2 files changed, 1 insertions, 135 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch
deleted file mode 100644
index eb8c733da7..0000000000
--- a/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From f32965be7c80ca6eb330d0e9b34f0c563db7d869 Mon Sep 17 00:00:00 2001
-From: Gerald Combs <gerald@wireshark.org>
-Date: Tue, 8 Oct 2024 11:56:28 -0700
-Subject: [PATCH] AppleTalk: Make sure we have valid addresses
-Make sure ATP, ZIP, and ASP have valid addresses. Use sizeof instead of
-a hard-coded value in a few places.
-Fixes #20114
-(cherry picked from commit 3de741321f85c205c0a8266c40f33cb0013bd1d2)
-Conflicts:
-        epan/dissectors/packet-atalk.c
-CVE: CVE-2024-9781
-Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5]
-(cherry picked from commit cad248ce3bf53026cc837fedeaca65d0f20ea3b5)
-Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
---
- epan/dissectors/packet-atalk.c | 44 ++++++++++++++++++++++++----------
- 1 file changed, 32 insertions(+), 12 deletions(-)
-diff --git a/epan/dissectors/packet-atalk.c b/epan/dissectors/packet-atalk.c
-index 396e7af519..065d6aedb6 100644
--- a/epan/dissectors/packet-atalk.c
-+++ b/epan/dissectors/packet-atalk.c
-@@ -232,9 +232,18 @@ static int hf_asp_attn_code     = -1;
- static int hf_asp_seq           = -1;
- static int hf_asp_size          = -1;
- 
-+/*
-+ * Structure used to represent a DDP address; gives the layout of the
-+ * data pointed to by an Appletalk "address" structure.
-+ */
-+struct atalk_ddp_addr {
-+  guint16 net;
-+  guint8 node;
-+};
-+
- typedef struct {
-   guint32 conversation;
-  guint8  src[4];
-+  guint8  src[sizeof(struct atalk_ddp_addr)];
-   guint16 tid;
- } asp_request_key;
- 
-@@ -502,6 +511,10 @@ static const value_string asp_error_vals[] = {
-   {0,                   NULL } };
- value_string_ext asp_error_vals_ext = VALUE_STRING_EXT_INIT(asp_error_vals);
- 
-+static bool is_ddp_address(address *addr) {
-+  return addr->type == atalk_address_type && addr->len == sizeof(struct atalk_ddp_addr);
-+}
-+
- /*
-  * hf_index must be a FT_UINT_STRING type
-  * Are these always in a Mac extended character set?  Should we have a
-@@ -744,6 +757,12 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
-   conversation_t  *conversation;
-   asp_request_val *request_val   = NULL;
- 
-+  // ATP is carried over DDP
-+  if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) {
-+    return 0;
-+  }
-+
-+
-   col_set_str(pinfo->cinfo, COL_PROTOCOL, "ATP");
- 
-   ctrlinfo = tvb_get_guint8(tvb, offset);
-@@ -770,7 +789,7 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
-     asp_request_key request_key;
- 
-     request_key.conversation = conversation->conv_index;
-    memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, 4);
-+    memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr));
-     request_key.tid = atp_asp_dsi_info.tid;
- 
-     request_val = (asp_request_val *) wmem_map_lookup(atp_request_hash, &request_key);
-@@ -1018,7 +1037,7 @@ get_transaction(tvbuff_t *tvb, packet_info *pinfo, struct atp_asp_dsi_info *atp_
-   conversation = find_or_create_conversation(pinfo);
- 
-   request_key.conversation = conversation->conv_index;
-  memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, 4);
-+  memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr));
-   request_key.tid = atp_asp_dsi_info->tid;
- 
-   request_val = (asp_request_val *) wmem_map_lookup(asp_request_hash, &request_key);
-@@ -1051,6 +1070,11 @@ dissect_asp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
-   if (data == NULL)
-     return 0;
- 
-+  // ASP is carried over ATP/DDP
-+  if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) {
-+    return 0;
-+  }
-+
-   col_set_str(pinfo->cinfo, COL_PROTOCOL, "ASP");
-   col_clear(pinfo->cinfo, COL_INFO);
- 
-@@ -1183,15 +1207,6 @@ dissect_asp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
- /* -----------------------------
-    ZIP protocol cf. inside appletalk chap. 8
- */
-/*
- * Structure used to represent a DDP address; gives the layout of the
- * data pointed to by an Appletalk "address" structure.
- */
-struct atalk_ddp_addr {
-    guint16 net;
-    guint8  node;
-};
-
- 
- static int atalk_str_len(const address* addr _U_)
- {
-@@ -1241,6 +1256,11 @@ dissect_atp_zip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
-   if (data == NULL)
-     return 0;
- 
-+  // ATP ZIP is carried over DDP
-+  if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) {
-+    return 0;
-+  }
-+
-   col_set_str(pinfo->cinfo, COL_PROTOCOL, "ZIP");
-   col_clear(pinfo->cinfo, COL_INFO);
- 
-- 
-2.44.1
diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.9.bb
index d68b082bb3..c561179c68 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.9.bb
@@ -13,12 +13,11 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/wireshark-${PV}.tar.xz \
           file://0002-flex-Remove-line-directives.patch \
           file://0004-lemon-Remove-line-directives.patch \
           file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \
-           file://CVE-2024-9781.patch \
           "
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
-SRC_URI[sha256sum] = "2c5de08e19081bd666a2ce3f052c023274d06acaabc5d667a3c3051a9c618f86"
+SRC_URI[sha256sum] = "62c2b6652d7f9a50668867bd57b21609c9a9b6950f26e7f30a24b2de0e72ded3"
 PE = "1"

diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch deleted file mode 100644 index eb8c733da7..0000000000 --- a/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch +++ /dev/null
@@ -1,133 +0,0 @@
1	From f32965be7c80ca6eb330d0e9b34f0c563db7d869 Mon Sep 17 00:00:00 2001
2	From: Gerald Combs <gerald@wireshark.org>
3	Date: Tue, 8 Oct 2024 11:56:28 -0700
4	Subject: [PATCH] AppleTalk: Make sure we have valid addresses
5
6	Make sure ATP, ZIP, and ASP have valid addresses. Use sizeof instead of
7	a hard-coded value in a few places.
8
9	Fixes #20114
10
11	(cherry picked from commit 3de741321f85c205c0a8266c40f33cb0013bd1d2)
12
13	Conflicts:
14	epan/dissectors/packet-atalk.c
15
16	CVE: CVE-2024-9781
17	Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5]
18
19	(cherry picked from commit cad248ce3bf53026cc837fedeaca65d0f20ea3b5)
20	Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
21	---
22	epan/dissectors/packet-atalk.c \| 44 ++++++++++++++++++++++++----------
23	1 file changed, 32 insertions(+), 12 deletions(-)
24
25	diff --git a/epan/dissectors/packet-atalk.c b/epan/dissectors/packet-atalk.c
26	index 396e7af519..065d6aedb6 100644
27	--- a/epan/dissectors/packet-atalk.c
28	+++ b/epan/dissectors/packet-atalk.c
29	@@ -232,9 +232,18 @@ static int hf_asp_attn_code = -1;
30	static int hf_asp_seq = -1;
31	static int hf_asp_size = -1;
32
33	+/*
34	+ * Structure used to represent a DDP address; gives the layout of the
35	+ * data pointed to by an Appletalk "address" structure.
