From patchwork Thu Jul 17 02:55:24 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67004
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1D552C83F34
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:55:51 +0000 (UTC)
Received: from mail-pj1-f65.google.com (mail-pj1-f65.google.com
 [209.85.216.65])
 by mx.groups.io with SMTP id smtpd.web10.40199.1752720943845463958
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:43 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Vcy769Z6;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.65,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f65.google.com with SMTP id
 98e67ed59e1d1-31ca042d3b8so498077a91.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720943;
 x=1753325743; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=A+L9TsDYXZ2cJ+bGXkMV0j7n17ilKgdTbk2WvUCsrh8=;
        b=Vcy769Z6OdkbaiZgUxuQxBwHHDYn/fNYtPKyaFNKtDOsRulGW83D/NTU9StcuRJIKz
         l2W7f4jlOBNlHGxIU2lp4QZa6QXQWD4pNVn80bdCJhSVXolwSwI32ePnl/44UMYGaQBb
         n6gEzwvb2tDwKm2w9EctkWoce3bBq7hy0KDiDux610WjPSvpHSoyj5N36aglLM1+sFEg
         hE3EC/Jenu4EY62wIAGlrQysq0MuFqe3aib6WhSaqqb1HEdBQvwAHCfDgo1H8zK5hEgB
         pnl8k9PEm0t0iIz5AQLCTtpeA46DFJ7U3vxRnNwCq5/CkR5GuuRnLPRQqrLC43ZKh5uQ
         GAMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720943; x=1753325743;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=A+L9TsDYXZ2cJ+bGXkMV0j7n17ilKgdTbk2WvUCsrh8=;
        b=slLQjr7Swyg/YmOcUO9oez6JGM0352bVIj9EZSrHhhhknN3IBhtQeVdu0OlOD8ur50
         29kAqAmNQdW3oKdj574u1dH0EOyheYb2vLB+bWSQAJ6saHTOfyfunHukSX6gNG7Db7Lx
         +4MGC7x6FXopIEm747k90aJOa2CqQwpUymvx+fjkkJczNRctg+J8IrDM7gExanMJvU3+
         0yx6dZmzrmt4qXxowJW1aQ9F0GKzJOIr3evt1R6Sl+jT+dg3qJs4NJsEjQTmoESEvDCS
         KInKM0ROPFBSi4a+NmggMmzbSkzpK4Op1R4RZpVmFbmlDW//hcG5Y3rluo5hq/kpQaVn
         Jp1A==
X-Gm-Message-State: AOJu0YxwqPBrKq38XLEdKJaiQF87o0aRSQ0ha9VPfkR4vb0d/3dF5hHM
	RgtTCtdb6Rk0qDoB+UurSOorgHw/abo6lLYq1e62Xvp09Ymetd5JCpWeXn1yl3SjM0K2Uvzh1SY
	ac4s+mFE=
X-Gm-Gg: ASbGncsWQZ2ZCbrdwjXVCsM9ol8ZpQar+4xY5Xp0LNfMyjAgKZ64LlazkMqwNGn9LBe
	hDKkih4yGDxVHctinWBgxLLv6xcRDVmWGParSE2eIbKx3+P6qEZCqtIZ1RgYSaLJCILr9hkO5wT
	vmJO3PI0bPo9D0xQUP0OncOwXWpsRgZ0LqRhzDWIlHyH5I721h6xf1miSZDfzKydZVpSUFPMEQX
	D9JN8lYckLDC/b/87gszLYYju/BmZxl4sidCIDumpEssk+f36lnwefKvbNq6xS8CxHf4EVftYhI
	jg0U0RBHIlXc2JWHMeM4zPRw4clmKtfIPU+bhQE6MI1tfg1epgVpr+5lfq0vD8CzuqCFJEE7Ns0
	92iQJXDWiJ4OyLA==
X-Google-Smtp-Source: 
 AGHT+IFr7skfm4gKeXZrP7sWlTp7Mrtqz4cqum9b1kqjCrr6VbMR6a+GSEnc2l+SoIhhI+BCcpbxuQ==
X-Received: by 2002:a17:90b:2889:b0:312:39c1:c9cf with SMTP id
 98e67ed59e1d1-31c9e6e530dmr7363802a91.7.1752720942754;
        Wed, 16 Jul 2025 19:55:42 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.55.42
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:55:42 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 01/13] busybox: apply patch for CVE-2023-39810
Date: Wed, 16 Jul 2025 19:55:24 -0700
Message-ID: 
 <c9d071556aa2e066abffc35031d86ee8ee9437d8.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:55:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220487

From: Peter Marko <peter.marko@siemens.com>

Backport patch referencing this CVE.

Note that the hardening is not activated by default, it adds defconfig
option to enable it.
Since it introduces a breaking change, it shouldn't be enabled in LTS
release by default.
This patch makes busybox cpio equivalent in this release to what is
currently in master and in kirkstone.
Also note that gnu cpio also does not have this hardening, but the CVE
is created only against busybox.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../busybox/busybox/CVE-2023-39810.patch      | 136 ++++++++++++++++++
 meta/recipes-core/busybox/busybox_1.37.0.bb   |   1 +
 2 files changed, 137 insertions(+)
 create mode 100644 meta/recipes-core/busybox/busybox/CVE-2023-39810.patch

diff --git a/meta/recipes-core/busybox/busybox/CVE-2023-39810.patch b/meta/recipes-core/busybox/busybox/CVE-2023-39810.patch
new file mode 100644
index 0000000000..821ab3508f
--- /dev/null
+++ b/meta/recipes-core/busybox/busybox/CVE-2023-39810.patch
@@ -0,0 +1,136 @@
+From 9a8796436b9b0641e13480811902ea2ac57881d3 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux@googlemail.com>
+Date: Wed, 2 Oct 2024 10:12:05 +0200
+Subject: [PATCH] archival: disallow path traversals (CVE-2023-39810)
+
+Create new configure option for archival/libarchive based extractions to
+disallow path traversals.
+As this is a paranoid option and might introduce backward
+incompatibility, default it to no.
+
+Fixes: CVE-2023-39810
+
+Based on the patch by Peter Kaestle <peter.kaestle@nokia.com>
+
+function                                             old     new   delta
+data_extract_all                                     921     945     +24
+strip_unsafe_prefix                                  101     102      +1
+------------------------------------------------------------------------------
+(add/remove: 0/0 grow/shrink: 2/0 up/down: 25/0)               Total: 25 bytes
+
+Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
+
+CVE: CVE-2023-39810
+Upstream-Status: Backport [https://git.busybox.net/busybox/commit/?id=9a8796436b9b0641e13480811902ea2ac57881d3]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ archival/Config.src                        | 11 +++++++++++
+ archival/libarchive/data_extract_all.c     |  8 ++++++++
+ archival/libarchive/unsafe_prefix.c        |  6 +++++-
+ scripts/kconfig/lxdialog/check-lxdialog.sh |  2 +-
+ testsuite/cpio.tests                       | 23 ++++++++++++++++++++++
+ 5 files changed, 48 insertions(+), 2 deletions(-)
+
+diff --git a/archival/Config.src b/archival/Config.src
+index 6f4f30c43..cbcd7217c 100644
+--- a/archival/Config.src
++++ b/archival/Config.src
+@@ -35,4 +35,15 @@ config FEATURE_LZMA_FAST
+ 	This option reduces decompression time by about 25% at the cost of
+ 	a 1K bigger binary.
+ 
++config FEATURE_PATH_TRAVERSAL_PROTECTION
++	bool "Prevent extraction of filenames with /../ path component"
++	default n
++	help
++	busybox tar and unzip remove "PREFIX/../" (if it exists)
++	from extracted names.
++	This option enables this behavior for all other unpacking applets,
++	such as cpio, ar, rpm.
++	GNU cpio 2.15 has NO such sanity check.
++# try other archivers and document their behavior?
++
+ endmenu
+diff --git a/archival/libarchive/data_extract_all.c b/archival/libarchive/data_extract_all.c
+index 049c2c156..8a69711c1 100644
+--- a/archival/libarchive/data_extract_all.c
++++ b/archival/libarchive/data_extract_all.c
+@@ -65,6 +65,14 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
+ 		} while (--n != 0);
+ 	}
+ #endif
++#if ENABLE_FEATURE_PATH_TRAVERSAL_PROTECTION
++	/* Strip leading "/" and up to last "/../" path component */
++	dst_name = (char *)strip_unsafe_prefix(dst_name);
++#endif
++// ^^^ This may be a problem if some applets do need to extract absolute names.
++// (Probably will need to invent ARCHIVE_ALLOW_UNSAFE_NAME flag).
++// You might think that rpm needs it, but in my tests rpm's internal cpio
++// archive has names like "./usr/bin/FOO", not "/usr/bin/FOO".
+ 
+ 	if (archive_handle->ah_flags & ARCHIVE_CREATE_LEADING_DIRS) {
+ 		char *slash = strrchr(dst_name, '/');
+diff --git a/archival/libarchive/unsafe_prefix.c b/archival/libarchive/unsafe_prefix.c
+index 33e487bf9..667081195 100644
+--- a/archival/libarchive/unsafe_prefix.c
++++ b/archival/libarchive/unsafe_prefix.c
+@@ -14,7 +14,11 @@ const char* FAST_FUNC strip_unsafe_prefix(const char *str)
+ 			cp++;
+ 			continue;
+ 		}
+-		if (is_prefixed_with(cp, "/../"+1)) {
++		/* We are called lots of times.
++		 * is_prefixed_with(cp, "../") is slower than open-coding it,
++		 * with minimal code growth (~few bytes).
++		 */
++		if (cp[0] == '.' && cp[1] == '.' && cp[2] == '/') {
+ 			cp += 3;
+ 			continue;
+ 		}
+diff --git a/scripts/kconfig/lxdialog/check-lxdialog.sh b/scripts/kconfig/lxdialog/check-lxdialog.sh
+index 5075ebf2d..910ca1f7c 100755
+--- a/scripts/kconfig/lxdialog/check-lxdialog.sh
++++ b/scripts/kconfig/lxdialog/check-lxdialog.sh
+@@ -55,7 +55,7 @@ trap "rm -f $tmp" 0 1 2 3 15
+ check() {
+         $cc -x c - -o $tmp 2>/dev/null <<'EOF'
+ #include CURSES_LOC
+-main() {}
++int main() { return 0; }
+ EOF
+ 	if [ $? != 0 ]; then
+ 	    echo " *** Unable to find the ncurses libraries or the"       1>&2
+diff --git a/testsuite/cpio.tests b/testsuite/cpio.tests
+index 85e746589..a4462c53e 100755
+--- a/testsuite/cpio.tests
++++ b/testsuite/cpio.tests
+@@ -154,6 +154,29 @@ testing "cpio -R with extract" \
+ " "" ""
+ SKIP=
+ 
++# Create an archive containing a file with "../dont_write" filename.
++# See that it will not be allowed to unpack.
++# NB: GNU cpio 2.15 DOES NOT do such checks.
++optional FEATURE_PATH_TRAVERSAL_PROTECTION
++rm -rf cpio.testdir
++mkdir -p cpio.testdir/prepare/inner
++echo "file outside of destination was written" > cpio.testdir/prepare/dont_write
++echo "data" > cpio.testdir/prepare/inner/to_extract
++mkdir -p cpio.testdir/extract
++testing "cpio extract file outside of destination" "\
++(cd cpio.testdir/prepare/inner && echo -e '../dont_write\nto_extract' | cpio -o -H newc) | (cd cpio.testdir/extract && cpio -vi 2>&1)
++echo \$?
++ls cpio.testdir/dont_write 2>&1" \
++"\
++cpio: removing leading '../' from member names
++../dont_write
++to_extract
++1 blocks
++0
++ls: cpio.testdir/dont_write: No such file or directory
++" "" ""
++SKIP=
++
+ # Clean up
+ rm -rf cpio.testdir cpio.testdir2 2>/dev/null
+ 
diff --git a/meta/recipes-core/busybox/busybox_1.37.0.bb b/meta/recipes-core/busybox/busybox_1.37.0.bb
index c3131eb453..92c7c65a3e 100644
--- a/meta/recipes-core/busybox/busybox_1.37.0.bb
+++ b/meta/recipes-core/busybox/busybox_1.37.0.bb
@@ -53,6 +53,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
            file://0001-syslogd-fix-wrong-OPT_locallog-flag-detection.patch \
            file://0002-start-stop-daemon-fix-tests.patch \
            file://0003-start-stop-false.patch \
+           file://CVE-2023-39810.patch \
            "
 SRC_URI:append:libc-musl = " file://musl.cfg"
 SRC_URI:append:x86-64 = " file://sha_accel.cfg"

