| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Wireshark 4.0.2 Release Notes
What’s New
We do not ship official 32-bit Windows packages for Wireshark 4.0 and
later. If you need to use Wireshark on that platform, we recommend
using the latest 3.6 release. Issue 17779[1]
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2022-09[2] Multiple dissector infinite loops.
• wnpa-sec-2022-10[3] Kafka dissector memory exhaustion.
The following bugs have been fixed:
• Qt: Endpoints dialog - unexpected byte unit suffixes in packet
columns. Issue 18229[4].
• GOOSE: field "floating_point" not working anymore. Issue
18491[5].
• EVS Header-Full format padding issues. Issue 18498[6].
• Wireshark 4.0.0 VOIP playback has no sound and can’t resume after
pausing. Issue 18510[7].
• Wireshark crashes when exporting a profile on Mac OSX if there is
no extension. Issue 18525[8].
• EVS dissector missing value description. Issue 18550[9].
• Qt 6 font descriptions not backward compatible with Qt 5. Issue
18553[10].
• Wireshark, wrong TCP ACKed unseen segment message. Issue
18558[11].
• Invalid Cyrillic symbol in timezone at \"Arrival Time\" field in
frame. Issue 18562[12].
• ProtoBuf parse extension definitions failed. Issue 18599[13].
• Fuzz job crash output: fuzz-2022-11-09-11134.pcap. Issue
18613[14].
• Fuzz job crash output: fuzz-2022-11-14-11111.pcap. Issue
18632[15].
• Wireshark is using old version of ASN (ETSI TS 125 453 V11.2.0)
which is imapacting length of param in the messages. Issue
18646[16].
• BGP: False IGMP flags value in EVPN routes (type 6,7,8) Issue
18660[17].
• wslog assumes stderr and stdout exist. Issue 18684[18].
• Editing packet comments, with non-ASCII characters, on Windows
saves them in the local code page, not in UTF-8. Issue 18698[19].
• Unable to decrypt PSK based DTLS traffic which uses Connection
ID. Issue 18705[20].
• HTTP2 tests fail when built without nghttp2. Issue 18707[21].
|
|
|
|
|
|
Wireshark 4.0.1 Release Notes
What’s New
We do not ship official 32-bit Windows packages for Wireshark 4.0 and
later. If you need to use Wireshark on that platform, we recommend
using the latest 3.6 release. Issue 17779[1]
• The Windows installers now ship with Qt 5.12.2. They previously
shipped with Qt 6.2.3.
Bug Fixes
The following bugs have been fixed:
• Comparing a boolean field against 1 always succeeds on big-endian
machines. Issue 12236[2].
• Qt: MaxMind GeoIP columns not added to Endpoints table. Issue
18320[3].
• Fuzz job crash output: fuzz-2022-10-04-7131.pcap. Issue 18402[4].
• The RTP player might not play audio on Windows. Issue 18413[5].
• Wireshark 4.0 breaks display filter expression with > sign. Issue
18418[6].
• Capture filters not working when using SSH capture and dumpcap.
Issue 18420[7].
• Packet diagram field values are not terminated. Issue 18428[8].
• Packet bytes not displayed completely if scrolling. Issue
18438[9].
• Fuzz job crash output: fuzz-2022-10-13-7166.pcap. Issue
18467[10].
• Decoding bug H.245 userInput Signal. Issue 18468[11].
• CFDP dissector doesn’t handle \"destination filename\" only.
Issue 18495[12].
• Home page capture button doesn’t pop up capture options dialog.
Issue 18506[13].
• Missing dot in H.248 protocol name. Issue 18513[14].
• Missing dot for protocol H.264 in protocol column. Issue
18524[15].
• Fuzz job crash output: fuzz-2022-10-23-7240.pcap. Issue
18534[16].
New and Updated Features
Removed Features and Support
• The experimental display filter syntax for literals using angle
brackets <…> that was introduced in Wireshark 4.0.0 has been
removed. For byte arrays a colon prefix can be used instead. See
the User’s Guide[17] for details.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ASN.1 PER, CFDP, Diameter, DirectPlay, F5 Ethernet Trailer, GTP,
H.223, H.248, H.264, H.265, IEEE 802.11, IPv4, MBIM, O-RAN FH CUS,
PFCP, RTCP, SCTP, SMB, TCP, and TRANSUM
New and Updated Capture File Support
BLF
New File Format Decoding Support
There is no new or updated file format support in this release.
|
|
|
|
Wireshark 3.6.8 Release Notes
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2022-06[2] F5 Ethernet Trailer dissector infinite loop.
Issue 18307[3].
The following bugs have been fixed:
• TCAP Malformed exception on externally re-assembled packet Issue
10515[4].
• Extended 3GPP-GPRS-Negotiated-QoS-profile strings decoded
incompletely Issue 10688[5].
• HTTP2 dissector decodes first SSL record only Issue 11173[6].
• L2TP improvements - cookie length detection, UDP encapsulation
and more Issue 16565[7].
• USB Truncation of URB_isochronous in frames Issue 18021[8].
• ISUP/BICC parameter summary text duplication Issue 18094[9].
• Running rpm-setup.sh shows missing packages that Centos does not
need Issue 18166[10].
• IPX/IPX RIP: Crash on expand subtree Issue 18234[11].
