From patchwork Tue Oct 14 23:32:12 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72335
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1E9B4CCD190
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:32:58 +0000 (UTC)
Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com
 [209.85.214.175])
 by mx.groups.io with SMTP id smtpd.web10.3468.1760484772388078396
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:32:52 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=EdpuwFMD;
 spf=pass (domain: gmail.com, ip: 209.85.214.175,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pl1-f175.google.com with SMTP id
 d9443c01a7336-27c369f8986so54117685ad.3
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:32:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484772; x=1761089572;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=dfSba3QntZwva3rBV3aLv7uR32+1ejhntNnWxQzS4rk=;
        b=EdpuwFMDUJ8c3NSLFMHRLKEYX4f/KiZG91FouA/Yr0en9NbiybJQkhLGLYfOZJY4Gz
         BjJsie1VtCYF4z7E7yHRCll2o+MQjkTL563qLOW3twg2iw0pIaIvD4uUKtI9rxVLeZEB
         Oeq+KlMO058TFiOTsbVDPhO9SQucxW7yRuuDPWIichh7tbN/hlJJ7zRWEqYk4A9yN3UR
         B0nloCnorQC1fn4c0WEeEGbvXbUkmDfcV5imzzdLGoctJGaSC7mqJQxXYTgfIFxsfIDK
         ZifVvR7tn7AzTfDPtX7/lixxLmRkXylIUq49yC3W/7JXRHUkcSvZ5/kD/ya67SkOZyK2
         179Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484772; x=1761089572;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=dfSba3QntZwva3rBV3aLv7uR32+1ejhntNnWxQzS4rk=;
        b=eT1kvJh3Xy3ajAObwxOe1xoznLtPa9YDonwM7Iv309N4VYBcjM90qytbAcMt3cuM0z
         LXwCVqMNj1BtlfMYITZ4eTBRN+SKUWSOnpsd0z2EItV/qzlCMGDCLf+TpMHZTlxynw9Y
         cCnUPbZBHxZE011XPbkWZstKCViSjbNq11CPsBlPROlAqkU2OyM6YOrXz88fnKMJoBmA
         Z5pfPXfxTC6+bFWU4MZ9PxD6Rgvezd3zO5rxc8NGpm/leO54yhsrj/OtXV8nYWf6C/vR
         ++zWBNWuOp/HxYjiEV+lcmJuXe3t/dgXj91fgrnxECuczt1K6dtclLEj3eGYebfxkW4c
         XWYQ==
X-Gm-Message-State: AOJu0YxEN3sAP6PSmK9YsmPYGtkvsN9IecuAOMfMpHAIVA9xE/Z1H2e7
	OIYJID9M+wfRH7TzuI22Y58qZDkYWQXFcx0IuOIFeidiuWoYTp54Htyj7b6H7Q==
X-Gm-Gg: ASbGnctEaUNMRYCKfYxysHtot3B2V5HcaSMFKMtCpzbZBnkNNNtkxNO7o/DVXoB3j4Z
	vrtPcuU12Ole6da9vsicVAcAqYDhJqk+e3v9qSe4WhcllUIQUUjaJFCWNxPmXkKPrZrMm1mnpoR
	l70y5tdWsm6yjWidtHlO9Di3FoU/rU5/vnEh4YMM8EsfK40x7UrM0VHs6hd3Y8IS7Xb3MKnwRiu
	+MmfMdIpXQzk49dy8N5jtV+3FGkuZ/+cZXOaDS/Gi+fvayCF7YIVmGwqWIu5iwSEsyx6DPlWihL
	oJHcIPqVo3zXCT+U3ogFrUlSTHil8/31cQEOUo1FhIRFSUCR7l+oVRJwUffK45j2xOsNz1EF0MW
	WYNf7amxZR6VtXSr7HvY7vbgcSYsUSiQsGR8qkZmm1OwYbt1FsJn9JYA=
X-Google-Smtp-Source: 
 AGHT+IHWQAbOyDnxt9Dzdgk9myLb9ySMGroxpr83tTlRcnQBwtoq5RuBPzcFTq122ba7547SrzcRYw==
X-Received: by 2002:a17:903:94f:b0:290:26fb:2b91 with SMTP id
 d9443c01a7336-2902724dc96mr325300815ad.0.1760484771522;
        Tue, 14 Oct 2025 16:32:51 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.32.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:32:51 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>,
	Khem Raj <raj.khem@gmail.com>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 01/18] dash: set CVE_PRODUCT
Date: Wed, 15 Oct 2025 12:32:12 +1300
Message-ID: <20251014233233.304125-2-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:32:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120660

From: Peter Marko <peter.marko@siemens.com>

This removes false positive CVE-2024-21485 from cve reports.

$ sqlite3 nvdcve_2-2.db
sqlite> select * from products where product = 'dash';
CVE-2009-0854|dash|dash|0.5.4|=||
CVE-2024-21485|plotly|dash|||2.13.0|<
CVE-2024-21485|plotly|dash|2.14.0|>=|2.15.0|<

Our dash:dash did not reach major version 1 yet.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1427013e01df44b9275908f7605e8e25fc3fd83)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 meta-oe/recipes-shells/dash/dash_0.5.12.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-shells/dash/dash_0.5.12.bb b/meta-oe/recipes-shells/dash/dash_0.5.12.bb
index 947ef702d7..1bf3625760 100644
--- a/meta-oe/recipes-shells/dash/dash_0.5.12.bb
+++ b/meta-oe/recipes-shells/dash/dash_0.5.12.bb
@@ -10,6 +10,8 @@ inherit autotools update-alternatives
 SRC_URI = "http://gondor.apana.org.au/~herbert/${BPN}/files/${BP}.tar.gz"
 SRC_URI[sha256sum] = "6a474ac46e8b0b32916c4c60df694c82058d3297d8b385b74508030ca4a8f28a"
 
+CVE_PRODUCT = "dash:dash"
+
 EXTRA_OECONF += "--bindir=${base_bindir}"
 
 ALTERNATIVE:${PN} = "sh"

From patchwork Tue Oct 14 23:32:13 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72336
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 20057CCD195
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:32:58 +0000 (UTC)
Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com
 [209.85.215.175])
 by mx.groups.io with SMTP id smtpd.web11.3554.1760484775069504824
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:32:55 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=knSSHqiQ;
 spf=pass (domain: gmail.com, ip: 209.85.215.175,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pg1-f175.google.com with SMTP id
 41be03b00d2f7-b57d93ae3b0so3568357a12.1
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:32:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484774; x=1761089574;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=6rx7t4NzcdExBiTrvoiUq7jOVrojlWBkoXsAZ5mPTlg=;
        b=knSSHqiQXZIYtDmbSxSgI0o+/izh8K02vw1+szQqVl6BY3hZbvbAtygZQVaxPAlb0f
         rQqdIEfLPFgQvFv/R5c6ntDRpUCGmG52+/9pQrVrClWyA+VwVUxyId9fTDHxA1dShl18
         9CZf1LQqZdjXdW6AlU7x4YvrwXjHAu7QozVX+3lj5ALMU6CDcvWRXuSuFtKsbWq/ImmD
         Bs1aUGIWFtJzGomMBLjIALCcMBA7SeTeoIyfRDTzIqaKw4W7hmQ57SZf6YsGncgjNthL
         865MSN4vOX7wPX0DjIS02z+G4k2YJiLx283/4H/AwJqFTaojDXbgsmb5sTE4n9jH8fnw
         JVCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484774; x=1761089574;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=6rx7t4NzcdExBiTrvoiUq7jOVrojlWBkoXsAZ5mPTlg=;
        b=dHOj/n5AbTkUtc7mxgd0Mup4aDbl7SFK5eu7Tt8cVegCxK6XTSRG4qreKSCJdOyKeJ
         vMIOKtgMqnwDrcByEokpVICQjN7Z0TRUlb2i1PGWcyKibEm89lbj3IDNwMed8scoPz5a
         yoOnt17i2i6gb4ugNAQI22cn7cy0J4jDa5sY/NsMF0PT9lJZV8fujtA3uspyGns6Xd+C
         dWcUu4fpDEzTOwrvDBFr2ophGQpCdcfg3yMyfn0adx0wgzyJxxQTAM6cxyWFusqQ1l/e
         Lr6VDDKLuAkkuVocpc5ndgtMN2S5wrEb8hIEuCjVaaIODjkYKMnYmWu+YXI0WkUFeYnv
         PeJg==
X-Gm-Message-State: AOJu0Yx6/LDsWXpd2/UriLO8c3UYpUQrinPHz4m/sHT7uHvsHl2YEBde
	PsRzKeyDmQ+IIuZO3iw0iCOH946Xc/7by0tZeEHYfrBbUohMQDrr3GGbEWUq3A==
X-Gm-Gg: ASbGnctTR2V6KFTkruzpgBtpKHXPmjDb2u5hnrxfCPh1/I2eBoEEU0vzC+SYd0sSniN
	TPAUZy14nYimA2ck5FYmfyJh6bbiZjIsjCXQIYZVtZ9XS0QUcj9h+s1RevSuitDeCojzh/n+pvg
	/Zvmca+XHepL5RhmVahzRhgDTqqOLSCsR+4BmAy1/seQXZV7O35o4NI7DxVn9LIYA8yxhdwb5aL
	RHvGtHexp9elM43yspmuxOudfP5l0EcaPqPe/RA3BAqcXFiQylBZ9BBQPjL2ciTQqyHYXD3m9n9
	iMDOGQopMRy/QIz+vJ9di1NgW/huU3Igkbhe8PzpkNPJqctVzFsA041cyWORoYmBi/xTf28uq5q
	fiGAjLZvAUayQUA9J4DySjeYDXtXDYvHAUZ+A0dboIUc+hf5pwM9TyXjLoM6MNhvstw==
X-Google-Smtp-Source: 
 AGHT+IGSFF5NuE6vBrXsZYmrWNSEBSpD9/mDPYRAVExpBaPanEFs/HPQkvLDadMCXitR4Qj9etTvcw==
X-Received: by 2002:a17:903:1b26:b0:248:e3fb:4dc8 with SMTP id
 d9443c01a7336-290272c045bmr327618445ad.39.1760484773998;
        Tue, 14 Oct 2025 16:32:53 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.32.51
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:32:53 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>,
	Gyorgy Sarvari <skandigraun@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 02/18] libppd: patch
 CVE-2024-47175
Date: Wed, 15 Oct 2025 12:32:13 +1300
Message-ID: <20251014233233.304125-3-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:32:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120661

Details https://nvd.nist.gov/vuln/detail/CVE-2024-47175

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 07330a98cf93806b7a4e0170a541b94962ff3960)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../cups/libppd/0001-CVE-2024-47175.patch     | 600 ++++++++++++++++++
 meta-oe/recipes-printing/cups/libppd_2.0.0.bb |   5 +-
 2 files changed, 604 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-printing/cups/libppd/0001-CVE-2024-47175.patch

