diff options
| author |   Peter Volkov <pva@gentoo.org> | 2008-12-13 18:55:14 +0000 |
|---|---|---|
| committer | Peter Volkov <pva@gentoo.org> | 2008-12-13 18:55:14 +0000 |
| commit | fb7f948dc2eb19aec5a795dc9bc7ab3bde3b765b (patch) | |
| tree | 0e073128ec9c8c41e342b3c26d948b74c77e1e4c /net-analyzer/wireshark | |
| parent | x86 stable (diff) | |
| download | gentoo-2-fb7f948dc2eb19aec5a795dc9bc7ab3bde3b765b.tar.gz gentoo-2-fb7f948dc2eb19aec5a795dc9bc7ab3bde3b765b.tar.bz2 gentoo-2-fb7f948dc2eb19aec5a795dc9bc7ab3bde3b765b.zip | |
Version bump, fixes security issue #248425, thank Steven Susbauer for report.
(Portage version: 2.1.6.1/cvs/Linux 2.6.26-gentoo-r4 x86_64)
Diffstat (limited to 'net-analyzer/wireshark')
| -rw-r--r-- | net-analyzer/wireshark/ChangeLog | 8 | ||||
| -rw-r--r-- | net-analyzer/wireshark/files/wireshark-1.0.5-glib-1-build.patch | 22 | ||||
| -rw-r--r-- | net-analyzer/wireshark/wireshark-1.0.5.ebuild | 165 |
3 files changed, 194 insertions, 1 deletions
diff --git a/net-analyzer/wireshark/ChangeLog b/net-analyzer/wireshark/ChangeLog index d88480bafba5..aa5b6c82a429 100644 --- a/net-analyzer/wireshark/ChangeLog +++ b/net-analyzer/wireshark/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-analyzer/wireshark # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.134 2008/11/22 15:30:31 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.135 2008/12/13 18:55:14 pva Exp $ + +*wireshark-1.0.5 (13 Dec 2008) + + 13 Dec 2008; Peter Volkov <pva@gentoo.org> + +files/wireshark-1.0.5-glib-1-build.patch, +wireshark-1.0.5.ebuild: + Version bump, fixes security issue #248425, thank Steven Susbauer for report. 22 Nov 2008; Peter Volkov <pva@gentoo.org> files/wireshark-1.1.1-misc-warnings.patch, -wireshark-1.0.3.ebuild: diff --git a/net-analyzer/wireshark/files/wireshark-1.0.5-glib-1-build.patch b/net-analyzer/wireshark/files/wireshark-1.0.5-glib-1-build.patch new file mode 100644 index 000000000000..3d54d9f1f490 --- /dev/null +++ b/net-analyzer/wireshark/files/wireshark-1.0.5-glib-1-build.patch @@ -0,0 +1,22 @@ +--- trunk-1.0/epan/to_str.c 2008/12/12 20:16:43 26973 ++++ trunk-1.0/epan/to_str.c 2008/12/12 20:28:21 26974 +@@ -344,6 +344,19 @@ + #define COMMA(do_it) ((do_it) ? ", " : "") + + /* ++ * GLib 1.2[.x] doesn't define G_MAXINT32 or G_MININT32; if they're not ++ * defined, we define them as the maximum and minimum 32-bit signed ++ * 2's-complement number. ++ * Copied from epan/dfilter/scanner.l ++ */ ++#ifndef G_MAXINT32 ++#define G_MAXINT32 ((gint32)0x7FFFFFFF) ++#endif ++#ifndef G_MININT32 ++#define G_MININT32 ((gint32)0x80000000) ++#endif ++ ++/* + * Maximum length of a string showing days/hours/minutes/seconds. + * (Does not include the terminating '\0'.) + * Includes space for a '-' sign for any negative components. diff --git a/net-analyzer/wireshark/wireshark-1.0.5.ebuild b/net-analyzer/wireshark/wireshark-1.0.5.ebuild new file mode 100644 index 000000000000..eff3291ff165 --- /dev/null +++ b/net-analyzer/wireshark/wireshark-1.0.5.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.0.5.ebuild,v 1.1 2008/12/13 18:55:14 pva Exp $ + +EAPI=1 +WANT_AUTOMAKE="1.9" +inherit autotools libtool flag-o-matic eutils toolchain-funcs + +DESCRIPTION="A network protocol analyzer formerly known as ethereal" +HOMEPAGE="http://www.wireshark.org/" + +# _rc versions has different download location. +[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && { +SRC_URI="http://www.wireshark.org/download/prerelease/${PN}-${PV/_rc/pre}.tar.gz"; +S=${WORKDIR}/${PN}-${PV/_rc/pre} ; } || \ +SRC_URI="http://www.wireshark.org/download/src/all-versions/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="adns gtk ipv6 lua portaudio gnutls gcrypt zlib kerberos threads profile smi +pcap pcre +caps selinux" + +RDEPEND="zlib? ( sys-libs/zlib ) + smi? ( net-libs/libsmi ) + gtk? ( >=dev-libs/glib-2.0.4 + =x11-libs/gtk+-2* + x11-libs/pango + dev-libs/atk ) + !gtk? ( =dev-libs/glib-1.2* ) + gnutls? ( net-libs/gnutls ) + gcrypt? ( dev-libs/libgcrypt ) + pcap? ( net-libs/libpcap ) + pcre? ( dev-libs/libpcre ) + caps? ( sys-libs/libcap ) + adns? ( net-libs/adns ) + kerberos? ( virtual/krb5 ) + portaudio? ( media-libs/portaudio ) + lua? ( >=dev-lang/lua-5.1 ) + selinux? ( sec-policy/selinux-wireshark )" + +DEPEND="${RDEPEND} + >=dev-util/pkgconfig-0.15.0 + dev-lang/perl + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + if ! use gtk; then + ewarn "USE=-gtk will mean no gui called wireshark will be created and" + ewarn "only command line utils are available" + fi + + # Add group for users allowed to sniff. + enewgroup wireshark || die "Failed to create wireshark group" +} + +src_unpack() { + unpack ${A} + + cd "${S}" + epatch "${FILESDIR}/${PN}-0.99.7-asneeded.patch" + epatch "${FILESDIR}/${PN}-0.99.8-as-needed.patch" + epatch "${FILESDIR}/${P}-glib-1-build.patch" + + cd "${S}/epan" + epatch "${FILESDIR}/wireshark-except-double-free.diff" + + cd "${S}" + eautoreconf +} + +src_compile() { + # optimization bug, see bug #165340, bug #40660 + if [[ $(gcc-version) == 3.4 ]] ; then + elog "Found gcc 3.4, forcing -O3 into CFLAGS" + replace-flags -O? -O3 + elif [[ $(gcc-version) == 3.3 || $(gcc-version) == 3.2 ]] ; then + elog "Found <=gcc-3.3, forcing -O into CFLAGS" + replace-flags -O? -O + fi + + # see bug #133092; bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001 + # our hardened toolchain bug + filter-flags -fstack-protector + + # profile and -fomit-frame-pointer are incompatible, bug #215806 + use profile && filter-flags -fomit-frame-pointer + + local myconf + if use gtk; then + einfo "Building with gtk support" + else + einfo "Building without gtk support" + myconf="${myconf} --disable-wireshark" + fi + + # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass + # --with-ssl to ./configure. (Mimics code from acinclude.m4). + if use kerberos; then + case `krb5-config --libs` in + *-lcrypto*) myconf="${myconf} --with-ssl" ;; + esac + fi + + # dumpcap requires libcap, setuid-install requires dumpcap + econf $(use_enable gtk gtk2) \ + $(use_enable profile profile-build) \ + $(use_with gnutls) \ + $(use_with gcrypt) \ + $(use_enable gtk wireshark) \ + $(use_enable ipv6) \ + $(use_enable threads) \ + $(use_with lua) \ + $(use_with adns) \ + $(use_with kerberos krb5) \ + $(use_with smi libsmi) \ + $(use_with pcap) \ + $(use_with zlib) \ + $(use_with pcre) \ + $(use_with portaudio) \ + $(use_with caps libcap) \ + $(use_enable pcap setuid-install) \ + --sysconfdir=/etc/wireshark \ + ${myconf} + + emake || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + fowners 0:wireshark /usr/bin/tshark + fperms 6550 /usr/bin/tshark + use pcap && fowners 0:wireshark /usr/bin/dumpcap + use pcap && fperms 6550 /usr/bin/dumpcap + + insinto /usr/include/wiretap + doins wiretap/wtap.h + + # FAQ is not required as is installed from help/faq.txt + dodoc AUTHORS ChangeLog NEWS README{,bsd,linux,macos,vmware} doc/randpkt.txt + + if use gtk ; then + insinto /usr/share/icons/hicolor/16x16/apps + newins image/hi16-app-wireshark.png wireshark.png + insinto /usr/share/icons/hicolor/32x32/apps + newins image/hi32-app-wireshark.png wireshark.png + insinto /usr/share/icons/hicolor/48x48/apps + newins image/hi48-app-wireshark.png wireshark.png + insinto /usr/share/applications + doins wireshark.desktop + fi +} + +pkg_postinst() { + echo + ewarn "With version 0.99.7, all function calls that require elevated privileges" + ewarn "have been moved out of the GUI to dumpcap. WIRESHARK CONTAINS OVER ONE" + ewarn "POINT FIVE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT." + ewarn + ewarn "NOTE: To run wireshark as normal user you have to add yourself into" + ewarn "wireshark group. This security measure ensures that only trusted" + ewarn "users allowed to sniff your traffic." + echo +} |