• Qt: A file or packet comment that is too large will corrupt the
pcapng file Issue 18235[12].
• BGP dissector bug Issue 18248[13].
• Wrong interpretation of the cbsp.rep_period field in
epan/dissectors/packet-gsm_cbsp.c Issue 18254[14].
• Assertion due to incorrect mask for btatt.battery_power_state.*
Issue 18267[15].
• Qt: Expert Info dialog not showing Malformed Frame when Frame
length is less than captured length Issue 18312[16].
• Wireshark and tshark become non-responsive when reading certain
packets Issue 18313[17].
Updated Protocol Support
BGP, BICC, BT ATT, CBSP, Couchbase, F5 Ethernet Trailer, Frame, GTP,
GTP (prime), IPsec, ISUP, L2TP, NAS-5GS, Protobuf, SCCP, TCP, and TLS
New and Updated Capture File Support
pcap, pcapng
|
|
|
|
Wireshark 3.6.7
Bug Fixes
The following bugs have been fixed:
• Multiple Files preference "Create new file automatically…after"
[time] working incorrectly Issue 16783[2].
• get_filter Lua function doesn’t return the filter Issue 17188[3].
• Dissector bug, protocol HTTP failed assertion "saved_layers_len <
500" with chunked/multipart Issue 18130[4].
• Wrong EtherCAT bit label (possible dissector bug) Issue 18132[5].
• UDP packets falsely marked as "malformed packet" Issue 18136[6].
• TLS certificate parser with filter crash Issue 18155[7].
• Incorrect type for the IEC 60870 APDU appears in packet details
pane Issue 18167[8].
• NHRP Problem Issue 18181[9].
• EtherCAT CoE header unknown type Issue 18220[10].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
BGP, DTLS, EtherCAT, EtherCAT Mailbox, HTTP, IEC 104, MEGACO, NHRP,
PPPoE, QUIC, RTCP, Signal PDU, SOME/IP, and X509IF
|
|
It is a common protocol and nghttp2 is a comparatively cheap dependency
that most people already have installed since it is default enabled in
curl and nodejs.
|
|
|
|
Wireshark 3.6.6 Release Notes
What’s New
Note: This is the last release branch with support for 32-bit Windows.
Updates will no longer be available after May 22, 2024 for that
platform. Issue 17779[1]
The Windows installers now ship with Npcap 1.60. They previously
shipped with Npcap 1.55.
Bug Fixes
The following bugs have been fixed:
• TLS: RSA decryption fails with Extended Master Secret and
renegotiation Issue 18059[2].
• "dfilter" file on Windows adds carriage returns, and requires
line feeds Issue 18082[3].
• Npcap bundled version needs a bump to v1.60 for Windows 11
compatibility Issue 18084[4].
• "Browse" button in Prefs/Name Resolution/MaxMind crashes
Wireshark on macOS Issue 18088[5].
• TFTP: some packets are not recognized as TFTP packets with 3.6.5
Issue 18122[6].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
DTLS, F5 Capture Information, F5 Ethernet Trailer, FlexRay, MBIM,
TFTP, TLS, and ZigBee ZCL
|
|
|
|
|
|
Wireshark 3.6.5 Release Notes
What’s New
Note: This is the last release branch with support for 32-bit Windows.
Updates will no longer be available after May 22, 2024 for that
platform. Issue 17779[1]
Bug Fixes
This release fixes an installation issue on Windows which was
introduced in the 3.6.4 release. Issue 18077[2].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
New and Updated Capture File Support
There is no new or updated capture file support in this release.
New File Format Decoding Support
There is no new or updated file format support in this release.
|
|
|
|
|
|
don't accidentally find asciidoctor which would cause documentation to
be built and installed.
|
|
Wireshark 3.6.3 Release Notes
What’s New
Bug Fixes
The following bugs have been fixed:
• Fuzz job crash output: fuzz-2022-01-19-7399.pcap Issue 17894[1].
• TLS dissector incorrectly reports JA3 values Issue 17942[2].
• "Wiki Protocol page" in packet details menu is broken - wiki
pages not migrated to GitLab? Issue 17944[3].
• Dissector bug, protocol PFCP display Flow Description IE value
error in Additional Flow Description of PFD Management Request
Message Issue 17951[4].
• Bluetooth: Fails to open Log file for SCO connection Issue
17964[5].
• Fuzz job crash output: fuzz-2022-03-07-10896.pcap Issue 17984[6].
• libwiretap: Save as ERF causes segmentation fault Issue 17989[7].
• HTTP server returning multiple early hints shows too many
responses in "Follow HTTP Stream" Issue 18006[8].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
CSN.1, HTTP, IEEE 802.11, NTLM SSP, PFCP, PKTLOG, SSDP, TLS, and USB
HID
New and Updated Capture File Support
pcap and pcapng
New File Format Decoding Support
There is no new or updated file format support in this release.
|
|
|
|
Wireshark 3.6.2 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2022-01[1] RTMPT dissector infinite loop. Issue
17813[2].
• wnpa-sec-2022-02[3] Large loops in multiple dissectors. Issue
17829[4], Issue 17842[5], Issue 17847[6], Issue 17855[7], Issue
17891[8], Issue 17925[9], Issue 17926[10], Issue 17931[11], Issue
17932[12], Issue 17933[13].
