From 97ece0f856a1dc6ae5d6ddd83e35f6cdb5688baf Mon Sep 17 00:00:00 2001 From: Michal Ruprich Date: May 02 2018 11:34:24 +0000 Subject: New version 2.6.0 Fix for CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9259, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274 Switch from autotools to cmake Removed python2-devel(#1560284) and libssh2-devel from dependencies Removed python scripts --- diff --git a/sources b/sources index 4043f2e..d681110 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (wireshark-2.4.5.tar.xz) = 2f2c201d6b8a37dcbe03bc9affbf97d632d8e40e4fe5b3a3e79cbd5cfbeb5b9111919850546ccae355fcb042def3456438eb1c4d73f7d56d373e7898311b42f3 -SHA512 (SIGNATURES-2.4.5.txt) = c3ad37cde73232aff3a0f00046894caccb7dca2bcd707c9d9f3bb0315bace72eb33417252abe5fecefb036ddb26b946fbde826e85b2a866fcce1f5872d395737 +SHA512 (wireshark-2.6.0.tar.xz) = a419ed32caeb9f25fc26e345c7baf7d847fee35730c64efad66870a786b26b9f8d5a8665b8b99be88f9cf504f6d9e640584d9849558ff09efc83400588dc6da8 +SHA512 (SIGNATURES-2.6.0.txt) = ce54fc3f44ac70bb3720389845f1337417733cc179d17aaa0f46ef70d3f98fbe886c9756224d27f8abe1c9f18979685721807f9ef5779eb0da028314df2700b0 diff --git a/wireshark-0002-Customize-permission-denied-error.patch b/wireshark-0002-Customize-permission-denied-error.patch index ce0d897..9b3451f 100644 --- a/wireshark-0002-Customize-permission-denied-error.patch +++ b/wireshark-0002-Customize-permission-denied-error.patch @@ -34,7 +34,7 @@ index 2f9d2cc..b18e47f 100644 /* Exit with "_exit()", so that we don't close the connection @@ -826,6 +830,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd, - PROCESS_INFORMATION pi; + int i; #else char errmsg[1024+1]; + const char *securitymsg = ""; diff --git a/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch b/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch index 4045447..8277a8c 100644 --- a/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch +++ b/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch @@ -3,10 +3,10 @@ Date: Wed, 4 Sep 2013 10:03:57 +0200 Subject: [PATCH] fix string overrun in plugins/profinet -diff --git a/plugins/profinet/packet-dcom-cba.c b/plugins/profinet/packet-dcom-cba.c +diff --git a/plugins/epan/profinet/packet-dcom-cba.c b/plugins/epan/profinet/packet-dcom-cba.c index 0f1658a..f7fd322 100644 ---- a/plugins/profinet/packet-dcom-cba.c -+++ b/plugins/profinet/packet-dcom-cba.c +--- a/plugins/epan/profinet/packet-dcom-cba.c ++++ b/plugins/epan/profinet/packet-dcom-cba.c @@ -555,7 +555,7 @@ dissect_ICBAPhysicalDevice_get_LogicalDevice_rqst(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep) { diff --git a/wireshark-0006-Move-tmp-to-var-tmp.patch b/wireshark-0006-Move-tmp-to-var-tmp.patch index 2cb1b81..f965173 100644 --- a/wireshark-0006-Move-tmp-to-var-tmp.patch +++ b/wireshark-0006-Move-tmp-to-var-tmp.patch @@ -30,7 +30,7 @@ index 22ca841..6bcb527 100644 #include +#include /* for get_tmp_dir() */ #include - #include + #include #ifdef HAVE_LIBSMI @@ -427,7 +428,7 @@ about_folders_page_new(void) "capture files"); @@ -51,17 +51,17 @@ index 31dc581..2f74285 100644 #include +#include /* for get_tmp_dir() */ - #ifdef HAVE_LIBSMI - #include -@@ -204,7 +205,7 @@ AboutDialog::AboutDialog(QWidget *parent) : - message += about_folders_row("\"File\" dialogs", get_last_open_dir(), "capture files"); + #include + #include +@@ -206,7 +206,7 @@ FolderListModel::FolderListModel(QObject * parent): + appendRow( QStringList() << tr("\"File\" dialogs") << get_last_open_dir() << tr("capture files")); /* temp */ -- message += about_folders_row("Temp", g_get_tmp_dir(), "untitled capture files"); -+ message += about_folders_row("Temp", get_tmp_dir(), "untitled capture files"); +- appendRow( QStringList() << tr("Temp") << g_get_tmp_dir() << tr("untitled capture files")); ++ appendRow( QStringList() << tr("Temp") << get_tmp_dir() << tr("untitled capture files")); /* pers conf */ - message += about_folders_row("Personal configuration", + appendRow( QStringList() << tr("Personal configuration") diff --git a/ui/qt/iax2_analysis_dialog.cpp b/ui/qt/iax2_analysis_dialog.cpp index ee4e5fd..fe17a95 100644 --- a/ui/qt/iax2_analysis_dialog.cpp @@ -137,26 +137,22 @@ diff --git a/wsutil/Makefile.am b/wsutil/Makefile.am index 2af1b6c..aa149a2 100644 --- a/wsutil/Makefile.am +++ b/wsutil/Makefile.am -@@ -91,7 +91,8 @@ libwsutil_nonrepl_INCLUDES = \ - ws_mempbrk.h \ - ws_mempbrk_int.h \ +@@ -90,6 +90,7 @@ WSUTIL_PUBLIC_INCLUDES = \ + ws_pipe.h \ ws_printf.h \ -- wsjsmn.h -+ wsjsmn.h \ -+ wstmpdir.h - - # Header files for functions in libwsutil's ABI on this platform. - libwsutil_abi_INCLUDES = \ -@@ -155,7 +156,8 @@ libwsutil_la_SOURCES = \ - unicode-utils.c \ - ws_mempbrk.c \ + wsjsmn.h \ ++ wstmpdir.h \ + wsgcrypt.h \ + wsgetopt.h \ + wspcap.h \ +@@ -168,6 +169,7 @@ libwsutil_la_SOURCES = \ + ws_pipe.c \ wsgcrypt.c \ -- wsjsmn.c -+ wsjsmn.c \ -+ wstmpdir.c + wsjsmn.c \ ++ wstmpdir.c \ + xtea.c - if HAVE_MACOS_FRAMEWORKS - libwsutil_la_SOURCES += cfutils.c cfutils.h + if HAVE_PLUGINS diff --git a/wsutil/tempfile.c b/wsutil/tempfile.c index 8e1f8dc..dcf2f78 100644 --- a/wsutil/tempfile.c @@ -169,7 +165,7 @@ index 8e1f8dc..dcf2f78 100644 #ifndef __set_errno #define __set_errno(x) errno=(x) -@@ -142,7 +143,7 @@ mkdtemp (char *path_template) +@@ -83,13 +83,14 @@ mkstemps(char *path_template, int suffixlen) */ char *get_tempfile_path(const char *filename) { @@ -178,6 +174,14 @@ index 8e1f8dc..dcf2f78 100644 } #define MAX_TEMPFILES 3 + + /** +- * Create a tempfile with the given prefix (e.g. "wireshark"). ++ * Create a tempfile with the given prefix (e.g. "wireshark"). The path ++ * is created using get_tmp_dir and mkdtemp + * + * @param namebuf If not NULL, receives the full path of the temp file. + * Should NOT be freed. @@ -199,7 +200,7 @@ create_tempfile(char **namebuf, const char *pfx, const char *sfx) tf[idx].path = (char *)g_malloc(tf[idx].len); } @@ -187,24 +191,6 @@ index 8e1f8dc..dcf2f78 100644 #ifdef _WIN32 _tzset(); -@@ -237,7 +238,7 @@ create_tempfile(char **namebuf, const char *pfx, const char *sfx) - - /** - * Create a directory with the given prefix (e.g. "wireshark"). The path -- * is created using g_get_tmp_dir and mkdtemp. -+ * is