From patchwork Thu Jul 17 02:55:25 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67002
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 22372C83F38
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:55:51 +0000 (UTC)
Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com
 [209.85.216.42])
 by mx.groups.io with SMTP id smtpd.web11.40450.1752720945222885206
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:45 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=gLClDns5;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.42,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f42.google.com with SMTP id
 98e67ed59e1d1-31329098ae8so475342a91.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720944;
 x=1753325744; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=1gWtXN1I8jx06x7/TFU6OKBmyh+nlky1SUgTksdoq2I=;
        b=gLClDns5xP1r/wyvDjwRWt+ud25xaOBlhXJkbTc0ii4Yr7PWDMOeTb/ywK6RurDyKq
         u9UCPaDrZMH1i/lGmg/0ysrBGVUuknueFtARfnFMjWqB0LNsXv1tAowBJNVno91RCyeR
         LSjow5k9m0UZUiusnPoHehufFrOHaCJlS3XxVXdbIg1bArUIMQpomOMklfisKn6S5Gcz
         evrb0VN4jIdg3fMuNkjfeWmmUxJDcdhjOTn+JWaCVaCXXwK7KOCQ9iLMQkEMVQl3s2VS
         4EOs/x67xU9d/tCvLWSHydrklhB2h66HV3eFMV98KgARkZDRumIT39elqnWKiWuP/THT
         5FwA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720944; x=1753325744;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=1gWtXN1I8jx06x7/TFU6OKBmyh+nlky1SUgTksdoq2I=;
        b=Y7mXNY13JIZBIiXihLySLOmpNTiWnsoDxUM4u/DLxi2AfG+/18rVXDZlJIypSz4O2m
         yHXfMJeNEgsbn97OarGlYDUH6heYcRaWIfd+qcILMWy5isgZj8UjygKx+UHgse0m4esl
         qf33nDyStW+/I9rFWy1Tt5epLpDsIa96RJhzFUtaMVCVQA235EfpWwKIcjGstBDpbZZx
         qnKM5LjYOVU1ga+Fw57Snx0nh3NOdLnu1Ii03nVE5ygRP++d+F5cK5oPthNkkCZbBRbD
         MRt2FuRORW1y7wy1joXAOqNN1z8KP8+t0j+l2WMm2T7The62KkLG0jH48oGOIKM5sdxY
         3nRg==
X-Gm-Message-State: AOJu0YwZqs5il8AKuM2A0YhAZfcNWjPWQf9069x+VbNr8BM+XiB4Mjhm
	PyWhCWiQ99Pgy+vuq/XQkdaGabkdRHMpS46+ZdwiUlfQqerPrz/20lr2+nmBGpi6K2MfGsDPvzv
	Dxnko
X-Gm-Gg: ASbGnctTAFIdMhym8XwQom5FV0jUSZMmfG7PKrWftSYmlII09AnNg+oUCWJ5unHSTQp
	PQwByancy3G4xnYXCKZdjPx8/DVHxxqy/rlFTtz/BRfZ1Sv5hi8sJrfML4vLDVS3GbYL2urF0HA
	7YMNM6e9xMEg84laDyLxfyko/KcOUHMdvgBPIkn8iI26i6y1ktRnRS+kYVOsFBiikEmhK8QvL7v
	uoYoSvm4kRXHWaP/Vgr7HR6a612TmLwz8U9atI9Rb5Hbjnv1AFQMP67Q4SsOGK7spISzyC4YOxl
	vCkKPpvuKom3SouwJbIDaruy8B70pUeOivUBs2exK9H6s8S2ynpuseyskx/EWmQhS2suAAdIAfh
	XX9jk4oVh4pVLmWEpww8D/my2
X-Google-Smtp-Source: 
 AGHT+IGVl/hGD3D9TfIz6RSM0zq1km6fBl7t8WokIQqPUu5gHyrcWlMUPSfyxLA+2tpvrVnO4aAneQ==
X-Received: by 2002:a17:90b:390a:b0:311:a5ab:3d47 with SMTP id
 98e67ed59e1d1-31caeb67544mr2450295a91.1.1752720944415;
        Wed, 16 Jul 2025 19:55:44 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.55.43
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:55:44 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 02/13] curl: ignore CVE-2025-4947 and
 CVE-2025-5025
Date: Wed, 16 Jul 2025 19:55:25 -0700
Message-ID: 
 <93ae0758ef35031c21a29f84e5481d99c218a232.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:55:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220488

From: Peter Marko <peter.marko@siemens.com>

These CVEs are for integration with WolfSSL which is not supported by
this recipe.
Ignore it if openssl packageconfig is enabled as it was done also in
scarthgap branch.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/curl/curl_8.12.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/curl/curl_8.12.1.bb b/meta/recipes-support/curl/curl_8.12.1.bb
index 4192693da8..9e279bbad1 100644
--- a/meta/recipes-support/curl/curl_8.12.1.bb
+++ b/meta/recipes-support/curl/curl_8.12.1.bb
@@ -25,6 +25,8 @@ SRC_URI[sha256sum] = "0341f1ed97a26c811abaebd37d62b833956792b7607ea3f15d001613c7
 # Curl has used many names over the years...
 CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl"
 CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on google cloud services causing a potential man in the middle attack"
+CVE_STATUS[CVE-2025-4947] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
+CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl', 'unpatched', d)}"
 
 inherit autotools pkgconfig binconfig multilib_header ptest
 

From patchwork Thu Jul 17 02:55:26 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67003
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 30798C83F37
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:55:51 +0000 (UTC)
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com
 [209.85.216.49])
 by mx.groups.io with SMTP id smtpd.web10.40200.1752720946884003087
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:46 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=OeRR6ke7;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.49,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f49.google.com with SMTP id
 98e67ed59e1d1-3135f3511bcso488693a91.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720946;
 x=1753325746; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=bmHsHa6It2V1Lp3EkkI0zkiQkbyCtpAdbrM6Hobb/R4=;
        b=OeRR6ke7krhLUyw3OsIwRIpqkU080Ba7EgKrH1W4inSdimUDVyC3zUJz2mMaHV9ueF
         88M8HagYKGqxUI1UAryFZDxhIGKkembn01uRz7tB+3R99OpxPuHt6QfjdtdbsKrJNYSV
         gMHvvk+5X57EBBrQVX3a/OrVYI1s4MfUjo3ifnWH1wd6vGnurk6Taxcfen8ZwCi+/dQF
         HO+3D/kia3DRd40/gyB61JDktCnFVzt3Cm8MVp5rgd6Ct8jvDpgM10O6VZTq1U7Y0TNm
         v+U1TFWT46qEhrickaYQ1Bi237LPTbUzW0vVCGmG6je15rzXMknl3jp/JrD5lq0a1i+A
         z9Fg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720946; x=1753325746;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=bmHsHa6It2V1Lp3EkkI0zkiQkbyCtpAdbrM6Hobb/R4=;
        b=Cnmscs++zGv6NbuktCAxRVfkvuadr+x0KKtww+bCzJZtgKN4LKUeVPwjixZkBTcyq5
         4Sv2uiCwCET1nP0TEcaXZxc3HyDEU+Th36ZJYid3BFXHuaZn2KZ7EhmyVZt3c+TNXG/D
         B3FQ3GYjtF/8fawQxs2P8IFOtCxiwQWgTGDZUIFEEtWr/mPtViZK3OcUSEB3yz4H0/7z
         q7KWoKgYoE4qykq+Gq3vVbvjG6GvgsISBQnvBeJg8bJGSSVD+1I5/R3AubBkRkiI7q3N
         mKtCdwrrLGz/GJcdUvwLSu3PFMqMT7JrRW9uifrSTJTVQaBR0PbIsTQK5AV5UzXYPmGW
         c4CQ==
X-Gm-Message-State: AOJu0YwwUqJf9WB//Y/OBNdNjg8kvClsvsBmYQM8Wg6GKzVVsOMK0rtN
	7KU/9/OwJ+XzA2Szl4Y/oBqOxEdLQQtMH+vuWwMGzICDthPcxHyxBdFwvKQcGcYBgGdscoNemBz
	Cop4o
X-Gm-Gg: ASbGncuND39crpAqlXt73W8o4vIWZG1gsVzzqjM7voWhFZN2XTyIhImwJIFaO6QohrC
	JnLThdVrbX1MtbFhxlDpff8aVg0gz89twdcvQerj8Q88+6cujjMjZ4GhkQWnvNpaU4FJKj/guXe
	tHeAUebO5CqQRRwa4N8T2Wm6k6hlaRCZdMVvCE1g9G2OLtz8GQQWGRlohHmyHJGgp4grBjnK7Ge
	R1KWlE+ccFuG+LLDKOvqcSLEURvCcL0XxQSmCn/ATauwvBYV+Y0ta9kRSiSPkNxn1qxkV4vif0x
	AgSEpapoq8p64s6mYa29fcHfQ3/VS4ZjT2AVUS7lfryG4iiwkND0U4bzambEZnDYDqZELdFvGxh
	NBPFiHefHNSRZHg==
X-Google-Smtp-Source: 
 AGHT+IGWldpfjKKH+mxAfThFmjiKzIwFTqNGCC1cBigo1KT1e7dHF9kVKWXAwaGm8QdiCy1wiIe0bg==
X-Received: by 2002:a17:90b:2650:b0:311:baa0:89ce with SMTP id
 98e67ed59e1d1-31c9f3fc33bmr7391038a91.12.1752720946020;
        Wed, 16 Jul 2025 19:55:46 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.55.45
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:55:45 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 03/13] iputils: patch CVE-2025-48964
Date: Wed, 16 Jul 2025 19:55:26 -0700
Message-ID: 
 <aec02926ecaeb792ca987e540820c9da5fbdc49a.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:55:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220489

From: Peter Marko <peter.marko@siemens.com>

Pick commit referencing this CVE.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../iputils/iputils/CVE-2025-48964.patch      | 99 +++++++++++++++++++
 .../iputils/iputils_20240905.bb               |  1 +
 2 files changed, 100 insertions(+)
 create mode 100644 meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch

diff --git a/meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch b/meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
new file mode 100644
index 0000000000..1144ce4e4a
--- /dev/null
+++ b/meta/recipes-extended/iputils/iputils/CVE-2025-48964.patch
@@ -0,0 +1,99 @@
+From afa36390394a6e0cceba03b52b59b6d41710608c Mon Sep 17 00:00:00 2001
+From: Cyril Hrubis <metan@ucw.cz>
+Date: Fri, 16 May 2025 17:57:10 +0200
+Subject: [PATCH] ping: Fix moving average rtt calculation
+
+The rts->rtt counts an exponential weight moving average in a fixed
+point, that means that even if we limit the triptime to fit into a 32bit
+number the average will overflow because because fixed point needs eight
+more bits.
+
+We also have to limit the triptime to 32bit number because otherwise the
+moving average may stil overflow if we manage to produce a large enough
+triptime.
+
+Fixes: CVE-2025-48964
+Fixes: https://bugzilla.suse.com/show_bug.cgi?id=1243772
+Closes: https://github.com/iputils/iputils-ghsa-25fr-jw29-74f9/pull/1
+Reported-by: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Reviewed-by: Petr Vorel <pvorel@suse.cz>
+Tested-by: Petr Vorel <pvorel@suse.cz>
+Reviewed-by: Michal Kubecek <mkubecek@suse.cz>
+Reviewed-by: Mohamed Maatallah <hotelsmaatallahrecemail@gmail.com>
+Signed-off-by: Cyril Hrubis <metan@ucw.cz>
+
+CVE: CVE-2025-48964
+Upstream-Status: Backport [https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ iputils_common.h   | 2 +-
+ ping/ping.h        | 2 +-
+ ping/ping_common.c | 8 ++++----
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/iputils_common.h b/iputils_common.h
+index 829a749..1296905 100644
+--- a/iputils_common.h
++++ b/iputils_common.h
+@@ -11,7 +11,7 @@
+ 					 __typeof__(&arr[0]))])) * 0)
+ 
+ /* 1000001 = 1000000 tv_sec + 1 tv_usec */
+-#define TV_SEC_MAX_VAL (LONG_MAX/1000001)
++#define TV_SEC_MAX_VAL (INT32_MAX/1000001)
+ 
+ #ifdef __GNUC__
+ # define iputils_attribute_format(t, n, m) __attribute__((__format__ (t, n, m)))
+diff --git a/ping/ping.h b/ping/ping.h
+index 4dce538..bc1fab2 100644
+--- a/ping/ping.h
++++ b/ping/ping.h
+@@ -194,7 +194,7 @@ struct ping_rts {
+ 	long tmax;			/* maximum round trip time */
+ 	double tsum;			/* sum of all times, for doing average */
+ 	double tsum2;
+-	int rtt;
++	uint64_t rtt;                   /* Exponential weight moving average calculated in fixed point */
+ 	int rtt_addend;
+ 	uint16_t acked;
+ 	int pipesize;
+diff --git a/ping/ping_common.c b/ping/ping_common.c
+index 2a3e556..fad5228 100644
+--- a/ping/ping_common.c
++++ b/ping/ping_common.c
+@@ -281,7 +281,7 @@ int __schedule_exit(int next)
+ 
+ static inline void update_interval(struct ping_rts *rts)
+ {
+-	int est = rts->rtt ? rts->rtt / 8 : rts->interval * 1000;
++	int est = rts->rtt ? (int)(rts->rtt / 8) : rts->interval * 1000;
+ 
+ 	rts->interval = (est + rts->rtt_addend + 500) / 1000;
+ 	if (rts->uid && rts->interval < MIN_USER_INTERVAL_MS)
+@@ -788,7 +788,7 @@ restamp:
+ 			if (triptime > rts->tmax)
+ 				rts->tmax = triptime;
+ 			if (!rts->rtt)
+-				rts->rtt = triptime * 8;
++				rts->rtt = ((uint64_t)triptime) * 8;
+ 			else
+ 				rts->rtt += triptime - rts->rtt / 8;
+ 			if (rts->opt_adaptive)
+@@ -960,7 +960,7 @@ int finish(struct ping_rts *rts)
+ 		int ipg = (1000000 * (long long)tv.tv_sec + tv.tv_nsec / 1000) / (rts->ntransmitted - 1);
+ 
+ 		printf(_("%sipg/ewma %d.%03d/%d.%03d ms"),
+-		       comma, ipg / 1000, ipg % 1000, rts->rtt / 8000, (rts->rtt / 8) % 1000);
++		       comma, ipg / 1000, ipg % 1000, (int)(rts->rtt / 8000), (int)((rts->rtt / 8) % 1000));
+ 	}
+ 	putchar('\n');
+ 	return (!rts->nreceived || (rts->deadline && rts->nreceived < rts->npackets));
+@@ -985,7 +985,7 @@ void status(struct ping_rts *rts)
+ 		fprintf(stderr, _(", min/avg/ewma/max = %ld.%03ld/%lu.%03ld/%d.%03d/%ld.%03ld ms"),
+ 			(long)rts->tmin / 1000, (long)rts->tmin % 1000,
+ 			tavg / 1000, tavg % 1000,
+-			rts->rtt / 8000, (rts->rtt / 8) % 1000, (long)rts->tmax / 1000, (long)rts->tmax % 1000);
++			(int)(rts->rtt / 8000), (int)((rts->rtt / 8) % 1000), (long)rts->tmax / 1000, (long)rts->tmax % 1000);
+ 	}
+ 	fprintf(stderr, "\n");
+ }
diff --git a/meta/recipes-extended/iputils/iputils_20240905.bb b/meta/recipes-extended/iputils/iputils_20240905.bb
index 64d58a91c2..96b9671dbd 100644
--- a/meta/recipes-extended/iputils/iputils_20240905.bb
+++ b/meta/recipes-extended/iputils/iputils_20240905.bb
@@ -12,6 +12,7 @@ DEPENDS = "gnutls"
 
 SRC_URI = "git://github.com/iputils/iputils;branch=master;protocol=https \
            file://CVE-2025-47268.patch \
+           file://CVE-2025-48964.patch \
           "
 SRCREV = "10b50784aae3fb75c96cdf9b1668916b49557dd5"
 

From patchwork Thu Jul 17 02:55:27 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67001
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 15AFDC83F22
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:55:51 +0000 (UTC)
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
 [209.85.216.54])
 by mx.groups.io with SMTP id smtpd.web10.40201.1752720948895266648
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:48 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=G2HdHGlj;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.54,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f54.google.com with SMTP id
 98e67ed59e1d1-311e2cc157bso475638a91.2
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720948;
 x=1753325748; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=j7usODZMEXSEB6TcmT/ZguZuBvh9JpfkAV3KcC1QKSw=;
        b=G2HdHGljyudfMTigcOxd0DzFXMEvpbZ9KXur26TvshHlsX4PETLQcjzcu2cOFKHSJ3
         OTeEKpcYP7TpBXGYNN5+OM2hP+9fQ0b5VaVpxLqGvx06IUM40pi8ZqsoNJETukGk0o+b
         ovBwgtElHP5gtdpMs/Mc3WAa7+X2PTGbWF/6JSble38D6Qw6qYN3A+tfcK/6W11syFO3
         SWK5iu4vgTsvBngopMNHvfB9sjUxMfwOmOZt2oBshXwK7qOU6c6X4cdYEyq/rrB7LFnF
         KWe9BiEeJd9DIAtGHTR+EKg0ajZORJlWe3GYU8U+ZKDPmXXD/EPdsdLDW+iT11i0p6zV
         GO2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720948; x=1753325748;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=j7usODZMEXSEB6TcmT/ZguZuBvh9JpfkAV3KcC1QKSw=;
        b=c4SOI70aCUGWaaSciw2e5e7rAB4CeL/BN9VDFDw7wjZb5ZDR4+y++YJCGup8ocnrJY
         lhJxMYCNUbjfaygm2/XkUxGNvIVKg42qMqYJsBCyni9BgM1TPz1dlEvAC+i0xYPddTAf
         5WoZ6WOT2UHhsEptqAdVZ8ftXS9/x3g2/ZByu/NWzy7l4g6A5duMuuCLBuUxMDT0PYRd
         mYWOBfE5vCnwoRuNI61i527bY8gxaHzZLggVvfdCxhcc0XBuzXhtFpEkAolyGMHHKINg
         3bHF7K7DlRMq1I+XhWXcV/7tqa4LCcIs8bYWLfIjGi2OvlGW+QkC6GgxucVYP0AA1Y3E
         lwGg==
X-Gm-Message-State: AOJu0YzeEze8yrf1jhwUDbvPrcpi5AdyqjiDzODRpIiVBOui3l+2a1JK
	0WGCtPZJ6eNOwvWYxO2umnVxNoFR43F+g5z/SAY5p63BbVcX6wHaA1MdgTJOpCxTeIfkhi5ANZR
	D2NcW
X-Gm-Gg: ASbGncuArf7VbUXSpFhTRsKFKqK72iSSQ5V8Y5l18etC4cjzkcCpH+y8F8ORrh7D20r
	doZBhxYDenPZ0JmBjGZVS2VqH+od0LmkAMTZQ0o65be/Wpb/Bbmy9XtlFB+3r53YcM+qLM/FH/7
	AM+pGodmzGoq/FdEPkMGxhB891gGnpuqclpEv8h/SVaxS8I4fcxl8cQaH9PTcV1JLNrJXnV822H
	3e62Sl85QFsHIRlfLAQvx1NktSbbb2hLphmGCrEMir7nJg1eEhBebs3XtjrlyL+3yaC/MTgshXP
	nKOkXwk6viwwkq8XPvFHomxEN9z3XBV2NHFVgwzgjXtSkCAuHqO/WUBXE+OoEwd4MB8vXA1jWyO
	RvCRyqNV1YYfH6w==
X-Google-Smtp-Source: 
 AGHT+IHXLbMAcaEggsf8qGJSrl06GtWS01jB26EVi5Fh4OEFcvO/QCmnH+fhBAfQJdaCBIGbhu2G8w==
X-Received: by 2002:a17:90b:2584:b0:313:d79d:87eb with SMTP id
 98e67ed59e1d1-31c9e795521mr7253201a91.35.1752720947968;
        Wed, 16 Jul 2025 19:55:47 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.55.47
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:55:47 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 04/13] gdk-pixbuf: fix CVE-2025-7345
Date: Wed, 16 Jul 2025 19:55:27 -0700
Message-ID: 
 <bb80f57bc3818937d5a207040bfd44021dee4e6e.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:55:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220490

From: Archana Polampalli <archana.polampalli@windriver.com>

A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function
(io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing
maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding,
allowing out-of-bounds reads from heap memory, potentially causing application crashes or
arbitrary code execution.

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch | 55 +++++++++++++++++++
 .../gdk-pixbuf/gdk-pixbuf_2.42.12.bb          |  1 +
 2 files changed, 56 insertions(+)
 create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch

diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch
new file mode 100644
index 0000000000..a8f23d3501
--- /dev/null
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-7345.patch
@@ -0,0 +1,55 @@
+From 4af78023ce7d3b5e3cec422a59bb4f48fa4f5886 Mon Sep 17 00:00:00 2001
+From: Matthias Clasen <mclasen@redhat.com>
+Date: Fri, 11 Jul 2025 11:02:05 -0400
+Subject: [PATCH] jpeg: Be more careful with chunked icc data
+
+We we inadvertendly trusting the sequence numbers not to lie.
+If they do we would report a larger data size than we actually
+allocated, leading to out of bounds memory access in base64
+encoding later on.
+
+This has been assigned CVE-2025-7345.
+
+Fixes: #249
+
+CVE: CVE-2025-7345
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4af78023ce7d3b5e3cec422a59bb4f48fa4f5886]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ gdk-pixbuf/io-jpeg.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
+index 3841fc0..9ee1d21 100644
+--- a/gdk-pixbuf/io-jpeg.c
++++ b/gdk-pixbuf/io-jpeg.c
+@@ -356,6 +356,7 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
+		context->icc_profile = g_new (gchar, chunk_size);
+		/* copy the segment data to the profile space */
+		memcpy (context->icc_profile, marker->data + 14, chunk_size);
++                ret = TRUE;
+		goto out;
+	}
+
+@@ -377,12 +378,15 @@ jpeg_parse_exif_app2_segment (JpegExifContext *context, jpeg_saved_marker_ptr ma
+	/* copy the segment data to the profile space */
+	memcpy (context->icc_profile + offset, marker->data + 14, chunk_size);
+
+-	/* it's now this big plus the new data we've just copied */
+-	context->icc_profile_size += chunk_size;
++        context->icc_profile_size = MAX (context->icc_profile_size, offset + chunk_size);
+
+	/* success */
+	ret = TRUE;
+ out:
++        if (!ret) {
++                g_free (context->icc_profile);
++                context->icc_profile = NULL;
++        }
+	return ret;
+ }
+
+--
+2.40.0
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb
index 96487a284a..48f3c778c9 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.12.bb
@@ -20,6 +20,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
            file://run-ptest \
            file://fatal-loader.patch \
            file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \
+           file://CVE-2025-7345.patch \
            "
 
 SRC_URI[sha256sum] = "b9505b3445b9a7e48ced34760c3bcb73e966df3ac94c95a148cb669ab748e3c7"

From patchwork Thu Jul 17 02:55:28 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 66999
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 110B4C83F27
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:55:51 +0000 (UTC)
Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com
 [209.85.214.181])
 by mx.groups.io with SMTP id smtpd.web11.40452.1752720950538293045
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:50 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=bHwnW0Mw;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f181.google.com with SMTP id
 d9443c01a7336-23c703c471dso16835545ad.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720950;
 x=1753325750; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=5Sm1uDDAcr07b4+ViJUuXwtPqjsd05chQk60xT0zY4w=;
        b=bHwnW0MwL9214FjDaVZFOgRTYtlwQbjmS6UONmMmeaxSJxf7M0BZdvV1+HI7FQVht9
         RDv7Vco+pTytRaxVK7SOs92JoyItS5sr1IDWdnSazV8HYWO6T+/nkPPf//oQ0S1A5C6h
         XdiRIbHYLolqrqA0aOZvIqQQ/dILPjUsNGLxnqju2qIDOYHmYliFkmk+ovRQIuB2UxyA
         0RKFXtYA6AAqXR0DseWwLQE1guqqg2jcBR3o+FUMbdhGQGe4Am5X+iajg0mFtgvIKMZo
         CCPfsKTcsc2GrYehug6v/972E2JVdnAcjCJUH0BG+SVUMlice1GF9EQ1tsiWSnuz1kVL
         M/TA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720950; x=1753325750;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=5Sm1uDDAcr07b4+ViJUuXwtPqjsd05chQk60xT0zY4w=;
        b=h7lIVlQ2ROR/8Cs54lFIFSes68QkIyDMg1CIcOIB10JuZIYjMksX3lgS2ixM7Mwp6R
         jTmDY0IuLm/7ckp1uzzc8CeddzQdsG8tOK82uXqANow5yuNMsWTEbDv56UNK0l0bZPAK
         ylE0WQ8ww7DR4zql308bk8XL6CMX5zr5+csPT2b1v+3fvfoekwxM+OZl4lEZ3Qxs5hF4
         +6VDNb0xrvIJwyXbS89rtCHWiWIjgVzlt5e/M/IanWTuCsz1kY8YCdiHO0wOT7XnqktX
         Uo3JGtyIrKqRSJK5wMcGosWQHqYGl8YW0WLKIsh1F1uc3gVmSuEWnVHlPhY1QvumqMtM
         OSyQ==
X-Gm-Message-State: AOJu0YwkEcgKyNHhKvQNJ9fYKvfCqwUFXlH287LL/p0KszOCL2a3zRrn
	PLTzuku18RPQtLIw2tSLziWQJNr5I+FUoCD0JEPZNNXF+V0nk1slhuYAO2ETYxTF9lss3sheXVP
	L1EKh
X-Gm-Gg: ASbGnctPeeePc4Z5keavOgC/9+Sjxrb/2LESnA+ukRdcHt8mo4H3GaE51bG8sXMejzY
	+zYMLHU5q+xIc+SuAbTU6RSLKWsBzB5Goemv2CpS1nKy1hNVAo5iVdo/5C4vO1MFzayGPdpVDMU
	RAPfj6R3CD3w3VZIa7sS3GcKP8OKLIvQGF2b+q/RZhVCG7EvXuX12n8sIxT6F/yYNjrQCaQeI2P
	9FzbEK6qbKmvbI9ppUaI+DwuRLwwiWN5FpZ3Iy+T/xxAp9dKOQpymC9nIPmcjGgWTTQtqgbOkIc
	CHqAuDX+hRPAi/v9thFZLxJ0SML+Be0+7fPhOX8i4/AMK9q82W2kt3NYhZctiv0sHq2gH+Im2o6
	eG0p8cNQrXo2JBw==
X-Google-Smtp-Source: 
 AGHT+IFWghNCPJbKi4xP8bOC1c29Fpq3eDhdtc5/9lIwJmwuJILq34qgUcnCRjh4glQqRWf2CCWK/A==
X-Received: by 2002:a17:903:1b48:b0:237:e753:1808 with SMTP id
 d9443c01a7336-23e2f4ba71amr24504425ad.20.1752720949583;
        Wed, 16 Jul 2025 19:55:49 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.55.49
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:55:49 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 05/13] libxml2: fix CVE-2025-6021
Date: Wed, 16 Jul 2025 19:55:28 -0700
Message-ID: 
 <99a239d9146c5ecf158cd9db7823ec1aff45fd48.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:55:51 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220491

From: Divya Chellam <divya.chellam@windriver.com>

A flaw was found in libxml2's xmlBuildQName function, where integer
overflows in buffer size calculations can lead to a stack-based buffer
overflow. This issue can result in memory corruption or a denial
of service when processing crafted input.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-6021

Upstream-patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae33c23f87692aa179bacedb6743f3188a

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libxml/libxml2/CVE-2025-6021.patch        | 59 +++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.13.8.bb    |  1 +
 2 files changed, 60 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch
new file mode 100644
index 0000000000..8461e0f715
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2025-6021.patch
@@ -0,0 +1,59 @@
+From 17d950ae33c23f87692aa179bacedb6743f3188a Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 27 May 2025 12:53:17 +0200
+Subject: [PATCH] [CVE-2025-6021] tree: Fix integer overflow in xmlBuildQName
+
+Fixes #926.
+
+CVE: CVE-2025-6021
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/17d950ae33c23f87692aa179bacedb6743f3188a]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ tree.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/tree.c b/tree.c
+index f097cf8..5bc95b8 100644
+--- a/tree.c
++++ b/tree.c
+@@ -47,6 +47,10 @@
+ #include "private/error.h"
+ #include "private/tree.h"
+ 
++#ifndef SIZE_MAX
++  #define SIZE_MAX ((size_t)-1)
++#endif
++
+ int __xmlRegisterCallbacks = 0;
+ 
+ /************************************************************************
+@@ -167,10 +171,10 @@ xmlGetParameterEntityFromDtd(const xmlDtd *dtd, const xmlChar *name) {
+ xmlChar *
+ xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix,
+ 	      xmlChar *memory, int len) {
+-    int lenn, lenp;
++    size_t lenn, lenp;
+     xmlChar *ret;
+ 
+-    if (ncname == NULL) return(NULL);
++    if ((ncname == NULL) || (len < 0)) return(NULL);
+     if (prefix == NULL) return((xmlChar *) ncname);
+ 
+ #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+@@ -181,8 +185,10 @@ xmlBuildQName(const xmlChar *ncname, const xmlChar *prefix,
+ 
+     lenn = strlen((char *) ncname);
+     lenp = strlen((char *) prefix);
++    if (lenn >= SIZE_MAX - lenp - 1)
++        return(NULL);
+ 
+-    if ((memory == NULL) || (len < lenn + lenp + 2)) {
++    if ((memory == NULL) || ((size_t) len < lenn + lenp + 2)) {
+ 	ret = (xmlChar *) xmlMallocAtomic(lenn + lenp + 2);
+ 	if (ret == NULL)
+ 	    return(NULL);
+-- 
+2.40.0
+
diff --git a/meta/recipes-core/libxml/libxml2_2.13.8.bb b/meta/recipes-core/libxml/libxml2_2.13.8.bb
index e82e0e8ec3..ea7aa9c41d 100644
--- a/meta/recipes-core/libxml/libxml2_2.13.8.bb
+++ b/meta/recipes-core/libxml/libxml2_2.13.8.bb
@@ -17,6 +17,7 @@ inherit gnomebase
 SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testtar \
            file://run-ptest \
            file://install-tests.patch \
+           file://CVE-2025-6021.patch \
            "
 
 SRC_URI[archive.sha256sum] = "277294cb33119ab71b2bc81f2f445e9bc9435b893ad15bb2cd2b0e859a0ee84a"

From patchwork Thu Jul 17 02:55:29 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67006
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2A2B1C83F27
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:56:01 +0000 (UTC)
Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com
 [209.85.216.50])
 by mx.groups.io with SMTP id smtpd.web11.40454.1752720952246650438
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:52 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=uVCq5fEn;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.50,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f50.google.com with SMTP id
 98e67ed59e1d1-311d5fdf1f0so478003a91.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720951;
 x=1753325751; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=PhATVIDmaHkKgbMM3CPBKkk7uMkTMB5sx60clzqqST0=;
        b=uVCq5fEnL7wU5poMhDaAmtLLDSg7AZ29XWgVHxTlcW4S70wZ9HkRhXlC0PPf7PaxFx
         7Za6C5si4FjEcUxKbDhdiffKbzKzElMYFbUpVfZVoPslJkf+hPp8494vaN07KIJvMJgI
         JseP0dDdTgkJaBpAWt+RGhweDfnH/Ns+kv3FKpkQkSnS+w+pf2ahVWbfSxWfczX+woYb
         RfDxk6SeqtHttQduidTDwtfql4+7enRBtUnEI1x5QkyJKqHICtkantvo31mcrWv+DSdF
         KoSG+QEPejNAgHjN1g8Lrw00gOntGUW1OJdfYJEVG/0HvAfhO9I0/VyBeShrWfu91JD+
         F8rQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720951; x=1753325751;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=PhATVIDmaHkKgbMM3CPBKkk7uMkTMB5sx60clzqqST0=;
        b=jkWBIijNVGVKZzItPuBCiN6fuSP4mOFpU51JL8UAgLdRLy/EFH5o2Krt/AXr/uTllM
         Ub7BogZZ6B9x3p4f/r8qS9r/hYF17T1CfVbx1sumBCqAZvXNNlHV1yRX99xtzdFvfD9V
         e4nqPTfdlCmd+xgq2GODg+nUtaDvVJfbd2p+X2S8PG03Xr58ht8osmjX4TLlSTNIBcyZ
         WJHTdMHApaL0BYYmlN1/jPUbIqGsLGn/ZZqiHDYrsdMa0S+b2ltzrg3FQpzPJ5wdJBP4
         xTzdhAFTVsYMLE1febMlCLnM7CwiWPxScrFC9H/i6hPni17cSTdoqlPJZnCGTB17DbU7
         FDnw==
X-Gm-Message-State: AOJu0YyMzaZnCzsQI9NoPA8T5x4z0Mx2Y7uEggXnBdmYzr5l1yz2n3GV
	vZkqAgFectxCENbH+jEhTH4P7kXhD7RrSjR8S/dsGNL2C5WvXV1E2HIjY8/Xc/7VAczEKzfO1GH
	tUd4f
X-Gm-Gg: ASbGncuqF1EvEO9wtCpUinHd8mr3TbHiUoKMUd/MfVzxPuTiR/I3vAXm6d47yeTWV5v
	y3sA+8I+jY6CyCDJdC7ynxKTNDlmGDn82URFDi6bQZd9Q2wS3Pxt+g0InqV87aoMsJfjCkAz9s/
	JGbNlnKTIDd4d3VXhU6OGAwM/WAka/YLQoKSMzoCnk1ZMv8Df6f9IUncFcQbgQAVH1t+Zqz3mEF
	KPARRF889AlGd/UECZVk8jir/kA6ueMcb5WfE4Iwn2xqVjNlflz/TzQ7jOoH5YEyKlAwcVkntwl
	YHj15PgZgHQ+Fko47yicMsEe+WT4GIyBvjfReyVT6mgtn7gwZL1+VOBwArIg7IqKDni2xpdfQzK
	tco5V//2HrzMuyo2SdUkUHeKd
X-Google-Smtp-Source: 
 AGHT+IG0uWZYIaQ/S0RZ20jD5ZoqGDXFYOR4e1Q7tjuRSuSLlfvmpglKLaHTiq3FXXg3jqNybZ/YwA==
X-Received: by 2002:a17:90b:46:b0:312:1cd7:b337 with SMTP id
 98e67ed59e1d1-31c9f3c3663mr6048414a91.5.1752720951141;
        Wed, 16 Jul 2025 19:55:51 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.55.50
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:55:50 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 06/13] libxml2: Fix CVE-2025-49794 &
 CVE-2025-49796
Date: Wed, 16 Jul 2025 19:55:29 -0700
Message-ID: 
 <b0f34931f7ae35538d007add80e2f81c85fa950f.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:56:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220492

From: Divya Chellam <divya.chellam@windriver.com>

A use-after-free vulnerability was found in libxml2. This issue
occurs when parsing XPath elements under certain circumstances
when the XML schematron has the <sch:name path="..."/> schema
elements. This flaw allows a malicious actor to craft a malicious
XML document used as input for libxml, resulting in the program's
crash using libxml or other possible undefined behaviors.

A vulnerability was found in libxml2. Processing certain sch:name
elements from the input XML file can trigger a memory corruption
issue. This flaw allows an attacker to craft a malicious XML input
file that can lead libxml to crash, resulting in a denial of service
or other possible undefined behavior due to sensitive data being
corrupted in memory.

References:
https://security-tracker.debian.org/tracker/CVE-2025-49794
https://security-tracker.debian.org/tracker/CVE-2025-49796

Upstream-patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../CVE-2025-49794_CVE-2025-49796.patch       | 189 ++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.13.8.bb    |   1 +
 2 files changed, 190 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49794_CVE-2025-49796.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-49794_CVE-2025-49796.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-49794_CVE-2025-49796.patch
new file mode 100644
index 0000000000..77b04f7147
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2025-49794_CVE-2025-49796.patch
@@ -0,0 +1,189 @@
+From 71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Fri, 4 Jul 2025 14:28:26 +0200
+Subject: [PATCH] schematron: Fix memory safety issues in
+ xmlSchematronReportOutput
+
+Fix use-after-free (CVE-2025-49794) and type confusion (CVE-2025-49796)
+in xmlSchematronReportOutput.
+
+Fixes #931.
+Fixes #933.
+---
+
+CVE: CVE-2025-49794 CVE-2025-49796
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/71e1e8af5ee46dad1b57bb96cfbf1c3ad21fbd7b]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ result/schematron/cve-2025-49794_0.err |  2 ++
+ result/schematron/cve-2025-49796_0.err |  2 ++
+ schematron.c                           | 49 ++++++++++++++------------
+ test/schematron/cve-2025-49794.sct     | 10 ++++++
+ test/schematron/cve-2025-49794_0.xml   |  6 ++++
+ test/schematron/cve-2025-49796.sct     |  9 +++++
+ test/schematron/cve-2025-49796_0.xml   |  3 ++
+ 7 files changed, 58 insertions(+), 23 deletions(-)
+ create mode 100644 result/schematron/cve-2025-49794_0.err
+ create mode 100644 result/schematron/cve-2025-49796_0.err
+ create mode 100644 test/schematron/cve-2025-49794.sct
+ create mode 100644 test/schematron/cve-2025-49794_0.xml
+ create mode 100644 test/schematron/cve-2025-49796.sct
+ create mode 100644 test/schematron/cve-2025-49796_0.xml
+
+diff --git a/result/schematron/cve-2025-49794_0.err b/result/schematron/cve-2025-49794_0.err
+new file mode 100644
+index 0000000..5775231
+--- /dev/null
++++ b/result/schematron/cve-2025-49794_0.err
+@@ -0,0 +1,2 @@
++./test/schematron/cve-2025-49794_0.xml:2: element boo0: schematron error : /librar0/boo0 line 2:  
++./test/schematron/cve-2025-49794_0.xml fails to validate
+diff --git a/result/schematron/cve-2025-49796_0.err b/result/schematron/cve-2025-49796_0.err
+new file mode 100644
+index 0000000..bf875ee
+--- /dev/null
++++ b/result/schematron/cve-2025-49796_0.err
+@@ -0,0 +1,2 @@
++./test/schematron/cve-2025-49796_0.xml:2: element boo0: schematron error : /librar0/boo0 line 2:  
++./test/schematron/cve-2025-49796_0.xml fails to validate
+diff --git a/schematron.c b/schematron.c
+index 1de25de..426300c 100644
+--- a/schematron.c
++++ b/schematron.c
+@@ -1414,27 +1414,15 @@ exit:
+  *                                                                      *
+  ************************************************************************/
+ 
+-static xmlNodePtr
++static xmlXPathObjectPtr
+ xmlSchematronGetNode(xmlSchematronValidCtxtPtr ctxt,
+                      xmlNodePtr cur, const xmlChar *xpath) {
+-    xmlNodePtr node = NULL;
+-    xmlXPathObjectPtr ret;
+-
+     if ((ctxt == NULL) || (cur == NULL) || (xpath == NULL))
+         return(NULL);
+ 
+     ctxt->xctxt->doc = cur->doc;
+     ctxt->xctxt->node = cur;
+-    ret = xmlXPathEval(xpath, ctxt->xctxt);
+-    if (ret == NULL)
+-        return(NULL);
+-
+-    if ((ret->type == XPATH_NODESET) &&
+-        (ret->nodesetval != NULL) && (ret->nodesetval->nodeNr > 0))
+-        node = ret->nodesetval->nodeTab[0];
+-
+-    xmlXPathFreeObject(ret);
+-    return(node);
++    return(xmlXPathEval(xpath, ctxt->xctxt));
+ }
+ 
+ /**
+@@ -1480,25 +1468,40 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
+             (child->type == XML_CDATA_SECTION_NODE))
+             ret = xmlStrcat(ret, child->content);
+         else if (IS_SCHEMATRON(child, "name")) {
++            xmlXPathObject *obj = NULL;
+             xmlChar *path;
+ 
+             path = xmlGetNoNsProp(child, BAD_CAST "path");
+ 
+             node = cur;
+             if (path != NULL) {
+-                node = xmlSchematronGetNode(ctxt, cur, path);
+-                if (node == NULL)
+-                    node = cur;
++                obj = xmlSchematronGetNode(ctxt, cur, path);
++                if ((obj != NULL) &&
++                    (obj->type == XPATH_NODESET) &&
++                    (obj->nodesetval != NULL) &&
++                    (obj->nodesetval->nodeNr > 0))
++                    node = obj->nodesetval->nodeTab[0];
+                 xmlFree(path);
+             }
+ 
+-            if ((node->ns == NULL) || (node->ns->prefix == NULL))
+-                ret = xmlStrcat(ret, node->name);
+-            else {
+-                ret = xmlStrcat(ret, node->ns->prefix);
+-                ret = xmlStrcat(ret, BAD_CAST ":");
+-                ret = xmlStrcat(ret, node->name);
++            switch (node->type) {
++                case XML_ELEMENT_NODE:
++                case XML_ATTRIBUTE_NODE:
++                    if ((node->ns == NULL) || (node->ns->prefix == NULL))
++                        ret = xmlStrcat(ret, node->name);
++                    else {
++                        ret = xmlStrcat(ret, node->ns->prefix);
++                        ret = xmlStrcat(ret, BAD_CAST ":");
++                        ret = xmlStrcat(ret, node->name);
++                    }
++                    break;
++
++                /* TODO: handle other node types */
++                default:
++                    break;
+             }
++
++            xmlXPathFreeObject(obj);
+         } else if (IS_SCHEMATRON(child, "value-of")) {
+             xmlChar *select;
+             xmlXPathObjectPtr eval;
+diff --git a/test/schematron/cve-2025-49794.sct b/test/schematron/cve-2025-49794.sct
+new file mode 100644
+index 0000000..7fc9ee3
+--- /dev/null
++++ b/test/schematron/cve-2025-49794.sct
+@@ -0,0 +1,10 @@
++<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron">
++    <sch:pattern id="">
++        <sch:rule context="boo0">
++            <sch:report test="not(0)">
++                <sch:name path="&#9;e|namespace::*|e"/>
++            </sch:report>
++            <sch:report test="0"></sch:report>
++        </sch:rule>
++    </sch:pattern>
++</sch:schema>
+diff --git a/test/schematron/cve-2025-49794_0.xml b/test/schematron/cve-2025-49794_0.xml
+new file mode 100644
+index 0000000..debc64b
+--- /dev/null
++++ b/test/schematron/cve-2025-49794_0.xml
+@@ -0,0 +1,6 @@
++<librar0>
++    <boo0 t="">
++        <author></author>
++    </boo0>
++    <ins></ins>
++</librar0>
+diff --git a/test/schematron/cve-2025-49796.sct b/test/schematron/cve-2025-49796.sct
+new file mode 100644
+index 0000000..e9702d7
+--- /dev/null
++++ b/test/schematron/cve-2025-49796.sct
+@@ -0,0 +1,9 @@
++<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron">
++    <sch:pattern id="">
++        <sch:rule context="boo0">
++            <sch:report test="not(0)">
++                <sch:name path="/"/>
++            </sch:report>
++        </sch:rule>
++    </sch:pattern>
++</sch:schema>
+diff --git a/test/schematron/cve-2025-49796_0.xml b/test/schematron/cve-2025-49796_0.xml
+new file mode 100644
+index 0000000..be33c4e
+--- /dev/null
++++ b/test/schematron/cve-2025-49796_0.xml
+@@ -0,0 +1,3 @@
++<librar0>
++    <boo0/>
++</librar0>
+-- 
+2.40.0
+
diff --git a/meta/recipes-core/libxml/libxml2_2.13.8.bb b/meta/recipes-core/libxml/libxml2_2.13.8.bb
index ea7aa9c41d..3d6ecf5458 100644
--- a/meta/recipes-core/libxml/libxml2_2.13.8.bb
+++ b/meta/recipes-core/libxml/libxml2_2.13.8.bb
@@ -18,6 +18,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
            file://run-ptest \
            file://install-tests.patch \
            file://CVE-2025-6021.patch \
+           file://CVE-2025-49794_CVE-2025-49796.patch \
            "
 
 SRC_URI[archive.sha256sum] = "277294cb33119ab71b2bc81f2f445e9bc9435b893ad15bb2cd2b0e859a0ee84a"

From patchwork Thu Jul 17 02:55:30 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67008
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 36A6CC83F34
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:56:01 +0000 (UTC)
Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com
 [209.85.215.169])
 by mx.groups.io with SMTP id smtpd.web11.40455.1752720953554209426
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:53 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=PCidTTnM;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f169.google.com with SMTP id
 41be03b00d2f7-b31d489a76dso380098a12.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720953;
 x=1753325753; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=TtS41Au2G7ZoFdyJpu6LiFRoSQSvMV7x2WznWVjXGbI=;
        b=PCidTTnM55R5/wjdidtfqaBH+oYsxQTYHvRttYyn9eXm114+Z2SiWT5V352t9gHaJB
         85etD6FlH0mpwujhsNpjcKa2Igw5nVDEe4oeTESEPkLvlYinypbOJHQccliWypj1wwta
         AXtohXUdjNG13RD0Zl/HY625eGaRdTck/LwJoby+ANSTYuf4hIHBlusDn9l8sYsoebuB
         i9iLKrcinI0/ZqiJuzsB0rZS20icWmfhrthPnjBSPnj6olyBlrbAajx2I2khpkWsTYrJ
         Ki5/Rh3IxJe05VYU3j0VwFAq/+RwRLm6bqpZPcNDyb0ULT433Ms1OlBylRFeaOAGdYf/
         fcJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720953; x=1753325753;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=TtS41Au2G7ZoFdyJpu6LiFRoSQSvMV7x2WznWVjXGbI=;
        b=MudIfEpw7+pJEeuZ0xPN9JuBj2ohiUdssD75yNc6yboTjA1MwhkbOT/S1S33GE78Ih
         Ke7MGKKw3AzNgCGLLr7UXOXuqHDf66hnN59ZS7E4gduh6K5OajN/3fNv3r5czMgli3J3
         tDEKerYKlV4xIXU3FY7tDFcvXOIqmc5Rq7d6vZPK1q8G58u5IdoGI287wDO4RK9/iQru
         vnptYbAg0gmZxcDDsDQER7sCpJawcWxn60MVGuZzh610ePZwRAKc51GBTEhAdxTVrML/
         4jkQ2zVUFqP55ouHcoZOBkBzPPRWkbEhDNJoA8khh6tyMR6uPbN1boudrpXIfhzwB71m
         Vrkg==
X-Gm-Message-State: AOJu0Yw7imju/eHRMsaiuSzj6ooRa0+h2MxfSzJf5Kh9Noc1YZOL1Qdc
	SnDmmbQYxiDOX3qKn1nFDa7t7foKcN0ifUji+7D1W1UHzWzu/zvm5p2Ad84ygraShvHybuETiOk
	sPWrO
X-Gm-Gg: ASbGncvRevzrU7xnFv3rUOsCYhrve2f3ULn7xKSOQJIfuCBgLkT/YST61FbQIVuOT8E
	Nbu816FCvFFDW7K1cnqd9wDGp/PclzDwfxz/2/oF8ec1jQLqkFidg4OsGLjg7r7ulxfGBDSjOzi
	tXyJAJaGmf23Ru8XBh2FVZvG5JEDc1KlWQ88Zkltr/WLNB7seISeJkBdOhFLT138PgOARyBQdxI
	VSo2YbH/G/xyZELWbK0oaM0PPbMfb+aV+qituzKGfCLNiJzqHPuF2xYSuLQC7SJXq+y2Z2qRJ8Y
	zIFbdf6DqQQIdt9y+bmZUxG/VrXVqmZSQPc3vwCBgzfEgSLusEFPdO1l4LsH/nISr6C0c+i533F
	f30utjRcSvn2DAQ==
X-Google-Smtp-Source: 
 AGHT+IGL9YvneNHuzBpIiXxhSDpGZ4CKhHr6UMWPM9nTzPSOqz0+ct/NZbNVzWYUbMA61FWzjo0PSQ==
X-Received: by 2002:a17:903:b90:b0:237:ec18:ead7 with SMTP id
 d9443c01a7336-23e2572fbd9mr90219795ad.24.1752720952572;
        Wed, 16 Jul 2025 19:55:52 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.55.52
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:55:52 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 07/13] libxml2: fix CVE-2025-49795
Date: Wed, 16 Jul 2025 19:55:30 -0700
Message-ID: 
 <9f17e0911eeb49e007de8ee3e50d9f3f38e08a26.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:56:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220493

From: Divya Chellam <divya.chellam@windriver.com>

A NULL pointer dereference vulnerability was found in libxml2 when
processing XPath XML expressions. This flaw allows an attacker to
craft a malicious XML input to libxml2, leading to a denial of service.

Pick commit from 2.13 branch

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-49795

Upstream-patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/62048278a4c5fdf14d287dfb400005c0a0caa69f

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../libxml/libxml2/CVE-2025-49795.patch       | 75 +++++++++++++++++++
 meta/recipes-core/libxml/libxml2_2.13.8.bb    |  1 +
 2 files changed, 76 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch

diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch
new file mode 100644
index 0000000000..11f543cb9b
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2025-49795.patch
@@ -0,0 +1,75 @@
+From 62048278a4c5fdf14d287dfb400005c0a0caa69f Mon Sep 17 00:00:00 2001
+From: Michael Mann <mmann78@netscape.net>
+Date: Sat, 21 Jun 2025 12:11:30 -0400
+Subject: [PATCH] [CVE-2025-49795] schematron: Fix null pointer dereference
+ leading to DoS
+
+Fixes #932
+
+CVE: CVE-2025-49795
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/62048278a4c5fdf14d287dfb400005c0a0caa69f]
+
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ result/schematron/zvon16_0.err | 3 +++
+ schematron.c                   | 5 +++++
+ test/schematron/zvon16.sct     | 7 +++++++
+ test/schematron/zvon16_0.xml   | 5 +++++
+ 4 files changed, 20 insertions(+)
+ create mode 100644 result/schematron/zvon16_0.err
+ create mode 100644 test/schematron/zvon16.sct
+ create mode 100644 test/schematron/zvon16_0.xml
+
+diff --git a/result/schematron/zvon16_0.err b/result/schematron/zvon16_0.err
+new file mode 100644
+index 0000000..3d05240
+--- /dev/null
++++ b/result/schematron/zvon16_0.err
+@@ -0,0 +1,3 @@
++XPath error : Unregistered function
++./test/schematron/zvon16_0.xml:2: element book: schematron error : /library/book line 2: Book 
++./test/schematron/zvon16_0.xml fails to validate
+diff --git a/schematron.c b/schematron.c
+index 426300c..6e2ceeb 100644
+--- a/schematron.c
++++ b/schematron.c
+@@ -1509,6 +1509,11 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
+             select = xmlGetNoNsProp(child, BAD_CAST "select");
+             comp = xmlXPathCtxtCompile(ctxt->xctxt, select);
+             eval = xmlXPathCompiledEval(comp, ctxt->xctxt);
++            if (eval == NULL) {
++                xmlXPathFreeCompExpr(comp);
++                xmlFree(select);
++                return ret;
++            }
+ 
+             switch (eval->type) {
+             case XPATH_NODESET: {
+diff --git a/test/schematron/zvon16.sct b/test/schematron/zvon16.sct
+new file mode 100644
+index 0000000..f03848a
+--- /dev/null
++++ b/test/schematron/zvon16.sct
+@@ -0,0 +1,7 @@
++<sch:schema xmlns:sch="http://purl.oclc.org/dsdl/schematron">
++	<sch:pattern id="TestPattern">
++		<sch:rule context="book">
++			<sch:report test="not(@available)">Book <sch:value-of select="falae()"/> test</sch:report>
++		</sch:rule>
++	</sch:pattern>
++</sch:schema>
+diff --git a/test/schematron/zvon16_0.xml b/test/schematron/zvon16_0.xml
+new file mode 100644
+index 0000000..551e2d6
+--- /dev/null
++++ b/test/schematron/zvon16_0.xml
+@@ -0,0 +1,5 @@
++<library>
++	<book title="Test Book" id="bk101">
++		<author>Test Author</author>
++	</book>
++</library>
+-- 
+2.40.0
+
diff --git a/meta/recipes-core/libxml/libxml2_2.13.8.bb b/meta/recipes-core/libxml/libxml2_2.13.8.bb
index 3d6ecf5458..fd042c311d 100644
--- a/meta/recipes-core/libxml/libxml2_2.13.8.bb
+++ b/meta/recipes-core/libxml/libxml2_2.13.8.bb
@@ -19,6 +19,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt
            file://install-tests.patch \
            file://CVE-2025-6021.patch \
            file://CVE-2025-49794_CVE-2025-49796.patch \
+           file://CVE-2025-49795.patch \
            "
 
 SRC_URI[archive.sha256sum] = "277294cb33119ab71b2bc81f2f445e9bc9435b893ad15bb2cd2b0e859a0ee84a"

From patchwork Thu Jul 17 02:55:31 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67009
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3B982C83F37
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:56:01 +0000 (UTC)
Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com
 [209.85.215.173])
 by mx.groups.io with SMTP id smtpd.web11.40456.1752720955150679684
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:55 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=JXRV0uA/;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f173.google.com with SMTP id
 41be03b00d2f7-b390136ed88so282312a12.2
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720954;
 x=1753325754; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=OeU2oqYFsWLdsUE8z+/38/m+lgkOF4XszeBN9TpMOzc=;
        b=JXRV0uA/e5oQEaHik9pBu+MgCUoyBorZtN/ivmOtEBu8E14JTPHnR6C4Ljp50GPH4a
         d6mm8Chp7hL03vyQXesaL3U0xfw8QCaqbuAmPw/Q1RyyMlnUcHQNAbNYVgCGYju30P2W
         FoG26lymp7UtCgykoPmnzu4JdnnZmlRkP/rVTNyQLC3SQBFEytJsyVNqAQquN8K6vrJW
         oWYwwhXMVLfy5Fcn7NabCuIa3k1Xw7yrJRJSZzDrQ57nHsfy3tsZtMRQGjrLt/Q0eECN
         nc0lsjODV53cAbEf3WSPjlSp50lYgWz18Ni6EHrpnzinXv+dLhSIBpB1PFZa6fxug67Z
         PfyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720954; x=1753325754;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=OeU2oqYFsWLdsUE8z+/38/m+lgkOF4XszeBN9TpMOzc=;
        b=U83QJ92QbLn7J1AijFlm1++pfpfsicD14x4H2n86fAi/vNWdOqZaQoXJHk0D5t3Rbv
         Sxo0+CLamMDZma6ynSvHlbuhLDoHVy7xRSWHDfS3pgncdgH0Q9n4Ru+OTwWMtDfSLYRj
         kfcbQZhqR5+RoF0umjfjjXLPqFaQaWDg/ln/MNvVA3IhG3HkeNTGjNQec5qfBoc8tdNR
         k/PyHyetrgNgunmCtpnxVGfHUgHA8V0fzIokNfaCpXj7UmaXbprHp9QVTX9cA9slrYCk
         vI4IO1nYdT1cJlIPtPHkmqGjNbJCHwJssJ6MGwtud374Q5LVpMxAM4mbcUDcu2/JSqO4
         frqg==
X-Gm-Message-State: AOJu0YxQhcGxvwA33y20VhGvKxMxZvUt2whfvVLGj3kJ8xZ79nJ9YWyn
	Bj7MvdhDD8DXZyMcbgHTBWhxPhM4fJZf5wt1haMq6OEwuO6gC14fz2Z7sJqjj/gN8lTeSpvH1EN
	cbVQD
X-Gm-Gg: ASbGncs+5PDBFBB1ZEXEHPAU/kjSzHbjq5CBHVVe4+MOVIN8JIb1P4wiovUMqnouua1
	7UcOn3O9V+LoK3kgN6recdSjHjVbOJdMRLAfbTpEt1zXdbumL2a3vGcgBg0OwDwRrgaW9/O7cdE
	JcOYv14oIuKmglOUM5i6+//5IOYqDMp0fmNaKrWX6U7nIPSyiuy9GsvToykwxSZhVhUhZrN+upc
	30+poDQHWm7jqBrOdd7I7msnibq0li+Ewogkd8hJH9fV9dYNOfXt9HqPCxssXrrya8s3AbUzFsa
	wESXjSEgN8bzg3+KrQtCk+B7StsPT9ODE21E5R1fqCDEcXyuLpv1JfZPst0xz21PGZza/ODF6UD
	a7H327+UpopQKQw==
X-Google-Smtp-Source: 
 AGHT+IFWsj8cPRdFFw7KYiUwW3+NrfMytteA1adTC2fSpoYkWM7Ubj6vjYv/ISyBv1iGwt3njU1P3w==
X-Received: by 2002:a17:90b:5385:b0:31a:ab75:6e45 with SMTP id
 98e67ed59e1d1-31c9e76c178mr7948346a91.28.1752720954206;
        Wed, 16 Jul 2025 19:55:54 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.55.53
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:55:53 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 08/13] binutils: stable 2.44 branch updates
Date: Wed, 16 Jul 2025 19:55:31 -0700
Message-ID: 
 <bf237c02ac3f49b367601063aba28c8d09cd8be8.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:56:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220494

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

Below commits on binutils-2.44 stable branch are updated.

b09cf42d51e ld/PE: special-case relocation types only for COFF inputs
f0019390d12 s390: Prevent GOT access rewrite for misaligned symbols
452f5511154 x86: Check MODRM for call and jmp in binutils older than 2.45
4058d5a38a1 ld: fix C23 issue in vers7 test

Test Results:
                                 Before  After  Diff
No. of expected passes            310     310    0
No. of unexpected failures        1       1      0
No. of untested testcases         1       1      0
No. of unsupported tests          9       9      0

Testing was done and there were no regressions found

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/binutils/binutils-2.44.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc
index e5df62b14e..8855fa709a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.44.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.44.inc
@@ -20,7 +20,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P<pver>\d+_(\d_?)*)"
 
 CVE_STATUS[CVE-2025-1153] = "cpe-stable-backport: fix available in used git hash"
 
-SRCREV ?= "819d713b6340ed3657e00ad0bc8d5f2b73094a0f"
+SRCREV ?= "8e98f97aecb0f0a1a1e2ef244e9aa235248ef8fa"
 BINUTILS_GIT_URI ?= "git://sourceware.org/git/binutils-gdb.git;branch=${SRCBRANCH};protocol=https"
 SRC_URI = "\
      ${BINUTILS_GIT_URI} \

From patchwork Thu Jul 17 02:55:32 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67010
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 48AF8C83F39
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:56:01 +0000 (UTC)
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com
 [209.85.216.43])
 by mx.groups.io with SMTP id smtpd.web10.40204.1752720956479655954
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:56 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=bA7Xy/DW;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.43,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f43.google.com with SMTP id
 98e67ed59e1d1-3135f3511bcso488756a91.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720956;
 x=1753325756; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=pT+W0otcHeJNjxjuBelL5w7QFHljY/9EyqXFp4mOGG0=;
        b=bA7Xy/DWWq6rTkRbdr/3MoDjXkATieHTprOPr5nwVVg+PlwNI+h82LPqVQj3zTKldz
         77z45MFXFmLeL0BzqdY0Ss2Qp4SBPgg6Ce7gyrvoFMiRq0BsmtG4ZzihsgY+644WXRu6
         mbVkvboVLcB0+wREkE6CQM6uD81We8F5VkirCFIibMI3oH5+q5lODOu7ny/PzLgURL9Y
         I7R5I6zoKXpyBrr0OGZYeu2d2YTMgSPZBODiffDJ54wMPTkE5jvAgSI1vELiLxPAFYNA
         AmKDzphJUnJcSMSrvi7DvQA60gPa6oz+wYjhQ1hv8HEFJNzp7/tsxEG0Seo4ChrccASo
         QOng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720956; x=1753325756;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=pT+W0otcHeJNjxjuBelL5w7QFHljY/9EyqXFp4mOGG0=;
        b=DVFioIqNpiPazkiMfgz8Wub6d1LXCPaQJxBLhJnzlmD7xv9PZ9qIseNv6jtPJN2xVz
         lPWhe5QTiX7ZhWIyMKsWvj+pdYbZ+g7yhbBJoWI3Rh1RbcX7cm9ret2WA4z7Bfq6Z4qA
         Tbq0Tt4XCPXLACMptJ2wMXnOq6ZvOsIydq5wAmhnSH5zLMb16FhyUx4yXi1MzdK/6TY6
         uHgRYSJ1cHAXRd4hcvtOiGs38FrqaX4pB6PQ+ApZlB7u3DRcnosBd6CKBR09tpRINeaJ
         CcP7h/CZYQRdwi43O2Tc5YArS7WniTTtRHpOvsQDRPdd4zcQS8VUSRGsGTuWoYsmzc3X
         zW/Q==
X-Gm-Message-State: AOJu0Yytp1yQGGuRI5Grl2dwhpSorfH9hsLmCsIhps9fTX9BDMgT8Xdg
	hLEJCZEIdylOddjSnK6SPLKbKBoj5Z5zXtmWfcnVjjlBTIWBSb7X6O+uNRaPlnoWWdI8rsgsWXU
	mFTQI
X-Gm-Gg: ASbGncscpjT7x7hpruB9WhZwtIdXFehdWbmP1GgwO/76yH8DT2hyBZFNoX+E17PhqRk
	VBF2fRZR3JxA0l5UZ2c5AHWekyU8HoAjOXWgnqZQNN5vYZufktKpgqi+CfExpi6cCFWjRUcMAQW
	cmxhQp4bnoyp73BEthwe9Jm057qzGxfR/vM361GuZIbM8Z2bbvbdpUO2aiqR/sCD4bmqIUOhdxo
	5l6pHUf8gJqz4aE7FVGW59wPCMHckZxcwRwrZtBnx+mtATs4UAhG9y33R3c0XxgFUsXGGBq1fFy
	bexcOMKUxfV0dgm6VkqkMRKQ/Fh/OM3UHY1qkKiEydpnMimDzZ956Q1ASsTxpNvhn/PswLEtVFK
	p2e2ylHr8rNzcfw==
X-Google-Smtp-Source: 
 AGHT+IEwvZY/UWyahlr6ZeXHUKFAR5aAqClrF25hE6TOS5hyggO5uy0QzzUjWcHq3pBH+xLLo0T7UQ==
X-Received: by 2002:a17:90b:4985:b0:312:25dd:1c99 with SMTP id
 98e67ed59e1d1-31c9f45e1d0mr6767733a91.19.1752720955688;
        Wed, 16 Jul 2025 19:55:55 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.55.55
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:55:55 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 09/13] binutils: Fix CVE-2025-5245
Date: Wed, 16 Jul 2025 19:55:32 -0700
Message-ID: 
 <ad946d34d1a4536b0431cb74ce29b47a0367b0ae.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:56:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220495

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

PR32829, SEGV on objdump function debug_type_samep
u.kenum is always non-NULL, see debug_make_enum_type.

Backport a patch from upstream to fix CVE-2025-5245
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a]

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.44.inc                |  1 +
 .../binutils/0018-CVE-2025-5245.patch         | 38 +++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0018-CVE-2025-5245.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc
index 8855fa709a..0f0befe30e 100644
--- a/meta/recipes-devtools/binutils/binutils-2.44.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.44.inc
@@ -42,5 +42,6 @@ SRC_URI = "\
      file://0017-CVE-2025-1181-2.patch \
      file://0016-CVE-2025-5244.patch \
      file://0016-CVE-2025-3198.patch \
+     file://0018-CVE-2025-5245.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-5245.patch b/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-5245.patch
new file mode 100644
index 0000000000..d4b7d55966
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-5245.patch
@@ -0,0 +1,38 @@
+From: Alan Modra <amodra@gmail.com>
+Date: Tue, 1 Apr 2025 22:36:54 +1030
+
+PR32829, SEGV on objdump function debug_type_samep
+u.kenum is always non-NULL, see debug_make_enum_type.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a]
+CVE: CVE-2025-5245
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/binutils/debug.c b/binutils/debug.c
+index dcc8ccde..465b18e7 100644
+--- a/binutils/debug.c
++++ b/binutils/debug.c
+@@ -2554,9 +2554,6 @@ debug_write_type (struct debug_handle *info,
+     case DEBUG_KIND_UNION_CLASS:
+       return debug_write_class_type (info, fns, fhandle, type, tag);
+     case DEBUG_KIND_ENUM:
+-      if (type->u.kenum == NULL)
+-	return (*fns->enum_type) (fhandle, tag, (const char **) NULL,
+-				  (bfd_signed_vma *) NULL);
+       return (*fns->enum_type) (fhandle, tag, type->u.kenum->names,
+ 				type->u.kenum->values);
+     case DEBUG_KIND_POINTER:
+@@ -3097,9 +3094,9 @@ debug_type_samep (struct debug_handle *info, struct debug_type_s *t1,
+       break;
+ 
+     case DEBUG_KIND_ENUM:
+-      if (t1->u.kenum == NULL)
+-	ret = t2->u.kenum == NULL;
+-      else if (t2->u.kenum == NULL)
++      if (t1->u.kenum->names == NULL)
++	ret = t2->u.kenum->names == NULL;
++      else if (t2->u.kenum->names == NULL)
+ 	ret = false;
+       else
+ 	{

From patchwork Thu Jul 17 02:55:33 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67007
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2E494C83F1B
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:56:01 +0000 (UTC)
Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com
 [209.85.216.41])
 by mx.groups.io with SMTP id smtpd.web10.40206.1752720958709177977
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=T2yTYcKY;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.41,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f41.google.com with SMTP id
 98e67ed59e1d1-312e747d2d8so1143121a91.0
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:55:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720958;
 x=1753325758; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=6syUaQuyzTaWcwvLYzCpGg1KmKN7nGdhKdQqoyw/LLk=;
        b=T2yTYcKYdadEQ/zgKpg4+HVCgHQY2glS8xFYEi0Py6kgi76hjYNALma71LsBI9rIOb
         pF8slAVTMsj8uBL4IpGe3igHSwDRkfqG3NioreQk+SvLrRgQGwALGAKebR8mU15DBq3f
         HUlK9A9E4ovgBx6w3StpAXTvH9W0ETC4X+2R+76MIXvMubbUQzWRThjMVDd5FmmnTqjz
         +A1/siKIbrLGSnXDHvyBcUV1jnsNIILs9N1pptboRML9DJ8E9CvU/qFjb8ME/zhrHD14
         1IkPZzUxdQAd9MosOOy+NSVMSmexkNcoReJpoMaPiVCkSgb6PdivtbXXZBOvzh+s082/
         O6eA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720958; x=1753325758;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=6syUaQuyzTaWcwvLYzCpGg1KmKN7nGdhKdQqoyw/LLk=;
        b=EXZoe/Fg0SQ1H3z9c4wFmfMTxUUgVBj6oLZdur5mfknPTuhtBnm2TkjPH82iPUmslk
         Lrp4a9jukV//S0CJTqbmd3pIaxw5i4EkRrrWgpRn6X6fpjwsyGCiQS8D4Y0d0a3qu2nQ
         mFy7sI5xbIZBHE3HfYFuMxQUFRRKjLzWG2vZqOvVhjkEO4O5S0gjnJr1B45v7E1b3ixY
         OProuFUPbZbQ1A+u8idaeOflPbcGJG5IUb145r5vWqNjyBeC3gdUwXaBIcpiMrtKAMDr
         pArlq/havITQhxwINRuQ+CS+GVb6FWLChLXuDPIWDbYoHWOahoK7VwP5cdCsA5GYN0L+
         V9sA==
X-Gm-Message-State: AOJu0Yww5v5E3GzxK922+mGASOIEC3Y7gk1XIDsgRMfg5tONbBq02n1D
	DJuTEZ5pvYnW2/mOox+z/Dqw0ABkHRgm8wOEa8A0/33z2u8ko0q5s/LFl5r75f2mCjbwHbuxC6Z
	uqYu4
X-Gm-Gg: ASbGncsOWwQgUA1HrETD948IOTDSfDV0oBokAWCw1DKWy1wbDRD7Fi4AkoWFBfCPbQc
	XE1yBX40E5qKapcIUqaPNe2Sa9N5NsA+ci7cosf34/yLpLQOCIiZHYTtW+P1HDESkmgga2Fjoh+
	huc/rGcqpcCsRm4YMqhjtPOkJ88RcB7fQRteES7HOJMjejkSzb9kkblD4rRyD74beKrMjVjfj79
	W+RhPUipYY3iJ5i/zGp/QrRjGykAJK2JdV4X2JidNVOKY79CZMmPQylEKRdZ7o8wHSZ8gdkCyLK
	L79FjqSwusK99yoV5m2zrz+ikgBC58908qKWyGJXrwhgvMbapGgsKe5Nojh60IyZOhVRuso4tH1
	ktq7clNgSX1H5Sw==
X-Google-Smtp-Source: 
 AGHT+IGyEHdRl2atcqgKfwFR+/zh1PRBS8mLNVHUFPLlmKOsqpzVFBjN7AsWVp12M3bGHpT+Fuoc5w==
X-Received: by 2002:a17:90b:2f06:b0:311:83d3:fd9c with SMTP id
 98e67ed59e1d1-31cae8786c9mr2579909a91.0.1752720957860;
        Wed, 16 Jul 2025 19:55:57 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.55.56
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:55:57 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 10/13] binutils: Fix CVE-2025-7545
Date: Wed, 16 Jul 2025 19:55:33 -0700
Message-ID: 
 <9730ddc98bd961d4e2b5b79fa60a2dde1d2a3301.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:56:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220496

From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>

objcopy: Don't extend the output section size
Since the output section contents are copied from the input, don't
extend the output section size beyond the input section size.

Backport a patch from upstream to fix CVE-2025-7545
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944]

Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.44.inc                |  1 +
 .../binutils/0019-CVE-2025-7545.patch         | 39 +++++++++++++++++++
 2 files changed, 40 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2025-7545.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc
index 0f0befe30e..8a26fe76f1 100644
--- a/meta/recipes-devtools/binutils/binutils-2.44.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.44.inc
@@ -43,5 +43,6 @@ SRC_URI = "\
      file://0016-CVE-2025-5244.patch \
      file://0016-CVE-2025-3198.patch \
      file://0018-CVE-2025-5245.patch \
+     file://0019-CVE-2025-7545.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-7545.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-7545.patch
new file mode 100644
index 0000000000..062d6721b6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-7545.patch
@@ -0,0 +1,39 @@
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 21 Jun 2025 06:36:56 +0800
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944]
+CVE: CVE-2025-7545
+
+Since the output section contents are copied from the input, don't
+extend the output section size beyond the input section size.
+
+	PR binutils/33049
+	* objcopy.c (copy_section): Don't extend the output section
+	size beyond the input section size.
+
+Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
+
+diff --git a/binutils/objcopy.c b/binutils/objcopy.c
+index e2e6bd7e..3cbb3977 100644
+--- a/binutils/objcopy.c
++++ b/binutils/objcopy.c
+@@ -4634,6 +4634,7 @@ copy_section (bfd *ibfd, sec_ptr isection, bfd *obfd)
+ 	  char *to = (char *) memhunk;
+ 	  char *end = (char *) memhunk + size;
+ 	  int i;
++	  bfd_size_type memhunk_size = size;
+ 
+ 	  /* If the section address is not exactly divisible by the interleave,
+ 	     then we must bias the from address.  If the copy_byte is less than
+@@ -4653,6 +4654,11 @@ copy_section (bfd *ibfd, sec_ptr isection, bfd *obfd)
+ 	      }
+ 
+ 	  size = (size + interleave - 1 - copy_byte) / interleave * copy_width;
++
++          /* Don't extend the output section size.  */
++          if (size > memhunk_size)
++            size = memhunk_size;
++	  
+ 	  osection->lma /= interleave;
+ 	  if (copy_byte < extra)
+ 	    osection->lma++;

From patchwork Thu Jul 17 02:55:34 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67005
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2A25BC83F22
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:56:01 +0000 (UTC)
Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com
 [209.85.215.175])
 by mx.groups.io with SMTP id smtpd.web11.40458.1752720960631927552
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:56:00 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=oeqzYuLg;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.175,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f175.google.com with SMTP id
 41be03b00d2f7-b34a6d0c9a3so433625a12.3
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:56:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720960;
 x=1753325760; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=6yn7B+ipUVVRHb4W/hSV3THQ3JZ0KcrS1yG32M/2QnA=;
        b=oeqzYuLgWoru6oQfNljQg4UXTzN7xmfMNhvK++O1A6wvH5T91MRzuzKL/SK/1JsOcD
         lFeV6k8BH7HWSGIWo7oE/amCLrmr6huO46/i1F3O2VvDNCmSwrq1t0AUNQDSgewC0DsS
         XNfFylCMH+jjx6XaOjBks1gDw1Vs1a1+KVFYp7YevgiI0MYbzv7EhOQyLeOZd79YweJl
         /GmEy4Bo9nm2eMlMT2WbElJEmmJDelbxA2NlZf5clMlaJ5d7f/V5XJFqLzM2JrUgloer
         yr/yxL5aoNlxdtH2aBl6rFyhPO1L9Hch2YU+lVcqByuJEeF+LokaT6b2lTiqtUsU7kOr
         mPOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720960; x=1753325760;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=6yn7B+ipUVVRHb4W/hSV3THQ3JZ0KcrS1yG32M/2QnA=;
        b=AX4Gal5+KucVDcEEYbeV+rPzHgQueeSUfYzyf9Wxk0/oEK+odMbG12ySPCEU57u7jK
         xDAf7ANJbvjjgY0IvdhvLqz/mNQ7baWA43TM024c/0PWH1dRMtmPVjU/iE7dRBTN++z8
         wJ11sa2+yiUK5dk3HDlD+ArgEcK9vowdf+arHrRu5bACNOh18CM65relEOVWP1EGkmfQ
         8017Kq7/MNpRHXjoZ+SO6me1kElXYNdzgFtLmBeifarF/SoRzYLvfRECtk114wOB3Ea3
         3wJEcIrH0Za0NtTCvpZ7WZofJwO0eNtzk3NM4wp8QZpm2v68R6RCiZRGFwA1Mtc3WjZZ
         uHuQ==
X-Gm-Message-State: AOJu0YwqAk38B/2pyCCxij3D+xs/htt81chTtvI+FpyLELvPj/4e0p7Q
	nDjGIzvChVO4KYBgg4ch26JHyjwKeeDzyOD3tJfwMaYfCC3QJm38kMRuxNrCcw7khCyrQmq+oqH
	zdT5V
X-Gm-Gg: ASbGncs+HTO7PQZnVYIn2Hzy0v7VrXSLzAyG98tfx+P33BcBV2U/Y5bvi9m7VeVWKPK
	ccdHKTGnkJLZqw3NibP4ckScrHeNHgWYMiOyFPnniydLrW+4Od+52CPLq+5pc0CyYwSPnskk19q
	nRwD113d8gFbJaFXxkn7Zu495ogvtvkOF5ycP8hErwR6ZBcOex7qh8jV33OhSWbRox99Ug46ocb
	Ntrdmf2PVA6kML5sioPUPv6BjCT3cJj6uAQRngcjDp6Wtt6yewLPF5fRQfxCCb+NvHsb2hBd48G
	dibWxqF9fL2xaaQNqS50AOtqJgOrlEN0CGyIxLZZdrKTej8Vezg/1yXNyDesWMNAw/dccQ2vLcM
	eslySTCdhX7/cew==
X-Google-Smtp-Source: 
 AGHT+IHaTGU27ruUiVjMK3C0Is7HSCFjPd+zmP02jLwDBZP2kfW9xKvmYZ3qfV3l4gqneo+BrxL7/w==
X-Received: by 2002:a17:90b:2684:b0:311:ff18:b84b with SMTP id
 98e67ed59e1d1-31c9f47c7d7mr6363531a91.25.1752720959711;
        Wed, 16 Jul 2025 19:55:59 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.55.58
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:55:59 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 11/13] binutils: Fix CVE-2025-7546
Date: Wed, 16 Jul 2025 19:55:34 -0700
Message-ID: 
 <2eea0b0132fd4bd4d66551a8cc6549480d8a29eb.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:56:01 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220497

From: Yash Shinde <Yash.Shinde@windriver.com>

Report corrupted group section instead of trying to recover.

CVE: CVE-2025-7546
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b]
PR  33050 [https://sourceware.org/bugzilla/show_bug.cgi?id=33050]

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../binutils/binutils-2.44.inc                |  1 +
 .../binutils/0018-CVE-2025-7546.patch         | 58 +++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 meta/recipes-devtools/binutils/binutils/0018-CVE-2025-7546.patch

diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc
index 8a26fe76f1..32928ee167 100644
--- a/meta/recipes-devtools/binutils/binutils-2.44.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.44.inc
@@ -44,5 +44,6 @@ SRC_URI = "\
      file://0016-CVE-2025-3198.patch \
      file://0018-CVE-2025-5245.patch \
      file://0019-CVE-2025-7545.patch \
+     file://0018-CVE-2025-7546.patch \
 "
 S  = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-7546.patch b/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-7546.patch
new file mode 100644
index 0000000000..23c38091a2
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0018-CVE-2025-7546.patch
@@ -0,0 +1,58 @@
+From 41461010eb7c79fee7a9d5f6209accdaac66cc6b Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Sat, 21 Jun 2025 06:52:00 +0800
+Subject: [PATCH] elf: Report corrupted group section
+
+Report corrupted group section instead of trying to recover.
+
+	PR binutils/33050
+	* elf.c (bfd_elf_set_group_contents): Report corrupted group
+	section.
+
+Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b]
+CVE: CVE-2025-7546
+
+Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
+Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
+---
+ bfd/elf.c | 23 ++++++++++-------------
+ 1 file changed, 10 insertions(+), 13 deletions(-)
+
+diff --git a/bfd/elf.c b/bfd/elf.c
+index 14ce15c7254..ee894eb05f2 100644
+--- a/bfd/elf.c
++++ b/bfd/elf.c
+@@ -3971,20 +3971,17 @@ bfd_elf_set_group_contents (bfd *abfd, asection *sec, void *failedptrarg)
+ 	break;
+     }
+ 
+-  /* We should always get here with loc == sec->contents + 4, but it is
+-     possible to craft bogus SHT_GROUP sections that will cause segfaults
+-     in objcopy without checking loc here and in the loop above.  */
+-  if (loc == sec->contents)
+-    BFD_ASSERT (0);
+-  else
++  /* We should always get here with loc == sec->contents + 4.  Return
++     an error for bogus SHT_GROUP sections.  */
++  loc -= 4;
++  if (loc != sec->contents)
+     {
+-      loc -= 4;
+-      if (loc != sec->contents)
+-	{
+-	  BFD_ASSERT (0);
+-	  memset (sec->contents + 4, 0, loc - sec->contents);
+-	  loc = sec->contents;
+-	}
++      /* xgettext:c-format */
++      _bfd_error_handler (_("%pB: corrupted group section: `%pA'"),
++			  abfd, sec);
++      bfd_set_error (bfd_error_bad_value);
++      *failedptr = true;
++      return;
+     }
+ 
+   H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
+-- 
+2.43.5
+

From patchwork Thu Jul 17 02:55:35 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67012
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 453DAC83F22
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:56:11 +0000 (UTC)
Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com
 [209.85.215.179])
 by mx.groups.io with SMTP id smtpd.web10.40207.1752720961940491739
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:56:02 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=XXee7oaX;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f179.google.com with SMTP id
 41be03b00d2f7-b3aa2a0022cso431034a12.1
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:56:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720961;
 x=1753325761; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=xphVIyYd5aVu0bT9kSeqBWcN52bQ7uCr3eZBgnxWqL8=;
        b=XXee7oaXY+axbdK1uLajhV9MM+7pCOv/F4x2Qv+JRi7qK5E2jc4Y2SoiwpH3DFr+vu
         wsZ1MbJBocTLCZeWHOkbLrk/3cZBud2oaz2NXOhr1PAjaDJQUKJwB2rOaijMQdVaafl/
         KiKATbAuZUqa33s0hN/J6LxSSGrirH8IHOvEaHP04XSz7A1gDRCv2TdOqyWnIqjT2dxd
         bVVFhMbr5edNPeUcarEu6L7D0q3YeRJ3XWuFSVWgapxtlw4n95Q1mTuLXd/3IzhWoRKi
         vnw/f0K0N49VdUln9SyzVtrHEwyDcWNN1IDggoC1fh4vcoDlX9DJs9Qgm/YzNteYuV62
         obdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720961; x=1753325761;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=xphVIyYd5aVu0bT9kSeqBWcN52bQ7uCr3eZBgnxWqL8=;
        b=tPgrSO9bZMyFVTxYaV9ftg4OvwJu4vJhbDHWUDDr5I2aFdZB0kZjR82BD7i20YzyYj
         3M5ZKP0pSuBnoPT9MNMEZlmHXjnhQQkMwQiFvF+VyWVvb9V9gmcb0OLvhxu+f5ZCVcN8
         MxcEbAoH6DQDxGCg/ibmR1F7oC0cTXxSc8K9cmQ7uPrKL7L7VnfFy5IJ9oq0XRJWEdDj
         b7eHbdARHVlgBE+Fb+7Ybpmz90g1MLV/vrYrN5b8sCYTu91DSYPkqklLxx4a0ZMlXPh+
         9VpKQOaVskyM+72GmVlTqdISE5YeGreuVp3DT3zXGab7druUneqiIw5Ph/7iL/ZzrJh4
         jYdA==
X-Gm-Message-State: AOJu0YzbLU50TFVL1juS/dwnATj8SJNAqAnnR6RgKwfjOZniMD9x5Tzz
	fqFFtXbslZNZAWH469XtR5SZuzsDnSH3cfMRcZlPrcAXgNHHfM6POiqcA16dxmTAeShSZm/AnKj
	99CO3
X-Gm-Gg: ASbGncvtZEluami4YUsiQtzz3FgpPNPb9Wr7u9zpS8mzqoFrs0InObxQa72Zv2ITYb7
	KhDfuze4NwbzQxZEHW41lQ1lU+dUc8CBbo+eF1tMuBMHPDfJa1oXXSsE5FupTu5TG48xQCCeRNP
	9elWL0EqLN1lB82VsZlNBntZQNZD7ITosK5x7jrr1jqE2MdgIhWSHOeuLAZgeW3LnCPjDOzFJwZ
	zv8Oqkw7iKGUfVcPTA8EhKFRmPq+jJQz9i/EwS+V6YcMesLpCO8FTJiHgWN6C8ZHupxywcmriow
	lPMtZH7Yop/hGD1ZbKPuRq0nIoexD8iAf1jRcf/ByKY7OC5Zz43MljOsqT3R11GtnVCTVugWcmY
	+OxtzS37MGsLNRHokiygoi2WM
X-Google-Smtp-Source: 
 AGHT+IGg0vE9elHsf+1L+u9S5v+bDqOD3vRROLAAIrlOrw3p1vfXPfwSsS64IOrGORpHFsbQI//1gw==
X-Received: by 2002:a17:90b:5385:b0:312:e51c:af67 with SMTP id
 98e67ed59e1d1-31c9f3ef43cmr6218784a91.1.1752720961106;
        Wed, 16 Jul 2025 19:56:01 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.56.00
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:56:00 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 12/13] ruby-ptest : some ptest fixes
Date: Wed, 16 Jul 2025 19:55:35 -0700
Message-ID: 
 <e2686031a0ee8c6e24898b70059d1a50e956625d.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:56:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220498

