./net/wireshark, Network protocol analyzer

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.0.3nb3, Package name: wireshark-3.0.3nb3, Maintainer: pkgsrc-users

Wireshark is a network traffic analyzer, or "sniffer", for Unix and
Unix-like operating systems. It uses GTK+, a graphical user interface
library, and libpcap, a packet capture and filtering library.

The Wireshark distribution also comes with TShark, which is a
line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the
same dissection, capture-file reading and writing, and packet filtering
code as Wireshark, and with editcap, which is a program to read capture
files and write the packets from that capture file, possibly in a
different capture file format, and with some packets possibly removed
from the capture.


Required to run:
[sysutils/desktop-file-utils] [textproc/libxml2] [graphics/hicolor-icon-theme] [net/libcares] [security/gnutls] [security/libgcrypt] [security/libssh] [devel/glib2] [devel/libsmi] [devel/pcre] [devel/snappy] [lang/lua52] [x11/qt5-qtsvg] [x11/qt5-qtx11extras] [x11/qt5-qttools] [archivers/lz4] [geography/libmaxminddb]

Required to build:
[pkgtools/x11-links] [x11/xcb-proto] [x11/fixesproto4] [pkgtools/cwrappers] [x11/xorgproto] [lang/python37]

Package options: lua, qt5

Master sites:

SHA1: 3a7406d54de9fd925a3d9800471610144fe44354
RMD160: 4ccaf1702977f7ffb225896f90807a35dd6e33cc
Filesize: 30199.199 KB

Version history: (Expand)


CVS history: (Expand)


   2019-08-22 14:23:56 by Ryo ONODERA | Files touched by this commit (678)
Log message:
Recursive revbump from boost-1.71.0
   2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557) | Package updated
Log message:
Bump PKGREVISIONs for perl 5.30.0
   2019-07-21 00:46:59 by Thomas Klausner | Files touched by this commit (595)
Log message:
*: recursive bump for nettle 3.5.1
   2019-07-18 12:11:16 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
wireshark: updated to 3.0.3

Wireshark 3.0.3 Release Notes

 What is Wireshark?

  Wireshark is the world’s most popular network protocol analyzer. It is
  used for troubleshooting, analysis, development and education.

 What’s New

    • The Windows installers now ship with Qt 5.12.4. They previously
      shipped with Qt 5.12.3.

    • The Windows installers now ship with Npcap 0.996. They previously
      shipped with Npcap 0.995.

    • The macOS installer now ships with Qt 5.12.4. It previously
      shipped with Qt 5.12.1.

  Bug Fixes

   The following vulnerabilities have been fixed:

     • wnpa-sec-2019-20[1] ASN.1 BER and related dissectors crash. Bug
       15870[2]. CVE-2019-13619[3].

   The following bugs have been fixed:

     • "ninja install" installs help/faq.py instead of help/faq.txt. Bug
       15543[4].

     • In Wireshark 3.0, encrypted DOCSIS PDU packets no longer match
       the filter "eth.dst". Bug 15731[5].

     • Developer’s Guide section 3.9 "Contribute your changes" should
       incorporate or link "Writing a good commit message" from the
       Wiki. Bug 15752[6].

     • RSL dissector bugs in presence of optional IEs. Bug 15789[7].

     • The "Media Attribute Value" field is missed in rtcp SDP
       dissection (packet-sdp.c). Bug 15791[8].

     • BTLE doesn’t properly detect start fragment of L2CAP PDUs. Bug
       15807[9].

     • Wi-SUN FAN decoder error, Channel Spacing and Reserved fields are
       swapped. Bug 15821[10].

     • tshark: Display filter error message references "-d" when it
       should reference "-Y". Bug 15825[11].

     • Open "protocol" preferences …<U+200B> does not work \ 
for protocol in
       subtree. Bug 15836[12].

     • Problems with sshdump "Error by extcap pipe: sh: sudo: command
       not found". Bug 15845[13].

