SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for ethereal-0.10.5-1.i586.rpm :
Thu Jul 8 14:00:00 2004 PLD Team
All persons listed below can be reached at AATTpld.org.pl

$Log: ethereal.spec,v $
Revision 1.96.2.2 2004/07/08 20:59:35 kloczek
- fixed BuildRequires for Ra.

Revision 1.96.2.1 2004/07/08 20:45:06 kloczek
- release 1: backport for Ra.

Revision 1.96 2004/07/08 20:42:57 kloczek
- updated to 0.10.5,
- SECURITY FIXES:
CAN-2004-0633:
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote
attackers to cause a denial of service (process abort) via an integer
overflow.
CAN-2004-0634:
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows
remote attackers to cause a denial of service (process crash) via a handle
without a policy name, which causes a null dereference.
CAN-2004-0635:
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote
attackers to cause a denial of service (process crash) via a (1) malformed
or (2) missing community string, which causes an out-of-bounds read.

Revision 1.95 2004/05/14 15:56:42 kloczek
- reverte last commit (commited on incorrect branch).

Revision 1.94 2004/05/14 15:48:59 kloczek
- backporting fixes.

Revision 1.93 2004/05/14 15:43:37 kloczek
- updated to 0.10.4,
- SECURITY FIXES: http://www.ethereal.com/appnotes/enpa-sa-00014.html
Issues have been discovered in the following protocol dissectors:

* A SIP packet could make Ethereal crash under specific conditions, as
described in the following message:
http://www.ethereal.com/lists/ethereal-users/200405/msg00018.html
(0.10.3).

* The AIM dissector could throw an assertion, causing Ethereal to
terminate abnormally (0.10.3).

* It was possible for the SPNEGO dissector to dereference a null
pointer, causing a crash (0.9.8 to 0.10.3).

* The MMSE dissector was susceptible to a buffer overflow. (0.10.1 to
0.10.3).
Impact:
It may be possible to make Ethereal crash or run arbitrary code by
injecting a purposefully malformed packet onto the wire, by convincing
someone to read a malformed packet trace file, or by creating a
malformed color filter file.

Revision 1.92 2004/03/26 19:50:03 kloczek
- updated to 0.10.3,
- SECURITY FIXES:
- CAN-2004-0176: buffer overflows in the following protocol dissectors:
NetFlow, IGAP, EIGRP, PGM, IrDA, BGP, ISUP, and TCAP.
- CAN-2004-0367: a zero-length Presentation protocol selector could make
Ethereal crash,
- CAN-2004-0365: a carefully-crafted RADIUS packet could cause a crash,
- a corrupt color filter file could cause a segmentation fault.
- added libs subpackage (common is now obsoleted).

Revision 1.91 2004/03/17 00:07:45 kloczek
- unroll %{_pixmapsdir} macro and use directly %{_datadir}/pixmaps

Revision 1.90 2004/03/15 06:28:56 kloczek
- use %{_datadir}/applications for store desktop files.

Revision 1.89 2004/02/24 17:50:44 kloczek
- updated to 0.10.2,
- enable SNMP and ipv6 support.

Revision 1.88 2003/12/17 07:54:02 kloczek
- s/gtk+2-devel/gtk+-devel/

Revision 1.87 2003/11/04 13:51:29 kloczek
- updatedto 0.9.16,
- SECURITY FIXES
Potential security issues have been discovered in the following protocol
dissectors:
- an improperly formatted GTP MSISDN string could cause a buffer overflow,
- a malformed ISAKMP or MEGACO packet could make Ethereal or Tethereal crash,
- the SOCKS dissector was susceptible to a heap overlfow.
Impact:
It may be possible to make Ethereal crash or run arbitrary code by injecting
a purposefully malformed packet onto the wire, or by convincing someone to
read a malformed packet trace file.

Revision 1.86 2003/09/10 21:09:03 kloczek
- updated to 0.9.15: bug fixes in variouse protocol handlers, new protocol
handlers: GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN.

Revision 1.85 2003/08/11 19:20:29 kloczek
- removed .la files from plugin directory (isn\'t neccessary).

