Update Wireshark 3.4.14 to fix CVE-2021-4181 CVE-2021-4182 CVE-2021-4184 CVE-2021-4185 CVE-2021-4186 CVE-2021-4190 CVE-2021-22207 CVE-2021-22222 CVE-2021-22235 CVE-2021-39920 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39926 CVE-2021-39928 CVE-2021-39929 CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586 (#3151)

* Updated wireshark spec file for consistency with original upstream spec file * Formatting changes and misc fixes per code review comments * Additional cleanups. Fix the build. Fix the cgmanifest * Fix uncapitalized 'r'
2022-06-14 23:11:53 -07:00 · 2022-06-14 23:11:53 -07:00 · fbaa34dda0
parent 2d0dfa2124
commit fbaa34dda0
4 changed files with 93 additions and 194 deletions
--- a/SPECS-EXTENDED/wireshark/SIGNATURES-3.4.4.txt
+++ b/SPECS-EXTENDED/wireshark/SIGNATURES-3.4.4.txt
@ -1,60 +0,0 @@
-----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA512
-
-wireshark-3.4.4.tar.xz: 32290424 bytes
-SHA256(wireshark-3.4.4.tar.xz)=729cd11e9715c600e5ad74ca472bacf8af32c20902192d5f2b271268511d4d29
-RIPEMD160(wireshark-3.4.4.tar.xz)=677c151b94af472ae3ae390e51781ec0cc371ddd
-SHA1(wireshark-3.4.4.tar.xz)=fa5c553596dcc6a59735f96a9a0845e3c40abab2
-
-Wireshark-win64-3.4.4.exe: 61473376 bytes
-SHA256(Wireshark-win64-3.4.4.exe)=568d5b3f7dcca301d4f4069b72fd458cd6fb9562c4f06227ccb2a1804b260b26
-RIPEMD160(Wireshark-win64-3.4.4.exe)=6b96ee9476eb489c73c0492a9f4280d89b816f78
-SHA1(Wireshark-win64-3.4.4.exe)=6a9d141fdb5f7ca20542b30ab6292cc3122ff051
-
-Wireshark-win32-3.4.4.exe: 56510344 bytes
-SHA256(Wireshark-win32-3.4.4.exe)=673b677da839d3fe2840e5b0cf3fc243550c9c927d1ae2a933357da2c915e215
-RIPEMD160(Wireshark-win32-3.4.4.exe)=cea7826baf220ccd8c3bcd512372560fed32e982
-SHA1(Wireshark-win32-3.4.4.exe)=b36eb29de4ad7e5c220b2cc86482946e504ea7c5
-
-Wireshark-win64-3.4.4.msi: 49799168 bytes
-SHA256(Wireshark-win64-3.4.4.msi)=1e8829be797e3668b17db8407e93dd045095034b520d0d4f0178c7bda159fba5
-RIPEMD160(Wireshark-win64-3.4.4.msi)=52dae81fc928431bd3b40adb9daf4d1038b6397e
-SHA1(Wireshark-win64-3.4.4.msi)=6ce20d8985bc7c91a4b1ae11794f17d3f2fbfd69
-
-Wireshark-win32-3.4.4.msi: 44765184 bytes
-SHA256(Wireshark-win32-3.4.4.msi)=dc4f5d8f07e866ff5bfb2dd963daaaf8556d8e8ba768cf45839c7a9f955bfb07
-RIPEMD160(Wireshark-win32-3.4.4.msi)=125999a47e7505f3ac7dc5cb68ec599265b3f6f7
-SHA1(Wireshark-win32-3.4.4.msi)=c38bc9105e2badf609865b140ad3a366dc96a796
-
-WiresharkPortable_3.4.4.paf.exe: 38391936 bytes
-SHA256(WiresharkPortable_3.4.4.paf.exe)=494567df57b8cce9f66d1c2167b86fa8e29d4509eef2a938ece22ad6e82b0ce5
-RIPEMD160(WiresharkPortable_3.4.4.paf.exe)=5a2429471f8e533a7cabe97fa6967f5318fe4ec0
-SHA1(WiresharkPortable_3.4.4.paf.exe)=39bddbade8230e4cc21f0be9c4ffd0194a497047
-
-Wireshark 3.4.4 Intel 64.dmg: 130951404 bytes
-SHA256(Wireshark 3.4.4 Intel 64.dmg)=23cee0b900ef2d421ae190c8226bea2a5ac834e02925778202e3ed4c75e9da6f
-RIPEMD160(Wireshark 3.4.4 Intel 64.dmg)=9f167b7c3063f616dd522f8f7f70e17d8b75997d
-SHA1(Wireshark 3.4.4 Intel 64.dmg)=2b538e068a1d0e8ef37cdae0c2d45ba3ef1b63b7
-
-You can validate these hashes using the following commands (among others):
-
-    Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256
-    Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz
-    macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg"
-    Other: openssl sha256 wireshark-x.y.z.tar.xz
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAmBJH8sACgkQgiRKeOb+
-rupySA//fac78zQqP48trG/MF3Xz53/TAPjTJH1tcrXRQqIlMyLm/cT5oMEUEfm3
-lc7Jzn9wNkrxRTRNJ6jwn2JjKqnIT3XI4cdkZPq/99hI0ob/nK1MjaeJ51XiYJ2E
-8y0eU+Rcig9eOX6S5M+O0wQiN/rXpD5JuY3OZsh55C1R+cxiDkNL5AknuwByxaCr
-WTw8nTBOvMG5RiKVPyPQYEX6vCmulFzIx97zO20FBUbncKec6BA/h5t93tf55N6e
-NmV7cQm/lu41r+t0dBWa4fe/7+XI2NHTbPcgYpIWlviNVzUpY85smXIB2fGoLnmd
-kR/TLDDLj5fXjz09P0psRxvNPbSv9St5CAIlPNgESwL8H7us/FOkoiSkcYEySG7p
-E4nQ9Q0zCfw0OkNdRvyyuJaiFYWt3BktfpWRgqAZKOHIJl7WR/nY3+Ut4BG3XtC8
-IznUHo9M4dXBYYWd+BYCScpD1+yEHFnATf2y52MHUAackdg/+piNrFnBiJ69KrvE
-3jET1MpKqIvfe6/QOSJs4Fyd89x/gRhzxWxtxXXieeEhTuqSRvktecq0P9raGlbZ
-QcKJ+7D/uu4C70iHPl/57AzOrAKFKcbhrGed4MUSzuwmTiGy8IiazcHiSVbf3PXQ
-ogPHN9sA5uva9z9VqJH/OjHKn7WXmxov5/x65LeIbr6GAKgXW+g=
-=Rswq
-----END PGP SIGNATURE-----
--- a/SPECS-EXTENDED/wireshark/wireshark.signatures.json
+++ b/SPECS-EXTENDED/wireshark/wireshark.signatures.json
@ -1,7 +1,6 @@
 {
 "Signatures": {
  "90-wireshark-usbmon.rules": "31310c5e45835563ee9daba99bc09849cc004e8d9c712d0860211d5fa5563bcb",
-  "SIGNATURES-3.4.4.txt": "31cff87a96e012c113d2e5eec307bd4d9dc861aea5adfab5aa3a53f9a780e85c",
-  "wireshark-3.4.4.tar.xz": "729cd11e9715c600e5ad74ca472bacf8af32c20902192d5f2b271268511d4d29"
+  "wireshark-3.4.14.tar.xz": "32b0d0772e942d2d66cb3757bfb5027e53a6ddfbc908b65be5f3048f7a082dee"
 }
 }
--- a/SPECS-EXTENDED/wireshark/wireshark.spec
+++ b/SPECS-EXTENDED/wireshark/wireshark.spec
@ -1,90 +1,68 @@
-Vendor:         Microsoft Corporation
-Distribution:   Mariner
 %global with_lua 1
 %global with_maxminddb 1
 %global plugins_version 3.4
-%global with_gui 0

-Summary:	Network traffic analyzer
-Name:		wireshark
-Version:	3.4.4
-Release:	5%{?dist}
-License:	BSD and GPLv2
-Url:		http://www.wireshark.org/
-
-Source0:	https://wireshark.org/download/src/all-versions/%{name}-%{version}.tar.xz
-Source1:        https://www.wireshark.org/download/src/all-versions/SIGNATURES-%{version}.txt
-Source2:	90-wireshark-usbmon.rules
+Summary:        Network traffic analyzer
+Name:           wireshark
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+Version:        3.4.14
+Release:        1%{?dist}
+License:        BSD and GPLv2
+Url:            https://www.wireshark.org/
+Source0:        https://2.na.dl.wireshark.org/src/all-versions/%{name}-%{version}.tar.xz 
+Source1:        90-wireshark-usbmon.rules

 # Fedora-specific
-Patch2:		wireshark-0002-Customize-permission-denied-error.patch
+Patch2:         wireshark-0002-Customize-permission-denied-error.patch
 # Will be proposed upstream
-Patch3:		wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
+Patch3:         wireshark-0003-fix-string-overrun-in-plugins-profinet.patch
 # Fedora-specific
-Patch4:		wireshark-0004-Restore-Fedora-specific-groups.patch
+Patch4:         wireshark-0004-Restore-Fedora-specific-groups.patch
 # Fedora-specific
-Patch5:		wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
+Patch5:         wireshark-0005-Fix-paths-in-a-wireshark.desktop-file.patch
 # Fedora-specific
-Patch6:		wireshark-0006-Move-tmp-to-var-tmp.patch
-Patch7:		wireshark-0007-cmakelists.patch
+Patch6:         wireshark-0006-Move-tmp-to-var-tmp.patch
+Patch7:         wireshark-0007-cmakelists.patch

 #install tshark together with wireshark GUI
-Requires:	%{name}-cli = %{version}-%{release}

-Requires:	xdg-utils
-Requires:	hicolor-icon-theme

-%if %{with_maxminddb} && 0%{?fedora}
-Requires:	libmaxminddb
-%endif
-
-BuildRequires:	bzip2-devel
-BuildRequires:	perl(English)
-BuildRequires:	c-ares-devel
-BuildRequires:	elfutils-devel
-BuildRequires:	gcc-c++
-BuildRequires:	glib2-devel
-BuildRequires:	gnutls-devel
-BuildRequires:	krb5-devel
-BuildRequires:	libcap-devel
-BuildRequires:	libgcrypt-devel
-BuildRequires:	libnl3-devel
-BuildRequires:	libpcap-devel >= 0.9
-BuildRequires:	libselinux-devel
-BuildRequires:	libsmi-devel
-BuildRequires:	openssl-devel
-BuildRequires:	desktop-file-utils
-BuildRequires:	xdg-utils
-BuildRequires:	bison
-BuildRequires:	flex
-BuildRequires:	pcre-devel
-BuildRequires:	perl(Pod::Html)
-BuildRequires:	perl(Pod::Man)
-BuildRequires:	perl(open)
-Buildrequires:	libssh-devel
-BuildRequires:	qt5-linguist
-BuildRequires:	qt5-qtbase-devel
-%if %{with_gui}
-BuildRequires:	qt5-qtmultimedia-devel
-%endif
-BuildRequires:	qt5-qtsvg-devel
-BuildRequires:	zlib-devel
-%if %{with_maxminddb} && 0%{?fedora}
-BuildRequires:	libmaxminddb-devel
-%endif
-%if %{with_lua} && 0%{?fedora}
-BuildRequires:	compat-lua-devel
-%endif
-Buildrequires: git
-%if 0%{?fedora}
-Buildrequires: python3-devel
-%endif
-Buildrequires: cmake
-#needed for sdjournal external capture interface
-BuildRequires: systemd-devel
-BuildRequires: libnghttp2-devel
-
-Obsoletes: wireshark-qt, wireshark-gtk
+BuildRequires:  bzip2-devel
+BuildRequires:  bison
+BuildRequires:  c-ares-devel
+Buildrequires:  cmake
+BuildRequires:  elfutils-devel
+BuildRequires:  flex
+BuildRequires:  gcc-c++
+BuildRequires:  git
+BuildRequires:  glib2-devel
+BuildRequires:  gnutls-devel
+BuildRequires:  krb5-devel
+BuildRequires:  libcap-devel
+BuildRequires:  libgcrypt-devel
+BuildRequires:  libnl3-devel
+BuildRequires:  libnghttp2-devel
+BuildRequires:  libpcap-devel >= 0.9
+BuildRequires:  libselinux-devel
+BuildRequires:  libsmi-devel
+BuildRequires:  libssh-devel
+BuildRequires:  openssl-devel
+BuildRequires:  pcre-devel
+BuildRequires:  perl(English)
+BuildRequires:  perl(Pod::Html)
+BuildRequires:  perl(Pod::Man)
+BuildRequires:  perl(open)
+BuildRequires:  python3
+Buildrequires:  python3-devel
+BuildRequires:  systemd-devel
+BuildRequires:  xdg-utils
+BuildRequires:  zlib-devel
+Requires:       c-ares
+Requires:       glib2
+Requires:       systemd-libs
+Requires:       zlib
+Requires:       %{name}-cli = %{version}-%{release}

 %description
 Wireshark allows you to examine protocol data stored in files or as it is
@ -97,18 +75,18 @@ and the ability to reassemble multiple protocol packets in order to, for
 example, view a complete TCP stream, save the contents of a file which was
 transferred over HTTP or CIFS, or play back an RTP audio stream.

-%package	cli
-Summary:	Network traffic analyzer
-Requires(pre):	shadow-utils
-Requires(post): systemd-udev
+%package        cli
+Summary:          Network traffic analyzer
+Requires(pre):    shadow-utils
+Requires(post):   systemd-udev

-%description cli
+%description    cli
 This package contains command-line utilities, plugins, and documentation for
 Wireshark.

-%package devel
-Summary:	Development headers and libraries for wireshark
-Requires:	%{name} = %{version}-%{release} glibc-devel glib2-devel
+%package        devel
+Summary:          Development headers and libraries for wireshark
+Requires:         %{name} = %{version}-%{release} glibc-devel glib2-devel

 %description devel
 The wireshark-devel package contains the header files, developer
@ -121,29 +99,20 @@ and plugins.

 %build
 %cmake -G "Unix Makefiles" \
+  -DCMAKE_INSTALL_PREFIX="%{_prefix}" \
  -DDISABLE_WERROR=ON \
-%if %{with_gui}
-  -DBUILD_wireshark=ON \
-%else
-  -DBUILD_wireshark=OFF \
-%endif
-%if %{with_lua} && 0%{?fedora}
-  -DENABLE_LUA=ON \
-%else
  -DENABLE_LUA=OFF \
-%endif
-%if %{with_maxminddb} && 0%{?fedora} 
-  -DBUILD_mmdbresolve=ON \
-%else
-  -DBUILD_mmdbresolve=OFF \
-%endif
-  -DBUILD_randpktdump=OFF \
-  -DBUILD_androiddump=ON \
-  -DENABLE_SMI=ON \
-  -DENABLE_PLUGINS=ON \
+  -DENABLE_LIBXML2=ON \
  -DENABLE_NETLINK=ON \
+  -DENABLE_NGHTTP2=ON \
+  -DENABLE_PLUGINS=ON \
+  -DENABLE_SMI=ON \
+  -DBUILD_androiddump=OFF \
  -DBUILD_dcerpcidl2wrs=OFF \
+  -DBUILD_mmdbresolve=OFF \
+  -DBUILD_randpktdump=OFF \
  -DBUILD_sdjournal=ON \
+  -DBUILD_wireshark=OFF \
  .

 make %{?_smp_mflags}
@ -151,9 +120,6 @@ make %{?_smp_mflags}
 %install
 make DESTDIR=%{buildroot} install

-%if %{with_gui}
-desktop-file-validate %{buildroot}%{_datadir}/applications/wireshark.desktop
-%endif

 #install devel files (inspired by debian/wireshark-dev.header-files)
 install -d -m 0755  %{buildroot}%{_includedir}/wireshark
@ -167,19 +133,20 @@ mkdir -p "${IDIR}/epan/wmem"
 mkdir -p "${IDIR}/wiretap"
 mkdir -p "${IDIR}/wsutil"
 mkdir -p %{buildroot}%{_udevrulesdir}
-install -m 644 config.h epan/register.h	"${IDIR}/"
-install -m 644 cfile.h file.h		"${IDIR}/"
-install -m 644 ws_symbol_export.h	"${IDIR}/"
-install -m 644 epan/*.h			"${IDIR}/epan/"
-install -m 644 epan/crypt/*.h		"${IDIR}/epan/crypt"
-install -m 644 epan/ftypes/*.h		"${IDIR}/epan/ftypes"
-install -m 644 epan/dfilter/*.h		"${IDIR}/epan/dfilter"
-install -m 644 epan/dissectors/*.h	"${IDIR}/epan/dissectors"
-install -m 644 epan/wmem/*.h		"${IDIR}/epan/wmem"
-install -m 644 wiretap/*.h		"${IDIR}/wiretap"
-install -m 644 wsutil/*.h		"${IDIR}/wsutil"
-install -m 644 ws_diag_control.h	"${IDIR}/"
-install -m 644 %{SOURCE2}		%{buildroot}%{_udevrulesdir}
+install -m 644 config.h epan/register.h "${IDIR}/"
+install -m 644 cfile.h file.h "${IDIR}/"
+install -m 644 ws_symbol_export.h "${IDIR}/"
+install -m 644 epan/*.h "${IDIR}/epan/"
+install -m 644 epan/crypt/*.h "${IDIR}/epan/crypt"
+install -m 644 epan/ftypes/*.h "${IDIR}/epan/ftypes"
+install -m 644 epan/dfilter/*.h "${IDIR}/epan/dfilter"
+install -m 644 epan/dissectors/*.h "${IDIR}/epan/dissectors"
+install -m 644 epan/wmem/*.h "${IDIR}/epan/wmem"
+install -m 644 wiretap/*.h "${IDIR}/wiretap"
+install -m 644 wsutil/*.h "${IDIR}/wsutil"
+install -m 644 ws_diag_control.h "${IDIR}/"
+install -m 644 %{SOURCE1} %{buildroot}%{_udevrulesdir}
+

 touch %{buildroot}%{_bindir}/%{name}

@ -195,19 +162,12 @@ getent group usbmon >/dev/null || groupadd -r usbmon
 # skip triggering if udevd isn't even accessible, e.g. containers or
 # rpm-ostree-based systems
 if [ -S /run/udev/control ]; then
-	/usr/bin/udevadm trigger --subsystem-match=usbmon
+  /usr/bin/udevadm trigger --subsystem-match=usbmon
 fi

 %ldconfig_postun cli

 %files
-%if %{with_gui}
-%{_datadir}/appdata/%{name}.appdata.xml
-%{_datadir}/applications/wireshark.desktop
-%{_datadir}/icons/hicolor/*/apps/*
-%{_datadir}/icons/hicolor/*/mimetypes/*
-%{_datadir}/mime/packages/wireshark.xml
-%endif
 %{_bindir}/wireshark
 %{_mandir}/man1/wireshark.*

@ -223,9 +183,6 @@ fi
 %{_bindir}/sharkd
 %{_bindir}/text2pcap
 %{_bindir}/tshark
-%if %{with_maxminddb} && 0%{?fedora}
-%{_bindir}/mmdbresolve
-%endif
 %attr(0750, root, wireshark) %caps(cap_net_raw,cap_net_admin=ep) %{_bindir}/dumpcap
 %{_bindir}/rawshark
 %{_udevrulesdir}/90-wireshark-usbmon.rules
@ -238,7 +195,6 @@ fi
 %{_libdir}/wireshark/extcap/sshdump
 %{_libdir}/wireshark/extcap/sdjournal
 %{_libdir}/wireshark/extcap/dpauxmon
-%{_libdir}/wireshark/extcap/androiddump
 %dir %{_libdir}/wireshark/cmake
 %{_libdir}/wireshark/cmake/*.cmake
 #the version wireshark uses to store plugins is only x.y, not .z
@ -269,9 +225,6 @@ fi
 %{_mandir}/man1/dpauxmon.*
 %{_mandir}/man1/sdjournal.*
 %{_mandir}/man4/extcap.*
-%if %{with_maxminddb} && 0%{?fedora}
-%{_mandir}/man1/mmdbresolve.*
-%endif
 %dir %{_datadir}/wireshark
 %{_datadir}/wireshark/*
 %{_docdir}/wireshark/*.html
@ -283,6 +236,13 @@ fi
 %{_libdir}/pkgconfig/%{name}.pc

 %changelog
+* Fri Jun 10 2022 Jon Slobodzian <joslobo@microsoft.com> - 3.4.14-1
+- Update to resolves CVEs
+- Disabled Android Dump.
+- Removed unused/disabled features.
+- Fixed Formatting.
+
+
 * Wed Feb 16 2022 Pawel Winogrodzki <pawelwi@microsoft.com> - 3.4.4-5
 - License verified.

--- a/cgmanifest.json
+++ b/cgmanifest.json
@ -26337,8 +26337,8 @@
        "type": "other",
        "other": {
          "name": "wireshark",
-          "version": "3.4.4",
-          "downloadUrl": "https://wireshark.org/download/src/all-versions/wireshark-3.4.4.tar.xz"
+          "version": "3.4.14",
+          "downloadUrl": "https://2.na.dl.wireshark.org/src/all-versions/wireshark-3.4.14.tar.xz"
        }
      }
    },