1 |
zerochaos 13/01/30 01:29:44 |
2 |
|
3 |
Modified: ChangeLog |
4 |
Added: wireshark-1.8.5.ebuild |
5 |
Log: |
6 |
added new wireshark 1.8.5 addressing multiple vulnerabilities. 1.6.13 should be along shortly |
7 |
|
8 |
(Portage version: 2.1.11.31/cvs/Linux x86_64, signed Manifest commit with key DD11F94A) |
9 |
|
10 |
Revision Changes Path |
11 |
1.426 net-analyzer/wireshark/ChangeLog |
12 |
|
13 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/wireshark/ChangeLog?rev=1.426&view=markup |
14 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/wireshark/ChangeLog?rev=1.426&content-type=text/plain |
15 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/wireshark/ChangeLog?r1=1.425&r2=1.426 |
16 |
|
17 |
Index: ChangeLog |
18 |
=================================================================== |
19 |
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v |
20 |
retrieving revision 1.425 |
21 |
retrieving revision 1.426 |
22 |
diff -u -r1.425 -r1.426 |
23 |
--- ChangeLog 15 Dec 2012 17:56:55 -0000 1.425 |
24 |
+++ ChangeLog 30 Jan 2013 01:29:44 -0000 1.426 |
25 |
@@ -1,6 +1,12 @@ |
26 |
# ChangeLog for net-analyzer/wireshark |
27 |
-# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2 |
28 |
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.425 2012/12/15 17:56:55 jer Exp $ |
29 |
+# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 |
30 |
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.426 2013/01/30 01:29:44 zerochaos Exp $ |
31 |
+ |
32 |
+*wireshark-1.8.5 (30 Jan 2013) |
33 |
+ |
34 |
+ 30 Jan 2013; Rick Farina <zerochaos@g.o> +wireshark-1.8.5.ebuild: |
35 |
+ added new wireshark 1.8.5 addressing multiple vulnerabilities. 1.6.13 should |
36 |
+ be along shortly |
37 |
|
38 |
15 Dec 2012; Jeroen Roovers <jer@g.o> -wireshark-1.6.10-r2.ebuild, |
39 |
-files/wireshark-1.6.10-CVE-2012-3548.patch, -wireshark-1.6.11.ebuild, |
40 |
|
41 |
|
42 |
|
43 |
1.1 net-analyzer/wireshark/wireshark-1.8.5.ebuild |
44 |
|
45 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/wireshark/wireshark-1.8.5.ebuild?rev=1.1&view=markup |
46 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-analyzer/wireshark/wireshark-1.8.5.ebuild?rev=1.1&content-type=text/plain |
47 |
|
48 |
Index: wireshark-1.8.5.ebuild |
49 |
=================================================================== |
50 |
# Copyright 1999-2013 Gentoo Foundation |
51 |
# Distributed under the terms of the GNU General Public License v2 |
52 |
# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.8.5.ebuild,v 1.1 2013/01/30 01:29:44 zerochaos Exp $ |
53 |
|
54 |
EAPI="4" |
55 |
PYTHON_DEPEND="python? 2" |
56 |
inherit autotools eutils flag-o-matic python toolchain-funcs user |
57 |
|
58 |
[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && MY_P=${PN}-${PV/_} || MY_P=${P} |
59 |
DESCRIPTION="A network protocol analyzer formerly known as ethereal" |
60 |
HOMEPAGE="http://www.wireshark.org/" |
61 |
SRC_URI="http://www.wireshark.org/download/src/all-versions/${MY_P}.tar.bz2" |
62 |
|
63 |
LICENSE="GPL-2" |
64 |
SLOT="0" |
65 |
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" |
66 |
IUSE=" |
67 |
adns +caps doc doc-pdf geoip gtk crypt ipv6 kerberos libadns lua +pcap |
68 |
portaudio profile python selinux smi ssl zlib |
69 |
" |
70 |
RDEPEND=" |
71 |
>=dev-libs/glib-2.14:2 |
72 |
zlib? ( sys-libs/zlib |
73 |
!=sys-libs/zlib-1.2.4 ) |
74 |
smi? ( net-libs/libsmi ) |
75 |
gtk? ( >=x11-libs/gtk+-2.4.0:2 |
76 |
x11-libs/pango |
77 |
dev-libs/atk |
78 |
x11-misc/xdg-utils ) |
79 |
ssl? ( net-libs/gnutls dev-libs/libgcrypt ) |
80 |
crypt? ( dev-libs/libgcrypt ) |
81 |
pcap? ( net-libs/libpcap ) |
82 |
caps? ( sys-libs/libcap ) |
83 |
kerberos? ( virtual/krb5 ) |
84 |
portaudio? ( media-libs/portaudio ) |
85 |
adns? ( |
86 |
!libadns? ( >=net-dns/c-ares-1.5 ) |
87 |
) |
88 |
libadns? ( net-libs/adns ) |
89 |
geoip? ( dev-libs/geoip ) |
90 |
lua? ( >=dev-lang/lua-5.1 ) |
91 |
selinux? ( sec-policy/selinux-wireshark ) |
92 |
" |
93 |
|
94 |
DEPEND=" |
95 |
${RDEPEND} |
96 |
doc? ( dev-libs/libxslt |
97 |
dev-libs/libxml2 |
98 |
app-doc/doxygen |
99 |
doc-pdf? ( dev-java/fop ) ) |
100 |
virtual/pkgconfig |
101 |
dev-lang/perl |
102 |
sys-devel/bison |
103 |
sys-apps/sed |
104 |
sys-devel/flex |
105 |
" |
106 |
|
107 |
S=${WORKDIR}/${MY_P} |
108 |
|
109 |
# borrowed from GSoC2010_Gentoo_Capabilities by constanze and flameyeys |
110 |
# @FUNCTION: fcaps |
111 |
# @USAGE: fcaps {uid:gid} {file-mode} {cap1[,cap2,...]} {file} |
112 |
# @RETURN: 0 if all okay; non-zero if failure and fallback |
113 |
# @DESCRIPTION: |
114 |
# fcaps sets the specified capabilities in the effective and permitted set of |
115 |
# the given file. In case of failure fcaps sets the given file-mode. |
116 |
fcaps() { |
117 |
local uid_gid=$1 |
118 |
local perms=$2 |
119 |
local capset=$3 |
120 |
local path=$4 |
121 |
local res |
122 |
|
123 |
chmod $perms $path && \ |
124 |
chown $uid_gid $path |
125 |
res=$? |
126 |
|
127 |
use caps || return $res |
128 |
|
129 |
#set the capability |
130 |
setcap "$capset=ep" "$path" &> /dev/null |
131 |
#check if the capabilitiy got set correctly |
132 |
setcap -v "$capset=ep" "$path" &> /dev/null |
133 |
res=$? |
134 |
|
135 |
if [ $res -ne 0 ]; then |
136 |
ewarn "Failed to set capabilities. Probable reason is missed kernel support." |
137 |
ewarn "Kernel must have <FS>_FS_SECURITY enabled where <FS> is the filesystem" |
138 |
ewarn "to store ${path} (e.g. EXT3_FS_SECURITY). For kernels version before" |
139 |
ewarn "2.6.33_rc1 SECURITY_FILE_CAPABILITIES must be enabled as well." |
140 |
ewarn |
141 |
ewarn "Falling back to suid now..." |
142 |
chmod u+s ${path} |
143 |
fi |
144 |
return $res |
145 |
} |
146 |
|
147 |
pkg_setup() { |
148 |
if ! use gtk; then |
149 |
ewarn "USE=-gtk disables gtk-based gui called wireshark." |
150 |
ewarn "Only command line utils will be built available" |
151 |
fi |
152 |
if use python; then |
153 |
python_set_active_version 2 |
154 |
python_pkg_setup |
155 |
fi |
156 |
# Add group for users allowed to sniff. |
157 |
enewgroup wireshark |
158 |
} |
159 |
|
160 |
src_prepare() { |
161 |
epatch \ |
162 |
"${FILESDIR}"/${PN}-1.8.1-ldflags.patch \ |
163 |
"${FILESDIR}"/${PN}-1.8.3-gnutls3.patch |
164 |
sed -i -e 's|.png||g' ${PN}.desktop || die |
165 |
eautoreconf |
166 |
} |
167 |
|
168 |
src_configure() { |
169 |
local myconf |
170 |
|
171 |
if [[ $(gcc-major-version) -lt 3 || |
172 |
( $(gcc-major-version) -eq 3 && |
173 |
$(gcc-minor-version) -le 4 ) ]] ; then |
174 |
die "Unsupported compiler version, please upgrade." |
175 |
fi |
176 |
|
177 |
# profile and pie are incompatible #215806, #292991 |
178 |
if use profile; then |
179 |
ewarn "You've enabled the 'profile' USE flag, building PIE binaries is disabled." |
180 |
ewarn "Also ignore \"unrecognized option '-nopie'\" gcc warning #358101." |
181 |
append-flags $(test-flags-CC -nopie) |
182 |
fi |
183 |
|
184 |
if use adns; then |
185 |
if use libadns; then |
186 |
myconf+=( "--with-adns --without-c-ares" ) |
187 |
else |
188 |
myconf+=( "--without-adns --with-c-ares" ) |
189 |
fi |
190 |
else |
191 |
if use libadns; then |
192 |
