Hello community, here is the log from the commit of package wireshark.1087 for openSUSE:12.1:Update checked in at 2012-12-10 11:08:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.1:Update/wireshark.1087 (Old) and /work/SRC/openSUSE:12.1:Update/.wireshark.1087.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "wireshark.1087", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-11-30 12:21:47.308011256 +0100 +++ /work/SRC/openSUSE:12.1:Update/.wireshark.1087.new/wireshark.changes 2012-12-10 11:08:59.000000000 +0100 @@ -0,0 +1,1967 @@ +------------------------------------------------------------------- +Thu Nov 29 20:33:12 UTC 2012 - andreas.stie...@gmx.de + +- update to 1.8.4 [bnc#792005] + + vulnerabilities fixed: + * Wireshark could leak potentially sensitive host name + resolution information when working with multiple pcap-ng + files. + wnpa-sec-2012-30 CVE-2012-5592 + * The USB dissector could go into an infinite loop. + wnpa-sec-2012-31 CVE-2012-5593 + * The sFlow dissector could go into an infinite loop. + wnpa-sec-2012-32 CVE-2012-5594 + * The SCTP dissector could go into an infinite loop. + wnpa-sec-2012-33 CVE-2012-5595 + * The EIGRP dissector could go into an infinite loop. + wnpa-sec-2012-34 CVE-2012-5596 + * The ISAKMP dissector could crash. + wnpa-sec-2012-35 CVE-2012-5597 + * The iSCSI dissector could go into an infinite loop. + wnpa-sec-2012-36 CVE-2012-5598 + * The WTP dissector could go into an infinite loop. + wnpa-sec-2012-37 CVE-2012-5599 + * The RTCP dissector could go into an infinite loop. + wnpa-sec-2012-38 CVE-2012-5600 + * The 3GPP2 A11 dissector could go into an infinite loop. + wnpa-sec-2012-39 CVE-2012-5601 + * The ICMPv6 dissector could go into an infinite loop. + wnpa-sec-2012-40 CVE-2012-5602 + + Further bug fixes and updated protocol support as listed in: + http://www.wireshark.org/docs/relnotes/wireshark-1.8.4.html + +------------------------------------------------------------------- +Tue Oct 2 21:57:09 UTC 2012 - andreas.stie...@gmx.de + +- wireshark was updated to the current recommended 1.8.3 version + after the 1.4 series was announced as having reached end-of-life. + (bnc#781594, bnc#783275) + This release contains the latest security fixes, corrections for + bugs, added and updated protocol dissectors, updated and new + supported capture file formats and new features. + Features added in 1.6 series: + https://www.wireshark.org/docs/relnotes/wireshark-1.6.0.html + Features added in 1.8 series: + https://www.wireshark.org/docs/relnotes/wireshark-1.8.0.html + Release notes for this release: + https://www.wireshark.org/docs/relnotes/wireshark-1.8.3.html + All intermediate releases: + https://www.wireshark.org/docs/relnotes/ +- adjusted patches: + * wireshark-1.2.0-disable-warning-dialog.patch + * wireshark-1.2.0-geoip.patch + * wireshark-1.2.4-enable_lua.patch +- dropped patches: + * wireshark-corosync-packet-dissector.patch + * wireshark-nfsv4-opts.patch (fixed upstream) +- License update to GPL-2.0+ and GPL-3.0+ +- expanded include.filelist for -devel package + +------------------------------------------------------------------- +Wed Aug 15 21:49:33 UTC 2012 - andreas.stie...@gmx.de + +- update to upstream 1.4.15 (bnc#776083) + + vulnerabilities fixed: + * The DCP ETSI dissector could trigger a zero division. + (wnpa-sec-2012-13 CVE-2012-4285) + * The XTP dissector could go into an infinite loop. + (wnpa-sec-2012-15 CVE-2012-4288) + * The AFP dissector could go into a large loop. + (wnpa-sec-2012-17 CVE-2012-4289) + * The RTPS2 dissector could overflow a buffer. + (wnpa-sec-2012-18 CVE-2012-4296) + * The CIP dissector could exhaust system memory. + (wnpa-sec-2012-20 CVE-2012-4291) + * The STUN dissector could crash. + (wnpa-sec-2012-21 CVE-2012-4292) + * The EtherCAT Mailbox dissector could abort. + (wnpa-sec-2012-22 CVE-2012-4293) + * The CTDB dissector could go into a large loop. + (wnpa-sec-2012-23 CVE-2012-4290) + + Further bug fixes and updated protocol support as listed in: + http://www.wireshark.org/docs/relnotes/wireshark-1.4.15.html +- update wireshark-nfsv4-opts.patch for moved lines + +------------------------------------------------------------------- +Tue Jul 24 19:56:59 UTC 2012 - andreas.stie...@gmx.de + +- update to upstream 1.4.14 (bnc#772738) + - security fixes: + - The PPP dissector could crash. + CVE-2012-4048 wnpa-sec-2012-11 + It may have been possible to make Wireshark crash by + injecting a malformed packet onto the wire or by convincing + someone to read a malformed packet trace file. + - The NFS dissector could use excessive amounts of CPU. + CVE-2012-4049 wnpa-sec-2012-12 + It may have been possible to make Wireshark consume excessive + CPU resources by injecting a malformed packet onto the wire or + by convincing someone to read a malformed packet trace file. + - bug fixes: + - Cannot run tshark under tcp using decode-as format for syslog. + - Problem with Floating point (double-precision). + - Netscreen - can't parse packet-header. + - Wireshark fails to link because of missing @GLIB_LIBS@ + reference in Makefile.am. +- adjust wireshark-nfsv4-opts.patch for moved source lines + +------------------------------------------------------------------- +Tue May 22 19:20:34 UTC 2012 - andreas.stie...@gmx.de + +- update to upstream 1.4.13 (bnc#763634) + - security fixes: + - wnpa-sec-2012-08 / CVE-2012-2392 + Infinite and large loops in the ANSI MAP, BACapp, Bluetooth + HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed. + Discovered by Laurent Butti. (Bugs 7118, 7119, 7121, 7122, + 7124, 7125) + - wnpa-sec-2012-09 / CVE-2012-2393 + The DIAMETER dissector could try to allocate memory improperly + and crash. (Bug 7138) + - wnpa-sec-2012-10 / CVE-2012-2394 + Wireshark could crash on SPARC processors due to misaligned + memory. Discovered by Klaus Heckelmann. (Bug 7221) + - bug fixes: + - User-Password - PAP decoding passwords longer than 16 bytes. + (Bug 6779) + - Wireshark error message for failure to open an rpcap: URL for + a remote device is malformed. (Bug 6922) + - Wireshark doesn't calculate the right IPv4 destination using + source routing options when bad options precede them. (Bug + 7043) + - Wrong values in DNS CERT RR. (Bug 7130) + - Updated Protocol Support + ANSI MAP, BACapp, Bluetooth HCI, DIAMETER, DNS, IPv4, RADIUS + - New and Updated Capture File Support + 5View, pcap-ng + +- adjust wireshark-1.2.0-disable-warning-dialog.patch for moved lines +- adjust wireshark-corosync-packet-dissector.patch for moved lines +- adjust wireshark-nfsv4-opts.patch for moved lines + +------------------------------------------------------------------- +Mon Apr 16 07:16:00 UTC 2012 - bjzh...@suse.com + +- update to 1.4.12 + - fix bnc#754474(CVE-2012-1596), bnc#754476(CVE-2012-1593), bnc#754477(CVE-2012-1595)(fixed upstream) + - Security fixes: + - wnpa-sec-2012-04 The ANSI A dissector could dereference a NULL pointer + and crash. (Bug 6823) + - wnpa-sec-2012-06 The pcap and pcap-ng file parsers could crash trying to + read ERF data. (Bug 6804) + - wnpa-sec-2012-07 The MP2T dissector could try to allocate too much memory + and crash. (Bug 6804) + - The Windows installers now include GnuTLS 1.12.18, which fixes + several vulnerabilities. + - Bug fixes: + - Some PGM options are not parsed correctly. (Bug 5687) + - dumpcap crashes when capturing from pipe to a pcap-ng file + (e.g., when passing data from CACE Pilot to Wireshark). (Bug + 5939) + - No error for UDP/IPv6 packet with zero checksum. (Bug 6232) + - packetBB dissector bug: More than 1000000 items in the tree -- + possible infinite loop. (Bug 6687) + - Ethernet traces in K12 text format sometimes give bogus + "malformed frame" errors and other problems. (Bug 6735) + - non-IPP packets to or from port 631 are dissected as IPP. (Bug + 6765) + - IAX2 dissector reads past end of packet for unknown IEs. (Bug + 6815) + - Pcap-NG files with SHB options longer than 100 bytes aren't + recognized as pcap-NG files, and options longer than 100 bytes + in other blocks aren't handled either. (Bug 6846) + - Patch to fix DTLS decryption. (Bug 6847) + - Expression... dialog is crash. (Bug 6891) + - ISAKMP : VendorID CheckPoint : Malformed Packet. (Bug 6972) + - Radiotap dissector lists a bogus "DBM TX Attenuation" bit. + (Bug 7000) + - MySQL dissector assertion. (Ask 8649) + Updated Protocol Support + HTTP, ISAKMP, MySQL, PacketBB, PGM, TCP, UDP + New and Updated Capture File Support + Endace ERF, Pcap-NG. + +------------------------------------------------------------------- +Mon Jan 16 04:03:51 UTC 2012 - cy...@suse.com + +- update to 1.4.11 + - fix bnc#741187, bnc#741188, bnc#741190 (fixed upstream) + - Security fixes: + - wnpa-sec-2012-01 Laurent Butti discovered that Wireshark failed to + properly check record sizes for many packet capture file formats. + (Bug 6663, bug 6666, bug 6667, bug 6668, bug 6669, bug 6670) + - wnpa-sec-2012-02 Wireshark could dereference a NULL pointer and + crash. (Bug 6634) + - wnpa-sec-2012-03 The RLC dissector could overflow a buffer. (Bug 6391) + - Bug fixes: + - "Closing File!" Dialog Hangs. (Bug 3046) ++++ 1770 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.1:Update/.wireshark.1087.new/wireshark.changes New: ---- include.filelist wireshark-1.2.0-disable-warning-dialog.patch wireshark-1.2.0-geoip.patch wireshark-1.2.4-enable_lua.patch wireshark-1.8.4.tar.bz2 wireshark.changes wireshark.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wireshark.spec ++++++ # # spec file for package wireshark # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # disable caps for now %define use_caps 0 Name: wireshark Version: 1.8.4 Release: 0 Summary: A Network Traffic Analyser License: GPL-2.0+ and GPL-3.0+ Group: Productivity/Networking/Diagnostic Url: http://www.wireshark.org/ Source: http://www.wireshark.org/download/src/%{name}-%{version}.tar.bz2 Source1: include.filelist # PATCH-FIX-OPENSUSE wireshark-1.6.3-disable-warning-dialog.patch bnc#349782 prus...@suse.cz -- don't show warning when running as root Patch1: %{name}-1.2.0-disable-warning-dialog.patch # PATCH-FEATURE-OPENSUSE wireshark-1.2.0-geoip.patch prus...@suse.cz -- search in /var/lib/GeoIP if user hasn't set any GeoIP folders Patch2: %{name}-1.2.0-geoip.patch # PATCH-FIX-OPENSUSE wireshark-1.2.4-enable_lua.patch bnc#650434 Patch4: %{name}-1.2.4-enable_lua.patch BuildRequires: bison BuildRequires: cairo-devel BuildRequires: flex BuildRequires: gtk2-devel BuildRequires: krb5-devel BuildRequires: libcap-devel BuildRequires: libcares-devel BuildRequires: libgcrypt-devel BuildRequires: libgnutls-devel BuildRequires: libpcap-devel BuildRequires: libsmi-devel BuildRequires: lua-devel BuildRequires: net-snmp-devel BuildRequires: openssl-devel BuildRequires: pcre-devel BuildRequires: portaudio-devel BuildRequires: python BuildRequires: tcpd-devel BuildRequires: xdg-utils BuildRequires: zlib-devel Requires: xdg-utils Provides: ethereal = %{version} Obsoletes: ethereal < %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} BuildRequires: libGeoIP-devel BuildRequires: update-desktop-files Recommends: GeoIP %endif %description Wireshark is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. %package devel Summary: A Network Traffic Analyser Group: Development/Libraries/C and C++ Requires: %{name} = %{version} Requires: glib2-devel Requires: glibc-devel Provides: ethereal-devel = %{version} Obsoletes: ethereal-devel < %{version} %description devel Wireshark is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. %prep %setup -q %patch2 %patch4 sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop # run as root on 11.3 and older - bnc#349782 %if ! %{use_caps} %patch1 sed -i 's!^Exec=wireshark!Exec=/usr/bin/xdg-su -c /usr/bin/wireshark!' wireshark.desktop %endif %build %configure --without-zlib make %{?_smp_mflags} %install make DESTDIR=%{buildroot} install find %{buildroot} -name "*.la" -delete -print ln -fs wireshark %{buildroot}%{_bindir}/ethereal ln -fs tshark %{buildroot}%{_bindir}/tethereal install -d -m 0755 %{buildroot}%{_sysconfdir} install -d -m 0755 %{buildroot}%{_mandir}/man1/ # install -m 0644 *.1 %%{buildroot}%%{_mandir}/man1/ install -d -m 0755 %{buildroot}%{_includedir}/wireshark for i in `cat %{SOURCE1}`; do install -D -m 644 $i %{buildroot}%{_includedir}/wireshark/$i done install -D -m 0644 image/wsicon48.png %{buildroot}%{_datadir}/pixmaps/wireshark.png install -D -m 0644 wireshark.desktop %{buildroot}%{_datadir}/applications/wireshark.desktop %if 0%{?suse_version} %suse_update_desktop_file %{name} %endif %clean rm -rf %{buildroot} %if %{use_caps} %pre getent group wireshark >/dev/null || groupadd wireshark %endif %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files %defattr(-,root,root) %doc AUTHORS COPYING NEWS README README.linux README.vmware %doc %{_mandir}/man1/[^i]* %doc %{_mandir}/man4/* %{_datadir}/applications/wireshark.desktop %{_datadir}/pixmaps/wireshark.png %{_bindir}/ethereal %{_bindir}/tethereal %{_bindir}/wireshark %{_bindir}/editcap %{_bindir}/tshark %{_bindir}/mergecap %{_bindir}/text2pcap %{_bindir}/dftest %{_bindir}/capinfos %{_bindir}/randpkt %if %{use_caps} %attr(0750,root,wireshark) %caps(cap_net_raw,cap_net_admin=eip) %{_bindir}/dumpcap %else %{_bindir}/dumpcap %endif %{_bindir}/rawshark %{_libdir}/lib*.so.* %{_libdir}/wireshark/ %{_datadir}/wireshark/ %files devel %defattr(-,root,root) %doc doc/README.* %dir %{_includedir}/wireshark %dir %{_includedir}/wireshark/epan %dir %{_includedir}/wireshark/epan/dfilter %dir %{_includedir}/wireshark/epan/dissectors %dir %{_includedir}/wireshark/wiretap %dir %{_includedir}/wireshark/wsutil %{_includedir}/wireshark/* %{_libdir}/*.so %changelog ++++++ include.filelist ++++++ ++++ 612 lines (skipped) ++++++ wireshark-1.2.0-disable-warning-dialog.patch ++++++ Index: ui/gtk/main.c =================================================================== --- ui/gtk/main.c.orig 2012-08-10 01:35:00.000000000 +0100 +++ ui/gtk/main.c 2012-08-15 20:28:59.000000000 +0100 @@ -1399,11 +1399,13 @@ main_colorize_changed(gboolean packet_li static GtkWidget *close_dlg = NULL; +/* static void priv_warning_dialog_cb(gpointer dialog, gint btn _U_, gpointer data _U_) { recent.privs_warn_if_elevated = !simple_dialog_check_get(dialog); } +*/ #ifdef _WIN32 static void @@ -2081,9 +2083,10 @@ check_and_warn_user_startup(gchar *cf_na #endif { gchar *cur_user, *cur_group; - gpointer priv_warning_dialog; +// gpointer priv_warning_dialog; /* Tell the user not to run as root. */ +/* if (running_with_special_privs() && recent.privs_warn_if_elevated) { cur_user = get_cur_username(); cur_group = get_cur_groupname(); @@ -2098,6 +2101,7 @@ check_and_warn_user_startup(gchar *cf_na simple_dialog_check_set(priv_warning_dialog, "Don't show this message again."); simple_dialog_set_cb(priv_warning_dialog, priv_warning_dialog_cb, NULL); } +*/ #ifdef _WIN32 /* Warn the user if npf.sys isn't loaded. */ ++++++ wireshark-1.2.0-geoip.patch ++++++ Index: epan/geoip_db.c =================================================================== --- epan/geoip_db.c.orig 2012-06-05 17:33:40.000000000 +0100 +++ epan/geoip_db.c 2012-06-21 21:55:14.000000000 +0100 @@ -177,6 +177,9 @@ geoip_db_init(void) { geoip_dat_scan_dir(geoip_db_paths[i].path); } } + if (num_geoip_db_paths < 1) { + geoip_dat_scan_dir("/var/lib/GeoIP"); + } /* add fake databases for latitude and longitude (using "City" in reality) */ { ++++++ wireshark-1.2.4-enable_lua.patch ++++++ Index: epan/wslua/template-init.lua =================================================================== --- epan/wslua/template-init.lua +++ epan/wslua/template-init.lua @@ -42,7 +42,7 @@ if running_superuser then local disabled_lib = {} setmetatable(disabled_lib,{ __index = function() error("this package has been disabled") end } ); - dofile = function() error("dofile has been disabled") end +-- dofile = function() error("dofile has been disabled") end loadfile = function() error("loadfile has been disabled") end loadlib = function() error("loadlib has been disabled") end require = function() error("require has been disabled") end -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org