From patchwork Fri Aug 15 13:07:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 68582 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E42ECA0FEB for ; Fri, 15 Aug 2025 13:07:12 +0000 (UTC) Received: from a27-192.smtp-out.us-west-2.amazonses.com (a27-192.smtp-out.us-west-2.amazonses.com [54.240.27.192]) by mx.groups.io with SMTP id smtpd.web11.11320.1755263215402384407 for ; Fri, 15 Aug 2025 06:07:01 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=j46ser6a2yusdzubpv7m7ewqgesde2ie header.b=1hT3/Ib+; dkim=pass header.i=@amazonses.com header.s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx header.b=Vm3KPlCV; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.192, mailfrom: 01010198add73db9-a670741e-09a6-4f81-a4da-ccec518ba0da-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=j46ser6a2yusdzubpv7m7ewqgesde2ie; d=yoctoproject.org; t=1755263221; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=tqRgnCOd1u23UQda/nvS3KnpiBYQ/SdXvj6hyoMxyaI=; b=1hT3/Ib+jtQfCthu96WVV386TuoklkOXMDzQzFRr3Pa1NfTyDuAwp/mRbgrCA/Xi V2b1Vy8DEtqIO2i54JTXGTJ5xK5j4Fq7HIWxs3p5QzpUhAxaX70C7t9lA/5dYupuYNk bNEPZidZFJmnpEvirjsUglVH3mbqPdU+xXpcQfDU= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1755263221; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=tqRgnCOd1u23UQda/nvS3KnpiBYQ/SdXvj6hyoMxyaI=; b=Vm3KPlCVUjiUfLICxFwSAYORyVWOc/fmuh2oSkqi6vVzKpSztahRzWEL7/V5Y0f/ iJZF5cR4yZwZTBH3YBToIXRDYOHyyDMvXuhiKt3MB2rstsJDhEnJw/6qZEMMBHlcYU5 BihxdSVavK4wcNcAHxj5UDFP6nJW/K5qMwLiA0mE= MIME-Version: 1.0 From: auh@yoctoproject.org To: Changhyeok Bae Cc: openembedded-core@lists.openembedded.org Subject: [AUH] connman: upgrading to 1.45 SUCCEEDED Message-ID: <01010198add73db9-a670741e-09a6-4f81-a4da-ccec518ba0da-000000@us-west-2.amazonses.com> Date: Fri, 15 Aug 2025 13:07:01 +0000 Feedback-ID: ::1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2025.08.15-54.240.27.192 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 15 Aug 2025 13:07:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221893 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe(s) *connman* to *1.45* has Succeeded. Next steps: - apply the patch: git am 0001-connman-upgrade-1.44-1.45.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From d43f788e3908eaca158a68c21c972992bbe363c3 Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Fri, 15 Aug 2025 07:57:06 +0000 Subject: [PATCH] connman: upgrade 1.44 -> 1.45 --- ...ve-musl-does-not-implement-res_ninit.patch | 2 +- .../connman/connman/CVE-2025-32366.patch | 41 ---------------- .../connman/connman/CVE-2025-32743.patch | 48 ------------------- .../{connman_1.44.bb => connman_1.45.bb} | 4 +- 4 files changed, 2 insertions(+), 93 deletions(-) delete mode 100644 meta/recipes-connectivity/connman/connman/CVE-2025-32366.patch delete mode 100644 meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch rename meta/recipes-connectivity/connman/{connman_1.44.bb => connman_1.45.bb} (98%) diff --git a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch index 2c612039ee..7961a395a8 100644 --- a/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch +++ b/meta/recipes-connectivity/connman/connman/0002-resolve-musl-does-not-implement-res_ninit.patch @@ -1,4 +1,4 @@ -From 4e726a5aaa75d60fab6a56bc37dbec48be53ff79 Mon Sep 17 00:00:00 2001 +From d9f77701e767412d99f794bfda8ca25984c33d21 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Mon, 6 Apr 2015 23:02:21 -0700 Subject: [PATCH] gweb/gresolv.c: make use of res_ninit optional and subject to diff --git a/meta/recipes-connectivity/connman/connman/CVE-2025-32366.patch b/meta/recipes-connectivity/connman/connman/CVE-2025-32366.patch deleted file mode 100644 index 62f07e707a..0000000000 --- a/meta/recipes-connectivity/connman/connman/CVE-2025-32366.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 8d3be0285f1d4667bfe85dba555c663eb3d704b4 Mon Sep 17 00:00:00 2001 -From: Yoonje Shin -Date: Mon, 12 May 2025 10:48:18 +0200 -Subject: [PATCH] dnsproxy: Address CVE-2025-32366 vulnerability - -In Connman parse_rr in dnsproxy.c has a memcpy length -that depends on an RR RDLENGTH value (i.e., *rdlen=ntohs(rr->rdlen) -and memcpy(response+offset,*end,*rdlen)). Here, rdlen may be larger -than the amount of remaining packet data in the current state of -parsing. As a result, values of stack memory locations may be sent -over the network in a response. - -This patch adds a check to ensure that (*end + *rdlen) does not exceed -the valid range. If the condition is violated, the function returns --EINVAL. - -CVE: CVE-2025-32366 - -Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=8d3be0285f1d4667bfe85dba555c663eb3d704b4] - -Signed-off-by: Praveen Kumar ---- - src/dnsproxy.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/dnsproxy.c b/src/dnsproxy.c -index 7ee26d9..1dd2f7f 100644 ---- a/src/dnsproxy.c -+++ b/src/dnsproxy.c -@@ -998,6 +998,9 @@ static int parse_rr(const unsigned char *buf, const unsigned char *start, - if ((offset + *rdlen) > *response_size) - return -ENOBUFS; - -+ if ((*end + *rdlen) > max) -+ return -EINVAL; -+ - memcpy(response + offset, *end, *rdlen); - - *end += *rdlen; --- -2.40.0 diff --git a/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch b/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch deleted file mode 100644 index c114589679..0000000000 --- a/meta/recipes-connectivity/connman/connman/CVE-2025-32743.patch +++ /dev/null @@ -1,48 +0,0 @@ -From d90b911f6760959bdf1393c39fe8d1118315490f Mon Sep 17 00:00:00 2001 -From: Praveen Kumar -Date: Thu, 24 Apr 2025 11:39:29 +0000 -Subject: [PATCH] dnsproxy: Fix NULL/empty lookup causing potential crash - -In ConnMan through 1.44, the lookup string in ns_resolv in dnsproxy.c -can be NULL or an empty string when the TC (Truncated) bit is set in -a DNS response. This allows attackers to cause a denial of service -(application crash) or possibly execute arbitrary code, because those -lookup values lead to incorrect length calculations and incorrect -memcpy operations. - -This patch includes a check to make sure loookup value is valid before -using it. This helps avoid unexpected value when the input is empty or -incorrect. - -Fixes: CVE-2025-32743 - -CVE: CVE-2025-32743 - -Upstream-Status: Backport [https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d90b911f6760959bdf1393c39fe8d1118315490f] - -Signed-off-by: Praveen Kumar ---- - src/dnsproxy.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/dnsproxy.c b/src/dnsproxy.c -index f28a5d7..7ee26d9 100644 ---- a/src/dnsproxy.c -+++ b/src/dnsproxy.c -@@ -1685,8 +1685,13 @@ static int ns_resolv(struct server_data *server, struct request_data *req, - gpointer request, gpointer name) - { - int sk = -1; -+ int err; - const char *lookup = (const char *)name; -- int err = ns_try_resolv_from_cache(req, request, lookup); -+ -+ if (!lookup || strlen(lookup) == 0) -+ return -EINVAL; -+ -+ err = ns_try_resolv_from_cache(req, request, lookup); - - if (err > 0) - /* cache hit */ --- -2.40.0 diff --git a/meta/recipes-connectivity/connman/connman_1.44.bb b/meta/recipes-connectivity/connman/connman_1.45.bb similarity index 98% rename from meta/recipes-connectivity/connman/connman_1.44.bb rename to meta/recipes-connectivity/connman/connman_1.45.bb index 1b0fbe438c..cfc6114712 100644 --- a/meta/recipes-connectivity/connman/connman_1.44.bb +++ b/meta/recipes-connectivity/connman/connman_1.45.bb @@ -21,11 +21,9 @@ DEPENDS = "dbus glib-2.0" SRC_URI = "${KERNELORG_MIRROR}/linux/network/${BPN}/${BP}.tar.xz \ file://connman \ file://0002-resolve-musl-does-not-implement-res_ninit.patch \ - file://CVE-2025-32743.patch \ - file://CVE-2025-32366.patch \ " -SRC_URI[sha256sum] = "2be2b00321632b775f9eff713acd04ef21e31fbf388f6ebf45512ff4289574ff" +SRC_URI[sha256sum] = "77128cce80865455c4f106b5901a575e2dfdb35a7d2e2e2996f16e85cba10913" RRECOMMENDS:${PN} = "connman-conf" RCONFLICTS:${PN} = "networkmanager"