mbox series

[meta-oe,kirkstone,00/25] Cherry-picks from Master Batch F

Message ID 20251001135243.1490753-1-skandigraun@gmail.com
Headers show
Series Cherry-picks from Master Batch F | expand

Message

Gyorgy Sarvari Oct. 1, 2025, 1:52 p.m. UTC 
This batch contains only CVE patches and generic recipe fixes (SRC_URI update, dependencies...).

These have been tested so far with x86-64 - testing with other platforms is still underway.
If wnything would fail, will reply to this thread..

Please let me know if you have any questions or comments about these patches.

Thank you.

---

Alexandre Videgrain (1):
  openbox: fix crash on alt+tab with fullscreen app

Bartosz Golaszewski (1):
  python3-nmap: add missing run-time dependencies

Etienne Cordonnier (1):
  fsverity-utils: fix SRC_URI

Gyorgy Sarvari (1):
  nmap: add missing dependency

Jiaying Song (3):
  libconfig: switch source to GitHub repository
  vlock: fix do_fetch error
  softhsm: switch source to GitHub repository

Justin Bronder (1):
  tk: inherit pkgconfig

Khem Raj (1):
  nicstat: Use SOURCEFORGE_MIRROR in SRC_URI

Lee Chee Yang (2):
  libsdl: fix CVE-2022-34568
  x11vnc: Fix CVE-2020-29074

Markus Volk (1):
  p8platform: unbreak do_populate_sdk

Mingli Yu (2):
  dialog: Update the SRC_URI
  minicoredumper: correct the sysvinit service file attribute

Peter Kjellerstedt (1):
  paho-mqtt-cpp: Improve the license information

Peter Marko (8):
  audiofile: fix multiple CVEs
  audiofile: patch CVE-2017-6829
  audiofile: fix multiple CVEs
  audiofile: patch CVE-2017-6831
  audiofile: patch CVE-2017-6839
  libmad: ignore CVE-2017-11552 and CVE-2018-7263
  libmad: patch CVE-2017-8372 and CVE-2017-8373
  libmad: patch CVE-2017-8372 and CVE-2017-8373

Randy MacLeod (1):
  libmad: switch links/SRC_URI to https sites

Soumya Sambu (1):
  gtk+: Fix CVE-2024-6655

 .../paho-mqtt-cpp/paho-mqtt-cpp_1.2.0.bb      |   3 +-
 .../fsverity-utils/fsverity-utils_1.5.bb      |   2 +-
 meta-oe/recipes-devtools/tcltk/tk_8.6.10.bb   |   2 +-
 .../dialog/dialog_1.3-20210509.bb             |   2 +-
 .../libconfig/libconfig_1.7.3.bb              |   9 +-
 .../recipes-extended/nicstat/nicstat_1.95.bb  |   2 +-
 .../p8platform/p8platform_git.bb              |   2 +
 meta-oe/recipes-extended/vlock/vlock_2.2.3.bb |   2 +-
 .../gtk+/gtk+/CVE-2024-6655.patch             |  40 +
 meta-oe/recipes-gnome/gtk+/gtk+_2.24.33.bb    |   1 +
 .../libsdl/libsdl-1.2.15/CVE-2022-34568.patch |  28 +
 .../recipes-graphics/libsdl/libsdl_1.2.15.bb  |   1 +
 ...traversal-issue-in-client_calc_layer.patch |  56 ++
 .../recipes-graphics/openbox/openbox_3.6.1.bb |   1 +
 .../x11vnc/files/CVE-2020-29074.patch         |  27 +
 .../recipes-graphics/x11vnc/x11vnc_0.9.16.bb  |   1 +
 .../minicoredumper/minicoredumper_2.0.1.bb    |   2 +-
 .../audiofile/audiofile_0.3.6.bb              |   5 +
 ...ays-check-the-number-of-coefficients.patch |  45 +
 ...ues-to-fix-index-overflow-in-IMA.cpp.patch |  43 +
 ...multiplication-overflow-in-sfconvert.patch |  79 ++
 ...ail-when-error-occurs-in-parseFormat.patch |  46 +
 ...lication-overflow-in-MSADPCM-decodeS.patch | 126 +++
 .../libmad/CVE-2017-8372_CVE-2017-8373.patch  |  69 ++
 .../libmad/libmad/CVE-2017-8374.patch         | 830 ++++++++++++++++++
 .../libmad/libmad_0.15.1b.bb                  |  12 +-
 meta-oe/recipes-security/nmap/nmap_7.80.bb    |   8 +-
 .../recipes-security/softhsm/softhsm_2.6.1.bb |   5 +-
 28 files changed, 1429 insertions(+), 20 deletions(-)
 create mode 100644 meta-oe/recipes-gnome/gtk+/gtk+/CVE-2024-6655.patch
 create mode 100644 meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2022-34568.patch
 create mode 100644 meta-oe/recipes-graphics/openbox/files/0001-Fix-list-traversal-issue-in-client_calc_layer.patch
 create mode 100644 meta-oe/recipes-graphics/x11vnc/files/CVE-2020-29074.patch
 create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch
 create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0005-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
 create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0006-Check-for-multiplication-overflow-in-sfconvert.patch
 create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0007-Actually-fail-when-error-occurs-in-parseFormat.patch
 create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch
 create mode 100644 meta-oe/recipes-multimedia/libmad/libmad/CVE-2017-8372_CVE-2017-8373.patch
 create mode 100644 meta-oe/recipes-multimedia/libmad/libmad/CVE-2017-8374.patch

Comments

Khem Raj Oct. 1, 2025, 3:55 p.m. UTC | #1 
This series looks good to me.

On Wed, Oct 1, 2025 at 6:52 AM Gyorgy Sarvari via
lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org>
wrote:
>
> This batch contains only CVE patches and generic recipe fixes (SRC_URI update, dependencies...).
>
> These have been tested so far with x86-64 - testing with other platforms is still underway.
> If wnything would fail, will reply to this thread..
>
> Please let me know if you have any questions or comments about these patches.
>
> Thank you.
>
> ---
>
> Alexandre Videgrain (1):
>   openbox: fix crash on alt+tab with fullscreen app
>
> Bartosz Golaszewski (1):
>   python3-nmap: add missing run-time dependencies
>
> Etienne Cordonnier (1):
>   fsverity-utils: fix SRC_URI
>
> Gyorgy Sarvari (1):
>   nmap: add missing dependency
>
> Jiaying Song (3):
>   libconfig: switch source to GitHub repository
>   vlock: fix do_fetch error
>   softhsm: switch source to GitHub repository
>
> Justin Bronder (1):
>   tk: inherit pkgconfig
>
> Khem Raj (1):
>   nicstat: Use SOURCEFORGE_MIRROR in SRC_URI
>
> Lee Chee Yang (2):
>   libsdl: fix CVE-2022-34568
>   x11vnc: Fix CVE-2020-29074
>
> Markus Volk (1):
>   p8platform: unbreak do_populate_sdk
>
> Mingli Yu (2):
>   dialog: Update the SRC_URI
>   minicoredumper: correct the sysvinit service file attribute
>
> Peter Kjellerstedt (1):
>   paho-mqtt-cpp: Improve the license information
>
> Peter Marko (8):
>   audiofile: fix multiple CVEs
>   audiofile: patch CVE-2017-6829
>   audiofile: fix multiple CVEs
>   audiofile: patch CVE-2017-6831
>   audiofile: patch CVE-2017-6839
>   libmad: ignore CVE-2017-11552 and CVE-2018-7263
>   libmad: patch CVE-2017-8372 and CVE-2017-8373
>   libmad: patch CVE-2017-8372 and CVE-2017-8373
>
> Randy MacLeod (1):
>   libmad: switch links/SRC_URI to https sites
>
> Soumya Sambu (1):
>   gtk+: Fix CVE-2024-6655
>
>  .../paho-mqtt-cpp/paho-mqtt-cpp_1.2.0.bb      |   3 +-
>  .../fsverity-utils/fsverity-utils_1.5.bb      |   2 +-
>  meta-oe/recipes-devtools/tcltk/tk_8.6.10.bb   |   2 +-
>  .../dialog/dialog_1.3-20210509.bb             |   2 +-
>  .../libconfig/libconfig_1.7.3.bb              |   9 +-
>  .../recipes-extended/nicstat/nicstat_1.95.bb  |   2 +-
>  .../p8platform/p8platform_git.bb              |   2 +
>  meta-oe/recipes-extended/vlock/vlock_2.2.3.bb |   2 +-
>  .../gtk+/gtk+/CVE-2024-6655.patch             |  40 +
>  meta-oe/recipes-gnome/gtk+/gtk+_2.24.33.bb    |   1 +
>  .../libsdl/libsdl-1.2.15/CVE-2022-34568.patch |  28 +
>  .../recipes-graphics/libsdl/libsdl_1.2.15.bb  |   1 +
>  ...traversal-issue-in-client_calc_layer.patch |  56 ++
>  .../recipes-graphics/openbox/openbox_3.6.1.bb |   1 +
>  .../x11vnc/files/CVE-2020-29074.patch         |  27 +
>  .../recipes-graphics/x11vnc/x11vnc_0.9.16.bb  |   1 +
>  .../minicoredumper/minicoredumper_2.0.1.bb    |   2 +-
>  .../audiofile/audiofile_0.3.6.bb              |   5 +
>  ...ays-check-the-number-of-coefficients.patch |  45 +
>  ...ues-to-fix-index-overflow-in-IMA.cpp.patch |  43 +
>  ...multiplication-overflow-in-sfconvert.patch |  79 ++
>  ...ail-when-error-occurs-in-parseFormat.patch |  46 +
>  ...lication-overflow-in-MSADPCM-decodeS.patch | 126 +++
>  .../libmad/CVE-2017-8372_CVE-2017-8373.patch  |  69 ++
>  .../libmad/libmad/CVE-2017-8374.patch         | 830 ++++++++++++++++++
>  .../libmad/libmad_0.15.1b.bb                  |  12 +-
>  meta-oe/recipes-security/nmap/nmap_7.80.bb    |   8 +-
>  .../recipes-security/softhsm/softhsm_2.6.1.bb |   5 +-
>  28 files changed, 1429 insertions(+), 20 deletions(-)
>  create mode 100644 meta-oe/recipes-gnome/gtk+/gtk+/CVE-2024-6655.patch
>  create mode 100644 meta-oe/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2022-34568.patch
>  create mode 100644 meta-oe/recipes-graphics/openbox/files/0001-Fix-list-traversal-issue-in-client_calc_layer.patch
>  create mode 100644 meta-oe/recipes-graphics/x11vnc/files/CVE-2020-29074.patch
>  create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch
>  create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0005-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
>  create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0006-Check-for-multiplication-overflow-in-sfconvert.patch
>  create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0007-Actually-fail-when-error-occurs-in-parseFormat.patch
>  create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch
>  create mode 100644 meta-oe/recipes-multimedia/libmad/libmad/CVE-2017-8372_CVE-2017-8373.patch
>  create mode 100644 meta-oe/recipes-multimedia/libmad/libmad/CVE-2017-8374.patch
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#120115): https://lists.openembedded.org/g/openembedded-devel/message/120115
> Mute This Topic: https://lists.openembedded.org/mt/115533769/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>