Wireshark 3.0.7 Release Notes
What’s New
The Windows and macOS installers now ship with Qt 5.12.6. They
previously shipped with Qt 5.12.5.
Bug Fixes
The following vulnerabilities have been fixed:
• wnpa-sec-2019-22[1] CMS dissector crash. Bug 15961[2].
CVE-2019-19553[3].
The following bugs have been fixed:
• ws_pipe_wait_for_pipe() can wait on closed handles. Bug 15696[4].
• Support for 11ax in PEEKREMOTE. Bug 15740[5].
• The temporary file …<U+200B> could not be opened: Invalid argument. Bug
15751[6].
• Reassembling of the two TLS records is not working correctly. Bug
16109[7].
• Display Filter Area: Dropdown Missing pkt_comment and
tcp.options.sack_perm (likely others). Bug 16130[8].
• Display Filter autocompletion should be disabled. Bug 16132[9].
• BGP Linkstate IP Reachability information is incorrect. Bug
16144[10].
• NGAP: ExpectedUEActivityBehaviour decode error. Bug 16145[11].
• HomePlug AV dissector: MMTYPE and FMI fields are dissected
incorrectly. Bug 16158[12].
• JPEG files cannot be saved on Windows with french language. Bug
16165[13].
• X11 --display interpreted as --display-filter which maps to -Y
option. Bug 16167[14].
• "Create new file automatically after" not working with extcap.
Bug 16178[15].
• Encrypted TLS alerts sometimes listed as decrypted. Bug
16180[16].
• The "Remove Wireshark from the system path" package has "Add
Wireshark to the system PATH" as its title. Bug 16200[17].
• tshark -T ek -x causes get_field_data: code should not be
reached. Bug 16218[18].
• Crash on Go → Next/Previous Packet in Conversation when no packet
is selected.
18.1.1
- Fix race condition when shutting down ZAP thread while events are still processing (only affects tests)
- Publish wheels for Python 3.8 on all platforms
- Stop publishing wheels for Python 3.4 on Windows
- Sources generated with Cython 0.29.14
* Version 2.0.34
- Blacklisted names are now also blocked if they appear in `CNAME`
pointers.
- `dnscrypt-proxy` can now act as a local DoH *server*. Firefox can
be configured to use it, so that ESNI can be enabled without bypassing
your DNS proxy.
Changes:
2019/11/25 : 2.0.10
- BUG/MINOR: init: fix set-dumpable when using uid/gid
- MINOR: peers: Alway show the table info for disconnected peers.
- MINOR: peers: Add TX/RX heartbeat counters.
- MINOR: peers: Add debugging information to "show peers".
- BUG/MINOR: peers: Wrong null "server_name" data field handling.
- BUG/MINOR: ssl: fix crt-list neg filter for openssl < 1.1.1
- BUG/MEDIUM: mworker: don't fill the -sf argument with -1 during the reexec
- BUG/MINOR: peers: "peer alive" flag not reset when deconnecting.
- BUILD/MINOR: ssl: fix compiler warning about useless statement
- BUG/MEDIUM: stream-int: Don't loose events on the CS when an EOS is reported
- BUILD: debug: Avoid warnings in dev mode with -02 because of some BUG_ON tests
- BUG/MINOR: mux-h1: Fix tunnel mode detection on the response path
- BUG/MINOR: http-ana: Properly catch aborts during the payload forwarding
- MINOR: freq_ctr: Make the sliding window sums thread-safe
- MINOR: stream: Remove the lock on the proxy to update time stats
- MINOR: counters: Add fields to store the max observed for {q,c,d,t}_time
- MINOR: contrib/prometheus-exporter: Report metrics about max times for sessions
- BUG/MINOR: contrib/prometheus-exporter: Rename some metrics
- MINOR: contrib/prometheus-exporter: report the number of idle conns per server
- MINOR: contrib/prometheus-exporter: filter exported metrics by scope
- MINOR: contrib/prometheus-exporter: Add a param to ignore servers in maintenance
- BUG/MINOR: stream-int: Fix si_cs_recv() return value
- MINOR: stats: Report max times in addition of the averages for sessions
- REGTEST: vtest can now enable mcli with its own flag
- MEDIUM: mux-h1: Add the support of headers adjustment for bogus HTTP/1 apps
- BUG/MINOR: mux-h1: Fix a UAF in cfg_h1_headers_case_adjust_postparser()
- BUG/MINOR: mux-h1: Adjust header case when chunked encoding is add to a message
- DOC: Add missing stats fields in the management manual
- DOC: Add documentation about the use-service action
- BUG/MINOR: cli: fix out of bounds in -S parser
- BUG/MINOR: ssl: fix curve setup with LibreSSL
- MINOR: ist: add ist_find_ctl()
- BUG/MAJOR: h2: reject header values containing invalid chars
- BUG/MAJOR: h2: make header field name filtering stronger
- BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in idle state
- SCRIPTS: create-release: show the correct origin name in suggested commands
- SCRIPTS: git-show-backports: add "-s" to proposed cherry-pick commands
2019/11/15 : 2.0.9
- MINOR: config: warn on presence of "\n" in header values/replacements
- BUG/MINOR: mux-h2: do not emit logs on backend connections
- MINOR: tcp: avoid confusion in time parsing init
- BUG/MINOR: cli: don't call the kw->io_release if kw->parse failed
- BUG/MINOR: mux-h2: Don't pretend mux buffers aren't full anymore if nothing sent
- BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST is reached
- BUG/MINOR: spoe: fix off-by-one length in UUID format string
- MINOR: mux: Add a new method to get informations about a mux.
- BUG/MEDIUM: stream_interface: Only use SI_ST_RDY when the mux is ready.
- BUG/MEDIUM: servers: Only set SF_SRV_REUSED if the connection if fully ready.
- BUG/MINOR: config: Update cookie domain warn to RFC6265
- BUG/MEDIUM: mux-h2: report no available stream on a connection having errors
- BUG/MEDIUM: mux-h2: immediately remove a failed connection from the idle list
- BUG/MEDIUM: mux-h2: immediately report connection errors on streams
- BUG/MEDIUM: mux-h1: Disable splicing for chunked messages
- BUG/MEDIUM: stream: Be sure to support splicing at the mux level to enable it
- MINOR: doc: http-reuse connection pool fix
- BUG/MEDIUM: stream: Be sure to release allocated captures for TCP streams
- BUG/MINOR: action: do-resolve now use cached response
- BUG: dns: timeout resolve not applied for valid resolutions
- DOC: management: document reuse and connect counters in the CSV format
- DOC: management: document cache_hits and cache_lookups in the CSV format
- DOC: management: fix typo on "cache_lookups" stats output
- BUG/MINOR: queue/threads: make the queue unlinking atomic
- BUG/MEDIUM: listeners: always pause a listener on out-of-resource condition
- BUG/MEDIUM: Make sure we leave the session list in session_free().
- CLEANUP: session: slightly simplify idle connection cleanup logic
- MINOR: memory: also poison the area on freeing
- BUILD: contrib/da: remove an "unused" warning
- BUG/MINOR: log: limit the size of the startup-logs
- BUG/MEDIUM: filters: Don't call TCP callbacks for HTX streams
- BUG/MINOR: mux-h1: Don't set CS_FL_EOS on a read0 when receiving data to pipe
Responses 0.10.7
Improved formatting of project description in pypi.
Unicode cookie values are now normalized to URL quoted encoding.
Module exports are statically defined improving code completion and IDE navigation.
Improved compatibility with pytest 5
* decode escaped \2XX and \\ correctly
* support the up and coming dhcpcd-9
dhcpcd-ui-0.7.6 changes:
* added dhcpcd-curses - this is very much a work in progress
* allow background scanning when interface is down
* wireless icon represents signal strength better
* improved wpa_suppliant interaction
* Qt5 is supported
* supports newer dhcpcd variables
Changes in 3.23
Adapted for BBC changes that caused "403 Forbidden" errors when attempting to download HLS streams (the default).
The --hls-lq-audio option is now ignored and will be removed in the next release. 320k audio for TV programmes is no longer available, so the option has no effect.
320k/96k HLS streams for radio programmes are no longer available, except for 96k HLS streams for some World Service programmes. DASH streams are still available for those bit rates. Some older programmes may still have 320k/96k HLS streams available, but they should eventually disappear.
If you use default settings for download quality (which should be the case for most users), you do not need to change anything. The best quality available will still be downloaded by default.
If you don't use default settings, you may need to adjust your recording modes for radio programmes. The hafhigh and hafmed modes will still be accepted, but they likely will have no effect. Recording modes for TV programmes should not need changes.
Added CBeebies Radio to programme indexing
Radio button labels in Web PVR Manager are now clickable (@hintswen)
Fixed a bug that caused get_iplayer to fail with Perl 5.16 (@llewelld)
Fixed a bug that caused PVR searches for Proms programmes to download both TV and radio episodes even if --type=radio was specified.
Add patches to xymon from the xymon code repository to fix compatibility
issues in 4.3.29.
Upstream changelog:
Changes for 4.3.29
==================
Several buffer overflow security issues have been resolved, as well as
a potential XSS attack on certain CGI interfaces. Although the ability
to exploit is limited, all users are urged to upgrade.
The assigned CVE numbers are:
CVE-2019-13451, CVE-2019-13452, CVE-2019-13455, CVE-2019-13473,
CVE-2019-13474, CVE-2019-13484, CVE-2019-13485, CVE-2019-13486
In addition, revisions have been made to a number of places throughout
the code to convert the most common sprintf statements to snprintf for
safer processing, which should reduce the impact of similar parsing.
Additional work on this will continue in the future.
The affected CGIs are:
history.c (overflow of histlogfn) = CVE-2019-13451
reportlog.c (overflow of histlogfn) = CVE-2019-13452
csvinfo.c (overflow of dbfn) = CVE-2019-13273
csvinfo.c (reflected XSS) = CVE-2019-13274
acknowledge.c (overflow of msgline) = CVE-2019-13455
appfeed.c (overflow of errtxt) = CVE-2019-13484
history.c (overflow of selfurl) = CVE-2019-13485
svcstatus.c (overflow of errtxt) = CVE-2019-13486
We would like to thank the University of Cambridge Computer Security
Incident Response Team for their assistance in reporting and helping
resolve these issues.
Additional Changes:
On Linux, a few additional tmpfs volumes are ignored by default
on new (or unmodified) installs. This includes /run/user/<uid>,
which is a transient, per-session tmpfs on some systems. To re-
enable monitoring for this (if you are running services under
a user with a login session), you may need to edit the analysis.cfg(5)
file.
After upgrade, these partitions will no longer be alerted on or
tracked, and their associated RRD files may also be removed:
/run/user/<uid> (but NOT /run)
/dev (but NOT /dev/shm)
/sys/fs/cgroup
/lib/init/rw
The default hard limit for an incoming message has been raised from
10MB to 64MB
The secure apache config snippet no longer requires a xymongroups file
to be present (and module loaded), since it's not used by default. This
will not affect existing installs.
A --no-cpu-listing option has been added to xymond_client to suppress the
'top' output in cpu test status messages.
The conversation used in SMTP checks has been adjusted to perform a proper
"EHLO" greeting against servers, using the host string 'xymonnet'. If the
string needs to be adjusted, however, see protocols.cfg(5)
"Actual" memory usage (as a percentage) may be >100% on some platforms
in certain situations. This alone will not be tagged as "invalid" data
and should be graphed in RRD.
AUTOFIX: Makefile:24: Replacing "${PKGSRC_COMPILER} == \"xlc\"" with "${PKGSRC_COMPILER:Mxlc}".
The PKGSRC_COMPILER can be a list of chained compilers, e.g. "ccache
distcc clang". Therefore, comparing it using == or != leads to wrong
results in these cases.
* Version 2.0.33
- Fixes an issue that caused some valid queries to return `PARSE_ERROR`.
* Version 2.0.32
- On certificate errors, the server name is now logged instead of the
provider name, which is generally more useful.
- IP addresses for DoH servers that require DNS lookups are now cached
for at least 12 hours.
- `ignore_system_dns` is now set to `true` by default.
- A workaround for a bug in Cisco servers has been implemented.
