Andreas Stieger
e8aaeac1ab
This release fixes minor vulnerabilities that could be used to trigger dissector crashes, infinite loopsm or cause excessive use of memory resources by making Wireshark read specially crafted packages from the network or a capture file: * CVE-2017-7702 CVE-2017-11410: WBMXL dissector infinite loop (wnpa-sec-2017-13) * CVE-2017-9350 CVE-2017-11411: openSAFETY dissector memory exhaustion (wnpa-sec-2017-28) * CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34) * CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35) * CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36) OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=218
449 lines
14 KiB
RPMSpec
449 lines
14 KiB
RPMSpec
#
|
|
# spec file for package wireshark
|
|
#
|
|
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
# define libraries
|
|
%define libutil libwsutil7
|
|
%define libwire libwireshark8
|
|
%define libtap libwiretap6
|
|
%define libcodecs libwscodecs1
|
|
# disable caps
|
|
%define use_caps 0
|
|
# Enable new Qt gui on new releases and build old GTK2 gui on old releases
|
|
%if 0%{?suse_version} > 1140
|
|
%bcond_without gnutls
|
|
%bcond_without qt
|
|
%bcond_with gtk
|
|
%bcond_without geoip
|
|
%else
|
|
%bcond_with gnutls
|
|
%bcond_with qt
|
|
%bcond_without gtk
|
|
%bcond_with geoip
|
|
%endif
|
|
Name: wireshark
|
|
Version: 2.2.8
|
|
Release: 0
|
|
Summary: A Network Traffic Analyser
|
|
License: GPL-2.0+ and GPL-3.0+
|
|
Group: Productivity/Networking/Diagnostic
|
|
Url: https://www.wireshark.org/
|
|
Source: https://www.wireshark.org/download/src/%{name}-%{version}.tar.bz2
|
|
Source2: https://www.wireshark.org/download/SIGNATURES-%{version}.txt
|
|
Source3: https://www.wireshark.org/download/gerald_at_wireshark_dot_org.gpg#/wireshark.keyring
|
|
# PATCH-FIX-OPENSUSE wireshark-1.6.3-disable-warning-dialog.patch bnc#349782 prusnak@suse.cz -- don't show warning when running as root
|
|
Patch1: wireshark-1.2.0-disable-warning-dialog.patch
|
|
# PATCH-FEATURE-OPENSUSE wireshark-1.2.0-geoip.patch prusnak@suse.cz -- search in /var/lib/GeoIP if user hasn't set any GeoIP folders
|
|
Patch2: wireshark-1.2.0-geoip.patch
|
|
Patch4: wireshark-1.10.0-enable_lua.patch
|
|
# for patch7 wireshark-1.12.6-fix-QT-PIC-PIE.patch
|
|
BuildRequires: bison
|
|
BuildRequires: flex
|
|
BuildRequires: glib2-devel
|
|
BuildRequires: hicolor-icon-theme
|
|
BuildRequires: krb5-devel
|
|
BuildRequires: libcares-devel
|
|
BuildRequires: libgcrypt-devel >= 1.1.92
|
|
BuildRequires: libpcap-devel
|
|
BuildRequires: libsmi-devel
|
|
BuildRequires: libtool
|
|
BuildRequires: net-snmp-devel
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: pcre-devel
|
|
BuildRequires: pkgconfig
|
|
BuildRequires: portaudio-devel
|
|
BuildRequires: tcpd-devel
|
|
BuildRequires: update-desktop-files
|
|
BuildRequires: zlib-devel
|
|
Requires: hicolor-icon-theme
|
|
Requires(pre): shadow
|
|
Recommends: wireshark-ui = %{version}
|
|
Provides: ethereal = %{version}
|
|
Obsoletes: ethereal < %{version}
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
%if %{with gnutls}
|
|
BuildRequires: libgnutls-devel >= 2.12.0
|
|
%endif
|
|
%if !0%{use_caps}
|
|
Requires: xdg-utils
|
|
%else
|
|
BuildRequires: libcap-devel
|
|
Requires(pre): permissions
|
|
%endif
|
|
%if %{with geoip}
|
|
BuildRequires: GeoIP-devel
|
|
Recommends: GeoIP
|
|
%endif
|
|
%if 0%{?suse_version} > 1310
|
|
BuildRequires: pkgconfig(libnl-3.0)
|
|
%endif
|
|
%if %{with gtk}
|
|
BuildRequires: cairo-devel
|
|
BuildRequires: gtk2-devel >= 2.12.0
|
|
%endif
|
|
%if %{with qt}
|
|
BuildRequires: libqt5-linguist
|
|
BuildRequires: pkgconfig(Qt5Core) >= 5.0.0
|
|
BuildRequires: pkgconfig(Qt5Gui)
|
|
BuildRequires: pkgconfig(Qt5Multimedia)
|
|
BuildRequires: pkgconfig(Qt5PrintSupport)
|
|
BuildRequires: pkgconfig(Qt5Widgets)
|
|
%endif
|
|
%if 0%{?suse_version} > 1320
|
|
BuildRequires: lua52-devel
|
|
%else
|
|
BuildRequires: lua-devel
|
|
%endif
|
|
|
|
%description
|
|
Wireshark is a free network protocol analyzer for Unix and Windows. It
|
|
allows you to examine data from a live network or from a capture file
|
|
on disk. You can interactively browse the capture data, viewing summary
|
|
and detail information for each packet. Wireshark has several powerful
|
|
features, including a rich display filter language and the ability to
|
|
view the reconstructed stream of a TCP session.
