From patchwork Fri May  9 16:16:39 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62704
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 403FBC3ABCC
	for <webhook@archiver.kernel.org>; Fri,  9 May 2025 16:17:24 +0000 (UTC)
Received: from mail-pf1-f179.google.com (mail-pf1-f179.google.com
 [209.85.210.179])
 by mx.groups.io with SMTP id smtpd.web11.2667.1746807443616919591
 for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:23 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=N2B++08v;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f179.google.com with SMTP id
 d2e1a72fcca58-7376e311086so3382959b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1746807443;
 x=1747412243; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PFMgMSz8/0aKHfggeG5i0dYwHquLD4wC0PyHnr38Nas=;
        b=N2B++08vP8Gf4ZtZHQ9cH1Bs/IegrvoPlLBnWjKD3jVKLEjWpxjSHJQTKizFFvnejj
         ySmfTsMwg3UdV/pRRpnzpa41OmPY9k7+Vh3hl2Um+RAkss7nUfF0ZyGx1CAppt/8mTlB
         /AEfJXouF7417pwZlp7BWUYi3s7k30Lu8egendefoeWFSuzyqZMtu1N1XEZonreBYSdd
         d96/ybVSqS75zJXfKWu4iKt5hn+YpfkXU+8Z1D5RMBPptot5sFXAnjo6/oa062npm0Iy
         nqIFXUDMOkTtYVE6M5iViSTiBmCVFWo6JTqGF1Ebi5KWPBdnskWST9/Fu7x09F2YTZlJ
         ZOyA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1746807443; x=1747412243;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=PFMgMSz8/0aKHfggeG5i0dYwHquLD4wC0PyHnr38Nas=;
        b=wzxUdvhq7igMpzTNadFddMkz2gox4WvYiXHgmgvfeu6xGHj2kVwaM9HGKKSmX5NOP6
         t+M9ZgslxQe6Baqvr46TGcXlLldt2+x3QZB3F0DdSi6Eipt3eqUlCchG244DWZF+UTvv
         bwI8hGlFZAinjdky/9027rG86IKXLLYca/aOw8EAw1aLVP/0H+xy6+mMctokE/XoG8Fp
         /4TPfcuxjKACKmYN1tLo+ExoB5hd70ybzOG2C63k+yP9zJUorL2fPpF69nB7jTggkk3J
         qKTD7q9OqZUZkXfzYsBEi1XkIIVxz2Uxk8AzM1mC0jToXN/gUcVdK/yLG2fY+mSkUFPr
         cpag==
X-Gm-Message-State: AOJu0YzE3NjOy+9kQTfw6tW2mO0u1oLAD0TkKHSmj6FsShQRdWevYob8
	QhMkknNPh0Xxmw1K0E+ydvHWlzGbCxygRBnBgaou+XLl4A1729pvOLM8J4L/noHozZ5wU7w6JJL
	P
X-Gm-Gg: ASbGncs2xEIbjrIAgne399L3tJGxjabCqTHwaBixLg8oYN6v7/caxeGKQxbWn4HF44b
	3+dnWIJpEl5zqpSwxK2wkjbOC2hO8pn8k7PBJLZsXKiTEDoa4wpJVGLgNk2l8fH7hPL2xOSVq1E
	3LpJgc2EnMTR3m1Uue5eyiR1aS2Twf1WOi94X2tk+GeQkrk3Zi+eD9wzSJRnuY0eNKg2LzAC+p9
	jp9gblKJZUXP4r9qv4SG6naSt2951rOHt1jv1JOkEOtF8/nVrsvdzxBeT4mEQWxMd7OMJcn3Kw4
	lgs0QgR0lozKpGr9OZ8BvPvGvoC66fUyreQCx0kbAXc=
X-Google-Smtp-Source: 
 AGHT+IFyaGIn8j4xCZ87l+zTif9F2SqrJxG6dBafg0umIRAQDQLusiCzQf/suaY+59NjQUsApMUbdg==
X-Received: by 2002:a05:6a20:3d81:b0:1f5:8a1d:3905 with SMTP id
 adf61e73a8af0-215abb54c9fmr6506943637.7.1746807442892;
        Fri, 09 May 2025 09:17:22 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:1912:b658:11a7:402c])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-742377050fesm1919134b3a.24.2025.05.09.09.17.22
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 May 2025 09:17:22 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 1/6] ghostscript: ignore CVE-2025-27837
Date: Fri,  9 May 2025 09:16:39 -0700
Message-ID: 
 <fb5dc4a476bc4054493d6a7eb64a423e3665afb9.1746806788.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1746806788.git.steve@sakoman.com>
References: <cover.1746806788.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 09 May 2025 16:17:24 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216237

From: Peter Marko <peter.marko@siemens.com>

This CVE only impacts codepaths relevant for Windows builds.
Se [1] from Debian which marks it as not applicable.

[1] https://security-tracker.debian.org/tracker/CVE-2025-27837

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 3d4ac77cfa..fd0506f438 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -26,6 +26,8 @@ CVE_CHECK_IGNORE += "CVE-2013-6629"
 CVE_CHECK_IGNORE += "CVE-2023-38560 CVE-2024-46954"
 # Vulnerable code was introduced in 9.56.0, so 9.55.0 is not affected yet
 CVE_CHECK_IGNORE += "CVE-2025-27833"
+# Only impacts codepaths relevant for Windows builds
+CVE_CHECK_IGNORE += "CVE-2025-27837"
 
 def gs_verdir(v):
     return "".join(v.split("."))

From patchwork Fri May  9 16:16:40 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62708
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 21A3FC3ABC3
	for <webhook@archiver.kernel.org>; Fri,  9 May 2025 16:17:34 +0000 (UTC)
Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com
 [209.85.210.175])
 by mx.groups.io with SMTP id smtpd.web10.2675.1746807445315944077
 for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:25 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=p0lz6DgM;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f175.google.com with SMTP id
 d2e1a72fcca58-73bf5aa95e7so2546290b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1746807444;
 x=1747412244; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=OGu27gG0l4xz4akIsue4WxgAyvhX0ZUJ62UrIZu72ls=;
        b=p0lz6DgMgk5stbalGddwAo3yngNsSCmUMsyc5ETCfL/wuZirhoD8vn9DLpS7ereH6t
         V9v8hWjB2Bo2zEjvu0mbOlB8ugduLrrfbNzYCfYqCgka72wuwk7JAnng1MZulFEHqaOO
         9pbuj9Fp8cqrdo93WexNwQHf5cjMPEmqW7sJkjuKfj8LZyRKhoQh6DnJJ6LICulpi7C3
         6HRooCbWB9DjcVetIQKUjdlOH6a80STys5I0bAmhJTDWNd6rfYy432jsBOH9uryVdgoL
         S6rHHcT5dmg+rc9fgVrJehK9N5X11GiSfdSFyqwJFeWkNnJW9vDNwi672ES5e+QHCSdV
         lM2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1746807444; x=1747412244;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=OGu27gG0l4xz4akIsue4WxgAyvhX0ZUJ62UrIZu72ls=;
        b=DBYHJKuELB2LrPdbNe01yknTs4Fb8JuE0iT6WVSUhGSqFuAi2C8RxHz9gQqB/5xtTK
         HJQKXGfPwNfYB/1t8xaQ3EkMKIMqOIlb1s7+zunsJ8T5EAkvGSjQJEqjDx9qP884SmiP
         BNNY5rRbqAWFUqdi5ZoXcdtPAnXxIczSe0o0fNqTO2AoUR1Y5shCmOOeSYoT4Kzjs4wk
         aTBPGXOLt2FXLaF3BUXFWojJ2jYmMW1hsHgxkVGVz2JTpQ6eFB3wWaE+pqwUAd8ag+gD
         qP4NBYFD0VPhewxcP9J5fdrLdXtI/9Xyp4OttUGc2hYSxzr6XxUJG7hgTtSTBkgIQ018
         s+fg==
X-Gm-Message-State: AOJu0YzKxkFk3Em3wPwt71smOqqrAKsh879ys0b7ZBHlBGNjMIepXQlV
	rIEPSx5AL3vh5FBLhMS97oSvZbhQZoT6L8j49q785dNrd1SzY1+9kn+JbFSVfPDR8YSrXQDdX8r
	a
X-Gm-Gg: ASbGncsXhHF51FvpKZOgCKSV8qNFoz1dJ/CPckEvIsXmuoiHyi1Xgjf1/pAA/uG+FGi
	gNFVDHRu2IhJtzOsjRTu5ptpClge0fftVWNoTZ3xsvbnhbmntEHe1Z7FBlsAKZVov28qC5fjUpe
	rAPD9pmS5xp4dA/rPaXF1SgRTQzZzz4k4vTphGKZsnrCOldEOkHkblKHNxK9ztcGSR0OxPON9/N
	qUTPsgxJDG65Cw34P0pzlH45gITepc9XF5QjxxMs3jNLuZMfgpqNv2im8qENaiBVA4vExp+3VpB
	QjzCYD/TmHchr2+IW7D96eAsZhjC6m8U
X-Google-Smtp-Source: 
 AGHT+IGfPZwVKiPYUyDSbClYyWJcD7OaVBJRuGIpIQKpZMIaBIrm0XBH7qhiPNSQZurqEWKGG4K+CQ==
X-Received: by 2002:a05:6a00:a10:b0:740:b372:be5 with SMTP id
 d2e1a72fcca58-7423bd653a4mr4982945b3a.9.1746807444412;
        Fri, 09 May 2025 09:17:24 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:1912:b658:11a7:402c])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-742377050fesm1919134b3a.24.2025.05.09.09.17.23
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 May 2025 09:17:24 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 2/6] ghostscript: ignore CVE-2024-29507
Date: Fri,  9 May 2025 09:16:40 -0700
Message-ID: 
 <5c9f3c244971aadee65a98d83668e3d5d63825a0.1746806788.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1746806788.git.steve@sakoman.com>
References: <cover.1746806788.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 09 May 2025 16:17:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216238

From: Peter Marko <peter.marko@siemens.com>

Fix for this CVE is [3] (per [1] and [2]).
It fixes cidfsubstfont handling which is not present in 9.55.0 yet.
It was introduced (as cidsubstpath) in 9.56.0 via [4] and later modified
to cidfsubstfont in [5].
Since this recipe has version 9.55.0, mark it as not affected yet.

[1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7745dbe24514710b0cfba925e608e607dee9eb0f
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-29507
[3] https://security-tracker.debian.org/tracker/CVE-2024-29507
[4] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=82efed6cae8b0f2a3d10593b21083be1e7b1ab23
[5] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=4422012f6b40f0627d3527dba92f3a1ba30017d3

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index fd0506f438..e872fbe88c 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -25,7 +25,7 @@ CVE_CHECK_IGNORE += "CVE-2013-6629"
 # Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe.
 CVE_CHECK_IGNORE += "CVE-2023-38560 CVE-2024-46954"
 # Vulnerable code was introduced in 9.56.0, so 9.55.0 is not affected yet
-CVE_CHECK_IGNORE += "CVE-2025-27833"
+CVE_CHECK_IGNORE += "CVE-2024-29507 CVE-2025-27833"
 # Only impacts codepaths relevant for Windows builds
 CVE_CHECK_IGNORE += "CVE-2025-27837"
 

From patchwork Fri May  9 16:16:41 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62707
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3D079C3ABCE
	for <webhook@archiver.kernel.org>; Fri,  9 May 2025 16:17:34 +0000 (UTC)
Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com
 [209.85.210.174])
 by mx.groups.io with SMTP id smtpd.web11.2670.1746807446922827499
 for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:26 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=e38jlfjF;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f174.google.com with SMTP id
 d2e1a72fcca58-7394945d37eso2139787b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1746807446;
 x=1747412246; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=MYPj4sELtSNWEv1K9mazK6fUdo3lVb169EizBwCDxzs=;
        b=e38jlfjF6MxWz0y7NYw2NV6cIFp2AoDhPhXDb5aiYPedN6UZhBxO0KrlQtKiQQ7vHU
         i47YPAnB/FohZ7S/3PzKp08/8r3TBlO2FPlQ7qPjA7i750vV08RnHUo1AYnS9uxbL5U7
         AuLFURVmOsw92QHI2iLPV9I5BwMI2CwOkdTgl+sC+a8YEPKOlgrPBBLTKNjZg+sNFxJJ
         azATg6o9UiKD+hl3/sPt+M8kONHC9kzeBydfPeSWUWHdKfdORQ4YvDClJWAQ58cQ8LSu
         6P4h63hMMF1JZKlQIw8B0JocHb/vbo88nTc0UW6hz02ZwW1Hx5NaGLBa4Gwtxc0H0wN8
         +1pg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1746807446; x=1747412246;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=MYPj4sELtSNWEv1K9mazK6fUdo3lVb169EizBwCDxzs=;
        b=ip6Z49F5bQJ/+tKtSDACnlp0ehGhOO1XpFbIvdmkjDpfbvYJzaIIS/sZVxMLUYIsnD
         kN3iOWQPWKYfU4gwB/J6LR7HqZ9FSBKkvSfamRqzKvM0zER2BAQXYme3llvYNLsyPjqO
         zD+cq1Do6aMyXgw5fPSc6lR9XOCX1wxgN4PIazWoSXpZgsaU+sJFQUo1inabDPzWK1Ml
         3hP1NKWkTnbsjRPFGJZf1OmAq3mh7nWeWniAkrOlnJj2kpJn/AvbMze/UWm4/xFc7idU
         E5lZQzP6UPykD7SSIiFTAHnLbMip48DZbB4MmU78LC1whI2/jZ7QwcVTvOXt6TXQQq5+
         MCsA==
X-Gm-Message-State: AOJu0YyJlLGZG0xe0R1gmbLl0maI329bx/M0aF1sEYrx2Iw8zsPYMXMG
	ZpOFr6KcpjhA2Fw942MWkPA4lPRgrl2MyFIRVTKcOl2a/yUphGOdf89LtpWUFbTjy5dl6qSe7JR
	O
X-Gm-Gg: ASbGncuR1gXbUsTAhc/4rFw3VqUGQRywFUwyLtNunCfdmeMxbUiZyM+TAld6eFz1MU2
	oFK3YYebz5jkU09RYRGPVrYD0tS8epoqb7qIPv0S8bEb2n4CgSaCoIQu5KYodJloPeq6iggf8EY
	A/OWcuUOS6bjRM0WqXJPWHYjZeMOphakv0Z80t/WvDsBXXsFoovTBbjUbMII3nKFhF5gYPOkEiv
	uNkYgDbvpgE9uI8vePZRnchu4Od/fA9gMmU814utR8BrTmGOQQfxvbhd9IOmY9jj9KZcsjUX+xs
	sygqX6rfe16AaaADyyrOzs7DIWTCZ00U
X-Google-Smtp-Source: 
 AGHT+IEDI5qopn0c6KhSOqouFaZJntW8vAgf/Ym8ZScf3guUZEmEGncnwLrzJ4GPRWg97bc6Gk9j4w==
X-Received: by 2002:a05:6a21:3a88:b0:1f5:9069:e563 with SMTP id
 adf61e73a8af0-215abb397e9mr5485195637.21.1746807446080;
        Fri, 09 May 2025 09:17:26 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:1912:b658:11a7:402c])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-742377050fesm1919134b3a.24.2025.05.09.09.17.25
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 May 2025 09:17:25 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 3/6] connman :fix CVE-2025-32743
Date: Fri,  9 May 2025 09:16:41 -0700
Message-ID: 
 <ece0fb01bf28fa114f0a6e479491b4b6f565c80c.1746806788.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1746806788.git.steve@sakoman.com>
References: <cover.1746806788.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 09 May 2025 16:17:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216239

From: Praveen Kumar <praveen.kumar@windriver.com>

In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c
can be NULL or an empty string when the TC (Truncated) bit is set in
a DNS response. This allows attackers to cause a denial of service
(application crash) or possibly execute arbitrary code, because those
lookup values lead to incorrect length calculations and incorrect
memcpy operations.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32743

Upstream-patch:
https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f

Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../connman/connman/CVE-2025-32743.patch      | 43 +++++++++++++++++++
 .../connman/connman_1.41.bb                   |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch

diff --git a/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch b/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch
new file mode 100644
index 0000000000..8656b37bd3
--- /dev/null
+++ b/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch
@@ -0,0 +1,43 @@
+From d90b911f6760959bdf1393c39fe8d1118315490f Mon Sep 17 00:00:00 2001
+From: Praveen Kumar <praveen.kumar@windriver.com>
+Date: Thu, 24 Apr 2025 11:39:29 +0000
+Subject: [PATCH] dnsproxy: Fix NULL/empty lookup causing potential crash
+
+In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c
+can be NULL or an empty string when the TC (Truncated) bit is set in
+a DNS response. This allows attackers to cause a denial of service
+(application crash) or possibly execute arbitrary code, because those
+lookup values lead to incorrect length calculations and incorrect
+memcpy operations.
+
+This patch includes a check to make sure loookup value is valid before
+using it. This helps avoid unexpected value when the input is empty or
+incorrect.
+
+Fixes: CVE-2025-32743
+
+CVE: CVE-2025-32743
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f]
+
+Signed-off-by: Praveen Kumar <praveen.kumar@windriver.com>
+---
+ src/dnsproxy.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/dnsproxy.c b/src/dnsproxy.c
+index cf1d36c..334dd00 100644
+--- a/src/dnsproxy.c
++++ b/src/dnsproxy.c
+@@ -1615,6 +1615,9 @@ static int ns_resolv(struct server_data *server, struct request_data *req,
+	char *dot, *lookup = (char *) name;
+	struct cache_entry *entry;
+
++	if (!lookup || strlen(lookup) == 0)
++		return -EINVAL;
++
+	entry = cache_check(request, &type, req->protocol);
+	if (entry) {
+		int ttl_left = 0;
+--
+2.40.0
diff --git a/meta/recipes-connectivity/connman/connman_1.41.bb b/meta/recipes-connectivity/connman/connman_1.41.bb
index 27b28be41c..caf0610c3f 100644
--- a/meta/recipes-connectivity/connman/connman_1.41.bb
+++ b/meta/recipes-connectivity/connman/connman_1.41.bb
@@ -9,6 +9,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \
            file://CVE-2022-32293_p2.patch \
            file://CVE-2022-32292.patch \
            file://CVE-2023-28488.patch \
+           file://CVE-2025-32743.patch \
            "
 
 SRC_URI:append:libc-musl = " file://0002-resolve-musl-does-not-implement-res_ninit.patch"

From patchwork Fri May  9 16:16:42 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62709
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 32265C3ABCD
	for <webhook@archiver.kernel.org>; Fri,  9 May 2025 16:17:34 +0000 (UTC)
Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com
 [209.85.210.177])
 by mx.groups.io with SMTP id smtpd.web10.2678.1746807448995702620
 for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:29 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=1l2aNzuf;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f177.google.com with SMTP id
 d2e1a72fcca58-736c277331eso3105514b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1746807448;
 x=1747412248; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=oeaclxEUQce0hDgu+eMk8FUUtf88ErpM48v04G1X71A=;
        b=1l2aNzufIyOZnlM3JMAYO7Zud0jni2RCta2kn682Sdb2x9SQ3aIkCmOLuQiyguddh8
         8sR2O6VpBW5wDun68damxl9NRQUY3pQQj3bUJADJLjxqpZwfCQG6jJgJTfmMytjfqIg4
         Py7pKmm+EpvgDpDqNZRZHK2Gv+ZbdjTx+iz5tqh0ekwGOM4lhXaJi2//waepwE30/AsI
         fjofLH6Qo9ZZykXnnsRfuFwzH4jzHDM0Iku2KlKyLmEc+kC1BwGIfo1bNSho2fdUTxce
         SFDlMb/Hv7HXvZwcGoMArUh9nINCMr5Exw6XClfkmomhTeHcAbiZZ1Eg9OmQZzKMNWVV
         ncyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1746807448; x=1747412248;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=oeaclxEUQce0hDgu+eMk8FUUtf88ErpM48v04G1X71A=;
        b=hCBHi1r3O0IkEgSX1hdsrOO4shblvtkfQk+4tHzNhH7FnVHVWlNRrtiav7CV4qZrIp
         9aMEF/7HSrPYh4IH5DTltL40mpx0JVOFmHi3RIT0kTcQKkxz4JP1M0Pr3z+9H2yquKcT
         DztxMnA6RZfwIAslhA3EB/A/dYptMALS3X1zch3zobOcGZ4G+hUTUNoDhGSgPJdC0Vd2
         q4ZDFyqt8V62WLg1hSbrYTzUHRhTk8U05cF7y3uEC/kGYqb7au5CLBZ/cjrkQMrx14zy
         4mpPU3R8dAtut56X5HYy/QEa+Ul0Vi7HCfBsX2dZZbVsInmsO4W2+N0gIzxfCKP7pbjx
         3c/w==
X-Gm-Message-State: AOJu0YyYpjXl0cCmSaZFU+1KBvUe8T5WAUQK4YrcwqHtsMDLVkA+jwL1
	cPMTpaxO2BulZJVtMqdbCIm58FPdfhuGW/WQHEviA8deJDcMf2wtG/UB5HAfgRqgaFhLD9MTge9
	x
X-Gm-Gg: ASbGncsFHDDTubduTkSbEH5UhhG3TKyRXEqz943pLCQ0H3jR6O6AADENDkRhBVMeP1p
	B1UnJSWUqZu3jj4VowatR/k9BPtIe8OhCFMlKeHHlX8rq/4DtKr2PJ3V64nGKJbWW7tmGE2DRjF
	pzqHjxl7PeKXD2g1OEpTjFrngtkUDoeEBgyLwVKaYLO0dhqexQnc4x6lgJyBoyLVwY2jjxQR++4
	4PSZYiWwg3TxRoJyp2z5pMrpk4JIPAl+zR9TFRgAjz+vyb3PuhTv19i7UFv9sh77OhIzRxt5DLz
	WwNgwik6W2P38uEapZO1R5/1/iygACl+
X-Google-Smtp-Source: 
 AGHT+IEXI/C1/TrlnMPoh0WqJ/JB3fwTFpHaLuf1XTcVfR6Bo8lKrU1mr7odOlEI9T/GSPGMyMbIAg==
X-Received: by 2002:a05:6a20:3d07:b0:1e1:a449:ff71 with SMTP id
 adf61e73a8af0-215ab4aba06mr5563302637.1.1746807448059;
        Fri, 09 May 2025 09:17:28 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:1912:b658:11a7:402c])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-742377050fesm1919134b3a.24.2025.05.09.09.17.27
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 May 2025 09:17:27 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 4/6] busybox: fix CVE-2023-39810
Date: Fri,  9 May 2025 09:16:42 -0700
Message-ID: 
 <c0b71ec35716a512915b00808a26f77481db0e0a.1746806788.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1746806788.git.steve@sakoman.com>
References: <cover.1746806788.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 09 May 2025 16:17:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216240

From: Hitendra Prajapati <hprajapati@mvista.com>

Upstream-Status: Backport from https://git.busybox.net/busybox/commit/?id=9a8796436b9b0641e13480811902ea2ac57881d3

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../busybox/busybox/CVE-2023-39810.patch      | 131 ++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.35.0.bb   |   1 +
 2 files changed, 132 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-39810.patch

diff --git a/meta/recipes-core/busybox/busybox/CVE-2023-39810.patch b/meta/recipes-core/busybox/busybox/CVE-2023-39810.patch
new file mode 100644
index 0000000000..0e7dec4f80
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2023-39810.patch
@@ -0,0 +1,131 @@
+From 9a8796436b9b0641e13480811902ea2ac57881d3 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Wed, 2 Oct 2024 10:12:05 +0200
+Subject: archival: disallow path traversals (CVE-2023-39810)
+
+Create new configure option for archival/libarchive based extractions to
+disallow path traversals.
+As this is a paranoid option and might introduce backward
+incompatibility, default it to no.
+
+Fixes: CVE-2023-39810
+
+Based on the patch by Peter Kaestle <peter.kaestle@nokia.com>
+
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=9a8796436b9b0641e13480811902ea2ac57881d3]
+CVE: CVE-2023-39810
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ archival/Config.src                        | 11 +++++++++++
+ archival/libarchive/data_extract_all.c     |  8 ++++++++
+ archival/libarchive/unsafe_prefix.c        |  6 +++++-
+ scripts/kconfig/lxdialog/check-lxdialog.sh |  2 +-
+ testsuite/cpio.tests                       | 23 ++++++++++++++++++++++
+ 5 files changed, 48 insertions(+), 2 deletions(-)
+
+diff --git a/archival/Config.src b/archival/Config.src
+index 6f4f30c..cbcd721 100644
+--- a/archival/Config.src
++++ b/archival/Config.src
+@@ -35,4 +35,15 @@ config FEATURE_LZMA_FAST
+ 	This option reduces decompression time by about 25% at the cost of
+ 	a 1K bigger binary.
+ 
++config FEATURE_PATH_TRAVERSAL_PROTECTION
++	bool "Prevent extraction of filenames with /../ path component"
++	default n
++	help
++	busybox tar and unzip remove "PREFIX/../" (if it exists)
++	from extracted names.
++	This option enables this behavior for all other unpacking applets,
++	such as cpio, ar, rpm.
++	GNU cpio 2.15 has NO such sanity check.
++# try other archivers and document their behavior?
++
+ endmenu
+diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c
+index 049c2c1..8a69711 100644
+--- a/archival/libarchive/data_extract_all.c
++++ b/archival/libarchive/data_extract_all.c
+@@ -65,6 +65,14 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
+ 		} while (--n != 0);
+ 	}
+ #endif
++#if ENABLE_FEATURE_PATH_TRAVERSAL_PROTECTION
++	/* Strip leading "/" and up to last "/../" path component */
++	dst_name = (char *)strip_unsafe_prefix(dst_name);
++#endif
++// ^^^ This may be a problem if some applets do need to extract absolute names.
++// (Probably will need to invent ARCHIVE_ALLOW_UNSAFE_NAME flag).
++// You might think that rpm needs it, but in my tests rpm's internal cpio
++// archive has names like "./usr/bin/FOO", not "/usr/bin/FOO".
+ 
+ 	if (archive_handle->ah_flags & ARCHIVE_CREATE_LEADING_DIRS) {
+ 		char *slash = strrchr(dst_name, '/');
+diff --git a/archival/libarchive/unsafe_prefix.c b/archival/libarchive/unsafe_prefix.c
+index 33e487b..6670811 100644
+--- a/archival/libarchive/unsafe_prefix.c
++++ b/archival/libarchive/unsafe_prefix.c
+@@ -14,7 +14,11 @@ const char* FAST_FUNC strip_unsafe_prefix(const char *str)
+ 			cp++;
+ 			continue;
+ 		}
+-		if (is_prefixed_with(cp, "/../"+1)) {
++		/* We are called lots of times.
++		 * is_prefixed_with(cp, "../") is slower than open-coding it,
++		 * with minimal code growth (~few bytes).
++		 */
++		if (cp[0] == '.' && cp[1] == '.' && cp[2] == '/') {
+ 			cp += 3;
+ 			continue;
+ 		}
+diff --git a/scripts/kconfig/lxdialog/check-lxdialog.sh b/scripts/kconfig/lxdialog/check-lxdialog.sh
+index 7003e02..b91a54b 100755
+--- a/scripts/kconfig/lxdialog/check-lxdialog.sh
++++ b/scripts/kconfig/lxdialog/check-lxdialog.sh
+@@ -55,7 +55,7 @@ trap "rm -f $tmp" 0 1 2 3 15
+ check() {
+         $cc -x c - -o $tmp 2>/dev/null <<'EOF'
+ #include CURSES_LOC
+-main() {}
++int main() { return 0; }
+ EOF
+ 	if [ $? != 0 ]; then
+ 	    echo " *** Unable to find the ncurses libraries or the"       1>&2
+diff --git a/testsuite/cpio.tests b/testsuite/cpio.tests
+index 85e7465..a4462c5 100755
+--- a/testsuite/cpio.tests
++++ b/testsuite/cpio.tests
+@@ -154,6 +154,29 @@ testing "cpio -R with extract" \
+ " "" ""
+ SKIP=
+ 
++# Create an archive containing a file with "../dont_write" filename.
++# See that it will not be allowed to unpack.
++# NB: GNU cpio 2.15 DOES NOT do such checks.
++optional FEATURE_PATH_TRAVERSAL_PROTECTION
++rm -rf cpio.testdir
++mkdir -p cpio.testdir/prepare/inner
++echo "file outside of destination was written" > cpio.testdir/prepare/dont_write
++echo "data" > cpio.testdir/prepare/inner/to_extract
++mkdir -p cpio.testdir/extract
++testing "cpio extract file outside of destination" "\
++(cd cpio.testdir/prepare/inner && echo -e '../dont_write\nto_extract' | cpio -o -H newc) | (cd cpio.testdir/extract && cpio -vi 2>&1)
++echo \$?
++ls cpio.testdir/dont_write 2>&1" \
++"\
++cpio: removing leading '../' from member names
++../dont_write
++to_extract
++1 blocks
++0
++ls: cpio.testdir/dont_write: No such file or directory
++" "" ""
++SKIP=
++
+ # Clean up
+ rm -rf cpio.testdir cpio.testdir2 2>/dev/null
+ 
+-- 
+2.25.1
+
diff --git a/meta/recipes-core/busybox/busybox_1.35.0.bb b/meta/recipes-core/busybox/busybox_1.35.0.bb
index 6bffbbb5a8..1886410dd2 100644
--- a/meta/recipes-core/busybox/busybox_1.35.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.35.0.bb
@@ -58,6 +58,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://CVE-2023-42364_42365-2.patch \
            file://CVE-2023-42366.patch \
            file://0001-cut-Fix-s-flag-to-omit-blank-lines.patch \
+           file://CVE-2023-39810.patch \
            "
 SRC_URI:append:libc-musl = " file://musl.cfg "
 

From patchwork Fri May  9 16:16:43 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62705
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 21A0EC3ABBC
	for <webhook@archiver.kernel.org>; Fri,  9 May 2025 16:17:34 +0000 (UTC)
Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com
 [209.85.210.173])
 by mx.groups.io with SMTP id smtpd.web10.2679.1746807450220381023
 for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:30 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=qL3IoiY0;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f173.google.com with SMTP id
 d2e1a72fcca58-7396f13b750so2584564b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1746807449;
 x=1747412249; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=tn96zjXxT3J8VL78iwtCoYl0nrQyScFHpB950HXyfSc=;
        b=qL3IoiY07fwsHU84Ou4M3sIDi/HUXU50tj12WiSy+wBl+GMFLVXqIbcZIO7PzpBFPW
         yDtZO5bH5+GruuLQ9FZnQbVyRkREics/TbBWuyNLYnYLn91Up9l/NFOrbsdHqjXTQ4hr
         gifh70b/amaCY35imWQ9J+RMDHE5eAtRSwzznjQA2MEnas5mDzOg0Z+Jm7p7OTbLqE3S
         b37t4dv5hJgeEFLvE4L9/FWyFqG3KCtRTZZGCtnSf7qpgZZWXGbSH5HpndHei1g1h4Lr
         a66LNOkZ1T/3cbceS0kCgr++0EO6kVgnLbgIDOeT/9bDmCoUtBn7E2BWQTk91b4ONeGO
         p2HQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1746807449; x=1747412249;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=tn96zjXxT3J8VL78iwtCoYl0nrQyScFHpB950HXyfSc=;
        b=JdDg4q4g+XoMlxyymAjCkW4o/GCunVvlAvAvOpGM97gFvGdlUngxvUKfdUIUQjufHo
         G9uoGXsr8tJxqXz67jETTHQU/1YkQkktToJ+0aTiPyABHRPEj0ba8zICd9cvMKw+Sm47
         yBr0XGXpHwi8hToOHPad5DIdFuQGKEYlzWcU7U63ZdX+uWPnan3G5hJVInaYFuVGmLIb
         rfyqyXKxXobViDKdw8hzhqhqF4eGqglXgcBzrOI/V42Cjyw5in6kk0q4XPVzj4dG9kjm
         yqHdys/wYhD71Gvd/UTTKn5nWVZXYFweOduISZNMAMWbrijWtLrVe4p+KunPUk89nrU7
         CFOQ==
X-Gm-Message-State: AOJu0YyhP5u+NN6I6WebbJeMN2PSco5IRm+FuYHQHo5ky+VS3l9OFl/b
	gp+bKJdNBF1IeZfsPvDqTcxfsrU8EJDn3J2tVM+M6l1RxekpGm8DT/QjGkfabYVliEGXvbdc05H
	E
X-Gm-Gg: ASbGnct9veu3AG6ICWldr34WHAzWvlNh/0SXvunOvef1uBV3RhliCYL9uH+ipgA7g4U
	A+KlVZY7Xlzdccedapca84rhnNqthoYH6gus2vo+V2zJxirN8n5L9+3bWsefqb9Js4lehFNuwaD
	y8TVCwM8tW5vxIlMw78hPUO/1WyY70gY2uPgXePYK1ZY9ExWXu+pJaLAbwFKersWPyl9eXW0PMJ
	e8OuVAGaU7cHQ8znveLFsrF7ox6Po0bpbbUeAK7gx2iqiSrRuIGSRXMp0trUEJsWyW/LnhC9gnV
	1ONL3xYk1g9a9hKJJ239bycjJzeTlZPk
X-Google-Smtp-Source: 
 AGHT+IFTCLGKOEYbaBmsrzVNri3p5zCBpO6X3u8oS5Lr0YCZlJbJNTE1Oz4HEEq5do3uwribMh5k2w==
X-Received: by 2002:a05:6a00:2195:b0:740:a921:f6de with SMTP id
 d2e1a72fcca58-7423c02f244mr5544304b3a.23.1746807449430;
        Fri, 09 May 2025 09:17:29 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:1912:b658:11a7:402c])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-742377050fesm1919134b3a.24.2025.05.09.09.17.28
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 May 2025 09:17:29 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 5/6] qemu: ignore CVE-2023-1386
Date: Fri,  9 May 2025 09:16:43 -0700
Message-ID: 
 <f7c8877395d4ec0a91cd5cf54e6c2858495746fb.1746806788.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1746806788.git.steve@sakoman.com>
References: <cover.1746806788.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 09 May 2025 16:17:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216241

From: Peter Marko <peter.marko@siemens.com>

Upstream Repository: https://gitlab.com/qemu-project/qemu.git

Bug Details:  https://nvd.nist.gov/vuln/detail/CVE-2023-1386
Type: Security Advisory
CVE: CVE-2023-1386
Score: 3.3

Analysis:
- According to redhat[1] this CVE has closed as not a bug.

Reference:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2223985

(From OE-Core rev: 6a5d9e3821246c39ec57fa483802e1bb74fca724)

Signed-off-by: Madhu Marri <madmarri@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

(Converted to old CVE_CHECK_IGNORE syntax)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/qemu/qemu.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index bee30cd56f..cae33459e6 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -161,6 +161,9 @@ CVE_CHECK_IGNORE += "CVE-2023-2680"
 #       due to the rocker device not falling within the virtualization use case.
 CVE_CHECK_IGNORE += "CVE-2022-36648"
 
+# disputed: not an issue as per https://bugzilla.redhat.com/show_bug.cgi?id=2223985
+CVE_CHECK_IGNORE += "CVE-2023-1386"
+
 COMPATIBLE_HOST:mipsarchn32 = "null"
 COMPATIBLE_HOST:mipsarchn64 = "null"
 COMPATIBLE_HOST:riscv32 = "null"

From patchwork Fri May  9 16:16:44 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 62706
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2606DC3ABCC
	for <webhook@archiver.kernel.org>; Fri,  9 May 2025 16:17:34 +0000 (UTC)
Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com
 [209.85.210.173])
 by mx.groups.io with SMTP id smtpd.web10.2681.1746807452244739560
 for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:32 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=xJxVihmx;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f173.google.com with SMTP id
 d2e1a72fcca58-7403f3ece96so3302420b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Fri, 09 May 2025 09:17:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1746807451;
 x=1747412251; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ef+9j9PmqsQf+Ixv/CUmDOJAN0T0DcjuzjNlN0F5neY=;
        b=xJxVihmx4q1td+cgY5z8VFdCUv/2Ubvnubdq6UXl7UBeMLFPQWrl1B41AeuZ0GX3/t
         XLg40ze4Vdh4VvUKVXovB0Uv9GLxTaIZ43OHxI+J4xYEHPC3P7lZdoxLuPRVyoh6g2uF
         R3V/kkwvYGP3d9Ifx6rT9D90FWbWj+1fbf6pIPb2hfvG5DWBVG2jWS9eZYy36KbWdiDq
         hWTg5RhjHuuXV7u5N1z4y3eVwN7bvo3AQg9iKHW9o36xgMrAORLbjg69jvmrDzarvNRx
         p8hNddASF9jf7Sp9hcLrD7QdEZHmD2xJcO0nqyKRTV8cZKIrdHyLiiijU3dCZMy9uAoO
         wSnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1746807451; x=1747412251;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ef+9j9PmqsQf+Ixv/CUmDOJAN0T0DcjuzjNlN0F5neY=;
        b=xCrdmb49EG5et/Bc1xZEMfLMCZY2vuMKucV4inaqidyiWge416+Rdqv7lVyK6xysfS
         tGQSfqd6UFsxDAcBQnci18SjWwykfeamfPEPAhl5a61yZ5earMnWJKj3uLRGX2piNYJV
         8Aecf5/uSICSWtwDwLLjjg7PQcXNDH7O2clsM4buNJ1iTiQd2jnl0oobkEoBpVrIGs/5
         OgjUIiZAsU35e5FlnkaEeVHnNV/CaxMfLQp+6Wm42wFhD+kAEfdlheV4y/lPaWDQrZgJ
         u20ntb++OFJ37xoj97WFpr+/uVc0ib08GYvZf1DqB5HQExE5xL83bg9G2w/0rc2DBDIr
         6RGw==
X-Gm-Message-State: AOJu0YxZAoRP+hZyPfVo+ijzTageg7xJqIzGXYk3IeiFn2EbZj2b2ovc
	8cHkhnNnVBUp70F2dcI9QiI8jUPXoQrtXnqrb9DMOa4tQe3bx9pgIt2Oc108GSfg+/uhtmnofK0
	A
X-Gm-Gg: ASbGnctvENnnomYv5UUZjfWA6rNkSLVa1blpdKIidvkii0dyFE0wk/fIZA6m9o0bi59
	rBviDgkH/IHBmSIRHovtsYj2RceUF2JweJ678cDtVNQSUQ5GIWQrGP75QWZgjQZrGP1LMOU9Zme
	nEr8bWDoAcN5oMeMsD7XZHz6vDf+vazurUlb9AnYSY95O+NHL58piIcVF2VeyP1+BuJDcIylZXf
	RL0gakcdmSuhM4iH7l4/0Jizi4QJqN2BZyNXuR/rkrqzBpVRuLNmbqFoN7/MPKVbMUtnss5fFkt
	zLJhobDkYJS6CycU5EWiTmeOznPzTmj2
X-Google-Smtp-Source: 
 AGHT+IERggzkO+JtR7WXa/5fR3Rm/cYfM/psf++7N1hIcHoXdVYMuHSs2YSInvKEsFjf8cZ8dzct8w==
X-Received: by 2002:a05:6a00:1254:b0:736:34a2:8a18 with SMTP id
 d2e1a72fcca58-7423c030959mr6485367b3a.24.1746807451337;
        Fri, 09 May 2025 09:17:31 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:1912:b658:11a7:402c])
        by smtp.gmail.com with ESMTPSA id
 d2e1a72fcca58-742377050fesm1919134b3a.24.2025.05.09.09.17.30
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 09 May 2025 09:17:31 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 6/6] glibc: Add single-threaded fast path to
 rand()
Date: Fri,  9 May 2025 09:16:44 -0700
Message-ID: 
 <00f7a2f60dd6de95a1a47fa642978613ce76dc56.1746806788.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1746806788.git.steve@sakoman.com>
References: <cover.1746806788.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Fri, 09 May 2025 16:17:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/216242

From: Haixiao Yan <haixiao.yan.cn@windriver.com>

Backport a patch [1] to improve performance of rand() and __random()[2]
by adding a single-threaded fast path.

[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=be0cfd848d9ad7378800d6302bc11467cf2b514f
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=32777
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...dd-single-threaded-fast-path-to-rand.patch | 47 +++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.35.bb         |  1 +
 2 files changed, 48 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch

diff --git a/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch b/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch
new file mode 100644
index 0000000000..736fc51f38
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/0001-stdlib-Add-single-threaded-fast-path-to-rand.patch
@@ -0,0 +1,47 @@
+From 4f54b0dfc16dbe0df86afccb90e447df5f7f571e Mon Sep 17 00:00:00 2001
+From: Wilco Dijkstra <wilco.dijkstra@arm.com>
+Date: Mon, 18 Mar 2024 15:18:20 +0000
+Subject: [PATCH] stdlib: Add single-threaded fast path to rand()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Improve performance of rand() and __random() by adding a single-threaded
+fast path.  Bench-random-lock shows about 5x speedup on Neoverse V1.
+
+Upstream-Status: Backport [be0cfd848d9ad7378800d6302bc11467cf2b514f]
+
+Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
+Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
+---
+ stdlib/random.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/stdlib/random.c b/stdlib/random.c
+index 17cc61ba8f55..5d482a857065 100644
+--- a/stdlib/random.c
++++ b/stdlib/random.c
+@@ -51,6 +51,7 @@
+    SUCH DAMAGE.*/
+ 
+ #include <libc-lock.h>
++#include <sys/single_threaded.h>
+ #include <limits.h>
+ #include <stddef.h>
+ #include <stdlib.h>
+@@ -288,6 +289,12 @@ __random (void)
+ {
+   int32_t retval;
+ 
++  if (SINGLE_THREAD_P)
++    {
++      (void) __random_r (&unsafe_state, &retval);
++      return retval;
++    }
++
+   __libc_lock_lock (lock);
+ 
+   (void) __random_r (&unsafe_state, &retval);
+-- 
+2.34.1
+
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index d9cae79ac2..9073e04537 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -65,6 +65,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch \
            file://0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch \
            file://0003-sunrpc-suppress-gcc-os-warning-on-user2netname.patch \
+           file://0001-stdlib-Add-single-threaded-fast-path-to-rand.patch \
            "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"