Bjørn Forsman
a70197a653
wireshark: add patch to lookup "dumpcap" in PATH
...
What this allows us to do is define a "dumpcap" setuid wrapper in NixOS
and have wireshark use that instead of the non-setuid dumpcap binary
that it normally uses.
As far as I can tell, the code that is changed to do lookup in PATH is
only used by wireshark/tshark to find dumpcap. dumpcap, the thing that's
typically setuid, is not affected by this patch. wireshark and tshark
should *not* be installed setuid, so the fact that they now do lookup in
PATH is not a security concern.
With this commit, and the following config, only "root" and users in the
"wireshark" group will have access to capturing network traffic with
wireshark/dumpcap:
environment.systemPackages = [ pkgs.wireshark ];
security.setuidOwners = [
{ program = "dumpcap";
owner = "root";
group = "wireshark";
setuid = true;
setgid = false;
permissions = "u+rx,g+x";
}
];
users.extraGroups.wireshark.gid = 500;
(This wouldn't have worked before, because then wireshark would not use
our setuid dumpcap binary.)
2014-04-22 21:33:11 +02:00
Bjørn Forsman
cbd4650a1a
wireshark: add myself (bjornfor) as maintainer
2014-04-22 21:33:11 +02:00
Bjørn Forsman
27477f1fac
wireshark: build with libcap (POSIX capabilities)
...
This makes running wireshark (or more specifically, dumpcap) as root a
bit more secure. From <wireshark-1.11.2>/doc/README.packaging:
The "--with-libcap" option is only useful when dumpcap is installed
setuid. If it is enabled dumpcap will try to drop any setuid privileges
it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW
capabilities. It is enabled by default, if the Linux capabilities
library (on which it depends) is found.
2014-04-22 21:33:11 +02:00
Michael Raskin
9233723353
Temporary patch for Wireshark build
2014-04-06 00:57:35 +04:00
Peter Simons
ca73a92578
wireshark: the gtk3 build fails, so use gtk2
...
Duh, this is much more difficult than I would have thought.
2014-01-17 11:10:58 +01:00
Peter Simons
ac2a215c10
wireshark: build GUI with gtk3
...
This should be configurable, I guess.
2014-01-17 10:37:53 +01:00
Peter Simons
c1a80535ad
wireshark: update from 1.10.5 to 1.11.2
2014-01-15 17:29:14 +01:00
Nixpkgs Monitor
f512614a10
wireshark: update from 1.10.3 to 1.10.5, potentially fixes CVE-2013-7112, CVE-2013-7113, CVE-2013-7114
2014-01-10 08:28:58 +01:00
Mathijs Kwik
5771888f4e
wireshark: upgrade to 1.10.3
...
- cleaned up dependencies
- python support is deprecated (upstream) in favor of pyreshark
2013-12-23 10:21:18 +01:00
Vladimír Čunát
5fd97b7067
wireshark: bugfix+CVE update to current old-stable
...
The old version also didn't build anymore on x-updates.
2013-11-23 14:42:42 +01:00
Bjørn Forsman
d6f7910722
wireshark: bump from 1.8.6 to 1.8.7 (security update)
2013-05-21 22:53:46 +02:00
Bjørn Forsman
af6503b2af
wireshark: add desktop item
...
And fix a small "ethereal" typo.
2013-05-21 22:48:50 +02:00
Bjørn Forsman
3b6a347bea
wireshark: update homepage URL
2013-05-11 20:31:24 +02:00
Bjørn Forsman
8c108024ab
wireshark: bump to version 1.8.6
...
Multiple vulnerabilities and many bugs have been fixed. See the release
notes for details:
http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
2013-05-11 20:31:13 +02:00
Eelco Dolstra
5509f3beec
wireshark: Update to 1.8.5
...
CVE-2013-1582, CVE-2013-1586, CVE-2013-1588, CVE-2013-1590
2013-02-27 15:07:28 +01:00
Michael Raskin
3b01ff4591
Update Wireshark
2012-10-17 22:45:54 +04:00
Peter Simons
1a4f43c7b3
wireshark: updated to version 1.6.2
...
svn path=/nixpkgs/trunk/; revision=30426
2011-11-14 15:11:23 +00:00
Michael Raskin
7195b61a31
Update Wireshark
...
svn path=/nixpkgs/branches/stdenv-updates/; revision=24785
2010-11-20 20:51:29 +00:00
Michael Raskin
4325bd0b28
Update Wireshark to release
...
svn path=/nixpkgs/trunk/; revision=24129
2010-10-07 07:56:00 +00:00
Michael Raskin
3a0bf4d42d
Update wireshark
...
svn path=/nixpkgs/trunk/; revision=23516
2010-08-29 19:17:00 +00:00
Armijn Hemel
1aee2df93a
update libpcap to 1.1.1 and wireshark to 1.3.4
...
svn path=/nixpkgs/trunk/; revision=21205
2010-04-21 13:31:08 +00:00
Armijn Hemel
a53ab8a2e7
update to 1.3.2
...
svn path=/nixpkgs/trunk/; revision=19107
2009-12-25 12:38:08 +00:00
Marc Weber
5b3c7c6b7a
wireshark update - old source vanished
...
svn path=/nixpkgs/trunk/; revision=17865
2009-10-18 04:43:59 +00:00
Michael Raskin
2eb7441069
Wireshark update
...
svn path=/nixpkgs/trunk/; revision=15439
2009-05-04 11:01:59 +00:00
Marc Weber
498be42912
version bump: wireshark-1.1.2, libpcap-1.0.0
...
svn path=/nixpkgs/trunk/; revision=14054
2009-02-12 20:28:01 +00:00
Armijn Hemel
e89fed21f9
update to 1.0.3
...
svn path=/nixpkgs/trunk/; revision=12845
2008-09-11 22:04:27 +00:00
Armijn Hemel
84d3e027b8
update to 1.0.2
...
svn path=/nixpkgs/trunk/; revision=12362
2008-07-15 22:21:21 +00:00
Armijn Hemel
10ca296d82
change 'name' to version number of the tarball (was still at 0.99.7)
...
svn path=/nixpkgs/trunk/; revision=11732
2008-04-27 21:47:21 +00:00
Marc Weber
7e43554ace
Updated wireshark (used all-versions/ url now so if version changes url will still be valid in the future) - is this good or bad?
...
svn path=/nixpkgs/trunk/; revision=11610
2008-04-12 12:44:56 +00:00
Armijn Hemel
aae41dd4d4
update to 0.99.7
...
svn path=/nixpkgs/trunk/; revision=10005
2007-12-31 18:41:30 +00:00
Michael Raskin
9b43958df5
Version bump. Wireshark.org has already pulled old version off site...
...
svn path=/nixpkgs/trunk/; revision=8950
2007-07-06 13:07:14 +00:00
Armijn Hemel
c068774f59
cleanups, build graphical frontend too
...
svn path=/nixpkgs/trunk/; revision=8677
2007-05-14 00:04:39 +00:00
Armijn Hemel
16fc4c0838
ethereal -> wireshark
...
update to 0.99.5
svn path=/nixpkgs/trunk/; revision=8675
2007-05-13 23:24:34 +00:00