From patchwork Thu Sep 4 15:17:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 69668 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F0EBACA1013 for ; Thu, 4 Sep 2025 15:17:54 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.842.1756999072372105311 for ; Thu, 04 Sep 2025 08:17:52 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=h//0QiAY; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-24b1596b1beso12245935ad.2 for ; Thu, 04 Sep 2025 08:17:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1756999071; x=1757603871; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yO0HKTnLozORUsvGTsIx4Zw40hROIbD4rJ0Ku3LnuLM=; b=h//0QiAYpBNr1QKstZb1dp9242HmFoLX1qQSCplDZMKtX7as5e4wjlx/YFNm9p0v7C AlB/qMkGFkegs68PKBqj77/ttLNPrI5Zq5eNMk9aIkA2uBxycLaWQecXwXtUv2oNtISh ZyNBmFehUWGHoz6LBK8j3udoQoXTIRfFaSoNH04Zs8bhRkI4yUky4ak2Iigg54ZrNf3K o9/9HRAdsEDfiDqJJd1zfZOEaGXQpn0sBWS4tW7QltCUW0GyA0KTk5DkC0uWnHXahB40 MeDc5bv1l+NdUaTEg6dC3a+yEOan2FxMlF8ufPbmq30WdzYJyu3G69bnqb6DpdYFHZzf C4Dg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756999071; x=1757603871; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yO0HKTnLozORUsvGTsIx4Zw40hROIbD4rJ0Ku3LnuLM=; b=ScEJYaY3Ci1Q54I/ZufVfoUAa66JUI6vmWcHShz2dZdpLg0e6o5qv/2AORP5it49zC ph8+ecNDgKnj+CAu07zeKPlEdmFliK7WiWPbnDmfm8Cbd/liOfZjOdjyiRFjFsZ0Gt8T LnFFSyKeef3rfCMAfcrWImtImEGvwqmVcMXsiSSgcqOUkiPcnrxXwwbCQSEtxjuJ+154 i4Z9mMWqEhNUGISiCUS5L4UUIEG0VclPK3h3q8gBi6OPlONAv2kDDJYYWhDZblSi882X feqpG0P63t67fxC+IjhpSpUX55yemmVP6vQztJe138/dkZSsV9MEGLJv4LWqIbTL97UQ poog== X-Gm-Message-State: AOJu0YzKKwlZgUvdzzg5PMgy7Y8aS6YBxHYmx+gwCct0RhMUXGopUqFI GDD9QDxF01M2Hha5qP5yaV0E+UIhd2wEeuHHNYZ3KASVa4F9JYFXLhSipW1JuE4zUkGXTa8yImX BAYYd X-Gm-Gg: ASbGncuX7NCpyCilcOxxUZKJudc0oq3kC3ecupzYlWk4xjVvfY3FGdBFLhv8EX4weQI GSIkqQpPhsp1JhfnwIwixqaPyBtDtqqITXbwHqP8oCu1nZNv0ow6xjE9HXkxjGgoIHJpS12kk2k dONYLgIjvNl1BmAw3hNImgDfhrNoKAUcO7qQAVSkdo7Zq6ImscG2AkB7Pbu71E95cVt6ZlxuZeB +BZ7pXbB3nrKxI8f5znddvOR5tiG9DYHZNkHgRhIlXksWd0dMxwf4bg6kD8dtLZSyJprwRAhp6o J7sjwB3NdgGSc6smbHnrlsNSLIwbNAhQQ1dO+DVycdpexJYhlSdREIJLP8N6m4dfDTH4Ou9wO7J 3a00Agwdvo9Kr87tbZeSwJl4D X-Google-Smtp-Source: AGHT+IG+D9KmF2Br1rIXdtCNfpk1Cn+88k4/hHnjCNIjhQOBYugbToM7lryCG9N4PG2viDk0HzStAQ== X-Received: by 2002:a17:903:28c:b0:245:f2c2:64ed with SMTP id d9443c01a7336-24944a742f8mr246651795ad.24.1756999071370; Thu, 04 Sep 2025 08:17:51 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:89a7:8cc5:2043:ebe6]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-24b0637d948sm84720845ad.30.2025.09.04.08.17.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Sep 2025 08:17:51 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 1/6] binutils: patch CVE-2025-8225 Date: Thu, 4 Sep 2025 08:17:39 -0700 Message-ID: <3d79514f90a6f731a5333417641500b8e52e410a.1756998900.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Sep 2025 15:17:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222949 From: Peter Marko Pick commit [1] mentioned in [2]. [1] https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-8225 Testsuite did not show any changes in results: === binutils Summary === # of expected passes 310 # of unexpected failures 1 # of untested testcases 1 # of unsupported tests 9 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.44.inc | 1 + .../binutils/0019-CVE-2025-8225.patch | 41 +++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.44.inc b/meta/recipes-devtools/binutils/binutils-2.44.inc index 5ee82fa0e5..a217d07e8c 100644 --- a/meta/recipes-devtools/binutils/binutils-2.44.inc +++ b/meta/recipes-devtools/binutils/binutils-2.44.inc @@ -46,6 +46,7 @@ SRC_URI = "\ file://0018-CVE-2025-5245.patch \ file://0019-CVE-2025-7545.patch \ file://0018-CVE-2025-7546.patch \ + file://0019-CVE-2025-8225.patch \ file://0020-Fix-for-borken-symlinks.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch new file mode 100644 index 0000000000..43bc4c56d8 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-8225.patch @@ -0,0 +1,41 @@ +From e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 19 Feb 2025 22:45:29 +1030 +Subject: [PATCH] binutils/dwarf.c debug_information leak + +It is possible with fuzzed files to have num_debug_info_entries zero +after allocating space for debug_information, leading to multiple +allocations. + + * dwarf.c (process_debug_info): Don't test num_debug_info_entries + to determine whether debug_information has been allocated, + test alloc_num_debug_info_entries. + +CVE: CVE-2025-8225 +Upstream-Status: Backport [https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4] +Signed-off-by: Peter Marko +--- + binutils/dwarf.