idl2deb | 216 216 + 0 - 0 !
idl2deb.dbk | 157 157 + 0 - 0 !
2 files changed, 373 insertions(+)

 idl2deb - create debian packages from idl2wrs modules

asn2deb | 219 219 + 0 - 0 !
asn2deb.dbk | 158 158 + 0 - 0 !
2 files changed, 377 insertions(+)

 asn2deb - create debian packages from asn.1 files

epan/prefs.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 use debian sensible-browser

tools/asn2wrs.py | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 use lex/yacc from ply

ui/gtk/main.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 note about readme.debian when running wireshark as root.

Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 don't regenerate svnversion.h

wireshark.desktop | 5 3 + 2 - 0 !
1 file changed, 3 insertions(+), 2 deletions(-)

 change icon and categories for desktop file

tools/idl2wrs | 34 0 + 34 - 0 !
1 file changed, 34 deletions(-)

 do not try to locate wireshark_be.py and wireshark_gen.py in
 non-standard places.

ui/gtk/about_dlg.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 change location of license file in about dialog

epan/dissectors/packet-hsrp.c | 10 9 + 1 - 0 !
1 file changed, 9 insertions(+), 1 deletion(-)

 [patch 1/4] revert r41311, fix bug #7581

svn path=/trunk/; revision=44454

epan/dissectors/packet-drda.c | 5 5 + 0 - 0 !
1 file changed, 5 insertions(+)

 [patch 3/4] fix
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666
 : Check that DRDA command has a minimum length of 10
 bytes to prevent a potential infinite loop

svn path=/trunk/; revision=44749

epan/dissectors/packet-ldp.c | 20 13 + 7 - 0 !
1 file changed, 13 insertions(+), 7 deletions(-)

 [patch 4/4] from aditya ambadkar via
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7046
 :

Fix CID 703472 and (external) fuzz failure 7567:

The dissect_subtlv_interface_parameters is missing the handling of BFD 2..4.
For the crash patch, we decided to add the bfd2..4 in dissect_tlc function(in

epan/dissectors/packet-ppp.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 2/4] fix bug #7668

Use correct field type for lcp.opt.oui

svn path=/trunk/; revision=44688

epan/dissectors/packet-clnp.c | 39 22 + 17 - 0 !
epan/osi-utils.c | 35 16 + 19 - 0 !
2 files changed, 38 insertions(+), 36 deletions(-)

 [patch 06/16] copy over: revision 46646 - clean up white space.

Add a return where I presume it was intended to be - a 4-octet address
is completely handled in that if clause, so there's no reason to fall
through.

Fix a comment.

epan/dissectors/packet-dtn.c | 13 7 + 6 - 0 !
1 file changed, 7 insertions(+), 6 deletions(-)

 [patch 07/16] fix the fuzz failure reported in
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945
 (or at least the complaints from Valgrind; I couldn't
 reproduce the crash).

What part of:

~~~
 * If you're thinking of using tvb_get_ptr, STOP WHAT YOU ARE DOING
 * IMMEDIATELY. Go take a break. Consider that tvb_get_ptr hands you
 * a raw, unprotected pointer that you can easily use to create a
 * security vulnerability or otherwise crash Wireshark. Then consider
 * that you can probably find a function elsewhere in this file that
 * does exactly what you want in a much more safe and robust manner.
~~~

did someone not read?

Use tvb_get_ephemeral_stringz() instead of adding (apparently not sufficiently
checked!) offsets to the result of tvb_get_ptr() and assuming that the result
is a) in bounds and b) a NULL-terminated string.

svn path=/trunk/; revision=46577

epan/dissectors/packet-dtn.c | 12 7 + 5 - 0 !
1 file changed, 7 insertions(+), 5 deletions(-)

 [patch 08/16] get rid of another tvb_get_ptr() abuse (just like

epan/tvbuff.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch 09/16] check the length parameter for
 tvb_get_unicode_string() and
 tvb_get_ephemeral_unicode_string(), throw an
 exception for invalid lengths (including -1, but
 length==-1 does not work for other tvb string
 functions either)

I believe this is the proper fix for
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8112

svn path=/trunk/; revision=46705

epan/tvbuff.c | 49 8 + 41 - 0 !
1 file changed, 8 insertions(+), 41 deletions(-)

 [patch 10/16] copy over:revision 46705, revision 43266, revision
 43263

svn path=/trunk-1.8/; revision=46760

epan/reassemble.c | 38 33 + 5 - 0 !
1 file changed, 33 insertions(+), 5 deletions(-)

 [patch 11/16] from evan: sanity checks before setting a packet's
 total length in fragment_set_tot_len()

(from me: check if fragments exist for the given id)

hopefully, this fixes #8111 and #8163 without causing troubles for other
protocols that use fragmentation and reassembly

svn path=/trunk/; revision=46999

epan/dissectors/packet-rohc.c | 8 5 + 3 - 0 !
1 file changed, 5 insertions(+), 3 deletions(-)

 [patch 12/16] fix
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7679:
 Do not try to set IR header length when the profile
 is unknown

svn path=/trunk/; revision=44700

epan/dissectors/packet-dcp-etsi.c | 16 11 + 5 - 0 !
1 file changed, 11 insertions(+), 5 deletions(-)

 [patch 13/16] copy over from trunk:

    

epan/proto.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch 14/16] copy over r47114 by hand.

  

epan/proto.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch 15/16] take a wild guess at what might be causing
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8197

It can't hurt, in any case.

svn path=/trunk/; revision=47084

epan/dissectors/packet-ntlmssp.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 16/16] prevent copying longer than expected ntlm ssp key

svn path=/trunk/; revision=47248

epan/dissectors/packet-tcp.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 01/10] manually rediscover r43185 to fix
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274

svn path=/trunk-1.8/; revision=47381

epan/dissectors/packet-csn1.c | 36 18 + 18 - 0 !
epan/dissectors/packet-csn1.h | 92 47 + 45 - 0 !
epan/dissectors/packet-gsm_rlcmac.c | 12 6 + 6 - 0 !
epan/dissectors/packet-gsm_rlcmac.h | 8 4 + 4 - 0 !
4 files changed, 75 insertions(+), 73 deletions(-)

 [patch 02/10] backport with non-trivial manual intervention to fix
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8383

epan/dissectors/packet-ms-mms.c | 26 22 + 4 - 0 !
1 file changed, 22 insertions(+), 4 deletions(-)

 [patch 03/10] backport the workaround with manual intervention:
 

epan/dissectors/packet-rtps.c | 5 3 + 2 - 0 !
epan/dissectors/packet-rtps2.c | 5 3 + 2 - 0 !
2 files changed, 6 insertions(+), 4 deletions(-)

 [patch 04/10] fix potential buffer overflow in rtps and rtps2
 dissectors by allocating enough memory to fit the
 "indentation space".

Bug 8332 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8332)

svn path=/trunk/; revision=47658

epan/dissectors/packet-mount.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 05/10] from alyssa milburn via
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335

Make length field unsigned so that negative values fail the bounds check and
throw a regular exception before getting passed to glib (where they cause a
program-ending assert failure instead).

svn path=/trunk/; revision=47672

epan/dissectors/packet-acn.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch 06/10] from alyssa milburn: this patch adds a check for a
 zero count to the existing sanity check code.

From me:
In addition drop superfluous sanity check.

svn path=/trunk/; revision=47692

epan/dissectors/packet-cimd.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch 07/10] bugfix dos in cimd dissector.  bug 8346
 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8346)

svn path=/trunk/; revision=47708

epan/dissectors/packet-dtls.c | 2 1 + 1 - 0 !
epan/exceptions.h | 24 24 + 0 - 0 !
epan/reassemble.c | 61 36 + 25 - 0 !
3 files changed, 61 insertions(+), 26 deletions(-)

 [patch] copy over revisions from the trunk:

  

epan/dissectors/packet-frame.c | 17 17 + 0 - 0 !
1 file changed, 17 insertions(+)

 [patch 10/10] manually backport more of r48011.

Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8441 for 1.8 branch.

svn path=/trunk-1.8/; revision=48132

epan/dissectors/packet-gtpv2.c | 16 8 + 8 - 0 !
1 file changed, 8 insertions(+), 8 deletions(-)

 [patch 1/7] fix
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8493
 : Use proto_tree_add_item instead of
 proto_tree_add_bits_item to display Used Cipher

svn path=/trunk/; revision=48393

Conflicts:
	epan/dissectors/packet-gtpv2.c

epan/dissectors/packet-ber.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 [patch 2/7] copy over with manual intervention:

  

epan/dissectors/packet-ppp.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 3/7] null terminate bit field list.  bug 8638
 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8638)

svn path=/trunk/; revision=49214

epan/dissectors/packet-dcp-etsi.c | 4 1 + 3 - 0 !
1 file changed, 1 insertion(+), 3 deletions(-)

 [patch 4/7] dcp-etsi dissector: new formula for rx_min bug 8231
 (https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8231)

svn path=/trunk/; revision=47295

epan/dissectors/packet-dcp-etsi.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch 5/7] bump two guint16 to guint32 to prevent overflow when
 reassembling a large number of fragments, and add an
 extra bounds check.

Fixes
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8540
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8541

svn path=/trunk/; revision=48644

epan/dissectors/packet-mpeg-dsmcc.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 6/7] fix
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8481

Trivially wrong format string being passed to val_to_str().

svn path=/trunk/; revision=48332

Conflicts:
	epan/dissectors/packet-mpeg-dsmcc.c

epan/dissectors/packet-websocket.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch 7/7] change some ints to guints (as they already are in
 trunk) so that negative values don't falsely pass the
 bounds checks and cause a crash.

Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499

svn path=/trunk-1.8/; revision=48419

epan/dissectors/packet-capwap.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 [patch 2/8] don't pass the return value of tvb_length_remaining() to
 fragment_add_check(), as it might have been -1. Fixes
 Coverity CID 280510: Improper use of negative value.

svn path=/trunk/; revision=43716

epan/dissectors/packet-gmr1_bcch.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch 4/8] from sylvain munaut via
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664
 : packet-gmr1_bcch: Add guards in the SI1/2 choice of
 segment

Although the CSN1 dissector itself will just stop if there is
no matching segment, it will leave the choice field uninitizalized
and so when we use it to fill some other text, it crashes ...

To protect against that, we put a last choice entry that will always
match. As a bonus, it triggers an explicit error in CSN so you
know something is wrong.

svn path=/trunk/; revision=44674

epan/dissectors/packet-ppp.c | 91 43 + 48 - 0 !
1 file changed, 43 insertions(+), 48 deletions(-)

 [patch 3/8] fix potential buffer overflow crash; (bug #7880). rework
 code logic slightly so same code path (and tests)  used
 whether or not 'if(tree)'.

svn path=/trunk/; revision=46128

asn1/nbap/nbap.cnf | 6 4 + 2 - 0 !
epan/dissectors/packet-nbap.c | 72 37 + 35 - 0 !
2 files changed, 41 insertions(+), 37 deletions(-)

 [patch 1/8] don't access nbap_dch_chnl_info if the index is >
 maxNrOfDCHs

svn path=/trunk/; revision=49418

Conflicts:
	epan/dissectors/packet-nbap.c

epan/dissectors/packet-rdp.c | 70 35 + 35 - 0 !
1 file changed, 35 insertions(+), 35 deletions(-)

 [patch 5/8] manually backport parts of
 

epan/dissectors/packet-http.c | 28 21 + 7 - 0 !
1 file changed, 21 insertions(+), 7 deletions(-)

 [patch 6/8] fix the infinite recursion problem reported in
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733
 :

We can't solely rely on the port in the URI to determine whether we will be
recursively called by decode_tcp_ports().  Instead also check the conversation
entry too: if we find that we are the subdissector for this conversation
(which we might be--without the port being in our list of ports--if we
heuristically picked up the conversation or the user did Decode-As),
just bail out and dissect the payload as data.

svn path=/trunk/; revision=49623

wiretap/vwr.c | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

 [patch 7/8] fix the wiretap fuzz failure reported in
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760
 :

