From patchwork Thu Nov 13 21:47:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 74475 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1FFFCD98E3 for ; Thu, 13 Nov 2025 21:47:43 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4369.1763070457464953680 for ; Thu, 13 Nov 2025 13:47:37 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=oPR+b/Mc; spf=softfail (domain: sakoman.com, ip: 209.85.214.176, mailfrom: steve@sakoman.com) Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-295548467c7so14773205ad.2 for ; Thu, 13 Nov 2025 13:47:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1763070457; x=1763675257; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=BPD79Fm1wkYhS84p5PTs2LIXexrFUIBnjSVHQJbeWIY=; b=oPR+b/Mcj7VORISpGemBulX7F4oOwsheiSRUlJkcfaC98kiTLjHE1vK5+fcsJgRDju RIQdwQa7ECwcB1Kc81daEmIbLtIdcm7rZYoiLlXmqJuQF/AeXs+1+FKZgHJkJlHM4EcZ a4biN9fWYGZVmwErtH6mWhG72kjjZ8M38/k1pTxGtl3BEzFVC+b7JCoCyUMukYHwQWVv qdprPFGbkRfH74Oo9xr7ztd0SXMmuByL9N2C001Kzm8gbhEPxqeaoXAGWScuGzsCP9Tt 6wJzn2Z9IJ5SM34LBcZEjr66BTcGG7gyv2Y15x9e6zT/H6KtaFwDHk+FkSz2E0+4nj3M Q9zw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763070457; x=1763675257; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=BPD79Fm1wkYhS84p5PTs2LIXexrFUIBnjSVHQJbeWIY=; b=USQlnlDs1c48w4k0vyiGkdtd2q3nUaxvQvojZQSz4mmdO216Mzz9M+koCO7FRU6yrN GNX8UluppA1S7Kj+wBwcxYdSZkrNXJQqQ0TZll06iLxP+txOKTLuc0+5rJoyXS9vTUvU Aox2A9MzJ132gVvZAGckTGZh7Xj+HIrzge/Cg64xLLCHshOYuQEiuPsCwtvlGMSctRYI 2CsJcHuCgsUC7FunXRf8w8Vnm32iCyyc8X0KO7g/rtBs7j5/F1N4XJsGBcdpg11dCCT4 XmDMIHjMACRMEcc2Wn5sW5euaT2d8AUydl1abthCoTBfL+G8J7e70X0aZt9e3iQEWce9 fW9w== X-Gm-Message-State: AOJu0YwxpoUQGRO02vNZLSQgyM+AlJIAaHDaWYkqxtByuf7taJfglcVy tGnijwpmg6jNqIHafYkj4RsmNELdLe4NAR27zqHrMK/LKD2knpD/pIF9f6MfdsQhGYRL+LdJo0s 3OWxi X-Gm-Gg: ASbGnctzgY4FweHdPIWrSbbo8pIhfeb8MrowLWCuhYsWd6BFJvkHLHjUanFFImjCLqM VMz9jufzayLJJ4qywHQ2BHnpeNz2V/M1AIDppjnU/DJrUaYRkC2d/QarAn8JIJlbC9RY73JvNkT 4G1Mk/teB3MogZJDD0yOwb0fM4alvGgmsCXY4KN9igX4bvc52NS7s2l7w1HnzlZK6aDzrGT5j1q 85A4lkdFo2Jn7jmE6TdsEo30blbrQpzbXRLv6pWrABxg1W04AgXwu8l6iaE4kkpCJ36cnmW//0c ZLxeEzZqZokEd673f3yXsoAyc3CiFV/uauQfK7VnA/U6//QmRy5TBD1ugWWImslmdE4psdnCPb6 wYO3Se+AtXBJ6bdajpvg7/sTD6xgJkhnJNLHsaUuGLBkMZcYkWXhR6r5gzbwAjE60Tg== X-Google-Smtp-Source: AGHT+IEzIL2JoyAW+ThXp+ym5xvfLXJBrQqH5TPwJsqfwWPREcnAeIZ4NyedF+7DbmS5rxSf4oeW/g== X-Received: by 2002:a17:902:f712:b0:295:a1a5:bae9 with SMTP id d9443c01a7336-2986a6ad9f5mr4143805ad.8.1763070456658; Thu, 13 Nov 2025 13:47:36 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:70b:f91f:acd9:f6d9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2985c2b0d68sm34639815ad.61.2025.11.13.13.47.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 13:47:36 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/10] curl: ignore CVE-2025-10966 Date: Thu, 13 Nov 2025 13:47:20 -0800 Message-ID: <41c4735658e9ba5322bd06ef50aa3a1edb1f7fd8.1763070333.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 13 Nov 2025 21:47:43 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/226273 From: Peter Marko Per [1] this CVE applies only when wolfssl backed is used. 8.17.0 removed WolfSSL support completely. [1] https://curl.se/docs/CVE-2025-10966.html Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-support/curl/curl_7.82.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 54362e6978..2326392a4f 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -79,6 +79,8 @@ CVE_CHECK_IGNORE += "CVE-2023-42915" CVE_CHECK_IGNORE += "CVE-2024-32928" # ignored: gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older CVE_CHECK_IGNORE += "CVE-2025-0725" +# not-applicable-config: applicable only with wolfssl +CVE_CHECK_IGNORE += "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'CVE-2025-10966','',d)}" inherit autotools pkgconfig binconfig multilib_header From patchwork Thu Nov 13 21:47:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 74477 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB4A5CD98EF for ; Thu, 13 Nov 2025 21:47:43 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4370.1763070459136668307 for ; Thu, 13 Nov 2025 13:47:39 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=2t6glQbl; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-29853ec5b8cso13943525ad.3 for ; Thu, 13 Nov 2025 13:47:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1763070458; x=1763675258; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YZ1sZBAOtC7YhxxfBOMxIhMSmABJODBVBTcBL8HW4Sw=; b=2t6glQbldRUxkkqJ0y1nD6nQa2myIg5riY9GSe6I4a95IGwXDrrso62ezZkwFjF91r m+Ui6a0EUvcFudxZgWgxd9TvZm1Xzh+LaDzxIx0fa9a8ru2/NY0sDT4PEYRPJJcbn7DT CLFAMbX4YmNUbzbTJWpF9HmNgNW1+3EXkCXnLGVYBMuflFB1jXk8u8eW6kwKoxRE0GtK dXcnmiWnR8vYX3cA8DFAMuz1HIJMo6Z0uw66Tn/kdiBCjQnUHxz+5ROUiewl5cUJnxj2 HMf50u5UgGp7pARmVPkpSquMmJFY+fUeiVQjldLUsXGJiDZI8aYMLQS4eleIiL44sEK7 0YBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763070458; x=1763675258; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=YZ1sZBAOtC7YhxxfBOMxIhMSmABJODBVBTcBL8HW4Sw=; b=fUn6mSMfacTYjE46UTDyix0bxWRk0FAzp0UFmoN9/QpoklIXHak+PwS1cYk0MgOpjd WZtFwhHeYRJUbEbTXwi6CwXw9yWAw03+/oC8ESAKOxRRnauB//wQmf/f9l9h3xfWJzRC Hwy/MSR6RXNo12FB2OHmZeMg8bIe/qGIBIC9GdNwgx/SvS2qZHd697QppSgZpGcFLhUT UZwXosvBJj4nOi7x0seAIb0oPhBHYbVRQRm4XQ9tbfWStwSz5Tm/hF39QTf4j8ulwFZg Ja1UuhQakVuzCtmWXy5nixmdf7rWBt+tH9W/hudw+w8SrWtMUv3vOQs5jvAUuey3Xufd q6+A== X-Gm-Message-State: AOJu0Yz2554JUo0b6IIugigbEngiwl4gmuo4GJkjNNpsHgS1mWEetr1w ZgDHJboMJQeR4H10t6k5J9U+d/KSpG/Wm9qEVlAxEEYFLoU0NcQcAsSLPFSKKmITw2c4GSA4mjN 5bP8l X-Gm-Gg: ASbGncs3wCcTCvAkcwKxLdIzkAhq7LhuTbwG93hxYgWfbIZzVDDOifHCjAmYzTScleh f2ZS3EIpmuity6UrUmzh5Z5wj0xlNraiRRm1FFLt0g9VxE2Fg6ziYnin5TgDk+BJOm7Bgm9oX8m 8ZY1iK3om0k6yEk+LamJ7ZYdJCYM+elA/Y57qmXnvTUV/Zg+do8pbTPs5WGWIv7fWUeUrT6rOoG 47Ab3SkVEakA/r+pOGC1Q7hmDrwqPiQcfID+8gosqC2gYCov/FO85h6Cy3mIeY10AJlypVwrEG4 oYI3isGLMMwB1lpdKBGgmh3Q+nK0iwbFXKhOXRwKzzVC8b2BNLwoRW9EyoFYzTaJ/CqIShl5EZT 5mGcYvjqZH2juOYTVxkuZ7a8w6ie8+n6HI4O4DnEOzovQnKJcjDkUsxeFakW8uYHygQ== X-Google-Smtp-Source: AGHT+IHBgGmCBFcm4ZV4PgavUGzhReYX8Wou3tt+SqCbOHj4kFk5POURRXV7y1i5tHaTb+m9sPooqA== X-Received: by 2002:a17:902:fc86:b0:295:f1f:65f with SMTP id d9443c01a7336-2986a7414c9mr5289705ad.31.1763070458262; Thu, 13 Nov 2025 13:47:38 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:70b:f91f:acd9:f6d9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2985c2b0d68sm34639815ad.61.2025.11.13.13.47.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 13:47:37 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/10] rust-cross-canadian: Ignore CVE-2024-43402 Date: Thu, 13 Nov 2025 13:47:21 -0800 Message-ID: <3044ae9e6e84faada8c1425238e9e9c3060b1a3a.1763070333.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 13 Nov 2025 21:47:43 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/226274 From: Saquib Iltaf Ignore CVE-2024-43402 as its not applicable. CVEs are specific to Microsoft Windows. Signed-off-by: Saquib Iltaf --- meta/recipes-devtools/rust/rust-cross-canadian.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/rust/rust-cross-canadian.inc b/meta/recipes-devtools/rust/rust-cross-canadian.inc index 8bbbd61bdc..044df5123a 100644 --- a/meta/recipes-devtools/rust/rust-cross-canadian.inc +++ b/meta/recipes-devtools/rust/rust-cross-canadian.inc @@ -76,3 +76,5 @@ SUMMARY:${RUSTLIB_HOST_PN} = "Rust cross canadian libaries for ${HOST_SYS}" SUMMARY:${RUSTLIB_SRC_PN} = "Rust standard library sources for cross canadian toolchain" SUMMARY:${PN} = "Rust crost canadian compiler" +# These CVEs are specific to Microsoft Windows +CVE_CHECK_IGNORE += "CVE-2024-43402" From patchwork Thu Nov 13 21:47:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 74478 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03EDCCD98F2 for ; Thu, 13 Nov 2025 21:47:44 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4371.1763070460664846622 for ; Thu, 13 Nov 2025 13:47:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=20JnoCdx; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-29555415c5fso15486465ad.1 for ; Thu, 13 Nov 2025 13:47:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1763070460; x=1763675260; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=sD36x95qP8m5p7ahqkabrLmteQiJhfbj8Ab5Ystoj/w=; b=20JnoCdxhrum3NjEQKLTRqYiBKro7bglpzChZ6wRu3otxVy/O2dYXZLa/07pD1gHFF 7gqHEbx529BhnRDtXGSacS4ROy/PgxAdTuKaDSUh8uJvCnKmo/0ESkWu5cxbItbyaSdp kYKgeBiE2nN02JXManOqlkWvG61/KzdHgWFN8vY7Ek8CjGW5PScb/S1wKP0DwbPTLXPD DokR608DJP0janWP4rnvrN2Oe26GrgNzmIfrwNG8YBFfwFyLElsNU4A7M4Sc7xVy6q1P e5VdvwOHJjxKwH64CLZg1kmPcPEdjbU76YO3uju9ta1czk7LBOqC4jR0GiLUt36y9FtZ U2cA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763070460; x=1763675260; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=sD36x95qP8m5p7ahqkabrLmteQiJhfbj8Ab5Ystoj/w=; b=W/MMzsjtfjz4WLlhsZMdKASdOXLGy6Gwv36k93O58gdMdJOvNIdh7wP529FTS/bce8 xn7Rg8q3emFSNC4VMZA335JaSj3w+ZTUlTm64vBnjdQegvJo87+2eMI/pbsgmde/uExG aXDBcLi7I4XGmTtnWsaxCg8RyCELtk0SLdxDZWiFXE4BFGH0/frV6XKlZvIrEbHomSlz 5KWOGhtbuTsuPFs6yWKsnIuVs3e057PFcUeSnGVejjEwbWd8iU0DooKuprW7KGwvkUKM VccNHDzHkCb75xtS39NqJ8QrN5mfTBlmbAm0bPYk1mCnKX6wEDpgQ1Pk7HQf37PVk+6p fbog== X-Gm-Message-State: AOJu0YxMF8Om5VJhryvUUNOkRa1TUqXvzQho8wCM+EK+V4yCSxzocrCY d8GTgbaVRl0pQNEkZoYML6XaC8QHyOqb37lvklNPRCDxmYSQi6e9WZkMX/QfWz4oMfRAeao1Hzr 2drQ4 X-Gm-Gg: ASbGncvTa6SQxicM47xlr4Uk17Lsg37bKMVzxPYrvD6Zai6ofp/LFTDDvLPvllnPuxT LBY0TWOn7Et+MOuzwMRcB+/fc96x3mOY6hLBbjSzTOVYZrH5uDVh7tVaB0j4VM4mxDrL4EjUPH4 aJUZ4OWQpDTziyK8iFYyQCxPUNJ8+i4TnUAwG7eZGB2AIWOZjaPUhc6KcbUvR6EOU9PpafNAfKd e3fMGdHWGjN8MNFisQtRGNM0DBWnvdztZKyZHnuJmiYPpYKRZm5eHgMV3NegZAVMq3cuD346Kty vxXT8C9hJartl7JRg7LiWKML7IbmgagQBKR9cbuSeMGVF31+NINnvdaCeEjtJWc1bcOwXMr8yCo 92gLxDV4oB1I1Apdfarg7PNKDw66qDbrhrD8IEjaaIgeAASiqPnKh1751Kec4YgtU4g== X-Google-Smtp-Source: AGHT+IFah1T8hx5Ur4RwqL5JQvZ2fyJlrHJufY7jdembxFuLfDDzdIJoXiWHCstVbeLQGc0yvHMyhg== X-Received: by 2002:a17:903:2349:b0:298:5abe:4b1 with SMTP id d9443c01a7336-2986a76bc5fmr4826305ad.52.1763070459750; Thu, 13 Nov 2025 13:47:39 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:70b:f91f:acd9:f6d9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2985c2b0d68sm34639815ad.61.2025.11.13.13.47.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 13:47:39 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/10] xserver-xorg: Fix for CVE-2025-62229 Date: Thu, 13 Nov 2025 13:47:22 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 13 Nov 2025 21:47:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/226275 From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b13f631b66c20f5bc8db7b68211dcbd1d0 Signed-off-by: Vijay Anusuri --- .../xserver-xorg/CVE-2025-62229.patch | 89 +++++++++++++++++++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 1 + 2 files changed, 90 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62229.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62229.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62229.patch new file mode 100644 index 0000000000..634e8d44f1 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62229.patch @@ -0,0 +1,89 @@ +From 5a4286b13f631b66c20f5bc8db7b68211dcbd1d0 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Wed, 2 Jul 2025 09:46:22 +0200 +Subject: [PATCH] present: Fix use-after-free in present_create_notifies() + +Using the Present extension, if an error occurs while processing and +adding the notifications after presenting a pixmap, the function +present_create_notifies() will clean up and remove the notifications +it added. + +However, there are two different code paths that can lead to an error +creating the notify, one being before the notify is being added to the +list, and another one after the notify is added. + +When the error occurs before it's been added, it removes the elements up +to the last added element, instead of the actual number of elements +which were added. + +As a result, in case of error, as with an invalid window for example, it +leaves a dangling pointer to the last element, leading to a use after +free case later: + + | Invalid write of size 8 + | at 0x5361D5: present_clear_window_notifies (present_notify.c:42) + | by 0x534A56: present_destroy_window (present_screen.c:107) + | by 0x41E441: xwl_destroy_window (xwayland-window.c:1959) + | by 0x4F9EC9: compDestroyWindow (compwindow.c:622) + | by 0x51EAC4: damageDestroyWindow (damage.c:1592) + | by 0x4FDC29: DbeDestroyWindow (dbe.c:1291) + | by 0x4EAC55: FreeWindowResources (window.c:1023) + | by 0x4EAF59: DeleteWindow (window.c:1091) + | by 0x4DE59A: doFreeResource (resource.c:890) + | by 0x4DEFB2: FreeClientResources (resource.c:1156) + | by 0x4A9AFB: CloseDownClient (dispatch.c:3567) + | by 0x5DCC78: ClientReady (connection.c:603) + | Address 0x16126200 is 16 bytes inside a block of size 2,048 free'd + | at 0x4841E43: free (vg_replace_malloc.c:989) + | by 0x5363DD: present_destroy_notifies (present_notify.c:111) + | by 0x53638D: present_create_notifies (present_notify.c:100) + | by 0x5368E9: proc_present_pixmap_common (present_request.c:164) + | by 0x536A7D: proc_present_pixmap (present_request.c:189) + | by 0x536FA9: proc_present_dispatch (present_request.c:337) + | by 0x4A1E4E: Dispatch (dispatch.c:561) + | by 0x4B00F1: dix_main (main.c:284) + | by 0x42879D: main (stubmain.c:34) + | Block was alloc'd at + | at 0x48463F3: calloc (vg_replace_malloc.c:1675) + | by 0x5362A1: present_create_notifies (present_notify.c:81) + | by 0x5368E9: proc_present_pixmap_common (present_request.c:164) + | by 0x536A7D: proc_present_pixmap (present_request.c:189) + | by 0x536FA9: proc_present_dispatch (present_request.c:337) + | by 0x4A1E4E: Dispatch (dispatch.c:561) + | by 0x4B00F1: dix_main (main.c:284) + | by 0x42879D: main (stubmain.c:34) + +To fix the issue, count and remove the actual number of notify elements +added in case of error. + +CVE-2025-62229, ZDI-CAN-27238 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Olivier Fourdan +Part-of: + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/5a4286b13f631b66c20f5bc8db7b68211dcbd1d0] +CVE: CVE-2025-62229 +Signed-off-by: Vijay Anusuri +--- + present/present_notify.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/present/present_notify.c b/present/present_notify.c +index 7d19d9cfe1..fe84d1f070 100644 +--- a/present/present_notify.c ++++ b/present/present_notify.c +@@ -92,7 +92,7 @@ present_create_notifies(ClientPtr client, int num_notifies, xPresentNotify *x_no + if (status != Success) + goto bail; + +- added = i; ++ added++; + } + return Success; + +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb index a15669a260..1ec5a195f9 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb @@ -44,6 +44,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2025-49179.patch \ file://CVE-2025-49180-1.patch \ file://CVE-2025-49180-2.patch \ + file://CVE-2025-62229.patch \ " SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152" From patchwork Thu Nov 13 21:47:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 74479 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B97ECD98F0 for ; Thu, 13 Nov 2025 21:47:44 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4375.1763070463092321381 for ; Thu, 13 Nov 2025 13:47:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=SiragjI2; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-2953ad5517dso15569295ad.0 for ; Thu, 13 Nov 2025 13:47:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1763070462; x=1763675262; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=inuww3dsoh25g+e7ywuy3kixgzCq5cbvnNtHoDn4QLk=; b=SiragjI2LNzv9YXfvm1g+vCEgdITIk9jyzYOhY6YdIXHXv5dhefDy0rTiuOZjOD890 4QOYKJh+KZK4G6MbX1zaHXNVjrdR+vOPTSBJPOhCtGfF40zIbRNL1PvWu0X0bROjQS2M AaTxhSYyTADcM7LSl4+g5TRzM2fXn7BtYNoN2hi/nlTcIirP5I13CJGyZ00L2sLDeQuM sAgW41u2URXTRhSXAtoTj04gD+wb8N8Gtfzp7UtF9Y43MmwhgjOLFHJrFuRet86N8jaE BrJsUTc69rxtJJckpLtbdO4dQugUuhXMMhJeQ3mpaDz4hefUhpHBoqmzrm9L6bV1Vo6S k9oQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763070462; x=1763675262; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=inuww3dsoh25g+e7ywuy3kixgzCq5cbvnNtHoDn4QLk=; b=dVYPkhFHa1nlnvPuuqVy0tYW1XYtLXFoWs20Iivi+NA5YdPMmynDIFa8hJi9wHhRYt R2Fa8j1fMoofaYywoX5rFfvCx1SNjwipQkX53mcpjjb5m+CCxTQCuAHGvvEFdtY+ASD0 ZzhjiLh8eQHe5CNUYHYOl0B/s0K/xFqj3YOIGfjrVeS7zV85Aq/45TxNdxHPpwkO++su Cfne0nFWNu6MM1HEnIle1F74RzPlcO83qnBq5rZSjkMRI9nr2opd7i5EP9paYvUoOzlC v7ZBcsrqGmrVq3dVsqvCQYHI7YUD4Ju00oVnpsTmREhukVrN5lgI51ZUDMOr7hxC6PwX LeOQ== X-Gm-Message-State: AOJu0YzqavligAVd2iMPgXlQL3NnvpZKsa3TBBxIvMbunM/PiuOLE1KI w4ODCl9s62CIcQZVigOaicbsgA/m439uWV4h94XYwOTqY1W7H83CYrFm9aUgu22fBJJt81KFUBA jgkMk X-Gm-Gg: ASbGncuNjnqsjZYfFfxoCB5CurbYWlN2ic+ydejo2m4kJVTwTOl4zWNf2EP51l4XtYT QKWyHWrNz5kIss9IQwmeGKw5bMPsX9v/ovUyay+QCNZ/258J/pnyrOwF7uJzjsQkSXAxieC5zUI tMLh2o8xBr0pasrCuReroAuiCQLEvMu/tpyWkM5uD039UjRy8HroX+MQVbiQHcymDvfNo/5JYUw rVK/BXEoUr98oBmvs5Gqjx6EsduqHnlMUzBovvOdacfhujJz23+ge4bApJHk6qxhZEsdbgGCcks ACQsHyDOisvDju9scXOj3pnN1iU5bM36PDVugUEJvY5FhbUD8vyj6fsQOQySZ82+jMrtY4mtvEm zbZUW+Rea4ptmJorWgRQ6n9ASMtGgHJXhuU3pqH/rT4neQSPHbSSJUTbcgREhuiLsmQ== X-Google-Smtp-Source: AGHT+IE+1FTYfqYkzGq/eaGnE/y+tDbOdi4R+RSGyOgWJk9i+uyVrC1q+ZvrapY71o5RHX3ngplQTg== X-Received: by 2002:a17:903:f83:b0:246:4077:4563 with SMTP id d9443c01a7336-2986a73b4bfmr4975535ad.34.1763070462183; Thu, 13 Nov 2025 13:47:42 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:70b:f91f:acd9:f6d9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2985c2b0d68sm34639815ad.61.2025.11.13.13.47.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 13:47:41 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/10] xserver-xorg: Fix for CVE-2025-62230 Date: Thu, 13 Nov 2025 13:47:23 -0800 Message-ID: <215d63fd22b40148625215aac5c4e7f2629f5814.1763070333.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 13 Nov 2025 21:47:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/226276 From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/865089ca70840c0f13a61df135f7b44a9782a175 & https://gitlab.freedesktop.org/xorg/xserver/-/commit/87fe2553937a99fd914ad0cde999376a3adc3839 Signed-off-by: Vijay Anusuri --- .../xserver-xorg/CVE-2025-62230-1.patch | 63 +++++++++++++ .../xserver-xorg/CVE-2025-62230-2.patch | 92 +++++++++++++++++++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 2 + 3 files changed, 157 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62230-1.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62230-2.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62230-1.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62230-1.patch new file mode 100644 index 0000000000..a3a0bae2d5 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62230-1.patch @@ -0,0 +1,63 @@ +From 865089ca70840c0f13a61df135f7b44a9782a175 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Wed, 10 Sep 2025 15:55:06 +0200 +Subject: [PATCH] xkb: Make the RT_XKBCLIENT resource private +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Currently, the resource in only available to the xkb.c source file. + +In preparation for the next commit, to be able to free the resources +from XkbRemoveResourceClient(), make that variable private instead. + +This is related to: + +CVE-2025-62230, ZDI-CAN-27545 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Olivier Fourdan +Reviewed-by: Michel Dänzer +(cherry picked from commit 99790a2c9205a52fbbec01f21a92c9b7f4ed1d8f) + +Part-of: + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/865089ca70840c0f13a61df135f7b44a9782a175] +CVE: CVE-2025-62230 +Signed-off-by: Vijay Anusuri +--- + include/xkbsrv.h | 2 ++ + xkb/xkb.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/include/xkbsrv.h b/include/xkbsrv.h +index fbb5427e1c..b2766277cf 100644 +--- a/include/xkbsrv.h ++++ b/include/xkbsrv.h +@@ -58,6 +58,8 @@ THE USE OR PERFORMANCE OF THIS SOFTWARE. + #include "inputstr.h" + #include "events.h" + ++extern RESTYPE RT_XKBCLIENT; ++ + typedef struct _XkbInterest { + DeviceIntPtr dev; + ClientPtr client; +diff --git a/xkb/xkb.c b/xkb/xkb.c +index 5131bfcdf7..26d965d482 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -51,7 +51,7 @@ int XkbKeyboardErrorCode; + CARD32 xkbDebugFlags = 0; + static CARD32 xkbDebugCtrls = 0; + +-static RESTYPE RT_XKBCLIENT; ++RESTYPE RT_XKBCLIENT = 0; + + /***====================================================================***/ + +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62230-2.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62230-2.patch new file mode 100644 index 0000000000..0e4a69c64e --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62230-2.patch @@ -0,0 +1,92 @@ +From 87fe2553937a99fd914ad0cde999376a3adc3839 Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Wed, 10 Sep 2025 15:58:57 +0200 +Subject: [PATCH] xkb: Free the XKB resource when freeing XkbInterest +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +XkbRemoveResourceClient() would free the XkbInterest data associated +with the device, but not the resource associated with it. + +As a result, when the client terminates, the resource delete function +gets called and accesses already freed memory: + + | Invalid read of size 8 + | at 0x5BC0C0: XkbRemoveResourceClient (xkbEvents.c:1047) + | by 0x5B3391: XkbClientGone (xkb.c:7094) + | by 0x4DF138: doFreeResource (resource.c:890) + | by 0x4DFB50: FreeClientResources (resource.c:1156) + | by 0x4A9A59: CloseDownClient (dispatch.c:3550) + | by 0x5E0A53: ClientReady (connection.c:601) + | by 0x5E4FEF: ospoll_wait (ospoll.c:657) + | by 0x5DC834: WaitForSomething (WaitFor.c:206) + | by 0x4A1BA5: Dispatch (dispatch.c:491) + | by 0x4B0070: dix_main (main.c:277) + | by 0x4285E7: main (stubmain.c:34) + | Address 0x1893e278 is 184 bytes inside a block of size 928 free'd + | at 0x4842E43: free (vg_replace_malloc.c:989) + | by 0x49C1A6: CloseDevice (devices.c:1067) + | by 0x49C522: CloseOneDevice (devices.c:1193) + | by 0x49C6E4: RemoveDevice (devices.c:1244) + | by 0x5873D4: remove_master (xichangehierarchy.c:348) + | by 0x587921: ProcXIChangeHierarchy (xichangehierarchy.c:504) + | by 0x579BF1: ProcIDispatch (extinit.c:390) + | by 0x4A1D85: Dispatch (dispatch.c:551) + | by 0x4B0070: dix_main (main.c:277) + | by 0x4285E7: main (stubmain.c:34) + | Block was alloc'd at + | at 0x48473F3: calloc (vg_replace_malloc.c:1675) + | by 0x49A118: AddInputDevice (devices.c:262) + | by 0x4A0E58: AllocDevicePair (devices.c:2846) + | by 0x5866EE: add_master (xichangehierarchy.c:153) + | by 0x5878C2: ProcXIChangeHierarchy (xichangehierarchy.c:493) + | by 0x579BF1: ProcIDispatch (extinit.c:390) + | by 0x4A1D85: Dispatch (dispatch.c:551) + | by 0x4B0070: dix_main (main.c:277) + | by 0x4285E7: main (stubmain.c:34) + +To avoid that issue, make sure to free the resources when freeing the +device XkbInterest data. + +CVE-2025-62230, ZDI-CAN-27545 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Olivier Fourdan +Reviewed-by: Michel Dänzer +(cherry picked from commit 10c94238bdad17c11707e0bdaaa3a9cd54c504be) + +Part-of: + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/87fe2553937a99fd914ad0cde999376a3adc3839] +CVE: CVE-2025-62230 +Signed-off-by: Vijay Anusuri +--- + xkb/xkbEvents.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/xkb/xkbEvents.c b/xkb/xkbEvents.c +index 0bbd661867..3d04ecf0c4 100644 +--- a/xkb/xkbEvents.c ++++ b/xkb/xkbEvents.c +@@ -1056,6 +1056,7 @@ XkbRemoveResourceClient(DevicePtr inDev, XID id) + autoCtrls = interest->autoCtrls; + autoValues = interest->autoCtrlValues; + client = interest->client; ++ FreeResource(interest->resource, RT_XKBCLIENT); + free(interest); + found = TRUE; + } +@@ -1067,6 +1068,7 @@ XkbRemoveResourceClient(DevicePtr inDev, XID id) + autoCtrls = victim->autoCtrls; + autoValues = victim->autoCtrlValues; + client = victim->client; ++ FreeResource(victim->resource, RT_XKBCLIENT); + free(victim); + found = TRUE; + } +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb index 1ec5a195f9..ed543f6270 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb @@ -45,6 +45,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2025-49180-1.patch \ file://CVE-2025-49180-2.patch \ file://CVE-2025-62229.patch \ + file://CVE-2025-62230-1.patch \ + file://CVE-2025-62230-2.patch \ " SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152" From patchwork Thu Nov 13 21:47:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 74481 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01DEACD98F0 for ; Thu, 13 Nov 2025 21:47:54 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4347.1763070464406527042 for ; Thu, 13 Nov 2025 13:47:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=bksTDlio; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-2953e415b27so12467975ad.2 for ; Thu, 13 Nov 2025 13:47:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1763070464; x=1763675264; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fo2gFvEOv7KZxrlI+YHt5hjpd9QW6vT0VeOtMWDIhv8=; b=bksTDlioeNDR7hq+mw+vh0ToGDzRJGq/o2Q8XXHcJZIQ8cCDeh7yXvSAU/Px8SK5ZX KuZjtyW3oq0P7KKccAIyHK9o2fHvJi5hlDrMSsYKNNkL+aJlScREtOZe/vwFWH3zazvM X4PxvhMFzlegdfL9MUbRF+7vFbibLNnDHhH6cXatwHjLDYLzlQ4EhIkCVXrM7iCU4Mpu oSk9RUE2RhdSq1gXXop+QynWUL8Sp88/2FXriXkaiCHchkQQQqKPL2x7m/fI4rK4XH8z 9TH6CcSDUQkikSknQo6jxdssiTAwzjHZVyzlhRDVAeGhV2+XoEKOLB2ci6LY6HYf54pR 9vbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763070464; x=1763675264; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=fo2gFvEOv7KZxrlI+YHt5hjpd9QW6vT0VeOtMWDIhv8=; b=xFDrtqq4Qn5K0MlZHl+MDi4JVH9QlySDU9wxXBoI+7reoNh3eZhUyPD6rnt9JyyJYJ iGqvGV6Uw3+E2dCuVlC5qqmaf3suCnw04dh1feV4PKO+EWTy2F2u9tOem8wrtjMWxO9Y hRW5e9KEHCMUV7uSoEjWzauye01+L+cGxoEcbNONix4pB8hPFer0l66vylVUNF7acS8Z ZDd6nQD+tPt2aWGBeLRL/2+GpqhzJJXkUZTDXIOaV+kDAcysxbSq4ugjs//KnOEuDexd 6b4rgUyulZaaCIZBobg0TsrzbJgEOtOo6DBi+1mVXrJKWlf1OpcTevonLscFVcEIf76P Ijuw== X-Gm-Message-State: AOJu0YzD+XoopDW1AdwfFuI7hqQr7DXWm3HAR/FsStlKITW4q7q0hDAC 1CS/ZpxpkUL9SWVW61zo7zZWz5ezsg0jg6Idg5AmrkwkUdNayrMtUtlFZqaJ56kCP3MNy0IrM8r 6z5uQ X-Gm-Gg: ASbGnctzfOQOX9d0NofI9+jLPcadidOxJaywb4O4dXYB6UVI7GXduwy4XpD2PJbewAz ZkH9uITe51rpc6EfFzqagw2DJur+kQPZ5FHMPPxDtEdJYSGAontZDg7tF2GBQvjao0CdzWSV68m E/8qnyyxPwfXENP+fzzOzPsjnhbtVDLmDu8KIXzXOUERp8IfdCPr68KklsMwtnRHJTlusJ9rOIq 2i9rzxzRAZi8DUWPsF1tdjvikPf2448yhzg92egBsU90YbAdjsNd5Aq5BxF11rypdnjXb0zlYmP PDPhN2vVl7j7FI+FuSQ8bzVywdPCBGRgHm2cY5CDSPHcjPI0mlgSj8MOO6ksR9qy4WNGvPAxEd8 QgVHAO4si05jDLafWyRwed7K4btd1tGi1itMMHEyEFcoRWeOXFIq1CrH6ceOIcBvmcQ== X-Google-Smtp-Source: AGHT+IGic5bvbdYbQquTKb/8Hd3X5ounvb7aUieWMUW6qH458eX2GgWaTfClXT48jisZdiStf2dx5w== X-Received: by 2002:a17:902:cf42:b0:297:c4b0:8d53 with SMTP id d9443c01a7336-2986a76a2d7mr5821425ad.54.1763070463677; Thu, 13 Nov 2025 13:47:43 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:70b:f91f:acd9:f6d9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2985c2b0d68sm34639815ad.61.2025.11.13.13.47.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 13:47:43 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/10] xserver-xorg: Fix for CVE-2025-62231 Date: Thu, 13 Nov 2025 13:47:24 -0800 Message-ID: <05fe08caa0d4bd30510b496a300731a9754f24b8.1763070333.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 13 Nov 2025 21:47:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/226277 From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa Signed-off-by: Vijay Anusuri --- .../xserver-xorg/CVE-2025-62231.patch | 53 +++++++++++++++++++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 1 + 2 files changed, 54 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62231.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62231.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62231.patch new file mode 100644 index 0000000000..4bcf362531 --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-62231.patch @@ -0,0 +1,53 @@ +From 3baad99f9c15028ed8c3e3d8408e5ec35db155aa Mon Sep 17 00:00:00 2001 +From: Olivier Fourdan +Date: Wed, 10 Sep 2025 16:30:29 +0200 +Subject: [PATCH] xkb: Prevent overflow in XkbSetCompatMap() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The XkbCompatMap structure stores its "num_si" and "size_si" fields +using an unsigned short. + +However, the function _XkbSetCompatMap() will store the sum of the +input data "firstSI" and "nSI" in both XkbCompatMap's "num_si" and +"size_si" without first checking if the sum overflows the maximum +unsigned short value, leading to a possible overflow. + +To avoid the issue, check whether the sum does not exceed the maximum +unsigned short value, or return a "BadValue" error otherwise. + +CVE-2025-62231, ZDI-CAN-27560 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Olivier Fourdan +Reviewed-by: Michel Dänzer +(cherry picked from commit 475d9f49acd0e55bc0b089ed77f732ad18585470) + +Part-of: + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/3baad99f9c15028ed8c3e3d8408e5ec35db155aa] +CVE: CVE-2025-62231 +Signed-off-by: Vijay Anusuri +--- + xkb/xkb.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/xkb/xkb.c b/xkb/xkb.c +index 26d965d482..137d70da27 100644 +--- a/xkb/xkb.c ++++ b/xkb/xkb.c +@@ -2992,6 +2992,8 @@ _XkbSetCompatMap(ClientPtr client, DeviceIntPtr dev, + XkbSymInterpretPtr sym; + unsigned int skipped = 0; + ++ if ((unsigned) (req->firstSI + req->nSI) > USHRT_MAX) ++ return BadValue; + if ((unsigned) (req->firstSI + req->nSI) > compat->size_si) { + compat->num_si = compat->size_si = req->firstSI + req->nSI; + compat->sym_interpret = reallocarray(compat->sym_interpret, +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb index ed543f6270..1d486fc0bc 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb @@ -47,6 +47,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2025-62229.patch \ file://CVE-2025-62230-1.patch \ file://CVE-2025-62230-2.patch \ + file://CVE-2025-62231.patch \ " SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152" From patchwork Thu Nov 13 21:47:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 74480 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01E1DCD98F2 for ; Thu, 13 Nov 2025 21:47:54 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4349.1763070466193529617 for ; Thu, 13 Nov 2025 13:47:46 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=R/UE9PdU; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-2984dfae043so11776375ad.0 for ; Thu, 13 Nov 2025 13:47:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1763070465; x=1763675265; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FqoHIAOMP/FKT/9VT/hqQELvOIqQD/vYIqYYxJUp824=; b=R/UE9PdUoY2WOImFc/EZVfxEAILyempKOCsb+T7ZP4Xn1CZSose/hMGKsuQqMVRBXH oMoeXqTWIruLaYQMBGlhTt1UKHEvQlyBl1OZm+WoDHDTdx3TyiVWaJgwXKhbkuKrRRa7 DVvehCL3oH4Q1ZltsHb3fod2KxgjeK8Sb4w7/HN1xpNOYeLBqIhQrt4F59j8qP9XupFO VF+H2ImTYDEGCE7gNSwO8HV8YZFhM05mqcMBUUaGyKAPlJvZPQNpFXZ6BAsCqsHv0EXD vnuc88Pso96PErutYnPMial+XmWLMFtEIBtCrGK/6jN1A2pbfsEcQ/NcFEjajId9gflk Yajw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763070465; x=1763675265; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=FqoHIAOMP/FKT/9VT/hqQELvOIqQD/vYIqYYxJUp824=; b=rw1HcvHGHzEfmaYdtm4QLEM2DoKwcEZMLONHB/YWK9kkQ+aWtRip8oL0CsCYqIz1Qa mpdTX23/A4sYWxBJnDPo0xFTi2W+iCi0/H8wfKZWPHpJWdMqtK539thv1toUPUlyKM+7 SUrrINxdex/z3sx5O7T8ms+jD3cbb6hcfmS3blEd0vO/+8nA5ATHAixTbuUmXGOh55KD WG7vbBD9ilI0Tdns8Tsw5agloHekNhb9A3xSXV8e/4UHRBi3Hfms6grmGyk08I3d1k2l 7MgSJbe/CMkGdmZ2rkARlFwk1Sg7me1uTE24bDGyQ1k3t5nbWDb4DRlXqTljOlBw0w1M rWqg== X-Gm-Message-State: AOJu0YwQQBjj7zEg5977Wc3y7fanYcXOhGbkW5kK6IuptKak7AZeQh+m j9+rJ2ecRMMFSzxMJXXDyDma3PxUsKouGAnAmu/dNu1gAr3T7O0KYItrJ4VoxKZ0qt0+H9PZQRR mLq3m X-Gm-Gg: ASbGncsahFk3Hkfv6AFsN3Qw5jrB5wImdueGonXt4hIJOb5xm5FKb+BrHLxpgwW0cw0 Iecgsl2/dzxVq+GmiTJ0Ta+RQUePq49uhdbqtQlt6ttJTyyG1OjVygmiSXr1WmrJH+3Z829TWj3 zY630+eyOHUKk8WMIxV+kYb/4rhbCWgCKbfokLV7zXVaVU+o21Ufph2srF9PBiY4eAW0NQnZ4qV WrfoDSrfiMA++rm2xhhABOV+MweEn4rqlxG6bWZep39aUMoDgyG7uddHYN9lOMc6bWhl8RJSd/+ PV3JIfXQ3w7A1PNU8O3vbkBaqrKizIwzo7w3xZIg/9+WFMPM3eX6V+RAtRvuvlzOIMg+Ou+rWqo 5R7c1qaX/2EVuluafmJfzm1zeNCpehD3cOvtTFdPaacqwUhZHiJp73MZ0cUqRjXenfw== X-Google-Smtp-Source: AGHT+IFYYEE+ToUnQaxm627SqKc8eJiKEykViiYVkxwk11sa2wRPS1b+d2Rc8ZB6iGfnkNpVXGJ5nA== X-Received: by 2002:a17:903:4b4e:b0:295:6c26:933b with SMTP id d9443c01a7336-2986a6b87a7mr5484765ad.1.1763070465351; Thu, 13 Nov 2025 13:47:45 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:70b:f91f:acd9:f6d9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2985c2b0d68sm34639815ad.61.2025.11.13.13.47.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 13:47:45 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/10] python3-urllib3: Upgrade 1.26.18 -> 1.26.20 Date: Thu, 13 Nov 2025 13:47:25 -0800 Message-ID: <2e805113fe0488224f05524360eeff729dd12d91.1763070333.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 13 Nov 2025 21:47:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/226278 From: Soumya Sambu Includes fix for CVE-2024-37891 Changelog: ---------- https://github.com/urllib3/urllib3/blob/1.26.20/CHANGES.rst Signed-off-by: Soumya Sambu Signed-off-by: Steve Sakoman --- .../{python3-urllib3_1.26.18.bb => python3-urllib3_1.26.20.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-urllib3_1.26.18.bb => python3-urllib3_1.26.20.bb} (87%) diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.18.bb b/meta/recipes-devtools/python/python3-urllib3_1.26.20.bb similarity index 87% rename from meta/recipes-devtools/python/python3-urllib3_1.26.18.bb rename to meta/recipes-devtools/python/python3-urllib3_1.26.20.bb index b26c9ad2fa..58988e4205 100644 --- a/meta/recipes-devtools/python/python3-urllib3_1.26.18.bb +++ b/meta/recipes-devtools/python/python3-urllib3_1.26.20.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c" -SRC_URI[sha256sum] = "f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e328580a0" +SRC_URI[sha256sum] = "40c2dc0c681e47eb8f90e7e27bf6ff7df2e677421fd46756da1161c39ca70d32" inherit pypi setuptools3 From patchwork Thu Nov 13 21:47:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 74483 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0DB0FCD98F5 for ; Thu, 13 Nov 2025 21:47:54 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4351.1763070467919598351 for ; Thu, 13 Nov 2025 13:47:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=uVUuU+Zt; spf=softfail (domain: sakoman.com, ip: 209.85.214.174, mailfrom: steve@sakoman.com) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-2957850c63bso13485785ad.0 for ; Thu, 13 Nov 2025 13:47:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1763070467; x=1763675267; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nULNdRKg1KPgcupE9XyamWwY4+DAH5AhhN7zspYR/Ak=; b=uVUuU+ZtlBdVPNjagMvhEQYhj2+Z0No8HVF+M7d9WDofAzFkvLZikqnZP0LTqrAThg DtRJHaI+bYIedST4AvWkThqCx1Q1eYuRO4nk3vfa2PH7WM5Ee4KKRdaZU+JI3uAscdKL JOIwyG/qXcQis26qpG2ACco6lcZxe4Op5lz31pq3T9W9cu3fIpjDHYndBcccioZ/A7ii HSvHXdo5SzQK+qIaMh14oX2tI1G7WPb29qY/u7Z9CfPJkUfxa05YcbqxyavEqXuLvdS9 QVX6wb2PHGHywAtg3vzZFbsRZRiyh3JUgVwgm33FKHH9SaZSrFRxrJJmN1FH7E/IafvI TOag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763070467; x=1763675267; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=nULNdRKg1KPgcupE9XyamWwY4+DAH5AhhN7zspYR/Ak=; b=aBNvkNsFMcX2t/KnPSOSFuWc546XiM+dDNo6W4UqhT2LfzcWl2WqRp8YotJ2SBCMhu zpIbf8lG2HHLT6Ow14oeQSwX35y9lCTO1A5zSc3TRvZQ5IXDApVJP9JnAkqshyUkHnP8 aye6Jt5gFzazkSJopHgavfp80Ktm9/CPXvER6niodc5/Z5nrbqOg0y8Zx3+jLLwDQ5hF CQ5JNvHNEhqQ02lXsoIdDcwpJ9uQMxbpf43+PwSctL2cBD0IoBoP31DLAZFErw8aFfwA Wi6bX+1lE4mLauZ3tZjZMUqv50jSFKjIDmmSLKDMmnsigBMpcTupYOnEn8UYUwmPGMEd MdbQ== X-Gm-Message-State: AOJu0YwNHUL+p5Wmusfj29/l/ook/sFXjhYPQtJuQFAa8RsfgXfJ999h hixBIBlTpR3h+v46tK0509LJ1Xkb3bvEJkxo8VxkRRyUAcgcNj7dsvNo9xHWxyDfj6wtR1WZzoa JjU4h X-Gm-Gg: ASbGncs9GPHJJiu04TSM30D+NS7RnWzwPrhXMJ4rkoaGesDEW8VBMR6Ych0HJXG3hCd 4CJrJAwgNnniEyqxxCEMDR/WplISskM0UIOI9j4WR54cE4Gv+T6a5JyEomdWXLp48bmjgXrKYD+ 5izzOMS+aB8vY5sObON/o9yrCDP+ldYqqLuCiySUiC19cU+OKyQ9XO+OtMrf6mJVXipKK4w6UYy ak/WM6+koK2ABilh2N+3kAqNV2xZvK3KI0yN1zFSi7lc2nS+3dBXEWb1UfJEHZrHNCvgz1jyWJJ 0IrKwC4STNnYqZv3illbLaojPE9i2FlhXulXid+WbN1N8onPdBbN2a9dn/UthDPWVCzg652tQ8o rcW9OEFdt6ISfAqopfCc9r93pXYkqiL07OdfM/yeEM+vQTTrz0JShb0+4agLXW5qtJg== X-Google-Smtp-Source: AGHT+IEqys+lNsDVOvXoYpStb+AhQwl9K27z3TOzHvIRUOIUSmOoXpOxGEyfO5nv2ztUBrmGCCMVHQ== X-Received: by 2002:a17:902:dacf:b0:269:7840:de24 with SMTP id d9443c01a7336-2985a53e5d6mr49420015ad.21.1763070467202; Thu, 13 Nov 2025 13:47:47 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:70b:f91f:acd9:f6d9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2985c2b0d68sm34639815ad.61.2025.11.13.13.47.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 13:47:46 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/10] efibootmgr: update SRC_URI branch Date: Thu, 13 Nov 2025 13:47:26 -0800 Message-ID: <2c5b195e974ac54610d7b50c014752875004b0b9.1763070333.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 13 Nov 2025 21:47:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/226279 From: Gyorgy Sarvari master branch was renamed to main Signed-off-by: Gyorgy Sarvari --- meta/recipes-bsp/efibootmgr/efibootmgr_17.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb b/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb index be6571b3fa..b6d3dadadf 100644 --- a/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb +++ b/meta/recipes-bsp/efibootmgr/efibootmgr_17.bb @@ -10,7 +10,7 @@ DEPENDS = "efivar popt" COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux" -SRC_URI = "git://github.com/rhinstaller/efibootmgr.git;protocol=https;branch=master \ +SRC_URI = "git://github.com/rhinstaller/efibootmgr.git;protocol=https;branch=main \ file://0001-remove-extra-decl.patch \ file://97668ae0bce776a36ea2001dea63d376be8274ac.patch \ file://0001-src-make-compatible-with-efivar-38.patch \ From patchwork Thu Nov 13 21:47:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 74482 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 198D5CD98F7 for ; Thu, 13 Nov 2025 21:47:54 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4354.1763070469267919912 for ; Thu, 13 Nov 2025 13:47:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=LLOGlZTP; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-2953e415b27so12468485ad.2 for ; Thu, 13 Nov 2025 13:47:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1763070468; x=1763675268; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NO4JiF+pIxfXB7xT6ErmJ0tMWLdXBKz5Z/U1bK0YJI8=; b=LLOGlZTPxiLCThL8QaPSRcfD7od7rBAGbj8Nsw9YjUkCq1eufAW5p9IQXeQMyWVM4C xOyB7LXcnm9kbWDnP4lAz05eSgZ7v8ceL/4kyeg3cDSuhsVEObMoLC0UIZYUKs9TSiGC EebaqF5aeXUztCWutyRVEgtOcSR/GNjN6iPc/uZpv3JWb3gQMtFy1nzZvBkJjG9qLSRT v8+U9pgoE2L+56Y/Ru1OdB3T0QDYt77b3DNHFcamkSLEl/+b9VI0YDlC2i8+JaV6DwAm y2Oo1U9YUIWSx8nxjkNzb3NIuZAwMa4W7asWQCPXNYXQ7HMd/zGkH0SPBMzNjBNfRDDr f1Iw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763070468; x=1763675268; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=NO4JiF+pIxfXB7xT6ErmJ0tMWLdXBKz5Z/U1bK0YJI8=; b=vOsiAretqumuXjadUIcmfKayP/yMKHkOzbkcXPmYhBaIOK/5VwvoqSKEkhb1zicils sT99IyhNWquc6L1/DbBErIPCjUILQAZXG7VbSOS7W5DUWG2FPrnjD+WNZyF7Y+45su0W kMfbaSSWp6EV6JdkQpZ3RBgnMp4WgQQDKhvQZ97zJGWBnoEZt6R8ZZxUHc8w5MjEZ3Si VeXO4121z9nO/rs3FrsrJ2fCZ7dDMSDgqhdQpjGw9u2KtsCoZK+xN0d4z3Hp6mUQSxV0 7+ZlJNAhINREWnwIRduFDihdMqpIbsYckQuPNLEWUFZNsfNdqr7acLTSG3DYzxtgXRnY E/MA== X-Gm-Message-State: AOJu0YxdtLASRKzVP82y/tsAMZ1VGS9qPPgnjpa2WOqV20Tc/P98pK5x bSe4EgGvs9PTm1OF7Aa+S79EGJdV2NrQdvOVX3l9YabKE5jXHMMFutJayOk+cpIpP2s++o4SfoM 6iNy2 X-Gm-Gg: ASbGncvAqhCwvgeEpKcV0WQiUpjXqybqyApPL0L6ti5PzpWSoLe9yTnCtKkMC0u10PM bm33YmxegIow220ftgDeRlPQABOkNV0Mm7QIydSY8imxhk5YyOzpe5L02ZoTwmsRiw9Ap0KvGHi Svxr6CS3ltElnm1RPE+XrE+tiLNymxPMKz4G9NJXWQut3ZBun/rU7Dw3XORh6UAZ5n3rODsXJpF Is+0zunPHQ31AXIVXJUpxBuXhIlaXae8hpClgr248VtVW1XK5rdVE4RbyvIJ/dvyTVyBCWpjM+j kBVoBXXZDlrMOGXCZAd5zH6OtRzwqtFgxpY/ciPxpR9CZJAqN2DhG0FdZptz56DKiNCfajb3Ei/ 9BgkhPQE5YwqGoRvWE+qRmvPeE/WervCCyl4Ij7YnhPVYgC2XWc0jx+42Sg2AK6okOuUksR1ERf qT X-Google-Smtp-Source: AGHT+IH0a498PjNUrIT4FeDPndsXyVUlqdnrURnahtjvayB8/s6oXJowBDKP3zW7Yoh3gU4lOw2wiA== X-Received: by 2002:a17:903:7c7:b0:298:616a:bae9 with SMTP id d9443c01a7336-2986a73af36mr3721605ad.28.1763070468579; Thu, 13 Nov 2025 13:47:48 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:70b:f91f:acd9:f6d9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2985c2b0d68sm34639815ad.61.2025.11.13.13.47.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 13:47:48 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/10] xf86-video-intel: correct SRC_URI as freedesktop anongit is down Date: Thu, 13 Nov 2025 13:47:27 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 13 Nov 2025 21:47:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/226280 From: Alexander Kanavin (From OE-Core rev: 04037a14e1431c4a51f5d51885974732a6108368) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit 9649bec517996558e01d668d2b59e68306a3a647) Signed-off-by: Gyorgy Sarvari --- meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb b/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb index 74ec57aa66..e747d2046f 100644 --- a/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb +++ b/meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb @@ -13,8 +13,7 @@ SRCREV = "31486f40f8e8f8923ca0799aea84b58799754564" PV = "2.99.917+git${SRCPV}" S = "${WORKDIR}/git" -SRC_URI = "git://anongit.freedesktop.org/xorg/driver/xf86-video-intel;branch=master \ -" +SRC_URI = "git://gitlab.freedesktop.org/xorg/driver/xf86-video-intel.git;protocol=https;branch=master" UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+)" From patchwork Thu Nov 13 21:47:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 74484 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0DB5DCD98F6 for ; Thu, 13 Nov 2025 21:47:54 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4355.1763070470574872151 for ; Thu, 13 Nov 2025 13:47:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=qtL5B+61; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-298250d7769so8254085ad.0 for ; Thu, 13 Nov 2025 13:47:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1763070470; x=1763675270; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3YtNj0wBV9cDniDp/zQHOciuQWtxkp3gLFmekfoT30U=; b=qtL5B+61YlDzFA3mvxGIH9s91rq6MsSoQgdOPSxUpRkqOTD0lDrmvQz6scIX2Z3+EC iiyeFNR4k4bvzP3JnlfHRUlFuVNg5x0aKj+U+k3K0/tp3giRi3UHBSpIz1jPqYe48Hdm we/e4InoYgZV0SgY3Ipw7LrBAovpLBdGftHnzaDxN+2k0PY6j1JHSnkFbaPKordj8E+u JyW9QhXhChX8CvZIABSQNbGB9TdMjGTcD/XJeMlbDqGCHRhuyJjHII9SrMam+Gj18f+8 SYEr3ko0UbcNfphQpsyxpVpKgJxj1mrRXA0aDUfgLU0GmlSnbmG1xf0x/DHvr9FnxC+I glmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763070470; x=1763675270; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=3YtNj0wBV9cDniDp/zQHOciuQWtxkp3gLFmekfoT30U=; b=Fg9IEjagxXW3ucYfC+1bJOei/kcyBsL/I3D/sDJBg/wYSvABgdlKsAhzBrmWShclEI JizOrRCClOdFEUfsM4GiPy0ne46kUxdD7axkQIjo4xYe/aJQHtfloWyPYrX92zuqSn2d eKDnFSROKDlhHTdUrWFt1E0L0NFaYLIUg6EVp/SBMLvEFA1UODxmt9KGIrNUyQbeRH+D zQL4YD21ua74Q9iZ4dkG0ViTVdLb1mE6lZLIUwq4jqf2cz43vzpMquaLLhfhFxKoNMPv bYHZjt5X6X10V8feYjFVYecynLlDiagDYcw0Etj2JXff8ZTb8Wu9O8J6bbEjVnGuHlrF uyzw== X-Gm-Message-State: AOJu0Yymk1PfBOaDWBgC75fgaXQZlUbs5OD1CqdkeK4SkNb4QlygP0Gn PqDjsi0ljY/oKGphY++GlJd0n0thew0331HHete5yDv/Gmy1pW2bBxug41gWMFe85238d9X5HBt uUnWk X-Gm-Gg: ASbGncuHUmkp0bu2fApNaf/R22kk3o5lqujGlLyzP+lfQu7iYiuiAm95D/W15QdZznK aUjqey/Cruw0p/ROV6uK6dRtYAGtsmVrTX711zhWbA6QBX6VMtbDdb3CK9N+Gp46Z3zsXm4xfru tt33u4cP9NjGQJfh9VFU0wEINNIR6ICPXPxgMnDXHZT7JPWj1AlmjVArfWe68L58mjVgHwZztzH nF2Qq3Wry7qoB57rHAcTzOD2lpvWa0mU2qvmGg5mxwwX3U0HGDtiPlmbuvJiwNKe73D1FuPf/Wy OxDj8HCmv/K2QDlffCP/4RNKvkPk0g2VTKbLc0DG5gFAWpVLixtWmJZk1FJpjQRa2BS5W56cx51 8vzCVd43AvXjYx5kwNAeaAOxUa8F2iGEO36u0lbwzJJ7fE77jOTyE5rlzMZDJivEdTA== X-Google-Smtp-Source: AGHT+IG+ks4N7BHEIlFsQtOLMqlsA+4lkrMQQ5b1SEKk3NYTFJx6klpiDljtvgupPZ+0oC79BeytCA== X-Received: by 2002:a17:903:1a26:b0:298:250b:19eb with SMTP id d9443c01a7336-2986a755e6cmr4239495ad.60.1763070469860; Thu, 13 Nov 2025 13:47:49 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:70b:f91f:acd9:f6d9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2985c2b0d68sm34639815ad.61.2025.11.13.13.47.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 13:47:49 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/10] babeltrace2: fetch with https protocol Date: Thu, 13 Nov 2025 13:47:28 -0800 Message-ID: <4351a427b2ec270ea5e4c698fe4c213036c1241b.1763070333.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 13 Nov 2025 21:47:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/226281 From: Gyorgy Sarvari The source doesn't support the default "git" protocol anymore for anonymous download, causing fetching failures. Signed-off-by: Gyorgy Sarvari --- meta/recipes-kernel/lttng/babeltrace2_2.0.5.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-kernel/lttng/babeltrace2_2.0.5.bb b/meta/recipes-kernel/lttng/babeltrace2_2.0.5.bb index 7ece3140f7..8fa0f9f20d 100644 --- a/meta/recipes-kernel/lttng/babeltrace2_2.0.5.bb +++ b/meta/recipes-kernel/lttng/babeltrace2_2.0.5.bb @@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=a6a458c13f18385b7bc5069a6d7b176e" DEPENDS = "glib-2.0 util-linux popt bison-native flex-native" -SRC_URI = "git://git.efficios.com/babeltrace.git;branch=stable-2.0 \ +SRC_URI = "git://git.efficios.com/babeltrace.git;branch=stable-2.0;protocol=https \ file://run-ptest \ file://0001-tests-do-not-run-test-applications-from-.libs.patch \ file://0001-Make-manpages-multilib-identical.patch \ From patchwork Thu Nov 13 21:47:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 74485 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 273C8CD98FA for ; Thu, 13 Nov 2025 21:47:54 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4356.1763070472106120162 for ; Thu, 13 Nov 2025 13:47:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=c2Xg1goH; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-297ef378069so12447475ad.3 for ; Thu, 13 Nov 2025 13:47:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1763070471; x=1763675271; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=A2nbZF6O84rpgmwBMajw97MJQNOVnxUvse5Kt2ml0Ww=; b=c2Xg1goHhBVBT9PPFb6Z3WfY3XS3copXcyOCHlj9B1MB0Ia8jgzWdhjyoM6h1a8ts1 fVAA9gGaW23mtfS3maX8KkUtPmlVCPsTGUnQFHxH5lQ+jIQbFG0LY2aXThA0A2fkwzrX 6oFT4M85q/pstk6k2zdBK1Xu/X0Fwx7XGNOOTFdqNLtCAdS1Idk75AQRoae3PGChw13k g8BzS9gXbqUdJozuKniEk1WwIBx5muXdVgO8NsfPJFnts5r2Z5tTMFhzOYb4Rv5+x2LC iLap/lkYqj81xzuVN7PwFVzZbbEgDmLHKrlUkre+dHZRc1EgtmvPlWXpMMR1r7JPgRzu BcLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763070471; x=1763675271; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=A2nbZF6O84rpgmwBMajw97MJQNOVnxUvse5Kt2ml0Ww=; b=YRZEds6OHBrAd22V8U3YIQtBvuced/Xqwatz1RJ4SSDmRXXgl2ye7F+a7224dZTDO9 YznlvIVgM9TNBMBmjMfL8WLmtZ2Ang78BmQ+DOX2dNvmFOubJLEBiT5J8q/eItzdSCZN SiIjJ5PvM6nkVopU8MNz01ztuLztZVK7GWkDU+T4NucahZgjkHgvuNtkdAQfFz1Em3aY 4KaR9Xa7yO9o1ffEtfQhxNYJ3pibD3tcvGO/6RY+qZdeH/VIBy3bYLqh00yIF5thDhYj wLY7h/8tGVSxjnkFA4Oa1q8JxAtaJ9LPP7aRRomiZ22YgBtrz+Qj3fuC/0lPnplNCCyy oGyg== X-Gm-Message-State: AOJu0YyuMcbUy4QCamnVlwo03QG7cB5qoYfQNEzsSKY09m4Uzxb8Thpj W//wDGXEXSGd1pH1wBN6InBCoVKyTseQHW4TVV9x6vI/KQA8Ssht94UWoUg/nP3HrmwGqjkSvKC 9fWpK X-Gm-Gg: ASbGncu7epLWfMXXjlNxrZcxSVMnROe/gUpQ7I6fWf/5rpE6TJuQfFpmSZrJ9vGvBYt HJ37NH+MA3y24qYGkjgEbkVm0cWaVx0TN9BEmV90mZWoq7p35Ih4uUt5Q8EM6+j0m8pdkvw5WO6 Xler7mR8fbWdPwDfTvA51CisOGx6WZQOSueQUYNeVF1uibNCPHcoVcfqNGU7wkEdqc9W7k4ZuU1 V+gKsZSUetFFRdKTw2pUHJRhxGBfG5i+ibZiNf+mjbeObnGWCdfGMCsMboXuLwjhZwqVQvQvvvV Z5WCP04v7VQmLTKyjuUThcAqBMPHiAMeBeH52N+d9N7wa2fGyyUBybAsFMqf0Qb6MsdseprFXim 6SJcINvbJXNkB3ZV7Oi8AnF3ARCI/BLnlFKjv1SvSimtMXu52Os++iWn0gP1NOxHPig== X-Google-Smtp-Source: AGHT+IFyrJFvU23sMqEfMBsYoht1WJ20tPgu483hIomrAVjlyXqdOso2UXxVu56QE4sHUhT4IWGyOQ== X-Received: by 2002:a17:902:d486:b0:297:df4e:fdd2 with SMTP id d9443c01a7336-2986a6b77b4mr4057675ad.9.1763070471451; Thu, 13 Nov 2025 13:47:51 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:70b:f91f:acd9:f6d9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2985c2b0d68sm34639815ad.61.2025.11.13.13.47.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 13:47:51 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/10] goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task signatures Date: Thu, 13 Nov 2025 13:47:29 -0800 Message-ID: <8aad87c12a809d790175b9848f5802d0a28eecac.1763070333.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 13 Nov 2025 21:47:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/226282 From: Alexander Kanavin The default assignments look like this: TARGET_GO386 = "${@go_map_386(d.getVar('TARGET_ARCH'), d.getVar('TUNE_FEATURES'), d)}" TUNE_FEATURES is a target-specific variable, and so should be used only for target builds. The change is similar to what is already done for native packages. (From OE-Core rev: cfff8e968257c44880caa3605e158764ed5c6a2a) Signed-off-by: Alexander Kanavin Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie Signed-off-by: Peter Marko --- meta/classes/goarch.bbclass | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/classes/goarch.bbclass b/meta/classes/goarch.bbclass index 394c0c5d84..5996bf1805 100644 --- a/meta/classes/goarch.bbclass +++ b/meta/classes/goarch.bbclass @@ -18,6 +18,9 @@ TARGET_GOMIPS = "${@go_map_mips(d.getVar('TARGET_ARCH'), d.getVar('TUNE_FEATURES TARGET_GOARM:class-native = "7" TARGET_GO386:class-native = "sse2" TARGET_GOMIPS:class-native = "hardfloat" +TARGET_GOARM:class-crosssdk = "7" +TARGET_GO386:class-crosssdk = "sse2" +TARGET_GOMIPS:class-crosssdk = "hardfloat" TARGET_GOTUPLE = "${TARGET_GOOS}_${TARGET_GOARCH}" GO_BUILD_BINDIR = "${@['bin/${HOST_GOTUPLE}','bin'][d.getVar('BUILD_GOTUPLE') == d.getVar('HOST_GOTUPLE')]}"