source: projects/specs/branches/6/t/tcpdump/tcpdump-vl.spec @ 9473

%define tcpdump_ver     4.1.1
%define libpcap_ver     1.1.1

Summary: A network traffic monitoring tool.
Summary(ja): ネットワークのトラフィックをモニタするツール
Name: tcpdump
Version: %{tcpdump_ver}
%define tcpdump_dir     tcpdump-%{tcpdump_ver}
%define tcpslice_dir    tcpslice
Release: 5%{?_dist_release}
Epoch: 1

Group: Applications/System
# XXX epoch is necessary to obsolete tcpdump-3.4a5
License: BSD
URL: http://www.tcpdump.org/

Source0: http://www.tcpdump.org/release/tcpdump-%{tcpdump_ver}.tar.gz
Source4: tcpslice-CVS.20010207.tar.gz

Patch5: tcpdump-3.6.2-tcpslice-time.patch
Patch10: tcpdump-4.1.1-portnumbers.patch
Patch15: tcpdump-3.6.2-ip6opts.patch
Patch16: tcpdump-3.8.1-sctp.patch
Patch17: tcpdump-3.7.2-sctpdef.patch
Patch19: tcpdump-3.8.2-rsvp-dos.patch
Patch21: tcpdump-3.8.2-isis-dos.patch
Patch22: tcpdump-3.9.1-ethbuf.patch
Patch70: tcpslice-CVS.20010207-bpf.patch

Patch100: tcpdump-4.1.1-CVE-2014-8767.patch
Patch110: tcpdump-4.1.1-CVE-2014-8769.patch
Patch120: tcpdump-4.1.1-CVE-2014-9140.patch
Patch130: tcpdump-4.1.1-CVE-2015-0261.patch
Patch140: tcpdump-4.1.1-CVE-2015-2154.patch
Patch150: tcpdump-4.1.1-CVE-2015-2155.patch


BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: glibc-kernheaders >= 2.2.0
BuildRequires: openssl-devel
BuildRequires: libpcap-devel >= %{libpcap_ver}
BuildRequires: autoconf, automake
# Requires: kernel >= 2.2.0
# Requires: libpcap >= %{libpcap_ver}


Vendor: Project Vine
Distribution: Vine Linux
Packager: daisuke, shaolin


%description
Tcpdump is a command-line tool for monitoring network traffic.
Tcpdump can capture and display the packet headers on a particular
network interface or on all interfaces. Tcpdump can display all of the
packet headers, or just the ones that match particular criteria.

Install tcpdump if you need a program to monitor network traffic.

%description -l ja
tcpdump はネットワークのトラフィックをモニタする、コマンドライン
ベースのツールです。tcpdump はあるネットワークインターフェイス
もしくは全てのネットワークインターフェイス上のパケットのヘッダを
キャプチャして表示することができます。tcpdump は全てのパケットの
ヘッダを表示することもできますし、ある規則に合致するものだけを
表示することもできます。

ネットワークのトラフィックをモニタする必要がある場合、tcpdump を
インストールしてください。


%prep
%setup -q -c -a 4

%patch5 -p1 -b .tcpslicetime

pushd %tcpdump_dir
%patch10 -p1 -b .portnumbers
%patch15 -p1 -b .ip6opts
%patch16 -p1 -b .sctp
%patch17 -p1 -b .sctpdef
%patch19 -p1 -b .rsvp-dos
%patch21 -p1 -b .isis-dos
#patch22 -p1 -b .ethbuf

%patch100 -p1 -b .CVE-2014-8767
%patch110 -p1 -b .CVE-2014-8769
%patch120 -p1 -b .CVE-2014-9140
%patch130 -p1 -b .CVE-2015-0261
%patch140 -p1 -b .CVE-2015-2154
%patch150 -p1 -b .CVE-2015-2155
popd

pushd tcpslice
%patch70 -p1 -b .bpf
popd

%build
pushd %tcpslice_dir
%configure
make
popd

pushd %tcpdump_dir
%define optflags $RPM_OPT_FLAGS -DIP_MAX_MEMBERSHIPS=20
%configure --enable-ipv6
%undefine optflags

