From patchwork Tue Dec 23 21:25:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 77351 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B069DE6FE4C for ; Tue, 23 Dec 2025 21:26:16 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.109409.1766525170776180982 for ; Tue, 23 Dec 2025 13:26:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=HZuOfVv0; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-2a0c09bb78cso38823185ad.0 for ; Tue, 23 Dec 2025 13:26:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1766525170; x=1767129970; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DYgOCC7RAmd0godwDxQavU0TEVc8cs16Kgro1EYLo1c=; b=HZuOfVv04S+BpjpkJ4aTQlolKAu8c76aloBK+lWLlkqnvVZ2z7wpVQ/2PV7UyNFNCo eY31KBobTyl+DX+NG2nzyThSdZL4hS8mgT0Wu154t1Q0UFYKY/+EGkKtP4sWXaHqpETe +b2D5kerADST8Fr6q3D4pACYB591CKUY7t7lYvVMY6R8KwHdyJZ+xeOzpPyrx52hkgiS 66pR80a7AakZiSQzwyZHz41KSA67eGdu5Jmz6/XVgh92yhweftWI+cmvnfPcySvB/ll1 m1CItpQfCbivXPvw6aCRjxOVnXYwEoIzUF34p+e27IR65MgKBkudxYFKOgV1SpR7kQ4B GCDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766525170; x=1767129970; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DYgOCC7RAmd0godwDxQavU0TEVc8cs16Kgro1EYLo1c=; b=o6JBrYdVJgWwkfNvtPvOPkhhDpj0tl1g6wI87WXKuO5UriIph44Pp3TdmNoZS80CXG QaEPsz6n/WfI7SKdNnhoalD3Lsh0jAi8tsEQlTgIzs1pHmHbP6UUn1uLGxjco1pvUgYa hr6qvHww9fKGlJTMiCJqAEoqtoCjueS1EUZKbdKEDkA7HYFaQm3VshE4COfP0SthsC36 A4C2CdX0FU/+V5BBTzDsozXS/Mmc8WGjm8RqCWEwfPhPc5mTxz4DGqT7+dxkifmGM5uK ZV99rsRxFZsZ+LXSM8ln5J2k72DSgrSfpWIwhLspIPrZb9MkPYq5sk0RRomLvW6jSGei f0Fw== X-Gm-Message-State: AOJu0YxJkk3rIC+3PCZAuJEi686wzLfTQd4MJEMGIFuI0kRRRndfTpco vBLAXQSckgWqiI30H8dxv99jUUgECzTuEh4L6yL2f/d4e4sQ5d+qJn/E5beC/yd9Kodd50HmJOO W6vC3 X-Gm-Gg: AY/fxX45/C31AOCRgrppqiFHqZAAqfqvJvK9XDDFmndxL2hpUZt9NN1Gd2Lq2DFOPMk tIUrnx/REdtbEJ4ZtFPI1Cn6/jXP1/ktOf2gyy99Jx3gyzAHR3exohDNcADv2ZjPukKywddJlzC 8O1gUmITFyvETX0XeZnKKNS2PUnV5+6bvz9GmTr58aWPdr6pJpbFbn/rU8/NQ2nmbEk/VMq+H69 ojAKgVD6sGX3jPBLenCqDG1X+8pDyMooxTGD4Es4dfSiihUDtCsk+ynPgWvk4K/N6v0gF3X0cBt HZ559tPApKHMDesXqFuRRlV469sXuKz5xlDVGP0heIFJBzd9kxweYoDnQOltzVOu1O8TcXurvFr SCWz9PlnAq5FnXqU8tOv+Xq73U+I8dOC7HyezRaVFiLeB+yhaI8jjP8ga40FSx4pXtX6zOqCebH SK6w== X-Google-Smtp-Source: AGHT+IG5QF43W6bbQynwYpndrhlMCxC+pJGLP9VfT6BsaoNXFBqlEe7k0qq/yqIaXNivrKPx8xyxRQ== X-Received: by 2002:a17:902:ce92:b0:295:99f0:6c65 with SMTP id d9443c01a7336-2a2cac808c8mr201609275ad.30.1766525169955; Tue, 23 Dec 2025 13:26:09 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:74b3:f61b:a7a7:fafc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a2f3c6a80esm133756765ad.8.2025.12.23.13.26.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 13:26:09 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/10] binutils: Fix CVE-2025-11494 Date: Tue, 23 Dec 2025 13:25:52 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Dec 2025 21:26:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228494 From: Deepesh Varatharajan Since x86 .eh_frame section may reference _GLOBAL_OFFSET_TABLE_, keep _GLOBAL_OFFSET_TABLE_ if there is dynamic section and the output .eh_frame section is non-empty. Backport a patch from upstream to fix CVE-2025-11494 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a] Signed-off-by: Deepesh Varatharajan Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.38.inc | 1 + .../binutils/0048-CVE-2025-11494.patch | 43 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0048-CVE-2025-11494.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index d5ad3c0ecb..2fe4a17e0d 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -86,5 +86,6 @@ SRC_URI = "\ file://0047-CVE-2025-8225.patch \ file://CVE-2025-11412.patch \ file://CVE-2025-11413.patch \ + file://0048-CVE-2025-11494.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0048-CVE-2025-11494.patch b/meta/recipes-devtools/binutils/binutils/0048-CVE-2025-11494.patch new file mode 100644 index 0000000000..dc4b413658 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0048-CVE-2025-11494.patch @@ -0,0 +1,43 @@ +From: "H.J. Lu" +Date: Tue, 30 Sep 2025 08:13:56 +0800 + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a] +CVE: CVE-2025-11494 + +Since x86 .eh_frame section may reference _GLOBAL_OFFSET_TABLE_, keep +_GLOBAL_OFFSET_TABLE_ if there is dynamic section and the output +.eh_frame section is non-empty. + + PR ld/33499 + * elfxx-x86.c (_bfd_x86_elf_late_size_sections): Keep + _GLOBAL_OFFSET_TABLE_ if there is dynamic section and the + output .eh_frame section is non-empty. + +Signed-off-by: Deepesh Varatharajan + +diff --git a/bfd/elfxx-x86.c b/bfd/elfxx-x86.c +index c054f7cd..ddc15945 100644 +--- a/bfd/elfxx-x86.c ++++ b/bfd/elfxx-x86.c +@@ -2447,6 +2447,8 @@ _bfd_x86_elf_late_size_sections (bfd *output_bfd, + + if (htab->elf.sgotplt) + { ++ asection *eh_frame; ++ + /* Don't allocate .got.plt section if there are no GOT nor PLT + entries and there is no reference to _GLOBAL_OFFSET_TABLE_. */ + if ((htab->elf.hgot == NULL +@@ -2459,7 +2461,11 @@ _bfd_x86_elf_late_size_sections (bfd *output_bfd, + && (htab->elf.iplt == NULL + || htab->elf.iplt->size == 0) + && (htab->elf.igotplt == NULL +- || htab->elf.igotplt->size == 0)) ++ || htab->elf.igotplt->size == 0) ++ && (!htab->elf.dynamic_sections_created ++ || (eh_frame = bfd_get_section_by_name (output_bfd, ++ ".eh_frame")) == NULL ++ || eh_frame->rawsize == 0)) + { + htab->elf.sgotplt->size = 0; + /* Solaris requires to keep _GLOBAL_OFFSET_TABLE_ even if it From patchwork Tue Dec 23 21:25:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 77354 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B73DCE6FE50 for ; Tue, 23 Dec 2025 21:26:16 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.109410.1766525172497245452 for ; Tue, 23 Dec 2025 13:26:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=I/s0099v; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-2a0bb2f093aso55641205ad.3 for ; Tue, 23 Dec 2025 13:26:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1766525172; x=1767129972; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PnJFohJ4eKmW/o8vxmTKbY+jvsZ7NfMsL5YGDbIVZtI=; b=I/s0099vybVb43cu/M/lBdCOZ97mslvXiQ+ZcVROrzmW1VPZ+KQHr/uEmfDVCyEO5s 9i1ko97hhyS9jAubzb22ETM9H5C9Slifzz+F/KYlP3j0wqnSwQ2maKL8sG4SqXKQOtIa 9rZOoRyiiYVPkGqFDnuR0oHv4CRy2/hts+eqDAhe2s6keFEKZSkr2h5PwFxZSq22Qb9x fkuzsRfRMet4R2jIoZpjHSslWMBNikTxfuxa4v0Hb58JxZmrMK3TEgMltVCf2FMr270x gQPRiUwS6H/wnA4dcx1qE5sYo007UhGByin39rw5W7n1EL+pMJ1gcWpoJ3EXEtVJSMNL 9cTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766525172; x=1767129972; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=PnJFohJ4eKmW/o8vxmTKbY+jvsZ7NfMsL5YGDbIVZtI=; b=prHfMw2ckISEj68odTeOSQSNHWwIgFPtZY3s+USfunxdCPY0P7rEFTdGDMuqrHf55h jOIMmkQQO0pjgIWvIkma8i7tmyswW12dzr1R/am8O+SNZgtvOEtAQanOnCJHIOXyftuq GfTGx0d/fje1/orF53hdIa7Z0O9gmCyJ1QFdXXxP7j4Zg8B8YcClIu0DAJBXyYrQ9P+q hhkAQRmpLbti3/9+FgF/7Zn4ymtLqW2LzSO4vkgvNHmsRX/D9QBYFzfkjtQALUflmRhi nynFXGGQC99qE2R6L3AeJPiblqZg/hciWudogE4wEyvXAOi1KhGua+gaGyAcy3kfJCE9 kYDA== X-Gm-Message-State: AOJu0YxYHb6pp90gZxCxu+9EKXTEEHTTbT14lcAu29l19mb6Bhe6ZfTk w9q7Z6Dt4EdbosIFsgVajMbM6oEaMmf2MAupA2HR/oada0cmIJ3R1QBzm4FLRSuuIvYLokSEQA8 l7WrS X-Gm-Gg: AY/fxX7xWTqJynTx+3yxRmAUCHEuQnSc34VZownssopl/ECixyYMMQ0DrumgLSI6J1S nUGKvmoFOLy6n7vAmAttrZF8OhsO4k5TiWWFcqnZa3bsK+dVceb4cK66AOh7VP+WiHMpNspvM5h +9yuaMLAHzcuX1pin1PjFI6+OdaRIJRW9blogt/Ost7Idl6jUD3fSrhLEp98PiyfPl0J6I4qtLp AzJ0uNR9irzhFVL+QtFK58x1rWEf4iDEArBGIUT3Rmtf4YY4uPF7Qzs9ySAd9z+7tTkVXVifeFU /Qeq5CTnWJhGwmuf+kN5YOxYY03ST4FXfkD5VzPz7xDaiygF4ByEx3Sxu9npOd5yaiKpmgCMF/6 OjG97cxgnSecqdhAEoTVVQUE4AmEOK4+82E2+L5W/Cq34sKLEZpwdTPEMjVUuMlZNH6PgxpIzWc KqVA== X-Google-Smtp-Source: AGHT+IHJr6dboPQhlor//nwxPC+oAnC99ZUEc5dcRMRg+l+O2E82bZk8629DS0JxUdzDeb0zSz8j+g== X-Received: by 2002:a17:902:e748:b0:295:738f:73fe with SMTP id d9443c01a7336-2a2f2732287mr155097185ad.30.1766525171627; Tue, 23 Dec 2025 13:26:11 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:74b3:f61b:a7a7:fafc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a2f3c6a80esm133756765ad.8.2025.12.23.13.26.