From dc989352ef495a181262c44a6f568002b7348f788f68d6b93c420807487e924c Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Thu, 2 Jul 2020 09:06:49 +0000 Subject: [PATCH] Accepting request 818182 from home:AndreasStieger:branches:network:utilities Wireshark 3.2.5: * CVE-2020-15466: GVCP dissector infinite loop (boo#1173606) OBS-URL: https://build.opensuse.org/request/show/818182 OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=312 --- SIGNATURES-3.2.4.txt | 60 -------------------------------------- wireshark-3.2.4.tar.xz | 3 -- wireshark-3.2.5.tar.xz | 3 ++ wireshark-3.2.5.tar.xz.asc | 60 ++++++++++++++++++++++++++++++++++++++ wireshark.changes | 11 +++++++ wireshark.spec | 4 +-- 6 files changed, 76 insertions(+), 65 deletions(-) delete mode 100644 SIGNATURES-3.2.4.txt delete mode 100644 wireshark-3.2.4.tar.xz create mode 100644 wireshark-3.2.5.tar.xz create mode 100644 wireshark-3.2.5.tar.xz.asc diff --git a/SIGNATURES-3.2.4.txt b/SIGNATURES-3.2.4.txt deleted file mode 100644 index 999f440..0000000 --- a/SIGNATURES-3.2.4.txt +++ /dev/null @@ -1,60 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -wireshark-3.2.4.tar.xz: 31580440 bytes -SHA256(wireshark-3.2.4.tar.xz)=d17d461e849e2d0b033431c45f71d8ee8ec3c8faa232a6ad63069a47927db8aa -RIPEMD160(wireshark-3.2.4.tar.xz)=5dccf5ba44dd8f6c275b74ab07137ce80f4ab76d -SHA1(wireshark-3.2.4.tar.xz)=bb4157b57c1bcdbac948a1282dafad027d57be9b - -Wireshark-win32-3.2.4.exe: 54867824 bytes -SHA256(Wireshark-win32-3.2.4.exe)=c17e4a812031d5dfd4ef0a4b4dae1b60bb45eb7ce8c9e8b1b5eff4db5bcf4b72 -RIPEMD160(Wireshark-win32-3.2.4.exe)=3ac743c96a4b1e9e006501e45b1a8f398d54d511 -SHA1(Wireshark-win32-3.2.4.exe)=ea4cc781339618eb16db4fdc96c413f119229ef3 - -Wireshark-win64-3.2.4.exe: 60037848 bytes -SHA256(Wireshark-win64-3.2.4.exe)=db2565ee6410b7c57f54aaac86954e4f6a98e2ea31ffbea83e60b981fff57301 -RIPEMD160(Wireshark-win64-3.2.4.exe)=e058bfdb62c1b0392d39c80d24e7f001587ed907 -SHA1(Wireshark-win64-3.2.4.exe)=32c0cea3623db22eb7f0dbf24ac4902a4e873f3d - -Wireshark-win32-3.2.4.msi: 43028480 bytes -SHA256(Wireshark-win32-3.2.4.msi)=a614bdb63e9dfa1150cdcb471790ebe32f1c8a269079cbccab6ece4ad7700575 -RIPEMD160(Wireshark-win32-3.2.4.msi)=7431e01c63b522ad59f1adb58fa0da7e5b12362b -SHA1(Wireshark-win32-3.2.4.msi)=22ca61d51e9d66e198769225fbbc0bfc2f3a0f76 - -Wireshark-win64-3.2.4.msi: 48283648 bytes -SHA256(Wireshark-win64-3.2.4.msi)=eb13bc841c98c398a7f26705f3621ac4ffe90fc158f4ea48db3ba56968a0d41b -RIPEMD160(Wireshark-win64-3.2.4.msi)=33e2f498e1919a11b1c20cb125af30c304534cc8 -SHA1(Wireshark-win64-3.2.4.msi)=4e2aeab60879518b5d9a81d8449874db23ad4dc6 - -WiresharkPortable_3.2.4.paf.exe: 36581616 bytes -SHA256(WiresharkPortable_3.2.4.paf.exe)=2c8ea4e6776a334d43909c53d7c656db10ad425beec5fe927b8d1fb0467309da -RIPEMD160(WiresharkPortable_3.2.4.paf.exe)=759413437b7b91efe28eab3c6120530421ada774 -SHA1(WiresharkPortable_3.2.4.paf.exe)=6c0f29f5554b0ee7160b21f7a6c6a5069161e266 - -Wireshark 3.2.4 Intel 64.dmg: 97572886 bytes -SHA256(Wireshark 3.2.4 Intel 64.dmg)=735d43bdbde1caeb9bfff89acc62acfeb05ffda36e6d0d243bc08333e60fdac6 -RIPEMD160(Wireshark 3.2.4 Intel 64.dmg)=672b26161f45f015fff6d16d96570b85f59c0bcb -SHA1(Wireshark 3.2.4 Intel 64.dmg)=5a550cae3e5cc02441f39df2fdb84edb525d5b87 - -You can validate these hashes using the