Accepting request 79207 from home:cyliu:branches:network:utilities

security fixes (#bnc 706728) OBS-URL: https://build.opensuse.org/request/show/79207 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=43
2011-08-18 09:12:15 +00:00 · 2011-08-18 09:12:15 +00:00 · 429cb13517
commit 429cb13517
parent bd7bf7f8c2
4 changed files with 146 additions and 0 deletions
--- a/wireshark-1.4.8-CVE-2011-2597.patch
+++ b/wireshark-1.4.8-CVE-2011-2597.patch
@ -0,0 +1,120 @@
+--- trunk/wiretap/ascend_scanner.l	2011/06/08 18:26:50	37624
+++ trunk/wiretap/ascend_scanner.l	2011/06/08 20:58:44	37625
+@@ -16,17 +16,17 @@
+  *
+  * Wiretap Library
+  * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
+- * 
+ *
+  * This program is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU General Public License
+  * as published by the Free Software Foundation; either version 2
+  * of the License, or (at your option) any later version.
+- * 
+ *
+  * This program is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  * GNU General Public License for more details.
+- * 
+ *
+  * You should have received a copy of the GNU General Public License
+  * along with this program; if not, write to the Free Software
+  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+@@ -55,7 +55,7 @@
+ extern char *ascend_ra_ptr;
+ extern char *ascend_ra_last;
+ #define YY_INPUT(buf,result,max_size) { int c = file_getc(yy_fh);  \
+-result = (c==EOF) ? YY_NULL : (buf[0] = c, 1); } 
+result = (c==EOF) ? YY_NULL : (buf[0] = c, 1); }
+ 
+ int at_eof;
+ int mul, scratch;
+@@ -159,17 +159,17 @@
+   return WDS_PREFIX;
+ }
+ 
+-<sc_ether_direction>[^\(]+ {
+<sc_ether_direction>[^\(]{2,20} {
+   BEGIN(sc_gen_task);
+-  return STRING; 
+  return STRING;
+ }
+ 
+-<sc_isdn_call>[^\/\(:]+ {
+<sc_isdn_call>[^\/\(:]{2,20} {
+   BEGIN(sc_gen_task);
+   return DECNUM;
+ }
+ 
+-<sc_wds_user>[^:]+ {
+<sc_wds_user>[^:]{2,20} {
+   char *atcopy = g_strdup(ascendtext);
+   char colon = input();
+   char after = input();
+@@ -200,7 +200,7 @@
+   return DECNUM;
+ }
+ 
+-<sc_gen_task>(0x|0X)?{H}+ {
+<sc_gen_task>(0x|0X)?{H}{2,8} {
+   BEGIN(sc_gen_time_s);
+   ascendlval.d = strtoul(ascendtext, NULL, 16);
+   return HEXNUM;
+@@ -210,13 +210,13 @@
+   return STRING;
+ }
+ 
+-<sc_gen_time_s>{D}+ {
+<sc_gen_time_s>{D}{1,10} {
+   BEGIN(sc_gen_time_u);
+   ascendlval.d = strtol(ascendtext, NULL, 10);
+   return DECNUM;
+ }
+ 
+-<sc_gen_time_u>{D}+ {
+<sc_gen_time_u>{D}{1,6} {
+   char *atcopy = g_strdup(ascendtext);
+   BEGIN(sc_gen_octets);
+   /* only want the most significant 2 digits. convert to usecs */
+@@ -227,7 +227,7 @@
+   return DECNUM;
+ }
+ 
+-<sc_gen_octets>{D}+ {
+<sc_gen_octets>{D}{1,10} {
+   BEGIN(sc_gen_counter);
+   ascendlval.d = strtol(ascendtext, NULL, 10);
+   return DECNUM;
+@@ -243,11 +243,11 @@
+   return HEXBYTE;
+ }
+ 
+-<sc_gen_byte>" "{4} { 
+<sc_gen_byte>" "{4} {
+   BEGIN(sc_chardisp);
+ }
+ 
+-<sc_chardisp>.*	{ 
+<sc_chardisp>.*	{
+   BEGIN(sc_gen_byte);
+ }
+ 
+@@ -315,7 +315,7 @@
+   return WDD_CHUNK;
+ }
+ 
+-<sc_wdd_chunknum>{H}+ {
+<sc_wdd_chunknum>{H}{1,8} {
+   BEGIN(sc_wdd_type);
+   ascendlval.d = strtoul(ascendtext, NULL, 16);
+   return HEXNUM;
+@@ -349,7 +349,7 @@
+ 
+ /*
+  * We want to stop processing when we get to the end of the input.
+- * (%option noyywrap is not used because if used then 
+ * (%option noyywrap is not used because if used then
+  * some flex versions (eg: 2.5.35) generate code which causes
+  * warnings by the Windows VC compiler).
+  */
--- a/wireshark-1.4.8-CVE-2011-2698.patch
+++ b/wireshark-1.4.8-CVE-2011-2698.patch
@ -0,0 +1,15 @@
+--- trunk/epan/dissectors/packet-ansi_a.c	2011/07/07 13:57:08	37929
+++ trunk/epan/dissectors/packet-ansi_a.c	2011/07/07 16:37:33	37930
+@@ -2682,10 +2682,10 @@
+         break;
+ 
+     default:
+-        proto_tree_add_text(tree, tvb, curr_offset, len - 1,
+        proto_tree_add_text(tree, tvb, curr_offset, len,
+             "Cell ID - Non IOS format");
+ 
+-        curr_offset += (len - 1);
+        curr_offset += len;
+         break;
+     }
+ 
--- a/wireshark.changes
+++ b/wireshark.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Aug 10 06:25:28 UTC 2011 - cyliu@novell.com
+
+- security fixes (#bnc 706728)
+  * CVE-2011-2597: Lucent/Ascend file parser susceptible to infinite loop
+  * CVE-2011-2698: ANSI MAP dissector susceptible to infinite loop
+
 -------------------------------------------------------------------
 Mon Jul 18 07:43:08 UTC 2011 - cyliu@novell.com

--- a/wireshark.spec
+++ b/wireshark.spec
@ -43,6 +43,8 @@ Patch7:        %{name}-1.2.17-CVE-2011-1959.patch
 Patch8:        %{name}-1.2.17-CVE-2011-2174.patch
 Patch9:        %{name}-1.2.17-CVE-2011-2175.patch
 Patch10:        %{name}-1.2.17-CVE-2011-1958.patch
+Patch11:        %{name}-1.4.8-CVE-2011-2597.patch
+Patch12:        %{name}-1.4.8-CVE-2011-2698.patch
 BuildRequires:  bison
 BuildRequires:  cairo-devel
 BuildRequires:  flex
@ -110,6 +112,8 @@ view the reconstructed stream of a TCP session.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
+%patch12 -p1

 sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop
 # run as root on 11.3 and older - bnc#349782