rpms/wireshark
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Resolves: #2227004 - capinfos aborts in FIPS

Browse Source
This commit is contained in:
Michal Ruprich 2023-07-28 20:54:52 +02:00
parent bd2c02866c
commit 936697e45c
2 changed files with 177 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
wireshark-0010-ripemd-fips-core-dump.patch Normal file
View File

@ -0,0 +1,164 @@
diff --git a/capinfos.c b/capinfos.c
index 3c7866befd..da576f88c5 100644
--- a/capinfos.c
+++ b/capinfos.c
@@ -141,7 +141,6 @@ static gboolean cap_file_hashes = TRUE; /* Calculate file hashes */
// Strongest to weakest
#define HASH_SIZE_SHA256 32
-#define HASH_SIZE_RMD160 20
#define HASH_SIZE_SHA1 20
#define HASH_STR_SIZE (65) /* Max hash size * 2 + '\0' */
@@ -743,7 +742,6 @@ print_stats(const gchar *filename, capture_info *cf_info)
}
if (cap_file_hashes) {
printf ("SHA256: %s\n", file_sha256);
- printf ("RIPEMD160: %s\n", file_rmd160);
printf ("SHA1: %s\n", file_sha1);
}
if (cap_order) printf ("Strict time order: %s\n", order_string(cf_info->order));
@@ -857,7 +855,6 @@ print_stats_table_header(void)
if (cap_packet_rate) print_stats_table_header_label("Average packet rate (packets/sec)");
if (cap_file_hashes) {
print_stats_table_header_label("SHA256");
- print_stats_table_header_label("RIPEMD160");
print_stats_table_header_label("SHA1");
}
if (cap_order) print_stats_table_header_label("Strict time order");
@@ -1182,7 +1179,6 @@ calculate_hashes(const char *filename)
}
gcry_md_final(hd);
hash_to_str(gcry_md_read(hd, GCRY_MD_SHA256), HASH_SIZE_SHA256, file_sha256);
- hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, file_rmd160);
hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA1, file_sha1);
}
if (fh) fclose(fh);
@@ -1489,7 +1485,7 @@ print_usage(FILE *output)
fprintf(output, " -E display the capture file encapsulation\n");
fprintf(output, " -I display the capture file interface information\n");
fprintf(output, " -F display additional capture file information\n");
- fprintf(output, " -H display the SHA256, RIPEMD160, and SHA1 hashes of the file\n");
+ fprintf(output, " -H display the SHA256 and SHA1 hashes of the file\n");
fprintf(output, " -k display the capture comment\n");
fprintf(output, "\n");
fprintf(output, "Size infos:\n");
@@ -1842,10 +1838,9 @@ main(int argc, char *argv[])
if (cap_file_hashes) {
gcry_check_version(NULL);
gcry_md_open(&hd, GCRY_MD_SHA256, 0);
- if (hd) {
- gcry_md_enable(hd, GCRY_MD_RMD160);
+ if (hd)
gcry_md_enable(hd, GCRY_MD_SHA1);
- }
+
hash_buf = (char *)g_malloc(HASH_BUF_SIZE);
}
diff --git a/doc/capinfos.adoc b/doc/capinfos.adoc
index 16ed2e300a..124fb56694 100644
--- a/doc/capinfos.adoc
+++ b/doc/capinfos.adoc
@@ -200,7 +200,7 @@ Prints the help listing and exits.
-H::
+
--
-Displays the SHA256, RIPEMD160, and SHA1 hashes for the file.
+Displays the SHA256 and SHA1 hashes for the file.
SHA1 output may be removed in the future.
--
diff --git a/capinfos.c b/capinfos.c
index f0059f4e54..e153097219 100644
--- a/capinfos.c
+++ b/capinfos.c
@@ -148,7 +148,6 @@ static gboolean cap_file_hashes = TRUE; /* Calculate file hashes */
static gchar file_sha256[HASH_STR_SIZE];
-static gchar file_rmd160[HASH_STR_SIZE];
static gchar file_sha1[HASH_STR_SIZE];
static char *hash_buf = NULL;
@@ -1024,11 +1023,6 @@ print_stats_table(const gchar *filename, capture_info *cf_info)
printf("%s", file_sha256);
putquote();
- putsep();
- putquote();
- printf("%s", file_rmd160);
- putquote();
-
putsep();
putquote();
printf("%s", file_sha1);
@@ -1168,7 +1162,6 @@ calculate_hashes(const char *filename)
size_t hash_bytes;
(void) g_strlcpy(file_sha256, "<unknown>", HASH_STR_SIZE);
- (void) g_strlcpy(file_rmd160, "<unknown>", HASH_STR_SIZE);
(void) g_strlcpy(file_sha1, "<unknown>", HASH_STR_SIZE);
if (cap_file_hashes) {
diff --git a/ui/qt/capture_file_properties_dialog.cpp b/ui/qt/capture_file_properties_dialog.cpp
index 9e5b86a7fd..c77056818c 100644
--- a/ui/qt/capture_file_properties_dialog.cpp
+++ b/ui/qt/capture_file_properties_dialog.cpp
@@ -175,11 +175,6 @@ QString CaptureFilePropertiesDialog::summaryToHtml()
<< table_data_tmpl.arg(summary.file_sha256)
<< table_row_end;
- out << table_row_begin
- << table_vheader_tmpl.arg(tr("Hash (RIPEMD160)"))
- << table_data_tmpl.arg(summary.file_rmd160)
- << table_row_end;
-
out << table_row_begin
<< table_vheader_tmpl.arg(tr("Hash (SHA1)"))
<< table_data_tmpl.arg(summary.file_sha1)
diff --git a/ui/summary.c b/ui/summary.c
index 127698fd5c..58c7cd68a4 100644
--- a/ui/summary.c
+++ b/ui/summary.c
@@ -21,7 +21,6 @@
// Strongest to weakest
#define HASH_SIZE_SHA256 32
-#define HASH_SIZE_RMD160 20
#define HASH_SIZE_SHA1 20
#define HASH_BUF_SIZE (1024 * 1024)
@@ -213,12 +212,10 @@ summary_fill_in(capture_file *cf, summary_tally *st)
g_free(idb_info);
(void) g_strlcpy(st->file_sha256, "<unknown>", HASH_STR_SIZE);
- (void) g_strlcpy(st->file_rmd160, "<unknown>", HASH_STR_SIZE);
(void) g_strlcpy(st->file_sha1, "<unknown>", HASH_STR_SIZE);
gcry_md_open(&hd, GCRY_MD_SHA256, 0);
if (hd) {
- gcry_md_enable(hd, GCRY_MD_RMD160);
gcry_md_enable(hd, GCRY_MD_SHA1);
}
hash_buf = (char *)g_malloc(HASH_BUF_SIZE);
@@ -230,7 +227,6 @@ summary_fill_in(capture_file *cf, summary_tally *st)
}
gcry_md_final(hd);
hash_to_str(gcry_md_read(hd, GCRY_MD_SHA256), HASH_SIZE_SHA256, st->file_sha256);
- hash_to_str(gcry_md_read(hd, GCRY_MD_RMD160), HASH_SIZE_RMD160, st->file_rmd160);
hash_to_str(gcry_md_read(hd, GCRY_MD_SHA1), HASH_SIZE_SHA1, st->file_sha1);
}
if (fh) fclose(fh);
diff --git a/ui/summary.h b/ui/summary.h
index 9063b99b77..95a51a38c0 100644
--- a/ui/summary.h
+++ b/ui/summary.h
@@ -56,7 +56,6 @@ typedef struct _summary_tally {
const char *filename; /**< path of capture file */
gint64 file_length; /**< file length in bytes */
gchar file_sha256[HASH_STR_SIZE]; /**< SHA256 hash of capture file */
- gchar file_rmd160[HASH_STR_SIZE]; /**< RIPEMD160 hash of capture file */
gchar file_sha1[HASH_STR_SIZE]; /**< SHA1 hash of capture file */
int file_type; /**< wiretap file type */
wtap_compression_type compression_type; /**< compression type of file, or uncompressed */

