diff options
author | Peter Volkov <pva@gentoo.org> | 2008-04-01 19:51:41 +0000 |
---|---|---|
committer | Peter Volkov <pva@gentoo.org> | 2008-04-01 19:51:41 +0000 |
commit | 546687224f1d8c0a94f9e96d4f665b4389797b20 (patch) | |
tree | 8c9e28949e5577d1a4b6a57a2042f445b6db565b | |
parent | stable x86, bug 215125 (diff) | |
download | historical-546687224f1d8c0a94f9e96d4f665b4389797b20.tar.gz historical-546687224f1d8c0a94f9e96d4f665b4389797b20.tar.bz2 historical-546687224f1d8c0a94f9e96d4f665b4389797b20.zip |
Version bump, as usual security fixes, bug #215276, thank Robert Buchholz and Christian Faulhammer for report.
Package-Manager: portage-2.1.4.4
-rw-r--r-- | net-analyzer/wireshark/ChangeLog | 12 | ||||
-rw-r--r-- | net-analyzer/wireshark/Manifest | 9 | ||||
-rw-r--r-- | net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-setcap-EPERM.patch | 31 | ||||
-rw-r--r-- | net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-stop-capture.patch | 344 | ||||
-rw-r--r-- | net-analyzer/wireshark/wireshark-1.0.0.ebuild (renamed from net-analyzer/wireshark/wireshark-1.0.0_rc1-r1.ebuild) | 7 | ||||
-rw-r--r-- | net-analyzer/wireshark/wireshark-1.0.0_rc1.ebuild | 162 |
6 files changed, 17 insertions, 548 deletions
diff --git a/net-analyzer/wireshark/ChangeLog b/net-analyzer/wireshark/ChangeLog index 801804f6edf0..6e3c7c8673e3 100644 --- a/net-analyzer/wireshark/ChangeLog +++ b/net-analyzer/wireshark/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for net-analyzer/wireshark # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.91 2008/03/23 14:06:28 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.92 2008/04/01 19:51:40 pva Exp $ + +*wireshark-1.0.0 (01 Apr 2008) + + 01 Apr 2008; Peter Volkov <pva@gentoo.org> + -files/wireshark-1.0.0_rc1-fix-setcap-EPERM.patch, + -files/wireshark-1.0.0_rc1-fix-stop-capture.patch, + -wireshark-1.0.0_rc1.ebuild, -wireshark-1.0.0_rc1-r1.ebuild, + +wireshark-1.0.0.ebuild: + Version bump, as usual security fixes, bug #215276, thank Robert Buchholz + and Christian Faulhammer for report. *wireshark-1.0.0_rc1-r1 (23 Mar 2008) diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest index bf35e9432de6..b1514ba21ccf 100644 --- a/net-analyzer/wireshark/Manifest +++ b/net-analyzer/wireshark/Manifest @@ -1,13 +1,10 @@ AUX wireshark-0.99.7-asneeded.patch 339 RMD160 faa516dd3dfd8bd6218f66d3bedb5490b0896f5b SHA1 ec2b8952f8fe55471e923c086a6e9b48e06ce7a8 SHA256 9fc8b3ec3fcf1cca714c78c28c1883503abfcfce4fe175e43c6d7ec14ddc9478 AUX wireshark-0.99.8-as-needed.patch 395 RMD160 2e06f641e9789db717544bfd1568e4bf6e85855c SHA1 a18b6fcc85b40c00fc1d30bcdfc81d13dc33e904 SHA256 d2f996a79fa3117296b25c10a1d4a3f0f8027a678de4e37e6c60bfb47a4754b9 AUX wireshark-0.99.8-libpcap-compile.patch 892 RMD160 29548906e6ffe619c45deee1378953c63fa57a06 SHA1 f892354fc96f5bd009e8123ab14ac3d338029d8b SHA256 9e19ee7518dd3e1dcd9dbf37485590a7b42de727da301472decc15125241bb2f -AUX wireshark-1.0.0_rc1-fix-setcap-EPERM.patch 1054 RMD160 643e98e782ec75f20c1455eb1064e7fe69166640 SHA1 92500c4da67360d921c9b5bde403b034957e5a12 SHA256 9b16e5c904962987756217460f6916f5cba7b4d88259a57af686b61b0fae22c5 -AUX wireshark-1.0.0_rc1-fix-stop-capture.patch 14531 RMD160 d09dc0e5aa30ec2a9913a75068e95f6650b2abab SHA1 595e7b5b90a207cd348969895b843414a571aacb SHA256 4e5a63d5e9c2178e83eacd838b62ff32b97fee4d87c5e5273fc1772fc756e614 AUX wireshark-except-double-free.diff 664 RMD160 2b61f03f5148975f6438351c11de18a500deabc5 SHA1 0239e19ba0ebd2cfb4ab4987a8a4c56646cd9250 SHA256 dc02a5f3e4bdbd128a2ba08f38880358f747661a93ca0b3fe1918c67b255c369 DIST wireshark-0.99.8.tar.bz2 13243168 RMD160 3d7a4fdd9e2c9b9abaa0c9fe0c3e76fa86ec9aea SHA1 a33c7fd8d73bcbf843d3e3a96fd44489212c51e5 SHA256 ee9d2e7a75bc1ed80ef5faf9debca51ac238996a544f60314b7028f2f3140c22 -DIST wireshark-1.0.0pre1.tar.gz 17041792 RMD160 d2ac844587987620472c07f25ffded7ea485a7e3 SHA1 815c8f03935da4ef2baa2b088c8a9d49e7d3ab6f SHA256 d3fccf81edcd2d8286be75075b8a491fbf56f9842fd11c00b1c1181d77322435 +DIST wireshark-1.0.0.tar.bz2 13413951 RMD160 12016f80d30954bdc89163958e7d007543b3327e SHA1 4f53f526359a072665812deca980999bd26e6ab0 SHA256 b54713e146a7277cf05f309d3c706884b0e0ef5a7794e48a4251c4e17acd9fd0 EBUILD wireshark-0.99.8.ebuild 4757 RMD160 002d57f5a347e72f97d432cf4344785050aee11a SHA1 b9b45f7a7d95367974bf7d2fcb3a344686c4b40e SHA256 3fa8c2a19e0b52fc131f9c99944e54d6cb04f82f312b63cab241fd3278f4ecf3 -EBUILD wireshark-1.0.0_rc1-r1.ebuild 5021 RMD160 e50de3ad64841f382c841797254a7e714e4325eb SHA1 781c860e14e1104233a5f11344b13bb4b502f991 SHA256 ee4e453b16f079eba0c2b9d01d7e7eab6876876efaf5126271be9bad8f23ec6d -EBUILD wireshark-1.0.0_rc1.ebuild 4714 RMD160 9c3f71cc6e773b08291907b5a82c1dc72dfc2047 SHA1 e9c836ca4dec61beb9e94faa17051bccd87d64ff SHA256 3d10165d57b1eac932a2d9e83d320250daf635acef959ba47d724143b038275d -MISC ChangeLog 14667 RMD160 168cdc8634b7f24278e97623d3faa8288eca6103 SHA1 202d84986a242332f082a2b08dc2b75a5e357abd SHA256 881f7ab7e1f3a81509b35337700eaf3ff74f6335426bec7ede9822d2f54eb48c +EBUILD wireshark-1.0.0.ebuild 4989 RMD160 2486559f6530781adda417126f8a8c78ab4cf954 SHA1 a336e31460cee459a98d547f8b00dc599b802c0a SHA256 0133ca455d1753f404071b46ecb6fafb7b84153b30326efe175ac9b2b39ae42e +MISC ChangeLog 15056 RMD160 f6ad256ce9274f5ff05e6f031f92f4fc432fa0d4 SHA1 85ddf0daaaaee17efcba047f1e6c634f9beaf5f7 SHA256 57abc0672b423756f2b029534b60b59eacdd2b2c9ff5be07a0dc98d71498cd8e MISC metadata.xml 1730 RMD160 0c29f85b78106162ac35419f8bc01d1539c3eb6d SHA1 93881ba93a2f1fb8b153887ce7e6a022ce95085f SHA256 d722982a52a578876257954779aa8e14dbf4c0eff0dba0e4b82db551f4a964bd diff --git a/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-setcap-EPERM.patch b/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-setcap-EPERM.patch deleted file mode 100644 index 0dcfda6f178a..000000000000 --- a/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-setcap-EPERM.patch +++ /dev/null @@ -1,31 +0,0 @@ -Author: gerald -Date: Thu Mar 20 19:18:33 2008 UTC (2 days, 16 hours ago) -Log Message: - -Don't call cap_set_proc() unless we were started with elevated privileges. -Otherwise, we might print dumpcap: cap_set_proc() fail return: Operation not -permitted to stderr. - ---- trunk/dumpcap.c 2008/03/20 00:30:47 24703 -+++ trunk/dumpcap.c 2008/03/20 19:18:33 24704 -@@ -508,12 +508,15 @@ - - relinquish_special_privs_perm(); - -- print_caps("Post drop, pre set"); -- cap_set_flag(caps, CAP_EFFECTIVE, cl_len, cap_list, CAP_SET); -- if (cap_set_proc(caps)) { -- cmdarg_err("cap_set_proc() fail return: %s", strerror(errno)); -+ if (started_with_special_privs()) { -+ print_caps("Post drop, pre set"); -+ cap_set_flag(caps, CAP_EFFECTIVE, cl_len, cap_list, CAP_SET); -+ if (cap_set_proc(caps)) { -+ cmdarg_err("cap_set_proc() fail return: %s", strerror(errno)); -+ } -+ print_caps("Post drop, post set"); - } -- print_caps("Post drop, post set"); -+ - cap_free(caps); - } - #endif /* HAVE_LIBCAP */ diff --git a/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-stop-capture.patch b/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-stop-capture.patch deleted file mode 100644 index 905e29512d14..000000000000 --- a/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-stop-capture.patch +++ /dev/null @@ -1,344 +0,0 @@ -Author: wmeier -Date: Sat Mar 22 19:04:26 2008 UTC (16 hours, 26 minutes ago) -Log Message: - -Fix (aka workaround) for bug #2228. Essentially: if using libcap, drop -capabilities after doing pcap_open_live. See comment in main() for details. - ---- trunk/dumpcap.c 2008/03/22 05:50:19 24715 -+++ trunk/dumpcap.c 2008/03/22 19:04:26 24716 -@@ -102,8 +102,8 @@ - */ - #include "wiretap/libpcap.h" - --/*#define DEBUG_DUMPCAP*/ --/*#define DEBUG_CHILD_DUMPCAP*/ -+/**#define DEBUG_DUMPCAP**/ -+/**#define DEBUG_CHILD_DUMPCAP**/ - - #ifdef DEBUG_CHILD_DUMPCAP - FILE *debug_log; /* for logging debug messages to */ -@@ -466,14 +466,20 @@ - /* - * If we were linked with libcap (not libpcap), make sure we have - * CAP_NET_ADMIN and CAP_NET_RAW, then relinquish our permissions. -+ * (See comment in main() for details) - */ - - static void - #if 0 /* Set to enable capability debugging */ -+/* see 'man cap_to_text()' for explanation of output */ -+/* '=' means 'all= ' ie: no capabilities */ -+/* '=ip' means 'all=ip' ie: all capabilities are permissible and inheritable */ -+/* .... */ - print_caps(char *pfx) { - cap_t caps = cap_get_proc(); -- fprintf(stderr, "%s: EUID: %d Capabilities: %s\n", pfx, -- geteuid(), cap_to_text(caps, NULL)); -+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, -+ "%s: EUID: %d Capabilities: %s", pfx, -+ geteuid(), cap_to_text(caps, NULL)); - cap_free(caps); - #else - print_caps(char *pfx _U_) { -@@ -483,16 +489,23 @@ - static void - relinquish_privs_except_capture(void) - { -- /* CAP_NET_ADMIN: Promiscuous mode and a truckload of other -+ /* If 'started_with_special_privs' (ie: suid) then enable for -+ * ourself the NET_ADMIN and NET_RAW capabilities and then -+ * drop our suid privileges. -+ * -+ * CAP_NET_ADMIN: Promiscuous mode and a truckload of other - * stuff we don't need (and shouldn't have). - * CAP_NET_RAW: Packet capture (raw sockets). - */ -- cap_value_t cap_list[2] = { CAP_NET_ADMIN, CAP_NET_RAW }; -- cap_t caps = cap_init(); -- int cl_len = sizeof(cap_list) / sizeof(cap_value_t); - - if (started_with_special_privs()) { -+ cap_value_t cap_list[2] = { CAP_NET_ADMIN, CAP_NET_RAW }; -+ int cl_len = sizeof(cap_list) / sizeof(cap_value_t); -+ -+ cap_t caps = cap_init(); /* all capabilities initialized to off */ -+ - print_caps("Pre drop, pre set"); -+ - if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) { - cmdarg_err("prctl() fail return: %s", strerror(errno)); - } -@@ -504,21 +517,35 @@ - cmdarg_err("cap_set_proc() fail return: %s", strerror(errno)); - } - print_caps("Pre drop, post set"); -- } - -- relinquish_special_privs_perm(); -+ relinquish_special_privs_perm(); - -- if (started_with_special_privs()) { - print_caps("Post drop, pre set"); - cap_set_flag(caps, CAP_EFFECTIVE, cl_len, cap_list, CAP_SET); - if (cap_set_proc(caps)) { - cmdarg_err("cap_set_proc() fail return: %s", strerror(errno)); - } - print_caps("Post drop, post set"); -+ -+ cap_free(caps); - } -+} -+ - -+static void -+relinquish_all_capabilities() -+{ -+ /* Drop any and all capabilities this process may have. */ -+ /* Allowed whether or not process has any privileges. */ -+ cap_t caps = cap_init(); /* all capabilities initialized to off */ -+ print_caps("Pre-clear"); -+ if (cap_set_proc(caps)) { -+ cmdarg_err("cap_set_proc() fail return: %s", strerror(errno)); -+ } -+ print_caps("Post-clear"); - cap_free(caps); - } -+ - #endif /* HAVE_LIBCAP */ - - /* Take care of byte order in the libpcap headers read from pipes. -@@ -1083,8 +1110,15 @@ - open_err_str); - #endif - -+/* If not using libcap: we now can now set euid/egid to ruid/rgid */ -+/* to remove any suid privileges. */ -+/* If using libcap: we can now remove NET_RAW and NET_ADMIN capabilities */ -+/* (euid/egid have already previously been set to ruid/rgid. */ -+/* (See comment in main() for details) */ - #ifndef HAVE_LIBCAP - relinquish_special_privs_perm(); -+#else -+ relinquish_all_capabilities(); - #endif - - if (ld->pcap_h != NULL) { -@@ -2252,13 +2286,13 @@ - /* (eg: during initialization) will be formatted properly. */ - - for (i=1; i<argc; i++) { -- if (strcmp("-Z", argv[i]) == 0) { -- capture_child = TRUE; -+ if (strcmp("-Z", argv[i]) == 0) { -+ capture_child = TRUE; - #ifdef _WIN32 -- /* set output pipe to binary mode, to avoid ugly text conversions */ -- _setmode(2, O_BINARY); -+ /* set output pipe to binary mode, to avoid ugly text conversions */ -+ _setmode(2, O_BINARY); - #endif -- } -+ } - } - - /* The default_log_handler will use stdout, which makes trouble in */ -@@ -2316,8 +2350,85 @@ - sigaction(SIGHUP, &action, NULL); - #endif /* _WIN32 */ - -+ /* ----------------------------------------------------------------- */ -+ /* Privilege and capability handling */ -+ /* Cases: */ -+ /* 1. Running not as root or suid root; no special capabilities. */ -+ /* Action: none */ -+ /* */ -+ /* 2. Running logged in as root (euid=0; ruid=0); Not using libcap. */ -+ /* Action: none */ -+ /* */ -+ /* 3. Running logged in as root (euid=0; ruid=0). Using libcap. */ -+ /* Action: */ -+ /* - Near start of program: Enable NET_RAW and NET_ADMIN */ -+ /* capabilities; Drop all other capabilities; */ -+ /* - If not -w (ie: doing -S or -D, etc) run to completion; */ -+ /* else: after pcap_open_live() in capture_loop_open_input() */ -+ /* drop all capabilities (NET_RAW and NET_ADMIN) */ -+ /* (Note: this means that the process, although logged in */ -+ /* as root, does not have various permissions such as the */ -+ /* ability to bypass file access permissions. */ -+ /* XXX: Should we just leave capabilities alone in this case */ -+ /* so that user gets expected effect that root can do */ -+ /* anything ?? */ -+ /* */ -+ /* 4. Running as suid root (euid=0, ruid=n); Not using libcap. */ -+ /* Action: */ -+ /* - If not -w (ie: doing -S or -D, etc) run to completion; */ -+ /* else: after pcap_open_live() in capture_loop_open_input() */ -+ /* drop same (euid=ruid). (ie: keep suid until after */ -+ /* pcap_open_live */ -+ /* */ -+ /* 5. Running as suid root (euid=0, ruid=n); Using libcap. */ -+ /* Action: */ -+ /* - Near start of program: Enable NET_RAW and NET_ADMIN */ -+ /* capabilities; Drop all other capabilities; */ -+ /* Drop suid privileges (euid=ruid). */ -+ /* - If not -w (ie: doing -S or -D, etc) run to completion; */ -+ /* else: after pcap_open_live() in capture_loop_open_input() */ -+ /* drop all capabilities (NET_RAW and NET_ADMIN) */ -+ /* */ -+ /* XXX: For some Linux versions/distros with capabilities */ -+ /* a 'normal' process with any capabilities cannot be */ -+ /* 'killed' (signaled) from another (same uid) non-privileged */ -+ /* process. */ -+ /* For example: If (non-suid) Wireshark forks a */ -+ /* child suid dumpcap which acts as described here (case 5), */ -+ /* Wireshark will be unable to kill (signal) the child */ -+ /* dumpcap process until the capabilities have been dropped */ -+ /* (after pcap_open_live()). */ -+ /* This behaviour will apparently be changed in the kernel */ -+ /* to allow the kill (signal) in this case. */ -+ /* See the following for details: */ -+ /* http://www.mail-archive.com/ [wrapped] */ -+ /* linux-security-module@vger.kernel.org/msg02913.html */ -+ /* */ -+ /* It is therefore conceivable that if dumpcap somehow hangs */ -+ /* in pcap_open_live or before that wireshark will not */ -+ /* be able to stop dumpcap using a signal (USR1, TERM, etc). */ -+ /* In this case, exiting wireshark will kill the child */ -+ /* dumpcap process. */ -+ /* */ -+ /* 6. Not root or suid root; Running with NET_RAW & NET_ADMIN */ -+ /* capabilities; Using libcap. Note: capset cmd (which see) */ -+ /* used to assign capabilities to file. */ -+ /* Action: */ -+ /* - If not -w (ie: doing -S or -D, etc) run to completion; */ -+ /* else: after pcap_open_live() in capture_loop_open_input() */ -+ /* drop all capabilities (NET_RAW and NET_ADMIN) */ -+ /* */ -+ /* ToDo: -S (stats) should drop privileges/capabilities when no */ -+ /* onger required (similar to capture). */ -+ /* */ -+ /* ----------------------------------------------------------------- */ -+ - get_credential_info(); -+ - #ifdef HAVE_LIBCAP -+ /* If 'started with special privileges' (and using libcap) */ -+ /* Set to keep only NET_RAW and NET_ADMIN capabilities; */ -+ /* Set euid/egid = ruid/rgid