myconf+=( "--with-adns --without-c-ares" ) |
193 |
else |
194 |
myconf+=( "--without-adns --without-c-ares" ) |
195 |
fi |
196 |
fi |
197 |
# Workaround bug #213705. If krb5-config --libs has -lcrypto then pass |
198 |
# --with-ssl to ./configure. (Mimics code from acinclude.m4). |
199 |
if use kerberos; then |
200 |
case `krb5-config --libs` in |
201 |
*-lcrypto*) |
202 |
ewarn "Kerberos was built with ssl support: linkage with openssl is enabled." |
203 |
ewarn "Note there are annoying license incompatibilities between the OpenSSL" |
204 |
ewarn "license and the GPL, so do your check before distributing such package." |
205 |
myconf+=( "--with-ssl" ) |
206 |
;; |
207 |
esac |
208 |
fi |
209 |
|
210 |
# Hack around inability to disable doxygen/fop doc generation |
211 |
use doc || export ac_cv_prog_HAVE_DOXYGEN=false |
212 |
use doc-pdf || export ac_cv_prog_HAVE_FOP=false |
213 |
|
214 |
# dumpcap requires libcap, setuid-install requires dumpcap |
215 |
econf \ |
216 |
$(use pcap && use_enable !caps setuid-install) \ |
217 |
$(use pcap && use_enable caps setcap-install) \ |
218 |
$(use_enable gtk wireshark) \ |
219 |
$(use_enable ipv6) \ |
220 |
$(use_enable profile profile-build) \ |
221 |
$(use_with caps libcap) \ |
222 |
$(use_with crypt gcrypt) \ |
223 |
$(use_with geoip) \ |
224 |
$(use_with kerberos krb5) \ |
225 |
$(use_with lua) \ |
226 |
$(use_with pcap dumpcap-group wireshark) \ |
227 |
$(use_with pcap) \ |
228 |
$(use_with portaudio) \ |
229 |
$(use_with python) \ |
230 |
$(use_with smi libsmi) \ |
231 |
$(use_with ssl gnutls) \ |
232 |
$(use_with zlib) \ |
233 |
--disable-extra-gcc-checks \ |
234 |
--disable-usr-local \ |
235 |
--sysconfdir="${EPREFIX}"/etc/wireshark \ |
236 |
${myconf[@]} |
237 |
} |
238 |
|
239 |
src_compile() { |
240 |
default |
241 |
use doc && emake -C docbook |
242 |
} |
243 |
|
244 |
src_install() { |
245 |
default |
246 |
if use doc; then |
247 |
dohtml -r docbook/{release-notes.html,ws{d,u}g_html{,_chunked}} |
248 |
if use doc-pdf; then |
249 |
insinto /usr/share/doc/${PF}/pdf/ |
250 |
doins docbook/{{developer,user}-guide,release-notes}-{a4,us}.pdf |
251 |
fi |
252 |
fi |
253 |
|
254 |
# FAQ is not required as is installed from help/faq.txt |
255 |
dodoc AUTHORS ChangeLog NEWS README{,.bsd,.linux,.macos,.vmware} \ |
256 |
doc/{randpkt.txt,README*} |
257 |
|
258 |
# install headers |
259 |
local wsheader |
260 |
for wsheader in $( echo $(< debian/wireshark-dev.header-files ) ); do |
261 |
insinto /usr/include/wireshark/$( dirname ${wsheader} ) |
262 |
doins ${wsheader} |
263 |
done |
264 |
|
265 |
#with the above this really shouldn't be needed, but things may be looking in wiretap/ instead of wireshark/wiretap/ |
266 |
insinto /usr/include/wiretap |
267 |
doins wiretap/wtap.h |
268 |
|
269 |
if use gtk; then |
270 |
for c in hi lo; do |
271 |
for d in 16 32 48; do |
272 |
insinto /usr/share/icons/${c}color/${d}x${d}/apps |
273 |
newins image/${c}${d}-app-wireshark.png wireshark.png |
274 |
done |
275 |
done |
276 |
domenu wireshark.desktop |
277 |
fi |
278 |
use pcap && chmod o-x "${ED}"/usr/bin/dumpcap #357237 |
279 |
} |
280 |
|
281 |
pkg_postinst() { |
282 |
if use caps && use pcap; then |
283 |
fcaps 0:wireshark 550 cap_dac_read_search,cap_net_raw,cap_net_admin "${EROOT}"/usr/bin/dumpcap |
284 |
fi |
285 |
echo |
286 |
ewarn "NOTE: To run wireshark as normal user you have to add yourself to" |
287 |
ewarn "the wireshark group. This security measure ensures that only trusted" |
288 |
ewarn "users are allowed to sniff your traffic." |
289 |
echo |
290 |
} |