Hello community,
here is the log from the commit of package libnids
checked in at Thu Feb 28 01:59:38 CET 2008.
--------
--- libnids/libnids.changes 2007-07-27 11:57:41.000000000 +0200
+++ /mounts/work_src_done/STABLE/libnids/libnids.changes 2008-02-27 08:10:15.000000000 +0100
@@ -1,0 +2,9 @@
+Wed Feb 27 08:09:49 CET 2008 - anosek@suse.cz
+
+- updated to version 1.23
+ - fixed remotely triggerable NULL dereference in ip_fragment.c
+ - fix DLT_PRISM_HEADER linkoffset calculation
+ - check for DATA_FRAME_IS_QOS in wireless frames
+ - free queued tcp segments with too old seq
+
+-------------------------------------------------------------------
Old:
----
libnids-1.22-makefile.patch
libnids-1.22.tar.bz2
New:
----
libnids-1.23-makefile.patch
libnids-1.23.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libnids.spec ++++++
--- /var/tmp/diff_new_pack.y11980/_old 2008-02-28 01:59:27.000000000 +0100
+++ /var/tmp/diff_new_pack.y11980/_new 2008-02-28 01:59:27.000000000 +0100
@@ -1,7 +1,7 @@
#
-# spec file for package libnids (Version 1.22)
+# spec file for package libnids (Version 1.23)
#
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@@ -10,14 +10,15 @@
# norootforbuild
+
Name: libnids
BuildRequires: glib2-devel libnet libpcap-devel
Summary: A Network Intrusion Detection System library
-Version: 1.22
-Release: 2
+Version: 1.23
+Release: 1
License: GPL v2 or later
Group: System/Libraries
-URL: http://libnids.sourceforge.net/
+Url: http://libnids.sourceforge.net/
Source: %{name}-%{version}.tar.bz2
Patch4: %{name}-%{version}-makefile.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -75,15 +76,21 @@
/usr/include/nids.h
%changelog
-* Fri Jul 27 2007 - coolo@suse.de
+* Wed Feb 27 2008 anosek@suse.cz
+- updated to version 1.23
+ - fixed remotely triggerable NULL dereference in ip_fragment.c
+ - fix DLT_PRISM_HEADER linkoffset calculation
+ - check for DATA_FRAME_IS_QOS in wireless frames
+ - free queued tcp segments with too old seq
+* Fri Jul 27 2007 coolo@suse.de
- use libpcap-devel
-* Wed Jul 25 2007 - anosek@suse.cz
+* Wed Jul 25 2007 anosek@suse.cz
- updated to version 1.22
- in TCP stream, the byte with absolute offset 0 was treated
as urgent data; fixed
- DLT_IEEE802_11_RADIO handling
- added a few missing checks for failed malloc
-* Mon Aug 07 2006 - anosek@suse.cz
+* Mon Aug 07 2006 anosek@suse.cz
- updated to version 1.21
- more externals to access libnids' intrinsics from the outside
- nids_unregister_*()
@@ -94,35 +101,35 @@
- in killtcp.c, send two more RST packets
(required because of MS05-019 patch)
- glibc 2.4 syslog.h disaster workaround
-* Wed Jan 25 2006 - mls@suse.de
+* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
-* Mon Sep 19 2005 - mmarek@suse.cz
+* Mon Sep 19 2005 mmarek@suse.cz
- added a patch from upstream to work around a problem with
glibc-2.3.90 #defining syslog() to __syslog_chk()
-* Fri Feb 11 2005 - postadal@suse.cz
+* Fri Feb 11 2005 postadal@suse.cz
- updated to version 1.20
-* Thu Aug 12 2004 - postadal@suse.cz
+* Thu Aug 12 2004 postadal@suse.cz
- updated to version 1.19
-* Thu Feb 19 2004 - postadal@suse.cz
+* Thu Feb 19 2004 postadal@suse.cz
- updated to version 1.18
- removed obsoleted patches: memory-corruption-fix, multiline-string-fix
- added $(DESTDIR) to Makefile
-* Sat Jan 10 2004 - adrian@suse.de
+* Sat Jan 10 2004 adrian@suse.de
- build as user
-* Wed Oct 29 2003 - postadal@suse.cz
+* Wed Oct 29 2003 postadal@suse.cz
- fixed buffer overflow in TCP stream reassembly code [#32541] (CAN-2003-0850)
-* Tue Jul 29 2003 - postadal@suse.cz
+* Tue Jul 29 2003 postadal@suse.cz