• wnpa-sec-2022-03[14] PVFS dissector crash. Issue 17840[15].
• wnpa-sec-2022-04[16] CSN.1 dissector crash. Issue 17882[17].
• wnpa-sec-2022-05[18] CMS dissector crash. Issue 17935[19].
The following bugs have been fixed:
• Support for GSM SMS TPDU in HTTP2 body Issue 17784[20].
• Wireshark 3.6.1 broke the ABI by removing ws_log_default_writer
from libwsutil Issue 17822[21].
• Fedora RPM package build failing with RPATH of /usr/local/lib64
Issue 17830[22].
• macos-setup.sh: ftp.pcre.org no longer exists Issue 17834[23].
• nmap.org/npcap → npcap.com: domain/URL change Issue 17838[24].
• MPLS ECHO FEC stack change TLV not dissected correctly Issue
17868[25].
• Attempting to open a systemd journal export file segfaults Issue
17875[26].
• Dissector bug on 802.11ac packets Issue 17878[27].
• The Info column shows only one NGAP/S1AP packet of several
packets inside an SCTP packet Issue 17886[28].
• Uninstalling Wireshark 3.6.1 on Windows 10 fails to remove the
installation directory because it doesn’t remove the User’s Guide
subdirectory and all its contents. Issue 17898[29].
• 3.6 doesn’t build without zlib Issue 17899[30].
• SIP Statistics no longer properly reporting method type
accounting Issue 17904[31].
• Fuzz job crash output: fuzz-2022-01-26-6940.pcap Issue 17909[32].
• SCTP retransmission detection broken for the first data chunk of
each association with relative TSN Issue 17917[33].
• “Show In Folder” doesn’t work correctly for filenames with spaces
Issue 17927[34].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AMP, ASN.1 PER, ATN-ULCS, BGP, BP, CFLOW, CMS, CSN.1, GDSDB, GSM RP,
GTP, HTTP3, IEEE 802.11 Radiotap, IPDC, ISAKMP, Kafka, MP2T, MPEG
PES, MPEG SECT, MPLS ECHO, NGAP, NTLMSSP, OpenFlow 1.4, OpenFlow 1.5,
P_MUL, PN-RT, PROXY, PTP, PVFS, RSL, RTMPT, rtnetlink, S1AP, SCTP,
Signal PDU, SIP, TDS, USB, WAP, and ZigBee ZCL
New and Updated Capture File Support
BLF and libpcap
New File Format Decoding Support
There is no new or updated file format support in this release.
|
|
Wireshark 3.6.1 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-17[1] RTMPT dissector infinite loop. Issue
17745[2]. CVE-2021-4185[3].
• wnpa-sec-2021-18[4] BitTorrent DHT dissector infinite loop. Issue
17754[5]. CVE-2021-4184[6].
• wnpa-sec-2021-19[7] pcapng file parser crash. Issue 17755[8].
CVE-2021-4183[9].
• wnpa-sec-2021-20[10] RFC 7468 file parser infinite loop. Issue
17801[11]. CVE-2021-4182[12].
• wnpa-sec-2021-21[13] Sysdig Event dissector crash.
CVE-2021-4181[14].
• wnpa-sec-2021-22[15] Kafka dissector infinite loop. Issue
17811[16].
The following bugs have been fixed:
• Allow sub-second timestamps in hexdumps Issue 15562[17].
• GRPC: An unnecessary empty Protobuf tree item is displayed if the
GRPC message body length is 0 Issue 17675[18].
• Can’t install "ChmodBPF.pkg" or "Add Wireshark to the system
path.pkg" on M1 MacBook Air Monterey without Rosetta 2 Issue
17757[19].
• TECMP: LIN Payload is cut off by 1 byte Issue 17760[20].
• Wireshark crashes if a 64 bit field of type BASE_CUSTOM is
applied as a column Issue 17762[21].
• Command line option "-o console.log.level" causes wireshark and
tshark to exit on start Issue 17763[22].
• Setting WIRESHARK_LOG_LEVEL=debug breaks interface capture Issue
17764[23].
• Unable to build without tshark Issue 17766[24].
• IEEE 802.11 action frames are not getting parsed and always seen
as malformed Issue 17767[25].
• IEC 60870-5-101 link address field is 1 byte, but should have
configurable length of 0,1 or 2 bytes Issue 17775[26].
• dfilter: 'tcp.port not in {1}' crashes Wireshark Issue 17785[27].
New and Updated Features
• The 'console.log.level' preference was removed in Wireshark
3.6.0. This release adds an '-o console.log.level:'
backward-compatibilty option on the CLI that maps to the new
logging sub-system. Note that this does not have bitmask
semantics and does not correspond to any actual preference. It is
just a transition mechanism for users that were relying on this
CLI option and will be removed in the future. To see the new
diagnostic output options consult the manpages or the output of
'--help'.
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ANSI A I/F, AT, BitTorrent DHT, FF, GRPC, IEC 101/104, IEEE 802.11,
IEEE 802.11 Radiotap, IPsec, Kafka, QUIC, RTMPT, RTSP, SRVLOC, Sysdig
Event, and TECMP
New and Updated Capture File Support
BLF and RFC 7468
New File Format Decoding Support
There is no new or updated file format support in this release.
|
|
|
|
|
|
Wireshark 3.6.0 Release Notes
What’s New
Many improvements have been made. See the “New and Updated Features”
section below for more details. You might want to pay particular
attention to the display filter syntax updates.
New and Updated Features
The following features are new (or have been significantly updated)
since version 3.6.0rc3:
• The macOS Intel packages now ship with Qt 5.15.3 and require
macOS 10.13 or later.
The following features are new (or have been significantly updated)
since version 3.6.0rc2:
• Display filter set elements must now be comma-separated. See
below for more details.
The following features are new (or have been significantly updated)
since version 3.6.0rc1:
• The display filter expression “a != b” now has the same meaning
as “!(a == b)”.
The following features are new (or have been significantly updated)
since version 3.5.0:
• Nothing of note.
The following features are new (or have been significantly updated)
since version 3.4.0:
• Several changes have been made to the display filter syntax:
• The expression “a != b” now always has the same meaning as
“!(a == b)”. In particular this means filter expressions with
multi-value fields like “ip.addr != 1.1.1.1” will work as
expected (the result is the same as typing “ip.src != 1.1.1.1 and
ip.dst != 1.1.1.1”). This avoids the contradiction (a == b and a
!= b) being true.
• It is possible to use the syntax “a ~= b” or “a any_ne b” to
recover the previous (inconsistent with "==") logic for not
equal.
• Literal strings can now be specified using raw string syntax,
identical to raw strings in the Python programming language. This
can be used to avoid the complexity of using two levels of
character escapes with regular expressions.
• Set elements must now be separated using a comma. A filter
such as http.request.method in {"GET" "HEAD"} must be written as
…<U+200B> in {"GET", "HEAD"}. Whitespace is not significant. The
previous use of whitespace as separator is deprecated and will be
removed in a future version.
• Support for the syntax "a not in b" with the same meaning as
"not a in b" has been added.
• Packaging updates:
• A macOS Arm 64 (Apple Silicon) package is now available.
• The macOS Intel packages now ship with Qt 5.15.3 and require
macOS 10.13 or later.
• The Windows installers now ship with Npcap 1.55.
• A 64-bit Windows PortableApps package is now available.
• TCP conversations now support a completeness criteria, which
facilitates the identification of TCP streams having any of
opening or closing handshakes, a payload, in any combination. It
can be accessed with the new tcp.completeness filter.
• Protobuf fields that are not serialized on the wire or otherwise
missing in capture files can now be displayed with default values
by setting the new “add_default_value” preference. The default
values might be explicitly declared in “proto2” files, or false
for bools, first value for enums, zero for numeric types.
• Wireshark now supports reading Event Tracing for Windows (ETW). A
new extcap named ETW reader is created that now can open an etl
file, convert all events in the file to DLT_ETW packets and write
to a specified FIFO destination. Also, a new packet_etw dissector
is created to dissect DLT_ETW packets so Wireshark can display
the DLT_ETW packet header, its message and packet_etw dissector
calls packet_mbim sub_dissector if its provider matches the MBIM
provider GUID.
• “Follow DCCP stream” feature to filter for and extract the
contents of DCCP streams.
• Wireshark now supports dissecting RTP packets with OPUS payloads.
• Importing captures from text files based on regular expressions
is now possible. By specifying a regex capturing a single packet
including capturing groups for relevant fields a textfile can be
converted to a libpcap capture file. Supported data encodings are
plain-hexadecimal, -octal, -binary and base64. Also the timestamp
format now allows the second-fractions to be placed anywhere in
the timestamp and it will be stored with nanosecond instead of
microsecond precision.
• The RTP Player has been significatnly redesigned and improved.
See Playing VoIP Calls[1] and RTP Player Window[2] in the User’s
Guide for more details.
• The RTP Player can play many streams in row.
• The UI is more responsive.
• The RTP Player maintains playlist and other tools can add and
remove streams to and from it.
• Every stream can be muted or routed to the left or right
channel for replay.
• The option to save audio has been moved from the RTP Analysis
dialog to the RTP Player. The RTP Player also saves what was
played, and it can save in multichannel .au or .wav.
• The RTP Player is now accessible from the Telephony › RTP ›
RTP Player menu.
• The VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP
Player, SIP Flows) are non-modal and can stay opened on
background.
• The same tools are provided across all dialogs (Prepare
Filter, Analyse, RTP Player …<U+200B>)
• The “Follow Stream” dialog is now able to follow SIP calls based
on their Call-ID value.
• The “Follow Stream” dialog’s YAML output format has been updated
to add timestamps and peers information For more details see
Following Protocol Streams[3] in the User’s Guide.
• IP fragments between public IPv4 addresses are now reassembled
even if they have different VLAN IDs. Reassembly of IP fragments
where one endpoint is a private (RFC 1918 section 3) or
link-local (RFC 3927) IPv4 address continues to take the VLAN ID
into account, as those addresses can be reused. To revert to the
previous behavior and not reassemble fragments with different
VLAN IDs, turn on the “Enable stricter conversation tracking
heuristics” top level protocol preference.
• USB Link Layer reassembly has been added, which allows hardware
captures to be analyzed at the same level as software captures.
• TShark can now export TLS session keys with the
--export-tls-session-keys option.
• Wireshark participated in the Google Season of Docs 2020 and the
User’s Guide has been extensively updated.
• The “RTP Stream Analysis” dialog CSV export format was slightly
changed. The first line of the export contains column titles as
in other CSV exports.
• Wireshark now supports the Turkish language.
• The settings in the “Import from Hex Dump” dialog is now stored
in a profile import_hexdump.json file.
• Analyze › Reload Lua Plugins has been improved to properly
support FileHandler.
• The “RTP Stream Analysis” and “IAX2 Stream Analysis” dialogs now
show correct calculation mean jitter calculations.
• RTP streams are now created based on Skinny protocol messages in
addition to other types of messages.
• The “VoIP Calls Flow Sequence” window shows more information
about various Skinny messages.
• Initial support for building Wireshark on Windows using GCC and
MinGW-w64 has been added. See README.msys2 in the sources for
more information.
New File Format Decoding Support
Vector Informatik Binary Log File (BLF)
New Protocol Support
5G Lawful Interception (5GLI), Bluetooth Link Manager Protocol (BT
LMP), Bundle Protocol version 7 (BPv7), Bundle Protocol version 7
Security (BPSec), CBOR Object Signing and Encryption (COSE), E2
Application Protocol (E2AP), Event Tracing for Windows (ETW), EXtreme
extra Eth Header (EXEH), High-Performance Connectivity Tracer
(HiPerConTracer), ISO 10681, Kerberos SPAKE, Linux psample protocol,
Local Interconnect Network (LIN), Microsoft Task Scheduler Service,
O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN), Opus Interactive Audio
Codec (OPUS), PDU Transport Protocol, R09.x (R09), RDP Dynamic
Channel Protocol (DRDYNVC), RDP Graphic pipeline channel Protocol
(EGFX), RDP Multi-transport (RDPMT), Real-Time Publish-Subscribe
Virtual Transport (RTPS-VT), Real-Time Publish-Subscribe Wire
Protocol (processed) (RTPS-PROC), Shared Memory Communications (SMC),
Signal PDU, SparkplugB, State Synchronization Protocol (SSyncP),
Tagged Image File Format (TIFF), TP-Link Smart Home Protocol, UAVCAN
DSDL, UAVCAN/CAN, UDP Remote Desktop Protocol (RDPUDP), Van Jacobson
PPP compression (VJC), World of Warcraft World (WOWW), and X2 xIRI
payload (xIRI)
Updated Protocol Support
Too many protocols have been updated to list here.
New and Updated Capture File Support
Vector Informatik Binary Log File (BLF)
|
|
|
|
Wireshark 3.4.10 Release Notes
What’s New
This release fixes a forward compatibility issue[1] with the I/O
Graphs preferences.
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-07[2] Bluetooth DHT dissector crash. Issue
17651[3]. CVE-2021-39929[4].
• wnpa-sec-2021-08[5] Bluetooth HCI_ISO dissector crash. Issue
17649[6]. CVE-2021-39926[7].
• wnpa-sec-2021-09[8] Bluetooth SDP dissector crash. Issue
17635[9]. CVE-2021-39925[10].
• wnpa-sec-2021-10[11] Bluetooth DHT dissector large loop. Issue
17677[12]. CVE-2021-39924[13].
• wnpa-sec-2021-11[14] PNRP dissector large loop. Issue 17684[15].
• wnpa-sec-2021-12[16] C12.22 dissector crash. Issue 17636[17].
CVE-2021-39922[18].
• wnpa-sec-2021-13[19] IEEE 802.11 dissector crash. Issue
17704[20]. CVE-2021-39928[21].
• wnpa-sec-2021-14[22] Modbus dissector crash. Issue 17703[23].
CVE-2021-39921[24].
• wnpa-sec-2021-15[25] IPPUSB dissector crash. Issue 17705[26].
CVE-2021-39920[27].
The following bugs have been fixed:
• OSS-Fuzz: Heap-use-after-free in ROS Issue 16342[28].
• Allow for '\0' (NULL) character as filter instead of requiring
0x00 for the character match Issue 16525[29].
• Dumpcap with threads reports double received count vs captured
Issue 17089[30].
• I/O Graphs values reset to default with 3.5 due to change of UAT
Issue 17623[31].
• HTTP2 dissector reports an assertion error on large data frames
Issue 17633[32].
• TShark stops capturing when capturing with multiple files and
packet printing enabled Issue 17654[33].
• Wireshark is unable to decode the IMSI IE received in BSSMAP
Perform Location request Issue 17667[34].
• WSLUA: Crash on reload if Proto has no fields Issue 17668[35].
• Crash in flow analysis for TCP Issue 17722[36].
Updated Protocol Support
BT HCI_ISO, BT SDP, BT-DHT, C12.22, CAN FD, CSN1, EAPOL-MKA, EVS, GSM
BSSMAP LE, HTTP2, IDMP, IEEE 1905.1a, IEEE 802.11, IPPUSB, Modbus,
PNRP, and TCP
New and Updated Capture File Support
pcap
|
|
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
|
|
its buildlink3.mk now includes openssl's buildlink3.mk
|
|
Wireshark 3.4.9 Release Notes
Bug Fixes
The following bugs have been fixed:
• TShark PDML output embeds "proto" elements within other "proto"
elements Issue 10588[1].
• Filter expressions comparing against single-octet hex strings
where the hex digit string equals a protocol name don’t work
Issue 12810[2].
• AMQP 0.9: dissector fails to handle Content-Body frame split
across TCP packets Issue 14217[3].
• IEEE 802.15.4: Missing check on "PAN ID Present" bit of the
Multipurpose Frame Control field Issue 17496[4].
• Wireshark ignored some character in filename when exporting SMB
objects. Issue 17530[5].
• tshark -z credentials: assertion failed: (allocator→in_scope)
Issue 17576[6].
• IS-IS Extended IP Reachability Prefix-SID not decoded properly
Issue 17610[7].
• Error when reloading lua plugins with a capture file loaded via a
custom lua file handler Issue 17615[8].
• Absolute time UTC field filters are constructed incorrectly,
don’t match the packet Issue 17617[9].
• GUI freezes when clicking on large (non-capture) file in File
chooser Issue 17620[10].
• Crash after selecting a different profile while capturing Issue
17622[11].
• BT-DHT reports malformed packets that are actually uTP on same
connection Issue 17626[12].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AMQP, Aruba IAP, BGP, BT-DHT, CoAP, DCERPC SPOOLSS, Diameter, EPL,
GSM A-bis OML, GSM A-I/F COMMON, GSM SIM, IEEE 1905.1a, IEEE
802.15.4, IMAP, InfiniBand, ISIS LSP, ISObus VT, JPEG, MP2T,
NORDIC_BLE, QUIC, RTCP, SDP, SMB, TWAMP-Control, USB HID, and VSS
Monitoring
New and Updated Capture File Support
CAM Inspector, Ixia IxVeriWave, pcapng, and USBDump
|
|
|
|
|
|
Wireshark 3.4.8 Release Notes
Bug Fixes
The following bugs have been fixed:
• Dissector bug reported for Bluetooth Cycling Power Measurement
characteristic for extreme angles value Issue 17505[1].
• vcruntime140_1.dll deleted on Wireshark update/install Issue
17506[2].
• Raknet Addresses are incorrectly identified. Issue 17509[3].
• Editcap saving files as ethernet when specifying '-T
ieee-802-11-*' Issue 17520[4].
• CoAP dissector confuses Content-Format with Accept Issue
17536[5].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
BT ATT, BT LE LL, CoAP, DLM3, GSM SIM, iLBC, and RakNet
New and Updated Capture File Support
There is no new or updated capture file support in this release.
|
|
|
|
Wireshark 3.4.7
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-06[1] DNP dissector crash. Issue 17462[2].
CVE-2021-22235[3].
The following bugs have been fixed:
• TCP dissector - Erroneous DSACK reporting Issue 17315[4].
• No wlan_radio.duration calculated for PHY type: 802.11ac (VHT)
Issue 17419[5].
• NAN Dissector has wrong minimum length for availability attribute
Issue 17431[6].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ASTERIX, BT LE LL, DCE RPC, DNP, GTPv2, IEEE 802.11 Radio, LDAP, NAN,
NORDIC_BLE, NR RRC, OSPF, pcapng, PNIO, RSL, S101, Snort config, and
TCP
New and Updated Capture File Support
Catapult DCT2000, ERF, and pcap
|
|
Wireshark 3.4.6 Release Notes
What’s New
The Windows installers now ship with Npcap 1.31. They previously
shipped with Npcap 1.10.
The Windows installers now ship with Qt 5.15.2. They previously
shipped with Qt 5.12.1.
Bug Fixes
• wnpa-sec-2021-04[1] DVB-S2-BB dissector infinite loop
The following bugs have been fixed:
• Macro filters can’t handle escaped characters Issue 17160[2].
• Display filter crashes Wireshark Issue 17316[3].
• IEEE-1588 Signalling Unicast TLV incorrectly reported as being
malformed Issue 17355[4].
• IETF QUIC TLS decryption error with extraneous packets during the
handshake Issue 17383[5].
• Statistics → Resolved Addresses: multi-protocol (TCP/UDP/…<U+200B>)
ports not displayed Issue 17395[6].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
DNP, DVB-S2-BB, ProtoBuf, PTP, QUIC, RANAP, and TACACS
New and Updated Capture File Support
Ascend, ERF, K12, NetScaler, and pcapng
|
|
|
|
Wireshark 3.4.5 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-04[1] MS-WSP dissector excessive memory
consumption. Issue 17331[2].
The following bugs have been fixed:
• TShark does not print GeoIP information Issue 14691[3].
• TShark error when piping to "head" Issue 16192[4].
• Parts of ASCII representation in Packet Bytes pane are missing
Issue 17087[5].
• Buildbot crash output: fuzz-2021-02-22-1012761.pcap Issue
17254[6].
• NDPE attribute of NAN packet is not dissected Issue 17278[7].
• TECMP: reserved flag interpreted as part of timestamp Issue
17279[8].
• Master branch does not compile at least with gcc-11 Issue
17281[9].
• DNS IXFR/AXFR multiple response Issue 17293[10].
• File too large Issue 17301[11].
