summaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support/tcpdump
Commit message (Collapse)AuthorAgeFilesLines
* tcpdump: Add fix for CVE-2018-16301Riyaz Ahmed Khan2022-05-252-0/+112
| | | | | | | | | | | | | Add patch for CVE issue: CVE-2018-16301 Link: https://github.com/the-tcpdump-group/tcpdump/commit/8ab211a7ec728bb0ad8c766c8eeb12deb0a13b86 Upstream-Status: Pending Issue: MGUBSYS-5370 Change-Id: I2aac084e61ba9d71ae614a97b4924eaa60328b79 Signed-off-by: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpdump: Update CVE-2020-8037 tagPurushottam Choudhary2021-10-011-0/+1
| | | | | | | | | | CVE tag was missing inside the patch file which is the remedy for CVE-2020-8037 and tracked by cve-check. Signed-off-by: Purushottam Choudhary <purushottam.Choudhary@kpit.com> Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpdump: Exclude CVE-2020-8036 from checkArmin Kuster2021-08-241-0/+5
| | | | | | | This issue was introduce in 4.9 by 246ca110 Autosar SOME/IP protocol support which is after 4.9.3 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpdump: Patch for CVE-2020-8037viatsk2020-12-102-0/+71
| | | | | | Signed-off-by: Stacy Gaikovaia <stacy.gaikovaia@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpdump: Fix PACKAGECONFIG for OpenSSLAlexander Vickberg2020-05-171-1/+1
| | | | | | | | | | This fixes building TCPDump without OpenSSL. Current version does not recognize the option --without-openssl. Signed-off-by: Alexander Vickberg <wickbergster@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 5b7ed1a8730a6e2c17d4650ee140b306483a3d9c) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* tcpdump: Clarify BSD license variantChristophe PRIOUZEAU2019-10-241-1/+1
| | | | | | | The License of tcpdump is BSD-3-Clause. Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tcpdump: Delete unused patchPeiran Hong2019-10-091-61/+0
| | | | | | | | Delete patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch" since it is not used in the tcpdump recipe anymore. Signed-off-by: Peiran Hong <peiran.hong@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tcpdump: upgrade 4.9.2 -> 4.9.3Peiran Hong2019-10-085-25/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This upgrade adds some new features and fixes numerous bugs including the following CVEs: CVE: CVE-2017-16808 (AoE) CVE: CVE-2018-14468 (FrameRelay) CVE: CVE-2018-14469 (IKEv1) CVE: CVE-2018-14470 (BABEL) CVE: CVE-2018-14466 (AFS/RX) CVE: CVE-2018-14461 (LDP) CVE: CVE-2018-14462 (ICMP) CVE: CVE-2018-14465 (RSVP) CVE: CVE-2018-14881 (BGP) CVE: CVE-2018-14464 (LMP) CVE: CVE-2018-14463 (VRRP) CVE: CVE-2018-14467 (BGP) CVE: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled) CVE: CVE-2018-10105 (SMB - too unreliably reproduced, SMB printing disabled) CVE: CVE-2018-14880 (OSPF6) CVE: CVE-2018-16451 (SMB) CVE: CVE-2018-14882 (RPL) CVE: CVE-2018-16227 (802.11) CVE: CVE-2018-16229 (DCCP) CVE: CVE-2018-16301 (was fixed in libpcap) CVE: CVE-2018-16230 (BGP) CVE: CVE-2018-16452 (SMB) CVE: CVE-2018-16300 (BGP) CVE: CVE-2018-16228 (HNCP) CVE: CVE-2019-15166 (LMP) CVE: CVE-2019-15167 (VRRP) CVE: CVE-2018-14879 (tcpdump -V) Deleted patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch" since the fix is included in the upgrade. Modified patches "avoid-absolute-path-when-searching-for-libdlpi.patch", "unnecessary-to-check-libpcap.patch", and "add-ptest.path" since the upgrade renamed configure.in to configure.ac and made changes to the file. Added PACKAGECONFIG for smb. It is disabled by default in the