Ed Maste
0bff6a5af8
Update tcpdump to 4.9.2
...
It contains many fixes, including bounds checking, buffer overflows (in
SLIP and bittok2str_internal), buffer over-reads, and infinite loops.
One other notable change:
Do not use getprotobynumber() for protocol name resolution.
Do not do any protocol name resolution if -n is specified.
Submitted by: gordon
Reviewed by: delphij, emaste, glebius
MFC after: 1 week
Relnotes: Yes
Security: CVE-2017-11108, CVE-2017-11541, CVE-2017-11542
Security: CVE-2017-11543, CVE-2017-12893, CVE-2017-12894
Security: CVE-2017-12895, CVE-2017-12896, CVE-2017-12897
Security: CVE-2017-12898, CVE-2017-12899, CVE-2017-12900
Security: CVE-2017-12901, CVE-2017-12902, CVE-2017-12985
Security: CVE-2017-12986, CVE-2017-12987, CVE-2017-12988
Security: CVE-2017-12989, CVE-2017-12990, CVE-2017-12991
Security: CVE-2017-12992, CVE-2017-12993, CVE-2017-12994
Security: CVE-2017-12995, CVE-2017-12996, CVE-2017-12997
Security: CVE-2017-12998, CVE-2017-12999, CVE-2017-13000
Security: CVE-2017-13001, CVE-2017-13002, CVE-2017-13003
Security: CVE-2017-13004, CVE-2017-13005, CVE-2017-13006
Security: CVE-2017-13007, CVE-2017-13008, CVE-2017-13009
Security: CVE-2017-13010, CVE-2017-13011, CVE-2017-13012
Security: CVE-2017-13013, CVE-2017-13014, CVE-2017-13015
Security: CVE-2017-13016, CVE-2017-13017, CVE-2017-13018
Security: CVE-2017-13019, CVE-2017-13020, CVE-2017-13021
Security: CVE-2017-13022, CVE-2017-13023, CVE-2017-13024
Security: CVE-2017-13025, CVE-2017-13026, CVE-2017-13027
Security: CVE-2017-13028, CVE-2017-13029, CVE-2017-13030
Security: CVE-2017-13031, CVE-2017-13032, CVE-2017-13033
Security: CVE-2017-13034, CVE-2017-13035, CVE-2017-13036
Security: CVE-2017-13037, CVE-2017-13038, CVE-2017-13039
Security: CVE-2017-13040, CVE-2017-13041, CVE-2017-13042
Security: CVE-2017-13043, CVE-2017-13044, CVE-2017-13045
Security: CVE-2017-13046, CVE-2017-13047, CVE-2017-13048
Security: CVE-2017-13049, CVE-2017-13050, CVE-2017-13051
Security: CVE-2017-13052, CVE-2017-13053, CVE-2017-13054
Security: CVE-2017-13055, CVE-2017-13687, CVE-2017-13688
Security: CVE-2017-13689, CVE-2017-13690, CVE-2017-13725
Differential Revision: https://reviews.freebsd.org/D12404
2017-12-06 02:21:11 +00:00
Mariusz Zaborski
b01988a5f5
Partially revert r323866.
...
Using HAVE_* is a internal tcpdump style standard.
We want to be consistent with the standard to upstream those changes in
the future.
Requested by: glebius@
2017-10-04 21:05:44 +00:00
Mariusz Zaborski
2560d18180
We use a few different ifdef's names to check if we are using Casper or not,
...
let's standardize this. Now we are always use WITH_CASPER name.
Discussed with: emaste@
MFC after: 1 month
2017-09-21 14:41:41 +00:00
Gleb Smirnoff
3340d77368
Update tcpdump to 4.9.0.
...
It fixes many buffer overflow in different protocol parsers, but none of
them are critical, even in absense of Capsicum.
Security: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925
Security: CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929
Security: CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933
Security: CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937
Security: CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973
Security: CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984
Security: CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993
Security: CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203
Security: CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342
Security: CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485
Security: CVE-2017-5486
2017-02-01 20:26:42 +00:00
Mariusz Zaborski
e29a5e1bb9
Fix spelling of the casper introduced in the r296047.
...
