commit ba12992902
Author: Gerald Combs <gerald@wireshark.org>
Date:   Tue Apr 20 10:26:09 2021 -0700

    Prep for 3.2.13.

commit 01c31e7a14
Author: Gerald Combs <gerald@wireshark.org>
Date:   Mon Apr 19 10:39:01 2021 -0700

    MS-WSP: Don't allocate huge amounts of memory.
    
    Add a couple of memory allocation sanity checks, one of which
    fixes #17331.
    
    
    (cherry picked from commit b7a0650e061b5418ab4a8f72c6e4b00317aff623)

commit 2d810c3299
Author: Gerald Combs <gerald@wireshark.org>
Date:   Wed Mar 31 11:30:45 2021 -0700

    CMake: Enable AUTO{MOC,UIC,RCC} according to our CMake version.
    
    As noted in be2b0fc810, we need to set CMAKE_AUTO* before searching for
    Qt packages when using 3.20.0 and later. However, this fails if we're
    using CMake 3.9.6 or earlier. Set CMAKE_AUTO* where needed depending on
    our CMake version.
    
    Ping #17314.
    
    (cherry picked from commit a80ea46ff7f19e4c7f9ade4970b0f2a2202f2ea2)
    
    Conflicts:
            ui/qt/CMakeLists.txt

commit b3af0a4eae
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Apr 18 10:14:55 2021 +0000

    [Automatic update for 2021-04-18]
    
    Update manuf, services enterprise numbers, translations, and other items.

commit 9481181832
Author: Uli Heilmeier <uh@heilmeier.eu>
Date:   Mon Mar 22 22:34:20 2021 +0100

    LDAP: SASL Buffer doesn't include Length field
    
    SASL Buffer starts after the SASL Buffer Length field. Therefore
    we should only mark the bytes without the Length field.
    
    Sample capture can be found in wireshark/wireshark#15128
    
    
    (cherry picked from commit 2e6d3b571b50f6a0df31787cb95ba0f66c4fa85f)

commit def0f13433
Author: Simon Holesch <simon@holesch.de>
Date:   Sat Mar 6 01:56:06 2021 +0100

    ptvcursor: Fix crash with deeply nested subtrees
    
    If the proto tree is more than 8 levels deep, the subtree_lvl array
    length is extended, by allocating a new area and copying everything into
    that new area. However the old array length wasn't calculated correctly,
    so only part of the subtree_lvl array was copied, causing a crash after
    two ptvcursor_pop_subtree() calls.
    
    
    (cherry picked from commit fa483ac191d4ec6b1994d600e37af6815a97ce18)

commit f0ea3c6c5f
Author: Guy Harris <gharris@sonic.net>
Date:   Sun Jun 21 17:13:54 2020 -0700

    sysdig-event: fix the type of elements of an array of pointers to hf_ values.
    
    "int * const a[]" means "array of const pointers to (non-const) int". so
    the array elements are all const; "const int *a[]" means "array of
    (non-const) pointrs to const int".
    
    Change-Id: I0571fde7704570b60c9cbd5d94826365ff35abe0
    Reviewed-on: https://code.wireshark.org/review/37546
    Petri-Dish: Guy Harris <gharris@sonic.net>
    Tested-by: Petri Dish Buildbot
    Reviewed-by: Guy Harris <gharris@sonic.net>
    
    (cherry picked from commit c3d5ddc5576db68e57d23ee09ceb3278e03639e9)
    
    Conflicts:
            epan/dissectors/packet-sysdig-event.c

commit 041e5dc674
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Apr 11 10:15:28 2021 +0000

    [Automatic update for 2021-04-11]
    
    Update manuf, services enterprise numbers, translations, and other items.

commit 63bed78490
Author: Guy Harris <gharris@sonic.net>
Date:   Thu Apr 8 19:38:26 2021 -0700

    pcapng: expand a comment and tweak the version test.
    
    Drop in the comment from libpcap about version 1.2 (I wrote that
    comment, and generously double-license it under the BSD license and the
    GPL :-)).
    
    Redo the version test as
    
        if (!({version is one we handle}))
    
    to match the way it's done in libpcap.
    
    
    (cherry picked from commit 7de6b0822ad764edfa0ddd76e6a383bd3408a4e6)

commit 146596d41e
Author: Loris Degioanni <loris@sysdig.com>
Date:   Wed Apr 7 16:54:26 2021 -0700

    sysdig: a couple more fixes
    
    - parse the number of system call arguments in a way that works for both V1 and V2 event blocks
    - returned the correct error string when unable to read the nparams entry from a sysdig event block V2
    
    (cherry picked from commit 7894b1d0ea86224a16c3dbebae0c6db56f590f84)

commit ff9d468bbd
Author: Loris Degioanni <loris@sysdig.com>
Date:   Tue Apr 6 14:42:39 2021 -0700

    sysdig: implementation fixes
    
    - make sure nparams is initialized
    - validate block_total_length in the correct way for sysdig event blocks
    
    (cherry picked from commit cbbe6605043b6137f0a7eb22693969586893637d)

commit 36b22318fc
Author: Loris Degioanni <loris@sysdig.com>
Date:   Tue Apr 6 13:35:58 2021 -0700

    sysdig: simplified the separate handling of the two different sysdig block types
    
    (cherry picked from commit 8c70dd8d176fca0c7e4ed759de0a05c2dd6424cf)

commit e8cad63791
Author: Loris Degioanni <loris@sysdig.com>
Date:   Mon Apr 5 22:16:09 2021 -0700

    sysdig: support the most recent version of sysdig
    Update the pcap-ng reader and sysdig event dissector to support the second version of the sysdig event block, which was introduced after Wireshark's original implementation
    
    (cherry picked from commit fbe8d3a00f1408960186572de96f82b4616eed49)

commit 482ed5441a
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Apr 4 13:28:16 2021 -0700

    GitLab CI: Switch to our new Windows runner.
    
     Conflicts:
            .gitlab-ci.yml

commit f0b08d4154
Author: David Perry <boolean263@protonmail.com>
Date:   Thu Jan 7 16:21:42 2021 -0500

    maxmind: add optional synchronous lookups
    
    When tshark enables synchronous resolution of IP addresses to names,
    forces calls to maxmind_db_lookup_ipv4()/_ipv6() to block-wait for the
    maxmind response.
    
    Proposed fix for #14691.
    
    (backported from commit c0abaa06f717a38ba15c24f10ee19fcc69b21537)

commit 0b7b85c69b
Author: Vahap Emin Agaogullari <vahapemin44@gmail.com>
Date:   Tue Feb 23 11:15:14 2021 +0000

    PROFINET: Multiple write in record dissection
    
    COContainerContent dissects PDInterfaceMrpDataAdjust and
    PDInterfaceMrpDataAdjust dissects remaining COContainerContent
    because of offset problem. Offset problem is fixed.
    
    (cherry picked from commit ccec04ede0591a5e83d2664c26ed5cb4481a6809)
    (cherry picked from commit ecbe04e0bbc6634eaa6c54968870fee61760107c)

commit 2f22f0c574
Author: Guy Harris <gharris@sonic.net>
Date:   Mon Mar 29 00:55:23 2021 +0000

    tvbuff_subset: fix its implementation of string scanning.
    
    Both subset_find_guint8() and subset_pbrk_guint8() pass the parent
    tvbuff to tvb_find_guint8()/tvb_ws_mempbrk_pattern_guint8(), along with
    the offset in that tvbuff.
    
    That means that the offset they get back is relative to that tvbuff, so
    it must be adjusted to be relative to the tvbuff *they* were handed.
    
    For subsets of frame and "real data" tvbuffs, there's a single lump of
    data containing the content of the subset tvbuff, so they go through the
    "fast path" and get the offset correct, bypassing the broken code;
    that's the vast majority of calls to those routines.
    
    For subsets of *composite* tvbuffs, however, they don't go through the
    "fast path", and this bug shows up.
    
    This causes both crashes and misdissection of HTTP if the link-layer is
    PPP with Van Jacobson compression, as the decompression uses composite
    tvbuffs.
    
    Fixes #17254 and its many soon-to-be-duplicates.
    
    
    (cherry picked from commit 2ba52cdc0e4216dafdfc32498fc0210c99449ec9)

commit 01e80e3145
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Mar 28 10:17:56 2021 +0000

    [Automatic update for 2021-03-28]
    
    Update manuf, services enterprise numbers, translations, and other items.

commit 7a259f6ecc
Author: Guy Harris <gharris@sonic.net>
Date:   Sun Mar 28 02:31:37 2021 +0000

    wslua_tvb: correctly trim off the end of a tvbuff.
    
    The length specified in a TvbRange is the *actual packet length*, not
    the *sliced-to* length, so use tvb_new_subset_length() to cut it short.
    
    This fixes the fix for #15655, and addresses at least some of the issues
    in #17255.
    
    
    (cherry picked from commit cda18f951ebfe53dc5bbb841618dc12e31b38ec6)

commit 5f33711d3e
Author: George Powers <gpowers@google.com>
Date:   Thu Nov 5 22:26:49 2020 +0000

    Fix reported_len in Lua framewark when creating tvb from range.
    
    This bug affects Lua plugin dissectors for encapsulation protocols like
    GRE.  Typically the dissector creates a range for the payload packet, then
    calls the next dissector with a tvb derived from the range, using
    TvbRange_tvb().  The original version calls
    tvb_new_subset_length_caplen() using the remaining capture length for the
    reported_len argument.  The fix passes -1 as the reported length, and
    tvb_new_subset_length_caplen() calculates the new reported_len as required.
    
    The bug only affects large packets captured with a snaplen and
    truncated, then decoded with a Lua plugin for the encapsulation header.
    
    Here's the typical bug symptom, gleaned from tshark decode of
    an encapsulated IP payload:
    
            [Expert Info (Error/Protocol): IPv4 total length exceeds packet length (114 bytes)]
                [IPv4 total length exceeds packet length (114 bytes)]
    
    Closes #15655.
    
    
    (cherry picked from commit e7ec6739b6bb0bcdbd2937a582635697fa65e524)

commit 4adb329c48
Author: Gerald Combs <gerald@wireshark.org>
Date:   Fri Mar 26 12:52:01 2021 -0700

    CMake: Enable AUTO{MOC,UIC,RCC} earlier.
    
    Enable CMAKE_AUTOMOC, CMAKE_AUTOUIC, and CMAKE_AUTORCC before searching
    for Qt packages. This is apparently required for CMake 3.20.0 and later.
    Fixes #17314.
    
    (cherry picked from commit be2b0fc810fb2f2a80e471138dc29f0cbe87b209)
    
     Conflicts:
            ui/qt/CMakeLists.txt

commit 2bb426d469
Author: Uli Heilmeier <uh@heilmeier.eu>
Date:   Tue Mar 23 11:32:42 2021 +0000

    DNS: Fix pointer for is_multiple_responses
    
    As discussed in wireshark/wireshark!2497 there is no need
    for a pointer to a pointer.
    
    
    (cherry picked from commit 337bdf8eb34be3fc5ccd1197868077e6276a2d6c)

commit 0a8998c23c
Author: Uli Heilmeier <uh@heilmeier.eu>
Date:   Sun Mar 21 10:15:56 2021 +0100

    DNS: IXFR/AXFR queries with multiple responses
    
    IXFR and AXFR queries can have multiple DNS responses. As all responses
    belong to one transaction, they have the same transaction ID.
    
    We shouldn't handle them as retransmits.
    
    Fix: wireshark/wireshark#17293
    (cherry picked from commit 07fb47111ee968ba132ce98764486dc825209e80)

commit 640c0ebf18
Author: Guy Harris <gharris@sonic.net>
Date:   Mon Mar 22 19:13:34 2021 -0700

    Do the LFS checks before processing any subdirectories.
    
    That's necessary in order to make sure that the required -D flags show
    up when building code from all subdirectories.
    
    (cherry picked from commit 3f556a6e7639716a7254a4fcdf88e33ef3896fe8)

commit 2e00a33e9b
Author: Guy Harris <gharris@sonic.net>
Date:   Mon Mar 22 02:47:56 2021 -0700

    Replace the Large File Support CMake stuff.
    
    The existing stuff doesn't appear to work (I tried it on 32-bit Ubuntu
    18.04, and it did *not* add any flags to the compilation, as it appeared
    not to conclude that they were necessary, even though they were).
    
    Pull in the stuff from libpcap, which *does* appear to work.  (it does
    so in my 32-bit Ubuntu testing).
    
    This should fix #17301.
    
    While we're at it, fix cppcheck.sh so that it doesn't attempt to run
    cppcheck on files that have been deleted.
    
    (cherry picked from commit 0cc59d38ab6ef38e965d4de8a3ec4b80bcb5a6a3)

commit 49b215b62d
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Mar 21 10:15:22 2021 +0000

    [Automatic update for 2021-03-21]
    
    Update manuf, services enterprise numbers, translations, and other items.

commit 2adad94488
Author: Darius Davis <darius@vmware.com>
Date:   Sat Mar 20 09:37:53 2021 +1000

    Minor doc cleanups.
    
    Here's a grab bag of trivial cleanup to the documentation.  This change:
    
    - Cleans up some comments in the asciidoctor macros which are no longer
      accurate (and do not appear in the build products anyway).
    
    - Fixes a missing space in the text "Wireshark Q&A" in the release notes.
    
    - Allows the "docbook" backend to produce hyperlinks too... That seems to be
      necessary if we want to start using our custom link macros in WSDG, which
      seems like a reasonable thing to do.  And fixes up a wrong variable name in
      the handling of the case where we are not able to produce a hyperlink.
    
    (cherry picked from commit 4c513fb4ab880b2c63491d91b8ccf6ce17627f08)
    
     Conflicts:
            docbook/release-notes.adoc

commit df0588a99e
Author: Guy Harris <gharris@sonic.net>
Date:   Mon Mar 15 00:10:57 2021 +0000

    Fix the captions for the buttons in the "export specified packets" dialog.
    
    The "Selected packet" caption is wrong, as there could be more than one
    packet selected.  Furthermore, in the non-Windows "export specified
    packets" dialog, the caption is "Selected packets only", so go with the
    full caption.
    
    The "Marked packets" caption also lacks the "only" that it has in the
    other dialog; add it as well.
    
    
    (cherry picked from commit f785cf53401c38d695de7b961babc6b796466a50)

commit 178f40cd98
Author: John Thacker <johnthacker@gmail.com>
Date:   Sun Mar 14 09:21:31 2021 -0400

    export_pdu: Fixup backported commit
    
    Commit 6ea2762f1241adb7b5bf4ad5082f577d87c41509 accidentally left in
    a line when the backport to master-3.2 was done, remove it.

commit c3720e2df5
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Mar 14 11:13:56 2021 +0000

    [Automatic update for 2021-03-14]
    
    Update manuf, services enterprise numbers, translations, and other items.

commit 88fddd6e9c
Author: Guy Harris <gharris@sonic.net>
Date:   Sat Mar 13 22:00:21 2021 -0800

    pcapng: make sure the packet encapsulation matches the interface encapsulation.
    
    If an attempt is made to write a packet with one encapsulation for an
    interface with a different encapsulation, report an internal error.
    
    (backported from commit 610dffbb19532034309a0ee326128a71608ebe6a)

commit 6ea2762f12
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri Mar 12 22:12:40 2021 -0500

    export_pdu: set pkt_encap to a WTAP_ENCAP value, not a pcap LINKTYPE_ value.
    
    rec.rec_header.packet_header.pkt_encap expects WTAP encapsulation types,
    not PCAP encapsulation types, so don't call
    wtap_wtap_encap_to_pcap_encap().
    
    Also, set the output file encapsulation, and the link-layer type of the
    fake interface, to exp_pdu_tap_data->pkt_encap rather than wiring it to
    WTAP_ENCAP_WIRESHARK_UPPER_PDU (we set exp_pdu_tap_data->pkt_encap to
    WTAP_ENCAP_WIRESHARK_UPPER_PDU, but this is a bit cleaner).
    
    (backported from commit ea60a57826624bcdf8f955af85af7130c8864018)

commit 1a4be01460
Author: Guy Harris <gharris@sonic.net>
Date:   Sat Mar 13 23:50:27 2021 +0000

    tshark: clean u the way the -U option lists available taps.
    
    Allow "-U ?" as well as an empty argument; an empty argument is a bit
    counterintuitive.
    
    Simplify the introductory line of output - asking for a list of taps
    isn't an error in which the user failed to supply a tap name, it's a
    case where the user suplied a request for a list of tap names.
    
    Just use fprintf() to print the list, and indent the elements of the
    list, as we do with other lists of valid arguments.
    
    List the valid arguments if the user specified an invalid argument as
    well.
    
    
    (cherry picked from commit 9bd144b8ea30a7345eca3c0cb590bc146f45f97c)

commit 017ff25812
Author: Guy Harris <gharris@sonic.net>
Date:   Sat Mar 13 11:57:52 2021 +0000

    tshark: fix handling of "you're writing to a closed pipe" errors on Windows.
    
    On Windows, a write to a pipe where the read side has been closed
    apparently may return the Windows error ERROR_BROKEN_PIPE, which the
    Visual Studio C library maps to EPIPE, or may return the Windows error
    ERROR_NO_DATA, which the Visual Studio C library maps to EINVAL.
    
    So, on Windows, for errors other than the ones for which we're reporting
    a special error message, check for EINVAL with a *Windows* error of
    ERROR_NO_DATA and, if that's what we have, don't print an error message;
    otherwise, print an error message that reports a message based on the
    Windows error (rather than a relatively uninformative "Invalid argument"
    error).
    
    This should fix issue #16192.
    
    Clean up indentation while we're at it.
    
    
    (cherry picked from commit 1eb4a62dbc190b0f0cfcf7b945bb0e82ddf2246c)

commit 877f5c7af9
Author: Gerald Combs <gerald@wireshark.org>
Date:   Thu Mar 11 00:18:58 2021 +0000

    GitLab CI: Add a `tshark -G` artifact.
    
    Dump `tshark -G fields` to a file and add it as an artifact. This
    automates a step in the release process.
    
    
    (cherry picked from commit e8421b1a0e4c647ea6718190736e917f18eea83b)

commit c386e1aa14
Author: Martin Mathieson <martin.mathieson@keysight.com>
Date:   Wed Mar 10 21:21:56 2021 +0000

    DECT: "tranceiver" -> "transceiver"
    
    
    (cherry picked from commit 933e7f5eb6798e72e349099be3cd16a890be7fc7)

commit ab0a06216b
Author: Gerald Combs <gerald@wireshark.org>
Date:   Wed Mar 10 12:29:39 2021 -0800

    Version: 3.2.12 → 3.2.13.
    
    [skip ci]