- A corrupted or incomplete resolvers list is now ignored, keeping the
last good known cached list until the next update. In addition, logging was
improved and unit tests were also added. Awesome contribution from William
Elwood, thanks!
- On Windows, the network probe immediately returned instead of blocking
if `netprobe_timeout` was set to `-1`. This has been fixed.
- Expired cached IP addresses now have a grace period, to avoid breaking the
service if they temporarily can't be refreshed.
- On Windows, the service now returns immediately, solving a long-standing
issue when initialization took more than 30 seconds ("The service did not
respond to the start or control request in a timely fashion"). Fantastic
work by Alison Winters, thanks!
- The `SERVER_ERROR` error code has been split into two new error codes:
`NETWORK_ERROR` (self-explanatory) and `SERVFAIL` (a response was returned,
but it includes a `SERVFAIL` error code).
- Responses are now always compressed.
Update bind911 to 9.11.3. It includes fix for CVS-2019-6477.
--- 9.11.13 released ---
5315. [bug] Apply the inital RRSIG expiration spread fixed
to all dynamically created records in the zone
including NSEC3. Also fix the signature clusters
when the server has been offline for prolonged
period of times. [GL #1256]
5314. [func] Added a new statistics variable "tcp-highwater"
that reports the maximum number of simultaneous TCP
clients BIND has handled while running. [GL #1206]
5313. [bug] The default GeoIP2 database location did not match
the ARM. 'named -V' now reports the default
location. [GL #1301]
5310. [bug] TCP failures were affecting EDNS statistics. [GL #1059]
5309. [bug] "geoip-use-ecs yes;" was not working for GeoIP2.
[GL #1275]
5308. [bug] Don't log DNS_R_UNCHANGED from sync_secure_journal()
at ERROR level in receive_secure_serial(). [GL #1288]
5307. [bug] Fix hang when named-compilezone output is sent to pipe.
Thanks to Tony Finch. [GL !2481]
5306. [security] Set a limit on the number of concurrently served
pipelined TCP queries. (CVE-2019-6477) [GL #1264]
5302. [bug] Fix checking that "dnstap-output" is defined when
"dnstap" is specified in a view. [GL #1281]
5301. [bug] Detect partial prefixes / incomplete IPv4 address in
acls. [GL #1143]
Update bind914 to 9.14.8. It includes fix for CVS-2019-6477.
--- 9.14.8 released ---
5315. [bug] Apply the inital RRSIG expiration spread fixed
to all dynamically created records in the zone
including NSEC3. Also fix the signature clusters
when the server has been offline for prolonged
period of times. [GL #1256]
5314. [func] Added a new statistics variable "tcp-highwater"
that reports the maximum number of simultaneous TCP
clients BIND has handled while running. [GL #1206]
5313. [bug] The default GeoIP2 database location did not match
the ARM. 'named -V' now reports the default
location. [GL #1301]
5310. [bug] TCP failures were affecting EDNS statistics. [GL #1059]
5308. [bug] Don't log DNS_R_UNCHANGED from sync_secure_journal()
at ERROR level in receive_secure_serial(). [GL #1288]
5307. [bug] Fix hang when named-compilezone output is sent to pipe.
Thanks to Tony Finch. [GL !2481]
5306. [security] Set a limit on the number of concurrently served
pipelined TCP queries. (CVE-2019-6477) [GL #1264]
5305. [bug] NSEC Aggressive Cache ("synth-from-dnssec") has been
disabled by default because it was found to have
a significant performance impact on the recursive
service. [GL #1265]
5304. [bug] "dnskey-sig-validity 0;" was not being accepted.
[GL #876]
5302. [bug] Fix checking that "dnstap-output" is defined when
"dnstap" is specified in a view. [GL #1281]
5301. [bug] Detect partial prefixes / incomplete IPv4 address in
acls. [GL #1143]
libtrace 4.0.10:
New features
Added new API function (trace_get_errstr()) which will map a given libtrace error number to a printable error message.
Bug fixes
Fixed SIOCGSTAMP undeclared error when building against newer Linux kernels.
Fixed corruption bug when running multiple concurrent etsilive: input processes.
Improvements
Bumped TTL of nDAG multicast group joining messages to 4, so they can be routed outside of the immediate subnet (i.e. through the host when libtrace is run within a container).
libtrace 4.0.9:
Bug fixes
Fixed traceanon build error on systems that did not have libcrypto installed.
Fixed DPDK detection in configure when the DPDK package was installed on either Debian buster and Ubuntu disco.
Updated DPDK code to compile against more recent DPDK releases, such as 18.11.
Fixed segmentation fault when failing to open a DAG device.
Fixed issue where a pcapng packet that does not match any of our known data types ends up having an uninitialised data type.
Fix some compilation errors when using DPDK on FreeBSD (may still be linking problems if you have built DPDK using the ports tree, though).
Fix infinite decoding loop if libpacketdump sees an SCTP option with a length of zero.
libtrace 4.0.8:
New features
traceanon is now capable of anonymising RADIUS traffic within packet traces. The anonymisation will obfuscate the data within AVPs that can be considered 'sensitive', including user names, IP addresses and password hashes. Counter fields such as byte and packet counters are by default untouched, but traceanon can be configured to anonymise those as well if required.
traceanon can now be configured using a YAML configuration file, instead of CLI arguments. This change is due to the increased number of configuration options introduced by the RADIUS anonymisation feature. Instructions on how to write a configuration file can be found on the traceanon manpage, as well as on this wiki page.
Bug fixes
Fixed bug where ndag multicast sockets would bind to all addresses on an interface, rather than just the address of the multicast group.
Fixed segfault that can occur when pausing a trace input that has not been able to create its per packet processing threads for some reason.
libtrace 4.0.7:
New features
Added new API functions for exploring meta-data that is either attached to a specific packet or included in a trace as separate records (e.g. ERF provenance or pcap-ng meta-data). Many meta-data fields have a specific accessor function that can be called directly (e.g. trace_get_interface_fcslen()). You can also use trace_get_section() to get an array containing all meta-data items within a particular section, which will allow you to get access to any fields for which we have not implemented direct access functions.
Added new API functions to instant decoding all of the post-layer 2, pre-layer 3 headers in a packet so you can now easily explore any / all VLAN, MPLS, etc. headers in a packet without having to effectively re-implement trace_get_layer3() in your own code. See trace_get_layer2_headers() for more details.
Added support for both reading and writing TZSP sniffing streams.
Bug fixes
Fixed uninitialised bytes in message structure sent via trace_post_reporter -- thanks to Mark Weiman for fixing this.
Fixed build errors caused by attempting to #include pcap-int.h.
Fixed bug where a corrupt ERF record could cause a libtrace program to become un-haltable.
Fixed bug in error tracking when creating a fanout socket for the ring and int formats.
Fixed potential segfault when halting a libtrace program that was reading from a ring: input.
Fixed uninitialised mutex when copying a packet.
Improvements
Improved parallel performance by skipping some needless per-packet sanity checks.
libtrace 4.0.6:
New features
Added write support for pcapng: format.
Bug fixes
Fixed incorrect counting of input sources when using etsilive: for reading packets.
Fixed bug where trace_event() API was ignoring all received packets.
Fixed bug where tracereplay would segfault.
Fixed packet corruption bug in tracesplit when using the "jump to IP header" mode.
Fixed bug where we could end up trying to close a NULL pcap output.
Fixed build problems when building with dpdk enabled.
Fixed bug that was causing recvmmsg detection to fail at configure time.
Fixed bug where ETSI live sockets created later on are uninitialised.
Fixed memory leak when using BPF filters with ring: inputs.
Fixed a variety of potential crashes and buffer overflows revealed by Perry's fuzzing experiments
Improvements
Replaced numerous internal assertion checks with error return values instead, i.e. instead of a libtrace function assert failing and crashing your program, it will now return an error (or set the error status on the trace) and allow the user to deal with the error however they want.
Similarly, tidied up some of the error messaging to be clearer about what has gone wrong and added a variety of new error types.
Improved ring: read performance when used with the parallel API by reading multiple packets per function call.
Added option to report numbers of dropped and missing packets (cumulative) in tracertstats.
Ported traceends and tracetopends to use the parallel API.
Improvements to ndag packet reading performance.
libtrace 4.0.5:
Bug fixes
Fixed bug where clients would obtain an exclusive lock on an nDAG multicast group.
Fixed bogus payload length calculations on outgoing packets when the IP length field is filled in by the NIC prior to sending.
Fixed bug where any non-negative return value other than zero from a pstart callback would be treated as an error.
Fixed bug where packets that have been invalidated by a call to trace_ppause() are still treated as valid.
Fixed bug where parallel ring: inputs would assert fail when the input is halted.
Reduced likelihood of dropping packets on an ndag: input during initialisation phase.
Fixed build error for DPDK format due to missing header file.
Fix race condition that can occur when two threads attempt to call trace_create() or trace_create_dead() at the same time.
Improvements
Improved etsilive: decoding performance.
Avoid invalidating packets received via ring: following a pause until the trace is restarted.
Added caching for packet framing length.
libtrace 4.0.4:
NOTE: libwandio 4.0.0 is required to build this version of libtrace. Older versions of libwandio will not work.
New Features
Added trace_increment_packet_refcount() and trace_decrement_packet_refcount() functions to the parallel API. These functions can be used to track references to a libtrace packet across multiple threads, so that a shared packet can be released once all threads have finished with it. Packets where the reference count is decremented to zero are automatically released.
Add new built-in data structure: simple circular buffer.
Added new format for receiving and decoding packets encapsulated in the ETSI Lawful Intercept streaming format (requires libwandder).
Added support for decoding ETSI Lawful Intercept records to libpacketdump (requires libwandder).
Add trace_flush_output() API function to force a libtrace output to dump any buffered output to disk. Flushed files may still not be properly readable afterwards, but this will help give the appearance that the output file is growing in situations where the output rate is slow.
Bug Fixes
Fixed bug in ndag: which was causing the stream to be treated as inactive when there are buffered records available.
Fixed build errors caused by pthread_attr_setaffinity_np() being a glibc-only extension -- thanks to Tim Dawson for contributing this patch.
Fixed bug where uninitialised internal message queues were being destroyed -- thanks to EaseTheWorld for reporting this.
Fixed lack of error being returned when a user tries to change the number of perpkt threads on a paused trace.
Fixed problems in tracereplay caused by trying to replay packets with no contents (e.g. meta-data records).
Fix bug where packets received via a ring: interface were being released twice.
Fix rounding error in trace_event_trace() which would cause sleep intervals to be rounded down to zero.
Fix rounding error in pcapng_get_timespec() which would cause all packet timestamps to be truncated to the previous second.
Fix deadlock when calling trace_pstop() on a trace that has already been stopped.
Fix bug where two concurrent ring: inputs would be assigned to the same fanout group, causing the second input to fail to start.
Fixed errors in manpages for tracesplit, traceanon and tracemerge (regarding the correct names for the various compression methods) -- thanks to Hendrik Leppelsack for reporting this problem.
Fixed some uninitialised memory errors when valgrinding a parallel libtrace program.
Fixed potential buffer overruns in pcapng reading code.
Fixed bug that was preventing trace_pstop() from working as intended on pcapint:.
Fixed potential build errors relating to the absence (or not) of strndup(), strncasecmp() and snprintf().
Improvements
Updated DPDK support to be able to compile against DPDK 18.02.1
tracereplay is now able to reduce inter-packet gaps in the replayed stream by a user-specified speedup factor, so the trace can be replayed faster but with the same relative gaps between packets.
libtrace 4.0.3:
New Features
Added new API function: trace_get_perpkt_thread_id(), which allows callers to get the ID number of the packet processing thread that they are currently in.
Message Queue data structure API is now publicly exported.
Toeplitz Hash API is now publicly exported.
Added dpdkndag: capture format, which allows a libtrace program to capture and parse nDAG records that are intercepted on a DPDK-capable interface.
Moved trace_prepare_packet() into the external API.
Bug Fixes
Fixed bug where captures from GRE tunnel interfaces would fail due to unknown ARPHRD type.
Fixed problems when reading ERF provenance records from a DAG or ERF source -- thanks to Anthony Coddington at Endace for resolving this issue.
Fixed bug where nDAG packets could be corrupted if all of the receive buffers are full.
