diff mbox series

[meta-networking,kirkstone,1/1] tcpdump: refresh CVE-2024-2397 patch to remove fuzz warning

Message ID 20250820024527.2917040-1-haixiao.yan.cn@windriver.com
State New
Headers show
Series [meta-networking,kirkstone,1/1] tcpdump: refresh CVE-2024-2397 patch to remove fuzz warning | expand

Commit Message

Yan, Haixiao (CN) Aug. 20, 2025, 2:45 a.m. UTC 
From: Haixiao Yan <haixiao.yan.cn@windriver.com>

The CVE-2024-2397 patch was applied with fuzz and offset adjustments:
  Hunk #1 succeeded at 42 with fuzz 2 (offset 5 lines).
  ...

Refreshed the patch against tcpdump 4.99.4 sources to align context and
line numbers.

Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
---
 .../tcpdump/tcpdump/CVE-2024-2397.patch       | 26 +++++++++++--------
 1 file changed, 15 insertions(+), 11 deletions(-)

Comments

Gyorgy Sarvari Sept. 4, 2025, 6:49 p.m. UTC | #1 
Note: This is a duplicate of
https://lists.openembedded.org/g/openembedded-devel/message/118535

On 8/20/25 04:45, Yan, Haixiao (CN) via lists.openembedded.org wrote:
> From: Haixiao Yan <haixiao.yan.cn@windriver.com>
>
> The CVE-2024-2397 patch was applied with fuzz and offset adjustments:
>   Hunk #1 succeeded at 42 with fuzz 2 (offset 5 lines).
>   ...
>
> Refreshed the patch against tcpdump 4.99.4 sources to align context and
> line numbers.
>
> Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
> ---
>  .../tcpdump/tcpdump/CVE-2024-2397.patch       | 26 +++++++++++--------
>  1 file changed, 15 insertions(+), 11 deletions(-)
>
> diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch
> index 169ec6be7044..a0e7df923734 100644
> --- a/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch
> +++ b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch
> @@ -1,4 +1,4 @@
> -From b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 Mon Sep 17 00:00:00 2001
> +From 32a589ec83fa4536353f05df4c0cda05176cfe65 Mon Sep 17 00:00:00 2001
>  From: Guy Harris <gharris@sonic.net>
>  Date: Tue, 12 Mar 2024 00:37:23 -0700
>  Subject: [PATCH] ppp: use the buffer stack for the de-escaping buffer.
> @@ -24,25 +24,26 @@ routine, in case nd_pop_all_packet_info() didn't restore it.
>  Upstream-Status: Backport [https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2]
>  CVE: CVE-2024-2397
>  Signed-off-by: Ashish Sharma <asharma@mvista.com>
> -
> +Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
> +---
>   print-ppp.c | 31 +++++++++++++++++--------------
>   print.c     |  8 ++++++--
>   2 files changed, 23 insertions(+), 16 deletions(-)
>  
>  diff --git a/print-ppp.c b/print-ppp.c
> -index 2cf06c363..9aed23eb9 100644
> +index aba243ddb6f2..e5ae0646ebae 100644
>  --- a/print-ppp.c
>  +++ b/print-ppp.c
> -@@ -37,6 +37,8 @@
> - 
> - #include "netdissect-stdinc.h"
> +@@ -42,6 +42,8 @@
> + #include <net/if_ppp.h>
> + #endif
>   
>  +#include <stdlib.h>
>  +
>   #include "netdissect.h"
>   #include "extract.h"
>   #include "addrtoname.h"
> -@@ -1358,7 +1360,6 @@ ppp_hdlc(netdissect_options *ndo,
> +@@ -1363,7 +1365,6 @@ ppp_hdlc(netdissect_options *ndo,
>   	u_char *b, *t, c;
>   	const u_char *s;
>   	u_int i, proto;
> @@ -50,7 +51,7 @@ index 2cf06c363..9aed23eb9 100644
>   
>   	if (caplen == 0)
>   		return;
> -@@ -1366,9 +1367,11 @@ ppp_hdlc(netdissect_options *ndo,
> +@@ -1371,9 +1372,11 @@ ppp_hdlc(netdissect_options *ndo,
>           if (length == 0)
>                   return;
>   
> @@ -65,7 +66,7 @@ index 2cf06c363..9aed23eb9 100644
>   
>   	/*
>   	 * Unescape all the data into a temporary, private, buffer.
> -@@ -1389,13 +1392,15 @@ ppp_hdlc(netdissect_options *ndo,
> +@@ -1394,13 +1397,15 @@ ppp_hdlc(netdissect_options *ndo,
>   	}
>   
>   	/*
> @@ -87,7 +88,7 @@ index 2cf06c363..9aed23eb9 100644
>   	length = ND_BYTES_AVAILABLE_AFTER(b);
>   
>           /* now lets guess about the payload codepoint format */
> -@@ -1437,13 +1442,11 @@ ppp_hdlc(netdissect_options *ndo,
> +@@ -1442,13 +1447,11 @@ ppp_hdlc(netdissect_options *ndo,
>           }
>   
>   cleanup:
> @@ -104,7 +105,7 @@ index 2cf06c363..9aed23eb9 100644
>   }
>   
>  diff --git a/print.c b/print.c
> -index b9ba5997d..f20633388 100644
> +index 9c0ab8622de1..33706b93228d 100644
>  --- a/print.c
>  +++ b/print.c
>  @@ -431,10 +431,14 @@ pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h,
> @@ -124,3 +125,6 @@ index b9ba5997d..f20633388 100644
>   	if (ndo->ndo_Xflag) {
>   		/*
>   		 * Print the raw packet data in hex and ASCII.
> +-- 
> +2.34.1
> +
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#119010): https://lists.openembedded.org/g/openembedded-devel/message/119010
> Mute This Topic: https://lists.openembedded.org/mt/114793519/6084445
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
diff mbox series

Patch

diff --git a/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch
index 169ec6be7044..a0e7df923734 100644
--- a/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch
+++ b/meta-networking/recipes-support/tcpdump/tcpdump/CVE-2024-2397.patch
@@ -1,4 +1,4 @@ 
-From b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 Mon Sep 17 00:00:00 2001
+From 32a589ec83fa4536353f05df4c0cda05176cfe65 Mon Sep 17 00:00:00 2001
 From: Guy Harris <gharris@sonic.net>
 Date: Tue, 12 Mar 2024 00:37:23 -0700
 Subject: [PATCH] ppp: use the buffer stack for the de-escaping buffer.
@@ -24,25 +24,26 @@  routine, in case nd_pop_all_packet_info() didn't restore it.
 Upstream-Status: Backport [https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2]
 CVE: CVE-2024-2397
 Signed-off-by: Ashish Sharma <asharma@mvista.com>
-
+Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
+---
  print-ppp.c | 31 +++++++++++++++++--------------
  print.c     |  8 ++++++--
  2 files changed, 23 insertions(+), 16 deletions(-)
 
 diff --git a/print-ppp.c b/print-ppp.c
-index 2cf06c363..9aed23eb9 100644
+index aba243ddb6f2..e5ae0646ebae 100644
 --- a/print-ppp.c
 +++ b/print-ppp.c
-@@ -37,6 +37,8 @@
- 
- #include "netdissect-stdinc.h"
+@@ -42,6 +42,8 @@
+ #include <net/if_ppp.h>
+ #endif
  
 +#include <stdlib.h>
 +
  #include "netdissect.h"
  #include "extract.h"
  #include "addrtoname.h"
-@@ -1358,7 +1360,6 @@ ppp_hdlc(netdissect_options *ndo,
+@@ -1363,7 +1365,6 @@ ppp_hdlc(netdissect_options *ndo,
  	u_char *b, *t, c;
  	const u_char *s;
  	u_int i, proto;
@@ -50,7 +51,7 @@  index 2cf06c363..9aed23eb9 100644
  
  	if (caplen == 0)
  		return;
-@@ -1366,9 +1367,11 @@ ppp_hdlc(netdissect_options *ndo,
+@@ -1371,9 +1372,11 @@ ppp_hdlc(netdissect_options *ndo,
          if (length == 0)
                  return;
  
@@ -65,7 +66,7 @@  index 2cf06c363..9aed23eb9 100644
  
  	/*
  	 * Unescape all the data into a temporary, private, buffer.
-@@ -1389,13 +1392,15 @@ ppp_hdlc(netdissect_options *ndo,
+@@ -1394,13 +1397,15 @@ ppp_hdlc(netdissect_options *ndo,
  	}
  
  	/*
@@ -87,7 +88,7 @@  index 2cf06c363..9aed23eb9 100644
  	length = ND_BYTES_AVAILABLE_AFTER(b);
  
          /* now lets guess about the payload codepoint format */
-@@ -1437,13 +1442,11 @@ ppp_hdlc(netdissect_options *ndo,
+@@ -1442,13 +1447,11 @@ ppp_hdlc(netdissect_options *ndo,
          }
  
  cleanup:
@@ -104,7 +105,7 @@  index 2cf06c363..9aed23eb9 100644
  }
  
 diff --git a/print.c b/print.c
-index b9ba5997d..f20633388 100644
+index 9c0ab8622de1..33706b93228d 100644
 --- a/print.c
 +++ b/print.c
 @@ -431,10 +431,14 @@ pretty_print_packet(netdissect_options *ndo, const struct pcap_pkthdr *h,
@@ -124,3 +125,6 @@  index b9ba5997d..f20633388 100644
  	if (ndo->ndo_Xflag) {
  		/*
  		 * Print the raw packet data in hex and ASCII.
+-- 
+2.34.1
+