4 files changed, 505 insertions, 13 deletions
diff --git a/net-analyzer/wireshark/Manifest b/net-analyzer/wireshark/Manifest
index 69960909a1d1..ce56c137a70a 100644
--- a/net-analyzer/wireshark/Manifest
+++ b/net-analyzer/wireshark/Manifest
@@ -1,10 +1,14 @@
 AUX 4.4.4-fix-skipping-rawshark-tests-on-big-endian.patch 1593 BLAKE2B 27d688b97aa9cf83d81840b9a85a0260b7b3752f9cc48253cb70b8aabeda41c85d3f1d5e90ab25cee436ce9e5c8fe369ba964ebc06439b52b437a7a501bb4fc7 SHA512 770b06dc60e619d8e0cc9b48d171431a6b5818f9450903b7ea93a7d30ccc1a27afbd9f50658aa00804f9c9ed191504b8e7b9d8adb7874895a1156c579595eb47
+AUX 4.4.6-lto.patch 8156 BLAKE2B fcd9ef950b87f795ee0645da055058b294ea478bbf1be4704d9ffd3fa254c944cdadb0c9c67219fb5f58adc446f74a4c0c358fd1ea80cfb666bbaaa92b1388f1 SHA512 92b12d2b9ee6264d1b323664917cda111da9a973be2afc804cc5d1310d95d4e8d25f4d1421f2095b5cd34d7d4c0f78d61e563d4b0410836fee368efc94ed70cc
 AUX release-notes.html 153 BLAKE2B 5b211857ba0be0d40d218f4bea1fabf7a6034b1219d08307ec958684d194898ef96ef152e8996fe1e4b89acf36faaf3d094763244983372ca8a3a0a47942c5f0 SHA512 056da005da67fa1e7ae76bc2243b63b08ccefd437e24d32a2794ac051d9869b83961f5eaeab1838c92a1a46af7417b6d31d7a7f993717a919cf9f38a57f037fc
 DIST wireshark-4.4.2-signatures.txt 2706 BLAKE2B 3349a3e88782e1326b6c2e1b56d5eefbaeb2dbd6cf33b055e3a49692023b02e77a7e6d26ade7a9018cda783aa29edade997aaa03222fadb06c5bfa106a492459 SHA512 c809085b69c909702b3390b93891a19b8a8c0812d448ac9399eb59991618737b3bfeb737bd569267dcffc46290d59b34664f967e88c1a38b1678faaecd76d445
 DIST wireshark-4.4.2.tar.xz 46763620 BLAKE2B ea5c48f06c2aeb5b51f6ba62fd57214e9dd79917f978867d3ae31ffec74eb82ba7c8a2e2dcba415e53d051e531f9f9907aac88c6f29b6746222cf812bb43c85b SHA512 df80c98a2d00ba46a853acfe3aec9dfc0d4484f490a276b8b8390b6d108634b7e0fa38e8f02f8d93afe5c2394c463a0d89611027032898d7d0390d2111b70ca6
 DIST wireshark-4.4.5-signatures.txt 2706 BLAKE2B b36ef5768018188614e5d2fcade7d2eccbf7e494bcf9332b5721e49a322a2d8669bb940d38f9aad1d4957a59558ed6df4380710e83853edada6516b61515c42f SHA512 70e148023eb728bcbba3abe1848d56c699ce500ddfc6bf3d7406e3f155341bc12406d08c3d31654cee9d5df48632bf3998771d81d2dc4a268ee857f5f7efe8ce
 DIST wireshark-4.4.5.tar.xz 46776736 BLAKE2B 0cefe4330d1d0e40b101c33d767796d4657ed1cf7fc652732663b99d5849ef0c2f5905b1c07137dc306c18d66240701eefd8f018bf78c078caa1a04f642048da SHA512 09956fadb2ab80df136c6b35a1be2aa72eec20e1f11c94aaaabecff72d450239d09173ef3cc2bcd8c85c194816afb750e1d476538038ff612366a255ae4fece5
+DIST wireshark-4.4.6-signatures.txt 2706 BLAKE2B e484b3e65bcdf6df6d1f6df37e0a3962b50c1e9cbec53410dccb43105b69d0b79980ac9e64f24522ff29f94fd304d6b2087012303540868eb6db1334f7335243 SHA512 d09ed7d48d0e3f5aa6388d8d249e0d48e58008dd5d30f1bf4200ffe94ce479a53c78cc8a54fb9542c6b87039614edfddb08e51f901289311db6bdb9f17ff9a31
