| Message ID | 20251014135247.6178-1-phanirajkiran.a@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [scarthgap] musl: backport fix for CVE-2025-26519 to LTS branches | expand |
On Tue, Oct 14, 2025 at 9:13 AM Mallapuram Phani raj kiran via lists.openembedded.org <phanirajkiran.a=gmail.com@lists.openembedded.org> wrote: > > From: Mallapuram Phanirajkiran <phanirajkiran.a@gmail.com> > > Fixes [YOCTO #15932] > > The musl libc code in LTS (Scarthgap) is missing > the fix addressing CVE-2025-26519. This patch backports the upstream > changes (or applies the required fix) so that LTS builds include it. > > Reference: > https://nvd.nist.gov/vuln/detail/CVE-2025-26519 > > (From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b) > > Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com> > Signed-off-by: Gunda Swetha <swetha12g@gmail.com> > > Reported-by: Cristian Morales Vega > --- > ...x-for-CVE-2025-26519-to-LTS-branches.patch | 50 +++++++++++++++++++ > meta/recipes-core/musl/musl_git.bb | 1 + > 2 files changed, 51 insertions(+) > create mode 100644 meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch > > diff --git a/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch > new file mode 100644 > index 0000000000..3f0b14a5d0 > --- /dev/null > +++ b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch > @@ -0,0 +1,50 @@ > +From 7ee0592397ea0e3d4b47018631642864864d443d Mon Sep 17 00:00:00 2001 > +From: Mallapuram Phanirajkiran <phanirajkiran.a@gmail.com> > +Date: Tue, 14 Oct 2025 01:40:45 +0530 > +Subject: [PATCH] musl: backport fix for CVE-2025-26519 to LTS branches > + > +Fixes [YOCTO #15932] > + > +The musl libc code in LTS (Scarthgap) is missing > +the fix addressing CVE-2025-26519. This patch backports the upstream > +changes (or applies the required fix) so that LTS builds include it. > + > +Reference: > +https://nvd.nist.gov/vuln/detail/CVE-2025-26519 > +(From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b) > + > +Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com> > +Signed-off-by: Gunda Swetha <swetha12g@gmail.com> > + > +Reported-by: Cristian Morales Vega Please add Upstream-Status tag to this musl patch > +--- > + src/locale/iconv.c | 6 +++++- > + 1 file changed, 5 insertions(+), 1 deletion(-) > + > +diff --git a/src/locale/iconv.c b/src/locale/iconv.c > +index 3047c27b..0729465e 100644 > +--- a/src/locale/iconv.c > ++++ b/src/locale/iconv.c > +@@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri > + if (c >= 93 || d >= 94) { > + c += (0xa1-0x81); > + d += 0xa1; > +- if (c >= 93 || c>=0xc6-0x81 && d>0x52) > ++ if (c > 0xc6-0x81 || c>=0xc6-0x81 && d>0x52) > + goto ilseq; > + if (d-'A'<26) d = d-'A'; > + else if (d-'a'<26) d = d-'a'+26; > +@@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri > + if (*outb < k) goto toobig; > + memcpy(*out, tmp, k); > + } else k = wctomb_utf8(*out, c); > ++ /* This failure condition should be unreachable, but > ++ * is included to prevent decoder bugs from translating > ++ * into advancement outside the output buffer range. */ > ++ if (k>4) goto ilseq; > + *out += k; > + *outb -= k; > + break; > +-- > +2.34.1 > + > diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb > index 324269a968..db6f5ce2de 100644 > --- a/meta/recipes-core/musl/musl_git.bb > +++ b/meta/recipes-core/musl/musl_git.bb > @@ -14,6 +14,7 @@ SRC_URI = "git://git.etalabs.net/git/musl;branch=master;protocol=https \ > file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \ > file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \ > file://0003-elf.h-add-typedefs-for-Elf64_Relr-and-Elf32_Relr.patch \ > + file://0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch \ > " > > S = "${WORKDIR}/git" > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#224839): https://lists.openembedded.org/g/openembedded-core/message/224839 > Mute This Topic: https://lists.openembedded.org/mt/115755455/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On 10/14/25 18:42, Khem Raj via lists.openembedded.org wrote: > On Tue, Oct 14, 2025 at 9:13 AM Mallapuram Phani raj kiran via > lists.openembedded.org > <phanirajkiran.a=gmail.com@lists.openembedded.org> wrote: >> From: Mallapuram Phanirajkiran <phanirajkiran.a@gmail.com> >> >> Fixes [YOCTO #15932] >> >> The musl libc code in LTS (Scarthgap) is missing >> the fix addressing CVE-2025-26519. This patch backports the upstream >> changes (or applies the required fix) so that LTS builds include it. >> >> Reference: >> https://nvd.nist.gov/vuln/detail/CVE-2025-26519 >> >> (From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b) >> >> Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com> >> Signed-off-by: Gunda Swetha <swetha12g@gmail.com> >> >> Reported-by: Cristian Morales Vega >> --- >> ...x-for-CVE-2025-26519-to-LTS-branches.patch | 50 +++++++++++++++++++ >> meta/recipes-core/musl/musl_git.bb | 1 + >> 2 files changed, 51 insertions(+) >> create mode 100644 meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch >> >> diff --git a/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch >> new file mode 100644 >> index 0000000000..3f0b14a5d0 >> --- /dev/null >> +++ b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch >> @@ -0,0 +1,50 @@ >> +From 7ee0592397ea0e3d4b47018631642864864d443d Mon Sep 17 00:00:00 2001 >> +From: Mallapuram Phanirajkiran <phanirajkiran.a@gmail.com> >> +Date: Tue, 14 Oct 2025 01:40:45 +0530 >> +Subject: [PATCH] musl: backport fix for CVE-2025-26519 to LTS branches >> + >> +Fixes [YOCTO #15932] >> + >> +The musl libc code in LTS (Scarthgap) is missing >> +the fix addressing CVE-2025-26519. This patch backports the upstream >> +changes (or applies the required fix) so that LTS builds include it. >> + >> +Reference: >> +https://nvd.nist.gov/vuln/detail/CVE-2025-26519 >> +(From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b) >> + >> +Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com> >> +Signed-off-by: Gunda Swetha <swetha12g@gmail.com> >> + >> +Reported-by: Cristian Morales Vega > Please add Upstream-Status tag to this musl patch A CVE-tag also, so it will be picked up by the CVE-checker when the time comes. > >> +--- >> + src/locale/iconv.c | 6 +++++- >> + 1 file changed, 5 insertions(+), 1 deletion(-) >> + >> +diff --git a/src/locale/iconv.c b/src/locale/iconv.c >> +index 3047c27b..0729465e 100644 >> +--- a/src/locale/iconv.c >> ++++ b/src/locale/iconv.c >> +@@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri >> + if (c >= 93 || d >= 94) { >> + c += (0xa1-0x81); >> + d += 0xa1; >> +- if (c >= 93 || c>=0xc6-0x81 && d>0x52) >> ++ if (c > 0xc6-0x81 || c>=0xc6-0x81 && d>0x52) >> + goto ilseq; >> + if (d-'A'<26) d = d-'A'; >> + else if (d-'a'<26) d = d-'a'+26; >> +@@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri >> + if (*outb < k) goto toobig; >> + memcpy(*out, tmp, k); >> + } else k = wctomb_utf8(*out, c); >> ++ /* This failure condition should be unreachable, but >> ++ * is included to prevent decoder bugs from translating >> ++ * into advancement outside the output buffer range. */ >> ++ if (k>4) goto ilseq; >> + *out += k; >> + *outb -= k; >> + break; >> +-- >> +2.34.1 >> + >> diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb >> index 324269a968..db6f5ce2de 100644 >> --- a/meta/recipes-core/musl/musl_git.bb >> +++ b/meta/recipes-core/musl/musl_git.bb >> @@ -14,6 +14,7 @@ SRC_URI = "git://git.etalabs.net/git/musl;branch=master;protocol=https \ >> file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \ >> file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \ >> file://0003-elf.h-add-typedefs-for-Elf64_Relr-and-Elf32_Relr.patch \ >> + file://0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch \ >> " >> >> S = "${WORKDIR}/git" >> -- >> 2.34.1 >> >> >> >> >> >> -=-=-=-=-=-=-=-=-=-=-=- >> Links: You receive all messages sent to this group. >> View/Reply Online (#224843): https://lists.openembedded.org/g/openembedded-core/message/224843 >> Mute This Topic: https://lists.openembedded.org/mt/115755455/6084445 >> Group Owner: openembedded-core+owner@lists.openembedded.org >> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [skandigraun@gmail.com] >> -=-=-=-=-=-=-=-=-=-=-=- >>
On Tue, Oct 14, 2025 at 9:13 AM Mallapuram Phani raj kiran via lists.openembedded.org <phanirajkiran.a=gmail.com@lists.openembedded.org> wrote: > > From: Mallapuram Phanirajkiran <phanirajkiran.a@gmail.com> > > Fixes [YOCTO #15932] > > The musl libc code in LTS (Scarthgap) is missing > the fix addressing CVE-2025-26519. This patch backports the upstream > changes (or applies the required fix) so that LTS builds include it. > > Reference: > https://nvd.nist.gov/vuln/detail/CVE-2025-26519 > > (From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b) > > Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com> > Signed-off-by: Gunda Swetha <swetha12g@gmail.com> > > Reported-by: Cristian Morales Vega > --- > ...x-for-CVE-2025-26519-to-LTS-branches.patch | 50 +++++++++++++++++++ > meta/recipes-core/musl/musl_git.bb | 1 + > 2 files changed, 51 insertions(+) > create mode 100644 meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch > > diff --git a/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch > new file mode 100644 > index 0000000000..3f0b14a5d0 > --- /dev/null > +++ b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch > @@ -0,0 +1,50 @@ > +From 7ee0592397ea0e3d4b47018631642864864d443d Mon Sep 17 00:00:00 2001 > +From: Mallapuram Phanirajkiran <phanirajkiran.a@gmail.com> > +Date: Tue, 14 Oct 2025 01:40:45 +0530 > +Subject: [PATCH] musl: backport fix for CVE-2025-26519 to LTS branches > + > +Fixes [YOCTO #15932] > + > +The musl libc code in LTS (Scarthgap) is missing > +the fix addressing CVE-2025-26519. This patch backports the upstream > +changes (or applies the required fix) so that LTS builds include it. > + > +Reference: > +https://nvd.nist.gov/vuln/detail/CVE-2025-26519 > +(From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b) > + > +Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com> > +Signed-off-by: Gunda Swetha <swetha12g@gmail.com> > + > +Reported-by: Cristian Morales Vega > +--- > + src/locale/iconv.c | 6 +++++- > + 1 file changed, 5 insertions(+), 1 deletion(-) > + > +diff --git a/src/locale/iconv.c b/src/locale/iconv.c > +index 3047c27b..0729465e 100644 > +--- a/src/locale/iconv.c > ++++ b/src/locale/iconv.c > +@@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri > + if (c >= 93 || d >= 94) { > + c += (0xa1-0x81); > + d += 0xa1; > +- if (c >= 93 || c>=0xc6-0x81 && d>0x52) > ++ if (c > 0xc6-0x81 || c>=0xc6-0x81 && d>0x52) > + goto ilseq; > + if (d-'A'<26) d = d-'A'; > + else if (d-'a'<26) d = d-'a'+26; > +@@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri > + if (*outb < k) goto toobig; > + memcpy(*out, tmp, k); > + } else k = wctomb_utf8(*out, c); > ++ /* This failure condition should be unreachable, but > ++ * is included to prevent decoder bugs from translating > ++ * into advancement outside the output buffer range. */ > ++ if (k>4) goto ilseq; > + *out += k; > + *outb -= k; > + break; > +-- > +2.34.1 > + > diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb > index 324269a968..db6f5ce2de 100644 > --- a/meta/recipes-core/musl/musl_git.bb > +++ b/meta/recipes-core/musl/musl_git.bb > @@ -14,6 +14,7 @@ SRC_URI = "git://git.etalabs.net/git/musl;branch=master;protocol=https \ > file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \ > file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \ > file://0003-elf.h-add-typedefs-for-Elf64_Relr-and-Elf32_Relr.patch \ > + file://0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch \ Along with the other comments, please change the filename to just CVE-2025-26519.patch Thanks! Steve > " > > S = "${WORKDIR}/git" > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#224839): https://lists.openembedded.org/g/openembedded-core/message/224839 > Mute This Topic: https://lists.openembedded.org/mt/115755455/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch new file mode 100644 index 0000000000..3f0b14a5d0 --- /dev/null +++ b/meta/recipes-core/musl/musl/0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch @@ -0,0 +1,50 @@ +From 7ee0592397ea0e3d4b47018631642864864d443d Mon Sep 17 00:00:00 2001 +From: Mallapuram Phanirajkiran <phanirajkiran.a@gmail.com> +Date: Tue, 14 Oct 2025 01:40:45 +0530 +Subject: [PATCH] musl: backport fix for CVE-2025-26519 to LTS branches + +Fixes [YOCTO #15932] + +The musl libc code in LTS (Scarthgap) is missing +the fix addressing CVE-2025-26519. This patch backports the upstream +changes (or applies the required fix) so that LTS builds include it. + +Reference: +https://nvd.nist.gov/vuln/detail/CVE-2025-26519 +(From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b) + +Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com> +Signed-off-by: Gunda Swetha <swetha12g@gmail.com> + +Reported-by: Cristian Morales Vega +--- + src/locale/iconv.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/locale/iconv.c b/src/locale/iconv.c +index 3047c27b..0729465e 100644 +--- a/src/locale/iconv.c ++++ b/src/locale/iconv.c +@@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri + if (c >= 93 || d >= 94) { + c += (0xa1-0x81); + d += 0xa1; +- if (c >= 93 || c>=0xc6-0x81 && d>0x52) ++ if (c > 0xc6-0x81 || c>=0xc6-0x81 && d>0x52) + goto ilseq; + if (d-'A'<26) d = d-'A'; + else if (d-'a'<26) d = d-'a'+26; +@@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri + if (*outb < k) goto toobig; + memcpy(*out, tmp, k); + } else k = wctomb_utf8(*out, c); ++ /* This failure condition should be unreachable, but ++ * is included to prevent decoder bugs from translating ++ * into advancement outside the output buffer range. */ ++ if (k>4) goto ilseq; + *out += k; + *outb -= k; + break; +-- +2.34.1 + diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb index 324269a968..db6f5ce2de 100644 --- a/meta/recipes-core/musl/musl_git.bb +++ b/meta/recipes-core/musl/musl_git.bb @@ -14,6 +14,7 @@ SRC_URI = "git://git.etalabs.net/git/musl;branch=master;protocol=https \ file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \ file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \ file://0003-elf.h-add-typedefs-for-Elf64_Relr-and-Elf32_Relr.patch \ + file://0001-musl-backport-fix-for-CVE-2025-26519-to-LTS-branches.patch \ " S = "${WORKDIR}/git"