Check that the record length we got out of the file is at least as big as
stats block trailer; if not, declare the file bad.

svn path=/trunk/; revision=49739

epan/dissectors/packet-dcp-etsi.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch 8/8] from myself and julian cable via (and fixing)
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717

Don't add a DCP-ETSI fragment for reassembly if the length is wrong.

svn path=/trunk/; revision=49802

epan/dissectors/packet-dvbci.c | 12 8 + 4 - 0 !
1 file changed, 8 insertions(+), 4 deletions(-)

 [patch 1/4] fix
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8916
 reported by Laurent Butti

a TPDU's length field must never be 0
this length field was decremented without prior checking,
allocating length-1 bytes of memory caused a dissector assert

svn path=/trunk/; revision=50474

epan/dissectors/packet-gsm_a_common.c | 96 72 + 24 - 0 !
1 file changed, 72 insertions(+), 24 deletions(-)

 [patch 2/4] copy over with manual intervention:

  

wiretap/netmon.c | 10 9 + 1 - 0 !
1 file changed, 9 insertions(+), 1 deletion(-)

 [patch 3/4] copy over r49697 with manual intervention:

  

epan/dissectors/packet-per.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 [patch 4/4] ensure that the length parameter to
 dissect_per_length_determinant is initialized even in
 cases where we error or otherwise fail to dissect.

Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8722

Thanks to Pascal for his help digging through this one.

svn path=/trunk/; revision=49985

wiretap/netmon.c | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 [patch 1/4] from peter hatina via
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9104

Fix double-free on corrupt netmon file. Wiretap frees the struct for us, we
don't need to free it as well.

svn path=/trunk-1.8/; revision=51781

epan/filesystem.c | 43 43 + 0 - 0 !
wiretap/netmon.c | 6 5 + 1 - 0 !
2 files changed, 48 insertions(+), 1 deletion(-)

 [patch 2/4] copy over r49673 from the trunk:

  

asn1/ldap/packet-ldap-template.c | 4 3 + 1 - 0 !
epan/dissectors/packet-ldap.c | 12 7 + 5 - 0 !
epan/dissectors/packet-rtps.c | 5 5 + 0 - 0 !
epan/dissectors/packet-rtps2.c | 5 5 + 0 - 0 !
4 files changed, 20 insertions(+), 6 deletions(-)

 [patch 3/4] copy over revisions from the trunk:

  

asn1/nbap/nbap.cnf | 3 2 + 1 - 0 !
epan/dissectors/packet-nbap.c | 71 36 + 35 - 0 !
2 files changed, 38 insertions(+), 36 deletions(-)

 [patch 4/4] copy over revisions from trunk:

  

epan/dissectors/packet-ieee802154.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch 1/4] _lookup_extended takes a pointer to the key-pointer
 since it has to set the old key pointer value. _insert
 just takes the key-pointer, not a pointer to it.
 Passing a pointer-to-a-pointer causes the outer pointer
 to be dereferenced as a struct (when it in fact points
 to a pointer to struct) and leads to incorrect
 behaviour and uninitialized/out-of-bounds memory
 accesses.

Fixes https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9139

svn path=/trunk/; revision=52036

asn1/nbap/nbap.cnf | 2 1 + 1 - 0 !
asn1/nbap/packet-nbap-template.c | 2 1 + 1 - 0 !
epan/dissectors/packet-nbap.c | 4 2 + 2 - 0 !
3 files changed, 4 insertions(+), 4 deletions(-)

 [patch 2/4] copy over r52154 by hand:

  

epan/dissectors/packet-sip.c | 19 14 + 5 - 0 !
1 file changed, 14 insertions(+), 5 deletions(-)

 [patch 3/4] fix
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228
 : Ensure that decompressed tvb exists before trying to
 add it to the tree

svn path=/trunk/; revision=52354

epan/dissectors/packet-tcp.c | 14 7 + 7 - 0 !
1 file changed, 7 insertions(+), 7 deletions(-)

 [patch 4/4] copy over r52570 with manual intervention: