./net/wireshark, Network protocol analyzer

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.6.1nb2, Package name: wireshark-2.6.1nb2, Maintainer: pkgsrc-users

Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. It uses GTK+, a graphical user interface
library, and libpcap, a packet capture and filtering library.

The Wireshark distribution also comes with TShark, which is a
line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
same dissection, capture-file reading and writing, and packet filtering
code as Wireshark, and with editcap, which is a program to read capture
files and write the packets from that capture file, possibly in a
different capture file format, and with some packets possibly removed
from the capture.

This package tracks version 2 stable branch.

Required to run:
[sysutils/desktop-file-utils] [graphics/hicolor-icon-theme] [security/gnutls] [security/libgcrypt] [devel/glib2] [devel/libsmi] [devel/pcre] [lang/lua52] [x11/qt5-qtx11extras] [x11/qt5-qttools]

Required to build:
[pkgtools/x11-links] [x11/xcb-proto] [x11/fixesproto4] [lang/python27] [pkgtools/cwrappers] [x11/xorgproto]

Package options: lua, qt5

Master sites:

SHA1: a0cf45d99ab9a42e087af150cbdec08650b9977a
RMD160: a7f187de0c44b801b51e8b72df41681bbc1835f8
Filesize: 27720.941 KB

Version history: (Expand)

CVS history: (Expand)

   2018-07-06 17:06:52 by Ryo ONODERA | Files touched by this commit (136)
Log message:
Recursive revbump from audio/pulseaudio
   2018-07-03 07:03:44 by Adam Ciarcinski | Files touched by this commit (495)
Log message:
extend PYTHON_VERSIONS_ for Python 3.7
   2018-06-21 14:22:10 by Adam Ciarcinski | Files touched by this commit (7)
Log message:
wireshark: fix building with Qt 5.11
   2018-05-27 14:20:52 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
wireshark: update to 2.6.1.

Wireshark 2.6.1 Release Notes

  Bug Fixes

   The following vulnerabilities have been fixed:

     • ws-sa2018-25

     • The LDSS dissector could crash. (ws-bug14615)

     • ws-sa2018-26

     • The IEEE 1905.1a dissector could crash. (ws-bug14647)

     • ws-sa2018-27

     • The RTCP dissector could crash. (ws-bug14673)

     • ws-sa2018-28

     • Multiple dissectors could consume excessive memory. (ws-bug14678)

     • ws-sa2018-29

     • The DNS dissector could crash. (ws-bug14681)

     • ws-sa2018-30

     • The GSM A DTAP dissector could crash. (ws-bug14688)

     • ws-sa2018-31

     • The Q.931 dissector could crash. (ws-bug14689)

     • ws-sa2018-32

     • The IEEE 802.11 dissector could crash. (ws-bug14686)

     • ws-sa2018-33

     • Multiple dissectors could crash. (ws-bug14703)

   The following bugs have been fixed:

     • Qt GUI does not snap to exactly half of screen in Windows. (Bug

     • Segmentation fault when switching profiles. (Bug 14316[2])

     • QUIC dissector produces incorrect packet numbers (wrong-endian).
       (Bug 14462[3])

     • Wrong default file format chosen in when saving a capture with
       comments added if the original format doesn’t support comments.
       (Bug 14601[4])

     • Lua: Error during loading [AppData directory]:1: bad argument #1
       to dofile (dofile: file does not exist). (Bug 14619[5])

     • Crash when selecting text. (Bug 14620[6])

     • ui/macosx directory missing from source release tarball. (Bug

     • Wireshark 2.9.0 snapshot crashes/segfaults on Windows when
       launched with -k or -i. (Bug 14632[8])

     • "Copy as printable text" isn’t copying non-alphanumeric
       characters. (Bug 14633[9])

     • File missing from release tarball. (Bug 14634[10])

     • NEWS is out of date and does not display properly in Notepad.
       (Bug 14636[11])

     • l16mono.so is installed in the wrong place. (Bug 14638[12])

     • Remove: HACK to support UHD’s weird header offset on data
       packets. (Bug 14641[13])

     • WinSparkle 0.5.6 is out of date and is buggy. (Bug 14642[14])

     • Unable to create or open VOIP captures. (Bug 14648[15])

     • RTMPT: incorrect dissection of multiple RTMP packets within a
       single TCP packet. (Bug 14650[16])

     • Endpoints dialog displays invalid GeoIP information due to
       incorrect byte order. (Bug 14656[17])

     • Qt: Crash in ShowPacketBytesDialog(). (Bug 14658[18])

     • Statistics → Resolved addresses show IP addresses without domain.
       (Bug 14667[19])

     • Erroneous MAC-LTE Dissection for Sidelink Shared Channel Packets.
       (Bug 14669[20])

     • Files missing from docbook CMake file. (Bug 14676[21])

     • Wireshark hangs when opening certain files if it’s been
       configured to use the new GeoIP databases. (Bug 14701[22])

   The “Open”, “Save”, and other file dialogs should now be shown at the
   correct size on HiDPI Windows systems.

