From patchwork Wed Oct 29 20:11:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 73317 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8484CCF9F1 for ; Wed, 29 Oct 2025 20:12:10 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.13452.1761768730272696165 for ; Wed, 29 Oct 2025 13:12:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=aXiftojk; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-7a27bf4fbcbso328481b3a.1 for ; Wed, 29 Oct 2025 13:12:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1761768729; x=1762373529; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LDjm6zzQbtplvHgJKRTR87yPQpBd1O5jrOgREsDKirQ=; b=aXiftojkV/NC4GjzHBdnklBxrL9zdTzyvKcP/eGAw2dDlne2mPgOauIJlhbwdvhMcy 5t8h/MSFvC3xilFA1My14nEj5vqqocq86BIReipULW26KNpqAO0gqJBIRgclrsg53g8W kXahLMDMxenhR9fXwBFKS41oM+HBLYmpsBvvJpg4B7uSfZYv+s/U1gpm07xGGqL6l/aW p8bNkks4GwqYZbntKf107CsTWn5sMxCw/hOdvb0TrC44Tzp7xcPzG222qKKlmkdKoq7g qSgaxC93LbhBZAq+inTieyKH/+/CjO+TXTtub0aZ5t1OeVFndkp49kE275B66aHBCyUn kwwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761768729; x=1762373529; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LDjm6zzQbtplvHgJKRTR87yPQpBd1O5jrOgREsDKirQ=; b=wRAHG1KCcV5c3Y2s3lnna/HebfMQh8ooBcQDpBqF4Vu+hxu3XozWR2LyeZUqpUs3/8 fc3ogHKJ32o3NkAYX3EIZw/Lyunot3ZgUXQ5Sit0M3U3mL6uB9qbLMU64z0mfTiPvYO4 yaivl9WznOeTD3yR1KMVZkY0C2vsjEtEzFzIlCJjHQg67B69wNnZ4pXMOBPNWYb1CBal ddMLc9WGq4D9dwPAlpXT8dCyEdR7wBv8i6emDWGvN4etSwkLFAd0vFpl2xtpj/iV9Qt4 UP6FZYWDC5qNSWqT/Eso42VQ3Pfu05BpNPaZVyr2vOLjSN0dUvkFtVKgGL9qfNM4+g9P Iq4w== X-Gm-Message-State: AOJu0YzD1x3k2JIIP9MiWrRyJM2QWkY8Ta+L3ThLDdNQl70nwPyQYCHS PsYmrAvx46eye19uYXmuai5BUVIG5btg+X3BFRbgcVUqAaUzjhqDi0btEyOcPWhV8JuZ0T8sPfb 2xbTcZgU= X-Gm-Gg: ASbGncsTTbKhnw2Pq599b/YlJmISSSw7YM3+uUr8uyzfVxg0CQ04b1qkYzcRgEvdeH/ xG42QTDlhHvbwly03UxMB5LDbOHJoeeF8c9VKv6lnnOud78n/PzZvXTzdMUb8x650j7WTN9ZJZy Z5D2SyHkM0PGIAdmCk1XxLZMG+tGqofSewn4flAr+peFW+QgUfQp3p87yYCuKxlEOw4TO4PHftO VjNKTjvRMwNX6U/BK98VybILHn5zLmrSLZbqaoaZauQaOcYxQLg0YSWrNyaOsKv+A6rI5CNTKY1 0BimBdAIvJSq3k4RxpueD+wG+6m4ZG6wxHuHKcDbO5YxpQVi3iF9Tx0G5HoW1ABUGjwmVudVFMW l0EEJYtu/jCk130ud9FaTZzp89EoSDyTFUf2q6ahloxwgFmCEzQx9107UjdrcdjlaEz4= X-Google-Smtp-Source: AGHT+IExqcbccxhzt1mkVrRAUbukyi+/5G/v94Lq80rxlu/x9M54W9B+XZQS9NP5TOoVByLMg8m37A== X-Received: by 2002:a05:6a20:2584:b0:344:97a7:8c61 with SMTP id adf61e73a8af0-34654a05a52mr5231164637.37.1761768729331; Wed, 29 Oct 2025 13:12:09 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:5e34:462b:e2f0:5898]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7a414087d2asm16522100b3a.63.2025.10.29.13.12.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Oct 2025 13:12:08 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 1/6] lz4: fix CVE-2025-62813 Date: Wed, 29 Oct 2025 13:11:50 -0700 Message-ID: <0a63e3e120cc6958e2963a3ad510ec7c03f1adae.1761768602.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 29 Oct 2025 20:12:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225465 From: David Nyström Prevent attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-62813 Upstream patch: https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 Signed-off-by: David Nyström Signed-off-by: Steve Sakoman --- .../lz4/files/CVE-2025-62813.patch | 73 +++++++++++++++++++ meta/recipes-support/lz4/lz4_1.9.4.bb | 5 +- 2 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 meta/recipes-support/lz4/files/CVE-2025-62813.patch diff --git a/meta/recipes-support/lz4/files/CVE-2025-62813.patch b/meta/recipes-support/lz4/files/CVE-2025-62813.patch new file mode 100644 index 0000000000..bbd0f74541 --- /dev/null +++ b/meta/recipes-support/lz4/files/CVE-2025-62813.patch @@ -0,0 +1,73 @@ +From 10dbd089b74cf858a24a4aa4c2a438984ddf17d7 Mon Sep 17 00:00:00 2001 +From: louislafosse +Date: Mon, 31 Mar 2025 20:48:52 +0200 +Subject: [PATCH] fix(null) : improve error handlings when passing a null + pointer to some functions from lz4frame +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Upstream-Status: Backport [Upstream commit https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82] +CVE: CVE-2025-62813 + +Signed-off-by: David Nyström +--- + lib/lz4frame.c | 15 +++++++++++++-- + tests/frametest.c | 9 ++++++--- + 2 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/lib/lz4frame.c b/lib/lz4frame.c +index 174f9ae4..cc6ed6f1 100644 +--- a/lib/lz4frame.c ++++ b/lib/lz4frame.c +@@ -530,9 +530,16 @@ LZ4F_CDict* + LZ4F_createCDict_advanced(LZ4F_CustomMem cmem, const void* dictBuffer, size_t dictSize) + { + const char* dictStart = (const char*)dictBuffer; +- LZ4F_CDict* const cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem); ++ LZ4F_CDict* cdict = NULL; ++ + DEBUGLOG(4, "LZ4F_createCDict_advanced"); +- if (!cdict) return NULL; ++ ++ if (!dictStart) ++ return NULL; ++ cdict = (LZ4F_CDict*)LZ4F_malloc(sizeof(*cdict), cmem); ++ if (!cdict) ++ return NULL; ++ + cdict->cmem = cmem; + if (dictSize > 64 KB) { + dictStart += dictSize - 64 KB; +@@ -1429,6 +1436,10 @@ LZ4F_errorCode_t LZ4F_getFrameInfo(LZ4F_dctx* dctx, + LZ4F_frameInfo_t* frameInfoPtr, + const void* srcBuffer, size_t* srcSizePtr) + { ++ assert(dctx != NULL); ++ RETURN_ERROR_IF(frameInfoPtr == NULL, parameter_null); ++ RETURN_ERROR_IF(srcSizePtr == NULL, parameter_null); ++ + LZ4F_STATIC_ASSERT(dstage_getFrameHeader < dstage_storeFrameHeader); + if (dctx->dStage > dstage_storeFrameHeader) { + /* frameInfo already decoded */ +diff --git a/tests/frametest.c b/tests/frametest.c +index 33019551..523e35d1 100644 +--- a/tests/frametest.c ++++ b/tests/frametest.c +@@ -589,10 +589,13 @@ int basicTests(U32 seed, double compressibility) + size_t const srcSize = 65 KB; /* must be > 64 KB to avoid short-size optimizations */ + size_t const dstCapacity = LZ4F_compressFrameBound(srcSize, NULL); + size_t cSizeNoDict, cSizeWithDict; +- LZ4F_CDict* const cdict = LZ4F_createCDict(CNBuffer, dictSize); +- if (cdict == NULL) goto _output_error; +- CHECK( LZ4F_createCompressionContext(&cctx, LZ4F_VERSION) ); ++ LZ4F_CDict* cdict = NULL; + ++ CHECK( LZ4F_createCompressionContext(&cctx, LZ4F_VERSION) ); ++ cdict = LZ4F_createCDict(CNBuffer, dictSize); ++ if (cdict == NULL) ++ goto _output_error; ++ + DISPLAYLEVEL(3, "Testing LZ4F_createCDict_advanced : "); + { LZ4F_CDict* const cda = LZ4F_createCDict_advanced(lz4f_cmem_test, CNBuffer, dictSize); + if (cda == NULL) goto _output_error; diff --git a/meta/recipes-support/lz4/lz4_1.9.4.bb b/meta/recipes-support/lz4/lz4_1.9.4.bb index 51a854d44a..8c96f9bab4 100644 --- a/meta/recipes-support/lz4/lz4_1.9.4.bb +++ b/meta/recipes-support/lz4/lz4_1.9.4.bb @@ -13,8 +13,9 @@ PE = "1" SRCREV = "5ff839680134437dbf4678f3d0c7b371d84f4964" SRC_URI = "git://github.com/lz4/lz4.git;branch=release;protocol=https \ - file://run-ptest \ - " + file://run-ptest \ + file://CVE-2025-62813.patch \ + " UPSTREAM_CHECK_GITTAGREGEX = "v(?P.*)" S = "${WORKDIR}/git" From patchwork Wed Oct 29 20:11:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 73318 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C5351CCF9F1 for ; Wed, 29 Oct 2025 20:12:20 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web01.13556.1761768732892540694 for ; Wed, 29 Oct 2025 13:12:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ZqjzxY6i; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-7a28c7e3577so312903b3a.1 for ; Wed, 29 Oct 2025 13:12:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1761768732; x=1762373532; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=owM1nPLVYeik8s31o7qM+1c1lBRkY4mnCK0DClm3/tU=; b=ZqjzxY6ixFMwaVnxulwgfrResnADOkTuDtPIMLP3XQvBVKWescQl40rSJ1J521ZDoD J2y36RlGU61axiX/B/y5l+HY+/gnC38YRItMNQe2kEXhbrykWwJwUUnqAvBJZ5+kkmHO l29loOAFY7zq0y8fxgtUwXlMiZsmt7Dh2V3bAERs/8zknode5wBsbpd+DNnKrv66ISqf tdw4qdskOXyQwL5mBHPzYklv38pFCW/WND5/jmD1d+3YbWtRG1gEht+73L2Vby6L6u6Z Ba8a3NLLPEi3+K0WE/MQo6KmSUZIM4qSK7F5e3WGVkqWqsZgKHuYZnyEprYXh0nlj8wW QzoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761768732; x=1762373532; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=owM1nPLVYeik8s31o7qM+1c1lBRkY4mnCK0DClm3/tU=; b=gSIsNCK5xRaNBwsaojmcM72IV8AagacQLjkwYFUZ8NAeGFY+RY/UkpdTZt3+uiscl+ vGCf8Q80ZDQnDv9q5dhJJ7+/V6FxWSXt1GT9vXEfx1/Qzw+GACdziRB7+Ezl+8GA9U5g QYQJW4RshpVdsmgGwttIlyFCbuCB4WU8P0ROPhcmhp2MPJzfKKkYlMFR9FcoWOGX7U4U CL0xj6cUal2Rhv4YUyjn4zkddSYwcqIdN+EiMFEZthYkVOf0lxGUze5/7AxVhypRojgl H8AbzfN0WV2o7LFq4g62eW7KS+rxAKPCwLDihnFobBeBq/6hRlNOETIDHDR/Wjx60g7+ vuXg== X-Gm-Message-State: AOJu0YzuaO0f9QQOQpnM0Qg/2dGnfAeWxRm03WYnCDCHqCecUFjOCs84 Oh/seSMKdYIodhjeGPAVSvIyof+T+JgdKf5lNJSqiIGPb9zVSJFdUsWcPb8ppCv8JepZFB7crO2 05nBY02U= X-Gm-Gg: ASbGnctGQf3VwpMBRwlgyiGAj/+xymlf37wb+COag2j3iD8DPEIl4AL2zb+QInh7+f8 RQKO4oR/+83BVuhw6givKvDSF4hSU0vp6HkBuh9+a7UHtH5JNQDfm4RxaP4J13hQ9hXnVhXPu5E C8aWMpfAINiLnAOkFKZjuKCV2o/G248HFgDni+xNuAprj2lnfIHv+OGcePapmuVElh7//Jg0weV g+hnotYf5dH1C7ngxC8aoi86CSfPmQmIeEpHlqfZN8wTKh8iohiGWWKw8FuB8+eoljlbc4TEq/m XYNBEGc0rqlXIMJPro4z6EkCCsSQ425Py1kC4pervZp/aoZ4ISrYWHsgAiZQSVo+MWNqk+VJqaC JZi75CrcydSRVh0kzhhp1VOCfUDxul3KnA8N4OwTbosKFxTx7d3sN+4hVgrwErlayUB0= X-Google-Smtp-Source: AGHT+IHoqrifeMzEyDoLjcCPY9qnEbfGaLOc5oy1RNF3KW1w5Yd0WWh2CF4HhEKKNbOrhi2pPPSs2Q== X-Received: by 2002:a05:6a00:94f5:b0:792:574d:b2c with SMTP id d2e1a72fcca58-7a626526543mr740717b3a.15.1761768731997; Wed, 29 Oct 2025 13:12:11 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:5e34:462b:e2f0:5898]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7a414087d2asm16522100b3a.63.2025.10.29.13.12.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Oct 2025 13:12:11 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 2/6] binutils: fix CVE-2025-11081 Date: Wed, 29 Oct 2025 13:11:51 -0700 Message-ID: <6ed800208a56d69faf4a1b3458caa8d412f01b89.1761768602.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 29 Oct 2025 20:12:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225466 From: Yash Shinde CVE: CVE-2025-11081 Trying to dump .sframe in a PE file results in a segfault accessing elf_section_data. * objdump (dump_sframe_section, dump_dwarf_section): Don't access elf_section_type without first checking the file is ELF. PR 33406 SEGV in dump_dwarf_section [https://sourceware.org/bugzilla/show_bug.cgi?id=33406] Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b] Signed-off-by: Yash Shinde Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.42.inc | 1 + .../binutils/0026-CVE-2025-11081.patch | 84 +++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0026-CVE-2025-11081.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 3e180b6018..5447ab0da4 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -61,5 +61,6 @@ SRC_URI = "\ file://0023-CVE-2025-7545.patch \ file://0024-CVE-2025-11082.patch \ file://0025-CVE-2025-11083.patch \ + file://0026-CVE-2025-11081.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0026-CVE-2025-11081.patch b/meta/recipes-devtools/binutils/binutils/0026-CVE-2025-11081.patch new file mode 100644 index 0000000000..31dbef52fa --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0026-CVE-2025-11081.patch @@ -0,0 +1,84 @@ +From f87a66db645caf8cc0e6fc87b0c28c78a38af59b Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Tue, 9 Sep 2025 18:32:09 +0930 +Subject: [PATCH] PR 33406 SEGV in dump_dwarf_section + +Trying to dump .sframe in a PE file results in a segfault accessing +elf_section_data. + + * objdump (dump_sframe_section, dump_dwarf_section): Don't access + elf_section_type without first checking the file is ELF. +--- + binutils/objdump.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b] +CVE: CVE-2025-11081 + +Signed-off-by: Alan Modra +Signed-off-by: Yash Shinde + +diff --git a/binutils/objdump.c b/binutils/objdump.c +index 290f7e51f66..ee8823da05a 100644 +--- a/binutils/objdump.c ++++ b/binutils/objdump.c +@@ -4418,6 +4418,10 @@ + else + match = name; + ++ if (bfd_get_flavour (abfd) == bfd_target_elf_flavour ++ && elf_section_type (section) == SHT_GNU_SFRAME) ++ match = ".sframe"; ++ + for (i = 0; i < max; i++) + if ((strcmp (debug_displays [i].section.uncompressed_name, match) == 0 + || strcmp (debug_displays [i].section.compressed_name, match) == 0 +@@ -4923,6 +4927,36 @@ + } + ++static void ++dump_sframe_section (bfd *abfd, const char *sect_name, bool is_mainfile) ++ ++{ ++ /* Error checking for user provided SFrame section name, if any. */ ++ if (sect_name) ++ { ++ asection *sec = bfd_get_section_by_name (abfd, sect_name); ++ if (sec == NULL) ++ { ++ printf (_("No %s section present\n\n"), sanitize_string (sect_name)); ++ return; ++ } ++ /* Starting with Binutils 2.45, SFrame sections have section type ++ SHT_GNU_SFRAME. For SFrame sections from Binutils 2.44 or earlier, ++ check explcitly for SFrame sections of type SHT_PROGBITS and name ++ ".sframe" to allow them. */ ++ else if (bfd_get_flavour (abfd) != bfd_target_elf_flavour ++ || (elf_section_type (sec) != SHT_GNU_SFRAME ++ && !(elf_section_type (sec) == SHT_PROGBITS ++ && strcmp (sect_name, ".sframe") == 0))) ++ { ++ printf (_("Section %s does not contain SFrame data\n\n"), ++ sanitize_string (sect_name)); ++ return; ++ } ++ } ++ dump_dwarf (abfd, is_mainfile); ++} ++ + static void + dump_target_specific (bfd *abfd) + { + const struct objdump_private_desc * const *desc; +diff --git a/include/elf/common.h b/include/elf/common.h +--- a/include/elf/common.h ++++ b/include/elf/common.h +@@ -528,6 +528,8 @@ + #define SHT_LOOS 0x60000000 /* First of OS specific semantics */ + #define SHT_HIOS 0x6fffffff /* Last of OS specific semantics */ + ++#define SHT_GNU_SFRAME 0x6ffffff4 /* SFrame stack trace information. */ ++ + #define SHT_GNU_INCREMENTAL_INPUTS 0x6fff4700 /* incremental build data */ + #define SHT_GNU_ATTRIBUTES 0x6ffffff5 /* Object attributes */ + #define SHT_GNU_HASH 0x6ffffff6 /* GNU style symbol hash table */ From patchwork Wed Oct 29 20:11:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 73319 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C530FCCF9EE for ; Wed, 29 Oct 2025 20:12:20 +0000 (UTC) Received: from mail-pf1-f170.google.com (mail-pf1-f170.google.com [209.85.210.170]) by mx.groups.io with SMTP id smtpd.web10.13456.1761768734728293624 for ; Wed, 29 Oct 2025 13:12:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=cZcRz6G2; spf=softfail (domain: sakoman.com, ip: 209.85.210.170, mailfrom: steve@sakoman.com) Received: by mail-pf1-f170.google.com with SMTP id d2e1a72fcca58-7a26b9a936aso265222b3a.0 for ; Wed, 29 Oct 2025 13:12:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1761768734; x=1762373534; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ukzwMGphRpz1fESHqJ5QVuzndrcJHwMsv/PQtoFg8FY=; b=cZcRz6G28lpwpVJd98d1R2XlttrljwwFN1wUCg2F7t4sege/GqoMU6nMI0YLvnRZqg pTXLMpCmohHScuTqLxOytvN11EW88DMxddi4zJof08Rc82aTgSo9BxHg4TgVmoa+ZPSc YIaUbgdgTUwYNzU68d0cMsU1YpDJ2lB7hwzyyIfm5lcR063LmYvFHrNA724msJlSCD5M cTUpcNabORMWcrVHTlB8kF396YR64nr+HwgoFhcVJXJOu2Se29EHsSrvkRtTXwyra7o+ 3FhLhUDP8VWBXFYmhouo+UF82Lv/ytH0ht9Py6CBW58firnzTmzrkKycNV9umpIIfYTW +7/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761768734; x=1762373534; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ukzwMGphRpz1fESHqJ5QVuzndrcJHwMsv/PQtoFg8FY=; b=RyiUSpjbdekUtR6vU85e6pt7d0R6okTsxgyS+DldIk6UCzlQbhH0Xb4q9zcNXmjU3k atNrIxl4hpDzoJchTmnArdY2xeU+fgng+wDA3KN+p94OyRT9oytzhTf7YTxo50XnLZ+3 /2EhhdQ2VxnUuREjH7wSrp7AOrC+YqtPHL2jNbR6lZD1FKcARAlZOK6yEOHvvtDiQKic pmd0s/iRsAUcXbhjgSLzEg3Rn6L6FbPPp2ELe+InhH/YQ1uEKJCIThH5DQSNj/VR9rjF MZ5uj+N8jFmyWU1k/NJB3dAnQG5AtMDJQjZwSOetBtTrQaGnu71WILkgCrJs540r/JZF ALZw== X-Gm-Message-State: AOJu0YzD0jJ07Ba9j4DFtQO9Prn2pL72EpWqvunSLccyVqPSFS4LcTQh 1XRch/o4dBzswxFX2I+9uzl+cB8SnItPtEGe7klIP9jtpJVGL2f4E3F12ts864cNQP58p92POFi Ivh0kYnY= X-Gm-Gg: ASbGncuNQwB2C5ZaesjEap8dfymz3r5DcKNx5e+2C0Pc7ublljOEKfpKZHbZoOGird7 +ToQRvfPJQG1+UwH3vGHP62vptI1pav/KNOmUOOKxz3AxMu4BWTdQKEVfu//gjTIr8Wd7pz95lI SfB1nSMbOs07rQhcX0pU6lwnY0Zq0lk4vIZsMiUTqFuNmZpPPesDIME1vfW9xzJJ6HqVuDJeAQ1 86LULcE0XQljCOW5XT0+4v9BRFMO2sCnAYzE8A3Q3j24YKRTHzw3VFMTssk0v0Be9zfCPNRfGb0 r/jIsSDi5TDg1jRy19F5+O8JSWoMg5bLVAeFCszy5xeoNzlTeK2l7U8VGmDH5O4/pfR6nnIREhC OYW5uF6RnSH/EEuCrQzPeIYlHOvvgdsyn7lveSkk9uKmBudNNqjL4f5UM4c/UJ5bXZZo= X-Google-Smtp-Source: AGHT+IEZep8phg9hsjaFX31HJy7vzHZRgMbmUlx2ehkjlSMFoC/g9nx50JNgnWLDoBmam/ZWFPR1iw== X-Received: by 2002:a05:6a00:92a5:b0:7a4:c1c4:3959 with SMTP id d2e1a72fcca58-7a626b0b65emr643682b3a.22.1761768733893; Wed, 29 Oct 2025 13:12:13 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:5e34:462b:e2f0:5898]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7a414087d2asm16522100b3a.63.2025.10.29.13.12.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Oct 2025 13:12:13 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 3/6] binutils: fix CVE-2025-8225 Date: Wed, 29 Oct 2025 13:11:52 -0700 Message-ID: <7feed679262025b8405488d064e2c546a3ed7a0c.1761768602.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 29 Oct 2025 20:12:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225467 From: Yash Shinde CVE: CVE-2025-8225 It is possible with fuzzed files to have num_debug_info_entries zero after allocating space for debug_information, leading to multiple allocations. * dwarf.c (process_debug_info): Don't test num_debug_info_entries to determine whether debug_information has been allocated, test alloc_num_debug_info_entries. Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4] Signed-off-by: Yash Shinde Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.42.inc | 1 + .../binutils/0027-CVE-2025-8225.patch | 47 +++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0027-CVE-2025-8225.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 5447ab0da4..dcd3325ecc 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -62,5 +62,6 @@ SRC_URI = "\ file://0024-CVE-2025-11082.patch \ file://0025-CVE-2025-11083.patch \ file://0026-CVE-2025-11081.patch \ + file://0027-CVE-2025-8225.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0027-CVE-2025-8225.patch b/meta/recipes-devtools/binutils/binutils/0027-CVE-2025-8225.patch new file mode 100644 index 0000000000..410ba64143 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0027-CVE-2025-8225.patch @@ -0,0 +1,47 @@ +From e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Wed, 19 Feb 2025 22:45:29 +1030 +Subject: [PATCH] binutils/dwarf.c debug_information leak + +It is possible with fuzzed files to have num_debug_info_entries zero +after allocating space for debug_information, leading to multiple +allocations. + + * dwarf.c (process_debug_info): Don't test num_debug_info_entries + to determine whether debug_information has been allocated, + test alloc_num_debug_info_entries. +--- + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4] +CVE: CVE-2025-8225 + + binutils/dwarf.c | 8 +++----- + 1 file changed, 3 insertions(+), 5 deletions(-) + +Signed-off-by: Alan Modra +Signed-off-by: Yash Shinde + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 8e004cea839..bfbf83ec9f4 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -3807,13 +3807,11 @@ process_debug_info (struct dwarf_section * section, + } + + if ((do_loc || do_debug_loc || do_debug_ranges || do_debug_info) +- && num_debug_info_entries == 0 +- && ! do_types) ++ && alloc_num_debug_info_entries == 0 ++ && !do_types) + { +- + /* Then allocate an array to hold the information. */ +- debug_information = (debug_info *) cmalloc (num_units, +- sizeof (* debug_information)); ++ debug_information = cmalloc (num_units, sizeof (*debug_information)); + if (debug_information == NULL) + { + error (_("Not enough memory for a debug info array of %u entries\n"), +-- +2.43.7 + From patchwork Wed Oct 29 20:11:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 73322 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3131CCF9F8 for ; Wed, 29 Oct 2025 20:12:20 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web10.13457.1761768736423996483 for ; Wed, 29 Oct 2025 13:12:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=YeRjuz+V; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-78125ed4052so443963b3a.0 for ; Wed, 29 Oct 2025 13:12:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1761768736; x=1762373536; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1IIB036AdLgWL/xRXb+VKFMNGSrlcLuERwQdE9PSj2s=; b=YeRjuz+VjukLsyLpnI4zYbzLxThBPXfx/b7GKFRoslTNliQdeNFIIL8kiNQIcNqQjn DFC4reZW85Lmh7SQeG9wcFzETIuWB/6rPB4JD4off7jp9Cl7VXRx8/YYEcSTMoXGbV2g HTQbPr4HQ55Zw71CSv3+KsDUglHJ/8SKeWlDvETgiDsP4HVstw/XiwlzlojIyP/6a0iV xzhJxnlfpZJJJZR/6VCnyMrRzr6ORd9gG0hL6m/x0vzuWQmuecfPzHqyV5lhuqSbDAgg 1Z8HigbCGDndC7STT3cMITBIhNRHghNYCMRYaNItm3uT+ASv8ZlSf4GXM27sZNU+q1RP 8J+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761768736; x=1762373536; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1IIB036AdLgWL/xRXb+VKFMNGSrlcLuERwQdE9PSj2s=; b=BkjB+R/MpGJ9dXf7TWsTf89FrSH+lB0vjdUgjKE+IRtUCd997LKcSVrtxunCbhZTa4 9uTpO161AEPezSKnTtM8lW625OTPY3A3hg2z8fQ+2IGlpMYrwVRx/QoFr6/TkMVOVVKL KQeJ94gHcXbMwDEh7p9UoRC6wO3VVBmGo8ZRF+uSLF1aQmbPgFcFA92LaXPpXaw0pyv7 +nmcvLIOBKNQyiomA92AI7sqXHjWunNfU/ttFhhRFQTfq5Kd+562THNSi2vzU/fLBZSx chphvl2lMlVZ82LTz/b+2STpE6+AF//osLypYf1/tV6oHpRVYLIwbb6N2iovr4UlDHFH sKBA== X-Gm-Message-State: AOJu0YzBZdJ+2AA4FY2OtPks8UblCCJV9VCl5KJKnM9mG+e8joa5MJm4 HJeLT0JThRTL11QYxTM/6f+8QpoFyO7SySS3/AZab+PuWYDAH5iXwigdAm+mh/lyo0Qku93xTlY QefrLFuE= X-Gm-Gg: ASbGncsKZhLiPMqyUyqlVa5cR3js7FQOcDTqAk+pyTH7EaLaHHqB4ImGPAGoIdk21RU /4ND2dbySdWnoALPQX7BpiOYofOMoZk9hgH6HQohZ3tdd7YcSGxPe/wRlSxkUKkR019bXW/K36/ IRNDE66yPJbQHUKQ3sCxReNFgHM/+qg0vqIl9ttFsr1jmLFQ6UpxTQvX4RjmAMCKBNdt72Nyknz Vy4n+9yJviq9+knYenmE0r3PUH+tKnUzrleeTLTAaHWuIAM+3LXLFzcBYXwNAy+Sks/ezz3OFx8 LVTFY/z+8ien1jg3RAkzTkyP6HXeDUGGXF6EakatZB8TiGrRMPv0kFR3TIhmmjknf4Q0rUDP1iF kWSpbqobC/UTTK2EvgGI89UpIW2aQHNm0XogWIU1QVhGABhSthWG/DJS46IE/R1jdyuY= X-Google-Smtp-Source: AGHT+IFMlIgE4ksCuiryXwl2cng9dlXNTGOYMm1ahdeblXs+y99d20UFptHqR50Sirt74Kf0DXLUFw== X-Received: by 2002:a05:6a00:8c5:b0:7a2:83f2:4989 with SMTP id d2e1a72fcca58-7a62a3609cfmr654092b3a.5.1761768735599; Wed, 29 Oct 2025 13:12:15 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:5e34:462b:e2f0:5898]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7a414087d2asm16522100b3a.63.2025.10.29.13.12.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Oct 2025 13:12:15 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 4/6] u-boot: fix CVE-2024-42040 Date: Wed, 29 Oct 2025 13:11:53 -0700 Message-ID: <5c086db3f44d44f31e90f95ccb429639a1ff481d.1761768602.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 29 Oct 2025 20:12:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225468 From: Hongxu Jia Backport a patch [1] from upstrem to fix CVE-2024-42040 [2] [1] https://source.denx.de/u-boot/u-boot/-/commit/81e5708cc2c865df606e49aed5415adb2a662171 [2] https://nvd.nist.gov/vuln/detail/CVE-2024-42040 Signed-off-by: Hongxu Jia Signed-off-by: Steve Sakoman --- .../u-boot/files/CVE-2024-42040.patch | 56 +++++++++++++++++++ meta/recipes-bsp/u-boot/u-boot-common.inc | 1 + 2 files changed, 57 insertions(+) create mode 100644 meta/recipes-bsp/u-boot/files/CVE-2024-42040.patch diff --git a/meta/recipes-bsp/u-boot/files/CVE-2024-42040.patch b/meta/recipes-bsp/u-boot/files/CVE-2024-42040.patch new file mode 100644 index 0000000000..2d250e51b7 --- /dev/null +++ b/meta/recipes-bsp/u-boot/files/CVE-2024-42040.patch @@ -0,0 +1,56 @@ +From 1406fc918977bba4dac0af5e22e63a5553aa6aff Mon Sep 17 00:00:00 2001 +From: Paul HENRYS +Date: Thu, 9 Oct 2025 17:43:28 +0200 +Subject: [PATCH] net: bootp: Prevent buffer overflow to avoid leaking the RAM + content + +CVE-2024-42040 describes a possible buffer overflow when calling +bootp_process_vendor() in bootp_handler() since the total length +of the packet is passed to bootp_process_vendor() without being +reduced to len-(offsetof(struct bootp_hdr,bp_vend)+4). + +The packet length is also checked against its minimum size to avoid +reading data from struct bootp_hdr outside of the packet length. + +Signed-off-by: Paul HENRYS +Signed-off-by: Philippe Reynes + +CVE: CVE-2024-42040 +Upstream-Status: Backport [https://source.denx.de/u-boot/u-boot/-/commit/81e5708cc2c865df606e49aed5415adb2a662171] +Signed-off-by: Hongxu Jia +--- + net/bootp.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/net/bootp.c b/net/bootp.c +index 68002909634..843180d296c 100644 +--- a/net/bootp.c ++++ b/net/bootp.c +@@ -362,6 +362,14 @@ static void bootp_handler(uchar *pkt, unsigned dest, struct in_addr sip, + debug("got BOOTP packet (src=%d, dst=%d, len=%d want_len=%zu)\n", + src, dest, len, sizeof(struct bootp_hdr)); + ++ /* Check the minimum size of a BOOTP packet is respected. ++ * A BOOTP packet is between 300 bytes and 576 bytes big ++ */ ++ if (len < offsetof(struct bootp_hdr, bp_vend) + 64) { ++ printf("Error: got an invalid BOOTP packet (len=%u)\n", len); ++ return; ++ } ++ + bp = (struct bootp_hdr *)pkt; + + /* Filter out pkts we don't want */ +@@ -379,7 +387,8 @@ static void bootp_handler(uchar *pkt, unsigned dest, struct in_addr sip, + + /* Retrieve extended information (we must parse the vendor area) */ + if (net_read_u32((u32 *)&bp->bp_vend[0]) == htonl(BOOTP_VENDOR_MAGIC)) +- bootp_process_vendor((uchar *)&bp->bp_vend[4], len); ++ bootp_process_vendor((uchar *)&bp->bp_vend[4], len - ++ (offsetof(struct bootp_hdr, bp_vend) + 4)); + + net_set_timeout_handler(0, (thand_f *)0); + bootstage_mark_name(BOOTSTAGE_ID_BOOTP_STOP, "bootp_stop"); +-- +2.49.0 + diff --git a/meta/recipes-bsp/u-boot/u-boot-common.inc b/meta/recipes-bsp/u-boot/u-boot-common.inc index 3a48b63c42..da34e3d3e8 100644 --- a/meta/recipes-bsp/u-boot/u-boot-common.inc +++ b/meta/recipes-bsp/u-boot/u-boot-common.inc @@ -23,6 +23,7 @@ SRC_URI = "git://source.denx.de/u-boot/u-boot.git;protocol=https;branch=master \ file://CVE-2024-57258-2.patch \ file://CVE-2024-57258-3.patch \ file://CVE-2024-57259.patch \ + file://CVE-2024-42040.patch \ " S = "${WORKDIR}/git" From patchwork Wed Oct 29 20:11:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 73321 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D2C97CCF9F7 for ; Wed, 29 Oct 2025 20:12:20 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web01.13557.1761768737951649111 for ; Wed, 29 Oct 2025 13:12:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=pOvJoxPM; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-7a2754a7f6aso403365b3a.1 for ; Wed, 29 Oct 2025 13:12:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1761768737; x=1762373537; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DOECH9XbPXTcU0bEdNxSTLvqEXe3spGx//ZpSsizkfs=; b=pOvJoxPMkX7U4LUFqeML2rmjKaDjjw3Qy5J2L7bOF5jNZEaZNrGrdkwuEkpAmIFFr7 4k0ftrjafJr1UlnHtHQ1Mq+YaNc1q3C1/agZWd8t17wcnvdj/vSuL2ukUupajHO4x5wm DqyEFZxU4JxjGRkEUVd3yQiCmvmGcKOf7iISe42UcYEqWKa+daLPaZRqoMZwkEDbZS0d AtJezvEA4zikizOG3acnGMny+4AITiSYg4DXKR0TafSpaob8v94+VrQberglD5FgBrjU c1Z2gawS2QqEgRddFMM78/poy2CU17+lvPDcxN8UzV0QBhJlDKbSTJycO0KqD1HbcKhJ UvBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761768737; x=1762373537; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DOECH9XbPXTcU0bEdNxSTLvqEXe3spGx//ZpSsizkfs=; b=NDOdhRCyMYDT6z3evT1fSe6qUCMlqGFDpBjxc+h7N6Dn9XtNu2pa5rxgNDxDXrsLlu gxXbQ0Pljl08oQQEeFmpehUExWVyREe5RecDAxvMbcWx7Clf+n4bWBmBWebs1EBGuYP+ pDnUYCzvAUMIXOk+moVYlT49SwdquFI36p3JK+0CgW/KbxEIcnrt722njpJ9xA5jfGyy aCyoRVI0W3wxOim9JedrNLkuI+8bdiNWvluTnzawWe/nTwqIkFLlwyEHKpUekmWVqwj1 37DDI1T8z7y27L5Uwl3SJPYngSKrR6RTH2BejZk28mUh975abVRt+6IUBfu6cw6O78JJ LH7g== X-Gm-Message-State: AOJu0YwYCnjjfVccjqojUV65R0I+McWcO//1qT9gm7VnPZFEoUfJ4lhp U+BjieYVwtjY6ywdGxjnN4If+cRafrhkQWev3S1zOBH1Ep9zYQx7nWzZEivJV+w3nNqsiPytJRO fvt3wagM= X-Gm-Gg: ASbGncu0TYtj81jSSbn3VkVP/cVIiOxp8S0Rx6l1F48dhX6TJFp67WOisjID935QUeY SYpftsteILCWFSph/QSc4NQZ/1LL0H42ANKKWrkyg9fnHUO7LEGTChz77siftbhr5v+NQBvZRDv cX3vMMkhejOHjc5cmKTic3fMehF3mPDkrdmoVMy89BHrvRLDABwQyqNxYgk6HMj6i+oD3Cx4Bm3 Em5/YazQTKlUnTHfxJB0EurToJyGjZVdAVLVOwXXjS5KtDkLFXKRupPffDGt1yMFde3l1j0cu7G fcVK3z91O0BKtg8jRJkay3ontIYrBw/HN2gmyL/hs7CQLR5G6m+1V4cgCt/JI5XYRXk1xRYfNUr aOA/boAOmNb1kZYkdvBY3izdgbm4e8mO655UkSv96mbX+JnsruzKO8EAonF308TBXKI0= X-Google-Smtp-Source: AGHT+IFU0nBbC9G9csrMOO+g//YqgKPVE2I7fifK6BhiEexVD0ozX6Ab1bkZs1rlRzsJl13If1J9Cg== X-Received: by 2002:a05:6a00:1826:b0:7a2:7d23:f6df with SMTP id d2e1a72fcca58-7a4e290feb7mr5294604b3a.7.1761768737170; Wed, 29 Oct 2025 13:12:17 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:5e34:462b:e2f0:5898]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7a414087d2asm16522100b3a.63.2025.10.29.13.12.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Oct 2025 13:12:16 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 5/6] tiff: ignore CVE-2025-8961 Date: Wed, 29 Oct 2025 13:11:54 -0700 Message-ID: <1ff4b39374a5b328069a928e7234c3397769dc6f.1761768602.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 29 Oct 2025 20:12:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225469 From: Yogita Urade This CVE is for the tool which is removed in v4.6.0 via [1] and re-introduced again in v4.7.0 via [2]. [1] https://gitlab.com/libtiff/libtiff/-/commit/eab89a627f0a65e9a1a47c4b30b4802c80b1ac45 [2] https://gitlab.com/libtiff/libtiff/-/commit/9ab54a858049bef020d578c71d82669531551c00 Signed-off-by: Yogita Urade Signed-off-by: Steve Sakoman --- meta/recipes-multimedia/libtiff/tiff_4.6.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb index 9957699fb2..777783d7cc 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb @@ -29,7 +29,7 @@ CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://secur CVE_STATUS[CVE-2023-3164] = "cpe-incorrect: Issue only affects the tiffcrop tool not compiled by default since 4.6.0" CVE_STATUS_GROUPS += "CVE_STATUS_REMOVED_TOOLS" -CVE_STATUS_REMOVED_TOOLS = "CVE-2024-13978 CVE-2025-8176 CVE-2025-8177 CVE-2025-8534 CVE-2025-8851" +CVE_STATUS_REMOVED_TOOLS = "CVE-2024-13978 CVE-2025-8176 CVE-2025-8177 CVE-2025-8534 CVE-2025-8851 CVE-2025-8961" CVE_STATUS_REMOVED_TOOLS[status] = "cpe-incorrect: tools affected by these CVEs are not present in this release" inherit autotools multilib_header From patchwork Wed Oct 29 20:11:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 73320 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E194ACCF9EB for ; Wed, 29 Oct 2025 20:12:20 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web10.13458.1761768739675799587 for ; Wed, 29 Oct 2025 13:12:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=M4haP50x; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-76e2ea933b7so319485b3a.1 for ; Wed, 29 Oct 2025 13:12:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1761768739; x=1762373539; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=GDpLhWTVl5qAHTYMD5mvDz5/Ga6fWD7fgWJpzc/OwQo=; b=M4haP50xcKLFcA/aEmXSHfqeatUhZ1afLKpFNEYW8z1eBQ/RTij9pCAylipB+o3YVE P1lJMtj/7VejHLJTOol0kOfZCI3jCKmGzujY75frsDodSasiLRez1rM4UPwmdq01yppD SIpMXgnVXyZmy5v/BlmBUCCmJ3tSvvJmMRKjz2ivSDo8Ds0pk/hlR83AkHiMj3UuT6FI eLLimLs5mReJz3N7L48hESkh/tPBNuVXTxk63MNN8zJAyPTSdv4A+aNf9couVNSOlDHl l0TEXse4AaP82Nft9aOwaE/Zoup6G+DlXkJAPusWD79mQsb4r2zqf35b/ebSzWABM4oF VwuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761768739; x=1762373539; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=GDpLhWTVl5qAHTYMD5mvDz5/Ga6fWD7fgWJpzc/OwQo=; b=mruwBzdQRrgCMr25lzdmbUdUwYsr61SkW0bNa2tIL1V2qWsEkH7fv/2oDqAV18GHGK zwg5sLF3F09zIHdcGA9/MQAvvG8mnoTAvBQSBochHSaVsCUAuYA6SSEa27r+nBKvJps/ vLfdKt7u/nhzqQ8efSGLHNdXp6NXnCcaiGYQJY3LsRwOD+wYMYPsHNikximfHymgRxSJ IwInoXhATpGC1ugjLUeAQIagjjeOM3vCB1vh9AO8Mn5IQOxqDy53TqOb7mfbQNw1PDNo /z7QjTaMza/HyoM2VX+efpQ82n6/ZHPU89xfBQt5XybZUD0UtLFk2GE1gIC/p7yV30CT eCoA== X-Gm-Message-State: AOJu0Yw+0h9Z1Ge/CLJv29kKKEsKJwkDz5Q9u4Z7fNpoNz/WYCT5HGib yAzgtZ6d9ZExUoViWUQvsSAChNl5RwJddH8/QfJEMh32TKdLqAmh0m53WPPh36tuOVoN2jEs6Iu HSeoQi6A= X-Gm-Gg: ASbGnctifunbwaIODJaWybUDVMzdJzZU+hiKdd4jIAccr3/VLRYTVpOrqeUIg8DOZaC PqXVwC7xo/vix98S0a9Vi2Kx8H6SZTeXkABTYHeYjoG7COvfuQHNu5177dWjyAG4Vwa1GHeNOKG JXiq6TlR0FAP+KRYLEQK/kUJ8IQ9VargepgiFw4/AUkw30qaJhXB2leTdwCrqgnxprrayFs7OP2 hkZM5NhDvvcu+2zpUg5AFMQ/MY3LaR5S0zI9j89p10hZ2tuoXEEVYsIpagoENhp4+8d0T33BNSi jPDL0ZAJuUGYIEINlfpN9kHMPoM+fwyjuml8CJvYlA9it5AIphNuYFgvKWSLj7ZutAbwcUit6LU 0oqea12+4hDjJ/ALHBqLL1NDJLwsc+v0VUR9y3BBh8G56RCSqaG6/mvqt9NXHrl9mXdQ= X-Google-Smtp-Source: AGHT+IGqGeL+83Am6buZI/w4B2LY4GQrj2gDGT/f4BK2S4Gz0xhzceKyAXd2wQvvQcKjtyI3Dc3R3Q== X-Received: by 2002:a05:6a20:9149:b0:32a:745f:beed with SMTP id adf61e73a8af0-3477c7dd4c3mr954828637.26.1761768738889; Wed, 29 Oct 2025 13:12:18 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:5e34:462b:e2f0:5898]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7a414087d2asm16522100b3a.63.2025.10.29.13.12.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 Oct 2025 13:12:18 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 6/6] bind: upgrade 9.18.33 -> 9.18.41 Date: Wed, 29 Oct 2025 13:11:55 -0700 Message-ID: <4cb834388759540ea5bf7265389b9f1b2e15333a.1761768602.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 29 Oct 2025 20:12:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/225470 From: Praveen Kumar This upgrade fixes CVE-2025-8677,CVE-2025-40778 and CVE-2025-40780. Changelog ========== https://downloads.isc.org/isc/bind9/9.18.41/doc/arm/html/changelog.html Signed-off-by: Praveen Kumar Signed-off-by: Steve Sakoman --- .../bind/{bind_9.18.33.bb => bind_9.18.41.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-connectivity/bind/{bind_9.18.33.bb => bind_9.18.41.bb} (97%) diff --git a/meta/recipes-connectivity/bind/bind_9.18.33.bb b/meta/recipes-connectivity/bind/bind_9.18.41.bb similarity index 97% rename from meta/recipes-connectivity/bind/bind_9.18.33.bb rename to meta/recipes-connectivity/bind/bind_9.18.41.bb index 2554a7bb5f..a83ec29bb4 100644 --- a/meta/recipes-connectivity/bind/bind_9.18.33.bb +++ b/meta/recipes-connectivity/bind/bind_9.18.41.bb @@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \ file://0001-avoid-start-failure-with-bind-user.patch \ " -SRC_URI[sha256sum] = "fb373fac5ebbc41c645160afd5a9fb451918f6c0e69ab1d9474154e2b515de40" +SRC_URI[sha256sum] = "6ddc1d981511c4da0b203b0513af131e5d15e5f1c261145736fe1f35dd1fe79d" UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/" # follow the ESV versions divisible by 2