.../libpcap/libpcap/CVE-2023-7256-pre1.patch | 37 --
.../libpcap/libpcap/CVE-2023-7256.patch | 365 ---------------
.../libpcap/libpcap/CVE-2024-8006.patch | 42 --
.../libpcap/libpcap/CVE-2025-11961-01.patch | 38 --
.../libpcap/libpcap/CVE-2025-11961-02.patch | 433 ------------------
.../libpcap/libpcap/CVE-2025-11964.patch | 33 --
.../{libpcap_1.10.4.bb => libpcap_1.10.6.bb} | 8 +-
7 files changed, 1 insertion(+), 955 deletions(-)
delete mode 100644
meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
delete mode 100644
meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
delete mode 100644
meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
delete mode 100644
meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
delete mode 100644
meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
delete mode 100644
meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
rename meta/recipes-connectivity/libpcap/{libpcap_1.10.4.bb =>
libpcap_1.10.6.bb} (83%)
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
deleted file mode 100644
index 64abfb85cd..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f Mon Sep 17 00:00:00 2001
-From: Rose <[email protected]>
-Date: Tue, 16 May 2023 12:37:11 -0400
-Subject: [PATCH] Remove unused variable retval in sock_present2network
-
-This quiets the compiler since it is not even returned anyway, and is a
misleading variable name.
-
-(cherry picked from commit c7b90298984c46d820d3cee79a96d24870b5f200)
-
-Upstream-Status: Backport
[https://github.com/the-tcpdump-group/libpcap/commit/73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f]
-CVE: CVE-2023-7256 #Dependency Patch
-Signed-off-by: Vijay Anusuri <[email protected]>
----
- sockutils.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/sockutils.c b/sockutils.c
-index 1c07f76fd1..6752f296af 100644
---- a/sockutils.c
-+++ b/sockutils.c
-@@ -2082,7 +2082,6 @@ int sock_getascii_addrport(const struct sockaddr_storage
*sockaddr, char *addres
- */
- int sock_present2network(const char *address, struct sockaddr_storage
*sockaddr, int addr_family, char *errbuf, int errbuflen)
- {
-- int retval;
- struct addrinfo *addrinfo;
- struct addrinfo hints;
-
-@@ -2090,7 +2089,7 @@ int sock_present2network(const char *address, struct
sockaddr_storage *sockaddr,
-
- hints.ai_family = addr_family;
-
-- if ((retval = sock_initaddress(address, "22222" /* fake port */, &hints,
&addrinfo, errbuf, errbuflen)) == -1)
-+ if (sock_initaddress(address, "22222" /* fake port */, &hints,
&addrinfo, errbuf, errbuflen) == -1)
- return 0;
-
- if (addrinfo->ai_family == PF_INET)
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
deleted file mode 100644
index fffcb2704a..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
+++ /dev/null
@@ -1,365 +0,0 @@
-From 2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d Mon Sep 17 00:00:00 2001
-From: Guy Harris <[email protected]>
-Date: Thu, 28 Sep 2023 00:37:57 -0700
-Subject: [PATCH] Have sock_initaddress() return the list of addrinfo
- structures or NULL.
-
-Its return address is currently 0 for success and -1 for failure, with a
-pointer to the first element of the list of struct addrinfos returned
-through a pointer on success; change it to return that pointer on
-success and NULL on failure.
-
-That way, we don't have to worry about what happens to the pointer
-pointeed to by the argument in question on failure; we know that we got
-NULL back if no struct addrinfos were found because getaddrinfo()
-failed. Thus, we know that we have something to free iff
-sock_initaddress() returned a pointer to that something rather than
-returning NULL.
-
-This avoids a double-free in some cases.
-
-This is apparently CVE-2023-40400.
