X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f68.google.com (mail-lf0-f68.google.com [209.85.215.68]) by lists.alpinelinux.org (Postfix) with ESMTP id 736C65C4459 for ; Fri, 17 Mar 2017 15:05:01 +0000 (GMT) Received: by mail-lf0-f68.google.com with SMTP id g70so5715727lfh.3 for ; Fri, 17 Mar 2017 08:05:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=RUfSm/oThWJj4VqfS9eoQQfD44UnWap4z1F1a+iepf0=; b=QaQJyPWhhxIAdvi84ZFTJ7SwyZuXiDAFxcZQdwObsnqKQCO/ivYa9kAxA7rv4x6ntV O/7N/ZRxra+YkW7uBzZB968ZrIMtzJvdbQ63D5cAPR+dOrbNQTshF8SUdRmfyYth6pj8 8DhAD9oDrSdE1fdTSFl0UasVpi692kI+xEg3JuKPSW2Jz32Dfm9Zuevr38bvjVeel5tg y0YWKvRn6vlIyVT3qw+WKxc2MTyod//ZS2D1/YkaWTdlZXBBn7P3Q3CevaTNIiVjb2Rk F2PKWM2XuwuTKeRObTZu2ZVIN7n9lnWqiVigzGic+LWXALBlELpBWXJgS3qZkPH35kS5 x2xA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=RUfSm/oThWJj4VqfS9eoQQfD44UnWap4z1F1a+iepf0=; b=iG/ArTBiNIRea8/xXkXAm9052OmtKp5tOItlsHv9DP8k4T3Cxm2ldlLPd5noL/tRJW pL7zemx2FrKMrvULPpjOatGFVBlGsT8YMsH5IH9tYw6Lbd502VB4RWF5DN6ececEf7Y7 8zFVVUZV5BZmBx/QLqsQ4T5/dqHjYuJ7VArOZQCH7i4aj9zdqMLjecVUxOStWbvSJHee qP64ic6qMQrQRmJjqFwjpApfZZdJ9nB2HajGFHcoza4a53cjFu1Etnv/P9jGQL0a1jCc wSeIFh196OPVjQ6WgsCW061nmPPhxxHO+RqMvHyE4uTZnEW2WoE+nK8W4EfuaEZFN/Wo m4yA== X-Gm-Message-State: AFeK/H3/mBJV/gQWgslcfhMM/fosDl60FRHfEyRDKYJss06B8H9B1pNRS8UMzVMtM/BuLA== X-Received: by 10.46.20.28 with SMTP id u28mr5133849ljd.11.1489763100711; Fri, 17 Mar 2017 08:05:00 -0700 (PDT) Received: from v3-5.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id o91sm1572278lfg.1.2017.03.17.08.04.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 17 Mar 2017 08:05:00 -0700 (PDT) From: Sergei Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergei Lukin Subject: [alpine-aports] [PATCH v3.5] main/wireshark: security upgrade to 2.2.5 - fixes #7027 Date: Fri, 17 Mar 2017 15:04:53 +0000 Message-Id: <20170317150453.12593-1-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.11.1 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2017-6467: NetScaler file parser infinite loop CVE-2017-6468: NetScaler file parser crash CVE-2017-6469: LDSS dissector crash CVE-2017-6470: IAX2 infinite loop CVE-2017-6471: WSP infinite loop CVE-2017-6472: RTMPT dissector infinite loop CVE-2017-6473: K12 file parser crash CVE-2017-6474: NetScaler file parser infinite loop wnpa-sec-2017-06: STANAG 4607 file parser infinite loop --- I removed CVE-2017-6014.patch because 2.2.5 contains fix for it https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857119 main/wireshark/APKBUILD | 29 ++++++++++-------- main/wireshark/CVE-2017-6014.patch | 61 -------------------------------------- 2 files changed, 17 insertions(+), 73 deletions(-) delete mode 100644 main/wireshark/CVE-2017-6014.patch diff --git a/main/wireshark/APKBUILD b/main/wireshark/APKBUILD index bf48532c20..4c86285f04 100644 --- a/main/wireshark/APKBUILD +++ b/main/wireshark/APKBUILD @@ -3,8 +3,8 @@ # Contributor: Jeremy Thomerson # Maintainer: Natanael Copa pkgname=wireshark -pkgver=2.2.4 -pkgrel=1 +pkgver=2.2.5 +pkgrel=0 pkgdesc="A network protocol analyzer - GTK version" url="http://www.wireshark.org" arch="all" @@ -17,12 +17,20 @@ install="" subpackages="$pkgname-dev $pkgname-doc $pkgname-gtk $pkgname-common tshark" source="http://www.wireshark.org/download/src/$pkgname-$pkgver.tar.bz2 fix-androiddump.patch - CVE-2017-6014.patch " builddir="$srcdir"/$pkgname-$pkgver # secfixes: +# 2.2.5-r0: +# - CVE-2017-6467 +# - CVE-2017-6468 +# - CVE-2017-6469 +# - CVE-2017-6470 +# - CVE-2017-6471 +# - CVE-2017-6472 +# - CVE-2017-6473 +# - CVE-2017-6474 # 2.2.4-r1: # - CVE-2017-6014 # 2.2.4-r0: @@ -101,12 +109,9 @@ gtk() { mv "$pkgdir"/usr/bin/wireshark-gtk "$subpkgdir"/usr/bin/ } -md5sums="6d0878ba931ea379f6e675d4cba6536b wireshark-2.2.4.tar.bz2 -38a681230ccab441e64d1fc6f52858c4 fix-androiddump.patch -a6479f087d071af8be7f45ab128fe3d5 