- update to version 1.17rc1
* added support for libpcap save files
* support for 802.1Q VLAN
* support for wireless frames (DLT_IEEE802_11)
-* Mon Nov 11 2002 - postadal@suse.cz
+* Mon Nov 11 2002 postadal@suse.cz
- fixed deprecated multiline string literals
-* Wed Jan 09 2002 - cihlar@suse.cz
+* Wed Jan 09 2002 cihlar@suse.cz
- use %%{_libdir}
-* Wed Feb 14 2001 - cihlar@suse.cz
+* Wed Feb 14 2001 cihlar@suse.cz
- update to version 1.16
- added samples to documentation
- clean up spec file
-* Thu Nov 16 2000 - grimmer@suse.de
+* Thu Nov 16 2000 grimmer@suse.de
- initial package (version 1.14)
++++++ libnids-1.22-makefile.patch -> libnids-1.23-makefile.patch ++++++
++++++ libnids-1.22.tar.bz2 -> libnids-1.23.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/CHANGES new/libnids-1.23/CHANGES
--- old/libnids-1.22/CHANGES 2007-07-22 11:34:30.000000000 +0200
+++ new/libnids-1.23/CHANGES 2008-02-23 20:28:49.000000000 +0100
@@ -1,3 +1,9 @@
+v1.23 Feb 23 2008
+- fixed remotely triggerable NULL dereference in ip_fragment.c
+- fix DLT_PRISM_HEADER linkoffset calculation
+- check for DATA_FRAME_IS_QOS in wireless frames
+- free queued tcp segments with too old seq
+
v1.22 Jul 22 2007
- in TCP stream, the byte with absolute offset 0 was treated as urgent data;
fixed
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/CREDITS new/libnids-1.23/CREDITS
--- old/libnids-1.22/CREDITS 2007-07-22 11:27:38.000000000 +0200
+++ new/libnids-1.23/CREDITS 2008-02-21 11:32:58.000000000 +0100
@@ -248,6 +248,27 @@
crass@berlios.de
+fix DLT_PRISM_HEADER linkoffset calculation;
+check for DATA_FRAME_IS_QOS in wireless frames (code from tcpdump)
+
+ spotted by xenion
+
+
+free queued tcp segments with too old seq
+
+ "Xiang, Lin" wallyymir@yahoo.com
+
+
+reported possible NULL dereference in ip_fragment.c
+
+ "Alfred E. Heggestad"
+
+
+notes about global variables in case of multiproc operation
+
+ "Ben, Wu CheokMan"
+
+
Libnids uses libpcap and libnet libraries:
LBNL Network Research Group
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/doc/API.html new/libnids-1.23/doc/API.html
--- old/libnids-1.22/doc/API.html 2007-07-22 11:29:21.000000000 +0200
+++ new/libnids-1.23/doc/API.html 2008-02-21 11:40:55.000000000 +0100
@@ -1,12 +1,12 @@
<html>
-<head><title>Libnids-1.22 API</title>
+<head><title>Libnids-1.23 API</title>
<meta name="generator" content="with little help of c2html">
</head>
<body>
<h1><center>
====================<br>
- libnids-1.22<br>
+ libnids-1.23<br>
====================<br>
</h1></center>
<ol>
@@ -440,6 +440,9 @@
// Using this functionality with nids_next() is quite
// useless since the thread must be started and stopped
// for every packet received.
+ // Also, if it is enabled, global variables (nids_last_pcap_header
+ // and nids_last_pcap_data) may not point to the
+ // packet currently processed by a callback
int queue_limit; // limit on the number of packets to be queued;
// used only when multiproc=true; 20000 by default
int tcp_workarounds; // enable (hopefully harmless) workarounds for some
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/doc/API.txt new/libnids-1.23/doc/API.txt
--- old/libnids-1.22/doc/API.txt 2007-07-22 11:29:31.000000000 +0200
+++ new/libnids-1.23/doc/API.txt 2008-02-21 11:41:03.000000000 +0100
@@ -1,6 +1,6 @@
====================
- libnids-1.22
+ libnids-1.23
====================
1. Introduction
@@ -407,6 +407,10 @@
// Using this functionality with nids_next() is quite
// useless since the thread must be started and stopped
// for every packet received.
+ // Also, if it is enabled, global variables (nids_last_pc
+ap_header
+ // and nids_last_pcap_data) may not point to the
+ // packet currently processed by a callback
int queue_limit; // limit on the number of packets to be queued;
// used only when multiproc=true; 20000 by default
int tcp_workarounds; // enable (hopefully harmless) workarounds for some
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/doc/LINUX new/libnids-1.23/doc/LINUX
--- old/libnids-1.22/doc/LINUX 2007-07-22 11:29:44.000000000 +0200
+++ new/libnids-1.23/doc/LINUX 2008-02-21 11:41:25.000000000 +0100
@@ -1,6 +1,6 @@
====================
- libnids-1.22
+ libnids-1.23
====================
The following applies to Linux only.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/doc/NEW_LIBPCAP new/libnids-1.23/doc/NEW_LIBPCAP
--- old/libnids-1.22/doc/NEW_LIBPCAP 2007-07-22 11:29:53.000000000 +0200
+++ new/libnids-1.23/doc/NEW_LIBPCAP 2008-02-21 11:45:20.000000000 +0100
@@ -1,6 +1,6 @@
====================
- libnids-1.22
+ libnids-1.23
====================
This document is obsolete; read LINUX instead !
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/doc/PERFORMANCE new/libnids-1.23/doc/PERFORMANCE
--- old/libnids-1.22/doc/PERFORMANCE 2007-07-22 11:30:09.000000000 +0200
+++ new/libnids-1.23/doc/PERFORMANCE 2008-02-21 11:45:00.000000000 +0100
@@ -1,6 +1,6 @@
====================
- libnids-1.22
+ libnids-1.23
====================
Libnids uses efficient data structures (hash tables), so it imposes as
little overhead on packets processing as possible. However, in some cases,
@@ -31,7 +31,10 @@
supposed to allow to specify arbitrary buffer size. 640 K^H^H^H^H^H 10 MB
buffer ought to be enough for everyone ;) This feature has not yet been
integrated into libpcap (not in 0.7.1). There are floating some libpcap
-patches which merge this capability.
+patches which merge this capability. See
+http://public.lanl.gov/cpw/
+or
+http://pusa.uv.es/~ulisses/packet_mmap/
In case of BSD, you may play with BIOCSBLEN, but I have no experience
with it.
If you know how to enlarge libpcap buffers on other OS, let me know.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/doc/TESTS new/libnids-1.23/doc/TESTS
--- old/libnids-1.22/doc/TESTS 2007-07-22 11:30:16.000000000 +0200
+++ new/libnids-1.23/doc/TESTS 2008-02-21 11:41:44.000000000 +0100
@@ -1,6 +1,6 @@
====================
- libnids-1.22
+ libnids-1.23
====================
In order to verify reliability of libnids, a number of tests were
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/src/ip_fragment.c new/libnids-1.23/src/ip_fragment.c
--- old/libnids-1.22/src/ip_fragment.c 2007-07-19 13:22:39.000000000 +0200
+++ new/libnids-1.23/src/ip_fragment.c 2008-02-21 11:30:47.000000000 +0100
@@ -562,6 +562,11 @@
unfragmented copy */
return 0;
}
+
+ /* ip_evictor() could have removed all queues for the current host */
+ if (!this_host)
+ hostfrag_create(iph);
+
offset <<= 3; /* offset is in 8-byte chunks */
ihl = iph->ip_hl * 4;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/src/libnids.c new/libnids-1.23/src/libnids.c
--- old/libnids-1.22/src/libnids.c 2007-07-22 11:11:32.000000000 +0200
+++ new/libnids-1.23/src/libnids.c 2008-02-21 11:47:12.000000000 +0100
