Update Debian packaging files for Wireshark 1.0.

These files build the package with all features and
minimum changes from the released sources.

svn path=/trunk/; revision=25406

1 files changed, 0 insertions, 170 deletions

diff --git a/debian/patches/04_drop-capabilities.dpatch b/debian/patches/04_drop-capabilities.dpatch
deleted file mode 100644
index b11f6fea9e..0000000000
--- a/debian/patches/04_drop-capabilities.dpatch
+++ /dev/null
@@ -1,170 +0,0 @@
-#! /bin/sh /usr/share/dpatch/dpatch-run
-## 04_drop-capabilities.dpatch by  <fpeters@debian.org>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Drop all capabilities but CAP_NET_RAW
-
-@DPATCH@
-diff -urNad wireshark-0.99.4/configure.in /tmp/dpep.4XA51P/wireshark-0.99.4/configure.in
---- wireshark-0.99.4/configure.in	2006-11-01 10:29:08.241544023 +0100
-+++ /tmp/dpep.4XA51P/wireshark-0.99.4/configure.in	2006-11-01 10:29:56.756554526 +0100
-@@ -869,6 +869,47 @@
- fi
- 
- 
-+dnl libcap check
-+AC_MSG_CHECKING(whether to use libcap to improve security)
-+
-+AC_ARG_WITH(cap,
-+[  --with-cap[[=DIR]]       use libcap (located in directory DIR, if supplied) to improve security.  [[default=yes, if available]]],
-+[
-+	if test $withval = no
-+	then
-+		want_cap=no
-+	elif test $withval = yes
-+	then
-+		want_cap=yes
-+	else
-+		want_cap=yes
-+		cap_dir=$withval
-+	fi
-+],[
-+	#
-+	# Use libcap if it's present, otherwise don't.
-+	#
-+	want_cap=ifavailable
-+	cap_dir=
-+])
-+if test "x$want_cap" = "xno" ; then
-+        AC_MSG_RESULT(no)
-+	cap_message="no (disabled by explicit request)"
-+else
-+        AC_MSG_RESULT(yes)
-+        AC_CHECK_LIB(cap, cap_init, [
-+		AC_DEFINE(HAVE_LIBCAP, 1, [
-+			Define if libcap is available to restrict process capabilities
-+		])
-+		LIBS="$LIBS -lcap"
-+		cap_message="yes"
-+	], [
-+		AC_MSG_WARN([libcap check failed])
-+		cap_message="no (check failed)"
-+	])
-+fi
-+
-+
- dnl Check if wireshark should be installed setuid
- AC_ARG_ENABLE(setuid-install,
- [  --enable-setuid-install install wireshark as setuid. DANGEROUS!!! [default=no]],enable_setuid_install=$enableval,enable_setuid_install=no)
-@@ -1480,3 +1521,4 @@
- echo "           Use IPv6 name resolution : $enable_ipv6"
- echo "      Use UCD SNMP/Net-SNMP library : $snmp_libs_message"
- echo "                 Use gnutls library : $tls_message"
-+echo "                   Use cap library  : $cap_message"
-diff -urNad wireshark-0.99.4/gtk/main.c /tmp/dpep.4XA51P/wireshark-0.99.4/gtk/main.c
---- wireshark-0.99.4/gtk/main.c	2006-11-01 10:28:14.113375310 +0100
-+++ /tmp/dpep.4XA51P/wireshark-0.99.4/gtk/main.c	2006-11-01 10:29:11.095132827 +0100
-@@ -1775,6 +1775,9 @@
- {
-     gchar *capture_msg;
- 
-+#ifdef HAVE_LIBCAP
-+  dropexcesscapabilities();
-+#endif
- 
- 	gtk_statusbar_pop(GTK_STATUSBAR(packets_bar), packets_ctx);
- 
-diff -urNad wireshark-0.99.4/tshark.c /tmp/dpep.4XA51P/wireshark-0.99.4/tshark.c
---- wireshark-0.99.4/tshark.c	2006-11-01 10:28:14.115375722 +0100
-+++ /tmp/dpep.4XA51P/wireshark-0.99.4/tshark.c	2006-11-01 10:29:11.097133240 +0100
-@@ -751,6 +751,10 @@
-   capture_opts_init(&capture_opts, NULL /* cfile */);
- #endif
- 
-+#ifdef HAVE_LIBCAP
-+  dropexcesscapabilities();
-+#endif
-+
-   timestamp_set_type(TS_RELATIVE);
-   timestamp_set_precision(TS_PREC_AUTO);
- 
-diff -urNad wireshark-0.99.4/util.c /tmp/dpep.4XA51P/wireshark-0.99.4/util.c
---- wireshark-0.99.4/util.c	2006-11-01 10:28:14.116375929 +0100
-+++ /tmp/dpep.4XA51P/wireshark-0.99.4/util.c	2006-11-01 10:29:11.098133446 +0100
-@@ -40,6 +40,10 @@
- #include <epan/address.h>
- #include <epan/addr_resolv.h>
- 
-+#ifdef HAVE_LIBCAP
-+#include <sys/capability.h>
-+#endif
-+
- #include "util.h"
- 
- /*
-@@ -192,3 +196,46 @@
- 	}
- 	return "";
- }
-+
-+
-+#ifdef HAVE_LIBCAP
-+void dropexcesscapabilities(void)
-+{
-+	cap_t cap_d;
-+	cap_value_t cap_values[] = {
-+		/* capabilities we need to keep */
-+		CAP_NET_RAW,
-+		CAP_DAC_READ_SEARCH
-+	};
-+	cap_flag_value_t current_cap;
-+
-+	cap_d = cap_get_proc();
-+	if (!cap_d) {
-+		g_warning("Could not get capabilities\n");
-+		return;
-+	}
-+
-+	cap_get_flag(cap_d, CAP_NET_RAW, CAP_EFFECTIVE, &current_cap);
-+	cap_free(&cap_d);
-+	if (current_cap == CAP_CLEAR) {
-+		return;
-+	}
-+
-+	cap_d = cap_init();
-+	if (!cap_d) {
-+		g_warning("Could not alloc cap struct\n");
-+		return;
-+	}
-+
-+	cap_clear(cap_d);
-+	cap_set_flag(cap_d, CAP_PERMITTED, 2, cap_values, CAP_SET);
-+	cap_set_flag(cap_d, CAP_EFFECTIVE, 2, cap_values, CAP_SET);
-+
-+	if (cap_set_proc(cap_d) != 0) {
-+		g_warning("Could not set capabilities: %s\n", strerror(errno));
-+		cap_free(&cap_d);
-+		return;
-+	}
-+	cap_free(&cap_d);
-+}
-+#endif /* HAVE_LIBCAP */
-diff -urNad wireshark-0.99.4/util.h /tmp/dpep.4XA51P/wireshark-0.99.4/util.h
---- wireshark-0.99.4/util.h	2006-11-01 10:28:14.116375929 +0100
-+++ /tmp/dpep.4XA51P/wireshark-0.99.4/util.h	2006-11-01 10:29:11.098133446 +0100
-@@ -53,6 +53,15 @@
- const char *get_conn_cfilter(void);
- 
- 
-+#ifdef HAVE_LIBCAP
-+/*
-+ * Limit the potential impact of undiscovered security vulnerabilities by
-+ * dropping all capabilities except the sniffer capability we need to do our
-+ * job.
-+ */
-+void dropexcesscapabilities(void);
-+#endif /* HAVE_LIBCAP */
-+
- #ifdef __cplusplus
- }
- #endif /* __cplusplus */