-
-(backported from commit 262e4f34979872d822ccedf9f318ed89c4d31c03)
-
-Upstream-Status: Backport
[https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d]
-CVE: CVE-2023-7256
-Signed-off-by: Vijay Anusuri <[email protected]>
----
- pcap-rpcap.c | 48 ++++++++++++++++++++--------------------
- rpcapd/daemon.c | 8 +++++--
- rpcapd/rpcapd.c | 8 +++++--
- sockutils.c | 58 ++++++++++++++++++++++++++++---------------------
- sockutils.h | 5 ++---
- 5 files changed, 72 insertions(+), 55 deletions(-)
-
-diff --git a/pcap-rpcap.c b/pcap-rpcap.c
-index ef0cd6e49c..f1992e4aea 100644
---- a/pcap-rpcap.c
-+++ b/pcap-rpcap.c
-@@ -1024,7 +1024,6 @@ rpcap_remoteact_getsock(const char *host, int *error,
char *errbuf)
- {
- struct activehosts *temp; /* temp var needed to
scan the host list chain */
- struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to
translate between hostname to its address */
-- int retval;
-
- /* retrieve the network address corresponding to 'host' */
- addrinfo = NULL;
-@@ -1032,9 +1031,9 @@ rpcap_remoteact_getsock(const char *host, int *error,
char *errbuf)
- hints.ai_family = PF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
-
-- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
-+ addrinfo = sock_initaddress(host, NULL, &hints, errbuf,
- PCAP_ERRBUF_SIZE);
-- if (retval != 0)
-+ if (addrinfo == NULL)
- {
- *error = 1;
- return NULL;
-@@ -1186,7 +1185,9 @@ static int pcap_startcapture_remote(pcap_t *fp)
- hints.ai_flags = AI_PASSIVE; /* Data connection is opened by
the server toward the client */
-
- /* Let's the server pick up a free network port for us */
-- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf,
PCAP_ERRBUF_SIZE) == -1)
-+ addrinfo = sock_initaddress(NULL, NULL, &hints, fp->errbuf,
-+ PCAP_ERRBUF_SIZE);
-+ if (addrinfo == NULL)
- goto error_nodiscard;
-
- if ((sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER,
-@@ -1311,7 +1312,9 @@ static int pcap_startcapture_remote(pcap_t *fp)
- snprintf(portstring, PCAP_BUF_SIZE, "%d",
ntohs(startcapreply.portdata));
-
- /* Let's the server pick up a free network port for us
*/
-- if (sock_initaddress(host, portstring, &hints, &addrinfo,
fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
-+ addrinfo = sock_initaddress(host, portstring, &hints,
-+ fp->errbuf, PCAP_ERRBUF_SIZE);
-+ if (addrinfo == NULL)
- goto error;
-
- if ((sockdata = sock_open(host, addrinfo, SOCKOPEN_CLIENT,
0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
-@@ -2340,16 +2343,16 @@ rpcap_setup_session(const char *source, struct
pcap_rmtauth *auth,
- if (port[0] == 0)
- {
- /* the user chose not to specify the port */
-- if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT,
-- &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
-- return -1;
-+ addrinfo = sock_initaddress(host, RPCAP_DEFAULT_NETPORT,
-+ &hints, errbuf, PCAP_ERRBUF_SIZE);
- }
- else
- {
-- if (sock_initaddress(host, port, &hints, &addrinfo,
-- errbuf, PCAP_ERRBUF_SIZE) == -1)
-- return -1;
-+ addrinfo = sock_initaddress(host, port, &hints,
-+ errbuf, PCAP_ERRBUF_SIZE);
- }
-+ if (addrinfo == NULL)
-+ return -1;
-
- if ((*sockctrlp = sock_open(host, addrinfo, SOCKOPEN_CLIENT, 0,
- errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
-@@ -2950,19 +2953,19 @@ SOCKET pcap_remoteact_accept_ex(const char *address,
const char *port, const cha
- /* Do the work */
- if ((port == NULL) || (port[0] == 0))
- {
-- if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints,
&addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
-- {
-- return (SOCKET)-2;
-- }
-+ addrinfo = sock_initaddress(address,
-+ RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, errbuf,
-+ PCAP_ERRBUF_SIZE);
- }
- else
- {
-- if (sock_initaddress(address, port, &hints, &addrinfo, errbuf,
PCAP_ERRBUF_SIZE) == -1)
-- {
-- return (SOCKET)-2;
-- }
-+ addrinfo = sock_initaddress(address, port, &hints, errbuf,
-+ PCAP_ERRBUF_SIZE);
-+ }
-+ if (addrinfo == NULL)
-+ {
-+ return (SOCKET)-2;
- }
--
-
- if ((sockmain = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1, errbuf,
PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
- {
-@@ -3122,7 +3125,6 @@ int pcap_remoteact_close(const char *host, char *errbuf)
- {
- struct activehosts *temp, *prev; /* temp var needed to scan the
host list chain */
- struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to
translate between hostname to its address */
-- int retval;
-
- temp = activeHosts;
- prev = NULL;
-@@ -3133,9 +3135,9 @@ int pcap_remoteact_close(const char *host, char *errbuf)
- hints.ai_family = PF_UNSPEC;
- hints.ai_socktype = SOCK_STREAM;
-
-- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
-+ addrinfo = sock_initaddress(host, NULL, &hints, errbuf,
- PCAP_ERRBUF_SIZE);
-- if (retval != 0)
-+ if (addrinfo == NULL)
- {
- return -1;
- }
-diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
-index 8d620dd604..b04b29f107 100644
---- a/rpcapd/daemon.c
-+++ b/rpcapd/daemon.c
-@@ -2085,7 +2085,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars
*pars, uint32 plen,
- goto error;
- }
-
-- if (sock_initaddress(peerhost, portdata, &hints, &addrinfo,
errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
-+ addrinfo = sock_initaddress(peerhost, portdata, &hints,
-+ errmsgbuf, PCAP_ERRBUF_SIZE);
-+ if (addrinfo == NULL)
- goto error;
-
- if ((session->sockdata = sock_open(peerhost, addrinfo,
SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
-@@ -2096,7 +2098,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars
*pars, uint32 plen,
- hints.ai_flags = AI_PASSIVE;
-
- // Make the server socket pick up a free network port for us
-- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf,
PCAP_ERRBUF_SIZE) == -1)
-+ addrinfo = sock_initaddress(NULL, NULL, &hints, errmsgbuf,
-+ PCAP_ERRBUF_SIZE);
-+ if (addrinfo == NULL)
- goto error;
-
- if ((session->sockdata = sock_open(NULL, addrinfo,
SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE))
== INVALID_SOCKET)
-diff --git a/rpcapd/rpcapd.c b/rpcapd/rpcapd.c
-index e1f3f05299..d166522c9f 100644
---- a/rpcapd/rpcapd.c
-+++ b/rpcapd/rpcapd.c
-@@ -611,7 +611,9 @@ void main_startup(void)
- //
- // Get a list of sockets on which to listen.
- //
-- if (sock_initaddress((address[0]) ? address : NULL, port,
&mainhints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
-+ addrinfo = sock_initaddress((address[0]) ? address : NULL,
-+ port, &mainhints, errbuf, PCAP_ERRBUF_SIZE);
-+ if (addrinfo == NULL)
- {
- rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf);
- return;
-@@ -1350,7 +1352,9 @@ main_active(void *ptr)
- memset(errbuf, 0, sizeof(errbuf));
-
- // Do the work
-- if (sock_initaddress(activepars->address, activepars->port, &hints,
&addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
-+ addrinfo = sock_initaddress(activepars->address, activepars->port,
-+ &hints, errbuf, PCAP_ERRBUF_SIZE);
-+ if (addrinfo == NULL)
- {
- rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf);
- return 0;
-diff --git a/sockutils.c b/sockutils.c
-index a1bfa1b5e2..823c2363e0 100644
---- a/sockutils.c
-+++ b/sockutils.c
-@@ -1069,20 +1069,21 @@ get_gai_errstring(char *errbuf, int errbuflen, const
char *prefix, int err,
- * \param errbuflen: length of the buffer that will contains the error. The
error message cannot be
- * larger than 'errbuflen - 1' because the last char is reserved for the
string terminator.
- *
-- * \return '0' if everything is fine, '-1' if some errors occurred. The error
message is returned
-- * in the 'errbuf' variable. The addrinfo variable that has to be used in the
following sockets calls is
-- * returned into the addrinfo parameter.
-+ * \return a pointer to the first element in a list of addrinfo structures
-+ * if everything is fine, NULL if some errors occurred. The error message
-+ * is returned in the 'errbuf' variable.
- *
-- * \warning The 'addrinfo' variable has to be deleted by the programmer by
calling freeaddrinfo() when
-- * it is no longer needed.
-+ * \warning The list of addrinfo structures returned has to be deleted by
-+ * the programmer by calling freeaddrinfo() when it is no longer needed.
- *
- * \warning This function requires the 'hints' variable as parameter. The
semantic of this variable is the same
- * of the one of the corresponding variable used into the standard
getaddrinfo() socket function. We suggest
- * the programmer to look at that function in order to set the 'hints'
variable appropriately.
- */
--int sock_initaddress(const char *host, const char *port,
-- struct addrinfo *hints, struct addrinfo **addrinfo, char *errbuf, int
errbuflen)
-+struct addrinfo *sock_initaddress(const char *host, const char *port,
-+ struct addrinfo *hints, char *errbuf, int errbuflen)
- {
-+ struct addrinfo *addrinfo;
- int retval;
-
- /*
-@@ -1094,9 +1095,13 @@ int sock_initaddress(const char *host, const char *port,
- * as those messages won't talk about a problem with the port if
- * no port was specified.
- */
-- retval = getaddrinfo(host, port == NULL ? "0" : port, hints, addrinfo);
-+ retval = getaddrinfo(host, port == NULL ? "0" : port, hints, &addrinfo);
- if (retval != 0)
- {
-+ /*
-+ * That call failed.
-+ * Determine whether the problem is that the host is bad.
-+ */
- if (errbuf)
- {
- if (host != NULL && port != NULL) {
-@@ -1108,7 +1113,7 @@ int sock_initaddress(const char *host, const char *port,
- int try_retval;
-
- try_retval = getaddrinfo(host, NULL, hints,
-- addrinfo);
-+ &addrinfo);
- if (try_retval == 0) {
- /*
- * Worked with just the host,
-@@ -1117,14 +1122,16 @@ int sock_initaddress(const char *host, const char
*port,
- *
- * Free up the address info first.
- */
-- freeaddrinfo(*addrinfo);
-+ freeaddrinfo(addrinfo);
- get_gai_errstring(errbuf, errbuflen,
- "", retval, NULL, port);
- } else {
- /*
- * Didn't work with just the host,
- * so assume the problem is
-- * with the host.
-+ * with the host; we assume
-+ * the original error indicates
-+ * the underlying problem.
- */
- get_gai_errstring(errbuf, errbuflen,
- "", retval, host, NULL);
-@@ -1132,13 +1139,14 @@ int sock_initaddress(const char *host, const char
*port,
- } else {
- /*
- * Either the host or port was null, so
-- * there's nothing to determine.
-+ * there's nothing to determine; report
-+ * the error from the original call.
