commit 2495dcd8bc
Author: Gerald Combs <gerald@wireshark.org>
Date:   Tue May 19 09:06:42 2026 -0700

    Build: 4.4.16 [skip ci]

commit fc1d23886a
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue May 19 09:51:36 2026 -0400

    kafka: Avoid overflow (and offset moving backwards) in compact string

    Fix #21263

    AI-Assisted: no

    (cherry picked from commit cc856b7750900f8298a4174ecadfdf3682c93932)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 5919eff9f1
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon May 18 22:43:55 2026 -0400

    Kafka: Eliminate signed overflow UB

    Separate the tvb_get_ptr call into a separate instruction line,
    because that function will throw an exception if
    offset + 4 + length overflows, and thus if 4 + length overflows.
    The order of the parameters in proto_tree_add_... is wrong for
    preventing overflow here as a single statement.

    Use tvb_get_ntohil instead of tvb_get_ntohl and casting for retrieving
    a signed integer. Fix the returned values of the offset pointers (note
    these are never used and could be probably removed.)

    Similarly prevent possible signed overflow in the KIP-482 compact
    coding, although we don't have an example test case yet.

    OSS-Fuzz Issue 448035023

    (cherry picked from commit b3e8fcf3a7948853de023e942831ff6807751560)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit fd925fc6db
Author: Gerald Combs <gerald@wireshark.org>
Date:   Mon May 18 11:48:40 2026 -0700

    Prep for 4.4.16 [skip ci]

commit 35a67dc8fc
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon May 18 09:08:04 2026 -0400

    SAP HDB: Don't go backwards on a negative option length

    The option length is apparently a signed 16-bit integer.
    Don't go backwards if it's negative.

    (backported from e9a06b6020e9a22737b4bae595be12ce12020d33)

    Fix #21259 (note the other checks catch this so I'm not sure there's
    an actual infinite loop, but it might be possible to craft one.)

    AI-Assisted: no

commit 2c040401d1
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon May 18 09:34:01 2026 -0400

    Update nl80211 generation tool source URL

    With recent changes to the kernel.org to combat burdensome
    AI web scrapers [1], grabbing latest nl80211.h constants
    from the existing URL generates a HTTP 403 URL forbidden
    error. Switch to GitHub mirror which does not generate same
    error.

    [1] https://social.kernel.org/notice/Asir7LiPevX6XcEVJQ

    (cherry picked from commit 74d9da4edaadd0ee4dfd4d25a3e98a98b10612f3)

    Co-authored-by: Alex Gavin <a_gavin@icloud.com>

commit 99da8c2cdc
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon May 18 08:44:42 2026 -0400

    MDB: Allocate a column string with pinfo->pool

    Just using the old val_to_str on 4.4 uses wmem_packet_scope, which has
    slightly too short a lifespan to be used in a column and leads to a
    use-after-free with the simple (malloc based) allocator. It probably
    has no effect on the normal block [fast] allocator. This was fixed
    as part of a large overhaul on 4.6.

    Fix #21261.

    AI-Assisted: no

commit 176d0485ca
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun May 17 10:15:46 2026 +0000

    [Automatic update for 2026-05-17]

    Update manuf, services enterprise numbers, translations, and other items.

commit f828bd27c4
Author: John Thacker <johnthacker@gmail.com>
Date:   Thu May 14 19:11:45 2026 -0400

    Qt: Export Objects: Move after retap cleanup to endRetapPackets

    Otherwise, if the dialog is closed before tapping finishes, already
    freed memory can be accessed and there can be segfaults. This is
    why this exists in WiresharkDialog, it fires after receiving the
    signal.

    AI-Assisted: no

    (cherry picked from commit 06309b952e8f710364d26d0bfc63d3f696478385)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 7709a71bca
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed May 13 09:46:14 2026 -0400

    MSYS2: Add missing nghttp3 DLL to installer

    Also add nghttp3 to setup script.

    (cherry picked from commit 5135143f2d5482be903085f62317a8cf43ed4618)

    Co-authored-by: João Valverde <j@v6e.pt>

commit b21c89780c
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed May 13 08:42:26 2026 -0400

    CMake: Don't look for Chocolatey on MSYS2

    All the packages we use are available in the MSYS2 repo. This is
    particularly bad if it finds the Chocolatey xsltproc, because then
    it won't use the stylesheets from the MSYS2 package and we also
    won't have downloaded the stylesheets from FetchArtifacts, so
    documentation will fail. (This applies especially to people who
    try building both ways.)

    AI-Assisted: no

    (cherry picked from commit 08023890269d603a65af5ab334fe53b4261edee2)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit af11ff4936
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed May 13 01:29:16 2026 -0400

    androiddump: Fix a shadowed variable name

    This shows up when compiling with MSYS2, etc.

    (cherry picked from commit e1d130de449b54378820838cd1a86546ee1313b2)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit d4807b9b0d
Author: John Thacker <johnthacker@gmail.com>
Date:   Wed May 13 00:56:44 2026 -0400

    Lua: Make tests pass on Lua 5.5

    The way in which luaL_[un]ref works in order to allow references be
    reused means that the length operator # does not work in the expected
    way in Lua 5.4 and 5.5 on arrays that use references instead of
    consecutive integer keys indexed starting at 1. (Lua arrays are
    1-indexed by custom, and various functions expect that.)

    There's only an advantage to using luaL_ref if the references are
    stored, and then used to unreference strict subsets of the table
    members, which we don't support and have never supported for the
    field and expert info tables in a wslua Proto. Some of the tests
    depend on the length operator providing the expected answer. Just
    use consecutive integer keys for now. (This is what luaL_ref will
    eventually do, more or less, in a slightly slower manner, if we
    never remove individual items without clearing the entire table
    or letting it garbage collect.)

    This fixes the wslua_proto_field test on Lua 5.5

    https://www.lua.org/manual/5.5/manual.html#luaL_ref
    https://www.lua.org/manual/5.5/manual.html#3.4.7
    https://www.lua.org/source/5.5/lauxlib.c.html#luaL_ref

    AI-Assisted: no

    (cherry picked from commit 6add14a3f37029a71633dececc0deaf2284a46d2)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit b8084806d3
Author: Gerald Combs <gerald@wireshark.org>
Date:   Thu May 7 09:53:13 2026 -0700

    CMake: Update libgcrypt to 1.12.2, second try

    Upgrade to 1.12.2, this time with Gabriel Potter's FreeLibrary patch
    from !24787.

    AI-Assisted: no
    (cherry picked from commit 61ce51994400cb34c064586491f980c288731780)

    Conflicts:
            cmake/modules/FetchArtifacts.cmake

commit d83e92708a
Author: John Thacker <johnthacker@gmail.com>
Date:   Fri May 1 09:03:51 2026 -0400

    GitLab CI: Run the Qt5 job on 4.4 on merge requests that change Qt

    Since the 4.4 branch still supports Qt 5 for more platforms, and doesn't
    require C++14, we need to run the Qt 5 job on cherry-picks and backports
    that run on master but might not run on earlier branches

    (backported from 0041cb30830d6f4e94ba06601dba9d00e9cd3726)

    AI-Assisted: no

commit e6fea1b5a7
Author: Jaap Keuter <jaap.keuter@xs4all.nl>
Date:   Mon May 11 11:25:18 2026 +0000

    GDSDB: Fix rounding up

    The align to 4 bytes function as currently written rounds up numbers
    already divisible by 4 to the next higher power. This is incorrect
    for this protocol, as demonstrated by the file in #3749, which dissects
    without malformed packets after this change.

    AI-Assisted: no

    (cherry picked from commit 16ee4938cd244bbbcfc006ccf152fd303002aa3d)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit d0f80c12a5
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun May 10 10:12:20 2026 +0000

    [Automatic update for 2026-05-10]

    Update manuf, services enterprise numbers, translations, and other items.

commit 80a5565b72
Author: John Thacker <johnthacker@gmail.com>
Date:   Sat May 9 14:51:46 2026 -0400

    SIP: Fix a possibility of a crash in follow conv filter with sharkd

    Commit e75e1fb580f3a496309ae1d65c1865fa98262ec5 added the ability for
    the follow conversation filters to be built out of the epan_dissect_t,
    instead of just the packet_info it contains, and had the SIP dissector
    use the proto_tree information. Unfortunately, despite an update in
    9778cc82207520547e22c39f11ca3c1ac52c8aea, it's still possible for the
    dissection to have occurred with a NULL tree, and functions like
    proto_find_first_finfo will crash in that case.

    It's possible that this entire approach doesn't work, and information
    for follow filters should be placed in proto data (file or packet
    scoped) for this purpose; alternatively, sharkd and other follows
    of the follow_conv_filter functions would need to guarantee a non-NULL
    tree before calling them.

    AI-Assisted: no

    (cherry picked from commit 8ac1be08cfdf14feb7098a04ac9ecd038d37d2ff)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 401de4288e
Author: Gerald Combs <gerald@wireshark.org>
Date:   Thu May 7 17:07:14 2026 -0700

    docs: Update the sharkd man page admonition

    Sharkd shouldn't be exposed to any untrusted user.

    AI-Assisted: no
    (cherry picked from commit 9ead72497968d76227a797b7b6d1db8947fdb867)

commit a60f3dcbb3
Author: John Thacker <johnthacker@gmail.com>
Date:   Thu Apr 30 12:28:51 2026 -0400

    CMake: Add sharkd HTML page to be installed in one more place

    Fixup aab6a4cc574dac8540e48ec9ce23a9f18de4b31f (the Windows packages
    need this apparently.)

    AI-Assisted: no
    (cherry picked from commit 7ff76b099be845d81e2d59cd072dfcad21609ffd)

    Conflicts:
            CMakeLists.txt

commit f02ab2c33e
Author: Gerald Combs <gerald@wireshark.org>
Date:   Thu Apr 30 12:45:57 2026 -0700

    WiX: Install the sharkd man page

    AI-Assisted: no
    (cherry picked from commit 1c693e3d343e2741cfac4bd0a70ab29a1a9dfb04)

commit f464c9ff8d
Author: Gerald Combs <gerald@wireshark.org>
Date:   Mon Apr 27 16:55:32 2026 -0700

    docs: Add an initial sharkd man page

    Add an initial man page for sharkd. The bulk of the text was generated
    using Claude, and I corrected some errors and omissions.

    Ping #19562

    AI-Assisted: yes [Claude Opus 4.6]
    (cherry picked from commit aab6a4cc574dac8540e48ec9ce23a9f18de4b31f)

    Conflicts:
            doc/CMakeLists.txt
    (cherry picked from commit 2dfd050fdd8698dbdc2d3abbf07f158505d64886)

commit b9750e0096
Author: John Thacker <johnthacker@gmail.com>
Date:   Thu May 7 21:31:27 2026 -0400

    ROHC: Fix handing of uncompressed profile with large CID

    There's an off-by-one in how tvb_captured_length_remaining is
    used. One extra octet, representing the first octet of the packet,
    should be added.

    In the normal case, this results in the packet passed to the IP
    dissector being one octet short. In the edge case, this results in
    writing one octet to a NULL pointer.

    Fix #21243

    AI-Assisted: no

    (cherry picked from commit 6f0cf1551dcc81ad92508bf8ccaf51af8e1512f9)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 3b7b868cea
Author: Gerald Combs <gerald@wireshark.org>
Date:   Tue May 5 12:01:18 2026 -0700

    GitLab CI: Start using rclone

    AI-Assisted: no
    (cherry picked from commit b2fe6e15489d92757274e54c58c7d78a43b3c67a)

    Conflicts:
            .gitlab-ci.yml

commit ec397370d0
Author: John Thacker <johnthacker@gmail.com>
Date:   Tue May 5 07:26:39 2026 -0400

    rtps-virtual-transport: Initialize the rtpsvt_data struct

    It appears that in RTPS-VT that some of the parameters, such as
    direction, are mandatory. If they are missing, what should the
    dissector do? Should it use a default value or not pass the
    information onto RTPS-PROC?