Fixed assertion failure when libwandio fails but does not set errno to a useful value -- thanks to Robert Zeh for patching this bug.
Fixed minor memory leak when a user does not provide a hash function when calling trace_set_hasher().
Fixed missing pthread_spinlock.h error that occurred whenever a user tried to include message_queue.h or ring_buffer.h.
Fixed bug where some key data structures were not initialised when doing DPDK output.
Fixed bug where DPDK memory buffers were too small to hold a full packet, causing payload to be truncated.
Fixed uninitialised write index in format_ndag, which could cause some nDAG captures to appear corrupt.
Improvements
Updated dag: format to use the 64 bit API -- this means that we can support capture on DAG streams that have large amounts of memory attached.
Improved nDAG performance by avoiding unnecessary calls to recvmmsg when there is no data available on the socket.
Improved nDAG performance by caching the byteswapped versions of some frequently accessed fields.
tracertstats will now handle SIGINT and SIGTERM signals cleanly.
libtrace 4.0.2:
New Features
Added ability to read pcapng trace files (and convert them into other formats).
Added input format for receiving and processing packets emitted by an nDAG multicaster.
Bug Fixes
Fixed bug that would cause the IPv6 fragment offset to be calculated incorrectly.
Fixed return value bug with pcap_write_packet().
Fixed bad assertion failure when halting parallel programs with SIGINT.
Fixed compilation issues caused by mismatched BPF presence macros when pcap-bpf.h is missing.
Fixed libpacketdump bug where it was reading past the end of captured IPv6 headers.
Fixed several issues in the libpacketdump parser for SCTP.
Fixed assertion failure in traceanon if the cryptopan key is too short.
Fixed compilation error with traceanon if libssl version >= 1.1.0.
Fix bug where the wrong parallel read function would be used in some specific configurations.
DPDK shared libraries are now correctly detected by the configure script.
libtrace 4.0.1:
New Features
DPDK support has been extended to cover the most recent stable release.
Added ability to parse SIT (IPv6 within IPv4) packets inside SLL.
Added trace_clear_statistics() API function.
Added support for IPv6 in PPP.
Added native support for bidirectional and balanced hashing to DPDK inputs.
Bug Fixes
Fixed bug where ring: and int: parallel inputs would not respond to trace_pstop() on older kernels.
Fixed bug where trace_interrupt() would not trigger on busy inputs (including files).
Fixed bug where DPDK inputs would cause the event API to hang.
Fixed bug where ring: and int: parallel formats could end up repeatedly polling.
Fixed performance issue with tracertstats when used on live formats.
Fixed bug where libtrace's default hasher was always sending packets to the same thread.
Fixed race conditions when using parallel API to read from a file format.
Fixed bug where the ordered combiner would appear to send packets to the reporter thread out of order, due to the packet ordering being based on a non-monotonic clock.
Fixed bug where trace_get_payload_from_gre() would not correctly parse PPTP GRE.
Improvements
Received packet counters are now valid for pcap inputs.
Improved performance by removing mutex from packet reading code.
Don't install extra header files directly into /usr/local/include; these are now installed into a libtrace-specific directory. This should resolve some namespace collision issues with some of our poorly-named header files.
libtrace 4.0.0:
New Features
New licensing -- Libtrace now uses the LGPL v3 rather than GPL v2, so it is now possible for people to link against libtrace without having to make their own code available under the GPL.
All new parallel API, written by Richard Sanger, that makes it easy to split packet processing tasks over multiple threads. If a capture format has support for native parallelism, e.g. DPDK, DAG streams, parallel libtrace will take advantage of these. The parallel API is contained and documented in "libtrace_parallel.h" -- include this header file to access the parallel API.
The previous single-threaded API is still supported, so all of your old libtrace programs should compile and run against libtrace 4 without modification.
Libwandio is no longer built in to libtrace and is now its own separate library. You can download libwandio from http://research.wand.net.nz/software/libwandio.php . Thanks to Alistair King for helping remove libwandio from libtrace.
New API function: trace_strip_packet(), which attempts to remove any VLAN, MPLS or other layer 2.5 headers from a captured packet.
Converted traceanon, tracertstats and tracestats tools to use the new parallel API.
Bug Fixes
Fixed bug where libpacketdump would print ICMP checksums in the wrong place.
Fixed inability to correctly parse ERF records that contained extension headers.
Fixed problem where traceanon wouldn't handle keyboard interrupts nicely.
Fixed memory leak if we fail to guess the format for an input trace (Thanks to Vincenzo Caruso for reporting this bug).
Fixed double free when destroying a DAG input.
Bugs squashed since the beta release:
Fixed bug that prevented multiple ring: or int: parallel inputs from being used on a single host concurrently.
Fixed memory leak when using a heavily filtered RT input.
Fixed bug where the ordered combiner would emit packets out of order.
Fixed bug where thread message queues were not being destroyed when the parent trace was destroyed.
Fixed race condition when modifying BPF headers on FreeBSD 9 systems.
Use default DPDK device driver thresholds instead of our previously hard-coded values.
Fixed potential infinite loop when parsing extended RadioTap headers.
Fixed bad decoding of RadioTap headers with extended presence.
Fixed bug where pausing a pcap: trace file would cause any resumption to return to the start of the file rather than resuming from where it left off.
Fixed segfault when destroying a packet associated with a trace has reached EOF.
Fixed memory management in trace_construct_packet (Thanks to Perry Lorier for submitting code to do this).
Fixed bug where pcap file descriptors were being leaked (Thanks to Tomas Konir for reporting this bug).
Fixed bug where trace_create_packet() would segfault if the system runs out of memory.
Improvements
Added BPF filtering option to traceanon.
Use libcrypto for traceanon IP address encryption rather than our own rijndael implementation. This adds a dependency on libcrypto, but should result in faster encryption operations.
Added a --jump option to tracesplit which can be used to strip any headers preceding the Nth layer 3 header; useful for decapsulating tunnelled IP traffic (Thanks to Perry Lorier for adding this feature).
Pkgsrc changes:
* None.
Upstream changes:
Bug Fixes:
- Fix CVE-2019-18934. A vulnerability might cause shell code execution
with use of the "ipsecmod" feature under specific conditions.
