sudo security update for Wheezy LTS (wrong subject was: Re: wireshark security update for Wheezy LTS)
2016-11-13 19:11 GMT+01:00 Balint Reczey : > Hi, > > I have prepared an update for sudo in Wheezy. > > Please see the diff to previous version and a small test program attached. > > Changes: > sudo (1.8.5p2-1+nmu3+deb7u2) wheezy-security; urgency=medium > . >* LTS Team upload. >* Fix noexec bypass via system() and popen() (CVE-2016-7032) >* Fix noexec bypass via wordexp() (CVE-2016-7076) (Closes: #842507) > > I plan uploading the package tomorrow around 18:00 UTC. > > The binary packages for amd64 are also available for testing here: > > deb https://people.debian.org/~rbalint/ppa/wheezy-lts UNRELEASED/ > > Cheers, > Balint >
wireshark security update for Wheezy LTS
Hi, I have prepared an update for sudo in Wheezy. Please see the diff to previous version and a small test program attached. Changes: sudo (1.8.5p2-1+nmu3+deb7u2) wheezy-security; urgency=medium . * LTS Team upload. * Fix noexec bypass via system() and popen() (CVE-2016-7032) * Fix noexec bypass via wordexp() (CVE-2016-7076) (Closes: #842507) I plan uploading the package tomorrow around 18:00 UTC. The binary packages for amd64 are also available for testing here: deb https://people.debian.org/~rbalint/ppa/wheezy-lts UNRELEASED/ Cheers, Balint diff -Nru sudo-1.8.5p2/debian/changelog sudo-1.8.5p2/debian/changelog --- sudo-1.8.5p2/debian/changelog 2016-01-05 19:48:04.0 +0100 +++ sudo-1.8.5p2/debian/changelog 2016-11-11 15:54:01.0 +0100 @@ -1,3 +1,11 @@ +sudo (1.8.5p2-1+nmu3+deb7u2) wheezy-security; urgency=medium + + * LTS Team upload. + * Fix noexec bypass via system() and popen() (CVE-2016-7032) + * Fix noexec bypass via wordexp() (CVE-2016-7076) (Closes: #842507) + + -- Balint Reczey Fri, 11 Nov 2016 15:52:14 +0100 + sudo (1.8.5p2-1+nmu3+deb7u1) wheezy-security; urgency=medium * Non-maintainer upload diff -Nru sudo-1.8.5p2/debian/patches/CVE-2016-7032-1.patch sudo-1.8.5p2/debian/patches/CVE-2016-7032-1.patch --- sudo-1.8.5p2/debian/patches/CVE-2016-7032-1.patch 1970-01-01 01:00:00.0 +0100 +++ sudo-1.8.5p2/debian/patches/CVE-2016-7032-1.patch 2016-11-11 17:46:36.0 +0100 @@ -0,0 +1,39 @@ +From 31e5576a54a439c943f20998cb319f7101a609e3 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Mon, 28 Sep 2015 15:10:00 -0600 +Subject: [PATCH 1/3] Also interpose system(3). On glibc systems you cannot + interpose the syscalls used internally by libc. + +Conflicts: + src/sudo_noexec.c +--- + src/sudo_noexec.c | 6 ++ + 1 file changed, 6 insertions(+) + +diff --git a/src/sudo_noexec.c b/src/sudo_noexec.c +index af1915f..c83df44 100644 +--- a/src/sudo_noexec.c b/src/sudo_noexec.c +@@ -40,6 +40,11 @@ + return -1; \ + } + ++#define DUMMY1(fn, t1) \ ++int \ ++fn(t1 a1) \ ++DUMMY_BODY ++ + #define DUMMY2(fn, t1, t2) \ + int \ + fn(t1 a1, t2 a2)\ +@@ -69,6 +74,7 @@ DUMMY_VA(__execle, const char *, const char *) + DUMMY_VA(execlp, const char *, const char *) + DUMMY_VA(_execlp, const char *, const char *) + DUMMY_VA(__execlp, const