From patchwork Fri Aug 15 16:44:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68638 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B63ECA0EE9 for ; Fri, 15 Aug 2025 16:45:16 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web11.16347.1755276307806942908 for ; Fri, 15 Aug 2025 09:45:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=DD6hAJiW; spf=softfail (domain: sakoman.com, ip: 209.85.216.45, mailfrom: steve@sakoman.com) Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-323266cdf64so1819353a91.0 for ; Fri, 15 Aug 2025 09:45:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755276307; x=1755881107; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=kkIFkkdkEDRJZoyQyiUuFQevjuglI2pen6Gh27nd7vQ=; b=DD6hAJiWSNrTlYF+tP59q3WIWOQJT1T7b+HIxPLkxYUY9LupA29dAqp2hVQb8SA9K1 sn+hw7tbfxDaSBQuTM9mOgG3qaIB+GaMRkF6VUTsx6zj11Lxygp3FoM043Mpb/S6Uipl qLVqWNX3Mg4dkWJoPOr+D9hAl2XLkL+A10rJCvLiyZwcTcO8wSZsyrXFN9mDX/dRRiSX lLaBvdWjj/opRnSrJpESR/VTA0Kt/hjare7z05uTAKzlmSflh10OBJHToEvcRtlqDLRd J2cbGkMXXeDl8qS3aKgPSIlbErDBVMe6Glmg3qGm7RVJUjhbNrS0AHYEcyhxQT6Y4aS7 8DfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755276307; x=1755881107; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kkIFkkdkEDRJZoyQyiUuFQevjuglI2pen6Gh27nd7vQ=; b=iiNa+PA1mPUp6cULVX7Ca+rrDy8f/C/cxQOWQMAQP3i02Fzsb2FaXOmTa1WcqFO/BZ cO1wBVEeJhVN16z8GCC5sTTH+z+Fph48jaTvLv1PHHRJU4rqazzuXD5CUTkTzbdZfIE+ SBioVXyKRMz1I8FUZYfAx9RmT1dlMg699ouiaePFVjZxOjWLPybKJv8E+UqNIh/gwS5V fPrtTuDaBW0fLQeP7mMJrPSFKAt7jkW5gIcYRUFwhKxlg1iYOGVLqlNNIsaZp4DL+puU +wZ6LkeEGOvNBdL56nwtL2QOAeWHQda+GfhRGrLinS7VxShAhaITf01GidocyjO7/pOa LKyg== X-Gm-Message-State: AOJu0YwKcO7rnC1K2tIXYufTFlwsctSyfYW9dGbgFbD9KU2yx7V0t812 w9Cj1u8O749ZgHrfWHOVHJy5dXD9j2pHw0yx511pYYmYUSo+JaRHGdeIHqUhhBlcwwlakexcGus 5NG+e X-Gm-Gg: ASbGncsImTOezE+5e7vCREgvSaQ7cRQQjFgSf36HYN9jY7kKhPMpy+se9D/nrCrQ/Ow tWqirV/2hq2ISoIbj27hzCZRzCzH/F76EaH8kVP0oOb6/n7DRkghXlatZPP4fNNM81POxO2fdBs Tboqy8PnAJ5w8/JUdYY1SVVrgEg5yzaai9Nuv6ziQAo02OW01ryk349JDaJZsSiiwcU2YU9rnUR BLDzqWq4sofBk7CxIyvYo1F7DRbQea+nom7sX/AL7jd9a/gmWUXuTVhlUIMHkFr42XtCSU8Gk9G gilrEQMXh8Floa4/s+cdWwws7i82nEZ4UkT6VQsBDXQbSjAGv6BG3ZUEFC6pJv0ZPm4HSHShAzN ChrWcrjrCGDVMfA== X-Google-Smtp-Source: AGHT+IFH801jSOEkbGJ4py+ELQswktS+r7N5mXIe8Me1thMg9Q5BTp6TovgGTxvrOVBw1XUlXAm33A== X-Received: by 2002:a17:90a:d44d:b0:321:c9e7:d9ef with SMTP id 98e67ed59e1d1-32341ee9181mr3937382a91.21.1755276306976; Fri, 15 Aug 2025 09:45:06 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3ec5:7840:3390:1caa]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-32343c9ab2asm1554476a91.30.2025.08.15.09.45.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Aug 2025 09:45:06 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 1/9] avahi: fix CVE-2024-52615 Date: Fri, 15 Aug 2025 09:44:52 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 15 Aug 2025 16:45:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221981 From: Zhang Peng CVE-2024-52615: A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2024-52615] [https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g] Upstream patches: [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942] Signed-off-by: Zhang Peng Signed-off-by: Steve Sakoman --- meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 + .../avahi/files/CVE-2024-52615.patch | 228 ++++++++++++++++++ 2 files changed, 229 insertions(+) create mode 100644 meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch diff --git a/meta/recipes-connectivity/avahi/avahi_0.8.bb b/meta/recipes-connectivity/avahi/avahi_0.8.bb index 1163c17e20..7930bd3037 100644 --- a/meta/recipes-connectivity/avahi/avahi_0.8.bb +++ b/meta/recipes-connectivity/avahi/avahi_0.8.bb @@ -36,6 +36,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/avahi-${PV}.tar.gz \ file://CVE-2023-38472.patch \ file://CVE-2023-38473.patch \ file://CVE-2024-52616.patch \ + file://CVE-2024-52615.patch \ " GITHUB_BASE_URI = "https://github.com/avahi/avahi/releases/" diff --git a/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch b/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch new file mode 100644 index 0000000000..9737f52837 --- /dev/null +++ b/meta/recipes-connectivity/avahi/files/CVE-2024-52615.patch @@ -0,0 +1,228 @@ +From 4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 27 Nov 2024 18:07:32 +0100 +Subject: [PATCH] core/wide-area: fix for CVE-2024-52615 + +CVE: CVE-2024-52615 +Upstream-Status: Backport [https://github.com/avahi/avahi/commit/4e2e1ea0908d7e6ad7f38ae04fdcdf2411f8b942] + +Signed-off-by: Zhang Peng +--- + avahi-core/wide-area.c | 128 ++++++++++++++++++++++------------------- + 1 file changed, 69 insertions(+), 59 deletions(-) + +diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c +index 00a15056e..06df7afc6 100644 +--- a/avahi-core/wide-area.c ++++ b/avahi-core/wide-area.c +@@ -81,6 +81,10 @@ struct AvahiWideAreaLookup { + + AvahiAddress dns_server_used; + ++ int fd; ++ AvahiWatch *watch; ++ AvahiProtocol proto; ++ + AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, lookups); + AVAHI_LLIST_FIELDS(AvahiWideAreaLookup, by_key); + }; +@@ -88,9 +92,6 @@ struct AvahiWideAreaLookup { + struct AvahiWideAreaLookupEngine { + AvahiServer *server; + +- int fd_ipv4, fd_ipv6; +- AvahiWatch *watch_ipv4, *watch_ipv6; +- + /* Cache */ + AVAHI_LLIST_HEAD(AvahiWideAreaCacheEntry, cache); + AvahiHashmap *cache_by_key; +@@ -125,35 +126,67 @@ static AvahiWideAreaLookup* find_lookup(AvahiWideAreaLookupEngine *e, uint16_t i + return l; + } + ++static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata); ++ + static int send_to_dns_server(AvahiWideAreaLookup *l, AvahiDnsPacket *p) { ++ AvahiWideAreaLookupEngine *e; + AvahiAddress *a; ++ AvahiServer *s; ++ AvahiWatch *w; ++ int r; + + assert(l); + assert(p); + +- if (l->engine->n_dns_servers <= 0) ++ e = l->engine; ++ assert(e); ++ ++ s = e->server; ++ assert(s); ++ ++ if (e->n_dns_servers <= 0) + return -1; + +- assert(l->engine->current_dns_server < l->engine->n_dns_servers); ++ assert(e->current_dns_server < e->n_dns_servers); + +- a = &l->engine->dns_servers[l->engine->current_dns_server]; ++ a = &e->dns_servers[e->current_dns_server]; + l->dns_server_used = *a; + +- if (a->proto == AVAHI_PROTO_INET) { ++ if (l->fd >= 0) { ++ /* We are reusing lookup object and sending packet to another server so let's cleanup before we establish connection to new server. */ ++ s->poll_api->watch_free(l->watch); ++ l->watch = NULL; + +- if (l->engine->fd_ipv4 < 0) +- return -1; ++ close(l->fd); ++ l->fd = -EBADF; ++ } + +- return avahi_send_dns_packet_ipv4(l->engine->fd_ipv4, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT); ++ assert(a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6); + +- } else { +- assert(a->proto == AVAHI_PROTO_INET6); ++ if (a->proto == AVAHI_PROTO_INET) ++ r = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1; ++ else ++ r = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1; + +- if (l->engine->fd_ipv6 < 0) +- return -1; ++ if (r < 0) { ++ avahi_log_error(__FILE__ ": Failed to create socket for wide area lookup"); ++ return -1; ++ } + +- return avahi_send_dns_packet_ipv6(l->engine->fd_ipv6, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT); ++ w = s->poll_api->watch_new(s->poll_api, r, AVAHI_WATCH_IN, socket_event, l); ++ if (!w) { ++ close(r); ++ avahi_log_error(__FILE__ ": Failed to create socket watch for wide area lookup"); ++ return -1; + } ++ ++ l->fd = r; ++ l->watch = w; ++ l->proto = a->proto; ++ ++ return a->proto == AVAHI_PROTO_INET ? ++ avahi_send_dns_packet_ipv4(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv4, AVAHI_DNS_PORT): ++ avahi_send_dns_packet_ipv6(l->fd, AVAHI_IF_UNSPEC, p, NULL, &a->data.ipv6, AVAHI_DNS_PORT); + } + + static void next_dns_server(AvahiWideAreaLookupEngine *e) { +@@ -246,6 +279,9 @@ AvahiWideAreaLookup *avahi_wide_area_lookup_new( + l->dead = 0; + l->key = avahi_key_ref(key); + l->cname_key = avahi_key_new_cname(l->key); ++ l->fd = -EBADF; ++ l->watch = NULL; ++ l->proto = AVAHI_PROTO_UNSPEC; + l->callback = callback; + l->userdata = userdata; + +@@ -314,6 +350,12 @@ static void lookup_destroy(AvahiWideAreaLookup *l) { + if (l->cname_key) + avahi_key_unref(l->cname_key); + ++ if (l->watch) ++ l->engine->server->poll_api->watch_free(l->watch); ++ ++ if (l->fd >= 0) ++ close(l->fd); ++ + avahi_free(l); + } + +@@ -572,14 +614,20 @@ static void handle_packet(AvahiWideAreaLookupEngine *e, AvahiDnsPacket *p) { + } + + static void socket_event(AVAHI_GCC_UNUSED AvahiWatch *w, int fd, AVAHI_GCC_UNUSED AvahiWatchEvent events, void *userdata) { +- AvahiWideAreaLookupEngine *e = userdata; ++ AvahiWideAreaLookup *l = userdata; ++ AvahiWideAreaLookupEngine *e = l->engine; + AvahiDnsPacket *p = NULL; + +- if (fd == e->fd_ipv4) +- p = avahi_recv_dns_packet_ipv4(e->fd_ipv4, NULL, NULL, NULL, NULL, NULL); ++ assert(l); ++ assert(e); ++ assert(l->fd == fd); ++ ++ if (l->proto == AVAHI_PROTO_INET) ++ p = avahi_recv_dns_packet_ipv4(l->fd, NULL, NULL, NULL, NULL, NULL); + else { +- assert(fd == e->fd_ipv6); +- p = avahi_recv_dns_packet_ipv6(e->fd_ipv6, NULL, NULL, NULL, NULL, NULL); ++ assert(l->proto == AVAHI_PROTO_INET6); ++ ++ p = avahi_recv_dns_packet_ipv6(l->fd, NULL, NULL, NULL, NULL, NULL); + } + + if (p) { +@@ -598,32 +646,6 @@ AvahiWideAreaLookupEngine *avahi_wide_area_engine_new(AvahiServer *s) { + e->server = s; + e->cleanup_dead = 0; + +- /* Create sockets */ +- e->fd_ipv4 = s->config.use_ipv4 ? avahi_open_unicast_socket_ipv4() : -1; +- e->fd_ipv6 = s->config.use_ipv6 ? avahi_open_unicast_socket_ipv6() : -1; +- +- if (e->fd_ipv4 < 0 && e->fd_ipv6 < 0) { +- avahi_log_error(__FILE__": Failed to create wide area sockets: %s", strerror(errno)); +- +- if (e->fd_ipv6 >= 0) +- close(e->fd_ipv6); +- +- if (e->fd_ipv4 >= 0) +- close(e->fd_ipv4); +- +- avahi_free(e); +- return NULL; +- } +- +- /* Create watches */ +- +- e->watch_ipv4 = e->watch_ipv6 = NULL; +- +- if (e->fd_ipv4 >= 0) +- e->watch_ipv4 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv4, AVAHI_WATCH_IN, socket_event, e); +- if (e->fd_ipv6 >= 0) +- e->watch_ipv6 = s->poll_api->watch_new(e->server->poll_api, e->fd_ipv6, AVAHI_WATCH_IN, socket_event, e); +- + e->n_dns_servers = e->current_dns_server = 0; + + /* Initialize cache */ +@@ -651,18 +673,6 @@ void avahi_wide_area_engine_free(AvahiWideAreaLookupEngine *e) { + avahi_hashmap_free(e->lookups_by_id); + avahi_hashmap_free(e->lookups_by_key); + +- if (e->watch_ipv4) +- e->server->poll_api->watch_free(e->watch_ipv4); +- +- if (e->watch_ipv6) +- e->server->poll_api->watch_free(e->watch_ipv6); +- +- if (e->fd_ipv6 >= 0) +- close(e->fd_ipv6); +- +- if (e->fd_ipv4 >= 0) +- close(e->fd_ipv4); +- + avahi_free(e); + } + +@@ -680,7 +690,7 @@ void avahi_wide_area_set_servers(AvahiWideAreaLookupEngine *e, const AvahiAddres + + if (a) { + for (e->n_dns_servers = 0; n > 0 && e->n_dns_servers < AVAHI_WIDE_AREA_SERVERS_MAX; a++, n--) +- if ((a->proto == AVAHI_PROTO_INET && e->fd_ipv4 >= 0) || (a->proto == AVAHI_PROTO_INET6 && e->fd_ipv6 >= 0)) ++ if (a->proto == AVAHI_PROTO_INET || a->proto == AVAHI_PROTO_INET6) + e->dns_servers[e->n_dns_servers++] = *a; + } else { + assert(n == 0); From patchwork Fri Aug 15 16:44:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68643 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2BFDCA0EEA for ; Fri, 15 Aug 2025 16:45:16 +0000 (UTC) Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com [209.85.215.181]) by mx.groups.io with SMTP id smtpd.web10.16481.1755276309442744294 for ; Fri, 15 Aug 2025 09:45:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=OLoxpJWx; spf=softfail (domain: sakoman.com, ip: 209.85.215.181, mailfrom: steve@sakoman.com) Received: by mail-pg1-f181.google.com with SMTP id 41be03b00d2f7-b4717554c29so1433996a12.3 for ; Fri, 15 Aug 2025 09:45:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755276309; x=1755881109; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WNwT7REF/tu8fEsiVJn196VkxgidXV3Am0oUbsvVXVQ=; b=OLoxpJWx4wyO6tWhU4Eo4fsbOcb0lU05FZp7zhKWVMn/ouSODCby+Hibrcoio8QAfP 4lGUKdFlfwhZt08B53+cgkJ2ERdhO8ZWXxkgQNoGsbXvunooipK27PmlXKOtA0eFTOhq czeIl79L2pJkgCap5CyGIGck12TxLKN+LcrW+rRm59KoFr03yRFNMOyCkc82+y612Fij YVnQ5JGTVitPVYmygs6TMh96QOoWKXZAQ23yCSneK/0OFOV/acj4LIIjsoqrFC8TMc+I qXQsJSCIfkhfQPc2I3GtFiuwjUJb8auOKY4SCPpNN2ce4ngvraqHvyU+VyI25qxvdShJ PYWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755276309; x=1755881109; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WNwT7REF/tu8fEsiVJn196VkxgidXV3Am0oUbsvVXVQ=; b=FvR0VCmr9QJonGGizOC2GKlI9XaaImTgQe7kMUd3z1OTWwz3uzHtB/sJ8mbeFPEDBC AUFwUURoKxeK7XNpe0DbDC+W7+YldywO0So8erTuvyLN+EZoWLTwVEhJp3L9kfR6wnfs bpn3g8su4ygc9PlQf5zoLqdIal4E+j3nNiEj30ixe//2hccdGa5zu+j3LT8EmNiFDNr8 tX+3azaVoV86CUAuOoYIUEwHVjHNzVqBKn0YynVXdRFfZ3mD+WmByYHQM0qie3OR9Xlj 50icJD0AlUfPsMejUSI6BBZjlDjbgsA6e5RT1FMNkjE+Hrxm+wlw5+EAoMIoHZvJflg1 FE4w== X-Gm-Message-State: AOJu0YxfXjWnJ0rqG0l3HB7ndRZNPfoOJApIacL7oTr4+juWmdWaQJzL FgjEXV6NIQgMeFRFFrVm9Zqww26hD8hUPYO3kGsCz0B5cX6JYBhGYG/7JJO3KLLxu+RaYByyvr7 bhBlK X-Gm-Gg: ASbGnctqX5LTqktPvToo67bI3zqVZfIChqQzJByoTHSWmfjLWZou1eTBy/FmuY5nwBl zhs7ngimdfET+oEgWGYa3j77WgfnOhWj1mblU3I7a3N0O+1Ky50n5l4Binp89dR4kYjrfPVvQ0P g0a5fbSy0h0T6tRWj/XDxDEgyAdCMr4vrKqPkKVmtBgJWr9nISnIM86tkrIJ6XnEujw0sRFU0In 3adIH4BcNIQgdG+eV58EV4UQaDiSkrn0UdyyNqDZPqfSypt4GUHFFUZerUhcM4WqdjYgiOTWOtk +btMkRQS1x37XOY7/dmUywbaj+uNOXvae3SOpL7JNElsdTjTKNI7U8lf4se26DhPV9Ucy9k5Nub MdkWRaGGC98OUReebwX93rjl/ X-Google-Smtp-Source: AGHT+IHnA6CLyvq9FdF8UDmj3rAN2TBQcH361BrqU4IsV+PtkIuK6TszeofVIBsr8dpTGV7xZboJDw== X-Received: by 2002:a17:90b:1c02:b0:31e:3d06:739c with SMTP id 98e67ed59e1d1-3234218472fmr3629999a91.31.1755276308487; Fri, 15 Aug 2025 09:45:08 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3ec5:7840:3390:1caa]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-32343c9ab2asm1554476a91.30.2025.08.15.09.45.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Aug 2025 09:45:08 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 2/9] python3: patch CVE-2025-8194 Date: Fri, 15 Aug 2025 09:44:53 -0700 Message-ID: <34f1b4877a0601d2057453c159c76a54754f229a.1755276097.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 15 Aug 2025 16:45:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221982 From: Peter Marko Pick commit from 3.12 branch mentioned in NVD report. https://nvd.nist.gov/vuln/detail/CVE-2025-8194 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../python/python3/CVE-2025-8194.patch | 219 ++++++++++++++++++ .../python/python3_3.12.11.bb | 9 +- 2 files changed, 224 insertions(+), 4 deletions(-) create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-8194.patch diff --git a/meta/recipes-devtools/python/python3/CVE-2025-8194.patch b/meta/recipes-devtools/python/python3/CVE-2025-8194.patch new file mode 100644 index 0000000000..b8243a67f6 --- /dev/null +++ b/meta/recipes-devtools/python/python3/CVE-2025-8194.patch @@ -0,0 +1,219 @@ +From c9d9f78feb1467e73fd29356c040bde1c104f29f Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Mon, 4 Aug 2025 13:45:06 +0200 +Subject: [PATCH] [3.12] gh-130577: tarfile now validates archives to ensure + member offsets are non-negative (GH-137027) (#137171) + +(cherry picked from commit 7040aa54f14676938970e10c5f74ea93cd56aa38) + +Co-authored-by: Alexander Urieles +Co-authored-by: Gregory P. Smith + +CVE: CVE-2025-8194 +Upstream-Status: Backport [https://github.com/python/cpython/commit/c9d9f78feb1467e73fd29356c040bde1c104f29f] +Signed-off-by: Peter Marko +--- + Lib/tarfile.py | 3 + + Lib/test/test_tarfile.py | 156 ++++++++++++++++++ + ...