head 1.4; access; symbols pkgsrc-2013Q2:1.4.0.2 pkgsrc-2013Q2-base:1.4 pkgsrc-2012Q4:1.3.0.16 pkgsrc-2012Q4-base:1.3 pkgsrc-2012Q3:1.3.0.14 pkgsrc-2012Q3-base:1.3 pkgsrc-2012Q2:1.3.0.12 pkgsrc-2012Q2-base:1.3 pkgsrc-2012Q1:1.3.0.10 pkgsrc-2012Q1-base:1.3 pkgsrc-2011Q4:1.3.0.8 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q3:1.3.0.6 pkgsrc-2011Q3-base:1.3 pkgsrc-2011Q2:1.3.0.4 pkgsrc-2011Q2-base:1.3 pkgsrc-2011Q1:1.3.0.2 pkgsrc-2011Q1-base:1.3 pkgsrc-2010Q2:1.1.0.2; locks; strict; comment @# @; 1.4 date 2013.03.07.12.44.11; author tron; state dead; branches; next 1.3; 1.3 date 2011.01.31.12.21.34; author adam; state Exp; branches 1.3.16.1; next 1.2; 1.2 date 2010.10.13.07.35.04; author tron; state dead; branches; next 1.1; 1.1 date 2010.09.25.11.19.10; author tron; state Exp; branches 1.1.2.1; next ; 1.3.16.1 date 2013.03.08.19.23.30; author spz; state dead; branches; next ; 1.1.2.1 date 2010.09.25.11.19.10; author spz; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2010.09.28.05.36.59; author spz; state Exp; branches; next ; desc @@ 1.4 log @Update "wireshark" package to version 1.8.6. Changes since 1.8.5: - Bug Fixes The following vulnerabilities have been fixed. o wnpa-sec-2013-10 The TCP dissector could crash. (Bug 8274) Versions affected: 1.8.0 to 1.8.5. CVE-2013-2475 o wnpa-sec-2013-11 The HART/IP dissectory could go into an infinite loop. (Bug 8360) Versions affected: 1.8.0 to 1.8.5. CVE-2013-2476 o wnpa-sec-2013-12 The CSN.1 dissector could crash. Discovered by Laurent Butti. (Bug 8383) Versions affected: 1.8.0 to 1.8.5. CVE-2013-2477 o wnpa-sec-2013-13 The MS-MMS dissector could crash. Discovered by Laurent Butti. (Bug 8382) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2478 o wnpa-sec-2013-14 The MPLS Echo dissector could go into an infinite loop. Discovered by Laurent Butti. (Bug 8039) Versions affected: 1.8.0 to 1.8.5. CVE-2013-2479 o wnpa-sec-2013-15 The RTPS and RTPS2 dissectors could crash. Discovered by Alyssa Milburn. (Bug 8332) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2480 o wnpa-sec-2013-16 The Mount dissector could crash. Discovered by Alyssa Milburn. (Bug 8335) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2481 o wnpa-sec-2013-17 The AMPQ dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8337) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2482 o wnpa-sec-2013-18 The ACN dissector could attempt to divide by zero. Discovered by Alyssa Milburn. (Bug 8340) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2483 o wnpa-sec-2013-19 The CIMD dissector could crash. Discovered by Moshe Kaplan. (Bug 8346) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2484 o wnpa-sec-2013-20 The FCSP dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8359) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2485 o wnpa-sec-2013-21 The RELOAD dissector could go into an infinite loop. Discovered by Even Jensen. (Bug 8364) Versions affected: 1.8.0 to 1.8.5. CVE-2013-2486 CVE-2013-2487 o wnpa-sec-2013-22 The DTLS dissector could crash. Discovered by Laurent Butti. (Bug 8380) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2488 The following bugs have been fixed: o Lua pinfo.cols.protocol not holding value in postdissector. (Bug 6020) o data combined via ssl_desegment_app_data not visible via "Follow SSL Stream" only decrypted ssl data tabs. (Bug 6434) o HTTP application/json-rpc should be decoded/shown as application/json. (Bug 7939) o Maximum value of 802.11-2012 Duration field should be 32767. (Bug 8056) o Voice RTP player crash if player is closed while playing. (Bug 8065) o Display Filter Macros crash. (Bug 8073) o RRC RadioBearerSetup message decoding issue. (Bug 8290) o R-click filters add ! in front of field when choosing "apply as filter>selected". (Bug 8297) o BACnet - Loop Object - Setpoint-Reference property does not decode correctly. (Bug 8306) o WMM TSPEC Element Parsing is not done is wrong due to a wrong switch case number. (Bug 8320) o Incorrect RTP statistics (Lost Packets indication not ok). (Bug 8321) o Registering ieee802154 dissector for IEEE802.15.4 frames inside Linux SLL frames. (Bug 8325) o Version Field is skipped while parsing WMM_TSPEC causing wrong dissecting (1 byte offset missing) of all fields in the TSPEC. (Bug 8330) o [BACnet] UCS-2 strings longer than 127 characters do not decode correctly. (Bug 8331) o Malformed IEEE80211 frame triggers DISSECTOR_ASSERT. (Bug 8345) o Decoding of GSM MAP SMS Diagnostics. (Bug 8378) o Incorrect packet length displayed for Flight Message Transfer Protocol (FMTP). (Bug 8407) o Netflow dissector flowDurationMicroseconds nanosecond conversion wrong. (Bug 8410) o BE (3) AC is wrongly named as "Video" in (qos_acs). (Bug 8432) - Updated Protocol Support ACN, AMQP, ASN.1 PER, BACnet, CIMD, CSN.1, DOCSIS TLVs, DTLS, FCSP, FMP/NOTIFY, FMTP, GSM MAP SMS, HART/IP, IEEE 802.11, IEEE 802.15.4, JSON, Linux SLL, LTE RRC, Mount, MPLS Echo, Netflow, RELOAD, RSL, RTP, RTPS, RTPS2, SABP, SIP, SSL, TCP @ text @$NetBSD: patch-ae,v 1.3 2011/01/31 12:21:34 adam Exp $ --- tools/lemon/Makefile.in.orig 2011-01-31 12:03:39.000000000 +0000 +++ tools/lemon/Makefile.in @@@@ -631,7 +631,7 @@@@ uninstall-am: uninstall-info-am lemon$(EXEEXT): lemon.c - $(CC_FOR_BUILD) -D_U_="" $(CFLAGS_FOR_BUILD) $(LDFLAGS_FOR_BUILD) -o $@@ $? + $(CC_FOR_BUILD) -D_U_="" $(CFLAGS) $(LDFLAGS) -o $@@ $? # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: @ 1.3 log @Fix building on Mac OS X: pass CFLAGS and LDFLAGS when making tools/lemon @ text @d1 1 a1 1 $NetBSD$ @ 1.3.16.1 log @Pullup ticket #4090 - requested by tron net/wireshark: security update Revisions pulled up: - net/wireshark/Makefile 1.97 - net/wireshark/distinfo 1.63 - net/wireshark/patches/patch-ae deleted ------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Thu Mar 7 12:44:11 UTC 2013 Modified Files: pkgsrc/net/wireshark: Makefile distinfo Removed Files: pkgsrc/net/wireshark/patches: patch-ae Log Message: Update "wireshark" package to version 1.8.6. Changes since 1.8.5: - Bug Fixes The following vulnerabilities have been fixed. o wnpa-sec-2013-10 The TCP dissector could crash. (Bug 8274) Versions affected: 1.8.0 to 1.8.5. CVE-2013-2475 o wnpa-sec-2013-11 The HART/IP dissectory could go into an infinite loop. (Bug 8360) Versions affected: 1.8.0 to 1.8.5. CVE-2013-2476 o wnpa-sec-2013-12 The CSN.1 dissector could crash. Discovered by Laurent Butti. (Bug 8383) Versions affected: 1.8.0 to 1.8.5. CVE-2013-2477 o wnpa-sec-2013-13 The MS-MMS dissector could crash. Discovered by Laurent Butti. (Bug 8382) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2478 o wnpa-sec-2013-14 The MPLS Echo dissector could go into an infinite loop. Discovered by Laurent Butti. (Bug 8039) Versions affected: 1.8.0 to 1.8.5. CVE-2013-2479 o wnpa-sec-2013-15 The RTPS and RTPS2 dissectors could crash. Discovered by Alyssa Milburn. (Bug 8332) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2480 o wnpa-sec-2013-16 The Mount dissector could crash. Discovered by Alyssa Milburn. (Bug 8335) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2481 o wnpa-sec-2013-17 The AMPQ dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8337) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2482 o wnpa-sec-2013-18 The ACN dissector could attempt to divide by zero. Discovered by Alyssa Milburn. (Bug 8340) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2483 o wnpa-sec-2013-19 The CIMD dissector could crash. Discovered by Moshe Kaplan. (Bug 8346) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2484 o wnpa-sec-2013-20 The FCSP dissector could go into an infinite loop. Discovered by Moshe Kaplan. (Bug 8359) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2485 o wnpa-sec-2013-21 The RELOAD dissector could go into an infinite loop. Discovered by Even Jensen. (Bug 8364) Versions affected: 1.8.0 to 1.8.5. CVE-2013-2486 CVE-2013-2487 o wnpa-sec-2013-22 The DTLS dissector could crash. Discovered by Laurent Butti. (Bug 8380) Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13. CVE-2013-2488 The following bugs have been fixed: o Lua pinfo.cols.protocol not holding value in postdissector. (Bug 6020) o data combined via ssl_desegment_app_data not visible via "Follow SSL Stream" only decrypted ssl data tabs. (Bug 6434) o HTTP application/json-rpc should be decoded/shown as application/json. (Bug 7939) o Maximum value of 802.11-2012 Duration field should be 32767. (Bug 8056) o Voice RTP player crash if player is closed while playing. (Bug 8065) o Display Filter Macros crash. (Bug 8073) o RRC RadioBearerSetup message decoding issue. (Bug 8290) o R-click filters add ! in front of field when choosing "apply as filter>selected". (Bug 8297) o BACnet - Loop Object - Setpoint-Reference property does not decode correctly. (Bug 8306) o WMM TSPEC Element Parsing is not done is wrong due to a wrong switch case number. (Bug 8320) o Incorrect RTP statistics (Lost Packets indication not ok). (Bug 8321) o Registering ieee802154 dissector for IEEE802.15.4 frames inside Linux SLL frames. (Bug 8325) o Version Field is skipped while parsing WMM_TSPEC causing wrong dissecting (1 byte offset missing) of all fields in the TSPEC. (Bug 8330) o [BACnet] UCS-2 strings longer than 127 characters do not decode correctly. (Bug 8331) o Malformed IEEE80211 frame triggers DISSECTOR_ASSERT. (Bug 8345) o Decoding of GSM MAP SMS Diagnostics. (Bug 8378) o Incorrect packet length displayed for Flight Message Transfer Protocol (FMTP). (Bug 8407) o Netflow dissector flowDurationMicroseconds nanosecond conversion wrong. (Bug 8410) o BE (3) AC is wrongly named as "Video" in (qos_acs). (Bug 8432) - Updated Protocol Support ACN, AMQP, ASN.1 PER, BACnet, CIMD, CSN.1, DOCSIS TLVs, DTLS, FCSP, FMP/NOTIFY, FMTP, GSM MAP SMS, HART/IP, IEEE 802.11, IEEE 802.15.4, JSON, Linux SLL, LTE RRC, Mount, MPLS Echo, Netflow, RELOAD, RSL, RTP, RTPS, RTPS2, SABP, SIP, SSL, TCP To generate a diff of this commit: cvs rdiff -u -r1.96 -r1.97 pkgsrc/net/wireshark/Makefile cvs rdiff -u -r1.62 -r1.63 pkgsrc/net/wireshark/distinfo cvs rdiff -u -r1.3 -r0 pkgsrc/net/wireshark/patches/patch-ae @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.3 2011/01/31 12:21:34 adam Exp $ @ 1.2 log @Update "wireshark" package to version 1.4.1. Changes since 1.4.0: - Bug Fixes The following vulnerabilities have been fixed. See the security advisory for details and a workaround. o The Penetration Test Team of NCNIPC (China) discovered that the ASN.1 BER dissector was susceptible to a stack overflow. (Bug 5230) [A patch for this bug was already in version 1.4.0 in "pkgsrc".] - The following bugs have been fixed: o Incorrect behavior using sorting in the packet list. (Bug 2225) o Cooked-capture dissector should omit the source address field if empty. (Bug 2519) o MySQL dissector doesn't dissect MySQL stream. (Bug 2691) o Wireshark crashes if active display filter macro is renamed. (Bug 5002) o Incorrect dissection of MAP V2 PRN_ACK. (Bug 5076) o TCP bytes_in_flight becomes inflated with lost packets. (Bug 5132) o GTP header is exported in PDML with an incorrect