!64 [sync] PR-62: revert "fix CVE-2024-2397"

From: @openeuler-sync-bot 
Reviewed-by: @zengwefeng 
Signed-off-by: @zengwefeng

backport-CVE-2023-1801.patch

@@ -0,0 +1,335 @@
+From 03c037bbd75588beba3ee09f26d17783d21e30bc Mon Sep 17 00:00:00 2001
+From: Guy Harris <gharris@sonic.net>
+Date: Mon, 30 Jan 2023 23:03:16 -0800
+Subject: [PATCH] Have a common routine for converting dates and times to
+ strings.
+
+Have a routine that takes a buffer, a strftime format, and a struct tm *
+as arguments, and:
+
+* checks whether the struct tm * is null and, if so, returns a string
+indicating that the date and time couldn't be converted;
+
+* otherwise, passes it to strftime(), along with the buffer and the
+format argument and, if strftime() returns 0, meaning the string didn't
+fit into the buffer and thus that the buffer's contents are undefined,
+returns a string indicating that the date and time didn't fit into the
+buffer;
+
+* otherwise, returns a pointer to the buffer.
+
+Call that routine instead of directly calling strftime() in printers;
+that prevents printing a buffer with undefined data if the buffer isn't
+big enough for the string.
+
+Also, when generating file names using an strftime format, check the
+return value of strftime() to make sure the buffer didn't overflow.
+---
+ netdissect.h   |  3 +++
+ ntp.c          | 21 ++++++---------------
+ print-ahcp.c   | 12 ++++--------
+ print-arista.c | 13 ++++---------
+ print-rx.c     |  8 ++++----
+ print-zep.c    |  7 +++----
+ smbutil.c      | 16 +++++-----------
+ tcpdump.c      | 22 ++++++++++++++++++++--
+ util-print.c   | 36 ++++++++++++++++++++++++++++--------
+ 9 files changed, 77 insertions(+), 61 deletions(-)
+
+diff --git a/netdissect.h b/netdissect.h
+index 5c16be660..b1074ef72 100644
+--- a/netdissect.h
++++ b/netdissect.h
+@@ -423,6 +423,9 @@ extern void ts_print(netdissect_options *, const struct timeval *);
+ extern void signed_relts_print(netdissect_options *, int32_t);
+ extern void unsigned_relts_print(netdissect_options *, uint32_t);
+ 
++extern const char *nd_format_time(char *buf, size_t bufsize,
++    const char *format, const struct tm *timeptr);
++
+ extern void fn_print_char(netdissect_options *, u_char);
+ extern void fn_print_str(netdissect_options *, const u_char *);
+ extern u_int nd_printztn(netdissect_options *, const u_char *, u_int, const u_char *);
+diff --git a/ntp.c b/ntp.c
+index 10fabe4b6..ec8f659a4 100644
+--- a/ntp.c
++++ b/ntp.c
+@@ -55,8 +55,8 @@ p_ntp_time(netdissect_options *ndo,
+ 	if (i) {
+ 	    int64_t seconds_64bit = (int64_t)i - JAN_1970;
+ 	    time_t seconds;
+-	    struct tm *tm;
+ 	    char time_buf[128];
++	    const char *time_string;
+ 
+ 	    seconds = (time_t)seconds_64bit;
+ 	    if (seconds != seconds_64bit) {
+@@ -64,22 +64,13 @@ p_ntp_time(netdissect_options *ndo,
+ 		 * It doesn't fit into a time_t, so we can't hand it
+ 		 * to gmtime.
+ 		 */
+-		ND_PRINT(" (unrepresentable)");
++		time_string = "[Time is too large to fit into a time_t]";
+ 	    } else {
+-		tm = gmtime(&seconds);
+-		if (tm == NULL) {
+-		    /*
+-		     * gmtime() can't handle it.
+-		     * (Yes, that might happen with some version of
+-		     * Microsoft's C library.)
+-		     */
+-		    ND_PRINT(" (unrepresentable)");
+-		} else {
+-		    /* use ISO 8601 (RFC3339) format */
+-		    strftime(time_buf, sizeof (time_buf), "%Y-%m-%dT%H:%M:%SZ", tm);
+-		    ND_PRINT(" (%s)", time_buf);
+-		}
++		/* use ISO 8601 (RFC3339) format */
++		time_string = nd_format_time(time_buf, sizeof (time_buf),
++		  "%Y-%m-%dT%H:%M:%SZ", gmtime(&seconds));
+ 	    }
++	    ND_PRINT(" (%s)", time_string);
+ 	}
+ #endif
+ }
+diff --git a/print-ahcp.c b/print-ahcp.c
+index 9859f7600..d57edda9e 100644
+--- a/print-ahcp.c
++++ b/print-ahcp.c
