From dbddd0d7b0540e9f5378317cef99a9a8f4b57bf86320eb3458835842bae287c4 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 15 Feb 2011 13:04:22 +0000 Subject: [PATCH] - updated to 1.4.3 - security fixes: o MAC-LTE dissector could overflow a buffer o ENTTEC dissector could overflow a buffer o ASN.1 BER dissector could assert and make Wireshark exit prematurely - bug fixes: o AMQP failed assertion o Reassemble.c leaks memory for GLIB > 2.8 o Fuzz testing reports possible dissector bug: TCP o Wrong length calculation in new_octet_aligned_subset_bits() o Function dissect_per_bit_string_display might read more bytes than available o Wireshark crashes with Copy -> Description on date/time fields o DHCPv6 OPTION_CLIENT_FQDN parse error o Information element Error for supported channels o Assert when using ASN.1 dissector with loading a 'type table' o Bug with RWH parsing in Infiniband dissector o Help->About Wireshark mis-reports OS o Delegated-IPv6-Prefix(123) is shown incorrect as X-Ascend-Call-Attempt-Limit(123) o "tshark -r file -T fields" is truncating exported data o gsm_a_dtap: incorrect "Extraneous Data" when decoding Packet Flow Identifier o Improper decode of TLS 1.2 packet containing both CertificateRequest and ServerHelloDone messages o LTE-PDCP UL and DL problem o CIGI 3.2/3.3 support broken o Prepare Filter in RTP Streams dialog does not work correctly. o Wrong decode at ethernet OAM Y.1731 ETH-CC OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=34 --- wireshark-1.2.0-disable-warning-dialog.patch | 6 +-- wireshark-1.2.4-enable_lua.patch | 6 +-- wireshark-1.4.2.tar.bz2 | 3 -- wireshark-1.4.3.tar.bz2 | 3 ++ wireshark-corosync-packet-dissector.patch | 24 +++++------ wireshark-dcbx-lldp-dissector.patch | 7 ++-- wireshark-nfsv4-opts.patch | 6 +-- wireshark.changes | 43 ++++++++++++++++++++ wireshark.spec | 7 +++- 9 files changed, 76 insertions(+), 29 deletions(-) delete mode 100644 wireshark-1.4.2.tar.bz2 create mode 100644 wireshark-1.4.3.tar.bz2 diff --git a/wireshark-1.2.0-disable-warning-dialog.patch b/wireshark-1.2.0-disable-warning-dialog.patch index ef10eea..eb221f0 100644 --- a/wireshark-1.2.0-disable-warning-dialog.patch +++ b/wireshark-1.2.0-disable-warning-dialog.patch @@ -2,7 +2,7 @@ Index: gtk/main.c =================================================================== --- gtk/main.c.orig +++ gtk/main.c -@@ -1417,13 +1417,13 @@ set_display_filename(capture_file *cf) +@@ -1421,13 +1421,13 @@ set_display_filename(capture_file *cf) } GtkWidget *close_dlg = NULL; @@ -18,7 +18,7 @@ Index: gtk/main.c #ifdef _WIN32 static void npf_warning_dialog_cb(gpointer dialog, gint btn _U_, gpointer data _U_) -@@ -1993,9 +1993,10 @@ check_and_warn_user_startup(gchar *cf_na +@@ -1997,9 +1997,10 @@ check_and_warn_user_startup(gchar *cf_na #endif { gchar *cur_user, *cur_group; @@ -30,7 +30,7 @@ Index: gtk/main.c if (running_with_special_privs() && recent.privs_warn_if_elevated) { cur_user = get_cur_username(); cur_group = get_cur_groupname(); -@@ -2007,7 +2008,7 @@ check_and_warn_user_startup(gchar *cf_na +@@ -2011,7 +2012,7 @@ check_and_warn_user_startup(gchar *cf_na simple_dialog_check_set(priv_warning_dialog, "Don't show this message again."); simple_dialog_set_cb(priv_warning_dialog, priv_warning_dialog_cb, NULL); } diff --git a/wireshark-1.2.4-enable_lua.patch b/wireshark-1.2.4-enable_lua.patch index 041ac3c..5f7bbe3 100644 --- a/wireshark-1.2.4-enable_lua.patch +++ b/wireshark-1.2.4-enable_lua.patch @@ -1,7 +1,7 @@ -Index: wireshark-1.4.2/epan/wslua/template-init.lua +Index: wireshark-1.4.3/epan/wslua/template-init.lua =================================================================== ---- wireshark-1.4.2.orig/epan/wslua/template-init.lua -+++ wireshark-1.4.2/epan/wslua/template-init.lua +--- wireshark-1.4.3.orig/epan/wslua/template-init.lua ++++ wireshark-1.4.3/epan/wslua/template-init.lua @@ -42,7 +42,7 @@ if running_superuser then local disabled_lib = {} setmetatable(disabled_lib,{ __index = function() error("this package has been disabled") end } ); diff --git a/wireshark-1.4.2.tar.bz2 b/wireshark-1.4.2.tar.bz2 deleted file mode 100644 index af6b8ef..0000000 --- a/wireshark-1.4.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:44c6e1ec328fa8e1e7b3838b2f25d51c36b38c562fc0d097ba464205fdb049b2 -size 20208792 diff --git a/wireshark-1.4.3.tar.bz2 b/wireshark-1.4.3.tar.bz2 new file mode 100644 index 0000000..a82f7f0 --- /dev/null +++ b/wireshark-1.4.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:3ec9b709ea0e2b26c4d5869374a9013a5c7ca4493f2a2a64640824c5a477eda6 +size 20469021 diff --git a/wireshark-corosync-packet-dissector.patch b/wireshark-corosync-packet-dissector.patch index aa0ff18..746a82f 100644 --- a/wireshark-corosync-packet-dissector.patch +++ b/wireshark-corosync-packet-dissector.patch @@ -1,7 +1,7 @@ -Index: wireshark-1.4.2/epan/dissectors/Makefile.common +Index: wireshark-1.4.3/epan/dissectors/Makefile.common =================================================================== ---- wireshark-1.4.2.orig/epan/dissectors/Makefile.common -+++ wireshark-1.4.2/epan/dissectors/Makefile.common +--- wireshark-1.4.3.orig/epan/dissectors/Makefile.common ++++ wireshark-1.4.3/epan/dissectors/Makefile.common @@ -307,6 +307,8 @@ DISSECTOR_SRC = \ packet-collectd.c \ packet-componentstatus.c \ @@ -11,10 +11,10 @@ Index: wireshark-1.4.2/epan/dissectors/Makefile.common packet-cosine.c \ packet-cpfi.c \ packet-cpha.c \ -Index: wireshark-1.4.2/epan/dissectors/packet-corosync-totemnet.c +Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemnet.c =================================================================== --- /dev/null -+++ wireshark-1.4.2/epan/dissectors/packet-corosync-totemnet.c ++++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemnet.c @@ -0,0 +1,1274 @@ +/* packet-corosync-totemnet.c + * Routines for the lowest level(encryption/decryption) protocol used in Corosync cluster engine @@ -1290,10 +1290,10 @@ Index: wireshark-1.4.2/epan/dissectors/packet-corosync-totemnet.c +} + +/* packet-corosync-totemnet.c ends here */ -Index: wireshark-1.4.2/epan/dissectors/packet-corosync-totemsrp.c +Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.c =================================================================== --- /dev/null -+++ wireshark-1.4.2/epan/dissectors/packet-corosync-totemsrp.c ++++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.c @@ -0,0 +1,1379 @@ +/* packet-corosync-totemsrp.c + * Dissectors for totem single ring protocol implementated in corosync cluster engine @@ -2674,10 +2674,10 @@ Index: wireshark-1.4.2/epan/dissectors/packet-corosync-totemsrp.c + corosync_totemsrp_is_little_endian(pinfo)); +} + -Index: wireshark-1.4.2/epan/dissectors/packet-corosync-totemsrp.h +Index: wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.h =================================================================== --- /dev/null -+++ wireshark-1.4.2/epan/dissectors/packet-corosync-totemsrp.h ++++ wireshark-1.4.3/epan/dissectors/packet-corosync-totemsrp.h @@ -0,0 +1,53 @@ +/* packet-corosync-totemsrp.h + * Dissectors for totem single ring protocol implemented in corosync cluster engine @@ -2732,10 +2732,10 @@ Index: wireshark-1.4.2/epan/dissectors/packet-corosync-totemsrp.h + + +#endif /* packet-totemsrp.h */ -Index: wireshark-1.4.2/epan/dissectors/Makefile.in +Index: wireshark-1.4.3/epan/dissectors/Makefile.in =================================================================== ---- wireshark-1.4.2.orig/epan/dissectors/Makefile.in -+++ wireshark-1.4.2/epan/dissectors/Makefile.in +--- wireshark-1.4.3.orig/epan/dissectors/Makefile.in ++++ wireshark-1.4.3/epan/dissectors/Makefile.in @@ -224,6 +224,8 @@ am__objects_3 = libdissectors_la-packet- libdissectors_la-packet-collectd.lo \ libdissectors_la-packet-componentstatus.lo \ diff --git a/wireshark-dcbx-lldp-dissector.patch b/wireshark-dcbx-lldp-dissector.patch index 5c78e81..9afd4ca 100644 --- a/wireshark-dcbx-lldp-dissector.patch +++ b/wireshark-dcbx-lldp-dissector.patch @@ -1,6 +1,7 @@ -diff -pur /mounts/users-space/hare/OpenSUSE/home:hreinecke:branches:network:utilities/wireshark/wireshark-1.4.2/epan/dissectors/packet-lldp.c wireshark-1.4.2/epan/dissectors/packet-lldp.c ---- /mounts/users-space/hare/OpenSUSE/home:hreinecke:branches:network:utilities/wireshark/wireshark-1.4.2/epan/dissectors/packet-lldp.c 2010-11-18 22:30:50.000000000 +0100 -+++ wireshark-1.4.2/epan/dissectors/packet-lldp.c 2011-01-24 17:14:48.000000000 +0100 +Index: wireshark-1.4.3/epan/dissectors/packet-lldp.c +=================================================================== +--- wireshark-1.4.3.orig/epan/dissectors/packet-lldp.c ++++ wireshark-1.4.3/epan/dissectors/packet-lldp.c @@ -128,6 +128,12 @@ static gint ett_802_3_power = -1; static gint ett_802_3_aggregation = -1; static gint ett_media_capabilities = -1; diff --git a/wireshark-nfsv4-opts.patch b/wireshark-nfsv4-opts.patch index 91b97cb..c909748 100644 --- a/wireshark-nfsv4-opts.patch +++ b/wireshark-nfsv4-opts.patch @@ -1,7 +1,7 @@ -Index: wireshark-1.4.2/epan/dissectors/packet-nfs.c +Index: wireshark-1.4.3/epan/dissectors/packet-nfs.c =================================================================== ---- wireshark-1.4.2.orig/epan/dissectors/packet-nfs.c -+++ wireshark-1.4.2/epan/dissectors/packet-nfs.c +--- wireshark-1.4.3.orig/epan/dissectors/packet-nfs.c ++++ wireshark-1.4.3/epan/dissectors/packet-nfs.c @@ -8795,6 +8795,8 @@ dissect_nfs_argop4(tvbuff_t *tvb, int of ftree = proto_item_add_subtree(fitem, ett_nfs_argop4); } diff --git a/wireshark.changes b/wireshark.changes index 2533ff2..96ccd3e 