, sizeof(struct pcap_sf_pkthdr));
if ( pcap_is_swapped( p ) )
{
- hdr->ts.tv_sec = SWAPLONG(hdr->ts.tv_sec);
- hdr->ts.tv_usec = SWAPLONG(hdr->ts.tv_usec);
- hdr->len = SWAPLONG(hdr->len);
- hdr->caplen = SWAPLONG(hdr->caplen);
+ hdr->ts.tv_sec = SWAPLONG(hdri.ts.tv_sec);
+ hdr->ts.tv_usec = SWAPLONG(hdri.ts.tv_usec);
+ hdr->len = SWAPLONG(hdri.len);
+ hdr->caplen = SWAPLONG(hdri.caplen);
+ }
+ else
+ {
+ hdr->ts.tv_sec = hdri.ts.tv_sec;
+ hdr->ts.tv_usec = hdri.ts.tv_usec;
+ hdr->len = hdri.len;
+ hdr->caplen = hdri.caplen;
}
-
/*
* From bpf/libpcap/savefile.c:
*
--- tcpslice-1.2a3.orig/tcpslice.h 1995-11-02 00:40:53.000000000 +0100
+++ tcpslice-1.2a3/tcpslice.h 2006-07-28 14:56:55.000000000 +0200
@@ -20,6 +20,26 @@
*/
+#include <time.h>
+/* #include <net/bpf.h> */
+
+/*
+ * This is a timeval as stored in disk in a dumpfile.
+ * It has to use the same types everywhere, independent of the actual
+ * `struct timeval'
+ */
+
+struct pcap_timeval {
+ bpf_int32 tv_sec; /* seconds */
+ bpf_int32 tv_usec; /* microseconds */
+};
+
+struct pcap_sf_pkthdr {
+ struct pcap_timeval ts; /* time stamp */
+ bpf_u_int32 caplen; /* length of portion present */
+ bpf_u_int32 len; /* length this packet (off wire) */
+};
+
time_t gwtm2secs( struct tm *tm );
int sf_find_end( struct pcap *p, struct timeval *first_timestamp,
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/tcpdump/F-7/.cvsignore,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- .cvsignore 29 Nov 2006 12:36:46 -0000 1.13
+++ .cvsignore 31 Jul 2007 14:48:03 -0000 1.14
@@ -1,2 +1,2 @@
-tcpslice-CVS.20010207.tar.gz
-tcpdump-3.9.5.tar.gz
+tcpslice-1.2a3.tar.gz
+tcpdump-3.9.7.tar.gz
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/tcpdump/F-7/sources,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- sources 29 Nov 2006 12:36:46 -0000 1.13
+++ sources 31 Jul 2007 14:48:03 -0000 1.14
@@ -1,2 +1,2 @@
-97cc59ddb3202f74d22261e49aa07115 tcpslice-CVS.20010207.tar.gz
-2135e7b1f09af0eaf66d2af822bed44a tcpdump-3.9.5.tar.gz
+e329cbeb7e589f132d92c3447c477190 tcpslice-1.2a3.tar.gz
+2aacf4dc9a3bc500a8b4f3887a32cdd5 tcpdump-3.9.7.tar.gz
Index: tcpdump.spec
===================================================================
RCS file: /cvs/pkgs/rpms/tcpdump/F-7/tcpdump.spec,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- tcpdump.spec 15 Mar 2007 12:20:46 -0000 1.59
+++ tcpdump.spec 31 Jul 2007 14:48:03 -0000 1.60
@@ -1,8 +1,8 @@
Summary: A network traffic monitoring tool
Name: tcpdump
Epoch: 14
-Version: 3.9.5
-Release: 3%{?dist}
+Version: 3.9.7
+Release: 1%{?dist}
License: BSD
URL: http://www.tcpdump.org
Group: Applications/Internet
@@ -11,16 +11,13 @@
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source0: http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz
-Source1: tcpslice-CVS.20010207.tar.gz
-Patch1: tcpdump-3.9.5-man.patch
+Source1: ftp://ftp.ee.lbl.gov/tcpslice-1.2a3.tar.gz
+Patch1: tcpdump-3.9.7-droproot.patch
Patch2: tcpdump-3.6.1-portnumbers.patch
-Patch3: tcpdump-3.9.4-ring-buffers.patch
-Patch4: tcpdump-3.9.5-nolocalpcap.patch
-Patch5: tcpdump-3.6.2-tcpslice-time.patch
+Patch5: tcpslice-1.2a3-time.patch
Patch6: tcpslice-CVS.20010207-bpf.patch
-Patch7: tcpdump-3.9.5-80211.patch
-%define tcpslice_dir tcpslice
+%define tcpslice_dir tcpslice-1.2a3
%description
Tcpdump is a command-line tool for monitoring network traffic.
@@ -33,17 +30,19 @@
%prep
%setup -q -a 1
-%patch1 -p1 -b .man
+%patch1 -p1 -b .droproot
%patch2 -p1 -b .portnumbers
-%patch3 -p1 -b .ring
-%patch4 -p1 -b .nolocalpcap
-%patch5 -p1 -b .tcpslicetime
-%patch6 -p0 -b .bpf
-%patch7 -p1 -b .80211
+
+pushd %{tcpslice_dir}
+%patch5 -p1 -b .time
+%patch6 -p1 -b .bpf
+popd
find . -name '*.c' -o -name '*.h' | xargs chmod 644
%build
+export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS)"
+
pushd %tcpslice_dir
%configure
make %{?_smp_mflags}
@@ -66,6 +65,10 @@
install -m755 tcpdump ${RPM_BUILD_ROOT}%{_sbindir}
install -m644 tcpdump.1 ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdump.8
+# fix section numbers
+sed -i 's/\(\.TH[a-zA-Z ]*\)[1-9]\(.*\)/\18\2/' \
+ ${RPM_BUILD_ROOT}%{_mandir}/man8/*
+
%clean
rm -rf ${RPM_BUILD_ROOT}
@@ -84,6 +87,12 @@
%{_mandir}/man8/tcpdump.8*
%changelog
+* Tue Jul 31 2007 Miroslav Lichvar <mlichvar at redhat.com> - 14:3.9.7-1
+- update to 3.9.7
+- with -C option, drop root privileges before opening first savefile (#244860)
+- update tcpslice to 1.2a3
+- include time patch from Debian to fix tcpslice on 64-bit architectures
+
* Thu Mar 15 2007 Miroslav Lichvar <mlichvar at redhat.com> - 14:3.9.5-3
- fix buffer overflow in 802.11 printer (#232349, CVE-2007-1218)
- spec cleanup (#226481)
--- tcpdump-3.6.2-tcpslice-time.patch DELETED ---
--- tcpdump-3.9.4-ring-buffers.patch DELETED ---
--- tcpdump-3.9.5-80211.patch DELETED ---
--- tcpdump-3.9.5-man.patch DELETED ---
--- tcpdump-3.9.5-nolocalpcap.patch DELETED ---
More information about the fedora-extras-commits
mailing list