From 04f4cf80d266af19b6510ec23a94cc2c040f46e5 Mon Sep 17 00:00:00 2001 From: Geoff Levand Date: Tue, 16 Jun 2015 14:15:18 -0700 Subject: [PATCH] bump(net-analyzer/tcpdump): sync with upstream for arm64 Signed-off-by: Geoff Levand --- .../md5-cache/net-analyzer/tcpdump-4.3.0 | 13 - .../md5-cache/net-analyzer/tcpdump-4.6.2-r1 | 13 + .../md5-cache/net-analyzer/tcpdump-4.7.4 | 13 + .../md5-cache/net-analyzer/tcpdump-9999 | 11 + .../net-analyzer/tcpdump/ChangeLog | 833 ++++++++++++++++++ .../net-analyzer/tcpdump/Manifest | 22 +- .../files/tcpdump-4.3.0-ssl-detect.patch | 125 --- .../files/tcpdump-4.6.2-CVE-2014-8767.patch | 165 ++++ .../files/tcpdump-4.6.2-CVE-2014-8768.patch | 327 +++++++ .../files/tcpdump-4.6.2-CVE-2014-8769.patch | 684 ++++++++++++++ .../files/tcpdump-4.6.2-CVE-2014-9140.patch | 40 + .../net-analyzer/tcpdump/metadata.xml | 9 + .../net-analyzer/tcpdump/tcpdump-4.3.0.ebuild | 96 -- .../tcpdump/tcpdump-4.6.2-r1.ebuild | 97 ++ .../net-analyzer/tcpdump/tcpdump-4.7.4.ebuild | 93 ++ .../net-analyzer/tcpdump/tcpdump-9999.ebuild | 92 ++ 16 files changed, 2398 insertions(+), 235 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.3.0 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.6.2-r1 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.7.4 create mode 100644 sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-9999 create mode 100644 sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/ChangeLog delete mode 100644 sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.3.0-ssl-detect.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8767.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8768.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8769.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-9140.patch create mode 100644 sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/metadata.xml delete mode 100644 sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.3.0.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.6.2-r1.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.7.4.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-9999.ebuild diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.3.0 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.3.0 deleted file mode 100644 index 65f8bc3177..0000000000 --- a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.3.0 +++ /dev/null @@ -1,13 +0,0 @@ -DEFINED_PHASES=configure install postinst prepare setup test -DEPEND=net-libs/libpcap smi? ( net-libs/libsmi ) ssl? ( >=dev-libs/openssl-0.9.6m ) test? ( || ( app-arch/sharutils sys-freebsd/freebsd-ubin ) dev-lang/perl ) -DESCRIPTION=A Tool for network monitoring and data acquisition -EAPI=4 -HOMEPAGE=http://www.tcpdump.org/ -IUSE=+chroot smi ssl ipv6 -samba suid test -KEYWORDS=alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux -LICENSE=BSD -RDEPEND=net-libs/libpcap smi? ( net-libs/libsmi ) ssl? ( >=dev-libs/openssl-0.9.6m ) -SLOT=0 -SRC_URI=http://www.tcpdump.org/release/tcpdump-4.3.0.tar.gz http://www.jp.tcpdump.org/release/tcpdump-4.3.0.tar.gz -_eclasses_=autotools 999c8f6cf5d91495cb0779588f20716c eutils 9fb270e417e0e83d64ca52586c4a79de flag-o-matic c263990f1b677b0f0be0a3299f179762 libtool 52d0e17251d04645ffaa61bfdd858944 multilib 3bf24e6abb9b76d9f6c20600f0b716bf toolchain-funcs c961250d50160cd37d6b7fd9e8429c92 user f54e098dd38ba1c0847a13e685b87747 -_md5_=652c9ab5d4d5f4b5fdf0d28b8e1c75f6 diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.6.2-r1 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.6.2-r1 new file mode 100644 index 0000000000..da48678e4c --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.6.2-r1 @@ -0,0 +1,13 @@ +DEFINED_PHASES=configure install postinst preinst prepare setup test +DEPEND=drop-root? ( sys-libs/libcap-ng ) net-libs/libpcap smi? ( net-libs/libsmi ) ssl? ( >=dev-libs/openssl-0.9.6m ) drop-root? ( virtual/pkgconfig ) test? ( || ( app-arch/sharutils sys-freebsd/freebsd-ubin ) dev-lang/perl ) +DESCRIPTION=A Tool for network monitoring and data acquisition +EAPI=5 +HOMEPAGE=http://www.tcpdump.org/ +IUSE=+drop-root smi ssl ipv6 samba suid test +KEYWORDS=alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux +LICENSE=BSD +RDEPEND=drop-root? ( sys-libs/libcap-ng ) net-libs/libpcap smi? ( net-libs/libsmi ) ssl? ( >=dev-libs/openssl-0.9.6m ) +SLOT=0 +SRC_URI=http://www.tcpdump.org/release/tcpdump-4.6.2.tar.gz http://www.jp.tcpdump.org/release/tcpdump-4.6.2.tar.gz +_eclasses_=eutils 9fb270e417e0e83d64ca52586c4a79de flag-o-matic c263990f1b677b0f0be0a3299f179762 multilib 3bf24e6abb9b76d9f6c20600f0b716bf toolchain-funcs c961250d50160cd37d6b7fd9e8429c92 user f54e098dd38ba1c0847a13e685b87747 +_md5_=9d63395e9ec54233a25987ab95cca361 diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.7.4 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.7.4 new file mode 100644 index 0000000000..4ebbad2a6e --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-4.7.4 @@ -0,0 +1,13 @@ +DEFINED_PHASES=configure install postinst preinst setup test +DEPEND=drop-root? ( sys-libs/libcap-ng ) net-libs/libpcap smi? ( net-libs/libsmi ) ssl? ( >=dev-libs/openssl-0.9.6m ) drop-root? ( virtual/pkgconfig ) test? ( || ( app-arch/sharutils sys-freebsd/freebsd-ubin ) dev-lang/perl ) +DESCRIPTION=A Tool for network monitoring and data acquisition +EAPI=5 +HOMEPAGE=http://www.tcpdump.org/ +IUSE=+drop-root smi ssl ipv6 samba suid test +KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux +LICENSE=BSD +RDEPEND=drop-root? ( sys-libs/libcap-ng ) net-libs/libpcap smi? ( net-libs/libsmi ) ssl? ( >=dev-libs/openssl-0.9.6m ) +SLOT=0 +SRC_URI=http://www.tcpdump.org/release/tcpdump-4.7.4.tar.gz http://www.jp.tcpdump.org/release/tcpdump-4.7.4.tar.gz +_eclasses_=eutils 9fb270e417e0e83d64ca52586c4a79de flag-o-matic c263990f1b677b0f0be0a3299f179762 multilib 3bf24e6abb9b76d9f6c20600f0b716bf toolchain-funcs c961250d50160cd37d6b7fd9e8429c92 user f54e098dd38ba1c0847a13e685b87747 +_md5_=f6f779225b46067ccf1a27f22cc17230 diff --git a/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-9999 b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-9999 new file mode 100644 index 0000000000..1925b41742 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/metadata/md5-cache/net-analyzer/tcpdump-9999 @@ -0,0 +1,11 @@ +DEFINED_PHASES=configure install postinst preinst setup test unpack +DEPEND=drop-root? ( sys-libs/libcap-ng ) net-libs/libpcap smi? ( net-libs/libsmi ) ssl? ( >=dev-libs/openssl-0.9.6m ) drop-root? ( virtual/pkgconfig ) test? ( || ( app-arch/sharutils sys-freebsd/freebsd-ubin ) dev-lang/perl ) >=dev-vcs/git-1.8.2.1 +DESCRIPTION=A Tool for network monitoring and data acquisition +EAPI=5 +HOMEPAGE=http://www.tcpdump.org/ +IUSE=+drop-root smi ssl ipv6 samba suid test +LICENSE=BSD +RDEPEND=drop-root? ( sys-libs/libcap-ng ) net-libs/libpcap smi? ( net-libs/libsmi ) ssl? ( >=dev-libs/openssl-0.9.6m ) +SLOT=0 +_eclasses_=eutils 9fb270e417e0e83d64ca52586c4a79de flag-o-matic c263990f1b677b0f0be0a3299f179762 git-r3 3a2bd0ae504c33a50061885480f3def3 multilib 3bf24e6abb9b76d9f6c20600f0b716bf toolchain-funcs c961250d50160cd37d6b7fd9e8429c92 user f54e098dd38ba1c0847a13e685b87747 +_md5_=399f31388a8b5261c285127bdf970c14 diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/ChangeLog b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/ChangeLog new file mode 100644 index 0000000000..a88e476610 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/ChangeLog @@ -0,0 +1,833 @@ +# ChangeLog for net-analyzer/tcpdump +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/ChangeLog,v 1.212 2015/05/01 15:48:21 jer Exp $ + +*tcpdump-4.7.4 (01 May 2015) + + 01 May 2015; Jeroen Roovers -tcpdump-4.7.3.ebuild, + +tcpdump-4.7.4.ebuild: + Version bump. + +*tcpdump-4.7.3 (11 Mar 2015) + + 11 Mar 2015; Jeroen Roovers +tcpdump-4.7.3.ebuild: + Version bump. + + 16 Jan 2015; Jeroen Roovers -tcpdump-4.5.1-r1.ebuild, + -tcpdump-4.6.2.ebuild: + Old. + + 16 Jan 2015; Agostino Sarubbo tcpdump-4.6.2-r1.ebuild: + Stable for ia64, wrt bug #534660 + + 14 Jan 2015; Agostino Sarubbo tcpdump-4.6.2-r1.ebuild: + Stable for ppc64, wrt bug #534660 + + 13 Jan 2015; Agostino Sarubbo tcpdump-4.6.2-r1.ebuild: + Stable for sparc, wrt bug #534660 + + 11 Jan 2015; Markus Meier tcpdump-4.6.2-r1.ebuild: + arm stable, bug #534660 + + 09 Jan 2015; Tobias Klausmann tcpdump-4.6.2-r1.ebuild: + Stable on alpha, bug 534660 + + 09 Jan 2015; Agostino Sarubbo tcpdump-4.6.2-r1.ebuild: + Stable for ppc, wrt bug #534660 + + 08 Jan 2015; Jeroen Roovers tcpdump-4.6.2-r1.ebuild: + Stable for HPPA (bug #534660). + + 08 Jan 2015; Andreas Schuerch tcpdump-4.6.2-r1.ebuild: + x86 stable, see bug 534660 + + 07 Jan 2015; Mikle Kolyada tcpdump-4.6.2-r1.ebuild: + amd64 stable wrt bug #534660 + +*tcpdump-4.6.2-r1 (07 Jan 2015) + + 07 Jan 2015; Jeroen Roovers +tcpdump-4.6.2-r1.ebuild, + +files/tcpdump-4.6.2-CVE-2014-8767.patch, + +files/tcpdump-4.6.2-CVE-2014-8768.patch, + +files/tcpdump-4.6.2-CVE-2014-8769.patch, + +files/tcpdump-4.6.2-CVE-2014-9140.patch: + Patches for multiple vulnerabilities (bug #534660). + +*tcpdump-9999 (07 Jan 2015) + + 07 Jan 2015; Jeroen Roovers +tcpdump-9999.ebuild: + Add live ebuild. + + 25 Oct 2014; Markus Meier tcpdump-4.6.2.ebuild: + arm stable, bug #526030 + + 23 Oct 2014; Pacho Ramos tcpdump-4.6.2.ebuild: + amd64/x86 stable, bug #526030 + + 20 Oct 2014; Jeroen Roovers tcpdump-4.6.2.ebuild: + Stable for HPPA (bug #526030). + + 17 Sep 2014; Jeroen Roovers -tcpdump-4.3.0.ebuild, + -files/tcpdump-4.3.0-ssl-detect.patch, metadata.xml: + Old. + + 17 Sep 2014; Agostino Sarubbo tcpdump-4.5.1-r1.ebuild: + Stable for ppc64, wrt bug #511502 + + 17 Sep 2014; Agostino Sarubbo tcpdump-4.5.1-r1.ebuild: + Stable for ppc, wrt bug #511502 + + 05 Sep 2014; Jeroen Roovers -tcpdump-4.4.0-r1.ebuild: + Old. + + 05 Sep 2014; Jeroen Roovers -tcpdump-4.6.1.ebuild, + tcpdump-4.6.2.ebuild: + Drop USE=samba warning. Drop ineffectual sed script. + +*tcpdump-4.6.2 (04 Sep 2014) + + 04 Sep 2014; Jeroen Roovers +tcpdump-4.6.2.ebuild: + Version bump. + + 03 Aug 2014; tcpdump-4.3.0.ebuild, + tcpdump-4.5.1-r1.ebuild, tcpdump-4.6.1.ebuild: + arm64, initial support + + 02 Aug 2014; Raúl Porcel tcpdump-4.5.1-r1.ebuild: + sparc stable, bug #511502 + + 26 Jul 2014; Pawel Hajdan jr tcpdump-4.5.1-r1.ebuild: + x86 stable wrt bug #511502 + +*tcpdump-4.6.1 (22 Jul 2014) + + 22 Jul 2014; Jeroen Roovers +tcpdump-4.6.1.ebuild: + Version bump. + + 20 Jul 2014; Tobias Klausmann tcpdump-4.5.1-r1.ebuild: + Stable on alpha, bug #511502 + + 22 Jun 2014; Akinori Hattori tcpdump-4.5.1-r1.ebuild: + ia64 stable wrt bug #511502 + + 09 Jun 2014; Markus Meier tcpdump-4.5.1-r1.ebuild: + arm stable, bug #511502 + + 08 Jun 2014; Jeroen Roovers tcpdump-4.5.1-r1.ebuild: + Clean up sed call, add die(). + + 08 Jun 2014; Chema Alonso tcpdump-4.5.1-r1.ebuild: + Stable for amd64 wrt bug #511502 + + 29 May 