------------------------------------------------------------------------
r39743 | gerald | 2011-11-06 08:04:16 -0800 (Sun, 06 Nov 2011) | 1 line

[Automatic manuf, services and enterprise-numbers update for 2011-11-06]
------------------------------------------------------------------------
r39820 | gerald | 2011-11-13 08:04:18 -0800 (Sun, 13 Nov 2011) | 1 line

[Automatic manuf, services and enterprise-numbers update for 2011-11-13]
------------------------------------------------------------------------
r39962 | gerald | 2011-11-20 08:04:16 -0800 (Sun, 20 Nov 2011) | 1 line

[Automatic manuf, services and enterprise-numbers update for 2011-11-20]
------------------------------------------------------------------------
r40017 | gerald | 2011-11-27 08:04:17 -0800 (Sun, 27 Nov 2011) | 1 line

[Automatic manuf, services and enterprise-numbers update for 2011-11-27]
------------------------------------------------------------------------
r40090 | gerald | 2011-12-04 08:04:17 -0800 (Sun, 04 Dec 2011) | 1 line

[Automatic manuf, services and enterprise-numbers update for 2011-12-04]
------------------------------------------------------------------------
r40152 | gerald | 2011-12-11 08:04:15 -0800 (Sun, 11 Dec 2011) | 1 line

[Automatic manuf, services and enterprise-numbers update for 2011-12-11]
------------------------------------------------------------------------
r40232 | jake | 2011-12-16 14:55:37 -0800 (Fri, 16 Dec 2011) | 64 lines

------------------------------------------------------------------------
r39719 | stig | 2011-11-02 21:06:40 +0100 (Wed, 02 Nov 2011) | 1 line

Revert revision 39665 (for bug 6472) which introduced bug 6537.
------------------------------------------------------------------------
r39744 | stig | 2011-11-06 18:39:13 +0100 (Sun, 06 Nov 2011) | 6 lines

From Robert G. Jakabosky via bug 5575:
Fix memory errors in Lua dissectors.
- Free Tvb when created from ByteArray.
- Free TvbRange correctly.
- Free string from get_persconffile_path and get_datafile_path.
- Some code cleanup.
------------------------------------------------------------------------
r39748 | stig | 2011-11-07 08:41:03 +0100 (Mon, 07 Nov 2011) | 4 lines

Do not return from within a TRY/CATCH/ENDTRY because this will make the
except stack invalid, and will lead to a crash.

In this case it was when calling a dissector from a table in a Lua script.
------------------------------------------------------------------------
r39749 | stig | 2011-11-07 17:09:41 +0100 (Mon, 07 Nov 2011) | 4 lines

Do not return from within a TRY/CATCH/ENDTRY because this will make the
except stack invalid, and will lead to a crash.

In this case it was when doing compare functions on a FT_PROTOCOL.
------------------------------------------------------------------------
r39777 | guy | 2011-11-10 01:53:48 +0100 (Thu, 10 Nov 2011) | 8 lines

prefs_reset() has to reset the dissector preferences to their defaults,
as we don't save to a preferences file preference values that are equal
to their defaults, so if you change profiles, a preference that has a
non-default value in the old profile and a default value in the new
profile, so that it's *not* in the preference file for the new profile,
will not be set to the right value unless we reset all protocol
preferences to their defaults first.

------------------------------------------------------------------------
r39779 | etxrab | 2011-11-10 07:07:16 +0100 (Thu, 10 Nov 2011) | 3 lines

From Dirk:
CAPWAP dissector tries to allocate -1 bytes of memory during reassembly.
- changed to return offset.
------------------------------------------------------------------------
r39999 | alagoutte | 2011-11-25 11:38:15 +0100 (Fri, 25 Nov 2011) | 3 lines

From Dagobert Michelsen via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6615
Do not return value on void function in epan/dissectors/packet-capwap.c

------------------------------------------------------------------------



Applied by hand:

------------------------------------------------------------------------
r39754 | alagoutte | 2011-11-08 15:45:35 +0100 (Tue, 08 Nov 2011) | 3 lines

From Pontus Fuchs via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6548
80211 QoS Control: Add Raw TID

------------------------------------------------------------------------

------------------------------------------------------------------------
r40240 | gerald | 2011-12-18 08:04:21 -0800 (Sun, 18 Dec 2011) | 1 line

[Automatic manuf, services and enterprise-numbers update for 2011-12-18]
------------------------------------------------------------------------
r40243 | jake | 2011-12-19 00:01:43 -0800 (Mon, 19 Dec 2011) | 60 lines

------------------------------------------------------------------------
r39834 | cmaynard | 2011-11-14 20:57:45 +0100 (Mon, 14 Nov 2011) | 2 lines

The Originator protocol identifier is not present in the "provisioning 
actions operation -61", only the "session management operatin -60".  
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6570.
------------------------------------------------------------------------
r39886 | guy | 2011-11-16 18:54:44 +0100 (Wed, 16 Nov 2011) | 15 lines

Support nanosecond-resolution time for NetMon 2.x format (it's only
100-nanosecond resolution, but that's still better than microsecond
resolution).

For NetMon 1.x format, only claim to support millisecond resolution, as
that's all you get.

Fix handling of negative time deltas in NetMon 2.x format.

When writing a NetMon file, trim the time of the first packet to
millisecond precision to get the capture start time, so that the start
time written to the file (which has millisecond precision) is the same
as the start time used to calculate the deltas written to the packet
headers.

------------------------------------------------------------------------
r39930 | guy | 2011-11-18 08:13:33 +0100 (Fri, 18 Nov 2011) | 4 lines

Make sure pcap-ng supports a particular encapsulation type before
trying to write out an interface description block for an interface with
that type.

------------------------------------------------------------------------
r39944 | guy | 2011-11-18 22:39:18 +0100 (Fri, 18 Nov 2011) | 3 lines

Fail if somebody tries to write out a packet with an unsupported
encapsulation.

------------------------------------------------------------------------
r39959 | cmaynard | 2011-11-20 16:11:15 +0100 (Sun, 20 Nov 2011) | 2 lines

Fix "'Closing File!' Dialog Hangs" bug 3046: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3046

------------------------------------------------------------------------


Applied by hand:

------------------------------------------------------------------------
r39831 | guy | 2011-11-14 19:42:11 +0100 (Mon, 14 Nov 2011) | 3 lines

Do some more length checking to avoid a dissector bug error.  Should fix
bug 6564.
------------------------------------------------------------------------
r39902 | cmaynard | 2011-11-17 16:57:44 +0100 (Thu, 17 Nov 2011) | 2 lines

Fix crash caused by trying to apply a field of type BASE_CUSTOM as a column.  
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6503.

------------------------------------------------------------------------

------------------------------------------------------------------------
r40246 | jake | 2011-12-19 15:11:17 -0800 (Mon, 19 Dec 2011) | 2 lines

Fix backport of r39902.

------------------------------------------------------------------------
r40248 | jake | 2011-12-19 23:55:12 -0800 (Mon, 19 Dec 2011) | 44 lines

------------------------------------------------------------------------
r39878 | guy | 2011-11-16 04:13:02 +0100 (Wed, 16 Nov 2011) | 3 lines

Handle ctime() and localtime() returning NULL and localtime() on Windows
blowing up when handed a bad value.

------------------------------------------------------------------------
r39882 | guy | 2011-11-16 17:48:02 +0100 (Wed, 16 Nov 2011) | 3 lines

Another place where we have to protect against MSVC's time-conversion
routines blowing up if handed a too-large time_t.

------------------------------------------------------------------------
r39883 | guy | 2011-11-16 18:08:00 +0100 (Wed, 16 Nov 2011) | 6 lines

Another place where we have to protect against MSVC's time-conversion
routines blowing up if handed a too-large time_t.

While we're at it, also check for dates that can't be represented in DOS
format (pre-1980 dates).

------------------------------------------------------------------------
r39884 | guy | 2011-11-16 18:12:47 +0100 (Wed, 16 Nov 2011) | 2 lines

Fix build on Windows.

------------------------------------------------------------------------
r39885 | guy | 2011-11-16 18:13:37 +0100 (Wed, 16 Nov 2011) | 2 lines

OK, this should do it.

------------------------------------------------------------------------
r39894 | cmaynard | 2011-11-17 03:17:57 +0100 (Thu, 17 Nov 2011) | 2 lines

Revert part of r39883 to avoid dereferencing a NULL pointer.  Thanks Clang.

------------------------------------------------------------------------
r39895 | guy | 2011-11-17 03:29:26 +0100 (Thu, 17 Nov 2011) | 3 lines

Put back the check for dates that can be represented in DOS format the
way it was *supposed* to be done, rather than backwards.

------------------------------------------------------------------------

------------------------------------------------------------------------
r40249 | jake | 2011-12-20 07:43:43 -0800 (Tue, 20 Dec 2011) | 126 lines

------------------------------------------------------------------------
r39961 | cmaynard | 2011-11-20 16:47:14 +0100 (Sun, 20 Nov 2011) | 3 lines

Fix bug 6561: IPv4 UDP/TCP Checksum incorrect if routing header present.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6561

------------------------------------------------------------------------
r39963 | cmaynard | 2011-11-21 03:01:59 +0100 (Mon, 21 Nov 2011) | 2 lines

Fix potential infinite loop introduced with r39961 and find by the buildbot.  
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6599

------------------------------------------------------------------------
r39986 | cmaynard | 2011-11-22 16:18:20 +0100 (Tue, 22 Nov 2011) | 2 lines

For now, display the protocol in hexadecimal again so displaying it in decimal 
doesn't get backported to the 1.6 and 1.4 trunks at the request of Joerg.

------------------------------------------------------------------------
r40075 | guy | 2011-12-03 04:01:08 +0100 (Sat, 03 Dec 2011) | 6 lines

The TCP Packet Mood Option was a cute April 1 RFC, but TCP option 25 is
officially listed as "Unassigned", and people might use it for their own
purposes (and, in fact, one bug-submitter was doing so; they probably
should have used 253 or 254, but...).  Get rid of the code to dissect
it.

------------------------------------------------------------------------
r40076 | cmaynard | 2011-12-03 05:07:20 +0100 (Sat, 03 Dec 2011) | 2 lines

If a type 2 Mobile IP routing header is present, only set pinfo->dst if seg_left
is non-zero.  Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6560

------------------------------------------------------------------------
r40097 | guy | 2011-12-06 02:57:52 +0100 (Tue, 06 Dec 2011) | 10 lines

If capture_get_if_capabilities() fails, pop up a message, just as we
print a message in tshark.  That doesn't fix the problem seen on Linux
distributions, such as recent versions of Debian and derivatives, that
have libpcap 1.1.0 or later built without libnl, where the monitor mode
checkbox doesn't work - that's a libpcap bug, fixed in the 1.2 branch
and trunk, so a future 1.2.1 or 1.3.0 release should fix it, and perhaps
a future Debian release will build libpcap with libnl - but at least it
means you get a dialog box rather than just getting mysterious behavior
when you try to check the "monitor mode" checkbox.

------------------------------------------------------------------------
r40099 | guy | 2011-12-06 05:02:22 +0100 (Tue, 06 Dec 2011) | 7 lines

Add a blank line between the error message and the "try using airmon-ng"
suggestion. 

Fix typo.

Clean up indentation.

------------------------------------------------------------------------
r40130 | jake | 2011-12-09 17:34:02 +0100 (Fri, 09 Dec 2011) | 3 lines

From astramax57:
After r38723, some BGP AS_PATH packets were no longer dissected.