DEFS="-g -D_U_=\"\" -DHAVE_CONFIG_H -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE"
%ifarch alpha sparc sparc64
DEFS="$DEFS -DHAVE_ETHER_HOSTTON=1 -DLBL_ALIGN=1 -DHAVE_ETHER_NTOA=1"
%endif
%ifarch sparc sparc64
DEFS="$DEFS -DWORDS_BIGENDIAN"
%endif

make DEFS="$DEFS"
popd

%install
rm -rf %{buildroot}
mkdir -p %{buildroot}%{_libdir}
mkdir -p %{buildroot}%{_mandir}/man{3,8}
mkdir -p %{buildroot}%{_sbindir}

pushd %tcpslice_dir
install -m755 -s tcpslice %{buildroot}%{_sbindir}
install -m644 tcpslice.1 %{buildroot}%{_mandir}/man8/tcpslice.8
popd

pushd %tcpdump_dir
install -m755 -s tcpdump %{buildroot}%{_sbindir}
install -m644 tcpdump.1 %{buildroot}%{_mandir}/man8/tcpdump.8
popd


%clean
rm -rf %{buildroot}


%files
%defattr(-,root,root)
%doc tcpdump-%{tcpdump_ver}/README
%doc tcpdump-%{tcpdump_ver}/CHANGES
%doc tcpdump-%{tcpdump_ver}/LICENSE
%{_sbindir}/tcpdump
%{_sbindir}/tcpslice
%{_mandir}/man8/tcpslice.8*
%{_mandir}/man8/tcpdump.8*


%changelog
* Tue Mar 24 2015 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1:4.1.1-5
- add Patch100 for fix CVE-2014-8767
- add Patch110 for fix CVE-2014-8769
- add Patch120 for fix CVE-2014-9140
- add Patch130 for fix CVE-2015-0261
- add Patch140 for fix CVE-2015-2154
- add Patch150 for fix CVE-2015-2155

* Thu Mar 22 2012 MATSUBAYASHI Kohji <shaolin@vinelinux.org> - 1:4.1.1-4
- rebuild

* Sat Jan 29 2011 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1:4.1.1-3
- rebuild with openssl-1.0.0c

* Sat Sep 18 2010 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1:4.1.1-2
- removed pcap header direction
- added URL tag

* Sun May 23 2010 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1:4.1.1-1
- new upstream release
- updated Patch10
- built with new toolchain

* Sat Apr 25 2009 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1:4.0.0-2
- spec in UTF-8
- added BuildRequires: libpcap-devel instead of libpcap
- changed Group to Applications/System

* Thu Oct 30 2008 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1:4.0.0-1
- new upstream release with libpcap 1.0.0

* Mon Apr 14 2008 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 1:3.9.8-2
- built again with libpcap-0.9.8 for sure this time

* Sat Apr 12 2008 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1:3.9.8-1vl5
- new upstream release

* Sat Sep  1 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1:3.9.7-0vl1
- new upstream release

* Sat Jul  7 2007 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1:3.9.6-0vl1
- new upstream release

* Mon May 21 2007 MATSUBAYASHI Kohji <shaolin@vinelinux.org> 1:3.9.3-0vl3
- rebuilt with new toolchain

* Fri Aug 26 2005 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1:3.9.3-0vl2
- dropped --with-user option

* Mon Aug 22 2005 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1:3.9.3-0vl1
- new upstream release
- some patches are imported from fedora package
- build with libpcap 0.9.3
- changed BuildRequire kernel-headers to glibc-kernheaders

* Sun Jun 13 2004 Daisuke SUZUKI <daisuke@linux.or.jp> 1:3.8.3-0vl1
- new upstream release
- some patches are imported from fedora package

* Sat Oct 11 2003 Ryoichi INAGAKI <ryo1@bc.wakwak.com> 1:3.7.2-0vl1
- updated to 3.7.2
- fixed patches based on Redhat Rawhide
- rebuild with libpcap-0.7.2
- s/Copyright/License/

* Fri Feb 21 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 1:3.7.1-0vl2
- split out libpcap, Requires: libpcap

* Fri Feb 21 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 1:3.7.1-0vl1
- update to new upstream release tcpdump 3.7.1, arpwatch 0.7.1
- drop unneeded patches
- use autoconf213, automake14
- split out arpwatch

* Fri Feb 21 2003 Daisuke SUZUKI <daisuke@linux.or.jp> 1:3.6.2-13vl2
- add patch16 to fix  print_bgp security bug
  - errata 20030221-3

