From 4987763d1456da1f42d1148e27cbf8d09068a18315df32a20b03b79935709cce Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 10 May 2011 11:13:33 +0000 Subject: [PATCH 1/2] Accepting request 69943 from home:cyliu:branches:network:utilities fix bug #688109 & #685023 OBS-URL: https://build.opensuse.org/request/show/69943 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=39 --- wireshark-1.4.4-CVE-2011-1590.patch | 598 ++++++++++++++++++++++++++++ wireshark-1.4.4-CVE-2011-1591.patch | 18 + wireshark-1.4.4-CVE-2011-1592.patch | 92 +++++ wireshark.changes | 8 + wireshark.spec | 9 +- 5 files changed, 724 insertions(+), 1 deletion(-) create mode 100644 wireshark-1.4.4-CVE-2011-1590.patch create mode 100644 wireshark-1.4.4-CVE-2011-1591.patch create mode 100644 wireshark-1.4.4-CVE-2011-1592.patch diff --git a/wireshark-1.4.4-CVE-2011-1590.patch b/wireshark-1.4.4-CVE-2011-1590.patch new file mode 100644 index 0000000..29cf23a --- /dev/null +++ b/wireshark-1.4.4-CVE-2011-1590.patch @@ -0,0 +1,598 @@ +--- asn1/x509if/packet-x509if-template.c 2011/04/12 20:29:42 36607 ++++ asn1/x509if/packet-x509if-template.c 2011/04/12 20:39:48 36608 +@@ -37,6 +37,7 @@ + #include "packet-x509if.h" + #include "packet-x509sat.h" + #include ++#include + + #define PNAME "X.509 Information Framework" + #define PSNAME "X509IF" +@@ -51,13 +52,12 @@ + /* Initialize the subtree pointers */ + #include "packet-x509if-ett.c" + +-static const char *object_identifier_id; ++static const char *object_identifier_id = NULL; + static proto_tree *top_of_dn = NULL; + static proto_tree *top_of_rdn = NULL; + + static gboolean rdn_one_value = FALSE; /* have we seen one value in an RDN yet */ + static gboolean dn_one_rdn = FALSE; /* have we seen one RDN in a DN yet */ +-static gboolean doing_dn = TRUE; + static gboolean doing_attr = FALSE; + + #define MAX_RDN_STR_LEN 64 +@@ -72,6 +72,22 @@ + #define MAX_AVA_STR_LEN 64 + static char *last_ava = NULL; + ++static void ++x509if_frame_end(void) ++{ ++ object_identifier_id = NULL; ++ top_of_dn = NULL; ++ top_of_rdn = NULL; ++ ++ rdn_one_value = FALSE; ++ dn_one_rdn = FALSE; ++ doing_attr = FALSE; ++ ++ last_dn = NULL; ++ last_rdn = NULL; ++ last_ava = NULL; ++} ++ + #include "packet-x509if-fn.c" + + const char * x509if_get_last_dn(void) +--- asn1/x509if/x509if.cnf 2011/04/12 20:29:42 36607 ++++ asn1/x509if/x509if.cnf 2011/04/12 20:39:48 36608 +@@ -197,7 +197,7 @@ + name = oid_resolved_from_string(object_identifier_id); + if(!name) name = object_identifier_id; + +- if(doing_dn) { /* append it to the RDN */ ++ if(last_rdn) { /* append it to the RDN */ + g_strlcat(last_rdn, name, MAX_RDN_STR_LEN); + g_strlcat(last_rdn, "=", MAX_RDN_STR_LEN); + +@@ -213,6 +213,7 @@ + if((fmt = val_to_str(hf_index, fmt_vals, "")) && *fmt) { + /* we have a format */ + last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; ++ register_frame_end_routine (x509if_frame_end); + + g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s", name, fmt); + +@@ -245,7 +246,7 @@ + /* it was a string - format it */ + value = tvb_format_text(out_tvb, 0, tvb_length(out_tvb)); + +- if(doing_dn) { ++ if(last_rdn) { + g_strlcat(last_rdn, value, MAX_RDN_STR_LEN); + + /* append it to the tree*/ +@@ -255,11 +256,15 @@ + if((fmt = val_to_str(ava_hf_index, fmt_vals, "")) && *fmt) { + /* we have a format */ + +- if(!(name = oid_resolved_from_string(object_identifier_id))) +- name = object_identifier_id; +- g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value); ++ if (!last_ava) { ++ last_ava = ep_alloc(MAX_AVA_STR_LEN); ++ } ++ ++ if(!(name = oid_resolved_from_string(object_identifier_id))) ++ name = object_identifier_id; ++ g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value); + +- proto_item_append_text(tree, " %%s", last_ava); ++ proto_item_append_text(tree, " %%s", last_ava); + + } + } +@@ -330,7 +335,7 @@ + rdn_one_value = FALSE; + top_of_rdn = tree; + last_rdn = ep_alloc(MAX_DN_STR_LEN); *last_rdn = '\0'; +- doing_dn = TRUE; ++ register_frame_end_routine (x509if_frame_end); + + %(DEFAULT_BODY)s + +@@ -349,7 +354,6 @@ + } + } + +- doing_dn = FALSE; + last_rdn = NULL; /* it will get freed when the next packet is dissected */ + + #.FN_BODY RelativeDistinguishedName/_item +@@ -358,7 +362,7 @@ + top_of_rdn = tree; + } else { + +- if(doing_dn) ++ if(last_rdn) + /* this is an additional value - delimit */ + g_strlcat(last_rdn, "+", MAX_RDN_STR_LEN); + } +@@ -373,6 +377,8 @@ + dn_one_rdn = FALSE; /* reset */ + last_dn = ep_alloc(MAX_DN_STR_LEN); *last_dn = '\0'; + top_of_dn = NULL; ++ register_frame_end_routine (x509if_frame_end); ++ + + %(DEFAULT_BODY)s + +@@ -402,6 +408,7 @@ + + ava_hf_index = hf_index; + last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; ++ register_frame_end_routine (x509if_frame_end); + + %(DEFAULT_BODY)s + +@@ -409,10 +416,9 @@ + + #.FN_BODY Attribute + doing_attr = TRUE; ++ register_frame_end_routine (x509if_frame_end); + + %(DEFAULT_BODY)s +- +- doing_attr = FALSE; + #.END + + +--- epan/dissectors/packet-x509if.c 2011/04/12 20:29:42 36607 ++++ epan/dissectors/packet-x509if.c 2011/04/12 20:39:48 36608 +@@ -5,7 +5,7 @@ + + /* Input file: packet-x509if-template.c */ + +-#line 1 "packet-x509if-template.c" ++#line 1 "../../asn1/x509if/packet-x509if-template.c" + /* packet-x509if.c + * Routines for X.509 Information Framework packet dissection + * Ronnie Sahlberg 2004 +@@ -45,6 +45,7 @@ + #include "packet-x509if.h" + #include "packet-x509sat.h" + #include ++#include + + #define PNAME "X.509 Information Framework" + #define PSNAME "X509IF" +@@ -56,7 +57,7 @@ + static int hf_x509if_any_string = -1; + + /*--- Included file: packet-x509if-hf.c ---*/ +-#line 1 "packet-x509if-hf.c" ++#line 1 "../../asn1/x509if/packet-x509if-hf.c" + static int hf_x509if_DistinguishedName_PDU = -1; /* DistinguishedName */ + static int hf_x509if_SubtreeSpecification_PDU = -1; /* SubtreeSpecification */ + static int hf_x509if_HierarchyLevel_PDU = -1; /* HierarchyLevel */ +@@ -214,12 +215,12 @@ + static int hf_x509if_AllowedSubset_wholeSubtree = -1; + + /*--- End of included file: packet-x509if-hf.c ---*/ +-#line 50 "packet-x509if-template.c" ++#line 51 "../../asn1/x509if/packet-x509if-template.c" + + /* Initialize the subtree pointers */ + + /*--- Included file: packet-x509if-ett.c ---*/ +-#line 1 "packet-x509if-ett.c" ++#line 1 "../../asn1/x509if/packet-x509if-ett.c" + static gint