New version 2.6.0

Fix for CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9259, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274 Switch from autotools to cmake Removed python2-devel(#1560284) and libssh2-devel from dependencies Removed python scripts
2018-05-02 13:34:24 +02:00 · 2018-05-02 13:34:24 +02:00 · 97ece0f856
commit 97ece0f856
parent 46134902a0
6 changed files with 123 additions and 124 deletions
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (wireshark-2.4.5.tar.xz) = 2f2c201d6b8a37dcbe03bc9affbf97d632d8e40e4fe5b3a3e79cbd5cfbeb5b9111919850546ccae355fcb042def3456438eb1c4d73f7d56d373e7898311b42f3
-SHA512 (SIGNATURES-2.4.5.txt) = c3ad37cde73232aff3a0f00046894caccb7dca2bcd707c9d9f3bb0315bace72eb33417252abe5fecefb036ddb26b946fbde826e85b2a866fcce1f5872d395737
+SHA512 (wireshark-2.6.0.tar.xz) = a419ed32caeb9f25fc26e345c7baf7d847fee35730c64efad66870a786b26b9f8d5a8665b8b99be88f9cf504f6d9e640584d9849558ff09efc83400588dc6da8
+SHA512 (SIGNATURES-2.6.0.txt) = ce54fc3f44ac70bb3720389845f1337417733cc179d17aaa0f46ef70d3f98fbe886c9756224d27f8abe1c9f18979685721807f9ef5779eb0da028314df2700b0
--- a/wireshark-0002-Customize-permission-denied-error.patch
+++ b/wireshark-0002-Customize-permission-denied-error.patch
@ -34,7 +34,7 @@ index 2f9d2cc..b18e47f 100644
 
         /* Exit with "_exit()", so that we don't close the connection
@@ -826,6 +830,7 @@ sync_pipe_open_command(char** argv, int *data_read_fd,
-     PROCESS_INFORMATION pi;
+     int i;
 #else
     char errmsg[1024+1];
 +    const char *securitymsg = "";
--- a/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
+++ b/wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
@ -3,10 +3,10 @@ Date: Wed, 4 Sep 2013 10:03:57 +0200
 Subject: [PATCH] fix string overrun in plugins/profinet


-diff --git a/plugins/profinet/packet-dcom-cba.c b/plugins/profinet/packet-dcom-cba.c
+diff --git a/plugins/epan/profinet/packet-dcom-cba.c b/plugins/epan/profinet/packet-dcom-cba.c
 index 0f1658a..f7fd322 100644
--- a/plugins/profinet/packet-dcom-cba.c
-+++ b/plugins/profinet/packet-dcom-cba.c
+--- a/plugins/epan/profinet/packet-dcom-cba.c
+++ b/plugins/epan/profinet/packet-dcom-cba.c
@@ -555,7 +555,7 @@ dissect_ICBAPhysicalDevice_get_LogicalDevice_rqst(tvbuff_t *tvb, int offset,
     packet_info *pinfo, proto_tree *tree, dcerpc_info *di, guint8 *drep)
 {
--- a/wireshark-0006-Move-tmp-to-var-tmp.patch
+++ b/wireshark-0006-Move-tmp-to-var-tmp.patch
@ -30,7 +30,7 @@ index 22ca841..6bcb527 100644
 #include <wsutil/filesystem.h>
 +#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
 #include <wsutil/copyright_info.h>
- #include <ws_version_info.h>
+ #include <version_info.h>
 #ifdef HAVE_LIBSMI
@@ -427,7 +428,7 @@ about_folders_page_new(void)
       "capture files");
@ -51,17 +51,17 @@ index 31dc581..2f74285 100644
 #include <wsutil/filesystem.h>
 +#include <wsutil/wstmpdir.h> /* for get_tmp_dir() */
 
- #ifdef HAVE_LIBSMI
- #include <epan/oids.h>
-@@ -204,7 +205,7 @@ AboutDialog::AboutDialog(QWidget *parent) :
-     message += about_folders_row("\"File\" dialogs", get_last_open_dir(), "capture files");
+ #include <QDesktopServices>
+ #include <QUrl>
+@@ -206,7 +206,7 @@ FolderListModel::FolderListModel(QObject * parent):
+     appendRow( QStringList() << tr("\"File\" dialogs") << get_last_open_dir() << tr("capture files"));
 
     /* temp */
-    message += about_folders_row("Temp", g_get_tmp_dir(), "untitled capture files");
-+    message += about_folders_row("Temp", get_tmp_dir(), "untitled capture files");
+-    appendRow( QStringList() << tr("Temp") << g_get_tmp_dir() << tr("untitled capture files"));
+    appendRow( QStringList() << tr("Temp") << get_tmp_dir() << tr("untitled capture files"));
 
     /* pers conf */
-     message += about_folders_row("Personal configuration",
+     appendRow( QStringList() << tr("Personal configuration")
 diff --git a/ui/qt/iax2_analysis_dialog.cpp b/ui/qt/iax2_analysis_dialog.cpp
 index ee4e5fd..fe17a95 100644
 --- a/ui/qt/iax2_analysis_dialog.cpp
@ -137,26 +137,22 @@ diff --git a/wsutil/Makefile.am b/wsutil/Makefile.am
 index 2af1b6c..aa149a2 100644
 --- a/wsutil/Makefile.am
 +++ b/wsutil/Makefile.am
-@@ -91,7 +91,8 @@ libwsutil_nonrepl_INCLUDES = \
- 	ws_mempbrk.h		\
- 	ws_mempbrk_int.h	\
+@@ -90,6 +90,7 @@ WSUTIL_PUBLIC_INCLUDES = \
+ 	ws_pipe.h		\
 	ws_printf.h		\
-	wsjsmn.h
-+	wsjsmn.h		\
-+	wstmpdir.h
- 
- # Header files for functions in libwsutil's ABI on this platform.
- libwsutil_abi_INCLUDES = \
-@@ -155,7 +156,8 @@ libwsutil_la_SOURCES = \
- 	unicode-utils.c		\
- 	ws_mempbrk.c		\
+ 	wsjsmn.h		\
+	wstmpdir.h		\
+ 	wsgcrypt.h		\
+ 	wsgetopt.h		\
+ 	wspcap.h		\
+@@ -168,6 +169,7 @@ libwsutil_la_SOURCES = \
+ 	ws_pipe.c		\
 	wsgcrypt.c		\
-	wsjsmn.c
-+	wsjsmn.c		\
-+	wstmpdir.c
+ 	wsjsmn.c		\
+	wstmpdir.c		\
+ 	xtea.c
 
- if HAVE_MACOS_FRAMEWORKS
- libwsutil_la_SOURCES += cfutils.c cfutils.h
+ if HAVE_PLUGINS
 diff --git a/wsutil/tempfile.c b/wsutil/tempfile.c
 index 8e1f8dc..dcf2f78 100644
 --- a/wsutil/tempfile.c
@ -169,7 +165,7 @@ index 8e1f8dc..dcf2f78 100644
 
 #ifndef __set_errno
 #define __set_errno(x) errno=(x)
-@@ -142,7 +143,7 @@ mkdtemp (char *path_template)
+@@ -83,13 +83,14 @@ mkstemps(char *path_template, int suffixlen)
  */
 char *get_tempfile_path(const char *filename)
 {
@ -178,6 +174,14 @@ index 8e1f8dc..dcf2f78 100644
 }
 
 #define MAX_TEMPFILES   3
+ 
+ /**
+- * Create a tempfile with the given prefix (e.g. "wireshark").
+ * Create a tempfile with the given prefix (e.g. "wireshark"). The path
+ * is created using get_tmp_dir and mkdtemp
+  *
+  * @param namebuf If not NULL, receives the full path of the temp file.
+  *                Should NOT be freed.
@@ -199,7 +200,7 @@ create_tempfile(char **namebuf, const char *pfx, const char *sfx)
     tf[idx].path = (char *)g_malloc(tf[idx].len);
   }
@ -187,24 +191,6 @@ index 8e1f8dc..dcf2f78 100644
 
 #ifdef _WIN32
   _tzset();
-@@ -237,7 +238,7 @@ create_tempfile(char **namebuf, const char *pfx, const char *sfx)
- 
- /**
-  * Create a directory with the given prefix (e.g. "wireshark"). The path
- * is created using g_get_tmp_dir and mkdtemp.
-+ * is created using get_tmp_dir and mkdtemp.
-  *
-  * @param namebuf
-  * @param pfx A prefix for the temporary directory.
-@@ -265,7 +266,7 @@ create_tempdir(char **namebuf, const char *pfx)
-   /*
-    * We can't use get_tempfile_path here because we're called from dumpcap.c.
-    */
-  tmp_dir = g_get_tmp_dir();
-+  tmp_dir = get_tmp_dir();
- 
-   while (g_snprintf(td_path[idx], td_path_len[idx], "%s%c%s" TMP_FILE_SUFFIX, tmp_dir, G_DIR_SEPARATOR, pfx) > td_path_len[idx]) {
-     td_path_len[idx] *= 2;
 diff --git a/wsutil/tempfile.h b/wsutil/tempfile.h
 index 1dca2df..bb3160c 100644
 --- a/wsutil/tempfile.h
@ -218,15 +204,6 @@ index 1dca2df..bb3160c 100644
  *
  * @param namebuf [in,out] If not NULL, receives the full path of the temp file.
  *                Must NOT be freed.
-@@ -58,7 +58,7 @@ WS_DLL_PUBLIC int create_tempfile(char **namebuf, const char *pfx, const char *s
- 
- /**
-  * Create a directory with the given prefix (e.g. "wireshark"). The path
- * is created using g_get_tmp_dir and mkdtemp.
-+ * is created using get_tmp_dir and mkdtemp.
-  *
-  * @param namebuf If not NULL, receives the full path of the temp directory.
-  *                Must NOT be freed.
 diff --git a/wsutil/wstmpdir.c b/wsutil/wstmpdir.c
 new file mode 100644
 index 0000000..d8b733b
--- a/wireshark-0007-cmakelists.patch
+++ b/wireshark-0007-cmakelists.patch
@ -0,0 +1,33 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 9e3b555..b0abd84 100644
+--- a/CMakeLists.txt
+++ b/CMakeLists.txt
+@@ -3069,7 +3069,7 @@ if(RPMBUILD_EXECUTABLE AND GIT_EXECUTABLE)
+ 	endif()
+ 
+ 	execute_process(
+-		COMMAND git describe --abbrev=8 --match v[1-9]*
+		COMMAND git describe --always --abbrev=8 --match v[1-9]*
+ 		OUTPUT_VARIABLE _git_description
+ 		OUTPUT_STRIP_TRAILING_WHITESPACE
+ 		WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+diff --git a/wsutil/CMakeLists.txt b/wsutil/CMakeLists.txt
+index 0367cd1..6382a2c 100644
+--- a/wsutil/CMakeLists.txt
+++ b/wsutil/CMakeLists.txt
+@@ -69,6 +69,7 @@ set(WSUTIL_PUBLIC_HEADERS
+ 	ws_mempbrk_int.h
+ 	ws_pipe.h
+ 	ws_printf.h
+	wstmpdir.h
+ 	wsjsmn.h
+ 	xtea.h
+ )
+@@ -118,6 +118,7 @@ set(WSUTIL_COMMON_FILES
+ 	unicode-utils.c
+ 	ws_mempbrk.c
+ 	ws_pipe.c
+	wstmpdir.c
+ 	wsgcrypt.c
+ 	wsjsmn.c
+ 	xtea.c
--- a/wireshark.spec
+++ b/wireshark.spec
@ -1,11 +1,12 @@
 %global with_lua 1
 %global with_portaudio 1
-%global with_GeoIP 1
+%global with_maxminddb 1
+%global plugins_version 2.6

 Summary:	Network traffic analyzer
 Name:		wireshark
-Version:	2.4.5
-Release:	2%{?dist}
+Version:	2.6.0
+Release:	1%{?dist}
 Epoch:          1
 License:	GPL+
 Url:		http://www.wireshark.org/
@ -28,6 +29,7 @@ Patch4:		wireshark-0004-Restore-Fedora-specific-groups.patch
 Patch5:		wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
 # Fedora-specific
 Patch6:		wireshark-0006-Move-tmp-to-var-tmp.patch
+Patch7:		wireshark-0007-cmakelists.patch

 #install tshark together with wireshark GUI
 Requires:	%{name}-cli = %{epoch}:%{version}-%{release}
@ -39,8 +41,8 @@ Requires:	hicolor-icon-theme
 Requires:	portaudio
 BuildRequires:	portaudio-devel
 %endif
-%if %{with_GeoIP}
-Requires:	GeoIP
+%if %{with_maxminddb} && 0%{?fedora}
+Requires:	libmaxminddb
 %endif

