commit af7012e215
Author: Gerald Combs <gerald@wireshark.org>
Date:   Mon Nov 18 15:27:09 2024 -0800

    TCP: Update a preference name

    Split "Clientport" into two words.

    (cherry picked from commit beafa7bb11683089be0d6fef03d1bb9046089045)

commit 5cdf69e7ad
Author: Gerald Combs <gerald@wireshark.org>
Date:   Mon Nov 18 15:28:49 2024 -0800

    Prep for 4.4.2

commit 4970af966f
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue Nov 19 11:55:14 2024 +0000

    dfilter: Do not crash on failed IEEE 11073 float conversions

    The IEEE 11073 float ftype does not set the error message on a
    failed conversion. The various fvalue_from_XXX functions assume
    that if a ftype has a conversion function that it will set the
    error message. The dfilter semcheck function assumes that the
    error message gets set on a failed conversion.

    Have the generic fvalue_from_XXX functions check the error message
    on all failed conversions, and if an error message wasn't set at all,
    set the same generic message used when there is no conversion function.

    Prevents errors like:

     ** (wireshark:1296614) 23:50:37.712468 [DFilter ERROR] epan/dfilter/dfilter.c:76 -- dfw_set_error_location(): assertion failed: dfw->error
     ** (wireshark:1296614) Aborting on fatal log level exception
    Aborted

    When typing in invalid filters like
    'btatt.temperature_measurement.value.celsius == bogus'

    (cherry picked from commit 1dd55199f57da0bab0f64880780c401f99fb55eb)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 8b1c8a752e
Author: John Thacker <johnthacker@gmail.com>
Date:   Sun Nov 17 15:47:54 2024 +0000

    pop: Assert if the per packet frame data doesn't exist on later passes

    If we have a continuation packet and no per-packet data, that indicates
    that dissection was different on the second pass and some kind of
    underlying problem. (In #20231, with the V-J decompression dissector.)

    Prevent a crash in #20231

    (cherry picked from commit 59efb4a203778c766d4f3386efe312892b56f1f6)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit e419e484be
Author: John Thacker <johnthacker@gmail.com>
Date:   Sun Nov 17 15:08:36 2024 +0000

    Qt: 6.8 deprecations

    QCheckBox::stateChanged was deprecated for QCheckBox::checkStateChanged,
    which was introduced in Qt 6.7. The difference is that one has an
    int as parameter, the other has the Qt::CheckState enum.

    Also, Qt::TimeSpec was unified with QTimeZone in 6.5:
    https://www.qt.io/blog/unifying-qttimespec-within-qtimezone
    which overall makes things simpler, and the Qt::TimeSpec versions
    are deprecated in 6.8

    There are a small number of time related changes necessary for
    qcustomplot as well, but that will be handled separately, as that
    is upstream code.

    The Qt documentation indicates that some of these are supposed to
    be deprecated in Qt 6.9, but they are deprecated in the 6.8
    release candidate. They might not be deprecated in the final Qt
    6.8 packages, but it doesn't hurt to move to the new functions now.

    (cherry picked from commit 2539385528b790e60ec472764c151901e6b178c0)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit fa6147f029
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Nov 17 09:31:18 2024 +0000

    [Automatic update for 2024-11-17]

    Update manuf, services enterprise numbers, translations, and other items.

commit 00d76f98b4
Author: Sake Blok <sake.blok@syn-bit.nl>
Date:   Sat Nov 16 14:54:17 2024 +0000

    TCP: add missing NULL-check

    Add missing NULL-check on tcpd.

    Fix for !20226

    (cherry picked from commit caa32b41ae56a9ad407a57e5b388abc18756c5eb)

    Co-authored-by: Sake Blok <sake.blok@SYN-bit.nl>

commit 52ae7c5fb5
Author: Sake Blok <sake.blok@syn-bit.nl>
Date:   Sat Nov 16 10:39:14 2024 +0000

    TCP: Don't use client port for dissector selection

    (cherry picked from commit 92e1792bae61d91bf0c5bef2d1f8a718933e5519)

    9a50f299 TCP: Don't use client port for dissector selection

    Co-authored-by: Sake Blok <sake.blok@syn-bit.nl>

commit c0a29d91b8
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Fri Nov 15 19:58:21 2024 +0000

    btbredr_rf: fix a warning

    ```
    /home/ivan/svnrepos/wireshark/epan/dissectors/packet-btbredr_rf.c: In function ‘dissect_btbredr_rf’:
    /home/ivan/svnrepos/wireshark/epan/dissectors/packet-btbredr_rf.c:972:8: error: ‘ltaddr’ may be used uninitialized [-Werror=maybe-uninitialized]
      972 |     if (header_mode > 0 && ltaddr)
          |        ^
    /home/ivan/svnrepos/wireshark/epan/dissectors/packet-btbredr_rf.c:665:27: note: ‘ltaddr’ was declared here
      665 |     uint32_t              ltaddr;
          |                           ^~~~~~
    cc1: all warnings being treated as errors
    ```

    (cherry picked from commit 1a5f3fad000a446c32858344fb9f952f7f29794c)

    Co-authored-by: Ivan Nardi <nardi.ivan@gmail.com>

commit 073f253f0d
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri Nov 15 12:11:22 2024 +0000

    lua: Add a fixture to test Lua scripts under different locales

    Add a cross-platform way to run a Lua script under a different
    locale by calling os.setlocale.

    On UN*X we could have a different test_env fixture with LC_ environment
    variables to override the native locale, but that doesn't seem to work
    on Windows.

    Add some tests to util.lua for setting range preferences with
    comma separated ranges.

    Change the way the dissector is added to the DissectorTable in
    protofield.lua so that it uses a comma separated range. Note this
    test will fail if only one of the ports is set (as happened silently
    with Lua 5.2 and earlier in locales using decimal comma).

    Run these tests with a German locale, so that the decimal and thousands
    separators are swapped from English.

    (cherry picked from commit 6e2e4440430b4b57e926d7838af92a7c9ff13193)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 4f2996f7f1
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri Nov 15 03:09:08 2024 +0000

    Lua: Support comma separated DissectorTable ranges in decimal comma locales

    For numeric literals, Lua only uses "." as the decimal separator (as,
    e.g., the packet matching grammar for display filters does), but
    when converting strings back and forth, the locale native separator
    is used, unless Lua is specifically changed when compiled. On Lua 5.3
    and later, "." can always be used when converting from a string as well.

    The functions in epan/range.c use "," to separate ranges of integers,
    which are converted back and forth from strings.

    On locales which use "," as a decimal separator, this creates ambiguity;
    strings like "10,11" can either be converted to the numeric literal of
    ten and eleven-hundredths, or a range with two subranges, 10 and 11.

    To avoid ambiguity, only convert strings to ranges; do not attempt to
    convert strings to numbers/integers first. This will work fine for
    strings consisting of a single integer like "10", but does mean than
    on English and other locales that use dot as the decimal separator,
    "10.0" will no longer be allowed (the numeric literal 10.0 will still
    work, because the conversion is exact, see below.)

    On Lua 5.3 and later, conversions to an integer will return a failure
    if the conversion is not exact (again, unless overridden by a
    compilation option when compiling Lua, something we can't control when
    UN*X system Lua packages are used). On earlier Lua, floating point
    Numbers are simply cast to integer, truncating. This causes silent
    unexpected behavior on Wireshark 4.2 and earlier.

    Note we don't support (and have never done so) passing in our user
    UInt64 type (or the less relevant now Int64 type) to these functions,
    though if 64 bit dissector tables are ever implemented (see #20207)
    that may be a consideration.

    Fix #20216

    (cherry picked from commit fb64334c6a6a2aff0a04c6d45c26e9349af71a57)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 8fd60c6448
Author: Gerald Combs <gerald@wireshark.org>
Date:   Thu Nov 14 10:56:37 2024 -0800

    ECMP: Exorcise a string buffer arithmetic gremlin

    Use a wmem_strbuf instead of manually allocating a string and managing
    its offsets.

    Avoid appending a dangling space to our string.

    Fixes #20214

    (cherry picked from commit c8e58870733f88f275ca9a6fa115ed085f987d94)

commit a9acddaf21
Author: Stig Bjørlykke <stig@bjorlykke.org>
Date:   Tue Nov 12 18:30:45 2024 +0000

    Qt: setStyleSheet overrides setFont on prefs sample font line

    (cherry picked from commit f1c385025e50875dd1070a4d8f95cd2825672d67)

    Co-authored-by: Chuck Craft <bubbasnmp@gmail.com>

commit 5be69b0e28
Author: Stig Bjørlykke <stig@bjorlykke.org>
Date:   Tue Nov 12 13:02:40 2024 +0000

    hsrp: Fix the display length of some TLV blocks

    Include both TLV size and TLV block length.

    (cherry picked from commit 6f7207a6ded2c323ce95a73aae74df7464252933)

    Co-authored-by: Stig Bjørlykke <stig@bjorlykke.org>

commit 81e08e22e9
Author: Stig Bjørlykke <stig@bjorlykke.org>
Date:   Tue Nov 12 12:40:44 2024 +0000

    Qt: Improvements in Font and Colors preferences

    Only use gradient styleSheet when colorstyle is gradient. The
    QLineEdit qlineargradient ss does not currently work on macOS,
    but this will fix display for System Default and Solid.

    Use the same border on the sample lines as in the color select
    buttons.

    (cherry picked from commit bc6c5bd260f8c804efb830201cfd850e1a9d7fee)

    Co-authored-by: Stig Bjørlykke <stig@bjorlykke.org>

commit 13a1f70306
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon Nov 11 12:52:55 2024 +0000

    lemon: Suppress type-limits warning on gcc with generated code

    After updating gcc, the lemon generated code starting giving
    warnings with -Wtype-limits (enabled by -Wextra):

    ./ascend_parser.c: In function ‘AscendParserFinalize’:
    ./ascend_parser.c:866:21: warning: comparison is always true due to limited range of data type [-Wtype-limits]

    The code in question:
        if( yytos->major>=YY_MIN_DSTRCTR ){

    compares a type #defined as an unsigned char to a value #defined as 0.
    Since there is no minimum symbol value to have a destructor, it's
    always true, but that's by intent.

    Ping #20175

    (cherry picked from commit 95eb257d8a84588a4f0e94734325297545b4c582)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 46fa38a40f
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon Nov 11 10:29:08 2024 +0000

    dumpcap: Initialize failure message routines

    Initialize a set of failure message routines for dumpcap, so that
    if any code in libwsutil calls one of these routines, it prints a
    message instead of segfaulting. Put these routines in libwsutil,
    not libui, as dumpcap intentionally doesn't link against libui.

    Some of the routines are capture file routines, where the parameters
    are libwiretap constants that can only be properly interpreted using
    libwiretap functions. dumpcap intentionally doesn't link against
    libwiretap either, so these functions should never be called.

    It might make sense to move those libwiretap-related report message
    routines from libwsutil to libwiretap, though as those are exported
    that would be an API break and couldn't be done in a backport.

    Fix #20108

    (backported from commit a72f13513e99796d230e8a32d3b2520907e1f51f)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 8dc8b21145
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Nov 10 09:31:02 2024 +0000

    [Automatic update for 2024-11-10]

    Update manuf, services enterprise numbers, translations, and other items.

commit f0e5918788
Author: Stig Bjørlykke <stig@bjorlykke.org>
Date:   Sat Nov 9 09:32:13 2024 +0000

    packet: Make pinfo->rel_ts relative to first packet

    Always have packet_info rel_ts relative to the first packet.
    This will make taps and graphs do correct calculations when
    using time reference on packets.

    Fix #20203

    (cherry picked from commit 8d042ecc258c980bcc1896fe38b032636b418cc1)

    Co-authored-by: Stig Bjørlykke <stig@bjorlykke.org>

commit 0d3b10b858
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri Nov 8 12:10:20 2024 +0000

    capture_opts: Only read the list of capture filters when necessary

    Instead of reading the list of capture filters from the file whenever
    a -f option is given, only do so if the "predef" option is given
    indicating that a named capture filter from the list is needed (and
    they haven't been read yet.)

    Never read the list of named capture filters in capture child mode,
    because that processing should have already been done in the calling
    program, and the capture filter name should have been replaced with
    the real filter already.

    For now we still attempt to read the list of named capture filters when
    running dumpcap standalone from the command line, but only if -f is
    called with "prefdef:<name>" as the option - since dumpcap doesn't
    understand profiles, this will always happen from the default profile
    location. That shouldn't happen either, but we need a better way to
    determine if we're running from dumpcap.

    Ping #20108 - this fixes the vast majority of cases where users would
    encounter that issue. Separately, dumpcap needs to register libwsutil
    report message routines in case some other warning gets reported, but
    as it can't register the wiretap-related ones, that's harder to fix
    without sacrificing ABI and API compatibility, and this needs to get
    fixed in 4.4

    (cherry picked from commit 664a9495bfcbb4150a2551676d5075d0acaa6c73)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 2a63264470
Author: Stig Bjørlykke <stig@bjorlykke.org>
Date:   Thu Nov 7 16:24:29 2024 +0000

    Qt: Check for valid clear_button

    Check for a valid clear_button in updateClearButton() to avoid
    a crash when drag'n'drop a filter from packet details to the
    find frame.

    Fix #20204

    (cherry picked from commit 291d6c11a581274fa68a62cda2b9e694cf927ebe)

    Co-authored-by: Stig Bjørlykke <stig@bjorlykke.org>

commit 807b7a4892
Author: Stig Bjørlykke <stig@bjorlykke.org>
Date:   Thu Nov 7 10:26:27 2024 +0000

    icmpv6: Capitalize code strings

    Capitalize the first letter of code value strings.

    (cherry picked from commit 5aad8fab0d93a57b4057f920141e15d3e0c22692)

    Co-authored-by: Stig Bjørlykke <stig@bjorlykke.org>

commit afa68910a4
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed Nov 6 19:26:29 2024 +0000

    Fix extcap interfaces on profile change

    The return value of capture_dev_user_linktype_find needs to be written
    to the active_dlt parameter, not the type parameter. (It has long been
    written to the type parameter, but previously the one written to was
    essentially write-only.)

    Fix up b5c839815e3a2cb8d83ea2fb1a861301b4dc8848

    (cherry picked from commit 3397cd0877c3f384763e6df97708796e7f906d94)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 8d25d7f8ad
Author: Stig Bjørlykke <stig@bjorlykke.org>
Date:   Tue Nov 5 11:21:15 2024 +0100

    Qt: Update traffic table on display filter change

    Update the traffic table on display filter change if "Limit to
    display filter" is active.

    Fix #20191

    (cherry picked from commit cb7f46f495556e3fe13baf5aa580f6fbd1cd9c19)

commit e3e53f8fa1
Author: Pascal Quantin <pascal@wireshark.org>
Date:   Wed Nov 6 12:11:44 2024 +0000

    modbus: Fix bit value

    Use proto_tree_add_bits_item to automatically produce the value with
    the bitmask instead of attempting to manually reproduce it with
    proto_tree_add_boolean_bits_format_value and getting the bitmask wrong.

    Fix #20193

    (cherry picked from commit 65797b7cce56ed839b49652ce807bb9da8ab485c)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit f26df6d534
Author: Pascal Quantin <pascal@wireshark.org>
Date:   Wed Nov 6 10:34:23 2024 +0000

    Modbus: fix bit value display in packet details

    Fixes #20192

    (cherry picked from commit e39bfd04180e29b6da41d45b60f92b857109dc70)

    Co-authored-by: Pascal Quantin <pascal@wireshark.org>

commit 162db4e97c
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed Nov 6 09:42:26 2024 +0000

    Qt: Override the popup mode for Filter Buttons with menus

    We have to use the QToolButtons auto created from actions in order
    for those button to properly show up in the extension menu at narrow
    widths. (See #19887). It is, however, possible to retrieve the
    QToolButton after it is created in order to change its PopupMode.

    Fix #20190

    (cherry picked from commit 53878e7ca5ae194c486aa97e225fbc69ca0218d1)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 492d79244a
Author: Pascal Quantin <pascal@wireshark.org>
Date:   Wed Nov 6 08:16:08 2024 +0000

    SRT: display NUL character in a middle of a string

    Fixes #20113

    (cherry picked from commit d70801c600a2334cf420f60c67cb3c3573031eb9)

    Co-authored-by: Pascal Quantin <pascal@wireshark.org>

commit d7ea38a830
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Wed Nov 6 06:21:00 2024 +0000

    Profinet DCP: Use applicable sub option name in tree

    Fixing a copy-paste, probably.

    (cherry picked from commit 535a8a300879a6b30385ff6e3c34c9d5fb06bb56)

    Co-authored-by: Jaap Keuter <jaap.keuter@xs4all.nl>

commit 5163e8a091
Author: Alexis La Goutte <alexis.lagoutte@gmail.com>
Date:   Tue Nov 5 19:48:09 2024 +0000

    WiFi: Adjust regulatory info field

    Closes #20187

    (cherry picked from commit e63cefb9359a3bdd88e5e55a19202ffca1c11f93)

    Co-authored-by: Jaap Keuter <jaap.keuter@xs4all.nl>

commit f102282fc8
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue Nov 5 19:26:32 2024 +0000

    BACAPP: Update to use the current recursion depth API

    Fixes #20159

    (cherry picked from commit 2e54d8224cda09d4134b3f364d3745bb0a537c4d)

    Co-authored-by: Jaap Keuter <jaap.keuter@xs4all.nl>

commit 55263cc1f3
Author: Pascal Quantin <pascal@wireshark.org>
Date:   Tue Nov 5 16:20:24 2024 +0000

    Protobuf: Use enum value if name is missing when mapping to JSON

    The enum value is used if the name of the enum value is
    not specified in proto file when mapping Protobuf to JSON.

    close #20182

    (cherry picked from commit f85d2fe5e188d932f0a30b39314a48157926edce)

    Co-authored-by: Huang Qiangxiong <qiangxiong.huang@qq.com>

commit 4677961e03
Author: Pascal Quantin <pascal@wireshark.org>
Date:   Tue Nov 5 13:48:13 2024 +0000

    POP: use state info stored in conversation during first pass only

    And copy in per packet data the info required for subsequent pass

    Fixes #20124

    (cherry picked from commit b3bc9bb617c2b7776bf94e646e9ca322c932725d)

    Co-authored-by: Pascal Quantin <pascal@wireshark.org>

commit 2add1f5b29
Author: Pascal Quantin <pascal@wireshark.org>
Date:   Tue Nov 5 11:55:05 2024 +0000

    win32: fix PortableApps extcap installation folder

    Closes #20184

    (cherry picked from commit 51f95a07ea48199ee15a8e65a080fe7cb76f9483)

    Co-authored-by: Pascal Quantin <pascal@wireshark.org>

commit d4ad11d6aa
Author: Alexis La Goutte <alexis.lagoutte@gmail.com>
Date:   Tue Nov 5 09:36:35 2024 +0000

    QUIC: Support initial_max_path 0 or 1 (draft-09 or later)

    QUIC Multipath draft-07: "The value of the initial_max_paths parameter
    MUST be at least 2.  An endpoint that receives a value less than 2
    MUST close the connection with an error of type TRANSPORT_PARAMETER_ERROR."

    QUIC Multipath draft-09 and later changed this to: "For example, if
    initial_max_path_id is set to 1, only connection IDs associated with
    Path IDs 0 and 1 should be issued by the peer. If an endpoint receives
    an initial_max_path_id transport parameter with value 0, the peer aims
    to enable the multipath extension without allowing extra paths immediately."

    So consider multipath enabled by a peer regardless of the value for
    initial_max_path_id draft-09 and draft-11, unlike in draft-07.

    (cherry picked from commit fdcbd6efe3c271a8c11f5fded854b3dc06676bab)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit f306e401e5
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon Nov 4 16:41:48 2024 +0000

    rtcp: Fix packet length

    In RTP and RTCP, the packet length encoded in the packet is one less
    than the number of 32 bit words of the length (with the exception of
    certain Microsoft extensions), not the number of bytes. This was lost
    in a conversion to a dissector table.

    Fixup e5560357285ba8ee6b558fa82666fde2a6efc8e9

    Fix #20188

    (cherry picked from commit 599550c3651c6920ace8a2310f2b953a721f7977)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit b8044f296b
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Nov 3 09:31:02 2024 +0000

    [Automatic update for 2024-11-03]

    Update manuf, services enterprise numbers, translations, and other items.

commit e370fdb2c8
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri Nov 1 21:53:43 2024 +0000

    dfilter: resolve unparsed for each node in a set

    In check_relation_in, make sure we resolve each unparsed node
    in the set before calling check relation on the outer LHS field.
    Call it with strict == false because literals are allowed.

    The latter changes the test added for #19538 a bit because
    "22-33-" now gets a somewhat more useful error message about being
    a possible but truncated Ethernet address instead of "not a field"
    in a case where it could be a literal Ethernet address.

    Add a test of the "in" operator where the RHS is a field.

    Fix #20183

    (cherry picked from commit 3c752af2717eb6f4ca4e67c4d237f7a29698f7b7)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 79abdccc9d
Author: John Thacker <johnthacker@gmail.com>
Date:   Sat Nov 2 11:27:07 2024 +0000

    Art-Net: Don't optimize a single-user regex

    We create the regex each time, so G_REGEX_OPTIMIZE doesn't help
    much and might even hurt. There appears to be a bug in accessing
    unitialized memory on partial matches in Glib or PCRE2 when
    optimization is enabled that doesn't occur when it isn't.

    Also add some quantifier limits to bound the length of the regex.

    Fix #20041.

    (cherry picked from commit 5536e11be4d7910c0029395d0a3a639063d3a1fa)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 3a2e925449
Author: John Thacker <johnthacker@gmail.com>
Date:   Thu Oct 31 14:18:56 2024 +0000

    ieee80211: Don't dissect Reserved MTPI as if it were 0 or 2

    For Transmit Power Envelope IEs, the Maximum Transmit Power
    Interpretation describes how to dissect the rest of the IE.
    In IEEE 802.11ax-2021, values 0-3 are defined and values 4-7
    are reserved. Don't dissect the reserved values as though they
    were 0 or 2 (which often makes the frame malformed and halts
    dissection), but mark them as undecoded.

    It appears that some of them have been defined in 802.11be,
    see #20171

    (cherry picked from commit cffdf36ebeb4b4eb59daada6e979ce2f22e16f2e)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 5c02df9587
Author: Pascal Quantin <pascal@wireshark.org>
Date:   Thu Oct 31 14:06:32 2024 +0000

    epan: Add handling for ASN.1 REAL special value NaN

    Add support for decoding the ASN.1 REAL special value of NaN.

    (cherry picked from commit b27a29b9e5d0ce3856c14882c6e4be76f4ab0ea1)

    Co-authored-by: Piotr Gawlowicz <piotr.gawlowicz@srs.io>

commit 756ff1706d
Author: Pascal Quantin <pascal@wireshark.org>
Date:   Thu Oct 31 14:06:09 2024 +0000

    epan: Fix decoding of ASN.1 REAL numbers with zero length (0.0)

    The length zero is valid for ASN.1 REAL types representing the value 0.0.
    Removed the incorrect check that treated (val_length == 0) as an unexpected length,
    allowing proper decoding of REAL numbers with zero length.

    (cherry picked from commit 15f02361f5ab6c605247b42dc77a207af07ba88f)

    Co-authored-by: Piotr Gawlowicz <piotr.gawlowicz@srs.io>

commit 64ab2fa970
Author: Pascal Quantin <pascal@wireshark.org>
Date:   Thu Oct 31 14:05:57 2024 +0000

    epan: Fix asn1 REAL number decoding by correcting lenE assertion

    Adjusted the assertion from (lenE < len - 1) to (lenE < len) because len is decremented after decoding info_octet.
    Note that len = 1B (info_octet) + lenE (Exponent Length, 1-3B) + lenM (Mantissa Length).

    (cherry picked from commit c020c3b214d39f6b441561520788346e71a476dc)

    Co-authored-by: Piotr Gawlowicz <piotr.gawlowicz@srs.io>

commit e00162d463
Author: João Valverde <j@v6e.pt>
Date:   Mon Oct 28 17:11:02 2024 +0000

    epan: Fixup adjusting length of FT_PROTOCOL value

    Instead of hacking the setter to adjust the length by passing a
    NULL tvb value as a flag, add a separate function for that.

    There are some legitimate uses of setting a protocol_value_t with
    a NULL tvb and we do not want to skip setting the string in that
    case.

    Fixup 51de43cfd2467f3e9f63fe0970ac9fb4553b3dd7.

    (cherry picked from commit 5218a2b94d8d834333ce48b5ea280c646fe79bae)

    Co-authored-by: João Valverde <j@v6e.pt>

commit 833ffca21b
Author: João Valverde <j@v6e.pt>
Date:   Mon Oct 28 17:10:06 2024 +0000

    epan: Avoid dereferencing NULL pointer

    Certain pseudo-protocols like _ws.expert have a NULL tvb. Avoid
    dereferencing NULL pointer and return NULL in that case.

    (cherry picked from commit 779b3cb8976c00c2b3cd519a7dc0baa29fc95200)

    Co-authored-by: João Valverde <j@v6e.pt>

commit 65a28e239a
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue Oct 29 19:59:49 2024 +0000

    Falcodump+Falco bridge: Add falcosecurity-libs version checks

    Extract the Falco libs version in FindSinsp.cmake and use it for
    conditional code in falcodump and the Falco bridge dissector. Set a
    minimum Falco libs version.

    (cherry picked from commit 368e1030cd373a57cefe4b2ce0aa220a198e735a)

    Co-authored-by: Gerald Combs <gerald@wireshark.org>

commit 93a3070978
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Oct 27 16:20:12 2024 -0700

    GitLab CI: Try to fix an include path

    Make sure our Falco libs include path is set up correctly.

    (cherry picked from commit 97961af048a8b3e264d4ed78c5c364a23fa6da96)

    Conflicts:
            .gitlab-ci.yml

commit 834514727c
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue Oct 29 12:33:52 2024 +0000

    Qt: Don't disconnect all signals (inc. ::destroyed) of WiresharkDialog

    As the QObject documentation warns:
    "Disconnecting all signal-slot connections will also disconnect the
    QObject::destroyed() signal if it is connected. Doing so can adversely
    affect classes that rely on this signal for cleaning up resources. It
    is recommended to disconnect only the specific signals that were
    connected by application code."

    In WiresharkDialog we also change the WindowTitle. In Qt 6.8.0,
    changing the WindowTitle also communicates the new title to the
    AccessibilityWidget.
    (https://codereview.qt-project.org/c/qt/qtbase/+/553568)

    The AccessibilityWidget is removed from an internal Qt cache when
    the widget is destroyed, which doesn't happen if the signals are
    disconnected. If a subsequent WiresharkDialog is created with the
    same name as a destroyed one (e.g., two Follow Stream Dialogs),
    this can result in a lookup in the cache returning the
    AccessibilityWidget pointing to the destroyed QDialog (now a
    nullptr, thanks to shared pointer), which gets dereferenced and
    crashes.

    Don't disconnect all signals, which includes internal Qt signals
    that happen when the dialog is destroyed. Only disconnect the signal
    we added. It's unclear if we need to disconnect signals added by
    derived classes (or this one, for that matter), but derived classes
    should do that if so.

    Thanks to Michael Weghorn for the analysis.

    Fix #20174

    (cherry picked from commit 7a7b99e0d96ff378f531b40300ce41b65a2c049a)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 4d58fef602
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue Oct 29 10:44:55 2024 +0000

    5CoRAP: Advance offset correctly when too many items

    Even when not displaying the sub frame because too many (recursive)
    subdevices have been dissected, the offset still needs to advance
    by the header length as well as the length of the data size.

    In a case where the data size is zero, not doing this can lead to
    an infinite loop.

    Fix #20176

    (cherry picked from commit d8ca9fc3392219ed3f77756b7d3b6c18aaea52e0)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit b667fa7cf4
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon Oct 28 23:34:34 2024 +0000

    dot11decrypt: Fix Fast BSS Transition decryption on big-endian systems

    The mdid field used as input for the PTK derivation for Fast BSS
    Transition is incorrectly converted to little-endian byte order.
    Due to this the derived PTK is invalid on big-endian systems,
    making the decryption fail. This error also results in a few failed
    tests on big-endian systems.

    The mdid field is a 2-octet value, not a 16-bit value so byte order
    conversion should not be applied. Fix by removing the byte order
    conversion.

    Ping #19965

    (cherry picked from commit 361c5c856227d0e80987252c5661da8978d85351)

    Co-authored-by: Mikael Kanstrup <mikael.kanstrup@gmail.com>

commit 7cd591940d
Author: Anders Broman <a.broman58@gmail.com>
Date:   Mon Oct 28 14:37:48 2024 +0000

    MMS: Wrong bitmask used for CheckConditions bits.

    closes #20172

    (cherry picked from commit 0a59f10bef195730ca651847f961457c86c4b187)

    Co-authored-by: Anders Broman <a.broman58@gmail.com>

commit 4cd6353109
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon Oct 28 13:41:56 2024 +0000

    SIP: Check if we have a sip_via_be_route_handle before using it.

    closes #20173

    (cherry picked from commit d8c2c06f29dcde4c0e3d0b4d99ef4f8f9b4ce415)

    Co-authored-by: Anders Broman <a.broman58@gmail.com>

commit e917c017c5
Author: Anders Broman <a.broman58@gmail.com>
Date:   Mon Oct 28 07:48:17 2024 +0000

    macos-setup.sh: fix patch for libscap

    (cherry picked from commit 6289ab7f70c86c14d3fed5feccfb3b8469bb0062)

    Co-authored-by: Michael Tuexen <tuexen@wireshark.org>

commit 9a84681ed4
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Sun Oct 27 22:14:25 2024 +0000

    Use g_string_free(..., FALSE) as intended

    The defining characteristic of g_string_free(..., FALSE) is that it
    returns the pointer to the remaining allocated string. To make it
    unambiguous that this allocated string is being handled by the rest
    of the code change these calls to g_string_free() into assignments.

    Closes #20169

    (cherry picked from commit c53fa67b94ad9d787519aa9462d8800e162208e1)

    Co-authored-by: Jaap Keuter <jaap.keuter@xs4all.nl>

commit a5c586d850
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Oct 27 09:31:51 2024 +0000

    [Automatic update for 2024-10-27]

    Update manuf, services enterprise numbers, translations, and other items.

commit 301499ac8b
Author: Giovanni Musto <giovanni.musto@partner.italdesign.it>
Date:   Sat Oct 26 17:17:35 2024 +0000

    BLF: Fix endianness convertion for linkUpDuration

    (cherry picked from commit 65f746c4baf264ddd1eb65ae971d031345c67194)

    Co-authored-by: Giovanni Musto <giovanni.musto@partner.italdesign.it>

commit 9a3e634c0b
Author: John Thacker <johnthacker@gmail.com>
Date:   Sat Oct 26 01:25:28 2024 +0000

    HTTP2: Fix decompression of single padded DATA frames

    Workaround process_reassembled_data not truncating one-and-only-one
    "reassembly" tvbs properly by slicing the padding off the tvb
    immediately after calculating it.

    Fix #20167

    This can and should still get properly fixed in the reassembly
    functions, but trimming the padding off immediately also simplifies
    handling. (We could, as a result, reduce the number of times we
    pass around the data length and offset, though not done here.)

    (cherry picked from commit aa4f7fee0ea87455311d61dd1ff674b1f17a2fe9)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit ec37b166a2
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Fri Oct 25 18:08:30 2024 +0000

    TCP: check first if a change is going to be made in the first place

    In all these blocks complex expressions are evaluated, but a change to
    the tcp analysis data is only made when the frame was not yet visited.
    Rather than doing all the work for nothing, first check if the frame
    was visited, and only if not evaluate further.

    had_acc_ecn_setup_syn and had_acc_ecn_setup_syn_ack tcp analysis data
    fields not even took in consideration to only evaluate the first time
    the frame is visited. These have now been included.

    (cherry picked from commit 7ea8490ea86294f9990fb6ca59a7d2ff7764ee28)

    Co-authored-by: Jaap Keuter <jaap.keuter@xs4all.nl>

commit b1d69aff3c
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri Oct 25 00:57:47 2024 +0000

    Qt: Prevent overflow in I/O Graph simple moving average

    The warmup_interval, mvag_to_remove, and mavg_to_add variables
    are always multiples of the fixed interval, and when retrieving
    the item value, we divde by the fixed interval. There's no point
    in doing that; just keep track of everything in term of indices.

    In particular, this removes the possibility of overflow, which
    could occur in 4.4 and later because the interval scaling changed
    by a factor of 1000 in order to support intervals down to 1 microsecond.
    ( b46c1e9fc7ecb5f74c839dfca198e4022b2d2075 )

    Also add a failure check if a negative index is passed into
    get_io_graph_item instead of running off the left end of an array.

    Fix #20163

    (cherry picked from commit 6a136b634011d1a5f92106c8c8ff5007d55a35cb)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 010eb80f4d
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Thu Oct 24 14:02:11 2024 +0000

    TCP: don't hide the expert item behind the tree

    (cherry picked from commit 63142c663ae8e95dd48f7fcd23af5cf24c9e0c89)

    Co-authored-by: Jaap Keuter <jaap.keuter@xs4all.nl>

commit 940cd0e171
Author: Alexis La Goutte <alexis.lagoutte@gmail.com>
Date:   Wed Oct 23 06:52:02 2024 +0000

    Qt: Add "Enable Legend" to the I/O Graph context menu

    We might want to remove the checkbox from the main dialog window,
    because it (along with other checkboxes) increases the minimum width.
    See #20147.

    (cherry picked from commit 2d52b6569fbe149977a33d7413eb516dcba6d307)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit a391aab7b2
Author: Alexis La Goutte <alexis.lagoutte@gmail.com>
Date:   Tue Oct 22 06:22:00 2024 +0000

    dot11decrypt: Fix TKIP broadcast frame decryption

    For WPA2 mixed mode (CCMP+TKIP) the EAPOL key_version can't be used
    to determine that TKIP method is used. Instead as per IEE 802.11
    specifications the encryption method used for pairwise and group
    traffic is negotiated through cipher suite selection. Fix TKIP
    broadcast frame decryption by adding a check on used group cipher
    suite.

    Add also a test case to avoid future regression.

    Solves: #19994

    (cherry picked from commit 5d887681fc0181862f9d7b40613e8dd18b1e99ac)

    Co-authored-by: Mikael Kanstrup <mikael.kanstrup@sony.com>

commit 4fbbb4b8af
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue Oct 22 14:39:25 2024 +0000

    dot11decrypt: Add defines for cipher suite selectors

    Add defines for cipher suite selector values and make use of them
    instead of magic inline values.

    (cherry picked from commit f0a184eabd43c47c2a7aedb566e731bcb62e0b35)

    Co-authored-by: Mikael Kanstrup <mikael.kanstrup@sony.com>

commit df98b4229c
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue Oct 22 11:55:51 2024 +0000

    ieee80211: Fix Block Ack bitmap parsing for large bitmaps

    Make sure to use the correct bit offset for retrieving the bit
    and reporting frame number after the first 8 bytes of the offset.

    Fix up issue accidentally introduced by 43d06c9fb3b287a3b9c0c85cd7
    when trying to support the 64 and 128 byte block ack bitmaps in
    802.11be (Wi-Fi 7)

    Fix #20156

    (cherry picked from commit a412efb8102a8625e5c0074c592cc79e0111aa7d)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 254ff73619
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon Oct 21 14:00:04 2024 +0000

    test: Fix Sharkd TLS secrets test on Big-Endian

    The file used, tls12-dsb.pcapng, has two used CLIENT_RANDOM
    secrets, and the order in which they're output is related to
    iterating over a hash table and is unpredictable. In particular,
    it's different on Big Endian platforms than Little Endian.
    Test for the Base64 of either of the two possibilities.

    Ping #19965

    (cherry picked from commit 6002d1096a6d5e53acc1693815951ed2e7922f80)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 1585455406
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Oct 20 09:29:40 2024 +0000

    [Automatic update for 2024-10-20]

    Update manuf, services enterprise numbers, translations, and other items.

commit 2070b85903
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Sat Oct 19 10:10:21 2024 +0000

    FTDI FT: Fix endpoint to interface mapping

    The endpoint to interface mapping is broken since commit baf0bfc263ea
    ("USB: Store endpoint with direction flag in usb_conv_info"). Fix the
    issue by using both endpoint number and direction flag in the switch
    statement. Correct the endpoint IN and OUT comments to adhere to USB
    specification naming (IN is from device to host, OUT is from host to
    device).

    (cherry picked from commit 66abec6f86057ebd3cc98150107f160b9da7f908)

    Co-authored-by: Tomasz Moń <desowin@gmail.com>

commit 5673c870b7
Author: Dylan Ulis <daulis0@gmail.com>
Date:   Thu Oct 17 18:54:33 2024 +0000

    ENIP/CIP I/O: Register the ENIP encapsulation of CIP I/O to ENIP

    Register the dissector for CIP I/O packets as carried by EtherNet/IP
    (with its Common Packet Format) over UDP to the ENIP protocol.
    That dissector always indicates EtherNet/IP, and users prefer a
    proto_enip protocol item to be added to the tree in the initial
    part of the dissector. (A proto_cipio item is added later, in the
    actual CIP I/O data.)

    Fix #19517

    (cherry picked from commit a9f2359ef4932a9f91ea12e48371ef6bcbdc7521)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit d4b114540d
Author: Alexis La Goutte <alexis.lagoutte@gmail.com>
Date:   Thu Oct 17 18:25:00 2024 +0000

    packet-cql.c: fix parsing of Prepared result, unify more code with Rows result

    commit 161b9809 tried to improve the Prepared results,
    but apparently did not do a very good job - for some reason, I kept duplicate parsing of the metadata.

    Removed the duplication and left the call to the metadata parsing.
    While at it, remove some duplicate code between rows results and prepared results.

    Fixes: wireshark/wireshark#20142

    Signed-off-by: Yaniv Kaul <mykaul@gmail.com>

    (cherry picked from commit a5f78812de0e10e8f7dea99ab782592352d53483)

    Co-authored-by: Yaniv Michael Kaul <yaniv.kaul@scylladb.com>

commit 2104690e51
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed Oct 16 22:17:21 2024 +0000

    syslog: Dissect trailing message for nonconformant packets

    In the case of syslog messages that neither conform to RFC
    3164 nor 5424, dissect the trailing undissected data as
    syslog.msg and add an expert info.

    Fix #20138

    (cherry picked from commit 38ca3b11a4195a80f1c6091a7869f550f691329e)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 195e78edc4
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed Oct 16 10:59:16 2024 +0000

    ieee80211: fix typo (MDL => MLD)

    Fix #20134

    Reported by Jitendra saraf

    (cherry picked from commit 8f928883c0e27995de434a78f1ef108d13bd1608)

    Co-authored-by: Alexis La Goutte <alexis.lagoutte@gmail.com>

commit d39dfcc0af
Author: Uli Heilmeier <uh@heilmeier.eu>
Date:   Wed Oct 16 06:14:23 2024 +0000

    TLS: Fix JA4_c if extension list is empty

    The value of JA4_c is set to "000000000000" if there are no extensions in the
    sorted extension list.

    Fixes: #20066

    (cherry picked from commit 80428848bfbf06fac6ea32c57f4062602fb4e4eb)

    Co-authored-by: Uli Heilmeier <uh@heilmeier.eu>

commit e920102d19
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue Oct 15 18:04:58 2024 +0000

    tools: lowercase usb hex values for the value strings

    Some of the USB sources contain uppercase for the hex digits,
    but most are lowercase. Lowercase all the hex strings so that
    they sort in proper numerical order. Prevents:

     ** (wireshark:3326737) 20:46:56.474521 [Epan WARNING] epan/value_string.c:471 -- _try_val_to_str_ext_init(): Extended value string 'usb_products_vals' forced to fall back to linear search:
      entry 20705, value 645005387 [0x2672004b] < previous entry, value 645005389 [0x2672004d]

    (cherry picked from commit 75b742d2993e08b88671a22ff74f5272ecec2f18)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit df061c87d7
Author: Anders Broman <a.broman58@gmail.com>
Date:   Tue Oct 15 09:54:31 2024 +0000

    ZBEE ZCL: Add required registration of hf

    (cherry picked from commit 4dd141773c5cf4169a61af609ce4032476c02aa3)

    Co-authored-by: Vafokhon Safokhujaev <vafo.main@gmail.com>

commit b088a11cfb
Author: James Ko <jkcko@outlook.com>
Date:   Thu Oct 10 16:24:40 2024 +0000

    Wi-SUN: Fix & Update Node Role IE

    Fix Node Role ID field width.
    Change bit (7) to LBATS Implemented field.

    (cherry picked from commit fefd95876d79341b43f6c72b0f853fb9125fa608)

    Co-authored-by: James Ko <jck@exegin.com>

commit db47a355ab
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Oct 13 09:51:43 2024 -0700

    Tools: Make make-iana-ip.py less destructive

    Don't leave behind an unusable iana-ip-data.c if we fail. Make
    make-iana-ip.py and make-manuf.py runnable from anywhere.

    (cherry picked from commit 5ac7d8359048f235a63446ed0fc3afcce24976e2)

commit 44b0dd01a8
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun Oct 13 09:31:37 2024 +0000

    [Automatic update for 2024-10-13]

    Update manuf, services enterprise numbers, translations, and other items.

commit 0beba660c5
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sat Oct 12 10:38:40 2024 -0700

    GitLab CI: Fix a macOS notarization issue

    In 61305fd4b1 we inadvertently stopped stapling notarization tickets
    to the macOS Intel DMG. Add back the `stapler staple` command.

    Fixes #20129

    (cherry picked from commit b6514e848edc3129d1889734b9c2d0c6e303d5e2)

commit ca5025c55c
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Fri Oct 11 15:41:28 2024 +0000

    Zigbee ZCL: IAS WD Police panic, Fire panic, and Emergency panic warning modes

    (cherry picked from commit 74de3f8e784a096ac5860dec3351b470183c6482)

    Co-authored-by: Artem Kan <kan.art.email@gmail.com>

commit 80ff4e6c06
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri Oct 11 15:16:35 2024 +0000

    RPC: Fix handling of ONC RPC with unknown protocol calls

    When creating a fake RPC program for when the "dissect_unknown_programs"
    preference is enabled, set the protocol ID to the "Unknown RPC protocol"
    protocol instead of leaving it as zero, which causes an assertion
    exception in 4.4 and later.

    Cf. 8c92ca7affa435586844ca8d626ea3ec172593c9

    (cherry picked from commit 33f309fee082fd9fda97880bb092f31fab7a2f16)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 39d69c079f
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri Oct 11 13:36:08 2024 +0000

    CMake: Make the Qt D-Bus module optional on Qt 6

    Someone might have Qt6 without D-Bus installed, and the code works
    without it, just with less functionality.

    Fix #20126

    (cherry picked from commit cb640448c24fa7f2c9c1632a58adc3eedd6a4fa5)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 113a4c3036
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri Oct 11 11:57:21 2024 +0000

    UMTS RLC: Free with wmem what was allocated with wmem

    Commit 2db3db56bfd1ba38c5f42015622dbc8530ed05e9 changed to using
    wmem_file_scope memory for the frags, to prevent leaks caused by
    dangling frags in malformed packets. The freeing functions need
    to also call the matching wmem_free or else on file close there
    can be complaints, even crashes with FORTIFY_SOURCE about freeing
    the middle of a wmem_allocated block and possibly a double free.

    This GHashtable could be changed to a autoreset wmem map, which
    will be done in a follow up commit. (This is small in order to
    make backporting simpler.)

    Also avoid UB warnings in the case of memcpy'ing a NULL array
    with a zero length (which is undefined according to the C standard.)

    (cherry picked from commit a2c8ff7cb6b020b60adbd5a2d3e0111b26edd09f)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 0e120834b0
Author: John Thacker <johnthacker@gmail.com>
Date:   Thu Oct 10 23:15:18 2024 +0000

    CMake: Fix our c-ares version discovery

    c-ares 1.34.0 and later generate ARES_VERSION_STR using a macro, so
    fetch the version from ARES_VERSION_MAJOR, ARES_VERSION_MINOR, and
    ARES_VERSION_PATCH.

    Fixes #20125

    (cherry picked from commit 7c1418625d2ba5095ef5393abdb2141c990a662c)

    Co-authored-by: Gerald Combs <gerald@wireshark.org>

commit e7a77d1e52
Author: John Thacker <johnthacker@gmail.com>
Date:   Thu Oct 10 21:17:26 2024 +0000

    MPEG PES: Fix dissection of video streams with length present

    Length zero, meaning "to the end of the packet" is allowed only
    for PES packets whose payload consists of bytes from a video
    elementary stream, but packets from a video stream are not
    *required* to have length zero. If they don't have length zero,
    we need to subtract off the bytes from the header from the length
    before adding the payload bytes or passing to a subdissector.

    This is a reported length, not a captured length, so use
    tvb_new_subset_length.

    Add an expert info if the length is zero but it is not a video
    elementary stream.

    This issue was exposed more after the packets started being
    handed to subdissectors based on information in the Program
    Map Table.

    (cherry picked from commit f126cbb5f5f5f934ef878efa582bd0c008a6aac0)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 94966f2a9f
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Wed Oct 9 19:06:11 2024 +0000

    USB-CCID: Handle RDR_to_PC_Parameters message with dwLength 0

    Closes #20107

    (cherry picked from commit 77151ccc0243f63a22126187ab2b8dd352207d10)

    Co-authored-by: Anders Broman <a.broman58@gmail.com>

commit c29e4bf2c1
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Wed Oct 9 19:02:13 2024 +0000

    PTP: Fix analysis when sequenceId resets happen.

    Splits single max delta parameter for related messages and
    consecutive messages of same type into separate thresholds.
    Aligns max delta for related messages with expectations of 1588/802.1AS.
    Adds a configurable parameter for max delta for messages of same type.

    Closes #20099

    (cherry picked from commit e74fe53e3c4ba54277e8dafab99e70cf58b1154b)

    Co-authored-by: Patrik Thunström <patrik.thunstroem@technica-engineering.de>

commit 09d2a50c58
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Wed Oct 9 18:11:58 2024 +0000

    DOF: Use a flexible array

    Switch from an array of length 1 to a flexible array, which should
    make things more obvious for static analyzers.

    Fixes #20065

    (cherry picked from commit 8bf069c77402a840cae0cd63dfcd9da7264a9201)

    Co-authored-by: Gerald Combs <gerald@wireshark.org>

commit 21f2c2b068
Author: Gerald Combs <gerald@wireshark.org>
Date:   Wed Oct 9 14:55:49 2024 -0700

    Release notes: Mark a couple of issues as fixed

    Issues #20051 and #20082 were fixed in 4.4.1.

commit 255121ad80
Author: Gerald Combs <gerald@wireshark.org>
Date:   Wed Oct 9 13:57:57 2024 -0700

    Version: 4.4.1 → 4.4.2

    [skip ci]
