From 936697e45ca1249261908d5fb0b569032d3c5e13 Mon Sep 17 00:00:00 2001
From: Michal Ruprich <mruprich@redhat.com>
Date: Fri, 28 Jul 2023 20:54:52 +0200
Subject: [PATCH] Resolves: #2227004 - capinfos aborts in FIPS

---
 wireshark-0010-ripemd-fips-core-dump.patch | 164 +++++++++++++++++++++
 wireshark.spec                             |  22 +--
 2 files changed, 177 insertions(+), 9 deletions(-)
 create mode 100644 wireshark-0010-ripemd-fips-core-dump.patch

diff --git a/wireshark-0010-ripemd-fips-core-dump.patch b/wireshark-0010-ripemd-fips-core-dump.patch
new file mode 100644
index 0000000..f09dc1a
--- /dev/null
+++ b/wireshark-0010-ripemd-fips-core-dump.patch
@@ -0,0 +1,164 @@
+diff --git a/capinfos.c b/capinfos.c
+index 3c7866befd..da576f88c5 100644
+--- a/capinfos.c
++++ b/capinfos.c
+@@ -141,7 +141,6 @@ static gboolean cap_file_hashes    = TRUE;  /* Calculate file hashes */
+ 
+ // Strongest to weakest
+ #define HASH_SIZE_SHA256 32
+-#define HASH_SIZE_RMD160 20
+ #define HASH_SIZE_SHA1   20
+ 
+ #define HASH_STR_SIZE (65) /* Max hash size * 2 + '\0' */
+@@ -743,7 +742,6 @@ print_stats(const gchar *filename, capture_info *cf_info)
+     }
+     if (cap_file_hashes) {
+         printf     ("SHA256:              %s\n", file_sha256);
+-        printf     ("RIPEMD160:           %s\n", file_rmd160);
+         printf     ("SHA1:                %s\n", file_sha1);
+     }
+     if (cap_order)          printf     ("Strict time order:   %s\n", order_string(cf_info->order));
+@@ -857,7 +855,6 @@ print_stats_table_header(void)
+     if (cap_packet_rate)    print_stats_table_header_label("Average packet rate (packets/sec)");
+     if (cap_file_hashes) {
+         print_stats_table_header_label("SHA256");
+-        print_stats_table_header_label("RIPEMD160");
+         print_stats_table_header_label("SHA1");
+     }
+     if (cap_order)          print_stats_table_header_label("Strict time order");
+@@ -1182,7 +1179,6 @@ calculate_hashes(const char *filename)
+             }
+             gcry_md_final(hd);
+             hash_to_str(gcry_md_read(hd, GCRY_MD_SHA256), HASH_SIZE_SHA256, file_sha256);
+-            hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, file_rmd160);
+             hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA1, file_sha1);
+         }
+         if (fh) fclose(fh);
+@@ -1489,7 +1485,7 @@ print_usage(FILE *output)
+     fprintf(output, "  -E display the capture file encapsulation\n");
+     fprintf(output, "  -I display the capture file interface information\n");
+     fprintf(output, "  -F display additional capture file information\n");
+-    fprintf(output, "  -H display the SHA256, RIPEMD160, and SHA1 hashes of the file\n");
++    fprintf(output, "  -H display the SHA256 and SHA1 hashes of the file\n");
+     fprintf(output, "  -k display the capture comment\n");
+     fprintf(output, "\n");
+     fprintf(output, "Size infos:\n");
+@@ -1842,10 +1838,9 @@ main(int argc, char *argv[])
+     if (cap_file_hashes) {
+         gcry_check_version(NULL);
+         gcry_md_open(&hd, GCRY_MD_SHA256, 0);
+-        if (hd) {
+-            gcry_md_enable(hd, GCRY_MD_RMD160);
++        if (hd)
+             gcry_md_enable(hd, GCRY_MD_SHA1);
+-        }
++
+         hash_buf = (char *)g_malloc(HASH_BUF_SIZE);
+     }
+ 
+diff --git a/doc/capinfos.adoc b/doc/capinfos.adoc
+index 16ed2e300a..124fb56694 100644
+--- a/doc/capinfos.adoc
++++ b/doc/capinfos.adoc
+@@ -200,7 +200,7 @@ Prints the help listing and exits.
+ -H::
+ +
+ --
+-Displays the SHA256, RIPEMD160, and SHA1 hashes for the file.
++Displays the SHA256 and SHA1 hashes for the file.
+ SHA1 output may be removed in the future.
+ --
+ 
+diff --git a/capinfos.c b/capinfos.c
+index f0059f4e54..e153097219 100644
+--- a/capinfos.c
++++ b/capinfos.c
+@@ -148,7 +148,6 @@ static gboolean cap_file_hashes    = TRUE;  /* Calculate file hashes */
+ 
+ 
+ static gchar file_sha256[HASH_STR_SIZE];
+-static gchar file_rmd160[HASH_STR_SIZE];
+ static gchar file_sha1[HASH_STR_SIZE];
+ 
+ static char  *hash_buf = NULL;
+@@ -1024,11 +1023,6 @@ print_stats_table(const gchar *filename, capture_info *cf_info)
+         printf("%s", file_sha256);
+         putquote();
+ 
+-        putsep();
+-        putquote();
+-        printf("%s", file_rmd160);
+-        putquote();
+-
+         putsep();
+         putquote();
+         printf("%s", file_sha1);
+@@ -1168,7 +1162,6 @@ calculate_hashes(const char *filename)
+     size_t hash_bytes;
+ 
+     (void) g_strlcpy(file_sha256, "<unknown>", HASH_STR_SIZE);
+-    (void) g_strlcpy(file_rmd160, "<unknown>", HASH_STR_SIZE);
+     (void) g_strlcpy(file_sha1, "<unknown>", HASH_STR_SIZE);
+ 
+     if (cap_file_hashes) {
+diff --git a/ui/qt/capture_file_properties_dialog.cpp b/ui/qt/capture_file_properties_dialog.cpp
+index 9e5b86a7fd..c77056818c 100644
+--- a/ui/qt/capture_file_properties_dialog.cpp
++++ b/ui/qt/capture_file_properties_dialog.cpp
+@@ -175,11 +175,6 @@ QString CaptureFilePropertiesDialog::summaryToHtml()
+         << table_data_tmpl.arg(summary.file_sha256)
+         << table_row_end;
+ 
+-    out << table_row_begin
+-        << table_vheader_tmpl.arg(tr("Hash (RIPEMD160)"))
+-        << table_data_tmpl.arg(summary.file_rmd160)
+-        << table_row_end;
+-
+     out << table_row_begin
+         << table_vheader_tmpl.arg(tr("Hash (SHA1)"))
+         << table_data_tmpl.arg(summary.file_sha1)
+diff --git a/ui/summary.c b/ui/summary.c
+index 127698fd5c..58c7cd68a4 100644
+--- a/ui/summary.c
++++ b/ui/summary.c
+@@ -21,7 +21,6 @@
+ 
+ // Strongest to weakest
+ #define HASH_SIZE_SHA256 32
+-#define HASH_SIZE_RMD160 20
+ #define HASH_SIZE_SHA1   20
+ 
+ #define HASH_BUF_SIZE (1024 * 1024)
+@@ -213,12 +212,10 @@ summary_fill_in(capture_file *cf, summary_tally *st)
+     g_free(idb_info);
+ 
+     (void) g_strlcpy(st->file_sha256, "<unknown>", HASH_STR_SIZE);
+-    (void) g_strlcpy(st->file_rmd160, "<unknown>", HASH_STR_SIZE);
+     (void) g_strlcpy(st->file_sha1, "<unknown>", HASH_STR_SIZE);
+ 
+     gcry_md_open(&hd, GCRY_MD_SHA256, 0);
+     if (hd) {
+-        gcry_md_enable(hd, GCRY_MD_RMD160);
+         gcry_md_enable(hd, GCRY_MD_SHA1);
+     }
+     hash_buf = (char *)g_malloc(HASH_BUF_SIZE);
+@@ -230,7 +227,6 @@ summary_fill_in(capture_file *cf, summary_tally *st)
+         }
+         gcry_md_final(hd);
+         hash_to_str(gcry_md_read(hd, GCRY_MD_SHA256), HASH_SIZE_SHA256, st->file_sha256);
+-        hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, st->file_rmd160);
+         hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA1, st->file_sha1);
+     }
+     if (fh) fclose(fh);
+diff --git a/ui/summary.h b/ui/summary.h
+index 9063b99b77..95a51a38c0 100644
+--- a/ui/summary.h
++++ b/ui/summary.h
+@@ -56,7 +56,6 @@ typedef struct _summary_tally {
+     const char           *filename;           /**< path of capture file */
+     gint64                file_length;        /**< file length in bytes */
+     gchar                 file_sha256[HASH_STR_SIZE];  /**< SHA256 hash of capture file */
+-    gchar                 file_rmd160[HASH_STR_SIZE];  /**< RIPEMD160 hash of capture file */
+     gchar                 file_sha1[HASH_STR_SIZE];    /**< SHA1 hash of capture file */
+     int                   file_type;          /**< wiretap file type */
+     wtap_compression_type compression_type;   /**< compression type of file, or uncompressed */
diff --git a/wireshark.spec b/wireshark.spec
index 2f29538..1a247c3 100644
--- a/wireshark.spec
+++ b/wireshark.spec
@@ -6,7 +6,7 @@
 Summary:	Network traffic analyzer
 Name:		wireshark
 Version:	4.0.7
-Release:	2%{?dist}
+Release:	3%{?dist}
 Epoch:		1
 License:	BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND MIT AND GPL-2.0-or-later AND LGPL-2.0-or-later AND Zlib AND ISC AND (BSD-3-Clause OR GPL-2.0-only) AND (GPL-2.0-or-later AND Zlib)
 Url:		http://www.wireshark.org/
@@ -17,18 +17,19 @@ Source2:	90-wireshark-usbmon.rules
 Source3:	wireshark.sysusers
 
 # Fedora-specific
-Patch2:		wireshark-0002-Customize-permission-denied-error.patch
+Patch2:   wireshark-0002-Customize-permission-denied-error.patch
 # Will be proposed upstream
-Patch3:		wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
+Patch3:   wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
 # Fedora-specific
-Patch4:		wireshark-0004-Restore-Fedora-specific-groups.patch
+Patch4:   wireshark-0004-Restore-Fedora-specific-groups.patch
 # Fedora-specific
-Patch5:		wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
+Patch5:   wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
 # Fedora-specific
-Patch6:		wireshark-0006-Move-tmp-to-var-tmp.patch
-Patch7:		wireshark-0007-cmakelists.patch
-Patch8:		wireshark-0008-glib2-g_strdup-build.patch
-Patch9:		wireshark-0009-fix-asn2wrs-cmake.patch
+Patch6:   wireshark-0006-Move-tmp-to-var-tmp.patch
+Patch7:   wireshark-0007-cmakelists.patch
+Patch8:   wireshark-0008-glib2-g_strdup-build.patch
+Patch9:   wireshark-0009-fix-asn2wrs-cmake.patch
+Patch10:  wireshark-0010-ripemd-fips-core-dump.patch
 
 #install tshark together with wireshark GUI
 Requires:	%{name}-cli = %{epoch}:%{version}-%{release}
@@ -279,6 +280,9 @@ fi
 %{_libdir}/pkgconfig/%{name}.pc
 
 %changelog
+* Fri Jul 28 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.7-3
+- Resolves: #2227004 - capinfos aborts in FIPS
+
 * Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:4.0.7-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild