From 69de01cf37c2f2c6dbf14c5a4412bbfa74d4994a54ea97469eb0622b64241270 Mon Sep 17 00:00:00 2001 From: OBS User mrdocs Date: Fri, 4 Nov 2011 22:54:00 +0000 Subject: [PATCH] Accepting request 90132 from home:tabraham1:net update to 1.6.3 OBS-URL: https://build.opensuse.org/request/show/90132 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=46 --- wireshark-1.2.0-disable-warning-dialog.patch | 23 +- wireshark-1.2.0-geoip.patch | 8 +- wireshark-1.2.17-CVE-2011-1957.patch | 24 -- wireshark-1.2.17-CVE-2011-1958.patch | 29 -- wireshark-1.2.17-CVE-2011-1959.patch | 19 - wireshark-1.2.17-CVE-2011-2174.patch | 13 - wireshark-1.2.17-CVE-2011-2175.patch | 18 - wireshark-1.2.4-enable_lua.patch | 6 +- wireshark-1.4.6.tar.bz2 | 3 - wireshark-1.4.8-CVE-2011-2597.patch | 120 ------ wireshark-1.4.8-CVE-2011-2698.patch | 15 - wireshark-1.6.2-CVE-2011-3266.patch | 19 - wireshark-1.6.2-CVE-2011-3360.patch | 10 - wireshark-1.6.2-CVE-2011-3483.patch | 12 - wireshark-1.6.3.tar.bz2 | 3 + wireshark-nfsv4-opts.patch | 65 --- wireshark.changes | 412 +++++++++++++++++++ wireshark.spec | 33 +- 18 files changed, 435 insertions(+), 397 deletions(-) delete mode 100644 wireshark-1.2.17-CVE-2011-1957.patch delete mode 100644 wireshark-1.2.17-CVE-2011-1958.patch delete mode 100644 wireshark-1.2.17-CVE-2011-1959.patch delete mode 100644 wireshark-1.2.17-CVE-2011-2174.patch delete mode 100644 wireshark-1.2.17-CVE-2011-2175.patch delete mode 100644 wireshark-1.4.6.tar.bz2 delete mode 100644 wireshark-1.4.8-CVE-2011-2597.patch delete mode 100644 wireshark-1.4.8-CVE-2011-2698.patch delete mode 100644 wireshark-1.6.2-CVE-2011-3266.patch delete mode 100644 wireshark-1.6.2-CVE-2011-3360.patch delete mode 100644 wireshark-1.6.2-CVE-2011-3483.patch create mode 100644 wireshark-1.6.3.tar.bz2 delete mode 100644 wireshark-nfsv4-opts.patch diff --git a/wireshark-1.2.0-disable-warning-dialog.patch b/wireshark-1.2.0-disable-warning-dialog.patch index eb221f0..4768242 100644 --- a/wireshark-1.2.0-disable-warning-dialog.patch +++ b/wireshark-1.2.0-disable-warning-dialog.patch @@ -1,24 +1,20 @@ -Index: gtk/main.c -=================================================================== ---- gtk/main.c.orig -+++ gtk/main.c -@@ -1421,13 +1421,13 @@ set_display_filename(capture_file *cf) - } +--- gtk/main.c.orig 2011-11-03 03:42:21.018970202 -0400 ++++ gtk/main.c 2011-11-03 03:45:09.134971896 -0400 +@@ -1382,11 +1382,13 @@ + + static GtkWidget *close_dlg = NULL; - GtkWidget *close_dlg = NULL; -- +/* static void priv_warning_dialog_cb(gpointer dialog, gint btn _U_, gpointer data _U_) { recent.privs_warn_if_elevated = !simple_dialog_check_get(dialog); } -- +*/ + #ifdef _WIN32 static void - npf_warning_dialog_cb(gpointer dialog, gint btn _U_, gpointer data _U_) -@@ -1997,9 +1997,10 @@ check_and_warn_user_startup(gchar *cf_na +@@ -1967,9 +1969,10 @@ #endif { gchar *cur_user, *cur_group; @@ -30,12 +26,11 @@ Index: gtk/main.c if (running_with_special_privs() && recent.privs_warn_if_elevated) { cur_user = get_cur_username(); cur_group = get_cur_groupname(); -@@ -2011,7 +2012,7 @@ check_and_warn_user_startup(gchar *cf_na +@@ -1981,6 +1984,7 @@ simple_dialog_check_set(priv_warning_dialog, "Don't show this message again."); simple_dialog_set_cb(priv_warning_dialog, priv_warning_dialog_cb, NULL); } -- +*/ + #ifdef _WIN32 /* Warn the user if npf.sys isn't loaded. */ - if (!stdin_capture && !cf_name && !npf_sys_is_running() && recent.privs_warn_if_no_npf && get_os_major_version() >= 6) { diff --git a/wireshark-1.2.0-geoip.patch b/wireshark-1.2.0-geoip.patch index fc6e233..4293d65 100644 --- a/wireshark-1.2.0-geoip.patch +++ b/wireshark-1.2.0-geoip.patch @@ -1,8 +1,6 @@ -Index: epan/geoip_db.c -=================================================================== ---- epan/geoip_db.c.orig -+++ epan/geoip_db.c -@@ -161,6 +161,9 @@ geoip_db_init(void) { +--- epan/geoip_db.c.orig 2011-11-03 03:52:16.118977107 -0400 ++++ epan/geoip_db.c 2011-11-03 03:56:23.711016549 -0400 +@@ -165,6 +165,9 @@ geoip_dat_scan_dir(geoip_db_paths[i].path); } } diff --git a/wireshark-1.2.17-CVE-2011-1957.patch b/wireshark-1.2.17-CVE-2011-1957.patch deleted file mode 100644 index 37ef2bf..0000000 --- a/wireshark-1.2.17-CVE-2011-1957.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- trunk/epan/dissectors/packet-dcm.c 2011/04/30 08:36:00 36957 -+++ trunk/epan/dissectors/packet-dcm.c 2011/04/30 17:43:05 36958 -@@ -6519,6 +6519,7 @@ - - /* Process all PDUs in the buffer */ - while (pdu_start < tlen) { -+ guint32 old_pdu_start; - - if ((pdu_len+6) > (tlen-offset)) { - -@@ -6539,7 +6540,13 @@ - offset=dissect_dcm_pdu(tvb, pinfo, tree, pdu_start); - - /* Next PDU */ -+ old_pdu_start = pdu_start; - pdu_start = pdu_start + pdu_len + 6; -+ if (pdu_start <= old_pdu_start) { -+ expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_ERROR, -+ "Invalid PDU length (%u)", pdu_len); -+ THROW(ReportedBoundsError); -+ } - - if (pdu_start < tlen - 6) { - /* we got at least 6 bytes of the next PDU still in the buffer */ diff --git a/wireshark-1.2.17-CVE-2011-1958.patch b/wireshark-1.2.17-CVE-2011-1958.patch deleted file mode 100644 index ed7a6af..0000000 --- a/wireshark-1.2.17-CVE-2011-1958.