head 1.10; access; symbols pkgsrc-2026Q1:1.10.0.14 pkgsrc-2026Q1-base:1.10 pkgsrc-2025Q4:1.10.0.12 pkgsrc-2025Q4-base:1.10 pkgsrc-2025Q3:1.10.0.10 pkgsrc-2025Q3-base:1.10 pkgsrc-2025Q2:1.10.0.8 pkgsrc-2025Q2-base:1.10 pkgsrc-2025Q1:1.10.0.6 pkgsrc-2025Q1-base:1.10 pkgsrc-2024Q4:1.10.0.4 pkgsrc-2024Q4-base:1.10 pkgsrc-2024Q3:1.10.0.2 pkgsrc-2024Q3-base:1.10 pkgsrc-2024Q2:1.9.0.6 pkgsrc-2024Q2-base:1.9 pkgsrc-2024Q1:1.9.0.4 pkgsrc-2024Q1-base:1.9 pkgsrc-2023Q4:1.9.0.2 pkgsrc-2023Q4-base:1.9 pkgsrc-2023Q3:1.8.0.8 pkgsrc-2023Q3-base:1.8 pkgsrc-2023Q2:1.8.0.6 pkgsrc-2023Q2-base:1.8 pkgsrc-2023Q1:1.8.0.4 pkgsrc-2023Q1-base:1.8 pkgsrc-2022Q4:1.8.0.2 pkgsrc-2022Q4-base:1.8 pkgsrc-2022Q3:1.7.0.8 pkgsrc-2022Q3-base:1.7 pkgsrc-2022Q2:1.7.0.6 pkgsrc-2022Q2-base:1.7 pkgsrc-2022Q1:1.7.0.4 pkgsrc-2022Q1-base:1.7 pkgsrc-2021Q4:1.7.0.2 pkgsrc-2021Q4-base:1.7 pkgsrc-2021Q3:1.6.0.4 pkgsrc-2021Q3-base:1.6 pkgsrc-2021Q2:1.6.0.2 pkgsrc-2021Q2-base:1.6 pkgsrc-2021Q1:1.4.0.6 pkgsrc-2021Q1-base:1.4 pkgsrc-2020Q4:1.4.0.4 pkgsrc-2020Q4-base:1.4 pkgsrc-2020Q3:1.4.0.2 pkgsrc-2020Q3-base:1.4 pkgsrc-2020Q2:1.3.0.2 pkgsrc-2020Q2-base:1.3 pkgsrc-2020Q1:1.2.0.2 pkgsrc-2020Q1-base:1.2 pkgsrc-2019Q4:1.1.0.8 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.4 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.2 pkgsrc-2019Q2-base:1.1; locks; strict; comment @# @; 1.10 date 2024.08.31.08.39.32; author adam; state Exp; branches; next 1.9; commitid rYb7AZlgm9sI5XnF; 1.9 date 2023.11.20.18.34.49; author adam; state Exp; branches; next 1.8; commitid cjz2RvDyhJh0ynNE; 1.8 date 2022.11.01.08.59.25; author adam; state Exp; branches; next 1.7; commitid dT3NpqEONuEVHYZD; 1.7 date 2021.12.16.09.36.06; author tnn; state Exp; branches; next 1.6; commitid egiso59nv3QhcRkD; 1.6 date 2021.04.23.07.14.44; author adam; state Exp; branches; next 1.5; commitid RANxOFahnRIX1oQC; 1.5 date 2021.04.06.10.25.01; author tnn; state Exp; branches; next 1.4; commitid ta7vXvdzbdJHCdOC; 1.4 date 2020.09.15.10.19.20; author wiz; state Exp; branches; next 1.3; commitid 89AL9AfV82AO78oC; 1.3 date 2020.04.09.14.37.15; author adam; state Exp; branches; next 1.2; commitid VKkdqPjCaqXNEI3C; 1.2 date 2019.12.30.17.48.05; author adam; state Exp; branches; next 1.1; commitid 7HBhvscWX9WHXKQB; 1.1 date 2019.05.06.09.36.47; author adam; state Exp; branches; next ; commitid Yt92CjUphQaXS7mB; desc @@ 1.10 log @wireshark: updated to 4.4.0 Wireshark 4.4.0 Many improvements and fixes to the graphing dialogs, including I/O Graphs, Flow Graph / VoIP Calls, and TCP Stream Graphs. Wireshark now supports automatic profile switching. You can associate a display filter with a configuration profile, and when you open a capture file that matches the filter, Wireshark will automatically switch to that profile. Support for Lua 5.3 and 5.4 has been added, and support for Lua 5.1 and 5.2 has been removed. The Windows and macOS installers now ship with Lua 5.4.6. Improved display filter support for value strings (optional string representations for numeric fields). Display filter functions can be implemented as plugins, similar to protocol dissectors and file parsers. Display filters can be translated to pcap filters using Edit › Copy › Display filter as pcap filter if each display filter field has a corresponding pcap filter equivalent. Custom columns can be defined using any valid field expression, such as display filter functions, packet slices, arithmetic calculations, logical tests, raw byte addressing, and protocol layer modifiers. Custom output fields for tshark -e can also be defined using any valid field expression. Wireshark can be built with the zlib-ng instead of zlib for compressed file support. Zlib-ng is substantially faster than zlib. The official Windows and macOS packages include this feature. @ text @$NetBSD: patch-CMakeLists.txt,v 1.9 2023/11/20 18:34:49 adam Exp $ Do not make application bundle on Darwin. editcap needs -lm, like tfshark: editcap.c:(.text.startup+0x5b8): undefined reference to `modf' --- CMakeLists.txt.orig 2024-08-28 18:51:12.000000000 +0000 +++ CMakeLists.txt @@@@ -1605,7 +1605,7 @@@@ if(WIN32) set(WIN_WS2_32_LIBRARY ws2_32.lib) endif() -if(APPLE) +if(APPLE AND ENABLE_APPLICATION_BUNDLE) # # We assume that APPLE means macOS so that we have the macOS # frameworks. @@@@ -1669,7 +1669,7 @@@@ else() endif() endif() -if(APPLE) +if(FALSE) # # As https://developer.apple.com/library/archive/technotes/tn2206/_index.html # says, @@@@ -2846,7 +2846,11 @@@@ if(BUILD_wireshark AND QT_FOUND) ${MINIZIPNG_LIBRARIES} ) + if(ENABLE_APPLICATION_BUNDLE) add_executable(wireshark WIN32 MACOSX_BUNDLE ${wireshark_FILES} ${EXTRA_WIRESHARK_BUNDLE_FILES}) + else() + add_executable(wireshark WIN32 ${wireshark_FILES} ${EXTRA_WIRESHARK_BUNDLE_FILES}) + endif() if(MSVC) set_property(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} PROPERTY VS_STARTUP_PROJECT wireshark) endif() @@@@ -3352,6 +3356,7 @@@@ endif() if(BUILD_editcap) set(editcap_LIBS + m ui wiretap ${ZLIB_LIBRARIES} @ 1.9 log @wireshark: updated to 4.2.0 Wireshark 4.2.0 Release Notes What’s New This is the first major Wireshark release under the Wireshark Foundation, a nonprofit which hosts Wireshark and promotes protocol analysis educaton. The foundation depends on your contributions in order to do its work. If you or your employer would like to contribute or become a sponsor, please visit wiresharkfoundation.org[1]. Wireshark supports dark mode on Windows. A Windows installer for Arm64 has been added. Packet list sorting has been improved. Wireshark and TShark are now better about generating valid UTF-8 output. A new display filter feature for filtering raw bytes has been added. Display filter autocomplete is smarter about not suggesting invalid syntax. "Tools › MAC Address Blocks" can lookup a MAC address in the IEEE OUI registry. The enterprises, manuf, and services configuration files have been compiled in for improved start-up times. These files are no longer available in the master branch in our source code repository. You can download the manuf file[2] from our automated build directory. The installation target no longer installs development headers by default. The Wireshark installation is relocatable on Linux (and other ELF platforms with support for relative RPATHs). Wireshark can be compiled on Windows using MSYS2[3]. Check the Developer’s guide for instructions. Wireshark can be cross-compiled for Windows using Linux. Check the Developer’s guide for instructions. "Tools › Browser (SSL Keylog)" can launch your web browser with the SSLKEYLOGFILE environment variable set to the appropriate value. Windows installer file names now have the format Wireshark--.exe. Wireshark now supports the Korean language. Many other improvements have been made. See the “New and Updated Features” section below for more details. Bug Fixes The following bugs have been fixed: • Issue 18413[4] - RTP player do not play audio frequently on Windows builds with Qt6. • Issue 18510[5] - Playback marker does not move after resume with Qt6. New and Updated Features The following features are new (or have been significantly updated) since version 4.2.0rc3: • Nothing of note. The following features are new (or have been significantly updated) since version 4.2.0rc2: • The Windows installers now ship with Npcap 1.78. They previously shipped with Npcap 1.77. The following features are new (or have been significantly updated) since version 4.2.0rc1: • The Windows installers now ship with Npcap 1.77. They previously shipped with Npcap 1.71. The following features are new (or have been significantly updated) since version 4.1.0: • Improved dark mode support. • The Windows installers now ship with Qt 6.5.3. They previously shipped with Qt 6.2.3. The following features are new (or have been significantly updated) since version 4.0.0: • The API has been updated to ensure that the dissection engine produces valid UTF-8 strings. • Wireshark now builds with Qt6 by default. To use Qt5 instead pass USE_qt6=OFF to CMake. • The "ciscodump" extcap supports Cisco IOS XE 17.x. • The default interval between GUI updates when capturing has been decreased from 500ms to 100ms, and is now configurable. • The -n option also now disables IP address geolocation information lookup in configured MaxMind databases (and geolocation lookup can be enabled with -Ng.) This is most relevant for TShark, where geolocation lookups are synchronous. • The display filter drop-down list is now sorted by "most recently used" instead of "most recently created". • Display filter syntax-related changes: • It is now possible to filter on raw packet data for any field by using the syntax `@@some.field == `. This can be useful to filter on malformed UTF-8 strings, among other use cases where it is necessary to look at the field’s raw data. • Negation (unary minus) now works with any display filter arithmetic expression. • Using the slice operator with strings produces a string. Previously it would produce a byte array. This is useful to index/slice UTF-8 multibyte strings. String byte slices can still be obtained using the "@@" (raw operator) prefix. • Arithmetic expressions are allowed as set elements. • Absolute date and time values can be written as Unix time. • The limitation where a minus sign needed to be preceded by a space character has been removed. • Added XOR logical operator. • Fixed the implementation of `all …​ in` membership operator • When parsing absolute time values the display filter engine has learned to understand timezones as specified in strptime(3)[7], including some common North American designations. Arbitrary timezone names are not supported however. Previously only ISO8601 offsets and the "UTC" designation was understood. • Writing value strings without double quotes is deprecated and will generate a warning. Value strings are integer or boolean values that can be represented using a user-friendly textual format, such as "Set"/"Unset" instead of numerical values like 1 and 0. It is now a requirement that value strings need to be written enclosed in double-quotes. • The deprecated ~≃ operator symbol has been removed. It was replaced by !== in version 4.0. • Running the test suite requires the pytest[8] Python module. The emulation layer that allowed running tests without pytest installed has been removed. • When saving files or exporting packets after changing their time with the "Time Shift" dialog, the shifted time is written to the new file. • TLS secrets used in decrypting packets can be embedded (or discarded) from the capture file via the GUI, similar to the options --inject-secrets and --discard-all-secrets in editcap. • The text of any configured column (displayed or hidden) can be filtered anywhere that filters are used - in display filters, filters in taps, coloring rules, Wireshark read filters, and the -Y, -R, and -e options to TShark, the "Apply as Filter" GUI option, etc. • The filter field names are prefixed by "_ws.col", followed by a lowercase version of the COL_ name found in epan/column-utils.h, e.g. "_ws.col.info" or "_ws.col.protocol" • Using the column names as a filter is slower than other filter types because the columns must be constructed, so when the same filtering can be achieved via other fields, prefer that. • The external name resolution text files "manuf", "enterprises" and "services" have been removed and replaced with static binary data. You can dump the respective internal data using `tshark -G manuf|enterprises|services`. • The "manuf" file is now also read from the personal configuration folder, and is profile-based. • The Lua console dialogs under the Tools menu were refactored and redesigned. It now consists of a single dialog window for input and output. • Wireshark now shows byte units in the statistics in the user-selected language (uses the system default language by default). • Packet list sorting has been improved: • When sorting packet list with a filter applied, only the visible packets are sorted, which greatly increases sorting speed. • The cache size for column text is limited to a default of 10000 rows, which limits the maximum memory usage. The maximum value can be changed in Preferences→Appearance→Layout • Due to the above, columns that require packet dissection can only be sorted if the number of visible rows is less than the cache size. If there are more rows visible, a warning will appear. Columns that do not require packet dissection (those that calculated directly from the capture file frame headers, such as packet number, time, and frame length) can be sorted with any number of visible rows. • Sorting can be interrupted. • When changing the dissector via the "Decode As" table for values that have default dissectors registered, selecting "(none)" will select no dissection (while still allowing heuristic dissectors to attempt to dissect.) The previous behavior was to reset the dissector to the default. To facilitate resetting the dissector, the default dissector is now sorted at the top of the list of possible dissector options. • The personal extcap plugin folder location on Unix has been changed to follow existing conventions for architecture-dependent files. The extcap personal folder is now `$HOME/.local/lib/wireshark/extcap`. Previously it was `$XDG_CONFIG_HOME/wireshark/extcap`. • The "init.lua" file is now loaded from any of the Lua plugin directories. Previously it was loaded from the personal configuration directory. (For backward-compatibility this is still allowed; note that deprecated features may be removed in a future release). • Installation of development headers must be done explicitly using the CMake command `cmake --install --component Development`. • The Windows build has a new SpeexDSP external dependency (https://www.speex.org). The speex code that was previously bundled has been removed. • New `--print-timers` option added to TShark. Removed Features and Support • With the addition of the universal and consistent filtering support for column text, the previous support in the -e option to TShark for displaying column text via the column title has been removed in general. Those field names cannot be used elsewhere (as they may not be legal filter names) and create confusion if more than one column has the same title or if a column is renamed. Prefer the column format instead, e.g. "_ws.col.info" for "_ws.col.Info". However, for backwards compatibility with existing tools and scripts, the titles of the default columns can continue to be used with `tshark -e` (but not elsewhere.) • The bundled script "dtd_gen.lua" that was disabled by default has been removed from the installation. It can be found in the Wireshark Wiki under "Contrib"[9]. • The Wi-Fi NAN dissector filter name has been changed from 'nan' to 'wifi_nan'. New File Format Decoding Support RTPDump New Protocol Support Aruba UBT, ASAM Capture Module Protocol (CMP), ATSC Link-Layer Protocol (ALP), DECT DLC protocol layer (DECT-DLC), DECT NWK protocol layer (DECT-NWK), DECT proprietary Mitel OMM/RFP Protocol (also named AaMiDe), Digital Object Identifier Resolution Protocol (DO-IRP), Discard Protocol, FiRa UWB Controller Interface (UCI), FiveCo’s Register Access Protocol (5CoRAP), Fortinet FortiGate Cluster Protocol (FGCP), GPS L1 C/A LNAV navigation messages, GSM Radio Link Protocol (RLP), H.224, High Speed Fahrzeugzugang (HSFZ), Hypertext Transfer Protocol version 3 (HTTP/3), ID3v2, IEEE 802.1CB (R-TAG), Iperf3, JSON 3GPP, Low Level Signalling (ATSC3 LLS), Management Component Transport Protocol (MCTP), Management Component Transport Protocol - Control Protocol (MCTP CP), Matter home automation protocol, Microsoft Delivery Optimization, Multi-Drop Bus (MDB), Non-volatile Memory Express - Management Interface (NVMe-MI) over MCTP, RDP audio output virtual channel Protocol (rdpsnd), RDP clipboard redirection channel Protocol (cliprdr), RDP Program virtual channel Protocol (RAIL), SAP Enqueue Server (SAPEnqueue), SAP GUI (SAPDiag), SAP HANA SQL Command Network Protocol (SAPHDB), SAP Internet Graphic Server (SAP IGS), SAP Message Server (SAPMS), SAP Network Interface (SAPNI), SAP Router (SAPROUTER), SAP Secure Network Connection (SNC), SBAS L1 Navigation Messages (SBAS L1), SINEC AP1 Protocol (SINEC AP), SMPTE ST2110-20 (Uncompressed Active Video), Train Real-Time Data Protocol (TRDP), UBX protocol of u-blox GNSS receivers (UBX), UDP Tracker Protocol for BitTorrent (BT-Tracker), UWB UCI Protocol, Video Protocol 9 (VP9), VMware HeartBeat, Windows Delivery Optimization (MS-DO), Z21 LAN Protocol (Z21), Zabbix, ZigBee Direct (ZBD), and Zigbee TLV Updated Protocol Support • JSON: The dissector now has a preference to enable/disable "unescaping" of string values. By default it is off. Previously it was always on. • JSON: The dissector now supports "Display JSON in raw form". • IPv6: The dissector has a new preference to show some semantic details about addresses (default off). • IPv6: The dissector now supports dissecting the Application-aware IPv6 Networking (APN6) option[10] in the Hop-by-Hop Options Header (HBH) and Destination Options Header (DOH), including all three types of APN ID, which are 32-bit, 64-bit and 128-bit in length. • XML: The dissector now supports display character according to the "encoding" attribute of the XML declaration, and has a new preference to set default character encoding for some XML document without "encoding" attribute. • SIP: The dissector now has a new preference to set default charset for displaying the body of SIP messages in raw text view. • HTTP: The dissector now supports dissecting chunked data in streaming reassembly mode. Subdissectors of HTTP can register itself in "streaming_content_type" subdissector table for enabling streaming reassembly mode while transferring in chunked encoding. This feature ensures the server stream messages of GRPC-Web over HTTP/1.1 can be dissected even if the last chunk is absent. • The media type dissector table now properly treats media types and subtypes as case-insensitive automatically, per RFC 6838. Media types no longer need to be lower cased before registering or looking up in the table. • CFM: The dissector has been overhauled and updated to the level of IEEE std 802.1Q-2022 and ITU-T Rec. G.8013/Y.1371 (08/2015). This includes dissection of additional PDU types and TLVs as well as deeper dissection of existing PDUs and TLVs. Too many other protocol updates have been made to list them all here. New and Updated Codec support Adaptive Multi-Rate (AMR), if compiled with opencore-amr[11]. Major API Changes • Lua function "package.prepend_path" has been removed. If you need it please consider adding your own package.path customization code or installing your dependencies in Wireshark’s default paths. • The reassemble_streaming_data_and_call_subdissector() API has been added to provide a simpler way to reassemble the streaming data of a high level protocol that is not on top of TCP. • Some of the API now uses C99 types instead of GLib types. Issue 19116[12] @ text @d1 1 a1 1 $NetBSD: patch-CMakeLists.txt,v 1.8 2022/11/01 08:59:25 adam Exp $ d8 1 a8 1 --- CMakeLists.txt.orig 2023-11-15 18:30:18.000000000 +0000 d10 1 a10 1 @@@@ -1536,7 +1536,7 @@@@ if(WIN32) d19 2 a20 1 @@@@ -1595,7 +1595,7 @@@@ else() a21 1 set(EXTCAP_INSTALL_FULL_LIBDIR "${CMAKE_INSTALL_PREFIX}/${EXTCAP_INSTALL_LIBDIR}") d28 2 a29 2 @@@@ -2732,7 +2732,11 @@@@ if(BUILD_wireshark AND QT_FOUND) ${MINIZIP_LIBRARIES} d40 1 a40 1 @@@@ -3231,6 +3235,7 @@@@ endif() @ 1.8 log @wireshark: updated to 4.0.1 Wireshark 4.0.1 Release Notes What’s New We do not ship official 32-bit Windows packages for Wireshark 4.0 and later. If you need to use Wireshark on that platform, we recommend using the latest 3.6 release. Issue 17779[1] • The Windows installers now ship with Qt 5.12.2. They previously shipped with Qt 6.2.3. Bug Fixes The following bugs have been fixed: • Comparing a boolean field against 1 always succeeds on big-endian machines. Issue 12236[2]. • Qt: MaxMind GeoIP columns not added to Endpoints table. Issue 18320[3]. • Fuzz job crash output: fuzz-2022-10-04-7131.pcap. Issue 18402[4]. • The RTP player might not play audio on Windows. Issue 18413[5]. • Wireshark 4.0 breaks display filter expression with > sign. Issue 18418[6]. • Capture filters not working when using SSH capture and dumpcap. Issue 18420[7]. • Packet diagram field values are not terminated. Issue 18428[8]. • Packet bytes not displayed completely if scrolling. Issue 18438[9]. • Fuzz job crash output: fuzz-2022-10-13-7166.pcap. Issue 18467[10]. • Decoding bug H.245 userInput Signal. Issue 18468[11]. • CFDP dissector doesn’t handle \"destination filename\" only. Issue 18495[12]. • Home page capture button doesn’t pop up capture options dialog. Issue 18506[13]. • Missing dot in H.248 protocol name. Issue 18513[14]. • Missing dot for protocol H.264 in protocol column. Issue 18524[15]. • Fuzz job crash output: fuzz-2022-10-23-7240.pcap. Issue 18534[16]. New and Updated Features Removed Features and Support • The experimental display filter syntax for literals using angle brackets <…​> that was introduced in Wireshark 4.0.0 has been removed. For byte arrays a colon prefix can be used instead. See the User’s Guide[17] for details. New Protocol Support There are no new protocols in this release. Updated Protocol Support ASN.1 PER, CFDP, Diameter, DirectPlay, F5 Ethernet Trailer, GTP, H.223, H.248, H.264, H.265, IEEE 802.11, IPv4, MBIM, O-RAN FH CUS, PFCP, RTCP, SCTP, SMB, TCP, and TRANSUM New and Updated Capture File Support BLF New File Format Decoding Support There is no new or updated file format support in this release. @ text @d1 1 a1 1 $NetBSD: patch-CMakeLists.txt,v 1.7 2021/12/16 09:36:06 tnn Exp $ d8 1 a8 1 --- CMakeLists.txt.orig 2022-10-26 17:36:47.000000000 +0000 d10 2 a11 2 @@@@ -1530,7 +1530,7 @@@@ else () set(EXTCAP_INSTALL_LIBDIR "${CMAKE_INSTALL_LIBDIR}/${PROJECT_NAME}/extcap" CACHE INTERNAL "The extcap dir") d17 9 d28 1 a28 1 @@@@ -2599,7 +2599,11 @@@@ if(BUILD_wireshark AND QT_FOUND) a31 1 - add_executable(wireshark WIN32 MACOSX_BUNDLE ${wireshark_FILES} ${EXTRA_BUNDLE_FILES}) d33 1 a33 1 + add_executable(wireshark WIN32 MACOSX_BUNDLE ${wireshark_FILES} ${EXTRA_BUNDLE_FILES}) d35 1 a35 1 + add_executable(wireshark WIN32 ${wireshark_FILES} ${EXTRA_BUNDLE_FILES}) d37 1 a37 1 if(WIN32) d40 1 a40 1 @@@@ -3099,6 +3103,7 @@@@ endif() d47 1 a47 1 version_info @ 1.7 log @wireshark: fix build @ text @d1 1 a1 1 $NetBSD: patch-CMakeLists.txt,v 1.6 2021/04/23 07:14:44 adam Exp $ d8 1 a8 1 --- CMakeLists.txt.orig 2021-11-22 18:39:27.000000000 +0000 d10 1 a10 1 @@@@ -1521,7 +1521,7 @@@@ else () d19 1 a19 1 @@@@ -2498,7 +2498,11 @@@@ if(BUILD_wireshark AND QT_FOUND) d32 1 a32 1 @@@@ -2883,6 +2887,7 @@@@ endif() a39 19 @@@@ -3501,12 +3506,12 @@@@ endif() install( FILES - ${CMAKE_MODULE_PATH}/FindGLIB2.cmake - ${CMAKE_MODULE_PATH}/FindWSLibrary.cmake - ${CMAKE_MODULE_PATH}/FindWSWinLibs.cmake - ${CMAKE_MODULE_PATH}/UseAsn2Wrs.cmake - ${CMAKE_MODULE_PATH}/LocatePythonModule.cmake - ${CMAKE_MODULE_PATH}/UseMakePluginReg.cmake + cmake/modules/FindGLIB2.cmake + cmake/modules/FindWSLibrary.cmake + cmake/modules/FindWSWinLibs.cmake + cmake/modules/UseAsn2Wrs.cmake + cmake/modules/LocatePythonModule.cmake + cmake/modules/UseMakePluginReg.cmake DESTINATION ${WIRESHARK_INSTALL_CMAKEDIR} ) @ 1.6 log @wireshark: updated to 3.4.5 Wireshark 3.4.5 Release Notes What’s New Bug Fixes The following vulnerabilities have been fixed: • wnpa-sec-2021-04[1] MS-WSP dissector excessive memory consumption. Issue 17331[2]. The following bugs have been fixed: • TShark does not print GeoIP information Issue 14691[3]. • TShark error when piping to "head" Issue 16192[4]. • Parts of ASCII representation in Packet Bytes pane are missing Issue 17087[5]. • Buildbot crash output: fuzz-2021-02-22-1012761.pcap Issue 17254[6]. • NDPE attribute of NAN packet is not dissected Issue 17278[7]. • TECMP: reserved flag interpreted as part of timestamp Issue 17279[8]. • Master branch does not compile at least with gcc-11 Issue 17281[9]. • DNS IXFR/AXFR multiple response Issue 17293[10]. • File too large Issue 17301[11]. • Build fails with CMake 3.20 Issue 17314[12]. New and Updated Features New Protocol Support There are no new protocols in this release. Updated Protocol Support DECT, DNS, EAP, Kerberos, LDAP, MS-WSP, SMB2, Sysdig, TECMP, and WiFi NAN New and Updated Capture File Support pcapng @ text @d1 1 a1 1 $NetBSD: patch-CMakeLists.txt,v 1.5 2021/04/06 10:25:01 tnn Exp $ d5 4 a8 1 --- CMakeLists.txt.orig 2021-04-21 17:14:36.000000000 +0000 d10 1 a10 1 @@@@ -1425,7 +1425,7 @@@@ else () d19 1 a19 1 @@@@ -2378,7 +2378,11 @@@@ if(BUILD_wireshark AND QT_FOUND) d32 9 a40 1 @@@@ -3317,12 +3321,12 @@@@ endif() @ 1.5 log @wireshark: fix CMake 3.20 fallout closes PR pkg/56094 @ text @d1 1 a1 1 $NetBSD: patch-CMakeLists.txt,v 1.4 2020/09/15 10:19:20 wiz Exp $ a3 4 Avoid CMake Error at CMakeLists.txt:3021 (install): install FILES given directory "${WRKDIR}/.buildlink/cmake-Modules" to install. d5 1 a5 12 From 6ef6e8f607456e239e5f1a326803846930d34fa8 Mon Sep 17 00:00:00 2001 From: Gerald Combs Date: Fri, 26 Mar 2021 12:52:01 -0700 Subject: [PATCH] CMake: Enable AUTO{MOC,UIC,RCC} earlier. Enable CMAKE_AUTOMOC, CMAKE_AUTOUIC, and CMAKE_AUTORCC before searching for Qt packages. This is apparently required for CMake 3.20.0 and later. Fixes #17314. (cherry picked from commit be2b0fc810fb2f2a80e471138dc29f0cbe87b209) --- CMakeLists.txt.orig 2021-03-10 18:21:20.000000000 +0000 d7 1 a7 12 @@@@ -1083,6 +1083,10 @@@@ ws_find_package(Systemd BUILD_sdjournal # Build the Qt GUI? if(BUILD_wireshark) + set(CMAKE_AUTOMOC ON) + set(CMAKE_AUTOUIC ON) + set(CMAKE_AUTORCC ON) + # Untested, may not work if CMAKE_PREFIX_PATH gets overwritten # somewhere. The if WIN32 in this place is annoying as well. if(WIN32) @@@@ -1388,7 +1392,7 @@@@ else () d16 1 a16 1 @@@@ -2345,7 +2349,11 @@@@ if(BUILD_wireshark AND QT_FOUND) d29 1 a29 1 @@@@ -3284,12 +3292,12 @@@@ endif() @ 1.4 log @wireshark: fix libssh detection From upstream fd7739de6b via Michael Forney via tech-pkg @ text @d1 1 a1 1 $NetBSD: patch-CMakeLists.txt,v 1.3 2020/04/09 14:37:15 adam Exp $ d9 12 a20 1 --- CMakeLists.txt.orig 2020-08-12 17:53:19.000000000 +0000 d22 12 a33 1 @@@@ -1359,7 +1359,7 @@@@ else () d42 1 a42 1 @@@@ -2278,7 +2278,11 @@@@ if(BUILD_wireshark AND QT_FOUND) d55 1 a55 1 @@@@ -3210,12 +3214,12 @@@@ endif() @ 1.3 log @wireshark: updated to 3.2.3 Wireshark 3.2.3 Release Notes Wireshark 3.2.0 to 3.2.2 might not update automatically on macOS in some cases. If you’re running those versions on macOS you might have to update to a later version manually. Bug Fixes The following vulnerabilities have been fixed: • wnpa-sec-2020-07[2] The BACapp dissector could crash. The following bugs have been fixed: • Add (IETF) QUIC Dissector. • Rename profile name loses list selection. • Dissector bug warning dissecting TLS Certificate Request with many names. • Only ACKs, but no DATA frames are visible in -> TCP Stream Graph -> Time Sequence (tcptrace). • Copy>Description does not work properly for all tree items. • Importing profiles in Windows - zip files fail and from directory crashes Wireshark. • Packet List selection is gone when adding or removing a display filter. • Check for updates, and auto-update, not working in 3.2.1. • f5ethtrailer: TLS trailer creates incorrect CLIENT keylog entries. • Buildbot crash output: randpkt-2020-03-04-18423.pcap. • File open dialog shows garbled time stamps. • RTCP Bye without optional reason reported as [Malformed Packet]. • Undefined-shift in dissect_rtcp. • SOMEIP: SOME/IP-SD dissector fails to register SOME/IP ports, if IPv6 is being used (BUG). • tshark logs: "…could not be opened: Too many open files.". • Typo in About Wireshark > Keyboard Shortcuts > Unignore All Displayed. • Buildbot crash output: randpkt-2020-04-02-31746.pcap. New and Updated Features There are no new features in this release. New Protocol Support There are no new protocols in this release. Updated Protocol Support AFS, BACapp, Bluetooth, CoAP, Diameter3GPP, F5 Ethernet trailer, GSM RLC MAC, ISIS, ISIS CLV, ISIS HELLO, ISIS LSP, ISIS SNP, NAS 5GS, NR RRC, pcap, QUIC, RPCAP, RTCP, SOME/IP-SD, TLS, and WSP New and Updated Capture File Support pcap @ text @d1 1 a1 1 $NetBSD: patch-CMakeLists.txt,v 1.2 2019/12/30 17:48:05 adam Exp $ d9 1 a9 1 --- CMakeLists.txt.orig 2020-04-08 22:27:01.000000000 +0000 @ 1.2 log @wireshark: updated to 3.2.0 Wireshark 3.2.0 What’s New This is the last release branch with official support for Windows 7 and Windows Server 2008 R2. Many improvements have been made. See the “New and Updated Features” section below for more details. New and Updated Features The following features are new (or have been significantly updated) since version 3.2.0rc2: • Minor bug fixes. The following features are new (or have been significantly updated) since version 3.2.0rc1: • Minor bug fixes. The following features are new (or have been significantly updated) since version 3.1.1: • Miscellaneous UI fixes and updates. • The macOS installer now ships with Qt 5.12.6. It previously shipped with Qt 5.12.5. The following features are new (or have been significantly updated) since version 3.1.0: • Automatic updates are supported on macOS. • You can now select multiple packets in the packet list at the same time • They can be exported as Text by “Ctrl+C” or “Cmd+C” and the corresponding menu in “Edit › Copy › As …” • They can be marked/unmarked or ignored/unignored at the same time • They can be exported and printed using the corresponding menu entries “File › Export Specified Packets”, “File › Export Packet Dissections” and “File › Print” You can now follow HTTP/2 and QUIC streams. You can once again mark and unmark packets using the middle mouse button. This feature went missing around 2009 or so. The Windows packages are now built using Microsoft Visual Studio 2019. IOGraph automatically adds a graph for the selected display filter if no previous graph exists Action buttons for the display filter bar may be aligned left via the context menu • The "Expression…" toolbar entry has been moved to "Analyze › Display filter Expression …" as well as to the context menu of the display filter toolbar Allow extcaps to be loaded from the personal configuration directory The Wireshark 3.1.0 Windows installers ship with Qt 5.12.6. Previous installers shipped with Qt 5.12.4. The following features are new (or have been significantly updated) since version 3.0.0: • You can drag and drop a field to a column header to create a column for that field, or to the display filter input to create a display filter. If a display filter is applied, the new filter can be added using the same rules as “Apply Filter” • You can drag and drop a column entry to the display filter to create a filter for it. • You can import profiles from a .zip archive or an existing directory. • Dark mode support on macOS and dark theme support on other platforms has been improved. • Brotli decompression support in HTTP/HTTP2 (requires the brotli library). • The build system now checks for a SpeexDSP system library installation. The bundled Speex resampler code is still provided as a fallback. • WireGuard decryption can now be enabled through keys embedded in a pcapng in addition to the existing key log preference (Bug 15571[1]). • A new tap for extracting credentials from the capture file has been added. It can be accessed through the -z credentials option in tshark or from the “Tools › Credentials” menu in Wireshark. • Editcap can now split files on floating point intervals. • Windows .msi packages are now signed using SHA-2[2]. .exe installers are still dual-signed using SHA-1 and SHA-2. • The “Enabled Protocols” Dialog now only enables, disables and inverts protocols based on the set filter selection. The protocol type (standard or heuristic) may also be choosen as a filter value. • Save RTP stream to .au supports any codec with 8000 Hz rate