char *, const char *) ++DUMMY1(system, const char *) + DUMMY3(exect, const char *, char * const *, char * const *) + DUMMY3(_exect, const char *, char * const *, char * const *) + DUMMY3(__exect, const char *, char * const *, char * const *) +-- +2.1.4 + diff -Nru sudo-1.8.5p2/debian/patches/CVE-2016-7032-2.patch sudo-1.8.5p2/debian/patches/CVE-2016-7032-2.patch --- sudo-1.8.5p2/debian/patches/CVE-2016-7032-2.patch 1970-01-01 01:00:00.0 +0100 +++ sudo-1.8.5p2/debian/patches/CVE-2016-7032-2.patch 2016-11-11 17:46:36.0 +0100 @@ -0,0 +1,57 @@ +From 129bf12da13c4f095502ae36b1fc9726eaa23403 Mon Sep 17 00:00:00 2001 +From: "Todd C. Miller" +Date: Mon, 28 Sep 2015 15:34:16 -0600 +Subject: [PATCH 2/3] Also wrap popen(3). + +Back-ported to not use FN_NAME and INTERPOSE by Balint Reczey. + +Conflicts: + src/sudo_noexec.c +--- + src/sudo_noexec.c | 12 +++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/src/sudo_noexec.c b/src/sudo_noexec.c +index c83df44..c6c 100644 +--- a/src/sudo_noexec.c b/src/sudo_noexec.c +@@ -20,6 +20,8 @@ + + #include + #include ++#include ++#include + #ifdef HAVE_SPAWN_H + #include + #endif +@@ -74,7 +76,6 @@ DUMMY_VA(__execle, const char *, const char *) + DUMMY_VA(execlp, const char *, const char *) + DUMMY_VA(_execlp, const char *, const char *) + DUMMY_VA(__execlp, const char *, const char *) +-DUMMY1(system, const char *) + DUMMY3(exect, const char *, char * const *, char * const *) + DUMMY3(_exect, const char *, char * const *, char * const *) + DUMMY3(__exect, const char *, char * const *, char * const *) +@@ -96,6 +97,7 @@ DUMMY3(__execvpe, const char *, char * const *, char * const *) + DUMMY3(fexecve, int , char * const *, char * const *) + DUMMY3(_fexecve, int , char * const *, char * const *) + DUMMY3(__fexecve, int , char * const *, char * const *) ++DUMMY1(system, const char *) + #ifdef HAVE_SPAWN_H + DUMMY6(posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *) + DUMMY6(_posix_spawn, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *) +@@ -104,3 +106,11 @@ DUMMY6(posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, + DUMMY6(_posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const *) + DUMMY6(__posix_spawnp, pid_t *, const char *, const posix_spawn_file_actions_t *, const posix_spawnattr_t *, char * const *, char * const
wireshark security update for Wheezy LTS
Hi,
I have prepared an update for wireshark in Wheezy.
Please see the diff to previous version attached. A practically
identical changeset has been already accepted to jessie-security.
Changes:
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u4) wheezy-security; urgency=medium
.
* security fixes from Wireshark 2.0.6:
- The H.225 dissector could crash (CVE-2016-7176)
- The Catapult DCT2000 dissector could crash (CVE-2016-7177)
- The UMTS FP dissector could crash (CVE-2016-7178)
- The Catapult DCT2000 dissector could crash (CVE-2016-7179)
- The IPMI trace dissector could crash (CVE-2016-7180)
I plan uploading the package tomorrow around noon UTC.