2014; Jeroen Roovers tcpdump-4.5.1-r1.ebuild: + Stable for HPPA (bug #511502). + + 06 Dec 2013; Tim Harder -tcpdump-4.4.0.ebuild, + -tcpdump-4.5.1.ebuild: + Remove old. + + 06 Dec 2013; Tim Harder tcpdump-4.5.1-r1.ebuild: + Use better workaround for bug #488522. + +*tcpdump-4.5.1-r1 (06 Dec 2013) + + 06 Dec 2013; Rick Farina +tcpdump-4.5.1-r1.ebuild: + fix for bug #488522 thanks to pchrist + + 28 Nov 2013; Tim Harder tcpdump-4.4.0-r1.ebuild: + Fix test logic (bug #482374). + + 28 Nov 2013; Tim Harder tcpdump-4.5.1.ebuild: + Disable user support when drop-root is disabled (bug #488522). + +*tcpdump-4.5.1 (28 Nov 2013) + + 28 Nov 2013; Tim Harder +tcpdump-4.5.1.ebuild: + Version bump, fix test logic. + + 27 Jul 2013; Jeroen Roovers metadata.xml: + Remove duplicate description. + + 04 Jun 2013; Zac Medico tcpdump-4.4.0-r1.ebuild: + Fix chroot -> drop-root in pkg_preinst. + + 03 Jun 2013; Jeroen Roovers tcpdump-4.4.0-r1.ebuild, + metadata.xml: + Avoid test suite failure when USE=drop-root / FEATURES=-userpriv (bug + #435982). Rename USE=chroot to USE=drop-root since USE=suid is already taken + and has a different meaning in these ebuilds. + + 03 Jun 2013; Jeroen Roovers tcpdump-4.4.0-r1.ebuild: + Use append-cflags instead of append-flags. + + 02 Jun 2013; Jeroen Roovers tcpdump-4.4.0-r1.ebuild: + Run user.eclass functions conditionally, and in pkg_preinst too. Fix CFLAGS + -O2 injection better. Copy the configure warning about SMB support. + + 02 Jun 2013; Jeroen Roovers tcpdump-4.4.0-r1.ebuild: + Do not keep /var/lib/tcpdump. + +*tcpdump-4.4.0-r1 (02 Jun 2013) + + 02 Jun 2013; Jeroen Roovers +tcpdump-4.4.0-r1.ebuild: + Enable secret libcap-ng support for chrooting (maybe bug #334329). + + 29 May 2013; Jeroen Roovers tcpdump-4.4.0.ebuild: + Remove obsolete cross-compile fix. + + 09 May 2013; Jeroen Roovers + -files/tcpdump-4.0.0-ipv6-build.patch, + -files/tcpdump-4.0.0-libsmi-autodep.patch, -files/tcpdump-4.2.0-ipv6.patch, + -files/tcpdump-4.2.0-ppi.h, -tcpdump-3.9.8-r1.ebuild, -tcpdump-3.9.8.ebuild, + -tcpdump-4.1.1.ebuild, -tcpdump-4.2.0.ebuild, -tcpdump-4.2.1.ebuild: + Old. + +*tcpdump-4.4.0 (09 May 2013) + + 09 May 2013; Jeroen Roovers +tcpdump-4.4.0.ebuild: + Version bump. + + 21 Feb 2013; Zac Medico tcpdump-4.3.0.ebuild: + Add ~arm-linux keyword. + + 22 Jan 2013; Mike Frysinger + +files/tcpdump-4.3.0-ssl-detect.patch, tcpdump-4.3.0.ebuild: + Fix from upstream for cross-compiling with ssl. + + 07 Dec 2012; Jeroen Roovers metadata.xml: + Clarify USE=chroot. + + 30 Sep 2012; Raúl Porcel tcpdump-4.3.0.ebuild: + alpha/ia64/s390/sh/sparc stable wrt #435658 + + 23 Sep 2012; Pawel Hajdan jr tcpdump-4.3.0.ebuild: + x86 stable wrt bug #433263 + + 18 Sep 2012; Jeroen Roovers tcpdump-4.3.0.ebuild: + Stable for HPPA (bug #433263). + + 07 Sep 2012; Agostino Sarubbo tcpdump-4.3.0.ebuild: + Stable for amd64, wrt bug #433263 + + 03 Sep 2012; Anthony G. Basile tcpdump-4.3.0.ebuild: + Stable ppc64, bug #433263 + + 03 Sep 2012; Anthony G. Basile tcpdump-4.3.0.ebuild: + Stable ppc, bug #433263 + + 03 Sep 2012; Anthony G. Basile tcpdump-4.3.0.ebuild: + Stable arm, bug #433263 + +*tcpdump-4.3.0 (19 Jun 2012) + + 19 Jun 2012; Jeroen Roovers +tcpdump-4.3.0.ebuild: + Version bump. + + 12 Jun 2012; Zac Medico tcpdump-3.9.8-r1.ebuild, + tcpdump-3.9.8.ebuild, tcpdump-4.1.1.ebuild, tcpdump-4.2.0.ebuild, + tcpdump-4.2.1.ebuild: + inherit user for enewgroup and enewuser + + 23 Apr 2012; Benda Xu tcpdump-4.2.1.ebuild: + fixes directories in configure options for Prefix. closes bug #412005 + +*tcpdump-4.2.1 (04 Jan 2012) + + 04 Jan 2012; Tim Harder +tcpdump-4.2.1.ebuild: + Version bump. + + 17 Dec 2011; Jeroen Roovers tcpdump-4.2.0.ebuild, + +files/tcpdump-4.2.0-ipv6.patch: + Fix building with USE=-ipv6 thanks to Andrey Grozin, patch by Andrew + Savchenko (bug #395031). Clean up inherit. + +*tcpdump-4.2.0 (16 Dec 2011) + + 16 Dec 2011; Jeroen Roovers + -tcpdump-4.0.1_pre20090709.ebuild, +tcpdump-4.2.0.ebuild, + +files/tcpdump-4.2.0-ppi.h: + Version bump (bug #393085). + + 10 Nov 2011; Naohiro Aota tcpdump-4.1.1.ebuild: + Add fall-back dependency sys-freebsd/freebsd-ubin. It should work with + FreeBSD uuencode + + 09 Jul 2011; Matt Turner tcpdump-4.1.1.ebuild: + Added ~mips, bug 247076 + + 12 Apr 2010; Peter Volkov tcpdump-4.1.1.ebuild: + Print elog only if USE=suid, bug #312841, again thank Martin von Gagern + for report. + +*tcpdump-4.1.1 (08 Apr 2010) + + 08 Apr 2010; Peter Volkov -tcpdump-4.1.0.ebuild, + -tcpdump-4.1.0-r1.ebuild, -files/tcpdump-4.1.0-without-chroot.patch, + +tcpdump-4.1.1.ebuild: + Version bump. + + 07 Apr 2010; Peter Volkov tcpdump-4.1.0-r1.ebuild: + Print elog only if USE=suid, bug #312841, thank Martin von Gagern for + report. + +*tcpdump-4.1.0-r1 (02 Apr 2010) + + 02 Apr 2010; Peter Volkov +tcpdump-4.1.0-r1.ebuild: + Added suid USE flag to allow users in tcpdump group to sniff traffic, bug + #283527, thank Hank Leininger for report. + +*tcpdump-4.1.0 (02 Apr 2010) + + 02 Apr 2010; Peter Volkov +tcpdump-4.1.0.ebuild, + +files/tcpdump-4.1.0-without-chroot.patch: + Version bump, bug #312337, thank Richard Hartmann for report. Fixes + inability to run tcpdump if built with USE=-chroot, bug 281936, thank + Travis Schack for report. Tests are broken in the release. + + 12 Feb 2010; Jeroen Roovers tcpdump-3.9.8-r1.ebuild: + Stable for HPPA too. + + 01 Jan 2010; Christian Faulhammer + tcpdump-4.0.1_pre20090709.ebuild: + Transfer Prefix keywords + +*tcpdump-4.0.1_pre20090709 (09 Jul 2009) + + 09 Jul 2009; Peter Volkov -tcpdump-4.0.0.ebuild, + -tcpdump-4.0.1_pre20090616.ebuild, +tcpdump-4.0.1_pre20090709.ebuild: + --disable-chroot is now --without-chroot, bug #277001 thank Conrad + Kostecki for report. Disable samba support with IUSE default, bug #275100 + thank Matthias Schwarzott for suggestion. Dropped versions not to be + stabilized. + + 17 Jun 2009; Peter Volkov tcpdump-3.9.8.ebuild, + tcpdump-3.9.8-r1.ebuild, tcpdump-4.0.0.ebuild, + tcpdump-4.0.1_pre20090616.ebuild: + Make repoman happy: RDEPEND.implicit and ebuild.minorsyn fixed. + +*tcpdump-4.0.1_pre20090616 (17 Jun 2009) + + 17 Jun 2009; Peter Volkov + +tcpdump-4.0.1_pre20090616.ebuild: + Bump to recent git snapshot. + + 20 Feb 2009; Raúl Porcel tcpdump-4.0.0.ebuild: + Add ~arm/~s390/~sh wrt #247076 + +*tcpdump-4.0.0 (16 Nov 2008) + + 16 Nov 2008; Peter Volkov + -files/tcpdump-3.9.5-print-802_11.c.diff, + -files/tcpdump-3.9.6-bgp-integer-overflow.patch, + +files/tcpdump-4.0.0-ipv6-build.patch, + +files/tcpdump-4.0.0-libsmi-autodep.patch, metadata.xml, + -tcpdump-3.9.5-r3.ebuild, -tcpdump-3.9.6-r1.ebuild, + -tcpdump-3.9.7-r1.ebuild, +tcpdump-4.0.0.ebuild: + Version bump, bug #245179, thank Krzysztof Olędzki for report. Removed + old. + + 28 Sep 2008; Cédric Krier tcpdump-3.9.8-r1.ebuild: + Call enewuser/enewgroup in both pkg_setup and pkg_preinst for bug #231917 + + 10 Sep 2008; Peter Volkov tcpdump-3.9.5-r3.ebuild, + tcpdump-3.9.6-r1.ebuild, tcpdump-3.9.7-r1.ebuild, tcpdump-3.9.8.ebuild, + tcpdump-3.9.8-r1.ebuild: + enewuser/enewgroup die on their own, no need to || die + + 04 Aug 2008; Jeroen Roovers metadata.xml: + Describe local USE flags for GLEP 56. + + 25 Jun 2008; Santiago M. Mola + tcpdump-3.9.8-r1.ebuild: + amd64 stable + + 24 Jun 2008; Raúl Porcel tcpdump-3.9.8-r1.ebuild: + alpha/ia64/sparc/x86 stable + +*tcpdump-3.9.8-r1 (30 Mar 2008) + + 30 Mar 2008; Cédric Krier +tcpdump-3.9.8-r1.ebuild: + Add chroot USE for bug #199172 + + 14 Nov 2007; Jeroen Roovers tcpdump-3.9.8.ebuild: + Stable for HPPA (bug #198476). + + 10 Nov 2007; Markus Rothe tcpdump-3.9.8.ebuild: + Stable on ppc64; bug #198476 + + 10 Nov 2007; Daniel Gryniewicz tcpdump-3.9.8.ebuild: + Marked stable on amd64 for bug #198476 + + 09 Nov 2007; nixnut tcpdump-3.9.8.ebuild: + Stable on ppc wrt bug 198476 + + 08 Nov 2007; Raúl Porcel tcpdump-3.9.8.ebuild: + alpha/ia64/sparc/x86 stable wrt #198476 + + 13 Oct 2007; Tom Gall tcpdump-3.9.7-r1.ebuild: + stable on ppc64, bug #193787 + +*tcpdump-3.9.8 (09 Oct 2007) + + 09 Oct 2007; Markus Ullmann +tcpdump-3.9.8.ebuild: + Version bump wrt bug #194890 + + 29 Sep 2007; Christoph Mende tcpdump-3.9.7-r1.ebuild: + Stable on amd64 wrt bug #193787 + + 28 Sep 2007; nixnut tcpdump-3.9.7-r1.ebuild: + Stable on ppc wrt bug 193787 + + 27 Sep 2007; Jeroen Roovers tcpdump-3.9.7-r1.ebuild: + Stable for HPPA (bug #193787). + + 06 Sep 2007; Markus Ullmann ChangeLog: + Cleanup + + 06 Sep 2007; Raúl Porcel tcpdump-3.9.7-r1.ebuild: + alpha/ia64/x86 stable + + 06 Sep 2007; Markus Ullmann + -files/tcpdump-3.8.3-bgp-infinite-loop2.patch, + -files/tcpdump-3.8.3-gcc4.patch, -files/tcpdump-3.8.3-gentoo.patch, + -tcpdump-3.9.5-r2.ebuild, -tcpdump-3.9.6.ebuild: + Cleanup + + 28 Aug 2007; -tcpdump-3.9.7.ebuild: + Cleaned tcpdump ebuild without drop priviledges feature. + +*tcpdump-3.9.7-r1 (27 Aug 2007) + + 27 Aug 2007; Cédric Krier +tcpdump-3.9.7-r1.ebuild: + Re-enable drop privileges for bug #176391 + + 13 Aug 2007; Tobias Scherbaum + tcpdump-3.9.6-r1.ebuild: + ppc. stable + + 06 Aug 2007; Joshua Kinard tcpdump-3.9.6-r1.ebuild: + Stable on mips. + +*tcpdump-3.9.7 (02 Aug 2007) + + 02 Aug 2007; Raphael Marichez +tcpdump-3.9.7.ebuild: + Version bump + + 26 Jul 2007; Gustavo Zacarias + tcpdump-3.9.6-r1.ebuild: + Stable on sparc + + 24 Jul 2007; Raúl Porcel tcpdump-3.9.6-r1.ebuild: + alpha/ia64/x86 stable + + 16 Jul 2007; Markus Rothe tcpdump-3.9.5-r3.ebuild: + Stable on ppc64; bug #184815 + + 16 Jul 2007; Joshua Kinard tcpdump-3.9.5-r3.ebuild: + Stable on mips, per #184815. + + 15 Jul 2007; Tobias Scherbaum + tcpdump-3.9.5-r3.ebuild: + ppc stable, bug #184815 + + 13 Jul 2007; Steve Dibb tcpdump-3.9.5-r3.ebuild: + amd64 stable, security bug 184815 + + 12 Jul 2007; Jeroen Roovers tcpdump-3.9.5-r3.ebuild: + Stable for HPPA (bug #184815). + + 11 Jul 2007; Raúl Porcel tcpdump-3.9.5-r3.ebuild: + alpha/ia64/x86 stable wrt #184815 + + 11 Jul 2007; Gustavo Zacarias + tcpdump-3.9.5-r3.ebuild: + Stable on sparc wrt security #184815 + +*tcpdump-3.9.6-r1 (10 Jul 2007) +*tcpdump-3.9.5-r3 (10 Jul 2007) + + 10 Jul 2007; + +files/tcpdump-3.9.6-bgp-integer-overflow.patch, +tcpdump-3.9.5-r3.ebuild, + +tcpdump-3.9.6-r1.ebuild: + Fix vulnerability reported in bug 184815. Thank mu-b . Force tcpdump to drop privileges by default. Thank Jukka + Ruohonen for report (bug #176391). + +*tcpdump-3.9.6 (23 Jun 2007) + + 23 Jun 2007; Cédric Krier +tcpdump-3.9.6.ebuild: + Version bump + + 01 Apr 2007; Marcelo Goes + -tcpdump-3.9.4-r3.ebuild, -tcpdump-3.9.5-r1.ebuild: + Remove old ebuilds. + + 07 Mar 2007; Alexander H. Færøy + tcpdump-3.9.5-r2.ebuild: + Stable on MIPS; bug #168916 + + 06 Mar 2007; Markus Rothe tcpdump-3.9.5-r2.ebuild: + Stable on ppc64; bug #168916 + + 05 Mar 2007; tcpdump-3.9.5-r2.ebuild: + Stable on alpha wrt security bug #168916 + + 03 Mar 2007; Tobias Scherbaum + tcpdump-3.9.5-r2.ebuild: + Stable on ppc wrt bug #168916. + + 02 Mar 2007; Jason Wever tcpdump-3.9.5-r2.ebuild: + Stable on SPARC wrt security bug #168916. + + 02 Mar 2007; Christian Faulhammer + tcpdump-3.9.5-r2.ebuild: + stable x86; security bug 168916 + + 02 Mar 2007; Jeroen Roovers tcpdump-3.9.5-r2.ebuild: + Stable for HPPA (bug #168916). + + 02 Mar 2007; Steve Dibb tcpdump-3.9.5-r2.ebuild: + amd64 stable, bug 168916 + +*tcpdump-3.9.5-r2 (02 Mar 2007) + + 02 Mar 2007; Marcelo Goes + +files/tcpdump-3.9.5-print-802_11.c.diff, -tcpdump-3.9.3.ebuild, + -tcpdump-3.9.4.ebuild, +tcpdump-3.9.5-r2.ebuild: + Add print-802_11.c patch for bug 168916. Thanks to Executioner . Also, removing old ebuilds. + + 18 Dec 2006; Alexander H. Færøy + tcpdump-3.9.4-r3.ebuild: + Stable on IA64. + +*tcpdump-3.9.4-r3 (15 Nov 2006) + + 15 Nov 2006; Peter Volkov -tcpdump-3.9.4-r2.ebuild, + +tcpdump-3.9.4-r3.ebuild: + Fixed broken smb ./configure option. Thank Tommy Yu for report in bug #155193. + + 04 Nov 2006; Alexander H. Færøy + tcpdump-3.9.4-r2.ebuild: + Stable on Alpha. + +*tcpdump-3.9.5-r1 (09 Oct 2006) + + 09 Oct 2006; Markus Ullmann +tcpdump-3.9.5-r1.ebuild: + Readding samba stuff + +*tcpdump-3.9.5 (08 Oct 2006) + + 08 Oct 2006; Markus Ullmann +tcpdump-3.9.5.ebuild: + Version bump + + 04 Sep 2006; Joshua Kinard tcpdump-3.9.4-r2.ebuild: + Marked stable on mips. + + 16 Aug 2006; Markus Rothe tcpdump-3.9.4-r2.ebuild: + Stable on ppc64 + + 13 Aug 2006; Jason Wever tcpdump-3.9.4-r2.ebuild: + Stable on SPARC. + + 06 Aug 2006; Guy Martin tcpdump-3.9.4-r2.ebuild: + Stable on hppa. + + 30 Jul 2006; Tobias Scherbaum + tcpdump-3.9.4-r2.ebuild: + ppc stable + + 30 Jul 2006; Daniel Gryniewicz tcpdump-3.9.4-r2.ebuild: + Marked stable on amd64 + + 29 Jul 2006; Marcelo Goes + -tcpdump-3.8.3-r4.ebuild, -tcpdump-3.8.3-r6.ebuild, + -tcpdump-3.9.3-r2.ebuild, tcpdump-3.9.4-r2.ebuild: + Remove old ebuilds, mark 3.9.4-r2 x86 stable. + + 12 Jul 2006; Diego Pettenò + tcpdump-3.9.4-r2.ebuild: + Add ~x86-fbsd keyword. + + 28 Jun 2006; Simon Stelling tcpdump-3.9.4.ebuild: + stable on amd64 + + 28 Apr 2006; Joshua Kinard tcpdump-3.9.4.ebuild: + Marked stable on mips. + +*tcpdump-3.9.4-r2 (28 Mar 2006) +*tcpdump-3.9.3-r2 (28 Mar 2006) +*tcpdump-3.8.3-r6 (28 Mar 2006) + + 28 Mar 2006; Markus Ullmann -tcpdump-3.8.3-r5.ebuild, + +tcpdump-3.8.3-r6.ebuild, -tcpdump-3.9.3-r1.ebuild, + +tcpdump-3.9.3-r2.ebuild, -tcpdump-3.9.4-r1.ebuild, + +tcpdump-3.9.4-r2.ebuild: + Fixed ssl support, thanks to exg for hint + + 18 Mar 2006; Markus Ullmann tcpdump-3.9.3-r1.ebuild, + tcpdump-3.9.4-r1.ebuild: + added missing samba IUSE + +*tcpdump-3.9.4-r1 (18 Mar 2006) +*tcpdump-3.9.3-r1 (18 Mar 2006) +*tcpdump-3.8.3-r5 (18 Mar 2006) + + 18 Mar 2006; Markus Ullmann +tcpdump-3.8.3-r5.ebuild, + +tcpdump-3.9.3-r1.ebuild, +tcpdump-3.9.4-r1.ebuild: + Adding big fat warning if we use samba as dependency, configure script has + weird defaults. Thanks to exg for pointing this out + + 09 Mar 2006; Michael Hanselmann tcpdump-3.9.4.ebuild: + Stable on ppc. + + 27 Feb 2006; Markus Rothe tcpdump-3.9.4.ebuild: + Stable on ppc64 + + 27 Feb 2006; Christian Birchinger tcpdump-3.9.4.ebuild: + Added sparc stable keyword + + 26 Feb 2006; Marcelo Goes tcpdump-3.9.4.ebuild: + Mark 3.9.4 x86 stable. + + 20 Feb 2006; Joshua Kinard tcpdump-3.9.3.ebuild: + Marked stable on mips. + + 15 Feb 2006; Markus Ullmann tcpdump-3.8.3-r4.ebuild, + tcpdump-3.9.3.ebuild, tcpdump-3.9.4.ebuild: + Removing virtual/libpcap wrt bug #117898 + + 06 Feb 2006; Aron Griffis tcpdump-3.9.3.ebuild: + Mark 3.9.3 stable on alpha + + 21 Jan 2006; Markus Rothe tcpdump-3.9.3.ebuild: + Stable on ppc64 + + 15 Jan 2006; Michael Hanselmann tcpdump-3.9.3.ebuild: + Stable on ppc. + + 15 Jan 2006; Marcus D. Hanwell tcpdump-3.9.3.ebuild: + Stable on amd64, bug 118984. + + 09 Jan 2006; Gustavo Zacarias tcpdump-3.9.3.ebuild: + Stable on sparc + +*tcpdump-3.9.4 (08 Jan 2006) + + 08 Jan 2006; Marcelo Goes tcpdump-3.9.3.ebuild, + +tcpdump-3.9.4.ebuild: + 3.9.4 version bump, marking 3.9.3 x86 stable. + + 09 Oct 2005; tcpdump-3.9.3.ebuild: + Forcing at least -O optymalization. This close bug #108391 + +*tcpdump-3.9.3 (20 Sep 2005) + + 20 Sep 2005; Marcelo Goes +tcpdump-3.9.3.ebuild: + Version bump. + + 20 Sep 2005; Marcelo Goes + -tcpdump-3.8.3-r1.ebuild, tcpdump-3.8.3-r4.ebuild: + inherit eutils. + + 02 Jul 2005; Hardave Riar tcpdump-3.8.3-r4.ebuild: + Stable on mips, bug #95349 + +*tcpdump-3.8.3-r4 (30 Jun 2005) + + 30 Jun 2005; Aaron Walker -tcpdump-3.8.3-r2.ebuild, + -tcpdump-3.8.3-r3.ebuild, +tcpdump-3.8.3-r4.ebuild: + Revision bump; previous ebuilds do not enable SSL with USE=ssl, bug 97471. + Tidy old ebuilds. + + 11 Jun 2005; Yuta SATOH tcpdump-3.8.3-r3.ebuild: + Stable on ppc64, bug #95349 + + 10 Jun 2005; Rene Nussbaumer + tcpdump-3.8.3-r3.ebuild: + Stable on hppa. + + 10 Jun 2005; Aron Griffis tcpdump-3.8.3-r3.ebuild: + stable on alpha ia64 #95349 + + 10 Jun 2005; Michael Hanselmann + tcpdump-3.8.3-r3.ebuild: + Stable on ppc. + + 10 Jun 2005; Jan Brinkmann tcpdump-3.8.3-r3.ebuild: + Stable on amd64 wrt #95349. + + 10 Jun 2005; Gustavo Zacarias + tcpdump-3.8.3-r3.ebuild: + Stable on sparc wrt #95349 + +*tcpdump-3.8.3-r3 (09 Jun 2005) + + 09 Jun 2005; Marcelo Goes + +files/tcpdump-3.8.3-bgp-infinite-loop2.patch, +tcpdump-3.8.3-r3.ebuild: + Adding patch for security bug 95349. + + 15 May 2005; Marcelo Goes tcpdump-3.8.3-r1.ebuild: + Use toolchain-funcs.eclass instead of gcc.eclass. See bug 92745. + + 14 May 2005; Aaron Walker + files/tcpdump-3.8.3-gcc4.patch, tcpdump-3.8.3-r2.ebuild: + Update gcc4 patch with the proper AC_TRY_LINK fix. Thanks to halcy0n for the + help. + + 14 May 2005; Aaron Walker + +files/tcpdump-3.8.3-gcc4.patch, tcpdump-3.8.3-r2.ebuild: + Added patch to make gcc-4 a happy camper; also updated to use + toolchain-funcs.eclass rather than gcc.eclass. + + 07 May 2005; Bryan Østergaard + tcpdump-3.8.3-r2.ebuild: + Stable on alpha + ia64, bug 90541. + + 07 May 2005; Omkhar Arasaratnam + tcpdump-3.8.3-r2.ebuild: + Stable on ppc64 wrt #90541 + + 07 May 2005; Michael Hanselmann + tcpdump-3.8.3-r2.ebuild: + Stable on hppa. + + 07 May 2005; Gustavo Zacarias + tcpdump-3.8.3-r2.ebuild: + Stable on sparc wrt #90541 + + 06 May 2005; Andrej Kacian tcpdump-3.8.3-r2.ebuild: + Stable on amd64, bug #90541. + + 06 May 2005; Daniel Black + tcpdump-3.8.3-r2.ebuild: + ppc stable as per bug #90541 + +*tcpdump-3.8.3-r2 (06 May 2005) + + 06 May 2005; Marcelo Goes + +files/tcpdump-3.8.3-gentoo.patch, +tcpdump-3.8.3-r2.ebuild: + Adding security patch derived from debian to solve bug #90541 + + 31 Jan 2005; Daniel Black tcpdump-3.8.3-r1.ebuild: + virtual/libpcap transition + + 30 Oct 2004; Eldad Zack + -files/tcpdump-3.6.2-afsprinting.patch, -files/tcpdump-3.7.2-sctp.patch, + -tcpdump-3.6.2-r1.ebuild, -tcpdump-3.7.1.ebuild, -tcpdump-3.7.2.ebuild, + -tcpdump-3.8.1.ebuild, -tcpdump-3.8.3.ebuild: + Cleanup + + 17 Jul 2004; Tom Gall tcpdump-3.8.3-r1.ebuild: + stable on ppc64, bug #56913 + + 14 Jul 2004; Travis Tilley tcpdump-3.8.3-r1.ebuild: + fix gcc 3.4 fix so that it works with gcc 3.4.1 too + + 27 Apr 2004; Aron Griffis tcpdump-3.7.2.ebuild: + Add inherit eutils + + 04 Apr 2004; Aron Griffis tcpdump-3.8.3-r1.ebuild: + Mark stable on alpha and ia64 for bug 46258 + + 04 Apr 2004; Jon Portnoy tcpdump-3.8.3-r1.ebuild : + Stable on AMD64 + + 03 Apr 2004; Jason Wever tcpdump-3.8.3-r1.ebuild: + Stable on sparc wrt bug #46258. + + 03 Apr 2004; tcpdump-3.8.3-r1.ebuild: + stable on x86. Bug #37184,#46258 + + 03 Apr 2004; Lars Weiler tcpdump-3.8.3-r1.ebuild: + stable on ppc as requested in bug #46258 + +*tcpdump-3.8.3-r1 (31 Mar 2004) + + 31 Mar 2004; metadata.xml, tcpdump-3.8.3-r1.ebuild: + updated DEPEND's + + 30 Mar 2004; Jason Wever tcpdump-3.8.3.ebuild: + Stable on sparc. + +*tcpdump-3.8.3 (30 Mar 2004) + + 30 Mar 2004; tcpdump-3.6.2-r1.ebuild, + tcpdump-3.7.1.ebuild, tcpdump-3.7.2.ebuild, tcpdump-3.8.3.ebuild: + ISAKMP payload handling denial-of-service vulnerabilities. Bugzilla Bug 46258 + + 30 Mar 2004; Aron Griffis tcpdump-3.8.1.ebuild: + Stable on alpha and ia64 for bug 38206 + + 15 Jan 2004; tcpdump-3.8.1.ebuild: + marked hppa and sparc, fixes #38206 + + 05 Jan 2004; Daniel Ahlberg tcpdump-3.8.1.ebuild: + Change optimization levels. Patch by Gustavo Zacarias in + #37184. + +*tcpdump-3.8.1 (03 Jan 2004) + + 03 Jan 2004; Daniel Ahlberg tcpdump-3.8.1.ebuild: + Version bump. Closing #37091 + + 04 Nov 2003; Will Woods tcpdump-3.7.2.ebuild: + Added files/tcpdump-3.7.2-sctp.patch, fixing bug #25544 + +*tcpdump-3.7.2 (03 Mar 2003) + + 27 Apr 2003; Zach Welch tcpdump-3.7.2.ebuild: + add arm keyword + + 25 Apr 2003; Guy Martin tcpdump-3.7.2.ebuild : + Added hppa to KEYWORDS. + + 03 Mar 2003; Daniel Ahlberg : + Security update. + + 06 Dec 2002; Rodney Rees : changed sparc ~sparc keywords + +*tcpdump-3.7.1 (9 May 2002) + + 15 Feb 2003; Nicholas Wourms tcpdump-3.6.2-r1.ebuild tcpdump-3.7.1.ebuild : + Added mips keyword to ebuilds. + + 10 Feb 2003; Peter Johanson tcpdump-3.7.1.ebuild : + Added ~alpha to KEYWORDS in tcpdump-3.7.1.ebuild. + + 17 Aug 2002; Daniel Ahlberg tcpdump-3.7.1.ebuild : + Moved binary from /usr/bin to /usr/sbin as suggested in #6518. + + 21 Jul 2002; Owen Stampflee : + Added PPC to KEYWORDS. + + 18 Jul 2002; Kyle Manna tcpdump-3.7.1.ebuild : + New version again :) Not sure if this is BETA, devel, tested, working etc. + But it has the security patch already applied ;) + +*tcpdump-3.6.2-r1 (9 May 2002) + + 17 Aug 2002; Daniel Ahlberg tcpdump-3.6.2-r1.ebuild : + Moved binary from /usr/bin to /usr/sbin as suggested in #6518. + + 9 May 2002; Spider tcpdump-3.6.2-r1.ebuild : + Yet another security fix. from connectiva this time + +*tcpdump-3.6.2 (9 May 2002) + + 9 May 2002; Spider tcpdump-3.6.2.ebuild : + Updated version on tcpdump.org, fixes security vulnerability. + +*tcpdump-3.6.1 (1 Feb 2002) + + 1 Feb 2002; G.Bevin ChangeLog : + + Added initial ChangeLog which should be updated whenever the package is + updated in any way. This changelog is targetted to users. This means that the + comments should well explained and written in clean English. The details about + writing correct changelogs are explained in the skel.ChangeLog file which you + can find in the root directory of the portage repository. diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/Manifest b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/Manifest index f1ce6b20f9..4d56297636 100644 --- a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/Manifest +++ b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/Manifest @@ -1 +1,21 @@ -DIST tcpdump-4.3.0.tar.gz 887619 SHA256 efd08b610210d39977ec3175fa82dad9fbd33587930081be2a905a712dba4286 SHA512 56a33f8aeae551fdc499be31d834207b253de27dce7bdde02e2de5ed0edc4bbe86d8e120c9d2a2303b21d5c32773a4f2984e6af4f0d6f945edb3691a6446cb3c WHIRLPOOL b7d06938816aad8313d61bc30d15efa321ae2ab4663e9355ae2c50b7645bd3cb694de85e04314b5e320459312ee6150a2d3c8c93ee7ffc47ca2ece29bebd8270 +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +AUX tcpdump-4.6.2-CVE-2014-8767.patch 5915 SHA256 71406588253893f3bb3ec1ef5b70efd1de3c9db6604089b1289a7cf6055e0ba9 SHA512 3ba603f14d8aa5d8c211c673d3f6fdfef5fbfd5f198d3b85fed04dd2a2695715b4d02d225763de3b62fad5803273f7e289fa76ec80fac54768b57345991de376 WHIRLPOOL 03b481e553d3e9dc944857d8051ee8b53c7b32c7c5ce7d8840110efe5c8bddf1efb792a9d34fbbc2aa741235f2983ea184519e39ed8d6cebcf14aa2846af357a +AUX tcpdump-4.6.2-CVE-2014-8768.patch 8335 SHA256 c91eb5a95dce1c2d846e25259e4f4c7df47a2489a7762a236e099590b4e1b7f0 SHA512 d7a260184346164eb4b9a744678a6d813ecc4627e903e04244d50cb9ff6cfac8e5476b87ca568d1f2f5d290450d93396c5eb38df26501d2bd31b248e6716e0b8 WHIRLPOOL 669c88b5974ced32949d3bc887cfd2c02db32ae29653574ff86f336504cea7c6145efc7c7c85e7f62b398ea45caf38570f58423f2e5389a995f9d986659cfc28 +AUX tcpdump-4.6.2-CVE-2014-8769.patch 21421 SHA256 4c82594572f77673b97fef23ebe7ee993b5ad9ed23b71e748eaac76abdfd19c2 SHA512 bf54217311b9095748f0014886801556048a1feab3a7086b0e957ce26440468859db70b18b8b545f9ffa86e2227d22913d5ff2958b9b631829de731e84bf3d0f WHIRLPOOL a691cce09ca5db8875982b9a47dbe25d9f79d88fa616269c17d90671f14e4cfb9abd1c71e171ae14acc161e445099b096e28c1071430ac95f719006391ecfa1c +AUX tcpdump-4.6.2-CVE-2014-9140.patch 859 SHA256 4762e0b7fe67ad340a9ac955c88bb968ef042fff831ee7fe1244b0242c586e8c SHA512 6bea98b9cf4a01e646e68689d93cad4f4fa0d17c2a457be5f3492b20115869f221a43da0ee814e482bfc3808a9d60e4c22d81f99a065c098bc866f0c74ecea38 WHIRLPOOL dba235d3897188264f67ab7910f626e0b17db2c15347613fe5189747111cc78eef98d6882ca8bd10bd6447033d3e24b77ff20cad2bc2ce13b68a699868aaf235 +DIST tcpdump-4.6.2.tar.gz 1105356 SHA256 524ee4d8e83a6c663f6879004216a9a5bcb1c68b11920d653eb87b79d008e0b8 SHA512 6e1799a97378c4844460d6b0c0766e9c7d36da0678d103f9571f536ccbc6d46f05b7caf4dc21277966ca687836152d21c227546c7d1cb382b045ed8f055228fc WHIRLPOOL d540fcccb0fac8f7c472bafe800c4c451455bcc2df8208d2e21d99c5e6d58de32dda89b59a2d63ee44ea63fa2fe607100f03f113d0ce40e6aa9b1db762a79ba3 +DIST tcpdump-4.7.4.tar.gz 1153657 SHA256 6be520269a89036f99c0b2126713a60965953eab921002b07608ccfc0c47d9af SHA512 5660d82abdf7327c3e1717db519b2c98cd217fff17440019f3ccf166b3cb28ab1c1850b7c42f8c6ee38110838bb8a4a10cd394f25123783bb3d58e1f350ef326 WHIRLPOOL 7c320adf64bf5ff57af7f98fec9919ba3c07056fbbbe1c8a87ac73ecb767ce245c4963e69e24ff71704be7b42dc604992f261173a34b12a87cd0eab153762816 +EBUILD tcpdump-4.6.2-r1.ebuild 2355 SHA256 bc194285177f5b3787046ad44ab1cb91ae7afa855f4787bbc19cc584231f1e1f SHA512 0e53740fecebf77f3a11a516cf039b9b464770ff297fa76e1280db3d9e034c287fa38f0760cf9064e2daafe3627692ea89aa43b9904da162da8eca1f709698b5 WHIRLPOOL cf9d4f936467d408800364f58322549ccdc6a994bf517a16eb941c4b126a83624e19a3b3464d97cac7ff899da30d38b39fc6d5edcb87f464721d56044ba867db +EBUILD tcpdump-4.7.4.ebuild 2270 SHA256 bd0a8fc55fcb76faaab84a807160ad446a4ffaa8802d717d50ef667adcb87793 SHA512 47c697975a06fef6add13e594a80c993a9d25a8dd6cb94bfa26689553bbe70163c7a88df76bc38af6e4dc457edaa436a0fc82bd1e7c8415e33972f3e7bf66aee WHIRLPOOL e7b7f8f05c3a507f99a26c2c7e6a50ae9bcb7b7c9b81e5cb672cd7409b8ce9571a71303c4376590ee9453f8b4cb812f2c78ecbbb8e699f4a6e78173fd3e6a0cf +EBUILD tcpdump-9999.ebuild 2108 SHA256 e6330398520d46a290dcb66e01a84c293190ebd567907ee0cf78ae375726bf5d SHA512 505b4f43fabe2478d5862bf84f5e2bb219b2f723f4c2023da50a42efd4c477f8385221675f74eab8587456ea9360d5c8cbd39bad3418df11476cb5eb8a9bf8f1 WHIRLPOOL f45036ce27034430fc194c3493816bb7260fe596eaa7e7d73ffe17b9cfd076cca01aaa7cdb64508948d0bcaaf09e4c7bc31a8c4e951af45f92dbd5b37a8e74b5 +MISC ChangeLog 28520 SHA256 b6aabdfecd4a504078d2d6efd378ab1cb4cb164d85a81eb023c468cc83fe99bd SHA512 08cc2b29b1a48fda0a507423f7974925c6c1dd9daec7a5b069e006ee6bc1c20b38e2b5b3f4fa36c1c969170df588747c8ae81599721e011c4e5361316437cb13 WHIRLPOOL 23ea1fd36d0d4d8dbb8e5d15356c5cb3dc0133128dd8a7e5d3ad265fc9ea6a047478bae8de331629aa97a9c75581dd5495f60660a21af2b856d6777e65e6730a +MISC metadata.xml 365 SHA256 bb85383017d0fe03c9837832a8a4b747170fee670eb579bdfd2d9245762ff08c SHA512 6725efad0a73f396087805026ea7c9dac2768537dddc479fe7e0cfe5a23e63097dfed512b2a88534e3a7bc6a90e5f1151a09fe4d09c0eadaaf7c057d697189de WHIRLPOOL 7f49d044d82bd75952d3bf257b8890528a9ccef0bd330e845fd06c1c50e1caf950f2062f78e3a2b09c140ad18d2534be6e03c8866c7d98846eab1aa10e1a8e29 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iEYEAREIAAYFAlVDoEYACgkQVWmRsqeSphOEUgCdGRLCiiboceOIV4AjU49j71O8 +rWEAnjpw32+bWa8RNass1JNdoLUqQg1L +=78z2 +-----END PGP SIGNATURE----- diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.3.0-ssl-detect.patch b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.3.0-ssl-detect.patch deleted file mode 100644 index a485437297..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.3.0-ssl-detect.patch +++ /dev/null @@ -1,125 +0,0 @@ -fix from upstream to drop ugly filesystem checks that fail horribly when cross-compiling - -From c4b7e5f2b287ee3d1de8f706b809a8e217720c4e Mon Sep 17 00:00:00 2001 -From: Marc Abramowitz -Date: Sat, 13 Oct 2012 11:21:45 -0700 -Subject: [PATCH] Simplify the detection of OpenSSL libcrypto by using - standard autoconf macros rather than a local copy of - AC_LBL_SSLEAY. - -AC_LBL_SSLEAY is old and has not kept pace with some more recent -developments in packaging like Debian and Ubuntu's multiarch support. -The autoconf macros have been updated to handle multiarch so using them -means that tcpdump gains the ability to be built with libcrypto on these -new multiarch distros and to work successfully with Travis CI, which -uses Ubuntu 12, which is one such multiarch distro (see GH-32). - -Fixes GH-33 ---- - configure | 11201 ++++++++++++++++++--------------------------------------- - configure.in | 73 +- - 2 files changed, 3443 insertions(+), 7831 deletions(-) - -diff --git a/configure.in b/configure.in -index 8864238..14a60e1 100644 ---- a/configure.in -+++ b/configure.in -@@ -994,13 +994,13 @@ AC_LBL_UNALIGNED_ACCESS - - AC_VAR_H_ERRNO - --# Check for SSLeay --AC_MSG_CHECKING(whether to use SSLeay libcrypto) -+# Check for OpenSSL libcrypto -+AC_MSG_CHECKING(whether to use OpenSSL libcrypto) - # Specify location for both includes and libraries. --want_libcrypto=youmama -+want_libcrypto=ifavailable - AC_ARG_WITH(crypto, -- AS_HELP_STRING([--with-crypto@<:@=PATH@:>@], -- [use SSLeay libcrypto (located in directory PATH, if supplied). @<:@default=yes, if available@:>@]), -+ AS_HELP_STRING([--with-crypto], -+ [use OpenSSL libcrypto @<:@default=yes, if available@:>@]), - [ - if test $withval = no - then -@@ -1010,10 +1010,6 @@ AC_ARG_WITH(crypto, - then - want_libcrypto=yes - AC_MSG_RESULT(yes) -- else -- want_libcrypto=yes -- AC_MSG_RESULT(yes) -- crypto_dir=$withval - fi - ],[ - # -@@ -1023,63 +1019,8 @@ AC_ARG_WITH(crypto, - AC_MSG_RESULT([yes, if available]) - ]) - if test "$want_libcrypto" != "no"; then -- ac_cv_ssleay_path=no -- incdir=no -- if test "x$crypto_dir" = x; then -- # -- # Location not specified; check the default locations. -- # -- AC_MSG_CHECKING(where SSLeay is located) -- dirs="/usr /usr/local /usr/local/ssl /usr/pkg" -- if test "x${host_alias}" != x; then -- dirs="/usr/${host_alias} $dirs" -- fi -- for dir in $dirs; do -- AC_LBL_SSLEAY($dir) -- -- if test "$ac_cv_ssleay_path" != "no" -a "$incdir" != "no"; then -- break; -- else -- ac_cv_ssleay_path=no -- incdir=no -- fi -- done -- if test "$ac_cv_ssleay_path" != no; then -- AC_MSG_RESULT($ac_cv_ssleay_path) -- fi -- else -- AC_MSG_CHECKING(for SSLeay in $crypto_dir) -- AC_LBL_SSLEAY($crypto_dir) -- if test "$ac_cv_ssleay_path" != no; then -- AC_MSG_RESULT(found) -- fi -- fi -- if test "$ac_cv_ssleay_path" != no; then -- V_INCLS="$V_INCLS $incdir" -- if test "$dir" != "/usr"; then -- LDFLAGS="-L$dir/lib $LDFLAGS" -- fi -- if test -f $ac_cv_ssleay_path/lib/libRSAglue.a; then -- LIBS="$LIBS -lRSAglue" -- fi -- if test -f $ac_cv_ssleay_path/lib/librsaref.a; then -- LIBS="$LIBS -lrsaref" -- fi -- AC_CHECK_LIB(crypto, DES_cbc_encrypt) -- -- savedcppflags="$CPPFLAGS" -- CPPFLAGS="$CPPFLAGS $V_INCLS" -- AC_CHECK_HEADERS(openssl/evp.h) -- CPPFLAGS="$savedcppflags" -- else -- # -- # Not found. Did the user explicitly ask for it? -- # -- AC_MSG_RESULT(not found) -- if test "$want_libcrypto" = yes; then -- AC_MSG_ERROR(SSLeay not found) -- fi -- fi -+ AC_CHECK_LIB(crypto, DES_cbc_encrypt) -+ AC_CHECK_HEADERS(openssl/evp.h) - fi - - dnl --- -1.8.0 - diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8767.patch b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8767.patch new file mode 100644 index 0000000000..c3ac0ea21b --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8767.patch @@ -0,0 +1,165 @@ +--- a/print-olsr.c ++++ b/print-olsr.c +@@ -178,7 +178,7 @@ struct olsr_lq_neighbor6 { + /* + * print a neighbor list with LQ extensions. + */ +-static void ++static int + olsr_print_lq_neighbor4(netdissect_options *ndo, + const u_char *msg_data, u_int hello_len) + { +@@ -187,6 +187,8 @@ olsr_print_lq_neighbor4(netdissect_options *ndo, + while (hello_len >= sizeof(struct olsr_lq_neighbor4)) { + + lq_neighbor = (struct olsr_lq_neighbor4 *)msg_data; ++ if (!ND_TTEST(*lq_neighbor)) ++ return (-1); + + ND_PRINT((ndo, "\n\t neighbor %s, link-quality %.2lf%%" + ", neighbor-link-quality %.2lf%%", +@@ -197,10 +199,11 @@ olsr_print_lq_neighbor4(netdissect_options *ndo, + msg_data += sizeof(struct olsr_lq_neighbor4); + hello_len -= sizeof(struct olsr_lq_neighbor4); + } ++ return (0); + } + + #if INET6 +-static void ++static int + olsr_print_lq_neighbor6(netdissect_options *ndo, + const u_char *msg_data, u_int hello_len) + { +@@ -209,6 +212,8 @@ olsr_print_lq_neighbor6(netdissect_options *ndo, + while (hello_len >= sizeof(struct olsr_lq_neighbor6)) { + + lq_neighbor = (struct olsr_lq_neighbor6 *)msg_data; ++ if (!ND_TTEST(*lq_neighbor)) ++ return (-1); + + ND_PRINT((ndo, "\n\t neighbor %s, link-quality %.2lf%%" + ", neighbor-link-quality %.2lf%%", +@@ -219,13 +224,14 @@ olsr_print_lq_neighbor6(netdissect_options *ndo, + msg_data += sizeof(struct olsr_lq_neighbor6); + hello_len -= sizeof(struct olsr_lq_neighbor6); + } ++ return (0); + } + #endif /* INET6 */ + + /* + * print a neighbor list. + */ +-static void ++static int + olsr_print_neighbor(netdissect_options *ndo, + const u_char *msg_data, u_int hello_len) + { +@@ -236,6 +242,8 @@ olsr_print_neighbor(netdissect_options *ndo, + + while (hello_len >= sizeof(struct in_addr)) { + ++ if (!ND_TTEST2(*msg_data, sizeof(struct in_addr))) ++ return (-1); + /* print 4 neighbors per line */ + + ND_PRINT((ndo, "%s%s", ipaddr_string(ndo, msg_data), +@@ -244,6 +252,7 @@ olsr_print_neighbor(netdissect_options *ndo, + msg_data += sizeof(struct in_addr); + hello_len -= sizeof(struct in_addr); + } ++ return (0); + } + + +@@ -326,6 +335,9 @@ olsr_print(netdissect_options *ndo, + ME_TO_DOUBLE(msgptr.v6->vtime), + EXTRACT_16BITS(msgptr.v6->msg_seq), + msg_len, (msg_len_valid == 0) ? " (invalid)" : "")); ++ if (!msg_len_valid) { ++ return; ++ } + + msg_tlen = msg_len - sizeof(struct olsr_msg6); + msg_data = tptr + sizeof(struct olsr_msg6); +@@ -354,6 +366,9 @@ olsr_print(netdissect_options *ndo, + ME_TO_DOUBLE(msgptr.v4->vtime), + EXTRACT_16BITS(msgptr.v4->msg_seq), + msg_len, (msg_len_valid == 0) ? " (invalid)" : "")); ++ if (!msg_len_valid) { ++ return; ++ } + + msg_tlen = msg_len - sizeof(struct olsr_msg4); + msg_data = tptr + sizeof(struct olsr_msg4); +@@ -362,6 +377,8 @@ olsr_print(netdissect_options *ndo, + switch (msg_type) { + case OLSR_HELLO_MSG: + case OLSR_HELLO_LQ_MSG: ++ if (msg_tlen < sizeof(struct olsr_hello)) ++ goto trunc; + ND_TCHECK2(*msg_data, sizeof(struct olsr_hello)); + + ptr.hello = (struct olsr_hello *)msg_data; +@@ -401,15 +418,21 @@ olsr_print(netdissect_options *ndo, + msg_tlen -= sizeof(struct olsr_hello_link); + hello_len -= sizeof(struct olsr_hello_link); + ++ ND_TCHECK2(*msg_data, hello_len); + if (msg_type == OLSR_HELLO_MSG) { +- olsr_print_neighbor(ndo, msg_data, hello_len); ++ if (olsr_print_neighbor(ndo, msg_data, hello_len) == -1) ++ goto trunc; + } else { + #if INET6 +- if (is_ipv6) +- olsr_print_lq_neighbor6(ndo, msg_data, hello_len); +- else ++ if (is_ipv6) { ++ if (olsr_print_lq_neighbor6(ndo, msg_data, hello_len) == -1) ++ goto trunc; ++ } else + #endif +- olsr_print_lq_neighbor4(ndo, msg_data, hello_len); ++ { ++ if (olsr_print_lq_neighbor4(ndo, msg_data, hello_len) == -1) ++ goto trunc; ++ } + } + + msg_data += hello_len; +@@ -419,6 +442,8 @@ olsr_print(netdissect_options *ndo, + + case OLSR_TC_MSG: + case OLSR_TC_LQ_MSG: ++ if (msg_tlen < sizeof(struct olsr_tc)) ++ goto trunc; + ND_TCHECK2(*msg_data, sizeof(struct olsr_tc)); + + ptr.tc = (struct olsr_tc *)msg_data; +@@ -428,14 +453,19 @@ olsr_print(netdissect_options *ndo, + msg_tlen -= sizeof(struct olsr_tc); + + if (msg_type == OLSR_TC_MSG) { +- olsr_print_neighbor(ndo, msg_data, msg_tlen); ++ if (olsr_print_neighbor(ndo, msg_data, msg_tlen) == -1) ++ goto trunc; + } else { + #if INET6 +- if (is_ipv6) +- olsr_print_lq_neighbor6(ndo, msg_data, msg_tlen); +- else ++ if (is_ipv6) { ++ if (olsr_print_lq_neighbor6(ndo, msg_data, msg_tlen) == -1) ++ goto trunc; ++ } else + #endif +- olsr_print_lq_neighbor4(ndo, msg_data, msg_tlen); ++ { ++ if (olsr_print_lq_neighbor4(ndo, msg_data, msg_tlen) == -1) ++ goto trunc; ++ } + } + break; + diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8768.patch b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8768.patch new file mode 100644 index 0000000000..7f6fd70c78 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8768.patch @@ -0,0 +1,327 @@ +--- a/print-geonet.c ++++ b/print-geonet.c +@@ -56,16 +56,12 @@ static const struct tok msg_type_values[] = { + + static void + print_btp_body(netdissect_options *ndo, +- const u_char *bp, u_int length) ++ const u_char *bp) + { + int version; + int msg_type; + const char *msg_type_str; + +- if (length <= 2) { +- return; +- } +- + /* Assuming ItsDpuHeader */ + version = bp[0]; + msg_type = bp[1]; +@@ -83,7 +79,7 @@ print_btp(netdissect_options *ndo, + ND_PRINT((ndo, "; BTP Dst:%u Src:%u", dest, src)); + } + +-static void ++static int + print_long_pos_vector(netdissect_options *ndo, + const u_char *bp) + { +@@ -91,10 +87,13 @@ print_long_pos_vector(netdissect_options *ndo, + + ND_PRINT((ndo, "GN_ADDR:%s ", linkaddr_string (ndo, bp, 0, GEONET_ADDR_LEN))); + ++ if (!ND_TTEST2(*(bp+12), 8)) ++ return (-1); + lat = EXTRACT_32BITS(bp+12); + ND_PRINT((ndo, "lat:%d ", lat)); + lon = EXTRACT_32BITS(bp+16); + ND_PRINT((ndo, "lon:%d", lon)); ++ return (0); + } + + +@@ -105,137 +104,170 @@ print_long_pos_vector(netdissect_options *ndo, + void + geonet_print(netdissect_options *ndo, const u_char *eth, const u_char *bp, u_int length) + { ++ int version; ++ int next_hdr; ++ int hdr_type; ++ int hdr_subtype; ++ uint16_t payload_length; ++ int hop_limit; ++ const char *next_hdr_txt = "Unknown"; ++ const char *hdr_type_txt = "Unknown"; ++ int hdr_size = -1; ++ + ND_PRINT((ndo, "GeoNet src:%s; ", etheraddr_string(ndo, eth+6))); + +- if (length >= 36) { +- /* Process Common Header */ +- int version = bp[0] >> 4; +- int next_hdr = bp[0] & 0x0f; +- int hdr_type = bp[1] >> 4; +- int hdr_subtype = bp[1] & 0x0f; +- uint16_t payload_length = EXTRACT_16BITS(bp+4); +- int hop_limit = bp[7]; +- const char *next_hdr_txt = "Unknown"; +- const char *hdr_type_txt = "Unknown"; +- int hdr_size = -1; ++ /* Process Common Header */ ++ if (length < 36) ++ goto malformed; ++ ++ ND_TCHECK2(*bp, 7); ++ version = bp[0] >> 4; ++ next_hdr = bp[0] & 0x0f; ++ hdr_type = bp[1] >> 4; ++ hdr_subtype = bp[1] & 0x0f; ++ payload_length = EXTRACT_16BITS(bp+4); ++ hop_limit = bp[7]; + +- switch (next_hdr) { +- case 0: next_hdr_txt = "Any"; break; +- case 1: next_hdr_txt = "BTP-A"; break; +- case 2: next_hdr_txt = "BTP-B"; break; +- case 3: next_hdr_txt = "IPv6"; break; +- } ++ switch (next_hdr) { ++ case 0: next_hdr_txt = "Any"; break; ++ case 1: next_hdr_txt = "BTP-A"; break; ++ case 2: next_hdr_txt = "BTP-B"; break; ++ case 3: next_hdr_txt = "IPv6"; break; ++ } + +- switch (hdr_type) { +- case 0: hdr_type_txt = "Any"; break; +- case 1: hdr_type_txt = "Beacon"; break; +- case 2: hdr_type_txt = "GeoUnicast"; break; +- case 3: switch (hdr_subtype) { +- case 0: hdr_type_txt = "GeoAnycastCircle"; break; +- case 1: hdr_type_txt = "GeoAnycastRect"; break; +- case 2: hdr_type_txt = "GeoAnycastElipse"; break; +- } +- break; +- case 4: switch (hdr_subtype) { +- case 0: hdr_type_txt = "GeoBroadcastCircle"; break; +- case 1: hdr_type_txt = "GeoBroadcastRect"; break; +- case 2: hdr_type_txt = "GeoBroadcastElipse"; break; +- } +- break; +- case 5: switch (hdr_subtype) { +- case 0: hdr_type_txt = "TopoScopeBcast-SH"; break; +- case 1: hdr_type_txt = "TopoScopeBcast-MH"; break; +- } +- break; +- case 6: switch (hdr_subtype) { +- case 0: hdr_type_txt = "LocService-Request"; break; +- case 1: hdr_type_txt = "LocService-Reply"; break; +- } +- break; +- } ++ switch (hdr_type) { ++ case 0: hdr_type_txt = "Any"; break; ++ case 1: hdr_type_txt = "Beacon"; break; ++ case 2: hdr_type_txt = "GeoUnicast"; break; ++ case 3: switch (hdr_subtype) { ++ case 0: hdr_type_txt = "GeoAnycastCircle"; break; ++ case 1: hdr_type_txt = "GeoAnycastRect"; break; ++ case 2: hdr_type_txt = "GeoAnycastElipse"; break; ++ } ++ break; ++ case 4: switch (hdr_subtype) { ++ case 0: hdr_type_txt = "GeoBroadcastCircle"; break; ++ case 1: hdr_type_txt = "GeoBroadcastRect"; break; ++ case 2: hdr_type_txt = "GeoBroadcastElipse"; break; ++ } ++ break; ++ case 5: switch (hdr_subtype) { ++ case 0: hdr_type_txt = "TopoScopeBcast-SH"; break; ++ case 1: hdr_type_txt = "TopoScopeBcast-MH"; break; ++ } ++ break; ++ case 6: switch (hdr_subtype) { ++ case 0: hdr_type_txt = "LocService-Request"; break; ++ case 1: hdr_type_txt = "LocService-Reply"; break; ++ } ++ break; ++ } ++ ++ ND_PRINT((ndo, "v:%d ", version)); ++ ND_PRINT((ndo, "NH:%d-%s ", next_hdr, next_hdr_txt)); ++ ND_PRINT((ndo, "HT:%d-%d-%s ", hdr_type, hdr_subtype, hdr_type_txt)); ++ ND_PRINT((ndo, "HopLim:%d ", hop_limit)); ++ ND_PRINT((ndo, "Payload:%d ", payload_length)); ++ if (print_long_pos_vector(ndo, bp + 8) == -1) ++ goto trunc; + +- ND_PRINT((ndo, "v:%d ", version)); +- ND_PRINT((ndo, "NH:%d-%s ", next_hdr, next_hdr_txt)); +- ND_PRINT((ndo, "HT:%d-%d-%s ", hdr_type, hdr_subtype, hdr_type_txt)); +- ND_PRINT((ndo, "HopLim:%d ", hop_limit)); +- ND_PRINT((ndo, "Payload:%d ", payload_length)); +- print_long_pos_vector(ndo, bp + 8); ++ /* Skip Common Header */ ++ length -= 36; ++ bp += 36; + +- /* Skip Common Header */ +- length -= 36; +- bp += 36; ++ /* Process Extended Headers */ ++ switch (hdr_type) { ++ case 0: /* Any */ ++ hdr_size = 0; ++ break; ++ case 1: /* Beacon */ ++ hdr_size = 0; ++ break; ++ case 2: /* GeoUnicast */ ++ break; ++ case 3: switch (hdr_subtype) { ++ case 0: /* GeoAnycastCircle */ ++ break; ++ case 1: /* GeoAnycastRect */ ++ break; ++ case 2: /* GeoAnycastElipse */ ++ break; ++ } ++ break; ++ case 4: switch (hdr_subtype) { ++ case 0: /* GeoBroadcastCircle */ ++ break; ++ case 1: /* GeoBroadcastRect */ ++ break; ++ case 2: /* GeoBroadcastElipse */ ++ break; ++ } ++ break; ++ case 5: switch (hdr_subtype) { ++ case 0: /* TopoScopeBcast-SH */ ++ hdr_size = 0; ++ break; ++ case 1: /* TopoScopeBcast-MH */ ++ hdr_size = 68 - 36; ++ break; ++ } ++ break; ++ case 6: switch (hdr_subtype) { ++ case 0: /* LocService-Request */ ++ break; ++ case 1: /* LocService-Reply */ ++ break; ++ } ++ break; ++ } + +- /* Process Extended Headers */ +- switch (hdr_type) { ++ /* Skip Extended headers */ ++ if (hdr_size >= 0) { ++ if (length < (u_int)hdr_size) ++ goto malformed; ++ ND_TCHECK2(*bp, hdr_size); ++ length -= hdr_size; ++ bp += hdr_size; ++ switch (next_hdr) { + case 0: /* Any */ +- hdr_size = 0; +- break; +- case 1: /* Beacon */ +- hdr_size = 0; +- break; +- case 2: /* GeoUnicast */ + break; +- case 3: switch (hdr_subtype) { +- case 0: /* GeoAnycastCircle */ +- break; +- case 1: /* GeoAnycastRect */ +- break; +- case 2: /* GeoAnycastElipse */ +- break; ++ case 1: ++ case 2: /* BTP A/B */ ++ if (length < 4) ++ goto malformed; ++ ND_TCHECK2(*bp, 4); ++ print_btp(ndo, bp); ++ length -= 4; ++ bp += 4; ++ if (length >= 2) { ++ /* ++ * XXX - did print_btp_body() ++ * return if length < 2 ++ * because this is optional, ++ * or was that just not ++ * reporting genuine errors? ++ */ ++ ND_TCHECK2(*bp, 2); ++ print_btp_body(ndo, bp); + } + break; +- case 4: switch (hdr_subtype) { +- case 0: /* GeoBroadcastCircle */ +- break; +- case 1: /* GeoBroadcastRect */ +- break; +- case 2: /* GeoBroadcastElipse */ +- break; +- } +- break; +- case 5: switch (hdr_subtype) { +- case 0: /* TopoScopeBcast-SH */ +- hdr_size = 0; +- break; +- case 1: /* TopoScopeBcast-MH */ +- hdr_size = 68 - 36; +- break; +- } +- break; +- case 6: switch (hdr_subtype) { +- case 0: /* LocService-Request */ +- break; +- case 1: /* LocService-Reply */ +- break; +- } ++ case 3: /* IPv6 */ + break; + } +- +- /* Skip Extended headers */ +- if (hdr_size >= 0) { +- length -= hdr_size; +- bp += hdr_size; +- switch (next_hdr) { +- case 0: /* Any */ +- break; +- case 1: +- case 2: /* BTP A/B */ +- print_btp(ndo, bp); +- length -= 4; +- bp += 4; +- print_btp_body(ndo, bp, length); +- break; +- case 3: /* IPv6 */ +- break; +- } +- } +- } else { +- ND_PRINT((ndo, "Malformed (small) ")); + } + + /* Print user data part */ + if (ndo->ndo_vflag) + ND_DEFAULTPRINT(bp, length); ++ return; ++ ++malformed: ++ ND_PRINT((ndo, " Malformed (small) ")); ++ /* XXX - print the remaining data as hex? */ ++ return; ++ ++trunc: ++ ND_PRINT((ndo, "[|geonet]")); + } + + diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8769.patch b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8769.patch