------------------------------------------------------------------------
r40133 | alagoutte | 2011-12-09 18:00:28 +0100 (Fri, 09 Dec 2011) | 8 lines

From report of Arasch Honarbacht via 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6649
ZigBee ZCL Dissector reports invalid status

The status code 0x8d contained in an attriute status record in a configure 
reporting response frame is incorrectly displayed as "Write only" 
(where WRITE_ONLY = 0x8f). According to the ZigBee Cluster Library Specification,
Document 075123r03ZB, April 26, 2010 a status of 0x8d should display as 
"INVALID_DATA_TYPE"

From me :
Fix this issue (Wrong value define) based on Specs available in ZigBee.org

------------------------------------------------------------------------
r40138 | guy | 2011-12-09 22:15:48 +0100 (Fri, 09 Dec 2011) | 7 lines

Referring to pcap_version[] doesn't do what you want on at least some
UN*Xes (Fedora 16 and probably other Linux distributions, probably at
least some if not all other ELF-based systems, and perhaps also Mac OS
X), and causes problems if pcap_version[] has a different length in the
libpcap with which the executable was built and the libpcap with which
it's run, so we avoid using it for now.

------------------------------------------------------------------------
r40153 | cmaynard | 2011-12-12 00:43:03 +0100 (Mon, 12 Dec 2011) | 2 lines

If the object to export doesn't have a filename, use a generic "object" name 
instead.  This fixes the crash reported in 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6250

------------------------------------------------------------------------
r40154 | cmaynard | 2011-12-12 01:27:32 +0100 (Mon, 12 Dec 2011) | 2 lines

If no filename, include the packet number in the generic name.  
TODO: Implement the ct2ext() function.

------------------------------------------------------------------------
r40155 | cmaynard | 2011-12-12 01:35:51 +0100 (Mon, 12 Dec 2011) | 2 lines

Well, until someone has the time to write ct2ext(), just return the content 
type, which is better than nothing.

------------------------------------------------------------------------
r40158 | jake | 2011-12-12 08:56:45 +0100 (Mon, 12 Dec 2011) | 3 lines

Allow for true error reporing.
Move the comment to where it's intended.

------------------------------------------------------------------------
r40162 | cmaynard | 2011-12-12 20:24:49 +0100 (Mon, 12 Dec 2011) | 2 lines

Add missing </field> for data tree.  
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3809

------------------------------------------------------------------------
r40184 | cmaynard | 2011-12-13 21:07:21 +0100 (Tue, 13 Dec 2011) | 2 lines

Don't close the field tag here; it's now closed with </field>.

------------------------------------------------------------------------

------------------------------------------------------------------------
r40252 | jake | 2011-12-20 10:03:05 -0800 (Tue, 20 Dec 2011) | 54 lines

------------------------------------------------------------------------
r40164 | guy | 2011-12-13 01:44:22 +0100 (Tue, 13 Dec 2011) | 5 lines

Clamp the reported length of a packet at G_MAXINT for now, to avoid
crashes due to having no tvbuffs for an epan_dissect_t.

Fixes bug 6663 and its soon-to-be-duplicates.

------------------------------------------------------------------------
r40165 | guy | 2011-12-13 01:57:09 +0100 (Tue, 13 Dec 2011) | 3 lines

Add missing check for a too-large packet, so we don't blow up trying to
allocate a huge buffer; fixes bug 6666.

------------------------------------------------------------------------
r40166 | guy | 2011-12-13 02:05:52 +0100 (Tue, 13 Dec 2011) | 3 lines

Add missing check for a too-large packet, so we don't blow up trying to
allocate a huge buffer; fixes bug 6667.

------------------------------------------------------------------------
r40167 | guy | 2011-12-13 02:24:12 +0100 (Tue, 13 Dec 2011) | 5 lines

Add missing checks for a too-large packet, so we don't blow up trying to
allocate a huge buffer; fixes bug 6668.

Also add some other checks for invalid records.

------------------------------------------------------------------------
r40168 | guy | 2011-12-13 02:49:27 +0100 (Tue, 13 Dec 2011) | 3 lines

Add an arbitrary limit on the maximum size of the frame table, so that
we don't crash.  Fixes bug 6669.

------------------------------------------------------------------------
r40174 | guy | 2011-12-13 07:45:16 +0100 (Tue, 13 Dec 2011) | 4 lines

Crank up the maximum frame table size to 512*2^20 packets, that being a
small amount bigger than the maximum possible number of packets in a
NetMon file.

------------------------------------------------------------------------
r40169 | guy | 2011-12-13 03:00:41 +0100 (Tue, 13 Dec 2011) | 2 lines

Check for a bogus record size.  Fixes bug 6670.

------------------------------------------------------------------------
r40170 | guy | 2011-12-13 03:42:42 +0100 (Tue, 13 Dec 2011) | 3 lines

Add missing checks for a too-large packet, so we don't blow up trying to
allocate a huge buffer.

------------------------------------------------------------------------

------------------------------------------------------------------------
r40287 | jake | 2011-12-23 15:17:19 -0800 (Fri, 23 Dec 2011) | 2 lines

(First attempt at) updating release notes.

------------------------------------------------------------------------
r40292 | gerald | 2011-12-25 08:04:14 -0800 (Sun, 25 Dec 2011) | 1 line

[Automatic manuf, services and enterprise-numbers update for 2011-12-25]
------------------------------------------------------------------------
r40356 | gerald | 2012-01-01 08:04:26 -0800 (Sun, 01 Jan 2012) | 1 line

[Automatic manuf, services and enterprise-numbers update for 2012-01-01]
------------------------------------------------------------------------
r40360 | jake | 2012-01-03 00:10:32 -0800 (Tue, 03 Jan 2012) | 109 lines

------------------------------------------------------------------------
r40194 | guy | 2011-12-14 03:46:16 +0100 (Wed, 14 Dec 2011) | 6 lines

Put back the checks for null arguments, but report a dissector bug if
we're given null pointers.

Put in comments clarifying that some routines intentionally do *not*
null terminate the strings they produce.

------------------------------------------------------------------------
r40195 | guy | 2011-12-14 03:55:26 +0100 (Wed, 14 Dec 2011) | 18 lines

Refer to a PID of 0x0002 as the PID for the HP Teaming heartbeat
protocol.

Point to an HP document o the protocol, and discuss the two ways to hook
up the dissector.

Don't bother checking the destination address - either the OUI/PID
suffices, or the MAC address is both necessary and, presumably,
sufficient and we need to introduce a heuristic dissector table for SNAP
frames.  What's more, there's no guarantee that the destination address
is a MAC address - it might be absent, e.g. because you're capturing on
the Linux "any" device and are getting the "Linux cooked" header, with
only a destination address.

Don't put the source address into the Info column - it's already in the
source column *if* it exists (which it might not, for packets captured
from the "any" device and sent by the machine doing the capturing).

------------------------------------------------------------------------
r40196 | guy | 2011-12-14 06:23:57 +0100 (Wed, 14 Dec 2011) | 4 lines

Put back the source MAC address, but do it right, in one column_add_fstr()
call, and using ep_address_to_str(), so it can handle any address type,
including AT_NONE if the source address isn't available.

------------------------------------------------------------------------
r40245 | cmaynard | 2011-12-19 18:59:34 +0100 (Mon, 19 Dec 2011) | 2 lines

Tighten up conversation port matching once the 2nd port is known.  
Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5727

------------------------------------------------------------------------
r40266 | cmaynard | 2011-12-21 22:34:37 +0100 (Wed, 21 Dec 2011) | 2 lines

Avoid a potential buffer overflow (and fix some typos).  
Resolves bug 6391: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6391

------------------------------------------------------------------------
r40275 | cmaynard | 2011-12-22 15:49:43 +0100 (Thu, 22 Dec 2011) | 4 lines

What is the airspeed velocity of an unladen swallow?

aspell and my own spelling preferences do not always agree with the spelling 
variations used by folks across the pond.  Revert a couple of spelling changes.

------------------------------------------------------------------------
r40274 | guy | 2011-12-22 10:22:35 +0100 (Thu, 22 Dec 2011) | 5 lines

The encapsulation following WTAP_ENCAP_ARCNET is
WTAP_ENCAP_ARCNET_LINUX; update various tables mapping Wiretap
encapsulations to file-type encapsulations.  Get rid of some trailing
"sorry, that's not supported" entries while we're at it.

------------------------------------------------------------------------
r40280 | cmaynard | 2011-12-22 20:22:43 +0100 (Thu, 22 Dec 2011) | 2 lines

Revert some of the changes made as part of the patch from bug 6194 committed 
in r38326.  Also, change the 3 separate reserved bit fields to a single 3-bit 
reserved field to more closely match the spec.  Lastly, in accordance with 
NOTE 2 of Table 3-1 of the spec, display the connection id, whatever it is, 
rather than assuming it's zero just because the Com bit isn't set.

------------------------------------------------------------------------
r40281 | cmaynard | 2011-12-22 20:41:13 +0100 (Thu, 22 Dec 2011) | 2 lines

Appease the buildbots.

------------------------------------------------------------------------
r40304 | cmaynard | 2011-12-27 19:16:12 +0100 (Tue, 27 Dec 2011) | 2 lines

From Jim Young via bug 5580: Only update the time elapsed between the previous 
displayed packet and this packet if the packet is actually displayed.  
Ref: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5580

------------------------------------------------------------------------
r40316 | gerald | 2011-12-28 21:29:13 +0100 (Wed, 28 Dec 2011) | 3 lines

Add "peflags" to the list of required executables. Use it to make sure
the DLLs we use have DEP and ASLR enabled.

------------------------------------------------------------------------
r40317 | gerald | 2011-12-28 23:37:38 +0100 (Wed, 28 Dec 2011) | 4 lines

Simplify wireshark.nsi a bit by copying DLLs from the wireshark-gtk2
directory.  This picks up any DEP/ASLR-related changes. Run peflags on
more DLLs.

------------------------------------------------------------------------
r40353 | stig | 2012-01-01 11:02:11 +0100 (Sun, 01 Jan 2012) | 1 line

Happy New Year!
------------------------------------------------------------------------


Updated release notes.


------------------------------------------------------------------------
r40364 | jake | 2012-01-03 15:46:19 -0800 (Tue, 03 Jan 2012) | 2 lines

Don't try to create an installer with libraries that are not there.

------------------------------------------------------------------------
r40408 | gerald | 2012-01-08 08:04:37 -0800 (Sun, 08 Jan 2012) | 1 line

[Automatic manuf, services and enterprise-numbers update for 2012-01-08]
------------------------------------------------------------------------
r40418 | gerald | 2012-01-09 11:02:40 -0800 (Mon, 09 Jan 2012) | 2 lines

Add security bugs and list changed protocols and file formats.

------------------------------------------------------------------------
r40426 | gerald | 2012-01-10 09:18:26 -0800 (Tue, 10 Jan 2012) | 22 lines

Copy over revisions from the trunk:

  ------------------------------------------------------------------------
  r40387 | cmaynard | 2012-01-05 09:29:27 -0800 (Thu, 05 Jan 2012) | 2 lines
  Changed paths:
     M /trunk/epan/dissectors/packet-udp.c

  Use length field from UDP header as the pseudo-header's UDP length field instead of using the reported_len.  Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6711
  ------------------------------------------------------------------------
  r40423 | alagoutte | 2012-01-10 05:59:27 -0800 (Tue, 10 Jan 2012) | 5 lines
  Changed paths:
     M /trunk/pcapio.c

  From Jose Pedro Oliveira  via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6719
  pcapio.c: bug in libpcap_write_interface_description_block

  The attached patch fixes a copy_and_paste error in the code of the function libpcap_write_interface_description_block(): strlen(name) instead of strlen(filter).
  ------------------------------------------------------------------------


Update the release notes.

------------------------------------------------------------------------
