From patchwork Fri Dec 27 10:56:01 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54712
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 37573E77191
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:57:30 +0000 (UTC)
Received: from mta-64-227.siemens.flowmailer.net
 (mta-64-227.siemens.flowmailer.net [185.136.64.227])
 by mx.groups.io with SMTP id smtpd.web11.11066.1735297042544966650
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:57:22 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=c/qe+EoY;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.227,
 mailfrom:
 fm-256628-202412271057206379a10f67b0e55381-ajqyzl@rts-flowmailer.siemens.com)
Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id
 202412271057206379a10f67b0e55381
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:57:20 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=H884qaZQW2s9j9NViL+eYLjhSUk4ZM+EFWnY9MU0jDg=;
 b=c/qe+EoYSygU8Q7FyzmNqKV+wwJA0HZnkgh0ZK6T1IO18G0YE3SUt6St+JbAQNTd8Lpm65
 vfNSSRws+GYFywfzRvuhV9bhd7lzMsNmE7iIlmkXRssYcjTqgudiwFc6kVpibGnL2DM2ysEd
 7EUnBIw9s0APrXUWpU2HR+Q6ORYdV+vgF//tpD4NpgHZBX7hhUxRwCG7jrA3A6NK3EK0qc9M
 C1a4Zo16sWzbVNlYNKFRchKvq8e5NntRJHuuwkqhniDn16Bw6ExzQ6ic2YbLelEiBUkzCZFv
 VJyPSRwYcHKG0yybNZM1EUXoZ5LBWYWoEYf3sZJjmJ0Hp03/Ca7I96OQ==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 01/15] uw-imap: patch CVE-2018-19518
Date: Fri, 27 Dec 2024 11:56:01 +0100
Message-Id: <20241227105615.3303193-2-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:57:30 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114559

From: Peter Marko <peter.marko@siemens.com>

Take patch from Debian from
https://salsa.debian.org/lts-team/packages/uw-imap/-/commit/873b07f46ce40f43bca10ec85fe63a7a0b934294

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../uw-imap/uw-imap/CVE-2018-19518.patch      | 24 +++++++++++++++++++
 .../recipes-devtools/uw-imap/uw-imap_2007f.bb |  1 +
 2 files changed, 25 insertions(+)
 create mode 100644 meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch

diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch b/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch
new file mode 100644
index 0000000000..d942a752b3
--- /dev/null
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap/CVE-2018-19518.patch
@@ -0,0 +1,24 @@
+uw-imap (8:2007f~dfsg-6) unstable; urgency=medium
+
+  * [CVE-2018-19518] 2013_disable_rsh.patch (new): Disable access to IMAP
+    mailboxes through running imapd over rsh, and therefore ssh (Closes:
+    #914632). Code using the library can enable it with tcp_parameters()
+    after making sure that the IMAP server name is sanitized.
+
+ -- Magnus Holmgren <holmgren@debian.org>  Tue, 26 Feb 2019 23:35:43 +0100
+
+CVE: CVE-2018-19518
+Upstream-Status: Inactive-Upstream [lastrelease: 2007]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+
+--- a/src/osdep/unix/Makefile
++++ b/src/osdep/unix/Makefile
+@@ -988,7 +988,7 @@ onceenv:
+ 	 -DMD5ENABLE=\"$(MD5PWD)\" -DMAILSPOOL=\"$(MAILSPOOL)\" \
+ 	 -DANONYMOUSHOME=\"$(MAILSPOOL)/anonymous\" \
+ 	 -DACTIVEFILE=\"$(ACTIVEFILE)\" -DNEWSSPOOL=\"$(NEWSSPOOL)\" \
+-	 -DRSHPATH=\"$(RSHPATH)\" -DLOCKPGM=\"$(LOCKPGM)\" \
++	 -DLOCKPGM=\"$(LOCKPGM)\" \
+ 	 -DLOCKPGM1=\"$(LOCKPGM1)\" -DLOCKPGM2=\"$(LOCKPGM2)\" \
+ 	 -DLOCKPGM3=\"$(LOCKPGM3)\" > OSCFLAGS
+ 	echo $(BASELDFLAGS) $(EXTRALDFLAGS) > LDFLAGS
diff --git a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
index 6df54ee185..54d33379da 100644
--- a/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
+++ b/meta-oe/recipes-devtools/uw-imap/uw-imap_2007f.bb
@@ -17,6 +17,7 @@ SRC_URI = "https://fossies.org/linux/misc/old/imap-${PV}.tar.gz \
            file://0001-Fix-Wincompatible-function-pointer-types.patch \
            file://uw-imap-newer-tls.patch \
            file://uw-imap-fix-incompatible-pointer-types.patch \
+           file://CVE-2018-19518.patch \
            "
 
 SRC_URI[sha256sum] = "53e15a2b5c1bc80161d42e9f69792a3fa18332b7b771910131004eb520004a28"

From patchwork Fri Dec 27 10:56:02 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54713
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2D93AE7718B
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:57:30 +0000 (UTC)
Received: from mta-64-228.siemens.flowmailer.net
 (mta-64-228.siemens.flowmailer.net [185.136.64.228])
 by mx.groups.io with SMTP id smtpd.web10.10946.1735297046194027288
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:57:26 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=I5VHO3Av;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.228,
 mailfrom:
 fm-256628-2024122710572443e8d080bc7258ab51-irvohd@rts-flowmailer.siemens.com)
Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id
 2024122710572443e8d080bc7258ab51
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:57:24 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=i1lx3b/Xduvv7GUf5YcoDPVjLLGtVerXPCMJFXPvh9I=;
 b=I5VHO3AvjsCwlgw11/DSaTHLrdtLTM1tsVa35jmqFaS1KChoBQef5ncgv/WTGwn1qSH6Tm
 qlm4cCiLG9hKlF6d8IzitjWrmMhyrPXUbE79lYGszHkT/Ey2LKGL6/ijy0nY/HghhMArbH1S
 dS9fborl12NwUQG27yK2GzwC3WylL20Aoglja3n9mBuC76bdJxX3xlFWQyWu6iqTIasBB2e6
 92off3wAWWjWTqxhbFMLcAmW/ZhhtyfX0AkcXurqDJ4u1Q/giuUEMIPTu6r8RDqeAF4/EXAk
 aH8bPBLgRUNDWiKu6/eNqjuhOZE7tL8dAtAcTKDAyoP8wN6wN6FNAOJA==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-networking][PATCH 02/15] spice: set CVE-2016-2150 status to
 fixed
Date: Fri, 27 Dec 2024 11:56:02 +0100
Message-Id: <20241227105615.3303193-3-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:57:30 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114560

From: Peter Marko <peter.marko@siemens.com>

Debian has fixed this CVE with [1].
That patch is taken from [2].

.../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git describe 69628ea13
v0.13.1-190-g69628ea1
.../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git tag --contains 69628ea13
v0.13.2

[1] https://sources.debian.org/patches/spice/0.12.5-1%2Bdeb8u5/CVE-2016-2150/0002-improve-primary-surface-parameter-checks.patch/
[2] https://gitlab.freedesktop.org/spice/spice/-/commit/69628ea1375282cb7ca5b4dc4410e7aa67e0fc02

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-networking/recipes-support/spice/spice_git.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-networking/recipes-support/spice/spice_git.bb b/meta-networking/recipes-support/spice/spice_git.bb
index 5e6d8584e3..7900a7dea5 100644
--- a/meta-networking/recipes-support/spice/spice_git.bb
+++ b/meta-networking/recipes-support/spice/spice_git.bb
@@ -22,6 +22,7 @@ SRC_URI = "gitsm://gitlab.freedesktop.org/spice/spice;branch=master;protocol=htt
 S = "${WORKDIR}/git"
 
 CVE_STATUS[CVE-2016-0749] = "fixed-version: patched since 0.13.2"
+CVE_STATUS[CVE-2016-2150] = "fixed-version: patched since 0.13.2"
 CVE_STATUS[CVE-2018-10893] = "fixed-version: patched already, caused by inaccurate CPE in the NVD database."
 
 inherit meson gettext python3native python3-dir pkgconfig

From patchwork Fri Dec 27 10:56:03 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54714
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 538B0E7718B
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:57:40 +0000 (UTC)
Received: from mta-64-228.siemens.flowmailer.net
 (mta-64-228.siemens.flowmailer.net [185.136.64.228])
 by mx.groups.io with SMTP id smtpd.web11.11069.1735297051658574649
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:57:31 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=eVEA8PJv;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.228,
 mailfrom:
 fm-256628-2024122710572963bd6939eb918a7565-e45saa@rts-flowmailer.siemens.com)
Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id
 2024122710572963bd6939eb918a7565
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:57:29 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=aJpS2U3wVN5PCpyphYM+ePAH/76kOOcKWqHP0TeYM7E=;
 b=eVEA8PJv4tSOwJi2U3X9z9yQXK4L/DmEid8jLd24DefcOb5QTrWV6AMCmlSlHejjA6/dLX
 ZHrvWieFUxUNDA4+APj1P0rfKniNRsVqMIOl05+NOj7DBDwwncLUv9pkwy2HFADPGZNMVAXY
 Q7o//uioCMUvjyrxW3uTiPKawFGtkQwyo1QPFulEPQZKg7Lq2xAlxOck27SCCryOuN0kuKkr
 L3nYrYggzkBf6yiBfBL01xCpAPilYX3iKHroo9G66a8mOKzliXy0fHu7Fccej1FxZ6oVLhyw
 pYRSAcZG1BHhPddd/hKbichbXAINcUL0YdgRWQd+qRNxulGKYbIJG0Aw==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 03/15] id3lib: mark CVE-2007-4460 as fixed
Date: Fri, 27 Dec 2024 11:56:03 +0100
Message-Id: <20241227105615.3303193-4-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:57:40 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114561

From: Peter Marko <peter.marko@siemens.com>

This is fixed in id3lib3.8.3_3.8.3-16.2.debian.tar.xz patch included in
SRC_URI.
Version 3.8.3-7 contains patch for this CVE, we use 3.8.3-16.2.
This can be verified by checking the debian/changelog within this patch
or diffing [1] and [2] and verifying that this can be reverse-applied.