- */
- get_gai_errstring(errbuf, errbuflen, "",
- retval, host, port);
- }
- }
-- return -1;
-+ return NULL;
- }
- /*
- * \warning SOCKET: I should check all the accept() in order to bind to
all addresses in case
-@@ -1153,30 +1161,28 @@ int sock_initaddress(const char *host, const char
*port,
- * ignore all addresses that are neither? (What, no IPX
- * support? :-))
- */
-- if (((*addrinfo)->ai_family != PF_INET) &&
-- ((*addrinfo)->ai_family != PF_INET6))
-+ if ((addrinfo->ai_family != PF_INET) &&
-+ (addrinfo->ai_family != PF_INET6))
- {
- if (errbuf)
- snprintf(errbuf, errbuflen, "getaddrinfo(): socket type not
supported");
-- freeaddrinfo(*addrinfo);
-- *addrinfo = NULL;
-- return -1;
-+ freeaddrinfo(addrinfo);
-+ return NULL;
- }
-
- /*
- * You can't do multicast (or broadcast) TCP.
- */
-- if (((*addrinfo)->ai_socktype == SOCK_STREAM) &&
-- (sock_ismcastaddr((*addrinfo)->ai_addr) == 0))
-+ if ((addrinfo->ai_socktype == SOCK_STREAM) &&
-+ (sock_ismcastaddr(addrinfo->ai_addr) == 0))
- {
- if (errbuf)
- snprintf(errbuf, errbuflen, "getaddrinfo(): multicast
addresses are not valid when using TCP streams");
-- freeaddrinfo(*addrinfo);
-- *addrinfo = NULL;
-- return -1;
-+ freeaddrinfo(addrinfo);
-+ return NULL;
- }
-
-- return 0;
-+ return addrinfo;
- }
-
- /*
-@@ -2089,7 +2095,9 @@ int sock_present2network(const char *address, struct
sockaddr_storage *sockaddr,
-
- hints.ai_family = addr_family;
-
-- if (sock_initaddress(address, "22222" /* fake port */, &hints,
&addrinfo, errbuf, errbuflen) == -1)
-+ addrinfo = sock_initaddress(address, "22222" /* fake port */, &hints,
-+ errbuf, errbuflen);
-+ if (addrinfo == NULL)
- return 0;
-
- if (addrinfo->ai_family == PF_INET)
-diff --git a/sockutils.h b/sockutils.h
-index a488d8fcb4..30b8cfe0b7 100644
---- a/sockutils.h
-+++ b/sockutils.h
-@@ -138,9 +138,8 @@ void sock_fmterrmsg(char *errbuf, size_t errbuflen, int
errcode,
- PCAP_FORMAT_STRING(const char *fmt), ...) PCAP_PRINTFLIKE(4, 5);
- void sock_geterrmsg(char *errbuf, size_t errbuflen,
- PCAP_FORMAT_STRING(const char *fmt), ...) PCAP_PRINTFLIKE(3, 4);
--int sock_initaddress(const char *address, const char *port,
-- struct addrinfo *hints, struct addrinfo **addrinfo,
-- char *errbuf, int errbuflen);
-+struct addrinfo *sock_initaddress(const char *address, const char *port,
-+ struct addrinfo *hints, char *errbuf, int errbuflen);
- int sock_recv(SOCKET sock, SSL *, void *buffer, size_t size, int receiveall,
- char *errbuf, int errbuflen);
- int sock_recv_dgram(SOCKET sock, SSL *, void *buffer, size_t size,
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
b/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
deleted file mode 100644
index 6819aedd20..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 8a633ee5b9ecd9d38a587ac9b204e2380713b0d6 Mon Sep 17 00:00:00 2001
-From: Nicolas Badoux <[email protected]>
-Date: Mon, 19 Aug 2024 12:31:53 +0200
-Subject: [PATCH] makes pcap_findalldevs_ex errors out if the directory does
- not exist
-
-(backported from commit 0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29)
-
-Upstream-Status: Backport
[https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6]
-CVE: CVE-2024-8006
-Signed-off-by: Vijay Anusuri <[email protected]>
----
- pcap-new.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/pcap-new.c b/pcap-new.c
-index be91b3f8db..d449ee623c 100644
---- a/pcap-new.c
-+++ b/pcap-new.c
-@@ -230,6 +230,13 @@ int pcap_findalldevs_ex(const char *source, struct
pcap_rmtauth *auth, pcap_if_t
- #else
- /* opening the folder */
- unixdir= opendir(path);
-+ if (unixdir == NULL) {
-+ DIAG_OFF_FORMAT_TRUNCATION
-+ snprintf(errbuf, PCAP_ERRBUF_SIZE,
-+ "Error when listing files: does folder '%s'
exist?", path);
-+ DIAG_ON_FORMAT_TRUNCATION
-+ return -1;
-+ }
-
- /* get the first file into it */
- filedata= readdir(unixdir);
-@@ -237,7 +244,7 @@ int pcap_findalldevs_ex(const char *source, struct
pcap_rmtauth *auth, pcap_if_t
- if (filedata == NULL)
- {
- DIAG_OFF_FORMAT_TRUNCATION
-- snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing
files: does folder '%s' exist?", path);
-+ snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing
files: does folder '%s' contain files?", path);
- DIAG_ON_FORMAT_TRUNCATION
- closedir(unixdir);
- return -1;
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
deleted file mode 100644
index 73c3ab3f5c..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 7224be0fe2f4beb916b7b69141f478facd0f0634 Mon Sep 17 00:00:00 2001
-From: Denis Ovsienko <[email protected]>
-Date: Sat, 27 Dec 2025 21:36:11 +0000
-Subject: [PATCH] Rename one of the xdtoi() copies to simplify backporting.
