From owner-svn-src-stable@freebsd.org Wed May 1 06:59:05 2019 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0DD63158CD66; Wed, 1 May 2019 06:59:05 +0000 (UTC) (envelope-from oshogbo@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A8E098E49B; Wed, 1 May 2019 06:59:04 +0000 (UTC) (envelope-from oshogbo@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 8294F1DC44; Wed, 1 May 2019 06:59:04 +0000 (UTC) (envelope-from oshogbo@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x416x4QD003862; Wed, 1 May 2019 06:59:04 GMT (envelope-from oshogbo@FreeBSD.org) Received: (from oshogbo@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x416x4wg003861; Wed, 1 May 2019 06:59:04 GMT (envelope-from oshogbo@FreeBSD.org) Message-Id: <201905010659.x416x4wg003861@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: oshogbo set sender to oshogbo@FreeBSD.org using -f From: Mariusz Zaborski Date: Wed, 1 May 2019 06:59:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r346985 - stable/11/contrib/tcpdump X-SVN-Group: stable-11 X-SVN-Commit-Author: oshogbo X-SVN-Commit-Paths: stable/11/contrib/tcpdump X-SVN-Commit-Revision: 346985 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: A8E098E49B X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.74 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.74)[-0.742,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 May 2019 06:59:05 -0000 Author: oshogbo Date: Wed May 1 06:59:04 2019 New Revision: 346985 URL: https://svnweb.freebsd.org/changeset/base/346985 Log: MFC r346263: tcpdump: disable Capsicum if -E option is provided. The -E is used to provide a secret for decrypting IPsec. The secret may be provided through command line or as the file. The problem is that tcpdump doesn't support yet opening files in capability mode and the file may contain a list of the files to open. As a workaround, for now, let's just disable capsicum if the -E the option is provided. PR: 236819 MFC after: 2 weeks Modified: stable/11/contrib/tcpdump/tcpdump.c Directory Properties: stable/11/ (props changed) Modified: stable/11/contrib/tcpdump/tcpdump.c ============================================================================== --- stable/11/contrib/tcpdump/tcpdump.c Wed May 1 05:42:13 2019 (r346984) +++ stable/11/contrib/tcpdump/tcpdump.c Wed May 1 06:59:04 2019 (r346985) @@ -2063,7 +2063,8 @@ main(int argc, char **argv) } #ifdef HAVE_CAPSICUM - cansandbox = (VFileName == NULL && zflag == NULL); + cansandbox = (VFileName == NULL && zflag == NULL && + ndo->ndo_espsecret == NULL); #ifdef HAVE_CASPER cansandbox = (cansandbox && (ndo->ndo_nflag || capdns != NULL)); #else