2.2.2:
* Bugfixes
* Catch file not found
* Use pkgutil instead of pkg_resources
* Performance: avoid recomputes, a regex, and a partition
* Misc.
* Update LICENSE from GitHub template
* Fix warning about literal comparison
* Modernize testing
* Use the latest pylint that works in Python 2
* Appease pylint with the new rules
* Support Python 3.8-dev
* Drop support for EOL Python 3.4
v3.3.8:
Fix lint
Move test_hostingde provider in the correct place
v3.3.7:
add RcodeZero (https://www.rcodezero.at) provider
v3.3.6:
Bug fixed: failure if "Forward" Record
v3.3.5:
Updated Link For Constellix API and Added Link for v2 of DNSSimple API
v3.3.4:
Update code
Fix lint
Keep a python 2 compatible pytest version
Disable false positive
reuse _clean_TXT_record , remove uneeded overwrite
lint: Trailing whitespace removed
1.16.1
The first 1.16 bug-fix release (1.16.1) was released on 23 September 2019.
This release only contains bugfixes and it should be safe to update from 1.16.0.
Highlighted bugfixes in 1.16.1
GStreamer-vaapi: fix green frames and decoding artefacts in some cases
OpenGL: fix wayland event source burning CPU in certain circumstances
Memory leak fixes and memory footprint improvements
Performance improvements
Stability and security fixes
Fix enum for GST_MESSAGE_DEVICE_CHANGED which is technically an API break, but this is only used internally in GStreamer and duplicated another message enum
hls: Make crypto dependency optional when hls-crypto is auto
player: fix switching back and forth between forward and reverse playback
decklinkaudiosink: Drop late buffers
openh264enc: Fix compilation with openh264 v2.0
wasapisrc: fix segtotal value being always 2
android: Fix gnutls issue causing a FORTIFY crash on Android Q
windows: Fix two crashes due to cross-CRT free when using MSVC
gstreamer core
device: gst_device_create_element() is transfer floating, not transfer full
filesink, fdsink: respect IOV_MAX for the writev iovec array (Solaris)
miniobject: free qdata array when the last qdata is removed (reduces memory footprint)
bin: Fix minor race when adding to a bin
aggregator: Actually handle NEED_DATA return from update_src_caps()
aggregator: Ensure that the source pad is created as a GstAggregatorPad if no type is given in the pad template
latency: fix custom event leaks
registry: Use plugin directory from the build system for relocateable Windows builds
message: fix up enum value for GST_MESSAGE_DEVICE_CHANGED
info: Fix deadlock in gst_ring_buffer_logger_log()
downloadbuffer: Check for flush after seek
identity: Non-live upstream have no max latency
identity: Fix the ts-offset property getter
aggregator: Make parsing of explicit sink pad names more robust
bufferpool: Fix the buffer size reset code
fakesink, fakesrc, identity: sync gst_buffer_get_flags_string() with new flags
multiqueue: never unref queries we do not own
concat: Reset last_stop on FLUSH_STOP too
aggregator: fix flow-return boolean return type mismatch
gstpad: Handle probes that reset the data field
gst: Add support for g_autoptr(GstPromise)
gst-inspect: fix unused-const-variable error in windows
base: Include gstbitwriter.h in the single-include header
Add various Since: 1.16 markers
GST_MESSAGE_DEVICE_CHANGED duplicates GST_MESSAGE_REDIRECT
Targetting wrong meson version
meson: Make get_flex_version.py script executable
meson: Link to objects instead of static helper library
meson: set correct install path for gdb helper
meson: fix warning about configure_file() install kwarg
gst-plugins-base
video-info: parse field-order for all interleaved formats
tests: fix up valgrind suppressions for glibc getaddrinfo leaks
meson: Reenable NEON support (in audio resampler)
audio-resampler: Update NEON to handle remainders not multiples of 4
eglimage: Fix memory leak
audiodecoder: Set output caps with negotiated caps to avoid critical info printed
video-frame: Take TFF flag from the video info if it was set in there
glcolorconvert: Fix external-oes shader
video-anc: Fix ADF detection when trying to extract data from vanc
gl/wayland: fix wayland event source burning CPU
configure: add used attribute in order to make NEON detection working with -flto.
audioaggregator: Return a valid rate range from caps query if downstream supports a whole range
rtspconnection: data-offset increase not set
rtpsconnection: Fix number of n_vectors
video-color: Add compile-time assert for ColorimetryInfo enum
audiodecoder: Fix leak on failed audio gaps
glupload: Keep track of cached EGLImage texture format
playsink: Set ts-offset to text sink.
meson.build: use join_paths() on prefix
compositor: copy frames as-is when possible
compositor: Skip background when a pad obscures it completely
rtspconnection: Start CSeq at 1 (some servers don't cope well with seqnum 0)
viv-fb: fix build break for GST_GL_API
gl/tests: fix shader creation tests part 2
gl/tests: fix shader creation tests
wayland: set the event queue also for the xdg_wm_base object
video: Added GI annotation for gstvideoaffinetransformationmeta apply_matrix
compositor: Remove unneeded left shift for ARGB/AYUV SOURCE operator
Colorimetry fixes
alsasrc: Don't use driver timestamp if it's zero
gloverlaycompositor: fix crash if buffer doesn't have video meta
meson: Don't try to find gio-unix on Windows
glshader: fix default external-oes shaders
subparse: fix pushing WebVTT cue with no newline at the end
meson: Missing "android" choice in gl_winsys
video test: Keep BE test inline with LE test
id3tag: Correctly validate the year from v1 tags before passing to GstDateTime
gl/wayland: Don't prefix wl_shell struct field
eglimage: Add compatibility define for DRM_FORMAT_NV24
Add various Since: 1.16 markers
video-anc: Handle SD formats correctly
Docs: add GL_CFLAGS to GTK_DOC_CFLAGS
GL: using vaapi and showing on glimagesink on wayland loads one core for 100% on 1.16
GL: external-oes shader places precision qualifier before #extension (was: androidmedia amcviddec fail after 1.15.90 1.16.0 update)
gst-plugins-good
alpha: Fix one_over_kc calculation on arm/aarch64
souphttpsrc: Fix incompatible type build warning
rtpjitterbuffer: limit max-dropout-time to maxint32
rtpjitterbuffer: Clear clock master before unreffing
qtdemux: Use empty-array safe way to cleanup GPtrArray
v4l2: Fix type compatibility issue with glibc 2.30
valgrind: suppress Cond error coming from gnutls and Ignore leaks caused by shout/sethostent
rtpfunnel: forward correct segment when switching pad
gtkglsink: fix crash when widget is resized after element destruction
jpegdec: Don't dereference NULL input state if we have no caps in TIME segments
rtp: opuspay: fix memory leak in gst_rtp_opus_pay_setcaps
v4l2videodec: return right type for drain.