    Fix #21240

    AI-Assisted: no

    (cherry picked from commit badcc16cfcc28acf9e326ea84822739c712a52f9)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 915c34d373
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon May 4 08:44:07 2026 -0400

    GitLab CI: Fix Fedora build

    cmake3 was necessary during the CMake 2 to 3 transition. The just
    released Fedora 44 has CMake 4 only, which builds fine, and on all
    at all recent Fedora, cmake points to CMake 3, not 2.

    AI-Assisted: no

    (backported from commit 5e79628c7e4b82ecc6aa93d9678aa8417edd5739)

commit a0de11381f
Author: John Thacker <johnthacker@gmail.com>
Date:   Mon May 4 09:09:50 2026 -0400

    epan: Fix signed_time_msecs_to_str for INT32_MIN

    C integer division and remainder is defined since C99 to always round
    towards towards zero, and C++11 adopted this, so for what we want in
    order to produce a string (the seconds part with the appropriate sign
    but the fractional part unsigned), and to handle the edge case of INT32_MIN
    correctly, we can divide as normal and then negate the remainder.
    This is the same as the current implementation for all values other
    than INT32_MIN for time_val.

    The current implementation for an time_val of INT32_MIN produces
    2,147,483 for the dividend and -648 for msecs, then cast to
    4,294,966,648. (That is with -fwrapv/-fno-strict-overflow; otherwise
    it's UB and all bets are off; it's quite possible that msecs will
    be set to -330641784 under a standard optimization assuming overflow
    can never happen. On the other hand, in certain cases clang will
    actually give the correct answer without wrapping turned on, but
    it can change depending on other surrounding statements.)
    This is because -INT32_MIN is still negative; -INT32_MIN == INT32_MIN.
    This implementation produces -2,147,483 and 648, respectively, as
    desired.

    OSS-Fuzz 494034581

    AI-Assisted: no

    (cherry picked from commit ef0e6f7790257ec470017bf81a4ba92bbe744c41)

    Co-authored-by: John Thacker <johnthacker@gmail.com>

commit 918b969cbd
Author: Gerald Combs <gerald@wireshark.org>
Date:   Sun May 3 10:13:03 2026 +0000

    [Automatic update for 2026-05-03]

    Update manuf, services enterprise numbers, translations, and other items.

commit 9f362204a7
Author: Gerald Combs <gerald@wireshark.org>
Date:   Fri May 1 10:52:39 2026 -0700

    CMake: Update GnuTLS to 3.8.13 and libgcrypt to 1.12.2

    AI-Assisted: no

    (cherry picked from commit 44b886ac28d739465afb858c6bf66d520a9ac64c)

    Conflicts:
            cmake/modules/FetchArtifacts.cmake

commit 255e23dd11
Author: John Thacker <johnthacker@gmail.com>
Date:   Thu Apr 30 22:50:33 2026 -0400

    VeriWave: Fix finding the signature

    Have the find_signature routine return a bool, instead of returning the
    original offset on failure, so that the caller doesn't have to check the
    returned offset to see if it has the magic byte. This also allows
    returning false when the record isn't long enough to check the expected
    signature offset, without the caller then trying to dereference it
    anyway.

    It doesn't appear that this causes a buffer overrun because of how
    the Buffer is initialized to be at least 2048 bytes always, but it can
    be a read of uninitialized data.

    Fix #16460. Fix #16461.

    AI-Assisted: no

    (backported from d8242c14feee454467e4a1dda1557001a9f08b92)

commit eaf05a97eb
Author: Gerald Combs <gerald@wireshark.org>
Date:   Wed Apr 29 15:02:31 2026 -0700

    macos-setup: Just set our minimum OS target to 11.0

commit 9e6f565554
Author: Gerald Combs <gerald@wireshark.org>
Date:   Wed Apr 29 19:29:13 2026 -0700

    Version: 4.4.15 → 4.4.16 [skip ci]
