diff options
Diffstat (limited to 'net')
| -rw-r--r-- | net/igmpproxy/Makefile | 3 | ||||
| -rw-r--r-- | net/igmpproxy/files/patch-fix-buffer-overflow_igmp.c | 22 | ||||
| -rw-r--r-- | net/igmpproxy/files/patch-src_rttable.c | 33 | ||||
| -rw-r--r-- | net/ip2location/Makefile | 2 | ||||
| -rw-r--r-- | net/ip2location/distinfo | 6 | ||||
| -rw-r--r-- | net/ip2proxy/Makefile | 4 | ||||
| -rw-r--r-- | net/ip2proxy/distinfo | 6 | ||||
| -rw-r--r-- | net/ngrep/Makefile | 62 | ||||
| -rw-r--r-- | net/ngrep/distinfo | 5 | ||||
| -rw-r--r-- | net/ngrep/files/patch-Makefile.in | 11 | ||||
| -rw-r--r-- | net/ngrep/files/patch-configure.ac (renamed from net/ngrep/files/patch-Configure.in) | 38 | ||||
| -rw-r--r-- | net/ngrep/files/patch-fix-ipv6 | 39 | ||||
| -rw-r--r-- | net/ngrep/files/patch-ngrep.c | 86 | ||||
| -rw-r--r-- | net/ngrep/pkg-descr | 15 |
14 files changed, 173 insertions, 159 deletions
diff --git a/net/igmpproxy/Makefile b/net/igmpproxy/Makefile index d11554273288..5375fea7dff7 100644 --- a/net/igmpproxy/Makefile +++ b/net/igmpproxy/Makefile @@ -1,6 +1,6 @@ PORTNAME= igmpproxy DISTVERSION= 0.4 -PORTREVISION= 2 +PORTREVISION= 3 PORTEPOCH= 1 CATEGORIES= net @@ -15,7 +15,6 @@ USES= autoreconf USE_GITHUB= yes GH_ACCOUNT= pali GNU_CONFIGURE= yes -GNU_CONFIGURE_MANPREFIX=${PREFIX}/share USE_RC_SUBR= igmpproxy post-install: diff --git a/net/igmpproxy/files/patch-fix-buffer-overflow_igmp.c b/net/igmpproxy/files/patch-fix-buffer-overflow_igmp.c new file mode 100644 index 000000000000..47f7a0b5866b --- /dev/null +++ b/net/igmpproxy/files/patch-fix-buffer-overflow_igmp.c @@ -0,0 +1,22 @@ +From 2b30c36e6ab5b21defb76ec6458ab7687984484c Mon Sep 17 00:00:00 2001 +From: Jan Klemkow <j.klemkow@wemelug.de> +Date: Thu, 17 Apr 2025 19:02:16 +0200 +Subject: [PATCH] Fix Buffer Overflow #97 + +--- + src/igmp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/igmp.c b/src/igmp.c +index a80c4e5..838694c 100644 +--- src/igmp.c ++++ src/igmp.c +@@ -94,7 +94,7 @@ static const char *igmpPacketKind(unsigned int type, unsigned int code) { + case IGMP_V2_LEAVE_GROUP: return "Leave message "; + + default: +- sprintf(unknown, "unk: 0x%02x/0x%02x ", type, code); ++ snprintf(unknown, sizeof unknown, "unk: 0x%02x/0x%02x ", type, code); + return unknown; + } + } diff --git a/net/igmpproxy/files/patch-src_rttable.c b/net/igmpproxy/files/patch-src_rttable.c new file mode 100644 index 000000000000..14cdf8b868fe --- /dev/null +++ b/net/igmpproxy/files/patch-src_rttable.c @@ -0,0 +1,33 @@ +From e49fb373da9044dfb00ffbcd3e1f68ca7107af75 Mon Sep 17 00:00:00 2001 +From: Jan Klemkow <j.klemkow@wemelug.de> +Date: Thu, 17 Apr 2025 18:53:18 +0200 +Subject: [PATCH] Fix use after free(3) in internAgeRoute(). + +removeRoute(croute) calls free(croute). Thus, the zeroing of +croute->ageVifBits afterwards is unnecessary, illegal and an +undefined behavior. +--- + src/rttable.