Contains fix for CVE-2025-0962. Removed CVE-2025-9817.patch because it is included in this release.
Add a patch that allows it building for native: it is looking for iconv.h header as a new dependency for (optional) zlib-ng support, however it is not installed in the sysroot for native builds. Add a patch that removes this hard dependency for native builds. Changelogs: https://www.wireshark.org/docs/relnotes/wireshark-4.6.3.html https://www.wireshark.org/docs/relnotes/wireshark-4.6.2.html https://www.wireshark.org/docs/relnotes/wireshark-4.6.1.html https://www.wireshark.org/docs/relnotes/wireshark-4.6.0.html Overall changelogs (including 4.4 also): https://www.wireshark.org/docs/relnotes/ Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../recipes-support/wireshark/README | 45 ------------------ ...-t-look-for-iconv.h-for-native-build.patch | 46 +++++++++++++++++++ .../0002-flex-Remove-line-directives.patch | 6 +-- .../0004-lemon-Remove-line-directives.patch | 6 +-- .../wireshark/files/CVE-2025-9817.patch | 32 ------------- ...wireshark_4.2.14.bb => wireshark_4.6.3.bb} | 14 ++++-- 6 files changed, 61 insertions(+), 88 deletions(-) delete mode 100644 meta-networking/recipes-support/wireshark/README create mode 100644 meta-networking/recipes-support/wireshark/files/0001-don-t-look-for-iconv.h-for-native-build.patch delete mode 100644 meta-networking/recipes-support/wireshark/files/CVE-2025-9817.patch rename meta-networking/recipes-support/wireshark/{wireshark_4.2.14.bb => wireshark_4.6.3.bb} (87%) diff --git a/meta-networking/recipes-support/wireshark/README b/meta-networking/recipes-support/wireshark/README deleted file mode 100644 index f5e4d04777..0000000000 --- a/meta-networking/recipes-support/wireshark/README +++ /dev/null @@ -1,45 +0,0 @@ -# -Wireshark - Notes - -URL: http://www.wireshark.org/ -User Guide: http://www.wireshark.org/docs/wsug_html_chunked/ -Secruity advisories: http://www.wireshark.org/security/ - -Wireshark is slowly moving away from gtk and towards QT as their graphical stack. -Currently gtk is supported with this release and I plan on integrating QT. - - - -Adding the wireshark to your build -======================================== - -via local.conf -IMAGE_INSTALL:append = " wireshark" - -Adding the wireshark to your graphical build -======================================== -via local.conf -IMAGE_INSTALL:append = " wireshark" - -and one of: - -EXTRA_IMAGE_FEATURES += "x11-base" - -or use the "core-image-x11" - - -Maintenance ------------ - -Send patches, comments or questions to [email protected] - -When sending single patches, please use something like: - - git send-email -1 -M \ - --to [email protected] \ - --cc [email protected] \ - --subject-prefix=meta-networking][PATCH - -Maintainer: Armin Kuster <[email protected]> - - diff --git a/meta-networking/recipes-support/wireshark/files/0001-don-t-look-for-iconv.h-for-native-build.patch b/meta-networking/recipes-support/wireshark/files/0001-don-t-look-for-iconv.h-for-native-build.patch new file mode 100644 index 0000000000..5cc16459ce --- /dev/null +++ b/meta-networking/recipes-support/wireshark/files/0001-don-t-look-for-iconv.h-for-native-build.patch @@ -0,0 +1,46 @@ +From 9a9d99fb57caa38c4bc045f544429ec919ec6158 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari <[email protected]> +Date: Mon, 26 Jan 2026 21:26:49 +0100 +Subject: [PATCH] don't look for iconv.h for native build + +iconv.h is not installed in the sysroot for native builds, and cmake +only searches for it in the sysroot. + +It seems to be only required for zlib-ng support (based on the +commit[1] that introduced this dependency), which is currently not +enabled in the recipe. + +To avoid build failure due to not