From patchwork Fri Nov 14 20:26:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 74580 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31D8ECEACCC for ; Fri, 14 Nov 2025 20:26:37 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.7586.1763151990704422516 for ; Fri, 14 Nov 2025 12:26:31 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=GqQ43Odg; spf=pass (domain: gmail.com, ip: 209.85.128.51, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-4774f41628bso18393765e9.0 for ; Fri, 14 Nov 2025 12:26:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763151989; x=1763756789; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=2481unwdd0uqas1KSpueoP5yqbcwYmDboAp66MVKXIo=; b=GqQ43Odg5inSvEqom6aElQi/6F86dY+O2EJ0UDJad21auPnWepQK3hCBwOrKqgnV6F rtvddc52Bvw+p3MkVCW9j88g2VKsj0/5ntWs6MgYnRHFIO7v3RnjjiASUKaItMxqyfsD TagJy9i9dNdfBuYO3UKTBSlPJbaoAAvxzvkx7kCTm8TMDKW3AU0+ATo4WL2yA0N1zK4g 65K8+5Z66zgxzgFGaIS3A8EJZTK3FP24Xp3icx6IKSUu/+mu5lt/zdLaV7YxZtwPcN3r 4GoOEKhdsoH0elk3IJwVa4URI/9clppBYGSHWQeH3lqnrJI4BnWEuMD3FgbYMtQB/ybR vKoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763151989; x=1763756789; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2481unwdd0uqas1KSpueoP5yqbcwYmDboAp66MVKXIo=; b=XL5myL6Z2R5NKqyLgWLsqSNdOzLLJsIevStUtvziSHha7uBoSBxtXuVvVsWZ4xbELo kpCFH3c09oP3O2Tv6V7VDcroFSE3v6Ezo68UDoD1ni3zJi0j1aNbDCoTu1D285k2ZG3h ojul3seMEPk/EtbTvsbplx1pzpW9oeF6H/6lw0BJyriJ3zXG/5rf/7rAAzwS1QgpQrM2 q/BgOM1Hlyp44cipBMTykpfM580tehGMTD3caS3Sv/Ej4Ui8wGKM25jm+coHnWPc/if6 FvPcVLgr9Kxr7yiPZKqmMSvKKDB1w3GNHoyq8G3NNxnnanY/CjMUdibDYU0BWJpdogif wCqw== X-Gm-Message-State: AOJu0YymJF8PaGx8Q7PgPKChPgTGa046u9/0vRgprYQeuOCtl82R4ZLy rLhWVxIAGzBt856vBZUCN2+VSewb1CI91opdITys8vDQlJXb6LydkD9mlI7KpxIe X-Gm-Gg: ASbGncu7SM6KV1VupAxJDYUe+8FCWiCl/loyqRaSiwjs2B915fqwsRPe98wLb2ciciF IYEG9N2nkK7sP9cWJijIdLzFZXk5JVVOzK7h4WZjA9+/33O26dv9inbDqBcfO/nmxVmkAFcOXpR Cu13NN1P3N5sYIB199Vpj1wDUtNiSQxNU2ySznpp+L2LpPkwC3fwRptkaeZAivf50jWXX/jtIf1 RVNY65j4a/pUqlQvRXVeGVaXtqPa6krhsZydTe0qsIYNufS98M73ZvfsioVOoigk2Pfvjn+r50z g0aYBnLyRbH90J7r6o+oglbL+eKpp4YoWIx966QEjglIbsaPaDOFNn0dtO5OjEyxADPVeDUw53i HLcSi6hVvbqqFPaKxv/3ORAhm8iAJCSEqmkrPO9ATjHMoT/I2Eg2ChNWBR+foJ3nSONVesfGD7w == X-Google-Smtp-Source: AGHT+IGC6WNHW7ouu5uLv6baXBkIrvoT32Rq2Tb8NU0Yn1Gt3BWFspPU5qMeTZfoSicmZxzlG75zNg== X-Received: by 2002:a05:600c:a406:b0:477:75b4:d2d1 with SMTP id 5b1f17b1804b1-4778bd13e4amr60976185e9.15.1763151988747; Fri, 14 Nov 2025 12:26:28 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4779527a656sm23617845e9.10.2025.11.14.12.26.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 12:26:28 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 1/6] libwmf: add proper CVE tag to patch Date: Fri, 14 Nov 2025 21:26:22 +0100 Message-ID: <20251114202627.656631-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.2 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 14 Nov 2025 20:26:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121716 CVE-2009-1364 is already patched, but the patch didn't contain the necessary tag so the cve-checker didn't pick it up. This change adds the required tag. Signed-off-by: Gyorgy Sarvari --- .../libwmf/libwmf/libwmf-0.2.8.4-useafterfree.patch | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-useafterfree.patch b/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-useafterfree.patch index 4d2d285641..4436477a32 100644 --- a/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-useafterfree.patch +++ b/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-useafterfree.patch @@ -2,6 +2,8 @@ http://cvs.fedoraproject.org/viewvc/devel/libwmf/libwmf-0.2.8.4-useafterfree.patch?view=log Resolves: CVE-2009-1364 +CVE: CVE-2009-1364 + --- libwmf-0.2.8.4/src/extra/gd/gd_clip.c.CVE-2009-1364-im-clip-list 2009-04-24 04:06:44.000000000 -0400 +++ libwmf-0.2.8.4/src/extra/gd/gd_clip.c 2009-04-24 04:08:30.000000000 -0400 @@ -70,6 +70,7 @@ void gdClipSetAdd(gdImagePtr im,gdClipRe From patchwork Fri Nov 14 20:26:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 74583 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70E9DCEACDC for ; Fri, 14 Nov 2025 20:26:37 