[1] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-6.diff.gz
[2] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-7.diff.gz

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb b/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb
index 379c7e1b63..7ae262345b 100644
--- a/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb
+++ b/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb
@@ -14,6 +14,8 @@ SRC_URI[archive.sha256sum] = "2749cc3c0cd7280b299518b1ddf5a5bcfe2d1100614519b687
 SRC_URI[patch.md5sum] = "997c764d3be11c9a51779d93facf1118"
 SRC_URI[patch.sha256sum] = "ac2ee23ec89ba2af51d2c6dd5b1b6bf9f8a9f813de251bc182941439a4053176"
 
+CVE_STATUS[CVE-2007-4460] = "patched: fix is included in debian patch"
+
 inherit autotools
 
 # Unlike other Debian packages, id3lib*.diff.gz contains another series of

From patchwork Fri Dec 27 10:56:04 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54716
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 33BF3E77192
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:57:50 +0000 (UTC)
Received: from mta-64-228.siemens.flowmailer.net
 (mta-64-228.siemens.flowmailer.net [185.136.64.228])
 by mx.groups.io with SMTP id smtpd.web11.11074.1735297060424576841
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:57:40 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=tc2fyMHr;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.228,
 mailfrom:
 fm-256628-202412271057360bd0aeebc1b1072f4d-g6zipe@rts-flowmailer.siemens.com)
Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id
 202412271057360bd0aeebc1b1072f4d
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:57:36 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=M4smZcIhKYD+dzJj9QSfFyax/TfP0NjeLhi44PXylFM=;
 b=tc2fyMHrSDymj/iTXQV5ZdQWUApL6kP9gm86pceKZFNMcZ77sedI4Hyb2zkQyflpFFPPl4
 w/6AWrHrFJMIORIn8dCt1n4Zm29ZSZeShUWZRd78x+znd2a/BushsgynKiUrVcqb3irpHRDA
 lln+msROuU0MOACSCSvCMeHQFjzd6hZJUbaFIlJggHxA3KvfZgxW8bZ8TcZPLYSjJRJ3+0rl
 NW4kaXfwwQs6s0Vq/3DuQ5z3ZKYqcP0974LloQnmlvf6MDX1B0DfhS9eHCdCeyIyNm5hub8x
 /nSMqwU8ucJIXCTQzMFZRRrAFdeE2N14jbyd2pVsSgklJqbpswHAE2Mg==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 04/15] procmail: patch CVE-2014-3618
Date: Fri, 27 Dec 2024 11:56:04 +0100
Message-Id: <20241227105615.3303193-5-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:57:50 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114562

From: Peter Marko <peter.marko@siemens.com>

Take patch from Debian.
https://sources.debian.org/data/main/p/procmail/3.22-20%2Bdeb7u1/debian/patches/CVE-2014-3618.patch

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../procmail/procmail/CVE-2014-3618.patch     | 29 +++++++++++++++++++
 .../recipes-support/procmail/procmail_3.22.bb |  4 ++-
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-support/procmail/procmail/CVE-2014-3618.patch

diff --git a/meta-oe/recipes-support/procmail/procmail/CVE-2014-3618.patch b/meta-oe/recipes-support/procmail/procmail/CVE-2014-3618.patch
new file mode 100644
index 0000000000..b041924361
--- /dev/null
+++ b/meta-oe/recipes-support/procmail/procmail/CVE-2014-3618.patch
@@ -0,0 +1,29 @@
+Description: Fix heap-overflow in formail
+ CVE-2014-3618: Heap-overflow in formail when processing
+ specially-crafted email headers.
+Origin: http://www.openwall.com/lists/oss-security/2014/09/03/8
+Bug-Debian: https://bugs.debian.org/704675
+Bug-Debian: https://bugs.debian.org/760443
+Forwarded: not-needed
+Last-Update: 2014-09-04
+
+CVE: CVE-2014-3618
+Upstream-Status: Inactive-Upstream [lastrelease: 2001]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -84,12 +84,11 @@ normal:	   *target++= *start++;
+ 	case '"':*target++=delim='"';start++;
+       }
+      ;{ int i;
+-	do
++	while(*start)
+ 	   if((i= *target++= *start++)==delim)	 /* corresponding delimiter? */
+ 	      break;
+ 	   else if(i=='\\'&&*start)		    /* skip quoted character */
+ 	      *target++= *start++;
+-	while(*start);						/* anything? */
+       }
+      hitspc=2;
+    }
diff --git a/meta-oe/recipes-support/procmail/procmail_3.22.bb b/meta-oe/recipes-support/procmail/procmail_3.22.bb
index 3623bd7776..efe716ea51 100644
--- a/meta-oe/recipes-support/procmail/procmail_3.22.bb
+++ b/meta-oe/recipes-support/procmail/procmail_3.22.bb
@@ -12,7 +12,9 @@ SRC_URI = "http://www.ring.gr.jp/archives/net/mail/${BPN}/${BP}.tar.gz \
     file://from-debian-to-fix-compile-errors.patch \
     file://from-debian-to-modify-parameters.patch \
     file://from-debian-to-fix-man-file.patch \
-    file://man-file-mailstat.1-from-debian.patch"
+    file://man-file-mailstat.1-from-debian.patch \
+    file://CVE-2014-3618.patch \
+"
 SRC_URI[sha256sum] = "087c75b34dd33d8b9df5afe9e42801c9395f4bf373a784d9bc97153b0062e117"
 
 LICENSE = "GPL-2.0-only & Artistic-1.0"

From patchwork Fri Dec 27 10:56:05 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54717
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 313EEE7718F
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:57:50 +0000 (UTC)
Received: from mta-64-228.siemens.flowmailer.net
 (mta-64-228.siemens.flowmailer.net [185.136.64.228])
 by mx.groups.io with SMTP id smtpd.web11.11074.1735297060424576841
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:57:42 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=lw4shqMe;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.228,
 mailfrom:
 fm-256628-202412271057418b3c13a4f659286a5c-9xdoi6@rts-flowmailer.siemens.com)
Received: by mta-64-228.siemens.flowmailer.net with ESMTPSA id
 202412271057418b3c13a4f659286a5c
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:57:41 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=NTYHsXBf8zAhZ4jQ4kF2oIF+qacHczVSJQLUz8olCWY=;
 b=lw4shqMeB8HNeGnnU1EGvcNg607yGf4q+73l0LC4L5fVrJO3c29Jw6Cd4ioUubebASIzlW
 yzAAgr6gxI5ZxQo2wKTlvESDFq4ApsgmOImlSHFRtGD5km90ewgI1dFE2di3kaK9EZ08QKwi
 bKOSE+L9Fnod9SzTz5Y8VptbWLrmiIQO4jQFMi6gqaFJsl5TnSFq8uCw8+ur4YWwYRU+sGrF
 KtJ7g/UU/nODziqzgRpBNv6YNCyARaJM4ReyoI9GfCizx+YyYb01st07eeY1StnPxTKiCick
 NbaMYEgWPBoslaD9ySbOkmDzCnqHF2ey1yuofL+h04+YwkJt5uAWlNCg==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 05/15] procmail: patch CVE-2017-16844.
Date: Fri, 27 Dec 2024 11:56:05 +0100
Message-Id: <20241227105615.3303193-6-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:57:50 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114563

From: Peter Marko <peter.marko@siemens.com>

Take patch from Debian.
https://sources.debian.org/data/main/p/procmail/3.22-26%2Bdeb10u1/debian/patches/30

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../procmail/procmail/CVE-2017-16844.patch    | 20 +++++++++++++++++++
 .../recipes-support/procmail/procmail_3.22.bb |  1 +
 2 files changed, 21 insertions(+)
 create mode 100644 meta-oe/recipes-support/procmail/procmail/CVE-2017-16844.patch

diff --git a/meta-oe/recipes-support/procmail/procmail/CVE-2017-16844.patch b/meta-oe/recipes-support/procmail/procmail/CVE-2017-16844.patch
new file mode 100644
index 0000000000..6e04989c33
--- /dev/null
+++ b/meta-oe/recipes-support/procmail/procmail/CVE-2017-16844.patch
@@ -0,0 +1,20 @@
+From: Santiago Vila <sanvila@debian.org>
+Subject: Fix heap-based buffer overflow in loadbuf()
+Bug-Debian: http://bugs.debian.org/876511
+X-Debian-version: 3.22-26
+
+CVE: CVE-2017-16844
+Upstream-Status: Inactive-Upstream [lastrelease: 2001]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+
+--- a/src/formisc.c
++++ b/src/formisc.c
+@@ -103,7 +103,7 @@
+ }
+ 							    /* append to buf */
+ void loadbuf(text,len)const char*const text;const size_t len;
+-{ if(buffilled+len>buflen)			  /* buf can't hold the text */
++{ while(buffilled+len>buflen)			  /* buf can't hold the text */
+      buf=realloc(buf,buflen+=Bsize);
+   tmemmove(buf+buffilled,text,len);buffilled+=len;
+ }
diff --git a/meta-oe/recipes-support/procmail/procmail_3.22.bb b/meta-oe/recipes-support/procmail/procmail_3.22.bb
index efe716ea51..59b78c0a6a 100644
--- a/meta-oe/recipes-support/procmail/procmail_3.22.bb
+++ b/meta-oe/recipes-support/procmail/procmail_3.22.bb
@@ -14,6 +14,7 @@ SRC_URI = "http://www.ring.gr.jp/archives/net/mail/${BPN}/${BP}.tar.gz \
     file://from-debian-to-fix-man-file.patch \
     file://man-file-mailstat.1-from-debian.patch \
     file://CVE-2014-3618.patch \
+    file://CVE-2017-16844.patch \
 "
 SRC_URI[sha256sum] = "087c75b34dd33d8b9df5afe9e42801c9395f4bf373a784d9bc97153b0062e117"
 

From patchwork Fri Dec 27 10:56:06 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54715
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 32C50E7718B
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:57:50 +0000 (UTC)
Received: from mta-64-227.siemens.flowmailer.net
 (mta-64-227.siemens.flowmailer.net [185.136.64.227])
 by mx.groups.io with SMTP id smtpd.web10.10951.1735297069531031930
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:57:49 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=ISlK3LRb;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.227,
 mailfrom:
 fm-256628-202412271057477adc4d10ead4b6d897-lzd0qc@rts-flowmailer.siemens.com)
Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id
 202412271057477adc4d10ead4b6d897
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:57:47 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=8fieD5laCA548MeQn953LxnabUAgJZ9Xoo/mcCEMKFg=;
 b=ISlK3LRbl8eW2W+6OU7hnVmdvyHH4tg5rWlokdAndNx/dRL8Xt3Nz6nbETB5LOi4TLwuWX
 9tNnxBzbMIjYDEtQxUmHL0J38BqkgdvkG/jo2KXwlGuarOf6KX6lNUa804aXGeSaCbSTzxT/
 mVe7xFFRzBzvpIATadoZZy2G1ix/MrN3A1T3qdFBQE7Ep2agRdK/lAaQGcZek3lPxVymc/kf
 oRjoCJxykKLR1kSucj+/Mk8RWySuiPKiyG5fEwvO55GgptLOlYoT5Wr5i8nRC+bY7U5BBq8E
 GLtyw0HkKOYg+Rvt+8zFsu9SlyTe13IygBYtTTeVXffNvaWk45XYRKVw==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 06/15] imagemagick: refactor so devtool upgrade works
Date: Fri, 27 Dec 2024 11:56:06 +0100
Message-Id: <20241227105615.3303193-7-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:57:50 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114564

From: Peter Marko <peter.marko@siemens.com>

* move version part after dash to PV
* set git tag regex

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../{imagemagick_7.1.1.bb => imagemagick_7.1.1-26.bb}        | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 rename meta-oe/recipes-support/imagemagick/{imagemagick_7.1.1.bb => imagemagick_7.1.1-26.bb} (99%)

diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-26.bb
similarity index 99%
rename from meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
rename to meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-26.bb
index 5407c4e400..78cbb9ddea 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-26.bb
@@ -9,8 +9,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2f9de66264141265b203cde9902819ea \
 # FIXME: There are many more checked libraries. All should be added or explicitly disabled to get consistent results.
 DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool"
 
-BASE_PV := "${PV}"
-PV .= "-26"
+BASE_PV = "${@d.getVar('PV').split('-')[0]}"
+UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>([0-9][\.|_|-]?)+)"
+
 SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https"
 SRCREV = "570a9a048bb0e3a5c221ca87be9408ae35f711e2"
 

From patchwork Fri Dec 27 10:56:07 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54718
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2A78DE7718B
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:58:00 +0000 (UTC)
Received: from mta-64-227.siemens.flowmailer.net
 (mta-64-227.siemens.flowmailer.net [185.136.64.227])
 by mx.groups.io with SMTP id smtpd.web10.10953.1735297075360169928
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:57:55 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=RaErpGsD;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.227,
 mailfrom:
 fm-256628-202412271057535fe08eb89e37509629-ga61zv@rts-flowmailer.siemens.com)
Received: by mta-64-227.siemens.flowmailer.net with ESMTPSA id
 202412271057535fe08eb89e37509629
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:57:53 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=roaPX3lXbIM6olN99quXiZVeFuNx4TBdXspT0iyNXUM=;
 b=RaErpGsDbMhmi6TmoLoc1XuVowFFOdbTm2PPxzPFbV1omg25Ah+08UPxmKkv0FH25SNqCH
 nuvjV6rrMlN+j7GnlALGYHZKVi+gkxjNlvdYGZLPatKVwPI7RZnBnFTdzBPiQLo8rXKSHIZZ
 f5v7op2VbD+82sk5LVVuxolEuQIYkHPNi2zSMu+xrnJPmC/dUT+SQ/ybVScvFVGvHr4ITbUC
 CPKUZPCnbTOT9HYN8klV2Bv20QCSMnYORNrwz1TFJ49AqLkiJ5AWcoWT+jXCywCn2j8NVdOp
 Z1kenvS6owE1+JO7ge/i3koLTfUnZVYRKZNHWpVH48JcFiA0E2kBCD3w==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 07/15] imagemagick: upgrade 7.1.1-26 -> 7.1.1-43
Date: Fri, 27 Dec 2024 11:56:07 +0100
Message-Id: <20241227105615.3303193-8-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:58:00 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114565

From: Peter Marko <peter.marko@siemens.com>

This fixes at least CVE-2024-41817 (in 7.1.1-36).

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../{imagemagick_7.1.1-26.bb => imagemagick_7.1.1-43.bb}        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-oe/recipes-support/imagemagick/{imagemagick_7.1.1-26.bb => imagemagick_7.1.1-43.bb} (99%)

diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-26.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
similarity index 99%
rename from meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-26.bb
rename to meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
index 78cbb9ddea..f692370de0 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-26.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
@@ -13,7 +13,7 @@ BASE_PV = "${@d.getVar('PV').split('-')[0]}"
 UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>([0-9][\.|_|-]?)+)"
 
 SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=https"
-SRCREV = "570a9a048bb0e3a5c221ca87be9408ae35f711e2"
+SRCREV = "a2d96f40e707ba54b57e7d98c3277d3ea6611ace"
 
 S = "${WORKDIR}/git"
 

From patchwork Fri Dec 27 10:56:08 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54719
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 31209E7718B
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:58:10 +0000 (UTC)
Received: from mta-65-227.siemens.flowmailer.net
 (mta-65-227.siemens.flowmailer.net [185.136.65.227])
 by mx.groups.io with SMTP id smtpd.web11.11081.1735297080185700942
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:58:00 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=XYkbWjLk;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.227,
 mailfrom:
 fm-256628-20241227105758c04f42d445c8937a51-ldeppr@rts-flowmailer.siemens.com)
Received: by mta-65-227.siemens.flowmailer.net with ESMTPSA id
 20241227105758c04f42d445c8937a51
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:57:58 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=V/wkUVrqpPnGo0o9wRAg0KXfLzei1R7+pYahb0uXrpY=;
 b=XYkbWjLkWEokFPpcyx2YLIfdeSQefsg1Pg1cwhrU0mkDUo+0JdfjwgGfvc32H0gulPinAi
 pyoTlglGokbJSmmpnzE4pV3nakFbUob0U+TxDFM3GBajLnt4ju/VeMB3/6ZGcDf4wgolsThh
 PfWardjb7RpfLe+/WXxsmBvfAjtXISio8CL0YOHbkWyXmrJd+6NHzYh1BEp3G43SPZM8VupS
 9v7AsA5wbPKrRSJkzWeNFhsrr5s/YmPelZtNiTFamOA/igFSA65MN/2/qC2u6dI/dZmu72DY
 rTUJg5cIj2thV4p9OHCT4uxqudql1WMEmFcI72UxstxhikjBSL133Bbg==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 08/15] imagemagick: mark CVE-2023-5341 as fixed
Date: Fri, 27 Dec 2024 11:56:08 +0100
Message-Id: <20241227105615.3303193-9-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:58:10 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114566

From: Peter Marko <peter.marko@siemens.com>

This CVE is fixed by
https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1
It is tracked as 'fixed in next version' - 7.1.2 (which does not exist)
in NVD DB.