created using get_tmp_dir and mkdtemp. - * - * @param namebuf - * @param pfx A prefix for the temporary directory. -@@ -265,7 +266,7 @@ create_tempdir(char **namebuf, const char *pfx) - /* - * We can't use get_tempfile_path here because we're called from dumpcap.c. - */ -- tmp_dir = g_get_tmp_dir(); -+ tmp_dir = get_tmp_dir(); - - while (g_snprintf(td_path[idx], td_path_len[idx], "%s%c%s" TMP_FILE_SUFFIX, tmp_dir, G_DIR_SEPARATOR, pfx) > td_path_len[idx]) { - td_path_len[idx] *= 2; diff --git a/wsutil/tempfile.h b/wsutil/tempfile.h index 1dca2df..bb3160c 100644 --- a/wsutil/tempfile.h @@ -218,15 +204,6 @@ index 1dca2df..bb3160c 100644 * * @param namebuf [in,out] If not NULL, receives the full path of the temp file. * Must NOT be freed. -@@ -58,7 +58,7 @@ WS_DLL_PUBLIC int create_tempfile(char **namebuf, const char *pfx, const char *s - - /** - * Create a directory with the given prefix (e.g. "wireshark"). The path -- * is created using g_get_tmp_dir and mkdtemp. -+ * is created using get_tmp_dir and mkdtemp. - * - * @param namebuf If not NULL, receives the full path of the temp directory. - * Must NOT be freed. diff --git a/wsutil/wstmpdir.c b/wsutil/wstmpdir.c new file mode 100644 index 0000000..d8b733b diff --git a/wireshark-0007-cmakelists.patch b/wireshark-0007-cmakelists.patch new file mode 100644 index 0000000..07919f0 --- /dev/null +++ b/wireshark-0007-cmakelists.patch @@ -0,0 +1,33 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 9e3b555..b0abd84 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -3069,7 +3069,7 @@ if(RPMBUILD_EXECUTABLE AND GIT_EXECUTABLE) + endif() + + execute_process( +- COMMAND git describe --abbrev=8 --match v[1-9]* ++ COMMAND git describe --always --abbrev=8 --match v[1-9]* + OUTPUT_VARIABLE _git_description + OUTPUT_STRIP_TRAILING_WHITESPACE + WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} +diff --git a/wsutil/CMakeLists.txt b/wsutil/CMakeLists.txt +index 0367cd1..6382a2c 100644 +--- a/wsutil/CMakeLists.txt ++++ b/wsutil/CMakeLists.txt +@@ -69,6 +69,7 @@ set(WSUTIL_PUBLIC_HEADERS + ws_mempbrk_int.h + ws_pipe.h + ws_printf.h ++ wstmpdir.h + wsjsmn.h + xtea.h + ) +@@ -118,6 +118,7 @@ set(WSUTIL_COMMON_FILES + unicode-utils.c + ws_mempbrk.c + ws_pipe.c ++ wstmpdir.c + wsgcrypt.c + wsjsmn.c + xtea.c diff --git a/wireshark.spec b/wireshark.spec index 966a4d3..91ccd4e 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -1,11 +1,12 @@ %global with_lua 1 %global with_portaudio 1 -%global with_GeoIP 1 +%global with_maxminddb 1 +%global plugins_version 2.6 Summary: Network traffic analyzer Name: wireshark -Version: 2.4.5 -Release: 2%{?dist} +Version: 2.6.0 +Release: 1%{?dist} Epoch: 1 License: GPL+ Url: http://www.wireshark.org/ @@ -28,6 +29,7 @@ Patch4: wireshark-0004-Restore-Fedora-specific-groups.patch Patch5: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch # Fedora-specific Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch +Patch7: wireshark-0007-cmakelists.patch #install tshark together with wireshark GUI Requires: %{name}-cli = %{epoch}:%{version}-%{release} @@ -39,8 +41,8 @@ Requires: hicolor-icon-theme Requires: portaudio BuildRequires: portaudio-devel %endif -%if %{with_GeoIP} -Requires: GeoIP +%if %{with_maxminddb} && 0%{?fedora} +Requires: libmaxminddb %endif BuildRequires: bzip2-devel @@ -66,21 +68,22 @@ BuildRequires: pcre-devel BuildRequires: perl(Pod::Html) BuildRequires: perl(Pod::Man) Buildrequires: libssh-devel -Buildrequires: libssh2-devel BuildRequires: qt5-linguist BuildRequires: qt5-qtbase-devel BuildRequires: qt5-qtmultimedia-devel BuildRequires: qt5-qtsvg-devel BuildRequires: zlib-devel -%if %{with_GeoIP} -BuildRequires: GeoIP-devel +%if %{with_maxminddb} && 0%{?fedora} +BuildRequires: libmaxminddb-devel %endif %if %{with_lua} BuildRequires: compat-lua-devel %endif -BuildRequires: libtool, automake, autoconf Buildrequires: git +%if 0%{?fedora} Buildrequires: python2-devel +%endif +Buildrequires: cmake %description Wireshark allows you to examine protocol data stored in files or as it is @@ -116,61 +119,37 @@ and plugins. %autosetup -S git %build -%ifarch s390 s390x sparcv9 sparc64 -export PIECFLAGS="-fPIE -fPIC" -%else -export PIECFLAGS="-fpie -fPIC" -%endif - -# FC5+ automatic -fstack-protector-all switch -export RPM_OPT_FLAGS=${RPM_OPT_FLAGS//-fstack-protector-strong/-fstack-protector-all} -export CFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS -D_LARGEFILE64_SOURCE" -export CXXFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS -D_LARGEFILE64_SOURCE" -export LDFLAGS="$RPM_OPT_FLAGS $LDFLAGS -pie -fPIC" - -autoreconf -ivf - -%configure \ - --bindir=%{_bindir} \ - --with-libsmi \ - --with-gnu-ld \ - --with-pic \ - --with-qt=5 \ +%cmake -G "Unix Makefiles" \ + -DDISABLE_WERROR=ON \ + -DBUILD_wireshark=ON \ + -DENABLE_QT5=ON \ %if %{with_lua} - --with-lua \ + -DENABLE_LUA=ON \ %else - --with-lua=no \ + -DENABLE_LUA=OFF \ %endif -%if %{with_portaudio} && 0%{?fedora} - --with-portaudio \ +%if %{with_maxminddb} && 0%{?fedora} + -DBUILD_mmdbresolve=ON \ %else - --with-portaudio=no \ + -DBUILD_mmdbresolve=OFF \ %endif -%if %{with_GeoIP} - --with-geoip \ + -DBUILD_randpktdump=OFF \ + -DBUILD_androiddump=OFF \ + -DENABLE_SMI=ON \ +%if %{with_portaudio} && 0%{?fedora} + -DENABLE_PORTAUDIO=ON \ %else - --with-geoip=no \ + -DENABLE_PORTAUDIO=OFF \ %endif - --with-ssl \ - --disable-warnings-as-errors \ - --with-plugins=%{_libdir}/%{name}/plugins \ - --with-libnl \ - --disable-androiddump \ - --disable-randpktdump - -#remove rpath -sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool -sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + -DENABLE_PLUGINS=ON \ + -DENABLE_NETLINK=ON \ + -DBUILD_dcerpcidl2wrs=OFF make %{?_smp_mflags} %install make DESTDIR=%{buildroot} install -# Install python stuff. -mkdir -p %{buildroot}%{python2_sitearch} -install -m 644 tools/wireshark_be.py tools/wireshark_gen.py %{buildroot}%{python2_sitearch} - desktop-file-validate %{buildroot}%{_datadir}/applications/wireshark.desktop #install devel files (inspired by debian/wireshark-dev.header-files) @@ -185,7 +164,7 @@ mkdir -p "${IDIR}/epan/wmem" mkdir -p "${IDIR}/wiretap" mkdir -p "${IDIR}/wsutil" mkdir -p %{buildroot}%{_udevrulesdir} -install -m 644 config.h register.h "${IDIR}/" +install -m 644 config.h epan/register.h "${IDIR}/" install -m 644 cfile.h file.h "${IDIR}/" install -m 644 ws_symbol_export.h "${IDIR}/" install -m 644 epan/*.h "${IDIR}/epan/" @@ -204,12 +183,6 @@ touch %{buildroot}%{_bindir}/%{name} # Remove libtool archives and static libs find %{buildroot} -type f -name "*.la" -delete -# Remove idl2wrs -rm -f %{buildroot}%{_bindir}/idl2wrs - -#remove wireshark-gtk.desktop file since it is still installed in the makefile -rm -f %{buildroot}%{_datadir}/applications/wireshark-gtk.desktop - %pre cli getent group wireshark >/dev/null || groupadd -r wireshark getent group usbmon >/dev/null || groupadd -r usbmon @@ -234,7 +207,6 @@ getent group usbmon >/dev/null || groupadd -r usbmon %doc AUTHORS INSTALL NEWS README* %{_bindir}/capinfos %{_bindir}/captype -%{_bindir}/dftest %{_bindir}/editcap %{_bindir}/mergecap %{_bindir}/randpkt @@ -242,10 +214,12 @@ getent group usbmon >/dev/null || groupadd -r usbmon %{_bindir}/sharkd %{_bindir}/text2pcap %{_bindir}/tshark +%if %{with_maxminddb} && 0%{?fedora} +%{_bindir}/mmdbresolve +%endif %attr(0750, root, wireshark) %caps(cap_net_raw,cap_net_admin=ep) %{_bindir}/dumpcap %{_bindir}/rawshark %{_udevrulesdir}/90-wireshark-usbmon.rules -%{python2_sitearch}/*.py* %{_libdir}/lib*.so.* %dir %{_libdir}/wireshark %dir %{_libdir}/wireshark/extcap @@ -253,7 +227,11 @@ getent group usbmon >/dev/null || groupadd -r usbmon %{_libdir}/wireshark/extcap/ciscodump %{_libdir}/wireshark/extcap/udpdump %{_libdir}/wireshark/extcap/sshdump -%{_libdir}/wireshark/plugins/*.so +%{_libdir}/wireshark/*.cmake +#the version wireshark uses to store plugins is only x.y, not .z +%{_libdir}/wireshark/plugins/%{plugins_version}/epan/*.so +%{_libdir}/wireshark/plugins/%{plugins_version}/wiretap/*.so +%{_libdir}/wireshark/plugins/%{plugins_version}/codecs/*.so %{_mandir}/man1/editcap.* %{_mandir}/man1/tshark.* %{_mandir}/man1/mergecap.* @@ -267,12 +245,16 @@ getent group usbmon >/dev/null || groupadd -r usbmon %{_mandir}/man1/reordercap.* %{_mandir}/man1/sshdump.* %{_mandir}/man1/udpdump.* +%{_mandir}/man1/androiddump.* +%{_mandir}/man1/captype.* +%{_mandir}/man1/ciscodump.* +%{_mandir}/man1/randpktdump.* %{_mandir}/man4/extcap.* +%if %{with_maxminddb} && 0%{?fedora} +%{_mandir}/man1/mmdbresolve.* +%endif %dir %{_datadir}/wireshark %{_datadir}/wireshark/* -%if %{with_lua} -%config(noreplace) %{_datadir}/wireshark/init.lua -%endif %files devel %doc doc/README.* ChangeLog @@ -281,6 +263,13 @@ getent group usbmon >/dev/null || groupadd -r usbmon %{_libdir}/pkgconfig/%{name}.pc %changelog +* Wed May 02 2018 Michal Ruprich - 1:2.6.0-1 +- New version 2.6.0 +- Fix for CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9259, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274 +- Switch from autotools to cmake +- Removed python2-devel(#1560284) and libssh2-devel from dependencies +- Removed python scripts + * Thu Mar 15 2018 Michal Ruprich - 1:2.4.5-2 - Removing dependency on wireshark from wireshark-cli (rhbz#1554818) - Removing deprecated Group tags