-07-23-00-35-29.gh-issue-130577.c7EITy.rst | 3 + + 3 files changed, 162 insertions(+) + create mode 100644 Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst + +diff --git a/Lib/tarfile.py b/Lib/tarfile.py +index 9999a99d54..59d3f6e5cc 100755 +--- a/Lib/tarfile.py ++++ b/Lib/tarfile.py +@@ -1615,6 +1615,9 @@ class TarInfo(object): + """Round up a byte count by BLOCKSIZE and return it, + e.g. _block(834) => 1024. + """ ++ # Only non-negative offsets are allowed ++ if count < 0: ++ raise InvalidHeaderError("invalid offset") + blocks, remainder = divmod(count, BLOCKSIZE) + if remainder: + blocks += 1 +diff --git a/Lib/test/test_tarfile.py b/Lib/test/test_tarfile.py +index a184ba75a8..759fa03ead 100644 +--- a/Lib/test/test_tarfile.py ++++ b/Lib/test/test_tarfile.py +@@ -50,6 +50,7 @@ bz2name = os.path.join(TEMPDIR, "testtar.tar.bz2") + xzname = os.path.join(TEMPDIR, "testtar.tar.xz") + tmpname = os.path.join(TEMPDIR, "tmp.tar") + dotlessname = os.path.join(TEMPDIR, "testtar") ++SPACE = b" " + + sha256_regtype = ( + "e09e4bc8b3c9d9177e77256353b36c159f5f040531bbd4b024a8f9b9196c71ce" +@@ -4488,6 +4489,161 @@ class OverwriteTests(archiver_tests.OverwriteTests, unittest.TestCase): + ar.extractall(self.testdir, filter='fully_trusted') + + ++class OffsetValidationTests(unittest.TestCase): ++ tarname = tmpname ++ invalid_posix_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, space, null terminator: 8 bytes ++ + b"000755" + SPACE + tarfile.NUL ++ # uid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0011407" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # magic: 6 bytes, version: 2 bytes ++ + tarfile.POSIX_MAGIC ++ # uname: 32 bytes ++ + tarfile.NUL * 32 ++ # gname: 32 bytes ++ + tarfile.NUL * 32 ++ # devmajor, space, null terminator: 8 bytes ++ + tarfile.NUL * 6 + SPACE + tarfile.NUL ++ # devminor, space, null terminator: 8 bytes ++ + tarfile.NUL * 6 + SPACE + tarfile.NUL ++ # prefix: 155 bytes ++ + tarfile.NUL * tarfile.LENGTH_PREFIX ++ # padding: 12 bytes ++ + tarfile.NUL * 12 ++ ) ++ invalid_gnu_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, null terminator: 8 bytes ++ + b"0000755" + tarfile.NUL ++ # uid, null terminator: 8 bytes ++ + b"0000001" + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"0000001" + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0011327" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # magic: 8 bytes ++ + tarfile.GNU_MAGIC ++ # uname: 32 bytes ++ + tarfile.NUL * 32 ++ # gname: 32 bytes ++ + tarfile.NUL * 32 ++ # devmajor, null terminator: 8 bytes ++ + tarfile.NUL * 8 ++ # devminor, null terminator: 8 bytes ++ + tarfile.NUL * 8 ++ # padding: 167 bytes ++ + tarfile.NUL * 167 ++ ) ++ invalid_v7_header = ( ++ # name: 100 bytes ++ tarfile.NUL * tarfile.LENGTH_NAME ++ # mode, space, null terminator: 8 bytes ++ + b"000755" + SPACE + tarfile.NUL ++ # uid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # gid, space, null terminator: 8 bytes ++ + b"000001" + SPACE + tarfile.NUL ++ # size, space: 12 bytes ++ + b"\xff" * 11 + SPACE ++ # mtime, space: 12 bytes ++ + tarfile.NUL * 11 + SPACE ++ # chksum: 8 bytes ++ + b"0010070" + tarfile.NUL ++ # type: 1 byte ++ + tarfile.REGTYPE ++ # linkname: 100 bytes ++ + tarfile.NUL * tarfile.LENGTH_LINK ++ # padding: 255 bytes ++ + tarfile.NUL * 255 ++ ) ++ valid_gnu_header = tarfile.TarInfo("filename").tobuf(tarfile.GNU_FORMAT) ++ data_block = b"\xff" * tarfile.BLOCKSIZE ++ ++ def _write_buffer(self, buffer): ++ with open(self.tarname, "wb") as f: ++ f.write(buffer) ++ ++ def _get_members(self, ignore_zeros=None): ++ with open(self.tarname, "rb") as f: ++ with tarfile.open( ++ mode="r", fileobj=f, ignore_zeros=ignore_zeros ++ ) as tar: ++ return tar.getmembers() ++ ++ def _assert_raises_read_error_exception(self): ++ with self.assertRaisesRegex( ++ tarfile.ReadError, "file could not be opened successfully" ++ ): ++ self._get_members() ++ ++ def test_invalid_offset_header_validations(self): ++ for tar_format, invalid_header in ( ++ ("posix", self.invalid_posix_header), ++ ("gnu", self.invalid_gnu_header), ++ ("v7", self.invalid_v7_header), ++ ): ++ with self.subTest(format=tar_format): ++ self._write_buffer(invalid_header) ++ self._assert_raises_read_error_exception() ++ ++ def test_early_stop_at_invalid_offset_header(self): ++ buffer = self.valid_gnu_header + self.invalid_gnu_header + self.valid_gnu_header ++ self._write_buffer(buffer) ++ members = self._get_members() ++ self.assertEqual(len(members), 1) ++ self.assertEqual(members[0].name, "filename") ++ self.assertEqual(members[0].offset, 0) ++ ++ def test_ignore_invalid_archive(self): ++ # 3 invalid headers with their respective data ++ buffer = (self.invalid_gnu_header + self.data_block) * 3 ++ self._write_buffer(buffer) ++ members = self._get_members(ignore_zeros=True) ++ self.assertEqual(len(members), 0) ++ ++ def test_ignore_invalid_offset_headers(self): ++ for first_block, second_block, expected_offset in ( ++ ( ++ (self.valid_gnu_header), ++ (self.invalid_gnu_header + self.data_block), ++ 0, ++ ), ++ ( ++ (self.invalid_gnu_header + self.data_block), ++ (self.valid_gnu_header), ++ 1024, ++ ), ++ ): ++ self._write_buffer(first_block + second_block) ++ members = self._get_members(ignore_zeros=True) ++ self.assertEqual(len(members), 1) ++ self.assertEqual(members[0].name, "filename") ++ self.assertEqual(members[0].offset, expected_offset) ++ ++ + def setUpModule(): + os_helper.unlink(TEMPDIR) + os.makedirs(TEMPDIR) +diff --git a/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst b/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst +new file mode 100644 +index 0000000000..342cabbc86 +--- /dev/null ++++ b/Misc/NEWS.d/next/Library/2025-07-23-00-35-29.gh-issue-130577.c7EITy.rst +@@ -0,0 +1,3 @@ ++:mod:`tarfile` now validates archives to ensure member offsets are ++non-negative. (Contributed by Alexander Enrique Urieles Nieto in ++:gh:`130577`.) diff --git a/meta/recipes-devtools/python/python3_3.12.11.bb b/meta/recipes-devtools/python/python3_3.12.11.bb index 84c4f74158..1c31077320 100644 --- a/meta/recipes-devtools/python/python3_3.12.11.bb +++ b/meta/recipes-devtools/python/python3_3.12.11.bb @@ -34,6 +34,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-test_deadlock-skip-problematic-test.patch \ file://0001-test_active_children-skip-problematic-test.patch \ file://0001-test_readline-skip-limited-history-test.patch \ + file://CVE-2025-8194.patch \ " SRC_URI:append:class-native = " \ @@ -184,14 +185,14 @@ do_install:append:class-native() { # when they're only used for python called with -O or -OO. #find ${D} -name *opt-*.pyc -delete # Remove all pyc files. There are a ton of them and it is probably faster to let - # python create the ones it wants at runtime rather than manage in the sstate + # python create the ones it wants at runtime rather than manage in the sstate # tarballs and sysroot creation. find ${D} -name *.pyc -delete # Nothing should be looking into ${B} for python3-native sed -i -e 's:${B}:/build/path/unavailable/:g' \ ${D}/${libdir}/python${PYTHON_MAJMIN}/config-${PYTHON_MAJMIN}${PYTHON_ABI}*/Makefile - + # disable the lookup in user's site-packages globally sed -i 's#ENABLE_USER_SITE = None#ENABLE_USER_SITE = False#' ${D}${libdir}/python${PYTHON_MAJMIN}/site.py @@ -226,7 +227,7 @@ do_install:append() { rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/test/__pycache__/test_range.cpython* rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/test/__pycache__/test_xml_etree.cpython* - # Similar to the above, we're getting reproducibility issues with + # Similar to the above, we're getting reproducibility issues with # /usr/lib/python3.10/__pycache__/traceback.cpython-310.pyc # so remove it too rm -f ${D}${libdir}/python${PYTHON_MAJMIN}/__pycache__/traceback.cpython* @@ -303,7 +304,7 @@ py_package_preprocess () { cd - mv ${PKGD}/${bindir}/python${PYTHON_MAJMIN}-config ${PKGD}/${bindir}/python${PYTHON_MAJMIN}-config-${MULTILIB_SUFFIX} - + #Remove the unneeded copy of target sysconfig data rm -rf ${PKGD}/${libdir}/python-sysconfigdata } From patchwork Fri Aug 15 16:44:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68637 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A79ACA0ED1 for ; Fri, 15 Aug 2025 16:45:16 +0000 (UTC) Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by mx.groups.io with SMTP id smtpd.web10.16482.1755276310733891678 for ; Fri, 15 Aug 2025 09:45:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=09ExoREC; spf=softfail (domain: sakoman.com, ip: 209.85.216.44, mailfrom: steve@sakoman.com) Received: by mail-pj1-f44.google.com with SMTP id 98e67ed59e1d1-323266d38c2so2375258a91.0 for ; Fri, 15 Aug 2025 09:45:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755276310; x=1755881110; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=w5jNIHf942f8syEVqFgE+wihtbUva//B2gtndOaLltk=; b=09ExoRECL9CqmafqusH25aPNxdNYSTFf6AkEMi/tTQnbUue2E2Uz5Vm1rhxRW/rVRC m5padNvSlJTuzAtocblYIMBtHuegf2pu4+2RqyIV7611XnQ8CBuYs2fzMR/iJTKyP68Y YpgSSQTukzTah9rpyR6bJxBaFgktH3W6hXzktdhD9qTLcql2B/3l1amJIDEht9GhYPUN +3f/nUswEqQfOfduaoh40o42tP1m3KOIvAdM5TxM2K0fosMASkV3CmEWntC/KAokFp7L ++WOvg4zdF1cyRhvGH8HuXQNr2cv7S58axn+EqPBU49Vg3mJ1p7/CdZRDXXN+bexOj3h 5YcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755276310; x=1755881110; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=w5jNIHf942f8syEVqFgE+wihtbUva//B2gtndOaLltk=; b=s9bxNEy18J8p4EZC/ZrbRffeZAwHIyz7qALcsQMVaGorUn7sdnm//qhkQ1A7FQhBXf u/FYPQG41pxJfs3VeVowPIpZoIw9NinIqJUPp93VqFS8ymGi+OsRT/AgmEvqvlsGkVjP 1s+dTArdUUNECG5n2sBMfdeoL1ixirlMWEGkS99746vRPcNpOTREl904AD4vcthMGqjl RPax6r0m8XQRRx3t5IIhYceRqZI79Y2nkcePqNtWjYz3AvfU3DJRzcQeJanOiDHt7jsm M1cnAMwHziLEEbkiOZznuyR35oWgC6VBuSP81VjL2rGrN4lCiFBZjXWyac2YpQPAnr8e yeQA== X-Gm-Message-State: AOJu0YwIkcjDUNcsq4ybTb4qHUsMA6Q8xGbT+dB38dTw2KAibsfprFMi F7gZYq1eRx3QxvzdDiFHqtW3dteGAk6ShM65hn0c8k+6C/U4mnboYHI2zbWaGcDawKTZGmCF5iE KC0iY X-Gm-Gg: ASbGncspsNeL29XVsy3dv2ZJnSBrCBgcrs5oCs/rhyOBfMrnjudKE1HODz+MlofAaA3 9yHt3xn+RC34oPPv0Msi+31niUuGhe9GviPy3GlqfjBnQhNyQDRi05RUF0v8pJMUhPHfpz4LCeF F3PirgAXhom8dUXkAJJRn11utrm9989WclxueqUmpA+6Q5ORnktrTEb9f2C3XrBgMl+24TABwXV jXPmYY+Ew6JKah/NEl5AF9B9uPT5aweP6SEuEHaAkZDdkuMbu/dK72iWUcxPkkTG8hXmM13j7YZ zo6tP67+VtA38xDl9oGPFjoTFTT04Yiz5ISfTLaCPSVagZxZc+76TiwCaLCpCh/hQEo+VqCE3MN 1jyTPNNrzNhV8DuMD3TxcucbP X-Google-Smtp-Source: AGHT+IFlGtfrHRqvcHeStydByaGgOedxB7MxvcVbvPuNf1PG3tC5FELPUTX7cbbPdxaCb9/xIgL57w== X-Received: by 2002:a17:90b:268c:b0:321:87fa:e1e4 with SMTP id 98e67ed59e1d1-32341df8cfbmr4266602a91.6.1755276309884; Fri, 15 Aug 2025 09:45:09 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3ec5:7840:3390:1caa]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-32343c9ab2asm1554476a91.30.2025.08.15.09.45.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Aug 2025 09:45:09 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 3/9] go: ignore CVE-2025-0913 Date: Fri, 15 Aug 2025 09:44:54 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 15 Aug 2025 16:45:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221983 From: Peter Marko This is problem on Windows platform only. Per NVD report [1], CPE has "and" clause Running on/with cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* Also linked patch [2] changes Windows files only (and tests). [1] https://nvd.nist.gov/vuln/detail/CVE-2025-0913 [2] https://go-review.googlesource.com/c/go/+/672396 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.22.12.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/go/go-1.22.12.inc b/meta/recipes-devtools/go/go-1.22.12.inc index af09cb52cd..ea57b23c3e 100644 --- a/meta/recipes-devtools/go/go-1.22.12.inc +++ b/meta/recipes-devtools/go/go-1.22.12.inc @@ -19,3 +19,5 @@ SRC_URI += "\ file://CVE-2025-4673.patch \ " SRC_URI[main.sha256sum] = "012a7e1f37f362c0918c1dfa3334458ac2da1628c4b9cf4d9ca02db986e17d71" + +CVE_STATUS[CVE-2025-0913] = "not-applicable-platform: Issue only applies on Windows" From patchwork Fri Aug 15 16:44:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68639 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A516FCA0EEB for ; Fri, 15 Aug 2025 16:45:16 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.16348.1755276311948673006 for ; Fri, 15 Aug 2025 09:45:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=wur9612N; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-2445806e03cso22851885ad.1 for ; Fri, 15 Aug 2025 09:45:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755276311; x=1755881111; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jI50m1BKZJ4m3KEIEye9dblXWJ/oF4p6wUacctuPAx4=; b=wur9612NGql+hWvQrz5qag4xsN53gxkjPSqe9AFWulRx5s/thF7vpGRxZXIQZO7Qwe nB4yfRGAgDQ0PD+YMlMFrIIEFn6GSoPHKLwyqkFtcyb3Q58Sna49ejhCgU2KeIpi7Moi BqyaDFF4roQu7eqMk/z0u8Dy0Ch/khV6+mKqDHSYIJEC5mLD5ZB32z7r/AzcMSRGjbGg KFuXmhTAl2TWNQqzQN/xZQZiA/4XBWODeypnNDJodA7RenOe2Y9AgWd2kPHJPs/hZpFy kETim0+R3NPdPrIrJHXhTjOOwUHsYBeJEeMXm3WaYNdOlWzYoMd5ygpqABxYXzHC7CNI 0Xfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755276311; x=1755881111; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jI50m1BKZJ4m3KEIEye9dblXWJ/oF4p6wUacctuPAx4=; b=tjD+Nuj9bLVG4fH461/fj+gPPWdVwvWB/XPZVsa6fjw0sT/6k3E9ft2udFDNculFHV DF5WSzmFXKI5t/MgKck2jxMs+sdCa+OuXwlB+eP1+BKDLW1gKOH521PAS+IRTntfVzQ7 ebQ/pYu5Nfk8nST9uNLzbhwDMj/MfPt0m5jeHbLDJp8YU1BeskWsZjbWydahV8H74t5i nOs6zMDXWz8vX8g/KNJYKo3zdrhokFmzpWs2ZGhXODZ+tiNk6gTLc0yLtVM9qFLQBKrx v7+/aTbKwrbG5piNdRVpN8nKVnHAyobfXs8DVNJRg2EsYfDMdO5BMzL4bvFu1GrFmA94 PNtg== X-Gm-Message-State: AOJu0YzmgyNK7U7Yn1RaTmoBFLbUNUPiUVjJWhdSBrWE26g596az03W0 n0D5ppBIyfcAujpzrzKWPS/zxm8SisNXtqXGENIByk4bFB3pUtMPWhwvzTBGwyjmq214gIUoHIx lu/xN X-Gm-Gg: ASbGnctH1v6L1UX+XKt+BcZGhXDzjoepQY6cOSYZzW5k6/awe5LgW5/1M0XSv52qnAq 7OEo36dcKV9FYiV7uRyUD0gEsP2fyaB05+Rydg8MN384cWFXj0IS5X4vm5yloWR4IoO9mbGmGnZ EzwZ/zwQFyXi6xIowIQzA8ellkxx+N6LmZzDXDvwI0dSbPIrLtNnAS7IE2yc7svaq34oFNJUnPH cIotvypV6fE35YRTkmO4XLdG07PbjwY8xHAr21VsDsVeu53KI/fXSqv781zYbfOFlQhQ5kC9THc yoD4bUZSfWM0ynlcHtxDoFbPKcnSngvaeNxaIQtZ/MpIqr3jyeeaT607iARy0LJJw42Yjy2oj1/ kYwJfSyqpOmAsTw== X-Google-Smtp-Source: AGHT+IEOQgt8b6939eRVUAoctF58m5eFrApKtyROUy6ciYyMJAxWpHYOdjrUVbMxTy/CECBeaQeX/w== X-Received: by 2002:a17:903:1af0:b0:243:ba7:66ed with SMTP id d9443c01a7336-2446d8f30fbmr39904415ad.31.1755276311144; Fri, 15 Aug 2025 09:45:11 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3ec5:7840:3390:1caa]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-32343c9ab2asm1554476a91.30.2025.08.15.09.45.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Aug 2025 09:45:10 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 4/9] gstreamer1.0-plugins-base: fix CVE-2025-47808 Date: Fri, 15 Aug 2025 09:44:55 -0700 Message-ID: <2611a16cad53d2bf0cda2946678e7d31e3ffa007.1755276097.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 15 Aug 2025 16:45:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221984 From: Hitendra Prajapati Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6b19f117518a765a25c99d1c4b09f2838a8ed0c9 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../CVE-2025-47808.patch | 36 +++++++++++++++++++ .../gstreamer1.0-plugins-base_1.22.12.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47808.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47808.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47808.patch new file mode 100644 index 0000000000..5b9fefc321 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47808.patch @@ -0,0 +1,36 @@ +From 6b19f117518a765a25c99d1c4b09f2838a8ed0c9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Thu, 8 May 2025 09:04:52 +0300 +Subject: [PATCH] tmplayer: Don't append NULL + 1 to the string buffer when + parsing lines without text + +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4417 +Fixes CVE-2025-47808 + +Part-of: + +CVE: CVE-2025-47808 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6b19f117518a765a25c99d1c4b09f2838a8ed0c9] +Signed-off-by: Hitendra Prajapati +--- + gst/subparse/tmplayerparse.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/gst/subparse/tmplayerparse.c b/gst/subparse/tmplayerparse.c +index 807e332..a9225d3 100644 +--- a/gst/subparse/tmplayerparse.c ++++ b/gst/subparse/tmplayerparse.c +@@ -125,7 +125,9 @@ tmplayer_parse_line (ParserState * state, const gchar * line, guint line_num) + * durations from the start times anyway, so as long as the parser just + * forwards state->start_time by duration after it pushes the line we + * are about to return it will all be good. */ +- g_string_append (state->buf, text_start + 1); ++ if (text_start) { ++ g_string_append (state->buf, text_start + 1); ++ } + } else if (line_num > 0) { + GST_WARNING ("end of subtitle unit but no valid start time?!"); + } +-- +2.50.1 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index 05cb956815..44ecdc0b55 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb @@ -19,6 +19,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0010-id3v2-Don-t-try-parsing-extended-header-if-not-enoug.patch \ file://0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch \ file://0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch \ + file://CVE-2025-47808.patch \ " SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" From patchwork Fri Aug 15 16:44:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68641 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5135CA0EE4 for ; Fri, 15 Aug 2025 16:45:16 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web11.16350.1755276313365925890 for ; Fri, 15 Aug 2025 09:45:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=W5aFvuZL; spf=softfail (domain: sakoman.com, ip: 209.85.216.45, mailfrom: steve@sakoman.com) Received: by mail-pj1-f45.google.com with SMTP id 98e67ed59e1d1-32326e7baa1so1881857a91.3 for ; Fri, 15 Aug 2025 09:45:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755276312; x=1755881112; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DplriiJS67WQVdYhU/ZYoPAywlKtblD1gEtiAJM+0cw=; b=W5aFvuZLn7p54klTQEnBof4BBakmjjwC0Jk4TbATYlPqdeEPmDPJio/RlwMyAO+O1v msJPzbLQs9lZ6W1bujfHcHaw4lx2Kddr+ffPzj3/mEBRF3lyYj/XWqzZ/hrGyHv6Hm9n uvVie37PiDDCtBXeTlABbgxxGrgve/u3ijGvCrNfcm8dNnY2f3lruUFIDyRsWsexXxzR Z5kAjaU8/KIQACgwxD6Sx193i6AWX1UX96a0hJxbMRdcT/z6VRi31CPNRx92gZW7XUsU 5dNg3SEjWECB5ketFIrWnjaT1dfS5gS2SChVWD7lt7Yo4c7z/KkNYkfAOSe5FhDAjUPS s7Tg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755276312; x=1755881112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DplriiJS67WQVdYhU/ZYoPAywlKtblD1gEtiAJM+0cw=; b=Dx85KdqcezrrXV3aJBHKTyFHJ4m7+KxOUiZpl3UnvQGiek+wgNAXUHYxfI/mgTJ8NT YwWD2q3prx1ZZtMIBe+dQYIFFM42v7qc/nBRVbuyNDarOmiUZ9BmurmaUvENKKogYfpC hdNCdFX7o76VBD7CIx2JvSAnrj9ZYpfxK5TIm75WAZSCxTlfaRmmHkrpimENol12KqVd hO2A88Cfy85nBc/Wnhmjc/gtofvlEf00dbQx9x6w0v1OjyYLc2JSySplyMbGf7uctBYZ 3LQr1HiUA6yXzZuvrJLkThQMVDq4g6tc9jkNxzPlm2Fe/YTJQmsYAlZg+WkD4sCL06ue 7CPw== X-Gm-Message-State: AOJu0YwN4wgnyfiWewAeieTaoLq8WGm/wygOsOveaN7wQuVII5mGldkk HF6i8u1ptvdUW1BoG8BS2Rwnrtz7aukErkP4jIF1Goruszj/FWtyPeuIH3wjCqA1zxDifvy/HOH pdn7A X-Gm-Gg: ASbGncuUgHr+v8opMOT0Ju/tLsumYdHL0gr9dXbm48DAko1Pdbz4fPh7TVWigXbLWsK BNf7v50Utw6ivoxLv+XozPCDa11Ktps/wg6f5C50qWFPaiaUZl4MjCv/rk1MgP9PhA8PGzcbLCg eT3v8LZv0OJS2hSfYEyr/F7IPbGPV8xREteuDuJTwaahVy9sJJiiLWX4Rupu7HCnl/Jfc8qQuCC MR7BF5hJxM7UfyWp6mLMnE+pRKAmPeLmDgWelhlo3+aBMyQlau/hZsK5xBOhK8glE3kdu8vVM5M 0XWVBjw5ljMpNLGLXb1gd36Tm5Ef7SvWglf67wTaE0sWMsyKpTALWM9KbvUQLPb/Z04g0mM/O3q igwJZ3L5kP8y5Gw== X-Google-Smtp-Source: AGHT+IGbW/D3l3wJuhP+o0I001R3cHKhdQ2IVAKaF/ISGnAz6sXoy7ep+ZAvEXRJ5/XSJMvSeDV7xQ== X-Received: by 2002:a17:90b:3c06:b0:311:eb85:96df with SMTP id 98e67ed59e1d1-3234214780emr4643294a91.17.1755276312516; Fri, 15 Aug 2025 09:45:12 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3ec5:7840:3390:1caa]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-32343c9ab2asm1554476a91.30.2025.08.15.09.45.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Aug 2025 09:45:12 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 5/9] gstreamer1.0-plugins-base: fix CVE-2025-47806 Date: Fri, 15 Aug 2025 09:44:56 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 15 Aug 2025 16:45:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221985 From: Hitendra Prajapati Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/da4380c4df0e00f8d0bad569927bfc7ea35ec37d Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../CVE-2025-47806.patch | 50 +++++++++++++++++++ .../gstreamer1.0-plugins-base_1.22.12.bb | 1 + 2 files changed, 51 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47806.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47806.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47806.patch new file mode 100644 index 0000000000..632a5fb38e --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2025-47806.patch @@ -0,0 +1,50 @@ +From da4380c4df0e00f8d0bad569927bfc7ea35ec37d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Thu, 8 May 2025 12:46:40 +0300 +Subject: [PATCH] subparse: Make sure that subrip time string is not too long + before zero-padding + +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4419 +Fixes CVE-2025-47806 + +Part-of: + +CVE: CVE-2025-47806 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/da4380c4df0e00f8d0bad569927bfc7ea35ec37d] +Signed-off-by: Hitendra Prajapati +--- + gst/subparse/gstsubparse.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/gst/subparse/gstsubparse.c b/gst/subparse/gstsubparse.c +index 4ea4ec6..035068d 100644 +--- a/gst/subparse/gstsubparse.c ++++ b/gst/subparse/gstsubparse.c +@@ -850,7 +850,7 @@ parse_subrip_time (const gchar * ts_string, GstClockTime * t) + g_strdelimit (s, " ", '0'); + g_strdelimit (s, ".", ','); + +- /* make sure we have exactly three digits after he comma */ ++ /* make sure we have exactly three digits after the comma */ + p = strchr (s, ','); + if (p == NULL) { + /* If there isn't a ',' the timestamp is broken */ +@@ -859,6 +859,15 @@ parse_subrip_time (const gchar * ts_string, GstClockTime * t) + return FALSE; + } + ++ /* Check if the comma is too far into the string to avoid ++ * stack overflow when zero-padding the sub-second part. ++ * ++ * Allow for 3 digits of hours just in case. */ ++ if ((p - s) > sizeof ("hhh:mm:ss,")) { ++ GST_WARNING ("failed to parse subrip timestamp string '%s'", s); ++ return FALSE; ++ } ++ + ++p; + len = strlen (p); + if (len > 3) { +-- +2.50.1 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb index 44ecdc0b55..bfc6bb65ef 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.22.12.bb @@ -20,6 +20,7 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-base/gst-plugins-ba file://0011-discoverer-Don-t-print-channel-layout-for-more-than-.patch \ file://0012-subparse-Check-for-NULL-return-of-strchr-when-parsin.patch \ file://CVE-2025-47808.patch \ + file://CVE-2025-47806.patch \ " SRC_URI[sha256sum] = "73cfadc3a6ffe77ed974cfd6fb391c605e4531f48db21dd6b9f42b8cb69bd8c1" From patchwork Fri Aug 15 16:44:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68642 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B20B8CA0EEC for ; Fri, 15 Aug 2025 16:45:16 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web10.16483.1755276314948431437 for ; Fri, 15 Aug 2025 09:45:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=GggML/q9; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-24457f43981so14617085ad.0 for ; Fri, 15 Aug 2025 09:45:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755276314; x=1755881114; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=9aJwfwtOT8T5/Imq+AOyntxf2wO3RqTrRCcth32Abvs=; b=GggML/q9uxsY9houFGIeGaY7uwEoThJEN2KvYDqOOk/ZYipjvT2QxWUAklCTMpCb1X oPwisSIEtT3gZwF03MJypFUxRcc9bnq1YlpwB7UloyZ6hUsCCWflVHEe+teuGRcKQ8t5 b/lQqZUq6PCvHaRKdE2z375TSUk480BrwD4FveKqgtAdOUpOqBpuCTfqIzwj61oRwoPM C885wY60EfeifQffxlV4AK+VzWmJmlJQYXSn6wSdHIhyozfWBOLmDPzlLDUX8fHGenCs ntWZ04UT/FCEs/JcFqM/BohLyyXVlXOj1Lue7h7Dz6rWSDqnRtdBxQ3dKupu1dgzY12/ deDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755276314; x=1755881114; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=9aJwfwtOT8T5/Imq+AOyntxf2wO3RqTrRCcth32Abvs=; b=mV7wDkJ5U0Aum5ZMP9MnaWx5vdinh0YuR9WmXwXn6y9+3NS7qwGvKzMqTEmD3PEm8y 1BXDDQXYheoQ1t2DdVRei5TA4Qz+wi7Hi8XQ3iqVIU1nA8tb0/kuzK2bBdTlvgzUPTw2 5ioIVdzW/QNutakgVoUYnPGDkpUYaCerYFGVDC6EGIt7Tzf2RG8RBNe5T/wXATae2BMm Qhn+/y3/5yqVjkI4Ycjl1QPw+g+3ftYTeMjwZ7Anz/Jike+MGFpIH8Yx7mhiZY4nl0ka BhWkDCmYJFFzYSWfk3lVx6MfpuIam2D9j8J4Dw8gj5sUUmX4Y1saxamfKNNXjSBCkydL 9EAQ== X-Gm-Message-State: AOJu0YxlER4eADSxjovAP2CFnMiqxleUcljxLVy0Qc6ybAptgiTGdCqD x/Ld5puIDGog5WuqeF1QZgY41YTfP2klaBX4hfaad+GyyCKlvc95Pw/SD+EId7j5AJKA19zlREE ZtqZV X-Gm-Gg: ASbGncsenKataQKqDcqpXiErAxQqXh/p7hgy0ytDsVYcCMPOW1nmPqbRBcd++dAPwO8 tP5mrr9Isop8af/F7o4p47QbZK/buOQuJPBCfujjVWovFtBADXyvDejUyhG91lQ8MyL360H9tro 3PsmTS0UfF6sr2KWoqf0ezUd/bcDlaJvTkH9KSIp1/4UXdIYLUcOzgVWByvOe++SjZjR6Emizsu yfU42f9uNkmUPl069RrK67BEJ+jq+nM0R4zqAki2YmGuDSMA8BQVnvoz9FVULEEcLRRQPJKOjX9 TiJMVSe+sdXfpE4DKZtHFnskkpR6e1DCt8JYtFM7xJuFLWoJnpQJ1Z1DHSRCoENcgSSAv8zETGR A2+dorXkKDJz77td4GYulOXBd X-Google-Smtp-Source: AGHT+IHQAhaSjOf6W4FkgP3KY4ro+oH3dKEWO4IU6E26hbPupaQLvTII6bNudHKG99UUn2E3Rq9OfA== X-Received: by 2002:a17:903:1b6f:b0:240:e9d:6c43 with SMTP id d9443c01a7336-2446d9426a4mr43266575ad.51.1755276313951; Fri, 15 Aug 2025 09:45:13 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3ec5:7840:3390:1caa]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-32343c9ab2asm1554476a91.30.2025.08.15.09.45.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Aug 2025 09:45:13 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 6/9] gstreamer1.0-plugins-good: fix multiple CVEs Date: Fri, 15 Aug 2025 09:44:57 -0700 Message-ID: <3e82483c777d0a59a9d93e7c41f8fe88a9d75b22.1755276097.