diff mbox series

[kirkstone] musl: backport fix for CVE-2025-26519 to LTS branches

Message ID 20251014161150.9341-1-phanirajkiran.a@gmail.com
State New
Headers show
Series [kirkstone] musl: backport fix for CVE-2025-26519 to LTS branches | expand

Commit Message

Mallapuram Phani raj kiran Oct. 14, 2025, 4:11 p.m. UTC 
---
 ...ackport-fix-for-CVE-2025-26519-to-LT.patch | 52 +++++++++++++++++++
 meta/recipes-core/musl/musl_git.bb            |  1 +
 2 files changed, 53 insertions(+)
 create mode 100644 meta/recipes-core/musl/musl/0001-kirkstone-musl-backport-fix-for-CVE-2025-26519-to-LT.patch
diff mbox series

Patch

diff --git a/meta/recipes-core/musl/musl/0001-kirkstone-musl-backport-fix-for-CVE-2025-26519-to-LT.patch b/meta/recipes-core/musl/musl/0001-kirkstone-musl-backport-fix-for-CVE-2025-26519-to-LT.patch
new file mode 100644
index 0000000000..c65e88535f
--- /dev/null
+++ b/meta/recipes-core/musl/musl/0001-kirkstone-musl-backport-fix-for-CVE-2025-26519-to-LT.patch
@@ -0,0 +1,52 @@ 
+From ae865075dc7e1acd0cb7ee9417758c8e060800ed Mon Sep 17 00:00:00 2001
+From: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com>
+Date: Tue, 14 Oct 2025 20:36:36 +0530
+Subject: [kirkstone] musl: backport fix for CVE-2025-26519 to LTS
+ branches
+
+Fixes [YOCTO #15932]
+
+The musl libc code in LTS (kirkstone) is missing
+the fix addressing CVE-2025-26519.  This patch backports the upstream
+changes (or applies the required fix) so that LTS builds include it.
+
+Reference:
+https://nvd.nist.gov/vuln/detail/CVE-2025-26519
+
+(From OE-Core rev: 0d11c9103f072841baf39166efc133f2a20fc4dc)
+
+Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com>
+Signed-off-by: Gunda Swetha <swetha12g@gmail.com>
+
+Reported-by: Cristian Morales Vega
+---
+ src/locale/iconv.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/locale/iconv.c b/src/locale/iconv.c
+index 3047c27b..0729465e 100644
+--- a/src/locale/iconv.c
++++ b/src/locale/iconv.c
+@@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ 			if (c >= 93 || d >= 94) {
+ 				c += (0xa1-0x81);
+ 				d += 0xa1;
+-				if (c >= 93 || c>=0xc6-0x81 && d>0x52)
++				if (c > 0xc6-0x81 || c>=0xc6-0x81 && d>0x52)
+ 					goto ilseq;
+ 				if (d-'A'<26) d = d-'A';
+ 				else if (d-'a'<26) d = d-'a'+26;
+@@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ 				if (*outb < k) goto toobig;
+ 				memcpy(*out, tmp, k);
+ 			} else k = wctomb_utf8(*out, c);
++			/* This failure condition should be unreachable, but
++			 * is included to prevent decoder bugs from translating
++			 * into advancement outside the output buffer range. */
++			if (k>4) goto ilseq;
+ 			*out += k;
+ 			*outb -= k;
+ 			break;
+-- 
+2.34.1
+
diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb
index 4b85401360..e5feef2cb6 100644
--- a/meta/recipes-core/musl/musl_git.bb
+++ b/meta/recipes-core/musl/musl_git.bb
@@ -15,6 +15,7 @@  PV = "${BASEVER}+git${SRCPV}"
 SRC_URI = "git://git.musl-libc.org/musl;branch=master \
            file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \
            file://0002-ldso-Use-syslibdir-and-libdir-as-default-pathes-to-l.patch \
+           file://0001-kirkstone-musl-backport-fix-for-CVE-2025-26519-to-LT.patch \
           "
 
 S = "${WORKDIR}/git"