deleted file mode 100644
@@ -1,112 +0,0 @@
-From 8763c305c29d0abb7e2be4695212b42917d054b2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?P=C3=A1draig=20Brady?= <P@draigBrady.com>
-Date: Tue, 20 May 2025 16:03:44 +0100
-Subject: [PATCH] sort: fix buffer under-read (CWE-127)
-
-* src/sort.c (begfield): Check pointer adjustment
-to avoid Out-of-range pointer offset (CWE-823).
-(limfield): Likewise.
-* tests/sort/sort-field-limit.sh: Add a new test,
-which triggers with ASAN or Valgrind.
-* tests/local.mk: Reference the new test.
-* NEWS: Mention bug fix introduced in v7.2 (2009).
-Fixes https://bugs.gnu.org/78507
-
-CVE: CVE-2025-5278
-
-Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633]
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- src/sort.c | 12 ++++++++++--
- tests/local.mk | 1 +
- tests/sort/sort-field-limit.sh | 35 ++++++++++++++++++++++++++++++++++
- 3 files changed, 46 insertions(+), 2 deletions(-)
- create mode 100755 tests/sort/sort-field-limit.sh
-
-diff --git a/src/sort.c b/src/sort.c
-index b10183b6f..7af1a2512 100644
---- a/src/sort.c
-+++ b/src/sort.c
-@@ -1644,7 +1644,11 @@ begfield (struct line const *line, struct keyfield const *key)
- ++ptr;
-
- /* Advance PTR by SCHAR (if possible), but no further than LIM. */
-- ptr = MIN (lim, ptr + schar);
-+ size_t remaining_bytes = lim - ptr;
-+ if (schar < remaining_bytes)
-+ ptr += schar;
-+ else
-+ ptr = lim;
-
- return ptr;
- }
-@@ -1746,7 +1750,11 @@ limfield (struct line const *line, struct keyfield const *key)
- ++ptr;
-
- /* Advance PTR by ECHAR (if possible), but no further than LIM. */
-- ptr = MIN (lim, ptr + echar);
-+ size_t remaining_bytes = lim - ptr;
-+ if (echar < remaining_bytes)
-+ ptr += echar;
-+ else
-+ ptr = lim;
- }
-
- return ptr;
-diff --git a/tests/local.mk b/tests/local.mk
-index 4da6756ac..642d225fa 100644
---- a/tests/local.mk
-+++ b/tests/local.mk
-@@ -388,6 +388,7 @@ all_tests = \
- tests/sort/sort-debug-keys.sh \
- tests/sort/sort-debug-warn.sh \
- tests/sort/sort-discrim.sh \
-+ tests/sort/sort-field-limit.sh \
- tests/sort/sort-files0-from.pl \
- tests/sort/sort-float.sh \
- tests/sort/sort-h-thousands-sep.sh \
-diff --git a/tests/sort/sort-field-limit.sh b/tests/sort/sort-field-limit.sh
-new file mode 100755
-index 000000000..52d8e1d17
---- /dev/null
-+++ b/tests/sort/sort-field-limit.sh
-@@ -0,0 +1,35 @@
-+#!/bin/sh
-+# From 7.2-9.7, this would trigger an out of bounds mem read
-+
-+# Copyright (C) 2025 Free Software Foundation, Inc.
-+
-+# This program is free software: you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation, either version 3 of the License, or
-+# (at your option) any later version.
-+
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+
-+# You should have received a copy of the GNU General Public License
-+# along with this program. If not, see <https://www.gnu.org/licenses/>.
-+
-+. "${srcdir=.}/tests/init.sh"; path_prepend_ ./src
-+print_ver_ sort
-+getlimits_
-+
-+# This issue triggers with valgrind or ASAN
-+valgrind --error-exitcode=1 sort --version 2>/dev/null &&
-+ VALGRIND='valgrind --error-exitcode=1'
-+
-+{ printf '%s\n' aa bb; } > in || framework_failure_
-+
-+_POSIX2_VERSION=200809 $VALGRIND sort +0.${SIZE_MAX}R in > out || fail=1
-+compare in out || fail=1
-+
-+_POSIX2_VERSION=200809 $VALGRIND sort +1 -1.${SIZE_MAX}R in > out || fail=1
-+compare in out || fail=1
-+
-+Exit $fail
-2.34.1
-
@@ -1,4 +1,4 @@
-From f53ffb5b27ab7d4a4c62df00ebd6a1a6936d1709 Mon Sep 17 00:00:00 2001
+From 6552c48cab4f4dfb100d62af030e4135871325d5 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Wed, 3 Aug 2011 14:12:30 -0700
Subject: [PATCH] coreutils: Fix build on uclibc
@@ -17,7 +17,7 @@ Upstream-Status: Inappropriate [Upstream does care for AIX while we may not]
1 file changed, 12 deletions(-)
diff --git a/m4/getloadavg.m4 b/m4/getloadavg.m4
-index 9d0236f..68f7c52 100644
+index 0d80b64..7ed11e5 100644
--- a/m4/getloadavg.m4
+++ b/m4/getloadavg.m4
@@ -46,18 +46,6 @@ if test $ac_cv_func_getloadavg != yes; then
similarity index 98%
rename from meta/recipes-core/coreutils/coreutils_9.7.bb
rename to meta/recipes-core/coreutils/coreutils_9.8.bb
@@ -15,10 +15,9 @@ inherit autotools gettext texinfo
SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
file://remove-usr-local-lib-from-m4.patch \
- file://0001-sort-fix-buffer-under-read-CWE-127.patch \
file://run-ptest \
"
-SRC_URI[sha256sum] = "e8bb26ad0293f9b5a1fc43fb42ba970e312c66ce92c1b0b16713d7500db251bf"
+SRC_URI[sha256sum] = "e6d4fd2d852c9141a1c2a18a13d146a0cd7e45195f72293a4e4c044ec6ccca15"
# http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
#
Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe(s) *coreutils* to *9.8* has Succeeded. Next steps: - apply the patch: git am 0001-coreutils-upgrade-9.7-9.8.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 5ec6cb64ca05bc07beaca12c140d677c9c937e96 Mon Sep 17 00:00:00 2001 From: Upgrade Helper <auh@yoctoproject.org> Date: Wed, 1 Oct 2025 08:02:31 +0000 Subject: [PATCH] coreutils: upgrade 9.7 -> 9.8 --- ...1-sort-fix-buffer-under-read-CWE-127.patch | 112 ------------------ .../remove-usr-local-lib-from-m4.patch | 4 +- .../{coreutils_9.7.bb => coreutils_9.8.bb} | 3 +- 3 files changed, 3 insertions(+), 116 deletions(-) delete mode 100644 meta/recipes-core/coreutils/coreutils/0001-sort-fix-buffer-under-read-CWE-127.patch rename meta/recipes-core/coreutils/{coreutils_9.7.bb => coreutils_9.8.bb} (98%)