src - FreeBSD source tree

diff options


context:
space:
mode:

author	Gleb Smirnoff <glebius@FreeBSD.org>	2017-01-31 19:17:06 +0000
committer	Gleb Smirnoff <glebius@FreeBSD.org>	2017-01-31 19:17:06 +0000
commit	d79b843cb78484ea27f877f1541055e1a6a5a4d3 (patch)
tree	57b11b7f3aa68244815f4469b548fcab0c5c3e78 /CHANGES
parent	1bf4ba1024df1c302debe8156a60a9dfafb149ee (diff)
download	src-d79b843cb78484ea27f877f1541055e1a6a5a4d3.tar.gz src-d79b843cb78484ea27f877f1541055e1a6a5a4d3.zip

Import tcpdump-4.9.0 into dist.

Notes

Notes: svn path=/vendor/tcpdump/dist/; revision=313024

Diffstat (limited to 'CHANGES')

-rw-r--r--

CHANGES

190

1 files changed, 187 insertions, 3 deletions

diff --git a/CHANGES b/CHANGES
index 38769f2c4ea7..7c4be177173d 100644
--- a/CHANGES
+++ b/CHANGES

@@ -1,3 +1,187 @@

+Wednesday January 18, 2017 devel.fx.lebail@orange.fr

+ Summary for 4.9.0 tcpdump release

+ General updates:

+ Improve separation frontend/backend (tcpdump/libnetdissect)

+ Don't require IPv6 library support in order to support IPv6 addresses

+ Introduce data types to use for integral values in packet structures

+ Fix display of timestamps with -tt, -ttt and -ttttt options

+ Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others

+ (More information in the log with CVE-2016-* and CVE-2017-*)

+ Change the way protocols print link-layer addresses (Fix heap overflows

+ in CALM-FAST and GeoNetworking printers)

+ Pass correct caplen value to ether_print() and some other functions

+ Fix lookup_nsap() to match what isonsap_string() expects

+ Clean up relative time stamp printing (Fix an array overflow)

+ Fix some alignment issues with GCC on Solaris 10 SPARC

+ Add some ND_TTEST_/ND_TCHECK_ macros to simplify writing bounds checks

+ Add a fn_printztn() which returns the number of bytes processed

+ Add nd_init() and nd_cleanup() functions. Improve libsmi support

+ Add CONTRIBUTING file

+ Add a summary comment in all printers

+ Compile with more warning options in devel mode if supported (-Wcast-qual, ...)

+ Fix some leaks found by Valgrind/Memcheck

+ Fix a bunch of de-constifications

+ Squelch some Coverity warnings and some compiler warnings

+ Update Coverity and Travis-CI setup

+ Update Visual Studio files

+ Frontend:

+ Fix capsicum support to work with zerocopy buffers in bpf

+ Try opening interfaces by name first, then by name-as-index

+ Work around pcap_create() failures fetching time stamp type lists

+ Fix a segmentation fault with 'tcpdump -J'

+ Improve addrtostr6() bounds checking

+ Add exit_tcpdump() function

+ Don't drop CAP_SYS_CHROOT before chrooting

+ Fixes issue where statistics not reported when -G and -W options used

+ New printers supporting:

+ Generic Protocol Extension for VXLAN (VXLAN-GPE)

+ Home Networking Control Protocol (HNCP), RFCs 7787 and 7788

+ Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets

+ Marvell Extended Distributed Switch Architecture header (MEDSA)

+ Network Service Header (NSH)

+ REdis Serialization Protocol (RESP)

+ Updated printers:

+ 802.11: Beginnings of 11ac radiotap support

+ 802.11: Check the Protected bit for management frames

+ 802.11: Do bounds checking on last_presentp before dereferencing it (Fix a heap overflow)

+ 802.11: Fix the radiotap printer to handle the special bits correctly

+ 802.11: If we have the MCS field, it's 11n

+ 802.11: Only print unknown frame type or subtype messages once

+ 802.11: Radiotap dBm values get printed as dB; Update a test output accordingly

+ 802.11: Source and destination addresses were backwards

+ AH: Add a bounds check

+ AH: Report to our caller that dissection failed if a bounds check fails

+ AP1394: Print src > dst, not dst > src

+ ARP: Don't assume the target hardware address is <= 6 octets long (Fix a heap overflow)