ett_x509if_Attribute = -1; + static gint ett_x509if_T_values = -1; + static gint ett_x509if_T_valuesWithContext = -1; +@@ -295,15 +296,14 @@ + static gint ett_x509if_SET_SIZE_1_MAX_OF_DirectoryString = -1; + + /*--- End of included file: packet-x509if-ett.c ---*/ +-#line 53 "packet-x509if-template.c" ++#line 54 "../../asn1/x509if/packet-x509if-template.c" + +-static const char *object_identifier_id; ++static const char *object_identifier_id = NULL; + static proto_tree *top_of_dn = NULL; + static proto_tree *top_of_rdn = NULL; + + static gboolean rdn_one_value = FALSE; /* have we seen one value in an RDN yet */ + static gboolean dn_one_rdn = FALSE; /* have we seen one RDN in a DN yet */ +-static gboolean doing_dn = TRUE; + static gboolean doing_attr = FALSE; + + #define MAX_RDN_STR_LEN 64 +@@ -318,9 +318,25 @@ + #define MAX_AVA_STR_LEN 64 + static char *last_ava = NULL; + ++static void ++x509if_frame_end(void) ++{ ++ object_identifier_id = NULL; ++ top_of_dn = NULL; ++ top_of_rdn = NULL; ++ ++ rdn_one_value = FALSE; ++ dn_one_rdn = FALSE; ++ doing_attr = FALSE; ++ ++ last_dn = NULL; ++ last_rdn = NULL; ++ last_ava = NULL; ++} ++ + + /*--- Included file: packet-x509if-fn.c ---*/ +-#line 1 "packet-x509if-fn.c" ++#line 1 "../../asn1/x509if/packet-x509if-fn.c" + /*--- Cyclic dependencies ---*/ + + /* Refinement -> Refinement/and -> Refinement */ +@@ -349,7 +365,7 @@ + + static int + dissect_x509if_T_values_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 310 "x509if.cnf" ++#line 315 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -374,7 +390,7 @@ + + static int + dissect_x509if_T_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 280 "x509if.cnf" ++#line 285 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback("unknown", tvb, offset, actx->pinfo, tree); + + +@@ -395,7 +411,7 @@ + + static int + dissect_x509if_T_contextValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 292 "x509if.cnf" ++#line 297 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -492,15 +508,14 @@ + + int + dissect_x509if_Attribute(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 411 "x509if.cnf" ++#line 418 "../../asn1/x509if/x509if.cnf" + doing_attr = TRUE; ++ register_frame_end_routine (x509if_frame_end); + + offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, + Attribute_sequence, hf_index, ett_x509if_Attribute); + + +- doing_attr = FALSE; +- + + return offset; + } +@@ -518,7 +533,7 @@ + + int + dissect_x509if_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 298 "x509if.cnf" ++#line 303 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -539,7 +554,7 @@ + + static int + dissect_x509if_T_assertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 304 "x509if.cnf" ++#line 309 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -569,7 +584,7 @@ + + static int + dissect_x509if_T_ca_contextValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 184 "x509if.cnf" ++#line 184 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -650,10 +665,11 @@ + + int + dissect_x509if_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 402 "x509if.cnf" ++#line 408 "../../asn1/x509if/x509if.cnf" + + ava_hf_index = hf_index; + last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; ++ register_frame_end_routine (x509if_frame_end); + + offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, + AttributeValueAssertion_sequence, hf_index, ett_x509if_AttributeValueAssertion); +@@ -707,7 +723,7 @@ + + static int + dissect_x509if_T_type_02(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 190 "x509if.cnf" ++#line 190 "../../asn1/x509if/x509if.cnf" + const char *fmt; + const char *name; + +@@ -719,7 +735,7 @@ + name = oid_resolved_from_string(object_identifier_id); + if(!name) name = object_identifier_id; + +- if(doing_dn) { /* append it to the RDN */ ++ if(last_rdn) { /* append it to the RDN */ + g_strlcat(last_rdn, name, MAX_RDN_STR_LEN); + g_strlcat(last_rdn, "=", MAX_RDN_STR_LEN); + +@@ -735,6 +751,7 @@ + if((fmt = val_to_str(hf_index, fmt_vals, "")) && *fmt) { + /* we have a format */ + last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; ++ register_frame_end_routine (x509if_frame_end); + + g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s", name, fmt); + +@@ -752,7 +769,7 @@ + + static int + dissect_x509if_T_atadv_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 225 "x509if.cnf" ++#line 226 "../../asn1/x509if/x509if.cnf" + int old_offset = offset; + tvbuff_t *out_tvb; + char *value = NULL; +@@ -776,7 +793,7 @@ + /* it was a string - format it */ + value = tvb_format_text(out_tvb, 0, tvb_length(out_tvb)); + +- if(doing_dn) { ++ if(last_rdn) { + g_strlcat(last_rdn, value, MAX_RDN_STR_LEN); + + /* append it to the tree*/ +@@ -786,11 +803,15 @@ + if((fmt = val_to_str(ava_hf_index, fmt_vals, "")) && *fmt) { + /* we have a format */ + +- if(!(name = oid_resolved_from_string(object_identifier_id))) +- name = object_identifier_id; +- g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s %s", name, fmt, value); ++ if (!last_ava) { ++ last_ava = ep_alloc(MAX_AVA_STR_LEN); ++ } ++ ++ if(!(name = oid_resolved_from_string(object_identifier_id))) ++ name = object_identifier_id; ++ g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s %s", name, fmt, value); + +- proto_item_append_text(tree, " %s", last_ava); ++ proto_item_append_text(tree, " %s", last_ava); + + } + } +@@ -804,7 +825,7 @@ + + static int + dissect_x509if_T_distingAttrValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 325 "x509if.cnf" ++#line 330 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -861,13 +882,13 @@ + + static int + dissect_x509if_RelativeDistinguishedName_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 356 "x509if.cnf" ++#line 360 "../../asn1/x509if/x509if.cnf" + + if(!rdn_one_value) { + top_of_rdn = tree; + } else { + +- if(doing_dn) ++ if(last_rdn) + /* this is an additional value - delimit */ + g_strlcat(last_rdn, "+", MAX_RDN_STR_LEN); + } +@@ -889,13 +910,13 @@ + + int + dissect_x509if_RelativeDistinguishedName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 328 "x509if.cnf" ++#line 333 "../../asn1/x509if/x509if.cnf" + char *temp_dn; + + rdn_one_value = FALSE; + top_of_rdn = tree; + last_rdn = ep_alloc(MAX_DN_STR_LEN); *last_rdn = '\0'; +- doing_dn = TRUE; ++ register_frame_end_routine (x509if_frame_end); + + offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, + RelativeDistinguishedName_set_of, hf_index, ett_x509if_RelativeDistinguishedName); +@@ -916,7 +937,6 @@ + } + } + +- doing_dn = FALSE; + last_rdn = NULL; /* it will get freed when the next packet is dissected */ + + +@@ -928,7 +948,7 @@ + + static int + dissect_x509if_RDNSequence_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 391 "x509if.cnf" ++#line 397 "../../asn1/x509if/x509if.cnf" + + if(!dn_one_rdn) { + /* this is the first element - record the top */ +@@ -952,12 +972,14 @@ + + int + dissect_x509if_RDNSequence(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 371 "x509if.cnf" ++#line 375 "../../asn1/x509if/x509if.cnf" + const char *fmt; + + dn_one_rdn = FALSE; /* reset */ + last_dn = ep_alloc(MAX_DN_STR_LEN); *last_dn = '\0'; + top_of_dn = NULL; ++ register_frame_end_routine (x509if_frame_end); ++ + + offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, + RDNSequence_sequence_of, hf_index, ett_x509if_RDNSequence); +@@ -1362,7 +1384,7 @@ + + static int + dissect_x509if_T_ra_selectedValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 271 "x509if.cnf" ++#line 276 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -1396,7 +1418,7 @@ + + static int + dissect_x509if_T_ra_values_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 277 "x509if.cnf" ++#line 282 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -1458,7 +1480,7 @@ + + static int + dissect_x509if_T_contextValue_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 316 "x509if.cnf" ++#line 321 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -1559,7 +1581,7 @@ + + static int + dissect_x509if_T_restrictionValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 322 "x509if.cnf" ++#line 327 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -1680,7 +1702,7 @@ + + static int + dissect_x509if_T_selectedValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { +-#line 286 "x509if.cnf" ++#line 291 "../../asn1/x509if/x509if.cnf" + offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); + + +@@ -2080,7 +2102,7 @@ + + + /*--- End of included file: packet-x509if-fn.c ---*/ +-#line 76 "packet-x509if-template.c" ++#line 92 "../../asn1/x509if/packet-x509if-template.c" + + const char * x509if_get_last_dn(void) + { +@@ -2127,7 +2149,7 @@ + + + /*--- Included file: packet-x509if-hfarr.c ---*/ +-#line 1 "packet-x509if-hfarr.c" ++#line 1 "../../asn1/x509if/packet-x509if-hfarr.c" + { &hf_x509if_DistinguishedName_PDU, + { "DistinguishedName", "x509if.DistinguishedName", + FT_UINT32, BASE_DEC, NULL, 0, +@@ -2746,14 +2768,14 @@ + NULL, HFILL }}, + + /*--- End of included file: packet-x509if-hfarr.c ---*/ +-#line 121 "packet-x509if-template.c" ++#line 137 "../../asn1/x509if/packet-x509if-template.c" + }; + + /* List of subtrees */ + static gint *ett[] = { + + /*--- Included file: packet-x509if-ettarr.c ---*/ +-#line 1 "packet-x509if-ettarr.c" ++#line 1 "../../asn1/x509if/packet-x509if-ettarr.c" + &ett_x509if_Attribute, + &ett_x509if_T_values, + &ett_x509if_T_valuesWithContext, +@@ -2829,7 +2851,7 @@ + &ett_x509if_SET_SIZE_1_MAX_OF_DirectoryString, + + /*--- End of included file: packet-x509if-ettarr.c ---*/ +-#line 126 "packet-x509if-template.c" ++#line 142 "../../asn1/x509if/packet-x509if-template.c" + }; + + /* Register protocol */ +@@ -2850,7 +2872,7 @@ + void proto_reg_handoff_x509if(void) { + + /*--- Included file: packet-x509if-dis-tab.c ---*/ +-#line 1 "packet-x509if-dis-tab.c" ++#line 1 "../../asn1/x509if/packet-x509if-dis-tab.c" + register_ber_oid_dissector("2.5.4.1", dissect_DistinguishedName_PDU, proto_x509if, "id-at-aliasedEntryName"); + register_ber_oid_dissector("2.5.4.31", dissect_DistinguishedName_PDU, proto_x509if, "id-at-member"); + register_ber_oid_dissector("2.5.4.32", dissect_DistinguishedName_PDU, proto_x509if, "id-at-owner"); +@@ -2885,6 +2907,6 @@ + + + /*--- End of included file: packet-x509if-dis-tab.c ---*/ +-#line 145 "packet-x509if-template.c" ++#line 161 "../../asn1/x509if/packet-x509if-template.c" + } + +--- epan/dissectors/packet-x509if.h 2011/04/12 20:29:42 36607 ++++ epan/dissectors/packet-x509if.h 2011/04/12 20:39:48 36608 +@@ -5,7 +5,7 @@ + + /* Input file: packet-x509if-template.h */ + +-#line 1 "packet-x509if-template.h" ++#line 1 "../../asn1/x509if/packet-x509if-template.h" + /* packet-x509if.h + * Routines for X.509 Information Framework packet dissection + * Ronnie Sahlberg 2004 +@@ -36,7 +36,7 @@ + + + /*--- Included file: packet-x509if-exp.h ---*/ +-#line 1 "packet-x509if-exp.h" ++#line 1 "../../asn1/x509if/packet-x509if-exp.h" + extern const value_string x509if_Name_vals[]; + extern const value_string x509if_Refinement_vals[]; + extern const value_string x509if_AttributeUsage_vals[]; +@@ -83,7 +83,7 @@ + int dissect_x509if_MRSubstitution(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); + + /*--- End of included file: packet-x509if-exp.h ---*/ +-#line 30 "packet-x509if-template.h" ++#line 30 "../../asn1/x509if/packet-x509if-template.h" + + extern const char * x509if_get_last_dn(void); + + diff --git a/wireshark-1.4.4-CVE-2011-1591.patch b/wireshark-1.4.4-CVE-2011-1591.patch new file mode 100644 index 0000000..6523bd3 --- /dev/null +++ b/wireshark-1.4.4-CVE-2011-1591.patch @@ -0,0 +1,18 @@ +--- trunk-1.4/epan/dissectors/packet-dect.c 2011/04/14 16:17:09 36643 ++++ trunk-1.4/epan/dissectors/packet-dect.c 2011/04/14 17:17:08 36644 +@@ -1882,10 +1882,13 @@ + pkt_afield.RCRC=(((guint16)pkt_ptr[6])<<8)|pkt_ptr[7]; + + /* fill B-Field */ +- if(pkt_len>DECT_PACKET_INFO_LEN+2) ++ if(pkt_len>DECT_PACKET_INFO_LEN+2) { ++ if (pkt_len > 128+5+8) ++ pkt_len = 128+5+8; /* make these values into logical #defines */ + memcpy((char*)(&(pkt_bfield.Data)), (char*)(pkt_ptr+8), pkt_len-5-8); +- else ++ } else { + memset((char*)(&(pkt_bfield.Data)), 0, 128); ++ } + pkt_bfield.Length=pkt_len-DECT_PACKET_INFO_LEN-8; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "DECT"); diff --git a/wireshark-1.4.4-CVE-2011-1592.patch b/wireshark-1.4.4-CVE-2011-1592.patch new file mode 100644 index 0000000..918e632 --- /dev/null +++ b/wireshark-1.4.4-CVE-2011-1592.patch @@ -0,0 +1,92 @@ +Index: wireshark-1.4.4/epan/dissectors/packet-nfs.c +=================================================================== +--- wireshark-1.4.4.orig/epan/dissectors/packet-nfs.c ++++ wireshark-1.4.4/epan/dissectors/packet-nfs.c +@@ -7798,7 +7798,7 @@ dissect_nfs_clientaddr4(tvbuff_t *tvb, i + { + char *universal_ip_address = NULL; + char *protocol = NULL; +- guint8 b1, b2, b3, b4, b5, b6, b7, b8, b9, b10; ++ guint b1, b2, b3, b4, b5, b6, b7, b8, b9, b10; + guint16 port; + int addr_offset; + +@@ -7807,23 +7807,22 @@ dissect_nfs_clientaddr4(tvbuff_t *tvb, i + offset = dissect_rpc_string(tvb, tree, hf_nfs_r_addr, offset, &universal_ip_address); + + if(strlen(protocol) == 3 && strncmp(protocol,"tcp",3) == 0) { +- if (universal_ip_address && sscanf(universal_ip_address, "%hhu.