new file mode 100644 index 0000000000..4d44be5349 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-8769.patch @@ -0,0 +1,684 @@ +--- a/print-aodv.c ++++ b/print-aodv.c +@@ -37,9 +37,6 @@ + + #include + +-/* for offsetof */ +-#include +- + #include "interface.h" + #include "addrtoname.h" + #include "extract.h" /* must come after interface.h */ +@@ -146,13 +143,6 @@ struct aodv_rerr { + uint8_t rerr_flags; /* various flags */ + uint8_t rerr_zero0; /* reserved, set to zero */ + uint8_t rerr_dc; /* destination count */ +- union { +- struct rerr_unreach dest[1]; +-#ifdef INET6 +- struct rerr_unreach6 dest6[1]; +- struct rerr_unreach6_draft_01 dest6_draft_01[1]; +-#endif +- } r; + }; + + #define RERR_NODELETE 0x80 /* don't delete the link */ +@@ -163,19 +153,6 @@ struct aodv_rrep_ack { + uint8_t ra_zero0; + }; + +-union aodv { +- struct aodv_rreq rreq; +- struct aodv_rrep rrep; +- struct aodv_rerr rerr; +- struct aodv_rrep_ack rrep_ack; +-#ifdef INET6 +- struct aodv_rreq6 rreq6; +- struct aodv_rreq6_draft_01 rreq6_draft_01; +- struct aodv_rrep6 rrep6; +- struct aodv_rrep6_draft_01 rrep6_draft_01; +-#endif +-}; +- + #define AODV_RREQ 1 /* route request */ + #define AODV_RREP 2 /* route response */ + #define AODV_RERR 3 /* error report */ +@@ -204,22 +181,14 @@ static void + aodv_extension(netdissect_options *ndo, + const struct aodv_ext *ep, u_int length) + { +- u_int i; + const struct aodv_hello *ah; + + switch (ep->type) { + case AODV_EXT_HELLO: +- if (ndo->ndo_snapend < (u_char *) ep) { +- ND_PRINT((ndo, " [|hello]")); +- return; +- } +- i = min(length, (u_int)(ndo->ndo_snapend - (u_char *)ep)); +- if (i < sizeof(struct aodv_hello)) { +- ND_PRINT((ndo, " [|hello]")); +- return; +- } +- i -= sizeof(struct aodv_hello); +- ah = (void *)ep; ++ ah = (const struct aodv_hello *)(const void *)ep; ++ ND_TCHECK(*ah); ++ if (length < sizeof(struct aodv_hello)) ++ goto trunc; + ND_PRINT((ndo, "\n\text HELLO %ld ms", + (unsigned long)EXTRACT_32BITS(&ah->interval))); + break; +@@ -228,141 +197,135 @@ aodv_extension(netdissect_options *ndo, + ND_PRINT((ndo, "\n\text %u %u", ep->type, ep->length)); + break; + } ++ return; ++ ++trunc: ++ ND_PRINT((ndo, " [|hello]")); + } + + static void +-aodv_rreq(netdissect_options *ndo, +- const union aodv *ap, const u_char *dat, u_int length) ++aodv_rreq(netdissect_options *ndo, const u_char *dat, u_int length) + { + u_int i; ++ const struct aodv_rreq *ap = (const struct aodv_rreq *)dat; + +- if (ndo->ndo_snapend < dat) { +- ND_PRINT((ndo, " [|aodv]")); +- return; +- } +- i = min(length, (u_int)(ndo->ndo_snapend - dat)); +- if (i < sizeof(ap->rreq)) { +- ND_PRINT((ndo, " [|rreq]")); +- return; +- } +- i -= sizeof(ap->rreq); ++ ND_TCHECK(*ap); ++ if (length < sizeof(*ap)) ++ goto trunc; + ND_PRINT((ndo, " rreq %u %s%s%s%s%shops %u id 0x%08lx\n" + "\tdst %s seq %lu src %s seq %lu", length, +- ap->rreq.rreq_type & RREQ_JOIN ? "[J]" : "", +- ap->rreq.rreq_type & RREQ_REPAIR ? "[R]" : "", +- ap->rreq.rreq_type & RREQ_GRAT ? "[G]" : "", +- ap->rreq.rreq_type & RREQ_DEST ? "[D]" : "", +- ap->rreq.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", +- ap->rreq.rreq_hops, +- (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_id), +- ipaddr_string(ndo, &ap->rreq.rreq_da), +- (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_ds), +- ipaddr_string(ndo, &ap->rreq.rreq_oa), +- (unsigned long)EXTRACT_32BITS(&ap->rreq.rreq_os))); ++ ap->rreq_type & RREQ_JOIN ? "[J]" : "", ++ ap->rreq_type & RREQ_REPAIR ? "[R]" : "", ++ ap->rreq_type & RREQ_GRAT ? "[G]" : "", ++ ap->rreq_type & RREQ_DEST ? "[D]" : "", ++ ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", ++ ap->rreq_hops, ++ (unsigned long)EXTRACT_32BITS(&ap->rreq_id), ++ ipaddr_string(ndo, &ap->rreq_da), ++ (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), ++ ipaddr_string(ndo, &ap->rreq_oa), ++ (unsigned long)EXTRACT_32BITS(&ap->rreq_os))); ++ i = length - sizeof(*ap); + if (i >= sizeof(struct aodv_ext)) +- aodv_extension(ndo, (void *)(&ap->rreq + 1), i); ++ aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); ++ return; ++ ++trunc: ++ ND_PRINT((ndo, " [|rreq")); + } + + static void +-aodv_rrep(netdissect_options *ndo, +- const union aodv *ap, const u_char *dat, u_int length) ++aodv_rrep(netdissect_options *ndo, const u_char *dat, u_int length) + { + u_int i; ++ const struct aodv_rrep *ap = (const struct aodv_rrep *)dat; + +- if (ndo->ndo_snapend < dat) { +- ND_PRINT((ndo, " [|aodv]")); +- return; +- } +- i = min(length, (u_int)(ndo->ndo_snapend - dat)); +- if (i < sizeof(ap->rrep)) { +- ND_PRINT((ndo, " [|rrep]")); +- return; +- } +- i -= sizeof(ap->rrep); ++ ND_TCHECK(*ap); ++ if (length < sizeof(*ap)) ++ goto trunc; + ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n" + "\tdst %s dseq %lu src %s %lu ms", length, +- ap->rrep.rrep_type & RREP_REPAIR ? "[R]" : "", +- ap->rrep.rrep_type & RREP_ACK ? "[A] " : " ", +- ap->rrep.rrep_ps & RREP_PREFIX_MASK, +- ap->rrep.rrep_hops, +- ipaddr_string(ndo, &ap->rrep.rrep_da), +- (unsigned long)EXTRACT_32BITS(&ap->rrep.rrep_ds), +- ipaddr_string(ndo, &ap->rrep.rrep_oa), +- (unsigned long)EXTRACT_32BITS(&ap->rrep.rrep_life))); ++ ap->rrep_type & RREP_REPAIR ? "[R]" : "", ++ ap->rrep_type & RREP_ACK ? "[A] " : " ", ++ ap->rrep_ps & RREP_PREFIX_MASK, ++ ap->rrep_hops, ++ ipaddr_string(ndo, &ap->rrep_da), ++ (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), ++ ipaddr_string(ndo, &ap->rrep_oa), ++ (unsigned long)EXTRACT_32BITS(&ap->rrep_life))); ++ i = length - sizeof(*ap); + if (i >= sizeof(struct aodv_ext)) +- aodv_extension(ndo, (void *)(&ap->rrep + 1), i); ++ aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); ++ return; ++ ++trunc: ++ ND_PRINT((ndo, " [|rreq")); + } + + static void +-aodv_rerr(netdissect_options *ndo, +- const union aodv *ap, const u_char *dat, u_int length) ++aodv_rerr(netdissect_options *ndo, const u_char *dat, u_int length) + { +- u_int i; +- const struct rerr_unreach *dp = NULL; +- int n, trunc; ++ u_int i, dc; ++ const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; ++ const struct rerr_unreach *dp; + +- if (ndo->ndo_snapend < dat) { +- ND_PRINT((ndo, " [|aodv]")); +- return; +- } +- i = min(length, (u_int)(ndo->ndo_snapend - dat)); +- if (i < offsetof(struct aodv_rerr, r)) { +- ND_PRINT((ndo, " [|rerr]")); +- return; +- } +- i -= offsetof(struct aodv_rerr, r); +- dp = &ap->rerr.r.dest[0]; +- n = ap->rerr.rerr_dc * sizeof(ap->rerr.r.dest[0]); ++ ND_TCHECK(*ap); ++ if (length < sizeof(*ap)) ++ goto trunc; + ND_PRINT((ndo, " rerr %s [items %u] [%u]:", +- ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", +- ap->rerr.rerr_dc, length)); +- trunc = n - (i/sizeof(ap->rerr.r.dest[0])); +- for (; i >= sizeof(ap->rerr.r.dest[0]); +- ++dp, i -= sizeof(ap->rerr.r.dest[0])) { ++ ap->rerr_flags & RERR_NODELETE ? "[D]" : "", ++ ap->rerr_dc, length)); ++ dp = (struct rerr_unreach *)(dat + sizeof(*ap)); ++ i = length - sizeof(*ap); ++ for (dc = ap->rerr_dc; dc != 0; dc--) { ++ ND_TCHECK(*dp); ++ if (i < sizeof(*dp)) ++ goto trunc; + ND_PRINT((ndo, " {%s}(%ld)", ipaddr_string(ndo, &dp->u_da), + (unsigned long)EXTRACT_32BITS(&dp->u_ds))); ++ dp++; ++ i -= sizeof(*dp); + } +- if (trunc) +- ND_PRINT((ndo, "[|rerr]")); ++ return; ++ ++trunc: ++ ND_PRINT((ndo, "[|rerr]")); + } + + static void + #ifdef INET6 +-aodv_v6_rreq(netdissect_options *ndo, +- const union aodv *ap, const u_char *dat, u_int length) ++aodv_v6_rreq(netdissect_options *ndo, const u_char *dat, u_int length) + #else +-aodv_v6_rreq(netdissect_options *ndo, +- const union aodv *ap _U_, const u_char *dat _U_, u_int length) ++aodv_v6_rreq(netdissect_options *ndo, const u_char *dat _U_, u_int length) + #endif + { + #ifdef INET6 + u_int i; ++ const struct aodv_rreq6 *ap = (const struct aodv_rreq6 *)dat; + +- if (ndo->ndo_snapend < dat) { +- ND_PRINT((ndo, " [|aodv]")); +- return; +- } +- i = min(length, (u_int)(ndo->ndo_snapend - dat)); +- if (i < sizeof(ap->rreq6)) { +- ND_PRINT((ndo, " [|rreq6]")); +- return; +- } +- i -= sizeof(ap->rreq6); ++ ND_TCHECK(*ap); ++ if (length < sizeof(*ap)) ++ goto trunc; + ND_PRINT((ndo, " v6 rreq %u %s%s%s%s%shops %u id 0x%08lx\n" + "\tdst %s seq %lu src %s seq %lu", length, +- ap->rreq6.rreq_type & RREQ_JOIN ? "[J]" : "", +- ap->rreq6.rreq_type & RREQ_REPAIR ? "[R]" : "", +- ap->rreq6.rreq_type & RREQ_GRAT ? "[G]" : "", +- ap->rreq6.rreq_type & RREQ_DEST ? "[D]" : "", +- ap->rreq6.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", +- ap->rreq6.rreq_hops, +- (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_id), +- ip6addr_string(ndo, &ap->rreq6.rreq_da), +- (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_ds), +- ip6addr_string(ndo, &ap->rreq6.rreq_oa), +- (unsigned long)EXTRACT_32BITS(&ap->rreq6.rreq_os))); ++ ap->rreq_type & RREQ_JOIN ? "[J]" : "", ++ ap->rreq_type & RREQ_REPAIR ? "[R]" : "", ++ ap->rreq_type & RREQ_GRAT ? "[G]" : "", ++ ap->rreq_type & RREQ_DEST ? "[D]" : "", ++ ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", ++ ap->rreq_hops, ++ (unsigned long)EXTRACT_32BITS(&ap->rreq_id), ++ ip6addr_string(ndo, &ap->rreq_da), ++ (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), ++ ip6addr_string(ndo, &ap->rreq_oa), ++ (unsigned long)EXTRACT_32BITS(&ap->rreq_os))); ++ i = length - sizeof(*ap); + if (i >= sizeof(struct aodv_ext)) +- aodv_extension(ndo, (void *)(&ap->rreq6 + 1), i); ++ aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); ++ return; ++ ++trunc: ++ ND_PRINT((ndo, " [|rreq")); + #else + ND_PRINT((ndo, " v6 rreq %u", length)); + #endif +@@ -370,38 +333,35 @@ aodv_v6_rreq(netdissect_options *ndo, + + static void + #ifdef INET6 +-aodv_v6_rrep(netdissect_options *ndo, +- const union aodv *ap, const u_char *dat, u_int length) ++aodv_v6_rrep(netdissect_options *ndo, const u_char *dat, u_int length) + #else +-aodv_v6_rrep(netdissect_options *ndo, +- const union aodv *ap _U_, const u_char *dat _U_, u_int length) ++aodv_v6_rrep(netdissect_options *ndo, const u_char *dat _U_, u_int length) + #endif + { + #ifdef INET6 + u_int i; ++ const struct aodv_rrep6 *ap = (const struct aodv_rrep6 *)dat; + +- if (ndo->ndo_snapend < dat) { +- ND_PRINT((ndo, " [|aodv]")); +- return; +- } +- i = min(length, (u_int)(ndo->ndo_snapend - dat)); +- if (i < sizeof(ap->rrep6)) { +- ND_PRINT((ndo, " [|rrep6]")); +- return; +- } +- i -= sizeof(ap->rrep6); ++ ND_TCHECK(*ap); ++ if (length < sizeof(*ap)) ++ goto trunc; + ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n" + "\tdst %s dseq %lu src %s %lu ms", length, +- ap->rrep6.rrep_type & RREP_REPAIR ? "[R]" : "", +- ap->rrep6.rrep_type & RREP_ACK ? "[A] " : " ", +- ap->rrep6.rrep_ps & RREP_PREFIX_MASK, +- ap->rrep6.rrep_hops, +- ip6addr_string(ndo, &ap->rrep6.rrep_da), +- (unsigned long)EXTRACT_32BITS(&ap->rrep6.rrep_ds), +- ip6addr_string(ndo, &ap->rrep6.rrep_oa), +- (unsigned