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.7803.1763151991173978437 for ; Fri, 14 Nov 2025 12:26:31 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=mzivqP++; spf=pass (domain: gmail.com, ip: 209.85.128.51, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-47118259fd8so18489235e9.3 for ; Fri, 14 Nov 2025 12:26:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763151989; x=1763756789; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DbSbIV7kjQhmmXQ93Lz60nOL3UZCe0IuOx2uiyNsLBc=; b=mzivqP++DYd7KsRckVNuYLObc3m7UAIF0gi7D+nWEp6696EERHAbjVAwqpZsL6oS2i K2V1KCW6jANEWzt8cAdjEGtplNIOIxnHo08qhNrz+wpnrSJEtGbnRo6C+uZf+22wd9ek c72GTss48dL6hcFbQphn5cgT1ZGUZP2SRE+/px1qCYawOc+gWw74jbP9ePKnkzdpx5+o 7y83XMRZYZbk+TaS3Bz8lr5y2PhnXMyX2qyMxP/VMLYDDDaijK6k/dD7GcLRopW8HLMu Gl5Lk28qYFjkOKjWgMVn/KFk9P4xHTkW678oSJ703iYJ7vZVIysq/4Zsae23mHYH3S3p M6CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763151989; x=1763756789; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DbSbIV7kjQhmmXQ93Lz60nOL3UZCe0IuOx2uiyNsLBc=; b=A9YaDmzGFHGru4V7JyUTNpQswp3grbDtxmBg+KLte8/guvFFqdA0q0Vu9OOtsYqBrG akPGbCycuqGSnElKbqnRo4L0Ok4Q3ILvdiRj+MPUZFE8wEpBQluS58m8N3zXJv0BV+N6 BDKQj0rznQQZRBJ64VQOrjyl+2TTjfb3iYTxzVBckGeqRalr3CYfsin7zY5hPkL3VlOV 3moFD5oza5sFyllMG6UuglmlJC4ux+eHSmvbED72rtGjNRojkBYNSw4x9J2Sef48GlT9 U0qL65Diq2oRu4sbRHz32NCJEpIdXl2mednvnt+WBdSrpkz4MfrQ56FH9c7tSu230DU5 rtYQ== X-Gm-Message-State: AOJu0Yw2/tZp0PbrLQ4ct7Lpu/Rln8ngPNTFJ4eJf7ZHVTE7zPdGB/rK yvc6HgnwVdb61EYVykE8DmH0hvUV+jdCnEmnxSu13sDuziZF9JOnU1qwqWP6Rt5D X-Gm-Gg: ASbGncsajXnhtNzBSb87MP1ZPAilGHtN+X+M7y1cQ6EXkzrDPVDHJkgt5xaKofKYfmt dKHZufZxQIjH8+KEUxrMwI/RB9ylZIk1mrF48F9Z/uyQRkIwjWJOzE+7iO+564s1X8laSPj7tD5 6v4vH4E3iLp1p2HsmSYvYvX3tuvqzguV7Bb7tVap4GkDmSF/Tysm/UvSCnXTVUimjYfBThWN9YN R+K1LfRz70wgVHTMNFqPFK5zxIzzkwTplxq4ndDCPuriEiwXJMRj9EieGi+es48nATZu1fNmoWP Yqhs9whBHi+/5NNduiL5WqQohotDk2kkQpurdjuysMHIZPbsYVrRje5dozH68+zfDC+CjT4pngV 41FIWeijolp5bot/xUMCxkXhy4qBiRwSM71a1KQ9WBvltdeEG7aDwgOyn9k0I7XgjU5rSVXa5ZQ 8ha5enZkNA X-Google-Smtp-Source: AGHT+IFQyGAUNQHCGZtmJUfPckicz12L3+TAOAuwDsB407Li8Jehse6QumX93BDatCdfjgrDn2D/kw== X-Received: by 2002:a05:600c:4753:b0:477:7ab8:aba with SMTP id 5b1f17b1804b1-4778fe5ff23mr43179895e9.1.1763151989394; Fri, 14 Nov 2025 12:26:29 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4779527a656sm23617845e9.10.2025.11.14.12.26.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 12:26:29 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 2/6] libwmf: add missing CVE tag to patch Date: Fri, 14 Nov 2025 21:26:23 +0100 Message-ID: <20251114202627.656631-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.2 In-Reply-To: <20251114202627.656631-1-skandigraun@gmail.com> References: <20251114202627.656631-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 14 Nov 2025 20:26:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121717 CVE-2006-3376 is already patched, but the patch is missing the required CVE tag, so the cve-checker misses it. This patch adds the tag. Signed-off-by: Gyorgy Sarvari --- .../libwmf/libwmf/libwmf-0.2.8.4-intoverflow.patch | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-intoverflow.patch b/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-intoverflow.patch index 50d915c010..d92758b394 100644 --- a/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-intoverflow.patch +++ b/meta-oe/recipes-extended/libwmf/libwmf/libwmf-0.2.8.4-intoverflow.patch @@ -2,6 +2,8 @@ http://cvs.fedoraproject.org/viewvc/devel/libwmf/libwmf-0.2.8.4-intoverflow.patc CVE-2006-3376 libwmf integer overflow +CVE: CVE-2006-3376 + --- libwmf-0.2.8.4.orig/src/player.c 2002-12-10 19:30:26.000000000 +0000 +++ libwmf-0.2.8.4/src/player.c 2006-07-12 15:12:52.000000000 +0100 @@ -42,6 +42,7 @@ From patchwork Fri Nov 14 20:26:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 74581 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32CB1CEACCE for ; Fri, 14 Nov 2025 20:26:37 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.7587.1763151992835983883 for ; Fri, 14 Nov 2025 12:26:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=jx7XKDk7; spf=pass (domain: gmail.com, ip: 209.85.128.45, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-477442b1de0so16666545e9.1 for ; Fri, 14 Nov 2025 12:26:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763151991; x=1763756791; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=RijG/uBn77GVIQcQwpzMbFwGpV1IcgmV77nCuYIjYjo=; b=jx7XKDk7J/0YIq83HePeydYrFKIdQLm5P7jkUxNFYqAu48IQvitNBUIzgnQRfEmCGh MBxod0r+l0uSNXW6Rvve6vZH2GhVT8/7jTwx3nxVuVu6ecs6VDLIZOPFDcsJoGA0yHzB a8QqES7khGN4H4acbYJfyGHm/0q+DJNBddjyfMbbX2s/rLKWjE/756PapGRUdRuIhrRD vjampGM03q6ohYQaY93zZ5Fa9yK/LuCZgev5519zFdkPP6KeWaMkVFiS/c4CPwsbTjUc A2V23jsMtM0S29yE49dUX10LWioggGJB/LXcUuIdB1a0p2JO2iyovZI9L+kxI80Rck6E 0yeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763151991; x=1763756791; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=RijG/uBn77GVIQcQwpzMbFwGpV1IcgmV77nCuYIjYjo=; b=p4G22izCbW26wxiv5i5rbXcIzzn5Kxr+s8Ty0gM/dsSVLyDKcUV90l7F5TbjFuuCul eMn1LY9da56EadrUDuz3803xU6/f0XGKsOroxiiCU5i4IRVYNYd1qdN13wXwPE1DnyBP 2zKzdNnmk+6mvzZWAA/Ov3ojv6r+WFSyxi7ViPUZ6XQtYfksp/C05MxCBddkKA0nhEtv lZpoKnUBFQPSS2Y6XU1GKcT5JE8PbYUr1Sbx+0vuAXnYfNCZMg1pPqT9GWntgIqfg2tE 2c4eu0x5RhEuUP44cv+vWGnE2qGQKxv4+DNzyd8OJl2p3MVHKcCPMekfo8dEYxWrNpKa T4BA== X-Gm-Message-State: AOJu0Yy6oreWx3vH7zDjHSNRvx4b+5/C6LS1jX26zbu+/ELjyZoj0EyJ yqPLqRxIiupbxXnanu+Q4MY8B49bnCf8gUJLdv4SCmMggIxWGXveCkZrA3rOzZyJ X-Gm-Gg: ASbGnctPUKGCzTDpn/Vd/8Zqi4C4AlNXpkzDcDUmFn0+pxhu8uX5ZaD7TUxn0T+BXN5 glh6/+FdBWkjfyEI8NwfkXXanvAjdw5PD0Y0yMwg6129a++orl0NhiFxhnVSuh63/hpvqoSephf 2zbliNoELxC5NOMLkPRWMgDzQEz+L2HNf8+NFXYUgg7JXR4Z0jC/akaQxt2Ptbwkwqo0WWmUxSi DO6oCnf2n5weAuJ2FaxrAriL2jMIAVs+3HtXw/c9XqYvVdoiEhGPq/O0tYb0LKoay3UnE241vHz N1+rNKipnql3GEvEgLlwy2ku1BT5G5MvsAHYiTxaNPyqj/mr2Hhgaa7m4rEI9doK4fBRbJNv/nl rM2qUUj+APKr/DRGHP57YZEiYgmBLazmWflX2+oDAg8KlfuF05rvvva2sGVvYf3uD/hOt3HBGNB /KRKGznun4 X-Google-Smtp-Source: AGHT+IFlAPN5ZtVHz9yCQOwTJaC5j5OSR7+OPYHjnE5yA3xjUyiAr/JyFJgWt44fb9gNetLR7xCJJw== X-Received: by 2002:a05:600c:3ba3:b0:477:6363:d3f0 with SMTP id 5b1f17b1804b1-4778fe41c45mr44809735e9.3.1763151991091; Fri, 14 Nov 2025 12:26:31 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4779527a656sm23617845e9.10.2025.11.14.12.26.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 12:26:29 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 3/6] libwmf: patch CVE-2015-0848 and CVE-2015-4588 Date: Fri, 14 Nov 2025 21:26:24 +0100 Message-ID: <20251114202627.656631-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.2 In-Reply-To: <20251114202627.656631-1-skandigraun@gmail.com> References: <20251114202627.656631-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 14 Nov 2025 20:26:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121718 Details: https://nvd.nist.gov/vuln/detail/CVE-2015-0848 https://nvd.nist.gov/vuln/detail/CVE-2015-4588 Pick the commit that mentions the CVE IDs explicitly. The same patch fixes both vulnerabilities. Signed-off-by: Gyorgy Sarvari --- .../libwmf/CVE-2015-0848-CVE-2015-4588.patch | 135 ++++++++++++++++++ .../recipes-extended/libwmf/libwmf_0.2.8.4.bb | 3 +- 2 files changed, 137 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-0848-CVE-2015-4588.patch diff --git a/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-0848-CVE-2015-4588.patch b/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-0848-CVE-2015-4588.patch new file mode 100644 index 0000000000..b65610aa88 --- /dev/null +++ b/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-0848-CVE-2015-4588.patch @@ -0,0 +1,135 @@ +From f42e4f4505b07278f4baccddfc1f47059ae4f931 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Wed, 8 Aug 2018 13:59:18 +0100 +Subject: [PATCH] CVE-2015-0848+CVE-2015-4588 + +CVE: CVE-2015-0848 CVE-2015-4588 +Upstream-Status: Backport [https://github.com/caolanm/libwmf/commit/879d6bffa6dd21b8c0e9ec3b5aa31b6ae090ef83] +Signed-off-by: Gyorgy Sarvari +--- + src/ipa/ipa.h | 2 +- + src/ipa/ipa/bmp.h | 38 +++++++++++++++++++++++++++++++------- + 2 files changed, 32 insertions(+), 8 deletions(-) + +diff --git a/src/ipa/ipa.h b/src/ipa/ipa.h +index d050a7e..3003540 100644 +--- a/src/ipa/ipa.h ++++ b/src/ipa/ipa.h +@@ -48,7 +48,7 @@ static int ReadBlobByte (BMPSource*); + static unsigned short ReadBlobLSBShort (BMPSource*); + static unsigned long ReadBlobLSBLong (BMPSource*); + static long TellBlob (BMPSource*); +-static void DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); ++static int DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*); + static void ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*); + static int ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int); + static void SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int); +diff --git a/src/ipa/ipa/bmp.h b/src/ipa/ipa/bmp.h +index 29eee34..7751a36 100644 +--- a/src/ipa/ipa/bmp.h ++++ b/src/ipa/ipa/bmp.h +@@ -859,7 +859,7 @@ static long TellBlob (BMPSource* src) + % + % + */ +-static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) ++static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels) + { int byte; + int count; + int i; +@@ -870,12 +870,14 @@ static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int com + U32 u; + + unsigned char* q; ++ unsigned char* end; + + for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0; + + byte = 0; + x = 0; + q = pixels; ++ end = pixels + bmp->width * bmp->height; + + for (y = 0; y < bmp->height; ) + { count = ReadBlobByte (src); +@@ -884,7 +886,10 @@ static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int com + { /* Encoded mode. */ + byte = ReadBlobByte (src); + for (i = 0; i < count; i++) +- { if (compression == 1) ++ { ++ if (q == end) ++ return 0; ++ if (compression == 1) + { (*(q++)) = (unsigned char) byte; + } + else +@@ -896,13 +901,15 @@ static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int com + else + { /* Escape mode. */ + count = ReadBlobByte (src); +- if (count == 0x01) return; ++ if (count == 0x01) return 1; + switch (count) + { + case 0x00: + { /* End of line. */ + x = 0; + y++; ++ if (y >= bmp->height) ++ return 0; + q = pixels + y * bmp->width; + break; + } +@@ -910,13 +917,20 @@ static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int com + { /* Delta mode. */ + x += ReadBlobByte (src); + y += ReadBlobByte (src); ++ if (y >= bmp->height) ++ return 0; ++ if (x >= bmp->width) ++ return 0; + q = pixels + y * bmp->width + x; + break; + } + default: + { /* Absolute mode. */ + for (i = 0; i < count; i++) +- { if (compression == 1) ++ { ++ if (q == end) ++ return 0; ++ if (compression == 1) + { (*(q++)) = ReadBlobByte (src); + } + else +@@ -943,7 +957,7 @@ static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int com + byte = ReadBlobByte (src); /* end of line */ + byte = ReadBlobByte (src); + +- return; ++ return 1; + } + + /* +@@ -1143,8 +1157,18 @@ static void ReadBMPImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src) + } + } + else +- { /* Convert run-length encoded raster pixels. */ +- DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image); ++ { ++ if (bmp_info.bits_per_pixel == 8) /* Convert run-length encoded raster pixels. */ ++ { ++ if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image)) ++ { WMF_ERROR (API,"corrupt bmp"); ++ API->err = wmf_E_BadFormat; ++ } ++ } ++ else ++ { WMF_ERROR (API,"Unexpected pixel depth"); ++ API->err = wmf_E_BadFormat; ++ } + } + + if (ERR (API)) diff --git a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb index 955dd5154b..56fd0b9eba 100644 --- a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb +++ b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb @@ -20,7 +20,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/wvware/${BPN}/${PV}/${BPN}-${PV}.tar.gz;name=ta file://libwmf-0.2.8.4-intoverflow.patch \ file://libwmf-0.2.8.4-useafterfree.patch \ file://0001-configure-use-pkg-config-for-freetype.patch \ - " + file://CVE-2015-0848-CVE-2015-4588.patch \ + " SRC_URI[tarball.md5sum] = "d1177739bf1ceb07f57421f0cee191e0" SRC_URI[tarball.sha256sum] = "5b345c69220545d003ad52bfd035d5d6f4f075e65204114a9e875e84895a7cf8" From patchwork Fri Nov 14 20:26:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 74585 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 45E0DCEACD6 for ; Fri, 14 Nov 2025 20:26:37 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.7588.1763151993519406191 for ; Fri, 14 Nov 2025 12:26:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Q8m/npHd; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-477632d9326so17215075e9.1 for ; Fri, 14 Nov 2025 12:26:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763151992; x=1763756792; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=aiZQSiXzsOdIHXS5HWvymWTFQAL2o+S8r68UgXCiOnE=; b=Q8m/npHdlMHgKaBvQm7aUEr2NSNe4Qyx2+7HI+5n7+MGjHaai1AnJa7QH+dYO67Uaz z440iCNR1GqBiSgN1JFFLW9lYxaq9a1exrDWzJPiYif7WZzEQ8KOz8bwIBMi96uy4d6A gpU79SotoYxDMJmxVUiZS0tUAN0MH0DNyYSRN6QWgnVPcqP6Kfw9qGEPM/bKfpiliduW Mv0h5ibtEr+FHxgO/1HlIdaks3+B0WU86HLtqeNFloF7WztwHlZHu39x0EbTRhsp5NY3 5V/uq9asSkuEdBbiQ5kxpkhTWP4Uz/jz7gd6fbHqV1bCdgWJVNYkyXK+PxvHoPOBCv1Z tJ5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763151992; x=1763756792; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=aiZQSiXzsOdIHXS5HWvymWTFQAL2o+S8r68UgXCiOnE=; b=CE8Z/QmYRC/8Yuv5qVYvKNPZghgCN8blvY7kNK/BpltNxZ8McFTKsl9nbbCF4CiPkW 4pnEdsyHrk6Z6qSYc0XWuk29oe4zi1jotk9AQuGLR1jL72rIbwvqpEy2pVR+nRgdr8A6 ZU0tYhjPq/YWiSmqCnh+HpoyIHxoc4C/hPfoJTXHwtG2w4kjxBWCyaNXVyW6/aHsIqtr Z89XjhsoDLXRWHO/7oNgeQgyiKBUdQQNSukn/Q8pA4jPQA1uMd3acjRdyZXpApJlerow Cc2YzEuwygFqsSLe3+HrH0fm0rMZSYkYSHyxQn0rLe2C5YJr1sKNTI715cqRxgYNhxlP 67dw== X-Gm-Message-State: AOJu0YyHErhI6uzQa3Qz22FJU8crNlSNuJEdH0s3TjCWrgQpDbJ8RbX+ cVR4OIxWPdxvw/CNHbiZSpaBo3tM/pKeDqMWv62Yvtr6sr+Ym9TsBLqF6E2ok9VF X-Gm-Gg: ASbGncvO9RdpuA9XOPvXn2O22fqnNl3CKGye/v53p4wyAd5nYTNmrlWZFTqB6Bc/55d gWJl8Jm/rduLb6XW+iSalTtaNcvshVM8wU+YiK5JQvrbRSrl/C1Ccb7c+kS9Yp75isy8O/10Qv3 YId/vB0yWFD7j4LRTTiNsi8b19u0ETQutCaJBOi1ULBHlMR4042wKGBBKpzOCAU67KAmV6cNJIn Kvfg7bsbcGJogYWkW4cV8rEENVBDC80it1mE/z/2/lHXYnCaGG9OcLtpET8oPttP/0S/5aQX97J oSZ24QQ4zhxz3+rY5e6hTqUbQzZNiGDutK55t9tFIDfnYuQZyHnvzweTacYomVaI5z3v/m8YNpJ 05kdr81uPD/orXDO5xgP2EF0spW1O0yHhMsecR+/FepilhURdrmB/8VGwVYywAOUMU39BypUkxa O9G4wwMl/u X-Google-Smtp-Source: AGHT+IH41UT6L7KSWXZDSGelhxk153u3OKzG/25UAbUrsjENM5qtTrG5A6oTuBNMnKkXfvA13oaQXA== X-Received: by 2002:a05:600c:4594:b0:477:bb0:7528 with SMTP id 5b1f17b1804b1-4778fe9aec9mr45876835e9.22.1763151991818; Fri, 14 Nov 2025 12:26:31 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4779527a656sm23617845e9.10.2025.11.14.12.26.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 12:26:31 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 4/6] libwmf: patch CVE-2015-4695 Date: Fri, 14 Nov 2025 21:26:25 +0100 Message-ID: <20251114202627.656631-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.2 In-Reply-To: <20251114202627.656631-1-skandigraun@gmail.com> References: <20251114202627.656631-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 14 Nov 2025 20:26:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121719 Details: https://nvd.nist.gov/vuln/detail/CVE-2015-4695 Pick the commit that explicitly mentions the vulnerability ID. Signed-off-by: Gyorgy Sarvari --- .../libwmf/libwmf/CVE-2015-4695.patch | 70 +++++++++++++++++++ .../recipes-extended/libwmf/libwmf_0.2.8.4.bb | 1 + 2 files changed, 71 insertions(+) create mode 100644 meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4695.patch diff --git a/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4695.patch b/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4695.patch new file mode 100644 index 0000000000..fe6163af3e --- /dev/null +++ b/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4695.patch @@ -0,0 +1,70 @@ +From 7a7f58c0ebb84b9a3c44c875a667ce8ba191b325 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Wed, 8 Aug 2018 13:59:37 +0100 +Subject: [PATCH] CVE-2015-4695 + +CVE: CVE-2015-4695 +Upstream-Status: Backport [https://github.com/caolanm/libwmf/commit/b5ae5d1f3bbddf051a5c9dd01897bd835817f013] +Signed-off-by: Gyorgy Sarvari +--- + src/player/meta.h | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/player/meta.h b/src/player/meta.h +index 252e68b..3e13688 100644 +--- a/src/player/meta.h ++++ b/src/player/meta.h +@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrlis + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrlist + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrlis + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrl + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrli + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); +@@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI* API,wmfRecord* Record,wmfAttributes* att + objects = P->objects; + + i = 0; +- while (objects[i].type && (i < NUM_OBJECTS (API))) i++; ++ while ((i < NUM_OBJECTS (API)) && objects[i].type) i++; + + if (i == NUM_OBJECTS (API)) + { WMF_ERROR (API,"Object out of range!"); diff --git a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb index 56fd0b9eba..e135b1764b 100644 --- a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb +++ b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb @@ -21,6 +21,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/wvware/${BPN}/${PV}/${BPN}-${PV}.tar.gz;name=ta file://libwmf-0.2.8.4-useafterfree.patch \ file://0001-configure-use-pkg-config-for-freetype.patch \ file://CVE-2015-0848-CVE-2015-4588.patch \ + file://CVE-2015-4695.patch \ " SRC_URI[tarball.md5sum] = "d1177739bf1ceb07f57421f0cee191e0" From patchwork Fri Nov 14 20:26:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 74582 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 46BD1CEACD2 for ; Fri, 14 Nov 2025 20:26:37 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.7806.1763151994352569622 for ; Fri, 14 Nov 2025 12:26:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=aZoYXxw3; spf=pass (domain: gmail.com, ip: 209.85.128.45, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4775e891b5eso13111545e9.2 for ; Fri, 14 Nov 2025 12:26:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763151993; x=1763756793; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fburcfYwsp5CB63O8ZWLHWsJPKuLhYvl39K2uu2fUN8=; b=aZoYXxw38fy3ZA/z3RLInwj11UYFvt94zGvjrZ4g9ujTQEto2OB3rMQGEEKsH3kOmU JD5jyYkT79aSbyru+Koh16nbwpqm2ragUzk/lGROFXtmNR7DT27qcO5/e22skd9gjmO1 a5JG7N1OkeIyPjZGKnzWzk4RIvKkEA9B0CNOLbneNMJMJ5Ze4lpMpUjfgrBaxVJoJ2w8 nHDy/mmYq81Im/WM+XxxMl3Di+63P8eWk+HSZCKOgnirAK40E4lJ33CXroDuWGHX3lKS KD0I0KNAHAul959aSbQf/HnChS67QWE1sMnErBOgtdHmhKq4LisCRWnu6zEyFro9RVAR lzug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763151993; x=1763756793; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=fburcfYwsp5CB63O8ZWLHWsJPKuLhYvl39K2uu2fUN8=; b=lYNpUdweA5Zo7SaQvitVJWoVJSE0doNTkuWW8Mwul9Qxa+8Iq8P7CffcJ5ufgIZF6q dUvPBuRxn0i61ybpUHdsgopIbCmZn2SmOhBnT/h88DL68FC0tA3KfyIGCRH/dz9Xjy7o SFKcZd91YiStzYNptjw01NIUzOWqrY+Ybc5Q2pAcofpqVCM3RdlWRn4lmvDihLhl0vNO GP+jvmV9UbWD6dLJdyXg90YE/m2Ct5tcijH1mse2ryoL2+YfzVxisCyhubT5FtXsO0CI OKeBrWKPCm/9qpr/yUwsf+AxZ7H75AXJLjg4LVV99KxAnwHPfweOm0BA2I8H0siqLSu7 FBYg== X-Gm-Message-State: AOJu0Yy7rgX30uiGEde8hXPGIUyQsdbAd7XZNT6PnKQYuQgRRZWz/h9X bYdF68v1ylOEpljFHrMaGFGGSyN45AfP8j4ltQ5Io1WcXltqJm2bPUSbJcUJkx7m X-Gm-Gg: ASbGncuLgIKg1hJL8IHMm8NtjwlCNuXNAuxjICYjAlPHoq5QuGNnDMO/jh5e/hv8w2S jJMTx+52xwX6HiH4weZRosD/tI4Rx8B5ziYY9usxQKaxqoF/V6aVZUFDgsEkNT+FmAaBik35eaF S7Ow5ANbI6fADVomiUG/wQ+Q/08YHiUNL5Z7lzCTTQ7BJ358HPxEA1znOaOj766Q1joBYuh6IS1 DZD0ovZ6O9SupyExQHOAg0QzIbzp2ot97oy0sa73FvCw3TSA9knL5istYvWEweJQlHi0e04Y7nJ 1dOA6Ccxjm4tJtC4b23609b3OgbzQZJ36NNTvgQ9WZV61TiSm+GPM2sbYNX/JEnBYIJ96kg6cmW mqr2DjR/8IiAhxRYeRsui4yHHLiQhQjD3uWBrf932vp7fVROxaLMbcuc5GSsO3PiSiMOA8gkSga p9UifcMPuF X-Google-Smtp-Source: AGHT+IGGoPPqT5viMmfW9ny/QL1q3DtSTfbDL//BVbj3MzGYWBRN225NC7bGHctNq71+Jnowb/b2Rg== X-Received: by 2002:a05:600c:4f93:b0:477:bb0:751b with SMTP id 5b1f17b1804b1-4778fea1056mr41387945e9.27.1763151992459; Fri, 14 Nov 2025 12:26:32 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4779527a656sm23617845e9.10.2025.11.14.12.26.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 12:26:32 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 5/6] libwmf: patch CVE-2015-4696 Date: Fri, 14 Nov 2025 21:26:26 +0100 Message-ID: <20251114202627.656631-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.2 In-Reply-To: <20251114202627.656631-1-skandigraun@gmail.com> References: <20251114202627.656631-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 14 Nov 2025 20:26:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121720 Details: https://nvd.nist.gov/vuln/detail/CVE-2015-4696 Pick the patch that mentions the vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari --- .../libwmf/libwmf/CVE-2015-4696.patch | 37 +++++++++++++++++++ .../recipes-extended/libwmf/libwmf_0.2.8.4.bb | 1 + 2 files changed, 38 insertions(+) create mode 100644 meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4696.patch diff --git a/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4696.patch b/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4696.patch new file mode 100644 index 0000000000..bd5fc4d85f --- /dev/null +++ b/meta-oe/recipes-extended/libwmf/libwmf/CVE-2015-4696.patch @@ -0,0 +1,37 @@ +From f743ef455dfb1faade0ca5290994087ef8b12a98 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Wed, 8 Aug 2018 14:00:49 +0100 +Subject: [PATCH] CVE-2015-4696 + +CVE: CVE-2015-4696 +Upstream-Status: Backport [https://github.com/caolanm/libwmf/commit/f47cbdf96838c2daa7b8e489f59e62371d33352a] +Signed-off-by: Gyorgy Sarvari +--- + src/player/meta.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/player/meta.h b/src/player/meta.h +index 3e13688..f86c5f9 100644 +--- a/src/player/meta.h ++++ b/src/player/meta.h +@@ -2585,6 +2585,8 @@ static int meta_dc_restore (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrlis + polyrect.BR[i] = clip->rects[i].BR; + } + ++ if (FR->region_clip) FR->region_clip (API,&polyrect); ++ + wmf_free (API,polyrect.TL); + wmf_free (API,polyrect.BR); + } +@@ -2593,9 +2595,10 @@ static int meta_dc_restore (wmfAPI* API,wmfRecord* Record,wmfAttributes* attrlis + polyrect.BR = 0; + + polyrect.count = 0; ++ ++ if (FR->region_clip) FR->region_clip (API,&polyrect); + } + +- if (FR->region_clip) FR->region_clip (API,&polyrect); + + return (changed); + } diff --git a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb index e135b1764b..bb1aecd16d 100644 --- a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb +++ b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb @@ -22,6 +22,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/wvware/${BPN}/${PV}/${BPN}-${PV}.tar.gz;name=ta file://0001-configure-use-pkg-config-for-freetype.patch \ file://CVE-2015-0848-CVE-2015-4588.patch \ file://CVE-2015-4695.patch \ + file://CVE-2015-4696.patch \ " SRC_URI[tarball.md5sum] = "d1177739bf1ceb07f57421f0cee191e0" From patchwork Fri Nov 14 20:26:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 74584 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 53A39CEACDA for ; Fri, 14 Nov 2025 20:26:37 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.7589.1763151995163971754 for ; Fri, 14 Nov 2025 12:26:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=G0Id0I7A; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-477775d3728so24475615e9.2 for ; Fri, 14 Nov 2025 12:26:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763151993; x=1763756793; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YwaMO6fZ+1TDdQJ3W9MGSxxh65XWwV46LadyJU5P0oQ=; b=G0Id0I7AlxcbZLh58U7lIQpzSBpmgCI4HHdVxKDCMHfeTBTumdki6GQQMJWgIOneBK UW60RPLihP7NdnfrNAARr8EBvK68XJUSbSbOEwL94lPTJH8NVFjQrb9rhYn79rpv+O3C ZYyHTwACZ0vhoxCOJEomJaX12N8gI2czk+wFkiFzRCUP+eTyp3dQMKG9qwtyCJJwOA9B JOpluhLjvJuYgweEGed0lH7N6g96S9j1ETAsMHuokFeXQk3BZyPDxT2versIVaZW0lqR hX/acpKRIewkfYwM6qlsNOxQ2REO+3HeW9MTeOCCvUQld6IG54XzPaH2ZSh5zFBQVCIf Kebg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763151993; x=1763756793; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=YwaMO6fZ+1TDdQJ3W9MGSxxh65XWwV46LadyJU5P0oQ=; b=cBDN4cXqAoEdmC37C2mR+D9z66Z+cVZY1zDTN3UWT6PraZPGl4Vz4+K43Z8JDpHAOV SQ/KMdjPVTIgv+/lieUWwLcUhkoIwNEpML97G25n14yX9PSyM6Yqbx8TYAlMD/51gwLT BPUbPVj374LrrmdqwCOR5qMFZaxGywBJnKYHksBnOmW3S9QIS5dllq1WCnWJP382P8nk Jgchw2RXy3kPQjl4+YCYvsmKMfryjKoYkCTb+OtnF8xdQmsjyyVEAbQnuVPTKvHVZrjY Px0a/RmSZCukdaENkP5cl2o4AsYpBEQ9dQFBr70xuAuryAtCKwowIQCrjPJwlTEfWRGT FBgw== X-Gm-Message-State: AOJu0Yy0Gzd76CAlQOAnL0qISxSV3HzyjXoqDHin9wadyQ1FXhgpmufH OzE1+uONLXMRbaRbYGjwoUUkHBX6hy5nTlyMXjGXMIxl7FlndVDdmBZtjrvX00Pd X-Gm-Gg: ASbGncu85sNxWWcgZPUYgAWcRAYpuhf7XUJgkgon/HPigZfMoMfQ6h8IPBxIzKaUY2n xod5jgTjmlMmLaYWW3giRy6tPmAdccXRKxusHus9aPKDHYabXrEB3lgBheize+VaQOjOHIbX4Ho E+sgtiukJ0Oqj4BbGQsWYY9C3npqWWGT/TNFLFcUuu1eYl8OYORC7vlOrVVHSQa46IsQwslvW8f Gf86HG+d5Q18kiUger4SRX9WuiLtMgqu1UmPDTJOg1dlc89IFaJ+FDMLx3HYtehHus2FgD+7m1J tBMtDIsIYLER6SWcLolIlTDqSr07vx/D35N+NeKilJc3ENUS+pUX2Fz495KytPez0kehRCteWjS zLD9y1wzrM0hTh5EJFu24k4xYjIIqcDJLqAP5Lpb85zSB/shRR6stQXg+lWwWOVUxz+/lTCjahz ul+ULnOFA/ X-Google-Smtp-Source: AGHT+IHJ2N9ZwvU8NYRovRZOvlfm0rMmKUpzly/R0A+GSA5RpG5R4epYLT/sjgEa1WOliqdRabbjvQ== X-Received: by 2002:a05:600c:4594:b0:477:bb0:7528 with SMTP id 5b1f17b1804b1-4778fe9aec9mr45877215e9.22.1763151993154; Fri, 14 Nov 2025 12:26:33 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4779527a656sm23617845e9.10.2025.11.14.12.26.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 14 Nov 2025 12:26:32 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 6/6] libwmf: patch CVE-2016-9011 Date: Fri, 14 Nov 2025 21:26:27 +0100 Message-ID: <20251114202627.656631-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.51.2 In-Reply-To: <20251114202627.656631-1-skandigraun@gmail.com> References: <20251114202627.656631-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 14 Nov 2025 20:26:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/121721 Details: https://nvd.nist.gov/vuln/detail/CVE-2016-9011 Pick the patch that explicitly mentions the vulnerability ID. Signed-off-by: Gyorgy Sarvari --- .../libwmf/libwmf/CVE-2016-9011.patch | 50 +++++++++++++++++++ .../recipes-extended/libwmf/libwmf_0.2.8.4.bb | 1 + 2 files changed, 51 insertions(+) create mode 100644 meta-oe/recipes-extended/libwmf/libwmf/CVE-2016-9011.patch diff --git a/meta-oe/recipes-extended/libwmf/libwmf/CVE-2016-9011.patch b/meta-oe/recipes-extended/libwmf/libwmf/CVE-2016-9011.patch new file mode 100644 index 0000000000..e2044bc3e6 --- /dev/null +++ b/meta-oe/recipes-extended/libwmf/libwmf/CVE-2016-9011.patch @@ -0,0 +1,50 @@ +From 245ec5c80d8d9964d150507f5583ab890a327fe8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= +Date: Wed, 8 Aug 2018 14:01:34 +0100 +Subject: [PATCH] CVE-2016-9011 + +CVE: CVE-2016-9011 +Upstream-Status: Backport [https://github.com/caolanm/libwmf/commit/2208b4881ceb8056480735dc330cfd52be03893e] +Signed-off-by: Gyorgy Sarvari +--- + src/player.c | 27 +++++++++++++++++++++++++-- + 1 file changed, 25 insertions(+), 2 deletions(-) + +diff --git a/src/player.c b/src/player.c +index cd87cb5..628cdcb 100644 +--- a/src/player.c ++++ b/src/player.c +@@ -139,8 +139,31 @@ wmf_error_t wmf_scan (wmfAPI* API,unsigned long flags,wmfD_Rect* d_r) + WMF_DEBUG (API,"bailing..."); + return (API->err); + } +- +- P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char)); ++ ++ U32 nMaxRecordSize = (MAX_REC_SIZE(API) ) * 2 * sizeof (unsigned char); ++ if (nMaxRecordSize) ++ { ++ //before allocating memory do a sanity check on size by seeking ++ //to claimed end to see if its possible. We're constrained here ++ //by the api and existing implementations to not simply seeking ++ //to SEEK_END. So use what we have to skip to the last byte and ++ //try and read it. ++ const long nPos = WMF_TELL (API); ++ WMF_SEEK (API, nPos + nMaxRecordSize - 1); ++ if (ERR (API)) ++ { WMF_DEBUG (API,"bailing..."); ++ return (API->err); ++ } ++ int byte = WMF_READ (API); ++ if (byte == (-1)) ++ { WMF_ERROR (API,"Unexpected EOF!"); ++ API->err = wmf_E_EOF; ++ return (API->err); ++ } ++ WMF_SEEK (API, nPos); ++ } ++ ++ P->Parameters = (unsigned char*) wmf_malloc (API, nMaxRecordSize); + + if (ERR (API)) + { WMF_DEBUG (API,"bailing..."); diff --git a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb index bb1aecd16d..2eb7f44114 100644 --- a/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb +++ b/meta-oe/recipes-extended/libwmf/libwmf_0.2.8.4.bb @@ -23,6 +23,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/wvware/${BPN}/${PV}/${BPN}-${PV}.tar.gz;name=ta file://CVE-2015-0848-CVE-2015-4588.patch \ file://CVE-2015-4695.patch \ file://CVE-2015-4696.patch \ + file://CVE-2016-9011.patch \ " SRC_URI[tarball.md5sum] = "d1177739bf1ceb07f57421f0cee191e0"