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/rttable.c b/src/rttable.c +index bcafa3fe..04e24f3b 100644 +--- src/rttable.c ++++ src/rttable.c +@@ -704,13 +704,15 @@ int internAgeRoute(struct RouteTable* croute) { + + // No activity was registered within the timelimit, so remove the route. + removeRoute(croute); ++ croute = NULL; + } + // Tell that the route was updated... + result = 1; + } + + // The aging vif bits must be reset for each round... +- BIT_ZERO(croute->ageVifBits); ++ if (croute != NULL) ++ BIT_ZERO(croute->ageVifBits); + + return result; + } diff --git a/net/ip2location/Makefile b/net/ip2location/Makefile index d9694e38240d..b3281ad63284 100644 --- a/net/ip2location/Makefile +++ b/net/ip2location/Makefile @@ -1,5 +1,5 @@ PORTNAME= ip2location -PORTVERSION= 8.6.1 +PORTVERSION= 8.7.0 CATEGORIES= net MAINTAINER= zi@FreeBSD.org diff --git a/net/ip2location/distinfo b/net/ip2location/distinfo index 13adaa9aae97..940458c6cb81 100644 --- a/net/ip2location/distinfo +++ b/net/ip2location/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1698946866 -SHA256 (chrislim2888-IP2Location-C-Library-8.6.1_GH0.tar.gz) = c4825bdf7d5753ab83c323ae85f7801d2308046fbdfcd2761c16c856765165b4 -SIZE (chrislim2888-IP2Location-C-Library-8.6.1_GH0.tar.gz) = 3564380 +TIMESTAMP = 1766432959 +SHA256 (chrislim2888-IP2Location-C-Library-8.7.0_GH0.tar.gz) = 0c196016c281f685cb428011d4703360bca8a805f4efa777eb1bd29c8295d196 +SIZE (chrislim2888-IP2Location-C-Library-8.7.0_GH0.tar.gz) = 3591904 diff --git a/net/ip2proxy/Makefile b/net/ip2proxy/Makefile index 74d0779c43eb..6f30994589ff 100644 --- a/net/ip2proxy/Makefile +++ b/net/ip2proxy/Makefile @@ -1,5 +1,5 @@ PORTNAME= ip2proxy -PORTVERSION= 20250204 +PORTVERSION= 20251118 CATEGORIES= net MAINTAINER= zi@FreeBSD.org @@ -13,7 +13,7 @@ USES= autoreconf libtool USE_GITHUB= yes GH_ACCOUNT= ip2location GH_PROJECT= ${PORTNAME}-c -GH_TAGNAME= 75beea9 +GH_TAGNAME= 7966220 HAS_CONFIGURE= yes USE_LDCONFIG= yes diff --git a/net/ip2proxy/distinfo b/net/ip2proxy/distinfo index f05ee42904f8..b069f1ef06ae 100644 --- a/net/ip2proxy/distinfo +++ b/net/ip2proxy/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1738698515 -SHA256 (ip2location-ip2proxy-c-20250204-75beea9_GH0.tar.gz) = 28cac5d63a0c2f099c09015bff8e2fde68815dcd10dade1ce1b15d97bf102470 -SIZE (ip2location-ip2proxy-c-20250204-75beea9_GH0.tar.gz) = 7772028 +TIMESTAMP = 1766433117 +SHA256 (ip2location-ip2proxy-c-20251118-7966220_GH0.tar.gz) = ea0007c46b6a6b873652f6260556abf45090cb5fa0621a008171f4cb78f336ec +SIZE (ip2location-ip2proxy-c-20251118-7966220_GH0.tar.gz) = 450596 diff --git a/net/ngrep/Makefile b/net/ngrep/Makefile index e2493a31453c..6d40cb269761 100644 --- a/net/ngrep/Makefile +++ b/net/ngrep/Makefile @@ -1,62 +1,52 @@ PORTNAME= ngrep -PORTVERSION= 1.45 -PORTREVISION= 5 +DISTVERSION= 1.48.3 CATEGORIES= net security -MASTER_SITES= SF +MASTER_SITES= SF/${PORTNAME}/v${DISTVERSION}/ +DISTNAME= v${DISTVERSION}%20source%20code +DIST_SUBDIR= ${PORTNAME} -MAINTAINER= logan@elandsys.com +MAINTAINER= ports@FreeBSD.org COMMENT= Network grep -WWW= https://ngrep.sourceforge.net/ +WWW= https://ngrep.sourceforge.net/ \ + https://github.com/jpr5/ngrep/ LICENSE= BSD4CLAUSE -LICENSE_FILE= ${WRKSRC}/LICENSE.txt +LICENSE_FILE= ${WRKSRC}/LICENSE -USES= gmake tar:bzip2 +USES= autoreconf gmake GNU_CONFIGURE= yes CONFIGURE_ARGS= --disable-pcap-restart MAKE_JOBS_UNSAFE= yes +WRKSRC= ${WRKDIR}/jpr5-${PORTNAME}-c3d586c + +PLIST_FILES= bin/ngrep share/man/man8/ngrep.8.gz +PORTDOCS= CREDITS EXAMPLES.md INSTALL README.md + OPTIONS_DEFINE= CAPSICUM DOCS IPV6 PCRE PORTS_PCAP OPTIONS_DEFAULT= CAPSICUM PCRE -PCRE_DESC= Use PCRE instead of GNU regex -PORTS_PCAP_DESC= Use ports PCAP instead of system PCAP CAPSICUM_DESC= Build with capsicum if kernel supports it - -PLIST_FILES= bin/ngrep share/man/man8/ngrep.8.gz - -PORTDOCS= CHANGES.txt CREDITS.txt INSTALL.txt LICENSE.txt \ - README.txt REGEX.txt +PCRE_DESC= Use PCRE2 instead of GNU regex +PORTS_PCAP_DESC= Use ports PCAP instead of system PCAP CAPSICUM_CONFIGURE_ON= --enable-capsicum IPV6_CONFIGURE_ENABLE= ipv6 -PCRE_CONFIGURE_ENABLE= pcre +PCRE_LIB_DEPENDS= libpcre2-8.so:devel/pcre2 \ + libpcre2-posix.so:devel/pcre2 +PCRE_CONFIGURE_ENABLE= pcre2 + +PORTS_PCAP_BUILD_DEPENDS= ${LOCALBASE}/include/pcap.h:net/libpcap +PORTS_PCAP_LIB_DEPENDS= libpcap.so:net/libpcap PORTS_PCAP_CONFIGURE_ON= --with-pcap-includes=${LOCALBASE}/include PORTS_PCAP_CONFIGURE_OFF= --with-pcap-includes=/usr/include -PORTS_PCAP_BUILD_DEPENDS= ${LOCALBASE}/lib/libpcap.a:net/libpcap - -.include <bsd.port.options.mk> - -post-patch: -.if ${PORT_OPTIONS:MPORTS_PCAP} - @${REINPLACE_CMD} -e "s|-lpcap|${LOCALBASE}/lib/libpcap.a|g" \ - ${WRKSRC}/Makefile.in ${WRKSRC}/configure -.endif - -post-install: -.if ${PORT_OPTIONS:MDOCS} - @${MKDIR} ${STAGEDIR}${DOCSDIR} -.for file in ${PORTDOCS} - @if [ -f ${WRKSRC}/${file} ]; then \ - ${INSTALL_DATA} ${WRKSRC}/${file} ${STAGEDIR}${DOCSDIR}; \ - else \ - ${INSTALL_DATA} ${WRKSRC}/doc/${file} ${STAGEDIR}${DOCSDIR}; \ - fi -.endfor -.endif + +post-install-DOCS-on: + ${MKDIR} ${STAGEDIR}${DOCSDIR} + ${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR} .include <bsd.port.mk> diff --git a/net/ngrep/distinfo b/net/ngrep/distinfo index 8dcd486821b3..93ba3c01cda8 100644 --- a/net/ngrep/distinfo +++ b/net/ngrep/distinfo @@ -1,2 +1,3 @@ -SHA256 (ngrep-1.45.tar.bz2) = aea6dd337da8781847c75b3b5b876e4de9c58520e0d77310679a979fc6402fa7 -SIZE (ngrep-1.45.tar.bz2) = 463361 +TIMESTAMP = 1765188888 +SHA256 (ngrep/v1.48.3%20source%20code.tar.gz) = 1900038c313412661693a55d75135ab527529c863a8611e0b8dda838af5b63c9 +SIZE (ngrep/v1.48.3%20source%20code.tar.gz) = 297828 diff --git a/net/ngrep/files/patch-Makefile.in b/net/ngrep/files/patch-Makefile.in deleted file mode 100644 index 8c88a82ea677..000000000000 --- a/net/ngrep/files/patch-Makefile.in +++ /dev/null @@ -1,11 +0,0 @@ ---- Makefile.in.orig 2006-11-29 00:35:37.000000000 +1100 -+++ Makefile.in 2013-10-09 02:17:53.000000000 +1100 -@@ -63,7 +63,7 @@ - rm -f config.status config.cache config.log config.h Makefile - - $(REGEX_OBJS): $(REGEX_OBJS:.o=.c) $(REGEX_DIR)/*.h -- $(MAKE) $(MAKEFLAGS) -C $(REGEX_DIR) $(notdir $(REGEX_OBJS)) -+ $(MAKE) -C $(REGEX_DIR) $(notdir $(REGEX_OBJS)) - - $(OBJS): Makefile ngrep.c ngrep.h - diff --git a/net/ngrep/files/patch-Configure.in b/net/ngrep/files/patch-configure.ac index 84439ba05e64..9ad74b5061cb 100644 --- a/net/ngrep/files/patch-Configure.in +++ b/net/ngrep/files/patch-configure.ac @@ -1,8 +1,8 @@ ---- configure.in.orig 2006-11-15 07:43:56.000000000 +0400 -+++ configure.in 2014-12-12 00:01:00.000000000 +0400 -@@ -110,6 +110,34 @@ else - USE_IPv6="0" - fi +--- configure.ac.orig 2025-11-07 06:35:47 UTC ++++ configure.ac +@@ -138,7 +138,35 @@ AS_IF([test $use_pcap_restart = yes], [ + USE_PCAP_RESTART="0" + ]) +AC_ARG_ENABLE(capsicum, +[ --enable-capsicum enable capsicum support], @@ -12,7 +12,7 @@ +[ + use_capsicum="no" +]) -+ + +# +# Check whether various functions are available. If any are, set +# ac_lbl_capsicum_function_seen to yes; if any are not, set @@ -27,19 +27,33 @@ +fi +AC_MSG_CHECKING([whether to sandbox using capsicum]) +if test "x$ac_lbl_capsicum_function_seen" = "xyes" -a "x$ac_lbl_capsicum_function_not_seen" != "xyes"; then -+ HAVE_CAPSICUM="1" ++ USE_CAPSICUM="1" + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi - ++ dnl dnl Configure the regular expression library. -@@ -390,6 +418,7 @@ AC_DEFINE_UNQUOTED(USE_PCAP_RESTART, - - AC_DEFINE_UNQUOTED(USE_PCRE, $USE_PCRE, [whether to use PCRE (default GNU Regex)]) + dnl +@@ -553,6 +581,7 @@ AC_DEFINE_UNQUOTED(USE_VLAN_HACK, $USE_VLA AC_DEFINE_UNQUOTED(USE_IPv6, $USE_IPv6, [whether to use IPv6 (default off)]) -+AC_DEFINE_UNQUOTED(HAVE_CAPSICUM, $HAVE_CAPSICUM, [whether to use capsicum]) + AC_DEFINE_UNQUOTED(USE_TCPKILL, $USE_TCPKILL, [whether to enable tcpkill functionality (default off)]) + AC_DEFINE_UNQUOTED(USE_VLAN_HACK, $USE_VLAN_HACK, [whether to automatically include VLAN frames (default on)]) ++AC_DEFINE_UNQUOTED(USE_CAPSICUM, $USE_CAPSICUM, [whether to use capsicum]) AC_DEFINE_UNQUOTED(USE_DROPPRIVS, $USE_DROPPRIVS, [whether to use privileges dropping (default yes)]) AC_DEFINE_UNQUOTED(DROPPRIVS_USER, "$DROPPRIVS_USER", [pseudo-user for running ngrep (default "nobody")]) +@@ -613,6 +642,12 @@ AS_IF([test "$USE_VLAN_HACK" = "1"], [ + AC_MSG_RESULT(CONFIG: automatically including