Bug Fixes
Three security vulnerabilities have been fixed since the previous
release (fixed in pkgsrc via patches):
- The IRC dissector could go into an infinite loop.
- iDefense found a buffer overflow in the OSPF dissector.
and
- The GTP dissector could go into an infinite loop.
New and Updated Features
The following features are new (or have been significantly updated)
since the last release:
- The Windows installer now ships with GTK+ 2.6 instead of GTK+ 2.4.
This should fix several long-standing bugs.
- If you're loading a saved capture file and press "Cancel", Ethereal
will now display the packets read up to that point. In previous
versions, Ethereal would abort the attempt completely and clear the
packet list. This means that if you're loding a huge capture file,
you can stop loading in the middle and still be able to analyze part
of the file.
- The maximum number of files allowed in a ring buffer has been increased
from 1024 to 10,000.
- OID to name resolution has been improved.
- TCP graphs now handle upper and lower bounds better.
New Protocol Support
3Com Netjack200, CDT, CIGI, DAP, DISP, DOP, DSP, FTBP, MS NLB, NBAP, NCP
SSS, NCS, NHRP, P_Mul, RNSAP, SMB2, STANAG 5066, TIPC, UDP-Lite, X.501
Updated Protocol Support
ACSE, AIM, ALCAP, AMR, ANSI MAP, BER, BitTorrent, BOOTP, CAMEL, CMP,
CMS, COPS, CRMF, DCCP, DCERPC (DCERPC, DSSETUP, INITSHUTDOWN, NT,
WINREG), DEC DNA RT, DNP, DTP, eDonkey, ENIP, ESS, Etheric, FC-DNS,
FC-FZS, FMIPv6, GRE, GSM A, GSM MAP, GTP, H.225, H.235, H.245, H.248,
H.263, H.450, IAPP, IEEE 802.11, INAP, IP, IPv6, IRC, ISIS LSP, ISUP,
IUUP, Juniper, LLDP, M3UA, MIP, MIPv6, Modbus/TCP, MTP3, NCP, NDPS, NDS,
NEMO, NMAS, NTLMSSP, OSPF, PER, PN-DCP, PPP CHAP, PPPoE, PVFS2, Q.931,
RADIUS, RANAP, RDT, RLOGIN, RMT, ROS, RTCP, RTP, RTSE, S4406, SCCP,
SCTP, SES, SIP, SMB, SNDCP, SRVLOC, STUN, T.38, UMA, WINS Replication,
X.411, X.420, X.509
New and Updated Capture File Support
DOS Sniffer, Endace ERF, HP-UX nettl, IBM iSeries traces, Tektronix K12
"Remote exploitation of an input validation vulnerability in the OSPF
protocol dissectors within Ethereal, as included in various vendors
operating system distributions, could allow attackers to crash the
vulnerable process or potentially execute arbitrary code."
http://www.idefense.com/application/poi/display?id=349&type=vulnerabilities
Patch from the Ethereal SVN repository.
This fixes a number of memory leaks, crashes and buffer overflows
in protocol dissectors, see
http://www.ethereal.com/appnotes/enpa-sa-00021.html
for details.
other changes:
-nanosecond timestamp resolution possible
-memory managment has been greatly improved
-can now save gzip-compressed capture files
file's sole purpose was to provide a dependency on pkg-config and set
some environment variables. Instead, turn pkg-config into a "tool"
in the tools framework, where the pkg-config wrapper automatically
adds PKG_CONFIG_LIBDIR to the environment before invoking the real
pkg-config.
For all package Makefiles that included pkg-config/buildlink3.mk, remove
that inclusion and replace it with USE_TOOLS+=pkg-config.
This fixes many security problems in protocol dissectors.
other changes:
-RADIUS dictionaries are now included.
-A lot of documentation was updated
-Some command line parameters have changed
-A "File/File Set" submenu was added to better handle multiple files
-Flow graphs can now be created for any protocol.
-Memory management has been greatly improved.