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 8e004cea839..bfbf83ec9f4 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -3807,13 +3807,11 @@ process_debug_info (struct dwarf_section * section, + } + + if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) +- && num_debug_info_entries == 0 +- && ! do_types) ++ && alloc_num_debug_info_entries == 0 ++ && !do_types) + { +- + /* Then allocate an array to hold the information. */ +- debug_information = (debug_info *) cmalloc (num_units, +- sizeof (* debug_information)); ++ debug_information = cmalloc (num_units, sizeof (*debug_information)); + if (debug_information == NULL) + { + error (_("Not enough memory for a debug info array of %u entries\n"), From patchwork Thu Sep 4 15:17:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 69670 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D92BDCA1002 for ; Thu, 4 Sep 2025 15:18:04 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web11.848.1756999074832214492 for ; Thu, 04 Sep 2025 08:17:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=w/OP5kRj; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-7728a8862ccso1264776b3a.0 for ; Thu, 04 Sep 2025 08:17:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1756999074; x=1757603874; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WHXBDz9nALFfEXAyLlmwq8RBfxqj8WGqn8eZRZS2XUM=; b=w/OP5kRjmCcdtsUl/qGDgQaUSzv4Nm6OYEUazBvBrlH7K11EJbihVMBfcbC7y2vbsK lwuV3kBbBkIPOiWN6sDecDFOrSxlZ8aelC+ARAd400hkbjw5RWAmbXCfI4TVvUecQb9S 98axx91j+OQuR2H6hzUxw58Aysst20gpynWPe/ifnqkre6RNWfUR0eI1kbuQdmEr6IoC cCdPbtXIXkWZyjj4d7krbzpH1DRNaiXFShOM4Bmk8nY9odeVtuqIk8J9J2/wmH/3C+Tx f5SfOV2ci2w2lBxjfJoZYX4Cs4HO7g5NFo29s9miH9abCEclsBGos+dJo0tPXJLJ5A8Z ErGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756999074; x=1757603874; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WHXBDz9nALFfEXAyLlmwq8RBfxqj8WGqn8eZRZS2XUM=; b=X5C7B7zFCCHf2J107pUKqqwWqElGlCfusZz9GuAREOz/LJkctCjxoDitfvGl82bJKT WnIRyBiiVViXMV/xHedBioledNmZIPSEi2CJwPY7NtrYD1SBr2kSYQdOglgp0nA0rlbV 1T0XqH33erV/z209x1lD64ZSmFhWNpyRbyOT7sRl8PRlIljRuYVu4ryTwo5ZUaDBUgue ODZy7FH4vNhi470cbyZouh/xDSpRaAzxZ01fKGU6kctB/ZE0VHAmmI1R075s5LxbmkR8 eLRFBffE1z2t2kUUugKE4E89sNzOkL5jDibMpLL9d1gMcaIiEy7GWkTk9rZGGse+RpAX F9Pg== X-Gm-Message-State: AOJu0Yy9qTQ9hTiu7zWRswd/dCDzSl5sLlNpHKVC3Zb4CErlOU9ZsAMn NLiqGBLhmg7Ygvq6zCBPBifTu3FxRvavZQpFgpNAsWcBjTdF0OKtv3BwqhPWA+JczcYAawP4dXM RwPcr X-Gm-Gg: ASbGncsY71cOdkU8MNIkfWdpveLO/jhLOnAD7+i2vSGr0AYYMdiyS91+MVY2C/GvR/H vGbJwOyCqaeaUoPXJnOKPTUvFXwONITFMZ4vKoZPtuIbouQlNPNrEt+KbynLWcv3Bt8hV0aTVkZ iM9qbiBoyTZzvVMQIpufsfIg2If+nQE247NibM1+jppyATT4RyFrykttcQj9kNMwDtRh0j2ElRl sZCaRcu7Lq2rMD2cDJxW6N6YJ9b6XnFFOmWq/hdOhRKO1EUAvDmbD8PJahQOKmtY20SRwWIfD6a MCbd4eWnFz5zMc5xKeNLjQDwuD2jR9MtJTGZTLdfTtVsXVNO8Qpr9Pcp7Abc5T8kXvYKtK9ZuEg queY0fv1qDIVg7g== X-Google-Smtp-Source: AGHT+IE8vzW7Xs8cMjoHlHH3d2qb58JKRBH7EU3tuuVeH9j0yW5A6zNQvtfkpmpzi/P06SNi6oPTkg== X-Received: by 2002:a17:902:e80d:b0:246:571:4b51 with SMTP id d9443c01a7336-24944b38b8dmr294767385ad.29.1756999073479; Thu, 04 Sep 2025 08:17:53 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:89a7:8cc5:2043:ebe6]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-24b0637d948sm84720845ad.30.2025.09.04.08.17.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Sep 2025 08:17:52 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 2/6] tiff: Security fix for CVE-2024-13978, CVE-2025-8176, CVE-2025-8177 Date: Thu, 4 Sep 2025 08:17:40 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Sep 2025 15:18:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222950 From: Siddharth Doshi Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/7be20ccaab97455f192de0ac561ceda7cd9e12d1, https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4, https://gitlab.com/libtiff/libtiff/-/commit/3994cf3b3bc6b54c32f240ca5a412cffa11633fa, https://gitlab.com/libtiff/libtiff/-/commit/ce46f002eca4148497363f80fab33f9396bcbeda, https://gitlab.com/libtiff/libtiff/-/commit/ecc4ddbf1f0fed7957d1e20361e37f01907898e0, https://gitlab.com/libtiff/libtiff/-/commit/75d8eca6f106c01aadf76b8500a7d062b12f2d82, https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22] CVE's Fixed: CVE-2024-13978 libtiff: LibTIFF Null Pointer Dereference CVE-2025-8176 libtiff: LibTIFF Use-After-Free Vulnerability CVE-2025-8177 libtiff: LibTIFF Buffer Overflow (From OE-Core rev: 16d8a873c57b174e4d6581b58d890f2157aa2f2c) Signed-off-by: Siddharth Doshi Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie Signed-off-by: Yogita Urade Signed-off-by: Steve Sakoman --- .../libtiff/tiff/CVE-2024-13978_1.patch | 77 +++++++++++++++++++ .../libtiff/tiff/CVE-2024-13978_2.patch | 45 +++++++++++ .../libtiff/tiff/CVE-2025-8176_1.patch | 61 +++++++++++++++ .../libtiff/tiff/CVE-2025-8176_2.patch | 31 ++++++++ .../libtiff/tiff/CVE-2025-8176_3.patch | 28 +++++++ .../libtiff/tiff/CVE-2025-8177_1.patch | 36 +++++++++ .../libtiff/tiff/CVE-2025-8177_2.patch | 29 +++++++ meta/recipes-multimedia/libtiff/tiff_4.7.0.bb | 10 ++- 8 files changed, 316 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_1.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_2.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_1.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_2.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_3.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_1.patch create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_2.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_1.