<!--
Wireshark Info
-->
- <!ENTITY WiresharkCurrentVersion "0.99.6">
+ <!ENTITY WiresharkCurrentVersion "1.3.4">
]>
</section>
<section id="WhatsNew"><title>What's New</title>
- <section><title>Bug Fixes</title>
+ <section id="BugFixes"><title>Bug Fixes</title>
<para>
The following vulnerabilities have been fixed. See the
<listitem>
<para>
- Wireshark could crash when dissecting an HTTP chunked
- response.
- <!-- Fixed in r21034 -->
- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1394">1394</ulink>)
+ The NetFlow dissector could run off with your dog, crash your truck,
+ and write a country music song about the experience.
+ <!-- Fixed in r????? -->
+ <!-- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=????">????</ulink>) -->
</para>
- <para>Versions affected: 0.99.5</para>
- <para>
- <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
- </para>
- </listitem>
-
- <listitem>
- <para>
- On some systems, Wireshark could crash while reading
- iSeries capture files.
- <!-- Fixed in r20990 -->
- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1415">1415</ulink>)
- </para>
- <para>Versions affected: 0.10.14 to 0.99.5</para>
- <para>
- <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
- </para>
- </listitem>
-
- <listitem>
- <para>
- Wireshark could exhaust system memory while reading a malformed
- DCP ETSI packet.
- <!-- Fixed in r21007 -->
- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1264">1264</ulink>)
- </para>
- <para>Versions affected: 0.99.5</para>
- <para>
- <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
- </para>
- </listitem>
-
- <listitem>
- <para>
- Wireshark could loop excessively while reading a malformed SSL
- packet.
- <!-- Fixed in r? -->
- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1582">1582</ulink>)
- </para>
- <para>Versions affected: ?</para>
- <para>
- <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
- </para>
- </listitem>
-
- <listitem>
- <para>
- The DHCP/BOOTP dissector was susceptible to an off-by-one error.
- <!-- Fixed in r21947 -->
- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1416">1416</ulink>)
- </para>
- <para>Versions affected: ?</para>
- <para>
- <!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
- </para>
- </listitem>
-
- <listitem>
- <para>
- Wireshark could loop excessively while reading a malformed MMS
- packet.
- <!-- Fixed in r21392 -->
- (Bug <ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1382">1382</ulink>)
- </para>
- <para>Versions affected: ?</para>
+ <para>Versions affected: 0.99.5 to 1.0.8</para>
<para>
<!-- <ulink url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-????">CVE-2007-????</ulink> -->
</para>
<itemizedlist>
<listitem><para>
- WEP decryption would only work for the first key specified.
- disappear or become unusable. WEP and WPA decryption didn't work
- for QoS frames. WPA decryption failed if EAPOL handshake packets
- contained extra data. Wireshark failed to parse colon-separated
- WEP keys.
- </para></listitem>
-
- <listitem><para>
- Merging files in Wireshark now appends files properly.
- </para></listitem>
-
- <listitem><para>
- Wireshark could hang while saving an RTP stream with bad timestamp
- data.
- </para></listitem>
-
- <listitem><para>
- You must now explicitly pass "--disable-wireshark" to the build
- environment if you only want to build TShark; the configure
- script will fail, rather than automatically building only
- TShark, if it's run on a system that doesn't have GTK+ headers
- and libraries installed.
- </para></listitem>
-
- <listitem><para>
- Capture from named pipes (via "-i
- \\<server>\pipe\<pipename>") now works under
- Windows.
- </para></listitem>
-
- <listitem><para>
- The <code>frame.time_delta</code> display filter now works as
- expected, matching the delta time between the current and previous
- <strong>captured</strong> packet. A new filter,
- <code>frame.time_delta_displayed</code>,
- matches the delta time between the current and previous
- <strong>displayed</strong> frame.
+ Wireshark could crash without warning.
</para></listitem>
</itemizedlist>
+
</para>
</section>
- <section><title>New and Updated Features</title>
+ <section id="NewFeatures"><title>New and Updated Features</title>
<para>
The following features are new (or have been significantly updated)
- since the last release:
+ since version 1.2:
<itemizedlist>
- <listitem><para>
- You no longer have to restart Wireshark after changing column
- preferences.
- </para></listitem>
+ <listitem>
+ <para>
+ The packet list internals have been rewritten and are now more
+ efficient.
+ </para>
+ </listitem>
- <listitem><para>
- You can now export HTTP objects via File→Export→Objects→HTML.
- </para></listitem>
+ <listitem>
+ <para>
+ Python scripting support has been added.
+ </para>
+ </listitem>
- <listitem><para>
- Wireshark now supports display filter macros
- </para></listitem>
+ <listitem>
+ <para>
+ Capturing from pipes on Windows has been improved.
+ </para>
+ </listitem>
- <listitem><para>
- <ulink url="http://www.wireshark.org/docs/wsug_html_chunked/ChDisplayFilterMacrosSection.html">Display
- filter macros</ulink> are now supported.
- </para></listitem>
+ <listitem>
+ <para>
+ Many memory leaks have been fixed.
+ </para>
+ </listitem>
- <listitem><para>
- You can now match upper- and lower-case text with the <code>contains</code> operator, e.g. <code>upper(http.request.method) contains "GET"</code>.
- </para></listitem>
+ <listitem>
+ <para>
+ Wireshark no longer supports Windows 2000. Please use
+ Wireshark 1.2 or 1.0 on those systems.
+ </para>
+ </listitem>
- <listitem><para>
- A great deal of code has been cleaned up, including fixing many
- compiler errors.
- </para></listitem>
+ <listitem>
+ <para>
+ Packtets can now be ignored (excluded from dissection), similar to
+ the way they can be marked.
+ </para>
+ </listitem>
</itemizedlist>
+
</para>
</section>
- <section><title>New Protocol Support</title>
+ <section id="NewProtocols"><title>New Protocol Support</title>
<para>
</para>
</section>
- <section><title>Updated Protocol Support</title> <para>
+ <section id="UpdatedProtocols"><title>Updated Protocol Support</title> <para>
</para>
</section>
- <section><title>New and Updated Capture File Support</title>
+ <section id="NewCapture"><title>New and Updated Capture File Support</title>
<para>
</para>
<section id="GettingWireshark"><title>Getting Wireshark</title>
<para>
Wireshark source code and installation packages are available from
- the <ulink url="http://www.wireshark.org/download.html">download
- page</ulink> on the main web site.
+ <ulink url="http://www.wireshark.org/download.html">http://www.wireshark.org/download.html</ulink>.
</para>
- <section><title>Vendor-supplied Packages</title>
+ <section id="VendorPackages"><title>Vendor-supplied Packages</title>
<para>
Most Linux and Unix vendors supply their own Wireshark packages.
You can usually install or upgrade Wireshark using the package management
<section id="KnownProblems"><title>Known Problems</title>
<para>
- The <guibutton>Filter</guibutton> button is nonfunctional in the
- file dialogs under Windows.
- (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=942">Bug
- 942</ulink>)
+ Wireshark may appear offscreen on multi-monitor Windows systems.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=553">Bug
+ 553</ulink>)
+ </para>
+
+ <para>
+ Wireshark might make your system disassociate from a wireless network
+ on OS X.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1315">Bug
+ 1315</ulink>)
+ </para>
+
+ <para>
+ Dumpcap might not quit if Wireshark or TShark crashes.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419">Bug
+ 1419</ulink>)
+ </para>
+
+ <para>
+ Wireshark is unable to decrypt WPA group keys.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1420">Bug
+ 1420</ulink>)
+ </para>
+
+ <para>
+ The BER dissector might infinitely loop.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516">Bug
+ 1516</ulink>)
+ </para>
+
+ <para>
+ Wireshark can't dynamically update the packet list. This means that host
+ name resolutions above a certain response time threshold won't show up in
+ the packet list.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1605">Bug
+ 1605</ulink>)
+ </para>
+
+ <para>
+ Capture filters aren't applied when capturing from named pipes.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814">Bug
+ 1814</ulink>)
+ </para>
+
+ <para>
+ Wireshark might freeze when reading from a pipe.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2082">Bug
+ 2082</ulink>)
+ </para>
+
+ <para>
+ Capturing from named pipes might be delayed on Windows.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2200">Bug
+ 2200</ulink>)
+ </para>
+
+ <para>
+ Filtering tshark captures with display filters (-R) no longer works.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234">Bug
+ 2234</ulink>)
+ </para>
+
+ <para>
+ The 64-bit Windows installer does not ship with the same libraries as the
+ 32-bit installer.
+ (<ulink url="http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3610">Bug
+ 3610</ulink>)
</para>
</section>