-JXTA has been added to the conversations menu.
-When compiled with MIT/Heimdal Kerberos AND if keytab files are provided
-TCP Sequence graphs should now work for all captures and all encapsulation types
-new and updated protocol support
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
Several changes are involved since they are all interrelated. These
changes affect about 1000 files.
The first major change is rewriting bsd.builtin.mk as well as all of
the builtin.mk files to follow the new example in bsd.builtin.mk.
The loop to include all of the builtin.mk files needed by the package
is moved from bsd.builtin.mk and into bsd.buildlink3.mk. bsd.builtin.mk
is now included by each of the individual builtin.mk files and provides
some common logic for all of the builtin.mk files. Currently, this
includes the computation for whether the native or pkgsrc version of
the package is preferred. This causes USE_BUILTIN.* to be correctly
set when one builtin.mk file includes another.
The second major change is teach the builtin.mk files to consider
files under ${LOCALBASE} to be from pkgsrc-controlled packages. Most
of the builtin.mk files test for the presence of built-in software by
checking for the existence of certain files, e.g. <pthread.h>, and we
now assume that if that file is under ${LOCALBASE}, then it must be
from pkgsrc. This modification is a nod toward LOCALBASE=/usr. The
exceptions to this new check are the X11 distribution packages, which
are handled specially as noted below.
The third major change is providing builtin.mk and version.mk files
for each of the X11 distribution packages in pkgsrc. The builtin.mk
file can detect whether the native X11 distribution is the same as
the one provided by pkgsrc, and the version.mk file computes the
version of the X11 distribution package, whether it's built-in or not.
The fourth major change is that the buildlink3.mk files for X11 packages
that install parts which are part of X11 distribution packages, e.g.
Xpm, Xcursor, etc., now use imake to query the X11 distribution for
whether the software is already provided by the X11 distribution.
This is more accurate than grepping for a symbol name in the imake
config files. Using imake required sprinkling various builtin-imake.mk
helper files into pkgsrc directories. These files are used as input
to imake since imake can't use stdin for that purpose.
The fifth major change is in how packages note that they use X11.
Instead of setting USE_X11, package Makefiles should now include
x11.buildlink3.mk instead. This causes the X11 package buildlink3
and builtin logic to be executed at the correct place for buildlink3.mk
and builtin.mk files that previously set USE_X11, and fixes packages
that relied on buildlink3.mk files to implicitly note that X11 is
needed. Package buildlink3.mk should also include x11.buildlink3.mk
when linking against the package libraries requires also linking
against the X11 libraries. Where it was obvious, redundant inclusions
of x11.buildlink3.mk have been removed.
- Fixed multitude of security issues found by an aggressive testing program
- Many user interface improvements have been made:
- The toolbar has been updated.
- Packet detail tree items can be expanded and collapsed with the right
and left arrow keys.
- The status bar display has been improved.
- Live captures can now be restarted from the toolbar.
- More improvements have been made to the ring buffer feature.
- Display filters are now faster.
- The capture engine has received major updates.
