From patchwork Fri Aug 1 14:07:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 67878 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 473D3C88CB9 for ; Fri, 1 Aug 2025 14:07:49 +0000 (UTC) Received: from a27-30.smtp-out.us-west-2.amazonses.com (a27-30.smtp-out.us-west-2.amazonses.com [54.240.27.30]) by mx.groups.io with SMTP id smtpd.web11.88622.1754057265119283479 for ; Fri, 01 Aug 2025 07:07:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=j46ser6a2yusdzubpv7m7ewqgesde2ie header.b=uHsP+dPP; dkim=pass header.i=@amazonses.com header.s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx header.b=Y/rcBAWj; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.30, mailfrom: 0101019865f5da7e-0eed396f-bf72-431f-8442-cff7ab60fe34-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=j46ser6a2yusdzubpv7m7ewqgesde2ie; d=yoctoproject.org; t=1754057267; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=Ki7GzBGj3AZAzSOlrETzoQJYTreTOd84PkGx0+nh0lw=; b=uHsP+dPPo7xmaJOgGjUw32pbbS6iggGInkelzqg2s7sL9oTH+d8jg+E7e7iB19q7 AsLh1KkkrWBaTODQMwNNA76HNs8GhIUJDucNvH0pV9WAWb6tymTCYdk9OUMK7ggiZmV DsBnEZ8EsHbQ7LbBZPUni1Cscby/h8pn1KEX+wfg= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1754057267; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=Ki7GzBGj3AZAzSOlrETzoQJYTreTOd84PkGx0+nh0lw=; b=Y/rcBAWjey/oYPW5212uAYfYOiLtUstThnGMSpoz5pZmFAyI5cTNMo7NNNQtdIHE RVj8k5sKeyWPyopey8OZusWmljWAtmWL3+MwQgPrsXO2DP2az0Blqiw+pn/BtjMTBHn 59120xGz92i+X4wKflhI1XkuaWGOvEPoc/IzTIDk= MIME-Version: 1.0 From: auh@yoctoproject.org To: Changhyeok Bae Cc: openembedded-core@lists.openembedded.org Subject: [AUH] connman: upgrading to 1.45 SUCCEEDED Message-ID: <0101019865f5da7e-0eed396f-bf72-431f-8442-cff7ab60fe34-000000@us-west-2.amazonses.com> Date: Fri, 1 Aug 2025 14:07:47 +0000 Feedback-ID: ::1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2025.08.01-54.240.27.30 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 01 Aug 2025 14:07:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221258 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe(s) *connman* to *1.45* has Succeeded. Next steps: - apply the patch: git am 0001-connman-upgrade-1.44-1.45.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 475c5843c58fa700da3e3fca2cb3655fc2e469eb Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Fri, 1 Aug 2025 08:29:19 +0000 Subject: [PATCH] connman: upgrade 1.44 -> 1.45 --- ...ve-musl-does-not-implement-res_ninit.patch | 2 +- .../connman/connman/CVE-2025-32366.patch | 41 ---------------- .../connman/connman/CVE-2025-32743.patch | 48 ------------------- .../{connman_1.44.bb => connman_1.45.bb} | 4 +- 4 files changed, 2 insertions(+), 93 deletions(-) delete mode 100644 meta/recipes-connectivity/connman/connman/CVE-2025-32366.patch delete mode 100644 meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch rename meta/recipes-connectivity/connman/{connman_1.44.bb => connman_1.45.bb} (98%) diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch index 2c612039ee..01399dbab8 100644 --- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch @@ -1,4 +1,4 @@ -From 4e726a5aaa75d60fab6a56bc37dbec48be53ff79 Mon Sep 17 00:00:00 2001 +From 0ebbd2716facbef0cfb5e0666903bbbd2e800104 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 6 Apr 2015 23:02:21 -0700 Subject: [PATCH] gweb/gresolv.c: make use of res_ninit optional and subject to diff --git a/meta/recipes-connectivity/connman/connman/CVE-2025-32366.patch b/meta/recipes-connectivity/connman/connman/CVE-2025-32366.patch deleted file mode 100644 index 62f07e707a..0000000000 --- a/meta/recipes-connectivity/connman/connman/CVE-2025-32366.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 8d3be0285f1d4667bfe85dba555c663eb3d704b4 Mon Sep 17 00:00:00 2001 -From: Yoonje Shin -Date: Mon, 12 May 2025 10:48:18 +0200 -Subject: [PATCH] dnsproxy: Address CVE-2025-32366 vulnerability - -In Connman parse_rr in dnsproxy.c has a memcpy length -that depends on an RR RDLENGTH value (i.e., *rdlen=ntohs(rr->rdlen) -and memcpy(response+offset,*end,*rdlen)). Here, rdlen may be larger -than the amount of remaining packet data in the current state of -parsing. As a result, values of stack memory locations may be sent -over the network in a response. - -This patch adds a check to ensure that (*end + *rdlen) does not exceed -the valid range. If the condition is violated, the function returns --EINVAL. - -CVE: CVE-2025-32366 - -Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=8d3be0285f1d4667bfe85dba555c663eb3d704b4] - -Signed-off-by: Praveen Kumar ---- - src/dnsproxy.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/dnsproxy.c b/src/dnsproxy.c -index 7ee26d9..1dd2f7f 100644 ---- a/src/dnsproxy.c -+++ b/src/dnsproxy.c -@@ -998,6 +998,9 @@ static int parse_rr(const unsigned char *buf, const unsigned char *start, - if ((offset + *rdlen) > *response_size) - return -ENOBUFS; - -+ if ((*end + *rdlen) > max) -+ return -EINVAL; -+ - memcpy(response + offset, *end, *rdlen); - - *end += *rdlen; --- -2.40.0 diff --git a/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch b/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch deleted file mode 100644 index c114589679..0000000000 --- a/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch +++ /dev/null @@ -1,48 +0,0 @@ -From d90b911f6760959bdf1393c39fe8d1118315490f Mon Sep 17 00:00:00 2001 -From: Praveen Kumar -Date: Thu, 24 Apr 2025 11:39:29 +0000 -Subject: [PATCH] dnsproxy: Fix NULL/empty lookup causing potential crash - -In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c -can be NULL or an empty string when the TC (Truncated) bit is set in -a DNS response. This allows attackers to cause a denial of service -(application crash) or possibly execute arbitrary code, because those -lookup values lead to incorrect length calculations and incorrect -memcpy operations. - -This patch includes a check to make sure loookup value is valid before -using it. This helps avoid unexpected value when the input is empty or -incorrect. - -Fixes: CVE-2025-32743 - -CVE: CVE-2025-32743 - -Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f] - -Signed-off-by: Praveen Kumar ---- - src/dnsproxy.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/dnsproxy.c b/src/dnsproxy.c -index f28a5d7..7ee26d9 100644 ---- a/src/dnsproxy.c -+++ b/src/dnsproxy.c -@@ -1685,8 +1685,13 @@ static int ns_resolv(struct server_data *server, struct request_data *req, - gpointer request, gpointer name) - { - int sk = -1; -+ int err; - const char *lookup = (const char *)name; -- int err = ns_try_resolv_from_cache(req, request, lookup); -+ -+ if (!lookup || strlen(lookup) == 0) -+ return -EINVAL; -+ -+ err = ns_try_resolv_from_cache(req, request, lookup); - - if (err > 0) - /* cache hit */ --- -2.40.0 diff --git a/meta/recipes-connectivity/connman/connman_1.44.bb b/meta/recipes-connectivity/connman/connman_1.45.bb similarity index 98% rename from meta/recipes-connectivity/connman/connman_1.44.bb rename to meta/recipes-connectivity/connman/connman_1.45.bb index 1b0fbe438c..cfc6114712 100644 --- a/meta/recipes-connectivity/connman/connman_1.44.bb +++ b/meta/recipes-connectivity/connman/connman_1.45.bb @@ -21,11 +21,9 @@ DEPENDS = "dbus glib-2.0" SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://connman \ file://0002-resolve-musl-does-not-implement-res_ninit.patch \ - file://CVE-2025-32743.patch \ - file://CVE-2025-32366.patch \ " -SRC_URI[sha256sum] = "2be2b00321632b775f9eff713acd04ef21e31fbf388f6ebf45512ff4289574ff" +SRC_URI[sha256sum] = "77128cce80865455c4f106b5901a575e2dfdb35a7d2e2e2996f16e85cba10913" RRECOMMENDS:${PN} = "connman-conf" RCONFLICTS:${PN} = "networkmanager"