From 9aafa3e7243501e941e141b257e24f92a2f53865 Mon Sep 17 00:00:00 2001 From: Jan Safranek Date: Jan 17 2011 09:17:54 +0000 Subject: upgrade to 1.4.3 Resolves: CVE-2011-0445 CVE-2011-0444 --- diff --git a/.gitignore b/.gitignore index 6a3a300..e7f563b 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ wireshark-1.2.10.tar.bz2 /wireshark-1.4.0.tar.bz2 /wireshark-1.4.1.tar.bz2 /wireshark-1.4.2.tar.bz2 +/wireshark-1.4.3.tar.bz2 diff --git a/sources b/sources index d00b54d..1c0fa68 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5429561935ea0d1ee572793b55446918 wireshark-1.4.2.tar.bz2 +ac3dcc8c128c38d9ef3d9c93d1dec83e wireshark-1.4.3.tar.bz2 diff --git a/wireshark-1.4.2-enttec-overflow.patch b/wireshark-1.4.2-enttec-overflow.patch deleted file mode 100644 index b37e8f8..0000000 --- a/wireshark-1.4.2-enttec-overflow.patch +++ /dev/null @@ -1,53 +0,0 @@ -666897 - Wireshark: Array index error in ENTTEC dissector - -commit 66966b531c0aff764644989a5bcda2b6ce46b51f -Author: gerald -Date: Fri Dec 31 22:24:06 2010 +0000 - - From FRAsse via bug 5539: - - There's a buffer overflow in ENTTEC DMX Data RLE, leading to crashes and - potential code execution. - - From me: ep_allocate our buffers. - - - git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@35318 f5534014-38df-0310-8fa8-9805f1628bb7 - -diff --git a/epan/dissectors/packet-enttec.c b/epan/dissectors/packet-enttec.c -index 6e6cccc..66d3e18 100644 ---- a/epan/dissectors/packet-enttec.c -+++ b/epan/dissectors/packet-enttec.c -@@ -193,8 +193,8 @@ dissect_enttec_dmx_data(tvbuff_t *tvb, guint offset, proto_tree *tree) - "%3u: %s" - }; - -- static guint8 dmx_data[512]; -- static guint16 dmx_data_offset[513]; /* 1 extra for last offset */ -+ guint8 *dmx_data = ep_alloc(512 * sizeof(guint8)); -+ guint16 *dmx_data_offset = ep_alloc(513 * sizeof(guint16)); /* 1 extra for last offset */ - emem_strbuf_t *dmx_epstr; - - proto_tree *hi,*si; -@@ -225,10 +225,10 @@ dissect_enttec_dmx_data(tvbuff_t *tvb, guint offset, proto_tree *tree) - length = 512; - - if (type == ENTTEC_DATA_TYPE_RLE) { -- /* uncompres the DMX data */ -+ /* uncompress the DMX data */ - ui = 0; - ci = 0; -- while (ci < length) { -+ while (ci < length && ui < 512) { - v = tvb_get_guint8(tvb, offset+ci); - if (v == 0xFE) { - ci++; -@@ -236,7 +236,7 @@ dissect_enttec_dmx_data(tvbuff_t *tvb, guint offset, proto_tree *tree) - ci++; - v = tvb_get_guint8(tvb, offset+ci); - ci++; -- for (i=0;i < count;i++) { -+ for (i=0;i < count && ui < 512;i++) { - dmx_data[ui] = v; - dmx_data_offset[ui] = ci-3; - ui++; diff --git a/wireshark.spec b/wireshark.spec index 9173133..d0100c8 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -12,11 +12,11 @@ Summary: Network traffic analyzer Name: wireshark -Version: 1.4.2 +Version: 1.4.3 %if %{svn_version} Release: 0.%{svn_version}%{?dist} %else -Release: 2%{?dist} +Release: 1%{?dist} %endif License: GPL+ Group: Applications/Internet @@ -42,7 +42,6 @@ Patch3: wireshark-1.2.4-enable_lua.patch Patch4: wireshark-1.2.8-disable_warning_dialog.patch Patch5: wireshark-libtool-pie.patch Patch6: wireshark-1.4.0-doc-path.patch -Patch7: wireshark-1.4.2-enttec-overflow.patch Url: http://www.wireshark.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -122,7 +121,6 @@ and plugins. %patch4 -p1 -b .dialog %patch5 -p1 %patch6 -p1 -%patch7 -p1 -b .enttec-overflow %build %ifarch s390 s390x sparcv9 sparc64 @@ -324,6 +322,10 @@ fi %{_sbindir}/idl2wrs %changelog +* Mon Jan 17 2011 Jan Safranek - 1.4.2-3 +- upgrade to 1.4.3 +- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.3.html + * Wed Jan 5 2011 Jan Safranek - 1.4.2-2 - fixed buffer overflow in ENTTEC dissector (#666897)