From patchwork Sun Nov 30 19:44:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75609 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69D7AD116F6 for ; Sun, 30 Nov 2025 19:44:26 +0000 (UTC) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4094.1764531857973575413 for ; Sun, 30 Nov 2025 11:44:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Dyg2qpEV; spf=pass (domain: gmail.com, ip: 209.85.221.48, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-42e2ba54a6fso300631f8f.3 for ; Sun, 30 Nov 2025 11:44:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764531856; x=1765136656; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=xEuRu+IF6vODhb5mT8Zm++KksdTmNr84/TiJqyy+w/I=; b=Dyg2qpEVscWTu9vWfFXCHFlr9W+x3pCqEtue6IRL7kM/xyrctE2Q4m16UBc3hDIRYa wMDMND1Te10XUV1B51rpfVbnHe9f21YhGL/tBPTvgmhsmnqEvbZAr/m8BCYbAxSrMk0q dNpVo3Ozw1kWBD3LoPmowVuy0eFnKEK1yP59a2Hr0L1L/6oT/OkzXug1LeuLy5+dcjP1 oWqVpSpHRh5a2JMW5a8c0qIF+pfjRtskPxA8zfvrsMktkSpr/QLKiwecm0KT4QL1/itB OWUpGlq1rlo+q762Z6zjgmKlBRTuJNwmk6971yE3d0lzr5iwql5sQIMwoPRnJdBSMvLo ucBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764531856; x=1765136656; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=xEuRu+IF6vODhb5mT8Zm++KksdTmNr84/TiJqyy+w/I=; b=PmldQXvJJ3BXQ7EdXvH9rDOm2QVAlUQezhDV7N2Hs9YL4rM8pU5mhR0dH2ixAHTmjy mpqLQE58ujvmEFI9JK68wON+C58KdqeSNtwFHDbL7UDcqj2H64ighvWNuZTEriwFhoF9 k9YbNmTRc83ppHvt8HZLiJK9+lTTgsEzef4Qo4M0AAaV25Xlx4+i7X0A6m9Kn2EZ/qCf WSKmOqQu5vx5PMIFAfkOnRYAneZj+zxaD7mdVuRqLyBYIEjp9the6vle4TFRVz0/n8y6 hyz6JtxeVL+XaXQxv/anD69DxuVmOjV0HVglG3D9obP8iHVghcGk0OZ9lULGw0JhWuTj t2Qg== X-Gm-Message-State: AOJu0YzevPan+B2YlsMlvg8jq+d3lR48vRx862eumSUD3cY0aTFteKdc /5fLSXVByI50MYsxyrHA3N5v5d117rhk4zDqlEl3IgHkMHMFmCPCmsqZXQHFCQ== X-Gm-Gg: ASbGncu/nUMasW4hsHlvOpV3LzTKQGE4VFKHApr2dBynTwlCeS+di3L5dgg4glxoiAH u4XABgcOcJdYikyr/pPCQwtN1VXsLAKM5JgiE/ZVr4pvBc3aWcE/hsFpEhq7gqr5WsGBsrBktCK GfcraoeAirWDHIB/5cHMhuOD+/q4ZYawPJciuC366bqYWXKDZ8fxMYlkD3rLKDE0fcT6gRDKQ2/ 67vikO5EDORWAAOg8lHNKyKAOiRosqIfCvrjBd06iO/8VnMufJNvSKX/y1Vat15BQKbPp44TjiR YKLot+3RmzRIwJfEFtCQhDEXwsI0FevUeD4UQoFC0V0+TJl6kWGmiIWbxN54WCMhvfAIqGFbdkk zl34X+AgV2CaUNf7HdWmv/rUvqevwcFWAIXXubZIWwO59oojFmuuqeg6UYr2herUDNDnX3BLdtp 2+dmXcqYS8eziAESbRITk= X-Google-Smtp-Source: AGHT+IENUZjH2KCNnyqEgaadtRvnvWku9zAGXODXF2b4q4RQmolIccyXk1Lwad6JdC9Bd7uiS42/gw== X-Received: by 2002:a05:6000:2dc5:b0:42b:41dc:1b60 with SMTP id ffacd0b85a97d-42cc1d2e099mr35265157f8f.29.1764531856063; Sun, 30 Nov 2025 11:44:16 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42e1ca4078csm21399153f8f.29.2025.11.30.11.44.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 30 Nov 2025 11:44:15 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 1/7] yasm: add alternative CVE_PRODUCT Date: Sun, 30 Nov 2025 20:44:08 +0100 Message-ID: <20251130194414.2335669-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 30 Nov 2025 19:44:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/122174 There are multiple vendors for yasm: $ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';" tortall|yasm yasm_project|yasm Both products refer to the same application Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit 93f85e4fd2fb124cb047f6b378cf0052a1f102aa) --- meta-oe/recipes-devtools/yasm/yasm_git.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb index e6e4faa8a9..d1c37cb2ae 100644 --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -30,3 +30,5 @@ do_configure:prepend() { # Don't include $CC (which includes path to sysroot) in generated header. sed -i -e "s/^echo \"\/\* generated \$ac_cv_stdint_message \*\/\" >>\$ac_stdint$"// ${S}/m4/ax_create_stdint_h.m4 } + +CVE_PRODUCT += "tortall:yasm yasm_project:yasm" From patchwork Sun Nov 30 19:44:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75611 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9526DD116FA for ; Sun, 30 Nov 2025 19:44:26 +0000 (UTC) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4135.1764531858803131290 for ; Sun, 30 Nov 2025 11:44:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IsS8L2uT; spf=pass (domain: gmail.com, ip: 209.85.221.42, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-42e2b78d45bso456952f8f.0 for ; Sun, 30 Nov 2025 11:44:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764531857; x=1765136657; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=g3eqAQno4f2F/JkZ4Wo1451ktBP80xlXkN31B7XZQhM=; b=IsS8L2uTw9fpDZ9AKUCAqIyFG48keZC11H/H3RC4kBUeOHyfV6PKgKJl/fdcPzSD8k FINRDa0pXyUcqqgBXwyZ/Xp1PirX50LLqB0zHp3/l90mdR2IUnUEWE06j4DwU+NH7ZGu QVDQSskuSkXB5TuWCE87m7S6A/jc0dUWE94QYu+oOGttFiqy/uh0RmOxLrue5YId8yBL K8bwb4ukBCwZQBcIV0xxui4WBFAbDGwJd4GzCK/+bW5H/mUk3J/YPXwR3/Sxysm4mind fXCjlh/gtGTrYg7IAtOYmLRcuYXiWSyW+VDxTVHgi8gH8excm0MT10Yd/wM2tSniP+cu 5V5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764531857; x=1765136657; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=g3eqAQno4f2F/JkZ4Wo1451ktBP80xlXkN31B7XZQhM=; b=vnbcvE4DLBKzvB0FDoVlsW6P8IY4ix0ucFQiBoqTrl+s0VC6jEhLGvBgmiw64slZv7 NskE0CwcLhtIm6HZxLcC+yn+3b8+7qzYEE322NOcAXMg8keqYlLNehrjQZKgGRflZwqw 7NkZfRpHe6iSWBWGT2b9xiV8tEZT054dCnRfpqawefb4x+TrOV3bEbuPgSoiXtaQqXsU k508tj0vjC6Ni5ozciBlVWSifeqIe09T3AbEi5a5o6k+LJYjYIh7tX3JFp1EF0dxEwDs Mn6jaT/ir86qjrnpjF6GIwzukwwnQjdPRrqwpVxJAQ6cx24suggeFEBR3ypcmHB4H+dL CAdQ== X-Gm-Message-State: AOJu0YyF7ZSc8Ou1GGm5x1EaOIcCSIk5WhjUIeSOKpbrFI3zC5q0idMJ kjDeRUYFYSkIZmL3X8OzV/+DpX3+CYFpgpfs3an/x0w6KXjeB3X9u2A2vShtSA== X-Gm-Gg: ASbGncvinUGI+pAZIEZYqgE56nyXVwSHh2sZZTKwHjWSUIAzGGCa5Foglo0ZWO21NKm 2D53BBgJneJ5OsOpgrqrGE2MEKnyZuycAddIsGD0rHJLsWkv/ZxNhvKKQKzSCPXy5RClt4C7UzB 23Gb4JzjDNWkz8VrGZHYfmQKlm/8kGrcUvnusA9mTmbWCafznkr0L6UMlLZFsMjsSJGHp0O6liX jNmGn47tyFmJkWFCOka40Nbg8PfedaaFoIMER+u1bMnbeWna9D1yAAhcOcX2coOWry3UyDwDxba O1yvXQ7BeGTInSime8nGrBSkWG7Yy4/aDeIyYIMj4zOZ7zUp2600yENgosAqUV02riJwudYxtz5 s4+MwiNLDeVFV5KX5a2Ua9qL2TnGi6EG94zT+mPzNVmN6MKZ/F1KXsQQE+OU2jxO6JaCWbqx9ah ghQ/SfgMq1 X-Google-Smtp-Source: AGHT+IEn5L+cRLff1Flk1gSXFX5GNk9qSCWDYZkJnnKaKuV4Ed9fRltcdG/N9heumK/NGKJu59RL9w== X-Received: by 2002:a05:6000:2f83:b0:429:c711:22d8 with SMTP id ffacd0b85a97d-42cc1cee555mr36411349f8f.15.1764531856942; Sun, 30 Nov 2025 11:44:16 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42e1ca4078csm21399153f8f.29.2025.11.30.11.44.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 30 Nov 2025 11:44:16 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 2/7] yasm: patch CVE-2023-29579 Date: Sun, 30 Nov 2025 20:44:09 +0100 Message-ID: <20251130194414.2335669-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251130194414.2335669-1-skandigraun@gmail.com> References: <20251130194414.2335669-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 30 Nov 2025 19:44:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/122175 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-29579 The patch was taken from Debian: https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/ Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit cc30757a7fd0af5f60b9a6408b3eb94c0810acda) --- .../yasm/yasm/CVE-2023-29579.patch | 39 +++++++++++++++++++ meta-oe/recipes-devtools/yasm/yasm_git.bb | 3 +- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch new file mode 100644 index 0000000000..58b4ed1996 --- /dev/null +++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2023-29579.patch @@ -0,0 +1,39 @@ +From 81c1b7b0a28f052eaadddcb010944bf67e6ae257 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Sat, 15 Nov 2025 13:24:21 +0100 +Subject: [PATCH] Make sure CPU feature parsing use large enough string buffer. + Fixes CVE-2023-29579. + +Author: Petter Reinholdtsen +Bug: https://github.com/yasm/yasm/issues/214 +Bug-Debian: https://bugs.debian.org/1035951 +Forwarded: https://github.com/yasm/yasm/issues/214 +Last-Update: 2025-04-30 + +This patch is taken from Debian: +https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/ + +CVE: CVE-2023-29579 +Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/214] + +Signed-off-by: Gyorgy Sarvari +--- + modules/arch/x86/x86arch.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/modules/arch/x86/x86arch.c b/modules/arch/x86/x86arch.c +index bac11774..58327958 100644 +--- a/modules/arch/x86/x86arch.c ++++ b/modules/arch/x86/x86arch.c +@@ -165,8 +165,9 @@ x86_dir_cpu(yasm_object *object, yasm_valparamhead *valparams, + yasm_error_set(YASM_ERROR_SYNTAX, + N_("invalid argument to [%s]"), "CPU"); + else { +- char strcpu[16]; +- sprintf(strcpu, "%lu", yasm_intnum_get_uint(intcpu)); ++ char strcpu[21]; /* 21 = ceil(log10(LONG_MAX)+1) */ ++ assert(8*sizeof(unsigned long) <= 64); ++ snprintf(strcpu, sizeof(strcpu), "%lu", yasm_intnum_get_uint(intcpu)); + yasm_x86__parse_cpu(arch_x86, strcpu, strlen(strcpu)); + } + } else diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb index d1c37cb2ae..d89f9aebe3 100644 --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -14,7 +14,8 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \ file://CVE-2023-31975.patch \ file://CVE-2023-37732.patch \ file://CVE-2024-22653.patch \ -" + file://CVE-2023-29579.patch \ + " S = "${WORKDIR}/git" From patchwork Sun Nov 30 19:44:10 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75612 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 862C9D116F8 for ; Sun, 30 Nov 2025 19:44:26 +0000 (UTC) Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4095.1764531859495160531 for ; Sun, 30 Nov 2025 11:44:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=HB2XANdH; spf=pass (domain: gmail.com, ip: 209.85.221.54, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f54.google.com with SMTP id ffacd0b85a97d-42e2e239ec0so566035f8f.0 for ; Sun, 30 Nov 2025 11:44:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764531858; x=1765136658; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Zp2S8uov8vVlWliV7eIOBzTz5Rw24ypmDf8PLIKkBFQ=; b=HB2XANdHSvdjdL7emg4qaxQJ9D2SVY8N+doVSa31p2HnIM+wAgIiFII2X2t7EC+t0c sJ223Pqzqy92MPIwNkgvA5njjYJaXnaE4bVe/FEpgYejQOYT6WXR0joorc99hVG0DBtE vHd4CJPaFu2J4pnaQww9fJe2cVMMh00W/DckAkZj1g0mkQiWF6kMp00LjkxIpa9iM8oT oVdaB0hGrdT9Bc2Kva9eUkDGAo6GXeFPrxPftgeag+NrC73XO5NPu7uaPcmA5zrg9sd2 InEQ+Nhz6z5XHX0LXzQKrebuI2joEx6okMV/EpMSdmi7qhAGPy4cGqbpYq0WHCID6+9Q pjMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764531858; x=1765136658; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Zp2S8uov8vVlWliV7eIOBzTz5Rw24ypmDf8PLIKkBFQ=; b=NSz+zooTR8OtRIC4v7AKQHg99OvaA8g4+GsfXS2Tn5bv6LvRiSoFzTTCYi98qDOnWU DrAf7gcyPI8XOtUVZBAsuN5wuoWKTHB6vXFDypiWGGjtHPvS0fLInd5asQ+3A+Muy8U6 +nAc57XnoZXX1cL1yhoHhvzrWLH5TKwW7ObZE6hMeE/dc40OVMy7CO7cmb9H3tMGjicg w8P0wviT4wFDcSKOe8ulHOfGRrIap6QtYeOH2292Vp+dGUMBxLF8Gq/65j0KOyFPKRLs oky+wUjet9EYdL4wvBe0kAiw9uOyBzTn8W+hPhFeXdgj8QuiS1qcYCC6JR3/NDJGMc8/ BDnw== X-Gm-Message-State: AOJu0YztMH+LXkd7yQ5f0q9ej8AmJQNkRxIhqnc1eKFqaUDt90Snj/qf +N+dWxOjvKhCgKoeq7N4NE4UZZXp7JCZ5Jh00V6CVZKBtFa/sBoZb9WnU+UByA== X-Gm-Gg: ASbGncuvPlXdDTwG7WQqRPzF2YSXPFiuxNApymjUYW+PaamvQpSLvsanRdjgiZgAekA sk4np5hTZtINpyU0BZ4nCoIUSeDIZnI1X7/RX/axq/pi/3idcpKMJCsbhhwgl+roGnZb6VbZryO FXbWV2WSj7d3ugOFqxjpi1e3XDh+rYSixbuUQUFty+v/58RKpLvZ6A3QEV9JtYyxLc6wAgSaOlU /yyLPgic9p+wVZwYuMpIU3PzmCewDmy6oicM5c4sGRTedhTzJ/ZTq6JOYer15PLX3FHWMgcnp/L RgGVDUib7NhcwchGrb33bwr0Hl/8LV/cc9tz2Ul5Tn84P+dw5UeDd5Piejn8Get2f1rUYFKKcxn 1P2StH9e/9unPs9eMu3TC2gbvV9T09xf3BPscisDCcofxVq14GoXwNEAdcoPNzm4KgGX31Umz/D N53LNNhmhF X-Google-Smtp-Source: AGHT+IH4EbcjWCJispfSzl+j1TyNJ1EMjSIwRM0b2UKTyuHFoXTIAAUXVPKp0V7xhGahF1fUdKkFag== X-Received: by 2002:a05:6000:40cc:b0:42b:2a09:2e55 with SMTP id ffacd0b85a97d-42cc19fc746mr38954035f8f.0.1764531857721; Sun, 30 Nov 2025 11:44:17 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42e1ca4078csm21399153f8f.29.2025.11.30.11.44.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 30 Nov 2025 11:44:17 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 3/7] yasm: patch CVE-2021-33464 Date: Sun, 30 Nov 2025 20:44:10 +0100 Message-ID: <20251130194414.2335669-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251130194414.2335669-1-skandigraun@gmail.com> References: <20251130194414.2335669-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 30 Nov 2025 19:44:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/122176 Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464 The patch was taken from Debian: https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/ Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit 66a0b01b52e5d1cd2af4c41ae0b67541464874e6) --- .../yasm/yasm/CVE-2021-33464.patch | 34 +++++++++++++++++++ meta-oe/recipes-devtools/yasm/yasm_git.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch new file mode 100644 index 0000000000..ebae250ff9 --- /dev/null +++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33464.patch @@ -0,0 +1,34 @@ +From 3c3f968d48d768c1e355199d4067d99cb72abc26 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Sat, 15 Nov 2025 13:30:12 +0100 +Subject: [PATCH] Handle file descriptors with nonexisting env names better. + Avoid writing past allocated memory. + +This fixes CVE-2021-33464. +Author: Petter Reinholdtsen +Bug: https://github.com/yasm/yasm/issues/164 +Bug-Debian: https://bugs.debian.org/1016353 +Forwarded: https://github.com/yasm/yasm/issues/164 +Last-Update: 2025-04-30 + +CVE: CVE-2021-33464 +Upstream-Status: Submitted [https://github.com/yasm/yasm/issues/164] + +Signed-off-by: Gyorgy Sarvari +--- + modules/preprocs/nasm/nasm-pp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c +index 512f02c3..f9f92dd1 100644 +--- a/modules/preprocs/nasm/nasm-pp.c ++++ b/modules/preprocs/nasm/nasm-pp.c +@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname) + error(ERR_WARNING, "environment variable `%s' does not exist", + p1+1); + *p2 = '%'; +- p1 = p2+1; ++ pb = p1 = p2+1; + continue; + } + /* need to expand */ diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb index d89f9aebe3..08a9ccab50 100644 --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -15,6 +15,7 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \ file://CVE-2023-37732.patch \ file://CVE-2024-22653.patch \ file://CVE-2023-29579.patch \ + file://CVE-2021-33464.patch \ " S = "${WORKDIR}/git" From patchwork Sun Nov 30 19:44:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75610 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 777E6D116F7 for ; Sun, 30 Nov 2025 19:44:26 +0000 (UTC) Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4096.1764531860416450728 for ; Sun, 30 Nov 2025 11:44:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=KUsokeyX; spf=pass (domain: gmail.com, ip: 209.85.221.41, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-429ce7e79f8so2242898f8f.0 for ; Sun, 30 Nov 2025 11:44:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764531859; x=1765136659; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4fI8QkxPTfDIpxOWw1mqfNc5TrXDOOyiB5Sa9V8x204=; b=KUsokeyXwUHEm73xh4WgFscxHO18xGzQiJq8Uw9/fpOo8j6qLtMzzMLOBu7orLWNxY 4iPKKsrcfIeEOeJ2/cnqUG0jcNBpCJoA8EZxxVPEq11LaM7ZwvWXnwRk6HXqNfRuXiDx lL8GgT40jKgb4KJf8lmC2Y0E+iUyxXjrqIKcFy3R7JAqQ1ddQYU5FuL598f82bckruTN EWuI60Nnvygo+YKVAR4Ok2WMIoeebE7Jfe0GHXWu2pURbszVIis0ZLqR6AszGVJ7Qu9x T7Zz+zWF/uxeXC+cYSy6rFj4mPG0alVB5MbUwXcRaaXe1a+PWRMpGZl0cK7UWOsu440R ElCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764531859; x=1765136659; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=4fI8QkxPTfDIpxOWw1mqfNc5TrXDOOyiB5Sa9V8x204=; b=H5JtMfq7NVj4HGOKjB2hrw4hmDhKmzGEmDpoFg1tAVWgAS5TAEkN2ep47BBSOrfIG/ Z8AcgNs0oPecwaWxL0LLFwGIeOr1tDO6aYoGS/HwIijk4lmmkhJOvCF5X9Lij9UuCCcG 6mSFjrzElz9drq997U7fQgd2WxAWm4ff7/wKH0kgb+h0/MQFDux5SUs2m3fagVnpPrOW eChhXdfIYpUQ670G339VnOuz9hJjtirYrgLn9Vv5bT/xjmKZbKXSoSCPR9USIbDx4OwM ZCkBxDfhxGXXhHqoQw7dOYSst03+m1+v/3dhFDB52h8Fr7OjhSMJx+OJMxsH51h25Fic gIpw== X-Gm-Message-State: AOJu0YzNSmR/hi5vU1XlLq7BntrWDstPziHD4uuR+qHug3zXVseqxqgt 9VH546ZClh6sSTBVfuNH365SHffMFeDO+GFDdgtxB40yPQjJzxwbICmCWnMicA== X-Gm-Gg: ASbGncv98aM1wUceFUbYmsp6NU9Fjmls/kZDdvYlWZcSVSgJiJ/gzMjy0JtyT3ZpzB+ Jm5VadYm1Qt6dlvb4O2SSMYOI9g7p5vumHIRsEDLaajD/F37JcV1D5KoLn7SAcnRmtkOMXJxYlQ eigwhieKlm+u5zUEDCsDKxZXc/13bXkA3Ayxfg2/QNEpwuRqpHOElQQVga9mba0yi3iwieToBG3 oTcpwlNMpH8dXQH9/fO13UF8tThhF7I7EKzw8Mm+E7WfVvfe7YKhZdW8UhAkDeK02UkU8P9EvBC X3XYTPToPS5/nCbX7QNXVPvlszT7j1m0hLBhhDWmQJAf2zeYgAZqn4Hf/eZwKVtbGYguJBSMZ2J TBLCjKDGkknxBbdMD9h35DxENZZPjqxglYQo+qOguuqE7QMdohWGF6qsqHkQ/uA8dTNjM2jWeOi tqkhQHgvzd X-Google-Smtp-Source: AGHT+IFPBz05bSCBQpCNvQKY1wL0kzyCQT1basBXCgNKEjlEUurLa5JYkj6QTzYvmFBMSxC+zs9ANw== X-Received: by 2002:a05:6000:2482:b0:429:cd3f:f45f with SMTP id ffacd0b85a97d-42e0f1d5b2amr24164102f8f.7.1764531858684; Sun, 30 Nov 2025 11:44:18 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42e1ca4078csm21399153f8f.29.2025.11.30.11.44.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 30 Nov 2025 11:44:18 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 4/7] yasm: patch CVE-2021-33456 Date: Sun, 30 Nov 2025 20:44:11 +0100 Message-ID: <20251130194414.2335669-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251130194414.2335669-1-skandigraun@gmail.com> References: <20251130194414.2335669-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 30 Nov 2025 19:44:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/122177 Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33465 The patch was taken from Debian: https://sources.debian.org/patches/yasm/1.3.0-8/1020-hash-null-CVE-2021-33456.patch/ Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit 1e2731fce05d15020fddf3dca5d8ee42ec3c04e1) --- .../yasm/yasm/CVE-2021-33456.patch | 35 +++++++++++++++++++ meta-oe/recipes-devtools/yasm/yasm_git.bb | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch diff --git a/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch new file mode 100644 index 0000000000..2340d8ed75 --- /dev/null +++ b/meta-oe/recipes-devtools/yasm/yasm/CVE-2021-33456.patch @@ -0,0 +1,35 @@ +From 1126140b8f5ece18c58640725f0e4c08e5ec97b0 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Sat, 15 Nov 2025 13:34:15 +0100 +Subject: [PATCH] A potential null pointer difference is that the return value + of the hash may be null. This fixes CVE-2021-33456. + +From: lixuebing +Date: Mon, 25 Aug 2025 13:51:28 +0800 +Subject: Fix null-pointer-dereference in hash +Bug: https://github.com/yasm/yasm/issues/175 +Origin: https://github.com/yasm/yasm/pull/290 + +CVE: CVE-2021-33456 +Upstream-Status: Submitted [https://github.com/yasm/yasm/pull/290] + +Signed-off-by: Gyorgy Sarvari +--- + modules/preprocs/nasm/nasm-pp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/modules/preprocs/nasm/nasm-pp.c b/modules/preprocs/nasm/nasm-pp.c +index f9f92dd1..473d98c1 100644 +--- a/modules/preprocs/nasm/nasm-pp.c ++++ b/modules/preprocs/nasm/nasm-pp.c +@@ -1102,6 +1102,10 @@ hash(char *s) + { + unsigned int h = 0; + unsigned int i = 0; ++ /* Check if the input string is NULL to avoid null pointer dereference */ ++ if (s == NULL) { ++ return 0; ++ } + /* + * Powers of three, mod 31. + */ diff --git a/meta-oe/recipes-devtools/yasm/yasm_git.bb b/meta-oe/recipes-devtools/yasm/yasm_git.bb index 08a9ccab50..32a0aad65d 100644 --- a/meta-oe/recipes-devtools/yasm/yasm_git.bb +++ b/meta-oe/recipes-devtools/yasm/yasm_git.bb @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/yasm/yasm.git;branch=master;protocol=https \ file://CVE-2024-22653.patch \ file://CVE-2023-29579.patch \ file://CVE-2021-33464.patch \ + file://CVE-2021-33456.patch \ " S = "${WORKDIR}/git" From patchwork Sun Nov 30 19:44:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75608 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7861AD116F9 for ; Sun, 30 Nov 2025 19:44:26 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4137.1764531861323877286 for ; Sun, 30 Nov 2025 11:44:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NmU7LZWB; spf=pass (domain: gmail.com, ip: 209.85.128.43, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4779a4fc95aso28726735e9.1 for ; Sun, 30 Nov 2025 11:44:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764531859; x=1765136659; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ISFdzEmPZ5my08z6MpsXxCvinm1tyr8CxqIU7Rim/PA=; b=NmU7LZWBhr7JAbIhHCYc2n5/koDo7cw01ehHs0awr6zxSHo0bpJXo0CfuMnBKyUnAt mwD+zZRnAKDJrabMEhuhXPcgzp4vYits8AkgP5wgpxLZQ7+FCD9SR4JWP0cKQSweFqdK yKgkbMHNjR3FH9puJIbzOem4t2/kEWhv0Q20u6utlYaiTvVuvnMlb/yStSJrEQvk6M1b n/Xq7LfxabKBa9kG3KWklUaNdK2onP47GrGTzhrjNfgLYwtSzfm/LuY5xZbOy+ArWpG+ 0Vg5rY/18KlCxVojsCZAmVfCjR89DDHJaO6StiosiwSDJyoMtRUtEnxyejgk2A7tQQdP 4XXQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764531859; x=1765136659; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ISFdzEmPZ5my08z6MpsXxCvinm1tyr8CxqIU7Rim/PA=; b=CpWkGK4apP9UIQLJlGz5e2XQlqGQ2AVE6VpRbM7Qhq0lXtLdVDDkvKX08Dnol0b0AH KdTQHE9EOEQJ92raBqOVLD1wPzbODGRMaJAVVlh8DAwQhfYRSk86tuH9D56pll7Cje4m gurFirDgabPvJsUIhlkL1Ku68ru37/TTujfVRH3Kz2MnVoOkeU3aYQpQdhlpKOfQ28Zd EimL6KiFwKIktmQxPkueortSnKDT6TFUUr4mLcVFbEDR5tNTNn/JEoGW/4a8PaNzFCET hQ8XlnZUJ6v8LHw6ZntWebH1YE9SmKfzHIXrJFj2HYsw9ZOGG4ELiRGNiHUO7KZjGL2r TKaQ== X-Gm-Message-State: AOJu0YxRljhnX3HOv82Ma67uBXuDMMQlmcCrnJVdtJVhV+h3UlcakpfH xPReeC8fKoadjroej7lfbob3S6/BvNONWST9FxG5NzSzvQuNjtmOkxLRHdeACA== X-Gm-Gg: ASbGnct22f8hdCqx67erYZbJxvHlMTFRFGzYrtGSZczKWbP7SvWd6Ke8elw0+deIE2Y Z2RVFkpSjwTlJS96RgIoseSfnoqSY8BX1iD8wbHoVk3MCpd2Ngiq443Lbe/vtus9tdvGcXbIBEA XEzJzMp/lGDGx8Ki1BD2pxYp7US+GMuHa5MIFnuHO5jtmsS9PWnHMDISd3ECzDD1eLpT63claMz qM7z/IRQr5bS4NxG7cdP3xC37xRCSvUAy8LVP2XhkDJCGnkQE96Psf5bFISLwUgj/baLhK7oNyg w3fksLd8/Da7hL6NR7hOO/m4z39uwBKRsRjNYJgYyrBeI4CeUluyKjn/U2mI/eZbm3EEaBo5i3q vBGe/STdICuIRA8viVVaBGUimpJLecbFYRQwo7wzANSuHp/xQ4bw7eVzJF/DnzYAdUpIgZZsfUk 3pxZ6qbrtp X-Google-Smtp-Source: AGHT+IE8jVQgruO5ge9/mNJqwwn/j7EaavoXfhlFjyaFkFZJ2gaqPKchXppfGwbdV9TCM49SqgCm+w== X-Received: by 2002:a05:6000:2f86:b0:425:86da:325f with SMTP id ffacd0b85a97d-42cc1390f07mr42493865f8f.27.1764531859454; Sun, 30 Nov 2025 11:44:19 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42e1ca4078csm21399153f8f.29.2025.11.30.11.44.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 30 Nov 2025 11:44:19 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 5/7] fontforge: ignore CVE-2019-15785 Date: Sun, 30 Nov 2025 20:44:12 +0100 Message-ID: <20251130194414.2335669-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251130194414.2335669-1-skandigraun@gmail.com> References: <20251130194414.2335669-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 30 Nov 2025 19:44:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/122178 Details: https://nvd.nist.gov/vuln/detail/CVE-2019-15785 The vulnerability is not present in the currently used version, so ignore it. Current version: 20190801 First vulnerable version: 20190813 Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb index cb5f4d5ea1..84644f2560 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb @@ -43,5 +43,8 @@ FILES:${PN} += " \ FILES:${PN}-python = "${PYTHON_SITEPACKAGES_DIR} ${datadir}/${BPN}/python" RDEPENDS:${PN}-python = "python3" +# The vulnerability was introduced after the used revision. +CVE_CHECK_IGNORE += "CVE-2019-15785" + # for e.g kde's oxygen-fonts BBCLASSEXTEND = "native" From patchwork Sun Nov 30 19:44:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75606 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DAD0CFD376 for ; Sun, 30 Nov 2025 19:44:26 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.4097.1764531861853445735 for ; Sun, 30 Nov 2025 11:44:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ns1+0iFJ; spf=pass (domain: gmail.com, ip: 209.85.128.54, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-47775fb6c56so30177815e9.1 for ; Sun, 30 Nov 2025 11:44:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764531860; x=1765136660; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=8QHvziaL+u4tH3lrsj+2AgaHrJnd3hMs31+Jv0Huawc=; b=ns1+0iFJo5vIS/ulXvDKShRZDT4dnPdaPXzjxXZtZYjV2WrsrI3zevqh8URtRS/qCr OGOmgJ0ZoJOMmN8SmQuBB0DJo+gjFyAUG8nXWWbV1JmUwKzpJQqo9JtRzTRR0vqP7pUp xkqDDANNPKfgiyQhoRf7MJ5vrws5ttv6xO1t0LgcXVW2LWLKcWwCASK+ASmwvAN79AVA C3p3E8RmJ1NUa9gRokmhnrhXAhz6C055fdCjoWfv0jWNpoWTPYGHz1JQkqKaVgiMUb54 7FZnij3RJ2r+3lRj6hcoRipoylcw8xlbR9QIv+ow1GLrcu9oABvVBM6dRn8i2ybIcdFK cajg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764531860; x=1765136660; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=8QHvziaL+u4tH3lrsj+2AgaHrJnd3hMs31+Jv0Huawc=; b=D75vthH38oAQUTGtWLVpFXBWwrJLI6FCdg+GLEp9DKBPKiCbil/zA5YAs6dq6nLzN+ tIET8ZqQHdwQhuMfROSAuDXog8bN/bmPi6rBpS7Pn6qhWCaHg55tpqwPrWsskREL3vA4 zJagD9xUisICZrjv3/STjnKlpqrdVjJWA12Eowv4XSFW9r77w09LHUcs/GsKOwSMm9QA GxEaqN0VA/RTjucektpw6gO4Jii4yvDuUcUFGKFT6sC5fgwQELAIwGp6j7WluMCO1M6H 4IYJOEIgyiC43tyKlNMOQ+vaRqM3Dx0txTy2oLWGWBVq//nu/GYeG1vOCXOZeJyISmcJ rabQ== X-Gm-Message-State: AOJu0Yz/oqfWKyb3eqn/G69pSsNkHxrTtpF0sTOKhdTbfZ9Dp5vItl03 iH6Fb6lGLUQvoZZ2EIKxhbsCd7Ge7zdmEweqtqFNLVZ8RchRZXhnS+14MLPtdw== X-Gm-Gg: ASbGncufWlaqnd+Jqw7nDAuwwJ5ygU196kFjFRSIv8A8U7p0AgtZ6fS73obkMIX6dZl u8Q85qiECHe/Iznpc63z4o9bik+JG0UGgPKItiKc5btUvNGJjHLth7QAvkYqinxVwDPr3IArJV8 pViVkYxNAMogzCvRgNwFV/hKn835G3n+3SaE9xrOcA7l9x5vnK+Qr+YuVH0EQWF35EkQqDMhu/W sutwyzz1iH/tGkOAxiBnlm8UNN57bdPZGmICloIOdp+RuFDuCTOmLKeBSvmUOYd+TIxkmzOvU73 En8kWXIuX47mVW4tQAxGrK1Rci0mRok28mDUy52SgY51nuA8FzNPvzzWd0Skl4aLimlI3Ux5+86 lAM0Hoa3khIeDGRT9O1E/SGsYYbXXGZFUtqdvXZfoy1qKmYjhpZsCh3xsmikkXxBd7nU6DHPmYP ASLOxsHzhE X-Google-Smtp-Source: AGHT+IFG4t3QctEMp8M4cbpNoxvKNSiJwaq1kPHeOTJXc68cQmrMVQMTkHIU2TM6btOwEy3iAi9DCw== X-Received: by 2002:a05:6000:615:b0:42b:3d5f:ebfb with SMTP id ffacd0b85a97d-42e0f34405dmr23850420f8f.27.1764531860129; Sun, 30 Nov 2025 11:44:20 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42e1ca4078csm21399153f8f.29.2025.11.30.11.44.