rpms
/
wireshark
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:c9
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i9-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
rpms:i9
..
compare: rpms:i10c-beta
Branches Tags
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i9-beta
rpms:i9c-beta
rpms:c9-beta
rpms:i8
rpms:i8c
rpms:c8
rpms:i9c
rpms:c9
rpms:i9

No commits in common. 'c9' and 'i10c-beta' have entirely different histories.
c9 ... i10c-beta

23 changed files with 957 additions and 2907 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/wireshark-3.4.10.tar.xz
SOURCES/wireshark-4.2.6.tar.xz

2
.wireshark.metadata
Unescape View File

@ -1 +1 @@
63839abd94d3ae376f860e2d2969777680106578 SOURCES/wireshark-3.4.10.tar.xz
db0374dce360b99d8abb9a3f3471f3fc98d6d099 SOURCES/wireshark-4.2.6.tar.xz

60
SOURCES/SIGNATURES-3.4.10.txt
Unescape View File

@ -1,60 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
wireshark-3.4.10.tar.xz: 32344804 bytes
SHA256(wireshark-3.4.10.tar.xz)=8aa7ef4a44ae62bb8db463cf761e2cc03b97305e0e77ed5be53fa83729187cef
RIPEMD160(wireshark-3.4.10.tar.xz)=eef58ec4e28c6eecc382c1f000257ab60ee6c40c
SHA1(wireshark-3.4.10.tar.xz)=63839abd94d3ae376f860e2d2969777680106578
Wireshark-win64-3.4.10.exe: 71382832 bytes
SHA256(Wireshark-win64-3.4.10.exe)=faa83ac4f289d07d8e1bacb7e7611758b231a9c00b18e816654f40e7437529fd
RIPEMD160(Wireshark-win64-3.4.10.exe)=63068a04839ff02828a6915fe648da25cdeadc84
SHA1(Wireshark-win64-3.4.10.exe)=00c419e3382d24289cfc9d74be6f37934b784066
Wireshark-win32-3.4.10.exe: 55424616 bytes
SHA256(Wireshark-win32-3.4.10.exe)=3bceac74d2d7c388e01b6c25b20088c234fefbcd83e3c960b3e0fcc1eca7839d
RIPEMD160(Wireshark-win32-3.4.10.exe)=84acc6b49f1e8735ec53127b1d9de14a1d121b2f
SHA1(Wireshark-win32-3.4.10.exe)=d6486f9015e60e633f0f2a7fd5152959c4bb749b
Wireshark-win64-3.4.10.msi: 49291264 bytes
SHA256(Wireshark-win64-3.4.10.msi)=b31288207b23700931ddb83785bcc9a9a775758029fbc1cdd653f65b8d802e7d
RIPEMD160(Wireshark-win64-3.4.10.msi)=d93a0cfebe7c2e412ade6e25c3a225b643d498e0
SHA1(Wireshark-win64-3.4.10.msi)=e36624c35824966255f768dc74148a7fe4a895d2
Wireshark-win32-3.4.10.msi: 43925504 bytes
SHA256(Wireshark-win32-3.4.10.msi)=6b6770e596968fdb0e68af3e3dba77631004f374accda085dc59df799011fa0f
RIPEMD160(Wireshark-win32-3.4.10.msi)=374b51b4934bd5d98023df4b8be355bf2c1515e9
SHA1(Wireshark-win32-3.4.10.msi)=df8a5c168bad317ff7b6ed1f12dec4926a2983f2
WiresharkPortable_3.4.10.paf.exe: 38220424 bytes
SHA256(WiresharkPortable_3.4.10.paf.exe)=85f2382b854be81ee7bc3deedaab41214e60e17a83c25822d4e5831c1d88e379
RIPEMD160(WiresharkPortable_3.4.10.paf.exe)=644f056554925fc37a44cfb247d0678efcb01c81
SHA1(WiresharkPortable_3.4.10.paf.exe)=8b36a16b9b602a1f5bb8cc37453fd1678e8fa476
Wireshark 3.4.10 Intel 64.dmg: 131298336 bytes
SHA256(Wireshark 3.4.10 Intel 64.dmg)=1267edf27870fe17e504f2377f78eb7510c4a13e4b53b9b00e171303208749c4
RIPEMD160(Wireshark 3.4.10 Intel 64.dmg)=880a76731ddaed630bfc575e36627cad1e239249
SHA1(Wireshark 3.4.10 Intel 64.dmg)=8783733e2f6f124c102b51f2e245d9deab11ff6d
You can validate these hashes using the following commands (among others):
Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAmGVXKYACgkQgiRKeOb+
rurDaQ//bZ7JSUS+v+eN1Te+TOBEmurQPc9oiY4/nQKa9vb4pKK3kP36zsUE59qT
hDCWWxijG4fgriFeMNKPJ9YErzEWyPkIEtXwyke2ubuIiNkRKhvSfz8BME49M9lD
ybPz/Rer2a/QS0+tU1LSd7NBArJdfxn3QtYbOLBkrqTSCH3eaxXQfKvM9mta10ZW
9YWxOVF8Lz4QqbolTb16ZgfcCI1XryOGs4W4Hd/YpaUnXvW6eYjIWs+KvCFQv/90
3nVjZbeMmW+lyLk1QhoLYo/wW+E80Cf8q5eCx/ohTauBIkcz2okpmB//UmYS4Ldv
YYyngLMIJpyZxry5YSg8lqBEwSOJh25cSxrKIdthzJMBFHAvtb7QKzGPPLBbvnnt
IBGq+u80/HqPRLdeBmbdS8e/YtHFSxTdLDb0wfNQ5p/Re/r9x35dFU/6Pafbr19E
s+FhEAcM66P7hECP91oDd6w3TuE9ZtdKzGNPUSezUSSn5D5FduLQ/lqGfnUV0qBm
ADi5tqoSkluGWfUefZ2KiUOlhQ4Lr82JaZbBnws8rY+krjRrGUxtnuwdKUTRNcTU
o5eWlVCvORvaKDJxaWw/3WoSpiP0dmio8XAz7gPxufyBcbw/xIQ+v53rmxIT7O6/
b97ZED+ZpU7kpYS8pnvTPPbj3nB4HHPpUkygHUvoUMxibFjOj2o=
=SVDw
-----END PGP SIGNATURE-----

53
SOURCES/SIGNATURES-4.2.6.txt
Unescape View File

@ -0,0 +1,53 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
wireshark-4.2.6.tar.xz: 45015272 bytes
SHA256(wireshark-4.2.6.tar.xz)=5ec6028df29068d889c98489bf194a884b00831106fea1e921fea3c65f2003f5
SHA1(wireshark-4.2.6.tar.xz)=db0374dce360b99d8abb9a3f3471f3fc98d6d099
Wireshark-4.2.6-arm64.exe: 67985184 bytes
SHA256(Wireshark-4.2.6-arm64.exe)=602b5b95249f8955c5a6dbc41b2012c3b06a26daafbb07ed5ea66fa43c7a6574
SHA1(Wireshark-4.2.6-arm64.exe)=4ee9ec6fc05a0d63f0f3d7110964689ab9f4f122
Wireshark-4.2.6-x64.exe: 86491216 bytes
SHA256(Wireshark-4.2.6-x64.exe)=ba679117304718a009092a5327abfdbc559031d9216512fc7540cb03d30a5545
SHA1(Wireshark-4.2.6-x64.exe)=129df64c8aa44d9ce2ad191fa783faffd71301ae
Wireshark-4.2.6-x64.msi: 62926848 bytes
SHA256(Wireshark-4.2.6-x64.msi)=cf8399afd61f2cadefd73b46dc9a206186502d30f6867457fe163a94574c1214
SHA1(Wireshark-4.2.6-x64.msi)=825e5d80806f2e613373255c1e3fd3d6d280e9f6
WiresharkPortable64_4.2.6.paf.exe: 53648680 bytes
SHA256(WiresharkPortable64_4.2.6.paf.exe)=5924198bbbcd75f8f4709799b5185be1a5c20f08f678534ed00675842bcbc5d9
SHA1(WiresharkPortable64_4.2.6.paf.exe)=dde23431f3878cafa6fb5f43e461259960b4f990
Wireshark 4.2.6 Arm 64.dmg: 65590940 bytes
SHA256(Wireshark 4.2.6 Arm 64.dmg)=11fc3f8b12b8369398e373058f9b8f0730e3228611ecf3d7ecc63c5f1855241e
SHA1(Wireshark 4.2.6 Arm 64.dmg)=57ef4f0600644c15566a9b6e9e2e71a1d2735b66
Wireshark 4.2.6 Intel 64.dmg: 69344904 bytes
SHA256(Wireshark 4.2.6 Intel 64.dmg)=41601877fa5294ec7c20f8d81c799612c6bca7fa689f237fdbf6595b5fc22071
SHA1(Wireshark 4.2.6 Intel 64.dmg)=391319afa4bd74af89baf3d73d820ab0171da0ac
You can validate these hashes using the following commands (among others):
Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
macOS: shasum -a 256 "Wireshark x.y.z Arm 64.dmg"
Other: openssl sha256 wireshark-x.y.z.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAmaO0uIACgkQgiRKeOb+
ruo+eQ//TQBxIVPnBX2isKfGpngWQ+e75/2Xk/00173P0lIiuV3x5gtRQ7SiVh5H
qC1bb6bbcD0+wK6BDU/K15eMQ30ODI0BdbQSElH9CaZZ6w84gAK2x+iJFy/kQl/O
3FQMM8v2MYMlN1Algs/czKDBK0Bbex/hCuIARMn60Z+35MEZvJqraY4aMTkBQ94t
uaJM2rZPq1kCU+eeX+KqRwJMvd11Re850j/YdzWPEvu9k1+isbB7drZKTmI9d1HT
HUIWpjYJDhJ2hFFamXHkY/OR/UVVTBfAJMSZ/nodHa2WKX2u76CnESqNTrFelUZs
jdtSTUA/S3DfcVvhx4FTWmwRmSgzAnauYwanFW9Zd+KuEKmPQA6JKBW4niUS11g8
Luj+bPG9rJwPfiwbTl1VtS9DiMrm6hWnmvzySqQ3PhyDIBXT/2tx6SQhcK2u2/Vk
LtIGBDqjGltaagex8zm89HBgp3ByDy1Jh2yOaC2cHdidrkL9Wqo8bniA58Dt5jZS
0hHrAg+tT65sLVd2huHAX6yHzgbWtFp4F6N3pKPE4OY9rBbkVA/oQqiYGTWK0eaP
FQfg3yWWRV159xbDl/DnfnJ6T9puKk1/u+bMwfmjRMr+CJFAe0c1qYn/t/eP7oKl
mm3hd2NmhFG5RFRCGTArl6IkCHSyV6GuUkgUPfRqyCt6rLZishs=
=t1tY
-----END PGP SIGNATURE-----

77
SOURCES/wireshark-0002-Customize-permission-denied-error.patch
Unescape View File

@ -1,57 +1,22 @@
From: Jan Safranek <jsafrane@redhat.com>
Date: Fri, 26 Nov 2010 14:30:45 +0300
Subject: [PATCH] Customize 'permission denied' error.
Add Fedora-specific message to error output when dumpcap cannot be started
because of permissions.
Signed-off-by: Jan Safranek <jsafrane@redhat.com>
diff --git a/capchild/capture_sync.c b/capchild/capture_sync.c
index 2f9d2cc..b18e47f 100644
--- a/capchild/capture_sync.c
+++ b/capchild/capture_sync.c
@@ -375,6 +375,7 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi
gchar *signal_pipe_name;
#else
char errmsg[1024+1];
+ const char *securitymsg = "";
int sync_pipe[2]; /* pipe used to send messages from child to parent */
enum PIPES { PIPE_READ, PIPE_WRITE }; /* Constants 0 and 1 for PIPE_READ and PIPE_WRITE */
#endif
@@ -728,8 +729,11 @@ sync_pipe_start(capture_options *capture_opts, capture_session *cap_session, voi
dup2(sync_pipe[PIPE_WRITE], 2);
ws_close(sync_pipe[PIPE_READ]);
execv(argv[0], argv);
- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
- argv[0], g_strerror(errno));
+ if (errno == EPERM || errno == EACCES)
+ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root.";
+ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
+ argv[0], g_strerror(errno), securitymsg);
diff --git a/capture/capture_sync.c b/capture/capture_sync.c
index af08b32..2e0fcb7 100644
--- a/capture/capture_sync.c
+++ b/capture/capture_sync.c
@@ -1825,8 +1832,16 @@ sync_pipe_input_cb(GIOChannel *pipe_io, capture_session *cap_session)
if (!ws_strtoi32(buffer, NULL, &exec_errno)) {
ws_warning("Invalid errno: %s", buffer);
}
- primary_msg = ws_strdup_printf("Couldn't run dumpcap in child process: %s",
+ if (exec_errno == EPERM || exec_errno == EACCES) {
+ const char *securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root.";
+ primary_msg = ws_strdup_printf("Couldn't run dumpcap in child process: %s%s",
+ g_strerror(exec_errno), securitymsg);
+ }
+ else {
+ primary_msg = ws_strdup_printf("Couldn't run dumpcap in child process: %s",
g_strerror(exec_errno));
+ }
+
sync_pipe_errmsg_to_parent(2, errmsg, "");
/* Exit with "_exit()", so that we don't close the connection
@@ -826,6 +830,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
int i;
#else
char errmsg[1024+1];
+ const char *securitymsg = "";
int sync_pipe[2]; /* pipe used to send messages from child to parent */
int data_pipe[2]; /* pipe used to send data from child to parent */
#endif
@@ -1003,8 +1008,11 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
ws_close(sync_pipe[PIPE_READ]);
ws_close(sync_pipe[PIPE_WRITE]);
execv(argv[0], argv);
- g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
- argv[0], g_strerror(errno));
+ execv(argv[0], (gpointer)argv);
+ if (errno == EPERM || errno == EACCES)
+ securitymsg = "\nAre you a member of the 'wireshark' group? Try running\n'usermod -a -G wireshark _your_username_' as root.";
+ g_snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s%s",
+ argv[0], g_strerror(errno), securitymsg);
sync_pipe_errmsg_to_parent(2, errmsg, "");
/* Exit with "_exit()", so that we don't close the connection
cap_session->error(cap_session, primary_msg, NULL);
/* the capture child will close the sync_pipe, nothing to do for now */
/* (an error message doesn't mean we have to stop capturing) */

4
SOURCES/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
Unescape View File

@ -4,10 +4,10 @@ Subject: [PATCH] fix string overrun in plugins/profinet
diff --git a/plugins/epan/profinet/packet-dcom-cba.c b/plugins/epan/profinet/packet-dcom-cba.c
index 0f1658a..f7fd322 100644
index 52c5017e1f..fb980269db 100644
--- a/plugins/epan/profinet/packet-dcom-cba.c
+++ b/plugins/epan/profinet/packet-dcom-cba.c
@@ -555,7 +555,7 @@ dissect_ICBAPhysicalDevice_get_LogicalDevice_rqst(tvbuff_t *tvb, int offset,
@@ -543,7 +543,7 @@ dissect_ICBAPhysicalDevice_get_LogicalDevice_rqst(tvbuff_t *tvb, int offset,
packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
{
guint32 u32Pointer;

8
SOURCES/wireshark-0004-Restore-Fedora-specific-groups.patch
Unescape View File

@ -3,10 +3,10 @@ Date: Fri, 13 Sep 2013 14:36:55 +0400
Subject: [PATCH] Restore Fedora-specific groups
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
diff --git a/wireshark.desktop b/wireshark.desktop
index 334db48..669c6f1 100644
--- a/wireshark.desktop
+++ b/wireshark.desktop
diff --git a/resources/freedesktop/org.wireshark.Wireshark.desktop b/resources/freedesktop/org.wireshark.Wireshark.desktop
index a880a50a33..a25d67d99b 100644
--- a/resources/freedesktop/org.wireshark.Wireshark.desktop
+++ b/resources/freedesktop/org.wireshark.Wireshark.desktop
@@ -108,4 +108,4 @@ Terminal=false
MimeType=application/vnd.tcpdump.pcap;application/x-pcapng;application/x-snoop;application/x-iptrace;application/x-lanalyzer;application/x-nettl;application/x-radcom;application/x-etherpeek;application/x-visualnetworks;application/x-netinstobserver;application/x-5view;application/x-tektronix-rf5;application/x-micropross-mplog;application/x-apple-packetlogger;application/x-endace-erf;application/ipfix;application/x-ixia-vwr;
# Category entry according to:

12
SOURCES/wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
Unescape View File

@ -1,16 +1,16 @@
From: Kenneth Soerensen <knnthsrnsn@gmail.com>
Date: Wed, 29 Jan 2014 16:04:12 +0400
Subject: [PATCH] Fix paths in a wireshark.desktop file
Subject: [PATCH] Fix paths in a org.wireshark.Wireshark.desktop file
diff --git a/wireshark.desktop b/wireshark.desktop
index 669c6f1..f7df1f3 100644
--- a/wireshark.desktop
+++ b/wireshark.desktop
diff --git a/resources/freedesktop/org.wireshark.Wireshark.desktop b/resources/freedesktop/org.wireshark.Wireshark.desktop
index a880a50a33..54b3595d55 100644
--- a/resources/freedesktop/org.wireshark.Wireshark.desktop
+++ b/resources/freedesktop/org.wireshark.Wireshark.desktop
@@ -102,8 +102,8 @@ Comment[tr]=Ağ trafiği çözümleyicisi
Comment[vi]=Trình phân tích giao thông mạng
Comment[uk]=Аналізатор мережевого трафіку
Icon=wireshark
Icon=org.wireshark.Wireshark
-TryExec=wireshark
-Exec=wireshark %f
+TryExec=/usr/bin/wireshark

163
SOURCES/wireshark-0006-Move-tmp-to-var-tmp.patch
Unescape View File

@ -5,45 +5,45 @@ Subject: [PATCH] Move /tmp to /var/tmp
Fedora is using tmpfs which is limited by the size of RAM, thus we need
to use different directory on different filesystem.
---
ui/qt/about_dialog.cpp | 3 +-
ui/qt/iax2_analysis_dialog.cpp | 5 +--
ui/qt/rtp_analysis_dialog.cpp | 5 +--
ui/qt/rtp_audio_stream.cpp | 3 +-
wsutil/tempfile.c | 9 +++---
wsutil/tempfile.h | 4 +--
wsutil/wstmpdir.c | 70 ++++++++++++++++++++++++++++++++++++++++++
wsutil/wstmpdir.h | 39 +++++++++++++++++++++++
8 files changed, 132 insertions(+), 11 deletions(-)
ui/qt/iax2_analysis_dialog.cpp | 5 ++-
ui/qt/utils/rtp_audio_file.cpp | 3 +-
wsutil/tempfile.c | 18 +++++++-
wsutil/tempfile.h | 2 +-
wsutil/wstmpdir.c | 71 ++++++++++++++++++++++++++++++++++
wsutil/wstmpdir.h | 39 +++++++++++++++++++
7 files changed, 134 insertions(+), 7 deletions(-)
create mode 100644 wsutil/wstmpdir.c
create mode 100644 wsutil/wstmpdir.h
diff --git a/ui/qt/about_dialog.cpp b/ui/qt/about_dialog.cpp
index 31dc581..2f74285 100644
index 752b669ac4..42c2be0fca 100644
--- a/ui/qt/about_dialog.cpp
+++ b/ui/qt/about_dialog.cpp
@@ -26,6 +26,7 @@
@@ -14,6 +14,7 @@
#include "wireshark_application.h"
#include "main_application.h"
#include <wsutil/filesystem.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <QDesktopServices>
#include <QUrl>
@@ -206,7 +206,7 @@ FolderListModel::FolderListModel(QObject * parent):
appendRow(QStringList() << tr("\"File\" dialogs") << get_last_open_dir() << tr("capture files"));
@@ -185,7 +186,7 @@ FolderListModel::FolderListModel(QObject * parent):
appendRow(QStringList() << tr("\"File\" dialogs") << get_open_dialog_initial_dir() << tr("capture files"));
/* temp */
- appendRow(QStringList() << tr("Temp") << g_get_tmp_dir() << tr("untitled capture files"));
+ appendRow(QStringList() << tr("Temp") << get_tmp_dir() << tr("untitled capture files"));
- appendRow(QStringList() << tr("Temp") << (global_capture_opts.temp_dir && global_capture_opts.temp_dir[0] ? global_capture_opts.temp_dir : g_get_tmp_dir()) << tr("untitled capture files"));
+ appendRow(QStringList() << tr("Temp") << (global_capture_opts.temp_dir && global_capture_opts.temp_dir[0] ? global_capture_opts.temp_dir : get_tmp_dir()) << tr("untitled capture files"));
/* pers conf */
appendRow(QStringList() << tr("Personal configuration")
diff --git a/ui/qt/iax2_analysis_dialog.cpp b/ui/qt/iax2_analysis_dialog.cpp
index ee4e5fd..fe17a95 100644
index 07b9b42e01..fb09de989b 100644
--- a/ui/qt/iax2_analysis_dialog.cpp
+++ b/ui/qt/iax2_analysis_dialog.cpp
@@ -37,6 +37,7 @@
@@ -25,6 +25,7 @@
#include "ui/rtp_stream.h"
#endif
#include <wsutil/utf8_entities.h>
@ -51,7 +51,7 @@ index ee4e5fd..fe17a95 100644
#include <wsutil/g711.h>
#include <wsutil/pint.h>
@@ -271,10 +272,10 @@ Iax2AnalysisDialog::Iax2AnalysisDialog(QWidget &parent, CaptureFile &cf) :
@@ -255,10 +256,10 @@ Iax2AnalysisDialog::Iax2AnalysisDialog(QWidget &parent, CaptureFile &cf) :
// We keep our temp files open for the lifetime of the dialog. The GTK+
// UI opens and closes at various points.
@ -64,113 +64,92 @@ index ee4e5fd..fe17a95 100644
rev_tempfile_ = new QTemporaryFile(tempname, this);
rev_tempfile_->open();
diff --git a/ui/qt/rtp_analysis_dialog.cpp b/ui/qt/rtp_analysis_dialog.cpp
index 5d82e46..8008984 100644
--- a/ui/qt/rtp_analysis_dialog.cpp
+++ b/ui/qt/rtp_analysis_dialog.cpp
@@ -37,6 +37,7 @@
#include <wsutil/g711.h>
#include <wsutil/pint.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <QMessageBox>
#include <QPushButton>
@@ -331,10 +332,10 @@ RtpAnalysisDialog::RtpAnalysisDialog(QWidget &parent, CaptureFile &cf, struct _r
// We keep our temp files open for the lifetime of the dialog. The GTK+
// UI opens and closes at various points.
- QString tempname = QString("%1/wireshark_rtp_f").arg(QDir::tempPath());
+ QString tempname = QString("%1/wireshark_rtp_f").arg(get_tmp_dir());
fwd_tempfile_ = new QTemporaryFile(tempname, this);
fwd_tempfile_->open();
- tempname = QString("%1/wireshark_rtp_r").arg(QDir::tempPath());
+ tempname = QString("%1/wireshark_rtp_r").arg(get_tmp_dir());
rev_tempfile_ = new QTemporaryFile(tempname, this);
rev_tempfile_->open();
diff --git a/ui/qt/rtp_audio_stream.cpp b/ui/qt/rtp_audio_stream.cpp
index fde66c8..b9531d2 100644
--- a/ui/qt/rtp_audio_stream.cpp
+++ b/ui/qt/rtp_audio_stream.cpp
@@ -37,6 +37,7 @@
#include <ui/rtp_stream.h>
diff --git a/ui/qt/utils/rtp_audio_file.cpp b/ui/qt/utils/rtp_audio_file.cpp
index 591a63bbf3..203f5c5286 100644
--- a/ui/qt/utils/rtp_audio_file.cpp
+++ b/ui/qt/utils/rtp_audio_file.cpp
@@ -31,6 +31,7 @@
#include <wsutil/nstime.h>
#include "rtp_audio_file.h"
#include <ws_attributes.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <QAudioFormat>
#include <QAudioOutput>
@@ -76,7 +77,7 @@ RtpAudioStream::RtpAudioStream(QObject *parent, _rtp_stream_info *rtp_stream) :
visual_sample_rate_, SPEEX_RESAMPLER_QUALITY_MIN, NULL);
speex_resampler_skip_zeros(visual_resampler_);
- QString tempname = QString("%1/wireshark_rtp_stream").arg(QDir::tempPath());
+ QString tempname = QString("%1/wireshark_rtp_stream").arg(get_tmp_dir());
tempfile_ = new QTemporaryFile(tempname, this);
tempfile_->open();
RtpAudioFile::RtpAudioFile(bool use_disk_for_temp, bool use_disk_for_frames):
real_pos_(0)
@@ -45,7 +46,7 @@ RtpAudioFile::RtpAudioFile(bool use_disk_for_temp, bool use_disk_for_frames):
tempname = "memory";
if (use_disk_for_temp) {
- tempname = QString("%1/wireshark_rtp_stream").arg(QDir::tempPath());
+ tempname = QString("%1/wireshark_rtp_stream").arg(get_tmp_dir());
sample_file_ = new QTemporaryFile(tempname, this);
} else {
sample_file_ = new QBuffer(this);
diff --git a/wsutil/tempfile.c b/wsutil/tempfile.c
index 5082452..f751a7c 100644
index 531ed91..bd6fd60 100644
--- a/wsutil/tempfile.c
+++ b/wsutil/tempfile.c
@@ -12,10 +12,12 @@
#include <glib.h>
@@ -10,6 +10,8 @@
#include "config.h"
#include "tempfile.h"
+#include <wsutil/file_util.h>
+#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
#include <errno.h>
@@ -39,7 +41,7 @@ sanitize_prefix(const char *prefix)
/**
* Create a tempfile with the given prefix (e.g. "wireshark"). The path
- * is created using g_file_open_tmp.
+ * is created using get_tmp_dir.
*
* @param tempdir [in] If not NULL, the directory in which to create the file.
* @param namebuf [in,out] If not NULL, receives the full path of the temp file.
* Must be freed.
@@ -30,6 +31,9 @@ create_tempfile(gchar **namebuf, const char *pfx, const char *sfx, GError **err)
@@ -55,13 +57,25 @@ create_tempfile(const char *tempdir, char **namebuf, const char *pfx, const char
{
int fd;
gchar *safe_pfx = NULL;
char *safe_pfx = sanitize_prefix(pfx);
+ gchar *tmp_file;
+ const char *tmp_dir;
+ int old_mask;
if (pfx) {
/* The characters in "delimiters" come from:
@@ -49,7 +53,15 @@ create_tempfile(gchar **namebuf, const char *pfx, const char *sfx, GError **err)
gchar* filetmpl = g_strdup_printf("%sXXXXXX%s", safe_pfx ? safe_pfx : "", sfx ? sfx : "");
g_free(safe_pfx);
- fd = g_file_open_tmp(filetmpl, namebuf, err);
+ tmp_dir = get_tmp_dir();
+ tmp_file = g_strconcat(tmp_dir, "/", filetmpl, NULL);
if (tempdir == NULL || tempdir[0] == '\0') {
/* Use OS default tempdir behaviour */
char* filetmpl = ws_strdup_printf("%sXXXXXX%s", safe_pfx ? safe_pfx : "", sfx ? sfx : "");
g_free(safe_pfx);
- fd = g_file_open_tmp(filetmpl, namebuf, err);
+ tmp_dir = get_tmp_dir();
+ tmp_file = g_strconcat(tmp_dir, "/", filetmpl, NULL);
+
+ if (namebuf)
+ *namebuf = tmp_file;
+ if (namebuf)
+ *namebuf = tmp_file;
+
+ old_mask = ws_umask(0077);
+ fd = mkstemps(tmp_file, sfx ? (int) strlen(sfx) : 0);
+ ws_umask(old_mask);
g_free(filetmpl);
return fd;
+ old_mask = ws_umask(0077);
+ fd = mkstemps(tmp_file, sfx ? (int) strlen(sfx) : 0);
+ ws_umask(old_mask);
+
g_free(filetmpl);
}
else {
diff --git a/wsutil/tempfile.h b/wsutil/tempfile.h
index 1dca2df..bb3160c 100644
index 70031b5419..72011e265a 100644
--- a/wsutil/tempfile.h
+++ b/wsutil/tempfile.h
@@ -45,7 +45,7 @@ WS_DLL_PUBLIC char *get_tempfile_path(const char *filename);
@@ -23,7 +23,7 @@ extern "C" {
/**
* Create a tempfile with the given prefix (e.g. "wireshark"). The path
- * is created using g_file_open_tmp.
+ * is created using get_tmp_dir and mkstemp.
*
* @param tempdir [in] If not NULL, the directory in which to create the file.
* @param namebuf [in,out] If not NULL, receives the full path of the temp file.
* Must be freed.
diff --git a/wsutil/wstmpdir.c b/wsutil/wstmpdir.c
new file mode 100644
index 0000000..d8b733b
index 0000000000..9128d354ce
--- /dev/null
+++ b/wsutil/wstmpdir.c
@@ -0,0 +1,71 @@
@ -247,7 +226,7 @@ index 0000000..d8b733b
+}
diff --git a/wsutil/wstmpdir.h b/wsutil/wstmpdir.h
new file mode 100644
index 0000000..07ac583
index 0000000000..07ac5837ac
--- /dev/null
+++ b/wsutil/wstmpdir.h
@@ -0,0 +1,39 @@
@ -291,5 +270,5 @@ index 0000000..07ac583
+
+#endif
--
2.13.0
2.37.3

20
SOURCES/wireshark-0007-cmakelists.patch
Unescape View File

@ -1,20 +1,20 @@
diff --git a/wsutil/CMakeLists.txt b/wsutil/CMakeLists.txt
index 0367cd1..6382a2c 100644
index a55086c..0149801 100644
--- a/wsutil/CMakeLists.txt
+++ b/wsutil/CMakeLists.txt
@@ -69,6 +69,7 @@ set(WSUTIL_PUBLIC_HEADERS
ws_mempbrk_int.h
ws_pipe.h
ws_printf.h
@@ -80,6 +80,7 @@ set(WSUTIL_PUBLIC_HEADERS
ws_roundup.h
ws_strptime.h
wsgcrypt.h
+ wstmpdir.h
wsjson.h
wslog.h
xtea.h
)
@@ -118,6 +118,7 @@ set(WSUTIL_COMMON_FILES
unicode-utils.c
ws_mempbrk.c
@@ -135,6 +136,7 @@ set(WSUTIL_COMMON_FILES
ws_pipe.c
+ wstmpdir.c
ws_strptime.c
wsgcrypt.c
+ wstmpdir.c
wsjson.c
wslog.c
xtea.c

14
SOURCES/wireshark-0008-pkgconfig.patch
Unescape View File

@ -0,0 +1,14 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 27fa752..7bdc036 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -4037,9 +4037,6 @@ install(
"${CMAKE_BINARY_DIR}/wireshark.pc"
DESTINATION
${CMAKE_INSTALL_LIBDIR}/pkgconfig
- COMPONENT
- "Development"
- EXCLUDE_FROM_ALL
)
install(

1893
SOURCES/wireshark-0009-smc-support.patch
View File

File diff suppressed because it is too large Load Diff

612
SOURCES/wireshark-0009-sync-pipe-stderr-messages.patch
Unescape View File

@ -0,0 +1,612 @@
From 4a454d8d626ade8804d2d492c796939d82b484b6 Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Thu, 28 Dec 2023 20:18:38 -0500
Subject: [PATCH] dumpcap: Don't use fd 2 (stderr) for the sync pipe
Don't use stderr for the sync pipe, because third party libraries
and functions sometimes pollute stderr with other information.
Instead, pass the information necessary to dumpcap as a parameter
to the special capture child option -Z.
On UN*X, that means passing the sync pipe write file descriptor, as
the child is created by fork + exec and shares the file descriptor table.
On Windows, the child process does not share the file descriptor table,
but it does share the HANDLE value for inherited handles, so pass that
instead. (The HANDLE is a void* and technically 64 bit, but only the
lower 32 bits are used for inherited handles that can be shared
and it is permissible to truncate:
https://learn.microsoft.com/en-us/windows/win32/procthread/inheritance
https://learn.microsoft.com/en-us/windows/win32/winprog64/interprocess-communication
https://learn.microsoft.com/en-us/windows/win32/WinProg64/rules-for-using-pointers
though perhaps in the future casting to an intptr_t makes more sense.)
Move the special Windows named signal pipe to its own long option
instead of using the parameter from the capture child option.
This means that we alter argv inside sync_pipe_open_command so change
the static functions and free argv there. Once glib 2.68 and later is
required a GStrvBuilder could be used instead.
Fix #12222
---
capture/capture_sync.c | 105 ++++++++++++++++++++---------------------
dumpcap.c | 85 +++++++++++++++++++++++----------
2 files changed, 112 insertions(+), 78 deletions(-)
diff --git a/capture/capture_sync.c b/capture/capture_sync.c
index 5c70baa6dfb..aa29a0b7ff7 100644
--- a/capture/capture_sync.c
+++ b/capture/capture_sync.c
@@ -115,14 +115,6 @@ static ssize_t pipe_read_block(GIOChannel *pipe_io, char *indicator, int len, ch
static void (*fetch_dumpcap_pid)(ws_process_id) = NULL;
-static void free_argv(char** argv, int argc)
-{
- int i;
- for (i = 0; i < argc; i++)
- g_free(argv[i]);
- g_free(argv);
-}
-
void
capture_session_init(capture_session *cap_session, capture_file *cf,
new_file_fn new_file, new_packets_fn new_packets,
@@ -202,6 +194,8 @@ void capture_process_finished(capture_session *cap_session)
/* Append an arg (realloc) to an argc/argv array */
/* (add a string pointer to a NULL-terminated array of string pointers) */
+/* XXX: For glib >= 2.68 we could use a GStrvBuilder.
+ */
static char **
sync_pipe_add_arg(char **args, int *argc, const char *arg)
{
@@ -277,12 +271,12 @@ pipe_io_cb(GIOChannel *pipe_io, GIOCondition condition _U_, void * user_data)
#define PIPE_BUF_SIZE 5120
static int
#ifdef _WIN32
-sync_pipe_open_command(char* const argv[], int *data_read_fd,
+sync_pipe_open_command(char **argv, int *data_read_fd,
GIOChannel **message_read_io, int *signal_write_fd,
ws_process_id *fork_child, GArray *ifaces,
char **msg, void(*update_cb)(void))
#else
-sync_pipe_open_command(char* const argv[], int *data_read_fd,
+sync_pipe_open_command(char **argv, int *data_read_fd,
GIOChannel **message_read_io, int *signal_write_fd _U_,
ws_process_id *fork_child, GArray *ifaces _U_,
char **msg, void(*update_cb)(void))
@@ -290,6 +284,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
{
enum PIPES { PIPE_READ, PIPE_WRITE }; /* Constants 0 and 1 for PIPE_READ and PIPE_WRITE */
int message_read_fd = -1;
+ char sync_id[ARGV_NUMBER_LEN];
#ifdef _WIN32
HANDLE sync_pipe[2]; /* pipe used to send messages from child to parent */
HANDLE data_pipe[2]; /* pipe used to send data from child to parent */
@@ -320,6 +315,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
if (!msg) {
/* We can't return anything */
+ g_strfreev(argv);
#ifdef _WIN32
g_string_free(args, true);
#endif
@@ -338,6 +334,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
/* Couldn't create the message pipe between parent and child. */
*msg = ws_strdup_printf("Couldn't create sync pipe: %s",
win32strerror(GetLastError()));
+ g_strfreev(argv);
return -1;
}
@@ -351,6 +348,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
message_read_fd = _open_osfhandle( (intptr_t) sync_pipe[PIPE_READ], _O_BINARY);
if (message_read_fd == -1) {
*msg = ws_strdup_printf("Couldn't get C file handle for message read pipe: %s", g_strerror(errno));
+ g_strfreev(argv);
CloseHandle(sync_pipe[PIPE_READ]);
CloseHandle(sync_pipe[PIPE_WRITE]);
return -1;
@@ -363,6 +361,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
/* Couldn't create the message pipe between parent and child. */
*msg = ws_strdup_printf("Couldn't create data pipe: %s",
win32strerror(GetLastError()));
+ g_strfreev(argv);
ws_close(message_read_fd); /* Should close sync_pipe[PIPE_READ] */
CloseHandle(sync_pipe[PIPE_WRITE]);
return -1;
@@ -378,6 +377,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
*data_read_fd = _open_osfhandle( (intptr_t) data_pipe[PIPE_READ], _O_BINARY);
if (*data_read_fd == -1) {
*msg = ws_strdup_printf("Couldn't get C file handle for data read pipe: %s", g_strerror(errno));
+ g_strfreev(argv);
CloseHandle(data_pipe[PIPE_READ]);
CloseHandle(data_pipe[PIPE_WRITE]);
ws_close(message_read_fd); /* Should close sync_pipe[PIPE_READ] */
@@ -398,6 +398,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
/* Couldn't create the signal pipe between parent and child. */
*msg = ws_strdup_printf("Couldn't create signal pipe: %s",
win32strerror(GetLastError()));
+ g_strfreev(argv);
ws_close(message_read_fd); /* Should close sync_pipe[PIPE_READ] */
CloseHandle(sync_pipe[PIPE_WRITE]);
return -1;
@@ -414,6 +415,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
if (signal_pipe_write_fd == -1) {
/* Couldn't create the pipe between parent and child. */
*msg = ws_strdup_printf("Couldn't get C file handle for sync pipe: %s", g_strerror(errno));
+ g_strfreev(argv);
ws_close(message_read_fd); /* Should close sync_pipe[PIPE_READ] */
CloseHandle(sync_pipe[PIPE_WRITE]);
CloseHandle(signal_pipe);
@@ -439,7 +441,25 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
si.hStdInput = NULL; /* handle for named pipe*/
si.hStdOutput = data_pipe[PIPE_WRITE];
}
- si.hStdError = sync_pipe[PIPE_WRITE];
+ si.hStdError = GetStdHandle(STD_ERROR_HANDLE);
+
+ /* On Windows, "[a]n inherited handle refers to the same object in the child
+ * process as it does in the parent process. It also has the same value."
+ * https://learn.microsoft.com/en-us/windows/win32/procthread/inheritance
+ * When converted to a file descriptor (via _open_osfhandle), the fd
+ * value is not necessarily the same in the two processes, but the handle
+ * value can be shared.
+ * A HANDLE is a void* though "64-bit versions of Windows use 32-bit handles
+ * for interoperability... only the lower 32 bits are significant, so it is
+ * safe to truncate the handle... or sign-extend the handle"
+ * https://learn.microsoft.com/en-us/windows/win32/winprog64/interprocess-communication
+ * So it should be fine to call PtrToLong instead of casting to intptr_t.
+ * https://learn.microsoft.com/en-us/windows/win32/WinProg64/rules-for-using-pointers
+ */
+ int argc = g_strv_length(argv);
+ argv = sync_pipe_add_arg(argv, &argc, "-Z");
+ snprintf(sync_id, ARGV_NUMBER_LEN, "%ld", PtrToLong(sync_pipe[PIPE_WRITE]));
+ argv = sync_pipe_add_arg(argv, &argc, sync_id);
#endif
if (ifaces) {
@@ -458,7 +478,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
if (si.hStdOutput && (si.hStdOutput != si.hStdInput)) {
handles[i_handles++] = si.hStdOutput;
}
- handles[i_handles++] = si.hStdError;
+ handles[i_handles++] = sync_pipe[PIPE_WRITE];
if (ifaces) {
for (j = 0; j < ifaces->len; j++) {
interface_opts = &g_array_index(ifaces, interface_options, j);
@@ -491,6 +511,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
}
ws_close(message_read_fd); /* Should close sync_pipe[PIPE_READ] */
CloseHandle(sync_pipe[PIPE_WRITE]);
+ g_strfreev(argv);
g_string_free(args, true);
g_free(handles);
return -1;
@@ -498,6 +519,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
*fork_child = pi.hProcess;
/* We may need to store this and close it later */
CloseHandle(pi.hThread);
+ g_strfreev(argv);
g_string_free(args, true);
g_free(handles);
@@ -509,6 +531,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
if (pipe(sync_pipe) < 0) {
/* Couldn't create the message pipe between parent and child. */
*msg = ws_strdup_printf("Couldn't create sync pipe: %s", g_strerror(errno));
+ g_strfreev(argv);
return -1;
}
@@ -517,6 +540,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
if (pipe(data_pipe) < 0) {
/* Couldn't create the data pipe between parent and child. */
*msg = ws_strdup_printf("Couldn't create data pipe: %s", g_strerror(errno));
+ g_strfreev(argv);
ws_close(sync_pipe[PIPE_READ]);
ws_close(sync_pipe[PIPE_WRITE]);
return -1;
@@ -533,11 +557,16 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
ws_close(data_pipe[PIPE_READ]);
ws_close(data_pipe[PIPE_WRITE]);
}
- dup2(sync_pipe[PIPE_WRITE], 2);
ws_close(sync_pipe[PIPE_READ]);
- ws_close(sync_pipe[PIPE_WRITE]);
+ /* dumpcap should be running in capture child mode (hidden feature) */
+#ifndef DEBUG_CHILD
+ int argc = g_strv_length(argv);
+ argv = sync_pipe_add_arg(argv, &argc, "-Z");
+ snprintf(sync_id, ARGV_NUMBER_LEN, "%d", sync_pipe[PIPE_WRITE]);
+ argv = sync_pipe_add_arg(argv, &argc, sync_id);
+#endif
execv(argv[0], argv);
- sync_pipe_write_int_msg(2, SP_EXEC_FAILED, errno);
+ sync_pipe_write_int_msg(sync_pipe[PIPE_WRITE], SP_EXEC_FAILED, errno);
/* Exit with "_exit()", so that we don't close the connection
to the X server (and cause stuff buffered up by our parent but
@@ -549,6 +578,8 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
_exit(1);
}
+ g_strfreev(argv);
+
if (fetch_dumpcap_pid && *fork_child > 0)
fetch_dumpcap_pid(*fork_child);
@@ -556,6 +587,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
*data_read_fd = data_pipe[PIPE_READ];
}
message_read_fd = sync_pipe[PIPE_READ];
+
#endif
/* Parent process - read messages from the child process over the
@@ -863,14 +895,12 @@ sync_pipe_start(capture_options *capture_opts, GPtrArray *capture_comments,
}
}
- /* dumpcap should be running in capture child mode (hidden feature) */
#ifndef DEBUG_CHILD
- argv = sync_pipe_add_arg(argv, &argc, "-Z");
#ifdef _WIN32
+ /* pass process id to dumpcap for named signal pipe */
+ argv = sync_pipe_add_arg(argv, &argc, "--signal-pipe");
snprintf(control_id, ARGV_NUMBER_LEN, "%ld", GetCurrentProcessId());
argv = sync_pipe_add_arg(argv, &argc, control_id);
-#else
- argv = sync_pipe_add_arg(argv, &argc, SIGNAL_PIPE_CTRL_ID_NONE);
#endif
#endif
@@ -899,13 +929,11 @@ sync_pipe_start(capture_options *capture_opts, GPtrArray *capture_comments,
if (ret == -1) {
report_failure("%s", msg);
g_free(msg);
- free_argv(argv, argc);
return false;
}
/* Parent process - read messages from the child process over the
sync pipe. */
- free_argv(argv, argc);
cap_session->fork_child_status = 0;
cap_session->cap_data_info = cap_data;
@@ -964,7 +992,7 @@ sync_pipe_close_command(int *data_read_fd, GIOChannel *message_read_io,
/* XXX - assumes PIPE_BUF_SIZE > SP_MAX_MSG_LEN */
#define PIPE_BUF_SIZE 5120
static int
-sync_pipe_run_command_actual(char* const argv[], char **data, char **primary_msg,
+sync_pipe_run_command_actual(char **argv, char **data, char **primary_msg,
char **secondary_msg, void(*update_cb)(void))
{
char *msg;
@@ -1176,7 +1204,7 @@ sync_pipe_run_command_actual(char* const argv[], char **data, char **primary_msg
* redirects to sync_pipe_run_command_actual()
*/
static int
-sync_pipe_run_command(char* const argv[], char **data, char **primary_msg,
+sync_pipe_run_command(char **argv, char **data, char **primary_msg,
char **secondary_msg, void (*update_cb)(void))
{
int ret, i;
@@ -1241,22 +1269,14 @@ sync_interface_set_80211_chan(const char *iface, const char *freq, const char *t
*primary_msg = g_strdup("Out of mem.");
*secondary_msg = NULL;
*data = NULL;
- free_argv(argv, argc);
return -1;
}
argv = sync_pipe_add_arg(argv, &argc, "-k");
argv = sync_pipe_add_arg(argv, &argc, opt);
-#ifndef DEBUG_CHILD
- /* Run dumpcap in capture child mode */
- argv = sync_pipe_add_arg(argv, &argc, "-Z");
- argv = sync_pipe_add_arg(argv, &argc, SIGNAL_PIPE_CTRL_ID_NONE);
-#endif
-
ret = sync_pipe_run_command(argv, data, primary_msg, secondary_msg, update_cb);
g_free(opt);
- free_argv(argv, argc);
return ret;
}
@@ -1294,13 +1314,7 @@ sync_interface_list_open(char **data, char **primary_msg,
/* Ask for the interface list */
argv = sync_pipe_add_arg(argv, &argc, "-D");
-#ifndef DEBUG_CHILD
- /* Run dumpcap in capture child mode */
- argv = sync_pipe_add_arg(argv, &argc, "-Z");
- argv = sync_pipe_add_arg(argv, &argc, SIGNAL_PIPE_CTRL_ID_NONE);
-#endif
ret = sync_pipe_run_command(argv, data, primary_msg, secondary_msg, update_cb);
- free_argv(argv, argc);
return ret;
}
@@ -1348,13 +1362,7 @@ sync_if_capabilities_open(const char *ifname, bool monitor_mode, const char* aut
argv = sync_pipe_add_arg(argv, &argc, auth);
}
-#ifndef DEBUG_CHILD
- /* Run dumpcap in capture child mode */
- argv = sync_pipe_add_arg(argv, &argc, "-Z");
- argv = sync_pipe_add_arg(argv, &argc, SIGNAL_PIPE_CTRL_ID_NONE);
-#endif
ret = sync_pipe_run_command(argv, data, primary_msg, secondary_msg, update_cb);
- free_argv(argv, argc);
return ret;
}
@@ -1449,20 +1451,17 @@ sync_interface_stats_open(int *data_read_fd, ws_process_id *fork_child, char **d
argv = sync_pipe_add_arg(argv, &argc, "-S");
#ifndef DEBUG_CHILD
- argv = sync_pipe_add_arg(argv, &argc, "-Z");
#ifdef _WIN32
+ argv = sync_pipe_add_arg(argv, &argc, "--signal-pipe");
ret = create_dummy_signal_pipe(msg);
if (ret == -1) {
return -1;
}
argv = sync_pipe_add_arg(argv, &argc, dummy_control_id);
-#else
- argv = sync_pipe_add_arg(argv, &argc, SIGNAL_PIPE_CTRL_ID_NONE);
#endif
#endif
ret = sync_pipe_open_command(argv, data_read_fd, &message_read_io, NULL,
fork_child, NULL, msg, update_cb);
- free_argv(argv, argc);
if (ret == -1) {
return -1;
}
diff --git a/dumpcap.c b/dumpcap.c
index b5a5423..533aa96 100644
--- a/dumpcap.c
+++ b/dumpcap.c
@@ -130,6 +130,7 @@ static gchar *sig_pipe_name = NULL;
static HANDLE sig_pipe_handle = NULL;
static gboolean signal_pipe_check_running(void);
#endif
+static int sync_pipe_fd = 2;
#ifdef ENABLE_ASAN
/* This has public visibility so that if compiled with shared libasan (the
@@ -562,7 +563,7 @@ dumpcap_cmdarg_err(const char *fmt, va_list ap)
gchar *msg;
/* Generate a 'special format' message back to parent */
msg = ws_strdup_vprintf(fmt, ap);
- sync_pipe_write_errmsgs_to_parent(2, msg, "");
+ sync_pipe_write_errmsgs_to_parent(sync_pipe_fd, msg, "");
g_free(msg);
} else {
fprintf(stderr, "dumpcap: ");
@@ -582,7 +583,7 @@ dumpcap_cmdarg_err_cont(const char *fmt, va_list ap)
if (capture_child) {
gchar *msg;
msg = ws_strdup_vprintf(fmt, ap);
- sync_pipe_write_errmsgs_to_parent(2, msg, "");
+ sync_pipe_write_errmsgs_to_parent(sync_pipe_fd, msg, "");
g_free(msg);
} else {
vfprintf(stderr, fmt, ap);
@@ -1007,7 +1008,7 @@ show_filter_code(capture_options *capture_opts)
#endif
if (capture_child) {
/* Let our parent know we succeeded. */
- sync_pipe_write_string_msg(2, SP_SUCCESS, NULL);
+ sync_pipe_write_string_msg(sync_pipe_fd, SP_SUCCESS, NULL);
}
return TRUE;
}
@@ -1029,7 +1030,7 @@ print_machine_readable_interfaces(GList *if_list)
if (capture_child) {
/* Let our parent know we succeeded. */
- sync_pipe_write_string_msg(2, SP_SUCCESS, NULL);
+ sync_pipe_write_string_msg(sync_pipe_fd, SP_SUCCESS, NULL);
}
i = 1; /* Interface id number */
@@ -1096,7 +1097,7 @@ print_machine_readable_if_capabilities(if_capabilities_t *caps, int queries)
if (capture_child) {
/* Let our parent know we succeeded. */
- sync_pipe_write_string_msg(2, SP_SUCCESS, NULL);
+ sync_pipe_write_string_msg(sync_pipe_fd, SP_SUCCESS, NULL);
}
if (queries & CAPS_QUERY_LINK_TYPES) {
@@ -1197,7 +1198,7 @@ print_statistics_loop(gboolean machine_readable)
if (capture_child) {
/* Let our parent know we succeeded. */
- sync_pipe_write_string_msg(2, SP_SUCCESS, NULL);
+ sync_pipe_write_string_msg(sync_pipe_fd, SP_SUCCESS, NULL);
}
if (!machine_readable) {
@@ -4985,7 +4986,7 @@ capture_loop_write_pcapng_cb(capture_src *pcap_src, const pcapng_block_header_t
ws_info("Sending SP_FILE on first SHB");
#endif
/* SHB is now ready for capture parent to read on SP_FILE message */
- sync_pipe_write_string_msg(2, SP_FILE, report_capture_filename);
+ sync_pipe_write_string_msg(sync_pipe_fd, SP_FILE, report_capture_filename);
report_capture_filename = NULL;
}
}
@@ -5214,7 +5215,7 @@ set_80211_channel(const char *iface, const char *opt)
}
if (capture_child)
- sync_pipe_write_string_msg(2, SP_SUCCESS, NULL);
+ sync_pipe_write_string_msg(sync_pipe_fd, SP_SUCCESS, NULL);
out:
g_strfreev(options);
@@ -5238,6 +5239,9 @@ gather_dumpcap_runtime_info(feature_list l)
#define LONGOPT_IFNAME LONGOPT_BASE_APPLICATION+1
#define LONGOPT_IFDESCR LONGOPT_BASE_APPLICATION+2
#define LONGOPT_CAPTURE_COMMENT LONGOPT_BASE_APPLICATION+3
+#ifdef _WIN32
+#define LONGOPT_SIGNAL_PIPE LONGOPT_BASE_APPLICATION+4
+#endif
/* And now our feature presentation... [ fade to music ] */
int
@@ -5252,6 +5256,9 @@ main(int argc, char *argv[])
{"ifname", ws_required_argument, NULL, LONGOPT_IFNAME},
{"ifdescr", ws_required_argument, NULL, LONGOPT_IFDESCR},
{"capture-comment", ws_required_argument, NULL, LONGOPT_CAPTURE_COMMENT},
+#ifdef _WIN32
+ {"signal-pipe", ws_required_argument, NULL, LONGOPT_SIGNAL_PIPE},
+#endif
{0, 0, 0, 0 }
};
@@ -5308,10 +5315,31 @@ main(int argc, char *argv[])
if (strcmp("-Z", argv[i]) == 0) {
capture_child = TRUE;
machine_readable = TRUE; /* request machine-readable output */
+ i++;
+ if (i >= argc) {
+ exit_main(1);
+ }
+
+ if (strcmp(argv[i], SIGNAL_PIPE_CTRL_ID_NONE) != 0) {
+ // get_positive_int calls cmdarg_err
+ if (!ws_strtoi(argv[i], NULL, &sync_pipe_fd) || sync_pipe_fd <= 0) {
+ exit_main(1);
+ }
#ifdef _WIN32
- /* set output pipe to binary mode, to avoid ugly text conversions */
- _setmode(2, O_BINARY);
+ /* On UN*X the fd is the same when we fork + exec.
+ * On Windows the HANDLE value is the same for inherited
+ * handles in the child process and the parent, although
+ * not necessarily the fd value from _open_osfhandle.
+ * https://learn.microsoft.com/en-us/windows/win32/procthread/inheritance
+ * Also, "64-bit versions of Windows use 32-bit handles for
+ * interoperability... only the lower 32 bits are significant,
+ * so it is safe to truncate... or sign-extend the handle."
+ * https://learn.microsoft.com/en-us/windows/win32/winprog64/interprocess-communication
+ */
+ /* set output pipe to binary mode, avoid ugly text conversions */
+ sync_pipe_fd = _open_osfhandle( (intptr_t) sync_pipe_fd, _O_BINARY);
#endif
+ }
}
}
@@ -5628,9 +5656,17 @@ main(int argc, char *argv[])
break;
case 'Z':
capture_child = TRUE;
+ /*
+ * Handled above
+ */
+ break;
#ifdef _WIN32
- /* set output pipe to binary mode, to avoid ugly text conversions */
- _setmode(2, O_BINARY);
+ case LONGOPT_SIGNAL_PIPE:
+ if (!capture_child) {
+ /* We have already checked for -Z at the very beginning. */
+ cmdarg_err("--signal-pipe may only be specified with -Z");
+ exit_main(1);
+ }
/*
* ws_optarg = the control ID, aka the PPID, currently used for the
* signal pipe name.
@@ -5646,9 +5682,8 @@ main(int argc, char *argv[])
exit_main(1);
}
}
-#endif
break;
-
+#endif
case 'q': /* Quiet */
quiet = TRUE;
break;
@@ -5885,7 +5920,7 @@ main(int argc, char *argv[])
char *error_msg = ws_strdup_printf("The capabilities of the capture device "
"\"%s\" could not be obtained (%s)",
interface_opts->name, open_status_str);
- sync_pipe_write_errmsgs_to_parent(2, error_msg,
+ sync_pipe_write_errmsgs_to_parent(sync_pipe_fd, error_msg,
get_pcap_failure_secondary_error_message(open_status, open_status_str));
g_free(error_msg);
}
@@ -6032,7 +6067,7 @@ dumpcap_log_writer(const char *domain, enum ws_log_level level,
#endif
if (capture_child) {
gchar *msg = ws_strdup_vprintf(user_format, user_ap);
- sync_pipe_write_errmsgs_to_parent(2, msg, "");
+ sync_pipe_write_errmsgs_to_parent(sync_pipe_fd, msg, "");
g_free(msg);
} else {
ws_log_console_writer(domain, level, file, line, func, mft, user_format, user_ap);
@@ -6052,7 +6087,7 @@ dumpcap_log_writer(const char *domain, enum ws_log_level level,
/* to parent especially formatted if dumpcap running as child. */
if (capture_child) {
gchar *msg = ws_strdup_vprintf(user_format, user_ap);
- sync_pipe_write_errmsgs_to_parent(2, msg, "");
+ sync_pipe_write_errmsgs_to_parent(sync_pipe_fd, msg, "");
g_free(msg);
} else if(ws_log_msg_is_active(domain, level)) {
ws_log_console_writer(domain, level, file, line, func, mft, user_format, user_ap);
@@ -6071,7 +6106,7 @@ report_packet_count(unsigned int packet_count)
if (capture_child) {
ws_debug("Packets: %u", packet_count);
- sync_pipe_write_uint_msg(2, SP_PACKET_COUNT, packet_count);
+ sync_pipe_write_uint_msg(sync_pipe_fd, SP_PACKET_COUNT, packet_count);
} else {
count += packet_count;
fprintf(stderr, "\rPackets: %u ", count);
@@ -6092,7 +6127,7 @@ report_new_capture_file(const char *filename)
#endif
report_capture_filename = filename;
} else {
- sync_pipe_write_string_msg(2, SP_FILE, filename);
+ sync_pipe_write_string_msg(sync_pipe_fd, SP_FILE, filename);
}
} else {
#ifdef SIGINFO
@@ -6132,7 +6167,7 @@ report_cfilter_error(capture_options *capture_opts, guint i, const char *errmsg)
if (capture_child) {
snprintf(tmp, sizeof(tmp), "%u:%s", i, errmsg);
ws_debug("Capture filter error: %s", errmsg);
- sync_pipe_write_string_msg(2, SP_BAD_FILTER, tmp);
+ sync_pipe_write_string_msg(sync_pipe_fd, SP_BAD_FILTER, tmp);
} else {
/*
* clopts_step_invalid_capfilter in test/suite-clopts.sh MUST match
@@ -6155,7 +6190,7 @@ report_capture_error(const char *error_msg, const char *secondary_error_msg)
if (capture_child) {
ws_debug("Primary Error: %s", error_msg);
ws_debug("Secondary Error: %s", secondary_error_msg);
- sync_pipe_write_errmsgs_to_parent(2, error_msg, secondary_error_msg);
+ sync_pipe_write_errmsgs_to_parent(sync_pipe_fd, error_msg, secondary_error_msg);
} else {
cmdarg_err("%s", error_msg);
if (secondary_error_msg[0] != '\0')
@@ -6173,7 +6208,7 @@ report_packet_drops(guint32 received, guint32 pcap_drops, guint32 drops, guint32
ws_debug("Packets received/dropped on interface '%s': %u/%u (pcap:%u/dumpcap:%u/flushed:%u/ps_ifdrop:%u)",
name, received, total_drops, pcap_drops, drops, flushed, ps_ifdrop);
- sync_pipe_write_string_msg(2, SP_DROPS, tmp);
+ sync_pipe_write_string_msg(sync_pipe_fd, SP_DROPS, tmp);
g_free(tmp);
} else {
fprintf(stderr,