size. (Bug 5162) o Packet list hidden columns will not be parsed correctly from preferences file. (Bug 5163) o Wireshark does not display the t.38 graph. (Bug 5165) o Wireshark don't show mgcp calls in "Telephony → VoIP calls". (Bug 5167) o Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem. (Bug 5172) o GTPv2: IMSI is decoded improperly. (Bug 5179) o [NAS EPS] EPS Quality of Service IE decoding is wrong. (Bug 5186) o Wireshark mistakenly writes "not all data available" for IPv4 checksum. (Bug 5194) o GSM: Cell Channel Description, range 1024 format. (Bug 5214) o Wrong SDP interpretation on VoIP call flow chart. (Bug 5220) o The CLDAP attribute value on a CLDAP reply is no longer being decoded. (Bug 5239) o [NAS EPS] Traffic Flow Template IE dissection bugs. (Bug 5243) o [NAS EPS] Use Request Type IE defined in 3GPP 24.008. (Bug 5246) o NTLMSSP_AUTH domain and username truncated to first letter with IE8/Windows7 (generating the NTLM packet). (Bug 5251) o IPv6 RH0: dest addr is to be used i.s.o. last RH address when 0 segments remain. (Bug 5252) o EIGRP dissection error in Flags field in external route TLVs. (Bug 5261) o MRP packet is not correctly parsed in PROFINET multiple write record request. (Bug 5267) o MySQL Enhancement: support of Show Fields and bug fix. (Bug 5271) o [NAS EPS] Fix TFT decoding when having several Packet Filters defined. (Bug 5274) o Crash if using ssl.debug.file with no password for ssl.keys_list. (Bug 5277) - Updated Protocol Support ASN.1 BER, ASN.1 PER, EIGRP, GSM A RR, GSM Management, GSM MAP, GTP, GTPv2, ICMPv6, Interlink, IPv4, IPv6, IPX, LDAP, LLC, MySQL, NAS EPS, NTLMSSP, PN-IO, PPP, RPC, SDP, SLL, SSL, TCP Approved by Alistair Crooks. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.1 2010/09/25 11:19:10 tron Exp $ d3 3 a5 94 Fix for SA41535 taken from here: http://anonsvn.wireshark.org/viewvc?view=rev&revision=34111 --- epan/dissectors/packet-ber.c.orig 2010-08-29 23:17:07.000000000 +0100 +++ epan/dissectors/packet-ber.c 2010-09-25 11:53:33.000000000 +0100 @@@@ -200,6 +200,14 @@@@ { 0, NULL } }; +/* + * Set a limit on recursion so we don't blow away the stack. Another approach + * would be to remove recursion completely but then we'd exhaust CPU+memory + * trying to read a hellabyte of nested indefinite lengths. + * XXX - Max nesting in the ASN.1 plugin is 32. Should they match? + */ +#define BER_MAX_NESTING 500 + static const true_false_string ber_real_binary_vals = { "Binary encoding", "Decimal encoding" @@@@ -422,7 +430,8 @@@@ return offset; } -int dissect_unknown_ber(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree) +static int +try_dissect_unknown_ber(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree, gint nest_level) { int start_offset; gint8 class; @@@@ -438,6 +447,11 @@@@ proto_item *pi, *cause; asn1_ctx_t asn1_ctx; + if (nest_level > BER_MAX_NESTING) { + /* Assume that we have a malformed packet. */ + THROW(ReportedBoundsError); + } + start_offset=offset; asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); @@@@ -500,7 +514,7 @@@@ } item = proto_tree_add_item(tree, hf_ber_unknown_BER_OCTETSTRING, tvb, offset, len, FALSE); next_tree = proto_item_add_subtree(item, ett_ber_octet_string); - offset = dissect_unknown_ber(pinfo, tvb, offset, next_tree); + offset = try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1); } } if (!is_decoded_as) { @@@@ -585,7 +599,7 @@@@ is_decoded_as = TRUE; proto_item_append_text (pi, "[BER encoded]"); next_tree = proto_item_add_subtree(pi, ett_ber_primitive); - offset = dissect_unknown_ber(pinfo, tvb, offset, next_tree); + offset = try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1); } } @@@@ -632,7 +646,7 @@@@ next_tree=proto_item_add_subtree(item, ett_ber_SEQUENCE); } while(offset < (int)(start_offset + len + hdr_len)) - offset=dissect_unknown_ber(pinfo, tvb, offset, next_tree); + offset=try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1); break; case BER_CLASS_APP: case BER_CLASS_CON: @@@@ -643,7 +657,7 @@@@ next_tree=proto_item_add_subtree(item, ett_ber_SEQUENCE); } while(offset < (int)(start_offset + len + hdr_len)) - offset=dissect_unknown_ber(pinfo, tvb, offset, next_tree); + offset=try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1); break; } @@@@ -654,6 +668,11 @@@@ return offset; } +int +dissect_unknown_ber(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree) +{ + return try_dissect_unknown_ber(pinfo, tvb, offset, tree, 1); +} int call_ber_oid_callback(const char *oid, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) @@@@ -853,13 +872,6 @@@@ */ /* 8.1.3 Length octets */ a6 13 -/* - * Set a limit on recursion so we don't blow away the stack. Another approach - * would be to remove recursion completely but then we'd exhaust CPU+memory - * trying to read a hellabyte of nested indefinite lengths. - * XXX - Max nesting in the ASN.1 plugin is 32. Should they match? - */ -#define BER_MAX_INDEFINITE_NESTING 500 static int try_get_ber_length(tvbuff_t *tvb, int offset, guint32 *length, gboolean *ind, gint nest_level) { guint8 oct, len; @@@@ -873,7 +885,7 @@@@ tmp_length = 0; tmp_ind = FALSE; d8 6 a13 5 - if (nest_level > BER_MAX_INDEFINITE_NESTING) { + if (nest_level > BER_MAX_NESTING) { /* Assume that we have a malformed packet. */ THROW(ReportedBoundsError); } @ 1.1 log @Update "wireshark" package to version 1.4.0. Change since version 1.2.10: - The following bugs have been fixed: - Update time display in background. (Bug 1275) - Tshark returns 0 even with an invalid interface or capture filter. (Bug 4735) - The following features are new (or have been significantly updated) since version 1.2: - The packet list internals have been rewritten and are now more efficient. - Columns are easier to use. You can add a protocol field as a column by right-clicking on its packet detail item, and you can adjust some column preferences by right-clicking the column header. - Preliminary Python scripting support has been added. - Many memory leaks have been fixed. - Packets can now be ignored (excluded from dissection), similar to the way they can be marked. - Manual IP address resolution is now supported. - Columns with seconds can now be displayed as hours, minutes and seconds. - You can now set the capture buffer size on UNIX and Linux if you have libpcap 1.0.0 or greater. - TShark no longer needs elevated privileges on UNIX or Linux to list interfaces. Only dumpcap requires privileges now. - Wireshark and TShark can enable 802.11 monitor mode directly if you have libpcap 1.0.0 or greater. - You can play RTP streams directly from the RTP Analysis window. - Capinfos and editcap now respectively support time order checking and forcing. - Wireshark now has a "jump to timestamp" command-line option. - You can open JPEG files directly in Wireshark. - New Protocol Support 3GPP Nb Interface RTP Multiplex, Access Node Control Protocol, Apple Network-MIDI Session Protocol, ARUBA encapsulated remote mirroring, Assa Abloy R3, Asynchronous Transfer Mode, B.A.T.M.A.N. Advanced Protocol, Bluetooth AMP Packet, Bluetooth OBEX, Bundle Protocol, CIP Class Generic, CIP Connection Configuration Object, CIP Connection Manager, CIP Message Router, collectd network data, Control And Provisioning of Wireless Access Points, Controller Area Network, Device Level Ring, DOCSIS Bonded Initial Ranging Message, Dropbox LAN sync Discovery Protocol, Dropbox LAN sync