wireshark: 4.0.10 -> 4.2.0

pkgs/applications/networking/sniffers/wireshark/default.nix

@@ -29,7 +29,9 @@
 , makeWrapper
 , minizip
 , nghttp2
+, nghttp3
 , ninja
+, opencore-amr
 , openssl
 , pcre2
 , perl
@@ -52,7 +54,7 @@ assert withQt -> qt6 != null;
 
 stdenv.mkDerivation rec {
   pname = "wireshark-${if withQt then "qt" else "cli"}";
-  version = "4.0.10";
+  version = "4.2.0";
 
   outputs = [ "out" "dev" ];
 
@@ -60,11 +62,11 @@ stdenv.mkDerivation rec {
     repo = "wireshark";
     owner = "wireshark";
     rev = "v${version}";
-    hash = "sha256-R8CoatIZC7vkKn4UZ3G7h5qBexfKMdJJ0swi+IxAjG0=";
+    hash = "sha256-0ny2x5sGG/T7q8RehCKVH/vrSihWytvUDVYiMnfhh9s=";
   };
 
   patches = [
-    ./wireshark-lookup-dumpcap-in-path.patch
+    ./patches/lookup-dumpcap-in-path.patch
   ];
 
   depsBuildBuild = lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
@@ -104,6 +106,8 @@ stdenv.mkDerivation rec {
     lz4
     minizip
     nghttp2
+    nghttp3
+    opencore-amr
     openssl
     pcre2
     snappy
@@ -137,7 +141,6 @@ stdenv.mkDerivation rec {
     "-DCMAKE_INSTALL_LIBDIR=lib"
     "-DENABLE_APPLICATION_BUNDLE=${if withQt && stdenv.isDarwin then "ON" else "OFF"}"
     "-DLEMON_C_COMPILER=cc"
-    "-DUSE_qt6=ON"
   ] ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
     "-DHAVE_C99_VSNPRINTF_EXITCODE__TRYRUN_OUTPUT="
     "-DHAVE_C99_VSNPRINTF_EXITCODE=0"
@@ -159,10 +162,8 @@ stdenv.mkDerivation rec {
   '';
 
   postInstall = ''
-    # to remove "cycle detected in the references"
-    mkdir -p $dev/lib/wireshark
-    mv $out/lib/wireshark/cmake $dev/lib/wireshark
-  '' + (if stdenv.isDarwin && withQt then ''
+    cmake --install . --prefix "''${!outputDev}" --component Development
+  '' + lib.optionalString (stdenv.isDarwin && withQt) ''
     mkdir -p $out/Applications
     mv $out/bin/Wireshark.app $out/Applications/Wireshark.app
 
@@ -171,21 +172,7 @@ stdenv.mkDerivation rec {
             install_name_tool -change "$dylib" "$out/lib/$dylib" "$f"
         done
     done
-  '' else
-    lib.optionalString withQt ''
-      pwd
-
-      mkdir -pv $dev/include/{epan/{wmem,ftypes,dfilter},wsutil/wmem,wiretap}
-
-      cp config.h $dev/include/wireshark/
-      cp ../epan/*.h $dev/include/epan/
-      cp ../epan/ftypes/*.h $dev/include/epan/ftypes/
-      cp ../epan/dfilter/*.h $dev/include/epan/dfilter/
-      cp ../include/ws_*.h $dev/include/
-      cp ../wiretap/*.h $dev/include/wiretap/
-      cp ../wsutil/*.h $dev/include/wsutil/
-      cp ../wsutil/wmem/*.h $dev/include/wsutil/wmem/
-    '');
+  '';
 
   preFixup = ''
     qtWrapperArgs+=("''${gappsWrapperArgs[@]}")

pkgs/applications/networking/sniffers/wireshark/patches/lookup-dumpcap-in-path.patch

@@ -0,0 +1,59 @@
+From 2f0cbc740a0fe050f4de082620296c5eea18eba3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com>
+Date: Thu, 27 Oct 2022 20:56:07 +0200
+Subject: [PATCH] Lookup dumpcap in PATH
+
+NixOS patch: Look for dumpcap in PATH first, because there may be a
+dumpcap wrapper that we want to use instead of the default
+non-setuid dumpcap binary.
+
+Also change execv() to execvp() because we've set argv[0] to "dumpcap"
+and have to enable PATH lookup. Wireshark is not a setuid program, so
+looking in PATH is not a security issue.
+
+ORIGINALLY by Björn Forsman
+
+EDITED by teto for wireshark 3.6
+
+EDITED by esclear for wireshark 4.0
+
+EDITED by paveloom for wireshark 4.2
+
+Signed-off-by: Franz Pletz <fpletz@fnordicwalking.de>
+---
+ capture/capture_sync.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/capture/capture_sync.c b/capture/capture_sync.c
+index 01e9510a27..e439098298 100644
+--- a/capture/capture_sync.c
++++ b/capture/capture_sync.c
+@@ -225,8 +225,15 @@ init_pipe_args(int *argc) {
+     char *exename;
+     char **argv;
+
+-    /* Find the absolute path of the dumpcap executable. */
+-    exename = get_executable_path("dumpcap");
++    /* NixOS patch: Look for dumpcap in PATH first, because there may be a
++     * dumpcap wrapper that we want to use instead of the default
++     * non-setuid dumpcap binary. */
++    if (system("command -v dumpcap >/dev/null") == 0) {
++        exename = ws_strdup_printf("dumpcap");
++    } else {
++        /* Use dumpcap from the package. */
++        exename = get_executable_path("dumpcap");
++    }
+     if (exename == NULL) {
+         return NULL;
+     }
+@@ -533,7 +540,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
+         dup2(sync_pipe[PIPE_WRITE], 2);
+         ws_close(sync_pipe[PIPE_READ]);
+         ws_close(sync_pipe[PIPE_WRITE]);
+-        execv(argv[0], argv);
++        execvp(argv[0], argv);
+         sync_pipe_write_int_msg(2, SP_EXEC_FAILED, errno);
+
+         /* Exit with "_exit()", so that we don't close the connection
+--
+2.42.0

pkgs/applications/networking/sniffers/wireshark/wireshark-lookup-dumpcap-in-path.patch

@@ -1,66 +0,0 @@
-From 2f0cbc740a0fe050f4de082620296c5eea18eba3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com>
-Date: Thu, 27 Oct 2022 20:56:07 +0200
-Subject: [PATCH] Lookup dumpcap in PATH
-
-NixOS patch: Look for dumpcap in PATH first, because there may be a
-dumpcap wrapper that we want to use instead of the default
-non-setuid dumpcap binary.
-
-Also change execv() to execvp() because we've set argv[0] to "dumpcap"
-and have to enable PATH lookup. Wireshark is not a setuid program, so
-looking in PATH is not a security issue.
-
-ORIGINALLY by Björn Forsman
-
-EDITED by teto for wireshark 3.6
-
-EDITED by esclear for wireshark 4.0
-
-Signed-off-by: Franz Pletz <fpletz@fnordicwalking.de>
----
- capture/capture_sync.c | 17 ++++++++++++++---
- 1 file changed, 14 insertions(+), 3 deletions(-)
-
-diff --git a/capture/capture_sync.c b/capture/capture_sync.c
-index fc5552f02c..a556f109af 100644
---- a/capture/capture_sync.c
-+++ b/capture/capture_sync.c
-@@ -239,7 +239,18 @@ init_pipe_args(int *argc) {
- #ifdef _WIN32
-     exename = ws_strdup_printf("%s\\dumpcap.exe", progfile_dir);
- #else
--    exename = ws_strdup_printf("%s/dumpcap", progfile_dir);
-+    /*
-+     * NixOS patch: Look for dumpcap in PATH first, because there may be a
-+     * dumpcap wrapper that we want to use instead of the default
-+     * non-setuid dumpcap binary.
-+     */
-+    if (system("command -v dumpcap >/dev/null") == 0) {
-+        /* Found working dumpcap */
-+        exename = ws_strdup_printf("dumpcap");
-+    } else {
-+        /* take Wireshark's absolute program path and replace "Wireshark" with "dumpcap" */
-+        exename = ws_strdup_printf("%s/dumpcap", progfile_dir);
-+    }
- #endif
- 
-     /* Make that the first argument in the argument list (argv[0]). */
-@@ -690,7 +701,7 @@ sync_pipe_start(capture_options *capture_opts, GPtrArray *capture_comments,
-          */
-         dup2(sync_pipe[PIPE_WRITE], 2);
-         ws_close(sync_pipe[PIPE_READ]);
--        execv(argv[0], argv);
-+        execvp(argv[0], argv);
-         snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
-                    argv[0], g_strerror(errno));
-         sync_pipe_errmsg_to_parent(2, errmsg, "");
-@@ -946,7 +957,7 @@ sync_pipe_open_command(char* const argv[], int *data_read_fd,
-         dup2(sync_pipe[PIPE_WRITE], 2);
-         ws_close(sync_pipe[PIPE_READ]);
-         ws_close(sync_pipe[PIPE_WRITE]);
--        execv(argv[0], argv);
-+        execvp(argv[0], argv);
-         snprintf(errmsg, sizeof errmsg, "Couldn't run %s in child process: %s",
-                    argv[0], g_strerror(errno));
-         sync_pipe_errmsg_to_parent(2, errmsg, "");