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_1.patch new file mode 100644 index 0000000000..8bb7cf280d --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_1.patch @@ -0,0 +1,77 @@ +From 6dd7006103f9612fbd22e9c7c1b93d16691370a4 Mon Sep 17 00:00:00 2001 +From: Lee Howard +Date: Fri, 27 Sep 2024 11:21:57 -0700 +Subject: [PATCH 1/7] Fix issue #649 in fax2ps caused by regression in commit + https://gitlab.com/libtiff/libtiff/-/commit/28c38d648b64a66c3218778c4745225fe3e3a06d + where TIFFTAG_FAXFILLFUNC is being used rather than an output buffer. + +CVE: CVE-2024-13978 +Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/7be20ccaab97455f192de0ac561ceda7cd9e12d1] +Signed-off-by: Siddharth Doshi +--- + libtiff/tif_read.c | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +diff --git a/libtiff/tif_read.c b/libtiff/tif_read.c +index 7efab59..964f119 100644 +--- a/libtiff/tif_read.c ++++ b/libtiff/tif_read.c +@@ -466,7 +466,9 @@ int TIFFReadScanline(TIFF *tif, void *buf, uint32_t row, uint16_t sample) + } + else + { +- memset(buf, 0, (size_t)tif->tif_scanlinesize); ++ /* See TIFFReadEncodedStrip comment regarding TIFFTAG_FAXFILLFUNC. */ ++ if (buf) ++ memset(buf, 0, (size_t)tif->tif_scanlinesize); + } + return (e > 0 ? 1 : -1); + } +@@ -554,7 +556,10 @@ tmsize_t TIFFReadEncodedStrip(TIFF *tif, uint32_t strip, void *buf, + stripsize = size; + if (!TIFFFillStrip(tif, strip)) + { +- memset(buf, 0, (size_t)stripsize); ++ /* The output buf may be NULL, in particular if TIFFTAG_FAXFILLFUNC ++ is being used. Thus, memset must be conditional on buf not NULL. */ ++ if (buf) ++ memset(buf, 0, (size_t)stripsize); + return ((tmsize_t)(-1)); + } + if ((*tif->tif_decodestrip)(tif, buf, stripsize, plane) <= 0) +@@ -976,7 +981,9 @@ tmsize_t TIFFReadEncodedTile(TIFF *tif, uint32_t tile, void *buf, tmsize_t size) + size = tilesize; + if (!TIFFFillTile(tif, tile)) + { +- memset(buf, 0, (size_t)size); ++ /* See TIFFReadEncodedStrip comment regarding TIFFTAG_FAXFILLFUNC. */ ++ if (buf) ++ memset(buf, 0, (size_t)size); + return ((tmsize_t)(-1)); + } + else if ((*tif->tif_decodetile)(tif, (uint8_t *)buf, size, +@@ -1569,7 +1576,9 @@ int TIFFReadFromUserBuffer(TIFF *tif, uint32_t strile, void *inbuf, + if (!TIFFStartTile(tif, strile)) + { + ret = 0; +- memset(outbuf, 0, (size_t)outsize); ++ /* See related TIFFReadEncodedStrip comment. */ ++ if (outbuf) ++ memset(outbuf, 0, (size_t)outsize); + } + else if (!(*tif->tif_decodetile)( + tif, (uint8_t *)outbuf, outsize, +@@ -1596,7 +1605,9 @@ int TIFFReadFromUserBuffer(TIFF *tif, uint32_t strile, void *inbuf, + if (!TIFFStartStrip(tif, strile)) + { + ret = 0; +- memset(outbuf, 0, (size_t)outsize); ++ /* See related TIFFReadEncodedStrip comment. */ ++ if (outbuf) ++ memset(outbuf, 0, (size_t)outsize); + } + else if (!(*tif->tif_decodestrip)( + tif, (uint8_t *)outbuf, outsize, +-- +2.47.3 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_2.patch new file mode 100644 index 0000000000..a022fd41e2 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2024-13978_2.patch @@ -0,0 +1,45 @@ +From a80b9eb70a8137e2571b2f32bd05d1a22a5603c4 Mon Sep 17 00:00:00 2001 +From: Lee Howard +Date: Sat, 5 Oct 2024 09:45:30 -0700 +Subject: [PATCH 2/7] Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH for valid + input, addresses issue #650 + +CVE: CVE-2024-13978 +Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4] +Signed-off-by: Siddharth Doshi +--- + tools/tiff2pdf.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c +index 6dfc239..2010fee 100644 +--- a/tools/tiff2pdf.c ++++ b/tools/tiff2pdf.c +@@ -1371,8 +1371,24 @@ void t2p_read_tiff_init(T2P *t2p, TIFF *input) + t2p->pdf_xrefcount += (t2p->tiff_tiles[i].tiles_tilecount - 1) * 2; + TIFFGetField(input, TIFFTAG_TILEWIDTH, + &(t2p->tiff_tiles[i].tiles_tilewidth)); ++ if (t2p->tiff_tiles[i].tiles_tilewidth < 1) ++ { ++ TIFFError(TIFF2PDF_MODULE, "Invalid tile width (%d), %s", ++ t2p->tiff_tiles[i].tiles_tilewidth, ++ TIFFFileName(input)); ++ t2p->t2p_error = T2P_ERR_ERROR; ++ return; ++ } + TIFFGetField(input, TIFFTAG_TILELENGTH, + &(t2p->tiff_tiles[i].tiles_tilelength)); ++ if (t2p->tiff_tiles[i].tiles_tilelength < 1) ++ { ++ TIFFError(TIFF2PDF_MODULE, "Invalid tile length (%d), %s", ++ t2p->tiff_tiles[i].tiles_tilelength, ++ TIFFFileName(input)); ++ t2p->t2p_error = T2P_ERR_ERROR; ++ return; ++ } + t2p->tiff_tiles[i].tiles_tiles = (T2P_TILE *)_TIFFmalloc( + TIFFSafeMultiply(tmsize_t, t2p->tiff_tiles[i].tiles_tilecount, + sizeof(T2P_TILE))); +-- +2.47.3 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_1.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_1.patch new file mode 100644 index 0000000000..14d3cb445e --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_1.patch @@ -0,0 +1,61 @@ +From ed35364de1e3ad444e6f954514ee68eb9be496d2 Mon Sep 17 00:00:00 2001 +From: Lee Howard +Date: Mon, 19 May 2025 10:53:30 -0700 +Subject: [PATCH 3/7] Don't skip the first line of the input image. Addresses + issue #703 + +CVE: CVE-2025-8176 +Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/3994cf3b3bc6b54c32f240ca5a412cffa11633fa] +Signed-off-by: Siddharth Doshi +--- + tools/tiffdither.c | 4 ++-- + tools/tiffmedian.