Tue Sep 4 23:08:38 2012 UTC ()
Add fir for the remote DoS vulnerability reported in CVE-2012-3548 taken
from the Wireshark SVN repository.


(tron)
diff -r1.83 -r1.84 pkgsrc/net/wireshark/Makefile
diff -r1.58 -r1.59 pkgsrc/net/wireshark/distinfo
diff -r0 -r1.1 pkgsrc/net/wireshark/patches/patch-CVE-2012-3548
cvs diff -r1.83 -r1.84 pkgsrc/net/wireshark/Makefile (switch to unified diff)

--- pkgsrc/net/wireshark/Makefile 2012/08/20 12:21:53 1.83
+++ pkgsrc/net/wireshark/Makefile 2012/09/04 23:08:38 1.84
@@ -1,58 +1,58 @@ @@ -1,58 +1,58 @@
1# $NetBSD: Makefile,v 1.83 2012/08/20 12:21:53 tron Exp $ 1# $NetBSD: Makefile,v 1.84 2012/09/04 23:08:38 tron Exp $
2 2
3DISTNAME= wireshark-1.8.2 3DISTNAME= wireshark-1.8.2
4PKGREVISION= 1 4PKGREVISION= 2
5CATEGORIES= net 5CATEGORIES= net
6MASTER_SITES= http://www.wireshark.org/download/src/ \ 6MASTER_SITES= http://www.wireshark.org/download/src/ \
7 ${MASTER_SITE_SOURCEFORGE:=wireshark/} 7 ${MASTER_SITE_SOURCEFORGE:=wireshark/}
8EXTRACT_SUFX= .tar.bz2 8EXTRACT_SUFX= .tar.bz2
9 9
10OWNER= tron@NetBSD.org 10OWNER= tron@NetBSD.org
11HOMEPAGE= http://www.wireshark.org/ 11HOMEPAGE= http://www.wireshark.org/
12COMMENT= Network protocol analyzer 12COMMENT= Network protocol analyzer
13LICENSE= gnu-gpl-v2 13LICENSE= gnu-gpl-v2
14 14
15PKG_DESTDIR_SUPPORT= user-destdir 15PKG_DESTDIR_SUPPORT= user-destdir
16 16
17CONFLICTS+= ethereal-[0-9]* 17CONFLICTS+= ethereal-[0-9]*
18 18
19USE_LANGUAGES= c c++ 19USE_LANGUAGES= c c++
20USE_TOOLS+= gmake perl pkg-config yacc lex 20USE_TOOLS+= gmake perl pkg-config yacc lex
21 21
22USE_LIBTOOL= YES 22USE_LIBTOOL= YES
23SHLIBTOOL_OVERRIDE= # empty 23SHLIBTOOL_OVERRIDE= # empty
24CHECK_PORTABILITY_SKIP+= packaging/macosx/*/* 24CHECK_PORTABILITY_SKIP+= packaging/macosx/*/*
25 25
26GNU_CONFIGURE= YES 26GNU_CONFIGURE= YES
27CONFIGURE_ARGS+= --enable-static=no 27CONFIGURE_ARGS+= --enable-static=no
28CONFIGURE_ARGS+= --enable-threads 28CONFIGURE_ARGS+= --enable-threads
29CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q} 29CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q}
30CONFIGURE_ARGS+= --with-pcap=${BUILDLINK_PREFIX.libpcap} 30CONFIGURE_ARGS+= --with-pcap=${BUILDLINK_PREFIX.libpcap}
31CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib} 31CONFIGURE_ARGS+= --with-zlib=${BUILDLINK_PREFIX.zlib}
32CONFIGURE_ARGS+= --with-pcre=${BUILDLINK_PREFIX.pcre} 32CONFIGURE_ARGS+= --with-pcre=${BUILDLINK_PREFIX.pcre}
33CONFIGURE_ENV+= ac_cv_path_YACCDUMMY=${TOOLS_PATH.yacc} 33CONFIGURE_ENV+= ac_cv_path_YACCDUMMY=${TOOLS_PATH.yacc}
34CONFIGURE_ENV+= ac_cv_path_LEXDUMMY=${TOOLS_PATH.lex} 34CONFIGURE_ENV+= ac_cv_path_LEXDUMMY=${TOOLS_PATH.lex}
35 35
36PTHREAD_OPTS+= require 36PTHREAD_OPTS+= require
37 37
38.include "../../mk/bsd.prefs.mk" 38.include "../../mk/bsd.prefs.mk"
39.include "options.mk" 39.include "options.mk"
40 40
41.if !empty(MACHINE_PLATFORM:MDarwin-[567].*-*) 41.if !empty(MACHINE_PLATFORM:MDarwin-[567].*-*)
42USE_BUILTIN.libpcap= no 42USE_BUILTIN.libpcap= no
43.endif 43.endif
44 44
45# wireshark no longer builds with NetBSD 3.x provided zlib 45# wireshark no longer builds with NetBSD 3.x provided zlib
46BUILDLINK_API_DEPENDS.zlib=zlib>=1.2.1 46BUILDLINK_API_DEPENDS.zlib=zlib>=1.2.1
47 47
48.include "../../devel/glib2/buildlink3.mk" 48.include "../../devel/glib2/buildlink3.mk"
49.include "../../devel/pcre/buildlink3.mk" 49.include "../../devel/pcre/buildlink3.mk"
50.include "../../devel/zlib/buildlink3.mk" 50.include "../../devel/zlib/buildlink3.mk"
51.include "../../net/libpcap/buildlink3.mk" 51.include "../../net/libpcap/buildlink3.mk"
52.include "../../devel/libsmi/buildlink3.mk" 52.include "../../devel/libsmi/buildlink3.mk"
53.include "../../security/libgcrypt/buildlink3.mk" 53.include "../../security/libgcrypt/buildlink3.mk"
54.include "../../security/gnutls/buildlink3.mk" 54.include "../../security/gnutls/buildlink3.mk"
55.include "../../security/openssl/buildlink3.mk" 55.include "../../security/openssl/buildlink3.mk"
56 56
57.include "../../mk/pthread.buildlink3.mk" 57.include "../../mk/pthread.buildlink3.mk"
58.include "../../mk/bsd.pkg.mk" 58.include "../../mk/bsd.pkg.mk"
cvs diff -r1.58 -r1.59 pkgsrc/net/wireshark/distinfo (switch to unified diff)

--- pkgsrc/net/wireshark/distinfo 2012/08/20 08:34:44 1.58
+++ pkgsrc/net/wireshark/distinfo 2012/09/04 23:08:38 1.59
@@ -1,13 +1,14 @@ @@ -1,13 +1,14 @@
1$NetBSD: distinfo,v 1.58 2012/08/20 08:34:44 christos Exp $ 1$NetBSD: distinfo,v 1.59 2012/09/04 23:08:38 tron Exp $
2 2
3SHA1 (wireshark-1.8.2.tar.bz2) = 4737d9745dbf002444ea42615243abf3bb80b943 3SHA1 (wireshark-1.8.2.tar.bz2) = 4737d9745dbf002444ea42615243abf3bb80b943
4RMD160 (wireshark-1.8.2.tar.bz2) = 5fece857d5187b146a690fda111a0611e108c2a9 4RMD160 (wireshark-1.8.2.tar.bz2) = 5fece857d5187b146a690fda111a0611e108c2a9
5Size (wireshark-1.8.2.tar.bz2) = 24121798 bytes 5Size (wireshark-1.8.2.tar.bz2) = 24121798 bytes
 6SHA1 (patch-CVE-2012-3548) = 0d72d0e485ed09e1c28bd85bf1f06aa390be4981
6SHA1 (patch-aa) = 78b9c01d7ecc272f1188a3fb8cfb806c8a040f6d 7SHA1 (patch-aa) = 78b9c01d7ecc272f1188a3fb8cfb806c8a040f6d
7SHA1 (patch-ab) = 5ae79916603f04c2d362c764d39f0c99728e716c 8SHA1 (patch-ab) = 5ae79916603f04c2d362c764d39f0c99728e716c
8SHA1 (patch-ac) = 4e985520ea4b118aea6fc001f256b5de96de7840 9SHA1 (patch-ac) = 4e985520ea4b118aea6fc001f256b5de96de7840
9SHA1 (patch-ae) = 7af195e797f8636a9636d30cdea4ee464fd853df 10SHA1 (patch-ae) = 7af195e797f8636a9636d30cdea4ee464fd853df
10SHA1 (patch-ba) = f2fa69d1254b94c7b6b28d5e056c211a019d1db9 11SHA1 (patch-ba) = f2fa69d1254b94c7b6b28d5e056c211a019d1db9
11SHA1 (patch-bb) = 9379f67c2f5d1c63aa0b2c597ef789336db78352 12SHA1 (patch-bb) = 9379f67c2f5d1c63aa0b2c597ef789336db78352
12SHA1 (patch-bc) = 052ede4ba58502117fe7b355e22a906ff65b773e 13SHA1 (patch-bc) = 052ede4ba58502117fe7b355e22a906ff65b773e
13SHA1 (patch-ca) = 08c4ae23739fbec238b02a2d0398b4a157f9c077 14SHA1 (patch-ca) = 08c4ae23739fbec238b02a2d0398b4a157f9c077
File Added: pkgsrc/net/wireshark/patches/Attic/patch-CVE-2012-3548
$NetBSD: patch-CVE-2012-3548,v 1.1 2012/09/04 23:08:38 tron Exp $

Fix for the remote DoS security vulnerability reported in CVE-2012-3548.
The patch was taken from the Wireshark SVN repository:

http://anonsvn.wireshark.org/viewvc?view=revision&revision=44749

--- epan/dissectors/packet-drda.c.orig	2012-06-05 17:33:38.000000000 +0100
+++ epan/dissectors/packet-drda.c	2012-09-04 21:38:12.000000000 +0100
@@ -55,6 +55,7 @@
 #include <epan/packet.h>
 #include <epan/conversation.h>
 #include <epan/prefs.h>
+#include <epan/expert.h>
 #include "packet-tcp.h"
 
 static int proto_drda = -1;
@@ -696,6 +697,10 @@
     {
         iCommand = tvb_get_ntohs(tvb, offset + 8);
         iLength = tvb_get_ntohs(tvb, offset + 0);
+        if (iLength < 10) {
+            expert_add_info_format(pinfo, NULL, PI_MALFORMED, PI_ERROR, "Invalid length detected (%u): should be at least 10 bytes long", iLength);
+            break;
+        }
         /* iCommandEnd is the length of the packet up to the end of the current command */
         iCommandEnd += iLength;