libpcap: update to 1.10.6

Vulnerabilities fixed: CVE-2025-11961 and CVE-2025-11964
Various improvements and bug fixes.
Changelog: https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.10.6/CHANGES

Upstreamed patches removed:
  001-Add-support-for-Realtek-Ethertype-DSA-data.patch
  002-Linux-handle-other-DSA-tags.patch

Signed-off-by: Ivan Pavlov <[email protected]>
Link: https://github.com/openwrt/openwrt/pull/21744
(cherry picked from commit 9a7ddcac3f74aeecbcddd3cd033302fb7529deae)
Link: https://github.com/openwrt/openwrt/pull/21756
Signed-off-by: Hauke Mehrtens <[email protected]>

package/libs/libpcap/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libpcap
-PKG_VERSION:=1.10.5
-PKG_RELEASE:=3
+PKG_VERSION:=1.10.6
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.tcpdump.org/release/
-PKG_HASH:=37ced90a19a302a7f32e458224a00c365c117905c2cd35ac544b6880a81488f0
+PKG_HASH:=872dd11337fe1ab02ad9d4fee047c9da244d695c6ddf34e2ebb733efd4ed8aa9
 
 PKG_MAINTAINER:=Felix Fietkau <[email protected]>
 PKG_LICENSE:=BSD-3-Clause

package/libs/libpcap/patches/001-Add-support-for-Realtek-Ethertype-DSA-data.patch

@@ -1,28 +0,0 @@
-From fcb2cbc3a306afcf7785a60a74dbea431e609d76 Mon Sep 17 00:00:00 2001
-From: Luiz Angelo Daros de Luca <[email protected]>
-Date: Thu, 6 Jan 2022 15:51:54 -0300
-Subject: [PATCH 1/2] Add support for Realtek (Ethertype) DSA data
-
-Realtek switchtag rtl4a (4 bytes long, protocol 0xA) and rtl8_4 (8 bytes
-long, protocol 0x04) are Ethertype DSA tags, inserted in the Ethernet
-header similar to an 802.1Q tag. Both shares the same Ethertype 0x8899
-as other Realtek proprietary protocols.
-
-Realtek switchtag rtl8_4t is identical to rtl8_4 but positioned before
-the CRC, at the end of the Ethernet frame.
----
- pcap-linux.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/pcap-linux.c
-+++ b/pcap-linux.c
-@@ -5281,6 +5281,9 @@ static struct dsa_proto {
- 	{ "brcm-prepend", DLT_DSA_TAG_BRCM_PREPEND },
- 	{ "dsa", DLT_DSA_TAG_DSA },
- 	{ "edsa", DLT_DSA_TAG_EDSA },
-+	{ "rtl4a", DLT_EN10MB },
-+	{ "rtl8_4", DLT_EN10MB },
-+	{ "rtl8_4t", DLT_EN10MB },
- };
- 
- static int

