diff options
| author |   Sam James <sam@gentoo.org> | 2020-12-23 22:59:34 +0000 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2020-12-23 22:59:34 +0000 |
| commit | 181b6a478073f4f88bc41a164fe76516990a4bbd (patch) | |
| tree | ea03456fd26e0386dd137630877c38be3f524472 | |
| parent | app-text/an: cleanup old (EAPI 5) (diff) | |
| download | gentoo-181b6a478073f4f88bc41a164fe76516990a4bbd.tar.gz gentoo-181b6a478073f4f88bc41a164fe76516990a4bbd.tar.bz2 gentoo-181b6a478073f4f88bc41a164fe76516990a4bbd.zip | |
net-analyzer/wireshark: security cleanup
Bug: https://bugs.gentoo.org/760800
Package-Manager: Portage-3.0.12-prefix, Repoman-3.0.2
Signed-off-by: Sam James <sam@gentoo.org>
| -rw-r--r-- | net-analyzer/wireshark/Manifest | 2 | ||||
| -rw-r--r-- | net-analyzer/wireshark/wireshark-3.4.0.ebuild | 259 | ||||
| -rw-r--r-- | net-analyzer/wireshark/wireshark-3.4.1.ebuild | 259 |
3 files changed, 0 insertions, 520 deletions
diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest index 26950acdb186..1b280d0987c3 100644 --- a/net-analyzer/wireshark/Manifest +++ b/net-analyzer/wireshark/Manifest @@ -1,3 +1 @@ -DIST wireshark-3.4.0.tar.xz 32502760 BLAKE2B 5d8106f36cc3a1425fd472f7ba645b2a07bfb93c96178a98f90676f39cad38089b625d7d6725ecfaf67bfc78aba3476567b9bf390d6f0dd838537eb81bc4aaa7 SHA512 02070db23c64e1efe42b83cdcd7b52fb9b247e653da0aa12dc21a4283272fea0a135f4b0c5641197840bef88e52785d64a860c9fcfe1bcbaceb016c5258c9649 -DIST wireshark-3.4.1.tar.xz 32470004 BLAKE2B aa2c3e56df4232b087d09a52209eec1e91a10ab125f6fb973171771d86d349ddf76bef3da089f0d6740c67883009fb77c5760c1141c99a056e7a36fe8ae5c088 SHA512 a968158a5a22d04a9bf3b060246f7579210a8106e06184411fd00dad69e030c10aecfa579c09dcca11fb659e0a1de4773951578cb3697dd2dc8e5153d3892728 DIST wireshark-3.4.2.tar.xz 32465900 BLAKE2B dab7e871c798a6e0f03f45eaa49ba5cbabc18afabd6a5675a3241e4f1e6d86ef21b56b4cee5d561da2f2ec2b274ac6c5a52ed7b8ad50cbf02949a3a7f68d4f09 SHA512 38dc62d306dafe1a25db16ca28e1f4181a83673700a0b4c6dd98c8cb27df51ad0c6414db0370c443250aeb2521eceefb183178fe7d23a11b697cbf3f5b06f53a diff --git a/net-analyzer/wireshark/wireshark-3.4.0.ebuild b/net-analyzer/wireshark/wireshark-3.4.0.ebuild deleted file mode 100644 index ddabdfd5f7b5..000000000000 --- a/net-analyzer/wireshark/wireshark-3.4.0.ebuild +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6..9} ) - -inherit fcaps flag-o-matic multilib python-any-r1 qmake-utils xdg-utils cmake - -DESCRIPTION="A network protocol analyzer formerly known as ethereal" -HOMEPAGE="https://www.wireshark.org/" -SRC_URI="https://www.wireshark.org/download/src/all-versions/${P/_/}.tar.xz" -LICENSE="GPL-2" - -SLOT="0/${PV}" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc64 x86" -IUSE=" - androiddump bcg729 brotli +capinfos +captype ciscodump +dftest doc dpauxmon - +dumpcap +editcap http2 ilbc kerberos libxml2 lto lua lz4 maxminddb - +mergecap +minizip +netlink opus +plugins plugin-ifdemo +pcap +qt5 +randpkt - +randpktdump +reordercap sbc selinux +sharkd smi snappy spandsp sshdump ssl - sdjournal test +text2pcap tfshark +tshark +udpdump zlib +zstd -" -S=${WORKDIR}/${P/_/} - -CDEPEND=" - acct-group/pcap - >=dev-libs/glib-2.32:2 - >=net-dns/c-ares-1.5 - dev-libs/libgcrypt:0 - bcg729? ( media-libs/bcg729 ) - brotli? ( app-arch/brotli ) - ciscodump? ( >=net-libs/libssh-0.6 ) - filecaps? ( sys-libs/libcap ) - http2? ( net-libs/nghttp2 ) - ilbc? ( media-libs/libilbc ) - kerberos? ( virtual/krb5 ) - libxml2? ( dev-libs/libxml2 ) - lua? ( >=dev-lang/lua-5.1:0= ) - lz4? ( app-arch/lz4 ) - maxminddb? ( dev-libs/libmaxminddb ) - minizip? ( sys-libs/zlib[minizip] ) - netlink? ( dev-libs/libnl:3 ) - opus? ( media-libs/opus ) - pcap? ( net-libs/libpcap ) - qt5? ( - dev-qt/qtcore:5 - dev-qt/qtgui:5 - dev-qt/qtmultimedia:5 - dev-qt/qtprintsupport:5 - dev-qt/qtwidgets:5 - x11-misc/xdg-utils - ) - sbc? ( media-libs/sbc ) - sdjournal? ( sys-apps/systemd ) - smi? ( net-libs/libsmi ) - snappy? ( app-arch/snappy ) - spandsp? ( media-libs/spandsp ) - sshdump? ( >=net-libs/libssh-0.6 ) - ssl? ( net-libs/gnutls:= ) - zlib? ( sys-libs/zlib ) - zstd? ( app-arch/zstd ) -" -# We need perl for `pod2html`. The rest of the perl stuff is to block older -# and broken installs. #455122 -DEPEND=" - ${CDEPEND} - ${PYTHON_DEPS} -" -BDEPEND=" - dev-lang/perl - sys-devel/bison - sys-devel/flex - virtual/pkgconfig - doc? ( - app-doc/doxygen - dev-ruby/asciidoctor - ) - qt5? ( - dev-qt/linguist-tools:5 - ) - test? ( - dev-python/pytest - dev-python/pytest-xdist - ) -" -RDEPEND=" - ${CDEPEND} - qt5? ( virtual/freedesktop-icon-theme ) - selinux? ( sec-policy/selinux-wireshark ) -" -REQUIRED_USE=" - plugin-ifdemo? ( plugins ) -" -RESTRICT="test" -PATCHES=( - "${FILESDIR}"/${PN}-2.6.0-redhat.patch - "${FILESDIR}"/${PN}-99999999-ui-needs-wiretap.patch -) - -src_configure() { - local mycmakeargs - - # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass - # --with-ssl to ./configure. (Mimics code from acinclude.m4). - if use kerberos; then - case $(krb5-config --libs) in - *-lcrypto*) - ewarn "Kerberos was built with ssl support: linkage with openssl is enabled." - ewarn "Note there are annoying license incompatibilities between the OpenSSL" - ewarn "license and the GPL, so do your check before distributing such package." - mycmakeargs+=( -DENABLE_GNUTLS=$(usex ssl) ) - ;; - esac - fi - - if use qt5; then - export QT_MIN_VERSION=5.3.0 - append-cxxflags -fPIC -DPIC - fi - - python_setup - - mycmakeargs+=( - $(use androiddump && use pcap && echo -DEXTCAP_ANDROIDDUMP_LIBPCAP=yes) - $(usex qt5 LRELEASE=$(qt5_get_bindir)/lrelease '') - $(usex qt5 MOC=$(qt5_get_bindir)/moc '') - $(usex qt5 RCC=$(qt5_get_bindir)/rcc '') - $(usex qt5 UIC=$(qt5_get_bindir)/uic '') - -DBUILD_androiddump=$(usex androiddump) - -DBUILD_capinfos=$(usex capinfos) - -DBUILD_captype=$(usex captype) - -DBUILD_ciscodump=$(usex ciscodump) - -DBUILD_dftest=$(usex dftest) - -DBUILD_dpauxmon=$(usex dpauxmon) - -DBUILD_dumpcap=$(usex dumpcap) - -DBUILD_editcap=$(usex editcap) - -DBUILD_mergecap=$(usex mergecap) - -DBUILD_mmdbresolve=$(usex maxminddb) - -DBUILD_randpkt=$(usex randpkt) - -DBUILD_randpktdump=$(usex randpktdump) - -DBUILD_reordercap=$(usex reordercap) - -DBUILD_sdjournal=$(usex sdjournal) - -DBUILD_sharkd=$(usex sharkd) - -DBUILD_sshdump=$(usex sshdump) - -DBUILD_text2pcap=$(usex text2pcap) - -DBUILD_tfshark=$(usex tfshark) - -DBUILD_tshark=$(usex tshark) - -DBUILD_udpdump=$(usex udpdump) - -DBUILD_wireshark=$(usex qt5) - -DDISABLE_WERROR=yes - -DENABLE_BCG729=$(usex bcg729) - -DENABLE_BROTLI=$(usex brotli) - -DENABLE_CAP=$(usex filecaps caps) - -DENABLE_GNUTLS=$(usex ssl) - -DENABLE_ILBC=$(usex ilbc) - -DENABLE_KERBEROS=$(usex kerberos) - -DENABLE_LIBXML2=$(usex libxml2) - -DENABLE_LTO=$(usex lto) - -DENABLE_LUA=$(usex lua) - -DENABLE_LZ4=$(usex lz4) - -DENABLE_MINIZIP=$(usex minizip) - -DENABLE_NETLINK=$(usex netlink) - -DENABLE_NGHTTP2=$(usex http2) - -DENABLE_OPUS=$(usex opus) - -DENABLE_PCAP=$(usex pcap) - -DENABLE_PLUGINS=$(usex plugins) - -DENABLE_PLUGIN_IFDEMO=$(usex plugin-ifdemo) - -DENABLE_SBC=$(usex sbc) - -DENABLE_SMI=$(usex smi) - -DENABLE_SNAPPY=$(usex snappy) - -DENABLE_SPANDSP=$(usex spandsp) - -DENABLE_ZLIB=$(usex zlib) - -DENABLE_ZSTD=$(usex zstd) - ) - - cmake_src_configure -} - -src_test() { - cmake_build test-programs - - myctestargs=( --disable-capture --skip-missing-programs=all --verbose ) - cmake_src_test -} - -src_install() { - cmake_src_install - - # FAQ is not required as is installed from help/faq.txt - dodoc AUTHORS ChangeLog NEWS README* doc/randpkt.txt doc/README* - - # install headers - insinto /usr/include/wireshark - doins ws_diag_control.h ws_symbol_export.h \ - "${BUILD_DIR}"/config.h "${BUILD_DIR}"/version.h - - local dir dirs=( - epan - epan/crypt - epan/dfilter - epan/dissectors - epan/ftypes - epan/wmem - wiretap - wsutil - ) - for dir in "${dirs[@]}" - do - insinto /usr/include/wireshark/${dir} - doins ${dir}/*.h - done - - #with the above this really shouldn't be needed, but things may be looking - # in wiretap/ instead of wireshark/wiretap/ - insinto /usr/include/wiretap - doins wiretap/wtap.h - - if use qt5; then - local s - for s in 16 32 48 64 128 256 512 1024; do - insinto /usr/share/icons/hicolor/${s}x${s}/apps - newins image/wsicon${s}.png wireshark.png - done - for s in 16 24 32 48 64 128 256 ; do - insinto /usr/share/icons/hicolor/${s}x${s}/mimetypes - newins image/WiresharkDoc-${s}.png application-vnd.tcpdump.pcap.png - done - fi - - if [[ -d "${D}"/usr/share/appdata ]]; then - rm -r "${D}"/usr/share/appdata || die - fi -} - -pkg_postinst() { - xdg_desktop_database_update - xdg_icon_cache_update - xdg_mimeinfo_database_update - - # Add group for users allowed to sniff. - chgrp pcap "${EROOT}"/usr/bin/dumpcap - - if use dumpcap && use pcap; then - fcaps -o 0 -g pcap -m 4710 -M 0710 \ - cap_dac_read_search,cap_net_raw,cap_net_admin \ - "${EROOT}"/usr/bin/dumpcap - fi - - ewarn "NOTE: To capture traffic with wireshark as normal user you have to" - ewarn "add yourself to the pcap group. This security measure ensures" - ewarn "that only trusted users are allowed to sniff your traffic." -} - -pkg_postrm() { - xdg_desktop_database_update - xdg_icon_cache_update - xdg_mimeinfo_database_update -} diff --git a/net-analyzer/wireshark/wireshark-3.4.1.ebuild b/net-analyzer/wireshark/wireshark-3.4.1.ebuild deleted file mode 100644 index f577758732b3..000000000000 --- a/net-analyzer/wireshark/wireshark-3.4.1.ebuild +++ /dev/null @@ -1,259 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python3_{6..9} ) - -inherit fcaps flag-o-matic multilib python-any-r1 qmake-utils xdg-utils cmake - -DESCRIPTION="A network protocol analyzer formerly known as ethereal" -HOMEPAGE="https://www.wireshark.org/" -SRC_URI="https://www.wireshark.org/download/src/all-versions/${P/_/}.tar.xz" -LICENSE="GPL-2" - -SLOT="0/${PV}" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~ppc64 ~x86" -IUSE=" - androiddump bcg729 brotli +capinfos +captype ciscodump +dftest doc dpauxmon - +dumpcap +editcap http2 ilbc kerberos libxml2 lto lua lz4 maxminddb - +mergecap +minizip +netlink opus +plugins plugin-ifdemo +pcap +qt5 +randpkt - +randpktdump +reordercap sbc selinux +sharkd smi snappy spandsp sshdump ssl - sdjournal test +text2pcap tfshark +tshark +udpdump zlib +zstd -" -S=${WORKDIR}/${P/_/} - -CDEPEND=" - acct-group/pcap - >=dev-libs/glib-2.32:2 - >=net-dns/c-ares-1.5 - dev-libs/libgcrypt:0 - bcg729? ( media-libs/bcg729 ) - brotli? ( app-arch/brotli ) - ciscodump? ( >=net-libs/libssh-0.6 ) - filecaps? ( sys-libs/libcap ) - http2? ( net-libs/nghttp2 ) - ilbc? ( media-libs/libilbc ) - kerberos? ( virtual/krb5 ) - libxml2? ( dev-libs/libxml2 ) - lua? ( >=dev-lang/lua-5.1:0= ) - lz4? ( app-arch/lz4 ) - maxminddb? ( dev-libs/libmaxminddb ) - minizip? ( sys-libs/zlib[minizip] ) - netlink? ( dev-libs/libnl:3 ) - opus? ( media-libs/opus ) - pcap? ( net-libs/libpcap ) - qt5? ( - dev-qt/qtcore:5 - dev-qt/qtgui:5 - dev-qt/qtmultimedia:5 - dev-qt/qtprintsupport:5 - dev-qt/qtwidgets:5 - x11-misc/xdg-utils - ) - sbc? ( media-libs/sbc ) - sdjournal? ( sys-apps/systemd ) - smi? ( net-libs/libsmi ) - snappy? ( app-arch/snappy ) - spandsp? ( media-libs/spandsp ) - sshdump? ( >=net-libs/libssh-0.6 ) - ssl? ( net-libs/gnutls:= ) - zlib? ( sys-libs/zlib ) - zstd? ( app-arch/zstd ) -" -# We need perl for `pod2html`. The rest of the perl stuff is to block older -# and broken installs. #455122 -DEPEND=" - ${CDEPEND} - ${PYTHON_DEPS} -" -BDEPEND=" - dev-lang/perl - sys-devel/bison - sys-devel/flex - virtual/pkgconfig - doc? ( - app-doc/doxygen - dev-ruby/asciidoctor - ) - qt5? ( - dev-qt/linguist-tools:5 - ) - test? ( - dev-python/pytest - dev-python/pytest-xdist - ) -" -RDEPEND=" - ${CDEPEND} - qt5? ( virtual/freedesktop-icon-theme ) - selinux? ( sec-policy/selinux-wireshark ) -" -REQUIRED_USE=" - plugin-ifdemo? ( plugins ) -" -RESTRICT="test" -PATCHES=( - "${FILESDIR}"/${PN}-2.6.0-redhat.patch - "${FILESDIR}"/${PN}-99999999-ui-needs-wiretap.patch -) - -src_configure() { - local mycmakeargs - - # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass - # --with-ssl to ./configure. (Mimics code from acinclude.m4). - if use kerberos; then - case $(krb5-config --libs) in - *-lcrypto*) - ewarn "Kerberos was built with ssl support: linkage with openssl is enabled." - ewarn "Note there are annoying license incompatibilities between the OpenSSL" - ewarn "license and the GPL, so do your check before distributing such package." - mycmakeargs+=( -DENABLE_GNUTLS=$(usex ssl) ) - ;; - esac - fi - - if use qt5; then - export QT_MIN_VERSION=5.3.0 - append-cxxflags -fPIC -DPIC - fi - - python_setup - - mycmakeargs+=( - $(use androiddump && use pcap && echo -DEXTCAP_ANDROIDDUMP_LIBPCAP=yes) - $(usex qt5 LRELEASE=$(qt5_get_bindir)/lrelease '') - $(usex qt5 MOC=$(qt5_get_bindir)/moc '') - $(usex qt5 RCC=$(qt5_get_bindir)/rcc '') - $(usex qt5 UIC=$(qt5_get_bindir)/uic '') - -DBUILD_androiddump=$(usex androiddump) - -DBUILD_capinfos=$(usex capinfos) - -DBUILD_captype=$(usex captype) - -DBUILD_ciscodump=$(usex ciscodump) - -DBUILD_dftest=$(usex dftest) - -DBUILD_dpauxmon=$(usex dpauxmon) - -DBUILD_dumpcap=$(usex dumpcap) - -DBUILD_editcap=$(usex editcap) - -DBUILD_mergecap=$(usex mergecap) - -DBUILD_mmdbresolve=$(usex maxminddb) - -DBUILD_randpkt=$(usex randpkt) - -DBUILD_randpktdump=$(usex randpktdump) - -DBUILD_reordercap=$(usex reordercap) - -DBUILD_sdjournal=$(usex sdjournal) - -DBUILD_sharkd=$(usex sharkd) - -DBUILD_sshdump=$(usex sshdump) - -DBUILD_text2pcap=$(usex text2pcap) - -DBUILD_tfshark=$(usex tfshark) - -DBUILD_tshark=$(usex tshark) - -DBUILD_udpdump=$(usex udpdump) - -DBUILD_wireshark=$(usex qt5) - -DDISABLE_WERROR=yes - -DENABLE_BCG729=$(usex bcg729) - -DENABLE_BROTLI=$(usex brotli) - -DENABLE_CAP=$(usex filecaps caps) - -DENABLE_GNUTLS=$(usex ssl) - -DENABLE_ILBC=$(usex ilbc) - -DENABLE_KERBEROS=$(usex kerberos) - -DENABLE_LIBXML2=$(usex libxml2) - -DENABLE_LTO=$(usex lto) - -DENABLE_LUA=$(usex lua) - -DENABLE_LZ4=$(usex lz4) - -DENABLE_MINIZIP=$(usex minizip) - -DENABLE_NETLINK=$(usex netlink) - -DENABLE_NGHTTP2=$(usex http2) - -DENABLE_OPUS=$(usex opus) - -DENABLE_PCAP=$(usex pcap) - -DENABLE_PLUGINS=$(usex plugins) - -DENABLE_PLUGIN_IFDEMO=$(usex plugin-ifdemo) - -DENABLE_SBC=$(usex sbc) - -DENABLE_SMI=$(usex smi) - -DENABLE_SNAPPY=$(usex snappy) - -DENABLE_SPANDSP=$(usex spandsp) - -DENABLE_ZLIB=$(usex zlib) - -DENABLE_ZSTD=$(usex zstd) - ) - - cmake_src_configure -} - -src_test() { - cmake_build test-programs - - myctestargs=( --disable-capture --skip-missing-programs=all --verbose ) - cmake_src_test -} - -src_install() { - cmake_src_install - - # FAQ is not required as is installed from help/faq.txt - dodoc AUTHORS ChangeLog NEWS README* doc/randpkt.txt doc/README* - - # install headers - insinto /usr/include/wireshark - doins ws_diag_control.h ws_symbol_export.h \ - "${BUILD_DIR}"/config.h "${BUILD_DIR}"/version.h - - local dir dirs=( - epan - epan/crypt - epan/dfilter - epan/dissectors - epan/ftypes - epan/wmem - wiretap - wsutil - ) - for dir in "${dirs[@]}" - do - insinto /usr/include/wireshark/${dir} - doins ${dir}/*.h - done - - #with the above this really shouldn't be needed, but things may be looking - # in wiretap/ instead of wireshark/wiretap/ - insinto /usr/include/wiretap - doins wiretap/wtap.h - - if use qt5; then - local s - for s in 16 32 48 64 128 256 512 1024; do - insinto /usr/share/icons/hicolor/${s}x${s}/apps - newins image/wsicon${s}.png wireshark.png - done - for s in 16 24 32 48 64 128 256 ; do - insinto /usr/share/icons/hicolor/${s}x${s}/mimetypes - newins image/WiresharkDoc-${s}.png application-vnd.tcpdump.pcap.png - done - fi - - if [[ -d "${D}"/usr/share/appdata ]]; then - rm -r "${D}"/usr/share/appdata || die - fi -} - -pkg_postinst() { - xdg_desktop_database_update - xdg_icon_cache_update - xdg_mimeinfo_database_update - - # Add group for users allowed to sniff. - chgrp pcap "${EROOT}"/usr/bin/dumpcap - - if use dumpcap && use pcap; then - fcaps -o 0 -g pcap -m 4710 -M 0710 \ - cap_dac_read_search,cap_net_raw,cap_net_admin \ - "${EROOT}"/usr/bin/dumpcap - fi - - ewarn "NOTE: To capture traffic with wireshark as normal user you have to" - ewarn "add yourself to the pcap group. This security measure ensures" - ewarn "that only trusted users are allowed to sniff your traffic." -} - -pkg_postrm() { - xdg_desktop_database_update - xdg_icon_cache_update - xdg_mimeinfo_database_update -} |