Update "wireshark" package to version 1.4.1. Changes since 1.4.0:

- Bug Fixes
   The following vulnerabilities have been fixed. See the security
   advisory for details and a workaround.
     o The Penetration Test Team of NCNIPC (China) discovered that
       the ASN.1 BER dissector was susceptible to a stack overflow.
       (Bug 5230)
  [A patch for this bug was already in version 1.4.0 in "pkgsrc".]
- The following bugs have been fixed:
     o Incorrect behavior using sorting in the packet list. (Bug
       2225)
     o Cooked-capture dissector should omit the source address field
       if empty. (Bug 2519)
     o MySQL dissector doesn't dissect MySQL stream. (Bug 2691)
     o Wireshark crashes if active display filter macro is renamed.
       (Bug 5002)
     o Incorrect dissection of MAP V2 PRN_ACK. (Bug 5076)
     o TCP bytes_in_flight becomes inflated with lost packets. (Bug
       5132)
     o GTP header is exported in PDML with an incorrect size. (Bug
       5162)
     o Packet list hidden columns will not be parsed correctly from
       preferences file. (Bug 5163)
     o Wireshark does not display the t.38 graph. (Bug 5165)
     o Wireshark don't show mgcp calls in "Telephony → VoIP calls".
       (Bug 5167)
     o Wireshark 1.4.0 & VoIP calls "Prepare Filter" problem. (Bug
       5172)
     o GTPv2: IMSI is decoded improperly. (Bug 5179)
     o [NAS EPS] EPS Quality of Service IE decoding is wrong. (Bug
       5186)
     o Wireshark mistakenly writes "not all data available" for IPv4
       checksum. (Bug 5194)
     o GSM: Cell Channel Description, range 1024 format. (Bug 5214)
     o Wrong SDP interpretation on VoIP call flow chart. (Bug 5220)
     o The CLDAP attribute value on a CLDAP reply is no longer being
       decoded. (Bug 5239)
     o [NAS EPS] Traffic Flow Template IE dissection bugs. (Bug 5243)
     o [NAS EPS] Use Request Type IE defined in 3GPP 24.008. (Bug
       5246)
     o NTLMSSP_AUTH domain and username truncated to first letter
       with IE8/Windows7 (generating the NTLM packet). (Bug 5251)
     o IPv6 RH0: dest addr is to be used i.s.o. last RH address when
       0 segments remain. (Bug 5252)
     o EIGRP dissection error in Flags field in external route TLVs.
       (Bug 5261)
     o MRP packet is not correctly parsed in PROFINET multiple write
       record request. (Bug 5267)
     o MySQL Enhancement: support of Show Fields and bug fix. (Bug
       5271)
     o [NAS EPS] Fix TFT decoding when having several Packet Filters
       defined. (Bug 5274)
     o Crash if using ssl.debug.file with no password for
       ssl.keys_list. (Bug 5277)
- Updated Protocol Support
  ASN.1 BER, ASN.1 PER, EIGRP, GSM A RR, GSM Management, GSM MAP,
  GTP, GTPv2, ICMPv6, Interlink, IPv4, IPv6, IPX, LDAP, LLC, MySQL,
  NAS EPS, NTLMSSP, PN-IO, PPP, RPC, SDP, SLL, SSL, TCP

Approved by Alistair Crooks.

3 files changed, 6 insertions, 123 deletions

diff --git a/net/wireshark/Makefile b/net/wireshark/Makefile
index cfed00f9b1a..2c54e884816 100644
--- a/net/wireshark/Makefile
+++ b/net/wireshark/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.52 2010/09/25 11:19:10 tron Exp $
+# $NetBSD: Makefile,v 1.53 2010/10/13 07:35:04 tron Exp $
 
-DISTNAME=		wireshark-1.4.0
+DISTNAME=		wireshark-1.4.1
 CATEGORIES=		net
 MASTER_SITES=		http://www.wireshark.org/download/src/ \
 			${MASTER_SITE_SOURCEFORGE:=wireshark/}
diff --git a/net/wireshark/distinfo b/net/wireshark/distinfo
index a13140b7d53..b1efdb4be26 100644
--- a/net/wireshark/distinfo
+++ b/net/wireshark/distinfo
@@ -1,13 +1,12 @@
-$NetBSD: distinfo,v 1.35 2010/09/26 23:15:18 tron Exp $
+$NetBSD: distinfo,v 1.36 2010/10/13 07:35:04 tron Exp $
 
-SHA1 (wireshark-1.4.0.tar.bz2) = a1dc5fa6eff0320da5dad7ec9c8f3a8f5a18be81
-RMD160 (wireshark-1.4.0.tar.bz2) = 8eb683e1a1175a0386fc5f1262f0289af177d17c
-Size (wireshark-1.4.0.tar.bz2) = 20481773 bytes
+SHA1 (wireshark-1.4.1.tar.bz2) = 8a3832b3a8cadbb0287fc4c1bcd22a75177df2fb
+RMD160 (wireshark-1.4.1.tar.bz2) = 6908437ff93d62c970f1dc8149a253ffffcb8479
+Size (wireshark-1.4.1.tar.bz2) = 20208926 bytes
 SHA1 (patch-aa) = d0744f069ac2d3a8a43b810e1f958360d99200a9
 SHA1 (patch-ab) = 5ae79916603f04c2d362c764d39f0c99728e716c
 SHA1 (patch-ac) = 4e985520ea4b118aea6fc001f256b5de96de7840
 SHA1 (patch-ad) = a09b5ac9e836ef01fbd6ba103de00d08c0af2800
-SHA1 (patch-ae) = a741c3d126c0cd2496438c1c1540ccdfa10714c8
 SHA1 (patch-ba) = 49825d82605a665f54a5cdb6ccb364e55c0e0ffa
 SHA1 (patch-bb) = 1e16337d1894f196f61b233423d729246dea33b5
 SHA1 (patch-bc) = 052ede4ba58502117fe7b355e22a906ff65b773e
diff --git a/net/wireshark/patches/patch-ae b/net/wireshark/patches/patch-ae
deleted file mode 100644
index 512065699ed..00000000000
--- a/net/wireshark/patches/patch-ae
+++ /dev/null
@@ -1,116 +0,0 @@
-$NetBSD: patch-ae,v 1.1 2010/09/25 11:19:10 tron Exp $
-
-Fix for SA41535 taken from here:
-
-http://anonsvn.wireshark.org/viewvc?view=rev&revision=34111
-
---- epan/dissectors/packet-ber.c.orig	2010-08-29 23:17:07.000000000 +0100
-+++ epan/dissectors/packet-ber.c	2010-09-25 11:53:33.000000000 +0100
-@@ -200,6 +200,14 @@
- 	{ 0, NULL }
- };
- 
-+/*
-+ * Set a limit on recursion so we don't blow away the stack. Another approach
-+ * would be to remove recursion completely but then we'd exhaust CPU+memory
-+ * trying to read a hellabyte of nested indefinite lengths.
-+ * XXX - Max nesting in the ASN.1 plugin is 32. Should they match?
-+ */
-+#define BER_MAX_NESTING 500
-+
- static const true_false_string ber_real_binary_vals = {
- 	"Binary encoding",
- 	"Decimal encoding"
-@@ -422,7 +430,8 @@
-  return offset;
- }
- 
--int dissect_unknown_ber(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree)
-+static int
-+try_dissect_unknown_ber(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree, gint nest_level)
- {
- 	int start_offset;
- 	gint8 class;
-@@ -438,6 +447,11 @@
- 	proto_item *pi, *cause;
- 	asn1_ctx_t asn1_ctx;
- 
-+	if (nest_level > BER_MAX_NESTING) {
-+		/* Assume that we have a malformed packet. */
-+		THROW(ReportedBoundsError);
-+	}
-+
- 	start_offset=offset;
- 	asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
- 
-@@ -500,7 +514,7 @@
- 					}
- 					item = proto_tree_add_item(tree, hf_ber_unknown_BER_OCTETSTRING, tvb, offset, len, FALSE);
- 					next_tree = proto_item_add_subtree(item, ett_ber_octet_string);
--					offset = dissect_unknown_ber(pinfo, tvb, offset, next_tree);
-+					offset = try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1);
- 				}
- 			} 
- 			if (!is_decoded_as) {
-@@ -585,7 +599,7 @@
- 		is_decoded_as = TRUE;
- 		proto_item_append_text (pi, "[BER encoded]");
- 		next_tree = proto_item_add_subtree(pi, ett_ber_primitive);
--		offset = dissect_unknown_ber(pinfo, tvb, offset, next_tree);
-+		offset = try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1);
- 	      }
- 	    }
- 
-@@ -632,7 +646,7 @@
- 			next_tree=proto_item_add_subtree(item, ett_ber_SEQUENCE);
- 		}
- 		while(offset < (int)(start_offset + len + hdr_len))
--		  offset=dissect_unknown_ber(pinfo, tvb, offset, next_tree);
-+		  offset=try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1);
- 		break;
- 	  case BER_CLASS_APP:
- 	  case BER_CLASS_CON:
-@@ -643,7 +657,7 @@
- 			next_tree=proto_item_add_subtree(item, ett_ber_SEQUENCE);
- 		}
- 		while(offset < (int)(start_offset + len + hdr_len))
--		  offset=dissect_unknown_ber(pinfo, tvb, offset, next_tree);
-+		  offset=try_dissect_unknown_ber(pinfo, tvb, offset, next_tree, nest_level+1);
- 		break;
- 
- 	  }
-@@ -654,6 +668,11 @@
- 	return offset;
- }
- 
-+int
-+dissect_unknown_ber(packet_info *pinfo, tvbuff_t *tvb, int offset, proto_tree *tree)
-+{
-+	return try_dissect_unknown_ber(pinfo, tvb, offset, tree, 1);
-+}
- 
- int
- call_ber_oid_callback(const char *oid, tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree)
-@@ -853,13 +872,6 @@
-  */
- /* 8.1.3 Length octets */
- 
--/*
-- * Set a limit on recursion so we don't blow away the stack. Another approach
-- * would be to remove recursion completely but then we'd exhaust CPU+memory
-- * trying to read a hellabyte of nested indefinite lengths.
-- * XXX - Max nesting in the ASN.1 plugin is 32. Should they match?
-- */
--#define BER_MAX_INDEFINITE_NESTING 500
- static int
- try_get_ber_length(tvbuff_t *tvb, int offset, guint32 *length, gboolean *ind, gint nest_level) {
- 	guint8 oct, len;
-@@ -873,7 +885,7 @@
- 	tmp_length = 0;
- 	tmp_ind = FALSE;
- 
--	if (nest_level > BER_MAX_INDEFINITE_NESTING) {
-+	if (nest_level > BER_MAX_NESTING) {
- 		/* Assume that we have a malformed packet. */
- 		THROW(ReportedBoundsError);
- 	}