upgraded version in both the package's configure script and this bitbake recipe since it is insecure. Modified the parsing of ptest result to align with the new output format. With core-image-minimal on qemux86-64/kvm: Recipe | Passed | Failed | Skipped | Time(s) Before | 408 | 0 | 2 | 4 After | 431 | 11 | 2 | 10 11 test failed after the upgrade since libpcap is not upgraded alongside with tcpdump. Signed-off-by: Peiran Hong <peiran.hong@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tcpdump: Fix CVE-2017-16808Peiran Hong2019-09-132-0/+62
| | | | | | | | | | | | | | | | | | | | | | | | | | Backport selected parts of three upstream commits to fix CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read. Upstream-Status: Backport [ several ] Upstream commits fully backported: 46aead6 [CVE-2017-16808/AoE: Add a missing bounds check] Upstream commits partially backported: 7068209 [Use nd_ types in 802.x and FDDI headers.] 84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using pointers (1/n)] 46aead6 fixes the vulnerability and requires two macros defined in 7068209 and 84ef17a, which are committed after the release of 4.9.2. Only the definition of the macros are taken from the two commits as they impact a wide range of code and are difficult to integrate. CVE: CVE-2017-16808 Signed-off-by: Peiran Hong <peiran.hong@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tcpdump: misc recipe cleanup + drop obsolete workaroundsAndre McCurdy2019-01-153-26/+54
| | | | | | | | | | | Remove obsolete workarounds and improve the workarounds that remain. For example, it hasn't been necessary to set ac_cv_linux_vers since tcpdump 4.6.0: https://github.com/the-tcpdump-group/tcpdump/commit/a42fc6e764abfe4a99eef993784733f735f6c874 Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tcpdump: refresh patchesMartin Jansa2018-04-092-15/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | WARNING: tcpdump-4.9.2-r0 do_patch: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: Applying patch unnecessary-to-check-libpcap.patch patching file configure.in Hunk #1 succeeded at 418 with fuzz 2 (offset -149 lines). Now at patch unnecessary-to-check-libpcap.patch Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* tcpdump: update to 4.9.2 to fix CVEsWenzong Fan2017-09-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refer to http://www.tcpdump.org/tcpdump-changes.txt: Fix buffer overflow vulnerabilities: CVE-2017-11543 (SLIP) CVE-2017-13011 (bittok2str_internal) Fix infinite loop vulnerabilities: CVE-2017-12989 (RESP) CVE-2017-12990 (ISAKMP) CVE-2017-12995 (DNS) CVE-2017-12997 (LLDP) Fix buffer over-read vulnerabilities: CVE-2017-11541 (safeputs) CVE-2017-11542 (PIMv1) CVE-2017-12893 (SMB/CIFS) CVE-2017-12894 (lookup_bytestring) CVE-2017-12895 (ICMP) CVE-2017-12896 (ISAKMP) CVE-2017-12897 (ISO CLNS) CVE-2017-12898 (NFS) CVE-2017-12899 (DECnet) CVE-2017-12900 (tok2strbuf) CVE-2017-12901 (EIGRP) CVE-2017-12902 (Zephyr) CVE-2017-12985 (IPv6) CVE-2017-12986 (IPv6 routing headers) CVE-2017-12987 (IEEE 802.11) CVE-2017-12988 (telnet) CVE-2017-12991 (BGP) CVE-2017-12992 (RIPng) CVE-2017-12993 (Juniper) CVE-2017-11542 (PIMv1) CVE-2017-11541 (safeputs) CVE-2017-12994 (BGP) CVE-2017-12996 (PIMv2) CVE-2017-12998 (ISO IS-IS) CVE-2017-12999 (ISO IS-IS) CVE-2017-13000 (IEEE 802.15.4) CVE-2017-13001 (NFS) CVE-2017-13002 (AODV) CVE-2017-13003 (LMP) CVE-2017-13004 (Juniper) CVE-2017-13005 (NFS) CVE-2017-13006 (L2TP) CVE-2017-13007 (Apple PKTAP) CVE-2017-13008 (IEEE 802.11) CVE-2017-13009 (IPv6 