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tools/tiffdither.c b/tools/tiffdither.c +index 714fe03..bfed6df 100644 +--- a/tools/tiffdither.c ++++ b/tools/tiffdither.c +@@ -98,7 +98,7 @@ static int fsdither(TIFF *in, TIFF *out) + nextptr = nextline; + for (j = 0; j < imagewidth; ++j) + *nextptr++ = *inptr++; +- for (i = 1; i < imagelength; ++i) ++ for (i = 0; i < imagelength; ++i) + { + tmpptr = thisline; + thisline = nextline; +@@ -146,7 +146,7 @@ static int fsdither(TIFF *in, TIFF *out) + nextptr[0] += v / 16; + } + } +- if (TIFFWriteScanline(out, outline, i - 1, 0) < 0) ++ if (TIFFWriteScanline(out, outline, i, 0) < 0) + goto skip_on_error; + } + goto exit_label; +diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c +index 02b0bc2..f6cf26c 100644 +--- a/tools/tiffmedian.c ++++ b/tools/tiffmedian.c +@@ -917,7 +917,7 @@ static void quant_fsdither(TIFF *in, TIFF *out) + outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); + + GetInputLine(in, 0, goto bad); /* get first line */ +- for (i = 1; i <= imagelength; ++i) ++ for (i = 0; i <= imagelength; ++i) + { + SWAP(short *, thisline, nextline); + lastline = (i >= imax); +@@ -997,7 +997,7 @@ static void quant_fsdither(TIFF *in, TIFF *out) + nextptr += 3; + } + } +- if (TIFFWriteScanline(out, outline, i - 1, 0) < 0) ++ if (TIFFWriteScanline(out, outline, i, 0) < 0) + break; + } + bad: +-- +2.47.3 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_2.patch new file mode 100644 index 0000000000..74cf5ae277 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_2.patch @@ -0,0 +1,31 @@ +From c090daf37e7f2ad09ec7e9cfabd1c5fde3dee6eb Mon Sep 17 00:00:00 2001 +From: Lee Howard +Date: Sat, 24 May 2025 21:25:16 -0700 +Subject: [PATCH 4/7] Fix tiffmedian bug #707 + +CVE: CVE-2025-8176 +Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/ce46f002eca4148497363f80fab33f9396bcbeda] +Signed-off-by: Siddharth Doshi +--- + tools/tiffmedian.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c +index f6cf26c..8c9978b 100644 +--- a/tools/tiffmedian.c ++++ b/tools/tiffmedian.c +@@ -414,7 +414,10 @@ static void get_histogram(TIFF *in, Colorbox *box) + for (i = 0; i < imagelength; i++) + { + if (TIFFReadScanline(in, inputline, i, 0) <= 0) +- break; ++ { ++ fprintf(stderr, "Error reading scanline\n"); ++ exit(EXIT_FAILURE); ++ } + inptr = inputline; + for (j = imagewidth; j-- > 0;) + { +-- +2.47.3 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_3.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_3.patch new file mode 100644 index 0000000000..e0f41f8d71 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8176_3.patch @@ -0,0 +1,28 @@ +From bd645550275963797343e8e91a9a8fee318428e0 Mon Sep 17 00:00:00 2001 +From: Lee Howard +Date: Sat, 24 May 2025 21:38:09 -0700 +Subject: [PATCH 5/7] conflict resolution + +CVE: CVE-2025-8176 +Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/ecc4ddbf1f0fed7957d1e20361e37f01907898e0] +Signed-off-by: Siddharth Doshi +--- + tools/tiffmedian.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c +index 8c9978b..47e0524 100644 +--- a/tools/tiffmedian.c ++++ b/tools/tiffmedian.c +@@ -920,7 +920,7 @@ static void quant_fsdither(TIFF *in, TIFF *out) + outline = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); + + GetInputLine(in, 0, goto bad); /* get first line */ +- for (i = 0; i <= imagelength; ++i) ++ for (i = 0; i < imagelength; ++i) + { + SWAP(short *, thisline, nextline); + lastline = (i >= imax); +-- +2.47.3 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_1.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_1.patch new file mode 100644 index 0000000000..9437ffcc20 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_1.patch @@ -0,0 +1,36 @@ +From 01bf5ba7f4a27c5e28ce467a66b13e066556e545 Mon Sep 17 00:00:00 2001 +From: Lee Howard +Date: Thu, 19 Jun 2025 11:51:33 -0700 +Subject: [PATCH 6/7] Fix for thumbnail issue #715 + +CVE: CVE-2025-8177 +Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/75d8eca6f106c01aadf76b8500a7d062b12f2d82] +Signed-off-by: Siddharth Doshi +--- + tools/thumbnail.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/tools/thumbnail.c b/tools/thumbnail.c +index b4cb114..432d172 100644 +--- a/tools/thumbnail.c ++++ b/tools/thumbnail.c +@@ -620,7 +620,15 @@ static void setrow(uint8_t *row, uint32_t nrows, const uint8_t *rows[]) + } + acc += bits[*src & mask1]; + } +- *row++ = cmap[(255 * acc) / area]; ++ if (255 * acc / area < 256) ++ { ++ *row++ = cmap[(255 * acc) / area]; ++ } ++ else ++ { ++ fprintf(stderr, "acc=%d, area=%d\n", acc, area); ++ row++; ++ } + } + } + +-- +2.47.3 + diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_2.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_2.patch new file mode 100644 index 0000000000..356e3ba402 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8177_2.patch @@ -0,0 +1,29 @@ +From c3ad38afb9986b9ddcd7d95367ded152488260cd Mon Sep 17 00:00:00 2001 +From: Lee Howard +Date: Mon, 23 Jun 2025 10:09:07 -0700 +Subject: [PATCH 7/7] set a default value - assumes cmap[0] was not, itself, + uninitialized + +CVE: CVE-2025-8177 +Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/e8c9d6c616b19438695fd829e58ae4fde5bfbc22] +Signed-off-by: Siddharth Doshi +--- + tools/thumbnail.