diff --git a/SOURCES/wireshark-1.10.14-buffer-size.patch b/SOURCES/wireshark-1.10.14-buffer-size.patch new file mode 100644 index 0000000..dbdfc2f --- /dev/null +++ b/SOURCES/wireshark-1.10.14-buffer-size.patch @@ -0,0 +1,82 @@ +From 5cbf42acb616a34d5e41f03b881f8552e08855a7 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Thu, 4 May 2017 12:31:21 +0200 +Subject: [PATCH] Make the default capture buffer bigger. + +--- + capture_opts.h | 2 +- + doc/dumpcap.pod | 4 ++-- + doc/tshark.pod | 4 ++-- + doc/wireshark.pod.template | 4 ++-- + 4 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/capture_opts.h b/capture_opts.h +index c2f41d2..29a7132 100644 +--- a/capture_opts.h ++++ b/capture_opts.h +@@ -243,7 +243,7 @@ extern void + collect_ifaces(capture_options *capture_opts); + + /* Default capture buffer size in Mbytes. */ +-#define DEFAULT_CAPTURE_BUFFER_SIZE 2 ++#define DEFAULT_CAPTURE_BUFFER_SIZE 4 + + #ifdef __cplusplus + } +diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod +index e1dc293..090cd53 100644 +--- a/doc/dumpcap.pod ++++ b/doc/dumpcap.pod +@@ -114,11 +114,11 @@ of size one megabyte each. + + =item -B Ecapture buffer sizeE + +-Set capture buffer size (in MiB, default is 2 MiB). This is used by ++Set capture buffer size (in MiB, default is 4 MiB). This is used by + the capture driver to buffer packet data until that data can be written + to disk. If you encounter packet drops while capturing, try to increase + this size. Note that, while B attempts to set the buffer size +-to 2 MiB by default, and can be told to set it to a larger value, the ++to 4 MiB by default, and can be told to set it to a larger value, the + system or interface on which you're capturing might silently limit the + capture buffer size to a lower value or raise it to a higher value. + +diff --git a/doc/tshark.pod b/doc/tshark.pod +index ba06225..38c43dd 100644 +--- a/doc/tshark.pod ++++ b/doc/tshark.pod +@@ -214,11 +214,11 @@ of size one megabyte each. + + =item -B Ecapture buffer sizeE + +-Set capture buffer size (in MiB, default is 2 MiB). This is used by ++Set capture buffer size (in MiB, default is 4 MiB). This is used by + the capture driver to buffer packet data until that data can be written + to disk. If you encounter packet drops while capturing, try to increase + this size. Note that, while B attempts to set the buffer size +-to 2 MiB by default, and can be told to set it to a larger value, the ++to 4 MiB by default, and can be told to set it to a larger value, the + system or interface on which you're capturing might silently limit the + capture buffer size to a lower value or raise it to a higher value. + +diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template +index 130e7ef..1e9681f 100644 +--- a/doc/wireshark.pod.template ++++ b/doc/wireshark.pod.template +@@ -280,11 +280,11 @@ of size one megabyte each. + + =item -B Ecapture buffer sizeE + +-Set capture buffer size (in MiB, default is 2 MiB). This is used by ++Set capture buffer size (in MiB, default is 4 MiB). This is used by + the capture driver to buffer packet data until that data can be written + to disk. If you encounter packet drops while capturing, try to increase + this size. Note that, while B attempts to set the buffer size +-to 2 MiB by default, and can be told to set it to a larger value, the ++to 4 MiB by default, and can be told to set it to a larger value, the + system or interface on which you're capturing might silently limit the + capture buffer size to a lower value or raise it to a higher value. + +-- +2.9.3 + diff --git a/SOURCES/wireshark-1.10.14-default-snaplen.patch b/SOURCES/wireshark-1.10.14-default-snaplen.patch new file mode 100644 index 0000000..f1cd233 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-default-snaplen.patch @@ -0,0 +1,178 @@ +From 1fb88fef9c8a61be94960e8f4ee0dffc53fc0b67 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Mon, 3 Apr 2017 15:18:41 +0200 +Subject: [PATCH] Reflect new default snaplet in help and man pages + +--- + doc/dumpcap.pod | 2 +- + doc/tshark.pod | 2 +- + doc/wireshark.pod.template | 4 ++-- + docbook/wsug_src/WSUG_app_tools.xml | 4 ++-- + docbook/wsug_src/WSUG_chapter_capture.xml | 4 ++-- + docbook/wsug_src/WSUG_chapter_customize.xml | 2 +- + dumpcap.c | 2 +- + tshark.c | 2 +- + ui/gtk/main.c | 2 +- + ui/qt/main.cpp | 2 +- + 10 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/doc/dumpcap.pod b/doc/dumpcap.pod +index dfd84d8..e1dc293 100644 +--- a/doc/dumpcap.pod ++++ b/doc/dumpcap.pod +@@ -299,7 +299,7 @@ have to explicitly set it to use it). + Set the default snapshot length to use when capturing live data. + No more than I bytes of each network packet will be read into + memory, or saved to disk. A value of 0 specifies a snapshot length of +-65535, so that the full packet is captured; this is the default. ++262144, so that the full packet is captured; this is the default. + + This option can occur multiple times. If used before the first + occurrence of the B<-i> option, it sets the default snapshot length. +diff --git a/doc/tshark.pod b/doc/tshark.pod +index fee8cbc..ba06225 100644 +--- a/doc/tshark.pod ++++ b/doc/tshark.pod +@@ -638,7 +638,7 @@ is one) will be checked against this filter. + Set the default snapshot length to use when capturing live data. + No more than I bytes of each network packet will be read into + memory, or saved to disk. A value of 0 specifies a snapshot length of +-65535, so that the full packet is captured; this is the default. ++262144, so that the full packet is captured; this is the default. + + This option can occur multiple times. If used before the first + occurrence of the B<-i> option, it sets the default snapshot length. +diff --git a/doc/wireshark.pod.template b/doc/wireshark.pod.template +index 0010a47..130e7ef 100644 +--- a/doc/wireshark.pod.template ++++ b/doc/wireshark.pod.template +@@ -536,7 +536,7 @@ capture file; packets not matching the filter are discarded. + Set the default snapshot length to use when capturing live data. + No more than I bytes of each network packet will be read into + memory, or saved to disk. A value of 0 specifies a snapshot length of +-65535, so that the full packet is captured; this is the default. ++262144, so that the full packet is captured; this is the default. + + This option can occur multiple times. If used before the first + occurrence of the B<-i> option, it sets the default snapshot length. +@@ -2345,7 +2345,7 @@ capturing. + + The I check box and field lets you + specify a maximum number of bytes per packet to capture and save; if the +-check box is not checked, the limit will be 65535 bytes. ++check box is not checked, the limit will be 262144 bytes. + + The I entry lets you specify the capture filter using a + tcpdump-style filter string as described above. +diff --git a/docbook/wsug_src/WSUG_app_tools.xml b/docbook/wsug_src/WSUG_app_tools.xml +index 9996e24..bfcec24 100644 +--- a/docbook/wsug_src/WSUG_app_tools.xml ++++ b/docbook/wsug_src/WSUG_app_tools.xml +@@ -40,7 +40,7 @@ Usage: tshark [options] ... + Capture interface: + -i <interface> name or idx of interface (def: first non-loopback) + -f <capture filter> packet filter in libpcap filter syntax +- -s <snaplen> packet snapshot length (def: 65535) ++ -s <snaplen> packet snapshot length (def: 262144) + -p don't capture in promiscuous mode + -I capture in monitor mode, if available + -B <buffer size> size of kernel buffer (def: 1MB) +@@ -190,7 +190,7 @@ Capture interface: + rpcap://<host>/<interface> + TCP@<host>:<port> + -f <capture filter> packet filter in libpcap filter syntax +- -s <snaplen> packet snapshot length (def: 65535) ++ -s <snaplen> packet snapshot length (def: 262144) + -p don't capture in promiscuous mode + -I capture in monitor mode, if available + -B <buffer size> size of kernel buffer in MB (def: 2MB) +diff --git a/docbook/wsug_src/WSUG_chapter_capture.xml b/docbook/wsug_src/WSUG_chapter_capture.xml +index c031da3..140092a 100644 +--- a/docbook/wsug_src/WSUG_chapter_capture.xml ++++ b/docbook/wsug_src/WSUG_chapter_capture.xml +@@ -310,7 +310,7 @@ wireshark -i eth0 -k + + + The maximum amount of data that will be captured for each packet. +- The default value is set to the 65535 bytes. ++ The default value is set to the 262144 bytes. + + + +@@ -684,7 +684,7 @@ wireshark -i eth0 -k + This field allows you to specify the maximum amount of + data that will be captured for each packet, and is + sometimes referred to as the snaplen. If disabled, +- the value is set to the maximum 65535, which will be sufficient for most ++ the value is set to the maximum 262144, which will be sufficient for most + protocols. Some rules of thumb: + + +diff --git a/docbook/wsug_src/WSUG_chapter_customize.xml b/docbook/wsug_src/WSUG_chapter_customize.xml +index 9849b43..cc87f73 100644 +--- a/docbook/wsug_src/WSUG_chapter_customize.xml ++++ b/docbook/wsug_src/WSUG_chapter_customize.xml +@@ -63,7 +63,7 @@ Usage: wireshark [options] ... [ <infile> ] + Capture interface: + -i <interface> name or idx of interface (def: first non-loopback) + -f <capture filter> packet filter in libpcap filter syntax +- -s <snaplen> packet snapshot length (def: 65535) ++ -s <snaplen> packet snapshot length (def: 262144) + -p don't capture in promiscuous mode + -k start capturing immediately (def: do nothing) + -S update packet display when new packets are captured +diff --git a/dumpcap.c b/dumpcap.c +index bae3fbf..066d039 100644 +--- a/dumpcap.c ++++ b/dumpcap.c +@@ -488,7 +488,7 @@ print_usage(gboolean print_ver) + " rpcap:///\n" + " TCP@:\n"); + fprintf(output, " -f packet filter in libpcap filter syntax\n"); +- fprintf(output, " -s packet snapshot length (def: 65535)\n"); ++ fprintf(output, " -s packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE); + fprintf(output, " -p don't capture in promiscuous mode\n"); + #ifdef HAVE_PCAP_CREATE + fprintf(output, " -I capture in monitor mode, if available\n"); +diff --git a/tshark.c b/tshark.c +index 8cc4fae..a84f8e8 100644 +--- a/tshark.c ++++ b/tshark.c +@@ -257,7 +257,7 @@ print_usage(gboolean print_ver) + fprintf(output, "Capture interface:\n"); + fprintf(output, " -i name or idx of interface (def: first non-loopback)\n"); + fprintf(output, " -f packet filter in libpcap filter syntax\n"); +- fprintf(output, " -s packet snapshot length (def: 65535)\n"); ++ fprintf(output, " -s packet snapshot length (def: %u)\n", WTAP_MAX_PACKET_SIZE); + fprintf(output, " -p don't capture in promiscuous mode\n"); + #ifdef HAVE_PCAP_CREATE + fprintf(output, " -I capture in monitor mode, if available\n"); +diff --git a/ui/gtk/main.c b/ui/gtk/main.c +index 3e22c3e..9839a30 100644 +--- a/ui/gtk/main.c ++++ b/ui/gtk/main.c +@@ -1157,7 +1157,7 @@ print_usage(gboolean print_ver) { + fprintf(output, "Capture interface:\n"); + fprintf(output, " -i name or idx of interface (def: first non-loopback)\n"); + fprintf(output, " -f packet filter in libpcap filter syntax\n"); +- fprintf(output, " -s packet snapshot length (def: 65535)\n"); ++ fprintf(output, " -s packet snapshot length (def: 262144)\n"); + fprintf(output, " -p don't capture in promiscuous mode\n"); + fprintf(output, " -k start capturing immediately (def: do nothing)\n"); + fprintf(output, " -S update packet display when new packets are captured\n"); +diff --git a/ui/qt/main.cpp b/ui/qt/main.cpp +index 3193702..eb0a3b6 100644 +--- a/ui/qt/main.cpp ++++ b/ui/qt/main.cpp +@@ -224,7 +224,7 @@ print_usage(gboolean print_ver) { + fprintf(output, "Capture interface:\n"); + fprintf(output, " -i name or idx of interface (def: first non-loopback)\n"); + fprintf(output, " -f packet filter in libpcap filter syntax\n"); +- fprintf(output, " -s