Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.9.git;a=commitdiff;h=bf9b9b3efee9433ca0a6e9d3b015f1a713896733
commit bf9b9b3efee9433ca0a6e9d3b015f1a713896733 Author: kikadf <[email protected]> Date: Wed Aug 20 17:05:14 2014 +0200 wireshark-1.8.15-1arcturus1-x86_64 * Version bump * Fix CVE-2014-5161, CVE-2014-5162, CVE-2014-5163, CVE-2014-5164, * CVE-2014-5165 diff --git a/source/xapps-extra/wireshark/CVE-2014-5161-5162.patch b/source/xapps-extra/wireshark/CVE-2014-5161-5162.patch new file mode 100644 index 0000000..4dcce72 --- /dev/null +++ b/source/xapps-extra/wireshark/CVE-2014-5161-5162.patch @@ -0,0 +1,57 @@ +From a2f977dd56442e2741425481309f4ee1994b8ac3 Mon Sep 17 00:00:00 2001 +From: Peter Wu <[email protected]> +Date: Thu, 3 Jul 2014 11:25:21 +0200 +Subject: [PATCH 1/4] catapult,irda: Fix ASAN crashes due to buffer underrun + +The catapult dissector tripped on this random file I had. A quick look +at other dissectors which use a construct like "-1] *= '*\\[rn]" showed +packet-irda too, so fix that as well. + +Conflicts: + wiretap/catapult_dct2000.c + +Change-Id: I4b5fadcacd0b09d0fb29bdefc3dd1f28aef9b593 +Reviewed-on: https://code.wireshark.org/review/2802 +Reviewed-by: Evan Huus <[email protected]> +Reviewed-by: Michael Mann <[email protected]> +(cherry picked from commit 16f8ba1bed579344df373bf38fff552ab8baf380) +Reviewed-on: https://code.wireshark.org/review/2810 +Reviewed-on: https://code.wireshark.org/review/3437 +Reviewed-by: Balint Reczey <[email protected]> +--- + plugins/irda/packet-irda.c | 4 ++-- + wiretap/catapult_dct2000.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/plugins/irda/packet-irda.c b/plugins/irda/packet-irda.c +index 395deda..cbc9507 100644 +--- a/plugins/irda/packet-irda.c ++++ b/plugins/irda/packet-irda.c +@@ -1656,9 +1656,9 @@ static void dissect_log(tvbuff_t* tvb, packet_info* pinfo, proto_tree* root) + length = sizeof(buf)-1; + tvb_memcpy(tvb, buf, 0, length); + buf[length] = 0; +- if (buf[length-1] == '\n') ++ if (length > 0 && buf[length-1] == '\n') + buf[length-1] = 0; +- else if (buf[length-2] == '\n') ++ else if (length > 1 && buf[length-2] == '\n') + buf[length-2] = 0; + + col_add_str(pinfo->cinfo, COL_INFO, buf); +diff --git a/wiretap/catapult_dct2000.c b/wiretap/catapult_dct2000.c +index 02198ee..a524b86 100644 +--- a/wiretap/catapult_dct2000.c ++++ b/wiretap/catapult_dct2000.c +@@ -809,7 +809,7 @@ read_new_line(FILE_T fh, gint64 *offset, gint *length, + *offset = *offset + *length; + + /* ...but don't want to include newline in line length */ +- if (linebuff[*length-1] == '\n') { ++ if (*length > 0 && linebuff[*length-1] == '\n') { + linebuff[*length-1] = '\0'; + *length = *length - 1; + } +-- +2.0.1 + diff --git a/source/xapps-extra/wireshark/CVE-2014-5163.patch b/source/xapps-extra/wireshark/CVE-2014-5163.patch new file mode 100644 index 0000000..c7a2b5f --- /dev/null +++ b/source/xapps-extra/wireshark/CVE-2014-5163.patch @@ -0,0 +1,35 @@ +From 3b3c845f5c0383f3db48e610d711db48b317da1c