+DIST wireshark-4.4.6.tar.xz 46802228 BLAKE2B e38e2e53cc058d24d08e047322333bafc281839e9c244f69b657ec184238b73fd2e793538fb375983487a3b25c8395fabee410062ac4ad51dfed4b81c4d06d88 SHA512 5bc1f99ed18df2a5ebcd72828f7ed5e5ae4bdc17b245ef9de02f58a5997b04bd1dca764c3f163d1385616efcf9895c46c002ea2800f190b5e44bcc75e5485692
 EBUILD wireshark-4.4.2-r1.ebuild 9156 BLAKE2B 4c7fecb7777860cfb1ed7db10eb6d95419bbb64d83dda22149cf6d2561da385ade013956d0da299dc0d1ee7fe3d427a20128f68e1965a4d72198aa77f30c1973 SHA512 3d860990d78fadaa52bd429e494f392fe87837037c62fdd18d1359543e114a7214b5ef7e11b498c7f05138558ba0413902593adcb3d6a5be3a340cbfc4d5c0e4
 EBUILD wireshark-4.4.5-r1.ebuild 8408 BLAKE2B e01e77eda4cf3f0a35a6f0858818c8531f1dbf3c50194f3bba2e4349cce02f92260198fc3dcd1018acaa4b32d267c165702b476b339add6224b1d09d143826f1 SHA512 d41ba2a7dabb8860ab8c3797e0475245fa004eb2e15d2761f68c1844bf7185af83ce9283873826e97fcfd9f34fb48808cda1300986bef17900924c3e0e1e0996
-EBUILD wireshark-9999.ebuild 8332 BLAKE2B 782ea5f0a0add6d1b968cab89e1160be434bbd87c7d6e0860295a785d6620641a7a5ef730a9dcc08ecae7d6262a79185bf5404ec7fe87601ee49f40bfbdc59ed SHA512 81cea7fdbbb8c20f923ee582b74a0a66cb60e4d93599d98d7298dd2388eeb6f827433ab05254830ce0b60a1357a266c4320efd65f1f9c71234d72b2e1e75d412
+EBUILD wireshark-4.4.6-r1.ebuild 8331 BLAKE2B c881edec18f969689e213690e6f03d6c7c0ff5c8ca5c8f8b2ca3ec283c6e9bd1f5883af8b86c85eedd5a02458ec35f68a086bf58ceaab076a0708cc6a7211839 SHA512 562faaeca2aedca529f16b44070b2d2c2ac1b7b448739c8841cebc716e8bee36f4bc1f2f44e56696609301f09b55d90af943a56d1ce9822e602af0a7534969dd
+EBUILD wireshark-9999.ebuild 8331 BLAKE2B c881edec18f969689e213690e6f03d6c7c0ff5c8ca5c8f8b2ca3ec283c6e9bd1f5883af8b86c85eedd5a02458ec35f68a086bf58ceaab076a0708cc6a7211839 SHA512 562faaeca2aedca529f16b44070b2d2c2ac1b7b448739c8841cebc716e8bee36f4bc1f2f44e56696609301f09b55d90af943a56d1ce9822e602af0a7534969dd
 MISC metadata.xml 5531 BLAKE2B 207ea41db99c46e4434a7ad42e40324320387ecae4391425ad82e3f226806adb485a496571c966714eb3ab3713e08d30c8ed5d14cdfaa97bde130b5a88087d5f SHA512 ec77f0f412bf6fafd2e74ab9d5a21bb04a6cda9ea01437dea6fcac3d9ef453775e6a05b77f8c9724dcbc2aa23cb5924518029cf51a6d329a3361bee9fd45f78c
diff --git a/net-analyzer/wireshark/files/4.4.6-lto.patch b/net-analyzer/wireshark/files/4.4.6-lto.patch
new file mode 100644
index 000000000000..f1b0581d7546
--- /dev/null
+++ b/net-analyzer/wireshark/files/4.4.6-lto.patch
@@ -0,0 +1,164 @@
+From d674e9a17f215d8c0fb3ae9e8c44e9a77952c3d1 Mon Sep 17 00:00:00 2001
+Message-ID: <d674e9a17f215d8c0fb3ae9e8c44e9a77952c3d1.1744950020.git.sam@gentoo.org>
+From: Sam James <sam@gentoo.org>
+Date: Thu, 17 Apr 2025 19:57:46 +0100
+Subject: [PATCH] CMake: don't build with -fPIE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Qt's qcompilerdetection.h currently checks for whether -fPIE is being used
+along with QT_USE_PROTECTED_VISIBILITY ("reduce relocations", which Qt
+automatically uses if supported). It bails out if -fPIE is used, as -fPIC
+is required instead.
+
+If LTO is used, when one does something like:
+(1) g++ -c -flto -fPIC qtlto.cc
+(2) g++     -pie -fPIE qtlto.o -o qtlto
+
+At point (1), the Qt check in the headers fires, and everything is fine,
+because we're indeed using -fPIC, and GCC doesn't automatically add -fPIE
+when built with --enable-default-pie if -fPIC is present on the command line.
+
+GCC may apply optimisations at this point given Qt is using -mno-direct-extern-access
+and it was built with -fPIC not -fPIE.
+
+Later, at point (2), -fPIE is passed. This happens in Wireshark because
+`CMAKE_POSITION_INDEPENDENT_CODE` gets set in CMakeLists.txt. With LTO,
+there's no opportunity for the Qt sanity check in headers to fire again,
+as everything is already long-preprocessed and GCC will have applied some
+optimisations already assuming the -fPIC code model in (1). But as slyfox
+says at https://bugs.gentoo.org/754021#c12, GCC merges -fPIC -fPIE to -fPIE
+at LTO-time (-fPIC coming from the earlier LTO object in (1), and -fPIE
+was just-passed on the command line).
+
+qtlto (or Wireshark) then crashes. For Wireshark, this looks like:
+```
+ #0  0x00007ff40e529cf0 in QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> >::get (this=<optimized out>)
+     at /usr/src/debug/dev-qt/qtbase-6.8.3/qtbase-everywhere-src-6.8.3/src/corelib/tools/qscopedpointer.h:112
+ #1  qGetPtrHelper<QScopedPointer<QObjectData, QScopedPointerDeleter<QObjectData> > > (ptr=<optimized out>)
+     at /usr/src/debug/dev-qt/qtbase-6.8.3/qtbase-everywhere-src-6.8.3/src/corelib/global/qtclasshelpermacros.h:128
+ #2  QObject::d_func (this=<optimized out>) at /usr/src/debug/dev-qt/qtbase-6.8.3/qtbase-everywhere-src-6.8.3/src/corelib/kernel/qobject.h:108
+ #3  QObjectPrivate::get (o=<optimized out>) at /usr/src/debug/dev-qt/qtbase-6.8.3/qtbase-everywhere-src-6.8.3/src/corelib/kernel/qobject_p.h:150
+ #4  doActivate<false> (sender=0x0, signal_index=9, argv=argv@entry=0x7ffe59a73c30) at /usr/src/debug/dev-qt/qtbase-6.8.3/qtbase-everywhere-src-6.8.3/src/corelib/kernel/qobject.cpp:4003
+ #5  0x00007ff40e4d2809 in QMetaObject::activate
+     (sender=<optimized out>, m=m@entry=0x7ff40f44f6c0 <QGuiApplication::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7ffe59a73c30)
+     at /usr/src/debug/dev-qt/qtbase-6.8.3/qtbase-everywhere-src-6.8.3/src/corelib/kernel/qobject.cpp:4183
+ #6  0x00007ff40ead5676 in QGuiApplication::screenAdded (this=<optimized out>, _t1=<optimized out>)
+[...]
+```
+
+We need to drop -fPIE somehow at link-time accordingly. There's a few
+ways of doing this but I've gone for not calling `check_pie_supported()`
+(see (7) below).
+
+(Analysis on fixing this in other packages may depend on whether any static
+libraries *installed* by CMake where -fPIC was no longer passed for those,
+we would have a problem. I'd tried to use POSITION_INDEPENDENT_CODE at first
+but then -fPIC gets dropped as well everywhere, and setting the target
+property to false for just the Wireshark executable also doesn't work
+because it'll pass -no-pie which isn't what we want.)
+
+There are some questions:
+(3) Why doesn't this happen with Clang, given that Clang has -fno-direct-access-external-data
+    (equivalent to GCC's -mno-direct-extern-access), even when Qt is built
+    with bfd (not lld)?
+
+    The answer seems to be that Clang doesn't implement the optimisation
+    yet to avoid copy-relocations where possible. GCC implemented that in
+    5.x in r5-5573-g77ad54d911dd7c.
+
+(4) Why doesn't this (seem to) happen in other distributions?
+
+    nextcloud-client suffers from the same issue analysed here, see
+    https://bugs.gentoo.org/933110. The upstream bug at https://github.com/nextcloud/desktop/issues/2790
+    was reported by a Debian developer (cgzones), so it's a reasonable assumption
+    that it can happen on Debian.
+
+    Debian is one of few distributions (we're another) to use --enable-default-pie
+    in GCC rather than just passing it to all package builds in the package manager:
+    it's possible that some distros are just disabling -fPIE or adding a workaround
+    like we did for https://bugs.gentoo.org/552440. Not many distros build
+    with LTO either.
+
+    Debian also stopped building Wireshark with LTO because of a bug in Wireshark
+    itself (https://bugs.gentoo.org/941890), so I guess they disabled LTO
+    and didn't notice this crash.
+
+    (This is enough for me to be more confident in my analysis, anyway.)
+
+(5) Could Qt communicate this somehow automatically?
+
+    I think it might be able to if statically linking Qt and Qt was built
+    with LTO.
+
+    Otherwise, I think the only option would be an ELF .note. pkg-config
+    could maybe work but you can't assume all Qt consumers use that...
+
+    See the discussion around <https://bugreports.qt.io/browse/QTBUG-45755?focusedId=282483&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-282483>:
+    > Thiago Macieira added a comment - 22 May '15 17:11
+    > There aren't that many autoconf-based Qt5 builds and we've never exported the flag anyway.
+
+    (It might be worth bringing this .note idea up to Thiago and/or H.J. but
+    I'm not sure yet if it'll work.)
+
+    On the Qt side, -fPIC gets passed in to various places before because
+    Qt's CMake config files have INTERFACE_COMPILE_OPTIONS w/ -fPIC. Maybe
+    the answer is for Qt packages to never use CMAKE_POSITION_INDEPENDENT_CODE
+    instead. This came up in https://gitlab.kitware.com/cmake/cmake/-/issues/15570.
+
+(6) Could we just disable "reduce relocations" in Qt itself, given that
+    the workaround here will need to be applied in various Qt consumers?
+
+    This would significantly impact startup times of applications using Qt
+    and there don't seem to be too many applications doing this (only 2
+    known so far in Gentoo: Wireshark and nextcloud-client).
+
+(7) Is the mechanism used to fix this brittle?
+
+    Yes, we're relying on a CMake bug/feature for now at https://gitlab.kitware.com/cmake/cmake/-/issues/25588
+    so it doesn't try to enable *or* disable PIE at link-time and we can
+    just rely on our toolchain defaults.
+
+Thanks to Arusekk for producing a minimal example and reporting it upstream
+to Wireshark, thanks to slyfox for analysing the interaction with LTO, thanks
+to Holger and Eli for the discussion around it, reviewing the commit message,
+and generally talking it all through and giving ideas.
+
+Bug: https://bugs.gentoo.org/552440
+Bug: https://bugs.gentoo.org/754021
+Bug: https://bugs.gentoo.org/933110
+Bug: https://bugs.gentoo.org/941890
+Bug: https://gitlab.kitware.com/cmake/cmake/-/issues/15570
+Bug: https://gitlab.kitware.com/cmake/cmake/-/issues/25588
+Bug: https://gitlab.kitware.com/cmake/cmake/-/issues/23980
+Bug: https://gitlab.com/wireshark/wireshark/-/issues/17040
+Bug: https://bugreports.qt.io/browse/QTBUG-45755
+Bug: https://bugreports.qt.io/browse/QTBUG-47942
+Bug: https://gcc.gnu.org/PR65248
+Bug: https://gcc.gnu.org/PR65886
+Thanks-to: Arusekk <arek_koz@o2.pl>
+Thanks-to: Sergei Trofimovich <slyfox@gentoo.org>
+Thanks-to: Holger Hoffstätte <holger@applied-asynchrony.com>
+Thanks-to: Eli Schwartz <eschwartz@gentoo.org>
+---
+ CMakeLists.txt | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index d82a718bf6..c177e46571 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -1254,7 +1254,6 @@ if(NOT CMAKE_C_COMPILER_ID MATCHES "MSVC" AND NOT OSS_FUZZ)
+ 		endif()
+ 	else()
+ 		include(CheckPIESupported)
+-		check_pie_supported()
+ 	endif()
+ endif()
+ 
+
+base-commit: 85ff46c76b2a6a4b94094e4f20dfa66b43086182
+-- 
+2.49.0
+
diff --git a/net-analyzer/wireshark/wireshark-4.4.6-r1.ebuild b/net-analyzer/wireshark/wireshark-4.4.6-r1.ebuild
new file mode 100644
index 000000000000..3193a70c6df1
--- /dev/null
+++ b/net-analyzer/wireshark/wireshark-4.4.6-r1.ebuild
@@ -0,0 +1,327 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( lua5-{3..4} )
+PYTHON_COMPAT=( python3_{11..13} )
+
+inherit fcaps lua-single python-any-r1 qmake-utils toolchain-funcs xdg cmake
+
+DESCRIPTION="Network protocol analyzer (sniffer)"
+HOMEPAGE="https://www.wireshark.org/"
+
+if [[ ${PV} == *9999* ]] ; then
+	EGIT_REPO_URI="https://gitlab.com/wireshark/wireshark"
+	inherit git-r3
+else
+	VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/wireshark.asc
+	inherit verify-sig
+
+	SRC_URI="https://www.wireshark.org/download/src/all-versions/${P/_/}.tar.xz"
+	SRC_URI+=" verify-sig? ( https://www.wireshark.org/download/SIGNATURES-${PV}.txt -> ${P}-signatures.txt )"
+	S="${WORKDIR}/${P/_/}"
+
+	if [[ ${PV} != *_rc* ]] ; then
+		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~ppc64 ~riscv ~x86"
+	fi
+fi
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+IUSE="androiddump bcg729 brotli +capinfos +captype ciscodump +dftest doc dpauxmon"
+IUSE+=" +dumpcap +editcap +gui http2 http3 ilbc kerberos libxml2 lua lz4 maxminddb"
+IUSE+=" +mergecap +minizip +netlink opus +plugins +pcap +randpkt"
+IUSE+=" +randpktdump +reordercap sbc selinux +sharkd smi snappy spandsp sshdump ssl"
+IUSE+=" sdjournal test +text2pcap +tshark +udpdump wifi zlib +zstd"
+
+REQUIRED_USE="
+	lua? ( ${LUA_REQUIRED_USE} )
+"
+
+RESTRICT="!test? ( test )"
+
+# bug #753062 for speexdsp
+RDEPEND="
+	acct-group/pcap
+	>=dev-libs/glib-2.50.0:2
+	dev-libs/libpcre2
+	>=net-dns/c-ares-1.13.0:=
+	>=dev-libs/libgcrypt-1.8.0:=
