Revert "net-analyzer/wireshark: drop 3.4.3 (security cleanup)"

This reverts commit 46bf948.
Got too excited there...

Bug: https://bugs.gentoo.org/775323
Signed-off-by: Sam James <[email protected]>

net-analyzer/wireshark/Manifest

@@ -1 +1,2 @@
+DIST wireshark-3.4.3.tar.xz 32287304 BLAKE2B 076d681c5f980ba6a0f25076c4631a119fb72d2b59a0cd70062d3a4c997c8959162157e46a6f59b5474c07263c84e0e660f1fa33f9339cc6a1141425d394cde2 SHA512 6cfea9432cd6fcecbfc551e059ca60a0c38084074bf130b4cc5378aac2221c1233e2ddafa1ffd6bc6b76297c2303b931dadf6ec518f35595caf5229af4d93859
 DIST wireshark-3.4.4.tar.xz 32290424 BLAKE2B 85930709ab666794ba6f4a00a895d41b25c6e61f7951a33f511b4981fac3e2ad579d8f52fee5b8f04334f9e1ef8721b1de62d0ab5b0029b0ed32b9f69ff2f5dd SHA512 388b5634894f08bb1a0052f989133c2a8457fbf6525d1bb557f3ffce73da8063fd9fe82b50b5ababc30fa36ce154bf9d2a3d91d76e03913d6516ca61b4b6b172