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 15 Aug 2025 16:45:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221986 From: Hitendra Prajapati * CVE-2025-47183 - Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c4d0f4bbd9a8e97f119a4528b9f4662a6b80922c && https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/d76cae74dad89994bfcdad83da6ef1ad69074332 * CVE-2025-47219 - Upstream-Status: Backport from https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b80803943388050cb870c95934fc52feeffb94ac Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../CVE-2025-47183-001.patch | 151 ++++++++++++++++++ .../CVE-2025-47183-002.patch | 80 ++++++++++ .../CVE-2025-47219.patch | 40 +++++ .../gstreamer1.0-plugins-good_1.22.12.bb | 3 + 4 files changed, 274 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-001.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-002.patch create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-001.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-001.patch new file mode 100644 index 0000000000..bd25c5f1ed --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-001.patch @@ -0,0 +1,151 @@ +From c4d0f4bbd9a8e97f119a4528b9f4662a6b80922c Mon Sep 17 00:00:00 2001 +From: Jochen Henneberg +Date: Tue, 10 Dec 2024 21:34:48 +0100 +Subject: [PATCH] qtdemux: Use mvhd transform matrix and support for flipping + +The mvhd matrix is now combined with the tkhd matrix. The combined +matrix is then checked if it matches one of the standard values for +GST_TAG_IMAGE_ORIENTATION. +This check now includes matrices with flipping. + +Fixes #4064 + +Part-of: + +CVE: CVE-2025-47183 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/c4d0f4bbd9a8e97f119a4528b9f4662a6b80922c] +Signed-off-by: Hitendra Prajapati +--- + gst/isomp4/qtdemux.c | 53 ++++++++++++++++++++++++++++++++++++++++---- + 1 file changed, 49 insertions(+), 4 deletions(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index 10b21a6..e708ef4 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -10861,6 +10861,23 @@ qtdemux_parse_transformation_matrix (GstQTDemux * qtdemux, + return TRUE; + } + ++static void ++qtdemux_mul_transformation_matrix (GstQTDemux * qtdemux, ++ guint32 * a, guint32 * b, guint32 * c) ++{ ++#define QTMUL_MATRIX(_a,_b) (((_a) == 0 || (_b) == 0) ? 0 : \ ++ ((_a) == (_b) ? 1 : -1)) ++#define QTADD_MATRIX(_a,_b) ((_a) + (_b) > 0 ? (1U << 16) : \ ++ ((_a) + (_b) < 0) ? (G_MAXUINT16 << 16) : 0u) ++ ++ c[2] = c[5] = c[6] = c[7] = 0; ++ c[0] = QTADD_MATRIX (QTMUL_MATRIX (a[0], b[0]), QTMUL_MATRIX (a[1], b[3])); ++ c[1] = QTADD_MATRIX (QTMUL_MATRIX (a[0], b[1]), QTMUL_MATRIX (a[1], b[4])); ++ c[3] = QTADD_MATRIX (QTMUL_MATRIX (a[3], b[0]), QTMUL_MATRIX (a[4], b[3])); ++ c[4] = QTADD_MATRIX (QTMUL_MATRIX (a[3], b[1]), QTMUL_MATRIX (a[4], b[4])); ++ c[8] = a[8]; ++} ++ + static void + qtdemux_inspect_transformation_matrix (GstQTDemux * qtdemux, + QtDemuxStream * stream, guint32 * matrix, GstTagList ** taglist) +@@ -10889,6 +10906,14 @@ qtdemux_inspect_transformation_matrix (GstQTDemux * qtdemux, + rotation_tag = "rotate-180"; + } else if (QTCHECK_MATRIX (matrix, 0, G_MAXUINT16, 1, 0)) { + rotation_tag = "rotate-270"; ++ } else if (QTCHECK_MATRIX (matrix, G_MAXUINT16, 0, 0, 1)) { ++ rotation_tag = "flip-rotate-0"; ++ } else if (QTCHECK_MATRIX (matrix, 0, G_MAXUINT16, 1, 0)) { ++ rotation_tag = "flip-rotate-90"; ++ } else if (QTCHECK_MATRIX (matrix, 1, 0, 0, G_MAXUINT16)) { ++ rotation_tag = "flip-rotate-180"; ++ } else if (QTCHECK_MATRIX (matrix, 0, 1, 1, 0)) { ++ rotation_tag = "flip-rotate-270"; + } else { + GST_FIXME_OBJECT (qtdemux, "Unhandled transformation matrix values"); + } +@@ -11175,7 +11200,7 @@ qtdemux_parse_stereo_svmi_atom (GstQTDemux * qtdemux, QtDemuxStream * stream, + * traks that do not decode to something (like strm traks) will not have a pad. + */ + static gboolean +-qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) ++qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak, guint32 * mvhd_matrix) + { + GstByteReader tkhd; + int offset; +@@ -11347,15 +11372,21 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + + /* parse rest of tkhd */ + if (stream->subtype == FOURCC_vide) { ++ guint32 tkhd_matrix[9]; + guint32 matrix[9]; + + /* version 1 uses some 64-bit ints */ + if (!gst_byte_reader_skip (&tkhd, 20 + value_size)) + goto corrupt_file; + +- if (!qtdemux_parse_transformation_matrix (qtdemux, &tkhd, matrix, "tkhd")) ++ if (!qtdemux_parse_transformation_matrix (qtdemux, &tkhd, tkhd_matrix, ++ "tkhd")) + goto corrupt_file; + ++ /* calculate the final matrix from the mvhd_matrix and the tkhd matrix */ ++ qtdemux_mul_transformation_matrix (qtdemux, mvhd_matrix, tkhd_matrix, ++ matrix); ++ + if (!gst_byte_reader_get_uint32_be (&tkhd, &w) + || !gst_byte_reader_get_uint32_be (&tkhd, &h)) + goto corrupt_file; +@@ -14198,11 +14229,14 @@ qtdemux_parse_tree (GstQTDemux * qtdemux) + guint64 creation_time; + GstDateTime *datetime = NULL; + gint version; ++ GstByteReader mvhd_reader; ++ guint32 matrix[9]; + + /* make sure we have a usable taglist */ + qtdemux->tag_list = gst_tag_list_make_writable (qtdemux->tag_list); + +- mvhd = qtdemux_tree_get_child_by_type (qtdemux->moov_node, FOURCC_mvhd); ++ mvhd = qtdemux_tree_get_child_by_type_full (qtdemux->moov_node, ++ FOURCC_mvhd, &mvhd_reader); + if (mvhd == NULL) { + GST_LOG_OBJECT (qtdemux, "No mvhd node found, looking for redirects."); + return qtdemux_parse_redirects (qtdemux); +@@ -14213,15 +14247,26 @@ qtdemux_parse_tree (GstQTDemux * qtdemux) + creation_time = QT_UINT64 ((guint8 *) mvhd->data + 12); + qtdemux->timescale = QT_UINT32 ((guint8 *) mvhd->data + 28); + qtdemux->duration = QT_UINT64 ((guint8 *) mvhd->data + 32); ++ if (!gst_byte_reader_skip (&mvhd_reader, 4 + 8 + 8 + 4 + 8)) ++ return FALSE; + } else if (version == 0) { + creation_time = QT_UINT32 ((guint8 *) mvhd->data + 12); + qtdemux->timescale = QT_UINT32 ((guint8 *) mvhd->data + 20); + qtdemux->duration = QT_UINT32 ((guint8 *) mvhd->data + 24); ++ if (!gst_byte_reader_skip (&mvhd_reader, 4 + 4 + 4 + 4 + 4)) ++ return FALSE; + } else { + GST_WARNING_OBJECT (qtdemux, "Unhandled mvhd version %d", version); + return FALSE; + } + ++ if (!gst_byte_reader_skip (&mvhd_reader, 4 + 2 + 2 + 2 * 4)) ++ return FALSE; ++ ++ if (!qtdemux_parse_transformation_matrix (qtdemux, &mvhd_reader, matrix, ++ "mvhd")) ++ return FALSE; ++ + /* Moving qt creation time (secs since 1904) to unix time */ + if (creation_time != 0) { + /* Try to use epoch first as it should be faster and more commonly found */ +@@ -14290,7 +14335,7 @@ qtdemux_parse_tree (GstQTDemux * qtdemux) + /* parse all traks */ + trak = qtdemux_tree_get_child_by_type (qtdemux->moov_node, FOURCC_trak); + while (trak) { +- qtdemux_parse_trak (qtdemux, trak); ++ qtdemux_parse_trak (qtdemux, trak, matrix); + /* iterate all siblings */ + trak = qtdemux_tree_get_sibling_by_type (trak, FOURCC_trak); + } +-- +2.50.1 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-002.