supported by Wireshark (shown in RTP player). If save of audio is not possible (unsupported codec or rate), silence of same length is saved and warning is shown. • The “Analyze › Apply as Filter” and “Analyze › Prepare a Filter” packet list and detail popup menus now show a preview of their respective filters. • Protobuf files (*.proto) can now be configured to enable more precise parsing of serialized Protobuf data (such as gRPC). • HTTP2 support streaming mode reassembly. To use this feature, subdissectors can register itself to "streaming_content_type" dissector table and return pinfo→desegment_len and pinfo→desegment_offset to tell HTTP2 when to start and how many additional bytes requires when next called. • The message of stream gRPC method can now be parsed with supporting of HTTP2 streaming mode reassembly feature. • The Wireshark 3.1.0 Windows installers ship with Qt 5.12.4. Previous installers shipped with Qt 5.12.1. New Protocol Support 3GPP BICC MST (BICC-MST), 3GPP log packet (LOG3GPP), 3GPP/GSM Cell Broadcast Service Protocol (cbsp), Asynchronous Management Protocol (AMP), Bluetooth Mesh Beacon, Bluetooth Mesh PB-ADV, Bluetooth Mesh Provisioning PDU, Bluetooth Mesh Proxy, CableLabs Layer-3 Protocol IEEE EtherType 0xb4e3 (CL3), DCOM IProvideClassInfo, DCOM ITypeInfo, Diagnostic Log and Trace (DLT), Distributed Replicated Block Device (DRBD), Dual Channel Wi-Fi (CL3DCW), EBHSCR Protocol (EBHSCR), EERO Protocol (EERO), evolved Common Public Radio Interface (eCPRI), File Server Remote VSS Protocol (FSRVP), FTDI FT USB Bridging Devices (FTDI FT), Graylog Extended Log Format over UDP (GELF), GSM/3GPP CBSP (Cell Broadcast Service Protocol), ITS message - CAMv1, ITS message - DENMv1, Linux net_dm (network drop monitor) protocol, MIDI System Exclusive DigiTech (SYSEX DigiTech), Network Controller Sideband Interface (NCSI), NR Positioning Protocol A (NRPPa) TS 38.455, NVM Express over Fabrics for TCP (nvme-tcp), OsmoTRX Protocol (GSM Transceiver control and data), Scalable service-Oriented MiddlewarE over IP (SOME/IP), USB 2.0 Link Layer (USBLL), and Wi-Fi Neighbour Awareness Networking (NAN) Updated Protocol Support Too many protocols have been updated to list here. New and Updated Capture File Support 3gpp phone, Android Logcat Text, Ascend, Busmaster log file, Candump, Endace ERF, NetScaler, pcapng, and Savvius *Peek @ text @d1 1 a1 1 $NetBSD: patch-CMakeLists.txt,v 1.1 2019/05/06 09:36:47 adam Exp $ d9 1 a9 1 --- CMakeLists.txt.orig 2019-12-18 18:27:56.000000000 +0000 d20 1 a20 1 @@@@ -2280,7 +2280,11 @@@@ if(BUILD_wireshark AND QT_FOUND) d33 1 a33 1 @@@@ -3196,11 +3200,11 @@@@ endif() d38 1 d44 1 @ 1.1 log @wireshark: updated to 3.0.1 3.0.1: The Windows installers now ship with Npcap 0.992. They previously shipped with Npcap 0.99-r9. Bug Fixes The following vulnerabilities have been fixed: wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895. wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899. wnpa-sec-2019-11 IEEE 802.11 dissector infinite loop. Bug 15553. CVE-2019-10897. wnpa-sec-2019-12 GSUP dissector infinite loop. Bug 15585. CVE-2019-10898. wnpa-sec-2019-13 Rbm dissector infinite loop. Bug 15612. CVE-2019-10900. wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894. wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896. wnpa-sec-2019-16 TSDNS dissector crash. Bug 15619. CVE-2019-10902. wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901. wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903. The following bugs have been fixed: [oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type 'guint32' (aka 'unsigned int') in packet-ieee80211.c:15534:49. Bug 14770. [oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in packet-couchbase.c:1674:37. Bug 15439. Duplicated TCP SEQ field in ICMP packets. Bug 15533. Wrong length in dhcpv6 NTP Server suboption results in "Malformed Packet" and breaks further dissection. Bug 15542. Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug 15545. GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549. Import hexdump dummy Ethernet header generation ignores direction indication. Bug 15561. %T not supported for timestamps. Bug 15565. LWM2M: resource with \r\n badly shown. Bug 15572. When selecting BSSAP in 'Decode As' for a SCCP payload, it uses BSSAP+ which is not the same protocol. Bug 15578. Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. Bug 15599. Windows console log output delay. Bug 15605. Syslog dissector processes the UTF-8 BOM incorrectly. Bug 15607. NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608. randpkt -r causes segfault when count > 1. Bug 15627. Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper state: illegal transition. Bug 15628. Packets with metadata but no data get the Protocol Info column overwritten. Bug 15630. BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not decoded. Bug 15631. Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634. Typo: broli → brotli. Bug 15647. Wrong dissection of GTPv2 MM Context Used NAS integrity protection algorithm. Bug 15648. Windows CHM (help file) title displays quoted HTML characters. Bug 15656. Unable to load 3rd party plugins not signed by Wireshark’s codesigning certificate. Bug 15667. 3.0.0: Many user interface improvements have been made. See the “New and Updated Features” section below for more details. Support for a number of legacy features and libraries has been removed. See the “Removed Features and Support” section below for more details. Bug Fixes The following bugs have been fixed: Data following a TCP ZeroWindowProbe is marked as retransmission and not passed to subdissectors (Bug 15427) Lua Error on startup: init.lua: dofile has been disabled due to running Wireshark as superuser (Bug 15489). Text and Image columns were handled incorrectly for TDS 7.0 and 7.1. (Bug 3098) Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419) The following features are new (or have been significantly updated) since version 3.0.0rc1: The IP map feature (the “Map” button in the “Endpoints” dialog) has been added back in a modernized form (Bug 14693). The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7. The macOS package requires version 10.12 or later. If you’re running an older version of macOS, please use Wireshark 2.6. The following features are new (or have been significantly updated) since version 2.9.0: Wireshark now supports the Swedish and Ukrainian languages. Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be configured at Preferences, RSA Keys. The build system now produces reproducible builds (Bug 15163). The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt 5.12.0. The following features are new (or have been significantly updated) since version 2.6.0: The Windows .exe installers now ship with Npcap instead of WinPcap. Besides being actively maintained (by the nmap project), Npcap brings support for loopback capture and 802.11 WiFi monitor mode capture (if supported by the NIC driver). Conversation timestamps are supported for UDP/UDP-Lite protocols TShark now supports the -G elastic-mapping option which generates an ElasticSearch mapping file. The “Capture Information” dialog has been added back (Bug 12004). The Ethernet and IEEE 802.11 dissectors no longer validate the frame check sequence (checksum) by default. The TCP dissector gained a new “Reassemble out-of-order segments” preference to fix dissection and decryption issues in case TCP segments are received out-of-order. See the User’s Guide, chapter TCP Reassembly for details. Decryption support for the new WireGuard dissector (Bug 15011, requires Libgcrypt 1.8). The BOOTP dissector has been renamed to DHCP. With the exception of “bootp.dhcp”, the old “bootp.*” display filter fields are still supported but may be removed in a future release. The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” display filter fields are supported but may be removed in a future release. Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now be copied from other profiles using a button in the corresponding configuration dialogs. APT-X has been renamed to aptX. When importing from hex dump, it’s now possible to add an ExportPDU header with a payload name. This calls the specific dissector directly without lower protocols. The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH connection. Dumpcap now supports the -a packets:NUM and -b packets:NUM options. Wireshark now includes a “No Reassembly” configuration profile. Wireshark now supports the Russian language. The build system now supports AppImage packages. The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt 5.9.7. Support for DTLS and TLS decryption using pcapng files that embed a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug 15252). The editcap utility gained a new --inject-secrets option to inject an existing TLS Key Log file into a pcapng file. A new dfilter function string() has been added. It allows the conversion of non-string fields to strings so string functions (as contains and matches) can be used on them. The Bash test suite has been replaced by one based on Python unittest/pytest. The custom window title can now show file path of the capture file and it has a conditional separator. Removed Features and Support The legacy (GTK+) user interface has been removed and is no longer supported. The portaudio library is no longer needed due to the removal of GTK+. Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported. Wireshark requires GLib 2.32 or later. Wireshark requires GnuTLS 3.2 or later as optional dependency. Building Wireshark requires Python 3.4 or newer, Python 2.7 is unsupported. Building Wireshark requires CMake. Autotools is no longer supported. TShark’s -z compare option was removed. Building with Cygwin is no longer supported on Windows. @ text @d1 1 a1 1 $NetBSD$ a3 1 Store correct version number in version.h. d9 1 a9 1 --- CMakeLists.txt.orig 2019-04-08 18:39:58.000000000 +0000 d11 1 a11 1 @@@@ -1319,7 +1319,7 @@@@ else () d20 2 a21 13 @@@@ -1462,9 +1462,7 @@@@ gmx_test_large_files(GMX_LARGEFILES) set( VERSION ${PROJECT_VERSION} ) add_custom_target(version BYPRODUCTS version.h - COMMAND ${PERL_EXECUTABLE} - ${CMAKE_SOURCE_DIR}/tools/make-version.pl - ${CMAKE_SOURCE_DIR} + COMMAND ${CMAKE_COMMAND} -E echo '\#define VCSVERSION \"${VERSION}\"' > ${CMAKE_BINARY_DIR}/version.h ) set_target_properties(version PROPERTIES FOLDER "Auxiliary") @@@@ -2229,7 +2227,11 @@@@ if(BUILD_wireshark AND QT_FOUND) $<$:UxTheme.lib> d30 4 a33 4 set(PROGLIST ${PROGLIST} wireshark) set_target_properties(wireshark PROPERTIES LINK_FLAGS "${WS_LINK_FLAGS}" @@@@ -3022,11 +3024,11 @@@@ endif() @