PR: 210031
Reported by: AllanJude, jmallett
2016-06-08 22:30:21 +00:00
Mariusz Zaborski
c501d73c7e
Convert casperd(8) daemon to the libcasper.
...
After calling the cap_init(3) function Casper will fork from it's original
process, using pdfork(2). Forking from a process has a lot of advantages:
1. We have the same cwd as the original process.
2. The same uid, gid and groups.
3. The same MAC labels.
4. The same descriptor table.
5. The same routing table.
6. The same umask.
7. The same cpuset(1).
From now services are also in form of libraries.
We also removed libcapsicum at all and converts existing program using Casper
to new architecture.
Discussed with: pjd, jonathan, ed, drysdale@google.com , emaste
Partially reviewed by: drysdale@google.com , bdrewery
Approved by: pjd (mentor)
Differential Revision: https://reviews.freebsd.org/D4277
2016-02-25 18:23:40 +00:00
Patrick Kelsey
8bdc5a6251
MFV r285191: tcpdump 4.7.4.
...
Also, the changes made in r272451 and r272653 that were lost in the
merge of 4.6.2 (r276788) have been restored.
PR: 199568
Differential Revision: https://reviews.freebsd.org/D3007
Reviewed by: brooks, hiren
Approved by: jmallett (mentor)
MFC after: 1 month
2015-07-08 16:19:32 +00:00
Xin LI
3c602fabf9
MFV r276761: tcpdump 4.6.2.
...
MFC after: 1 month
2015-01-07 19:55:18 +00:00
Glen Barber
8c82632e0b
Fix build with WITHOUT_CAPSICUM.
...
Submitted by: dt71 gmx com
Sponsored by: The FreeBSD Foundation
2013-12-21 12:45:35 +00:00
Pawel Jakub Dawidek
197731f68f
Make use of casperd's system.dns service when running without the -n option.
...
Now tcpdump(8) is sandboxed even if DNS resolution is required.
Sponsored by: The FreeBSD Foundation
2013-12-15 23:02:36 +00:00
Xin LI
d03c0883ad
MFV: tcpdump 4.4.0.
...
MFC after: 4 weeks
2013-05-30 20:51:22 +00:00
Xin LI
cac3dcd5f9
Merge tcpdump 4.2.1.
...
MFC after: 2 weeks
2012-05-17 05:11:57 +00:00
Rui Paulo
27df3f5ddd
Merge tcpdump-4.1.1.
2010-10-28 19:06:17 +00:00
Rui Paulo
a5779b6e02
Merge tcpdump 4.0.0 from the vendor branch.
2009-03-21 18:30:25 +00:00
Rui Paulo
81ceab7147
Flatten vendor/tcpdump and remove keyword expansion.
2009-03-20 13:27:51 +00:00
Max Laier
abf2519367
Resolve merge conflicts
...
Approved by: re (kensmith)
Obtained from: tcpdump.org
2007-10-16 02:31:48 +00:00
Max Laier
b5bfcb5d8a
Import of tcpdump v3.9.8
2007-10-16 02:20:42 +00:00
Sam Leffler
17cb103cb1
resolve merge conflicts
...
MFC after: 1 month
2006-09-04 20:25:04 +00:00
Sam Leffler
2ebc47db5b
Import of tcpdump v3.9.4
2006-09-04 20:04:42 +00:00
Sam Leffler
29292c17af
resolve merge conflicts
...
Approved by: re (scottl)
2005-07-11 04:14:02 +00:00
Sam Leffler
f4d0c64a1d
Virgin import of tcpdump v3.9.1 (release) from tcpdump.org
...
Approved by: re (scottl)
2005-07-11 03:54:22 +00:00
Sam Leffler
c1ad1296ec
resolve merge conflicts and update for proper build; including:
...
o print-fr.c returned to code on vendor branch
o remove pmap_prot.h include from print-sunrprc.c
o remove gcc/i386-specific ntoh* write-arounds from tcpdump-stdinc.h
Reviewed by: bms
2005-05-29 19:09:28 +00:00
Sam Leffler
1de50e9f41
Virgin import of tcpdump v3.9.1 (alpha 096) from tcpdump.org
2005-05-29 18:17:16 +00:00
Bruce M Simpson
cc391cce11
Merge of tcpdump 3.8.3 from tcpdump.org, with the following caveats:
...
print-atm.c no longer performs special handling for FORE headers; these
can no doubt be re-added at a later date.
print-fr.c is effectively a no-op.
print-llc.c has had the default_print_unaligned() call removed as
tcpdump no longer defines this function, however the prototype is still
present. Suggest we roll in a diff to use print_unknown_data().
