From patchwork Wed Oct 15 06:35:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72369 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B34BECCD190 for ; Wed, 15 Oct 2025 06:35:50 +0000 (UTC) Received: from mail-pg1-f169.google.com (mail-pg1-f169.google.com [209.85.215.169]) by mx.groups.io with SMTP id smtpd.web10.9544.1760510143491040002 for ; Tue, 14 Oct 2025 23:35:43 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=L9o3VOSs; spf=pass (domain: gmail.com, ip: 209.85.215.169, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f169.google.com with SMTP id 41be03b00d2f7-b58445361e8so539906a12.0 for ; Tue, 14 Oct 2025 23:35:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1760510143; x=1761114943; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=qLrcoQL7HAz19QYMCjJQMugDAec9KnB7uwYxeDsSwXU=; b=L9o3VOSs0nnP7htkeY4V4xS64EBskF+8AI+0JSSaxuMuXTuJO2tc1K9GAPZOCXO6LU BgVZym38T6apzkaffN3SMLhxZv4aOSkJJWavt37FreoWEELPgN3af0Xm2C73se8YwEtS RRc38ij9OPfHSz5lDrpQH2A7l1F9dxuVwsBi3vAZYoJV3/eRDmsFWA3o6gRJsveEl2Ht dxMKn497iFkra2BqEQgs+5I8XyNDiGh6TYruRdtrudoXGh5sTFHvrTL6Lx7RaUTi6afl C+dYa1WZ27g9hNmq10SOqJlV14sTVRs9wHAqV6f5XUB3CzxkyDa19HNhAN9ZM/rSa6mK DJOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760510143; x=1761114943; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qLrcoQL7HAz19QYMCjJQMugDAec9KnB7uwYxeDsSwXU=; b=TAR+BGfUWA897qCzFkqoqvq0Gw9+rD2qs+q/4Ie5pUOj0HjPwTWQv4cAt+IcjFjoYD nNAIobtubuDnyaNLcmELKL2YXzVe4LcMgTgUuG1+LAXtrkgeWLay8M+C7vIv80cNUzS3 6iZzsVbnj79QvlY6wHTOLOQfxQw8NdoQfpxsvzySWvBeGviFvD6f8rPYkGe30dCGz6Oq 4KbPN8qjK3r31VEo6NhthexP84cb2NVdGer+OYP+UYsg5Mm37JMxkm+sYYJfXS68dXd9 hckT41s1t12AV4T61Lug6aRdUcGHtZdtGXjnDodh+BmbfauwtBGIAJoCMdRC/OdyxWbh yqwA== X-Gm-Message-State: AOJu0Yxb5oCiU9++V5z8eTIw/JOO+95yqndIN0Iu/vTzQPkReiQqI8dn gNzPbpv7Cjf5mu/C0dvs1xvvju8xBzvh0nJf6PRtAHaZxBI8RTtatXC1PUMMmg== X-Gm-Gg: ASbGncvG2KBFoKK0/WW7lv/HbLUs4ESrCLnT8gMjDzkyFvZTbXAhB7p3X+8mP1TL5YZ upDC4BtRbKwedtJpew2hvLGivO6TI5xJ3RR4vnys7tXMyt7GggvkmP9YyjP24OR0iKi9qjwsX6G kBnHDlIm+V8YwTG6QcO8Zq77/VeQBXyUM19Eg3J0A7aPqCh4CHI4e9N4E8D8HX4HpO/aE/PJe3L STKb5tKmsP5yNHCe+50cQU0UJlt09tNUIEFjqE+VuHhkNWcUVLv8rab4OgECF6s4DzhkuY7Lkc+ SgEZTVAWFsXecaluZxcL5qvudmlhAk630haI2X3YlXA8+Yzw5FzJV88xhzLWSaIiyiP5VjJsjSE Np8S5+b/M/2epxaELvyHdoPb9yTIPUXDRK+R2KSokcy7kr5lvhTV9ys+DLxlNcq6aWw== X-Google-Smtp-Source: AGHT+IEBormnDgkpsIpP1JaxUUEedbaWWjYI2uoczc/kpmW/5gLpoc8u/Zf4NhHyZeJuC0J4JqHlog== X-Received: by 2002:a17:902:ebc4:b0:27e:d66e:8729 with SMTP id d9443c01a7336-29027d7d0edmr321900045ad.0.1760510142609; Tue, 14 Oct 2025 23:35:42 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29034de6fd3sm186191205ad.25.2025.10.14.23.35.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Oct 2025 23:35:42 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Ninette Adhikari , Khem Raj , Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 1/4] mercurial: Update CVE status for CVE-2022-43410 Date: Wed, 15 Oct 2025 19:35:28 +1300 Message-ID: <20251015063531.1573191-1-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Oct 2025 06:35:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120690 From: Ninette Adhikari The recipe used in the `meta-openembedded` is a different mercurial package compared to the one which has the CVE issue. Package used in `meta-embedded`: https://www.mercurial-scm.org/ Package with CVE issue is a Jenkins plugin: https://plugins.jenkins.io/mercurial/ (This is reflected in the CPE) Signed-off-by: Ninette Adhikari Signed-off-by: Khem Raj (cherry picked from commit bf84ac1c4c1a00c2aa92a09fbdfae128d055fe05) Signed-off-by: Ankur Tyagi --- meta-oe/recipes-devtools/mercurial/mercurial_6.5.