-
-CVE: CVE-2025-11961
-Upstream-Status: Backport
[https://github.com/the-tcpdump-group/libpcap/commit/7224be0fe2f4beb916b7b69141f478facd0f0634]
-Signed-off-by: Peter Marko <[email protected]>
----
- nametoaddr.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/nametoaddr.c b/nametoaddr.c
-index dc75495c..bdaacbf1 100644
---- a/nametoaddr.c
-+++ b/nametoaddr.c
-@@ -646,7 +646,7 @@ pcap_nametollc(const char *s)
-
- /* Hex digit to 8-bit unsigned integer. */
- static inline u_char
--xdtoi(u_char c)
-+pcapint_xdtoi(u_char c)
- {
- if (c >= '0' && c <= '9')
- return (u_char)(c - '0');
-@@ -728,10 +728,10 @@ pcap_ether_aton(const char *s)
- while (*s) {
- if (*s == ':' || *s == '.' || *s == '-')
- s += 1;
-- d = xdtoi(*s++);
-+ d = pcapint_xdtoi(*s++);
- if (PCAP_ISXDIGIT(*s)) {
- d <<= 4;
-- d |= xdtoi(*s++);
-+ d |= pcapint_xdtoi(*s++);
- }
- *ep++ = d;
- }
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
deleted file mode 100644
index 2dca7908ef..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
+++ /dev/null
@@ -1,433 +0,0 @@
-From b2d2f9a9a0581c40780bde509f7cc715920f1c02 Mon Sep 17 00:00:00 2001
-From: Denis Ovsienko <[email protected]>
-Date: Fri, 19 Dec 2025 17:31:13 +0000
-Subject: [PATCH] CVE-2025-11961: Fix OOBR and OOBW in pcap_ether_aton().
-
-pcap_ether_aton() has for a long time required its string argument to be
-a well-formed MAC-48 address, which is always the case when the argument
-comes from other libpcap code, so the function has never validated the
-input and used a simple loop to parse any of the three common MAC-48
-address formats. However, the function has also been a part of the
-public API, so calling it directly with a malformed address can cause
-the loop to read beyond the end of the input string and/or to write
-beyond the end of the allocated output buffer.
-
-To handle invalid input more appropriately, replace the simple loop with
-new functions and require the input to match a supported address format.
-
-This problem was reported by Jin Wei, Kunwei Qian and Ping Chen.
-
-(backported from commit dd08e53e9380e217ae7c7768da9cc3d7bf37bf83)
-
-CVE: CVE-2025-11961
-Upstream-Status: Backport
[https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02]
-Signed-off-by: Peter Marko <[email protected]>
----
- gencode.c | 5 +
- nametoaddr.c | 367 +++++++++++++++++++++++++++++++++++++++++++++++----
- 2 files changed, 349 insertions(+), 23 deletions(-)
-
-diff --git a/gencode.c b/gencode.c
-index 3ddd15f8..76fb2d82 100644
---- a/gencode.c
-+++ b/gencode.c
-@@ -7228,6 +7228,11 @@ gen_ecode(compiler_state_t *cstate, const char *s,
struct qual q)
- return (NULL);
-
- if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
-+ /*
-+ * Because the lexer guards the input string format, in this
-+ * context the function returns NULL iff the implicit malloc()
-+ * has failed.
-+ */
- cstate->e = pcap_ether_aton(s);
- if (cstate->e == NULL)
- bpf_error(cstate, "malloc");
-diff --git a/nametoaddr.c b/nametoaddr.c
-index f9fcd288..f50d0da5 100644
---- a/nametoaddr.c
-+++ b/nametoaddr.c
-@@ -703,39 +703,360 @@ __pcap_atodn(const char *s, bpf_u_int32 *addr)
- return(32);
- }
-
-+// Man page: "xxxxxxxxxxxx", regexp: "^[0-9a-fA-F]{12}$".