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-002.patch new file mode 100644 index 0000000000..77127dd466 --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47183-002.patch @@ -0,0 +1,80 @@ +From d76cae74dad89994bfcdad83da6ef1ad69074332 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Tue, 29 Apr 2025 09:43:58 +0300 +Subject: [PATCH] qtdemux: Use byte reader to parse mvhd box + +This avoids OOB reads. + +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4394 +Fixes CVE-2025-47183 + +Part-of: + +CVE: CVE-2025-47183 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/d76cae74dad89994bfcdad83da6ef1ad69074332] +Signed-off-by: Hitendra Prajapati +--- + gst/isomp4/qtdemux.c | 36 ++++++++++++++++++++++++++---------- + 1 file changed, 26 insertions(+), 10 deletions(-) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index e708ef4..0d29869 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -14228,7 +14228,7 @@ qtdemux_parse_tree (GstQTDemux * qtdemux) + GNode *pssh; + guint64 creation_time; + GstDateTime *datetime = NULL; +- gint version; ++ guint8 version; + GstByteReader mvhd_reader; + guint32 matrix[9]; + +@@ -14242,19 +14242,35 @@ qtdemux_parse_tree (GstQTDemux * qtdemux) + return qtdemux_parse_redirects (qtdemux); + } + +- version = QT_UINT8 ((guint8 *) mvhd->data + 8); ++ if (!gst_byte_reader_get_uint8 (&mvhd_reader, &version)) ++ return FALSE; ++ /* flags */ ++ if (!gst_byte_reader_skip (&mvhd_reader, 3)) ++ return FALSE; + if (version == 1) { +- creation_time = QT_UINT64 ((guint8 *) mvhd->data + 12); +- qtdemux->timescale = QT_UINT32 ((guint8 *) mvhd->data + 28); +- qtdemux->duration = QT_UINT64 ((guint8 *) mvhd->data + 32); +- if (!gst_byte_reader_skip (&mvhd_reader, 4 + 8 + 8 + 4 + 8)) ++ if (!gst_byte_reader_get_uint64_be (&mvhd_reader, &creation_time)) ++ return FALSE; ++ /* modification time */ ++ if (!gst_byte_reader_skip (&mvhd_reader, 8)) ++ return FALSE; ++ if (!gst_byte_reader_get_uint32_be (&mvhd_reader, &qtdemux->timescale)) ++ return FALSE; ++ if (!gst_byte_reader_get_uint64_be (&mvhd_reader, &qtdemux->duration)) + return FALSE; + } else if (version == 0) { +- creation_time = QT_UINT32 ((guint8 *) mvhd->data + 12); +- qtdemux->timescale = QT_UINT32 ((guint8 *) mvhd->data + 20); +- qtdemux->duration = QT_UINT32 ((guint8 *) mvhd->data + 24); +- if (!gst_byte_reader_skip (&mvhd_reader, 4 + 4 + 4 + 4 + 4)) ++ guint32 tmp; ++ ++ if (!gst_byte_reader_get_uint32_be (&mvhd_reader, &tmp)) ++ return FALSE; ++ creation_time = tmp; ++ /* modification time */ ++ if (!gst_byte_reader_skip (&mvhd_reader, 4)) ++ return FALSE; ++ if (!gst_byte_reader_get_uint32_be (&mvhd_reader, &qtdemux->timescale)) ++ return FALSE; ++ if (!gst_byte_reader_get_uint32_be (&mvhd_reader, &tmp)) + return FALSE; ++ qtdemux->duration = tmp; + } else { + GST_WARNING_OBJECT (qtdemux, "Unhandled mvhd version %d", version); + return FALSE; +-- +2.50.1 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch new file mode 100644 index 0000000000..0d7e02ec1e --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good/CVE-2025-47219.patch @@ -0,0 +1,40 @@ +From b80803943388050cb870c95934fc52feeffb94ac Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= +Date: Sat, 3 May 2025 09:43:32 +0300 +Subject: [PATCH] qtdemux: Check if enough bytes are available for each stsd + entry + +There must be at least 8 bytes for the length / fourcc of each entry. After +reading those, the length is already validated against the remaining available +bytes. + +Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4407 +Fixes CVE-2025-47219 + +Part-of: + +CVE: CVE-2025-47219 +Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b80803943388050cb870c95934fc52feeffb94ac] +Signed-off-by: Hitendra Prajapati +--- + gst/isomp4/qtdemux.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/gst/isomp4/qtdemux.c b/gst/isomp4/qtdemux.c +index 10b21a6..b40aa81 100644 +--- a/gst/isomp4/qtdemux.c ++++ b/gst/isomp4/qtdemux.c +@@ -11399,6 +11399,10 @@ qtdemux_parse_trak (GstQTDemux * qtdemux, GNode * trak) + gchar *codec = NULL; + QtDemuxStreamStsdEntry *entry = &stream->stsd_entries[stsd_index]; + ++ /* needs at least length and fourcc */ ++ if (remaining_stsd_len < 8) ++ goto corrupt_file; ++ + /* and that entry should fit within stsd */ + len = QT_UINT32 (stsd_entry_data); + if (len > remaining_stsd_len) +-- +2.50.1 + diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb index 608c3030ba..31bc8af015 100644 --- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb +++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-good_1.22.12.bb @@ -38,6 +38,9 @@ SRC_URI = "https://gstreamer.freedesktop.org/src/gst-plugins-good/gst-plugins-go file://0029-wavparse-Check-that-at-least-32-bytes-are-available-.patch \ file://0030-wavparse-Fix-clipping-of-size-to-the-file-size.patch \ file://0031-wavparse-Check-size-before-reading-ds64-chunk.patch \ + file://CVE-2025-47183-001.patch \ + file://CVE-2025-47183-002.patch \ + file://CVE-2025-47219.patch \ " SRC_URI[sha256sum] = "9c1913f981900bd8867182639b20907b28ed78ef7a222cfbf2d8ba9dab992fa7" From patchwork Fri Aug 15 16:44:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68640 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B9709CA0EED for ; Fri, 15 Aug 2025 16:45:16 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web11.16354.1755276316169551519 for ; Fri, 15 Aug 2025 09:45:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=i1IzsdPZ; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-76e1fc69f86so2385111b3a.0 for ; Fri, 15 Aug 2025 09:45:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755276315; x=1755881115; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qGOUsN2GRdvN1Kcbh3/ImtSRtgscKM513LvFZU42tCw=; b=i1IzsdPZHUwoTCZ5MOU88Om0ujvFglGLoSWLQZsOpmcQ9WPrWbaA2dC90gXqw+dxUb z+oxDcvNJJ/fPIMSV8VnVNeNIZUYD5qk2EothZEeWJthkoM5fa3y3yrwmRLYhv4pbxkQ kLJzddUO6a/WcPUwifkc40zowcHknTYc+FvMI+qfMY77PSm3g9Yj/FAkSUqydz08HISW MqqDa8b+rzYDa+DusLZuplbWm/pEynQSXWwt6Lp83fi7JzRrsqFf5aZ7pjNW5Nj3JhVN k3g01lTEVNKVi8kU/oMeoRS/4f8gSrLVJTzWTVXIIPeWHsuK9I92CqaNCvyIre2YLVEP 9ZEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755276315; x=1755881115; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qGOUsN2GRdvN1Kcbh3/ImtSRtgscKM513LvFZU42tCw=; b=tPvgNBU/ZeTHp3ytfWntjkTBRkkiJUr5GQ2UTZdkYiZW6lu0ehHqiw+LtuUIOFouvW VHNBMdHA8wmnLYJ9wndFWzWCudAsszjq5tzeRJresuFi6DfEnV6odz+0pj3jUHhFizj6 /Om4NJqU72LhLbjf45de9S2bm6khQgaSS7WEKELEBRd+qd0Xodf0O/dpgEU6Sp1F9Q1F 6zkHd3LmHjcEDFYHSZRsXvFqHQ16Oh1GLsAzafjb1mc2SoZ7qqMkU6A3c7QygUcWulZn SxUzLzKCpwFwHMKRrNizdZ4qSO3Qr7sN7j1+eI2viJyxxowY1bFp0MZ8ZJuDsOUCDPbx pJ9Q== X-Gm-Message-State: AOJu0YwhRD1mwR8HIex5LC+rYAiz8hAEOuzxm3bQzOjOeLrPy3a5v154 yuk0+aQT3jFP1zNMPbzoOvKQ90RrizR30e3JfIv3+v+KSfSx7eL3vKDJpKTMeU254gRgzVpzQt9 2nLkc X-Gm-Gg: ASbGnctkVXwV03feg3PcXyGMWrHBETPNs8KYIT7dsRjIPuIYsLA0FokvbvizTGVXcXy 3RUUr3I8bFiErQXQavL0teigs5hLEANPy/vZAl8rEuCAqRxQ1BypjGDBtn3uXwyGPpr0KjgSqRj BtrZyZc/9SKNKdCYvHEY7GCAHGdoWwdj3m+WmYvGI63gC7EJesjAnoknVbGsrcmuMv3zjC+gWYF PUAwjO/KXQKjuGMz3WNgOjCaCmnS0FngMzGfhEViIz5ZZa/NBHGMdDuyG/O87uQbO+NdW7QU4tb fU5aVzKoPUQZYTvV4yX4XS19l14hK69RDbnSujnlToc+6rT8DHddAZGjDW00EoC7rEyCFwSOpXv +PcQOEWD4fP84xg== X-Google-Smtp-Source: AGHT+IFTT7K+N+/XH7gVDLfMvPNnYUTaEO1OXWUaoBG71upWJ0bUM+XES4EjfWRaIzmCfGndzwTzAw== X-Received: by 2002:a17:903:1a6f:b0:233:d3e7:6fd6 with SMTP id d9443c01a7336-24459800f39mr123140345ad.19.1755276315317; Fri, 15 Aug 2025 09:45:15 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3ec5:7840:3390:1caa]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-32343c9ab2asm1554476a91.30.2025.08.15.09.45.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Aug 2025 09:45:14 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 7/9] libpam: re-add missing libgen include Date: Fri, 15 Aug 2025 09:44:58 -0700 Message-ID: <6d88a28ac7b6ff61808eb46e5c85dabd17c77f2e.1755276097.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 15 Aug 2025 16:45:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221987 From: Martin Jansa It was added by original commit for CVE-2025-6020-01.patch https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e#diff-05f443e6acbe32a148a45648148739bf6f02f13acc5c20c6037bf933223d4d77 but removed here in the rebase, causing: ../../../Linux-PAM-1.5.3/modules/pam_namespace/pam_namespace.c:326:11: error: call to undeclared function 'dirname'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration] 326 | parent = dirname(buf); | ^ ../../../Linux-PAM-1.5.3/modules/pam_namespace/pam_namespace.c:326:9: error: incompatible integer to pointer conversion assigning to 'char*' from 'int' [-Wint-conversion] 326 | parent = dirname(buf); | ^ ~~~~~~~~~~~~ Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- .../pam/libpam/0002-pam-namespace-rebase.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch b/meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch index ff5a8a4946..c57011da0b 100644 --- a/meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch +++ b/meta/recipes-extended/pam/libpam/0002-pam-namespace-rebase.patch @@ -714,7 +714,7 @@ diff --git a/modules/pam_namespace/pam_namespace.h b/modules/pam_namespace/pam_n index a991b4c..180e042 100644 --- a/modules/pam_namespace/pam_namespace.h +++ b/modules/pam_namespace/pam_namespace.h -@@ -44,21 +44,16 @@ +@@ -44,21 +44,17 @@ #include #include #include @@ -728,7 +728,7 @@ index a991b4c..180e042 100644 -#include #include #include --#include + #include #include #include #include From patchwork Fri Aug 15 16:44:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68644 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1B7BCA0ED1 for ; Fri, 15 Aug 2025 16:45:26 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web11.16356.1755276317525880905 for ; Fri, 15 Aug 2025 09:45:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=LPt/pPzz; spf=softfail (domain: sakoman.com, ip: 209.85.215.172, mailfrom: steve@sakoman.com) Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-b47156b3b79so1654672a12.0 for ; Fri, 15 Aug 2025 09:45:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755276317; x=1755881117; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Wb+4SKsEfgCD8dp+c45eCD23qZi/uChr+4JlO0tg0Ok=; b=LPt/pPzzZkBHRYl9KYUdsiq5JL5qjWCM9XjnF62zfsY3j14SDs0OrfpTselEvycmoU f9L+BISYqEp94XTet1mns7Qf3PpGPDQK2WHHKeLCsJtgXsNz3qEUrvD4KrfKPMqWNuXB GHvqUT9P0gNdtINnQHI2YdUJDpeMO/ICES/vrJ2S3U2ccBYFi5kZUXTk10hZGuj7flEn M/BWIPcSoVr4qhLQLcYizBD4eov1oPXQIkC2SFWUkoGCS/eLQIADk85FEFTdea6W/7rs GFHU95h5LDlhm47xYDhm8hub7OBybdJUySHXSVavK5FzbZ23U8kNYGcOyQ2Lzho3FjnG pc3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755276317; x=1755881117; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Wb+4SKsEfgCD8dp+c45eCD23qZi/uChr+4JlO0tg0Ok=; b=sHwe7JMOmswd1NBqBu7QSVB6v/dzCKL7U0MvxP/z2sV0oAu0IH8PA9MEPWGLWNMW0s KNl+wgnAIvHuzInjK2D4nbuEOmHAImj/ZV7SWp3BSGNgs71pnIp+F8soe8iD8LnL7O0L cqJviwpnlHqxqvqiP7kTUrbduDxmfZNNnlG44BdTxNzPzl/3gW3AGqOzSCIoE918cxhm g1fZwJYDZadFamtlGxeVEQWpf/ahm70QErnWmaKu4DIqQrXG2dUpYL/5DyRW2bWzmE+V H4QPfXB2w3M+FcVJKytl0hMDIJY7ow5Jlh6IkWvdsEDs4pUZmCbBLhU58z1C+wTOjbvv Xb5w== X-Gm-Message-State: AOJu0YzlT0emAvD+x4wQQVxuzsf/wh8bzVbXlK3QOeypFKpSAX7b8AA3 jp6i5wPNf3j803amj/ep9/BnD7DRMRgGi1SeiJBfHV6wfPNO59xney40Qp9+25d1F4vdRbwuNeX CFzFg X-Gm-Gg: ASbGnculrnF9WcaxoMTgVa4RL2CTZ8W9Ho+4YqP59IAdsybpYGqvmtp4w3duoNeW6BN 1hVl9BkFiBUluAYn1ucYh3f82zrpDeSORhX+vVuLRptmEqax/JAn9rash+jnl/JR5d7PGLQLgox w4/nAMusHpsE6FLddpxEJUiJw0kavWSQY8d2XMbfeJMAV9zQGeMJL6eJpJW5MPyj37kUdirpNuG XePw+lYNoi0f+46Dyqmk2FxIQDOP8lasAb4UCgGXLYzGRMwPF11izbdT3j0QqpQyFrJq1kGXrwv JF8h2QX7Gc3mKb9TeHeBLe+SYn/4mltyuaNsbUkfH+XVRC9NQ5nmM/Itz9KGc8AXCZ+Z9u4yv24 LEAfH1F5jrZC2eMzM8xqj3btL X-Google-Smtp-Source: AGHT+IH+iKgcfuHfyz3+KesDITQk7DQwfOvpcJD4hZV9B8tvzh0jRmBOFpt+9YyeEDRba6zQRmao4w== X-Received: by 2002:a17:902:ea06:b0:237:f757:9ad8 with SMTP id d9443c01a7336-24459486714mr116128485ad.1.1755276316691; Fri, 15 Aug 2025 09:45:16 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3ec5:7840:3390:1caa]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-32343c9ab2asm1554476a91.30.2025.08.15.09.45.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Aug 2025 09:45:16 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 8/9] cmake: Add PACKAGECONFIG option for debugger support Date: Fri, 15 Aug 2025 09:44:59 -0700 Message-ID: <776846eb8aa2f5f8c1ec8842cdbaff6b6bcdfa65.1755276097.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 15 Aug 2025 16:45:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221988 From: Nikhil R Starting from CMake version 2.27 support for interactive debugging of CMake scripts and configurations was added. However, by default the `nativesdk-cmake` is compiled with debugger support turned off. This change adds debugger support for cmake (From OE-Core rev: 8acfca456c3502f0d097ba01a2d08f83fb75ab60) Signed-off-by: Nikhil R Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-devtools/cmake/cmake_3.28.3.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/cmake/cmake_3.28.3.bb b/meta/recipes-devtools/cmake/cmake_3.28.3.bb index 63d483801a..2d47b4c027 100644 --- a/meta/recipes-devtools/cmake/cmake_3.28.3.bb +++ b/meta/recipes-devtools/cmake/cmake_3.28.3.bb @@ -44,9 +44,11 @@ EXTRA_OECMAKE=" \ -DKWSYS_CHAR_IS_SIGNED=1 \ -DBUILD_CursesDialog=0 \ -DKWSYS_LFS_WORKS=1 \ - -DCMake_ENABLE_DEBUGGER=0 \ " +PACKAGECONFIG ??= "" +PACKAGECONFIG[debugger] = "-DCMake_ENABLE_DEBUGGER=1,-DCMake_ENABLE_DEBUGGER=0," + do_install:append:class-nativesdk() { mkdir -p ${D}${datadir}/cmake install -m 644 ${WORKDIR}/OEToolchainConfig.cmake ${D}${datadir}/cmake/ From patchwork Fri Aug 15 16:45:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68645 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1BB4CA0EE9 for ; Fri, 15 Aug 2025 16:45:26 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web10.16486.1755276319046036323 for ; Fri, 15 Aug 2025 09:45:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=oA73ZBnD; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-32326e66dbaso1625188a91.3 for ; Fri, 15 Aug 2025 09:45:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755276318; x=1755881118; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=EgunYcJp8Ik1U7XoIgkfESNl0RRUJO/u/xE+MOOgRp4=; b=oA73ZBnD0IwuGYDnO+cQU53G6GRtF1qvXSoMzH6H3mHCnwdjzn6Eff55zLUEAAEOBS 0hXQmKrZOlereE18ff/nXCw6w8ltq7wJBDIzFJ8YJAs85oYdzWdBjP/9GxYK29D+jQ3M w+5w3cokM+zX8lc3aIaHCm0vDqPjpBUspXxHwGgEeNv7gsoAh+iQVh80ZYDNB7asoWQ1 eTJTYmeZK35HF38luKTAQ15kPBDfR+maFFJ+2XFZxuUMnt7X49uSA5MAJawREYx+COSb 02KnSNkYcBnj5xKJqNlEVl8pkfBgWOw6cZWrJ1eEEVS92u9ncNOiLmLL58OU5gd7r1CG qkww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755276318; x=1755881118; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=EgunYcJp8Ik1U7XoIgkfESNl0RRUJO/u/xE+MOOgRp4=; b=QiC88Oa4NINhi+MPyo/aBvkMj9L4bLprqYJLgPb9BNNY3+bEhBM8S1LhipUUNNJ9lN 7kqXbRc9J5YXRoDHzaTslq8K0rcO4oeblx9H+AbsC5G8KjC2nEt/IXBDZgIQ9pwqvYbu SgaOSm7lVxw/3mIekE8JPGL7Tk8TTY0vTJXIJ+zoS6Bunzrmmfj/jiBG/bzwciuMXetL HgiseUIpk8Hv6mneJZpiNJNL3GMQrQxGb/bRABTge9qRymVkN0nvQyzPf8pN8WY+NV+K Kv06TVVJKWZO3A7Bu/2mPINhMcqeF4KZ5rUthUon9XhuyeF5JMY6zG5NaUXAW+/ppyiD oc1Q== X-Gm-Message-State: AOJu0YxI/0pYpH1AaZ/9rHB+yl/PAy+/RgPTjiuordtJ1n2kyccXI/Qz 2lTYEtugt/x462rw+peYccDFGYZT11K124P2NSZVhyDRSDUuxnxxMVRGWtEKo8h/QHY4JtqH209 jG0+B X-Gm-Gg: ASbGncuAngbWAlVSZ0W+4lZ85iS9gGAjxVRBTnJ7w9arA6JXKlD8LQIy+ScNstat2we I3iK6oRhNk0HBje12t+47cnM1NqXDx4nP+F9DqD+atLKJvJKYo4LQqNPAPOPlYZClwSPbro2zen +hwINE8PD44f8TWJD1Sw5qgn0nyrD4qrnlutcWn+mOR8RGJHapsUL28lTL9woeJcqtprxA9S4i1 beiwNpB3uRNw2q2xMarRC9zRX7kDAgLOiCOP4YnC4jdbkVRZEYQNPSD7BwwBNefTB9EalgNQqtb FG08MWdQZqoqEz6eTGH9Il9nExaJ+Ff8IzdkioXCKcSyRQ3uaHpt6fR4s0b2jfz4ISyLzQLsQVm 2bGwdLv3pMGEv5v+2n9UW67UP X-Google-Smtp-Source: AGHT+IEJoQz1zKTrDpf+VQpcHGlQsjK0h++KmJuSH3m4WKKKuTdVftYruYHuCkYgOHN8gUUka9Qnvw== X-Received: by 2002:a17:90b:4c0c:b0:321:38a:229a with SMTP id 98e67ed59e1d1-32341e12681mr3703610a91.7.1755276318235; Fri, 15 Aug 2025 09:45:18 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:3ec5:7840:3390:1caa]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-32343c9ab2asm1554476a91.30.2025.08.15.09.45.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 15 Aug 2025 09:45:17 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 9/9] go-helloworld: fix license Date: Fri, 15 Aug 2025 09:45:00 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 15 Aug 2025 16:45:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/221989 From: Quentin Schulz The example repo doesn't seem to have ever been under MIT to begin with but rather Apache-2.0. It was then changed to the license used by the goland projectm that is BSD-3-Clause, 2 years ago in commit 00c7068f9d83 ("all: update to Go license"). The license file exists in the sources, so use that one instead of taking it from the OE-Core license directory. License-Update: Incorrect license is now proper Signed-off-by: Quentin Schulz Signed-off-by: Steve Sakoman --- meta/recipes-extended/go-examples/go-helloworld_0.1.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-extended/go-examples/go-helloworld_0.1.bb b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb index 98cd4d8103..6f0214aa60 100644 --- a/meta/recipes-extended/go-examples/go-helloworld_0.1.bb +++ b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb @@ -2,8 +2,8 @@ SUMMARY = "This is a simple example recipe that cross-compiles a Go program." SECTION = "examples" HOMEPAGE = "https://golang.org/" -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" +LICENSE = "BSD-3-Clause" +LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707" SRC_URI = "git://go.googlesource.com/example;branch=master;protocol=https" SRCREV = "d9923f6970e9ba7e0d23aa9448ead71ea57235ae"