Build 2.9.0.

Change-Id: Id2fb03127c3f4e371a11ba7788a5a3439bafc651
Reviewed-on: https://code.wireshark.org/review/31027
Reviewed-by: Gerald Combs <gerald@wireshark.org>

1 files changed, 118 insertions, 141 deletions

diff --git a/NEWS b/NEWS
index 98c0eb4cb8..f3440b03a0 100644
--- a/NEWS
+++ b/NEWS
@@ -1,136 +1,120 @@
-Wireshark 2.5.1 Release Notes
+Wireshark 2.9.0 Release Notes
 
- This is a semi-experimental release intended to test new features
- for Wireshark 2.6.
+ This is an experimental release intended to test new features for
+ Wireshark 3.0.
 
  What is Wireshark?
 
-  Wireshark is the world’s most popular network protocol analyzer.
-  It is used for troubleshooting, analysis, development and
-  education.
+  Wireshark is the world’s most popular network protocol analyzer. It is
+  used for troubleshooting, analysis, development and education.
 
  What’s New
 
-  Wireshark 2.6 is the last release that will support the legacy
-  (GTK+) user interface. It will not be supported or available in
-  Wireshark 3.0.
+  Many user interface improvements have been made. See the “New and
+  Updated Features” section below for more details.
 
-  Many user interface improvements have been made. See the “New
-  and Updated Features” section below for more details.
+  Bug Fixes
 
-  Dumpcap might not quit if Wireshark or TShark crashes. (Bug
-  1419[1])
+   The following bugs have been fixed:
 
-  New and Updated Features
+   Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
 
-   The following features are new (or have been significantly
-   updated) since version 2.5.0:
+  New and Updated Features
 
-     • HTTP Referer statistics are now supported.
+   The following features are new (or have been significantly updated)
+   since version 2.6.0:
 
-     • Wireshark now supports MaxMind DB files. Support for GeoIP
-       and GeoLite Legacy databases has been removed.
+     • The Windows .exe installers now ship with Npcap instead of
+       WinPcap.
 
-     • The Windows packages are now built using Microsoft Visual
-       Studio 2017.
+     • Conversation timestamps are supported for UDP/UDP-Lite protocols
 
-     • The IP map feature (the “Map” button in the “Endpoints”
-       dialog) has been removed.
+     • TShark now supports the -G elastic-mapping option which generates
+       an ElasticSearch mapping file.
 
-   The following features are new (or have been significantly
-   updated) since version 2.4.0:
+     • The “Capture Information” dialog has been added back (Bug
+       12004[2]).
 
-     • Display filter buttons can now be edited, disabled, and
-       removed via a context menu directly from the toolbar
+     • The Ethernet and IEEE 802.11 dissectors no longer validate the
+       frame check sequence (checksum) by default.
 
-     • Drag & Drop filter fields to the display filter toolbar or
-       edit to create a button on the fly or apply the filter as a
-       display filter.
+     • The TCP dissector gained a new “Reassemble out-of-order segments”
+       preference to fix dissection and decryption issues in case TCP
+       segments are received out-of-order. See the User’s Guide, chapter
+       TCP Reassembly for details.
 
-     • Application startup time has been reduced.
+     • Decryption support for the new WireGuard dissector (Bug 15011[3],
+       requires Libgcrypt 1.8).
 
-     • Some keyboard shortcut mix-ups have been resolved by
-       assigning new shortcuts to Edit → Copy methods.
+     • The BOOTP dissector has been renamed to DHCP. With the exception
+       of “bootp.dhcp”, the old “bootp.*” display filter fields are
+       still supported but may be removed in a future release.
 
-     • TShark now supports color using the --color option.
+     • The SSL dissector has been renamed to TLS. As with BOOTP the old
+       “ssl.*” display filter fields are supported but may be removed in
+       a future release.
 
-     • The "matches" display filter operator is now
-       case-insensitive.
+     • Coloring rules, IO graphs, Filter Buttons and protocol preference
+       tables can now be copied from other profiles using a button in
+       the corresponding configuration dialogs.
 
-     • Display expression (button) preferences have been converted
-       to a UAT. This puts the display expressions in their own
-       file. Wireshark still supports preference files that
-       contain the old preferences, but new preference files will
-       be written without the old fields.
+     • APT-X has been renamed to aptX.
 
-     • SMI private enterprise numbers are now read from the
-       "enterprises.tsv" configuration file.
+     • When importing from hex dump, it’s now possible to add an
+       ExportPDU header with a payload name. This calls the specific
+       dissector directly without lower protocols.
 
-     • The QUIC dissector has been renamed to Google QUIC (quic →
-       gquic).
+     • The sshdump and ciscodump extcap interfaces can now use a proxy
+       for the SSH connection.
 
-     • The selected packet number can now be shown in the Status
-       Bar by enabling Preferences → Appearance → Layout → Show
-       selected packet number.
+     • Dumpcap now supports the -a packets:NUM and -b packets:NUM
+       options.
 
-     • File load time in the Status Bar is now disabled by default
-       and can be enabled in Preferences → Appearance → Layout →
-       Show file load time.
+     • Wireshark now includes a “No Reassembly” configuration profile.
 
-     • Support for the G.729A codec in the RTP Player is now added
-       via the bcg729 library.
+     • Wireshark now supports the Russian language.
 
-     • Support for hardware-timestamping of packets has been
-       added.
+     • The build system now supports AppImage packages.
 
-     • Improved NetMon .cap support with comments, event tracing,
-       network filter, network info types and some Message
-       Analyzer exported types.
+     • The Windows installers now ship with Qt 5.12.0. Previously they
+       shipped with Qt 5.9.7.
 
-     • The personal plugins folder on Linux/Unix is now
-       ~/.local/lib/wireshark/plugins.
+  Removed Features and Support
 
-     • TShark can print flow graphs using -z flow…
+     • The legacy (GTK+) user interface has been removed and is no
+       longer supported.
 
-     • Capinfos now prints SHA256 hashes in addition to RIPEMD160
-       and SHA1. MD5 output has been removed.
+     • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
 
-     • The packet editor has been removed. (This was a GTK+ only
-       experimental feature.)
+     • Wireshark requires GLib 2.32 or later.
 
-     • Support BBC micro:bit Bluetooth profile
+     • Building Wireshark requires CMake. Autotools is no longer
+       supported.
 
-     • The Linux and UNIX installation step for Wireshark will now
-       install headers required to build plugins. A pkg-config
-       file is provided to help with this (see doc/plugins.example
-       for details). Note you must still rebuild all plugins
-       between minor releases (X.Y).
+     • TShark’s -z compare option was removed.
 
-     • The Windows installers and packages now ship with Qt 5.9.4.
+  New File Format Decoding Support
 
-     • The generic data dissector can now uncompress zlib
-       compressed data.
+   Ruby Marshal format
 
   New Protocol Support
 
-   ActiveMQ Artemis Core Protocol, AMT (Automatic Multicast
-   Tunneling), Bluetooth Mesh, Broadcom tags (Broadcom Ethernet
-   switch management frames), CAN-ETH, CVS password server,
-   Excentis DOCSIS31 XRA header, F5ethtrailer, FP Mux, GRPC
-   (gRPC), IEEE 1905.1a, IEEE 802.11ax (High Efficiency WLAN
-   (HEW)), IEEE 802.15.9 IEEE Recommended Practice for Transport
-   of Key Management Protocol (KMP) Datagrams, IEEE 802.3br Frame
-   Preemption Protocol, ISOBUS, LoRaTap, LoRaWAN, Lustre
-   Filesystem, Lustre Network, Nano / RaiBlocks Cryptocurrency
-   Protocol (UDP), Network Functional Application Platform
-   Interface (NFAPI) Protocol, New Radio Radio Resource Control
-   protocol, NXP 802.15.4 Sniffer Protocol, PFCP (Packet
-   Forwarding Control Protocol), Protobuf (Protocol Buffers), QUIC
-   (IETF), RFC 4108 Using CMS to Protect Firmware Packages,
-   Session Multiplex Protocol, SolarEdge monitoring protocol,
-   Steam In-Home Streaming Discovery Protocol, Tibia, TWAMP and
-   OWAMP, Wi-Fi Device Provisioning Protocol, and Wi-SUN FAN
-   Protocol
+   Apple Wireless Direct Link (AWDL), BLIP Couchbase Mobile (BLIP), CDMA
+   2000, Cisco Meraki Discovery Protocol (MDP), Distributed Ruby (DRb),
+   DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS RTP), Exablaze trailers,
+   General Circuit Services Notification Application Protocol (GCSNA),
+   GLOW Lawo Emberplus Data format, GSM-R (User-to-User Information
+   Element usage), HI3CCLinkData, ISO 13400-2 Diagnostic communication
+   over Internet Protocol (DoIP), ITU-t X.696 Octet Encoding Rules
+   (OER), Local Number Portability Database Query Protocol (ANSI),
+   MsgPack, NGAP (5G), NR (5G) PDCP, Osmocom Generic Subscriber Update
+   Protocol (GSUP), PKCS#10 (RFC2986 Certification Request Syntax),
+   PROXY (v2), S101 Lawo Emberplus transport frame, Secure Reliable
+   Transport Protocol (SRT), Spirent Test Center Signature decoding for
+   Ethernet and FibreChannel (STCSIG, disabled by default),
+   Sybase-specific portions of TDS, systemd Journal Export, TeamSpeak 3
+   DNS, TPM 2.0, Ubiquiti Discovery Protocol (UBDP), WireGuard, and XnAP
+   (5G)
 
   Updated Protocol Support
 
@@ -138,78 +122,71 @@ Wireshark 2.5.1 Release Notes
 
   New and Updated Capture File Support
 
-   Microsoft Network Monitor
+   RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
+   and Unigraf DPA-400 DisplayPort AUX channel monitor
 
   New and Updated Capture Interfaces support
 
-   LoRaTap
+   dpauxmon, an external capture interface (extcap) that captures
+   DisplayPort AUX channel data from linux kernel drivers.
+
+   sdjournal, an extcap that captures systemd journal entries.
+
+  Major API Changes
+
+     • Lua: the various logging functions (debug, info, message, warn
+       and critical) have been removed. Use the print function instead
+       for debugging purposes.
 
  Getting Wireshark
 
-  Wireshark source code and installation packages are available
-  from https://www.wireshark.org/download.html[2].
+  Wireshark source code and installation packages are available from
+  https://www.wireshark.org/download.html[4].
 
   Vendor-supplied Packages
 
-   Most Linux and Unix vendors supply their own Wireshark
-   packages. You can usually install or upgrade Wireshark using
-   the package management system specific to that platform. A list
-   of third-party packages can be found on the download page[3] on
-   the Wireshark web site.
+   Most Linux and Unix vendors supply their own Wireshark packages. You
+   can usually install or upgrade Wireshark using the package management
+   system specific to that platform. A list of third-party packages can
+   be found on the download page[5] on the Wireshark web site.
 
  File Locations
 
   Wireshark and TShark look in several different locations for
-  preference files, plugins, SNMP MIBS, and RADIUS dictionaries.
-  These locations vary from platform to platform. You can use
-  About→Folders to find the default locations on your system.
-
- Known Problems
+  preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
+  locations vary from platform to platform. You can use About→Folders to
+  find the default locations on your system.
 
-  The BER dissector might infinitely loop. (Bug 1516[4])
-
-  Capture filters aren’t applied when capturing from named pipes.
-  (Bug 1814[5])
-
-  Filtering tshark captures with read filters (-R) no longer
-  works. (Bug 2234[6])
-
-  Application crash when changing real-time option. (Bug 4035[7])
-
-  Wireshark and TShark will display incorrect delta times in some
-  cases. (Bug 4985[8])
+ Getting Help
 
-  Wireshark should let you work with multiple capture files. (Bug
-  10488[9])
+  The User’s Guide, manual pages and various other documentation can be
+  found at https://www.wireshark.org/docs/[6]
 
- Getting Help
+  Community support is available on Wireshark’s Q&A site[7] and on the
+  wireshark-users mailing list. Subscription information and archives
+  for all of Wireshark’s mailing lists can be found on the web site[8].
 
-  Community support is available on Wireshark’s Q&A site[10] and
-  on the wireshark-users mailing list. Subscription information
-  and archives for all of Wireshark’s mailing lists can be found
-  on the web site[11].
+  Bugs and feature requests can be reported on the bug tracker[9].
 
   Official Wireshark training and certification are available from
-  Wireshark University[12].
+  Wireshark University[10].
 
  Frequently Asked Questions
 
-  A complete FAQ is available on the Wireshark web site[13].
+  A complete FAQ is available on the Wireshark web site[11].
 
-  Last updated 2018-03-13 19:13:27 UTC
+  Last updated 2018-12-12 23:05:55 UTC
 
  References
 
-   1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
-   2. https://www.wireshark.org/download.html
-   3. https://www.wireshark.org/download.html#thirdparty
-   4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
-   5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
-   6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
-   7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
-   8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
-   9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
-  10. https://ask.wireshark.org/
-  11. https://www.wireshark.org/lists/
-  12. http://www.wiresharktraining.com/
-  13. https://www.wireshark.org/faq.html
+   1. 1
+   2. 2
+   3. 3
+   4. 4
+   5. 5
+   6. 6
+   7. 7
+   8. 8
+   9. 9
+  10. 10
+  11. 11