mobility) CVE-2017-13010 (BEEP) CVE-2017-13012 (ICMP) CVE-2017-13013 (ARP) CVE-2017-13014 (White Board) CVE-2017-13015 (EAP) CVE-2017-11543 (SLIP) CVE-2017-13016 (ISO ES-IS) CVE-2017-13017 (DHCPv6) CVE-2017-13018 (PGM) CVE-2017-13019 (PGM) CVE-2017-13020 (VTP) CVE-2017-13021 (ICMPv6) CVE-2017-13022 (IP) CVE-2017-13023 (IPv6 mobility) CVE-2017-13024 (IPv6 mobility) CVE-2017-13025 (IPv6 mobility) CVE-2017-13026 (ISO IS-IS) CVE-2017-13027 (LLDP) CVE-2017-13028 (BOOTP) CVE-2017-13029 (PPP) CVE-2017-13030 (PIM) CVE-2017-13031 (IPv6 fragmentation header) CVE-2017-13032 (RADIUS) CVE-2017-13033 (VTP) CVE-2017-13034 (PGM) CVE-2017-13035 (ISO IS-IS) CVE-2017-13036 (OSPFv3) CVE-2017-13037 (IP) CVE-2017-13038 (PPP) CVE-2017-13039 (ISAKMP) CVE-2017-13040 (MPTCP) CVE-2017-13041 (ICMPv6) CVE-2017-13042 (HNCP) CVE-2017-13043 (BGP) CVE-2017-13044 (HNCP) CVE-2017-13045 (VQP) CVE-2017-13046 (BGP) CVE-2017-13047 (ISO ES-IS) CVE-2017-13048 (RSVP) CVE-2017-13049 (Rx) CVE-2017-13050 (RPKI-Router) CVE-2017-13051 (RSVP) CVE-2017-13052 (CFM) CVE-2017-13053 (BGP) CVE-2017-13054 (LLDP) CVE-2017-13055 (ISO IS-IS) CVE-2017-13687 (Cisco HDLC) CVE-2017-13688 (OLSR) CVE-2017-13689 (IKEv1) CVE-2017-13690 (IKEv2) CVE-2017-13725 (IPv6 routing headers) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* tcpdump: update to 4.9.1 to fix CVE-2017-11108Wenzong Fan2017-09-121-2/+2
| | | | | | | | | | | | | | | Summary for 4.9.1 tcpdump release CVE-2017-11108/Fix bounds checking for STP. Make assorted documentation updates and fix a few typos in tcpdump output. Fixup -C for file size >2GB (GH #488). Show AddressSanitizer presence in version output. Fix a bug in test scripts (exposed in GH #613). On FreeBSD adjust Capsicum capabilities for netmap. On Linux fix a use-after-free when the requested interface does not exist. Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* tcpdump: remove unnecessary patchJose Alarcon2017-09-122-32/+0
| | | | | | | | | | | | The removed patch added an unncessary (and incorrect) test for cross compiling: if there is no libdlpi on the target, the test will fail (as it should) and not add libdlpi to the list of libraries. If we would be cross compiling for Solaris (e.g., compiling for SPARC on Solaris x86 or for x86 on Solaris SPARC), we should check for libdlpi. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* tcpdump: update to 4.9.0 for security fixesArmin Kuster2017-02-222-16/+15
| | | | | | | | | | | | | | | | | | | | | CVE included in this release: CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486 updated add-ptest patch to apply to Makefile.in Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* tcpdump: upgrade to 4.8.1Oleksandr Kravchuk2017-02-221-4/+3
| | | | | | | | | Upgraded tcpdump to version 4.8.1 and removed deprecated ipv6 configure flag. Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* meta-oe: fix indentationMartin Jansa2016-08-222-8/+8
| | | | | | | | * remove tabs which sneaked in since last cleanup * meta-oe layers are using consistent indentation with 4 spaces, see http://www.openembedded.org/wiki/Styleguide Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* tcpdump: add PACKAGECONFIG for libcap-ngRoy Li2016-01-201-0/+1
| | | | | | Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* tcpdump: add PACKAGECONFIG for smiMartin Jansa2015-08-311-0/+1