rtpssrcdemux: Avoid taking streamlock out-of-band
Support v4l2src buffer orphaning
splitmuxsink: Only set running time on finalizing sink element when in async-finalize mode
rtpsession: Always keep at least one NACK on early RTCP
rtspsrc: do not try to send EOS with invalid seqnum
rtpsession: Call on-new-ssrc earlier
rtprawdepay: Don't get rid of the buffer pool on FLUSH_STOP
rtpbin: Free storage when freeing session
scaletempo: Advertise interleaved layout in caps templates
Support v4l2src buffer orphaning
gst-plugins-bad
hls: Make crypto dependency optional when hls-crypto is auto
player: fix switching back and forth between forward and reverse playback
decklinkaudiosink: Drop late buffers
srt: Add stats property, include sender-side statistics and fix a crash
dshowsrcwrapper: fix regression on device selection
tsdemux: Limit the maximum PES payload size
wayland: Define libdrm_dep in meson.build to fix meson configure error when kms is disabled
sctp: Fix crash on free() when using the MSVC binaries
webrtc: Fix signals documentation
h264parse: don't critical on VUI parameters > 2^31
rtmp: Fix crash inside free() with MSVC on Windows
iqa: fix leak of map_meta.data
d3dvideosink: Fix crash on WinProc handler
amc: Fix crash when a sync_meta survives its sink
pitch: Fix race between putSamples() and setting soundtouch parameters
webrtc: fix type of max-retransmits, make it work
mxfdemux: Also allow picture essence element type 0x05 for VC-3
wasapi: fix symbol redefinition build error
decklinkvideosrc: Retrieve mode of the ancillary data from the frame
decklinkaudiosrc/decklinkvideosrc: Do nothing in BaseSrc::negotiate() and...
adaptivedemux: do not retry downloads during shutdown.
webrtcbin: fix GInetAddress leak
dtls: fix dtls connection object leak
siren: fix a global buffer overflow spotted by asan
kmssink: Fix implicit declaration build error
Fix -Werror=return-type error in configure.
aiff: Fix infinite loop in header parsing.
nvdec: Fix possible frame drop on EOS
srtserversrc: yields malformed rtp payloads
srtsink: Fix crash in case no URI
dtlsagent: Fix leaked dtlscertificate
meson: bluez: Early terminate configure on Windows
decklink: Correctly ensure >=16 byte alignment for the buffers we allocate
webrtcbin: fix DTLS when receivebin is set to DROP
zbar: Include running-time, stream-time and duration in the messages
uvch264src: Make sure we set our segment
avwait: Allow start and end timecode to be set back to NULL
avwait: Don't print warnings for every buffer passed
hls/meson: fix dependency logic
Waylandsink gnome shell workaround
avwait: Allow setting start timecode after end timecode; protect propeties with mutex
wayland/wlbuffer: just return if used_by_compositor is true when attach
proxy: Set SOURCE flag on the source and SINK flag on the sink
ivfparse: Check the data size against IVF_FRAME_HEADER_SIZE
webrtc: Add various Since markers to new types after 1.14.0
msdk: fix the typo in debug category
dtlsagent: Do not overwrite openssl locking callbacks
meson: Fix typo in gsm header file name
srt: handle races in state change
webrtc: Add g_autoptr() support for public types
openh264enc: Fix compilation with openh264 v2.0
meson: Allow CUDA_PATH fallback on linux
meson: fix build with opencv=enabled and opencv4. Fixes#964
meson: Add support for the colormanagement plugin
autotools: gstsctp: set LDFLAGS
nvenc/nvdec: Add NVIDIA SDK headers to noinst_HEADERS
h264parse: Fix typo when setting multiview mode and flags
Add various Since: 1.16 markers
opencv: allow compilation against 4.1.x
Backport of some minor srt commits without MR into 1.16
meson: fix build with opencv=enabled and opencv4
wasapisrc: fix segtotal value being always 2 due to an unused variable
meson: colormanagement missing
androidmedia amcviddec fail after 1.15.90 1.16.0 update
gst-plugins-ugly
meson: Always require the gmodule dependency
gst-libav
docs: don't include the type hierarchy, fixing build with gtk-doc 1.30
avvidenc: Correctly signal interlaced input to ffmpeg when the input caps are interlaced
autotools: add bcrypt to win32 libs
gstav: Use libavcodec util function for version check
API documentation fails to build with gtk-doc 1.30
gst-rtsp-server
rtsp-client: RTP Info must exist in PLAY response
onvif-media: fix "void function returning a value" compiler warning
Add various Since: 1.16 markers
gstreamer-vaapi
fix egl context leak and display creation race
pluginutil: Remove Mesa from drivers white list
Classify vaapidecodebin as a hardware decoder
Fix two leak
vaapivideomemory: demote error message to info
encoder: vp8,vp9: reset frame_counter when input frame's format changes
encoder: mpeg2: No packed header for SPS and PPS
decoder: vp9: clear parser pointer after release
encoder: Fixes deadlock in change state function
encoder: h265: reset num_ref_idx_l1_active_minus1 when low delay B.
