CVS commit: pkgsrc/net/wireshark

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/net/wireshark
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Mon, 4 May 2026 08:15:13 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Mon May  4 08:15:13 UTC 2026

Modified Files:
        pkgsrc/net/wireshark: Makefile PLIST distinfo

Log Message:
wireshark: updated to 4.6.5

4.6.5

This release fixes quite a few vulnerabilities. This is due to to a recent trend in AI-assisted vulnerability reports.

wnpa-sec-2026-08 Monero dissector crash. Issue 21066. CVE-2026-5409.

wnpa-sec-2026-09 BT-DHT dissector crash. Issue 21067. CVE-2026-5408.

wnpa-sec-2026-10 FC-SWILS dissector crash. Issue 21070. CVE-2026-5406.

wnpa-sec-2026-11 SMB2 dissector infinite loop. Issue 21073. CVE-2026-5407.

wnpa-sec-2026-12 ICMPv6 dissector crash. Issue 21077. CVE-2026-5299.

wnpa-sec-2026-13 AFP dissector crash. Issue 21088. CVE-2026-5401.

wnpa-sec-2026-14 TLS dissector crash and possible code execution. Issue 21090. CVE-2026-5402.

wnpa-sec-2026-15 K12 RF5 file parser crash. Issue 21094. CVE-2026-5404.

wnpa-sec-2026-16 SBC codec crash and possible code execution. Issue 21103. CVE-2026-5403.

wnpa-sec-2026-17 RDP dissector crash and possible code execution. Issue 21105. CVE-2026-5405.

wnpa-sec-2026-18 AMR-NB codec crash. Issue 21111. CVE-2026-5654.

wnpa-sec-2026-19 SDP dissector crash. Issue 2111. CVE-2026-5655.

wnpa-sec-2026-20 iLBC audio codec crash. Issue 21113. CVE-2026-5657.

wnpa-sec-2026-21 Profile import crash and possible code execution. Issue 21115. CVE-2026-5656.

wnpa-sec-2026-22 DCP-ETSI protocol dissector crash. Issue 21122. CVE-2026-5653.

wnpa-sec-2026-23 BEEP protocol dissector crash. Issue 21120. CVE-2026-6538.

wnpa-sec-2026-24 ZigBee protocol dissector crash. Issue 21125. CVE-2026-6537.

wnpa-sec-2026-25 DLMS/COSEM protcol dissector infinite loop. Issue 21065. CVE-2026-6536.

wnpa-sec-2026-26 Dissection engine zlib decompression crash. Issue 21097, Issue 21098. CVE-2026-6535.

wnpa-sec-2026-27 USB HID protocol dissector infinite loop. Issue 21121. CVE-2026-6534.

wnpa-sec-2026-28 Dissection engine LZ77 decompression crash. Issue 21127. CVE-2026-6533.

wnpa-sec-2026-29 Kismet protocol dissector crash. Issue 21129, Issue 21128. CVE-2026-6532.

wnpa-sec-2026-30 SANE protocol dissector infinite loop. Issue 21139. CVE-2026-6531.

wnpa-sec-2026-31 DCP-ETSI protocol dissector crash. Issue 21144. CVE-2026-6530.

wnpa-sec-2026-32 iLBC audio codec crash. Issue 21145. CVE-2026-6529.

wnpa-sec-2026-33 TLS dissector infinite loop. Issue 21151. CVE-2026-6528.

wnpa-sec-2026-34 ASN.1 PER protocol dissector crash. Issue 21149. CVE-2026-6527.

wnpa-sec-2026-35 RTSP protocol dissector crash. Issue 21173. CVE-2026-6526.

wnpa-sec-2026-36 IEEE 802.11 protocol dissector crash. Issue 21008. CVE-2026-6525.

wnpa-sec-2026-37 MySQL protocol dissector crash. Issue 21172. CVE-2026-6524.

wnpa-sec-2026-38 GNW protocol dissector infinite loop. Issue 21177. CVE-2026-6523.

wnpa-sec-2026-39 OpenFlow v5 protocol dissector infinite loops. Issue 21182, Issue 21188. CVE-2026-6521.

wnpa-sec-2026-40 OpenFlow v6 protocol dissector infinite loop. Issue 21181. CVE-2026-6520.

wnpa-sec-2026-41 MBIM dissector infinite loop. Issue 21184. CVE-2026-6519.

wnpa-sec-2026-42 RPKI-Router protocol dissector infinite loop. Issue 21186. CVE-2026-6522.

wnpa-sec-2026-43 GSM RP protocol dissector crash. Issue 21189. CVE-2026-6870.

wnpa-sec-2026-44 WebSocket protocol dissector crash. Issue 21190. CVE-2026-6869.

wnpa-sec-2026-45 SMB2 protocol dissector crash. Issue 21191.

wnpa-sec-2026-46 HTTP protocol dissector crash. Issue 21185. CVE-2026-6868.

wnpa-sec-2026-47 Sharkd utility memory leak. Issue 21214.

wnpa-sec-2026-48 Sharkd utility crash. Issue 21206.

wnpa-sec-2026-49 Sharkd utility crash. Issue 21207.

wnpa-sec-2026-50 UDS protocol dissector infinite loop. Issue 21225.

The following bugs have been fixed:

WSUG: Enabled Protocols dialog needs an update. Issue 20871.

Build failure with Qt 6.11 beta. Issue 20965.

BLF: Missing 4 byte alignment makes BLF files incompatible with Vector’s tools. Issue 21017.

SMB2 decryption keys in smb2_seskey_list are not loaded on restart. Issue 21036.

Fuzz job issue: fuzz-2026-03-01-13307044520.pcap. Issue 21049.

Window with a message for ssh_strict_fopen. Issue 21051.

IEEE 1722.1 Dissector for Stream Input Counters displays FRAMES_RX as "Stream Packets TX" Issue 21055.

Wireshark 4.6.4 crashes. Issue 21058.

Compilation error with Lua-5.5. Issue 21060.

BSOD issue affecting Npcap 1.86. Issue 21062.

Adding descriptions to BLF interfaces broke the Capture File Properties view. Issue 21069.

Assertion Failure in ws_buffer_remove_start via Malformed Packet Manipulation. Issue 21078.

Modbus/RTU fails to decode broadcast frames. Issue 21091.

Lua not included unless CMake version >= 3.25. Issue 21093.

sshdump: Regression in v4.6.4 – Failed to resolve hostname aliases from .ssh/config on Windows. Issue 21114.

Fuzz job crash: fuzz-2026-03-25-13637733472.pcap. Issue 21117.

dumpcap TCP@ section-header parsing remote heap corruption. Issue 21132.

Netflix BBLog EVENT parsing crash. Issue 21133.

On Windows, the Follow Stream feature output is shown in proportional font after zooming. Issue 21137.

RTP Streams dialog Time of Day inconsistent behavior. Issue 21138.

Sysdig Event Block Integer Underflow. Issue 21140.

RF4CE NWK Dissector Heap Buffer Overflow (crash/OOB) Issue 21150.

NetXray/Sniffer Padding Integer Underflow. Issue 21152.

HTTP/2 ALTSVC/PRIORITY_UPDATE Frame Length Truncation (24-bit to 16-bit) Issue 21155.

Snort config parser 2 buffer overflows. Issue 21165.

ESP NULL Encryption Integer Underflow triggers Heap Overflow. Issue 21166.

Heap buffer overflow in ISO 8583 dissector bin2hex() Issue 21171.

wslua: NULL pointer dereference in get_dissector when passing an invalid GUID string to an FT_GUID table. Issue 21194.

Fuzz job UTF-8 encoding issue: fuzz-2026-04-16-13947406035.pcap. Issue 21199.

Qt: Waterfall bars misisng in conversation overview when "limit to display filter" is active. Issue 21204.

text2pcap: heap-buffer-overflow in memmove when -P"dissector" payload exceeds reserved space. Issue 21208.

text2pcap : Stack overflow via unbounded "g_alloca" in regex "seqno" Issue 21209.

editcap: --novlan integer underflow in sll_remove_vlan_info causes denial of service on short SLL captures. Issue 21210.

NAS-5GS - Mapping issue between IEI 0x7B and "S-NSSAI location validity information" IE. Issue 21218.

RTP-MIDI dissector reports incorrect value for MTC Quarter Frame data. Issue 21231.


To generate a diff of this commit:
cvs rdiff -u -r1.346 -r1.347 pkgsrc/net/wireshark/Makefile
cvs rdiff -u -r1.108 -r1.109 pkgsrc/net/wireshark/PLIST
cvs rdiff -u -r1.190 -r1.191 pkgsrc/net/wireshark/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/net/wireshark/Makefile
diff -u pkgsrc/net/wireshark/Makefile:1.346 pkgsrc/net/wireshark/Makefile:1.347
--- pkgsrc/net/wireshark/Makefile:1.346 Thu Mar 19 22:55:41 2026
+++ pkgsrc/net/wireshark/Makefile       Mon May  4 08:15:13 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.346 2026/03/19 22:55:41 nia Exp $
+# $NetBSD: Makefile,v 1.347 2026/05/04 08:15:13 adam Exp $
 
-DISTNAME=      wireshark-4.6.4
+DISTNAME=      wireshark-4.6.5
 CATEGORIES=    net
 MASTER_SITES=  https://www.wireshark.org/download/src/
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/net/wireshark/PLIST
diff -u pkgsrc/net/wireshark/PLIST:1.108 pkgsrc/net/wireshark/PLIST:1.109
--- pkgsrc/net/wireshark/PLIST:1.108    Thu Feb 26 15:44:56 2026
+++ pkgsrc/net/wireshark/PLIST  Mon May  4 08:15:13 2026
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.108 2026/02/26 15:44:56 adam Exp $
+@comment $NetBSD: PLIST,v 1.109 2026/05/04 08:15:13 adam Exp $
 bin/capinfos
 bin/captype
 bin/dumpcap
@@ -14,10 +14,10 @@ bin/tshark
 ${PLIST.qt}bin/wireshark
 lib/libwireshark.so
 lib/libwireshark.so.19
-lib/libwireshark.so.19.0.4
+lib/libwireshark.so.19.0.5
 lib/libwiretap.so
 lib/libwiretap.so.16
-lib/libwiretap.so.16.0.4
+lib/libwiretap.so.16.0.5
 lib/libwsutil.so
 lib/libwsutil.so.17
 lib/libwsutil.so.17.0.0

Index: pkgsrc/net/wireshark/distinfo
diff -u pkgsrc/net/wireshark/distinfo:1.190 pkgsrc/net/wireshark/distinfo:1.191
--- pkgsrc/net/wireshark/distinfo:1.190 Thu Feb 26 15:44:56 2026
+++ pkgsrc/net/wireshark/distinfo       Mon May  4 08:15:13 2026
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.190 2026/02/26 15:44:56 adam Exp $
+$NetBSD: distinfo,v 1.191 2026/05/04 08:15:13 adam Exp $
 
-BLAKE2s (wireshark-4.6.4.tar.xz) = 65f1bdc5dc7739a86fb3c368cafc7261b6914ec336c0682222e8ebe60e295e60
-SHA512 (wireshark-4.6.4.tar.xz) = 5ff1b0fd012bbac0ad79ee58e065e7eabb60fce888959fb6701b79b1d03305724f2adb2623549406f1fc3036f54d4bf14d49c3e4237e68e649a20e430a868acd
-Size (wireshark-4.6.4.tar.xz) = 50566640 bytes
+BLAKE2s (wireshark-4.6.5.tar.xz) = 617cfc71c01a4d06d740dfaeae27d139b7b8ffa3450a3b82bcc3da7be6595dd4
+SHA512 (wireshark-4.6.5.tar.xz) = f5f52eed915184a553b32c559bdb9b5478e33a877768265b8b40b711cb44ffcd98b3a6e8a469f65b870df16ac7f9f7d391727156d11e669e5ab4bcd52bab8981
+Size (wireshark-4.6.5.tar.xz) = 58257076 bytes
 SHA1 (patch-CMakeLists.txt) = 80af7e00226894efe82db3b89ea8fee08bd30681

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/devel/libgsf
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/devel/libgsf
Indexes:

Home | Main Index | Thread Index | Old Index