From patchwork Tue Jan 20 13:37:23 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79188 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EED97D2ED0F for ; Tue, 20 Jan 2026 13:38:15 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6474.1768916285887621847 for ; Tue, 20 Jan 2026 05:38:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=NsYIA5Ad; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-47ff94b46afso36662595e9.1 for ; Tue, 20 Jan 2026 05:38:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916284; x=1769521084; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=aZx7yBXF/ju0Fn5lRwTxnclJE7Rx/mNlSC2pY349Xqs=; b=NsYIA5AdHjgKqJG+IBnbLSOmBJFvov0iWX+WmI9MOqOxUK6TYo2aGIcnnEVSVqN/OH PUaqxuJGPrs8O2VOuCzNCQpduXIUg4eynt9Nd2E99y9j/qDwCVEQywZblcA4Z+rmAYc7 bnz5pXOZrWvD7ONJUgsdetp51StoG5y3JeSt4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916284; x=1769521084; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=aZx7yBXF/ju0Fn5lRwTxnclJE7Rx/mNlSC2pY349Xqs=; b=oag25IgflL8lug85A2OrW3rEI8udCz/MygbHOwyrcmgt4GCoE/ui+kUxho0ARPOVpy HC6uBvWDDoQlv1BttmxraQnaxrTTr/tY/5vT6tlCZZG2XAYx8wAHmq4tI0YwU2S5w+9w eGHfmgNW9HuMHtCwNjw9NAZsoreaSd9sDWhwKvocV9cQTnI5TjFCSHe2N26vx8MP1p2Z MENRV7QcA3HsggsTC/X6hZyukrIsRtTyru3mT39HHZf7T4/7h1g3hv3cpoHGuYmpeTrp sQGyEViP6vA15qF+2ddGMAkYeIQvPScpsszgiUaEjngjO70eyMyxKghKcecqkmyxtJ3P uQow== X-Gm-Message-State: AOJu0YxgYEbYstx+YliIAghC9+wj/Mhia1rxO+hdPetoedu+r2hxzcp/ oz1TidOGeDV8fQed6ohVxoQZiq2L2Iso7N5dnl+450pAU61m5TrZy8v5YeP6dNSq7sXtpUO/FrO Pmge5 X-Gm-Gg: AY/fxX4fQ0wZV5w1dzrP+1gOvwdBpuuD1mV0Yu1VajIBgLsOdmXViHD2o60dc/TE0qG 1Pg7OAj48tSoRnaYS/5o71pgJia4UH72+3n3CtJm6hdW2GeVMaPXbtgrPEQbjob2zjRRBssnLg0 AJm4Cgq/uZXM6UJD2HYi6nEp3gAz3mtbCWGYJ+2/2uSWESUGaB3H3rLb6hRqc8X0e0vwLDKgMXc B4GjUsrL8PBkZai4FxgwC2MggiBIkwrAG4OSoFa4VEizOo4CK8CVL0MBFHGN689W/Eabeoh2MwM iPKDJeQgR2o3vEy+07WCgUYgZyUl1h2PUozrPGw7/PoiBTTgZncfGzjh1OIZrwbBAb4PqmVP2EV NMDjd7CNlC3mUaymZwvAj9L9nXTQcyeogHOauQpo+pZJ90YkGKEvi8TqK4dwPgftuJLzR1uVOUr 7aBrR7FoZh5T+Cij91VxZ53mt/A9ohKX9jyKm3DB3B5T63lpmNfn5pMDU/uKT72fY/Rg9NIBMcQ T0xw6rgYgjgGnZEFam4nQ== X-Received: by 2002:a05:600c:638f:b0:479:1348:c63e with SMTP id 5b1f17b1804b1-480418f1128mr1015245e9.9.1768916283869; Tue, 20 Jan 2026 05:38:03 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:03 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/26] util-linux: patch CVE-2025-14104 Date: Tue, 20 Jan 2026 14:37:23 +0100 Message-ID: <6f04c21099444553894ad2b50068b7b4bb056b03.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229707 From: Peter Marko Pick patches per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-14104 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-core/util-linux/util-linux.inc | 2 ++ .../util-linux/CVE-2025-14104-01.patch | 33 +++++++++++++++++++ .../util-linux/CVE-2025-14104-02.patch | 28 ++++++++++++++++ 3 files changed, 63 insertions(+) create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc index c62c6d70c3..a8b505a122 100644 --- a/meta/recipes-core/util-linux/util-linux.inc +++ b/meta/recipes-core/util-linux/util-linux.inc @@ -42,6 +42,8 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin file://CVE-2024-28085-0004.patch \ file://CVE-2024-28085-0005.patch \ file://fstab-isolation.patch \ + file://CVE-2025-14104-01.patch \ + file://CVE-2025-14104-02.patch \ " SRC_URI[sha256sum] = "634e6916ad913366c3536b6468e7844769549b99a7b2bf80314de78ab5655b83" diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch new file mode 100644 index 0000000000..23677345c9 --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-01.patch @@ -0,0 +1,33 @@ +From aaa9e718c88d6916b003da7ebcfe38a3c88df8e6 Mon Sep 17 00:00:00 2001 +From: Mohamed Maatallah +Date: Sat, 24 May 2025 03:16:09 +0100 +Subject: [PATCH] Update setpwnam.c + +CVE: CVE-2025-14104 +Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/aaa9e718c88d6916b003da7ebcfe38a3c88df8e6] +Signed-off-by: Peter Marko +--- + login-utils/setpwnam.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c +index 3e3c1abde..95e470b5a 100644 +--- a/login-utils/setpwnam.c ++++ b/login-utils/setpwnam.c +@@ -126,10 +126,12 @@ int setpwnam(struct passwd *pwd, const char *prefix) + } + + /* Is this the username we were sent to change? */ +- if (!found && linebuf[namelen] == ':' && +- !strncmp(linebuf, pwd->pw_name, namelen)) { +- /* Yes! So go forth in the name of the Lord and +- * change it! */ ++ if (!found && ++ strncmp(linebuf, pwd->pw_name, namelen) == 0 && ++ strlen(linebuf) > namelen && ++ linebuf[namelen] == ':') { ++ /* Yes! But this time let’s not walk past the end of the buffer ++ * in the name of the Lord, SUID, or anything else. */ + if (putpwent(pwd, fp) < 0) + goto fail; + found = 1; diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch new file mode 100644 index 0000000000..9d21db2743 --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2025-14104-02.patch @@ -0,0 +1,28 @@ +From 9a36d77012c4c771f8d51eba46b6e62c29bf572a Mon Sep 17 00:00:00 2001 +From: Mohamed Maatallah +Date: Mon, 26 May 2025 10:06:02 +0100 +Subject: [PATCH] Update bufflen + +Update buflen + +CVE: CVE-2025-14104 +Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/9a36d77012c4c771f8d51eba46b6e62c29bf572a] +Signed-off-by: Peter Marko +--- + login-utils/setpwnam.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/login-utils/setpwnam.c b/login-utils/setpwnam.c +index 95e470b5a..7778e98f7 100644 +--- a/login-utils/setpwnam.c ++++ b/login-utils/setpwnam.c +@@ -99,7 +99,8 @@ int setpwnam(struct passwd *pwd, const char *prefix) + goto fail; + + namelen = strlen(pwd->pw_name); +- ++ if (namelen > buflen) ++ buflen += namelen; + linebuf = malloc(buflen); + if (!linebuf) + goto fail; From patchwork Tue Jan 20 13:37:24 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79198 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66FA0D2ED1E for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6476.1768916286577835040 for ; Tue, 20 Jan 2026 05:38:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=s83eexXc; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-4801d7c72a5so28343105e9.0 for ; Tue, 20 Jan 2026 05:38:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916285; x=1769521085; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Z8JYF2cyHUfWDJey2loykvzrNeiUKjbtVyGlK5PJGUQ=; b=s83eexXctnurW9+wz5PvFru4eZBi2TWhIrzRsYTR44DQ6BN1WmaoeMmxvEaB5t/ge+ GYXHI85QPKvehR8ABb6JXOpTijDdrAcApXnN67/1leouZk/jl5VHlKtU6iApXB0RIs2M ouNLzfH0S0J+EgFayCfPuXhhKGj8boCjBdLw0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916285; x=1769521085; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Z8JYF2cyHUfWDJey2loykvzrNeiUKjbtVyGlK5PJGUQ=; b=Xwx7kf1O9NSU4OWjth2tqgiPPkb/sX4W7RRtf/jh+EBmJUMAGrggYLMGNDsDiCL2Zi 43pJB8po7aKH8PkPrm78BguHrVY2ToKnluku2h0RsVjBIfSUeNdM7qbbJkJoO+Dk3/49 gIB9wOAtvqNGdfvF/wxg/uib1obIk2sUUrt+pxwzr4xaZLcFd4/jNHSmxtLTkTIc8Guq q5XgNXWQQUl24EolIlbhgDZ5SaJt4jOkWVh1cyoa9tEw1LM/gEY6VUyd5SA/s/Ex6crE +bXPYDUQN4gKneYLK6OenyYpTRFOcDBDPv55mV9EQORZ+BMnzW8Nxm2clJnNidUwqhrG gbVA== X-Gm-Message-State: AOJu0YybwoYm4Dt3kgdOBUXadLrOZU9ei62DYrkKnmI8Bh/4Ene4YwVn T3RjJIf6njsk4QSsUVn3FalTpUyCnu5+eegSJeYcn5BtiSP//hFbYSeUrMmdcXIU5MSSi+6y+fN ahc9O X-Gm-Gg: AY/fxX7Z8qyMFA9g9+2AxAtzi+goMety90Awi4WhItgfkL6EiR/wIA/zsf9c6AaWRnK AVpUkwwEJ9NhH/VJISK7uMNYGG8SgosQfD94RAmOrCA5Y67LhMhfE8zSusH0nxmig6MzCAm6Yon STSXpkFirfqZiDG4UxVNsw04U+Twn0+ICWOgYNvTcHfaKp5+syvBCDBADsQ6JmZR7VCZnc1YzsY 8IOxnyeFfJCQe96+qIXxfFMG8mAwVdobR2HLq0sLBgHW1YpCirYbyPYWb3gy5uIkowowNm+BIDO TrZjqCrWEmStoQuNXIlgXZ23RWKNDT5pw+yacd3XKzloPoUkog3BFI979P5nTWigzSfcACz5xuo kt7rItfKCVaA1/Gzmo7zXh5Lc4vQJ5/mSZWH3SmpaO0yqc3N+4Z1idTGdPQUJ69+DhEL36ZbZXW u5iBt0FWPH8jN8ZonMqVg0U6TpPmy8/MKcsbsbkgimH2vZppn6fh/zow4A4xpZ6Rao4oLilL5o8 KR9VjqkY7AR2grp/Fk22g== X-Received: by 2002:a05:600c:3b84:b0:47e:e575:a33e with SMTP id 5b1f17b1804b1-4801eb14eb8mr179416945e9.33.1768916284451; Tue, 20 Jan 2026 05:38:04 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:04 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/26] glib-2.0: patch CVE-2025-13601 Date: Tue, 20 Jan 2026 14:37:24 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229708 From: Peter Marko Pick commits from [1] per [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4914 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-13601 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../glib-2.0/glib-2.0/CVE-2025-13601-01.patch | 125 +++++++++++++++++ .../glib-2.0/glib-2.0/CVE-2025-13601-02.patch | 128 ++++++++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 2 + 3 files changed, 255 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch new file mode 100644 index 0000000000..7046d2405e --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-01.patch @@ -0,0 +1,125 @@ +From f28340ee62c655487972ad3c632d231ee098fb7f Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 13 Nov 2025 18:27:22 +0000 +Subject: [PATCH] gconvert: Error out if g_escape_uri_string() would overflow + +If the string to escape contains a very large number of unacceptable +characters (which would need escaping), the calculation of the length of +the escaped string could overflow, leading to a potential write off the +end of the newly allocated string. + +In addition to that, the number of unacceptable characters was counted +in a signed integer, which would overflow to become negative, making it +easier for an attacker to craft an input string which would cause an +out-of-bounds write. + +Fix that by validating the allocation length, and using an unsigned +integer to count the number of unacceptable characters. + +Spotted by treeplus. Thanks to the Sovereign Tech Resilience programme +from the Sovereign Tech Agency. ID: #YWH-PGM9867-134 + +Signed-off-by: Philip Withnall + +Fixes: #3827 + +CVE: CVE-2025-13601 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/f28340ee62c655487972ad3c632d231ee098fb7f] +Signed-off-by: Peter Marko +--- + glib/gconvert.c | 36 +++++++++++++++++++++++++----------- + 1 file changed, 25 insertions(+), 11 deletions(-) + +diff --git a/glib/gconvert.c b/glib/gconvert.c +index b066dd5a8..a02d2ea73 100644 +--- a/glib/gconvert.c ++++ b/glib/gconvert.c +@@ -1425,8 +1425,9 @@ static const gchar hex[] = "0123456789ABCDEF"; + /* Note: This escape function works on file: URIs, but if you want to + * escape something else, please read RFC-2396 */ + static gchar * +-g_escape_uri_string (const gchar *string, +- UnsafeCharacterSet mask) ++g_escape_uri_string (const gchar *string, ++ UnsafeCharacterSet mask, ++ GError **error) + { + #define ACCEPTABLE(a) ((a)>=32 && (a)<128 && (acceptable[(a)-32] & use_mask)) + +@@ -1434,7 +1435,7 @@ g_escape_uri_string (const gchar *string, + gchar *q; + gchar *result; + int c; +- gint unacceptable; ++ size_t unacceptable; + UnsafeCharacterSet use_mask; + + g_return_val_if_fail (mask == UNSAFE_ALL +@@ -1451,7 +1452,14 @@ g_escape_uri_string (const gchar *string, + if (!ACCEPTABLE (c)) + unacceptable++; + } +- ++ ++ if (unacceptable >= (G_MAXSIZE - (p - string)) / 2) ++ { ++ g_set_error_literal (error, G_CONVERT_ERROR, G_CONVERT_ERROR_BAD_URI, ++ _("The URI is too long")); ++ return NULL; ++ } ++ + result = g_malloc (p - string + unacceptable * 2 + 1); + + use_mask = mask; +@@ -1476,12 +1484,13 @@ g_escape_uri_string (const gchar *string, + + + static gchar * +-g_escape_file_uri (const gchar *hostname, +- const gchar *pathname) ++g_escape_file_uri (const gchar *hostname, ++ const gchar *pathname, ++ GError **error) + { + char *escaped_hostname = NULL; +- char *escaped_path; +- char *res; ++ char *escaped_path = NULL; ++ char *res = NULL; + + #ifdef G_OS_WIN32 + char *p, *backslash; +@@ -1502,10 +1511,14 @@ g_escape_file_uri (const gchar *hostname, + + if (hostname && *hostname != '\0') + { +- escaped_hostname = g_escape_uri_string (hostname, UNSAFE_HOST); ++ escaped_hostname = g_escape_uri_string (hostname, UNSAFE_HOST, error); ++ if (escaped_hostname == NULL) ++ goto out; + } + +- escaped_path = g_escape_uri_string (pathname, UNSAFE_PATH); ++ escaped_path = g_escape_uri_string (pathname, UNSAFE_PATH, error); ++ if (escaped_path == NULL) ++ goto out; + + res = g_strconcat ("file://", + (escaped_hostname) ? escaped_hostname : "", +@@ -1513,6 +1526,7 @@ g_escape_file_uri (const gchar *hostname, + escaped_path, + NULL); + ++out: + #ifdef G_OS_WIN32 + g_free ((char *) pathname); + #endif +@@ -1832,7 +1846,7 @@ g_filename_to_uri (const gchar *filename, + hostname = NULL; + #endif + +- escaped_uri = g_escape_file_uri (hostname, filename); ++ escaped_uri = g_escape_file_uri (hostname, filename, error); + + return escaped_uri; + } diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch new file mode 100644 index 0000000000..4be8d0d947 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-13601-02.patch @@ -0,0 +1,128 @@ +From 7bd3fc372040cdf8eada7f65c32c30da52a7461d Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 13 Nov 2025 18:31:43 +0000 +Subject: [PATCH] fuzzing: Add fuzz tests for g_filename_{to,from}_uri() + +These functions could be called on untrusted input data, and since they +do URI escaping/unescaping, they have non-trivial string handling code. + +Signed-off-by: Philip Withnall + +See: #3827 + +CVE: CVE-2025-13601 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/7bd3fc372040cdf8eada7f65c32c30da52a7461d] +Signed-off-by: Peter Marko +--- + fuzzing/fuzz_filename_from_uri.c | 40 ++++++++++++++++++++++++++++++++ + fuzzing/fuzz_filename_to_uri.c | 40 ++++++++++++++++++++++++++++++++ + fuzzing/meson.build | 2 ++ + 3 files changed, 82 insertions(+) + create mode 100644 fuzzing/fuzz_filename_from_uri.c + create mode 100644 fuzzing/fuzz_filename_to_uri.c + +diff --git a/fuzzing/fuzz_filename_from_uri.c b/fuzzing/fuzz_filename_from_uri.c +new file mode 100644 +index 000000000..9b7a715f0 +--- /dev/null ++++ b/fuzzing/fuzz_filename_from_uri.c +@@ -0,0 +1,40 @@ ++/* ++ * Copyright 2025 GNOME Foundation, Inc. ++ * ++ * SPDX-License-Identifier: LGPL-2.1-or-later ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, see . ++ */ ++ ++#include "fuzz.h" ++ ++int ++LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) ++{ ++ unsigned char *nul_terminated_data = NULL; ++ char *filename = NULL; ++ GError *local_error = NULL; ++ ++ fuzz_set_logging_func (); ++ ++ /* ignore @size (g_filename_from_uri() doesn’t support it); ensure @data is nul-terminated */ ++ nul_terminated_data = (unsigned char *) g_strndup ((const char *) data, size); ++ filename = g_filename_from_uri ((const char *) nul_terminated_data, NULL, &local_error); ++ g_free (nul_terminated_data); ++ ++ g_free (filename); ++ g_clear_error (&local_error); ++ ++ return 0; ++} +diff --git a/fuzzing/fuzz_filename_to_uri.c b/fuzzing/fuzz_filename_to_uri.c +new file mode 100644 +index 000000000..acb319203 +--- /dev/null ++++ b/fuzzing/fuzz_filename_to_uri.c +@@ -0,0 +1,40 @@ ++/* ++ * Copyright 2025 GNOME Foundation, Inc. ++ * ++ * SPDX-License-Identifier: LGPL-2.1-or-later ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, see . ++ */ ++ ++#include "fuzz.h" ++ ++int ++LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) ++{ ++ unsigned char *nul_terminated_data = NULL; ++ char *uri = NULL; ++ GError *local_error = NULL; ++ ++ fuzz_set_logging_func (); ++ ++ /* ignore @size (g_filename_to_uri() doesn’t support it); ensure @data is nul-terminated */ ++ nul_terminated_data = (unsigned char *) g_strndup ((const char *) data, size); ++ uri = g_filename_to_uri ((const char *) nul_terminated_data, NULL, &local_error); ++ g_free (nul_terminated_data); ++ ++ g_free (uri); ++ g_clear_error (&local_error); ++ ++ return 0; ++} +diff --git a/fuzzing/meson.build b/fuzzing/meson.build +index addbe9071..05f936eeb 100644 +--- a/fuzzing/meson.build ++++ b/fuzzing/meson.build +@@ -4,6 +4,8 @@ fuzz_targets = [ + 'fuzz_date_parse', + 'fuzz_date_time_new_from_iso8601', + 'fuzz_dbus_message', ++ 'fuzz_filename_from_uri', ++ 'fuzz_filename_to_uri', + 'fuzz_inet_address_mask_new_from_string', + 'fuzz_inet_address_new_from_string', + 'fuzz_inet_socket_address_new_from_string', diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index 7ba52b5c79..1c4c21614a 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb @@ -64,6 +64,8 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2025-4373-02.patch \ file://CVE-2025-7039-01.patch \ file://CVE-2025-7039-02.patch \ + file://CVE-2025-13601-01.patch \ + file://CVE-2025-13601-02.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch" From patchwork Tue Jan 20 13:37:25 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79199 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7106DC9830C for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6466.1768916287400707389 for ; Tue, 20 Jan 2026 05:38:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=HooRoeVI; spf=pass (domain: smile.fr, ip: 209.85.221.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f54.google.com with SMTP id ffacd0b85a97d-42fb03c3cf2so3713702f8f.1 for ; Tue, 20 Jan 2026 05:38:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916285; x=1769521085; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=bxhpCNFrRzXpV0FHEcGKfqBUrkCV6U0qI63mBASk2Ro=; b=HooRoeVIaeoXUPRc3LB8nrSIW38CTpSs3kNgesDFANgf2tbTMr6uqDHUv7OcZlUPhj mU32ptNq2QzdqU12lMyh/btHiBxQBMVSaVsLcpF00B+k7DYjt98r/ihNu+9GkBcVhv+K ZD0gWchIqycYhNG/THcmoqh+ODMJ4jgcYgGso= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916285; x=1769521085; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=bxhpCNFrRzXpV0FHEcGKfqBUrkCV6U0qI63mBASk2Ro=; b=VmWpOJPU5gtUnTu70Q2rASH1SGFLx/k9b+XRmeHZyQnZZdnP4yqqkUQosIV9Mbr3yH bm1j7p+/7PNEF8RLRya2oZmzjH253B3qeVJzMJjDiM1lQAr41aMmTuF3WuAtL/dR5W9F MrBVpx3Yq+xVf1jiQ6TOlUQbne34Ikr4b22VVAr4hdSfgLlufUwXArDxPXtZuQNGxgVM wwfKafxD5vz39vZ9HzTTXG9m6800xWgY1WrGk2/gt7wVUkssA8NI79CfTtBZyeItxj09 /DXG4FCNJyehTt+QatSa5CX3qG+H02eZoxXE9iS9dLaUwU5uyW35AJRWMSKIOgnyqHzt UC9g== X-Gm-Message-State: AOJu0YwhxCe0iJfr/oiG8YZ3urgq0E+8NhunYRuiNGN0ZlPwAO1eWdPG MvMFJbngh8qBbpCjPUKO0rGm3DjGBgZrT94lJOuPXtHbdH/D1GvAVu9z3fW67dwdbw9Lcg33VIR YwmGN X-Gm-Gg: AY/fxX79HHBI2hfB3EekDY0Uk89UgaqzbNdDHjmDAv5b5Pz0S/0fjWHEB8Hl328mS5t Gzuo1B0wenzxdLSgGpfHP+Cx/nN5D3ebWvij4kFuYBtyc95bAeL2K6jt/G6YoPDGP1C7tdewMRx BgioqHKs/jsXH59Su20zxbG0kBnqra7b28+oYpFx9F4xQCunJdhitBACzJsM8XqPhranjFhf6Xg Ags+1NYRYfRdMPMGbsZiceYn6NC7yX6UBo06qSfrEZkC3A9Iwy3a/m6R4zuTWPz0B5CEDUMVnbk Ci+5nzkdCJD35dzIgvulSOvc9HB8NrECMmNtWWLERzWx1y9p1wZQwkLJHdN7KKQJOkrg7VZ6ZwZ 4NFBNU06eurGe+sAYXbtTqWqrWItiO2b2AYvGuW4hc+sb1JDqOEy1umY+zPEzwq7z9dMT+QIGCd lTLnaCD8x1cGOD15JaHiJWt3KcrOMFFa0FQH05K2cDrZmbaeY3+RFv/iZMegEYaU6m4dqZsJ+Dz pNy0gcsqA4im3MwpTbneBFz78xKUJzX X-Received: by 2002:a05:600c:45d1:b0:477:7ae0:cd6e with SMTP id 5b1f17b1804b1-4801eab5602mr178036165e9.5.1768916285013; Tue, 20 Jan 2026 05:38:05 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:04 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/26] glib-2.0: patch CVE-2025-14087 Date: Tue, 20 Jan 2026 14:37:25 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229709 From: Peter Marko Pick commits from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4933 [2] https://gitlab.gnome.org/GNOME/glib/-/issues/3834 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../glib-2.0/glib-2.0/CVE-2025-14087-01.patch | 69 +++++ .../glib-2.0/glib-2.0/CVE-2025-14087-02.patch | 240 ++++++++++++++++++ .../glib-2.0/glib-2.0/CVE-2025-14087-03.patch | 150 +++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 3 + 4 files changed, 462 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch new file mode 100644 index 0000000000..ec7b1fecaa --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-01.patch @@ -0,0 +1,69 @@ +From 31f82e22e21bae520b7228f7f57d357fb20df8a4 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Tue, 25 Nov 2025 19:02:56 +0000 +Subject: [PATCH] gvariant-parser: Fix potential integer overflow parsing + (byte)strings + +The termination condition for parsing string and bytestring literals in +GVariant text format input was subject to an integer overflow for input +string (or bytestring) literals longer than `INT_MAX`. + +Fix that by counting as a `size_t` rather than as an `int`. The counter +can never correctly be negative. + +Spotted by treeplus. Thanks to the Sovereign Tech Resilience programme +from the Sovereign Tech Agency. ID: #YWH-PGM9867-145 + +Signed-off-by: Philip Withnall +Fixes: #3834 + +CVE: CVE-2025-14087 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/31f82e22e21bae520b7228f7f57d357fb20df8a4] +Signed-off-by: Peter Marko +--- + glib/gvariant-parser.