From patchwork Wed Feb  5 17:05:32 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Titouan Christophe <titouan.christophe@railnova.eu>
X-Patchwork-Id: 1233918
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized)
	smtp.mailfrom=busybox.net (client-ip=140.211.166.136;
	helo=silver.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=railnova.eu
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=railnova-eu.20150623.gappssmtp.com
	header.i=@railnova-eu.20150623.gappssmtp.com
	header.a=rsa-sha256 header.s=20150623 header.b=oTaIvIo7;
	dkim-atps=neutral
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 48CScx2FRNz9sS9
	for <incoming-buildroot@patchwork.ozlabs.org>;
	Thu,  6 Feb 2020 04:05:52 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 2AEBE214E4;
	Wed,  5 Feb 2020 17:05:51 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 5ql945t5mfxF; Wed,  5 Feb 2020 17:05:50 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by silver.osuosl.org (Postfix) with ESMTP id EAF12214EC;
	Wed,  5 Feb 2020 17:05:49 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	by ash.osuosl.org (Postfix) with ESMTP id DD34E1BF5A5
	for <buildroot@lists.busybox.net>;
	Wed,  5 Feb 2020 17:05:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id D5DCF214E4
	for <buildroot@lists.busybox.net>;
	Wed,  5 Feb 2020 17:05:47 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id SJmnp2zAEkLh for <buildroot@lists.busybox.net>;
	Wed,  5 Feb 2020 17:05:46 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com
	[209.85.221.67])
	by silver.osuosl.org (Postfix) with ESMTPS id B9073214FD
	for <buildroot@buildroot.org>; Wed,  5 Feb 2020 17:05:45 +0000 (UTC)
Received: by mail-wr1-f67.google.com with SMTP id k11so3639062wrd.9
	for <buildroot@buildroot.org>; Wed, 05 Feb 2020 09:05:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=railnova-eu.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=a/K6YygE7ZgPB/kd1dt8NdJ0QjZ9s2nf7np3TEy660k=;
	b=oTaIvIo79iDFSe/sxrXIXJ7KYYbwJ22Z4gQqOWuTJSKeMEWuG2CWAQuvpeBcfZ2sCs
	pKPMCWIDXmBLftF1hCPJHn72v1ZMHlqqQzIfyoMT1yZXuNc2ub9AjLm9FvTUSmMpGJ1a
	a959mc9SwQOzOXN/q1QmQp6t42Lu2G8pjUFvNAcYLy+gGdXeIh/q2YzbvRT3rUoYSajD
	JSpS7tRviRDioO55wKadpRIby2arkEm9z8oTiNk8+M69VoZab23Hrn/7jYjMJKrvWCgw
	b6iU0D8WnYjj2VuxRTlSLCCCdtSJ7B6OvBk6K9LwXat7nw62aY0Hwl1iv8pmM4t94xbq
	RDSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=a/K6YygE7ZgPB/kd1dt8NdJ0QjZ9s2nf7np3TEy660k=;
	b=kcu7OgpIo3dwhM4L3x4BLd/v9eVDJ/faj7fQdWPnF0oE2ShMnHev0Sqgin8rPN6Hzt
	BsNRxvapvs1mCpt2r5yDvHI8xHi+BDlAKc8RC2tXOqrHSAxP+2lmbsIrQ0RtsyCEtFhw
	hCYuIn5g1izog63lhk2peW3GvnPEi6UKEAj2klX1EQ9GFCuP72IVsf+Z+9Kzu5mbxT4C
	D4oDSPfPdWDEm3UJtVl79o6xj1nYvO75UxFLU4KXggEz1NaZRApp6Vq1fMqd44xc67je
	z3R2vBar0sl77j3Oq+uwxYQXll7ctubqTUy97qibHZlc2A3WssgDKVeduPveYuTZyuEl
	ndxg==
X-Gm-Message-State: APjAAAX1MoWdtSkgTQforkSwKyofsY3EZIZvgy53wGZ9IN+u26GlKDCV
	uPF2HfIkKIujhM1+/TsezyYPxZvwjoH6PQ==
X-Google-Smtp-Source: 
 APXvYqyE1r35AUwRxrURKJGmgaEND+5WKMJALYVMVTb6V4d2bDYK9d6dQ20tgBcUgrn3dY60ZYy51g==
X-Received: by 2002:a05:6000:4:: with SMTP id
	h4mr20556853wrx.403.1580922343755;
	Wed, 05 Feb 2020 09:05:43 -0800 (PST)
Received: from localhost.localdomain ([2620:0:1055:fd00:463c:fbe1:fd20:7f18])
	by smtp.gmail.com with ESMTPSA id
	n3sm206700wmc.27.2020.02.05.09.05.42
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Wed, 05 Feb 2020 09:05:43 -0800 (PST)
From: Titouan Christophe <titouan.christophe@railnova.eu>
To: buildroot@buildroot.org
Date: Wed,  5 Feb 2020 18:05:32 +0100
Message-Id: <20200205170532.32004-1-titouan.christophe@railnova.eu>
X-Mailer: git-send-email 2.24.1
MIME-Version: 1.0
Subject: [Buildroot] [PATCH 1/1] package/wireshark: security bump to version
	3.2.1
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Titouan Christophe <titouan.christophe@railnova.eu>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

This fixes CVE-2020-7044:
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash.
This was addressed in epan/dissectors/packet-wassp.c by using
>= and <= to resolve off-by-one errors.

Also change the hash file to the new spacing convention introduced
by Yann E. Morin.

Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
---
 package/wireshark/wireshark.hash | 8 ++++----
 package/wireshark/wireshark.mk   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/wireshark/wireshark.hash b/package/wireshark/wireshark.hash
index 5635f2525b..65406b3001 100644
--- a/package/wireshark/wireshark.hash
+++ b/package/wireshark/wireshark.hash
@@ -1,6 +1,6 @@
-# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-3.2.0.txt
-sha1 6c7d9784809fb16b57ca557864f78509aaf4f82a wireshark-3.2.0.tar.xz
-sha256 4cfd33a19a454ff4002243e9d04d6afd64280a109a21ae652a192f2be2b1b66c wireshark-3.2.0.tar.xz
+# From https://www.wireshark.org/download/src/all-versions/SIGNATURES-3.2.1.txt
+sha1  d0b8eb3e01264afb98ec151d7114ed14cf174ced  wireshark-3.2.1.tar.xz
+sha256  589f640058d6408ebbd695a80ebbd6e7bd99d8db64ecda253d27100dfd27e85b  wireshark-3.2.1.tar.xz
 
 # Locally calculated
-sha256 7cdbed2b697efaa45576a033f1ac0e73cd045644a91c79bbf41d4a7d81dac7bf  COPYING
+sha256  7cdbed2b697efaa45576a033f1ac0e73cd045644a91c79bbf41d4a7d81dac7bf  COPYING
diff --git a/package/wireshark/wireshark.mk b/package/wireshark/wireshark.mk
index c365a9feec..1e71fe755d 100644
--- a/package/wireshark/wireshark.mk
+++ b/package/wireshark/wireshark.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WIRESHARK_VERSION = 3.2.0
+WIRESHARK_VERSION = 3.2.1
 WIRESHARK_SOURCE = wireshark-$(WIRESHARK_VERSION).tar.xz
 WIRESHARK_SITE = https://www.wireshark.org/download/src/all-versions
 WIRESHARK_LICENSE = wireshark license