Mon Sep 17 00:00:00 2001 +From: Pascal Quantin <[email protected]> +Date: Mon, 23 Jun 2014 22:06:05 +0200 +Subject: [PATCH 4/4] Initialize whole buffer in GPRS Mobility and Session + Management dissector + +Bug: 10216 +Change-Id: I572a7a6ce0f816063f02397b667dd46c990cf73e +Reviewed-on: https://code.wireshark.org/review/2583 +Reviewed-by: Pascal Quantin <[email protected]> +(cherry picked from commit dd7134d907350ccc574cdec596f4162860912bb9) +Reviewed-on: https://code.wireshark.org/review/2585 +(cherry picked from commit abae269b462b0b39fda7a21b24a53d0033662662) +Reviewed-on: https://code.wireshark.org/review/3436 +Reviewed-by: Balint Reczey <[email protected]> +--- + epan/dissectors/packet-gsm_a_gm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-gsm_a_gm.c b/epan/dissectors/packet-gsm_a_gm.c +index 6517aec..1b09d53 100644 +--- a/epan/dissectors/packet-gsm_a_gm.c ++++ b/epan/dissectors/packet-gsm_a_gm.c +@@ -3746,7 +3746,7 @@ de_sm_apn(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo, guint32 offset, g + curr_offset = offset; + + /* init buffer and copy it */ +- memset(str, 0, MAX_APN_LENGTH); ++ memset(str, 0, MAX_APN_LENGTH+1); + tvb_memcpy(tvb, str, offset, len<MAX_APN_LENGTH?len:MAX_APN_LENGTH); + + curr_len = 0; +-- +2.0.1 + diff --git a/source/xapps-extra/wireshark/CVE-2014-5164.patch b/source/xapps-extra/wireshark/CVE-2014-5164.patch new file mode 100644 index 0000000..1f67cb1 --- /dev/null +++ b/source/xapps-extra/wireshark/CVE-2014-5164.patch @@ -0,0 +1,46 @@ +From 0047b5d36ae50af7a703c7d9a4cf979dd6e746e5 Mon Sep 17 00:00:00 2001 +From: Evan Huus <[email protected]> +Date: Tue, 17 Jun 2014 21:43:49 +0000 +Subject: [PATCH 3/4] Set the rlc len field before we try to use it in an + expert info. + +Conflicts: + epan/dissectors/packet-rlc.c + +Bug:9795 +Change-Id: I740a9fe36278995cf6e590206f600c037789f0eb +Reviewed-on: https://code.wireshark.org/review/2344 +Reviewed-by: Evan Huus <[email protected]> +(cherry picked from commit ba6eb5c72ffe82ca0e51c7083240975a5b118ad2) +Reviewed-on: https://code.wireshark.org/review/2345 +(cherry picked from commit 2c877e0c77be47f5ac78b8f307081b5e4f36b2be) +Reviewed-on: https://code.wireshark.org/review/2346 +Reviewed-on: https://code.wireshark.org/review/3439 +Reviewed-by: Balint Reczey <[email protected]> +--- + epan/dissectors/packet-rlc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-rlc.c b/epan/dissectors/packet-rlc.c +index 1045b83..0cb5d6f 100644 +--- a/epan/dissectors/packet-rlc.c ++++ b/epan/dissectors/packet-rlc.c +@@ -1156,6 +1156,7 @@ rlc_decode_li(enum rlc_mode mode, tvbuff_t *tvb, packet_info *pinfo, proto_tree + * may not be larger than the total remaining length and no + * LI may be smaller than its preceding one + */ ++ li[num_li].len = li[num_li].li - prev_li; + if (((li[num_li].li > total_len) && !global_rlc_headers_expected) + || (li[num_li].li < prev_li)) { + /* add malformed LI for investigation */ +@@ -1167,7 +1168,6 @@ rlc_decode_li(enum rlc_mode mode, tvbuff_t *tvb, packet_info *pinfo, proto_tree + col_append_str(pinfo->cinfo, COL_INFO, "[Malformed Packet]"); + return -1; /* just give up on this */ + } +- li[num_li].len = li[num_li].li - prev_li; + prev_li = li[num_li].li; + } + } +-- +2.0.1 + diff --git a/source/xapps-extra/wireshark/CVE-2014-5165.patch b/source/xapps-extra/wireshark/CVE-2014-5165.patch new file mode 100644 index 0000000..14f75c1 --- /dev/null +++ b/source/xapps-extra/wireshark/CVE-2014-5165.patch @@ -0,0 +1,37 @@ +From e13dd1c8d17aa3460cf751cddaa1c6d982af60a6 Mon Sep 17 00:00:00 2001 +From: Evan Huus <[email protected]> +Date: Tue, 17 Jun 2014 18:13:51 +0000 +Subject: [PATCH 2/4] fix underflow in BER constrained bitstrings + +this can happen and cause invalid memory accesses with incorrectly-large padding +values + +Conflicts: + epan/dissectors/packet-ber.c + +Bug:10187 +Change-Id: Ib9b2a2fa10766efb4d95d588f57354a56373c626 +Reviewed-on: https://code.wireshark.org/review/2328 +Reviewed-by: Evan Huus <[email protected]> +Reviewed-on: https://code.wireshark.org/review/3438 +Reviewed-by: Balint Reczey <[email protected]> +--- + epan/dissectors/packet-ber.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-ber.c b/epan/dissectors/packet-ber.c +index fd1cf5b..727647b 100644 +--- a/epan/dissectors/packet-ber.c ++++ b/epan/dissectors/packet-ber.c +@@ -4459,7 +4459,7 @@ int dissect_ber_constrained_bitstring(gboolean implicit_tag, asn1_ctx_t *actx, p + bitstring = tvb_get_ephemeral_string(tvb, offset, len); + + while (nb->p_id) { +- if(len > 0 && nb->bit < (8*len-pad)) { ++ if ((len > 0) && (pad < 8*len) && (nb->bit < (8*len-pad))) { + val = tvb_get_guint8(tvb, offset + nb->bit/8); + bitstring[(nb->bit/8)] &= ~(0x80 >> (nb->bit%8)); + val &= 0x80 >> (nb->bit%8); +-- +2.0.1 + diff --git a/source/xapps-extra/wireshark/FrugalBuild b/source/xapps-extra/wireshark/FrugalBuild index 4af85dd..fccfe37 100644 --- a/source/xapps-extra/wireshark/FrugalBuild +++ b/source/xapps-extra/wireshark/FrugalBuild @@ -4,7 +4,7 @@ options+=('asneeded') pkgname=wireshark -pkgver=1.8.13 +pkgver=1.8.15 pkgrel=1arcturus1 pkgdesc="The world's most popular network protocol analyzer" url="http://www.wireshark.org/"; @@ -18,10 +18,20 @@ _F_gnome_desktop="y" Finclude gnome-scriptlet up2date="lynx -dump http://www.wireshark.org/download.html | grep stable -m1 | sed 's/.*is \(.*\)\. .*/\1/'" source=(http://www.wireshark.org/download/src/$pkgname-$pkgver.tar.bz2) -sha1sums=('ac2215ed2d97c344f3fdf0d365b3791f89aa0564') +sha1sums=('0c5d87db77acb4508819d4d5d3674265a7444f49') ## TODO: split GUI / utils +# FSA fix *** +source=(${source[@]} CVE-2014-5161-5162.patch CVE-2014-5163.patch + CVE-2014-5164.patch CVE-2014-5165.patch) +sha1sums=(${sha1sums[@]} 'c6041fcb35ce7bda66f4185f37d4ec44d5b8861b' \ + 'f0894ed02dd2c165dd5af72db14ac8dede1ae9d6' \ + '5b53305699847d21bd21991639756d1a932043cf' \ + '29d9cfb8f381fe85374168f1c48e7a8716da7443') +# *********** + + build() { Fbuild --with-ssl _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