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-oe/recipes-devtools/mercurial/mercurial_6.5.bb b/meta-oe/recipes-devtools/mercurial/mercurial_6.5.bb index 2451a36be2..53fe0a28ae 100644 --- a/meta-oe/recipes-devtools/mercurial/mercurial_6.5.bb +++ b/meta-oe/recipes-devtools/mercurial/mercurial_6.5.bb @@ -34,3 +34,4 @@ PACKAGES =+ "${PN}-python" FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR} ${datadir}" FILES:${PN}-python = "${nonarch_libdir}/${PYTHON_DIR}" +CVE_STATUS[CVE-2022-43410] = "cpe-incorrect: The recipe used in the `meta-openembedded` is a different mercurial package compared to the one which has the CVE issue." From patchwork Wed Oct 15 06:35:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72370 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4582CCD18E for ; Wed, 15 Oct 2025 06:35:50 +0000 (UTC) Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by mx.groups.io with SMTP id smtpd.web11.9522.1760510146069276318 for ; Tue, 14 Oct 2025 23:35:46 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fW3AiOZs; spf=pass (domain: gmail.com, ip: 209.85.215.173, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-b555ab7fabaso5685186a12.0 for ; Tue, 14 Oct 2025 23:35:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1760510145; x=1761114945; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ZH0wf017pxvDomy9pGBp+8SRLNscbR1Cys4bPCtSLHk=; b=fW3AiOZsyNXrF5/eDVYT1ULd3opz9fwuLlsR1jHGVc2bYQkkxLt11R0nyOtixVp2T3 sYExUALVc+DM6+Ic2IhkKCRpsjNtSiwU0P3inWgeJHwIMves7CO3t73sVMyrBcMYgxBF uznZFuTWxXM9wNd+0nw0m2HM2ZlTHft0bR2g8qXtHZkFRGv9P7s6flLt/n4om4clbt9J qyf7YknRfYzYkgisyYFN63HjRMlypCHK9Cc0QUYQjWlsYmKNRZ3V9aLWkQAMrE4FrqRn 5qa64qEXxNxtC8fC+C/mgd72krrad1btVthnsjoBylammmbx8DSXdk+C3hwJhTxr9gyx f/lw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760510145; x=1761114945; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZH0wf017pxvDomy9pGBp+8SRLNscbR1Cys4bPCtSLHk=; b=Ic3Op5E4uSuwI7u3o1kltPoivamFS3WhjCjVxhq9vD3b4Cr0zc9A57YqlCu7fgLKSn wMZSyxb8a1jHjIb2F25bj+FM3bP5dqiW1TrgveWQdQzTQnfP15NMa/WglkDdHZerC21F pmxz9wG1Zj2LXygUrag/+5Fvjl4V7zhOYUFr9Ps1ErFpzHNM+sQuw2G/KFay384/iayW u61mA3cBUZEWSSGBdNDCuUXnQQU2qBn7adq3RHirz45xHTz12bte9nm+xWZVloejNFH0 S23WGgKrxzRcO/KOknsvbmcwIDsqdpEgXLAqgx91m/SvK5Pjerj+SM+7Y+Mh1kkLu/Zz 3syA== X-Gm-Message-State: AOJu0YxwByAjuNOt5ZTfrGcw3irpAuXVxkZQnxkw+5/ObQA+BRb/No0a SKQI/0c4aifXq5P8tI0v3s2oihePrIVqdVmjOxRMZb8dCVLgfn65iKeSNOh2JA== X-Gm-Gg: ASbGncuP4p+qcpkzMBB+ZR5cuho5i5F9K6iOeeMeQvB90oXvgvKvswPdZCxhC/GonvP cAhA9xEHMxgTzzdJMXXG9QYGEiCVd9LPD9MrD/Le1gHGTEHnYIY3mW7ZvKX9u3jGQj47+GSNiEK ceuWbGnK1H2ZR9jjxOdHLNL/bDAmGQI0t8sg/8ReWT2p6X71ZBc8vSN1CaAKOAvFIRe9HJ+31dR KNH275N9Rs7/oUxKlUAO30x0E8TpxNtqVkXPV2dITQpcsyZael0KvMeP9uHMT5htNeJin3KdCRg BHO71XgtLN9ua6Mm+2tPVIDudrEa0lOJyfEt2Kn94MGHy8+Af8/kAVj6J2kl6lFz/WcVRXMpXVN nT2KdxjnRuRaCskhqNrNLVjbF5tmUxEBLxMzsY2Ym0DKlTakAHYeP11ybkS/zT+wNWA== X-Google-Smtp-Source: AGHT+IF94AItb0+qHXQV7NrJgs71ohJTeH+wk/Awjk6eNpi43K983w/0ULYT9PwZrIUw0Y9seDEiSA== X-Received: by 2002:a17:902:e785:b0:288:e46d:b32b with SMTP id d9443c01a7336-290273748d3mr372188955ad.17.1760510145047; Tue, 14 Oct 2025 23:35:45 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29034de6fd3sm186191205ad.25.2025.10.14.23.35.