2004-03-31 14:57:24 +00:00
Bruce M Simpson
5b0fe47811
Import tcpdump 3.8.3, from http://www.tcpdump.org/releases/tcpdump-3.8.3.tar.gz
2004-03-31 09:17:26 +00:00
Bill Fenner
0e0def197a
Merge tcpdump 3.7.2
2003-03-02 08:25:48 +00:00
Bill Fenner
9afd0c2902
Import tcpdump 3.7.2 (fudging for multi-DLT support) from
...
http://www.tcpdump.org/release/tcpdump-3.7.2.tar.gz
2003-03-02 08:22:26 +00:00
Bill Fenner
a1c2090e60
Merge tcpdump 3.7.1
...
MFC after: 2 weeks
2002-06-21 00:49:02 +00:00
Bill Fenner
a90e161be3
Import tcpdump 3.7.1, from
...
http://www.tcpdump.org/release/tcpdump-3.7.1.tar.gz
2002-06-21 00:43:23 +00:00
Bill Fenner
943ee2b15a
Merge tcpdump 3.6.2
2001-04-03 07:50:46 +00:00
Bill Fenner
685295f4d7
Virgin import of tcpdump.org tcpdump v3.6.2
2001-04-03 07:45:48 +00:00
Kris Kennaway
7524a0790d
* Buffer-safe string function cleanup. There are a couple of strcpy()
...
and strcat()s which would be more difficult to fix, but I think they're
safe anyway.
* Don't crash at runtime by overflowing a buffer with constant data in
print-icmp.c on a long hostname.
* Don't overflow a static buffer by trying to decode an AFS ACL into a buffer
which is way too small for it.
Reviewed by: -audit
2000-10-05 02:49:49 +00:00
Bill Fenner
bb1ba4173a
Include ip6.h from <netinet/>, not <netinet6/>.
...
Submitted by: Yoshinobu Inoue <shin@nd.net.fujitsu.co.jp>
Approved by: jkh
2000-03-08 02:24:10 +00:00
Bill Fenner
a88113a830
Merge tcpdump 3.5
2000-01-30 01:05:24 +00:00
Bill Fenner
b045338223
Virgin import of tcpdump.org tcpdump v3.5
2000-01-30 00:45:58 +00:00
Bill Fenner
699fc31439
Merge tcpdump 3.4
...
PR: bin/7877
1998-09-15 19:46:59 +00:00
Bill Fenner
4644f044b2
Virgin import of LBL tcpdump v3.4
1998-09-15 19:36:32 +00:00
Bill Fenner
2ebf6c0513
Merge tcpdump 3.3.
...
The print_nfs.c changes are pretty extensive; this is partially because
LBL did a lot of cleanup and partially because I removed lots of
pointless changes away from the LBL style.
PR: 3371
mostly-Submitted by: Chris Timmons <skynyrd@opus.cts.cwu.edu>
1997-05-27 02:17:42 +00:00
Bill Fenner
4de76e3137
Virgin import of LBL tcpdump v3.3
1997-05-27 02:11:31 +00:00
Garrett Wollman
ee3e763371
Update to reflect changes in net/if.h.
1997-01-03 20:10:04 +00:00
Paul Traina
01bd0dbc7e
Handle IS-IS IIH messages and print NSAPs in canonical format.
...
Submitted by: Tony Li <tli@jnx.com>
1996-08-19 21:33:43 +00:00
Paul Traina
4edb46e9a8
Virgin import of unmodified tcpdump v3.2.1 distribution from LBL.
...
Obtained from: ftp://ftp.ee.lbl.gov/tcpdump.tar.Z on 19-Aug-1996.
1996-08-19 20:34:12 +00:00