wireshark: upgrade 4.2.14 -> 4.6.3

Contains fix for CVE-2025-0962.

Removed CVE-2025-9817.patch because it is included in this release.

Add a patch that allows it building for native: it is looking for iconv.h
header as a new dependency for (optional) zlib-ng support, however it
is not installed in the sysroot for native builds. Add a patch that removes
this hard dependency for native builds.

Changelogs:
https://www.wireshark.org/docs/relnotes/wireshark-4.6.3.html
https://www.wireshark.org/docs/relnotes/wireshark-4.6.2.html
https://www.wireshark.org/docs/relnotes/wireshark-4.6.1.html
https://www.wireshark.org/docs/relnotes/wireshark-4.6.0.html

Overall changelogs (including 4.4 also): https://www.wireshark.org/docs/relnotes/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

meta-networking/recipes-support/wireshark/README

@@ -1,45 +0,0 @@
-#
-Wireshark - Notes
-
-URL: http://www.wireshark.org/
-User Guide: http://www.wireshark.org/docs/wsug_html_chunked/
-Secruity advisories: http://www.wireshark.org/security/
-
-Wireshark is slowly moving away from gtk and towards QT as their graphical stack.
-Currently gtk is supported with this release and I plan on integrating QT. 
-
-
-
-Adding the wireshark to your build
-========================================
-
-via local.conf
-IMAGE_INSTALL:append = " wireshark"
-
-Adding the wireshark to your graphical build
-========================================
-via local.conf
-IMAGE_INSTALL:append = " wireshark"
-
-and one of:
-
-EXTRA_IMAGE_FEATURES += "x11-base"
-
-or use the "core-image-x11"
-
-
-Maintenance
------------
-
-Send patches, comments or questions to openembedded-devel@lists.openembedded.org
-
-When sending single patches, please use something like:
-
-   git send-email -1 -M \
-       --to openembedded-devel@lists.openembedded.org \
-       --cc akuster@mvista.com \
-       --subject-prefix=meta-networking][PATCH
-
-Maintainer:    Armin Kuster <akuster@mvista.com>
-
-

meta-networking/recipes-support/wireshark/files/0001-don-t-look-for-iconv.h-for-native-build.patch

@@ -0,0 +1,46 @@
+From 9a9d99fb57caa38c4bc045f544429ec919ec6158 Mon Sep 17 00:00:00 2001
+From: Gyorgy Sarvari <skandigraun@gmail.com>
+Date: Mon, 26 Jan 2026 21:26:49 +0100
+Subject: [PATCH] don't look for iconv.h for native build
+
+iconv.h is not installed in the sysroot for native builds, and cmake
+only searches for it in the sysroot.
+
+It seems to be only required for zlib-ng support (based on the
+commit[1] that introduced this dependency), which is currently not
+enabled in the recipe.
+
+To avoid build failure due to not finding this header during configuration,
+remove this dependency from native builds
+
+Upstream-Status: Inappropriate [OE specific]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ cmake/modules/FindLibXml2.cmake | 7 +------
+ 1 file changed, 1 insertion(+), 6 deletions(-)
+
+diff --git a/cmake/modules/FindLibXml2.cmake b/cmake/modules/FindLibXml2.cmake
+index d36b390..f3e4762 100644
+--- a/cmake/modules/FindLibXml2.cmake
++++ b/cmake/modules/FindLibXml2.cmake
+@@ -66,11 +66,6 @@ find_path(LIBXML2_INCLUDE_DIR NAMES libxml/xpath.h
+    PATH_SUFFIXES libxml2
+    )
+ 
+-find_path(ICONV_INCLUDE_DIR  NAMES iconv.h
+-   HINTS
+-   ${LIBXML2_HINTS}/include
+-   )
+-
+ # CMake 3.9 and below used 'LIBXML2_LIBRARIES' as the name of
+ # the cache entry storing the find_library result.  Use the
+ # value if it was set by the project or user.
+@@ -103,7 +98,7 @@ elseif(LIBXML2_INCLUDE_DIR AND EXISTS "${LIBXML2_INCLUDE_DIR}/libxml/xmlversion.
+     unset(libxml2_version_str)
+ endif()
+ 
+-set(LIBXML2_INCLUDE_DIRS ${LIBXML2_INCLUDE_DIR} ${PC_LIBXML_INCLUDE_DIRS} ${ICONV_INCLUDE_DIR})
++set(LIBXML2_INCLUDE_DIRS ${LIBXML2_INCLUDE_DIR} ${PC_LIBXML_INCLUDE_DIRS})
+ set(LIBXML2_LIBRARIES ${LIBXML2_LIBRARY})
+ 
+ include(FindPackageHandleStandardArgs)

meta-networking/recipes-support/wireshark/files/0002-flex-Remove-line-directives.patch

@@ -23,19 +23,19 @@ index 20caa09..174f452 100644
  
 -      ADD_CUSTOM_COMMAND(
 -        OUTPUT ${_outc} ${_outh}
--        COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> -o${_outc} --header-file=${_outh} ${_in}
+-        COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> --outfile=${_outc} --header-file=${_outh} ${_in}
 -        DEPENDS ${_in}
 -      )
 +      IF (DEFINED ENV{SOURCE_DATE_EPOCH})
 +        ADD_CUSTOM_COMMAND(
 +          OUTPUT ${_outc} ${_outh}
-+          COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> --noline -o${_outc} --header-file=${_outh} ${_in}
++          COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> --noline --outfile=${_outc} --header-file=${_outh} ${_in}
 +          DEPENDS ${_in}
 +        )
 +      ELSE ()
 +        ADD_CUSTOM_COMMAND(
 +          OUTPUT ${_outc} ${_outh}
-+          COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> -o${_outc} --header-file=${_outh} ${_in}
++          COMMAND ${LEX_EXECUTABLE} $<$<OR:$<CONFIG:Debug>,$<CONFIG:RelWithDebInfo>>:--debug> --ooutfile=${_outc} --header-file=${_outh} ${_in}
 +          DEPENDS ${_in}
 +        )
 +      ENDIF ()

meta-networking/recipes-support/wireshark/files/0004-lemon-Remove-line-directives.patch

@@ -17,7 +17,7 @@ diff --git a/cmake/modules/UseLemon.cmake b/cmake/modules/UseLemon.cmake
 index e419de1..fa4034e 100644
 --- a/cmake/modules/UseLemon.cmake
 +++ b/cmake/modules/UseLemon.cmake
-@@ -12,6 +12,7 @@ if(LEMON_EXECUTABLE)
+@@ -17,6 +17,7 @@ if(LEMON_EXECUTABLE)
  				${_out}.h
  				${_out}.out
  			COMMAND ${LEMON_EXECUTABLE}
@@ -25,11 +25,11 @@ index e419de1..fa4034e 100644
  				-T/usr/share/lemon/lempar.c
  				-d.
  				${_in}
-@@ -30,6 +31,7 @@ else()
+@@ -35,6 +36,7 @@ else()
  				${_out}.h
  				${_out}.out
  			COMMAND $<TARGET_FILE:lemon>
 +				-l
  				-T${CMAKE_SOURCE_DIR}/tools/lemon/lempar.c
  				-d.
- 				${_in}
+ 				--

meta-networking/recipes-support/wireshark/files/CVE-2025-9817.patch

@@ -1,32 +0,0 @@
-From 39daba5e247ea495f88b0be82f0b7ebbdbf50fba Mon Sep 17 00:00:00 2001
-From: John Thacker <johnthacker@gmail.com>
-Date: Sat, 26 Jul 2025 07:10:28 -0400
-Subject: [PATCH] ssh: Add a null check
-
-Fix #20642
-
-Upstream-Status: Backport [https://gitlab.com/wireshark/wireshark/-/commit/39daba5e247ea495f88b0be82f0b7ebbdbf50fba]
-CVE: CVE-2025-9817
-Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
----
- epan/dissectors/packet-ssh.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/epan/dissectors/packet-ssh.c b/epan/dissectors/packet-ssh.c
-index 4f2b0ff..9b3b904 100644
---- a/epan/dissectors/packet-ssh.c
-+++ b/epan/dissectors/packet-ssh.c
-@@ -2359,6 +2359,10 @@ ssh_kex_shared_secret(gint kex_type, ssh_bignum *pub, ssh_bignum *priv, ssh_bign
-     }
- 
-     if(kex_type==SSH_KEX_DH_GEX){
-+	if (modulo == NULL) {
-+	    ws_debug("Missing group modulo");
-+	    return NULL;
-+	}
-         gcry_mpi_t b = NULL;
-         gcry_mpi_scan(&b, GCRYMPI_FMT_USG, pub->data, pub->length, NULL);
-         gcry_mpi_t d = NULL, e = NULL, m = NULL;
--- 
-2.43.0
-

meta-networking/recipes-support/wireshark/wireshark_4.6.3.bb

@@ -4,7 +4,7 @@ SECTION = "net"
 LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=570a9b3749dd0463a1778803b12a6dce"
 
-DEPENDS = "pcre2 expat glib-2.0 glib-2.0-native libgcrypt libgpg-error libxml2 bison-native c-ares speexdsp"
+DEPENDS = "pcre2 expat glib-2.0 glib-2.0-native libgcrypt libgpg-error libxml2 bison-native c-ares speexdsp virtual/libiconv"
 
 DEPENDS:append:class-target = " wireshark-native chrpath-replacement-native "
 
@@ -13,12 +13,13 @@ SRC_URI = "https://1.eu.dl.wireshark.org/src/all-versions/wireshark-${PV}.tar.xz
            file://0002-flex-Remove-line-directives.patch \
            file://0004-lemon-Remove-line-directives.patch \
            file://0001-UseLemon.cmake-do-not-use-lemon-data-from-the-host.patch \
-           file://CVE-2025-9817.patch \
            "
 
+SRC_URI:append:class-native = " file://0001-don-t-look-for-iconv.h-for-native-build.patch"
+
 UPSTREAM_CHECK_URI = "https://1.as.dl.wireshark.org/src/all-versions"
 
-SRC_URI[sha256sum] = "098177f021951638f5bdca5b01f284c14fcc3f6c804f7aa2ca00fdcb99c7a166"
+SRC_URI[sha256sum] = "9fa6a745df8540899dc9d433e4634d6755371ff87bd722ce04c7d7b0132d9af3"
 
 PE = "1"
 
@@ -59,16 +60,19 @@ EXTRA_OECMAKE += "-DENABLE_NETLINK=ON \
                   -DM_INCLUDE_DIR=${includedir} \
                   -DM_LIBRARY=${libdir} \
                  "
+
+# use lemon from ${PN}-native, instead of cross-compiled or host versions
+EXTRA_OECMAKE:append:class-target = " -DLEMON_EXECUTABLE=${STAGING_BINDIR_NATIVE}/lemon"
 CFLAGS:append = " -lm"
 
 do_compile:append:class-target() {
     # Fix TMPDIR, these are in the comments section
     sed -i -e "s:** source file.*::g"  ${B}/wiretap/ascend_parser.c
-    sed -i -e "s:** source file.*::g"  ${B}/wiretap/candump_parser.c
     sed -i -e "s:** source file.*::g"  ${B}/wiretap/busmaster_parser.c
     sed -i -e "s:** source file.*::g"  ${B}/epan/protobuf_lang_parser.c
-    sed -i -e "s:** source file.*::g"  ${B}/epan/dtd_grammar.c
     sed -i -e "s:** source file.*::g"  ${B}/epan/dfilter/grammar.c
+    test -e ${B}/plugins/epan/mate/mate_grammar.c && \
+        sed -i -e "s:** source file.*::g"  ${B}/plugins/epan/mate/mate_grammar.c
 }
 
 do_install:append:class-native() {