commit: cf1f049003feaf74580f26c50ad6a91c35056d8e Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Mon Nov 16 06:10:41 2020 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Mon Nov 16 06:10:41 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf1f0490
net-analyzer/wireshark: security cleanup Bug: https://bugs.gentoo.org/750692 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Sam James <sam <AT> gentoo.org> net-analyzer/wireshark/Manifest | 1 - .../files/wireshark-2.4-androiddump.patch | 27 --- .../files/wireshark-2.9.0-tfshark-libm.patch | 10 - .../wireshark-99999999-androiddump-wsutil.patch | 19 -- .../wireshark/files/wireshark-99999999-qtsvg.patch | 10 - net-analyzer/wireshark/wireshark-3.2.7-r1.ebuild | 256 --------------------- 6 files changed, 323 deletions(-) diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest index b08688c3b81..2728ff86217 100644 --- a/net-analyzer/wireshark/Manifest +++ b/net-analyzer/wireshark/Manifest @@ -1,2 +1 @@ -DIST wireshark-3.2.7.tar.xz 31659996 BLAKE2B 69ed148e5cc6403b3948f4851164033163d0817626feaeaa0abf09b749c9e37c036786ed91f04add1ceeb80b69b7d05316b648d339c8c86f0818e0ee0afdf4ad SHA512 c17913fe6c193ccc6b0dbf86932d625a1f3b670aef805296e5db2639118218e06d513910ad50ab3926204f94a0010425b0d498176f987516d64fdd6a52d2517b DIST wireshark-3.4.0.tar.xz 32502760 BLAKE2B 5d8106f36cc3a1425fd472f7ba645b2a07bfb93c96178a98f90676f39cad38089b625d7d6725ecfaf67bfc78aba3476567b9bf390d6f0dd838537eb81bc4aaa7 SHA512 02070db23c64e1efe42b83cdcd7b52fb9b247e653da0aa12dc21a4283272fea0a135f4b0c5641197840bef88e52785d64a860c9fcfe1bcbaceb016c5258c9649 diff --git a/net-analyzer/wireshark/files/wireshark-2.4-androiddump.patch b/net-analyzer/wireshark/files/wireshark-2.4-androiddump.patch deleted file mode 100644 index 2272ef891c2..00000000000 --- a/net-analyzer/wireshark/files/wireshark-2.4-androiddump.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- a/extcap/androiddump.c -+++ b/extcap/androiddump.c -@@ -438,13 +438,13 @@ - pcap = pcap_open_dead_with_tstamp_precision(encap, PACKET_LENGTH, PCAP_TSTAMP_PRECISION_NANO); - extcap_dumper.dumper.pcap = pcap_dump_open(pcap, fifo); - if (!extcap_dumper.dumper.pcap) { -- g_warning("Can't open %s for saving packets: %s", pcap_geterr(pcap)); -+ g_warning("Can't open %s for saving packets: %s", fifo, pcap_geterr(pcap)); - pcap_close(pcap); - exit(EXIT_CODE_CANNOT_SAVE_LIBPCAP_DUMP); - } - extcap_dumper.encap = encap; - if (pcap_dump_flush(extcap_dumper.dumper.pcap) == -1) { -- g_warning("Write to %s failed: %s", g_strerror(errno)); -+ g_warning("Write to %s failed: %s", fifo, g_strerror(errno)); - } - #else - wtap_dump_params params = WTAP_DUMP_PARAMS_INIT; -@@ -480,7 +480,7 @@ - - pcap_dump((u_char *) extcap_dumper.dumper.pcap, &pcap_header, buffer); - if (pcap_dump_flush(extcap_dumper.dumper.pcap) == -1) { -- g_warning("Write to %s failed: %s", g_strerror(errno)); -+ g_warning("Write to %s failed: %s", fifo, g_strerror(errno)); - } - #else - int err = 0; diff --git a/net-analyzer/wireshark/files/wireshark-2.9.0-tfshark-libm.patch b/net-analyzer/wireshark/files/wireshark-2.9.0-tfshark-libm.patch deleted file mode 100644 index 40082c43501..00000000000 --- a/net-analyzer/wireshark/files/wireshark-2.9.0-tfshark-libm.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -2314,6 +2314,7 @@ - - if(BUILD_tfshark) - set(tfshark_LIBS -+ m - ui - wiretap - epan diff --git a/net-analyzer/wireshark/files/wireshark-99999999-androiddump-wsutil.patch b/net-analyzer/wireshark/files/wireshark-99999999-androiddump-wsutil.patch deleted file mode 100644 index 3d3a2a9c932..00000000000 --- a/net-analyzer/wireshark/files/wireshark-99999999-androiddump-wsutil.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- a/extcap/CMakeLists.txt -+++ b/extcap/CMakeLists.txt -@@ -91,6 +91,8 @@ if(BUILD_androiddump) - if(HAVE_LIBPCAP) - set(androiddump_LIBS - ui -+ wiretap -+ wsutil - ${GLIB2_LIBRARIES} - ${WIN_WS2_32_LIBRARY} - $<$<BOOL:${PCAP_FOUND}>:pcap::pcap> -@@ -102,6 +104,7 @@ if(BUILD_androiddump) - set(androiddump_LIBS - ui - wiretap -+ wsutil - ${GLIB2_LIBRARIES} - ${ZLIB_LIBRARIES} - ${CMAKE_DL_LIBS} diff --git a/net-analyzer/wireshark/files/wireshark-99999999-qtsvg.patch b/net-analyzer/wireshark/files/wireshark-99999999-qtsvg.patch deleted file mode 100644 index 8cff4bdd075..00000000000 --- a/net-analyzer/wireshark/files/wireshark-99999999-qtsvg.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -1058,7 +1058,6 @@ - Qt5LinguistTools - Qt5Multimedia - Qt5PrintSupport -- Qt5Svg - Qt5Widgets - ) - if(APPLE) diff --git a/net-analyzer/wireshark/wireshark-3.2.7-r1.ebuild b/net-analyzer/wireshark/wireshark-3.2.7-r1.ebuild deleted file mode 100644 index 6d52a93fcec..00000000000 --- a/net-analyzer/wireshark/wireshark-3.2.7-r1.ebuild +++ /dev/null @@ -1,256 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -PYTHON_COMPAT=( python3_{6,7,8} ) -inherit fcaps flag-o-matic multilib python-any-r1 qmake-utils xdg-utils cmake - -DESCRIPTION="A network protocol analyzer formerly known as ethereal" -HOMEPAGE="https://www.wireshark.org/"; -SRC_URI="https://www.wireshark.org/download/src/all-versions/${P/_/}.tar.xz"; -LICENSE="GPL-2" - -SLOT="0/${PV}" -KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ppc64 x86" -IUSE=" - androiddump bcg729 brotli +capinfos +captype ciscodump +dftest doc dpauxmon - +dumpcap +editcap http2 kerberos libxml2 lua lz4 maxminddb +mergecap - +minizip +netlink +plugins plugin-ifdemo +pcap +qt5 +randpkt +randpktdump - +reordercap sbc selinux +sharkd smi snappy spandsp sshdump ssl sdjournal - test +text2pcap tfshark +tshark +udpdump zlib +zstd -" -S=${WORKDIR}/${P/_/} - -CDEPEND=" - acct-group/pcap - >=dev-libs/glib-2.32:2 - >=net-dns/c-ares-1.5 - dev-libs/libgcrypt:0 - bcg729? ( media-libs/bcg729 ) - brotli? ( app-arch/brotli ) - ciscodump? ( >=net-libs/libssh-0.6 ) - filecaps? ( sys-libs/libcap ) - http2? ( net-libs/nghttp2 ) - kerberos? ( virtual/krb5 ) - libxml2? ( dev-libs/libxml2 ) - lua? ( >=dev-lang/lua-5.1:* ) - lz4? ( app-arch/lz4 ) - maxminddb? ( dev-libs/libmaxminddb ) - minizip? ( sys-libs/zlib[minizip] ) - netlink? ( dev-libs/libnl:3 ) - pcap? ( net-libs/libpcap ) - qt5? ( - dev-qt/qtcore:5 - dev-qt/qtgui:5 - dev-qt/qtmultimedia:5 - dev-qt/qtprintsupport:5 - dev-qt/qtwidgets:5 - x11-misc/xdg-utils - ) - sbc? ( media-libs/sbc ) - sdjournal? ( sys-apps/systemd ) - smi? ( net-libs/libsmi ) - snappy? ( app-arch/snappy ) - spandsp? ( media-libs/spandsp ) - sshdump? ( >=net-libs/libssh-0.6 ) - ssl? ( net-libs/gnutls:= ) - zlib? ( sys-libs/zlib ) - zstd? ( app-arch/zstd ) -" -# We need perl for `pod2html`. The rest of the perl stuff is to block older -# and broken installs. #455122 -DEPEND=" - ${CDEPEND} - ${PYTHON_DEPS} -" -BDEPEND=" - dev-lang/perl - sys-devel/bison - sys-devel/flex - virtual/pkgconfig - doc? ( - app-doc/doxygen - dev-ruby/asciidoctor - ) - qt5? ( - dev-qt/linguist-tools:5 - ) - test? ( - dev-python/pytest - dev-python/pytest-xdist - ) -" -RDEPEND=" - ${CDEPEND} - qt5? ( virtual/freedesktop-icon-theme ) - selinux? ( sec-policy/selinux-wireshark ) -" -REQUIRED_USE=" - plugin-ifdemo? ( plugins ) -" -RESTRICT="test" -PATCHES=( - "${FILESDIR}"/${PN}-2.4-androiddump.patch - "${FILESDIR}"/${PN}-2.6.0-redhat.patch - "${FILESDIR}"/${PN}-2.9.0-tfshark-libm.patch - "${FILESDIR}"/${PN}-99999999-androiddump-wsutil.patch - "${FILESDIR}"/${PN}-99999999-qtsvg.patch - "${FILESDIR}"/${PN}-99999999-ui-needs-wiretap.patch -) - -src_configure() { - local mycmakeargs - - # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass - # --with-ssl to ./configure. (Mimics code from acinclude.m4). - if use kerberos; then - case $(krb5-config --libs) in - *-lcrypto*) - ewarn "Kerberos was built with ssl support: linkage with openssl is enabled." - ewarn "Note there are annoying license incompatibilities between the OpenSSL" - ewarn "license and the GPL, so do your check before distributing such package." - mycmakeargs+=( -DENABLE_GNUTLS=$(usex ssl) ) - ;; - esac - fi - - if use qt5; then - export QT_MIN_VERSION=5.3.0 - append-cxxflags -fPIC -DPIC - fi - - python_setup - - mycmakeargs+=( - $(use androiddump && use pcap && echo -DEXTCAP_ANDROIDDUMP_LIBPCAP=yes) - $(usex qt5 LRELEASE=$(qt5_get_bindir)/lrelease '') - $(usex qt5 MOC=$(qt5_get_bindir)/moc '') - $(usex qt5 RCC=$(qt5_get_bindir)/rcc '') - $(usex qt5 UIC=$(qt5_get_bindir)/uic '') - -DBUILD_androiddump=$(usex androiddump) - -DBUILD_capinfos=$(usex capinfos) - -DBUILD_captype=$(usex captype) - -DBUILD_ciscodump=$(usex ciscodump) - -DBUILD_dftest=$(usex dftest) - -DBUILD_dpauxmon=$(usex dpauxmon) - -DBUILD_dumpcap=$(usex dumpcap) - -DBUILD_editcap=$(usex editcap) - -DBUILD_mergecap=$(usex mergecap) - -DBUILD_mmdbresolve=$(usex maxminddb) - -DBUILD_randpkt=$(usex randpkt) - -DBUILD_randpktdump=$(usex randpktdump) - -DBUILD_reordercap=$(usex reordercap) - -DBUILD_sdjournal=$(usex sdjournal) - -DBUILD_sharkd=$(usex sharkd) - -DBUILD_sshdump=$(usex sshdump) - -DBUILD_text2pcap=$(usex text2pcap) - -DBUILD_tfshark=$(usex tfshark) - -DBUILD_tshark=$(usex tshark) - -DBUILD_udpdump=$(usex udpdump) - -DBUILD_wireshark=$(usex qt5) - -DDISABLE_WERROR=yes - -DENABLE_BCG729=$(usex bcg729) - -DENABLE_BROTLI=$(usex brotli) - -DENABLE_CAP=$(usex filecaps caps) - -DENABLE_GNUTLS=$(usex ssl) - -DENABLE_KERBEROS=$(usex kerberos) - -DENABLE_LIBXML2=$(usex libxml2) - -DENABLE_LUA=$(usex lua) - -DENABLE_LZ4=$(usex lz4) - -DENABLE_MINIZIP=$(usex minizip) - -DENABLE_NETLINK=$(usex netlink) - -DENABLE_NGHTTP2=$(usex http2) - -DENABLE_PCAP=$(usex pcap) - -DENABLE_PLUGINS=$(usex plugins) - -DENABLE_PLUGIN_IFDEMO=$(usex plugin-ifdemo) - -DENABLE_SBC=$(usex sbc) - -DENABLE_SMI=$(usex smi) - -DENABLE_SNAPPY=$(usex snappy) - -DENABLE_SPANDSP=$(usex spandsp) - -DENABLE_ZLIB=$(usex zlib) - -DENABLE_ZSTD=$(usex zstd) - ) - - cmake_src_configure -} - -src_test() { - cmake_build test-programs - - myctestargs=( --disable-capture --skip-missing-programs=all --verbose ) - cmake_src_test -} - -src_install() { - cmake_src_install - - # FAQ is not required as is installed from help/faq.txt - dodoc AUTHORS ChangeLog NEWS README* doc/randpkt.txt doc/README* - - # install headers - insinto /usr/include/wireshark - doins ws_diag_control.h ws_symbol_export.h \ - "${BUILD_DIR}"/config.h "${BUILD_DIR}"/version.h - - local dir dirs=( - epan - epan/crypt - epan/dfilter - epan/dissectors - epan/ftypes - epan/wmem - wiretap - wsutil - ) - for dir in "${dirs[@]}" - do - insinto /usr/include/wireshark/${dir} - doins ${dir}/*.h - done - - #with the above this really shouldn't be needed, but things may be looking - # in wiretap/ instead of wireshark/wiretap/ - insinto /usr/include/wiretap - doins wiretap/wtap.h - - if use qt5; then - local s - for s in 16 32 48 64 128 256 512 1024; do - insinto /usr/share/icons/hicolor/${s}x${s}/apps - newins image/wsicon${s}.png wireshark.png - done - for s in 16 24 32 48 64 128 256 ; do - insinto /usr/share/icons/hicolor/${s}x${s}/mimetypes - newins image/WiresharkDoc-${s}.png application-vnd.tcpdump.pcap.png - done - fi - - if [[ -d "${D}"/usr/share/appdata ]]; then - rm -r "${D}"/usr/share/appdata || die - fi -} - -pkg_postinst() { - xdg_desktop_database_update - xdg_icon_cache_update - xdg_mimeinfo_database_update - - # Add group for users allowed to sniff. - chgrp pcap "${EROOT}"/usr/bin/dumpcap - - if use dumpcap && use pcap; then - fcaps -o 0 -g pcap -m 4710 -M 0710 \ - cap_dac_read_search,cap_net_raw,cap_net_admin \ - "${EROOT}"/usr/bin/dumpcap - fi - - ewarn "NOTE: To capture traffic with wireshark as normal user you have to" - ewarn "add yourself to the pcap group. This security measure ensures" - ewarn "that only trusted users are allowed to sniff your traffic." -} - -pkg_postrm() { - xdg_desktop_database_update - xdg_icon_cache_update - xdg_mimeinfo_database_update -}