+	media-libs/speexdsp
+	bcg729? ( media-libs/bcg729 )
+	brotli? ( app-arch/brotli:= )
+	ciscodump? ( >=net-libs/libssh-0.6:= )
+	filecaps? ( sys-libs/libcap )
+	http2? ( >=net-libs/nghttp2-1.11.0:= )
+	http3? ( net-libs/nghttp3 )
+	ilbc? ( media-libs/libilbc:= )
+	kerberos? ( virtual/krb5 )
+	libxml2? ( dev-libs/libxml2 )
+	lua? ( ${LUA_DEPS} )
+	lz4? ( app-arch/lz4:= )
+	maxminddb? ( dev-libs/libmaxminddb:= )
+	minizip? ( sys-libs/zlib[minizip] )
+	netlink? ( dev-libs/libnl:3 )
+	opus? ( media-libs/opus )
+	pcap? ( net-libs/libpcap )
+	gui? (
+		dev-qt/qtbase:6[concurrent,dbus,gui,widgets]
+		dev-qt/qt5compat:6
+		dev-qt/qtdeclarative:6
+		dev-qt/qtmultimedia:6
+		x11-misc/xdg-utils
+	)
+	sbc? ( media-libs/sbc )
+	sdjournal? ( sys-apps/systemd:= )
+	smi? ( net-libs/libsmi )
+	snappy? ( app-arch/snappy:= )
+	spandsp? ( media-libs/spandsp:= )
+	sshdump? ( >=net-libs/libssh-0.6:= )
+	ssl? ( >=net-libs/gnutls-3.5.8:= )
+	wifi? ( >=net-libs/libssh-0.6:= )
+	zlib? ( sys-libs/zlib )
+	zstd? ( app-arch/zstd:= )
+"
+DEPEND="
+	${RDEPEND}
+"
+BDEPEND="
+	${PYTHON_DEPS}
+	dev-lang/perl
+	app-alternatives/lex
+	sys-devel/gettext
+	virtual/pkgconfig
+	doc? (
+		app-text/doxygen
+		dev-ruby/asciidoctor
+		dev-libs/libxslt
+	)
+	gui? (
+		dev-qt/qttools:6[linguist]
+	)
+	test? (
+		$(python_gen_any_dep '
+			dev-python/pytest[${PYTHON_USEDEP}]
+			dev-python/pytest-xdist[${PYTHON_USEDEP}]
+		')
+	)
+"
+RDEPEND="
+	${RDEPEND}
+	gui? ( virtual/freedesktop-icon-theme )
+	selinux? ( sec-policy/selinux-wireshark )
+"
+
+if [[ ${PV} != *9999* ]] ; then
+	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-wireshark )"
+fi
+
+PATCHES=(
+	"${FILESDIR}/4.4.4-fix-skipping-rawshark-tests-on-big-endian.patch"
+	"${FILESDIR}/4.4.6-lto.patch"
+)
+
+python_check_deps() {
+	use test || return 0
+
+	python_has_version -b "dev-python/pytest[${PYTHON_USEDEP}]" &&
+		 python_has_version -b "dev-python/pytest-xdist[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	use lua && lua-single_pkg_setup
+
+	python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == *9999* ]] ; then
+		git-r3_src_unpack
+	else
+		if use verify-sig ; then
+			cd "${DISTDIR}" || die
+			verify-sig_verify_signed_checksums \
+				${P}-signatures.txt \
+				openssl-dgst \
+				${P}.tar.xz
+			cd "${WORKDIR}" || die
+		fi
+
+		default
+	fi
+}
+
+src_configure() {
+	local mycmakeargs
+
+	python_setup
+
+	mycmakeargs+=(
+		-DPython3_EXECUTABLE="${PYTHON}"
+		-DCMAKE_DISABLE_FIND_PACKAGE_{Asciidoctor,DOXYGEN}=$(usex !doc)
+
+		# Force bundled lemon (bug 933119)
+		-DLEMON_EXECUTABLE=
+
+		-DRPMBUILD_EXECUTABLE=
+		-DGIT_EXECUTABLE=
+		-DENABLE_CCACHE=OFF
+
+		$(use androiddump && use pcap && echo -DEXTCAP_ANDROIDDUMP_LIBPCAP=yes)
+		$(usex gui LRELEASE=$(qt6_get_bindir)/lrelease '')
+		$(usex gui MOC=$(qt6_get_bindir)/moc '')
+		$(usex gui RCC=$(qt6_get_bindir)/rcc '')
+		$(usex gui UIC=$(qt6_get_bindir)/uic '')
+
+		-DBUILD_androiddump=$(usex androiddump)
+		-DBUILD_capinfos=$(usex capinfos)
+		-DBUILD_captype=$(usex captype)
+		-DBUILD_ciscodump=$(usex ciscodump)
+		-DBUILD_dftest=$(usex dftest)
+		-DBUILD_dpauxmon=$(usex dpauxmon)
+		-DBUILD_dumpcap=$(usex dumpcap)
+		-DBUILD_editcap=$(usex editcap)
+		-DBUILD_mergecap=$(usex mergecap)
+		-DBUILD_mmdbresolve=$(usex maxminddb)
+		-DBUILD_randpkt=$(usex randpkt)
+		-DBUILD_randpktdump=$(usex randpktdump)
+		-DBUILD_reordercap=$(usex reordercap)
+		-DBUILD_sdjournal=$(usex sdjournal)
+		-DBUILD_sharkd=$(usex sharkd)
+		-DBUILD_sshdump=$(usex sshdump)
+		-DBUILD_text2pcap=$(usex text2pcap)
+		-DBUILD_tfshark=OFF
+		-DBUILD_tshark=$(usex tshark)
+		-DBUILD_udpdump=$(usex udpdump)
+
+		-DBUILD_wireshark=$(usex gui)
+		-DUSE_qt6=$(usex gui)
+
+		-DENABLE_WERROR=OFF
+		-DENABLE_BCG729=$(usex bcg729)
+		-DENABLE_BROTLI=$(usex brotli)
+		-DENABLE_CAP=$(usex filecaps caps)
+		-DENABLE_GNUTLS=$(usex ssl)
+		-DENABLE_ILBC=$(usex ilbc)
+		-DENABLE_KERBEROS=$(usex kerberos)
+		-DENABLE_LIBXML2=$(usex libxml2)
+		-DENABLE_LUA=$(usex lua)
+		-DLUA_FIND_VERSIONS="${ELUA#lua}"
+		-DENABLE_LZ4=$(usex lz4)
+		-DENABLE_MINIZIP=$(usex minizip)
+		-DENABLE_MINIZIPNG=OFF
+		-DENABLE_NETLINK=$(usex netlink)
+		-DENABLE_NGHTTP2=$(usex http2)
+		-DENABLE_NGHTTP3=$(usex http3)
+		-DENABLE_OPUS=$(usex opus)
+		-DENABLE_PCAP=$(usex pcap)
+		-DENABLE_PLUGINS=$(usex plugins)
+		-DENABLE_PLUGIN_IFDEMO=OFF
+		-DENABLE_SBC=$(usex sbc)
+		-DENABLE_SMI=$(usex smi)
+		-DENABLE_SNAPPY=$(usex snappy)
+		-DENABLE_SPANDSP=$(usex spandsp)
+		-DBUILD_wifidump=$(usex wifi)
+		-DENABLE_ZLIB=$(usex zlib)
+		-DENABLE_ZLIBNG=OFF
+		-DENABLE_ZSTD=$(usex zstd)
+	)
+
+	tc-is-lto && mycmakeargs+=( -DENABLE_LTO=ON )
+
+	cmake_src_configure
+}
+
+src_test() {
+	cmake_build test-programs
+
+	# https://www.wireshark.org/docs/wsdg_html_chunked/ChTestsRunPytest.html
+	epytest \
+		--disable-capture \
+		--skip-missing-programs=all \
+		--program-path "${BUILD_DIR}"/run
+}
+
+src_install() {
+	# bug #928577
+	# https://gitlab.com/wireshark/wireshark/-/commit/fe7bfdf6caac9204ab5f34eeba7b0f4a0314d3cd
+	cmake_src_install install-headers
+
+	if ! use doc; then
+		# prepare Relase Notes redirector (bug #939195)
+		local relnotes="doc/release-notes.html"
+
+		# by default create a link for our specific version
+		local relversion="wireshark-${PV}.html"
+
+		# for 9999 we link to the release notes index page
+		if [[ ${PV} == *9999* ]] ; then
+			relversion=""
+		fi
+
+		# patch version into redirector & install it
+		sed -e "s/#VERSION#/${relversion}/g" < "${FILESDIR}/release-notes.html" > ${relnotes} || die
+		dodoc ${relnotes}
+	fi
+
+	# FAQ is not required as is installed from help/faq.txt
+	dodoc AUTHORS ChangeLog README* doc/randpkt.txt doc/README*
+
+	# install headers
+	insinto /usr/include/wireshark
+	doins "${BUILD_DIR}"/config.h
+
+	# If trying to remove this, try build e.g. libvirt first!
+	# At last check, Fedora is still doing this too.
+	local dir dirs=(
+		epan
+		epan/crypt
+		epan/dfilter
+		epan/dissectors
+		epan/ftypes
+		wiretap
+		wsutil
+		wsutil/wmem
+	)
+
+	for dir in "${dirs[@]}" ; do
+		insinto /usr/include/wireshark/${dir}
+		doins ${dir}/*.h
+	done
+
+	if use gui ; then
+		local s
+
+		for s in 16 32 48 64 128 256 512 1024 ; do
+			insinto /usr/share/icons/hicolor/${s}x${s}/apps
+			newins resources/icons/wsicon${s}.png wireshark.png
+		done
+
+		for s in 16 24 32 48 64 128 256 ; do
+			insinto /usr/share/icons/hicolor/${s}x${s}/mimetypes
+			newins resources/icons//WiresharkDoc-${s}.png application-vnd.tcpdump.pcap.png
+		done
+	fi
+
+	if [[ -d "${ED}"/usr/share/appdata ]] ; then
+		rm -r "${ED}"/usr/share/appdata || die
+	fi
+}
+
+pkg_postinst() {
+	xdg_pkg_postinst
+
+	# Add group for users allowed to sniff.
+	chgrp pcap "${EROOT}"/usr/bin/dumpcap
+
+	if use dumpcap && use pcap ; then
+		fcaps -o 0 -g pcap -m 4710 -M 0710 \
+			cap_dac_read_search,cap_net_raw,cap_net_admin \
+			"${EROOT}"/usr/bin/dumpcap
+	fi
+
+	ewarn "NOTE: To capture traffic with wireshark as normal user you have to"
+	ewarn "add yourself to the pcap group. This security measure ensures"
+	ewarn "that only trusted users are allowed to sniff your traffic."
+}
diff --git a/net-analyzer/wireshark/wireshark-9999.ebuild b/net-analyzer/wireshark/wireshark-9999.ebuild
index 5c0d7c42f778..3193a70c6df1 100644
--- a/net-analyzer/wireshark/wireshark-9999.ebuild
+++ b/net-analyzer/wireshark/wireshark-9999.ebuild
@@ -4,9 +4,9 @@
 EAPI=8
 
 LUA_COMPAT=( lua5-{3..4} )
-PYTHON_COMPAT=( python3_{10..13} )
+PYTHON_COMPAT=( python3_{11..13} )
 
-inherit fcaps flag-o-matic lua-single python-any-r1 qmake-utils xdg cmake
+inherit fcaps lua-single python-any-r1 qmake-utils toolchain-funcs xdg cmake
 
 DESCRIPTION="Network protocol analyzer (sniffer)"
 HOMEPAGE="https://www.wireshark.org/"
@@ -117,6 +117,11 @@ if [[ ${PV} != *9999* ]] ; then
 	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-wireshark )"
 fi
 
+PATCHES=(
+	"${FILESDIR}/4.4.4-fix-skipping-rawshark-tests-on-big-endian.patch"
+	"${FILESDIR}/4.4.6-lto.patch"
+)
+
 python_check_deps() {
 	use test || return 0
 
@@ -152,14 +157,6 @@ src_configure() {
 
 	python_setup
 
-	if use gui ; then
-		append-cxxflags -fPIC -DPIC
-	fi
-
-	# crashes at runtime
-	# https://bugs.gentoo.org/754021
-	filter-lto
-
 	mycmakeargs+=(
 		-DPython3_EXECUTABLE="${PYTHON}"
 		-DCMAKE_DISABLE_FIND_PACKAGE_{Asciidoctor,DOXYGEN}=$(usex !doc)
@@ -209,8 +206,6 @@ src_configure() {
 		-DENABLE_ILBC=$(usex ilbc)
 		-DENABLE_KERBEROS=$(usex kerberos)
 		-DENABLE_LIBXML2=$(usex libxml2)
-		# only appends -flto
-		-DENABLE_LTO=OFF
 		-DENABLE_LUA=$(usex lua)
 		-DLUA_FIND_VERSIONS="${ELUA#lua}"
 		-DENABLE_LZ4=$(usex lz4)
@@ -233,6 +228,8 @@ src_configure() {
 		-DENABLE_ZSTD=$(usex zstd)
 	)
 
+	tc-is-lto && mycmakeargs+=( -DENABLE_LTO=ON )
+
 	cmake_src_configure
 }