finding this header during configuration, +remove this dependency from native builds + +Upstream-Status: Inappropriate [OE specific] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + cmake/modules/FindLibXml2.cmake | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/cmake/modules/FindLibXml2.cmake b/cmake/modules/FindLibXml2.cmake +index d36b390..f3e4762 100644 +--- a/cmake/modules/FindLibXml2.cmake ++++ b/cmake/modules/FindLibXml2.cmake +@@ -66,11 +66,6 @@ find_path(LIBXML2_INCLUDE_DIR NAMES libxml/xpath.h + PATH_SUFFIXES libxml2 + ) + +-find_path(ICONV_INCLUDE_DIR NAMES iconv.h +- HINTS +- ${LIBXML2_HINTS}/include +- ) +- + # CMake 3.9 and below used 'LIBXML2_LIBRARIES' as the name of + # the cache entry storing the find_library result. Use the + # value if it was set by the project or user. +@@ -103,7 +98,7 @@ elseif(LIBXML2_INCLUDE_DIR AND EXISTS "${LIBXML2_INCLUDE_DIR}/libxml/xmlversion. + unset(libxml2_version_str) + endif() + +-set(LIBXML2_INCLUDE_DIRS ${LIBXML2_INCLUDE_DIR} ${PC_LIBXML_INCLUDE_DIRS} ${ICONV_INCLUDE_DIR}) ++set(LIBXML2_INCLUDE_DIRS ${LIBXML2_INCLUDE_DIR} ${PC_LIBXML_INCLUDE_DIRS}) + set(LIBXML2_LIBRARIES ${LIBXML2_LIBRARY}) + + include(FindPackageHandleStandardArgs) diff --git a/meta-networking/recipes-support/wireshark/files/0002-flex-Remove-line-directives.patch b/meta-networking/recipes-support/wireshark/files/0002-flex-Remove-line-directives.patch index 0e6249c939..c6f5909cc9 100644 --- a/meta-networking/recipes-support/wireshark/files/0002-flex-Remove-line-directives.patch +++ b/meta-networking/recipes-support/wireshark/files/0002-flex-Remove-line-directives.patch @@ -23,19 +23,19 @@ index 20caa09..174f452 100644 - ADD_CUSTOM_COMMAND( - OUTPUT ${_outc} ${_outh} -- COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> -o${_outc} --header-file=${_outh} ${_in} +- COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> --outfile=${_outc} --header-file=${_outh} ${_in} - DEPENDS ${_in} - ) + IF (DEFINED ENV{SOURCE_DATE_EPOCH}) + ADD_CUSTOM_COMMAND( + OUTPUT ${_outc} ${_outh} -+ COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> --noline -o${_outc} --header-file=${_outh} ${_in} ++ COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> --noline --outfile=${_outc} --header-file=${_outh} ${_in} + DEPENDS ${_in} + ) + ELSE () + ADD_CUSTOM_COMMAND( + OUTPUT ${_outc} ${_outh} -+ COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> -o${_outc} --header-file=${_outh} ${_in} ++ COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> --ooutfile=${_outc} --header-file=${_outh} ${_in} + DEPENDS ${_in} + ) + ENDIF () diff --git a/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch b/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch index 1a6fe8d39e..5b4d5aaa82 100644 --- a/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch +++ b/meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch @@ -17,7 +17,7 @@ diff --git a/cmake/modules/UseLemon.cmake b/cmake/modules/UseLemon.cmake index e419de1..fa4034e 100644 --- a/cmake/modules/UseLemon.cmake +++ b/cmake/modules/UseLemon.cmake -@@ -12,6 +12,7 @@ if(LEMON_EXECUTABLE) +@@ -17,6 +17,7 @@ if(LEMON_EXECUTABLE) ${_out}.h ${_out}.out COMMAND ${LEMON_EXECUTABLE} @@ -25,11 +25,11 @@ index e419de1..fa4034e 100644 -T/usr/share/lemon/lempar.c -d. ${_in} -@@ -30,6 +31,7 @@ else() +@@ -35,6 +36,7 @@ else() ${_out}.h ${_out}.out COMMAND $<TARGET_FILE:lemon> + -l -T${CMAKE_SOURCE_DIR}/tools/lemon/lempar.c -d. - ${_in} + -- diff --git a/meta-networking/recipes-support/wireshark/files/CVE-2025-9817.patch b/meta-networking/recipes-support/wireshark/files/CVE-2025-9817.patch deleted file mode 100644 index 034c51778e..0000000000 --- a/meta-networking/recipes-support/wireshark/files/CVE-2025-9817.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 39daba5e247ea495f88b0be82f0b7ebbdbf50fba Mon Sep 17 00:00:00 2001 -From: John Thacker <[email protected]> -Date: Sat, 26 Jul 2025 07:10:28 -0400 -Subject: [PATCH] ssh: Add a null check - -Fix #20642 - -Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39daba5e247ea495f88b0be82f0b7ebbdbf50fba] -CVE: CVE-2025-9817 -Signed-off-by: Vijay Anusuri <[email protected]> ---- - epan/dissectors/packet-ssh.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/epan/dissectors/packet-ssh.c b/epan/dissectors/packet-ssh.c -index 4f2b0ff..9b3b904 100644 ---- a/epan/dissectors/packet-ssh.c -+++ b/epan/dissectors/packet-ssh.c -@@ -2359,6 +2359,10 @@ ssh_kex_shared_secret(gint kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bign - } - - if(kex_type==SSH_KEX_DH_GEX){ -+ if (modulo == NULL) { -+ ws_debug("Missing group modulo"); -+ return NULL; -+ } - gcry_mpi_t b = NULL; - gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL); - gcry_mpi_t d = NULL, e = NULL, m = NULL; --- -2.43.0 - diff --git a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb b/meta-networking/recipes-support/wireshark/wireshark_4.6.3.bb similarity index 87% rename from meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb rename to meta-networking/recipes-support/wireshark/wireshark_4.6.3.bb index bd014055a9..2cf9693f5c 100644 --- a/meta-networking/recipes-support/wireshark/wireshark_4.2.14.bb +++ b/meta-networking/recipes-support/wireshark/wireshark_4.6.3.bb @@ -4,7 +4,7 @@ SECTION = "net" LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=570a9b3749dd0463a1778803b12a6dce" -DEPENDS = "pcre2 expat glib-2.0 glib-2.0-native libgcrypt libgpg-error libxml2 bison-native c-ares speexdsp" +DEPENDS = "pcre2 expat glib-2.0 glib-2.0-native libgcrypt libgpg-error libxml2 bison-native c-ares speexdsp virtual/libiconv" DEPENDS:append:class-target = " wireshark-native chrpath-replacement-native " @@ -13,12 +13,13 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz file://0002-flex-Remove-line-directives.patch \ file://0004-lemon-Remove-line-directives.patch \ file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \ - file://CVE-2025-9817.patch \ " +SRC_URI:append:class-native = " file://0001-don-t-look-for-iconv.h-for-native-build.patch" + UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"; -SRC_URI[sha256sum] = "098177f021951638f5bdca5b01f284c14fcc3f6c804f7aa2ca00fdcb99c7a166" +SRC_URI[sha256sum] = "9fa6a745df8540899dc9d433e4634d6755371ff87bd722ce04c7d7b0132d9af3" PE = "1" @@ -59,16 +60,19 @@ EXTRA_OECMAKE += "-DENABLE_NETLINK=ON \ -DM_INCLUDE_DIR=${includedir} \ -DM_LIBRARY=${libdir} \ " + +# use lemon from ${PN}-native, instead of cross-compiled or host versions +EXTRA_OECMAKE:append:class-target = " -DLEMON_EXECUTABLE=${STAGING_BINDIR_NATIVE}/lemon" CFLAGS:append = " -lm" do_compile:append:class-target() { # Fix TMPDIR, these are in the comments section sed -i -e "s:** source file.*::g" ${B}/wiretap/ascend_parser.c - sed -i -e "s:** source file.*::g" ${B}/wiretap/candump_parser.c sed -i -e "s:** source file.*::g" ${B}/wiretap/busmaster_parser.c sed -i -e "s:** source file.*::g" ${B}/epan/protobuf_lang_parser.c - sed -i -e "s:** source file.*::g" ${B}/epan/dtd_grammar.c sed -i -e "s:** source file.*::g" ${B}/epan/dfilter/grammar.c + test -e ${B}/plugins/epan/mate/mate_grammar.c && \ + sed -i -e "s:** source file.*::g" ${B}/plugins/epan/mate/mate_grammar.c } do_install:append:class-native() {
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123975): https://lists.openembedded.org/g/openembedded-devel/message/123975 Mute This Topic: https://lists.openembedded.org/mt/117514295/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