VLAN frames) + ], [ + AC_MSG_RESULT(CONFIG: NOT automatically including VLAN frames) ++]) ++ ++AS_IF([test "$USE_CAPSICUM" = "1"], [ ++ AC_MSG_RESULT(CONFIG: capsicum enabled) ++], [ ++ AC_MSG_RESULT(CONFIG: capsicum disabled) + ]) + + dnl diff --git a/net/ngrep/files/patch-fix-ipv6 b/net/ngrep/files/patch-fix-ipv6 deleted file mode 100644 index c7db09f43bf0..000000000000 --- a/net/ngrep/files/patch-fix-ipv6 +++ /dev/null @@ -1,39 +0,0 @@ ---- ngrep.c 2010-04-21 12:16:52.000000000 +0200 -+++ ngrep.c 2010-04-21 12:11:49.581088102 +0200 -@@ -711,10 +711,12 @@ void process(u_char *d, struct pcap_pkth - data = (unsigned char *)(tcp_pkt) + tcphdr_offset; - len -= link_offset + ip_hl + tcphdr_offset; - -+/* - #if USE_IPv6 - if (ip_ver == 6) - len -= ntohs(ip6_pkt->ip6_plen); --#endif -+#endif -+*/ - - if ((int32_t)len < 0) - len = 0; -@@ -731,11 +733,12 @@ void process(u_char *d, struct pcap_pkth - data = (unsigned char *)(udp_pkt) + udphdr_offset; - len -= link_offset + ip_hl + udphdr_offset; - -+/* - #if USE_IPv6 - if (ip_ver == 6) - len -= ntohs(ip6_pkt->ip6_plen); - #endif -- -+*/ - if ((int32_t)len < 0) - len = 0; - -@@ -769,7 +772,7 @@ void process(u_char *d, struct pcap_pkth - uint16_t icmp6hdr_offset = (frag_offset) ? 0 : 4; - - data = (unsigned char *)(icmp6_pkt) + icmp6hdr_offset; -- len -= link_offset + ip_hl + ntohs(ip6_pkt->ip6_plen) + icmp6hdr_offset; -+ len -= link_offset + ip_hl + icmp6hdr_offset; - - if ((int32_t)len < 0) - len = 0; diff --git a/net/ngrep/files/patch-ngrep.c b/net/ngrep/files/patch-ngrep.c index ebeaecc16afb..76c8ea985385 100644 --- a/net/ngrep/files/patch-ngrep.c +++ b/net/ngrep/files/patch-ngrep.c @@ -1,69 +1,75 @@ ---- ngrep.c.orig 2006-11-28 17:38:43.000000000 +0400 -+++ ngrep.c 2014-12-12 11:14:13.000000000 +0400 -@@ -97,6 +97,10 @@ - #include "regex-0.12/regex.h" +--- ngrep.c.orig 2025-11-07 06:35:47 UTC ++++ ngrep.c +@@ -93,10 +93,15 @@ + #include <sys/ioctl.h> #endif -+#ifdef HAVE_CAPSICUM -+#include <sys/capability.h> -+#endif /* HAVE CAPSICUM */ -+ - #include "ngrep.h" - +-#include <pcap.h> +- + #include "config.h" -@@ -186,6 +190,10 @@ uint32_t ws_row, ws_col = 80, ws_col_for - int main(int argc, char **argv) { ++#ifdef USE_CAPSICUM ++#include <sys/capsicum.h> ++#include <net/bpf.h> ++#endif /* USE_CAPSICUM */ ++ ++#include <pcap.h> ++ + #if USE_IPv6 && !defined(_WIN32) && !defined(_WIN64) + #include <netinet/ip6.h> + #include <netinet/icmp6.h> +@@ -217,6 +222,10 @@ int main(int argc, char **argv) { int32_t c; + const char *extra = ""; -+#ifdef HAVE_CAPSICUM ++#ifdef USE_CAPSICUM + cap_rights_t rights; -+#endif /* HAVE_CAPSICUM */ ++#endif /* USE_CAPSICUM */ + signal(SIGINT, clean_exit); signal(SIGABRT, clean_exit); -@@ -416,6 +424,23 @@ int main(int argc, char **argv) { - clean_exit(-1); +@@ -461,6 +470,22 @@ int main(int argc, char **argv) { + free(filter); } -+#ifdef HAVE_CAPSICUM ++#ifdef USE_CAPSICUM + cap_rights_init(&rights, CAP_IOCTL, CAP_READ); + if (cap_rights_limit(pcap_fileno(pd), &rights) < 0 && + errno != ENOSYS) { + fprintf(stderr, "unable to limit pcap descriptor"); -+ clean_exit(-1); -+ } ++ clean_exit(2); ++ } + + static const unsigned long cmds[] = { BIOCGSTATS }; + if (cap_ioctls_limit(pcap_fileno(pd), cmds, + sizeof(cmds) / sizeof(cmds[0])) < 0 && errno != ENOSYS) { -+ fprintf(stderr, "unable to limit ioctls on pcap descriptor"); -+ clean_exit(-1); -+ } -+ -+#endif /* HAVE CAPSICUM */ ++ fprintf(stderr, "unable to limit ioctls on pcap descriptor"); ++ clean_exit(2); ++ } ++#endif /* USE_CAPSICUM */ + + /* Setup matcher */ + if (match_data) { - if (bin_match) { - uint32_t i = 0, n; -@@ -603,6 +628,20 @@ int main(int argc, char **argv) { +@@ -491,6 +516,20 @@ int main(int argc, char **argv) { + #if !defined(_WIN32) && !defined(_WIN64) && USE_DROPPRIVS drop_privs(); #endif - -+#ifdef HAVE_CAPSICUM -+ cap_rights_init(&rights); + -+ if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) { -+ fprintf(stderr, "can't limit stdin"); -+ clean_exit(-1); -+ } ++#ifdef USE_CAPSICUM ++ cap_rights_init(&rights); + -+ if (cap_enter() < 0 && errno != ENOSYS) { -+ fprintf(stderr, "can't enter capability mode"); -+ clean_exit(-1); ++ if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) { ++ fprintf(stderr, "can't limit stdin"); ++ clean_exit(1); + } -+#endif /* HAVE_CAPSICUM */ + - while (pcap_loop(pd, 0, (pcap_handler)process, 0)); ++ if (cap_enter() < 0 && errno != ENOSYS) { ++ fprintf(stderr, "can't enter capability mode"); ++ clean_exit(2); ++ } ++#endif /* USE_CAPSICUM */ + + while (pcap_loop(pd, -1, (pcap_handler)process, 0)); - clean_exit(0); diff --git a/net/ngrep/pkg-descr b/net/ngrep/pkg-descr index 592428932e4a..46dbcb8bf00a 100644 --- a/net/ngrep/pkg-descr +++ b/net/ngrep/pkg-descr @@ -1,9 +1,8 @@ -ngrep strives to provide most of GNU grep's common features, applying -them to the network layer. +ngrep is like GNU grep applied to the network layer. -ngrep a pcap-aware tool that will allow you to specify extended -regular expressions to match against data payloads of packets. It -currently recognizes TCP, UDP, and ICMP across Ethernet, PPP, SLIP, -FDDI, Token Ring and null interfaces, and understands BPF filter -logic in the same fashion as more common packet sniffing tools, -like tcpdump and snoop. +It's a PCAP-based tool that allows you to specify an extended regular or +hexadecimal expression to match against data payloads of packets. +It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, +IGMP and Raw, across a wide variety of interface types, and understands BPF +filter logic in the same fashion as more common packet sniffing tools, such as +tcpdump and snoop. |