56
SOURCES/wireshark-0010-fips-ripemd160.patch
Unescape View File

@ -1,56 +0,0 @@
diff --git a/capinfos.c b/capinfos.c
index 5536766..12b141e 100644
--- a/capinfos.c
+++ b/capinfos.c
@@ -739,7 +739,8 @@ print_stats(const gchar *filename, capture_info *cf_info)
}
if (cap_file_hashes) {
printf ("SHA256: %s\n", file_sha256);
- printf ("RIPEMD160: %s\n", file_rmd160);
+ if(!gcry_fips_mode_active())
+ printf ("RIPEMD160: %s\n", file_rmd160);
printf ("SHA1: %s\n", file_sha1);
}
if (cap_order) printf ("Strict time order: %s\n", order_string(cf_info->order));
@@ -851,7 +852,8 @@ print_stats_table_header(void)
if (cap_packet_rate) print_stats_table_header_label("Average packet rate (packets/sec)");
if (cap_file_hashes) {
print_stats_table_header_label("SHA256");
- print_stats_table_header_label("RIPEMD160");
+ if(!gcry_fips_mode_active())
+ print_stats_table_header_label("RIPEMD160");
print_stats_table_header_label("SHA1");
}
if (cap_order) print_stats_table_header_label("Strict time order");
@@ -1447,7 +1449,10 @@ print_usage(FILE *output)
fprintf(output, " -E display the capture file encapsulation\n");
fprintf(output, " -I display the capture file interface information\n");
fprintf(output, " -F display additional capture file information\n");
- fprintf(output, " -H display the SHA256, RMD160, and SHA1 hashes of the file\n");
+ if(!gcry_fips_mode_active())
+ fprintf(output, " -H display the SHA256 and SHA1 hashes of the file\n");
+ else
+ fprintf(output, " -H display the SHA256, RMD160, and SHA1 hashes of the file\n");
fprintf(output, " -k display the capture comment\n");
fprintf(output, "\n");
fprintf(output, "Size infos:\n");
@@ -1795,7 +1800,8 @@ main(int argc, char *argv[])
gcry_check_version(NULL);
gcry_md_open(&hd, GCRY_MD_SHA256, 0);
if (hd) {
- gcry_md_enable(hd, GCRY_MD_RMD160);
+ if(!gcry_fips_mode_active())
+ gcry_md_enable(hd, GCRY_MD_RMD160);
gcry_md_enable(hd, GCRY_MD_SHA1);
}
hash_buf = (char *)g_malloc(HASH_BUF_SIZE);
@@ -1817,7 +1823,8 @@ main(int argc, char *argv[])
}
gcry_md_final(hd);
hash_to_str(gcry_md_read(hd, GCRY_MD_SHA256), HASH_SIZE_SHA256, file_sha256);
- hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, file_rmd160);
+ if(!gcry_fips_mode_active())
+ hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, file_rmd160);
hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA1, file_sha1);
}
if (fh) fclose(fh);

142
SOURCES/wireshark-0011-cve-2022-3190.patch
Unescape View File

@ -1,142 +0,0 @@
From 0f27a83c5692b2afebe6e6934c1051f76aa2ecf9 Mon Sep 17 00:00:00 2001
From: Jason Cohen <kryojenik2@gmail.com>
Date: Wed, 31 Aug 2022 11:10:17 -0500
Subject: [PATCH] f5ethtrailer: Improve "old-style" heuristic
Remove a chance for an infinate loop in the disection heuristic.
---
epan/dissectors/packet-f5ethtrailer.c | 108 +++++++++++++-------------
1 file changed, 56 insertions(+), 52 deletions(-)
diff --git a/epan/dissectors/packet-f5ethtrailer.c b/epan/dissectors/packet-f5ethtrailer.c
index b2ba8f899d..915348ea83 100644
--- a/epan/dissectors/packet-f5ethtrailer.c
+++ b/epan/dissectors/packet-f5ethtrailer.c
@@ -2751,69 +2751,73 @@ dissect_dpt_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *d
static gint
dissect_old_trailer(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
- proto_tree *type_tree = NULL;
- proto_item *ti = NULL;
guint offset = 0;
- guint processed = 0;
- f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data;
- guint8 type;
- guint8 len;
- guint8 ver;
/* While we still have data in the trailer. For old format trailers, this needs
* type, length, version (3 bytes) and for new format trailers, the magic header (4 bytes).
* All old format trailers are at least 4 bytes long, so just check for length of magic.
*/
- while (tvb_reported_length_remaining(tvb, offset)) {
- type = tvb_get_guint8(tvb, offset);
- len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION;
- ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION);
-
- if (len <= tvb_reported_length_remaining(tvb, offset) && type >= F5TYPE_LOW
- && type <= F5TYPE_HIGH && len >= F5_MIN_SANE && len <= F5_MAX_SANE
- && ver <= F5TRAILER_VER_MAX) {
- /* Parse out the specified trailer. */
- switch (type) {
- case F5TYPE_LOW:
- ti = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA);
- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low);
-
- processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
- if (processed > 0) {
- tdata->trailer_len += processed;
- tdata->noise_low = 1;
- }
- break;
- case F5TYPE_MED:
- ti = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA);
- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med);
-
- processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
- if (processed > 0) {
- tdata->trailer_len += processed;
- tdata->noise_med = 1;
- }
- break;
- case F5TYPE_HIGH:
- ti = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA);
- type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high);
-
- processed =
- dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
- if (processed > 0) {
- tdata->trailer_len += processed;
- tdata->noise_high = 1;
- }
- break;
+ while (tvb_reported_length_remaining(tvb, offset) >= F5_MIN_SANE) {
+ /* length field does not include the type and length bytes. Add them back in */
+ guint8 len = tvb_get_guint8(tvb, offset + F5_OFF_LENGTH) + F5_OFF_VERSION;
+ if (len > tvb_reported_length_remaining(tvb, offset)
+ || len < F5_MIN_SANE || len > F5_MAX_SANE) {
+ /* Invalid length - either a malformed trailer, corrupt packet, or not f5ethtrailer */
+ return offset;
+ }
+ guint8 type = tvb_get_guint8(tvb, offset);
+ guint8 ver = tvb_get_guint8(tvb, offset + F5_OFF_VERSION);
+
+ /* Parse out the specified trailer. */
+ proto_tree *type_tree = NULL;
+ proto_item *ti = NULL;
+ f5eth_tap_data_t *tdata = (f5eth_tap_data_t *)data;
+ guint processed = 0;
+
+ switch (type) {
+ case F5TYPE_LOW:
+ ti = proto_tree_add_item(tree, hf_low_id, tvb, offset, len, ENC_NA);
+ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_low);
+
+ processed = dissect_low_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
+ if (processed > 0) {
+ tdata->trailer_len += processed;
+ tdata->noise_low = 1;
}
- if (processed == 0) {
- proto_item_set_len(ti, 1);
- return offset;
+ break;
+ case F5TYPE_MED:
+ ti = proto_tree_add_item(tree, hf_med_id, tvb, offset, len, ENC_NA);
+ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_med);
+
+ processed = dissect_med_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
+ if (processed > 0) {
+ tdata->trailer_len += processed;
+ tdata->noise_med = 1;
+ }
+ break;
+ case F5TYPE_HIGH:
+ ti = proto_tree_add_item(tree, hf_high_id, tvb, offset, len, ENC_NA);
+ type_tree = proto_item_add_subtree(ti, ett_f5ethtrailer_high);
+
+ processed =
+ dissect_high_trailer(tvb, pinfo, type_tree, offset, len, ver, tdata);
+ if (processed > 0) {
+ tdata->trailer_len += processed;
+ tdata->noise_high = 1;
}
+ break;
+ default:
+ /* Unknown type - malformed trailer, corrupt packet, or not f5ethtrailer - bali out*/
+ return offset;
+ }
+ if (processed == 0) {
+ /* couldn't process trailer - bali out */
+ proto_item_set_len(ti, 1);
+ return offset;
}
offset += processed;
}
-return offset;
+ return offset;
} /* dissect_old_trailer() */
/*---------------------------------------------------------------------------*/
--
GitLab