diff --git a/meta-oe/recipes-printing/cups/libppd/0001-CVE-2024-47175.patch b/meta-oe/recipes-printing/cups/libppd/0001-CVE-2024-47175.patch
new file mode 100644
index 0000000000..ba9cc683af
--- /dev/null
+++ b/meta-oe/recipes-printing/cups/libppd/0001-CVE-2024-47175.patch
@@ -0,0 +1,600 @@
+From 67a96c1e81bf219a5eefb81b513cf1f44d1a3700 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Thu, 26 Sep 2024 23:12:14 +0200
+Subject: [PATCH] CVE-2024-47175
+
+Prevent PPD generation based on invalid IPP response
+
+Author: Mike Sweet
+Minor fixes: Zdenek Dohnal
+
+CVE: CVE-2024-47175
+Upstream-Status: Backport [https://github.com/OpenPrinting/libppd/commit/d681747ebf12602cb426725eb8ce2753211e2477]
+
+(cherry picked from commit d681747ebf12602cb426725eb8ce2753211e2477)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ ppd/ppd-cache.c     |  17 ++-
+ ppd/ppd-generator.c | 257 ++++++++++++++++++++++++++++----------------
+ 2 files changed, 176 insertions(+), 98 deletions(-)
+
+diff --git a/ppd/ppd-cache.c b/ppd/ppd-cache.c
+index 5aa617c1..747c9ad5 100644
+--- a/ppd/ppd-cache.c
++++ b/ppd/ppd-cache.c
+@@ -1,6 +1,7 @@
+ //
+ // PPD cache implementation for libppd.
+ //
++// Copyright © 2024 by OpenPrinting
+ // Copyright © 2010-2019 by Apple Inc.
+ //
+ // Licensed under Apache License v2.0.  See the file "LICENSE" for more
+@@ -3413,7 +3414,7 @@ ppdCacheGetBin(
+ 
+   //
+   // Range check input...
+- 
++
+ 
+   if (!pc || !output_bin)
+     return (NULL);
+@@ -3914,7 +3915,7 @@ ppdCacheGetPageSize(
+       {
+ 	//
+ 	// Check not only the base size (like "A4") but also variants (like
+-        // "A4.Borderless"). We check only the margins and orientation but do 
++        // "A4.Borderless"). We check only the margins and orientation but do
+ 	// not re-check the size.
+ 	//
+ 
+@@ -4711,7 +4712,7 @@ ppdPwgPpdizeName(const char *ipp,	// I - IPP keyword
+ 	*end;				// End of name buffer
+ 
+ 
+-  if (!ipp)
++  if (!ipp || !_ppd_isalnum(*ipp))
+   {
+     *name = '\0';
+     return;
+@@ -4721,13 +4722,19 @@ ppdPwgPpdizeName(const char *ipp,	// I - IPP keyword
+ 
+   for (ptr = name + 1, end = name + namesize - 1; *ipp && ptr < end;)
+   {
+-    if (*ipp == '-' && _ppd_isalnum(ipp[1]))
++    if (*ipp == '-' && isalnum(ipp[1]))
+     {
+       ipp ++;
+       *ptr++ = (char)toupper(*ipp++ & 255);
+     }
+-    else
++    else if (*ipp == '_' || *ipp == '.' || *ipp == '-' || isalnum(*ipp))
++    {
+       *ptr++ = *ipp++;
++    }
++    else
++    {
++      ipp ++;
++    }
+   }
+ 
+   *ptr = '\0';
+diff --git a/ppd/ppd-generator.c b/ppd/ppd-generator.c
+index a815030b..011e086e 100644
+--- a/ppd/ppd-generator.c
++++ b/ppd/ppd-generator.c
+@@ -1,15 +1,16 @@
+ //
+ //   PWG Raster/Apple Raster/PCLm/PDF/IPP legacy PPD generator for libppd.
+ //
+-//   Copyright 2016-2019 by Till Kamppeter.
+-//   Copyright 2017-2019 by Sahil Arora.
+-//   Copyright 2018-2019 by Deepak Patankar.
++//   Copyright © 2024 by OpenPrinting
++//   Copyright © 2016-2019 by Till Kamppeter.
++//   Copyright © 2017-2019 by Sahil Arora.
++//   Copyright © 2018-2019 by Deepak Patankar.
+ //
+ //   The PPD generator is based on the PPD generator for the CUPS
+ //   "lpadmin -m everywhere" functionality in the cups/ppd-cache.c
+ //   file. The copyright of this file is:
+ //
+-//   Copyright 2010-2016 by Apple Inc.
++//   Copyright © 2010-2016 by Apple Inc.
+ //
+ //   Licensed under Apache License v2.0.  See the file "LICENSE" for more
+ //   information.
+@@ -51,6 +52,7 @@
+ 
+ static int	http_connect(http_t **http, const char *url, char *resource,
+ 			     size_t ressize);
++static void	ppd_put_string(cups_file_t *fp, cups_lang_t *lang, const char *ppd_option, const char *ppd_choice, const char *pwg_msgid);
+ 
+ 
+ //
+@@ -60,7 +62,7 @@ static int	http_connect(http_t **http, const char *url, char *resource,
+ // than CUPS 2.2.x. We have also an additional test and development
+ // platform for this code. Taken from cups/ppd-cache.c,
+ // cups/string-private.h, cups/string.c.
+-// 
++//
+ // The advantage of PPD generation instead of working with System V
+ // interface scripts is that the print dialogs of the clients do not
+ // need to ask the printer for its options via IPP. So we have access
+@@ -124,7 +126,7 @@ char ppdgenerator_msg[1024];
+ //                           IPP 1.x legacy)
+ //
+ 
+-char *                                             // O - PPD filename or NULL 
++char *                                             // O - PPD filename or NULL
+                                                    //     on error
+ ppdCreatePPDFromIPP(char         *buffer,          // I - Filename buffer
+ 		    size_t       bufsize,          // I - Size of filename
+@@ -175,7 +177,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 		     cups_array_t *conflicts,       // I - Array of
+ 						    //     constraints
+ 		     cups_array_t *sizes,           // I - Media sizes we've
+-						    //     added 
++						    //     added
+ 		     char*        default_pagesize, // I - Default page size
+ 		     const char   *default_cluster_color, // I - cluster def
+ 						    //     color (if cluster's
+@@ -187,6 +189,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 		     size_t       status_msg_size)  // I - Size of status
+ 						    //     message buffer
+ {
++  cups_lang_t		*lang;		// Localization language
+   cups_file_t		*fp;		// PPD file
+   cups_array_t		*printer_sizes;	// Media sizes we've added
+   cups_size_t		*size;		// Current media size
+@@ -199,9 +202,10 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+   ipp_t			*media_col,	// Media collection
+ 			*media_size;	// Media size collection
+   char			make[256],	// Make and model
+-			*model,		// Model name
++			*mptr,		// Pointer into make and model
+ 			ppdname[PPD_MAX_NAME];
+ 		    			// PPD keyword
++  const char		*model;		// Model name
+   int			i, j,		// Looping vars
+ 			count = 0,	// Number of values
+ 			bottom,		// Largest bottom margin
+@@ -283,6 +287,68 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+     return (NULL);
+   }
+ 
++  //
++  // Get a sanitized make and model...
++  //
++
++  if ((attr = ippFindAttribute(supported, "printer-make-and-model", IPP_TAG_TEXT)) != NULL && ippValidateAttribute(attr))
++  {
++    // Sanitize the model name to only contain PPD-safe characters.
++    strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make));
++
++    for (mptr = make; *mptr; mptr ++)
++    {
++      if (*mptr < ' ' || *mptr >= 127 || *mptr == '\"')
++      {
++        // Truncate the make and model on the first bad character...
++	*mptr = '\0';
++	break;
++      }
++    }
++
++    while (mptr > make)
++    {
++      // Strip trailing whitespace...
++      mptr --;
++      if (*mptr == ' ')
++	*mptr = '\0';
++    }
++
++    if (!make[0])
++    {
++      // Use a default make and model if nothing remains...
++      strlcpy(make, "Unknown", sizeof(make));
++    }
++  }
++  else
++  {
++    // Use a default make and model...
++    strlcpy(make, "Unknown", sizeof(make));
++  }
++
++  if (!strncasecmp(make, "Hewlett Packard ", 16) || !strncasecmp(make, "Hewlett-Packard ", 16))
++  {
++    // Normalize HP printer make and model...
++    model = make + 16;
++    strlcpy(make, "HP", sizeof(make));
++
++    if (!strncasecmp(model, "HP ", 3))
++      model += 3;
++  }
++  else if ((mptr = strchr(make, ' ')) != NULL)
++  {
++    // Separate "MAKE MODEL"...
++    while (*mptr && *mptr == ' ')
++      *mptr++ = '\0';
++
++    model = mptr;
++  }
++  else
++  {
++    // No separate model name...
++    model = "Printer";
++  }
++
+   //
+   // Standard stuff for PPD file...
+   //
+@@ -311,25 +377,6 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+     }
+   }
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-make-and-model",
+-			       IPP_TAG_TEXT)) != NULL)
+-    strlcpy(make, ippGetString(attr, 0, NULL), sizeof(make));
+-  else if (make_model && make_model[0] != '\0')
+-    strlcpy(make, make_model, sizeof(make));
+-  else
+-    strlcpy(make, "Unknown Printer", sizeof(make));
+-
+-  if (!strncasecmp(make, "Hewlett Packard ", 16) ||
+-      !strncasecmp(make, "Hewlett-Packard ", 16))
+-  {
+-    model = make + 16;
+-    strlcpy(make, "HP", sizeof(make));
+-  }
+-  else if ((model = strchr(make, ' ')) != NULL)
+-    *model++ = '\0';
+-  else
+-    model = make;
+-
+   cupsFilePrintf(fp, "*Manufacturer: \"%s\"\n", make);
+   cupsFilePrintf(fp, "*ModelName: \"%s %s\"\n", make, model);
+   cupsFilePrintf(fp, "*Product: \"(%s %s)\"\n", make, model);
+@@ -425,21 +472,19 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+   }
+   cupsFilePuts(fp, "\"\n");
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) !=
+-      NULL)
++  if ((attr = ippFindAttribute(supported, "printer-more-info", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+     cupsFilePrintf(fp, "*APSupplies: \"%s\"\n", ippGetString(attr, 0, NULL));
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-charge-info-uri",
+-			       IPP_TAG_URI)) != NULL)
+-    cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0,
+-								    NULL));
++  if ((attr = ippFindAttribute(supported, "printer-charge-info-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
++    cupsFilePrintf(fp, "*cupsChargeInfoURI: \"%s\"\n", ippGetString(attr, 0, NULL));
+ 
+   // Message catalogs for UI strings
++  lang = cupsLangDefault();
+   opt_strings_catalog = cfCatalogOptionArrayNew();
+   cfCatalogLoad(NULL, NULL, opt_strings_catalog);
+ 
+   if ((attr = ippFindAttribute(supported, "printer-strings-uri",
+-			       IPP_TAG_URI)) != NULL)
++			       IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+   {
+     printer_opt_strings_catalog = cfCatalogOptionArrayNew();
+     cfCatalogLoad(ippGetString(attr, 0, NULL), NULL,
+@@ -492,7 +537,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 	  response = cupsDoRequest(http, request, resource);
+ 
+ 	  if ((attr = ippFindAttribute(response, "printer-strings-uri",
+-				       IPP_TAG_URI)) != NULL)
++				       IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
+ 	    cupsFilePrintf(fp, "*cupsStringsURI %s: \"%s\"\n", keyword,
+ 			   ippGetString(attr, 0, NULL));
+ 
+@@ -518,13 +563,10 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 				     IPP_TAG_BOOLEAN), 0))
+     cupsFilePuts(fp, "*cupsJobAccountingUserId: True\n");
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri",
+-			       IPP_TAG_URI)) != NULL)
+-    cupsFilePrintf(fp, "*cupsPrivacyURI: \"%s\"\n",
+-		   ippGetString(attr, 0, NULL));
++  if ((attr = ippFindAttribute(supported, "printer-privacy-policy-uri", IPP_TAG_URI)) != NULL && ippValidateAttribute(attr))
++    cupsFilePrintf(fp, "*cupsPrivacyURI: \"%s\"\n", ippGetString(attr, 0, NULL));
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes",
+-			       IPP_TAG_KEYWORD)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-mandatory-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr))
+   {
+     char	prefix = '\"';		// Prefix for string
+ 
+@@ -544,8 +586,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+     cupsFilePuts(fp, "\"\n");
+   }
+ 
+-  if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes",
+-			       IPP_TAG_KEYWORD)) != NULL)
++  if ((attr = ippFindAttribute(supported, "printer-requested-job-attributes", IPP_TAG_KEYWORD)) != NULL && ippValidateAttribute(attr))
+   {
+     char	prefix = '\"';		// Prefix for string
+ 
+@@ -664,7 +705,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+   }
+ 
+   //
+-  // Fax 
++  // Fax
+   //
+ 
+   if (is_fax)
+@@ -705,21 +746,21 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ #ifdef CUPS_RASTER_HAVE_APPLERASTER
+   else if (cupsArrayFind(pdl_list, "image/urf"))
+   {
+-    int resStore = 0; // Variable for storing the no. of resolutions in the resolution array 
++    int resStore = 0; // Variable for storing the no. of resolutions in the resolution array
+     int resArray[__INT16_MAX__]; // Creating a resolution array supporting a maximum of 32767 resolutions.
+     int lowdpi = 0, middpi = 0, hidpi = 0; // Lower , middle and higher resolution
+     if ((attr = ippFindAttribute(supported, "urf-supported",
+ 			IPP_TAG_KEYWORD)) != NULL)
+     {
+       for (int i = 0, count = ippGetCount(attr); i < count; i ++)
+-      {  
++      {
+        	const char *rs = ippGetString(attr, i, NULL); // RS values
+-        const char *rsCopy = ippGetString(attr, i, NULL); // RS values(copy) 
++        const char *rsCopy = ippGetString(attr, i, NULL); // RS values(copy)
+ 	if (strncasecmp(rs, "RS", 2)) // Comparing attributes to have RS in
+ 	                              // the beginning to indicate the
+ 	                              // resolution feature
+ 	  continue;
+-        int resCount = 0; // Using a count variable which can be reset 
++        int resCount = 0; // Using a count variable which can be reset
+         while (*rsCopy != '\0') // Parsing through the copy pointer to
+ 	                        // determine the no. of resolutions
+         {
+@@ -817,7 +858,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 	    formatfound = 1;
+ 	    is_apple = 1;
+ 	  }
+-        } 
++        }
+       }
+     }
+   }
+@@ -909,7 +950,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+   if (manual_copies == 1)
+     cupsFilePuts(fp, "*cupsManualCopies: True\n");
+ 
+-  // No resolution requirements by any of the supported PDLs? 
++  // No resolution requirements by any of the supported PDLs?
+   // Use "printer-resolution-supported" attribute
+   if (common_res == NULL)
+   {
+@@ -1027,7 +1068,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+   //
+   // PageSize/PageRegion/ImageableArea/PaperDimension
+   //
+- 
++
+   cfGenerateSizes(supported, CF_GEN_SIZES_DEFAULT, &printer_sizes, &defattr,
+ 		  NULL, NULL, NULL, NULL, NULL, NULL,
+ 		  &min_width, &min_length,
+@@ -1406,15 +1447,15 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+         if (!strcmp(sources[j], keyword))
+ 	  break;
+       if (j >= 0)
+-	cupsFilePrintf(fp, "*InputSlot %s%s%s: \"<</MediaPosition %d>>setpagedevice\"\n",
+-		       ppdname,
+-		       (human_readable ? "/" : ""),
+-		       (human_readable ? human_readable : ""), j);
++      {
++	cupsFilePrintf(fp, "*InputSlot %s: \"<</MediaPosition %d>>setpagedevice\"\n", ppdname, j);
++	ppd_put_string(fp, lang, "InputSlot", ppdname, human_readable);
++      }
+       else
+-	cupsFilePrintf(fp, "*InputSlot %s%s%s: \"\"\n",
+-		       ppdname,
+-		       (human_readable ? "/" : ""),
+-		       (human_readable ? human_readable : ""));
++      {
++	cupsFilePrintf(fp, "*InputSlot %s%s%s:\"\"\n", ppdname, human_readable ? "/" : "", human_readable ? human_readable : "");
++	ppd_put_string(fp, lang, "InputSlot", ppdname, human_readable);
++      }
+     }
+     cupsFilePuts(fp, "*CloseUI: *InputSlot\n");
+   }
+@@ -1449,11 +1490,8 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+       human_readable = cfCatalogLookUpChoice((char *)keyword, "media-type",
+ 					     opt_strings_catalog,
+ 					     printer_opt_strings_catalog);
+-      cupsFilePrintf(fp, "*MediaType %s%s%s: \"<</MediaType(%s)>>setpagedevice\"\n",
+-		     ppdname,
+-		     (human_readable ? "/" : ""),
+-		     (human_readable ? human_readable : ""),
+-		     ppdname);
++      cupsFilePrintf(fp, "*MediaType %s: \"<</MediaType(%s)>>setpagedevice\"\n", ppdname, ppdname);
++      ppd_put_string(fp, lang, "MediaType", ppdname, human_readable);
+     }
+     cupsFilePuts(fp, "*CloseUI: *MediaType\n");
+   }
+@@ -1776,10 +1814,8 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+       human_readable = cfCatalogLookUpChoice((char *)keyword, "output-bin",
+ 					     opt_strings_catalog,
+ 					     printer_opt_strings_catalog);
+-      cupsFilePrintf(fp, "*OutputBin %s%s%s: \"\"\n",
+-		     ppdname,
+-		     (human_readable ? "/" : ""),
+-		     (human_readable ? human_readable : ""));
++      cupsFilePrintf(fp, "*OutputBin %s: \"\"\n", ppdname);
++      ppd_put_string(fp, lang, "OutputBin", ppdname, human_readable);
+       outputorderinfofound = 0;
+       faceupdown = 1;
+       firsttolast = 1;
+@@ -1833,7 +1869,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 
+   //
+   // Finishing options...
+-  // 
++  //
+ 
+   if ((attr = ippFindAttribute(supported, "finishings-supported",
+ 			       IPP_TAG_ENUM)) != NULL)
+@@ -1958,9 +1994,8 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 	human_readable = cfCatalogLookUpChoice(buf, "finishings",
+ 					       opt_strings_catalog,
+ 					       printer_opt_strings_catalog);
+-	cupsFilePrintf(fp, "*StapleLocation %s%s%s: \"\"\n", ppd_keyword,
+-		       (human_readable ? "/" : ""),
+-		       (human_readable ? human_readable : ""));
++	cupsFilePrintf(fp, "*StapleLocation %s: \"\"\n", ppd_keyword);
++	ppd_put_string(fp, lang, "StapleLocation", ppd_keyword, human_readable);
+ 	cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*StapleLocation %s\"\n",
+ 		       value, keyword, ppd_keyword);
+       }
+@@ -2050,9 +2085,8 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 	human_readable = cfCatalogLookUpChoice(buf, "finishings",
+ 					       opt_strings_catalog,
+ 					       printer_opt_strings_catalog);
+-	cupsFilePrintf(fp, "*FoldType %s%s%s: \"\"\n", ppd_keyword,
+-		       (human_readable ? "/" : ""),
+-		       (human_readable ? human_readable : ""));
++	cupsFilePrintf(fp, "*FoldType %s: \"\"\n", ppd_keyword);
++	ppd_put_string(fp, lang, "FoldType", ppd_keyword, human_readable);
+ 	cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*FoldType %s\"\n",
+ 		       value, keyword, ppd_keyword);
+       }
+@@ -2149,9 +2183,8 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 	human_readable = cfCatalogLookUpChoice(buf, "finishings",
+ 					       opt_strings_catalog,
+ 					       printer_opt_strings_catalog);
+-	cupsFilePrintf(fp, "*PunchMedia %s%s%s: \"\"\n", ppd_keyword,
+-		       (human_readable ? "/" : ""),
+-		       (human_readable ? human_readable : ""));
++	cupsFilePrintf(fp, "*PunchMedia %s: \"\"\n", ppd_keyword);
++	ppd_put_string(fp, lang, "PunchMedia", ppd_keyword, human_readable);
+ 	cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*PunchMedia %s\"\n",
+ 		       value, keyword, ppd_keyword);
+       }
+@@ -2242,9 +2275,8 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 	human_readable = cfCatalogLookUpChoice(buf, "finishings",
+ 					       opt_strings_catalog,
+ 					       printer_opt_strings_catalog);
+-	cupsFilePrintf(fp, "*CutMedia %s%s%s: \"\"\n", ppd_keyword,
+-		       (human_readable ? "/" : ""),
+-		       (human_readable ? human_readable : ""));
++	cupsFilePrintf(fp, "*CutMedia %s: \"\"\n", ppd_keyword);
++	ppd_put_string(fp, lang, "CutMedia", ppd_keyword, human_readable);
+ 	cupsFilePrintf(fp, "*cupsIPPFinishings %d/%s: \"*CutMedia %s\"\n",
+ 		       value, keyword, ppd_keyword);
+       }
+@@ -2268,7 +2300,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+     cupsFilePrintf(fp, "*OpenUI *cupsFinishingTemplate/%s: PickOne\n",
+ 		   (human_readable ? human_readable : "Finishing Template"));
+     cupsFilePuts(fp, "*OrderDependency: 10 AnySetup *cupsFinishingTemplate\n");
+-    cupsFilePuts(fp, "*DefaultcupsFinishingTemplate: none\n");
++    cupsFilePuts(fp, "*DefaultcupsFinishingTemplate: None\n");
+     human_readable = cfCatalogLookUpChoice("3", "finishings",
+ 					   opt_strings_catalog,
+ 					   printer_opt_strings_catalog);
+@@ -2299,8 +2331,9 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 					     printer_opt_strings_catalog);
+       if (human_readable == NULL)
+ 	human_readable = (char *)keyword;
+-      cupsFilePrintf(fp, "*cupsFinishingTemplate %s/%s: \"\n", keyword,
+-		     human_readable);
++      ppdPwgPpdizeName(keyword, ppdname, sizeof(ppdname));
++      cupsFilePrintf(fp, "*cupsFinishingTemplate %s: \"\n", ppdname);
++      ppd_put_string(fp, lang, "cupsFinishingTemplate", ppdname, human_readable);
+       for (finishing_attr = ippFirstAttribute(finishing_col); finishing_attr;
+ 	   finishing_attr = ippNextAttribute(finishing_col)) {
+         if (ippGetValueTag(finishing_attr) == IPP_TAG_BEGIN_COLLECTION) {
+@@ -2564,14 +2597,14 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+       if (!preset || !preset_name)
+         continue;
+ 
+-      if ((localized_name =
++      ppdPwgPpdizeName(preset_name, ppdname, sizeof(ppdname));
++
++      localized_name =
+ 	   cfCatalogLookUpOption((char *)preset_name,
+ 				 opt_strings_catalog,
+-				 printer_opt_strings_catalog)) == NULL)
+-        cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", preset_name);
+-      else
+-        cupsFilePrintf(fp, "*APPrinterPreset %s/%s: \"\n", preset_name,
+-		       localized_name);
++				 printer_opt_strings_catalog);
++      cupsFilePrintf(fp, "*APPrinterPreset %s: \"\n", ppdname);
++      ppd_put_string(fp, lang, "APPrinterPreset", ppdname, localized_name);
+ 
+       for (member = ippFirstAttribute(preset); member;
+ 	   member = ippNextAttribute(preset))
+@@ -2620,7 +2653,10 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 		 ippGetString(ippFindAttribute(fin_col,
+ 					       "finishing-template",
+ 					       IPP_TAG_ZERO), 0, NULL)) != NULL)
+-              cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", keyword);
++            {
++	      ppdPwgPpdizeName(keyword, ppdname, sizeof(ppdname));
++              cupsFilePrintf(fp, "*cupsFinishingTemplate %s\n", ppdname);
++            }
+           }
+         }
+ 	else if (!strcmp(member_name, "media"))
+@@ -2659,7 +2695,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 				      NULL)) != NULL)
+ 	  {
+             ppdPwgPpdizeName(keyword, ppdname, sizeof(ppdname));
+-            cupsFilePrintf(fp, "*InputSlot %s\n", keyword);
++            cupsFilePrintf(fp, "*InputSlot %s\n", ppdname);
+ 	  }
+ 
+           if ((keyword = ippGetString(ippFindAttribute(media_col, "media-type",
+@@ -2667,7 +2703,7 @@ ppdCreatePPDFromIPP2(char         *buffer,          // I - Filename buffer
+ 				      NULL)) != NULL)
+ 	  {
+             ppdPwgPpdizeName(keyword, ppdname, sizeof(ppdname));
+-            cupsFilePrintf(fp, "*MediaType %s\n", keyword);
++            cupsFilePrintf(fp, "*MediaType %s\n", ppdname);
+ 	  }
+         }
+ 	else if (!strcmp(member_name, "print-quality"))
+@@ -2817,3 +2853,38 @@ http_connect(http_t     **http,		// IO - Current HTTP connection
+ 
+   return (*http != NULL);
+ }
++
++
++/*
++ * 'ppd_put_strings()' - Write localization attributes to a PPD file.
++ */
++
++static void
++ppd_put_string(cups_file_t  *fp,	/* I - PPD file */
++               cups_lang_t  *lang,	/* I - Language */
++	       const char   *ppd_option,/* I - PPD option */
++	       const char   *ppd_choice,/* I - PPD choice */
++	       const char   *text)	/* I - Localized text */
++{
++  if (!text)
++    return;
++
++  // Add the first line of localized text...
++#if CUPS_VERSION_MAJOR > 2
++  cupsFilePrintf(fp, "*%s.%s %s/", cupsLangGetName(lang), ppd_option, ppd_choice);
++#else
++  cupsFilePrintf(fp, "*%s.%s %s/", lang->language, ppd_option, ppd_choice);
++#endif // CUPS_VERSION_MAJOR > 2
++
++  while (*text && *text != '\n')
++  {
++    // Escape ":" and "<"...
++    if (*text == ':' || *text == '<')
++      cupsFilePrintf(fp, "<%02X>", *text);
++    else
++      cupsFilePutChar(fp, *text);
++
++    text ++;
++  }
++  cupsFilePuts(fp, ": \"\"\n");
++}
diff --git a/meta-oe/recipes-printing/cups/libppd_2.0.0.bb b/meta-oe/recipes-printing/cups/libppd_2.0.0.bb
index 99b1f6e730..f1cf25901e 100644
--- a/meta-oe/recipes-printing/cups/libppd_2.0.0.bb
+++ b/meta-oe/recipes-printing/cups/libppd_2.0.0.bb
@@ -5,7 +5,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=c1fca671047153ce6825c4ab06f2ab49"
 
 DEPENDS = "libcupsfilters"
 
-SRC_URI = "https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz"
+SRC_URI = " \
+    https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \
+    file://0001-CVE-2024-47175.patch \
+"
 SRC_URI[sha256sum] = "882d3c659a336e91559de8f3c76fc26197fe6e5539d9b484a596e29a5a4e0bc8"
 
 inherit autotools gettext pkgconfig github-releases

From patchwork Tue Oct 14 23:32:14 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72337
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2B985CCD196
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:32:58 +0000 (UTC)
Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com
 [209.85.215.175])
 by mx.groups.io with SMTP id smtpd.web10.3473.1760484777139256884
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:32:57 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=Tty2v+tF;
 spf=pass (domain: gmail.com, ip: 209.85.215.175,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pg1-f175.google.com with SMTP id
 41be03b00d2f7-b5507d3ccd8so4934874a12.0
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:32:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484776; x=1761089576;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Z49fD9FWj0dDkLy5BiLkXDPG/f0qusOHTxWfpEkr4FY=;
        b=Tty2v+tFJ+da8nNSfR59wnxu2sQnpmnNomn8D9RL6/FF5JkYHo83oJB4OS3hEOI07t
         TVk0w2hAvGRkVoaXSS/HJvtvTOX08w+46w0tJViEHHxcHKt/3+i0QaSjyVRqhFa4b82v
         YjRZqSPdQK6OFlHanV98jMNvE/d8V385s7EXS+x5EKWnFsbecZ0eQPcktXl0rHOf93VM
         grqyN0hJ8zwhhIqHCwcckexO822lY/mq9ZcJNrvaNUDNbUiMoV/P0t+1kKF2UjpMgQC4
         lX0p+aKz+TC0JA5wMgRjNIvZF1Sh3SNcKClsvsCgDE2wWihsIzui1YBwg9ZLV3ew7B+6
         na2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484776; x=1761089576;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Z49fD9FWj0dDkLy5BiLkXDPG/f0qusOHTxWfpEkr4FY=;
        b=o1Z8jjRFUGuYvIBhGlxXvC8LAueD3H0bGg2RMkFOxITd878vR8Wmr2hrV9A45YAbbo
         4yYs7y6Zwomr7bdpIHelAUL3BDzS/VtCxInIAzX1TUUAnWT8bUTivkfonpxZmXeCv2JD
         nogyCKxm6xSIFWR/00L9wCVOzoj3uLAx5EBJUf++ALyin7FONeZvVrQmgEQKKTn3+S/+
         Z4Tl3XHLv51ExNK2f2rAhkkVVNL+K/aKWYYK/wm+aFVmKIYJhuGvwf6casbcha8jemxU
         sx/XM3XgMpn62TGgZhkHXEYyxqn6C4O4tj3imf+T9wk0jDEG3JqWsfkP1wvMrJwsZrYm
         XFEA==
X-Gm-Message-State: AOJu0YwXorNVE2XPhmCPSfGdcuiwiWN7pbaPX1pAMKY9Puj/iOLYjHDt
	af2ofVBbzeJBARmbDMe37TkuAJbvYARGobv9mTPzzx1XN8sic2pqX9EG7a1zOw==
X-Gm-Gg: ASbGncsocvcrBVpwjJUp4yemwJE4k8G9ew2Lo+Dz9/y2+kwA45niIbkxiZ1SjkiX2Vr
	yksSeclr5/eazgJk6YKao53UJpAA/1nFTvobL9YsQXYfsyWhL2pOadPEHFL18omIcxo0+vKrOKb
	QUzPDcExtjzNQbPvzXgrEZttaughEB+h2BGcuIpGgV0WShJt4HiXygBkMBEKMpy+8lWQs8EfKmg
	xrowc8gYxYVpmytPmK3x9ZgJrn63PGyGX//thrnMIBQmLdwU4IvC057VYJfN0MgGlNeQLo+qBjk
	q8i1PUy9Mx5hfjBGyQAGYvL1Pvbgna+GyEm+/YvxN7XGpb4+MItT0Vk8AXR1xtHCw41ZAhwLieN
	8H22TeUTUPndPOg4flM3TzHH+JEeJYyJSi3WjOZizaqEiDH6pmXN5ZYShJ9FxDcBEPM3YkOQA0h
	e8
X-Google-Smtp-Source: 
 AGHT+IFwr8vWTVVGVrtlp8qU1dwB0f/atfjiK/vV7Xyr/uXW7OV+ZpfsO4iruSGcrXx1oil7Os7E9w==
X-Received: by 2002:a17:90b:4b45:b0:32b:65e6:ec48 with SMTP id
 98e67ed59e1d1-33b51106a08mr36787571a91.8.1760484776331;
        Tue, 14 Oct 2025 16:32:56 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.32.54
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:32:56 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>,
	Gyorgy Sarvari <skandigraun@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 03/18] hdf5: patch CVE-2025-2923
Date: Wed, 15 Oct 2025 12:32:14 +1300
Message-ID: <20251014233233.304125-4-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:32:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120662

Details https://nvd.nist.gov/vuln/detail/CVE-2025-2923

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 01238545d8f0ac9aabc271538d0ca5ccd9f3d9f4)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../hdf5/files/0001-CVE-2025-2923.patch       | 67 +++++++++++++++++++
 meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb |  1 +
 2 files changed, 68 insertions(+)
 create mode 100644 meta-oe/recipes-support/hdf5/files/0001-CVE-2025-2923.patch

diff --git a/meta-oe/recipes-support/hdf5/files/0001-CVE-2025-2923.patch b/meta-oe/recipes-support/hdf5/files/0001-CVE-2025-2923.patch
new file mode 100644
index 0000000000..ffaade2503
--- /dev/null
+++ b/meta-oe/recipes-support/hdf5/files/0001-CVE-2025-2923.patch
@@ -0,0 +1,67 @@
+From 951ebdce0098dac1042d5e9650e655c6c1f92904 Mon Sep 17 00:00:00 2001
+From: jhendersonHDF <jhenderson@hdfgroup.org>
+Date: Fri, 26 Sep 2025 13:13:10 -0500
+Subject: [PATCH] CVE-2025-2923
+
+Fix issue with handling of corrupted object header continuation messages (#5829)
+
+An HDF5 file could be specifically constructed such that an object
+header contained a corrupted continuation message which pointed
+back to itself. This eventually resulted in an internal buffer being
+allocated with too small of a size, leading to a heap buffer overflow
+when encoding an object header message into it. This has been fixed
+by checking the expected number of deserialized object header chunks
+against the actual value as chunks are being deserialized.
+
+Fixes CVE-2025-6816, CVE-2025-6856, CVE-2025-2923
+
+CVE: CVE-2025-2923
+Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/29c847a43db0cdc85b01cafa5a7613ea73932675]
+
+(cherry picked from commit 29c847a43db0cdc85b01cafa5a7613ea73932675)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/H5Oint.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/src/H5Oint.c b/src/H5Oint.c
+index 022ee43..a5e0072 100644
+--- a/src/H5Oint.c
++++ b/src/H5Oint.c
+@@ -1013,10 +1013,9 @@ H5O_protect(const H5O_loc_t *loc, unsigned prot_flags, bool pin_all_chunks)
+          */
+         curr_msg = 0;
+         while (curr_msg < cont_msg_info.nmsgs) {
+-            H5O_chunk_proxy_t *chk_proxy; /* Proxy for chunk, to bring it into memory */
+-#ifndef NDEBUG
+-            size_t chkcnt = oh->nchunks; /* Count of chunks (for sanity checking) */
+-#endif                                   /* NDEBUG */
++            H5O_chunk_proxy_t *chk_proxy;            /* Proxy for chunk, to bring it into memory */
++            unsigned           chunkno;              /* Chunk number for chunk proxy */
++            size_t             chkcnt = oh->nchunks; /* Count of chunks (for sanity checking) */
+ 
+             /* Bring the chunk into the cache */
+             /* (which adds to the object header) */
+@@ -1029,14 +1028,20 @@ H5O_protect(const H5O_loc_t *loc, unsigned prot_flags, bool pin_all_chunks)
+ 
+             /* Sanity check */
+             assert(chk_proxy->oh == oh);
+-            assert(chk_proxy->chunkno == chkcnt);
+-            assert(oh->nchunks == (chkcnt + 1));
++
++            chunkno = chk_proxy->chunkno;
+ 
+             /* Release the chunk from the cache */
+             if (H5AC_unprotect(loc->file, H5AC_OHDR_CHK, cont_msg_info.msgs[curr_msg].addr, chk_proxy,
+                                H5AC__NO_FLAGS_SET) < 0)
+                 HGOTO_ERROR(H5E_OHDR, H5E_CANTUNPROTECT, NULL, "unable to release object header chunk");
+ 
++            if (chunkno != chkcnt)
++                HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, NULL, "incorrect chunk number for object header chunk");
++            if (oh->nchunks != (chkcnt + 1))
++                HGOTO_ERROR(H5E_OHDR, H5E_BADVALUE, NULL,
++                            "incorrect number of chunks after deserializing object header chunk");
++
+             /* Advance to next continuation message */
+             curr_msg++;
+         } /* end while */
diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
index f34e5f183d..4305826b22 100644
--- a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
+++ b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
@@ -15,6 +15,7 @@ SRC_URI = " \
     https://support.hdfgroup.org/ftp/HDF5/releases/hdf5-1.14/hdf5-1.14.4/src/${BPN}-${PV}.tar.gz \
     file://0002-Remove-suffix-shared-from-shared-library-name.patch \
     file://0001-cmake-remove-build-flags.patch \
+    file://0001-CVE-2025-2923.patch \
 "
 SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03"
 

From patchwork Tue Oct 14 23:32:15 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72338
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 06FF5CCD18E
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:08 +0000 (UTC)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by mx.groups.io with SMTP id smtpd.web11.3556.1760484779465110539
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:32:59 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=joj5shDB;
 spf=pass (domain: gmail.com, ip: 209.85.214.182,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pl1-f182.google.com with SMTP id
 d9443c01a7336-2698e4795ebso57818305ad.0
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:32:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484779; x=1761089579;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=os960+YvAPECZcOnkZ8D8wTgTbF9vHvo7RSwctv9RwQ=;
        b=joj5shDBqRCep0cqLM3GPmetE2k+weEQjOBbCS/s7ZSNAJobIUNkr0j21TKwh1BCsk
         xNJ67zM/kvAfY4r29do1tyKkg5Gx0ZBVsV60bh1aPOSaTGWCPj4Gwy4S78FYrN7fgxh9
         nVP3f7wegU9+VWvsXHnx8sR3EgOK3qiWftPRHO+hFbn9gEsGHl5b9DAlt7VdX3THiwCa
         f60E5RSU4gBKB2G5ddRVIpqCoIUOTpi9bVEAvJmu+v3qyzqFjk1ZgkEhnEyAWDTc35EN
         udglhR0VZ+wJWJhZqrSvGpTo151j8Z1g3BcTs2+2e1YGVPxcagMGD8fPvtbFI+ymZ0xQ
         D9Dg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484779; x=1761089579;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=os960+YvAPECZcOnkZ8D8wTgTbF9vHvo7RSwctv9RwQ=;
        b=v/H9Kx3l9FbOIqXxNzhveY4Vgr2pUafEvwbYSuRTG+ItKSGYAwFLWuQHAOjpQCXq1D
         sh/7qo3qy1comYRIfVqguDgAxh1dXJx7NgUz9AX1GDvR6osGfzyugwhuQYUHLWR8SU6C
         Tif5OuGG1lPGgAIskmQ4hNyTZEgYp5I70nQcDdOGvy8ILuSs+D+u6uE2czwvomxjxpW6
         uNpZ8ixzq8XCvCjn9C0QyHH+k97NtFVZgT2EQJyxoEOq3cGM9N+O5/OYzkyUgjZTnvnL
         qH1v6RjlvYauc9enBxCU5C7qo1ZiBCXpMEt+/s4gH+stoNWom4e/iRa43+JPd0m76mvq
         e3KQ==
X-Gm-Message-State: AOJu0YyvY+KczgO5Wawxrr+5tt28mnc3xxsHGXflFDrR6UlmymyRyTis
	1CZpXkY6VFWtfw2SonYs4SAHdHrBIWX4MOpahyIeIUXmb4zgppb/76UfdfcMxg==
X-Gm-Gg: ASbGncu/3IjHM5PthjEaf8l4Kzph5vzcsw73y+sBv9+niKAeo4QOe3m6GlCWJFYSjUS
	Pg3aH001UuSTLIBBloJ5s6YzKqMkz/UDzB7Q1HlPMSAshyP2LaNnawNLo/GSSHLQnKTyV6/iWvk
	Ojz2Ai7fzcyiJ/ki9UUhC1agHBDqOzPyNgx6BYY0nABG93tSj/yurwhAkjlGNrLKlMTEu5gbdTU
	lwsZujgbkRxPxSqiO33U/ApiO18n9/TKooedKbrIYJrG9dfhY0pDFWsupwdvhAkBQxD8sO4FMgW
	53dGq0lV0Em82WGxFM5ozpgd/5Mt+HFzeXgVlz8lGCxaLKqHAL+cckUhObzLAqF4Ibw/vvdRu7t
	wzjlZFAWa4OOcSHuw3LhpKEpiXK0l4gA2sparmkp0OCpN8WYzV4eg4IzWQjmoXGi5eQ==
X-Google-Smtp-Source: 
 AGHT+IG6zvBOHl//S+74IVcjDX1nr03OP0r+CmHgg7Y3qdAFMk0ZbvfERq0IIuKjtYlU92m4HKemMw==
X-Received: by 2002:a17:902:e94e:b0:279:daa1:6780 with SMTP id
 d9443c01a7336-2902741cf99mr339075875ad.52.1760484778597;
        Tue, 14 Oct 2025 16:32:58 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.32.56
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:32:58 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>,
	Gyorgy Sarvari <skandigraun@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 04/18] hdf5: patch CVE-2025-2924
Date: Wed, 15 Oct 2025 12:32:15 +1300
Message-ID: <20251014233233.304125-5-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120663

Details https://nvd.nist.gov/vuln/detail/CVE-2025-2924

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit f0cdeee91832709fe78b1f2af2a0504af80c41d7)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../hdf5/files/0002-CVE-2025-2924.patch       | 39 +++++++++++++++++++
 meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb |  1 +
 2 files changed, 40 insertions(+)
 create mode 100644 meta-oe/recipes-support/hdf5/files/0002-CVE-2025-2924.patch

diff --git a/meta-oe/recipes-support/hdf5/files/0002-CVE-2025-2924.patch b/meta-oe/recipes-support/hdf5/files/0002-CVE-2025-2924.patch
new file mode 100644
index 0000000000..73ee50db1f
--- /dev/null
+++ b/meta-oe/recipes-support/hdf5/files/0002-CVE-2025-2924.patch
@@ -0,0 +1,39 @@
+From 3a6f6c1f57c09281d4a9d11a1ae809fd21b666dd Mon Sep 17 00:00:00 2001
+From: Glenn Song <43005495+glennsong09@users.noreply.github.com>
+Date: Mon, 15 Sep 2025 07:56:54 -0500
+Subject: [PATCH] CVE-2025-2924
+
+Fixes heap-based buffer overflow in H5HL__fl_deserialize by adding an overflow check.
+
+CVE: CVE-2025-2924
+Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/0a57195ca67d278f1cf7d01566c121048e337a59]
+
+(cherry picked from commit 0a57195ca67d278f1cf7d01566c121048e337a59)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/H5HLcache.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/H5HLcache.c b/src/H5HLcache.c
+index d0836fe..7f412d2 100644
+--- a/src/H5HLcache.c
++++ b/src/H5HLcache.c
+@@ -225,6 +225,7 @@ H5HL__fl_deserialize(H5HL_t *heap)
+     /* check arguments */
+     assert(heap);
+     assert(!heap->freelist);
++    HDcompile_assert(sizeof(hsize_t) == sizeof(uint64_t));
+ 
+     /* Build free list */
+     free_block = heap->free_block;
+@@ -232,6 +233,10 @@ H5HL__fl_deserialize(H5HL_t *heap)
+         const uint8_t *image; /* Pointer into image buffer */
+ 
+         /* Sanity check */
++
++        if (free_block > UINT64_MAX - (2 * heap->sizeof_size))
++            HGOTO_ERROR(H5E_HEAP, H5E_BADRANGE, FAIL, "decoded heap block address overflow");
++
+         if ((free_block + (2 * heap->sizeof_size)) > heap->dblk_size)
+             HGOTO_ERROR(H5E_HEAP, H5E_BADRANGE, FAIL, "bad heap free list");
+ 
diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
index 4305826b22..06a375c673 100644
--- a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
+++ b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
@@ -16,6 +16,7 @@ SRC_URI = " \
     file://0002-Remove-suffix-shared-from-shared-library-name.patch \
     file://0001-cmake-remove-build-flags.patch \
     file://0001-CVE-2025-2923.patch \
+    file://0002-CVE-2025-2924.patch \
 "
 SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03"
 

From patchwork Tue Oct 14 23:32:16 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72341
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0728CCCD190
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:08 +0000 (UTC)
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com
 [209.85.216.43])
 by mx.groups.io with SMTP id smtpd.web11.3559.1760484781650121486
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:01 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=XtTFp0mW;
 spf=pass (domain: gmail.com, ip: 209.85.216.43,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f43.google.com with SMTP id
 98e67ed59e1d1-330b0bb4507so5233653a91.3
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484781; x=1761089581;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=iVYTYDiJtg9yXCCu8MvIt5olGPbEAq0roNm56tIgTfk=;
        b=XtTFp0mWp4/ldag3DjIgA2lWe/zUAgiNZt8nPXUJ0/vLMdHg2HzT93JZyZEmK62LrE
         cwXA6ifuZ6yrQt9aatHtdsgE1tqFGyXteFyEnCk4469mn6nNsF3IoUDpb8VmL2tw20s1
         TV07COWlKkcvKlDyKnDs/7byD12geaxhw9Qer2KYiwZhPXIYFcr3o0jWn4xnCqiOhlVa
         FF/wOdiF6zusDHGCSR92HlmpThIntsZdPYNj/z4Iye9UZwBzuSzp/steOqZMQSLYpNZX
         xLJfITvPDxonN0W5VVexQ9qLzbPc/j7D0vy7MNpKVYkf2PQO4UgdPdLsblE6/eyraGcM
         W5LQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484781; x=1761089581;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=iVYTYDiJtg9yXCCu8MvIt5olGPbEAq0roNm56tIgTfk=;
        b=cXhfJ+jAXOTsMuOXEvsYixe1ATQs71toWXp4TjF55f4ykh8JMzO6ZLQffD7pNtLug1
         iiQ2QUsBqXIaogOOR5a03C/fi0TJh1ekPO8R2b43neLfG9hhXMHtKdARMHUDHx31wNY5
         LQR3VRXy1UnXzVRvnM748WqVvCxq+C7yJBb2nltHYP72eB5zu7p9tCOZk37VNQTEN5gn
         RyA3wK3l3M8+oHXgnINpPWx/Z8HGOrCm64SsbdyeOj6fjIcK8/q7Js4ID6uPveiHEdtB
         rH85FZs1L0xMkyQhR6498ThRgwsbJ3/2hHSEpL7wYQsEXL26SCiOm2h4BJp3Qqphmh8E
         A4Eg==
X-Gm-Message-State: AOJu0Yx9qaI7fGRgDWAan2F/6EhGPUwvK+Q3d9+5NLyOvldWu3buk7sg
	iuNeNMEUt5P0OxQlNUZwRwOieffaSa0qXO5/9+LgHw0eBpYi+uCW0pNk9S0cGQ==
X-Gm-Gg: ASbGnctD5zaJed9hzQeNw0k8bnM73VRccre9JsJkujkdmcHwg1txh8F88WmY0b0Gzz4
	Jun+kvFpvcN23VlYJCJGFS2loxddNH9anhgoI59KezAngiu+mvxKDjTlzoK6QXIyoXuLAQJ9joO
	8HplGeqDlgN3yO/dEhaJ88534FOb8FSCQAuqD8Fc87I5qA74wEywPmyvRUfSNoKCCTXIt3Ts/Kx
	/qU6eUJbyhIfglnBq85DDPD7CNkul8XHoDd2h8qdD4AL2i6DQCBqdAq00s7n40Q3COAsk3xe1Jh
	fCsxP+TXeIw1u4/kmaLsf8GUT3YRwyyMtARXAh1O7a2S3JSB/iP4dp+HqUYhwhtqtvK1+u2rhpD
	4yKHZO7IWv5VG4dCgQX4byt1hlCmC0imbYg6wST2uIsn3+ByY5kr6QuQ=
X-Google-Smtp-Source: 
 AGHT+IEaPl5TAobekuypzsabVe/QaakO/ROMUbjgDMz2j+BFvWw6zHO3ZTvwGOlmgJ7PuPFbNWOpnQ==
X-Received: by 2002:a17:90b:3a8a:b0:32e:ddbc:9bd6 with SMTP id
 98e67ed59e1d1-33b5138408emr36408846a91.27.1760484780894;
        Tue, 14 Oct 2025 16:33:00 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.32.58
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:00 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>,
	Gyorgy Sarvari <skandigraun@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 05/18] hdf5: patch CVE-2025-2925
Date: Wed, 15 Oct 2025 12:32:16 +1300
Message-ID: <20251014233233.304125-6-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120664

Details https://nvd.nist.gov/vuln/detail/CVE-2025-2925

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit e7832348a68e4ab18c981b3ddedb6627d989a997)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../hdf5/files/0003-CVE-2025-2925.patch       | 53 +++++++++++++++++++
 meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 meta-oe/recipes-support/hdf5/files/0003-CVE-2025-2925.patch

diff --git a/meta-oe/recipes-support/hdf5/files/0003-CVE-2025-2925.patch b/meta-oe/recipes-support/hdf5/files/0003-CVE-2025-2925.patch
new file mode 100644
index 0000000000..83348190dd
--- /dev/null
+++ b/meta-oe/recipes-support/hdf5/files/0003-CVE-2025-2925.patch
@@ -0,0 +1,53 @@
+From 57a511958842f50cbf07b05262f2fe95e70c141b Mon Sep 17 00:00:00 2001
+From: Glenn Song <43005495+glennsong09@users.noreply.github.com>
+Date: Thu, 9 Oct 2025 14:48:55 -0500
+Subject: [PATCH] CVE-2025-2925
+
+This PR fixes issue #5383, which was occurring due to actual_len + H5C_IMAGE_EXTRA_SPACE being 0. When realloc was called, it freed image, but gets sent to done before new_image can be assigned to image. Because the pointer for image isn't null, it attempts to free it here again, causing the double free to occur. This PR addresses Quincey's concern and fixes the issue while preserving new_image and image.
+
+The bug was first reproduced using the fuzzer and the POC file from #5383. With this change, the double free no longer occurs.
+
+CVE: CVE-2025-2925
+Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/4310c19608455c17a213383d07715efb2918defc]
+
+(cherry picked from commit 4310c19608455c17a213383d07715efb2918defc)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/H5Centry.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/H5Centry.c b/src/H5Centry.c
+index 6883e89..bef93d8 100644
+--- a/src/H5Centry.c
++++ b/src/H5Centry.c
+@@ -1051,9 +1051,14 @@ H5C__load_entry(H5F_t *f,
+          */
+         do {
+             if (actual_len != len) {
++                /* Verify that the length isn't a bad value  */
++                if (len == 0)
++                    HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "len is a bad value");
++
+                 if (NULL == (new_image = H5MM_realloc(image, len + H5C_IMAGE_EXTRA_SPACE)))
+                     HGOTO_ERROR(H5E_CACHE, H5E_CANTALLOC, NULL, "image null after H5MM_realloc()");
+                 image = (uint8_t *)new_image;
++
+ #if H5C_DO_MEMORY_SANITY_CHECKS
+                 H5MM_memcpy(image + len, H5C_IMAGE_SANITY_VALUE, H5C_IMAGE_EXTRA_SPACE);
+ #endif        /* H5C_DO_MEMORY_SANITY_CHECKS */
+@@ -1104,10 +1109,15 @@ H5C__load_entry(H5F_t *f,
+                     if (H5C__verify_len_eoa(f, type, addr, &actual_len, true) < 0)
+                         HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "actual_len exceeds EOA");
+ 
++                    /* Verify that the length isn't 0  */
++                    if (actual_len == 0)
++                        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "actual_len is a bad value");
++
+                     /* Expand buffer to new size */
+                     if (NULL == (new_image = H5MM_realloc(image, actual_len + H5C_IMAGE_EXTRA_SPACE)))
+                         HGOTO_ERROR(H5E_CACHE, H5E_CANTALLOC, NULL, "image null after H5MM_realloc()");
+                     image = (uint8_t *)new_image;
++
+ #if H5C_DO_MEMORY_SANITY_CHECKS
+                     H5MM_memcpy(image + actual_len, H5C_IMAGE_SANITY_VALUE, H5C_IMAGE_EXTRA_SPACE);
+ #endif /* H5C_DO_MEMORY_SANITY_CHECKS */
diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
index 06a375c673..540c8459ea 100644
--- a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
+++ b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
@@ -17,6 +17,7 @@ SRC_URI = " \
     file://0001-cmake-remove-build-flags.patch \
     file://0001-CVE-2025-2923.patch \
     file://0002-CVE-2025-2924.patch \
+    file://0003-CVE-2025-2925.patch \
 "
 SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03"
 

From patchwork Tue Oct 14 23:32:17 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72339
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0CEF4CCD184
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:08 +0000 (UTC)
Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com
 [209.85.216.45])
 by mx.groups.io with SMTP id smtpd.web10.3478.1760484784098548307
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:04 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=V7/2rLAI;
 spf=pass (domain: gmail.com, ip: 209.85.216.45,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f45.google.com with SMTP id
 98e67ed59e1d1-3306b83ebdaso5198925a91.3
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484783; x=1761089583;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=heORXTH2GEooFe3wJyETz4N+CSuea90g1lOti2wc9q0=;
        b=V7/2rLAINCVPb+BRaCksLCbHot0P6c9PYkF7oCMMO3pKfAzQUrInwG4OplC+IM8hTc
         h1zCI+oh3/OnMaDVuDC4rlzv76A3UiRUd1wJXHCzO4K038IWhGOj2cp5URcbeWKfBICN
         U9LqPmiFMnmzaVM5OPQ2gk9S7MitT6YqFsu2igOtMvZOTp9mEd070phkb9bfnjhuOCdE
         5+nNXEsa2a8QN3Uk8rEsqq+lsfEu2yWIkpp3S15T+bhOwqru4JfvzsQiIIc1LbdYTUFm
         quQwf+kNd9f7eXjimSFgH5+fhbqTIofvSnIEGo8ex4jqaRJ8dZx/PrISXTtnGgEw5iKc
         eJ/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484783; x=1761089583;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=heORXTH2GEooFe3wJyETz4N+CSuea90g1lOti2wc9q0=;
        b=jvbFI+xYRCpmnandmS+dZTF6D31heUGEYiMNzym3vD775tzOxs41P/9PA6ZC4gEwZq
         d4igwE97i41mlb1P6M5VfXfBqBsvCb5bg8ltTFALK2dfh2QIFZK/gKV0qWTdbt0DX2mf
         ykNFjpZb9tdkHVIjzSTM1sfLDGYZo9X647OckJgVRxOGV4KWv+X8aYSEm3ueJrVHwl7m
         lITiXgzWkXD+9lTDmQWE1Pvja6XoA77Qp42fckdoxZHBE8srX5xgUXXBTnUFVAIvvrj5
         mxkbv2D5pa/bw9Ta1XYUW6BXlPi47t6omYykO8NNtlCki5LBx1HSVXfFOr/3o4bRjnk0
         evCA==
X-Gm-Message-State: AOJu0YyBxCsKPkRvufZlODpK9R/nLX7JjFLiQZJenMH/0bn+soPk7VkC
	nQPnSgprOH9hSoUfxrDyzH4BBKKWg46F7cDyfNJ419twGs74BUKWAYKOCEIldw==
X-Gm-Gg: ASbGnctdyYtoS+7Qn4E8Vg9J5lRZK4rRwIXhHFshsksHq90UKrIQ3gkST2siZ8BjIDu
	uT3y2zx75Ur9zlXnYgV84M9Mj/mC9Ktw+BUv/y5crdlR+JmPJodW1ARUk/c4EgxG1FRiaUM3VF1
	xRJ/hBenpsdCXLpsiXsJMfSPWlu5KR6COzm/w/ESWvULiGhKVEWJ3NHgqXP9/NOzOJkralFBsiy
	mrvCEd9NKfr7DXwBUCJ/Q4mW3LL4V2+6OsLo6yI2l5nxeUxoSBnmqABrxQVlR32gIuEaAq7fWkB
	TsitNdxBBxP/Zh7dtUGGMkv9hAh2Jz8GSiLp/bK4xGY4L2S1ymBgQRSEYT74FOL4aX22yBjrBe+
	xB2pNz0D1T/fKdNAxPNMVKXNYcR2BLKtM61tiwO2nWwLzbi01rLcH6EY=
X-Google-Smtp-Source: 
 AGHT+IEQg4GX4XLZx2DRurkvtWalglp4qxiFXVCAZdU4FDhe5hJMJwQD622nhgnR1g2aV3lFecQYPw==
X-Received: by 2002:a17:90b:3884:b0:32e:3829:a71c with SMTP id
 98e67ed59e1d1-33b5112974amr38796623a91.16.1760484783202;
        Tue, 14 Oct 2025 16:33:03 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:02 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>,
	Gyorgy Sarvari <skandigraun@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 06/18] hdf5: patch CVE-2025-6269
Date: Wed, 15 Oct 2025 12:32:17 +1300
Message-ID: <20251014233233.304125-7-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120665

Details https://nvd.nist.gov/vuln/detail/CVE-2025-6269

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit beb0dbaf258c94e5f36e052524b5b5627ab4c9cd)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../0004-CVE-2025-6269-OSV-2023-77.patch      | 294 ++++++++++++++++++
 meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb |   1 +
 2 files changed, 295 insertions(+)
 create mode 100644 meta-oe/recipes-support/hdf5/files/0004-CVE-2025-6269-OSV-2023-77.patch

diff --git a/meta-oe/recipes-support/hdf5/files/0004-CVE-2025-6269-OSV-2023-77.patch b/meta-oe/recipes-support/hdf5/files/0004-CVE-2025-6269-OSV-2023-77.patch
new file mode 100644
index 0000000000..4f155559bc
--- /dev/null
+++ b/meta-oe/recipes-support/hdf5/files/0004-CVE-2025-6269-OSV-2023-77.patch
@@ -0,0 +1,294 @@
+From dfbbcfa5e8038813c99bc8bc1aa4926335c11df1 Mon Sep 17 00:00:00 2001
+From: aled-ua <bugbuster.cc@gmail.com>
+Date: Wed, 15 Jan 2025 15:02:25 -0600
+Subject: [PATCH] CVE-2025-6269 OSV-2023-77
+
+The GitHub issue #5579 included several security vulnerabilities in function
+H5C__reconstruct_cache_entry().
+
+This PR addressed them by:
+- adding buffer size argument to the function
+- adding buffer overflow checks
+- adding input validations
+- releasing allocated resource on failure
+
+These changes addressed the crashes reported.  However, there is a skiplist
+crash during the unwinding process that has to be investigated.
+
+CVE: CVE-2025-6269
+Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/7f27ba8c3a8483c3d7e5e2cb21fefb2c7563422d]
+Upstream-Status: Backport [https://github.com/HDFGroup/hdf5/commit/3914bb7f7ec7105d8bfbeb3aebd92e867cff5b70]
+
+(cherry picked from commit 7f27ba8c3a8483c3d7e5e2cb21fefb2c7563422d)
+(cherry picked from commit 3914bb7f7ec7105d8bfbeb3aebd92e867cff5b70)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/H5Cimage.c | 95 ++++++++++++++++++++++++++++++++++++++------------
+ src/H5Ocont.c  |  5 +--
+ 2 files changed, 76 insertions(+), 24 deletions(-)
+
+diff --git a/src/H5Cimage.c b/src/H5Cimage.c
+index ec1af78..b97be22 100644
+--- a/src/H5Cimage.c
++++ b/src/H5Cimage.c
+@@ -118,7 +118,8 @@ do {                                                       \
+ /* Helper routines */
+ static size_t H5C__cache_image_block_entry_header_size(const H5F_t *f);
+ static size_t H5C__cache_image_block_header_size(const H5F_t *f);
+-static herr_t H5C__decode_cache_image_header(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **buf);
++static herr_t H5C__decode_cache_image_header(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **buf,
++                                             size_t buf_size);
+ #ifndef NDEBUG /* only used in assertions */
+ static herr_t H5C__decode_cache_image_entry(const H5F_t *f, const H5C_t *cache_ptr, const uint8_t **buf,
+                                             unsigned entry_num);
+@@ -131,7 +132,8 @@ static void   H5C__prep_for_file_close__compute_fd_heights_real(H5C_cache_entry_
+ static herr_t H5C__prep_for_file_close__setup_image_entries_array(H5C_t *cache_ptr);
+ static herr_t H5C__prep_for_file_close__scan_entries(const H5F_t *f, H5C_t *cache_ptr);
+ static herr_t H5C__reconstruct_cache_contents(H5F_t *f, H5C_t *cache_ptr);
+-static H5C_cache_entry_t *H5C__reconstruct_cache_entry(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **buf);
++static H5C_cache_entry_t *H5C__reconstruct_cache_entry(const H5F_t *f, H5C_t *cache_ptr, hsize_t *buf_size,
++                                                       const uint8_t **buf);
+ static herr_t             H5C__write_cache_image_superblock_msg(H5F_t *f, bool create);
+ static herr_t             H5C__read_cache_image(H5F_t *f, H5C_t *cache_ptr);
+ static herr_t             H5C__write_cache_image(H5F_t *f, const H5C_t *cache_ptr);
+@@ -299,7 +301,7 @@ H5C__construct_cache_image_buffer(H5F_t *f, H5C_t *cache_ptr)
+         /* needed for sanity checks */
+         fake_cache_ptr->image_len = cache_ptr->image_len;
+         q                         = (const uint8_t *)cache_ptr->image_buffer;
+-        status                    = H5C__decode_cache_image_header(f, fake_cache_ptr, &q);
++        status = H5C__decode_cache_image_header(f, fake_cache_ptr, &q, cache_ptr->image_len + 1);
+         assert(status >= 0);
+ 
+         assert(NULL != p);
+@@ -1269,7 +1271,7 @@ H5C__cache_image_block_header_size(const H5F_t *f)
+  *-------------------------------------------------------------------------
+  */
+ static herr_t
+-H5C__decode_cache_image_header(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **buf)
++H5C__decode_cache_image_header(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **buf, size_t buf_size)
+ {
+     uint8_t        version;
+     uint8_t        flags;
+@@ -1289,6 +1291,10 @@ H5C__decode_cache_image_header(const H5F_t *f, H5C_t *cache_ptr, const uint8_t *
+     /* Point to buffer to decode */
+     p = *buf;
+ 
++    /* Ensure buffer has enough data for signature comparison */
++    if (H5_IS_BUFFER_OVERFLOW(p, H5C__MDCI_BLOCK_SIGNATURE_LEN, *buf + buf_size - 1))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, FAIL, "Insufficient buffer size for signature");
++
+     /* Check signature */
+     if (memcmp(p, H5C__MDCI_BLOCK_SIGNATURE, (size_t)H5C__MDCI_BLOCK_SIGNATURE_LEN) != 0)
+         HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, FAIL, "Bad metadata cache image header signature");
+@@ -2372,6 +2378,7 @@ H5C__reconstruct_cache_contents(H5F_t *f, H5C_t *cache_ptr)
+ {
+     H5C_cache_entry_t *pf_entry_ptr;        /* Pointer to prefetched entry */
+     H5C_cache_entry_t *parent_ptr;          /* Pointer to parent of prefetched entry */
++    hsize_t            image_len;           /* Image length */
+     const uint8_t     *p;                   /* Pointer into image buffer */
+     unsigned           u, v;                /* Local index variable */
+     herr_t             ret_value = SUCCEED; /* Return value */
+@@ -2387,10 +2394,11 @@ H5C__reconstruct_cache_contents(H5F_t *f, H5C_t *cache_ptr)
+     assert(cache_ptr->image_len > 0);
+ 
+     /* Decode metadata cache image header */
+-    p = (uint8_t *)cache_ptr->image_buffer;
+-    if (H5C__decode_cache_image_header(f, cache_ptr, &p) < 0)
++    p         = (uint8_t *)cache_ptr->image_buffer;
++    image_len = cache_ptr->image_len;
++    if (H5C__decode_cache_image_header(f, cache_ptr, &p, image_len + 1) < 0)
+         HGOTO_ERROR(H5E_CACHE, H5E_CANTDECODE, FAIL, "cache image header decode failed");
+-    assert((size_t)(p - (uint8_t *)cache_ptr->image_buffer) < cache_ptr->image_len);
++    assert((size_t)(p - (uint8_t *)cache_ptr->image_buffer) < image_len);
+ 
+     /* The image_data_len and # of entries should be defined now */
+     assert(cache_ptr->image_data_len > 0);
+@@ -2402,7 +2410,7 @@ H5C__reconstruct_cache_contents(H5F_t *f, H5C_t *cache_ptr)
+         /* Create the prefetched entry described by the ith
+          * entry in cache_ptr->image_entrise.
+          */
+-        if (NULL == (pf_entry_ptr = H5C__reconstruct_cache_entry(f, cache_ptr, &p)))
++        if (NULL == (pf_entry_ptr = H5C__reconstruct_cache_entry(f, cache_ptr, &image_len, &p)))
+             HGOTO_ERROR(H5E_CACHE, H5E_SYSTEM, FAIL, "reconstruction of cache entry failed");
+ 
+         /* Note that we make no checks on available cache space before
+@@ -2558,19 +2566,21 @@ done:
+  *-------------------------------------------------------------------------
+  */
+ static H5C_cache_entry_t *
+-H5C__reconstruct_cache_entry(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **buf)
++H5C__reconstruct_cache_entry(const H5F_t *f, H5C_t *cache_ptr, hsize_t *buf_size, const uint8_t **buf)
+ {
+     H5C_cache_entry_t *pf_entry_ptr = NULL; /* Reconstructed cache entry */
+     uint8_t            flags        = 0;
+     bool               is_dirty     = false;
++    haddr_t            eoa;
++    bool               is_fd_parent = false;
+ #ifndef NDEBUG /* only used in assertions */
+-    bool in_lru       = false;
+-    bool is_fd_parent = false;
+-    bool is_fd_child  = false;
++    bool in_lru      = false;
++    bool is_fd_child = false;
+ #endif
+-    const uint8_t     *p;
+     bool               file_is_rw;
+-    H5C_cache_entry_t *ret_value = NULL; /* Return value */
++    const uint8_t     *p;
++    const uint8_t     *p_end     = *buf + *buf_size - 1; /* Pointer to last valid byte in buffer */
++    H5C_cache_entry_t *ret_value = NULL;                 /* Return value */
+ 
+     FUNC_ENTER_PACKAGE
+ 
+@@ -2590,9 +2600,15 @@ H5C__reconstruct_cache_entry(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **b
+     p = *buf;
+ 
+     /* Decode type id */
++    if (H5_IS_BUFFER_OVERFLOW(p, 1, p_end))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     pf_entry_ptr->prefetch_type_id = *p++;
++    if (pf_entry_ptr->prefetch_type_id < H5AC_BT_ID || pf_entry_ptr->prefetch_type_id >= H5AC_NTYPES)
++        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "type id is out of valid range");
+ 
+     /* Decode flags */
++    if (H5_IS_BUFFER_OVERFLOW(p, 1, p_end))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     flags = *p++;
+     if (flags & H5C__MDCI_ENTRY_DIRTY_FLAG)
+         is_dirty = true;
+@@ -2620,19 +2636,31 @@ H5C__reconstruct_cache_entry(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **b
+     pf_entry_ptr->is_dirty = (is_dirty && file_is_rw);
+ 
+     /* Decode ring */
++    if (H5_IS_BUFFER_OVERFLOW(p, 1, p_end))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     pf_entry_ptr->ring = *p++;
+-    assert(pf_entry_ptr->ring > (uint8_t)(H5C_RING_UNDEFINED));
+-    assert(pf_entry_ptr->ring < (uint8_t)(H5C_RING_NTYPES));
++    if (pf_entry_ptr->ring >= (uint8_t)(H5C_RING_NTYPES))
++        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "ring is out of valid range");
+ 
+     /* Decode age */
++    if (H5_IS_BUFFER_OVERFLOW(p, 1, p_end))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     pf_entry_ptr->age = *p++;
++    if (pf_entry_ptr->age > H5AC__CACHE_IMAGE__ENTRY_AGEOUT__MAX)
++        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "entry age is out of policy range");
+ 
+     /* Decode dependency child count */
++    if (H5_IS_BUFFER_OVERFLOW(p, 2, p_end))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     UINT16DECODE(p, pf_entry_ptr->fd_child_count);
+-    assert((is_fd_parent && pf_entry_ptr->fd_child_count > 0) ||
+-           (!is_fd_parent && pf_entry_ptr->fd_child_count == 0));
++    if (is_fd_parent && pf_entry_ptr->fd_child_count <= 0)
++        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "parent entry has no children");
++    else if (!is_fd_parent && pf_entry_ptr->fd_child_count != 0)
++        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "non-parent entry has children");
+ 
+     /* Decode dirty dependency child count */
++    if (H5_IS_BUFFER_OVERFLOW(p, 2, p_end))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     UINT16DECODE(p, pf_entry_ptr->fd_dirty_child_count);
+     if (!file_is_rw)
+         pf_entry_ptr->fd_dirty_child_count = 0;
+@@ -2640,20 +2668,32 @@ H5C__reconstruct_cache_entry(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **b
+         HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "invalid dirty flush dependency child count");
+ 
+     /* Decode dependency parent count */
++    if (H5_IS_BUFFER_OVERFLOW(p, 2, p_end))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     UINT16DECODE(p, pf_entry_ptr->fd_parent_count);
+     assert((is_fd_child && pf_entry_ptr->fd_parent_count > 0) ||
+            (!is_fd_child && pf_entry_ptr->fd_parent_count == 0));
+ 
+     /* Decode index in LRU */
++    if (H5_IS_BUFFER_OVERFLOW(p, 4, p_end))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     INT32DECODE(p, pf_entry_ptr->lru_rank);
+     assert((in_lru && pf_entry_ptr->lru_rank >= 0) || (!in_lru && pf_entry_ptr->lru_rank == -1));
+ 
+     /* Decode entry offset */
++    if (H5_IS_BUFFER_OVERFLOW(p, H5F_SIZEOF_ADDR(f), p_end))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     H5F_addr_decode(f, &p, &pf_entry_ptr->addr);
+-    if (!H5_addr_defined(pf_entry_ptr->addr))
+-        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "invalid entry offset");
++
++    /* Validate address range */
++    eoa = H5F_get_eoa(f, H5FD_MEM_DEFAULT);
++    if (!H5_addr_defined(pf_entry_ptr->addr) || H5_addr_overflow(pf_entry_ptr->addr, pf_entry_ptr->size) ||
++        H5_addr_ge(pf_entry_ptr->addr + pf_entry_ptr->size, eoa))
++        HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "invalid entry address range");
+ 
+     /* Decode entry length */
++    if (H5_IS_BUFFER_OVERFLOW(p, H5F_SIZEOF_SIZE(f), p_end))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     H5F_DECODE_LENGTH(f, p, pf_entry_ptr->size);
+     if (pf_entry_ptr->size == 0)
+         HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "invalid entry size");
+@@ -2674,6 +2714,9 @@ H5C__reconstruct_cache_entry(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **b
+                         "memory allocation failed for fd parent addrs buffer");
+ 
+         for (u = 0; u < pf_entry_ptr->fd_parent_count; u++) {
++
++            if (H5_IS_BUFFER_OVERFLOW(p, H5F_SIZEOF_ADDR(f), p_end))
++                HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+             H5F_addr_decode(f, &p, &(pf_entry_ptr->fd_parent_addrs[u]));
+             if (!H5_addr_defined(pf_entry_ptr->fd_parent_addrs[u]))
+                 HGOTO_ERROR(H5E_CACHE, H5E_BADVALUE, NULL, "invalid flush dependency parent offset");
+@@ -2689,6 +2732,8 @@ H5C__reconstruct_cache_entry(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **b
+ #endif /* H5C_DO_MEMORY_SANITY_CHECKS */
+ 
+     /* Copy the entry image from the cache image block */
++    if (H5_IS_BUFFER_OVERFLOW(p, pf_entry_ptr->size, p_end))
++        HGOTO_ERROR(H5E_CACHE, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     H5MM_memcpy(pf_entry_ptr->image_ptr, p, pf_entry_ptr->size);
+     p += pf_entry_ptr->size;
+ 
+@@ -2703,14 +2748,20 @@ H5C__reconstruct_cache_entry(const H5F_t *f, H5C_t *cache_ptr, const uint8_t **b
+     /* Sanity checks */
+     assert(pf_entry_ptr->size > 0 && pf_entry_ptr->size < H5C_MAX_ENTRY_SIZE);
+ 
+-    /* Update buffer pointer */
++    /* Update buffer pointer and buffer len */
++    *buf_size -= (hsize_t)(p - *buf);
+     *buf = p;
+ 
+     ret_value = pf_entry_ptr;
+ 
+ done:
+-    if (NULL == ret_value && pf_entry_ptr)
++    if (NULL == ret_value && pf_entry_ptr) {
++        if (pf_entry_ptr->image_ptr)
++            H5MM_xfree(pf_entry_ptr->image_ptr);
++        if (pf_entry_ptr->fd_parent_count > 0 && pf_entry_ptr->fd_parent_addrs)
++            H5MM_xfree(pf_entry_ptr->fd_parent_addrs);
+         pf_entry_ptr = H5FL_FREE(H5C_cache_entry_t, pf_entry_ptr);
++    }
+ 
+     FUNC_LEAVE_NOAPI(ret_value)
+ } /* H5C__reconstruct_cache_entry() */
+diff --git a/src/H5Ocont.c b/src/H5Ocont.c
+index 621095a..180b115 100644
+--- a/src/H5Ocont.c
++++ b/src/H5Ocont.c
+@@ -93,6 +93,9 @@ H5O__cont_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSE
+         HGOTO_ERROR(H5E_OHDR, H5E_NOSPACE, NULL, "memory allocation failed");
+ 
+     /* Decode */
++
++    cont->chunkno = 0;
++
+     if (H5_IS_BUFFER_OVERFLOW(p, H5F_sizeof_addr(f), p_end))
+         HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     H5F_addr_decode(f, &p, &(cont->addr));
+@@ -101,8 +104,6 @@ H5O__cont_decode(H5F_t *f, H5O_t H5_ATTR_UNUSED *open_oh, unsigned H5_ATTR_UNUSE
+         HGOTO_ERROR(H5E_OHDR, H5E_OVERFLOW, NULL, "ran off end of input buffer while decoding");
+     H5F_DECODE_LENGTH(f, p, cont->size);
+ 
+-    cont->chunkno = 0;
+-
+     /* Set return value */
+     ret_value = cont;
+ 
diff --git a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
index 540c8459ea..6d2d439460 100644
--- a/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
+++ b/meta-oe/recipes-support/hdf5/hdf5_1.14.4-3.bb
@@ -18,6 +18,7 @@ SRC_URI = " \
     file://0001-CVE-2025-2923.patch \
     file://0002-CVE-2025-2924.patch \
     file://0003-CVE-2025-2925.patch \
+    file://0004-CVE-2025-6269-OSV-2023-77.patch \
 "
 SRC_URI[sha256sum] = "019ac451d9e1cf89c0482ba2a06f07a46166caf23f60fea5ef3c37724a318e03"
 

From patchwork Tue Oct 14 23:32:18 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72340
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1494CCCD195
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:08 +0000 (UTC)
Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com
 [209.85.216.46])
 by mx.groups.io with SMTP id smtpd.web11.3565.1760484786416697380
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:06 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=HLmAP9dr;
 spf=pass (domain: gmail.com, ip: 209.85.216.46,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f46.google.com with SMTP id
 98e67ed59e1d1-33082aed31dso6173105a91.3
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484785; x=1761089585;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=UDPOE6a3v42coAe5i+xdegPnrJahUafqdM1RNbGrV6A=;
        b=HLmAP9drTo1mow7vkSliLnc7wxrH7GeME17w0yy682ILwkjVv6XmD6fsCX2MlVVro+
         edfP5qdV5ZjAgY8HjJxlfkR2mfwUrDjW89Al60qWCGCMA/Z6rngIrj2mUZidqYgEJ/r/
         cXFh8gg7tI/d6u9e5bwbSMKPXh/iseq56iko9CH0K/C9O4At+PI1Z5RTsU+fNZVgi107
         /z2k+wS0zP5brunhKcHXE+JjO43W2q0ILtTIr/vHbRkxvPigc8SmX+J62jxi2PkqJfYE
         On9YXDv/yIt392bCmLAbX3CZsC8XNamhZcrEcDZmxlepNrdplxFfgWvuiI/58TkxN9wN
         UJ4A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484785; x=1761089585;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=UDPOE6a3v42coAe5i+xdegPnrJahUafqdM1RNbGrV6A=;
        b=xCAJQBxvruQmMwx4U1eHcmpn0JG37XvSWPtTAV/VmcfJOn4I3VYQr4t621sTNH4qfc
         U9chyHhLDTz25jFq/Bs47hqRsQzpnIqjftKv9cX0CWp80Dui391m6CATqh/Y1/eiBuJV
         gW2IOTp9DxtFlgDquxzUWpr7mMgRpb11MMb6ggT1GsX9FFn9TT3zT3IE4yETDxtXAdtu
         CraYQ28BnhHMKCt/UhlOC5c0Paq0lODnGP15/7GdgOje9akRPY2PzmyxgCFEhoroSWyk
         sLdHttqTEWtbTosVgsuuWB4tXvl+2FFSI5FnvdfiLoKfVn37Y6HDzMflFunKvAw4kFuY
         UD7w==
X-Gm-Message-State: AOJu0Ywwjk/7TKSyPkqm9mJmEhGuuPCQvHd9I8X9A734I07n81D3Nxj/
	FhbGY9XW9gPFKa2rCgHbHSPlxpMl2cpUrHCnyUPBnBwSp8ilMC5kRntvjguOuQ==
X-Gm-Gg: ASbGncvGSRXHUqKcDt2i53xyt2gMO0Eu17v1JgzQPftBhSLfgP+eEEEEAMk48zmSeGK
	KTcNbf/5EVeIS/YflQwMcIpFqFbcG4ERY2no+kURywEUSoI7LJKN2EGJQc3KuEnTcLmq3oEzM8k
	5TizHicXCqRx3XA/te6suzaWk+1hrYOyePm27jQtDE2aTHr2uj74BS11rXJjUqIH6E5yXGRHuyy
	qx3N3RKzkdU5+hhSY6Ll4uEHDYSO52VF9B0wXOFgQqmfFld51/gHpFExVU+Hfq8cjoHebNPnCLP
	MSoVOE7D9n4tBt0BOdZEklExRHX0VlsOl2kFKDUfg1liW23NYPxOeO1T2/CPk9cYGmTL4dn59gd
	lp+3Aucsv1ETLLrDxA2VX2d53cpj5uQeMHL0GRbq1EISpVd1a+6YlR/4WMg3H6yPcvg==
X-Google-Smtp-Source: 
 AGHT+IE/HSAA8booncUtHyErtyQyZy1e5hyqn6Tl9hPpwWh4B3vvIkq9eI3gT97uNMlFLjaNelqX2g==
X-Received: by 2002:a17:90b:1642:b0:330:6d5e:f17e with SMTP id
 98e67ed59e1d1-33b51375807mr36488304a91.24.1760484785527;
        Tue, 14 Oct 2025 16:33:05 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:05 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>,
	Gyorgy Sarvari <skandigraun@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 07/18] libcupsfilters: patch
 CVE-2024-47076
Date: Wed, 15 Oct 2025 12:32:18 +1300
Message-ID: <20251014233233.304125-8-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120666

Details https://nvd.nist.gov/vuln/detail/CVE-2024-47076

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 1ef236b6c507ccf280d9a9aa1cbba3a9c2fee5f8)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../libcupsfilters/0001-CVE-2024-47076.patch  | 38 +++++++++++++++++++
 .../cups/libcupsfilters_2.0.0.bb              |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 meta-oe/recipes-printing/cups/libcupsfilters/0001-CVE-2024-47076.patch

diff --git a/meta-oe/recipes-printing/cups/libcupsfilters/0001-CVE-2024-47076.patch b/meta-oe/recipes-printing/cups/libcupsfilters/0001-CVE-2024-47076.patch
new file mode 100644
index 0000000000..5fdf2bd444
--- /dev/null
+++ b/meta-oe/recipes-printing/cups/libcupsfilters/0001-CVE-2024-47076.patch
@@ -0,0 +1,38 @@
+From 5f950f6a52c7453d76fb30dbc8d66bbc1cc682a3 Mon Sep 17 00:00:00 2001
+From: Zdenek Dohnal <zdohnal@redhat.com>
+Date: Thu, 26 Sep 2024 23:09:29 +0200
+Subject: [PATCH] CVE-2024-47076
+
+cfGetPrinterAttributes5(): Validate response attributes before return
+
+The destination can be corrupted or forged, so validate the response
+to strenghten security measures.
+
+CVE: CVE-2024-47076
+Upstream-Status: Backport [https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018]
+
+(cherry picked from commit 95576ec3d20c109332d14672a807353cdc551018)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ cupsfilters/ipp.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/cupsfilters/ipp.c b/cupsfilters/ipp.c
+index a0814ae5..994c8dac 100644
+--- a/cupsfilters/ipp.c
++++ b/cupsfilters/ipp.c
+@@ -452,6 +452,14 @@ cfGetPrinterAttributes5(http_t *http_printer,
+ 	    ippDelete(response2);
+ 	  }
+ 	}
++
++	// Check if the response is valid
++	if (!ippValidateAttributes(response))
++	{
++	  ippDelete(response);
++	  response = NULL;
++	}
++
+ 	if (have_http == 0) httpClose(http_printer);
+ 	if (uri) free(uri);
+ 	return (response);
diff --git a/meta-oe/recipes-printing/cups/libcupsfilters_2.0.0.bb b/meta-oe/recipes-printing/cups/libcupsfilters_2.0.0.bb
index 7f7174d940..827172a6a1 100644
--- a/meta-oe/recipes-printing/cups/libcupsfilters_2.0.0.bb
+++ b/meta-oe/recipes-printing/cups/libcupsfilters_2.0.0.bb
@@ -8,6 +8,7 @@ DEPENDS = "cups fontconfig libexif dbus lcms qpdf poppler libpng jpeg tiff"
 SRC_URI = " \
 	https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \
 	file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \
+	file://0001-CVE-2024-47076.patch \
 "
 SRC_URI[sha256sum] = "542f2bfbc58136a4743c11dc8c86cee03c9aca705612654e36ac34aa0d9aa601"
 

From patchwork Tue Oct 14 23:32:19 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72345
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0BF96CCD184
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:18 +0000 (UTC)
Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com
 [209.85.216.48])
 by mx.groups.io with SMTP id smtpd.web10.3482.1760484788736565343
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:08 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=YmKeMZ2A;
 spf=pass (domain: gmail.com, ip: 209.85.216.48,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f48.google.com with SMTP id
 98e67ed59e1d1-339d7c403b6so5679943a91.2
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484788; x=1761089588;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=u3Ovq84Ww3RnDYl5wDzUuZKqu8/n/AulVB7VtUMuTRc=;
        b=YmKeMZ2AmgR6tde0MboeSUaHSaarSPY0z6B0O5gkkkDd8OeIrwOUOcKCL95HrF0760
         DrdP1/R60JVRInYg1h0Hxl4yn0ryXwErZBAjNbbl1Hbo/o7rrkA5vqtaV4UC6hBcp9wk
         rc8SuoXaZu1tWo9ZGTczuy3RI/6wDXAaXCMOoiI6hDn2e14pPFZZFoJLWDyjmCLKWnKF
         HVUYLWaT+qF9/wjrZyhR3hjgaDuzICM3kHHAmFs/4zEyjkysXH6tzEyJJwID2g93Fxdy
         pU7TDKYe6JIN72yrnqI4MZRByQOavK2YW17NcX20Na5Lv8dwmBUOADco/DfAaORUXAn9
         mTPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484788; x=1761089588;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=u3Ovq84Ww3RnDYl5wDzUuZKqu8/n/AulVB7VtUMuTRc=;
        b=DlJvON8ftyvvxkb0Xdaz2V+bjfPeX+EiBNg0I+S21sbKmLARwSyyh+vngL51a/gHhW
         kaBN+3ONzPb6hMXs1Rty1dDRgmByOUR9WuQBOssjoUpRaNJAqHUuN9RId2BQA/Ovh9Hc
         EFb+TyPHpfxvFPYqi7lh1bOhQ5RLyM+kKr8PUusvWzpPzqgZ88muaG2hD5sqWUkwtMS1
         KSj+22F6U9vPEDiGM+upKy3vJlTSi32mjw9DgXS5iV7PHeEYlqRamTB3/e6ZcdN2ls62
         8LEqIfYTQHZrL+obGNbN5/5L/LUqKgaW/U8Hghsv+QsKEHTGNDTlS731iAZJ9MGeFg50
         F5RA==
X-Gm-Message-State: AOJu0Yx5gwuSaqcPImUMuaOADwpuZXLRDYE7MRGGSoERm+5Ti8CxWZTT
	twwedu1K1i9D2ytW0yBLq3LF1h5WZ65OClnLq5vA451gWDT1nYmO7WLp6+NXZQ==
X-Gm-Gg: ASbGnctc2B6+Z1dc7Elt7CqawPk6SmXrSfa4nlZizf/1xx7tFT1j2LXdamKkKvNkelI
	SJadEffyRDuaHCVdAdysckL0u+Hr+Qmeo95VG957tpHO3w2AaaKFK+mIEC+77hzH2rq08FLLfR5
	moT7fzy/EeO0abzMEifqgDcGXTksIUWceF/1H1QenLLQhq3si0jX5YBaokJLCMgQYAMlxVnVwEt
	xgAi7nS1sIcd21ynMceJTOXem+Fjzk/MgY2TrSCKKa86fB7HXGZHxyiHLER+LGRF1GOFcXOE2ff
	vyUXDVuQrcw7+0ZSKuo2bHgBIApzmV2ivL0RjCAbNfjn8YI9xtF7XJDS1zSU+DFRoT+bqJa8N46
	i1jOrrIsjtuIhiYBxf9BFFd03+FEq3zjvwV4XuOeXgH2hK3hvRCcd7GA3bulwbioFaA==
X-Google-Smtp-Source: 
 AGHT+IHXdhsB5A+3+ZpCQa64xn6WP75MtFqA+3uSsmSsILeBbDjVN/PH/x2PED6CLZbO7CNRN/l9yg==
X-Received: by 2002:a17:90b:33ce:b0:32e:ca03:3ba with SMTP id
 98e67ed59e1d1-33b513b233cmr33879356a91.22.1760484787852;
        Tue, 14 Oct 2025 16:33:07 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.05
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:07 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>,
	Gyorgy Sarvari <skandigraun@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 08/18] libraw: patch
 CVE-2025-43961 CVE-2025-43962
Date: Wed, 15 Oct 2025 12:32:19 +1300
Message-ID: <20251014233233.304125-9-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120667

Details
 - https://nvd.nist.gov/vuln/detail/CVE-2025-43961
 - https://nvd.nist.gov/vuln/detail/CVE-2025-43962

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 337ab48ff821561af4786ee3c111dc6f81236505)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../0001-CVE-2025-43961-CVE-2025-43962.patch  | 108 ++++++++++++++++++
 .../recipes-support/libraw/libraw_0.21.2.bb   |   5 +-
 2 files changed, 112 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-support/libraw/libraw/0001-CVE-2025-43961-CVE-2025-43962.patch

diff --git a/meta-oe/recipes-support/libraw/libraw/0001-CVE-2025-43961-CVE-2025-43962.patch b/meta-oe/recipes-support/libraw/libraw/0001-CVE-2025-43961-CVE-2025-43962.patch
new file mode 100644
index 0000000000..1abd302caf
--- /dev/null
+++ b/meta-oe/recipes-support/libraw/libraw/0001-CVE-2025-43961-CVE-2025-43962.patch
@@ -0,0 +1,108 @@
+From 880829f7ed206c21ce05d5772f0928629c7dd577 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Sat, 1 Feb 2025 15:32:39 +0300
+Subject: [PATCH] CVE-2025-43961 CVE-2025-43962
+
+Prevent out-of-bounds read in fuji 0xf00c tag parser
+
+prevent OOB reads in phase_one_correct
+
+CVE: CVE-2025-43961 CVE-2025-43962
+Upstream-Status: Backport [https://github.com/LibRaw/LibRaw/commit/66fe663e02a4dd610b4e832f5d9af326709336c2]
+
+(cherry picked from commit 66fe663e02a4dd610b4e832f5d9af326709336c2)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/decoders/load_mfbacks.cpp | 18 ++++++++++++++----
+ src/metadata/tiff.cpp         | 28 +++++++++++++++++-----------
+ 2 files changed, 31 insertions(+), 15 deletions(-)
+
+diff --git a/src/decoders/load_mfbacks.cpp b/src/decoders/load_mfbacks.cpp
+index cddc33eb..1a1bdfb3 100644
+--- a/src/decoders/load_mfbacks.cpp
++++ b/src/decoders/load_mfbacks.cpp
+@@ -490,6 +490,9 @@ int LibRaw::phase_one_correct()
+       fseek(ifp, off_412, SEEK_SET);
+       for (i = 0; i < 9; i++)
+         head[i] = get4() & 0x7fff;
++	  unsigned w0 = head[1] * head[3], w1 = head[2] * head[4];
++	  if (w0 > 10240000 || w1 > 10240000)
++		  throw LIBRAW_EXCEPTION_ALLOC;
+       yval[0] = (float *)calloc(head[1] * head[3] + head[2] * head[4], 6);
+       yval[1] = (float *)(yval[0] + head[1] * head[3]);
+       xval[0] = (ushort *)(yval[1] + head[2] * head[4]);
+@@ -514,10 +517,17 @@ int LibRaw::phase_one_correct()
+             for (k = j = 0; j < head[1]; j++)
+               if (num < xval[0][k = head[1] * i + j])
+                 break;
+-            frac = (j == 0 || j == head[1])
+-                       ? 0
+-                       : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
+-            mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
++			if (j == 0 || j == head[1] || k < 1 || k >= w0+w1)
++				frac = 0;
++			else
++			{
++				int xdiv = (xval[0][k] - xval[0][k - 1]);
++				frac = xdiv ? (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]) : 0;
++			}
++			if (k < w0 + w1)
++				mult[i - cip] = yval[0][k > 0 ? k - 1 : 0] * frac + yval[0][k] * (1 - frac);
++			else
++				mult[i - cip] = 0;
+           }
+           i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
+           RAW(row, col) = LIM(i, 0, 65535);
+diff --git a/src/metadata/tiff.cpp b/src/metadata/tiff.cpp
+index c34b8647..af664937 100644
+--- a/src/metadata/tiff.cpp
++++ b/src/metadata/tiff.cpp
+@@ -1032,31 +1032,37 @@ int LibRaw::parse_tiff_ifd(int base)
+               if ((fwb[0] == rafdata[fi]) && (fwb[1] == rafdata[fi + 1]) &&
+                   (fwb[2] == rafdata[fi + 2])) // found Tungsten WB
+               {
+-                if (rafdata[fi - 15] !=
++                if (fi > 14 && rafdata[fi - 15] !=
+                     fwb[0]) // 15 is offset of Tungsten WB from the first
+                             // preset, Fine Weather WB
+                   continue;
+-                for (int wb_ind = 0, ofst = fi - 15; wb_ind < (int)Fuji_wb_list1.size();
+-                     wb_ind++, ofst += 3)
+-                {
+-                  icWBC[Fuji_wb_list1[wb_ind]][1] =
+-                      icWBC[Fuji_wb_list1[wb_ind]][3] = rafdata[ofst];
+-                  icWBC[Fuji_wb_list1[wb_ind]][0] = rafdata[ofst + 1];
+-                  icWBC[Fuji_wb_list1[wb_ind]][2] = rafdata[ofst + 2];
+-                }
++				if (fi >= 15)
++				{
++					for (int wb_ind = 0, ofst = fi - 15; wb_ind < (int)Fuji_wb_list1.size();
++						wb_ind++, ofst += 3)
++					{
++						icWBC[Fuji_wb_list1[wb_ind]][1] =
++							icWBC[Fuji_wb_list1[wb_ind]][3] = rafdata[ofst];
++						icWBC[Fuji_wb_list1[wb_ind]][0] = rafdata[ofst + 1];
++						icWBC[Fuji_wb_list1[wb_ind]][2] = rafdata[ofst + 2];
++					}
++				}
+ 
+                 if (is34)
+                   fi += 24;
+                 fi += 96;
+                 for (fj = fi; fj < (fi + 15); fj += 3) // looking for the end of the WB table
+                 {
++					if (fj > libraw_internal_data.unpacker_data.lenRAFData - 3)
++						break;
+                   if (rafdata[fj] != rafdata[fi])
+                   {
+                     fj -= 93;
+                     if (is34)
+                       fj -= 9;
+-// printf ("wb start in DNG: 0x%04x\n", fj*2-0x4e);
+-                    for (int iCCT = 0, ofst = fj; iCCT < 31;
++//printf ("wb start in DNG: 0x%04x\n", fj*2-0x4e);
++                    for (int iCCT = 0, ofst = fj; iCCT < 31 
++						&& ofst < libraw_internal_data.unpacker_data.lenRAFData - 3;
+                          iCCT++, ofst += 3)
+                     {
+                       icWBCCTC[iCCT][0] = FujiCCT_K[iCCT];
diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
index 4d089f3b79..c6d9acb960 100644
--- a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
@@ -2,7 +2,10 @@ SUMMARY = "raw image decoder"
 LICENSE = "LGPL-2.1-only | CDDL-1.0"
 LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1501ae0aa3c8544e63f08d6f7bf88a6f"
 
-SRC_URI = "git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https"
+SRC_URI = " \
+    git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https \
+    file://0001-CVE-2025-43961-CVE-2025-43962.patch \
+"
 SRCREV = "1ef70158d7fde1ced6aaddb0b9443c32a7121d3d"
 S = "${WORKDIR}/git"
 

From patchwork Tue Oct 14 23:32:20 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72343
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0BFD4CCD190
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:18 +0000 (UTC)
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
 [209.85.216.54])
 by mx.groups.io with SMTP id smtpd.web11.3571.1760484790976159989
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:11 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=KQ595bdg;
 spf=pass (domain: gmail.com, ip: 209.85.216.54,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f54.google.com with SMTP id
 98e67ed59e1d1-3322e63602eso7858608a91.0
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484790; x=1761089590;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=cZEJiuVWMeJJ8+CxKPDlfL4j+5gm619xbbXYX8LZH98=;
        b=KQ595bdgjpQi4zsO8n7kP4zo3Ozb8jFFvhGCAJzYesYvLs9rwQ7Fa2HWVTMYVEFUkb
         SMDuaF5Nh60Qw/KEqeKYAYm6Wr0dfQGoOABltVS0JI5nes4wpM9Vi8IfAMQapPWwLYmP
         O+77goTsvEVP8A95La+Zy4YmaR7o5P7v0/WpSo6Ps+FckfIsH0PLdgJv4+nIyiJJID0B
         0BTWqbf7rG6+WP8BHUUw7IDaElYxtmznCPsY2zxKKLDP/vI9hQNqZFF1WOQXPkNpA0rl
         h0br+zvPbb3Rvlt7obay2l2xNk4MouTS8f3mSokdHvAJWWey/WJEE6dHp8/Fqiidb95f
         Xgnw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484790; x=1761089590;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=cZEJiuVWMeJJ8+CxKPDlfL4j+5gm619xbbXYX8LZH98=;
        b=dgzycREzEaK0qlv7z8ngE6B7HvI1EcWnfCjWoU/GLKPQ0m/Mi3XuNir0PDy4UqL8B+
         BT0wu3tiPP7IQ+Wa4S3HUz1mKUNaKQghZlUpy9DOS7+ec8U0U0YaPrsAFs6OepgyGjk5
         eNyBNI0Nsldz6L5fuFjijI+IGDwCKXupI9L9vT1TBSHUgwYqUb1SS8uKICxPIQkB2K+j
         oy7ILhXyMkQiTHmLqbbPdawqM1nq0YY05HV2b5TSPwtoMODCj8IbW0vA8c4IQ8skgMek
         2jqaMWXm1ouGuQ37bJS2ZM3VPkRMc35NFIWAoNzu6wlf6JFo1c/qex80r84c3WiINnQO
         U6AQ==
X-Gm-Message-State: AOJu0Yzyi1QVo9RArNCG5z23s/banSckbS6OSHS5ihYFALNPaifj+u5N
	k3lKbmK6Ep3fYhzfKqLMctp03kjXTSMxjsc8ssLkmHRbMyIiLoDxoZNhcOoUlA==
X-Gm-Gg: ASbGncsPsi3xdUFl4Gs9crcDhfFUuDKP9UJ8g3f0PBFXfjnTPkhdg63aX+YgshpFkL7
	B5+/tAlroCV3vZez5ybYnY+8OZR+Hyh5wsDAvyBA1FaosAwUNHJ5gx/o0N8H/l3h+Mwa65aquHE
	i9aRxNoF47ZbdrEuAimQbRFgztXDwizItbSaFP5BTgKoJvT6mymcTMx8yUbI3nwdxErdTUBjfXy
	z6dAnDKIRo6eynTp54sMjxaYqte4hFK3Ey9kvZjJyUPGO6U19ygGRkEUU7hLBOjsucoGuW3X61z
	2CGP8wjfIe/q1igm0j+JaBLGALRUXnddmO9AzIg3CNtuSn7JeiFO2ZOUH2UTD5ZsvpxFyq5exJ0
	XVhm2X8yKA5BVRwLf3FeSGgB6CTuJ7lnWXJH61DHEgJ9u4JF6PZ8aDCKwwDnhL8nFjg==
X-Google-Smtp-Source: 
 AGHT+IEuKuRBydijLORj7lrpulSui3ZGSuSKzAgHogPkt/xQ/3RXqyhd2Ruaage9rm6SnT5qTKEWbQ==
X-Received: by 2002:a17:90b:4d08:b0:330:793a:4240 with SMTP id
 98e67ed59e1d1-33b513ced41mr34845731a91.31.1760484790184;
        Tue, 14 Oct 2025 16:33:10 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.08
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:09 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>,
	Gyorgy Sarvari <skandigraun@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 09/18] libraw: patch
 CVE-2025-43963
Date: Wed, 15 Oct 2025 12:32:20 +1300
Message-ID: <20251014233233.304125-10-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120668

Details https://nvd.nist.gov/vuln/detail/CVE-2025-43963

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 287ed36b866adf46b0ec6245947da64531a98fa2)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../libraw/libraw/0002-CVE-2025-43963.patch   | 40 +++++++++++++++++++
 .../recipes-support/libraw/libraw_0.21.2.bb   |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 meta-oe/recipes-support/libraw/libraw/0002-CVE-2025-43963.patch

diff --git a/meta-oe/recipes-support/libraw/libraw/0002-CVE-2025-43963.patch b/meta-oe/recipes-support/libraw/libraw/0002-CVE-2025-43963.patch
new file mode 100644
index 0000000000..d571164781
--- /dev/null
+++ b/meta-oe/recipes-support/libraw/libraw/0002-CVE-2025-43963.patch
@@ -0,0 +1,40 @@
+From 975393c804bc321fd4bc709c3c221733dac2d80a Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Thu, 6 Feb 2025 21:01:58 +0300
+Subject: [PATCH] CVE-2025-43963
+
+check split_col/split_row values in phase_one_correct
+
+CVE: CVE-2025-43963
+Upstream-Status: Backport [https://github.com/LibRaw/LibRaw/commit/be26e7639ecf8beb55f124ce780e99842de2e964]
+
+(cherry picked from commit be26e7639ecf8beb55f124ce780e99842de2e964)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/decoders/load_mfbacks.cpp | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/decoders/load_mfbacks.cpp b/src/decoders/load_mfbacks.cpp
+index 1a1bdfb3..f89aecce 100644
+--- a/src/decoders/load_mfbacks.cpp
++++ b/src/decoders/load_mfbacks.cpp
+@@ -348,7 +348,8 @@ int LibRaw::phase_one_correct()
+           off_412 = ftell(ifp) - 38;
+         }
+       }
+-      else if (tag == 0x041f && !qlin_applied)
++      else if (tag == 0x041f && !qlin_applied && ph1.split_col > 0 && ph1.split_col < raw_width
++		&& ph1.split_row > 0 && ph1.split_row < raw_height)
+       { /* Quadrant linearization */
+         ushort lc[2][2][16], ref[16];
+         int qr, qc;
+@@ -432,7 +433,8 @@ int LibRaw::phase_one_correct()
+         }
+         qmult_applied = 1;
+       }
+-      else if (tag == 0x0431 && !qmult_applied)
++      else if (tag == 0x0431 && !qmult_applied && ph1.split_col > 0 && ph1.split_col < raw_width 
++		&& ph1.split_row > 0 && ph1.split_row < raw_height)
+       { /* Quadrant combined - four tile gain calibration */
+         ushort lc[2][2][7], ref[7];
+         int qr, qc;
diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
index c6d9acb960..d4750630e0 100644
--- a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
@@ -5,6 +5,7 @@ LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=1501ae0aa3c8544e63f08d6f7bf88a6f"
 SRC_URI = " \
     git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https \
     file://0001-CVE-2025-43961-CVE-2025-43962.patch \
+    file://0002-CVE-2025-43963.patch \
 "
 SRCREV = "1ef70158d7fde1ced6aaddb0b9443c32a7121d3d"
 S = "${WORKDIR}/git"