net-analyzer/wireshark/wireshark-3.4.3.ebuild

@@ -0,0 +1,273 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+LUA_COMPAT=( lua5-{1..2} )
+PYTHON_COMPAT=( python3_{7..9} )
+
+inherit fcaps flag-o-matic lua-single python-any-r1 qmake-utils xdg-utils cmake
+
+DESCRIPTION="A network protocol analyzer formerly known as ethereal"
+HOMEPAGE="https://www.wireshark.org/"
+SRC_URI="https://www.wireshark.org/download/src/all-versions/${P/_/}.tar.xz"
+S="${WORKDIR}/${P/_/}"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ppc64 x86"
+IUSE="
+ androiddump bcg729 brotli +capinfos +captype ciscodump +dftest doc dpauxmon
+ +dumpcap +editcap http2 ilbc kerberos libxml2 lto lua lz4 maxminddb
+ +mergecap +minizip +netlink opus +plugins plugin-ifdemo +pcap +qt5 +randpkt
+ +randpktdump +reordercap sbc selinux +sharkd smi snappy spandsp sshdump ssl
+ sdjournal test +text2pcap tfshark +tshark +udpdump zlib +zstd
+"
+
+CDEPEND="
+ acct-group/pcap
+ >=dev-libs/glib-2.32:2
+ >=net-dns/c-ares-1.5
+ dev-libs/libgcrypt:0
+ bcg729? ( media-libs/bcg729 )
+ brotli? ( app-arch/brotli )
+ ciscodump? ( >=net-libs/libssh-0.6 )
+ filecaps? ( sys-libs/libcap )
+ http2? ( net-libs/nghttp2 )
+ ilbc? ( media-libs/libilbc )
+ kerberos? ( virtual/krb5 )
+ libxml2? ( dev-libs/libxml2 )
+ lua? ( ${LUA_DEPS} )
+ lz4? ( app-arch/lz4 )
+ maxminddb? ( dev-libs/libmaxminddb )
+ minizip? ( sys-libs/zlib[minizip] )
+ netlink? ( dev-libs/libnl:3 )
+ opus? ( media-libs/opus )
+ pcap? ( net-libs/libpcap )
+ qt5? (
+ dev-qt/qtcore:5
+ dev-qt/qtgui:5
+ dev-qt/qtmultimedia:5
+ dev-qt/qtprintsupport:5
+ dev-qt/qtwidgets:5
+ x11-misc/xdg-utils
+ )
+ sbc? ( media-libs/sbc )
+ sdjournal? ( sys-apps/systemd )
+ smi? ( net-libs/libsmi )
+ snappy? ( app-arch/snappy )
+ spandsp? ( media-libs/spandsp )
+ sshdump? ( >=net-libs/libssh-0.6 )
+ ssl? ( net-libs/gnutls:= )
+ zlib? ( sys-libs/zlib )
+ zstd? ( app-arch/zstd )
+"
+# We need perl for `pod2html`. The rest of the perl stuff is to block older
+# and broken installs. #455122
+DEPEND="
+ ${CDEPEND}
+ ${PYTHON_DEPS}
+"
+BDEPEND="
+ dev-lang/perl
+ sys-devel/bison
+ sys-devel/flex
+ virtual/pkgconfig
+ doc? (
+ app-doc/doxygen
+ dev-ruby/asciidoctor
+ )
+ qt5? (
+ dev-qt/linguist-tools:5
+ )
+ test? (
+ dev-python/pytest
+ dev-python/pytest-xdist
+ )
+"
+RDEPEND="
+ ${CDEPEND}
+ qt5? ( virtual/freedesktop-icon-theme )
+ selinux? ( sec-policy/selinux-wireshark )
+"
+REQUIRED_USE="
+ lua? ( ${LUA_REQUIRED_USE} )
+ plugin-ifdemo? ( plugins )
+"
+
+RESTRICT="test"
+
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.6.0-redhat.patch
+ "${FILESDIR}"/${PN}-3.4.2-cmake-lua-version.patch
+ "${FILESDIR}"/${PN}-9999-ui-needs-wiretap.patch
+)
+
+pkg_setup() {
+ use lua && lua-single_pkg_setup
+}
+
+src_configure() {
+ local mycmakeargs
+
+ # Workaround bug #213705. If krb5-config --libs has -lcrypto then pass
+ # --with-ssl to ./configure. (Mimics code from acinclude.m4).
+ if use kerberos; then
+ case $(krb5-config --libs) in
+ *-lcrypto*)
+ ewarn "Kerberos was built with ssl support: linkage with openssl is enabled."
+ ewarn "Note there are annoying license incompatibilities between the OpenSSL"
+ ewarn "license and the GPL, so do your check before distributing such package."
+ mycmakeargs+=( -DENABLE_GNUTLS=$(usex ssl) )
+ ;;
+ esac
+ fi
+
+ if use qt5; then
+ export QT_MIN_VERSION=5.3.0
+ append-cxxflags -fPIC -DPIC
+ fi
+
+ python_setup
+
+ mycmakeargs+=(
+ $(use androiddump && use pcap && echo -DEXTCAP_ANDROIDDUMP_LIBPCAP=yes)
+ $(usex qt5 LRELEASE=$(qt5_get_bindir)/lrelease '')
+ $(usex qt5 MOC=$(qt5_get_bindir)/moc '')
+ $(usex qt5 RCC=$(qt5_get_bindir)/rcc '')