Cheers,
Balint
diff -Nru wireshark-1.12.1+g01b65bf/debian/changelog wireshark-1.12.1+g01b65bf/debian/changelog
--- wireshark-1.12.1+g01b65bf/debian/changelog 2016-08-14 16:20:37.0 +0200
+++ wireshark-1.12.1+g01b65bf/debian/changelog 2016-09-20 18:05:25.0 +0200
@@ -1,3 +1,14 @@
+wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u4) wheezy-security; urgency=medium
+
+ * security fixes from Wireshark 2.0.6:
+- The H.225 dissector could crash (CVE-2016-7176)
+- The Catapult DCT2000 dissector could crash (CVE-2016-7177)
+- The UMTS FP dissector could crash (CVE-2016-7178)
+- The Catapult DCT2000 dissector could crash (CVE-2016-7179)
+- The IPMI trace dissector could crash (CVE-2016-7180)
+
+ -- Balint Reczey Tue, 20 Sep 2016 18:05:16 +0200
+
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u3) wheezy-security; urgency=medium
* security fixes from Wireshark 1.12.13:
diff -Nru wireshark-1.12.1+g01b65bf/debian/patches/127_2.0.6_Don-t-snprintf-into-a-string-with-one-of-the-argumen.patch wireshark-1.12.1+g01b65bf/debian/patches/127_2.0.6_Don-t-snprintf-into-a-string-with-one-of-the-argumen.patch
--- wireshark-1.12.1+g01b65bf/debian/patches/127_2.0.6_Don-t-snprintf-into-a-string-with-one-of-the-argumen.patch 1970-01-01 01:00:00.0 +0100
+++ wireshark-1.12.1+g01b65bf/debian/patches/127_2.0.6_Don-t-snprintf-into-a-string-with-one-of-the-argumen.patch 2016-09-20 18:04:38.0 +0200
@@ -0,0 +1,695 @@
+From 8b20fac0cdcbeb0266caf5307600e1e1f4912b99 Mon Sep 17 00:00:00 2001
+From: Guy Harris
+Date: Tue, 2 Aug 2016 20:39:34 -0700
+Subject: [PATCH 127/131] Don't snprintf() into a string with one of the
+ arguments being the same string.
+
+That doesn't work - you could be writing into the string from which
+you're reading.
+
+Conflicts:
+ asn1/h225/h225.cnf
+ epan/dissectors/packet-h225.c
+
+Bug: 12700
+
+Change-Id: I2fc6416e0613791dcd37ef70dbf00aae159008de
+Reviewed-on: https://code.wireshark.org/review/16852
+Reviewed-by: Guy Harris
+Reviewed-on: https://code.wireshark.org/review/17800
+Reviewed-by: Balint Reczey
+---
+ asn1/h225/h225.cnf| 58 +--
+ epan/dissectors/packet-h225.c | 168 +++---
+ 2 files changed, 127 insertions(+), 99 deletions(-)
+
+diff --git a/asn1/h225/h225.cnf b/asn1/h225/h225.cnf
+index 2bece14..a6ad36b 100644
+--- a/asn1/h225/h225.cnf
b/asn1/h225/h225.cnf
+@@ -274,8 +274,12 @@ IsupNumber/nationalStandardPartyNumber isupNationalStandardPartyNumber
+ dissect_h245_FastStart_OLC(value_tvb, %(ACTX)s->pinfo, tree, codec_str);
+ }
+
+-/* Add to packet info */
+-g_snprintf(h225_pi->frame_label, 50, "%%s %%s", h225_pi->frame_label, codec_str);
++ /* Add to packet info */
++ {
++char temp[50];
++g_snprintf(temp, 50, "%%s %%s", h225_pi->frame_label, codec_str);
++g_strlcpy(h225_pi->frame_label, temp, 50);
++ }
+
+ contains_faststart = TRUE;
+ h225_pi->is_faststart = TRUE;
+@@ -362,10 +366,12 @@ IsupNumber/nationalStandardPartyNumber isupNationalStandardPartyNumber
+ #.FN_FTR Progress-UUIE
+ /* Add to packet info */
+ h225_pi->cs_type = H225_PROGRESS;
+- if (contains_faststart == TRUE )
+-g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, ""), h225_pi->frame_label);
+- else
+-g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, ""));
++ if (contains_faststart) {