| | | | | | | | | | | | | | | | | | * libsmi is autodetected in configure, but in most cases disabled because of cross-compilation so keep it explicitly disabled * resolves following difference in builds with and without libsmi built before tcpdump: 4.7.4-r0-with/temp/log.do_configure:checking smi.h usability... yes 4.7.4-r0-with/temp/log.do_configure:checking smi.h presence... yes 4.7.4-r0-with/temp/log.do_configure:checking for smi.h... yes 4.7.4-r0-with/temp/log.do_configure:checking for smiInit in -lsmi... yes 4.7.4-r0-with/temp/log.do_configure:checking whether to enable libsmi... not when cross-compiling 4.7.4-r0-without/temp/log.do_configure:checking smi.h usability... no 4.7.4-r0-without/temp/log.do_configure:checking smi.h presence... no 4.7.4-r0-without/temp/log.do_configure:checking for smi.h... no Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* tcpslice: fix do_installRoy Li2015-08-061-1/+2
| | | | | | | | | | replace to run "make install" with directly calling install command, since "make install" asks "bin" user and group, and maybe fail when system has not; Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* meta-networking: standardize SECTION valuesJoe MacDonald2015-06-052-2/+2
| | | | | | | SECTION has been used inconsistently throughout the recipes in this layer. Convert them to all use the same convention. Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* tcpdump: upgrade to 4.7.4Roy Li2015-05-137-56/+2
| | | | | | | Remove two unneeded patches, configure.patch and tcpdump-cross-getaddrinfo.patch Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* tcpdump: Add ptestHongjun.Yang2014-10-303-1/+50
| | | | | | | Add ptest supports for tcpdump Signed-off-by: Hongjun.Yang <hongjun.yang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* tcpslice: add recipe under tcpdumpRoy Li2014-09-093-0/+125
| | | | | | | | | tcpslice is a tool for extracting parts of a tcpdump packet trace, so put it under tcpdump dir Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* tcpdump: uprev it to 4.6.1Roy Li2014-08-218-98/+6
| | | | | | | | | 1. uprev to 4.6.1 2. remove three obsolete patches 3. use PACKAGECONFIG, and the default value is ipv6 openssl Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Uprev tcpdump to 4.5.1Roy Li2014-07-209-44/+120
| | | | | | | | | | | | 1. update the patch tcpdump_configure_no_-O2.patch 2. do not check libdlpi dependence on cross-compile, or else it will cause do_qa_configure to fail. 3. do not check libpcap dependence, since the libpcap has been added into DEPENDS, or else it will cause do_qa_configure to fail 4. make the check of getaddrinfo work on cross-compile Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* tcpdump: inherit brokensepJack Mitchell2014-05-031-1/+1
| | | | | Signed-off-by: Jack Mitchell <jmitchell@cbnl.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* recipes: convert remaining SUMMARY/DESCRIPTION cosmetic issuesMatthieu CRAPET2014-02-231-1/+1
| | | | | | | | | | | | | Changes: - rename SUMMARY with length > 80 to DESCRIPTION - rename DESCRIPTION with length < 80 to (non present tag) SUMMARY - drop final point character at the end of SUMMARY string - remove trailing whitespace of SUMMARY line Note: don't bump PR Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* tcpdump: correct QA issue (unrecognized configure option)Joe MacDonald2013-11-281-1/+1
| | | | | | WARNING: QA Issue: tcpdump: configure was passed unrecognised options: --disable-rpath Signed-off-by: Joe MacDonald <joe@deserted.net>
* tcpdump: move from meta-oe to meta-networkingZongchun Yu2013-11-285-0/+177
Signed-off-by: Zongchun Yu <Zongchun.Yu@freescale.com> Signed-off-by: Joe MacDonald <joe@deserted.net>