deleted file mode 100644
@@ -1,143 +0,0 @@
-From 070cfacd7348386173231fb16fad4983d4e6ae40 Mon Sep 17 00:00:00 2001
-From: Petr Vorel <pvorel@suse.cz>
-Date: Mon, 5 May 2025 23:55:57 +0200
-Subject: [PATCH] ping: Fix signed 64-bit integer overflow in RTT calculation
-
-Crafted ICMP Echo Reply packet can cause signed integer overflow in
-
-1) triptime calculation:
-triptime = tv->tv_sec * 1000000 + tv->tv_usec;
-
-2) tsum2 increment which uses triptime
-rts->tsum2 += (double)((long long)triptime * (long long)triptime);
-
-3) final tmvar:
-tmvar = (rts->tsum2 / total) - (tmavg * tmavg)
-
- $ export CFLAGS="-O1 -g -fsanitize=address,undefined -fno-omit-frame-pointer"
- $ export LDFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer"
- $ meson setup .. -Db_sanitize=address,undefined
- $ ninja
- $ ./ping/ping -c2 127.0.0.1
-
- PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
- 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.061 ms
- ../ping/ping_common.c:757:25: runtime error: signed integer overflow: -2513732689199106 * 1000000 cannot be represented in type 'long int'
- ../ping/ping_common.c:757:12: runtime error: signed integer overflow: -4975495174606980224 + -6510615555425289427 cannot be represented in type 'long int'
- ../ping/ping_common.c:769:47: runtime error: signed integer overflow: 6960633343677281965 * 6960633343677281965 cannot be represented in type 'long int'
- 24 bytes from 127.0.0.1: icmp_seq=1 ttl=64 (truncated)
- ./ping/ping: Warning: time of day goes back (-7256972569576721377us), taking countermeasures
- ./ping/ping: Warning: time of day goes back (-7256972569576721232us), taking countermeasures
- 24 bytes from 127.0.0.1: icmp_seq=1 ttl=64 (truncated)
- ../ping/ping_common.c:265:16: runtime error: signed integer overflow: 6960633343677281965 * 2 cannot be represented in type 'long int'
- 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.565 ms
-
- --- 127.0.0.1 ping statistics ---
- 2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 1002ms
- ../ping/ping_common.c:940:42: runtime error: signed integer overflow: 1740158335919320832 * 1740158335919320832 cannot be represented in type 'long int'
- rtt min/avg/max/mdev = 0.000/1740158335919320.832/6960633343677281.965/-1623514645242292.-224 ms
-
-To fix the overflow check allowed ranges of struct timeval members:
-* tv_sec <0, LONG_MAX/1000000>
-* tv_usec <0, 999999>
-
-Fix includes 2 new error messages (needs translation).
-Also existing message "time of day goes back ..." needed to be modified
-as it now prints tv->tv_sec which is a second (needs translation update).
-
-After fix:
-
- $ ./ping/ping -c2 127.0.0.1
- 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.057 ms
- ./ping/ping: Warning: invalid tv_usec -6510615555424928611 us
- ./ping/ping: Warning: time of day goes back (-3985394643238914 s), taking countermeasures
- ./ping/ping: Warning: invalid tv_usec -6510615555424928461 us
- ./ping/ping: Warning: time of day goes back (-3985394643238914 s), taking countermeasures
- 24 bytes from 127.0.0.1: icmp_seq=1 ttl=64 (truncated)
- ./ping/ping: Warning: invalid tv_usec -6510615555425884541 us
- ./ping/ping: Warning: time of day goes back (-4243165695442945 s), taking countermeasures
- 24 bytes from 127.0.0.1: icmp_seq=1 ttl=64 (truncated)
- 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.111 ms
-
- --- 127.0.0.1 ping statistics ---
- 2 packets transmitted, 2 received, +2 duplicates, 0% packet loss, time 101ms
- rtt min/avg/max/mdev = 0.000/0.042/0.111/0.046 ms
-
-Fixes: https://github.com/iputils/iputils/issues/584
-Fixes: CVE-2025-472
-Link: https://github.com/Zephkek/ping-rtt-overflow/
-Co-developed-by: Cyril Hrubis <chrubis@suse.cz>
-Reported-by: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
-Reviewed-by: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
-Reviewed-by: Cyril Hrubis <chrubis@suse.cz>
-Reviewed-by: Noah Meyerhans <noahm@debian.org>
-Signed-off-by: Petr Vorel <pvorel@suse.cz>
-
-CVE: CVE-2025-47268
-
-Upstream-Status: Backport
-[https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40]
-
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- iputils_common.h | 3 +++
- ping/ping_common.c | 22 +++++++++++++++++++---
- 2 files changed, 22 insertions(+), 3 deletions(-)
-
-diff --git a/iputils_common.h b/iputils_common.h
-index 49e790d..829a749 100644
---- a/iputils_common.h
-+++ b/iputils_common.h
-@@ -10,6 +10,9 @@
- !!__builtin_types_compatible_p(__typeof__(arr), \
- __typeof__(&arr[0]))])) * 0)
-
-+/* 1000001 = 1000000 tv_sec + 1 tv_usec */
-+#define TV_SEC_MAX_VAL (LONG_MAX/1000001)
-+
- #ifdef __GNUC__
- # define iputils_attribute_format(t, n, m) __attribute__((__format__ (t, n, m)))
- #else
-diff --git a/ping/ping_common.c b/ping/ping_common.c
-index dadd2a4..4e99d89 100644
---- a/ping/ping_common.c
-+++ b/ping/ping_common.c
-@@ -754,16 +754,32 @@ int gather_statistics(struct ping_rts *rts, uint8_t *icmph, int icmplen,
-
- restamp:
- tvsub(tv, &tmp_tv);
-- triptime = tv->tv_sec * 1000000 + tv->tv_usec;
-- if (triptime < 0) {
-- error(0, 0, _("Warning: time of day goes back (%ldus), taking countermeasures"), triptime);
-+
-+ if (tv->tv_usec >= 1000000) {
-+ error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
-+ tv->tv_usec = 999999;
-+ }
-+
-+ if (tv->tv_usec < 0) {
-+ error(0, 0, _("Warning: invalid tv_usec %ld us"), tv->tv_usec);
-+ tv->tv_usec = 0;
-+ }
-+
-+ if (tv->tv_sec > TV_SEC_MAX_VAL) {
-+ error(0, 0, _("Warning: invalid tv_sec %ld s"), tv->tv_sec);
-+ triptime = 0;
-+ } else if (tv->tv_sec < 0) {
-+ error(0, 0, _("Warning: time of day goes back (%ld s), taking countermeasures"), tv->tv_sec);
- triptime = 0;
- if (!rts->opt_latency) {
- gettimeofday(tv, NULL);
- rts->opt_latency = 1;
- goto restamp;
- }
-+ } else {
-+ triptime = tv->tv_sec * 1000000 + tv->tv_usec;
- }
-+
- if (!csfailed) {
- rts->tsum += triptime;
- rts->tsum2 += (double)((long long)triptime * (long long)triptime);
-2.34.1
-
similarity index 95%
rename from meta/recipes-extended/iputils/iputils_20240905.bb
rename to meta/recipes-extended/iputils/iputils_20250605.bb
@@ -11,9 +11,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=627cc07ec86a45951d43e30658bbd819"
DEPENDS = "gnutls"
SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \
- file://CVE-2025-47268.patch \
"
-SRCREV = "10b50784aae3fb75c96cdf9b1668916b49557dd5"
+SRCREV = "6e1cb146547eb6fbb127ffc8397a9241be0d33c2"
S = "${WORKDIR}/git"
Bugfix release: https://github.com/iputils/iputils/releases/tag/20250605 This also includes security release update https://github.com/iputils/iputils/releases/tag/20250602 Security release, fixes CVE-2025-47268 and CVE-2025-48964 (therefore remove backported fix CVE-2025-47268.patch Signed-off-by: Petr Vorel <petr.vorel@gmail.com> --- Hi Richard, I'm sorry to again completely skip testing this patch (iputils maintainer, not using Yocto at all). Thanks a lot in advance to do the testing. Kind regards, Petr .../iputils/iputils/CVE-2025-47268.patch | 143 ------------------ ...putils_20240905.bb => iputils_20250605.bb} | 3 +- 2 files changed, 1 insertion(+), 145 deletions(-) delete mode 100644 meta/recipes-extended/iputils/iputils/CVE-2025-47268.patch rename meta/recipes-extended/iputils/{iputils_20240905.bb => iputils_20250605.bb} (95%)