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Oct 2025 23:35:44 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 2/4] libvpx: patch CVE-2024-5197 Date: Wed, 15 Oct 2025 19:35:29 +1300 Message-ID: <20251015063531.1573191-2-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251015063531.1573191-1-ankur.tyagi85@gmail.com> References: <20251015063531.1573191-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Oct 2025 06:35:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120691 Details https://nvd.nist.gov/vuln/detail/CVE-2024-5197 --- .../webm/libvpx/CVE-2024-5197.patch | 225 ++++++++++++++++++ .../recipes-multimedia/webm/libvpx_1.14.0.bb | 1 + 2 files changed, 226 insertions(+) create mode 100644 meta-oe/recipes-multimedia/webm/libvpx/CVE-2024-5197.patch diff --git a/meta-oe/recipes-multimedia/webm/libvpx/CVE-2024-5197.patch b/meta-oe/recipes-multimedia/webm/libvpx/CVE-2024-5197.patch new file mode 100644 index 0000000000..5ab7f6d8d5 --- /dev/null +++ b/meta-oe/recipes-multimedia/webm/libvpx/CVE-2024-5197.patch @@ -0,0 +1,225 @@ +From 402e649a26196152a1703a949a71e4c8985edb8a Mon Sep 17 00:00:00 2001 +From: Wan-Teh Chang +Date: Wed, 10 Apr 2024 17:01:10 -0700 +Subject: [PATCH] CVE-2024-5197 + +[1] Fix integer overflows in calc of stride_in_bytes + +A port of the libaom CL +https://aomedia-review.googlesource.com/c/aom/+/188761. + +Fix unsigned integer overflows in the calculation of stride_in_bytes in +img_alloc_helper() when d_w is huge. + +Change the type of stride_in_bytes from unsigned int to int because it +will be assigned to img->stride[VPX_PLANE_Y], which is of the int type. + +Test: +. ../libvpx/tools/set_analyzer_env.sh integer +../libvpx/configure --enable-debug --disable-optimizations +make -j +./test_libvpx --gtest_filter=VpxImageTest.VpxImgAllocHugeWidth + +Bug: chromium:332382766 +Change-Id: I3b39d78f61c7255e10cbf72ba2f4975425a05a82 + +[2] Avoid integer overflows in arithmetic operations + +A port of the libaom CL +https://aomedia-review.googlesource.com/c/aom/+/188823. + +Impose maximum values on the input parameters so that we can perform +arithmetic operations without worrying about overflows. + +Also change the VpxImageTest.VpxImgAllocHugeWidth test to write to the +first and last samples in the first row of the Y plane, so that the test +will crash if there is unsigned integer overflow in the calculation of +stride_in_bytes. + +Bug: chromium:332382766 +Change-Id: I54cec6c9e26377abaa8a991042ba277ff70afdf3 + +[3] Fix a bug in alloc_size for high bit depths + +I introduced this bug in commit 2e32276: +https://chromium-review.googlesource.com/c/webm/libvpx/+/5446333 + +I changed the line + + stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; + +to three lines: + + s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; + if (s > INT_MAX) goto fail; + stride_in_bytes = (int)s; + +But I didn't realize that `s` is used later in the calculation of +alloc_size. + +As a quick fix, undo the effect of s * 2 for high bit depths after `s` +has been assigned to stride_in_bytes. + +Bug: chromium:332382766 +Change-Id: I53fbf405555645ab1d7254d31aadabe4f426be8c + +(cherry picked from commit c5640e3300690705c336966e2a8bb346a388c829) +(cherry picked from commit 9d7054c0cb83665a74cf6f59b6261f455e692149) +(cherry picked from commit 61c4d556bd03b97d84e3fa49180d14bde5a62baa) +Signed-off-by: Ankur Tyagi + +CVE: CVE-2024-5197 +Upstream-Status: Backport +[1] [https://chromium.googlesource.com/webm/libvpx/+/c5640e3300690705c336966e2a8bb346a388c829] +[2] [https://chromium.googlesource.com/webm/libvpx/+/9d7054c0cb83665a74cf6f59b6261f455e692149] +[3] [https://chromium.googlesource.com/webm/libvpx/+/61c4d556bd03b97d84e3fa49180d14bde5a62baa] +--- + vpx/src/vpx_image.c | 45 +++++++++++++++++++++++++++++++++------------ + vpx/vpx_image.h | 16 +++++++++++----- + 2 files changed, 44 insertions(+), 17 deletions(-) + +diff --git a/vpx/src/vpx_image.c b/vpx/src/vpx_image.c +index f9f0dd602..838a9ea4e 100644 +--- a/vpx/src/vpx_image.c ++++ b/vpx/src/vpx_image.c +@@ -8,6 +8,7 @@ + * be found in the AUTHORS file in the root of the source tree. + */ + ++#include + #include + #include + #include +@@ -21,12 +22,23 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, vpx_img_fmt_t fmt, + unsigned int buf_align, + unsigned int stride_align, + unsigned char *img_data) { +- unsigned int h, w, s, xcs, ycs, bps; +- unsigned int stride_in_bytes; ++ unsigned int h, w, xcs, ycs, bps; ++ uint64_t s; ++ int stride_in_bytes; + unsigned int align; + + if (img != NULL) memset(img, 0, sizeof(vpx_image_t)); + ++ if (fmt == VPX_IMG_FMT_NONE) goto fail; ++ ++ /* Impose maximum values on input parameters so that this function can ++ * perform arithmetic operations without worrying about overflows. ++ */ ++ if (d_w > 0x08000000 || d_h > 0x08000000 || buf_align > 65536 || ++ stride_align > 65536) { ++ goto fail; ++ } ++ + /* Treat align==0 like align==1 */ + if (!buf_align) buf_align = 1; + +@@ -80,9 +92,12 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, vpx_img_fmt_t fmt, + * and height shouldn't be adjusted. */ + w = d_w; + h = d_h; +- s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8; +- s = (s + stride_align - 1) & ~(stride_align - 1); +- stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; ++ s = (fmt & VPX_IMG_FMT_PLANAR) ? w : (uint64_t)bps * w / 8; ++ s = (s + stride_align - 1) & ~((uint64_t)stride_align - 1); ++ s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; ++ if (s > INT_MAX) goto fail; ++ stride_in_bytes = (int)s; ++ s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s / 2 : s; + + /* Allocate the new image */ + if (!img) { +@@ -100,12 +115,16 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img, vpx_img_fmt_t fmt, + /* Calculate storage sizes given the chroma subsampling */ + align = (1 << xcs) - 1; + w = (d_w + align) & ~align; ++ assert(d_w <= w); + align = (1 << ycs) - 1; + h = (d_h + align) & ~align; ++ assert(d_h <= h); + +- s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8; +- s = (s + stride_align - 1) & ~(stride_align - 1); +- stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; ++ s = (fmt & VPX_IMG_FMT_PLANAR) ? w : (uint64_t)bps * w / 8; ++ s = (s + stride_align - 1) & ~((uint64_t)stride_align - 1); ++ s = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; ++ if (s > INT_MAX) goto fail; ++ stride_in_bytes = (int)s; + alloc_size = (fmt & VPX_IMG_FMT_PLANAR) ? (uint64_t)h * s * bps / 8 + : (uint64_t)h * s; + +@@ -170,12 +189,12 @@ int vpx_img_set_rect(vpx_image_t *img, unsigned int x, unsigned int y, + if (img->fmt & VPX_IMG_FMT_HAS_ALPHA) { + img->planes[VPX_PLANE_ALPHA] = + data + x * bytes_per_sample + y * img->stride[VPX_PLANE_ALPHA]; +- data += img->h * img->stride[VPX_PLANE_ALPHA]; ++ data += (size_t)img->h * img->stride[VPX_PLANE_ALPHA]; + } + + img->planes[VPX_PLANE_Y] = + data + x * bytes_per_sample + y * img->stride[VPX_PLANE_Y]; +- data += img->h * img->stride[VPX_PLANE_Y]; ++ data += (size_t)img->h * img->stride[VPX_PLANE_Y]; + + if (img->fmt == VPX_IMG_FMT_NV12) { + img->planes[VPX_PLANE_U] = +@@ -186,7 +205,8 @@ int vpx_img_set_rect(vpx_image_t *img, unsigned int x, unsigned int y, + img->planes[VPX_PLANE_U] = + data + (x >> img->x_chroma_shift) * bytes_per_sample + + (y >> img->y_chroma_shift) * img->stride[VPX_PLANE_U]; +- data += (img->h >> img->y_chroma_shift) * img->stride[VPX_PLANE_U]; ++ data += ++ (size_t)(img->h >> img->y_chroma_shift) * img->stride[VPX_PLANE_U]; + img->planes[VPX_PLANE_V] = + data + (x >> img->x_chroma_shift) * bytes_per_sample + + (y >> img->y_chroma_shift) * img->stride[VPX_PLANE_V]; +@@ -194,7 +214,8 @@ int vpx_img_set_rect(vpx_image_t *img, unsigned int x, unsigned int y, + img->planes[VPX_PLANE_V] = + data + (x >> img->x_chroma_shift) * bytes_per_sample + + (y >> img->y_chroma_shift) * img->stride[VPX_PLANE_V]; +- data += (img->h >> img->y_chroma_shift) * img->stride[VPX_PLANE_V]; ++ data += ++ (size_t)(img->h >> img->y_chroma_shift) * img->stride[VPX_PLANE_V]; + img->planes[VPX_PLANE_U] = + data + (x >> img->x_chroma_shift) * bytes_per_sample + + (y >> img->y_chroma_shift) * img->stride[VPX_PLANE_U]; +diff --git a/vpx/vpx_image.h b/vpx/vpx_image.h +index 1adc9b9d9..2c30a8993 100644 +--- a/vpx/vpx_image.h ++++ b/vpx/vpx_image.h +@@ -132,10 +132,13 @@ typedef struct vpx_image_rect { + * is NULL, the storage for the descriptor will be + * allocated on the heap. + * \param[in] fmt Format for the image +- * \param[in] d_w Width of the image +- * \param[in] d_h Height of the image ++ * \param[in] d_w Width of the image. Must not exceed 0x08000000 ++ * (2^27). ++ * \param[in] d_h Height of the image. Must not exceed 0x08000000 ++ * (2^27). + * \param[in] align Alignment, in bytes, of the image buffer and +- * each row in the image(stride). ++ * each row in the image (stride). Must not exceed ++ * 65536. + * + * \return Returns a pointer to the initialized image descriptor. If the img + * parameter is non-null, the value of the img parameter will be +@@ -155,9 +158,12 @@ vpx_image_t *vpx_img_alloc(vpx_image_t *img, vpx_img_fmt_t fmt, + * parameter is NULL, the storage for the descriptor + * will be allocated on the heap. + * \param[in] fmt Format for the image +- * \param[in] d_w Width of the image +- * \param[in] d_h Height of the image ++ * \param[in] d_w Width of the image. Must not exceed 0x08000000 ++ * (2^27). ++ * \param[in] d_h Height of the image. Must not exceed 0x08000000 ++ * (2^27). + * \param[in] stride_align Alignment, in bytes, of each row in the image. ++ * Must not exceed 65536. + * \param[in] img_data Storage to use for the image + * + * \return Returns a pointer to the initialized image descriptor. If the img diff --git a/meta-oe/recipes-multimedia/webm/libvpx_1.14.0.bb b/meta-oe/recipes-multimedia/webm/libvpx_1.14.0.bb index b4d49842ea..13e342d420 100644 --- a/meta-oe/recipes-multimedia/webm/libvpx_1.14.0.bb +++ b/meta-oe/recipes-multimedia/webm/libvpx_1.14.0.bb @@ -10,6 +10,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=d5b04755015be901744a78cc30d390d4" SRCREV = "602e2e8979d111b02c959470da5322797dd96a19" SRC_URI += "git://chromium.googlesource.com/webm/libvpx;protocol=https;branch=main \ file://libvpx-configure-support-blank-prefix.patch \ + file://CVE-2024-5197.patch \ " S = "${WORKDIR}/git" From patchwork Wed Oct 15 06:35:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72372 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0650CCD185 for ; Wed, 15 Oct 2025 06:35:50 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web10.9546.1760510148330767874 for ; Tue, 14 Oct 2025 23:35:48 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=EbOlNqcI; spf=pass (domain: gmail.com, ip: 209.85.214.172, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-28832ad6f64so69651555ad.1 for ; Tue, 14 Oct 2025 23:35:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1760510147; x=1761114947; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rkiAcW8ICvJ0AJQuIW9Ae78rLK4/kaYkxrdeLu0xPbc=; b=EbOlNqcIEDvYzJbUYWdM7GoLYGXp2uZgiitdXbAMNT8A3kJro+2v9ehlkTlXkibwO8 NS1IsH+/taiMpRFHXRIujwo8oWIw5L0YFg4c9sUH6Od1nkEXNbLgRnUrkrsdD3HTwvJ+ HP6l4cTZPmSekcWRwTXadLcQAlYBHI8c4tXN8ire5TWg2OsYHiAUuIhT+HHUdFuv4dXG F8bqOWc7y7rMhHbdqNSRLWYB0D3fstrHhJ0PJacsvWsr7h3LT3V1nBZWXZYmwWAeiVAH m6jtszamd6F3vhbZ4pL6ripuRCL+DaNRIfscPrw9NRTZLusS0sU52jinGrDhGLRKP4mt /chQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760510147; x=1761114947; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rkiAcW8ICvJ0AJQuIW9Ae78rLK4/kaYkxrdeLu0xPbc=; b=ao22BVz5fgHpGTs7laQhUn+T1fGAK30PPM5x/SLEtvhlMLLSK8AQnXHUM1SBEkkBoz 5RrSeW9d0LYcCfXi+2zBIAyzb+hEAmrIVwBSkEwvkbkDhy5nOotmfdUKqWFzYa83q7/J P8zLvtUoBImvfuJUFkgFT9v3J5UhG53NOXHYbFMgUKT/tAtbpTnsQ2OVigtDoMhLKhxA NEKpuC5p+UuB6Z8F0zoyuS23qzPSYJL7UBxKqlL24v8hzAjl7JrQQLYi4idskZPNARFd H1xNnkbyZMbqhtPOkM6HZh4RO/yi8yeiHkK3HDej6fmqyrBxiOVqh0c73YR/a8wEI7Dg GXyg== X-Gm-Message-State: AOJu0YzNgMW0bCwZIO4F5fJVFoK3QinwSoZzRmqRt8UNfKsLHQsn1+sw 7yhbDUUyrNPR41Vx0Kp/B+aBwX8nHmA4qP2sa7XkQeO9+hHCiq7HL2i6xPqCqg== X-Gm-Gg: ASbGncuWhqenouL4sLu/wmuVsoAGrKDbTYUcJ1SbR0liZm4rfSYQPYZHfyEdoahurmz wYtMo0O0eqRwxXii/GUZp86e02FRlTmbaIU5GIOY65YMDVBHW/AUuHsfVULjj0r+pP4rS+sFJdj o+IxiWborIXiLqTyHKLQaxQk4qBAtot67NyL3YMT4JkjNBFUO0dC+cIr5Dxhr9kl8HR05a8Z+uP 6c3ERnDL06XuMk8BWagyZyxu71T9QvE/UN3N/crGgQrakhNxhyiq/sbvK2xM3qCPC+32pvtFG4F vDdDXH/28Z/MKUywPxqPtw5puEdLzlta1qtfvgo+M4WnNsq7hKAQ2svpeTwLg2OvktewjhgM+Q1 gOAKO9qLmFrpJmFX0HDdpH+GmQnkmgAJ8aauWGBV4iFuwDe4Hy/1npMWPceOzZWKbtkpAgd0rD6 koYqSUFaxARHh9GA== X-Google-Smtp-Source: AGHT+IGF4GdMCBBQBX0ZHYKpZwIHZbmHHdPflv10naI0r/YzA3WTcC4TEWCOTww2i9TKckX7PP9+8w== X-Received: by 2002:a17:902:ef09:b0:27f:1c1a:ee43 with SMTP id d9443c01a7336-290272c2564mr354672295ad.29.1760510147460; Tue, 14 Oct 2025 23:35:47 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29034de6fd3sm186191205ad.25.2025.10.14.23.35.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Oct 2025 23:35:47 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 3/4] neatvnc: upgrade to 0.8.1 release Date: Wed, 15 Oct 2025 19:35:30 +1300 Message-ID: <20251015063531.1573191-3-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251015063531.1573191-1-ankur.tyagi85@gmail.com> References: <20251015063531.1573191-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Oct 2025 06:35:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120692 This release fixes CVE-2024-42458 https://github.com/any1/neatvnc/compare/v0.8.0...v0.8.1 Signed-off-by: Ankur Tyagi --- .../neatvnc/{neatvnc_0.8.0.bb => neatvnc_0.8.1.bb} | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) rename meta-oe/recipes-graphics/neatvnc/{neatvnc_0.8.0.bb => neatvnc_0.8.1.bb} (81%) diff --git a/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb b/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb similarity index 81% rename from meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb rename to meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb index c9c4a6c27a..572134b47c 100644 --- a/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.0.bb +++ b/meta-oe/recipes-graphics/neatvnc/neatvnc_0.8.1.bb @@ -4,9 +4,9 @@ HOMEPAGE = "https://github.com/any1/neatvnc" LICENSE = "ISC" LIC_FILES_CHKSUM = "file://COPYING;md5=94fc374e7174f41e3afe0f027ee59ff7" -SRC_URI = "git://github.com/any1/neatvnc;branch=master;protocol=https" +SRC_URI = "git://github.com/any1/neatvnc;branch=v0.8;protocol=https" -SRCREV = "46432ce8cade0b54a38d4bb42eb07f96c8ff49fd" +SRCREV = "07081567ab21a2b099ceb41ae8cab872a31cbb9a" S = "${WORKDIR}/git" @@ -36,3 +36,5 @@ do_install:append () { } BBCLASSEXTEND = "native" + +CVE_STATUS[CVE-2024-42458] = "fixed-version: No action required. The current version (0.8.1) is not affected by the CVE." From patchwork Wed Oct 15 06:35:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ankur Tyagi X-Patchwork-Id: 72371 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3354CCD194 for ; Wed, 15 Oct 2025 06:35:50 +0000 (UTC) Received: from mail-pg1-f170.google.com (mail-pg1-f170.google.com [209.85.215.170]) by mx.groups.io with SMTP id smtpd.web11.9523.1760510150279922882 for ; Tue, 14 Oct 2025 23:35:50 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CclwR97v; spf=pass (domain: gmail.com, ip: 209.85.215.170, mailfrom: ankur.tyagi85@gmail.com) Received: by mail-pg1-f170.google.com with SMTP id 41be03b00d2f7-b5515eaefceso5350713a12.2 for ; Tue, 14 Oct 2025 23:35:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1760510149; x=1761114949; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TGZExR3pV4LJsU04VpQiSg0Rc7c9Suqx8TVXsD0X+jE=; b=CclwR97v7q5znQ3rOwchmJmGG8v+ObqTegdR34/Kzx7Lr/Oij/5nTiMwBOmQDh8szY N0kZo+1EXYwiRXvXtg5nSm+pVZjUrCyEfTnwsiLV2NqEoWd0yzeNS4qId/5Irc/FlVoU 5kahk5NViKHe5G3Izyw5bfjqciQRObVJPLFh/s1dBcDXOMEd2UBlK6rAqi2YzaFMNpni j7poikxXi+sAKYvASiqfwe1DTJxf4YjXeboeKfoyJcf4csCCTC1eLTH8uUEUKsWoIPjI BcJI4Y49zEM8DffSHrTeJB4jjgNrNv5k5s6I6xHp/jScP2+95JNQdW7d+kv3EaqsS2wr Mibw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760510149; x=1761114949; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TGZExR3pV4LJsU04VpQiSg0Rc7c9Suqx8TVXsD0X+jE=; b=i8KEPANxTGslSJiiB7VDXIGxkHUiSBNLbzavdpMm5JGs7mAwezjmW5KOvrw1+9VJBx nxJ5ZGrmOm0Il6/7G1ToWAQEGuckyp1NDvyYILJA/DkDvWw9wScQwR/wEzY8+R6FH3kB 0FT44I8DHwIYblaPm0ii/H61xPfZOjcnIB0lhRMo9jeHWaDFbN25PWR26spaq4hQmy2b w1+rD/vPolNo/Qp1YzfI7/9LeNYrp2o/oL8Ct8ucYX/V+qDNdNXvl+evb0IztXrT2n4K Tp6hgF7UTW6sRmDWKuJ+n3kwfIIvgqnydcpEklY/2y2sUPfIYuH6tThTxIER21OvHfzm 3H7Q== X-Gm-Message-State: AOJu0YyXjXBhh7fzfEP7FTc/2y2diwx2IXKhfuXGgO4riBrFXULgcCiy aM7a57T+tP2rNl7jWTUjUl9zcnC/GYKtadsbvFy6ix+S7eHp5cBwF1Yorx0zig== X-Gm-Gg: ASbGncsBe3Ra4hE89BBmp8ESsNxmaFUlxhMsixT60CyDjNFlbQ+tttQVvUi35oWGpMo EA2HR09bIE790BjIzJvlvbkM+8v2ngsNWwk4bFG2naDvOo1pKkJBchyq81buNqdvJS/JxsbnIe4 QpL7dan0XIMW4pAN914So06eDWiT+SMP7j/u34Thf+Ma1udwRX+lMu2sqz1jz7KEqhgWViFr3Fk zonkDjtr+H62vNO5twfJzvyEzcXcRXHD+ZAt3YIFxlX4m1bF3PfvPyxFLV4VJ52JTsyxlOOxlIW y2WRxQ0X0tHLeSpsJgVtswTIVTskvFHlg7JB4NugGEL3wvThLzcUHU4108nakyyi3gHEI2pNnnX EJljdMvAwfwgyuF6QvFAsFkahDLqfBJcvV8kCtHz1v2cI487Ycf6IgRo= X-Google-Smtp-Source: AGHT+IF49IG3DJJJa/7kllzk53romDT5c4RL1di/msPNN3hW1Zx7hmPqSw2gkgtHsW9y+HTvh/0vSw== X-Received: by 2002:a17:903:2ac3:b0:281:613:844b with SMTP id d9443c01a7336-29027418ecdmr344714305ad.52.1760510149482; Tue, 14 Oct 2025 23:35:49 -0700 (PDT) Received: from NVAPF55DW0D-IPD.. ([147.161.216.252]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29034de6fd3sm186191205ad.25.2025.10.14.23.35.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Oct 2025 23:35:49 -0700 (PDT) From: Ankur Tyagi To: openembedded-devel@lists.openembedded.org Cc: Ankur Tyagi Subject: [oe][meta-oe][scarthgap][PATCH 4/4] opencv: ignore CVE-2025-53644 Date: Wed, 15 Oct 2025 19:35:31 +1300 Message-ID: <20251015063531.1573191-4-ankur.tyagi85@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251015063531.1573191-1-ankur.tyagi85@gmail.com> References: <20251015063531.1573191-1-ankur.tyagi85@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Oct 2025 06:35:50 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/120693 Details https://nvd.nist.gov/vuln/detail/CVE-2025-53644 CVE was fixed by [1] but the change [2] which introduced CVE was not present this version (4.9.0). $ git tag --no-contains 40faced6 | grep 4.9.0 4.9.0 [1] https://github.com/opencv/opencv/commit/a39db41390de546d18962ee1278bd6dbb715f466 [2] https://github.com/opencv/opencv/commit/40faced6c18baa6fbc7c1fbd409d59d6ddecc74f#diff-ae9fbe252ce7879e83e7ae22e594d50b5a8d2ea8dfb4cc8e02e896902a1a8f10R2872 Signed-off-by: Ankur Tyagi --- meta-oe/recipes-support/opencv/opencv_4.9.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-support/opencv/opencv_4.9.0.bb b/meta-oe/recipes-support/opencv/opencv_4.9.0.bb index cf836d3ecf..e4910553bf 100644 --- a/meta-oe/recipes-support/opencv/opencv_4.9.0.bb +++ b/meta-oe/recipes-support/opencv/opencv_4.9.0.bb @@ -208,3 +208,5 @@ do_install:append() { rm -rf ${D}${bindir}/setup_vars_opencv4.sh fi } + +CVE_STATUS[CVE-2025-53644] = "cpe-incorrect: This version (4.9.0) doesn't contain the change which introduced CVE."