diff options
author | Peter Volkov <pva@gentoo.org> | 2010-10-14 14:46:22 +0000 |
---|---|---|
committer | Peter Volkov <pva@gentoo.org> | 2010-10-14 14:46:22 +0000 |
commit | 47652b49da0d3d7472665100e58a6a5d8c3c9173 (patch) | |
tree | 98fa1ba35a96a7a13d45a517113281f434369389 | |
parent | stable x86, bug 330539 (diff) | |
download | historical-47652b49da0d3d7472665100e58a6a5d8c3c9173.tar.gz historical-47652b49da0d3d7472665100e58a6a5d8c3c9173.tar.bz2 historical-47652b49da0d3d7472665100e58a6a5d8c3c9173.zip |
Version bump, fixes security vulnerability #339401 reported by Tim Sammut.
Package-Manager: portage-2.2_rc83/cvs/Linux x86_64
-rw-r--r-- | net-analyzer/wireshark/ChangeLog | 7 | ||||
-rw-r--r-- | net-analyzer/wireshark/wireshark-1.2.12.ebuild | 156 |
2 files changed, 162 insertions, 1 deletions
diff --git a/net-analyzer/wireshark/ChangeLog b/net-analyzer/wireshark/ChangeLog index e7471052bd3d..1cea4d7e6361 100644 --- a/net-analyzer/wireshark/ChangeLog +++ b/net-analyzer/wireshark/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-analyzer/wireshark # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.246 2010/09/03 07:33:26 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.247 2010/10/14 14:46:22 pva Exp $ + +*wireshark-1.2.12 (14 Oct 2010) + + 14 Oct 2010; Peter Volkov <pva@gentoo.org> +wireshark-1.2.12.ebuild: + Version bump, fixes security vulnerability #339401 reported by Tim Sammut. *wireshark-1.2.11 (03 Sep 2010) diff --git a/net-analyzer/wireshark/wireshark-1.2.12.ebuild b/net-analyzer/wireshark/wireshark-1.2.12.ebuild new file mode 100644 index 000000000000..12351271ec5b --- /dev/null +++ b/net-analyzer/wireshark/wireshark-1.2.12.ebuild @@ -0,0 +1,156 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.2.12.ebuild,v 1.1 2010/10/14 14:46:22 pva Exp $ + +EAPI=2 +inherit autotools libtool flag-o-matic eutils toolchain-funcs + +DESCRIPTION="A network protocol analyzer formerly known as ethereal" +HOMEPAGE="http://www.wireshark.org/" + +# _rc versions has different download location. +[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && { +SRC_URI="http://www.wireshark.org/download/prerelease/${PN}-${PV/_rc/pre}.tar.gz"; +S=${WORKDIR}/${PN}-${PV/_rc/pre} ; } || \ +SRC_URI="http://www.wireshark.org/download/src/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="adns ares gtk ipv6 lua portaudio gnutls gcrypt geoip zlib kerberos threads profile smi +pcap pcre +caps selinux" + +RDEPEND=">=dev-libs/glib-2.4.0:2 + zlib? ( sys-libs/zlib + !=sys-libs/zlib-1.2.4 ) + smi? ( net-libs/libsmi ) + gtk? ( >=x11-libs/gtk+-2.4.0:2 + x11-libs/pango + dev-libs/atk ) + gnutls? ( net-libs/gnutls ) + gcrypt? ( dev-libs/libgcrypt ) + pcap? ( net-libs/libpcap ) + pcre? ( dev-libs/libpcre ) + caps? ( sys-libs/libcap ) + kerberos? ( virtual/krb5 ) + portaudio? ( media-libs/portaudio ) + ares? ( >=net-dns/c-ares-1.5 ) + !ares? ( adns? ( net-libs/adns ) ) + geoip? ( dev-libs/geoip ) + lua? ( >=dev-lang/lua-5.1 ) + selinux? ( sec-policy/selinux-wireshark )" + +DEPEND="${RDEPEND} + >=dev-util/pkgconfig-0.15.0 + dev-lang/perl + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + if ! use gtk; then + ewarn "USE=-gtk will means no gui called wireshark will be created and" + ewarn "only command line utils are available" + fi + + # Add group for users allowed to sniff. + enewgroup wireshark +} + +src_prepare() { + cd "${S}"/epan # our hardened toolchain bug... + epatch "${FILESDIR}/wireshark-except-double-free.diff" + + cd "${S}" + epatch "${FILESDIR}/${PN}-1.1.2--as-needed.patch" + eautoreconf +} + +src_configure() { + local myconf + + # optimization bug, see bug #165340, bug #40660 + if [[ $(gcc-version) == 3.4 ]] ; then + elog "Found gcc 3.4, forcing -O3 into CFLAGS" + replace-flags -O? -O3 + elif [[ $(gcc-version) == 3.3 || $(gcc-version) == 3.2 ]] ; then + elog "Found <=gcc-3.3, forcing -O into CFLAGS" + replace-flags -O? -O + fi + + if use ares && use adns; then + einfo "You asked for both, ares and adns, but we can use only one of them." + einfo "c-ares supersedes adns resolver thus using c-ares (ares USE flag)." + myconf="$(use_with ares c-ares) --without-adns" + else + myconf="$(use_with adns) $(use_with ares c-ares)" + fi + + # see bug #133092; bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001 + # our hardened toolchain bug + filter-flags -fstack-protector + + # profile and pie are incompatible #215806, #292991 + if use profile; then + ewarn "You've enabled the 'profile' USE flag, building PIE binaries is disabled." + append-flags $(test-flags-CC -nopie) + fi + + # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass + # --with-ssl to ./configure. (Mimics code from acinclude.m4). + if use kerberos; then + case `krb5-config --libs` in + *-lcrypto*) myconf="${myconf} --with-ssl" ;; + esac + fi + + # dumpcap requires libcap, setuid-install requires dumpcap + econf $(use_enable gtk wireshark) \ + $(use_enable profile profile-build) \ + $(use_with gnutls) \ + $(use_with gcrypt) \ + $(use_enable ipv6) \ + $(use_enable threads) \ + $(use_with lua) \ + $(use_with kerberos krb5) \ + $(use_with smi libsmi) \ + $(use_with pcap) \ + $(use_with zlib) \ + $(use_with pcre) \ + $(use_with geoip) \ + $(use_with portaudio) \ + $(use_with caps libcap) \ + $(use_enable pcap setuid-install) \ + --sysconfdir=/etc/wireshark \ + ${myconf} +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + use pcap && fowners 0:wireshark /usr/bin/dumpcap + use pcap && fperms 6550 /usr/bin/dumpcap + + insinto /usr/include/wiretap + doins wiretap/wtap.h + + # FAQ is not required as is installed from help/faq.txt + dodoc AUTHORS ChangeLog NEWS README{,.bsd,.linux,.macos,.vmware} doc/randpkt.txt + + if use gtk; then + for c in hi lo; do + for d in 16 32 48; do + insinto /usr/share/icons/${c}color/${d}x${d}/apps + newins image/${c}${d}-app-wireshark.png wireshark.png + done + done + insinto /usr/share/applications + doins wireshark.desktop + fi +} + +pkg_postinst() { + echo + ewarn "NOTE: To run wireshark as normal user you have to add yourself into" + ewarn "wireshark group. This security measure ensures that only trusted" + ewarn "users allowed to sniff your traffic." + echo +} |