|
|
|
|
%package -n %{libutil}
|
|
Summary: Library for wireshark utilities
|
|
Group: System/Libraries
|
|
|
|
%description -n %{libutil}
|
|
The libwsutil library provides utility functions for libwireshark.
|
|
|
|
%package -n %{libwire}
|
|
Summary: Network packet dissection library
|
|
Group: System/Libraries
|
|
|
|
%description -n %{libwire}
|
|
The libwireshark library provides the network packet dissection services
|
|
developed by the Wireshark project.
|
|
|
|
%package -n %{libtap}
|
|
Summary: Wireshark library for tapping
|
|
Group: System/Libraries
|
|
|
|
%description -n %{libtap}
|
|
Wiretap, part of the Wireshark project, is a library that allows one to read
|
|
and write several packet capture file formats.
|
|
|
|
%package -n %{libcodecs}
|
|
Summary: Network packet dissection codecs library
|
|
Group: System/Libraries
|
|
|
|
%description -n %{libcodecs}
|
|
The libwscodecs library provides codec functions for libwireshark.
|
|
|
|
%package devel
|
|
Summary: A Network Traffic Analyser
|
|
Group: Development/Libraries/C and C++
|
|
Requires: %{libcodecs} = %{version}
|
|
Requires: %{libtap} = %{version}
|
|
Requires: %{libutil} = %{version}
|
|
Requires: %{libwire} = %{version}
|
|
Requires: %{name} = %{version}
|
|
Requires: glib2-devel
|
|
Requires: glibc-devel
|
|
Provides: ethereal-devel = %{version}
|
|
Obsoletes: ethereal-devel < %{version}
|
|
|
|
%description devel
|
|
Wireshark is a free network protocol analyzer for Unix and Windows. It
|
|
allows you to examine data from a live network or from a capture file
|
|
on disk. You can interactively browse the capture data, viewing summary
|
|
and detail information for each packet. Wireshark has several powerful
|
|
features, including a rich display filter language and the ability to
|
|
view the reconstructed stream of a TCP session.
|
|
|
|
%if %{with gtk}
|
|
%package ui-gtk
|
|
Summary: A Network Traffic Analyser - GTK+ UI
|
|
Group: Productivity/Networking/Diagnostic
|
|
Requires: %{name} = %{version}
|
|
Provides: %{name}-ui = %{version}
|
|
|
|
%description ui-gtk
|
|
This package contains the GTK+ UI of Wireshark.
|
|
%endif
|
|
|
|
%if %{with qt}
|
|
%package ui-qt
|
|
Summary: A Network Traffic Analyser - Qt UI
|
|
Group: Productivity/Networking/Diagnostic
|
|
Requires: %{name} = %{version}
|
|
Provides: %{name}-ui = %{version}
|
|
# gtk is the deprecated ui so ensure its uninstall
|
|
Obsoletes: %{name}-ui-gtk
|
|
|
|
%description ui-qt
|
|
This package contains the Qt based UI for Wireshark.