encoder: not call ensure_num_slices inside g_assert()
encoder: continue if roi meta is NULL
decoder: vp9: Set chroma_ ype by VP9 bit_depth
vaapipostproc: don't do any color conversion when GL_TEXTURE_UPLOAD
libs: surface: fix double free when dmabuf export fails
h264 colors and artifacts upon upgrade to GStreamer Core Library version 1.15.90
gst-editing-services
element: Properly handle the fact that pasting can return NULL
Add various missing Since markers
launch: Fix caps restriction short names
python: Avoid warning about using deprecated methods
video-transition: When using non crossfade effect use 'over' operations
meson: Generate a pkgconfig file for the GES plugin
gst-devtools
launcher: testsuites: skip systemclock stress tests
validate: fix build on macOS
gst-build
Update win flex bison binaries
Update the flexmeson windows binary version
Don't allow people to run meson inside the uninstalled env
Contributors to 1.16.1
Aaron Boxer, Adam Duskett, Alicia Boya García, Andoni Morales Alastruey, Antonio Ospite, Arun Raghavan, Askar Safin, A. Wilcox, Charlie Turner, Christoph Reiter, Damian Hobson-Garcia, Daniel Klamt, Danny Smith, David Gunzinger, David Ing, David Svensson Fors, Doug Nazar, Edward Hervey, Eike Hein, Fabrice Bellet, Fernando Herrrera, Georg Lippitsch, Göran Jönsson, Guillaume Desmottes, Haihao Xiang, Haihua Hu, Håvard Graff, Hou Qi, Ignacio Casal Quinteiro, Ilya Smelykh, Jan Schmidt, Javier Celaya, Jim Mason, Jonas Larsson, Jordan Petridis, Jose Antonio Santos Cadenas, Juan Navarro, Knut Andre Tidemann, Kristofer Björkström, Lucas Stach, Marco Felsch, Marcos Kintschner, Mark Nauwelaerts, Martin Liska, Martin Theriault, Mathieu Duponchelle, Matthew Waters, Michael Olbrich, Mike Gorse, Nicola Murino, Nicolas Dufresne, Niels De Graef, Niklas Hambüchen, Nirbheek Chauhan, Olivier Crête, Philippe Normand, Ross Burton, Sebastian Dröge, Seungha Yang, Song Bing, Thiago Santos, Thibault Saunier, Thomas Coldrick, Tim-Philipp Müller, Víctor Manuel Jáquez Leal, Vivia Nikolaidou, Xavier Claessens, Yeongjin Jeong,
... and many others who have contributed bug reports, translations, sent suggestions or helped testing. Thank you all!
List of merge requests and issues fixed in 1.16.1
List of Merge Requests applied in 1.16
List of Issues fixed in 1.16.1
Known Issues
possibly breaking/incompatible changes to properties of wrapped FFmpeg decoders and encoders (see above).
The way that GIO modules are named has changed due to upstream GLib natively adding support for loading static GIO modules. This means that any GStreamer application using gnutls for SSL/TLS on the Android or iOS platforms (or any other setup using static libraries) will fail to link looking for the g_io_module_gnutls_load_static() function. The new function name is now g_io_gnutls_load(gpointer data). See Android/iOS sections above for further details.
2.62.1 - October 4, 2019
========================
- Fix two memory leaks (!71, !72, Claudio Saavedra)
2.62.0 - September 7, 2019
==========================
- Revert broken queued data fix for #15
2.61.92 - September 2, 2019
===========================
- Discard queued data after interrupted writes (#15)
- Verify socket timeouts are respected (#18)
- Fix a couple broken error messages
2.61.90 - August 5, 2019
========================
- Fix translations of certain error messages
2.61.2 - July 22, 2019
======================
- Improve certain handshake error messages (#13)
- Fix regressions introduced in 2.61.1 (#91, #92)
2.61.1 - June 9, 2019
=====================
This release contains a major refactoring of the TLS codebase. The GnuTLS
backend now shares the same base classes as the OpenSSL backend, to avoid
duplicating as much code as possible. The base classes, previously used only by
the OpenSSL backend and originally forked from glib-networking several years
ago, have been enhanced to achieve feature-parity with the current state of the
GnuTLS backend.
Please note that the OpenSSL backend remains experimental. Further planned work
is required before this backend will be production-ready.
2.6
Package refresh.
2.5
Fix race condition in ``occupied`` and ``free``.
2.4
``find_available_local_port`` now relies on
``socket.getaddrinfo`` to find a suitable address
family.
4.6.6
- Revert _lookup_direct and related changes of redis.
- Python 3.8 support
- Fix 'NoneType' object has no attribute 'can_read' bug of redis transport
- Fix redis transport socket timeout
- Add wait timeout settings to receive queue message
- Bump py-amqp to 2.5.2
4.6.5
- Revert _lookup api and correct redis implemetnation.
- Major overhaul of redis test cases by adding more full featured fakeredis module.
- Add more test cases to boost coverage of kombu redis transport.
- Refactor the producer consumer test cases to be based on original mocks and be passing
- Fix lingering line length issue in test.
- Sanitise url when include_password is false
- Pinned pycurl to 7.43.0.2 as it is the latest build with wheels provided
- Bump py-amqp to 2.5.2
2.5.2
- Ignore all methods except Close and Close-OK when channel/connection is closing
- Fix faulty ssl sni intiation parameters
- Undeprecate auto_delete flag for exchanges.
- Improved tests and testing environments
New in 1.0.18:
* Support Fix memleak for auth_fn
* Support readinto
New in 1.0.17:
* Support buffer protocol
* exceptions: use a shared superclass
* setup: autodetect required library dirs
Bugfixes
5993: Build information missing in discovery and relay server binaries
5995: Usage-reported transfer stats are meaningless
6008: Changed file in receive-only folder cannot be ignored
6040: Shows authentication warning when listening on UNIX socket
6049: Hostnames resolving to localhost are not considered 'local' in remote access warning
Enhancements
5583: White tab in black Interface ?
5627: Stalled scans need better UI representation
Other issues
6010: STUN server stun.voxgratia.org should be removed
* hooks: STOPPED is now run on timeout and exit
* musl: Fix build
* Linux: Validate RTM_NEWADDR/RTM_DELADDR messages
* BSD: Use IP_REVCIF rather than IN_PKTINFO
* build: address sanitisation is enabled for debug builds
* build: Improve detection of dlsym requirements
* DHCP: When rebinding, ensure we have a DHCP ARP state
* RA: Sort routers when reachability changes
* RA: Apply hoplimit, reachable and retrans timer values to kernel
* RA: Warn if advertised MTU > interface MTU
* OpenBSD: Fix carrier detection for OpenBSD-6.6
* dhcpcd: Report SSID connection to when we gain carrier
* DHCP: Fix corruption of address flags when renewing
