From cd1aa14313b5ade98613b7d349f320fd44e78bc9 Mon Sep 17 00:00:00 2001
From: Vijay Anusuri <vanusuri@mvista.com>
Date: Mon, 17 Mar 2025 14:46:38 +0530
Subject: [PATCH] wireshark: upgrade 4.2.7 -> 4.2.9

Fixes CVE-2024-11595 CVE-2024-11596
Removed CVE-2024-9781.patch which is already fixed in 4.2.8 version

Release notes:
https://www.wireshark.org/docs/relnotes/wireshark-4.2.8.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.9.html

Reference:
https://www.wireshark.org/security/wnpa-sec-2024-15.html
https://www.wireshark.org/security/wnpa-sec-2024-14.html
https://www.wireshark.org/security/wnpa-sec-2024-13.html

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 .../wireshark/files/CVE-2024-9781.patch       | 133 ------------------
 ...{wireshark_4.2.7.bb => wireshark_4.2.9.bb} |   3 +-
 2 files changed, 1 insertion(+), 135 deletions(-)
 delete mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch
 rename meta-networking/recipes-support/wireshark/{wireshark_4.2.7.bb => wireshark_4.2.9.bb} (96%)

diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch b/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch
deleted file mode 100644
index eb8c733da7..0000000000
--- a/meta-networking/recipes-support/wireshark/files/CVE-2024-9781.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From f32965be7c80ca6eb330d0e9b34f0c563db7d869 Mon Sep 17 00:00:00 2001
-From: Gerald Combs <gerald@wireshark.org>
-Date: Tue, 8 Oct 2024 11:56:28 -0700
-Subject: [PATCH] AppleTalk: Make sure we have valid addresses
-
-Make sure ATP, ZIP, and ASP have valid addresses. Use sizeof instead of
-a hard-coded value in a few places.
-
-Fixes #20114
-
-(cherry picked from commit 3de741321f85c205c0a8266c40f33cb0013bd1d2)
-
-Conflicts:
-	epan/dissectors/packet-atalk.c
-
-CVE: CVE-2024-9781
-Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/cad248ce3bf5]
-
-(cherry picked from commit cad248ce3bf53026cc837fedeaca65d0f20ea3b5)
-Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
----
- epan/dissectors/packet-atalk.c | 44 ++++++++++++++++++++++++----------
- 1 file changed, 32 insertions(+), 12 deletions(-)
-
-diff --git a/epan/dissectors/packet-atalk.c b/epan/dissectors/packet-atalk.c
-index 396e7af519..065d6aedb6 100644
---- a/epan/dissectors/packet-atalk.c
-+++ b/epan/dissectors/packet-atalk.c
-@@ -232,9 +232,18 @@ static int hf_asp_attn_code     = -1;
- static int hf_asp_seq           = -1;
- static int hf_asp_size          = -1;
- 
-+/*
-+ * Structure used to represent a DDP address; gives the layout of the
-+ * data pointed to by an Appletalk "address" structure.
-+ */
-+struct atalk_ddp_addr {
-+  guint16 net;
-+  guint8 node;
-+};
-+
- typedef struct {
-   guint32 conversation;
--  guint8  src[4];
-+  guint8  src[sizeof(struct atalk_ddp_addr)];
-   guint16 tid;
- } asp_request_key;
- 
-@@ -502,6 +511,10 @@ static const value_string asp_error_vals[] = {
-   {0,                   NULL } };
- value_string_ext asp_error_vals_ext = VALUE_STRING_EXT_INIT(asp_error_vals);
- 
-+static bool is_ddp_address(address *addr) {
-+  return addr->type == atalk_address_type && addr->len == sizeof(struct atalk_ddp_addr);
-+}
-+
- /*
-  * hf_index must be a FT_UINT_STRING type
-  * Are these always in a Mac extended character set?  Should we have a
-@@ -744,6 +757,12 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
-   conversation_t  *conversation;
-   asp_request_val *request_val   = NULL;
- 
-+  // ATP is carried over DDP
-+  if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) {
-+    return 0;
-+  }
-+
-+
-   col_set_str(pinfo->cinfo, COL_PROTOCOL, "ATP");
- 
-   ctrlinfo = tvb_get_guint8(tvb, offset);
-@@ -770,7 +789,7 @@ dissect_atp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
-     asp_request_key request_key;
- 
-     request_key.conversation = conversation->conv_index;
--    memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, 4);
-+    memcpy(request_key.src, (!atp_asp_dsi_info.reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr));
-     request_key.tid = atp_asp_dsi_info.tid;
- 
-     request_val = (asp_request_val *) wmem_map_lookup(atp_request_hash, &request_key);
-@@ -1018,7 +1037,7 @@ get_transaction(tvbuff_t *tvb, packet_info *pinfo, struct atp_asp_dsi_info *atp_
-   conversation = find_or_create_conversation(pinfo);
- 
-   request_key.conversation = conversation->conv_index;
--  memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, 4);
-+  memcpy(request_key.src, (!atp_asp_dsi_info->reply)?pinfo->src.data:pinfo->dst.data, sizeof(struct atalk_ddp_addr));
-   request_key.tid = atp_asp_dsi_info->tid;
- 
-   request_val = (asp_request_val *) wmem_map_lookup(asp_request_hash, &request_key);
-@@ -1051,6 +1070,11 @@ dissect_asp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
-   if (data == NULL)
-     return 0;
- 
-+  // ASP is carried over ATP/DDP
-+  if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) {
-+    return 0;
-+  }
-+
-   col_set_str(pinfo->cinfo, COL_PROTOCOL, "ASP");
-   col_clear(pinfo->cinfo, COL_INFO);
- 
-@@ -1183,15 +1207,6 @@ dissect_asp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
- /* -----------------------------
-    ZIP protocol cf. inside appletalk chap. 8
- */
--/*
-- * Structure used to represent a DDP address; gives the layout of the
-- * data pointed to by an Appletalk "address" structure.
-- */
--struct atalk_ddp_addr {
--    guint16 net;
--    guint8  node;
--};
--
- 
- static int atalk_str_len(const address* addr _U_)
- {
-@@ -1241,6 +1256,11 @@ dissect_atp_zip(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data)
-   if (data == NULL)
-     return 0;
- 
-+  // ATP ZIP is carried over DDP
-+  if (!(is_ddp_address(&pinfo->src) && is_ddp_address(&pinfo->dst))) {
-+    return 0;
-+  }
-+
-   col_set_str(pinfo->cinfo, COL_PROTOCOL, "ZIP");
-   col_clear(pinfo->cinfo, COL_INFO);
- 
--- 
-2.44.1
-
diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.9.bb
similarity index 96%
rename from meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb
rename to meta-networking/recipes-support/wireshark/wireshark_4.2.9.bb
index d68b082bb3..c561179c68 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_4.2.7.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.9.bb
@@ -13,12 +13,11 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/wireshark-${PV}.tar.xz \
            file://0002-flex-Remove-line-directives.patch \
            file://0004-lemon-Remove-line-directives.patch \
            file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \
-           file://CVE-2024-9781.patch \
            "
 
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"
 
-SRC_URI[sha256sum] = "2c5de08e19081bd666a2ce3f052c023274d06acaabc5d667a3c3051a9c618f86"
+SRC_URI[sha256sum] = "62c2b6652d7f9a50668867bd57b21609c9a9b6950f26e7f30a24b2de0e72ded3"
 
 PE = "1"