tshark: Update to version 3.6.3

  - Update from 3.4.7 to 3.6.3
- Update of rootfile
- find-dependencies run due to sobump - nothing reported
- Changelog - a range of changes including many bug fixes and several vulnerabilities
	Wireshark 3.6.3 Release Notes
	  Bug Fixes
	     • Fuzz job crash output: fuzz-2022-01-19-7399.pcap Issue 17894[1].
	     • TLS dissector incorrectly reports JA3 values Issue 17942[2].
	     • "Wiki Protocol page" in packet details menu is broken - wiki
	       pages not migrated to GitLab? Issue 17944[3].
	     • Dissector bug, protocol PFCP display Flow Description IE value
	       error in Additional Flow Description of PFD Management Request
	       Message Issue 17951[4].
	     • Bluetooth: Fails to open Log file for SCO connection Issue
	       17964[5].
	     • Fuzz job crash output: fuzz-2022-03-07-10896.pcap Issue 17984[6].
	     • libwiretap: Save as ERF causes segmentation fault Issue 17989[7].
	     • HTTP server returning multiple early hints shows too many
	       responses in "Follow HTTP Stream" Issue 18006[8].
	  New and Updated Features
	     Updated Protocol Support
	      CSN.1, HTTP, IEEE 802.11, NTLM SSP, PFCP, PKTLOG, SSDP, TLS, and USB
	      HID
	     New and Updated Capture File Support
	      pcap and pcapng
	Wireshark 3.6.2 Release Notes
	  Bug Fixes
	   The following vulnerabilities have been fixed:
	     • wnpa-sec-2022-01[1] RTMPT dissector infinite loop. Issue
	       17813[2].
	     • wnpa-sec-2022-02[3] Large loops in multiple dissectors. Issue
	       17829[4], Issue 17842[5], Issue 17847[6], Issue 17855[7], Issue
	       17891[8], Issue 17925[9], Issue 17926[10], Issue 17931[11], Issue
	       17932[12], Issue 17933[13].
	     • wnpa-sec-2022-03[14] PVFS dissector crash. Issue 17840[15].
	     • wnpa-sec-2022-04[16] CSN.1 dissector crash. Issue 17882[17].
	     • wnpa-sec-2022-05[18] CMS dissector crash. Issue 17935[19].
	   The following bugs have been fixed:
	     • Support for GSM SMS TPDU in HTTP2 body Issue 17784[20].
	     • Wireshark 3.6.1 broke the ABI by removing ws_log_default_writer
	       from libwsutil Issue 17822[21].
	     • Fedora RPM package build failing with RPATH of /usr/local/lib64
	       Issue 17830[22].
	     • macos-setup.sh: ftp.pcre.org no longer exists Issue 17834[23].
	     • nmap.org/npcap → npcap.com: domain/URL change Issue 17838[24].
	     • MPLS ECHO FEC stack change TLV not dissected correctly Issue
	       17868[25].
	     • Attempting to open a systemd journal export file segfaults Issue
	       17875[26].
	     • Dissector bug on 802.11ac packets Issue 17878[27].
	     • The Info column shows only one NGAP/S1AP packet of several
	       packets inside an SCTP packet Issue 17886[28].
	     • Uninstalling Wireshark 3.6.1 on Windows 10 fails to remove the
	       installation directory because it doesn’t remove the User’s Guide
	       subdirectory and all its contents. Issue 17898[29].
	     • 3.6 doesn’t build without zlib Issue 17899[30].
	     • SIP Statistics no longer properly reporting method type
	       accounting Issue 17904[31].
	     • Fuzz job crash output: fuzz-2022-01-26-6940.pcap Issue 17909[32].
	     • SCTP retransmission detection broken for the first data chunk of
	       each association with relative TSN Issue 17917[33].
	     • “Show In Folder” doesn’t work correctly for filenames with spaces
	       Issue 17927[34].