From patchwork Tue Oct 14 23:32:21 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72342
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 13214CCD195
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:18 +0000 (UTC)
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
 [209.85.216.54])
 by mx.groups.io with SMTP id smtpd.web11.3573.1760484793312660016
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:13 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=EJ2rpV/i;
 spf=pass (domain: gmail.com, ip: 209.85.216.54,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f54.google.com with SMTP id
 98e67ed59e1d1-3306d3ab2e4so6022794a91.3
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484792; x=1761089592;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=tzPRJ6DC/7o9gjhWlOYLJQKHHxkCY7yOiX6X4wOJykk=;
        b=EJ2rpV/iFORs+TfHG9gR2joDggSQhx6+z3KjMLKjoepqa1ROIZDampjfm5/y0JCAex
         EaPfgTUfjrHS+LTiEOtfrF8GAHh89EoXc7zKRPDWGr1hKsd5emBuB51xlAi24dct8Vvq
         EAkw5Mfvez6qmhYPIlUINme8HxeI1vTEAR9MekK324iNk+baM+AwGlqNtUL8UmuLWdmT
         Qty3fKsfY6In+UcQAHP0UPFNDVx2q+MN4h2ZyNbm9Cb9VKyT/jNX0LPrJzt5S4hBebD4
         YhX07oAXknB5RJ9tJ37qGco42NTtLk9vGeOQuYQb4DH1p7DEFKktfqWCB9IAbAezXRtY
         5zvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484792; x=1761089592;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=tzPRJ6DC/7o9gjhWlOYLJQKHHxkCY7yOiX6X4wOJykk=;
        b=r9xjUNUtda95hJ+GQHNAj497RSmjIqTquQErcJc97c01kBCqs8c4tE9LElpKxCqMA5
         vZEI8we1cfUhmdst+dMbMpMHG0zWCfHJ78BNkw5MNGhFmwWrj3qtV4OWYj1jAytM1fXM
         zro2rEsbjFqXaGIG72xC1Ies4BMJwm5GfhhFc62vYyqRPzTkhKa5Scz2prG1cMQhsUi2
         KZWfg66Z+HzuPhfPQX2UzrmhPc+yRc/wteUfZXU6sxSExNNPoCR5sSdRa/G5OuwR1DbT
         ob/sRqVDGKgfPmEVFUZu+sAvokIQq6SSci3nx1QTw8RwmcnBBoHDQQLVjIfZ5e5VgDTu
         lwFQ==
X-Gm-Message-State: AOJu0YwZih6kurj70hHJ36QYigYUCaVZPhaBErk34bzoeALYnBAC9EkZ
	knT19nFsRixLm6usULFPC8bznfHjjoXvL/8cc7CT3OaX32IfTxMG1mNg+oohhg==
X-Gm-Gg: ASbGncvA4As80DdD0hvgeQd7+00pbFmuMcghtsK745Q4UVbUnunUkAgoBAlcW/1RC/4
	WD+MQpgvRnD0Qz70oOAXKrfWXL6nh7QE6ImJMXn4Bftn4hsEGtRXF059BD2KHINfXp/82aZvS4I
	VssapRsc9Kgy7qjCp71Gb2R9qAYqvpTKrfalo1QJe+wAmzDNrhCLkY1miY6nzJu/3JCnXrwI+1y
	0DNcuEGCJ3nUf4ZKrrfdkx0xmF8mok/tbfSpT4keSqiq5jX1cfWnvKHyObp0kKnB0Wiqco+/9Zb
	r07WCJskgKmdgnCILBjkRNhMRlfO+baWwA+7geLsjuiEcWiHVydSK1GB+9PLMkYLVTh+zzgMZse
	L6mAW9if6BJvGCX4N1qDjbdnocdOd0VeFXbpXBMFzBRawt6JkF2X8d5WuyDq3VmM6EQ==
X-Google-Smtp-Source: 
 AGHT+IEb4MBqjO6DxKSsvaWkSt1DWqE62vwCR6lmsMnPbL76X45yHHh7iXXfEzdmSNXqW/9tnAgv7w==
X-Received: by 2002:a17:90b:4a52:b0:330:84dc:d11b with SMTP id
 98e67ed59e1d1-33b5138e273mr34402112a91.18.1760484792479;
        Tue, 14 Oct 2025 16:33:12 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.10
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:12 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>,
	Gyorgy Sarvari <skandigraun@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 10/18] libraw: patch
 CVE-2025-43964
Date: Wed, 15 Oct 2025 12:32:21 +1300
Message-ID: <20251014233233.304125-11-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120669

Details https://nvd.nist.gov/vuln/detail/CVE-2025-43964

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 95f680e0df1844b259cb07d6668bf381439f784f)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../libraw/libraw/0003-CVE-2025-43964.patch   | 29 +++++++++++++++++++
 .../recipes-support/libraw/libraw_0.21.2.bb   |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta-oe/recipes-support/libraw/libraw/0003-CVE-2025-43964.patch

diff --git a/meta-oe/recipes-support/libraw/libraw/0003-CVE-2025-43964.patch b/meta-oe/recipes-support/libraw/libraw/0003-CVE-2025-43964.patch
new file mode 100644
index 0000000000..d7d7664da3
--- /dev/null
+++ b/meta-oe/recipes-support/libraw/libraw/0003-CVE-2025-43964.patch
@@ -0,0 +1,29 @@
+From 0ecd9906f70114a974809bb35b4ec9fe7fed9011 Mon Sep 17 00:00:00 2001
+From: Alex Tutubalin <lexa@lexa.ru>
+Date: Sun, 2 Mar 2025 11:35:43 +0300
+Subject: [PATCH] CVE-2025-43964
+
+additional checks in PhaseOne correction tag 0x412 processing
+
+CVE: CVE-2025-43964
+Upstream-Status: Backport [https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0]
+
+(cherry picked from commit a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/decoders/load_mfbacks.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/decoders/load_mfbacks.cpp b/src/decoders/load_mfbacks.cpp
+index f89aecce..95015d27 100644
+--- a/src/decoders/load_mfbacks.cpp
++++ b/src/decoders/load_mfbacks.cpp
+@@ -495,6 +495,8 @@ int LibRaw::phase_one_correct()
+ 	  unsigned w0 = head[1] * head[3], w1 = head[2] * head[4];
+ 	  if (w0 > 10240000 || w1 > 10240000)
+ 		  throw LIBRAW_EXCEPTION_ALLOC;
++	  if (w0 < 1 || w1 < 1)
++		  throw LIBRAW_EXCEPTION_IO_CORRUPT;
+       yval[0] = (float *)calloc(head[1] * head[3] + head[2] * head[4], 6);
+       yval[1] = (float *)(yval[0] + head[1] * head[3]);
+       xval[0] = (ushort *)(yval[1] + head[2] * head[4]);
diff --git a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
index d4750630e0..1303c0e8ac 100644
--- a/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.21.2.bb
@@ -6,6 +6,7 @@ SRC_URI = " \
     git://github.com/LibRaw/LibRaw.git;branch=0.21-stable;protocol=https \
     file://0001-CVE-2025-43961-CVE-2025-43962.patch \
     file://0002-CVE-2025-43963.patch \
+    file://0003-CVE-2025-43964.patch \
 "
 SRCREV = "1ef70158d7fde1ced6aaddb0b9443c32a7121d3d"
 S = "${WORKDIR}/git"

From patchwork Tue Oct 14 23:32:22 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72344
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 18077CCD196
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:18 +0000 (UTC)
Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com
 [209.85.216.50])
 by mx.groups.io with SMTP id smtpd.web11.3576.1760484795608929192
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:15 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=SaSzyop9;
 spf=pass (domain: gmail.com, ip: 209.85.216.50,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f50.google.com with SMTP id
 98e67ed59e1d1-3369dcfef12so6651394a91.2
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484795; x=1761089595;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=CI1rn/ZUvgVNkGCXi9630AQ9Xsj3nH6f8JtWqRRoiKY=;
        b=SaSzyop96n9lf1ZsYdVSPRjIMS1Dh7CD0GtmoI4mit4xj5OaiSf4oONmWIwr0R/Pa1
         sQKxNiBAD/V65akVpYxhqZyiu8b9xzZtKB2qAQPCaxD+HnD7ucfc/ojMzjv6KUwXuiij
         JUgRZiUxNVHC//ZMCzmvolw0lrtNDwnTn2sEJEaF7Rj0mRs/l03ywdo1YQhJGLdltrdb
         vvjale2lBTspxsQlueDi1rM1A/G/BRZOYZQa/Emk/rdakXGrRLGieIVuxJovtXVyFMCg
         eJMjUfnaVSQZIyS9DhX6Q98bQmt7ZrpqX7QYkvI8RGCZegkxpYBwFfUZhZTspzHBJqIx
         7exQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484795; x=1761089595;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=CI1rn/ZUvgVNkGCXi9630AQ9Xsj3nH6f8JtWqRRoiKY=;
        b=Ki4H+ArwsSDM2sa5tKAWxIWqCAqEKXWQ42s0QGaHZDMZJ5o8jN5Bn3tDMgYbG7HKKr
         RgGKkE3pyCWThb9SPG6IZy86bKM6+on83JkPd0NX/Yw+I5AxsZqsF2KIAKa9gTQX67gb
         8YIo04nm9zS+/zCrP0WowlGlDiOWJxWVcRv73W0DJnyobTtcYCft+AntZw7SozSuuR1u
         KGtCgAkIbThKZkJB7NKBq7juxX7N+BGPXKQ6gexmvBHUJLhuId7aWfhuEnGF40cih4ZE
         VLH1n4A6RuU/Eq92NOt5BWTDr4WH2dA9I3u9WmLr2zUBMpmTzw1RwZuaCecfVmb86Loi
         Gg3w==
X-Gm-Message-State: AOJu0YyYI7PiExXVIYtwJMW0mXcKM8IS4k9BYe2ii6GScPe+bNIN62DA
	X1dGsiXUhlpLCw4PUCVBnyG0sWZNCdlBZTmQoQ0OAuoW8Sr3Pt/Zgf+fWaKm/g==
X-Gm-Gg: ASbGncsN2r28TfXhoehK7Jj8qnM6GEjOHoKCVoQ/s4828t+7JEiA0VJ3zrYu0VhGJc4
	MLtZt05/Tr67iY+QKSiqn7Qy73IB93CS5Zb4/hOXtZQLx9gtPWsGJTeIQwwfkze4atHa7NHY9KN
	AjNH9FG26TB5tLPLgJ6n+0CPW2HKuh/HayOz7Og7PZOIK3wnPrm7Plzcq+VBgE1w4BcUWd+C4Fq
	SA2rlwqYRgDufOQQRhXZRmwOibcGXjcFLcJ629xET01fS1rvZArc3HnhQIjIrvt/B5VsOGa3pFV
	Trj210S3JO4tEoIVRJpWLPX3j1VKLM7Ia7HAMT2aSUgNfVp4QlPncSGW9nzotLjK6f4fOTd3zc2
	NCVqFwzI11cYfBY5sApig6fzQaCnGVJBK0x8wdBbVbogrrY7ngpo3v04=
X-Google-Smtp-Source: 
 AGHT+IFSRimUceZXmxQFh9SPhjWhjxnm/ToOWLDi8zGeWnURqBq3/+tZYqOxW/TPmSkiZaAK7W7PCw==
X-Received: by 2002:a17:90b:4a52:b0:332:84c1:31de with SMTP id
 98e67ed59e1d1-33b513ced6emr33349667a91.25.1760484794809;
        Tue, 14 Oct 2025 16:33:14 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.12
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:14 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>,
	Gyorgy Sarvari <skandigraun@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 11/18] zlog: fix CVE-2024-22857
Date: Wed, 15 Oct 2025 12:32:22 +1300
Message-ID: <20251014233233.304125-12-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:18 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120670

Backport a fix from upstream
https://github.com/HardySimpson/zlog/commit/c47f781a9f1e9604f5201e27d046d925d0d48ac4

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit dead2a0070f640d782f64a1ed45b0aa539a131c6)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 ...E-2024-22857-buffer-overflow-patched.patch | 31 +++++++++++++++++++
 meta-oe/recipes-extended/zlog/zlog_1.2.16.bb  |  4 ++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-extended/zlog/zlog/0001-CVE-2024-22857-buffer-overflow-patched.patch

diff --git a/meta-oe/recipes-extended/zlog/zlog/0001-CVE-2024-22857-buffer-overflow-patched.patch b/meta-oe/recipes-extended/zlog/zlog/0001-CVE-2024-22857-buffer-overflow-patched.patch
new file mode 100644
index 0000000000..1f11b07216
--- /dev/null
+++ b/meta-oe/recipes-extended/zlog/zlog/0001-CVE-2024-22857-buffer-overflow-patched.patch
@@ -0,0 +1,31 @@
+From bffbd94a0807efbab0f449b13d622d3cffa224a4 Mon Sep 17 00:00:00 2001
+From: Ali Raza <elirazamumtaz@gmail.com>
+Date: Thu, 29 Feb 2024 11:36:25 +0500
+Subject: [PATCH] CVE-2024-22857: buffer overflow patched
+
+CVE: CVE-2024-22857
+Upstream-Status: Backport [https://github.com/HardySimpson/zlog/commit/c47f781a9f1e9604f5201e27d046d925d0d48ac4]
+
+(cherry picked from commit c47f781a9f1e9604f5201e27d046d925d0d48ac4)
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/rule.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/rule.c b/src/rule.c
+index ae3d74f..38d3fdc 100644
+--- a/src/rule.c
++++ b/src/rule.c
+@@ -866,8 +866,10 @@ zlog_rule_t *zlog_rule_new(char *line,
+ 		}
+ 		break;
+ 	case '$' :
+-		sscanf(file_path + 1, "%s", a_rule->record_name);
+-			
++		// read only MAXLEN_PATH characters from the file_path + 1
++		strncpy(a_rule->record_name, file_path + 1, MAXLEN_PATH);
++		a_rule->record_name[MAXLEN_PATH] = '\0';
++		
+ 		if (file_limit) {  /* record path exists */
+ 			p = strchr(file_limit, '"');
+ 			if (!p) {
diff --git a/meta-oe/recipes-extended/zlog/zlog_1.2.16.bb b/meta-oe/recipes-extended/zlog/zlog_1.2.16.bb
index b75802f09f..86a465d285 100644
--- a/meta-oe/recipes-extended/zlog/zlog_1.2.16.bb
+++ b/meta-oe/recipes-extended/zlog/zlog_1.2.16.bb
@@ -4,7 +4,9 @@ LICENSE = "LGPL-2.1-only"
 LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c"
 
 SRCREV = "dc2c284664757fce6ef8f96f8b3ab667a53ef489"
-SRC_URI = "git://github.com/HardySimpson/zlog;branch=master;protocol=https"
+SRC_URI = "git://github.com/HardySimpson/zlog;branch=master;protocol=https \
+           file://0001-CVE-2024-22857-buffer-overflow-patched.patch \
+           "
 
 S = "${WORKDIR}/git"
 

From patchwork Tue Oct 14 23:32:23 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72347
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 14983CCD184
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:28 +0000 (UTC)
Received: from mail-pj1-f54.google.com (mail-pj1-f54.google.com
 [209.85.216.54])
 by mx.groups.io with SMTP id smtpd.web10.3487.1760484797978084596
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:18 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=Gt/eRVha;
 spf=pass (domain: gmail.com, ip: 209.85.216.54,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f54.google.com with SMTP id
 98e67ed59e1d1-339d53f4960so6179649a91.3
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484797; x=1761089597;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=EPc7iKlstsvTVWGdFgSMKhJkV6O2egiIM4zYzISJyTY=;
        b=Gt/eRVha4SIw/dlxN2PdCMh4jV4KSFGTsR2odeJWBLloW4QpLUy5AFvMkLKjbo/5zb
         G3+JUu1xbAAxmE+Mbhic0RN7JyHokrNon9JgTs1o2No9g9Ype4RAzbykmqojJxQODAOu
         nVYSdlri6aJpMyQq29zuMH87vJguaJLAT+vF71Qq0T4HlT2i2BJ5azVUa09cQt2hwo2W
         E58XOiKt00CZlc199YrA3zsaY/w7YDUjAFLWXxDYnmDm5T/25PZu88vvvb81o4OSlxFW
         XvO8VTlz1NB+dwxlUL/6ph/1XhZddxElfs3FozeDyj9w7VykBB6eQ4qnzYndj3Kee85G
         sYZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484797; x=1761089597;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=EPc7iKlstsvTVWGdFgSMKhJkV6O2egiIM4zYzISJyTY=;
        b=iRzYBujPtyzsdUYEmRgIVWzuU1yKnNQJGq4/yX5U0EMsIixADzejH7bn0sRMzzDpms
         dSkXSleW0+740xykjVTfygKsGKucWqwMVUtv/vV/awvl8tKKQdvSyITAbRJriiwGB1RJ
         g3HkZ6PWP05plx8Fyra7c0ptaNZPC0SYDerz98eJOiohx5ZLvrW5E41GgEBfT6SUQJ5i
         25IIvKoXTWnFJqvvmGtv5QiU3Jh02KE+sgb6upZnaCEIB/ImRknRjCU0+R9XJvBOQlEe
         MUGZFkVNd8Rgmpfbc1Ka2Qka6Ldj48h3iMGRAKPpgqPTsDXh2MZlAB6tm+s+2ajJecJb
         podA==
X-Gm-Message-State: AOJu0YymrzrWuBVFNbGrliTgBXczgT04sLDAbm8jeGmobH2Cm0PCYrPG
	YEtY6iy0eT4bmIufp43CI5LuobTe/E3fXvW3KwnkcG0uR2yD8SxfYgVL87FU4Q==
X-Gm-Gg: ASbGncs9Cl6rwqgk+iRR2ViytBsOXBGNkEN5Bbj4JuW57uCqMQqXI6Y+daGfoVPYqne
	GbapTGpGEbqfDMoZDW9EVXGqzfplxxI/ptxleytipbAIi6/wa3O7yfOORfx9G11o0nbekj0AKxn
	mChEOdeKpthd0nuWp6CXfR3hyL7sf3CwfbZdyd4ovrdr4oGTI4dw5HoyWz12GAFuAM9IpukNURY
	LbipldJNciEusAx87JXO3Ok7gGhkxI18Smu5Wgp+4+Z1x/HLMcM2L2KuCfxbtp3uSe94jZ5PBDO
	NJYhm8tJkBAc9BABGgdpQHyu/jZ0ivWPvjAAll0iVpz+Xif7DOK2ec5Ia1ZSd+jRSjimEW4OTe+
	+FqHJQv9TrlK3TafRpXkeE5/iQJRKWOSyfefJwQ0AilwabR55cvyhgB8=
X-Google-Smtp-Source: 
 AGHT+IEWC1oKficZ+bT5xidjv9+VBiY8XL2Lvs2FhRXQLWfOOkOOzlWCAce4c9pQGCvZXNkGWR3vLg==
X-Received: by 2002:a17:90b:38ce:b0:32e:96b1:fb6e with SMTP id
 98e67ed59e1d1-33b513b4ca7mr33876031a91.18.1760484797115;
        Tue, 14 Oct 2025 16:33:17 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.15
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:16 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Gyorgy Sarvari <skandigraun@gmail.com>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 12/18] exiv2: patch
 CVE-2025-26623
Date: Wed, 15 Oct 2025 12:32:23 +1300
Message-ID: <20251014233233.304125-13-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120671

From: Gyorgy Sarvari <skandigraun@gmail.com>

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26623

Apply the first to PRs from the relevant issue.

(The second PR adds a test, and the 3rd PR tries to reimplement
correctly the feature that introduced the vulnerability:
it is switching some raw pointers to smart pointers. It was not picked
because the
1. In the original issue it is stated that the first PR itself
   fixes the vulnerability
2. The patch doesn't apply clean due to the time gap between our
   and their version
3. The behavior of the application does not change
)

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 7907a3e206fb049e609996df8d09141bfb291fcd)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../0001-Revert-fix-copy-constructors.patch   | 82 +++++++++++++++++++
 meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb |  4 +-
 2 files changed, 85 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/0001-Revert-fix-copy-constructors.patch

diff --git a/meta-oe/recipes-support/exiv2/exiv2/0001-Revert-fix-copy-constructors.patch b/meta-oe/recipes-support/exiv2/exiv2/0001-Revert-fix-copy-constructors.patch
new file mode 100644
index 0000000000..b3074e2823
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/0001-Revert-fix-copy-constructors.patch
@@ -0,0 +1,82 @@
+From f338465efb49166c543dcc2fc52810370ea90475 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Mon, 17 Feb 2025 16:34:40 -0800
+Subject: [PATCH] Revert "fix copy constructors"
+
+This reverts commit afb2d998fe62f7e829e93e62506bf9968117c9c5.
+
+This commit is wrong and ends up resulting in use after frees because of
+C pointers. The proper solution is shared_ptr instead of C pointers but
+that's a lot more involved than reverting this.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+
+CVE: CVE-2025-26623
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/3174/commits/638ff11ce7480000974b5c619eafcb8618e3b586]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/tiffcomposite_int.cpp | 19 +++++++++++++++++++
+ src/tiffcomposite_int.hpp |  6 +++---
+ 2 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/src/tiffcomposite_int.cpp b/src/tiffcomposite_int.cpp
+index 95ce450c7..3e6e93d5c 100644
+--- a/src/tiffcomposite_int.cpp
++++ b/src/tiffcomposite_int.cpp
+@@ -127,6 +127,25 @@ TiffEntryBase::TiffEntryBase(const TiffEntryBase& rhs) :
+     storage_(rhs.storage_) {
+ }
+ 
++TiffDirectory::TiffDirectory(const TiffDirectory& rhs) : TiffComponent(rhs), hasNext_(rhs.hasNext_) {
++}
++
++TiffSubIfd::TiffSubIfd(const TiffSubIfd& rhs) : TiffEntryBase(rhs), newGroup_(rhs.newGroup_) {
++}
++
++TiffBinaryArray::TiffBinaryArray(const TiffBinaryArray& rhs) :
++    TiffEntryBase(rhs),
++    cfgSelFct_(rhs.cfgSelFct_),
++    arraySet_(rhs.arraySet_),
++    arrayCfg_(rhs.arrayCfg_),
++    arrayDef_(rhs.arrayDef_),
++    defSize_(rhs.defSize_),
++    setSize_(rhs.setSize_),
++    origData_(rhs.origData_),
++    origSize_(rhs.origSize_),
++    pRoot_(rhs.pRoot_) {
++}
++
+ TiffComponent::UniquePtr TiffComponent::clone() const {
+   return UniquePtr(doClone());
+ }
+diff --git a/src/tiffcomposite_int.hpp b/src/tiffcomposite_int.hpp
+index 4506a4dca..307e0bd9e 100644
+--- a/src/tiffcomposite_int.hpp
++++ b/src/tiffcomposite_int.hpp
+@@ -851,7 +851,7 @@ class TiffDirectory : public TiffComponent {
+   //! @name Protected Creators
+   //@{
+   //! Copy constructor (used to implement clone()).
+-  TiffDirectory(const TiffDirectory&) = default;
++  TiffDirectory(const TiffDirectory& rhs);
+   //@}
+ 
+   //! @name Protected Manipulators
+@@ -944,7 +944,7 @@ class TiffSubIfd : public TiffEntryBase {
+   //! @name Protected Creators
+   //@{
+   //! Copy constructor (used to implement clone()).
+-  TiffSubIfd(const TiffSubIfd&) = default;
++  TiffSubIfd(const TiffSubIfd& rhs);
+   TiffSubIfd& operator=(const TiffSubIfd&) = delete;
+   //@}
+ 
+@@ -1346,7 +1346,7 @@ class TiffBinaryArray : public TiffEntryBase {
+   //! @name Protected Creators
+   //@{
+   //! Copy constructor (used to implement clone()).
+-  TiffBinaryArray(const TiffBinaryArray&) = default;
++  TiffBinaryArray(const TiffBinaryArray& rhs);
+   //@}
+ 
+   //! @name Protected Manipulators
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
index 3e33ab7953..81e9954c1d 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
@@ -4,7 +4,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=625f055f41728f84a8d7938acc35bdc2"
 