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- trunk/epan/diam_dict.l 2011/05/06 15:05:51 37010 -+++ trunk/epan/diam_dict.l 2011/05/06 19:39:47 37011 -@@ -269,9 +269,6 @@ - yyterminate(); - } - -- include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER; -- -- - for (e = ents.next; e; e = e->next) { - if (strcmp(e->name,yytext) == 0) { - yyin = ddict_open(sys_dir,e->file); -@@ -282,6 +279,7 @@ - yyterminate(); - } - } else { -+ include_stack[include_stack_ptr++] = YY_CURRENT_BUFFER; - yy_switch_to_buffer(yy_create_buffer( yyin, YY_BUF_SIZE ) ); - BEGIN LOADING; - } -@@ -290,7 +288,7 @@ - } - - if (!e) { -- fprintf(stderr, "Could not find entity: '%s'", e->name ); -+ fprintf(stderr, "Could not find entity: '%s'\n", yytext ); - yyterminate(); - } - diff --git a/wireshark-1.2.17-CVE-2011-1959.patch b/wireshark-1.2.17-CVE-2011-1959.patch deleted file mode 100644 index e5892cd..0000000 --- a/wireshark-1.2.17-CVE-2011-1959.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- trunk/wiretap/snoop.c 2011/05/11 20:40:14 37067 -+++ trunk/wiretap/snoop.c 2011/05/11 22:36:59 37068 -@@ -473,6 +473,16 @@ - rec_size = g_ntohl(hdr.rec_len); - orig_size = g_ntohl(hdr.orig_len); - packet_size = g_ntohl(hdr.incl_len); -+ if (orig_size > WTAP_MAX_PACKET_SIZE) { -+ /* -+ * Probably a corrupt capture file; don't blow up trying -+ * to allocate space for an immensely-large packet. -+ */ -+ *err = WTAP_ERR_BAD_RECORD; -+ *err_info = g_strdup_printf("snoop: File has %u-byte original length, bigger than maximum of %u", -+ orig_size, WTAP_MAX_PACKET_SIZE); -+ return FALSE; -+ } - if (packet_size > WTAP_MAX_PACKET_SIZE) { - /* - * Probably a corrupt capture file; don't blow up trying diff --git a/wireshark-1.2.17-CVE-2011-2174.patch b/wireshark-1.2.17-CVE-2011-2174.patch deleted file mode 100644 index c9d7c6c..0000000 --- a/wireshark-1.2.17-CVE-2011-2174.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- trunk/epan/tvbuff.c 2011/05/12 15:48:51 37080 -+++ trunk/epan/tvbuff.c 2011/05/12 16:31:42 37081 -@@ -3425,9 +3425,9 @@ - inflateEnd(strm); - g_free(strm); - g_free(strmbuf); -- g_free(compr); - - if (uncompr == NULL) { -+ g_free(compr); - return NULL; - } - diff --git a/wireshark-1.2.17-CVE-2011-2175.patch b/wireshark-1.2.17-CVE-2011-2175.patch deleted file mode 100644 index c523e38..0000000 --- a/wireshark-1.2.17-CVE-2011-2175.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- trunk/wiretap/visual.c 2011/05/13 17:05:05 37127 -+++ trunk/wiretap/visual.c 2011/05/13 17:12:44 37128 -@@ -420,6 +420,15 @@ - break; - } - -+ if (wth->phdr.len > WTAP_MAX_PACKET_SIZE) { -+ /* Check if wth->phdr.len is sane, small values of wth.phdr.len before -+ the case loop above can cause integer underflows */ -+ *err = WTAP_ERR_BAD_RECORD; -+ *err_info = g_strdup_printf("visual: File has %u-byte original packet, bigger than maximum of %u", -+ wth->phdr.len, WTAP_MAX_PACKET_SIZE); -+ return FALSE; -+ } -+ - /* Sanity check */ - if (wth->phdr.len < wth->phdr.caplen) - { diff --git a/wireshark-1.2.4-enable_lua.patch b/wireshark-1.2.4-enable_lua.patch index 5f7bbe3..b438830 100644 --- a/wireshark-1.2.4-enable_lua.patch +++ b/wireshark-1.2.4-enable_lua.patch @@ -1,7 +1,7 @@ -Index: wireshark-1.4.3/epan/wslua/template-init.lua +Index: epan/wslua/template-init.lua =================================================================== ---- wireshark-1.4.3.orig/epan/wslua/template-init.lua -+++ wireshark-1.4.3/epan/wslua/template-init.lua +--- epan/wslua/template-init.lua ++++ epan/wslua/template-init.lua @@ -42,7 +42,7 @@ if running_superuser then local disabled_lib = {} setmetatable(disabled_lib,{ __index = function() error("this package has been disabled") end } ); diff --git a/wireshark-1.4.6.tar.bz2 b/wireshark-1.4.6.tar.bz2 deleted file mode 100644 index 7024dbb..0000000 --- a/wireshark-1.4.6.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f923f1e923dcb479b7fdb9bc6d4ce4c27ae8ac1f0148f2820bece476872df1d7 -size 20496268 diff --git a/wireshark-1.4.8-CVE-2011-2597.patch b/wireshark-1.4.8-CVE-2011-2597.patch deleted file mode 100644 index a3e69f9..0000000 --- a/wireshark-1.4.8-CVE-2011-2597.patch +++ /dev/null @@ -1,120 +0,0 @@ ---- trunk/wiretap/ascend_scanner.l 2011/06/08 18:26:50 37624 -+++ trunk/wiretap/ascend_scanner.l 2011/06/08 20:58:44 37625 -@@ -16,17 +16,17 @@ - * - * Wiretap Library - * Copyright (c) 1998 by Gilbert Ramirez -- * -+ * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License - * as published by the Free Software Foundation; either version 2 - * of the License, or (at your option) any later version. -- * -+ * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. -- * -+ * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -@@ -55,7 +55,7 @@ - extern char *ascend_ra_ptr; - extern char *ascend_ra_last; - #define YY_INPUT(buf,result,max_size) { int c = file_getc(yy_fh); \ --result = (c==EOF) ? YY_NULL : (buf[0] = c, 1); } -+result = (c==EOF) ? YY_NULL : (buf[0] = c, 1); } - - int at_eof; - int mul, scratch; -@@ -159,17 +159,17 @@ - return WDS_PREFIX; - } - --[^\(]+ { -+[^\(]{2,20} { - BEGIN(sc_gen_task); -- return STRING; -+ return STRING; - } - --[^\/\(:]+ { -+[^\/\(:]{2,20} { - BEGIN(sc_gen_task); - return DECNUM; - } - --[^:]+ { -+[^:]{2,20} { - char *atcopy = g_strdup(ascendtext); - char colon = input(); - char after = input(); -@@ -200,7 +200,7 @@ - return DECNUM; - } - --(0x|0X)?{H}+ { -+(0x|0X)?{H}{2,8} { - BEGIN(sc_gen_time_s); - ascendlval.d = strtoul(ascendtext, NULL, 16); - return HEXNUM; -@@ -210,13 +210,13 @@ - return STRING; - } - --{D}+ { -+{D}{1,10} { - BEGIN(sc_gen_time_u); - ascendlval.d = strtol(ascendtext, NULL, 10); - return DECNUM; - } - --{D}+ { -+{D}{1,6} { - char *atcopy = g_strdup(ascendtext); - BEGIN(sc_gen_octets); - /* only want the most significant 2 digits. convert to usecs */ -@@ -227,7 +227,7 @@ - return DECNUM; - } - --{D}+ { -+{D}{1,10} { - BEGIN(sc_gen_counter); - ascendlval.d = strtol(ascendtext, NULL, 10); - return DECNUM; -@@ -243,11 +243,11 @@ - return HEXBYTE; - } - --" "{4} { -+" "{4} { - BEGIN(sc_chardisp); - } - --.* { -+.* { - BEGIN(sc_gen_byte); - } - -@@ -315,7 +315,7 @@ - return WDD_CHUNK; - } - --{H}+ { -+{H}{1,8} { - BEGIN(sc_wdd_type); - ascendlval.d = strtoul(ascendtext, NULL, 16); - return HEXNUM; -@@ -349,7 +349,7 @@ - - /* - * We want to stop processing when we get to the end of the input. -- * (%option noyywrap is not used because if used then -+ * (%option noyywrap is not used because if used then - * some flex versions (eg: 2.5.35) generate code which causes - * warnings by the Windows VC compiler). - */ diff --git a/wireshark-1.4.8-CVE-2011-2698.patch b/wireshark-1.4.8-CVE-2011-2698.patch deleted file mode 100644 index 44f4627..0000000 --- a/wireshark-1.4.8-CVE-2011-2698.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- trunk/epan/dissectors/packet-ansi_a.c 2011/07/07 13:57:08 37929 -+++ trunk/epan/dissectors/packet-ansi_a.c 2011/07/07 16:37:33 37930 -@@ -2682,10 +2682,10 @@ - break; - - default: -- proto_tree_add_text(tree, tvb, curr_offset, len - 1, -+ proto_tree_add_text(tree, tvb, curr_offset, len, - "Cell ID - Non IOS format"); - -- curr_offset += (len - 1); -+ curr_offset += len; - break; - } - diff --git a/wireshark-1.6.2-CVE-2011-3266.patch b/wireshark-1.6.2-CVE-2011-3266.patch deleted file mode 100644 index c583a45..0000000 --- a/wireshark-1.6.2-CVE-2011-3266.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- trunk/epan/dissectors/packet-isakmp.c 2011/07/28 18:17:16 38246 -+++ trunk/epan/dissectors/packet-isakmp.c 2011/07/28 22:19:46 38247 -@@ -3880,12 +3880,13 @@ - offset += 2; - length -= 2; - -- -- while (length > 0) { -+ if (spi_size > 0) { -+ while (length > 0) { - proto_tree_add_item(tree, hf_isakmp_delete_spi, tvb, offset, spi_size, FALSE); - offset+=spi_size; - length-=spi_size; -- } -+ } -+ } - } - - diff --git a/wireshark-1.6.2-CVE-2011-3360.patch b/wireshark-1.6.2-CVE-2011-3360.patch deleted file mode 100644 index 28b5a6a..0000000 --- a/wireshark-1.6.2-CVE-2011-3360.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- trunk/epan/wslua/template-init.lua 2011/08/08 17:59:32 38413 -+++ trunk/epan/wslua/template-init.lua 2011/08/08 19:10:19 38414 -@@ -73,5 +73,5 @@ - DATA_DIR = datafile_path() - USER_DIR = persconffile_path() - --dofile("console.lua") ----dofile("dtd_gen.lua") -+dofile(DATA_DIR.."console.lua") -+--dofile(DATA_DIR.."dtd_gen.lua") diff --git a/wireshark-1.6.2-CVE-2011-3483.patch b/wireshark-1.6.2-CVE-2011-3483.patch deleted file mode 100644 index 75a8efb..0000000 --- a/wireshark-1.6.2-CVE-2011-3483.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: wireshark-1.4.4/epan/packet.c -=================================================================== ---- wireshark-1.4.4.orig/epan/packet.c -+++ wireshark-1.4.4/epan/packet.c -@@ -321,6 +321,7 @@ dissect_packet(epan_dissect_t *edt, unio - edt->pi.annex_a_used = MTP2_ANNEX_A_USED_UNKNOWN; - edt->pi.dcerpc_procedure_name=""; - edt->pi.link_dir = LINK_DIR_UNKNOWN; -+ edt->tvb = NULL; - - /* to enable decode as for ethertype=0x0000 (fix for bug 4721) */ - edt->pi.ethertype = G_MAXINT; diff --git a/wireshark-1.6.3.tar.bz2 b/wireshark-1.6.3.tar.bz2 new file mode 100644 index 0000000..5f4c34f --- /dev/null +++ b/wireshark-1.6.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:07084c9e0f0a8acefe9fbe860762d2b323b4867e7202d6146f5c581d1d5303e0 +size 21468737 diff --git a/wireshark-nfsv4-opts.patch b/wireshark-nfsv4-opts.patch deleted file mode 100644 index c909748..0000000 --- a/wireshark-nfsv4-opts.patch +++ /dev/null @@ -1,65 +0,0 @@ -Index: wireshark-1.4.3/epan/dissectors/packet-nfs.c -=================================================================== ---- wireshark-1.4.3.orig/epan/dissectors/packet-nfs.c -+++ wireshark-1.4.3/epan/dissectors/packet-nfs.c -@@ -8795,6 +8795,8 @@ dissect_nfs_argop4(tvbuff_t *tvb, int of - ftree = proto_item_add_subtree(fitem, ett_nfs_argop4); - } - -+ proto_item_append_text(tree, ", Ops(%d):", ops); -+ - for (ops_counter=0; ops_countercinfo, COL_INFO)) { -+ col_append_fstr(pinfo->cinfo, COL_INFO, " %s", -+ names_nfsv4_operation[opcode - 3].strptr); -+ } -+ } -+ proto_item_append_text(tree, " %s", -+ names_nfsv4_operation[opcode - 3].strptr); -+ - switch(opcode) - { - case NFS4_OP_ACCESS: -@@ -9290,6 +9301,8 @@ dissect_nfs_resop4(tvbuff_t *tvb, int of - ftree = proto_item_add_subtree(fitem, ett_nfs_resop4); - } - -+ proto_item_append_text(tree, ", Ops(%d):", ops); -+ - for (ops_counter = 0; ops_counter < ops; ops_counter++) - { - opcode = tvb_get_ntohl(tvb, offset); -@@ -9321,6 +9334,17 @@ dissect_nfs_resop4(tvbuff_t *tvb, int of - - offset = dissect_nfs_nfsstat4(tvb, offset, newftree, &status); - -+ if (check_col(pinfo->cinfo, COL_INFO)) { -+ if (status != NFS4_OK) { -+ col_append_fstr(pinfo->cinfo, COL_INFO, " %s(%d)", -+ names_nfsv4_operation[opcode - 3].strptr, status); -+ } else if (opcode != NFS4_OP_PUTFH) { -+ col_append_fstr(pinfo->cinfo, COL_INFO, " %s", -+ names_nfsv4_operation[opcode - 3].strptr); -+ } -+ } -+ proto_item_append_text(tree, " %s(%d)", -+ names_nfsv4_operation[opcode - 3].strptr, status); - /* - * With the exception of NFS4_OP_LOCK, NFS4_OP_LOCKT, and - * NFS4_OP_SETATTR, all other ops do *not* return data with the -@@ -9665,7 +9689,7 @@ static const value_string nfsv3_proc_val - static const vsff nfs4_proc[] = { - { 0, "NULL", - dissect_nfs3_null_call, dissect_nfs3_null_reply }, -- { 1, "COMPOUND", -+ { 1, "COMP", - dissect_nfs4_compound_call, dissect_nfs4_compound_reply }, - { 0, NULL, NULL, NULL } - }; diff --git a/wireshark.changes b/wireshark.changes index 9b95651..ae5f5aa 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,3 +1,415 @@ +------------------------------------------------------------------- +Wed Nov 2 15:07:21 UTC 2011 - tabraham@novell.com + +- update to 1.6.3 + - Security fixes: + - wnpa-sec-2011-17 The CSN.1 dissector could crash. (Bug 6351) + - Bug fixes: + - Wireshark window takes very long time to show up if invalid + network file path is at recent file list (Bug 3810) + - ISUP party number dissection. (Bug 5221) + - Ethernet packets with both VLAN tag and LLC header no longer + displayed correctly. (Bug 5645) + - SLL encapsuled 802.1Q VLAN is not dissected. (Bug 5680) + - Dissection fails for frames with Gigamon Header and VLAN. (Bug 6305) + - RTP Stream Analysis does not work for TURN-encapsulated RTP. (Bug 6322) + - packet-csn1.c doesn't process CSN_CHOICE entries properly. (Bug 6328) + - GUI crash on invalid IEEE 802.11 GAS frame. (Bug 6345) + - ICMPv6 router advertisement Prefix Information Flag R "Router + Address" missing. (Bug 6350) + - Inner tag of 802.1ad frames not parsed properly. (Bug 6366) + - Added cursor type decoding to MySQL dissector. (Bug 6396) + - WPA IE pairwise cipher suite dissector uses incorrect value_string + list. (Bug 6420) + - text_import_scanner.l missing. (Bug 6531) + - Updated protocol support: + - AJP13, ASN.1 PER, BACnet, CSN.1, DTN, Ethernet, ICMPv6, IEEE 802.11, + IEEE 802.1q, Infiniband, IPsec, MySQL, PCEP, PN-RT, RTP, S1AP, SSL + - New and Updated capture file suppport: + - Endace ERF. + +- update to 1.6.2 + - Security fixes: + - wnpa-sec-2011-12 A large loop in the OpenSafety dissector could + cause a crash. (Bug 6138) + - wnpa-sec-2011-16 The CSN.1 dissector could crash. (Bug 6139) + - Bug fixes: + - configure ignores (partially) LDFLAGS. (Bug 5607) + - Build fails when it tries to #include , not present in + Solaris 9. (Bug 5608) + - Unable to configure zero length SNMP Engine ID. (Bug 5731) + - BACnet who-is request device range values are not decoded correctly + in the packet details window. (Bug 5769) + - Wireshark crashes if sercosiii module isn't installed. (Bug 6006) + - Editcap could create invalid pcap files when converting from JPEG. + (Bug 6010) + - Timestamp is incorrectly decoded for ICMP Timestamp Response packets + from MS Windows. (Bug 6114) + - Wrong display of CSN_BIT in CSN.1. (Bug 6151) + - Fix CSN_RECURSIVE_TARRAY last bit error in packet-csn1.c. (Bug 6166) + - Wireshark cannot display Reachable time & Retrans timer in IPv6 RA + messages. (Bug 6168) + - ReadPropertyMultiple-ACK not correctly dissected. (Bug 6178) + - GTPv2 dissectors should treat gtpv2_ccrsi as optional. (Bug 6183) + - tshark run with -Tpdml makes a seg fault. (Bug 6245) + - TShark/dumpcap skips capture duration flag occasionally. (Bug 6280) + - Wireshark improperly parsing 802.11 Beacon Country Information + tag. (Bug 6264) + - Wrong display of CSN_BIT under CSN_UNION. (Bug 6287) + - Updated protocol support: + - BACapp, Bluetooth L2CAP, CSN.1, DCERPC, GSM A RR, GTPv2, ICMP, + ICMPv6, IKE, MEGACO, MSISDN, NDMP, OpenSafety, RTPS2, sFlow, SNMP, TCP + - New and Updated capture file suppport: + - CommView, pcap-ng, JPEG. + +- update to 1.6.1 + - Security fixes: + - Bug fixes: + - TCP dissector doesn't decode TCP segments of length 1. (Bug 4716) + - wireshark 1.4.0rc1 and python - spurious message. (Bug 4878) + - Missing LUA function. (Bug 5006) + - Lua API description about creating a new Tvb from a bytearray is + not correct in wireshark's user guide. (Bug 5199) + - Character echo pauses in Capture Filter field in Capture Options. + (Bug 5356) + - White space in protocol field abbreviation causes runtime failure + while registering Lua dissector. (Bug 5569) + - "File not found" box uses wrong filename encoding. (Bug 5715) + - capinfos: #ifdef HAVE_LIBGCRYPT block includes a line too many . + (Bug 5803) + - Wireshark crashes if Lua contains "Pref.range()" with missing arguments. + (Bug 5895) + - The "range" field in Lua's "Pref.range()" serves as default while the + "default" field does nothing . (Bug 5896) + - Wireshark crashes when calling TreeItem:set_len() on TreeItem without + tvb. (Bug 5941) + - TvbRange_string(lua_State* L) call a wrong function. (Bug 5960) + - VoIP call flow graph displays BICC APM as a BICC ANM. (Bug 5966) + - Cannot Live-capture VirtualBox network packets with Wireshark; pipe + problem. (Bug 6002) + - Interface list in Capture Options isn't cleared when selecting other + host. (Bug 6008) + - H323 rate multiplier wrong. (Bug 6009) + - Inclusion of config.h is too late in lex-files resulting in wrong + definition of _FILE_OFFSET_BITS. (Bug 6012) + - tshark crashes when loading Lua script that contains GUI function. + (Bug 6018) + - 802.11 Disassociation Packet's "Reason Code" field is imprecisely + decoded/described. (Bug 6022) + - Wireshark crashes when setting custom column's field name with + conditional. (Bug 6028) + - Crash after applying "expert.severity" field as column. (Bug 6035) + - GTS Descriptor count limited to 3 instead of 7. (Bug 6055) + - The SSL dissector can not resemble correctly the frames after TCP + zero window probe packet. (Bug 6059) + - Packet parser takes too long for this trace. (Bug 6073) + - Wireshark crashes after repeating "File -> Import -> Cancel". (Bug 6080) + - Decoding of MQ ASCII and EBCDIC Traffic Flow - ASCII shows fine, + EBCDIC does not. (Bug 6084) + - 802.11 Association Response Packet's "Status Code" field is imprecisely + decoded/described. (Bug 6093) + - Abis interface not correctly handled in gsmtap dissector. (Bug 6097) + - Wrong decoding of RLC/MAC EGPRS Packet Downlink Ack/Nack (3GPP TS + 44.060). (Bug 6098) + - CSN Ack/Nack Description wrongly handled in gsm_rlcmac_dl dissector + (3GPP TS 44.060). (Bug 6101) + - wireshark 1.6.0 and python support: installer fails to create the + wspy_dissectors subdirectory and . (Bug 6110) + - Wireshark crash during RTP stream analysis. (Bug 6120) + - Tshark custom columns: Why don't I get an error message? (Bug 6131) + - New and Updated capture file suppport: + - Network Monitor. + +- update to 1.6.0 + - Security fixes: + - Bug fixes: + - Wireshark is unresponsive when capturing from named pipes on Windows. + (Bug 1759) + - Crash when sorting column while capturing. (Bug 4273) + - Ring buffers are no longer turned on by default when using multiple + capture files. + - New and updated features: + - Large file (greater than 2 GB) support has been improved. + - Wireshark and TShark can import text dumps, similar to text2pcap + - You can now view Wireshark's dissector tables (for example the TCP + port to dissector mappings) from the main window. + - Wireshark can export SSL session keys via File->Export->SSL Session + Keys... + - You can hide columns in the packet list. + - Wireshark can now export SMB objects. + - dftest and randpkt now have manual pages. + - TShark can now display iSCSI, ICMP and ICMPv6 service response times. + - Dumpcap can now save files with a user-specified group id. + - Syntax checking is done for capture filters. + - You can display the compiled BPF code for capture filters in the + Capture Options dialog. + - You can now navigate backwards and forwards through TCP and UDP + sessions using Ctrl+, and Ctrl+. . + - Packet length is (finally) a default column. + - TCP window size is now avaiable both scaled and unscaled. A TCP window + scaling graph is available in the GUI. + - 802.1q VLAN tags are now shown in the Ethernet II protocol tree + instead of a separate tree + - Various dissectors now display some UTF-16 strings as proper Unicode + including the DCE/RPC and SMB dissectors. + - The RTP player now has an option to show the time of day in the graph + in addition to the seconds since beginning of capture. + - The RTP player now shows why media interruptions occur. + - Graphs now save as PNG images by default. + - TShark can read and write host name information from and to pcapng + formatted files. Wireshark can read it. TShark can dump host name + information via [-z hosts] + - TShark's -z option now uses the [-z ,srt] syntax instead of + [-z ,rtt] for all protocols that support service response + time statistics. This matches Wireshark's syntax for this option. + - Wireshark and TShark can now read compressed Windows Sniffer files. + - New protocol support: + - ADwin, ADwin-Config, Apache Etch, Aruba PAPI, Babel Routing Protocol, + Broadcast/Multicast Control, Constrained Application Protocol (COAP), + Digium TDMoE, Erlang Distribution Protocol, Ether-S-I/O, FastCGI, Fibre + Channel over InfiniBand (FCoIB), Gopher, Gigamon GMHDR, IDMP, Infiniband + Socket Direct Protocol (SDP), JSON, LISP Control, LISP Data, LISP, + MikroTik MAC-Telnet, MRP Multiple Mac Registration Protocol (MMRP) Mongo + Wire Protocol, MUX27010, Network Monitor 802.11 radio header, OPC UA + ExtensionObjects, openSAFETY, PPI-GEOLOCATION-GPS, ReLOAD, ReLOAD + Framing, RObust Header Compression (ROHC), RSIP, SAMETIME, SCoP, SGSAP, + Tektronix Teklink, USB/AT Commands, uTorrent Transport Protocol, WAI + authentication, Wi-Fi P2P (Wi-Fi Direct) + - New and Updated capture file suppport: + - Apple PacketLogger, Catapult DCT2000, Daintree SNA, Endace ERF, HP + OpenVMS TCPTrace, IPFIX (the file format, not the protocol), + Lucent/Ascend debug, Microsoft Network Monitor, Network Instruments, + TamoSoft CommView + +- update to 1.5.1 + - Security fixes: + - Bug fixes: + - Wireshark is unresponsive when capturing from named pipes on Windows. + (Bug 1759) + - Ring buffers are no longer turned on by default when using multiple + capture files. + - New and updated features: + - Wireshark and TShark can import text dumps, similar to text2pcap + - You can now view Wireshark's dissector tables (for example the TCP + port to dissector mappings) from the main window. + - TShark can show a specific occurrence of a field when using '-T fields'. + - Custom columns can show a specific occurrence of a field. + - You can hide columns in the packet list. + - Wireshark can now export SMB objects. + - dftest and randpkt now have manual pages. + - TShark can now display iSCSI service response times. + - Dumpcap can now save files with a user-specified group id. + - Syntax checking is done for capture filters + - You can display the compiled BPF code for capture filters in the + Capture Options dialog. + - You can now navigate backwards and forwards through TCP and UDP + sessions using Ctrl+, and Ctrl+. . + - Packet length is (finally) a default column. + - TCP window size is now avaiable both scaled and unscaled. A TCP window + scaling graph is available in the GUI. + - 802.1q VLAN tags are now shown in the Ethernet II protocol tree + - Various dissectors now display some UTF-16 strings as proper Unicode + including the DCE/RPC and SMB dissectors + - The RTP player now has an option to show the time of day in the graph + in addition to the seconds since beginning of capture. + - The RTP player now shows why media interruptions occur. + - Graphs now save as PNG images by default + - TShark can read and write host name information from and to pcapng + formatted files. Wireshark can read it. TShark can dump host name + information via [-z hosts] + - TShark's -z option now uses the [-z ,srt] syntax instead of + [-z ,rtt] for all protocols that support service response + time statistics. This matches Wireshark's syntax for this option. + - New protocol support: + - ADwin, ADwin-Config, Apache Etch, Aruba PAPI, Babel Routing Protocol, + Constrained Application Protocol (COAP), Digium TDMoE, Erlang + Distribution Protocol, Ether-S-I/O, FastCGI, Fibre Channel over + InfiniBand (FCoIB), Gopher, Gigamon GMHDR, IDMP, Infiniband Socket + Direct Protocol (SDP), JSON, LISP Data, MikroTik MAC-Telnet, Mongo Wire + Protocol, Network Monitor 802.11 radio header, OPC UA ExtensionObjects, + PPI-GEOLOCATION-GPS, ReLOAD, ReLOAD Framing, RSIP, SAMETIME, SCoP, SGSAP, + Tektronix Teklink, WAI authentication, Wi-Fi P2P (Wi-Fi Direct) + - New and Updated capture file suppport: + - Apple PacketLogger, Catapult DCT2000, Daintree SNA, Endace ERF, HP + OpenVMS TCPTrace, IPFIX (the file format, not the protocol), + Lucent/Ascend debug, Microsoft Network Monitor, Network Instruments, + TamoSoft CommView + +- update to 1.4.10 + - Security fixes: + - wnpa-sec-2011-18 Huzaifa Sidhpurwala of Red Hat Security + Response Team discovered that the Infiniband dissector could + dereference a NULL pointer. (Bug 6476) + - wnpa-sec-2011-19 Huzaifa Sidhpurwala of Red Hat Security + Response Team discovered a buffer overflow in the ERF file + reader. (Bug 6479) + - Bug fixes: + - Assertion failed when doing File->Quit->Save during live + capture. (Bug 1710) + - Wrong PCEP XRO sub-object decoding. (Bug 3778) + - Decoding [Status Records] Timestamp Sequence Field in Bundle + Protocol fails if over 32 bits. (Bug 4109) + - wireshark-1.4.2 crashes when testing the example python + dissector because of a dissector count assertion. (Bug 5431) + - Wireshark crashes when attempting to open a file via drag & drop + when there's already a file open. (Bug 5987) + - Add the ability to save filters from the Filter Toolbar into buttons + on the Filter Toolbar. (Bug 6207) + - Adding and removing custom HTTP headers requires a restart. (Bug 6241) + - Can't read full 64-bit SNMP values. (Bug 6295) + - BACnet property time-synchronization-interval (204) name shown + incorrectly as time-synchronization-recipients. (Bug 6336) + - [ASN.1 PER] Incorrect decoding of BIT STRING type. (Bug 6347) + - Export->Object->HTTP-> save all: Error on saving files. (Bug 6362) + - Incorrect identification of UDP-encapsulated NAT-keepalive + packets. (Bug 6414) + - S1AP protocol can't decode IPv6 transportLayerAddress. (Bug 6435) + - RTPS2 dissector doesn't handle 0 in the octestToNextHeader field. + (Bug 6449) + - packet-ajp13 fix, cleanup, and enhancement. (Bug 6452) + - Network Instruments Observer file format bugs. (Bug 6453) + - Wireshark crashes when using "Open Recent" 2 times in a row. (Bug 6457) + - Wireshark packet_gsm-sms, display bug: Filler bits in TP-User Data + Header. (Bug 6469) + - wireshark unable to decode NetFlow options which have system scope + size != 4 bytes. (Bug 6471) + - Display filter Expression Dialog Box Error. (Bug 6472) + - Updated protocol support: + - AJP13, ASN.1 PER, BACapp, DTN, GSM SMS, Infiniband, IPsec, NetFlow, + PCEP, RTPS2 + +- update to 1.4.9 + - Security fixes: + - wnpa-sec-2011-13 A malformed IKE packet could consume excessive + resources. + - wnpa-sec-2011-14 A malformed capture file could result in an invalid + root tvbuff and cause a crash. (Bug 6135) CVE-2011-3266 + - wnpa-sec-2011-15 Wireshark could run arbitrary Lua scripts. (Bug 6136) + - Bug fixes: + - Unable to configure zero length SNMP Engine ID. (Bug 5731) + - H.323 RAS packets missing from packet counts in "Telephony->VoIP + Calls" and the "Flow Graph" for the call. (Bug 5848) + - Malformed Packet in decode for BGP-AD update. (Bug 6122) + - BGP : AS_PATH attribute was decode wrong. (Bug 6188) + - Fixes for SCPS TCP option. (Bug 6194) + - Offset calculated incorrectly for sFlow extended data. (Bug 6219) + - [Enter] key behavior varies when manually typing display filters. + (Bug 6228) + - Contents of pcapng EnhancedPacketBlocks with comments aren't + displayed. (Bug 6229) + - Misdecoding 3G Neighbour Cell Information Element in SI2quater + message due to a coding typo. (Bug 6237) + - Mis-spelled word "unknown" in assorted files. (Bug 6244) + - btl2cap extended window shows wrong bit. (Bug 6257) + - NDMP dissector incorrectly represents "ndmp.bytes_left_to_read" + as signed. (Bug 6262) + - ERF records with extension headers not written out correctly to + pcap or pcap-ng files. (Bug 6265) + - RTPS2: MAX_BITMAP_SIZE is defined incorrectly. (Bug 6276) + - Copying from RTP stream analysis copies 1st line many times. (Bug 6279) + - File types with no snaplen written out with a zero snaplen in pcap-ng + files. (Bug 6289) + - MEGACO context tracking fix - context id reuse. (Bug 6311) + - Updated protocol support: + - BGP, Bluetooth L2CAP, GSM A RR, H.225, IKE, MEGACO, NDMP, RTPS2, SCPS, + sFlow, SNMP + - New and Updated capture file suppport: + - CommView, pcap-ng. + + - update to 1.4.8 + - Security fixes: + - CVE-2011-2597 The Lucent/Ascend file parser was susceptible to an + infinite loop. + - The ANSI MAP dissector was susceptible to an infinite loop. (Bug 6044) + - Bug fixes: + - TCP dissector doesn't decode TCP segments of length 1. (Bug 4716) + - Wireshark 1.4.0rc1 and python - spurious message. (Bug 4878) + - Missing LUA function. (Bug 5006) + - Lua API description about creating a new Tvb from a bytearray is not + correct in wireshark's user guide. (Bug 5199) + - sflow decode error for some extended formats. (Bug 5379) + - White space in protocol field abbreviation causes runtime failure + while registering Lua dissector. (Bug 5569) + - "File not found" box uses wrong filename encoding. (Bug 5715) + - capinfos: #ifdef HAVE_LIBGCRYPT block includes a line too many. + (Bug 5803) + - Wireshark crashes if Lua contains "Pref.range()" with missing + arguments. (Bug 5895) + - The "range" field in Lua's "Pref.range()" serves as default while + the "default" field does nothing. (Bug 5896) + - Wireshark crashes when calling TreeItem:set_len() on TreeItem + without tvb. (Bug 5941) + - TvbRange_string(lua_State* L) call a wrong function. (Bug 5960) + - VoIP call flow graph displays BICC APM as a BICC ANM. (Bug 5966) + - H323 rate multiplier wrong. (Bug 6009) + - tshark crashes when loading Lua script that contains GUI function. + (Bug 6018) + - 802.11 Disassociation Packet's "Reason Code" field is imprecisely + decoded/described. (Bug 6022) + - Wireshark crashes when setting custom column's field name with + conditional. (Bug 6028) + - GTS Descriptor count limited to 3 instead of 7. (Bug 6055) + - The SSL dissector can not resemble correctly the frames after TCP + zero window probe packet. (Bug 6059) + - Packet parser takes too long for this trace. (Bug 6073) + - 802.11 Association Response Packet's "Status Code" field is + imprecisely decoded/described. (Bug 6093) + - Wireshark 1.6.0 and Python support: installer fails to create the + wspy_dissectors subdirectory and . (Bug 6110) + - Wireshark crash during RTP stream analysis. (Bug 6120) + - Tshark custom columns: Why don't I get an error message? (Bug 6131) + - Updated protocol support: + - ANSI MAP, GIOP, H.323, IEEE 802.11, MSRP, RPCAP, sFlow, TCP + - New and Updated capture file suppport: + - Lucent/Ascend + + - update to 1.4.7 + - Security fixes: + - Large/infinite loop in the DICOM dissector. (Bug 5876) + - Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered + that a corrupted Diameter dictionary file could crash Wireshark. + - Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered + that a corrupted snoop file could crash Wireshark. (Bug 5912) + - David Maciejak of Fortinet's FortiGuard Labs discovered that malformed + compressed capture data could crash Wireshark. (Bug 5908) + - Huzaifa Sidhpurwala of the Red Hat Security Response Team discovered + that a corrupted Visual Networks file could crash Wireshark. (Bug 5934) + - Bug fixes: + - AIM dissector has some endian issues. (Bug 5464) + - Telephony->MTP3->MSUS doesn't display window. (Bug 5605) + - Support for MS NetMon 3.x traces containing raw IPv6 ("Type 7") + packets. (Bug 5817) + - Service Indicator in M3UA protocol data. (Bug 5834) + - IEC60870-5-104 protocol, incorrect decoding of timestamp type + CP56Time2a. (Bug 5889) + - DNP3 dissector incorrect constants AL_OBJ_FCTR_16NF _FDCTR_32NF + _FDCTR_16NF. (Bug 5920) + - 3GPP QoS: Traffic class is not decoded properly. (Bug 5928) + - Wireshark crashes when creating ProtoField.framenum in Lua. (Bug 5930) + - Fix a wrong mask to extract FMID from DECT packets dissector. (Bug 5947) + - Incorrect DHCPv6 remote identifier option parsing. (Bug 5962) + - Updated protocol support: + - DICOM, IEC104, M3UA, TCP + - New and Updated capture file suppport: + - Network Monitor + +- Drop patches (fixed upstream): + + wireshark-1.6.2-CVE-2011-3483.patch + + wireshark-1.6.2-CVE-2011-3360.patch + + wireshark-1.6.2-CVE-2011-3266.patch + + wireshark-1.4.8-CVE-2011-2698.patch + + wireshark-1.4.8-CVE-2011-2597.patch + + wireshark-1.2.17-CVE-2011-2175.patch + + wireshark-1.2.17-CVE-2011-2174.patch + + wireshark-1.2.17-CVE-2011-1959.patch + + wireshark-1.2.17-CVE-2011-1958.patch + + wireshark-1.2.17-CVE-2011-1957.patch + + wireshark-nfsv4-opts.patch + +- changed spec to resolve rpmlint warning regarding devel package in + non-devel group +- changed spec to resolve rpmlint warnings regarding macro-in-comment + ------------------------------------------------------------------- Mon Sep 26 14:07:31 CST 2011 - cyliu@novell.com diff --git a/wireshark.spec b/wireshark.spec index b935190..39a7a2c 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -20,7 +20,7 @@ %define use_caps 0 Name: wireshark -Version: 1.4.6 +Version: 1.6.3 Release: 1 License: GPLv2+ Summary: A Network Traffic Analyser @@ -28,7 +28,7 @@ Url: http://www.wireshark.org/ Group: Productivity/Networking/Diagnostic Source: http://www.wireshark.org/download/src/%{name}-%{version}.tar.bz2 Source1: include.filelist -# PATCH-FIX-OPENSUSE wireshark-1.2.0-disable-warning-dialog.patch bnc#349782 prusnak@suse.cz -- don't show warning when running as root +# PATCH-FIX-OPENSUSE wireshark-1.6.3-disable-warning-dialog.patch bnc#349782 prusnak@suse.cz -- don't show warning when running as root Patch1: %{name}-1.2.0-disable-warning-dialog.patch # PATCH-FEATURE-OPENSUSE wireshark-1.2.0-geoip.patch prusnak@suse.cz -- search in /var/lib/GeoIP if user hasn't set any GeoIP folders Patch2: %{name}-1.2.0-geoip.patch @@ -36,18 +36,6 @@ Patch2: %{name}-1.2.0-geoip.patch Patch3: %{name}-corosync-packet-dissector.patch # PATCH-FIX-OPENSUSE wireshark-1.2.4-enable_lua.patch bnc#650434 Patch4: %{name}-1.2.4-enable_lua.patch -# PATCH-FEATURE-OPENSUSE wireshark-nfsv4-opts.patch -- add NFSv4 options -Patch5: %{name}-nfsv4-opts.patch -Patch6: %{name}-1.2.17-CVE-2011-1957.patch -Patch7: %{name}-1.2.17-CVE-2011-1959.patch -Patch8: %{name}-1.2.17-CVE-2011-2174.patch -Patch9: %{name}-1.2.17-CVE-2011-2175.patch -Patch10: %{name}-1.2.17-CVE-2011-1958.patch -Patch11: %{name}-1.4.8-CVE-2011-2597.patch -Patch12: %{name}-1.4.8-CVE-2011-2698.patch -Patch13: %{name}-1.6.2-CVE-2011-3266.patch -Patch14: %{name}-1.6.2-CVE-2011-3360.patch -Patch15: %{name}-1.6.2-CVE-2011-3483.patch BuildRequires: bison BuildRequires: cairo-devel BuildRequires: flex @@ -89,7 +77,7 @@ view the reconstructed stream of a TCP session. %package devel License: GPLv2+ Summary: A Network Traffic Analyser -Group: Productivity/Networking/Diagnostic +Group: Development/Libraries/C and C++ Requires: %{name} = %{version} Requires: glibc-devel Requires: glib2-devel @@ -108,18 +96,7 @@ view the reconstructed stream of a TCP session. %setup -q %patch2 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 +%patch4 sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop # run as root on 11.3 and older - bnc#349782 @@ -139,7 +116,7 @@ ln -fs wireshark %{buildroot}%{_bindir}/ethereal ln -fs tshark %{buildroot}%{_bindir}/tethereal install -d -m 0755 %{buildroot}%{_sysconfdir} install -d -m 0755 %{buildroot}%{_mandir}/man1/ -# install -m 0644 *.1 %{buildroot}%{_mandir}/man1/ +# install -m 0644 *.1 %%{buildroot}%%{_mandir}/man1/ install -d -m 0755 %{buildroot}%{_includedir}/wireshark for i in `cat %{SOURCE1}`; do install -m 644 $i %{buildroot}%{_includedir}/wireshark