summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Volkov <pva@gentoo.org>2011-07-24 08:04:34 +0000
committerPeter Volkov <pva@gentoo.org>2011-07-24 08:04:34 +0000
commit5fa979243767c0c8efc805f56071bcb836cd8c9c (patch)
tree562020eb7ce606c3109eef3ba6f40ebd0eafc4a8 /net-analyzer
parentAdd missing flexmock dependency, reported by xarthisius. (diff)
downloadhistorical-5fa979243767c0c8efc805f56071bcb836cd8c9c.tar.gz
historical-5fa979243767c0c8efc805f56071bcb836cd8c9c.tar.bz2
historical-5fa979243767c0c8efc805f56071bcb836cd8c9c.zip
Version bump, fixes security issue #373961 thank Tim Sammut for report.
Package-Manager: portage-2.1.10/cvs/Linux x86_64
Diffstat (limited to 'net-analyzer')
-rw-r--r--net-analyzer/wireshark/ChangeLog7
-rw-r--r--net-analyzer/wireshark/Manifest16
-rw-r--r--net-analyzer/wireshark/wireshark-1.4.8.ebuild213
3 files changed, 222 insertions, 14 deletions
diff --git a/net-analyzer/wireshark/ChangeLog b/net-analyzer/wireshark/ChangeLog
index 29996f48eadd..fe29334e3e87 100644
--- a/net-analyzer/wireshark/ChangeLog
+++ b/net-analyzer/wireshark/ChangeLog
@@ -1,6 +1,11 @@
# ChangeLog for net-analyzer/wireshark
# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.304 2011/06/07 10:15:01 xarthisius Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.305 2011/07/24 08:04:34 pva Exp $
+
+*wireshark-1.4.8 (24 Jul 2011)
+
+ 24 Jul 2011; Peter Volkov <pva@gentoo.org> +wireshark-1.4.8.ebuild:
+ Version bump, fixes security issue #373961 thank Tim Sammut for report.
07 Jun 2011; Kacper Kowalik <xarthisius@gentoo.org> wireshark-1.4.7.ebuild:
ppc64 stable wrt #369683
diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest
index f2501a899e94..e746d86b3da1 100644
--- a/net-analyzer/wireshark/Manifest
+++ b/net-analyzer/wireshark/Manifest
@@ -1,6 +1,3 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
AUX wireshark-0.99.7-asneeded.patch 339 RMD160 faa516dd3dfd8bd6218f66d3bedb5490b0896f5b SHA1 ec2b8952f8fe55471e923c086a6e9b48e06ce7a8 SHA256 9fc8b3ec3fcf1cca714c78c28c1883503abfcfce4fe175e43c6d7ec14ddc9478
AUX wireshark-0.99.8-as-needed.patch 395 RMD160 2e06f641e9789db717544bfd1568e4bf6e85855c SHA1 a18b6fcc85b40c00fc1d30bcdfc81d13dc33e904 SHA256 d2f996a79fa3117296b25c10a1d4a3f0f8027a678de4e37e6c60bfb47a4754b9
AUX wireshark-1.0-sigpipe.patch 850 RMD160 a240a1317681516d207ca1694b0e44584008530b SHA1 8f127c22daa77ce9f658f3b1d3f897e428ee9dde SHA256 3a5130838a48b65cb21b4e25913347cee05689b4641c1dfb407facf9fa4f9f59
@@ -13,19 +10,12 @@ AUX wireshark-except-double-free.diff 664 RMD160 2b61f03f5148975f6438351c11de18a
DIST wireshark-1.4.4.tar.bz2 20479081 RMD160 47f9274cd6933684339b4c7c0b7c723d8c9b1512 SHA1 4d1d7e7bf07683723b661eb7b7124b2e90106087 SHA256 6033e627c40ac4eec7e95c03728b497ee2bc5851af8c9e58bb89b7496717dc0d
DIST wireshark-1.4.6.tar.bz2 20496268 RMD160 7ecb1c006eb70858e21019a731d038478a3f7879 SHA1 dd283b3957d1096bd643ab4b83b19dd2d7d6bfd8 SHA256 f923f1e923dcb479b7fdb9bc6d4ce4c27ae8ac1f0148f2820bece476872df1d7
DIST wireshark-1.4.7.tar.bz2 20515206 RMD160 012ec4d7750c03bcc23e9140f31e778cde6fd645 SHA1 ba80ed0c2aa6a12fa50155bbf5b58ad41a46024e SHA256 6671a185d3cd5222a04b6c425d2ef70b84e50ebf50ace9738ae772e87bf492c1
+DIST wireshark-1.4.8.tar.bz2 20505798 RMD160 970ada8ccbbca17695038faf4c0bca83d126d9a4 SHA1 8f9d0a920d00ac22ae0b2fa5844adbadc7e2de1e SHA256 fb393a9e6f8873de8dff5dca6f0c35a0e505eab954ef6aaeec3cecb0a4eef0da
DIST wireshark-1.6.0rc1.tar.bz2 21833197 RMD160 e3455efe740dd41698b3369afde9673da05789b7 SHA1 89d374a6607e7afc164da7e330e405b335484720 SHA256 d19e40268f0201ca628d7b94e620b39cd180e35d9fe3dcb7da84aaeec2d5b6c2
EBUILD wireshark-1.4.4.ebuild 6421 RMD160 1fbf49245dd450987856071934644cf22ced3920 SHA1 71a83f0e0309cedfd22fbfb8b29a4cac32508bfb SHA256 e0d6357ba32e47652a5b315f955a4e67ae63c2e504d50749804b2d3dd0441ef9
EBUILD wireshark-1.4.6-r1.ebuild 6438 RMD160 b9396760261ba162392ad478c01f5483352306cd SHA1 29ca80c30971bbc29307513228a756e265fb0c1e SHA256 445a08c69835d3d5fc36bd343b44c09819719203b1d707d1b7327d43be22d05b
EBUILD wireshark-1.4.7.ebuild 6308 RMD160 ef6f69013a974b6a0b738678c12338576f99e691 SHA1 19d78fcf6f29fd547061975a5ebdb81ca460acf5 SHA256 93128fcb3b80fb55d14ebe1764e151ef5e05cdcf891c7909ee65fd6766c85946
+EBUILD wireshark-1.4.8.ebuild 6309 RMD160 814e537ea5af0042022bebb524b9a07182c426fb SHA1 9a2450bcb531777a055ffb06c20513827c96ace3 SHA256 9a35f96b8a8ab93c3c57f69f5c7a52290dc2501885da9ebc2045d04a8088998c
EBUILD wireshark-1.6.0_rc1.ebuild 6282 RMD160 faaf02da6806748f3cc6f9492339caedabe1b059 SHA1 3912d612eddbddcb6e9189136e98a1a5723c02a2 SHA256 d9e8e01d9fad77a2e01a34bf5ccac11153d4dfa733fd281cde5f86aa8d0a325b
-MISC ChangeLog 44118 RMD160 e40fe9460123a006372d0511fbfb10a728db2c8b SHA1 94bcf9c5cec8cbaf7c074c097bbf3d5e733c0b27 SHA256 63eed4462e791efc525d1cf747f2eefdc561c59aa2ffb2c6db870b32a1d01c8a
+MISC ChangeLog 44288 RMD160 21901fc2e2cc3b4c1a8cf7abc4fabeed9ca62927 SHA1 5b422394c9110d7815c859696a775118a696d390 SHA256 fbca0f2e6d5087f35da118478762840416ad059bbf3054caad9dcb483fe03b0a
MISC metadata.xml 2242 RMD160 66dbbb758acc194df17217183b60a56f61fced38 SHA1 4498ea4c0f0f04213fd1cba2fd3de44565058f7d SHA256 2dfaef45c385c37c7ae8af96f5d8c58d9bff8f6186d55be8f2d034ebd0c60869
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.17 (GNU/Linux)
-
-iJwEAQECAAYFAk3t+i0ACgkQIiMqcbOVdxS6mwQAkZcsOWfR6SpBACTRhJDv0uU9
-1DeZFRDqM+1TILh26KzrkfF2LnU4it3B349mAmmse/nTVGWioPYiM3oZTNTjewut
-iW3EaliAqm1TXrLUlbUdmDO8f+sO3r65Ocv2/nH0xGc4CYFU5vum7ufMkAwAJIO6
-e4r5AcD7Geh+Ucr/6Nk=
-=gpAD
------END PGP SIGNATURE-----
diff --git a/net-analyzer/wireshark/wireshark-1.4.8.ebuild b/net-analyzer/wireshark/wireshark-1.4.8.ebuild
new file mode 100644
index 000000000000..4e588b39302c
--- /dev/null
+++ b/net-analyzer/wireshark/wireshark-1.4.8.ebuild
@@ -0,0 +1,213 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.4.8.ebuild,v 1.1 2011/07/24 08:04:34 pva Exp $
+
+EAPI="3"
+PYTHON_DEPEND="python? 2"
+inherit libtool flag-o-matic eutils toolchain-funcs python autotools
+
+[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && MY_P=${PN}-${PV/_} || MY_P=${P}
+DESCRIPTION="A network protocol analyzer formerly known as ethereal"
+HOMEPAGE="http://www.wireshark.org/"
+SRC_URI="http://www.wireshark.org/download/src/all-versions/${MY_P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="adns ares doc doc-pdf gtk ipv6 lua gcrypt geoip kerberos
+profile +pcap portaudio python +caps selinux smi ssl threads zlib"
+
+RDEPEND=">=dev-libs/glib-2.14:2
+ zlib? ( sys-libs/zlib
+ !=sys-libs/zlib-1.2.4 )
+ smi? ( net-libs/libsmi )
+ gtk? ( >=x11-libs/gtk+-2.4.0:2
+ x11-libs/pango
+ dev-libs/atk
+ x11-misc/xdg-utils )
+ ssl? ( net-libs/gnutls )
+ gcrypt? ( dev-libs/libgcrypt )
+ pcap? ( net-libs/libpcap )
+ caps? ( sys-libs/libcap )
+ kerberos? ( virtual/krb5 )
+ portaudio? ( media-libs/portaudio )
+ ares? ( >=net-dns/c-ares-1.5 )
+ !ares? ( adns? ( net-libs/adns ) )
+ geoip? ( dev-libs/geoip )
+ lua? ( >=dev-lang/lua-5.1 )
+ selinux? ( sec-policy/selinux-wireshark )"
+
+DEPEND="${RDEPEND}
+ doc? ( dev-libs/libxslt
+ app-text/docbook-xml-dtd:4.2
+ dev-libs/libxml2
+ app-doc/doxygen
+ doc-pdf? ( dev-java/fop ) )
+ >=dev-util/pkgconfig-0.15.0
+ dev-lang/perl
+ sys-devel/bison
+ sys-apps/sed
+ sys-devel/flex"
+
+S=${WORKDIR}/${MY_P}
+
+# borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys
+# @FUNCTION: fcaps
+# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file}
+# @RETURN: 0 if all okay; non-zero if failure and fallback
+# @DESCRIPTION:
+# fcaps sets the specified capabilities in the effective and permitted set of
+# the given file. In case of failure fcaps sets the given file-mode.
+fcaps() {
+ local uid_gid=$1
+ local perms=$2
+ local capset=$3
+ local path=$4
+ local res
+
+ chmod $perms $path && \
+ chown $uid_gid $path
+ res=$?
+
+ use caps || return $res
+
+ #set the capability
+ setcap "$capset=ep" "$path" &> /dev/null
+ #check if the capabilitiy got set correctly
+ setcap -v "$capset=ep" "$path" &> /dev/null
+ res=$?
+
+ if [ $res -ne 0 ]; then
+ ewarn "Failed to set capabilities. Probable reason is missed kernel support."
+ ewarn "Kernel must have SECURITY_FILE_CAPABILITIES, and <FS>_FS_SECURITY"
+ ewarn "enabled (e.g. EXT3_FS_SECURITY) where <FS> is the filesystem to store"
+ ewarn "${path}"
+ ewarn
+ ewarn "Falling back to suid now..."
+ chmod u+s ${path}
+ fi
+ return $res
+}
+
+pkg_setup() {
+ if ! use gtk; then
+ ewarn "USE=-gtk disables gtk-based gui called wireshark."
+ ewarn "Only command line utils will be built available"
+ fi
+ if use python; then
+ python_set_active_version 2
+ python_pkg_setup
+ fi
+ # Add group for users allowed to sniff.
+ enewgroup wireshark
+}
+
+src_configure() {
+ local myconf
+
+ if [[ $(gcc-major-version) -lt 3 ||
+ ( $(gcc-major-version) -eq 3 &&
+ $(gcc-minor-version) -le 4 ) ]] ; then
+ die "Unsupported compiler version, please upgrade."
+ fi
+
+ if use ares && use adns; then
+ elog "You asked for both, ares and adns, but we can use only one of them."
+ elog "c-ares supersedes adns resolver thus using c-ares (ares USE flag)."
+ myconf="$(use_with ares c-ares) --without-adns"
+ else
+ myconf="$(use_with adns) $(use_with ares c-ares)"
+ fi
+
+ # profile and pie are incompatible #215806, #292991
+ if use profile; then
+ ewarn "You've enabled the 'profile' USE flag, building PIE binaries is disabled."
+ ewarn "Also ignore \"unrecognized option '-nopie'\" gcc warning #358101."
+ append-flags $(test-flags-CC -nopie)
+ fi
+
+ # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass
+ # --with-ssl to ./configure. (Mimics code from acinclude.m4).
+ if use kerberos; then
+ case `krb5-config --libs` in
+ *-lcrypto*)
+ ewarn "Kerberos was built with ssl support: linkage with openssl is enabled."
+ ewarn "Note there are annoying license incompatibilities between the OpenSSL"
+ ewarn "license and the GPL, so do your check before distributing such package."
+ myconf+=" --with-ssl"
+ ;;
+ esac
+ fi
+
+ # Hack around inability to disable doxygen/fop doc generation
+ use doc || export ac_cv_prog_HAVE_DOXYGEN=false
+ use doc-pdf || export ac_cv_prog_HAVE_FOP=false
+
+ # dumpcap requires libcap, setuid-install requires dumpcap
+ econf $(use_enable gtk wireshark) \
+ $(use_enable profile profile-build) \
+ $(use_with ssl gnutls) \
+ $(use_with gcrypt) \
+ $(use_enable ipv6) \
+ $(use_enable threads) \
+ $(use_with lua) \
+ $(use_with kerberos krb5) \
+ $(use_with smi libsmi) \
+ $(use_with pcap) \
+ $(use_with zlib) \
+ $(use_with geoip) \
+ $(use_with portaudio) \
+ $(use_with python) \
+ $(use_with caps libcap) \
+ $(use pcap && use_enable caps setcap-install) \
+ $(use pcap && use_enable !caps setuid-install) \
+ --sysconfdir=/etc/wireshark \
+ --with-dumpcap-group=wireshark \
+ --disable-extra-gcc-checks \
+ ${myconf}
+}
+
+src_compile() {
+ emake || die
+ use doc && cd docbook && { emake || die; }
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed"
+ if use doc; then
+ dohtml -r docbook/{release-notes.html,ws{d,u}g_html{,_chunked}}
+ if use doc-pdf; then
+ insinto /usr/share/doc/${PF}/pdf/
+ doins docbook/{{developer,user}-guide,release-notes}-{a4,us}.pdf || die
+ fi
+ fi
+
+ # FAQ is not required as is installed from help/faq.txt
+ dodoc AUTHORS ChangeLog NEWS README{,.bsd,.linux,.macos,.vmware} \
+ doc/{randpkt.txt,README*}
+
+ insinto /usr/include/wiretap
+ doins wiretap/wtap.h || die
+
+ if use gtk; then
+ for c in hi lo; do
+ for d in 16 32 48; do
+ insinto /usr/share/icons/${c}color/${d}x${d}/apps
+ newins image/${c}${d}-app-wireshark.png wireshark.png
+ done
+ done
+ domenu wireshark.desktop || die
+ fi
+ chmod o-x "${ED}"/usr/bin/dumpcap #357237
+}
+
+pkg_postinst() {
+ if use caps && use pcap; then
+ fcaps 0:wireshark 550 cap_net_raw,cap_net_admin "${ROOT}"/usr/bin/dumpcap
+ fi
+ echo
+ ewarn "NOTE: To run wireshark as normal user you have to add yourself to"
+ ewarn "the wireshark group. This security measure ensures that only trusted"
+ ewarn "users are allowed to sniff your traffic."
+ echo
+}