  Updated Protocol Support

   IEEE 1905.1a, IEEE 802.11, LDSS, LwM2M-TLV, MAC LTE, NAS EPS, Q.931,

  New and Updated Capture File Support

   3GPP TS 32.423 Trace and Android Logcat
   2018-05-04 01:02:39 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
wireshark: reduce dependencies.

Addresses PR 53256 by martin@

   2018-04-29 14:15:37 by Thomas Klausner | Files touched by this commit (4) | Package updated
Log message:
wireshark: update to 2.6.0.

Switch default GUI from gtk3 to qt5. See What's New below for "why".

 What’s New

  Wireshark 2.6 is the last release that will support the legacy (GTK+)
  user interface. It will not be supported or available in Wireshark

  Many user interface improvements have been made. See the “New and
  Updated Features” section below for more details.

  Bug Fixes

   The following bugs have been fixed:

   Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])

  New and Updated Features

   The following features are new (or have been significantly updated)
   since version 2.5.0:

     • HTTP Request sequences are now supported.

     • Wireshark now supports MaxMind DB files. Support for GeoIP and
       GeoLite Legacy databases has been removed.

     • The Windows packages are now built using Microsoft Visual Studio

     • The IP map feature (the “Map” button in the “Endpoints” dialog)
       has been removed.

   The following features are new (or have been significantly updated)
   since version 2.4.0:

     • Display filter buttons can now be edited, disabled, and removed
       via a context menu directly from the toolbar

     • Drag & Drop filter fields to the display filter toolbar or edit
       to create a button on the fly or apply the filter as a display

     • Application startup time has been reduced.

     • Some keyboard shortcut mix-ups have been resolved by assigning
       new shortcuts to Edit → Copy methods.

     • TShark now supports color using the --color option.

     • The "matches" display filter operator is now case-insensitive.

     • Display expression (button) preferences have been converted to a
       UAT. This puts the display expressions in their own file.
       Wireshark still supports preference files that contain the old
       preferences, but new preference files will be written without the
       old fields.

     • SMI private enterprise numbers are now read from the
       “enterprises.tsv” configuration file.

     • The QUIC dissector has been renamed to Google QUIC (quic →

     • The selected packet number can now be shown in the Status Bar by
       enabling Preferences → Appearance → Layout → Show selected packet

     • File load time in the Status Bar is now disabled by default and
       can be enabled in Preferences → Appearance → Layout → Show file
       load time.

     • Support for the G.729A codec in the RTP Player is now added via
       the bcg729 library.

     • Support for hardware-timestamping of packets has been added.

     • Improved NetMon .cap support with comments, event tracing,
       network filter, network info types and some Message Analyzer
       exported types.

     • The personal plugins folder on Linux/Unix is now

     • TShark can print flow graphs using -z flow…

     • Capinfos now prints SHA256 hashes in addition to RIPEMD160 and
       SHA1. MD5 output has been removed.

     • The packet editor has been removed. (This was a GTK+ only
       experimental feature.)

     • Support BBC micro:bit Bluetooth profile

     • The Linux and UNIX installation step for Wireshark will now
       install headers required to build plugins. A pkg-config file is
       provided to help with this (see “doc/plugins.example” for
       details). Note you must still rebuild all plugins between minor
       releases (X.Y).

     • The Windows installers and packages now ship with Qt 5.9.4.

     • The generic data dissector can now uncompress zlib compressed

     • DNS Stats now supports service level statistics.

     • DNS filters for retransmissions and unsolicited responses have
       been added.

     • The “tcptrace” TCP Stream graph now shows duplicate ACKS and zero
       window advertisements.

     • The membership operator now supports ranges, allowing display
       filters such as tcp.port in {4430..4434} to be expressed. See the
       User’s Guide, chapter Building display filter expressions for

  New Protocol Support

   ActiveMQ Artemis Core Protocol, AMT (Automatic Multicast Tunneling),
   AVSP (Arista Vendor Specific Protocol), Bluetooth Mesh, Broadcom tags
   (Broadcom Ethernet switch management frames), CAN-ETH, CVS password
   server, Excentis DOCSIS31 XRA header, F1 Application Protocol,
   F5ethtrailer, FP Mux, GRPC (gRPC), IEEE 1905.1a, IEEE 802.11ax (High
   Efficiency WLAN (HEW)), IEEE 802.15.9 IEEE Recommended Practice for
   Transport of Key Management Protocol (KMP) Datagrams, IEEE 802.3br
   Frame Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre
   Filesystem, Lustre Network, Nano / RaiBlocks Cryptocurrency Protocol
   (UDP), Network Functional Application Platform Interface (NFAPI)
   Protocol, New Radio Radio Link Control protocol, New Radio Radio
   Resource Control protocol, NR (5G) MAC protocol, NXP 802.15.4 Sniffer
   Protocol, Object Security for Constrained RESTful Environments
   (OSCORE), PFCP (Packet Forwarding Control Protocol), Protobuf
   (Protocol Buffers), QUIC (IETF), RFC 4108 Using CMS to Protect
   Firmware Packages, Session Multiplex Protocol, SolarEdge monitoring
   protocol, Steam In-Home Streaming Discovery Protocol, Tibia, TWAMP
   and OWAMP, Wi-Fi Device Provisioning Protocol, and Wi-SUN FAN

  Updated Protocol Support

   Too many protocols have been updated to list here.

  New and Updated Capture File Support

   Microsoft Network Monitor

  New and Updated Capture Interfaces support

   2018-04-18 00:29:53 by Thomas Klausner | Files touched by this commit (286)
Log message:
Add p11-kit to gnutls/bl3.mk and bump dependencies.
   2018-04-17 12:29:06 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
wireshark: update to 2.4.6.

  Bug Fixes

   The following vulnerabilities have been fixed:
     * [1]wnpa-sec-2018-15
       The MP4 dissector could crash. ([2]Bug 13777)
     * [3]wnpa-sec-2018-16
       The ADB dissector could crash. ([4]Bug 14460)
     * [5]wnpa-sec-2018-17
       The IEEE 802.15.4 dissector could crash. ([6]Bug 14468)
     * [7]wnpa-sec-2018-18
       The NBAP dissector could crash. ([8]Bug 14471)
     * [9]wnpa-sec-2018-19
       The VLAN dissector could crash. ([10]Bug 14469)
     * [11]wnpa-sec-2018-20
       The LWAPP dissector could crash. ([12]Bug 14467)
     * [13]wnpa-sec-2018-21
       The TCP dissector could crash. ([14]Bug 14472)
     * [15]wnpa-sec-2018-22
       The CQL dissector could to into an infinite loop. ([16]Bug 14530)
     * [17]wnpa-sec-2018-23
       The Kerberos dissector could crash. ([18]Bug 14576)
     * [19]wnpa-sec-2018-24
       Multiple dissectors and other modules could leak memory. The TN3270
       ([20]Bug 14480), ISUP ([21]Bug 14481), LAPD ([22]Bug 14482), SMB2
       ([23]Bug 14483), GIOP ([24]Bug 14484), ASN.1 ([25]Bug 14485), MIME
       multipart ([26]Bug 14486), H.223 ([27]Bug 14487), and PCP ([28]Bug
       14488) dissectors were susceptible along with Wireshark and TShark
       ([29]Bug 14489).

   The following bugs have been fixed:
     * TRANSUM doesn't account for DNS retries in the Request Spread.
       ([30]Bug 14210)
     * BGP: IPv6 NLRI is received with Add-path ID, then Wireshark is not
       able to decode the packet correctly. ([31]Bug 14241)
     * Lua script calling Ethernet dissector runs OK in 1.12.4 but crashes
       in later releases. ([32]Bug 14293)
     * PEEKREMOTE dissector lacks 80mhz support, short preamble support
       and spatial streams encoding. ([33]Bug 14452)
     * Statistics > UDP Multicast Streams > [Copy|Save as..] is broken.
       ([34]Bug 14477)
     * Typo error in enumeration value of speech version identifier.
       ([35]Bug 14528)
     * In "Unsaved packets" dialog one can NOT use keyboard to choose
       "Continue without Saving". ([36]Bug 14531)
     * WCCP logical error in CHECK_LENGTH_ADVANCE_OFFSET macros. ([37]Bug

     * Buildbot crash output: fuzz-2018-03-19-19114.pcap. ([38]Bug 14544)
     * alloca() used in wsutil/getopt_long.c without <alloca.h> inclusion.
       ([39]Bug 14552)
     * HP-UX HP ANSI C requires -Wp,-H200000 flag to compile. ([40]Bug
     * Makefile.in uses non-portable "install" command. ([41]Bug 14555)
     * HP-UX HP ANSI C doesn't support assigning {} to a variable in
       epan/app_mem_usage.c. ([42]Bug 14556)
     * PPP in SSTP, HDLC framing not parsed properly. ([43]Bug 14559)
     * Using the DIAMETER dictionary causes the standard input to be
       closed when the dictionary is read. ([44]Bug 14577)

  Updated Protocol Support

   802.11, IEEE 802.11 Radiotap, IEEE 802.15.4, ISUP, Kerberos, LAPD,
   SMB2, SSTP, T.30, TCP, TN3270, TRANSUM, VLAN, WCCP, and WSP