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 13:26:11 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/10] qemu: fix CVE-2025-12464 Date: Tue, 23 Dec 2025 13:25:53 -0800 Message-ID: <7ef40090719cab3fb9bda3f87a9d700d9b503e3e.1766525021.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Dec 2025 21:26:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228495 From: Kai Kang Backport patch to fix CVE-2025-12464. Reference: https://gitlab.com/qemu-project/qemu/-/commit/a01344d9d7 Signed-off-by: Kai Kang Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2025-12464.patch | 70 +++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-12464.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index fd1a8647df..2866cbe7ec 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -129,6 +129,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2024-3446-0006.patch \ file://CVE-2024-3447.patch \ file://CVE-2024-8354.patch \ + file://CVE-2025-12464.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2025-12464.patch b/meta/recipes-devtools/qemu/qemu/CVE-2025-12464.patch new file mode 100644 index 0000000000..6099fc79cd --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2025-12464.patch @@ -0,0 +1,70 @@ +From a01344d9d78089e9e585faaeb19afccff2050abf Mon Sep 17 00:00:00 2001 +From: Peter Maydell +Date: Tue, 28 Oct 2025 16:00:42 +0000 +Subject: [PATCH] net: pad packets to minimum length in qemu_receive_packet() + +In commits like 969e50b61a28 ("net: Pad short frames to minimum size +before sending from SLiRP/TAP") we switched away from requiring +network devices to handle short frames to instead having the net core +code do the padding of short frames out to the ETH_ZLEN minimum size. +We then dropped the code for handling short frames from the network +devices in a series of commits like 140eae9c8f7 ("hw/net: e1000: +Remove the logic of padding short frames in the receive path"). + +This missed one route where the device's receive code can still see a +short frame: if the device is in loopback mode and it transmits a +short frame via the qemu_receive_packet() function, this will be fed +back into its own receive code without being padded. + +Add the padding logic to qemu_receive_packet(). + +This fixes a buffer overrun which can be triggered in the +e1000_receive_iov() logic via the loopback code path. + +Other devices that use qemu_receive_packet() to implement loopback +are cadence_gem, dp8393x, lan9118, msf2-emac, pcnet, rtl8139 +and sungem. + +Cc: qemu-stable@nongnu.org +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3043 +Reviewed-by: Akihiko Odaki +Signed-off-by: Peter Maydell +Signed-off-by: Jason Wang + +CVE: CVE-2025-12464 + +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/a01344d9d7] + +Signed-off-by: Kai Kang +--- + net/net.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/net/net.c b/net/net.c +index 27e0d27807..8aefdb3424 100644 +--- a/net/net.c ++++ b/net/net.c +@@ -775,10 +775,20 @@ ssize_t qemu_send_packet(NetClientState *nc, const uint8_t *buf, int size) + + ssize_t qemu_receive_packet(NetClientState *nc, const uint8_t *buf, int size) + { ++ uint8_t min_pkt[ETH_ZLEN]; ++ size_t min_pktsz = sizeof(min_pkt); ++ + if (!qemu_can_receive_packet(nc)) { + return 0; + } + ++ if (net_peer_needs_padding(nc)) { ++ if (eth_pad_short_frame(min_pkt, &min_pktsz, buf, size)) { ++ buf = min_pkt; ++ size = min_pktsz; ++ } ++ } ++ + return qemu_net_queue_receive(nc->incoming_queue, buf, size); + } + +-- +2.47.1 + From patchwork Tue Dec 23 21:25:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 77353 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A90E7E6FE43 for ; Tue, 23 Dec 2025 21:26:16 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.109024.1766525173922952037 for ; Tue, 23 Dec 2025 13:26:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=uXcaFwcp; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-2a0c20ee83dso67816195ad.2 for ; Tue, 23 Dec 2025 13:26:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1766525173; x=1767129973; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qeJqkPozS2K21k8NUE6Lao44JVXufuGPxKYN84htEpM=; b=uXcaFwcpX2W52FbdHzm/qbSIp0R40mav1Xam45ADBWoIcAqM+B8OQgk+LO7vcwrL0/ W/00qLhI/Dg/4ceNvT4xj5goAtqWTqvW/W+C9dFukX5qX3G3FxNJBDy2r3yxpCLb7YxD 3MaIJCmr2WISh6YIwcW9QDXUqKO6iKBinW6Ad2WkBHuGHzv2GtvEHc1K7PkbkQPRYeM9 gUTpbkbJAYD532fss8TsdgxLhPQGPGDsFa5p7H1bdEtv6P59/RWwZ8nQ8GnbbWpi8ni+ rku/OA+7BUup85u3hBbCpIKTv1u0G0anHbeHYJO1Tr21ix+QZIdX9wvXovp/eeUv0fIK dcqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766525173; x=1767129973; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=qeJqkPozS2K21k8NUE6Lao44JVXufuGPxKYN84htEpM=; b=BBXaxZJHUMT+lEqrTPwbjMBgYZBohiEL9u69gmSG2gM4ZXfUPzINs14NjM/CyETeNN B2sWLM0r4uY2H6fvnlTxAQqp8H/Op4lhPNtljbtom5sqmkXMxFWx2qgYFpst/7NNfURK tYsim2uOENZgkCb6LomstHNdt9gXsGSoYR2s4fXk+BYMe4eSlzb6jRs4rnpSw+gIMshr xM7AzA73BXdQjrgM+b1tWoFYf/Vh6rz0lG8XuuPHGUCz6zKaw9LKb6SOIMWxOuLhGZq3 HirnAj6DCCFE1ZYPv5pFTK76m9aMn1VEMWRXzPQPc3tlTAEM0XpUsUYVrZOzaFL8nRti 5IUw== X-Gm-Message-State: AOJu0Yw081X8BJi1NPwZnKQiZFH/lis76lAGoQkCgtHfF+a4DKwRgCQD kelCydChSZ9JMHCPj+bc6brdGIefCk8hzjHeymW6anhv4TqjIWvicxyDLlbrTeZKFF71sQGQydb GruwX X-Gm-Gg: AY/fxX6n41RTYOQiPippgzhjqD3MQKSgr8BqH/lURLVvwkeXfk5Scs0gGXMG3pKHoQA 0CCZ3SAt7P+Viv4Lp2hWuHcLumZ2h5eXkmxDd7XSvEKKiptfN3f+yj5cLGhTBvJCPj50/zMKMWl 5HP91gDSth/VLJ/lcher/ojKHiHxnvhteYYlrlg8PdvCERXe6RDgM9pfuAqUWN+TdJYcu7UsQeY Ns/ulGGL7DsEZY2UMANSpVf3mTAdISD6te0Zx08aM/s9V138cmmL+QQftR53dk4jWZJOPObSYPf 5tbec9MpYXLPjfAXG6HqqjWuCPWKcl2q2zMfY9YGp6eWXUy4vP3X/UxufcvtTmtCC17hehFj5vB 4VTqFjr4Ko1XDwf7h390agzW8Ji85Oot/3RMFGU1hz49kv0DcknQMZW4ntOLeaxk4p9a2dcLYwv OIEg== X-Google-Smtp-Source: AGHT+IEOI3O5r+Qv89TSX8PzV2FdAFIxbDB0PonN59n0/70xM1ba10sCSEU4mrvAt2BRnGKTgksidg== X-Received: by 2002:a17:903:190d:b0:2a0:a09b:7b0 with SMTP id d9443c01a7336-2a2f2c5f2d3mr160480165ad.61.1766525173186; Tue, 23 Dec 2025 13:26:13 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:74b3:f61b:a7a7:fafc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a2f3c6a80esm133756765ad.8.2025.12.23.13.26.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 13:26:12 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/10] rsync: fix CVE-2025-10158 Date: Tue, 23 Dec 2025 13:25:54 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Dec 2025 21:26:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228496 From: Liyin Zhang CVE-2025-10158: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2025-10158] Upstream patch: [https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f] Signed-off-by: Liyin Zhang Signed-off-by: Steve Sakoman --- .../rsync/files/CVE-2025-10158.patch | 36 +++++++++++++++++++ meta/recipes-devtools/rsync/rsync_3.2.7.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-devtools/rsync/files/CVE-2025-10158.patch diff --git a/meta/recipes-devtools/rsync/files/CVE-2025-10158.patch b/meta/recipes-devtools/rsync/files/CVE-2025-10158.patch new file mode 100644 index 0000000000..cba7002870 --- /dev/null +++ b/meta/recipes-devtools/rsync/files/CVE-2025-10158.patch @@ -0,0 +1,36 @@ +From a8fabf850c3c5164520c307199e9abc5ded45e4c Mon Sep 17 00:00:00 2001 +From: Andrew Tridgell +Date: Sat, 23 Aug 2025 17:26:53 +1000 +Subject: [PATCH] fixed an invalid access to files array + +this was found by Calum Hutton from Rapid7. It is a real bug, but +analysis shows it can't be leverged into an exploit. Worth fixing +though. + +Many thanks to Calum and Rapid7 for finding and reporting this + +CVE: CVE-2025-10158 + +Upstream-Status: Backport [https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f] + +Signed-off-by: Liyin Zhang +--- + sender.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sender.c b/sender.c +index a4d46c39..b1588b70 100644 +--- a/sender.c ++++ b/sender.c +@@ -262,6 +262,8 @@ void send_files(int f_in, int f_out) + + if (ndx - cur_flist->ndx_start >= 0) + file = cur_flist->files[ndx - cur_flist->ndx_start]; ++ else if (cur_flist->parent_ndx < 0) ++ exit_cleanup(RERR_PROTOCOL); + else + file = dir_flist->files[cur_flist->parent_ndx]; + if (F_PATHNAME(file)) { +-- +2.35.5 + diff --git a/meta/recipes-devtools/rsync/rsync_3.2.7.bb b/meta/recipes-devtools/rsync/rsync_3.2.7.bb index 37e79e1e56..e3dd1702ec 100644 --- a/meta/recipes-devtools/rsync/rsync_3.2.7.bb +++ b/meta/recipes-devtools/rsync/rsync_3.2.7.bb @@ -27,6 +27,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \ file://CVE-2024-12087-0003.patch \ file://CVE-2024-12088.patch \ file://CVE-2024-12747.patch \ + file://CVE-2025-10158.patch \ " SRC_URI[sha256sum] = "4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb" From patchwork Tue Dec 23 21:25:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 77355 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A42BEE6FE47 for ; Tue, 23 Dec 2025 21:26:16 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.109025.1766525175533387630 for ; Tue, 23 Dec 2025 13:26:15 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=bG7bCk1i; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-2a0a33d0585so50823475ad.1 for ; Tue, 23 Dec 2025 13:26:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1766525175; x=1767129975; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=H82EE5mkOWaGOxlFY5NS0B1xtLA22cTj+2tZmwcqB7c=; b=bG7bCk1i5igtvnb+UgClOuBIvaKPYboEgd2VY97nWIrvAy5ecR5rpGlpaigN9dkMk0 TaDVHq9oL6c0odt0elAXW+DffSYVI0dueNc56/tryIWUHo82Ln7Kzmj2CTvBfObDbFBY R/DKUQCPLHQxGSQo4L8eHSCeoT1AxybZoC4MDfvKVdPgQFyZX9d6KNmFqfRPKI6XaC6Y Zi7+PMjEQIdWlGTn9RjqhfRnhNvRnesLvMOpWHvMqqxHv9SNE4Xj2i6n/pM4KJ3vj6W1 q8RZYLEcBt/pf+2WL/J3WlZ64Vy7YEe0hfAtHvoDTwBqZ9/e+bpMw+lgngxiH2qyZVbk UEcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766525175; x=1767129975; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=H82EE5mkOWaGOxlFY5NS0B1xtLA22cTj+2tZmwcqB7c=; b=xBm0eTIl5iydGE6emAGmZC65sX4LOiPdvFkS23UMKOmXgexUnJ1CkCe2UykcNeNmIJ vWZ88nkVBXwAlxyeCp/s1QpQEAa4vVvs2W+65QKvjOAPp2N7Tx6Hj7WVVZBgXi/F1ULU yFHlemiAyRjh4hVA6BEIn7m04dYtNifqoUiL40azC+M/tFmFe4x7QYHlHd00AIx+6Hyr 3niJl2lLiqk8fnawcHVO0pDKhVvL5XgZuL5SfYbvfk/fdIY1BNgtKyjTg49tzpYQ9jyU cjpbgNiosSmq3QWFXHHK8mBxgIF7lvRsnaacmB0Jhp4qMJTPxSnGQfCxR63+kRhOithd DBvw== X-Gm-Message-State: AOJu0YwsLJ0TRML9PlF+HB1Xg+N1u/2AEdGVQ0QK2VhcnXTMt8PtSH7U 7cPRAsz4L+mp+Q1yWN1l0DOpJJ8vTKgwRL0oxO62ChTG3maYlZdpytdPTJFJ3pG1TmnDRQ/qt4z Fwc0k X-Gm-Gg: AY/fxX54qn154PjG9n5ZVuAGBAyqV6fnhd+ADNG1PstUgGNIoxsKRm9uYb7VSgNzOjd FdplkSjKLgv1nJ6lQAsRcGDTZMJ7PrLtfQWoA06/umjOFr3GghPwA+kiJHEBAXpd1lM3F0JQ5iF oWdqEzJ16Cta39bJy643kdo4le233rBsnURljI22wH97Rc6HHEy+IOhcofG6+GqTo7baUjNjmeG 7Xa2F/65mpCfmyVlff/t2jzE1UVFqH4/lVKpTD/jlQa4dIJyFgloJog2OFzdSWjvwu0Wnmupzgo DvJjgvlz5s7NxGGNyEetgbGbWZ6QiGYY4yjmRbh0EgDeMQXrPV3/yCGCPQXLALdQ1MiRkjmA9xs hrhy+2aW5dFhSJ4GSrR/G8aDbkfKlWyOdwfwqX1zVU0LAJHhmMzPaQEwAr6q9ddqQJkXzrFfhuB BcRw== X-Google-Smtp-Source: AGHT+IGuXjckhJWaBQGmDzE6ej1dn56fmSlpAxCJEUylaSoJZE37CWLDU2XQ4S/hGt+IMmdBeJPBBw== X-Received: by 2002:a17:903:2347:b0:295:6e0:7b0d with SMTP id d9443c01a7336-2a2f2a3fca5mr129454345ad.56.1766525174750; Tue, 23 Dec 2025 13:26:14 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:74b3:f61b:a7a7:fafc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a2f3c6a80esm133756765ad.8.2025.12.23.13.26.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 13:26:14 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/10] go: Fix CVE-2023-39323 Date: Tue, 23 Dec 2025 13:25:55 -0800 Message-ID: <62f4c3aec8f80a259472ce19104596d08741c101.1766525021.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Dec 2025 21:26:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228497 From: Libo Chen Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. Made below changes for Go 1.17 backport: - drop the modifications of test codes References: https://nvd.nist.gov/vuln/detail/CVE-2023-39323 Upstream-patch: https://github.com/golang/go/commit/e7c142a19d8b3944c2f1b9ab7fd94c63d8d0c555 Signed-off-by: Libo Chen Signed-off-by: Steve Sakoman --- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go-1.21/CVE-2023-39323.patch | 55 +++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.21/CVE-2023-39323.patch diff --git a/meta/recipes-devtools/go/go-1.17.13.inc b/meta/recipes-devtools/go/go-1.17.13.inc index bb5e839950..47ef84c35a 100644 --- a/meta/recipes-devtools/go/go-1.17.13.inc +++ b/meta/recipes-devtools/go/go-1.17.13.inc @@ -73,6 +73,7 @@ SRC_URI = "https://golang.org/dl/go${PV}.src.tar.gz;name=main \ file://CVE-2025-58189.patch \ file://CVE-2025-61723.patch \ file://CVE-2025-61724.patch \ + file://CVE-2023-39323.patch \ " SRC_URI[main.sha256sum] = "a1a48b23afb206f95e7bbaa9b898d965f90826f6f1d1fc0c1d784ada0cd300fd" diff --git a/meta/recipes-devtools/go/go-1.21/CVE-2023-39323.patch b/meta/recipes-devtools/go/go-1.21/CVE-2023-39323.patch new file mode 100644 index 0000000000..613c91706b --- /dev/null +++ b/meta/recipes-devtools/go/go-1.21/CVE-2023-39323.patch @@ -0,0 +1,55 @@ +From 5e0a62c44fbaff6443bffe67911370bc0ea25f6d Mon Sep 17 00:00:00 2001 +From: Ian Lance Taylor +Date: Wed, 20 Sep 2023 16:16:29 -0700 +Subject: [PATCH] cmd/compile: use absolute file name in isCgo check + +For #23672 +Fixes #63211 +Fixes CVE-2023-39323 + +Change-Id: I4586a69e1b2560036afec29d53e53cf25e6c7352 +Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/2032884 +Reviewed-by: Matthew Dempsky +Reviewed-by: Roland Shoemaker +Reviewed-on: https://go-review.googlesource.com/c/go/+/534158 +Reviewed-by: Dmitri Shuralyov +Reviewed-by: Ian Lance Taylor +LUCI-TryBot-Result: Go LUCI +Auto-Submit: Ian Lance Taylor + +Upstream-Status: Backport +CVE: CVE-2023-39323 + +Reference to upstream patch: +https://github.com/golang/go/commit/e7c142a19d8b3944c2f1b9ab7fd94c63d8d0c555 + +Backport patch to fix CVE-2023-39323 and drop the modifications of test codes. + +Signed-off-by: Libo Chen +--- + src/cmd/compile/internal/noder/noder.go | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/cmd/compile/internal/noder/noder.go b/src/cmd/compile/internal/noder/noder.go +index 5fcad096c2..f35e065a31 100644 +--- a/src/cmd/compile/internal/noder/noder.go ++++ b/src/cmd/compile/internal/noder/noder.go +@@ -1690,8 +1690,14 @@ func (p *noder) pragma(pos syntax.Pos, blankLine bool, text string, old syntax.P + // contain cgo directives, and for security reasons + // (primarily misuse of linker flags), other files are not. + // See golang.org/issue/23672. ++// Note that cmd/go ignores files whose names start with underscore, ++// so the only _cgo_ files we will see from cmd/go are generated by cgo. ++// It's easy to bypass this check by calling the compiler directly; ++// we only protect against uses by cmd/go. + func isCgoGeneratedFile(pos syntax.Pos) bool { +- return strings.HasPrefix(filepath.Base(filepath.Clean(fileh(pos.Base().Filename()))), "_cgo_") ++ // We need the absolute file, independent of //line directives, ++ // so we call pos.Base().Pos().Base(). ++ return strings.HasPrefix(filepath.Base(filepath.Clean(fileh(pos.Base().Pos().Base().Filename()))), "_cgo_") + } + + // safeArg reports whether arg is a "safe" command-line argument, +-- +2.34.1 + From patchwork Tue Dec 23 21:25:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 77356 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B90E2E6FE4E for ; Tue, 23 Dec 2025 21:26:26 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.109029.1766525177086090135 for ; Tue, 23 Dec 2025 13:26:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=fDVp7u3s; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-2a12ed4d205so47473265ad.0 for ; Tue, 23 Dec 2025 13:26:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1766525176; x=1767129976; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OqORGIfPiOY4um3MLNUnU68433tnPwvakIz+Q4oXXS4=; b=fDVp7u3si6VDsA7peHJNsklcNqLpBWduDZvQo2R1MqyfSTEqpB/jtoXhz4DMYs7i6l 2QdSQcXnXcr5SEskQoloiZEtnkNvjwNuofAHTvYXYTOr0b+oR2HxqwIEYPppOjY0LkTb gq58u9QszbU+tTi0C6iuMSjYs881sJelSMsFhmjL/+7i7nIvc2yNmqOfnBvb85ElUhu6 MRzPpzgZ8ZKKv0J190LQ/CIdOgzHxnRkOKd84lUdPaTcr3lP40YF0u2byNvdAGo1vYg1 O+HaFxWWAklLwc0vGihzxYL5a/cJRpPRzreAI5f157yFEyi45XRrE6qXAp9UXjV7yHjE axOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766525176; x=1767129976; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=OqORGIfPiOY4um3MLNUnU68433tnPwvakIz+Q4oXXS4=; b=tOYR4lg+0nm4A3Gcxk9h0oh79U42f/rizMwLF0v+uqFUI1ijC9mpobASmvpzfLNzC3 1Ku49uX9OPKer5LHTlx5sNvm2PUWo4xOqaGUcBWiTaMBpQRWmEEhSNgIOdeB0AF6LSmU u8ISSTxauGaGMcy7QRhpgrqT2jexVRuGnqt8uDmowrBKQOruB2jC6UpMvn2uKrCIFebB i89uWJpZgor4ozmEpqIh93XFFkiV0UhsXmDDkpi/HjwkpJWRyDoSjZV+nVoZoFF2JusT jDeU+WYEc68ATEyqOkVumLYavzOfdtnE7YWpFuBFvBr/mn15H1+0emcheY1U5+Ox/24N +4XA== X-Gm-Message-State: AOJu0Yx3hW5ssVcDQxI0eIV6MT7Z5Y7db2CmxObSUt7sGQkvRmnSa8i6 35LzyDyNRUN8JfsyLuPngbldIcsI75X3H5XidcdOjKXX2ODj+2J3Cmo0WgNg1LWHQYe14IZsCuA iDPkm X-Gm-Gg: AY/fxX7fhYDeX/aotaimHmjricxfinVq0D0GMF7VhJmao2dyq2B1vSE10h3ae0hVkY9 zk5UlJuuG6Eck9Vta6LKcbBO8WU2QO80uYyKlfctarSO38JVIteTbzvVjYTnUb7pn43AeDZSf9v eV3zszxxGkwoLGef1/BZK/LzTHeobB9o6uCrkp0i4s0675paxC7Uo4yedB7vdVpqqDg7QE4lqcS DmdmGxB/Gl1eNMhC2v6mH61TPH5ZSATjwUsk3qMpgDQeMGhUyx3W4nd73RQDLMRQHXSfZTllS+I khXO02eBlL8NlQlFH5+fjvDM7xAwYduNBhA1yWcck4njOXwyiGvqbUyah112G5dt46fzNCdDSWw yMbQg5A8EU2OIfetDGR7vY0pYyCGrljRu6aOt7t7cAn4u0P5adkQUO+lzv5/5c7afJUtbTxvmzN AE4g== X-Google-Smtp-Source: AGHT+IEgzwmu+0yBcFFerGSulsjc81ythWmknlzRBtGzsRqPonvkDQmDZ1fg67uaiBc4saL19R1hlw== X-Received: by 2002:a17:903:2f81:b0:2a0:c58b:ed6 with SMTP id d9443c01a7336-2a2f2735103mr142666815ad.29.1766525176324; Tue, 23 Dec 2025 13:26:16 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:74b3:f61b:a7a7:fafc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a2f3c6a80esm133756765ad.8.2025.12.23.13.26.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 13:26:15 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/10] binutils: fix CVE-2025-11839 Date: Tue, 23 Dec 2025 13:25:56 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Dec 2025 21:26:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228498 From: Yash Shinde CVE-2025-11839 PR 33448 [BUG] Aborted in tg_tag_type at prdbg.c:2452 Remove call to abort in the DGB debug format printing code, thus allowing the display of a fuzzed input file to complete without triggering an abort. https://sourceware.org/bugzilla/show_bug.cgi?id=33448 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe] Signed-off-by: Yash Shinde Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.38.inc | 1 + .../binutils/0049-CVE-2025-11839.patch | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0049-CVE-2025-11839.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 2fe4a17e0d..426c00ce3f 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -87,5 +87,6 @@ SRC_URI = "\ file://CVE-2025-11412.patch \ file://CVE-2025-11413.patch \ file://0048-CVE-2025-11494.patch \ + file://0049-CVE-2025-11839.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0049-CVE-2025-11839.patch b/meta/recipes-devtools/binutils/binutils/0049-CVE-2025-11839.patch new file mode 100644 index 0000000000..7f2f6d553d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0049-CVE-2025-11839.patch @@ -0,0 +1,32 @@ +From 12ef7d5b7b02d0023db645d86eb9d0797bc747fe Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Mon, 3 Nov 2025 11:49:02 +0000 +Subject: [PATCH] Remove call to abort in the DGB debug format printing code, + thus allowing the display of a fuzzed input file to complete without + triggering an abort. + +PR 33448 +--- + binutils/prdbg.c | 1 - + 1 file changed, 1 deletion(-) + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe] +CVE: CVE-2025-11839 + +Signed-off-by: Yash Shinde + +diff --git a/binutils/prdbg.c b/binutils/prdbg.c +index c239aeb1a79..5d405c48e3d 100644 +--- a/binutils/prdbg.c ++++ b/binutils/prdbg.c +@@ -2449,7 +2449,6 @@ tg_tag_type (void *p, const char *name, unsigned int id, + t = "union class "; + break; + default: +- abort (); + return false; + } + +-- +2.43.7 + From patchwork Tue Dec 23 21:25:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 77358 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C3A99E6FE54 for ; Tue, 23 Dec 2025 21:26:26 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.109033.1766525178799863703 for ; Tue, 23 Dec 2025 13:26:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=EIADj8wy; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-2a07fac8aa1so58178125ad.1 for ; Tue, 23 Dec 2025 13:26:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1766525178; x=1767129978; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fvtp9CXAa+mdCgwITsCeWMp0cr4niDMugVgE8v9p3Qk=; b=EIADj8wyugcKUFgiaeb+VKSO130HquqxQUUVSbFULsM8sNAKOK3RHrNjuTvltqQ0sH 12yoH6adWgEkoDr/7G6AVbvku76P2sPeE17DDoRWKc3U2BGwoxdNGjKK9/9N4KuUuM2Z m2u/vCVEUJK8PlJ4XZwRo+pRIjT5mg1ztncVA7a71qFSAbNB1UadZIrfZZ2jCkqMswnL /lOsm91SfhvNAKfzIQEA5/U2s6YNCCJXQJ8T5820IeP29BB07xYqHHgE04Hb5E+2zIDL gvHhzCzznIoMQrp2obuzyKQ2L5A3x+ek4f/es4EBmbOj5dzvWmbyisokJsT6cD2qRyhw 64Hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766525178; x=1767129978; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=fvtp9CXAa+mdCgwITsCeWMp0cr4niDMugVgE8v9p3Qk=; b=OI2GUXmO/8NhezCZdimk7Ys6KzceOhfDI24brZGc0nwXZoxAi3UmgQS2wkPeX+dIsi yfn2Fh3wFluBw8LmgpQUTaOUbYNwKiod7sMUbGElWze6HzV1U3NFoLBeSEVwq1Q0J025 vmFPSSV6cHyTvxpE2njqXbjAy6B+KKs2PZjYAzFn7crLhBeUmAFyRZwCbVi2cT+R/ePk vo/H0uoRO/PGIQpuSnKuvvLiESILcyYZLfUv5/9HsZNsyeWIoPnD12dCdOr8gxWJ2XUO i6+cOpV86qbT5Zz5jFGNb4YWUyesm1No85CZEv6L02KyskFMDahQ2QS+nM5NLVz8thxI 2EEQ== X-Gm-Message-State: AOJu0YyTBCvtYZRYwsOuTHP+M7TofsVaAJjPM0eLEzebTwylzuc8plSV 6dAQsW5W4wy57X4mxtOYYj47OPn6Eg1vnaM2EW2amaVAKKRT7m59s1PWfEKDlUZfXgQgqhiyEAz c34za X-Gm-Gg: AY/fxX7atX5VQjxyRDWISGwqrtyxRSXkDEQYPBjo1UdLfTHfs6Bu0ZXWCb//5e+UOEv TggBQe2R5rk75I/PLkVbcJ5lrtQb3AjNY/ZbDc5jPC7qoh9D5krmGJqZuc8HXYbWReQ6SleUBxX B+WriUea0KVWRKG/R49SZLJIGZEYYE4t1Nx7+ttIC+Ahrd1hnYHzDu6sds3AC6xGwjl2878pQVc sLLxLW4Jo5aD6hS58EAf6DYTyzaHlZxJTCMhD5S8hYJpEtO2tcqHHUVZsIkCKGHBLdsmgQGUduF rdroLUOLL+uvf5rWZ3KQq6xRRTtkO0PsivLO6jKfTg+/J/QtttEwybUnga5eA+vWrSI8qh30IiG 9I3Yil9Fd6uWKKNXcVENdFr1o1bcu9HXQt0c8hnO0NHUDcc7eoHW8vIihD+aRZUDVlsVD5HUrHp 4Jbw== X-Google-Smtp-Source: AGHT+IHtD/yOqjLM+rFNdssH+JAF760ZUeiIQDphNcKI3KZh1n+usJPMdg2yJLTZGEngyvMADa9AxA== X-Received: by 2002:a17:902:e841:b0:2a0:d4e3:7181 with SMTP id d9443c01a7336-2a2f283cb18mr164537475ad.49.1766525177950; Tue, 23 Dec 2025 13:26:17 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:74b3:f61b:a7a7:fafc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a2f3c6a80esm133756765ad.8.2025.12.23.13.26.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 13:26:17 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/10] binutils: fix CVE-2025-11840 Date: Tue, 23 Dec 2025 13:25:57 -0800 Message-ID: <85e62aad46eb096cf92907288a3eb1b6f76072c4.1766525021.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Dec 2025 21:26:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228499 From: Yash Shinde CVE-2025-11840 PR 33455 [BUG] A SEGV in vfinfo at ldmisc.c:527 A reloc howto set up with EMPTY_HOWTO has a NULL name. More than one place emitting diagnostics assumes a reloc howto won't have a NULL name. https://sourceware.org/bugzilla/show_bug.cgi?id=33455 Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f6b0f53a36820da91eadfa9f466c22f92e4256e0] Signed-off-by: Yash Shinde Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.38.inc | 1 + .../binutils/0050-CVE-2025-11840.patch | 37 +++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0050-CVE-2025-11840.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 426c00ce3f..d268880409 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -88,5 +88,6 @@ SRC_URI = "\ file://CVE-2025-11413.patch \ file://0048-CVE-2025-11494.patch \ file://0049-CVE-2025-11839.patch \ + file://0050-CVE-2025-11840.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0050-CVE-2025-11840.patch b/meta/recipes-devtools/binutils/binutils/0050-CVE-2025-11840.patch new file mode 100644 index 0000000000..3fb4db880e --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0050-CVE-2025-11840.patch @@ -0,0 +1,37 @@ +From f6b0f53a36820da91eadfa9f466c22f92e4256e0 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Mon, 3 Nov 2025 09:03:37 +1030 +Subject: [PATCH] PR 33455 SEGV in vfinfo at ldmisc.c:527 + +A reloc howto set up with EMPTY_HOWTO has a NULL name. More than one +place emitting diagnostics assumes a reloc howto won't have a NULL +name. + + PR 33455 + * coffcode.h (coff_slurp_reloc_table): Don't allow a howto with + a NULL name. +--- + bfd/coffcode.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f6b0f53a36820da91eadfa9f466c22f92e4256e0] +CVE: CVE-2025-11840 + +Signed-off-by: Yash Shinde + +diff --git a/bfd/coffcode.h b/bfd/coffcode.h +index 1e5acc0032c..ce1e39131b4 100644 +--- a/bfd/coffcode.h ++++ b/bfd/coffcode.h +@@ -5345,7 +5345,7 @@ coff_slurp_reloc_table (bfd * abfd, sec_ptr asect, asymbol ** symbols) + RTYPE2HOWTO (cache_ptr, &dst); + #endif /* RELOC_PROCESSING */ + +- if (cache_ptr->howto == NULL) ++ if (cache_ptr->howto == NULL || cache_ptr->howto->name == NULL) + { + _bfd_error_handler + /* xgettext:c-format */ +-- +2.43.7 + From patchwork Tue Dec 23 21:25:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 77360 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD3A7E6FE53 for ; Tue, 23 Dec 2025 21:26:26 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.109034.1766525180669847808 for ; Tue, 23 Dec 2025 13:26:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=groCU7dj; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-2a0d52768ccso66749835ad.1 for ; Tue, 23 Dec 2025 13:26:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1766525180; x=1767129980; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4o2Pq5UFJoWs50ZUfiD1Jc3NzgOpLpteqP9wgIjLi1I=; b=groCU7djKV+ynpzosqAktRpX0jrI/dpAvGdHfOrBRLkwYkI2dsZQu6p8QJW7lyVyOZ ya4NixIqwN9qqjWSdd4N/sa6AjpvAKv0or01K7FHfW+GK4QjjuJ06mMZgBlX5JKNLenR N5owsOtPx1gdLRhtH4301Y6C81j4AvvMFfQuidqDVT71Pci2ZFZ4bDjQCKycCdijdJ/w LP/WRd9ZvgEpkja++apySgCs5cTS99XYqNIU3AwaRN6jJSXwqQceV8mvQH081c4/Ck/W fQXJvcBHJvbt4blHKb7tx0VbqnpBwtgDfE6tepe6TOfhU74iDIZQnf/eP7jL1MwVFWy8 ZU+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766525180; x=1767129980; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=4o2Pq5UFJoWs50ZUfiD1Jc3NzgOpLpteqP9wgIjLi1I=; b=s+TVGdlHB+kTYwdo1bwqql0vgraNaB80y9/siG0MbQ3+zlvX2HxIQbaEdSqFKzoWEW RlDF6iujASkaO8su8kn+K8ppoen079lKfx9lUxEUFwxq9KVqxhCgeMoQFAZO2HdbMeno f6k6TfGnZ83YOwBkO7KME/d4Riv5ij0ihvhuXp0JZacVoM0KjUAQ7HhEIwKJ3D24y4it GXmR+FukkW4L2NkDExHH8VlfM1CTNImH4k8PoX/4vcwqZ0tR05eYwjh5owVwXoIh+9Zb hYE93yYpjqtSUv45UE0YttZaq9Y2zcE+HNk0Dibdfaat70K26gNfQb0MegF7vFKI2nVZ WBLw== X-Gm-Message-State: AOJu0YybJtN7C3AkSjgTTS4UgOrlyLscYMDBC5SjvDL7tjEFIGxyEppU F8qOdQIQDchyYyO055xVqYkuD294xMHGkSPQJauz0sTKLlhBVeMZ26bMlfVFzQSS+HbnTscdiNA kmoVs X-Gm-Gg: AY/fxX51wGqeLS5GEWXHaYvZEz/oLb6Ax5dnXY1P3frx16XdohoYSoj2RvtH+DiJgOp oGDMYCxhuljqtT4O7/eEG2VbsSXRH+CMWx9CqYsnvbLdhfGNzKP+5n1tdC1ajyIxqQ3whDLmN9j Jj/M8EnaP6R57Q6ao9qTIAedvA1IL8u/XeMOmdUyRVIUkUUu0dFcJqt9tenE1vJyLUW/VG2c4mw qPcHaBihNTXnUHx+1Hydy79sIHxqQ1S09HqJa1Ti4pUvfH4vVsKSLc99nzIab/dM4i5v1oJhpLN F5ImSkBIEUVUjZDr9SdVW2qzC4rDrrzBkBxvxqwMPMhxfKOacS93ImvZmpgXzZ+6OKRc9JPimss M22PC9FaY63eieCcvqFyczANFah3eiyhd/FWg1jtkKwtekXOitLQ2hS+i4OfzZ3xLwHxmLn+EsD k1Rw== X-Google-Smtp-Source: AGHT+IG6adf+cb2IwDnTSK6+EbjWvG+VCgPlov0zBVOMvOJt+Tc8w9hjhaFBuDer2Yr/CD8IKbo1rQ== X-Received: by 2002:a17:902:ccd1:b0:2a1:3dae:8f22 with SMTP id d9443c01a7336-2a2f2a4f425mr152698495ad.61.1766525179912; Tue, 23 Dec 2025 13:26:19 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:74b3:f61b:a7a7:fafc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a2f3c6a80esm133756765ad.8.2025.12.23.13.26.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 13:26:19 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/10] libxslt: Fix CVE-2025-11731 Date: Tue, 23 Dec 2025 13:25:58 -0800 Message-ID: <7196077d84cc8d49652b0d6b54963df579ab1a0b.1766525021.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Dec 2025 21:26:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228500 From: Mingli Yu Backport patch [1] to fix CVE-2025-11731. [1] https://gitlab.gnome.org/GNOME/libxslt/-/commit/fe508f201efb9ea37bfbe95413b8b28251497de3 Signed-off-by: Mingli Yu Signed-off-by: Steve Sakoman --- .../libxslt/libxslt/CVE-2025-11731.patch | 42 +++++++++++++++++++ .../recipes-support/libxslt/libxslt_1.1.35.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-support/libxslt/libxslt/CVE-2025-11731.patch diff --git a/meta/recipes-support/libxslt/libxslt/CVE-2025-11731.patch b/meta/recipes-support/libxslt/libxslt/CVE-2025-11731.patch new file mode 100644 index 0000000000..19702af6cb --- /dev/null +++ b/meta/recipes-support/libxslt/libxslt/CVE-2025-11731.patch @@ -0,0 +1,42 @@ +From fe508f201efb9ea37bfbe95413b8b28251497de3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Dominik=20R=C3=B6ttsches?