Resolves: #2083581 - capinfos aborts in FIPS
This commit is contained in:
Michal Ruprich
parent
b31d1f319f
commit
1950bdf882
@ -1,9 +1,8 @@
|
||||
---
|
||||
ownership:
|
||||
bin_paths:
|
||||
#dumpcap is the only binary that has group wireshark
|
||||
ignore:
|
||||
- /usr/bin/dumpcap
|
||||
|
||||
bin_group: wireshark
|
||||
|
||||
inspections:
|
||||
xml: off
|
||||
|
||||
56
wireshark-0010-fips-ripemd160.patch
Normal file
56
wireshark-0010-fips-ripemd160.patch
Normal file
@ -0,0 +1,56 @@
|
||||
diff --git a/capinfos.c b/capinfos.c
|
||||
index 5536766..12b141e 100644
|
||||
--- a/capinfos.c
|
||||
+++ b/capinfos.c
|
||||
@@ -739,7 +739,8 @@ print_stats(const gchar *filename, capture_info *cf_info)
|
||||
}
|
||||
if (cap_file_hashes) {
|
||||
printf ("SHA256: %s\n", file_sha256);
|
||||
- printf ("RIPEMD160: %s\n", file_rmd160);
|
||||
+ if(!gcry_fips_mode_active())
|
||||
+ printf ("RIPEMD160: %s\n", file_rmd160);
|
||||
printf ("SHA1: %s\n", file_sha1);
|
||||
}
|
||||
if (cap_order) printf ("Strict time order: %s\n", order_string(cf_info->order));
|
||||
@@ -851,7 +852,8 @@ print_stats_table_header(void)
|
||||
if (cap_packet_rate) print_stats_table_header_label("Average packet rate (packets/sec)");
|
||||
if (cap_file_hashes) {
|
||||
print_stats_table_header_label("SHA256");
|
||||
- print_stats_table_header_label("RIPEMD160");
|
||||
+ if(!gcry_fips_mode_active())
|
||||
+ print_stats_table_header_label("RIPEMD160");
|
||||
print_stats_table_header_label("SHA1");
|
||||
}
|
||||
if (cap_order) print_stats_table_header_label("Strict time order");
|
||||
@@ -1447,7 +1449,10 @@ print_usage(FILE *output)
|
||||
fprintf(output, " -E display the capture file encapsulation\n");
|
||||
fprintf(output, " -I display the capture file interface information\n");
|
||||
fprintf(output, " -F display additional capture file information\n");
|
||||
- fprintf(output, " -H display the SHA256, RMD160, and SHA1 hashes of the file\n");
|
||||
+ if(!gcry_fips_mode_active())
|
||||
+ fprintf(output, " -H display the SHA256 and SHA1 hashes of the file\n");
|
||||
+ else
|
||||
+ fprintf(output, " -H display the SHA256, RMD160, and SHA1 hashes of the file\n");
|
||||
fprintf(output, " -k display the capture comment\n");
|
||||
fprintf(output, "\n");
|
||||
fprintf(output, "Size infos:\n");
|
||||
@@ -1795,7 +1800,8 @@ main(int argc, char *argv[])
|
||||
gcry_check_version(NULL);
|
||||
gcry_md_open(&hd, GCRY_MD_SHA256, 0);
|
||||
if (hd) {
|
||||
- gcry_md_enable(hd, GCRY_MD_RMD160);
|
||||
+ if(!gcry_fips_mode_active())
|
||||
+ gcry_md_enable(hd, GCRY_MD_RMD160);
|
||||
gcry_md_enable(hd, GCRY_MD_SHA1);
|
||||
}
|
||||
hash_buf = (char *)g_malloc(HASH_BUF_SIZE);
|
||||
@@ -1817,7 +1823,8 @@ main(int argc, char *argv[])
|
||||
}
|
||||
gcry_md_final(hd);
|
||||
hash_to_str(gcry_md_read(hd, GCRY_MD_SHA256), HASH_SIZE_SHA256, file_sha256);
|
||||
- hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, file_rmd160);
|
||||
+ if(!gcry_fips_mode_active())
|
||||
+ hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, file_rmd160);
|
||||
hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA1, file_sha1);
|
||||
}
|
||||
if (fh) fclose(fh);
|
||||
@ -6,7 +6,7 @@
|
||||
Summary: Network traffic analyzer
|
||||
Name: wireshark
|
||||
Version: 3.4.10
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Epoch: 1
|
||||
License: GPL+
|
||||
Url: http://www.wireshark.org/
|
||||
@ -16,18 +16,19 @@ Source1: https://www.wireshark.org/download/src/all-versions/SIGNATURES-%
|
||||
Source2: 90-wireshark-usbmon.rules
|
||||
|
||||
# Fedora-specific
|
||||
Patch2: wireshark-0002-Customize-permission-denied-error.patch
|
||||
Patch0002: wireshark-0002-Customize-permission-denied-error.patch
|
||||
# Will be proposed upstream
|
||||
Patch3: wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
|
||||
Patch0003: wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
|
||||
# Fedora-specific
|
||||
Patch4: wireshark-0004-Restore-Fedora-specific-groups.patch
|
||||
Patch0004: wireshark-0004-Restore-Fedora-specific-groups.patch
|
||||
# Fedora-specific
|
||||
Patch5: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
|
||||
Patch0005: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
|
||||
# Fedora-specific
|
||||
Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch
|
||||
Patch7: wireshark-0007-cmakelists.patch
|
||||
#Patch8: wireshark-0008-move-glib.patch
|
||||
Patch9: wireshark-0009-smc-support.patch
|
||||
Patch0006: wireshark-0006-Move-tmp-to-var-tmp.patch
|
||||
Patch0007: wireshark-0007-cmakelists.patch
|
||||
#Patch0008: wireshark-0008-move-glib.patch
|
||||
Patch0009: wireshark-0009-smc-support.patch
|
||||
Patch0010: wireshark-0010-fips-ripemd160.patch
|
||||
|
||||
#install tshark together with wireshark GUI
|
||||
Requires: %{name}-cli = %{epoch}:%{version}-%{release}
|
||||
@ -104,7 +105,11 @@ Wireshark.
|
||||
|
||||
%package devel
|
||||
Summary: Development headers and libraries for wireshark
|
||||
Requires: %{name} = %{epoch}:%{version}-%{release} glibc-devel glib2-devel
|
||||
Requires: %{name} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}-cli = %{epoch}:%{version}-%{release}
|
||||
Requires: glibc-devel
|
||||
Requires: glib2-devel
|
||||
|
||||
|
||||
%description devel
|
||||
The wireshark-devel package contains the header files, developer
|
||||
@ -271,6 +276,9 @@ fi
|
||||
%{_libdir}/pkgconfig/%{name}.pc
|
||||
|
||||
%changelog
|
||||
* Thu Jan 19 2023 Michal Ruprich <mruprich@redhat.com> - 1:3.4.10-3
|
||||
- Resolves: #2083581 - capinfos aborts in FIPS
|
||||
|
||||
* Thu Jan 19 2023 Michal Ruprich <mruprich@redhat.com> - 1:3.4.10-2
|
||||
- Resolves: #2160648 - Enhanced TMT testing for centos-stream
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user