summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Black <dragonheart@gentoo.org>2006-11-12 12:08:16 +0000
committerDaniel Black <dragonheart@gentoo.org>2006-11-12 12:08:16 +0000
commit5c27f5cde40ece02dfda69316effb049aa86fd7a (patch)
treece83e6fbb7167796b758377e7f5c92792c05bb72 /net-analyzer
parentVersion bump; remove old version; add metadata. (diff)
downloadgentoo-2-5c27f5cde40ece02dfda69316effb049aa86fd7a.tar.gz
gentoo-2-5c27f5cde40ece02dfda69316effb049aa86fd7a.tar.bz2
gentoo-2-5c27f5cde40ece02dfda69316effb049aa86fd7a.zip
Thanks a7x, didier who made great efforts with upstream to prove it was a Gentoo compiler bug. bug #145974 and bug #133092. removed sec vulnerable version
(Portage version: 2.1.2_rc1-r4)
Diffstat (limited to 'net-analyzer')
-rw-r--r--net-analyzer/wireshark/ChangeLog11
-rw-r--r--net-analyzer/wireshark/files/digest-wireshark-0.99.4-r13
-rw-r--r--net-analyzer/wireshark/files/wireshark-except-double-free.diff16
-rw-r--r--net-analyzer/wireshark/wireshark-0.99.4-r1.ebuild136
4 files changed, 165 insertions, 1 deletions
diff --git a/net-analyzer/wireshark/ChangeLog b/net-analyzer/wireshark/ChangeLog
index 0d1eae42cfc5..656e34a9cbc6 100644
--- a/net-analyzer/wireshark/ChangeLog
+++ b/net-analyzer/wireshark/ChangeLog
@@ -1,6 +1,15 @@
# ChangeLog for net-analyzer/wireshark
# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.41 2006/11/05 04:12:31 ranger Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/ChangeLog,v 1.42 2006/11/12 12:08:16 dragonheart Exp $
+
+*wireshark-0.99.4-r1 (12 Nov 2006)
+
+ 12 Nov 2006; Daniel Black <dragonheart@gentoo.org>
+ +files/wireshark-except-double-free.diff, -wireshark-0.99.3.ebuild,
+ +wireshark-0.99.4-r1.ebuild:
+ Thanks a7x, didier who made great efforts with upstream to prove it was a
+ Gentoo compiler bug. bug #145974 and bug #133092. removed sec vulnerable
+ version
05 Nov 2006; Brent Baude <ranger@gentoo.org> wireshark-0.99.4.ebuild:
Marking wireshark-0.99.4 ppc64 stable for bug #152951
diff --git a/net-analyzer/wireshark/files/digest-wireshark-0.99.4-r1 b/net-analyzer/wireshark/files/digest-wireshark-0.99.4-r1
new file mode 100644
index 000000000000..361cdfcb7f4d
--- /dev/null
+++ b/net-analyzer/wireshark/files/digest-wireshark-0.99.4-r1
@@ -0,0 +1,3 @@
+MD5 05fada181e12bfa94b52f0b10395b28c wireshark-0.99.4.tar.bz2 10472441
+RMD160 6bf940af951ddfcf66157a8cb299e6342dd3f955 wireshark-0.99.4.tar.bz2 10472441
+SHA256 a4f15c73e2b67c888cbedfaa8093661dff6cb859357c197c60f3026baddb939e wireshark-0.99.4.tar.bz2 10472441
diff --git a/net-analyzer/wireshark/files/wireshark-except-double-free.diff b/net-analyzer/wireshark/files/wireshark-except-double-free.diff
new file mode 100644
index 000000000000..a7ca896a4999
--- /dev/null
+++ b/net-analyzer/wireshark/files/wireshark-except-double-free.diff
@@ -0,0 +1,16 @@
+Index: except.c
+===================================================================
+--- except.c (revision 19876)
++++ except.c (working copy)
+@@ -192,6 +192,11 @@
+
+ assert (top->except_type == XCEPT_CATCHER);
+ except_free(catcher->except_obj.except_dyndata);
++ /* make sure no else can free this pointer again
++ See http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1001
++ http://bugs.gentoo.org/show_bug.cgi?id=133092
++ http://bugs.gentoo.org/show_bug.cgi?id=145974 */
++ catcher->except_obj.except_dyndata = NULL;
+
+ for (i = 0; i < catcher->except_size; pi++, i++) {
+ if (match(&except->except_id, pi)) {
diff --git a/net-analyzer/wireshark/wireshark-0.99.4-r1.ebuild b/net-analyzer/wireshark/wireshark-0.99.4-r1.ebuild
new file mode 100644
index 000000000000..84f41b461a47
--- /dev/null
+++ b/net-analyzer/wireshark/wireshark-0.99.4-r1.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/wireshark/wireshark-0.99.4-r1.ebuild,v 1.1 2006/11/12 12:08:16 dragonheart Exp $
+
+inherit libtool flag-o-matic eutils autotools
+
+DESCRIPTION="A network protocol analyzer formerly known as ethereal"
+HOMEPAGE="http://www.wireshark.org/"
+#SRC_URI="http://www.wireshark.org/download/src/${MY_P}.tar.bz2"
+SRC_URI="mirror://sourceforge/wireshark/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="adns gtk ipv6 portaudio snmp ssl kerberos threads selinux"
+
+RDEPEND=">=sys-libs/zlib-1.1.4
+ snmp? ( >=net-analyzer/net-snmp-5.1.1 )
+ gtk? ( >=dev-libs/glib-2.0.4
+ =x11-libs/gtk+-2*
+ x11-libs/pango
+ dev-libs/atk )
+ !gtk? ( =dev-libs/glib-1.2* )
+ ssl? ( >=dev-libs/openssl-0.9.6e )
+ !ssl? ( net-libs/gnutls )
+ net-libs/libpcap
+ >=dev-libs/libpcre-4.2
+ adns? ( net-libs/adns )
+ kerberos? ( virtual/krb5 )
+ portaudio? ( media-libs/portaudio )
+ selinux? ( sec-policy/selinux-wireshark )"
+# lua fails with version 5.0 and 5.1 is not in portage yet - 2006-04-25
+# lua? ( >=dev-lang/lua-5.1 )"
+
+DEPEND="${RDEPEND}
+ >=dev-util/pkgconfig-0.15.0
+ dev-lang/perl
+ sys-devel/bison
+ sys-devel/flex
+ sys-apps/sed"
+
+pkg_setup() {
+ # bug 119208
+ if has_version "<=dev-lang/perl-5.8.8_rc1" && built_with_use dev-lang/perl minimal ; then
+ ewarn "wireshark will not build if dev-lang/perl is compiled with"
+ ewarn "USE=minimal. Rebuild dev-lang/perl with USE=-minimal and try again."
+ ebeep 5
+ die "dev-lang/perl compiled with USE=minimal"
+ fi
+
+ if ! use gtk; then
+ ewarn "USE=-gtk will mean no gui called wireshark will be created and"
+ ewarn "only command line utils are available"
+ fi
+}
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"/epan
+ epatch "${FILESDIR}"/wireshark-except-double-free.diff
+}
+
+src_compile() {
+ replace-flags -O? -O
+ filter-flags -fstack-protector # see bug #133092
+
+ local myconf
+
+ if use gtk; then
+ einfo "Building with gtk support"
+ else
+ einfo "Building without gtk support"
+ myconf="${myconf} --disable-wireshark"
+ # the asn1 plugin needs gtk
+ sed -i -e '/plugins.asn1/d' Makefile.in || die "sed failed"
+ sed -i -e '/^SUBDIRS/s/asn1//' plugins/Makefile.in || die "sed failed"
+ fi
+
+ # $(use_with lua) \
+ econf $(use_with ssl) \
+ $(use_enable ipv6) \
+ $(use_with adns) \
+ $(use_with kerberos krb5) \
+ $(use_with snmp net-snmp) \
+ $(use_with portaudio) \
+ $(use_enable gtk gtk2) \
+ $(use_enable threads) \
+ --without-ucd-snmp \
+ --enable-dftest \
+ --enable-randpkt \
+ --sysconfdir=/etc/wireshark \
+ --enable-editcap \
+ --enable-capinfos \
+ --enable-text2pcap \
+ --enable-dftest \
+ --enable-randpkt \
+ ${myconf} || die "econf failed"
+
+ # fixes an access violation caused by libnetsnmp - see bug 79068
+ use snmp && export MIBDIRS="${D}/usr/share/snmp/mibs"
+
+ emake || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed"
+
+ insinto /usr/include/wiretap
+ doins wiretap/wtap.h
+
+ dodoc AUTHORS ChangeLog NEWS README*
+
+ insinto /usr/share/icons/hicolor/16x16/apps
+ newins "${S}"/image/hi16-app-wireshark.png wireshark.png
+ insinto /usr/share/icons/hicolor/32x32/apps
+ newins "${S}"/image/hi32-app-wireshark.png wireshark.png
+ insinto /usr/share/icons/hicolor/48x48/apps
+ newins "${S}"/image/hi48-app-wireshark.png wireshark.png
+ make_desktop_entry wireshark "Wireshark" wireshark
+ dosym tshark /usr/bin/tethereal
+ use gtk && dosym wireshark /usr/bin/ethereal
+}
+
+pkg_postinst() {
+ ewarn "Due to a history of security flaws in this piece of software, it may contain more flaws."
+ ewarn "To protect yourself against malicious damage due to potential flaws in this product we recommend"
+ ewarn "you take the following security precautions when running wireshark in an untrusted environment:"
+ ewarn "do not run any longer than you need to;"
+ ewarn "use in a root jail - prefereably one that has been hardened with grsec like rootjail protections;"
+ ewarn "use a hardened operating system;"
+ ewarn "do not listen to addition interfaces;"
+ ewarn "if possible, run behind a firewall;"
+ ewarn "take a capture with tcpdump and analyze running wireshark as a least privileged user;"
+ ewarn "and subscribe to wireshark's announce list to be notified of newly discovered vulnerabilities."
+}
+