Commit Graph

33 Commits

Author SHA1 Message Date
Bjørn Forsman
a70197a653 wireshark: add patch to lookup "dumpcap" in PATH
What this allows us to do is define a "dumpcap" setuid wrapper in NixOS
and have wireshark use that instead of the non-setuid dumpcap binary
that it normally uses.

As far as I can tell, the code that is changed to do lookup in PATH is
only used by wireshark/tshark to find dumpcap. dumpcap, the thing that's
typically setuid, is not affected by this patch. wireshark and tshark
should *not* be installed setuid, so the fact that they now do lookup in
PATH is not a security concern.

With this commit, and the following config, only "root" and users in the
"wireshark" group will have access to capturing network traffic with
wireshark/dumpcap:

  environment.systemPackages = [ pkgs.wireshark ];
  security.setuidOwners = [
    { program = "dumpcap";
      owner = "root";
      group = "wireshark";
      setuid = true;
      setgid = false;
      permissions = "u+rx,g+x";
    }
  ];
  users.extraGroups.wireshark.gid = 500;

(This wouldn't have worked before, because then wireshark would not use
our setuid dumpcap binary.)
2014-04-22 21:33:11 +02:00
Bjørn Forsman
cbd4650a1a wireshark: add myself (bjornfor) as maintainer 2014-04-22 21:33:11 +02:00
Bjørn Forsman
27477f1fac wireshark: build with libcap (POSIX capabilities)
This makes running wireshark (or more specifically, dumpcap) as root a
bit more secure. From <wireshark-1.11.2>/doc/README.packaging:

  The "--with-libcap" option is only useful when dumpcap is installed
  setuid. If it is enabled dumpcap will try to drop any setuid privileges
  it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW
  capabilities. It is enabled by default, if the Linux capabilities
  library (on which it depends) is found.
2014-04-22 21:33:11 +02:00
Michael Raskin
9233723353 Temporary patch for Wireshark build 2014-04-06 00:57:35 +04:00
Peter Simons
ca73a92578 wireshark: the gtk3 build fails, so use gtk2
Duh, this is much more difficult than I would have thought.
2014-01-17 11:10:58 +01:00
Peter Simons
ac2a215c10 wireshark: build GUI with gtk3
This should be configurable, I guess.
2014-01-17 10:37:53 +01:00
Peter Simons
c1a80535ad wireshark: update from 1.10.5 to 1.11.2 2014-01-15 17:29:14 +01:00
Nixpkgs Monitor
f512614a10 wireshark: update from 1.10.3 to 1.10.5, potentially fixes CVE-2013-7112, CVE-2013-7113, CVE-2013-7114 2014-01-10 08:28:58 +01:00
Mathijs Kwik
5771888f4e wireshark: upgrade to 1.10.3
- cleaned up dependencies
- python support is deprecated (upstream) in favor of pyreshark
2013-12-23 10:21:18 +01:00
Vladimír Čunát
5fd97b7067 wireshark: bugfix+CVE update to current old-stable
The old version also didn't build anymore on x-updates.
2013-11-23 14:42:42 +01:00
Bjørn Forsman
d6f7910722 wireshark: bump from 1.8.6 to 1.8.7 (security update) 2013-05-21 22:53:46 +02:00
Bjørn Forsman
af6503b2af wireshark: add desktop item
And fix a small "ethereal" typo.
2013-05-21 22:48:50 +02:00
Bjørn Forsman
3b6a347bea wireshark: update homepage URL 2013-05-11 20:31:24 +02:00
Bjørn Forsman
8c108024ab wireshark: bump to version 1.8.6
Multiple vulnerabilities and many bugs have been fixed. See the release
notes for details:

  http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html
2013-05-11 20:31:13 +02:00
Eelco Dolstra
5509f3beec wireshark: Update to 1.8.5
CVE-2013-1582, CVE-2013-1586, CVE-2013-1588, CVE-2013-1590
2013-02-27 15:07:28 +01:00
Michael Raskin
3b01ff4591 Update Wireshark 2012-10-17 22:45:54 +04:00
Peter Simons
1a4f43c7b3 wireshark: updated to version 1.6.2
svn path=/nixpkgs/trunk/; revision=30426
2011-11-14 15:11:23 +00:00
Michael Raskin
7195b61a31 Update Wireshark
svn path=/nixpkgs/branches/stdenv-updates/; revision=24785
2010-11-20 20:51:29 +00:00
Michael Raskin
4325bd0b28 Update Wireshark to release
svn path=/nixpkgs/trunk/; revision=24129
2010-10-07 07:56:00 +00:00
Michael Raskin
3a0bf4d42d Update wireshark
svn path=/nixpkgs/trunk/; revision=23516
2010-08-29 19:17:00 +00:00
Armijn Hemel
1aee2df93a update libpcap to 1.1.1 and wireshark to 1.3.4
svn path=/nixpkgs/trunk/; revision=21205
2010-04-21 13:31:08 +00:00
Armijn Hemel
a53ab8a2e7 update to 1.3.2
svn path=/nixpkgs/trunk/; revision=19107
2009-12-25 12:38:08 +00:00
Marc Weber
5b3c7c6b7a wireshark update - old source vanished
svn path=/nixpkgs/trunk/; revision=17865
2009-10-18 04:43:59 +00:00
Michael Raskin
2eb7441069 Wireshark update
svn path=/nixpkgs/trunk/; revision=15439
2009-05-04 11:01:59 +00:00
Marc Weber
498be42912 version bump: wireshark-1.1.2, libpcap-1.0.0
svn path=/nixpkgs/trunk/; revision=14054
2009-02-12 20:28:01 +00:00
Armijn Hemel
e89fed21f9 update to 1.0.3
svn path=/nixpkgs/trunk/; revision=12845
2008-09-11 22:04:27 +00:00
Armijn Hemel
84d3e027b8 update to 1.0.2
svn path=/nixpkgs/trunk/; revision=12362
2008-07-15 22:21:21 +00:00
Armijn Hemel
10ca296d82 change 'name' to version number of the tarball (was still at 0.99.7)
svn path=/nixpkgs/trunk/; revision=11732
2008-04-27 21:47:21 +00:00
Marc Weber
7e43554ace Updated wireshark (used all-versions/ url now so if version changes url will still be valid in the future) - is this good or bad?
svn path=/nixpkgs/trunk/; revision=11610
2008-04-12 12:44:56 +00:00
Armijn Hemel
aae41dd4d4 update to 0.99.7
svn path=/nixpkgs/trunk/; revision=10005
2007-12-31 18:41:30 +00:00
Michael Raskin
9b43958df5 Version bump. Wireshark.org has already pulled old version off site...
svn path=/nixpkgs/trunk/; revision=8950
2007-07-06 13:07:14 +00:00
Armijn Hemel
c068774f59 cleanups, build graphical frontend too
svn path=/nixpkgs/trunk/; revision=8677
2007-05-14 00:04:39 +00:00
Armijn Hemel
16fc4c0838 ethereal -> wireshark
update to 0.99.5

svn path=/nixpkgs/trunk/; revision=8675
2007-05-13 23:24:34 +00:00