• Build fails with CMake 3.20 Issue 17314[12].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
DECT, DNS, EAP, Kerberos, LDAP, MS-WSP, SMB2, Sysdig, TECMP, and WiFi
NAN
New and Updated Capture File Support
pcapng
|
|
|
|
|
|
closes PR pkg/56094
|
|
|
|
|
|
Wireshark 3.4.4 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-03[1] Wireshark could open unsafe URLs. Issue
17232[2]. CVE-2021-22191[3].
The following bugs have been fixed:
• NTP Version 3 Client Decode PDML output issue (Reference ID
Issue) Issue 17112[4].
• 3.4.2: public wireshark include files are including build time
"config.h" Issue 17190[5].
• wireshark-3.4.3/epan/dissectors/packet-s7comm.c:3521: bad array
index ? Issue 17198[6].
• SIP protocol: P-Called-Party-ID header mixed up with
P-Charge-Info header Issue 17215[7].
• Asterix CAT010 Decode Error Issue 17226[8].
• _ws.expert columns not populated for IPv4 Issue 17228[9].
• Buildbot crash output: fuzz-2021-02-12-1651908.pcap Issue
17233[10].
• gQUIC: Wireshark 3.4.3 fails to dissect a packet (gQUIC q024)
that v3.2.6 succeeds. Issue 17250[11].
|
|
|
|
Wireshark 3.4.3 Release Notes
What’s New
The Windows installers now ship with Npcap 1.10. They previously
shipped with Npcap 1.00.
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2021-01[1] USB HID dissector memory leak. Bug 17124[2].
CVE-2021-22173[3].
• wnpa-sec-2021-02[4] USB HID dissector crash. Bug 17165[5].
CVE-2021-22174[6].
The following bugs have been fixed:
• SIP response single-line multiple Contact-URIs decoding error Bug
13752[7].
• Adding filter while "Telephony→VoIP Calls→Flow Sequence" open
causes OOB memory reads and potential crashes. Bug 16952[8].
• QUIC packet not fully dissected Bug 17077[9].
• SOMEIP-SD hidden entries are off Bug 17091[10].
• Problem with calculation on UDP checksum in SRv6 Bug 17097[11].
• Dark mode not working in Wireshark 3.4.2 on macOS Bug 17098[12].
• Wireshark 3.4.0: build failure on older MacOS releases, due to
'CLOCK_REALTIME' Bug 17101[13].
• TECMP: Status Capture Module messages shows 3 instead of 2 bytes
for HW version Bug 17133[14].
• Documentation - editorial error - README.dissector bad reference
Bug 17141[15].
• Cannot save capture with comments to a format that doesn’t
support it (no pop-up) Bug 17146[16].
• AUTOSAR-NM: PNI TF-String wrong way around Bug 17154[17].
• Fibre Channel parsing errors even with the fix for 17084 Bug
17168[18].
• f5ethtrailer: Won’t find a trailer after an FCS that begins with
a 0x00 byte Bug 17171[19].
• f5ethtrailer: legacy format, low noise only, no vip name trailers
no longer detected Bug 17172[20].
• Buildbot crash output: fuzz-2021-01-22-3387835.pcap Bug
17174[21].
• Dissection error on large ZVT packets Bug 17177[22].
• TShark crashes with -T ek option Bug 17179[23].
New and Updated Features
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
AUTOSAR-NM, DHCPv6, DoIP, FC ELS, GQUIC, IPv6, NAS 5GS, NAS EPS,
QUIC, SIP, SOME/IP-SD, TECMP, TLS, TPNCP, USB HID, and ZVT
New and Updated Capture File Support
f5ethtrailer and pcapng
|
|
Wireshark 3.4.2 Release Notes
What’s New
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2020-20[1] QUIC dissector crash Bug 17073[2].
The following bugs have been fixed:
New and Updated Features
• IETF QUIC TLS decryption errors when packets are coalesced with
random data Bug 16914[3].
• QUIC: missing dissection of some coalesced SH packets Bug
17011[4].
• macos-setup.sh can’t find SDK on macOS Big Sur, as it went to 11
Bug 17043[5].
• Mapping endpoints in browser ⇒ Map file error Bug 17074[6].
• Wireshark 3.4.1 hangs on startup on macOS Big Sur 11.0.1 Bug
17075[7].
• False expect error seen on FCoE frames (not seen with older
release wireshark 1.2.18) Bug 17084[8].
• Several libraries missing in 3.4.1 and 3.2.9 installers for macOS
Bug 17086[9].
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
DOCSIS, FC-dNS, FC-SWILS, FCoE, QUIC, SNMP, and USBHID
New and Updated Capture File Support
There is no new or updated capture file support in this release.
|
|
|
|
Wireshark 3.4.1 Release Notes
What is Wireshark?
Wireshark is the world’s most popular network protocol analyzer. It is
used for troubleshooting, analysis, development and education.
What’s New
Bug Fixes
• wnpa-sec-2020-16[1] Kafka dissector memory leak. Bug 16739[2].
CVE-2020-26418[3].
• wnpa-sec-2020-17[4] USB HID dissector crash. Bug 16958[5].
CVE-2020-26421[6].
• wnpa-sec-2020-18[7] RTPS dissector memory leak. Bug 16994[8].
CVE-2020-26420[9].
• wnpa-sec-2020-19[10] Multiple dissector memory leak. Bug
17032[11]. CVE-2020-26419[12].
The following bugs have been fixed:
New and Updated Features
• IETF QUIC TLS decryption errors when a NAT rebinding happens for
a connection Bug 16915[13].
• IETF QUIC TLS decryption error with key update Bug 16916[14].
• IETF QUIC TLS decryption error after the second key update Bug
16920[15].
• SOME/IP: Wrong dissection of parameters after Array Bug
16951[16].
• Can editcap properly corrupt pcapng file with systemd journal
export block? Bug 16965[17].
• Crash when a GIOP ior.txt file is present Bug 16984[18].
• Protobuf: failed to parse .proto file contains negative enum
values or option values of number type Bug 16988[19].
• MMRP dissector bug Bug 17005[20].
• QUIC: "Loss bits" capability Bug 17010[21].
• Stdin capture fails on Windows Bug 17018[22].
• SSTP no longer recognized Bug 17024[23].
• RFC2190 encapsulated H.263 bitfields masked wrong in Mode A Bug
17025[24].
• editcap fails when splitting into multiple pcapng files Bug
17060[25].
New Protocol Support
There are no new protocols in this release.
Updated Protocol Support
ACDR, DOCSIS, Ericsson HDLC, F5 Ethernet Trailer, GIOP, GSM A, GSM
RLC MAC, HTTP, IEEE 802.11, Kafka, LLC, MBIM, MMRP, NAS 5GS, NAS EPS,
Nordic BLE, ProtoBuf, QUIC, Radiotap, RFC 2190, RTCP, RTPS, S1AP,
SOME/IP, STUN, and USB Video
New and Updated Capture File Support
pcapng
|
|
Wireshark 3.4.0
New and Updated Features
The following features are new (or have been significantly updated) since version 3.4.0rc1:
Nothing of note.
The following features are new (or have been significantly updated) since version 3.3.1:
The Protobuf fields defined as google.protobuf.Timestamp type of Protobuf standard library can now be dissected as Wireshark fields of absolute time type.
The following features are new (or have been significantly updated) since version 3.3.0:
The Windows installers now ship with Npcap 1.00. They previously shipped with Npcap 0.9997.
The Windows installers now ship with Qt 5.15.1. They previously shipped with Qt 5.12.8.
The following features are new (or have been significantly updated) since version 3.2.0:
Windows executables and installers are now signed using SHA-2 only.
Save RTP stream to .au supports any codec with 8000 Hz rate supported by Wireshark (shown in RTP player). If save of audio is not possible (unsupported codec or rate), silence of same length is saved and warning is shown.
Asynchronous DNS resolution is always enabled. As a result, the c-ares library is now a required dependency.
Protobuf fields can be dissected as Wireshark (header) fields that allows user input the full names of Protobuf fields or messages in Filter toolbar for searching.
Dissectors based on Protobuf can register themselves to a new 'protobuf_field' dissector table, which is keyed with the full names of fields, for further parsing fields of BYTES or STRING type.
Wireshark is able to decode, play, and save iLBC payload on platforms where the iLBC library is available.
Wireshark is able to decode, play, and save opus payload on platforms where the opus library is available.
“Decode As” entries can now be copied from other profiles using a button in the dialog.
sshdump can now be copied to multiple instances. Each instance will show up a different interface and will have its own profile.
The main window now supports a packet diagram view, which shows each packet as a textbook-style diagram.
Filter buttons (“Preferences → Filter Buttons”) can be grouped by using “//” as a path separator in the filter button label.
IPP Over USB packets can now be dissected and displayed
New Protocol Support
Arinc 615A (A615A), Asphodel Protocol, AudioCodes Debug Recording (ACDR), Bluetooth HCI ISO (BT HCI ISO), Cisco MisCabling Protocol (MCP), Community ID Flow Hashing (CommunityID), DCE/RPC IRemoteWinspool SubSystem, (IREMOTEWINSPOOL), Dynamic Link Exchange Protocol (DLEP), EAP Generalized Pre-Shared Key (EAP-GPSK), EAP Password Authenticated Exchange (EAP-PAX), EAP Pre-Shared Key (EAP-PSK), EAP Shared-secret Authentication and Key Establishment (EAP-SAKE), Fortinet Single Sign-on (FSSO), FTDI Multi-Protocol Synchronous Serial Engine (FTDI MPSSE), Hypertext Transfer Protocol Version 3 (HTTP3), ILDA Digital Network (IDN), Java Debug Wire Protocol (JDWP), LBM Stateful Resolution Service (LBMSRS), Lithionics Battery Management, .NET Message Framing Protocol (MC-NMF), .NET NegotiateStream Protocol (MS-NNS), OBSAI UDP-based Communication Protocol (UDPCP), Palo Alto Heartbeat Backup (PA-HB-Bak), ScyllaDB RPC, Technically Enhanced Capture Module Protocol (TECMP), Tunnel Extensible Authentication Protocol (TEAP), UDP based FTP w/ multicast V5 (UFTP5), and USB Printer (USBPRINTER)
Updated Protocol Support
Too many protocols have been updated to list here.
New and Updated Capture File Support
MP4 (ISO/IEC 14496-12)
|