+@@ -102,18 +102,14 @@ ahcp_time_print(netdissect_options *ndo,
+                 const u_char *cp, uint8_t len)
+ {
+ 	time_t t;
+-	struct tm *tm;
+-	char buf[BUFSIZE];
++	char buf[sizeof("-yyyyyyyyyy-mm-dd hh:mm:ss UTC")];
+ 
+ 	if (len != 4)
+ 		goto invalid;
+ 	t = GET_BE_U_4(cp);
+-	if (NULL == (tm = gmtime(&t)))
+-		ND_PRINT(": gmtime() error");
+-	else if (0 == strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", tm))
+-		ND_PRINT(": strftime() error");
+-	else
+-		ND_PRINT(": %s UTC", buf);
++	ND_PRINT(": %s",
++	    nd_format_time(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S UTC",
++	      gmtime(&t)));
+ 	return;
+ 
+ invalid:
+diff --git a/print-arista.c b/print-arista.c
+index 039a1ffd1..079ad684b 100644
+--- a/print-arista.c
++++ b/print-arista.c
+@@ -10,7 +10,6 @@
+ 
+ #include "netdissect.h"
+ #include "extract.h"
+-#include "addrtoname.h"
+ 
+ /*
+ 
+@@ -93,17 +92,13 @@ arista_print_date_hms_time(netdissect_options *ndo, uint32_t seconds,
+ 		uint32_t nanoseconds)
+ {
+ 	time_t ts;
+-	struct tm *tm;
+-	char buf[BUFSIZE];
++	char buf[sizeof("-yyyyyyyyyy-mm-dd hh:mm:ss")];
+ 
+ 	ts = seconds + (nanoseconds / 1000000000);
+ 	nanoseconds %= 1000000000;
+-	if (NULL == (tm = gmtime(&ts)))
+-		ND_PRINT("gmtime() error");
+-	else if (0 == strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", tm))
+-		ND_PRINT("strftime() error");
+-	else
+-		ND_PRINT("%s.%09u", buf, nanoseconds);
++	ND_PRINT("%s.%09u",
++	    nd_format_time(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S",
++	       gmtime(&ts)), nanoseconds);
+ }
+ 
+ int
+diff --git a/print-rx.c b/print-rx.c
+index 26b51c19d..0a1a8d12d 100644
+--- a/print-rx.c
++++ b/print-rx.c
+@@ -794,12 +794,12 @@ rx_cache_find(netdissect_options *ndo, const struct rx_header *rxh,
+ 			ND_PRINT(" %" PRIu64, _i); \
+ 		}
+ 
+-#define DATEOUT() { time_t _t; struct tm *tm; char str[256]; \
++#define DATEOUT() { time_t _t; char str[256]; \
+ 			_t = (time_t) GET_BE_S_4(bp); \
+ 			bp += sizeof(int32_t); \
+-			tm = localtime(&_t); \
+-			strftime(str, 256, "%Y/%m/%d %H:%M:%S", tm); \
+-			ND_PRINT(" %s", str); \
++			ND_PRINT(" %s", \
++			    nd_format_time(str, sizeof(str), \
++			      "%Y/%m/%d %H:%M:%S", localtime(&_t))); \
+ 		}
+ 
+ #define STOREATTROUT() { uint32_t mask, _i; \
+diff --git a/print-zep.c b/print-zep.c
+index 8119a19e9..52901e789 100644
+--- a/print-zep.c
++++ b/print-zep.c
+@@ -83,12 +83,11 @@ static void zep_print_ts(netdissect_options *ndo, const u_char *p)
+ 	 */
+ 	if (i) {
+ 		time_t seconds = i - JAN_1970;
+-		struct tm *tm;
+ 		char time_buf[128];
+ 
+-		tm = localtime(&seconds);
+-		strftime(time_buf, sizeof (time_buf), "%Y/%m/%d %H:%M:%S", tm);
+-		ND_PRINT(" (%s)", time_buf);
++		ND_PRINT(" (%s)",
++		    nd_format_time(time_buf, sizeof (time_buf), "%Y/%m/%d %H:%M:%S",
++		      localtime(&seconds)));
+ 	}
+ #endif
+ }
+diff --git a/smbutil.c b/smbutil.c
+index 9e19909a2..97217a8d9 100644
+--- a/smbutil.c
++++ b/smbutil.c
+@@ -768,9 +768,8 @@ smb_fdata1(netdissect_options *ndo,
+ 	case 'T':
+ 	  {
+ 	    time_t t;
+-	    struct tm *lt;
+ 	    const char *tstring;
+-	    char buffer[sizeof("Www Mmm dd hh:mm:ss yyyy\n")];
++	    char buffer[sizeof("Www Mmm dd hh:mm:ss yyyyy")];
+ 	    uint32_t x;
+ 
+ 	    switch (atoi(fmt + 1)) {
+@@ -800,16 +799,11 @@ smb_fdata1(netdissect_options *ndo,
+ 		break;
+ 	    }
+ 	    if (t != 0) {
+-		lt = localtime(&t);
+-		if (lt != NULL) {
+-		    strftime(buffer, sizeof(buffer), "%a %b %e %T %Y%n", lt);
+-		    tstring = buffer;
+-		}
+-		else
+-		    tstring = "(Can't convert time)\n";
++		    tstring = nd_format_time(buffer, sizeof(buffer), "%a %b %e %T %Y",
++		    localtime(&t));
+ 	    } else
+-		tstring = "NULL\n";
+-	    ND_PRINT("%s", tstring);
++		tstring = "NULL";
++	    ND_PRINT("%s\n", tstring);
+ 	    fmt++;