|
|
%endif
|
|
|
|
%prep
|
|
# The publisher doesn't sign the source tarball, but a signatures file containing multiple hashes.
|
|
# Verify hashes in that file against source tarball.
|
|
echo "`grep %{name}-%{version}.tar.bz2 %{SOURCE2} | grep MD5 | head -n1 | cut -d= -f2` %{SOURCE0}" | md5sum -c
|
|
echo "`grep %{name}-%{version}.tar.bz2 %{SOURCE2} | grep SHA1 | head -n1 | cut -d= -f2` %{SOURCE0}" | sha1sum -c
|
|
echo "`grep %{name}-%{version}.tar.bz2 %{SOURCE2} | grep SHA256 | head -n1 | cut -d= -f2` %{SOURCE0}" | sha256sum -c
|
|
|
|
%setup -q
|
|
%patch2 -p1
|
|
%patch4 -p1
|
|
|
|
%if ! %{use_caps}
|
|
%patch1 -p1
|
|
# open capture files without root privileges bsc#1025714
|
|
for X in wireshark{,-gtk}.desktop; do
|
|
cp -pv $X ${X/wireshark/wireshark-file}
|
|
echo "NoDisplay=true" >> ${X/wireshark/wireshark-file}
|
|
done
|
|
sed -i '/^MimeType.*/d' wireshark{,-gtk}.desktop
|
|
# run as root if not using caps
|
|
sed -i 's!^Exec=wireshark!Exec=%{_bindir}/xdg-su -c %{_bindir}/wireshark!' wireshark{,-gtk}.desktop
|
|
%endif
|
|
sed -i 's/^Icon=wireshark.png$/Icon=wireshark/' wireshark*.desktop
|
|
|
|
%build
|
|
export CFLAGS="%{optflags} -fPIC"
|
|
export CXXFLAGS="%{optflags} -fPIC"
|
|
export LDFLAGS="-pie"
|
|
|
|
%if %{with qt}
|
|
#XXX: buggy autoconf checks..
|
|
export PATH="%{_libdir}/qt5/bin:$PATH"
|
|
%endif
|
|
|
|
%configure \
|
|
%if %{with gtk}
|
|
--with-gtk3=no \
|
|
--with-gtk2=yes \
|
|
%endif
|
|
%if %{with qt}
|
|
--with-qt=yes \
|
|
%else
|
|
--with-qt=no \
|
|
%endif
|
|
--with-ssl \
|
|
%if %{with gnutls}
|
|
--with-gnutls=yes \
|
|
%else
|
|
--with-gnutls=no \
|
|
%endif
|
|
--with-gcrypt=yes \
|
|
--with-plugins=%{_libdir}/%{name}/plugins/%{version} \
|
|
--with-pic=yes
|
|
|
|
make %{?_smp_mflags} V=1
|
|
|
|
%install
|
|
%make_install
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
|
|
|
# Ethereal support (remove when SLE-11 is out of scope
|
|
%if %{with gtk}
|
|
ln -fs wireshark-gtk %{buildroot}%{_bindir}/ethereal
|
|
%endif
|
|
%if %{with qt}
|
|
ln -fs wireshark %{buildroot}%{_bindir}/ethereal
|
|
%endif
|
|
ln -fs tshark %{buildroot}%{_bindir}/tethereal
|
|
|
|
install -d -m 0755 %{buildroot}%{_sysconfdir}
|
|
install -d -m 0755 %{buildroot}%{_mandir}/man1/
|
|
# install separate appdata files corresponding to .desktop files for AppStore integration
|
|
%if %{with qt}
|
|
install -d -m0755 %{buildroot}%{_datadir}/appdata
|
|
install -m644 wireshark.appdata.xml %{buildroot}%{_datadir}/appdata/%{name}.appdata.xml
|
|
sed -i -e "/<description>/i \ \ \ \ <name>Wireshark (QT) Network Analyzer<\/name>" \
|
|
-e "/<description>/i \ \ \ \ <summary>QT interface for wireshark network traffic analyzer<\/summary>" \
|
|
%{buildroot}%{_datadir}/appdata/%{name}.appdata.xml
|
|
%else
|
|
rm -f %{buildroot}%{_datadir}/appdata/%{name}.appdata.xml
|
|
%endif
|
|
|
|
# -devel
|
|