	  New and Updated Features
	     Updated Protocol Support
	      AMP, ASN.1 PER, ATN-ULCS, BGP, BP, CFLOW, CMS, CSN.1, GDSDB, GSM RP,
	      GTP, HTTP3, IEEE 802.11 Radiotap, IPDC, ISAKMP, Kafka, MP2T, MPEG
	      PES, MPEG SECT, MPLS ECHO, NGAP, NTLMSSP, OpenFlow 1.4, OpenFlow 1.5,
	      P_MUL, PN-RT, PROXY, PTP, PVFS, RSL, RTMPT, rtnetlink, S1AP, SCTP,
	      Signal PDU, SIP, TDS, USB, WAP, and ZigBee ZCL
	  New and Updated Capture File Support
	      BLF and libpcap
	Wireshark 3.6.1 Release Notes
	  Bug Fixes
	   The following vulnerabilities have been fixed:
	     • wnpa-sec-2021-17[1] RTMPT dissector infinite loop. Issue
	       17745[2]. CVE-2021-4185[3].
	     • wnpa-sec-2021-18[4] BitTorrent DHT dissector infinite loop. Issue
	       17754[5]. CVE-2021-4184[6].
	     • wnpa-sec-2021-19[7] pcapng file parser crash. Issue 17755[8].
	       CVE-2021-4183[9].
	     • wnpa-sec-2021-20[10] RFC 7468 file parser infinite loop. Issue
	       17801[11]. CVE-2021-4182[12].
	     • wnpa-sec-2021-21[13] Sysdig Event dissector crash.
	       CVE-2021-4181[14].
	     • wnpa-sec-2021-22[15] Kafka dissector infinite loop. Issue
	       17811[16].
	   The following bugs have been fixed:
	     • Allow sub-second timestamps in hexdumps Issue 15562[17].
	     • GRPC: An unnecessary empty Protobuf tree item is displayed if the
	       GRPC message body length is 0 Issue 17675[18].
	     • Can’t install "ChmodBPF.pkg" or "Add Wireshark to the system
	       path.pkg" on M1 MacBook Air Monterey without Rosetta 2 Issue
	       17757[19].
	     • TECMP: LIN Payload is cut off by 1 byte Issue 17760[20].
	     • Wireshark crashes if a 64 bit field of type BASE_CUSTOM is
	       applied as a column Issue 17762[21].
	     • Command line option "-o console.log.level" causes wireshark and
	       tshark to exit on start Issue 17763[22].
	     • Setting WIRESHARK_LOG_LEVEL=debug breaks interface capture Issue
	       17764[23].
	     • Unable to build without tshark Issue 17766[24].
	     • IEEE 802.11 action frames are not getting parsed and always seen
	       as malformed Issue 17767[25].
	     • IEC 60870-5-101 link address field is 1 byte, but should have
	       configurable length of 0,1 or 2 bytes Issue 17775[26].
	     • dfilter: 'tcp.port not in {1}' crashes Wireshark Issue 17785[27].
	  New and Updated Features
	     • The 'console.log.level' preference was removed in Wireshark
	       3.6.0. This release adds an '-o console.log.level:'
	       backward-compatibilty option on the CLI that maps to the new
	       logging sub-system. Note that this does not have bitmask
	       semantics and does not correspond to any actual preference. It is
	       just a transition mechanism for users that were relying on this
	       CLI option and will be removed in the future. To see the new
	       diagnostic output options consult the manpages or the output of
	       '--help'.
	  Updated Protocol Support
	      ANSI A I/F, AT, BitTorrent DHT, FF, GRPC, IEC 101/104, IEEE 802.11,
	      IEEE 802.11 Radiotap, IPsec, Kafka, QUIC, RTMPT, RTSP, SRVLOC, Sysdig
	      Event, and TECMP
	  New and Updated Capture File Support
	      BLF and RFC 7468
	Wireshark 3.6.0 Release Notes
	  Many improvements have been made. See the “New and Updated Features”
	  section below for more details. You might want to pay particular
	  attention to the display filter syntax updates.