Revision 1.84 2003/08/11 19:09:53 kloczek
- updated to 0.9.14,
- SECURITY FIXES: http://www.ethereal.com/appnotes/enpa-sa-00010.html
Further source code auditing by Timo Sirainen has turned up several
string handling flaws in various protocol dissectors. Separate
security problems were discovered by other people:
- the DCERPC dissector could try to allocate too much memory while
trying to decode an NDR string,
- bad IPv4 or IPv6 prefix lengths could cause an overflow in the
OSI dissector,
- the SPNEGO dissector could segfault while parsing an invalid
ASN.1 value,
- the tvb_get_nstringz0() routine incorrectly handled a zero-length
buffer size,
- the BGP, WTP, DNS, 802.11, ISAKMP, WSP, CLNP, ISIS, and RMI
dissectors handled strings improperly.
- removed outdate distcc patch,
- removed bcond for building against gtk1 (build only against gtk2).

Revision 1.83 2003/06/27 17:27:17 kloczek
- unifications and cleanups.

Revision 1.82 2003/05/20 15:30:10 qboosh
- use automake without --force instead of bogus copying of ltmain.sh

Revision 1.81 2003/05/15 01:02:33 adgor
- BR: glib-devel
- Fixed ac/am stuff (it\'s needed in case the gtk+-devel isn\'t installed)

Revision 1.80 2003/05/14 09:02:59 kloczek
- merge translations from KSI and Conectiva,
- more macros and few simplifications.

Revision 1.79 2003/05/08 22:25:42 misi3k
- damm, ide spac :\\

Revision 1.78 2003/05/08 22:24:42 misi3k
- rel 2
- fixed prefix for RA

Revision 1.77 2003/05/06 09:19:33 adgor
- Removed redundant configure opts

Revision 1.76 2003/05/03 18:51:29 kloczek
- fixed missing %defattr() in main package and adapterized.

Revision 1.75 2003/05/02 09:48:24 adamg
- updated to 0.9.12: several off-by-one and integer overflow errors
fixed, some improvements.

Revision 1.74 2003/04/29 16:48:47 kloczek
- release 6.

Revision 1.73 2003/04/27 11:45:07 blues
- who wants to install something as user builder? :)

Revision 1.72 2003/04/25 16:25:53 adamg
- removed br: libelf-devel (areq adviced me that this should go to rpm.spec)
- added missing files: ethereal_su, idl2eth and idl2eth man
- release 5

Revision 1.71 2003/04/25 15:11:51 adamg
- added missing BR: libelf-devel

Revision 1.70 2003/04/14 21:33:47 migo
- reunion! tethereal.spec is now obsolete and will be removed soon
- release 4.1

Revision 1.69 2003/04/06 20:33:18 misi3k
- rel 4
- added patch0 (decode/dissect distcc connections)
- added bcond net-snmp

Revision 1.68 2003/03/17 12:26:13 adgor
- Reverted common subpackage (forgot, it\'s needed for tethereal)
- Added --with gtk1 bcond
- Release 3

Revision 1.67 2003/03/17 10:35:30 adgor
- Obsoletes %%{name}-common

Revision 1.66 2003/03/17 01:39:42 adgor
- Build with gtk+2
- Removed redundant %%configure options
- 644 for
*.la
- Simplified %%doc
- Using %%{_pixmapsdir}
- Removed common subpackage (separate single package containing < 180kB docs
files has no sense - You may use --excludedocs instead)
- Release 2

Revision 1.65 2003/03/14 11:13:41 qboosh
- 0.9.11, .bz2 source

Revision 1.64 2003/03/08 16:27:40 adamg
- updated to 0.9.10
- STBR ra/security (http://www.ethereal.com/appnotes/enpa-sa-00008.html)

Revision 1.63 2003/02/14 11:21:02 adgor
- BR net-smnp-devel (not ucd-snmp-devel or net-snmp-compat-devel)

Revision 1.62 2003/02/13 14:02:04 juandon
- force to use openssl >= 0.9.7, idea by kloczek

Revision 1.61 2003/01/21 23:24:47 qboosh
- fixed ac/am (automake --force in subdirs is evil)

Revision 1.60 2003/01/18 22:46:45 juandon
- removed two lines with define

Revision 1.59 2003/01/05 15:48:21 blues
- 0.9.8 - STBR to Ra updates (see:
http://www.ethereal.com/appnotes/enpa-sa-00007.html )


  
ICM