[pkgsrc/pkgsrc-2005Q3]: pkgsrc/net/ethereal Pullup ticket 882 - requested by ...

[salo <salo%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/6d5572325056
branches:  pkgsrc-2005Q3
changeset: 499650:6d5572325056
user:      salo <salo%pkgsrc.org@localhost>
date:      Thu Nov 03 13:27:30 2005 +0000

description:
Pullup ticket 882 - requested by Adrian Portelli
security fix for ethereal

Revisions pulled up:
- pkgsrc/net/ethereal/Makefile                  1.117, 1.118
- pkgsrc/net/ethereal/distinfo                  1.44, 1.45
- pkgsrc/net/ethereal/patches/patch-ab          1.7

   Module Name:         pkgsrc
   Committed By:        salo
   Date:                Tue Oct 25 11:32:04 UTC 2005

   Modified Files:
        pkgsrc/net/ethereal: Makefile distinfo

   Log Message:
   Use tar.bz2 archive again, it's 2MB smaller.
---
   Module Name:         pkgsrc
   Committed By:        frueauf
   Date:                Tue Nov  1 20:09:50 UTC 2005

   Modified Files:
        pkgsrc/net/ethereal: Makefile
   Added Files:
        pkgsrc/net/ethereal/patches: patch-ab

   Log Message:
   Add patch for security issue published at http://secunia.com/product/1228/
   taken from
   http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/net-analyzer/ethereal/files/ethereal-0.10.13-fix-irc-loop-DoS-CVE-2005-3313.diff?hideattic=1

   Also bump version to 0.10.13nb1.
---
   Module Name:         pkgsrc
   Committed By:        frueauf
   Date:                Tue Nov  1 20:28:56 UTC 2005

   Modified Files:
        pkgsrc/net/ethereal: distinfo

   Log Message:
   Update for new patch-ab.

diffstat:

 net/ethereal/Makefile         |   4 +++-
 net/ethereal/distinfo         |   9 +++++----
 net/ethereal/patches/patch-ab |  25 +++++++++++++++++++++++++
 3 files changed, 33 insertions(+), 5 deletions(-)

diffs (64 lines):

diff -r fdfcd238bc52 -r 6d5572325056 net/ethereal/Makefile
--- a/net/ethereal/Makefile     Wed Nov 02 22:33:30 2005 +0000
+++ b/net/ethereal/Makefile     Thu Nov 03 13:27:30 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.115.2.1 2005/10/25 11:05:43 salo Exp $
+# $NetBSD: Makefile,v 1.115.2.2 2005/11/03 13:27:30 salo Exp $
 
 DISTNAME=              ethereal-0.10.13
+PKGREVISION=           1
 CATEGORIES=            net
 MASTER_SITES=          http://www.ethereal.com/distribution/ \
                        http://ethereal.planetmirror.com/distribution/ \
@@ -15,6 +16,7 @@
                        http://ftp.sunet.se/pub/network/monitoring/ethereal/ \
                        http://ethereal.netarc.jp/distribution/ \
                        ftp://ftp.ethereal.com/pub/ethereal/old-versions/
+EXTRACT_SUFX=          .tar.bz2
 
 MAINTAINER=            frueauf%NetBSD.org@localhost
 HOMEPAGE=              http://www.ethereal.com/
diff -r fdfcd238bc52 -r 6d5572325056 net/ethereal/distinfo
--- a/net/ethereal/distinfo     Wed Nov 02 22:33:30 2005 +0000
+++ b/net/ethereal/distinfo     Thu Nov 03 13:27:30 2005 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.42.2.1 2005/10/25 11:05:43 salo Exp $
+$NetBSD: distinfo,v 1.42.2.2 2005/11/03 13:27:30 salo Exp $
 
-SHA1 (ethereal-0.10.13.tar.gz) = eb7309c3774c23bdc4be08fcdb0ef2bd31634667
-RMD160 (ethereal-0.10.13.tar.gz) = 69d94b74157b6d2c86a3c25ac5220b3934de2108
-Size (ethereal-0.10.13.tar.gz) = 10115596 bytes
+SHA1 (ethereal-0.10.13.tar.bz2) = 4ed2014a1ede6bdb05fbe99b0469a030c7794a13
+RMD160 (ethereal-0.10.13.tar.bz2) = 54f6431ac2d807e0d7dd896af71463d340c66107
+Size (ethereal-0.10.13.tar.bz2) = 8029087 bytes
 SHA1 (patch-aa) = 0513b971c0af032fc64fc181fbd64d78aef0d044
+SHA1 (patch-ab) = bfbefb0ae66607068e21d0912a15a72606ab8ea8
diff -r fdfcd238bc52 -r 6d5572325056 net/ethereal/patches/patch-ab
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/net/ethereal/patches/patch-ab     Thu Nov 03 13:27:30 2005 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-ab,v 1.5.2.2 2005/11/03 13:27:30 salo Exp $
+
+Fixes security issue published at http://secunia.com/advisories/17370/.
+Diff taken from http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/net-analyzer/ethereal/files/ethereal-0.10.13-fix-irc-loop-DoS-CVE-2005-3313.diff?hideattic=1
+
+--- epan/dissectors/packet-irc.c       2005/09/23 21:33:02     15985
++++ epan/dissectors/packet-irc.c       2005/10/24 02:35:43     16290
+@@ -86,6 +86,17 @@
+                        * Find the end of the line.
+                        */
+                       linelen = tvb_find_line_end(tvb, offset, -1, &next_offset, FALSE);
++                      if (next_offset == offset) {
++                              /*
++                               * XXX - we really want the "show data a
++                               * line at a time" loops in various
++                               * dissectors to do reassembly and to
++                               * throw an exception if there's no
++                               * line ending in the current packet
++                               * and we're not doing reassembly.
++                               */
++                              break;
++                      }
+ 
+                       if (linelen != 0)
+                       {