|
|
|
|
Changelog for tcpdump-4.99.5-84.1.i586.rpm :
* Mon Sep 02 2024 Pedro Monreal - Update to 4.99.5: * Refine protocol decoding for: - BGP: Fix an undefined behavior when it tries to parse a too-short packet. - CARP: Print the protocol name before any GET_(). - CDP: only hex-dump unknown TLVs in verbose mode. - DHCP: parse the SZTP redirect tag. - DHCPv6: client-id/server-id DUID type 2 correction; parse the user class, boot file URL, and SZTP redirect options; add DUID-UUID printing (RFC6355). - DNS: Detect and correctly handle too-short URI RRs. - EAP: Assign ndo_protocol in the eap_print() function. - Frame Relay (Multilink): Fix the Timestamp Information Element printing. - ICMPv6: Fix printing the Home Agent Address Discovery Reply Message. - IEEE 802.11: no need for an element ID in the structures for IEs, make the length in the IE structures a u_int, include the \"TA\" field while printing Block Ack Control frame. - IP: Enable TSO (TCP Segmentation Offload) support; fix printing invalid cases as invalid, not truncated; use ND_ICHECKMSG_ZU() to test the header length. - IPv6: Fix printing invalid cases as invalid, not truncated; use ND_ICHECKMSG_U() to print an invalid version. - IPv6: Fix invalid 32-bit versus 64-bit printouts of fragment headers. - ISAKMP: Fix printing Delete payload SPI when size is zero. - Kerberos: Print the protocol name, remove a redundant bounds check. - lwres: Fix an undefined behavior in pointer arithmetic. - OpenFlow 1.0: Fix indentation of PORT_MOD, improve handling of some lengths, and fix handling of snapend. - TCP: Test ports < 1024 in port order to select the printer. - UDP: Move source port equal BCM_LI_PORT to bottom of long if else chain. - UDP: Test ports < 1024 in port order to select the printer. - LDP: Add missing fields of the Common Session Parameters TLV and fix the offset for the A&D bits. - NFLOG: Use correct AF code points on all OSes. - OSPF: Pad TLVs in LS_OPAQUE_TYPE_RI to multiples of 4 bytes. - OSPF: Update LS-Ack printing not to run off the end of the packet. - OSPF6: Fix an undefined behavior. - PPP: Check if there is some data to hexdump. - PPP: Remove an extra colon before LCP Callback Operation. - Use the buffer stack for de-escaping PPP; fixes CVE-2024-2397; Note: This problem does not affect any tcpdump release. - PTP: Fix spelling of type SIGNALING, Parse major and minor version correctly, Print majorSdoId field instead of just the first bit. - RPKI-Router: Refine length and bounds checks. - RX, SNMP, ZEP, smbutil.c: Use the \"%Y-%m-%d\" date format. * User interface: - Print the supported time stamp types (-J) to stdout instead of stderr. - Print the list of data link types (-L) to stdout instead of stderr. - Update --version option to print 32/64-bit build and time_t size. - Support \"3des\" as an alias for \"des_ede3_cbc\" even if the crypto library doesn\'t support adding aliases. * Source code: - tcpdump: Fix a memory leak. - child_cleanup: reap as many child processes as possible. - Ignore failures when setting the default \"any\" device DLL to LINUX_SLL2. - Fix for backends which doesn\'t support capsicum. - Introduce new ND_ICHECK *() macros to deduplicate more code. - Skip privilege dropping when using -Z root on --with-user builds. - Free interface list just before exiting where it wasn\'t being freed. * Mon Feb 19 2024 Frederic Crozat - Update url for tcpdump keyring and refresh keyring. * Sat Apr 08 2023 Andreas Stieger - update to 4.99.4: * LSP ping: Fix \"Unused value\" warnings from Coverity * CVE-2023-1801: out-of-bounds write in the SMB printer (boo#1210265) * DNS: sync resource types with IANA * ICMPv6: Update the output to show a RPL DAO field name Geneve: Fix the Geneve UDP port test * build system tweaks and documentation updates * Tue Jan 17 2023 Dirk Müller - update to 4.99.3: * Updated printers: PTP: Use the proper values for the control field and print un-allocated values for the message field as \"Reserved\" instead of \"none\". * Source code: smbutil.c: Replace obsolete function call (asctime) * Documentation: Reformat the installation notes (INSTALL.txt) in Markdown. Convert CONTRIBUTING to Markdown. CONTRIBUTING.md: Document the use of \"protocol: \" in a commit summary. Add a README file for NetBSD. Fix CMake build to set man page section numbers in tcpdump.1 * Sun Jan 01 2023 Andreas Stieger - update to 4.99.2: * Multiple fixes and improvements to BGP, DSA, EAP, 802.11, 802.15.4, RRCP, MPLS, ICMP, VQP, Juniper, lwres, Ethernet, IPX, Zephyr, VRRP, DCCP, IPv6, ISAKMP, RADIUS, TCP, RESp, Arista, sFlow, VRRP, OSPF, OSPFv3, ICMPv3, ICMPv6, NFS, PTP, WHOIS, MPTCP, ESP, PPP, ZEP printers * Build system updates, developer visible fixes, documentation * Sun Jun 13 2021 Andreas Stieger - update to 4.99.1: * Squelch some compiler warnings * ICMP: Update the snapend for some nested IP packets * MACsec: Update the snapend thus the ICV field is not payload for the caller * EIGRP: Fix packet header fields * SMB: Disable printer by default in CMake builds * OLSR: Print the protocol name even if the packet is invalid * MSDP: Print \": \" before the protocol name * ESP: Remove padding, padding length and next header from the buffer * DHCPv6: Update the snapend for nested DHCPv6 packets * OpenFlow 1.0: Get snapend right for nested frames * TCP: Update the snapend before decoding a MPTCP option * Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks * ForCES: Refine SPARSEDATA-TLV length check * ASCII/hex: Use nd_trunc_longjmp() in truncation cases * GeoNet: Add a ND_TCHECK_LEN() call * Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES() * BGP: Fix overwrites of global \'astostr\' temporary buffer * ARP: fix overwrites of static buffer in q922_string() * Frame Relay: have q922_string() handle errors better * Fri Feb 19 2021 Pedro Monreal - Fix excess of precission in floating point registers for i586 until resolved upstream. * Mon Jan 04 2021 Pedro Monreal - Update to 4.99.0 IMPORTANT: Upsteam moved the default install directory to bindir. For compatibility, tcpdump is still being installed in sbindir and a symlink in bindir has been added. * Print unsupported link-layer protocol packets in hex. * Add support for new network protocols and DLTs: Arista, Autosar SOME/IP, Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand (IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS, ZigBee Encapsulation Protocol (ZEP). * Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP, ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS, NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD, VXLAN-GPE. * User interface: - Make SLL2 the default for Linux \"any\" pseudo-device. - Add --micro and --nano shorthands. - Add --count to print a counter only instead of decoding. - Add --print, to cause packet printing even with -w. - Add support for remote capture if libpcap supports it. - Flush the output packet buffer on a SIGUSR2. - Handle very large -f files by rejecting them. * Source code: - Introduce new helper functions, including GET_ *(), nd_print_protocol(), nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others. - Put integer signedness right in many cases. - Introduce nd_uint *, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix alignment issues, especially on SPARC. - Use a table instead of getprotobynumber(). - Get rid of ND_UNALIGNED and ND_TCHECK(). - Make roundup2() generally available. - Resync SMI list against Wireshark.- Remove patches fixed upstream: * tcpdump-CVE-2018-19519.patch * tcpdump-CVE-2020-8037.patch * Mon Jan 04 2021 Pedro Monreal - Remove unrecognized configure option: enable-ipv6 * Thu Nov 05 2020 Pedro Monreal - Security fix: [bsc#1178466, CVE-2020-8037] * PPP decapsulator: Allocate the right buffer size- Add tcpdump-CVE-2020-8037.patch
|
|
|