     • editcap won’t change encapsulation type when writing pcap format.
       Bug 15873[14].

     • ITU-T G.8113.1 MPLS-TP OAM CC,LMM,LMR,DMM and DMR are not seen in
       the 3.0.2. Bug 15887[15].

  New and Updated Features

   There are no new features in this release.

  New Protocol Support

   There are no new protocols in this release.

  Updated Protocol Support

   AERON, ASN.1, BTLE, CUPS, DNS, DOCSIS, DPNSS, GSM RLC/MAC, HiQnet,
   ISO 14443, ISObus VT, LDAP, MAC LTE, MIME multipart, MPLS, MQ, RSL,
   SDP, SMB, TNEF, and Wi-SUN

  New and Updated Capture File Support

   Ascend

  New and Updated Capture Interfaces support

   There is no new or updated capture file support in this release.
   2019-07-01 06:08:55 by Ryo ONODERA | Files touched by this commit (669)
Log message:
Recursive revbump from boost-1.70.0
   2019-05-23 10:15:12 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
wireshark: updated to 3.0.2

3.0.2:
 What’s New

  • The Windows installers now ship with Qt 5.12.3. They previously
    shipped with Qt 5.12.1.

  • The Windows installers now ship with Npcap 0.995. They previously
    shipped with Npcap 0.992.

  • The macOS packages are now notarized[1].

Bug Fixes

 The following vulnerabilities have been fixed:

   • wnpa-sec-2019-19[2] Wireshark dissection engine crash. Bug
     15778[3].

 The following bugs have been fixed:

   • Add (IETF) QUIC Dissector. Bug 13881[4].

   • Wireshark Hangs on startup initializing external capture plugins.
     Bug 14657[5].

   • [oss-fuzz] ERROR: Adding ospf.v3.prefix.options.nu would put more
     than 1000000 items in the tree — possible infinite loop. Bug
     14978[6].

   • Wireshark can call extcap with empty multicheck argument. Bug
     15065[7].

   • CMPv2 KUR message disection gives unexpected value for
     serialNumber under OldCertId fields. Bug 15154[8].

   • "(Git Rev Unknown from unknown)" in version string for official
     tarball. Bug 15544[9].

   • External extcap does not get all arguments sometimes. Bug
     15586[10].

   • Help file doesn’t display for extcap interfaces. Bug 15592[11].

   • Buildbot crash output: randpkt-2019-03-14-4670.pcap. Bug
     15604[12].

   • Building only libraries on windows fails due to CLEAN_C_FILES
     empty. Bug 15662[13].

   • Statistics→Conversations→TCP→Follow Stream - incorrect behavior.
     Bug 15672[14].

   • Wrong NTP timestamp for RTCP XR RR packets (hf_rtcp_xr_timestamp
     field). Bug 15687[15].

   • ws_pipe: leaks pipe handles on errors. Bug 15689[16].

   • Build issue in Wireshark - 3.0.1 on RHEL6. Bug 15706[17].

   • ISAKMP: Segmentation fault with non-hex string for IKEv1
     Decryption Table Initiator Cookie. Bug 15709[18].

   • extcap: non-boolean call arguments can be appended without value
     on selector Reload. Bug 15725[19].

   • Incorrectly interpreted format of MQTT PUBLISH payload data. Bug
     15738[20].

   • print.c: Memory leak in ek_check_protocolfilter. Bug 15758[21].

   • IETF QUIC dissector incorrectly parses retry packet. Bug
     15764[22].

   • Bacnet(app): fix wrong value for id 183 (logging-device →
     logging-object). Bug 15767[23].

   • The SMB2 code to look up decryption keys by session ID assumes
     it’s running on a little-endian machine. Bug 15772[24].

   • tshark -G folders leaves mmdbresolve process behind. Bug
     15777[25].

   • Dissector bug, protocol TLS - failed assertion "data". Bug
     15780[26].