- New protocol support:
9P, Aruba ADP, Camel, DRSUAPI, DUA, HPSW, Monotone Netsync, nettl,
UMA, VNC (RFB),
- Updated protocol support:
ACSE, AgentX, AIM, AMR, ANSI A, ASN.1 BER/PER, ATM, ATSVC, BACapp,
BOOTP/DHCP, CDP, CMIP, CMP, CMS, CRMF, DCERPC, DHCPFO, DIAMETER, DICOM,
DISTCC, DLSw, EFS, EIGRP, EPM, ESIS, ESS, ETHERIC, Ethernet, FC, FCELS,
FCP, FTAM, G.723, GIOP, GRE, GSM, GSS-API, GTP, H.225, H.245, H.263,
HTTP, IAX2, ICEP, IEEE 802.11, IEEE 802.3 Slow protocols, INAP, IP,
IPsec, ISAKMP, iSCSI, ISIS, ISL, ISMP, ISUP, JXTA, Kerberos, KINK,
Kpasswd, L2TP, LDAP, LMP, M3UA, MANOLITO, MEGACO, MGCP, MIP6, MMSE,
MQ, MRDISC, MTP2, NCP, NDMP, NDPS, NFS, NLM, OCSP, OSI options, PIM,
PKIX1Explitit, PKIX Qualified, PKTC, Portmap, PPP, PRES, PROFINET DCP,
Q.2931, Q.931, Q.933, RADIUS, RDM, RPC, RSVP, RTP, RTSP, RX, SCCP, SCSI,
SCTP, SDP, sFlow, SIP, SKINNY, SM, SMB (SMB, PIPE, LOGON, Mailslot),
SNA, SPNEGO, SRVLOC, SUA, TCAP, TCP, Telnet, TFTP, TZSP, Vines, WSP,
X11, X.509, XML,
- New and updated capture file support:
5Views, HP nettl
This release fixes three security and stability-related issues:
- Matevz Pustisek discovered a buffer overflow in the Etheric dissector.
(CAN-2005-0704)
- The GPRS-LLC dissector could crash if the "ignore cipher bit" option was
enabled. (CAN-2005-0705)
- Diego Giago discovered a buffer overflow in the 3GPP2 A11 dissector. This
flaw was later reported by Leon Juranic. (CAN-2005-0699)
- Leon Juranic discovered a buffer overflow in the IAPP dissector.
- A bug in the JXTA dissector could make Ethereal crash.
- A bug in the sFlow dissector could make Ethereal crash.
Everyone is encouraged to upgrade.
New and updated features:
=========================
- Tree view item context menus now let you browse to the display filter
reference and wiki pages for a particular protocol.
- Online help has been expanded.
- VoIP call analysis (including nifty connection diagrams) has been added.
- GSS-API decryption has been greatly enhanced.
New protocol support:
=====================
AgentX, BUDB, DTP, G.723, IDP, INAP, KINK, Realplayer Data Protocol, Retix
Spanning Tree Protocol, RTCP-XR, XML, XNS, SPP
Updated protocol support:
=========================
3GPP2 A11, ACSE, AMR, ATM, BER, BSSGP, BUTC, CDP, CLNP, CoSine L2, DAAP,
DCE/RPC, DCOM, DIAMETER, DNP, DNS, Etheric, FCP, FW-1, Gnutella, GPRS, GSM A,
GSM MAP, H.225, H.245, H.248, H.450, HTTP, IAX2, ICQ, IEEE 802.11, IEEE 802.3
Slow Protocols, IP, iSCSI, ISUP, Juniper, JXTA, Kerberos, L2TP, LDAP, MIP,
MPLS, NDMP, NSIP, NTP, OSPF, OXID, PostgreSQL, RADIUS, RDT, Redback, RMCP,
RTP, RTSP, SCSI, SCTP, SDP, SPNEGO, SSL, STUN, TCAP, TCP, TZSP
New and updated capture file support:
=====================================
DBS Etherwatch, Lucent/Ascend, Nettl, Tcpdump (Redback)
This release fixes the following security-related issues:
- The COPS dissector could go into an infinite loop. (CAN-2005-0006)
- The DLSw dissector could cause an assertion, making Ethereal exit
prematurely. (CAN-2005-0007)
- The DNP dissector could cause memory corruption. (CAN-2005-0008)
- The Gnutella dissector could cause an assertion, making Ethereal exit
prematurely. (CAN-2005-0009)
- The MMSE dissector could free static memory. (CAN-2005-0010)
- The X11 protocol dissector is vulnerable to a string buffer overflow.
(CAN-2005-0084)
- Please see the application advisory for more information
Everyone is encouraged to upgrade.
New and updated features:
=========================
- Ethereal will now detect and flag weak 802.11 WEP IVs.
- Windows Sniffer timestamp handling has been greatly improved.