 DEPENDS = "zlib expat brotli libinih"
 
-SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x"
+SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x \
+           file://0001-Revert-fix-copy-constructors.patch \
+           "
 SRCREV = "a6a79ef064f131ffd03c110acce2d3edb84ffa2e"
 S = "${WORKDIR}/git"
 

From patchwork Tue Oct 14 23:32:24 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72350
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 202F5CCD196
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:28 +0000 (UTC)
Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com
 [209.85.216.48])
 by mx.groups.io with SMTP id smtpd.web10.3489.1760484800284473088
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:20 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=BwiMbIkT;
 spf=pass (domain: gmail.com, ip: 209.85.216.48,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f48.google.com with SMTP id
 98e67ed59e1d1-3306b83ebdaso5199039a91.3
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484799; x=1761089599;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=/E9IK7jx4kGsq0qhSO9ij4dF/XwZmeonzqoX36aXpZM=;
        b=BwiMbIkT+QnXLvNnss5hp5l4U7nM4e9OBuhLhVZTt2kcfCyIhZ/qAOJVPu86w2pcdC
         Mh2/WI6h+Hzeuy4bIHSa45LLye8f6MZw7RFwVSBvvHyAZGzUZ0gbO1Tf9+rsyYh7zQzK
         BsDb59uUFG4Dm7P5dPw8DF1xdi9bMmqLHfbneiRy+tLEM6VCYsBo6sDBckrcDniVPMkZ
         pTY6CWOO/kPOZJKRH2JuoOLHHFTGT7mRVRLL8GgF43LPlrg7zRB5NCWqd6C2ENM9d/5T
         zQlA7qpjtHAlY0yGXIeVzjQxo7/dYRe9miu62fwsXvxchOexGKYskjetxVwB/UUGYUdX
         yBbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484799; x=1761089599;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=/E9IK7jx4kGsq0qhSO9ij4dF/XwZmeonzqoX36aXpZM=;
        b=O7QQHsWeBLwv/aKMJkMTfWtZjiwLjnVptzYyCM8zrAvlx3M6BDQ6BBx67Cgz01bpQ+
         kXrjUUj5GDyCp0rutaY1wiFsb9GSVAFKcSsNbobCas5q27l1+H7V1PljF/2bG3a59vpR
         0/uFyyqaQT4E2d8eEEq3B5fTC8N+9Lqn929OL3Envc8WizQ74Y1GvwSeaqPeFXrBXhzG
         YrTFzaHYfa+NkMwm+QcA6iGmZ2lNyVHUexH29KjguQdrRlgkYpagjjqu84DRHtjz1sHO
         laRe1MBMszJ99C8lt/m5mdVYFUby4s+lciJMGP4hnZk8OJgm2Y7ps9Qm34dS1Y7ofJyC
         Y1Lw==
X-Gm-Message-State: AOJu0YyTEbSFvibarkCuBbA/7em+iEtZkV/YTkBb2WQEQs4gteiA+YpD
	Mx9wEe3DQo7WWwq9FR+o9CBwMgrkl5WOz2ec+jjktnTRyCp3AikwvfqijZ3ffQ==
X-Gm-Gg: ASbGncue+Ncd2EM4tQjqb3tL5WQno4BEsucHDFVm3BOeMZo8Ul6XI36qba35Ko/Q/lF
	6X+EpGdjSvK6ca7+WSkbs2Rx+xrpBVVAYNBO/IIqqPJKjuhuV1nD/3UGn8LTIU4RVYWjn3ENVgL
	r3V6b/zjwBr21JtaaGi74dJPsyEFFsVeWeAiFQpnHCzWLgxoo6V0gNyjdXlsLsvUu/0jyfxdAVa
	pv2o8OCiiZJNOTZm01EQLDyW8/j0Y5NduhY3oyjMY86GhGsCklAt9L9NLdAY63wbxhXrtsVDFjs
	4cyVKPsXTqKsiCFWOlVlgLKzt96b5+0I6eT0mdPrNvRp0OkwFKY6qVxESN6Wf5f+kDHo2di3Fti
	sBy19E5hTRH7QRTBrUUQL+cIhwd43taGY3479tZ1mNR1kXHByZke8O9aKtO6LBvk9FQ==
X-Google-Smtp-Source: 
 AGHT+IGolafeX9ECONveY9uIQznIhvVtyr8PB/QXzb/EfCjZj7wm+s1JrQ+0vgi2eNGY4p5mE2wTNw==
X-Received: by 2002:a17:90b:4d08:b0:335:2b15:7f46 with SMTP id
 98e67ed59e1d1-33b51386306mr34080071a91.21.1760484799496;
        Tue, 14 Oct 2025 16:33:19 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.17
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:19 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Gyorgy Sarvari <skandigraun@gmail.com>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 13/18] exiv2: patch
 CVE-2025-54080
Date: Wed, 15 Oct 2025 12:32:24 +1300
Message-ID: <20251014233233.304125-14-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120672

From: Gyorgy Sarvari <skandigraun@gmail.com>

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-54080

Backport the patch mentioned in the details.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 40036aa47ad24659d20643195525310fc5fce123)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../exiv2/exiv2/0001-CVE-2025-54080-fix.patch | 77 +++++++++++++++++++
 meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb |  1 +
 2 files changed, 78 insertions(+)
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/0001-CVE-2025-54080-fix.patch

diff --git a/meta-oe/recipes-support/exiv2/exiv2/0001-CVE-2025-54080-fix.patch b/meta-oe/recipes-support/exiv2/exiv2/0001-CVE-2025-54080-fix.patch
new file mode 100644
index 0000000000..6a4c80f8a8
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/0001-CVE-2025-54080-fix.patch
@@ -0,0 +1,77 @@
+From 6a0c63f1362dac8badfad5d2dcc55fb4ff04fc60 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Tue, 29 Jul 2025 18:58:46 +0100
+Subject: [PATCH] CVE-2025-54080 fix
+
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/commit/e737332427711f15bcdc4e903203d6b7493eaec0]
+CVE: CVE-2025-54080
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/epsimage.cpp | 40 +++++++++++-----------------------------
+ 1 file changed, 11 insertions(+), 29 deletions(-)
+
+diff --git a/src/epsimage.cpp b/src/epsimage.cpp
+index 2e2241b69..bb4aa3303 100644
+--- a/src/epsimage.cpp
++++ b/src/epsimage.cpp
+@@ -241,6 +241,8 @@ void readWriteEpsMetadata(BasicIo& io, std::string& xmpPacket, NativePreviewList
+   uint32_t posTiff = 0;
+   uint32_t sizeTiff = 0;
+ 
++  ErrorCode errcode = write ? ErrorCode::kerImageWriteFailed : ErrorCode::kerFailedToReadImageData;
++
+   // check for DOS EPS
+   const bool dosEps =
+       (size >= dosEpsSignature.size() && memcmp(data, dosEpsSignature.data(), dosEpsSignature.size()) == 0);
+@@ -248,12 +250,8 @@ void readWriteEpsMetadata(BasicIo& io, std::string& xmpPacket, NativePreviewList
+ #ifdef DEBUG
+     EXV_DEBUG << "readWriteEpsMetadata: Found DOS EPS signature\n";
+ #endif
+-    if (size < 30) {
+-#ifndef SUPPRESS_WARNINGS
+-      EXV_WARNING << "Premature end of file after DOS EPS signature.\n";
+-#endif
+-      throw Error(write ? ErrorCode::kerImageWriteFailed : ErrorCode::kerFailedToReadImageData);
+-    }
++
++    enforce(size >= 30, errcode);
+     posEps = getULong(data + 4, littleEndian);
+     posEndEps = getULong(data + 8, littleEndian) + posEps;
+     posWmf = getULong(data + 12, littleEndian);
+@@ -285,29 +283,13 @@ void readWriteEpsMetadata(BasicIo& io, std::string& xmpPacket, NativePreviewList
+       if (write)
+         throw Error(ErrorCode::kerImageWriteFailed);
+     }
+-    if (posEps < 30 || posEndEps > size) {
+-#ifndef SUPPRESS_WARNINGS
+-      EXV_WARNING << "DOS EPS file has invalid position (" << posEps << ") or size (" << (posEndEps - posEps)
+-                  << ") for EPS section.\n";
+-#endif
+-      throw Error(write ? ErrorCode::kerImageWriteFailed : ErrorCode::kerFailedToReadImageData);
+-    }
+-    if (sizeWmf != 0 && (posWmf < 30 || posWmf + sizeWmf > size)) {
+-#ifndef SUPPRESS_WARNINGS
+-      EXV_WARNING << "DOS EPS file has invalid position (" << posWmf << ") or size (" << sizeWmf
+-                  << ") for WMF section.\n";
+-#endif
+-      if (write)
+-        throw Error(ErrorCode::kerImageWriteFailed);
+-    }
+-    if (sizeTiff != 0 && (posTiff < 30 || posTiff + sizeTiff > size)) {
+-#ifndef SUPPRESS_WARNINGS
+-      EXV_WARNING << "DOS EPS file has invalid position (" << posTiff << ") or size (" << sizeTiff
+-                  << ") for TIFF section.\n";
+-#endif
+-      if (write)
+-        throw Error(ErrorCode::kerImageWriteFailed);
+-    }
++    enforce(30 <= posEps, errcode);
++    enforce(sizeWmf == 0 || 30 <= posWmf, errcode);
++    enforce(sizeTiff == 0 || 30 <= posTiff, errcode);
++
++    enforce(posEps <= posEndEps && posEndEps <= size, errcode);
++    enforce(posWmf <= size && sizeWmf <= size - posWmf, errcode);
++    enforce(posTiff <= size && sizeTiff <= size - posTiff, errcode);
+   }
+ 
+   // check first line
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
index 81e9954c1d..947d13208d 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
@@ -6,6 +6,7 @@ DEPENDS = "zlib expat brotli libinih"
 
 SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x \
            file://0001-Revert-fix-copy-constructors.patch \
+           file://0001-CVE-2025-54080-fix.patch \
            "
 SRCREV = "a6a79ef064f131ffd03c110acce2d3edb84ffa2e"
 S = "${WORKDIR}/git"

From patchwork Tue Oct 14 23:32:25 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72349
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 202B9CCD195
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:28 +0000 (UTC)
Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com
 [209.85.216.43])
 by mx.groups.io with SMTP id smtpd.web10.3492.1760484802679125835
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:22 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=l3GRUAoN;
 spf=pass (domain: gmail.com, ip: 209.85.216.43,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f43.google.com with SMTP id
 98e67ed59e1d1-33082aed31dso6173218a91.3
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484802; x=1761089602;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=vbBadCOgCowt0UekIjc77ddK4E30Ff5pYfVWp+JuqxU=;
        b=l3GRUAoNB+phd91xABp0w7EmnI+w6Qc9JIXV/Mt3H7UzFcJES4syI0rfGq8xLtw9M9
         4pb1PXcHtP+3ecj8VNinRxR9XbZGbnNhWluqhXE9PBPTKKv92jr4of1CHEymJ3Ts+QbK
         KFUXPisgU3aFDPDjm89SZpdlliF80SpGQ9AImkcGHXoleSXfzlfAmM00d0Vi2G+Pon1s
         dxTneF+VGQGrIw/XJku3Hcwe9hk8LUImlh1DgIhKiEMLvkSQyJttMga+XbNiHe2DQhRN
         BPwenZWAIIOCUE4urXnFUrHz0mwButiEw1LPYUtqZuQl/veQdsP8dA1ddqdccsB4Am7F
         iuew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484802; x=1761089602;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=vbBadCOgCowt0UekIjc77ddK4E30Ff5pYfVWp+JuqxU=;
        b=ZdjXq15OnYgkKysYv/BZEIQbjyjOPH057FTkJvTcjdsJYpU6oAgZTkL6sbwbP9IH/R
         DATc/dUuJ3pEAfc0jXw53YHHSO07yroxcw47rH+25Yu/8me1LlJ9cuh9gy/NDYyxYYjp
         wTOTk9ssH4hBNqvId2IzzfUbFcvxZWCR73WXL6wjOLa8CkUIjV+RU6qyBC2/n9J2r6Ev
         annkytYYHj6DEjMJvPeZMVmwlL/TU7NS8gHsaxaYqzoZhY3hV8kFIgcB+jP002JKagDl
         mkh4s+agjwAnX3+SIeT3/N3V7qmf3OZJamPrm84VnAL4aYfy8MQcHPqXNA+B6jLd8jfT
         QPQQ==
X-Gm-Message-State: AOJu0YwjXLSzCP++8zlELllVG2l90G+hf/4fschsPp/lJeuWvD32m3Ql
	/nn/KLOZp+YfSNaM87rbuf9rvK2tAHlWiDTdunZJexv/F5isZTTNsHe385BYtw==
X-Gm-Gg: ASbGnctVIkoSvFGZJrkPLCf7z94AatuGoadze2PEhI3OW4wUhbp1/lPEc45cxGzuR91
	79QAnXKXYxuAl76sTrnHGCyXTyhrVWug5xpD0McjcWTjyG0d+9feEk62mMSLt0Wp70cgjGg2ECy
	lJWrC3Ozpps9JwUIMA2k0SMVf1lL2LzBeOS6kDUaVmj6ifh0TDBK/qcUe3Ubl8wwFGPbMFPkr8g
	c/byCjLOOp+gOTh7zP3FABCSiBmEOTjds39/fwyekXnIuW+h/5X69zm+3MiE9h09HYFgM4fZbIw
	i2z11eZMEloVH+PGDid8WS2wB+UlspZ1NHCqVx1i6uIEhDCD6YMapn/XB/ovBY8xT0PNgIPbGON
	g4n7Q+1y00XDeBkTLlKw2cmlLXgWgt10vXN+n2zvyVsYGPMwJh43laihzv+hAwBOBmw==
X-Google-Smtp-Source: 
 AGHT+IGuIsFtkYjPH3qEcKm/Z0CuSiIvGF8KITq4jVuXuc8WdoeiswHHWCFOOiXfHviKHiKyo3yypg==
X-Received: by 2002:a17:90b:1e0a:b0:334:cb89:bde6 with SMTP id
 98e67ed59e1d1-33b51105dcemr33248849a91.4.1760484801897;
        Tue, 14 Oct 2025 16:33:21 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.19
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:21 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Gyorgy Sarvari <skandigraun@gmail.com>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 14/18] exiv2: patch
 CVE-2025-55304
Date: Wed, 15 Oct 2025 12:32:25 +1300
Message-ID: <20251014233233.304125-15-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120673

From: Gyorgy Sarvari <skandigraun@gmail.com>

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55304

Backport patch mentioned in the details of the vulnerability.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit f47fdfd73090c996f4edf9c7921bc07bbdffd908)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 ...ppendIccProfile-to-fix-quadratic-per.patch | 96 +++++++++++++++++++
 meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb |  1 +
 2 files changed, 97 insertions(+)
 create mode 100644 meta-oe/recipes-support/exiv2/exiv2/0001-Add-new-method-appendIccProfile-to-fix-quadratic-per.patch

diff --git a/meta-oe/recipes-support/exiv2/exiv2/0001-Add-new-method-appendIccProfile-to-fix-quadratic-per.patch b/meta-oe/recipes-support/exiv2/exiv2/0001-Add-new-method-appendIccProfile-to-fix-quadratic-per.patch
new file mode 100644
index 0000000000..a0399c539b
--- /dev/null
+++ b/meta-oe/recipes-support/exiv2/exiv2/0001-Add-new-method-appendIccProfile-to-fix-quadratic-per.patch
@@ -0,0 +1,96 @@
+From 14a862213873b3f81941721a5972853fd269ca63 Mon Sep 17 00:00:00 2001
+From: Kevin Backhouse <kevinbackhouse@github.com>
+Date: Fri, 15 Aug 2025 12:08:49 +0100
+Subject: [PATCH] Add new method appendIccProfile to fix quadratic performance
+ issue.
+
+Upstream-Status: Backport [https://github.com/Exiv2/exiv2/pull/3345/commits/e5bf22e0cebeabeb2ffd40678344467a271be12d]
+CVE: CVE-2025-55304
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ include/exiv2/image.hpp | 10 ++++++++++
+ src/image.cpp           | 29 +++++++++++++++++++++--------
+ src/jpgimage.cpp        |  7 +------
+ 3 files changed, 32 insertions(+), 14 deletions(-)
+
+diff --git a/include/exiv2/image.hpp b/include/exiv2/image.hpp
+index 629a8a4fd..072016013 100644
+--- a/include/exiv2/image.hpp
++++ b/include/exiv2/image.hpp
+@@ -191,6 +191,16 @@ class EXIV2API Image {
+     @param bTestValid - tests that iccProfile contains credible data
+    */
+   virtual void setIccProfile(DataBuf&& iccProfile, bool bTestValid = true);
++  /*!
++    @brief Append more bytes to the iccProfile.
++    @param iccProfile DataBuf containing profile (binary)
++    @param bTestValid - tests that iccProfile contains credible data
++   */
++  virtual void appendIccProfile(const uint8_t* bytes, size_t size, bool bTestValid);
++  /*!
++    @brief Throw an exception if the size at the beginning of the iccProfile isn't correct.
++   */
++  virtual void checkIccProfile();
+   /*!
+     @brief Erase iccProfile. the profile is not removed from
+         the actual image until the writeMetadata() method is called.
+diff --git a/src/image.cpp b/src/image.cpp
+index f06660cf7..eb6b3eb0a 100644
+--- a/src/image.cpp
++++ b/src/image.cpp
+@@ -625,16 +625,29 @@ void Image::setComment(const std::string& comment) {
+ }
+ 
+ void Image::setIccProfile(Exiv2::DataBuf&& iccProfile, bool bTestValid) {
++  iccProfile_ = std::move(iccProfile);
+   if (bTestValid) {
+-    if (iccProfile.size() < sizeof(long)) {
+-      throw Error(ErrorCode::kerInvalidIccProfile);
+-    }
+-    const size_t size = iccProfile.read_uint32(0, bigEndian);
+-    if (size != iccProfile.size()) {
+-      throw Error(ErrorCode::kerInvalidIccProfile);
+-    }
++    checkIccProfile();
++  }
++}
++
++void Image::appendIccProfile(const uint8_t* bytes, size_t size, bool bTestValid) {
++  const size_t start = iccProfile_.size();
++  iccProfile_.resize(Safe::add(start, size));
++  memcpy(iccProfile_.data(start), bytes, size);
++  if (bTestValid) {
++    checkIccProfile();
++  }
++}
++
++void Image::checkIccProfile() {
++  if (iccProfile_.size() < sizeof(long)) {
++    throw Error(ErrorCode::kerInvalidIccProfile);
++  }
++  const size_t size = iccProfile_.read_uint32(0, bigEndian);
++  if (size != iccProfile_.size()) {
++    throw Error(ErrorCode::kerInvalidIccProfile);
+   }
+-  iccProfile_ = std::move(iccProfile);
+ }
+ 
+ void Image::clearIccProfile() {
+diff --git a/src/jpgimage.cpp b/src/jpgimage.cpp
+index 34187dc63..2c29135ae 100644
+--- a/src/jpgimage.cpp
++++ b/src/jpgimage.cpp
+@@ -268,12 +268,7 @@ void JpegBase::readMetadata() {
+         icc_size = s;
+       }
+ 
+-      DataBuf profile(Safe::add(iccProfile_.size(), icc_size));
+-      if (!iccProfile_.empty()) {
+-        std::copy(iccProfile_.begin(), iccProfile_.end(), profile.begin());
+-      }
+-      std::copy_n(buf.c_data(2 + 14), icc_size, profile.data() + iccProfile_.size());
+-      setIccProfile(std::move(profile), chunk == chunks);
++      appendIccProfile(buf.c_data(2 + 14), icc_size, chunk == chunks);
+     } else if (pixelHeight_ == 0 && inRange2(marker, sof0_, sof3_, sof5_, sof15_)) {
+       // We hit a SOFn (start-of-frame) marker
+       if (size < 8) {
diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
index 947d13208d..db32398b4f 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.3.bb
@@ -7,6 +7,7 @@ DEPENDS = "zlib expat brotli libinih"
 SRC_URI = "git://github.com/Exiv2/exiv2.git;protocol=https;branch=0.28.x \
            file://0001-Revert-fix-copy-constructors.patch \
            file://0001-CVE-2025-54080-fix.patch \
+           file://0001-Add-new-method-appendIccProfile-to-fix-quadratic-per.patch \
            "
 SRCREV = "a6a79ef064f131ffd03c110acce2d3edb84ffa2e"
 S = "${WORKDIR}/git"

From patchwork Tue Oct 14 23:32:26 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72348
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 29A50CCD18E
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:28 +0000 (UTC)
Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com
 [209.85.210.175])
 by mx.groups.io with SMTP id smtpd.web10.3493.1760484805269848677
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:25 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=lZ/lM53E;
 spf=pass (domain: gmail.com, ip: 209.85.210.175,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pf1-f175.google.com with SMTP id
 d2e1a72fcca58-76e4fc419a9so5395309b3a.0
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484804; x=1761089604;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=V1H/ipdKeGjytMyN0hl/+I6wr3SIrllewKisFWn7BRs=;
        b=lZ/lM53EsueEdFFm3WULaCCEfy56hxiabnBBUDI3EaO86uj9YZMYliCNxm53hJHxaa
         CH8RN+lJcV4M24DbMoflLZ7iV8lGoFBai0XOGAaEmQsZm3m90FN0e2Vwx6MHVCEdz3b9
         wjFk7qjgMyWXByN5PATBMHTTzaZQwneRRtUM3s+dgbvLQlZNU83XsXvC8mtd8WOm1xUC
         bGttZcNWc3oL5acS7R4cQ+JN9rdBhqKaxalyMXHcBi5DQChzZPyYSNzzbVRhzxoRairu
         E3j71Fu/+SxR3m7G9mJ0GDkqTwfAkCBL58ljdzEeIW4KWekfEEoAqFjhqbhrNm5zfsOL
         trKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484804; x=1761089604;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=V1H/ipdKeGjytMyN0hl/+I6wr3SIrllewKisFWn7BRs=;
        b=q41c7Iq8n9rqpO1dUsgh5cGUJ+fqp3gj7O21qQaxXxgBgSoDad5wd74mQziorSjO1C
         3r5wRoXx+L95eWNQExKf+5csxm0SN9RZ4qAhC8PsWXnQrOod3sMNQXgVEUItZJfIH24J
         ITL6uh8ZNTW5anQo6yq3ecCeO9ZyCbWFha0H7usARJUdkT6dKa7iPWC3+9t51WFNCqw/
         1V7hb+Jjh5ahaeLF5ETAnEjINlwRTVZZrTCQHitLTnUk6Qd0pTA79l7cxKhJlgBa7NTw
         iWAeFUmChoV43W9tfPkxlN9cuQVgVcj2dnr1iUZ2OO0Dvd3SWGdBbetkjyGE3F0OjSd3
         XoLQ==
X-Gm-Message-State: AOJu0YxdCFBRDXLdROmaGEGBUztnH8vHFfxeOH3DrdUInRJRWZ57Dk6D
	AY18sreYlGcDHsS+cmUAuUukacV236MGMJ/AtO4Yq2+B0uK/DhEuydOAzwZXzg==
X-Gm-Gg: ASbGncspzJ2lME1R9kYGSnL3PAhO35WVtPpxJHnfdOKpNxH2wMKVXp63cafE91azErM
	hUxPVujJrSV0X9pHYoiK9vy80LQrQywLCrqNJzSDzEW/YQ6pM/tziVqMgs6WBov7z0Um3zqdR3X
	QpfS99ygPPfPww99OFpU2GmcxeMwZQgOJfnaGxSihI5WKOKwWrEO14Rhue7RDKe21MolIiC+UOq
	l/0G3IkVOBV+Urof2S0/aRhnmvgp4KpKjm2bCSuUyHy5v6/jHvxM4vmonhZ6fuvsEaav9okTE+g
	jqXYcjRAHHpMM/GXaJks4T2MwC3ceg1GoJMgLowBBd6VdVS7SxBd6MIFC0gWUrK6ZRdxTaKcRuw
	t/juVg1cRGKwZcvha3jNTq1l2uHYnTORg0f8lgqwo798XDpPvlAR25LadoCG6xDOWKQ==
X-Google-Smtp-Source: 
 AGHT+IFnTCPkuQcQUkpBzvdyRfvP7dQqswx+qIK4kfin6ZjpuIh2v2RjzHVHDq8H2RpVMX4YRss2aw==
X-Received: by 2002:a05:6a20:3947:b0:252:9bf:ad9c with SMTP id
 adf61e73a8af0-32da83e687emr39332217637.51.1760484804503;
        Tue, 14 Oct 2025 16:33:24 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.22
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:24 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>,
	Khem Raj <raj.khem@gmail.com>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 15/18] gattlib: mark
 CVE-2019-6498 as fixed
Date: Wed, 15 Oct 2025 12:32:26 +1300
Message-ID: <20251014233233.304125-16-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120674

From: Peter Marko <peter.marko@siemens.com>

Our hash does not point to exact tag and CVE patch is already in.

