diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/sniffers')
3 files changed, 86 insertions, 107 deletions
diff --git a/nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix index fb3399ee569b..e33af52e45e5 100644 --- a/nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix +++ b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/default.nix @@ -29,7 +29,9 @@ , makeWrapper , minizip , nghttp2 +, nghttp3 , ninja +, opencore-amr , openssl , pcre2 , perl @@ -52,7 +54,7 @@ assert withQt -> qt6 != null; stdenv.mkDerivation rec { pname = "wireshark-${if withQt then "qt" else "cli"}"; - version = "4.0.10"; + version = "4.2.0"; outputs = [ "out" "dev" ]; @@ -60,11 +62,11 @@ stdenv.mkDerivation rec { repo = "wireshark"; owner = "wireshark"; rev = "v${version}"; - hash = "sha256-R8CoatIZC7vkKn4UZ3G7h5qBexfKMdJJ0swi+IxAjG0="; + hash = "sha256-0ny2x5sGG/T7q8RehCKVH/vrSihWytvUDVYiMnfhh9s="; }; patches = [ - ./wireshark-lookup-dumpcap-in-path.patch + ./patches/lookup-dumpcap-in-path.patch ]; depsBuildBuild = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ @@ -87,30 +89,32 @@ stdenv.mkDerivation rec { ]; buildInputs = [ + bcg729 + c-ares gettext - pcre2 - libpcap - lua5 - libssh - nghttp2 - openssl + glib + gnutls libgcrypt libgpg-error - gnutls + libkrb5 libmaxminddb libopus - bcg729 - spandsp3 - libkrb5 - speexdsp + libpcap libsmi + libssh + lua5 lz4 - snappy - zstd minizip - c-ares - glib + nghttp2 + nghttp3 + opencore-amr + openssl + pcre2 + snappy + spandsp3 + speexdsp zlib + zstd ] ++ lib.optionals withQt (with qt6; [ qt5compat qtbase @@ -133,21 +137,19 @@ stdenv.mkDerivation rec { cmakeFlags = [ "-DBUILD_wireshark=${if withQt then "ON" else "OFF"}" - "-DENABLE_APPLICATION_BUNDLE=${if withQt && stdenv.isDarwin then "ON" else "OFF"}" # Fix `extcap` and `plugins` paths. See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16444 "-DCMAKE_INSTALL_LIBDIR=lib" + "-DENABLE_APPLICATION_BUNDLE=${if withQt && stdenv.isDarwin then "ON" else "OFF"}" "-DLEMON_C_COMPILER=cc" - "-DUSE_qt6=ON" ] ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [ - "-DHAVE_C99_VSNPRINTF_EXITCODE=0" "-DHAVE_C99_VSNPRINTF_EXITCODE__TRYRUN_OUTPUT=" + "-DHAVE_C99_VSNPRINTF_EXITCODE=0" ]; # Avoid referencing -dev paths because of debug assertions. env.NIX_CFLAGS_COMPILE = toString [ "-DQT_NO_DEBUG" ]; dontFixCmake = true; - # Prevent double-wrapping, inject wrapper args manually instead. dontWrapGApps = true; shellHook = '' @@ -160,10 +162,8 @@ stdenv.mkDerivation rec { ''; postInstall = '' - # to remove "cycle detected in the references" - mkdir -p $dev/lib/wireshark - mv $out/lib/wireshark/cmake $dev/lib/wireshark - '' + (if stdenv.isDarwin && withQt then '' + cmake --install . --prefix "''${!outputDev}" --component Development + '' + lib.optionalString (stdenv.isDarwin && withQt) '' mkdir -p $out/Applications mv $out/bin/Wireshark.app $out/Applications/Wireshark.app @@ -172,21 +172,7 @@ stdenv.mkDerivation rec { install_name_tool -change "$dylib" "$out/lib/$dylib" "$f" done done - '' else - lib.optionalString withQt '' - pwd - - mkdir -pv $dev/include/{epan/{wmem,ftypes,dfilter},wsutil/wmem,wiretap} - - cp config.h $dev/include/wireshark/ - cp ../epan/*.h $dev/include/epan/ - cp ../epan/ftypes/*.h $dev/include/epan/ftypes/ - cp ../epan/dfilter/*.h $dev/include/epan/dfilter/ - cp ../include/ws_*.h $dev/include/ - cp ../wiretap/*.h $dev/include/wiretap/ - cp ../wsutil/*.h $dev/include/wsutil/ - cp ../wsutil/wmem/*.h $dev/include/wsutil/wmem/ - ''); + ''; preFixup = '' qtWrapperArgs+=("''${gappsWrapperArgs[@]}") diff --git a/nixpkgs/pkgs/applications/networking/sniffers/wireshark/patches/lookup-dumpcap-in-path.patch b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/patches/lookup-dumpcap-in-path.patch new file mode 100644 index 000000000000..4285541bbfa9 --- /dev/null +++ b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/patches/lookup-dumpcap-in-path.patch @@ -0,0 +1,59 @@ +From 2f0cbc740a0fe050f4de082620296c5eea18eba3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com> +Date: Thu, 27 Oct 2022 20:56:07 +0200 +Subject: [PATCH] Lookup dumpcap in PATH + +NixOS patch: Look for dumpcap in PATH first, because there may be a +dumpcap wrapper that we want to use instead of the default +non-setuid dumpcap binary. + +Also change execv() to execvp() because we've set argv[0] to "dumpcap" +and have to enable PATH lookup. Wireshark is not a setuid program, so +looking in PATH is not a security issue. + +ORIGINALLY by Björn Forsman + +EDITED by teto for wireshark 3.6 + +EDITED by esclear for wireshark 4.0 + +EDITED by paveloom for wireshark 4.2 + +Signed-off-by: Franz Pletz <fpletz@fnordicwalking.de> +--- + capture/capture_sync.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/capture/capture_sync.c b/capture/capture_sync.c +index 01e9510a27..e439098298 100644 +--- a/capture/capture_sync.c ++++ b/capture/capture_sync.c +@@ -225,8 +225,15 @@ init_pipe_args(int *argc) { + char *exename; + char **argv; + +- /* Find the absolute path of the dumpcap executable. */ +- exename = get_executable_path("dumpcap"); ++ /* NixOS patch: Look for dumpcap in PATH first, because there may be a ++ * dumpcap wrapper that we want to use instead of the default ++ * non-setuid dumpcap binary. */ ++ if (system("command -v dumpcap >/dev/null") == 0) { ++ exename = ws_strdup_printf("dumpcap"); ++ } else { ++ /* Use dumpcap from the package. */ ++ exename = get_executable_path("dumpcap"); ++ } + if (exename == NULL) { + return NULL; + } +@@ -533,7 +540,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd, + dup2(sync_pipe[PIPE_WRITE], 2); + ws_close(sync_pipe[PIPE_READ]); + ws_close(sync_pipe[PIPE_WRITE]); +- execv(argv[0], argv); ++ execvp(argv[0], argv); + sync_pipe_write_int_msg(2, SP_EXEC_FAILED, errno); + + /* Exit with "_exit()", so that we don't close the connection +-- +2.42.0 diff --git a/nixpkgs/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch b/nixpkgs/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch deleted file mode 100644 index 0e523db0a32a..000000000000 --- a/nixpkgs/pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 2f0cbc740a0fe050f4de082620296c5eea18eba3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com> -Date: Thu, 27 Oct 2022 20:56:07 +0200 -Subject: [PATCH] Lookup dumpcap in PATH - -NixOS patch: Look for dumpcap in PATH first, because there may be a -dumpcap wrapper that we want to use instead of the default -non-setuid dumpcap binary. - -Also change execv() to execvp() because we've set argv[0] to "dumpcap" -and have to enable PATH lookup. Wireshark is not a setuid program, so -looking in PATH is not a security issue. - -ORIGINALLY by Björn Forsman - -EDITED by teto for wireshark 3.6 - -EDITED by esclear for wireshark 4.0 - -Signed-off-by: Franz Pletz <fpletz@fnordicwalking.de> ---- - capture/capture_sync.c | 17 ++++++++++++++--- - 1 file changed, 14 insertions(+), 3 deletions(-) - -diff --git a/capture/capture_sync.c b/capture/capture_sync.c -index fc5552f02c..a556f109af 100644 ---- a/capture/capture_sync.c -+++ b/capture/capture_sync.c -@@ -239,7 +239,18 @@ init_pipe_args(int *argc) { - #ifdef _WIN32 - exename = ws_strdup_printf("%s\\dumpcap.exe", progfile_dir); - #else -- exename = ws_strdup_printf("%s/dumpcap", progfile_dir); -+ /* -+ * NixOS patch: Look for dumpcap in PATH first, because there may be a -+ * dumpcap wrapper that we want to use instead of the default -+ * non-setuid dumpcap binary. -+ */ -+ if (system("command -v dumpcap >/dev/null") == 0) { -+ /* Found working dumpcap */ -+ exename = ws_strdup_printf("dumpcap"); -+ } else { -+ /* take Wireshark's absolute program path and replace "Wireshark" with "dumpcap" */ -+ exename = ws_strdup_printf("%s/dumpcap", progfile_dir); -+ } - #endif - - /* Make that the first argument in the argument list (argv[0]). */ -@@ -690,7 +701,7 @@ sync_pipe_start(capture_options *capture_opts, GPtrArray *capture_comments, - */ - dup2(sync_pipe[PIPE_WRITE], 2); - ws_close(sync_pipe[PIPE_READ]); -- execv(argv[0], argv); -+ execvp(argv[0], argv); - snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", - argv[0], g_strerror(errno)); - sync_pipe_errmsg_to_parent(2, errmsg, ""); -@@ -946,7 +957,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd, - dup2(sync_pipe[PIPE_WRITE], 2); - ws_close(sync_pipe[PIPE_READ]); - ws_close(sync_pipe[PIPE_WRITE]); -- execv(argv[0], argv); -+ execvp(argv[0], argv); - snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s", - argv[0], g_strerror(errno)); - sync_pipe_errmsg_to_parent(2, errmsg, ""); |