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 30 Nov 2025 11:44:19 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 6/7] fontforge: patch CVE-2020-5395, CVE-2020-25690 and CVE-2020-5496 Date: Sun, 30 Nov 2025 20:44:13 +0100 Message-ID: <20251130194414.2335669-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251130194414.2335669-1-skandigraun@gmail.com> References: <20251130194414.2335669-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 30 Nov 2025 19:44:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/122179 Details: https://nvd.nist.gov/vuln/detail/CVE-2020-5395 https://nvd.nist.gov/vuln/detail/CVE-2020-25690 https://nvd.nist.gov/vuln/detail/CVE-2020-5496 The same patch fixes all three. The patch for CVE-2020-25690 is mentioned in the RedHat bug, which is referenced in the nvd report. The patch for CVE-2020-5395 is mentioned in the Github issue that is referenced in the nvd report. The patch for CVE-2020-5496 is mentioned in the comments of the issue that is linked in the nvd report. Signed-off-by: Gyorgy Sarvari --- .../fontforge/CVE-2020-25690-1.patch | 81 +++++++++++++++++++ .../fontforge/CVE-2020-25690-2.patch | 32 ++++++++ .../fontforge/fontforge_20190801.bb | 4 +- 3 files changed, 116 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2020-25690-1.patch create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2020-25690-2.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2020-25690-1.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2020-25690-1.patch new file mode 100644 index 0000000000..b41bc1088a --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2020-25690-1.patch @@ -0,0 +1,81 @@ +From 169bfc28246c10493ac085c9e9ed5b0ab58ac979 Mon Sep 17 00:00:00 2001 +From: Skef Iterum +Date: Mon, 6 Jan 2020 03:05:06 -0800 +Subject: [PATCH] Fix for #4084 Use-after-free (heap) in the + SFD_GetFontMetaData() function Fix for #4086 NULL pointer dereference in the + SFDGetSpiros() function Fix for #4088 NULL pointer dereference in the + SFD_AssignLookups() function Add empty sf->fontname string if it isn't set, + fixing #4089 #4090 and many other potential issues (many downstream calls to + strlen() on the value). + +CVE: CVE-2020-25690 CVE-2020-5395 CVE-2020-5496 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/048a91e2682c1a8936ae34dbc7bd70291ec05410] +Signed-off-by: Gyorgy Sarvari +--- + fontforge/sfd.c | 19 ++++++++++++++----- + fontforge/sfd1.c | 2 +- + 2 files changed, 15 insertions(+), 6 deletions(-) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index 214163343..cdce0b08a 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -4032,13 +4032,16 @@ static void SFDGetSpiros(FILE *sfd,SplineSet *cur) { + while ( fscanf(sfd,"%lg %lg %c", &cp.x, &cp.y, &cp.ty )==3 ) { + if ( cur!=NULL ) { + if ( cur->spiro_cnt>=cur->spiro_max ) +- cur->spiros = realloc(cur->spiros,(cur->spiro_max+=10)*sizeof(spiro_cp)); ++ cur->spiros = realloc(cur->spiros, ++ (cur->spiro_max+=10)*sizeof(spiro_cp)); + cur->spiros[cur->spiro_cnt++] = cp; + } + } +- if ( cur!=NULL && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) { ++ if ( cur!=NULL && cur->spiro_cnt>0 ++ && (cur->spiros[cur->spiro_cnt-1].ty&0x7f)!=SPIRO_END ) { + if ( cur->spiro_cnt>=cur->spiro_max ) +- cur->spiros = realloc(cur->spiros,(cur->spiro_max+=1)*sizeof(spiro_cp)); ++ cur->spiros = realloc(cur->spiros, ++ (cur->spiro_max+=1)*sizeof(spiro_cp)); + memset(&cur->spiros[cur->spiro_cnt],0,sizeof(spiro_cp)); + cur->spiros[cur->spiro_cnt++].ty = SPIRO_END; + } +@@ -7992,10 +7995,12 @@ bool SFD_GetFontMetaData( FILE *sfd, + else if ( strmatch(tok,"LayerCount:")==0 ) + { + d->had_layer_cnt = true; +- getint(sfd,&sf->layer_cnt); +- if ( sf->layer_cnt>2 ) { ++ int layer_cnt_tmp; ++ getint(sfd,&layer_cnt_tmp); ++ if ( layer_cnt_tmp>2 ) { + sf->layers = realloc(sf->layers,sf->layer_cnt*sizeof(LayerInfo)); + memset(sf->layers+2,0,(sf->layer_cnt-2)*sizeof(LayerInfo)); ++ sf->layer_cnt = layer_cnt_tmp; + } + } + else if ( strmatch(tok,"Layer:")==0 ) +@@ -8948,6 +8953,10 @@ exit( 1 ); + } + } + ++ // Many downstream functions assume this isn't NULL (use strlen, etc.) ++ if ( sf->fontname==NULL) ++ sf->fontname = copy(""); ++ + if ( fromdir ) + sf = SFD_FigureDirType(sf,tok,dirname,enc,remap,had_layer_cnt); + else if ( sf->subfontcnt!=0 ) { +diff --git a/fontforge/sfd1.c b/fontforge/sfd1.c +index cf931059d..b42f83267 100644 +--- a/fontforge/sfd1.c ++++ b/fontforge/sfd1.c +@@ -674,7 +674,7 @@ void SFD_AssignLookups(SplineFont1 *sf) { + + /* Fix up some gunk from really old versions of the sfd format */ + SFDCleanupAnchorClasses(&sf->sf); +- if ( sf->sf.uni_interp==ui_unset ) ++ if ( sf->sf.uni_interp==ui_unset && sf->sf.map!=NULL ) + sf->sf.uni_interp = interp_from_encoding(sf->sf.map->enc,ui_none); + + /* Fixup for an old bug */ diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2020-25690-2.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2020-25690-2.patch new file mode 100644 index 0000000000..bbd3854eee --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2020-25690-2.patch @@ -0,0 +1,32 @@ +From c169022972d82ee0da4812e77aa8f560d173fcd7 Mon Sep 17 00:00:00 2001 +From: Fredrick Brennan +Date: Tue, 21 Jan 2020 15:16:00 +0800 +Subject: [PATCH] Fix crash on exit introduced in previous commit + +When the number of layers is greater than 2, as in Chomsky.sfd and most +of my other fonts, FontForge will crash on exiting. + +This is just a simple mistake @skef made. + +CVE: CVE-2020-25690 CVE-2020-5395 CVE-2020-5496 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/b96273acc691ac8a36c6a8dd4de8e6edd7eaae59] +Signed-off-by: Gyorgy Sarvari +--- + fontforge/sfd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index cdce0b08a..132f9fa0c 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -7998,9 +7998,9 @@ bool SFD_GetFontMetaData( FILE *sfd, + int layer_cnt_tmp; + getint(sfd,&layer_cnt_tmp); + if ( layer_cnt_tmp>2 ) { ++ sf->layer_cnt = layer_cnt_tmp; + sf->layers = realloc(sf->layers,sf->layer_cnt*sizeof(LayerInfo)); + memset(sf->layers+2,0,(sf->layer_cnt-2)*sizeof(LayerInfo)); +- sf->layer_cnt = layer_cnt_tmp; + } + } + else if ( strmatch(tok,"Layer:")==0 ) diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb index 84644f2560..7686b04fb3 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb @@ -17,7 +17,9 @@ REQUIRED_DISTRO_FEATURES:append:class-target = " x11" SRCREV = "ac635b818e38ddb8e7e2e1057330a32b4e25476e" SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ file://0001-include-sys-select-on-non-glibc-platforms.patch \ -" + file://CVE-2020-25690-1.patch \ + file://CVE-2020-25690-2.patch \ + " S = "${WORKDIR}/git" EXTRA_OECONF += "--without-libuninameslist --enable-python-scripting --enable-python-extension" From patchwork Sun Nov 30 19:44:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75607 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68647D111A8 for ; Sun, 30 Nov 2025 19:44:26 +0000 (UTC) Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.4139.1764531862578689598 for ; Sun, 30 Nov 2025 11:44:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=cSR2IxOj; spf=pass (domain: gmail.com, ip: 209.85.221.50, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-42e2e445dbbso261164f8f.2 for ; Sun, 30 Nov 2025 11:44:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764531861; x=1765136661; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=g4iQxwNa/QwJHVHFYkLWxgGu+ucj3g4SE/NWmoZRC2k=; b=cSR2IxOjol1+8R7aM0uNpbAiUSXdmWNLKBpWdU2Uz1k2RnFtxn5f0ct8TQ3owwdnUW ucvZE5xvis1RYAfZYVLqNHCsTW+Artb3I3OWBRyzfuB/ZlMj/SW6963G0FVu/d4xK1PR LEQ3SMXpLVf2Pi+9PJHtoMzTBwd53tJWr8CgeMdFyDDxAbj5TvunJEwwfHGtbVEtV2FX IX0PKIRTGAzeSCMS3tJAy1ayay5r7kcz/JpYaueM+Ji4AjkcHmfruiQBSemWEGzlHbiD UqL02OxQk+zzegDFZUqjkuMp0WKzw8PUtPZs8/EX25X9WX9wMYNSzMVarD1TTL5La6mH qSUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764531861; x=1765136661; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=g4iQxwNa/QwJHVHFYkLWxgGu+ucj3g4SE/NWmoZRC2k=; b=IPPCzkaiL8TByO6Y1wpb/tB5x9MguqG6VVVZioO6KGh9syWsttZXsYXt6jNjThLkJG 2Am/AwzjMvsRW9NIbeDKJ7PU4Pxt69omPDIvqGL26n22ro2V7XPG2eIhqyRWQPtZhcVA Zd2ai6vc32KE4/Hzqx1g8OVPtr+F2ccA6flXKyEDilyhNBdql930U6HE1CEldA9klmjp wNc2XSrDl+HP6x0Trc9UJZHcdvZmHR5cEAemOteg+r9U0fhSUbprPQ2yJp3ziaKaudgc oY4+qzFxaDBFrKOoaB+ClZS9TXMQhucAKgNFmzpPuBn6g3YYj61DPrUewQLLIo5pVQWg cIpA== X-Gm-Message-State: AOJu0YyHmFnzeWAYZMRayFmh4JKN4g9KguoU/LtnkjmCyhsfJaDBdHN6 qI4GT4NZCkZlxQ7qkNtgJE3xVny64Rq9FieFTV57806A6VfbJbOlnTYppGnBzQ== X-Gm-Gg: ASbGncsaaIOyV9L5bhUYqSwGkwCFStj6RmmNcKvNDcX6KTm3g7FH3PrCC7HMvfYvcUe 4410dP8A0YI1g5iOQ+9Z4NfnSdcjXWwcrQtqL1MMMHI/duQrmCYa+75xOay9X7uPjhatTd5InUR gwvUQwUntXEb8mnIVLwPdkMIUd/rs2WbmYHbyKVnBL262soNoSsEq36xBiyFeHt89Zax6U7xyCn lGch4uCNbSryaLQY/DyROmbXsXtQN16lY08ateqtlOX3aFlhdVetNbj6oxaJ4mREaDjwkTy66hp 7nzePQvUZG8vuboUAVeczPRjkOfDjQ9Z2VxNuNg2Cbg/pc1LRVkZqb0OdxSm3xfKYp9RmLD/poR htAGg11cnH2x5oViqIOt8ha6r5E24SArrsrdyM/8/ZxaN2O11lwEM3oJ+zZs4hkETmYHdDpV39+ rdBjvINv2K X-Google-Smtp-Source: AGHT+IHGWg8Xs8+b3edvfXgIQgQtIX1UwfkI4a4L1gDG4k1NIqy9is2Hf1Rh6DbsFt/nuh1qvjFEtw== X-Received: by 2002:a05:6000:40c7:b0:42b:39ae:d07b with SMTP id ffacd0b85a97d-42cc1d1bf4dmr38371671f8f.50.1764531860819; Sun, 30 Nov 2025 11:44:20 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-42e1ca4078csm21399153f8f.29.2025.11.30.11.44.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 30 Nov 2025 11:44:20 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 7/7] fontforge: patch CVE-2024-25081 and CVE-2024-25082 Date: Sun, 30 Nov 2025 20:44:14 +0100 Message-ID: <20251130194414.2335669-7-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251130194414.2335669-1-skandigraun@gmail.com> References: <20251130194414.2335669-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sun, 30 Nov 2025 19:44:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/122180 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-25081 https://nvd.nist.gov/vuln/detail/CVE-2024-25082 The same patch fixes both vulnerabilities. Take the patch from the pull request that is referenced by the nv report. Signed-off-by: Gyorgy Sarvari --- .../fontforge/CVE-2024-25081-25082.patch | 181 ++++++++++++++++++ .../fontforge/fontforge_20190801.bb | 1 + 2 files changed, 182 insertions(+) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2024-25081-25082.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2024-25081-25082.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2024-25081-25082.patch new file mode 100644 index 0000000000..0932196c5e --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2024-25081-25082.patch @@ -0,0 +1,181 @@ +From 7890a39d98e73c59156ebd6ff58a4a455801745f Mon Sep 17 00:00:00 2001 +From: Peter Kydas +Date: Tue, 6 Feb 2024 10:23:36 +1100 +Subject: [PATCH] fix splinefont shell command injection + +CVE: CVE-2024-25081 CVE-2024-25082 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/pull/5367/commits/a64099931ea004a08e074b08ad0984d92c25daa2] +Signed-off-by: Gyorgy Sarvari +--- + fontforge/splinefont.c | 125 +++++++++++++++++++++++++++++------------ + 1 file changed, 90 insertions(+), 35 deletions(-) + +diff --git a/fontforge/splinefont.c b/fontforge/splinefont.c +index ef1ed27ea..9a70c90d9 100644 +--- a/fontforge/splinefont.c ++++ b/fontforge/splinefont.c +@@ -799,11 +799,14 @@ return( name ); + + char *Unarchive(char *name, char **_archivedir) { + char *dir = getenv("TMPDIR"); +- char *pt, *archivedir, *listfile, *listcommand, *unarchivecmd, *desiredfile; ++ char *pt, *archivedir, *listfile, *desiredfile; + char *finalfile; + int i; + int doall=false; + static int cnt=0; ++ gchar *command[5]; ++ gchar *stdoutresponse = NULL; ++ gchar *stderrresponse = NULL; + + *_archivedir = NULL; + +@@ -838,18 +841,30 @@ return( NULL ); + listfile = malloc(strlen(archivedir)+strlen("/" TOC_NAME)+1); + sprintf( listfile, "%s/" TOC_NAME, archivedir ); + +- listcommand = malloc( strlen(archivers[i].unarchive) + 1 + +- strlen( archivers[i].listargs) + 1 + +- strlen( name ) + 3 + +- strlen( listfile ) +4 ); +- sprintf( listcommand, "%s %s %s > %s", archivers[i].unarchive, +- archivers[i].listargs, name, listfile ); +- if ( system(listcommand)!=0 ) { +- free(listcommand); free(listfile); +- ArchiveCleanup(archivedir); +-return( NULL ); +- } +- free(listcommand); ++ command[0] = archivers[i].unarchive; ++ command[1] = archivers[i].listargs; ++ command[2] = name; ++ command[3] = NULL; // command args need to be NULL-terminated ++ ++ if ( g_spawn_sync( ++ NULL, ++ command, ++ NULL, ++ G_SPAWN_SEARCH_PATH, ++ NULL, ++ NULL, ++ &stdoutresponse, ++ &stderrresponse, ++ NULL, ++ NULL ++ ) == FALSE) { // did not successfully execute ++ ArchiveCleanup(archivedir); ++ return( NULL ); ++ } ++ // Write out the listfile to be read in later ++ FILE *fp = fopen(listfile, "wb"); ++ fwrite(stdoutresponse, strlen(stdoutresponse), 1, fp); ++ fclose(fp); + + desiredfile = ArchiveParseTOC(listfile, archivers[i].ars, &doall); + free(listfile); +@@ -858,22 +873,28 @@ return( NULL ); + return( NULL ); + } + +- /* I tried sending everything to stdout, but that doesn't work if the */ +- /* output is a directory file (ufo, sfdir) */ +- unarchivecmd = malloc( strlen(archivers[i].unarchive) + 1 + +- strlen( archivers[i].listargs) + 1 + +- strlen( name ) + 1 + +- strlen( desiredfile ) + 3 + +- strlen( archivedir ) + 30 ); +- sprintf( unarchivecmd, "( cd %s ; %s %s %s %s ) > /dev/null", archivedir, +- archivers[i].unarchive, +- archivers[i].extractargs, name, doall ? "" : desiredfile ); +- if ( system(unarchivecmd)!=0 ) { +- free(unarchivecmd); free(desiredfile); +- ArchiveCleanup(archivedir); +-return( NULL ); ++ command[0] = archivers[i].unarchive; ++ command[1] = archivers[i].extractargs; ++ command[2] = name; ++ command[3] = doall ? "" : desiredfile; ++ command[4] = NULL; ++ ++ if ( g_spawn_sync( ++ (gchar*)archivedir, ++ command, ++ NULL, ++ G_SPAWN_SEARCH_PATH, ++ NULL, ++ NULL, ++ &stdoutresponse, ++ &stderrresponse, ++ NULL, ++ NULL ++ ) == FALSE) { // did not successfully execute ++ free(desiredfile); ++ ArchiveCleanup(archivedir); ++ return( NULL ); + } +- free(unarchivecmd); + + finalfile = malloc( strlen(archivedir) + 1 + strlen(desiredfile) + 1); + sprintf( finalfile, "%s/%s", archivedir, desiredfile ); +@@ -896,20 +917,54 @@ struct compressors compressors[] = { + + char *Decompress(char *name, int compression) { + char *dir = getenv("TMPDIR"); +- char buf[1500]; + char *tmpfn; +- ++ gchar *command[4]; ++ gint stdout_pipe; ++ gchar buffer[4096]; ++ gssize bytes_read; ++ GByteArray *binary_data = g_byte_array_new(); ++ + if ( dir==NULL ) dir = P_tmpdir; + tmpfn = malloc(strlen(dir)+strlen(GFileNameTail(name))+2); + strcpy(tmpfn,dir); + strcat(tmpfn,"/"); + strcat(tmpfn,GFileNameTail(name)); + *strrchr(tmpfn,'.') = '\0'; +- snprintf( buf, sizeof(buf), "%s < %s > %s", compressors[compression].decomp, name, tmpfn ); +- if ( system(buf)==0 ) +-return( tmpfn ); +- free(tmpfn); +-return( NULL ); ++ ++ command[0] = compressors[compression].decomp; ++ command[1] = "-c"; ++ command[2] = name; ++ command[3] = NULL; ++ ++ // Have to use async because g_spawn_sync doesn't handle nul-bytes in the output (which happens with binary data) ++ if (g_spawn_async_with_pipes( ++ NULL, ++ command, ++ NULL, ++ G_SPAWN_DO_NOT_REAP_CHILD | G_SPAWN_SEARCH_PATH, ++ NULL, ++ NULL, ++ NULL, ++ NULL, ++ &stdout_pipe, ++ NULL, ++ NULL) == FALSE) { ++ //command has failed ++ return( NULL ); ++ } ++ ++ // Read binary data from pipe and output to file ++ while ((bytes_read = read(stdout_pipe, buffer, sizeof(buffer))) > 0) { ++ g_byte_array_append(binary_data, (guint8 *)buffer, bytes_read); ++ } ++ close(stdout_pipe); ++ ++ FILE *fp = fopen(tmpfn, "wb"); ++ fwrite(binary_data->data, sizeof(gchar), binary_data->len, fp); ++ fclose(fp); ++ g_byte_array_free(binary_data, TRUE); ++ ++ return(tmpfn); + } + + static char *ForceFileToHaveName(FILE *file, char *exten) { diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb index 7686b04fb3..cfb20ab2bd 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20190801.bb @@ -19,6 +19,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ file://0001-include-sys-select-on-non-glibc-platforms.patch \ file://CVE-2020-25690-1.patch \ file://CVE-2020-25690-2.patch \ + file://CVE-2024-25081-25082.patch \ " S = "${WORKDIR}/git"