	  New and Updated Features
	   The following features are new (or have been significantly updated)
	   since version 3.6.0rc3:
	     • The macOS Intel packages now ship with Qt 5.15.3 and require
	       macOS 10.13 or later.
	   The following features are new (or have been significantly updated)
	   since version 3.6.0rc2:
	     • Display filter set elements must now be comma-separated. See
	       below for more details.
	   The following features are new (or have been significantly updated)
	   since version 3.6.0rc1:
	     • The display filter expression “a != b” now has the same meaning
	       as “!(a == b)”.
	   The following features are new (or have been significantly updated)
	   since version 3.5.0:
	     • Nothing of note.
	   The following features are new (or have been significantly updated)
	   since version 3.4.0:
	     • Several changes have been made to the display filter syntax:
	        • The expression “a != b” now always has the same meaning as
	       “!(a == b)”. In particular this means filter expressions with
	       multi-value fields like “ip.addr != 1.1.1.1” will work as
	       expected (the result is the same as typing “ip.src != 1.1.1.1 and
	       ip.dst != 1.1.1.1”). This avoids the contradiction (a == b and a
	       != b) being true.
	        • It is possible to use the syntax “a ~= b” or “a any_ne b” to
	       recover the previous (inconsistent with "==") logic for not
	       equal.
	        • Literal strings can now be specified using raw string syntax,
	       identical to raw strings in the Python programming language. This
	       can be used to avoid the complexity of using two levels of
	       character escapes with regular expressions.
	        • Set elements must now be separated using a comma. A filter
	       such as http.request.method in {"GET" "HEAD"} must be written as
	       … in {"GET", "HEAD"}. Whitespace is not significant. The
	       previous use of whitespace as separator is deprecated and will be
	       removed in a future version.
	        • Support for the syntax "a not in b" with the same meaning as
	       "not a in b" has been added.
	     • Packaging updates:
	        • A macOS Arm 64 (Apple Silicon) package is now available.
	        • The macOS Intel packages now ship with Qt 5.15.3 and require
	       macOS 10.13 or later.
	        • The Windows installers now ship with Npcap 1.55.
	        • A 64-bit Windows PortableApps package is now available.
	     • TCP conversations now support a completeness criteria, which
	       facilitates the identification of TCP streams having any of
	       opening or closing handshakes, a payload, in any combination. It
	       can be accessed with the new tcp.completeness filter.
	     • Protobuf fields that are not serialized on the wire or otherwise
	       missing in capture files can now be displayed with default values
	       by setting the new “add_default_value” preference. The default
	       values might be explicitly declared in “proto2” files, or false
	       for bools, first value for enums, zero for numeric types.
	     • Wireshark now supports reading Event Tracing for Windows (ETW). A
	       new extcap named ETW reader is created that now can open an etl
	       file, convert all events in the file to DLT_ETW packets and write
	       to a specified FIFO destination. Also, a new packet_etw dissector
	       is created to dissect DLT_ETW packets so Wireshark can display
	       the DLT_ETW packet header, its message and packet_etw dissector
	       calls packet_mbim sub_dissector if its provider matches the MBIM
	       provider GUID.
	     • “Follow DCCP stream” feature to filter for and extract the
	       contents of DCCP streams.
	     • Wireshark now supports dissecting RTP packets with OPUS payloads.
	     • Importing captures from text files based on regular expressions
	       is now possible. By specifying a regex capturing a single packet
	       including capturing groups for relevant fields a textfile can be
	       converted to a libpcap capture file. Supported data encodings are
	       plain-hexadecimal, -octal, -binary and base64. Also the timestamp
	       format now allows the second-fractions to be placed anywhere in
	       the timestamp and it will be stored with nanosecond instead of
	       microsecond precision.
	     • The RTP Player has been significatnly redesigned and improved.
	       See Playing VoIP Calls[1] and RTP Player Window[2] in the User’s
	       Guide for more details.
	        • The RTP Player can play many streams in row.
	        • The UI is more responsive.
	        • The RTP Player maintains playlist and other tools can add and
	       remove streams to and from it.
	        • Every stream can be muted or routed to the left or right
	       channel for replay.
	        • The option to save audio has been moved from the RTP Analysis
	       dialog to the RTP Player. The RTP Player also saves what was
	       played, and it can save in multichannel .au or .wav.
	        • The RTP Player is now accessible from the Telephony › RTP ›
	       RTP Player menu.
	     • The VoIP dialogs (VoIP Calls, RTP Streams, RTP Analysis, RTP
	       Player, SIP Flows) are non-modal and can stay opened on
	       background.
	        • The same tools are provided across all dialogs (Prepare
	       Filter, Analyse, RTP Player …)
	     • The “Follow Stream” dialog is now able to follow SIP calls based
	       on their Call-ID value.
	     • The “Follow Stream” dialog’s YAML output format has been updated
	       to add timestamps and peers information For more details see
	       Following Protocol Streams[3] in the User’s Guide.
	     • IP fragments between public IPv4 addresses are now reassembled
	       even if they have different VLAN IDs. Reassembly of IP fragments
	       where one endpoint is a private (RFC 1918 section 3) or
	       link-local (RFC 3927) IPv4 address continues to take the VLAN ID
	       into account, as those addresses can be reused. To revert to the
	       previous behavior and not reassemble fragments with different
	       VLAN IDs, turn on the “Enable stricter conversation tracking
	       heuristics” top level protocol preference.
	     • USB Link Layer reassembly has been added, which allows hardware
	       captures to be analyzed at the same level as software captures.
	     • TShark can now export TLS session keys with the
	       --export-tls-session-keys option.
	     • Wireshark participated in the Google Season of Docs 2020 and the
	       User’s Guide has been extensively updated.
	     • The “RTP Stream Analysis” dialog CSV export format was slightly
	       changed. The first line of the export contains column titles as
	       in other CSV exports.
	     • Wireshark now supports the Turkish language.
	     • The settings in the “Import from Hex Dump” dialog is now stored
	       in a profile import_hexdump.json file.
	     • Analyze › Reload Lua Plugins has been improved to properly
	       support FileHandler.
	     • The “RTP Stream Analysis” and “IAX2 Stream Analysis” dialogs now
	       show correct calculation mean jitter calculations.
	     • RTP streams are now created based on Skinny protocol messages in
	       addition to other types of messages.
	     • The “VoIP Calls Flow Sequence” window shows more information
	       about various Skinny messages.
	     • Initial support for building Wireshark on Windows using GCC and
	       MinGW-w64 has been added. See README.msys2 in the sources for
	       more information.
	  New File Format Decoding Support
	      Vector Informatik Binary Log File (BLF)
	  New Protocol Support
	      5G Lawful Interception (5GLI), Bluetooth Link Manager Protocol (BT
	      LMP), Bundle Protocol version 7 (BPv7), Bundle Protocol version 7
	      Security (BPSec), CBOR Object Signing and Encryption (COSE), E2
	      Application Protocol (E2AP), Event Tracing for Windows (ETW), EXtreme
	      extra Eth Header (EXEH), High-Performance Connectivity Tracer
	      (HiPerConTracer), ISO 10681, Kerberos SPAKE, Linux psample protocol,
	      Local Interconnect Network (LIN), Microsoft Task Scheduler Service,
	      O-RAN E2AP, O-RAN fronthaul UC-plane (O-RAN), Opus Interactive Audio
	      Codec (OPUS), PDU Transport Protocol, R09.x (R09), RDP Dynamic
	      Channel Protocol (DRDYNVC), RDP Graphic pipeline channel Protocol
	      (EGFX), RDP Multi-transport (RDPMT), Real-Time Publish-Subscribe
	      Virtual Transport (RTPS-VT), Real-Time Publish-Subscribe Wire
	      Protocol (processed) (RTPS-PROC), Shared Memory Communications (SMC),
	      Signal PDU, SparkplugB, State Synchronization Protocol (SSyncP),
	      Tagged Image File Format (TIFF), TP-Link Smart Home Protocol, UAVCAN
	      DSDL, UAVCAN/CAN, UDP Remote Desktop Protocol (RDPUDP), Van Jacobson
	      PPP compression (VJC), World of Warcraft World (WOWW), and X2 xIRI
	      payload (xIRI)
	  Updated Protocol Support
	      Too many protocols have been updated to list here.
