Hello community, here is the log from the commit of package wireshark.2758 for openSUSE:12.3:Update checked in at 2014-05-05 14:16:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/wireshark.2758 (Old) and /work/SRC/openSUSE:12.3:Update/.wireshark.2758.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "wireshark.2758" Changes: -------- New Changes file: --- /dev/null 2014-04-28 00:21:37.460033756 +0200 +++ /work/SRC/openSUSE:12.3:Update/.wireshark.2758.new/wireshark.changes 2014-05-05 14:17:01.000000000 +0200 @@ -0,0 +1,2546 @@ +------------------------------------------------------------------- +Wed Apr 23 19:59:56 UTC 2014 - andreas.stieger@gmx.de + +- update to 1.8.14 [bnc#874692] + + bugs fixed: + * Lua: Trying to get/access a Preference before its registered + causes a segfault + * Some value_string strings contain newlines + * Tighten the NO_MORE_DATA_CHECK macros + + Further bug fixes and updated protocol support as listed in: + https://www.wireshark.org/docs/relnotes/wireshark-1.8.14.html + +------------------------------------------------------------------- +Sat Mar 8 10:29:19 UTC 2014 - andreas.stieger@gmx.de + +- update to 1.8.13 [bnc#867485] + + vulnerabilities fixed: + * The NFS dissector could crash + wnpa-sec-2014-01 CVE-2014-2281 + * The RLC dissector could crash + wnpa-sec-2014-03 CVE-2014-2283 + * The MPEG file parser could overflow a buffer + wnpa-sec-2014-04 CVE-2014-2299 + + Further bug fixes and updated protocol support as listed in: + https://www.wireshark.org/docs/relnotes/wireshark-1.8.13.html + +------------------------------------------------------------------- +Tue Dec 17 23:10:51 UTC 2013 - andreas.stieger@gmx.de + +- update to 1.8.12 [bnc#855980] + + vulnerabilities fixed: + * The SIP dissector could go into an infinite loop. + wnpa-sec-2013-66 CVE-2013-7112 + * The NTLMSSP v2 dissector could crash. Discovered by Garming Sam. + wnpa-sec-2013-68 CVE-2013-7114 + + Further bug fixes and updated protocol support as listed in: + https://www.wireshark.org/docs/relnotes/wireshark-1.8.12.html + +------------------------------------------------------------------- +Fri Nov 1 22:42:39 UTC 2013 - andreas.stieger@gmx.de + +- update to 1.8.11 [bnc#848738] + + vulnerabilities fixed: + * The IEEE 802.15.4 dissector could crash + wnpa-sec-2013-61 CVE-2013-6336 + * The NBAP dissector could crash + wnpa-sec-2013-62 CVE-2013-6337 + * The SIP dissector could crash + wnpa-sec-2013-63 CVE-2013-6338 + * The OpenWire dissector could go into a large loop + wnpa-sec-2013-64 CVE-2013-6339 + * The TCP dissector could crash + wnpa-sec-2013-65 CVE-2013-6340 + + Further bug fixes and updated protocol support as listed in: + https://www.wireshark.org/docs/relnotes/wireshark-1.8.11.html + +------------------------------------------------------------------- +Wed Sep 11 20:54:02 UTC 2013 - andreas.stieger@gmx.de + +- update to 1.8.10 [bnc#839607] + + vulnerabilities fixed: + * The NBAP dissector could crash. + wnpa-sec-2013-55 CVE-2013-5718 + * The ASSA R3 dissector could go into an infinite loop. + wnpa-sec-2013-56 CVE-2013-5719 + * The RTPS dissector could overflow a buffer. + wnpa-sec-2013-57 CVE-2013-5720 + * The MQ dissector could crash. + wnpa-sec-2013-58 CVE-2013-5721 + * The LDAP dissector could crash. + wnpa-sec-2013-59 CVE-2013-5722 + * The Netmon file parser could crash. + wnpa-sec-2013-60 + + Further bug fixes and updated protocol support as listed in: + https://www.wireshark.org/docs/relnotes/wireshark-1.8.10.html + +------------------------------------------------------------------- +Fri Jul 26 23:47:04 UTC 2013 - andreas.stieger@gmx.de + +- update to 1.8.9 [bnc#831718] + + vulnerabilities fixed: + * The Bluetooth SDP dissector could go into a large loop + CVE-2013-4927 wnpa-sec-2013-45 + * The DIS dissector could go into a large loop + CVE-2013-4929 wnpa-sec-2013-47 + * The DVB-CI dissector could crash + CVE-2013-4930 wnpa-sec-2013-48 + * The GSM RR dissector (and possibly others) could go into a large loop + CVE-2013-4931 wnpa-sec-2013-49 + * The GSM A Common dissector could crash + CVE-2013-4932 wnpa-sec-2013-50 + * The Netmon file parser could crash + CVE-2013-4933 CVE-2013-4934 wnpa-sec-2013-51 + * The ASN.1 PER dissector could crash + CVE-2013-4935 wnpa-sec-2013-52 + + Further bug fixes and updated protocol support as listed in: + https://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html + +------------------------------------------------------------------- +Fri Jun 7 20:20:29 UTC 2013 - andreas.stieger@gmx.de + +- update to 1.8.8 [bnc#823932] + + vulnerabilities fixed: + * The CAPWAP dissector could crash. + wnpa-sec-2013-32 + * The GMR-1 BCCH dissector could crash. + wnpa-sec-2013-33 + * The PPP dissector could crash. + wnpa-sec-2013-34 + * The NBAP dissector could crash. + wnpa-sec-2013-35 + * The RDP dissector could crash. + wnpa-sec-2013-36 + * The GSM CBCH dissector could crash. + wnpa-sec-2013-37 + * The Assa Abloy R3 dissector could consume excessive memory + and CPU. + wnpa-sec-2013-38 + * The HTTP dissector could overrun the stack. + wnpa-sec-2013-39 + * The Ixia IxVeriWave file parser could overflow the heap. + wnpa-sec-2013-40 + * The DCP ETSI dissector could crash. + wnpa-sec-2013-41 + + Further bug fixes and updated protocol support as listed in: + https://www.wireshark.org/docs/relnotes/wireshark-1.8.8.html + +------------------------------------------------------------------- +Sat May 18 06:03:18 UTC 2013 - andreas.stieger@gmx.de + +- update to 1.8.7 [bnc#820566] + + vulnerabilities fixed: + * The RELOAD dissector could go into an infinite loop. + wnpa-sec-2013-23 CVE-2013-2486 CVE-2013-2487 + * The GTPv2 dissector could crash. + wnpa-sec-2013-24 CVE-2013-3555 + * The ASN.1 BER dissector could crash. + wnpa-sec-2013-25 CVE-2013-3556 CVE-2013-3557 + * The PPP CCP dissector could crash. + wnpa-sec-2013-26 CVE-2013-3558 + * The DCP ETSI dissector could crash. + wnpa-sec-2013-27 CVE-2013-3559 + * The MPEG DSM-CC dissector could crash. + wnpa-sec-2013-28 CVE-2013-3560 + * The Websocket dissector could crash. + wnpa-sec-2013-29 CVE-2013-3561 CVE-2013-3562 + * The MySQL dissector could go into an infinite loop. + wnpa-sec-2013-30 CVE-2013-3561 + * The ETCH dissector could go into a large loop. + wnpa-sec-2013-31 CVE-2013-3561 + + Further bug fixes and updated protocol support as listed in: + https://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html + +------------------------------------------------------------------- +Thu Mar 7 00:18:18 UTC 2013 - andreas.stieger@gmx.de + +- update to 1.8.6 [bnc#807942] + + vulnerabilities fixed: + * The TCP dissector could crash. + wnpa-sec-2013-10 CVE-2013-2475 + * The HART/IP