-+static u_char
-+pcapint_atomac48_xxxxxxxxxxxx(const char *s, uint8_t *addr)
-+{
-+ if (strlen(s) == 12 &&
-+ PCAP_ISXDIGIT(s[0]) &&
-+ PCAP_ISXDIGIT(s[1]) &&
-+ PCAP_ISXDIGIT(s[2]) &&
-+ PCAP_ISXDIGIT(s[3]) &&
-+ PCAP_ISXDIGIT(s[4]) &&
-+ PCAP_ISXDIGIT(s[5]) &&
-+ PCAP_ISXDIGIT(s[6]) &&
-+ PCAP_ISXDIGIT(s[7]) &&
-+ PCAP_ISXDIGIT(s[8]) &&
-+ PCAP_ISXDIGIT(s[9]) &&
-+ PCAP_ISXDIGIT(s[10]) &&
-+ PCAP_ISXDIGIT(s[11])) {
-+ addr[0] = pcapint_xdtoi(s[0]) << 4 | pcapint_xdtoi(s[1]);
-+ addr[1] = pcapint_xdtoi(s[2]) << 4 | pcapint_xdtoi(s[3]);
-+ addr[2] = pcapint_xdtoi(s[4]) << 4 | pcapint_xdtoi(s[5]);
-+ addr[3] = pcapint_xdtoi(s[6]) << 4 | pcapint_xdtoi(s[7]);
-+ addr[4] = pcapint_xdtoi(s[8]) << 4 | pcapint_xdtoi(s[9]);
-+ addr[5] = pcapint_xdtoi(s[10]) << 4 | pcapint_xdtoi(s[11]);
-+ return 1;
-+ }
-+ return 0;
-+}
-+
-+// Man page: "xxxx.xxxx.xxxx", regexp:
"^[0-9a-fA-F]{4}(\.[0-9a-fA-F]{4}){2}$".
-+static u_char
-+pcapint_atomac48_xxxx_3_times(const char *s, uint8_t *addr)
-+{
-+ const char sep = '.';
-+ if (strlen(s) == 14 &&
-+ PCAP_ISXDIGIT(s[0]) &&
-+ PCAP_ISXDIGIT(s[1]) &&
-+ PCAP_ISXDIGIT(s[2]) &&
-+ PCAP_ISXDIGIT(s[3]) &&
-+ s[4] == sep &&
-+ PCAP_ISXDIGIT(s[5]) &&
-+ PCAP_ISXDIGIT(s[6]) &&
-+ PCAP_ISXDIGIT(s[7]) &&
-+ PCAP_ISXDIGIT(s[8]) &&
-+ s[9] == sep &&
-+ PCAP_ISXDIGIT(s[10]) &&
-+ PCAP_ISXDIGIT(s[11]) &&
-+ PCAP_ISXDIGIT(s[12]) &&
-+ PCAP_ISXDIGIT(s[13])) {
-+ addr[0] = pcapint_xdtoi(s[0]) << 4 | pcapint_xdtoi(s[1]);
-+ addr[1] = pcapint_xdtoi(s[2]) << 4 | pcapint_xdtoi(s[3]);
-+ addr[2] = pcapint_xdtoi(s[5]) << 4 | pcapint_xdtoi(s[6]);
-+ addr[3] = pcapint_xdtoi(s[7]) << 4 | pcapint_xdtoi(s[8]);
-+ addr[4] = pcapint_xdtoi(s[10]) << 4 | pcapint_xdtoi(s[11]);
-+ addr[5] = pcapint_xdtoi(s[12]) << 4 | pcapint_xdtoi(s[13]);
-+ return 1;
-+ }
-+ return 0;
-+}
-+
- /*
-- * Convert 's', which can have the one of the forms:
-+ * Man page: "xx:xx:xx:xx:xx:xx", regexp:
"^[0-9a-fA-F]{1,2}(:[0-9a-fA-F]{1,2}){5}$".
-+ * Man page: "xx-xx-xx-xx-xx-xx", regexp:
"^[0-9a-fA-F]{1,2}(-[0-9a-fA-F]{1,2}){5}$".
-+ * Man page: "xx.xx.xx.xx.xx.xx", regexp:
"^[0-9a-fA-F]{1,2}(\.[0-9a-fA-F]{1,2}){5}$".
-+ * (Any "xx" above can be "x", which is equivalent to "0x".)
- *
-- * "xx:xx:xx:xx:xx:xx"
-- * "xx.xx.xx.xx.xx.xx"
-- * "xx-xx-xx-xx-xx-xx"
-- * "xxxx.xxxx.xxxx"
-- * "xxxxxxxxxxxx"
-+ * An equivalent (and parametrisable for EUI-64) FSM could be implemented
using
-+ * a smaller graph, but that graph would be neither acyclic nor planar nor
-+ * trivial to verify.
- *
-- * (or various mixes of ':', '.', and '-') into a new
-- * ethernet address. Assumes 's' is well formed.
-+ * |
-+ * [.] v
-+ * +<---------- START
-+ * | |
-+ * | | [0-9a-fA-F]
-+ * | [.] v
-+ * +<--------- BYTE0_X ----------+
-+ * | | |
-+ * | | [0-9a-fA-F] |
-+ * | [.] v |
-+ * +<--------- BYTE0_XX | [:\.-]
-+ * | | |
-+ * | | [:\.-] |
-+ * | [.] v |
-+ * +<----- BYTE0_SEP_BYTE1 <-----+
-+ * | |
-+ * | | [0-9a-fA-F]
-+ * | [.] v
-+ * +<--------- BYTE1_X ----------+
-+ * | | |
-+ * | | [0-9a-fA-F] |
-+ * | [.] v |
-+ * +<--------- BYTE1_XX | <sep>
-+ * | | |
-+ * | | <sep> |
-+ * | [.] v |
-+ * +<----- BYTE1_SEP_BYTE2 <-----+
-+ * | |
-+ * | | [0-9a-fA-F]
-+ * | [.] v
-+ * +<--------- BYTE2_X ----------+
-+ * | | |
-+ * | | [0-9a-fA-F] |
-+ * | [.] v |
-+ * +<--------- BYTE2_XX | <sep>
-+ * | | |
-+ * | | <sep> |
-+ * | [.] v |
-+ * +<----- BYTE2_SEP_BYTE3 <-----+
-+ * | |
-+ * | | [0-9a-fA-F]
-+ * | [.] v
-+ * +<--------- BYTE3_X ----------+
-+ * | | |
-+ * | | [0-9a-fA-F] |
-+ * | [.] v |
-+ * +<--------- BYTE3_XX | <sep>
-+ * | | |
-+ * | | <sep> |
-+ * | [.] v |
-+ * +<----- BYTE3_SEP_BYTE4 <-----+
-+ * | |
-+ * | | [0-9a-fA-F]
-+ * | [.] v
-+ * +<--------- BYTE4_X ----------+
-+ * | | |
-+ * | | [0-9a-fA-F] |
-+ * | [.] v |
-+ * +<--------- BYTE4_XX | <sep>
-+ * | | |
-+ * | | <sep> |
-+ * | [.] v |
-+ * +<----- BYTE4_SEP_BYTE5 <-----+
-+ * | |
-+ * | | [0-9a-fA-F]
-+ * | [.] v
-+ * +<--------- BYTE5_X ----------+
-+ * | | |
-+ * | | [0-9a-fA-F] |
-+ * | [.] v |
-+ * +<--------- BYTE5_XX | \0
-+ * | | |
-+ * | | \0 |
-+ * | | v
-+ * +--> (reject) +---------> (accept)
-+ *
-+ */
-+static u_char
-+pcapint_atomac48_x_xx_6_times(const char *s, uint8_t *addr)
-+{
-+ enum {
-+ START,
-+ BYTE0_X,
-+ BYTE0_XX,
-+ BYTE0_SEP_BYTE1,
-+ BYTE1_X,
-+ BYTE1_XX,
-+ BYTE1_SEP_BYTE2,
-+ BYTE2_X,
-+ BYTE2_XX,
-+ BYTE2_SEP_BYTE3,
-+ BYTE3_X,
-+ BYTE3_XX,
-+ BYTE3_SEP_BYTE4,
-+ BYTE4_X,
-+ BYTE4_XX,
-+ BYTE4_SEP_BYTE5,
-+ BYTE5_X,
-+ BYTE5_XX,
-+ } fsm_state = START;
-+ uint8_t buf[6];
-+ const char *seplist = ":.-";
-+ char sep;
-+
-+ while (*s) {
-+ switch (fsm_state) {
-+ case START:
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[0] = pcapint_xdtoi(*s);
-+ fsm_state = BYTE0_X;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE0_X:
-+ if (strchr(seplist, *s)) {
-+ sep = *s;
-+ fsm_state = BYTE0_SEP_BYTE1;
-+ break;
-+ }
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[0] = buf[0] << 4 | pcapint_xdtoi(*s);
-+ fsm_state = BYTE0_XX;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE0_XX:
-+ if (strchr(seplist, *s)) {
-+ sep = *s;
-+ fsm_state = BYTE0_SEP_BYTE1;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE0_SEP_BYTE1:
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[1] = pcapint_xdtoi(*s);
-+ fsm_state = BYTE1_X;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE1_X:
-+ if (*s == sep) {
-+ fsm_state = BYTE1_SEP_BYTE2;
-+ break;
-+ }
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[1] = buf[1] << 4 | pcapint_xdtoi(*s);
-+ fsm_state = BYTE1_XX;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE1_XX:
-+ if (*s == sep) {
-+ fsm_state = BYTE1_SEP_BYTE2;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE1_SEP_BYTE2:
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[2] = pcapint_xdtoi(*s);
-+ fsm_state = BYTE2_X;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE2_X:
-+ if (*s == sep) {
-+ fsm_state = BYTE2_SEP_BYTE3;
-+ break;
-+ }
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[2] = buf[2] << 4 | pcapint_xdtoi(*s);
-+ fsm_state = BYTE2_XX;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE2_XX:
-+ if (*s == sep) {
-+ fsm_state = BYTE2_SEP_BYTE3;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE2_SEP_BYTE3:
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[3] = pcapint_xdtoi(*s);
-+ fsm_state = BYTE3_X;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE3_X:
-+ if (*s == sep) {
-+ fsm_state = BYTE3_SEP_BYTE4;
-+ break;
-+ }
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[3] = buf[3] << 4 | pcapint_xdtoi(*s);
-+ fsm_state = BYTE3_XX;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE3_XX:
-+ if (*s == sep) {
-+ fsm_state = BYTE3_SEP_BYTE4;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE3_SEP_BYTE4:
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[4] = pcapint_xdtoi(*s);
-+ fsm_state = BYTE4_X;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE4_X:
-+ if (*s == sep) {
-+ fsm_state = BYTE4_SEP_BYTE5;
-+ break;
-+ }
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[4] = buf[4] << 4 | pcapint_xdtoi(*s);
-+ fsm_state = BYTE4_XX;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE4_XX:
-+ if (*s == sep) {
-+ fsm_state = BYTE4_SEP_BYTE5;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE4_SEP_BYTE5:
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[5] = pcapint_xdtoi(*s);
-+ fsm_state = BYTE5_X;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE5_X:
-+ if (PCAP_ISXDIGIT(*s)) {
-+ buf[5] = buf[5] << 4 | pcapint_xdtoi(*s);
-+ fsm_state = BYTE5_XX;
-+ break;
-+ }
-+ goto reject;
-+ case BYTE5_XX:
-+ goto reject;
-+ } // switch
-+ s++;
-+ } // while
-+
-+ if (fsm_state == BYTE5_X || fsm_state == BYTE5_XX) {
-+ // accept
-+ memcpy(addr, buf, sizeof(buf));
-+ return 1;
-+ }
-+
-+reject:
-+ return 0;
-+}
-+
-+// The 'addr' argument must point to an array of at least 6 elements.
-+static int
-+pcapint_atomac48(const char *s, uint8_t *addr)
-+{
-+ return s && (
-+ pcapint_atomac48_xxxxxxxxxxxx(s, addr) ||
-+ pcapint_atomac48_xxxx_3_times(s, addr) ||
-+ pcapint_atomac48_x_xx_6_times(s, addr)
-+ );
-+}
-+
-+/*
-+ * If 's' is a MAC-48 address in one of the forms documented in pcap-filter(7)
-+ * for "ether host", return a pointer to an allocated buffer with the binary
-+ * value of the address. Return NULL on any error.
- */
- u_char *
- pcap_ether_aton(const char *s)
- {
-- register u_char *ep, *e;
-- register u_char d;
-+ uint8_t tmp[6];
-+ if (! pcapint_atomac48(s, tmp))
-+ return (NULL);
-
-- e = ep = (u_char *)malloc(6);
-+ u_char *e = malloc(6);
- if (e == NULL)
- return (NULL);
--
-- while (*s) {
-- if (*s == ':' || *s == '.' || *s == '-')
-- s += 1;
-- d = pcapint_xdtoi(*s++);
-- if (PCAP_ISXDIGIT(*s)) {
-- d <<= 4;
-- d |= pcapint_xdtoi(*s++);
-- }
-- *ep++ = d;
-- }
--
-+ memcpy(e, tmp, sizeof(tmp));
- return (e);
- }
-
diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
deleted file mode 100644
index 003d21fb1f..0000000000
--- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 7fabf607f2319a36a0bd78444247180acb838e69 Mon Sep 17 00:00:00 2001
-From: Guy Harris <[email protected]>
-Date: Sun, 7 Sep 2025 12:51:56 -0700
-Subject: [PATCH] Fix a copy-and-pasteo in utf_16le_to_utf_8_truncated().
-
-For the four octets of UTF-8 case, it was decrementing the remaining
-buffer length by 3, not 4.
-
-Thanks to a team of developers from the Univesity of Waterloo for
-reporting this.
-
-(cherry picked from commit aebfca1aea2fc8c177760a26e8f4de27b51d1b3b)
-
-CVE: CVE-2025-11964
-Upstream-Status: Backport
[https://github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69]
-Signed-off-by: Peter Marko <[email protected]>
----
- fmtutils.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/fmtutils.c b/fmtutils.c
-index a5a4fe62..78a0f8b7 100644
---- a/fmtutils.c
-+++ b/fmtutils.c
-@@ -235,7 +235,7 @@ utf_16le_to_utf_8_truncated(const wchar_t *utf_16, char
*utf_8,
- *utf_8++ = ((uc >> 12) & 0x3F) | 0x80;
- *utf_8++ = ((uc >> 6) & 0x3F) | 0x80;
- *utf_8++ = ((uc >> 0) & 0x3F) | 0x80;
-- utf_8_len -= 3;
-+ utf_8_len -= 4;
- }
- }
-
diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb
b/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb
similarity index 83%
rename from meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb
rename to meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb
index ee7d7540f6..5cba790012 100644
--- a/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb
+++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb
@@ -11,15 +11,9 @@ LIC_FILES_CHKSUM =
"file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
DEPENDS = "flex-native bison-native"
SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
- file://CVE-2023-7256-pre1.patch \
- file://CVE-2023-7256.patch \
- file://CVE-2024-8006.patch \
- file://CVE-2025-11961-01.patch \
- file://CVE-2025-11961-02.patch \
- file://CVE-2025-11964.patch \
"
-SRC_URI[sha256sum] = "ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f"
+SRC_URI[sha256sum] =
"872dd11337fe1ab02ad9d4fee047c9da244d695c6ddf34e2ebb733efd4ed8aa9"
inherit autotools binconfig-disabled pkgconfig
