From 3f8ce783de089335366c329a62500ed62f390e7b Mon Sep 17 00:00:00 2001 From: cube Date: Tue, 28 Oct 2003 16:57:00 +0000 Subject: Update to version 1.18. This release fixes a buffer overflow in TCP fragment reassembly code. CVE reference for that vulnerability is CAN-2003-0850. Note homepage relocation, and take over maintainership since that's apparently what I've become. v1.18 Oct 15 2003 - reject tcp packets with old timestamp; needed to pass fragroute test; well, linux 2.0.36 did not support this ;) - fixed memory corruption which could be caused by overlarge TCP packets - adjusted checksum.c to not use multiline literals (for gcc 3.3) - in configure.in, even if found libnet files, try compilation; there is another library with the same name - fix a bug in "collect" field handling; if you did collect-- and then collect++ (which is rare), you would get a single junk packet - correct handling of exec_prefix in configure.in - unlink config.status in "make distclean" - use pcap_hdr->caplen instead pcap_hdr->len; the only gain seems to be to gracefully handle pcap files with too short snaplen - changed soname to libnids.so.1.x, as binary compatibility is not guaranteed - switched to sourceforge as homepage --- net/libnids/Makefile | 10 +-- net/libnids/buildlink2.mk | 4 +- net/libnids/distinfo | 7 +- net/libnids/patches/patch-aa | 199 ------------------------------------------- 4 files changed, 10 insertions(+), 210 deletions(-) delete mode 100644 net/libnids/patches/patch-aa (limited to 'net/libnids') diff --git a/net/libnids/Makefile b/net/libnids/Makefile index 83376ccec03..528362430bc 100644 --- a/net/libnids/Makefile +++ b/net/libnids/Makefile @@ -1,13 +1,13 @@ -# $NetBSD: Makefile,v 1.9 2003/10/10 08:44:44 cube Exp $ +# $NetBSD: Makefile,v 1.10 2003/10/28 16:57:00 cube Exp $ # $FreeBSD: ports/net/libnids/Makefile,v 1.5 2000/04/24 07:42:58 kris Exp $ # -DISTNAME= libnids-1.17 +DISTNAME= libnids-1.18 CATEGORIES= net security -MASTER_SITES= http://www.avet.com.pl/~nergal/libnids/dist/ +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libnids/} -MAINTAINER= tech-pkg@NetBSD.org -HOMEPAGE= http://www.avet.com.pl/~nergal/libnids/ +MAINTAINER= cube@NetBSD.org +HOMEPAGE= http://libnids.sourceforge.net/ COMMENT= Network monitoring library with TCP/IP reassembly USE_BUILDLINK2= yes diff --git a/net/libnids/buildlink2.mk b/net/libnids/buildlink2.mk index 40fe87323a5..7db20db8a71 100644 --- a/net/libnids/buildlink2.mk +++ b/net/libnids/buildlink2.mk @@ -1,10 +1,10 @@ -# $NetBSD: buildlink2.mk,v 1.1 2003/10/10 08:44:44 cube Exp $ +# $NetBSD: buildlink2.mk,v 1.2 2003/10/28 16:57:00 cube Exp $ .if !defined(LIBNIDS_BUILDLINK2_MK) LIBNIDS_BUILDLINK2_MK= # defined BUILDLINK_PACKAGES+= libnids -BUILDLINK_DEPENDS.libnids?= libnids>=1.17 +BUILDLINK_DEPENDS.libnids?= libnids>=1.18 BUILDLINK_PKGSRCDIR.libnids?= ../../net/libnids BUILDLINK_DEPMETHOD.libnids?= build diff --git a/net/libnids/distinfo b/net/libnids/distinfo index 6bed9064b79..b653c445098 100644 --- a/net/libnids/distinfo +++ b/net/libnids/distinfo @@ -1,5 +1,4 @@ -$NetBSD: distinfo,v 1.4 2003/10/10 08:44:44 cube Exp $ +$NetBSD: distinfo,v 1.5 2003/10/28 16:57:00 cube Exp $ -SHA1 (libnids-1.17.tar.gz) = 4c0f5044a9f8758c5ecfb07af33be8eff5ef2f97 -Size (libnids-1.17.tar.gz) = 98410 bytes -SHA1 (patch-aa) = 27004fe0f71c64b27e4f0c1f67377ba036f1b735 +SHA1 (libnids-1.18.tar.gz) = 3494e614e5e5d2f60f2ffe738307e60e77e04a81 +Size (libnids-1.18.tar.gz) = 114013 bytes diff --git a/net/libnids/patches/patch-aa b/net/libnids/patches/patch-aa deleted file mode 100644 index bf708a93632..00000000000 --- a/net/libnids/patches/patch-aa +++ /dev/null @@ -1,199 +0,0 @@ -$NetBSD: patch-aa,v 1.1 2003/10/08 04:21:38 rtr Exp $ - ---- src/checksum.c.orig 2000-06-20 23:06:32.000000000 +0200 -+++ src/checksum.c -@@ -29,62 +29,62 @@ csum_partial(const u_char * buff, int le - movl 16(%esp),%ecx # Function arg: int len - movl 12(%esp),%esi # Function arg: u_char *buff*/ - -- "testl $2, %%esi -- jz 2f -- subl $2, %%ecx -- jae 1f -- addl $2, %%ecx -- jmp 4f --1: movw (%%esi), %%bx -- addl $2, %%esi -- addw %%bx, %%ax -- adcl $0, %%eax --2: -- movl %%ecx, %%edx -- shrl $5, %%ecx -- jz 2f -- testl %%esi, %%esi --1: movl (%%esi), %%ebx -- adcl %%ebx, %%eax -- movl 4(%%esi), %%ebx -- adcl %%ebx, %%eax -- movl 8(%%esi), %%ebx -- adcl %%ebx, %%eax -- movl 12(%%esi), %%ebx -- adcl %%ebx, %%eax -- movl 16(%%esi), %%ebx -- adcl %%ebx, %%eax -- movl 20(%%esi), %%ebx -- adcl %%ebx, %%eax -- movl 24(%%esi), %%ebx -- adcl %%ebx, %%eax -- movl 28(%%esi), %%ebx -- adcl %%ebx, %%eax -- lea 32(%%esi), %%esi -- dec %%ecx -- jne 1b -- adcl $0, %%eax --2: movl %%edx, %%ecx -- andl $0x1c, %%edx -- je 4f -- shrl $2, %%edx --3: adcl (%%esi), %%eax -- lea 4(%%esi), %%esi -- dec %%edx -- jne 3b -- adcl $0, %%eax --4: andl $3, %%ecx -- jz 7f -- cmpl $2, %%ecx -- jb 5f -- movw (%%esi),%%cx -- leal 2(%%esi),%%esi -- je 6f -- shll $16,%%ecx --5: movb (%%esi),%%cl --6: addl %%ecx,%%eax -- adcl $0, %%eax --7: " -+ "testl $2, %%esi \n" -+" jz 2f \n" -+" subl $2, %%ecx \n" -+" jae 1f \n" -+" addl $2, %%ecx \n" -+" jmp 4f\n" -+"1: movw (%%esi), %%bx\n" -+" addl $2, %%esi\n" -+" addw %%bx, %%ax\n" -+" adcl $0, %%eax\n" -+"2:\n" -+" movl %%ecx, %%edx\n" -+" shrl $5, %%ecx\n" -+" jz 2f\n" -+" testl %%esi, %%esi\n" -+"1: movl (%%esi), %%ebx\n" -+" adcl %%ebx, %%eax\n" -+" movl 4(%%esi), %%ebx\n" -+" adcl %%ebx, %%eax\n" -+" movl 8(%%esi), %%ebx\n" -+" adcl %%ebx, %%eax\n" -+" movl 12(%%esi), %%ebx\n" -+" adcl %%ebx, %%eax\n" -+" movl 16(%%esi), %%ebx\n" -+" adcl %%ebx, %%eax\n" -+" movl 20(%%esi), %%ebx\n" -+" adcl %%ebx, %%eax\n" -+" movl 24(%%esi), %%ebx\n" -+" adcl %%ebx, %%eax\n" -+" movl 28(%%esi), %%ebx\n" -+" adcl %%ebx, %%eax\n" -+" lea 32(%%esi), %%esi\n" -+" dec %%ecx\n" -+" jne 1b\n" -+" adcl $0, %%eax\n" -+"2: movl %%edx, %%ecx\n" -+" andl $0x1c, %%edx\n" -+" je 4f\n" -+" shrl $2, %%edx \n" -+"3: adcl (%%esi), %%eax\n" -+" lea 4(%%esi), %%esi\n" -+" dec %%edx\n" -+" jne 3b\n" -+" adcl $0, %%eax\n" -+"4: andl $3, %%ecx\n" -+" jz 7f\n" -+" cmpl $2, %%ecx\n" -+" jb 5f\n" -+" movw (%%esi),%%cx\n" -+" leal 2(%%esi),%%esi\n" -+" je 6f\n" -+" shll $16,%%ecx\n" -+"5: movb (%%esi),%%cl\n" -+"6: addl %%ecx,%%eax\n" -+" adcl $0, %%eax\n" -+"7: " - : "=a"(sum) - : "0"(sum), "c"(len), "S"(buff) - : "bx", "dx"); -@@ -103,25 +103,24 @@ inline u_short ip_fast_csum(u_char * iph - { - u_int sum; - -- __asm__ __volatile__(" -- movl (%1), %0 -- subl $4, %2 -- jbe 2f -- addl 4(%1), %0 -- adcl 8(%1), %0 -- adcl 12(%1), %0 --1: adcl 16(%1), %0 -- lea 4(%1), %1 -- decl %2 -- jne 1b -- adcl $0, %0 -- movl %0, %2 -- shrl $16, %0 -- addw %w2, %w0 -- adcl $0, %0 -- notl %0 --2: -- " -+ __asm__ __volatile__( -+" movl (%1), %0\n" -+" subl $4, %2\n" -+" jbe 2f\n" -+" addl 4(%1), %0\n" -+" adcl 8(%1), %0\n" -+" adcl 12(%1), %0\n" -+"1: adcl 16(%1), %0\n" -+" lea 4(%1), %1\n" -+" decl %2\n" -+" jne 1b\n" -+" adcl $0, %0\n" -+" movl %0, %2\n" -+" shrl $16, %0\n" -+" addw %w2, %w0\n" -+" adcl $0, %0\n" -+" notl %0\n" -+"2:\n" - /* - Since the input registers which are loaded with iph and ipl - are modified, we must also specify them as outputs, or gcc -@@ -137,10 +136,9 @@ inline u_short ip_fast_csum(u_char * iph - static inline u_int - csum_fold(u_int sum) - { -- __asm__(" -- addl %1, %0 -- adcl $0xffff, %0 -- " -+ __asm__( -+" addl %1, %0\n" -+" adcl $0xffff, %0" - : "=r" (sum) - : "r" (sum << 16), "0" (sum & 0xffff0000) - ); -@@ -155,12 +153,11 @@ static inline u_short - csum_tcpudp_magic(u_int saddr, u_int daddr, u_short len, - u_short proto, u_int sum) - { -- __asm__(" -- addl %1, %0 -- adcl %2, %0 -- adcl %3, %0 -- adcl $0, %0 -- " -+ __asm__( -+" addl %1, %0\n" -+" adcl %2, %0\n" -+" adcl %3, %0\n" -+" adcl $0, %0" - : "=r" (sum) - : "g" (daddr), "g"(saddr), "g"((ntohs(len) << 16) + proto * 256), "0"(sum)); - return (csum_fold(sum)); -- cgit v1.2.3