@@ -201,6 +201,8 @@
/* wireless frame types, mostly from tcpdump (wam) */
#define FC_TYPE(fc) (((fc) >> 2) & 0x3)
+#define FC_SUBTYPE(fc) (((fc) >> 4) & 0xF)
+#define DATA_FRAME_IS_QOS(x) ((x) & 0x08)
#define FC_WEP(fc) ((fc) & 0x4000)
#define FC_TO_DS(fc) ((fc) & 0x0100)
#define FC_FROM_DS(fc) ((fc) & 0x0200)
@@ -266,8 +268,10 @@
#ifdef DLT_IEEE802_11_RADIO
case DLT_IEEE802_11_RADIO:
// just get rid of the radio tap header
- nids_linkoffset = 25; // sizeof(radio tap header)
- linkoffset_tweaked_by_radio_code = 1;
+ if (!linkoffset_tweaked_by_prism_code) {
+ nids_linkoffset = 25; // sizeof(radio tap header)
+ linkoffset_tweaked_by_radio_code = 1;
+ }
//now let DLT_IEEE802_11 do the rest
#endif
#ifdef DLT_IEEE802_11
@@ -289,6 +293,8 @@
} else {
nids_linkoffset += 24;
}
+ if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc)))
+ nids_linkoffset += 2;
if (hdr->len < nids_linkoffset + LLC_FRAME_SIZE)
return;
if (ETHERTYPE_IP !=
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/src/Makefile.in new/libnids-1.23/src/Makefile.in
--- old/libnids-1.22/src/Makefile.in 2006-05-01 19:14:51.000000000 +0200
+++ new/libnids-1.23/src/Makefile.in 2008-02-21 11:40:19.000000000 +0100
@@ -13,7 +13,7 @@
libdir = @libdir@
mandir = @mandir@
LIBSTATIC = libnids.a
-LIBSHARED = libnids.so.1.21
+LIBSHARED = libnids.so.1.23
CC = @CC@
CFLAGS = @CFLAGS@ -W -Wall -DLIBNET_VER=@LIBNET_VER@ -DHAVE_ICMPHDR=@ICMPHEADER@ -DHAVE_TCP_STATES=@TCPSTATES@ -DHAVE_BSD_UDPHDR=@HAVE_BSD_UDPHDR@
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/src/nids.h new/libnids-1.23/src/nids.h
--- old/libnids-1.22/src/nids.h 2006-05-08 22:05:20.000000000 +0200
+++ new/libnids-1.23/src/nids.h 2008-02-21 11:38:20.000000000 +0100
@@ -18,7 +18,7 @@
# endif
# define NIDS_MAJOR 1
-# define NIDS_MINOR 20
+# define NIDS_MINOR 23
enum
{
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/libnids-1.22/src/tcp.c new/libnids-1.23/src/tcp.c
--- old/libnids-1.22/src/tcp.c 2007-07-22 11:39:18.000000000 +0200
+++ new/libnids-1.23/src/tcp.c 2008-02-21 11:28:16.000000000 +0100
@@ -495,7 +495,7 @@
)
{
u_int this_seq = ntohl(this_tcphdr->th_seq);
- struct skbuff *pakiet;
+ struct skbuff *pakiet, *tmp;
/*
* Did we get anything new to ack?
@@ -518,27 +518,23 @@
if (after(pakiet->seq, EXP_SEQ))
break;
if (after(pakiet->seq + pakiet->len + pakiet->fin, EXP_SEQ)) {
- struct skbuff *tmp;
-
add_from_skb(a_tcp, rcv, snd, pakiet->data,
pakiet->len, pakiet->seq, pakiet->fin, pakiet->urg,
pakiet->urg_ptr + pakiet->seq - 1);
- rcv->rmem_alloc -= pakiet->truesize;
- if (pakiet->prev)
- pakiet->prev->next = pakiet->next;
- else
- rcv->list = pakiet->next;
- if (pakiet->next)
- pakiet->next->prev = pakiet->prev;
- else
- rcv->listtail = pakiet->prev;
- tmp = pakiet->next;
- free(pakiet->data);
- free(pakiet);
- pakiet = tmp;
- }
+ }
+ rcv->rmem_alloc -= pakiet->truesize;
+ if (pakiet->prev)
+ pakiet->prev->next = pakiet->next;
+ else
+ rcv->list = pakiet->next;
+ if (pakiet->next)
+ pakiet->next->prev = pakiet->prev;
else
- pakiet = pakiet->next;
+ rcv->listtail = pakiet->prev;
+ tmp = pakiet->next;
+ free(pakiet->data);
+ free(pakiet);
+ pakiet = tmp;
}
}
else
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org
