From 6f0ed176f23059e89f8bc4c1a466928b88a61a03 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Sun, 1 Sep 2024 07:04:29 +0800 Subject: tcpdump: upgrade 4.99.4 -> 4.99.5 ChangeLog: https://git.tcpdump.org/tcpdump/blob/HEAD:/CHANGES Signed-off-by: Yi Zhao Signed-off-by: Khem Raj --- .../tcpdump/tcpdump/CVE-2024-2397.patch | 129 --------------------- .../recipes-support/tcpdump/tcpdump/run-ptest | 0 .../recipes-support/tcpdump/tcpdump_4.99.4.bb | 53 --------- .../recipes-support/tcpdump/tcpdump_4.99.5.bb | 52 +++++++++ 4 files changed, 52 insertions(+), 182 deletions(-) delete mode 100644 meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch mode change 100755 => 100644 meta-networking/recipes-support/tcpdump/tcpdump/run-ptest delete mode 100644 meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb create mode 100644 meta-networking/recipes-support/tcpdump/tcpdump_4.99.5.bb diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch deleted file mode 100644 index 69348030bb..0000000000 --- a/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch +++ /dev/null @@ -1,129 +0,0 @@ -From b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Tue, 12 Mar 2024 00:37:23 -0700 -Subject: [PATCH] ppp: use the buffer stack for the de-escaping buffer. - -This both saves the buffer for freeing later and saves the packet -pointer and snapend to be restored when packet processing is complete, -even if an exception is thrown with longjmp. - -This means that the hex/ASCII printing in pretty_print_packet() -processes the packet data as captured or read from the savefile, rather -than as modified by the PPP printer, so that the bounds checking is -correct. - -That fixes CVE-2024-2397, which was caused by an exception being thrown -by the hex/ASCII printer (which should only happen if those routines are -called by a packet printer, not if they're called for the -X/-x/-A -flag), which jumps back to the setjmp() that surrounds the packet -printer. Hilarity^Winfinite looping ensues. - -Also, restore ndo->ndo_packetp before calling the hex/ASCII printing -routine, in case nd_pop_all_packet_info() didn't restore it. - -Upstream-Status: Backport [https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2] -CVE: CVE-2024-2397 -Signed-off-by: Hitendra Prajapati ---- - print-ppp.c | 31 +++++++++++++++++-------------- - print.c | 8 ++++++-- - 2 files changed, 23 insertions(+), 16 deletions(-) - -diff --git a/print-ppp.c b/print-ppp.c -index aba243d..e5ae064 100644 ---- a/print-ppp.c -+++ b/print-ppp.c -@@ -42,6 +42,8 @@ - #include - #endif - -+#include -+ - #include "netdissect.h" - #include "extract.h" - #include "addrtoname.h" -@@ -1363,7 +1365,6 @@ ppp_hdlc(netdissect_options *ndo, - u_char *b, *t, c; - const u_char *s; - u_int i, proto; -- const void *sb, *se; - - if (caplen == 0) - return; -@@ -1371,9 +1372,11 @@ ppp_hdlc(netdissect_options *ndo, - if (length == 0) - return; - -- b = (u_char *)nd_malloc(ndo, caplen); -- if (b == NULL) -- return; -+ b = (u_char *)malloc(caplen); -+ if (b == NULL) { -+ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, -+ "%s: malloc", __func__); -+ } - - /* - * Unescape all the data into a temporary, private, buffer. -@@ -1394,13 +1397,15 @@ ppp_hdlc(netdissect_options *ndo, - } - - /* -- * Change the end pointer, so bounds checks work. -- * Change the pointer to packet data to help debugging. -+ * Switch to the output buffer for dissection, and save it -+ * on the buffer stack so it can be freed; our caller must -+ * pop it when done. - */ -- sb = ndo->ndo_packetp; -- se = ndo->ndo_snapend; -- ndo->ndo_packetp = b; -- ndo->ndo_snapend = t; -+ if (!nd_push_buffer(ndo, b, b, (u_int)(t - b))) { -+ free(b); -+ (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC, -+ "%s: can't push buffer on buffer stack", __func__); -+ } - length = ND_BYTES_AVAILABLE_AFTER(b); - - /* now lets guess about the payload codepoint format */ -@@ -1442,13 +1447,11 @@ ppp_hdlc(netdissect_options *ndo, - } - - cleanup: -- ndo->ndo_packetp = sb; -- ndo->ndo_snapend = se; -+ nd_pop_packet_info(ndo); - return; - - trunc: -- ndo->ndo_packetp = sb; -- ndo->ndo_snapend = se; -+ nd_pop_packet_info(ndo); - nd_print_trunc(ndo); - } - -diff --git a/print.c b/print.c -index 9c0ab86..33706b9 100644 ---- a/print.c -+++ b/print.c -@@ -431,10 +431,14 @@ pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h, - nd_pop_all_packet_info(ndo); - - /* -- * Restore the original snapend, as a printer might have -- * changed it. -+ * Restore the originals snapend and packetp, as a printer -+ * might have changed them. -+ * -+ * XXX - nd_pop_all_packet_info() should have restored the -+ * original values, but, just in case.... - */ - ndo->ndo_snapend = sp + h->caplen; -+ ndo->ndo_packetp = sp; - if (ndo->ndo_Xflag) { - /* - * Print the raw packet data in hex and ASCII. --- -2.25.1 - diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/run-ptest b/meta-networking/recipes-support/tcpdump/tcpdump/run-ptest old mode 100755 new mode 100644 diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb deleted file mode 100644 index b05b832dd8..0000000000 --- a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb +++ /dev/null @@ -1,53 +0,0 @@ -SUMMARY = "A sophisticated network protocol analyzer" -HOMEPAGE = "http://www.tcpdump.org/" -SECTION = "net" -LICENSE = "BSD-3-Clause" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453" - -DEPENDS = "libpcap" - -RDEPENDS:${PN}-ptest += " make perl \ - perl-module-file-basename \ - perl-module-file-spec \ - perl-module-file-spec-unix \ - perl-module-file-path \ - perl-module-file-glob \ - perl-module-data-dumper \ - perl-module-bytes \ - perl-module-posix \ - perl-module-carp \ - perl-module-cwd \ - perl-module-constant \ -" - -SRC_URI = " \ - http://www.tcpdump.org/release/${BP}.tar.gz \ - file://add-ptest.patch \ - file://run-ptest \ - file://CVE-2024-2397.patch \ -" - -SRC_URI[sha256sum] = "0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea" - -UPSTREAM_CHECK_REGEX = "tcpdump-(?P\d+(\.\d+)+)\.tar" - -inherit autotools-brokensep pkgconfig ptest - -PACKAGECONFIG ?= "openssl" - -PACKAGECONFIG[libcap-ng] = "--with-cap-ng,--without-cap-ng,libcap-ng" -PACKAGECONFIG[openssl] = "--with-crypto,--without-crypto,openssl" -PACKAGECONFIG[smi] = "--with-smi,--without-smi,libsmi" -# Note: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled) -PACKAGECONFIG[smb] = "--enable-smb,--disable-smb" - -EXTRA_AUTORECONF += "--exclude=aclocal" - -do_install:append() { - # make install installs an unneeded extra copy of the tcpdump binary - rm ${D}${bindir}/tcpdump.${PV} -} - -do_compile_ptest() { - oe_runmake buildtest-TESTS -} diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.5.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.5.bb new file mode 100644 index 0000000000..32b869f241 --- /dev/null +++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.5.bb @@ -0,0 +1,52 @@ +SUMMARY = "A sophisticated network protocol analyzer" +HOMEPAGE = "http://www.tcpdump.org/" +SECTION = "net" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453" + +DEPENDS = "libpcap" + +RDEPENDS:${PN}-ptest += " make perl \ + perl-module-file-basename \ + perl-module-file-spec \ + perl-module-file-spec-unix \ + perl-module-file-path \ + perl-module-file-glob \ + perl-module-data-dumper \ + perl-module-bytes \ + perl-module-posix \ + perl-module-carp \ + perl-module-cwd \ + perl-module-constant \ +" + +SRC_URI = " \ + http://www.tcpdump.org/release/${BP}.tar.xz \ + file://add-ptest.patch \ + file://run-ptest \ +" + +SRC_URI[sha256sum] = "d76395ab82d659d526291b013eee200201380930793531515abfc6e77b4f2ee5" + +UPSTREAM_CHECK_REGEX = "tcpdump-(?P\d+(\.\d+)+)\.tar" + +inherit autotools-brokensep pkgconfig ptest + +PACKAGECONFIG ?= "openssl" + +PACKAGECONFIG[libcap-ng] = "--with-cap-ng,--without-cap-ng,libcap-ng" +PACKAGECONFIG[openssl] = "--with-crypto,--without-crypto,openssl" +PACKAGECONFIG[smi] = "--with-smi,--without-smi,libsmi" +# Note: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled) +PACKAGECONFIG[smb] = "--enable-smb,--disable-smb" + +EXTRA_AUTORECONF += "--exclude=aclocal" + +do_install:append() { + # make install installs an unneeded extra copy of the tcpdump binary + rm ${D}${bindir}/tcpdump.${PV} +} + +do_compile_ptest() { + oe_runmake buildtest-TESTS +} -- cgit v1.2.3-54-g00ecf