diff --git a/SOURCES/wireshark-1.10.14-CVE-2018-11362.patch b/SOURCES/wireshark-1.10.14-CVE-2018-11362.patch new file mode 100644 index 0000000..47b786a --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2018-11362.patch @@ -0,0 +1,13 @@ +diff --git a/epan/dissectors/packet-ldss.c b/epan/dissectors/packet-ldss.c +index 90db41e..fe2a1be 100644 +--- a/epan/dissectors/packet-ldss.c ++++ b/epan/dissectors/packet-ldss.c +@@ -523,7 +523,7 @@ dissect_ldss_transfer (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) + FALSE); + + /* Include new-line in line */ +- line = (guint8 *)tvb_memdup(tvb, offset, linelen+1); /* XXX - memory leak? */ ++ line = tvb_get_ephemeral_string_enc(tvb, offset, linelen, ENC_ASCII); + + if (tree) { + ti = proto_tree_add_text(ldss_tree, tvb, offset, linelen, diff --git a/SOURCES/wireshark-1.10.14-CVE-2018-14340.patch b/SOURCES/wireshark-1.10.14-CVE-2018-14340.patch new file mode 100644 index 0000000..8d2a748 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2018-14340.patch @@ -0,0 +1,13 @@ +diff --git a/epan/tvbuff.c b/epan/tvbuff.c +index db2cfd1..752393b 100644 +--- a/epan/tvbuff.c ++++ b/epan/tvbuff.c +@@ -3433,7 +3433,7 @@ tvb_uncompress(tvbuff_t *tvb, const int offset, int comprlen) + guint bytes_in = tvb_length_remaining(tvb, offset); + #endif + +- if (tvb == NULL) { ++ if (tvb == NULL || comprlen <= 0) { + return NULL; + } + diff --git a/SOURCES/wireshark-1.10.14-CVE-2018-14341.patch b/SOURCES/wireshark-1.10.14-CVE-2018-14341.patch new file mode 100644 index 0000000..769add8 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2018-14341.patch @@ -0,0 +1,15 @@ +diff --git a/epan/dissectors/packet-dcm.c b/epan/dissectors/packet-dcm.c +index 1dd8959..bcf613b 100644 +--- a/epan/dissectors/packet-dcm.c ++++ b/epan/dissectors/packet-dcm.c +@@ -5697,6 +5697,10 @@ dissect_dcm_tag_value(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, dcm_s + if (pdv->syntax == DCM_EBE) is_little_endian = FALSE; + else is_little_endian = TRUE; + ++ /* Make sure we have all the bytes of the item; this should throw ++ and exception if vl_max is so large that it causes the offset ++ to overflow. */ ++ tvb_ensure_bytes_exist(tvb, offset, vl_max); + + /* --------------------------------------------------------------------------- + Potentially long types. Obey vl_max diff --git a/SOURCES/wireshark-1.10.14-CVE-2018-14368.patch b/SOURCES/wireshark-1.10.14-CVE-2018-14368.patch new file mode 100644 index 0000000..e4cb47f --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2018-14368.patch @@ -0,0 +1,99 @@ +diff --git a/epan/dissectors/packet-bzr.c.old b/epan/dissectors/packet-bzr.c +index be1becb..94d1c7f 100644 +--- a/epan/dissectors/packet-bzr.c.old ++++ b/epan/dissectors/packet-bzr.c +@@ -85,7 +85,7 @@ static guint + get_bzr_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset) + { + int next_offset; +- gint len = 0; ++ gint len = 0, current_len; + gint protocol_version_len; + guint8 cmd = 0; + +@@ -98,7 +98,10 @@ get_bzr_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset) + len += protocol_version_len + 1; + + /* Headers */ ++ current_len = len; + len += get_bzr_prefixed_len(tvb, next_offset); ++ if (current_len > len) /* Make sure we're not going backwards */ ++ return -1; + + while (tvb_reported_length_remaining(tvb, offset + len) > 0) { + cmd = tvb_get_guint8(tvb, offset + len); +@@ -107,7 +110,10 @@ get_bzr_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset) + switch (cmd) { + case 's': + case 'b': ++ current_len = len; + len += get_bzr_prefixed_len(tvb, offset + len); ++ if (current_len > len) /* Make sure we're not going backwards */ ++ return -1; + break; + case 'o': + len += 1; +@@ -130,8 +130,8 @@ dissect_prefixed_bencode(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, + + plen = tvb_get_ntohl(tvb, offset); + +- ti = proto_tree_add_item(tree, hf_bzr_prefixed_bencode, tvb, offset, 4 + +- plen, ENC_NA); ++ ti = proto_tree_add_item(tree, hf_bzr_prefixed_bencode, tvb, offset, -1, ++ ENC_NA); + prefixed_bencode_tree = proto_item_add_subtree(ti, ett_prefixed_bencode); + + if (prefixed_bencode_tree) +@@ -143,6 +143,8 @@ dissect_prefixed_bencode(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, + tvb, offset+4, plen, ENC_NA); + } + ++ proto_item_set_len(ti, 4 + plen); ++ + return 4 + plen; + } + +@@ -156,18 +158,16 @@ dissect_prefixed_bytes(tvbuff_t *tvb, gint offset, packet_info *pinfo _U_, + + plen = tvb_get_ntohl(tvb, offset); + +- ti = proto_tree_add_item(tree, hf_bzr_bytes, tvb, offset, 4 + +- plen, ENC_NA); ++ ti = proto_tree_add_item(tree, hf_bzr_bytes, tvb, offset, -1, ENC_NA); + prefixed_bytes_tree = proto_item_add_subtree(ti, ett_prefixed_bytes); + +- if (prefixed_bytes_tree) +- { +- proto_tree_add_item(prefixed_bytes_tree, hf_bzr_bytes_length, +- tvb, offset, 4, ENC_BIG_ENDIAN); ++ proto_tree_add_item(prefixed_bytes_tree, hf_bzr_bytes_length, ++ tvb, offset, 4, ENC_BIG_ENDIAN); + +- proto_tree_add_item(prefixed_bytes_tree, hf_bzr_bytes_data, +- tvb, offset+4, plen, ENC_NA); +- } ++ proto_tree_add_item(prefixed_bytes_tree, hf_bzr_bytes_data, ++ tvb, offset+4, plen, ENC_NA); ++ ++ proto_item_set_len(ti, 4 + plen); + + return 4 + plen; + } +@@ -267,7 +267,7 @@ proto_register_bzr(void) + NULL, 0x0, NULL, HFILL }, + }, + { &hf_bzr_prefixed_bencode, +- { "Bencode packet", "bzr.bencode", FT_BYTES, BASE_NONE, NULL, 0x0, ++ { "Bencode packet", "bzr.bencode", FT_NONE, BASE_NONE, NULL, 0x0, + "Serialized structure of integers, dictionaries, strings and " + "lists.", HFILL }, + }, +@@ -280,7 +280,7 @@ proto_register_bzr(void) + NULL, 0x0, NULL, HFILL }, + }, + { &hf_bzr_bytes, +- { "Prefixed bytes", "bzr.bytes", FT_BYTES, BASE_NONE, NULL, 0x0, ++ { "Prefixed bytes", "bzr.bytes", FT_NONE, BASE_NONE, NULL, 0x0, + "Bytes field with prefixed 32-bit length", HFILL }, + }, + { &hf_bzr_bytes_data, diff --git a/SOURCES/wireshark-1.10.14-CVE-2018-16057.patch b/SOURCES/wireshark-1.10.14-CVE-2018-16057.patch new file mode 100644 index 0000000..eab5644 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2018-16057.patch @@ -0,0 +1,98 @@ +diff -u b/epan/dissectors/packet-ieee80211-radiotap-iter.c b/epan/dissectors/packet-ieee80211-radiotap-iter.c +--- b/epan/dissectors/packet-ieee80211-radiotap-iter.c ++++ b/epan/dissectors/packet-ieee80211-radiotap-iter.c +@@ -120,6 +120,9 @@ + struct ieee80211_radiotap_header *radiotap_header, + int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns) + { ++ if (max_length < (int)sizeof(struct ieee80211_radiotap_header)) ++ return -EINVAL; ++ + /* Linux only supports version 0 radiotap format */ + if (radiotap_header->it_version) + return -EINVAL; +@@ -131,6 +134,7 @@ + iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present); + iterator->_arg = (guint8 *)radiotap_header + sizeof(*radiotap_header); + iterator->_reset_on_ext = 0; ++ iterator->_next_ns_data = NULL; + iterator->_next_bitmap = &radiotap_header->it_present; + iterator->_next_bitmap++; + iterator->_vns = vns; +@@ -146,9 +150,11 @@ + + /* find payload start allowing for extended bitmap(s) */ + +- if (iterator->_bitmap_shifter & (1<_bitmap_shifter & (1U<_arg) & +- (1 << IEEE80211_RADIOTAP_EXT)) { ++ (1U << IEEE80211_RADIOTAP_EXT)) { + iterator->_arg += sizeof(guint32); + + /* +@@ -157,7 +163,7 @@ + * stated radiotap header length + */ + +- if (!ITERATOR_VALID(iterator, 0)) ++ if (!ITERATOR_VALID(iterator, sizeof(guint32))) + return -EINVAL; + } + +@@ -287,9 +293,14 @@ + } + if (!align) { + /* skip all subsequent data */ ++ if (!iterator->_next_ns_data) ++ return -EINVAL; + iterator->_arg = iterator->_next_ns_data; + /* give up on this namespace */ + iterator->current_namespace = NULL; ++ iterator->_next_ns_data = NULL; ++ if (!ITERATOR_VALID(iterator, 0)) ++ return -EINVAL; + goto next_entry; + } + break; +diff --git a/epan/dissectors/packet-ieee80211-radiotap.c.old b/epan/dissectors/packet-ieee80211-radiotap.c +index fd8ad89..c4945a8 100644 +--- a/epan/dissectors/packet-ieee80211-radiotap.c.old ++++ b/epan/dissectors/packet-ieee80211-radiotap.c +@@ -49,6 +49,7 @@ static int proto_radiotap = -1; + static int hf_radiotap_version = -1; + static int hf_radiotap_pad = -1; + static int hf_radiotap_length = -1; ++static int hf_radiotap_invalid_header_length = -1; + static int hf_radiotap_present = -1; + static int hf_radiotap_mactime = -1; + /* static int hf_radiotap_channel = -1; */ +@@ -1024,6 +1025,14 @@ dissect_radiotap(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree) + tvb, 2, 2, length); + } + ++ /* ++ * The length is the length of the entire radiotap header, so it ++ * must be at least 8, for the version, padding, length, and first ++ * presence flags word. ++ */ ++ if (length < 8) ++ return; ++ + data = ep_tvb_memdup(tvb, 0, length); + if (!data) + return; +@@ -1990,6 +1999,11 @@ void proto_register_radiotap(void) + FT_UINT8, BASE_DEC, NULL, 0x0, + "Padding", HFILL}}, + ++ {&hf_radiotap_invalid_header_length, ++ {"Present flags", "radiotap.length.invalid", ++ FT_NONE, BASE_NONE, NULL, 0x0, ++ "The radiotap header length is less than 8 bytes", HFILL}}, ++ + {&hf_radiotap_length, + {"Header length", "radiotap.length", + FT_UINT16, BASE_DEC, NULL, 0x0, diff --git a/SOURCES/wireshark-1.10.14-CVE-2018-19622.patch b/SOURCES/wireshark-1.10.14-CVE-2018-19622.patch new file mode 100644 index 0000000..870d2ea --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2018-19622.patch @@ -0,0 +1,46 @@ +diff --git a/epan/dissectors/packet-mmse.c.old b/epan/dissectors/packet-mmse.c +index aacebaf..2a74836 100644 +--- a/epan/dissectors/packet-mmse.c.old ++++ b/epan/dissectors/packet-mmse.c +@@ -494,6 +494,12 @@ get_value_length(tvbuff_t *tvb, guint offset, guint *byte_count) + field = tvb_get_guintvar(tvb, offset, byte_count); + (*byte_count)++; + } ++ ++ /* The packet says there are this many bytes; ensure they're there. ++ * We do this here because several callers do math on the length we ++ * return here and may not catch an overflow. ++ */ ++ tvb_ensure_bytes_exist(tvb, offset, field); + return field; + } + +@@ -699,7 +705,7 @@ static void + dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut, + const char *message_type) + { +- guint offset; ++ guint offset, old_offset; + guint8 field = 0; + const char *strval; + guint length; +@@ -734,6 +740,7 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut, + } + + offset = 2; /* Skip Message-Type */ ++ old_offset = 1; + + /* + * Cycle through MMS-headers +@@ -1293,6 +1300,11 @@ dissect_mmse(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint8 pdut, + break; + } + DebugLog(("\tEnd(case)\n")); ++ ++ if (offset <= old_offset) { ++ REPORT_DISSECTOR_BUG("Offset isn't increasing"); ++ } ++ old_offset = offset; + } + DebugLog(("\tEnd(switch)\n")); + if (field == MM_CTYPE_HDR) { diff --git a/SOURCES/wireshark-1.10.14-CVE-2018-7418.patch b/SOURCES/wireshark-1.10.14-CVE-2018-7418.patch new file mode 100644 index 0000000..f78b83f --- /dev/null +++ b/SOURCES/wireshark-1.10.14-CVE-2018-7418.patch @@ -0,0 +1,13 @@ +diff --git a/epan/dissectors/packet-sigcomp.c b/epan/dissectors/packet-sigcomp.c +index 5a7122a..2b864a6 100644 +--- a/epan/dissectors/packet-sigcomp.c ++++ b/epan/dissectors/packet-sigcomp.c +@@ -409,7 +409,7 @@ dissect_sigcomp_tcp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *_ + + col_clear(pinfo->cinfo, COL_INFO); + +- length = tvb_length_remaining(tvb,offset); ++ length = tvb_reported_length(tvb); + + try_again: + /* create display subtree for the protocol */ diff --git a/SOURCES/wireshark-1.10.14-large-file-crash.patch b/SOURCES/wireshark-1.10.14-large-file-crash.patch new file mode 100644 index 0000000..d59b567 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-large-file-crash.patch @@ -0,0 +1,46 @@ +diff --git a/epan/packet.c b/epan/packet.c +index 6c74fd9287..d76fa44037 100644 +--- a/epan/packet.c ++++ b/epan/packet.c +@@ -354,9 +354,9 @@ add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name) + { + struct data_source *src; + +- src = (struct data_source *)g_malloc(sizeof(struct data_source)); ++ src = wmem_new(pinfo->pool, struct data_source); + src->tvb = tvb; +- src->name = g_strdup(name); ++ src->name = wmem_strdup(pinfo->pool, name); + /* This could end up slow, but we should never have that many data + * sources so it probably doesn't matter */ + pinfo->data_src = g_slist_append(pinfo->data_src, src); +@@ -365,14 +365,10 @@ add_new_data_source(packet_info *pinfo, tvbuff_t *tvb, const char *name) + void + remove_last_data_source(packet_info *pinfo) + { +- struct data_source *src; + GSList *last; + + last = g_slist_last(pinfo->data_src); +- src = (struct data_source *)last->data; + pinfo->data_src = g_slist_delete_link(pinfo->data_src, last); +- g_free(src->name); +- g_slice_free(struct data_source, src); + } + + const char* +@@ -397,14 +393,6 @@ void + free_data_sources(packet_info *pinfo) + { + if (pinfo->data_src) { +- GSList *l; +- +- for (l = pinfo->data_src; l; l = l->next) { +- struct data_source *src = (struct data_source *)l->data; +- +- g_free(src->name); +- g_free(src); +- } + g_slist_free(pinfo->data_src); + pinfo->data_src = NULL; + } diff --git a/SOURCES/wireshark-1.10.14-packetlogger-endian.patch b/SOURCES/wireshark-1.10.14-packetlogger-endian.patch new file mode 100644 index 0000000..c97134f --- /dev/null +++ b/SOURCES/wireshark-1.10.14-packetlogger-endian.patch @@ -0,0 +1,26 @@ +diff --git a/wiretap/packetlogger.c.old b/wiretap/packetlogger.c +index fcaedc9..83187ad 100644 +--- a/wiretap/packetlogger.c.old ++++ b/wiretap/packetlogger.c +@@ -83,21 +83,6 @@ int packetlogger_open(wtap *wth, int *err, gchar **err_info) + return 0; + } + +- /* +- * If the upper 16 bits of the length are non-zero and the lower +- * 16 bits are zero, assume the file is little-endian. +- */ +- if ((pl_hdr.len & 0x0000FFFF) == 0 && +- (pl_hdr.len & 0xFFFF0000) != 0) { +- /* +- * Byte-swap the upper 16 bits (the lower 16 bits are +- * zero, so we don't have to look at them). +- */ +- pl_hdr.len = ((pl_hdr.len >> 24) & 0xFF) | +- (((pl_hdr.len >> 16) & 0xFF) << 8); +- little_endian = TRUE; +- } +- + /* Verify this file belongs to us */ + if (!((8 <= pl_hdr.len) && (pl_hdr.len < 65536) && + (type < 0x04 || type == 0xFB || type == 0xFC || type == 0xFE || type == 0xFF))) diff --git a/SOURCES/wireshark-1.10.14-valgrind-error.patch b/SOURCES/wireshark-1.10.14-valgrind-error.patch new file mode 100644 index 0000000..90daa32 --- /dev/null +++ b/SOURCES/wireshark-1.10.14-valgrind-error.patch @@ -0,0 +1,69 @@ +diff --git a/epan/dissectors/packet-distcc.c b/epan/dissectors/packet-distcc.c +index 1478ca2f28..6ec20c5a2a 100644 +--- a/epan/dissectors/packet-distcc.c ++++ b/epan/dissectors/packet-distcc.c +@@ -266,7 +266,7 @@ dissect_distcc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) + int offset=0; + proto_tree *tree=NULL; + proto_item *item=NULL; +- char token[4]; ++ char buf[13]; + guint32 parameter; + + +@@ -280,39 +280,33 @@ dissect_distcc(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent_tree) + tree = proto_item_add_subtree(item, ett_distcc); + } + +- while(1){ +- /* we must have at least 12 bytes so we can read the +- token and the parameter */ +- if(tvb_length_remaining(tvb, offset)<12){ +- return; +- } +- +- /* read the token */ +- tvb_memcpy(tvb, token, offset, 4); +- offset+=4; ++ while (TRUE) { ++ /* read the raw token (4 bytes) and parameter (8 bytes) */ ++ tvb_memcpy(tvb, buf, offset, 12); ++ buf[12] = '\0'; ++ offset+=12; + +- /* read the parameter */ +- if (sscanf(tvb_get_ptr(tvb, offset, 8), "%08x", ¶meter) != 1) ++ /* scan the parameter */ ++ if (sscanf(buf + 4, "%08x", ¶meter) != 1) + return; +- offset+=8; + +- if(!strncmp(token, "DIST", 4)){ ++ if(!strncmp(buf, "DIST", 4)){ + offset=dissect_distcc_dist(tvb, pinfo, tree, offset, parameter); +- } else if(!strncmp(token, "ARGC", 4)){ ++ } else if(!strncmp(buf, "ARGC", 4)){ + offset=dissect_distcc_argc(tvb, pinfo, tree, offset, parameter); +- } else if(!strncmp(token, "ARGV", 4)){ ++ } else if(!strncmp(buf, "ARGV", 4)){ + offset=dissect_distcc_argv(tvb, pinfo, tree, offset, parameter); +- } else if(!strncmp(token, "DOTI", 4)){ ++ } else if(!strncmp(buf, "DOTI", 4)){ + offset=dissect_distcc_doti(tvb, pinfo, tree, offset, parameter); +- } else if(!strncmp(token, "DONE", 4)){ ++ } else if(!strncmp(buf, "DONE", 4)){ + offset=dissect_distcc_done(tvb, pinfo, tree, offset, parameter); +- } else if(!strncmp(token, "STAT", 4)){ ++ } else if(!strncmp(buf, "STAT", 4)){ + offset=dissect_distcc_stat(tvb, pinfo, tree, offset, parameter); +- } else if(!strncmp(token, "SERR", 4)){ ++ } else if(!strncmp(buf, "SERR", 4)){ + offset=dissect_distcc_serr(tvb, pinfo, tree, offset, parameter); +- } else if(!strncmp(token, "SOUT", 4)){ ++ } else if(!strncmp(buf, "SOUT", 4)){ + offset=dissect_distcc_sout(tvb, pinfo, tree, offset, parameter); +- } else if(!strncmp(token, "DOTO", 4)){ ++ } else if(!strncmp(buf, "DOTO", 4)){ + offset=dissect_distcc_doto(tvb, pinfo, tree, offset, parameter); + } else { + call_dissector(data_handle, tvb, pinfo, tree); diff --git a/SPECS/wireshark.spec b/SPECS/wireshark.spec index 3536930..99c3231 100644 --- a/SPECS/wireshark.spec +++ b/SPECS/wireshark.spec @@ -21,7 +21,7 @@ Summary: Network traffic analyzer Name: wireshark Version: 1.10.14 -Release: 16%{?dist} +Release: 24%{?dist} License: GPL+ Group: Applications/Internet Source0: http://wireshark.org/download/src/%{name}-%{version}.tar.bz2 @@ -72,6 +72,16 @@ Patch33: wireshark-1.10.14-default-snaplen.patch Patch34: wireshark-1.10.14-buffer-size.patch Patch35: wireshark-1.10.14-drop-count.patch Patch36: wireshark-1.10.14-af-vsock-support.patch +Patch37: wireshark-1.10.14-CVE-2018-7418.patch +Patch38: wireshark-1.10.14-CVE-2018-11362.patch +Patch39: wireshark-1.10.14-CVE-2018-14340.patch +Patch40: wireshark-1.10.14-CVE-2018-14341.patch +Patch41: wireshark-1.10.14-CVE-2018-14368.patch +Patch42: wireshark-1.10.14-CVE-2018-16057.patch +Patch43: wireshark-1.10.14-CVE-2018-19622.patch +Patch44: wireshark-1.10.14-large-file-crash.patch +Patch45: wireshark-1.10.14-valgrind-error.patch +Patch46: wireshark-1.10.14-packetlogger-endian.patch Url: http://www.wireshark.org/ BuildRequires: libpcap-devel >= 0.9 @@ -200,6 +210,16 @@ and plugins. %patch34 -p1 -b .buffer-size %patch35 -p1 -b .drop-count %patch36 -p1 -b .af-vsock +%patch37 -p1 -b .cve-2018-7418 +%patch38 -p1 -b .cve-2018-11362 +%patch39 -p1 -b .cve-2018-14340 +%patch40 -p1 -b .cve-2018-14341 +%patch41 -p1 -b .cve-2018-14368 +%patch42 -p1 -b .cve-2018-16057 +%patch43 -p1 -b .cve-2018-19622 +%patch44 -p1 -b .large-file-crash +%patch45 -p1 -b .valgrind-error +%patch46 -p1 -b .packetlogger-endian %build %ifarch s390 s390x sparcv9 sparc64 @@ -441,6 +461,36 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %{_datadir}/aclocal/* %changelog +* Fri Oct 18 2019 Michal Ruprich - 1.10.14-24 +- Related: #1613034 - Typo in the previous patch discovered by covscan + +* Thu Oct 17 2019 Michal Ruprich - 1.10.14-23 +- Related: #1613034 - Fixing an infinite loop created by previous update + +* Tue Sep 10 2019 Michal Ruprich - 1.10.14-22 +- Related: #1633330 - fixing a couple of covscan issues + +* Fri Sep 06 2019 Michal Ruprich - 1.10.14-21 +- Related: #1254543 - removing endian shift in packetlogger because it failed to recognize bluetooth hci packet + +* Thu Aug 15 2019 Michal Ruprich - 1.10.14-20 +- Resolves: #1254543 - valgrind reports errors on pcap file from an older cve + +* Wed Aug 14 2019 Michal Ruprich - 1.10.14-19 +- Related: #1633330 - A few more checks in the packet dissector + +* Wed Aug 07 2019 Michal Ruprich - 1.10.14-18 +- Resolves: #1176967 - wireshark crashes opening large packet captures + +* Fri Jul 19 2019 Michal Ruprich - 1.10.14-17 +- Resolves: #1557212 - CVE-2018-7418 SIGCOMP dissector crash in packet-sigcomp.c +- Resolves: #1588208 - CVE-2018-11362 Out-of-bounds Read in packet-ldss.c +- Resolves: #1612146 - CVE-2018-14340 Multiple dissectors could crash +- Resolves: #1613032 - CVE-2018-14341 DICOM dissector infinite loop +- Resolves: #1613034 - CVE-2018-14368 Bazaar dissector infinite loop +- Resolves: #1633330 - CVE-2018-16057 Radiotap dissector crash +- Resolves: #1660148 - CVE-2018-19622 Infinite loop in the MMSE dissector + * Thu Jun 21 2018 Michal Ruprich - 1.10.14-16 - Resolves: #1464395 - RFE: AF_VSOCK support in Wireshark