[meta-oe,whinlatter,6/19] lcms: patch CVE-2026-41254

Message ID	20260423124823.1983261-6-ankur.tyagi85@gmail.com
State	New
Headers	show Return-Path: <ankur.tyagi85@gmail.com> ip: 209.85.214.172, mailfrom: ankur.tyagi85@gmail.com) From: ankur.tyagi85@gmail.com To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi <ankur.tyagi85@gmail.com> Subject: [oe][meta-oe][whinlatter][PATCH 6/19] lcms: patch CVE-2026-41254 Date: Fri, 24 Apr 2026 00:48:04 +1200 Message-ID: <20260423124823.1983261-6-ankur.tyagi85@gmail.com> In-Reply-To: <20260423124823.1983261-1-ankur.tyagi85@gmail.com> References: <20260423124823.1983261-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,whinlatter,1/19] jq: Use Git to fetch the code \| expand [meta-oe,whinlatter,1/19] jq: Use Git to fetch the code [meta-oe,whinlatter,2/19] jq: patch CVE-2026-32316 [meta-oe,whinlatter,3/19] jq: patch CVE-2026-33947 [meta-oe,whinlatter,4/19] jq: patch CVE-2026-33948 [meta-oe,whinlatter,5/19] jq: patch CVE-2026-39979 [meta-oe,whinlatter,6/19] lcms: patch CVE-2026-41254 [meta-networking,whinlatter,7/19] libcoap: patch CVE-2026-29013 [meta-oe,whinlatter,8/19] libgphoto2: patch CVE-2026-40333 [meta-oe,whinlatter,9/19] libgphoto2: patch CVE-2026-40334 [meta-oe,whinlatter,10/19] libgphoto2: patch CVE-2026-40335 [meta-oe,whinlatter,11/19] libgphoto2: patch CVE-2026-40336 [meta-oe,whinlatter,12/19] libgphoto2: patch CVE-2026-40338 [meta-oe,whinlatter,13/19] libgphoto2: patch CVE-2026-40339 [meta-oe,whinlatter,14/19] libgphoto2: patch CVE-2026-40340 [meta-oe,whinlatter,15/19] libgphoto2: patch CVE-2026-40341 [meta-oe,whinlatter,16/19] openjpeg: patch CVE-2026-6192 [meta-oe,whinlatter,17/19] protobuf, python3-protobuf: ignore CVE-2026-6409 [meta-python,whinlatter,18/19] python3-grpcio: ignore CVE-2026-33186 [meta-oe,whinlatter,19/19] libsoup-2.4: fix several CVEs

Message ID

20260423124823.1983261-6-ankur.tyagi85@gmail.com

State

New

Headers

From: ankur.tyagi85@gmail.com
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-oe][whinlatter][PATCH 6/19] lcms: patch CVE-2026-41254
Date: Fri, 24 Apr 2026 00:48:04 +1200
Message-ID: <20260423124823.1983261-6-ankur.tyagi85@gmail.com>
In-Reply-To: <20260423124823.1983261-1-ankur.tyagi85@gmail.com>
References: <20260423124823.1983261-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,whinlatter,1/19] jq: Use Git to fetch the code | expand

Commit Message

Ankur Tyagi April 23, 2026, 12:48 p.m. UTC

From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-41254

Backport the patches referenced by the NVD advisory.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../lcms/lcms/CVE-2026-41254_1.patch          | 30 ++++++++++++++++
 .../lcms/lcms/CVE-2026-41254_2.patch          | 36 +++++++++++++++++++
 meta-oe/recipes-support/lcms/lcms_2.16.bb     |  5 ++-
 3 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch
 create mode 100644 meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch

diff --git a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch
new file mode 100644
index 0000000000..7bf46706e5
--- /dev/null
+++ b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_1.patch
@@ -0,0 +1,30 @@ 
+From 524f3df7511b49543a65a7de2a08640777c1b29c Mon Sep 17 00:00:00 2001
+From: Marti Maria <marti.maria@littlecms.com>
+Date: Thu, 19 Feb 2026 09:07:20 +0100
+Subject: [PATCH] Fix integer overflow in CubeSize()
+
+Thanks to @zerojackyi for reporting
+
+(cherry picked from commit da6110b1d14abc394633a388209abd5ebedd7ab0)
+
+CVE: CVE-2026-41254
+Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/cmslut.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/cmslut.c b/src/cmslut.c
+index 1ea61a8..3488d0c 100644
+--- a/src/cmslut.c
++++ b/src/cmslut.c
+@@ -460,7 +460,8 @@ void EvaluateCLUTfloatIn16(const cmsFloat32Number In[], cmsFloat32Number Out[],
+ static
+ cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b)
+ {
+-    cmsUInt32Number rv, dim;
++    cmsUInt32Number dim;
++    cmsUInt64Number rv;
+ 
+     _cmsAssert(Dims != NULL);
+ 
diff --git a/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch
new file mode 100644
index 0000000000..0602258ef5
--- /dev/null
+++ b/meta-oe/recipes-support/lcms/lcms/CVE-2026-41254_2.patch
@@ -0,0 +1,36 @@ 
+From 73ffd45705d368c159bb819ab0b1a033638c3ffe Mon Sep 17 00:00:00 2001
+From: Marti Maria <marti.maria@littlecms.com>
+Date: Thu, 12 Mar 2026 22:57:35 +0100
+Subject: [PATCH] check for overflow
+
+Thanks to Guanni Qu for detecting & reporting the issue
+
+(cherry picked from commit e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc)
+
+CVE: CVE-2026-41254
+Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/cmslut.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/cmslut.c b/src/cmslut.c
+index 3488d0c..f2d0ec4 100644
+--- a/src/cmslut.c
++++ b/src/cmslut.c
+@@ -468,12 +468,12 @@ cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b)
+     for (rv = 1; b > 0; b--) {
+ 
+         dim = Dims[b-1];
+-        if (dim <= 1) return 0;  // Error
+-
+-        rv *= dim;
++        if (dim <= 1) return 0;  
+ 
+         // Check for overflow
+         if (rv > UINT_MAX / dim) return 0;
++
++        rv *= dim;
+     }
+ 
+     // Again, prevent overflow
diff --git a/meta-oe/recipes-support/lcms/lcms_2.16.bb b/meta-oe/recipes-support/lcms/lcms_2.16.bb
index 9422c7330b..c67653757f 100644
--- a/meta-oe/recipes-support/lcms/lcms_2.16.bb
+++ b/meta-oe/recipes-support/lcms/lcms_2.16.bb
@@ -3,7 +3,10 @@  SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=e9ce323c4b71c943a785db90142b228a"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz"
+SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz \
+        file://CVE-2026-41254_1.patch \
+        file://CVE-2026-41254_2.patch \
+"
 SRC_URI[sha256sum] = "d873d34ad8b9b4cea010631f1a6228d2087475e4dc5e763eb81acc23d9d45a51"
 
 DEPENDS = "tiff"

[meta-oe,whinlatter,6/19] lcms: patch CVE-2026-41254

Commit Message

Patch