From: Kai <kai.kang@windriver.com>
To: yoann.congal@smile.fr, Jinfeng.Wang.CN@windriver.com,
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [scarthgap][PATCH 12/12] libpcap: 1.10.4 -> 1.10.6
Date: Wed, 6 May 2026 11:05:39 +0800 [thread overview]
Message-ID: <150bd5e7-5929-463c-b4eb-8fcaab2fde30@windriver.com> (raw)
In-Reply-To: <DI18MGLHCOVA.322PMTYWVZE49@smile.fr>
On 4/24/26 16:21, Yoann Congal via lists.openembedded.org wrote:
> On Thu Apr 9, 2026 at 8:16 AM CEST, Jinfeng (CN) via lists.openembedded.org Wang wrote:
>> From: Kai Kang <kai.kang@windriver.com>
>>
>> Upgrade libpcap from 1.10.4 to 1.10.6 which includes fix for CVEs.
>>
>> Remove backported patches which have been incorporated in 1.10.6:
>>
>> * CVE-2023-7256-pre1.patch
>> * CVE-2023-7256.patch
>> * CVE-2024-8006.patch
>> * CVE-2025-11961-01.patch
>> * CVE-2025-11961-02.patch
>> * CVE-2025-11964.patch
>>
>> [1]: https://nvd.nist.gov/vuln/detail/CVE-2025-11961
>> [2]: https://nvd.nist.gov/vuln/detail/CVE-2025-11964
>>
>> Signed-off-by: Kai Kang <kai.kang@windriver.com>
>> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
>> ---
> (Same as the zlib patch) Please add the changelog:
> https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.10.6/CHANGES#L1-L271
>
> In this release, I see:
> * a lot of "Add <new link type>" => sounds like new features
> * Some API changes:
> pcap: make the seconds and microseconds/nanoseconds fields unsigned.
> Rename helper routines for pcap modules to have names beginning with
> pcapint_, to avoid namespace collisions for code linking statically
> with libpcap.
>
> Sorry, I don't think I can accept this upgrade.
Hi Yoann,
I asked the libpcap community that the upper issues should not block to
upgrade, please see
https://github.com/the-tcpdump-group/libpcap/issues/1674
Regards,
Kai
>
>> .../libpcap/libpcap/CVE-2023-7256-pre1.patch | 37 --
>> .../libpcap/libpcap/CVE-2023-7256.patch | 365 ---------------
>> .../libpcap/libpcap/CVE-2024-8006.patch | 42 --
>> .../libpcap/libpcap/CVE-2025-11961-01.patch | 38 --
>> .../libpcap/libpcap/CVE-2025-11961-02.patch | 433 ------------------
>> .../libpcap/libpcap/CVE-2025-11964.patch | 33 --
>> .../{libpcap_1.10.4.bb => libpcap_1.10.6.bb} | 8 +-
>> 7 files changed, 1 insertion(+), 955 deletions(-)
>> delete mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
>> delete mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
>> delete mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
>> delete mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
>> delete mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
>> delete mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
>> rename meta/recipes-connectivity/libpcap/{libpcap_1.10.4.bb => libpcap_1.10.6.bb} (83%)
>>
>> diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
>> deleted file mode 100644
>> index 64abfb85cd..0000000000
>> --- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
>> +++ /dev/null
>> @@ -1,37 +0,0 @@
>> -From 73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f Mon Sep 17 00:00:00 2001
>> -From: Rose <83477269+AtariDreams@users.noreply.github.com>
>> -Date: Tue, 16 May 2023 12:37:11 -0400
>> -Subject: [PATCH] Remove unused variable retval in sock_present2network
>> -
>> -This quiets the compiler since it is not even returned anyway, and is a misleading variable name.
>> -
>> -(cherry picked from commit c7b90298984c46d820d3cee79a96d24870b5f200)
>> -
>> -Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f]
>> -CVE: CVE-2023-7256 #Dependency Patch
>> -Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
>> ----
>> - sockutils.c | 3 +--
>> - 1 file changed, 1 insertion(+), 2 deletions(-)
>> -
>> -diff --git a/sockutils.c b/sockutils.c
>> -index 1c07f76fd1..6752f296af 100644
>> ---- a/sockutils.c
>> -+++ b/sockutils.c
>> -@@ -2082,7 +2082,6 @@ int sock_getascii_addrport(const struct sockaddr_storage *sockaddr, char *addres
>> - */
>> - int sock_present2network(const char *address, struct sockaddr_storage *sockaddr, int addr_family, char *errbuf, int errbuflen)
>> - {
>> -- int retval;
>> - struct addrinfo *addrinfo;
>> - struct addrinfo hints;
>> -
>> -@@ -2090,7 +2089,7 @@ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr,
>> -
>> - hints.ai_family = addr_family;
>> -
>> -- if ((retval = sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen)) == -1)
>> -+ if (sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen) == -1)
>> - return 0;
>> -
>> - if (addrinfo->ai_family == PF_INET)
>> diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
>> deleted file mode 100644
>> index fffcb2704a..0000000000
>> --- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
>> +++ /dev/null
>> @@ -1,365 +0,0 @@
>> -From 2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d Mon Sep 17 00:00:00 2001
>> -From: Guy Harris <gharris@sonic.net>
>> -Date: Thu, 28 Sep 2023 00:37:57 -0700
>> -Subject: [PATCH] Have sock_initaddress() return the list of addrinfo
>> - structures or NULL.
>> -
>> -Its return address is currently 0 for success and -1 for failure, with a
>> -pointer to the first element of the list of struct addrinfos returned
>> -through a pointer on success; change it to return that pointer on
>> -success and NULL on failure.
>> -
>> -That way, we don't have to worry about what happens to the pointer
>> -pointeed to by the argument in question on failure; we know that we got
>> -NULL back if no struct addrinfos were found because getaddrinfo()
>> -failed. Thus, we know that we have something to free iff
>> -sock_initaddress() returned a pointer to that something rather than
>> -returning NULL.
>> -
>> -This avoids a double-free in some cases.
>> -
>> -This is apparently CVE-2023-40400.
>> -
>> -(backported from commit 262e4f34979872d822ccedf9f318ed89c4d31c03)
>> -
>> -Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d]
>> -CVE: CVE-2023-7256
>> -Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
>> ----
>> - pcap-rpcap.c | 48 ++++++++++++++++++++--------------------
>> - rpcapd/daemon.c | 8 +++++--
>> - rpcapd/rpcapd.c | 8 +++++--
>> - sockutils.c | 58 ++++++++++++++++++++++++++++---------------------
>> - sockutils.h | 5 ++---
>> - 5 files changed, 72 insertions(+), 55 deletions(-)
>> -
>> -diff --git a/pcap-rpcap.c b/pcap-rpcap.c
>> -index ef0cd6e49c..f1992e4aea 100644
>> ---- a/pcap-rpcap.c
>> -+++ b/pcap-rpcap.c
>> -@@ -1024,7 +1024,6 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
>> - {
>> - struct activehosts *temp; /* temp var needed to scan the host list chain */
>> - struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */
>> -- int retval;
>> -
>> - /* retrieve the network address corresponding to 'host' */
>> - addrinfo = NULL;
>> -@@ -1032,9 +1031,9 @@ rpcap_remoteact_getsock(const char *host, int *error, char *errbuf)
>> - hints.ai_family = PF_UNSPEC;
>> - hints.ai_socktype = SOCK_STREAM;
>> -
>> -- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
>> -+ addrinfo = sock_initaddress(host, NULL, &hints, errbuf,
>> - PCAP_ERRBUF_SIZE);
>> -- if (retval != 0)
>> -+ if (addrinfo == NULL)
>> - {
>> - *error = 1;
>> - return NULL;
>> -@@ -1186,7 +1185,9 @@ static int pcap_startcapture_remote(pcap_t *fp)
>> - hints.ai_flags = AI_PASSIVE; /* Data connection is opened by the server toward the client */
>> -
>> - /* Let's the server pick up a free network port for us */
>> -- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
>> -+ addrinfo = sock_initaddress(NULL, NULL, &hints, fp->errbuf,
>> -+ PCAP_ERRBUF_SIZE);
>> -+ if (addrinfo == NULL)
>> - goto error_nodiscard;
>> -
>> - if ((sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER,
>> -@@ -1311,7 +1312,9 @@ static int pcap_startcapture_remote(pcap_t *fp)
>> - snprintf(portstring, PCAP_BUF_SIZE, "%d", ntohs(startcapreply.portdata));
>> -
>> - /* Let's the server pick up a free network port for us */
>> -- if (sock_initaddress(host, portstring, &hints, &addrinfo, fp->errbuf, PCAP_ERRBUF_SIZE) == -1)
>> -+ addrinfo = sock_initaddress(host, portstring, &hints,
>> -+ fp->errbuf, PCAP_ERRBUF_SIZE);
>> -+ if (addrinfo == NULL)
>> - goto error;
>> -
>> - if ((sockdata = sock_open(host, addrinfo, SOCKOPEN_CLIENT, 0, fp->errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
>> -@@ -2340,16 +2343,16 @@ rpcap_setup_session(const char *source, struct pcap_rmtauth *auth,
>> - if (port[0] == 0)
>> - {
>> - /* the user chose not to specify the port */
>> -- if (sock_initaddress(host, RPCAP_DEFAULT_NETPORT,
>> -- &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
>> -- return -1;
>> -+ addrinfo = sock_initaddress(host, RPCAP_DEFAULT_NETPORT,
>> -+ &hints, errbuf, PCAP_ERRBUF_SIZE);
>> - }
>> - else
>> - {
>> -- if (sock_initaddress(host, port, &hints, &addrinfo,
>> -- errbuf, PCAP_ERRBUF_SIZE) == -1)
>> -- return -1;
>> -+ addrinfo = sock_initaddress(host, port, &hints,
>> -+ errbuf, PCAP_ERRBUF_SIZE);
>> - }
>> -+ if (addrinfo == NULL)
>> -+ return -1;
>> -
>> - if ((*sockctrlp = sock_open(host, addrinfo, SOCKOPEN_CLIENT, 0,
>> - errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
>> -@@ -2950,19 +2953,19 @@ SOCKET pcap_remoteact_accept_ex(const char *address, const char *port, const cha
>> - /* Do the work */
>> - if ((port == NULL) || (port[0] == 0))
>> - {
>> -- if (sock_initaddress(address, RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
>> -- {
>> -- return (SOCKET)-2;
>> -- }
>> -+ addrinfo = sock_initaddress(address,
>> -+ RPCAP_DEFAULT_NETPORT_ACTIVE, &hints, errbuf,
>> -+ PCAP_ERRBUF_SIZE);
>> - }
>> - else
>> - {
>> -- if (sock_initaddress(address, port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
>> -- {
>> -- return (SOCKET)-2;
>> -- }
>> -+ addrinfo = sock_initaddress(address, port, &hints, errbuf,
>> -+ PCAP_ERRBUF_SIZE);
>> -+ }
>> -+ if (addrinfo == NULL)
>> -+ {
>> -+ return (SOCKET)-2;
>> - }
>> --
>> -
>> - if ((sockmain = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1, errbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
>> - {
>> -@@ -3122,7 +3125,6 @@ int pcap_remoteact_close(const char *host, char *errbuf)
>> - {
>> - struct activehosts *temp, *prev; /* temp var needed to scan the host list chain */
>> - struct addrinfo hints, *addrinfo, *ai_next; /* temp var needed to translate between hostname to its address */
>> -- int retval;
>> -
>> - temp = activeHosts;
>> - prev = NULL;
>> -@@ -3133,9 +3135,9 @@ int pcap_remoteact_close(const char *host, char *errbuf)
>> - hints.ai_family = PF_UNSPEC;
>> - hints.ai_socktype = SOCK_STREAM;
>> -
>> -- retval = sock_initaddress(host, NULL, &hints, &addrinfo, errbuf,
>> -+ addrinfo = sock_initaddress(host, NULL, &hints, errbuf,
>> - PCAP_ERRBUF_SIZE);
>> -- if (retval != 0)
>> -+ if (addrinfo == NULL)
>> - {
>> - return -1;
>> - }
>> -diff --git a/rpcapd/daemon.c b/rpcapd/daemon.c
>> -index 8d620dd604..b04b29f107 100644
>> ---- a/rpcapd/daemon.c
>> -+++ b/rpcapd/daemon.c
>> -@@ -2085,7 +2085,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
>> - goto error;
>> - }
>> -
>> -- if (sock_initaddress(peerhost, portdata, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
>> -+ addrinfo = sock_initaddress(peerhost, portdata, &hints,
>> -+ errmsgbuf, PCAP_ERRBUF_SIZE);
>> -+ if (addrinfo == NULL)
>> - goto error;
>> -
>> - if ((session->sockdata = sock_open(peerhost, addrinfo, SOCKOPEN_CLIENT, 0, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
>> -@@ -2096,7 +2098,9 @@ daemon_msg_startcap_req(uint8 ver, struct daemon_slpars *pars, uint32 plen,
>> - hints.ai_flags = AI_PASSIVE;
>> -
>> - // Make the server socket pick up a free network port for us
>> -- if (sock_initaddress(NULL, NULL, &hints, &addrinfo, errmsgbuf, PCAP_ERRBUF_SIZE) == -1)
>> -+ addrinfo = sock_initaddress(NULL, NULL, &hints, errmsgbuf,
>> -+ PCAP_ERRBUF_SIZE);
>> -+ if (addrinfo == NULL)
>> - goto error;
>> -
>> - if ((session->sockdata = sock_open(NULL, addrinfo, SOCKOPEN_SERVER, 1 /* max 1 connection in queue */, errmsgbuf, PCAP_ERRBUF_SIZE)) == INVALID_SOCKET)
>> -diff --git a/rpcapd/rpcapd.c b/rpcapd/rpcapd.c
>> -index e1f3f05299..d166522c9f 100644
>> ---- a/rpcapd/rpcapd.c
>> -+++ b/rpcapd/rpcapd.c
>> -@@ -611,7 +611,9 @@ void main_startup(void)
>> - //
>> - // Get a list of sockets on which to listen.
>> - //
>> -- if (sock_initaddress((address[0]) ? address : NULL, port, &mainhints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
>> -+ addrinfo = sock_initaddress((address[0]) ? address : NULL,
>> -+ port, &mainhints, errbuf, PCAP_ERRBUF_SIZE);
>> -+ if (addrinfo == NULL)
>> - {
>> - rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf);
>> - return;
>> -@@ -1350,7 +1352,9 @@ main_active(void *ptr)
>> - memset(errbuf, 0, sizeof(errbuf));
>> -
>> - // Do the work
>> -- if (sock_initaddress(activepars->address, activepars->port, &hints, &addrinfo, errbuf, PCAP_ERRBUF_SIZE) == -1)
>> -+ addrinfo = sock_initaddress(activepars->address, activepars->port,
>> -+ &hints, errbuf, PCAP_ERRBUF_SIZE);
>> -+ if (addrinfo == NULL)
>> - {
>> - rpcapd_log(LOGPRIO_DEBUG, "%s", errbuf);
>> - return 0;
>> -diff --git a/sockutils.c b/sockutils.c
>> -index a1bfa1b5e2..823c2363e0 100644
>> ---- a/sockutils.c
>> -+++ b/sockutils.c
>> -@@ -1069,20 +1069,21 @@ get_gai_errstring(char *errbuf, int errbuflen, const char *prefix, int err,
>> - * \param errbuflen: length of the buffer that will contains the error. The error message cannot be
>> - * larger than 'errbuflen - 1' because the last char is reserved for the string terminator.
>> - *
>> -- * \return '0' if everything is fine, '-1' if some errors occurred. The error message is returned
>> -- * in the 'errbuf' variable. The addrinfo variable that has to be used in the following sockets calls is
>> -- * returned into the addrinfo parameter.
>> -+ * \return a pointer to the first element in a list of addrinfo structures
>> -+ * if everything is fine, NULL if some errors occurred. The error message
>> -+ * is returned in the 'errbuf' variable.
>> - *
>> -- * \warning The 'addrinfo' variable has to be deleted by the programmer by calling freeaddrinfo() when
>> -- * it is no longer needed.
>> -+ * \warning The list of addrinfo structures returned has to be deleted by
>> -+ * the programmer by calling freeaddrinfo() when it is no longer needed.
>> - *
>> - * \warning This function requires the 'hints' variable as parameter. The semantic of this variable is the same
>> - * of the one of the corresponding variable used into the standard getaddrinfo() socket function. We suggest
>> - * the programmer to look at that function in order to set the 'hints' variable appropriately.
>> - */
>> --int sock_initaddress(const char *host, const char *port,
>> -- struct addrinfo *hints, struct addrinfo **addrinfo, char *errbuf, int errbuflen)
>> -+struct addrinfo *sock_initaddress(const char *host, const char *port,
>> -+ struct addrinfo *hints, char *errbuf, int errbuflen)
>> - {
>> -+ struct addrinfo *addrinfo;
>> - int retval;
>> -
>> - /*
>> -@@ -1094,9 +1095,13 @@ int sock_initaddress(const char *host, const char *port,
>> - * as those messages won't talk about a problem with the port if
>> - * no port was specified.
>> - */
>> -- retval = getaddrinfo(host, port == NULL ? "0" : port, hints, addrinfo);
>> -+ retval = getaddrinfo(host, port == NULL ? "0" : port, hints, &addrinfo);
>> - if (retval != 0)
>> - {
>> -+ /*
>> -+ * That call failed.
>> -+ * Determine whether the problem is that the host is bad.
>> -+ */
>> - if (errbuf)
>> - {
>> - if (host != NULL && port != NULL) {
>> -@@ -1108,7 +1113,7 @@ int sock_initaddress(const char *host, const char *port,
>> - int try_retval;
>> -
>> - try_retval = getaddrinfo(host, NULL, hints,
>> -- addrinfo);
>> -+ &addrinfo);
>> - if (try_retval == 0) {
>> - /*
>> - * Worked with just the host,
>> -@@ -1117,14 +1122,16 @@ int sock_initaddress(const char *host, const char *port,
>> - *
>> - * Free up the address info first.
>> - */
>> -- freeaddrinfo(*addrinfo);
>> -+ freeaddrinfo(addrinfo);
>> - get_gai_errstring(errbuf, errbuflen,
>> - "", retval, NULL, port);
>> - } else {
>> - /*
>> - * Didn't work with just the host,
>> - * so assume the problem is
>> -- * with the host.
>> -+ * with the host; we assume
>> -+ * the original error indicates
>> -+ * the underlying problem.
>> - */
>> - get_gai_errstring(errbuf, errbuflen,
>> - "", retval, host, NULL);
>> -@@ -1132,13 +1139,14 @@ int sock_initaddress(const char *host, const char *port,
>> - } else {
>> - /*
>> - * Either the host or port was null, so
>> -- * there's nothing to determine.
>> -+ * there's nothing to determine; report
>> -+ * the error from the original call.
>> - */
>> - get_gai_errstring(errbuf, errbuflen, "",
>> - retval, host, port);
>> - }
>> - }
>> -- return -1;
>> -+ return NULL;
>> - }
>> - /*
>> - * \warning SOCKET: I should check all the accept() in order to bind to all addresses in case
>> -@@ -1153,30 +1161,28 @@ int sock_initaddress(const char *host, const char *port,
>> - * ignore all addresses that are neither? (What, no IPX
>> - * support? :-))
>> - */
>> -- if (((*addrinfo)->ai_family != PF_INET) &&
>> -- ((*addrinfo)->ai_family != PF_INET6))
>> -+ if ((addrinfo->ai_family != PF_INET) &&
>> -+ (addrinfo->ai_family != PF_INET6))
>> - {
>> - if (errbuf)
>> - snprintf(errbuf, errbuflen, "getaddrinfo(): socket type not supported");
>> -- freeaddrinfo(*addrinfo);
>> -- *addrinfo = NULL;
>> -- return -1;
>> -+ freeaddrinfo(addrinfo);
>> -+ return NULL;
>> - }
>> -
>> - /*
>> - * You can't do multicast (or broadcast) TCP.
>> - */
>> -- if (((*addrinfo)->ai_socktype == SOCK_STREAM) &&
>> -- (sock_ismcastaddr((*addrinfo)->ai_addr) == 0))
>> -+ if ((addrinfo->ai_socktype == SOCK_STREAM) &&
>> -+ (sock_ismcastaddr(addrinfo->ai_addr) == 0))
>> - {
>> - if (errbuf)
>> - snprintf(errbuf, errbuflen, "getaddrinfo(): multicast addresses are not valid when using TCP streams");
>> -- freeaddrinfo(*addrinfo);
>> -- *addrinfo = NULL;
>> -- return -1;
>> -+ freeaddrinfo(addrinfo);
>> -+ return NULL;
>> - }
>> -
>> -- return 0;
>> -+ return addrinfo;
>> - }
>> -
>> - /*
>> -@@ -2089,7 +2095,9 @@ int sock_present2network(const char *address, struct sockaddr_storage *sockaddr,
>> -
>> - hints.ai_family = addr_family;
>> -
>> -- if (sock_initaddress(address, "22222" /* fake port */, &hints, &addrinfo, errbuf, errbuflen) == -1)
>> -+ addrinfo = sock_initaddress(address, "22222" /* fake port */, &hints,
>> -+ errbuf, errbuflen);
>> -+ if (addrinfo == NULL)
>> - return 0;
>> -
>> - if (addrinfo->ai_family == PF_INET)
>> -diff --git a/sockutils.h b/sockutils.h
>> -index a488d8fcb4..30b8cfe0b7 100644
>> ---- a/sockutils.h
>> -+++ b/sockutils.h
>> -@@ -138,9 +138,8 @@ void sock_fmterrmsg(char *errbuf, size_t errbuflen, int errcode,
>> - PCAP_FORMAT_STRING(const char *fmt), ...) PCAP_PRINTFLIKE(4, 5);
>> - void sock_geterrmsg(char *errbuf, size_t errbuflen,
>> - PCAP_FORMAT_STRING(const char *fmt), ...) PCAP_PRINTFLIKE(3, 4);
>> --int sock_initaddress(const char *address, const char *port,
>> -- struct addrinfo *hints, struct addrinfo **addrinfo,
>> -- char *errbuf, int errbuflen);
>> -+struct addrinfo *sock_initaddress(const char *address, const char *port,
>> -+ struct addrinfo *hints, char *errbuf, int errbuflen);
>> - int sock_recv(SOCKET sock, SSL *, void *buffer, size_t size, int receiveall,
>> - char *errbuf, int errbuflen);
>> - int sock_recv_dgram(SOCKET sock, SSL *, void *buffer, size_t size,
>> diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
>> deleted file mode 100644
>> index 6819aedd20..0000000000
>> --- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
>> +++ /dev/null
>> @@ -1,42 +0,0 @@
>> -From 8a633ee5b9ecd9d38a587ac9b204e2380713b0d6 Mon Sep 17 00:00:00 2001
>> -From: Nicolas Badoux <n.badoux@hotmail.com>
>> -Date: Mon, 19 Aug 2024 12:31:53 +0200
>> -Subject: [PATCH] makes pcap_findalldevs_ex errors out if the directory does
>> - not exist
>> -
>> -(backported from commit 0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29)
>> -
>> -Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6]
>> -CVE: CVE-2024-8006
>> -Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
>> ----
>> - pcap-new.c | 9 ++++++++-
>> - 1 file changed, 8 insertions(+), 1 deletion(-)
>> -
>> -diff --git a/pcap-new.c b/pcap-new.c
>> -index be91b3f8db..d449ee623c 100644
>> ---- a/pcap-new.c
>> -+++ b/pcap-new.c
>> -@@ -230,6 +230,13 @@ int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t
>> - #else
>> - /* opening the folder */
>> - unixdir= opendir(path);
>> -+ if (unixdir == NULL) {
>> -+ DIAG_OFF_FORMAT_TRUNCATION
>> -+ snprintf(errbuf, PCAP_ERRBUF_SIZE,
>> -+ "Error when listing files: does folder '%s' exist?", path);
>> -+ DIAG_ON_FORMAT_TRUNCATION
>> -+ return -1;
>> -+ }
>> -
>> - /* get the first file into it */
>> - filedata= readdir(unixdir);
>> -@@ -237,7 +244,7 @@ int pcap_findalldevs_ex(const char *source, struct pcap_rmtauth *auth, pcap_if_t
>> - if (filedata == NULL)
>> - {
>> - DIAG_OFF_FORMAT_TRUNCATION
>> -- snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' exist?", path);
>> -+ snprintf(errbuf, PCAP_ERRBUF_SIZE, "Error when listing files: does folder '%s' contain files?", path);
>> - DIAG_ON_FORMAT_TRUNCATION
>> - closedir(unixdir);
>> - return -1;
>> diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
>> deleted file mode 100644
>> index 73c3ab3f5c..0000000000
>> --- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch
>> +++ /dev/null
>> @@ -1,38 +0,0 @@
>> -From 7224be0fe2f4beb916b7b69141f478facd0f0634 Mon Sep 17 00:00:00 2001
>> -From: Denis Ovsienko <denis@ovsienko.info>
>> -Date: Sat, 27 Dec 2025 21:36:11 +0000
>> -Subject: [PATCH] Rename one of the xdtoi() copies to simplify backporting.
>> -
>> -CVE: CVE-2025-11961
>> -Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/7224be0fe2f4beb916b7b69141f478facd0f0634]
>> -Signed-off-by: Peter Marko <peter.marko@siemens.com>
>> ----
>> - nametoaddr.c | 6 +++---
>> - 1 file changed, 3 insertions(+), 3 deletions(-)
>> -
>> -diff --git a/nametoaddr.c b/nametoaddr.c
>> -index dc75495c..bdaacbf1 100644
>> ---- a/nametoaddr.c
>> -+++ b/nametoaddr.c
>> -@@ -646,7 +646,7 @@ pcap_nametollc(const char *s)
>> -
>> - /* Hex digit to 8-bit unsigned integer. */
>> - static inline u_char
>> --xdtoi(u_char c)
>> -+pcapint_xdtoi(u_char c)
>> - {
>> - if (c >= '0' && c <= '9')
>> - return (u_char)(c - '0');
>> -@@ -728,10 +728,10 @@ pcap_ether_aton(const char *s)
>> - while (*s) {
>> - if (*s == ':' || *s == '.' || *s == '-')
>> - s += 1;
>> -- d = xdtoi(*s++);
>> -+ d = pcapint_xdtoi(*s++);
>> - if (PCAP_ISXDIGIT(*s)) {
>> - d <<= 4;
>> -- d |= xdtoi(*s++);
>> -+ d |= pcapint_xdtoi(*s++);
>> - }
>> - *ep++ = d;
>> - }
>> diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
>> deleted file mode 100644
>> index 2dca7908ef..0000000000
>> --- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch
>> +++ /dev/null
>> @@ -1,433 +0,0 @@
>> -From b2d2f9a9a0581c40780bde509f7cc715920f1c02 Mon Sep 17 00:00:00 2001
>> -From: Denis Ovsienko <denis@ovsienko.info>
>> -Date: Fri, 19 Dec 2025 17:31:13 +0000
>> -Subject: [PATCH] CVE-2025-11961: Fix OOBR and OOBW in pcap_ether_aton().
>> -
>> -pcap_ether_aton() has for a long time required its string argument to be
>> -a well-formed MAC-48 address, which is always the case when the argument
>> -comes from other libpcap code, so the function has never validated the
>> -input and used a simple loop to parse any of the three common MAC-48
>> -address formats. However, the function has also been a part of the
>> -public API, so calling it directly with a malformed address can cause
>> -the loop to read beyond the end of the input string and/or to write
>> -beyond the end of the allocated output buffer.
>> -
>> -To handle invalid input more appropriately, replace the simple loop with
>> -new functions and require the input to match a supported address format.
>> -
>> -This problem was reported by Jin Wei, Kunwei Qian and Ping Chen.
>> -
>> -(backported from commit dd08e53e9380e217ae7c7768da9cc3d7bf37bf83)
>> -
>> -CVE: CVE-2025-11961
>> -Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02]
>> -Signed-off-by: Peter Marko <peter.marko@siemens.com>
>> ----
>> - gencode.c | 5 +
>> - nametoaddr.c | 367 +++++++++++++++++++++++++++++++++++++++++++++++----
>> - 2 files changed, 349 insertions(+), 23 deletions(-)
>> -
>> -diff --git a/gencode.c b/gencode.c
>> -index 3ddd15f8..76fb2d82 100644
>> ---- a/gencode.c
>> -+++ b/gencode.c
>> -@@ -7228,6 +7228,11 @@ gen_ecode(compiler_state_t *cstate, const char *s, struct qual q)
>> - return (NULL);
>> -
>> - if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) {
>> -+ /*
>> -+ * Because the lexer guards the input string format, in this
>> -+ * context the function returns NULL iff the implicit malloc()
>> -+ * has failed.
>> -+ */
>> - cstate->e = pcap_ether_aton(s);
>> - if (cstate->e == NULL)
>> - bpf_error(cstate, "malloc");
>> -diff --git a/nametoaddr.c b/nametoaddr.c
>> -index f9fcd288..f50d0da5 100644
>> ---- a/nametoaddr.c
>> -+++ b/nametoaddr.c
>> -@@ -703,39 +703,360 @@ __pcap_atodn(const char *s, bpf_u_int32 *addr)
>> - return(32);
>> - }
>> -
>> -+// Man page: "xxxxxxxxxxxx", regexp: "^[0-9a-fA-F]{12}$".
>> -+static u_char
>> -+pcapint_atomac48_xxxxxxxxxxxx(const char *s, uint8_t *addr)
>> -+{
>> -+ if (strlen(s) == 12 &&
>> -+ PCAP_ISXDIGIT(s[0]) &&
>> -+ PCAP_ISXDIGIT(s[1]) &&
>> -+ PCAP_ISXDIGIT(s[2]) &&
>> -+ PCAP_ISXDIGIT(s[3]) &&
>> -+ PCAP_ISXDIGIT(s[4]) &&
>> -+ PCAP_ISXDIGIT(s[5]) &&
>> -+ PCAP_ISXDIGIT(s[6]) &&
>> -+ PCAP_ISXDIGIT(s[7]) &&
>> -+ PCAP_ISXDIGIT(s[8]) &&
>> -+ PCAP_ISXDIGIT(s[9]) &&
>> -+ PCAP_ISXDIGIT(s[10]) &&
>> -+ PCAP_ISXDIGIT(s[11])) {
>> -+ addr[0] = pcapint_xdtoi(s[0]) << 4 | pcapint_xdtoi(s[1]);
>> -+ addr[1] = pcapint_xdtoi(s[2]) << 4 | pcapint_xdtoi(s[3]);
>> -+ addr[2] = pcapint_xdtoi(s[4]) << 4 | pcapint_xdtoi(s[5]);
>> -+ addr[3] = pcapint_xdtoi(s[6]) << 4 | pcapint_xdtoi(s[7]);
>> -+ addr[4] = pcapint_xdtoi(s[8]) << 4 | pcapint_xdtoi(s[9]);
>> -+ addr[5] = pcapint_xdtoi(s[10]) << 4 | pcapint_xdtoi(s[11]);
>> -+ return 1;
>> -+ }
>> -+ return 0;
>> -+}
>> -+
>> -+// Man page: "xxxx.xxxx.xxxx", regexp: "^[0-9a-fA-F]{4}(\.[0-9a-fA-F]{4}){2}$".
>> -+static u_char
>> -+pcapint_atomac48_xxxx_3_times(const char *s, uint8_t *addr)
>> -+{
>> -+ const char sep = '.';
>> -+ if (strlen(s) == 14 &&
>> -+ PCAP_ISXDIGIT(s[0]) &&
>> -+ PCAP_ISXDIGIT(s[1]) &&
>> -+ PCAP_ISXDIGIT(s[2]) &&
>> -+ PCAP_ISXDIGIT(s[3]) &&
>> -+ s[4] == sep &&
>> -+ PCAP_ISXDIGIT(s[5]) &&
>> -+ PCAP_ISXDIGIT(s[6]) &&
>> -+ PCAP_ISXDIGIT(s[7]) &&
>> -+ PCAP_ISXDIGIT(s[8]) &&
>> -+ s[9] == sep &&
>> -+ PCAP_ISXDIGIT(s[10]) &&
>> -+ PCAP_ISXDIGIT(s[11]) &&
>> -+ PCAP_ISXDIGIT(s[12]) &&
>> -+ PCAP_ISXDIGIT(s[13])) {
>> -+ addr[0] = pcapint_xdtoi(s[0]) << 4 | pcapint_xdtoi(s[1]);
>> -+ addr[1] = pcapint_xdtoi(s[2]) << 4 | pcapint_xdtoi(s[3]);
>> -+ addr[2] = pcapint_xdtoi(s[5]) << 4 | pcapint_xdtoi(s[6]);
>> -+ addr[3] = pcapint_xdtoi(s[7]) << 4 | pcapint_xdtoi(s[8]);
>> -+ addr[4] = pcapint_xdtoi(s[10]) << 4 | pcapint_xdtoi(s[11]);
>> -+ addr[5] = pcapint_xdtoi(s[12]) << 4 | pcapint_xdtoi(s[13]);
>> -+ return 1;
>> -+ }
>> -+ return 0;
>> -+}
>> -+
>> - /*
>> -- * Convert 's', which can have the one of the forms:
>> -+ * Man page: "xx:xx:xx:xx:xx:xx", regexp: "^[0-9a-fA-F]{1,2}(:[0-9a-fA-F]{1,2}){5}$".
>> -+ * Man page: "xx-xx-xx-xx-xx-xx", regexp: "^[0-9a-fA-F]{1,2}(-[0-9a-fA-F]{1,2}){5}$".
>> -+ * Man page: "xx.xx.xx.xx.xx.xx", regexp: "^[0-9a-fA-F]{1,2}(\.[0-9a-fA-F]{1,2}){5}$".
>> -+ * (Any "xx" above can be "x", which is equivalent to "0x".)
>> - *
>> -- * "xx:xx:xx:xx:xx:xx"
>> -- * "xx.xx.xx.xx.xx.xx"
>> -- * "xx-xx-xx-xx-xx-xx"
>> -- * "xxxx.xxxx.xxxx"
>> -- * "xxxxxxxxxxxx"
>> -+ * An equivalent (and parametrisable for EUI-64) FSM could be implemented using
>> -+ * a smaller graph, but that graph would be neither acyclic nor planar nor
>> -+ * trivial to verify.
>> - *
>> -- * (or various mixes of ':', '.', and '-') into a new
>> -- * ethernet address. Assumes 's' is well formed.
>> -+ * |
>> -+ * [.] v
>> -+ * +<---------- START
>> -+ * | |
>> -+ * | | [0-9a-fA-F]
>> -+ * | [.] v
>> -+ * +<--------- BYTE0_X ----------+
>> -+ * | | |
>> -+ * | | [0-9a-fA-F] |
>> -+ * | [.] v |
>> -+ * +<--------- BYTE0_XX | [:\.-]
>> -+ * | | |
>> -+ * | | [:\.-] |
>> -+ * | [.] v |
>> -+ * +<----- BYTE0_SEP_BYTE1 <-----+
>> -+ * | |
>> -+ * | | [0-9a-fA-F]
>> -+ * | [.] v
>> -+ * +<--------- BYTE1_X ----------+
>> -+ * | | |
>> -+ * | | [0-9a-fA-F] |
>> -+ * | [.] v |
>> -+ * +<--------- BYTE1_XX | <sep>
>> -+ * | | |
>> -+ * | | <sep> |
>> -+ * | [.] v |
>> -+ * +<----- BYTE1_SEP_BYTE2 <-----+
>> -+ * | |
>> -+ * | | [0-9a-fA-F]
>> -+ * | [.] v
>> -+ * +<--------- BYTE2_X ----------+
>> -+ * | | |
>> -+ * | | [0-9a-fA-F] |
>> -+ * | [.] v |
>> -+ * +<--------- BYTE2_XX | <sep>
>> -+ * | | |
>> -+ * | | <sep> |
>> -+ * | [.] v |
>> -+ * +<----- BYTE2_SEP_BYTE3 <-----+
>> -+ * | |
>> -+ * | | [0-9a-fA-F]
>> -+ * | [.] v
>> -+ * +<--------- BYTE3_X ----------+
>> -+ * | | |
>> -+ * | | [0-9a-fA-F] |
>> -+ * | [.] v |
>> -+ * +<--------- BYTE3_XX | <sep>
>> -+ * | | |
>> -+ * | | <sep> |
>> -+ * | [.] v |
>> -+ * +<----- BYTE3_SEP_BYTE4 <-----+
>> -+ * | |
>> -+ * | | [0-9a-fA-F]
>> -+ * | [.] v
>> -+ * +<--------- BYTE4_X ----------+
>> -+ * | | |
>> -+ * | | [0-9a-fA-F] |
>> -+ * | [.] v |
>> -+ * +<--------- BYTE4_XX | <sep>
>> -+ * | | |
>> -+ * | | <sep> |
>> -+ * | [.] v |
>> -+ * +<----- BYTE4_SEP_BYTE5 <-----+
>> -+ * | |
>> -+ * | | [0-9a-fA-F]
>> -+ * | [.] v
>> -+ * +<--------- BYTE5_X ----------+
>> -+ * | | |
>> -+ * | | [0-9a-fA-F] |
>> -+ * | [.] v |
>> -+ * +<--------- BYTE5_XX | \0
>> -+ * | | |
>> -+ * | | \0 |
>> -+ * | | v
>> -+ * +--> (reject) +---------> (accept)
>> -+ *
>> -+ */
>> -+static u_char
>> -+pcapint_atomac48_x_xx_6_times(const char *s, uint8_t *addr)
>> -+{
>> -+ enum {
>> -+ START,
>> -+ BYTE0_X,
>> -+ BYTE0_XX,
>> -+ BYTE0_SEP_BYTE1,
>> -+ BYTE1_X,
>> -+ BYTE1_XX,
>> -+ BYTE1_SEP_BYTE2,
>> -+ BYTE2_X,
>> -+ BYTE2_XX,
>> -+ BYTE2_SEP_BYTE3,
>> -+ BYTE3_X,
>> -+ BYTE3_XX,
>> -+ BYTE3_SEP_BYTE4,
>> -+ BYTE4_X,
>> -+ BYTE4_XX,
>> -+ BYTE4_SEP_BYTE5,
>> -+ BYTE5_X,
>> -+ BYTE5_XX,
>> -+ } fsm_state = START;
>> -+ uint8_t buf[6];
>> -+ const char *seplist = ":.-";
>> -+ char sep;
>> -+
>> -+ while (*s) {
>> -+ switch (fsm_state) {
>> -+ case START:
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[0] = pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE0_X;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE0_X:
>> -+ if (strchr(seplist, *s)) {
>> -+ sep = *s;
>> -+ fsm_state = BYTE0_SEP_BYTE1;
>> -+ break;
>> -+ }
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[0] = buf[0] << 4 | pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE0_XX;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE0_XX:
>> -+ if (strchr(seplist, *s)) {
>> -+ sep = *s;
>> -+ fsm_state = BYTE0_SEP_BYTE1;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE0_SEP_BYTE1:
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[1] = pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE1_X;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE1_X:
>> -+ if (*s == sep) {
>> -+ fsm_state = BYTE1_SEP_BYTE2;
>> -+ break;
>> -+ }
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[1] = buf[1] << 4 | pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE1_XX;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE1_XX:
>> -+ if (*s == sep) {
>> -+ fsm_state = BYTE1_SEP_BYTE2;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE1_SEP_BYTE2:
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[2] = pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE2_X;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE2_X:
>> -+ if (*s == sep) {
>> -+ fsm_state = BYTE2_SEP_BYTE3;
>> -+ break;
>> -+ }
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[2] = buf[2] << 4 | pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE2_XX;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE2_XX:
>> -+ if (*s == sep) {
>> -+ fsm_state = BYTE2_SEP_BYTE3;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE2_SEP_BYTE3:
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[3] = pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE3_X;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE3_X:
>> -+ if (*s == sep) {
>> -+ fsm_state = BYTE3_SEP_BYTE4;
>> -+ break;
>> -+ }
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[3] = buf[3] << 4 | pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE3_XX;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE3_XX:
>> -+ if (*s == sep) {
>> -+ fsm_state = BYTE3_SEP_BYTE4;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE3_SEP_BYTE4:
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[4] = pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE4_X;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE4_X:
>> -+ if (*s == sep) {
>> -+ fsm_state = BYTE4_SEP_BYTE5;
>> -+ break;
>> -+ }
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[4] = buf[4] << 4 | pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE4_XX;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE4_XX:
>> -+ if (*s == sep) {
>> -+ fsm_state = BYTE4_SEP_BYTE5;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE4_SEP_BYTE5:
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[5] = pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE5_X;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE5_X:
>> -+ if (PCAP_ISXDIGIT(*s)) {
>> -+ buf[5] = buf[5] << 4 | pcapint_xdtoi(*s);
>> -+ fsm_state = BYTE5_XX;
>> -+ break;
>> -+ }
>> -+ goto reject;
>> -+ case BYTE5_XX:
>> -+ goto reject;
>> -+ } // switch
>> -+ s++;
>> -+ } // while
>> -+
>> -+ if (fsm_state == BYTE5_X || fsm_state == BYTE5_XX) {
>> -+ // accept
>> -+ memcpy(addr, buf, sizeof(buf));
>> -+ return 1;
>> -+ }
>> -+
>> -+reject:
>> -+ return 0;
>> -+}
>> -+
>> -+// The 'addr' argument must point to an array of at least 6 elements.
>> -+static int
>> -+pcapint_atomac48(const char *s, uint8_t *addr)
>> -+{
>> -+ return s && (
>> -+ pcapint_atomac48_xxxxxxxxxxxx(s, addr) ||
>> -+ pcapint_atomac48_xxxx_3_times(s, addr) ||
>> -+ pcapint_atomac48_x_xx_6_times(s, addr)
>> -+ );
>> -+}
>> -+
>> -+/*
>> -+ * If 's' is a MAC-48 address in one of the forms documented in pcap-filter(7)
>> -+ * for "ether host", return a pointer to an allocated buffer with the binary
>> -+ * value of the address. Return NULL on any error.
>> - */
>> - u_char *
>> - pcap_ether_aton(const char *s)
>> - {
>> -- register u_char *ep, *e;
>> -- register u_char d;
>> -+ uint8_t tmp[6];
>> -+ if (! pcapint_atomac48(s, tmp))
>> -+ return (NULL);
>> -
>> -- e = ep = (u_char *)malloc(6);
>> -+ u_char *e = malloc(6);
>> - if (e == NULL)
>> - return (NULL);
>> --
>> -- while (*s) {
>> -- if (*s == ':' || *s == '.' || *s == '-')
>> -- s += 1;
>> -- d = pcapint_xdtoi(*s++);
>> -- if (PCAP_ISXDIGIT(*s)) {
>> -- d <<= 4;
>> -- d |= pcapint_xdtoi(*s++);
>> -- }
>> -- *ep++ = d;
>> -- }
>> --
>> -+ memcpy(e, tmp, sizeof(tmp));
>> - return (e);
>> - }
>> -
>> diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
>> deleted file mode 100644
>> index 003d21fb1f..0000000000
>> --- a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch
>> +++ /dev/null
>> @@ -1,33 +0,0 @@
>> -From 7fabf607f2319a36a0bd78444247180acb838e69 Mon Sep 17 00:00:00 2001
>> -From: Guy Harris <gharris@sonic.net>
>> -Date: Sun, 7 Sep 2025 12:51:56 -0700
>> -Subject: [PATCH] Fix a copy-and-pasteo in utf_16le_to_utf_8_truncated().
>> -
>> -For the four octets of UTF-8 case, it was decrementing the remaining
>> -buffer length by 3, not 4.
>> -
>> -Thanks to a team of developers from the Univesity of Waterloo for
>> -reporting this.
>> -
>> -(cherry picked from commit aebfca1aea2fc8c177760a26e8f4de27b51d1b3b)
>> -
>> -CVE: CVE-2025-11964
>> -Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69]
>> -Signed-off-by: Peter Marko <peter.marko@siemens.com>
>> ----
>> - fmtutils.c | 2 +-
>> - 1 file changed, 1 insertion(+), 1 deletion(-)
>> -
>> -diff --git a/fmtutils.c b/fmtutils.c
>> -index a5a4fe62..78a0f8b7 100644
>> ---- a/fmtutils.c
>> -+++ b/fmtutils.c
>> -@@ -235,7 +235,7 @@ utf_16le_to_utf_8_truncated(const wchar_t *utf_16, char *utf_8,
>> - *utf_8++ = ((uc >> 12) & 0x3F) | 0x80;
>> - *utf_8++ = ((uc >> 6) & 0x3F) | 0x80;
>> - *utf_8++ = ((uc >> 0) & 0x3F) | 0x80;
>> -- utf_8_len -= 3;
>> -+ utf_8_len -= 4;
>> - }
>> - }
>> -
>> diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb
>> similarity index 83%
>> rename from meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb
>> rename to meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb
>> index ee7d7540f6..5cba790012 100644
>> --- a/meta/recipes-connectivity/libpcap/libpcap_1.10.4.bb
>> +++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.6.bb
>> @@ -11,15 +11,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5eb289217c160e2920d2e35bddc36453 \
>> DEPENDS = "flex-native bison-native"
>>
>> SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \
>> - file://CVE-2023-7256-pre1.patch \
>> - file://CVE-2023-7256.patch \
>> - file://CVE-2024-8006.patch \
>> - file://CVE-2025-11961-01.patch \
>> - file://CVE-2025-11961-02.patch \
>> - file://CVE-2025-11964.patch \
>> "
>>
>> -SRC_URI[sha256sum] = "ed19a0383fad72e3ad435fd239d7cd80d64916b87269550159d20e47160ebe5f"
>> +SRC_URI[sha256sum] = "872dd11337fe1ab02ad9d4fee047c9da244d695c6ddf34e2ebb733efd4ed8aa9"
>>
>> inherit autotools binconfig-disabled pkgconfig
>>
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#235844): https://lists.openembedded.org/g/openembedded-core/message/235844
> Mute This Topic: https://lists.openembedded.org/mt/118738405/3616933
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [kai.kang@windriver.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
Kai Kang
Wind River Linux
prev parent reply other threads:[~2026-05-06 3:06 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-09 6:16 [scarthgap][PATCH 00/12] Fix multiple CVEs jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 01/12] gi-docgen: fix CVE-2025-11687 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 02/12] libsoup: fix CVE-2025-14523/CVE-2025-32049 jinfeng.wang.cn
2026-04-23 17:09 ` [OE-core] " Yoann Congal
2026-04-24 7:16 ` Li, Changqing
2026-04-09 6:16 ` [scarthgap][PATCH 03/12] libsoup-2.4: " jinfeng.wang.cn
2026-04-23 17:13 ` [OE-core] " Yoann Congal
2026-04-24 7:37 ` Li, Changqing
2026-04-09 6:16 ` [scarthgap][PATCH 04/12] python3-ply: fix CVE-2025-56005 jinfeng.wang.cn
2026-04-24 6:45 ` [OE-core] " Yoann Congal
2026-04-27 6:20 ` Chen, Libo (CN)
[not found] ` <18AA22684C0F041F.2188217@lists.openembedded.org>
2026-05-06 8:24 ` Chen, Libo (CN)
2026-04-09 6:16 ` [scarthgap][PATCH 05/12] python3-pyasn1: fix CVE-2026-23490 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 06/12] python3-wheel: fix CVE-2026-24049 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 07/12] gnupg: fix CVE-2026-24882 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 08/12] libxml2: Fix CVE-2026-1757 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 09/12] python3-pyasn1: fix CVE-2026-30922 jinfeng.wang.cn
2026-04-24 7:36 ` [OE-core] " Yoann Congal
2026-04-27 6:04 ` Song, Jiaying (CN)
2026-04-09 6:16 ` [scarthgap][PATCH 10/12] busybox: fix CVE-2026-26157 and CVE-2026-26158 jinfeng.wang.cn
2026-04-09 6:16 ` [scarthgap][PATCH 11/12] zlib: upgrade 1.3.1 -> 1.3.2 jinfeng.wang.cn
2026-04-24 8:10 ` [OE-core] " Yoann Congal
2026-04-09 6:16 ` [scarthgap][PATCH 12/12] libpcap: 1.10.4 -> 1.10.6 jinfeng.wang.cn
2026-04-24 8:21 ` [OE-core] " Yoann Congal
2026-05-06 3:05 ` Kai [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=150bd5e7-5929-463c-b4eb-8fcaab2fde30@windriver.com \
--to=kai.kang@windriver.com \
--cc=Jinfeng.Wang.CN@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=yoann.congal@smile.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox