| Message ID | 20251013210954.12041-1-phanirajkiran.a@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | musl: backport fix for CVE-2025-26519 to LTS branches | expand |
Seems you intend this patch for scarthgap but your patch is missing branch name. Can you please resend with updated "--subject-prefix" to make sure this patch is included for scarthgap. On Tue, Oct 14, 2025 at 10:37 AM Mallapuram Phani raj kiran via lists.openembedded.org <phanirajkiran.a=gmail.com@lists.openembedded.org> wrote: > > From: Mallapuram Phanirajkiran <phanirajkiran.a@gmail.com> > > Fixes [YOCTO #15932] > > The musl libc code in LTS (Scarthgap) is missing > the fix addressing CVE-2025-26519. This patch backports the upstream > changes (or applies the required fix) so that LTS builds include it. > > Reference: > https://nvd.nist.gov/vuln/detail/CVE-2025-26519 > > (From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b) > > Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com> > Signed-off-by: Gunda Swetha <swetha12g@gmail.com> > > Reported-by: Cristian Morales Vega > --- > ...x-for-CVE-2025-26519-to-LTS-branches.patch | 50 +++++++++++++++++++ > meta/recipes-core/musl/musl_git.bb | 1 + > 2 files changed, 51 insertions(+) > create mode 100644 meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch > > diff --git a/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch > new file mode 100644 > index 0000000000..3f0b14a5d0 > --- /dev/null > +++ b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch > @@ -0,0 +1,50 @@ > +From 7ee0592397ea0e3d4b47018631642864864d443d Mon Sep 17 00:00:00 2001 > +From: Mallapuram Phanirajkiran <phanirajkiran.a@gmail.com> > +Date: Tue, 14 Oct 2025 01:40:45 +0530 > +Subject: [PATCH] musl: backport fix for CVE-2025-26519 to LTS branches > + > +Fixes [YOCTO #15932] > + > +The musl libc code in LTS (Scarthgap) is missing > +the fix addressing CVE-2025-26519. This patch backports the upstream > +changes (or applies the required fix) so that LTS builds include it. > + > +Reference: > +https://nvd.nist.gov/vuln/detail/CVE-2025-26519 > +(From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b) > + > +Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com> > +Signed-off-by: Gunda Swetha <swetha12g@gmail.com> > + > +Reported-by: Cristian Morales Vega > +--- > + src/locale/iconv.c | 6 +++++- > + 1 file changed, 5 insertions(+), 1 deletion(-) > + > +diff --git a/src/locale/iconv.c b/src/locale/iconv.c > +index 3047c27b..0729465e 100644 > +--- a/src/locale/iconv.c > ++++ b/src/locale/iconv.c > +@@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri > + if (c >= 93 || d >= 94) { > + c += (0xa1-0x81); > + d += 0xa1; > +- if (c >= 93 || c>=0xc6-0x81 && d>0x52) > ++ if (c > 0xc6-0x81 || c>=0xc6-0x81 && d>0x52) > + goto ilseq; > + if (d-'A'<26) d = d-'A'; > + else if (d-'a'<26) d = d-'a'+26; > +@@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri > + if (*outb < k) goto toobig; > + memcpy(*out, tmp, k); > + } else k = wctomb_utf8(*out, c); > ++ /* This failure condition should be unreachable, but > ++ * is included to prevent decoder bugs from translating > ++ * into advancement outside the output buffer range. */ > ++ if (k>4) goto ilseq; > + *out += k; > + *outb -= k; > + break; > +-- > +2.34.1 > + > diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb > index 324269a968..db6f5ce2de 100644 > --- a/meta/recipes-core/musl/musl_git.bb > +++ b/meta/recipes-core/musl/musl_git.bb > @@ -14,6 +14,7 @@ SRC_URI = "git://git.etalabs.net/git/musl;branch=master;protocol=https \ > file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \ > file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \ > file://0003-elf.h-add-typedefs-for-Elf64_Relr-and-Elf32_Relr.patch \ > + file://0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch \ > " > > S = "${WORKDIR}/git" > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#224800): https://lists.openembedded.org/g/openembedded-core/message/224800 > Mute This Topic: https://lists.openembedded.org/mt/115743075/3619737 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ankur.tyagi85@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch new file mode 100644 index 0000000000..3f0b14a5d0 --- /dev/null +++ b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch @@ -0,0 +1,50 @@ +From 7ee0592397ea0e3d4b47018631642864864d443d Mon Sep 17 00:00:00 2001 +From: Mallapuram Phanirajkiran <phanirajkiran.a@gmail.com> +Date: Tue, 14 Oct 2025 01:40:45 +0530 +Subject: [PATCH] musl: backport fix for CVE-2025-26519 to LTS branches + +Fixes [YOCTO #15932] + +The musl libc code in LTS (Scarthgap) is missing +the fix addressing CVE-2025-26519. This patch backports the upstream +changes (or applies the required fix) so that LTS builds include it. + +Reference: +https://nvd.nist.gov/vuln/detail/CVE-2025-26519 +(From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b) + +Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com> +Signed-off-by: Gunda Swetha <swetha12g@gmail.com> + +Reported-by: Cristian Morales Vega +--- + src/locale/iconv.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/locale/iconv.c b/src/locale/iconv.c +index 3047c27b..0729465e 100644 +--- a/src/locale/iconv.c ++++ b/src/locale/iconv.c +@@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri + if (c >= 93 || d >= 94) { + c += (0xa1-0x81); + d += 0xa1; +- if (c >= 93 || c>=0xc6-0x81 && d>0x52) ++ if (c > 0xc6-0x81 || c>=0xc6-0x81 && d>0x52) + goto ilseq; + if (d-'A'<26) d = d-'A'; + else if (d-'a'<26) d = d-'a'+26; +@@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri + if (*outb < k) goto toobig; + memcpy(*out, tmp, k); + } else k = wctomb_utf8(*out, c); ++ /* This failure condition should be unreachable, but ++ * is included to prevent decoder bugs from translating ++ * into advancement outside the output buffer range. */ ++ if (k>4) goto ilseq; + *out += k; + *outb -= k; + break; +-- +2.34.1 + diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb index 324269a968..db6f5ce2de 100644 --- a/meta/recipes-core/musl/musl_git.bb +++ b/meta/recipes-core/musl/musl_git.bb @@ -14,6 +14,7 @@ SRC_URI = "git://git.etalabs.net/git/musl;branch=master;protocol=https \ file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \ file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \ file://0003-elf.h-add-typedefs-for-Elf64_Relr-and-Elf32_Relr.patch \ + file://0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch \ " S = "${WORKDIR}/git"