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/thumbnail.c b/tools/thumbnail.c +index 432d172..110ea42 100644 +--- a/tools/thumbnail.c ++++ b/tools/thumbnail.c +@@ -627,7 +627,7 @@ static void setrow(uint8_t *row, uint32_t nrows, const uint8_t *rows[]) + else + { + fprintf(stderr, "acc=%d, area=%d\n", acc, area); +- row++; ++ *row++ = cmap[0]; + } + } + } +-- +2.47.3 + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb index 5a6939d584..26e3811ff8 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb @@ -8,7 +8,15 @@ LIC_FILES_CHKSUM = "file://LICENSE.md;md5=a3e32d664d6db1386b4689c8121531c3" CVE_PRODUCT = "libtiff" -SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz" +SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ + file://CVE-2024-13978_1.patch \ + file://CVE-2024-13978_2.patch \ + file://CVE-2025-8176_1.patch \ + file://CVE-2025-8176_2.patch \ + file://CVE-2025-8176_3.patch \ + file://CVE-2025-8177_1.patch \ + file://CVE-2025-8177_2.patch \ + " SRC_URI[sha256sum] = "67160e3457365ab96c5b3286a0903aa6e78bdc44c4bc737d2e486bcecb6ba976" From patchwork Thu Sep 4 15:17:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 69669 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E0901CA1015 for ; Thu, 4 Sep 2025 15:18:04 +0000 (UTC) Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) by mx.groups.io with SMTP id smtpd.web10.767.1756999077705569522 for ; Thu, 04 Sep 2025 08:17:57 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=aCgIlS2r; spf=softfail (domain: sakoman.com, ip: 209.85.215.169, mailfrom: steve@sakoman.com) Received: by mail-pg1-f169.google.com with SMTP id 41be03b00d2f7-b49c1c130c9so763205a12.0 for ; Thu, 04 Sep 2025 08:17:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1756999077; x=1757603877; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QZzHEivAGm3pfAeeJIvpHtD2wfVRL4gocmM4/xKs2Ko=; b=aCgIlS2rlhPmPjER+Q2rG9z/KOCJb3JkYHNqWF2kRVXk0DsOWC3YUlGGifGA2naddX me9NtCQ7LF2ex3imFpP+CoJ22VONbKR2i7ltfM9rbanl7DB2zYf4IC/r8eeuGypEoHYK cpQqFhTYGBUYYwwQF2grDSRHqL/SnSv1i+QiSbRByAyViUQT+LuRv+C8Jx82yEF5E1L2 JsDvYMn88NeUZSRJzlWA3E51m5yCB5+v9LEUia4V4AFLID1AV7lRIayKn1QP/9gZT2/K d+mvK3TQANAZ1yShq68gCBCfZ/LkBlGzj4qXApEXMvq+7llPzmAGNKDMMUb7UyQahDyt f5jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756999077; x=1757603877; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=QZzHEivAGm3pfAeeJIvpHtD2wfVRL4gocmM4/xKs2Ko=; b=IHn/uVlwHD/vQUIKbUbZ/eeby2M9HNqHFtxZ9zsJ1eVNmNBm7XWYHGRb4PcF0nOfCi XdoTCvBi+67ouStEp98MDYpl4ae0VxqMlVsz0+9q38AoBy3tdiaOO2Ri+lEx4YJTpOG1 AgtUqhDOFuZFp35icBL1gsfqqzt7wE0J+JRbP8fY6f3B4DIazWg3Tlz5k+Pe1+43u0Vy VuDSkqDDT97b4GIR93/V82f+k2DQvnxHLfc1w0nQj8nAIxOPMGJRnZNZK1FkpnlfnqJk fEsv+b6skB6bwkvJ2US7kgJLh0ns2QyRh9jzkfPMFtjGKXmaqEznNJQM0RvYYvaGhYIv oq4w== X-Gm-Message-State: AOJu0YxnD6AOiJeWQPcO9IJ5d1DsFHu9rVSnFr3rgz7NiD9JreDzEzYb 9JPJ47M9ta4PAAZ7tAW7anrcoiPQenpfs0VTb0JKMAkzOO+mIH0X3FpaL2hcFchaVW7ww8JLxjm OD76W X-Gm-Gg: ASbGncudDYbC7zwKJELqgUkr2FN6k/IQmbDzv1vo0tP98wJUIVoujqq7PjZGZbBj3wW ltxnJXoLsVXbvXK66InSTnbcmCovIJJU+AD6Od3QBwZn8PG3IsxwZAJeiUDT6XyyOCItSHLEo6H 8EK2pAmooizn2Q/WLam4XUabaiYNUYWhKtal+T0C2lJwuWa7GDz8ucrsyTVr4bfhVzl9qlCvgtu KEYM5SU10HeyZeOp5j06OlssLPkyDTZPNO5xPBXfJYTWUJmvffeFwfEzQi6e+cwflDwq59vw7V6 mC49pG+5Aw4fJmCatVRcP7vLDVAxjiT24KZIpaQMn2yVlFzppqyiToCymJAGXKxMiL92oIFVxNb 1eUcyPlo5AZXg6g== X-Google-Smtp-Source: AGHT+IFM5C9Lp/cKY77SeAQo9rqrewlRmLl1vq8l2zL8/vUOLxs+3b2oNMG0Tvqipo9cFpPBfO4UPQ== X-Received: by 2002:a17:903:138a:b0:24c:a9c6:d193 with SMTP id d9443c01a7336-24ca9c6d532mr76886895ad.18.1756999076834; Thu, 04 Sep 2025 08:17:56 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:89a7:8cc5:2043:ebe6]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-24b0637d948sm84720845ad.30.2025.09.04.08.17.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Sep 2025 08:17:56 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 3/6] tiff: fix CVE-2025-8534 Date: Thu, 4 Sep 2025 08:17:41 -0700 Message-ID: <6db99609f8aeca660fa01fc9e32008a2e37aae03.1756998900.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Sep 2025 15:18:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222951 From: Yogita Urade A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 6ba36f159fd396ad11bf6b7874554197736ecc8b. It is recommended to apply a patch to fix this issue. One of the maintainers explains, that "[t]his error only occurs if DEFER_STRILE_LOAD (defer-strile-load:BOOL=ON) or TIFFOpen( .. "rD") option is used." Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-8534 Upstream patch: https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b Signed-off-by: Yogita Urade Signed-off-by: Steve Sakoman --- .../libtiff/tiff/CVE-2025-8534.patch | 62 +++++++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.7.0.bb | 1 + 2 files changed, 63 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch new file mode 100644 index 0000000000..b3bc0e0d94 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2025-8534.patch @@ -0,0 +1,62 @@ +From 6ba36f159fd396ad11bf6b7874554197736ecc8b Mon Sep 17 00:00:00 2001 +From: Su_Laus +Date: Sat, 2 Aug 2025 18:55:54 +0200 +Subject: [PATCH] tiff2ps: check return of TIFFGetFiled() for + TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer + dereference. + +Closes #718 + +CVE: CVE-2025-8534 +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b] + +Signed-off-by: Yogita Urade +--- + tools/tiff2ps.