29
SOURCES/wireshark-0012-cve-2023-0668.patch
Unescape View File

@ -1,29 +0,0 @@
From c4f37d77b29ec6a9754795d0efb6f68d633728d9 Mon Sep 17 00:00:00 2001
From: John Thacker <johnthacker@gmail.com>
Date: Sat, 20 May 2023 23:08:08 -0400
Subject: [PATCH] synphasor: Use val_to_str_const
Don't use a value from packet data to directly index a value_string,
particularly when the value string doesn't cover all possible values.
Fix #19087
---
epan/dissectors/packet-synphasor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/epan/dissectors/packet-synphasor.c b/epan/dissectors/packet-synphasor.c
index 536847f7502..fdc9e282b3a 100644
--- a/epan/dissectors/packet-synphasor.c
+++ b/epan/dissectors/packet-synphasor.c
@@ -1211,7 +1211,7 @@ static gint dissect_PHSCALE(tvbuff_t *tvb, proto_tree *tree, gint offset, gint c
data_flag_tree = proto_tree_add_subtree_format(single_phasor_scaling_and_flags_tree, tvb, offset, 4,
ett_conf_phflags, NULL, "Phasor Data flags: %s",
- conf_phasor_type[tvb_get_guint8(tvb, offset + 2)].strptr);
+ val_to_str_const(tvb_get_guint8(tvb, offset + 2), conf_phasor_type, "Unknown"));
/* first and second bytes - phasor modification flags*/
phasor_flag1_tree = proto_tree_add_subtree_format(data_flag_tree, tvb, offset, 2, ett_conf_phmod_flags,
--
GitLab

116
SOURCES/wireshark-0013-cve-2023-0666.patch
Unescape View File

@ -1,116 +0,0 @@
From 28fdce547c417b868c521f87fb58f71ca6b1e3f7 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Thu, 18 May 2023 13:52:48 -0700
Subject: [PATCH] RTPS: Fixup our g_strlcpy dest_sizes
Use the proper dest_size in various g_strlcpy calls.
Fixes #19085
---
epan/dissectors/packet-rtps.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/epan/dissectors/packet-rtps.c b/epan/dissectors/packet-rtps.c
index 2884e86faa1..a39202952f6 100644
--- a/epan/dissectors/packet-rtps.c
+++ b/epan/dissectors/packet-rtps.c
@@ -4944,7 +4944,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
++tk_id;
}
- g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), 40);
+ g_strlcpy(type_name, rtps_util_typecode_id_to_string(tk_id), sizeof(type_name));
/* Structure of the typecode data:
*
@@ -5115,7 +5115,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
member_name, -1, NULL, ndds_40_hack);
}
/* Finally prints the name of the struct (if provided) */
- g_strlcpy(type_name, "}", 40);
+ g_strlcpy(type_name, "}", sizeof(type_name));
break;
} /* end of case UNION */
@@ -5286,7 +5286,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
}
}
/* Finally prints the name of the struct (if provided) */
- g_strlcpy(type_name, "}", 40);
+ g_strlcpy(type_name, "}", sizeof(type_name));
break;
}
@@ -5378,7 +5378,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
offset += 4;
alias_name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset, alias_name_length, ENC_ASCII);
offset += alias_name_length;
- g_strlcpy(type_name, alias_name, 40);
+ g_strlcpy(type_name, alias_name, sizeof(type_name));
break;
}
@@ -5413,7 +5413,7 @@ static gint rtps_util_add_typecode(proto_tree *tree, tvbuff_t *tvb, gint offset,
if (tk_id == RTI_CDR_TK_VALUE_PARAM) {
type_id_name = "valueparam";
}
- g_snprintf(type_name, 40, "%s '%s'", type_id_name, value_name);
+ g_snprintf(type_name, sizeof(type_name), "%s '%s'", type_id_name, value_name);
break;
}
} /* switch(tk_id) */
@@ -5577,7 +5577,7 @@ static gint rtps_util_add_type_library_type(proto_tree *tree,
long_number = tvb_get_guint32(tvb, offset_tmp, encoding);
name = tvb_get_string_enc(wmem_packet_scope(), tvb, offset_tmp+4, long_number, ENC_ASCII);
if (info)
- g_strlcpy(info->member_name, name, long_number);
+ g_strlcpy(info->member_name, name, sizeof(info->member_name));
proto_item_append_text(tree, " %s", name);
offset += member_length;
@@ -5753,13 +5753,13 @@ static gint rtps_util_add_type_member(proto_tree *tree,
proto_item_append_text(tree, " %s (ID: %d)", name, member_id);
if (member_object) {
member_object->member_id = member_id;
- g_strlcpy(member_object->member_name, name, long_number < 256 ? long_number : 256);
+ g_strlcpy(member_object->member_name, name, sizeof(member_object->member_name));
member_object->type_id = member_type_id;
}
if (info && info->extensibility == EXTENSIBILITY_MUTABLE) {
mutable_member_mapping * mutable_mapping = NULL;
mutable_mapping = wmem_new(wmem_file_scope(), mutable_member_mapping);
- g_strlcpy(mutable_mapping->member_name, name, long_number < 256 ? long_number : 256);
+ g_strlcpy(mutable_mapping->member_name, name, sizeof(mutable_mapping->member_name));
mutable_mapping->struct_type_id = info->type_id;
mutable_mapping->member_type_id = member_type_id;
mutable_mapping->member_id = member_id;
@@ -5814,7 +5814,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
union_member_mapping * mapping = NULL;
mapping = wmem_new(wmem_file_scope(), union_member_mapping);
- g_strlcpy(mapping->member_name, object.member_name, 256);
+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
mapping->member_type_id = object.type_id;
mapping->discriminator = HASHMAP_DISCRIMINATOR_CONSTANT;
mapping->union_type_id = union_type_id + mapping->discriminator;
@@ -5827,7 +5827,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
union_member_mapping * mapping = NULL;
mapping = wmem_new(wmem_file_scope(), union_member_mapping);
- g_strlcpy(mapping->member_name, object.member_name, 256);
+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
mapping->member_type_id = object.type_id;
mapping->discriminator = -1;
mapping->union_type_id = union_type_id + mapping->discriminator;
@@ -5847,7 +5847,7 @@ static gint rtps_util_add_type_union_member(proto_tree *tree,
ti = proto_tree_add_item(labels, hf_rtps_type_object_union_label, tvb, offset_tmp, 4, encoding);
offset_tmp += 4;
- g_strlcpy(mapping->member_name, object.member_name, 256);
+ g_strlcpy(mapping->member_name, object.member_name, sizeof(mapping->member_name));
mapping->member_type_id = object.type_id;
mapping->discriminator = discriminator_case;
mapping->union_type_id = union_type_id + discriminator_case;
--
GitLab

93
SOURCES/wireshark-0014-cve-2023-2858.patch
Unescape View File

@ -1,93 +0,0 @@
From 74017383c8c73f25d12ef847c96854641f88fae4 Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Fri, 19 May 2023 16:29:45 -0700
Subject: [PATCH] netscaler: add more checks to make sure the record is within
the page.
Whie we're at it, restructure some other checks to test-before-casting -
it's OK to test afterwards, but testing before makes it follow the
pattern used elsewhere.
Fixes #19081.
(cherry picked from commit cb190d6839ddcd4596b0205844f45553f1e77105)
---
wiretap/netscaler.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/wiretap/netscaler.c b/wiretap/netscaler.c
index 8dcbd42a089..b94caca0869 100644
--- a/wiretap/netscaler.c
+++ b/wiretap/netscaler.c
@@ -1114,13 +1114,13 @@ static gboolean nstrace_set_start_time(wtap *wth, int file_version, int *err,
#define PACKET_DESCRIBE(rec,buf,FULLPART,fullpart,ver,type,HEADERVER) \
do {\
- nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\
/* Make sure the record header is entirely contained in the page */\
- if ((nstrace_buflen - nstrace_buf_offset) < sizeof *type) {\
+ if ((nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_pktrace##fullpart##_v##ver##_t)) {\
*err = WTAP_ERR_BAD_FILE;\
*err_info = g_strdup("nstrace: record header crosses page boundary");\
return FALSE;\
}\
+ nspr_pktrace##fullpart##_v##ver##_t *type = (nspr_pktrace##fullpart##_v##ver##_t *) &nstrace_buf[nstrace_buf_offset];\
/* Check sanity of record size */\
if (pletoh16(&type->nsprRecordSize) < sizeof *type) {\
*err = WTAP_ERR_BAD_FILE;\
@@ -1186,6 +1186,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
case NSPR_ABSTIME_V10:
{
+ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
+ return FALSE;
nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
if (pletoh16(&fp->nsprRecordSize) == 0) {
*err = WTAP_ERR_BAD_FILE;
@@ -1199,6 +1201,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
case NSPR_RELTIME_V10:
{
+ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
+ return FALSE;
nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
if (pletoh16(&fp->nsprRecordSize) == 0) {
*err = WTAP_ERR_BAD_FILE;
@@ -1216,6 +1220,8 @@ static gboolean nstrace_read_v10(wtap *wth, wtap_rec *rec, Buffer *buf,
default:
{
+ if (!nstrace_ensure_buflen(nstrace, nstrace_buf_offset, sizeof(nspr_pktracefull_v10_t), err, err_info))
+ return FALSE;
nspr_pktracefull_v10_t *fp = (nspr_pktracefull_v10_t *) &nstrace_buf[nstrace_buf_offset];
if (pletoh16(&fp->nsprRecordSize) == 0) {
*err = WTAP_ERR_BAD_FILE;
@@ -1500,14 +1506,14 @@ static gboolean nstrace_read_v20(wtap *wth, wtap_rec *rec, Buffer *buf,
#define PACKET_DESCRIBE(rec,buf,FULLPART,ver,enumprefix,type,structname,HEADERVER)\
do {\
- nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\
/* Make sure the record header is entirely contained in the page */\
- if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof *fp) {\
+ if ((nstrace->nstrace_buflen - nstrace_buf_offset) < sizeof(nspr_##structname##_t)) {\
*err = WTAP_ERR_BAD_FILE;\
*err_info = g_strdup("nstrace: record header crosses page boundary");\
g_free(nstrace_tmpbuff);\
return FALSE;\
}\
+ nspr_##structname##_t *fp = (nspr_##structname##_t *) &nstrace_buf[nstrace_buf_offset];\
(rec)->rec_type = REC_TYPE_PACKET;\
TIMEDEFV##ver((rec),fp,type);\
FULLPART##SIZEDEFV##ver((rec),fp,ver);\
@@ -1615,7 +1621,6 @@ static gboolean nstrace_read_v30(wtap *wth, wtap_rec *rec, Buffer *buf,
g_free(nstrace_tmpbuff);
return FALSE;
}
-
hdp = (nspr_hd_v20_t *) &nstrace_buf[nstrace_buf_offset];
if (nspr_getv20recordsize(hdp) == 0) {
*err = WTAP_ERR_BAD_FILE;
--
GitLab

67
SOURCES/wireshark-0015-cve-2023-2856.patch
Unescape View File

@ -1,67 +0,0 @@
From da017472e69453011ea28571f192cbc79cba7f5c Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Thu, 18 May 2023 15:03:23 -0700
Subject: [PATCH] vms: fix the search for the packet length field.
The packet length field is of the form
Total Length = DDD = ^xXXX
where "DDD" is the length in decimal and "XXX" is the length in
hexadecimal.
Search for "length ". not just "Length", as we skip past "Length ", not
just "Length", so if we assume we found "Length " but only found
"Length", we'd skip past the end of the string.
While we're at it, fail if we don't find a length field, rather than
just blithely acting as if the packet length were zero.
Fixes #19083.
(cherry picked from commit db5135826de3a5fdb3618225c2ff02f4207012ca)
---
wiretap/vms.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/wiretap/vms.c b/wiretap/vms.c
index 00da6ff359e..c21b26e6be0 100644
--- a/wiretap/vms.c
+++ b/wiretap/vms.c
@@ -322,6 +322,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
{
char line[VMS_LINE_LENGTH + 1];
int num_items_scanned;
+ gboolean have_pkt_len = FALSE;
guint32 pkt_len = 0;
int pktnum;
int csec = 101;
@@ -378,7 +379,7 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
return FALSE;
}
}
- if ( (! pkt_len) && (p = strstr(line, "Length"))) {
+ if ( (! have_pkt_len) && (p = strstr(line, "Length "))) {
p += sizeof("Length ");
while (*p && ! g_ascii_isdigit(*p))
p++;
@@ -394,9 +395,15 @@ parse_vms_packet(FILE_T fh, wtap_rec *rec, Buffer *buf, int *err, gchar **err_in
*err_info = g_strdup_printf("vms: Length field '%s' not valid", p);
return FALSE;
}
+ have_pkt_len = TRUE;
break;
}
} while (! isdumpline(line));
+ if (! have_pkt_len) {
+ *err = WTAP_ERR_BAD_FILE;
+ *err_info = g_strdup_printf("vms: Length field not found");
+ return FALSE;
+ }
if (pkt_len > WTAP_MAX_PACKET_SIZE_STANDARD) {
/*
* Probably a corrupt capture file; return an error,
--
GitLab

103
SOURCES/wireshark-0016-cve-2023-2855.patch
Unescape View File

@ -1,103 +0,0 @@
From 0181fafb2134a177328443a60b5e29c4ee1041cb Mon Sep 17 00:00:00 2001
From: Guy Harris <gharris@sonic.net>
Date: Tue, 16 May 2023 12:05:07 -0700
Subject: [PATCH] candump: check for a too-long frame length.
If the frame length is longer than the maximum, report an error in the
file.
Fixes #19062, preventing the overflow on a buffer on the stack (assuming
your compiler doesn't call a bounds-checknig version of memcpy() if the
size of the target space is known).
---
wiretap/candump.c | 39 +++++++++++++++++++++++++++++++--------
1 file changed, 31 insertions(+), 8 deletions(-)
diff --git a/wiretap/candump.c b/wiretap/candump.c
index 62f89e7b564..43863b45cf7 100644
--- a/wiretap/candump.c
+++ b/wiretap/candump.c
@@ -34,8 +34,9 @@ void register_candump(void);
wtap_rec *rec, Buffer *buf,
int *err, gchar **err_info);
-static void
-candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
+static gboolean
+candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg, int *err,
+ gchar **err_info)
{
static const char *can_proto_name = "can-hostendian";
static const char *canfd_proto_name = "canfd";
@@ -56,6 +57,18 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
{
canfd_frame_t canfd_frame = {0};
+ /*
+ * There's a maximum of CANFD_MAX_DLEN bytes in a CAN-FD frame.
+ */
+ if (msg->data.length > CANFD_MAX_DLEN) {
+ *err = WTAP_ERR_BAD_FILE;
+ if (err_info != NULL) {
+ *err_info = g_strdup_printf("candump: File has %u-byte CAN FD packet, bigger than maximum of %u",
+ msg->data.length, CANFD_MAX_DLEN);
+ }
+ return FALSE;
+ }
+
canfd_frame.can_id = msg->id;
canfd_frame.flags = msg->flags;
canfd_frame.len = msg->data.length;
@@ -67,6 +80,18 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
{
can_frame_t can_frame = {0};
+ /*
+ * There's a maximum of CAN_MAX_DLEN bytes in a CAN frame.
+ */
+ if (msg->data.length > CAN_MAX_DLEN) {
+ *err = WTAP_ERR_BAD_FILE;
+ if (err_info != NULL) {
+ *err_info = g_strdup_printf("candump: File has %u-byte CAN packet, bigger than maximum of %u",
+ msg->data.length, CAN_MAX_DLEN);
+ }
+ return FALSE;
+ }
+
can_frame.can_id = msg->id;
can_frame.can_dlc = msg->data.length;
memcpy(can_frame.data, msg->data.data, msg->data.length);
@@ -82,6 +107,8 @@ candump_write_packet(wtap_rec *rec, Buffer *buf, const msg_t *msg)
rec->rec_header.packet_header.caplen = packet_length;
rec->rec_header.packet_header.len = packet_length;
+
+ return TRUE;
}
static gboolean
@@ -188,9 +215,7 @@ candump_read(wtap *wth, wtap_rec *rec, Buffer *buf, int *err, gchar **err_info,
ws_debug_printf("%s: Stopped at offset %" PRIi64 "\n", G_STRFUNC, file_tell(wth->fh));
#endif
- candump_write_packet(rec, buf, &msg);
-
- return TRUE;
+ return candump_write_packet(rec, buf, &msg, err, err_info);
}
static gboolean
@@ -214,9 +239,7 @@ candump_seek_read(wtap *wth , gint64 seek_off, wtap_rec *rec,
if (!candump_parse(wth->random_fh, &msg, NULL, err, err_info))
return FALSE;
- candump_write_packet(rec, buf, &msg);
-
- return TRUE;
+ return candump_write_packet(rec, buf, &msg, err, err_info);
}
/*
--
GitLab

98
SOURCES/wireshark-0017-cve-2023-2952.patch
Unescape View File

@ -1,98 +0,0 @@
From e18d0e369729b0fff5f76f41cbae67e97c2e52e5 Mon Sep 17 00:00:00 2001
From: Gerald Combs <gerald@wireshark.org>
Date: Tue, 23 May 2023 13:52:03 -0700
Subject: [PATCH] XRA: Fix an infinite loop
C compilers don't care what size a value was on the wire. Use
naturally-sized ints, including in dissect_message_channel_mb where we
would otherwise overflow and loop infinitely.
Fixes #19100
(cherry picked from commit ce87eac0325581b600b3093fcd75080df14ccfda)
Conflicts:
epan/dissectors/packet-xra.c
---
epan/dissectors/packet-xra.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/epan/dissectors/packet-xra.c b/epan/dissectors/packet-xra.c
index ef8437e9382..4c3713db94b 100644
--- a/epan/dissectors/packet-xra.c
+++ b/epan/dissectors/packet-xra.c
@@ -445,7 +445,7 @@ dissect_xra_tlv_cw_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, guint
it = proto_tree_add_item (tree, hf_xra_tlv_cw_info, tvb, 0, tlv_length, ENC_NA);
xra_tlv_cw_info_tree = proto_item_add_subtree (it, ett_xra_tlv_cw_info);
- guint32 tlv_index =0;
+ unsigned tlv_index = 0;
while (tlv_index < tlv_length) {
guint8 type = tvb_get_guint8 (tvb, tlv_index);
++tlv_index;
@@ -500,7 +500,7 @@ dissect_xra_tlv_ms_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, guint
it = proto_tree_add_item (tree, hf_xra_tlv_ms_info, tvb, 0, tlv_length, ENC_NA);
xra_tlv_ms_info_tree = proto_item_add_subtree (it, ett_xra_tlv_ms_info);
- guint32 tlv_index =0;
+ unsigned tlv_index = 0;
while (tlv_index < tlv_length) {
guint8 type = tvb_get_guint8 (tvb, tlv_index);
++tlv_index;
@@ -534,7 +534,7 @@ dissect_xra_tlv_burst_info(tvbuff_t * tvb, proto_tree * tree, void* data _U_, gu
it = proto_tree_add_item (tree, hf_xra_tlv_burst_info, tvb, 0, tlv_length, ENC_NA);
xra_tlv_burst_info_tree = proto_item_add_subtree (it, ett_xra_tlv_burst_info);
- guint32 tlv_index =0;
+ unsigned tlv_index = 0;
while (tlv_index < tlv_length) {
guint8 type = tvb_get_guint8 (tvb, tlv_index);
++tlv_index;
@@ -574,7 +574,7 @@ dissect_xra_tlv(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* da
it = proto_tree_add_item (tree, hf_xra_tlv, tvb, 0, tlv_length, ENC_NA);
xra_tlv_tree = proto_item_add_subtree (it, ett_xra_tlv);
- guint32 tlv_index =0;
+ unsigned tlv_index = 0;
tvbuff_t *xra_tlv_cw_info_tvb, *xra_tlv_ms_info_tvb, *xra_tlv_burst_info_tvb;
while (tlv_index < tlv_length) {
@@ -718,7 +718,7 @@ dissect_message_channel_mb(tvbuff_t * tvb, packet_info * pinfo, proto_tree* tree
if(packet_start_pointer_field_present) {
proto_tree_add_item_ret_uint (tree, hf_plc_mb_mc_psp, tvb, 1, 2, FALSE, &packet_start_pointer);
- guint16 docsis_start = 3 + packet_start_pointer;
+ unsigned docsis_start = 3 + packet_start_pointer;
while (docsis_start + 6 < remaining_length) {
/*DOCSIS header in packet*/
guint8 fc = tvb_get_guint8(tvb,docsis_start + 0);
@@ -727,7 +727,7 @@ dissect_message_channel_mb(tvbuff_t * tvb, packet_info * pinfo, proto_tree* tree
docsis_start += 1;
continue;
}
- guint16 docsis_length = 256*tvb_get_guint8(tvb,docsis_start + 2) + tvb_get_guint8(tvb,docsis_start + 3);
+ unsigned docsis_length = 256*tvb_get_guint8(tvb,docsis_start + 2) + tvb_get_guint8(tvb,docsis_start + 3);
if (docsis_start + 6 + docsis_length <= remaining_length) {
/*DOCSIS packet included in packet*/
tvbuff_t *docsis_tvb;
@@ -797,7 +797,7 @@ dissect_ncp_message_block(tvbuff_t * tvb, proto_tree * tree) {
static int
dissect_plc(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _U_) {
- guint16 offset = 0;
+ int offset = 0;
proto_tree *plc_tree;
proto_item *plc_item;
tvbuff_t *mb_tvb;
@@ -857,7 +857,7 @@ dissect_plc(tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree, void* data _
static int
dissect_ncp(tvbuff_t * tvb, proto_tree * tree, void* data _U_) {
- guint16 offset = 0;
+ int offset = 0;
proto_tree *ncp_tree;
proto_item *ncp_item;
tvbuff_t *ncp_mb_tvb;
--
GitLab

2
SOURCES/wireshark.sysusers
Unescape View File

@ -0,0 +1,2 @@
g wireshark - -
g usbmon - -

238
SPECS/wireshark.spec
Unescape View File

@ -1,41 +1,34 @@
%undefine __cmake_in_source_build
%global with_lua 1
%global with_maxminddb 1
%global plugins_version 3.4
%global plugins_version 4.2
Summary: Network traffic analyzer
Name: wireshark
Version: 3.4.10
Release: 6%{?dist}
Version: 4.2.6
Release: 1%{?dist}
Epoch: 1
License: GPL+
License: BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND MIT AND GPL-2.0-or-later AND LGPL-2.0-or-later AND Zlib AND ISC AND (BSD-3-Clause OR GPL-2.0-only) AND (GPL-2.0-or-later AND Zlib)
Url: http://www.wireshark.org/
Source0: https://wireshark.org/download/src/%{name}-%{version}.tar.xz
Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt
Source2: 90-wireshark-usbmon.rules
Source3: wireshark.sysusers
# Fedora-specific
Patch0002: wireshark-0002-Customize-permission-denied-error.patch
Patch2: wireshark-0002-Customize-permission-denied-error.patch
# Will be proposed upstream
Patch0003: wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
Patch3: wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
# Fedora-specific
Patch0004: wireshark-0004-Restore-Fedora-specific-groups.patch
Patch4: wireshark-0004-Restore-Fedora-specific-groups.patch
# Fedora-specific
Patch0005: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
Patch5: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
# Fedora-specific
Patch0006: wireshark-0006-Move-tmp-to-var-tmp.patch
Patch0007: wireshark-0007-cmakelists.patch
#Patch0008: wireshark-0008-move-glib.patch
Patch0009: wireshark-0009-smc-support.patch
Patch0010: wireshark-0010-fips-ripemd160.patch
Patch0011: wireshark-0011-cve-2022-3190.patch
Patch0012: wireshark-0012-cve-2023-0668.patch
Patch0013: wireshark-0013-cve-2023-0666.patch
Patch0014: wireshark-0014-cve-2023-2858.patch
Patch0015: wireshark-0015-cve-2023-2856.patch
Patch0016: wireshark-0016-cve-2023-2855.patch
Patch0017: wireshark-0017-cve-2023-2952.patch
Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch
Patch7: wireshark-0007-cmakelists.patch
Patch8: wireshark-0008-pkgconfig.patch
Patch9: wireshark-0009-sync-pipe-stderr-messages.patch
#install tshark together with wireshark GUI
Requires: %{name}-cli = %{epoch}:%{version}-%{release}
@ -65,30 +58,34 @@ BuildRequires: desktop-file-utils
BuildRequires: xdg-utils
BuildRequires: bison
BuildRequires: flex
BuildRequires: pcre-devel
BuildRequires: perl(Pod::Html)
BuildRequires: perl(Pod::Man)
BuildRequires: perl(open)
BuildRequires: pcre2-devel
Buildrequires: libssh-devel
BuildRequires: qt5-linguist
BuildRequires: qt5-qtbase-devel
BuildRequires: qt5-qtmultimedia-devel
BuildRequires: qt5-qtsvg-devel
BuildRequires: qt6-qttools-devel
BuildRequires: qt6-linguist
BuildRequires: qt6-qtbase-devel
BuildRequires: qt6-qt5compat-devel
BuildRequires: qt6-qtmultimedia-devel
BuildRequires: qt6-qtsvg-devel
BuildRequires: zlib-devel
%if %{with_maxminddb}
BuildRequires: asciidoctor
%if %{with_maxminddb} && 0%{?fedora}
BuildRequires: libmaxminddb-devel
%endif
%if %{with_lua} && 0%{?fedora}
BuildRequires: compat-lua-devel
%endif
Buildrequires: git
Buildrequires: git-core
Buildrequires: python3-devel
Buildrequires: cmake
Buildrequires: speexdsp-devel
#needed for sdjournal external capture interface
BuildRequires: systemd-devel
BuildRequires: libnghttp2-devel
BuildRequires: systemd-rpm-macros
Obsoletes: wireshark-qt, wireshark-gtk
%description
Wireshark allows you to examine protocol data stored in files or as it is
@ -104,7 +101,6 @@ transferred over HTTP or CIFS, or play back an RTP audio stream.
%package cli
Summary: Network traffic analyzer
Requires(pre): shadow-utils
Requires(post): systemd-udev
%description cli
This package contains command-line utilities, plugins, and documentation for
@ -117,7 +113,6 @@ Requires: %{name}-cli = %{epoch}:%{version}-%{release}
Requires: glibc-devel
Requires: glib2-devel
%description devel
The wireshark-devel package contains the header files, developer
documentation, and libraries required for development of wireshark scripts
@ -144,18 +139,18 @@ and plugins.
-DBUILD_randpktdump=OFF \
-DBUILD_androiddump=ON \
-DENABLE_SMI=ON \
-DUSE_qt6=ON \
-DENABLE_PLUGINS=ON \
-DENABLE_NETLINK=ON \
-DBUILD_dcerpcidl2wrs=OFF \
-DBUILD_sdjournal=ON \
%{nil}
-DBUILD_sdjournal=ON
%cmake_build
%install
%cmake_install
desktop-file-validate %{buildroot}%{_datadir}/applications/wireshark.desktop
desktop-file-validate %{buildroot}%{_datadir}/applications/org.wireshark.Wireshark.desktop
#install devel files (inspired by debian/wireshark-dev.header-files)
install -d -m 0755 %{buildroot}%{_includedir}/wireshark
@ -165,23 +160,24 @@ mkdir -p "${IDIR}/epan/crypt"
mkdir -p "${IDIR}/epan/ftypes"
mkdir -p "${IDIR}/epan/dfilter"
mkdir -p "${IDIR}/epan/dissectors"
mkdir -p "${IDIR}/epan/wmem"
mkdir -p "${IDIR}/wiretap"
mkdir -p "${IDIR}/wsutil"
mkdir -p "${IDIR}/wsutil/wmem"
mkdir -p %{buildroot}%{_udevrulesdir}
install -m 644 %{_vpath_builddir}/config.h epan/register.h "${IDIR}/"
install -m 644 %{_vpath_builddir}/ws_version.h "${IDIR}/"
install -m 644 cfile.h file.h "${IDIR}/"
install -m 644 ws_symbol_export.h "${IDIR}/"
install -m 644 epan/*.h "${IDIR}/epan/"
install -m 644 epan/crypt/*.h "${IDIR}/epan/crypt"
install -m 644 epan/ftypes/*.h "${IDIR}/epan/ftypes"
install -m 644 epan/dfilter/*.h "${IDIR}/epan/dfilter"
install -m 644 epan/dissectors/*.h "${IDIR}/epan/dissectors"
install -m 644 epan/wmem/*.h "${IDIR}/epan/wmem"
install -m 644 wiretap/*.h "${IDIR}/wiretap"
install -m 644 wsutil/*.h "${IDIR}/wsutil"
install -m 644 ws_diag_control.h "${IDIR}/"
install -m 644 wsutil/wmem/*.h "${IDIR}/wsutil/wmem"
install -m 644 include/*.h "${IDIR}/"
install -m 644 %{SOURCE2} %{buildroot}%{_udevrulesdir}
install -Dpm 644 %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf
touch %{buildroot}%{_bindir}/%{name}
@ -189,8 +185,7 @@ touch %{buildroot}%{_bindir}/%{name}
find %{buildroot} -type f -name "*.la" -delete
%pre cli
getent group wireshark >/dev/null || groupadd -r wireshark
getent group usbmon >/dev/null || groupadd -r usbmon
%sysusers_create_compat %{SOURCE3}
%post cli
%{?ldconfig}
@ -203,11 +198,11 @@ fi
%ldconfig_postun cli
%files
%{_datadir}/appdata/%{name}.appdata.xml
%{_datadir}/applications/wireshark.desktop
%{_datadir}/applications/org.wireshark.Wireshark.desktop
%{_datadir}/metainfo/*.xml
%{_datadir}/mime/packages/*.xml
%{_datadir}/icons/hicolor/*/apps/*
%{_datadir}/icons/hicolor/*/mimetypes/*
%{_datadir}/mime/packages/wireshark.xml
%{_bindir}/wireshark
%{_mandir}/man1/wireshark.*
@ -235,12 +230,11 @@ fi
%dir %{_libdir}/wireshark/plugins
%{_libdir}/wireshark/extcap/ciscodump
%{_libdir}/wireshark/extcap/udpdump
%{_libdir}/wireshark/extcap/wifidump
%{_libdir}/wireshark/extcap/sshdump
%{_libdir}/wireshark/extcap/sdjournal
%{_libdir}/wireshark/extcap/dpauxmon
%{_libdir}/wireshark/extcap/androiddump
%dir %{_libdir}/wireshark/cmake
%{_libdir}/wireshark/cmake/*.cmake
#the version wireshark uses to store plugins is only x.y, not .z
%dir %{_libdir}/wireshark/plugins/%{plugins_version}
%dir %{_libdir}/wireshark/plugins/%{plugins_version}/epan
@ -257,24 +251,28 @@ fi
%{_mandir}/man1/dumpcap.*
%{_mandir}/man4/wireshark-filter.*
%{_mandir}/man1/rawshark.*
%{_mandir}/man1/dftest.*
%{_mandir}/man1/randpkt.*
%{_mandir}/man1/reordercap.*
%{_mandir}/man1/sshdump.*
%{_mandir}/man1/udpdump.*
%{_mandir}/man1/wifidump.*
%{_mandir}/man1/androiddump.*
%{_mandir}/man1/captype.*
%{_mandir}/man1/ciscodump.*
%{_mandir}/man1/randpktdump.*
%{_mandir}/man1/dpauxmon.*
%{_mandir}/man1/sdjournal.*
%{_mandir}/man1/etwdump.*
%{_mandir}/man1/falcodump.*
%{_mandir}/man4/extcap.*
%{_datadir}/doc/wireshark/*
%if %{with_maxminddb} && 0%{?fedora}
%{_mandir}/man1/mmdbresolve.*
%endif
%dir %{_datadir}/wireshark
%{_datadir}/wireshark/*
%{_docdir}/wireshark/*.html
%{_sysusersdir}/%{name}.conf
%files devel
%doc doc/README.* ChangeLog
@ -283,50 +281,134 @@ fi
%{_libdir}/pkgconfig/%{name}.pc
%changelog
* Mon Jun 19 2023 Michal Ruprich <mruprich@redhat.com> - 1:3.4.10-6
- Resolves: #2211413 - XRA dissector infinite loop
* Tue Nov 26 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1:4.2.6-1
- Rebuilt for MSVSphere 10
* Thu Aug 22 2024 Michal Ruprich <mruprich@redhat.com> - 1:4.2.6-1
- New version 4.2.6
* Mon Jul 29 2024 Michal Ruprich <mruprich@redhat.com> - 1:4.2.5-3
- Resolves: RHEL-49578 - Wireshark hangs if dumpcap returned unexpected messages in sync pipe
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1:4.2.5-2
- Bump release for June 2024 mass rebuild
* Thu May 30 2024 Michal Ruprich <mruprich@redhat.com> - 1:4.2.5-1
- New version 4.2.5
* Fri Apr 12 2024 Michal Ruprich <mruprich@redhat.com> - 1:4.2.4-1
- New version 4.2.4
* Sun Feb 18 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 1:4.2.2-3
- Install more devel headers
* Sun Feb 11 2024 Michal Ruprich <mruprich@redhat.com> - 1:4.2.2-2
- Making sure that wireshark.pc is created and installed
* Thu Feb 01 2024 Michal Ruprich <mruprich@redhat.com> - 1:4.2.2-1
- New version 4.2.2
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1:4.0.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Aug 31 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.8-2
- Resolves: #2236246 - wireshark crash in managed interfaces
* Tue Aug 29 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.8-1
- New version 4.0.8
- Resolves: #2235577 - possible Denial of Service via crafted package
* Fri Jul 28 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.7-3
- Resolves: #2227004 - capinfos aborts in FIPS
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:4.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jul 14 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.7-1
- New version 4.0.7
* Thu May 25 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.6-1
- New version 4.0.6
* Thu Apr 13 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.5-1
- New version 4.0.5
- Fix for bug #2159392
* Wed Mar 22 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.4-2
- SPDX migration
* Tue Mar 07 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.4-1
- New version 4.0.4
* Thu Feb 02 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.3-1
- New version 4.0.3
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:4.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Dec 08 2022 Michal Ruprich <mruprich@redhat.com> - 1:4.0.2-1
- New version 4.0.2
* Thu Oct 27 2022 Michal Ruprich <mruprich@redhat.com> - 1:4.0.1-1
- New version 4.0.1
- Only compat-lua is supported, on Fedora only
* Fri Oct 14 2022 Michal Ruprich <mruprich@redhat.com> - 1:4.0.0-2
- Adding a couple of tweaks for the latest rebased version
* Thu Oct 06 2022 Kenneth Topp <toppk@bllue.org> - 1:4.0.0-1
- New version 4.0.0
* Thu Sep 29 2022 Michal Ruprich <mruprich@redhat.com> - 1:3.6.8-2
- New version 3.6.8
- Fix for CVE-2022-3190
* Mon Aug 01 2022 Davide Cavalca <dcavalca@fedoraproject.org> - 1:3.6.7-2
- Drop gating for python3-devel dependency
* Thu Jul 28 2022 Michal Ruprich <mruprich@redhat.com> - 1:3.6.7-1
- New version 3.6.7
* Wed Jun 07 2023 Michal Ruprich <mruprich@redhat.com> - 1:3.4.10-5
- Resolves: #2210864 - Candump log file parser crash
Resolves: #2210865 - VMS TCPIPtrace file parser crash
Resolves: #2210868 - NetScaler file parser crash
Resolves: #2210870 - RTPS dissector crash
Resolves: #2210871 - IEEE C37.118 Synchrophasor dissector crash
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.6.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 20 2023 Michal Ruprich <mruprich@redhat.com> - 1:3.4.10-4
- Resolves: #2152064 - CVE-2022-3190 wireshark: f5ethtrailer Infinite loop in legacy style dissector
* Wed Feb 16 2022 Michal Ruprich <mruprich@redhat.com> - 1:3.6.2-1
- New version 3.6.2
- Fix for CVE-2022-0581, CVE-2022-0582, CVE-2022-0583, CVE-2022-0585, CVE-2022-0586
* Thu Jan 19 2023 Michal Ruprich <mruprich@redhat.com> - 1:3.4.10-3
- Resolves: #2083581 - capinfos aborts in FIPS
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jan 19 2023 Michal Ruprich <mruprich@redhat.com> - 1:3.4.10-2
- Resolves: #2160648 - Enhanced TMT testing for centos-stream
* Wed Jan 12 2022 Michal Ruprich <mruprich@redhat.com> - 1:3.6.1-1
- New version 3.6.1
- Fix for CVE-2021-4181, CVE-2021-4182, CVE-2021-4183, CVE-2021-4184, CVE-2021-4185, CVE-2021-4190
* Thu Dec 16 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.4.10-1
- Resolves: #2032966 - Rebase wireshark to fix multiple CVEs
* Thu Nov 25 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.6.0-1
- New version 3.6.0
- Fix for CVE-2021-39920, CVE-2021-39921, CVE-2021-39922, CVE-2021-39923, CVE-2021-39924, CVE-2021-39925, CVE-2021-39926, CVE-2021-39928, CVE-2021-39929
* Mon Aug 16 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.4.7-3
- Resolves: #1988120 - Enable LTO build of wireshark for RHEL 9
* Wed Oct 13 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.4.9-2
- New version 3.4.9
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.4.7-2
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Mon Sep 06 2021 Timothée Ravier <tim@siosm.fr> - 1:3.4.8-2
- Use system sysusers config to create groups
* Tue Jul 20 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.4.7-1
- Related: #1967546 - Rebase wireshark to latest version
* Tue Aug 31 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.4.8-1
- New version 3.4.8
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.4.6-2
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:3.4.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 11 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.4.6-1
- Related: #1967546 - Rebase wireshark to latest version
* Thu Jul 15 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.4.7-1
- New version 3.4.7
* Thu Jun 03 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.4.5-1
- Resolves: #1967546 - Rebase wireshark to latest version
* Thu Jun 10 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.4.6-1
- New version 3.4.6
- Fix for CVE-2021-22207
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:3.4.4-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu May 27 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.4.5-1
- New version 3.4.5
- Fix for CVE-2021-22207
* Tue Mar 16 2021 Michal Ruprich <mruprich@redhat.com> - 1:3.4.4-1
- New version 3.4.4

Write Preview
Loading…
Cancel
Save