- A bug which made Ethereal crash at startup on Windows 98 and Windows ME
systems has been fixed.
- Ethereal and Tethereal now support a personal "hosts" file.
- Invalid field length handling has been greatly improved.
- The capture progress window title now shows the interface name.
New protocol support:
=====================
- ALC, AMR, CRMF, JXTA, NORM, PKIXCMP, PROFINET CBA
Updated protocol support:
=========================
- AIM, ARP, BGP, BOOTP/DHCP, COPS, DAAP, DCERPC EPM, DCERPC, DCOM, DHCPv6,
DLSw, DNP, DNS, EAPOL, eDonkey, FC-dNS, FC-FCS, FC-SWILS, FCIP, FCSB3, FIX,
GIOP, Gnutella, GSM A, GSM SMS, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11,
IEEE 802a, image/GIF, image/JFIF, Kerberos, L2TP, LDAP, LLC, LMP, MGCP,
MIME Multipart, MMSE, MPLS, MTP2, NBNS, NDMP, NMAS, NSIP, OLSR, PER, pflog,
PGM, PostgreSQL, PPP, PRES, Q.931, RADIUS, RTCP, RTP, SDP, SEBEK, SIGCOMP,
SIP, SLSK, SMB, SMPP, SRVLOC, SSL/TLS, T.38, TACACS, TCAP, TCP, X11
New and updated capture file support:
=====================================
- Windows Sniffer
This release fixes the following security-related issues:
- Matthew Bing discovered a bug in DICOM dissection that could make
Ethereal crash. (CAN-2004-1139)
- An invalid RTP timestamp could make Ethereal hang and create a large
temporary file, possibly filling available disk space. (CAN-2004-1140)
- The HTTP dissector could access previously-freed memory, causing a
crash. (CAN-2004-1141)
- Brian Caswell discovered that an improperly formatted SMB packet could
make Ethereal hang, maximizing CPU utilization. (CAN-2004-1142)
Please see the following advisory for more information:
http://www.ethereal.com/appnotes/enpa-sa-00016.html
Everyone is encouraged to upgrade.
Changes:
========
New and updated features
- Ethereal now has a packet history, similar to most web browsers.
- Ethereal now supports custom window titles.
- Minor performance enhancements have been added.
- RTP analysis has been enhanced.
- Host name resolution has been improved.
- Ethereal can now track TCP PDU times. See
http://wiki.ethereal.com/TcpPduTime for more details.
- Ethereal now ships with netscreen2dump.py, a utility which converts
netscreen packet-trace hex dumps to hex dumps that can be read by
text2pcap.
New protocol support
- AoE (ATA over Ethernet), Bittorrent, CMIP, GPRS Mobility Management
and Session Management, GSM MAP, Extended Security Services, Logotype
Certificate Extensions, MAP Dialogue, Network Service Over IP, Online
Certificate Status Protocol, PKIX Certificate, PKIX Qualified, PROFINET
DCP, IO, Real-Time, Short Message Relaying Service, SSCF-NNI,
Updated protocol support
- 3GPP2 A11, ACSE, AIM, AODV, ASN.1 BER, ASN.1 PER, BOOTP, BSSGP, BVLC,
CMS, COPS, DCERPC, DCERPC ISystemActivator, DICOM, DHCPv6, DNS, eDonkey,
ENTTEC, Etheric, Frame Relay, FTAM, FW1, GIOP, GPRS LLC, GRE, GSM A,
GSM SMS, H.225, H.245, H.450, HTTP, IPAddress, IPDC, IPMI, IPsec,
ISAKMP, ISUP, JFIF, Kerberos, MQ, MTP3, NMAS, OPSI, PKIX1EXPLICIT,
PKIX1IMPLICIT, PKIXProxy, PPP, PRES, Radiotap, RADIUS, ONC RPC, RTnet,
RTP, SAP, SDP, SIGCOMP, SIGCOMP UDVM, SIP, SMB, SNMP, SONMP, SSCOP,
SSL, Symantec Firewall, T.38, TCP, TDS, TSP, UDP, WSP, WTP, X.25,
X.509af, X.509ce, X.509if, X.509sat,
New and updated capture file support
- pppdump
- Add pcre support
- ok'ed frueauf@
From the website:
In order to avoid a naming conflict with the tcpreplay project, the "capinfo"
utility has been renamed to "capinfos".