	  New and Updated Capture File Support
	      Vector Informatik Binary Log File (BLF)
	Wireshark 3.4.9 Release Notes
	  Bug Fixes
	     • TShark PDML output embeds "proto" elements within other "proto"
	       elements Issue 10588[1].
	     • Filter expressions comparing against single-octet hex strings
	       where the hex digit string equals a protocol name don’t work
	       Issue 12810[2].
	     • AMQP 0.9: dissector fails to handle Content-Body frame split
	       across TCP packets Issue 14217[3].
	     • IEEE 802.15.4: Missing check on "PAN ID Present" bit of the
	       Multipurpose Frame Control field Issue 17496[4].
	     • Wireshark ignored some character in filename when exporting SMB
	       objects. Issue 17530[5].
	     • tshark -z credentials: assertion failed: (allocator→in_scope)
	       Issue 17576[6].
	     • IS-IS Extended IP Reachability Prefix-SID not decoded properly
	       Issue 17610[7].
	     • Error when reloading lua plugins with a capture file loaded via a
	       custom lua file handler Issue 17615[8].
	     • Absolute time UTC field filters are constructed incorrectly,
	       don’t match the packet Issue 17617[9].
	     • GUI freezes when clicking on large (non-capture) file in File
	       chooser Issue 17620[10].
	     • Crash after selecting a different profile while capturing Issue
	       17622[11].
	     • BT-DHT reports malformed packets that are actually uTP on same
	       connection Issue 17626[12].
	  Updated Protocol Support
	      AMQP, Aruba IAP, BGP, BT-DHT, CoAP, DCERPC SPOOLSS, Diameter, EPL,
	      GSM A-bis OML, GSM A-I/F COMMON, GSM SIM, IEEE 1905.1a, IEEE
	      802.15.4, IMAP, InfiniBand, ISIS LSP, ISObus VT, JPEG, MP2T,
	      NORDIC_BLE, QUIC, RTCP, SDP, SMB, TWAMP-Control, USB HID, and VSS
	      Monitoring
	  New and Updated Capture File Support
	      CAM Inspector, Ixia IxVeriWave, pcapng, and USBDump
	Wireshark 3.4.8 Release Notes
	  Bug Fixes
	     • Dissector bug reported for Bluetooth Cycling Power Measurement
	       characteristic for extreme angles value Issue 17505[1].
	     • vcruntime140_1.dll deleted on Wireshark update/install Issue
	       17506[2].
	     • Raknet Addresses are incorrectly identified. Issue 17509[3].
	     • Editcap saving files as ethernet when specifying '-T
	       ieee-802-11-*' Issue 17520[4].
	     • CoAP dissector confuses Content-Format with Accept Issue
	       17536[5].
	  Updated Protocol Support
	      BT ATT, BT LE LL, CoAP, DLM3, GSM SIM, iLBC, and RakNet

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/packages/tshark | 185 +++++++++++++------------------
 lfs/tshark                       |   6 +-
 2 files changed, 77 insertions(+), 114 deletions(-)

Message ID	20220412103540.59474-1-adolf.belka@ipfire.org
State	Accepted
Commit	2e68dcd6eb10cccda976d2dfe1f8204cb066eecb
Headers	From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] tshark: Update to version 3.6.3 Date: Tue, 12 Apr 2022 12:35:40 +0200 Message-Id: <20220412103540.59474-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	tshark: Update to version 3.6.3 \| tshark: Update to version 3.6.3

tshark: Update to version 3.6.3

Commit Message

Comments

Patch