CVE-2017-6014.patch" -sha256sums="42a7fb35eed5a32478153e24601a284bb50148b7ba919c3e8452652f4c2a3911 wireshark-2.2.4.tar.bz2 -21aaa55e6b4bb9144146e8e3284512d2c5ee5deee8921b66a513b819b57d8b01 fix-androiddump.patch -7333d52e39407d2003c997b500ccee9dff1f9a95431797cb3b59aadd43d313bd CVE-2017-6014.patch" -sha512sums="f3ff6979fdd1c7cf6abe386ec476fee12045ae6df3c8162568d521532045d5eb6ad689262c38b1766c75c9fc1068f480fcd64f0aa077b3a0ceea7c16dbdabc65 wireshark-2.2.4.tar.bz2 -d462e3289c1350a9f712a21d2d1973977e5dd7989f7beff4b71498551174458f572a23f267c83552f088466cb9d2721df2b2eb807514db6ad1e0877dbc87fc6d fix-androiddump.patch -eb7c47e208d7278c1f80acc9d4b12fe9efb08a19b024cc13e90efac1fb37c700e739e154ba3b361ff1e5fdf28eeeabb2000d875010af70ae80a6c2baaaba8737 CVE-2017-6014.patch" +md5sums="749e7ca7606ae7df5c1ca8c62f93ff31 wireshark-2.2.5.tar.bz2 +38a681230ccab441e64d1fc6f52858c4 fix-androiddump.patch" +sha256sums="75dd88d3d6336559e5b0b72077d8a772a988197d571f00029986225fef609ac8 wireshark-2.2.5.tar.bz2 +21aaa55e6b4bb9144146e8e3284512d2c5ee5deee8921b66a513b819b57d8b01 fix-androiddump.patch" +sha512sums="c419950683eb399f851e10cc268d541cbd6e75a957f412650fa9564760908864fcd0d5d6c3520e656d93c31cd5f1216a514be154dfa950fcfd2804e66155985e wireshark-2.2.5.tar.bz2 +d462e3289c1350a9f712a21d2d1973977e5dd7989f7beff4b71498551174458f572a23f267c83552f088466cb9d2721df2b2eb807514db6ad1e0877dbc87fc6d fix-androiddump.patch" diff --git a/main/wireshark/CVE-2017-6014.patch b/main/wireshark/CVE-2017-6014.patch deleted file mode 100644 index 23388a97ea..0000000000 --- a/main/wireshark/CVE-2017-6014.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 38b428a31736cb08563442e3c97564951f7f6601 Mon Sep 17 00:00:00 2001 -From: Guy Harris -Date: Thu, 16 Feb 2017 00:18:30 -0800 -Subject: [PATCH] Report an error for too-short packets. - -The packet length field gives the length of the *entire* packet, so, by -definition, it must not be zero. Make sure it's at least big enough for -the packet header itself plus one segment header. - -Bug: 13416 -Change-Id: I625bd5c0ce75ab1200b3becf12fc1c819fefcd63 -Reviewed-on: https://code.wireshark.org/review/20133 -Reviewed-by: Guy Harris -(cherry picked from commit c7042bedbb3b12c5f4e19e59e52da370d4ffe62f) -Reviewed-on: https://code.wireshark.org/review/20135 ---- - wiretap/stanag4607.c | 15 ++++++++++++++- - 1 file changed, 14 insertions(+), 1 deletion(-) - -diff --git a/wiretap/stanag4607.c b/wiretap/stanag4607.c -index 9aa3105..2572aba 100644 ---- a/wiretap/stanag4607.c -+++ b/wiretap/stanag4607.c -@@ -36,6 +36,9 @@ typedef struct { - time_t base_secs; - } stanag4607_t; - -+#define PKT_HDR_SIZE 32 /* size of a packet header */ -+#define SEG_HDR_SIZE 5 /* size of a segment header */ -+ - static gboolean is_valid_id(guint16 version_id) - { - #define VERSION_21 0x3231 -@@ -53,7 +56,7 @@ static gboolean stanag4607_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *p - stanag4607_t *stanag4607 = (stanag4607_t *)wth->priv; - guint32 millisecs, secs, nsecs; - gint64 offset = 0; -- guint8 stanag_pkt_hdr[37]; -+ guint8 stanag_pkt_hdr[PKT_HDR_SIZE+SEG_HDR_SIZE]; - guint32 packet_size; - - *err = 0; -@@ -83,6 +86,16 @@ static gboolean stanag4607_read_file(wtap *wth, FILE_T fh, struct wtap_pkthdr *p - "bigger than maximum of %u", packet_size, WTAP_MAX_PACKET_SIZE); - return FALSE; - } -+ if (packet_size < PKT_HDR_SIZE+SEG_HDR_SIZE) { -+ /* -+ * Probably a corrupt capture file; don't, for example, loop -+ * infinitely if the size is zero. -+ */ -+ *err = WTAP_ERR_BAD_FILE; -+ *err_info = g_strdup_printf("stanag4607: File has %" G_GUINT32_FORMAT "d-byte packet, " -+ "smaller than minimum of %u", packet_size, PKT_HDR_SIZE+SEG_HDR_SIZE); -+ return FALSE; -+ } - phdr->caplen = packet_size; - phdr->len = packet_size; - --- -1.7.9.5 -- 2.11.1 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---