Bug#975932: buster-pu: package wireshark/2.6.20-0+deb10u1
Attached is an update with 2 more CVEs fixed.
Thanks
Adrian
On Thu, Nov 26, 2020 at 10:38:09PM +0200, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: buster
> User: release.debian.org@packages.debian.org
> Usertags: pu
>
> This update fixes the 14 non-dsa CVEs in buster by upgrading
> to 2.6.20 (12 CVEs fixed) plus two fixes for additional CVEs.
>
> Wireshark is a package where upstream is followed,
> and will likely eventually be upgraded to a 3.x release
> in a DSA at some point in the future. That's why this
> pu request updates to the final 2.6 release (on top of
> the last 2.6 release that was in unstable) instead of
> backporting all CVE fixes.
>
> The attached debdiff only includes changes to debian/
diff -Nru wireshark-2.6.8/debian/changelog wireshark-2.6.20/debian/changelog
--- wireshark-2.6.8/debian/changelog 2019-05-27 17:08:44.000000000 +0300
+++ wireshark-2.6.20/debian/changelog 2021-01-30 15:55:58.000000000 +0200
@@ -1,3 +1,48 @@
+wireshark (2.6.20-0+deb10u1) buster; urgency=medium
+
+ * Non-maintainer upload.
+ * New upstream version including the following security fixes:
+ - CVE-2019-16319: The Gryphon dissector could go into an infinite loop.
+ - CVE-2019-19553: The CMS dissector could crash.
+ - CVE-2020-7045: The BT ATT dissector could crash.
+ - CVE-2020-9428: The EAP dissector could crash.
+ - CVE-2020-9430: The WiMax DLMAP dissector could crash.
+ - CVE-2020-9431: The LTE RRC dissector could leak memory.
+ - CVE-2020-11647: The BACapp dissector could crash. (Closes: #958213)
+ - CVE-2020-13164: The NFS dissector could crash.
+ - CVE-2020-15466: The GVCP dissector could go into an infinite loop.
+ - CVE-2020-25862: The TCP dissector could crash.
+ - CVE-2020-25863: The MIME Multipart dissector could crash.
+ * Adjust 17_libdir_location.patch for context changes.
+ * Since Wireshark 2.6.14 tests are run automatically by debhelper,
+ backport the build fix and making test failures non-fatal.
+ * CVE-2020-26575: The Facebook Zero Protocol (aka FBZERO) dissector
+ could enter an infinite loop. (Closes: #974688)
+ * CVE-2020-28030: The GQUIC dissector could crash. (Closes: #974689)
+ * CVE-2020-26418: Memory leak in the Kafka protocol dissector.
+ * CVE-2020-26421: Crash in USB HID protocol dissector.
+
+ -- Adrian Bunk <bunk@debian.org> Sat, 30 Jan 2021 15:55:58 +0200
+
+wireshark (2.6.10-1) unstable; urgency=medium
+
+ * New upstream version 2.6.10
+ - security fixes:
+ - ASN.1 BER and related dissectors crash (CVE-2019-13619)
+ - fix QIcon crash on exit on Ubuntu 16.04 with Qt 5.5.1 (LP: #1803808)
+ * debian/gitlab-ci.yml: User minimal reference configuration
+
+ -- Balint Reczey <rbalint@ubuntu.com> Wed, 17 Jul 2019 23:23:05 +0200
+
+wireshark (2.6.9-1) unstable; urgency=medium
+
+ * Acknowledge NMU
+ * New upstream version 2.6.9
+ * Drop obsolete CVE-2019-12295.patch
+ * Refresh patches
+
+ -- Balint Reczey <rbalint@ubuntu.com> Thu, 30 May 2019 22:13:15 +0200
+
wireshark (2.6.8-1.1) unstable; urgency=medium
* Non-maintainer upload.
diff -Nru wireshark-2.6.8/debian/gitlab-ci.yml wireshark-2.6.20/debian/gitlab-ci.yml
--- wireshark-2.6.8/debian/gitlab-ci.yml 2019-05-27 17:00:57.000000000 +0300
+++ wireshark-2.6.20/debian/gitlab-ci.yml 2019-07-18 00:23:05.000000000 +0300
@@ -1,13 +1,3 @@
-include: https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
-
-build:
- extends: .build-unstable
-
-lintian:
- extends: .test-lintian
-
-autopkgtest:
- extends: .test-autopkgtest
-
-piuparts:
- extends: .test-piuparts
+include:
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+ - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
diff -Nru wireshark-2.6.8/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch wireshark-2.6.20/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch
--- wireshark-2.6.8/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch 1970-01-01 02:00:00.000000000 +0200
+++ wireshark-2.6.20/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch 2021-01-28 17:16:49.000000000 +0200
@@ -0,0 +1,54 @@
+From 831746a8f08053a18f54ea1aa2e1084586a2d0ab Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Thu, 5 Nov 2020 17:37:13 -0800
+Subject: epan: Limit our bits in decode_bits_in_field.
+
+Limit the number of bits we process in decode_bits_in_field, otherwise
+we'll overrun our buffer. Fixes #16958.
+---
+ epan/to_str.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/epan/to_str.c b/epan/to_str.c
+index eaa8b28793..9dd7a2e588 100644
+--- a/epan/to_str.c
++++ b/epan/to_str.c
+@@ -935,13 +935,13 @@ rel_time_to_secs_str(wmem_allocator_t *scope, const nstime_t *rel_time)
+ char *
+ decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const guint64 value)
+ {
+- guint64 mask = 0,tmp;
++ guint64 mask;
+ char *str;
+ int bit, str_p = 0;
+ int i;
++ int max_bits = MIN(64, no_of_bits);
+
+- mask = 1;
+- mask = mask << (no_of_bits-1);
++ mask = G_GUINT64_CONSTANT(1) << (max_bits-1);
+
+ /* Prepare the string, 256 pos for the bits and zero termination, + 64 for the spaces */
+ str=(char *)wmem_alloc0(wmem_packet_scope(), 256+64);
+@@ -955,7 +955,7 @@ decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const guint6
+ }
+
+ /* read the bits for the int */
+- for(i=0;i<no_of_bits;i++){
++ for(i=0;i<max_bits;i++){
+ if(bit&&(!(bit%4))){
+ str[str_p] = ' ';
+ str_p++;
+@@ -965,8 +965,7 @@ decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const guint6
+ str_p++;
+ }
+ bit++;
+- tmp = value & mask;
+- if(tmp != 0){
++ if((value & mask) != 0){
+ str[str_p] = '1';
+ str_p++;
+ } else {
+--
+2.20.1
+
diff -Nru wireshark-2.6.8/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch wireshark-2.6.20/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch
--- wireshark-2.6.8/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch 1970-01-01 02:00:00.000000000 +0200
+++ wireshark-2.6.20/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch 2020-11-26 21:21:18.000000000 +0200
@@ -0,0 +1,63 @@
+From 3ff940652962c099b73ae3233322b8697b0d10ab Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Fri, 2 Oct 2020 12:42:03 -0700
+Subject: FBZERO: Make sure our offset advances.
+
+Make sure our offset advances so that we don't infinitely loop.
+Fixes #16887.
