commit eaefcedbd7
Author: Gerald Combs <gerald@wireshark.org>
Date:   Tue Jun 3 18:56:22 2025 -0700

    Prep for 4.2.12

commit 36baf9eb60
Author: Gerald Combs <gerald@wireshark.org>
Date:   Tue Jun 3 08:48:00 2025 -0700

    Logcat Text: Add a pointer check

    (cherry picked from commit f871fd40727788ceea3346d07dc9bfe75c2f8d1c)

     Conflicts:
            epan/dissectors/packet-logcat-text.c

commit 28ab674ae5
Author: Gerald Combs <gerald@wireshark.org>
Date:   Mon Jun 2 13:15:26 2025 -0700

    capinfos: Fix a memory leak found by scan-build

    (cherry picked from commit 599a88e9002ec195104dc849ef8750a7fee19eae)

    Conflicts:
            capinfos.c

commit 697631f6d0
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Jun 1 09:15:45 2025 +0000

    [Automatic update for 2025-06-01]

    Update manuf, services enterprise numbers, translations, and other items.

commit f0427f0b59
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed May 28 15:58:01 2025 +0000

    btle: Fix LL_PERIODIC_SYNC_WR_IND dissection

    dissect_periodic_sync_ind() returns the new offset, not bytes dissected.

    Fixup bf7b3ee3537842c96d0e021200751c137d69c882

    Fix #20554

    (cherry picked from commit 1d9b026fdbdad7c6fb93c65f432b61b5c7d00c7b)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 33a0decd74
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun May 25 09:16:09 2025 +0000

    [Automatic update for 2025-05-25]

    Update manuf, services enterprise numbers, translations, and other items.

commit 99b61a52f6
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun May 18 09:26:14 2025 +0000

    [Automatic update for 2025-05-18]

    Update manuf, services enterprise numbers, translations, and other items.

    TLS CT Log IDs failed.

commit 44f4748d13
Author: John Thacker <johnthacker@gmail.com>
Date:   Sat May 17 11:09:08 2025 +0000

    NVMe: Add missing reserved bits to Arbitration Feature

    See NVMe specification 5.14.1.1 Arbitration, Figure 110.
    https://www.nvmexpress.org/wp-content/uploads/NVM-Express-1_2a.pdf

    This missing causes an unregistered hfindex error. Note that
    the method of using arrays of hfs here causes the tools to fail
    to notice this.

    Also fix an encoding of a different FT_BYTES reserved field to
    satisfy the commit check.

    Fix #20539

    (cherry picked from commit 2294a9f8b2999dd7e9ddfe573cd1ed72a11423de)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 18e4db97c4
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri May 16 12:44:10 2025 +0000

    Update GPL copies for FSF no longer having an address

    As of September 1, 2024, the FSF has gone fully remote and no longer
    has an office[1] and has updated the GPL text[2] to point people to their
    websites instead of their former mailing address.

    1 - https://www.fsf.org/about/contact/

    2 - https://www.gnu.org/licenses/old-licenses/gpl-2.0.html

    (cherry picked from commit 614add27f29269e681e4d32138bea4951985fe0a)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit c51711a62c
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri May 16 02:43:43 2025 +0000

    netlink: Fix a few enum types

    Fix a few cases where something is being cast to the wrong enum type.
    MS Visual Studio 17.14.0 seems to give C5286 warnings on these.

    (cherry picked from commit 5eac2708f6115cc489280c32ef4f15bfa6e4a7ea)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit ee67cb6e80
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue May 13 21:18:24 2025 -0400

    tap-iostat: Fix a possible floating point exception crash

    The -z io,stat tap does not necessarily have a comma after
    the interval value (in the default case of no filter, only
    counting frames and bytes).

    g_strstr_len, like strstr and strchr, does not return a pointer
    to the null terminator when it fails to find a value. Since it
    returns a NULL pointer (numeric value 0), this can cause invl_len
    to be assigned to a large negative number in the case of

    tshark -z io,stat,1.00

    or similar. Since strchrnul is a GNU extension, implement the logic
    using strpbrk and strcspn. Also make the intermediate variable
    unsigned, since it's assigned to an unsigned variable.

    (backported from commit 2544a1251b09c9b9790ab3febc3849b9d084b879)

commit 4ba80f70ee
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun May 11 09:26:36 2025 +0000

    [Automatic update for 2025-05-11]

    Update manuf, services enterprise numbers, translations, and other items.

commit f377e91ef6
Author: Guy Harris <gharris@sonic.net>
Date:   Fri May 9 21:02:44 2025 +0000

    cpu_info: improve the CPU name when running under Rosetta 2.

    Add a routine to determine whether you're running x86-64 code under
    Rosetta 2 on an ARM64 machine and, if you are, note after the CPU name -
    which will refer to the Apple silicon CPU name - that the program is
    running under Rosetta (so that the mention of SSE 4.2, which Rosetta 2
    supports, doesn't look as if Arm have their own "SSE" extension).

    See #17294 comment
    https://gitlab.com/wireshark/wireshark/-/issues/17294#note_2491249686
    *et seq*.

    This could, in principle, be extended to handle Microsoft's x86-64 ->
    ARM64 translator and any other such translators, if there's a way to
    detect from within the Matrix that you're in the Matrix.

    (cherry picked from commit 8007321b3cfc73a9557192fd3e257b5deb1eb4e3)

    Co-authored-by: Guy Harris <gharris@sonic.net>

commit 6e287f4c70
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed May 7 15:36:44 2025 +0000

    WebSocket: fix {server,client}_* parameter handling

    Swap the order that is used by Wireshark. E.g. before this change
    Wireshark uses server_no_context_takeover for client-sent packets, and
    after for server-sent ones.

    Fixes #20531

    (cherry picked from commit 453f35c3661c34567df73c9e6d854932d238f66d)

    Co-authored-by: Peng-Yu Chen <pengyu@libstarrify.so>

commit 3e620fc77d
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun May 4 09:27:32 2025 +0000

    [Automatic update for 2025-05-04]

    Update manuf, services enterprise numbers, translations, and other items.

commit 26785acf43
Author: Dr. Lars Völker <lars.voelker@technica-engineering.de>
Date:   Mon Apr 28 16:45:53 2025 +0200

    LIN: Fixing sleep decode error

    LIN encodes "go to sleep" frames by using ID 0x3C and setting first byte
    to 0x00. This patches allows to detect this correctly.

    This is for LIN messages not transported over TECMP and ASAM CMP but
    written directly to file (e.g., pcapng).

    Closes: #20463 (closed)

commit 5d7e700045
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Apr 27 09:26:33 2025 +0000

    [Automatic update for 2025-04-27]

    Update manuf, services enterprise numbers, translations, and other items.

commit 8c186dbb38
Author: John Thacker <johnthacker@gmail.com>
Date:   Sat Apr 26 10:01:19 2025 +0000

    column: Do not allow fence to go beyond column size when prepending

    When moving the fence location forward when prepending, ensure
    that it does not go past the end of the buffer.

    Also get rid of unnecessary branching and strlen calls.

    Fix #20509

    (cherry picked from commit 53213086304caa3dfbdd7dc39c2668a3aea1a5c0)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 066e2c4a3f
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri Apr 25 13:40:34 2025 +0000

    dfilter: Fix possible segfaults around dup'ing (XOR and multiple relations)

    Both xor and multiple relation tests call stnode_dup, and they
    can be called on sets and character constants. If a node doesn't
    have a dup function, then a shallow copy of the data is performed.

    That doesn't work for the nodes whose data is a pointer (XXX -
    charconst shouldn't need to be a pointer, it's maximum size is
    a gunichar / uint32_t, so GUINT_TO_POINTER style tricks could
    work). For the internal PCRE type (and probably FTYPE), those
    aren't created until all the dup'ing is done, so they're probably
    ok technically, though it's easy enough to implement the ftype
    one. (PCRE requires a change in regex.h)

    A set node needs to have its nodelist duplicated in a similar
    manner as a function node.

    The following two filter tests segfault or assert before this
    change but now work (and do not leak with ASAN):

    dftest 'wlan ^^ ip.proto in {"udp", "tcp"}'

    Filter:
     wlan ^^ ip.proto in {"udp", "tcp"}

    Syntax tree:
     0 TEST_AND:
       1 TEST_OR:
         2 FIELD(wlan <FT_PROTOCOL>)
         2 TEST_IN:
           3 FIELD(ip.proto <FT_UINT8>)
           3 SET(#2):
             4 FVALUE(17 <FT_UINT64>)
             4 FVALUE(6 <FT_UINT64>)
       1 TEST_NOT:
         2 TEST_AND:
           3 FIELD(wlan <FT_PROTOCOL>)
           3 TEST_IN:
             4 FIELD(ip.proto <FT_UINT8>)
             4 SET(#2):
               5 FVALUE(17 <FT_UINT64>)
               5 FVALUE(6 <FT_UINT64>)

    Instructions:
     0000 CHECK_EXISTS     wlan
     0001 IF_TRUE_GOTO     9
     0002 READ_TREE        ip.proto         -> R0
     0003 IF_FALSE_GOTO    18
     0004 SET_ADD          17
     0005 SET_ADD          6
     0006 SET_ANY_IN       R0
     0007 SET_CLEAR
     0008 IF_FALSE_GOTO    18
     0009 CHECK_EXISTS     wlan
     0010 IF_FALSE_GOTO    17
     0011 READ_TREE        ip.proto         -> R0
     0012 IF_FALSE_GOTO    17
     0013 SET_ADD          17
     0014 SET_ADD          6
     0015 SET_ANY_IN       R0
     0016 SET_CLEAR
     0017 NOT
     0018 RETURN

    and

    dftest -s "tcp.srcport <= '\x50' < tcp.dstport"
    Filter:
     tcp.srcport <= '\x50' < tcp.dstport

    Syntax tree:
     0 TEST_AND:
       1 TEST_LE:
         2 FIELD(tcp.srcport <FT_UINT16>)
         2 FVALUE(80 <FT_UINT16>)
       1 TEST_LT:
         2 FVALUE(80 <FT_UINT16>)
         2 FIELD(tcp.dstport <FT_UINT16>)

    Instructions:
     0000 READ_TREE        tcp.srcport      -> R0
     0001 IF_FALSE_GOTO    7
     0002 ANY_LE           R0 <= 80
     0003 IF_FALSE_GOTO    7
     0004 READ_TREE        tcp.dstport      -> R1
     0005 IF_FALSE_GOTO    7
     0006 ANY_LT           80 < R1
     0007 RETURN

    (cherry picked from commit f5e14b6dc97554f6674ad44e472d1e5a2c1984ee)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 7e74fc9761
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Apr 20 09:26:39 2025 +0000

    [Automatic update for 2025-04-20]

    Update manuf, services enterprise numbers, translations, and other items.

commit e8d6ba74bf
Author: Peter Wu <peter@lekensteyn.nl>
Date:   Sun Apr 13 23:35:28 2025 +0200

    Fix buffer overrun when applying prefs with command line prefs present

    Saving preferences in Qt caused a buffer overrun (read) crash with ASAN
    with `wireshark -otls.keylog_file:/dev/null`. It would try to compare:

        "tls.keylog_file:/dev/null" (overflow with 4 bytes in this case)
        "capture.devices_monitor_mode:"

    Fixes: v3.5.1rc0-146-g84a0141683 ("[#12331] Persist cmd-line prefs on reloading Lua")
    (cherry picked from commit 0cae98570ebc235d0ad2ad776529197244416667)

commit ec93a8b92e
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Apr 13 09:25:49 2025 +0000

    [Automatic update for 2025-04-13]

    Update manuf, services enterprise numbers, translations, and other items.

commit 20ea67d62d
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue Apr 8 01:19:56 2025 +0000

    Fix: lua bit buffer overflow

    (cherry picked from commit 6d25f1bab98e379f7643d97ad405539e47bf31fe)

    Co-authored-by: KIMDONGYEON00 <dongyeonkim2000@gmail.com>

commit d762668db3
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Apr 6 09:27:33 2025 +0000

    [Automatic update for 2025-04-06]

    Update manuf, services enterprise numbers, translations, and other items.

commit 652a50e9b0
Author: Dr. Lars Völker <lars.voelker@technica-engineering.de>
Date:   Tue Apr 1 19:48:25 2025 +0200

    TECMP/CMP: fix decoding issue for LIN go to sleep

    LIN encodes "go to sleep" frames by using ID 0x3C and setting first byte
    to 0x00. This patches allows to detect this correctly.

    Closes: #20463

commit 97a3466d4f
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Mar 30 09:27:01 2025 +0000

    [Automatic update for 2025-03-30]

    Update manuf, services enterprise numbers, translations, and other items.

commit 775c598171
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Mar 30 09:17:30 2025 -0700

    GitLab CI: Update our macOS image

    macos-13-xcode-14 is no longer available, so switch to
    macos-14-xcode-15.

commit 7753429348
Author: Pascal Quantin <pascal@wireshark.org>
Date:   Wed Mar 26 09:39:18 2025 +0100

    F1AP, Fix UL RRC Message Classification in InitialULRRCMessageTransfer

    (cherry picked from commit 93de861ab3133a5cbc7386589bdc3b77dbe28837)

    40e04907 F1AP, rrc-container handle nr_rrc_ul_ccch_handle

    Co-authored-by: Ashwini Sahu <ashwinisahu990@gmail.com>

commit 6dbc52334f
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon Mar 24 13:31:57 2025 +0000

    dumpcap: Set pipe error status on non-initial SHB read failure

    If a dumpcap is reading from a pipe, and reading a SHB subsequent
    to the first one fails, set the pipe error status and return with
    failure, instead of continually trying to read from the pipe.

    This can happen, for example, if reading a pipe pcapng with mixed
    BE/LE SHBs, where the first SHB is the same Endianness as the host,
    but a later SHB is not.

    Ping #15707

    (cherry picked from commit ac0ef1832810f9d79eac4b2d5eac1d88ca353495)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 785221482b
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Mar 23 09:26:26 2025 +0000

    [Automatic update for 2025-03-23]

    Update manuf, services enterprise numbers, translations, and other items.

commit da80755f8c
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Mar 16 09:26:55 2025 +0000

    [Automatic update for 2025-03-16]

    Update manuf, services enterprise numbers, translations, and other items.

commit 2f025529a5
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Sat Mar 15 16:37:24 2025 +0000

    quake: fix header dissection

    The flags come before the length, as can be seen in the original source here:

    https://github.com/id-Software/Quake/blob/bf4ac424ce754894ac8f1dae6a3981954bc9852d/WinQuake/net_dgrm.c#L360-L362

    This seems to be a regression introduced in 4f970746.

    (cherry picked from commit 6f4a70b4014ab74fc4640851c26c717d03e3d6e5)

    Co-authored-by: Roman Donchenko <rdonchen@outlook.com>

commit bd7176e97d
Author: Guy Harris <gharris@sonic.net>
Date:   Sat Mar 15 02:29:05 2025 +0000

    raw: create a new tvbuff to hand to IP dissectors.

    That way, if they modify its size to match the total length in the
    header, they don't mess up the display of the raw packet data by cutting
    it short.

    Addresses some of issue #20423.

    Add a comment about an issue discovered while testing this.

