commit:     87e76517dd8370cc8e0b6e74f2b72b41d704b67f
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 25 23:23:05 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 25 23:23:21 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=87e76517

Revert "net-analyzer/wireshark: drop 3.4.3 (security cleanup)"

This reverts commit 46bf94892853f4226f3007331f135184d353487a.
Got too excited there...

Bug: https://bugs.gentoo.org/775323
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 +
 net-analyzer/wireshark/wireshark-3.4.3.ebuild | 273 ++++++++++++++++++++++++++
 2 files changed, 274 insertions(+)

diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest
index 40c7b30562f..27663064e3d 100644
--- a/net-analyzer/wireshark/Manifest
+++ b/net-analyzer/wireshark/Manifest
@@ -1 +1,2 @@
+DIST wireshark-3.4.3.tar.xz 32287304 BLAKE2B 
076d681c5f980ba6a0f25076c4631a119fb72d2b59a0cd70062d3a4c997c8959162157e46a6f59b5474c07263c84e0e660f1fa33f9339cc6a1141425d394cde2
 SHA512 
6cfea9432cd6fcecbfc551e059ca60a0c38084074bf130b4cc5378aac2221c1233e2ddafa1ffd6bc6b76297c2303b931dadf6ec518f35595caf5229af4d93859
 DIST wireshark-3.4.4.tar.xz 32290424 BLAKE2B 
85930709ab666794ba6f4a00a895d41b25c6e61f7951a33f511b4981fac3e2ad579d8f52fee5b8f04334f9e1ef8721b1de62d0ab5b0029b0ed32b9f69ff2f5dd
 SHA512 
388b5634894f08bb1a0052f989133c2a8457fbf6525d1bb557f3ffce73da8063fd9fe82b50b5ababc30fa36ce154bf9d2a3d91d76e03913d6516ca61b4b6b172

diff --git a/net-analyzer/wireshark/wireshark-3.4.3.ebuild 
b/net-analyzer/wireshark/wireshark-3.4.3.ebuild
new file mode 100644
index 00000000000..7ff5005db92
--- /dev/null
+++ b/net-analyzer/wireshark/wireshark-3.4.3.ebuild
@@ -0,0 +1,273 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+LUA_COMPAT=( lua5-{1..2} )
+PYTHON_COMPAT=( python3_{7..9} )
+
+inherit fcaps flag-o-matic lua-single python-any-r1 qmake-utils xdg-utils cmake
+
+DESCRIPTION="A network protocol analyzer formerly known as ethereal"
+HOMEPAGE="https://www.wireshark.org/";
+SRC_URI="https://www.wireshark.org/download/src/all-versions/${P/_/}.tar.xz";
+S="${WORKDIR}/${P/_/}"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc64 x86"
+IUSE="
+       androiddump bcg729 brotli +capinfos +captype ciscodump +dftest doc 
dpauxmon
+       +dumpcap +editcap http2 ilbc kerberos libxml2 lto lua lz4 maxminddb
+       +mergecap +minizip +netlink opus +plugins plugin-ifdemo +pcap +qt5 
+randpkt
+       +randpktdump +reordercap sbc selinux +sharkd smi snappy spandsp sshdump 
ssl
+       sdjournal test +text2pcap tfshark +tshark +udpdump zlib +zstd
+"
+
+CDEPEND="
+       acct-group/pcap
+       >=dev-libs/glib-2.32:2
+       >=net-dns/c-ares-1.5
+       dev-libs/libgcrypt:0
+       bcg729? ( media-libs/bcg729 )
+       brotli? ( app-arch/brotli )
+       ciscodump? ( >=net-libs/libssh-0.6 )
+       filecaps? ( sys-libs/libcap )
+       http2? ( net-libs/nghttp2 )
+       ilbc? ( media-libs/libilbc )
+       kerberos? ( virtual/krb5 )
+       libxml2? ( dev-libs/libxml2 )
+       lua? ( ${LUA_DEPS} )
+       lz4? ( app-arch/lz4 )
+       maxminddb? ( dev-libs/libmaxminddb )
+       minizip? ( sys-libs/zlib[minizip] )
+       netlink? ( dev-libs/libnl:3 )
+       opus? ( media-libs/opus )
+       pcap? ( net-libs/libpcap )
+       qt5? (
+               dev-qt/qtcore:5
+               dev-qt/qtgui:5
+               dev-qt/qtmultimedia:5
+               dev-qt/qtprintsupport:5
+               dev-qt/qtwidgets:5
+               x11-misc/xdg-utils
+       )
+       sbc? ( media-libs/sbc )
+       sdjournal? ( sys-apps/systemd )
+       smi? ( net-libs/libsmi )
+       snappy? ( app-arch/snappy )
+       spandsp? ( media-libs/spandsp )
+       sshdump? ( >=net-libs/libssh-0.6 )
+       ssl? ( net-libs/gnutls:= )
+       zlib? ( sys-libs/zlib )
+       zstd? ( app-arch/zstd )
+"
+# We need perl for `pod2html`. The rest of the perl stuff is to block older
+# and broken installs. #455122
+DEPEND="
+       ${CDEPEND}
+       ${PYTHON_DEPS}
+"
+BDEPEND="
+       dev-lang/perl
+       sys-devel/bison
+       sys-devel/flex
+       virtual/pkgconfig
+       doc? (
+               app-doc/doxygen
+               dev-ruby/asciidoctor
+       )
+       qt5? (
+               dev-qt/linguist-tools:5
+       )
+       test? (
+               dev-python/pytest
+               dev-python/pytest-xdist
+       )
+"
+RDEPEND="
+       ${CDEPEND}
+       qt5? ( virtual/freedesktop-icon-theme )
+       selinux? ( sec-policy/selinux-wireshark )
+"
+REQUIRED_USE="
+       lua? ( ${LUA_REQUIRED_USE} )
+       plugin-ifdemo? ( plugins )
+"
+
+RESTRICT="test"
+
+PATCHES=(
+       "${FILESDIR}"/${PN}-2.6.0-redhat.patch
+       "${FILESDIR}"/${PN}-3.4.2-cmake-lua-version.patch
+       "${FILESDIR}"/${PN}-9999-ui-needs-wiretap.patch
+)
+
+pkg_setup() {
+       use lua && lua-single_pkg_setup
+}
+
+src_configure() {
+       local mycmakeargs
+
+       # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass
+       # --with-ssl to ./configure. (Mimics code from acinclude.m4).
+       if use kerberos; then
+               case $(krb5-config --libs) in
+                       *-lcrypto*)
+                               ewarn "Kerberos was built with ssl support: 
linkage with openssl is enabled."
+                               ewarn "Note there are annoying license 
incompatibilities between the OpenSSL"
+                               ewarn "license and the GPL, so do your check 
before distributing such package."
+                               mycmakeargs+=( -DENABLE_GNUTLS=$(usex ssl) )
+                               ;;
+               esac
+       fi
+
+       if use qt5; then
+               export QT_MIN_VERSION=5.3.0
+               append-cxxflags -fPIC -DPIC
+       fi
+
+       python_setup
+
+       mycmakeargs+=(
+               $(use androiddump && use pcap && echo 
-DEXTCAP_ANDROIDDUMP_LIBPCAP=yes)
+               $(usex qt5 LRELEASE=$(qt5_get_bindir)/lrelease '')
+               $(usex qt5 MOC=$(qt5_get_bindir)/moc '')
+               $(usex qt5 RCC=$(qt5_get_bindir)/rcc '')
+               $(usex qt5 UIC=$(qt5_get_bindir)/uic '')
+               -DBUILD_androiddump=$(usex androiddump)
+               -DBUILD_capinfos=$(usex capinfos)
+               -DBUILD_captype=$(usex captype)
+               -DBUILD_ciscodump=$(usex ciscodump)
+               -DBUILD_dftest=$(usex dftest)
+               -DBUILD_dpauxmon=$(usex dpauxmon)
+               -DBUILD_dumpcap=$(usex dumpcap)
+               -DBUILD_editcap=$(usex editcap)
+               -DBUILD_mergecap=$(usex mergecap)
+               -DBUILD_mmdbresolve=$(usex maxminddb)
+               -DBUILD_randpkt=$(usex randpkt)
+               -DBUILD_randpktdump=$(usex randpktdump)
+               -DBUILD_reordercap=$(usex reordercap)
+               -DBUILD_sdjournal=$(usex sdjournal)
+               -DBUILD_sharkd=$(usex sharkd)
+               -DBUILD_sshdump=$(usex sshdump)
+               -DBUILD_text2pcap=$(usex text2pcap)
+               -DBUILD_tfshark=$(usex tfshark)
+               -DBUILD_tshark=$(usex tshark)
+               -DBUILD_udpdump=$(usex udpdump)
+               -DBUILD_wireshark=$(usex qt5)
+               -DDISABLE_WERROR=yes
+               -DENABLE_BCG729=$(usex bcg729)
+               -DENABLE_BROTLI=$(usex brotli)
+               -DENABLE_CAP=$(usex filecaps caps)
+               -DENABLE_GNUTLS=$(usex ssl)
+               -DENABLE_ILBC=$(usex ilbc)
+               -DENABLE_KERBEROS=$(usex kerberos)
+               -DENABLE_LIBXML2=$(usex libxml2)
+               -DENABLE_LTO=$(usex lto)
+               -DENABLE_LUA=$(usex lua)
+               -DENABLE_LZ4=$(usex lz4)
+               -DENABLE_MINIZIP=$(usex minizip)
+               -DENABLE_NETLINK=$(usex netlink)
+               -DENABLE_NGHTTP2=$(usex http2)
+               -DENABLE_OPUS=$(usex opus)
+               -DENABLE_PCAP=$(usex pcap)
+               -DENABLE_PLUGINS=$(usex plugins)
+               -DENABLE_PLUGIN_IFDEMO=$(usex plugin-ifdemo)
+               -DENABLE_SBC=$(usex sbc)
+               -DENABLE_SMI=$(usex smi)
+               -DENABLE_SNAPPY=$(usex snappy)
+               -DENABLE_SPANDSP=$(usex spandsp)
+               -DENABLE_ZLIB=$(usex zlib)
+               -DENABLE_ZSTD=$(usex zstd)
+       )
+
+       cmake_src_configure
+}
+
+src_test() {
+       cmake_build test-programs
+
+       myctestargs=(
+               --disable-capture
+               --skip-missing-programs=all
+               --verbose
+       )
+
+       cmake_src_test
+}
+
+src_install() {
+       cmake_src_install
+
+       # FAQ is not required as is installed from help/faq.txt
+       dodoc AUTHORS ChangeLog NEWS README* doc/randpkt.txt doc/README*
+
+       # install headers
+       insinto /usr/include/wireshark
+       doins ws_diag_control.h ws_symbol_export.h \
+               "${BUILD_DIR}"/config.h "${BUILD_DIR}"/version.h
+
+       local dir dirs=(
+               epan
+               epan/crypt
+               epan/dfilter
+               epan/dissectors
+               epan/ftypes
+               epan/wmem
+               wiretap
+               wsutil
+       )
+
+       for dir in "${dirs[@]}" ; do
+               insinto /usr/include/wireshark/${dir}
+               doins ${dir}/*.h
+       done
+
+       #with the above this really shouldn't be needed, but things may be 
looking
+       # in wiretap/ instead of wireshark/wiretap/
+       insinto /usr/include/wiretap
+       doins wiretap/wtap.h
+
+       if use qt5; then
+               local s
+               for s in 16 32 48 64 128 256 512 1024; do
+                       insinto /usr/share/icons/hicolor/${s}x${s}/apps
+                       newins image/wsicon${s}.png wireshark.png
+               done
+               for s in 16 24 32 48 64 128 256 ; do
+                       insinto /usr/share/icons/hicolor/${s}x${s}/mimetypes
+                       newins image/WiresharkDoc-${s}.png 
application-vnd.tcpdump.pcap.png
+               done
+       fi
+
+       if [[ -d "${ED}"/usr/share/appdata ]]; then
+               rm -r "${ED}"/usr/share/appdata || die
+       fi
+}
+
+pkg_postinst() {
+       xdg_desktop_database_update
+       xdg_icon_cache_update
+       xdg_mimeinfo_database_update
+
+       # Add group for users allowed to sniff.
+       chgrp pcap "${EROOT}"/usr/bin/dumpcap
+
+       if use dumpcap && use pcap; then
+               fcaps -o 0 -g pcap -m 4710 -M 0710 \
+                       cap_dac_read_search,cap_net_raw,cap_net_admin \
+                       "${EROOT}"/usr/bin/dumpcap
+       fi
+
+       ewarn "NOTE: To capture traffic with wireshark as normal user you have 
to"
+       ewarn "add yourself to the pcap group. This security measure ensures"
+       ewarn "that only trusted users are allowed to sniff your traffic."
+}
+
+pkg_postrm() {
+       xdg_desktop_database_update
+       xdg_icon_cache_update
+       xdg_mimeinfo_database_update
+}

Reply via email to