++char temp[50];
++g_snprintf(temp, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, ""), h225_pi->frame_label);
++g_strlcpy(h225_pi->frame_label, temp, 50);
++ } else
++g_snprintf(h225_pi->frame_label, 50, "%s", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, ""));
+ #.END
+ #
+ #.FN_FTR SetupAcknowledge-UUIE
+@@ -389,28 +395,34 @@ IsupNumber/nationalStandardPartyNumber isupNationalStandardPartyNumber
+ #.FN_FTR Setup-UUIE
+ /* Add to packet info */
+ h225_pi->cs_type = H225_SETUP;
+- if (contains_faststart == TRUE )
+- g_snprintf(h225_pi->frame_label, 50, "%s OLC (%s)", val_to_str(h225_pi->cs_type, T_h323_message_body_vals, ""), h225_pi->frame_label);
+- else
+- g_snprintf(h225_p
wireshark security update for Wheezy LTS
Hi, I have prepared an update for wireshark in Wheezy. Please see the diff to previous version attached. A practically identical changeset has been already accepted to jessie-security. Changes: wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u3) wheezy-security; urgency=medium . * security fixes from Wireshark 1.12.13: - The NDS dissector could crash (CVE-2016-6504) - The PacketBB dissector could crash (CVE-2016-6505) - The WSP dissector could go into an infinite loop (CVE-2016-6506) - The MMSE dissector could go into an infinite loop (CVE-2016-6507) - The RLC dissector could go into a long loop (CVE-2016-6508) - The LDSS dissector could crash (CVE-2016-6509) - The RLC dissector could crash (CVE-2016-6510) - The OpenFlow dissector could go into a long loop (CVE-2016-6511) * Cherry-pick fix for regressions caused by CVE-2016-6511's fix I plan uploading the package tomorrow around noon UTC. Cheers, Balint diff -Nru wireshark-1.12.1+g01b65bf/debian/changelog wireshark-1.12.1+g01b65bf/debian/changelog --- wireshark-1.12.1+g01b65bf/debian/changelog 2016-06-26 20:37:15.0 +0200 +++ wireshark-1.12.1+g01b65bf/debian/changelog 2016-08-14 16:20:37.0 +0200 @@ -1,3 +1,18 @@ +wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u3) wheezy-security; urgency=medium + + * security fixes from Wireshark 1.12.13: +- The NDS dissector could crash (CVE-2016-6504) +- The PacketBB dissector could crash (CVE-2016-6505) +- The WSP dissector could go into an infinite loop (CVE-2016-6506) +- The MMSE dissector could go into an infinite loop (CVE-2016-6507) +- The RLC dissector could go into a long loop (CVE-2016-6508) +- The LDSS dissector could crash (CVE-2016-6509) +- The RLC dissector could crash (CVE-2016-6510) +- The OpenFlow dissector could go into a long loop (CVE-2016-6511) + * Cherry-pick fix for regressions caused by CVE-2016-6511's fix + + -- Balint Reczey Sun, 14 Aug 2016 16:20:12 +0200 + wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u2) wheezy-security; urgency=high * security fixes from Wireshark 1.12.12: diff -Nru wireshark-1.12.1+g01b65bf/debian/patches/118_1.12.13_dissect_nds_request-Add-NULL-check.patch wireshark-1.12.1+g01b65bf/debian/patches/118_1.12.13_dissect_nds_request-Add-NULL-check.patch --- wireshark-1.12.1+g01b65bf/debian/patches/118_1.12.13_dissect_nds_request-Add-NULL-check.patch 1970-01-01 01:00:00.0 +0100 +++ wireshark-1.12.1+g01b65bf/debian/patches/118_1.12.13_dissect_nds_request-Add-NULL-check.patch 2016-08-12 20:29:06.0 +0200 @@ -0,0 +1,33 @@ +From 471830020143111ca694a1153d9ea477343edde7 Mon Sep 17 00:00:00 2001 +From: Michael Mann +Date: Sat, 2 Jul 2016 10:37:20 -0400 +Subject: [PATCH 118/125] dissect_nds_request: Add NULL check + +Bug: 12576 +Change-Id: If25d65b58ccc3860a48a48d5dbc4a076a79ad459 +Reviewed-on: https://code.wireshark.org/review/16245 +Reviewed-by: Michael Mann +(cherry picked from commit 9eacbb4d48df647648127b9258f9e5aeeb0c7d99) +Reviewed-on: https://code.wireshark.org/review/17015 +Reviewed-by: Balint Reczey +--- + epan/dissectors/packet-ncp.inc | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-ncp.inc b/epan/dissectors/packet-ncp.inc +index 35f0fa6..6c7c4c6 100644 +--- a/epan/dissectors/packet-ncp.inc b/epan/dissectors/packet-ncp.inc +@@ -11803,7 +11803,8 @@ dissect_nds_request(tvbuff_t *tvb, packet_info *pinfo, + ; /* nothing */ + break; + } +-ptvcursor_free(ptvc); ++if (ptvc != NULL) ++ptvcursor_free(ptvc); + + /* Free the temporary proto_tree */ + CLEANUP_CALL_AND_POP; +-- +2.1.4 + diff -Nru wireshark-1.12.1+g01b65bf/debian/patches/119_1.12.13_packetbb-Prevent-divide-by-0.patch wireshark-1.12.1+g01b65bf/debian/patches/119_1.12.13_packetbb-Prevent-divide-by-0.patch --- wireshark-1.12.1+g01b65bf/debian/patches/119_1.12.13_packetbb-Prevent-divide-by-0.patch 1970-01-01 01:00:00.0 +0100 +++ wireshark-1.12.1+g01b65bf/debian/patches/119_1.12.13_packetbb-Prevent-divide-by-0.patch 2016-08-12 20:29:06.0 +0200 @@ -0,0 +1,48 @@ +From 5576ce24c69cf38c890f70696285e84d6e4c2932 Mon Sep 17 00:00:00 2001 +From: Michael Mann +Date: Sat, 2 Jul 2016 08:23:34 -0400 +Subject: [PATCH 119/125] packetbb: Prevent divide by 0. + +Bug: 12577 +Change-Id: Ibfa605597b786d8dbf1e256ef2ca6dc691498974 +Reviewed-on: https://code.wireshark.org/review/16241 +Petri-Dish: Michael Mann +Tested-by: Petri Dish Buildbot +Reviewed-by: Michael Mann +(cherry picked from commit 94e97e45cf614c7bb8fe90c23df52910246b2c95) +Reviewed-on: https://code.wireshark.org/review/16244 +(cherry picked from commit 3ce7de0ce8d32ded8e4c0ebf747886b9b5b1b26f) +Reviewed-on: https://code.wireshark.org/review/17016 +Reviewed-by: Balint Reczey +--- + epan/dissectors/packet-packetbb.c | 14 -- + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/epan/dissec
wireshark security update for Wheezy LTS
Hi,
I have prepared an update for wireshark in Wheezy.
Please see the diff to previous version attached. I have submitted
a practically identical changeset to the Security Team for accepting
it as an update to Jessie's version.
Changes:
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u2) wheezy-security; urgency=high
.
* security fixes from Wireshark 1.12.12:
- The SPOOLS dissector could go into an infinite loop
Discovered by the CESG (CVE-2016-5350)
- The IEEE 802.11 dissector could crash (CVE-2016-5351)
- The UMTS FP dissector could crash (CVE-2016-5353)
- Some USB dissectors could crash. Discovered by Mateusz Jurczyk
(CVE-2016-5354)
- The Toshiba file parser could crash. Discovered by iDefense Labs
(CVE-2016-5355)
- The CoSine file parser could crash. Discovered by iDefense Labs
(CVE-2016-5356)
- The NetScreen file parser could crash. Discovered by iDefense Labs
(CVE-2016-5357)
- The WBXML dissector could go into an infinite loop.
Discovered by Chris Benedict, Aurelien Delaitre,
NIST SAMATE Project (CVE-2016-5359)
* Fix patch for CVE-2015-8724 released in 1.12.1+g01b65bf-4+deb8u4
to not return error code from a function returning void
The binary packages for amd64 are also available for testing here:
https://people.debian.org/~rbalint/ppa/wheezy-lts/wheezy-security/
Cheers,
Balint
diff -Nru wireshark-1.12.1+g01b65bf/debian/changelog wireshark-1.12.1+g01b65bf/debian/changelog
--- wireshark-1.12.1+g01b65bf/debian/changelog 2016-05-29 00:19:41.0 +0200
+++ wireshark-1.12.1+g01b65bf/debian/changelog 2016-06-26 20:37:15.0 +0200
@@ -1,3 +1,26 @@
+wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u2) wheezy-security; urgency=high
+
+ * security fixes from Wireshark 1.12.12:
+- The SPOOLS dissector could go into an infinite loop
+ Discovered by the CESG (CVE-2016-5350)
+- The IEEE 802.11 dissector could crash (CVE-2016-5351)
+- The UMTS FP dissector could crash (CVE-2016-5353)
+- Some USB dissectors could crash. Discovered by Mateusz Jurczyk
+ (CVE-2016-5354)
+- The Toshiba file parser could crash. Discovered by iDefense Labs
+ (CVE-2016-5355)
+- The CoSine file parser could crash. Discovered by iDefense Labs
+ (CVE-2016-5356)
+- The NetScreen file parser could crash. Discovered by iDefense Labs
+ (CVE-2016-5357)
+- The WBXML dissector could go into an infinite loop.
+ Discovered by Chris Benedict, Aurelien Delaitre,
+ NIST SAMATE Project (CVE-2016-5359)
+ * Fix patch for CVE-2015-8724 released in 1.12.1+g01b65bf-4+deb8u4
+to not return error code from a function returning void
+
+ -- Balint Reczey Sun, 26 Jun 2016 20:35:36 +0200
+
wireshark (1.12.1+g01b65bf-4+deb8u6~deb7u1) wheezy-security; urgency=high
* Backport to wheezy-security
diff -Nru wireshark-1.12.1+g01b65bf/debian/patches/105_1.12.12_Toshiba_Fix-packet-length-handling.patch wireshark-1.12.1+g01b65bf/debian/patches/105_1.12.12_Toshiba_Fix-packet-length-handling.patch
--- wireshark-1.12.1+g01b65bf/debian/patches/105_1.12.12_Toshiba_Fix-packet-length-handling.patch 1970-01-01 01:00:00.0 +0100
+++ wireshark-1.12.1+g01b65bf/debian/patches/105_1.12.12_Toshiba_Fix-packet-length-handling.patch 2016-06-26 20:34:08.0 +0200
@@ -0,0 +1,89 @@
+From 1a8ed46c02e2aad04b30ccaf916b4ad553e28467 Mon Sep 17 00:00:00 2001
+From: Guy Harris
+Date: Fri, 29 Apr 2016 15:19:49 -0700
+Subject: [PATCH 105/117] Fix packet length handling.
+
+Treat the packet length as unsigned - it shouldn't be negative in the
+file. If it is, that'll probably cause the sscanf to fail, so we'll
+report the file as bad.
+
+Check it against WTAP_MAX_PACKET_SIZE to make sure we don't try to
+allocate a huge amount of memory, just as we do in other file readers.
+
+Use the now-validated packet size as the length in
+ws_buffer_assure_space(), so we are certain to have enough space, and
+don't allocate too much space.
+
+Bug: 12394
+Change-Id: If0b79376fc6fe2f49c7b7d7796dee7b7683485cb
+Reviewed-on: https://code.wireshark.org/review/15171
+Reviewed-by: Guy Harris
+(cherry picked from commit 303680c3eae0263854c80845a660a1784d731533)
+Reviewed-on: https://code.wireshark.org/review/16111
+Reviewed-by: Balint Reczey
+---
+ wiretap/toshiba.c | 22 ++
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+diff --git a/wiretap/toshiba.c b/wiretap/toshiba.c
+index 0492514..892a31e 100644
+--- a/wiretap/toshiba.c
b/wiretap/toshiba.c
+@@ -100,11 +100,6 @@ static const char toshiba_hdr_magic[] =
+ static const char toshiba_rec_magic[] = { '[', 'N', 'o', '.' };
+ #define TOSHIBA_REC_MAGIC_SIZE (sizeof toshiba_rec_magic / sizeof toshiba_rec_magic[0])
+
+-/*
+- * XXX - is this the biggest packet we can get?
+- */
+-#define TOSHIBA_MAX_PACKET_LEN 16384
+-
+ static gboolean toshiba_read(wtap *wth, int *err, gchar **err_info,
+ gint64 *data_offset);
+ static gboolean toshiba_seek_read(wtap