to remove suid privileges */ - relinquish_privs_except_capture(); - #endif - -@@ -2380,34 +2491,33 @@ - #endif /* _WIN32 */ - status = capture_opts_add_opt(capture_opts, opt, optarg, &start_capture); - if(status != 0) { -- exit_main(status); -+ exit_main(status); - } - break; - /*** hidden option: Wireshark child mode (using binary output messages) ***/ - case 'Z': -- capture_child = TRUE; -+ capture_child = TRUE; - #ifdef _WIN32 -- /* set output pipe to binary mode, to avoid ugly text conversions */ -- _setmode(2, O_BINARY); -- /* -- * optarg = the control ID, aka the PPID, currently used for the -- * signal pipe name. -- */ -- if (strcmp(optarg, SIGNAL_PIPE_CTRL_ID_NONE) != 0) { -- sig_pipe_name = g_strdup_printf(SIGNAL_PIPE_FORMAT, -- optarg); -- sig_pipe_handle = CreateFile(utf_8to16(sig_pipe_name), -- GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL); -- -- if (sig_pipe_handle == INVALID_HANDLE_VALUE) { -- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, -- "Signal pipe: Unable to open %s. Dead parent?", -- sig_pipe_name); -- exit_main(1); -- } -+ /* set output pipe to binary mode, to avoid ugly text conversions */ -+ _setmode(2, O_BINARY); -+ /* -+ * optarg = the control ID, aka the PPID, currently used for the -+ * signal pipe name. -+ */ -+ if (strcmp(optarg, SIGNAL_PIPE_CTRL_ID_NONE) != 0) { -+ sig_pipe_name = g_strdup_printf(SIGNAL_PIPE_FORMAT, optarg); -+ sig_pipe_handle = CreateFile(utf_8to16(sig_pipe_name), -+ GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL); -+ -+ if (sig_pipe_handle == INVALID_HANDLE_VALUE) { -+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, -+ "Signal pipe: Unable to open %s. Dead parent?", -+ sig_pipe_name); -+ exit_main(1); - } -+ } - #endif -- break; -+ break; - - /*** all non capture option specific ***/ - case 'D': /* Print a list of capture devices and exit */ -@@ -2435,8 +2545,8 @@ - argc -= optind; - argv += optind; - if (argc >= 1) { -- /* user specified file name as regular command-line argument */ -- /* XXX - use it as the capture file name (or something else)? */ -+ /* user specified file name as regular command-line argument */ -+ /* XXX - use it as the capture file name (or something else)? */ - argc--; - argv++; - } -@@ -2487,7 +2597,7 @@ - } - - if (capture_opts_trim_iface(capture_opts, NULL) == FALSE) { -- cmdarg_err("No capture interfaces available (maybe lack of privileges?)."); -+ /* cmdarg_err() already called .... */ - exit_main(1); - } - -@@ -2512,11 +2622,11 @@ - /* Now start the capture. */ - - if(capture_loop_start(capture_opts, &stats_known, &stats) == TRUE) { -- /* capture ok */ -- exit_main(0); -+ /* capture ok */ -+ exit_main(0); - } else { -- /* capture failed */ -- exit_main(1); -+ /* capture failed */ -+ exit_main(1); - } - } - -@@ -2582,15 +2692,15 @@ - #if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP) - if( !(log_level & G_LOG_LEVEL_MASK & ~(G_LOG_LEVEL_DEBUG|G_LOG_LEVEL_INFO))) { - #ifdef DEBUG_DUMPCAP -- fprintf(stderr, "%s", msg); -- fflush(stderr); -+ fprintf(stderr, "%s", msg); -+ fflush(stderr); - #endif - #ifdef DEBUG_CHILD_DUMPCAP -- fprintf(debug_log, "%s", msg); -- fflush(debug_log); -+ fprintf(debug_log, "%s", msg); -+ fflush(debug_log); - #endif -- g_free(msg); -- return; -+ g_free(msg); -+ return; - } - #endif - diff --git a/net-analyzer/wireshark/wireshark-1.0.0_rc1-r1.ebuild b/net-analyzer/wireshark/wireshark-1.0.0.ebuild index bc29c9a864e8..4b448c779b02 100644 --- a/net-analyzer/wireshark/wireshark-1.0.0_rc1-r1.ebuild +++ b/net-analyzer/wireshark/wireshark-1.0.0.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.0.0_rc1-r1.ebuild,v 1.1 2008/03/23 14:06:28 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.0.0.ebuild,v 1.1 2008/04/01 19:51:40 pva Exp $ EAPI=1 WANT_AUTOMAKE="1.9" @@ -61,8 +61,6 @@ src_unpack() { cd "${S}" epatch "${FILESDIR}"/${PN}-0.99.7-asneeded.patch epatch "${FILESDIR}"/${PN}-0.99.8-as-needed.patch - epatch "${FILESDIR}"/${PN}-1.0.0_rc1-fix-setcap-EPERM.patch - epatch "${FILESDIR}"/${PN}-1.0.0_rc1-fix-stop-capture.patch cd "${S}"/epan epatch "${FILESDIR}"/wireshark-except-double-free.diff @@ -137,7 +135,8 @@ src_install() { insinto /usr/include/wiretap doins wiretap/wtap.h - dodoc AUTHORS ChangeLog NEWS README* + # FAQ is not required as is installed from help/faq.txt + dodoc AUTHORS ChangeLog NEWS README{,bsd,linux,macos,vmware} doc/randpkt.txt if use gtk ; then insinto /usr/share/icons/hicolor/16x16/apps diff --git a/net-analyzer/wireshark/wireshark-1.0.0_rc1.ebuild b/net-analyzer/wireshark/wireshark-1.0.0_rc1.ebuild deleted file mode 100644 index 71eaeadd7285..000000000000 --- a/net-analyzer/wireshark/wireshark-1.0.0_rc1.ebuild +++ /dev/null @@ -1,162 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.0.0_rc1.ebuild,v 1.1 2008/03/19 20:28:44 pva Exp $ - -EAPI=1 -WANT_AUTOMAKE="1.9" -inherit autotools libtool flag-o-matic eutils toolchain-funcs - -DESCRIPTION="A network protocol analyzer formerly known as ethereal" -HOMEPAGE="http://www.wireshark.org/" - -# _rc versions has different download location. -[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && { -SRC_URI="http://www.wireshark.org/download/prerelease/${PN}-${PV/_rc/pre}.tar.gz"; -S=${WORKDIR}/${PN}-${PV/_rc/pre} ; } || \ -SRC_URI="http://www.wireshark.org/download/src/all-versions/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" -IUSE="adns gtk ipv6 lua portaudio gnutls gcrypt zlib kerberos threads profile smi +pcap pcre +caps selinux" - -RDEPEND="zlib? ( sys-libs/zlib ) - smi? ( net-libs/libsmi ) - gtk? ( >=dev-libs/glib-2.0.4 - =x11-libs/gtk+-2* - x11-libs/pango - dev-libs/atk ) - !gtk? ( =dev-libs/glib-1.2* ) - gnutls? ( net-libs/gnutls ) - gcrypt? ( dev-libs/libgcrypt ) - pcap? ( net-libs/libpcap ) - pcre? ( dev-libs/libpcre ) - caps? ( sys-libs/libcap ) - adns? ( net-libs/adns ) - kerberos? ( virtual/krb5 ) - portaudio? ( media-libs/portaudio ) - lua? ( >=dev-lang/lua-5.1 ) - selinux? ( sec-policy/selinux-wireshark )" - -DEPEND="${RDEPEND} - >=dev-util/pkgconfig-0.15.0 - dev-lang/perl - sys-devel/bison - sys-devel/flex - sys-apps/sed" - -pkg_setup() { - if ! use gtk; then - ewarn "USE=-gtk will mean no gui called wireshark will be created and" - ewarn "only command line utils are available" - fi - - # Add group for users allowed to sniff. - enewgroup wireshark || die "Failed to create wireshark group" -} - -src_unpack() { - unpack ${A} - - cd "${S}" - epatch "${FILESDIR}"/${PN}-0.99.7-asneeded.patch - epatch "${FILESDIR}"/${PN}-0.99.8-as-needed.patch - - cd "${S}"/epan - epatch "${FILESDIR}"/wireshark-except-double-free.diff - - cd "${S}" - AT_M4DIR="${S}/aclocal-fallback" - eautoreconf -} - -src_compile() { - # optimization bug, see bug #165340, bug #40660 - if [[ $(gcc-version) == 3.4 ]] ; then - elog "Found gcc 3.4, forcing -O3 into CFLAGS" - replace-flags -O? -O3 - elif [[ $(gcc-version) == 3.3 || $(gcc-version) == 3.2 ]] ; then - elog "Found <=gcc-3.3, forcing -O into CFLAGS" - replace-flags -O? -O - fi - - # see bug #133092; bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001 - # our hardened toolchain bug - filter-flags -fstack-protector - - local myconf - if use gtk; then - einfo "Building with gtk support" - else - einfo "Building without gtk support" - myconf="${myconf} --disable-wireshark" - fi - - # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass - # --with-ssl to ./configure. (Mimics code from acinclude.m4). - if use kerberos; then - case `krb5-config --libs` in - *-lcrypto*) myconf="${myconf} --with-ssl" ;; - esac - fi - - # dumpcap requires libcap, setuid-install requires dumpcap - econf $(use_enable gtk gtk2) \ - $(use_enable profile profile-build) \ - $(use_with gnutls) \ - $(use_with gcrypt) \ - $(use_enable gtk wireshark) \ - $(use_enable ipv6) \ - $(use_enable threads) \ - $(use_with lua) \ - $(use_with adns) \ - $(use_with kerberos krb5) \ - $(use_with smi libsmi) \ - $(use_with pcap) \ - $(use_with zlib) \ - $(use_with pcre) \ - $(use_with portaudio) \ - $(use_with caps libcap) \ - $(use_enable pcap setuid-install) \ - --sysconfdir=/etc/wireshark \ - ${myconf} || die "econf failed" - - emake || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - - fowners 0:wireshark /usr/bin/tshark - fperms 6550 /usr/bin/tshark - use pcap && fowners 0:wireshark /usr/bin/dumpcap - use pcap && fperms 6550 /usr/bin/dumpcap - - insinto /usr/include/wiretap - doins wiretap/wtap.h - - dodoc AUTHORS ChangeLog NEWS README* - - if use gtk ; then - insinto /usr/share/icons/hicolor/16x16/apps - newins image/hi16-app-wireshark.png wireshark.png - insinto /usr/share/icons/hicolor/32x32/apps - newins image/hi32-app-wireshark.png wireshark.png - insinto /usr/share/icons/hicolor/48x48/apps - newins image/hi48-app-wireshark.png wireshark.png - insinto /usr/share/applications - doins wireshark.desktop - fi -} - -pkg_postinst() { - echo - ewarn "With version 0.99.7, all function calls that require elevated privileges" - ewarn "have been moved out of the GUI to dumpcap. WIRESHARK CONTAINS OVER ONE" - ewarn "POINT FIVE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT." - ewarn - ewarn "NOTE: To run wireshark as normal user you have to add yourself into" - ewarn "wireshark group. This security measure ensures that only trusted" - ewarn "users allowed to sniff your traffic." - echo -} |