dissectory could go into an infinite loop. + wnpa-sec-2013-11 CVE-2013-2476 + * The CSN.1 dissector could crash. + wnpa-sec-2013-12 CVE-2013-2477 + * The MS-MMS dissector could crash. + wnpa-sec-2013-13 CVE-2013-2478 + * The MPLS Echo dissector could go into an infinite loop. + wnpa-sec-2013-14 CVE-2013-2479 + * The RTPS and RTPS2 dissectors could crash. + wnpa-sec-2013-15 CVE-2013-2480 + * The Mount dissector could crash. + wnpa-sec-2013-16 CVE-2013-2481 + * The AMPQ dissector could go into an infinite loop. + wnpa-sec-2013-17 CVE-2013-2482 + * The ACN dissector could attempt to divide by zero. + wnpa-sec-2013-18 CVE-2013-2483 + * The CIMD dissector could crash. + wnpa-sec-2013-19 CVE-2013-2484 + * The FCSP dissector could go into an infinite loop. + wnpa-sec-2013-20 CVE-2013-2485 + * The RELOAD dissector could go into an infinite loop. + wnpa-sec-2013-21 CVE-2013-2486 CVE-2013-2487 + * The DTLS dissector could crash. + wnpa-sec-2013-22 CVE-2013-2488 + + Further bug fixes and updated protocol support as listed in: + http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html + +------------------------------------------------------------------- +Thu Jan 31 06:01:17 UTC 2013 - andreas.stieger@gmx.de + +- update to 1.8.5 [bnc#801131] + + vulnerabilities fixed: + * Infinite and large loops in the Bluetooth HCI, CSN.1, DCP-ETSI + DOCSIS CM-STAUS, IEEE 802.3 Slow Protocols, MPLS, R3, RTPS, + SDP, and SIP dissectors + wnpa-sec-2013-01 CVE-2013-1572 CVE-2013-1573 CVE-2013-1574 + CVE-2013-1575 CVE-2013-1576 CVE-2013-1577 CVE-2013-1578 ++++ 2349 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.wireshark.2758.new/wireshark.changes New: ---- include.filelist wireshark-1.2.0-disable-warning-dialog.patch wireshark-1.2.0-geoip.patch wireshark-1.2.4-enable_lua.patch wireshark-1.8.14.tar.bz2 wireshark-suidflags.patch wireshark.changes wireshark.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ wireshark.spec ++++++ # # spec file for package wireshark # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # disable caps for now %define use_caps 0 Name: wireshark Version: 1.8.14 Release: 0 Summary: A Network Traffic Analyser License: GPL-2.0+ and GPL-3.0+ Group: Productivity/Networking/Diagnostic Url: http://www.wireshark.org/ Source: http://www.wireshark.org/download/src/%{name}-%{version}.tar.bz2 Source1: include.filelist # PATCH-FIX-OPENSUSE wireshark-1.6.3-disable-warning-dialog.patch bnc#349782 prusnak@suse.cz -- don't show warning when running as root Patch1: %{name}-1.2.0-disable-warning-dialog.patch # PATCH-FEATURE-OPENSUSE wireshark-1.2.0-geoip.patch prusnak@suse.cz -- search in /var/lib/GeoIP if user hasn't set any GeoIP folders Patch2: %{name}-1.2.0-geoip.patch # PATCH-FIX-OPENSUSE wireshark-1.2.4-enable_lua.patch bnc#650434 Patch4: %{name}-1.2.4-enable_lua.patch # PATCH-FEATURE-UPSTREAM wireshark-suidflags.patch -- Allow to specify sep. flags for SUID binaries. Patch5: wireshark-suidflags.patch BuildRequires: bison BuildRequires: cairo-devel BuildRequires: flex %if 0%{?suse_version} <= 1140 BuildRequires: gtk2-devel %else BuildRequires: gtk3-devel %endif BuildRequires: krb5-devel BuildRequires: libcap-devel BuildRequires: libcares-devel BuildRequires: libgcrypt-devel BuildRequires: libgnutls-devel BuildRequires: libpcap-devel BuildRequires: libsmi-devel # Needed for patch5 BuildRequires: libtool # required for Lua support in openSUSE 12.2 and later [bnc#780669] %if 0%{?suse_version} >= 1220 BuildRequires: lua51-devel %else BuildRequires: lua-devel %endif BuildRequires: net-snmp-devel BuildRequires: openssl-devel BuildRequires: pcre-devel BuildRequires: portaudio-devel BuildRequires: python-devel BuildRequires: tcpd-devel BuildRequires: xdg-utils %if 0%{?suse_version} > 1220 BuildRequires: zlib-devel %endif Requires: xdg-utils Provides: ethereal = %{version} Obsoletes: ethereal < %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} BuildRequires: libGeoIP-devel BuildRequires: update-desktop-files Recommends: GeoIP %endif %description Wireshark is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. %package devel Summary: A Network Traffic Analyser Group: Development/Libraries/C and C++ Requires: %{name} = %{version} Requires: glib2-devel Requires: glibc-devel Provides: ethereal-devel = %{version} Obsoletes: ethereal-devel < %{version} %description devel Wireshark is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet. Wireshark has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session. %prep %setup -q %patch2 %patch4 %patch5 -p1 sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark.desktop # run as root on 11.3 and older - bnc#349782 %if ! %{use_caps} %patch1 sed -i 's!^Exec=wireshark!Exec=/usr/bin/xdg-su -c /usr/bin/wireshark!' wireshark.desktop %endif %build # Needed for patch5 autoreconf -fiv export SUID_CFLAGS="-fPIE" export SUID_LDFLAGS="-pie" # zlib-1.2.5 does not work well with wireshark, so disable it on pre-12.2 %configure \ %if 0%{?suse_version} < 1220 --without-zlib \ %endif %if 0%{?suse_version} > 1140 --with-gtk3 \ %endif --with-ssl \ --with-gnutls=yes \ --with-gcrypt=yes \ --with-python \ --with-plugins=%{_libdir}/%{name}/plugins/%{version} make %{?_smp_mflags} %install make DESTDIR=%{buildroot} install find %{buildroot} -name "*.la" -delete -print ln -fs wireshark %{buildroot}%{_bindir}/ethereal ln -fs tshark %{buildroot}%{_bindir}/tethereal install -d -m 0755 %{buildroot}%{_sysconfdir} install -d -m 0755 %{buildroot}%{_mandir}/man1/ # install -m 0644 *.1 %%{buildroot}%%{_mandir}/man1/ install -d -m 0755 %{buildroot}%{_includedir}/wireshark for i in `cat %{SOURCE1}`; do install -D -m 644 $i %{buildroot}%{_includedir}/wireshark/$i done install -D -m 0644 image/wsicon48.png %{buildroot}%{_datadir}/pixmaps/wireshark.png install -D -m 0644 wireshark.desktop %{buildroot}%{_datadir}/applications/wireshark.desktop %if 0%{?suse_version} %suse_update_desktop_file %{name} %endif %clean rm -rf %{buildroot} %if %{use_caps} %pre getent group wireshark >/dev/null || groupadd wireshark %endif %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %files %defattr(-,root,root) %doc AUTHORS COPYING NEWS README README.linux README.vmware %doc %{_mandir}/man1/[^i]* %doc %{_mandir}/man4/* %{_datadir}/applications/wireshark.desktop %{_datadir}/pixmaps/wireshark.png %{_bindir}/ethereal %{_bindir}/tethereal %{_bindir}/wireshark %{_bindir}/editcap %{_bindir}/tshark %{_bindir}/mergecap %{_bindir}/text2pcap %{_bindir}/dftest %{_bindir}/capinfos %{_bindir}/randpkt %if %{use_caps} %attr(0750,root,wireshark) %caps(cap_net_raw,cap_net_admin=eip) %{_bindir}/dumpcap %else %{_bindir}/dumpcap %endif %{_bindir}/rawshark %{_libdir}/lib*.so.