Attached is an update with 2 more CVEs fixed. Thanks Adrian
On Thu, Nov 26, 2020 at 10:38:09PM +0200, Adrian Bunk wrote: > Package: release.debian.org > Severity: normal > Tags: buster > User: release.debian....@packages.debian.org > Usertags: pu > > This update fixes the 14 non-dsa CVEs in buster by upgrading > to 2.6.20 (12 CVEs fixed) plus two fixes for additional CVEs. > > Wireshark is a package where upstream is followed, > and will likely eventually be upgraded to a 3.x release > in a DSA at some point in the future. That's why this > pu request updates to the final 2.6 release (on top of > the last 2.6 release that was in unstable) instead of > backporting all CVE fixes. > > The attached debdiff only includes changes to debian/
diff -Nru wireshark-2.6.8/debian/changelog wireshark-2.6.20/debian/changelog --- wireshark-2.6.8/debian/changelog 2019-05-27 17:08:44.000000000 +0300 +++ wireshark-2.6.20/debian/changelog 2021-01-30 15:55:58.000000000 +0200 @@ -1,3 +1,48 @@ +wireshark (2.6.20-0+deb10u1) buster; urgency=medium + + * Non-maintainer upload. + * New upstream version including the following security fixes: + - CVE-2019-16319: The Gryphon dissector could go into an infinite loop. + - CVE-2019-19553: The CMS dissector could crash. + - CVE-2020-7045: The BT ATT dissector could crash. + - CVE-2020-9428: The EAP dissector could crash. + - CVE-2020-9430: The WiMax DLMAP dissector could crash. + - CVE-2020-9431: The LTE RRC dissector could leak memory. + - CVE-2020-11647: The BACapp dissector could crash. (Closes: #958213) + - CVE-2020-13164: The NFS dissector could crash. + - CVE-2020-15466: The GVCP dissector could go into an infinite loop. + - CVE-2020-25862: The TCP dissector could crash. + - CVE-2020-25863: The MIME Multipart dissector could crash. + * Adjust 17_libdir_location.patch for context changes. + * Since Wireshark 2.6.14 tests are run automatically by debhelper, + backport the build fix and making test failures non-fatal. + * CVE-2020-26575: The Facebook Zero Protocol (aka FBZERO) dissector + could enter an infinite loop. (Closes: #974688) + * CVE-2020-28030: The GQUIC dissector could crash. (Closes: #974689) + * CVE-2020-26418: Memory leak in the Kafka protocol dissector. + * CVE-2020-26421: Crash in USB HID protocol dissector. + + -- Adrian Bunk <b...@debian.org> Sat, 30 Jan 2021 15:55:58 +0200 + +wireshark (2.6.10-1) unstable; urgency=medium + + * New upstream version 2.6.10 + - security fixes: + - ASN.1 BER and related dissectors crash (CVE-2019-13619) + - fix QIcon crash on exit on Ubuntu 16.04 with Qt 5.5.1 (LP: #1803808) + * debian/gitlab-ci.yml: User minimal reference configuration + + -- Balint Reczey <rbal...@ubuntu.com> Wed, 17 Jul 2019 23:23:05 +0200 + +wireshark (2.6.9-1) unstable; urgency=medium + + * Acknowledge NMU + * New upstream version 2.6.9 + * Drop obsolete CVE-2019-12295.patch + * Refresh patches + + -- Balint Reczey <rbal...@ubuntu.com> Thu, 30 May 2019 22:13:15 +0200 + wireshark (2.6.8-1.