diff options
| author |   Peter Volkov <pva@gentoo.org> | 2008-04-01 19:51:41 +0000 |
|---|---|---|
| committer | Peter Volkov <pva@gentoo.org> | 2008-04-01 19:51:41 +0000 |
| commit | c71b7a9190658394339dceee716feba960d9ff59 (patch) | |
| tree | 1efc311cfbb7212089e6bb026927170e1bf00176 /net-analyzer | |
| parent | stable x86, bug 215125 (diff) | |
| download | gentoo-2-c71b7a9190658394339dceee716feba960d9ff59.tar.gz gentoo-2-c71b7a9190658394339dceee716feba960d9ff59.tar.bz2 gentoo-2-c71b7a9190658394339dceee716feba960d9ff59.zip | |
Version bump, as usual security fixes, bug #215276, thank Robert Buchholz and Christian Faulhammer for report.
(Portage version: 2.1.4.4)
Diffstat (limited to 'net-analyzer')
| -rw-r--r-- | net-analyzer/wireshark/ChangeLog | 12 | ||||
| -rw-r--r-- | net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-setcap-EPERM.patch | 31 | ||||
| -rw-r--r-- | net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-stop-capture.patch | 344 | ||||
| -rw-r--r-- | net-analyzer/wireshark/wireshark-1.0.0.ebuild (renamed from net-analyzer/wireshark/wireshark-1.0.0_rc1-r1.ebuild) | 7 | ||||
| -rw-r--r-- | net-analyzer/wireshark/wireshark-1.0.0_rc1.ebuild | 162 |
5 files changed, 14 insertions, 542 deletions
diff --git a/net-analyzer/wireshark/ChangeLog b/net-analyzer/wireshark/ChangeLog index 801804f6edf0..6e3c7c8673e3 100644 --- a/net-analyzer/wireshark/ChangeLog +++ b/net-analyzer/wireshark/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for net-analyzer/wireshark # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.91 2008/03/23 14:06:28 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.92 2008/04/01 19:51:40 pva Exp $ + +*wireshark-1.0.0 (01 Apr 2008) + + 01 Apr 2008; Peter Volkov <pva@gentoo.org> + -files/wireshark-1.0.0_rc1-fix-setcap-EPERM.patch, + -files/wireshark-1.0.0_rc1-fix-stop-capture.patch, + -wireshark-1.0.0_rc1.ebuild, -wireshark-1.0.0_rc1-r1.ebuild, + +wireshark-1.0.0.ebuild: + Version bump, as usual security fixes, bug #215276, thank Robert Buchholz + and Christian Faulhammer for report. *wireshark-1.0.0_rc1-r1 (23 Mar 2008) diff --git a/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-setcap-EPERM.patch b/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-setcap-EPERM.patch deleted file mode 100644 index 0dcfda6f178a..000000000000 --- a/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-setcap-EPERM.patch +++ /dev/null @@ -1,31 +0,0 @@ -Author: gerald -Date: Thu Mar 20 19:18:33 2008 UTC (2 days, 16 hours ago) -Log Message: - -Don't call cap_set_proc() unless we were started with elevated privileges. -Otherwise, we might print dumpcap: cap_set_proc() fail return: Operation not -permitted to stderr. - ---- trunk/dumpcap.c 2008/03/20 00:30:47 24703 -+++ trunk/dumpcap.c 2008/03/20 19:18:33 24704 -@@ -508,12 +508,15 @@ - - relinquish_special_privs_perm(); - -- print_caps("Post drop, pre set"); -- cap_set_flag(caps, CAP_EFFECTIVE, cl_len, cap_list, CAP_SET); -- if (cap_set_proc(caps)) { -- cmdarg_err("cap_set_proc() fail return: %s", strerror(errno)); -+ if (started_with_special_privs()) { -+ print_caps("Post drop, pre set"); -+ cap_set_flag(caps, CAP_EFFECTIVE, cl_len, cap_list, CAP_SET); -+ if (cap_set_proc(caps)) { -+ cmdarg_err("cap_set_proc() fail return: %s", strerror(errno)); -+ } -+ print_caps("Post drop, post set"); - } -- print_caps("Post drop, post set"); -+ - cap_free(caps); - } - #endif /* HAVE_LIBCAP */ diff --git a/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-stop-capture.patch b/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-stop-capture.patch deleted file mode 100644 index 905e29512d14..000000000000 --- a/net-analyzer/wireshark/files/wireshark-1.0.0_rc1-fix-stop-capture.patch +++ /dev/null @@ -1,344 +0,0 @@ -Author: wmeier -Date: Sat Mar 22 19:04:26 2008 UTC (16 hours, 26 minutes ago) -Log Message: - -Fix (aka workaround) for bug #2228. Essentially: if using libcap, drop -capabilities after doing pcap_open_live. See comment in main() for details. - ---- trunk/dumpcap.c 2008/03/22 05:50:19 24715 -+++ trunk/dumpcap.c 2008/03/22 19:04:26 24716 -@@ -102,8 +102,8 @@ - */ - #include "wiretap/libpcap.h" - --/*#define DEBUG_DUMPCAP*/ --/*#define DEBUG_CHILD_DUMPCAP*/ -+/**#define DEBUG_DUMPCAP**/ -+/**#define DEBUG_CHILD_DUMPCAP**/ - - #ifdef DEBUG_CHILD_DUMPCAP - FILE *debug_log; /* for logging debug messages to */ -@@ -466,14 +466,20 @@ - /* - * If we were linked with libcap (not libpcap), make sure we have - * CAP_NET_ADMIN and CAP_NET_RAW, then relinquish our permissions. -+ * (See comment in main() for details) - */ - - static void - #if 0 /* Set to enable capability debugging */ -+/* see 'man cap_to_text()' for explanation of output */ -+/* '=' means 'all= ' ie: no capabilities */ -+/* '=ip' means 'all=ip' ie: all capabilities are permissible and inheritable */ -+/* .... */ - print_caps(char *pfx) { - cap_t caps = cap_get_proc(); -- fprintf(stderr, "%s: EUID: %d Capabilities: %s\n", pfx, -- geteuid(), cap_to_text(caps, NULL)); -+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_DEBUG, -+ "%s: EUID: %d Capabilities: %s", pfx, -+ geteuid(), cap_to_text(caps, NULL)); - cap_free(caps); - #else - print_caps(char *pfx _U_) { -@@ -483,16 +489,23 @@ - static void - relinquish_privs_except_capture(void) - { -- /* CAP_NET_ADMIN: Promiscuous mode and a truckload of other -+ /* If 'started_with_special_privs' (ie: suid) then enable for -+ * ourself the NET_ADMIN and NET_RAW capabilities and then -+ * drop our suid privileges. -+ * -+ * CAP_NET_ADMIN: Promiscuous mode and a truckload of other - * stuff we don't need (and shouldn't have). - * CAP_NET_RAW: Packet capture (raw sockets). - */ -- cap_value_t cap_list[2] = { CAP_NET_ADMIN, CAP_NET_RAW }; -- cap_t caps = cap_init(); -- int cl_len = sizeof(cap_list) / sizeof(cap_value_t); - - if (started_with_special_privs()) { -+ cap_value_t cap_list[2] = { CAP_NET_ADMIN, CAP_NET_RAW }; -+ int cl_len = sizeof(cap_list) / sizeof(cap_value_t); -+ -+ cap_t caps = cap_init(); /* all capabilities initialized to off */ -+ - print_caps("Pre drop, pre set"); -+ - if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) { - cmdarg_err("prctl() fail return: %s", strerror(errno)); - } -@@ -504,21 +517,35 @@ - cmdarg_err("cap_set_proc() fail return: %s", strerror(errno)); - } - print_caps("Pre drop, post set"); -- } - -- relinquish_special_privs_perm(); -+ relinquish_special_privs_perm(); - -- if (started_with_special_privs()) { - print_caps("Post drop, pre set"); - cap_set_flag(caps, CAP_EFFECTIVE, cl_len, cap_list, CAP_SET); - if (cap_set_proc(caps)) { - cmdarg_err("cap_set_proc() fail return: %s", strerror(errno)); - } - print_caps("Post drop, post set"); -+ -+ cap_free(caps); - } -+} -+ - -+static void -+relinquish_all_capabilities() -+{ -+ /* Drop any and all capabilities this process may have. */ -+ /* Allowed whether or not process has any privileges. */ -+ cap_t caps = cap_init(); /* all capabilities initialized to off */ -+ print_caps("Pre-clear"); -+ if (cap_set_proc(caps)) { -+ cmdarg_err("cap_set_proc() fail return: %s", strerror(errno)); -+ } -+ print_caps("Post-clear"); - cap_free(caps); - } -+ - #endif /* HAVE_LIBCAP */ - - /* Take care of byte order in the libpcap headers read from pipes. -@@ -1083,8 +1110,15 @@ - open_err_str); - #endif - -+/* If not using libcap: we now can now set euid/egid to ruid/rgid */ -+/* to remove any suid privileges. */ -+/* If using libcap: we can now remove NET_RAW and NET_ADMIN capabilities */ -+/* (euid/egid have already previously been set to ruid/rgid. */ -+/* (See comment in main() for details) */ - #ifndef HAVE_LIBCAP - relinquish_special_privs_perm(); -+#else -+ relinquish_all_capabilities(); - #endif - - if (ld->pcap_h != NULL) { -@@ -2252,13 +2286,13 @@ - /* (eg: during initialization) will be formatted properly. */ - - for (i=1; i<argc; i++) { -- if (strcmp("-Z", argv[i]) == 0) { -- capture_child = TRUE; -+ if (strcmp("-Z", argv[i]) == 0) { -+ capture_child = TRUE; - #ifdef _WIN32 -- /* set output pipe to binary mode, to avoid ugly text conversions */ -- _setmode(2, O_BINARY); -+ /* set output pipe to binary mode, to avoid ugly text conversions */ -+ _setmode(2, O_BINARY); - #endif -- } -+ } - } - - /* The default_log_handler will use stdout, which makes trouble in */ -@@ -2316,8 +2350,85 @@ - sigaction(SIGHUP, &action, NULL); - #endif /* _WIN32 */ - -+ /* ----------------------------------------------------------------- */ -+ /* Privilege and capability handling */ -+ /* Cases: */ -+ /* 1. Running not as root or suid root; no special capabilities. */ -+ /* Action: none */ -+ /* */ -+ /* 2. Running logged in as root (euid=0; ruid=0); Not using libcap. */ -+ /* Action: none */ -+ /* */ -+ /* 3. Running logged in as root (euid=0; ruid=0). Using libcap. */ -+ /* Action: */ -+ /* - Near start of program: Enable NET_RAW and NET_ADMIN */ -+ /* capabilities; Drop all other capabilities; */ -+ /* - If not -w (ie: doing -S or -D, etc) run to completion; */ -+ /* else: after pcap_open_live() in capture_loop_open_input() */ -+ /* drop all capabilities (NET_RAW and NET_ADMIN) */ -+ /* (Note: this means that the process, although logged in */ -+ /* as root, does not have various permissions such as the */ -+ /* ability to bypass file access permissions. */ -+ /* XXX: Should we just leave capabilities alone in this case */ -+ /* so that user gets expected effect that root can do */ -+ /* anything ?? */ -+ /* */ -+ /* 4. Running as suid root (euid=0, ruid=n); Not using libcap. */ -+ /* Action: */ -+ /* - If not -w (ie: doing -S or -D, etc) run to completion; */ -+ /* else: after pcap_open_live() in capture_loop_open_input() */ -+ /* drop same (euid=ruid). (ie: keep suid until after */ -+ /* pcap_open_live */ -+ /* */ -+ /* 5. Running as suid root (euid=0, ruid=n); Using libcap. */ -+ /* Action: */ -+ /* - Near start of program: Enable NET_RAW and NET_ADMIN */ -+ /* capabilities; Drop all other capabilities; */ -+ /* Drop suid privileges (euid=ruid). */ -+ /* - If not -w (ie: doing -S or -D, etc) run to completion; */ -+ /* else: after pcap_open_live() in capture_loop_open_input() */ -+ /* drop all capabilities (NET_RAW and NET_ADMIN) */ -+ /* */ -+ /* XXX: For some Linux versions/distros with capabilities */ -+ /* a 'normal' process with any capabilities cannot be */ -+ /* 'killed' (signaled) from another (same uid) non-privileged */ -+ /* process. */ -+ /* For example: If (non-suid) Wireshark forks a */ -+ /* child suid dumpcap which acts as described here (case 5), */ -+ /* Wireshark will be unable to kill (signal) the child */ -+ /* dumpcap process until the capabilities have been dropped */ -+ /* (after pcap_open_live()). */ -+ /* This behaviour will apparently be changed in the kernel */ -+ /* to allow the kill (signal) in this case. */ -+ /* See the following for details: */ -+ /* http://www.mail-archive.com/ [wrapped] */ -+ /* linux-security-module@vger.kernel.org/msg02913.html */ -+ /* */ -+ /* It is therefore conceivable that if dumpcap somehow hangs */ -+ /* in pcap_open_live or before that wireshark will not */ -+ /* be able to stop dumpcap using a signal (USR1, TERM, etc). */ -+ /* In this case, exiting wireshark will kill the child */ -+ /* dumpcap process. */ -+ /* */ -+ /* 6. Not root or suid root; Running with NET_RAW & NET_ADMIN */ -+ /* capabilities; Using libcap. Note: capset cmd (which see) */ -+ /* used to assign capabilities to file. */ -+ /* Action: */ -+ /* - If not -w (ie: doing -S or -D, etc) run to completion; */ -+ /* else: after pcap_open_live() in capture_loop_open_input() */ -+ /* drop all capabilities (NET_RAW and NET_ADMIN) */ -+ /* */ -+ /* ToDo: -S (stats) should drop privileges/capabilities when no */ -+ /* onger required (similar to capture). */ -+ /* */ -+ /* ----------------------------------------------------------------- */ -+ - get_credential_info(); -+ - #ifdef HAVE_LIBCAP -+ /* If 'started with special privileges' (and using libcap) */ -+ /* Set to keep only NET_RAW and NET_ADMIN capabilities; */ -+ /* Set euid/egid = ruid/rgid to remove suid privileges */ - relinquish_privs_except_capture(); - #endif - -@@ -2380,34 +2491,33 @@ - #endif /* _WIN32 */ - status = capture_opts_add_opt(capture_opts, opt, optarg, &start_capture); - if(status != 0) { -- exit_main(status); -+ exit_main(status); - } - break; - /*** hidden option: Wireshark child mode (using binary output messages) ***/ - case 'Z': -- capture_child = TRUE; -+ capture_child = TRUE; - #ifdef _WIN32 -- /* set output pipe to binary mode, to avoid ugly text conversions */ -- _setmode(2, O_BINARY); -- /* -- * optarg = the control ID, aka the PPID, currently used for the -- * signal pipe name. -- */ -- if (strcmp(optarg, SIGNAL_PIPE_CTRL_ID_NONE) != 0) { -- sig_pipe_name = g_strdup_printf(SIGNAL_PIPE_FORMAT, -- optarg); -- sig_pipe_handle = CreateFile(utf_8to16(sig_pipe_name), -- GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL); -- -- if (sig_pipe_handle == INVALID_HANDLE_VALUE) { -- g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, -- "Signal pipe: Unable to open %s. Dead parent?", -- sig_pipe_name); -- exit_main(1); -- } -+ /* set output pipe to binary mode, to avoid ugly text conversions */ -+ _setmode(2, O_BINARY); -+ /* -+ * optarg = the control ID, aka the PPID, currently used for the -+ * signal pipe name. -+ */ -+ if (strcmp(optarg, SIGNAL_PIPE_CTRL_ID_NONE) != 0) { -+ sig_pipe_name = g_strdup_printf(SIGNAL_PIPE_FORMAT, optarg); -+ sig_pipe_handle = CreateFile(utf_8to16(sig_pipe_name), -+ GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL); -+ -+ if (sig_pipe_handle == INVALID_HANDLE_VALUE) { -+ g_log(LOG_DOMAIN_CAPTURE_CHILD, G_LOG_LEVEL_INFO, -+ "Signal pipe: Unable to open %s. Dead parent?", -+ sig_pipe_name); -+ exit_main(1); - } -+ } - #endif -- break; -+ break; - - /*** all non capture option specific ***/ - case 'D': /* Print a list of capture devices and exit */ -@@ -2435,8 +2545,8 @@ - argc -= optind; - argv += optind; - if (argc >= 1) { -- /* user specified file name as regular command-line argument */ -- /* XXX - use it as the capture file name (or something else)? */ -+ /* user specified file name as regular command-line argument */ -+ /* XXX - use it as the capture file name (or something else)? */ - argc--; - argv++; - } -@@ -2487,7 +2597,7 @@ - } - - if (capture_opts_trim_iface(capture_opts, NULL) == FALSE) { -- cmdarg_err("No capture interfaces available (maybe lack of privileges?)."); -+ /* cmdarg_err() already called .... */ - exit_main(1); - } - -@@ -2512,11 +2622,11 @@ - /* Now start the capture. */ - - if(capture_loop_start(capture_opts, &stats_known, &stats) == TRUE) { -- /* capture ok */ -- exit_main(0); -+ /* capture ok */ -+ exit_main(0); - } else { -- /* capture failed */ -- exit_main(1); -+ /* capture failed */ -+ exit_main(1); - } - } - -@@ -2582,15 +2692,15 @@ - #if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP) - if( !(log_level & G_LOG_LEVEL_MASK & ~(G_LOG_LEVEL_DEBUG|G_LOG_LEVEL_INFO))) { - #ifdef DEBUG_DUMPCAP -- fprintf(stderr, "%s", msg); -- fflush(stderr); -+ fprintf(stderr, "%s", msg); -+ fflush(stderr); - #endif - #ifdef DEBUG_CHILD_DUMPCAP -- fprintf(debug_log, "%s", msg); -- fflush(debug_log); -+ fprintf(debug_log, "%s", msg); -+ fflush(debug_log); - #endif -- g_free(msg); -- return; -+ g_free(msg); -+ return; - } - #endif - diff --git a/net-analyzer/wireshark/wireshark-1.0.0_rc1-r1.ebuild b/net-analyzer/wireshark/wireshark-1.0.0.ebuild index bc29c9a864e8..4b448c779b02 100644 --- a/net-analyzer/wireshark/wireshark-1.0.0_rc1-r1.ebuild +++ b/net-analyzer/wireshark/wireshark-1.0.0.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.0.0_rc1-r1.ebuild,v 1.1 2008/03/23 14:06:28 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.0.0.ebuild,v 1.1 2008/04/01 19:51:40 pva Exp $ EAPI=1 WANT_AUTOMAKE="1.9" @@ -61,8 +61,6 @@ src_unpack() { cd "${S}" epatch "${FILESDIR}"/${PN}-0.99.7-asneeded.patch epatch "${FILESDIR}"/${PN}-0.99.8-as-needed.patch - epatch "${FILESDIR}"/${PN}-1.0.0_rc1-fix-setcap-EPERM.patch - epatch "${FILESDIR}"/${PN}-1.0.0_rc1-fix-stop-capture.patch cd "${S}"/epan epatch "${FILESDIR}"/wireshark-except-double-free.diff @@ -137,7 +135,8 @@ src_install() { insinto /usr/include/wiretap doins wiretap/wtap.h - dodoc AUTHORS ChangeLog NEWS README* + # FAQ is not required as is installed from help/faq.txt + dodoc AUTHORS ChangeLog NEWS README{,bsd,linux,macos,vmware} doc/randpkt.txt if use gtk ; then insinto /usr/share/icons/hicolor/16x16/apps diff --git a/net-analyzer/wireshark/wireshark-1.0.0_rc1.ebuild b/net-analyzer/wireshark/wireshark-1.0.0_rc1.ebuild deleted file mode 100644 index 71eaeadd7285..000000000000 --- a/net-analyzer/wireshark/wireshark-1.0.0_rc1.ebuild +++ /dev/null @@ -1,162 +0,0 @@ -# Copyright 1999-2008 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-1.0.0_rc1.ebuild,v 1.1 2008/03/19 20:28:44 pva Exp $ - -EAPI=1 -WANT_AUTOMAKE="1.9" -inherit autotools libtool flag-o-matic eutils toolchain-funcs - -DESCRIPTION="A network protocol analyzer formerly known as ethereal" -HOMEPAGE="http://www.wireshark.org/" - -# _rc versions has different download location. -[[ -n ${PV#*_rc} && ${PV#*_rc} != ${PV} ]] && { -SRC_URI="http://www.wireshark.org/download/prerelease/${PN}-${PV/_rc/pre}.tar.gz"; -S=${WORKDIR}/${PN}-${PV/_rc/pre} ; } || \ -SRC_URI="http://www.wireshark.org/download/src/all-versions/${P}.tar.bz2" - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" -IUSE="adns gtk ipv6 lua portaudio gnutls gcrypt zlib kerberos threads profile smi +pcap pcre +caps selinux" - -RDEPEND="zlib? ( sys-libs/zlib ) - smi? ( net-libs/libsmi ) - gtk? ( >=dev-libs/glib-2.0.4 - =x11-libs/gtk+-2* - x11-libs/pango - dev-libs/atk ) - !gtk? ( =dev-libs/glib-1.2* ) - gnutls? ( net-libs/gnutls ) - gcrypt? ( dev-libs/libgcrypt ) - pcap? ( net-libs/libpcap ) - pcre? ( dev-libs/libpcre ) - caps? ( sys-libs/libcap ) - adns? ( net-libs/adns ) - kerberos? ( virtual/krb5 ) - portaudio? ( media-libs/portaudio ) - lua? ( >=dev-lang/lua-5.1 ) - selinux? ( sec-policy/selinux-wireshark )" - -DEPEND="${RDEPEND} - >=dev-util/pkgconfig-0.15.0 - dev-lang/perl - sys-devel/bison - sys-devel/flex - sys-apps/sed" - -pkg_setup() { - if ! use gtk; then - ewarn "USE=-gtk will mean no gui called wireshark will be created and" - ewarn "only command line utils are available" - fi - - # Add group for users allowed to sniff. - enewgroup wireshark || die "Failed to create wireshark group" -} - -src_unpack() { - unpack ${A} - - cd "${S}" - epatch "${FILESDIR}"/${PN}-0.99.7-asneeded.patch - epatch "${FILESDIR}"/${PN}-0.99.8-as-needed.patch - - cd "${S}"/epan - epatch "${FILESDIR}"/wireshark-except-double-free.diff - - cd "${S}" - AT_M4DIR="${S}/aclocal-fallback" - eautoreconf -} - -src_compile() { - # optimization bug, see bug #165340, bug #40660 - if [[ $(gcc-version) == 3.4 ]] ; then - elog "Found gcc 3.4, forcing -O3 into CFLAGS" - replace-flags -O? -O3 - elif [[ $(gcc-version) == 3.3 || $(gcc-version) == 3.2 ]] ; then - elog "Found <=gcc-3.3, forcing -O into CFLAGS" - replace-flags -O? -O - fi - - # see bug #133092; bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001 - # our hardened toolchain bug - filter-flags -fstack-protector - - local myconf - if use gtk; then - einfo "Building with gtk support" - else - einfo "Building without gtk support" - myconf="${myconf} --disable-wireshark" - fi - - # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass - # --with-ssl to ./configure. (Mimics code from acinclude.m4). - if use kerberos; then - case `krb5-config --libs` in - *-lcrypto*) myconf="${myconf} --with-ssl" ;; - esac - fi - - # dumpcap requires libcap, setuid-install requires dumpcap - econf $(use_enable gtk gtk2) \ - $(use_enable profile profile-build) \ - $(use_with gnutls) \ - $(use_with gcrypt) \ - $(use_enable gtk wireshark) \ - $(use_enable ipv6) \ - $(use_enable threads) \ - $(use_with lua) \ - $(use_with adns) \ - $(use_with kerberos krb5) \ - $(use_with smi libsmi) \ - $(use_with pcap) \ - $(use_with zlib) \ - $(use_with pcre) \ - $(use_with portaudio) \ - $(use_with caps libcap) \ - $(use_enable pcap setuid-install) \ - --sysconfdir=/etc/wireshark \ - ${myconf} || die "econf failed" - - emake || die "emake failed" -} - -src_install() { - emake DESTDIR="${D}" install || die "emake install failed" - - fowners 0:wireshark /usr/bin/tshark - fperms 6550 /usr/bin/tshark - use pcap && fowners 0:wireshark /usr/bin/dumpcap - use pcap && fperms 6550 /usr/bin/dumpcap - - insinto /usr/include/wiretap - doins wiretap/wtap.h - - dodoc AUTHORS ChangeLog NEWS README* - - if use gtk ; then - insinto /usr/share/icons/hicolor/16x16/apps - newins image/hi16-app-wireshark.png wireshark.png - insinto /usr/share/icons/hicolor/32x32/apps - newins image/hi32-app-wireshark.png wireshark.png - insinto /usr/share/icons/hicolor/48x48/apps - newins image/hi48-app-wireshark.png wireshark.png - insinto /usr/share/applications - doins wireshark.desktop - fi -} - -pkg_postinst() { - echo - ewarn "With version 0.99.7, all function calls that require elevated privileges" - ewarn "have been moved out of the GUI to dumpcap. WIRESHARK CONTAINS OVER ONE" - ewarn "POINT FIVE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT." - ewarn - ewarn "NOTE: To run wireshark as normal user you have to add yourself into" - ewarn "wireshark group. This security measure ensures that only trusted" - ewarn "users allowed to sniff your traffic." - echo -} |