diff --git a/CVE-2022-3190.patch b/CVE-2022-3190.patch new file mode 100644 index 0000000000000000000000000000000000000000..3dcc2f761f00b062583ba53dfa6e39deb45fde11 --- /dev/null +++ b/CVE-2022-3190.patch @@ -0,0 +1,143 @@ +From 0f27a83c5692b2afebe6e6934c1051f76aa2ecf9 Mon Sep 17 00:00:00 2001 +From: Jason Cohen +Date: Wed, 31 Aug 2022 11:10:17 -0500 +Subject: [PATCH] f5ethtrailer: Improve "old-style" heuristic + +Remove a chance for an infinate loop in the disection heuristic. +--- + epan/dissectors/packet-f5ethtrailer.c | 108 +++++++++++++------------- + 1 file changed, 56 insertions(+), 52 deletions(-) + +diff --git a/epan/dissectors/packet-f5ethtrailer.c b/epan/dissectors/packet-f5ethtrailer.c +index b2ba8f899d..915348ea83 100644 +--- a/epan/dissectors/packet-f5ethtrailer.c ++++ b/epan/dissectors/packet-f5ethtrailer.c +@@ -2751,69 +2751,73 @@ dissect_dpt_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *d + static gint + dissect_old_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) + { +- proto_tree *type_tree = NULL; +- proto_item *ti = NULL; + guint offset = 0; +- guint processed = 0; +- f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data; +- guint8 type; +- guint8 len; +- guint8 ver; + + /* While we still have data in the trailer. For old format trailers, this needs + * type, length, version (3 bytes) and for new format trailers, the magic header (4 bytes). + * All old format trailers are at least 4 bytes long, so just check for length of magic. + */ +- while (tvb_reported_length_remaining(tvb, offset)) { +- type = tvb_get_guint8(tvb, offset); +- len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION; +- ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION); +- +- if (len <= tvb_reported_length_remaining(tvb, offset) && type >= F5TYPE_LOW +- && type <= F5TYPE_HIGH && len >= F5_MIN_SANE && len <= F5_MAX_SANE +- && ver <= F5TRAILER_VER_MAX) { +- /* Parse out the specified trailer. */ +- switch (type) { +- case F5TYPE_LOW: +- ti = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low); +- +- processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_low = 1; +- } +- break; +- case F5TYPE_MED: +- ti = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med); +- +- processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_med = 1; +- } +- break; +- case F5TYPE_HIGH: +- ti = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA); +- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high); +- +- processed = +- dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); +- if (processed > 0) { +- tdata->trailer_len += processed; +- tdata->noise_high = 1; +- } +- break; ++ while (tvb_reported_length_remaining(tvb, offset) >= F5_MIN_SANE) { ++ /* length field does not include the type and length bytes. Add them back in */ ++ guint8 len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION; ++ if (len > tvb_reported_length_remaining(tvb, offset) ++ || len < F5_MIN_SANE || len > F5_MAX_SANE) { ++ /* Invalid length - either a malformed trailer, corrupt packet, or not f5ethtrailer */ ++ return offset; ++ } ++ guint8 type = tvb_get_guint8(tvb, offset); ++ guint8 ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION); ++ ++ /* Parse out the specified trailer. */ ++ proto_tree *type_tree = NULL; ++ proto_item *ti = NULL; ++ f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data; ++ guint processed = 0; ++ ++ switch (type) { ++ case F5TYPE_LOW: ++ ti = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low); ++ ++ processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_low = 1; + } +- if (processed == 0) { +- proto_item_set_len(ti, 1); +- return offset; ++ break; ++ case F5TYPE_MED: ++ ti = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med); ++ ++ processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_med = 1; ++ } ++ break; ++ case F5TYPE_HIGH: ++ ti = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA); ++ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high); ++ ++ processed = ++ dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata); ++ if (processed > 0) { ++ tdata->trailer_len += processed; ++ tdata->noise_high = 1; + } ++ break; ++ default: ++ /* Unknown type - malformed trailer, corrupt packet, or not f5ethtrailer - bali out*/ ++ return offset; ++ } ++ if (processed == 0) { ++ /* couldn't process trailer - bali out */ ++ proto_item_set_len(ti, 1); ++ return offset; + } + offset += processed; + } +-return offset; ++ return offset; + } /* dissect_old_trailer() */ + + /*---------------------------------------------------------------------------*/ +-- +GitLab + diff --git a/SIGNATURES-3.6.2.txt b/SIGNATURES-3.6.2.txt deleted file mode 100644 index 8721df2e5d25dcce57b5569bfcdf19b9eeb73b48..0000000000000000000000000000000000000000 --- a/SIGNATURES-3.6.2.txt +++ /dev/null @@ -1,70 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -wireshark-3.6.2.tar.xz: 39654296 bytes -SHA256(wireshark-3.6.2.tar.xz)=5d901a5572aef953f04adc253ed2a0699d4c62779d3249021e1e8541a024c30e -RIPEMD160(wireshark-3.6.2.tar.xz)=da465f279204f8913b9dcb76043b8162b60ed40d -SHA1(wireshark-3.6.2.tar.xz)=d4cf3da54021a763e0bf5f28b4f0bf5c0912d344 - -Wireshark-win64-3.6.2.exe: 77465592 bytes -SHA256(Wireshark-win64-3.6.2.exe)=8b02c49d60e1e5261fe95ad27e5f5f3ae81990332dd2621959daad7ba84e5388 -RIPEMD160(Wireshark-win64-3.6.2.exe)=18355d12b844ebc5cdee1a6b84aff237483d8387 -SHA1(Wireshark-win64-3.6.2.exe)=7343c59e1d70f77a370155873b83208ae1908bc6 - -Wireshark-win32-3.6.2.exe: 61320568 bytes -SHA256(Wireshark-win32-3.6.2.exe)=8b0f9f2bad9e9fe30a78c9221eb81bda7da94bf65b1994bb28ebe2586a9e8408 -RIPEMD160(Wireshark-win32-3.6.2.exe)=8685fa838b0506dbb320ae26455ece427abd1ee0 -SHA1(Wireshark-win32-3.6.2.exe)=8e509a6df3e12b702d363c3d634445c25e6767f5 - -Wireshark-win32-3.6.2.msi: 45486080 bytes -SHA256(Wireshark-win32-3.6.2.msi)=dd23322a8767482f6b7c37cf27d3c977abdca80362e1ba8e4454c1c0f279967d -RIPEMD160(Wireshark-win32-3.6.2.msi)=9385476553c225bb8782ec5bc446ba0cd20f8f67 -SHA1(Wireshark-win32-3.6.2.msi)=787d590c2ddcefad3e4acd33948461609e103122 - -Wireshark-win64-3.6.2.msi: 50790400 bytes -SHA256(Wireshark-win64-3.6.2.msi)=62f1e4540b1dce852d83030c4ca28c7566facce2811f970d5bd77be858d253e2 -RIPEMD160(Wireshark-win64-3.6.2.msi)=238d5854f2c438b514d189bd95cfaa3c94a9666a -SHA1(Wireshark-win64-3.6.2.msi)=0bcd2a4b47762a5d6ecc532bcba60d3bc714dbac - -WiresharkPortable64_3.6.2.paf.exe: 44287624 bytes -SHA256(WiresharkPortable64_3.6.2.paf.exe)=7d82830495f3e44adae80bab9e31546d1db2b20f1a15eff8114734c8bb5138f8 -RIPEMD160(WiresharkPortable64_3.6.2.paf.exe)=b552499b4cc52b8af4fb9e71d9d68bfd37c3eaf8 -SHA1(WiresharkPortable64_3.6.2.paf.exe)=b9d5c55c236db415d623772dfe10ac4576c58302 - -WiresharkPortable32_3.6.2.paf.exe: 39538544 bytes -SHA256(WiresharkPortable32_3.6.2.paf.exe)=7d173ef36556a820649e37ff4783c8fdfaa57efe01dd77a9f71481db9c4ff092 -RIPEMD160(WiresharkPortable32_3.6.2.paf.exe)=7a7da1b6fa647ce8927c6913bda90e50ab9bfc94 -SHA1(WiresharkPortable32_3.6.2.paf.exe)=16ed9196cfc0ec3b6a98adbea958516bd458b9ad - -Wireshark 3.6.2 Arm 64.dmg: 139809400 bytes -SHA256(Wireshark 3.6.2 Arm 64.dmg)=3835b6942192675ed3173c4f5fa2bf144c5f6792b3624b140ab9525ca362b17e -RIPEMD160(Wireshark 3.6.2 Arm 64.dmg)=edae2e33a5875a084f784a25bc4def35b20e9452 -SHA1(Wireshark 3.6.2 Arm 64.dmg)=ff59c2bf0825a072d9ec7057db1dd0851994eb0e - -Wireshark 3.6.2 Intel 64.dmg: 138770043 bytes -SHA256(Wireshark 3.6.2 Intel 64.dmg)=7d434803ca73a4282b1e52b77510d176063b609eda98dfa3ddb30c963cf616e3 -RIPEMD160(Wireshark 3.6.2 Intel 64.dmg)=858d58b33c154dcecc3433038bf02266546bdd74 -SHA1(Wireshark 3.6.2 Intel 64.dmg)=a36c317cc927a2d596b3d1efe59632300de8704b - -You can validate these hashes using the following commands (among others): - - Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 - Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz - macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg" - Other: openssl sha256 wireshark-x.y.z.tar.xz ------BEGIN PGP SIGNATURE----- - -iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAmIFbEAACgkQgiRKeOb+ -ruqfwhAA6D/6kuP4iUd+fxQ3YJl6kTOYMTGuO5TY56+XYbIO2Rrjgk8eldDzhJfo -bCc1Rdmw67cfn6O4EPMJJ4X/NCKILqzjcNGqMD4Y07fXv8t2UbnzYofTbPyzmKN1 -T2i2gpqMPq21GFcVE4sZonqxWR8JsBA3XNbwjeBnZ/A0Yvpf6c/Jq7IBOfHlO/s3 -td4Pxft5iesW0SadqBkidu3v+ptNGChrsOd1lIa1YpOFfkvDJlKK7VknIyOoi4hU -cxUAJgn3yxawvd9/rOz+Gl3N6KCguPlssej5cdqh3beWJl7hbCDoayd7alHctNuR -yqKCTQZDQN8V6aHAkknDHu40du0UU79XIlivaNWisUTJGi0Gkiv7R8hZhq2YFs+9 -1n6gRdGeofwpD3ZoKGloy6P7KY1qpdpDq05CWH/UJ+F1JwRHT/Qvk7+K/Zr+Fv3Q -DS/YL2QUImDM4T29rpA8txl+FBcu751VQ+RRr/dm5u1NnfCOyzRyueoFMKG80HJF -wEiqcIaz4TgyZHCp6mfHeZw5BPl4EbHD5l88Nx/70npXX2kOI5JdFAVBOv9fynz/ -zj45Q1wP/T2h3PuWbHIz1br4KMSONJJ9DaNMdDBnJyiT2S7U5FqG1HpHYNhTZ4ie -yQxfBENY/9I+kVHOKtUyxjuJvjiOS8TdaXYgnTVQvgPm4f8Dzk0= -=rfe2 ------END PGP SIGNATURE----- diff --git a/SIGNATURES-3.6.3.txt b/SIGNATURES-3.6.3.txt new file mode 100644 index 0000000000000000000000000000000000000000..9b135f7afeee86a542b98b09ae10b279e3556122 --- /dev/null +++ b/SIGNATURES-3.6.3.txt @@ -0,0 +1,70 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +wireshark-3.6.3.tar.xz: 39935892 bytes +SHA256(wireshark-3.6.3.tar.xz)=b60364a4c0068a10811ab3fd075ca6c1eb0e75d44600271b88a20ed93a2ef631 +RIPEMD160(wireshark-3.6.3.tar.xz)=e34360909c9e4822595f6c96666171e1caef66b1 +SHA1(wireshark-3.6.3.tar.xz)=72226ea907b660309f0d356fc967f75974a16047 + +Wireshark-win64-3.6.3.exe: 77475048 bytes +SHA256(Wireshark-win64-3.6.3.exe)=b87ee22f981c033e6a075193c2a9a4cf699ec1a5bde7ec4851b9344a27b73eb7 +RIPEMD160(Wireshark-win64-3.6.3.exe)=4b9f661d85007ed6ecaaec8e5990dc12ea0b48d0 +SHA1(Wireshark-win64-3.6.3.exe)=c6127feaf0b250ca52b6baa170a974a796db79e8 + +Wireshark-win32-3.6.3.exe: 61329928 bytes +SHA256(Wireshark-win32-3.6.3.exe)=8f7d298c06505948999a557cefda084015ca010a6b2812b36ec18726a5f65bfb +RIPEMD160(Wireshark-win32-3.6.3.exe)=641e074c3800e00d76a80b47aa0bd26a1c5a929f +SHA1(Wireshark-win32-3.6.3.exe)=1259590a55bb65eaa9f5186da42e80b0dadb824b + +Wireshark-win32-3.6.3.msi: 45518848 bytes +SHA256(Wireshark-win32-3.6.3.msi)=d373d252723ffd357114b40e8e4292c4d447995c00b937cf3394f7c9a1ede185 +RIPEMD160(Wireshark-win32-3.6.3.msi)=7cd384a11e113ceafea0e828e584f3d7f596f471 +SHA1(Wireshark-win32-3.6.3.msi)=ebd6ea81ebf96df51cee5480a2938a25f1a4021b + +Wireshark-win64-3.6.3.msi: 50798592 bytes +SHA256(Wireshark-win64-3.6.3.msi)=8ac14d26320751c938c70ba81fab3febb1a95c79588316c68757ec442fc92e1f +RIPEMD160(Wireshark-win64-3.6.3.msi)=19ceda5370f3177fcbc20144521e880f272fe0f6 +SHA1(Wireshark-win64-3.6.3.msi)=93a38c6d688f3aecf126ed1b9efcf53fc6c7cd8f + +WiresharkPortable32_3.6.3.paf.exe: 39538752 bytes +SHA256(WiresharkPortable32_3.6.3.paf.exe)=f2c1e026df966cdcbbb07fe215b42e63575e87d0e61728e917bab30aa1a6aed4 +RIPEMD160(WiresharkPortable32_3.6.3.paf.exe)=950a4943a290b5c35b44cd57cb704a63a0a4dd52 +SHA1(WiresharkPortable32_3.6.3.paf.exe)=f281e610da157f745d4dc7922d8cc0d7e64ebaa4 + +WiresharkPortable64_3.6.3.paf.exe: 44293192 bytes +SHA256(WiresharkPortable64_3.6.3.paf.exe)=169e1b389bc97f28e12d93643be6fc31ebcedce75f9e466645f5843ae4356075 +RIPEMD160(WiresharkPortable64_3.6.3.paf.exe)=cc1bbd18d55e4447eafc079bb99c97c8cbf3d97a +SHA1(WiresharkPortable64_3.6.3.paf.exe)=6fde24cd7c98e4a79214a9fd820ca6d4392e6799 + +Wireshark 3.6.3 Arm 64.dmg: 137199813 bytes +SHA256(Wireshark 3.6.3 Arm 64.dmg)=d991168cc82683650ad171ae9e90a0f76a0aae17082e234bcd2ddf887b10c63f +RIPEMD160(Wireshark 3.6.3 Arm 64.dmg)=9842b95c269e442025ac411bf8c369c3ac04a3c1 +SHA1(Wireshark 3.6.3 Arm 64.dmg)=106a200ec8af1e0f993f60a229ccc8ec875d9d2d + +Wireshark 3.6.3 Intel 64.dmg: 138797493 bytes +SHA256(Wireshark 3.6.3 Intel 64.dmg)=7e46df85d4a2fcbbe774ce56ebe69988bc60a4d498feb13951778f7178b94981 +RIPEMD160(Wireshark 3.6.3 Intel 64.dmg)=ae92e11c9b69ed8fd814e539d13beeda0bc828cd +SHA1(Wireshark 3.6.3 Intel 64.dmg)=58c56c6240e4fdd649d44727b5e7aad7a5870635 + +You can validate these hashes using the following commands (among others): + + Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 + Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz + macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg" + Other: openssl sha256 wireshark-x.y.z.tar.xz +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAmI7X+YACgkQgiRKeOb+ +ruoHSw//VwkbZmsEHRpQV61cJmnUlPAqMj2VHMZmi1kN0YmhEtVQ+GfYmE/U4egq +XJkUfwvErmA8LWRe+i4p3NCqSfIyIZrqknRaBXpUfMvoAi7PuInmznI7S3B2WZHP +RPl/JGxSPE9Uz3zxNPYx7hsV4JUtSU//xOjgbkXmFbP50jYQ/CavqUE3nqMcdJhn +Q/tM/DppxAQFGzZj2YhvsmxB6Zhoripw4KjZZW3u+RSxz7ZFEdQHMB2oa5x15O1w +FXB1kty9Q7SS+K3e1J0y40xNYQBHyBPpaW+heF4jFXJIcL1xVdIms/q6AeXTnPJo +61Yjd7kBfsP8R7Awqi7jGc/axJngFhThTiotgDSyC+ToFhajKCmbfNIdnm0fqzSF +CvMWknM12K50EmvPw9lsrxCFyaqvslMKgerOUsQTXxD48mFubf72g07y85ENHIgZ +U5HOE6uZUMVhR7EljWFp+IatN9ycC2NZesM9lvvSjPoRqzTaxCQuzKKAcqBpmp5d +1/AqWR4daz13Jq9N5NI+8GVMhyLhRRiQ450WVQDqFUdmEbk3C37qwZqP0FG/duPY +n71cb82I8cfffgou+J1SZf4jNL7s9m4JxeRcUqXbVaWuA+L/br2dPkjJ7lSvlBYi +2eA8BB0Krul3CSTpaJHkxbOLZJ5jiA4i66kXwd8u/mTQEwvnBwA= +=WGYm +-----END PGP SIGNATURE----- diff --git a/wireshark-3.6.2.tar.xz b/wireshark-3.6.3.tar.xz similarity index 76% rename from wireshark-3.6.2.tar.xz rename to wireshark-3.6.3.tar.xz index ce06d060e79c7b2b59cff22e65be2bd975344383..a6889bd35f25b94d9843a65cde6ca7500725d306 100644 Binary files a/wireshark-3.6.2.tar.xz and b/wireshark-3.6.3.tar.xz differ diff --git a/wireshark.spec b/wireshark.spec index 82f3637b697291147e7ffda90453bef89b4cfcb4..69833497059db5371d07dbda3ee3bc7115b3d511 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -4,14 +4,14 @@ Summary: Network traffic analyzer Name: wireshark -Version: 3.6.2 +Version: 3.6.3 Release: 1 Epoch: 1 License: GPL+ Url: http://www.wireshark.org/ Source0: https://wireshark.org/download/src/%{name}-%{version}.tar.xz -Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt +Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt Source2: 90-wireshark-usbmon.rules Source3: wireshark.sysusers @@ -21,6 +21,7 @@ Patch4: wireshark-0004-Restore-Fedora-specific-groups.patch Patch5: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch Patch7: wireshark-0007-cmakelists.patch +Patch8: CVE-2022-3190.patch Requires: xdg-utils Requires: hicolor-icon-theme @@ -60,12 +61,12 @@ BuildRequires: qt5-qtmultimedia-devel BuildRequires: qt5-qtsvg-devel BuildRequires: zlib-devel BuildRequires: asciidoctor -Buildrequires: git-core -Buildrequires: cmake -BuildRequires: systemd-devel -BuildRequires: systemd -BuildRequires: libnghttp2-devel -BuildRequires: pulseaudio +Buildrequires: git-core +Buildrequires: cmake +BuildRequires: systemd-devel +BuildRequires: systemd +BuildRequires: libnghttp2-devel +BuildRequires: pulseaudio %description Wireshark allows you to examine protocol data stored in files or as it is @@ -195,6 +196,9 @@ exit 0 %{_mandir}/man?/* %changelog +* Wed Oct 26 2022 wangkai - 1:3.6.3-1 +- Update to 3.6.3 + * Wed Mar 09 2022 wangkai - 3.6.2-1 - Update to 3.6.2 for fix CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586