diff options
| author |   Peter Volkov <pva@gentoo.org> | 2011-01-22 10:17:49 +0000 |
|---|---|---|
| committer | Peter Volkov <pva@gentoo.org> | 2011-01-22 10:17:49 +0000 |
| commit | 980f9c0841002f81eda628a8a71559e78f58b936 (patch) | |
| tree | 3c91ed3e6180f54a88aad67462c1e1489575c493 /net-analyzer | |
| parent | Add perl-5.12.3 as provider (diff) | |
| download | historical-980f9c0841002f81eda628a8a71559e78f58b936.tar.gz historical-980f9c0841002f81eda628a8a71559e78f58b936.tar.bz2 historical-980f9c0841002f81eda628a8a71559e78f58b936.zip | |
Version bump, fixes multiple vulnerabilities bug #350551, thank Stefan Behte for report.
Package-Manager: portage-2.1.9.34/cvs/Linux x86_64
Diffstat (limited to 'net-analyzer')
| -rw-r--r-- | net-analyzer/wireshark/ChangeLog | 10 | ||||
| -rw-r--r-- | net-analyzer/wireshark/Manifest | 4 | ||||
| -rw-r--r-- | net-analyzer/wireshark/wireshark-1.4.3.ebuild | 217 |
3 files changed, 228 insertions, 3 deletions
diff --git a/net-analyzer/wireshark/ChangeLog b/net-analyzer/wireshark/ChangeLog index 85dfef28ccdb..a5626bf3814b 100644 --- a/net-analyzer/wireshark/ChangeLog +++ b/net-analyzer/wireshark/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-analyzer/wireshark -# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.266 2010/12/27 14:28:34 ranger Exp $ +# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.267 2011/01/22 10:17:49 pva Exp $ + +*wireshark-1.4.3 (22 Jan 2011) + + 22 Jan 2011; Peter Volkov <pva@gentoo.org> +wireshark-1.4.3.ebuild: + Version bump, fixes multiple vulnerabilities bug #350551, thank Stefan + Behte for report. 27 Dec 2010; Brent Baude <ranger@gentoo.org> wireshark-1.2.13.ebuild: Marking wireshark-1.2.13 ppc64 for bug 346191 diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest index 417923eb95b6..2bc99b73609b 100644 --- a/net-analyzer/wireshark/Manifest +++ b/net-analyzer/wireshark/Manifest @@ -8,8 +8,10 @@ AUX wireshark-except-double-free.diff 664 RMD160 2b61f03f5148975f6438351c11de18a DIST wireshark-1.2.12.tar.gz 19494312 RMD160 e8af01607c182f500ef189be97632e4fc3695e82 SHA1 3cf873315360d566f4c18775046912c58d9f41fe SHA256 67cbf1ad4586facea61180979cedbec422b688d5971e53c125e91836fb94f1b5 DIST wireshark-1.2.13.tar.gz 19512648 RMD160 ebdc29f83546391cb8eb4056ef686f3ced21215f SHA1 e4a1550a2f98fa49926ed6fe10e2fc28e4bf7221 SHA256 eaa8f3f0eb1b701e3fc5f5e7f8a493df8333a53a25be9dc589cb962dba9cc666 DIST wireshark-1.4.2.tar.bz2 20208792 RMD160 5f0c1a9c52347782fcdcd6c11e24d21cfe89f7e2 SHA1 03eb2bcd1de93fd0b45d6f1346e97d5f03a47c3e SHA256 44c6e1ec328fa8e1e7b3838b2f25d51c36b38c562fc0d097ba464205fdb049b2 +DIST wireshark-1.4.3.tar.bz2 20469021 RMD160 6a63023f165b2e875296340f6a57595427a13fe7 SHA1 776c757e6a6a085232ac843ec28b026bf4ca9c8d SHA256 3ec9b709ea0e2b26c4d5869374a9013a5c7ca4493f2a2a64640824c5a477eda6 EBUILD wireshark-1.2.12.ebuild 4573 RMD160 17bd50d666f9b4d77144ddcfdc8f29f1c9eca8f3 SHA1 514105e7cb0c3c8fb5674fe92b87687a8f8342bb SHA256 aaa6626f481386cc001940aa693ead322bfaf9a65cdf8144e91a1c104e935838 EBUILD wireshark-1.2.13.ebuild 4572 RMD160 db59edd2f293c1ef8d0d2a0ed22f0214941daa21 SHA1 2f732d3a8fb95138804782af65ef1f540356a0d4 SHA256 439a8f83730c05ab2b8c7263b4f09a0b9d418a983439a61c682a2c1ad31dda5d EBUILD wireshark-1.4.2.ebuild 6354 RMD160 36300b21839541f994edb04f33febe074e270fbd SHA1 80286171fc1e807980f1c085ea096bba00209e9b SHA256 77b6168e1b833fd737ab9276a09369b710fc037cc4427e3684fb17d4da6b5e3d -MISC ChangeLog 38768 RMD160 45e20ce0bb08e2adc86d688fc275f390f880b85f SHA1 5f6b428a245556e79ab37c0c04a8afeef7a0539d SHA256 07f51d03df2dddfbdd07af25ea209d6b521b11004d03e0edf32505d8f255b7f9 +EBUILD wireshark-1.4.3.ebuild 6341 RMD160 2c7df0a496a48f952c295dd262f34b30e209851c SHA1 ff5228c3dbb6725c637c34b2aed573c5a69c5fa4 SHA256 c12b1b0a4588b16a5a87fbf9e430737b5712ccc0fec29ab48d8e3f5c0304cdfd +MISC ChangeLog 38961 RMD160 7276e4d1671509517c5d79a5b39f1f6c47100356 SHA1 078e49157f31dff09aad99e80ac5a494cd9d83fc SHA256 6e4dcf4c87f3b16d73b4a6c925b7a120afbf10ecc4ecb9ffce64b5f3af8d82e8 MISC metadata.xml 2242 RMD160 66dbbb758acc194df17217183b60a56f61fced38 SHA1 4498ea4c0f0f04213fd1cba2fd3de44565058f7d SHA256 2dfaef45c385c37c7ae8af96f5d8c58d9bff8f6186d55be8f2d034ebd0c60869 diff --git a/net-analyzer/wireshark/wireshark-1.4.3.ebuild b/net-analyzer/wireshark/wireshark-1.4.3.ebuild new file mode 100644 index 000000000000..dbdc9de7cc93 --- /dev/null +++ b/net-analyzer/wireshark/wireshark-1.4.3.ebuild @@ -0,0 +1,217 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.4.3.ebuild,v 1.1 2011/01/22 10:17:49 pva Exp $ + +EAPI=2 +PYTHON_DEPEND="python? 2" +inherit libtool flag-o-matic eutils toolchain-funcs python + +[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && MY_P=${PN}-${PV/_} || MY_P=${P} +DESCRIPTION="A network protocol analyzer formerly known as ethereal" +HOMEPAGE="http://www.wireshark.org/" +SRC_URI="http://www.wireshark.org/download/src/all-versions/${MY_P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="adns ares doc doc-pdf gtk ipv6 lua gcrypt geoip kerberos +profile +pcap pcre portaudio python +caps selinux smi ssl threads zlib" + +RDEPEND=">=dev-libs/glib-2.14.0:2 + zlib? ( sys-libs/zlib + !=sys-libs/zlib-1.2.4 ) + smi? ( net-libs/libsmi ) + gtk? ( >=x11-libs/gtk+-2.4.0:2 + x11-libs/pango + dev-libs/atk + x11-misc/xdg-utils ) + ssl? ( net-libs/gnutls ) + gcrypt? ( dev-libs/libgcrypt ) + pcap? ( net-libs/libpcap ) + pcre? ( dev-libs/libpcre ) + caps? ( sys-libs/libcap ) + kerberos? ( virtual/krb5 ) + portaudio? ( media-libs/portaudio ) + ares? ( >=net-dns/c-ares-1.5 ) + !ares? ( adns? ( net-libs/adns ) ) + geoip? ( dev-libs/geoip ) + lua? ( >=dev-lang/lua-5.1 ) + selinux? ( sec-policy/selinux-wireshark )" + +DEPEND="${RDEPEND} + doc? ( dev-libs/libxslt + dev-libs/libxml2 + www-client/elinks + app-doc/doxygen + doc-pdf? ( dev-java/fop ) ) + >=dev-util/pkgconfig-0.15.0 + dev-lang/perl + sys-devel/bison + sys-apps/sed + sys-devel/flex" + +S=${WORKDIR}/${MY_P} + +# borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys +# @FUNCTION: fcaps +# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file} +# @RETURN: 0 if all okay; non-zero if failure and fallback +# @DESCRIPTION: +# fcaps sets the specified capabilities in the effective and permitted set of +# the given file. In case of failure fcaps sets the given file-mode. +fcaps() { + local uid_gid=$1 + local perms=$2 + local capset=$3 + local path=$4 + local res + + chmod $perms $path && \ + chown $uid_gid $path + res=$? + + use caps || return $res + + #set the capability + setcap "$capset=ep" "$path" &> /dev/null + #check if the capabilitiy got set correctly + setcap -v "$capset=ep" "$path" &> /dev/null + res=$? + + if [ $res -ne 0 ]; then + ewarn "Failed to set capabilities. Probable reason is missed kernel support." + ewarn "Kernel must have SECURITY_FILE_CAPABILITIES, and <FS>_FS_SECURITY" + ewarn "enabled (e.g. EXT3_FS_SECURITY) where <FS> is the filesystem to store" + ewarn "${path}" + ewarn + ewarn "Falling back to suid now..." + chmod u+s ${path} + fi + return $res +} + +pkg_setup() { + if ! use gtk; then + ewarn "USE=-gtk disables gtk-based gui called wireshark." + ewarn "Only command line utils will be built available" + fi + if use python; then + python_set_active_version 2 + python_pkg_setup + fi + # Add group for users allowed to sniff. + enewgroup wireshark +} + +src_configure() { + local myconf + + if [[ $(gcc-major-version) -lt 3 || + ( $(gcc-major-version) -eq 3 && + $(gcc-minor-version) -le 4 ) ]] ; then + die "Unsupported compiler version, please upgrade." + fi + + if use ares && use adns; then + elog "You asked for both, ares and adns, but we can use only one of them." + elog "c-ares supersedes adns resolver thus using c-ares (ares USE flag)." + myconf="$(use_with ares c-ares) --without-adns" + else + myconf="$(use_with adns) $(use_with ares c-ares)" + fi + + # profile and pie are incompatible #215806, #292991 + if use profile; then + ewarn "You've enabled the 'profile' USE flag, building PIE binaries is disabled." + append-flags $(test-flags-CC -nopie) + fi + + # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass + # --with-ssl to ./configure. (Mimics code from acinclude.m4). + if use kerberos; then + case `krb5-config --libs` in + *-lcrypto*) + ewarn "Kerberos was built with ssl support: linkage with openssl is enabled." + ewarn "Note there are annoying license incompatibilities between the OpenSSL" + ewarn "license and the GPL, so do your check before distributing such package." + myconf+=" --with-ssl" + ;; + esac + fi + + # Hack around inability to disable doxygen/fop doc generation + use doc || export ac_cv_prog_HAVE_DOXYGEN=false + use doc-pdf || export ac_cv_prog_HAVE_FOP=false + + # dumpcap requires libcap, setuid-install requires dumpcap + econf $(use_enable gtk wireshark) \ + $(use_enable profile profile-build) \ + $(use_with ssl gnutls) \ + $(use_with gcrypt) \ + $(use_enable ipv6) \ + $(use_enable threads) \ + $(use_with lua) \ + $(use_with kerberos krb5) \ + $(use_with smi libsmi) \ + $(use_with pcap) \ + $(use_with zlib) \ + $(use_with pcre) \ + $(use_with geoip) \ + $(use_with portaudio) \ + $(use_with python) \ + $(use_with caps libcap) \ + $(use_enable caps setcap-install) \ + $(use caps || use_enable pcap setuid-install) \ + --sysconfdir=/etc/wireshark \ + --with-dumpcap-group=wireshark \ + --disable-extra-gcc-checks \ + ${myconf} +} + +src_compile() { + emake || die + use doc && cd docbook && { emake || die; } +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + if use doc; then + dohtml -r docbook/{release-notes.html,ws{d,u}g_html{,_chunked}} +# for dir in ws{d,u}g_html{,_chunked}; do +# dohtml -p ${dir} -r docbook/${dir}/ || die +# done + if use doc-pdf; then + insinto /usr/share/doc/${PF}/pdf/ + doins docbook/{{developer,user}-guide,release-notes}-{a4,us}.pdf || die + fi + fi + + # FAQ is not required as is installed from help/faq.txt + dodoc AUTHORS ChangeLog NEWS README{,.bsd,.linux,.macos,.vmware} \ + doc/{randpkt.txt,README*} + + insinto /usr/include/wiretap + doins wiretap/wtap.h || die + + if use gtk; then + for c in hi lo; do + for d in 16 32 48; do + insinto /usr/share/icons/${c}color/${d}x${d}/apps + newins image/${c}${d}-app-wireshark.png wireshark.png + done + done + insinto /usr/share/applications + doins wireshark.desktop || die + fi +} + +pkg_postinst() { + if use caps && use pcap; then + fcaps 0:wireshark 550 cap_net_raw,cap_net_admin "${ROOT}"/usr/bin/dumpcap + fi + echo + ewarn "NOTE: To run wireshark as normal user you have to add yourself to" + ewarn "the wireshark group. This security measure ensures that only trusted" + ewarn "users are allowed to sniff your traffic." + echo +} |