Package: wireshark / 1.8.2-5wheezy18
Metadata
Package | Version | Patches format |
---|---|---|
wireshark | 1.8.2-5wheezy18 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
01_idl2deb.patch | (download) |
idl2deb |
216 216 + 0 - 0 ! |
idl2deb - create debian packages from idl2wrs modules |
02_asn2deb.patch | (download) |
asn2deb |
219 219 + 0 - 0 ! |
asn2deb - create debian packages from asn.1 files |
03_preferences.patch | (download) |
epan/prefs.c |
2 1 + 1 - 0 ! |
use debian sensible-browser |
04_asn2wrs_ply.patch | (download) |
tools/asn2wrs.py |
4 2 + 2 - 0 ! |
use lex/yacc from ply |
05_note README when running as root.patch | (download) |
ui/gtk/main.c |
2 1 + 1 - 0 ! |
note about readme.debian when running wireshark as root. |
06_release version.patch | (download) |
Makefile.am |
2 1 + 1 - 0 ! |
don't regenerate svnversion.h |
08_wireshark desktop menu.patch | (download) |
wireshark.desktop |
5 3 + 2 - 0 ! |
change icon and categories for desktop file |
09_idl2wrs.patch | (download) |
tools/idl2wrs |
34 0 + 34 - 0 ! |
do not try to locate wireshark_be.py and wireshark_gen.py in non-standard places. |
16_licence_about_location.patch | (download) |
ui/gtk/about_dlg.c |
2 1 + 1 - 0 ! |
change location of license file in about dialog |
17_fix_from_1.8.3_fix_HSRP_crash.patch | (download) |
epan/dissectors/packet-hsrp.c |
10 9 + 1 - 0 ! |
[patch 1/4] revert r41311, fix bug #7581 svn path=/trunk/; revision=44454 |
17_fix_from_1.8.3_fix_infinite_loop_in_DRDA_dissector.patch | (download) |
epan/dissectors/packet-drda.c |
5 5 + 0 - 0 ! |
[patch 3/4] fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666 : Check that DRDA command has a minimum length of 10 bytes to prevent a potential infinite loop svn path=/trunk/; revision=44749 |
17_fix_from_1.8.3_fix_LDP_crash.patch | (download) |
epan/dissectors/packet-ldp.c |
20 13 + 7 - 0 ! |
[patch 4/4] from aditya ambadkar via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7046 : Fix CID 703472 and (external) fuzz failure 7567: The dissect_subtlv_interface_parameters is missing the handling of BFD 2..4. For the crash patch, we decided to add the bfd2..4 in dissect_tlc function(in |
17_fix_from_1.8.3_fix_PPP_crash.patch | (download) |
epan/dissectors/packet-ppp.c |
2 1 + 1 - 0 ! |
[patch 2/4] fix bug #7668 Use correct field type for lcp.opt.oui svn path=/trunk/; revision=44688 |
18_fix_from_1.8.5_fix_CNLP_crash.patch | (download) |
epan/dissectors/packet-clnp.c |
39 22 + 17 - 0 ! |
[patch 06/16] copy over: revision 46646 - clean up white space. Add a return where I presume it was intended to be - a 4-octet address is completely handled in that if clause, so there's no reason to fall through. Fix a comment. |
19_fix_from_1.8.5_fix_DTN_crash.patch | (download) |
epan/dissectors/packet-dtn.c |
13 7 + 6 - 0 ! |
[patch 07/16] fix the fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945 (or at least the complaints from Valgrind; I couldn't reproduce the crash). What part of: ~~~ * If you're thinking of using tvb_get_ptr, STOP WHAT YOU ARE DOING * IMMEDIATELY. Go take a break. Consider that tvb_get_ptr hands you * a raw, unprotected pointer that you can easily use to create a * security vulnerability or otherwise crash Wireshark. Then consider * that you can probably find a function elsewhere in this file that * does exactly what you want in a much more safe and robust manner. ~~~ did someone not read? Use tvb_get_ephemeral_stringz() instead of adding (apparently not sufficiently checked!) offsets to the result of tvb_get_ptr() and assuming that the result is a) in bounds and b) a NULL-terminated string. svn path=/trunk/; revision=46577 |
20_fix_from_1.8.5_fix_DTN_crash 2.patch | (download) |
epan/dissectors/packet-dtn.c |
12 7 + 5 - 0 ! |
[patch 08/16] get rid of another tvb_get_ptr() abuse (just like |
21_fix_from_1.8.5_fix_MS MMC_crash.patch | (download) |
epan/tvbuff.c |
4 4 + 0 - 0 ! |
[patch 09/16] check the length parameter for tvb_get_unicode_string() and tvb_get_ephemeral_unicode_string(), throw an exception for invalid lengths (including -1, but length==-1 does not work for other tvb string functions either) I believe this is the proper fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8112 svn path=/trunk/; revision=46705 |
