From patchwork Fri Jun 6 15:59:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64476 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 251BFC61DB8 for ; Fri, 6 Jun 2025 16:00:23 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.37083.1749225619118255367 for ; Fri, 06 Jun 2025 09:00:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=k2ByG1MY; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-742c2ed0fe1so2385885b3a.1 for ; Fri, 06 Jun 2025 09:00:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225618; x=1749830418; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Ex7fX8vEvjANg8XHcLIwRrB6hvYUIuOLA6E7fknD644=; b=k2ByG1MYIeS6Ye4a90vvcaDqnAkq2YpFkHOSYNXjwRgtBnr1NQUWbx/U9GMcRPUrBZ NbjESckw+av6yg1YCx/rT7ON4oujqZvPZfWEpPKzc4ZSMEeBaU19E+2Se/IRBx7Gor/O mrFUCeoqitf87XYvtS3PMKIdnnSozC5GBb5Tcq8kgzl3oji0ratGzB9i3kuId3jPmYU/ g0hIBXQwc35GoHsUWMkSmXZ+A1e7DeKi7rfOCkdk7icWIqhKJNz1C1ftcObI/rbKgUBZ TyO45Qx0h9S2LkcFXQ8t9XNhOR6Fk17LE0PtIgCj7aHJqV0qBI/S5PgV7ZiI1oYQi9TL 0RRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225618; x=1749830418; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ex7fX8vEvjANg8XHcLIwRrB6hvYUIuOLA6E7fknD644=; b=jhDKZsto5NcQ+Xu5u9bzJ9M5PVPwe5HLmkr7cGX23j7sGQC2kxiWXKXfy6tX8qTlnf JKEKhG/BVl3C+yJF6g9lip+E8Jmr/AfhUge+4/MO6lz872TEA1/jiXAUJuVtrFOxrTDT 5X9yFp13ilIAwwU0Za++zfokq6Jn1+IDF4SIo1DhA3iWRKry7hgQADKapJBYCS8kR3I9 DuaD0+RpCD37/NYaqoSOGm0krWwrO1qmVbGRE3Tt956j4oz5tPAmmOd+iLqeI6dNtHKW +hOa/dCtgklcoWjo+xkMc+nsSob5LB6Kd3XtipsbZ5JIo6n1gI6LLFJ6Xn5Py/UhEJwr 3jnw== X-Gm-Message-State: AOJu0YzzZO3YxscwctXjq/RdsBNv3phX6dppdbT1OWqQWgXQ9vPUjPC8 RoKYUWSm57duy60soHOrWRfGkJPPTuMa6ZI2lv0c7L8Xu2eaM7orw6FJh8SfTInthMtb8y6O3zQ 484UL X-Gm-Gg: ASbGncuGpzwN9PRXwe0+fsLx+uCmCnqEq6IUPznKSAOJSePQ/6+qIFdw17TxuH9dTOk I6Cmmx2xX2tFzq2QchzN/hhaniMIkLizCzxqnyNzTbyvu1uyAcu4cr0/trWLodmvcO7Vg2OqVXp 4R/FKe4hhqda2zo86oRSYnkXAUzzp8KrIDNP7UjjFkO3edKbuhrhJis+AwmY+9gJNw2Nrhm92WH rFueHQnwkeYOjXtaqt7TJFU0WBfKQTjGVHHkalkDiRD0mccVsqQ8zFTx0hRKjFX2TdNCp8VhNbf bMLO1zPAVRfQPiQLc2/99w7Oew8wwC1KQ4ugJ3UseaAxWso4lO/wSBlDth80P0vO X-Google-Smtp-Source: AGHT+IF0ICYBCgnyAeOO5zd2/SpWWbFAKSpdNIm2RDN078mdWiL+fB5c/PPnh+5+w7dyJqo0iOgzNw== X-Received: by 2002:a05:6a00:cce:b0:73e:30dc:bb9b with SMTP id d2e1a72fcca58-74827e50eb9mr5542165b3a.2.1749225617919; Fri, 06 Jun 2025 09:00:17 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:17 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/12] libsoup: fix CVE-2025-32908 Date: Fri, 6 Jun 2025 08:59:54 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218163 From: Changqing Li Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/429 Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../libsoup-3.4.4/CVE-2025-32908-1.patch | 89 +++++++++++++++++++ .../libsoup-3.4.4/CVE-2025-32908-2.patch | 53 +++++++++++ meta/recipes-support/libsoup/libsoup_3.4.4.bb | 4 +- 3 files changed, 145 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch new file mode 100644 index 0000000000..8ad0e16d45 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-1.patch @@ -0,0 +1,89 @@ +From 56b8eb061a02c4e99644d6f1e62e601d0d814beb Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Tue, 15 Apr 2025 09:59:05 +0200 +Subject: [PATCH 1/2] soup-server-http2: Check validity of the constructed + connection URI + +The HTTP/2 pseudo-headers can contain invalid values, which the GUri rejects +and returns NULL, but the soup-server did not check the validity and could +abort the server itself later in the code. + +Closes #429 + +CVE: CVE-2025-32908 +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/451/diffs?commit_id=a792b23ab87cacbf4dd9462bf7b675fa678efbae] + +Signed-off-by: Changqing Li +--- + .../http2/soup-server-message-io-http2.c | 4 +++ + tests/http2-test.c | 28 +++++++++++++++++++ + 2 files changed, 32 insertions(+) + +diff --git a/libsoup/server/http2/soup-server-message-io-http2.c b/libsoup/server/http2/soup-server-message-io-http2.c +index 943ecfd..f1fe2d5 100644 +--- a/libsoup/server/http2/soup-server-message-io-http2.c ++++ b/libsoup/server/http2/soup-server-message-io-http2.c +@@ -771,9 +771,13 @@ on_frame_recv_callback (nghttp2_session *session, + char *uri_string; + GUri *uri; + ++ if (msg_io->scheme == NULL || msg_io->authority == NULL || msg_io->path == NULL) ++ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path); + uri = g_uri_parse (uri_string, SOUP_HTTP_URI_FLAGS, NULL); + g_free (uri_string); ++ if (uri == NULL) ++ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + soup_server_message_set_uri (msg_io->msg, uri); + g_uri_unref (uri); + +diff --git a/tests/http2-test.c b/tests/http2-test.c +index ef097f4..df86d9b 100644 +--- a/tests/http2-test.c ++++ b/tests/http2-test.c +@@ -1241,6 +1241,30 @@ do_connection_closed_test (Test *test, gconstpointer data) + g_uri_unref (uri); + } + ++static void ++do_broken_pseudo_header_test (Test *test, gconstpointer data) ++{ ++ char *path; ++ SoupMessage *msg; ++ GUri *uri; ++ GBytes *body = NULL; ++ GError *error = NULL; ++ ++ uri = g_uri_parse_relative (base_uri, "/ag", SOUP_HTTP_URI_FLAGS, NULL); ++ ++ /* an ugly cheat to construct a broken URI, which can be sent from other libs */ ++ path = (char *) g_uri_get_path (uri); ++ path[1] = '%'; ++ ++ msg = soup_message_new_from_uri (SOUP_METHOD_GET, uri); ++ body = soup_test_session_async_send (test->session, msg, NULL, &error); ++ g_assert_error (error, G_IO_ERROR, G_IO_ERROR_PARTIAL_INPUT); ++ g_assert_null (body); ++ g_clear_error (&error); ++ g_object_unref (msg); ++ g_uri_unref (uri); ++} ++ + static gboolean + unpause_message (SoupServerMessage *msg) + { +@@ -1549,6 +1573,10 @@ main (int argc, char **argv) + setup_session, + do_connection_closed_test, + teardown_session); ++ g_test_add ("/http2/broken-pseudo-header", Test, NULL, ++ setup_session, ++ do_broken_pseudo_header_test, ++ teardown_session); + + ret = g_test_run (); + +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch new file mode 100644 index 0000000000..b53c7efb7b --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32908-2.patch @@ -0,0 +1,53 @@ +From aad0dcf22ee9fdfefa6b72055268240cceccfe4c Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Mon, 28 Apr 2025 10:55:42 +0200 +Subject: [PATCH 2/2] soup-server-http2: Correct check of the validity of the + constructed connection URI + +RFC 5740: the CONNECT has unset the "scheme" and "path", thus allow them unset. + +The commit a792b23ab87cacbf4dd9462bf7b675fa678efbae also missed to decrement +the `io->in_callback` in the early returns. + +Related to #429 + +CVE: CVE-2025-32908 +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/453/diffs?commit_id=527428a033df573ef4558ce1106e080fd9ec5c71] + +Signed-off-by: Changqing Li +--- + .../server/http2/soup-server-message-io-http2.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/libsoup/server/http2/soup-server-message-io-http2.c b/libsoup/server/http2/soup-server-message-io-http2.c +index f1fe2d5..913afb4 100644 +--- a/libsoup/server/http2/soup-server-message-io-http2.c ++++ b/libsoup/server/http2/soup-server-message-io-http2.c +@@ -771,13 +771,18 @@ on_frame_recv_callback (nghttp2_session *session, + char *uri_string; + GUri *uri; + +- if (msg_io->scheme == NULL || msg_io->authority == NULL || msg_io->path == NULL) +- return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; +- uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path); ++ if (msg_io->authority == NULL) { ++ io->in_callback--; ++ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; ++ } ++ /* RFC 5740: the CONNECT has unset the "scheme" and "path", but the GUri requires the scheme, thus let it be "(null)" */ ++ uri_string = g_strdup_printf ("%s://%s%s", msg_io->scheme, msg_io->authority, msg_io->path == NULL ? "" : msg_io->path); + uri = g_uri_parse (uri_string, SOUP_HTTP_URI_FLAGS, NULL); + g_free (uri_string); +- if (uri == NULL) +- return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; ++ if (uri == NULL) { ++ io->in_callback--; ++ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; ++ } + soup_server_message_set_uri (msg_io->msg, uri); + g_uri_unref (uri); + +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb index 21a1bbe6cd..c19be9b5f4 100644 --- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb +++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb @@ -32,7 +32,9 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-32914.patch \ file://CVE-2025-4476.patch \ file://CVE-2025-4969.patch \ - " + file://CVE-2025-32908-1.patch \ + file://CVE-2025-32908-2.patch \ +" SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa" PROVIDES = "libsoup-3.0" From patchwork Fri Jun 6 15:59:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64479 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0BCC4C61CE7 for ; Fri, 6 Jun 2025 16:00:33 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web10.37087.1749225623581369466 for ; Fri, 06 Jun 2025 09:00:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=B6ndhyCN; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-73bf5aa95e7so1800181b3a.1 for ; Fri, 06 Jun 2025 09:00:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225623; x=1749830423; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vXnbrHhRLh5+J6PxCXiCY2ukDmEGjviSlX4Z6L7k1uI=; b=B6ndhyCNpLJKgCTVwWZIGQ4+EjfzXUnq9uB5OiAFjhXy7wfOIjl/5VIhU5j/3awEur guZfsffVrspRg0aIWHN46+tjkqBmGRoyznRMfJgEaZy6ZBglNSxxeXo3CstCpWGH4rF3 NAbeIfevgYH4cO6kWQirV+Fpb0mLxSSH8reoW6SUiy4wM7FAkWBy58XtS+gZRlHXm8jP jSUo1jhY3SuKtUz9Iz9AHlXrgdJcM4nqsXU/agh1fxaa3lP2rLn/i82MVreHTqrwJUrg 4S5Y5UqNlM5UWxcBAJybcxY/kL7kJXPtmq9ah/00oj7VKRdbof9+dVLO1xoYWG+IGHYT VSXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225623; x=1749830423; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vXnbrHhRLh5+J6PxCXiCY2ukDmEGjviSlX4Z6L7k1uI=; b=MNtwLsE01wWXq9dDd6F4nRbQuP9tJZTTGcBHiBbhz12SRkVHmz5qX2cNSTeTDOXu/3 9gZjBfBNZTtKcrPMjqWKMJ5ffQA83+yBOtF33eFuKp5JLwwFDH2QuI4NhLOAzkt0vrCE nbxmyAU/eihywegaPFYuNxh32+bJITPyQErQFjZAk/FtJ0KKhJPCopReOdQnPP4ZRNWh 8wVCrj+T4qKn9M7rhVltQRtWoVnxcqjxiEfJKFI9ZVtBTdCGjq9jYLfHVdzcLwYzUFQi QI6HbY/tnROudF/HA2BpD+uyS8DAmn/h17+kgP+y1fIXMplLCfikSN91MdaQXRe9RBln hMIQ== X-Gm-Message-State: AOJu0YytVr6UAAb1vvbSr8Mdai27NaU6Zh9d8U7pM1jM6O0N9MNPnITy Ljr7JTZhrwyvfgYJxy0U9uPE4H/sQZYTbl0ygg5XOnhztdV/tAucHuMHunJd97JMxZjL0J0Ezg4 IGGev X-Gm-Gg: ASbGncttj62ev/Qb8DCudI1y7vgalUjE4xnA1Ii4m5HCjfXQqHDJBPJhB3WcrijLN00 No82xPULN4Ak1ShRPP0dgiGwX/3OoLX0n2WM215j2htwtmAcLjlPKSqISLyrhu05+cP/Vy4zb1u hMtsAkZVFH+kwBKB/3W04Kp5ifK+fIVo9dB1Oxn0f8ak1yhhbyJhCmCrEpnKRZ6NXDZICyJtCq8 nZAeiNKlkAEEbKm3uIgyCpVxAXcvJyGEdccFrelnStyaAj+vPScDFAvVjFbfjb1NzBEcBSiQeFz Ixn2P5bkC2WP+otTH3ahPnKZUm/e3M6/2y0Rdgk6J4ZvtLZYNWlcs6Y1Mmhb0EO2 X-Google-Smtp-Source: AGHT+IHIqNCGRqbbBDocX75ds8IxqZZOX7VeGQdyGHFbi8/4E4UccYbXI9un/qcLG5CAuewVJO7DAA== X-Received: by 2002:a05:6a00:8c9:b0:736:4ebd:e5a with SMTP id d2e1a72fcca58-74827f30414mr6062745b3a.20.1749225619756; Fri, 06 Jun 2025 09:00:19 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:19 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/12] libsoup: fix CVE-2025-32907 Date: Fri, 6 Jun 2025 08:59:55 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218165 From: Changqing Li Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/429 Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../libsoup-3.4.4/CVE-2025-32907-1.patch | 200 ++++++++++++++++++ .../libsoup-3.4.4/CVE-2025-32907-2.patch | 68 ++++++ meta/recipes-support/libsoup/libsoup_3.4.4.bb | 2 + 3 files changed, 270 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch new file mode 100644 index 0000000000..41b7d276a4 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch @@ -0,0 +1,200 @@ +From 7507b0713c2f02af1cd561ebb99477e0a099419d Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Tue, 15 Apr 2025 12:17:39 +0200 +Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges + +It had been skipping every second range, which generated an array +of a lot of insane ranges, causing large memory usage by the server. + +Closes #428 + +Part-of: + +CVE: CVE-2025-32907 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits] + +Signed-off-by: Changqing Li +--- + libsoup/soup-message-headers.c | 1 + + tests/meson.build | 1 + + tests/server-mem-limit-test.c | 144 +++++++++++++++++++++++++++++++++ + 3 files changed, 146 insertions(+) + create mode 100644 tests/server-mem-limit-test.c + +diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c +index ee7a3cb..f101d4b 100644 +--- a/libsoup/soup-message-headers.c ++++ b/libsoup/soup-message-headers.c +@@ -1244,6 +1244,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders *hdrs, + if (cur->start <= prev->end) { + prev->end = MAX (prev->end, cur->end); + g_array_remove_index (array, i); ++ i--; + } + } + } +diff --git a/tests/meson.build b/tests/meson.build +index ee118a0..8e7b51d 100644 +--- a/tests/meson.build ++++ b/tests/meson.build +@@ -102,6 +102,7 @@ tests = [ + {'name': 'samesite'}, + {'name': 'session'}, + {'name': 'server-auth'}, ++ {'name': 'server-mem-limit'}, + {'name': 'server'}, + {'name': 'sniffing', + 'depends': [test_resources], +diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c +new file mode 100644 +index 0000000..98f1c40 +--- /dev/null ++++ b/tests/server-mem-limit-test.c +@@ -0,0 +1,144 @@ ++/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */ ++/* ++ * Copyright (C) 2025 Red Hat ++ */ ++ ++#include "test-utils.h" ++ ++#include ++ ++/* ++ This test limits memory usage to trigger too large buffer allocation crash. ++ As restoring the limits back to what it was does not always work, it's split ++ out of the server-test.c test with copied minimal server code. ++ */ ++ ++typedef struct { ++ SoupServer *server; ++ GUri *base_uri, *ssl_base_uri; ++ GSList *handlers; ++} ServerData; ++ ++static void ++server_setup_nohandler (ServerData *sd, gconstpointer test_data) ++{ ++ sd->server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD); ++ sd->base_uri = soup_test_server_get_uri (sd->server, "http", NULL); ++ if (tls_available) ++ sd->ssl_base_uri = soup_test_server_get_uri (sd->server, "https", NULL); ++} ++ ++static void ++server_add_handler (ServerData *sd, ++ const char *path, ++ SoupServerCallback callback, ++ gpointer user_data, ++ GDestroyNotify destroy) ++{ ++ soup_server_add_handler (sd->server, path, callback, user_data, destroy); ++ sd->handlers = g_slist_prepend (sd->handlers, g_strdup (path)); ++} ++ ++static void ++server_setup (ServerData *sd, gconstpointer test_data) ++{ ++ server_setup_nohandler (sd, test_data); ++} ++ ++static void ++server_teardown (ServerData *sd, gconstpointer test_data) ++{ ++ GSList *iter; ++ ++ for (iter = sd->handlers; iter; iter = iter->next) ++ soup_server_remove_handler (sd->server, iter->data); ++ g_slist_free_full (sd->handlers, g_free); ++ ++ g_clear_pointer (&sd->server, soup_test_server_quit_unref); ++ g_clear_pointer (&sd->base_uri, g_uri_unref); ++ g_clear_pointer (&sd->ssl_base_uri, g_uri_unref); ++} ++ ++static void ++server_file_callback (SoupServer *server, ++ SoupServerMessage *msg, ++ const char *path, ++ GHashTable *query, ++ gpointer data) ++{ ++ void *mem; ++ ++ g_assert_cmpstr (path, ==, "/file"); ++ g_assert_cmpstr (soup_server_message_get_method (msg), ==, SOUP_METHOD_GET); ++ ++ mem = g_malloc0 (sizeof (char) * 1024 * 1024); ++ /* fedora-scan CI claims a warning about possibly leaked `mem` variable, thus use ++ the copy and free it explicitly, to workaround the false positive; the g_steal_pointer() ++ did not help for the malloc-ed memory */ ++ soup_server_message_set_response (msg, "application/octet-stream", SOUP_MEMORY_COPY, mem, sizeof (char) * 1024 *1024); ++ soup_server_message_set_status (msg, SOUP_STATUS_OK, NULL); ++ g_free (mem); ++} ++ ++static void ++do_ranges_overlaps_test (ServerData *sd, gconstpointer test_data) ++{ ++ SoupSession *session; ++ SoupMessage *msg; ++ GString *range; ++ GUri *uri; ++ const char *chunk = ",0,0,0,0,0,0,0,0,0,0,0"; ++ ++ g_test_bug ("428"); ++ ++ #ifdef G_OS_WIN32 ++ g_test_skip ("Cannot run under windows"); ++ return; ++ #endif ++ ++ range = g_string_sized_new (99 * 1024); ++ g_string_append (range, "bytes=1024"); ++ while (range->len < 99 * 1024) ++ g_string_append (range, chunk); ++ ++ session = soup_test_session_new (NULL); ++ server_add_handler (sd, "/file", server_file_callback, NULL, NULL); ++ ++ uri = g_uri_parse_relative (sd->base_uri, "/file", SOUP_HTTP_URI_FLAGS, NULL); ++ ++ msg = soup_message_new_from_uri ("GET", uri); ++ soup_message_headers_append (soup_message_get_request_headers (msg), "Range", range->str); ++ ++ soup_test_session_send_message (session, msg); ++ ++ soup_test_assert_message_status (msg, SOUP_STATUS_PARTIAL_CONTENT); ++ ++ g_object_unref (msg); ++ ++ g_string_free (range, TRUE); ++ g_uri_unref (uri); ++ ++ soup_test_session_abort_unref (session); ++} ++ ++int ++main (int argc, char **argv) ++{ ++ int ret; ++ ++ test_init (argc, argv, NULL); ++ ++ #ifndef G_OS_WIN32 ++ struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 }; ++ /* limit memory usage, to trigger too large memory allocation abort */ ++ g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0); ++ #endif ++ ++ g_test_add ("/server-mem/range-overlaps", ServerData, NULL, ++ server_setup, do_ranges_overlaps_test, server_teardown); ++ ++ ret = g_test_run (); ++ ++ test_cleanup (); ++ return ret; ++} +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch new file mode 100644 index 0000000000..9c838a55af --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch @@ -0,0 +1,68 @@ +From f31dfc357ffdd8d18d3593a06cd4acb888eaba70 Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Tue, 13 May 2025 14:20:46 +0200 +Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not + built witha sanitizer + +A build with -Db_sanitize=address crashes with failed mmap(), which is done +inside libasan. The test requires 20.0TB of virtual memory when running with +the sanitizer, which is beyond unsigned integer limits and may not trigger +the bug anyway. + +Part-of: + +CVE: CVE-2025-32907 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/commits] + +Signed-off-by: Changqing Li +--- + meson.build | 4 ++++ + tests/server-mem-limit-test.c | 13 +++++++++---- + 2 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/meson.build b/meson.build +index d4110da..74323ea 100644 +--- a/meson.build ++++ b/meson.build +@@ -357,6 +357,10 @@ configinc = include_directories('.') + + prefix = get_option('prefix') + ++if get_option('b_sanitize') != 'none' ++ cdata.set_quoted('B_SANITIZE_OPTION', get_option('b_sanitize')) ++endif ++ + cdata.set_quoted('PACKAGE_VERSION', soup_version) + cdata.set_quoted('LOCALEDIR', join_paths(prefix, get_option('localedir'))) + cdata.set_quoted('GETTEXT_PACKAGE', libsoup_api_name) +diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c +index 98f1c40..65dc875 100644 +--- a/tests/server-mem-limit-test.c ++++ b/tests/server-mem-limit-test.c +@@ -126,14 +126,19 @@ main (int argc, char **argv) + { + int ret; + +- test_init (argc, argv, NULL); +- +- #ifndef G_OS_WIN32 +- struct rlimit new_rlimit = { 1024 * 1024 * 64, 1024 * 1024 * 64 }; ++ /* a build with an address sanitizer may crash on mmap() with the limit, ++ thus skip the limit set in such case, even it may not necessarily ++ trigger the bug if it regresses */ ++ #if !defined(G_OS_WIN32) && !defined(B_SANITIZE_OPTION) ++ struct rlimit new_rlimit = { 1024UL * 1024UL * 1024UL * 2UL, 1024UL * 1024UL * 1024UL * 2UL }; + /* limit memory usage, to trigger too large memory allocation abort */ + g_assert_cmpint (setrlimit (RLIMIT_DATA, &new_rlimit), ==, 0); ++ #else ++ g_message ("server-mem-limit-test: Running without memory limit"); + #endif + ++ test_init (argc, argv, NULL); ++ + g_test_add ("/server-mem/range-overlaps", ServerData, NULL, + server_setup, do_ranges_overlaps_test, server_teardown); + +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb index c19be9b5f4..687b14d9d6 100644 --- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb +++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb @@ -34,6 +34,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-4969.patch \ file://CVE-2025-32908-1.patch \ file://CVE-2025-32908-2.patch \ + file://CVE-2025-32907-1.patch \ + file://CVE-2025-32907-2.patch \ " SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa" From patchwork Fri Jun 6 15:59:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64481 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1270EC5AD49 for ; Fri, 6 Jun 2025 16:00:33 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web10.37088.1749225623582191109 for ; Fri, 06 Jun 2025 09:00:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=jx68s1Qf; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-7425bd5a83aso2080799b3a.0 for ; Fri, 06 Jun 2025 09:00:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225623; x=1749830423; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7qk3fZn6CLH7kTDZj/jQb04W5bXk2EnZegba1lt0Z6o=; b=jx68s1QfzPa6S+WzCQagtiHZFq3T4nNeVydngy31/KS170HNIO23+OSEhQh0GIbmwm ONnTedyksR6pK12um7Or3smFMxt9UowZ0G8BWFU+/6f/Fg3349khveTyHRtJrJzZ8Irm ZQIGJjvgkzdaOHTItfopnGWbqtT2gl/Xq3pvO/kvQP4V64mNwriTTw37q7pURA5M7yfu H1mE+4Qoy+6UU+GcBhfSOgJQJPxeRRZrhTj5CfVcRuVjS2mKgDZ0m6dsNkDqDWl5/sqf OA+ybWumr7XXRHwQ3dJNTee6amzcTNHxWmYErTZeJXIi0cNJHZMeoqp/ZMCU86v3g54s E66g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225623; x=1749830423; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7qk3fZn6CLH7kTDZj/jQb04W5bXk2EnZegba1lt0Z6o=; b=bYlXtDxF/bhnXPUH86gzIAr5wD2GS3wnMIW7YFyoRexCSfFCHyrHhYyuU/p1GWwyWD Jgv40fu3nGCW+Sr1c4/kr4eQdgVY+TNeTdgvvvPqHMnPHBD1ro3FYtgjoKP/YgYh+ZJQ +GiJubbfFaHjjhZg9m5Tx8vXHxrZyCdQ0l+U7mfF3BuuJk4VkLS5D5G+gwOgPzozh9jU bIjgt7vC8XYYhGiN1iH2Xz+LIAy5566BuWSswanNf8RXy7heUNjC0JnyK+C0xqmZRcCU XJM4u4uCoBi3Zl2GFrXZGQbWFSgBsl/v4crsxp3om9jazjnziTT6iVYGx/1K5zJABXHv 6Pmg== X-Gm-Message-State: AOJu0YxiDgT9Yqp0GzrPmJ/7BnW2pDQJ4FDmidnQrHijeoicuojRB4qY idhaXisQ+PU3oO+RSJE40PDJqe/Aqt5jmnP/elSuNa8VJwhlEimzOghsSZXKzrosR3iMdV0gO7P gc8w1 X-Gm-Gg: ASbGncuSNPTJdMo5ja1FnRHxRCHKDfik39xg88aW0lcMnAtzAXeFzS+KSy0oDt5pMph N45ehQ9OZvjB3Rks9FW/nX4Iu/tifPZqFfle550fpiOr4oSKdx9RDC+tj3wGdUzw5Su99OFXkxC 6RDuZ87H8fbZaxnmv4IETcNx452h5NhC5Wqpa0Xx5gwmjUW4nmN3k1u0qe49SqYBshGuK/Fgt9k MeClPE0KnPqBZFPSIQeEnxUfxpHAX6GYw43EHI7H50oJ53lydoJkxdNf0dpzltxZCbB/LB8Am6X Xe6KSMRfRhkdgrESCiemQLmyJlp6+9pfqW16I1UMO4c= X-Google-Smtp-Source: AGHT+IFTs8kkqLXiSq8x73EzE+S7+BcbVXkA9gCfdjNAqkWIOeL2mxmB38Y7S/ifdo+m3/DR8O7/CA== X-Received: by 2002:a05:6a00:1825:b0:740:b372:be5 with SMTP id d2e1a72fcca58-74827e7464fmr4965791b3a.9.1749225621392; Fri, 06 Jun 2025 09:00:21 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:21 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/12] libsoup-2.4: fix CVE-2025-32907 Date: Fri, 6 Jun 2025 08:59:56 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218164 From: Changqing Li Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/428 Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../libsoup/libsoup-2.4/CVE-2025-32907.patch | 39 +++++++++++++++++++ .../libsoup/libsoup-2.4_2.74.3.bb | 3 +- .../libsoup-3.4.4/CVE-2025-32907-1.patch | 14 +++---- .../libsoup-3.4.4/CVE-2025-32907-2.patch | 6 +-- 4 files changed, 51 insertions(+), 11 deletions(-) create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch new file mode 100644 index 0000000000..41dd3ff3f4 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32907.patch @@ -0,0 +1,39 @@ +From 8158b4084dcba2a233dfcb7359c53ab2840148f7 Mon Sep 17 00:00:00 2001 +From: Milan Crha +Date: Tue, 15 Apr 2025 12:17:39 +0200 +Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges + +It had been skipping every second range, which generated an array +of a lot of insane ranges, causing large memory usage by the server. + +Closes #428 + +Part-of: + +CVE: CVE-2025-32907 +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/452/diffs?commit_id=9bb92f7a685e31e10e9e8221d0342280432ce836] + +Test part not applied since test codes use some functions not in this +version + +Signed-off-by: Changqing Li +--- + libsoup/soup-message-headers.c | 1 + + 1 files changed, 1 insertions(+) + +diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c +index 78b2455..00b9763 100644 +--- a/libsoup/soup-message-headers.c ++++ b/libsoup/soup-message-headers.c +@@ -1024,6 +1024,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders *hdrs, + if (cur->start <= prev->end) { + prev->end = MAX (prev->end, cur->end); + g_array_remove_index (array, i); ++ i--; + } + } + } +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb index df97a68b9c..c20069edef 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb @@ -32,7 +32,8 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-32912-2.patch \ file://CVE-2025-32914.patch \ file://CVE-2025-4969.patch \ - " + file://CVE-2025-32907.patch \ +" SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13" CVE_PRODUCT = "libsoup" diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch index 41b7d276a4..026a38c39a 100644 --- a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-1.patch @@ -1,4 +1,4 @@ -From 7507b0713c2f02af1cd561ebb99477e0a099419d Mon Sep 17 00:00:00 2001 +From 4741bc288ece52f5dbaebc568e72ce14da3e2757 Mon Sep 17 00:00:00 2001 From: Milan Crha Date: Tue, 15 Apr 2025 12:17:39 +0200 Subject: [PATCH 1/2] soup-message-headers: Correct merge of ranges @@ -22,10 +22,10 @@ Signed-off-by: Changqing Li create mode 100644 tests/server-mem-limit-test.c diff --git a/libsoup/soup-message-headers.c b/libsoup/soup-message-headers.c -index ee7a3cb..f101d4b 100644 +index 95e2c31..d69d6e8 100644 --- a/libsoup/soup-message-headers.c +++ b/libsoup/soup-message-headers.c -@@ -1244,6 +1244,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders *hdrs, +@@ -1210,6 +1210,7 @@ soup_message_headers_get_ranges_internal (SoupMessageHeaders *hdrs, if (cur->start <= prev->end) { prev->end = MAX (prev->end, cur->end); g_array_remove_index (array, i); @@ -34,17 +34,17 @@ index ee7a3cb..f101d4b 100644 } } diff --git a/tests/meson.build b/tests/meson.build -index ee118a0..8e7b51d 100644 +index 9bf88be..7ef7ac5 100644 --- a/tests/meson.build +++ b/tests/meson.build -@@ -102,6 +102,7 @@ tests = [ +@@ -93,6 +93,7 @@ tests = [ {'name': 'samesite'}, {'name': 'session'}, {'name': 'server-auth'}, + {'name': 'server-mem-limit'}, {'name': 'server'}, - {'name': 'sniffing', - 'depends': [test_resources], + {'name': 'sniffing'}, + {'name': 'ssl', diff --git a/tests/server-mem-limit-test.c b/tests/server-mem-limit-test.c new file mode 100644 index 0000000..98f1c40 diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch index 9c838a55af..c1b6a1feba 100644 --- a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32907-2.patch @@ -1,4 +1,4 @@ -From f31dfc357ffdd8d18d3593a06cd4acb888eaba70 Mon Sep 17 00:00:00 2001 +From 85716d2769b3e1acda024d2c7cbfb68139c5d90b Mon Sep 17 00:00:00 2001 From: Milan Crha Date: Tue, 13 May 2025 14:20:46 +0200 Subject: [PATCH 2/2] server-mem-limit-test: Limit memory usage only when not @@ -21,10 +21,10 @@ Signed-off-by: Changqing Li 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/meson.build b/meson.build -index d4110da..74323ea 100644 +index 73a9fa0..a9531a4 100644 --- a/meson.build +++ b/meson.build -@@ -357,6 +357,10 @@ configinc = include_directories('.') +@@ -374,6 +374,10 @@ configinc = include_directories('.') prefix = get_option('prefix') From patchwork Fri Jun 6 15:59:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64483 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B00AC61DB8 for ; Fri, 6 Jun 2025 16:00:33 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web11.37121.1749225625398386240 for ; Fri, 06 Jun 2025 09:00:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=HdV27uWA; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-742caef5896so2010856b3a.3 for ; Fri, 06 Jun 2025 09:00:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225624; x=1749830424; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7zt3/5XvscrIN2qIfbrQ3J7bEt54VZN4EBliE66Ry3M=; b=HdV27uWASJawL4Etli1JI8T+nJ2WMu+e8UUWpKzyZT5W3Jf3heM4+J/s0zvd2GWQsl QWd89byVRxwz3+8HJS9vCeGvCVIUjK5ZxTObuHFtBauRnROnsOhw13n13T5o/cpQWUhx KBTb12i6tiDmc054sTXjusgDhD8ZXAFW50Mf9hW4VkgoxCXgCjKVBh83clAkNukCuA19 zFtS+NOnXlRpB1oTx9F++x0Leq0qzFvbmRehq2OfTK18LpbpXHGl1SRPRSqDYtrGZ0Fv eUnuPYcfxae5EU8HhaBKpxg3IH4TuhhcAOqKX34eSCLjhfpWa9GIpo2AzeG7d2rT/4w9 uh9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225624; x=1749830424; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7zt3/5XvscrIN2qIfbrQ3J7bEt54VZN4EBliE66Ry3M=; b=W9vedJQDF3hq3XQPqATU0+5nefpTsTfavTlL9HUojQB4x+OYeMcgLdGVj2Re5j1CCd vkHUehGeC/lgFxo57zn+VXGV8VGTkhMmZ+6uu7O0fprUM9YKrYmml2xJPObc6zUWrvn9 /zmNfRTHIIOduTNLTrQn7wggaNkryzATmUNobIA1yEh3A7kQwqrn4khKRyx0zRCc3EOM N1HRZG0VYXJtLzV9cK3wMphVjURLhS0Zj/cZHO115ZT8v5/ni1vmswnRD31CKb0ruF0p NsJmzN1afNThOyLBI+U+sJwFiK7goPRekPiD+wQ19UFysadPLppvEXRJqwScsC0ZO/pC vqwA== X-Gm-Message-State: AOJu0YxK7yzLfE65qBv7pE5zU2qXS5hG+aTMwkGn1lLHPje/Jum5kRH+ rmMI5uiRv30/ge88KFayprUpJF/Cjjnh1kR/ueH8LEuvXzS3BRDJAbhwMd6Il5tHy3tQrvEL1E4 aoy+q X-Gm-Gg: ASbGncsjlqUWRoxMpRGJuR2oD+mqTJNC2Sv+1kxYLzE9T+tBEahKlK53NEv06MmGTyB McoHdWjmRy3giQYPNt8tus8qVMty79Ihset8f8mQcbUAq3U6YXHxtvfyWW7TInSoTpwqjnjoIfP VBCAOOr91jyCyzmeeMyU7a9G7XsxBP26zwrbckTlxaTyfNwxd09OtCvJ/J3RFwedcvTt4NmPKyn SjZsTEHmfpa75wwAcVQWy/DjSf+yCOPVnpZNtXZEbRZ8ajwBk3uRVEMw4lQEchpdqfujaZt+gsw gXfmGQ98vErXAtCa/GMLr99/QDZ0X2XLPXVh7xp5yo5ri7SiP5FX0A== X-Google-Smtp-Source: AGHT+IHPxpZbMiBvGq9I3Wg2keTiu7XNH6jG1C3vwbWoOji1b2XSuJT813LTAwZIOxQJL0ksd7DJAg== X-Received: by 2002:a05:6a00:9169:b0:748:2fa4:14c0 with SMTP id d2e1a72fcca58-7482fa42483mr3178933b3a.0.1749225622914; Fri, 06 Jun 2025 09:00:22 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:22 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/12] libsoup-2.4: fix do_compile failure Date: Fri, 6 Jun 2025 08:59:57 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218166 From: Changqing Li Remove test code for fixing do_compile failure: ../libsoup-2.74.3/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'? 1554 | SoupServerMessage *msg, | Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../libsoup-2.4/CVE-2025-32910-1.patch | 79 +++---------------- .../libsoup-2.4/CVE-2025-32910-2.patch | 60 +++----------- .../libsoup-2.4/CVE-2025-32912-1.patch | 20 ++--- 3 files changed, 24 insertions(+), 135 deletions(-) diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch index de4faf5380..847c76c2b7 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-1.patch @@ -8,10 +8,17 @@ Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-tea Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/e40df6d48a1cbab56f5d15016cc861a503423cfe] CVE: CVE-2025-32910 Signed-off-by: Vijay Anusuri + +Remove test code for fixing do_compile failure of libsoup-2.4, test codes include +new type added in 3.x version +../libsoup-2.74.3/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'? + 1554 | SoupServerMessage *msg, + | ^~~~~~~~~~~~~~~~~ + +Signed-off-by: Changqing Li --- libsoup/soup-auth-digest.c | 3 +++ - tests/auth-test.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 53 insertions(+) + 1 files changed, 3 insertions(+) diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c index e8ba990..263a15a 100644 @@ -27,71 +34,3 @@ index e8ba990..263a15a 100644 g_free (priv->domain); g_free (priv->nonce); g_free (priv->opaque); -diff --git a/tests/auth-test.c b/tests/auth-test.c -index 8295ec3..dfc6b09 100644 ---- a/tests/auth-test.c -+++ b/tests/auth-test.c -@@ -1549,6 +1549,55 @@ do_cancel_after_retry_test (void) - soup_test_session_abort_unref (session); - } - -+static void -+on_request_read_for_missing_realm (SoupServer *server, -+ SoupServerMessage *msg, -+ gpointer user_data) -+{ -+ SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg); -+ soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\""); -+} -+ -+static void -+do_missing_realm_test (void) -+{ -+ SoupSession *session; -+ SoupMessage *msg; -+ SoupServer *server; -+ SoupAuthDomain *digest_auth_domain; -+ gint status; -+ GUri *uri; -+ -+ server = soup_test_server_new (SOUP_TEST_SERVER_IN_THREAD); -+ soup_server_add_handler (server, NULL, -+ server_callback, NULL, NULL); -+ uri = soup_test_server_get_uri (server, "http", NULL); -+ -+ digest_auth_domain = soup_auth_domain_digest_new ( -+ "realm", "auth-test", -+ "auth-callback", server_digest_auth_callback, -+ NULL); -+ soup_auth_domain_add_path (digest_auth_domain, "/"); -+ soup_server_add_auth_domain (server, digest_auth_domain); -+ g_object_unref (digest_auth_domain); -+ -+ g_signal_connect (server, "request-read", -+ G_CALLBACK (on_request_read_for_missing_realm), -+ NULL); -+ -+ session = soup_test_session_new (NULL); -+ msg = soup_message_new_from_uri ("GET", uri); -+ g_signal_connect (msg, "authenticate", -+ G_CALLBACK (on_digest_authenticate), -+ NULL); -+ -+ status = soup_test_session_send_message (session, msg); -+ -+ g_assert_cmpint (status, ==, SOUP_STATUS_UNAUTHORIZED); -+ g_uri_unref (uri); -+ soup_test_server_quit_unref (server); -+} -+ - int - main (int argc, char **argv) - { -@@ -1576,6 +1625,7 @@ main (int argc, char **argv) - g_test_add_func ("/auth/async-message-do-not-use-auth-cache", do_async_message_do_not_use_auth_cache_test); - g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test); - g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test); -+ g_test_add_func ("/auth/missing-realm", do_missing_realm_test); - - ret = g_test_run (); - diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch index 0d72afa1d6..a2168177a4 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32910-2.patch @@ -8,10 +8,17 @@ Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-tea Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit/405a8a34597a44bd58c4759e7d5e23f02c3b556a] CVE: CVE-2025-32910 Signed-off-by: Vijay Anusuri + +Remove test code for fixing do_compile failure of libsoup-2.4, test codes include +new type added in 3.x version +../libsoup-2.74.3/tests/auth-test.c:1554:39: error: unknown type name 'SoupServerMessage'; did you mean 'SoupServerClass'? + 1554 | SoupServerMessage *msg, + | ^~~~~~~~~~~~~~~~~ + +Signed-off-by: Changqing Li --- libsoup/soup-auth-digest.c | 45 +++++++++++++++++++++++++++++++++++---------- - tests/auth-test.c | 19 +++++++++++-------- - 2 files changed, 46 insertions(+), 18 deletions(-) + 1 files changed, 35 insertions(+), 10 deletions(-) diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c index 263a15a..393adb6 100644 @@ -97,52 +104,3 @@ index 263a15a..393adb6 100644 soup_auth_digest_compute_response (msg->method, url, priv->hex_a1, priv->qop, priv->nonce, priv->cnonce, priv->nc, -diff --git a/tests/auth-test.c b/tests/auth-test.c -index dfc6b09..6fb1e4a 100644 ---- a/tests/auth-test.c -+++ b/tests/auth-test.c -@@ -1550,16 +1550,17 @@ do_cancel_after_retry_test (void) - } - - static void --on_request_read_for_missing_realm (SoupServer *server, -- SoupServerMessage *msg, -- gpointer user_data) -+on_request_read_for_missing_params (SoupServer *server, -+ SoupServerMessage *msg, -+ gpointer user_data) - { -+ const char *auth_header = user_data; - SoupMessageHeaders *response_headers = soup_server_message_get_response_headers (msg); -- soup_message_headers_replace (response_headers, "WWW-Authenticate", "Digest qop=\"auth\""); -+ soup_message_headers_replace (response_headers, "WWW-Authenticate", auth_header); - } - - static void --do_missing_realm_test (void) -+do_missing_params_test (gconstpointer auth_header) - { - SoupSession *session; - SoupMessage *msg; -@@ -1582,8 +1583,8 @@ do_missing_realm_test (void) - g_object_unref (digest_auth_domain); - - g_signal_connect (server, "request-read", -- G_CALLBACK (on_request_read_for_missing_realm), -- NULL); -+ G_CALLBACK (on_request_read_for_missing_params), -+ (gpointer)auth_header); - - session = soup_test_session_new (NULL); - msg = soup_message_new_from_uri ("GET", uri); -@@ -1625,7 +1626,9 @@ main (int argc, char **argv) - g_test_add_func ("/auth/async-message-do-not-use-auth-cache", do_async_message_do_not_use_auth_cache_test); - g_test_add_func ("/auth/authorization-header-request", do_message_has_authorization_header_test); - g_test_add_func ("/auth/cancel-after-retry", do_cancel_after_retry_test); -- g_test_add_func ("/auth/missing-realm", do_missing_realm_test); -+ g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test); -+ g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test); -+ g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test); - - ret = g_test_run (); - diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch index 2a6f37cb58..906a889c13 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32912-1.patch @@ -6,10 +6,14 @@ Subject: [PATCH 1/2] auth-digest: Handle missing nonce Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/cd077513f267e43ce4b659eb18a1734d8a369992] CVE: CVE-2025-32912 Signed-off-by: Vijay Anusuri + +The test codes is based on CVE-2025-32910, test code in CVE-2025-32910 +is removed for fixing do_compile failure. So also remove this test code + +Signed-off-by: Changqing Li --- libsoup/soup-auth-digest.c | 2 +- - tests/auth-test.c | 1 + - 2 files changed, 2 insertions(+), 1 deletion(-) + 1 files changed, 1 insertions(+), 1 deletion(-) diff --git a/libsoup/soup-auth-digest.c b/libsoup/soup-auth-digest.c index a1db188..f0edb81 100644 @@ -24,18 +28,6 @@ index a1db188..f0edb81 100644 return FALSE; g_free (priv->domain); -diff --git a/tests/auth-test.c b/tests/auth-test.c -index 6fb1e4a..343d7a5 100644 ---- a/tests/auth-test.c -+++ b/tests/auth-test.c -@@ -1629,6 +1629,7 @@ main (int argc, char **argv) - g_test_add_data_func ("/auth/missing-params/realm", "Digest qop=\"auth\"", do_missing_params_test); - g_test_add_data_func ("/auth/missing-params/nonce", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\"", do_missing_params_test); - g_test_add_data_func ("/auth/missing-params/nonce-md5-sess", "Digest realm=\"auth-test\", qop=\"auth,auth-int\", opaque=\"5ccc069c403ebaf9f0171e9517f40e41\" algorithm=\"MD5-sess\"", do_missing_params_test); -+ g_test_add_data_func ("/auth/missing-params/nonce-and-qop", "Digest realm=\"auth-test\"", do_missing_params_test); - - ret = g_test_run (); - -- 2.25.1 From patchwork Fri Jun 6 15:59:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64480 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E429C67861 for ; Fri, 6 Jun 2025 16:00:33 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web11.37122.1749225625441571443 for ; Fri, 06 Jun 2025 09:00:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=M+qzWfIs; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-7482377b086so938583b3a.1 for ; Fri, 06 Jun 2025 09:00:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225625; x=1749830425; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ca0unAOWx8xGfBB7MNiRO95NUg7tcM3iywEsk9r8mbc=; b=M+qzWfIsZb15s8G4hkN9rYnaIfFD+pVK49QCOYvKBO1N7Jrug//oPPnxFQswNvDcJZ uyn/it2LfrPobQhAVuXz9XrYPX6piCdH1RJO07/LdKB3VFsGDldpbltTHI0abg8D8QY+ Dxm1Bp6nRbSkoB9yijeq+yL9XKBxCVjaXFUChswCPZ5+fxB68z0bi9z9AwUIUlwKG6B6 ZMS90GOkgiEb98uvIbB/ptRXJeYb1c3xpyQvFSosb9wsSQpaX30ZxIBRYOSg9MDFtScB 45yb1T1or0CExQjT0EG5ovP7FPc71Qj2N+Lp/kKQw9sCpsEmlouQ7FlWLXmTzO82DCCT mtQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225625; x=1749830425; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ca0unAOWx8xGfBB7MNiRO95NUg7tcM3iywEsk9r8mbc=; b=uTMDa7ZHXvz83oGPvTVQoYrhxWNZI1msW9DrMltWu6scs2S8wwu/7sr4bHT/pxLmmj 9Vh9rJnmDciFgAcc0p/sDiAv2/p2qrIJlzjoLey4K/d5beA6Eunz0dduR+gnOMOcerVl lK8HccAz3D0lptABYlqzqDnFWLDMxJXj9oyaAYzE7DHD2VMARuhy1XJv8N/7IKh21tz7 WjmdCG+qCd6jxYfq55y8g2vb+hxgfjXy5nWn9y0Bq6YiMqRSq3aoqO054hHuADWIdhp3 RAWKsxGHf6Tk0IsDNgzxihvAIkSompMyV1QSvfEpynLqgz0lUxJlTfZPYgIek973sx0F 3pzw== X-Gm-Message-State: AOJu0Yw2nq7SXXZJsXsZDtC+z9bP2JWtHO1TSRCd9sxOgZzRklgtrPHA XVcTLGZ+QAtF74TyiPPyCGeqNyeFC35DxQzw+fHVJ01HbAvqEX43o1101jYEXvNS1mO8qrcSnpV gTll8 X-Gm-Gg: ASbGnctmIPZH1BmJMhzchuOh+EIHJutL2bnp3nLQ1zIIicIEJXkrOiJ9nvaj2lfF7tp ke2jbmod6dTGMGYYecQfPjX2iOVd98ZzcwoFlfN8kpQ95BC98L2r/jZu7GA7A38sS6IT/T/MBJy wVvSksSxc8QMMP34TIg0iEDjOY9mSQKflH83AA97waHXmj8pBmF4FY+YrhzbSaeaTLJxgV2RFD+ yWZBvJxylnT9B68FrWd2wDXNQRMpRYI6BFUMqo0uVFxq5dN49sYWB+T1TvPkOvp3+ddluw2nSTA wiQZpr2IGdFWJRYIEfDqjgH4bkkhusrUNviP7MI/Iq5k4uFI4AIJkA== X-Google-Smtp-Source: AGHT+IE+2EESbbuUahVbGd8LYUkdrZwVzfgPYbBu4HUsf99HFtdTBq4JiuSLnBsXKslmtRO6vLo+gQ== X-Received: by 2002:a05:6a00:4b01:b0:740:6f69:f52a with SMTP id d2e1a72fcca58-74827cfcc92mr5909087b3a.0.1749225624430; Fri, 06 Jun 2025 09:00:24 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:24 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 05/12] libsoup-2.4: fix CVE-2025-32053 Date: Fri, 6 Jun 2025 08:59:58 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218167 From: Changqing Li Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/426 Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../libsoup/libsoup-2.4/CVE-2025-32053.patch | 39 +++++++++++++++++++ .../libsoup/libsoup-2.4_2.74.3.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch diff --git a/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch new file mode 100644 index 0000000000..0d829d6200 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32053.patch @@ -0,0 +1,39 @@ +From d9bcffd6cd5e8ec32889a594f7348d67a5101b3a Mon Sep 17 00:00:00 2001 +From: Changqing Li +Date: Mon, 12 May 2025 13:58:42 +0800 +Subject: [PATCH] Fix heap buffer overflow in + soup-content-sniffer.c:sniff_feed_or_html() + +CVE: CVE-2025-32053 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a] + +Signed-off-by: Changqing Li +--- + libsoup/soup-content-sniffer.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c +index 967ec61..5f2896e 100644 +--- a/libsoup/soup-content-sniffer.c ++++ b/libsoup/soup-content-sniffer.c +@@ -620,7 +620,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length) + (resource[*pos] == '\x0D')) { + *pos = *pos + 1; + +- if (*pos > resource_length) ++ if (*pos >= resource_length) + return TRUE; + } + +@@ -682,7 +682,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer) + do { + pos++; + +- if (pos > resource_length) ++ if ((pos + 1) > resource_length) + goto text_html; + } while (resource[pos] != '>'); + +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb index c20069edef..9a2778bf92 100644 --- a/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb +++ b/meta/recipes-support/libsoup/libsoup-2.4_2.74.3.bb @@ -33,6 +33,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-32914.patch \ file://CVE-2025-4969.patch \ file://CVE-2025-32907.patch \ + file://CVE-2025-32053.patch \ " SRC_URI[sha256sum] = "e4b77c41cfc4c8c5a035fcdc320c7bc6cfb75ef7c5a034153df1413fa1d92f13" From patchwork Fri Jun 6 15:59:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64482 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AA76C678DA for ; Fri, 6 Jun 2025 16:00:33 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web10.37091.1749225627590584306 for ; Fri, 06 Jun 2025 09:00:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=OkPPJzLy; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-742c73f82dfso1880584b3a.2 for ; Fri, 06 Jun 2025 09:00:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225627; x=1749830427; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VSk8ft0i2bMWMvRgk6uRO91eUpVswEFWtff0PpYLOWQ=; b=OkPPJzLy0n0kftKzwRVqyE22JZYJYcE8qVk19bgQ3l58IRTfD8dNFeAkXA1FNlole3 vRngaUWYFuurCAvok8sUQu/xfWpXJwfqUGC82qeZx9Q7ipiGRe7KaEjyYumfhBjVI0oq YucTr7fdi/XZQUvdkkKleNQRjtx7WYUfnGM2Y0RM9Fy5Ju+Jv4Y+aBYLeZ1qLmemvtKt XiRjJ0ubZ3DYgoMCthhZMJoHDYbYYa2/EuFkL1vKarsbivF4lx5b46mv35FAoLnN3P6b hacSjGXZMcGnw7uAZJ3wJOnnHQYmFohqjVFrlFXnhXkb9TZ2p+5ITT/0Z47wCjSFCgzS uM+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225627; x=1749830427; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VSk8ft0i2bMWMvRgk6uRO91eUpVswEFWtff0PpYLOWQ=; b=E0Q3DiLbcdkd20Z1oiEVCX511Ie2YGm4L3L4i8jC1o9zFhGZwiDDShD7rjOh4uYidp 8J/UlPdC7R4gy6zGYpMsnR4AIQf6zsi6sBxRFOts4veM4intv9+Cgcuwu+rQTYdJWzty UR+OKsVcAfKKAEKMx7HTl56m06RDjc13tzHzHzI7zoffWzwYFEFoUIN9NlIfcQvXL2/u X9+TjyL6LBGTmTdvcoqcSgNcJ0ImlBk+ixiYIfTSIbDRMSFrtZoZlfnf/6PjUlzexzOV hBmggiLvbIMTmuSePKwEROEpzK5IJQImezfSr8K4W3Ywr4CEoPj/LwgiBcCfq4INUNkM R02w== X-Gm-Message-State: AOJu0YweybdOfKskjyTtY2D3M+t3fs/NaVoF9zm2yVIZ8B7KztejluTq OYZ4X+sbOAlZ8gM4LQ3lzcbw4w3liDjTVGr0AYb0+SKJjGPpzHkFLKLI2w+CpWJwgPOocLSr9nN meQCG X-Gm-Gg: ASbGncviV4xVndb2lz5+jsJW+z4nQJQvaLfhwApS60k77qVGe6HyotlgGkbX/0fMOjz OhOJoGOnHWVcfKbzsgK0M/gAlA4vBGMIwOYrmFzW7Iu2bv2Npz4/jWlPTuLs7BfMakbmKl+8E/i 7VLzIKYM1bLAU4pFHZteNQ01CRQX7gdhMrehAmAtoR2/vxqoPkF3gAg0lCHBfkyu2ZcQd2Y5AyY 923nNMUt9eI+K6x0axnx50FnJu+Cdw11EZVn+h2G7FRTdtq4A00OHFQq56w5Dp6+vnbzwadSEB9 mxLfykOljT9FiDTkGbgJkmJM2AI0FfpfKb+sfO+RRJc= X-Google-Smtp-Source: AGHT+IHUbNESd6XZXpJBiFybhSAmpZFdxKyv/GiV3Xr7i8OhI1WjP+S53Yqb1fFMoeL/sHTT3qRQ+w== X-Received: by 2002:a05:6a00:14d4:b0:73e:10ea:b1e9 with SMTP id d2e1a72fcca58-74827e7315emr6146796b3a.6.1749225626397; Fri, 06 Jun 2025 09:00:26 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:25 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/12] libsoup: fix CVE-2025-32053 Date: Fri, 6 Jun 2025 08:59:59 -0700 Message-ID: <7ce73ed9b7125d02abcf8ec34c80270c2e340d55.1749225418.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218168 From: Changqing Li Refer: https://gitlab.gnome.org/GNOME/libsoup/-/issues/426 Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../libsoup-3.4.4/CVE-2025-32053.patch | 40 +++++++++++++++++++ meta/recipes-support/libsoup/libsoup_3.4.4.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch diff --git a/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch new file mode 100644 index 0000000000..93fa69e06c --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup-3.4.4/CVE-2025-32053.patch @@ -0,0 +1,40 @@ +From 819dbc0fcf174b8182cdb279f7be15ea1cde649f Mon Sep 17 00:00:00 2001 +From: Ar Jun +Date: Mon, 18 Nov 2024 14:59:51 -0600 +Subject: [PATCH] Fix heap buffer overflow in + soup-content-sniffer.c:sniff_feed_or_html() + +CVE: CVE-2025-32053 +Upstream-Status: Backport +[https://gitlab.gnome.org/GNOME/libsoup/-/commit/eaed42ca8d40cd9ab63764e3d63641180505f40a] + +Signed-off-by: Changqing Li +--- + libsoup/content-sniffer/soup-content-sniffer.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libsoup/content-sniffer/soup-content-sniffer.c b/libsoup/content-sniffer/soup-content-sniffer.c +index 2351c3f..23d5aaa 100644 +--- a/libsoup/content-sniffer/soup-content-sniffer.c ++++ b/libsoup/content-sniffer/soup-content-sniffer.c +@@ -646,7 +646,7 @@ skip_insignificant_space (const char *resource, int *pos, int resource_length) + (resource[*pos] == '\x0D')) { + *pos = *pos + 1; + +- if (*pos > resource_length) ++ if (*pos >= resource_length) + return TRUE; + } + +@@ -709,7 +709,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, GBytes *buffer) + do { + pos++; + +- if (pos > resource_length) ++ if ((pos + 1) > resource_length) + goto text_html; + } while (resource[pos] != '>'); + +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup_3.4.4.bb b/meta/recipes-support/libsoup/libsoup_3.4.4.bb index 687b14d9d6..ff0ae0afad 100644 --- a/meta/recipes-support/libsoup/libsoup_3.4.4.bb +++ b/meta/recipes-support/libsoup/libsoup_3.4.4.bb @@ -36,6 +36,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-32908-2.patch \ file://CVE-2025-32907-1.patch \ file://CVE-2025-32907-2.patch \ + file://CVE-2025-32053.patch \ " SRC_URI[sha256sum] = "291c67725f36ed90ea43efff25064b69c5a2d1981488477c05c481a3b4b0c5aa" From patchwork Fri Jun 6 16:00:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64478 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12746C677C4 for ; Fri, 6 Jun 2025 16:00:33 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web10.37092.1749225629360745856 for ; Fri, 06 Jun 2025 09:00:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=g+6/lQAH; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-742c3d06de3so2646448b3a.0 for ; Fri, 06 Jun 2025 09:00:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225629; x=1749830429; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=kbsDPDu2sO9FJ4dLcsgADP0puUA++y3ojOxGp5L69fs=; b=g+6/lQAHfmReM5zeUgu2X+aT90C5q9Ti9WY1jkRaPXZpd1JBcgi2/zwFDZjvl6Sqkg r7xylDVeIQcfX+J55AKY2+7ezm1FPoA+xdopWR9aRGv6p4lcPM7u79icyOkdzo2YHB+j U9nK1BTBsL60t/LZd11/3mz/uqHEwujsdaHVdCmE/bKFDkjg/gwUJDfnEzcpKfI02vM2 AYI/2xvTwq+Ui+OhJZ6HCJTXd3S5JHzgwhkVu/ffKfHuCnl9Pnu7rdyURyexptsMwPVt Hgu5ER4dEY324vl5cKxl3y9w+wqt+0x13SI0Us0OEWXhEojVNqHnlw/CH4BrwECQte49 lg4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225629; x=1749830429; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kbsDPDu2sO9FJ4dLcsgADP0puUA++y3ojOxGp5L69fs=; b=vC4sW7CI6SfoqI80lvcFwdHVbYatDYxHCLIFq2yXZL64D4AYPEjzDA5r6WBntaFJgz AbXdAuUID08TvyAo2/1xkaIB1YhKDFwY+zys7VObNJODdCetFo6Chhl6JUzpoE1Rnu7R IH7q2D9dkh9ZpC8H+ABqrRx4Od1yIoJCnesEgA5T1tuigWWPyIleYt2xjU229GIzpxuI YwTqYxfsvrJ5t4hgtdr17m2l7x48N6LiERJMj2FMN3J0ymXiRWo6uDTkGkra9jQI2Ck7 tMk7wRv9SyusK1IBSFT5Imk+AKjZaWU+xDRJ0FtV+gfGKlCIMM19qYP6vHF1zqAWUB+Z hYZA== X-Gm-Message-State: AOJu0YzSF1hKcWmqLOEzmJh469cGhZ+61WVPJLCziku/h8Hor7YLSFdF pRVdWW3hWlsdIpLesVzNObiY+mSZvVw/pRc/XVAuDt4eEHQLK+cxd66WjghBHeX1M5D8B2vnQrp tzktB X-Gm-Gg: ASbGncs29f+KKmCyaa8BkA3FRs5KIHo8fGsrPcupveGGmB5sM7e5baWR7c5VklpHiL4 QGPBawuowBy2U+8WWNrb3c790AABuTqJe/2TE+omydge4b+HAPHDmaRJbsUUuc1zShW7RxN1aNM bHlnQzVjnHMLArAQKB0QUJcob4Ln9JNHQrfHiRMyBRk9SOoOR0iw9/IPFhsB1g99YxPdoivECfk Db42ED9VeJTXi1GGM3wFzM8jmzxgyzoDMgEv3DaXhggUlnVvwgXjFEGSdG2xEvp/5fy8/MgJaFl qYl/5+hN8XCLCSoE1hq5wr2XLdz4VQpbA14ezPEyCRo= X-Google-Smtp-Source: AGHT+IHIh3We8UpcMOCg7PeGLmSB5jyuQ67gqI/nLZXkO7dlhbH8E6t/uCzTIrGB/ty522lIj56fWA== X-Received: by 2002:a05:6a00:2303:b0:736:34a2:8a18 with SMTP id d2e1a72fcca58-74827f4494cmr5869765b3a.24.1749225628254; Fri, 06 Jun 2025 09:00:28 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 07/12] python3-setuptools: Fix CVE-2025-47273 Date: Fri, 6 Jun 2025 09:00:00 -0700 Message-ID: <9769cd99c32faf7d95a7cab07b8550b438ccaf0c.1749225418.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218169 From: Vijay Anusuri Upstream-Status: Backport from https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a & https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../CVE-2025-47273-pre1.patch | 54 +++++++++++++++++ .../python3-setuptools/CVE-2025-47273.patch | 59 +++++++++++++++++++ .../python/python3-setuptools_69.1.1.bb | 2 + 3 files changed, 115 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch new file mode 100644 index 0000000000..72bcaea435 --- /dev/null +++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch @@ -0,0 +1,54 @@ +From d8390feaa99091d1ba9626bec0e4ba7072fc507a Mon Sep 17 00:00:00 2001 +From: "Jason R. Coombs" +Date: Sat, 19 Apr 2025 12:49:55 -0400 +Subject: [PATCH] Extract _resolve_download_filename with test. + +Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a] +CVE: CVE-2025-47273 #Dependency Patch +Signed-off-by: Vijay Anusuri +--- + setuptools/package_index.py | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +diff --git a/setuptools/package_index.py b/setuptools/package_index.py +index 00a972d..d460fcb 100644 +--- a/setuptools/package_index.py ++++ b/setuptools/package_index.py +@@ -815,9 +815,16 @@ class PackageIndex(Environment): + else: + raise DistutilsError("Download error for %s: %s" % (url, v)) from v + +- def _download_url(self, url, tmpdir): +- # Determine download filename +- # ++ @staticmethod ++ def _resolve_download_filename(url, tmpdir): ++ """ ++ >>> du = PackageIndex._resolve_download_filename ++ >>> root = getfixture('tmp_path') ++ >>> url = 'https://files.pythonhosted.org/packages/a9/5a/0db.../setuptools-78.1.0.tar.gz' ++ >>> import pathlib ++ >>> str(pathlib.Path(du(url, root)).relative_to(root)) ++ 'setuptools-78.1.0.tar.gz' ++ """ + name, fragment = egg_info_for_url(url) + if name: + while '..' in name: +@@ -828,8 +835,13 @@ class PackageIndex(Environment): + if name.endswith('.egg.zip'): + name = name[:-4] # strip the extra .zip before download + +- filename = os.path.join(tmpdir, name) ++ return os.path.join(tmpdir, name) + ++ def _download_url(self, url, tmpdir): ++ """ ++ Determine the download filename. ++ """ ++ filename = self._resolve_download_filename(url, tmpdir) + return self._download_vcs(url, filename) or self._download_other(url, filename) + + @staticmethod +-- +2.25.1 + diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch new file mode 100644 index 0000000000..be6617e0f6 --- /dev/null +++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch @@ -0,0 +1,59 @@ +From 250a6d17978f9f6ac3ac887091f2d32886fbbb0b Mon Sep 17 00:00:00 2001 +From: "Jason R. Coombs" +Date: Sat, 19 Apr 2025 13:03:47 -0400 +Subject: [PATCH] Add a check to ensure the name resolves relative to the + tmpdir. + +Closes #4946 + +Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b] +CVE: CVE-2025-47273 +Signed-off-by: Vijay Anusuri +--- + setuptools/package_index.py | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +diff --git a/setuptools/package_index.py b/setuptools/package_index.py +index d460fcb..6c7874d 100644 +--- a/setuptools/package_index.py ++++ b/setuptools/package_index.py +@@ -818,12 +818,20 @@ class PackageIndex(Environment): + @staticmethod + def _resolve_download_filename(url, tmpdir): + """ ++ >>> import pathlib + >>> du = PackageIndex._resolve_download_filename + >>> root = getfixture('tmp_path') + >>> url = 'https://files.pythonhosted.org/packages/a9/5a/0db.../setuptools-78.1.0.tar.gz' +- >>> import pathlib + >>> str(pathlib.Path(du(url, root)).relative_to(root)) + 'setuptools-78.1.0.tar.gz' ++ ++ Ensures the target is always in tmpdir. ++ ++ >>> url = 'https://anyhost/%2fhome%2fuser%2f.ssh%2fauthorized_keys' ++ >>> du(url, root) ++ Traceback (most recent call last): ++ ... ++ ValueError: Invalid filename... + """ + name, fragment = egg_info_for_url(url) + if name: +@@ -835,7 +843,13 @@ class PackageIndex(Environment): + if name.endswith('.egg.zip'): + name = name[:-4] # strip the extra .zip before download + +- return os.path.join(tmpdir, name) ++ filename = os.path.join(tmpdir, name) ++ ++ # ensure path resolves within the tmpdir ++ if not filename.startswith(str(tmpdir)): ++ raise ValueError(f"Invalid filename {filename}") ++ ++ return filename + + def _download_url(self, url, tmpdir): + """ +-- +2.25.1 + diff --git a/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb b/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb index 7663101f23..46b2f0ab00 100644 --- a/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb +++ b/meta/recipes-devtools/python/python3-setuptools_69.1.1.bb @@ -13,6 +13,8 @@ SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-e SRC_URI += " \ file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch \ file://CVE-2024-6345.patch \ + file://CVE-2025-47273-pre1.patch \ + file://CVE-2025-47273.patch \ " SRC_URI[sha256sum] = "5c0806c7d9af348e6dd3777b4f4dbb42c7ad85b190104837488eab9a7c945cf8" From patchwork Fri Jun 6 16:00:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64484 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 37BEFC71132 for ; Fri, 6 Jun 2025 16:00:33 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web10.37093.1749225631580983730 for ; Fri, 06 Jun 2025 09:00:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=TBcNOEgW; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-74264d1832eso2611548b3a.0 for ; Fri, 06 Jun 2025 09:00:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225631; x=1749830431; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=N9OCYToRw7fBWToI9kTtJW5HVk0ZpFGx9WoUIuxXf4c=; b=TBcNOEgWKZdV7umwdPesLcOW0zzdf02jzYGjEgVhL8coiSUpObTDPU+uiK0+xNboNV T+rEdrHhJfwHs7R2S23dAojOpfxpiq+ZBR9UvOLSKDzopkdkGshqDJqORzfGNpS1RlIw fKrFjxudqgE7zaKAOjWpQoQ8ru/qmOOi8iJ/JQzzaUHEhv1SrYDe1PzsxcZqlN8B58Ac WVFL4ZdVdNuFzTfjhGWf1FvOevkr5tm0982c8rzrAX04wx2VUZG/CdDAZFWSXHuSxYFS DU5bSp3hR6owR14Zor24VQ/3vP276Dj/gwTahUd1hD7OhTOXkz2oN4gciu4T0C1U1pOJ iUkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225631; x=1749830431; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=N9OCYToRw7fBWToI9kTtJW5HVk0ZpFGx9WoUIuxXf4c=; b=CadWcPCjRXraxzgyDrSaX42vCkxlUDDX7wDis4npMaFq7wxuqrepR7E+6yuM5j0N8+ nwXPrL+7YI5bqwHT7Xy+O/nWyntdT1g8a0u80hJibE32uS08KdWMe1eWMFWG07OcjEKc T5vmU22fTkOv7GbSKV4Qi7AkayqLECybG/3MvnvoZA9d3vkn0DFIb8xwf1cMS77lVzhN agho1xIIQUlpdkdZ5c5MSO2xA3U5jlMKJqlTnYME1sMiMyzC9NFH8K+EuPUui9+/gujN bUxtqUPQihuxlE2q8qkZrLn6eIydvn1QfM7ucQ68GOa42Lh3XGvoxJg+Xu2ZuF0Dlxj8 +G/g== X-Gm-Message-State: AOJu0YxpUjZM/bTglYrekkveHtMKv87XQG334hGINemwYS0PeLud8XFN Iwnt/FmJsCpW5c8hdstYgn+JsrCExTtMv9pE25aHAAS/dAIAEJzmCcgrU1BXB5nQiztxKwDDGtb ZDHfB X-Gm-Gg: ASbGncuIXhErZdd37K6rPpndg1PVYW8h+HYhrPP4skA7DvfJ5WB6yooFY0ADpqrVZYq GJcTqQoLV7B8RHHnelS5i+8S91Glt7suiXpgKktqpSAhfTau7WQivjQTF1iYiSmJn4FJ3cgLbFQ fHA4WJ79DoptsWdJiyufBZXebrwbSw5py7kWX78w69yj+usnuL5ZL36iXcsdwHhUudCwSIb8BTP 1BhY+kTrnOG8pUGw4lrepHA8jU/rK59W/tLhIcOk8oMY+bfuF8J50kiC9VxEZPl9+e6hQYmdA0e aeG/HNyz9Vbx0zi9La1K27KkoiZJM9iVpVElrqDQ2ja5k0VjHei2Tw== X-Google-Smtp-Source: AGHT+IFrVt3/vHTKE6J3PetM1p6i4YTvDru7FuEo/du5YSp32DvSBqdYgGB/QItDBX3g0yYnUE81dg== X-Received: by 2002:a05:6a00:2e9a:b0:736:35d4:f03f with SMTP id d2e1a72fcca58-74827e7384dmr5565353b3a.6.1749225630515; Fri, 06 Jun 2025 09:00:30 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:30 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 08/12] binutils: Fix CVE-2025-5245 Date: Fri, 6 Jun 2025 09:00:01 -0700 Message-ID: <8202e66670327b02ec3de18b5af4a8b09abdc50d.1749225418.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218170 From: Deepesh Varatharajan PR32829, SEGV on objdump function debug_type_samep u.kenum is always non-NULL, see debug_make_enum_type. Backport a patch from upstream to fix CVE-2025-5245 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a] Signed-off-by: Deepesh Varatharajan Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.42.inc | 1 + .../binutils/0022-CVE-2025-5245.patch | 38 +++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 16db8bc05e..c6fec579ae 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -51,5 +51,6 @@ SRC_URI = "\ file://0021-CVE-2025-1153-3.patch \ file://CVE-2025-1179-pre.patch \ file://CVE-2025-1179.patch \ + file://0022-CVE-2025-5245.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch new file mode 100644 index 0000000000..d4b7d55966 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5245.patch @@ -0,0 +1,38 @@ +From: Alan Modra +Date: Tue, 1 Apr 2025 22:36:54 +1030 + +PR32829, SEGV on objdump function debug_type_samep +u.kenum is always non-NULL, see debug_make_enum_type. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a] +CVE: CVE-2025-5245 + +Signed-off-by: Deepesh Varatharajan + +diff --git a/binutils/debug.c b/binutils/debug.c +index dcc8ccde..465b18e7 100644 +--- a/binutils/debug.c ++++ b/binutils/debug.c +@@ -2554,9 +2554,6 @@ debug_write_type (struct debug_handle *info, + case DEBUG_KIND_UNION_CLASS: + return debug_write_class_type (info, fns, fhandle, type, tag); + case DEBUG_KIND_ENUM: +- if (type->u.kenum == NULL) +- return (*fns->enum_type) (fhandle, tag, (const char **) NULL, +- (bfd_signed_vma *) NULL); + return (*fns->enum_type) (fhandle, tag, type->u.kenum->names, + type->u.kenum->values); + case DEBUG_KIND_POINTER: +@@ -3097,9 +3094,9 @@ debug_type_samep (struct debug_handle *info, struct debug_type_s *t1, + break; + + case DEBUG_KIND_ENUM: +- if (t1->u.kenum == NULL) +- ret = t2->u.kenum == NULL; +- else if (t2->u.kenum == NULL) ++ if (t1->u.kenum->names == NULL) ++ ret = t2->u.kenum->names == NULL; ++ else if (t2->u.kenum->names == NULL) + ret = false; + else + { From patchwork Fri Jun 6 16:00:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64485 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 314A4C61DB8 for ; Fri, 6 Jun 2025 16:00:43 +0000 (UTC) Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com [209.85.210.177]) by mx.groups.io with SMTP id smtpd.web11.37130.1749225634354187990 for ; Fri, 06 Jun 2025 09:00:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=XR6FITfN; spf=softfail (domain: sakoman.com, ip: 209.85.210.177, mailfrom: steve@sakoman.com) Received: by mail-pf1-f177.google.com with SMTP id d2e1a72fcca58-74267c68c11so1948435b3a.0 for ; Fri, 06 Jun 2025 09:00:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225633; x=1749830433; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fZS8+XpD+CJGhs0B+BPT3Ns14gYZa7U0oqBJUwi1syQ=; b=XR6FITfNsN8DJf8VJFXcGgAgXs6tGEuvLyjyggI1OXZpksC/IVSeeFGr6yVwBeUnc9 Y0PkvQ4NmsYE5ApmeIJwzn9O+3XNn1gk31y530FjsX7yxftFv8SvGPpD+PLVgnwKJl6O 9aSk6imCAEJQ4c4QAfE07WdNeYaZ1ILNt6RbjkLPdr7lvRmYq/rlW2paoPcpWV+YEIA8 LX8pwTYdTrig14WOM7FaKQ339f9PuWtVbuPU81IFcbOt4qxtkz6lxa8Pp36W7wydW+v6 NrJT2O8XeglpbPbPlbVLakF2sv8BDE4HirOoDlDeSOt3FyBOLBMB6/eYAeim+KtgDAyh VJKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225633; x=1749830433; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fZS8+XpD+CJGhs0B+BPT3Ns14gYZa7U0oqBJUwi1syQ=; b=el1AREGjZ1GWOb2YxNfg5jzone6mYqy7XMlMHZ8DUU+Qhilj9Qdg1CyuJGpLT/oaCc 9fAmyNvg+C7G4/rKgasBgne0EYyyXiuCzzq72gzck2jUwoZ8uHnF2xBvSpOIYh/z7trv YW3pqxMZEhtZYhoW0XjjHmMIfYsjrdMqS2xpT7nymFONSzdWQCp5xfjQWuhB7ravlVY1 rCk2vmngJ6xUTVA3AH4IuANk/1uFn4WCm8MOm98hrwEuOoW9cNzJkusiZW20IWiK7YXq EmpkmSrOTcdquYwoUDkxiSp5B8oBqp6Ni15zWC3SqjrmRhvrH5moP/IIoaTDFbjW7VSX lY0w== X-Gm-Message-State: AOJu0Yy1RtgAJ6YuVAehbf8Hh3ndPsj2wWWEOveixhCFnS+7tI8+o46h h8z94P+GUcRfgWXuSadRjYkVhSPtcqW8t1tFCbqsiSDfw3OCQM78mZtyZ9U3VA7r1MNrS7WkYAO OC4lE X-Gm-Gg: ASbGncujBGZcB0L9o+y7UgqIBvWE3BcGM12pkAtgI/xmdk8koezVZkst3XRT8URvUOX C2EmBJ11VXuBFXMg0dep6mQ5KZ49llbOQMWEkUnqqrCF1xHeWNrSPGp7sqqSdRSdsCz39gRgF0D tVHGkF4Jw+/UhpvssFCS8ZbwfNGGECp7NSWgP2nq/Jr9DyLfYV/jNFAglG/C/s3UGCzcUYcyHZm c9Bja6O0oMeqqTGh9BnEY42pR9bm03LC1EvKKOArIBbHxgiwQ28eJUUoHZhkIJS12Z4FGrA7SBu BreSDxlhTfiFRU798VtC+kKyFcI2Q9qWk31j1WomTFwrwIsh3VFQWA== X-Google-Smtp-Source: AGHT+IHqLdbQez446lg2aMncoO6KwNeLwIFdTTpSl0MLFWYfTEOP0d7ZEmTTjvUyplgQ9pH5hdfJ0g== X-Received: by 2002:a05:6a00:1743:b0:746:27fc:fea9 with SMTP id d2e1a72fcca58-74827ea5541mr4589122b3a.11.1749225632025; Fri, 06 Jun 2025 09:00:32 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:31 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/12] binutils: Fix CVE-2025-5244 Date: Fri, 6 Jun 2025 09:00:02 -0700 Message-ID: <31fc180f606c5bb141c9c6dd85a7b1d876e1d692.1749225418.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:43 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218171 From: Deepesh Varatharajan PR32858 ld segfault on fuzzed object We missed one place where it is necessary to check for empty groups. Backport a patch from upstream to fix CVE-2025-5244 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d1458933830456e54223d9fc61f0d9b3a19256f5] Signed-off-by: Deepesh Varatharajan Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.42.inc | 1 + .../binutils/0022-CVE-2025-5244.patch | 25 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index c6fec579ae..ea018a48a3 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -52,5 +52,6 @@ SRC_URI = "\ file://CVE-2025-1179-pre.patch \ file://CVE-2025-1179.patch \ file://0022-CVE-2025-5245.patch \ + file://0022-CVE-2025-5244.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch new file mode 100644 index 0000000000..e8855a4b4b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0022-CVE-2025-5244.patch @@ -0,0 +1,25 @@ +From: Alan Modra +Date: Thu, 10 Apr 2025 19:41:49 +0930 + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d1458933830456e54223d9fc61f0d9b3a19256f5] +CVE: CVE-2025-5244 + +PR32858 ld segfault on fuzzed object +We missed one place where it is necessary to check for empty groups. + +Signed-off-by: Deepesh Varatharajan + +diff --git a/bfd/elflink.c b/bfd/elflink.c +index a76e8e38da7..549b7b7dd92 100644 +--- a/bfd/elflink.c ++++ b/bfd/elflink.c +@@ -14408,7 +14408,8 @@ elf_gc_sweep (bfd *abfd, struct bfd_link_info *info) + if (o->flags & SEC_GROUP) + { + asection *first = elf_next_in_group (o); +- o->gc_mark = first->gc_mark; ++ if (first != NULL) ++ o->gc_mark = first->gc_mark; + } + + if (o->gc_mark) From patchwork Fri Jun 6 16:00:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64486 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31466C61CE7 for ; Fri, 6 Jun 2025 16:00:43 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web10.37097.1749225636749989393 for ; Fri, 06 Jun 2025 09:00:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=cX6mPhat; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-7390d21bb1cso1924510b3a.2 for ; Fri, 06 Jun 2025 09:00:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225636; x=1749830436; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=O1CgjKfVxjEEk67FKgX+MgXJGosun0FwCukEiGp68Pw=; b=cX6mPhatZa8a5P0dzqBU8JCf09wRm0rWUmTwfrnglPTC88COjenpPTgE0aBopl4iDz aYlK0HUIdfmcpsH6dL3zlx0WCemFxJQi1EVDcWd9cruK5z4s8QiR7c8jBGwj8rZ2em9B Yg8cxwXBKICemmUn0i3hyR/IyCr43lgETt4W3MddefOTPVmGnh8+T4Q3VAb/kCUIo7jW zWAAHd9Dww62JkybsibLbtHdrpXHFROF/m9sU5M6q7OFAvRPKr1aJbyL6ruGjrAu76DP 2Z+vyCMWla9Eevig1OyUufu7CTJ5S7XJg4oqn3wxbCTsjQ5Hi7+AG6pwkqtT4McpONnN omPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225636; x=1749830436; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=O1CgjKfVxjEEk67FKgX+MgXJGosun0FwCukEiGp68Pw=; b=ATX98zBViLAhm9eN1OnB4wQIcmfOe5iU09zwhM3bgSi1Ll/TrUL9uhcbYQpo8u6O2M 4/V45A29hwCuQZcpc1mXe6xyquxiNN9f8FafWn4+slKdihdvAAkJFPadTozerMz4xFq9 pm4W/HMXC+45tSgLVeG9b6ieIn5f4DiT603CIwr9Drj/FS9kexWZ2d+GcIZfQaWOM09h TosKNW49M6OdaGEr6ADsMti0qypK0F722w3qd8XHtsnmjCnNZ/qCXu4d7xdONp+w9kP8 OIH37gLgAfU3ASZyKjm9qLwySJB75jme/QkQMhETqYQQ3gsCcQf3GwbAjUBblJkl8m+J 7ZfA== X-Gm-Message-State: AOJu0Yy+0oNNKgnu29oCfLaif+JrooFqNZKA+gJ/eohjfycO1gTYM0Ld wYrcE4TZMJto9+S3TuncxTb3nFQOBL9hj/z3x4sv0m3jN6og+Ng7kcu2Hz0FlhMKVT6H8d1QXib 1TEuV X-Gm-Gg: ASbGncvlnuBNWYdftI805UkPT0hoPCOdYYyBKRI3/w5DKhPOBgMHFU8xWxc2zfzvEyU gBEIUG5/hoyKZHUfArRTn9LirU4yh5xK2ByX8DnFuqgA8fMbPWbrmz5aDNNm7jZfkB35k3RZgiy hAeXQN0j3InAR/YjjkW1g0PM+2/uO6fWY4TEOoNnOU0861bbmRz81QA3bJyoJom41qJoS/GsOUa P42BKPeMhgMHS+gg/f0dxQwBzkNSiecaYcFYpjXkYi7Du3TdyhXmewUo+TlMX+BQsgE/RSdg2HA K0fxNP232oRP9zB/35qgZi/HLe+DTUvxVFQ82SI25xFXMH13EB5llAc03E8aTBHD X-Google-Smtp-Source: AGHT+IFMmvXi9qKgzx59uFi8dCAbdZrU60JQXn7DUraxIxIDcNe2u5+pJBHu3HJKqjYau8ks47Pc6g== X-Received: by 2002:a05:6a00:1796:b0:742:a334:466a with SMTP id d2e1a72fcca58-74827ea23a8mr5524363b3a.12.1749225633872; Fri, 06 Jun 2025 09:00:33 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:33 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 10/12] screen: fix CVE-2025-46802 Date: Fri, 6 Jun 2025 09:00:03 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:43 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218172 From: Divya Chellam For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. Reference: https://security-tracker.debian.org/tracker/CVE-2025-46802 Upstream-patch: https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a Signed-off-by: Divya Chellam Signed-off-by: Steve Sakoman --- .../screen/screen/CVE-2025-46802.patch | 146 ++++++++++++++++++ meta/recipes-extended/screen/screen_4.9.1.bb | 1 + 2 files changed, 147 insertions(+) create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46802.patch diff --git a/meta/recipes-extended/screen/screen/CVE-2025-46802.patch b/meta/recipes-extended/screen/screen/CVE-2025-46802.patch new file mode 100644 index 0000000000..e46affc480 --- /dev/null +++ b/meta/recipes-extended/screen/screen/CVE-2025-46802.patch @@ -0,0 +1,146 @@ +From 049b26b22e197ba3be9c46e5c193032e01a4724a Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner +Date: Mon, 12 May 2025 15:15:38 +0200 +Subject: [PATCH] fix CVE-2025-46802: attacher.c - prevent temporary 0666 mode + on PTYs + +This temporary chmod of the PTY to mode 0666 is most likely a remnant of +past times, before the PTY file descriptor was passed to the target +session via the UNIX domain socket. + +This chmod() causes a race condition during which any other user in the +system can open the PTY for reading and writing, and thus allows PTY +hijacking. + +Simply remove this logic completely. + +CVE: CVE-2025-46802 + +Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=049b26b22e197ba3be9c46e5c193032e01a4724a] + +Signed-off-by: Divya Chellam +--- + attacher.c | 27 --------------------------- + screen.c | 19 ------------------- + 2 files changed, 46 deletions(-) + +diff --git a/attacher.c b/attacher.c +index c35ae7a..16b151e 100644 +--- a/attacher.c ++++ b/attacher.c +@@ -73,7 +73,6 @@ extern int MasterPid, attach_fd; + #ifdef MULTIUSER + extern char *multi; + extern int multiattach, multi_uid, own_uid; +-extern int tty_mode, tty_oldmode; + # ifndef USE_SETEUID + static int multipipe[2]; + # endif +@@ -160,9 +159,6 @@ int how; + + if (pipe(multipipe)) + Panic(errno, "pipe"); +- if (chmod(attach_tty, 0666)) +- Panic(errno, "chmod %s", attach_tty); +- tty_oldmode = tty_mode; + eff_uid = -1; /* make UserContext fork */ + real_uid = multi_uid; + if ((ret = UserContext()) <= 0) +@@ -174,11 +170,6 @@ int how; + Panic(errno, "UserContext"); + close(multipipe[1]); + read(multipipe[0], &dummy, 1); +- if (tty_oldmode >= 0) +- { +- chmod(attach_tty, tty_oldmode); +- tty_oldmode = -1; +- } + ret = UserStatus(); + #ifdef LOCK + if (ret == SIG_LOCK) +@@ -224,9 +215,6 @@ int how; + xseteuid(multi_uid); + xseteuid(own_uid); + #endif +- if (chmod(attach_tty, 0666)) +- Panic(errno, "chmod %s", attach_tty); +- tty_oldmode = tty_mode; + } + # endif /* USE_SETEUID */ + #endif /* MULTIUSER */ +@@ -423,13 +411,6 @@ int how; + ContinuePlease = 0; + # ifndef USE_SETEUID + close(multipipe[1]); +-# else +- xseteuid(own_uid); +- if (tty_oldmode >= 0) +- if (chmod(attach_tty, tty_oldmode)) +- Panic(errno, "chmod %s", attach_tty); +- tty_oldmode = -1; +- xseteuid(real_uid); + # endif + } + #endif +@@ -505,14 +486,6 @@ AttacherFinit SIGDEFARG + close(s); + } + } +-#ifdef MULTIUSER +- if (tty_oldmode >= 0) +- { +- if (setuid(own_uid)) +- Panic(errno, "setuid"); +- chmod(attach_tty, tty_oldmode); +- } +-#endif + exit(0); + SIGRETURN; + } +diff --git a/screen.c b/screen.c +index 7653cd1..1a23e1a 100644 +--- a/screen.c ++++ b/screen.c +@@ -230,8 +230,6 @@ char *multi_home; + int multi_uid; + int own_uid; + int multiattach; +-int tty_mode; +-int tty_oldmode = -1; + #endif + + char HostName[MAXSTR]; +@@ -1009,9 +1007,6 @@ int main(int ac, char** av) + + /* ttyname implies isatty */ + SetTtyname(true, &st); +-#ifdef MULTIUSER +- tty_mode = (int)st.st_mode & 0777; +-#endif + + fl = fcntl(0, F_GETFL, 0); + if (fl != -1 && (fl & (O_RDWR|O_RDONLY|O_WRONLY)) == O_RDWR) +@@ -2170,20 +2165,6 @@ DEFINE_VARARGS_FN(Panic) + if (D_userpid) + Kill(D_userpid, SIG_BYE); + } +-#ifdef MULTIUSER +- if (tty_oldmode >= 0) { +- +-# ifdef USE_SETEUID +- if (setuid(own_uid)) +- xseteuid(own_uid); /* may be a loop. sigh. */ +-# else +- setuid(own_uid); +-# endif +- +- debug1("Panic: changing back modes from %s\n", attach_tty); +- chmod(attach_tty, tty_oldmode); +- } +-#endif + eexit(1); + } + +-- +2.40.0 + diff --git a/meta/recipes-extended/screen/screen_4.9.1.bb b/meta/recipes-extended/screen/screen_4.9.1.bb index 96f8021255..bc4928ff77 100644 --- a/meta/recipes-extended/screen/screen_4.9.1.bb +++ b/meta/recipes-extended/screen/screen_4.9.1.bb @@ -22,6 +22,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ file://0001-fix-for-multijob-build.patch \ file://0001-Remove-more-compatibility-stuff.patch \ file://CVE-2025-46805.patch \ + file://CVE-2025-46802.patch \ " SRC_URI[sha256sum] = "26cef3e3c42571c0d484ad6faf110c5c15091fbf872b06fa7aa4766c7405ac69" From patchwork Fri Jun 6 16:00:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64487 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 331B7C61CE7 for ; Fri, 6 Jun 2025 16:00:53 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web10.37102.1749225643917574256 for ; Fri, 06 Jun 2025 09:00:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=2I13pgQn; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-747fc7506d4so2347966b3a.0 for ; Fri, 06 Jun 2025 09:00:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225643; x=1749830443; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=34qitVRbpoH7T2obo3Z91c76SoEWVMVbFyyFQgsPBY8=; b=2I13pgQnT/A1EsWk/BposJzyg0Lo31p4z9AnGWVccPzjG2BkM3tT1WcbFs7AFNCWPd uZZRg+JR5w6qjebcyd3hztLDSQ+LAgWfsP++z63wBJJJ+Jz5QwJbgpKw9tVQESAor/kN /VTQ9IJGVx9HELFjIXEC4z5nQrxfjg6NKKDKWSbwx1LxY58892EcTu2hgRLwSek60byL odBxZBDUytcEw4YgKRbGmO4GbENJR3biQwCtkNg0tKTnyea5F8lbByX0ARRYqgDuOHlt QrNvDQROmk39h6LdRkMbkAP+APdz+nGf3ynMMza8WbJKMi6ut9QOodl2t70VrsZ6pDZg 5caw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225643; x=1749830443; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=34qitVRbpoH7T2obo3Z91c76SoEWVMVbFyyFQgsPBY8=; b=IEeq2uyHgiaD1UPFwIe/pufJVheJdvEn/yLbizaytD3CVmIRQt6/7AkoiBRHYaPcWO ULDb1fOT2DVXIYxz62vInFr9LU81zEh3pSB8IzVmsnwzHppnFDaZmL3FovRtsS/o+94U sVTDxRrlDZjj2HKkriiuaCSv1Lczs+0vX7OiyCSKhibdPQV2ynlggOG/3Q2AI4V2vw9L 6RQJDG+R6+3I9rEogxNVBDAxR6+Ol6ey1p8ROeSevQToOb9lv8GBXCIi1+hoEektZZrg +3SWMwJjx+v3scF5KKgm8tnxtw/3Q0szsS0jez9K6TLCk2hP1q9l7Gr+BKV0NnWEBG+2 isUQ== X-Gm-Message-State: AOJu0YwXP/hkwdHvD7+C8uCSv+v9heKqU5bwXLP/EINjwVf4yq8JkNKh 0Q00XAZXvTd8i1x1t5KyjK+nkRqYBmChVSWsjUr2VwL74DFJBtp8Tfavb2yYBE81G4nNRqxYd/o 7OLsg X-Gm-Gg: ASbGncsK1OeSENO15bAvLgqTW8ssCp7tTjWsdFIEuNSSXb7OrV2LaZRlrazyG3uVOKQ PI7sINFbuR5P6mz/8Yf/DCzJ/spvcpFHV7I7KoDIsHTXHn98LvNISJN2WV4z5kWRID3mgTDVYB3 PyP1PE3tPegXSLAR3rlmhuQTtjsr3ZBvOHrvTcIGLZkMUAVtyJZKg2zTiflhz+6T4tq+jXwZ4e2 /Cjdn9/i16/nQeSLn5MHc7lGPDz2RVc12hJZX6IJrIkfQLGSuggdxB9Gr5P9gAkBG4GnIPvRSqW 1Qbjgo8k6qoZiCmP8k8GJbFc9qpBxQLmnPvGZNA3/kE= X-Google-Smtp-Source: AGHT+IFyZA7bmU3XAsRb2DbGa584uF2D9EE/pUJSoDSRCoPlrFwJHEVgfYBUgY9vi7/o/cZ2sBpZ4Q== X-Received: by 2002:a05:6a00:2343:b0:746:2a0b:3dc8 with SMTP id d2e1a72fcca58-74827f10ac0mr5088309b3a.17.1749225643146; Fri, 06 Jun 2025 09:00:43 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:42 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 11/12] screen: fix CVE-2025-46804 Date: Fri, 6 Jun 2025 09:00:04 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218173 From: Divya Chellam A minor information leak when running Screen with setuid-root privileges allosw unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0. Reference: https://security-tracker.debian.org/tracker/CVE-2025-46804 Upstream-patch: https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30 Signed-off-by: Divya Chellam Signed-off-by: Steve Sakoman --- .../screen/screen/CVE-2025-46804.patch | 131 ++++++++++++++++++ meta/recipes-extended/screen/screen_4.9.1.bb | 1 + 2 files changed, 132 insertions(+) create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46804.patch diff --git a/meta/recipes-extended/screen/screen/CVE-2025-46804.patch b/meta/recipes-extended/screen/screen/CVE-2025-46804.patch new file mode 100644 index 0000000000..918c2c5ce9 --- /dev/null +++ b/meta/recipes-extended/screen/screen/CVE-2025-46804.patch @@ -0,0 +1,131 @@ +From e0eef5aac453fa98a2664416a56c50ad1d00cb30 Mon Sep 17 00:00:00 2001 +From: Matthias Gerstner +Date: Mon, 12 May 2025 15:26:11 +0200 +Subject: [PATCH] fix CVE-2025-46804: avoid file existence test information + leaks + +In setuid-root context the current error messages give away whether +certain paths not accessible by the real user exist and what type they +have. To prevent this only output generic error messages in setuid-root +context. + +In some situations, when an error is pertaining a directory and the +directory is owner by the real user then we can still output more +detailed diagnostics. + +This change can lead to less helpful error messages when Screen is +install setuid-root. More complex changes would be needed to avoid this +(e.g. only open the `SocketPath` with raised privileges when +multi-attach is requested). + +There might still be lingering some code paths that allow such +information leaks, since `SocketPath` is a global variable that is used +across the code base. The majority of issues should be caught with this +fix, however. + +CVE: CVE-2025-46804 + +Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/screen.git/commit/?id=e0eef5aac453fa98a2664416a56c50ad1d00cb30] + +Signed-off-by: Divya Chellam +--- + screen.c | 45 ++++++++++++++++++++++++++++++++++----------- + socket.c | 9 +++++++-- + 2 files changed, 41 insertions(+), 13 deletions(-) + +diff --git a/screen.c b/screen.c +index 1a23e1a..6eec151 100644 +--- a/screen.c ++++ b/screen.c +@@ -1122,15 +1122,28 @@ int main(int ac, char** av) + #endif + } + +- if (stat(SockPath, &st) == -1) +- Panic(errno, "Cannot access %s", SockPath); +- else +- if (!S_ISDIR(st.st_mode)) ++ if (stat(SockPath, &st) == -1) { ++ if (eff_uid == real_uid) { ++ Panic(errno, "Cannot access %s", SockPath); ++ } else { ++ Panic(0, "Error accessing %s", SockPath); ++ } ++ } else if (!S_ISDIR(st.st_mode)) { ++ if (eff_uid == real_uid || st.st_uid == real_uid) { + Panic(0, "%s is not a directory.", SockPath); ++ } else { ++ Panic(0, "Error accessing %s", SockPath); ++ } ++ } + #ifdef MULTIUSER + if (multi) { +- if ((int)st.st_uid != multi_uid) +- Panic(0, "%s is not the owner of %s.", multi, SockPath); ++ if ((int)st.st_uid != multi_uid) { ++ if (eff_uid == real_uid || st.st_uid == real_uid) { ++ Panic(0, "%s is not the owner of %s.", multi, SockPath); ++ } else { ++ Panic(0, "Error accessing %s", SockPath); ++ } ++ } + } + else + #endif +@@ -1144,9 +1157,13 @@ int main(int ac, char** av) + Panic(0, "You are not the owner of %s.", SockPath); + #endif + } +- +- if ((st.st_mode & 0777) != 0700) +- Panic(0, "Directory %s must have mode 700.", SockPath); ++ if ((st.st_mode & 0777) != 0700) { ++ if (eff_uid == real_uid || st.st_uid == real_uid) { ++ Panic(0, "Directory %s must have mode 700.", SockPath); ++ } else { ++ Panic(0, "Error accessing %s", SockPath); ++ } ++ } + if (SockMatch && index(SockMatch, '/')) + Panic(0, "Bad session name '%s'", SockMatch); + SockName = SockPath + strlen(SockPath) + 1; +@@ -1184,8 +1201,14 @@ int main(int ac, char** av) + else + exit(9 + (fo || oth ? 1 : 0) + fo); + } +- if (fo == 0) +- Panic(0, "No Sockets found in %s.\n", SockPath); ++ if (fo == 0) { ++ if (eff_uid == real_uid || st.st_uid == real_uid) { ++ Panic(0, "No Sockets found in %s.\n", SockPath); ++ } else { ++ Panic(0, "Error accessing %s", SockPath); ++ } ++ } ++ + Msg(0, "%d Socket%s in %s.", fo, fo > 1 ? "s" : "", SockPath); + eexit(0); + } +diff --git a/socket.c b/socket.c +index 54d8cb8..6c3502f 100644 +--- a/socket.c ++++ b/socket.c +@@ -169,8 +169,13 @@ bool *is_sock; + xsetegid(real_gid); + #endif + +- if ((dirp = opendir(SockPath)) == 0) +- Panic(errno, "Cannot opendir %s", SockPath); ++ if ((dirp = opendir(SockPath)) == 0) { ++ if (eff_uid == real_uid) { ++ Panic(errno, "Cannot opendir %s", SockPath); ++ } else { ++ Panic(0, "Error accessing %s", SockPath); ++ } ++ } + + slist = 0; + slisttail = &slist; +-- +2.40.0 + diff --git a/meta/recipes-extended/screen/screen_4.9.1.bb b/meta/recipes-extended/screen/screen_4.9.1.bb index bc4928ff77..706351a593 100644 --- a/meta/recipes-extended/screen/screen_4.9.1.bb +++ b/meta/recipes-extended/screen/screen_4.9.1.bb @@ -23,6 +23,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \ file://0001-Remove-more-compatibility-stuff.patch \ file://CVE-2025-46805.patch \ file://CVE-2025-46802.patch \ + file://CVE-2025-46804.patch \ " SRC_URI[sha256sum] = "26cef3e3c42571c0d484ad6faf110c5c15091fbf872b06fa7aa4766c7405ac69" From patchwork Fri Jun 6 16:00:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 64488 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A17EC61DB8 for ; Fri, 6 Jun 2025 16:00:53 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web11.37143.1749225650355648265 for ; Fri, 06 Jun 2025 09:00:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=tOzDhTbl; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-72d3b48d2ffso1893293b3a.2 for ; Fri, 06 Jun 2025 09:00:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1749225649; x=1749830449; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=u001KQ1YdKCY/tq1d7eKDdqj7bNKhKPZPUczUCf4RyQ=; b=tOzDhTblgtKjRbeStBVWjgtvysv6jqXdWse/D9WmlaDZHgroIboJ07GnnvkuAfDYXw bI3Q396EGAIeJIi468lGu03YrThwQUN+2FR3/Kb1xDKnyqheZeOOeAr8CMJlupZgi+32 3TwRfqoxGbbvGkCZj5n7VC3uOfL9Uxk8ekrCo/zULp+rL2r+H+eOPCzmB5SIftUsc788 mR5G7yA002fhOLODYmQvBc9GZmuTz91hBM+Fdlrz0kpQlf3NJ8T1gPQhftIK+EdF8jP2 q7MfOJ5asYm/f1353LPsBGw0xUyt/O/X0nrhQu7dLWXUCV8AY9A9Q/F0mWw+LrxZNTBT uWlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749225649; x=1749830449; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=u001KQ1YdKCY/tq1d7eKDdqj7bNKhKPZPUczUCf4RyQ=; b=gWGkNciO5kvo1bdsCZT/OwriyPHZfUTi3Ye3ynLTSNnkG7WHJq1UDHvm6VYUWhrJI4 OVreFTv7S7KZUZXx/BHPHNHpghVXd1gg9+y2olrm3VOrqT8Pr4Zc8J4HF//LbkX21cRJ 3mLUvaz8KUiFXzL0dorHxouNU+8Sj+aFiIzU55Wzve67fkgYpk5TKtT9/UdBBHpTo0/u zOTgw2yWEd4yb7hw3+96GPFnpEAzA7rEG8YgBPZOp/jdvWLPF/uXwW5S35f6O/oI3rMC d0ShGh62KQ1eJeYUxDhbzgjkQ/t0KCfz6IueU/GIhVxcSmTiJG4qC2wsYlg84m3gyx41 CgPQ== X-Gm-Message-State: AOJu0YzJCnbtZ/8nZdaketStIdUnaVMslcysqLgRDOpdKl+Resg1x0Hb eqDdzmP/xKQ5QXM9wIaBXfaUVAz+XYCSjVgluFXjZW3PEkff7keCFc1jKQkJKpw1ESyA0SuZx2R HdKBO X-Gm-Gg: ASbGncsGWUW6I1wy+CyP1xAjRZQpl57em/JT262/eIjybd5dmAH91G8/T0naQEY+uF1 6E8F+sU3NozpQSPd3r9e78SBe5RHhIOZ63pU9WnzYrZ7+FJM4/jw6VtDmClz08piobXmzyEg1wl ErjhkZLUr8KWvdpmzbt2T4eRZSZx21hPM0CO37RoqbdcHebVm3WNmDH/3FObt46whZuUqEVSOdY mfPLJZZVCh1+ijDgWPEsDyy0y1YaFUG9oHLfK8MljfY/hR5K4Amf9S9+Ng9kHxBeE/7f6/zQdtC eilHmaObTJuBY+ql1VCp/U4ekPnt6UZjaK40r9erWfWjYwTQTcwseA== X-Google-Smtp-Source: AGHT+IHkrDxUPZC6zwWpm/3TUV3nt9fKu/t8b/owOYc4TmXY+UPs4ZZk/AGT/xAjho4yP+e5UOKauw== X-Received: by 2002:a05:6a20:7345:b0:201:8a13:f392 with SMTP id adf61e73a8af0-21ee2564cb1mr5502028637.20.1749225647949; Fri, 06 Jun 2025 09:00:47 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:742a:4153:2a1f:f028]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7482b083a9bsm1436489b3a.77.2025.06.06.09.00.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Jun 2025 09:00:47 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 12/12] systemd: upgrade 255.18 -> 255.21 Date: Fri, 6 Jun 2025 09:00:05 -0700 Message-ID: <29e623b2ad00555788412fa520fbb9ffec794cbb.1749225418.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Jun 2025 16:00:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218174 From: Guðni Már Gilbert The update includes 79 commits. Full list of changes can be found on Github [1] All patches were refreshed with devtool. [1] https://github.com/systemd/systemd-stable/compare/v255.18...v255.21 Signed-off-by: Guðni Már Gilbert Signed-off-by: Steve Sakoman --- ...-native_255.18.bb => systemd-boot-native_255.21.bb} | 0 .../{systemd-boot_255.18.bb => systemd-boot_255.21.bb} | 0 meta/recipes-core/systemd/systemd.inc | 2 +- .../0001-missing_type.h-add-comparison_fn_t.patch | 2 +- ...d-fallback-parse_printf_format-implementation.patch | 2 +- ...Don-t-install-dependency-links-at-install-tim.patch | 2 +- ...rc-basic-missing.h-check-for-missing-strndupa.patch | 10 +++++----- ...ail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 2 +- .../0005-add-missing-FTW_-macros-for-musl.patch | 2 +- .../0006-Use-uintmax_t-for-handling-rlim_t.patch | 2 +- ...-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 2 +- ...glibc-compatible-basename-for-non-glibc-syste.patch | 2 +- .../0008-implment-systemd-sysv-install-for-OE.patch | 2 +- ...disable-buffering-when-writing-to-oom_score_a.patch | 2 +- ...uish-XSI-compliant-strerror_r-from-GNU-specif.patch | 2 +- ...-avoid-redefinition-of-prctl_mm_map-structure.patch | 2 +- .../0012-do-not-disable-buffer-in-writing-files.patch | 8 ++++---- .../systemd/systemd/0013-Handle-__cpu_mask-usage.patch | 2 +- .../systemd/systemd/0014-Handle-missing-gshadow.patch | 2 +- ...ng_syscall.h-Define-MIPS-ABI-defines-for-musl.patch | 2 +- .../0016-pass-correct-parameters-to-getdents64.patch | 2 +- .../systemd/systemd/0017-Adjust-for-musl-headers.patch | 2 +- ...s-error-strerror-is-assumed-to-be-GNU-specifi.patch | 2 +- ...19-errno-util-Make-STRERROR-portable-for-musl.patch | 2 +- ...d-event-Make-malloc_trim-conditional-on-glibc.patch | 2 +- .../0021-shared-Do-not-use-malloc_info-on-musl.patch | 2 +- .../0022-avoid-missing-LOCK_EX-declaration.patch | 4 ++-- .../systemd/{systemd_255.18.bb => systemd_v255.21.bb} | 0 28 files changed, 33 insertions(+), 33 deletions(-) rename meta/recipes-core/systemd/{systemd-boot-native_255.18.bb => systemd-boot-native_255.21.bb} (100%) rename meta/recipes-core/systemd/{systemd-boot_255.18.bb => systemd-boot_255.21.bb} (100%) rename meta/recipes-core/systemd/{systemd_255.18.bb => systemd_v255.21.bb} (100%) diff --git a/meta/recipes-core/systemd/systemd-boot-native_255.18.bb b/meta/recipes-core/systemd/systemd-boot-native_255.21.bb similarity index 100% rename from meta/recipes-core/systemd/systemd-boot-native_255.18.bb rename to meta/recipes-core/systemd/systemd-boot-native_255.21.bb diff --git a/meta/recipes-core/systemd/systemd-boot_255.18.bb b/meta/recipes-core/systemd/systemd-boot_255.21.bb similarity index 100% rename from meta/recipes-core/systemd/systemd-boot_255.18.bb rename to meta/recipes-core/systemd/systemd-boot_255.21.bb diff --git a/meta/recipes-core/systemd/systemd.inc b/meta/recipes-core/systemd/systemd.inc index 8e134d8c86..28392b6b09 100644 --- a/meta/recipes-core/systemd/systemd.inc +++ b/meta/recipes-core/systemd/systemd.inc @@ -15,7 +15,7 @@ LICENSE:libsystemd = "LGPL-2.1-or-later" LIC_FILES_CHKSUM = "file://LICENSE.GPL2;md5=751419260aa954499f7abaabaa882bbe \ file://LICENSE.LGPL2.1;md5=4fbd65380cdd255951079008b364516c" -SRCREV = "20415d357fb0e253df7444019a47674fac4ed1d6" +SRCREV = "70500d37992a01d3275b1c414c3ed161d6f91f9e" SRCBRANCH = "v255-stable" SRC_URI = "git://github.com/systemd/systemd-stable.git;protocol=https;branch=${SRCBRANCH}" diff --git a/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch b/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch index d2ffdd8de4..22f0468460 100644 --- a/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch +++ b/meta/recipes-core/systemd/systemd/0001-missing_type.h-add-comparison_fn_t.patch @@ -1,4 +1,4 @@ -From 7bbb54406dd77c358eab9df08b100ee85e176052 Mon Sep 17 00:00:00 2001 +From b270af4c086d254758fdcd1d294b15a555a4b3ea Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Mon, 25 Feb 2019 13:55:12 +0800 Subject: [PATCH] missing_type.h: add comparison_fn_t diff --git a/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch b/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch index df9e978e55..6cce960299 100644 --- a/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch +++ b/meta/recipes-core/systemd/systemd/0002-add-fallback-parse_printf_format-implementation.patch @@ -1,4 +1,4 @@ -From d0b08484a6c3113b6209d8f8e1dc1186a6427b99 Mon Sep 17 00:00:00 2001 +From 0660aea3d7c8058d73c9f7b2971f4daf35dd7a32 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Sat, 22 May 2021 20:26:24 +0200 Subject: [PATCH] add fallback parse_printf_format implementation diff --git a/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch b/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch index 784f0898c0..4472dda2e8 100644 --- a/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch +++ b/meta/recipes-core/systemd/systemd/0002-binfmt-Don-t-install-dependency-links-at-install-tim.patch @@ -1,4 +1,4 @@ -From 7e4fae68909ce4932e073dd060e22581edc39ad2 Mon Sep 17 00:00:00 2001 +From edc39fe19419120f70341cd50d4d097a514ac9cb Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Thu, 21 Feb 2019 16:23:24 +0800 Subject: [PATCH] binfmt: Don't install dependency links at install time for diff --git a/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch b/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch index e46b4386aa..715a0c7ec8 100644 --- a/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch +++ b/meta/recipes-core/systemd/systemd/0003-src-basic-missing.h-check-for-missing-strndupa.patch @@ -1,4 +1,4 @@ -From ca0b48676132744b78d99ee3ec2d33f11bb73c28 Mon Sep 17 00:00:00 2001 +From c728a728cd54c372162f5447aa94921efb0c35f0 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Mon, 25 Feb 2019 14:18:21 +0800 Subject: [PATCH] src/basic/missing.h: check for missing strndupa @@ -280,7 +280,7 @@ index b3baf03afc..7404784a01 100644 BUS_DEFINE_PROPERTY_GET(bus_property_get_tasks_max, "t", CGroupTasksMax, cgroup_tasks_max_resolve); diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index 2d05ba7e1d..61a7de0037 100644 +index 71b07a6ec1..174a94e8a0 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c @@ -42,6 +42,7 @@ @@ -352,7 +352,7 @@ index 7e0c98cb7d..978a7f5874 100644 #define DEFAULT_MAX_USE_LOWER (uint64_t) (1ULL*1024ULL*1024ULL) /* 1 MiB */ #define DEFAULT_MAX_USE_UPPER (uint64_t) (4ULL*1024ULL*1024ULL*1024ULL) /* 4 GiB */ diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c -index 016f3baa7f..b1def81313 100644 +index e7caf510ba..79b252cad7 100644 --- a/src/fstab-generator/fstab-generator.c +++ b/src/fstab-generator/fstab-generator.c @@ -37,6 +37,7 @@ @@ -424,7 +424,7 @@ index 5ade8e99aa..7553cf319d 100644 #define SNDBUF_SIZE (8*1024*1024) diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c -index 8befc97460..6ee4d4f595 100644 +index b32cd6c6a0..cc484454e0 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -46,6 +46,7 @@ @@ -616,7 +616,7 @@ index 0a31be382f..92d629e7e0 100644 /* up to three lines (each up to 100 characters) or 300 characters, whichever is less */ #define PRINT_LINE_THRESHOLD 3 diff --git a/src/shared/pager.c b/src/shared/pager.c -index 19deefab56..6b6d0af1a0 100644 +index 41dd7bffdc..9ca45d8b91 100644 --- a/src/shared/pager.c +++ b/src/shared/pager.c @@ -25,6 +25,7 @@ diff --git a/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch b/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch index 43ba526792..19eaf9170d 100644 --- a/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch +++ b/meta/recipes-core/systemd/systemd/0004-don-t-fail-if-GLOB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch @@ -1,4 +1,4 @@ -From 3ea9cc03431c93c86cf0ca63ad04219af221a2d0 Mon Sep 17 00:00:00 2001 +From 674232187bf337c31a6528b4d241eafeb27ac85e Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Mon, 25 Feb 2019 14:56:21 +0800 Subject: [PATCH] don't fail if GLOB_BRACE and GLOB_ALTDIRFUNC is not defined diff --git a/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch b/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch index c25ccde9e2..dbd94d473d 100644 --- a/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch +++ b/meta/recipes-core/systemd/systemd/0005-add-missing-FTW_-macros-for-musl.patch @@ -1,4 +1,4 @@ -From 885a6880ad1b687e3fbf1b9f35e218bee1fcc835 Mon Sep 17 00:00:00 2001 +From cdaafa37983753d309d2b37f8262e71f95798e52 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Mon, 25 Feb 2019 15:00:06 +0800 Subject: [PATCH] add missing FTW_ macros for musl diff --git a/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch b/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch index 13c155745a..09ffbcb70a 100644 --- a/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch +++ b/meta/recipes-core/systemd/systemd/0006-Use-uintmax_t-for-handling-rlim_t.patch @@ -1,4 +1,4 @@ -From 646c3ced29922065eed64ac9b23af8276e989608 Mon Sep 17 00:00:00 2001 +From 8c33fe6338c448dca8533b9d3f9933e2794bda61 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Mon, 25 Feb 2019 15:12:41 +0800 Subject: [PATCH] Use uintmax_t for handling rlim_t diff --git a/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch b/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch index 55405c5d0b..563f033b0d 100644 --- a/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch +++ b/meta/recipes-core/systemd/systemd/0007-don-t-pass-AT_SYMLINK_NOFOLLOW-flag-to-faccessat.patch @@ -1,4 +1,4 @@ -From f772369a2519b378c09bb89bd48c3743a62404e3 Mon Sep 17 00:00:00 2001 +From 68ab3364c0fe1073bba3adf02add7108de80a17c Mon Sep 17 00:00:00 2001 From: Andre McCurdy Date: Tue, 10 Oct 2017 14:33:30 -0700 Subject: [PATCH] don't pass AT_SYMLINK_NOFOLLOW flag to faccessat() diff --git a/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch b/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch index 6005b621ee..cc9f7771be 100644 --- a/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch +++ b/meta/recipes-core/systemd/systemd/0008-Define-glibc-compatible-basename-for-non-glibc-syste.patch @@ -1,4 +1,4 @@ -From 45b1226ddbd981798e0448da41ddc4901e246b45 Mon Sep 17 00:00:00 2001 +From 6dd1aa50da27c07530a434218b5a7a384d0c6747 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Sun, 27 May 2018 08:36:44 -0700 Subject: [PATCH] Define glibc compatible basename() for non-glibc systems diff --git a/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch b/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch index d43eaeff7a..21faa10a95 100644 --- a/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch +++ b/meta/recipes-core/systemd/systemd/0008-implment-systemd-sysv-install-for-OE.patch @@ -1,4 +1,4 @@ -From abca5814cb0b5b98a1e7af829cc166e76c524f1a Mon Sep 17 00:00:00 2001 +From 8da2b10dcbf423f791db79b7dfcc6cfaf8e26f8b Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Sat, 5 Sep 2015 06:31:47 +0000 Subject: [PATCH] implment systemd-sysv-install for OE diff --git a/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch b/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch index 3e557b764f..66aa8551ac 100644 --- a/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch +++ b/meta/recipes-core/systemd/systemd/0009-Do-not-disable-buffering-when-writing-to-oom_score_a.patch @@ -1,4 +1,4 @@ -From 8d61cecff3ba0687ad2c10aacb7d2aee7cb3fa79 Mon Sep 17 00:00:00 2001 +From ed33f139195794477ac854214022034db306f42d Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Wed, 4 Jul 2018 15:00:44 +0800 Subject: [PATCH] Do not disable buffering when writing to oom_score_adj diff --git a/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch b/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch index d4b67d15f4..66fab46128 100644 --- a/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch +++ b/meta/recipes-core/systemd/systemd/0010-distinguish-XSI-compliant-strerror_r-from-GNU-specif.patch @@ -1,4 +1,4 @@ -From 2180b639665bd314905ef058dee9a5e4a534333e Mon Sep 17 00:00:00 2001 +From ef261a0122ff5a4340897c9afe1fae04d14eb0dd Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Tue, 10 Jul 2018 15:40:17 +0800 Subject: [PATCH] distinguish XSI-compliant strerror_r from GNU-specifi diff --git a/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch b/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch index ad8888895f..1ad9a302ff 100644 --- a/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch +++ b/meta/recipes-core/systemd/systemd/0011-avoid-redefinition-of-prctl_mm_map-structure.patch @@ -1,4 +1,4 @@ -From 3b1639c7052d9d574dd05d268364e7919b6f2580 Mon Sep 17 00:00:00 2001 +From 8b76e1f027d73e26cfc8e13bd49f43197dbb9004 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Mon, 25 Feb 2019 15:44:54 +0800 Subject: [PATCH] avoid redefinition of prctl_mm_map structure diff --git a/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch b/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch index f0eafd6fea..3ff247debb 100644 --- a/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch +++ b/meta/recipes-core/systemd/systemd/0012-do-not-disable-buffer-in-writing-files.patch @@ -1,4 +1,4 @@ -From c1a375d93edbfaf3f64bec88c75cfcf436d4ba05 Mon Sep 17 00:00:00 2001 +From 9686b8c52bd9e532ebe687dd31352d884873e0a4 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Fri, 1 Mar 2019 15:22:15 +0800 Subject: [PATCH] do not disable buffer in writing files @@ -188,10 +188,10 @@ index d21f3f79ff..258607cc7e 100644 log_warning_errno(r, "Failed to flush binfmt_misc rules, ignoring: %m"); else diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 61539afdbf..77e2b35daf 100644 +index d398655b0a..9558f38a72 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c -@@ -4581,7 +4581,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) { +@@ -4589,7 +4589,7 @@ int unit_cgroup_freezer_action(Unit *u, FreezerAction action) { u->freezer_state = FREEZER_THAWING; } @@ -201,7 +201,7 @@ index 61539afdbf..77e2b35daf 100644 return r; diff --git a/src/core/main.c b/src/core/main.c -index 8373a156cb..33e866942c 100644 +index 364dc895d1..d28ec42030 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1683,7 +1683,7 @@ static void initialize_core_pattern(bool skip_setup) { diff --git a/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch b/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch index 5427671553..a92d4db101 100644 --- a/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch +++ b/meta/recipes-core/systemd/systemd/0013-Handle-__cpu_mask-usage.patch @@ -1,4 +1,4 @@ -From b10a273f5e26536068a90f961c2a7a6c6528083b Mon Sep 17 00:00:00 2001 +From 385fbcc3cec50b995299e25f913d9683ddf51174 Mon Sep 17 00:00:00 2001 From: Scott Murray Date: Fri, 13 Sep 2019 19:26:27 -0400 Subject: [PATCH] Handle __cpu_mask usage diff --git a/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch b/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch index 679b42ff95..f84f289c2f 100644 --- a/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch +++ b/meta/recipes-core/systemd/systemd/0014-Handle-missing-gshadow.patch @@ -1,4 +1,4 @@ -From c55dd0f9e1ea05749d0a54082daa69729ee946af Mon Sep 17 00:00:00 2001 +From bc62e5e507cc3f10fde7d35d16059a06a78757b6 Mon Sep 17 00:00:00 2001 From: Alex Kiernan Date: Tue, 10 Mar 2020 11:05:20 +0000 Subject: [PATCH] Handle missing gshadow diff --git a/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch b/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch index 2bd683785d..c1297f27dd 100644 --- a/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch +++ b/meta/recipes-core/systemd/systemd/0015-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch @@ -1,4 +1,4 @@ -From 4733cb758285ec7f63e834894aa8f09d9bc77ad5 Mon Sep 17 00:00:00 2001 +From 79f2f3e90229f4812d93c6965cb67385642dfcc4 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 12 Apr 2021 23:44:53 -0700 Subject: [PATCH] missing_syscall.h: Define MIPS ABI defines for musl diff --git a/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch b/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch index 3e359d976a..d932d7cc76 100644 --- a/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch +++ b/meta/recipes-core/systemd/systemd/0016-pass-correct-parameters-to-getdents64.patch @@ -1,4 +1,4 @@ -From 1118d270cf2cd7c6cb99eb40ab42c3d07b20476c Mon Sep 17 00:00:00 2001 +From a8e07d87adfeb1c72c6eaf5402db465a78e08ee6 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Fri, 21 Jan 2022 15:15:11 -0800 Subject: [PATCH] pass correct parameters to getdents64 diff --git a/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch b/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch index 6ae6cdfe54..6a2dcc355d 100644 --- a/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch +++ b/meta/recipes-core/systemd/systemd/0017-Adjust-for-musl-headers.patch @@ -1,4 +1,4 @@ -From ab78d7938e732125012f8276e357e8f6d4a51476 Mon Sep 17 00:00:00 2001 +From 5da745dc6f60f6fac65371a60eee7cecaf575eae Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Fri, 21 Jan 2022 22:19:37 -0800 Subject: [PATCH] Adjust for musl headers diff --git a/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch b/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch index 5d74d08201..89ef33c156 100644 --- a/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch +++ b/meta/recipes-core/systemd/systemd/0018-test-bus-error-strerror-is-assumed-to-be-GNU-specifi.patch @@ -1,4 +1,4 @@ -From 20cf3569dff21f5c4e46855c3956606fa0141710 Mon Sep 17 00:00:00 2001 +From 1c5c9714a2a9bc651687bf2c583019c52ed93ac4 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Tue, 8 Nov 2022 13:31:34 -0800 Subject: [PATCH] test-bus-error: strerror() is assumed to be GNU specific diff --git a/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch b/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch index a20e21ee08..7911add5ea 100644 --- a/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch +++ b/meta/recipes-core/systemd/systemd/0019-errno-util-Make-STRERROR-portable-for-musl.patch @@ -1,4 +1,4 @@ -From 5e3e71f93adf5bdbfd470bcd93320dab314dc3ef Mon Sep 17 00:00:00 2001 +From 43f56ac05ff4b9c7774b6f580612f2a7896a4885 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 23 Jan 2023 23:39:46 -0800 Subject: [PATCH] errno-util: Make STRERROR portable for musl diff --git a/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch b/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch index bdcff34f2c..be0a0da013 100644 --- a/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch +++ b/meta/recipes-core/systemd/systemd/0020-sd-event-Make-malloc_trim-conditional-on-glibc.patch @@ -1,4 +1,4 @@ -From 18201d3350b443c79cc85274f3944bf64de33da0 Mon Sep 17 00:00:00 2001 +From cda1cc94bd81c8ff9135255895a414fb938e2c79 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 2 Aug 2023 12:06:27 -0700 Subject: [PATCH] sd-event: Make malloc_trim() conditional on glibc diff --git a/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch b/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch index 451511be16..9aa08e59cd 100644 --- a/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch +++ b/meta/recipes-core/systemd/systemd/0021-shared-Do-not-use-malloc_info-on-musl.patch @@ -1,4 +1,4 @@ -From 96c3d0d3a2359dd248685c2ede876d66c3faa3f9 Mon Sep 17 00:00:00 2001 +From 2913e608d6e91c8037d698534f72970b4c365d8f Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 2 Aug 2023 12:20:40 -0700 Subject: [PATCH] shared: Do not use malloc_info on musl diff --git a/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch b/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch index cd22adf0e5..e0a342355f 100644 --- a/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch +++ b/meta/recipes-core/systemd/systemd/0022-avoid-missing-LOCK_EX-declaration.patch @@ -1,4 +1,4 @@ -From f3bc7816d9cca9963a2737857763ee76e300a232 Mon Sep 17 00:00:00 2001 +From 9d151b5bb3105fb21d55a301def3d97b5a314580 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Tue, 2 Jan 2024 11:03:27 +0800 Subject: [PATCH] avoid missing LOCK_EX declaration @@ -15,7 +15,7 @@ Signed-off-by: Chen Qi 2 files changed, 2 insertions(+) diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c -index 22bc8d10c1..9bced8f420 100644 +index 9d27280ed0..569311422d 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -5,6 +5,7 @@ diff --git a/meta/recipes-core/systemd/systemd_255.18.bb b/meta/recipes-core/systemd/systemd_v255.21.bb similarity index 100% rename from meta/recipes-core/systemd/systemd_255.18.bb rename to meta/recipes-core/systemd/systemd_v255.21.bb