package/libs/libpcap/patches/002-Linux-handle-other-DSA-tags.patch

@@ -1,322 +0,0 @@
-From 7d298976beff0cce310fb53a430f82b53f43a394 Mon Sep 17 00:00:00 2001
-From: Guy Harris <[email protected]>
-Date: Fri, 14 Feb 2025 19:12:24 -0800
-Subject: [PATCH 2/2] Linux: handle other DSA tags.
-
-Many of those entries need their own LINKTYPE_/DLT_? values, including
-tcpdump and Wireshark support for same, but at least this lets you see
-raw hex data from a capture.
-
-Fixes #1367.
-
-Supercedes #1451.
----
- pcap-linux.c | 284 ++++++++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 280 insertions(+), 4 deletions(-)
-
---- a/pcap-linux.c
-+++ b/pcap-linux.c
-@@ -5267,23 +5267,299 @@ iface_get_offload(pcap_t *handle _U_)
- }
- #endif /* SIOCETHTOOL */
- 
-+/*
-+ * As per
-+ *
-+ *    https://www.kernel.org/doc/html/latest/networking/dsa/dsa.html#switch-tagging-protocols
-+ *
-+ * Type 1 means that the tag is prepended to the Ethernet packet.
-+ * LINKTYPE_ETHERNET/DLT_EN10MB doesn't work, as it would try to
-+ * dissect the tag data as the Ethernet header.  These should get
-+ * their own LINKTYPE_DLT_ values.
-+ *
-+ * Type 2 means that the tag is inserted into the Ethernet header
-+ * after the source address and before the type/length field.
-+ *
-+ * Type 3 means that tag is a packet trailer.  LINKTYPE_ETHERNET/DLT_EN10MB
-+ * works,  unless the next-layer protocol has no length field of its own,
-+ * so that the tag might be treated as part of the payload. These should
-+ * get their own LINKTYPE_/DLT_ values.
-+ *
-+ * If you get an "unsupported DSA tag" error, please add the tag to here,
-+ * complete with a full comment indicating whether it's type 1, 2, or 3,
-+ * and, for type 2, indicating whether it has an Ethertype and, if so
-+ * what that type is, and whether it's registered with the IEEE or is
-+ * self-assigned. Also, point to *something* that indicates the format
-+ * of the tag.
-+ */
- static struct dsa_proto {
- 	const char *name;
- 	bpf_u_int32 linktype;
- } dsa_protos[] = {
- 	/*
--	 * None is special and indicates that the interface does not have
--	 * any tagging protocol configured, and is therefore a standard
--	 * Ethernet interface.
-+	 * Type 1. See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_ar9331.c
-+	 */
-+	{ "ar9331", DLT_EN10MB },
-+
-+	/*
-+	 * Type 2, without an Ethertype at the beginning,
-+	 * assigned a LINKTYPE_/DLT_ value.
- 	 */
--	{ "none", DLT_EN10MB },
- 	{ "brcm", DLT_DSA_TAG_BRCM },
-+
-+	/*
-+	 * Type 2, with Ethertype 0x8874, assigned to Broadcom.
-+	 *
-+	 * This doies not require a LINKTYPE_/DLT_ value, it
-+	 * just requires that Ethertype 0x8874 be dissected
-+	 * properly.
-+	 */
-+	{ "brcm-legacy", DLT_EN10MB },
-+
-+	/*
-+	 * Type 1.
-+	 */
- 	{ "brcm-prepend", DLT_DSA_TAG_BRCM_PREPEND },
-+
-+	/*
-+	 * Type 2, without an Etherype at he beginning,
-+	 * assigned a LINKTYPE_/DLT_ value.
-+	 */
- 	{ "dsa", DLT_DSA_TAG_DSA },
-+
-+	/*
-+	 * Type 2, with an Ethertype field, but without
-+	 * an assigned Ethertype value that can be relied
-+	 * on; assigned a LINKTYPE_/DLT_ value.
-+	 */
- 	{ "edsa", DLT_DSA_TAG_EDSA },
-+
-+	/*
-+	 * Type 1, with different transmit and receive headers,
-+	 * so can't really be handled well with the current
-+	 * libpcap API and with pcap files.  Use DLT_LINUX_SLL,
-+	 * to get the direction?
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_gswip.c
-+	 */
-+	{ "gswip", DLT_EN10MB },
-+
-+	/*
-+	 * Type 3. See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_hellcreek.c
-+	 */
-+	{ "hellcreek", DLT_EN10MB },
-+
-+	/*
-+	 * Type 3, with different transmit and receive headers,
-+	 * so can't really be handled well with the current
-+	 * libpcap API and with pcap files.  Use DLT_LINUX_SLL,
-+	 * to get the direction?
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_ksz.c#L102
-+	 */
-+	{ "ksz8795", DLT_EN10MB },
-+
-+	/*
-+	 * Type 3, with different transmit and receive headers,
-+	 * so can't really be handled well with the current
-+	 * libpcap API and with pcap files.  Use DLT_LINUX_SLL,
-+	 * to get the direction?
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_ksz.c#L160
-+	 */
-+	{ "ksz9477", DLT_EN10MB },
-+
-+	/*
-+	 * Type 3, with different transmit and receive headers,
-+	 * so can't really be handled well with the current
-+	 * libpcap API and with pcap files.  Use DLT_LINUX_SLL,
-+	 * to get the direction?
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_ksz.c#L341
-+	 */
-+	{ "ksz9893", DLT_EN10MB },
-+
-+	/*
-+	 * Type 3, with different transmit and receive headers,
-+	 * so can't really be handled well with the current
-+	 * libpcap API and with pcap files.  Use DLT_LINUX_SLL,
-+	 * to get the direction?
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_ksz.c#L386
-+	 */
-+	{ "lan937x", DLT_EN10MB },
-+
-+	/*
-+	 * Type 2, with Ethertype 0x8100; the VID can be interpreted
-+	 * as per
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_lan9303.c#L24
-+	 *
-+	 * so giving its own LINKTYPE_/DLT_ value would allow a
-+	 * dissector to do so.
-+	 */
-+	{ "lan9303", DLT_EN10MB },
-+
-+	/*
-+	 * Type 2, without an Etherype at he beginning,
-+	 * should be assigned a LINKTYPE_/DLT_ value.
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_mtk.c#L15
-+	 */
-+	{ "mtk", DLT_EN10MB },
-+
-+	/*
-+	 * None is special and indicates that the interface does not have
-+	 * any tagging protocol configured, and is therefore a standard
-+	 * Ethernet interface.
-+	 */
-+	{ "none", DLT_EN10MB },
-+
-+	/*
-+	 * Type 1.
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_ocelot.c
-+	 */
-+	{ "ocelot", DLT_EN10MB },
-+
-+	/*
-+	 * Type 1.
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_ocelot.c
-+	 */
-+	{ "seville", DLT_EN10MB },
-+
-+	/*
-+	 * Type 2, with Ethertype 0x8100; the VID can be interpreted
-+	 * as per
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_8021q.c#L15
-+	 *
-+	 * so giving its own LINKTYPE_/DLT_ value would allow a
-+	 * dissector to do so.
-+	 */
-+	{ "ocelot-8021q", DLT_EN10MB },
-+
-+	/*
-+	 * Type 2, without an Etherype at he beginning,
-+	 * should be assigned a LINKTYPE_/DLT_ value.
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_qca.c
-+	 */
-+	{ "qca", DLT_EN10MB },
-+
-+	/*
-+	 * Type 2, with Ethertype 0x8899, assigned to Realtek;
-+	 * they use it for several on-the-Ethernet protocols
-+	 * as well, but there are fields that allow the two
-+	 * tag formats, and all the protocols in question,
-+	 * to be distinguiished from one another.
-+	 *
-+	 * This doies not require a LINKTYPE_/DLT_ value, it
-+	 * just requires that Ethertype 0x8899 be dissected
-+	 * properly.
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_rtl4_a.c
-+	 *
-+	 *    http://realtek.info/pdf/rtl8306sd%28m%29_datasheet_1.1.pdf
-+	 *
-+	 * and various pages in tcpdump's print-realtek.c and Wireshark's
-+	 * epan/dissectors/packet-realtek.c for the other protocols.
-+	 */
- 	{ "rtl4a", DLT_EN10MB },
-+
-+	/*
-+	 * Type 2, with Ethertype 0x8899, assigned to Realtek;
-+	 * see above.
-+	 */
- 	{ "rtl8_4", DLT_EN10MB },
-+
-+	/*
-+	 * Type 3, with the same tag format as rtl8_4.
-+	 */
- 	{ "rtl8_4t", DLT_EN10MB },
-+
-+	/*
-+	 * Type 2, with Ethertype 0xe001; that's probably
-+	 * self-assigned, so this really should ahve its
-+	 * own LINKTYPE_/DLT_ value.
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_rzn1_a5psw.c
-+	 */
-+	{ "a5psw", DLT_EN10MB },
-+
-+	/*
-+	 * Type 2, with Ethertype 0x8100 or the self-assigned
-+	 * 0xdadb, so this really should ahve its own
-+	 * LINKTYPE_/DLT_ value; that would also allow the
-+	 * VID of the tag to be dissected as per
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_8021q.c#L15
-+	 */
-+	{ "sja1105", DLT_EN10MB },
-+
-+	/*
-+	 * Type "none of the above", with both a header and trailer,
-+	 * with different transmit and receive tags.  Has
-+	 * Ethertype 0xdadc, which is probably self-assigned.
-+	 * This should really have its own LINKTYPE_/DLT_ value.
-+	 */
-+	{ "sja1110", DLT_EN10MB },
-+
-+	/*
-+	 * Type 3, as the name suggests.
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_trailer.c
-+	 */
-+	{ "trailer", DLT_EN10MB },
-+
-+	/*
-+	 * Type 2, with Ethertype 0x8100; the VID can be interpreted
-+	 * as per
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_8021q.c#L15
-+	 *
-+	 * so giving its own LINKTYPE_/DLT_ value would allow a
-+	 * dissector to do so.
-+	 */
-+	{ "vsc73xx-8021q", DLT_EN10MB },
-+
-+	/*
-+	 * Type 3.
-+	 *
-+	 * See
-+	 *
-+	 *    https://elixir.bootlin.com/linux/v6.13.2/source/net/dsa/tag_xrs700x.c
-+	 */
-+	{ "xrs700x", DLT_EN10MB },
- };
- 
- static int

package/libs/libpcap/patches/100-no-openssl.patch

@@ -1,6 +1,6 @@
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -1441,7 +1441,6 @@ if(ENABLE_REMOTE)
+@@ -1470,7 +1470,6 @@ if(ENABLE_REMOTE)
    #
    # OpenSSL/libressl.
    #

package/libs/libpcap/patches/102-skip-manpages.patch

@@ -9,7 +9,7 @@ Subject: [PATCH] skip manpages
 
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -3548,57 +3548,6 @@ if(NOT MSVC)
+@@ -3575,57 +3575,6 @@ if(NOT MSVC)
      if(MINGW)
          find_program(LINK_EXECUTABLE ln)
      endif(MINGW)

package/libs/libpcap/patches/300-Add-support-for-B.A.T.M.A.N.-Advanced.patch

@@ -220,7 +220,7 @@ Signed-off-by: Linus Lüssing <[email protected]>
  #endif
 --- a/gencode.c
 +++ b/gencode.c
-@@ -58,6 +58,8 @@
+@@ -51,6 +51,8 @@
  #include "sunatmpos.h"
  #include "pflog.h"
  #include "ppp.h"
@@ -229,7 +229,7 @@ Signed-off-by: Linus Lüssing <[email protected]>
  #include "pcap/sll.h"
  #include "pcap/ipnet.h"
  #include "arcnet.h"
-@@ -9704,6 +9706,168 @@ gen_geneve(compiler_state_t *cstate, bpf
+@@ -9846,6 +9848,168 @@ gen_geneve(compiler_state_t *cstate, bpf
  	return b1;
  }
  
@@ -412,7 +412,7 @@ Signed-off-by: Linus Lüssing <[email protected]>
  struct block *gen_atmtype_abbrev(compiler_state_t *, int);
 --- a/grammar.y.in
 +++ b/grammar.y.in
-@@ -383,6 +383,7 @@ DIAG_OFF_BISON_BYACC
+@@ -370,6 +370,7 @@ DIAG_OFF_BISON_BYACC
  %type	<i>	mtp2type
  %type	<blk>	mtp3field
  %type	<blk>	mtp3fieldvalue mtp3value mtp3listvalue
@@ -420,7 +420,7 @@ Signed-off-by: Linus Lüssing <[email protected]>
  
  
  %token  DST SRC HOST GATEWAY
-@@ -401,7 +402,7 @@ DIAG_OFF_BISON_BYACC
+@@ -388,7 +389,7 @@ DIAG_OFF_BISON_BYACC
  %token  LEN
  %token  IPV6 ICMPV6 AH ESP
  %token	VLAN MPLS
@@ -429,7 +429,7 @@ Signed-off-by: Linus Lüssing <[email protected]>
  %token  ISO ESIS CLNP ISIS L1 L2 IIH LSP SNP CSNP PSNP
  %token  STP
  %token  IPX
-@@ -698,11 +699,40 @@ other:	  pqual TK_BROADCAST	{ CHECK_PTR_
+@@ -685,11 +686,40 @@ other:	  pqual TK_BROADCAST	{ CHECK_PTR_
  	| PPPOES		{ CHECK_PTR_VAL(($$ = gen_pppoes(cstate, 0, 0))); }
  	| GENEVE pnum		{ CHECK_PTR_VAL(($$ = gen_geneve(cstate, $2, 1))); }
  	| GENEVE		{ CHECK_PTR_VAL(($$ = gen_geneve(cstate, 0, 0))); }
@@ -472,7 +472,7 @@ Signed-off-by: Linus Lüssing <[email protected]>
  	| PF_RNR NUM		{ CHECK_PTR_VAL(($$ = gen_pf_rnr(cstate, $2))); }
 --- a/nametoaddr.c
 +++ b/nametoaddr.c
-@@ -134,8 +134,12 @@
+@@ -109,8 +109,12 @@
  
  #include "diag-control.h"
  
@@ -485,7 +485,7 @@ Signed-off-by: Linus Lüssing <[email protected]>
  #include "nametoaddr.h"
  
  #include "thread-local.h"
-@@ -597,6 +601,7 @@ PCAP_API_DEF struct eproto eproto_db[] =
+@@ -572,6 +576,7 @@ PCAP_API_DEF struct eproto eproto_db[] =
  	{ "moprc", ETHERTYPE_MOPRC },
  	{ "rarp", ETHERTYPE_REVARP },
  	{ "sca", ETHERTYPE_SCA },
@@ -493,7 +493,7 @@ Signed-off-by: Linus Lüssing <[email protected]>
  	{ (char *)0, 0 }
  };
  
-@@ -631,6 +636,60 @@ pcap_nametollc(const char *s)
+@@ -606,6 +611,60 @@ pcap_nametollc(const char *s)
  
  	while (p->s != 0) {
  		if (strcmp(p->s, s) == 0)
@@ -632,7 +632,7 @@ Signed-off-by: Linus Lüssing <[email protected]>
   * If a protocol is unknown, PROTO_UNDEF is returned.
 --- a/scanner.l
 +++ b/scanner.l
-@@ -365,6 +365,7 @@ mpls		return MPLS;
+@@ -343,6 +343,7 @@ mpls		return MPLS;
  pppoed		return PPPOED;
  pppoes		return PPPOES;
  geneve		return GENEVE;