* Wed Jun 12 2002 Daisuke SUZUKI <daisuke@linux.or.jp> 1:3.6.2-13vl1
- merged with 3.6.2-13
- fix buffer overflow for errata
  * Thu May 16 2002 Harald Hoyer <harald@redhat.de> 12:3.6.2-13
  - added official 3.6.3 fix
  - fixed 6.2 compat #63113
  * Wed Jan 23 2002 Harald Hoyer <harald@redhat.de> 12:3.6.2-12
  - tcpdump-3.6.2-snaplen.patch added to fix #55145
  * Tue Dec 18 2001 Harald Hoyer <harald@redhat.de> 12:3.6.2-10
  - took old purge patch for filters
  - fixed #54225,#58346
  - drop root by default #49635
  - fixed #54593
  - fixed #57711

* Thu Oct 25 2001 IWAI Masaharu <iwaim@cc.mbn.or.jp>
- 3.6.2-9vl1
- used PRM macros
- changed File Name to Package Name in Prereq tag
- marged 3.6.2-9 (RedHat7.2)

  * Tue Jan 23 2001 MATSUBAYASHI 'Shaolin' Kohji <shaolin@rhythmaning.org>
  - 3.4-19vl2
  - use better macros
  
  * Thu Sep 21 2000 Yoshihiro Kajiki <kajiki@ylug.org>
  - add libpcap-0.4-guy-gerald.patch to fix the timeout problem (by Ethereal)
  - add Japanese summarys and descriptions
  - modify spec file to build as a normal user
  
  * Thu Feb 17 2000 Bernhard Rosenkraenzer <bero@redhat.com>
  - Compile shared libpcap with -fPIC (Bug #6342)
  
  * Wed Feb 02 2000 Cristian Gafton <gafton@redhat.com>
  - fix descriptions
  - man pages are compressed
  
  * Wed Dec 22 1999 Jeff Johnson <jbj@redhat.com>
  - remove sparc64 SIOCGIFNAME hack, not needed with (at least) kernel 2.2.12-40.
  - upgrade to ANK ss991030 snapshot with pcap magic fix (#6773).
  - add getprotobyname lookup (#6725).
  - getservbyname port lookup appears functional (#7569).
  - remove uid 2090 backdoor (sorry Dave) (#7116).
  
  * Thu Sep 09 1999 Cristian Gafton <gafton@redhat.com>
  - fox the pcap.h header
  
  * Fri Aug 20 1999 Jeff Johnson <jbj@redhat.com>
  - prevent segfault on obscure spoofed ip header (#4634).
  
  * Wed Aug 18 1999 Jeff Johnson <jbj@redhat.com>
  - add defattr to arpwatch (#4591).
  
  * Mon Aug 16 1999 Bill Nottingham <notting@redhat.com>
  - initscript munging

  * Sun Aug  8 1999 Jeff Johnson <jbj@redhat.com>
  - add -DWORDS_BIGINDIAN to tcpdump compile on sparc sparc61.
  
  * Tue Aug  3 1999 Jeff Johnson <jbj@redhat.com>
  - include A. Kuznetsov's patches to libpcap/tcpdump.
  - added arpsnmp to package (#3258).
  - arp2ethers written for different of awk (#4326).

  * Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> 
  - auto rebuild in the new build environment (release 10)

  * Fri Mar 19 1999 Jeff Johnson <jbj@redhat.com>
  - strip binaries.
  
  * Wed Jan 13 1999 Bill Nottingham <notting@redhat.com>
  - autoconf fixes for arm

  * Tue Sep 29 1998 Jeff Johnson <jbj@redhat.com>
  - libpcap description typo.

  * Sat Sep 19 1998 Jeff Johnson <jbj@redhat.com>
  - fix arpwatch summary line.
  
  * Mon Aug 17 1998 Jeff Johnson <jbj@redhat.com>
  - enable arpwatch
  
  * Mon Aug  3 1998 Jeff Johnson <jbj@redhat.com>
  - separate package for libpcap.
  - update tcpdump to 3.4, libpcap to 0.4.
  - added arpwatch (but disabled for now)
  
  * Thu May 07 1998 Prospector System <bugs@redhat.com>
  - translations modified for de, fr, tr
  
  * Sat May  2 1998 Alan Cox <alan@rehat.com>
  - Added the SACK printing fix so you can dump Linux 2.1+.
  
