2 files changed, 69 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-5601.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-5601.patch
new file mode 100644
index 0000000000..622664f182
--- /dev/null
+++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-5601.patch
@@ -0,0 +1,68 @@
+From 8c186dbb381cf51064fa8dbff7953468d5ae394c Mon Sep 17 00:00:00 2001
+From: John Thacker <johnthacker@gmail.com>
+Date: Sat, 26 Apr 2025 10:01:19 +0000
+Subject: [PATCH] column: Do not allow fence to go beyond column size when
+ prepending
+When moving the fence location forward when prepending, ensure
+that it does not go past the end of the buffer.
+Also get rid of unnecessary branching and strlen calls.
+Fix #20509
+(cherry picked from commit 53213086304caa3dfbdd7dc39c2668a3aea1a5c0)
+Co-authored-by: John Thacker <johnthacker@gmail.com>
+origin: https://gitlab.com/wireshark/wireshark/-/merge_requests/18076/diffs?commit_id=8c186dbb381cf51064fa8dbff7953468d5ae394c
+CVE: CVE-2025-5601
+Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/8c186dbb381cf51064fa8dbff7953468d5ae394c]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ epan/column-utils.c | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+diff --git a/epan/column-utils.c b/epan/column-utils.c
+index ad34cff..15e15fc 100644
+--- a/epan/column-utils.c
+++ b/epan/column-utils.c
+@@ -577,8 +577,13 @@ col_prepend_fstr(column_info *cinfo, const gint el, const gchar *format, ...)
+       /*
+        * Move the fence, unless it's at the beginning of the string.
+        */
+-      if (col_item->col_fence > 0)
+      if (col_item->col_fence > 0) {
+        /* pos >= strlen if truncation occurred; this saves on a strlen
+         * call and prevents adding a single byte character later if a
+         * a multibyte character was truncated (good). */
+         col_item->col_fence += (int) strlen(col_item->col_buf);
+        col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence);
+      }
+ 
+       g_strlcat(col_item->col_buf, orig, max_len);
+       col_item->col_data = col_item->col_buf;
+@@ -621,11 +626,14 @@ col_prepend_fence_fstr(column_info *cinfo, const gint el, const gchar *format, .
+        * Move the fence if it exists, else create a new fence at the
+        * end of the prepended data.
+        */
+-      if (col_item->col_fence > 0) {
+-        col_item->col_fence += (int) strlen(col_item->col_buf);
+-      } else {
+-        col_item->col_fence = (int) strlen(col_item->col_buf);
+-      }
+      /* pos >= strlen if truncation occurred; this saves on a strlen
+       * call and prevents adding a single byte character later if a
+       * a multibyte character was truncated (good). */
+      col_item->col_fence += (int) strlen(col_item->col_buf);
+      col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence);
+      /*
+       * Append the original data.
+       */
+       g_strlcat(col_item->col_buf, orig, max_len);
+       col_item->col_data = col_item->col_buf;
+     }
+-- 
+2.50.1
diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb
index 7502234d47..1e6d764d2a 100644
--- a/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb
+++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb
@@ -35,6 +35,7 @@ SRC_URI += " \
    file://CVE-2024-8645.patch \
    file://CVE-2026-0960.patch \
    file://CVE-2025-13945.patch \
+    file://CVE-2025-5601.patch \
 "
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"

diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-5601.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-5601.patch new file mode 100644 index 0000000000..622664f182 --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/CVE-2025-5601.patch
@@ -0,0 +1,68 @@
		1	From 8c186dbb381cf51064fa8dbff7953468d5ae394c Mon Sep 17 00:00:00 2001
		2	From: John Thacker <johnthacker@gmail.com>
		3	Date: Sat, 26 Apr 2025 10:01:19 +0000
		4	Subject: [PATCH] column: Do not allow fence to go beyond column size when
		5	prepending
		6
		7	When moving the fence location forward when prepending, ensure
		8	that it does not go past the end of the buffer.
		9
		10	Also get rid of unnecessary branching and strlen calls.
		11
		12	Fix #20509
		13
		14	(cherry picked from commit 53213086304caa3dfbdd7dc39c2668a3aea1a5c0)
		15
		16	Co-authored-by: John Thacker <johnthacker@gmail.com>
		17
		18	origin: https://gitlab.com/wireshark/wireshark/-/merge_requests/18076/diffs?commit_id=8c186dbb381cf51064fa8dbff7953468d5ae394c
		19
		20	CVE: CVE-2025-5601
		21	Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/8c186dbb381cf51064fa8dbff7953468d5ae394c]
		22	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		23	---
		24	epan/column-utils.c \| 20 ++++++++++++++------
		25	1 file changed, 14 insertions(+), 6 deletions(-)
		26
		27	diff --git a/epan/column-utils.c b/epan/column-utils.c
		28	index ad34cff..15e15fc 100644
		29	--- a/epan/column-utils.c
		30	+++ b/epan/column-utils.c
		31	@@ -577,8 +577,13 @@ col_prepend_fstr(column_info cinfo, const gint el, const gchar format, ...)
		32	/*
		33	* Move the fence, unless it's at the beginning of the string.
		34	*/
		35	- if (col_item->col_fence > 0)
		36	+ if (col_item->col_fence > 0) {
		37	+ /* pos >= strlen if truncation occurred; this saves on a strlen
		38	+ * call and prevents adding a single byte character later if a
		39	+ * a multibyte character was truncated (good). */
		40	col_item->col_fence += (int) strlen(col_item->col_buf);
		41	+ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence);
		42	+ }
		43
		44	g_strlcat(col_item->col_buf, orig, max_len);
		45	col_item->col_data = col_item->col_buf;
		46	@@ -621,11 +626,14 @@ col_prepend_fence_fstr(column_info cinfo, const gint el, const gchar format, .
		47	* Move the fence if it exists, else create a new fence at the
		48	* end of the prepended data.
		49	*/
		50	- if (col_item->col_fence > 0) {
		51	- col_item->col_fence += (int) strlen(col_item->col_buf);
		52	- } else {
		53	- col_item->col_fence = (int) strlen(col_item->col_buf);
		54	- }
		55	+ /* pos >= strlen if truncation occurred; this saves on a strlen
		56	+ * call and prevents adding a single byte character later if a
		57	+ * a multibyte character was truncated (good). */
		58	+ col_item->col_fence += (int) strlen(col_item->col_buf);
		59	+ col_item->col_fence = MIN((int)(max_len - 1), col_item->col_fence);
		60	+ /*
		61	+ * Append the original data.
		62	+ */
		63	g_strlcat(col_item->col_buf, orig, max_len);
		64	col_item->col_data = col_item->col_buf;
		65	}
		66	--
		67	2.50.1
		68


diff --git a/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb b/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb index 7502234d47..1e6d764d2a 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_3.4.16.bb
@@ -35,6 +35,7 @@ SRC_URI += " \
35	file://CVE-2024-8645.patch \	35	file://CVE-2024-8645.patch \
36	file://CVE-2026-0960.patch \	36	file://CVE-2026-0960.patch \
37	file://CVE-2025-13945.patch \	37	file://CVE-2025-13945.patch \
		38	file://CVE-2025-5601.patch \
38	"	39	"
39		40
40	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"	41	UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src"