[scarthgap,43/44] alsa-lib: patch CVE-2026-25068

Message ID	3f04c0186017e4d410498674372517016ffd1bc8.1771943404.git.yoann.congal@smile.fr
State	New
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 43/44] alsa-lib: patch CVE-2026-25068 Date: Tue, 24 Feb 2026 15:32:11 +0100 Message-ID: <3f04c0186017e4d410498674372517016ffd1bc8.1771943404.git.yoann.congal@smile.fr> In-Reply-To: <cover.1771943404.git.yoann.congal@smile.fr> References: <cover.1771943404.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/44] pseudo: Update to include a fix for systems with kernel <5.6 \| expand [scarthgap,01/44] pseudo: Update to include a fix for systems with kernel <5.6 [scarthgap,02/44] avahi: patch CVE-2025-68276 [scarthgap,03/44] avahi: patch CVE-2025-68468 [scarthgap,04/44] avahi: patch CVE-2025-68471 [scarthgap,05/44] avahi: patch CVE-2026-24401 [scarthgap,06/44] libsndfile1: patch CVE-2025-56226 [scarthgap,07/44] mobile-broadband-provider-info: upgrade 20240407 -> 20251101 [scarthgap,08/44] vim: ignore CVE-2025-66476 [scarthgap,09/44] wic/engine: fix copying directories into wic image with ext* partition [scarthgap,10/44] oeqa/selftest/wic: test recursive dir copy on ext partitions [scarthgap,11/44] linux-yocto/6.6: update to v6.6.112 [scarthgap,12/44] linux-yocto/6.6: update to v6.6.114 [scarthgap,13/44] linux-yocto/6.6: update to v6.6.116 [scarthgap,14/44] linux-yocto/6.6: update to v6.6.118 [scarthgap,15/44] linux-yocto/6.6: update to v6.6.119 [scarthgap,16/44] linux-yocto/6.6: update to v6.6.120 [scarthgap,17/44] linux-yocto/6.6: update to v6.6.123 [scarthgap,18/44] weston: fix a touch-calibrator issue [scarthgap,19/44] libevent: merge inherit statements [scarthgap,20/44] go 1.22.12: Fix CVE-2025-61730 [scarthgap,21/44] go 1.22.12: Fix CVE-2025-61726 [scarthgap,22/44] go 1.22.12: Fix CVE-2025-61728 [scarthgap,23/44] go 1.22.12: Fix CVE-2025-61731 [scarthgap,24/44] go 1.22.12: Fix CVE-2025-68119 [scarthgap,25/44] go 1.22.12: Fix CVE-2025-61732 [scarthgap,26/44] go 1.22.12: Fix CVE-2025-68121 [scarthgap,27/44] bind: Upgrade 9.18.41 -> 9.18.44 [scarthgap,28/44] spdx30_tasks: Exclude 'doc' when exporting PACKAGECONFIG to SPDX [scarthgap,29/44] go-vendor: Fix absolute paths issue [scarthgap,30/44] libpng: patch CVE-2026-25646 [scarthgap,31/44] classes/buildhistory: Do not sign buildhistory commits [scarthgap,32/44] openssl: fix CVE-2025-15468 [scarthgap,33/44] openssl: fix CVE-2025-69419 [scarthgap,34/44] scripts/install-buildtools: Update to 5.0.15 [scarthgap,35/44] wic/engine: error on old host debugfs for standalone directory copy [scarthgap,36/44] glib-2.0: patch CVE-2026-1484 [scarthgap,37/44] glib-2.0: patch CVE-2026-1485 [scarthgap,38/44] glib-2.0: patch CVE-2026-1489 [scarthgap,39/44] ffmpeg: ignore CVE-2025-1594 [scarthgap,40/44] libtheora: mark CVE-2024-56431 as not vulnerable yet [scarthgap,41/44] ffmpeg: set status of CVE-2025-25468 [scarthgap,42/44] gnupg: patch CVE-2025-68973 [scarthgap,43/44] alsa-lib: patch CVE-2026-25068 [scarthgap,44/44] u-boot: move CVE patches out of the common .inc file

Message ID

3f04c0186017e4d410498674372517016ffd1bc8.1771943404.git.yoann.congal@smile.fr

State

New

Headers

From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 43/44] alsa-lib: patch CVE-2026-25068
Date: Tue, 24 Feb 2026 15:32:11 +0100
Message-ID: 
 <3f04c0186017e4d410498674372517016ffd1bc8.1771943404.git.yoann.congal@smile.fr>
In-Reply-To: <cover.1771943404.git.yoann.congal@smile.fr>
References: <cover.1771943404.git.yoann.congal@smile.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/44] pseudo: Update to include a fix for systems with kernel <5.6 | expand

Commit Message

Yoann Congal Feb. 24, 2026, 2:32 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Pick patch mentioned in NVD report.
It also includes CVE ID in commit message.

Use older SNDERR funtion as new one is not yet available.
This was copied from Debian patch.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 .../alsa/alsa-lib/CVE-2026-25068.patch        | 34 +++++++++++++++++++
 .../alsa/alsa-lib_1.2.11.bb                   |  1 +
 2 files changed, 35 insertions(+)
 create mode 100644 meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch

diff --git a/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
new file mode 100644
index 00000000000..5ecefc5aae0
--- /dev/null
+++ b/meta/recipes-multimedia/alsa/alsa-lib/CVE-2026-25068.patch
@@ -0,0 +1,34 @@ 
+From 5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40 Mon Sep 17 00:00:00 2001
+From: Jaroslav Kysela <perex@perex.cz>
+Date: Thu, 29 Jan 2026 16:51:09 +0100
+Subject: [PATCH] topology: decoder - add boundary check for channel mixer
+ count
+
+Malicious binary topology file may cause heap corruption.
+
+CVE: CVE-2026-25068
+
+Signed-off-by: Jaroslav Kysela <perex@perex.cz>
+
+Upstream-Status: Backport [https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/topology/ctl.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/topology/ctl.c b/src/topology/ctl.c
+index a0c24518..322c461c 100644
+--- a/src/topology/ctl.c
++++ b/src/topology/ctl.c
+@@ -1247,6 +1247,11 @@ int tplg_decode_control_mixer1(snd_tplg_t *tplg,
+ 	if (mc->num_channels > 0) {
+ 		map = tplg_calloc(heap, sizeof(*map));
+ 		map->num_channels = mc->num_channels;
++		if (map->num_channels > SND_TPLG_MAX_CHAN ||
++		    map->num_channels > SND_SOC_TPLG_MAX_CHAN) {
++			SNDERR("mixer: unexpected channel count %d", map->num_channels);
++			return -EINVAL;
++		}
+ 		for (i = 0; i < map->num_channels; i++) {
+ 			map->channel[i].reg = mc->channel[i].reg;
+ 			map->channel[i].shift = mc->channel[i].shift;
diff --git a/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb b/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb
index c212b17aa3e..e86239ff871 100644
--- a/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb
+++ b/meta/recipes-multimedia/alsa/alsa-lib_1.2.11.bb
@@ -11,6 +11,7 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=a916467b91076e631dd8edb7424769c7 \
 
 SRC_URI = "https://www.alsa-project.org/files/pub/lib/${BP}.tar.bz2 \
            file://0001-topology-correct-version-script-path.patch \
+           file://CVE-2026-25068.patch \
            "
 SRC_URI[sha256sum] = "9f3f2f69b995f9ad37359072fbc69a3a88bfba081fc83e9be30e14662795bb4d"

[scarthgap,43/44] alsa-lib: patch CVE-2026-25068

Commit Message

Patch