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c +index 2f1d3db9f..2d6e9856f 100644 +--- a/glib/gvariant-parser.c ++++ b/glib/gvariant-parser.c +@@ -594,7 +594,7 @@ ast_resolve (AST *ast, + { + GVariant *value; + gchar *pattern; +- gint i, j = 0; ++ size_t i, j = 0; + + pattern = ast_get_pattern (ast, error); + +@@ -1555,9 +1555,9 @@ string_free (AST *ast) + * No leading/trailing space allowed. */ + static gboolean + unicode_unescape (const gchar *src, +- gint *src_ofs, ++ size_t *src_ofs, + gchar *dest, +- gint *dest_ofs, ++ size_t *dest_ofs, + gsize length, + SourceRef *ref, + GError **error) +@@ -1618,7 +1618,7 @@ string_parse (TokenStream *stream, + gsize length; + gchar quote; + gchar *str; +- gint i, j; ++ size_t i, j; + + token_stream_start_ref (stream, &ref); + token = token_stream_get (stream); +@@ -1748,7 +1748,7 @@ bytestring_parse (TokenStream *stream, + gsize length; + gchar quote; + gchar *str; +- gint i, j; ++ size_t i, j; + + token_stream_start_ref (stream, &ref); + token = token_stream_get (stream); diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch new file mode 100644 index 0000000000..595f9c1b93 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-02.patch @@ -0,0 +1,240 @@ +From ac9de0871281cf734f6e269988f90a2521582a08 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Tue, 25 Nov 2025 19:19:16 +0000 +Subject: [PATCH] gvariant-parser: Use size_t to count numbers of child + elements +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Rather than using `gint`, which could overflow for arrays (or dicts, or +tuples) longer than `INT_MAX`. There may be other limits which prevent +parsed containers becoming that long, but we might as well make the type +system reflect the programmer’s intention as best it can anyway. + +For arrays and tuples this is straightforward. For dictionaries, it’s +slightly complicated by the fact that the code used +`dict->n_children == -1` to indicate that the `Dictionary` struct in +question actually represented a single freestanding dict entry. In +GVariant text format, that would be `{1, "one"}`. + +The implementation previously didn’t define the semantics of +`dict->n_children < -1`. + +Now, instead, change `Dictionary.n_children` to `size_t`, and define a +magic value `DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY` to indicate that +the `Dictionary` represents a single freestanding dict entry. + +This magic value is `SIZE_MAX`, and given that a dictionary entry takes +more than one byte to represent in GVariant text format, that means it’s +not possible to have that many entries in a parsed dictionary, so this +magic value won’t be hit by a normal dictionary. An assertion checks +this anyway. + +Spotted while working on #3834. + +Signed-off-by: Philip Withnall + +CVE: CVE-2025-14087 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/ac9de0871281cf734f6e269988f90a2521582a08] +Signed-off-by: Peter Marko +--- + glib/gvariant-parser.c | 58 ++++++++++++++++++++++++------------------ + 1 file changed, 33 insertions(+), 25 deletions(-) + +diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c +index 2d6e9856f..519baa3f3 100644 +--- a/glib/gvariant-parser.c ++++ b/glib/gvariant-parser.c +@@ -647,9 +647,9 @@ static AST *parse (TokenStream *stream, + GError **error); + + static void +-ast_array_append (AST ***array, +- gint *n_items, +- AST *ast) ++ast_array_append (AST ***array, ++ size_t *n_items, ++ AST *ast) + { + if ((*n_items & (*n_items - 1)) == 0) + *array = g_renew (AST *, *array, *n_items ? 2 ** n_items : 1); +@@ -658,10 +658,10 @@ ast_array_append (AST ***array, + } + + static void +-ast_array_free (AST **array, +- gint n_items) ++ast_array_free (AST **array, ++ size_t n_items) + { +- gint i; ++ size_t i; + + for (i = 0; i < n_items; i++) + ast_free (array[i]); +@@ -670,11 +670,11 @@ ast_array_free (AST **array, + + static gchar * + ast_array_get_pattern (AST **array, +- gint n_items, ++ size_t n_items, + GError **error) + { + gchar *pattern; +- gint i; ++ size_t i; + + /* Find the pattern which applies to all children in the array, by l-folding a + * coalesce operation. +@@ -706,7 +706,7 @@ ast_array_get_pattern (AST **array, + * pair of values. + */ + { +- int j = 0; ++ size_t j = 0; + + while (TRUE) + { +@@ -891,7 +891,7 @@ typedef struct + AST ast; + + AST **children; +- gint n_children; ++ size_t n_children; + } Array; + + static gchar * +@@ -924,7 +924,7 @@ array_get_value (AST *ast, + Array *array = (Array *) ast; + const GVariantType *childtype; + GVariantBuilder builder; +- gint i; ++ size_t i; + + if (!g_variant_type_is_array (type)) + return ast_type_error (ast, type, error); +@@ -1010,7 +1010,7 @@ typedef struct + AST ast; + + AST **children; +- gint n_children; ++ size_t n_children; + } Tuple; + + static gchar * +@@ -1020,7 +1020,7 @@ tuple_get_pattern (AST *ast, + Tuple *tuple = (Tuple *) ast; + gchar *result = NULL; + gchar **parts; +- gint i; ++ size_t i; + + parts = g_new (gchar *, tuple->n_children + 4); + parts[tuple->n_children + 1] = (gchar *) ")"; +@@ -1050,7 +1050,7 @@ tuple_get_value (AST *ast, + Tuple *tuple = (Tuple *) ast; + const GVariantType *childtype; + GVariantBuilder builder; +- gint i; ++ size_t i; + + if (!g_variant_type_is_tuple (type)) + return ast_type_error (ast, type, error); +@@ -1242,9 +1242,16 @@ typedef struct + + AST **keys; + AST **values; +- gint n_children; ++ ++ /* Iff this is DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY then this struct ++ * represents a single freestanding dict entry (`{1, "one"}`) rather than a ++ * full dict. In the freestanding case, @keys and @values have exactly one ++ * member each. */ ++ size_t n_children; + } Dictionary; + ++#define DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY ((size_t) -1) ++ + static gchar * + dictionary_get_pattern (AST *ast, + GError **error) +@@ -1259,7 +1266,7 @@ dictionary_get_pattern (AST *ast, + return g_strdup ("Ma{**}"); + + key_pattern = ast_array_get_pattern (dict->keys, +- abs (dict->n_children), ++ (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) ? 1 : dict->n_children, + error); + + if (key_pattern == NULL) +@@ -1290,7 +1297,7 @@ dictionary_get_pattern (AST *ast, + return NULL; + + result = g_strdup_printf ("M%s{%c%s}", +- dict->n_children > 0 ? "a" : "", ++ (dict->n_children > 0 && dict->n_children != DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) ? "a" : "", + key_char, value_pattern); + g_free (value_pattern); + +@@ -1304,7 +1311,7 @@ dictionary_get_value (AST *ast, + { + Dictionary *dict = (Dictionary *) ast; + +- if (dict->n_children == -1) ++ if (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) + { + const GVariantType *subtype; + GVariantBuilder builder; +@@ -1337,7 +1344,7 @@ dictionary_get_value (AST *ast, + { + const GVariantType *entry, *key, *val; + GVariantBuilder builder; +- gint i; ++ size_t i; + + if (!g_variant_type_is_subtype_of (type, G_VARIANT_TYPE_DICTIONARY)) + return ast_type_error (ast, type, error); +@@ -1378,12 +1385,12 @@ static void + dictionary_free (AST *ast) + { + Dictionary *dict = (Dictionary *) ast; +- gint n_children; ++ size_t n_children; + +- if (dict->n_children > -1) +- n_children = dict->n_children; +- else ++ if (dict->n_children == DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY) + n_children = 1; ++ else ++ n_children = dict->n_children; + + ast_array_free (dict->keys, n_children); + ast_array_free (dict->values, n_children); +@@ -1401,7 +1408,7 @@ dictionary_parse (TokenStream *stream, + maybe_wrapper, dictionary_get_value, + dictionary_free + }; +- gint n_keys, n_values; ++ size_t n_keys, n_values; + gboolean only_one; + Dictionary *dict; + AST *first; +@@ -1444,7 +1451,7 @@ dictionary_parse (TokenStream *stream, + goto error; + + g_assert (n_keys == 1 && n_values == 1); +- dict->n_children = -1; ++ dict->n_children = DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY; + + return (AST *) dict; + } +@@ -1477,6 +1484,7 @@ dictionary_parse (TokenStream *stream, + } + + g_assert (n_keys == n_values); ++ g_assert (n_keys != DICTIONARY_N_CHILDREN_FREESTANDING_ENTRY); + dict->n_children = n_keys; + + return (AST *) dict; diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch new file mode 100644 index 0000000000..4a474f39fc --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14087-03.patch @@ -0,0 +1,150 @@ +From acaabfedff42e974334dd5368e6103d2845aaba6 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Tue, 25 Nov 2025 19:25:58 +0000 +Subject: [PATCH] gvariant-parser: Convert error handling code to use size_t + +The error handling code allows for printing out the range of input bytes +related to a parsing error. This was previously done using `gint`, but +the input could be longer than `INT_MAX`, so it should really be done +using `size_t`. + +Spotted while working on #3834. + +Signed-off-by: Philip Withnall + +CVE: CVE-2025-14087 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/acaabfedff42e974334dd5368e6103d2845aaba6] +Signed-off-by: Peter Marko +--- + glib/gvariant-parser.c | 36 +++++++++++++++++++++++------------- + 1 file changed, 23 insertions(+), 13 deletions(-) + +diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c +index 519baa3f3..1b1ddd654 100644 +--- a/glib/gvariant-parser.c ++++ b/glib/gvariant-parser.c +@@ -88,7 +88,9 @@ g_variant_parser_get_error_quark (void) + + typedef struct + { +- gint start, end; ++ /* Offsets from the start of the input, in bytes. Can be equal when referring ++ * to a point rather than a range. The invariant `end >= start` always holds. */ ++ size_t start, end; + } SourceRef; + + G_GNUC_PRINTF(5, 0) +@@ -103,14 +105,16 @@ parser_set_error_va (GError **error, + GString *msg = g_string_new (NULL); + + if (location->start == location->end) +- g_string_append_printf (msg, "%d", location->start); ++ g_string_append_printf (msg, "%" G_GSIZE_FORMAT, location->start); + else +- g_string_append_printf (msg, "%d-%d", location->start, location->end); ++ g_string_append_printf (msg, "%" G_GSIZE_FORMAT "-%" G_GSIZE_FORMAT, ++ location->start, location->end); + + if (other != NULL) + { + g_assert (other->start != other->end); +- g_string_append_printf (msg, ",%d-%d", other->start, other->end); ++ g_string_append_printf (msg, ",%" G_GSIZE_FORMAT "-%" G_GSIZE_FORMAT, ++ other->start, other->end); + } + g_string_append_c (msg, ':'); + +@@ -137,11 +141,15 @@ parser_set_error (GError **error, + + typedef struct + { ++ /* We should always have the following ordering constraint: ++ * start <= this <= stream <= end ++ * Additionally, unless in an error or EOF state, `this < stream`. ++ */ + const gchar *start; + const gchar *stream; + const gchar *end; + +- const gchar *this; ++ const gchar *this; /* (nullable) */ + } TokenStream; + + +@@ -172,7 +180,7 @@ token_stream_set_error (TokenStream *stream, + static gboolean + token_stream_prepare (TokenStream *stream) + { +- gint brackets = 0; ++ gssize brackets = 0; + const gchar *end; + + if (stream->this != NULL) +@@ -402,7 +410,7 @@ static void + pattern_copy (gchar **out, + const gchar **in) + { +- gint brackets = 0; ++ gssize brackets = 0; + + while (**in == 'a' || **in == 'm' || **in == 'M') + *(*out)++ = *(*in)++; +@@ -2666,7 +2674,7 @@ g_variant_builder_add_parsed (GVariantBuilder *builder, + static gboolean + parse_num (const gchar *num, + const gchar *limit, +- guint *result) ++ size_t *result) + { + gchar *endptr; + gint64 bignum; +@@ -2676,10 +2684,12 @@ parse_num (const gchar *num, + if (endptr != limit) + return FALSE; + ++ /* The upper bound here is more restrictive than it technically needs to be, ++ * but should be enough for any practical situation: */ + if (bignum < 0 || bignum > G_MAXINT) + return FALSE; + +- *result = (guint) bignum; ++ *result = (size_t) bignum; + + return TRUE; + } +@@ -2690,7 +2700,7 @@ add_last_line (GString *err, + { + const gchar *last_nl; + gchar *chomped; +- gint i; ++ size_t i; + + /* This is an error at the end of input. If we have a file + * with newlines, that's probably the empty string after the +@@ -2835,7 +2845,7 @@ g_variant_parse_error_print_context (GError *error, + + if (dash == NULL || colon < dash) + { +- guint point; ++ size_t point; + + /* we have a single point */ + if (!parse_num (error->message, colon, &point)) +@@ -2853,7 +2863,7 @@ g_variant_parse_error_print_context (GError *error, + /* We have one or two ranges... */ + if (comma && comma < colon) + { +- guint start1, end1, start2, end2; ++ size_t start1, end1, start2, end2; + const gchar *dash2; + + /* Two ranges */ +@@ -2869,7 +2879,7 @@ g_variant_parse_error_print_context (GError *error, + } + else + { +- guint start, end; ++ size_t start, end; + + /* One range */ + if (!parse_num (error->message, dash, &start) || !parse_num (dash + 1, colon, &end)) diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index 1c4c21614a..c5704a27bc 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb @@ -66,6 +66,9 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2025-7039-02.patch \ file://CVE-2025-13601-01.patch \ file://CVE-2025-13601-02.patch \ + file://CVE-2025-14087-01.patch \ + file://CVE-2025-14087-02.patch \ + file://CVE-2025-14087-03.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch" From patchwork Tue Jan 20 13:37:26 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79197 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5706CD2ED1F for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6467.1768916287689894676 for ; Tue, 20 Jan 2026 05:38:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=A+cQMvfj; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-47ee0291921so36470395e9.3 for ; Tue, 20 Jan 2026 05:38:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916286; x=1769521086; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Cu9r7P8Z5D/iQtu6B9uXWBn7dzzRr+bx1pNyuBVpngk=; b=A+cQMvfjSdyqVjVgkDjHo6T+OogmJJyVctNkgAqRf6ybE6y2dlX6awBSFqbX2oEOxE sPXJonMQytP4RoobSa/6lqelRWubPKBh/oyXOrmJqNByZcrtXkRsXsdpdR8+uWt1zdXj qDtnjncF6JlKJVpbma7mndoKQzb2r3h9N37kA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916286; x=1769521086; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Cu9r7P8Z5D/iQtu6B9uXWBn7dzzRr+bx1pNyuBVpngk=; b=i3PLe3yDc9CcjF9Ntzp/6VVllvUcNacuG+0s9d6Pfydt1s17Hn0XVSXD0ZNSzZwPq5 ezUrZy8PltGfmDdEhw2qJtJHlyuLTr5X8ExSsvlpkrzzAP94WEGC6HkaNRk6XRfPACVY 4zcpYSbfyByZ0SoClqRUhtQjRzz+D0EwItLzeZ5vjhWf9LBGTy7pTszy8g9ugT5qfIda nu+oCvGzbGy5PN8GSJiMzMF4D4zJs3rYsv3FcnkBJ2FgtyTichGGrkRtH4LC+NE/5nGb p8XWsyS7dFkOLa7nITF0hdC/k2tQmInFlXlhL9IbMu4V4RxPKMZYpHPeFb0iAZBW8chj Nu0w== X-Gm-Message-State: AOJu0Yy5hDY/ljl865aihuxplGu6KSNpSV8OAVoEwuEZ4k+qXqpAtwKS mr1gt5M7mtEXWN+oJLS8ODV7bd/xxzqZfLhJKM2l0khafoao6nySue/FPl70uLS2vjXAPTLHwBN tmlY0 X-Gm-Gg: AY/fxX5uUS0GVLLYmAnDaRam37YYVs8ScO+9VB2atxfgTNaWOpSv4cY9oibOfIj5DsP NQ4gXnpQTKsYkAuU779xGSrX8SufQPTlHoP+qs+Gf3aRSx6gbGWNOVVsnS1ni1kUM+ecjytGAUy KTOrmB8QSR/I5sxM/Ck9clie4vyT3eLwjL6TE+8EsyPBAcRnnk6GGA2b9zXu/ezAOlV92e+FErZ YakTfnI6l6Oxa/rOaVoI0TsCoVm1XtwRmmMxRlVvWaVvkJGL6Eqv7e3MgK9RmSWFvSOSfzVn/O3 S6hIFf8MH0OqLF3o6CGkai+bWwTFV/LmR4TB+V8FmOcBAXRYNaLFtIvVRlDtzpxSQlZoqKhUTOi aqQON4mGZOnLQWMqkrTYEDmcgtBbr0B9C+Plvy5kgGwWg7GjI0O8WPaIIYH9f8fMVw7aav4AXO5 0LYeoic4HL55GHabCYYf8faJPFX39AAfc+H6ylXh9caQTc2j/2mFKex0gPX0EAF9MxOyvfPxMfY 6BcPGgujD6T81tVSokoFw== X-Received: by 2002:a05:600c:46ce:b0:477:7b16:5f9f with SMTP id 5b1f17b1804b1-4801eb0efe0mr202186175e9.31.1768916285619; Tue, 20 Jan 2026 05:38:05 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:05 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/26] glib-2.0: patch CVE-2025-14512 Date: Tue, 20 Jan 2026 14:37:26 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229710 From: Peter Marko Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4935 [2] https://gitlab.gnome.org/GNOME/glib/-/issues/3845 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../glib-2.0/glib-2.0/CVE-2025-14512.patch | 70 +++++++++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb | 1 + 2 files changed, 71 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch new file mode 100644 index 0000000000..fd3ba765b1 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-14512.patch @@ -0,0 +1,70 @@ +From 1909d8ea9297287f1ff6862968608dcf06e60523 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 4 Dec 2025 16:37:19 +0000 +Subject: [PATCH] gfileattribute: Fix integer overflow calculating escaping for + byte strings + +The number of invalid characters in the byte string (characters which +would have to be percent-encoded) was only stored in an `int`, which +gave the possibility of a long string largely full of invalid +characters overflowing this and allowing an attacker-controlled buffer +size to be allocated. + +This could be triggered by an attacker controlled file attribute (of +type `G_FILE_ATTRIBUTE_TYPE_BYTE_STRING`), such as +`G_FILE_ATTRIBUTE_THUMBNAIL_PATH` or `G_FILE_ATTRIBUTE_STANDARD_NAME`, +being read by user code. + +Spotted by Codean Labs. + +Signed-off-by: Philip Withnall + +Fixes: #3845 + +CVE: CVE-2025-14512 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/1909d8ea9297287f1ff6862968608dcf06e60523] +Signed-off-by: Peter Marko +--- + gio/gfileattribute.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/gio/gfileattribute.c b/gio/gfileattribute.c +index c6fde60fa..d3083e5bd 100644 +--- a/gio/gfileattribute.c ++++ b/gio/gfileattribute.c +@@ -20,6 +20,7 @@ + + #include "config.h" + ++#include + #include + + #include "gfileattribute.h" +@@ -271,11 +272,12 @@ valid_char (char c) + return c >= 32 && c <= 126 && c != '\\'; + } + ++/* Returns NULL on error */ + static char * + escape_byte_string (const char *str) + { + size_t i, len; +- int num_invalid; ++ size_t num_invalid; + char *escaped_val, *p; + unsigned char c; + const char hex_digits[] = "0123456789abcdef"; +@@ -293,7 +295,12 @@ escape_byte_string (const char *str) + return g_strdup (str); + else + { +- escaped_val = g_malloc (len + num_invalid*3 + 1); ++ /* Check for overflow. We want to check the inequality: ++ * !(len + num_invalid * 3 + 1 > SIZE_MAX) */ ++ if (num_invalid >= (SIZE_MAX - len) / 3) ++ return NULL; ++ ++ escaped_val = g_malloc (len + num_invalid * 3 + 1); + + p = escaped_val; + for (i = 0; i < len; i++) diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb index c5704a27bc..50701be3d0 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.72.3.bb @@ -69,6 +69,7 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://CVE-2025-14087-01.patch \ file://CVE-2025-14087-02.patch \ file://CVE-2025-14087-03.patch \ + file://CVE-2025-14512.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch" From patchwork Tue Jan 20 13:37:27 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79194 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BB4CD2ED1A for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6468.1768916288125079137 for ; Tue, 20 Jan 2026 05:38:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=pQFxp131; spf=pass (domain: smile.fr, ip: 209.85.128.50, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-47d59da3d81so31164885e9.0 for ; Tue, 20 Jan 2026 05:38:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916286; x=1769521086; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=JJaTVEqykozFwQpgD40GAymuXfXm/85A8TqkFdWDSmo=; b=pQFxp1315HykVc+26JfMHCa9cO5m/3LizWB4V0ANRjQs7v7o99NyFpNbdAlXsdqg01 8wF2sL8icagzMwuy3C7m25bP1UdLYq7bX259zVtTRETMYcH+l5aS/cZTTzpz5pNEKWWK jHElNZBgsQ9u13f08wylxT/Jc29JoxL78gM7E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916286; x=1769521086; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=JJaTVEqykozFwQpgD40GAymuXfXm/85A8TqkFdWDSmo=; b=LZc/IBWFeDC9facoYiVRG6mCmZzx0Z8vG8IsYtJJA4VZ7jL9R8T9PXQZI7wuAWOiOY glZRGR2x9PI4rjn97E+GV2yP34pKWzj5ol4pQXAXCEva7/ANQAvBMLP/bH0PxGmAqKBp CqRNoDZxQHqGYoB1movlbwpUVkpbjEF1h+vG4JfaHyPa5A/CMkLJhxK/g2E0XK06vW/S Zm+vjhFg68ebdLFVSzSbPhVk39wROje9B3OgDcSDo1T+52bocRQbu6l3A56KudhE2LGA DIJvdkVUoW5lG4OdhmxS65wWzS4jkoNDgma7E9hFeDGJEfRxuOAhz8620/bIPTAdHZ7M kfuA== X-Gm-Message-State: AOJu0YyG7UfaXeUOBfEf7p00HBa8olgDHneFf8k1I1scaJ2R3NskyBRS kHIa9IXgIble+w9bu78zayGdXMocjs5gOO5wkvD6IaJYuQBsqoiScJxjm3gLF+IHCzHEQTqilZP S/ER2 X-Gm-Gg: AY/fxX668oiDNccuMe9LWxVgeqV7vLerCrT2fCBn7JWs3fvUg0dQXFh+O06w1095wNC T8cdXuhFvLHOUzpQF6ytsbnf8nMRTncw9M57BxU0MWIR0rps/G1HfAaLC13CVZiHo9wWX8a8zm5 16mwYKIG3jHkzFq3BQTKuL2Gspj7UVVMER1HscqjpqNFW1vSxGgvuF4lh/5qPgf7roBRjF/+ajc MuCVjSrBwP/+H0ePbQNrddYEXxAbbuq7fR8QCFDbZtvObRdaV1ufswVJ6HzVKYXN9pCV3eo2386 R8n47Wytc2RbvJFpqzQlsh63pPdlgA112tAVd+POWNgyn0gUl0Uxl+UrgTK4nomMawj6ignLeIq q0ahldmELkZlVelpJe8LemvarbSqldYi72Opc3AK9vA3ZnJ19NDJvzJbMPFo51iwxBRPewjMS71 keW7f97MeB8jg1VH9gi79jP04vf3MUOgTTC9n2njJ5xZxJUzpf01BMUvtX9NH/adQWxfKObzSPh pyAnicwVCx855vcWuzRyA== X-Received: by 2002:a05:600c:1c24:b0:47e:e2b8:66e6 with SMTP id 5b1f17b1804b1-4802590e305mr190785785e9.14.1768916286285; Tue, 20 Jan 2026 05:38:06 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:05 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/26] qemu: ignore CVE-2025-54566 and CVE-2025-54567 Date: Tue, 20 Jan 2026 14:37:27 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229711 From: Peter Marko These CVEs are not applicable to version 6.2.x as the vulnerable code was introduced inly in 10.0.0. Debian made the analysis, reuse their work. * https://security-tracker.debian.org/tracker/CVE-2025-54566 * https://security-tracker.debian.org/tracker/CVE-2025-54567 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-devtools/qemu/qemu.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 2866cbe7ec..764f0e110a 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -169,6 +169,9 @@ CVE_CHECK_IGNORE += "CVE-2023-1386" # virtio-snd was implemented in 8.2.0, so version 6.2.0 is not yet affected CVE_CHECK_IGNORE += "CVE-2024-7730" +# These issues were introduced in v10.0.0-rc0 +CVE_CHECK_IGNORE += "CVE-2025-54566 CVE-2025-54567" + COMPATIBLE_HOST:mipsarchn32 = "null" COMPATIBLE_HOST:mipsarchn64 = "null" COMPATIBLE_HOST:riscv32 = "null" From patchwork Tue Jan 20 13:37:28 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79201 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A54BD2ED1B for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6469.1768916289582528827 for ; Tue, 20 Jan 2026 05:38:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=vx68Nuw8; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-47ee76e8656so62781145e9.0 for ; Tue, 20 Jan 2026 05:38:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916288; x=1769521088; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=L5/8cL+ZZSM4mrQQm86/PXtR2dYBi8Ddu8yDFXXcmiU=; b=vx68Nuw8I7TSNO0y8kWMEB57BKtWzE9hD2mlWNJcuP87Dj9438QMZJ1QXA3NNytzmN 4s1JhYYPsmLI/l3LWpZPfPrXPQP5T4OI1U88pjmfIUzjRlp0avrrA7P8Xy7eTzyknZlB b5rHp/qNBoLG6SxCBkIVD+iLOiiCtGOuD3+gg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916288; x=1769521088; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=L5/8cL+ZZSM4mrQQm86/PXtR2dYBi8Ddu8yDFXXcmiU=; b=KuasMMkOulRHHSdjShoNN1cUSqsKznU8IhkuUBJbNfDfbmyJc7LDlFOKlQ0TV6vteZ W7uBBBLdZd5KQgncouNDnkK5wYC4fBb7RY+b1tThNy1pM2MGIO+/fYBINjA1zU/nMRqi 1SDY//V+Pw1ngk1bG5EoUm9HAAOk+sxOoZ2xBP10ffHHyaE3ufBDzGFcfaniC42+rhRC gJvvGm5yLfbw2b9TGHunFMMuvrrIBthQM8QcYWbksXOfW+CRD6qpvMhvoZ34Sg66TL91 gy8tNuVOFbZrU06CDF8Wi0tSSnDh7jvp7/NGwmLFzW3yW/R7+Bm0Gh4+5v45AFrvCRc2 FEtg== X-Gm-Message-State: AOJu0Yy9eMFsKU6yk5pnYKQFkFwLd97kkyljwTSH1vmJTKnqMXpgjQ+X M04jS36ReqfPBWDG0duXJ1i1zzAGoCbB6lXnjLfAboHt9yZAv2u0CTTpTmhCzNrJO0ia0qqd6tZ Btdg4 X-Gm-Gg: AY/fxX4JX6I/UfS6il8F/G9hVmukLPSX2q7I8lKeyCJrtsqxwprm7rherBl/GSGXrGF +aSJLYx7y7zCRiYdb6/HYAY1GP4m0JrLOiOdEXFkXnuJGQS9TgfgIleahM7lBu2iMvgY712Gq3i vzy5BaZYPF0Cp+GMwCcHXDy/C8OEmhOGojbV79eOf4C0zDR3GW6gzOxtvG+BRhksDxcs7mqSwBB xSEejyHkwsvVhuyFCNZIdBoaiEU1inEJ0hNlAHQTks6636cmQhnqF4/eyrWToGRHR8YhEay3lWQ Vc4lppRPLEhQoBtVi6c4VSmq2MYKIRDSED5m48HHG8dNfkwNFgIPznFIvAbuu3ErmxYTTA1xBec D09+lgumGy2qVD9CiURJHaDiAHySCjA9aVbVBTG1zslfxBPAiX6cCcCji3EfHPCdV+vOZcWFxNP 3/6+4RTZ9vJ9A9a/TpuZRecWXZrvW9E7QGHeDmXoOERGhyFwi/xSzB3wlMa/6G6CZ8xx71KkCbz tPIJ3GSUuFCj22njLB0Qg== X-Received: by 2002:a05:600c:1c0f:b0:477:9986:5e6b with SMTP id 5b1f17b1804b1-480416867bemr4979785e9.28.1768916287220; Tue, 20 Jan 2026 05:38:07 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:06 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/26] cups: patch CVE-2025-58436 Date: Tue, 20 Jan 2026 14:37:28 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229712 From: Peter Marko Pick patch from branch 2.4.x corresponding to patch mentioned in [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-58436 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-extended/cups/cups.inc | 1 + .../cups/cups/CVE-2025-58436.patch | 630 ++++++++++++++++++ 2 files changed, 631 insertions(+) create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-58436.patch diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index cba4406720..c808eef9a7 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -27,6 +27,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${ file://CVE-2024-47175-5.patch \ file://CVE-2025-58060.patch \ file://CVE-2025-58364.patch \ + file://CVE-2025-58436.patch \ " UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases" diff --git a/meta/recipes-extended/cups/cups/CVE-2025-58436.patch b/meta/recipes-extended/cups/cups/CVE-2025-58436.patch new file mode 100644 index 0000000000..388c5e57b5 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2025-58436.patch @@ -0,0 +1,630 @@ +From 5d414f1f91bdca118413301b148f0b188eb1cdc6 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Mon, 13 Oct 2025 10:16:48 +0200 +Subject: [PATCH] Fix unresponsive cupsd process caused by a slow client + +If client is very slow, it will slow cupsd process for other clients. +The fix is the best effort without turning scheduler cupsd into +multithreaded process which would be too complex and error-prone when +backporting to 2.4.x series. + +The fix for unencrypted communication is to follow up on communication +only if there is the whole line on input, and the waiting time is +guarded by timeout. + +Encrypted communication now starts after we have the whole client hello +packet, which conflicts with optional upgrade support to HTTPS via +methods other than method OPTIONS, so this optional support defined in +RFC 2817, section 3.1 is removed. Too slow or incomplete requests are +handled by connection timeout. + +Fixes CVE-2025-58436 + +CVE: CVE-2025-58436 +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/5d414f1f91bdca118413301b148f0b188eb1cdc6] +Signed-off-by: Peter Marko +--- + cups/http-private.h | 7 +- + cups/http.c | 80 +++++++++++++------- + cups/tls-openssl.c | 15 +++- + scheduler/client.c | 178 ++++++++++++++++++++++++++++---------------- + scheduler/client.h | 3 + + scheduler/select.c | 12 +++ + 6 files changed, 198 insertions(+), 97 deletions(-) + +diff --git a/cups/http-private.h b/cups/http-private.h +index d9854faed..2d9035032 100644 +--- a/cups/http-private.h ++++ b/cups/http-private.h +@@ -120,6 +120,7 @@ extern "C" { + * Constants... + */ + ++# define _HTTP_MAX_BUFFER 32768 /* Size of read buffer */ + # define _HTTP_MAX_SBUFFER 65536 /* Size of (de)compression buffer */ + # define _HTTP_RESOLVE_DEFAULT 0 /* Just resolve with default options */ + # define _HTTP_RESOLVE_STDERR 1 /* Log resolve progress to stderr */ +@@ -231,8 +232,8 @@ struct _http_s /**** HTTP connection structure ****/ + http_encoding_t data_encoding; /* Chunked or not */ + int _data_remaining;/* Number of bytes left (deprecated) */ + int used; /* Number of bytes used in buffer */ +- char buffer[HTTP_MAX_BUFFER]; +- /* Buffer for incoming data */ ++ char _buffer[HTTP_MAX_BUFFER]; ++ /* Old read buffer (deprecated) */ + int _auth_type; /* Authentication in use (deprecated) */ + unsigned char _md5_state[88]; /* MD5 state (deprecated) */ + char nonce[HTTP_MAX_VALUE]; +@@ -306,6 +307,8 @@ struct _http_s /**** HTTP connection structure ****/ + /* Allocated field values */ + *default_fields[HTTP_FIELD_MAX]; + /* Default field values, if any */ ++ char buffer[_HTTP_MAX_BUFFER]; ++ /* Read buffer */ + }; + # endif /* !_HTTP_NO_PRIVATE */ + +diff --git a/cups/http.c b/cups/http.c +index 7a42cb3d6..214e45158 100644 +--- a/cups/http.c ++++ b/cups/http.c +@@ -53,7 +53,7 @@ static http_t *http_create(const char *host, int port, + static void http_debug_hex(const char *prefix, const char *buffer, + int bytes); + #endif /* DEBUG */ +-static ssize_t http_read(http_t *http, char *buffer, size_t length); ++static ssize_t http_read(http_t *http, char *buffer, size_t length, int timeout); + static ssize_t http_read_buffered(http_t *http, char *buffer, size_t length); + static ssize_t http_read_chunk(http_t *http, char *buffer, size_t length); + static int http_send(http_t *http, http_state_t request, +@@ -1188,7 +1188,7 @@ httpGets(char *line, /* I - Line to read into */ + return (NULL); + } + +- bytes = http_read(http, http->buffer + http->used, (size_t)(HTTP_MAX_BUFFER - http->used)); ++ bytes = http_read(http, http->buffer + http->used, (size_t)(_HTTP_MAX_BUFFER - http->used), http->wait_value); + + DEBUG_printf(("4httpGets: read " CUPS_LLFMT " bytes.", CUPS_LLCAST bytes)); + +@@ -1706,24 +1706,13 @@ httpPeek(http_t *http, /* I - HTTP connection */ + + ssize_t buflen; /* Length of read for buffer */ + +- if (!http->blocking) +- { +- while (!httpWait(http, http->wait_value)) +- { +- if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data)) +- continue; +- +- return (0); +- } +- } +- + if ((size_t)http->data_remaining > sizeof(http->buffer)) + buflen = sizeof(http->buffer); + else + buflen = (ssize_t)http->data_remaining; + + DEBUG_printf(("2httpPeek: Reading %d bytes into buffer.", (int)buflen)); +- bytes = http_read(http, http->buffer, (size_t)buflen); ++ bytes = http_read(http, http->buffer, (size_t)buflen, http->wait_value); + + DEBUG_printf(("2httpPeek: Read " CUPS_LLFMT " bytes into buffer.", + CUPS_LLCAST bytes)); +@@ -1744,9 +1733,9 @@ httpPeek(http_t *http, /* I - HTTP connection */ + int zerr; /* Decompressor error */ + z_stream stream; /* Copy of decompressor stream */ + +- if (http->used > 0 && ((z_stream *)http->stream)->avail_in < HTTP_MAX_BUFFER) ++ if (http->used > 0 && ((z_stream *)http->stream)->avail_in < _HTTP_MAX_BUFFER) + { +- size_t buflen = HTTP_MAX_BUFFER - ((z_stream *)http->stream)->avail_in; ++ size_t buflen = _HTTP_MAX_BUFFER - ((z_stream *)http->stream)->avail_in; + /* Number of bytes to copy */ + + if (((z_stream *)http->stream)->avail_in > 0 && +@@ -2004,7 +1993,7 @@ httpRead2(http_t *http, /* I - HTTP connection */ + + if (bytes == 0) + { +- ssize_t buflen = HTTP_MAX_BUFFER - (ssize_t)((z_stream *)http->stream)->avail_in; ++ ssize_t buflen = _HTTP_MAX_BUFFER - (ssize_t)((z_stream *)http->stream)->avail_in; + /* Additional bytes for buffer */ + + if (buflen > 0) +@@ -2754,7 +2743,7 @@ int /* O - 1 to continue, 0 to stop */ + _httpUpdate(http_t *http, /* I - HTTP connection */ + http_status_t *status) /* O - Current HTTP status */ + { +- char line[32768], /* Line from connection... */ ++ char line[_HTTP_MAX_BUFFER], /* Line from connection... */ + *value; /* Pointer to value on line */ + http_field_t field; /* Field index */ + int major, minor; /* HTTP version numbers */ +@@ -2762,12 +2751,46 @@ _httpUpdate(http_t *http, /* I - HTTP connection */ + + DEBUG_printf(("_httpUpdate(http=%p, status=%p), state=%s", (void *)http, (void *)status, httpStateString(http->state))); + ++ /* When doing non-blocking I/O, make sure we have a whole line... */ ++ if (!http->blocking) ++ { ++ ssize_t bytes; /* Bytes "peeked" from connection */ ++ ++ /* See whether our read buffer is full... */ ++ DEBUG_printf(("2_httpUpdate: used=%d", http->used)); ++ ++ if (http->used > 0 && !memchr(http->buffer, '\n', (size_t)http->used) && (size_t)http->used < sizeof(http->buffer)) ++ { ++ /* No, try filling in more data... */ ++ if ((bytes = http_read(http, http->buffer + http->used, sizeof(http->buffer) - (size_t)http->used, /*timeout*/0)) > 0) ++ { ++ DEBUG_printf(("2_httpUpdate: Read %d bytes.", (int)bytes)); ++ http->used += (int)bytes; ++ } ++ } ++ ++ /* Peek at the incoming data... */ ++ if (!http->used || !memchr(http->buffer, '\n', (size_t)http->used)) ++ { ++ /* Don't have a full line, tell the reader to try again when there is more data... */ ++ DEBUG_puts("1_htttpUpdate: No newline in buffer yet."); ++ if ((size_t)http->used == sizeof(http->buffer)) ++ *status = HTTP_STATUS_ERROR; ++ else ++ *status = HTTP_STATUS_CONTINUE; ++ return (0); ++ } ++ ++ DEBUG_puts("2_httpUpdate: Found newline in buffer."); ++ } ++ + /* + * Grab a single line from the connection... + */ + + if (!httpGets(line, sizeof(line), http)) + { ++ DEBUG_puts("1_httpUpdate: Error reading request line."); + *status = HTTP_STATUS_ERROR; + return (0); + } +@@ -4089,7 +4112,8 @@ http_debug_hex(const char *prefix, /* I - Prefix for line */ + static ssize_t /* O - Number of bytes read or -1 on error */ + http_read(http_t *http, /* I - HTTP connection */ + char *buffer, /* I - Buffer */ +- size_t length) /* I - Maximum bytes to read */ ++ size_t length, /* I - Maximum bytes to read */ ++ int timeout) /* I - Wait timeout */ + { + ssize_t bytes; /* Bytes read */ + +@@ -4098,7 +4122,7 @@ http_read(http_t *http, /* I - HTTP connection */ + + if (!http->blocking || http->timeout_value > 0.0) + { +- while (!httpWait(http, http->wait_value)) ++ while (!_httpWait(http, timeout, 1)) + { + if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data)) + continue; +@@ -4201,7 +4225,7 @@ http_read_buffered(http_t *http, /* I - HTTP connection */ + else + bytes = (ssize_t)length; + +- DEBUG_printf(("8http_read: Grabbing %d bytes from input buffer.", ++ DEBUG_printf(("8http_read_buffered: Grabbing %d bytes from input buffer.", + (int)bytes)); + + memcpy(buffer, http->buffer, (size_t)bytes); +@@ -4211,7 +4235,7 @@ http_read_buffered(http_t *http, /* I - HTTP connection */ + memmove(http->buffer, http->buffer + bytes, (size_t)http->used); + } + else +- bytes = http_read(http, buffer, length); ++ bytes = http_read(http, buffer, length, http->wait_value); + + return (bytes); + } +@@ -4557,15 +4581,15 @@ http_set_timeout(int fd, /* I - File descriptor */ + static void + http_set_wait(http_t *http) /* I - HTTP connection */ + { +- if (http->blocking) +- { +- http->wait_value = (int)(http->timeout_value * 1000); ++ http->wait_value = (int)(http->timeout_value * 1000); + +- if (http->wait_value <= 0) ++ if (http->wait_value <= 0) ++ { ++ if (http->blocking) + http->wait_value = 60000; ++ else ++ http->wait_value = 1000; + } +- else +- http->wait_value = 10000; + } + + +diff --git a/cups/tls-openssl.c b/cups/tls-openssl.c +index 9fcbe0af3..f746f4cba 100644 +--- a/cups/tls-openssl.c ++++ b/cups/tls-openssl.c +@@ -180,12 +180,14 @@ cupsMakeServerCredentials( + // Save them... + if ((bio = BIO_new_file(keyfile, "wb")) == NULL) + { ++ DEBUG_printf(("1cupsMakeServerCredentials: Unable to create private key file '%s': %s", keyfile, strerror(errno))); + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0); + goto done; + } + + if (!PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL)) + { ++ DEBUG_puts("1cupsMakeServerCredentials: PEM_write_bio_PrivateKey failed."); + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to write private key."), 1); + BIO_free(bio); + goto done; +@@ -195,12 +197,14 @@ cupsMakeServerCredentials( + + if ((bio = BIO_new_file(crtfile, "wb")) == NULL) + { ++ DEBUG_printf(("1cupsMakeServerCredentials: Unable to create certificate file '%s': %s", crtfile, strerror(errno))); + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0); + goto done; + } + + if (!PEM_write_bio_X509(bio, cert)) + { ++ DEBUG_puts("1cupsMakeServerCredentials: PEM_write_bio_X509 failed."); + _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to write X.509 certificate."), 1); + BIO_free(bio); + goto done; +@@ -1044,10 +1048,10 @@ _httpTLSStart(http_t *http) // I - Connection to server + + if (!cupsMakeServerCredentials(tls_keypath, cn, 0, NULL, time(NULL) + 365 * 86400)) + { +- DEBUG_puts("4_httpTLSStart: cupsMakeServerCredentials failed."); ++ DEBUG_printf(("4_httpTLSStart: cupsMakeServerCredentials failed: %s", cupsLastErrorString())); + http->error = errno = EINVAL; + http->status = HTTP_STATUS_ERROR; +- _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to create server credentials."), 1); ++// _cupsSetError(IPP_STATUS_ERROR_INTERNAL, _("Unable to create server credentials."), 1); + SSL_CTX_free(context); + + return (-1); +@@ -1272,14 +1276,17 @@ http_bio_read(BIO *h, // I - BIO data + + http = (http_t *)BIO_get_data(h); + +- if (!http->blocking) ++ if (!http->blocking || http->timeout_value > 0.0) + { + /* + * Make sure we have data before we read... + */ + +- if (!_httpWait(http, 10000, 0)) ++ while (!_httpWait(http, http->wait_value, 0)) + { ++ if (http->timeout_cb && (*http->timeout_cb)(http, http->timeout_data)) ++ continue; ++ + #ifdef WIN32 + http->error = WSAETIMEDOUT; + #else +diff --git a/scheduler/client.c b/scheduler/client.c +index f0349a6c9..9593c9138 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c +@@ -34,11 +34,11 @@ + + static int check_if_modified(cupsd_client_t *con, + struct stat *filestats); ++#ifdef HAVE_TLS ++static int check_start_tls(cupsd_client_t *con); ++#endif /* HAVE_TLS */ + static int compare_clients(cupsd_client_t *a, cupsd_client_t *b, + void *data); +-#ifdef HAVE_TLS +-static int cupsd_start_tls(cupsd_client_t *con, http_encryption_t e); +-#endif /* HAVE_TLS */ + static char *get_file(cupsd_client_t *con, struct stat *filestats, + char *filename, size_t len); + static http_status_t install_cupsd_conf(cupsd_client_t *con); +@@ -360,14 +360,20 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */ + if (lis->encryption == HTTP_ENCRYPTION_ALWAYS) + { + /* +- * https connection; go secure... ++ * HTTPS connection, force TLS negotiation... + */ + +- if (cupsd_start_tls(con, HTTP_ENCRYPTION_ALWAYS)) +- cupsdCloseClient(con); ++ con->tls_start = time(NULL); ++ con->encryption = HTTP_ENCRYPTION_ALWAYS; + } + else ++ { ++ /* ++ * HTTP connection, but check for HTTPS negotiation on first data... ++ */ ++ + con->auto_ssl = 1; ++ } + #endif /* HAVE_TLS */ + } + +@@ -597,17 +603,46 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ + + con->auto_ssl = 0; + +- if (recv(httpGetFd(con->http), buf, 1, MSG_PEEK) == 1 && +- (!buf[0] || !strchr("DGHOPT", buf[0]))) ++ if (recv(httpGetFd(con->http), buf, 5, MSG_PEEK) == 5 && buf[0] == 0x16 && buf[1] == 3 && buf[2]) + { + /* +- * Encrypt this connection... ++ * Client hello record, encrypt this connection... + */ + +- cupsdLogClient(con, CUPSD_LOG_DEBUG2, "Saw first byte %02X, auto-negotiating SSL/TLS session.", buf[0] & 255); ++ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "Saw client hello record, auto-negotiating TLS session."); ++ con->tls_start = time(NULL); ++ con->encryption = HTTP_ENCRYPTION_ALWAYS; ++ } ++ } + +- if (cupsd_start_tls(con, HTTP_ENCRYPTION_ALWAYS)) +- cupsdCloseClient(con); ++ if (con->tls_start) ++ { ++ /* ++ * Try negotiating TLS... ++ */ ++ ++ int tls_status = check_start_tls(con); ++ ++ if (tls_status < 0) ++ { ++ /* ++ * TLS negotiation failed, close the connection. ++ */ ++ ++ cupsdCloseClient(con); ++ return; ++ } ++ else if (tls_status == 0) ++ { ++ /* ++ * Nothing to do yet... ++ */ ++ ++ if ((time(NULL) - con->tls_start) > 5) ++ { ++ // Timeout, close the connection... ++ cupsdCloseClient(con); ++ } + + return; + } +@@ -771,9 +806,7 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ + * Parse incoming parameters until the status changes... + */ + +- while ((status = httpUpdate(con->http)) == HTTP_STATUS_CONTINUE) +- if (!httpGetReady(con->http)) +- break; ++ status = httpUpdate(con->http); + + if (status != HTTP_STATUS_OK && status != HTTP_STATUS_CONTINUE) + { +@@ -935,11 +968,10 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ + return; + } + +- if (cupsd_start_tls(con, HTTP_ENCRYPTION_REQUIRED)) +- { +- cupsdCloseClient(con); +- return; +- } ++ con->tls_start = time(NULL); ++ con->tls_upgrade = 1; ++ con->encryption = HTTP_ENCRYPTION_REQUIRED; ++ return; + #else + if (!cupsdSendError(con, HTTP_STATUS_NOT_IMPLEMENTED, CUPSD_AUTH_NONE)) + { +@@ -978,32 +1010,11 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */ + if (!_cups_strcasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION), + "Upgrade") && !httpIsEncrypted(con->http)) + { +-#ifdef HAVE_TLS +- /* +- * Do encryption stuff... +- */ +- +- httpClearFields(con->http); +- +- if (!cupsdSendHeader(con, HTTP_STATUS_SWITCHING_PROTOCOLS, NULL, +- CUPSD_AUTH_NONE)) +- { +- cupsdCloseClient(con); +- return; +- } +- +- if (cupsd_start_tls(con, HTTP_ENCRYPTION_REQUIRED)) +- { +- cupsdCloseClient(con); +- return; +- } +-#else + if (!cupsdSendError(con, HTTP_STATUS_NOT_IMPLEMENTED, CUPSD_AUTH_NONE)) + { + cupsdCloseClient(con); + return; + } +-#endif /* HAVE_TLS */ + } + + if ((status = cupsdIsAuthorized(con, NULL)) != HTTP_STATUS_OK) +@@ -2631,6 +2642,69 @@ check_if_modified( + } + + ++#ifdef HAVE_TLS ++/* ++ * 'check_start_tls()' - Start encryption on a connection. ++ */ ++ ++static int /* O - 0 to continue, 1 on success, -1 on error */ ++check_start_tls(cupsd_client_t *con) /* I - Client connection */ ++{ ++ unsigned char chello[4096]; /* Client hello record */ ++ ssize_t chello_bytes; /* Bytes read/peeked */ ++ int chello_len; /* Length of record */ ++ ++ ++ /* ++ * See if we have a good and complete client hello record... ++ */ ++ ++ if ((chello_bytes = recv(httpGetFd(con->http), (char *)chello, sizeof(chello), MSG_PEEK)) < 5) ++ return (0); /* Not enough bytes (yet) */ ++ ++ if (chello[0] != 0x016 || chello[1] != 3 || chello[2] == 0) ++ return (-1); /* Not a TLS Client Hello record */ ++ ++ chello_len = (chello[3] << 8) | chello[4]; ++ ++ if ((chello_len + 5) > chello_bytes) ++ return (0); /* Not enough bytes yet */ ++ ++ /* ++ * OK, we do, try negotiating... ++ */ ++ ++ con->tls_start = 0; ++ ++ if (httpEncryption(con->http, con->encryption)) ++ { ++ cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to encrypt connection: %s", cupsLastErrorString()); ++ return (-1); ++ } ++ ++ cupsdLogClient(con, CUPSD_LOG_DEBUG, "Connection now encrypted."); ++ ++ if (con->tls_upgrade) ++ { ++ // Respond to the original OPTIONS command... ++ con->tls_upgrade = 0; ++ ++ httpClearFields(con->http); ++ httpClearCookie(con->http); ++ httpSetField(con->http, HTTP_FIELD_CONTENT_LENGTH, "0"); ++ ++ if (!cupsdSendHeader(con, HTTP_STATUS_OK, NULL, CUPSD_AUTH_NONE)) ++ { ++ cupsdCloseClient(con); ++ return (-1); ++ } ++ } ++ ++ return (1); ++} ++#endif /* HAVE_TLS */ ++ ++ + /* + * 'compare_clients()' - Compare two client connections. + */ +@@ -2651,28 +2725,6 @@ compare_clients(cupsd_client_t *a, /* I - First client */ + } + + +-#ifdef HAVE_TLS +-/* +- * 'cupsd_start_tls()' - Start encryption on a connection. +- */ +- +-static int /* O - 0 on success, -1 on error */ +-cupsd_start_tls(cupsd_client_t *con, /* I - Client connection */ +- http_encryption_t e) /* I - Encryption mode */ +-{ +- if (httpEncryption(con->http, e)) +- { +- cupsdLogClient(con, CUPSD_LOG_ERROR, "Unable to encrypt connection: %s", +- cupsLastErrorString()); +- return (-1); +- } +- +- cupsdLogClient(con, CUPSD_LOG_DEBUG, "Connection now encrypted."); +- return (0); +-} +-#endif /* HAVE_TLS */ +- +- + /* + * 'get_file()' - Get a filename and state info. + */ +diff --git a/scheduler/client.h b/scheduler/client.h +index 9fe4e2ea6..2939ce997 100644 +--- a/scheduler/client.h ++++ b/scheduler/client.h +@@ -51,6 +51,9 @@ struct cupsd_client_s + cups_lang_t *language; /* Language to use */ + #ifdef HAVE_TLS + int auto_ssl; /* Automatic test for SSL/TLS */ ++ time_t tls_start; /* Do TLS negotiation? */ ++ int tls_upgrade; /* Doing TLS upgrade via OPTIONS? */ ++ http_encryption_t encryption; /* Type of TLS negotiation */ + #endif /* HAVE_TLS */ + http_addr_t clientaddr; /* Client's server address */ + char clientname[256];/* Client's server name for connection */ +diff --git a/scheduler/select.c b/scheduler/select.c +index 2e64f2a7e..ac6205c51 100644 +--- a/scheduler/select.c ++++ b/scheduler/select.c +@@ -408,6 +408,9 @@ cupsdDoSelect(long timeout) /* I - Timeout in seconds */ + + cupsd_in_select = 1; + ++ // Prevent 100% CPU by releasing control before the kevent call... ++ usleep(1); ++ + if (timeout >= 0 && timeout < 86400) + { + ktimeout.tv_sec = timeout; +@@ -454,6 +457,9 @@ cupsdDoSelect(long timeout) /* I - Timeout in seconds */ + struct epoll_event *event; /* Current event */ + + ++ // Prevent 100% CPU by releasing control before the epoll_wait call... ++ usleep(1); ++ + if (timeout >= 0 && timeout < 86400) + nfds = epoll_wait(cupsd_epoll_fd, cupsd_epoll_events, MaxFDs, + timeout * 1000); +@@ -546,6 +552,9 @@ cupsdDoSelect(long timeout) /* I - Timeout in seconds */ + } + } + ++ // Prevent 100% CPU by releasing control before the poll call... ++ usleep(1); ++ + if (timeout >= 0 && timeout < 86400) + nfds = poll(cupsd_pollfds, (nfds_t)count, timeout * 1000); + else +@@ -599,6 +608,9 @@ cupsdDoSelect(long timeout) /* I - Timeout in seconds */ + cupsd_current_input = cupsd_global_input; + cupsd_current_output = cupsd_global_output; + ++ // Prevent 100% CPU by releasing control before the select call... ++ usleep(1); ++ + if (timeout >= 0 && timeout < 86400) + { + stimeout.tv_sec = timeout; From patchwork Tue Jan 20 13:37:29 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79200 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3B340D2ED1D for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6479.1768916290104502444 for ; Tue, 20 Jan 2026 05:38:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=kbcIY9kC; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-4801bbbdb4aso27711785e9.1 for ; Tue, 20 Jan 2026 05:38:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916288; x=1769521088; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=3wWDnCPPEuxmfyZ+ke4ReowgsH/JEUeIth9kMR4ZrcU=; b=kbcIY9kCAls8lhF4dFlaT4srG9+qwx0jfRQ89NdI2SV2yuYi184l8NRnWWfPNYE8u7 74lR/yODqBTRRXyJvFmTdQlL/hQwm9B6PvtF5OPDLlQ/OusAL3XYYq/Q0nQFvUE5fScs rXBvIUNVIBxwfF3AyCHnNWj5KsCygNWPDeBMc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916288; x=1769521088; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=3wWDnCPPEuxmfyZ+ke4ReowgsH/JEUeIth9kMR4ZrcU=; b=Q5JRHFjNhSxSOB6MKnh4Q+bjQzQkBH494KCifguharHNYjbvwvymM3MyEmYPJWXE73 ccP9bCYQhw/WKA1mgMS35aWiU7cn9fB28FvoWKoA/M3wBIROoOpGgR9cUJVnRGgin2JQ iO6hJ37l7j5thI2N+rhguDFeSJ+kS1KHlrCicp+AsNblQN1ktmHiqmstHs/CnBn3PWPv UXx/mZ8hbrUNmGK7aIQ5fUq1oIYqalnec29cvZSDx3wEabJGRml8Kk2ja1rZMIu/KSZh 6mweHoLDe46uqcAYjpgR14iibwBo8vF/Vc0kFoVEFR/hoTjYR7vqj0Uy7wKbBdFwutqK RPTA== X-Gm-Message-State: AOJu0Yz5+FzGVa8RBCkIITiuqQqTt4IUcTtYTDVHOuc/a6EB4bAY6q6C Z6drVWO7CqkjsTypdJGxu7uyc4v8JbLiVoVhI/jvejbn66YRN0EopdAPH4ecf2IFlJ1hFRoxHLe PbPhJ X-Gm-Gg: AY/fxX6Jys5OTVLSI8soY/JOOxhzBLKvLiR42N9gmndytj7lMPAhRHXbJIjq+bB+9Bs Sg8F4xhh62eesANAzfqtRe5wzdkX0wy5o9S/Ky8rry00NrML517GCdcupQh7MGS1ve2K44dyiDA TkNB8Uy/E1DNltS39MoTLW7qRibLEpncZygT51nFnYbzi5Su7vREofW6FTfKqSNsLa8Dh/34jQ3 DyqalfTbwe52ZUrXpRx7pPJjm6ask78ko8tI9vUnCml0lkf2RhbAfBYQgtNgp9OiM3uKbFhXFTe IX+d24iApdzxMHXFpj0tKbeHOhukNsJB7HlY4zT1nfjfwnEy6mpheQMJ1cCDGJLvwDD/r61LcSy wb/fNnPHZEe9LNIb3OXd8seuoY50Ls8aGjbgbyvsyyon2blG8evYj1sJw1SthGEAdmeGv+UWPYm 5fVN69HlOjjADuFiHtpxNH+8H8jCuooT6c72uLWfVWysADuR4Wjn1DBy6PO0bXtj7LvAaZUh8+2 t/ggdbBPwvxTX0nS5zfwA== X-Received: by 2002:a05:600c:1c24:b0:47e:e2b8:66e6 with SMTP id 5b1f17b1804b1-4802590e305mr190787075e9.14.1768916287819; Tue, 20 Jan 2026 05:38:07 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:07 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/26] cups: patch CVE-2025-61915 Date: Tue, 20 Jan 2026 14:37:29 +0100 Message-ID: <2bc0fea9b7aa1ff16aa936ec787459cf84b91643.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229713 From: Peter Marko Pick patch per [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-61915 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-extended/cups/cups.inc | 1 + .../cups/cups/CVE-2025-61915.patch | 487 ++++++++++++++++++ 2 files changed, 488 insertions(+) create mode 100644 meta/recipes-extended/cups/cups/CVE-2025-61915.patch diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index c808eef9a7..ce55a8ef6f 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -28,6 +28,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${ file://CVE-2025-58060.patch \ file://CVE-2025-58364.patch \ file://CVE-2025-58436.patch \ + file://CVE-2025-61915.patch \ " UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases" diff --git a/meta/recipes-extended/cups/cups/CVE-2025-61915.patch b/meta/recipes-extended/cups/cups/CVE-2025-61915.patch new file mode 100644 index 0000000000..bdab24e028 --- /dev/null +++ b/meta/recipes-extended/cups/cups/CVE-2025-61915.patch @@ -0,0 +1,487 @@ +From db8d560262c22a21ee1e55dfd62fa98d9359bcb0 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Fri, 21 Nov 2025 07:36:36 +0100 +Subject: [PATCH] Fix various issues in cupsd + +Various issues were found by @SilverPlate3, recognized as CVE-2025-61915: + +- out of bound write when handling IPv6 addresses, +- cupsd crash caused by null dereference when ErrorPolicy value is empty, + +On the top of that, Mike Sweet noticed vulnerability via domain socket, +exploitable locally if attacker has access to domain socket and knows username +of user within a group which is present in CUPS system groups: + +- rewrite of cupsd.conf via PeerCred authorization via domain socket + +The last vulnerability is fixed by introducing PeerCred directive for cups-files.conf, +which controls whether PeerCred is enabled/disabled for user in CUPS system groups. + +Fixes CVE-2025-61915 + +CVE: CVE-2025-61915 +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0] +Signed-off-by: Peter Marko +--- + conf/cups-files.conf.in | 3 ++ + config-scripts/cups-defaults.m4 | 9 +++++ + config.h.in | 7 ++++ + configure | 22 ++++++++++ + doc/help/man-cups-files.conf.html | 9 ++++- + man/cups-files.conf.5 | 17 ++++++-- + scheduler/auth.c | 8 +++- + scheduler/auth.h | 7 ++++ + scheduler/client.c | 2 +- + scheduler/conf.c | 60 ++++++++++++++++++++++++---- + test/run-stp-tests.sh | 2 +- + vcnet/config.h | 7 ++++ + xcode/CUPS.xcodeproj/project.pbxproj | 2 - + xcode/config.h | 7 ++++ + 14 files changed, 145 insertions(+), 17 deletions(-) + +diff --git a/conf/cups-files.conf.in b/conf/cups-files.conf.in +index f96f745ae..6db139297 100644 +--- a/conf/cups-files.conf.in ++++ b/conf/cups-files.conf.in +@@ -19,6 +19,9 @@ + SystemGroup @CUPS_SYSTEM_GROUPS@ + @CUPS_SYSTEM_AUTHKEY@ + ++# Are Unix domain socket peer credentials used for authorization? ++PeerCred @CUPS_PEER_CRED@ ++ + # User that is substituted for unauthenticated (remote) root accesses... + #RemoteRoot remroot + +diff --git a/config-scripts/cups-defaults.m4 b/config-scripts/cups-defaults.m4 +index 999a8849d..fc9ba4a02 100644 +--- a/config-scripts/cups-defaults.m4 ++++ b/config-scripts/cups-defaults.m4 +@@ -129,6 +129,15 @@ AC_ARG_WITH([log_level], AS_HELP_STRING([--with-log-level], [set default LogLeve + AC_SUBST([CUPS_LOG_LEVEL]) + AC_DEFINE_UNQUOTED([CUPS_DEFAULT_LOG_LEVEL], ["$CUPS_LOG_LEVEL"], [Default LogLevel value.]) + ++dnl Default PeerCred ++AC_ARG_WITH([peer_cred], AS_HELP_STRING([--with-peer-cred], [set default PeerCred value (on/off/root-only), default=on]), [ ++ CUPS_PEER_CRED="$withval" ++], [ ++ CUPS_PEER_CRED="on" ++]) ++AC_SUBST([CUPS_PEER_CRED]) ++AC_DEFINE_UNQUOTED([CUPS_DEFAULT_PEER_CRED], ["$CUPS_PEER_CRED"], [Default PeerCred value.]) ++ + dnl Default AccessLogLevel + AC_ARG_WITH(access_log_level, [ --with-access-log-level set default AccessLogLevel value, default=none], + CUPS_ACCESS_LOG_LEVEL="$withval", +diff --git a/config.h.in b/config.h.in +index 207df66a7..37c279088 100644 +--- a/config.h.in ++++ b/config.h.in +@@ -86,6 +86,13 @@ + #define CUPS_DEFAULT_ERROR_POLICY "stop-printer" + + ++/* ++ * Default PeerCred value... ++ */ ++ ++#define CUPS_DEFAULT_PEER_CRED "on" ++ ++ + /* + * Default MaxCopies value... + */ +diff --git a/configure b/configure +index a38ebded9..1721634ba 100755 +--- a/configure ++++ b/configure +@@ -672,6 +672,7 @@ CUPS_BROWSING + CUPS_SYNC_ON_CLOSE + CUPS_PAGE_LOG_FORMAT + CUPS_ACCESS_LOG_LEVEL ++CUPS_PEER_CRED + CUPS_LOG_LEVEL + CUPS_FATAL_ERRORS + CUPS_ERROR_POLICY +@@ -925,6 +926,7 @@ with_max_log_size + with_error_policy + with_fatal_errors + with_log_level ++with_peer_cred + with_access_log_level + enable_page_logging + enable_sync_on_close +@@ -1659,6 +1661,8 @@ Optional Packages: + --with-error-policy set default ErrorPolicy value, default=stop-printer + --with-fatal-errors set default FatalErrors value, default=config + --with-log-level set default LogLevel value, default=warn ++ --with-peer-cred set default PeerCred value (on/off/root-only), ++ default=on + --with-access-log-level set default AccessLogLevel value, default=none + --with-local-protocols set default BrowseLocalProtocols, default="" + --with-cups-user set default user for CUPS +@@ -11652,6 +11656,24 @@ printf "%s\n" "#define CUPS_DEFAULT_LOG_LEVEL \"$CUPS_LOG_LEVEL\"" >>confdefs.h + + + ++# Check whether --with-peer_cred was given. ++if test ${with_peer_cred+y} ++then : ++ withval=$with_peer_cred; ++ CUPS_PEER_CRED="$withval" ++ ++else $as_nop ++ ++ CUPS_PEER_CRED="on" ++ ++fi ++ ++ ++ ++printf "%s\n" "#define CUPS_DEFAULT_PEER_CRED \"$CUPS_PEER_CRED\"" >>confdefs.h ++ ++ ++ + # Check whether --with-access_log_level was given. + if test ${with_access_log_level+y} + then : +diff --git a/doc/help/man-cups-files.conf.html b/doc/help/man-cups-files.conf.html +index 440f033d5..5a9ddefeb 100644 +--- a/doc/help/man-cups-files.conf.html ++++ b/doc/help/man-cups-files.conf.html +@@ -119,6 +119,13 @@ The default is "/var/log/cups/page_log". +
PassEnv variable [ ... variable ] +
Passes the specified environment variable(s) to child processes. + Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive. ++
PeerCred off ++
PeerCred on ++
PeerCred root-only ++
Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket. ++When on, the peer credentials of any user are accepted for authorization. ++The value off disables the use of peer credentials entirely, while the value root-only allows peer credentials only for the root user. ++Note: for security reasons, the on setting is reduced to root-only for authorization of PUT requests. +
RemoteRoot username +
Specifies the username that is associated with unauthenticated accesses by clients claiming to be the root user. + The default is "remroot". +@@ -199,7 +206,7 @@ command is used instead. + subscriptions.conf(5), + CUPS Online Help (http://localhost:631/help) +

Copyright

+-Copyright © 2020-2022 by OpenPrinting. ++Copyright © 2020-2025 by OpenPrinting. + + + +diff --git a/man/cups-files.conf.5 b/man/cups-files.conf.5 +index ec16c9e13..18ce2be00 100644 +--- a/man/cups-files.conf.5 ++++ b/man/cups-files.conf.5 +@@ -1,14 +1,14 @@ + .\" + .\" cups-files.conf man page for CUPS. + .\" +-.\" Copyright © 2020-2022 by OpenPrinting. ++.\" Copyright © 2020-2025 by OpenPrinting. + .\" Copyright © 2007-2019 by Apple Inc. + .\" Copyright © 1997-2006 by Easy Software Products. + .\" + .\" Licensed under Apache License v2.0. See the file "LICENSE" for more + .\" information. + .\" +-.TH cups-files.conf 5 "CUPS" "2021-03-06" "OpenPrinting" ++.TH cups-files.conf 5 "CUPS" "2025-10-08" "OpenPrinting" + .SH NAME + cups\-files.conf \- file and directory configuration file for cups + .SH DESCRIPTION +@@ -166,6 +166,17 @@ The default is "/var/log/cups/page_log". + \fBPassEnv \fIvariable \fR[ ... \fIvariable \fR] + Passes the specified environment variable(s) to child processes. + Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive. ++.\"#PeerCred ++.TP 5 ++\fBPeerCred off\fR ++.TP 5 ++\fBPeerCred on\fR ++.TP 5 ++\fBPeerCred root-only\fR ++Specifies whether peer credentials are used for authorization when communicating over the UNIX domain socket. ++When \fBon\fR, the peer credentials of any user are accepted for authorization. ++The value \fBoff\fR disables the use of peer credentials entirely, while the value \fBroot-only\fR allows peer credentials only for the root user. ++Note: for security reasons, the \fBon\fR setting is reduced to \fBroot-only\fR for authorization of PUT requests. + .\"#RemoteRoot + .TP 5 + \fBRemoteRoot \fIusername\fR +@@ -278,4 +289,4 @@ command is used instead. + .BR subscriptions.conf (5), + CUPS Online Help (http://localhost:631/help) + .SH COPYRIGHT +-Copyright \[co] 2020-2022 by OpenPrinting. ++Copyright \[co] 2020-2025 by OpenPrinting. +diff --git a/scheduler/auth.c b/scheduler/auth.c +index 3c9aa72aa..bd0d28a0e 100644 +--- a/scheduler/auth.c ++++ b/scheduler/auth.c +@@ -398,7 +398,7 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ + } + #endif /* HAVE_AUTHORIZATION_H */ + #if defined(SO_PEERCRED) && defined(AF_LOCAL) +- else if (!strncmp(authorization, "PeerCred ", 9) && ++ else if (PeerCred != CUPSD_PEERCRED_OFF && !strncmp(authorization, "PeerCred ", 9) && + con->http->hostaddr->addr.sa_family == AF_LOCAL && con->best) + { + /* +@@ -441,6 +441,12 @@ cupsdAuthorize(cupsd_client_t *con) /* I - Client connection */ + } + #endif /* HAVE_AUTHORIZATION_H */ + ++ if ((PeerCred == CUPSD_PEERCRED_ROOTONLY || httpGetState(con->http) == HTTP_STATE_PUT_RECV) && strcmp(authorization + 9, "root")) ++ { ++ cupsdLogClient(con, CUPSD_LOG_INFO, "User \"%s\" is not allowed to use peer credentials.", authorization + 9); ++ return; ++ } ++ + if ((pwd = getpwnam(authorization + 9)) == NULL) + { + cupsdLogClient(con, CUPSD_LOG_ERROR, "User \"%s\" does not exist.", authorization + 9); +diff --git a/scheduler/auth.h b/scheduler/auth.h +index ee98e92c7..fdf71213f 100644 +--- a/scheduler/auth.h ++++ b/scheduler/auth.h +@@ -50,6 +50,10 @@ + #define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */ + #define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */ + ++#define CUPSD_PEERCRED_OFF 0 /* Don't allow PeerCred authorization */ ++#define CUPSD_PEERCRED_ON 1 /* Allow PeerCred authorization for all users */ ++#define CUPSD_PEERCRED_ROOTONLY 2 /* Allow PeerCred authorization for root user */ ++ + #define IPP_ANY_OPERATION (ipp_op_t)0 + /* Any IPP operation */ + #define IPP_BAD_OPERATION (ipp_op_t)-1 +@@ -107,6 +111,9 @@ typedef struct cupsd_client_s cupsd_client_t; + + VAR cups_array_t *Locations VALUE(NULL); + /* Authorization locations */ ++VAR int PeerCred VALUE(CUPSD_PEERCRED_ON); ++ /* Allow PeerCred authorization? */ ++ + #ifdef HAVE_TLS + VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED); + /* Default encryption for authentication */ +diff --git a/scheduler/client.c b/scheduler/client.c +index 9593c9138..d961c15db 100644 +--- a/scheduler/client.c ++++ b/scheduler/client.c +@@ -2143,7 +2143,7 @@ cupsdSendHeader( + auth_size = sizeof(auth_str) - (size_t)(auth_key - auth_str); + + #if defined(SO_PEERCRED) && defined(AF_LOCAL) +- if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL) ++ if (PeerCred != CUPSD_PEERCRED_OFF && httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL) + { + strlcpy(auth_key, ", PeerCred", auth_size); + auth_key += 10; +diff --git a/scheduler/conf.c b/scheduler/conf.c +index db4104ec5..7d6da0252 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -47,6 +47,7 @@ typedef enum + { + CUPSD_VARTYPE_INTEGER, /* Integer option */ + CUPSD_VARTYPE_TIME, /* Time interval option */ ++ CUPSD_VARTYPE_NULLSTRING, /* String option or NULL/empty string */ + CUPSD_VARTYPE_STRING, /* String option */ + CUPSD_VARTYPE_BOOLEAN, /* Boolean option */ + CUPSD_VARTYPE_PATHNAME, /* File/directory name option */ +@@ -69,7 +70,7 @@ static const cupsd_var_t cupsd_vars[] = + { + { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN }, + #ifdef HAVE_DNSSD +- { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING }, ++ { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_NULLSTRING }, + #endif /* HAVE_DNSSD */ + { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN }, + { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN }, +@@ -120,7 +121,7 @@ static const cupsd_var_t cupsd_vars[] = + { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER }, + { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER }, + { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME }, +- { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING }, ++ { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_NULLSTRING }, + { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME }, + { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME }, + { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME }, +@@ -777,6 +778,13 @@ cupsdReadConfiguration(void) + IdleExitTimeout = 60; + #endif /* HAVE_ONDEMAND */ + ++ if (!strcmp(CUPS_DEFAULT_PEER_CRED, "off")) ++ PeerCred = CUPSD_PEERCRED_OFF; ++ else if (!strcmp(CUPS_DEFAULT_PEER_CRED, "root-only")) ++ PeerCred = CUPSD_PEERCRED_ROOTONLY; ++ else ++ PeerCred = CUPSD_PEERCRED_ON; ++ + /* + * Setup environment variables... + */ +@@ -1826,7 +1834,7 @@ get_addr_and_mask(const char *value, /* I - String from config file */ + + family = AF_INET6; + +- for (i = 0, ptr = value + 1; *ptr && i < 8; i ++) ++ for (i = 0, ptr = value + 1; *ptr && i >= 0 && i < 8; i ++) + { + if (*ptr == ']') + break; +@@ -1975,7 +1983,7 @@ get_addr_and_mask(const char *value, /* I - String from config file */ + #ifdef AF_INET6 + if (family == AF_INET6) + { +- if (i > 128) ++ if (i < 0 || i > 128) + return (0); + + i = 128 - i; +@@ -2009,7 +2017,7 @@ get_addr_and_mask(const char *value, /* I - String from config file */ + else + #endif /* AF_INET6 */ + { +- if (i > 32) ++ if (i < 0 || i > 32) + return (0); + + mask[0] = 0xffffffff; +@@ -2919,7 +2927,17 @@ parse_variable( + cupsdSetString((char **)var->ptr, temp); + break; + ++ case CUPSD_VARTYPE_NULLSTRING : ++ cupsdSetString((char **)var->ptr, value); ++ break; ++ + case CUPSD_VARTYPE_STRING : ++ if (!value) ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", line, linenum, filename); ++ return (0); ++ } ++ + cupsdSetString((char **)var->ptr, value); + break; + } +@@ -3447,9 +3465,10 @@ read_cupsd_conf(cups_file_t *fp) /* I - File to read from */ + line, value ? " " : "", value ? value : "", linenum, + ConfigurationFile, CupsFilesFile); + } +- else +- parse_variable(ConfigurationFile, linenum, line, value, +- sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars); ++ else if (!parse_variable(ConfigurationFile, linenum, line, value, ++ sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars) && ++ (FatalErrors & CUPSD_FATAL_CONFIG)) ++ return (0); + } + + return (1); +@@ -3609,6 +3628,31 @@ read_cups_files_conf(cups_file_t *fp) /* I - File to read from */ + break; + } + } ++ else if (!_cups_strcasecmp(line, "PeerCred") && value) ++ { ++ /* ++ * PeerCred {off,on,root-only} ++ */ ++ ++ if (!_cups_strcasecmp(value, "off")) ++ { ++ PeerCred = CUPSD_PEERCRED_OFF; ++ } ++ else if (!_cups_strcasecmp(value, "on")) ++ { ++ PeerCred = CUPSD_PEERCRED_ON; ++ } ++ else if (!_cups_strcasecmp(value, "root-only")) ++ { ++ PeerCred = CUPSD_PEERCRED_ROOTONLY; ++ } ++ else ++ { ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown PeerCred \"%s\" on line %d of %s.", value, linenum, CupsFilesFile); ++ if (FatalErrors & CUPSD_FATAL_CONFIG) ++ return (0); ++ } ++ } + else if (!_cups_strcasecmp(line, "PrintcapFormat") && value) + { + /* +diff --git a/test/run-stp-tests.sh b/test/run-stp-tests.sh +index 1c447edd7..8d677db71 100755 +--- a/test/run-stp-tests.sh ++++ b/test/run-stp-tests.sh +@@ -512,7 +512,7 @@ fi + + cat >$BASE/cups-files.conf < X-Patchwork-Id: 79196 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2BC1AD2ED1C for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6480.1768916290591955402 for ; Tue, 20 Jan 2026 05:38:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=VMgg2uv+; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-47ee3a63300so50916035e9.2 for ; Tue, 20 Jan 2026 05:38:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916289; x=1769521089; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=heTDfoh649jmidpfyy43Tt33d7fnRIyyittQVRJsedg=; b=VMgg2uv+U84uVwSp4RDnBfzJOnFTXx/mqEJzoIUzcI8ygIM+iyhlmn9JgFXN4oD2Ae G8yvmOvYm7+KR0z8B9cNmAlclDgpBTULZVdKJCDZHvfyx0j3BEapO5t/Cm6Gco+XfxHJ GXbbEFQX31laGqAXqTn1FYNdffCGAiB5MywGY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916289; x=1769521089; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=heTDfoh649jmidpfyy43Tt33d7fnRIyyittQVRJsedg=; b=Zk7cK9OCDqI5ID48EQcKKLaL89KCj5O2ONP0ouWi+veh0fliD0q1MKk/MbWEOcS0YO gyjWIfPbvRuwwDQ2uc/fZRdSZsl4yVjazI5FK1PBifl7T4XR8yv+2/HRXak95r/OovAL riRwG2lC5VjeUTh+MVp8xBoWv4oN8YPCTyPr3/s5cHOHE7XT1d7ris28aJei4ROwE8wb PBzr35zevQnCeEq1O+dCvgZg3CCJfPAx4Mj0O6n5u9VEwIaYPEN9oM88noIRVMAUgS9m 6uwCM3VRRHXOeFStszog+wWjgPEPaKlawBOJjA1vLvLF/F4q+w4YvSDspPvdViRaZKPn ye6g== X-Gm-Message-State: AOJu0YyL5qgXIT95bFmvjRu82jIBRlnGgU+p0exoFe00Uj2z4LAfah5Q GtMMz4PR2RoeZFN4NsgUIeeUrXt1tlB+L36duDgfcTsHl82qb8fYN0QPhMA5QiivudZyWaFMg1y G7Y6u X-Gm-Gg: AY/fxX5sWCmGlCrO2Oy6RXLPJg4n0bd+2eDHb6/crp04T0ftm4edFzHFONe5b5ieCFK HktcNIbkRqMln9iw+JQhSJI4mcitYAvsqFxnWqY9ROp0oNyUndCTbV9F6R6MUELiVShgN35nujl bgbfG6nFN2+HnVfmwodLc7hbuA2I9O1wfjHZ6cCTjl5OE8tfelAxzuKTAo0fpJu3gkVj7551xru mIQkK+BX6bvZrjjE74G6LzfSyLXbVuyMoRkTUU2U/Me8t63ImmOlA9yilTiZCwUmdl7VOQEYrDy tBxfElWTdjMyuPk+1k/PWZxlPw8bfG65R6B+OvLAhIlaZ1dG75+jIKssHzIIAd5IU0bLy8DR33G sTMnP+P6kjT8A0NwU2J3JIQKN3trcLRd7FBGTeZLjb5Jgw3HZpoP4TlPe6he+799Xh7Twyfv9Ve mg8KoUrPxHfGX1ogUf4Foi0wlo6XZgFm9rIQnBdo+tqBKBCkXqEicvhpruOe2Rdzk0mYWb4U7Ki MFSDXzezDUAvUf6vfjmzA== X-Received: by 2002:a05:600c:3150:b0:477:6374:6347 with SMTP id 5b1f17b1804b1-4803e7e7dacmr28119795e9.22.1768916288690; Tue, 20 Jan 2026 05:38:08 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:08 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/26] cups: allow unknown directives in conf files Date: Tue, 20 Jan 2026 14:37:30 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229714 From: Peter Marko Patch for CVE-2025-61915 by mistake causes fatal error on unknown directives in configuration files. The default configuration already contains unknown directive in non-systemd setups: Unknown directive IdleExitTimeout on line 32 of /etc/cups/cupsd.conf Backport fix for this from 2.4.x branch which reverts this behavior. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-extended/cups/cups.inc | 1 + ...pping-scheduler-on-unknown-directive.patch | 43 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index ce55a8ef6f..f70c4e7026 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -29,6 +29,7 @@ SRC_URI = "https://github.com/OpenPrinting/cups/releases/download/v${PV}/cups-${ file://CVE-2025-58364.patch \ file://CVE-2025-58436.patch \ file://CVE-2025-61915.patch \ + file://0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch \ " UPSTREAM_CHECK_URI = "https://github.com/OpenPrinting/cups/releases" diff --git a/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch new file mode 100644 index 0000000000..572a8941f4 --- /dev/null +++ b/meta/recipes-extended/cups/cups/0001-conf.c-Fix-stopping-scheduler-on-unknown-directive.patch @@ -0,0 +1,43 @@ +From 277d3b1c49895f070bbf4b73cada011d71fbf9f3 Mon Sep 17 00:00:00 2001 +From: Zdenek Dohnal +Date: Thu, 4 Dec 2025 09:04:37 +0100 +Subject: [PATCH] conf.c: Fix stopping scheduler on unknown directive + +Change the return value to do not trigger stopping the scheduler in case +of unknown directive, because stopping the scheduler on config errors +should only happen in case of syntax errors. + +Upstream-Status: Backport [https://github.com/OpenPrinting/cups/commit/277d3b1c49895f070bbf4b73cada011d71fbf9f3] +Signed-off-by: Peter Marko +--- + scheduler/conf.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/scheduler/conf.c b/scheduler/conf.c +index 7d6da0252..0e7be0ef4 100644 +--- a/scheduler/conf.c ++++ b/scheduler/conf.c +@@ -2695,16 +2695,16 @@ parse_variable( + { + /* + * Unknown directive! Output an error message and continue... ++ * ++ * Return value 1 is on purpose - we ignore unknown directives to log ++ * error, but do not stop the scheduler in case error in configuration ++ * is set to be fatal. + */ + +- if (!value) +- cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.", +- line, linenum, filename); +- else +- cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.", +- line, linenum, filename); ++ cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.", ++ line, linenum, filename); + +- return (0); ++ return (1); + } + + switch (var->type) From patchwork Tue Jan 20 13:37:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79195 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 278E6D2ED18 for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6471.1768916291538859239 for ; Tue, 20 Jan 2026 05:38:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=3glzAVC4; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-47ee76e8656so62781495e9.0 for ; Tue, 20 Jan 2026 05:38:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916290; x=1769521090; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=2NDGt7pcwg+CwOEegK1tOLmV8jBqcQqJJcXmNG7fKnU=; b=3glzAVC4aRU5hStcaI3r98jYG3f6NAyKxt5ZTlk+rDk3IFPrjVmVIE5fP5oprDL2U1 RGt9sZ2KurJCZ1opSSINp6dkMtXwz+qsq1L9n3W+RgVp8YKqBkqQF2Xn2GYpWMN59kLg 6Ewtf0yJR0zAB5vl0Ttmox9vnGxUjtUY0hCqo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916290; x=1769521090; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=2NDGt7pcwg+CwOEegK1tOLmV8jBqcQqJJcXmNG7fKnU=; b=VFA0hqjuOiZZE0VYKa909qkrBB5Vp10+LoYLzltsNTpoIMd1xtoPHydWRkbL/DurLr eW9hXGRgfGmWG0w5a3SARtH5dVIyqc0e1kdi3BwcQfu1zYNbWRrF+2wVIVQsqoKTPf/J M1y2Uj3qp6DxCnK/n8ZN6fLp9fJ2nAk+Dfrr+hH3n1fGLdDc+4AYbhnHQ/VkdDDA6yWd TcwtNYwmgDPgJ2wADcAbK+jDRkeQ38n7dw8Igkj9l7/P6oRPuohidQ7XQ9dDNKfTrOTD gr4T4j9ctuq+Ivy58tXAipKqePec+QGYmjwQHFjUM4Ml9N6J0y6jXEZb7KSDZ9Bl2Zpm psog== X-Gm-Message-State: AOJu0Ywa/FwI1lEWCloLRzPMgjVxAdiVV06CTXuLeURATGZowEoLrR9n HsmkE5IWyXGbwPfjltqvlTHqh495u5lCp7Lw1eP9/jhjyddUztQxNGppBOJxMiGoAh0fXrNHBzf W306m X-Gm-Gg: AY/fxX4g6400OwWR6E8I/K05e4sV3EB7h1igWau3tFFD6ztnycSAmvKGRXjyBmPhpH5 wQrHEZ7WuJMSYhPSfK23Lfqn1XaGksNYcVlBvwOsGsf9Cn/2TSDXxoljeT68YG/NBz8qXfKC0bH 9pCKd67P5KeI8ugmlZwIk4sAbNY8UqHE8br6EWTFjuI0R7x4kyHDwtwFyEtmmQc5cSAmR8QvZO6 zRda0OtE5kJfNxq24+Qf/jQq/ufZccqYulRVBs9R2rP7QvXFWPeFHHnIF9JpFG98ZWQYBaBdg9j J/gP7k6phYdQoTMEtQ+2dAgTwPI/Nmg2igUAgqdI+rB64EP6VhGyRyYQUYv/SicblK4G3eWfj/N E7JIBjzC/4Lr5Xw8tRzl/ewgXYew3oy5KZziFdtoIxMUCSn4NX2ikHyocbbWSuN8Vl/sj3Zy3n9 O8WQA8mYcRmC+W7wocwX770EgO4mC5D9fwklu6ct+ElxLaseyIY1EEz61oRuZbmSGin7obvrTdV wGzcsN6pNTWh3F5sdrOSQ== X-Received: by 2002:a05:600c:620e:b0:47d:73a4:45a7 with SMTP id 5b1f17b1804b1-4803e7e7d75mr25697965e9.24.1768916289585; Tue, 20 Jan 2026 05:38:09 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:09 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/26] dropbear: patch CVE-2019-6111 Date: Tue, 20 Jan 2026 14:37:31 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229715 From: Peter Marko Pick patch mentioning this CVE number. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-core/dropbear/dropbear.inc | 1 + .../dropbear/dropbear/CVE-2019-6111.patch | 157 ++++++++++++++++++ 2 files changed, 158 insertions(+) create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc index 94059df258..cebb1e49c9 100644 --- a/meta/recipes-core/dropbear/dropbear.inc +++ b/meta/recipes-core/dropbear/dropbear.inc @@ -34,6 +34,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://0001-Add-m_snprintf-that-won-t-return-negative.patch \ file://0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch \ file://CVE-2025-47203.patch \ + file://CVE-2019-6111.patch \ " PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch b/meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch new file mode 100644 index 0000000000..84224a5f57 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2019-6111.patch @@ -0,0 +1,157 @@ +From 48a17cff6aa104b8e806ddb2191f83f1024060f1 Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Tue, 9 Dec 2025 22:59:19 +0900 +Subject: [PATCH] scp CVE-2019-6111 fix + +Cherry-pick from OpenSSH portable + +391ffc4b9d31 ("upstream: check in scp client that filenames sent during") + +upstream: check in scp client that filenames sent during + +remote->local directory copies satisfy the wildcard specified by the user. + +This checking provides some protection against a malicious server +sending unexpected filenames, but it comes at a risk of rejecting wanted +files due to differences between client and server wildcard expansion rules. + +For this reason, this also adds a new -T flag to disable the check. + +reported by Harry Sintonen +fix approach suggested by markus@; +has been in snaps for ~1wk courtesy deraadt@ + +CVE: CVE-2019-6111 +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/48a17cff6aa104b8e806ddb2191f83f1024060f1] +Signed-off-by: Peter Marko +--- + scp.c | 38 +++++++++++++++++++++++++++++--------- + 1 file changed, 29 insertions(+), 9 deletions(-) + +diff --git a/scp.c b/scp.c +index 384f2cb..bf98986 100644 +--- a/scp.c ++++ b/scp.c +@@ -76,6 +76,8 @@ + #include "includes.h" + /*RCSID("$OpenBSD: scp.c,v 1.130 2006/01/31 10:35:43 djm Exp $");*/ + ++#include ++ + #include "atomicio.h" + #include "compat.h" + #include "scpmisc.h" +@@ -291,14 +293,14 @@ void verifydir(char *); + + uid_t userid; + int errs, remin, remout; +-int pflag, iamremote, iamrecursive, targetshouldbedirectory; ++int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory; + + #define CMDNEEDS 64 + char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ + + int response(void); + void rsource(char *, struct stat *); +-void sink(int, char *[]); ++void sink(int, char *[], const char *); + void source(int, char *[]); + void tolocal(int, char *[]); + void toremote(char *, int, char *[]); +@@ -325,8 +327,8 @@ main(int argc, char **argv) + args.list = NULL; + addargs(&args, "%s", ssh_program); + +- fflag = tflag = 0; +- while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) ++ fflag = Tflag = tflag = 0; ++ while ((ch = getopt(argc, argv, "dfl:prtTvBCc:i:P:q1246S:o:F:")) != -1) + switch (ch) { + /* User-visible flags. */ + case '1': +@@ -389,9 +391,12 @@ main(int argc, char **argv) + setmode(0, O_BINARY); + #endif + break; ++ case 'T': ++ Tflag = 1; ++ break; + default: + usage(); +- } ++ } + argc -= optind; + argv += optind; + +@@ -409,7 +414,7 @@ main(int argc, char **argv) + } + if (tflag) { + /* Receive data. */ +- sink(argc, argv); ++ sink(argc, argv, NULL); + exit(errs != 0); + } + if (argc < 2) +@@ -590,7 +595,7 @@ tolocal(int argc, char **argv) + continue; + } + xfree(bp); +- sink(1, argv + argc - 1); ++ sink(1, argv + argc - 1, src); + (void) close(remin); + remin = remout = -1; + } +@@ -823,7 +828,7 @@ bwlimit(int amount) + } + + void +-sink(int argc, char **argv) ++sink(int argc, char **argv, const char *src) + { + static BUF buffer; + struct stat stb; +@@ -837,6 +842,7 @@ sink(int argc, char **argv) + off_t size, statbytes; + int setimes, targisdir, wrerrno = 0; + char ch, *cp, *np, *targ, *why, *vect[1], buf[2048]; ++ char *src_copy = NULL, *restrict_pattern = NULL; + struct timeval tv[2]; + + #define atime tv[0] +@@ -858,6 +864,17 @@ sink(int argc, char **argv) + (void) atomicio(vwrite, remout, "", 1); + if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) + targisdir = 1; ++ if (src != NULL && !iamrecursive && !Tflag) { ++ /* ++ * Prepare to try to restrict incoming filenames to match ++ * the requested destination file glob. ++ */ ++ if ((src_copy = strdup(src)) == NULL) ++ fatal("strdup failed"); ++ if ((restrict_pattern = strrchr(src_copy, '/')) != NULL) { ++ *restrict_pattern++ = '\0'; ++ } ++ } + for (first = 1;; first = 0) { + cp = buf; + if (atomicio(read, remin, cp, 1) != 1) +@@ -940,6 +957,9 @@ sink(int argc, char **argv) + run_err("error: unexpected filename: %s", cp); + exit(1); + } ++ if (restrict_pattern != NULL && ++ fnmatch(restrict_pattern, cp, 0) != 0) ++ SCREWUP("filename does not match request"); + if (targisdir) { + static char *namebuf = NULL; + static size_t cursize = 0; +@@ -978,7 +998,7 @@ sink(int argc, char **argv) + goto bad; + } + vect[0] = xstrdup(np); +- sink(1, vect); ++ sink(1, vect, src); + if (setimes) { + setimes = 0; + if (utimes(vect[0], tv) < 0) From patchwork Tue Jan 20 13:37:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79191 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E82DD2ED19 for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6482.1768916292206974757 for ; Tue, 20 Jan 2026 05:38:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=flRB8C1d; spf=pass (domain: smile.fr, ip: 209.85.128.51, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-47edd6111b4so48761505e9.1 for ; Tue, 20 Jan 2026 05:38:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916290; x=1769521090; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=f/LIY9qMZengcUOF7vPKUtS1lRqwWvEZyKRvchqTdNU=; b=flRB8C1drTDV7Gdkf/CmeWGuq4HCV3W06XjNEb5MF+0MfkXpiNDICnhDsBA7LfAvyr gc0dODZKNLpGA7HN6rW567hKkzkT9UgTmaBY4xCQCIi88tGpuMUhHrGa7+qSb49wkoqY YbscaC8cRz4kYgVPLtLVKgIAAxrAWZpoAvNZA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916290; x=1769521090; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=f/LIY9qMZengcUOF7vPKUtS1lRqwWvEZyKRvchqTdNU=; b=soHFRq35Ve1ltwhHKDlyEvwlZ0YxvAOl04SdLHP1bQvBwHDB59NUH1banZEC98ItJO z6iLOzeGqduyfsOfW8wZEXBt+NIkPRCBah7YrTihz0BkzsZGkR42/ZO0PXnoUwFv3PKd QmnnKp3YEjeR5+sFIeOhuNZiUTLLqdR0f+O7hVr9RZaeRhSAYgUtQJZcY3zCuXhlWVOH FaDCwGOa+4mPu4CUhui1fIuS+VTWylNomtQsiJi8DVZ3FPXlvB3hHz+QPh4BWEiqhJyS P9wm2MPI+nKQYvg2qdSzR2DKbl0xJ/iFODc5AQkavhdPQX2tEEzsSG7jdCstxp8WUmx9 JGpg== X-Gm-Message-State: AOJu0YzZeeAdvWXh8QMuRfGovS/xl/+bqrhcabNfyDIRKHx84FI2Qx0l 6wC2fuRSuHxQCb4hsgDPpgOowl276rrmX2/45L4Hs9sOWRWhdSrBzskoJBDQFFH/0tEnyCKjdG0 LNA7I X-Gm-Gg: AY/fxX4hBYH+catA5SFeRZk48ngPhrhjTp+HI3GHviGLZ/Lh66VNwLrBwX+GB9ko6ft hY+wCw4sfOKSQhy4gyFHNtROWanCj/b0+n77lXsv3A7kxp+4rXPbE34b7M65fHs94glRlhlzpkp GyCmqY2/XtfKaG6z7Hc6mmoZTiuJ6mWRnhB8zkB6g3wSzYgmLL9cEK8cYjY3PAuNMIkMQtKoHUX oTND9WuamnG5jAbgO8QB4xocvB/qnvNrFrAVgidjtIinRxgouwhnxlO2XUa/na9cTdMiH3srI79 m6aYgIdL2CeWe+J+zqaT2+s2hQ3dCAPpTjjPkAuBtRf2MJp0D2hZvp2LASbctFrvi/gCNb6DI/0 aTD8vZzGYam8oWsy8aLDDkzu5/HyhClRDk/g6r9Szz8GLJSGIBNh4ExWXvCFmNAAA4CDt+IuqRx SuyukaZ34G7wU8IylQIpta8R0xnClInFgjfMXVZs8QlNGh0CtjKCRrjYFI3S+Dnjn6MlynGcow3 6Gn+rYdepUL4DX4pSMNIw== X-Received: by 2002:a05:600c:8b81:b0:480:32da:f338 with SMTP id 5b1f17b1804b1-48032daf48bmr97506145e9.14.1768916290173; Tue, 20 Jan 2026 05:38:10 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:09 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/26] python3-urllib3: patch CVE-2025-66418 Date: Tue, 20 Jan 2026 14:37:32 +0100 Message-ID: <49af1e1ee78adc165a2c1d6905d0de79015a942c.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229716 From: Peter Marko Pick patch per [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-66418 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../python3-urllib3/CVE-2025-66418.patch | 70 +++++++++++++++++++ .../python/python3-urllib3_1.26.20.bb | 1 + 2 files changed, 71 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch diff --git a/meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch b/meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch new file mode 100644 index 0000000000..67479010e6 --- /dev/null +++ b/meta/recipes-devtools/python/python3-urllib3/CVE-2025-66418.patch @@ -0,0 +1,70 @@ +From 24d7b67eac89f94e11003424bcf0d8f7b72222a8 Mon Sep 17 00:00:00 2001 +From: Illia Volochii +Date: Fri, 5 Dec 2025 16:41:33 +0200 +Subject: [PATCH] Merge commit from fork + +* Add a hard-coded limit for the decompression chain + +* Reuse new list +--- + changelog/GHSA-gm62-xv2j-4w53.security.rst | 4 ++++ + src/urllib3/response.py | 12 +++++++++++- + test/test_response.py | 10 ++++++++++ + 3 files changed, 25 insertions(+), 1 deletion(-) + create mode 100644 changelog/GHSA-gm62-xv2j-4w53.security.rst + +diff --git a/changelog/GHSA-gm62-xv2j-4w53.security.rst b/changelog/GHSA-gm62-xv2j-4w53.security.rst +new file mode 100644 +index 00000000..6646eaa3 +--- /dev/null ++++ b/changelog/GHSA-gm62-xv2j-4w53.security.rst +@@ -0,0 +1,4 @@ ++Fixed a security issue where an attacker could compose an HTTP response with ++virtually unlimited links in the ``Content-Encoding`` header, potentially ++leading to a denial of service (DoS) attack by exhausting system resources ++during decoding. The number of allowed chained encodings is now limited to 5. +diff --git a/src/urllib3/response.py b/src/urllib3/response.py +index 4ba42136..069f726c 100644 +--- a/src/urllib3/response.py ++++ b/src/urllib3/response.py +@@ -135,8 +135,18 @@ class MultiDecoder(object): + they were applied. + """ + ++ # Maximum allowed number of chained HTTP encodings in the ++ # Content-Encoding header. ++ max_decode_links = 5 ++ + def __init__(self, modes): +- self._decoders = [_get_decoder(m.strip()) for m in modes.split(",")] ++ encodings = [m.strip() for m in modes.split(",")] ++ if len(encodings) > self.max_decode_links: ++ raise DecodeError( ++ "Too many content encodings in the chain: " ++ f"{len(encodings)} > {self.max_decode_links}" ++ ) ++ self._decoders = [_get_decoder(e) for e in encodings] + + def flush(self): + return self._decoders[0].flush() +diff --git a/test/test_response.py b/test/test_response.py +index 9592fdd9..d824ae70 100644 +--- a/test/test_response.py ++++ b/test/test_response.py +@@ -295,6 +295,16 @@ class TestResponse(object): + + assert r.data == b"foo" + ++ def test_read_multi_decoding_too_many_links(self) -> None: ++ fp = BytesIO(b"foo") ++ with pytest.raises( ++ DecodeError, match="Too many content encodings in the chain: 6 > 5" ++ ): ++ HTTPResponse( ++ fp, ++ headers={"content-encoding": "gzip, deflate, br, zstd, gzip, deflate"}, ++ ) ++ + def test_body_blob(self): + resp = HTTPResponse(b"foo") + assert resp.data == b"foo" diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.20.bb b/meta/recipes-devtools/python/python3-urllib3_1.26.20.bb index 58988e4205..1f1132d5b5 100644 --- a/meta/recipes-devtools/python/python3-urllib3_1.26.20.bb +++ b/meta/recipes-devtools/python/python3-urllib3_1.26.20.bb @@ -9,6 +9,7 @@ inherit pypi setuptools3 SRC_URI += " \ file://CVE-2025-50181.patch \ + file://CVE-2025-66418.patch \ " RDEPENDS:${PN} += "\ From patchwork Tue Jan 20 13:37:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79190 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11534D2ED17 for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6483.1768916292925647665 for ; Tue, 20 Jan 2026 05:38:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Iu0sgrPA; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-47ee9817a35so30508125e9.1 for ; Tue, 20 Jan 2026 05:38:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916291; x=1769521091; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1Gx38F3rYZ1ybxxqNl0D6u+mL2FoWV2GkBhgXsDeupM=; b=Iu0sgrPAmeCMB2lvvNM+LBf0O2rJJYi4+FG42kII6XafXXS9sT5iInwwATLxDFpW/G 7sGj9zSBYSIdMU25leIVXlf8Nc/aFI/cgnKmMNNFPW7WupDRUx3iSREuLrSYcqdxq+IJ fEVoC2o8HhaK3Av0+twplVpvA2j1G6jkAYX9Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916291; x=1769521091; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1Gx38F3rYZ1ybxxqNl0D6u+mL2FoWV2GkBhgXsDeupM=; b=NoZGmWLL1nqIEO26JXaJ4dEjliciaHnd9w8lTNpX4GIQULyV5Krjd1YAIpLxl3s8cC 6NQ13fSmp3OMhsW41Ry7mXwlWcljOdahIcyRbqUcNOoi5L+blQH2Z0aBbruhTS/oFSF+ Ijxe7Nj/ZXZ1xUpzWaNqNBAwzdm2j7degTshiz0r3JnhxJ79xQ5L8eA7OjExXVDd62Hh TF7Cjk2eQB4hVYBn1fAZNXsh3AnsQzuW8kyhCXVzHIBJJovUcn9dgAX35cbuiTmK23T+ UXg+TtUr0Z21hmkfdmPsffnK78JIPZx4VFiTSBsMNNyJaTqYfeCDNcPDHrW+P4pVNha2 5HrQ== X-Gm-Message-State: AOJu0YzfXsDf8Dr+90ufCurqUJJ9UZyXg0WXieOp18CZVoMC6HK9JJ/V B0hQLl+6VrGeTM2Nc6t477872NRy26PWBcisQ+S38g2QbZF72Uf00PG5FUhtJZFWI/Xpb+tyU/2 gKggk X-Gm-Gg: AY/fxX4m6nBFYiIpd2/LDfAHslsErtgfjYulrEfqmafRkPLVqkUqln1HvjHRvpt+GTr ROV763mzU7rmm9VgcLx9ew3410b9C8WxU3qlcg8kVRb6tvfAi6cwf0k4amUtOWS+6XoXp+WZn67 p5u1yKbLRM17Ikk35aSLiJmTNO/RyL7fIy55HT8X2lvrfJJ01up6IW0K0ioVBntwHfAiLh42n/R sAlUVWp5Bl5txAuIXq25DGkUl9GevEvPFUwcSFmUegtO/zTITabWCWXvRt63nUMD/d6j39A3u7F 1Fjayp4M4OpffswUOpfq2lj5+b0/x8m56Sw2AVPEmgp3aWPZGY2SbslnzC2AVc4VO36uvz8TiY0 POra+wrobg9jKwMBSk3x/nDGo1iF90i1NE5nQsfG63Ef/lDoK4phr8JAOsSBEFZ8QS6CIeh++fW xZ73XTcvVgfzt/C0yzCJz3kg3Jb5Ufn7CGMhVt6dPWIKAo6NxwEU/THD1L6lzAkCiZIzdSvPouB Sb6drV9OSBvS4i4yltQag== X-Received: by 2002:a05:600c:1d14:b0:47e:e076:c7a5 with SMTP id 5b1f17b1804b1-4803e7a4430mr24407775e9.11.1768916290815; Tue, 20 Jan 2026 05:38:10 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:10 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/26] libpcap: patch CVE-2025-11961 Date: Tue, 20 Jan 2026 14:37:33 +0100 Message-ID: <633e5d2e6626964cd5aada261df4522065a4ed03.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229717 From: Peter Marko Pick patch per [1]. Also pick additional preparation patch to apply it cleanly. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-11961 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../libpcap/libpcap/CVE-2025-11961-01.patch | 38 ++ .../libpcap/libpcap/CVE-2025-11961-02.patch | 433 ++++++++++++++++++ .../libpcap/libpcap_1.10.1.bb | 2 + 3 files changed, 473 insertions(+) create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch new file mode 100644 index 0000000000..73c3ab3f5c --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-01.patch @@ -0,0 +1,38 @@ +From 7224be0fe2f4beb916b7b69141f478facd0f0634 Mon Sep 17 00:00:00 2001 +From: Denis Ovsienko +Date: Sat, 27 Dec 2025 21:36:11 +0000 +Subject: [PATCH] Rename one of the xdtoi() copies to simplify backporting. + +CVE: CVE-2025-11961 +Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/7224be0fe2f4beb916b7b69141f478facd0f0634] +Signed-off-by: Peter Marko +--- + nametoaddr.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/nametoaddr.c b/nametoaddr.c +index dc75495c..bdaacbf1 100644 +--- a/nametoaddr.c ++++ b/nametoaddr.c +@@ -646,7 +646,7 @@ pcap_nametollc(const char *s) + + /* Hex digit to 8-bit unsigned integer. */ + static inline u_char +-xdtoi(u_char c) ++pcapint_xdtoi(u_char c) + { + if (c >= '0' && c <= '9') + return (u_char)(c - '0'); +@@ -728,10 +728,10 @@ pcap_ether_aton(const char *s) + while (*s) { + if (*s == ':' || *s == '.' || *s == '-') + s += 1; +- d = xdtoi(*s++); ++ d = pcapint_xdtoi(*s++); + if (PCAP_ISXDIGIT(*s)) { + d <<= 4; +- d |= xdtoi(*s++); ++ d |= pcapint_xdtoi(*s++); + } + *ep++ = d; + } diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch new file mode 100644 index 0000000000..0b0dc5ac40 --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11961-02.patch @@ -0,0 +1,433 @@ +From b2d2f9a9a0581c40780bde509f7cc715920f1c02 Mon Sep 17 00:00:00 2001 +From: Denis Ovsienko +Date: Fri, 19 Dec 2025 17:31:13 +0000 +Subject: [PATCH] CVE-2025-11961: Fix OOBR and OOBW in pcap_ether_aton(). + +pcap_ether_aton() has for a long time required its string argument to be +a well-formed MAC-48 address, which is always the case when the argument +comes from other libpcap code, so the function has never validated the +input and used a simple loop to parse any of the three common MAC-48 +address formats. However, the function has also been a part of the +public API, so calling it directly with a malformed address can cause +the loop to read beyond the end of the input string and/or to write +beyond the end of the allocated output buffer. + +To handle invalid input more appropriately, replace the simple loop with +new functions and require the input to match a supported address format. + +This problem was reported by Jin Wei, Kunwei Qian and Ping Chen. + +(backported from commit dd08e53e9380e217ae7c7768da9cc3d7bf37bf83) + +CVE: CVE-2025-11961 +Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/b2d2f9a9a0581c40780bde509f7cc715920f1c02] +Signed-off-by: Peter Marko +--- + gencode.c | 5 + + nametoaddr.c | 367 +++++++++++++++++++++++++++++++++++++++++++++++---- + 2 files changed, 349 insertions(+), 23 deletions(-) + +diff --git a/gencode.c b/gencode.c +index 3ddd15f8..76fb2d82 100644 +--- a/gencode.c ++++ b/gencode.c +@@ -7206,6 +7206,11 @@ gen_ecode(compiler_state_t *cstate, const char *s, struct qual q) + return (NULL); + + if ((q.addr == Q_HOST || q.addr == Q_DEFAULT) && q.proto == Q_LINK) { ++ /* ++ * Because the lexer guards the input string format, in this ++ * context the function returns NULL iff the implicit malloc() ++ * has failed. ++ */ + cstate->e = pcap_ether_aton(s); + if (cstate->e == NULL) + bpf_error(cstate, "malloc"); +diff --git a/nametoaddr.c b/nametoaddr.c +index f9fcd288..f50d0da5 100644 +--- a/nametoaddr.c ++++ b/nametoaddr.c +@@ -703,39 +703,360 @@ __pcap_atodn(const char *s, bpf_u_int32 *addr) + return(32); + } + ++// Man page: "xxxxxxxxxxxx", regexp: "^[0-9a-fA-F]{12}$". ++static u_char ++pcapint_atomac48_xxxxxxxxxxxx(const char *s, uint8_t *addr) ++{ ++ if (strlen(s) == 12 && ++ PCAP_ISXDIGIT(s[0]) && ++ PCAP_ISXDIGIT(s[1]) && ++ PCAP_ISXDIGIT(s[2]) && ++ PCAP_ISXDIGIT(s[3]) && ++ PCAP_ISXDIGIT(s[4]) && ++ PCAP_ISXDIGIT(s[5]) && ++ PCAP_ISXDIGIT(s[6]) && ++ PCAP_ISXDIGIT(s[7]) && ++ PCAP_ISXDIGIT(s[8]) && ++ PCAP_ISXDIGIT(s[9]) && ++ PCAP_ISXDIGIT(s[10]) && ++ PCAP_ISXDIGIT(s[11])) { ++ addr[0] = pcapint_xdtoi(s[0]) << 4 | pcapint_xdtoi(s[1]); ++ addr[1] = pcapint_xdtoi(s[2]) << 4 | pcapint_xdtoi(s[3]); ++ addr[2] = pcapint_xdtoi(s[4]) << 4 | pcapint_xdtoi(s[5]); ++ addr[3] = pcapint_xdtoi(s[6]) << 4 | pcapint_xdtoi(s[7]); ++ addr[4] = pcapint_xdtoi(s[8]) << 4 | pcapint_xdtoi(s[9]); ++ addr[5] = pcapint_xdtoi(s[10]) << 4 | pcapint_xdtoi(s[11]); ++ return 1; ++ } ++ return 0; ++} ++ ++// Man page: "xxxx.xxxx.xxxx", regexp: "^[0-9a-fA-F]{4}(\.[0-9a-fA-F]{4}){2}$". ++static u_char ++pcapint_atomac48_xxxx_3_times(const char *s, uint8_t *addr) ++{ ++ const char sep = '.'; ++ if (strlen(s) == 14 && ++ PCAP_ISXDIGIT(s[0]) && ++ PCAP_ISXDIGIT(s[1]) && ++ PCAP_ISXDIGIT(s[2]) && ++ PCAP_ISXDIGIT(s[3]) && ++ s[4] == sep && ++ PCAP_ISXDIGIT(s[5]) && ++ PCAP_ISXDIGIT(s[6]) && ++ PCAP_ISXDIGIT(s[7]) && ++ PCAP_ISXDIGIT(s[8]) && ++ s[9] == sep && ++ PCAP_ISXDIGIT(s[10]) && ++ PCAP_ISXDIGIT(s[11]) && ++ PCAP_ISXDIGIT(s[12]) && ++ PCAP_ISXDIGIT(s[13])) { ++ addr[0] = pcapint_xdtoi(s[0]) << 4 | pcapint_xdtoi(s[1]); ++ addr[1] = pcapint_xdtoi(s[2]) << 4 | pcapint_xdtoi(s[3]); ++ addr[2] = pcapint_xdtoi(s[5]) << 4 | pcapint_xdtoi(s[6]); ++ addr[3] = pcapint_xdtoi(s[7]) << 4 | pcapint_xdtoi(s[8]); ++ addr[4] = pcapint_xdtoi(s[10]) << 4 | pcapint_xdtoi(s[11]); ++ addr[5] = pcapint_xdtoi(s[12]) << 4 | pcapint_xdtoi(s[13]); ++ return 1; ++ } ++ return 0; ++} ++ + /* +- * Convert 's', which can have the one of the forms: ++ * Man page: "xx:xx:xx:xx:xx:xx", regexp: "^[0-9a-fA-F]{1,2}(:[0-9a-fA-F]{1,2}){5}$". ++ * Man page: "xx-xx-xx-xx-xx-xx", regexp: "^[0-9a-fA-F]{1,2}(-[0-9a-fA-F]{1,2}){5}$". ++ * Man page: "xx.xx.xx.xx.xx.xx", regexp: "^[0-9a-fA-F]{1,2}(\.[0-9a-fA-F]{1,2}){5}$". ++ * (Any "xx" above can be "x", which is equivalent to "0x".) + * +- * "xx:xx:xx:xx:xx:xx" +- * "xx.xx.xx.xx.xx.xx" +- * "xx-xx-xx-xx-xx-xx" +- * "xxxx.xxxx.xxxx" +- * "xxxxxxxxxxxx" ++ * An equivalent (and parametrisable for EUI-64) FSM could be implemented using ++ * a smaller graph, but that graph would be neither acyclic nor planar nor ++ * trivial to verify. + * +- * (or various mixes of ':', '.', and '-') into a new +- * ethernet address. Assumes 's' is well formed. ++ * | ++ * [.] v ++ * +<---------- START ++ * | | ++ * | | [0-9a-fA-F] ++ * | [.] v ++ * +<--------- BYTE0_X ----------+ ++ * | | | ++ * | | [0-9a-fA-F] | ++ * | [.] v | ++ * +<--------- BYTE0_XX | [:\.-] ++ * | | | ++ * | | [:\.-] | ++ * | [.] v | ++ * +<----- BYTE0_SEP_BYTE1 <-----+ ++ * | | ++ * | | [0-9a-fA-F] ++ * | [.] v ++ * +<--------- BYTE1_X ----------+ ++ * | | | ++ * | | [0-9a-fA-F] | ++ * | [.] v | ++ * +<--------- BYTE1_XX | ++ * | | | ++ * | | | ++ * | [.] v | ++ * +<----- BYTE1_SEP_BYTE2 <-----+ ++ * | | ++ * | | [0-9a-fA-F] ++ * | [.] v ++ * +<--------- BYTE2_X ----------+ ++ * | | | ++ * | | [0-9a-fA-F] | ++ * | [.] v | ++ * +<--------- BYTE2_XX | ++ * | | | ++ * | | | ++ * | [.] v | ++ * +<----- BYTE2_SEP_BYTE3 <-----+ ++ * | | ++ * | | [0-9a-fA-F] ++ * | [.] v ++ * +<--------- BYTE3_X ----------+ ++ * | | | ++ * | | [0-9a-fA-F] | ++ * | [.] v | ++ * +<--------- BYTE3_XX | ++ * | | | ++ * | | | ++ * | [.] v | ++ * +<----- BYTE3_SEP_BYTE4 <-----+ ++ * | | ++ * | | [0-9a-fA-F] ++ * | [.] v ++ * +<--------- BYTE4_X ----------+ ++ * | | | ++ * | | [0-9a-fA-F] | ++ * | [.] v | ++ * +<--------- BYTE4_XX | ++ * | | | ++ * | | | ++ * | [.] v | ++ * +<----- BYTE4_SEP_BYTE5 <-----+ ++ * | | ++ * | | [0-9a-fA-F] ++ * | [.] v ++ * +<--------- BYTE5_X ----------+ ++ * | | | ++ * | | [0-9a-fA-F] | ++ * | [.] v | ++ * +<--------- BYTE5_XX | \0 ++ * | | | ++ * | | \0 | ++ * | | v ++ * +--> (reject) +---------> (accept) ++ * ++ */ ++static u_char ++pcapint_atomac48_x_xx_6_times(const char *s, uint8_t *addr) ++{ ++ enum { ++ START, ++ BYTE0_X, ++ BYTE0_XX, ++ BYTE0_SEP_BYTE1, ++ BYTE1_X, ++ BYTE1_XX, ++ BYTE1_SEP_BYTE2, ++ BYTE2_X, ++ BYTE2_XX, ++ BYTE2_SEP_BYTE3, ++ BYTE3_X, ++ BYTE3_XX, ++ BYTE3_SEP_BYTE4, ++ BYTE4_X, ++ BYTE4_XX, ++ BYTE4_SEP_BYTE5, ++ BYTE5_X, ++ BYTE5_XX, ++ } fsm_state = START; ++ uint8_t buf[6]; ++ const char *seplist = ":.-"; ++ char sep; ++ ++ while (*s) { ++ switch (fsm_state) { ++ case START: ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[0] = pcapint_xdtoi(*s); ++ fsm_state = BYTE0_X; ++ break; ++ } ++ goto reject; ++ case BYTE0_X: ++ if (strchr(seplist, *s)) { ++ sep = *s; ++ fsm_state = BYTE0_SEP_BYTE1; ++ break; ++ } ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[0] = buf[0] << 4 | pcapint_xdtoi(*s); ++ fsm_state = BYTE0_XX; ++ break; ++ } ++ goto reject; ++ case BYTE0_XX: ++ if (strchr(seplist, *s)) { ++ sep = *s; ++ fsm_state = BYTE0_SEP_BYTE1; ++ break; ++ } ++ goto reject; ++ case BYTE0_SEP_BYTE1: ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[1] = pcapint_xdtoi(*s); ++ fsm_state = BYTE1_X; ++ break; ++ } ++ goto reject; ++ case BYTE1_X: ++ if (*s == sep) { ++ fsm_state = BYTE1_SEP_BYTE2; ++ break; ++ } ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[1] = buf[1] << 4 | pcapint_xdtoi(*s); ++ fsm_state = BYTE1_XX; ++ break; ++ } ++ goto reject; ++ case BYTE1_XX: ++ if (*s == sep) { ++ fsm_state = BYTE1_SEP_BYTE2; ++ break; ++ } ++ goto reject; ++ case BYTE1_SEP_BYTE2: ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[2] = pcapint_xdtoi(*s); ++ fsm_state = BYTE2_X; ++ break; ++ } ++ goto reject; ++ case BYTE2_X: ++ if (*s == sep) { ++ fsm_state = BYTE2_SEP_BYTE3; ++ break; ++ } ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[2] = buf[2] << 4 | pcapint_xdtoi(*s); ++ fsm_state = BYTE2_XX; ++ break; ++ } ++ goto reject; ++ case BYTE2_XX: ++ if (*s == sep) { ++ fsm_state = BYTE2_SEP_BYTE3; ++ break; ++ } ++ goto reject; ++ case BYTE2_SEP_BYTE3: ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[3] = pcapint_xdtoi(*s); ++ fsm_state = BYTE3_X; ++ break; ++ } ++ goto reject; ++ case BYTE3_X: ++ if (*s == sep) { ++ fsm_state = BYTE3_SEP_BYTE4; ++ break; ++ } ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[3] = buf[3] << 4 | pcapint_xdtoi(*s); ++ fsm_state = BYTE3_XX; ++ break; ++ } ++ goto reject; ++ case BYTE3_XX: ++ if (*s == sep) { ++ fsm_state = BYTE3_SEP_BYTE4; ++ break; ++ } ++ goto reject; ++ case BYTE3_SEP_BYTE4: ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[4] = pcapint_xdtoi(*s); ++ fsm_state = BYTE4_X; ++ break; ++ } ++ goto reject; ++ case BYTE4_X: ++ if (*s == sep) { ++ fsm_state = BYTE4_SEP_BYTE5; ++ break; ++ } ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[4] = buf[4] << 4 | pcapint_xdtoi(*s); ++ fsm_state = BYTE4_XX; ++ break; ++ } ++ goto reject; ++ case BYTE4_XX: ++ if (*s == sep) { ++ fsm_state = BYTE4_SEP_BYTE5; ++ break; ++ } ++ goto reject; ++ case BYTE4_SEP_BYTE5: ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[5] = pcapint_xdtoi(*s); ++ fsm_state = BYTE5_X; ++ break; ++ } ++ goto reject; ++ case BYTE5_X: ++ if (PCAP_ISXDIGIT(*s)) { ++ buf[5] = buf[5] << 4 | pcapint_xdtoi(*s); ++ fsm_state = BYTE5_XX; ++ break; ++ } ++ goto reject; ++ case BYTE5_XX: ++ goto reject; ++ } // switch ++ s++; ++ } // while ++ ++ if (fsm_state == BYTE5_X || fsm_state == BYTE5_XX) { ++ // accept ++ memcpy(addr, buf, sizeof(buf)); ++ return 1; ++ } ++ ++reject: ++ return 0; ++} ++ ++// The 'addr' argument must point to an array of at least 6 elements. ++static int ++pcapint_atomac48(const char *s, uint8_t *addr) ++{ ++ return s && ( ++ pcapint_atomac48_xxxxxxxxxxxx(s, addr) || ++ pcapint_atomac48_xxxx_3_times(s, addr) || ++ pcapint_atomac48_x_xx_6_times(s, addr) ++ ); ++} ++ ++/* ++ * If 's' is a MAC-48 address in one of the forms documented in pcap-filter(7) ++ * for "ether host", return a pointer to an allocated buffer with the binary ++ * value of the address. Return NULL on any error. + */ + u_char * + pcap_ether_aton(const char *s) + { +- register u_char *ep, *e; +- register u_char d; ++ uint8_t tmp[6]; ++ if (! pcapint_atomac48(s, tmp)) ++ return (NULL); + +- e = ep = (u_char *)malloc(6); ++ u_char *e = malloc(6); + if (e == NULL) + return (NULL); +- +- while (*s) { +- if (*s == ':' || *s == '.' || *s == '-') +- s += 1; +- d = pcapint_xdtoi(*s++); +- if (PCAP_ISXDIGIT(*s)) { +- d <<= 4; +- d |= pcapint_xdtoi(*s++); +- } +- *ep++ = d; +- } +- ++ memcpy(e, tmp, sizeof(tmp)); + return (e); + } + diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb index 584e98c76d..b3bd4f669a 100644 --- a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb +++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb @@ -17,6 +17,8 @@ SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \ file://CVE-2023-7256-pre4.patch \ file://CVE-2023-7256.patch \ file://CVE-2024-8006.patch \ + file://CVE-2025-11961-01.patch \ + file://CVE-2025-11961-02.patch \ " SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4" From patchwork Tue Jan 20 13:37:34 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79189 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0819FD2ED12 for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6473.1768916293357401099 for ; Tue, 20 Jan 2026 05:38:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=c9JwgxXl; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-47ee3da7447so34406535e9.0 for ; Tue, 20 Jan 2026 05:38:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916291; x=1769521091; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/eU+frBv4hwSWyQeyaKK/tEbxFfFPCfcGdQ/EnuEpGY=; b=c9JwgxXlthUsWzjab1/g3pDB9tRPE4b/g7qRO6Jvo22qERbBF2S5YFPq1p8Cfe+GQo wSD8I+xLgakmEXL6Ayiom24GCMNWqJcqGsILsJS2yFs2STuXNKqxW5xYsuIrCuSi8Y8d zvLERxiMQd5NpIM8b63x4E2KP0urFKygWlBGQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916291; x=1769521091; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=/eU+frBv4hwSWyQeyaKK/tEbxFfFPCfcGdQ/EnuEpGY=; b=aKGJCfI3BmNkobl1/lKrC/ZQmqd7ytnuW8Y8g0wbR8K8bzTQOc/anCRCOawWdoNzIz M7hUaKZVl0UtXwaFdJVyDlG1kcL/Uik9kLkJ7M6JR0DSCB9tl5hmcFWodyqgh7PD/KUH wrcgTYrXAm9+Jzbc/qfs40UdS6xIMHYSSmRGZYiam5koQIdjjxH3NFLLMIviLhTuBUoT lmecSexx8hi2l1NGpvPAwPIMg1grAIfbEe2plpQEDGOrrqyCCFyRiiHbfXBIE8P2Kzsg H6JRY3bzRy3zADS4Ks8SS7UuQseGpYdYNtrJh0D4n1eerFGe4Sa6gzqSkXsnXeQ0Bn2z JRZQ== X-Gm-Message-State: AOJu0YyUJOCTU+xparDzNvwLKg21JLNTeFT9Ejl68E4BVuPIpH6QUXvG gWR4VZKk2INqAKKYgIIhi4hi7XVuAyt+wuB8XNx52aByUAR8ia3/O1JoMxt8kaQyNRy6yc/dF07 9mh8I X-Gm-Gg: AY/fxX63gk+MKoZ1erQM0XDT0Y78H4d+uqipUoXkTuvLTk68aLVFxo99QdTmNHyu5vy NvTndz1038troS2y0LIRlnbAXQ5II9vsO6uvxbmB8KqrCZK9LQea7SdaMkhwE0FTGNAKD3uEE/y Hk9evRf+fEkSo98nc4aHT5JDaNwy6rJpBLD4DvtpCpwYDlpDL4971AQ2FSMMd6NfVGRvu7Uqtzu A9R9xUbSnIxxEM+V435rzWD0gQ77VXI5FBU738c839bW2YTavZveUf594zQYes3Yfz49TYI3+WH qUQxLb3JlNxFMBI/aXdFrgtvFXsmjSuXJVGdXuGiMiHef5Iq+LTf6pSrL6zDbiHgUc8qzJc4vZG 3E6DCa55xKghRwVBT0Zz6tAS/JwajW7EXtgAo69PJYcF8SZAvEEWzq3o8AWcvdqxuIB5dfv+TSH 5ld3Jy/+AaAtxQTeOYVqiWogDRb3WoY2VRbS2Zj9bkBekuNIbXbGjpIQEMqT6WV6z0SoUnRD6HZ PSnTysKrsR9qp6MUsOLrg== X-Received: by 2002:a05:600c:3555:b0:480:1d0b:2d32 with SMTP id 5b1f17b1804b1-4801e2fe352mr199423425e9.12.1768916291440; Tue, 20 Jan 2026 05:38:11 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:11 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/26] libpcap: patch CVE-2025-11964 Date: Tue, 20 Jan 2026 14:37:34 +0100 Message-ID: <674dda9170cf471010fc1cbaae52e6054a91c7f8.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229718 From: Peter Marko Pick patch per [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-11964 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../libpcap/libpcap/CVE-2025-11964.patch | 33 +++++++++++++++++++ .../libpcap/libpcap_1.10.1.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch diff --git a/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch new file mode 100644 index 0000000000..003d21fb1f --- /dev/null +++ b/meta/recipes-connectivity/libpcap/libpcap/CVE-2025-11964.patch @@ -0,0 +1,33 @@ +From 7fabf607f2319a36a0bd78444247180acb838e69 Mon Sep 17 00:00:00 2001 +From: Guy Harris +Date: Sun, 7 Sep 2025 12:51:56 -0700 +Subject: [PATCH] Fix a copy-and-pasteo in utf_16le_to_utf_8_truncated(). + +For the four octets of UTF-8 case, it was decrementing the remaining +buffer length by 3, not 4. + +Thanks to a team of developers from the Univesity of Waterloo for +reporting this. + +(cherry picked from commit aebfca1aea2fc8c177760a26e8f4de27b51d1b3b) + +CVE: CVE-2025-11964 +Upstream-Status: Backport [https://github.com/the-tcpdump-group/libpcap/commit/7fabf607f2319a36a0bd78444247180acb838e69] +Signed-off-by: Peter Marko +--- + fmtutils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fmtutils.c b/fmtutils.c +index a5a4fe62..78a0f8b7 100644 +--- a/fmtutils.c ++++ b/fmtutils.c +@@ -235,7 +235,7 @@ utf_16le_to_utf_8_truncated(const wchar_t *utf_16, char *utf_8, + *utf_8++ = ((uc >> 12) & 0x3F) | 0x80; + *utf_8++ = ((uc >> 6) & 0x3F) | 0x80; + *utf_8++ = ((uc >> 0) & 0x3F) | 0x80; +- utf_8_len -= 3; ++ utf_8_len -= 4; + } + } + diff --git a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb index b3bd4f669a..5e136e3b1a 100644 --- a/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb +++ b/meta/recipes-connectivity/libpcap/libpcap_1.10.1.bb @@ -19,6 +19,7 @@ SRC_URI = "https://www.tcpdump.org/release/${BP}.tar.gz \ file://CVE-2024-8006.patch \ file://CVE-2025-11961-01.patch \ file://CVE-2025-11961-02.patch \ + file://CVE-2025-11964.patch \ " SRC_URI[sha256sum] = "ed285f4accaf05344f90975757b3dbfe772ba41d1c401c2648b7fa45b711bdd4" From patchwork Tue Jan 20 13:37:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79193 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E59ED2ED16 for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6474.1768916294017131628 for ; Tue, 20 Jan 2026 05:38:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=phthxzav; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-47ee0291921so36471615e9.3 for ; Tue, 20 Jan 2026 05:38:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916292; x=1769521092; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FasFGe1CH0bN58XN/2TOKNzMT14WmaWgC5QxW4PkkEQ=; b=phthxzaven4+j9NdeAMhfTUZ3WfTyGesAGZNCbzxzquI9UkPNbElKRMFp/luVv9pPZ OQZnOQYYRciVFz3tqA/1zEBUU7Y25RhOQ2RwPJERV+840KnNLeQyuNagjOqFyw/Pzl0M xRYOFbFbTIQaE0mPhBz4OLf4HnhbVPCenZV2s= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916292; x=1769521092; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=FasFGe1CH0bN58XN/2TOKNzMT14WmaWgC5QxW4PkkEQ=; b=CbxcfVn02rjmVE8Jor85NcmlTd0c+JX6B6FzEzhT/JIo8dDt6uNgDNEfKscFL6StUv 74u8KcohGD5DB2KpKOLEAvSLV1i5sIQl6A8lc+Z3Q20nrjXVPxkuWWvIFVSIXmaFtAPW sJ2wpGXLSAh6DUyssAzkKoYrDoIPUiawuTWFegwZgsBvHmWKgun+HA+uh8Zs85UKUjYw 0RfiojgDBHH2e8AzMCSrtGJ+0SUrfRUh+UD0tuOW+ZYm4oYZZZd43RATw6788G8A3IEA OjwHyVjz6mDZwV93G+kU/dhiq/1/9THl5WV3ZgJJbq8fXGp1z7MoMTb/eOIkdjpIVBZ5 DNuQ== X-Gm-Message-State: AOJu0YwCfSFOxOBnM5VYqG8TP0CqemKfWAfg93tEpl6yfIWs/cWt5Oul ON9+kRW5MPYJxb7/xf+KILzQH+J1sJ7WspnaVxXcugw830qaiip9ziK0BAYyb4tXm2U8z0MiVTa B50cf X-Gm-Gg: AY/fxX4L0uiTXwTKSv1dv/M38sdFrPPS7JncVhVvJPT+mjSCusj6i17sl7CjtRgdyiT 75mlGE19cqTk15q/J0BpofIHQJizeuqki0H9QzuxrOIQ++8P0r7qMZtjk44524P0eg1sBFNp77f +LGXIzApQnjws0jHcegxlCpPwSQGimwFgtaO5x1MuY327qC6N/ka/W8fMkACDXzbhJP/mDmds6d yEach3zMVLaL/11jIW/EEsn3gylmKnSZgS/HX0gG1O8iFyITO6ip7Z6jcDV+Ne5c1v7mDdgDtpz fIODYVHEZb4cyz5oiKQyS1Zn7rlxVXULQnJdA78fy0LdHDX0O4PbBAU1oN1EgOxlVVEPlMyB8mE h3yzAOXisJdJObVEymEbv0Fv9NrFKUrF11O/hHt3KMRSVEsuWv1AGamJ2qQIH3hfqrqanWrHwev wTJA72xYUDw8aDqovQToia5X90Y0POqtfWcVN9wNvOettksBztfiCaGRVYEXc7G4lI9h4Nfcc+/ lO+q7duB9oJIPeGS6XcxQ== X-Received: by 2002:a05:600c:46cf:b0:479:3a88:de5e with SMTP id 5b1f17b1804b1-4801eb15549mr147769785e9.37.1768916292030; Tue, 20 Jan 2026 05:38:12 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:11 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/26] python3: fix CVE-2025-13836 Date: Tue, 20 Jan 2026 14:37:35 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229719 From: Hitendra Prajapati Upstream-Status: Backport from https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../python/python3/CVE-2025-13836.patch | 163 ++++++++++++++++++ .../python/python3_3.10.19.bb | 1 + 2 files changed, 164 insertions(+) create mode 100644 meta/recipes-devtools/python/python3/CVE-2025-13836.patch diff --git a/meta/recipes-devtools/python/python3/CVE-2025-13836.patch b/meta/recipes-devtools/python/python3/CVE-2025-13836.patch new file mode 100644 index 0000000000..c4387b6019 --- /dev/null +++ b/meta/recipes-devtools/python/python3/CVE-2025-13836.patch @@ -0,0 +1,163 @@ +From 289f29b0fe38baf2d7cb5854f4bb573cc34a6a15 Mon Sep 17 00:00:00 2001 +From: "Miss Islington (bot)" + <31488909+miss-islington@users.noreply.github.com> +Date: Fri, 5 Dec 2025 16:21:57 +0100 +Subject: [PATCH] [3.13] gh-119451: Fix a potential denial of service in + http.client (GH-119454) (#142139) + +gh-119451: Fix a potential denial of service in http.client (GH-119454) + +Reading the whole body of the HTTP response could cause OOM if +the Content-Length value is too large even if the server does not send +a large amount of data. Now the HTTP client reads large data by chunks, +therefore the amount of consumed memory is proportional to the amount +of sent data. +(cherry picked from commit 5a4c4a033a4a54481be6870aa1896fad732555b5) + +CVE: CVE-2025-13836 +Upstream-Status: Backport [https://github.com/python/cpython/commit/289f29b0fe38baf2d7cb5854f4bb573cc34a6a15] +Signed-off-by: Hitendra Prajapati +--- + Lib/http/client.py | 28 ++++++-- + Lib/test/test_httplib.py | 66 +++++++++++++++++++ + ...-05-23-11-47-48.gh-issue-119451.qkJe9-.rst | 5 ++ + 3 files changed, 95 insertions(+), 4 deletions(-) + create mode 100644 Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst + +diff --git a/Lib/http/client.py b/Lib/http/client.py +index d1b7b10..c8ab5b7 100644 +--- a/Lib/http/client.py ++++ b/Lib/http/client.py +@@ -111,6 +111,11 @@ responses = {v: v.phrase for v in http.HTTPStatus.__members__.values()} + _MAXLINE = 65536 + _MAXHEADERS = 100 + ++# Data larger than this will be read in chunks, to prevent extreme ++# overallocation. ++_MIN_READ_BUF_SIZE = 1 << 20 ++ ++ + # Header name/value ABNF (http://tools.ietf.org/html/rfc7230#section-3.2) + # + # VCHAR = %x21-7E +@@ -628,10 +633,25 @@ class HTTPResponse(io.BufferedIOBase): + reading. If the bytes are truly not available (due to EOF), then the + IncompleteRead exception can be used to detect the problem. + """ +- data = self.fp.read(amt) +- if len(data) < amt: +- raise IncompleteRead(data, amt-len(data)) +- return data ++ cursize = min(amt, _MIN_READ_BUF_SIZE) ++ data = self.fp.read(cursize) ++ if len(data) >= amt: ++ return data ++ if len(data) < cursize: ++ raise IncompleteRead(data, amt - len(data)) ++ ++ data = io.BytesIO(data) ++ data.seek(0, 2) ++ while True: ++ # This is a geometric increase in read size (never more than ++ # doubling out the current length of data per loop iteration). ++ delta = min(cursize, amt - cursize) ++ data.write(self.fp.read(delta)) ++ if data.tell() >= amt: ++ return data.getvalue() ++ cursize += delta ++ if data.tell() < cursize: ++ raise IncompleteRead(data.getvalue(), amt - data.tell()) + + def _safe_readinto(self, b): + """Same as _safe_read, but for reading into a buffer.""" +diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py +index 77152cf..89ec5f6 100644 +--- a/Lib/test/test_httplib.py ++++ b/Lib/test/test_httplib.py +@@ -1226,6 +1226,72 @@ class BasicTest(TestCase): + thread.join() + self.assertEqual(result, b"proxied data\n") + ++ def test_large_content_length(self): ++ serv = socket.create_server((HOST, 0)) ++ self.addCleanup(serv.close) ++ ++ def run_server(): ++ [conn, address] = serv.accept() ++ with conn: ++ while conn.recv(1024): ++ conn.sendall( ++ b"HTTP/1.1 200 Ok\r\n" ++ b"Content-Length: %d\r\n" ++ b"\r\n" % size) ++ conn.sendall(b'A' * (size//3)) ++ conn.sendall(b'B' * (size - size//3)) ++ ++ thread = threading.Thread(target=run_server) ++ thread.start() ++ self.addCleanup(thread.join, 1.0) ++ ++ conn = client.HTTPConnection(*serv.getsockname()) ++ try: ++ for w in range(15, 27): ++ size = 1 << w ++ conn.request("GET", "/") ++ with conn.getresponse() as response: ++ self.assertEqual(len(response.read()), size) ++ finally: ++ conn.close() ++ thread.join(1.0) ++ ++ def test_large_content_length_truncated(self): ++ serv = socket.create_server((HOST, 0)) ++ self.addCleanup(serv.close) ++ ++ def run_server(): ++ while True: ++ [conn, address] = serv.accept() ++ with conn: ++ conn.recv(1024) ++ if not size: ++ break ++ conn.sendall( ++ b"HTTP/1.1 200 Ok\r\n" ++ b"Content-Length: %d\r\n" ++ b"\r\n" ++ b"Text" % size) ++ ++ thread = threading.Thread(target=run_server) ++ thread.start() ++ self.addCleanup(thread.join, 1.0) ++ ++ conn = client.HTTPConnection(*serv.getsockname()) ++ try: ++ for w in range(18, 65): ++ size = 1 << w ++ conn.request("GET", "/") ++ with conn.getresponse() as response: ++ self.assertRaises(client.IncompleteRead, response.read) ++ conn.close() ++ finally: ++ conn.close() ++ size = 0 ++ conn.request("GET", "/") ++ conn.close() ++ thread.join(1.0) ++ + def test_putrequest_override_domain_validation(self): + """ + It should be possible to override the default validation +diff --git a/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst b/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst +new file mode 100644 +index 0000000..6d6f25c +--- /dev/null ++++ b/Misc/NEWS.d/next/Security/2024-05-23-11-47-48.gh-issue-119451.qkJe9-.rst +@@ -0,0 +1,5 @@ ++Fix a potential memory denial of service in the :mod:`http.client` module. ++When connecting to a malicious server, it could cause ++an arbitrary amount of memory to be allocated. ++This could have led to symptoms including a :exc:`MemoryError`, swapping, out ++of memory (OOM) killed processes or containers, or even system crashes. +-- +2.50.1 + diff --git a/meta/recipes-devtools/python/python3_3.10.19.bb b/meta/recipes-devtools/python/python3_3.10.19.bb index 6f23d258c1..5140445ad8 100644 --- a/meta/recipes-devtools/python/python3_3.10.19.bb +++ b/meta/recipes-devtools/python/python3_3.10.19.bb @@ -38,6 +38,7 @@ SRC_URI = "http://www.python.org/ftp/python/${PV}/Python-${PV}.tar.xz \ file://0001-test_storlines-skip-due-to-load-variability.patch \ file://0001-gh-107811-tarfile-treat-overflow-in-UID-GID-as-failu.patch \ file://CVE-2025-6075.patch \ + file://CVE-2025-13836.patch \ " SRC_URI:append:class-native = " \ From patchwork Tue Jan 20 13:37:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79187 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EDCCBD2ECE9 for ; Tue, 20 Jan 2026 13:38:15 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6484.1768916294563153737 for ; Tue, 20 Jan 2026 05:38:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=wthcg8st; spf=pass (domain: smile.fr, ip: 209.85.128.50, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4801d24d91bso37933265e9.2 for ; Tue, 20 Jan 2026 05:38:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916293; x=1769521093; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LEhqBV5Wu/DtwoxgHyNBd07ATroqSdZK4ZbYilR2Tag=; b=wthcg8stCvJ5jC4HzWPpvsPG5BDvckMlZW15zy6Q9dzwavWwii7lex55DbnIwpU7C/ SeN0dkjVThZMiOKUoMn/I+EgE9MzdAiDvjM3ZU3mS+09aYUlQGMvV06k753X0kdzaXkl QfWD6wCpIbMKm3Y4zvG9GEftZqitU6QzXV1J8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916293; x=1769521093; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=LEhqBV5Wu/DtwoxgHyNBd07ATroqSdZK4ZbYilR2Tag=; b=MKiG9cFou7g8xfVdwBAIYwOgZ8CsclyJT3Yy4Bjlez/MNi6kjcMDvdENboQpEo1qqW Hl+3MO9liDVul4V94M9+wuKIJaOZQHCw4eS6CDMGPmsii9lwGsJHBpekjaOi3S2zFZYI LGCKfTQ9+wX0ccGn3aIFD1C0kjSF2FKYMPSrcT79DU13RFNBab73Z1/oaqU/mPbbUHrM kjyneiK0jigq294r5R318Odhm3NUInJUy/vWFf6/5+7zwuaVrisOXY6xB5W1++wPCz4Q wj86xsm5sovnjvP/9ZWQ+spibxBEzEtTnbJ6+nxYPKcIIkF5MtQAtM2fkSJQy3PZCWI9 k/GQ== X-Gm-Message-State: AOJu0YwWcnpfjPTtYKczdtXXlL09/MoGYd1cRhLswMB4onZnIHJOMOvM bu4NrNmIvxbiSDzIAJcbNcByEmwkU0VbYtGnhAu/ZA1g7MzTIWtZDWgA3+4drU2PlnomsSZeGuL Q78fV X-Gm-Gg: AY/fxX6hpuSSbRkoI72L+55x1FAjzNUFbMCEM52SX2RECokKImcrT6lwHO0CenVWvyL g/Di//nJ97R7ilqNMZ9qZ6ZiloefBpVyT1zwMXs2YEG3cNE3lr4uAH71DBkETkPl8IvdflnW7Aa CcHVTbZkLEbkAl6KmKNe31Qb4tGwG4SmiiJ901nDI/T+zsr15LkwhAg7N8vx8SL/gSKvDuX4ucD DTYEqOLWctihSEcd3ZRTltSKAzWRYyghATJSVHEUtr2rZGWHoIbmQ6Q8LPYFbwmMcBAjtR6dLLY MQhO2hG/kxYQeKKEC+RVE8tYCz0qErv11/J4BroSajQ9mlD7mAvFIaNGnEywIKjcDBaC5h2eBBh v4X3yq3j0SpT09OzI1QEe7gqXNPbYbzIIz5nM05lAfqk9rjr3Y4rnJbZQb0YdNF8Ed25XcJAZqR 5em79ck5YuIuJdYEGX8wSLHRcblKupcwbPjky/F7Dz2EA+rNDUxP2Ivv0F7MDR6pr6kBvQ7OWOw SWzM8bBmJsjAXhtDzl+FA== X-Received: by 2002:a05:600c:3b90:b0:477:7991:5d1e with SMTP id 5b1f17b1804b1-4803e7f184amr26296545e9.25.1768916292638; Tue, 20 Jan 2026 05:38:12 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:12 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 14/26] libarchive: fix CVE-2025-60753 regression Date: Tue, 20 Jan 2026 14:37:36 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229720 From: Peter Marko Pick patch from PR mentioned in v3.8.5 release notes. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- ...25-60753.patch => CVE-2025-60753-01.patch} | 0 .../libarchive/CVE-2025-60753-02.patch | 46 +++++++++++++++++++ .../libarchive/libarchive_3.6.2.bb | 3 +- 3 files changed, 48 insertions(+), 1 deletion(-) rename meta/recipes-extended/libarchive/libarchive/{CVE-2025-60753.patch => CVE-2025-60753-01.patch} (100%) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-01.patch similarity index 100% rename from meta/recipes-extended/libarchive/libarchive/CVE-2025-60753.patch rename to meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-01.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch new file mode 100644 index 0000000000..525ee2462c --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2025-60753-02.patch @@ -0,0 +1,46 @@ +From cfb02de558d843dc5355c4aa2aeb4af49f88bdb9 Mon Sep 17 00:00:00 2001 +From: Martin Matuska +Date: Mon, 8 Dec 2025 21:40:46 +0100 +Subject: [PATCH] tar: fix off-bounds read resulting from #2787 (3150539ed) + +CVE: CVE-2025-60753 +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/cfb02de558d843dc5355c4aa2aeb4af49f88bdb9] +Signed-off-by: Peter Marko +--- + tar/subst.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/tar/subst.c b/tar/subst.c +index a466f653..53497ad0 100644 +--- a/tar/subst.c ++++ b/tar/subst.c +@@ -239,7 +239,7 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result, + + char isEnd = 0; + do { +- isEnd = *name == '\0'; ++ isEnd = *name == '\0'; + if (regexec(&rule->re, name, 10, matches, 0)) + break; + +@@ -294,13 +294,13 @@ apply_substitution(struct bsdtar *bsdtar, const char *name, char **result, + + realloc_strcat(result, rule->result + j); + if (matches[0].rm_eo > 0) { +- name += matches[0].rm_eo; +- } else { +- // We skip a character because the match is 0-length +- // so we need to add it to the output +- realloc_strncat(result, name, 1); +- name += 1; +- } ++ name += matches[0].rm_eo; ++ } else if (!isEnd) { ++ // We skip a character because the match is 0-length ++ // so we need to add it to the output ++ realloc_strncat(result, name, 1); ++ name += 1; ++ } + } while (rule->global && !isEnd); // Testing one step after because sed et al. run 0-length patterns a last time on the empty string at the end + } + diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index 66f30ec89b..e74326b40f 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -48,7 +48,8 @@ SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ file://0001-Merge-pull-request-2749-from-KlaraSystems-des-tempdi.patch \ file://0001-Merge-pull-request-2753-from-KlaraSystems-des-temp-f.patch \ file://0001-Merge-pull-request-2768-from-Commandoss-master.patch \ - file://CVE-2025-60753.patch \ + file://CVE-2025-60753-01.patch \ + file://CVE-2025-60753-02.patch \ " UPSTREAM_CHECK_URI = "http://libarchive.org/" From patchwork Tue Jan 20 13:37:37 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79202 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 768BCCCF2DD for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6475.1768916295446131228 for ; Tue, 20 Jan 2026 05:38:15 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Ux99ccDv; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-47d63594f7eso38227905e9.0 for ; Tue, 20 Jan 2026 05:38:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916294; x=1769521094; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HpXrPLagsO1Gm2P9neCLNl+ucO0IwNjwE459Blz7BLY=; b=Ux99ccDv6vSogY8zrhwmJgsbBuX5pRM+v4gOn7YIfqAMO76DGrBm87BYEvaLF5I3sO h9c2OU2oYl15BimFDbj4hyZtQ1IHLEVy0GsdpjKs8KQWzTePm9yJWoSDhofitZWP+V94 R+/dTi7Qn+ifB20iZqaOpuCv+n4ivzsRdVH3A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916294; x=1769521094; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=HpXrPLagsO1Gm2P9neCLNl+ucO0IwNjwE459Blz7BLY=; b=VhUF58Weeez45bBMngREwBOo48MWI43Nkb+oXcXRwDqZBAw3V+QcXtUg5IxdDN5SKG yQRwRE06oV7KPnzKBr9nJBWzwoxQwLah5yyqla+1t3wSsWnWWhU+/jnUcXt7zMGkfUjF 1LSmYN4jF4YHL2cBDpG098gmBwFzQ2BqIk7DJT2bv71ukVsiysm8q8Vi8ZZnxZ96Tfbl aTBZOFldOdhJW0oQulT/OKPgVfmiok80ehcT8ZTBK7bfIwoBK0PlACbReyM5M/4Js7Ne BYxlkgSeiMCOhai9VKw5Mjo58ktA/VJhz03Q1D2jRYsJP/3Too/SlmfzkKu0htzQnQc7 +jtw== X-Gm-Message-State: AOJu0YyFlQ93fdbqweOrqokTu9P90wsG698Uy3NBf0woGZabucB8EbJA 4vAM7Z5ai9vct6EhYtRBTMxqRMN2RvADbi7euOKpIpjW4vqnvVLJTTtVVOtAEqym+dab18tBQCU WwGCP X-Gm-Gg: AY/fxX6Zm3u22GWooiSPd908DDK16U09G3iREUKec1T6S8oDY0IOKzaEG6Ky3FJFj8/ SrcZJgZiqUwZgyFQRcYq+heKbccFwXUcIu/6zb3CMtgeRBvjBLBrO/WT6dPwfzb5dDZY7Y9/TQg I+LvZ7z7H82Q6CNznFlZ6WfQg0378UO/kvrDknD4jnfWI5Ht58sMQ5iqA1PE8E/NonF0ohRH7MG 2Mdh658LLzuOYwBIDKCEtXDBeSxu1CXpWeQDpwHAniIC5tO5iVNaQq1oFWN2XVzekOrGtK1TaQU nhnVr3ee8vbj2W3AbO+dd6ZcodXrlxW70vXuxebP+sYWZd2Pm5c80Gu/xaknubCXekjy5erGav8 RSMCokSjBSBarsz4QWhhOhs2v06MC3AGXs+7GkA7T7KHNFnDDU6CIILLNieWmY3Ogrm/f6nCZpJ mH8+eAJualHuuEwoUQp7stzb0J9CGiUXFLySHG5esIqMCM0Gj0vXf6/eW9gckysAR+N5Eljd0+E iiT8XoIm8xrm1/Ybjxu5Q== X-Received: by 2002:a05:600c:8b21:b0:477:a1a2:d829 with SMTP id 5b1f17b1804b1-4801e30b946mr202534595e9.13.1768916293585; Tue, 20 Jan 2026 05:38:13 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:13 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 15/26] curl: patch CVE-2025-14017 Date: Tue, 20 Jan 2026 14:37:37 +0100 Message-ID: <11e04ebbc7556e04020b1f7c04f09dafe3ecbc49.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229721 From: Peter Marko Pick patch per [1]. [1] https://curl.se/docs/CVE-2025-14017.html Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2025-14017.patch | 115 ++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 116 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2025-14017.patch diff --git a/meta/recipes-support/curl/curl/CVE-2025-14017.patch b/meta/recipes-support/curl/curl/CVE-2025-14017.patch new file mode 100644 index 0000000000..a18e1d74dd --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2025-14017.patch @@ -0,0 +1,115 @@ +From 39d1976b7f709a516e3243338ebc0443bdd8d56d Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 4 Dec 2025 00:14:20 +0100 +Subject: [PATCH] ldap: call ldap_init() before setting the options + +Closes #19830 + +CVE: CVE-2025-14017 +Upstream-Status: Backport [https://github.com/curl/curl/commit/39d1976b7f709a516e3243338ebc0443bdd8d56d] +Signed-off-by: Peter Marko +--- + lib/ldap.c | 49 +++++++++++++++++++------------------------------ + 1 file changed, 19 insertions(+), 30 deletions(-) + +diff --git a/lib/ldap.c b/lib/ldap.c +index 63b2cbc414..0911a9239a 100644 +--- a/lib/ldap.c ++++ b/lib/ldap.c +@@ -333,16 +333,29 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) + passwd = conn->passwd; + } + ++#ifdef USE_WIN32_LDAP ++ if(ldap_ssl) ++ server = ldap_sslinit(host, (int)conn->port, 1); ++ else ++#else ++ server = ldap_init(host, (int)conn->port); ++#endif ++ if(!server) { ++ failf(data, "LDAP local: Cannot connect to %s:%ld", ++ conn->host.dispname, conn->port); ++ result = CURLE_COULDNT_CONNECT; ++ goto quit; ++ } ++ + #ifdef LDAP_OPT_NETWORK_TIMEOUT +- ldap_set_option(NULL, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout); ++ ldap_set_option(server, LDAP_OPT_NETWORK_TIMEOUT, &ldap_timeout); + #endif +- ldap_set_option(NULL, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto); ++ ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto); + + if(ldap_ssl) { + #ifdef HAVE_LDAP_SSL + #ifdef USE_WIN32_LDAP + /* Win32 LDAP SDK doesn't support insecure mode without CA! */ +- server = ldap_sslinit(host, (int)conn->port, 1); + ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON); + #else + int ldap_option; +@@ -410,7 +423,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) + goto quit; + } + infof(data, "LDAP local: using PEM CA cert: %s", ldap_ca); +- rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca); ++ rc = ldap_set_option(server, LDAP_OPT_X_TLS_CACERTFILE, ldap_ca); + if(rc != LDAP_SUCCESS) { + failf(data, "LDAP local: ERROR setting PEM CA cert: %s", + ldap_err2string(rc)); +@@ -422,20 +435,13 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) + else + ldap_option = LDAP_OPT_X_TLS_NEVER; + +- rc = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option); ++ rc = ldap_set_option(server, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_option); + if(rc != LDAP_SUCCESS) { + failf(data, "LDAP local: ERROR setting cert verify mode: %s", + ldap_err2string(rc)); + result = CURLE_SSL_CERTPROBLEM; + goto quit; + } +- server = ldap_init(host, (int)conn->port); +- if(!server) { +- failf(data, "LDAP local: Cannot connect to %s:%ld", +- conn->host.dispname, conn->port); +- result = CURLE_COULDNT_CONNECT; +- goto quit; +- } + ldap_option = LDAP_OPT_X_TLS_HARD; + rc = ldap_set_option(server, LDAP_OPT_X_TLS, &ldap_option); + if(rc != LDAP_SUCCESS) { +@@ -444,15 +450,6 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) + result = CURLE_SSL_CERTPROBLEM; + goto quit; + } +-/* +- rc = ldap_start_tls_s(server, NULL, NULL); +- if(rc != LDAP_SUCCESS) { +- failf(data, "LDAP local: ERROR starting SSL/TLS mode: %s", +- ldap_err2string(rc)); +- result = CURLE_SSL_CERTPROBLEM; +- goto quit; +- } +-*/ + #else + /* we should probably never come up to here since configure + should check in first place if we can support LDAP SSL/TLS */ +@@ -469,15 +466,7 @@ static CURLcode ldap_do(struct Curl_easy *data, bool *done) + result = CURLE_NOT_BUILT_IN; + goto quit; + } +- else { +- server = ldap_init(host, (int)conn->port); +- if(!server) { +- failf(data, "LDAP local: Cannot connect to %s:%ld", +- conn->host.dispname, conn->port); +- result = CURLE_COULDNT_CONNECT; +- goto quit; +- } +- } ++ + #ifdef USE_WIN32_LDAP + ldap_set_option(server, LDAP_OPT_PROTOCOL_VERSION, &ldap_proto); + rc = ldap_win_bind(data, server, user, passwd); diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 2326392a4f..db3dc01929 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -67,6 +67,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2024-11053-0002.patch \ file://CVE-2025-0167.patch \ file://CVE-2025-9086.patch \ + file://CVE-2025-14017.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Tue Jan 20 13:37:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79203 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D317CA5FE1 for ; Tue, 20 Jan 2026 13:38:16 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6485.1768916295988209559 for ; Tue, 20 Jan 2026 05:38:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=fnj4iQOM; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-4801eb2c0a5so34779075e9.3 for ; Tue, 20 Jan 2026 05:38:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916294; x=1769521094; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zLT4YZE5m8VbWdopF60E4ue1v01bcgO5i6rckNOiJNk=; b=fnj4iQOMga0lNmkGM9BiwLnJQ5XbVRB/aIUU8NNaw+mtdTJ9lVMzS4mwHEYWukvrln ypyfK7qdAw7VOVGiBDBZIRfIYyoSlbnrNaiJ9etBZZFaBXHS2dTHeGr7LoPXhewJV7cj DEt7+KhU+MiBH1dXjEqhG+4Ebto+NpWyT4qJU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916294; x=1769521094; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=zLT4YZE5m8VbWdopF60E4ue1v01bcgO5i6rckNOiJNk=; b=I5Nn61qf9AXoRECeKTZLUVHd7c2R5VENLLzUPNYGMi3rfYnWMhtzBahUCUkaMtzf3V js/jhyovxP831LbZKlSamX1DP1UnKK2qVn8K5WWfGRy7UWani28UIJPC7xH2ln/XSB8j I/DERUgtJFD3UyItvBl1xptBU9M2vzlOvDmRI3a5HXLDEVHQpO8lHoMUX/FO4KbXeO5j xJsaInQ+u8Wfm/Q164FUNmuxTNA+qNGKqLlfKoWuqpU8wjcJ/vOqBR+MXGKMOiLXctHz OUZGa3Xx+j1IAbntSewaYcztPM/crWnQsHuvxO/tw4MIjjf0hFJBKUdLcXNE6xu3ha3E dNjg== X-Gm-Message-State: AOJu0Yxf3DIBmIVYiAC5zGcPImFz0Dal2QY4zFKrCGE4qoO779sTv51d oOudppS+rLBXvNueyabQ9dK7ns520LLs4EqhRZG7xZdihQT02ScmBV1per4vRvT83Pi33F+/Hct SYqv1 X-Gm-Gg: AY/fxX5U7VbTxhF8/4Cc5dKHL7z4n3S9iEE/X4RYrQqamunoVGyWOr67r/b1Pk90bjl uXDQVksqPZryBuaSZ0x7DJF40Wn5zpu5nJwJBlFg6LBtPjL6JKVoGFFHPkyvY+r2o8AI4Nv+KeD Ob6EdysuhWPu36mn2Yr6rctS/p0dy3Twdiv0xOGpfO0X9GyIYrNkIhCC7doiVMAVwSTp1SNkl+c D1ljlbQpOq7s3yLjLgRznOhe0Xvx5UFlhVUjITGcf4gEhpZPz1xFLbZKwVRDVXxPWnqMNa63X0T DoAMqViB2txLoX5Ie4gxgwI7Ap4S1303ooNd8K/fHhQpKJeSlr42ph+tKJ/sP9UI5qc0qT+Q9X5 3rHVfTr+orBxw7zJz9KUTt14fhl72d7u8bYnWsqOKsrZjyWMGr2p5U/WPoiXJmOibBMyKnbnrsB 0Jcqe3cvS1dx7xw8jS5TjSem7EFTR7UHgSZrYlCr3HIB92A3XixFRpbJ94F8beK74n68cTDSnxx ux85yJKkBKoo9RN/h7yS/qf8DOkbTcM X-Received: by 2002:a05:600c:3483:b0:471:1717:411 with SMTP id 5b1f17b1804b1-4801e334248mr191836825e9.24.1768916294079; Tue, 20 Jan 2026 05:38:14 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:13 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 16/26] curl: patch CVE-2025-15079 Date: Tue, 20 Jan 2026 14:37:38 +0100 Message-ID: <6f7346a691a40c07aa958c4f29135eddb2f87ac7.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229722 From: Peter Marko Pick patch per [1]. [1] https://curl.se/docs/CVE-2025-15079.html Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2025-15079.patch | 32 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15079.patch diff --git a/meta/recipes-support/curl/curl/CVE-2025-15079.patch b/meta/recipes-support/curl/curl/CVE-2025-15079.patch new file mode 100644 index 0000000000..47fa518309 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2025-15079.patch @@ -0,0 +1,32 @@ +From adca486c125d9a6d9565b9607a19dce803a8b479 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Wed, 24 Dec 2025 17:47:03 +0100 +Subject: [PATCH] libssh: set both knownhosts options to the same file + +Reported-by: Harry Sintonen + +Closes #20092 + +CVE: CVE-2025-15079 +Upstream-Status: Backport [https://github.com/curl/curl/commit/adca486c125d9a6d9565b9607a19dce803a8b479] +Signed-off-by: Peter Marko +--- + lib/vssh/libssh.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c +index 7d5905c83d..98c109ab59 100644 +--- a/lib/vssh/libssh.c ++++ b/lib/vssh/libssh.c +@@ -2224,6 +2224,11 @@ static CURLcode myssh_connect(struct Curl_easy *data, bool *done) + infof(data, "Known hosts: %s", data->set.str[STRING_SSH_KNOWNHOSTS]); + rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_KNOWNHOSTS, + data->set.str[STRING_SSH_KNOWNHOSTS]); ++ if(rc == SSH_OK) ++ /* libssh has two separate options for this. Set both to the same file ++ to avoid surprises */ ++ rc = ssh_options_set(ssh->ssh_session, SSH_OPTIONS_GLOBAL_KNOWNHOSTS, ++ data->set.str[STRING_SSH_KNOWNHOSTS]); + if(rc != SSH_OK) { + failf(data, "Could not set known hosts file path"); + return CURLE_FAILED_INIT; diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index db3dc01929..9c1a90e191 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -68,6 +68,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2025-0167.patch \ file://CVE-2025-9086.patch \ file://CVE-2025-14017.patch \ + file://CVE-2025-15079.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Tue Jan 20 13:37:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79204 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C9AFD2ECF7 for ; Tue, 20 Jan 2026 13:38:26 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6477.1768916296584566867 for ; Tue, 20 Jan 2026 05:38:16 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=ZNyqxvVL; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-47fedb7c68dso37083735e9.2 for ; Tue, 20 Jan 2026 05:38:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916295; x=1769521095; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=IP+gWHcrbR3B2OGth+a8+VcW+YBAhBfqrJynvXZrQt4=; b=ZNyqxvVL5DzdPk1/r4A8fk5RsdCnaqSsMZDXYiE+f/LvYFLw/DjE2HEtrMb/mBfYMF gtf8b/h0c6ixHC7Pus3s2Tv6ys0BEJWLSFcXtIeE9EahV7wLCDjYdM62+ns3b9VDT4Ly nYdV2v+9szm4xonLk6Y9rtGKVWkijIFtDHq7E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916295; x=1769521095; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=IP+gWHcrbR3B2OGth+a8+VcW+YBAhBfqrJynvXZrQt4=; b=BlMCt+q0wSLJF4HLuTERqiVUHzoADEJ6ORKzY+B3Cgn4M4Te1fVwl2OExZVunjOP6L +ihEejbAFv6NAb92SKKYW1H3tsy5SdOysWCwZPSJTJoRppmjrZ6FttkYYKk3I+JD2+8M WdogQKmsAipDJV3r9rIeqUPmu/2rvOhhUJ82DiCL5JRMEvVIWzaKAtsDzq+u/qRiHghK 1UlVOba8D8cYshcBOeBS0yL5kQttlSo+gXg+p8zniaboni0kBiVZ+4SkDGoirIT7bG01 MEtQLfSnXOkdrBKiZYAuZbWJJ16xRsNsIm9yoT770V7zBvLjMS9c/dh81ew7wUQ5MP5h TykQ== X-Gm-Message-State: AOJu0YzWzYkEWotYrq8nuDb6oUO0L5TEazC+YiOz9OLIRjLKUJOHfJ2j mO7KWJCb0i4jNjjnMK6C3ZfSUfOLYTt0xG/Uw2razQw95MnTWy/AgIHOYbKtRA2XCNlfnLWqE35 LYVMu X-Gm-Gg: AY/fxX6i6BUa3wZV2t5VObg6ZxKbe+1ADg3fiusKbjBi4axjH50qL+Nr3En9FDnKhjX 4oeHrNPMVCnFuOwKzi12wE1KMQ88UEGRXURq+VV7mSJLdO++RSnHqe5NAyDAqB0nEWEWkNHbSFw ekDTBa5HkyEIT8oJjsSa3QXEBe2dbCLw0JhIPvrWvfRKfROXbgUpEAtBSnLGwRHTtDHbHBR7U5B k/pUqkJDbBCoCICOXS+0N7pvIo1UtdUSH0HIjxDqT1vL/6CkrQUAjwWL7LUiNmqMT+qE8e2nVkL +NmWmCKmJHBa4m/E0xmY/pIhZUARF1DsIQCmDY3czpY5NzdJWua8MUtLpMwKx/wehZeP4FscDX/ mSdE0gfCDnc904cI9KfPTSXvo5DWjjzXiSJ3o0NnX/jE37VdvigVfjRBYqBR6hgAuv8Pctb8eKC IxQRiZG6BkHHHtVd97FGjPSDojC/lcEHPL0C/aMW2b3m0nqG043OwgORxcnDztAz7KYT3XGPX/Y nJG/PfbkxsQDEOkzvKGJg== X-Received: by 2002:a05:600c:3554:b0:47a:8154:33e3 with SMTP id 5b1f17b1804b1-4801e34cac0mr175389085e9.28.1768916294607; Tue, 20 Jan 2026 05:38:14 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:14 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 17/26] curl: patch CVE-2025-15224 Date: Tue, 20 Jan 2026 14:37:39 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229723 From: Peter Marko Pick patch per [1]. [1] https://curl.se/docs/CVE-2025-15224.html Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2025-15224.patch | 31 +++++++++++++++++++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2025-15224.patch diff --git a/meta/recipes-support/curl/curl/CVE-2025-15224.patch b/meta/recipes-support/curl/curl/CVE-2025-15224.patch new file mode 100644 index 0000000000..36f5f1b93a --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2025-15224.patch @@ -0,0 +1,31 @@ +From 16d5f2a5660c61cc27bd5f1c7f512391d1c927aa Mon Sep 17 00:00:00 2001 +From: Harry Sintonen +Date: Mon, 29 Dec 2025 16:56:39 +0100 +Subject: [PATCH] libssh: require private key or user-agent for public key auth + +Closes #20110 + +CVE: CVE-2025-15224 +Upstream-Status: Backport [https://github.com/curl/curl/commit/16d5f2a5660c61cc27bd5f1c7f512391d1c927aa] +Signed-off-by: Peter Marko +--- + lib/vssh/libssh.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c +index 5d5125b526..bde6355f73 100644 +--- a/lib/vssh/libssh.c ++++ b/lib/vssh/libssh.c +@@ -741,7 +741,11 @@ static CURLcode myssh_statemach_act(struct Curl_easy *data, bool *block) + } + + sshc->auth_methods = ssh_userauth_list(sshc->ssh_session, NULL); +- if(sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) { ++ /* For public key auth we need either the private key or ++ CURLSSH_AUTH_AGENT. */ ++ if((sshc->auth_methods & SSH_AUTH_METHOD_PUBLICKEY) && ++ (data->set.str[STRING_SSH_PRIVATE_KEY] || ++ (data->set.ssh_auth_types & CURLSSH_AUTH_AGENT))) { + state(data, SSH_AUTH_PKEY_INIT); + infof(data, "Authentication using SSH public key file"); + } diff --git a/meta/recipes-support/curl/curl_7.82.0.bb b/meta/recipes-support/curl/curl_7.82.0.bb index 9c1a90e191..72bd1a2088 100644 --- a/meta/recipes-support/curl/curl_7.82.0.bb +++ b/meta/recipes-support/curl/curl_7.82.0.bb @@ -69,6 +69,7 @@ SRC_URI = "https://curl.se/download/${BP}.tar.xz \ file://CVE-2025-9086.patch \ file://CVE-2025-14017.patch \ file://CVE-2025-15079.patch \ + file://CVE-2025-15224.patch \ " SRC_URI[sha256sum] = "0aaa12d7bd04b0966254f2703ce80dd5c38dbbd76af0297d3d690cdce58a583c" From patchwork Tue Jan 20 13:37:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79205 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 833B3D2ECE9 for ; Tue, 20 Jan 2026 13:38:26 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6487.1768916297634856595 for ; Tue, 20 Jan 2026 05:38:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=ZuY8fUs7; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4801d1daf53so37962585e9.2 for ; Tue, 20 Jan 2026 05:38:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916296; x=1769521096; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YyXML8yoCkj/PCSwyDqtoqMBQTiQLRU/PI0Ln6/PHHg=; b=ZuY8fUs7kwNbi38Xg2WvH8+3x8YtXlMn1U6XwqTO28aowo6zGgtGr5TrlGNSCD5MCz cl47A+DgSl+egViCeg3r2CNuCQF3wQoRHHihxu5bPeGjA1QsTXOzJlyqKZf+m22CKK8z 1mrqZw1HUaV0fvCZm3P4q6GW1dn3cCQ2DPFPw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916296; x=1769521096; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=YyXML8yoCkj/PCSwyDqtoqMBQTiQLRU/PI0Ln6/PHHg=; b=jARZ/MtHPJN4WpERBnfOcWysAtoUUjg9T2cUy70iK0vweIf7F7IvOvZJMUHVxtJg4v Pd/IIKZ5HhNfIYtvwabWeQxhq9HG2zXeMGd3Gdfc+yRu8tZMGfwm6CATK/vgMwlw35RS fY0S9i/azFy/cPDBL78IM6/aYmNuMJMpIWqWIqcanvA/HTcp+ZbIATjbP6sJgHB5UJmw 5yeitZql/1ztYisNYfIm5Of9pReAck/aTyZBi5p0luEZmipYsIKijQIYiAWMqtAXx2Au 7MAG0OIL45E68p8mQw+zxkBgpwoJekp5XkS6197afbbvHIzGAX5GGcsHBTcMDydmrBnq lbYA== X-Gm-Message-State: AOJu0YxC0Mm+ReeXggOzBUVC8fVsK6xgRS9Ko+Kdkf9G6F+25MhkhLAK Q+RJ9vUNQba80JfNin/gG0fEEYWBUOEMhH74iGid/R59RykhA46BHBdq16uFiCurN8bk2SYFmBE Pe1Sg X-Gm-Gg: AY/fxX4t45z1b8q+qMOCC/4pEHLgdh6g2ws9dim78JwP3TdD/VEKSTg7fqe26VcSaSp UX6ycVlny0/NnuhFKm1VOJpUVC0zAHjZZ8uvA7It2Km6cWV2u+A2j2lCNk6DWXKqgX1/96ZqfKA B1quXje3uOmwljHXGH671lDKlEcK6sisi6zzwpm3ciMSW3v5BYDe6xzcTMctuOYzqRvVFV4/b5U +rxAwnA4w69kQLsBD3d5GAoCDXO1nQxhqKxu6lg827dV3jU4ii+Ak4698R69YE/pKrgpiQ6xZse 9g5wVDV5Yzrrp7Qpw/k+NEuOcLAuCyjwbug+uWrGW4uC3RYmdHuQL5JR8fkWCkNQUwJJDSQmPFC y2WQZAR4oT5Hv+avmxVF58pV5AC/tUydSDp90TiR5HcmZW/HThc/iLVTISMou4jop1bERTePCVV 2RzcaNDBdqs4ksQQdFjFMFsh6C3e18jvwFMOX3U7J/0jUIxNOl1LEkoUuDLOgVN0qfsPnXG2fYl BOEPrTZqMgtW+D8ULUY/Q== X-Received: by 2002:a05:600c:8b81:b0:480:32da:f338 with SMTP id 5b1f17b1804b1-48032daf48bmr97511045e9.14.1768916295556; Tue, 20 Jan 2026 05:38:15 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:14 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 18/26] gnupg: patch CVE-2025-68973 Date: Tue, 20 Jan 2026 14:37:40 +0100 Message-ID: <70def3daad5c4fb7cf14cc44b2d49dc9d6fbfa22.