install -d -m 0755 %{buildroot}%{_includedir}/wireshark
|
|
IDIR="%{buildroot}%{_includedir}/wireshark"
|
|
mkdir -p "${IDIR}/epan"
|
|
mkdir -p "${IDIR}/epan/crypt"
|
|
mkdir -p "${IDIR}/epan/ftypes"
|
|
mkdir -p "${IDIR}/epan/dfilter"
|
|
mkdir -p "${IDIR}/epan/dissectors"
|
|
mkdir -p "${IDIR}/epan/wmem"
|
|
mkdir -p "${IDIR}/wiretap"
|
|
mkdir -p "${IDIR}/wsutil"
|
|
install -m 644 *.h "${IDIR}/"
|
|
install -m 644 epan/*.h "${IDIR}/epan/"
|
|
install -m 644 epan/crypt/*.h "${IDIR}/epan/crypt"
|
|
install -m 644 epan/ftypes/*.h "${IDIR}/epan/ftypes"
|
|
install -m 644 epan/dfilter/*.h "${IDIR}/epan/dfilter"
|
|
install -m 644 epan/dissectors/*.h "${IDIR}/epan/dissectors"
|
|
install -m 644 epan/wmem/*.h "${IDIR}/epan/wmem"
|
|
install -m 644 wiretap/*.h "${IDIR}/wiretap"
|
|
install -m 644 wsutil/*.h "${IDIR}/wsutil"
|
|
|
|
%if %{with gtk}
|
|
install -D -m 0644 image/wsicon48.png %{buildroot}%{_datadir}/pixmaps/wireshark-gtk.png
|
|
install -D -m 0644 wireshark-gtk.desktop %{buildroot}%{_datadir}/applications/wireshark-gtk.desktop
|
|
%suse_update_desktop_file -n %{name}-gtk
|
|
%if ! %{use_caps}
|
|
install -D -m 0644 wireshark-file-gtk.desktop %{buildroot}%{_datadir}/applications/wireshark-file-gtk.desktop
|
|
%suse_update_desktop_file -n %{name}-file-gtk
|
|
%endif
|
|
%else
|
|
# sometimes the gtk.desktop gets autoinstalled by make_install
|
|
rm -f %{buildroot}%{_datadir}/applications/wireshark-gtk.desktop
|
|
%endif
|
|
|
|
%if %{with qt}
|
|
install -D -m 0644 image/wsicon48.png %{buildroot}%{_datadir}/pixmaps/wireshark.png
|
|
install -D -m 0644 wireshark.desktop %{buildroot}%{_datadir}/applications/wireshark.desktop
|
|
%suse_update_desktop_file %{name}
|
|
%if ! %{use_caps}
|
|
install -D -m 0644 wireshark-file.desktop %{buildroot}%{_datadir}/applications/wireshark-file.desktop
|
|
%suse_update_desktop_file %{name}-file
|
|
%endif
|
|
%else
|
|
rm -f %{buildroot}%{_datadir}/applications/wireshark.desktop
|
|
%endif
|
|
|
|
%if %{use_caps}
|
|
%pre
|
|
getent group wireshark >/dev/null || groupadd -r wireshark
|
|
|
|
%verifyscript
|
|
%{verify_permissions -e %{_bindir}/dumpcap}
|
|
%endif
|
|
|
|
%post
|
|
%if %{use_caps}
|
|
%if 0%{?set_permissions:1} > 0
|
|
%set_permissions %{_bindir}/dumpcap
|
|
%else
|
|
%run_permissions
|
|
%endif
|
|
%endif # use_caps
|
|
exit 0
|
|
|
|
%post -n %{libutil} -p /sbin/ldconfig
|
|
%postun -n %{libutil} -p /sbin/ldconfig
|
|
%post -n %{libwire} -p /sbin/ldconfig
|
|
%postun -n %{libwire} -p /sbin/ldconfig
|
|
%post -n %{libtap} -p /sbin/ldconfig
|
|
%postun -n %{libtap} -p /sbin/ldconfig
|
|
%post -n %{libcodecs} -p /sbin/ldconfig
|
|
%postun -n %{libcodecs} -p /sbin/ldconfig
|
|
|
|
%files
|
|
%defattr(-,root,root)
|
|
%doc AUTHORS COPYING NEWS README README.linux README.vmware
|
|
%{_mandir}/man1/[^i]*
|
|
%{_mandir}/man4/*
|
|
%{_bindir}/capinfos
|
|
%{_bindir}/captype
|
|
