diff options
Diffstat (limited to 'net-analyzer/tcpdump')
-rw-r--r-- | net-analyzer/tcpdump/Manifest | 4 | ||||
-rw-r--r-- | net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch | 63 | ||||
-rw-r--r-- | net-analyzer/tcpdump/files/tcpdump-4.99.4-lfs.patch | 22 | ||||
-rw-r--r-- | net-analyzer/tcpdump/files/tcpdump-9999-lfs.patch | 22 | ||||
-rw-r--r-- | net-analyzer/tcpdump/metadata.xml | 8 | ||||
-rw-r--r-- | net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild | 86 | ||||
-rw-r--r-- | net-analyzer/tcpdump/tcpdump-4.99.4-r1.ebuild (renamed from net-analyzer/tcpdump/tcpdump-4.99.0.ebuild) | 40 | ||||
-rw-r--r-- | net-analyzer/tcpdump/tcpdump-9999.ebuild | 59 |
8 files changed, 110 insertions, 194 deletions
diff --git a/net-analyzer/tcpdump/Manifest b/net-analyzer/tcpdump/Manifest index cd74edc21c66..a9f92479362d 100644 --- a/net-analyzer/tcpdump/Manifest +++ b/net-analyzer/tcpdump/Manifest @@ -1,2 +1,2 @@ -DIST tcpdump-4.9.3.tar.gz 2333119 BLAKE2B 21e13fc40d98cfac0bbd5513580cf98313df1f8fea24c48f045f70d494aea3e75230b8481049660c109f9179015c3164f3e3b31acc76c0bfb1f2da5039f1834e SHA512 3aec673f78b996a4df884b1240e5d0a26a2ca81ee7aca8a2e6d50255bb53476e008a5ced4409e278a956710d8a4d31d85bbb800c9f1aab92b0b1046b59292a22 -DIST tcpdump-4.99.0.tar.gz 1876161 BLAKE2B 5ad7e7f888f56fac92ef3c01229ba03b45cfd706d7a904a10118b65c73aa6c5c1d39f54b7139c72116b67ed2971566596ae51d65de8528116b3a81bbcc7f52ab SHA512 921c27bdd803de9ecebe735a3efc82ac87c4efbd47949119241b8290ed1a015c25d252e428d5bf3b8e275e5b084d19bafb31020b1b3e241202cbc42f1f1d4801 +DIST tcpdump-4.99.4.tar.gz 1903612 BLAKE2B f100e10774574ef04a770bc30d4e2d06fd0f1f16a7b2c88848be6e8290cc4838666ff378d9f78fdc418f4ffab9716a11214edc3588c292cb5ff39636cd7cfd2d SHA512 cb51e19574707d07c0de90dd4c301955897f2c9f2a69beb7162c08f59189f55625346d1602c8d66ab2b4c626ea4b0df1f08ed8734d2d7f536d0a7840c2d6d8df +DIST tcpdump-4.99.4.tar.gz.sig 442 BLAKE2B 2ee35036d86f643b378591c0eb93d8a0f08cb2f0e3638bde25515d550b40fef1bf0eb6c876d4d6512fa795041b0703954ca884c646c4af8771b4bc4049e7609a SHA512 bec395f0f595a37121bc144bac133f3fb31c6c1007cdadf061e4437d6fe2406c0cb0d5b68b5c63e03b932c783bfb58f0af0b7e8a58bb81beb9de6a0d681620e8 diff --git a/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch b/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch deleted file mode 100644 index 2852845eb748..000000000000 --- a/net-analyzer/tcpdump/files/tcpdump-4.9.3-CVE-2020-8037.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 32027e199368dad9508965aae8cd8de5b6ab5231 Mon Sep 17 00:00:00 2001 -From: Guy Harris <guy@alum.mit.edu> -Date: Sat, 18 Apr 2020 14:04:59 -0700 -Subject: [PATCH] PPP: When un-escaping, don't allocate a too-large buffer. - -The buffer should be big enough to hold the captured data, but it -doesn't need to be big enough to hold the entire on-the-network packet, -if we haven't captured all of it. - -(backported from commit e4add0b010ed6f2180dcb05a13026242ed935334) ---- - print-ppp.c | 18 ++++++++++++++---- - 1 file changed, 14 insertions(+), 4 deletions(-) - -diff --git a/print-ppp.c b/print-ppp.c -index 891761728..33fb03412 100644 ---- a/print-ppp.c -+++ b/print-ppp.c -@@ -1367,19 +1367,29 @@ print_bacp_config_options(netdissect_options *ndo, - return 0; - } - -+/* -+ * Un-escape RFC 1662 PPP in HDLC-like framing, with octet escapes. -+ * The length argument is the on-the-wire length, not the captured -+ * length; we can only un-escape the captured part. -+ */ - static void - ppp_hdlc(netdissect_options *ndo, - const u_char *p, int length) - { -+ u_int caplen = ndo->ndo_snapend - p; - u_char *b, *t, c; - const u_char *s; -- int i, proto; -+ u_int i; -+ int proto; - const void *se; - -+ if (caplen == 0) -+ return; -+ - if (length <= 0) - return; - -- b = (u_char *)malloc(length); -+ b = (u_char *)malloc(caplen); - if (b == NULL) - return; - -@@ -1388,10 +1398,10 @@ ppp_hdlc(netdissect_options *ndo, - * Do this so that we dont overwrite the original packet - * contents. - */ -- for (s = p, t = b, i = length; i > 0 && ND_TTEST(*s); i--) { -+ for (s = p, t = b, i = caplen; i != 0; i--) { - c = *s++; - if (c == 0x7d) { -- if (i <= 1 || !ND_TTEST(*s)) -+ if (i <= 1) - break; - i--; - c = *s++ ^ 0x20; diff --git a/net-analyzer/tcpdump/files/tcpdump-4.99.4-lfs.patch b/net-analyzer/tcpdump/files/tcpdump-4.99.4-lfs.patch new file mode 100644 index 000000000000..b38c2c24b108 --- /dev/null +++ b/net-analyzer/tcpdump/files/tcpdump-4.99.4-lfs.patch @@ -0,0 +1,22 @@ +https://github.com/the-tcpdump-group/tcpdump/pull/1068 + +From 54278acb038f0d16ed75cdddb35fd2813a7cdcef Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Thu, 27 Jul 2023 08:31:53 +0100 +Subject: [PATCH] configure.ac: use AC_SYS_LARGEFILE + +This enables 64-bit off_t where it's opt-in (e.g. glibc) on 32-bit platforms. + +Bug: https://bugs.gentoo.org/911176 +Signed-off-by: Sam James <sam@gentoo.org> +--- a/configure.ac ++++ b/configure.ac +@@ -30,7 +30,7 @@ if test "$ac_cv_prog_cc_c99" = "no"; then + fi + AC_LBL_C_INIT(V_CCOPT, V_INCLS) + AC_LBL_C_INLINE +- ++AC_SYS_LARGEFILE + AC_CHECK_HEADERS(fcntl.h rpc/rpc.h rpc/rpcent.h net/if.h) + + case "$host_os" in diff --git a/net-analyzer/tcpdump/files/tcpdump-9999-lfs.patch b/net-analyzer/tcpdump/files/tcpdump-9999-lfs.patch new file mode 100644 index 000000000000..396614ef3ad2 --- /dev/null +++ b/net-analyzer/tcpdump/files/tcpdump-9999-lfs.patch @@ -0,0 +1,22 @@ +https://github.com/the-tcpdump-group/tcpdump/pull/1068 + +From 54278acb038f0d16ed75cdddb35fd2813a7cdcef Mon Sep 17 00:00:00 2001 +From: Sam James <sam@gentoo.org> +Date: Thu, 27 Jul 2023 08:31:53 +0100 +Subject: [PATCH] configure.ac: use AC_SYS_LARGEFILE + +This enables 64-bit off_t where it's opt-in (e.g. glibc) on 32-bit platforms. + +Bug: https://bugs.gentoo.org/911176 +Signed-off-by: Sam James <sam@gentoo.org> +--- a/configure.ac ++++ b/configure.ac +@@ -30,7 +30,7 @@ if test "$ac_cv_prog_cc_c99" = "no"; then + fi + AC_LBL_C_INIT(V_CCOPT, V_INCLS) + AC_C_INLINE +- ++AC_SYS_LARGEFILE + AC_CHECK_HEADERS(fcntl.h rpc/rpc.h rpc/rpcent.h net/if.h) + + case "$host_os" in diff --git a/net-analyzer/tcpdump/metadata.xml b/net-analyzer/tcpdump/metadata.xml index 1f6e1c98b574..46a723b7db8b 100644 --- a/net-analyzer/tcpdump/metadata.xml +++ b/net-analyzer/tcpdump/metadata.xml @@ -1,11 +1,7 @@ -<?xml version='1.0' encoding='UTF-8'?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <maintainer type="person"> - <email>zlogene@gentoo.org</email> - <name>Mikle Kolyada</name> - </maintainer> - <maintainer type="person"> <email>sam@gentoo.org</email> <name>Sam James</name> </maintainer> diff --git a/net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild b/net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild deleted file mode 100644 index 6c0d493d0ed5..000000000000 --- a/net-analyzer/tcpdump/tcpdump-4.9.3-r4.ebuild +++ /dev/null @@ -1,86 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools - -DESCRIPTION="A Tool for network monitoring and data acquisition" -HOMEPAGE="https://www.tcpdump.org/ https://github.com/the-tcpdump-group/tcpdump" -SRC_URI="https://www.tcpdump.org/release/${P}.tar.gz" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 s390 sparc x86 ~amd64-linux ~x86-linux" -IUSE="+drop-root libressl smi ssl samba suid test" -RESTRICT="!test? ( test )" - -RDEPEND=" - net-libs/libpcap - drop-root? ( - acct-group/pcap - acct-user/pcap - sys-libs/libcap-ng - ) - smi? ( net-libs/libsmi ) - ssl? ( - !libressl? ( >=dev-libs/openssl-0.9.6m:0= ) - libressl? ( dev-libs/libressl:= ) - ) - suid? ( - acct-group/pcap - acct-user/pcap - ) -" -DEPEND=" - ${RDEPEND} - test? ( - >=net-libs/libpcap-1.9.1 - dev-lang/perl - ) -" - -PATCHES=( - "${FILESDIR}"/${PN}-9999-libdir.patch - "${FILESDIR}"/${PN}-4.9.3-CVE-2020-8037.patch -) - -src_prepare() { - default - eautoreconf -} - -src_configure() { - econf \ - $(use_enable samba smb) \ - $(use_with drop-root cap-ng) \ - $(use_with drop-root chroot '') \ - $(use_with smi) \ - $(use_with ssl crypto "${ESYSROOT}/usr") \ - $(usex drop-root "--with-user=pcap" "") -} - -src_test() { - if [[ ${EUID} -ne 0 ]] || ! use drop-root; then - emake check - else - ewarn "If you want to run the test suite, make sure you either" - ewarn "set FEATURES=userpriv or set USE=-drop-root" - fi -} - -src_install() { - dosbin tcpdump - doman tcpdump.1 - dodoc *.awk - dodoc CHANGES CREDITS README.md - - if use suid; then - fowners root:pcap /usr/sbin/tcpdump - fperms 4110 /usr/sbin/tcpdump - fi -} - -pkg_postinst() { - use suid && elog "To let normal users run tcpdump, add them to the pcap group." -} diff --git a/net-analyzer/tcpdump/tcpdump-4.99.0.ebuild b/net-analyzer/tcpdump/tcpdump-4.99.4-r1.ebuild index 5d08f58a44ec..84162ab068b5 100644 --- a/net-analyzer/tcpdump/tcpdump-4.99.0.ebuild +++ b/net-analyzer/tcpdump/tcpdump-4.99.4-r1.ebuild @@ -1,25 +1,35 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 inherit autotools -DESCRIPTION="A Tool for network monitoring and data acquisition" +DESCRIPTION="A tool for network monitoring and data acquisition" HOMEPAGE="https://www.tcpdump.org/ https://github.com/the-tcpdump-group/tcpdump" -SRC_URI="https://github.com/the-tcpdump-group/${PN}/archive/${P/_}.tar.gz" -S="${WORKDIR}/${PN}-${P/_}" + +if [[ ${PV} == *9999* ]] ; then + inherit git-r3 + + EGIT_REPO_URI="https://github.com/the-tcpdump-group/tcpdump" +else + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/tcpdump.asc + inherit verify-sig + + SRC_URI="https://www.tcpdump.org/release/${P}.tar.gz" + SRC_URI+=" verify-sig? ( https://www.tcpdump.org/release/${P}.tar.gz.sig )" + + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~amd64-linux ~x86-linux" +fi LICENSE="BSD" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" -IUSE="+drop-root libressl +smi +ssl +samba suid test" -RESTRICT="!test? ( test )" +IUSE="+drop-root +smi +ssl +samba suid test" REQUIRED_USE="test? ( samba )" +RESTRICT="!test? ( test )" -BDEPEND="drop-root? ( virtual/pkgconfig )" RDEPEND=" - net-libs/libpcap + >=net-libs/libpcap-1.10.1 drop-root? ( acct-group/pcap acct-user/pcap @@ -27,8 +37,7 @@ RDEPEND=" ) smi? ( net-libs/libsmi ) ssl? ( - !libressl? ( >=dev-libs/openssl-0.9.6m:0= ) - libressl? ( dev-libs/libressl:= ) + >=dev-libs/openssl-0.9.6m:= ) suid? ( acct-group/pcap @@ -38,13 +47,18 @@ RDEPEND=" DEPEND=" ${RDEPEND} test? ( - >=net-libs/libpcap-1.9.1 dev-lang/perl ) " +BDEPEND="drop-root? ( virtual/pkgconfig )" + +if [[ ${PV} != *9999* ]] ; then + BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-tcpdump )" +fi PATCHES=( "${FILESDIR}"/${PN}-9999-libdir.patch + "${FILESDIR}"/${PN}-4.99.4-lfs.patch ) src_prepare() { diff --git a/net-analyzer/tcpdump/tcpdump-9999.ebuild b/net-analyzer/tcpdump/tcpdump-9999.ebuild index 6f074f38fb23..6d223129b9ed 100644 --- a/net-analyzer/tcpdump/tcpdump-9999.ebuild +++ b/net-analyzer/tcpdump/tcpdump-9999.ebuild @@ -1,25 +1,35 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 -inherit autotools git-r3 +EAPI=8 -DESCRIPTION="A Tool for network monitoring and data acquisition" -HOMEPAGE=" - https://www.tcpdump.org/ - https://github.com/the-tcpdump-group/tcpdump -" -LICENSE="BSD" -EGIT_REPO_URI="https://github.com/the-tcpdump-group/tcpdump" +inherit autotools + +DESCRIPTION="A tool for network monitoring and data acquisition" +HOMEPAGE="https://www.tcpdump.org/ https://github.com/the-tcpdump-group/tcpdump" + +if [[ ${PV} == *9999* ]] ; then + inherit git-r3 + + EGIT_REPO_URI="https://github.com/the-tcpdump-group/tcpdump" +else + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/tcpdump.asc + inherit verify-sig + + SRC_URI="https://www.tcpdump.org/release/${P}.tar.gz" + SRC_URI+=" verify-sig? ( https://www.tcpdump.org/release/${P}.tar.gz.sig )" + + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux" +fi +LICENSE="BSD" SLOT="0" -KEYWORDS="" -IUSE="+drop-root libressl +smi +ssl +samba suid test" -RESTRICT="!test? ( test )" +IUSE="+drop-root +smi +ssl +samba suid test" REQUIRED_USE="test? ( samba )" +RESTRICT="!test? ( test )" RDEPEND=" - net-libs/libpcap + >=net-libs/libpcap-1.10.1 drop-root? ( acct-group/pcap acct-user/pcap @@ -27,31 +37,32 @@ RDEPEND=" ) smi? ( net-libs/libsmi ) ssl? ( - !libressl? ( >=dev-libs/openssl-0.9.6m:0= ) - libressl? ( dev-libs/libressl:= ) + >=dev-libs/openssl-0.9.6m:= ) suid? ( acct-group/pcap acct-user/pcap ) " -BDEPEND=" - drop-root? ( virtual/pkgconfig ) -" DEPEND=" ${RDEPEND} test? ( - >=net-libs/libpcap-1.9.1 dev-lang/perl ) " +BDEPEND="drop-root? ( virtual/pkgconfig )" + +if [[ ${PV} != *9999* ]] ; then + BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-tcpdump )" +fi + PATCHES=( "${FILESDIR}"/${PN}-9999-libdir.patch + "${FILESDIR}"/${PN}-9999-lfs.patch ) src_prepare() { default - eautoreconf } @@ -66,7 +77,7 @@ src_configure() { } src_test() { - if [[ ${EUID} -ne 0 ]] || ! use drop-root; then + if [[ ${EUID} -ne 0 ]] || ! use drop-root ; then emake check else ewarn "If you want to run the test suite, make sure you either" @@ -80,12 +91,12 @@ src_install() { dodoc *.awk dodoc CHANGES CREDITS README.md - if use suid; then + if use suid ; then fowners root:pcap /usr/sbin/tcpdump fperms 4110 /usr/sbin/tcpdump fi } pkg_postinst() { - use suid && elog "To let normal users run tcpdump add them to the pcap group." + use suid && elog "To let normal users run tcpdump, add them to the pcap group." } |