From 87e76517dd8370cc8e0b6e74f2b72b41d704b67f Mon Sep 17 00:00:00 2001 From: Sam James Date: Thu, 25 Mar 2021 23:23:05 +0000 Subject: Revert "net-analyzer/wireshark: drop 3.4.3 (security cleanup)" This reverts commit 46bf94892853f4226f3007331f135184d353487a. Got too excited there... Bug: https://bugs.gentoo.org/775323 Signed-off-by: Sam James --- net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.4.3.ebuild | 273 ++++++++++++++++++++++++++ 2 files changed, 274 insertions(+) create mode 100644 net-analyzer/wireshark/wireshark-3.4.3.ebuild (limited to 'net-analyzer/wireshark') diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest index 40c7b30562f3..27663064e3d1 100644 --- a/net-analyzer/wireshark/Manifest +++ b/net-analyzer/wireshark/Manifest @@ -1 +1,2 @@ +DIST wireshark-3.4.3.tar.xz 32287304 BLAKE2B 076d681c5f980ba6a0f25076c4631a119fb72d2b59a0cd70062d3a4c997c8959162157e46a6f59b5474c07263c84e0e660f1fa33f9339cc6a1141425d394cde2 SHA512 6cfea9432cd6fcecbfc551e059ca60a0c38084074bf130b4cc5378aac2221c1233e2ddafa1ffd6bc6b76297c2303b931dadf6ec518f35595caf5229af4d93859 DIST wireshark-3.4.4.tar.xz 32290424 BLAKE2B 85930709ab666794ba6f4a00a895d41b25c6e61f7951a33f511b4981fac3e2ad579d8f52fee5b8f04334f9e1ef8721b1de62d0ab5b0029b0ed32b9f69ff2f5dd SHA512 388b5634894f08bb1a0052f989133c2a8457fbf6525d1bb557f3ffce73da8063fd9fe82b50b5ababc30fa36ce154bf9d2a3d91d76e03913d6516ca61b4b6b172 diff --git a/net-analyzer/wireshark/wireshark-3.4.3.ebuild b/net-analyzer/wireshark/wireshark-3.4.3.ebuild new file mode 100644 index 000000000000..7ff5005db92b --- /dev/null +++ b/net-analyzer/wireshark/wireshark-3.4.3.ebuild @@ -0,0 +1,273 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +LUA_COMPAT=( lua5-{1..2} ) +PYTHON_COMPAT=( python3_{7..9} ) + +inherit fcaps flag-o-matic lua-single python-any-r1 qmake-utils xdg-utils cmake + +DESCRIPTION="A network protocol analyzer formerly known as ethereal" +HOMEPAGE="https://www.wireshark.org/" +SRC_URI="https://www.wireshark.org/download/src/all-versions/${P/_/}.tar.xz" +S="${WORKDIR}/${P/_/}" + +LICENSE="GPL-2" +SLOT="0/${PV}" +KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc64 x86" +IUSE=" + androiddump bcg729 brotli +capinfos +captype ciscodump +dftest doc dpauxmon + +dumpcap +editcap http2 ilbc kerberos libxml2 lto lua lz4 maxminddb + +mergecap +minizip +netlink opus +plugins plugin-ifdemo +pcap +qt5 +randpkt + +randpktdump +reordercap sbc selinux +sharkd smi snappy spandsp sshdump ssl + sdjournal test +text2pcap tfshark +tshark +udpdump zlib +zstd +" + +CDEPEND=" + acct-group/pcap + >=dev-libs/glib-2.32:2 + >=net-dns/c-ares-1.5 + dev-libs/libgcrypt:0 + bcg729? ( media-libs/bcg729 ) + brotli? ( app-arch/brotli ) + ciscodump? ( >=net-libs/libssh-0.6 ) + filecaps? ( sys-libs/libcap ) + http2? ( net-libs/nghttp2 ) + ilbc? ( media-libs/libilbc ) + kerberos? ( virtual/krb5 ) + libxml2? ( dev-libs/libxml2 ) + lua? ( ${LUA_DEPS} ) + lz4? ( app-arch/lz4 ) + maxminddb? ( dev-libs/libmaxminddb ) + minizip? ( sys-libs/zlib[minizip] ) + netlink? ( dev-libs/libnl:3 ) + opus? ( media-libs/opus ) + pcap? ( net-libs/libpcap ) + qt5? ( + dev-qt/qtcore:5 + dev-qt/qtgui:5 + dev-qt/qtmultimedia:5 + dev-qt/qtprintsupport:5 + dev-qt/qtwidgets:5 + x11-misc/xdg-utils + ) + sbc? ( media-libs/sbc ) + sdjournal? ( sys-apps/systemd ) + smi? ( net-libs/libsmi ) + snappy? ( app-arch/snappy ) + spandsp? ( media-libs/spandsp ) + sshdump? ( >=net-libs/libssh-0.6 ) + ssl? ( net-libs/gnutls:= ) + zlib? ( sys-libs/zlib ) + zstd? ( app-arch/zstd ) +" +# We need perl for `pod2html`. The rest of the perl stuff is to block older +# and broken installs. #455122 +DEPEND=" + ${CDEPEND} + ${PYTHON_DEPS} +" +BDEPEND=" + dev-lang/perl + sys-devel/bison + sys-devel/flex + virtual/pkgconfig + doc? ( + app-doc/doxygen + dev-ruby/asciidoctor + ) + qt5? ( + dev-qt/linguist-tools:5 + ) + test? ( + dev-python/pytest + dev-python/pytest-xdist + ) +" +RDEPEND=" + ${CDEPEND} + qt5? ( virtual/freedesktop-icon-theme ) + selinux? ( sec-policy/selinux-wireshark ) +" +REQUIRED_USE=" + lua? ( ${LUA_REQUIRED_USE} ) + plugin-ifdemo? ( plugins ) +" + +RESTRICT="test" + +PATCHES=( + "${FILESDIR}"/${PN}-2.6.0-redhat.patch + "${FILESDIR}"/${PN}-3.4.2-cmake-lua-version.patch + "${FILESDIR}"/${PN}-9999-ui-needs-wiretap.patch +) + +pkg_setup() { + use lua && lua-single_pkg_setup +} + +src_configure() { + local mycmakeargs + + # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass + # --with-ssl to ./configure. (Mimics code from acinclude.m4). + if use kerberos; then + case $(krb5-config --libs) in + *-lcrypto*) + ewarn "Kerberos was built with ssl support: linkage with openssl is enabled." + ewarn "Note there are annoying license incompatibilities between the OpenSSL" + ewarn "license and the GPL, so do your check before distributing such package." + mycmakeargs+=( -DENABLE_GNUTLS=$(usex ssl) ) + ;; + esac + fi + + if use qt5; then + export QT_MIN_VERSION=5.3.0 + append-cxxflags -fPIC -DPIC + fi + + python_setup + + mycmakeargs+=( + $(use androiddump && use pcap && echo -DEXTCAP_ANDROIDDUMP_LIBPCAP=yes) + $(usex qt5 LRELEASE=$(qt5_get_bindir)/lrelease '') + $(usex qt5 MOC=$(qt5_get_bindir)/moc '') + $(usex qt5 RCC=$(qt5_get_bindir)/rcc '') + $(usex qt5 UIC=$(qt5_get_bindir)/uic '') + -DBUILD_androiddump=$(usex androiddump) + -DBUILD_capinfos=$(usex capinfos) + -DBUILD_captype=$(usex captype) + -DBUILD_ciscodump=$(usex ciscodump) + -DBUILD_dftest=$(usex dftest) + -DBUILD_dpauxmon=$(usex dpauxmon) + -DBUILD_dumpcap=$(usex dumpcap) + -DBUILD_editcap=$(usex editcap) + -DBUILD_mergecap=$(usex mergecap) + -DBUILD_mmdbresolve=$(usex maxminddb) + -DBUILD_randpkt=$(usex randpkt) + -DBUILD_randpktdump=$(usex randpktdump) + -DBUILD_reordercap=$(usex reordercap) + -DBUILD_sdjournal=$(usex sdjournal) + -DBUILD_sharkd=$(usex sharkd) + -DBUILD_sshdump=$(usex sshdump) + -DBUILD_text2pcap=$(usex text2pcap) + -DBUILD_tfshark=$(usex tfshark) + -DBUILD_tshark=$(usex tshark) + -DBUILD_udpdump=$(usex udpdump) + -DBUILD_wireshark=$(usex qt5) + -DDISABLE_WERROR=yes + -DENABLE_BCG729=$(usex bcg729) + -DENABLE_BROTLI=$(usex brotli) + -DENABLE_CAP=$(usex filecaps caps) + -DENABLE_GNUTLS=$(usex ssl) + -DENABLE_ILBC=$(usex ilbc) + -DENABLE_KERBEROS=$(usex kerberos) + -DENABLE_LIBXML2=$(usex libxml2) + -DENABLE_LTO=$(usex lto) + -DENABLE_LUA=$(usex lua) + -DENABLE_LZ4=$(usex lz4) + -DENABLE_MINIZIP=$(usex minizip) + -DENABLE_NETLINK=$(usex netlink) + -DENABLE_NGHTTP2=$(usex http2) + -DENABLE_OPUS=$(usex opus) + -DENABLE_PCAP=$(usex pcap) + -DENABLE_PLUGINS=$(usex plugins) + -DENABLE_PLUGIN_IFDEMO=$(usex plugin-ifdemo) + -DENABLE_SBC=$(usex sbc) + -DENABLE_SMI=$(usex smi) + -DENABLE_SNAPPY=$(usex snappy) + -DENABLE_SPANDSP=$(usex spandsp) + -DENABLE_ZLIB=$(usex zlib) + -DENABLE_ZSTD=$(usex zstd) + ) + + cmake_src_configure +} + +src_test() { + cmake_build test-programs + + myctestargs=( + --disable-capture + --skip-missing-programs=all + --verbose + ) + + cmake_src_test +} + +src_install() { + cmake_src_install + + # FAQ is not required as is installed from help/faq.txt + dodoc AUTHORS ChangeLog NEWS README* doc/randpkt.txt doc/README* + + # install headers + insinto /usr/include/wireshark + doins ws_diag_control.h ws_symbol_export.h \ + "${BUILD_DIR}"/config.h "${BUILD_DIR}"/version.h + + local dir dirs=( + epan + epan/crypt + epan/dfilter + epan/dissectors + epan/ftypes + epan/wmem + wiretap + wsutil + ) + + for dir in "${dirs[@]}" ; do + insinto /usr/include/wireshark/${dir} + doins ${dir}/*.h + done + + #with the above this really shouldn't be needed, but things may be looking + # in wiretap/ instead of wireshark/wiretap/ + insinto /usr/include/wiretap + doins wiretap/wtap.h + + if use qt5; then + local s + for s in 16 32 48 64 128 256 512 1024; do + insinto /usr/share/icons/hicolor/${s}x${s}/apps + newins image/wsicon${s}.png wireshark.png + done + for s in 16 24 32 48 64 128 256 ; do + insinto /usr/share/icons/hicolor/${s}x${s}/mimetypes + newins image/WiresharkDoc-${s}.png application-vnd.tcpdump.pcap.png + done + fi + + if [[ -d "${ED}"/usr/share/appdata ]]; then + rm -r "${ED}"/usr/share/appdata || die + fi +} + +pkg_postinst() { + xdg_desktop_database_update + xdg_icon_cache_update + xdg_mimeinfo_database_update + + # Add group for users allowed to sniff. + chgrp pcap "${EROOT}"/usr/bin/dumpcap + + if use dumpcap && use pcap; then + fcaps -o 0 -g pcap -m 4710 -M 0710 \ + cap_dac_read_search,cap_net_raw,cap_net_admin \ + "${EROOT}"/usr/bin/dumpcap + fi + + ewarn "NOTE: To capture traffic with wireshark as normal user you have to" + ewarn "add yourself to the pcap group. This security measure ensures" + ewarn "that only trusted users are allowed to sniff your traffic." +} + +pkg_postrm() { + xdg_desktop_database_update + xdg_icon_cache_update + xdg_mimeinfo_database_update +} -- cgit v1.2.3-18-g5258