+---
+ epan/dissectors/packet-fbzero.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/epan/dissectors/packet-fbzero.c b/epan/dissectors/packet-fbzero.c
+index 16ffb63cf1..132079cfaa 100644
+--- a/epan/dissectors/packet-fbzero.c
++++ b/epan/dissectors/packet-fbzero.c
+@@ -66,6 +66,7 @@ static gint ett_fb_zero_tag_value = -1;
+ static expert_field ei_fb_zero_tag_undecoded = EI_INIT;
+ static expert_field ei_fb_zero_tag_length = EI_INIT;
+ static expert_field ei_fb_zero_tag_unknown = EI_INIT;
++static expert_field ei_fb_zero_length_invalid = EI_INIT;
+
+ #define FBZERO_MIN_LENGTH 3
+
+@@ -261,18 +262,26 @@ dissect_fb_zero_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *fb_zero_tree,
+ "Dissector for FB Zero Tag"
+ " %s (%s) code not implemented, Contact"
+ " Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown"));
+- tag_offset += tag_len;
++ goto end;
+ break;
+ }
+
+ if(tag_offset != offset_end){
+ /* Wrong Tag len... */
+ proto_tree_add_expert(tag_tree, pinfo, &ei_fb_zero_tag_unknown, tvb, tag_offset_start + tag_offset, offset_end - tag_offset);
+- tag_offset = offset_end;
++ // XXX Return instead?
++ goto end;
+ }
+
+ tag_number--;
+ }
++
++ end:
++ if (offset + total_tag_len <= offset) {
++ expert_add_info_format(pinfo, fb_zero_tree, &ei_fb_zero_length_invalid,
++ "Invalid total tag length: %u", total_tag_len);
++ return offset + tvb_reported_length_remaining(tvb, offset);
++ }
+ return offset + total_tag_len;
+
+ }
+@@ -562,6 +571,7 @@ proto_register_fb_zero(void)
+ { &ei_fb_zero_tag_undecoded, { "fb_zero.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for FB Zero Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }},
+ { &ei_fb_zero_tag_length, { "fb_zero.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }},
+ { &ei_fb_zero_tag_unknown, { "fb_zero.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }},
++ { &ei_fb_zero_length_invalid, { "fb_zero.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid length", EXPFILL }},
+ };
+
+ expert_module_t *expert_fb_zero;
+--
+2.20.1
+
diff -Nru wireshark-2.6.8/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch wireshark-2.6.20/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch
--- wireshark-2.6.8/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch 1970-01-01 02:00:00.000000000 +0200
+++ wireshark-2.6.20/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch 2020-11-26 21:21:18.000000000 +0200
@@ -0,0 +1,58 @@
+From 7dd685e4c0b7d049695b302f2cce732cdf15085c Mon Sep 17 00:00:00 2001
+From: Richard Smith <pcy190@126.com>
+Date: Sat, 10 Oct 2020 18:25:57 +0800
+Subject: GQUIC: make sure our tag offset advances.
+
+Make sure gquic tag offset advances so that we don't infinitely loop.
+---
+ epan/dissectors/packet-gquic.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/epan/dissectors/packet-gquic.c b/epan/dissectors/packet-gquic.c
+index 581499d7d0..955301b91f 100644
+--- a/epan/dissectors/packet-gquic.c
++++ b/epan/dissectors/packet-gquic.c
+@@ -185,6 +185,7 @@ static expert_field ei_gquic_tag_undecoded = EI_INIT;
+ static expert_field ei_gquic_tag_length = EI_INIT;
+ static expert_field ei_gquic_tag_unknown = EI_INIT;
+ static expert_field ei_gquic_version_invalid = EI_INIT;
++static expert_field ei_gquic_length_invalid = EI_INIT;
+
+ typedef struct gquic_info_data {
+ guint8 version;
+@@ -1604,7 +1605,7 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, gui
+ "Dissector for (Google) QUIC Tag"
+ " %s (%s) code not implemented, Contact"
+ " Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown"));
+- tag_offset += tag_len;
++ goto end;
+ break;
+ }
+ if(tag_offset != offset_end){
+@@ -1615,6 +1616,13 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, gui
+
+ tag_number--;
+ }
++
++ end:
++ if (offset + total_tag_len <= offset) {
++ expert_add_info_format(pinfo, gquic_tree, &ei_gquic_length_invalid,
++ "Invalid total tag length: %u", total_tag_len);
++ return offset + tvb_reported_length_remaining(tvb, offset);
++ }
+ return offset + total_tag_len;
+
+ }
+@@ -2873,7 +2881,8 @@ proto_register_gquic(void)
+ { &ei_gquic_tag_undecoded, { "gquic.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for (Google)QUIC Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }},
+ { &ei_gquic_tag_length, { "gquic.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }},
+ { &ei_gquic_tag_unknown, { "gquic.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }},
+- { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }}
++ { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }},
++ { &ei_gquic_length_invalid, { "gquic.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid Length", EXPFILL }}
+ };
+
+ expert_module_t *expert_gquic;
+--
+2.20.1
+
diff -Nru wireshark-2.6.8/debian/patches/0002-Kafka-Limit-our-decompression-size.patch wireshark-2.6.20/debian/patches/0002-Kafka-Limit-our-decompression-size.patch
--- wireshark-2.6.8/debian/patches/0002-Kafka-Limit-our-decompression-size.patch 1970-01-01 02:00:00.000000000 +0200
+++ wireshark-2.6.20/debian/patches/0002-Kafka-Limit-our-decompression-size.patch 2021-01-28 17:16:49.000000000 +0200
@@ -0,0 +1,66 @@
+From 280d58409c9a3503a631ef4f6255880d5a365e65 Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Tue, 1 Dec 2020 12:00:13 -0800
+Subject: Kafka: Limit our decompression size.
+
+Don't assume that the Internet has our best interests at heart when it
+gives us the size of our decompression buffer. Assign an arbitrary limit
+of 50 MB.
+
+This fixes #16739 in that it takes care of
+
+** (process:17681): WARNING **: 20:03:07.440: Dissector bug, protocol Kafka, in packet 31: ../epan/proto.c:7043: failed assertion "end >= fi->start"
+
+which is different from the original error output. It looks like *that*
+might have taken care of in one of the other recent Kafka bug fixes.
+
+The decompression routines return a success or failure status. Use
+gbooleans instead of ints for that.
+---
+ epan/dissectors/packet-kafka.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c
+index d4afc54b88..377e10c42d 100644
+--- a/epan/dissectors/packet-kafka.c
++++ b/epan/dissectors/packet-kafka.c
+@@ -146,6 +146,7 @@ static expert_field ei_kafka_unsupported_api_version = EI_INIT;
+ static expert_field ei_kafka_message_decompress = EI_INIT;
+ static expert_field ei_kafka_bad_string_length = EI_INIT;
+ static expert_field ei_kafka_bad_bytes_length = EI_INIT;
++static expert_field ei_kafka_bad_decompression_length = EI_INIT;
+
+ typedef gint16 kafka_api_key_t;
+ typedef gint16 kafka_api_version_t;
+@@ -682,6 +683,7 @@ static void show_compression_reduction(tvbuff_t *tvb, proto_tree *tree, guint co
+ }
+ }
+
++#define MAX_DECOMPRESSION_SIZE (50 * 1000 * 1000) // Arbitrary
+ static int
+ dissect_kafka_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int start_offset)
+ {
+@@ -720,6 +722,11 @@ dissect_kafka_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int s
+
+ offset = dissect_kafka_bytes(subtree, hf_kafka_message_key, tvb, pinfo, offset, NULL, &bytes_length);
+
++ if (bytes_length > MAX_DECOMPRESSION_SIZE) {
++ expert_add_info(pinfo, NULL, &ei_kafka_bad_decompression_length);
++ return FALSE;
++ }
++
+ switch (codec) {
+ case KAFKA_MESSAGE_CODEC_GZIP:
+ raw = kafka_get_bytes(subtree, tvb, pinfo, offset);
+@@ -4192,6 +4199,8 @@ proto_register_kafka(void)
+ { "kafka.bad_string_length", PI_MALFORMED, PI_WARN, "Invalid string length field", EXPFILL }},
+ { &ei_kafka_bad_bytes_length,
+ { "kafka.bad_bytes_length", PI_MALFORMED, PI_WARN, "Invalid byte length field", EXPFILL }},
++ { &ei_kafka_bad_decompression_length,
++ { "kafka.ei_kafka_bad_decompression_length", PI_MALFORMED, PI_WARN, "Decompression size too large", EXPFILL }},
+ };
+
+ module_t *kafka_module;
+--
+2.20.1
+
diff -Nru wireshark-2.6.8/debian/patches/0003-Kafka-Decrease-our-maximum-decompression-buffer-size.patch wireshark-2.6.20/debian/patches/0003-Kafka-Decrease-our-maximum-decompression-buffer-size.patch
--- wireshark-2.6.8/debian/patches/0003-Kafka-Decrease-our-maximum-decompression-buffer-size.patch 1970-01-01 02:00:00.000000000 +0200
+++ wireshark-2.6.20/debian/patches/0003-Kafka-Decrease-our-maximum-decompression-buffer-size.patch 2021-01-28 17:16:49.000000000 +0200
@@ -0,0 +1,29 @@
+From 406fa493d2a141b67ae4ffbdc20716eea64d9b3c Mon Sep 17 00:00:00 2001
+From: Gerald Combs <gerald@wireshark.org>
+Date: Tue, 8 Dec 2020 09:00:37 -0800
+Subject: Kafka: Decrease our maximum decompression buffer size.
+
+https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/record/KafkaLZ4BlockOutputStream.java
+maxes out at 2^22, so use that.
+---
+ epan/dissectors/packet-kafka.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c
+index 377e10c42d..35f2aeaac3 100644
+--- a/epan/dissectors/packet-kafka.c
++++ b/epan/dissectors/packet-kafka.c
+@@ -683,7 +683,9 @@ static void show_compression_reduction(tvbuff_t *tvb, proto_tree *tree, guint co
+ }
+ }
+
+-#define MAX_DECOMPRESSION_SIZE (50 * 1000 * 1000) // Arbitrary
++// Max is currently 2^22 in
++// https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/record/KafkaLZ4BlockOutputStream.java
++#define MAX_DECOMPRESSION_SIZE (1 << 22)
+ static int
+ dissect_kafka_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int start_offset)
+ {
+--
+2.20.1
+
diff -Nru wireshark-2.6.8/debian/patches/03_no_version_in_gtk_title.patch wireshark-2.6.20/debian/patches/03_no_version_in_gtk_title.patch
--- wireshark-2.6.8/debian/patches/03_no_version_in_gtk_title.patch 2019-05-27 17:00:57.000000000 +0300
+++ wireshark-2.6.20/debian/patches/03_no_version_in_gtk_title.patch 2019-07-18 00:23:05.000000000 +0300
@@ -1,6 +1,6 @@
--- a/epan/prefs.c
+++ b/epan/prefs.c
-@@ -4108,7 +4108,7 @@
+@@ -4105,7 +4105,7 @@
prefs.gui_prepend_window_title = g_strdup("");
g_free(prefs.gui_start_title);
prefs.gui_start_title = g_strdup("The World's Most Popular Network Protocol Analyzer");
diff -Nru wireshark-2.6.8/debian/patches/17_libdir_location.patch wireshark-2.6.20/debian/patches/17_libdir_location.patch
--- wireshark-2.6.8/debian/patches/17_libdir_location.patch 2019-05-27 17:00:57.000000000 +0300
+++ wireshark-2.6.20/debian/patches/17_libdir_location.patch 2020-11-26 21:21:18.000000000 +0200
@@ -5,7 +5,7 @@
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
-@@ -1477,7 +1477,7 @@
+@@ -1473,7 +1473,7 @@
set( prefix "${CMAKE_INSTALL_PREFIX}" )
set( exec_prefix "\${prefix}" )
@@ -23,5 +23,5 @@
-set(Wireshark_LIB_DIR "@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@")
+set(Wireshark_LIB_DIR "@CMAKE_INSTALL_LIBDIR@")
set(Wireshark_INCLUDE_DIR "@CMAKE_INSTALL_PREFIX@/include/wireshark")
- set(Wireshark_CMAKE_MODULES_DIR "@CMAKE_INSTALL_MODULES_DIR@")
+ set(Wireshark_CMAKE_MODULES_DIR "@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_MODULES_DIR@")
diff -Nru wireshark-2.6.8/debian/patches/CVE-2019-12295.patch wireshark-2.6.20/debian/patches/CVE-2019-12295.patch
--- wireshark-2.6.8/debian/patches/CVE-2019-12295.patch 2019-05-27 17:07:19.000000000 +0300
+++ wireshark-2.6.20/debian/patches/CVE-2019-12295.patch 1970-01-01 02:00:00.000000000 +0200
@@ -1,42 +0,0 @@
-Description: CVE-2019-12295
- In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14,
- the dissection engine could crash. This was addressed in
- epan/packet.c by restricting the number of layers and
- consequently limiting recursion.
-Origin: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
-Bug-Debian: https://bugs.debian.org/929446
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---- a/epan/packet.c
-+++ b/epan/packet.c
-@@ -725,6 +725,13 @@
- call_dissector_work_error(dissector_handle_t handle, tvbuff_t *tvb,
- packet_info *pinfo_arg, proto_tree *tree, void *);
-
-+/*
-+ * XXX packet_info.curr_layer_num is a guint8 and *_MAX_RECURSION_DEPTH is
-+ * 100 elsewhere in the code. We should arguably use the same value here,
-+ * but using that makes suite_wslua.case_wslua.test_wslua_dissector_fpm fail.
-+ */
-+#define PINFO_LAYER_MAX_RECURSION_DEPTH 500
-+
- static int
- call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo_arg,
- proto_tree *tree, gboolean add_proto_name, void *data)
-@@ -747,6 +754,7 @@
- saved_proto = pinfo->current_proto;
- saved_can_desegment = pinfo->can_desegment;
- saved_layers_len = wmem_list_count(pinfo->layers);
-+ DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
-
- /*
- * can_desegment is set to 2 by anyone which offers the
-@@ -2675,6 +2683,8 @@
- saved_layers_len = wmem_list_count(pinfo->layers);
- *heur_dtbl_entry = NULL;
-
-+ DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH);
-+
- for (entry = sub_dissectors->dissectors; entry != NULL;
- entry = g_slist_next(entry)) {
- /* XXX - why set this now and above? */
diff -Nru wireshark-2.6.8/debian/patches/series wireshark-2.6.20/debian/patches/series
--- wireshark-2.6.8/debian/patches/series 2019-05-27 17:03:48.000000000 +0300
+++ wireshark-2.6.20/debian/patches/series 2021-01-30 15:55:58.000000000 +0200
@@ -4,4 +4,8 @@
09_idl2wrs.patch
16_licence_about_location.patch
17_libdir_location.patch
-CVE-2019-12295.patch
+0001-FBZERO-Make-sure-our-offset-advances.patch
+0001-GQUIC-make-sure-our-tag-offset-advances.patch
+0001-epan-Limit-our-bits-in-decode_bits_in_field.patch
+0002-Kafka-Limit-our-decompression-size.patch
+0003-Kafka-Decrease-our-maximum-decompression-buffer-size.patch
diff -Nru wireshark-2.6.8/debian/rules wireshark-2.6.20/debian/rules
--- wireshark-2.6.8/debian/rules 2019-05-27 17:00:57.000000000 +0300
+++ wireshark-2.6.20/debian/rules 2020-11-26 21:21:18.000000000 +0200
@@ -88,6 +88,10 @@
debian/wireshark-dev/usr/share/pyshared/wireshark_be.py \
debian/wireshark-dev/usr/share/pyshared/wireshark_gen.py
+override_dh_auto_test:
+ $(MAKE) -C obj-* test-programs
+ -dh_auto_test
+
override_dh_clean:
test ! -f version.conf.bak || mv version.conf.bak version.conf
dh_clean
Reply to: