diff options
Diffstat (limited to 'net-analyzer/wireshark')
| -rw-r--r-- | net-analyzer/wireshark/ChangeLog | 11 | ||||
| -rw-r--r-- | net-analyzer/wireshark/Manifest | 6 | ||||
| -rw-r--r-- | net-analyzer/wireshark/wireshark-1.2.13.ebuild | 156 | ||||
| -rw-r--r-- | net-analyzer/wireshark/wireshark-1.4.4.ebuild | 216 |
4 files changed, 229 insertions, 160 deletions
diff --git a/net-analyzer/wireshark/ChangeLog b/net-analyzer/wireshark/ChangeLog index ce30e732c452..cc58f05d0f6c 100644 --- a/net-analyzer/wireshark/ChangeLog +++ b/net-analyzer/wireshark/ChangeLog @@ -1,6 +1,15 @@ # ChangeLog for net-analyzer/wireshark # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.274 2011/01/29 13:33:37 armin76 Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.275 2011/03/09 14:29:54 pva Exp $ + +*wireshark-1.4.4 (09 Mar 2011) + + 09 Mar 2011; Peter Volkov <pva@gentoo.org> -wireshark-1.2.13.ebuild, + +wireshark-1.4.4.ebuild: + Version bump, fixes security issue #354197, thank Paweł Hajdan, Jr. for + report. Don't depend on elinks, bug #352601, thank Nick Bowler for + investigation. Fixes security issue with dumpcap, bug #357237, thank + Sebastian Thorarensen for findings and report! 29 Jan 2011; Raúl Porcel <armin76@gentoo.org> wireshark-1.4.3.ebuild: alpha/ia64/sparc stable wrt #350551 diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest index 218fe98f5cb2..81bac119dcfc 100644 --- a/net-analyzer/wireshark/Manifest +++ b/net-analyzer/wireshark/Manifest @@ -5,9 +5,9 @@ AUX wireshark-1.0.5-text2pcap-protos.patch 487 RMD160 20e64be01b281c48516969c508 AUX wireshark-1.1.2--as-needed.patch 830 RMD160 fd192d107147c65ef52625b51b59a2bf4e2f65c3 SHA1 7a743a42542fa59423870a0205e8ed7aa6bde70e SHA256 34aa27c611021c9a515cc4fed9778148395761bf6f4272130d3e83abcc13a499 AUX wireshark-1.2.8-zlib-1.2.5-capture.patch 779 RMD160 7440a7d8a04a1b43057fc7c1e29540a49a77ac0f SHA1 01ab94564003bb230f15a637b355fca31774e27e SHA256 936be11853d8eaf846a28be1dce7e098d386fc58d84ed521bc4f6965e387c69d AUX wireshark-except-double-free.diff 664 RMD160 2b61f03f5148975f6438351c11de18a500deabc5 SHA1 0239e19ba0ebd2cfb4ab4987a8a4c56646cd9250 SHA256 dc02a5f3e4bdbd128a2ba08f38880358f747661a93ca0b3fe1918c67b255c369 -DIST wireshark-1.2.13.tar.gz 19512648 RMD160 ebdc29f83546391cb8eb4056ef686f3ced21215f SHA1 e4a1550a2f98fa49926ed6fe10e2fc28e4bf7221 SHA256 eaa8f3f0eb1b701e3fc5f5e7f8a493df8333a53a25be9dc589cb962dba9cc666 DIST wireshark-1.4.3.tar.bz2 20469021 RMD160 6a63023f165b2e875296340f6a57595427a13fe7 SHA1 776c757e6a6a085232ac843ec28b026bf4ca9c8d SHA256 3ec9b709ea0e2b26c4d5869374a9013a5c7ca4493f2a2a64640824c5a477eda6 -EBUILD wireshark-1.2.13.ebuild 4572 RMD160 db59edd2f293c1ef8d0d2a0ed22f0214941daa21 SHA1 2f732d3a8fb95138804782af65ef1f540356a0d4 SHA256 439a8f83730c05ab2b8c7263b4f09a0b9d418a983439a61c682a2c1ad31dda5d +DIST wireshark-1.4.4.tar.bz2 20479081 RMD160 47f9274cd6933684339b4c7c0b7c723d8c9b1512 SHA1 4d1d7e7bf07683723b661eb7b7124b2e90106087 SHA256 6033e627c40ac4eec7e95c03728b497ee2bc5851af8c9e58bb89b7496717dc0d EBUILD wireshark-1.4.3.ebuild 6317 RMD160 ce8d4d0f5a63cb998be040f4566339353aa210d2 SHA1 bb4d8497fc259646b28c23755e345b357c66128f SHA256 a3dc149c3c6f866250dd4b4e9553beaa18a8378806daebd05d4dceeba02aeae6 -MISC ChangeLog 39869 RMD160 dea158fca04e41ab937db4a482ac35e5842566f3 SHA1 1395be5fb4652a1ba9261442188d08c8c539f3a4 SHA256 2d0b304f1bf6846fade68f1992d38dd85975db7b65c55c0e1731f88c8a28203c +EBUILD wireshark-1.4.4.ebuild 6346 RMD160 5c7acafd121022320de983495b3b69d54f4187e3 SHA1 80b21263d5c7272317bb1cec9c0f829b93207b47 SHA256 25ef1fd049e865dcb10022dba3f7f3ad15388e79245271c423a3e09bf6a30994 +MISC ChangeLog 40260 RMD160 da63a354354d1925d4b4eb7b36e69729920a2843 SHA1 8811af59466cf6ba606a4b2dd26bee535d9a82ce SHA256 4638896e0dd08003433b42f2b5d59ee38484a48f7b65d06ea99e5e9dce3c9718 MISC metadata.xml 2242 RMD160 66dbbb758acc194df17217183b60a56f61fced38 SHA1 4498ea4c0f0f04213fd1cba2fd3de44565058f7d SHA256 2dfaef45c385c37c7ae8af96f5d8c58d9bff8f6186d55be8f2d034ebd0c60869 diff --git a/net-analyzer/wireshark/wireshark-1.2.13.ebuild b/net-analyzer/wireshark/wireshark-1.2.13.ebuild deleted file mode 100644 index 831261616a90..000000000000 --- a/net-analyzer/wireshark/wireshark-1.2.13.ebuild +++ /dev/null @@ -1,156 +0,0 @@ -# Copyright 1999-2010 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.2.13.ebuild,v 1.6 2010/12/27 14:28:34 ranger Exp $ - -EAPI=2 -inherit autotools libtool flag-o-matic eutils toolchain-funcs - -DESCRIPTION="A network protocol analyzer formerly known as ethereal" -HOMEPAGE="http://www.wireshark.org/" - -# _rc versions has different download location. -[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && { -SRC_URI="http://www.wireshark.org/download/prerelease/${PN}-${PV/_rc/pre}.tar.gz"; -S=${WORKDIR}/${PN}-${PV/_rc/pre} ; } || \ -SRC_URI="http://www.wireshark.org/download/src/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" -IUSE="adns ares gtk ipv6 lua portaudio gnutls gcrypt geoip zlib kerberos threads profile smi +pcap pcre +caps selinux" - -RDEPEND=">=dev-libs/glib-2.4.0:2 - zlib? ( sys-libs/zlib - !=sys-libs/zlib-1.2.4 ) - smi? ( net-libs/libsmi ) - gtk? ( >=x11-libs/gtk+-2.4.0:2 - x11-libs/pango - dev-libs/atk ) - gnutls? ( net-libs/gnutls ) - gcrypt? ( dev-libs/libgcrypt ) - pcap? ( net-libs/libpcap ) - pcre? ( dev-libs/libpcre ) - caps? ( sys-libs/libcap ) - kerberos? ( virtual/krb5 ) - portaudio? ( media-libs/portaudio ) - ares? ( >=net-dns/c-ares-1.5 ) - !ares? ( adns? ( net-libs/adns ) ) - geoip? ( dev-libs/geoip ) - lua? ( >=dev-lang/lua-5.1 ) - selinux? ( sec-policy/selinux-wireshark )" - -DEPEND="${RDEPEND} - >=dev-util/pkgconfig-0.15.0 - dev-lang/perl - sys-devel/bison - sys-devel/flex" - -pkg_setup() { - if ! use gtk; then - ewarn "USE=-gtk will means no gui called wireshark will be created and" - ewarn "only command line utils are available" - fi - - # Add group for users allowed to sniff. - enewgroup wireshark -} - -src_prepare() { - cd "${S}"/epan # our hardened toolchain bug... - epatch "${FILESDIR}/wireshark-except-double-free.diff" - - cd "${S}" - epatch "${FILESDIR}/${PN}-1.1.2--as-needed.patch" - eautoreconf -} - -src_configure() { - local myconf - - # optimization bug, see bug #165340, bug #40660 - if [[ $(gcc-version) == 3.4 ]] ; then - elog "Found gcc 3.4, forcing -O3 into CFLAGS" - replace-flags -O? -O3 - elif [[ $(gcc-version) == 3.3 || $(gcc-version) == 3.2 ]] ; then - elog "Found <=gcc-3.3, forcing -O into CFLAGS" - replace-flags -O? -O - fi - - if use ares && use adns; then - einfo "You asked for both, ares and adns, but we can use only one of them." - einfo "c-ares supersedes adns resolver thus using c-ares (ares USE flag)." - myconf="$(use_with ares c-ares) --without-adns" - else - myconf="$(use_with adns) $(use_with ares c-ares)" - fi - - # see bug #133092; bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001 - # our hardened toolchain bug - filter-flags -fstack-protector - - # profile and pie are incompatible #215806, #292991 - if use profile; then - ewarn "You've enabled the 'profile' USE flag, building PIE binaries is disabled." - append-flags $(test-flags-CC -nopie) - fi - - # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass - # --with-ssl to ./configure. (Mimics code from acinclude.m4). - if use kerberos; then - case `krb5-config --libs` in - *-lcrypto*) myconf="${myconf} --with-ssl" ;; - esac - fi - - # dumpcap requires libcap, setuid-install requires dumpcap - econf $(use_enable gtk wireshark) \ - $(use_enable profile profile-build) \ - $(use_with gnutls) \ - $(use_with gcrypt) \ - $(use_enable ipv6) \ - $(use_enable threads) \ - $(use_with lua) \ - $(use_with kerberos krb5) \ - $(use_with smi libsmi) \ - $(use_with pcap) \ - $(use_with zlib) \ - $(use_with pcre) \ - $(use_with geoip) \ - $(use_with portaudio) \ - $(use_with caps libcap) \ - $(use_enable pcap setuid-install) \ - --sysconfdir=/etc/wireshark \ - ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - - use pcap && fowners 0:wireshark /usr/bin/dumpcap - use pcap && fperms 6550 /usr/bin/dumpcap - - insinto /usr/include/wiretap - doins wiretap/wtap.h - - # FAQ is not required as is installed from help/faq.txt - dodoc AUTHORS ChangeLog NEWS README{,.bsd,.linux,.macos,.vmware} doc/randpkt.txt - - if use gtk; then - for c in hi lo; do - for d in 16 32 48; do - insinto /usr/share/icons/${c}color/${d}x${d}/apps - newins image/${c}${d}-app-wireshark.png wireshark.png - done - done - insinto /usr/share/applications - doins wireshark.desktop - fi -} - -pkg_postinst() { - echo - ewarn "NOTE: To run wireshark as normal user you have to add yourself into" - ewarn "wireshark group. This security measure ensures that only trusted" - ewarn "users allowed to sniff your traffic." - echo -} diff --git a/net-analyzer/wireshark/wireshark-1.4.4.ebuild b/net-analyzer/wireshark/wireshark-1.4.4.ebuild new file mode 100644 index 000000000000..307c07754a2d --- /dev/null +++ b/net-analyzer/wireshark/wireshark-1.4.4.ebuild @@ -0,0 +1,216 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.4.4.ebuild,v 1.1 2011/03/09 14:29:54 pva Exp $ + +EAPI="3" +PYTHON_DEPEND="python? 2" +inherit libtool flag-o-matic eutils toolchain-funcs python + +[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && MY_P=${PN}-${PV/_} || MY_P=${P} +DESCRIPTION="A network protocol analyzer formerly known as ethereal" +HOMEPAGE="http://www.wireshark.org/" +SRC_URI="http://www.wireshark.org/download/src/all-versions/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="adns ares doc doc-pdf gtk ipv6 lua gcrypt geoip kerberos +profile +pcap pcre portaudio python +caps selinux smi ssl threads zlib" + +RDEPEND=">=dev-libs/glib-2.14.0:2 + zlib? ( sys-libs/zlib + !=sys-libs/zlib-1.2.4 ) + smi? ( net-libs/libsmi ) + gtk? ( >=x11-libs/gtk+-2.4.0:2 + x11-libs/pango + dev-libs/atk + x11-misc/xdg-utils ) + ssl? ( net-libs/gnutls ) + gcrypt? ( dev-libs/libgcrypt ) + pcap? ( net-libs/libpcap ) + pcre? ( dev-libs/libpcre ) + caps? ( sys-libs/libcap ) + kerberos? ( virtual/krb5 ) + portaudio? ( media-libs/portaudio ) + ares? ( >=net-dns/c-ares-1.5 ) + !ares? ( adns? ( net-libs/adns ) ) + geoip? ( dev-libs/geoip ) + lua? ( >=dev-lang/lua-5.1 ) + selinux? ( sec-policy/selinux-wireshark )" + +DEPEND="${RDEPEND} + doc? ( dev-libs/libxslt + dev-libs/libxml2 + app-doc/doxygen + doc-pdf? ( dev-java/fop ) ) + >=dev-util/pkgconfig-0.15.0 + dev-lang/perl + sys-devel/bison + sys-apps/sed + sys-devel/flex" + +S=${WORKDIR}/${MY_P} + +# borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys +# @FUNCTION: fcaps +# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file} +# @RETURN: 0 if all okay; non-zero if failure and fallback +# @DESCRIPTION: +# fcaps sets the specified capabilities in the effective and permitted set of +# the given file. In case of failure fcaps sets the given file-mode. +fcaps() { + local uid_gid=$1 + local perms=$2 + local capset=$3 + local path=$4 + local res + + chmod $perms $path && \ + chown $uid_gid $path + res=$? + + use caps || return $res + + #set the capability + setcap "$capset=ep" "$path" &> /dev/null + #check if the capabilitiy got set correctly + setcap -v "$capset=ep" "$path" &> /dev/null + res=$? + + if [ $res -ne 0 ]; then + ewarn "Failed to set capabilities. Probable reason is missed kernel support." + ewarn "Kernel must have SECURITY_FILE_CAPABILITIES, and <FS>_FS_SECURITY" + ewarn "enabled (e.g. EXT3_FS_SECURITY) where <FS> is the filesystem to store" + ewarn "${path}" + ewarn + ewarn "Falling back to suid now..." + chmod u+s ${path} + fi + return $res +} + +pkg_setup() { + if ! use gtk; then + ewarn "USE=-gtk disables gtk-based gui called wireshark." + ewarn "Only command line utils will be built available" + fi + if use python; then + python_set_active_version 2 + python_pkg_setup + fi + # Add group for users allowed to sniff. + enewgroup wireshark +} + +src_configure() { + local myconf + + if [[ $(gcc-major-version) -lt 3 || + ( $(gcc-major-version) -eq 3 && + $(gcc-minor-version) -le 4 ) ]] ; then + die "Unsupported compiler version, please upgrade." + fi + + if use ares && use adns; then + elog "You asked for both, ares and adns, but we can use only one of them." + elog "c-ares supersedes adns resolver thus using c-ares (ares USE flag)." + myconf="$(use_with ares c-ares) --without-adns" + else + myconf="$(use_with adns) $(use_with ares c-ares)" + fi + + # profile and pie are incompatible #215806, #292991 + if use profile; then + ewarn "You've enabled the 'profile' USE flag, building PIE binaries is disabled." + append-flags $(test-flags-CC -nopie) + fi + + # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass + # --with-ssl to ./configure. (Mimics code from acinclude.m4). + if use kerberos; then + case `krb5-config --libs` in + *-lcrypto*) + ewarn "Kerberos was built with ssl support: linkage with openssl is enabled." + ewarn "Note there are annoying license incompatibilities between the OpenSSL" + ewarn "license and the GPL, so do your check before distributing such package." + myconf+=" --with-ssl" + ;; + esac + fi + + # Hack around inability to disable doxygen/fop doc generation + use doc || export ac_cv_prog_HAVE_DOXYGEN=false + use doc-pdf || export ac_cv_prog_HAVE_FOP=false + + # dumpcap requires libcap, setuid-install requires dumpcap + econf $(use_enable gtk wireshark) \ + $(use_enable profile profile-build) \ + $(use_with ssl gnutls) \ + $(use_with gcrypt) \ + $(use_enable ipv6) \ + $(use_enable threads) \ + $(use_with lua) \ + $(use_with kerberos krb5) \ + $(use_with smi libsmi) \ + $(use_with pcap) \ + $(use_with zlib) \ + $(use_with pcre) \ + $(use_with geoip) \ + $(use_with portaudio) \ + $(use_with python) \ + $(use_with caps libcap) \ + $(use pcap && use_enable caps setcap-install) \ + $(use pcap && use_enable !caps setuid-install) \ + --sysconfdir=/etc/wireshark \ + --with-dumpcap-group=wireshark \ + --disable-extra-gcc-checks \ + ${myconf} +} + +src_compile() { + emake || die + use doc && cd docbook && { emake || die; } +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + if use doc; then + dohtml -r docbook/{release-notes.html,ws{d,u}g_html{,_chunked}} +# for dir in ws{d,u}g_html{,_chunked}; do +# dohtml -p ${dir} -r docbook/${dir}/ || die +# done + if use doc-pdf; then + insinto /usr/share/doc/${PF}/pdf/ + doins docbook/{{developer,user}-guide,release-notes}-{a4,us}.pdf || die + fi + fi + + # FAQ is not required as is installed from help/faq.txt + dodoc AUTHORS ChangeLog NEWS README{,.bsd,.linux,.macos,.vmware} \ + doc/{randpkt.txt,README*} + + insinto /usr/include/wiretap + doins wiretap/wtap.h || die + + if use gtk; then + for c in hi lo; do + for d in 16 32 48; do + insinto /usr/share/icons/${c}color/${d}x${d}/apps + newins image/${c}${d}-app-wireshark.png wireshark.png + done + done + domenu wireshark.desktop || die + fi + chmod o-x "${ED}"/usr/bin/dumpcap #357237 +} + +pkg_postinst() { + if use caps && use pcap; then + fcaps 0:wireshark 550 cap_net_raw,cap_net_admin "${ROOT}"/usr/bin/dumpcap + fi + echo + ewarn "NOTE: To run wireshark as normal user you have to add yourself to" + ewarn "the wireshark group. This security measure ensures that only trusted" + ewarn "users are allowed to sniff your traffic." + echo +} |