%hhu.%hhu.%hhu.%hhu.%hhu", ++ if (universal_ip_address && sscanf(universal_ip_address, "%u.%u.%u.%u.%u.%u", + &b1, &b2, &b3, &b4, &b5, &b6) == 6) { + /* IPv4: h1.h2.h3.h4.p1.p2 */ + port = (b5<<8) | b6; +- proto_tree_add_text(tree, tvb, addr_offset, offset, ++ proto_tree_add_text(tree, tvb, addr_offset, offset, + "[callback IPv4 address %u.%u.%u.%u, protocol=%s, port=%u]", + b1, b2, b3, b4, protocol, port); +- } else if (universal_ip_address && sscanf(universal_ip_address, "%hhu.%hhu", ++ } else if (universal_ip_address && sscanf(universal_ip_address,"%u.%u", + &b1, &b2) == 2) { + /* Some clients (linux) sometimes send only the port. */ + port = (b1<<8) | b2; +- proto_tree_add_text(tree, tvb, addr_offset, offset-addr_offset, "[callback ip address NOT SPECIFIED, protocol=%s, port=%u]", +- protocol, +- port); +- } else if (universal_ip_address && sscanf(universal_ip_address, "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx.%hhu.%hhu", +- &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &b9, &b10) == 10) { +- ++ proto_tree_add_text(tree, tvb, addr_offset, offset-addr_offset, ++ "[callback ip address NOT SPECIFIED, protocol=%s, port=%u]", protocol, port); ++ } else if (universal_ip_address && sscanf(universal_ip_address, ++ "%2x:%2x:%2x:%2x:%2x:%2x:%2x:%2x.%u.%u", ++ &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &b9, &b10) == 10) { + port = (b9<<8) | b10; + proto_tree_add_text(tree, tvb, addr_offset, offset, + "[callback IPv6 address %2x:%2x:%2x:%2x:%2x:%2x:%2x:%2x, protocol=%s, port=%u]", +Index: wireshark-1.4.4/epan/dissectors/packet-ssl-utils.c +=================================================================== +--- wireshark-1.4.4.orig/epan/dissectors/packet-ssl-utils.c ++++ wireshark-1.4.4/epan/dissectors/packet-ssl-utils.c +@@ -3145,7 +3145,13 @@ ssl_parse_key_list(const gchar * keys_li + ip[2] = 0; + ip[3] = 0; + } else { +- sscanf(addr, "%hhu.%hhu.%hhu.%hhu", &ip[0], &ip[1], &ip[2], &ip[3]); ++ guint tmp0, tmp1, tmp2, tmp3; ++ ++ sscanf(addr, "%u.%u.%u.%u", &tmp0, &tmp1, &tmp2, &tmp3); ++ ip[0] = (guchar)tmp0; ++ ip[1] = (guchar)tmp1; ++ ip[2] = (guchar)tmp2; ++ ip[3] = (guchar)tmp3; + } + + if(!strcmp("start_tls", port)) { +@@ -3153,7 +3159,7 @@ ssl_parse_key_list(const gchar * keys_li + } else { + service->port = atoi(port); + } +- ssl_debug_printf("ssl_init addr '%hhu.%hhu.%hhu.%hhu' port '%d' filename '%s' password(only for p12 file) '%s'\n", ++ ssl_debug_printf("ssl_init addr '%u.%u.%u.%u' port '%d' filename '%s' password(only for p12 file) '%s'\n", + ip[0], ip[1], ip[2], ip[3], service->port, filename, cert_passwd ? cert_passwd : "(null)"); + + /* try to load pen or p12 file*/ +Index: wireshark-1.4.4/tools/checkAPIs.pl +=================================================================== +--- wireshark-1.4.4.orig/tools/checkAPIs.pl ++++ wireshark-1.4.4/tools/checkAPIs.pl +@@ -1001,6 +1001,14 @@ while ($_ = $ARGV[0]) + print STDERR "Error: Found %ll in " .$filename."\n"; + $errorCount++; + } ++ if ($fileContents =~ m{ %hh }xo) ++ { ++ # %hh is C99 and Windows doesn't like it: ++ # http://connect.microsoft.com/VisualStudio/feedback/details/416843/sscanf-cannot-not-handle-hhd-format ++ # Need to use temporary variables instead. ++ print STDERR "Error: Found %hh in " .$filename."\n"; ++ $errorCount++; ++ } + + if (! ($fileContents =~ m{ \$Id .* \$ }xo)) + { diff --git a/wireshark.changes b/wireshark.changes index 63b6b48..c062b8b 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Tue Apr 26 09:11:54 UTC 2011 - cyliu@novell.com + +- security fixes [#bnc 688109] + * CVE-2011-1590: Use of un-initialised variables + * CVE-2011-1592: Crash in NFS dissector on Windows + * CVE-2011-1591: Buffer overflow in DECT dissector + ------------------------------------------------------------------- Tue Mar 8 10:59:35 CST 2011 - cyliu@novell.com diff --git a/wireshark.spec b/wireshark.spec index d732b51..0680f57 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -38,6 +38,9 @@ Patch3: %{name}-corosync-packet-dissector.patch Patch4: %{name}-1.2.4-enable_lua.patch # PATCH-FEATURE-OPENSUSE wireshark-nfsv4-opts.patch -- add NFSv4 options Patch5: %{name}-nfsv4-opts.patch +Patch6: %{name}-%{version}-CVE-2011-1592.patch +Patch7: %{name}-%{version}-CVE-2011-1590.patch +Patch8: %{name}-%{version}-CVE-2011-1591.patch BuildRequires: bison BuildRequires: cairo-devel BuildRequires: flex @@ -100,6 +103,10 @@ view the reconstructed stream of a TCP session. %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 +%patch7 +%patch8 -p1 + sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop # run as root on 11.3 and older - bnc#349782 %if ! %{use_caps} @@ -108,7 +115,7 @@ sed -i 's!^Exec=wireshark!Exec=/usr/bin/xdg-su -c /usr/bin/wireshark!' wireshark %endif %build -%configure +%configure --without-zlib make %{?_smp_mflags} %install From 1abf33274bd863d1c46df5b78884824310eee8f434ce99919245a4ec35ee95cf Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 24 May 2011 15:53:03 +0000 Subject: [PATCH 2/2] Accepting request 71167 from home:dimstar:branches:network:utilities Update to 1.4.6 OBS-URL: https://build.opensuse.org/request/show/71167 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=40 --- wireshark-1.4.4-CVE-2011-1590.patch | 598 ---------------------------- wireshark-1.4.4-CVE-2011-1591.patch | 18 - wireshark-1.4.4-CVE-2011-1592.patch | 92 ----- wireshark-1.4.4.tar.bz2 | 3 - wireshark-1.4.6.tar.bz2 | 3 + wireshark.changes | 36 ++ wireshark.spec | 8 +- 7 files changed, 40 insertions(+), 718 deletions(-) delete mode 100644 wireshark-1.4.4-CVE-2011-1590.patch delete mode 100644 wireshark-1.4.4-CVE-2011-1591.patch delete mode 100644 wireshark-1.4.4-CVE-2011-1592.patch delete mode 100644 wireshark-1.4.4.tar.bz2 create mode 100644 wireshark-1.4.6.tar.bz2 diff --git a/wireshark-1.4.4-CVE-2011-1590.patch b/wireshark-1.4.4-CVE-2011-1590.patch deleted file mode 100644 index 29cf23a..0000000 --- a/wireshark-1.4.4-CVE-2011-1590.patch +++ /dev/null @@ -1,598 +0,0 @@ ---- asn1/x509if/packet-x509if-template.c 2011/04/12 20:29:42 36607 -+++ asn1/x509if/packet-x509if-template.c 2011/04/12 20:39:48 36608 -@@ -37,6 +37,7 @@ - #include "packet-x509if.h" - #include "packet-x509sat.h" - #include -+#include - - #define PNAME "X.509 Information Framework" - #define PSNAME "X509IF" -@@ -51,13 +52,12 @@ - /* Initialize the subtree pointers */ - #include "packet-x509if-ett.c" - --static const char *object_identifier_id; -+static const char *object_identifier_id = NULL; - static proto_tree *top_of_dn = NULL; - static proto_tree *top_of_rdn = NULL; - - static gboolean rdn_one_value = FALSE; /* have we seen one value in an RDN yet */ - static gboolean dn_one_rdn = FALSE; /* have we seen one RDN in a DN yet */ --static gboolean doing_dn = TRUE; - static gboolean doing_attr = FALSE; - - #define MAX_RDN_STR_LEN 64 -@@ -72,6 +72,22 @@ - #define MAX_AVA_STR_LEN 64 - static char *last_ava = NULL; - -+static void -+x509if_frame_end(void) -+{ -+ object_identifier_id = NULL; -+ top_of_dn = NULL; -+ top_of_rdn = NULL; -+ -+ rdn_one_value = FALSE; -+ dn_one_rdn = FALSE; -+ doing_attr = FALSE; -+ -+ last_dn = NULL; -+ last_rdn = NULL; -+ last_ava = NULL; -+} -+ - #include "packet-x509if-fn.c" - - const char * x509if_get_last_dn(void) ---- asn1/x509if/x509if.cnf 2011/04/12 20:29:42 36607 -+++ asn1/x509if/x509if.cnf 2011/04/12 20:39:48 36608 -@@ -197,7 +197,7 @@ - name = oid_resolved_from_string(object_identifier_id); - if(!name) name = object_identifier_id; - -- if(doing_dn) { /* append it to the RDN */ -+ if(last_rdn) { /* append it to the RDN */ - g_strlcat(last_rdn, name, MAX_RDN_STR_LEN); - g_strlcat(last_rdn, "=", MAX_RDN_STR_LEN); - -@@ -213,6 +213,7 @@ - if((fmt = val_to_str(hf_index, fmt_vals, "")) && *fmt) { - /* we have a format */ - last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; -+ register_frame_end_routine (x509if_frame_end); - - g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s", name, fmt); - -@@ -245,7 +246,7 @@ - /* it was a string - format it */ - value = tvb_format_text(out_tvb, 0, tvb_length(out_tvb)); - -- if(doing_dn) { -+ if(last_rdn) { - g_strlcat(last_rdn, value, MAX_RDN_STR_LEN); - - /* append it to the tree*/ -@@ -255,11 +256,15 @@ - if((fmt = val_to_str(ava_hf_index, fmt_vals, "")) && *fmt) { - /* we have a format */ - -- if(!(name = oid_resolved_from_string(object_identifier_id))) -- name = object_identifier_id; -- g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value); -+ if (!last_ava) { -+ last_ava = ep_alloc(MAX_AVA_STR_LEN); -+ } -+ -+ if(!(name = oid_resolved_from_string(object_identifier_id))) -+ name = object_identifier_id; -+ g_snprintf(last_ava, MAX_AVA_STR_LEN, "%%s %%s %%s", name, fmt, value); - -- proto_item_append_text(tree, " %%s", last_ava); -+ proto_item_append_text(tree, " %%s", last_ava); - - } - } -@@ -330,7 +335,7 @@ - rdn_one_value = FALSE; - top_of_rdn = tree; - last_rdn = ep_alloc(MAX_DN_STR_LEN); *last_rdn = '\0'; -- doing_dn = TRUE; -+ register_frame_end_routine (x509if_frame_end); - - %(DEFAULT_BODY)s - -@@ -349,7 +354,6 @@ - } - } - -- doing_dn = FALSE; - last_rdn = NULL; /* it will get freed when the next packet is dissected */ - - #.FN_BODY RelativeDistinguishedName/_item -@@ -358,7 +362,7 @@ - top_of_rdn = tree; - } else { - -- if(doing_dn) -+ if(last_rdn) - /* this is an additional value - delimit */ - g_strlcat(last_rdn, "+", MAX_RDN_STR_LEN); - } -@@ -373,6 +377,8 @@ - dn_one_rdn = FALSE; /* reset */ - last_dn = ep_alloc(MAX_DN_STR_LEN); *last_dn = '\0'; - top_of_dn = NULL; -+ register_frame_end_routine (x509if_frame_end); -+ - - %(DEFAULT_BODY)s - -@@ -402,6 +408,7 @@ - - ava_hf_index = hf_index; - last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; -+ register_frame_end_routine (x509if_frame_end); - - %(DEFAULT_BODY)s - -@@ -409,10 +416,9 @@ - - #.FN_BODY Attribute - doing_attr = TRUE; -+ register_frame_end_routine (x509if_frame_end); - - %(DEFAULT_BODY)s -- -- doing_attr = FALSE; - #.END - - ---- epan/dissectors/packet-x509if.c 2011/04/12 20:29:42 36607 -+++ epan/dissectors/packet-x509if.c 2011/04/12 20:39:48 36608 -@@ -5,7 +5,7 @@ - - /* Input file: packet-x509if-template.c */ - --#line 1 "packet-x509if-template.c" -+#line 1 "../../asn1/x509if/packet-x509if-template.c" - /* packet-x509if.c - * Routines for X.509 Information Framework packet dissection - * Ronnie Sahlberg 2004 -@@ -45,6 +45,7 @@ - #include "packet-x509if.h" - #include "packet-x509sat.h" - #include -+#include - - #define PNAME "X.509 Information Framework" - #define PSNAME "X509IF" -@@ -56,7 +57,7 @@ - static int hf_x509if_any_string = -1; - - /*--- Included file: packet-x509if-hf.c ---*/ --#line 1 "packet-x509if-hf.c" -+#line 1 "../../asn1/x509if/packet-x509if-hf.c" - static int hf_x509if_DistinguishedName_PDU = -1; /* DistinguishedName */ - static int hf_x509if_SubtreeSpecification_PDU = -1; /* SubtreeSpecification */ - static int hf_x509if_HierarchyLevel_PDU = -1; /* HierarchyLevel */ -@@ -214,12 +215,12 @@ - static int hf_x509if_AllowedSubset_wholeSubtree = -1; - - /*--- End of included file: packet-x509if-hf.c ---*/ --#line 50 "packet-x509if-template.c" -+#line 51 "../../asn1/x509if/packet-x509if-template.c" - - /* Initialize the subtree pointers */ - - /*--- Included file: packet-x509if-ett.c ---*/ --#line 1 "packet-x509if-ett.c" -+#line 1 "../../asn1/x509if/packet-x509if-ett.c" - static gint ett_x509if_Attribute = -1; - static gint ett_x509if_T_values = -1; - static gint ett_x509if_T_valuesWithContext = -1; -@@ -295,15 +296,14 @@ - static gint ett_x509if_SET_SIZE_1_MAX_OF_DirectoryString = -1; - - /*--- End of included file: packet-x509if-ett.c ---*/ --#line 53 "packet-x509if-template.c" -+#line 54 "../../asn1/x509if/packet-x509if-template.c" - --static const char *object_identifier_id; -+static const char *object_identifier_id = NULL; - static proto_tree *top_of_dn = NULL; - static proto_tree *top_of_rdn = NULL; - - static gboolean rdn_one_value = FALSE; /* have we seen one value in an RDN yet */ - static gboolean dn_one_rdn = FALSE; /* have we seen one RDN in a DN yet */ --static gboolean doing_dn = TRUE; - static gboolean doing_attr = FALSE; - - #define MAX_RDN_STR_LEN 64 -@@ -318,9 +318,25 @@ - #define MAX_AVA_STR_LEN 64 - static char *last_ava = NULL; - -+static void -+x509if_frame_end(void) -+{ -+ object_identifier_id = NULL; -+ top_of_dn = NULL; -+ top_of_rdn = NULL; -+ -+ rdn_one_value = FALSE; -+ dn_one_rdn = FALSE; -+ doing_attr = FALSE; -+ -+ last_dn = NULL; -+ last_rdn = NULL; -+ last_ava = NULL; -+} -+ - - /*--- Included file: packet-x509if-fn.c ---*/ --#line 1 "packet-x509if-fn.c" -+#line 1 "../../asn1/x509if/packet-x509if-fn.c" - /*--- Cyclic dependencies ---*/ - - /* Refinement -> Refinement/and -> Refinement */ -@@ -349,7 +365,7 @@ - - static int - dissect_x509if_T_values_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 310 "x509if.cnf" -+#line 315 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); - - -@@ -374,7 +390,7 @@ - - static int - dissect_x509if_T_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 280 "x509if.cnf" -+#line 285 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback("unknown", tvb, offset, actx->pinfo, tree); - - -@@ -395,7 +411,7 @@ - - static int - dissect_x509if_T_contextValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 292 "x509if.cnf" -+#line 297 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); - - -@@ -492,15 +508,14 @@ - - int - dissect_x509if_Attribute(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 411 "x509if.cnf" -+#line 418 "../../asn1/x509if/x509if.cnf" - doing_attr = TRUE; -+ register_frame_end_routine (x509if_frame_end); - - offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, - Attribute_sequence, hf_index, ett_x509if_Attribute); - - -- doing_attr = FALSE; -- - - return offset; - } -@@ -518,7 +533,7 @@ - - int - dissect_x509if_AttributeValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 298 "x509if.cnf" -+#line 303 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); - - -@@ -539,7 +554,7 @@ - - static int - dissect_x509if_T_assertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 304 "x509if.cnf" -+#line 309 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); - - -@@ -569,7 +584,7 @@ - - static int - dissect_x509if_T_ca_contextValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 184 "x509if.cnf" -+#line 184 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); - - -@@ -650,10 +665,11 @@ - - int - dissect_x509if_AttributeValueAssertion(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 402 "x509if.cnf" -+#line 408 "../../asn1/x509if/x509if.cnf" - - ava_hf_index = hf_index; - last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; -+ register_frame_end_routine (x509if_frame_end); - - offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset, - AttributeValueAssertion_sequence, hf_index, ett_x509if_AttributeValueAssertion); -@@ -707,7 +723,7 @@ - - static int - dissect_x509if_T_type_02(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 190 "x509if.cnf" -+#line 190 "../../asn1/x509if/x509if.cnf" - const char *fmt; - const char *name; - -@@ -719,7 +735,7 @@ - name = oid_resolved_from_string(object_identifier_id); - if(!name) name = object_identifier_id; - -- if(doing_dn) { /* append it to the RDN */ -+ if(last_rdn) { /* append it to the RDN */ - g_strlcat(last_rdn, name, MAX_RDN_STR_LEN); - g_strlcat(last_rdn, "=", MAX_RDN_STR_LEN); - -@@ -735,6 +751,7 @@ - if((fmt = val_to_str(hf_index, fmt_vals, "")) && *fmt) { - /* we have a format */ - last_ava = ep_alloc(MAX_AVA_STR_LEN); *last_ava = '\0'; -+ register_frame_end_routine (x509if_frame_end); - - g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s", name, fmt); - -@@ -752,7 +769,7 @@ - - static int - dissect_x509if_T_atadv_value(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 225 "x509if.cnf" -+#line 226 "../../asn1/x509if/x509if.cnf" - int old_offset = offset; - tvbuff_t *out_tvb; - char *value = NULL; -@@ -776,7 +793,7 @@ - /* it was a string - format it */ - value = tvb_format_text(out_tvb, 0, tvb_length(out_tvb)); - -- if(doing_dn) { -+ if(last_rdn) { - g_strlcat(last_rdn, value, MAX_RDN_STR_LEN); - - /* append it to the tree*/ -@@ -786,11 +803,15 @@ - if((fmt = val_to_str(ava_hf_index, fmt_vals, "")) && *fmt) { - /* we have a format */ - -- if(!(name = oid_resolved_from_string(object_identifier_id))) -- name = object_identifier_id; -- g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s %s", name, fmt, value); -+ if (!last_ava) { -+ last_ava = ep_alloc(MAX_AVA_STR_LEN); -+ } -+ -+ if(!(name = oid_resolved_from_string(object_identifier_id))) -+ name = object_identifier_id; -+ g_snprintf(last_ava, MAX_AVA_STR_LEN, "%s %s %s", name, fmt, value); - -- proto_item_append_text(tree, " %s", last_ava); -+ proto_item_append_text(tree, " %s", last_ava); - - } - } -@@ -804,7 +825,7 @@ - - static int - dissect_x509if_T_distingAttrValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 325 "x509if.cnf" -+#line 330 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); - - -@@ -861,13 +882,13 @@ - - static int - dissect_x509if_RelativeDistinguishedName_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 356 "x509if.cnf" -+#line 360 "../../asn1/x509if/x509if.cnf" - - if(!rdn_one_value) { - top_of_rdn = tree; - } else { - -- if(doing_dn) -+ if(last_rdn) - /* this is an additional value - delimit */ - g_strlcat(last_rdn, "+", MAX_RDN_STR_LEN); - } -@@ -889,13 +910,13 @@ - - int - dissect_x509if_RelativeDistinguishedName(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 328 "x509if.cnf" -+#line 333 "../../asn1/x509if/x509if.cnf" - char *temp_dn; - - rdn_one_value = FALSE; - top_of_rdn = tree; - last_rdn = ep_alloc(MAX_DN_STR_LEN); *last_rdn = '\0'; -- doing_dn = TRUE; -+ register_frame_end_routine (x509if_frame_end); - - offset = dissect_ber_set_of(implicit_tag, actx, tree, tvb, offset, - RelativeDistinguishedName_set_of, hf_index, ett_x509if_RelativeDistinguishedName); -@@ -916,7 +937,6 @@ - } - } - -- doing_dn = FALSE; - last_rdn = NULL; /* it will get freed when the next packet is dissected */ - - -@@ -928,7 +948,7 @@ - - static int - dissect_x509if_RDNSequence_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 391 "x509if.cnf" -+#line 397 "../../asn1/x509if/x509if.cnf" - - if(!dn_one_rdn) { - /* this is the first element - record the top */ -@@ -952,12 +972,14 @@ - - int - dissect_x509if_RDNSequence(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 371 "x509if.cnf" -+#line 375 "../../asn1/x509if/x509if.cnf" - const char *fmt; - - dn_one_rdn = FALSE; /* reset */ - last_dn = ep_alloc(MAX_DN_STR_LEN); *last_dn = '\0'; - top_of_dn = NULL; -+ register_frame_end_routine (x509if_frame_end); -+ - - offset = dissect_ber_sequence_of(implicit_tag, actx, tree, tvb, offset, - RDNSequence_sequence_of, hf_index, ett_x509if_RDNSequence); -@@ -1362,7 +1384,7 @@ - - static int - dissect_x509if_T_ra_selectedValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 271 "x509if.cnf" -+#line 276 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); - - -@@ -1396,7 +1418,7 @@ - - static int - dissect_x509if_T_ra_values_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 277 "x509if.cnf" -+#line 282 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); - - -@@ -1458,7 +1480,7 @@ - - static int - dissect_x509if_T_contextValue_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 316 "x509if.cnf" -+#line 321 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); - - -@@ -1559,7 +1581,7 @@ - - static int - dissect_x509if_T_restrictionValue(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 322 "x509if.cnf" -+#line 327 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); - - -@@ -1680,7 +1702,7 @@ - - static int - dissect_x509if_T_selectedValues_item(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) { --#line 286 "x509if.cnf" -+#line 291 "../../asn1/x509if/x509if.cnf" - offset=call_ber_oid_callback(object_identifier_id, tvb, offset, actx->pinfo, tree); - - -@@ -2080,7 +2102,7 @@ - - - /*--- End of included file: packet-x509if-fn.c ---*/ --#line 76 "packet-x509if-template.c" -+#line 92 "../../asn1/x509if/packet-x509if-template.c" - - const char * x509if_get_last_dn(void) - { -@@ -2127,7 +2149,7 @@ - - - /*--- Included file: packet-x509if-hfarr.c ---*/ --#line 1 "packet-x509if-hfarr.c" -+#line 1 "../../asn1/x509if/packet-x509if-hfarr.c" - { &hf_x509if_DistinguishedName_PDU, - { "DistinguishedName", "x509if.DistinguishedName", - FT_UINT32, BASE_DEC, NULL, 0, -@@ -2746,14 +2768,14 @@ - NULL, HFILL }}, - - /*--- End of included file: packet-x509if-hfarr.c ---*/ --#line 121 "packet-x509if-template.c" -+#line 137 "../../asn1/x509if/packet-x509if-template.c" - }; - - /* List of subtrees */ - static gint *ett[] = { - - /*--- Included file: packet-x509if-ettarr.c ---*/ --#line 1 "packet-x509if-ettarr.c" -+#line 1 "../../asn1/x509if/packet-x509if-ettarr.c" - &ett_x509if_Attribute, - &ett_x509if_T_values, - &ett_x509if_T_valuesWithContext, -@@ -2829,7 +2851,7 @@ - &ett_x509if_SET_SIZE_1_MAX_OF_DirectoryString, - - /*--- End of included file: packet-x509if-ettarr.c ---*/ --#line 126 "packet-x509if-template.c" -+#line 142 "../../asn1/x509if/packet-x509if-template.c" - }; - - /* Register protocol */ -@@ -2850,7 +2872,7 @@ - void proto_reg_handoff_x509if(void) { - - /*--- Included file: packet-x509if-dis-tab.c ---*/ --#line 1 "packet-x509if-dis-tab.c" -+#line 1 "../../asn1/x509if/packet-x509if-dis-tab.c" - register_ber_oid_dissector("2.5.4.1", dissect_DistinguishedName_PDU, proto_x509if, "id-at-aliasedEntryName"); - register_ber_oid_dissector("2.5.4.31", dissect_DistinguishedName_PDU, proto_x509if, "id-at-member"); - register_ber_oid_dissector("2.5.4.32", dissect_DistinguishedName_PDU, proto_x509if, "id-at-owner"); -@@ -2885,6 +2907,6 @@ - - - /*--- End of included file: packet-x509if-dis-tab.c ---*/ --#line 145 "packet-x509if-template.c" -+#line 161 "../../asn1/x509if/packet-x509if-template.c" - } - ---- epan/dissectors/packet-x509if.h 2011/04/12 20:29:42 36607 -+++ epan/dissectors/packet-x509if.h 2011/04/12 20:39:48 36608 -@@ -5,7 +5,7 @@ - - /* Input file: packet-x509if-template.h */ - --#line 1 "packet-x509if-template.h" -+#line 1 "../../asn1/x509if/packet-x509if-template.h" - /* packet-x509if.h - * Routines for X.509 Information Framework packet dissection - * Ronnie Sahlberg 2004 -@@ -36,7 +36,7 @@ - - - /*--- Included file: packet-x509if-exp.h ---*/ --#line 1 "packet-x509if-exp.h" -+#line 1 "../../asn1/x509if/packet-x509if-exp.h" - extern const value_string x509if_Name_vals[]; - extern const value_string x509if_Refinement_vals[]; - extern const value_string x509if_AttributeUsage_vals[]; -@@ -83,7 +83,7 @@ - int dissect_x509if_MRSubstitution(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_); - - /*--- End of included file: packet-x509if-exp.h ---*/ --#line 30 "packet-x509if-template.h" -+#line 30 "../../asn1/x509if/packet-x509if-template.h" - - extern const char * x509if_get_last_dn(void); - - diff --git a/wireshark-1.4.4-CVE-2011-1591.patch b/wireshark-1.4.4-CVE-2011-1591.patch deleted file mode 100644 index 6523bd3..0000000 --- a/wireshark-1.4.4-CVE-2011-1591.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- trunk-1.4/epan/dissectors/packet-dect.c 2011/04/14 16:17:09 36643 -+++ trunk-1.4/epan/dissectors/packet-dect.c 2011/04/14 17:17:08 36644 -@@ -1882,10 +1882,13 @@ - pkt_afield.RCRC=(((guint16)pkt_ptr[6])<<8)|pkt_ptr[7]; - - /* fill B-Field */ -- if(pkt_len>DECT_PACKET_INFO_LEN+2) -+ if(pkt_len>DECT_PACKET_INFO_LEN+2) { -+ if (pkt_len > 128+5+8) -+ pkt_len = 128+5+8; /* make these values into logical #defines */ - memcpy((char*)(&(pkt_bfield.Data)), (char*)(pkt_ptr+8), pkt_len-5-8); -- else -+ } else { - memset((char*)(&(pkt_bfield.Data)), 0, 128); -+ } - pkt_bfield.Length=pkt_len-DECT_PACKET_INFO_LEN-8; - - col_set_str(pinfo->cinfo, COL_PROTOCOL, "DECT"); diff --git a/wireshark-1.4.4-CVE-2011-1592.patch b/wireshark-1.4.4-CVE-2011-1592.patch deleted file mode 100644 index 918e632..0000000 --- a/wireshark-1.4.4-CVE-2011-1592.patch +++ /dev/null @@ -1,92 +0,0 @@ -Index: wireshark-1.4.4/epan/dissectors/packet-nfs.c -=================================================================== ---- wireshark-1.4.4.orig/epan/dissectors/packet-nfs.c -+++ wireshark-1.4.4/epan/dissectors/packet-nfs.c -@@ -7798,7 +7798,7 @@ dissect_nfs_clientaddr4(tvbuff_t *tvb, i - { - char *universal_ip_address = NULL; - char *protocol = NULL; -- guint8 b1, b2, b3, b4, b5, b6, b7, b8, b9, b10; -+ guint b1, b2, b3, b4, b5, b6, b7, b8, b9, b10; - guint16 port; - int addr_offset; - -@@ -7807,23 +7807,22 @@ dissect_nfs_clientaddr4(tvbuff_t *tvb, i - offset = dissect_rpc_string(tvb, tree, hf_nfs_r_addr, offset, &universal_ip_address); - - if(strlen(protocol) == 3 && strncmp(protocol,"tcp",3) == 0) { -- if (universal_ip_address && sscanf(universal_ip_address, "%hhu.%hhu.%hhu.%hhu.%hhu.%hhu", -+ if (universal_ip_address && sscanf(universal_ip_address, "%u.%u.%u.%u.%u.