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,3 +1,46 @@ +------------------------------------------------------------------- +Tue Feb 15 12:52:45 UTC 2011 - prusnak@opensuse.org + +- updated to 1.4.3 + - security fixes: + o MAC-LTE dissector could overflow a buffer + o ENTTEC dissector could overflow a buffer + o ASN.1 BER dissector could assert and make Wireshark exit prematurely + - bug fixes: + o AMQP failed assertion + o Reassemble.c leaks memory for GLIB > 2.8 + o Fuzz testing reports possible dissector bug: TCP + o Wrong length calculation in new_octet_aligned_subset_bits() + o Function dissect_per_bit_string_display might read more bytes + than available + o Wireshark crashes with Copy -> Description on date/time fields + o DHCPv6 OPTION_CLIENT_FQDN parse error + o Information element Error for supported channels + o Assert when using ASN.1 dissector with loading a 'type table' + o Bug with RWH parsing in Infiniband dissector + o Help->About Wireshark mis-reports OS + o Delegated-IPv6-Prefix(123) is shown incorrect as + X-Ascend-Call-Attempt-Limit(123) + o "tshark -r file -T fields" is truncating exported data + o gsm_a_dtap: incorrect "Extraneous Data" when decoding Packet + Flow Identifier + o Improper decode of TLS 1.2 packet containing both + CertificateRequest and ServerHelloDone messages + o LTE-PDCP UL and DL problem + o CIGI 3.2/3.3 support broken + o Prepare Filter in RTP Streams dialog does not work correctly. + o Wrong decode at ethernet OAM Y.1731 ETH-CC + o WPS: RF bands decryption + o Incorrect LTP SDNV value handling + o LTP bug found by randpkt + o Buffer overflow in SNMP EngineID preferences + - updated protocol support: + AMQP, ASN.1 BER, ASN.1 PER, CFM, CIGI, DHCPv6, Diameter, ENTTEC, + GSM A GM, IEEE 802.11, InfiniBand, LTE-PDCP, LTP, MAC-LTE, MP2T, + RADIUS, SAMR, SCCP, SIP, SNMP, TCP, TLS, TN3270, UNISTIM, WPS + - new and updated capture file support: + Endace ERF, Microsoft Network Monitor, VMS TCPtrace + ------------------------------------------------------------------- Fri Feb 11 13:56:50 CET 2011 - hare@suse.de diff --git a/wireshark.spec b/wireshark.spec index f1965f9..88bc2e8 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -1,5 +1,5 @@ # -# spec file for package wireshark (Version 1.4.2) +# spec file for package wireshark (Version 1.4.3) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -20,7 +20,7 @@ %define use_caps 0 Name: wireshark -Version: 1.4.2 +Version: 1.4.3 Release: 1 License: GPLv2+ Summary: A Network Traffic Analyser @@ -34,8 +34,11 @@ Patch1: %{name}-1.2.0-disable-warning-dialog.patch Patch2: %{name}-1.2.0-geoip.patch # PATCH-FEATURE-UPSTREAM wireshark-corosync-packet-dissector.patch tserong@novell.com -- add corosync packet dissector Patch3: %{name}-corosync-packet-dissector.patch +# PATCH-FIX-OPENSUSE wireshark-1.2.4-enable_lua.patch bnc#650434 Patch4: %{name}-1.2.4-enable_lua.patch +# PATCH-FEATURE-OPENSUSE wireshark-nfsv4-opts.patch -- add NFSv4 options Patch5: %{name}-nfsv4-opts.patch +# PATCH-FEATURE-UPSTREAM wireshark-dcbx-lldp-dissector.patch hare@suse.de -- add DCBx LLDP packet dissector Patch6: %{name}-dcbx-lldp-dissector.patch BuildRequires: bison BuildRequires: cairo-devel