long)EXTRACT_32BITS(&ap->rrep6.rrep_life))); ++ ap->rrep_type & RREP_REPAIR ? "[R]" : "", ++ ap->rrep_type & RREP_ACK ? "[A] " : " ", ++ ap->rrep_ps & RREP_PREFIX_MASK, ++ ap->rrep_hops, ++ ip6addr_string(ndo, &ap->rrep_da), ++ (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), ++ ip6addr_string(ndo, &ap->rrep_oa), ++ (unsigned long)EXTRACT_32BITS(&ap->rrep_life))); ++ i = length - sizeof(*ap); + if (i >= sizeof(struct aodv_ext)) +- aodv_extension(ndo, (void *)(&ap->rrep6 + 1), i); ++ aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); ++ return; ++ ++trunc: ++ ND_PRINT((ndo, " [|rreq")); + #else + ND_PRINT((ndo, " rrep %u", length)); + #endif +@@ -409,31 +369,37 @@ aodv_v6_rrep(netdissect_options *ndo, + + static void + #ifdef INET6 +-aodv_v6_rerr(netdissect_options *ndo, +- const union aodv *ap, u_int length) ++aodv_v6_rerr(netdissect_options *ndo, const u_char *dat, u_int length) + #else +-aodv_v6_rerr(netdissect_options *ndo, +- const union aodv *ap _U_, u_int length) ++aodv_v6_rerr(netdissect_options *ndo, const u_char *dat _U_, u_int length) + #endif + { + #ifdef INET6 +- const struct rerr_unreach6 *dp6 = NULL; +- int i, j, n, trunc; ++ u_int i, dc; ++ const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; ++ const struct rerr_unreach6 *dp6; + +- i = length - offsetof(struct aodv_rerr, r); +- j = sizeof(ap->rerr.r.dest6[0]); +- dp6 = &ap->rerr.r.dest6[0]; +- n = ap->rerr.rerr_dc * j; ++ ND_TCHECK(*ap); ++ if (length < sizeof(*ap)) ++ goto trunc; + ND_PRINT((ndo, " rerr %s [items %u] [%u]:", +- ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", +- ap->rerr.rerr_dc, length)); +- trunc = n - (i/j); +- for (; i -= j >= 0; ++dp6) { ++ ap->rerr_flags & RERR_NODELETE ? "[D]" : "", ++ ap->rerr_dc, length)); ++ dp6 = (struct rerr_unreach6 *)(void *)(ap + 1); ++ i = length - sizeof(*ap); ++ for (dc = ap->rerr_dc; dc != 0; dc--) { ++ ND_TCHECK(*dp6); ++ if (i < sizeof(*dp6)) ++ goto trunc; + ND_PRINT((ndo, " {%s}(%ld)", ip6addr_string(ndo, &dp6->u_da), + (unsigned long)EXTRACT_32BITS(&dp6->u_ds))); ++ dp6++; ++ i -= sizeof(*dp6); + } +- if (trunc) +- ND_PRINT((ndo, "[|rerr]")); ++ return; ++ ++trunc: ++ ND_PRINT((ndo, "[|rerr]")); + #else + ND_PRINT((ndo, " rerr %u", length)); + #endif +@@ -441,42 +407,38 @@ aodv_v6_rerr(netdissect_options *ndo, + + static void + #ifdef INET6 +-aodv_v6_draft_01_rreq(netdissect_options *ndo, +- const union aodv *ap, const u_char *dat, u_int length) ++aodv_v6_draft_01_rreq(netdissect_options *ndo, const u_char *dat, u_int length) + #else +-aodv_v6_draft_01_rreq(netdissect_options *ndo, +- const union aodv *ap _U_, const u_char *dat _U_, +- u_int length) ++aodv_v6_draft_01_rreq(netdissect_options *ndo, const u_char *dat _U_, u_int length) + #endif + { + #ifdef INET6 + u_int i; ++ const struct aodv_rreq6_draft_01 *ap = (const struct aodv_rreq6_draft_01 *)dat; + +- if (ndo->ndo_snapend < dat) { +- ND_PRINT((ndo, " [|aodv]")); +- return; +- } +- i = min(length, (u_int)(ndo->ndo_snapend - dat)); +- if (i < sizeof(ap->rreq6_draft_01)) { +- ND_PRINT((ndo, " [|rreq6]")); +- return; +- } +- i -= sizeof(ap->rreq6_draft_01); ++ ND_TCHECK(*ap); ++ if (length < sizeof(*ap)) ++ goto trunc; + ND_PRINT((ndo, " rreq %u %s%s%s%s%shops %u id 0x%08lx\n" + "\tdst %s seq %lu src %s seq %lu", length, +- ap->rreq6_draft_01.rreq_type & RREQ_JOIN ? "[J]" : "", +- ap->rreq6_draft_01.rreq_type & RREQ_REPAIR ? "[R]" : "", +- ap->rreq6_draft_01.rreq_type & RREQ_GRAT ? "[G]" : "", +- ap->rreq6_draft_01.rreq_type & RREQ_DEST ? "[D]" : "", +- ap->rreq6_draft_01.rreq_type & RREQ_UNKNOWN ? "[U] " : " ", +- ap->rreq6_draft_01.rreq_hops, +- (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_id), +- ip6addr_string(ndo, &ap->rreq6_draft_01.rreq_da), +- (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_ds), +- ip6addr_string(ndo, &ap->rreq6_draft_01.rreq_oa), +- (unsigned long)EXTRACT_32BITS(&ap->rreq6_draft_01.rreq_os))); ++ ap->rreq_type & RREQ_JOIN ? "[J]" : "", ++ ap->rreq_type & RREQ_REPAIR ? "[R]" : "", ++ ap->rreq_type & RREQ_GRAT ? "[G]" : "", ++ ap->rreq_type & RREQ_DEST ? "[D]" : "", ++ ap->rreq_type & RREQ_UNKNOWN ? "[U] " : " ", ++ ap->rreq_hops, ++ (unsigned long)EXTRACT_32BITS(&ap->rreq_id), ++ ip6addr_string(ndo, &ap->rreq_da), ++ (unsigned long)EXTRACT_32BITS(&ap->rreq_ds), ++ ip6addr_string(ndo, &ap->rreq_oa), ++ (unsigned long)EXTRACT_32BITS(&ap->rreq_os))); ++ i = length - sizeof(*ap); + if (i >= sizeof(struct aodv_ext)) +- aodv_extension(ndo, (void *)(&ap->rreq6_draft_01 + 1), i); ++ aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); ++ return; ++ ++trunc: ++ ND_PRINT((ndo, " [|rreq")); + #else + ND_PRINT((ndo, " rreq %u", length)); + #endif +@@ -484,39 +446,35 @@ aodv_v6_draft_01_rreq(netdissect_options *ndo, + + static void + #ifdef INET6 +-aodv_v6_draft_01_rrep(netdissect_options *ndo, +- const union aodv *ap, const u_char *dat, u_int length) ++aodv_v6_draft_01_rrep(netdissect_options *ndo, const u_char *dat, u_int length) + #else +-aodv_v6_draft_01_rrep(netdissect_options *ndo, +- const union aodv *ap _U_, const u_char *dat _U_, +- u_int length) ++aodv_v6_draft_01_rrep(netdissect_options *ndo, const u_char *dat _U_, u_int length) + #endif + { + #ifdef INET6 + u_int i; ++ const struct aodv_rrep6_draft_01 *ap = (const struct aodv_rrep6_draft_01 *)dat; + +- if (ndo->ndo_snapend < dat) { +- ND_PRINT((ndo, " [|aodv]")); +- return; +- } +- i = min(length, (u_int)(ndo->ndo_snapend - dat)); +- if (i < sizeof(ap->rrep6_draft_01)) { +- ND_PRINT((ndo, " [|rrep6]")); +- return; +- } +- i -= sizeof(ap->rrep6_draft_01); ++ ND_TCHECK(*ap); ++ if (length < sizeof(*ap)) ++ goto trunc; + ND_PRINT((ndo, " rrep %u %s%sprefix %u hops %u\n" + "\tdst %s dseq %lu src %s %lu ms", length, +- ap->rrep6_draft_01.rrep_type & RREP_REPAIR ? "[R]" : "", +- ap->rrep6_draft_01.rrep_type & RREP_ACK ? "[A] " : " ", +- ap->rrep6_draft_01.rrep_ps & RREP_PREFIX_MASK, +- ap->rrep6_draft_01.rrep_hops, +- ip6addr_string(ndo, &ap->rrep6_draft_01.rrep_da), +- (unsigned long)EXTRACT_32BITS(&ap->rrep6_draft_01.rrep_ds), +- ip6addr_string(ndo, &ap->rrep6_draft_01.rrep_oa), +- (unsigned long)EXTRACT_32BITS(&ap->rrep6_draft_01.rrep_life))); ++ ap->rrep_type & RREP_REPAIR ? "[R]" : "", ++ ap->rrep_type & RREP_ACK ? "[A] " : " ", ++ ap->rrep_ps & RREP_PREFIX_MASK, ++ ap->rrep_hops, ++ ip6addr_string(ndo, &ap->rrep_da), ++ (unsigned long)EXTRACT_32BITS(&ap->rrep_ds), ++ ip6addr_string(ndo, &ap->rrep_oa), ++ (unsigned long)EXTRACT_32BITS(&ap->rrep_life))); ++ i = length - sizeof(*ap); + if (i >= sizeof(struct aodv_ext)) +- aodv_extension(ndo, (void *)(&ap->rrep6_draft_01 + 1), i); ++ aodv_extension(ndo, (const struct aodv_ext *)(dat + sizeof(*ap)), i); ++ return; ++ ++trunc: ++ ND_PRINT((ndo, " [|rreq")); + #else + ND_PRINT((ndo, " rrep %u", length)); + #endif +@@ -524,31 +482,37 @@ aodv_v6_draft_01_rrep(netdissect_options *ndo, + + static void + #ifdef INET6 +-aodv_v6_draft_01_rerr(netdissect_options *ndo, +- const union aodv *ap, u_int length) ++aodv_v6_draft_01_rerr(netdissect_options *ndo, const u_char *dat, u_int length) + #else +-aodv_v6_draft_01_rerr(netdissect_options *ndo, +- const union aodv *ap _U_, u_int length) ++aodv_v6_draft_01_rerr(netdissect_options *ndo, const u_char *dat _U_, u_int length) + #endif + { + #ifdef INET6 +- const struct rerr_unreach6_draft_01 *dp6 = NULL; +- int i, j, n, trunc; ++ u_int i, dc; ++ const struct aodv_rerr *ap = (const struct aodv_rerr *)dat; ++ const struct rerr_unreach6_draft_01 *dp6; + +- i = length - offsetof(struct aodv_rerr, r); +- j = sizeof(ap->rerr.r.dest6_draft_01[0]); +- dp6 = &ap->rerr.r.dest6_draft_01[0]; +- n = ap->rerr.rerr_dc * j; ++ ND_TCHECK(*ap); ++ if (length < sizeof(*ap)) ++ goto trunc; + ND_PRINT((ndo, " rerr %s [items %u] [%u]:", +- ap->rerr.rerr_flags & RERR_NODELETE ? "[D]" : "", +- ap->rerr.rerr_dc, length)); +- trunc = n - (i/j); +- for (; i -= j >= 0; ++dp6) { ++ ap->rerr_flags & RERR_NODELETE ? "[D]" : "", ++ ap->rerr_dc, length)); ++ dp6 = (struct rerr_unreach6_draft_01 *)(void *)(ap + 1); ++ i = length - sizeof(*ap); ++ for (dc = ap->rerr_dc; dc != 0; dc--) { ++ ND_TCHECK(*dp6); ++ if (i < sizeof(*dp6)) ++ goto trunc; + ND_PRINT((ndo, " {%s}(%ld)", ip6addr_string(ndo, &dp6->u_da), + (unsigned long)EXTRACT_32BITS(&dp6->u_ds))); ++ dp6++; ++ i -= sizeof(*dp6); + } +- if (trunc) +- ND_PRINT((ndo, "[|rerr]")); ++ return; ++ ++trunc: ++ ND_PRINT((ndo, "[|rerr]")); + #else + ND_PRINT((ndo, " rerr %u", length)); + #endif +@@ -558,40 +522,37 @@ void + aodv_print(netdissect_options *ndo, + const u_char *dat, u_int length, int is_ip6) + { +- const union aodv *ap; +- +- ap = (union aodv *)dat; +- if (ndo->ndo_snapend < dat) { +- ND_PRINT((ndo, " [|aodv]")); +- return; +- } +- if (min(length, (u_int)(ndo->ndo_snapend - dat)) < sizeof(ap->rrep_ack)) { +- ND_PRINT((ndo, " [|aodv]")); +- return; +- } ++ uint8_t msg_type; ++ ++ /* ++ * The message type is the first byte; make sure we have it ++ * and then fetch it. ++ */ ++ ND_TCHECK(*dat); ++ msg_type = *dat; + ND_PRINT((ndo, " aodv")); + +- switch (ap->rerr.rerr_type) { ++ switch (msg_type) { + + case AODV_RREQ: + if (is_ip6) +- aodv_v6_rreq(ndo, ap, dat, length); ++ aodv_v6_rreq(ndo, dat, length); + else +- aodv_rreq(ndo, ap, dat, length); ++ aodv_rreq(ndo, dat, length); + break; + + case AODV_RREP: + if (is_ip6) +- aodv_v6_rrep(ndo, ap, dat, length); ++ aodv_v6_rrep(ndo, dat, length); + else +- aodv_rrep(ndo, ap, dat, length); ++ aodv_rrep(ndo, dat, length); + break; + + case AODV_RERR: + if (is_ip6) +- aodv_v6_rerr(ndo, ap, length); ++ aodv_v6_rerr(ndo, dat, length); + else +- aodv_rerr(ndo, ap, dat, length); ++ aodv_rerr(ndo, dat, length); + break; + + case AODV_RREP_ACK: +@@ -599,15 +560,15 @@ aodv_print(netdissect_options *ndo, + break; + + case AODV_V6_DRAFT_01_RREQ: +- aodv_v6_draft_01_rreq(ndo, ap, dat, length); ++ aodv_v6_draft_01_rreq(ndo, dat, length); + break; + + case AODV_V6_DRAFT_01_RREP: +- aodv_v6_draft_01_rrep(ndo, ap, dat, length); ++ aodv_v6_draft_01_rrep(ndo, dat, length); + break; + + case AODV_V6_DRAFT_01_RERR: +- aodv_v6_draft_01_rerr(ndo, ap, length); ++ aodv_v6_draft_01_rerr(ndo, dat, length); + break; + + case AODV_V6_DRAFT_01_RREP_ACK: +@@ -615,6 +576,10 @@ aodv_print(netdissect_options *ndo, + break; + + default: +- ND_PRINT((ndo, " %u %u", ap->rreq.rreq_type, length)); ++ ND_PRINT((ndo, " type %u %u", msg_type, length)); + } ++ return; ++ ++trunc: ++ ND_PRINT((ndo, " [|aodv]")); + } diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-9140.patch b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-9140.patch new file mode 100644 index 0000000000..b8fb4114c0 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/files/tcpdump-4.6.2-CVE-2014-9140.patch @@ -0,0 +1,40 @@ +--- a/print-ppp.c ++++ b/print-ppp.c +@@ -1351,14 +1351,15 @@ static void + ppp_hdlc(netdissect_options *ndo, + const u_char *p, int length) + { +- u_char *b, *s, *t, c; ++ u_char *b, *t, c; ++ const u_char *s; + int i, proto; + const void *se; + + if (length <= 0) + return; + +- b = (uint8_t *)malloc(length); ++ b = (u_char *)malloc(length); + if (b == NULL) + return; + +@@ -1367,14 +1368,13 @@ ppp_hdlc(netdissect_options *ndo, + * Do this so that we dont overwrite the original packet + * contents. + */ +- for (s = (u_char *)p, t = b, i = length; i > 0; i--) { ++ for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { + c = *s++; + if (c == 0x7d) { +- if (i > 1) { +- i--; +- c = *s++ ^ 0x20; +- } else +- continue; ++ if (i <= 1 || !ND_TTEST(*s)) ++ break; ++ i--; ++ c = *s++ ^ 0x20; + } + *t++ = c; + } diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/metadata.xml b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/metadata.xml new file mode 100644 index 0000000000..785877034d --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/metadata.xml @@ -0,0 +1,9 @@ + + + +netmon + + Build with net-libs/libsmi to load MIBs on the fly to decode SNMP packets + Drop privileges to tcpdump:tcpdump when run as root + + diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.3.0.ebuild b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.3.0.ebuild deleted file mode 100644 index c4920be7d2..0000000000 --- a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.3.0.ebuild +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/tcpdump-4.3.0.ebuild,v 1.8 2012/09/30 16:39:54 armin76 Exp $ - -EAPI="4" - -AUTOTOOLS_AUTO_DEPEND="no" # Only cross-compiling -inherit flag-o-matic user autotools eutils toolchain-funcs - -DESCRIPTION="A Tool for network monitoring and data acquisition" -HOMEPAGE="http://www.tcpdump.org/" -SRC_URI="http://www.tcpdump.org/release/${P}.tar.gz - http://www.jp.tcpdump.org/release/${P}.tar.gz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd ~x86-freebsd ~amd64-linux ~x86-linux" -IUSE="+chroot smi ssl ipv6 -samba suid test" - -RDEPEND=" - net-libs/libpcap - smi? ( net-libs/libsmi ) - ssl? ( >=dev-libs/openssl-0.9.6m ) -" -DEPEND=" - ${RDEPEND} - test? ( - || ( app-arch/sharutils sys-freebsd/freebsd-ubin ) - dev-lang/perl - ) -" - -pkg_setup() { - if use samba ; then - ewarn - ewarn "CAUTION !!! CAUTION !!! CAUTION" - ewarn - ewarn "You're about to compile tcpdump with samba printing support" - ewarn "Upstream tags it as 'possibly-buggy SMB printer'" - ewarn "So think twice whether this is fine with you" - ewarn - ewarn "CAUTION !!! CAUTION !!! CAUTION" - ewarn - fi - enewgroup tcpdump - enewuser tcpdump -1 -1 -1 tcpdump -} - -src_prepare() { - if tc-is-cross-compiler ; then - epatch "${FILESDIR}"/${P}-ssl-detect.patch - eautoreconf - fi -} - -src_configure() { - # tcpdump needs some optymalization. see bug #108391 - ( ! is-flag -O? || is-flag -O0 ) && append-flags -O2 - - replace-flags -O[3-9] -O2 - filter-flags -finline-functions - - econf \ - --with-user=tcpdump \ - $(use_with ssl crypto "${EPREFIX}/usr") \ - $(use_with smi) \ - $(use_enable ipv6) \ - $(use_enable samba smb) \ - $(use_with chroot chroot "${EPREFIX}/var/lib/tcpdump") -} - -src_test() { - sed '/^\(espudp1\|eapon1\)/d;' -i tests/TESTLIST - emake check -} - -src_install() { - dosbin tcpdump - doman tcpdump.1 - dodoc *.awk - dodoc CHANGES CREDITS README - - if use chroot; then - keepdir /var/lib/tcpdump - fperms 700 /var/lib/tcpdump - fowners tcpdump:tcpdump /var/lib/tcpdump - fi - if use suid; then - fowners root:tcpdump /usr/sbin/tcpdump - fperms 4110 /usr/sbin/tcpdump - fi -} - -pkg_postinst() { - use suid && elog "To let normal users run tcpdump add them into tcpdump group." -} diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.6.2-r1.ebuild b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.6.2-r1.ebuild new file mode 100644 index 0000000000..cae6a0f890 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.6.2-r1.ebuild @@ -0,0 +1,97 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/tcpdump-4.6.2-r1.ebuild,v 1.10 2015/01/16 08:08:00 ago Exp $ + +EAPI=5 +inherit eutils flag-o-matic toolchain-funcs user + +DESCRIPTION="A Tool for network monitoring and data acquisition" +HOMEPAGE="http://www.tcpdump.org/" +SRC_URI="http://www.tcpdump.org/release/${P}.tar.gz + http://www.jp.tcpdump.org/release/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux" +IUSE="+drop-root smi ssl ipv6 samba suid test" + +RDEPEND=" + drop-root? ( sys-libs/libcap-ng ) + net-libs/libpcap + smi? ( net-libs/libsmi ) + ssl? ( >=dev-libs/openssl-0.9.6m ) +" +DEPEND=" + ${RDEPEND} + drop-root? ( virtual/pkgconfig ) + test? ( + || ( app-arch/sharutils sys-freebsd/freebsd-ubin ) + dev-lang/perl + ) +" + +pkg_setup() { + if use drop-root || use suid; then + enewgroup tcpdump + enewuser tcpdump -1 -1 -1 tcpdump + fi +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-CVE-2014-{8767,8768,8769,9140}.patch +} + +src_configure() { + # tcpdump needs some optimization. see bug #108391 + # but do not replace -Os + filter-flags -O[0-9] + has -O? ${CFLAGS} || append-cflags -O2 + + filter-flags -finline-functions + + if use drop-root; then + append-cppflags -DHAVE_CAP_NG_H + export LIBS=$( $(tc-getPKG_CONFIG) --libs libcap-ng ) + fi + + econf \ + $(use_enable ipv6) \ + $(use_enable samba smb) \ + $(use_with drop-root chroot '') \ + $(use_with smi) \ + $(use_with ssl crypto "${EPREFIX}/usr") \ + $(usex drop-root "--with-user=tcpdump" "") +} + +src_test() { + if [[ ${EUID} -ne 0 ]] || ! use drop-root; then + sed -i -e '/^\(espudp1\|eapon1\)/d;' tests/TESTLIST || die + emake check + else + ewarn "If you want to run the test suite, make sure you either" + ewarn "set FEATURES=userpriv or set USE=-drop-root" + fi +} + +src_install() { + dosbin tcpdump + doman tcpdump.1 + dodoc *.awk + dodoc CHANGES CREDITS README.md + + if use suid; then + fowners root:tcpdump /usr/sbin/tcpdump + fperms 4110 /usr/sbin/tcpdump + fi +} + +pkg_preinst() { + if use drop-root || use suid; then + enewgroup tcpdump + enewuser tcpdump -1 -1 -1 tcpdump + fi +} + +pkg_postinst() { + use suid && elog "To let normal users run tcpdump add them into tcpdump group." +} diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.7.4.ebuild b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.7.4.ebuild new file mode 100644 index 0000000000..c84ef42330 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-4.7.4.ebuild @@ -0,0 +1,93 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/tcpdump-4.7.4.ebuild,v 1.1 2015/05/01 15:48:21 jer Exp $ + +EAPI=5 +inherit flag-o-matic toolchain-funcs user + +DESCRIPTION="A Tool for network monitoring and data acquisition" +HOMEPAGE="http://www.tcpdump.org/" +SRC_URI="http://www.tcpdump.org/release/${P}.tar.gz + http://www.jp.tcpdump.org/release/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux" +IUSE="+drop-root smi ssl ipv6 samba suid test" + +RDEPEND=" + drop-root? ( sys-libs/libcap-ng ) + net-libs/libpcap + smi? ( net-libs/libsmi ) + ssl? ( >=dev-libs/openssl-0.9.6m ) +" +DEPEND=" + ${RDEPEND} + drop-root? ( virtual/pkgconfig ) + test? ( + || ( app-arch/sharutils sys-freebsd/freebsd-ubin ) + dev-lang/perl + ) +" + +pkg_setup() { + if use drop-root || use suid; then + enewgroup tcpdump + enewuser tcpdump -1 -1 -1 tcpdump + fi +} + +src_configure() { + # tcpdump needs some optimization. see bug #108391 + # but do not replace -Os + filter-flags -O[0-9] + has -O? ${CFLAGS} || append-cflags -O2 + + filter-flags -finline-functions + + if use drop-root; then + append-cppflags -DHAVE_CAP_NG_H + export LIBS=$( $(tc-getPKG_CONFIG) --libs libcap-ng ) + fi + + econf \ + $(use_enable ipv6) \ + $(use_enable samba smb) \ + $(use_with drop-root chroot '') \ + $(use_with smi) \ + $(use_with ssl crypto "${EPREFIX}/usr") \ + $(usex drop-root "--with-user=tcpdump" "") +} + +src_test() { + if [[ ${EUID} -ne 0 ]] || ! use drop-root; then + sed -i -e '/^\(espudp1\|eapon1\)/d;' tests/TESTLIST || die + emake check + else + ewarn "If you want to run the test suite, make sure you either" + ewarn "set FEATURES=userpriv or set USE=-drop-root" + fi +} + +src_install() { + dosbin tcpdump + doman tcpdump.1 + dodoc *.awk + dodoc CHANGES CREDITS README.md + + if use suid; then + fowners root:tcpdump /usr/sbin/tcpdump + fperms 4110 /usr/sbin/tcpdump + fi +} + +pkg_preinst() { + if use drop-root || use suid; then + enewgroup tcpdump + enewuser tcpdump -1 -1 -1 tcpdump + fi +} + +pkg_postinst() { + use suid && elog "To let normal users run tcpdump add them into tcpdump group." +} diff --git a/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-9999.ebuild b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-9999.ebuild new file mode 100644 index 0000000000..d3d73c89ce --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/net-analyzer/tcpdump/tcpdump-9999.ebuild @@ -0,0 +1,92 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/tcpdump/tcpdump-9999.ebuild,v 1.1 2015/01/07 16:08:40 jer Exp $ + +EAPI=5 +inherit eutils flag-o-matic git-r3 toolchain-funcs user + +DESCRIPTION="A Tool for network monitoring and data acquisition" +HOMEPAGE="http://www.tcpdump.org/" +EGIT_REPO_URI="https://github.com/the-tcpdump-group/tcpdump" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="" +IUSE="+drop-root smi ssl ipv6 samba suid test" + +RDEPEND=" + drop-root? ( sys-libs/libcap-ng ) + net-libs/libpcap + smi? ( net-libs/libsmi ) + ssl? ( >=dev-libs/openssl-0.9.6m ) +" +DEPEND=" + ${RDEPEND} + drop-root? ( virtual/pkgconfig ) + test? ( + || ( app-arch/sharutils sys-freebsd/freebsd-ubin ) + dev-lang/perl + ) +" + +pkg_setup() { + if use drop-root || use suid; then + enewgroup tcpdump + enewuser tcpdump -1 -1 -1 tcpdump + fi +} + +src_configure() { + # tcpdump needs some optimization. see bug #108391 + # but do not replace -Os + filter-flags -O[0-9] + has -O? ${CFLAGS} || append-cflags -O2 + + filter-flags -finline-functions + + if use drop-root; then + append-cppflags -DHAVE_CAP_NG_H + export LIBS=$( $(tc-getPKG_CONFIG) --libs libcap-ng ) + fi + + econf \ + $(use_enable ipv6) \ + $(use_enable samba smb) \ + $(use_with drop-root chroot '') \ + $(use_with smi) \ + $(use_with ssl crypto "${EPREFIX}/usr") \ + $(usex drop-root "--with-user=tcpdump" "") +} + +src_test() { + if [[ ${EUID} -ne 0 ]] || ! use drop-root; then + sed -i -e '/^\(espudp1\|eapon1\)/d;' tests/TESTLIST || die + emake check + else + ewarn "If you want to run the test suite, make sure you either" + ewarn "set FEATURES=userpriv or set USE=-drop-root" + fi +} + +src_install() { + dosbin tcpdump + doman tcpdump.1 + dodoc *.awk + dodoc CHANGES CREDITS README.md + + if use suid; then + fowners root:tcpdump /usr/sbin/tcpdump + fperms 4110 /usr/sbin/tcpdump + fi +} + +pkg_preinst() { + if use drop-root || use suid; then + enewgroup tcpdump + enewuser tcpdump -1 -1 -1 tcpdump + fi +} + +pkg_postinst() { + use suid && elog "To let normal users run tcpdump add them into tcpdump group." +}