Build 3.0.5.wireshark-3.0.5v3.0.5

Change-Id: I0d1875ff0f029f1190da25a1706ec08044aa0eb1
Reviewed-on: https://code.wireshark.org/review/34576
Reviewed-by: Gerald Combs <gerald@wireshark.org>

3 files changed, 276 insertions, 27 deletions

diff --git a/ChangeLog b/ChangeLog
index e69de29bb2..a5642a0c71 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -0,0 +1,200 @@
+commit 21f80b6288
+Author: João Valverde <joao.valverde@tecnico.ulisboa.pt>
+Date:   Tue Sep 17 19:07:54 2019 +0100
+
+    Fix build with non-standard install prefix
+    
+    The variables BUILD_dumpcap and PCAP_FOUND are defined after the if
+    condition, therefore wireshark is built with a relative RPATH and
+    library loading for privileged processes fails with glibc.
+    
+    Move the definition of BUILD_dumpcap before it is used and drop
+    the test for PCAP_FOUND.
+    
+    Move a comment to the proper line while at it.
+    
+    Change-Id: Ie151a3781898e712f9e324e9ef995022bbea40b6
+    Reviewed-on: https://code.wireshark.org/review/34564
+    Petri-Dish: João Valverde <j@v6e.pt>
+    Tested-by: Petri Dish Buildbot
+    Reviewed-by: Guy Harris <guy@alum.mit.edu>
+    Reviewed-on: https://code.wireshark.org/review/34572
+    Reviewed-by: João Valverde <j@v6e.pt>
+
+commit 6d452f0f08
+Author: Gerald Combs <gerald@wireshark.org>
+Date:   Thu Sep 19 09:04:21 2019 -0700
+
+    NSIS: Tell the user to uninstall Npcap 0.99[45] manually.
+    
+    Npcap 0.994 and 0.995 might crash the system while being removed. Later
+    versions of the installer warn about this, but a MessageBox doesn't
+    provide much space to describe what's going on.
+    
+    Add manual uninstallation instructions to the release notes.
+    
+    If we find a problematic version of Npcap in the NSIS installer, tell
+    the user that they should uninstall it manually. Link to the relevant
+    section in the release notes.
+    
+    Bug: 16052
+    Change-Id: Ie8d811b5169ef253ffbd24a5f24a470b3a846e4f
+    Reviewed-on: https://code.wireshark.org/review/34565
+    Reviewed-by: Gerald Combs <gerald@wireshark.org>
+    Petri-Dish: Gerald Combs <gerald@wireshark.org>
+    Tested-by: Petri Dish Buildbot
+    Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
+
+commit ff5fc4ec4d
+Author: Aleksej Matis <amat@magure.de>
+Date:   Wed Sep 18 20:39:06 2019 +0200
+
+    ieee80211: Fix nameclash in RM Report
+    
+    RM Report channel number and duration share the same abbreviation.
+    Rename duration to wlan.measure.re[qp].duration.
+    
+    Change-Id: I0a24ffb69e1b0f1c81626ccaeaa7ce1675158465
+    Reviewed-on: https://code.wireshark.org/review/34562
+    Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
+    Petri-Dish: Gerald Combs <gerald@wireshark.org>
+    Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
+    Tested-by: Petri Dish Buildbot
+    Reviewed-by: Anders Broman <a.broman58@gmail.com>
+    (cherry picked from commit 6cb9f32cf2eb6ca3320dba4af5cad2f2f57f8309)
+    Reviewed-on: https://code.wireshark.org/review/34563
+
+commit 0b4f9e9a2b
+Author: Gerald Combs <gerald@wireshark.org>
+Date:   Mon Sep 16 08:45:56 2019 -0700
+
+    macOS: Don't clobber Wireshark.app during installation.
+    
+    Removing Wireshark.app during preflight is the wrong way to ensure that
+    we uninstall old assets.
+    
+    Bug: 16050
+    Change-Id: I39a0129e29830f8b6bc7ef228f3886db51d963ec
+    Reviewed-on: https://code.wireshark.org/review/34542
+    Reviewed-by: Gerald Combs <gerald@wireshark.org>
+    (cherry picked from commit 71b99dfa39c2f57b3adbb505c73f8a48de6c61f8)
+    Reviewed-on: https://code.wireshark.org/review/34561
+
+commit e0cfa5c657
+Author: Mikael Kanstrup <mikael.kanstrup@sony.com>
+Date:   Wed Sep 18 14:25:12 2019 +0200
+
+    dot11crypt: Fix crash on failure finding GTK in decrypted frame
+    
+    If GTK cannot be found inside a successfully decrypted wireless frame
+    the dot11crypt engine returns incorrect decrypted data length of 0
+    bytes. As the IEEE802.11 dissector does not check the length of the
+    decrypted frame the number of bytes allocated and copied to wmem ends
+    up being a negative number (i.e. a huge unsigned number). This results
+    in a SIGSEGV crash while copying data.
+    
+    Fix this both by returning a correct length from dot11crypt engine
+    and add extra an protection to the IEEE802.11 dissector if the length
+    for any (other) reason still would end up being a negative number.
+    
+    Bug: 16058
+    Change-Id: I9d0d1cf50498dece2e008222eebbb3edc8f10159
+    Reviewed-on: https://code.wireshark.org/review/34558
+    Petri-Dish: Pascal Quantin <pascal@wireshark.org>
+    Tested-by: Petri Dish Buildbot
+    Reviewed-by: Pascal Quantin <pascal@wireshark.org>
+    (cherry picked from commit 74bccadff2080a45b6758a355e3c7737409832c4)
+    Reviewed-on: https://code.wireshark.org/review/34559
+
+commit 5c80264032
+Author: Gerald Combs <gerald@wireshark.org>
+Date:   Sun Sep 15 09:29:04 2019 +0000
+
+    [Automatic update for 2019-09-15]
+    
+    Update manuf, services enterprise numbers, translations, and other items.
+    
+    Change-Id: I647bfcb704283f0bf7fadc6a90605c1abd29f601
+    Reviewed-on: https://code.wireshark.org/review/34531
+    Reviewed-by: Gerald Combs <gerald@wireshark.org>
+
+commit 021d581e9a
+Author: Evan Welsh <noreply@evanwelsh.com>
+Date:   Sat Sep 14 16:02:26 2019 -0400
+
+    Qt: Prevent crash in main window layout.
+    
+    Add length check for extra_sizes array in geometry calculations when using
+    recent  sizes, prevents crash in case where user creates a new user profile
+    with a layout of 1) filled pane 2) empty pane 3) empty pane.
+    
+    Bug: 16048
+    Change-Id: I5f30d6e4148703504029efab75a77f2cdb6619ff
+    Reviewed-on: https://code.wireshark.org/review/34524
+    Reviewed-by: Michael Mann <mmann78@netscape.net>
+    Petri-Dish: Michael Mann <mmann78@netscape.net>
+    Reviewed-by: Peter Wu <peter@lekensteyn.nl>
+    (cherry picked from commit c0224eeeb833c3ee0b2625c71b9915f13afadb23)
+    Reviewed-on: https://code.wireshark.org/review/34527
+    Reviewed-by: Guy Harris <guy@alum.mit.edu>
+
+commit c9bfeb2a3b
+Author: Tomasz Moń <desowin@gmail.com>
+Date:   Tue Sep 10 19:53:18 2019 +0200
+
+    randpktdump: Initialize print error handler
+    
+    When there is a problem with output pipe, randpktdump will call
+    cfile_write_failure_message() which in turn calls cmdarg_err() which
+    calls print_err. Call cmdarg_err_init() so print_err is not NULL.
+    
+    Change-Id: Ie459596a473c83204e9aa1d48bb2d2d3717b340a
+    Reviewed-on: https://code.wireshark.org/review/34495
+    Petri-Dish: Michael Mann <mmann78@netscape.net>
+    Tested-by: Petri Dish Buildbot
+    Reviewed-by: Michael Mann <mmann78@netscape.net>
+    (cherry picked from commit 4853fb93b2e64a882f233cd91743976075faf6da)
+    Reviewed-on: https://code.wireshark.org/review/34525
+    Petri-Dish: Guy Harris <guy@alum.mit.edu>
+    Reviewed-by: Guy Harris <guy@alum.mit.edu>
+
+commit 9541420798
+Author: Jaap Keuter <jaap.keuter@xs4all.nl>
+Date:   Sat Sep 14 09:42:57 2019 +0200
+
+    SNMP: handle Net-SNMP Engine Id of 12 octets
+    
+    The Net-SNMP code creates an Engine Id size based on the compilation
+    size, either 8 or 12 octets long. Current implementation handles 32 bit
+    compilation of Net-SNMP (resulting in 8 octets), this change adds
+    handling of 64 bit compilation of Net-SNMP (resulting in 12 octets).
+    
+    Bug: 16051
+    Change-Id: I256f9a7ad2fd219492e4ebc413ef24cd2c210e0b
+    Reviewed-on: https://code.wireshark.org/review/34520
+    Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
+    Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
+    Tested-by: Petri Dish Buildbot
+    Reviewed-by: Michael Mann <mmann78@netscape.net>
+    (cherry picked from commit 608dbda8eeefeb1c79fd93c1848515d8bc6b4ca1)
+    Reviewed-on: https://code.wireshark.org/review/34522
+
+commit a1dd797cd4
+Author: Gerald Combs <gerald@zing.org>
+Date:   Wed Sep 11 17:12:00 2019 -0700
+
+    Release notes: The Windows installers ship with Qt 5.12.5.
+    
+    Change-Id: I2fc89181d9a79c3d305c4f76ea6281dcc5c209f4
+    Reviewed-on: https://code.wireshark.org/review/34511
+    Reviewed-by: Gerald Combs <gerald@wireshark.org>
+
+commit 99c612eb70
+Author: Gerald Combs <gerald@wireshark.org>
+Date:   Wed Sep 11 15:45:17 2019 -0700
+
+    3.0.4 → 3.0.5.
+    
+    Change-Id: I5af564dbf3c0ce971833837d5b0833aabcd33f2e
+    Reviewed-on: https://code.wireshark.org/review/34509
+    Reviewed-by: Gerald Combs <gerald@wireshark.org>
diff --git a/NEWS b/NEWS
index 4a88f78e50..1b1c051939 100644
--- a/NEWS
+++ b/NEWS
@@ -10,14 +10,47 @@ Wireshark 3.0.5 Release Notes
   The Windows installers now ship with Qt 5.12.5. They previously
   shipped with Qt 5.12.4.
 
+  If you have Npcap 0.994 or 0.995 installed, your system might crash
+  when upgrading. We recommend that you uninstall these versions
+  manually prior to installing Wireshark. See Npcap bugs 1591[1] and
+  1675[2] for more details. You can uninstall either version manually by
+  doing the following:
+
+   1. Open a command or PowerShell prompt as Administrator and run
+      sc.exe config npcap start=disabled.
+
+   2. Run sc.exe config npf start=disabled. This will fail if WinPcap
+      compatibility mode isn’t enabled, but is otherwise harmless.
+
+   3. Reboot (optional).
+
+   4. Open “Programs and Features” in the Control Panel or “Apps &
+      features” in Settings and uninstall Npcap.
+
+   5. Open “Device Manager” (devmgmt.msc) in the Control Panel and
+      expand the “Network adapters” section. Uninstall each “Npcap
+      Loopback Adapter” that you find.
+
   Bug Fixes
 
    The following vulnerabilities have been fixed:
 
-     • wnpa-sec-2019-22[1] Foo dissector {crash,infinite loop}.
-
    The following bugs have been fixed:
 
+     • Qt interface crashes on a profile with packet list only. Bug
+       16048[3].
+
+     • Wireshark 3.0.4 does not start on macOS 10.13 after an upgrade
+       from 3.0.3. Bug 16050[4].
+
+     • NET-SNMP EngineID Length handling Warning. Bug 16051[5].
+
+     • Upgrade from Wireshark 3.0.2/3.0.3 to 3.0.4/later is confusing
+       and may not complete properly. Bug 16052[6].
+
+     • Crash SIGSEGV when decrypting IEEE 802.11 EAP re-authentications.
+       Bug 16058[7].
+
   New and Updated Features
 
    There are no new features in this release.
@@ -39,14 +72,14 @@ Wireshark 3.0.5 Release Notes
  Getting Wireshark
 
   Wireshark source code and installation packages are available from
-  https://www.wireshark.org/download.html[2].
+  https://www.wireshark.org/download.html[8].
 
   Vendor-supplied Packages
 
    Most Linux and Unix vendors supply their own Wireshark packages. You
    can usually install or upgrade Wireshark using the package management
    system specific to that platform. A list of third-party packages can
-   be found on the download page[3] on the Wireshark web site.
+   be found on the download page[9] on the Wireshark web site.
 
  File Locations
 
@@ -58,31 +91,37 @@ Wireshark 3.0.5 Release Notes
  Getting Help
 
   The User’s Guide, manual pages and various other documentation can be
-  found at https://www.wireshark.org/docs/[4]
+  found at https://www.wireshark.org/docs/[10]
 
-  Community support is available on Wireshark’s Q&A site[5] and on the
+  Community support is available on Wireshark’s Q&A site[11] and on the
   wireshark-users mailing list. Subscription information and archives
-  for all of Wireshark’s mailing lists can be found on the web site[6].
+  for all of Wireshark’s mailing lists can be found on the web site[12].
 
-  Bugs and feature requests can be reported on the bug tracker[7].
+  Bugs and feature requests can be reported on the bug tracker[13].
 
   Official Wireshark training and certification are available from
-  Wireshark University[8].
+  Wireshark University[14].
 
  Frequently Asked Questions
 
-  A complete FAQ is available on the Wireshark web site[9].
+  A complete FAQ is available on the Wireshark web site[15].
 
-  Last updated 2019-09-15 09:17:26 UTC
+  Last updated 2019-09-20 17:51:26 UTC
 
  References
 
-   1. https://www.wireshark.org/security/wnpa-sec-2019-22
-   2. https://www.wireshark.org/download.html
-   3. https://www.wireshark.org/download.html#thirdparty
-   4. https://www.wireshark.org/docs/
-   5. https://ask.wireshark.org/
-   6. https://www.wireshark.org/lists/
-   7. https://bugs.wireshark.org/
-   8. http://www.wiresharktraining.com/
-   9. https://www.wireshark.org/faq.html
+   1. https://github.com/nmap/nmap/issues/1591
+   2. https://github.com/nmap/nmap/issues/1675
+   3. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16048
+   4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16050
+   5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16051
+   6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16052
+   7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16058
+   8. https://www.wireshark.org/download.html
+   9. https://www.wireshark.org/download.html#thirdparty
+  10. https://www.wireshark.org/docs/
+  11. https://ask.wireshark.org/
+  12. https://www.wireshark.org/lists/
+  13. https://bugs.wireshark.org/
+  14. http://www.wiresharktraining.com/
+  15. https://www.wireshark.org/faq.html
diff --git a/docbook/release-notes.asciidoc b/docbook/release-notes.asciidoc
index c6f11da7fd..1c08895fcc 100644
--- a/docbook/release-notes.asciidoc
+++ b/docbook/release-notes.asciidoc
@@ -18,22 +18,23 @@ with Qt 5.12.4.
 
 [[npcap_upgrade]]
 If you have Npcap 0.994 or 0.995 installed, your system might crash when upgrading.
+We recommend that you uninstall these versions manually prior to installing Wireshark.
 See Npcap bugs https://github.com/nmap/nmap/issues/1591[1591] and https://github.com/nmap/nmap/issues/1675[1675] for more details.
 You can uninstall either version manually by doing the following:
 
-. At an administrative command propmpt, run `sc config npcap start=disabled`.
-. If Npcap was installed with WinPcap compatibility enabled, run `sc config npcap npf=disabled`.
+. Open a command or PowerShell prompt as Administrator and run `sc.exe config npcap start=disabled`.
+. Run `sc.exe config npf start=disabled`. This will fail if WinPcap compatibility mode isn't enabled, but is otherwise harmless.
 . Reboot (optional).
-. Uninstall Npcap using “Programs and Features” in the Control Panel or “Apps & features” in Settings.
-. Open “Device Manager” (`devmgmt.msc`) in the control panel and expand the “Network adapters” section.
+. Open “Programs and Features” in the Control Panel or “Apps & features” in Settings and uninstall Npcap.
+. Open “Device Manager” (`devmgmt.msc`) in the Control Panel and expand the “Network adapters” section.
 Uninstall each “Npcap Loopback Adapter” that you find.
 
 === Bug Fixes
 
 The following vulnerabilities have been fixed:
 
-* wssalink:2019-22[]
-Foo dissector {crash,infinite loop}.
+// * wssalink:2019-22[]
+// Foo dissector {crash,infinite loop}.
 // wsbuglink:xxxxx[].
 // cveidlink:2019-XXXXX[].
 // Fixed in master: xxxxx
@@ -46,8 +47,17 @@ The following bugs have been fixed:
 //* wsbuglink:6000[Wireshark bug]
 //* cveidlink:2014-2486[]
 //* Wireshark slowly leaked water under the kitchen sink over the course of several months, causing a big mess.
-// cp /dev/null /tmp/buglist.txt ; for bugnumber in `git log --stat v3.0.5rc0..| grep ' Bug:' | awk '{print $2}' | sort -n -u ` ; do "$(git rev-parse --show-toplevel)/tools/gen-bugnote" $bugnumber; pbpaste >> /tmp/buglist.txt; done
+// cp /dev/null /tmp/buglist.txt ; for bugnumber in `git log --stat v3.0.6rc0..| grep ' Bug:' | awk '{print $2}' | sort -n -u ` ; do "$(git rev-parse --show-toplevel)/tools/gen-bugnote" $bugnumber; pbpaste >> /tmp/buglist.txt; done
 
+* Qt interface crashes on a profile with packet list only. wsbuglink:16048[].
+
+* Wireshark 3.0.4 does not start on macOS 10.13 after an upgrade from 3.0.3. wsbuglink:16050[].
+
+* NET-SNMP EngineID Length handling Warning. wsbuglink:16051[].
+
+* Upgrade from Wireshark 3.0.2/3.0.3 to 3.0.4/later is confusing and may not complete properly. wsbuglink:16052[].
+
+* Crash SIGSEGV when decrypting IEEE 802.11 EAP re-authentications. wsbuglink:16058[].
 
 === New and Updated Features