Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / tcpdump / 9a98642aa1ba8f1498e94db580908602ba012c9d^! / . / CHANGES
commit9a98642aa1ba8f1498e94db580908602ba012c9d[log] [tgz]
authorElliott Hughes <enh@google.com>Tue Dec 19 14:49:10 2017 -0800
committerElliott Hughes <enh@google.com>Tue Dec 19 14:49:10 2017 -0800
tree50f775e61bd2e27a2d87eb6b4cea8162e50a947f
parenta9b933680b81642b4498c2db1d91f7ea4982d7f6 [diff] [blame]
Upgrade to tcpdump 4.9.1.

From CHANGES:

  Sunday July 23, 2017 denis@ovsienko.info
  Summary for 4.9.1 tcpdump release
    CVE-2017-11108/Fix bounds checking for STP.
    Make assorted documentation updates and fix a few typos in tcpdump output.
    Fixup -C for file size >2GB (GH #488).
    Show AddressSanitizer presence in version output.
    Fix a bug in test scripts (exposed in GH #613).
    On FreeBSD adjust Capsicum capabilities for netmap.
    On Linux fix a use-after-free when the requested interface does not exist.

Bug: N/A
Test: ran manually
Change-Id: Id663a3770bc70c8b59e2579479437c7bc8f27fab

diff --git a/CHANGES b/CHANGES
index 7c4be17..eae4109 100644
--- a/CHANGES
+++ b/CHANGES

@@ -1,10 +1,16 @@
+Sunday July 23, 2017 denis@ovsienko.info
+  Summary for 4.9.1 tcpdump release
+    CVE-2017-11108/Fix bounds checking for STP.
+    Make assorted documentation updates and fix a few typos in tcpdump output.
+    Fixup -C for file size >2GB (GH #488).
+    Show AddressSanitizer presence in version output.
+    Fix a bug in test scripts (exposed in GH #613).
+    On FreeBSD adjust Capsicum capabilities for netmap.
+    On Linux fix a use-after-free when the requested interface does not exist.
+
 Wednesday January 18, 2017 devel.fx.lebail@orange.fr
   Summary for 4.9.0 tcpdump release
     General updates:
-    Improve separation frontend/backend (tcpdump/libnetdissect)
-    Don't require IPv6 library support in order to support IPv6 addresses
-    Introduce data types to use for integral values in packet structures
-    Fix display of timestamps with -tt, -ttt and -ttttt options
     Fix some heap overflows found with American Fuzzy Lop by Hanno Boeck and others
         (More information in the log with CVE-2016-* and CVE-2017-*)
     Change the way protocols print link-layer addresses (Fix heap overflows
@@ -35,14 +41,6 @@
     Don't drop CAP_SYS_CHROOT before chrooting
     Fixes issue where statistics not reported when -G and -W options used
 
-    New printers supporting:
-    Generic Protocol Extension for VXLAN (VXLAN-GPE)
-    Home Networking Control Protocol (HNCP), RFCs 7787 and 7788
-    Locator/Identifier Separation Protocol (LISP), type 3 and type 4 packets
-    Marvell Extended Distributed Switch Architecture header (MEDSA)
-    Network Service Header (NSH)
-    REdis Serialization Protocol (RESP)
-
     Updated printers:
     802.11: Beginnings of 11ac radiotap support
     802.11: Check the Protected bit for management frames
@@ -61,7 +59,6 @@
     ATM: Fix an incorrect bounds check
     BFD: Update specification from draft to RFC 5880
     BFD: Update to print optional authentication field
-    BGP: Add decoding of ADD-PATH capability
     BGP: Add support for the AIGP attribute (RFC7311)
     BGP: Print LARGE_COMMUNITY Path Attribute
     BGP: Update BGP numbers from IANA; Print minor values for FSM notification
@@ -78,7 +75,6 @@
     DTP: Improve packet integrity checks
     EGP: Fix bounds checks
     ESP: Don't use OpenSSL_add_all_algorithms() in OpenSSL 1.1.0 or later
-    ESP: Handle OpenSSL 1.1.x
     Ethernet: Add some bounds checking before calling isoclns_print (Fix a heap overflow)
     Ethernet: Print the Length/Type field as length when needed
     FDDI: Fix -e output for FDDI
@@ -87,7 +83,6 @@
     Geneve: Fix error message with invalid option length; Update list option classes
     HNCP: Fix incorrect time interval format. Fix handling of IPv4 prefixes
     ICMP6: Fetch a 32-bit big-endian quantity with EXTRACT_32BITS()
-    ICMP6: dagid is always an IPv6 address, not an opaque 128-bit string
     IGMP: Add a length check
     IP: Add a bounds check (Fix a heap overflow)
     IP: Check before fetching the protocol version (Fix a heap overflow)
@@ -115,7 +110,6 @@
     MPLS LSP ping: Update printing for RFC 4379, bug fixes, more bounds checks
     MPLS: "length" is now the *remaining* packet length
     MPLS: Add bounds and length checks (Fix a heap overflow)
-    NFS: Add a test that makes unaligned accesses
     NFS: Don't assume the ONC RPC header is nicely aligned
     NFS: Don't overflow the Opaque_Handle buffer (Fix a segmentation fault)
     NFS: Don't run past the end of an NFSv3 file handle
@@ -130,7 +124,6 @@
     PGM: Print the formatted IP address, not the raw binary address, as a string
     PIM: Add some bounds checking (Fix a heap overflow)
     PIMv2: Fix checksumming of Register messages
-    PPI: Pass an adjusted struct pcap_pkthdr to the sub-printer
     PPP: Add some bounds checks (Fix a heap overflow)
     PPP: Report invalid PAP AACK/ANAK packets
     Q.933: Add a missing bounds check
@@ -171,16 +164,46 @@
     UDLD: Fix an infinite loop
     UDP: Add a bounds check (Fix a heap overflow)
     UDP: Check against the packet length first
-    UDP: Don't do the DDP-over-UDP heuristic check up front
     VAT: Add some bounds checks
     VTP: Add a test on Mgmt Domain Name length
     VTP: Add bounds checks and filter out non-printable characters
     VXLAN: Add a bound check and a test case
     ZeroMQ: Fix an infinite loop
 
-Tuesday April 14, 2015 guy@alum.mit.edu
-  Summary for 4.8.0 tcpdump release
+Tuesday October 25, 2016 mcr@sandelman.ca
+  Summary for 4.8.1 tcpdump release
 	Fix "-x" for Apple PKTAP and PPI packets
+        Improve separation frontend/backend (tcpdump/libnetdissect)
+        Fix display of timestamps with -tt, -ttt and -ttttt options
+        Add support for the Marvell Extended Distributed Switch Architecture header
+        Use PRIx64 to print a 64-bit number in hex.
+        Printer for HNCP (RFCs 7787 and 7788).
+        dagid is always an IPv6 address, not an opaque 128-bit string, and other fixes to RPL printer.
+        RSVP: Add bounds and length checks
+        OSPF: Do more bounds checking
+        Handle OpenSSL 1.1.x.
+        Initial support for the REdis Serialization Protocol known as RESP.
+        Add printing function for Generic Protocol Extension for VXLAN
+            draft-ietf-nvo3-vxlan-gpe-01
+        Network Service Header: draft-ietf-sfc-nsh-01
+        Don't recompile the filter if the new file has the same DLT.
+        Pass an adjusted struct pcap_pkthdr to the sub-printer.
+        Add three test cases for already fixed CVEs
+           CVE-2014-8767: OLSR
+           CVE-2014-8768: Geonet
+           CVE-2014-8769: AODV
+        Don't do the DDP-over-UDP heuristic first: GitHub issue #499.
+        Use the new debugging routines in libpcap.
+        Harmonize TCP source or destination ports tests with UDP ones
+        Introduce data types to use for integral values in packet structures.
+        RSVP: Fix an infinite loop
+        Support of Type 3 and Type 4 LISP packets.
+        Don't require IPv6 library support in order to support IPv6 addresses.
+        Many many changes to support libnetdissect usage.
+        Add a test that makes unaligned accesses: GitHub issue #478.
+        add a DNSSEC test case: GH #445 and GH #467.
+        BGP: add decoding of ADD-PATH capability
+        fixes to LLC header printing, and RFC948-style IP packets
 
 Friday April 10, 2015 guy@alum.mit.edu
   Summary for 4.7.4 tcpdump release