* %{_libdir}/wireshark/ %{_datadir}/wireshark/ %files devel %defattr(-,root,root) %doc doc/README.* %dir %{_includedir}/wireshark %dir %{_includedir}/wireshark/epan %dir %{_includedir}/wireshark/epan/dfilter %dir %{_includedir}/wireshark/epan/dissectors %dir %{_includedir}/wireshark/wiretap %dir %{_includedir}/wireshark/wsutil %{_includedir}/wireshark/* %{_libdir}/*.so %changelog ++++++ include.filelist ++++++ ++++ 612 lines (skipped) ++++++ wireshark-1.2.0-disable-warning-dialog.patch ++++++ Index: ui/gtk/main.c =================================================================== --- ui/gtk/main.c.orig 2012-08-10 01:35:00.000000000 +0100 +++ ui/gtk/main.c 2012-08-15 20:28:59.000000000 +0100 @@ -1399,11 +1399,13 @@ main_colorize_changed(gboolean packet_li static GtkWidget *close_dlg = NULL; +/* static void priv_warning_dialog_cb(gpointer dialog, gint btn _U_, gpointer data _U_) { recent.privs_warn_if_elevated = !simple_dialog_check_get(dialog); } +*/ #ifdef _WIN32 static void @@ -2081,9 +2083,10 @@ check_and_warn_user_startup(gchar *cf_na #endif { gchar *cur_user, *cur_group; - gpointer priv_warning_dialog; +// gpointer priv_warning_dialog; /* Tell the user not to run as root. */ +/* if (running_with_special_privs() && recent.privs_warn_if_elevated) { cur_user = get_cur_username(); cur_group = get_cur_groupname(); @@ -2098,6 +2101,7 @@ check_and_warn_user_startup(gchar *cf_na simple_dialog_check_set(priv_warning_dialog, "Don't show this message again."); simple_dialog_set_cb(priv_warning_dialog, priv_warning_dialog_cb, NULL); } +*/ #ifdef _WIN32 /* Warn the user if npf.sys isn't loaded. */ ++++++ wireshark-1.2.0-geoip.patch ++++++ Index: epan/geoip_db.c =================================================================== --- epan/geoip_db.c.orig 2012-06-05 17:33:40.000000000 +0100 +++ epan/geoip_db.c 2012-06-21 21:55:14.000000000 +0100 @@ -177,6 +177,9 @@ geoip_db_init(void) { geoip_dat_scan_dir(geoip_db_paths[i].path); } } + if (num_geoip_db_paths < 1) { + geoip_dat_scan_dir("/var/lib/GeoIP"); + } /* add fake databases for latitude and longitude (using "City" in reality) */ { ++++++ wireshark-1.2.4-enable_lua.patch ++++++ Index: epan/wslua/template-init.lua =================================================================== --- epan/wslua/template-init.lua +++ epan/wslua/template-init.lua @@ -42,7 +42,7 @@ if running_superuser then local disabled_lib = {} setmetatable(disabled_lib,{ __index = function() error("this package has been disabled") end } ); - dofile = function() error("dofile has been disabled") end +-- dofile = function() error("dofile has been disabled") end loadfile = function() error("loadfile has been disabled") end loadlib = function() error("loadlib has been disabled") end require = function() error("require has been disabled") end ++++++ wireshark-suidflags.patch ++++++ Index: wireshark-1.8.4/Makefile.am =================================================================== --- wireshark-1.8.4.orig/Makefile.am +++ wireshark-1.8.4/Makefile.am @@ -487,7 +487,8 @@ dumpcap_LDADD = \ @NSL_LIBS@ \ @CORESERVICES_FRAMEWORKS@ \ @LIBCAP_LIBS@ -dumpcap_CFLAGS = $(AM_CLEAN_CFLAGS) +dumpcap_CFLAGS = $(AM_CLEAN_CFLAGS) $(SUID_CFLAGS) +dumpcap_LDFLAGS = $(SUID_LDFLAGS) # Common headers AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/wiretap \ -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org