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru wireshark-2.6.8/debian/gitlab-ci.yml wireshark-2.6.20/debian/gitlab-ci.yml --- wireshark-2.6.8/debian/gitlab-ci.yml 2019-05-27 17:00:57.000000000 +0300 +++ wireshark-2.6.20/debian/gitlab-ci.yml 2019-07-18 00:23:05.000000000 +0300 @@ -1,13 +1,3 @@ -include: https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml - -build: - extends: .build-unstable - -lintian: - extends: .test-lintian - -autopkgtest: - extends: .test-autopkgtest - -piuparts: - extends: .test-piuparts +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml diff -Nru wireshark-2.6.8/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch wireshark-2.6.20/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch --- wireshark-2.6.8/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch 1970-01-01 02:00:00.000000000 +0200 +++ wireshark-2.6.20/debian/patches/0001-epan-Limit-our-bits-in-decode_bits_in_field.patch 2021-01-28 17:16:49.000000000 +0200 @@ -0,0 +1,54 @@ +From 831746a8f08053a18f54ea1aa2e1084586a2d0ab Mon Sep 17 00:00:00 2001 +From: Gerald Combs <ger...@wireshark.org> +Date: Thu, 5 Nov 2020 17:37:13 -0800 +Subject: epan: Limit our bits in decode_bits_in_field. + +Limit the number of bits we process in decode_bits_in_field, otherwise +we'll overrun our buffer. Fixes #16958. +--- + epan/to_str.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/epan/to_str.c b/epan/to_str.c +index eaa8b28793..9dd7a2e588 100644 +--- a/epan/to_str.c ++++ b/epan/to_str.c +@@ -935,13 +935,13 @@ rel_time_to_secs_str(wmem_allocator_t *scope, const nstime_t *rel_time) + char * + decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const guint64 value) + { +- guint64 mask = 0,tmp; ++ guint64 mask; + char *str; + int bit, str_p = 0; + int i; ++ int max_bits = MIN(64, no_of_bits); + +- mask = 1; +- mask = mask << (no_of_bits-1); ++ mask = G_GUINT64_CONSTANT(1) << (max_bits-1); + + /* Prepare the string, 256 pos for the bits and zero termination, + 64 for the spaces */ + str=(char *)wmem_alloc0(wmem_packet_scope(), 256+64); +@@ -955,7 +955,7 @@ decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const guint6 + } + + /* read the bits for the int */ +- for(i=0;i<no_of_bits;i++){ ++ for(i=0;i<max_bits;i++){ + if(bit&&(!(bit%4))){ + str[str_p] = ' '; + str_p++; +@@ -965,8 +965,7 @@ decode_bits_in_field(const guint bit_offset, const gint no_of_bits, const guint6 + str_p++; + } + bit++; +- tmp = value & mask; +- if(tmp != 0){ ++ if((value & mask) != 0){ + str[str_p] = '1'; + str_p++; + } else { +-- +2.20.1 + diff -Nru wireshark-2.6.8/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch wireshark-2.6.20/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch --- wireshark-2.6.8/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch 1970-01-01 02:00:00.000000000 +0200 +++ wireshark-2.6.20/debian/patches/0001-FBZERO-Make-sure-our-offset-advances.patch 2020-11-26 21:21:18.000000000 +0200 @@ -0,0 +1,63 @@ +From 3ff940652962c099b73ae3233322b8697b0d10ab Mon Sep 17 00:00:00 2001 +From: Gerald Combs <ger...@wireshark.org> +Date: Fri, 2 Oct 2020 12:42:03 -0700 +Subject: FBZERO: Make sure our offset advances. + +Make sure our offset advances so that we don't infinitely loop. +Fixes #16887. +--- + epan/dissectors/packet-fbzero.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/epan/dissectors/packet-fbzero.c b/epan/dissectors/packet-fbzero.c +index 16ffb63cf1..132079cfaa 100644 +--- a/epan/dissectors/packet-fbzero.c ++++ b/epan/dissectors/packet-fbzero.c +@@ -66,6 +66,7 @@ static gint ett_fb_zero_tag_value = -1; + static expert_field ei_fb_zero_tag_undecoded = EI_INIT; + static expert_field ei_fb_zero_tag_length = EI_INIT; + static expert_field ei_fb_zero_tag_unknown = EI_INIT; ++static expert_field ei_fb_zero_length_invalid = EI_INIT; + + #define FBZERO_MIN_LENGTH 3 + +@@ -261,18 +262,26 @@ dissect_fb_zero_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *fb_zero_tree, + "Dissector for FB Zero Tag" + " %s (%s) code not implemented, Contact" + " Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown")); +- tag_offset += tag_len; ++ goto end; + break; + } + + if(tag_offset != offset_end){ + /* Wrong Tag len... */ + proto_tree_add_expert(tag_tree, pinfo, &ei_fb_zero_tag_unknown, tvb, tag_offset_start + tag_offset, offset_end - tag_offset); +- tag_offset = offset_end; ++ // XXX Return instead? ++ goto end; + } + + tag_number--; + } ++ ++ end: ++ if (offset + total_tag_len <= offset) { ++ expert_add_info_format(pinfo, fb_zero_tree, &ei_fb_zero_length_invalid, ++ "Invalid total tag length: %u", total_tag_len); ++ return offset + tvb_reported_length_remaining(tvb, offset); ++ } + return offset + total_tag_len; + + } +@@ -562,6 +571,7 @@ proto_register_fb_zero(void) + { &ei_fb_zero_tag_undecoded, { "fb_zero.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for FB Zero Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }}, + { &ei_fb_zero_tag_length, { "fb_zero.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }}, + { &ei_fb_zero_tag_unknown, { "fb_zero.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }}, ++ { &ei_fb_zero_length_invalid, { "fb_zero.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid length", EXPFILL }}, + }; + + expert_module_t *expert_fb_zero; +-- +2.20.1 + diff -Nru wireshark-2.6.8/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch wireshark-2.6.20/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch --- wireshark-2.6.8/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch 1970-01-01 02:00:00.000000000 +0200 +++ wireshark-2.6.20/debian/patches/0001-GQUIC-make-sure-our-tag-offset-advances.patch 2020-11-26 21:21:18.000000000 +0200 @@ -0,0 +1,58 @@ +From 7dd685e4c0b7d049695b302f2cce732cdf15085c Mon Sep 17 00:00:00 2001 +From: Richard Smith <pcy...@126.com> +Date: Sat, 10 Oct 2020 18:25:57 +0800 +Subject: GQUIC: make sure our tag offset advances. + +Make sure gquic tag offset advances so that we don't infinitely loop. +--- + epan/dissectors/packet-gquic.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/epan/dissectors/packet-gquic.c b/epan/dissectors/packet-gquic.c +index 581499d7d0..955301b91f 100644 +--- a/epan/dissectors/packet-gquic.c ++++ b/epan/dissectors/packet-gquic.c +@@ -185,6 +185,7 @@ static expert_field ei_gquic_tag_undecoded = EI_INIT; + static expert_field ei_gquic_tag_length = EI_INIT; + static expert_field ei_gquic_tag_unknown = EI_INIT; + static expert_field ei_gquic_version_invalid = EI_INIT; ++static expert_field ei_gquic_length_invalid = EI_INIT; + + typedef struct gquic_info_data { + guint8 version; +@@ -1604,7 +1605,7 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, gui + "Dissector for (Google) QUIC Tag" + " %s (%s) code not implemented, Contact" + " Wireshark developers if you want this supported", tvb_get_string_enc(wmem_packet_scope(), tvb, offset-8, 4, ENC_ASCII|ENC_NA), val_to_str(tag, tag_vals, "Unknown")); +- tag_offset += tag_len; ++ goto end; + break; + } + if(tag_offset != offset_end){ +@@ -1615,6 +1616,13 @@ dissect_gquic_tag(tvbuff_t *tvb, packet_info *pinfo, proto_tree *gquic_tree, gui + + tag_number--; + } ++ ++ end: ++ if (offset + total_tag_len <= offset) { ++ expert_add_info_format(pinfo, gquic_tree, &ei_gquic_length_invalid, ++ "Invalid total tag length: %u", total_tag_len); ++ return offset + tvb_reported_length_remaining(tvb, offset); ++ } + return offset + total_tag_len; + + } +@@ -2873,7 +2881,8 @@ proto_register_gquic(void) + { &ei_gquic_tag_undecoded, { "gquic.tag.undecoded", PI_UNDECODED, PI_NOTE, "Dissector for (Google)QUIC Tag code not implemented, Contact Wireshark developers if you want this supported", EXPFILL }}, + { &ei_gquic_tag_length, { "gquic.tag.length.truncated", PI_MALFORMED, PI_NOTE, "Truncated Tag Length...", EXPFILL }}, + { &ei_gquic_tag_unknown, { "gquic.tag.unknown.data", PI_UNDECODED, PI_NOTE, "Unknown Data", EXPFILL }}, +- { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }} ++ { &ei_gquic_version_invalid, { "gquic.version.invalid", PI_MALFORMED, PI_ERROR, "Invalid Version", EXPFILL }}, ++ { &ei_gquic_length_invalid, { "gquic.length.invalid", PI_PROTOCOL, PI_WARN, "Invalid Length", EXPFILL }} + }; + + expert_module_t *expert_gquic; +-- +2.20.1 + diff -Nru wireshark-2.6.8/debian/patches/0002-Kafka-Limit-our-decompression-size.patch wireshark-2.6.20/debian/patches/0002-Kafka-Limit-our-decompression-size.patch --- wireshark-2.6.8/debian/patches/0002-Kafka-Limit-our-decompression-size.patch 1970-01-01 02:00:00.000000000 +0200 +++ wireshark-2.6.20/debian/patches/0002-Kafka-Limit-our-decompression-size.patch 2021-01-28 17:16:49.000000000 +0200 @@ -0,0 +1,66 @@ +From 280d58409c9a3503a631ef4f6255880d5a365e65 Mon Sep 17 00:00:00 2001 +From: Gerald Combs <ger...@wireshark.org> +Date: Tue, 1 Dec 2020 12:00:13 -0800 +Subject: Kafka: Limit our decompression size. + +Don't assume that the Internet has our best interests at heart when it +gives us the size of our decompression buffer. Assign an arbitrary limit +of 50 MB. + +This fixes #16739 in that it takes care of + +** (process:17681): WARNING **: 20:03:07.440: Dissector bug, protocol Kafka, in packet 31: ../epan/proto.c:7043: failed assertion "end >= fi->start" + +which is different from the original error output. It looks like *that* +might have taken care of in one of the other recent Kafka bug fixes. + +The decompression routines return a success or failure status. Use +gbooleans instead of ints for that. +--- + epan/dissectors/packet-kafka.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c +index d4afc54b88..377e10c42d 100644 +--- a/epan/dissectors/packet-kafka.c ++++ b/epan/dissectors/packet-kafka.c +@@ -146,6 +146,7 @@ static expert_field ei_kafka_unsupported_api_version = EI_INIT; + static expert_field ei_kafka_message_decompress = EI_INIT; + static expert_field ei_kafka_bad_string_length = EI_INIT; + static expert_field ei_kafka_bad_bytes_length = EI_INIT; ++static expert_field ei_kafka_bad_decompression_length = EI_INIT; + + typedef gint16 kafka_api_key_t; + typedef gint16 kafka_api_version_t; +@@ -682,6 +683,7 @@ static void show_compression_reduction(tvbuff_t *tvb, proto_tree *tree, guint co + } + } + ++#define MAX_DECOMPRESSION_SIZE (50 * 1000 * 1000) // Arbitrary + static int + dissect_kafka_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int start_offset) + { +@@ -720,6 +722,11 @@ dissect_kafka_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int s + + offset = dissect_kafka_bytes(subtree, hf_kafka_message_key, tvb, pinfo, offset, NULL, &bytes_length); + ++ if (bytes_length > MAX_DECOMPRESSION_SIZE) { ++ expert_add_info(pinfo, NULL, &ei_kafka_bad_decompression_length); ++ return FALSE; ++ } ++ + switch (codec) { + case KAFKA_MESSAGE_CODEC_GZIP: + raw = kafka_get_bytes(subtree, tvb, pinfo, offset); +@@ -4192,6 +4199,8 @@ proto_register_kafka(void) + { "kafka.bad_string_length", PI_MALFORMED, PI_WARN, "Invalid string length field", EXPFILL }}, + { &ei_kafka_bad_bytes_length, + { "kafka.bad_bytes_length", PI_MALFORMED, PI_WARN, "Invalid byte length field", EXPFILL }}, ++ { &ei_kafka_bad_decompression_length, ++ { "kafka.ei_kafka_bad_decompression_length", PI_MALFORMED, PI_WARN, "Decompression size too large", EXPFILL }}, + }; + + module_t *kafka_module; +-- +2.20.1 + diff -Nru wireshark-2.6.8/debian/patches/0003-Kafka-Decrease-our-maximum-decompression-buffer-size.patch wireshark-2.6.20/debian/patches/0003-Kafka-Decrease-our-maximum-decompression-buffer-size.patch --- wireshark-2.6.8/debian/patches/0003-Kafka-Decrease-our-maximum-decompression-buffer-size.patch 1970-01-01 02:00:00.000000000 +0200 +++ wireshark-2.6.20/debian/patches/0003-Kafka-Decrease-our-maximum-decompression-buffer-size.patch 2021-01-28 17:16:49.000000000 +0200 @@ -0,0 +1,29 @@ +From 406fa493d2a141b67ae4ffbdc20716eea64d9b3c Mon Sep 17 00:00:00 2001 +From: Gerald Combs <ger...@wireshark.org> +Date: Tue, 8 Dec 2020 09:00:37 -0800 +Subject: Kafka: Decrease our maximum decompression buffer size. + +https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/record/KafkaLZ4BlockOutputStream.java +maxes out at 2^22, so use that. +--- + epan/dissectors/packet-kafka.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c +index 377e10c42d..35f2aeaac3 100644 +--- a/epan/dissectors/packet-kafka.c ++++ b/epan/dissectors/packet-kafka.c +@@ -683,7 +683,9 @@ static void show_compression_reduction(tvbuff_t *tvb, proto_tree *tree, guint co + } + } + +-#define MAX_DECOMPRESSION_SIZE (50 * 1000 * 1000) // Arbitrary ++// Max is currently 2^22 in ++// https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/record/KafkaLZ4BlockOutputStream.java ++#define MAX_DECOMPRESSION_SIZE (1 << 22) + static int + dissect_kafka_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, int start_offset) + { +-- +2.20.1 + diff -Nru wireshark-2.6.8/debian/patches/03_no_version_in_gtk_title.patch wireshark-2.6.20/debian/patches/03_no_version_in_gtk_title.patch --- wireshark-2.6.8/debian/patches/03_no_version_in_gtk_title.patch 2019-05-27 17:00:57.000000000 +0300 +++ wireshark-2.6.20/debian/patches/03_no_version_in_gtk_title.patch 2019-07-18 00:23:05.000000000 +0300 @@ -1,6 +1,6 @@ --- a/epan/prefs.c +++ b/epan/prefs.c -@@ -4108,7 +4108,7 @@ +@@ -4105,7 +4105,7 @@ prefs.gui_prepend_window_title = g_strdup(""); g_free(prefs.gui_start_title); prefs.gui_start_title = g_strdup("The World's Most Popular Network Protocol Analyzer"); diff -Nru wireshark-2.6.8/debian/patches/17_libdir_location.patch wireshark-2.6.20/debian/patches/17_libdir_location.patch --- wireshark-2.6.8/debian/patches/17_libdir_location.patch 2019-05-27 17:00:57.000000000 +0300 +++ wireshark-2.6.20/debian/patches/17_libdir_location.patch 2020-11-26 21:21:18.000000000 +0200 @@ -5,7 +5,7 @@ --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -1477,7 +1477,7 @@ +@@ -1473,7 +1473,7 @@ set( prefix "${CMAKE_INSTALL_PREFIX}" ) set( exec_prefix "\${prefix}" ) @@ -23,5 +23,5 @@ -set(Wireshark_LIB_DIR "@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_LIBDIR@") +set(Wireshark_LIB_DIR "@CMAKE_INSTALL_LIBDIR@") set(Wireshark_INCLUDE_DIR "@CMAKE_INSTALL_PREFIX@/include/wireshark") - set(Wireshark_CMAKE_MODULES_DIR "@CMAKE_INSTALL_MODULES_DIR@") + set(Wireshark_CMAKE_MODULES_DIR "@CMAKE_INSTALL_PREFIX@/@CMAKE_INSTALL_MODULES_DIR@") diff -Nru wireshark-2.6.8/debian/patches/CVE-2019-12295.patch wireshark-2.6.20/debian/patches/CVE-2019-12295.patch --- wireshark-2.6.8/debian/patches/CVE-2019-12295.patch 2019-05-27 17:07:19.000000000 +0300 +++ wireshark-2.6.20/debian/patches/CVE-2019-12295.patch 1970-01-01 02:00:00.000000000 +0200 @@ -1,42 +0,0 @@ -Description: CVE-2019-12295 - In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, - the dissection engine could crash. This was addressed in - epan/packet.c by restricting the number of layers and - consequently limiting recursion. -Origin: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820 -Bug-Debian: https://bugs.debian.org/929446 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/epan/packet.c -+++ b/epan/packet.c -@@ -725,6 +725,13 @@ - call_dissector_work_error(dissector_handle_t handle, tvbuff_t *tvb, - packet_info *pinfo_arg, proto_tree *tree, void *); - -+/* -+ * XXX packet_info.curr_layer_num is a guint8 and *_MAX_RECURSION_DEPTH is -+ * 100 elsewhere in the code. We should arguably use the same value here, -+ * but using that makes suite_wslua.case_wslua.test_wslua_dissector_fpm fail. -+ */ -+#define PINFO_LAYER_MAX_RECURSION_DEPTH 500 -+ - static int - call_dissector_work(dissector_handle_t handle, tvbuff_t *tvb, packet_info *pinfo_arg, - proto_tree *tree, gboolean add_proto_name, void *data) -@@ -747,6 +754,7 @@ - saved_proto = pinfo->current_proto; - saved_can_desegment = pinfo->can_desegment; - saved_layers_len = wmem_list_count(pinfo->layers); -+ DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH); - - /* - * can_desegment is set to 2 by anyone which offers the -@@ -2675,6 +2683,8 @@ - saved_layers_len = wmem_list_count(pinfo->layers); - *heur_dtbl_entry = NULL; - -+ DISSECTOR_ASSERT(saved_layers_len < PINFO_LAYER_MAX_RECURSION_DEPTH); -+ - for (entry = sub_dissectors->dissectors; entry != NULL; - entry = g_slist_next(entry)) { - /* XXX - why set this now and above? */ diff -Nru wireshark-2.6.8/debian/patches/series wireshark-2.6.20/debian/patches/series --- wireshark-2.6.8/debian/patches/series 2019-05-27 17:03:48.000000000 +0300 +++ wireshark-2.6.20/debian/patches/series 2021-01-30 15:55:58.000000000 +0200 @@ -4,4 +4,8 @@ 09_idl2wrs.patch 16_licence_about_location.patch 17_libdir_location.patch -CVE-2019-12295.patch +0001-FBZERO-Make-sure-our-offset-advances.patch +0001-GQUIC-make-sure-our-tag-offset-advances.patch +0001-epan-Limit-our-bits-in-decode_bits_in_field.patch +0002-Kafka-Limit-our-decompression-size.patch +0003-Kafka-Decrease-our-maximum-decompression-buffer-size.patch diff -Nru wireshark-2.6.8/debian/rules wireshark-2.6.20/debian/rules --- wireshark-2.6.8/debian/rules 2019-05-27 17:00:57.000000000 +0300 +++ wireshark-2.6.20/debian/rules 2020-11-26 21:21:18.000000000 +0200 @@ -88,6 +88,10 @@ debian/wireshark-dev/usr/share/pyshared/wireshark_be.py \ debian/wireshark-dev/usr/share/pyshared/wireshark_gen.py +override_dh_auto_test: + $(MAKE) -C obj-* test-programs + -dh_auto_test + override_dh_clean: test ! -f version.conf.bak || mv version.conf.bak version.conf dh_clean