following commands (among others): - - Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 - Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz - macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg" - Other: openssl sha256 wireshark-x.y.z.tar.xz ------BEGIN PGP SIGNATURE----- - -iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAl7ENyMACgkQgiRKeOb+ -rurlZhAApTzNUsdr7BZUFQQW0khyurVqbh3MQLFw37po0OQgXI3Yy9lw1QBIZLgS -MXCgVRSmKIH8mq9KbReUkno1zFr3S9o5Cv3FSVuTQFbnsrj7RfUu1tjW/1Sm/8Oh -INpt9miE6KFfmgbagAbcKx/ZlbPolx9v/g3u963cBLkappobwsDgphQkHUNADIgD -82YkF5/lIiY29JzdAsN1tAy31qkPQiabL/nfgN4QDEH3zqw63QSeJd8We8Rm3uX/ -fH+nadIaTzmxWHtWHl/9t2BBlGGk9Y7A2A9/Z2Afv93q4gZwT3yiz1oz4VI7iavB -EQ2xcQhFzwH1HYRLvXTyiPhAiDbpPBJfTPja1q5Vqtg4G8SD1Ko18RHHo0+dJ5Zp -5fnbzivz+3JIk2OT1a5ibNPZOtJ1C/fksZ1LiVPzxuc2MenFsmQdxcyT8ZxVt7Xw -weF3a6ZXbLljbGdWzLlcFU6yqiPfaZ+0TttkeHA2pv9o6kcUVYxxEPQaWdKfniOu -AQ2JcH2i+OH/+TiJmxNVFydeFMfVofPbUyjyxPNEjK6Ps+PPVwKHxr0qXnx0i3eO -NloV5kadXnesa07AS7g1ICgY9VXcp2SvB4atSkTu1jw2D8E6iOhF5VjN4WC1Le9P -bHehFL9hVuKUOTT91sa5UNrqqYRjnRsnY51bVQJKPUncGFH1qP4= -=Jh4P ------END PGP SIGNATURE----- diff --git a/wireshark-3.2.4.tar.xz b/wireshark-3.2.4.tar.xz deleted file mode 100644 index 90937bf..0000000 --- a/wireshark-3.2.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d17d461e849e2d0b033431c45f71d8ee8ec3c8faa232a6ad63069a47927db8aa -size 31580440 diff --git a/wireshark-3.2.5.tar.xz b/wireshark-3.2.5.tar.xz new file mode 100644 index 0000000..1e5014c --- /dev/null +++ b/wireshark-3.2.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:bd89052a5766cce08b1090df49628567e48cdd24bbaa47667c851bac6aaac940 +size 31626148 diff --git a/wireshark-3.2.5.tar.xz.asc b/wireshark-3.2.5.tar.xz.asc new file mode 100644 index 0000000..d1696e8 --- /dev/null +++ b/wireshark-3.2.5.tar.xz.asc @@ -0,0 +1,60 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +wireshark-3.2.5.tar.xz: 31626148 bytes +SHA256(wireshark-3.2.5.tar.xz)=bd89052a5766cce08b1090df49628567e48cdd24bbaa47667c851bac6aaac940 +RIPEMD160(wireshark-3.2.5.tar.xz)=940abd3d33418559b207bd9f23826626b3edd311 +SHA1(wireshark-3.2.5.tar.xz)=468c547ad13df805322e0979b348dcc602904017 + +Wireshark-win64-3.2.5.exe: 60082856 bytes +SHA256(Wireshark-win64-3.2.5.exe)=b9626086253e00fbaf35c7d91c768aa4895d0d2e59b4e48b01331dce7cfeb510 +RIPEMD160(Wireshark-win64-3.2.5.exe)=eeec26f1442e387255e3243a324bb7388f055011 +SHA1(Wireshark-win64-3.2.5.exe)=97fd437ded33ef1d260fe6dc2a8e2e53707fe12e + +Wireshark-win32-3.2.5.exe: 54936520 bytes +SHA256(Wireshark-win32-3.2.5.exe)=728d51ba8e1d551ff29b2432933923112bc5d43100ee4b327085dbdda739dcd1 +RIPEMD160(Wireshark-win32-3.2.5.exe)=523866234f16f94e621f0de59702c2f4063aff3f +SHA1(Wireshark-win32-3.2.5.exe)=040ce6010c874242356177d82e9550c84b092267 + +Wireshark-win32-3.2.5.msi: 43114496 bytes +SHA256(Wireshark-win32-3.2.5.msi)=f9a7739e40193f387cfcaab5f8e7f3a8705a49096b7853d48ddf87eb7c0916a0 +RIPEMD160(Wireshark-win32-3.2.5.msi)=8feed2651be7b1ed2ad2ab2c02f8db4533064361 +SHA1(Wireshark-win32-3.2.5.msi)=cc1487b37d5bbfad7e0a01d9334e95e7f72c9a96 + +Wireshark-win64-3.2.5.msi: 48381952 bytes +SHA256(Wireshark-win64-3.2.5.msi)=f8b0b963ac7bf87f851389a396d5a39dae733ec7ad8b259c097cd3d1f61990d8 +RIPEMD160(Wireshark-win64-3.2.5.msi)=a94a1a86e60b7d2fe78ae7256dac6645f80c496b +SHA1(Wireshark-win64-3.2.5.msi)=e8b887f473899cc3fb169c3ca71027cbe5724218 + +WiresharkPortable_3.2.5.paf.exe: 36672608 bytes +SHA256(WiresharkPortable_3.2.5.paf.exe)=a8601a7b0232d1a17acb969ee658952a794d8da06588d7039a48b35653169670 +RIPEMD160(WiresharkPortable_3.2.5.paf.exe)=6d8fa89a6b9f153a3dca521d8fd59144760557cd +SHA1(WiresharkPortable_3.2.5.paf.exe)=4cd2344eeda2f3a8b1b361bcb123da6038ea2c78 + +Wireshark 3.2.5 Intel 64.dmg: 97687693 bytes +SHA256(Wireshark 3.2.5 Intel 64.dmg)=c95277ecc61c22b900591d07dae94ef659fe1d80d584479ddc46855b4e3a3745 +RIPEMD160(Wireshark 3.2.5 Intel 64.dmg)=81a2f9e3e51bcd8182ddb3ffe226481f3d1e3be2 +SHA1(Wireshark 3.2.5 Intel 64.dmg)=d0abf53b543f256201628f4880e32b8b104ce6bb + +You can validate these hashes using the following commands (among others): + + Windows: certutil -hashfile Wireshark-win64-x.y.z.exe SHA256 + Linux (GNU Coreutils): sha256sum wireshark-x.y.z.tar.xz + macOS: shasum -a 256 "Wireshark x.y.z Intel 64.dmg" + Other: openssl sha256 wireshark-x.y.z.tar.xz +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEWlrbp9vqbD+HIk8ZgiRKeOb+ruoFAl788ugACgkQgiRKeOb+ +ruqcdhAA7qkQvKl/CRw5/phaHYV4M8ICakK9znqVffudNs49o78z7cFTi+yww+92 +LAjFsmeeX15FaWx5TAixn88UGoI+B15FRmkFdpH0zZHa82DsmMTizbQ+c0ofGUPZ +FdwGgl4yLhbZQQUXE+4Ucarn9DoOc7GMeS/KW2F5+bNtmRVEeawB8Yu25lytA0ry +tRs4y8p+KqnvNLaXLCrNcUzhwtNpUnnrnL1HPQ4VwE3Dtq5gifkI7jAXCkmcqtV/ +4RxIDNVtmFyqxd7GDcCENjiGjgbGyxAc+vrQK3pnElaMnPICjMwnof/3g9+yebJe +4iTgzqOxATSWB41bzbNAN8D5/HCBMbUWY3jQ4rbE354TmnhTTY05kMV5jZNZgELT +B+5BHBcY5S5Vq3UTRQIaRHKtuaAfnteW5zAvcZSIgrG8fd+ca06fU/TPrqvmq7bQ +ZdrDO2tXyYUcUeBwZoq2m89v/DJPaMaQWpOo1aWTtGoc/JE13UcR/g88lWt4ze+7 +iUhSDtkPQgdsvuGGhfz3GLVrmVfb/+TbDLZtwP4dyA+uJUfwZLzLnjsCXbK2R7uc +NjCSMpM1zvsv3newz2JXNjltFOFIBqhP9aZ64rvcm6M9AGiqeQ65nOY3GvL7Q49S +2lQ029OUcK4xTsLSLRepF2lg6lqVpVU/rnMqHMSaWkTekJffTJ4= +=onva +-----END PGP SIGNATURE----- diff --git a/wireshark.changes b/wireshark.changes index 4522ee2..4065d57 100644 --- a/wireshark.changes +++ b/wireshark.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Wed Jul 1 22:22:24 UTC 2020 - Andreas Stieger + +- Wireshark 3.2.5: + * CVE-2020-15466: GVCP dissector infinite loop (boo#1173606) + * Further features, bug fixes and updated protocol support as + listed in: + https://www.wireshark.org/docs/relnotes/wireshark-3.2.5.html +- make verification of package source signatures compatible with + source_validator + ------------------------------------------------------------------- Fri Jun 5 08:21:21 UTC 2020 - Michel Normand diff --git a/wireshark.spec b/wireshark.spec index 2e69f96..824b3c3 100644 --- a/wireshark.spec +++ b/wireshark.spec @@ -27,14 +27,14 @@ %bcond_with lz4 %endif Name: wireshark -Version: 3.2.4 +Version: 3.2.5 Release: 0 Summary: A Network Traffic Analyser License: GPL-2.0-or-later AND GPL-3.0-or-later Group: Productivity/Networking/Diagnostic URL: https://www.wireshark.org/ Source: https://www.wireshark.org/download/src/%{name}-%{version}.tar.xz -Source2: https://www.wireshark.org/download/SIGNATURES-%{version}.txt +Source2: https://www.wireshark.org/download/SIGNATURES-%{version}.txt#/%{name}-%{version}.tar.xz.asc Source3: https://www.wireshark.org/download/gerald_at_wireshark_dot_org.gpg#/wireshark.keyring BuildRequires: bison BuildRequires: flex