From: Jiaying Song <jiaying.song.cn@windriver.com>

- Skip the test_rm_r_no_permissions test under the root user, as
  deletion always succeeds.
- Filter out tests under the -ext- directory in run-ptest. Due to the
  commit [1],the packaging of .so test files under the .ext directory
  was removed. As a result, adjust the test filtering rules to avoid
  test failures caused by missing files.
- Add installation of rdoc.rb and did_you_mean.rb files in
  do_install_ptest to ensure complete test dependencies.

[1] https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/ruby?id=4d4485442830bb52b152f0419f4ff9f1d581d46a

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ..._rm_r_no_permissions-test-under-root.patch | 32 +++++++++++++++++++
 meta/recipes-devtools/ruby/ruby/run-ptest     |  2 +-
 meta/recipes-devtools/ruby/ruby_3.4.4.bb      |  5 ++-
 3 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-devtools/ruby/ruby/0007-Skip-test_rm_r_no_permissions-test-under-root.patch

diff --git a/meta/recipes-devtools/ruby/ruby/0007-Skip-test_rm_r_no_permissions-test-under-root.patch b/meta/recipes-devtools/ruby/ruby/0007-Skip-test_rm_r_no_permissions-test-under-root.patch
new file mode 100644
index 0000000000..e3574f1a81
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/0007-Skip-test_rm_r_no_permissions-test-under-root.patch
@@ -0,0 +1,32 @@
+From 9c4748aae4f69390a36875aa27d70c3c632ae944 Mon Sep 17 00:00:00 2001
+From: Jiaying Song <jiaying.song.cn@windriver.com>
+Date: Mon, 7 Jul 2025 15:05:57 +0800
+Subject: [PATCH] Skip test_rm_r_no_permissions test under root
+
+Skip test_rm_r_no_permissions test under root user and Windows environments since deletion always succeeds.
+
+Upstream-Status: Submitted [https://github.com/ruby/ruby/pull/13828/commits/c510b5ac475e6d3eef935725d21910861816b7a9]
+
+Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
+---
+ test/fileutils/test_fileutils.rb | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/test/fileutils/test_fileutils.rb b/test/fileutils/test_fileutils.rb
+index d2096a0..80e3368 100644
+--- a/test/fileutils/test_fileutils.rb
++++ b/test/fileutils/test_fileutils.rb
+@@ -768,8 +768,8 @@ class TestFileUtils < Test::Unit::TestCase
+ 
+   def test_rm_r_no_permissions
+     check_singleton :rm_rf
+-
+-    return if /mswin|mingw/ =~ RUBY_PLATFORM
++    
++    return if Process.uid == 0 || /mswin|mingw/ =~ RUBY_PLATFORM
+ 
+     mkdir 'tmpdatadir'
+     touch 'tmpdatadir/tmpdata'
+-- 
+2.34.1
+
diff --git a/meta/recipes-devtools/ruby/ruby/run-ptest b/meta/recipes-devtools/ruby/ruby/run-ptest
index de7c415aba..17404e3509 100644
--- a/meta/recipes-devtools/ruby/ruby/run-ptest
+++ b/meta/recipes-devtools/ruby/ruby/run-ptest
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-test_fullname=`find test -name test_*.rb` 
+test_fullname=$(find test -name test_*.rb | grep -v '/-ext-/')
  
 for i in ${test_fullname}; do 
 	ruby ./test/runner.rb ${i}  2>&1 > /dev/null
diff --git a/meta/recipes-devtools/ruby/ruby_3.4.4.bb b/meta/recipes-devtools/ruby/ruby_3.4.4.bb
index 39e86fdd28..5d088f32c0 100644
--- a/meta/recipes-devtools/ruby/ruby_3.4.4.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.4.4.bb
@@ -27,7 +27,8 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
            file://0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch \
            file://0006-Make-gemspecs-reproducible.patch \
            file://0001-vm_dump.c-Define-REG_S1-and-REG_S2-for-musl-riscv.patch \
-           "
+           file://0007-Skip-test_rm_r_no_permissions-test-under-root.patch \ 
+          "
 UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
 
 inherit autotools ptest pkgconfig
@@ -104,6 +105,8 @@ do_install_ptest () {
     cp -r ${S}/tool/lib ${D}${PTEST_PATH}/tool/
     mkdir -p ${D}${PTEST_PATH}/lib
     cp -r ${S}/lib/did_you_mean ${S}/lib/rdoc ${D}${PTEST_PATH}/lib
+    cp ${D}${libdir}/ruby/${SHRT_VER}.0/rdoc.rb ${D}${PTEST_PATH}/lib
+    cp ${D}${libdir}/ruby/${SHRT_VER}.0/did_you_mean.rb ${D}${PTEST_PATH}/lib
 
     # install test-binaries
     # These .so files have sporadic reproducibility fails as seen here:

From patchwork Thu Jul 17 02:55:36 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 67011
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 45416C83F27
	for <webhook@archiver.kernel.org>; Thu, 17 Jul 2025 02:56:11 +0000 (UTC)
Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com
 [209.85.216.46])
 by mx.groups.io with SMTP id smtpd.web10.40208.1752720963446372091
 for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:56:03 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Xk81fj8N;
 spf=softfail (domain: sakoman.com, ip: 209.85.216.46,
 mailfrom: steve@sakoman.com)
Received: by mail-pj1-f46.google.com with SMTP id
 98e67ed59e1d1-313154270bbso541892a91.2
        for <openembedded-core@lists.openembedded.org>;
 Wed, 16 Jul 2025 19:56:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1752720963;
 x=1753325763; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=beAT1wtkQi5YYXqYehixsdsjH4VwJ8T+F14kNlFsA9Q=;
        b=Xk81fj8NI/WysGrN+CNa9MVNIbbAXEgRlKvDHhWjuowiSLHmyJTifa30N1RbH4Pw/j
         Hugd1s5CLLgsTcbrNNUWGMys/k3uyyNpFr1/zWe2sRu05WunruMujWkFERduiMSBcvTj
         7f1p/ukHs8Q9DIaz1QoBH31R9uHGHQu5rU5nxgn2DxMnYnXsyfbtmd6zcxTM/vXXGIlg
         YHxv0EaJSrhKlpcDhKuTLee4QZxxYXziqON3zApA7yh+mtdFDUKGIwP4JG444NTIya4m
         ASUKrXiQrK8eNvjQr3c5SQ+pX+q9Kp47IfkSEeDel57cwS+udYeJNlSBW6zhIjihtlRx
         LHlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752720963; x=1753325763;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=beAT1wtkQi5YYXqYehixsdsjH4VwJ8T+F14kNlFsA9Q=;
        b=mJytWva/Ky1HCJkeigqdGVXyzLPHlBdY/LcqvEgHq61nQeA3VliOwZ5s1OtNsbbgeo
         6Arfu3rHcmgq3KDyxeOmN2IIi6Qsg8ilBkov0V1L+AoGSjz48fxvPHW2zK43Pha0DocF
         COeXNKsw0aLuJ6cgNOthCh1HW0zDn9OdvvqeHQfEMArT8Ewpud60Qn8akicHPx9VJEIZ
         t9OEZNVLPug19M1Ct31rs8hXJDOMs6up0BsRo3kvY+HtEs7agxG1tcit3zdbqI1GAU6W
         qdvrB5BKghPIlGIDUd+wZk69oV1Wyt5T4QohKAOm5x9aHjAKwkqAMvDxnNwD3F1vA44C
         DtVw==
X-Gm-Message-State: AOJu0YzKPc9AaZR9j4PA9BlB6rlYh7iZTLb2HUDyo2uRHVD49LQtWbyA
	j8gH7de2FFO2hFsr/d1JkquAJkiAV0G6UA4TH9ySq/2PPa/6WBRJko8bPC0B1e6WeBGBpvZ9uih
	DnT9b
X-Gm-Gg: ASbGncuQGJyqnGkZsp4n+pL/tLDD0gADWW7NociLaSgOo2Q0VL4pJPRNDcovHLcZd55
	sw5ScTJNKxlOAHV47BYcpaogPNeB+NqTMfg8iMErqkfERcfBb072CQWuLJq96p2urgXXPeA9BG8
	C7Wi6rIgwZaKWRVNdCt74WfY6veRVvFwmHfhKoXjFAm57+22VqCZdVRVM+Ek0HYQiaO1r+EnkQg
	qtb9A9ChLgR1YmGWo/NW64K8ev7l9drYbMgg5Qvg0YcFpXAUIVKRs0H1Icp4Uzzq46ZUywUdUye
	2S2CbGddMpv9gCGuCbhSuzwCTz5V/LM6kqSUJ9do9/x43nMGkHR+3ctn1eqKoMaHUB8BQw7zJ1Y
	sXhKnFnPa4BzcYA==
X-Google-Smtp-Source: 
 AGHT+IGTSwSWUhwL60sKv7Hj1I6s2esrryBvKSDtPr5t2tuAtZkJ88uAG6I5EbIlY5bDNiFqIN0oQQ==
X-Received: by 2002:a17:90b:4f49:b0:311:c970:c9c0 with SMTP id
 98e67ed59e1d1-31c9f45e26cmr6352172a91.22.1752720962599;
        Wed, 16 Jul 2025 19:56:02 -0700 (PDT)
Received: from hexa.. ([2602:feb4:3b:2100:3bfc:8fec:7e35:e96a])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-31c9f288173sm2333256a91.25.2025.07.16.19.56.02
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Jul 2025 19:56:02 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 13/13] kea: set correct permissions for
 /var/run/kea
Date: Wed, 16 Jul 2025 19:55:36 -0700
Message-ID: 
 <acbed746f321e1a42df9035d2b6f1029f5a6a6a2.1752720827.git.steve@sakoman.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <cover.1752720827.git.steve@sakoman.com>
References: <cover.1752720827.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Thu, 17 Jul 2025 02:56:11 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/220499

From: Yi Zhao <yi.zhao@eng.windriver.com>

Set the permissions of /var/run/kea to 750 to fix kea server startup
error:

ERROR [kea-dhcp4.dhcp4/445.140718820303936] DHCP4_INIT_FAIL failed to
initialize Kea server: configuration error using file
'/etc/kea/kea-dhcp4.conf': 'socket-name' is invalid: socket
path:/var/run/kea does not exist or does not have permssions = 750

This permission check was introduced by commit[1] in kea 2.6.3.

[1] https://gitlab.isc.org/isc-projects/kea/-/commit/43bba7799f6892f739b4745b35bbeacef3645ad3

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service | 1 +
 meta/recipes-connectivity/kea/files/kea-dhcp4.service     | 1 +
 meta/recipes-connectivity/kea/files/kea-dhcp6.service     | 1 +
 3 files changed, 3 insertions(+)

diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
index f6059d73cb..aec6446f0e 100644
--- a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
@@ -6,6 +6,7 @@ After=time-sync.target
 
 [Service]
 ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/
 ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf
 
 [Install]
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4.service b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
index b851ea71c5..a2ed4edb59 100644
--- a/meta/recipes-connectivity/kea/files/kea-dhcp4.service
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
@@ -6,6 +6,7 @@ After=time-sync.target
 
 [Service]
 ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/
 ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
 ExecStart=@SBINDIR@/kea-dhcp4 -c @SYSCONFDIR@/kea/kea-dhcp4.conf
 
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6.service b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
index 0f9f0ef8d9..ed6e017d0c 100644
--- a/meta/recipes-connectivity/kea/files/kea-dhcp6.service
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
@@ -6,6 +6,7 @@ After=time-sync.target
 
 [Service]
 ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/
 ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
 ExecStart=@SBINDIR@/kea-dhcp6 -c @SYSCONFDIR@/kea/kea-dhcp6.conf