diff --git a/CVE-2024-4853.patch b/CVE-2024-4853.patch deleted file mode 100644 index fac29d96de0187c224611b3680c6d06ce26079e6..0000000000000000000000000000000000000000 --- a/CVE-2024-4853.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 3911c7b7d21b7708b9773d61e30b8b5507b62f65 Mon Sep 17 00:00:00 2001 -From: John Thacker -Date: Fri, 29 Mar 2024 09:42:44 -0400 -Subject: [PATCH] editcap: Don't memmove more than allocated in the buffer - -When moving from the begining with a beginning offset specified, -don't run off the end. Subtract the source memory area's full offset -from the beginning of the buffer from the capture length. - -Fix #19724 - - -(cherry picked from commit 7c744e7933794b09e7af4d9703194ad0b01be282) ---- - editcap.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/editcap.c b/editcap.c -index ef99e507b9f..6ac325751db 100644 ---- a/editcap.c -+++ b/editcap.c -@@ -2594,7 +2594,7 @@ handle_chopping(chop_t chop, wtap_packet_header *out_phdr, - if (chop.off_begin_pos > 0) { - memmove(*buf + chop.off_begin_pos, - *buf + chop.off_begin_pos + chop.len_begin, -- out_phdr->caplen - chop.len_begin); -+ out_phdr->caplen - (chop.off_begin_pos + chop.len_begin)); - } else { - *buf += chop.len_begin; - } --- -GitLab - diff --git a/CVE-2024-4854.patch b/CVE-2024-4854.patch deleted file mode 100644 index acb688c81d078a174158324537474ca94d04500e..0000000000000000000000000000000000000000 --- a/CVE-2024-4854.patch +++ /dev/null @@ -1,48 +0,0 @@ -From e9965fe303422ee742ac98ea1da4f2fdeed67e4e Mon Sep 17 00:00:00 2001 -From: John Thacker -Date: Sat, 30 Mar 2024 08:07:26 -0400 -Subject: [PATCH] Mongo: Ensure the offset advances - -The MongoDB Wire Protocol uses _signed_ 32 bit integers for lengths. -dissect_bson_document checks for bogus values and ensures that a -non-negative (and at least 5) size is returned, but we need to make -sure to use that return value instead of trusting the value read -from the packet in dissect_op_msg_section. - -Fix #19726 - - -(cherry picked from commit 38c0efcee8d22d922e446888b268effc3ccf725f) ---- - epan/dissectors/packet-mongo.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/epan/dissectors/packet-mongo.c b/epan/dissectors/packet-mongo.c -index db23a06312f..346b1324e12 100644 ---- a/epan/dissectors/packet-mongo.c -+++ b/epan/dissectors/packet-mongo.c -@@ -831,7 +831,10 @@ dissect_op_msg_section(tvbuff_t *tvb, packet_info *pinfo, guint offset, proto_tr - - switch (e_type) { - case KIND_BODY: -- dissect_bson_document(tvb, pinfo, offset, section_tree, hf_mongo_msg_sections_section_body); -+ section_len = dissect_bson_document(tvb, pinfo, offset, section_tree, hf_mongo_msg_sections_section_body); -+ /* If section_len is bogus (e.g., negative), dissect_bson_document sets -+ * an expert info and can return a different value than read above. -+ */ - break; - case KIND_DOCUMENT_SEQUENCE: { - gint32 dsi_length; -@@ -840,6 +843,9 @@ dissect_op_msg_section(tvbuff_t *tvb, packet_info *pinfo, guint offset, proto_tr - proto_tree *documents_tree; - - proto_tree_add_item(section_tree, hf_mongo_msg_sections_section_size, tvb, offset, 4, ENC_LITTLE_ENDIAN); -+ /* This is redundant with the lengths in the documents, we don't use this -+ * size at all. We could still report an expert info if it's bogus. -+ */ - offset += 4; - to_read -= 4; - --- -GitLab - diff --git a/CVE-2024-4855.patch b/CVE-2024-4855.patch deleted file mode 100644 index 7b0bdb01efaba80f15c4d48b78c0f1a005c0425c..0000000000000000000000000000000000000000 --- a/CVE-2024-4855.patch +++ /dev/null @@ -1,158 +0,0 @@ -From 32bde22d9bfde5e0ad2700e3a6d6053d8fbae5b0 Mon Sep 17 00:00:00 2001 -From: John Thacker -Date: Sat, 20 Apr 2024 13:04:27 +0000 -Subject: [PATCH] editcap, libwiretap: Don't use array of initial DSBs after - freeing - -wtap_dump_close frees the passed in GArray of initial DSBs, used -by editcap for injecting DSBs from a file or list of files. - -Add functions to increment and decrement the reference count of -an array of wtap blocks. Dereference the block of initial DSBs -in wtap_dump_close() instead of freeing it. In editcap, before -closing the dump file in cases where we intend to open a new -file (e.g., with a maximum time value or a maximum packet count), -reference the block. - -Fix #19782, #19783, #19784. - - -(cherry picked from commit be3550b3b138f39bebb87ac0b8490e75fc8cc847) - -Co-authored-by: John Thacker ---- - editcap.c | 9 +++++++++ - wiretap/file_access.c | 2 +- - wiretap/wtap.h | 3 ++- - wiretap/wtap_opttypes.c | 26 ++++++++++++++++++++++++++ - wiretap/wtap_opttypes.h | 23 +++++++++++++++++++++++ - 5 files changed, 61 insertions(+), 2 deletions(-) - -diff --git a/editcap.c b/editcap.c -index 6ac325751db..8c03af3f847 100644 ---- a/editcap.c -+++ b/editcap.c -@@ -1943,6 +1943,10 @@ main(int argc, char *argv[]) - } - while (nstime_cmp(&rec->ts, &block_next) > 0) { /* time for the next file */ - -+ /* We presumably want to write the DSBs from files given -+ * on the command line to every file. -+ */ -+ wtap_block_array_ref(params.dsbs_initial); - if (!wtap_dump_close(pdh, NULL, &write_err, &write_err_info)) { - cfile_close_failure_message(filename, write_err, - write_err_info); -@@ -1978,6 +1982,11 @@ main(int argc, char *argv[]) - if (split_packet_count != 0) { - /* time for the next file? */ - if (written_count > 0 && (written_count % split_packet_count) == 0) { -+ -+ /* We presumably want to write the DSBs from files given -+ * on the command line to every file. -+ */ -+ wtap_block_array_ref(params.dsbs_initial); - if (!wtap_dump_close(pdh, NULL, &write_err, &write_err_info)) { - cfile_close_failure_message(filename, write_err, - write_err_info); -diff --git a/wiretap/file_access.c b/wiretap/file_access.c -index 01317da07b7..ca4d2f69de0 100644 ---- a/wiretap/file_access.c -+++ b/wiretap/file_access.c -@@ -2680,7 +2680,7 @@ wtap_dump_close(wtap_dumper *wdh, gboolean *needs_reload, - *needs_reload = wdh->needs_reload; - g_free(wdh->priv); - wtap_block_array_free(wdh->interface_data); -- wtap_block_array_free(wdh->dsbs_initial); -+ wtap_block_array_unref(wdh->dsbs_initial); - g_free(wdh); - return ret; - } -diff --git a/wiretap/wtap.h b/wiretap/wtap.h -index 93bcca42587..2b25c03f026 100644 ---- a/wiretap/wtap.h -+++ b/wiretap/wtap.h -@@ -1478,7 +1478,8 @@ typedef struct addrinfo_lists { - * @note The shb_hdr and idb_inf arguments will be used until - * wtap_dump_close() is called, but will not be free'd by the dumper. If - * you created them, you must free them yourself after wtap_dump_close(). -- * dsbs_initial will be freed by wtap_dump_close(), -+ * dsbs_initial will be unreferenced by wtap_dump_close(), so to reuse -+ * them for another dump file, call wtap_block_array_ref() before closing. - * dsbs_growing typically refers to another wth->dsbs. - * nrbs_growing typically refers to another wth->nrbs. - * -diff --git a/wiretap/wtap_opttypes.c b/wiretap/wtap_opttypes.c -index 7dfbf1a1885..98ffe4dd605 100644 ---- a/wiretap/wtap_opttypes.c -+++ b/wiretap/wtap_opttypes.c -@@ -466,6 +466,32 @@ void wtap_block_array_free(GArray* block_array) - g_array_free(block_array, TRUE); - } - -+void wtap_block_array_ref(GArray* block_array) -+{ -+ unsigned block; -+ -+ if (block_array == NULL) -+ return; -+ -+ for (block = 0; block < block_array->len; block++) { -+ wtap_block_ref(g_array_index(block_array, wtap_block_t, block)); -+ } -+ g_array_ref(block_array); -+} -+ -+void wtap_block_array_unref(GArray* block_array) -+{ -+ unsigned block; -+ -+ if (block_array == NULL) -+ return; -+ -+ for (block = 0; block < block_array->len; block++) { -+ wtap_block_unref(g_array_index(block_array, wtap_block_t, block)); -+ } -+ g_array_unref(block_array); -+} -+ - /* - * Make a copy of a block. - */ -diff --git a/wiretap/wtap_opttypes.h b/wiretap/wtap_opttypes.h -index f3d9efbd846..91dafd6ca43 100644 ---- a/wiretap/wtap_opttypes.h -+++ b/wiretap/wtap_opttypes.h -@@ -615,6 +615,29 @@ wtap_block_unref(wtap_block_t block); - WS_DLL_PUBLIC void - wtap_block_array_free(GArray* block_array); - -+/** Decrement the reference count of an array of blocks -+ * -+ * Decrement the reference count of each block in the array -+ * and the GArray itself. Any element whose reference count -+ * drops to 0 will be freed. If the GArray and every block -+ * has a reference count of 1, this is the same as -+ * wtap_block_array_free(). -+ * -+ * @param[in] block_array Array of blocks to be dereferenced -+ */ -+WS_DLL_PUBLIC void -+wtap_block_array_unref(GArray* block_array); -+ -+/** Increment the reference count of an array of blocks -+ * -+ * Increment the reference count of each block in the array -+ * and the GArray itself. -+ * -+ * @param[in] block_array Array of blocks to be referenced -+ */ -+WS_DLL_PUBLIC void -+wtap_block_array_ref(GArray* block_array); -+ - /** Provide type of a block - * - * @param[in] block Block from which to retrieve mandatory data --- -GitLab - diff --git a/SIGNATURES-4.2.4.txt b/SIGNATURES-4.2.4.txt deleted file mode 100644 index b8cfa90e0857e43d806136c640502fb3cbe12159..0000000000000000000000000000000000000000 --- a/SIGNATURES-4.2.4.txt +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -wireshark-4.2.4.tar.xz: 44986232 bytes -SHA256(wireshark-4.2.4.tar.xz)=46bd0f4474337144b30816fb2d8f14e72a26d0391f24fe0b7b619acdcdad8c0c -SHA1(wireshark-4.2.4.tar.xz)=a9979b052652c69d3ca308fb1f2d369b820bb007 - -Wireshark-4.2.4-x64.exe: 86455240 bytes -SHA256(Wireshark-4.2.4-x64.exe)=b621718ffe64748590ea9568fbbed0f3d86b0939906dc9f7fe064e20ce385492 -SHA1(Wireshark-4.2.4-x64.exe)=caa0849461201937fa995afc5d2b80986c506891 - -Wireshark-4.2.4-arm64.exe: 67927072 bytes -SHA256(Wireshark-4.2.4-arm64.exe)=f6f94f8628d1d4f830c79ee4a9962c36b4497a6219c7ca9e3527c48a0f424eac -SHA1(Wireshark-4.2.4-arm64.exe)=5880810dd02c68c00454f29747e560b9b68989d7 - -Wireshark-4.2.4-x64.msi: 62881792 bytes -SHA256(Wireshark-4.2.4-x64.msi)=2449ca54220cf3c4e66c49c136762cf8b944713fbd488e5fd76c79fba36e4a7e -SHA1(Wireshark-4.2.4-x64.msi)=f2c3238283c09b3c55be2865526aa678d09cda39 - -WiresharkPortable64_4.2.4.paf.exe: 53606272 bytes -SHA256(WiresharkPortable64_4.2.4.paf.exe)=f949f0cc98d1201a233913ce9cd5007bddf7980722ac0835bddfaa3e750d3b8c -SHA1(WiresharkPortable64_4.2.4.paf.exe)=80a1e625eed7ac2b25b0171beb14c5a95d6288a2 - -Wireshark 4.2.4 Arm 64.dmg: 65626764 bytes -SHA256(Wireshark 4.2.4 Arm 64.dmg)=93c874a00c3f436bb0a234dd170e30fb3a966736aea7590013e48a1eeb612a01 -SHA1(Wireshark 4.2.4 Arm 64.dmg)=531b786e90bc3b119d442e6bcf34f4f7f44151a3 - -Wireshark 4.2.4 Intel 64.dmg: 69408431 bytes -SHA256(Wireshark 4.2.4 Intel 64.dmg)=00f6f08652263d4a93249ff1ba8fdff28de16806184d9d26e0dba1ab8b9ed604 -SHA1(Wireshark 4.2.4 Intel 64.dmg)=ea887db33f1a8f8af0db3c2ca7380844b5a68b26 - -You can validate these hashes using the following commands (among others): - - Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 - Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz - macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg" - Other: openssl sha256 wireshark-x.y.z.tar.xz ------BEGIN PGP SIGNATURE----- - -iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAmYEi88ACgkQgiRKeOb+ -ruog5A/5AbZMbwCZjByuJSeGiayetH/tjKIey4iLnGluGuvmKsKmxyqtkL/PwUEd -slEpp+RjSDAONkbxDsFTebXYk2nUqy0wsMAk5NFXxCodIShN5hzAfvKWiGe7fJ5g -0kIMxO1b2Zn/JSzb3BBfENjHSF51NjxB0syIh3Q+avqkizl6Tjeq7uP+BtGAFWVf -gXZL9zIRS6BvDImcGJwq/TJaZ9hLWWENzohp9kcCPsavbrqxCIKOuKUzh5eNAXGN -GRk0S0eJaogkgXR7vkfH9ASW04u8DC/IeafIuU0cklK0SvagZjfwi1WHLtuWvWcr -5OG0DhsBJN2s8Gp9n6wnvck2+4PPAeIy1HHRBwFPVIooJVSgPXFl999Pc3TCzVAZ -wlTJPtjjGqwaBvnNTz+nxdbO8J49+5gi36Jc00YuTBg0NbkgwTygGwY/1cywnh2R -WTHGkP6c+5LsTY7BXuIxgB0w9b304klBqj07wfUeo+CyG5GcFrZbpsPZBGurWo+G -33QvuHkT3kiCxkpcJqlJvoEhXxV7rByRMVZDLaUeYyQ/pqqv6VFaQOhrKdFfv1zN -wt4+ocsMEry4GFmtJR058A7frur0MTkI6okJY5I3Exubdmmy4EHpXLJheX4MJK/P -UQ27iguQYlXuex3cdp4giKWR6LirpyF34EBumbyOg88W+gOfKko= -=Tets ------END PGP SIGNATURE----- diff --git a/SIGNATURES-4.2.5.txt b/SIGNATURES-4.2.5.txt new file mode 100644 index 0000000000000000000000000000000000000000..54b7ca5c958eb6818ddf5a506b80da6c86e4e7b8 --- /dev/null +++ b/SIGNATURES-4.2.5.txt @@ -0,0 +1,53 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +wireshark-4.2.5.tar.xz: 45014156 bytes +SHA256(wireshark-4.2.5.tar.xz)=55e793ab87a9a73aac44336235c92cb76c52180c469b362ed3a54f26fbb1261f +SHA1(wireshark-4.2.5.tar.xz)=03293699260d2492166ac805ef0c10b8a6b531e6 + +Wireshark-4.2.5-x64.exe: 86489296 bytes +SHA256(Wireshark-4.2.5-x64.exe)=3d921ee584d0984f694f60a771a6581a6f32a9de995a5cd4bca1931185a4e618 +SHA1(Wireshark-4.2.5-x64.exe)=0e3c7b4dcd5c247c8f9726195a4d5a70b99f8b1b + +Wireshark-4.2.5-arm64.exe: 67980200 bytes +SHA256(Wireshark-4.2.5-arm64.exe)=331a0925ee1e4d6d1b16af6982972631335fc238afe626903ed122e146830c5a +SHA1(Wireshark-4.2.5-arm64.exe)=e0b5789980c0f12e344f6b8820f49facd5b379c6 + +Wireshark-4.2.5-x64.msi: 62894080 bytes +SHA256(Wireshark-4.2.5-x64.msi)=65413e0733192979e168f8a11940828d1c2410ae21862f2e7012a3edb7e22ee1 +SHA1(Wireshark-4.2.5-x64.msi)=e925d3cee2e604ab659e4da42df0880a6531151f + +WiresharkPortable64_4.2.5.paf.exe: 53647808 bytes +SHA256(WiresharkPortable64_4.2.5.paf.exe)=1706e3c2d5e198270707641bbbde3042d8921cb95d2683633dd855fee921847d +SHA1(WiresharkPortable64_4.2.5.paf.exe)=ef0c034a38d77ead057dbb6444cce70f9a07815c + +Wireshark 4.2.5 Arm 64.dmg: 65573656 bytes +SHA256(Wireshark 4.2.5 Arm 64.dmg)=72d670ad068ac46c1d16ffb5fc8e6b582136a0eed6fc278b9f36877311e4e4af +SHA1(Wireshark 4.2.5 Arm 64.dmg)=84fe8ed0cf40b861f8039d811a1bb1704f9e57db + +Wireshark 4.2.5 Intel 64.dmg: 69328176 bytes +SHA256(Wireshark 4.2.5 Intel 64.dmg)=67a1ea88226c2f5699c3c6c36fb0006d84c62bdbfe5474dccff30860fd9f81b7 +SHA1(Wireshark 4.2.5 Intel 64.dmg)=a72a8034474e42c4e20a0f05e464ddb1f3616c66 + +You can validate these hashes using the following commands (among others): + + Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 + Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz + macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg" + Other: openssl sha256 wireshark-x.y.z.tar.xz +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAmZFCq4ACgkQgiRKeOb+ +ruoxyQ/+PWOKU9/4HVVhI+fKlfUfuzH5F8ABE+aH4wasbh6Yzw8rYy3d/bvpXimc +Cc3YKGNoQ/7ErwIvE2dF+fCaIo95mSDtQcrGn/gznSExGLXAPoBzfpchGm2qmqV9 +/qVKLPo9SR0ucwY054XyDcncIa2g2iXi9x2T5fsbLdNWoUZAkj5rk3bq0scQA1Pa +yt/F6M+alQpA2sUS2Lebq/1UVZtfGRbEP8ustmN7FeqlTZNfZezaFK2h0uVekJ0e +DqQJWh9Tvb/UIVusWh509HwfcuS8aQU5bJ/fN4JS5aNp41Aup5guiAIs+c96TPuy +EfrkHilFwvZsHJDsA+wH1Mq317Xjh/RiheDjUh/Gn1f9bubL6nkU2f3AOon3fAtX +xpRjNymEhvwiZYNTRv3PaGo21lsS4Oxggt/eZhmy0tntnB/fq3Ylrogn6SbOm0p7 +wuRfhl09Pb6m2Ol0pfkxck7OEiLn28RTqJmYwAiood0TMD8X6HNnNITqhPQq5ihb +96MNRfna6ES8mAmjFdiMSsUX+9jZYSDogQ/jxz1n+fcYLXXOMnPEYsyPt+xSMp6o +7CjIikcjTZ1cCKAuienirJWBt58PSjsewpVMVyDVkNeNniLtS+QB6Q2uW6W2UcHj +KhqMLvrX18YuTgdO/ZrxN33+H4nqyq07uS2n/E+cMAaAD2qVOKc= +=pOkW +-----END PGP SIGNATURE----- diff --git a/wireshark-4.2.4.tar.xz b/wireshark-4.2.5.tar.xz similarity index 79% rename from wireshark-4.2.4.tar.xz rename to wireshark-4.2.5.tar.xz index 614475d37c91a3168a8e2ad77f6046027e905f47..e9fda2c202b709f952ea98abd81eba322ed1578b 100644 Binary files a/wireshark-4.2.4.tar.xz and b/wireshark-4.2.5.tar.xz differ diff --git a/wireshark.spec b/wireshark.spec index c53f944a3078124f223bf32ea8e11bf011a8c8c6..7fc6e36fe0b8469cc6ae8ab0d330db441f838ed2 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -4,10 +4,10 @@ Summary: Network traffic analyzer Name: wireshark -Version: 4.2.4 -Release: 2 +Version: 4.2.5 +Release: 1 Epoch: 1 -License: GPL+ +License: BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND MIT AND GPL-2.0-or-later AND LGPL-2.0-or-later AND Zlib AND ISC AND (BSD-3-Clause OR GPL-2.0-only) AND (GPL-2.0-or-later AND Zlib) Url: http://www.wireshark.org/ Source0: https://wireshark.org/download/src/%{name}-%{version}.tar.xz @@ -22,9 +22,6 @@ Patch5: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch Patch7: wireshark-0007-cmakelists.patch Patch8: wireshark-0008-pkgconfig.patch -Patch9: CVE-2024-4853.patch -Patch10: CVE-2024-4854.patch -Patch11: CVE-2024-4855.patch Requires: xdg-utils Requires: hicolor-icon-theme @@ -157,13 +154,15 @@ find %{buildroot} -type f -name "*.la" -delete %pre getent group wireshark >/dev/null || groupadd -r wireshark exit 0 -#%post -#%{?ldconfig} -#if [ -S /run/udev/control ]; then -# /usr/bin/udevadm trigger --subsystem-match=usbmon -#fi -# -#%ldconfig_postun +%post +%{?ldconfig} +# skip triggering if udevd isn't even accessible, e.g. containers or +# rpm-ostree-based systems +if [ -S /run/udev/control ]; then + /usr/bin/udevadm trigger --subsystem-match=usbmon +fi + +%ldconfig_postun %files %{_datadir}/applications/org.wireshark.Wireshark.desktop @@ -203,6 +202,20 @@ exit 0 %{_mandir}/man?/* %changelog +* Wed Jul 03 2024 yaoxin 1:4.2.5-1 +- Update to 4.2.5 +- vulnerabilities fixed: + * CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops + * CVE-2024-4853: The editcap command line utility could crash + when chopping bytes from the beginning of a packet + * CVE-2024-4855: The editcap command line utility could crash + when injecting secrets while writing multiple files +- bugs fixed: + * Flow Graph scrolls in the wrong direction vertically when pressing Up/Down. + * TCP Stream Window Scaling not working in version 2.6.1 and later. + * TCP stream graphs (Window scaling) axis display is confusing. + * LUA get_dissector does not give the correct dissector under 32-bit version. + * Wed May 15 2024 yaoxin - 1:4.2.4-2 - Fix CVE-2024-4853,CVE-2024-4854 and CVE-2024-4855