+ ATALK: Add bounds and length checks (Fix heap overflows)

+ ATM: Add some bounds checks (Fix a heap overflow)

+ ATM: Fix an incorrect bounds check

+ BFD: Update specification from draft to RFC 5880

+ BFD: Update to print optional authentication field

+ BGP: Add decoding of ADD-PATH capability

+ BGP: Add support for the AIGP attribute (RFC7311)

+ BGP: Print LARGE_COMMUNITY Path Attribute

+ BGP: Update BGP numbers from IANA; Print minor values for FSM notification

+ BOOTP: Add a bounds check

+ Babel: Add decoder for source-specific extension

+ CDP: Filter out non-printable characters

+ CFM: Fixes to match the IEEE standard, additional bounds and length checks

+ CSLIP: Add more bounds checks (Fix a heap overflow)

+ ClassicalIPoATM: Add a bounds check on LLC+SNAP header (Fix a heap overflow)

+ DHCP: Fix MUDURL and TZ options

+ DHCPv6: Process MUDURL and TZ options

+ DHCPv6: Update Status Codes with RFCs/IANA names

+ DNS: Represent the "DNSSEC OK" bit as "DO" instead of "OK". Add a test case

+ DTP: Improve packet integrity checks

+ EGP: Fix bounds checks

+ ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later

+ ESP: Handle OpenSSL 1.1.x

+ Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow)

+ Ethernet: Print the Length/Type field as length when needed

+ FDDI: Fix -e output for FDDI

+ FR: Add some packet-length checks and improve Q.933 printing (Fix heap overflows)

+ GRE: Add some bounds checks (Fix heap overflows)

+ Geneve: Fix error message with invalid option length; Update list option classes

+ HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes

+ ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS()

+ ICMP6: dagid is always an IPv6 address, not an opaque 128-bit string

+ IGMP: Add a length check

+ IP: Add a bounds check (Fix a heap overflow)

+ IP: Check before fetching the protocol version (Fix a heap overflow)

+ IP: Don't try to dissect if IP version != 4 (Fix a heap overflow)

+ IP: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP

+ IPComp: Check whether we have the CPI before we fetch it (Fix a heap overflow)

+ IPoFC: Fix -e output (IP-over-Fibre Channel)

+ IPv6: Don't overwrite the destination IPv6 address for routing headers

+ IPv6: Fix header printing

+ IPv6: Stop processing IPPROTO_ values once we hit IPPROTO_IPCOMP

+ ISAKMP: Clean up parsing of IKEv2 Security Associations

+ ISOCLNS/IS-IS: Add support for Purge Originator Identifier (RFC6232) and test cases

+ ISOCLNS/IS-IS: Don't overwrite packet data when checking the signature

+ ISOCLNS/IS-IS: Filter out non-printable characters

+ ISOCLNS/IS-IS: Fix segmentation faults

+ ISOCLNS/IS-IS: Have signature_verify() do the copying and clearing

+ ISOCLNS: Add some bounds checks

+ Juniper: Make sure a Juniper header TLV isn't bigger than what's left in the packet (Fix a heap overflow)

+ LLC/SNAP: With -e, print the LLC header before the SNAP header; without it, cut the SNAP header

+ LLC: Add a bounds check (Fix a heap overflow)

+ LLC: Clean up printing of LLC packets

+ LLC: Fix the printing of RFC 948-style IP packets

+ LLC: Skip the LLC and SNAP headers with -x for 802.11 and some other protocols

+ LLDP: Implement IANA OUI and LLDP MUD option

+ MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks

+ MPLS: "length" is now the *remaining* packet length

+ MPLS: Add bounds and length checks (Fix a heap overflow)

+ NFS: Add a test that makes unaligned accesses

+ NFS: Don't assume the ONC RPC header is nicely aligned

+ NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault)

+ NFS: Don't run past the end of an NFSv3 file handle

+ OLSR: Add a test to cover a HNA sgw case

+ OLSR: Fix 'Advertised networks' count

+ OLSR: Fix printing of smart-gateway HNAs in IPv4

+ OSPF: Add a bounds check for the Hello packet options

+ OSPF: Do more bounds checking

+ OSPF: Fix a segmentation fault

+ OSPF: Fix printing 'ospf_topology_values' default

+ OTV: Add missing bounds checks

+ PGM: Print the formatted IP address, not the raw binary address, as a string

+ PIM: Add some bounds checking (Fix a heap overflow)

+ PIMv2: Fix checksumming of Register messages

+ PPI: Pass an adjusted struct pcap_pkthdr to the sub-printer

+ PPP: Add some bounds checks (Fix a heap overflow)

+ PPP: Report invalid PAP AACK/ANAK packets

+ Q.933: Add a missing bounds check

+ RADIUS: Add Value 13 "VLAN" to Tunnel-Type attribute

+ RADIUS: Filter out non-printable characters

+ RADIUS: Translate UDP/1700 as RADIUS

+ RESP: Do better checking of RESP packets

+ RPKI-RTR: Add a return value check for "fn_printn" call

+ RPKI-RTR: Remove printing when truncated condition already detected

+ RPL: Fix 'Consistency Check' control code

+ RPL: Fix suboption print

+ RSVP: An INTEGRITY object in a submessage covers only the submessage

+ RSVP: Fix an infinite loop; Add bounds and length checks

+ RSVP: Fix some if statements missing brackets

+ RSVP: Have signature_verify() do the copying and clearing

+ RTCP: Add some bounds checks

+ RTP: Add some bounds checks, fix two segmentation faults

+ SCTP: Do more bounds checking

+ SFLOW: Fix bounds checking

+ SLOW: Fix bugs, add checks

+ SMB: Before fetching the flags2 field, make sure we have it

+ SMB: Do bounds checks on NBNS resource types and resource data lengths

+ SNMP: Clean up the "have libsmi but no modules loaded" case

+ SNMP: Clean up the object abbreviation list and fix the code to match them

+ SNMP: Do bounds checks when printing character and octet strings

+ SNMP: Improve ASN.1 bounds checks

+ SNMP: More bounds and length checks

+ STP: Add a bunch of bounds checks, and fix some printing (Fix heap overflows)

+ STP: Filter out non-printable characters

+ TCP: Add bounds and length checks for packets with TCP option 20

+ TCP: Correct TCP option Kind value for TCP Auth and add SCPS-TP

+ TCP: Fix two bounds checks (Fix heap overflows)

+ TCP: Make sure we have the data offset field before fetching it (Fix a heap overflow)

+ TCP: Put TCP-AO option decoding right

+ TFTP: Don't use strchr() to scan packet data (Fix a heap overflow)

+ Telnet: Add some bounds checks

+ TokenRing: Fix -e output

+ UDLD: Fix an infinite loop

+ UDP: Add a bounds check (Fix a heap overflow)

+ UDP: Check against the packet length first

+ UDP: Don't do the DDP-over-UDP heuristic check up front

+ VAT: Add some bounds checks

+ VTP: Add a test on Mgmt Domain Name length

+ VTP: Add bounds checks and filter out non-printable characters

+ VXLAN: Add a bound check and a test case

+ ZeroMQ: Fix an infinite loop

+Tuesday April 14, 2015 guy@alum.mit.edu

+ Summary for 4.8.0 tcpdump release

+ Fix "-x" for Apple PKTAP and PPI packets

Friday April 10, 2015 guy@alum.mit.edu

Summary for 4.7.4 tcpdump release

RPKI to Router Protocol: Fix Segmentation Faults and other problems

@@ -464,10 +648,10 @@ Wed. November 12, 2003. mcr@sandelman.ottawa.on.ca. Summary for 3.8 release

Tuesday, February 25, 2003. fenner@research.att.com. 3.7.2 release

- Fixed infinite loop when parsing malformed isakmp packets.

+ Fixed infinite loop when parsing invalid isakmp packets.

(reported by iDefense; already fixed in CVS)

- Fixed infinite loop when parsing malformed BGP packets.

- Fixed buffer overflow with certain malformed NFS packets.

+ Fixed infinite loop when parsing invalid BGP packets.

+ Fixed buffer overflow with certain invalid NFS packets.

Pretty-print unprintable network names in 802.11 printer.

Handle truncated nbp (appletalk) packets.

Updated DHCPv6 printer to match draft-ietf-dhc-dhcpv6-22.txt