+ 	    while (ND_ASCII_ISDIGIT(*fmt))
+ 		fmt++;
+diff --git a/tcpdump.c b/tcpdump.c
+index 78d0871a5..0b6541589 100644
+--- a/tcpdump.c
++++ b/tcpdump.c
+@@ -843,6 +843,8 @@ MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
+         char *filename = malloc(PATH_MAX + 1);
+         if (filename == NULL)
+             error("%s: malloc", __func__);
++        if (strlen(orig_name) == 0)
++            error("an empty string is not a valid file name");
+ 
+         /* Process with strftime if Gflag is set. */
+         if (Gflag != 0) {
+@@ -854,9 +856,25 @@ MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
+           }
+ 
+           /* There's no good way to detect an error in strftime since a return
+-           * value of 0 isn't necessarily failure.
++           * value of 0 isn't necessarily failure; if orig_name is an empty
++           * string, the formatted string will be empty.
++           *
++           * However, the C90 standard says that, if there *is* a
++           * buffer overflow, the content of the buffer is undefined,
++           * so we must check for a buffer overflow.
++           *
++           * So we check above for an empty orig_name, and only call
++           * strftime() if it's non-empty, in which case the return
++           * value will only be 0 if the formatted date doesn't fit
++           * in the buffer.
++           *
++           * (We check above because, even if we don't use -G, we
++           * want a better error message than "tcpdump: : No such
++           * file or directory" for this case.)
+            */
+-          strftime(filename, PATH_MAX, orig_name, local_tm);
++          if (strftime(filename, PATH_MAX, orig_name, local_tm) == 0) {
++            error("%s: strftime", __func__);
++          }
+         } else {
+           strncpy(filename, orig_name, PATH_MAX);
+         }
+diff --git a/util-print.c b/util-print.c
+index 8b2064972..054833786 100644
+--- a/util-print.c
++++ b/util-print.c
+@@ -230,7 +230,8 @@ ts_date_hmsfrac_print(netdissect_options *ndo, long sec, long usec,
+ {
+ 	time_t Time = sec;
+ 	struct tm *tm;
+-	char timestr[32];
++	char timebuf[32];
++	const char *timestr;
+ 
+ 	if ((unsigned)sec & 0x80000000) {
+ 		ND_PRINT("[Error converting time]");
+@@ -242,14 +243,13 @@ ts_date_hmsfrac_print(netdissect_options *ndo, long sec, long usec,
+ 	else
+ 		tm = gmtime(&Time);
+ 
+-	if (!tm) {
+-		ND_PRINT("[Error converting time]");
+-		return;
++	if (date_flag == WITH_DATE) {
++		timestr = nd_format_time(timebuf, sizeof(timebuf),
++		    "%Y-%m-%d %H:%M:%S", tm);
++	} else {
++		timestr = nd_format_time(timebuf, sizeof(timebuf),
++		    "%H:%M:%S", tm);
+ 	}
+-	if (date_flag == WITH_DATE)
+-		strftime(timestr, sizeof(timestr), "%Y-%m-%d %H:%M:%S", tm);
+-	else
+-		strftime(timestr, sizeof(timestr), "%H:%M:%S", tm);
+ 	ND_PRINT("%s", timestr);
+ 
+ 	ts_frac_print(ndo, usec);
+@@ -405,6 +405,26 @@ signed_relts_print(netdissect_options *ndo,
+ 	unsigned_relts_print(ndo, secs);
+ }
+ 
++/*
++ * Format a struct tm with strftime().
++ * If the pointer to the struct tm is null, that means that the
++ * routine to convert a time_t to a struct tm failed; the localtime()
++ * and gmtime() in the Microsoft Visual Studio C library will fail,
++ * returning null, if the value is before the UNIX Epoch.
++ */
++const char *
++nd_format_time(char *buf, size_t bufsize, const char *format,
++         const struct tm *timeptr)
++{
++	if (timeptr != NULL) {
++		if (strftime(buf, bufsize, format, timeptr) != 0)
++			return (buf);
++		else
++			return ("[nd_format_time() buffer is too small]");
++	} else
++		return ("[localtime() or gmtime() couldn't convert the date and time]");
++}
++
+ /* Print the truncated string */
+ void nd_print_trunc(netdissect_options *ndo)
+ {

backport-Set-SA_RESTART-non-lethal-signals-avoid-corrupting-binary-pcap-output.patch

@@ -1,33 +0,0 @@
-From 8a28e07f3bfd2a031491db55173370e10dc074e3 Mon Sep 17 00:00:00 2001
-From: Alexandre Ferrieux <alexandre.ferrieux@orange.com>
-Date: Sat, 16 Jul 2022 21:34:39 +0200
-Subject: [PATCH] Set SA_RESTART on non-lethal signals (REQ_INFO, FLUSH_PCAP)
- to avoid corrupting binary pcap output
-
----
- tcpdump.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/tcpdump.c b/tcpdump.c
-index e028d2e7..515edf5d 100644
---- a/tcpdump.c
-+++ b/tcpdump.c
-@@ -2743,7 +2743,14 @@ static void
- 
- 	memset(&new, 0, sizeof(new));
- 	new.sa_handler = func;
--	if (sig == SIGCHLD)
-+	if ((sig == SIGCHLD)
-+# ifdef SIGNAL_REQ_INFO
-+		|| (sig == SIGNAL_REQ_INFO)
-+# endif
-+# ifdef SIGNAL_FLUSH_PCAP
-+		|| (sig == SIGNAL_FLUSH_PCAP)
-+# endif
-+		)
- 		new.sa_flags = SA_RESTART;
- 	if (sigaction(sig, &new, &old) < 0)
- 		return (SIG_ERR);
--- 
-2.25.1
-

tcpdump-Add-sw64-architecture.patch

@@ -0,0 +1,40 @@
+From 688338ba061ec66d9a852e328e9cd8865f774f3a Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Tue, 25 Oct 2022 19:40:41 +0800
+Subject: [PATCH] tcpdump Add sw64 architecture
+
+Signed-off-by: rpm-build <rpm-build>
+---
+ extract.h    | 2 +-
+ print-fddi.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/extract.h b/extract.h
+index 2ea7763..8ff8e92 100644
+--- a/extract.h
++++ b/extract.h
+@@ -134,7 +134,7 @@ EXTRACT_IPV4_TO_HOST_ORDER(const void *p)
+ 	return ((uint32_t)ntohl(*(const uint32_t *)(p)));
+ }
+ #elif ND_IS_AT_LEAST_GNUC_VERSION(2,0) && \
+-    (defined(__alpha) || defined(__alpha__) || \
++    (defined(__alpha) || defined(__alpha__) || defined(__sw_64) || defined(__sw_64__) || \
+      defined(__mips) || defined(__mips__))
+ /*
+  * This is MIPS or Alpha, which don't natively handle unaligned loads,
+diff --git a/print-fddi.c b/print-fddi.c
+index fb8d3ed..25368bf 100644
+--- a/print-fddi.c
++++ b/print-fddi.c
+@@ -84,7 +84,7 @@ struct fddi_header {
+ /*
+  * Some FDDI interfaces use bit-swapped addresses.
+  */
+-#if defined(ultrix) || defined(__alpha) || defined(__bsdi) || defined(__NetBSD__) || defined(__linux__)
++#if defined(ultrix) || defined(__alpha) || defined(__sw_64) || defined(__bsdi) || defined(__NetBSD__) || defined(__linux__)
+ static int fddi_bitswap = 0;
+ #else
+ static int fddi_bitswap = 1;
+-- 
+2.33.0
+

tcpdump.spec

@@ -1,25 +1,26 @@
+%define tcpslice_dir tcpslice-1.6
+
 Name:           tcpdump
 Epoch:          14
-Version:        4.99.1
+Version:        4.99.3
 Release:        4
 Summary:        A network traffic monitoring tool
 License:        BSD with advertising
 URL:            http://www.tcpdump.org
 
 Source0:        http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz
-Source1:        ftp://ftp.ee.lbl.gov/tcpslice-1.3.tar.gz
+Source1:        https://www.tcpdump.org/release/%{tcpslice_dir}.tar.gz
 Source2:        http://www.tcpdump.org/release/tcpdump-%{version}.tar.gz.sig
 
 Patch0:         backport-0002-Use-getnameinfo-instead-of-gethostbyaddr.patch
 Patch1:         backport-0003-Drop-root-priviledges-before-opening-first-savefile-.patch
 Patch2:         backport-0007-Introduce-nn-option.patch
 Patch3:         backport-0009-Change-n-flag-to-nn-in-TESTonce.patch
-Patch4:         backport-Set-SA_RESTART-non-lethal-signals-avoid-corrupting-binary-pcap-output.patch
+Patch4:         tcpdump-Add-sw64-architecture.patch
+Patch5:         backport-CVE-2023-1801.patch
 
 Requires(pre):  shadow-utils
-BuildRequires:  automake openssl-devel libpcap-devel git-core gcc
-
-%define tcpslice_dir tcpslice-1.3
+BuildRequires:  automake openssl-devel libpcap-devel git-core gcc make
 
 %description
 Tcpdump is a command-line tool for monitoring network traffic.
@@ -88,6 +89,36 @@ make check
 %{_mandir}/man8/tcpdump.8*
 
 %changelog
+* Sat Apr 20 2024 xinghe <xinghe2@h-partners.com> - 14:4.99.3-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:revert "fix CVE-2024-2397"
+
+* Mon Apr 08 2024 xinghe <xinghe2@h-partners.com> - 14:4.99.3-3
+- Type:CVE
+- ID:CVE-2024-2397
+- SUG:NA
+- DESC:fix CVE-2024-2397
+
+* Thu Apr 13 2023 zengwefeng <zwfeng@huawei.com> - 14:4.99.3-2
+- Type:CVE
+- ID:CVE-2023-1801
+- SUG:NA
+- DESC:fix CVE-2023-1801
+
+* Mon Feb 06 2023 xinghe <xinghe2@h-partners.com> - 14:4.99.3-1
+- Type:requirements
+- ID:NA
+- SUG:NA
+- DESC:update tcpdump to 4.99.3
+
+* Tue Oct 25 2022 wuzx<wuzx1226@qq.com> - 14:4.99.1-5
+- Type:feature
+- CVE:NA
+- SUG:NA
+- DESC:Add sw64 architecture
+
 * Wed Aug 31 2022 gaihuiying <eaglegai@163.com> - 14:4.99.1-4
 - Type:bugfix
 - CVE:NA