22_fix_from_1.8.5_fix_MS MMC_crash 2.patch | (download) |
epan/tvbuff.c |
49 8 + 41 - 0 ! |
[patch 10/16] copy over:revision 46705, revision 43266, revision 43263 svn path=/trunk-1.8/; revision=46760 |
23_fix_from_1.8.5_fix_DTLS_crash.patch | (download) |
epan/reassemble.c |
38 33 + 5 - 0 ! |
[patch 11/16] from evan: sanity checks before setting a packet's total length in fragment_set_tot_len() (from me: check if fragments exist for the given id) hopefully, this fixes #8111 and #8163 without causing troubles for other protocols that use fragmentation and reassembly svn path=/trunk/; revision=46999 |
24_fix_from_1.8.5_fix_ROHC_crash.patch | (download) |
epan/dissectors/packet-rohc.c |
8 5 + 3 - 0 ! |
[patch 12/16] fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7679: Do not try to set IR header length when the profile is unknown svn path=/trunk/; revision=44700 |
25_fix_from_1.8.5_fix_DCP ETSI_crash.patch | (download) |
epan/dissectors/packet-dcp-etsi.c |
16 11 + 5 - 0 ! |
[patch 13/16] copy over from trunk: |
26_fix_from_1.8.5_fix_dissector_crash.patch | (download) |
epan/proto.c |
1 1 + 0 - 0 ! |
[patch 14/16] copy over r47114 by hand. |
27_fix_from_1.8.5_fix_dissector_crash 2.patch | (download) |
epan/proto.c |
1 1 + 0 - 0 ! |
[patch 15/16] take a wild guess at what might be causing https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197 It can't hurt, in any case. svn path=/trunk/; revision=47084 |
28_fix_from_1.8.5_fix_NTLMSSP_crash.patch | (download) |
epan/dissectors/packet-ntlmssp.c |
2 1 + 1 - 0 ! |
[patch 16/16] prevent copying longer than expected ntlm ssp key svn path=/trunk/; revision=47248 |
29_fix_from_1.8.6_fix_TCP_crash.patch | (download) |
epan/dissectors/packet-tcp.c |
2 1 + 1 - 0 ! |
[patch 01/10] manually rediscover r43185 to fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274 svn path=/trunk-1.8/; revision=47381 |
30_fix_from_1.8.6_fix_CSN.1_crash.patch | (download) |
epan/dissectors/packet-csn1.c |
36 18 + 18 - 0 ! |
[patch 02/10] backport with non-trivial manual intervention to fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8383 |
31_fix_from_1.8.6_fix_MS MMS_crash.patch | (download) |
epan/dissectors/packet-ms-mms.c |
26 22 + 4 - 0 ! |
[patch 03/10] backport the workaround with manual intervention: |
32_fix_from_1.8.6_fix_RTPS_RTPS2_crash.patch | (download) |
epan/dissectors/packet-rtps.c |
5 3 + 2 - 0 ! |
[patch 04/10] fix potential buffer overflow in rtps and rtps2 dissectors by allocating enough memory to fit the "indentation space". Bug 8332 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8332) svn path=/trunk/; revision=47658 |
33_fix_from_1.8.6_fix_Mount_crash.patch | (download) |
epan/dissectors/packet-mount.c |
2 1 + 1 - 0 ! |
[patch 05/10] from alyssa milburn via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335 Make length field unsigned so that negative values fail the bounds check and throw a regular exception before getting passed to glib (where they cause a program-ending assert failure instead). svn path=/trunk/; revision=47672 |
34_fix_from_1.8.6_fix_ACN_crash.patch | (download) |
epan/dissectors/packet-acn.c |
4 2 + 2 - 0 ! |
[patch 06/10] from alyssa milburn: this patch adds a check for a zero count to the existing sanity check code. From me: In addition drop superfluous sanity check. svn path=/trunk/; revision=47692 |
35_fix_from_1.8.6_fix_CIMD_crash.patch | (download) |
epan/dissectors/packet-cimd.c |
6 3 + 3 - 0 ! |
[patch 07/10] bugfix dos in cimd dissector. bug 8346 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8346) svn path=/trunk/; revision=47708 |
36_fix_from_1.8.6_fix_DTLS_crash.patch | (download) |
epan/dissectors/packet-dtls.c |
2 1 + 1 - 0 ! |
[patch] copy over revisions from the trunk: |
37_fix_from_1.8.6_fix_DTLS_crash 2.patch | (download) |
epan/dissectors/packet-frame.c |
17 17 + 0 - 0 ! |
[patch 10/10] manually backport more of r48011. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8441 for 1.8 branch. svn path=/trunk-1.8/; revision=48132 |