36	+ */
37	+struct atalk_ddp_addr {
38	+ guint16 net;
39	+ guint8 node;
40	+};
41	+
42	typedef struct {
43	guint32 conversation;
44	- guint8 src[4];
45	+ guint8 src[sizeof(struct atalk_ddp_addr)];
46	guint16 tid;
47	} asp_request_key;
48
49	@@ -502,6 +511,10 @@ static const value_string asp_error_vals[] = {
50	{0, NULL } };
51	value_string_ext asp_error_vals_ext = VALUE_STRING_EXT_INIT(asp_error_vals);
52
53	+static bool is_ddp_address(address *addr) {
54	+ return addr->type == atalk_address_type && addr->len == sizeof(struct atalk_ddp_addr);
55	+}
56	+
57	/*
58	* hf_index must be a FT_UINT_STRING type
59	* Are these always in a Mac extended character set? Should we have a
60	@@ -744,6 +757,12 @@ dissect_atp(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data _U_)
61	conversation_t *conversation;
62	asp_request_val *request_val = NULL;
63
64	+ // ATP is carried over DDP
65	+ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) {
66	+ return 0;
67	+ }
68	+
69	+
70	col_set_str(pinfo->cinfo, COL_PROTOCOL, "ATP");
71
72	ctrlinfo = tvb_get_guint8(tvb, offset);
73	@@ -770,7 +789,7 @@ dissect_atp(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data _U_)
74	asp_request_key request_key;
75
76	request_key.conversation = conversation->conv_index;
77	- memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, 4);
78	+ memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr));
79	request_key.tid = atp_asp_dsi_info.tid;
80
81	request_val = (asp_request_val *) wmem_map_lookup(atp_request_hash, &request_key);
82	@@ -1018,7 +1037,7 @@ get_transaction(tvbuff_t tvb, packet_info pinfo, struct atp_asp_dsi_info *atp_
83	conversation = find_or_create_conversation(pinfo);
84
85	request_key.conversation = conversation->conv_index;
86	- memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, 4);
87	+ memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr));
88	request_key.tid = atp_asp_dsi_info->tid;
89
90	request_val = (asp_request_val *) wmem_map_lookup(asp_request_hash, &request_key);
91	@@ -1051,6 +1070,11 @@ dissect_asp(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data)
92	if (data == NULL)
93	return 0;
94
95	+ // ASP is carried over ATP/DDP
96	+ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) {
97	+ return 0;
98	+ }
99	+
100	col_set_str(pinfo->cinfo, COL_PROTOCOL, "ASP");
101	col_clear(pinfo->cinfo, COL_INFO);
102
103	@@ -1183,15 +1207,6 @@ dissect_asp(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data)
104	/* -----------------------------
105	ZIP protocol cf. inside appletalk chap. 8
106	*/
107	-/*
108	- * Structure used to represent a DDP address; gives the layout of the
109	- * data pointed to by an Appletalk "address" structure.
110	- */
111	-struct atalk_ddp_addr {
112	- guint16 net;
113	- guint8 node;
114	-};
115	-
116
117	static int atalk_str_len(const address* addr _U_)
118	{
119	@@ -1241,6 +1256,11 @@ dissect_atp_zip(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data)
120	if (data == NULL)
121	return 0;
122
123	+ // ATP ZIP is carried over DDP
124	+ if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) {
125	+ return 0;
126	+ }
127	+
128	col_set_str(pinfo->cinfo, COL_PROTOCOL, "ZIP");
129	col_clear(pinfo->cinfo, COL_INFO);
130
131	--
132	2.44.1
133


diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.9.bb index d68b082bb3..c561179c68 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.9.bb
@@ -13,12 +13,11 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/wireshark-${PV}.tar.xz \
13	file://0002-flex-Remove-line-directives.patch \	13	file://0002-flex-Remove-line-directives.patch \
14	file://0004-lemon-Remove-line-directives.patch \	14	file://0004-lemon-Remove-line-directives.patch \
15	file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \	15	file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \
16	file://CVE-2024-9781.patch \
17	"	16	"
18		17
19	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"	18	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
20		19
21	SRC_URI[sha256sum] = "2c5de08e19081bd666a2ce3f052c023274d06acaabc5d667a3c3051a9c618f86"	20	SRC_URI[sha256sum] = "62c2b6652d7f9a50668867bd57b21609c9a9b6950f26e7f30a24b2de0e72ded3"
22		21
23	PE = "1"	22	PE = "1"
24		23