%u", - &b1, &b2, &b3, &b4, &b5, &b6) == 6) { - /* IPv4: h1.h2.h3.h4.p1.p2 */ - port = (b5<<8) | b6; -- proto_tree_add_text(tree, tvb, addr_offset, offset, -+ proto_tree_add_text(tree, tvb, addr_offset, offset, - "[callback IPv4 address %u.%u.%u.%u, protocol=%s, port=%u]", - b1, b2, b3, b4, protocol, port); -- } else if (universal_ip_address && sscanf(universal_ip_address, "%hhu.%hhu", -+ } else if (universal_ip_address && sscanf(universal_ip_address,"%u.%u", - &b1, &b2) == 2) { - /* Some clients (linux) sometimes send only the port. */ - port = (b1<<8) | b2; -- proto_tree_add_text(tree, tvb, addr_offset, offset-addr_offset, "[callback ip address NOT SPECIFIED, protocol=%s, port=%u]", -- protocol, -- port); -- } else if (universal_ip_address && sscanf(universal_ip_address, "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx.%hhu.%hhu", -- &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &b9, &b10) == 10) { -- -+ proto_tree_add_text(tree, tvb, addr_offset, offset-addr_offset, -+ "[callback ip address NOT SPECIFIED, protocol=%s, port=%u]", protocol, port); -+ } else if (universal_ip_address && sscanf(universal_ip_address, -+ "%2x:%2x:%2x:%2x:%2x:%2x:%2x:%2x.%u.%u", -+ &b1, &b2, &b3, &b4, &b5, &b6, &b7, &b8, &b9, &b10) == 10) { - port = (b9<<8) | b10; - proto_tree_add_text(tree, tvb, addr_offset, offset, - "[callback IPv6 address %2x:%2x:%2x:%2x:%2x:%2x:%2x:%2x, protocol=%s, port=%u]", -Index: wireshark-1.4.4/epan/dissectors/packet-ssl-utils.c -=================================================================== ---- wireshark-1.4.4.orig/epan/dissectors/packet-ssl-utils.c -+++ wireshark-1.4.4/epan/dissectors/packet-ssl-utils.c -@@ -3145,7 +3145,13 @@ ssl_parse_key_list(const gchar * keys_li - ip[2] = 0; - ip[3] = 0; - } else { -- sscanf(addr, "%hhu.%hhu.%hhu.%hhu", &ip[0], &ip[1], &ip[2], &ip[3]); -+ guint tmp0, tmp1, tmp2, tmp3; -+ -+ sscanf(addr, "%u.%u.%u.%u", &tmp0, &tmp1, &tmp2, &tmp3); -+ ip[0] = (guchar)tmp0; -+ ip[1] = (guchar)tmp1; -+ ip[2] = (guchar)tmp2; -+ ip[3] = (guchar)tmp3; - } - - if(!strcmp("start_tls", port)) { -@@ -3153,7 +3159,7 @@ ssl_parse_key_list(const gchar * keys_li - } else { - service->port = atoi(port); - } -- ssl_debug_printf("ssl_init addr '%hhu.%hhu.%hhu.%hhu' port '%d' filename '%s' password(only for p12 file) '%s'\n", -+ ssl_debug_printf("ssl_init addr '%u.%u.%u.%u' port '%d' filename '%s' password(only for p12 file) '%s'\n", - ip[0], ip[1], ip[2], ip[3], service->port, filename, cert_passwd ? cert_passwd : "(null)"); - - /* try to load pen or p12 file*/ -Index: wireshark-1.4.4/tools/checkAPIs.pl -=================================================================== ---- wireshark-1.4.4.orig/tools/checkAPIs.pl -+++ wireshark-1.4.4/tools/checkAPIs.pl -@@ -1001,6 +1001,14 @@ while ($_ = $ARGV[0]) - print STDERR "Error: Found %ll in " .$filename."\n"; - $errorCount++; - } -+ if ($fileContents =~ m{ %hh }xo) -+ { -+ # %hh is C99 and Windows doesn't like it: -+ # http://connect.microsoft.com/VisualStudio/feedback/details/416843/sscanf-cannot-not-handle-hhd-format -+ # Need to use temporary variables instead. -+ print STDERR "Error: Found %hh in " .$filename."\n"; -+ $errorCount++; -+ } - - if (! ($fileContents =~ m{ \$Id .* \$ }xo)) - { diff --git a/wireshark-1.4.4.tar.bz2 b/wireshark-1.4.4.tar.bz2 deleted file mode 100644 index 868c284..0000000 --- a/wireshark-1.4.4.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6033e627c40ac4eec7e95c03728b497ee2bc5851af8c9e58bb89b7496717dc0d -size 20479081 diff --git a/wireshark-1.4.6.tar.bz2 b/wireshark-1.4.6.tar.bz2 new file mode 100644 index 0000000..7024dbb --- /dev/null +++ b/wireshark-1.4.6.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f923f1e923dcb479b7fdb9bc6d4ce4c27ae8ac1f0148f2820bece476872df1d7 +size 20496268 diff --git a/wireshark.changes b/wireshark.changes index c062b8b..334217b 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Tue May 24 16:40:30 CEST 2011 - dimstar@opensuse.org + +- Update to version 1.4.6: + + Wireshark and TShark can crash while analyzing TCP packets. + + Updated protocol support: TCP +- Changes from version 1.4.5: + + Security Fixes: + - The NFS dissector could crash on Windows. + - The X.509if dissector could crash + + bugs fixed: + - Cygwin make fails after updating to bash v 4.1.9.2 + - Export HTTP > All - System Appears Hung (but isn't). + - Some HTTP responses don't decode with TCP reassembly on. + - Wireshark crashes when cancelling a large sort operation. + - Wireshark crashes if SSL preferences RSA key is actually a + DSA key. + - tshark incorrectly calculates TCP stream for some syn packets + - Wireshark not able to decode the PPP frame in a sflow + (RFC3176) flow sample packet because Wireshark incorrectly + read the protocol in PPP frame header. (Bug 5746) + - Mysql protocol dissector: all fields should be little endian. + - Error when opening snoop from Juniper SSG-140. + - svnversion: command not found. + - Value of TCP segment data cannot be copied. + - proto_field_is_referenced() is not exported in + libwireshark.dll + - Wireshark ver. 1.4.4 not displayed "Granted QoS" field in a + A11 packet. + + Updated protocol support: + HTTP, LDAP, MySQL, NFS, sFlow, SSL, TCP +- Drop patches (fixed upstream): + + wireshark-1.4.4-CVE-2011-1590.patch + + wireshark-1.4.4-CVE-2011-1591.patch + + wireshark-1.4.4-CVE-2011-1592.patch + ------------------------------------------------------------------- Tue Apr 26 09:11:54 UTC 2011 - cyliu@novell.com diff --git a/wireshark.spec b/wireshark.spec index 0680f57..1c9d4f0 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -20,7 +20,7 @@ %define use_caps 0 Name: wireshark -Version: 1.4.4 +Version: 1.4.6 Release: 1 License: GPLv2+ Summary: A Network Traffic Analyser @@ -38,9 +38,6 @@ Patch3: %{name}-corosync-packet-dissector.patch Patch4: %{name}-1.2.4-enable_lua.patch # PATCH-FEATURE-OPENSUSE wireshark-nfsv4-opts.patch -- add NFSv4 options Patch5: %{name}-nfsv4-opts.patch -Patch6: %{name}-%{version}-CVE-2011-1592.patch -Patch7: %{name}-%{version}-CVE-2011-1590.patch -Patch8: %{name}-%{version}-CVE-2011-1591.patch BuildRequires: bison BuildRequires: cairo-devel BuildRequires: flex @@ -103,9 +100,6 @@ view the reconstructed stream of a TCP session. %patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 -%patch7 -%patch8 -p1 sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop # run as root on 11.3 and older - bnc#349782