= +Date: Wed, 27 Aug 2025 14:28:40 +0300 +Subject: [PATCH] End function node ancestor search at document + +Avoids dereferencing a non-existent ->ns property on an +XML_DOCUMENT_NODE pointer. + +Fixes #151. + +CVE: CVE-2025-11731 + +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxslt/-/commit/fe508f201efb9ea37bfbe95413b8b28251497de3] + +Signed-off-by: Mingli Yu +--- + libexslt/functions.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/libexslt/functions.c b/libexslt/functions.c +index 8d35a7ae..a54ee70c 100644 +--- a/libexslt/functions.c ++++ b/libexslt/functions.c +@@ -617,8 +617,13 @@ exsltFuncResultComp (xsltStylesheetPtr style, xmlNodePtr inst, + * instanciation of a func:result element. + */ + for (test = inst->parent; test != NULL; test = test->parent) { +- if (IS_XSLT_ELEM(test) && +- IS_XSLT_NAME(test, "stylesheet")) { ++ if (/* Traversal has reached the top-level document without ++ * finding a func:function ancestor. */ ++ (test != NULL && test->type == XML_DOCUMENT_NODE) || ++ /* Traversal reached a stylesheet-namespace node, ++ * and has left the function namespace. */ ++ (IS_XSLT_ELEM(test) && ++ IS_XSLT_NAME(test, "stylesheet"))) { + xsltGenericError(xsltGenericErrorContext, + "func:result element not a descendant " + "of a func:function\n"); +-- +2.34.1 + diff --git a/meta/recipes-support/libxslt/libxslt_1.1.35.bb b/meta/recipes-support/libxslt/libxslt_1.1.35.bb index fc1fafbf19..4f86069d77 100644 --- a/meta/recipes-support/libxslt/libxslt_1.1.35.bb +++ b/meta/recipes-support/libxslt/libxslt_1.1.35.bb @@ -22,6 +22,7 @@ SRC_URI = "${GNOME_MIRROR}/libxslt/1.1/libxslt-${PV}.tar.xz \ file://CVE-2023-40403-004.patch \ file://CVE-2023-40403-005.patch \ file://CVE-2025-7424.patch \ + file://CVE-2025-11731.patch \ " SRC_URI[sha256sum] = "8247f33e9a872c6ac859aa45018bc4c4d00b97e2feac9eebc10c93ce1f34dd79" From patchwork Tue Dec 23 21:25:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 77357 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BEBCAE6FE51 for ; Tue, 23 Dec 2025 21:26:26 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.109421.1766525182794678570 for ; Tue, 23 Dec 2025 13:26:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=vRDLFJqB; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-29efd139227so71968415ad.1 for ; Tue, 23 Dec 2025 13:26:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1766525182; x=1767129982; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=aWfEqpYM3HWIXB08uw3JsLHuuubwmxO8xgA7qNgB6P4=; b=vRDLFJqBBpIo2Ir5eDWrFBfoEUqMnf9KhESCsmEjgl62pR3aom0smVLkV5QS2K1A6J mLnk8Kqgf+E+U8q9xkoEci7caw3hix5Rs780HTaN1VfFUiuD0h2YyrgvR9hRRGOJECDC 3HUWpfynwt29Q+hMUOnWXaMP+ppNLviy5sL/GyUOiWlWO5iTb5vtCtywtDJlzjPZfTUn TOupEc/jUh8AIcHH6l1Jqd+1iWx09kheC9XATtKc3Y7xSDUqoA3ePlg3WYGmSpG+QuYK MYbS0o2BFbQ2qkiaAFPLoUsAXSLLK30Ns0dYJxsMCGnKEi/HHzM/LSCz7siBbf1bGHpf 0dNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766525182; x=1767129982; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=aWfEqpYM3HWIXB08uw3JsLHuuubwmxO8xgA7qNgB6P4=; b=lRVTw8e/vkxNAv1wrJbHesw1T52RVCRQghES39Qfmp+J5DHPHAcpRGdjld5v2IE1+9 Yd2QGNLfp34t3Vpyx9qr/Yo5A6Tm9jSh0aCD2fYnMLgN3ZubEGU5TeeB9PK6hkPtT3oE RzS4t4kQ9oElPARSDZ7dcqGqltu5y7r73aTxZGeMZtg3+l7Ak0uS3cct6kXVFvXysS9v 3mb/8iws8WlaGeYDEh8OEkqkvxz3J+2yvbPWuAjyeZkC4jLpKO/1kiaJOKxqE6oLM1Fg BEt33kOZNqAvc0t1dF2QEJdtyNbVsIqr4D39m7RZI/sITxL5KI4i48PTdMV9jnbJQkNg M8Kw== X-Gm-Message-State: AOJu0Yx6a9kbDrB+8u5WyE/2vQ8dnc2VxQJHeZ8Qc2f4yvjJrJonpT3P 0SNDNA04F8zItrnnYczFN9bklocnrDaEHwu+ntCRvf8qRp1HL7K5dqqhwa6v96DTuyZZlE26zuC Ju06N X-Gm-Gg: AY/fxX7YGM/ReNDYbhv5Q+1dY0wbygACAio9B8q3zgY10ruPkzh2N/Y9IWgTe6z8xAS ha5jB13FEk5wAWkhmCj/7EfTJE45aKvDQ04xU5/k4/3Bi2vSYoPyAfyn44fn2kKZGbrIvKHTmQu RO0Jh/lK8VBxMcW+D5DFWN5iHHsbeiFb5qjeH4rUrCueIbVTmFpif02FN1tEVrgGzkHeBcGfvYT OcCOBSxrPL6wQpIivRh070Ao+7WsIYKjOxCCU849Vc1z28sH76LCQIw2OCH/jspHJe/4LASS3Sq hVnnKemXk7AzUIWRqLelbWiYYCIMmlH8/cF03CrPPh68cQtJSbZeHvib68TCaxkXR+tiotDGRK+ 5JjaQJlcooPIiZSpvinBqE/OMWnxqbG3+TmbAMJzd68kGG1ZJz47mfqzXFfomhgFqO/X6FwxlA3 yx54YN14Twi8LD X-Google-Smtp-Source: AGHT+IE1tAz9vCHZ3YnmfjslzY4IGlfmDpbmtAkT7tv2uNe6A+91d3e4zZCIEXVl/hq5NjNNTFN0RA== X-Received: by 2002:a17:902:fc46:b0:2a0:9411:e8c0 with SMTP id d9443c01a7336-2a2f272bd84mr156414525ad.32.1766525181997; Tue, 23 Dec 2025 13:26:21 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:74b3:f61b:a7a7:fafc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a2f3c6a80esm133756765ad.8.2025.12.23.13.26.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 13:26:21 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/10] libsoup: fix CVE-2025-12105 Date: Tue, 23 Dec 2025 13:25:59 -0800 Message-ID: <86ea41fa42aeff0789932a9eea480d05454efe01.1766525021.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Dec 2025 21:26:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228501 From: Changqing Li Refer: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/481 Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../libsoup/libsoup/CVE-2025-12105.patch | 34 +++++++++++++++++++ meta/recipes-support/libsoup/libsoup_3.0.7.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-12105.patch diff --git a/meta/recipes-support/libsoup/libsoup/CVE-2025-12105.patch b/meta/recipes-support/libsoup/libsoup/CVE-2025-12105.patch new file mode 100644 index 0000000000..99b2937922 --- /dev/null +++ b/meta/recipes-support/libsoup/libsoup/CVE-2025-12105.patch @@ -0,0 +1,34 @@ +From 465410f833e4288ad053b4e18d5fa6c3be3148e1 Mon Sep 17 00:00:00 2001 +From: Eugene Mutavchi +Date: Fri, 10 Oct 2025 16:24:27 +0000 +Subject: [PATCH] fix 'heap-use-after-free' caused by 'finishing' queue item + twice + +CVE: CVE-2025-12105 +Upsteam-Status: Backport [https://gitlab.gnome.org/GNOME/libsoup/-/commit/9ba1243a24e442fa5ec44684617a4480027da960] + +Signed-off-by: Changqing Li +--- + libsoup/soup-session.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/libsoup/soup-session.c b/libsoup/soup-session.c +index 5f2929f..b9f3e42 100644 +--- a/libsoup/soup-session.c ++++ b/libsoup/soup-session.c +@@ -3093,8 +3093,10 @@ run_until_read_done (SoupMessage *msg, + if (soup_message_io_in_progress (msg)) + soup_message_io_finished (msg); + item->paused = FALSE; +- item->state = SOUP_MESSAGE_FINISHING; +- soup_session_process_queue_item (item->session, item, NULL, FALSE); ++ if (item->state != SOUP_MESSAGE_FINISHED) { ++ item->state = SOUP_MESSAGE_FINISHING; ++ soup_session_process_queue_item (item->session, item, NULL, FALSE); ++ } + } + async_send_request_return_result (item, NULL, error); + } +-- +2.34.1 + diff --git a/meta/recipes-support/libsoup/libsoup_3.0.7.bb b/meta/recipes-support/libsoup/libsoup_3.0.7.bb index af8554aa78..0f82736727 100644 --- a/meta/recipes-support/libsoup/libsoup_3.0.7.bb +++ b/meta/recipes-support/libsoup/libsoup_3.0.7.bb @@ -45,6 +45,7 @@ SRC_URI = "${GNOME_MIRROR}/libsoup/${SHRT_VER}/libsoup-${PV}.tar.xz \ file://CVE-2025-46421.patch \ file://CVE-2025-4948.patch \ file://CVE-2025-4945.patch \ + file://CVE-2025-12105.patch \ " SRC_URI[sha256sum] = "ebdf90cf3599c11acbb6818a9d9e3fc9d2c68e56eb829b93962972683e1bf7c8" From patchwork Tue Dec 23 21:26:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 77359 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B90A2E6FE4C for ; Tue, 23 Dec 2025 21:26:26 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.109422.1766525184823601780 for ; Tue, 23 Dec 2025 13:26:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=KupDQ4lL; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-29efd139227so71968625ad.1 for ; Tue, 23 Dec 2025 13:26:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1766525184; x=1767129984; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=stx2Z775L0BSdgdJ+O12aDfx7B/An6moHEiG2hxSfhA=; b=KupDQ4lLMGlPeKJxQl2w1H/Y7VwDRCRa901exm8ioy8sbyNwtLoHtctqS+VMtPT9pv uh6d8sbJOqqYcLwwgEWwjBEQVIo0WibgOmKNEucDxazUlBiwck+5qIM1Us/Di52PyCCT KGe+xqFX+gHnhC71n8nOIDDEcTvoxZ6vS+MV0NHdqdwQYo7YhPGJ9M5J78kUBf7xQAmJ JQGlAYiwuerz9fVJS/CqIVfRqDSsDw1uxSHm0+o4o+hqwr1H9Xwz0tIpmgBxMIpbLktM uFvo0F33olvcShW1aBmQt5NxrrEe3rBVX95KY4qMsioWEgddTh0u76ksAWCSkP0fimYZ Abng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766525184; x=1767129984; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=stx2Z775L0BSdgdJ+O12aDfx7B/An6moHEiG2hxSfhA=; b=puNoVVF0j2bOknfv/0bCjyicqRDsefT5pd9amgKHgqQOkWUfWEe0Evx0vQg9tqDpPB BQRl+BtYTYs3sonOu4z4xh547IaRtacbPLatpVpiBcEjFwFVqOxLGeCdV79y1W9cIAiO Gcis3tAeNWTiaR5uLcluDTgBn1OTd6CGwTRYbmiOlOnvpkLRds3RHRTUvnn/vJ3s43oH jwJL3BsallR7cCZnakUkiu2d/yyFGG+g4tQ1hAqik+UqV1oUWmcaXwY7RfRLaCL7EbLf kwr4RlpORRh21xTVqUx7ZafiS18YMd6CpuOfKxAPTg7fqMW6fVj2XoXeX3B0M4rTw9lD TaOQ== X-Gm-Message-State: AOJu0YxQWCoGC/8iIq2GgSn/Xy+m3HkIl+K2DI8e7UboAom8eKKxIGq2 x5Vl3h1CyctxNyulw6cz99/GDShfdvZ8K2yLpz5l3RczOYHvVgaMQZr/M5AT+bwDqfjIr9DvLcU dZrfw X-Gm-Gg: AY/fxX4cS/Q2njSJUl+8RbKoo3eyNWaM3znxSVq5tHSAYv4PTIYNEBkvMZAOxRK6MI6 6UhWUnM9nFTnKuxVFSsQcxFbzkvqnDORXOsLKBaugbL9ZgM3MYCSgaKeyiDzaRwgYUqhMzJiG4v KnqEEXQQ7rghxn+OU4MCpd5ycC9dy7Z4mge7FpCgS8+D6GBmIjIdoIJa1NIYirad8tQ26Ug3fFd 4YQ3c54OskPPekeuUZU2xExxc7z7QAhnYT7LUERdb50gI+NIKUzceAvSWu4QPZnlM1tPdOz4A2Z RFXcXDM4be5evf6siWucsGDE5mNsxrieBRj7F1oOzG8cezlzWYL84CG+xSqha+ntdCwKjUsjQDL /45g/Wv6cMDfrM42yNc/SC6l43lbg/2LpJaq23o/bxmk5vDBSU1VDKJCU70C7GeOXWwTayawuIw N81w== X-Google-Smtp-Source: AGHT+IFO+supDj7KQX+3878ExdxlZXzmxNTY77FPQnTWaZUOGzFlwDMU3xbB6aNArjgPbp1FWpL0pA== X-Received: by 2002:a17:902:f60c:b0:295:888e:9fff with SMTP id d9443c01a7336-2a2f221fa6emr150275325ad.20.1766525184023; Tue, 23 Dec 2025 13:26:24 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:74b3:f61b:a7a7:fafc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a2f3c6a80esm133756765ad.8.2025.12.23.13.26.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 13:26:23 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/10] scripts/install-buildtools: Update to 4.0.31 Date: Tue, 23 Dec 2025 13:26:00 -0800 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Dec 2025 21:26:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228502 From: Aleksandar Nikolic Update to the 4.0.31 release of the 4.0 series for buildtools Signed-off-by: Aleksandar Nikolic Signed-off-by: Steve Sakoman --- scripts/install-buildtools | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install-buildtools b/scripts/install-buildtools index 5c990b1f8e..2c9f3f25c6 100755 --- a/scripts/install-buildtools +++ b/scripts/install-buildtools @@ -57,8 +57,8 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout) DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools') DEFAULT_BASE_URL = 'https://downloads.yoctoproject.org/releases/yocto' -DEFAULT_RELEASE = 'yocto-4.0.30' -DEFAULT_INSTALLER_VERSION = '4.0.30' +DEFAULT_RELEASE = 'yocto-4.0.31' +DEFAULT_INSTALLER_VERSION = '4.0.31' DEFAULT_BUILDDATE = '202110XX' # Python version sanity check From patchwork Tue Dec 23 21:26:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 77361 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD4BBE6FE51 for ; Tue, 23 Dec 2025 21:26:36 +0000 (UTC) Received: from mail-pl1-f193.google.com (mail-pl1-f193.google.com [209.85.214.193]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.109424.1766525186941643739 for ; Tue, 23 Dec 2025 13:26:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=EmCifchW; spf=softfail (domain: sakoman.com, ip: 209.85.214.193, mailfrom: steve@sakoman.com) Received: by mail-pl1-f193.google.com with SMTP id d9443c01a7336-2a12ebe4b74so92962535ad.0 for ; Tue, 23 Dec 2025 13:26:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1766525186; x=1767129986; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vcKoXz9bZeIogmGavFcGUy7fkioFe1inmnnL1n36un4=; b=EmCifchWgGJjo6RnaWux9vp3SuiGWm3Hwo8N12K7ful24hL7DBYXwD5u0mVfwK7tVt J8mpfa43i8qU/hW9RlZvq0uRcLe+hVSISIyLFCeP/5UojERUH3TxNthg9qCOf3SBeooC 76xtiKchy777ybzaEu3I0Ed1bbT0/+Kn5tr/ILpDyc5w2EgDgvLjGSdeqkeKtcGP2V2R oyDNrR8mPFEusSOPpn98Qbpc/g7+jYAlgfMCOCM15mqyZ9aziPUKxV1W8GCTpcS0ssmG 9rdvAbATqr+l0GDEi5ln084p7igra+KbIuy8TQHv2Ihm/63LDKSg7zZ2j127KNnIYbN0 aYhw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1766525186; x=1767129986; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=vcKoXz9bZeIogmGavFcGUy7fkioFe1inmnnL1n36un4=; b=cLPX1TuMajkJw4+e1CWYpjMB0R+PrtlyGCMeWCUy4X3zCXXKdQTUpPgeKl5seKNETk bLFw91k7RmCXdnq9f+BmVSlYpwVXb/m53VfXm+aHEyVSYhwOO46KKLRTOrQxzu0a1xck Dlsp7FUf8hU7hJh5nbx3bt9rnC5sbePJlZq8f1p5+SegY8T8KwQwEiyMpFMa/MQqehDH MKDkTn1Y0cZWPLNNIXWm+y02Tu0C9wX/nq5HWVp2U6J2ux0pStLhyEU8Dkj1iS+OdnBa 6ixOomhVzeysdDy2T8lIW/u504CLVYr//zq+8uJTfM6j0YjGz56SRin9XJbGuikBayV2 irgQ== X-Gm-Message-State: AOJu0Yx3cTjblRvQopTU4a6nsqlBhAtQYVUiPWCneZ0vDNrjtWDgXrQ4 Es8hjmKpv/W7t0lMlFQLtYcKRYeTqU2NnE1AZm4o2zHhuCRvSukbqhGxioHdFfCYRLZUbffIA/5 vwtIskho= X-Gm-Gg: AY/fxX7Fwtstkw/JBsIdByIbRKDAtGEomCmdwWjsX8z0uple+fCY5DXJe6wOHKUfDa7 UvQAYlpHjKxkHzmzP93jDcfKqcNaEF2Spo1yONim3ZVHKncVSOZuTheAcyXya1hEJccLIPRcSKL zjco4r/TV1gvy7TVC6WfyV0Bqf+caM5mXVdnJS8F7xqo+EQPw25K/Xt9aJ+IqcLTI1IkTGZXjQJ 47iqBoof7Z4tEyecvu8MR3UFquUtHW+A/joQqu/wiX+jXn7SqbMlnmlAGt4sY4AE4wYO0kP6ApZ DLk6iQ1oy8dEnuWn+BAAzpIz0jasaDXX1CZVhkUn5+G7CRkIOb7wU8XPriqdFXuhFQD07m7lFIG 3RL1AZGWUDJtfiZQ/jA4h2pDTqxdKK7eAn9rDfniDpSu5FaTTWHblrkvJSf1orwuNtS2W8ynfmX iJoQ== X-Google-Smtp-Source: AGHT+IGRKjZ2J2PJ6opc/WzxNjbJ1JUSCP8gBExJIth8RBrHCmiQIBbzSmnU5M8+WwK2093stqk6lA== X-Received: by 2002:a17:902:dac2:b0:2a2:b293:27d2 with SMTP id d9443c01a7336-2a2f2a400c0mr159159055ad.53.1766525186065; Tue, 23 Dec 2025 13:26:26 -0800 (PST) Received: from hexa.. ([2602:feb4:3b:2100:74b3:f61b:a7a7:fafc]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2a2f3c6a80esm133756765ad.8.2025.12.23.13.26.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Dec 2025 13:26:25 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/10] cross.bbclass: Propagate dependencies to outhash Date: Tue, 23 Dec 2025 13:26:01 -0800 Message-ID: <6c40ec0646735a125540d6a78550d4d1d4bece62.1766525021.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 23 Dec 2025 21:26:36 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/228503 From: Martin Jansa Similar to what native and staging is doing since: https://git.openembedded.org/openembedded-core/commit/meta/classes/native.bbclass?id=d6c7b9f4f0e61fa6546d3644e27abe3e96f597e2 https://git.openembedded.org/openembedded-core/commit/meta/classes/staging.bbclass?id=1cf62882bbac543960e4815d117ffce0e53bda07 Cross task outputs can call native dependencies and even when cross recipe output doesn't change it might produce different results when the called native dependency is changed, e.g. clang-cross-${TARGET_ARCH} contains symlink to clang binary from clang-native, but when clang-native outhash is changed, clang-cross-${TARGET_ARCH} will still be considered equivalent and target recipes aren't rebuilt with new clang binary, see work around in https://github.com/kraj/meta-clang/pull/1140 to make target recipes to depend directly not only on clang-cross-${TARGET_ARCH} but clang-native as well. I have added a small testcase in meta-selftest which demostrates this issue. Not included in this change, but will send it if useful. openembedded-core $ ls -1 meta-selftest/recipes-devtools/hashequiv-test/ print-datetime-link-cross.bb print-datetime-link-native.bb print-datetime-native.bb print-datetime-usecross.bb print-datetime-usenative.bb print-datetime-native provides script which prints defined PRINT_DATETIME variable. print-datetime-link-native and print-datetime-link-cross both provide a symlink to the script from print-datetime-native. print-datetime-usenative and print-datetime-usecross are target recipes using the native and cross versions of print-datetime-link-* recipe. # clean build all is rebuilt: $ bitbake -k print-datetime-usenative print-datetime-usecross WARNING: print-datetime-native-1.0-r0 do_install: print-datetime-native current DATETIME in script is 2025-11-13_20_05 WARNING: print-datetime-link-native-1.0-r0 do_install: print-datetime-link-native current DATETIME in symlink is 2025-11-13_20_05 WARNING: print-datetime-link-cross-x86_64-1.0-r0 do_install: print-datetime-link-cross-x86_64 current DATETIME in symlink is 2025-11-13_20_05 WARNING: print-datetime-usenative-1.0-r0 do_install: print-datetime-usenative current DATETIME from print-datetime-link is 2025-11-13_20_05 WARNING: print-datetime-usecross-1.0-r0 do_install: print-datetime-usecross current DATETIME from print-datetime-link is 2025-11-13_20_05 # keep sstate-cache and hashserv.db: # print-datetime-usenative is correctly rebuilt, because print-datetime-link-native has different hash (because print-datetime-native hash changed) # print-datetime-usecross wasn't rebuilt, because print-datetime-link-cross-x86_64 doesn't include the changed hash of print-datetime-native $ bitbake -k print-datetime-usenative print-datetime-usecross WARNING: print-datetime-native-1.0-r0 do_install: print-datetime-native current DATETIME in script is 2025-11-13_20_07 WARNING: print-datetime-link-native-1.0-r0 do_install: print-datetime-link-native current DATETIME in symlink is 2025-11-13_20_07 WARNING: print-datetime-link-cross-x86_64-1.0-r0 do_install: print-datetime-link-cross-x86_64 current DATETIME in symlink is 2025-11-13_20_07 WARNING: print-datetime-usenative-1.0-r0 do_install: print-datetime-usenative current DATETIME from print-datetime-link is 2025-11-13_20_07 It's because print-datetime-link-cross-x86_64 depsig doesn't include print-datetime-native signature: $ cat tmp/work/x86_64-linux/print-datetime-link-cross-x86_64/1.0/temp/depsig.do_populate_sysroot OEOuthashBasic 18 SSTATE_PKGSPEC=sstate:print-datetime-link-cross-x86_64:x86_64-oe-linux:1.0:r0:x86_64:14: task=populate_sysroot drwx . drwx ./recipe-sysroot-native drwx ./recipe-sysroot-native/sysroot-providers -rw- 32 19fbeb373f781c2504453c1ca04dab018a7bc8388c87f4bbc59589df31523d07 ./recipe-sysroot-native/sysroot-providers/print-datetime-link-cross-x86_64 drwx ./recipe-sysroot-native/usr drwx ./recipe-sysroot-native/usr/bin drwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux lrwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux/print-datetime-link -> ../print-datetime While print-datetime-link-native doesn't have this issue, because print-datetime-native signature is there: $ cat tmp/work/x86_64-linux/print-datetime-link-native/1.0/temp/depsig.do_populate_sysroot OEOuthashBasic 18 print-datetime-native: 60f2734a63d708489570ca719413b4662f8368abc9f4760a279a0a5481e4a17b quilt-native: 65d78a7a5b5cbbf0969798efe558ca28e7ef058f4232fcff266912d16f67a8b8 SSTATE_PKGSPEC=sstate:print-datetime-link-native:x86_64-linux:1.0:r0:x86_64:14: task=populate_sysroot drwx . drwx ./recipe-sysroot-native drwx ./recipe-sysroot-native/sysroot-providers -rw- 26 3d5458be834b2d0e4c65466b9b877d6028ae2210a56399284a23144818666f10 ./recipe-sysroot-native/sysroot-providers/print-datetime-link-native drwx ./recipe-sysroot-native/usr drwx ./recipe-sysroot-native/usr/bin lrwx ./recipe-sysroot-native/usr/bin/print-datetime-link -> print-datetime With the cross.bbclass fix the link-cross recipe has a checksum from native recipe as well: $ cat tmp/work/x86_64-linux/print-datetime-link-cross-x86_64/1.0/temp/depsig.do_populate_sysroot OEOuthashBasic 18 print-datetime-native: 9ceb6c27342eae6b8da86c84685af38fb8927ccc19979aae75b8b1e444b11c5c quilt-native: 65d78a7a5b5cbbf0969798efe558ca28e7ef058f4232fcff266912d16f67a8b8 SSTATE_PKGSPEC=sstate:print-datetime-link-cross-x86_64:x86_64-oe-linux:1.0:r0:x86_64:14: task=populate_sysroot drwx . drwx ./recipe-sysroot-native drwx ./recipe-sysroot-native/sysroot-providers -rw- 32 19fbeb373f781c2504453c1ca04dab018a7bc8388c87f4bbc59589df31523d07 ./recipe-sysroot-native/sysroot-providers/print-datetime-link-cross-x86_64 drwx ./recipe-sysroot-native/usr drwx ./recipe-sysroot-native/usr/bin drwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux lrwx ./recipe-sysroot-native/usr/bin/x86_64-oe-linux/print-datetime-link -> ../print-datetime And print-datetime-usecross is correctly rebuilt whenever print-datetime-native output is different. Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- meta/classes/cross.bbclass | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/meta/classes/cross.bbclass b/meta/classes/cross.bbclass index 9d951076a7..a292a98335 100644 --- a/meta/classes/cross.bbclass +++ b/meta/classes/cross.bbclass @@ -95,3 +95,39 @@ addtask addto_recipe_sysroot after do_populate_sysroot do_addto_recipe_sysroot[deptask] = "do_populate_sysroot" PATH:prepend = "${COREBASE}/scripts/cross-intercept:" + +# +# Cross task outputs can call native dependencies and even when cross +# recipe output doesn't change it might produce different results when +# the called native dependency is changed, e.g. clang-cross-${TARGET_ARCH} +# contains symlink to clang binary from clang-native, but when clang-native +# outhash is changed, clang-cross-${TARGET_ARCH} will still be considered +# equivalent and target recipes aren't rebuilt with new clang binary, see +# work around in https://github.com/kraj/meta-clang/pull/1140 to make target +# recipes to depend directly not only on clang-cross-${TARGET_ARCH} but +# clang-native as well. +# +# This can cause poor interactions with hash equivalence, since this recipes +# output-changing dependency is "hidden" and downstream task only see that this +# recipe has the same outhash and therefore is equivalent. This can result in +# different output in different cases. +# +# To resolve this, unhide the output-changing dependency by adding its unihash +# to this tasks outhash calculation. Unfortunately, don't know specifically +# know which dependencies are output-changing, so we have to add all of them. +# +python cross_add_do_populate_sysroot_deps () { + current_task = "do_" + d.getVar("BB_CURRENTTASK") + if current_task != "do_populate_sysroot": + return + + taskdepdata = d.getVar("BB_TASKDEPDATA", False) + pn = d.getVar("PN") + deps = { + dep[0]:dep[6] for dep in taskdepdata.values() if + dep[1] == current_task and dep[0] != pn + } + + d.setVar("HASHEQUIV_EXTRA_SIGDATA", "\n".join("%s: %s" % (k, deps[k]) for k in sorted(deps.keys()))) +} +SSTATECREATEFUNCS += "cross_add_do_populate_sysroot_deps"