    (cherry picked from commit 44563411c0e2a212ee4e843e4148e60dac1691d6)

    Co-authored-by: Guy Harris <gharris@sonic.net>

commit af1381a907
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Mar 9 09:26:18 2025 +0000

    [Automatic update for 2025-03-09]

    Update manuf, services enterprise numbers, translations, and other items.

commit e0da46e7a0
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Mar 2 09:25:56 2025 +0000

    [Automatic update for 2025-03-02]

    Update manuf, services enterprise numbers, translations, and other items.

commit 2dd000a0ef
Author: Ryan Govostes <ryan@govost.es>
Date:   Fri Feb 28 20:43:41 2025 +0000

    wslua: Fix use-after-free of DissectorTable name

    (backported from commit f208bcc12730897f2013d757d04cf5f13e75b54d)

commit 515e826f57
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue Feb 25 21:26:37 2025 -0500

    epan: Actually set the values of IEEE_11073_FLOATs

    The values read from the packet have never actually been set
    to the fvalues (there's only two such fields, temperature fields.)

    This fixes the reported temperature in the file on #15058

    (backported from commit c4670ec7ac3c433f612593eb6a3f16c14852f192)

commit 4bd3bc095b
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed Feb 26 11:18:28 2025 +0000

    Qt: Don't create extra action types for Find/Colorize in Conversations

    The Find and Colorize actions only support the plain and not operations
    on a filter, they don't support and/or/andnot/ornot. Pass in the
    current Action type so that menu items that don't really work aren't
    created in the Conversations and Endpoints menu.

    (cherry picked from commit e012d63bfb9b5dc1ae8162d367c8a15b68f4617e)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 46a1c32b16
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed Feb 26 01:20:15 2025 +0000

    ftypes: Allow 0 to convert to a IEEE-11073 [S]Float

    If the literal value consists of entirely leading zeros
    (e.g., "0") with no fractional part, then *i_char already points
    to the null terminator after skipping the leading zeroes, which
    means we need to skip the while loop and not iterate i_char past
    the null terminator.

    On a ASAN build, the current code will stop with a buffer overflow.
    On most builds, the filter will unexpectedly fail, claiming that
    "0" cannot be converted to a IEEE-11073 float.

    Just make the do..while loop into a simple while loop. (We can
    also remove a check if c is '\0' because it won't enter the loop
    in that case.)

    (cherry picked from commit 1616983542e7beca3a7ad7ade9a9a70ee80e3b2b)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 2f002d97cd
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Feb 23 09:26:32 2025 +0000

    [Automatic update for 2025-02-23]

    Update manuf, services enterprise numbers, translations, and other items.

commit 5dfcee8f0a
Author: John Thacker <johnthacker@gmail.com>
Date:   Thu Feb 20 11:42:55 2025 +0000

    Protobuf: Don't truncate the string value to ITEM LENGTH for dumping

    Don't call proto_tree_item_ret_display_string, which truncates the
    returned value to ITEM_LABEL_LENGTH (at least since
    commit 603354203b608a0d94b91c61791b2ec3052a870b, possibly earlier),
    but call proto_tree_item_ret_string, which doesn't, when getting the
    string value to add to the JSON view (and later to output the JSON
    view's value via output formats like JSON or PDML.)

    Don't create the string a second time, either, if there's another hf.

    Fix #20392

    (cherry picked from commit 3e4ec4f4a7866891c6551ee41e40121dcfd0c371)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 8b369c798c
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Feb 9 12:23:31 2025 -0800

    GitLab CI: Disable the Fedora MinGW builds for now

    Fedora doesn't appear to have checks in place to ensure that their MinGW
    Qt packages work, so disable the MinGW builds for now. Someone other
    than us needs to be the canary in that particular coal mine.

    (cherry picked from commit e0000830728723bdc24ed291d14496b5cf39a551)

    Conflicts:
            .gitlab-ci.yml

commit de87535eb7
Author: Gerald Combs <gerald@wireshark.org>
Date:   Wed Feb 19 12:46:04 2025 -0800

    Version: 4.2.11 → 4.2.12

    [skip ci]