packet snapshot length (def: 65535)\n"); ++ fprintf(output, " -s packet snapshot length (def: 262144)\n"); + fprintf(output, " -p don't capture in promiscuous mode\n"); + fprintf(output, " -k start capturing immediately (def: do nothing)\n"); + fprintf(output, " -Q quit Wireshark after capturing\n"); +-- +2.9.3 + diff --git a/SOURCES/wireshark-1.8.10-segfault-cve-2013-4075.patch b/SOURCES/wireshark-1.8.10-segfault-cve-2013-4075.patch new file mode 100644 index 0000000..3dcf631 --- /dev/null +++ b/SOURCES/wireshark-1.8.10-segfault-cve-2013-4075.patch @@ -0,0 +1,32 @@ +From 85441817e9068de1267e945cfee1f8080c402fa7 Mon Sep 17 00:00:00 2001 +From: Martin Sehnoutka +Date: Mon, 13 Mar 2017 10:38:54 +0100 +Subject: [PATCH] Backport dissect_gmr1_bcch modifications from upstream. + +--- + epan/dissectors/packet-gmr1_bcch.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/epan/dissectors/packet-gmr1_bcch.c b/epan/dissectors/packet-gmr1_bcch.c +index f522bd2..6e9a6ed 100644 +--- a/epan/dissectors/packet-gmr1_bcch.c ++++ b/epan/dissectors/packet-gmr1_bcch.c +@@ -1048,6 +1048,7 @@ dissect_gmr1_bcch(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + if (is_si1) { + SystemInformation1_t *data; + data = ep_new(SystemInformation1_t); ++ data->SegmentType = array_length(SI1_SegmentChoice) - 1; + csnStreamDissector(bcch_tree, &ar, CSNDESCR(SystemInformation1_t), tvb, data, ett_gmr1_bcch); + col_append_fstr( + pinfo->cinfo, COL_INFO, +@@ -1057,6 +1058,7 @@ dissect_gmr1_bcch(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + } else { + SystemInformation2_t *data; + data = ep_new(SystemInformation2_t); ++ data->SegmentType = array_length(SI2_SegmentChoice) - 1; + csnStreamDissector(bcch_tree, &ar, CSNDESCR(SystemInformation2_t), tvb, data, ett_gmr1_bcch); + col_append_fstr( + pinfo->cinfo, COL_INFO, +-- +2.9.3 + diff --git a/SPECS/wireshark.spec b/SPECS/wireshark.spec index 073e5fa..0b639a6 100644 --- a/SPECS/wireshark.spec +++ b/SPECS/wireshark.spec @@ -21,7 +21,7 @@ Summary: Network traffic analyzer Name: wireshark Version: 1.10.14 -Release: 10%{?dist} +Release: 14%{?dist} License: GPL+ Group: Applications/Internet Source0: http://wireshark.org/download/src/%{name}-%{version}.tar.bz2 @@ -67,6 +67,9 @@ Patch28: wireshark-1.10.14-gdk-pixbuf-deprecated-segfault.patch Patch29: wireshark-1.10.14-CVE-2015-3182.patch Patch30: wireshark-1.10.14-display-data-len.patch Patch31: wireshark-1.10.14-read-from-stdin.patch +Patch32: wireshark-1.8.10-segfault-cve-2013-4075.patch +Patch33: wireshark-1.10.14-default-snaplen.patch +Patch34: wireshark-1.10.14-buffer-size.patch Url: http://www.wireshark.org/ BuildRequires: libpcap-devel >= 0.9 @@ -133,7 +136,7 @@ Requires: GeoIP %package devel Summary: Development headers and libraries for wireshark Group: Development/Libraries -Requires: %{name} = %{version} glibc-devel glib2-devel +Requires: %{name} = %{version}-%{release} glibc-devel glib2-devel %description @@ -190,6 +193,9 @@ and plugins. %patch29 -p1 -b .cve-2015-3182 %patch30 -p1 -b .display-data-len %patch31 -p1 -b .read-from-stdin +%patch32 -p1 -b .segfault-cve-2013-4075 +%patch33 -p1 -b .default-snaplen +%patch34 -p1 -b .buffer-size %build %ifarch s390 s390x sparcv9 sparc64 @@ -431,6 +437,20 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %{_datadir}/aclocal/* %changelog +* Thu May 04 2017 Martin Sehnoutka - 1.10.14-14 +- Change buffer size in man pages +- Related: #1359974 + +* Fri Apr 21 2017 Martin Sehnoutka - 1.10.14-13 +- Require exact version of Wireshark as a dependency for devel subpackage + +* Mon Apr 03 2017 Martin Sehnoutka - 1.10.14-12 +- Fix wrong snaplen in man pages and help +- Make the capture buffer bigger to prevent dropping packages + +* Mon Mar 13 2017 Martin Sehnoutka - 1.10.14-11 +- Backport upstream changes for CVE-2013-4075 + * Thu Aug 18 2016 Martin Sehnoutka - 1.10.14-10 - Rebuild package - Related to: #1233966