 BuildRequires:	bzip2-devel
@ -66,21 +68,22 @@ BuildRequires:	pcre-devel
 BuildRequires:	perl(Pod::Html)
 BuildRequires:	perl(Pod::Man)
 Buildrequires:  libssh-devel
-Buildrequires:  libssh2-devel
 BuildRequires:	qt5-linguist
 BuildRequires:	qt5-qtbase-devel
 BuildRequires:	qt5-qtmultimedia-devel
 BuildRequires:	qt5-qtsvg-devel
 BuildRequires:	zlib-devel
-%if %{with_GeoIP}
-BuildRequires:	GeoIP-devel
+%if %{with_maxminddb} && 0%{?fedora}
+BuildRequires:	libmaxminddb-devel
 %endif
 %if %{with_lua}
 BuildRequires:	compat-lua-devel
 %endif
-BuildRequires: libtool, automake, autoconf
 Buildrequires: git
+%if 0%{?fedora}
 Buildrequires: python2-devel
+%endif
+Buildrequires: cmake

 %description
 Wireshark allows you to examine protocol data stored in files or as it is
@ -116,61 +119,37 @@ and plugins.
 %autosetup -S git

 %build
-%ifarch s390 s390x sparcv9 sparc64
-export PIECFLAGS="-fPIE -fPIC"
-%else
-export PIECFLAGS="-fpie -fPIC"
-%endif
-
-# FC5+ automatic -fstack-protector-all switch
-export RPM_OPT_FLAGS=${RPM_OPT_FLAGS//-fstack-protector-strong/-fstack-protector-all}
-export CFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS -D_LARGEFILE64_SOURCE"
-export CXXFLAGS="$RPM_OPT_FLAGS $CPPFLAGS $PIECFLAGS -D_LARGEFILE64_SOURCE"
-export LDFLAGS="$RPM_OPT_FLAGS $LDFLAGS -pie -fPIC"
-
-autoreconf -ivf
-
-%configure \
-   --bindir=%{_bindir} \
-   --with-libsmi \
-   --with-gnu-ld \
-   --with-pic \
-   --with-qt=5 \
+%cmake -G "Unix Makefiles" \
+  -DDISABLE_WERROR=ON \
+  -DBUILD_wireshark=ON \
+  -DENABLE_QT5=ON \
 %if %{with_lua}
-   --with-lua \
+  -DENABLE_LUA=ON \
 %else
-   --with-lua=no \
+  -DENABLE_LUA=OFF \
 %endif
+%if %{with_maxminddb} && 0%{?fedora} 
+  -DBUILD_mmdbresolve=ON \
+%else
+  -DBUILD_mmdbresolve=OFF \
+%endif
+  -DBUILD_randpktdump=OFF \
+  -DBUILD_androiddump=OFF \
+  -DENABLE_SMI=ON \
 %if %{with_portaudio} && 0%{?fedora}
-   --with-portaudio \
+  -DENABLE_PORTAUDIO=ON \
 %else
-  --with-portaudio=no \
+  -DENABLE_PORTAUDIO=OFF \
 %endif
-%if %{with_GeoIP}
-   --with-geoip \
-%else
-   --with-geoip=no \
-%endif
-   --with-ssl \
-   --disable-warnings-as-errors \
-   --with-plugins=%{_libdir}/%{name}/plugins \
-   --with-libnl \
-   --disable-androiddump \
-   --disable-randpktdump
-
-#remove rpath
-sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
-sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+  -DENABLE_PLUGINS=ON \
+  -DENABLE_NETLINK=ON \
+  -DBUILD_dcerpcidl2wrs=OFF

 make %{?_smp_mflags}

 %install
 make DESTDIR=%{buildroot} install

-# Install python stuff.
-mkdir -p %{buildroot}%{python2_sitearch}
-install -m 644 tools/wireshark_be.py tools/wireshark_gen.py  %{buildroot}%{python2_sitearch}
-
 desktop-file-validate %{buildroot}%{_datadir}/applications/wireshark.desktop

 #install devel files (inspired by debian/wireshark-dev.header-files)
@ -185,7 +164,7 @@ mkdir -p "${IDIR}/epan/wmem"
 mkdir -p "${IDIR}/wiretap"
 mkdir -p "${IDIR}/wsutil"
 mkdir -p %{buildroot}%{_udevrulesdir}
-install -m 644 config.h register.h	"${IDIR}/"
+install -m 644 config.h epan/register.h	"${IDIR}/"
 install -m 644 cfile.h file.h		"${IDIR}/"
 install -m 644 ws_symbol_export.h	"${IDIR}/"
 install -m 644 epan/*.h			"${IDIR}/epan/"
@ -204,12 +183,6 @@ touch %{buildroot}%{_bindir}/%{name}
 # Remove libtool archives and static libs
 find %{buildroot} -type f -name "*.la" -delete

-# Remove idl2wrs
-rm -f %{buildroot}%{_bindir}/idl2wrs
-
-#remove wireshark-gtk.desktop file since it is still installed in the makefile
-rm -f %{buildroot}%{_datadir}/applications/wireshark-gtk.desktop
-
 %pre cli
 getent group wireshark >/dev/null || groupadd -r wireshark
 getent group usbmon >/dev/null || groupadd -r usbmon
@ -234,7 +207,6 @@ getent group usbmon >/dev/null || groupadd -r usbmon
 %doc AUTHORS INSTALL NEWS README*
 %{_bindir}/capinfos
 %{_bindir}/captype
-%{_bindir}/dftest
 %{_bindir}/editcap
 %{_bindir}/mergecap
 %{_bindir}/randpkt
@ -242,10 +214,12 @@ getent group usbmon >/dev/null || groupadd -r usbmon
 %{_bindir}/sharkd
 %{_bindir}/text2pcap
 %{_bindir}/tshark
+%if %{with_maxminddb} && 0%{?fedora}
+%{_bindir}/mmdbresolve
+%endif
 %attr(0750, root, wireshark) %caps(cap_net_raw,cap_net_admin=ep) %{_bindir}/dumpcap
 %{_bindir}/rawshark
 %{_udevrulesdir}/90-wireshark-usbmon.rules
-%{python2_sitearch}/*.py*
 %{_libdir}/lib*.so.*
 %dir %{_libdir}/wireshark
 %dir %{_libdir}/wireshark/extcap
@ -253,7 +227,11 @@ getent group usbmon >/dev/null || groupadd -r usbmon
 %{_libdir}/wireshark/extcap/ciscodump
 %{_libdir}/wireshark/extcap/udpdump
 %{_libdir}/wireshark/extcap/sshdump
-%{_libdir}/wireshark/plugins/*.so
+%{_libdir}/wireshark/*.cmake
+#the version wireshark uses to store plugins is only x.y, not .z
+%{_libdir}/wireshark/plugins/%{plugins_version}/epan/*.so
+%{_libdir}/wireshark/plugins/%{plugins_version}/wiretap/*.so
+%{_libdir}/wireshark/plugins/%{plugins_version}/codecs/*.so
 %{_mandir}/man1/editcap.*
 %{_mandir}/man1/tshark.*
 %{_mandir}/man1/mergecap.*
@ -267,12 +245,16 @@ getent group usbmon >/dev/null || groupadd -r usbmon
 %{_mandir}/man1/reordercap.*
 %{_mandir}/man1/sshdump.*
 %{_mandir}/man1/udpdump.*
+%{_mandir}/man1/androiddump.*
+%{_mandir}/man1/captype.*
+%{_mandir}/man1/ciscodump.*
+%{_mandir}/man1/randpktdump.*
 %{_mandir}/man4/extcap.*
+%if %{with_maxminddb} && 0%{?fedora}
+%{_mandir}/man1/mmdbresolve.*
+%endif
 %dir %{_datadir}/wireshark
 %{_datadir}/wireshark/*
-%if %{with_lua}
-%config(noreplace) %{_datadir}/wireshark/init.lua
-%endif

 %files devel
 %doc doc/README.* ChangeLog
@ -281,6 +263,13 @@ getent group usbmon >/dev/null || groupadd -r usbmon
 %{_libdir}/pkgconfig/%{name}.pc

 %changelog
+* Wed May 02 2018 Michal Ruprich <mruprich@redhat.com> - 1:2.6.0-1
+- New version 2.6.0
+- Fix for CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9259, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9265, CVE-2018-9266, CVE-2018-9267, CVE-2018-9268, CVE-2018-9269, CVE-2018-9270, CVE-2018-9271, CVE-2018-9272, CVE-2018-9273, CVE-2018-9274
+- Switch from autotools to cmake
+- Removed python2-devel(#1560284) and libssh2-devel from dependencies
+- Removed python scripts
+
 * Thu Mar 15 2018 Michal Ruprich <mruprich@redhat.com> - 1:2.4.5-2
 - Removing dependency on wireshark from wireshark-cli (rhbz#1554818)
 - Removing deprecated Group tags