  * Tue Oct 21 1997 Erik Troan <ewt@redhat.com>
  - updated to release 3.4a5
  - uses a buildroot and %attr 
  
  * Thu Jul 17 1997 Erik Troan <ewt@redhat.com>
  - built against glibc

* Fri Aug 31 2001 Harald Hoyer <harald@redhat.de> 12:3.6.2-9
- took better fix for #52654 from tcpdump cvs

* Thu Aug 30 2001 Harald Hoyer <harald@redhat.de> 11:3.6.2-8
- fixed #52654

* Thu Jul 19 2001 Harald Hoyer <harald@redhat.de> 10:3.6.2-7
- added shared library to libpcap (#47174)
- afs printing security patch (#49294)

* Wed Jun 20 2001 Harald Hoyer <harald@redhat.de>
- use initgroups, instead of setgroups

* Mon Jun 18 2001 Harald Hoyer <harald@redhat.de>
- added dropgroup patches (#44563)

* Mon May 07 2001 Harald Hoyer <harald@redhat.de>
- switched to Pekka's tcpdump-3.6.2 package
- incremented epoch

* Sat Apr 14 2001 Pekka Savola <pekkas@netcore.fi>
- fix building of tcpslice on glibc 2.2.2 (time.h)
- disable /etc/init.d requirement and fix %post scripts in arpwatch

* Wed Feb 14 2001 Harald Hoyer <harald@redhat.de>
- glibc sys/time -> time include patch

* Wed Feb  7 2001 Trond Eivind Glomsr <teg@redhat.com>
- Add space to this check

* Wed Feb 07 2001 Harald Hoyer <harald@redhat.com>
- added check for presence of /etc/sysconfig/arpwatch (#23172)

* Wed Feb  7 2001 Pekka Savola <pekkas@netcore.fi>
- update to 3.6.2, 0.6.2 and new CVS of tcpslice.
- i18n'ize arpwatch init script

* Fri Feb  2 2001 Trond Eivind Glomsr <teg@redhat.com>
- i18nize initscript

* Mon Jan 29 2001 Harald Hoyer <harald@redhat.com>
- fixed EINTR stopping for e.g. SIGSTOP. (#22008)
- added -u option for tcpdump (#20231)
- new arpwatch version (#23172)
- added "all" and "one" interface for -i (#20907)
- added arpwatch sysconfig (#23172)

* Mon Jan 22 2001 Harald Hoyer <harald@redhat.com>
- more (potential) overflows in libpcap. #21373
- documentation fix for #20906

* Sun Jan 14 2001 Pekka Savola <pekkas@netcore.fi>
- use --enable-ipv6
- Add two patches from CVS to enhance 802.2 printing, and more importantly,
  to be able to specify 'no stp'

* Sat Jan 13 2001 Pekka Savola <pekkas@netcore.fi>
- Make SMB printing output a lot more quiet unless in verbose mode.
- Make -n resolve port/protocol numbers but not hostnames, -nn for no
  resolving at all
- Separate droproot patch from a more generic man/usage fix one
- Add non-promiscuous mode -by default patch, but don't apply it by default

* Thu Jan 11 2001 Pekka Savola <pekkas@netcore.fi>
- Update to tcpdump 3.6.1 and libpcap 0.6.1 releases.

* Mon Jan  8 2001 Pekka Savola <pekkas@netcore.fi>
- Update to 20010108 CVS, disable some upstreamed patches.
- Change some additional .1 pages to .8.
- Add droproot patch, some --usage and man page fixes.

* Mon Jan  1 2001 Pekka Savola <pekkas@netcore.fi>
- Initial packaging with latest tcpdump.org CVS tcpdump-3.6 and libpcap-0.6.
- add earlier print-domain.c, the latest is segfaulting
- don't unnecesessarily include snprintf.o, it didn't compile with gcc 2.96 anyway
- don't use savestr, require openssl, tweak tweak tweak
- add tcpslice, patch it a bit for egcs detection

* Sun Dec 31 2000 Pekka Savola <pekkas@netcore.fi>
- tcpdump: spice up the manpage about interfaces
- tcpdump: add 'all' and 'any' keywords to -i, saner default behaviour.
- upgrade arpwatch to 2.1a10

* Sun Nov 26 2000 Jeff Johnson <jbj@redhat.com>
- more (potential) overflows in libpcap.

* Sun Nov 12 2000 Jeff Johnson <jbj@redhat.com>
- eliminate still more buffer overflows (from FreeBSD) (#20069).

* Thu Nov  2 2000 Jeff Johnson <jbj@redhat.com>
- eliminate more buffer overflows (from FreeBSD) (#20069).
- 802.1q ether type incorrect (#19850).
- add -u flag to drop arpwatch privs (#19696).