Protocol, DTN TCP Convergence Layer Protocol, EtherCAT Switch Link, Fibre Channel Delimiters, File Replication Service DFS-R, Gateway Load Balancing Protocol, Gigamon Header, GigE Vision Control Protocol, Git Smart Protocol, GSM over IP ip.access CCM sub-protocol, GSM over IP protocol as used by ip.access, GSM Radiotap, HI2Operations, Host Identity Protocol, HP encapsulated remote mirroring, HP NIC Teaming Heartbeat, IEC61850 Sampled Values, IEEE 1722 Protocol, InfiniBand Link, Interlink Protocol, IPv6 over IEEE 802.15.4, ISO 10035-1 OSI Connectionless Association Control Service, ISO 9548-1 OSI Connectionless Session Protocol, ISO 9576-1 OSI Connectionless Presentation Protocol, ITU-T Q.708 ISPC Analysis, Juniper Packet Mirror, Licklider Transmission Protocol, MPLS PW ATM AAL5 CPCS-SDU mode encapsulation, MPLS PW ATM Cell Header, MPLS PW ATM Control Word, MPLS PW ATM N-to-One encapsulation, no CW, MPLS PW ATM N-to-One encapsulation, with CW, MPLS PW ATM One-to-One or AAL5 PDU encapsulation, Multiple Stream Reservation Protocol, NetPerfMeter Protocol, NetScaler Trace, NexusWare C7 MTP, NSN FLIP, OMRON FINS Protocol, packetbb Protocol, Peer Network Resolution Protocol, PKIX Attribute Certificate, Pseudowire Padding, Server/Application State Protocol, Solaris IPNET, TN3270 Protocol, TN5250 Protocol, TRILL, Twisted Banana, UMTS FP Hint, UMTS MAC, UMTS Metadata, UMTS RLC, USB HID, USB HUB, UTRAN Iuh interface HNBAP signalling, UTRAN Iuh interface RUA signalling, V5.2, Vendor Specific Control Protocol, Vendor Specific Network Protocol, VMware Lab Manager, VXI-11 Asynchronous Abort, VXI-11 Core Protocol, VXI-11 Interrupt, X.411 Message Access Service, ZigBee Cluster Library - Updated Protocol Support There are too many to list here. - New and Updated Capture File Support Accellent 5Views, ASN.1 Basic Encoding Rules, Catapult DCT2000, Daintree SNA, Endace ERF, EyeSDN, Gammu DCT3 trace, IBM iSeries, JPEG/JFIF, libpcap, Lucent/Ascend access server trace, NetScaler, PacketLogger, pcapng, Shomiti/Finisar Surveyor, Sun snoop, Symbian OS btsnoop, Visual Networks Pkgsrc changes: A fix for the security vulnerability reported in SA41535 has been integrated from the Wireshark SVN repository. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ae was added on branch pkgsrc-2010Q2 on 2010-09-28 05:36:59 +0000 @ text @d1 116 @ 1.1.2.2 log @Pullup ticket 3232 - requested by tron security update Revisions pulled up: - pkgsrc/net/wireshark/Makefile 1.52 - pkgsrc/net/wireshark/PLIST 1.19 - pkgsrc/net/wireshark/distinfo 1.34 - pkgsrc/net/wireshark/patches/patch-ad 1.6 Files added: - pkgsrc/net/wireshark/patches/patch-ae ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Sat Sep 25 11:19:10 UTC 2010 Modified Files: pkgsrc/net/wireshark: Makefile PLIST distinfo pkgsrc/net/wireshark/patches: patch-ad Added Files: pkgsrc/net/wireshark/patches: patch-ae Log Message: Update "wireshark" package to version 1.4.0. Change since version 1.2.10: - The following bugs have been fixed: - Update time display in background. (Bug 1275) - Tshark returns 0 even with an invalid interface or capture filter. (Bug 4735) - The following features are new (or have been significantly updated) since version 1.2: - The packet list internals have been rewritten and are now more efficient. - Columns are easier to use. You can add a protocol field as a column by right-clicking on its packet detail item, and you can adjust some column preferences by right-clicking the column header. - Preliminary Python scripting support has been added. - Many memory leaks have been fixed. - Packets can now be ignored (excluded from dissection), similar to the way they can be marked. - Manual IP address resolution is now supported. - Columns with seconds can now be displayed as hours, minutes and seconds. - You can now set the capture buffer size on UNIX and Linux if you have libpcap 1.0.0 or greater. - TShark no longer needs elevated privileges on UNIX or Linux to list interfaces. Only dumpcap requires privileges now. - Wireshark and TShark can enable 802.11 monitor mode directly if you have libpcap 1.0.0 or greater. - You can play RTP streams directly from the RTP Analysis window. - Capinfos and editcap now respectively support time order checking and forcing. - Wireshark now has a "jump to timestamp" command-line option. - You can open JPEG files directly in Wireshark. - New Protocol Support 3GPP Nb Interface RTP Multiplex, Access Node Control Protocol, Apple Network-MIDI Session Protocol, ARUBA encapsulated remote mirroring, Assa Abloy R3, Asynchronous Transfer Mode, B.A.T.M.A.N. Advanced Protocol, Bluetooth AMP Packet, Bluetooth OBEX, Bundle Protocol, CIP Class Generic, CIP Connection Configuration Object, CIP Connection Manager, CIP Message Router, collectd network data, Control And Provisioning of Wireless Access Points, Controller Area Network, Device Level Ring, DOCSIS Bonded Initial Ranging Message, Dropbox LAN sync Discovery Protocol, Dropbox LAN sync Protocol, DTN TCP Convergence Layer Protocol, EtherCAT Switch Link, Fibre Channel Delimiters, File Replication Service DFS-R, Gateway Load Balancing Protocol, Gigamon Header, GigE Vision Control Protocol, Git Smart Protocol, GSM over IP ip.access CCM sub-protocol, GSM over IP protocol as used by ip.access, GSM Radiotap, HI2Operations, Host Identity Protocol, HP encapsulated remote mirroring, HP NIC Teaming Heartbeat, IEC61850 Sampled Values, IEEE 1722 Protocol, InfiniBand Link, Interlink Protocol, IPv6 over IEEE 802.15.4, ISO 10035-1 OSI Connectionless Association Control Service, ISO 9548-1 OSI Connectionless Session Protocol, ISO 9576-1 OSI Connectionless Presentation Protocol, ITU-T Q.708 ISPC Analysis, Juniper Packet Mirror, Licklider Transmission Protocol, MPLS PW ATM AAL5 CPCS-SDU mode encapsulation, MPLS PW ATM Cell Header, MPLS PW ATM Control Word, MPLS PW ATM N-to-One encapsulation, no CW, MPLS PW ATM N-to-One encapsulation, with CW, MPLS PW ATM One-to-One or AAL5 PDU encapsulation, Multiple Stream Reservation Protocol, NetPerfMeter Protocol, NetScaler Trace, NexusWare C7 MTP, NSN FLIP, OMRON FINS Protocol, packetbb Protocol, Peer Network Resolution Protocol, PKIX Attribute Certificate, Pseudowire Padding, Server/Application State Protocol, Solaris IPNET, TN3270 Protocol, TN5250 Protocol, TRILL, Twisted Banana, UMTS FP Hint, UMTS MAC, UMTS Metadata, UMTS RLC, USB HID, USB HUB, UTRAN Iuh interface HNBAP signalling, UTRAN Iuh interface RUA signalling, V5.2, Vendor Specific Control Protocol, Vendor Specific Network Protocol, VMware Lab Manager, VXI-11 Asynchronous Abort, VXI-11 Core Protocol, VXI-11 Interrupt, X.411 Message Access Service, ZigBee Cluster Library - Updated Protocol Support There are too many to list here. - New and Updated Capture File Support Accellent 5Views, ASN.1 Basic Encoding Rules, Catapult DCT2000, Daintree SNA, Endace ERF, EyeSDN, Gammu DCT3 trace, IBM iSeries, JPEG/JFIF, libpcap, Lucent/Ascend access server trace, NetScaler, PacketLogger, pcapng, Shomiti/Finisar Surveyor, Sun snoop, Symbian OS btsnoop, Visual Networks Pkgsrc changes: A fix for the security vulnerability reported in SA41535 has been integrated from the Wireshark SVN repository. To generate a diff of this commit: cvs rdiff -u -r1.51 -r1.52 pkgsrc/net/wireshark/Makefile cvs rdiff -u -r1.18 -r1.19 pkgsrc/net/wireshark/PLIST cvs rdiff -u -r1.33 -r1.34 pkgsrc/net/wireshark/distinfo cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/wireshark/patches/patch-ad cvs rdiff -u -r0 -r1.1 pkgsrc/net/wireshark/patches/patch-ae @ text @a0 116 $NetBSD: patch-ae,v 1.1 2010/09/25 11:19:10 tron Exp $ Fix for SA41535 taken from here: http://anonsvn.wireshark.org/viewvc?view=rev&revision=34111 --- epan/dissectors/packet-ber.c.orig 2010-08-29 23:17:07.000000000 +0100 +++ epan/dissectors/packet-ber.c 2010-09-25 11:53:33.000000000 +0100 @@@@ -200,6 +200,14 @@@@ { 0, NULL } }; +/* + * Set a limit on recursion so we don't blow away the stack. Another approach + * would be to remove recursion completely but then we'd exhaust CPU+memory + * trying to read a hellabyte of nested indefinite lengths. + * XXX - Max nesting in the ASN.1 plugin is 32. Should they match? + */ +#define BER_MAX_NESTING 500 + static const true_false_string ber_real_binary_vals = { "Binary encoding", "Decimal encoding" @@@@ -422,7 +430,8 @@@@ return offset; } -int dissect_unknown_ber(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree) +static int +try_dissect_unknown_ber(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree, gint nest_level) { int start_offset; gint8 class; @@@@ -438,6 +447,11 @@@@ proto_item *pi, *cause; asn1_ctx_t asn1_ctx; + if (nest_level > BER_MAX_NESTING) { + /* Assume that we have a malformed packet. */ + THROW(ReportedBoundsError); + } + start_offset=offset; asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo); @@@@ -500,7 +514,7 @@@@ } item = proto_tree_add_item(tree, hf_ber_unknown_BER_OCTETSTRING, tvb, offset, len, FALSE); next_tree = proto_item_add_subtree(item, ett_ber_octet_string); - offset = dissect_unknown_ber(pinfo, tvb, offset, next_tree); + offset = try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1); } } if (!is_decoded_as) { @@@@ -585,7 +599,7 @@@@ is_decoded_as = TRUE; proto_item_append_text (pi, "[BER encoded]"); next_tree = proto_item_add_subtree(pi, ett_ber_primitive); - offset = dissect_unknown_ber(pinfo, tvb, offset, next_tree); + offset = try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1); } } @@@@ -632,7 +646,7 @@@@ next_tree=proto_item_add_subtree(item, ett_ber_SEQUENCE); } while(offset < (int)(start_offset + len + hdr_len)) - offset=dissect_unknown_ber(pinfo, tvb, offset, next_tree); + offset=try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1); break; case BER_CLASS_APP: case BER_CLASS_CON: @@@@ -643,7 +657,7 @@@@ next_tree=proto_item_add_subtree(item, ett_ber_SEQUENCE); } while(offset < (int)(start_offset + len + hdr_len)) - offset=dissect_unknown_ber(pinfo, tvb, offset, next_tree); + offset=try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1); break; } @@@@ -654,6 +668,11 @@@@ return offset; } +int +dissect_unknown_ber(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree) +{ + return try_dissect_unknown_ber(pinfo, tvb, offset, tree, 1); +} int call_ber_oid_callback(const char *oid, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree) @@@@ -853,13 +872,6 @@@@ */ /* 8.1.3 Length octets */ -/* - * Set a limit on recursion so we don't blow away the stack. Another approach - * would be to remove recursion completely but then we'd exhaust CPU+memory - * trying to read a hellabyte of nested indefinite lengths. - * XXX - Max nesting in the ASN.1 plugin is 32. Should they match? - */ -#define BER_MAX_INDEFINITE_NESTING 500 static int try_get_ber_length(tvbuff_t *tvb, int offset, guint32 *length, gboolean *ind, gint nest_level) { guint8 oct, len; @@@@ -873,7 +885,7 @@@@ tmp_length = 0; tmp_ind = FALSE; - if (nest_level > BER_MAX_INDEFINITE_NESTING) { + if (nest_level > BER_MAX_NESTING) { /* Assume that we have a malformed packet. */ THROW(ReportedBoundsError); } @