diff options
| author | Hitendra Prajapati <hprajapati@mvista.com> | 2025-12-09 18:00:05 +0530 |
|---|---|---|
| committer | Anuj Mittal <anuj.mittal@oss.qualcomm.com> | 2025-12-11 08:02:02 +0530 |
| commit | 5775e1a6435debe337e156fa74e5af8e45368ca0 (patch) | |
| tree | cfa07571621ee09ec57e154ab710d4970c7f1dad /meta-networking | |
| parent | d9e1f6f274c8a7b1597b0068969ac9cc0da3881d (diff) | |
| download | meta-openembedded-5775e1a6435debe337e156fa74e5af8e45368ca0.tar.gz | |
wireshark: fix CVE-2025-13499
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-networking')
| -rw-r--r-- | meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch | 45 | ||||
| -rw-r--r-- | meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb | 1 |
2 files changed, 46 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch new file mode 100644 index 0000000000..b713cea8c4 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-13499.patch | |||
| @@ -0,0 +1,45 @@ | |||
| 1 | From e180152d3dae668249f78c72a55a4ba436b57af7 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Darius Davis <darius-wireshark@free-range.com.au> | ||
| 3 | Date: Sat, 25 Oct 2025 15:01:34 +1000 | ||
| 4 | Subject: [PATCH] Kafka: Fix decompress_snappy with no xerial chunks. | ||
| 5 | |||
| 6 | Instead of returning true without setting outputs, report a failure to | ||
| 7 | decompress and return false to the caller. | ||
| 8 | |||
| 9 | Fix #20823 | ||
| 10 | |||
| 11 | (cherry picked from commit 49137f8ce93c9f7ac55b69c8e089ba6a422f633e) | ||
| 12 | |||
| 13 | CVE-2025-13499 | ||
| 14 | Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7] | ||
| 15 | Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> | ||
| 16 | --- | ||
| 17 | epan/dissectors/packet-kafka.c | 4 ++-- | ||
| 18 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/epan/dissectors/packet-kafka.c b/epan/dissectors/packet-kafka.c | ||
| 21 | index 482a670..e537013 100644 | ||
| 22 | --- a/epan/dissectors/packet-kafka.c | ||
| 23 | +++ b/epan/dissectors/packet-kafka.c | ||
| 24 | @@ -1788,6 +1788,7 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, | ||
| 25 | count++; | ||
| 26 | DISSECTOR_ASSERT_HINT(count < MAX_LOOP_ITERATIONS, "MAX_LOOP_ITERATIONS exceeded"); | ||
| 27 | } | ||
| 28 | + ret = composite_tvb != NULL; | ||
| 29 | |||
| 30 | } else { | ||
| 31 | |||
| 32 | @@ -1810,9 +1811,8 @@ decompress_snappy(tvbuff_t *tvb, packet_info *pinfo, int offset, guint32 length, | ||
| 33 | |||
| 34 | *decompressed_tvb = tvb_new_child_real_data(tvb, decompressed_buffer, (guint)out_size, (gint)out_size); | ||
| 35 | *decompressed_offset = 0; | ||
| 36 | - | ||
| 37 | + ret = TRUE; | ||
| 38 | } | ||
| 39 | - ret = TRUE; | ||
| 40 | end: | ||
| 41 | if (composite_tvb) { | ||
| 42 | tvb_composite_finalize(composite_tvb); | ||
| 43 | -- | ||
| 44 | 2.50.1 | ||
| 45 | |||
diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb index 63610642ac..c313075ea4 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb | |||
| @@ -14,6 +14,7 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz | |||
| 14 | file://0004-lemon-Remove-line-directives.patch \ | 14 | file://0004-lemon-Remove-line-directives.patch \ |
| 15 | file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \ | 15 | file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \ |
| 16 | file://CVE-2025-9817.patch \ | 16 | file://CVE-2025-9817.patch \ |
| 17 | file://CVE-2025-13499.patch \ | ||
| 17 | " | 18 | " |
| 18 | 19 | ||
| 19 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions" | 20 | UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions" |