22
wireshark.spec
View File

@ -6,7 +6,7 @@
Summary: Network traffic analyzer
Name: wireshark
Version: 4.0.7
Release: 2%{?dist}
Release: 3%{?dist}
Epoch: 1
License: BSD-1-Clause AND BSD-2-Clause AND BSD-3-Clause AND MIT AND GPL-2.0-or-later AND LGPL-2.0-or-later AND Zlib AND ISC AND (BSD-3-Clause OR GPL-2.0-only) AND (GPL-2.0-or-later AND Zlib)
Url: http://www.wireshark.org/
@ -17,18 +17,19 @@ Source2: 90-wireshark-usbmon.rules
Source3: wireshark.sysusers
# Fedora-specific
Patch2: wireshark-0002-Customize-permission-denied-error.patch
Patch2: wireshark-0002-Customize-permission-denied-error.patch
# Will be proposed upstream
Patch3: wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
Patch3: wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
# Fedora-specific
Patch4: wireshark-0004-Restore-Fedora-specific-groups.patch
Patch4: wireshark-0004-Restore-Fedora-specific-groups.patch
# Fedora-specific
Patch5: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
Patch5: wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
# Fedora-specific
Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch
Patch7: wireshark-0007-cmakelists.patch
Patch8: wireshark-0008-glib2-g_strdup-build.patch
Patch9: wireshark-0009-fix-asn2wrs-cmake.patch
Patch6: wireshark-0006-Move-tmp-to-var-tmp.patch
Patch7: wireshark-0007-cmakelists.patch
Patch8: wireshark-0008-glib2-g_strdup-build.patch
Patch9: wireshark-0009-fix-asn2wrs-cmake.patch
Patch10: wireshark-0010-ripemd-fips-core-dump.patch
#install tshark together with wireshark GUI
Requires: %{name}-cli = %{epoch}:%{version}-%{release}
@ -279,6 +280,9 @@ fi
%{_libdir}/pkgconfig/%{name}.pc
%changelog
* Fri Jul 28 2023 Michal Ruprich <mruprich@redhat.com> - 1:4.0.7-3
- Resolves: #2227004 - capinfos aborts in FIPS
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:4.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild