diff options
| author | CoprDistGit <infra@openeuler.org> | 2023-10-16 12:16:12 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2023-10-16 12:16:12 +0000 |
| commit | cc10e0bd9b359b464e50acb9a41eeb015e88f79a (patch) | |
| tree | 2f5bbd4c32c93defc59671aafab103d85b4bb525 | |
| parent | a5a6b48887de2a9aceb975d0e616b9ec7cf9c99b (diff) | |
automatic import of wireshark
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | 90-wireshark-usbmon.rules | 1 | ||||
| -rw-r--r-- | CVE-2023-2906.patch | 36 | ||||
| -rw-r--r-- | CVE-2023-3648.patch | 104 | ||||
| -rw-r--r-- | CVE-2023-3649.patch | 227 | ||||
| -rw-r--r-- | CVE-2023-4511.patch | 80 | ||||
| -rw-r--r-- | CVE-2023-4513-1.patch | 39 | ||||
| -rw-r--r-- | CVE-2023-4513-2.patch | 32 | ||||
| -rw-r--r-- | CVE-2023-5371.patch | 48 | ||||
| -rw-r--r-- | Fix-libvirt-build-fail.patch | 11 | ||||
| -rw-r--r-- | sources | 2 | ||||
| -rw-r--r-- | wireshark-0002-Customize-permission-denied-error.patch | 57 | ||||
| -rw-r--r-- | wireshark-0003-fix-string-overrun-in-plugins-profinet.patch | 18 | ||||
| -rw-r--r-- | wireshark-0004-Restore-Fedora-specific-groups.patch | 15 | ||||
| -rw-r--r-- | wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch | 20 | ||||
| -rw-r--r-- | wireshark-0006-Move-tmp-to-var-tmp.patch | 269 | ||||
| -rw-r--r-- | wireshark-0007-cmakelists.patch | 20 | ||||
| -rw-r--r-- | wireshark.spec | 325 | ||||
| -rw-r--r-- | wireshark.sysusers | 2 |
19 files changed, 1308 insertions, 0 deletions
@@ -0,0 +1,2 @@ +/SIGNATURES-3.6.14.txt +/wireshark-3.6.14.tar.xz diff --git a/90-wireshark-usbmon.rules b/90-wireshark-usbmon.rules new file mode 100644 index 0000000..10a127c --- /dev/null +++ b/90-wireshark-usbmon.rules @@ -0,0 +1 @@ +SUBSYSTEM=="usbmon", GROUP="usbmon", MODE="640" diff --git a/CVE-2023-2906.patch b/CVE-2023-2906.patch new file mode 100644 index 0000000..1d56a77 --- /dev/null +++ b/CVE-2023-2906.patch @@ -0,0 +1,36 @@ +From 0b874ad0f50f71a5b780cb915ea62f8625112402 Mon Sep 17 00:00:00 2001 +From: Jaap Keuter <jaap.keuter@xs4all.nl> +Date: Thu, 27 Jul 2023 20:21:19 +0200 +Subject: [PATCH] CP2179: Handle timetag info response without records + +Fixes #19229 + +(cherry picked from commit 44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d) +--- + epan/dissectors/packet-cp2179.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/epan/dissectors/packet-cp2179.c b/epan/dissectors/packet-cp2179.c +index 30f53f84946..70fe0332843 100644 +--- a/epan/dissectors/packet-cp2179.c ++++ b/epan/dissectors/packet-cp2179.c +@@ -721,11 +721,14 @@ dissect_response_frame(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, int + proto_tree_add_item(cp2179_proto_tree, hf_cp2179_timetag_numsets, tvb, offset, 1, ENC_LITTLE_ENDIAN); + + num_records = tvb_get_guint8(tvb, offset) & 0x7F; ++ offset += 1; ++ ++ if (num_records == 0 || numberofcharacters <= 1) ++ break; ++ + recordsize = (numberofcharacters-1) / num_records; + num_values = (recordsize-6) / 2; /* Determine how many 16-bit analog values are present in each event record */ + +- offset += 1; +- + for (x = 0; x < num_records; x++) + { + cp2179_event_tree = proto_tree_add_subtree_format(cp2179_proto_tree, tvb, offset, recordsize, ett_cp2179_event, NULL, "Event Record # %d", x+1); +-- +GitLab + diff --git a/CVE-2023-3648.patch b/CVE-2023-3648.patch new file mode 100644 index 0000000..b93addb --- /dev/null +++ b/CVE-2023-3648.patch @@ -0,0 +1,104 @@ +From 146721324b8eab1a480dda86b5addae6c1820818 Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Sun, 28 May 2023 07:14:52 -0400 +Subject: [PATCH] kafka: Don't use after free + +Neither tvb_new_child_real_data() nor tvb_composite_append() copy +the real data buffer that they're given. So we can't free a +decompressed buffer after making it a tvb. + +We can realloc if the output size is smaller. + +Fix #19105 + + +(cherry picked from commit b673bc022aa28c2c381cb96cae09357bd27eb0df) +--- + epan/dissectors/packet-kafka.c | 24 +++++++++++++++++------- + 1 file changed, 17 insertions(+), 7 deletions(-) + +diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c +index b530d2cf787..eabcc5d264d 100644 +--- a/epan/dissectors/packet-kafka.c ++++ b/epan/dissectors/packet-kafka.c +@@ -1677,7 +1677,6 @@ decompress_lz4(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, tv + dst_size = (size_t)lz4_info.contentSize; + } + +- decompressed_buffer = wmem_alloc(pinfo->pool, dst_size); + size_t out_size; + int count = 0; + +@@ -1687,12 +1686,16 @@ decompress_lz4(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, tv + goto end; + } + ++ decompressed_buffer = wmem_alloc(pinfo->pool, dst_size); + out_size = dst_size; + rc = LZ4F_decompress(lz4_ctxt, decompressed_buffer, &out_size, + &data[src_offset], &src_size, NULL); + if (LZ4F_isError(rc)) { + goto end; + } ++ if (out_size != dst_size) { ++ decompressed_buffer = (guint8 *)wmem_realloc(pinfo->pool, decompressed_buffer, out_size); ++ } + if (out_size == 0) { + goto end; + } +@@ -1734,7 +1737,7 @@ static gboolean + decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, tvbuff_t **decompressed_tvb, int *decompressed_offset) + { + guint8 *data = (guint8*)tvb_memdup(pinfo->pool, tvb, offset, length); +- size_t uncompressed_size; ++ size_t uncompressed_size, out_size; + snappy_status rc = SNAPPY_OK; + tvbuff_t *composite_tvb = NULL; + gboolean ret = FALSE; +@@ -1771,18 +1774,21 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, + goto end; + } + guint8 *decompressed_buffer = (guint8*)wmem_alloc(pinfo->pool, uncompressed_size); +- rc = snappy_uncompress(&data[pos], chunk_size, decompressed_buffer, &uncompressed_size); ++ out_size = uncompressed_size; ++ rc = snappy_uncompress(&data[pos], chunk_size, decompressed_buffer, &out_size); + if (rc != SNAPPY_OK) { + goto end; + } ++ if (out_size != uncompressed_size) { ++ decompressed_buffer = (guint8 *)wmem_realloc(pinfo->pool, decompressed_buffer, out_size); ++ } + + if (!composite_tvb) { + composite_tvb = tvb_new_composite(); + } + tvb_composite_append(composite_tvb, +- tvb_new_child_real_data(tvb, decompressed_buffer, (guint)uncompressed_size, (gint)uncompressed_size)); ++ tvb_new_child_real_data(tvb, decompressed_buffer, (guint)out_size, (gint)out_size)); + pos += chunk_size; +- wmem_free(pinfo->pool, decompressed_buffer); + count++; + DISSECTOR_ASSERT_HINT(count < MAX_LOOP_ITERATIONS, "MAX_LOOP_ITERATIONS exceeded"); + } +@@ -1797,12 +1803,16 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, + + guint8 *decompressed_buffer = (guint8*)wmem_alloc(pinfo->pool, uncompressed_size); + +- rc = snappy_uncompress(data, length, decompressed_buffer, &uncompressed_size); ++ out_size = uncompressed_size; ++ rc = snappy_uncompress(data, length, decompressed_buffer, &out_size); + if (rc != SNAPPY_OK) { + goto end; + } ++ if (out_size != uncompressed_size) { ++ decompressed_buffer = (guint8 *)wmem_realloc(pinfo->pool, decompressed_buffer, out_size); ++ } + +- *decompressed_tvb = tvb_new_child_real_data(tvb, decompressed_buffer, (guint)uncompressed_size, (gint)uncompressed_size); ++ *decompressed_tvb = tvb_new_child_real_data(tvb, decompressed_buffer, (guint)out_size, (gint)out_size); + *decompressed_offset = 0; + + } +-- +GitLab + diff --git a/CVE-2023-3649.patch b/CVE-2023-3649.patch new file mode 100644 index 0000000..5ee4a68 --- /dev/null +++ b/CVE-2023-3649.patch @@ -0,0 +1,227 @@ +From 75e0ffcb42f3816e5f2fdef12f3c9ae906130b0c Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Sat, 24 Jun 2023 00:34:50 -0400 +Subject: [PATCH] iscsi: Check bounds when extracting TargetAddress + +Use tvb_ functions that do bounds checking when parsing the +TargetAddress string, instead of incrementing a pointer to an +extracted char* and sometimes accidentally overrunning the +string. + +While we're there, go ahead and add support for IPv6 addresses. + +Fix #19164 + +(backported from commit 94349bbdaeb384b12d554dd65e7be7ceb0e93d21) +--- + epan/dissectors/packet-iscsi.c | 146 +++++++++++++++++---------------- + 1 file changed, 75 insertions(+), 71 deletions(-) + +diff --git a/epan/dissectors/packet-iscsi.c b/epan/dissectors/packet-iscsi.c +index 031f07e5aa6..3b5d64de9fd 100644 +--- a/epan/dissectors/packet-iscsi.c ++++ b/epan/dissectors/packet-iscsi.c +@@ -20,8 +20,6 @@ + + #include "config.h" + +-#include <stdio.h> +- + #include <epan/packet.h> + #include <epan/prefs.h> + #include <epan/conversation.h> +@@ -29,6 +27,7 @@ + #include "packet-scsi.h" + #include <epan/crc32-tvb.h> + #include <wsutil/crc32.h> ++#include <wsutil/inet_addr.h> + #include <wsutil/strtoi.h> + #include <wsutil/ws_roundup.h> + +@@ -514,70 +513,81 @@ typedef struct _iscsi_conv_data { + dissector for the address/port that TargetAddress points to. + (it starts to be common to use redirectors to point to non-3260 ports) + */ ++static address null_address = ADDRESS_INIT_NONE; ++ + static void +-iscsi_dissect_TargetAddress(packet_info *pinfo, tvbuff_t* tvb, proto_tree *tree, char *val, guint offset) ++iscsi_dissect_TargetAddress(packet_info *pinfo, tvbuff_t* tvb, proto_tree *tree, guint offset) + { +- address *addr = NULL; ++ address addr = ADDRESS_INIT_NONE; + guint16 port; +- char *value = wmem_strdup(pinfo->pool, val); +- char *p = NULL, *pgt = NULL; +- +- if (value[0] == '[') { +- /* this looks like an ipv6 address */ +- p = strchr(value, ']'); +- if (p != NULL) { +- *p = 0; +- p += 2; /* skip past "]:" */ +- +- pgt = strchr(p, ','); +- if (pgt != NULL) { +- *pgt++ = 0; +- } ++ int colon_offset; ++ int end_offset; ++ char *ip_str, *port_str; ++ ++ colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); ++ if (colon_offset == -1) { ++ /* RFC 7143 13.8 TargetAddress "If the TCP port is not specified, ++ * it is assumed to be the IANA-assigned default port for iSCSI", ++ * so nothing to do here. ++ */ ++ return; ++ } + +- /* can't handle ipv6 yet */ ++ /* We found a colon, so there's at least one byte and this won't fail. */ ++ if (tvb_get_guint8(tvb, offset) == '[') { ++ offset++; ++ /* could be an ipv6 address */ ++ end_offset = tvb_find_guint8(tvb, offset, -1, ']'); ++ if (end_offset == -1) { ++ return; + } +- } else { +- /* This is either a ipv4 address or a dns name */ +- int i0,i1,i2,i3; +- if (sscanf(value, "%d.%d.%d.%d", &i0,&i1,&i2,&i3) == 4) { +- /* looks like a ipv4 address */ +- p = strchr(value, ':'); +- if (p != NULL) { +- char *addr_data; +- +- *p++ = 0; +- +- pgt = strchr(p, ','); +- if (pgt != NULL) { +- *pgt++ = 0; +- } + +- addr_data = (char *) wmem_alloc(pinfo->pool, 4); +- addr_data[0] = i0; +- addr_data[1] = i1; +- addr_data[2] = i2; +- addr_data[3] = i3; +- +- addr = wmem_new(pinfo->pool, address); +- addr->type = AT_IPv4; +- addr->len = 4; +- addr->data = addr_data; ++ /* look for the colon before the port, if any */ ++ colon_offset = tvb_find_guint8(tvb, end_offset, -1, ':'); ++ if (colon_offset == -1) { ++ return; ++ } + +- if (!ws_strtou16(p, NULL, &port)) { +- proto_tree_add_expert_format(tree, pinfo, &ei_iscsi_keyvalue_invalid, +- tvb, offset + (guint)strlen(value), (guint)strlen(p), "Invalid port: %s", p); +- } +- } ++ ws_in6_addr *ip6_addr = wmem_new(pinfo->pool, ws_in6_addr); ++ ip_str = tvb_get_string_enc(pinfo->pool, tvb, offset, end_offset - offset, ENC_ASCII); ++ if (ws_inet_pton6(ip_str, ip6_addr)) { ++ /* looks like a ipv6 address */ ++ set_address(&addr, AT_IPv6, sizeof(ws_in6_addr), ip6_addr); ++ } + ++ } else { ++ /* This is either a ipv4 address or a dns name */ ++ ip_str = tvb_get_string_enc(pinfo->pool, tvb, offset, colon_offset - offset, ENC_ASCII); ++ ws_in4_addr *ip4_addr = wmem_new(pinfo->pool, ws_in4_addr); ++ if (ws_inet_pton4(ip_str, ip4_addr)) { ++ /* looks like a ipv4 address */ ++ set_address(&addr, AT_IPv4, 4, ip4_addr); + } ++ /* else a DNS host name; we could, theoretically, try to use ++ * name resolution information in the capture to lookup the address. ++ */ + } + ++ /* Extract the port */ ++ end_offset = tvb_find_guint8(tvb, colon_offset, -1, ','); ++ int port_len; ++ if (end_offset == -1) { ++ port_len = tvb_reported_length_remaining(tvb, colon_offset + 1); ++ } else { ++ port_len = end_offset - (colon_offset + 1); ++ } ++ port_str = tvb_get_string_enc(pinfo->pool, tvb, colon_offset + 1, port_len, ENC_ASCII); ++ if (!ws_strtou16(port_str, NULL, &port)) { ++ proto_tree_add_expert_format(tree, pinfo, &ei_iscsi_keyvalue_invalid, ++ tvb, colon_offset + 1, port_len, "Invalid port: %s", port_str); ++ return; ++ } + + /* attach a conversation dissector to this address/port tuple */ +- if (addr && !pinfo->fd->visited) { ++ if (!addresses_equal(&addr, &null_address) && !pinfo->fd->visited) { + conversation_t *conv; + +- conv = conversation_new(pinfo->num, addr, addr, ENDPOINT_TCP, port, port, NO_ADDR2|NO_PORT2); ++ conv = conversation_new(pinfo->num, &addr, &null_address, ENDPOINT_TCP, port, 0, NO_ADDR2|NO_PORT2); + if (conv == NULL) { + return; + } +@@ -589,30 +599,24 @@ iscsi_dissect_TargetAddress(packet_info *pinfo, tvbuff_t* tvb, proto_tree *tree, + static gint + addTextKeys(packet_info *pinfo, proto_tree *tt, tvbuff_t *tvb, gint offset, guint32 text_len) { + const gint limit = offset + text_len; ++ tvbuff_t *keyvalue_tvb; ++ int len, value_offset; + + while(offset < limit) { +- char *key = NULL, *value = NULL; +- gint len = tvb_strnlen(tvb, offset, limit - offset); +- +- if(len == -1) { +- len = limit - offset; +- } else { +- len = len + 1; +- } +- +- key = tvb_get_string_enc(pinfo->pool, tvb, offset, len, ENC_ASCII); +- if (key == NULL) { +- break; +- } +- value = strchr(key, '='); +- if (value == NULL) { ++ /* RFC 7143 6.1 Text Format: "Every key=value pair, including the ++ * last or only pair in a LTDS, MUST be followed by one null (0x00) ++ * delimiter. ++ */ ++ proto_tree_add_item_ret_length(tt, hf_iscsi_KeyValue, tvb, offset, -1, ENC_ASCII, &len); ++ keyvalue_tvb = tvb_new_subset_length(tvb, offset, len); ++ value_offset = tvb_find_guint8(keyvalue_tvb, 0, len, '='); ++ if (value_offset == -1) { + break; + } +- *value++ = 0; ++ value_offset++; + +- proto_tree_add_item(tt, hf_iscsi_KeyValue, tvb, offset, len, ENC_ASCII|ENC_NA); +- if (!strcmp(key, "TargetAddress")) { +- iscsi_dissect_TargetAddress(pinfo, tvb, tt, value, offset + (guint)strlen("TargetAddress") + 2); ++ if (tvb_strneql(keyvalue_tvb, 0, "TargetAddress=", strlen("TargetAddress=")) == 0) { ++ iscsi_dissect_TargetAddress(pinfo, keyvalue_tvb, tt, value_offset); + } + + offset += len; +@@ -2943,7 +2947,7 @@ proto_register_iscsi(void) + }, + { &hf_iscsi_KeyValue, + { "KeyValue", "iscsi.keyvalue", +- FT_STRING, BASE_NONE, NULL, 0, ++ FT_STRINGZ, BASE_NONE, NULL, 0, + "Key/value pair", HFILL } + }, + { &hf_iscsi_Text_F, +-- +GitLab + diff --git a/CVE-2023-4511.patch b/CVE-2023-4511.patch new file mode 100644 index 0000000..ef31fa4 --- /dev/null +++ b/CVE-2023-4511.patch @@ -0,0 +1,80 @@ +From d3068e8d2e80908ab284c2bcc96d3ff7f8a5c1ae Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Thu, 10 Aug 2023 05:29:09 -0400 +Subject: [PATCH] btsdp: Keep offset advancing + +hf_data_element_value is a FT_NONE, so we can add the item with +the expected length and get_hfi_length() will adjust the length +without throwing an exception. There's no need to add it with +zero length and call proto_item_set_len. Also, don't increment +the offset by 0 instead of the real length when there isn't +enough data in the packet, as that can lead to failing to advance +the offset. + +When dissecting a sequence type (sequence or alternative) and +recursing into the sequence member, instead of using the main +packet tvb directly, create a subset using the indicated length +of the sequence. That will properly throw an exception if a +contained item is larger than the containing sequence, instead of +dissecting the same bytes as several different items (inside +the sequence recursively, as well in the outer loop.) + +Fix #19258 + + +(cherry picked from commit ef9c79ae81b00a63aa8638076ec81dc9482972e9) +--- + epan/dissectors/packet-btsdp.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git a/epan/dissectors/packet-btsdp.c b/epan/dissectors/packet-btsdp.c +index 66265d6ef92..34d8ee80b89 100644 +--- a/epan/dissectors/packet-btsdp.c ++++ b/epan/dissectors/packet-btsdp.c +@@ -1925,13 +1925,11 @@ dissect_data_element(proto_tree *tree, proto_tree **next_tree, + offset += len - length; + } + +- pitem = proto_tree_add_item(ptree, hf_data_element_value, tvb, offset, 0, ENC_NA); ++ pitem = proto_tree_add_item(ptree, hf_data_element_value, tvb, offset, length, ENC_NA); + if (length > tvb_reported_length_remaining(tvb, offset)) { + expert_add_info(pinfo, pitem, &ei_data_element_value_large); +- length = 0; +- } +- proto_item_set_len(pitem, length); +- if (length == 0) ++ proto_item_append_text(pitem, ": MISSING"); ++ } else if (length == 0) + proto_item_append_text(pitem, ": MISSING"); + + if (next_tree) *next_tree = proto_item_add_subtree(pitem, ett_btsdp_data_element_value); +@@ -3523,6 +3521,8 @@ dissect_sdp_type(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, + gint bytes_to_go = size; + gint first = 1; + wmem_strbuf_t *substr; ++ tvbuff_t *next_tvb = tvb_new_subset_length(tvb, offset, size); ++ gint next_offset = 0; + + ti = proto_tree_add_item(next_tree, (type == 6) ? hf_data_element_value_sequence : hf_data_element_value_alternative, + tvb, offset, size, ENC_NA); +@@ -3537,14 +3537,15 @@ dissect_sdp_type(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, + first = 0; + } + +- size = dissect_sdp_type(st, pinfo, tvb, offset, attribute, service_uuid, ++ size = dissect_sdp_type(st, pinfo, next_tvb, next_offset, ++ attribute, service_uuid, + service_did_vendor_id, service_did_vendor_id_source, + service_hdp_data_exchange_specification, service_info, &substr); + if (size < 1) { + break; + } + wmem_strbuf_append_printf(info_buf, "%s ", wmem_strbuf_finalize(substr)); +- offset += size ; ++ next_offset += size; + bytes_to_go -= size; + } + +-- +GitLab + diff --git a/CVE-2023-4513-1.patch b/CVE-2023-4513-1.patch new file mode 100644 index 0000000..5f29a38 --- /dev/null +++ b/CVE-2023-4513-1.patch @@ -0,0 +1,39 @@ +From 863f6c3dc760ab770a7b31b33e9c769868e4289b Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Thu, 10 Aug 2023 01:19:21 -0400 +Subject: [PATCH] wmem: Fix leak in block_fast when realloc'ing jumbo blocks + +In block fast wmem_allocator is used, keep the double linked +list of jumbo blocks accurate by pointing the prev pointer of +the old head (if it exists) to the newly allocated jumbo block. + +This prevents a leak if a jumbo block which is not the most +recently added jumbo block is realloc'ed. If the prev pointer +isn't set properly, then all the jumbo blocks added afterwards +will be lost from the list and leaked. + +Fix #19259 + + +(cherry picked from commit d086f2733bc611eb310aafec51bd28d44166fa42) +--- + wsutil/wmem/wmem_allocator_block_fast.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/wsutil/wmem/wmem_allocator_block_fast.c b/wsutil/wmem/wmem_allocator_block_fast.c +index bdb8c2f75dc..117e9df6193 100644 +--- a/wsutil/wmem/wmem_allocator_block_fast.c ++++ b/wsutil/wmem/wmem_allocator_block_fast.c +@@ -97,6 +97,9 @@ wmem_block_fast_alloc(void *private_data, const size_t size) + size + WMEM_JUMBO_HEADER_SIZE + WMEM_CHUNK_HEADER_SIZE); + + block->next = allocator->jumbo_list; ++ if (block->next) { ++ block->next->prev = block; ++ } + block->prev = NULL; + allocator->jumbo_list = block; + +-- +GitLab + diff --git a/CVE-2023-4513-2.patch b/CVE-2023-4513-2.patch new file mode 100644 index 0000000..eacd070 --- /dev/null +++ b/CVE-2023-4513-2.patch @@ -0,0 +1,32 @@ +From 016af38af0a27b14c8e2fb4fb3e2c4811bb0211b Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Thu, 10 Aug 2023 02:47:58 -0400 +Subject: [PATCH] btsdp: Finalize wmem_strbuf + +The allocated wmem_strbuf isn't used after this, so it can +be finalized to save a bit of memory. + +Related to #19259 + + +(cherry picked from commit 7fecc31427e0ec5e55ac2611df94678940c1df7d) +--- + epan/dissectors/packet-btsdp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-btsdp.c b/epan/dissectors/packet-btsdp.c +index a60b3051b4d..66265d6ef92 100644 +--- a/epan/dissectors/packet-btsdp.c ++++ b/epan/dissectors/packet-btsdp.c +@@ -3543,7 +3543,7 @@ dissect_sdp_type(proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb, + if (size < 1) { + break; + } +- wmem_strbuf_append_printf(info_buf, "%s ", wmem_strbuf_get_str(substr)); ++ wmem_strbuf_append_printf(info_buf, "%s ", wmem_strbuf_finalize(substr)); + offset += size ; + bytes_to_go -= size; + } +-- +GitLab + diff --git a/CVE-2023-5371.patch b/CVE-2023-5371.patch new file mode 100644 index 0000000..eef3bb8 --- /dev/null +++ b/CVE-2023-5371.patch @@ -0,0 +1,48 @@ +From 1921740b0bf561941e0906884757831bde989add Mon Sep 17 00:00:00 2001 +From: John Thacker <johnthacker@gmail.com> +Date: Wed, 6 Sep 2023 06:13:23 -0400 +Subject: [PATCH] RTPS: Check for signed overflow + +Origin: https://gitlab.com/wireshark/wireshark/-/commit/1921740b0bf561941e0906884757831bde989add + +The offset is a signed integer, and we use negative offsets +to mean "offset counting from the end of the tvb." That means +that we can still have an excessive loop without unsigned overflow +or running off the end of the tvb, if the result of adding a large +unsigned integer to the offset results in a small negative number. + +Just check if the result of the addition makes the offset move +backwards. + +Fix #19322 + +(backported from commit 0de07f8fe4f8e06da9084485e64a24c8f85a20f4) +--- + epan/dissectors/packet-rtps.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c +index 82ac8f9436b..c152d50dfc6 100644 +--- a/epan/dissectors/packet-rtps.c ++++ b/epan/dissectors/packet-rtps.c +@@ -2474,13 +2474,14 @@ static const fragment_items rtps_frag_items = { + "RTPS fragments" + }; + +-static guint32 check_offset_addition(guint32 offset, guint32 value, proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb) ++static gint check_offset_addition(gint offset, guint32 value, proto_tree *tree, packet_info *pinfo, tvbuff_t *tvb) + { +- if (offset > G_MAXUINT32 - value) { ++ gint new_offset = offset + (gint)value; ++ if (new_offset < offset) { + proto_tree_add_expert_format(tree, pinfo, &ei_rtps_value_too_large, tvb, 0, 0, "Offset value too large: %u", value); + THROW(ReportedBoundsError); + } +- return offset + value; ++ return new_offset; + } + + static void rtps_util_dissect_parameter_header(tvbuff_t * tvb, gint * offset, +-- +GitLab + diff --git a/Fix-libvirt-build-fail.patch b/Fix-libvirt-build-fail.patch new file mode 100644 index 0000000..84c4204 --- /dev/null +++ b/Fix-libvirt-build-fail.patch @@ -0,0 +1,11 @@ +diff --git a/wireshark.pc.in b/wireshark.pc.in +index 5889178..e755614 100644 +--- a/wireshark.pc.in ++++ b/wireshark.pc.in +@@ -10,5 +10,5 @@ Description: Network Packet Dissection Library + Version: @VERSION@ + + Requires: glib-2.0, gmodule-2.0, gthread-2.0 +-Libs: -L${libdir} -lwireshark ++Libs: -L${libdir} -lwireshark -lwsutil + Cflags: -I${includedir}/wireshark @@ -0,0 +1,2 @@ +6cc7b03f0682faf1f6fceb3797beb905 SIGNATURES-3.6.14.txt +c609e2a3045d5718cfa70855dbce9cad wireshark-3.6.14.tar.xz diff --git a/wireshark-0002-Customize-permission-denied-error.patch b/wireshark-0002-Customize-permission-denied-error.patch new file mode 100644 index 0000000..cad4663 --- /dev/null +++ b/wireshark-0002-Customize-permission-denied-error.patch @@ -0,0 +1,57 @@ +From: Jan Safranek <jsafrane@redhat.com> +Date: Fri, 26 Nov 2010 14:30:45 +0300 +Subject: [PATCH] Customize 'permission denied' error. + +Add Fedora-specific message to error output when dumpcap cannot be started +because of permissions. + +Signed-off-by: Jan Safranek <jsafrane@redhat.com> + +diff --git a/capture/capture_sync.c b/capture/capture_sync.c +index 2f9d2cc..b18e47f 100644 +--- a/capture/capture_sync.c ++++ b/capture/capture_sync.c +@@ -375,6 +375,7 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi + gchar *signal_pipe_name; + #else + char errmsg[1024+1]; ++ const char *securitymsg = ""; + int sync_pipe[2]; /* pipe used to send messages from child to parent */ + enum PIPES { PIPE_READ, PIPE_WRITE }; /* Constants 0 and 1 for PIPE_READ and PIPE_WRITE */ + #endif +@@ -728,8 +729,11 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi + dup2(sync_pipe[PIPE_WRITE], 2); + ws_close(sync_pipe[PIPE_READ]); + execv(argv[0], argv); +- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", +- argv[0], g_strerror(errno)); ++ if (errno == EPERM || errno == EACCES) ++ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root."; ++ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s", ++ argv[0], g_strerror(errno), securitymsg); ++ + sync_pipe_errmsg_to_parent(2, errmsg, ""); + + /* Exit with "_exit()", so that we don't close the connection +@@ -826,6 +830,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd, + int i; + #else + char errmsg[1024+1]; ++ const char *securitymsg = ""; + int sync_pipe[2]; /* pipe used to send messages from child to parent */ + int data_pipe[2]; /* pipe used to send data from child to parent */ + #endif +@@ -1003,8 +1008,11 @@ sync_pipe_open_command(char** argv, int *data_read_fd, + ws_close(sync_pipe[PIPE_READ]); + ws_close(sync_pipe[PIPE_WRITE]); + execv(argv[0], argv); +- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", +- argv[0], g_strerror(errno)); ++ execv(argv[0], (gpointer)argv); ++ if (errno == EPERM || errno == EACCES) ++ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root."; ++ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s", ++ argv[0], g_strerror(errno), securitymsg); + sync_pipe_errmsg_to_parent(2, errmsg, ""); + + /* Exit with "_exit()", so that we don't close the connection diff --git a/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch b/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch new file mode 100644 index 0000000..8277a8c --- /dev/null +++ b/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch @@ -0,0 +1,18 @@ +From: Peter Hatina <phatina@redhat.com> +Date: Wed, 4 Sep 2013 10:03:57 +0200 +Subject: [PATCH] fix string overrun in plugins/profinet + + +diff --git a/plugins/epan/profinet/packet-dcom-cba.c b/plugins/epan/profinet/packet-dcom-cba.c +index 0f1658a..f7fd322 100644 +--- a/plugins/epan/profinet/packet-dcom-cba.c ++++ b/plugins/epan/profinet/packet-dcom-cba.c +@@ -555,7 +555,7 @@ dissect_ICBAPhysicalDevice_get_LogicalDevice_rqst(tvbuff_t *tvb, int offset, + packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) + { + guint32 u32Pointer; +- gchar szStr[1000]; ++ gchar szStr[1000] = ""; + guint32 u32MaxStr = sizeof(szStr); + gchar *call; + diff --git a/wireshark-0004-Restore-Fedora-specific-groups.patch b/wireshark-0004-Restore-Fedora-specific-groups.patch new file mode 100644 index 0000000..4ec1140 --- /dev/null +++ b/wireshark-0004-Restore-Fedora-specific-groups.patch @@ -0,0 +1,15 @@ +From: Peter Lemenkov <lemenkov@gmail.com> +Date: Fri, 13 Sep 2013 14:36:55 +0400 +Subject: [PATCH] Restore Fedora-specific groups + +Signed-off-by: Peter Lemenkov <lemenkov@gmail.com> +diff --git a/org.wireshark.Wireshark.desktop b/org.wireshark.Wireshark.desktop +index 334db48..669c6f1 100644 +--- a/org.wireshark.Wireshark.desktop ++++ b/org.wireshark.Wireshark.desktop +@@ -108,4 +108,4 @@ Terminal=false + MimeType=application/vnd.tcpdump.pcap;application/x-pcapng;application/x-snoop;application/x-iptrace;application/x-lanalyzer;application/x-nettl;application/x-radcom;application/x-etherpeek;application/x-visualnetworks;application/x-netinstobserver;application/x-5view;application/x-tektronix-rf5;application/x-micropross-mplog;application/x-apple-packetlogger;application/x-endace-erf;application/ipfix;application/x-ixia-vwr; + # Category entry according to: + # https://specifications.freedesktop.org/menu-spec/1.0/ +-Categories=Network;Monitor;Qt; ++Categories=Application;Network;Monitor;Qt; diff --git a/wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch b/wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch new file mode 100644 index 0000000..e2c5b99 --- /dev/null +++ b/wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch @@ -0,0 +1,20 @@ +From: Kenneth Soerensen <knnthsrnsn@gmail.com> +Date: Wed, 29 Jan 2014 16:04:12 +0400 +Subject: [PATCH] Fix paths in a org.wireshark.Wireshark.desktop file + + +diff --git a/org.wireshark.Wireshark.desktop b/org.wireshark.Wireshark.desktop +index 669c6f1..f7df1f3 100644 +--- a/org.wireshark.Wireshark.desktop ++++ b/org.wireshark.Wireshark.desktop +@@ -102,8 +102,8 @@ Comment[tr]=Ağ trafiği çözümleyicisi + Comment[vi]=Trình phân tích giao thông mạng + Comment[uk]=Аналізатор мережевого трафіку + Icon=org.wireshark.Wireshark +-TryExec=wireshark +-Exec=wireshark %f ++TryExec=/usr/bin/wireshark ++Exec=/usr/bin/wireshark %f + Terminal=false + MimeType=application/vnd.tcpdump.pcap;application/x-pcapng;application/x-snoop;application/x-iptrace;application/x-lanalyzer;application/x-nettl;application/x-radcom;application/x-etherpeek;application/x-visualnetworks;application/x-netinstobserver;application/x-5view;application/x-tektronix-rf5;application/x-micropross-mplog;application/x-apple-packetlogger;application/x-endace-erf;application/ipfix;application/x-ixia-vwr; + # Category entry according to: diff --git a/wireshark-0006-Move-tmp-to-var-tmp.patch b/wireshark-0006-Move-tmp-to-var-tmp.patch new file mode 100644 index 0000000..268cbaf --- /dev/null +++ b/wireshark-0006-Move-tmp-to-var-tmp.patch @@ -0,0 +1,269 @@ +From cb54210f7f02b07768cfbf49ae266d487f580e1b Mon Sep 17 00:00:00 2001 +From: rpm-build <rpm-build> +Date: Thu, 29 Jun 2017 15:32:58 +0200 +Subject: [PATCH] Move /tmp to /var/tmp + +Fedora is using tmpfs which is limited by the size of RAM, thus we need +to use different directory on different filesystem. +--- + ui/qt/about_dialog.cpp | 3 +- + ui/qt/iax2_analysis_dialog.cpp | 5 +-- + ui/qt/rtp_analysis_dialog.cpp | 5 +-- + ui/qt/rtp_audio_stream.cpp | 3 +- + wsutil/tempfile.c | 9 +++--- + wsutil/tempfile.h | 4 +-- + wsutil/wstmpdir.c | 70 ++++++++++++++++++++++++++++++++++++++++++ + wsutil/wstmpdir.h | 39 +++++++++++++++++++++++ + 8 files changed, 132 insertions(+), 11 deletions(-) + create mode 100644 wsutil/wstmpdir.c + create mode 100644 wsutil/wstmpdir.h + +diff --git a/ui/qt/about_dialog.cpp b/ui/qt/about_dialog.cpp +index 31dc581..2f74285 100644 +--- a/ui/qt/about_dialog.cpp ++++ b/ui/qt/about_dialog.cpp +@@ -26,6 +26,7 @@ + + #include "wireshark_application.h" + #include <wsutil/filesystem.h> ++#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */ + + #include <QDesktopServices> + #include <QUrl> +@@ -206,7 +206,7 @@ FolderListModel::FolderListModel(QObject * parent): + appendRow(QStringList() << tr("\"File\" dialogs") << get_last_open_dir() << tr("capture files")); + + /* temp */ +- appendRow(QStringList() << tr("Temp") << g_get_tmp_dir() << tr("untitled capture files")); ++ appendRow(QStringList() << tr("Temp") << get_tmp_dir() << tr("untitled capture files")); + + /* pers conf */ + appendRow(QStringList() << tr("Personal configuration") +diff --git a/ui/qt/iax2_analysis_dialog.cpp b/ui/qt/iax2_analysis_dialog.cpp +index ee4e5fd..fe17a95 100644 +--- a/ui/qt/iax2_analysis_dialog.cpp ++++ b/ui/qt/iax2_analysis_dialog.cpp +@@ -37,6 +37,7 @@ + #include "ui/rtp_stream.h" + #endif + #include <wsutil/utf8_entities.h> ++#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */ + + #include <wsutil/g711.h> + #include <wsutil/pint.h> +@@ -271,10 +272,10 @@ Iax2AnalysisDialog::Iax2AnalysisDialog(QWidget &parent, CaptureFile &cf) : + + // We keep our temp files open for the lifetime of the dialog. The GTK+ + // UI opens and closes at various points. +- QString tempname = QString("%1/wireshark_iax2_f").arg(QDir::tempPath()); ++ QString tempname = QString("%1/wireshark_iax2_f").arg(get_tmp_dir()); + fwd_tempfile_ = new QTemporaryFile(tempname, this); + fwd_tempfile_->open(); +- tempname = QString("%1/wireshark_iax2_r").arg(QDir::tempPath()); ++ tempname = QString("%1/wireshark_iax2_r").arg(get_tmp_dir()); + rev_tempfile_ = new QTemporaryFile(tempname, this); + rev_tempfile_->open(); + +diff --git a/ui/qt/utils/rtp_audio_file.cpp b/ui/qt/utils/rtp_audio_file.cpp +index 591a63b..203f5c5 100644 +--- a/ui/qt/utils/rtp_audio_file.cpp ++++ b/ui/qt/utils/rtp_audio_file.cpp +@@ -31,6 +31,7 @@ + + #include "rtp_audio_file.h" + #include <ws_attributes.h> ++#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */ + + RtpAudioFile::RtpAudioFile(bool use_disk_for_temp, bool use_disk_for_frames): + real_pos_(0) +@@ -45,7 +46,7 @@ RtpAudioFile::RtpAudioFile(bool use_disk_for_temp, bool use_disk_for_frames): + + tempname = "memory"; + if (use_disk_for_temp) { +- tempname = QString("%1/wireshark_rtp_stream").arg(QDir::tempPath()); ++ tempname = QString("%1/wireshark_rtp_stream").arg(get_tmp_dir()); + sample_file_ = new QTemporaryFile(tempname, this); + } else { + sample_file_ = new QBuffer(this); +diff --git a/wsutil/tempfile.c b/wsutil/tempfile.c +index 5082452..f751a7c 100644 +--- a/wsutil/tempfile.c ++++ b/wsutil/tempfile.c +@@ -12,10 +12,12 @@ + + #include <glib.h> + #include "tempfile.h" ++#include <wsutil/file_util.h> ++#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */ + + /** + * Create a tempfile with the given prefix (e.g. "wireshark"). The path +- * is created using g_file_open_tmp. ++ * is created using get_tmp_dir. + * + * @param namebuf [in,out] If not NULL, receives the full path of the temp file. + * Must be freed. +@@ -30,6 +31,9 @@ create_tempfile(gchar **namebuf, const char *pfx, const char *sfx, GError **err) + { + int fd; + gchar *safe_pfx = NULL; ++ gchar *tmp_file; ++ const char *tmp_dir; ++ int old_mask; + + if (pfx) { + /* The characters in "delimiters" come from: +@@ -49,7 +53,15 @@ create_tempfile(gchar **namebuf, const char *pfx, const char *sfx, GError **err) + gchar* filetmpl = g_strdup_printf("%sXXXXXX%s", safe_pfx ? safe_pfx : "", sfx ? sfx : ""); + g_free(safe_pfx); + +- fd = g_file_open_tmp(filetmpl, namebuf, err); ++ tmp_dir = get_tmp_dir(); ++ tmp_file = g_strconcat(tmp_dir, "/", filetmpl, NULL); ++ ++ if (namebuf) ++ *namebuf = tmp_file; ++ ++ old_mask = ws_umask(0077); ++ fd = mkstemps(tmp_file, sfx ? (int) strlen(sfx) : 0); ++ ws_umask(old_mask); + + g_free(filetmpl); + return fd; +diff --git a/wsutil/tempfile.h b/wsutil/tempfile.h +index 1dca2df..bb3160c 100644 +--- a/wsutil/tempfile.h ++++ b/wsutil/tempfile.h +@@ -45,7 +45,7 @@ WS_DLL_PUBLIC char *get_tempfile_path(const char *filename); + + /** + * Create a tempfile with the given prefix (e.g. "wireshark"). The path +- * is created using g_file_open_tmp. ++ * is created using get_tmp_dir and mkstemp. + * + * @param namebuf [in,out] If not NULL, receives the full path of the temp file. + * Must be freed. +diff --git a/wsutil/wstmpdir.c b/wsutil/wstmpdir.c +new file mode 100644 +index 0000000..d8b733b +--- /dev/null ++++ b/wsutil/wstmpdir.c +@@ -0,0 +1,71 @@ ++/* wstmpdir.c ++ * ++ * Copyright (C) 2013 Red Hat, Inc. All right reserved. ++ * ++ * Temporary directory routine ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2 ++ * of the License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Author: Peter Hatina <phatina@redhat.com> ++ */ ++ ++#include "config.h" ++ ++#include <glib.h> ++#include "wstmpdir.h" ++ ++/** ++ * Gets the directory to use for temporary files. ++ * ++ * Inspired by glib-2.0. If no TMP, TEMP or TMPDIR is set, ++ * /var/tmp is returned (Fedora specific). ++ * ++ * Returns: the directory to use for temporary files. ++ */ ++const char *get_tmp_dir(void) ++{ ++ static gchar *tmp_dir; ++ ++ if (g_once_init_enter(&tmp_dir)) { ++ gchar *tmp; ++ ++ tmp = g_strdup(g_getenv("TEMP")); ++ if (tmp == NULL || *tmp == '\0') { ++ g_free(tmp); ++ tmp = g_strdup(g_getenv("TMPDIR")); ++ } ++ ++#ifdef P_tmpdir ++ if (tmp == NULL || *tmp == '\0') { ++ gsize k; ++ g_free(tmp); ++ tmp = g_strdup(P_tmpdir); ++ k = strlen(tmp); ++ if (k > 1 && G_IS_DIR_SEPARATOR(tmp[k - 1])) ++ tmp[k - 1] = '\0'; ++ fprintf(stderr, "Using P_tmpdir: %s\n", P_tmpdir); ++ } ++#endif /* P_tmpdir */ ++ ++ if (tmp == NULL || *tmp == '\0') { ++ g_free(tmp); ++ tmp = g_strdup("/var/tmp"); ++ } ++ ++ g_once_init_leave(&tmp_dir, tmp); ++ } ++ ++ return tmp_dir; ++} +diff --git a/wsutil/wstmpdir.h b/wsutil/wstmpdir.h +new file mode 100644 +index 0000000..07ac583 +--- /dev/null ++++ b/wsutil/wstmpdir.h +@@ -0,0 +1,39 @@ ++/* wstmpdir.c ++ * ++ * Copyright (C) 2013 Red Hat, Inc. All right reserved. ++ * ++ * Temporary directory routine ++ * ++ * This program is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU General Public License ++ * as published by the Free Software Foundation; either version 2 ++ * of the License, or (at your option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Author: Peter Hatina <phatina@redhat.com> ++ */ ++ ++#ifndef __WS_TMP_DIR_H__ ++#define __WS_TMP_DIR_H__ ++ ++#include "ws_symbol_export.h" ++ ++#ifdef __cplusplus ++extern "C" { ++#endif // __cplusplus ++ ++WS_DLL_PUBLIC const char *get_tmp_dir(void); ++ ++#ifdef __cplusplus ++} ++#endif // __cplusplus ++ ++#endif +-- +2.13.0 diff --git a/wireshark-0007-cmakelists.patch b/wireshark-0007-cmakelists.patch new file mode 100644 index 0000000..0d75fc3 --- /dev/null +++ b/wireshark-0007-cmakelists.patch @@ -0,0 +1,20 @@ +diff --git a/wsutil/CMakeLists.txt b/wsutil/CMakeLists.txt +index 0367cd1..6382a2c 100644 +--- a/wsutil/CMakeLists.txt ++++ b/wsutil/CMakeLists.txt +@@ -69,6 +69,7 @@ set(WSUTIL_PUBLIC_HEADERS + ws_mempbrk_int.h + ws_pipe.h + ws_roundup.h ++ wstmpdir.h + wsjson.h + wslog.h + xtea.h +@@ -118,6 +118,7 @@ set(WSUTIL_COMMON_FILES + ws_getopt.c + ws_mempbrk.c + ws_pipe.c ++ wstmpdir.c + wsgcrypt.c + wsjson.c + wslog.c diff --git a/wireshark.spec b/wireshark.spec new file mode 100644 index 0000000..3229782 --- /dev/null +++ b/wireshark.spec @@ -0,0 +1,325 @@ +%undefine __cmake_in_source_build +%global plugins_version 3.6 +%define _lto_cflags %{nil} + +Summary: Network traffic analyzer +Name: wireshark +Version: 3.6.14 +Release: 5 +Epoch: 1 +License: GPL+ +Url: http://www.wireshark.org/ + +Source0: https://wireshark.org/download/src/%{name}-%{version}.tar.xz +Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt +Source2: 90-wireshark-usbmon.rules +Source3: wireshark.sysusers + +Patch2: wireshark-0002-Customize-permission-denied-error.patch +Patch3: wireshark-0003-fix-string-overrun-in-plugins-profinet.patch +Patch4: wireshark-0004-Restore-Fedora-specific-groups.patch +Patch5: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch +Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch +Patch7: wireshark-0007-cmakelists.patch +Patch8: CVE-2023-3648.patch +Patch9: CVE-2023-3649.patch +Patch10: CVE-2023-2906.patch +Patch11: CVE-2023-4513-1.patch +Patch12: CVE-2023-4513-2.patch +Patch13: CVE-2023-4511.patch +Patch14: CVE-2023-5371.patch +Patch15: Fix-libvirt-build-fail.patch + +Requires: xdg-utils +Requires: hicolor-icon-theme +Requires(pre): shadow-utils +Requires(post): systemd-udev +Provides: %{name}-cli = %{epoch}:%{version}-%{release} +Obsoletes: %{name}-cli < %{epoch}:%{version}-%{release} wireshark-qt wireshark-gtk + + +BuildRequires: bzip2-devel +BuildRequires: c-ares-devel +BuildRequires: elfutils-devel +BuildRequires: gcc-c++ +BuildRequires: glib2-devel +BuildRequires: gnutls-devel +BuildRequires: krb5-devel +BuildRequires: libcap-devel +BuildRequires: libgcrypt-devel +BuildRequires: libnl3-devel +BuildRequires: libpcap-devel >= 0.9 +BuildRequires: libselinux-devel +BuildRequires: libsmi-devel +BuildRequires: openssl-devel +BuildRequires: desktop-file-utils +BuildRequires: xdg-utils +BuildRequires: bison +BuildRequires: flex +BuildRequires: pcre-devel +BuildRequires: perl +BuildRequires: perl(Pod::Html) +BuildRequires: perl(Pod::Man) +BuildRequires: perl(open) +Buildrequires: libssh-devel +BuildRequires: qt5-linguist +BuildRequires: qt5-qtbase-devel +BuildRequires: qt5-qtmultimedia-devel +BuildRequires: qt5-qtsvg-devel +BuildRequires: zlib-devel +BuildRequires: asciidoctor +Buildrequires: git-core +Buildrequires: cmake +BuildRequires: systemd-devel +BuildRequires: systemd +BuildRequires: libnghttp2-devel +BuildRequires: pulseaudio + +%description +Wireshark allows you to examine protocol data stored in files or as it is +captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, +and many other sources. It supports dozens of protocol capture file formats +and understands more than a thousand protocols. + +It has many powerful features including a rich display filter language +and the ability to reassemble multiple protocol packets in order to, for +example, view a complete TCP stream, save the contents of a file which was +transferred over HTTP or CIFS, or play back an RTP audio stream. + +%package devel +Summary: Development headers and libraries for wireshark +Requires: %{name} = %{epoch}:%{version}-%{release} glibc-devel glib2-devel + +%description devel +The wireshark-devel package contains the header files, developer +documentation, and libraries required for development of wireshark scripts +and plugins. + +%package help +Summary: This package contains help documents +Requires: %{name} = %{epoch}:%{version}-%{release} + +%description help +Files for help with wireshark. + +%prep +%autosetup -S git + +%build +%cmake -G "Unix Makefiles" \ + -DDISABLE_WERROR=ON \ + -DBUILD_wireshark=ON \ + -DENABLE_LUA=OFF \ + -DBUILD_mmdbresolve=OFF \ + -DBUILD_randpktdump=OFF \ + -DBUILD_androiddump=ON \ + -DENABLE_SMI=ON \ + -DENABLE_PLUGINS=ON \ + -DENABLE_NETLINK=ON \ + -DBUILD_dcerpcidl2wrs=OFF \ + -DBUILD_sdjournal=ON \ + %{nil} + +%make_build + +%install +%make_install + +desktop-file-validate %{buildroot}%{_datadir}/applications/org.wireshark.Wireshark.desktop +install -d -m 0755 %{buildroot}%{_includedir}/wireshark +IDIR="%{buildroot}%{_includedir}/wireshark" +mkdir -p "${IDIR}/epan" +mkdir -p "${IDIR}/epan/crypt" +mkdir -p "${IDIR}/epan/ftypes" +mkdir -p "${IDIR}/epan/dfilter" +mkdir -p "${IDIR}/epan/dissectors" +mkdir -p "${IDIR}/epan/wmem" +mkdir -p "${IDIR}/wiretap" +mkdir -p "${IDIR}/wsutil" +mkdir -p %{buildroot}%{_udevrulesdir} +install -m 644 config.h epan/register.h "${IDIR}/" +install -m 644 cfile.h file.h "${IDIR}/" +install -m 644 ws_symbol_export.h "${IDIR}/" +install -m 644 epan/*.h "${IDIR}/epan/" +install -m 644 epan/crypt/*.h "${IDIR}/epan/crypt" +install -m 644 epan/ftypes/*.h "${IDIR}/epan/ftypes" +install -m 644 epan/dfilter/*.h "${IDIR}/epan/dfilter" +install -m 644 epan/dissectors/*.h "${IDIR}/epan/dissectors" +install -m 644 wiretap/*.h "${IDIR}/wiretap" +install -m 644 wsutil/*.h "${IDIR}/wsutil" +install -m 644 ws_diag_control.h "${IDIR}/" +install -m 644 %{SOURCE2} %{buildroot}%{_udevrulesdir} +install -Dpm 644 %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf +touch %{buildroot}%{_bindir}/%{name} +find %{buildroot} -type f -name "*.la" -delete + +%pre +getent group wireshark >/dev/null || groupadd -r wireshark +exit 0 +#%post +#%{?ldconfig} +#if [ -S /run/udev/control ]; then +# /usr/bin/udevadm trigger --subsystem-match=usbmon +#fi +# +#%ldconfig_postun + +%files +%{_datadir}/applications/org.wireshark.Wireshark.desktop +%{_datadir}/metainfo/*.xml +%{_datadir}/mime/packages/*.xml +%{_datadir}/icons/hicolor/*/apps/* +%{_datadir}/icons/hicolor/*/mimetypes/* +%{_bindir}/* +%{_mandir}/man1/wireshark.* +%{_sysusersdir}/%{name}.conf +%license COPYING +%attr(0750, root, wireshark) %caps(cap_net_raw,cap_net_admin=ep) %{_bindir}/dumpcap +%{_udevrulesdir}/90-wireshark-usbmon.rules +%{_libdir}/lib*.so.* +%dir %{_libdir}/wireshark +%dir %{_libdir}/wireshark/extcap +%dir %{_libdir}/wireshark/plugins +%{_libdir}/wireshark/extcap/* +%dir %{_libdir}/wireshark/cmake +%{_libdir}/wireshark/cmake/*.cmake +%dir %{_libdir}/wireshark/plugins/%{plugins_version} +%dir %{_libdir}/wireshark/plugins/%{plugins_version}/epan +%dir %{_libdir}/wireshark/plugins/%{plugins_version}/wiretap +%dir %{_libdir}/wireshark/plugins/%{plugins_version}/codecs +%{_libdir}/wireshark/plugins/%{plugins_version}/epan/*.so +%{_libdir}/wireshark/plugins/%{plugins_version}/wiretap/*.so +%{_libdir}/wireshark/plugins/%{plugins_version}/codecs/*.so +%dir %{_datadir}/wireshark +%{_datadir}/wireshark/* + +%files devel +%{_includedir}/wireshark +%{_libdir}/lib*.so +%{_libdir}/pkgconfig/%{name}.pc + +%files help +%doc AUTHORS INSTALL NEWS README* doc/README.* ChangeLog +%{_mandir}/man?/* + +%changelog +* Mon Oct 16 2023 zhengting <zhengting13@huawei.com> -1:3.6.15-5 +- Fix libvirt build fail problem + +* Sat Oct 07 2023 wangkai <13474090681@163.com> - 1:3.6.14-4 +- Fix CVE-2023-5371 + +* Wed Sep 06 2023 wangkai <13474090681@163.com> - 1:3.6.14-3 +- Fix CVE-2023-3649,CVE-2023-2906,CVE-2023-4511,CVE-2023-4513 + +* Thu Jul 27 2023 liningjie <liningjie@xfusion.com> - 1:3.6.14-2 +- Fix CVE-2023-3648 + +* Thu Jun 15 2023 wangkai <13474090681@163.com> - 1:3.6.14-1 +- Update to 3.6.14 for fix CVE-2023-0667,CVE-2023-2952 + +* Tue May 30 2023 yaoxin <yao_xin001@hoperun.com> - 1:3.6.11-4 +- Fix CVE-2023-0668,CVE-2023-2855,CVE-2023-2856,CVE-2023-2857,CVE-2023-2858 and CVE-2023-2879 + +* Mon Apr 24 2023 yaoxin <yao_xin001@hoperun.com> - 1:3.6.11-3 +- Fix CVE-2023-1992,CVE-2023-1993 and CVE-2023-1994 + +* Mon Mar 27 2023 yaoxin <yaoxin30@h-partners.com> - 1:3.6.11-2 +- Fix CVE-2023-1161 + +* Tue Feb 14 2023 liyuxiang<liyuxiang@ncti-gba.cn> - 1:3.6.11-1 +- Update to 3.6.11 + +* Wed Nov 09 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 1:3.6.3-3 +- fix CVE-2022-3725 + +* Tue Sep 27 2022 liyuxiang<liyuxiang@ncti-gba.cn> - 1:3.6.3-2 +- fix CVE-2022-3190 + +* Tue Apr 19 2022 wangkai <wangkai385@huawei.com> - 3.6.3-1 +- Update to 3.6.3 + +* Fri Apr 1 2022 yaoxin <yaoxin30@huawei.com> - 2.6.2-21 +- Fix CVE-2021-22191 CVE-2021-22207 CVE-2021-4181 CVE-2021-4185 + +* Tue Jul 27 2021 wangyue <wangyue92@huawei.com> - 2.6.2-20 +- fix CVE-2019-12295 + +* Tue Jul 27 2021 lingsheng <lingsheng@huawei.com> - 2.6.2-19 +- Move headers outside extern C to fix build fail + +* Thu Feb 25 2021 wangxiao <wangxiao65@huawei.com> - 2.6.2-18 +- Fix CVE-2019-13619 CVE-2019-19553 CVE-2020-9428 CVE-2020-9431 + +* Mon Feb 08 2021 wangyue <wangyue92@huawei.com> - 2.6.2-17 +- fix CVE-2020-26575 + +* Thu Jan 14 2021 zhanghua <zhanghua40@huawei.com> - 2.6.2-16 +- fix CVE-2019-16319 + +* Wed Dec 16 2020 zhanghua <zhanghua40@huawei.com> - 2.6.2-15 +- fix CVE-2020-9430 + +* Mon Nov 07 2020 wangxiao <wangxiao65@huawei.com> - 2.6.2-14 +- fix CVE-2020-28030 + malformed packet on wire could make GQUIC protocol dissector loop + +* Mon Nov 02 2020 lingsheng <lingsheng@huawei.com> - 2.6.2-13 +- Fix use-of-uninitialized-value in end_string + +* Wed Oct 21 2020 wangxiao <wangxiao65@huawei.com> - 2.6.2-12 +- Type:cves +- ID: CVE-2020-25862 CVE-2020-25863 +- SUG:NA +- DESC: fix CVE-2020-25862 CVE-2020-25863 + +* Wed Sep 15 2020 wangxiao <wangxiao65@huawei.com> - 2.6.2-11 +- Type:cves +- ID: CVE-2018-16056 +- SUG:restart +- DESC: fix CVE-2018-16056 + +* Thu Sep 10 2020 baizhonggui <baizhonggui@huawei.com> - 2.6.2-10 +- Modify source0 + +* Wed Aug 05 2020 yaokai <yaokai13@huawei.com> - 2.6.2-9 +- Type:cves +- ID: CVE-2020-15466 +- SUG:restart +- DESC: fix CVE-2020-15466 + +* Tue Jul 21 2020 wangyue <wangyue92@huawei.com> - 2.6.2-8 +- Type:cves +- ID: CVE-2020-13164 +- SUG:restart +- DESC: fix CVE-2020-13164 + +* Fri May 15 2020 huanghaitao <huanghaitao8@huawei.com> - 2.6.2-7 +- Type:cves +- ID: CVE-2020-11647 +- SUG:restart +- DESC: fix CVE-2020-11647 + +* Sun Feb 2 2020 lingyang <lingyang2@huawei.com> - 2.6.2-6 +- Type:cves +- ID: CVE-2019-5719 +- SUG:restart +- DESC: fix CVE-2019-5719 + +* Sun Feb 2 2020 gulining<gulining1@huawei.com> - 2.6.2-5 +- Type:cves +- ID: CVE-2019-5716 CVE-2019-5717 +- SUG:restart +- DESC: fix CVE-2019-5716 CVE-2019-5717 + +* Wed Dec 25 2019 gulining <gulining1@huawei.com> - 2.6.2-4 +- Type:cves +- ID: CVE-2019-10894 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 CVE-2019-10895 +- SUG:restart +- DESC: fix CVE-2019-10894 CVE-2019-10896 CVE-2019-10899 CVE-2019-10901 CVE-2019-10903 CVE-2019-10895 + +* Mon Nov 25 2019 gulining<gulining1@huawei.com> - 2.6.2-3 +- revise obsoletes + +* Wed Nov 13 2019 gulining<gulining1@huawei.com> - 2.6.2-2 +- Pakcage init diff --git a/wireshark.sysusers b/wireshark.sysusers new file mode 100644 index 0000000..b035d11 --- /dev/null +++ b/wireshark.sysusers @@ -0,0 +1,2 @@ +g wireshark - - +g usbmon - - |