diff options
author | Peter Volkov <pva@gentoo.org> | 2008-12-13 18:55:14 +0000 |
---|---|---|
committer | Peter Volkov <pva@gentoo.org> | 2008-12-13 18:55:14 +0000 |
commit | 4f127e0a53433963a19e54d2ddd88141b5ab03b6 (patch) | |
tree | 28cc7421df7528e7474a392388a3bab624112f12 | |
parent | x86 stable (diff) | |
download | historical-4f127e0a53433963a19e54d2ddd88141b5ab03b6.tar.gz historical-4f127e0a53433963a19e54d2ddd88141b5ab03b6.tar.bz2 historical-4f127e0a53433963a19e54d2ddd88141b5ab03b6.zip |
Version bump, fixes security issue #248425, thank Steven Susbauer for report.
Package-Manager: portage-2.1.6.1/cvs/Linux 2.6.26-gentoo-r4 x86_64
-rw-r--r-- | net-analyzer/wireshark/ChangeLog | 8 | ||||
-rw-r--r-- | net-analyzer/wireshark/Manifest | 5 | ||||
-rw-r--r-- | net-analyzer/wireshark/files/wireshark-1.0.5-glib-1-build.patch | 22 | ||||
-rw-r--r-- | net-analyzer/wireshark/wireshark-1.0.5.ebuild | 165 |
4 files changed, 198 insertions, 2 deletions
diff --git a/net-analyzer/wireshark/ChangeLog b/net-analyzer/wireshark/ChangeLog index d88480bafba5..aa5b6c82a429 100644 --- a/net-analyzer/wireshark/ChangeLog +++ b/net-analyzer/wireshark/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-analyzer/wireshark # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.134 2008/11/22 15:30:31 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.135 2008/12/13 18:55:14 pva Exp $ + +*wireshark-1.0.5 (13 Dec 2008) + + 13 Dec 2008; Peter Volkov <pva@gentoo.org> + +files/wireshark-1.0.5-glib-1-build.patch, +wireshark-1.0.5.ebuild: + Version bump, fixes security issue #248425, thank Steven Susbauer for report. 22 Nov 2008; Peter Volkov <pva@gentoo.org> files/wireshark-1.1.1-misc-warnings.patch, -wireshark-1.0.3.ebuild: diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest index e90df9f69186..8d1fa97e7e55 100644 --- a/net-analyzer/wireshark/Manifest +++ b/net-analyzer/wireshark/Manifest @@ -1,12 +1,15 @@ AUX wireshark-0.99.7-asneeded.patch 339 RMD160 faa516dd3dfd8bd6218f66d3bedb5490b0896f5b SHA1 ec2b8952f8fe55471e923c086a6e9b48e06ce7a8 SHA256 9fc8b3ec3fcf1cca714c78c28c1883503abfcfce4fe175e43c6d7ec14ddc9478 AUX wireshark-0.99.8-as-needed.patch 395 RMD160 2e06f641e9789db717544bfd1568e4bf6e85855c SHA1 a18b6fcc85b40c00fc1d30bcdfc81d13dc33e904 SHA256 d2f996a79fa3117296b25c10a1d4a3f0f8027a678de4e37e6c60bfb47a4754b9 AUX wireshark-1.0.4-zlib-build.patch 370 RMD160 f3403f6813460c9630d782fddd1478db60a87363 SHA1 83aa0694fc836b89a1ce5cf2748510daeb0ec108 SHA256 21ca38ec05e3e6b4fddf196c038d39b748b59256a40333b3623eff59715aff00 +AUX wireshark-1.0.5-glib-1-build.patch 721 RMD160 d4de28a4e8b45e2b2243b0d113a7f767a0d2f7f1 SHA1 89caa207c6d4e74c3b3a2f47cd62304ff58b341b SHA256 536c1e3bdfc609fa0867c7d37e4f4b88b24d4525a1687992ee7606c365eaef0a AUX wireshark-1.1.1--as-needed.patch 314 RMD160 5a9af8d8c1c2a6d2109413201659bd00f04a7bcd SHA1 87015021390434032716f244bc5432993c37f00f SHA256 f01cb55439c550c337f76354edd6f837e242544971a1f2dd3b45e911e75b42a7 AUX wireshark-1.1.1-misc-warnings.patch 5519 RMD160 24b02a98a96861621f3ebd14534bc16ab162b4a6 SHA1 2110476f7079b15982c384fa9e0c0754162a6b52 SHA256 ff335d097283d3d32a47952c33684e2485e7f506f26088957deb3c4a06121d30 AUX wireshark-except-double-free.diff 664 RMD160 2b61f03f5148975f6438351c11de18a500deabc5 SHA1 0239e19ba0ebd2cfb4ab4987a8a4c56646cd9250 SHA256 dc02a5f3e4bdbd128a2ba08f38880358f747661a93ca0b3fe1918c67b255c369 DIST wireshark-1.0.4.tar.bz2 13126757 RMD160 741b6618ba34b55079f15d5725a1e9a22a4fc351 SHA1 8e75a6d909a1da803db77f6f86fdd5096e5bbac8 SHA256 20a37f018a4e2644fdb373f2d9c5d43d4f43e41f1fa29ac6edb53045c0a70e3a +DIST wireshark-1.0.5.tar.bz2 13144320 RMD160 72b1ac2e78a02e84525b6ecd6563698b5b7474fc SHA1 593aaf3a7527e8ca74e4982caeb5a77831b121db SHA256 4f923e24d674ac62ded3da402a4de6d402886d80e3d7cac91cf026921f32fcf7 DIST wireshark-1.1.1.tar.gz 17856811 RMD160 522a717e9163b844e452cb3d50376f113335aca9 SHA1 5d6d57a6e67b30fbbd8241c9305002d410a3e920 SHA256 e55f72b7910a4556411bace181e9ecdb3c7da6b8510ade7a632a5144cee4a94a EBUILD wireshark-1.0.4.ebuild 5023 RMD160 fe695d6eb4d09a78775c50259012f93cf821ac92 SHA1 52fd64fd410b4aaf5bd42afa2c658b63d5b42f9d SHA256 2003524940e631e83ce4d5fbd3029c2a96eeb0438655f86066b1bf75338bf29f +EBUILD wireshark-1.0.5.ebuild 4900 RMD160 cf85972927df7c068864f22ddf16fb4488f7b566 SHA1 7c6b1e49583ce5e2934b3f2c377274a9b1bc05f4 SHA256 b523dcdffe7ce43c3263ad9dc29e5dc4893400db96a95974a03819ed1a453d23 EBUILD wireshark-1.1.1.ebuild 4877 RMD160 41554c22880caec66f8cd7bb4f6166e77a4f17e8 SHA1 7fdd83bed14bebbda885a73f21d75b96edbf33d7 SHA256 743847dde1635d343813d1b7a0a9c2cb4e0f63ad0c2c7719ef7ae454da812823 -MISC ChangeLog 20835 RMD160 5a33643760d2cd3862e90f9d3ebc369797bbac05 SHA1 ebf0d757ae68c5951ed83a31073d2cbc5a324d4d SHA256 b2632fa53367e1426882bf13c690671fa0c03ba55d4049a632aee2b8cd1e3816 +MISC ChangeLog 21063 RMD160 f558892b59fe63acda2eb79130a76be38af7f4b6 SHA1 6ef5c49b882b29fee0d15393b35a1937dd61c63b SHA256 4e0ee0e20a800e1b839890c1158bc2a61eab59e908616bad9002b79b9d393e3b MISC metadata.xml 2154 RMD160 01af8905d25e6c387902d30766daedcd37d94e0e SHA1 d68e79d413654ce72c553d508d7aa96f27fe85b5 SHA256 48c540fcec9cf1e5eebe132d7f90e8330b413f4eb6469761a88720eaa6a2233a diff --git a/net-analyzer/wireshark/files/wireshark-1.0.5-glib-1-build.patch b/net-analyzer/wireshark/files/wireshark-1.0.5-glib-1-build.patch new file mode 100644 index 000000000000..3d54d9f1f490 --- /dev/null +++ b/net-analyzer/wireshark/files/wireshark-1.0.5-glib-1-build.patch @@ -0,0 +1,22 @@ +--- trunk-1.0/epan/to_str.c 2008/12/12 20:16:43 26973 ++++ trunk-1.0/epan/to_str.c 2008/12/12 20:28:21 26974 +@@ -344,6 +344,19 @@ + #define COMMA(do_it) ((do_it) ? ", " : "") + + /* ++ * GLib 1.2[.x] doesn't define G_MAXINT32 or G_MININT32; if they're not ++ * defined, we define them as the maximum and minimum 32-bit signed ++ * 2's-complement number. ++ * Copied from epan/dfilter/scanner.l ++ */ ++#ifndef G_MAXINT32 ++#define G_MAXINT32 ((gint32)0x7FFFFFFF) ++#endif ++#ifndef G_MININT32 ++#define G_MININT32 ((gint32)0x80000000) ++#endif ++ ++/* + * Maximum length of a string showing days/hours/minutes/seconds. + * (Does not include the terminating '\0'.) + * Includes space for a '-' sign for any negative components. diff --git a/net-analyzer/wireshark/wireshark-1.0.5.ebuild b/net-analyzer/wireshark/wireshark-1.0.5.ebuild new file mode 100644 index 000000000000..eff3291ff165 --- /dev/null +++ b/net-analyzer/wireshark/wireshark-1.0.5.ebuild @@ -0,0 +1,165 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.0.5.ebuild,v 1.1 2008/12/13 18:55:14 pva Exp $ + +EAPI=1 +WANT_AUTOMAKE="1.9" +inherit autotools libtool flag-o-matic eutils toolchain-funcs + +DESCRIPTION="A network protocol analyzer formerly known as ethereal" +HOMEPAGE="http://www.wireshark.org/" + +# _rc versions has different download location. +[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && { +SRC_URI="http://www.wireshark.org/download/prerelease/${PN}-${PV/_rc/pre}.tar.gz"; +S=${WORKDIR}/${PN}-${PV/_rc/pre} ; } || \ +SRC_URI="http://www.wireshark.org/download/src/all-versions/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="adns gtk ipv6 lua portaudio gnutls gcrypt zlib kerberos threads profile smi +pcap pcre +caps selinux" + +RDEPEND="zlib? ( sys-libs/zlib ) + smi? ( net-libs/libsmi ) + gtk? ( >=dev-libs/glib-2.0.4 + =x11-libs/gtk+-2* + x11-libs/pango + dev-libs/atk ) + !gtk? ( =dev-libs/glib-1.2* ) + gnutls? ( net-libs/gnutls ) + gcrypt? ( dev-libs/libgcrypt ) + pcap? ( net-libs/libpcap ) + pcre? ( dev-libs/libpcre ) + caps? ( sys-libs/libcap ) + adns? ( net-libs/adns ) + kerberos? ( virtual/krb5 ) + portaudio? ( media-libs/portaudio ) + lua? ( >=dev-lang/lua-5.1 ) + selinux? ( sec-policy/selinux-wireshark )" + +DEPEND="${RDEPEND} + >=dev-util/pkgconfig-0.15.0 + dev-lang/perl + sys-devel/bison + sys-devel/flex" + +pkg_setup() { + if ! use gtk; then + ewarn "USE=-gtk will mean no gui called wireshark will be created and" + ewarn "only command line utils are available" + fi + + # Add group for users allowed to sniff. + enewgroup wireshark || die "Failed to create wireshark group" +} + +src_unpack() { + unpack ${A} + + cd "${S}" + epatch "${FILESDIR}/${PN}-0.99.7-asneeded.patch" + epatch "${FILESDIR}/${PN}-0.99.8-as-needed.patch" + epatch "${FILESDIR}/${P}-glib-1-build.patch" + + cd "${S}/epan" + epatch "${FILESDIR}/wireshark-except-double-free.diff" + + cd "${S}" + eautoreconf +} + +src_compile() { + # optimization bug, see bug #165340, bug #40660 + if [[ $(gcc-version) == 3.4 ]] ; then + elog "Found gcc 3.4, forcing -O3 into CFLAGS" + replace-flags -O? -O3 + elif [[ $(gcc-version) == 3.3 || $(gcc-version) == 3.2 ]] ; then + elog "Found <=gcc-3.3, forcing -O into CFLAGS" + replace-flags -O? -O + fi + + # see bug #133092; bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001 + # our hardened toolchain bug + filter-flags -fstack-protector + + # profile and -fomit-frame-pointer are incompatible, bug #215806 + use profile && filter-flags -fomit-frame-pointer + + local myconf + if use gtk; then + einfo "Building with gtk support" + else + einfo "Building without gtk support" + myconf="${myconf} --disable-wireshark" + fi + + # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass + # --with-ssl to ./configure. (Mimics code from acinclude.m4). + if use kerberos; then + case `krb5-config --libs` in + *-lcrypto*) myconf="${myconf} --with-ssl" ;; + esac + fi + + # dumpcap requires libcap, setuid-install requires dumpcap + econf $(use_enable gtk gtk2) \ + $(use_enable profile profile-build) \ + $(use_with gnutls) \ + $(use_with gcrypt) \ + $(use_enable gtk wireshark) \ + $(use_enable ipv6) \ + $(use_enable threads) \ + $(use_with lua) \ + $(use_with adns) \ + $(use_with kerberos krb5) \ + $(use_with smi libsmi) \ + $(use_with pcap) \ + $(use_with zlib) \ + $(use_with pcre) \ + $(use_with portaudio) \ + $(use_with caps libcap) \ + $(use_enable pcap setuid-install) \ + --sysconfdir=/etc/wireshark \ + ${myconf} + + emake || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + + fowners 0:wireshark /usr/bin/tshark + fperms 6550 /usr/bin/tshark + use pcap && fowners 0:wireshark /usr/bin/dumpcap + use pcap && fperms 6550 /usr/bin/dumpcap + + insinto /usr/include/wiretap + doins wiretap/wtap.h + + # FAQ is not required as is installed from help/faq.txt + dodoc AUTHORS ChangeLog NEWS README{,bsd,linux,macos,vmware} doc/randpkt.txt + + if use gtk ; then + insinto /usr/share/icons/hicolor/16x16/apps + newins image/hi16-app-wireshark.png wireshark.png + insinto /usr/share/icons/hicolor/32x32/apps + newins image/hi32-app-wireshark.png wireshark.png + insinto /usr/share/icons/hicolor/48x48/apps + newins image/hi48-app-wireshark.png wireshark.png + insinto /usr/share/applications + doins wireshark.desktop + fi +} + +pkg_postinst() { + echo + ewarn "With version 0.99.7, all function calls that require elevated privileges" + ewarn "have been moved out of the GUI to dumpcap. WIRESHARK CONTAINS OVER ONE" + ewarn "POINT FIVE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT." + ewarn + ewarn "NOTE: To run wireshark as normal user you have to add yourself into" + ewarn "wireshark group. This security measure ensures that only trusted" + ewarn "users allowed to sniff your traffic." + echo +} |