New and updated features
Search wrapping is now a configurable option.
A lot of material has been added to the Developer's Guide. The User's Guide
has been updated as well.
The "Decode As..." dialog now supports DCERPC and SCTP.
The "Help" menu now includes a link to the wiki.
H.323 call analysis is now supported.
New protocol support
Cisco PAgP, DAAP, Etheric, Ethernet Configuration Testing Protocol, Ethernet
MAC Control Frame, ICE, Kerberos v4, Netscape certificate extensions, PKINIT,
PKIX1EXPLICIT, PKIX1IMPLICIT,
Updated protocol support
AIM, ARTNET, ASN.1 BER, ASN.1 PER, ASN.1, BGP, BOOTP, CIP, CLNP, COPS, DCERPC
MAPI, DCERPC SAMR, DCERPC, DCOM, DHCP, DHCPv6, DIAMETER, DNS, EAP, ENIP, EPM,
GRE, GSM A, GSM MAP, H.225, H.245, H.248 MEGACO, H.450, ISAKMP, iSCSI, iSNS,
ISUP, JFIF, Kerberos, LDAP, LDP, LLC, LWAPP, M2PA, MEGACO, MPLS, NCP 2222, NCP,
NDMP, NetFlow, NTLMSSP, OSCAR-ICQ, OSPF, RADIUS, RSVP, RTCP, RTP, RTSP, SCTP,
SDP, SES, SIP, Skinny, SMB, SNMP, SUA, T.38, TALI, TCAP, TCP, TDS, Teredo,
Time, X.509, X11,
New and updated capture file support
HP-UX nettl, NG Sniffer
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
== May 13, 2004
Ethereal 0.10.4 has been released.
This release fixes bugs in AIM, MMSE, SIP, and SPNEGO, as described in
the following advisory:
http://www.ethereal.com/appnotes/enpa-sa-00014.html
Everyone is encouraged to upgrade.
New and updated features
When built with GTK+ 2.4, Ethereal uses the new, greatly improved, file
selection dialog.
Export dialogs for Plain text, PostScript(R), PDML and PSML have been added.
PostScript(R) output has been improved.
The screen layout of the main window can be changed by Preferences now.
Many other parts of the user interface have received improvements.
Compressed and chunked transfer-coded HTTP bodies are now decoded.
A new generic media dissector more cleanly handles HTTP and WSP
Content-Type information.
New protocol support
ANSI IS-801, BEA Tuxedo, DCERPC EFS, DICOM, GPRS LLC, GPRS SNDCP,
IEEE 1588/PTP, PVSTP, MPLS Echo, RTPS
some packet dissectors, you're strongly advised to update.
Changes from 0.10.0:
=> New and updated features
(in 0.10.3)
o Display filters now support the bitwise and (&) operator.
o Protocol hierarchy statistics now have bandwidth columns.
o The capture dialog has a new layout.
(in 0.10.2)
o The user interface has received further updates. The Statistics
menu layout has been improved, as well as the capture options dialog
layout.
(in 0.10.1)
o Several updates were made to Ethereal's user interface. The "File"
menu now has a "most recently used" list. The help menu was greatly
expanded.
o The "matches" operator now handles more data types. For example,
you can now use
smtp matches joespammer@example.com
as a display filter.
o I/O statistics now support 1ms resolution.
=> Bugs fixed
(in 0.10.3)
o http://www.ethereal.com/appnotes/enpa-sa-00013.html
=> Other notes
o A lot of packet dissectors were either added or updated, as well as
some capture file formats handlers.
This release fixes potential security issues with the GTP, ISAKMP,
MEGACO, and SOCKS dissectors.
New and updated features
Ethereal has leapt forward into the 90's and added a toolbar.
Ethereal and Tethereal can now force the data link type of captured
frames.
RTP analysis has been enhanced.
Individual frames can now be marked as time references
Service response time and general I/O statistics have been enhanced. I/O
statistics can now calculate client load (experimental).
New protocol support
ACN, ALCAP, ANSI MAP, ASN.1 BER, BSSAP, DCE/RPC DRSUAPI, DCE/RPC
INITSHUTDOWN, DCE/RPC RS_BIND, FC-SP, FICON, GSM BSSMAP, GSM DTAP, GSM
SMS TPDU, GSM SMS, GSM SS, H.450, IOS 4.0.1 IS-637-A (SMS), IS-683-A
(OTA), T.38, TCAP, TPCP
Updated protocol support
AODV, ASN.1 PER, BSSGP, CDP, Cisco HDLC, COPS, DCE/RPC BROWSER, DCE/RPC
DNSSERVER, DCE/RPC EPM, DCE/RPC LSA, DCE/RPC Messenger, DCE/RPC REG,
DCE/RPC SVCCTL, DCE/RPC, DFS, DHCPv6, DOCSIS, EAPOL, ENIP, Frame Relay,
FTP, GPRS, Gryphon, GTP, H.225, H.245, HTTP, ICMP, IEEE 802.11, IPX,
ISAKMP, ISUP, LAPB, Laplink, LWAPP, MAPI, MDSHDR, MEGACO, MPLS, NCP,
NDPS, NETLOGON, NFS, NTLMSSP, OSPF, OXID, PPP, Q.931, Q.933, RANAP, RIP,
RTP, SAMR, SCCP, SCSI, SCTP, SDP, SIP, SMB, SMPP, SNMP, SOCKS, SONMP,
SPOOLSS SRVLOC, SRVSVC, T.35, TACACS+, TAPI, TCP, TZSP, WKSSVC, WSP,
X.25, Yahoo! Messenger
Updated capture file support
Linux Bluez Bluetooth hcidump support has been added.
Endace ERF and Network Instruments Observer, and NetXRay support has
been enhanced.
Patch provided by Adrian Portelli <adrianp@stindustries.net> in PR
pkg/22751.
Changes:
New and updated features
Many often-requested features have been added with this release. If
you're running an older version of Ethereal you may want to have a look.
Conversation List (aka "top talker") support has been added to Ethereal
and Tethereal. Protocol statistics in general have been updated.
Searching capture files has been improved even more -- a new "contains"
display filter operator that searches for strings in PDUs has been
added. The Find dialog now supports case-insensitive searches, hex data
searches, and more.
An H.225 dissector has been added. It can automatically recognize RTP
and RTCP conversations.
A preference file has been added for disabled protocols.
Color filters may now be imported and exported from within Ethereal.
A new column type has been added for cumulative bytes.
New protocols
GPRS BSSGP, GPRS NS, H.225, H.263, LWAPP, Laplink, Q.933, STUN
Updated protocols
ArtNet, BOOTP/DHCP, DCE/RPC, DCERPCSTAT, DHCPv6, DOCSIS, ENIP, Ethernet,
FCIP, Frame Relay, H.245, HTTP, IPsec, iSCSI, LDAP, LWRES, M2UA, M3UA,
MEGACO, MTP3, NCP, NDPS, NFS, NTLMSSP, PPTP, Q.931, RPC, SAMR, SCCP,
SCTP, SIP, SMB, SMPP, SNA, SNMP, SRVLOC, SUA, TCP, TDS, UCD, UDP, WSP,
Updated capture file support
Support for Accellent 5Views and Endace ERF capture files was added.
CheckPoint FW-1 and Novell LANalyzer support has been enhanced.
Changes in pkgsrc:
o Now it uses GTK2 by default
