Accepting request 79207 from home:cyliu:branches:network:utilities

security fixes (#bnc 706728)

OBS-URL: https://build.opensuse.org/request/show/79207
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=43

wireshark-1.4.8-CVE-2011-2597.patch

@@ -0,0 +1,120 @@
+--- trunk/wiretap/ascend_scanner.l	2011/06/08 18:26:50	37624
++++ trunk/wiretap/ascend_scanner.l	2011/06/08 20:58:44	37625
+@@ -16,17 +16,17 @@
+  *
+  * Wiretap Library
+  * Copyright (c) 1998 by Gilbert Ramirez <gram@alumni.rice.edu>
+- * 
++ *
+  * This program is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU General Public License
+  * as published by the Free Software Foundation; either version 2
+  * of the License, or (at your option) any later version.
+- * 
++ *
+  * This program is distributed in the hope that it will be useful,
+  * but WITHOUT ANY WARRANTY; without even the implied warranty of
+  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  * GNU General Public License for more details.
+- * 
++ *
+  * You should have received a copy of the GNU General Public License
+  * along with this program; if not, write to the Free Software
+  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+@@ -55,7 +55,7 @@
+ extern char *ascend_ra_ptr;
+ extern char *ascend_ra_last;
+ #define YY_INPUT(buf,result,max_size) { int c = file_getc(yy_fh);  \
+-result = (c==EOF) ? YY_NULL : (buf[0] = c, 1); } 
++result = (c==EOF) ? YY_NULL : (buf[0] = c, 1); }
+ 
+ int at_eof;
+ int mul, scratch;
+@@ -159,17 +159,17 @@
+   return WDS_PREFIX;
+ }
+ 
+-<sc_ether_direction>[^\(]+ {
++<sc_ether_direction>[^\(]{2,20} {
+   BEGIN(sc_gen_task);
+-  return STRING; 
++  return STRING;
+ }
+ 
+-<sc_isdn_call>[^\/\(:]+ {
++<sc_isdn_call>[^\/\(:]{2,20} {
+   BEGIN(sc_gen_task);
+   return DECNUM;
+ }
+ 
+-<sc_wds_user>[^:]+ {
++<sc_wds_user>[^:]{2,20} {
+   char *atcopy = g_strdup(ascendtext);
+   char colon = input();
+   char after = input();
+@@ -200,7 +200,7 @@
+   return DECNUM;
+ }
+ 
+-<sc_gen_task>(0x|0X)?{H}+ {
++<sc_gen_task>(0x|0X)?{H}{2,8} {
+   BEGIN(sc_gen_time_s);
+   ascendlval.d = strtoul(ascendtext, NULL, 16);
+   return HEXNUM;
+@@ -210,13 +210,13 @@
+   return STRING;
+ }
+ 
+-<sc_gen_time_s>{D}+ {
++<sc_gen_time_s>{D}{1,10} {
+   BEGIN(sc_gen_time_u);
+   ascendlval.d = strtol(ascendtext, NULL, 10);
+   return DECNUM;
+ }
+ 
+-<sc_gen_time_u>{D}+ {
++<sc_gen_time_u>{D}{1,6} {
+   char *atcopy = g_strdup(ascendtext);
+   BEGIN(sc_gen_octets);
+   /* only want the most significant 2 digits. convert to usecs */
+@@ -227,7 +227,7 @@
+   return DECNUM;
+ }
+ 
+-<sc_gen_octets>{D}+ {
++<sc_gen_octets>{D}{1,10} {
+   BEGIN(sc_gen_counter);
+   ascendlval.d = strtol(ascendtext, NULL, 10);
+   return DECNUM;
+@@ -243,11 +243,11 @@
+   return HEXBYTE;
+ }
+ 
+-<sc_gen_byte>" "{4} { 
++<sc_gen_byte>" "{4} {
+   BEGIN(sc_chardisp);
+ }
+ 
+-<sc_chardisp>.*	{ 
++<sc_chardisp>.*	{
+   BEGIN(sc_gen_byte);
+ }
+ 
+@@ -315,7 +315,7 @@
+   return WDD_CHUNK;
+ }
+ 
+-<sc_wdd_chunknum>{H}+ {
++<sc_wdd_chunknum>{H}{1,8} {
+   BEGIN(sc_wdd_type);
+   ascendlval.d = strtoul(ascendtext, NULL, 16);
+   return HEXNUM;
+@@ -349,7 +349,7 @@
+ 
+ /*
+  * We want to stop processing when we get to the end of the input.
+- * (%option noyywrap is not used because if used then 
++ * (%option noyywrap is not used because if used then
+  * some flex versions (eg: 2.5.35) generate code which causes
+  * warnings by the Windows VC compiler).
+  */

wireshark-1.4.8-CVE-2011-2698.patch

@@ -0,0 +1,15 @@
+--- trunk/epan/dissectors/packet-ansi_a.c	2011/07/07 13:57:08	37929
++++ trunk/epan/dissectors/packet-ansi_a.c	2011/07/07 16:37:33	37930
+@@ -2682,10 +2682,10 @@
+         break;
+ 
+     default:
+-        proto_tree_add_text(tree, tvb, curr_offset, len - 1,
++        proto_tree_add_text(tree, tvb, curr_offset, len,
+             "Cell ID - Non IOS format");
+ 
+-        curr_offset += (len - 1);
++        curr_offset += len;
+         break;
+     }
+ 

wireshark.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Aug 10 06:25:28 UTC 2011 - cyliu@novell.com
+
+- security fixes (#bnc 706728)
+  * CVE-2011-2597: Lucent/Ascend file parser susceptible to infinite loop
+  * CVE-2011-2698: ANSI MAP dissector susceptible to infinite loop
+
 -------------------------------------------------------------------
 Mon Jul 18 07:43:08 UTC 2011 - cyliu@novell.com
 

wireshark.spec

@@ -43,6 +43,8 @@ Patch7:        %{name}-1.2.17-CVE-2011-1959.patch
 Patch8:        %{name}-1.2.17-CVE-2011-2174.patch
 Patch9:        %{name}-1.2.17-CVE-2011-2175.patch
 Patch10:        %{name}-1.2.17-CVE-2011-1958.patch
+Patch11:        %{name}-1.4.8-CVE-2011-2597.patch
+Patch12:        %{name}-1.4.8-CVE-2011-2698.patch
 BuildRequires:  bison
 BuildRequires:  cairo-devel
 BuildRequires:  flex
@@ -110,6 +112,8 @@ view the reconstructed stream of a TCP session.
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
+%patch12 -p1
 
 sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop
 # run as root on 11.3 and older - bnc#349782