.../tmp/work/core2-64-poky-linux/imagemagick/7.1.1-43/git$ git describe aa673b2e4defc7cad5bec16c4fc8324f71e531f1 --tags
7.1.1-18-4-gaa673b2e4d
.../tmp/work/core2-64-poky-linux/imagemagick/7.1.1-43/git$ git tag --contains aa673b2e4defc7cad5bec16c4fc8324f71e531f1 | head -n1
7.1.1-19

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
index f692370de0..779bc1fd31 100644
--- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
+++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.1-43.bb
@@ -170,3 +170,4 @@ CVE_STATUS[CVE-2017-5506] = "cpe-incorrect: The current version (7.1.1) is not a
 CVE_STATUS[CVE-2017-5509] = "cpe-incorrect: The current version (7.1.1) is not affected by the CVE which affects versions at least earlier than 7.0.4-4"
 CVE_STATUS[CVE-2017-5510] = "cpe-incorrect: The current version (7.1.1) is not affected by the CVE which affects versions at least earlier than 7.0.4-4"
 CVE_STATUS[CVE-2017-5511] = "cpe-incorrect: The current version (7.1.1) is not affected by the CVE which affects versions at least earlier than 7.0.4-3"
+CVE_STATUS[CVE-2023-5341] = "fixed-version: this is fixed in 7.1.1-19"

From patchwork Fri Dec 27 10:56:09 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54721
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 37DA1E77192
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:58:10 +0000 (UTC)
Received: from mta-65-225.siemens.flowmailer.net
 (mta-65-225.siemens.flowmailer.net [185.136.65.225])
 by mx.groups.io with SMTP id smtpd.web10.10960.1735297085211053054
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:58:05 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=traqacAG;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.225,
 mailfrom:
 fm-256628-202412271058035de38042c297ddc18c-ici6im@rts-flowmailer.siemens.com)
Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id
 202412271058035de38042c297ddc18c
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:58:03 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=2blbZ6/WHoJxL00O9Ezhcu3vpGqkc2G/iGXwVGpab8A=;
 b=traqacAGIEfwbacLbUxuU6XG+1nYFfU78nbZRHoTa54zQzWtsY7xI3cnrzC4+t1EfZl2iH
 1AVwwhCur8RZMmdYH4KPV0aRbp2tVRL3FT9SF6MGTAE0RJXj2Asi3blfPZlRdEJHlKx73gAs
 E4jMTqQCjs/p30mEl7EUi71KByaxAFnZZPPApk3wXsvdwj1V3cjP20RzGcjL4UXrWnh4N5WL
 SlPUvVo9veV5bDWzdvoYNp/c0j8tHkIioslI9H3gIZXrnCbJ7vZU9wjd3Nj83iCYu5LOU7zl
 wj56kJ0GW3+kwnukzUNe3HTr0YP/gpFrU8Bnd0f6lBAEcyYQcgv5Cpeg==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 09/15] libwmf; switched to unofficial fork
Date: Fri, 27 Dec 2024 11:56:09 +0100
Message-Id: <20241227105615.3303193-10-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:58:10 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114567

From: Peter Marko <peter.marko@siemens.com>

Debian has switched to this fork in Bookworm.
If contains dozens of CVE fixes and other bugfixes.
This should make the maintenance of this package easier.

The sources are identical to those abandoned in 2002:
Only in .../tmp/work/core2-64-poky-linux/libwmf/0.2.8.4/libwmf-0.2.8.4/: autom4te.cache
Only in /tmp/caolanm/libwmf/: .git

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb
index 58bfd1f25b..5e530b35de 100644
--- a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb
+++ b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb
@@ -1,5 +1,6 @@
 SUMMARY = "Library for converting WMF files"
-HOMEPAGE = "http://wvware.sourceforge.net/libwmf.html"
+#HOMEPAGE = "http://wvware.sourceforge.net/libwmf.html"
+HOMEPAGE = "https://github.com/caolanm/libwmf"
 SECTION = "libs"
 
 LICENSE = "GPL-2.0-only"
@@ -15,17 +16,14 @@ inherit features_check autotools pkgconfig
 
 REQUIRED_DISTRO_FEATURES = "x11"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/wvware/${BPN}/${PV}/${BPN}-${PV}.tar.gz;name=tarball \
+SRC_URI = "git://github.com/caolanm/libwmf.git;protocol=https;branch=master \
            file://libwmf-0.2.8.4-intoverflow.patch \
            file://libwmf-0.2.8.4-useafterfree.patch \
            file://0001-configure-use-pkg-config-for-freetype.patch \
           "
+SRCREV = "27b4aaf8cf653b4cd2ebe14717ffa9e76560485e"
 
-SRC_URI[tarball.md5sum] = "d1177739bf1ceb07f57421f0cee191e0"
-SRC_URI[tarball.sha256sum] = "5b345c69220545d003ad52bfd035d5d6f4f075e65204114a9e875e84895a7cf8"
-
-UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/wvware/files/libwmf/"
-UPSTREAM_CHECK_REGEX = "${BPN}/(?P<pver>\d+(\.\d+)+)"
+S = "${WORKDIR}/git"
 
 do_install:append() {
     sed -i -e 's@${RECIPE_SYSROOT}@@g' ${D}${bindir}/libwmf-config

From patchwork Fri Dec 27 10:56:10 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54720
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 31239E7718F
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:58:10 +0000 (UTC)
Received: from mta-64-226.siemens.flowmailer.net
 (mta-64-226.siemens.flowmailer.net [185.136.64.226])
 by mx.groups.io with SMTP id smtpd.web10.10961.1735297086262826519
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:58:06 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=s9IPJjz/;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.226,
 mailfrom:
 fm-256628-2024122710580332f0225beac02bf01b-igvnfo@rts-flowmailer.siemens.com)
Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id
 2024122710580332f0225beac02bf01b
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:58:03 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=LJnKvFAlQ0uRi/Q4bL+U+5JAbANslUecTn+lLs9nc2Q=;
 b=s9IPJjz/2T820B9CGiTLjtTH7tEMeJLUUlCYKlhIU95JWyb3bHxroKrDXV3gFqmWd+gYQY
 2WWHH9iO39tt4NNR2rpPvO4GXPOViJgWegagEHMEjdGmgoBGVQm+9wrbL3DM/Hpwaj0I5zH6
 9AB7a5YB66MmG1UmNM2SIsKEdWsydEiXWDu1Y7d8Yel8fDnruLGP/S9VZk1Nvgfs6o3N035c
 ogqJRT70ycN5VJmTQVa13fbnhHipN5okmALUudTCW1wkZ7OzPGdFuFSqG3z0KXzrYCEMIsAA
 /mJDKQ+QXWQbmn7SicC49UpuAu9fotTUdd8Y8y4cHvCYzMqrnG70cGmg==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 10/15] limwmf: upgrade 0.2.8.4 -> 0.2.13
Date: Fri, 27 Dec 2024 11:56:10 +0100
Message-Id: <20241227105615.3303193-11-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:58:10 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114568

From: Peter Marko <peter.marko@siemens.com>

$ git log --oneline | grep CVE
f58c813 merge in fixes for libgd CVE-2019-6978
407a58b CVE-2017-6362
dabcb8c CVE-2016-10168
b691e47 CVE-2016-10167
16919b4 CVE-2016-9317
2208b48 CVE-2016-9011
f47cbdf CVE-2015-4696
b5ae5d1 CVE-2015-4695
879d6bf CVE-2015-0848+CVE-2015-4588
44f37ac CVE-2009-3546
7bd8ce0 CVE-2007-2756
cfc0916 CVE-2007-3477
5ec7547 CVE-2007-3473
fdd21b1 CVE-2007-3472
5588450 CVE-2007-0455
2c84480 CVE-2009-1364, Use-after-free vulnerability
b9cc022 CVE-2006-3376 Integer overflow in player.c

Adaptations:
* removed patches included in new version.
* extended buildpaths fix to pc file
* changed paths from libdir/gtk-2 to libdir/gdk-pixbuf-2.0

Test - built imagemagick (only recipe in meta-openembedded depending
on libwmf) with wmf PACKAGECONFIG.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 ...onfigure-use-pkg-config-for-freetype.patch | 67 -------------------
 .../libwmf/libwmf-0.2.8.4-intoverflow.patch   | 33 ---------
 .../libwmf/libwmf-0.2.8.4-useafterfree.patch  | 16 -----
 .../{libwmf_0.2.8.4.bb => libwmf_0.2.13.bb}   | 18 ++---
 4 files changed, 7 insertions(+), 127 deletions(-)
 delete mode 100644 meta-oe/recipes-extended/libwmf/libwmf/0001-configure-use-pkg-config-for-freetype.patch
 delete mode 100644 meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-intoverflow.patch
 delete mode 100644 meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-useafterfree.patch
 rename meta-oe/recipes-extended/libwmf/{libwmf_0.2.8.4.bb => libwmf_0.2.13.bb} (57%)

diff --git a/meta-oe/recipes-extended/libwmf/libwmf/0001-configure-use-pkg-config-for-freetype.patch b/meta-oe/recipes-extended/libwmf/libwmf/0001-configure-use-pkg-config-for-freetype.patch
deleted file mode 100644
index 21a6f292c8..0000000000
--- a/meta-oe/recipes-extended/libwmf/libwmf/0001-configure-use-pkg-config-for-freetype.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 61655f82224cadb261e81f8bae111eaaa7bdf531 Mon Sep 17 00:00:00 2001
-From: Koen Kooi <koen@dominion.thruhere.net>
-Date: Wed, 6 Aug 2014 14:53:03 +0200
-Subject: [PATCH] configure: use pkg-config for freetype
-
-Upstream-Status: Pending
-Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
----
- configure.ac | 37 ++++++++-----------------------------
- 1 file changed, 8 insertions(+), 29 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 3cfe974..0055a8c 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -399,40 +399,19 @@ AC_ARG_WITH(freetype,[  --with-freetype=DIR     use freetype2 in DIR],[
- 	fi
- ])
- 
--if [ test -n "$FREETYPE_DIR" ]; then
--	AC_PATH_PROG(FREETYPE_CONFIG,freetype-config, ,[$FREETYPE_DIR/bin:$PATH])
--else
--	AC_PATH_PROG(FREETYPE_CONFIG,freetype-config)
--fi
--
--if [ test -n "$FREETYPE_CONFIG" ]; then
--	if [ test -n "$FREETYPE_DIR" ]; then
--		freetype_cflags="`$FREETYPE_CONFIG --cflags` -I$FREETYPE_DIR/include"
--		freetype_libs=`$FREETYPE_CONFIG --libs`
--	else
--		freetype_cflags=`$FREETYPE_CONFIG --cflags`
--		freetype_libs=`$FREETYPE_CONFIG --libs`
--	fi
--else
--	if [ test -n "$FREETYPE_DIR" ]; then
--		freetype_cflags="-I$FREETYPE_DIR/include/freetype2 -I$FREETYPE_DIR/include"
--		freetype_libs="-L$FREETYPE_DIR/lib -lfreetype"
--	else
--		freetype_cflags=""
--		freetype_libs="-lfreetype"
--	fi
--fi
--
--CPPFLAGS="$freetype_cflags $CPPFLAGS"
--LDFLAGS="$LDFLAGS $freetype_libs"
-+PKG_CHECK_MODULES(FREETYPE2, freetype2, 
-+    CFLAGS="$CFLAGS $FREETYPE2_CFLAGS"
-+    LDFLAGS="$LDFLAGS $FREETYPE2_LIBS",
-+    AC_MSG_ERROR([*** Unable to find FreeType2 library (http://www.freetype.org/)])
-+)
- 
- AC_CHECK_LIB(freetype,FT_Init_FreeType,[
--	WMF_FT_LDFLAGS="$freetype_libs"
-+	WMF_FT_LDFLAGS="$FREETYPE2_LIBS"
- ],[	AC_MSG_ERROR([* * * freetype(2) is required * * *])
- ])
- AC_CHECK_HEADER(ft2build.h,[
--	WMF_FT_CFLAGS="$freetype_cflags"
--	WMF_FT_CONFIG_CFLAGS="$freetype_cflags"
-+	WMF_FT_CFLAGS="$FREETYPE2_CFLAGS"
-+	WMF_FT_CONFIG_CFLAGS="$FREETYPE2_CFLAGS"
- ],[	AC_MSG_ERROR([* * * freetype(2) is required * * *])
- ])
- 
--- 
-1.9.0
-
diff --git a/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-intoverflow.patch b/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-intoverflow.patch
deleted file mode 100644
index 4e7cd8887a..0000000000
--- a/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-intoverflow.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Upstream-Status: Pending
-
-http://cvs.fedoraproject.org/viewvc/devel/libwmf/libwmf-0.2.8.4-intoverflow.patch?view=log
-
-CVE-2006-3376 libwmf integer overflow
-
---- libwmf-0.2.8.4.orig/src/player.c	2002-12-10 19:30:26.000000000 +0000
-+++ libwmf-0.2.8.4/src/player.c	2006-07-12 15:12:52.000000000 +0100
-@@ -42,6 +42,7 @@
- #include "player/defaults.h" /* Provides: default settings               */
- #include "player/record.h"   /* Provides: parameter mechanism            */
- #include "player/meta.h"     /* Provides: record interpreters            */
-+#include <stdint.h>
- 
- /**
-  * @internal
-@@ -132,8 +134,14 @@
- 		}
- 	}
- 
--/*	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)-3) * 2 * sizeof (unsigned char));
-- */	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
-+	if (MAX_REC_SIZE(API) > UINT32_MAX / 2)
-+	{
-+		API->err = wmf_E_InsMem;
-+		WMF_DEBUG (API,"bailing...");
-+		return (API->err);
-+	}
-+	
-+ 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
- 
- 	if (ERR (API))
- 	{	WMF_DEBUG (API,"bailing...");
diff --git a/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-useafterfree.patch b/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-useafterfree.patch
deleted file mode 100644
index 9a8cbcb508..0000000000
--- a/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-useafterfree.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Upstream-Status: Pending
-
-
-http://cvs.fedoraproject.org/viewvc/devel/libwmf/libwmf-0.2.8.4-useafterfree.patch?view=log
-Resolves: CVE-2009-1364
-
---- libwmf-0.2.8.4/src/extra/gd/gd_clip.c.CVE-2009-1364-im-clip-list	2009-04-24 04:06:44.000000000 -0400
-+++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c	2009-04-24 04:08:30.000000000 -0400
-@@ -70,6 +70,7 @@ void gdClipSetAdd(gdImagePtr im,gdClipRe
- 	{	more = gdRealloc (im->clip->list,(im->clip->max + 8) * sizeof (gdClipRectangle));
- 		if (more == 0) return;
- 		im->clip->max += 8;
-+                im->clip->list = more;
- 	}
- 	im->clip->list[im->clip->count] = (*rect);
- 	im->clip->count++;
diff --git a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb b/meta-oe/recipes-extended/libwmf/libwmf_0.2.13.bb
similarity index 57%
rename from meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb
rename to meta-oe/recipes-extended/libwmf/libwmf_0.2.13.bb
index 5e530b35de..7a82f6b4b6 100644
--- a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb
+++ b/meta-oe/recipes-extended/libwmf/libwmf_0.2.13.bb
@@ -16,21 +16,17 @@ inherit features_check autotools pkgconfig
 
 REQUIRED_DISTRO_FEATURES = "x11"
 
-SRC_URI = "git://github.com/caolanm/libwmf.git;protocol=https;branch=master \
-           file://libwmf-0.2.8.4-intoverflow.patch \
-           file://libwmf-0.2.8.4-useafterfree.patch \
-           file://0001-configure-use-pkg-config-for-freetype.patch \
-          "
-SRCREV = "27b4aaf8cf653b4cd2ebe14717ffa9e76560485e"
+SRC_URI = "git://github.com/caolanm/libwmf.git;protocol=https;branch=master"
+SRCREV = "9e4737f2293c0d127bda92e5b01896df10571424"
 
 S = "${WORKDIR}/git"
 
 do_install:append() {
-    sed -i -e 's@${RECIPE_SYSROOT}@@g' ${D}${bindir}/libwmf-config
+    sed -i -e 's@${RECIPE_SYSROOT}@@g' ${D}${bindir}/libwmf-config ${D}${libdir}/pkgconfig/libwmf.pc
 }
 
-FILES:${PN}-dbg += "${libdir}/gtk-2.0/2.10.0/loaders/.debug"
-FILES:${PN}-dev += "${libdir}/gtk-2.0/2.10.0/loaders/*.la"
-FILES:${PN}-staticdev += "${libdir}/gtk-2.0/2.10.0/loaders/*.a"
-FILES:${PN} += "${libdir}/gtk-2.0/2.10.0/loaders/*.so"
+FILES:${PN}-dbg += "${libdir}/gdk-pixbuf-2.0/2.10.0/loaders/.debug"
+FILES:${PN}-dev += "${libdir}/gdk-pixbuf-2.0/2.10.0/loaders/*.la"
+FILES:${PN}-staticdev += "${libdir}/gdk-pixbuf-2.0/2.10.0/loaders/*.a"
+FILES:${PN} += "${libdir}/gdk-pixbuf-2.0/2.10.0/loaders/*.so"
 

From patchwork Fri Dec 27 10:56:11 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54722
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 311A5E7718F
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:58:20 +0000 (UTC)
Received: from mta-64-225.siemens.flowmailer.net
 (mta-64-225.siemens.flowmailer.net [185.136.64.225])
 by mx.groups.io with SMTP id smtpd.web10.10963.1735297092307253586
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:58:12 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=Ceh9kNKw;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.225,
 mailfrom:
 fm-256628-2024122710581024183362e97ba18502-6qyxk1@rts-flowmailer.siemens.com)
Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id
 2024122710581024183362e97ba18502
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:58:10 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=T61j0PO1E1RsxpRGYaBxTYfTWp0mih9BPrJ2xVoEvDU=;
 b=Ceh9kNKwFhFXjmV2IQZl4oeAitNTTpQfXFyvjUId/qS+xWnmcGwbeAcWryWIBnUe3kwbqB
 62cutVjgsktiEGKvZd9WtrfV03WTP+ZYwYBCHLfA0gTeXn8esBtPBiu22XirjLiY+8+Gg2MK
 Ucz5CfergL8iyHvz5wo/auGZkA7fzucXnqg1/pwnkOA3yDQOa3vWRR1w+qwFZG1yKwgJ+3jJ
 zBT16Hy8QQbf8QNkBDGebPmT1E/JZA6mWCrbsPfHnHQi/SqWjyKTiYfZgeUg0eyHSD1dDcjE
 ka8v/lZpdiVSrDesoEay6A7SmQcGiS+E7EiFtkNRqe8llSTx728aAx5g==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 11/15] audiofile: fix multiple CVEs
Date: Fri, 27 Dec 2024 11:56:11 +0100
Message-Id: <20241227105615.3303193-12-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:58:20 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114569

From: Peter Marko <peter.marko@siemens.com>

CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/cc00bde57fc20d11f8fa4e8ec5f193c091714c55

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../audiofile/audiofile_0.3.6.bb              |  1 +
 ...ays-check-the-number-of-coefficients.patch | 45 +++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch

diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
index d7181e7b56..2c690437c1 100644
--- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
+++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
@@ -13,6 +13,7 @@ SRC_URI = " \
     file://0001-fix-negative-shift-constants.patch \
     file://0002-fix-build-on-gcc6.patch \
     file://0003-fix-CVE-2015-7747.patch \
+    file://0004-Always-check-the-number-of-coefficients.patch \
 "
 SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782"
 
diff --git a/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch b/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch
new file mode 100644
index 0000000000..282f4c01b9
--- /dev/null
+++ b/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch
@@ -0,0 +1,45 @@
+From c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa@kde.org>
+Date: Mon, 6 Mar 2017 12:51:22 +0100
+Subject: [PATCH] Always check the number of coefficients
+
+When building the library with NDEBUG, asserts are eliminated
+so it's better to always check that the number of coefficients
+is inside the array range.
+
+This fixes the 00191-audiofile-indexoob issue in #41
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+
+CVE: CVE-2017-6827
+CVE: CVE-2017-6828
+CVE: CVE-2017-6832
+CVE: CVE-2017-6833
+CVE: CVE-2017-6835
+CVE: CVE-2017-6837
+Upstream-Status: Inactive-Upstream [lastrelease: 2013]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ libaudiofile/WAVE.cpp | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libaudiofile/WAVE.cpp b/libaudiofile/WAVE.cpp
+index 0e81cf7..61f9541 100644
+--- a/libaudiofile/WAVE.cpp
++++ b/libaudiofile/WAVE.cpp
+@@ -281,6 +281,12 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
+ 
+ 			/* numCoefficients should be at least 7. */
+ 			assert(numCoefficients >= 7 && numCoefficients <= 255);
++			if (numCoefficients < 7 || numCoefficients > 255)
++			{
++				_af_error(AF_BAD_HEADER,
++						"Bad number of coefficients");
++				return AF_FAIL;
++			}
+ 
+ 			m_msadpcmNumCoefficients = numCoefficients;
+ 
+-- 
+2.11.0
+

From patchwork Fri Dec 27 10:56:12 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54724
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 37634E77192
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:58:20 +0000 (UTC)
Received: from mta-65-226.siemens.flowmailer.net
 (mta-65-226.siemens.flowmailer.net [185.136.65.226])
 by mx.groups.io with SMTP id smtpd.web11.11090.1735297095810019207
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:58:16 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=bmE8zWhJ;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226,
 mailfrom:
 fm-256628-20241227105813b9ca338b895b755a07-u9kcj_@rts-flowmailer.siemens.com)
Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id
 20241227105813b9ca338b895b755a07
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:58:14 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=bUORKpNzXywz6MiQ+HW3S/Txkag1+du1gWujKSF4YyE=;
 b=bmE8zWhJvh82SUYpGSYbbpeLXM4IZQj5pP+T/XS35pHlGSWqGIlD6uxf2+mtmdLbhlqBhe
 bgrDH69orTiC7G1o3B/IW9TOF+6GBi4oQVxjMH/BiXVGtpXaXqYtyps2X7XU0vUQig49KSNQ
 q88SIOdRIO/MZwNUH0ypVxoybJFG28LHNay4MZepJ1CUojtg63x7TOwFNeGmD1wz7cxDrd96
 NU7SoVsJ5sUw+xTIaj8drD2pwSbv996DOOleQFLqELhCQZIuKWYkOYmC7tnNZvLJQ4jaB1sq
 PFXsxnnOEIGQCtYO8vKMPECvC0Hqjzr6TPSGHUnpDd9AznI/GTSgBIKA==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 12/15] audiofile: patch CVE-2017-6829
Date: Fri, 27 Dec 2024 11:56:12 +0100
Message-Id: <20241227105615.3303193-13-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:58:20 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114570

From: Peter Marko <peter.marko@siemens.com>

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/434890df2a7c131b40fec1c49e6239972ab299d2

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../audiofile/audiofile_0.3.6.bb              |  1 +
 ...ues-to-fix-index-overflow-in-IMA.cpp.patch | 43 +++++++++++++++++++
 2 files changed, 44 insertions(+)
 create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0005-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch

diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
index 2c690437c1..67c1992cc4 100644
--- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
+++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
@@ -14,6 +14,7 @@ SRC_URI = " \
     file://0002-fix-build-on-gcc6.patch \
     file://0003-fix-CVE-2015-7747.patch \
     file://0004-Always-check-the-number-of-coefficients.patch \
+    file://0005-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch \
 "
 SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782"
 
diff --git a/meta-oe/recipes-multimedia/audiofile/files/0005-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch b/meta-oe/recipes-multimedia/audiofile/files/0005-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
new file mode 100644
index 0000000000..00bb7e597e
--- /dev/null
+++ b/meta-oe/recipes-multimedia/audiofile/files/0005-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
@@ -0,0 +1,43 @@
+From 25eb00ce913452c2e614548d7df93070bf0d066f Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa@kde.org>
+Date: Mon, 6 Mar 2017 18:02:31 +0100
+Subject: [PATCH] clamp index values to fix index overflow in IMA.cpp
+
+This fixes #33
+(also reported at https://bugzilla.opensuse.org/show_bug.cgi?id=1026981
+and https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/)
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+
+CVE: CVE-2017-6829
+Upstream-Status: Inactive-Upstream [lastrelease: 2013]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ libaudiofile/modules/IMA.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libaudiofile/modules/IMA.cpp b/libaudiofile/modules/IMA.cpp
+index 7476d44..df4aad6 100644
+--- a/libaudiofile/modules/IMA.cpp
++++ b/libaudiofile/modules/IMA.cpp
+@@ -169,7 +169,7 @@ int IMA::decodeBlockWAVE(const uint8_t *encoded, int16_t *decoded)
+ 		if (encoded[1] & 0x80)
+ 			m_adpcmState[c].previousValue -= 0x10000;
+ 
+-		m_adpcmState[c].index = encoded[2];
++		m_adpcmState[c].index = clamp(encoded[2], 0, 88);
+ 
+ 		*decoded++ = m_adpcmState[c].previousValue;
+ 
+@@ -210,7 +210,7 @@ int IMA::decodeBlockQT(const uint8_t *encoded, int16_t *decoded)
+ 			predictor -= 0x10000;
+ 
+ 		state.previousValue = clamp(predictor, MIN_INT16, MAX_INT16);
+-		state.index = encoded[1] & 0x7f;
++		state.index = clamp(encoded[1] & 0x7f, 0, 88);
+ 		encoded += 2;
+ 
+ 		for (int n=0; n<m_framesPerPacket; n+=2)
+-- 
+2.11.0
+

From patchwork Fri Dec 27 10:56:13 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54723
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 310A2E7718B
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:58:20 +0000 (UTC)
Received: from mta-65-226.siemens.flowmailer.net
 (mta-65-226.siemens.flowmailer.net [185.136.65.226])
 by mx.groups.io with SMTP id smtpd.web11.11090.1735297095810019207
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:58:17 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=MbxSYHQM;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.226,
 mailfrom:
 fm-256628-20241227105817f69bc38191704ea852-fjjd2d@rts-flowmailer.siemens.com)
Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id
 20241227105817f69bc38191704ea852
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:58:17 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=7qPIj6So0nRyJlwBlG+OR4va1xExmNHJ148LqrTH/io=;
 b=MbxSYHQMgyF1o52FashV0hYt34wkrtjWRa51jPB4yihjghjCcQV7UUedYHsx6wEAbDOpPE
 vgAPTxxRRefb6EarYHDbA+8PDsKIkYOOQI8W2ZW8UxoMEMrWF7ptcCEVQqbvrbnIecGBs0Dp
 oqfxjvODME1ER8ILOpVhDu9Fhe3p+xFGbQK7rrQwxeMD5qhzZpREMbSXM2c/dZx/yAzDPu3K
 Ha0E1hlqIgSt7etp0MzraXr67VgLRSEyifXgmhaTUdwVttLhNBwEQTezdV5jlXZLw8Cd3rVC
 +8PLHoenXmXvL9kq8GY+q3+pI71iSMwRho8JlIEmU3pPvScD3i7hVqYg==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 13/15] audiofile: fix multiple CVEs
Date: Fri, 27 Dec 2024 11:56:13 +0100
Message-Id: <20241227105615.3303193-14-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:58:20 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114571

From: Peter Marko <peter.marko@siemens.com>

CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/4a1a8277bba490d227f413e218138e39f1fe1203

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../audiofile/audiofile_0.3.6.bb              |  1 +
 ...multiplication-overflow-in-sfconvert.patch | 79 +++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0006-Check-for-multiplication-overflow-in-sfconvert.patch

diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
index 67c1992cc4..66194fdc8b 100644
--- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
+++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
@@ -15,6 +15,7 @@ SRC_URI = " \
     file://0003-fix-CVE-2015-7747.patch \
     file://0004-Always-check-the-number-of-coefficients.patch \
     file://0005-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch \
+    file://0006-Check-for-multiplication-overflow-in-sfconvert.patch \
 "
 SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782"
 
diff --git a/meta-oe/recipes-multimedia/audiofile/files/0006-Check-for-multiplication-overflow-in-sfconvert.patch b/meta-oe/recipes-multimedia/audiofile/files/0006-Check-for-multiplication-overflow-in-sfconvert.patch
new file mode 100644
index 0000000000..ec21b09f30
--- /dev/null
+++ b/meta-oe/recipes-multimedia/audiofile/files/0006-Check-for-multiplication-overflow-in-sfconvert.patch
@@ -0,0 +1,79 @@
+From 7d65f89defb092b63bcbc5d98349fb222ca73b3c Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa@kde.org>
+Date: Mon, 6 Mar 2017 13:54:52 +0100
+Subject: [PATCH] Check for multiplication overflow in sfconvert
+
+Checks that a multiplication doesn't overflow when
+calculating the buffer size, and if it overflows,
+reduce the buffer size instead of failing.
+
+This fixes the 00192-audiofile-signintoverflow-sfconvert case
+in #41
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+
+CVE: CVE-2017-6830
+CVE: CVE-2017-6834
+CVE: CVE-2017-6836
+CVE: CVE-2017-6838
+Upstream-Status: Inactive-Upstream [lastrelease: 2013]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ sfcommands/sfconvert.c | 34 ++++++++++++++++++++++++++++++++--
+ 1 file changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/sfcommands/sfconvert.c b/sfcommands/sfconvert.c
+index 80a1bc4..970a3e4 100644
+--- a/sfcommands/sfconvert.c
++++ b/sfcommands/sfconvert.c
+@@ -45,6 +45,33 @@ void printusage (void);
+ void usageerror (void);
+ bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid);
+ 
++int firstBitSet(int x)
++{
++        int position=0;
++        while (x!=0)
++        {
++                x>>=1;
++                ++position;
++        }
++        return position;
++}
++
++#ifndef __has_builtin
++#define __has_builtin(x) 0
++#endif
++
++int multiplyCheckOverflow(int a, int b, int *result)
++{
++#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && __has_builtin(__builtin_mul_overflow))
++	return __builtin_mul_overflow(a, b, result);
++#else
++	if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 32 bits
++		return true;
++	*result = a * b;
++	return false;
++#endif
++}
++
+ int main (int argc, char **argv)
+ {
+ 	if (argc == 2)
+@@ -323,8 +350,11 @@ bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid)
+ {
+ 	int frameSize = afGetVirtualFrameSize(infile, trackid, 1);
+ 
+-	const int kBufferFrameCount = 65536;
+-	void *buffer = malloc(kBufferFrameCount * frameSize);
++	int kBufferFrameCount = 65536;
++	int bufferSize;
++	while (multiplyCheckOverflow(kBufferFrameCount, frameSize, &bufferSize))
++		kBufferFrameCount /= 2;
++	void *buffer = malloc(bufferSize);
+ 
+ 	AFframecount totalFrames = afGetFrameCount(infile, AF_DEFAULT_TRACK);
+ 	AFframecount totalFramesWritten = 0;
+-- 
+2.11.0
+

From patchwork Fri Dec 27 10:56:14 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54726
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 33202E7718B
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:58:30 +0000 (UTC)
Received: from mta-64-225.siemens.flowmailer.net
 (mta-64-225.siemens.flowmailer.net [185.136.64.225])
 by mx.groups.io with SMTP id smtpd.web11.11094.1735297103750963454
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:58:24 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=M9aJECnP;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.64.225,
 mailfrom:
 fm-256628-202412271058225c065a38cf23b8f522-hccmxg@rts-flowmailer.siemens.com)
Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id
 202412271058225c065a38cf23b8f522
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:58:22 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=3hMTVwYbEdEHsJBpdro1b3xStP+apzX6Un0qQlgYL+w=;
 b=M9aJECnPe8BmSBp7TiskBsg/sEuMXUO1lsaLAdMI19bujSXdhNZGN6Qd9ev0BLKo4XSes4
 Vor2VRAFiJM5jZL2tI8f29P+MafGbZL6PKVyZNtW+63PQ+oIicsBvAzx3GluIEGmixwYaMQQ
 gTwx8Skhft0pAMVOsuq2ye7Jvz/6XHGNnLERb/tJERtcOUv74ZEN1HU5JjDqe1bczlBLzH8l
 /zU4xf9oR37O0QZn4PEUI4roX5/aD5oHhHZxKfgJn8rgs1Vr/VUjCH/zlReFhlc0sgRf31J6
 DqHfbBVIOUq+zWqSB3eflWxKV357zPVk/MhSFoOoOdGBjLwRMu8q3MRw==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 14/15] audiofile: patch CVE-2017-6831
Date: Fri, 27 Dec 2024 11:56:14 +0100
Message-Id: <20241227105615.3303193-15-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:58:30 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114572

From: Peter Marko <peter.marko@siemens.com>

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/bd5f84d301c4e74ca200a9336eca88468ec0e1f3

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../audiofile/audiofile_0.3.6.bb              |  1 +
 ...ail-when-error-occurs-in-parseFormat.patch | 46 +++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0007-Actually-fail-when-error-occurs-in-parseFormat.patch

diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
index 66194fdc8b..08709a35e3 100644
--- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
+++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
@@ -16,6 +16,7 @@ SRC_URI = " \
     file://0004-Always-check-the-number-of-coefficients.patch \
     file://0005-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch \
     file://0006-Check-for-multiplication-overflow-in-sfconvert.patch \
+    file://0007-Actually-fail-when-error-occurs-in-parseFormat.patch \
 "
 SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782"
 
diff --git a/meta-oe/recipes-multimedia/audiofile/files/0007-Actually-fail-when-error-occurs-in-parseFormat.patch b/meta-oe/recipes-multimedia/audiofile/files/0007-Actually-fail-when-error-occurs-in-parseFormat.patch
new file mode 100644
index 0000000000..38294ca200
--- /dev/null
+++ b/meta-oe/recipes-multimedia/audiofile/files/0007-Actually-fail-when-error-occurs-in-parseFormat.patch
@@ -0,0 +1,46 @@
+From a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6 Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa@kde.org>
+Date: Mon, 6 Mar 2017 18:59:26 +0100
+Subject: [PATCH] Actually fail when error occurs in parseFormat
+
+When there's an unsupported number of bits per sample or an invalid
+number of samples per block, don't only print an error message using
+the error handler, but actually stop parsing the file.
+
+This fixes #35 (also reported at
+https://bugzilla.opensuse.org/show_bug.cgi?id=1026983 and
+https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/
+)
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+
+CVE: CVE-2017-6831
+Upstream-Status: Inactive-Upstream [lastrelease: 2013]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ libaudiofile/WAVE.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libaudiofile/WAVE.cpp b/libaudiofile/WAVE.cpp
+index 0e81cf7..d762249 100644
+--- a/libaudiofile/WAVE.cpp
++++ b/libaudiofile/WAVE.cpp
+@@ -326,6 +326,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
+ 			{
+ 				_af_error(AF_BAD_NOT_IMPLEMENTED,
+ 					"IMA ADPCM compression supports only 4 bits per sample");
++				return AF_FAIL;
+ 			}
+ 
+ 			int bytesPerBlock = (samplesPerBlock + 14) / 8 * 4 * channelCount;
+@@ -333,6 +334,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
+ 			{
+ 				_af_error(AF_BAD_CODEC_CONFIG,
+ 					"Invalid samples per block for IMA ADPCM compression");
++				return AF_FAIL;
+ 			}
+ 
+ 			track->f.sampleWidth = 16;
+-- 
+2.11.0
+

From patchwork Fri Dec 27 10:56:15 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Marko <peter.marko@siemens.com>
X-Patchwork-Id: 54725
Return-Path: <peter.marko@siemens.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3322FE7718F
	for <webhook@archiver.kernel.org>; Fri, 27 Dec 2024 10:58:30 +0000 (UTC)
Received: from mta-65-228.siemens.flowmailer.net
 (mta-65-228.siemens.flowmailer.net [185.136.65.228])
 by mx.groups.io with SMTP id smtpd.web10.10969.1735297107441145267
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Dec 2024 02:58:27 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=peter.marko@siemens.com header.s=fm1 header.b=iO1ficEo;
 spf=pass (domain: rts-flowmailer.siemens.com, ip: 185.136.65.228,
 mailfrom:
 fm-256628-2024122710582561ccbf9a9e69eda2ed-rqul6_@rts-flowmailer.siemens.com)
Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id
 2024122710582561ccbf9a9e69eda2ed
        for <openembedded-devel@lists.openembedded.org>;
        Fri, 27 Dec 2024 11:58:25 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=fm1;
 d=siemens.com; i=peter.marko@siemens.com;
 h=Date:From:Subject:To:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Cc:References:In-Reply-To;
 bh=BlUkyx4cmWVCpGVzRsGkHe/djLkX+ak5lmlC16p8fuM=;
 b=iO1ficEorSEdNLM2xCRFfmoaS+/V2JXpRgVl88sSuHMCTzaKpe0hjszh/2PGKpgdn5/xSR
 zqucMz88rQKIEn691S9SrteDCgKv9w9KecJ82f6bf12tbC06dbeSI9lDpcwSxfmIyjJfiRcZ
 0p4xFwNVGOca71bhC51/lLrychOwreOVXswBpoDOLoYRf7fZyT4QM+9pVfSnzEPD1JOcFYM1
 EO0GEayo0UAFKxAO6LkMVETeMXjxyzWCIWHXcKITifdkaz73mLclouJSX4Di3g0HKsxfwTfW
 Z48jdeRyAcQvu3oy03Fc9rYR8l6mWL0v2dznKfryV1yqyRwZly17XQzQ==;
From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 15/15] audiofile: patch CVE-2017-6839
Date: Fri, 27 Dec 2024 11:56:15 +0100
Message-Id: <20241227105615.3303193-16-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
X-Flowmailer-Platform: Siemens
Feedback-ID: 519:519-256628:519-21489:flowmailer
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Dec 2024 10:58:30 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/114573

From: Peter Marko <peter.marko@siemens.com>

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/844a7c6281eb442881330a5d36d5a0719f2870bf

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 .../audiofile/audiofile_0.3.6.bb              |   1 +
 ...lication-overflow-in-MSADPCM-decodeS.patch | 126 ++++++++++++++++++
 2 files changed, 127 insertions(+)
 create mode 100644 meta-oe/recipes-multimedia/audiofile/files/0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch

diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
index 08709a35e3..50df31c7b9 100644
--- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
+++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
@@ -17,6 +17,7 @@ SRC_URI = " \
     file://0005-clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch \
     file://0006-Check-for-multiplication-overflow-in-sfconvert.patch \
     file://0007-Actually-fail-when-error-occurs-in-parseFormat.patch \
+    file://0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch \
 "
 SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782"
 
diff --git a/meta-oe/recipes-multimedia/audiofile/files/0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch b/meta-oe/recipes-multimedia/audiofile/files/0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch
new file mode 100644
index 0000000000..857ed78c59
--- /dev/null
+++ b/meta-oe/recipes-multimedia/audiofile/files/0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch
@@ -0,0 +1,126 @@
+From beacc44eb8cdf6d58717ec1a5103c5141f1b37f9 Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa@kde.org>
+Date: Mon, 6 Mar 2017 13:43:53 +0100
+Subject: [PATCH] Check for multiplication overflow in MSADPCM decodeSample
+
+Check for multiplication overflow (using __builtin_mul_overflow
+if available) in MSADPCM.cpp decodeSample and return an empty
+decoded block if an error occurs.
+
+This fixes the 00193-audiofile-signintoverflow-MSADPCM case of #41
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+
+CVE: CVE-2017-6839
+Upstream-Status: Inactive-Upstream [lastrelease: 2013]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ libaudiofile/modules/BlockCodec.cpp |  5 ++--
+ libaudiofile/modules/MSADPCM.cpp    | 47 +++++++++++++++++++++++++++++++++----
+ 2 files changed, 46 insertions(+), 6 deletions(-)
+
+diff --git a/libaudiofile/modules/BlockCodec.cpp b/libaudiofile/modules/BlockCodec.cpp
+index 45925e8..4731be1 100644
+--- a/libaudiofile/modules/BlockCodec.cpp
++++ b/libaudiofile/modules/BlockCodec.cpp
+@@ -52,8 +52,9 @@ void BlockCodec::runPull()
+ 	// Decompress into m_outChunk.
+ 	for (int i=0; i<blocksRead; i++)
+ 	{
+-		decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) + i * m_bytesPerPacket,
+-			static_cast<int16_t *>(m_outChunk->buffer) + i * m_framesPerPacket * m_track->f.channelCount);
++		if (decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) + i * m_bytesPerPacket,
++			static_cast<int16_t *>(m_outChunk->buffer) + i * m_framesPerPacket * m_track->f.channelCount)==0)
++			break;
+ 
+ 		framesRead += m_framesPerPacket;
+ 	}
+diff --git a/libaudiofile/modules/MSADPCM.cpp b/libaudiofile/modules/MSADPCM.cpp
+index 8ea3c85..ef9c38c 100644
+--- a/libaudiofile/modules/MSADPCM.cpp
++++ b/libaudiofile/modules/MSADPCM.cpp
+@@ -101,24 +101,60 @@ static const int16_t adaptationTable[] =
+ 	768, 614, 512, 409, 307, 230, 230, 230
+ };
+ 
++int firstBitSet(int x)
++{
++        int position=0;
++        while (x!=0)
++        {
++                x>>=1;
++                ++position;
++        }
++        return position;
++}
++
++#ifndef __has_builtin
++#define __has_builtin(x) 0
++#endif
++
++int multiplyCheckOverflow(int a, int b, int *result)
++{
++#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && __has_builtin(__builtin_mul_overflow))
++	return __builtin_mul_overflow(a, b, result);
++#else
++	if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 32 bits
++		return true;
++	*result = a * b;
++	return false;
++#endif
++}
++
++
+ // Compute a linear PCM value from the given differential coded value.
+ static int16_t decodeSample(ms_adpcm_state &state,
+-	uint8_t code, const int16_t *coefficient)
++	uint8_t code, const int16_t *coefficient, bool *ok=NULL)
+ {
+ 	int linearSample = (state.sample1 * coefficient[0] +
+ 		state.sample2 * coefficient[1]) >> 8;
++	int delta;
+ 
+ 	linearSample += ((code & 0x08) ? (code - 0x10) : code) * state.delta;
+ 
+ 	linearSample = clamp(linearSample, MIN_INT16, MAX_INT16);
+ 
+-	int delta = (state.delta * adaptationTable[code]) >> 8;
++	if (multiplyCheckOverflow(state.delta, adaptationTable[code], &delta))
++	{
++                if (ok) *ok=false;
++		_af_error(AF_BAD_COMPRESSION, "Error decoding sample");
++		return 0;
++	}
++	delta >>= 8;
+ 	if (delta < 16)
+ 		delta = 16;
+ 
+ 	state.delta = delta;
+ 	state.sample2 = state.sample1;
+ 	state.sample1 = linearSample;
++	if (ok) *ok=true;
+ 
+ 	return static_cast<int16_t>(linearSample);
+ }
+@@ -212,13 +248,16 @@ int MSADPCM::decodeBlock(const uint8_t *encoded, int16_t *decoded)
+ 	{
+ 		uint8_t code;
+ 		int16_t newSample;
++		bool ok;
+ 
+ 		code = *encoded >> 4;
+-		newSample = decodeSample(*state[0], code, coefficient[0]);
++		newSample = decodeSample(*state[0], code, coefficient[0], &ok);
++		if (!ok) return 0;
+ 		*decoded++ = newSample;
+ 
+ 		code = *encoded & 0x0f;
+-		newSample = decodeSample(*state[1], code, coefficient[1]);
++		newSample = decodeSample(*state[1], code, coefficient[1], &ok);
++		if (!ok) return 0;
+ 		*decoded++ = newSample;
+ 
+ 		encoded++;
+-- 
+2.11.0
+