38_fix_from_1.8.7_fix_GTPv2_crash.patch | (download) |
epan/dissectors/packet-gtpv2.c |
16 8 + 8 - 0 ! |
[patch 1/7] fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8493 : Use proto_tree_add_item instead of proto_tree_add_bits_item to display Used Cipher svn path=/trunk/; revision=48393 Conflicts: epan/dissectors/packet-gtpv2.c |
39_fix_from_1.8.7_fix_ASN.1_crash.patch | (download) |
epan/dissectors/packet-ber.c |
7 4 + 3 - 0 ! |
[patch 2/7] copy over with manual intervention: |
40_fix_from_1.8.7_fix_PPP_crash.patch | (download) |
epan/dissectors/packet-ppp.c |
3 2 + 1 - 0 ! |
[patch 3/7] null terminate bit field list. bug 8638 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8638) svn path=/trunk/; revision=49214 |
41_fix_from_1.8.7_fix_DCP ETSI_crash.patch | (download) |
epan/dissectors/packet-dcp-etsi.c |
4 1 + 3 - 0 ! |
[patch 4/7] dcp-etsi dissector: new formula for rx_min bug 8231 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8231) svn path=/trunk/; revision=47295 |
42_fix_from_1.8.7_fix_DCP ETSI_crash 2.patch | (download) |
epan/dissectors/packet-dcp-etsi.c |
6 3 + 3 - 0 ! |
[patch 5/7] bump two guint16 to guint32 to prevent overflow when reassembling a large number of fragments, and add an extra bounds check. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8540 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8541 svn path=/trunk/; revision=48644 |
43_fix_from_1.8.7_fix_MPEG DSM CC_crash.patch | (download) |
epan/dissectors/packet-mpeg-dsmcc.c |
2 1 + 1 - 0 ! |
[patch 6/7] fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8481 Trivially wrong format string being passed to val_to_str(). svn path=/trunk/; revision=48332 Conflicts: epan/dissectors/packet-mpeg-dsmcc.c |
44_fix_from_1.8.7_fix_Websocket_crash.patch | (download) |
epan/dissectors/packet-websocket.c |
6 3 + 3 - 0 ! |
[patch 7/7] change some ints to guints (as they already are in trunk) so that negative values don't falsely pass the bounds checks and cause a crash. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499 svn path=/trunk-1.8/; revision=48419 |
45_fix_from_1.8.8_fix_CAPWAP_crash.patch | (download) |
epan/dissectors/packet-capwap.c |
6 5 + 1 - 0 ! |
[patch 2/8] don't pass the return value of tvb_length_remaining() to fragment_add_check(), as it might have been -1. Fixes Coverity CID 280510: Improper use of negative value. svn path=/trunk/; revision=43716 |
46_fix_from_1.8.8_fix_GMR 1 BCCH_crash.patch | (download) |
epan/dissectors/packet-gmr1_bcch.c |
2 2 + 0 - 0 ! |
[patch 4/8] from sylvain munaut via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664 : packet-gmr1_bcch: Add guards in the SI1/2 choice of segment Although the CSN1 dissector itself will just stop if there is no matching segment, it will leave the choice field uninitizalized and so when we use it to fill some other text, it crashes ... To protect against that, we put a last choice entry that will always match. As a bonus, it triggers an explicit error in CSN so you know something is wrong. svn path=/trunk/; revision=44674 |
47_fix_from_1.8.8_fix_PPP_crash.patch | (download) |
epan/dissectors/packet-ppp.c |
91 43 + 48 - 0 ! |
[patch 3/8] fix potential buffer overflow crash; (bug #7880). rework code logic slightly so same code path (and tests) used whether or not 'if(tree)'. svn path=/trunk/; revision=46128 |
48_fix_from_1.8.8_fix_NBAP_crash.patch | (download) |
asn1/nbap/nbap.cnf |
6 4 + 2 - 0 ! |
[patch 1/8] don't access nbap_dch_chnl_info if the index is > maxNrOfDCHs svn path=/trunk/; revision=49418 Conflicts: epan/dissectors/packet-nbap.c |
49_fix_from_1.8.8_fix_RDP_crash.patch | (download) |
epan/dissectors/packet-rdp.c |
70 35 + 35 - 0 ! |
[patch 5/8] manually backport parts of |
50_fix_from_1.8.8_fix_HTTP_crash.patch | (download) |
epan/dissectors/packet-http.c |
28 21 + 7 - 0 ! |
[patch 6/8] fix the infinite recursion problem reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733 : We can't solely rely on the port in the URI to determine whether we will be recursively called by decode_tcp_ports(). Instead also check the conversation entry too: if we find that we are the subdissector for this conversation (which we might be--without the port being in our list of ports--if we heuristically picked up the conversation or the user did Decode-As), just bail out and dissect the payload as data. svn path=/trunk/; revision=49623 |
51_fix_from_1.8.8_fix_Ixia IxVeriWave_crash.patch | (download) |
wiretap/vwr.c |
8 7 + 1 - 0 ! |
[patch 7/8] fix the wiretap fuzz failure reported in https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760 : Check that the record length we got out of the file is at least as big as stats block trailer; if not, declare the file bad. svn path=/trunk/; revision=49739 |
52_fix_from_1.8.8_fix_DCP ETSI_crash.patch | (download) |
epan/dissectors/packet-dcp-etsi.c |
3 2 + 1 - 0 ! |
[patch 8/8] from myself and julian cable via (and fixing) https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717 Don't add a DCP-ETSI fragment for reassembly if the length is wrong. svn path=/trunk/; revision=49802 |
53_fix_from_1.8.9_fix_DVB CI_crash.patch | (download) |
epan/dissectors/packet-dvbci.c |
12 8 + 4 - 0 ! |
[patch 1/4] fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8916 reported by Laurent Butti a TPDU's length field must never be 0 this length field was decremented without prior checking, allocating length-1 bytes of memory caused a dissector assert svn path=/trunk/; revision=50474 |
54_fix_from_1.8.9_fix_GSM A_crash.patch | (download) |
epan/dissectors/packet-gsm_a_common.c |
96 72 + 24 - 0 ! |
[patch 2/4] copy over with manual intervention: |
55_fix_from_1.8.9_fix_Netmon_crash.patch | (download) |
wiretap/netmon.c |
10 9 + 1 - 0 ! |
[patch 3/4] copy over r49697 with manual intervention: |
56_fix_from_1.8.9_fix_PER_crash.patch | (download) |
epan/dissectors/packet-per.c |
3 3 + 0 - 0 ! |
[patch 4/4] ensure that the length parameter to dissect_per_length_determinant is initialized even in cases where we error or otherwise fail to dissect. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8722 Thanks to Pascal for his help digging through this one. svn path=/trunk/; revision=49985 |
57_fix_from_1.8.10_fix_Netmon_crash.patch | (download) |
wiretap/netmon.c |
4 0 + 4 - 0 ! |
[patch 1/4] from peter hatina via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9104 Fix double-free on corrupt netmon file. Wiretap frees the struct for us, we don't need to free it as well. svn path=/trunk-1.8/; revision=51781 |
58_fix_from_1.8.10_fix_Netmon_crash 2.patch | (download) |
epan/filesystem.c |
43 43 + 0 - 0 ! |
[patch 2/4] copy over r49673 from the trunk: |
59_fix_from_1.8.10_fix_LDAP_and_RTPS_crash.patch | (download) |
asn1/ldap/packet-ldap-template.c |
4 3 + 1 - 0 ! |
[patch 3/4] copy over revisions from the trunk: |
60_fix_from_1.8.10_fix_NBAP_crash.patch | (download) |
asn1/nbap/nbap.cnf |
3 2 + 1 - 0 ! |
[patch 4/4] copy over revisions from trunk: |
61_fix_from_1.8.11_fix_IEEE 802.15.4_crash.patch | (download) |
epan/dissectors/packet-ieee802154.c |
4 2 + 2 - 0 ! |
[patch 1/4] _lookup_extended takes a pointer to the key-pointer since it has to set the old key pointer value. _insert just takes the key-pointer, not a pointer to it. Passing a pointer-to-a-pointer causes the outer pointer to be dereferenced as a struct (when it in fact points to a pointer to struct) and leads to incorrect behaviour and uninitialized/out-of-bounds memory accesses. Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139 svn path=/trunk/; revision=52036 |
62_fix_from_1.8.11_fix_NBAP_crash.patch | (download) |
asn1/nbap/nbap.cnf |
2 1 + 1 - 0 ! |
[patch 2/4] copy over r52154 by hand: |
63_fix_from_1.8.11_fix_SIP_crash.patch | (download) |
epan/dissectors/packet-sip.c |
19 14 + 5 - 0 ! |
[patch 3/4] fix https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228 : Ensure that decompressed tvb exists before trying to add it to the tree svn path=/trunk/; revision=52354 |
64_fix_from_1.8.11_fix_TCP_crash.patch | (download) |
epan/dissectors/packet-tcp.c |
14 7 + 7 - 0 ! |
[patch 4/4] copy over r52570 with manual intervention: |