   • WSMP : header_opt_ind field is not correctly set.
   2019-05-14 13:40:36 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
wireshark: add spandsp to options; fixes buidling when spandsp is already installed
   2019-05-06 11:36:47 by Adam Ciarcinski | Files touched by this commit (6) | Package updated
Log message:
wireshark: updated to 3.0.1

3.0.1:
The Windows installers now ship with Npcap 0.992. They previously shipped with \ 
Npcap 0.99-r9.

Bug Fixes
The following vulnerabilities have been fixed:
wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895.
wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899.
wnpa-sec-2019-11 IEEE 802.11 dissector infinite loop. Bug 15553. CVE-2019-10897.
wnpa-sec-2019-12 GSUP dissector infinite loop. Bug 15585. CVE-2019-10898.
wnpa-sec-2019-13 Rbm dissector infinite loop. Bug 15612. CVE-2019-10900.
wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894.
wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896.
wnpa-sec-2019-16 TSDNS dissector crash. Bug 15619. CVE-2019-10902.
wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901.
wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903.

The following bugs have been fixed:
[oss-fuzz] UBSAN: shift exponent 34 is too large for 32-bit type 'guint32' (aka \ 
'unsigned int') in packet-ieee80211.c:15534:49. Bug 14770.
[oss-fuzz] UBSAN: shift exponent 35 is too large for 32-bit type 'int' in \ 
packet-couchbase.c:1674:37. Bug 15439.
Duplicated TCP SEQ field in ICMP packets. Bug 15533.
Wrong length in dhcpv6 NTP Server suboption results in "Malformed \ 
Packet" and breaks further dissection. Bug 15542.
Wireshark’s speaker-to-MaxMind is burning up the CPU. Bug 15545.
GSM-A-RR variable bitmap decoding may report ARFCNs > 1023. Bug 15549.
Import hexdump dummy Ethernet header generation ignores direction indication. \ 
Bug 15561.
%T not supported for timestamps. Bug 15565.
LWM2M: resource with \r\n badly shown. Bug 15572.
When selecting BSSAP in 'Decode As' for a SCCP payload, it uses BSSAP+ which is \ 
not the same protocol. Bug 15578.
Possible buffer overflow in function ssl_md_final for crafted SSL 3.0 sessions. \ 
Bug 15599.
Windows console log output delay. Bug 15605.
Syslog dissector processes the UTF-8 BOM incorrectly. Bug 15607.
NFS/NLM: Wrong lock byte range in the "Info" column. Bug 15608.
randpkt -r causes segfault when count > 1. Bug 15627.
Tshark export to ElasticSearch (-Tek) fails with Bad json_dumper state: illegal \ 
transition. Bug 15628.
Packets with metadata but no data get the Protocol Info column overwritten. Bug \ 
15630.
BGP MP_REACH_NLRI AFI: Layer-2 VPN, SAFI: EVPN - Label stack not decoded. Bug 15631.
Buildbot crash output: fuzz-2019-03-23-1789.pcap. Bug 15634.
Typo: broli → brotli. Bug 15647.
Wrong dissection of GTPv2 MM Context Used NAS integrity protection algorithm. \ 
Bug 15648.
Windows CHM (help file) title displays quoted HTML characters. Bug 15656.
Unable to load 3rd party plugins not signed by Wireshark’s codesigning \ 
certificate. Bug 15667.

3.0.0:

Many user interface improvements have been made. See the “New and Updated \ 
Features” section below for more details.

Support for a number of legacy features and libraries has been removed. See the \ 
“Removed Features and Support” section below for more details.

Bug Fixes

The following bugs have been fixed:
Data following a TCP ZeroWindowProbe is marked as retransmission and not passed \ 
to subdissectors (Bug 15427)
Lua Error on startup: init.lua: dofile has been disabled due to running \ 
Wireshark as superuser (Bug 15489).
Text and Image columns were handled incorrectly for TDS 7.0 and 7.1. (Bug 3098)
Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419)

The following features are new (or have been significantly updated) since \ 
version 3.0.0rc1:
The IP map feature (the “Map” button in the “Endpoints” dialog) has been \ 
added back in a modernized form (Bug 14693).
The macOS package now ships with Qt 5.12.1. Previously it shipped with Qt 5.9.7.
The macOS package requires version 10.12 or later. If you’re running an older \ 
version of macOS, please use Wireshark 2.6.

The following features are new (or have been significantly updated) since \ 
version 2.9.0:
Wireshark now supports the Swedish and Ukrainian languages.
Initial support for using PKCS #11 tokens for RSA decryption in TLS. This can be \ 
configured at Preferences, RSA Keys.
The build system now produces reproducible builds (Bug 15163).
The Windows installers now ship with Qt 5.12.1. Previously they shipped with Qt \ 
5.12.0.

The following features are new (or have been significantly updated) since \ 
version 2.6.0:
The Windows .exe installers now ship with Npcap instead of WinPcap. Besides \ 
being actively maintained (by the nmap project), Npcap brings support for \ 
loopback capture and 802.11 WiFi monitor mode capture (if supported by the NIC \ 
driver).
Conversation timestamps are supported for UDP/UDP-Lite protocols
TShark now supports the -G elastic-mapping option which generates an \ 
ElasticSearch mapping file.
The “Capture Information” dialog has been added back (Bug 12004).
The Ethernet and IEEE 802.11 dissectors no longer validate the frame check \ 
sequence (checksum) by default.
The TCP dissector gained a new “Reassemble out-of-order segments” preference \ 
to fix dissection and decryption issues in case TCP segments are received \ 
out-of-order. See the User’s Guide, chapter TCP Reassembly for details.
Decryption support for the new WireGuard dissector (Bug 15011, requires \ 
Libgcrypt 1.8).
The BOOTP dissector has been renamed to DHCP. With the exception of \ 
“bootp.dhcp”, the old “bootp.*” display filter fields are still \ 
supported but may be removed in a future release.
The SSL dissector has been renamed to TLS. As with BOOTP the old “ssl.*” \ 
display filter fields are supported but may be removed in a future release.
Coloring rules, IO graphs, Filter Buttons and protocol preference tables can now \ 
be copied from other profiles using a button in the corresponding configuration \ 
dialogs.
APT-X has been renamed to aptX.
When importing from hex dump, it’s now possible to add an ExportPDU header \ 
with a payload name. This calls the specific dissector directly without lower \ 
protocols.
The sshdump and ciscodump extcap interfaces can now use a proxy for the SSH \ 
connection.
Dumpcap now supports the -a packets:NUM and -b packets:NUM options.
Wireshark now includes a “No Reassembly” configuration profile.
Wireshark now supports the Russian language.
The build system now supports AppImage packages.
The Windows installers now ship with Qt 5.12.0. Previously they shipped with Qt \ 
5.9.7.
Support for DTLS and TLS decryption using pcapng files that embed a Decryption \ 
Secrets Block (DSB) containing a TLS Key Log (Bug 15252).
The editcap utility gained a new --inject-secrets option to inject an existing \ 
TLS Key Log file into a pcapng file.
A new dfilter function string() has been added. It allows the conversion of \ 
non-string fields to strings so string functions (as contains and matches) can \ 
be used on them.
The Bash test suite has been replaced by one based on Python unittest/pytest.
The custom window title can now show file path of the capture file and it has a \ 
conditional separator.

Removed Features and Support
The legacy (GTK+) user interface has been removed and is no longer supported.
The portaudio library is no longer needed due to the removal of GTK+.
Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
Wireshark requires GLib 2.32 or later.
Wireshark requires GnuTLS 3.2 or later as optional dependency.
Building Wireshark requires Python 3.4 or newer, Python 2.7 is unsupported.
Building Wireshark requires CMake. Autotools is no longer supported.
TShark’s -z compare option was removed.
Building with Cygwin is no longer supported on Windows.