%{_bindir}/dftest
|
|
%{_bindir}/editcap
|
|
%{_bindir}/idl2wrs
|
|
%{_bindir}/mergecap
|
|
%{_bindir}/randpkt
|
|
%{_bindir}/rawshark
|
|
%{_bindir}/reordercap
|
|
%{_bindir}/tethereal
|
|
%{_bindir}/text2pcap
|
|
%{_bindir}/tshark
|
|
%if %{use_caps}
|
|
%verify(not mode caps) %attr(0750,root,wireshark) %caps(cap_net_raw,cap_net_admin=eip) %{_bindir}/dumpcap
|
|
%else
|
|
%{_bindir}/dumpcap
|
|
%endif
|
|
%{_libdir}/wireshark/
|
|
%{_datadir}/wireshark/
|
|
%{_datadir}/icons/hicolor/*/apps/wireshark.png
|
|
%{_datadir}/icons/hicolor/*/mimetypes/application-wireshark-doc.png
|
|
%{_datadir}/icons/hicolor/scalable/apps/wireshark.svg
|
|
%{_datadir}/mime/packages/wireshark.xml
|
|
|
|
%files -n %{libutil}
|
|
%defattr(-,root,root)
|
|
%{_libdir}/libwsutil*.so.*
|
|
|
|
%files -n %{libwire}
|
|
%defattr(-,root,root)
|
|
%{_libdir}/libwireshark.so.*
|
|
|
|
%files -n %{libtap}
|
|
%defattr(-,root,root)
|
|
%{_libdir}/libwiretap.so.*
|
|
|
|
%files -n %{libcodecs}
|
|
%defattr(-,root,root)
|
|
%{_libdir}/libwscodecs.so.*
|
|
|
|
%files devel
|
|
%defattr(-,root,root)
|
|
%doc doc/README.*
|
|
%{_includedir}/wireshark
|
|
%{_libdir}/lib*.so
|
|
%{_libdir}/pkgconfig/wireshark.pc
|
|
|
|
%if %{with gtk}
|
|
%files ui-gtk
|
|
%defattr(-,root,root)
|
|
%{_bindir}/wireshark-gtk
|
|
%{_bindir}/ethereal
|
|
%{_datadir}/applications/wireshark-gtk.desktop
|
|
%if ! %{use_caps}
|
|
%{_datadir}/applications/wireshark-file-gtk.desktop
|
|
%endif
|
|
%{_datadir}/pixmaps/wireshark-gtk.png
|
|
|
|
%post ui-gtk
|
|
test -f %{_bindir}/update-mime-database && %{_bindir}/update-mime-database %{_datadir}/mime > /dev/null || :
|
|
test -f %{_bindir}/update-desktop-database && %{_bindir}/update-desktop-database > /dev/null || :
|
|
test -f /sbin/conf.d/SuSEconfig.gtk2 && SuSEconfig --module gtk2 > /dev/null || :
|
|
test -f /sbin/conf.d/SuSEconfig.glib2 && SuSEconfig --module glib2 > /dev/null || :
|
|
|
|
%postun ui-gtk
|
|
test -f %{_bindir}/update-mime-database && %{_bindir}/update-mime-database %{_datadir}/mime > /dev/null || :
|
|
test -f %{_bindir}/update-desktop-database && %{_bindir}/update-desktop-database > /dev/null || :
|
|
test -f /sbin/conf.d/SuSEconfig.gtk2 && SuSEconfig --module gtk2 > /dev/null || :
|
|
test -f /sbin/conf.d/SuSEconfig.glib2 && SuSEconfig --module glib2 > /dev/null || :
|
|
%endif
|
|
|
|
%if %{with qt}
|
|
%files ui-qt
|
|
%defattr(-,root,root)
|
|
%{_bindir}/wireshark
|
|
%{_bindir}/ethereal
|
|
%dir %{_datadir}/appdata
|
|
%{_datadir}/appdata/wireshark.appdata.xml
|
|
%{_datadir}/applications/wireshark.desktop
|
|
%if ! %{use_caps}
|
|
%{_datadir}/applications/wireshark-file.desktop
|
|
%endif
|
|
%{_datadir}/pixmaps/wireshark.png
|
|
|
|
%post ui-qt
|
|
%desktop_database_post
|
|
%icon_theme_cache_post
|
|
|
|
%postun ui-qt
|
|
%desktop_database_postun
|
|
%icon_theme_cache_postun
|
|
%endif
|
|
|
|
%changelog
|