- update to 2.6.0
* Bug Fixes
- The following bugs have been fixed:
- Dumpcap might not quit if Wireshark or TShark crashes.
(Bug 1419)
* New and Updated Features
The following features are new (or have been significantly
updated) since version 2.5.0:
- HTTP Request sequences are now supported.
- Wireshark now supports MaxMind DB files. Support for GeoIP
and GeoLite Legacy databases has been removed.
- The Windows packages are now built using Microsoft Visual
Studio 2017.
- The IP map feature (the “Map” button in the “Endpoints”
dialog) has been removed.
The following features are new (or have been
significantly updated) since version 2.4.0:
- Display filter buttons can now be edited, disabled, and
removed via a context menu directly from the toolbar
- Drag & Drop filter fields to the display filter toolbar or
edit to create a button on the fly or apply the filter as
a display filter.
- Application startup time has been reduced.
- Some keyboard shortcut mix-ups have been resolved by
assigning new shortcuts to Edit → Copy methods.
- TShark now supports color using the --color option.
- The "matches" display filter operator is now case-insensitive.
- Display expression (button) preferences have been converted
to a UAT. This puts the display expressions in their own file.
Wireshark still supports preference files that contain the
old preferences, but new preference files will be written
without the old fields.
- SMI private enterprise numbers are now read from the
“enterprises.tsv” configuration file.
- The QUIC dissector has been renamed to Google QUIC
(quic → gquic).
- The selected packet number can now be shown in the Status Bar
by enabling Preferences → Appearance → Layout → Show selected
packet number.
- File load time in the Status Bar is now disabled by default
and can be enabled in
Preferences → Appearance → Layout → Show file load time.
- Support for the G.729A codec in the RTP Player is now added
via the bcg729 library.
- Support for hardware-timestamping of packets has been added.
- Improved NetMon .cap support with comments, event tracing,
network filter, network info types and some Message Analyzer
exported types.
- The personal plugins folder on Linux/Unix is now
~/.local/lib/wireshark/plugins.
- TShark can print flow graphs using -z flow…
- Capinfos now prints SHA256 hashes in addition to RIPEMD160
and SHA1. MD5 output has been removed.
- The packet editor has been removed. (This was a GTK+ only
experimental feature.)
- Support BBC micro:bit Bluetooth profile
- The Linux and UNIX installation step for Wireshark will now
install headers required to build plugins. A pkg-config file
is provided to help with this (see “doc/plugins.example” for
details). Note you must still rebuild all plugins between
minor releases (X.Y).
- The Windows installers and packages now ship with Qt 5.9.4.
- The generic data dissector can now uncompress zlib compressed
data.
- DNS Stats now supports service level statistics.
- DNS filters for retransmissions and unsolicited responses
have been added.
- The “tcptrace” TCP Stream graph now shows duplicate ACKS and
zero window advertisements.
- The membership operator now supports ranges, allowing display
filters such as tcp.port in {4430..4434} to be expressed.
See the User’s Guide, chapter Building display filter
expressions for details.
* New Protocol Support
* Updated Protocol Support
- Too many protocols have been updated to list here.
* New and Updated Capture File Support
- Microsoft Network Monitor
* New and Updated Capture Interfaces support
- LoRaTap
- drop patch wireshark-1.2.0-geoip.patch, because file to patch
no more exists
OBS-URL: https://build.opensuse.org/request/show/603740
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=246
- Wireshark 2.4.4:
* fixes for dissector crashes:
+ CVE-2018-5334: IxVeriWave file could crash (bsc#1075737)
+ CVE-2018-5335: WCP dissector could crash (bsc#1075738)
+ CVE-2018-5336: Multiple dissector crashes (bsc#1075739)
* No longer enable the Linux kernel BPF JIT compiler via the
net.core.bpf_jit_enable sysctl, as this would make systems
more vulnerable to Spectre variant 1 (bsc#1075748, CVE-2017-5753)
* Further bug fixes and updated protocol support as listed in:
ittps://www.wireshark.org/docs/relnotes/wireshark-2.4.4.html
OBS-URL: https://build.opensuse.org/request/show/563929
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=238
This release fixes minor vulnerabilities that could be used to
trigger dissector crashes or infinite loops by making Wireshark
read specially crafted packages from the network or a capture
file (boo#1062645):
* CVE-2017-15192: BT ATT dissector crash (wnpa-sec-2017-42)
* CVE-2017-15193: MBIM dissector crash (wnpa-sec-2017-43)
* CVE-2017-15191: DMP dissector crash (wnpa-sec-2017-44)
* CVE-2017-15190: RTSP dissector crash (wnpa-sec-2017-45)
* CVE-2017-15189: DOCSIS infinite loop (wnpa-sec-2017-46)
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=232
This release fixes minor vulnerabilities that could be used to
trigger dissector crashes, infinite loopsm or cause excessive use
of memory resources by making Wireshark read specially crafted
packages from the network or a capture file:
* CVE-2017-7702 CVE-2017-11410: WBMXL dissector infinite loop
(wnpa-sec-2017-13)
* CVE-2017-9350 CVE-2017-11411: openSAFETY dissector memory
exhaustion (wnpa-sec-2017-28)
* CVE-2017-11408: AMQP dissector crash (wnpa-sec-2017-34)
* CVE-2017-11407: MQ dissector crash (wnpa-sec-2017-35)
* CVE-2017-11406: DOCSIS infinite loop (wnpa-sec-2017-36)
OBS-URL: https://build.opensuse.org/package/show/network:utilities/wireshark?expand=0&rev=218
