diff mbox series

[[openembedded-core,scarthgap] musl: backport fix for CVE-2025-26519 to LTS branches 2/2] [openembedded-core,scarthgap] musl: backport fix for CVE-2025-26519 to LTS branches

Message ID 20251014175311.4547-2-phanirajkiran.a@gmail.com
State New
Headers show
Series [[openembedded-core,scarthgap] musl: backport fix for CVE-2025-26519 to LTS branches 2/2] [openembedded-core,scarthgap] musl: backport fix for CVE-2025-26519 to LTS branches | expand

Commit Message

Mallapuram Phani raj kiran Oct. 14, 2025, 5:53 p.m. UTC 
Fixes [YOCTO #15932]

The musl libc code in LTS (Scarthgap) is missing
the fix addressing CVE-2025-26519.  This patch backports the upstream
changes (or applies the required fix) so that LTS builds include it.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-26519

Upstream-Status:
[https://git.musl-libc.org/cgit/musl/commit/src/locale/iconv.c?id=e5adcd97b5196e29991b524237381a0202a60659]
[https://git.musl-libc.org/cgit/musl/commit/src/locale/iconv.c?id=c47ad25ea3b484e10326f933e927c0bc8cded3da]

(From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b)

Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com>
Signed-off-by: Gunda Swetha <swetha12g@gmail.com>

Reported-by: Cristian Morales Vega
---
 ...ackport-fix-for-CVE-2025-26519-to-LT.patch | 52 +++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 meta/recipes-core/musl/musl/0001-scarthgap-musl-backport-fix-for-CVE-2025-26519-to-LT.patch
diff mbox series

Patch

diff --git a/meta/recipes-core/musl/musl/0001-scarthgap-musl-backport-fix-for-CVE-2025-26519-to-LT.patch b/meta/recipes-core/musl/musl/0001-scarthgap-musl-backport-fix-for-CVE-2025-26519-to-LT.patch
new file mode 100644
index 0000000000..e40e8af83a
--- /dev/null
+++ b/meta/recipes-core/musl/musl/0001-scarthgap-musl-backport-fix-for-CVE-2025-26519-to-LT.patch
@@ -0,0 +1,52 @@ 
+From ae865075dc7e1acd0cb7ee9417758c8e060800ed Mon Sep 17 00:00:00 2001
+From: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com>
+Date: Tue, 14 Oct 2025 20:36:36 +0530
+Subject: [kirkstone] musl: backport fix for CVE-2025-26519 to LTS
+ branches
+
+Fixes [YOCTO #15932]
+
+The musl libc code in LTS (kirkstone) is missing
+the fix addressing CVE-2025-26519.  This patch backports the upstream
+changes (or applies the required fix) so that LTS builds include it.
+
+Reference:
+https://nvd.nist.gov/vuln/detail/CVE-2025-26519
+
+(From OE-Core rev: 7af6b75221d5703ba5bf43c7cd9f1e7a2e0ed20b)
+
+Signed-off-by: Mallapuram Phani raj kiran <phanirajkiran.a@gmail.com>
+Signed-off-by: Gunda Swetha <swetha12g@gmail.com>
+
+Reported-by: Cristian Morales Vega
+---
+ src/locale/iconv.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/locale/iconv.c b/src/locale/iconv.c
+index 3047c27b..0729465e 100644
+--- a/src/locale/iconv.c
++++ b/src/locale/iconv.c
+@@ -495,7 +495,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ 			if (c >= 93 || d >= 94) {
+ 				c += (0xa1-0x81);
+ 				d += 0xa1;
+-				if (c >= 93 || c>=0xc6-0x81 && d>0x52)
++				if (c > 0xc6-0x81 || c>=0xc6-0x81 && d>0x52)
+ 					goto ilseq;
+ 				if (d-'A'<26) d = d-'A';
+ 				else if (d-'a'<26) d = d-'a'+26;
+@@ -538,6 +538,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri
+ 				if (*outb < k) goto toobig;
+ 				memcpy(*out, tmp, k);
+ 			} else k = wctomb_utf8(*out, c);
++			/* This failure condition should be unreachable, but
++			 * is included to prevent decoder bugs from translating
++			 * into advancement outside the output buffer range. */
++			if (k>4) goto ilseq;
+ 			*out += k;
+ 			*outb -= k;
+ 			break;
+-- 
+2.34.1
+