3 files changed, 2 insertions, 132 deletions

diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch
deleted file mode 100644
index 69348030bb..0000000000
--- a/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 Mon Sep 17 00:00:00 2001
-From: Guy Harris <gharris@sonic.net>
-Date: Tue, 12 Mar 2024 00:37:23 -0700
-Subject: [PATCH] ppp: use the buffer stack for the de-escaping buffer.
-
-This both saves the buffer for freeing later and saves the packet
-pointer and snapend to be restored when packet processing is complete,
-even if an exception is thrown with longjmp.
-
-This means that the hex/ASCII printing in pretty_print_packet()
-processes the packet data as captured or read from the savefile, rather
-than as modified by the PPP printer, so that the bounds checking is
-correct.
-
-That fixes CVE-2024-2397, which was caused by an exception being thrown
-by the hex/ASCII printer (which should only happen if those routines are
-called by a packet printer, not if they're called for the -X/-x/-A
-flag), which jumps back to the setjmp() that surrounds the packet
-printer.  Hilarity^Winfinite looping ensues.
-
-Also, restore ndo->ndo_packetp before calling the hex/ASCII printing
-routine, in case nd_pop_all_packet_info() didn't restore it.
-
-Upstream-Status: Backport [https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2]
-CVE: CVE-2024-2397
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- print-ppp.c | 31 +++++++++++++++++--------------
- print.c     |  8 ++++++--
- 2 files changed, 23 insertions(+), 16 deletions(-)
-
-diff --git a/print-ppp.c b/print-ppp.c
-index aba243d..e5ae064 100644
---- a/print-ppp.c
-+++ b/print-ppp.c
-@@ -42,6 +42,8 @@
- #include <net/if_ppp.h>
- #endif
- 
-+#include <stdlib.h>
-+
- #include "netdissect.h"
- #include "extract.h"
- #include "addrtoname.h"
-@@ -1363,7 +1365,6 @@ ppp_hdlc(netdissect_options *ndo,
-        u_char *b, *t, c;
-        const u_char *s;
-        u_int i, proto;
--       const void *sb, *se;
- 
-        if (caplen == 0)
-                return;
-@@ -1371,9 +1372,11 @@ ppp_hdlc(netdissect_options *ndo,
-         if (length == 0)
-                 return;
- 
--       b = (u_char *)nd_malloc(ndo, caplen);
--       if (b == NULL)
--               return;
-+       b = (u_char *)malloc(caplen);
-+       if (b == NULL) {
-+               (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
-+                       "%s: malloc", __func__);
-+       }
- 
-        /*
-         * Unescape all the data into a temporary, private, buffer.
-@@ -1394,13 +1397,15 @@ ppp_hdlc(netdissect_options *ndo,
-        }
- 
-        /*
--        * Change the end pointer, so bounds checks work.
--        * Change the pointer to packet data to help debugging.
-+        * Switch to the output buffer for dissection, and save it
-+        * on the buffer stack so it can be freed; our caller must
-+        * pop it when done.
-         */
--       sb = ndo->ndo_packetp;
--       se = ndo->ndo_snapend;
--       ndo->ndo_packetp = b;
--       ndo->ndo_snapend = t;
-+       if (!nd_push_buffer(ndo, b, b, (u_int)(t - b))) {
-+               free(b);
-+               (*ndo->ndo_error)(ndo, S_ERR_ND_MEM_ALLOC,
-+                       "%s: can't push buffer on buffer stack", __func__);
-+       }
-        length = ND_BYTES_AVAILABLE_AFTER(b);
- 
-         /* now lets guess about the payload codepoint format */
-@@ -1442,13 +1447,11 @@ ppp_hdlc(netdissect_options *ndo,
-         }
- 
- cleanup:
--       ndo->ndo_packetp = sb;
--       ndo->ndo_snapend = se;
-+       nd_pop_packet_info(ndo);
-         return;
- 
- trunc:
--       ndo->ndo_packetp = sb;
--       ndo->ndo_snapend = se;
-+       nd_pop_packet_info(ndo);
-        nd_print_trunc(ndo);
- }
- 
-diff --git a/print.c b/print.c
-index 9c0ab86..33706b9 100644
---- a/print.c
-+++ b/print.c
-@@ -431,10 +431,14 @@ pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h,
-        nd_pop_all_packet_info(ndo);
- 
-        /*
--        * Restore the original snapend, as a printer might have
--        * changed it.
-+        * Restore the originals snapend and packetp, as a printer
-+        * might have changed them.
-+        *
-+        * XXX - nd_pop_all_packet_info() should have restored the
-+        * original values, but, just in case....
-         */
-        ndo->ndo_snapend = sp + h->caplen;
-+       ndo->ndo_packetp = sp;
-        if (ndo->ndo_Xflag) {
-                /*
-                 * Print the raw packet data in hex and ASCII.
--- 
-2.25.1
-
diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/run-ptest b/meta-networking/recipes-support/tcpdump/tcpdump/run-ptest
index 2bfb2267da..2bfb2267da 100755..100644
--- a/meta-networking/recipes-support/tcpdump/tcpdump/run-ptest
+++ b/meta-networking/recipes-support/tcpdump/tcpdump/run-ptest
diff --git a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.5.bb
index b05b832dd8..32b869f241 100644
--- a/meta-networking/recipes-support/tcpdump/tcpdump_4.99.4.bb
+++ b/meta-networking/recipes-support/tcpdump/tcpdump_4.99.5.bb
@@ -21,13 +21,12 @@ RDEPENDS:${PN}-ptest += " make perl \
 "
 
 SRC_URI = " \
-    http://www.tcpdump.org/release/${BP}.tar.gz \
+    http://www.tcpdump.org/release/${BP}.tar.xz \
     file://add-ptest.patch \
     file://run-ptest \
-    file://CVE-2024-2397.patch \
 "
 
-SRC_URI[sha256sum] = "0232231bb2f29d6bf2426e70a08a7e0c63a0d59a9b44863b7f5e2357a6e49fea"
+SRC_URI[sha256sum] = "d76395ab82d659d526291b013eee200201380930793531515abfc6e77b4f2ee5"
 
 UPSTREAM_CHECK_REGEX = "tcpdump-(?P<pver>\d+(\.\d+)+)\.tar"