From patchwork Tue Nov 19 21:11:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8260 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4XtHHD0Rgpz3xMw for ; Tue, 19 Nov 2024 21:11:36 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4XtHH948vMz4gD; Tue, 19 Nov 2024 21:11:33 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4XtHH36cNyz34C7; Tue, 19 Nov 2024 21:11:27 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4XtHGr0XdDz34CK for ; Tue, 19 Nov 2024 21:11:16 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4XtHGq3HNJz1Zb; Tue, 19 Nov 2024 21:11:15 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1732050675; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dzYqjVJ2MjXixNEfeZCwLTGcY5Fc8PLtiSu5GFd/hcw=; b=T//MsgUpIAxzOk63AM4qlh0sEh9wvAhGKapgIoXoM7LusmxqrCovPTargYJ59CHrvEyfdV 5K/3cN/kDUgaNwDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1732050675; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dzYqjVJ2MjXixNEfeZCwLTGcY5Fc8PLtiSu5GFd/hcw=; b=KnzawUQqH/EN8JNFE/Ro3ruM9vwaQRepglo5tQZ0NHQzdktXedshED84XbVweczMpIielt A8GlpqCuVCgOosFgnbFyEpFlJ50KffAZ/xKYZCA0j3K2e4qIBgMDuf1kL9bsxHu5JF6veD wrf2vl6ifsEBSp0p88ZqD/IkYLfTATpECFtJuZxehAi7Xz7pcOTRq/BS3rGTnVPNWoztX7 NqOj7fgkh01FtlEcPJAYZUTBo8nVsycXeTIfPTlbP6Z7npioM/RKNqgqlgyzQ2l+fdO8CD 9Rc2zYA0WNwxAYSMzD/09rSzT4HAgzCCVGq0zt0il19OIiZXPWxUpe5kkcKKkw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] libpcap: Update to version 1.10.5 Date: Tue, 19 Nov 2024 22:11:01 +0100 Message-ID: <20241119211106.2194373-13-adolf.belka@ipfire.org> In-Reply-To: <20241119211106.2194373-1-adolf.belka@ipfire.org> References: <20241119211106.2194373-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: WTCZ7HM32TRZAUWX672P7U5YF4A5YN5R X-Message-ID-Hash: WTCZ7HM32TRZAUWX672P7U5YF4A5YN5R X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - Update from version 1.10.4 to 1.10.5 - Update of rootfile - Fixes for 2 CVE's - Changelog 1.10.5 Source code: Spell WirelessHART details properly. Mark pcap_vasprintf() as printf-like. Finalize moving of bpf_filter.c. (GH #1166) Remove an unneeded argument from gen_mcode6(). Don't do some Berkeley YACC workarounds with YACC releases not requiring them. Use correct data types rather than int in some cases. Squelch compiler warning in grammar.c. Fix findalldevtest compilation if IPv6 isn't enabled. Rename helper routines for pcap modules to have names beginning with pcapint_, to avoid namespace collisions for code linking statically with libpcap. Avoid casting hack for the Windows cleanup-on-exit routine. Use %zu format for one case of printing a size_t. Fix some Coverity errors. Fix availabilities of some functions to match reality. pcap: make the seconds and microseconds/nanoseconds fields unsigned. Remove the unused pcap-rpcap-int.h header file. Thread safety: Make some static variables thread-local; fixes issue #1174. Packet filtering: Improve reporting of some invalid filter expressions. Return an error from pcap_compile() if the scanner fails to initialize. Optimizer fix from Archit Shah to recompute dominators after moving code (#976); fixes #945 (although the resulting filter isn't empty). Optimizer fix from Archit Shah to mark value as unknown when store of that value is deleted (#972); fixes #143, #434, #436, #437, and #1076. Linux: Properly return warnings. Don't use DLT_LINUX_SLL2 for anything other than the "any" device. Avoid 32-bit unsigned integer overflow in USB captures. Fixes issues #1134 and #1205. Fix a file descriptor leak. Properly report warnings about unknown ARPHRD_ types. Fix DLT_CAN_SOCKETCAN handling of CAN FD. Add CAN XL support to DLT_CAN_SOCKETCAN. Clean up the code that sets the "real" ("original") length for isochronous USB transfers. Avoid unnecessary blocking on recvmsg() in the Bluetooth monitor and Bluetoth modules. Solaris: Handle BPF returning ESRCH for unknown devices. List the "any" device if it's supported. Report {non-existent zone}/{interface} errors appropriately. Allow attaching to links owned by a non-global zone. (Based on pull request #1202.) Fix AF_LINK handling on illumos. macOS: Redid the availability macros to be closer to what Apple's doing in recent SDKs, including tagging pcap-namedb.h routines. Fix the install name of the installed shared library to have a full path when building with CMake. Fix universal builds. Haiku: Convert the module to C. Fixes issue #1114. Address a few compiler warnings. Fixes issue #1114. Fix various build problems. Fixes issue #1114. Report non-existent devices correctly. Fix handling of packet statistics. Fix packet timestamping. Fix packet filtering with low snaplen. Improve connection status reporting. Add support for promiscuous mode. Detect DLTs and loopback capture support at run time. Report IEEE 802.11 as PCAP_IF_WIRELESS. Windows: Fix internal handling of "not supported" error codes from NPF. Work around a bug in Npcap 1.00 in case of driver version mismatch. Don't call WSACleanup() when handling a failed WSAStartup(). BSD, macOS, AIX, Solaris 11, Linux: Add a new error PCAP_ERROR_CAPTURE_NOTSUP, for use if a capture mechanism is not present, in the hopes that, for example, attempts to capture on Windows Services for Linux 1, in which the NT kernel attempts to simulate Linux system calls but does not support packet sockets, can get an error that better indicates the underlying problem. AirPcap: Format an error message if we run out of memory. nflog: Fix count of dropped packets. Make sure we don't overflow when rounding up the TLV length. rpcap: Handle routines removed in at least some OpenSSL libraries. CVE-2023-7256: Clean up sock_initaddress() and its callers to avoid double frees in some cases. Don't define SOCKET ourselves; instead, define PCAP_SOCKET as int on UN*Xes and as SOCKET on Windows. CVE-2024-8006: Fix pcap_findalldevs_ex() not to crash if passed a file:// URL with a path to a directory that cannot be opened. Savefiles: Handle DLT_/LINKTYPE_ mapping better, to handle some OpenBSD-specific link types better. Treat if_tsoffset as signed in pcapng files, as the spec says. Don't try to fix the "real" length for isochronous USB transfers if the number of USB descriptors is too large. Reject pcap files where one of the reserved fields in the "link-layer type plus other stuff" is non-zero. Building and testing: Add a configure option to help debugging (--enable-instrument-functions). Improved tests and error reporting for uses of pkg-config, and improve help message. Fix Haiku build. With CMake, install headers in CMAKE_INSTALL_INCLUDEDIR rather than just include. Build libpcap.a before building test programs. Print address family numerically, as well as symbolically, in findalldevstest. Fail with suggestions, rather than failing over to no capture support, if no capture mechanism was found. Fixes issue #1016. Don't indent comments in Make, as that may cause them not to be recognized as comments. Don't check for libssl if we aren't going to use it. Better handle enabling and disabling of sanitizers. Fixes issue #1171. CMakeLists.txt: Print "Symlinking: /some/path to ..." conditionally. Evaluate CMAKE_INSTALL_PREFIX at install time. cmake: Update the minimum required version to 2.8.12 (except Windows). cmake: suppress CMP0042 OLD deprecated warning. Makefile.in: Add the releasecheck target. Cirrus CI: Add the "make releasecheck" command in the Linux task. Makefile.in: Add the whitespacecheck target. Cirrus CI: Run the "make whitespacecheck" command in the Linux task. Autoconf: Update config.{guess,sub}, timestamps 2024-01-01. Autoconf: Update the install-sh script to the 2020-11-14.01 version. Compile with '-Wnull-pointer-subtraction', '-Wunused-but-set-parameter', and '-Wunused-but-set-variable' in devel mode if supported. Don't ignore spaces between CMAKE_C_FLAGS and DPDK_C_FLAGS with CMake. Use noreturn and __format__ with XL C 7.0 and later. Check for the same -W flags in autotools and CMake. Autoconf: Add autogen.sh, remove configure and config.h.in and put these generated files in the release tarball. Autoconf: Get the size of a time_t. Fix propagation of cc_werr_cflags() output. Makefile.in(s): Fix the depend target. mkdep: Exit with a non-zero status if a command fails. Fix HCI_CHANNEL_MONITOR detection with musl libc. Extend "make shellcheck" onto mkdep too. Add initial support for building with TinyCC. Address all known compiler warnings specific to illumos, Linux, NetBSD, Solaris and Sun C; in CI expect warnings specific to TinyCC only. Documentation: Update and fix pcap-filter man page. Add a README.haiku.md file. Document pcap-config better. Man page formatting and prose fixes. Rename doc/README.Win32.md to doc/README.windows.md. Update pcap-savefile man page to match the Internet-Draft for pcap. Fix CMake issues for target used by other projects. Explain "any" device better in pcap_open_live(3PCAP). Update INSTALL.md. Note in man pages that errbuf arguments must point to an error buffer. Note that if pcap_findalldevs() fails it sets *alldevsp to NULL; there's no devices list to free. Explain "other addresses" in pcap_findalldevs(3PCAP). Document pcap_lookupnet(3PCAP) a bit better. Signed-off-by: Adolf Belka --- config/rootfiles/common/libpcap | 2 +- lfs/libpcap | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/config/rootfiles/common/libpcap b/config/rootfiles/common/libpcap index 43c9140ea..7497e2cb1 100644 --- a/config/rootfiles/common/libpcap +++ b/config/rootfiles/common/libpcap @@ -21,7 +21,7 @@ #usr/lib/libpcap.a usr/lib/libpcap.so usr/lib/libpcap.so.1 -usr/lib/libpcap.so.1.10.4 +usr/lib/libpcap.so.1.10.5 #usr/lib/pkgconfig/libpcap.pc #usr/share/man/man1/pcap-config.1 #usr/share/man/man3/pcap.3pcap diff --git a/lfs/libpcap b/lfs/libpcap index 0dfe562bf..abdba19da 100644 --- a/lfs/libpcap +++ b/lfs/libpcap @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2023 IPFire Team # +# Copyright (C) 2007-2024 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,10 +24,10 @@ include Config -VER = 1.10.4 +VER = 1.10.5 THISAPP = libpcap-$(VER) -DL_FILE = $(THISAPP).tar.gz +DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -42,7 +42,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 05a7eafc1e1817f7844008db89d8fb10cd2525c22f7ee6c9e3d582b14229412f38ccced5e9d80a96dd459ef9eab12eccb5c1dd4978ddc9f66267469212005e4c +$(DL_FILE)_BLAKE2 = eafc01c0b865f7e7917dcf353ce8e79cea8981eb68068a20b50d9650e1aa89874d3fd6bbfa93ff61ec9edbb610d22cd5f09c0723c12e95005725c66436658d2b install : $(TARGET) @@ -71,7 +71,7 @@ $(subst %,%_BLAKE2,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure \ --prefix=/usr \ --enable-bluetooth=no \