+ $(usex qt5 UIC=$(qt5_get_bindir)/uic '')
+ -DBUILD_androiddump=$(usex androiddump)
+ -DBUILD_capinfos=$(usex capinfos)
+ -DBUILD_captype=$(usex captype)
+ -DBUILD_ciscodump=$(usex ciscodump)
+ -DBUILD_dftest=$(usex dftest)
+ -DBUILD_dpauxmon=$(usex dpauxmon)
+ -DBUILD_dumpcap=$(usex dumpcap)
+ -DBUILD_editcap=$(usex editcap)
+ -DBUILD_mergecap=$(usex mergecap)
+ -DBUILD_mmdbresolve=$(usex maxminddb)
+ -DBUILD_randpkt=$(usex randpkt)
+ -DBUILD_randpktdump=$(usex randpktdump)
+ -DBUILD_reordercap=$(usex reordercap)
+ -DBUILD_sdjournal=$(usex sdjournal)
+ -DBUILD_sharkd=$(usex sharkd)
+ -DBUILD_sshdump=$(usex sshdump)
+ -DBUILD_text2pcap=$(usex text2pcap)
+ -DBUILD_tfshark=$(usex tfshark)
+ -DBUILD_tshark=$(usex tshark)
+ -DBUILD_udpdump=$(usex udpdump)
+ -DBUILD_wireshark=$(usex qt5)
+ -DDISABLE_WERROR=yes
+ -DENABLE_BCG729=$(usex bcg729)
+ -DENABLE_BROTLI=$(usex brotli)
+ -DENABLE_CAP=$(usex filecaps caps)
+ -DENABLE_GNUTLS=$(usex ssl)
+ -DENABLE_ILBC=$(usex ilbc)
+ -DENABLE_KERBEROS=$(usex kerberos)
+ -DENABLE_LIBXML2=$(usex libxml2)
+ -DENABLE_LTO=$(usex lto)
+ -DENABLE_LUA=$(usex lua)
+ -DENABLE_LZ4=$(usex lz4)
+ -DENABLE_MINIZIP=$(usex minizip)
+ -DENABLE_NETLINK=$(usex netlink)
+ -DENABLE_NGHTTP2=$(usex http2)
+ -DENABLE_OPUS=$(usex opus)
+ -DENABLE_PCAP=$(usex pcap)
+ -DENABLE_PLUGINS=$(usex plugins)
+ -DENABLE_PLUGIN_IFDEMO=$(usex plugin-ifdemo)
+ -DENABLE_SBC=$(usex sbc)
+ -DENABLE_SMI=$(usex smi)
+ -DENABLE_SNAPPY=$(usex snappy)
+ -DENABLE_SPANDSP=$(usex spandsp)
+ -DENABLE_ZLIB=$(usex zlib)
+ -DENABLE_ZSTD=$(usex zstd)
+ )
+
+ cmake_src_configure
+}
+
+src_test() {
+ cmake_build test-programs
+
+ myctestargs=(
+ --disable-capture
+ --skip-missing-programs=all
+ --verbose
+ )
+
+ cmake_src_test
+}
+
+src_install() {
+ cmake_src_install
+
+ # FAQ is not required as is installed from help/faq.txt
+ dodoc AUTHORS ChangeLog NEWS README* doc/randpkt.txt doc/README*
+
+ # install headers
+ insinto /usr/include/wireshark
+ doins ws_diag_control.h ws_symbol_export.h \
+ "${BUILD_DIR}"/config.h "${BUILD_DIR}"/version.h
+
+ local dir dirs=(
+ epan
+ epan/crypt
+ epan/dfilter
+ epan/dissectors
+ epan/ftypes
+ epan/wmem
+ wiretap
+ wsutil
+ )
+
+ for dir in "${dirs[@]}" ; do
+ insinto /usr/include/wireshark/${dir}
+ doins ${dir}/*.h
+ done
+
+ #with the above this really shouldn't be needed, but things may be looking
+ # in wiretap/ instead of wireshark/wiretap/
+ insinto /usr/include/wiretap
+ doins wiretap/wtap.h
+
+ if use qt5; then
+ local s
+ for s in 16 32 48 64 128 256 512 1024; do
+ insinto /usr/share/icons/hicolor/${s}x${s}/apps
+ newins image/wsicon${s}.png wireshark.png
+ done
+ for s in 16 24 32 48 64 128 256 ; do
+ insinto /usr/share/icons/hicolor/${s}x${s}/mimetypes
+ newins image/WiresharkDoc-${s}.png application-vnd.tcpdump.pcap.png
+ done
+ fi
+
+ if [[ -d "${ED}"/usr/share/appdata ]]; then
+ rm -r "${ED}"/usr/share/appdata || die
+ fi
+}
+
+pkg_postinst() {
+ xdg_desktop_database_update
+ xdg_icon_cache_update
+ xdg_mimeinfo_database_update
+
+ # Add group for users allowed to sniff.
+ chgrp pcap "${EROOT}"/usr/bin/dumpcap
+
+ if use dumpcap && use pcap; then
+ fcaps -o 0 -g pcap -m 4710 -M 0710 \
+ cap_dac_read_search,cap_net_raw,cap_net_admin \
+ "${EROOT}"/usr/bin/dumpcap
+ fi
+
+ ewarn "NOTE: To capture traffic with wireshark as normal user you have to"
+ ewarn "add yourself to the pcap group. This security measure ensures"
+ ewarn "that only trusted users are allowed to sniff your traffic."
+}
+
+pkg_postrm() {
+ xdg_desktop_database_update
+ xdg_icon_cache_update
+ xdg_mimeinfo_database_update
+}