We use: 33a8a275928b186381bb0aea0f9778e330e57ec3
Fix: https://github.com/labapart/gattlib/commit/60b813a770e42fdb0e85c1d2da7a55327784b8d6

git describe --tags --match=v0.2 33a8a275928b186381bb0aea0f9778e330e57ec3 60b813a770e42fdb0e85c1d2da7a55327784b8d6
v0.2-262-g33a8a27
v0.2-85-g60b813a

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e5a12d52522f10026570a5c48d6662a5359c4887)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 meta-oe/recipes-connectivity/gattlib/gattlib_git.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb b/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb
index 7ad28d594d..0841dc2596 100644
--- a/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb
+++ b/meta-oe/recipes-connectivity/gattlib/gattlib_git.bb
@@ -17,6 +17,8 @@ SRCREV = "33a8a275928b186381bb0aea0f9778e330e57ec3"
 
 S = "${WORKDIR}/git"
 
+CVE_STATUS[CVE-2019-6498] = "fixed-version: patch is already included in sources"
+
 PACKAGECONFIG[examples] = "-DGATTLIB_BUILD_EXAMPLES=ON,-DGATTLIB_BUILD_EXAMPLES=OFF"
 
 # Set this to force use of DBus API if Bluez version is older than 5.42

From patchwork Tue Oct 14 23:32:27 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72346
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 149CBCCD190
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:28 +0000 (UTC)
Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com
 [209.85.216.49])
 by mx.groups.io with SMTP id smtpd.web10.3495.1760484807518224588
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:27 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=eTjGFi23;
 spf=pass (domain: gmail.com, ip: 209.85.216.49,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f49.google.com with SMTP id
 98e67ed59e1d1-32ec291a325so4299209a91.1
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484807; x=1761089607;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=qxOFw7U2r1tSvSpUN0MIqNOU96qN8776Ow1BtsH+Xck=;
        b=eTjGFi23PoARR8nKGalRXInscaEqFr5/YVr8kHBs+ruts0l8/KG+duYRK/zXuliLO4
         N6c5egPDALCFP8DbdDYeRsFrBVy+tY6KDEvY9zke0nhGCQjKw+InTvBIhnSlEqWrxRhw
         mltUB5W5oiIXOTT/78Yl/oy00DzzEWvb2be6eB9uN/YU5VHwyb7xIYBTHdkNZ9W2wanD
         J4riI2OSE6Rupv4UlOpBMac/o+Cruu2W946O5gMJ42DmBSQR4n7UuVMg/isjPIDLJu7c
         ODihSDCNXcIALPP+tn+o724AtWTU8xLMicLzACcZn6tjafGvVNGy/AcvuXBxZUS7brMW
         +NUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484807; x=1761089607;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=qxOFw7U2r1tSvSpUN0MIqNOU96qN8776Ow1BtsH+Xck=;
        b=JnVU49JJEsjJ/hAmd6o2xibJ41DmMtyL6xLRdOyaxmJP3ReHJEW4axb2FXef4nDUbP
         oxGOgPUaPlTaiAWwwH/ipHuSQUz1WTrKhMn3xcGqXGhD0zPx4AXhRIZnke3BzP4OMcI9
         Rp/X06rkbt3d6Xaug74utDbl3TjXYU9jGSZiE+KKQM2AQNkIVf9izVKA0XF8EMlMfvvd
         fkagSf7TYKc97W+pXK/UqKGxOhT0qtzs836wZqUx8yc9LQ9JTysVdrJFoqIFTEwZQZ0/
         xdhU7JZefS8KKwMo0jj+2m00hNRX0MGD7lwKT1GKNMe3WjCf8KDVKbtkXYK3uXbYcvHi
         sPlw==
X-Gm-Message-State: AOJu0YxH3N+S3m001qjQVrR++Icoi8z0ZG98ru5mg1X4LGkj7A5BUWte
	c8eJ4NFpnfWQk5SNvmd7sPAYiGqapEtMXQ6MHLaXJdBSMeEWmD1BjlQf7E7TSA==
X-Gm-Gg: ASbGnctwg3YwVlPc1XFkRqR2M+V/PNeyVuyHyEOhi/Aw9wUrO5KQeTgFzEnVipIKgTC
	E5TAQZrPqMv5eJHGmwVdwgQDQ2nORhGEXhpKcKFZ02SOg11m2RvyJlPczgZkDpOcgAaqbVmgixD
	HlNBg8Ya2MsbkWTu8jjHDJaXpAIEzaM8RH/H4xkliaLsMMUlSJmM6zFQdK0Gy9gReO+fFOUcjdF
	v5ntwajHcSsnyhwEnKb/iIGWPZ3vJO+o4PAj+gGc/kw+bL9lbOtSUkTBqAyi1lQJezxYqsagXra
	Wz87aNBfVpNmfa5jJADxraDqmmJg/xrPDmz/xjl8/5t+3TFMBWAvl68E2Q7dCBDhGlR2UMgOgrz
	dIGYHsCISkCD9t4LG2aZRGf623UlpJenHlY0EbcQJxyQ3F1ctKgPc+hM=
X-Google-Smtp-Source: 
 AGHT+IHQPyXI3Dc27bMogFf//rLXCGWeiwpNGK1Ku/WNrGTQ2vSHMQPWONojKA5vh42YYBIFOB9PJg==
X-Received: by 2002:a17:90b:3b46:b0:32e:d9db:7a86 with SMTP id
 98e67ed59e1d1-33b510ff4acmr40566125a91.7.1760484806770;
        Tue, 14 Oct 2025 16:33:26 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.24
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:26 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Khem Raj <raj.khem@gmail.com>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 16/18] influxdb: Do not remove
 non-existing files
Date: Wed, 15 Oct 2025 12:32:27 +1300
Message-ID: <20251014233233.304125-17-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120675

From: Khem Raj <raj.khem@gmail.com>

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cd6e2d8f53b45108ae9aa7b2a2988452dff4a2eb)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 meta-oe/recipes-dbs/influxdb/influxdb_1.8.10.bb | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/meta-oe/recipes-dbs/influxdb/influxdb_1.8.10.bb b/meta-oe/recipes-dbs/influxdb/influxdb_1.8.10.bb
index 5301071516..836736dd8c 100644
--- a/meta-oe/recipes-dbs/influxdb/influxdb_1.8.10.bb
+++ b/meta-oe/recipes-dbs/influxdb/influxdb_1.8.10.bb
@@ -38,9 +38,10 @@ USERADD_PACKAGES = "${PN}"
 USERADD_PARAM:${PN} = "--system -d /var/lib/influxdb -m -s /bin/nologin influxdb"
 
 do_install:prepend() {
-    rm ${B}/src/${GO_IMPORT}/build.py
-    rm ${B}/src/${GO_IMPORT}/build.sh
-    rm ${B}/src/${GO_IMPORT}/Dockerfile*
+    test -e ${B}/src/${GO_IMPORT}/build.py && rm ${B}/src/${GO_IMPORT}/build.py 
+    test -e ${B}/src/${GO_IMPORT}/build.sh && rm ${B}/src/${GO_IMPORT}/build.sh
+    rm -rf ${B}/src/${GO_IMPORT}/Dockerfile*
+
     sed -i -e "s#usr/bin/sh#bin/sh#g" ${B}/src/${GO_IMPORT}/scripts/ci/run_perftest.sh
 }
 

From patchwork Tue Oct 14 23:32:28 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72351
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 25F76CCD184
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:38 +0000 (UTC)
Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com
 [209.85.214.180])
 by mx.groups.io with SMTP id smtpd.web11.3580.1760484810128164321
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:30 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=iZve1/Z3;
 spf=pass (domain: gmail.com, ip: 209.85.214.180,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pl1-f180.google.com with SMTP id
 d9443c01a7336-2697899a202so2717875ad.0
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484809; x=1761089609;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=A+pX/iBWVbhFSiuV4mQiwsLCfqr7Drp1jX/zU7jS4dU=;
        b=iZve1/Z3w+2nylc+h7rdxteD+LP/4Dd8J45Uw7eVdkHyw024b8njH45W/z+mA5hsVH
         d+oulLALojwFGLyH1EK9T//6Der1F2A54vSRnuNbZmbML4PPR/LNllp+3G87esDH7rVk
         5jMVmUQnzNCJ8wcUS911pNmS0A4hYq1M6Vr3lfYqU8FAFmzwG+vUMyc3nMLn6FUBERar
         gAMuGOdzsaGMW7EWq3IjVqD60Lh4EIYV1miWjVeSDtCaBlCMA+WCCijAquUwWyMeOg0l
         eDuo9OqNi69dI7vSpD6CnW3cMWblfSIKxfcj6vqhlkDeCbvmzIObiMabX1n6jiWGBR8I
         x7OQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484809; x=1761089609;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=A+pX/iBWVbhFSiuV4mQiwsLCfqr7Drp1jX/zU7jS4dU=;
        b=tNaGTi3DzL6ZSTFZng4JDnT5dvtsNcKDBptNecg9Zf9PlpzDIjiqT2W7VUZX9AiIJv
         n5EN7OZKGlAHMmQHSu3SeQkMGCRnvsKmWdcTXSNkzo6nGu+JYZXfG0t9zirNXuPFWsIK
         yMRj8q56N9MyjjMl9F/c+t+Xc5G1JFp6CM/X/5xNocXa4bqvn1gH/x9wZWi0qVuuy7+M
         SWxgWBr/xMPwnD3aThQIRy7PzEjnG1VCckIfe20UbL4S/x+AUqwMD+fZMfvGByaSCfOr
         AqrWch+tdyNs3+iGzBbdmAVCqvGzYK06vzy8q1yWuhnNijPLvwLxSsfOiHrRRySKJoml
         U2pQ==
X-Gm-Message-State: AOJu0YzKKkeqiq+Gnn/hltF/iet88Smsk0xbyQAOIK0GoohqrE+Ut4JX
	t0cUnGMC2MREj06Os+J42Mv7mmiUVDBdUminrIu+LrjcFLNnrLLf36qjbiHNwQ==
X-Gm-Gg: ASbGncv1nMMIexXhQ/jisPKJYRizFyRRzlNOrUuF3z8M9BHRwcFzy4OYhiRurJhEcDI
	bIhCfmdy/IW5UKulwQE89i688T8UNfffOKAZEVu8viIgrZNFABrsLZUkbHodWhaY4FNbkToU+2k
	A62em/3G/jlsZnblFxBblgbeM0SO+1A/mTQ19apjuYmE8lyCfHbn9ByoGp7MjhM5Bzi3sYCgzDG
	QU8QQ0cA5oXxC6wnNVvNub85NqWewacM4xYSqhe4h3oGH//3b/jhVrF4cDk22PSfIxgSNRignXK
	8WqbQRUKjsMKKaCMpw5cBM0Om15eOk/X7vxgt6/0otyWfISkKzNFojjspDB+H3mQQay/lGC3kZJ
	bhXkgLiITzMKfv8uA/PustYe2DCl7eH1jQel2rMcQUqbH+XDYm4wLhUE=
X-Google-Smtp-Source: 
 AGHT+IGx0evgDLbyv0jnweA8IY7satbOd3nzugScDJyc7sxoeIYXFsEzWxgIY71+AFYG1w5U00y+Gw==
X-Received: by 2002:a17:902:e94e:b0:271:9b0e:54ca with SMTP id
 d9443c01a7336-28ec9c372a0mr394423345ad.13.1760484809370;
        Tue, 14 Oct 2025 16:33:29 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.27
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:29 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ninette Adhikari <ninette@thehoodiefirm.com>,
	Khem Raj <raj.khem@gmail.com>,
	Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 17/18] influxdb: Update CVE
 status for CVE-2019-10329
Date: Wed, 15 Oct 2025 12:32:28 +1300
Message-ID: <20251014233233.304125-18-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120676

From: Ninette Adhikari <ninette@thehoodiefirm.com>

The version don't match and only the Jenkins plugin is affected.

Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 524acf0542cafed3f5e82cd94291a653f6cf86e1)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 meta-oe/recipes-dbs/influxdb/influxdb_1.8.10.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta-oe/recipes-dbs/influxdb/influxdb_1.8.10.bb b/meta-oe/recipes-dbs/influxdb/influxdb_1.8.10.bb
index 836736dd8c..397b225ccb 100644
--- a/meta-oe/recipes-dbs/influxdb/influxdb_1.8.10.bb
+++ b/meta-oe/recipes-dbs/influxdb/influxdb_1.8.10.bb
@@ -38,7 +38,7 @@ USERADD_PACKAGES = "${PN}"
 USERADD_PARAM:${PN} = "--system -d /var/lib/influxdb -m -s /bin/nologin influxdb"
 
 do_install:prepend() {
-    test -e ${B}/src/${GO_IMPORT}/build.py && rm ${B}/src/${GO_IMPORT}/build.py 
+    test -e ${B}/src/${GO_IMPORT}/build.py && rm ${B}/src/${GO_IMPORT}/build.py
     test -e ${B}/src/${GO_IMPORT}/build.sh && rm ${B}/src/${GO_IMPORT}/build.sh
     rm -rf ${B}/src/${GO_IMPORT}/Dockerfile*
 
@@ -75,3 +75,5 @@ INITSCRIPT_NAME = "influxdb"
 INITSCRIPT_PARAMS = "defaults"
 
 SYSTEMD_SERVICE:${PN} = "influxdb.service"
+
+CVE_STATUS[CVE-2019-10329] = "cpe-incorrect: Version does not match and only the Jenkins plugin is affected."

From patchwork Tue Oct 14 23:32:29 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ankur Tyagi <ankur.tyagi85@gmail.com>
X-Patchwork-Id: 72352
Return-Path: <ankur.tyagi85@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 25FB0CCD190
	for <webhook@archiver.kernel.org>; Tue, 14 Oct 2025 23:33:38 +0000 (UTC)
Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com
 [209.85.216.44])
 by mx.groups.io with SMTP id smtpd.web11.3581.1760484812130264461
 for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:32 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=l8pxYgv1;
 spf=pass (domain: gmail.com, ip: 209.85.216.44,
 mailfrom: ankur.tyagi85@gmail.com)
Received: by mail-pj1-f44.google.com with SMTP id
 98e67ed59e1d1-3324523dfb2so5761430a91.0
        for <openembedded-devel@lists.openembedded.org>;
 Tue, 14 Oct 2025 16:33:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1760484811; x=1761089611;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=4/eGPGq9fO94N0Uhy1pzyCjVfxuml0/hGuhadABayw0=;
        b=l8pxYgv1W39yQnzzZdks9MOBkx0KHaua7nBm3mO8xKipP7z3fL0Jzv44GnIijKudkC
         Gcbtheg6qsto5FNl+KGszEjrYbXoNrGfXMoeLFsteqRZ7iid1E5z9gwMselyFl8Z+WCF
         vpoTiztogSoLC9MAVuf8mmc/M0jJATKw/flGAHLkMa5Dd1obasaLl+Eo/29500EDFn15
         6H1REKZEtcfyb7tuKTmXPgzPrHgfwoRHDBkrQh57t8R577o4GyZzz1oDrgfCrWOMcryE
         5kd/Bdi0BRuVxb/UNRl+mT0BQq3ayeVp4as8lrK4S7zRt9v/7oC2sPYDoH21lv5adjj+
         AWvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1760484811; x=1761089611;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=4/eGPGq9fO94N0Uhy1pzyCjVfxuml0/hGuhadABayw0=;
        b=uBoggUuSFBvoK8xFhgsQfu85HIRHBMCAUJqR+8d2hhgdnDqpkhCFYv/SGFVTGEGDIz
         8TINQGx5qnGqNuOYkPWFd7AImbevvWAOtUpkkWs9fPvlDsFtRuYzZtX9JuB91xUrWjKl
         raCUxGHKAAecc+8dQHGz8K3L3jnU7ZMemlG62JuZE7ocBrFZ+b8Kk1lRj7wfQbaNSzLA
         AMvzmdrGN1L0u/1EBfEuV1froW12zLZJnzN8UdeM2C3xPIgqCXMJWe3QO19atFqH3IGC
         T7eq7UnCwhszRJCPsHH6wxo09B81mOtu71UeC1IsqvUADyliLCFmZGvQZ/J1L/m1WpCs
         ZoNw==
X-Gm-Message-State: AOJu0YxMOxefrexPgK43I1xBqV2e5i/usVsStQyksUB04YSQizRoClmk
	DnwMz0fw1mZG6yoEfd+ZBlKh+vAbzw3qS/A87mr6U9VQoAHz7S6FCf6GypXcIw==
X-Gm-Gg: ASbGncuTR5m0qsobJJBPLr2OeaPSVwv/tsyro6w3CZT29N/7ECNuC4qPDv0ARj7q0Gh
	6IX7klfDux0O5QYVKWNN3R+1Ct18rzW3pWC1XYLxwKbl4bKJJoYbRejVKryQRf+OOTDlJ6Pcf7C
	OR49kM+BAq49RMgu19s6eh3nO1FPpDx2dnDs3qxZQHAPFfyA57CzXkMq/S1MWMmit9dj8yDfP39
	mRo9h49FLf06w7Zi6V+dZNevzp2CijVRa0mDcP3HkhgNdYR3IpFL+LtvF6xml0NA08f0IOdDdps
	G3rGlIwo9df76S00knbdpVjrn+jLk/AhGocVh29DP4lqGr7tCHzt7yigIWIl45PZOWpq/idg+Vi
	uF2LejKAXhdaP6LN8rjXayY7EsgIKy8FOjjo2gv1NCsxlP2pVYk03kmc=
X-Google-Smtp-Source: 
 AGHT+IHmH2dTZkmV0wcXNlNxUJNIPEx9C978nxy3k0z4XQh0+XKoDRpf9OnXgpqol5Y5hoISG8ZQSg==
X-Received: by 2002:a17:90b:1b11:b0:32d:e07f:3236 with SMTP id
 98e67ed59e1d1-33b5138e3f6mr33563938a91.22.1760484811374;
        Tue, 14 Oct 2025 16:33:31 -0700 (PDT)
Received: from NVAPF55DW0D-IPD.. ([147.161.216.252])
        by smtp.gmail.com with ESMTPSA id
 98e67ed59e1d1-33b61aac5besm17033254a91.14.2025.10.14.16.33.29
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 Oct 2025 16:33:31 -0700 (PDT)
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [oe][meta-oe][scarthgap][PATCH v2 v2 18/18] jasper: upgrade to 4.1.2
 release
Date: Wed, 15 Oct 2025 12:32:29 +1300
Message-ID: <20251014233233.304125-19-ankur.tyagi85@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
References: <20251014233233.304125-1-ankur.tyagi85@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Tue, 14 Oct 2025 23:33:38 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/120677

Bugfixes including CVE-2023-51257
https://github.com/jasper-software/jasper/compare/version-4.1.1...version-4.1.2

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../jasper/{jasper_4.1.1.bb => jasper_4.1.2.bb}                | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 rename meta-oe/recipes-graphics/jasper/{jasper_4.1.1.bb => jasper_4.1.2.bb} (89%)

diff --git a/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb
similarity index 89%
rename from meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb
rename to meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb
index 5281980ecb..d4dae1f22a 100644
--- a/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb
+++ b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb
@@ -4,9 +4,10 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a80440d1d8f17d041c71c7271d6e06eb"
 
 SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master"
-SRCREV = "917f7708b755d8434f70618108c1a76f1b6a0a82"
+SRCREV = "ff633699cb785967a2cb0084d89d56e53c46e416"
 
 CVE_STATUS[CVE-2015-8751] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2023-51257] = "fixed-version: patch is already included in sources"
 
 S = "${WORKDIR}/git"