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/tools/tiff2ps.c b/tools/tiff2ps.c +index e5425bf..5c54205 100644 +--- a/tools/tiff2ps.c ++++ b/tools/tiff2ps.c +@@ -2432,12 +2432,22 @@ int PS_Lvl2page(FILE *fd, TIFF *tif, uint32_t w, uint32_t h) + if (tiled_image) + { + num_chunks = TIFFNumberOfTiles(tif); +- TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc); ++ if (!TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc)) ++ { ++ TIFFError(filename, ++ "Can't read bytecounts of tiles at PS_Lvl2page()"); ++ return (FALSE); ++ } + } + else + { + num_chunks = TIFFNumberOfStrips(tif); +- TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc); ++ if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc)) ++ { ++ TIFFError(filename, ++ "Can't read bytecounts of strips at PS_Lvl2page()"); ++ return (FALSE); ++ } + } + + if (use_rawdata) +@@ -3107,7 +3117,11 @@ void PSRawDataBW(FILE *fd, TIFF *tif, uint32_t w, uint32_t h) + (void)w; + (void)h; + TIFFGetFieldDefaulted(tif, TIFFTAG_FILLORDER, &fillorder); +- TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc); ++ if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc)) ++ { ++ TIFFError(filename, "Can't read bytecounts of strips at PSRawDataBW()"); ++ return; ++ } + + /* + * Find largest strip: +-- +2.40.0 + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb index 26e3811ff8..2155ac8df4 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb @@ -16,6 +16,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2025-8176_3.patch \ file://CVE-2025-8177_1.patch \ file://CVE-2025-8177_2.patch \ + file://CVE-2025-8534.patch \ " SRC_URI[sha256sum] = "67160e3457365ab96c5b3286a0903aa6e78bdc44c4bc737d2e486bcecb6ba976" From patchwork Thu Sep 4 15:17:42 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 69673 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id ECB6FCA1013 for ; Thu, 4 Sep 2025 15:18:04 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.850.1756999079248255763 for ; Thu, 04 Sep 2025 08:17:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=pUV2fXSq; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-24b1622788dso9394695ad.2 for ; Thu, 04 Sep 2025 08:17:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1756999078; x=1757603878; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=tgHLzrq1myrWk5awnwRgALwZKqLfGNLtLuGNbQPgH5E=; b=pUV2fXSq50VtKiTRsvRYREiKVmgq9r3cjH95kLVIVmNub4WtaEz+impx3LWPLCG4kS 8xuOgDo1Rgfr5VRKK2XyODdvxuXsK3hgnPd5Ql6/uo+Zs2IAhA8nW/y2hIo8gGiKDUXZ yg1XKtgs1yBPzXWUrGODPQN8tYxJPW3uwPP1Tj74dNCiQVR6MCW6/1eNpcQRJJ2ZM5i5 CgWBrJWC/IntcppvEX4lhSJqDBZo7pN13+IGbxHibiPkyuN1CPhLkqxGz6d3n2zqj3Xo MPueknkH1A462RV3SPqnjlpibsXF38a3/latK/nLF9owb3rWruj94WTARHgwLF5skkOz /tBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756999078; x=1757603878; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=tgHLzrq1myrWk5awnwRgALwZKqLfGNLtLuGNbQPgH5E=; b=O2U/PAz2WmF2RHLtx8xMk6JapartGPubiQcvfy/sJ9INyhL4Ho16UtuTLi1X3RfwrN woqspxOk/eLBtdghNjZSbww6lMm1oHg4iiEzya5a/gxwQo1bXTD2YlbeKpypCCHjjha5 QmMpQ+0gBU6qwJdpb+05dPDBMuudfw3nJF0SOEYVaRDKw8SJvjVpq7HCRL1yi+/H6BJ7 Jr7SqrhQBMF4VnTgBib5OS+S0M4Ia9nOIt7PeyPrEUosk6KZ4zLUWQDx4Q55qlmAb4Er K7Rs6bjIHyaIVJYEq1WlK1cxw1S/Zbi9p6EhRWIFn3aBiShNhXr5a3E9vgLrIoQ2rjnx uBBQ== X-Gm-Message-State: AOJu0YyEhSNaiKOJeyq8b739AkXpiuzo3cdz70KV4qJ4dwjiljpqHEu0 ppa6xlDaeDsdfvzbTW5lftOApslu/62KhwzAYnUJHCNgj7C3NAizsxs5CrdKaT2vyFwDBUJCod9 u8npZ X-Gm-Gg: ASbGncu/I4O57KW6kQIdLylOipQzAbdz1XFDe5lRL71FcY+tzkVPTHUSwO3+0wPz+Tr sUawcVFWz3EU/yBmbMJR6p7E6FDt7fcxtEVNNGEskFs8e/vOTqdiu9LYF0Qn59B6eeLgXA92vZ+ 2nCJhwfmPQaxYTbX3yX/4e0BBODtOXOstn4ETqUoVU8a3Ign78m08qiadHCZUAH+q5yS0Nb1l3e fiqLx8hNcwL3jE5JTCQMLDzU9yNRVND+ofnkJ4kA+EijqBzhlewd4fTeOXl+OLSN+79jKcAvUhj UbmcXTE4P62aMMEjpFKD4MKMYj41IirlEAOKmts20HN+DIUItHBKRIdHtXYykDoJ0fXjnLEVJRl JzVHSiBIzabRupBaKsz46p0FR X-Google-Smtp-Source: AGHT+IGgCIUD7M6ECZQJRdzu2jqNZHngkV78W33cvOWUPJjm0QDRw5slIx6w/NP4QNxQsAM3hrQnYQ== X-Received: by 2002:a17:903:2286:b0:24c:cb22:820f with SMTP id d9443c01a7336-24ccb22858emr36280255ad.24.1756999078376; Thu, 04 Sep 2025 08:17:58 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:89a7:8cc5:2043:ebe6]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-24b0637d948sm84720845ad.30.2025.09.04.08.17.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Sep 2025 08:17:58 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 4/6] default-distrovars.inc: Fix CONNECTIVITY_CHECK_URIS redirect issue Date: Thu, 4 Sep 2025 08:17:42 -0700 Message-ID: <894648f4173a8a0e489e720e2b543cd22e39a878.1756998900.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Sep 2025 15:18:04 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222952 From: Deepak Rathore The default CONNECTIVITY_CHECK_URIS uses "https://yoctoproject.org/connectivity.html" which redirect to "https://www.yoctoproject.org/connectivity.html". Some network configurations with proxies or restricted internet access don't handle HTTP redirects properly during the sanity check phase, causing build failures with: ERROR: OE-core's config sanity checker detected a potential misconfiguration. Either fix the cause of this error or at your own risk disable the checker (see sanity.conf). Following is the list of potential problems / advisories: Fetcher failure for URL: 'https://yoctoproject.org/connectivity.html'. URL doesn't work. Updated the default URL to use the final destination directly to avoid redirect-related connectivity check failures. Also updated SDK test cases in https.py to use the corrected URL for consistency. Signed-off-by: Deepak Rathore Signed-off-by: Richard Purdie (cherry picked from commit 60cdf960a3560f391babd559737f1afb31fb2c5c) Signed-off-by: Deepak Rathore Signed-off-by: Steve Sakoman --- meta/conf/distro/include/default-distrovars.inc | 2 +- meta/lib/oeqa/sdk/buildtools-cases/https.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/conf/distro/include/default-distrovars.inc b/meta/conf/distro/include/default-distrovars.inc index 85835c4c61..1eb39316cc 100644 --- a/meta/conf/distro/include/default-distrovars.inc +++ b/meta/conf/distro/include/default-distrovars.inc @@ -62,4 +62,4 @@ KERNEL_IMAGETYPES ??= "${KERNEL_IMAGETYPE}" # fetch from the network (and warn you if not). To disable the test set # the variable to be empty. # Git example url: git://git.yoctoproject.org/yocto-firewall-test;protocol=git;rev=master;branch=master -CONNECTIVITY_CHECK_URIS ?= "https://yoctoproject.org/connectivity.html" +CONNECTIVITY_CHECK_URIS ?= "https://www.yoctoproject.org/connectivity.html" diff --git a/meta/lib/oeqa/sdk/buildtools-cases/https.py b/meta/lib/oeqa/sdk/buildtools-cases/https.py index 4525e3d758..98f27e5994 100644 --- a/meta/lib/oeqa/sdk/buildtools-cases/https.py +++ b/meta/lib/oeqa/sdk/buildtools-cases/https.py @@ -15,8 +15,8 @@ class HTTPTests(OESDKTestCase): """ def test_wget(self): - self._run('env -i wget --debug --output-document /dev/null https://yoctoproject.org/connectivity.html') + self._run('env -i wget --debug --output-document /dev/null https://www.yoctoproject.org/connectivity.html') def test_python(self): # urlopen() returns a file-like object on success and throws an exception otherwise - self._run('python3 -c \'import urllib.request; urllib.request.urlopen("https://yoctoproject.org/connectivity.html")\'') + self._run('python3 -c \'import urllib.request; urllib.request.urlopen("https://www.yoctoproject.org/connectivity.html")\'') From patchwork Thu Sep 4 15:17:43 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 69672 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01526CA101F for ; Thu, 4 Sep 2025 15:18:05 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web11.853.1756999083513915089 for ; Thu, 04 Sep 2025 08:18:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=vW7O1N19; spf=softfail (domain: sakoman.com, ip: 209.85.215.172, mailfrom: steve@sakoman.com) Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-b47475cf8ecso740428a12.0 for ; Thu, 04 Sep 2025 08:18:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1756999083; x=1757603883; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TOKWfioBrYlsu2Fr+QGWpPQdBjZvkou8bzLrEiSM6Yc=; b=vW7O1N19DAgixnjvfb/YhXu6thjgDgknCpHS8AFLLIezJa8UZ3N4ITM10orc8O9lh4 JOgFhIGIPo6Dq4thV8mwoBzkLPG4e8b1paO4ukQUOO4YHmJQNDM0zJp4+Mlz12gS0w// k2WjFLn0vovaZ7oC2Khm2aN3wfWBGsq2sO8mo6fpLBCTfdK60IwdXfH3b8jF2QB71Kpm qaASNWRVwBcAIaRNcA76hEXcWOcluby9nE34U4Sw9BzkHoSCLzQZ+I1UA/RbsocvlJgJ TeOsSVR0P41aSW6icGrTa4Eq5BZjIFp2g4Fshvl2EDfCo7nQAQ+13QxQwA5lZXA3geQE HRpg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756999083; x=1757603883; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TOKWfioBrYlsu2Fr+QGWpPQdBjZvkou8bzLrEiSM6Yc=; b=HFg3tHjNuPGOUrmYP6rThyGdfcJjujfqpoeeesvZJdkHev0jN1rMiRSZCdegrvreUZ Ebwqv1LiHAATOXm9gTx01EBepAKeeiGmUpaAnQpb5dMMIh9Isiy3ri8DQglZ5v2IC/yW v52//zz9nOlEBB+iANTuMGjJarYX0Qa3Gw4h327OzMrhsRjxS815zSRlv34vTzz81s6R XRBtDuTPa8E9e9PuKWuX8XfPN+612JLBkUlbPsbayYCYas9xibUZGFi6c4TLGp+S/i36 K75bNrMO0HYIfhycU1UnFzBQCNO5Db3l8kRBOsfAIy2UNJ+XN3QXR9wPbXw4X8pu3U+i m4HQ== X-Gm-Message-State: AOJu0Ywm20YpQzXBhMnM3fWPi8AJGU+3V5jxQztIMGD+f0NBqvZup6qC GomNX8WJxEGbh0DAxOAKc7D2qYZIc50k16riaw5Mw8BUnNNNiKRpn8DHbWtPfqZLtleKv2r8ktK zbNSz X-Gm-Gg: ASbGncsroYZ4WSGv/HV+MyQdTRyAPwtgwCT7R3mAJqh/smgBKmkkvMbBw2kmjXu0pYf h+3P06UPBV0sSIUjAWFiHul0mU/V/AjkTTrM5qwjb2kv1xpf1ZPGmhxcPHXHmzczCGYHJNNqnzm qAmiGMpGAKPXLaI7HfRefglwZexQlLI/smd/GiXngTJzVKDnJVR/tT3g0SC7Qn2nm5mtKWEomDR fTcSuT6jMVmo1g0awC4xIdxdHVMSvuqXQOkYjkCXfQzczY3S0qKatKJflH0kPeCKWvJYIvdIgyg sv1Rjw2fYnIQkHUwJc4yr1Ob2w7Na6cDwDfyboBzZcXbFK67mmuYo5gAa0BMg4u9t94pwqOhngx q9j3iIaXBAa+4vg== X-Google-Smtp-Source: AGHT+IEpzo9SjRlPpJeZoNkjPpCv1QGmb6p9Udu3cW8NERq/hg5f+KZEZyHtSALPZyZH5fCChx8B+w== X-Received: by 2002:a17:903:2a8d:b0:246:e1b6:f9b0 with SMTP id d9443c01a7336-249448f2573mr283973025ad.18.1756999080260; Thu, 04 Sep 2025 08:18:00 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:89a7:8cc5:2043:ebe6]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-24b0637d948sm84720845ad.30.2025.09.04.08.17.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Sep 2025 08:17:59 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 5/6] pulseaudio: Add audio group explicitly Date: Thu, 4 Sep 2025 08:17:43 -0700 Message-ID: <4fc918da4667eebbbdae3def8c38209a3d650f97.1756998900.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Sep 2025 15:18:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222953 From: Kyungjik Min Since pulseaudio-server requires the audio group, we explicitly add it. When use useradd-staticids or do not use the default group in base-passwd, an error will occur because the audio group is not defined. NOTE: pulseaudio: Performing useradd with [--root TOPDIR/tmp/work/cortexa72-poky-linux/pulseaudio/17.0/recipe-sysroot --home-dir /var/run/pulse --gid 998 --groups audio,pulse --no-create-home --system --shell /bin/false --uid 998 pulse] useradd: group 'audio' does not exist ERROR: pulseaudio: useradd command did not succeed. Signed-off-by: Kyungjik Min Signed-off-by: Steve Sakoman --- meta-selftest/files/static-group | 1 + meta/recipes-multimedia/pulseaudio/pulseaudio.inc | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-selftest/files/static-group b/meta-selftest/files/static-group index 441123e2c5..252fdac67d 100644 --- a/meta-selftest/files/static-group +++ b/meta-selftest/files/static-group @@ -28,3 +28,4 @@ sgx:x:528: ptest:x:529: xuser:x:530: seat:x:531: +audio:x:532: diff --git a/meta/recipes-multimedia/pulseaudio/pulseaudio.inc b/meta/recipes-multimedia/pulseaudio/pulseaudio.inc index 18c12ede63..4708145bb9 100644 --- a/meta/recipes-multimedia/pulseaudio/pulseaudio.inc +++ b/meta/recipes-multimedia/pulseaudio/pulseaudio.inc @@ -147,7 +147,7 @@ do_install:append() { } USERADD_PACKAGES = "pulseaudio-server" -GROUPADD_PARAM:pulseaudio-server = "--system pulse" +GROUPADD_PARAM:pulseaudio-server = "--system audio; --system pulse" USERADD_PARAM:pulseaudio-server = "--system --home /var/run/pulse \ --no-create-home --shell /bin/false \ --groups audio,pulse --gid pulse pulse" From patchwork Thu Sep 4 15:17:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 69671 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0C08CCA101C for ; Thu, 4 Sep 2025 15:18:05 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web10.772.1756999083769602581 for ; Thu, 04 Sep 2025 08:18:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=lMB4FVVX; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d9443c01a7336-24b2de2e427so9014565ad.2 for ; Thu, 04 Sep 2025 08:18:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1756999083; x=1757603883; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=B2uXjpdHt3T88LnX9ycIqyQgE7EIw5NZ8paeebpFoLw=; b=lMB4FVVXdzP7TyV74pTA6FMaXwVUiewPNaeOymkjHPLrx30thxl+W/CPac+HowrPjy X4uu6BketMmB6jzv1fDRzu9eOf0yRwj1xUUwW7YvvFuzWl4iiKaBsSuZoWZPwTOuAcmp q6wLvOqlQWGqFcr9ulETDAbdnTH7ocMo2LqZHojXYxpaA6hPtwb+Z+kTbldzlSCOCHch 2bOojk1Jw34gpd7VwvFpdG0fiq0dXsG+HbXCjZ6HQ/GtuMtKTlum0GfwlF2SE6D0EJX7 hpT8I9DYdFcXAm+2K1EQQDMxb/tFwK+n3MbvgGOstbX0TvPIqmkeD/Rxcl4TYJr4kU75 b6vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756999083; x=1757603883; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=B2uXjpdHt3T88LnX9ycIqyQgE7EIw5NZ8paeebpFoLw=; b=lwXDnrNHQmcRPogPKtpmUZBkaPZ/fzg+gmMC2nkX4Re5xMSuYJO+1vyBQBSz4gUBxZ IL6/14Pi3ZVIlVDlbLXQ3leUgEo0+ecHB6DVaGKjNwczJo/aSZI/u9P4gib1Z9aVkdii jFkwaCSEJ2dMyei4Y/qStXmYIg0UulPmpQ9ogCDR5dWj35Rr7QfWOb8WERgIKuCx5m82 P3u6LiuusBzd9vhZIkpu78DsTFrawUoJbBsiE9WEhVDqs1EG3Dgk3aXEm9PPNtKKAcj2 8MakKrmX7zM1yjRSHH5LWdjnd7F7+1HnT+sP80gQDUG5tpxh3ns2WSQCXsWDV0QQ/RxG OU+w== X-Gm-Message-State: AOJu0YwaCv8omahrFml5GHGctITwxBUH8p9NPYJqsSUuOs1Lo2BhOPM0 iSMe+zMGqRvcDUwRdjZjgTgfMCHzTajthX4o5+Y3dpymRzLQ6F0ExB2V4TkCBVKiD4Zgdk+Vpft Ksw3f X-Gm-Gg: ASbGncskaQXuz0kImK0vZadtCgtWh7qxYKdsdg3axrFSUwcfcAfwaG7sW8tB+ib4/5t rSBTxgRpjH3ZDx6pvR/fDh6qA/aYylOZpBDeJTUyuhLJ/Le+RzhGLTbhnDMMwj91hHJoWxhMHG9 09kfNgZlWh+0xZZMpEcfRxDVfrdA89xQtOvWxdNVAUNkQYnJLIdijZU5k3cde3rWwF/GgQqpaDt U90HgUkZEAGtn8Bt3cxor6b9oXMCufhjnTSRzKqLurWBJgRE7nbmCt3n52pw3r2SAOkAqvz90bt APTO1oQL1FD6IZpn73DbLQf1JfoL122RGpepx5sJuNwUrwi9MO/+wxm8dEo4VVcwHLt+s89tve2 STvy8DlbIdMtBCil0e05MIGPs X-Google-Smtp-Source: AGHT+IE0h3H4y3EpROzuXzEqBa4QsN4+zA2S2W5F4vFGKsvYsmVDvfp8M5NPH/QkmryOsQV4R7Ao5g== X-Received: by 2002:a17:903:b10:b0:248:a18e:200a with SMTP id d9443c01a7336-2494485d6f8mr216942935ad.10.1756999082908; Thu, 04 Sep 2025 08:18:02 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:89a7:8cc5:2043:ebe6]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-24b0637d948sm84720845ad.30.2025.09.04.08.18.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Sep 2025 08:18:02 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 6/6] rust-target-config: Add has-thread-local option Date: Thu, 4 Sep 2025 08:17:44 -0700 Message-ID: <575a4316f661392eb73d1d97300511e2bca24ada.1756998900.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 04 Sep 2025 15:18:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222954 From: Per x Johansson The "has-elf-tls" option was removed by the commit 8e1614a906086fb46c5dd7b7f2dffab91194165c. However is should have been renamed to "has-thread-local", since it was renamed and not removed in rust by this commit. https://github.com/rust-lang/rust/commit/391332c5d9d5a5e97a0d36e011a87ad43045cfd3 Signed-off-by: Per x Johansson Signed-off-by: Peter Kjellerstedt Signed-off-by: Steve Sakoman --- meta/classes-recipe/rust-target-config.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes-recipe/rust-target-config.bbclass b/meta/classes-recipe/rust-target-config.bbclass index 67aaa56bac..bdc1e23501 100644 --- a/meta/classes-recipe/rust-target-config.bbclass +++ b/meta/classes-recipe/rust-target-config.bbclass @@ -396,6 +396,7 @@ def rust_gen_target(d, thing, wd, arch): tspec['linker-is-gnu'] = True tspec['linker-flavor'] = "gcc" tspec['has-rpath'] = True + tspec['has-thread-local'] = True tspec['position-independent-executables'] = True tspec['panic-strategy'] = d.getVar("RUST_PANIC_STRATEGY")