From 0315112421438859ed3f36d3e4035ffd410484bc Mon Sep 17 00:00:00 2001 From: Michal Ruprich Date: Thu, 3 Dec 2020 14:36:37 +0100 Subject: [PATCH] New version 3.4.0 Fix for CVE-2020-26575, CVE-2020-28030 --- wireshark-0006-Move-tmp-to-var-tmp.patch | 76 +++++++++++++----------- wireshark.spec | 13 ++-- 2 files changed, 51 insertions(+), 38 deletions(-) diff --git a/wireshark-0006-Move-tmp-to-var-tmp.patch b/wireshark-0006-Move-tmp-to-var-tmp.patch index 6a4ece9..dbc1d70 100644 --- a/wireshark-0006-Move-tmp-to-var-tmp.patch +++ b/wireshark-0006-Move-tmp-to-var-tmp.patch @@ -111,43 +111,50 @@ index fde66c8..b9531d2 100644 tempfile_->open(); diff --git a/wsutil/tempfile.c b/wsutil/tempfile.c -index 8e1f8dc..dcf2f78 100644 +index 5082452..f751a7c 100644 --- a/wsutil/tempfile.c +++ b/wsutil/tempfile.c -@@ -36,6 +36,7 @@ - +@@ -12,10 +12,12 @@ + + #include #include "tempfile.h" - #include ++#include +#include /* for get_tmp_dir() */ - - #ifndef __set_errno - #define __set_errno(x) errno=(x) -@@ -83,13 +83,14 @@ mkstemps(char *path_template, int suffixlen) - */ - char *get_tempfile_path(const char *filename) - { -- return g_strdup_printf("%s" G_DIR_SEPARATOR_S "%s", g_get_tmp_dir(), filename); -+ return g_strdup_printf("%s" G_DIR_SEPARATOR_S "%s", get_tmp_dir(), filename); - } - - #define MAX_TEMPFILES 3 - - /** -- * Create a tempfile with the given prefix (e.g. "wireshark"). -+ * Create a tempfile with the given prefix (e.g. "wireshark"). The path -+ * is created using get_tmp_dir and mkdtemp + + /** + * Create a tempfile with the given prefix (e.g. "wireshark"). The path +- * is created using g_file_open_tmp. ++ * is created using get_tmp_dir. * - * @param namebuf If not NULL, receives the full path of the temp file. - * Should NOT be freed. -@@ -199,7 +200,7 @@ create_tempfile(char **namebuf, const char *pfx, const char *sfx) - tf[idx].path = (char *)g_malloc(tf[idx].len); - } - -- tmp_dir = g_get_tmp_dir(); + * @param namebuf [in,out] If not NULL, receives the full path of the temp file. + * Must be freed. +@@ -30,6 +31,9 @@ create_tempfile(gchar **namebuf, const char *pfx, const char *sfx, GError **err) + { + int fd; + gchar *safe_pfx = NULL; ++ gchar *tmp_file; ++ const char *tmp_dir; ++ int old_mask; + + if (pfx) { + /* The characters in "delimiters" come from: +@@ -49,7 +53,15 @@ create_tempfile(gchar **namebuf, const char *pfx, const char *sfx, GError **err) + gchar* filetmpl = g_strdup_printf("%sXXXXXX%s", safe_pfx ? safe_pfx : "", sfx ? sfx : ""); + g_free(safe_pfx); + +- fd = g_file_open_tmp(filetmpl, namebuf, err); + tmp_dir = get_tmp_dir(); - - #ifdef _WIN32 - _tzset(); ++ tmp_file = g_strconcat(tmp_dir, "/", filetmpl, NULL); ++ ++ if (namebuf) ++ *namebuf = tmp_file; ++ ++ old_mask = ws_umask(0077); ++ fd = mkstemps(tmp_file, sfx ? (int) strlen(sfx) : 0); ++ ws_umask(old_mask); + + g_free(filetmpl); + return fd; diff --git a/wsutil/tempfile.h b/wsutil/tempfile.h index 1dca2df..bb3160c 100644 --- a/wsutil/tempfile.h @@ -156,17 +163,17 @@ index 1dca2df..bb3160c 100644 /** * Create a tempfile with the given prefix (e.g. "wireshark"). The path -- * is created using g_get_tmp_dir and mkstemp. +- * is created using g_file_open_tmp. + * is created using get_tmp_dir and mkstemp. * * @param namebuf [in,out] If not NULL, receives the full path of the temp file. - * Must NOT be freed. + * Must be freed. diff --git a/wsutil/wstmpdir.c b/wsutil/wstmpdir.c new file mode 100644 index 0000000..d8b733b --- /dev/null +++ b/wsutil/wstmpdir.c -@@ -0,0 +1,70 @@ +@@ -0,0 +1,71 @@ +/* wstmpdir.c + * + * Copyright (C) 2013 Red Hat, Inc. All right reserved. @@ -224,6 +231,7 @@ index 0000000..d8b733b + k = strlen(tmp); + if (k > 1 && G_IS_DIR_SEPARATOR(tmp[k - 1])) + tmp[k - 1] = '\0'; ++ fprintf(stderr, "Using P_tmpdir: %s\n", P_tmpdir); + } +#endif /* P_tmpdir */ + diff --git a/wireshark.spec b/wireshark.spec index 5fd887c..982604f 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -1,14 +1,14 @@ %undefine __cmake_in_source_build %global with_lua 1 %global with_maxminddb 1 -%global plugins_version 3.2 +%global plugins_version 3.4 # added temporarily due to errors in libqt5core %define _lto_cflags %{nil} Summary: Network traffic analyzer Name: wireshark -Version: 3.2.7 -Release: 2%{?dist} +Version: 3.4.0 +Release: 1%{?dist} Epoch: 1 License: GPL+ Url: http://www.wireshark.org/ @@ -60,7 +60,8 @@ BuildRequires: flex BuildRequires: pcre-devel BuildRequires: perl(Pod::Html) BuildRequires: perl(Pod::Man) -Buildrequires: libssh-devel +BuildRequires: perl(open) +Buildrequires: libssh-devel BuildRequires: qt5-linguist BuildRequires: qt5-qtbase-devel BuildRequires: qt5-qtmultimedia-devel @@ -268,6 +269,10 @@ getent group usbmon >/dev/null || groupadd -r usbmon %{_libdir}/pkgconfig/%{name}.pc %changelog +* Wed Dec 02 2020 Michal Ruprich - 1:3.4.0-1 +- New version 3.4.0 +- Fix for CVE-2020-26575, CVE-2020-28030 + * Fri Oct 09 2020 Michal Ruprich - 1:3.2.7-1 - New version 3.2.7 - Fix for CVE-2020-25862, CVE-2020-25863, CVE-2020-25866