* Sun Oct 15 2000 Jeff Johnson <jbj@redhat.com>
- updated ethercodes.dat

* Thu Oct 12 2000 Jeff Johnson <jbj@redhat.com>
- fix arpwatch tmp race (#18943).

* Fri Aug 11 2000 Bill Nottingham <notting@redhat.com>
- fix condrestart

* Fri Aug 11 2000 Jeff Johnson <jbj@redhat.com>
- correct arpsnmp man pages (#15442).
- don't print harmless ENOPROTOOPT message (#13518).

* Fri Aug  4 2000 Jeff Johnson <jbj@redhat.com>
- rebuild with final kernel headers (#13518).

* Sat Jul 22 2000 Jeff Johnson <jbj@redhat.com>
- add STP patch (#14112).

* Fri Jul 14 2000 Matt Wilson <msw@redhat.com>
- source /etc/init.d/functions
- back out /etc/init.d/arpwatch, place file in /etc/rc.d
- move initscript to /etc/init.d
- changed initscript to use start() and stop() functions
- added condrestart to init script
- added %%post %%preun %%postun scripts to register arpwatch script
- added Prereq: for all things needed in post/preun/postun

* Wed Jul 12 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild

* Tue Jul 11 2000 Jeff Johnson <jbj@redhat.com>
- updated man page and help (pekkas@netcore.fi) (#10739 et al).

* Sun Jun 18 2000 Jeff Johnson <jbj@redhat/com>
- FHS packaging.

* Tue May  9 2000 Bill Nottingham <notting@redhat.com>
- minor tweaks for ia64 (prototypes)

* Thu Feb 17 2000 Bernhard Rosenkraenzer <bero@redhat.com>
- Compile shared libpcap with -fPIC (Bug #6342)

* Wed Feb 02 2000 Cristian Gafton <gafton@redhat.com>
- fix descriptions
- man pages are compressed

* Wed Dec 22 1999 Jeff Johnson <jbj@redhat.com>
- remove sparc64 SIOCGIFNAME hack, not needed with (at least) kernel 2.2.12-40.
- upgrade to ANK ss991030 snapshot with pcap magic fix (#6773).
- add getprotobyname lookup (#6725).
- getservbyname port lookup appears functional (#7569).
- remove uid 2090 backdoor (sorry Dave) (#7116).

* Thu Sep 09 1999 Cristian Gafton <gafton@redhat.com>
- fox the pcap.h header

* Fri Aug 20 1999 Jeff Johnson <jbj@redhat.com>
- prevent segfault on obscure spoofed ip header (#4634).

* Wed Aug 18 1999 Jeff Johnson <jbj@redhat.com>
- add defattr to arpwatch (#4591).

* Mon Aug 16 1999 Bill Nottingham <notting@redhat.com>
- initscript munging

* Sun Aug  8 1999 Jeff Johnson <jbj@redhat.com>
- add -DWORDS_BIGINDIAN to tcpdump compile on sparc sparc61.

* Tue Aug  3 1999 Jeff Johnson <jbj@redhat.com>
- include A. Kuznetsov's patches to libpcap/tcpdump.
- added arpsnmp to package (#3258).
- arp2ethers written for different of awk (#4326).

* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com> 
- auto rebuild in the new build environment (release 10)

* Fri Mar 19 1999 Jeff Johnson <jbj@redhat.com>
- strip binaries.

* Wed Jan 13 1999 Bill Nottingham <notting@redhat.com>
- autoconf fixes for arm

* Tue Sep 29 1998 Jeff Johnson <jbj@redhat.com>
- libpcap description typo.

* Sat Sep 19 1998 Jeff Johnson <jbj@redhat.com>
- fix arpwatch summary line.

* Mon Aug 17 1998 Jeff Johnson <jbj@redhat.com>
- enable arpwatch

* Mon Aug  3 1998 Jeff Johnson <jbj@redhat.com>
- separate package for libpcap.
- update tcpdump to 3.4, libpcap to 0.4.
- added arpwatch (but disabled for now)

* Thu May 07 1998 Prospector System <bugs@redhat.com>
- translations modified for de, fr, tr

* Sat May  2 1998 Alan Cox <alan@rehat.com>
- Added the SACK printing fix so you can dump Linux 2.1+.

* Tue Oct 21 1997 Erik Troan <ewt@redhat.com>
- updated to release 3.4a5
- uses a buildroot and %attr 

* Thu Jul 17 1997 Erik Troan <ewt@redhat.com>
- built against glibc