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229724 From: Peter Marko Pick patch from 2.4 branch per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-68973 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../gnupg/gnupg/CVE-2025-68973.patch | 108 ++++++++++++++++++ meta/recipes-support/gnupg/gnupg_2.3.7.bb | 1 + 2 files changed, 109 insertions(+) create mode 100644 meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch diff --git a/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch b/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch new file mode 100644 index 0000000000..1d5225361b --- /dev/null +++ b/meta/recipes-support/gnupg/gnupg/CVE-2025-68973.patch @@ -0,0 +1,108 @@ +From 4ecc5122f20e10c17172ed72f4fa46c784b5fb48 Mon Sep 17 00:00:00 2001 +From: Werner Koch +Date: Thu, 23 Oct 2025 11:36:04 +0200 +Subject: [PATCH] gpg: Fix possible memory corruption in the armor parser. + +* g10/armor.c (armor_filter): Fix faulty double increment. + +* common/iobuf.c (underflow_target): Assert that the filter +implementations behave well. +-- + +This fixes a bug in a code path which can only be reached with special +crafted input data and would then error out at an upper layer due to +corrupt input (every second byte in the buffer is unitialized +garbage). No fuzzing has yet hit this case and we don't have a test +case for this code path. However memory corruption can never be +tolerated as it always has the protential for remode code execution. + +Reported-by: 8b79fe4dd0581c1cd000e1fbecba9f39e16a396a +Fixes-commit: c27c7416d5148865a513e007fb6f0a34993a6073 +which fixed +Fixes-commit: 7d0efec7cf5ae110c99511abc32587ff0c45b14f +Backported-from-master: 115d138ba599328005c5321c0ef9f00355838ca9 + +The bug was introduced on 1999-01-07 by me: +* armor.c: Rewrote large parts. +which I fixed on 1999-03-02 but missed to fix the other case: +* armor.c (armor_filter): Fixed armor bypassing. + +Below is base64+gzipped test data which can be used with valgrind to +show access to uninitalized memory in write(2) in the unpatched code. + +--8<---------------cut here---------------start------------->8--- +H4sICIDd+WgCA3h4AO3QMQ6CQBCG0djOKbY3G05gscYFSRAJt/AExp6Di0cQG0ze +a//MV0zOq3Pt+jFN3ZTKfLvP9ZLafqifJUe8juOjeZbVtSkbRPmRgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA +gICAgICAgICAgICAgICAgICAgICAgICAgMCXF6dYDgAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC7E14AAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwZ94aieId3+8EAA== +--8<---------------cut here---------------end--------------->8--- + +CVE: CVE-2025-68973 +Upstream-Status: Backport [https://github.com/gpg/gnupg/commit/4ecc5122f20e10c17172ed72f4fa46c784b5fb48] +Signed-off-by: Peter Marko +--- + common/iobuf.c | 8 +++++++- + g10/armor.c | 4 ++-- + 2 files changed, 9 insertions(+), 3 deletions(-) + +diff --git a/common/iobuf.c b/common/iobuf.c +index 748e6935d..2497713c1 100644 +--- a/common/iobuf.c ++++ b/common/iobuf.c +@@ -2041,6 +2041,8 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target) + rc = 0; + else + { ++ size_t tmplen; ++ + /* If no buffered data and drain buffer has been setup, and drain + * buffer is largish, read data directly to drain buffer. */ + if (a->d.len == 0 +@@ -2053,8 +2055,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target) + log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes, to external drain)\n", + a->no, a->subno, (ulong)len); + +- rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain, ++ tmplen = len; /* Used to check for bugs in the filter. */ ++ rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain, + a->e_d.buf, &len); ++ log_assert (len <= tmplen); + a->e_d.used = len; + len = 0; + } +@@ -2064,8 +2068,10 @@ underflow_target (iobuf_t a, int clear_pending_eof, size_t target) + log_debug ("iobuf-%d.%d: underflow: A->FILTER (%lu bytes)\n", + a->no, a->subno, (ulong)len); + ++ tmplen = len; /* Used to check for bugs in the filter. */ + rc = a->filter (a->filter_ov, IOBUFCTRL_UNDERFLOW, a->chain, + &a->d.buf[a->d.len], &len); ++ log_assert (len <= tmplen); + } + } + a->d.len += len; +diff --git a/g10/armor.c b/g10/armor.c +index 81af15339..f8cfa86db 100644 +--- a/g10/armor.c ++++ b/g10/armor.c +@@ -1312,8 +1312,8 @@ armor_filter( void *opaque, int control, + n = 0; + if( afx->buffer_len ) { + /* Copy the data from AFX->BUFFER to BUF. */ +- for(; n < size && afx->buffer_pos < afx->buffer_len; n++ ) +- buf[n++] = afx->buffer[afx->buffer_pos++]; ++ for(; n < size && afx->buffer_pos < afx->buffer_len;) ++ buf[n++] = afx->buffer[afx->buffer_pos++]; + if( afx->buffer_pos >= afx->buffer_len ) + afx->buffer_len = 0; + } diff --git a/meta/recipes-support/gnupg/gnupg_2.3.7.bb b/meta/recipes-support/gnupg/gnupg_2.3.7.bb index 27b2d3682a..f52ae921d4 100644 --- a/meta/recipes-support/gnupg/gnupg_2.3.7.bb +++ b/meta/recipes-support/gnupg/gnupg_2.3.7.bb @@ -23,6 +23,7 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \ file://CVE-2025-30258-0003.patch \ file://CVE-2025-30258-0004.patch \ file://CVE-2025-30258-0005.patch \ + file://CVE-2025-68973.patch \ " SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch \ file://relocate.patch" From patchwork Tue Jan 20 13:37:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79213 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B42F2D2ED1A for ; Tue, 20 Jan 2026 13:38:26 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6478.1768916298510957973 for ; Tue, 20 Jan 2026 05:38:18 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=E2Dica2h; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-47edd6111b4so48762685e9.1 for ; Tue, 20 Jan 2026 05:38:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916297; x=1769521097; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=a7z2K+RCuceRTFUnkIeZTzZ4iT7LPCJTzY8aPnExPEI=; b=E2Dica2hOZCtRcVuGkwbj8mLPknh1w1mYotJi1h/vs2bQ17E8fxPuczD1SFuwDh5dd tg6HGSZoIGm5SQAxC911w7CcayHKID0+Si3oEck7ahbm+Y+RgbKMYdPzf9gwPjQdBt7V NUPAmJIsbfZmRG3XEep8JRapQYYgh71x0ClEg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916297; x=1769521097; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=a7z2K+RCuceRTFUnkIeZTzZ4iT7LPCJTzY8aPnExPEI=; b=KOqO7Z3ojIcIXCu84P+hg6YV0mXYog2FrbheyIF3s6B6LtaoMGYXlI/8Z1o0EaUWJF Q8nJ3FjtS4h+J+WnJ1DZM+EhjRTbmKz0bD7fI5G53STnkNVPeMq64ERRxes/HuJ0fwQm 3OJCvneSsfp8nwfF81Nud0dXlwpsppE0xKhsqWnS+jsFKpFuDUM0xJ0sL/isMJE0DXVT t7R6vZeONtR6SnQEUqIvw5KmnVT2TojcScXNLMkL3+t3mJeTADxXjuOVGhy23LN/lmEB TxdGv3ZWmdpz121aH7pcvYbPk+d6uhdQo/S9NOpWlRcOSEkqQPjjt2PSsJPgzo4DjwtZ n3RQ== X-Gm-Message-State: AOJu0YzFXU4hUPLaU/P/UFtTIbOVNay/ndogHvV5K9COyzh+hhTkfudh 2MHjI0/rhXMI51JIUrASddugRrI3WpI4B9k5ezaxASZwzAfUqUH3F98ohdjxv2ps5yETh3Sfif1 4L7Cm X-Gm-Gg: AY/fxX6iE6m2QktsBkXnAgH3ktwvc2nmFt8p/agUwCIRwwExQOy9bNxgyYcm5SesSKI z8VUBNmsLICjulu/t+reT/lPuph6raDMcTAmBillVdhjiktHCJUX3hNEBr+moEO3RLbdLbZNSP2 IIgy1tdSJCv+cB6qL98ynNSnau6C0aDXPmuk+3Hx/1OBhMkptIAmEFCAM3FrVeF6AOf52tiN80D si+acnj9FfAUCzui5wfADrHguimlS3heVHt9zXFKazmYIISG3eT9iS46TsyPP63gj5Nx8+GwPSg wIMB2hzmAcngaR/cmykE5OJkxF8fTZBg/icx2eAEbnOiGGAKCuCoaQInniTGLNgcvArXE8rWnjl Su65n4a62nSIliiMSVeKflGJkfqQxb2H/eFD5T8iYdeeuvTCqcViZkjZ8XZnfbqIUi2CGm69PcJ bQlK7VlksnBxhkv/+o6ci/NzYj70mVmZ+LWcxgjE88NHxcfVtOA+4uwJhxS6FUs1P7MbdgiFud/ Lil8XjwYpR6Q4WGunihBA== X-Received: by 2002:a05:600c:358b:b0:475:da1a:5418 with SMTP id 5b1f17b1804b1-4801e2f0573mr204716735e9.1.1768916296258; Tue, 20 Jan 2026 05:38:16 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:15 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 19/26] binutils: Fix CVE-2025-1181 Date: Tue, 20 Jan 2026 14:37:41 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229725 From: Vijay Anusuri import patch from ubuntu to fix CVE-2025-1181 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/binutils/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24 & https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=18cc11a2771d9e40180485da9a4fb660c03efac3] Signed-off-by: Vijay Anusuri [Yoann Congal: Corrected the second patch SHA1 in URLs "18cc11a..."] Signed-off-by: Yoann Congal --- .../binutils/binutils-2.38.inc | 2 + .../binutils/binutils/CVE-2025-1181-pre.patch | 149 ++++++++ .../binutils/binutils/CVE-2025-1181.patch | 342 ++++++++++++++++++ 3 files changed, 493 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index d268880409..36f9c7ce27 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -89,5 +89,7 @@ SRC_URI = "\ file://0048-CVE-2025-11494.patch \ file://0049-CVE-2025-11839.patch \ file://0050-CVE-2025-11840.patch \ + file://CVE-2025-1181-pre.patch \ + file://CVE-2025-1181.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch new file mode 100644 index 0000000000..ffad871657 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181-pre.patch @@ -0,0 +1,149 @@ +Backported of: + +From 18cc11a2771d9e40180485da9a4fb660c03efac3 Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Wed, 5 Feb 2025 14:31:10 +0000 +Subject: [PATCH] Prevent illegal memory access when checking relocs in a + corrupt ELF binary. + +PR 32641 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/binutils/tree/debian/patches/CVE-2025-1181-pre.patch?h=ubuntu/jammy-security +Upstream commit https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=18cc11a2771d9e40180485da9a4fb660c03efac3] +CVE: CVE-2025-1181 +Signed-off-by: Vijay Anusuri +--- + bfd/elf-bfd.h | 3 +++ + bfd/elf64-x86-64.c | 10 +++++----- + bfd/elflink.c | 24 ++++++++++++++++++++++++ + bfd/elfxx-x86.c | 20 +++++++------------- + 4 files changed, 39 insertions(+), 18 deletions(-) +Index: binutils-2.38/bfd/elf-bfd.h +=================================================================== +--- binutils-2.38.orig/bfd/elf-bfd.h ++++ binutils-2.38/bfd/elf-bfd.h +@@ -3007,6 +3007,9 @@ extern bool _bfd_elf_maybe_set_textrel + extern bool _bfd_elf_add_dynamic_tags + (bfd *, struct bfd_link_info *, bool); + ++extern struct elf_link_hash_entry * _bfd_elf_get_link_hash_entry ++ (struct elf_link_hash_entry **, unsigned int, Elf_Internal_Shdr *); ++ + /* Large common section. */ + extern asection _bfd_elf_large_com_section; + +Index: binutils-2.38/bfd/elf64-x86-64.c +=================================================================== +--- binutils-2.38.orig/bfd/elf64-x86-64.c ++++ binutils-2.38/bfd/elf64-x86-64.c +@@ -1484,7 +1484,7 @@ elf_x86_64_convert_load_reloc (bfd *abfd + bool to_reloc_pc32; + bool abs_symbol; + bool local_ref; +- asection *tsec; ++ asection *tsec = NULL; + bfd_signed_vma raddend; + unsigned int opcode; + unsigned int modrm; +@@ -1639,6 +1639,9 @@ elf_x86_64_convert_load_reloc (bfd *abfd + return true; + } + ++ if (tsec == NULL) ++ return false; ++ + /* Don't convert GOTPCREL relocation against large section. */ + if (elf_section_data (tsec) != NULL + && (elf_section_flags (tsec) & SHF_X86_64_LARGE) != 0) +@@ -1915,10 +1918,7 @@ elf_x86_64_scan_relocs (bfd *abfd, struc + else + { + isym = NULL; +- h = sym_hashes[r_symndx - symtab_hdr->sh_info]; +- while (h->root.type == bfd_link_hash_indirect +- || h->root.type == bfd_link_hash_warning) +- h = (struct elf_link_hash_entry *) h->root.u.i.link; ++ h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr); + } + + /* Check invalid x32 relocations. */ +Index: binutils-2.38/bfd/elflink.c +=================================================================== +--- binutils-2.38.orig/bfd/elflink.c ++++ binutils-2.38/bfd/elflink.c +@@ -62,6 +62,27 @@ struct elf_find_verdep_info + static bool _bfd_elf_fix_symbol_flags + (struct elf_link_hash_entry *, struct elf_info_failed *); + ++struct elf_link_hash_entry * ++_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry ** sym_hashes, ++ unsigned int symndx, ++ Elf_Internal_Shdr * symtab_hdr) ++{ ++ if (symndx < symtab_hdr->sh_info) ++ return NULL; ++ ++ struct elf_link_hash_entry *h = sym_hashes[symndx - symtab_hdr->sh_info]; ++ ++ /* The hash might be empty. See PR 32641 for an example of this. */ ++ if (h == NULL) ++ return NULL; ++ ++ while (h->root.type == bfd_link_hash_indirect ++ || h->root.type == bfd_link_hash_warning) ++ h = (struct elf_link_hash_entry *) h->root.u.i.link; ++ ++ return h; ++} ++ + static struct elf_link_hash_entry * + get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx) + { +@@ -75,6 +96,9 @@ get_ext_sym_hash (struct elf_reloc_cooki + + h = cookie->sym_hashes[r_symndx - cookie->extsymoff]; + ++ if (h == NULL) ++ return NULL; ++ + while (h->root.type == bfd_link_hash_indirect + || h->root.type == bfd_link_hash_warning) + h = (struct elf_link_hash_entry *) h->root.u.i.link; +Index: binutils-2.38/bfd/elfxx-x86.c +=================================================================== +--- binutils-2.38.orig/bfd/elfxx-x86.c ++++ binutils-2.38/bfd/elfxx-x86.c +@@ -973,15 +973,7 @@ _bfd_x86_elf_check_relocs (bfd *abfd, + goto error_return; + } + +- if (r_symndx < symtab_hdr->sh_info) +- h = NULL; +- else +- { +- h = sym_hashes[r_symndx - symtab_hdr->sh_info]; +- while (h->root.type == bfd_link_hash_indirect +- || h->root.type == bfd_link_hash_warning) +- h = (struct elf_link_hash_entry *) h->root.u.i.link; +- } ++ h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr); + + if (X86_NEED_DYNAMIC_RELOC_TYPE_P (is_x86_64, r_type) + && NEED_DYNAMIC_RELOCATION_P (is_x86_64, info, true, h, sec, +@@ -1200,10 +1192,12 @@ _bfd_x86_elf_link_relax_section (bfd *ab + else + { + /* Get H and SEC for GENERATE_DYNAMIC_RELOCATION_P below. */ +- h = sym_hashes[r_symndx - symtab_hdr->sh_info]; +- while (h->root.type == bfd_link_hash_indirect +- || h->root.type == bfd_link_hash_warning) +- h = (struct elf_link_hash_entry *) h->root.u.i.link; ++ h = _bfd_elf_get_link_hash_entry (sym_hashes, r_symndx, symtab_hdr); ++ if (h == NULL) ++ { ++ /* FIXMEL: Issue an error message ? */ ++ continue; ++ } + + if (h->root.type == bfd_link_hash_defined + || h->root.type == bfd_link_hash_defweak) diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch new file mode 100644 index 0000000000..2bcd55795d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-1181.patch @@ -0,0 +1,342 @@ +Backported of: + +From 931494c9a89558acb36a03a340c01726545eef24 Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Wed, 5 Feb 2025 15:43:04 +0000 +Subject: [PATCH] Add even more checks for corrupt input when processing + relocations for ELF files. + +PR 32643 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/binutils/tree/debian/patches/CVE-2025-1181.patch?h=ubuntu/jammy-security +Upstream commit https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24] +CVE: CVE-2025-1181 +Signed-off-by: Vijay Anusuri + +Index: binutils-2.38/bfd/elflink.c +=================================================================== +--- binutils-2.38.orig/bfd/elflink.c ++++ binutils-2.38/bfd/elflink.c +@@ -62,15 +62,17 @@ struct elf_find_verdep_info + static bool _bfd_elf_fix_symbol_flags + (struct elf_link_hash_entry *, struct elf_info_failed *); + +-struct elf_link_hash_entry * +-_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry ** sym_hashes, +- unsigned int symndx, +- Elf_Internal_Shdr * symtab_hdr) ++static struct elf_link_hash_entry * ++get_link_hash_entry (struct elf_link_hash_entry ** sym_hashes, ++ unsigned int symndx, ++ unsigned int ext_sym_start) + { +- if (symndx < symtab_hdr->sh_info) ++ if (sym_hashes == NULL ++ /* Guard against corrupt input. See PR 32636 for an example. */ ++ || symndx < ext_sym_start) + return NULL; + +- struct elf_link_hash_entry *h = sym_hashes[symndx - symtab_hdr->sh_info]; ++ struct elf_link_hash_entry *h = sym_hashes[symndx - ext_sym_start]; + + /* The hash might be empty. See PR 32641 for an example of this. */ + if (h == NULL) +@@ -83,29 +85,28 @@ _bfd_elf_get_link_hash_entry (struct elf + return h; + } + +-static struct elf_link_hash_entry * +-get_ext_sym_hash (struct elf_reloc_cookie *cookie, unsigned long r_symndx) ++struct elf_link_hash_entry * ++_bfd_elf_get_link_hash_entry (struct elf_link_hash_entry ** sym_hashes, ++ unsigned int symndx, ++ Elf_Internal_Shdr * symtab_hdr) + { +- struct elf_link_hash_entry *h = NULL; +- +- if ((r_symndx >= cookie->locsymcount +- || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL) +- /* Guard against corrupt input. See PR 32636 for an example. */ +- && r_symndx >= cookie->extsymoff) +- { +- +- h = cookie->sym_hashes[r_symndx - cookie->extsymoff]; +- +- if (h == NULL) +- return NULL; ++ if (symtab_hdr == NULL) ++ return NULL; + +- while (h->root.type == bfd_link_hash_indirect +- || h->root.type == bfd_link_hash_warning) +- h = (struct elf_link_hash_entry *) h->root.u.i.link; ++ return get_link_hash_entry (sym_hashes, symndx, symtab_hdr->sh_info); ++} + +- } ++static struct elf_link_hash_entry * ++get_ext_sym_hash_from_cookie (struct elf_reloc_cookie *cookie, unsigned long r_symndx) ++{ ++ if (cookie == NULL || cookie->sym_hashes == NULL) ++ return NULL; ++ ++ if (r_symndx >= cookie->locsymcount ++ || ELF_ST_BIND (cookie->locsyms[r_symndx].st_info) != STB_LOCAL) ++ return get_link_hash_entry (cookie->sym_hashes, r_symndx, cookie->extsymoff); + +- return h; ++ return NULL; + } + + asection * +@@ -115,7 +116,7 @@ _bfd_elf_section_for_symbol (struct elf_ + { + struct elf_link_hash_entry *h; + +- h = get_ext_sym_hash (cookie, r_symndx); ++ h = get_ext_sym_hash_from_cookie (cookie, r_symndx); + + if (h != NULL) + { +@@ -8783,7 +8784,6 @@ set_symbol_value (bfd *bfd_with_globals, + size_t symidx, + bfd_vma val) + { +- struct elf_link_hash_entry **sym_hashes; + struct elf_link_hash_entry *h; + size_t extsymoff = locsymcount; + +@@ -8806,12 +8806,12 @@ set_symbol_value (bfd *bfd_with_globals, + + /* It is a global symbol: set its link type + to "defined" and give it a value. */ +- +- sym_hashes = elf_sym_hashes (bfd_with_globals); +- h = sym_hashes [symidx - extsymoff]; +- while (h->root.type == bfd_link_hash_indirect +- || h->root.type == bfd_link_hash_warning) +- h = (struct elf_link_hash_entry *) h->root.u.i.link; ++ h = get_link_hash_entry (elf_sym_hashes (bfd_with_globals), symidx, extsymoff); ++ if (h == NULL) ++ { ++ /* FIXMEL What should we do ? */ ++ return; ++ } + h->root.type = bfd_link_hash_defined; + h->root.u.def.value = val; + h->root.u.def.section = bfd_abs_section_ptr; +@@ -11281,10 +11281,19 @@ elf_link_input_bfd (struct elf_final_lin + || (elf_bad_symtab (input_bfd) + && flinfo->sections[symndx] == NULL)) + { +- struct elf_link_hash_entry *h = sym_hashes[symndx - extsymoff]; +- while (h->root.type == bfd_link_hash_indirect +- || h->root.type == bfd_link_hash_warning) +- h = (struct elf_link_hash_entry *) h->root.u.i.link; ++ struct elf_link_hash_entry *h; ++ ++ h = get_link_hash_entry (sym_hashes, symndx, extsymoff); ++ if (h == NULL) ++ { ++ _bfd_error_handler ++ /* xgettext:c-format */ ++ (_("error: %pB: unable to create group section symbol"), ++ input_bfd); ++ bfd_set_error (bfd_error_bad_value); ++ return false; ++ } ++ + /* Arrange for symbol to be output. */ + h->indx = -2; + elf_section_data (osec)->this_hdr.sh_info = -2; +@@ -11411,7 +11420,7 @@ elf_link_input_bfd (struct elf_final_lin + || (elf_bad_symtab (input_bfd) + && flinfo->sections[r_symndx] == NULL)) + { +- h = sym_hashes[r_symndx - extsymoff]; ++ h = get_link_hash_entry (sym_hashes, r_symndx, extsymoff); + + /* Badly formatted input files can contain relocs that + reference non-existant symbols. Check here so that +@@ -11420,17 +11429,13 @@ elf_link_input_bfd (struct elf_final_lin + { + _bfd_error_handler + /* xgettext:c-format */ +- (_("error: %pB contains a reloc (%#" PRIx64 ") for section %pA " ++ (_("error: %pB contains a reloc (%#" PRIx64 ") for section '%pA' " + "that references a non-existent global symbol"), + input_bfd, (uint64_t) rel->r_info, o); + bfd_set_error (bfd_error_bad_value); + return false; + } + +- while (h->root.type == bfd_link_hash_indirect +- || h->root.type == bfd_link_hash_warning) +- h = (struct elf_link_hash_entry *) h->root.u.i.link; +- + s_type = h->type; + + /* If a plugin symbol is referenced from a non-IR file, +@@ -11646,7 +11651,6 @@ elf_link_input_bfd (struct elf_final_lin + && flinfo->sections[r_symndx] == NULL)) + { + struct elf_link_hash_entry *rh; +- unsigned long indx; + + /* This is a reloc against a global symbol. We + have not yet output all the local symbols, so +@@ -11655,15 +11659,16 @@ elf_link_input_bfd (struct elf_final_lin + reloc to point to the global hash table entry + for this symbol. The symbol index is then + set at the end of bfd_elf_final_link. */ +- indx = r_symndx - extsymoff; +- rh = elf_sym_hashes (input_bfd)[indx]; +- while (rh->root.type == bfd_link_hash_indirect +- || rh->root.type == bfd_link_hash_warning) +- rh = (struct elf_link_hash_entry *) rh->root.u.i.link; +- +- /* Setting the index to -2 tells +- elf_link_output_extsym that this symbol is +- used by a reloc. */ ++ rh = get_link_hash_entry (elf_sym_hashes (input_bfd), ++ r_symndx, extsymoff); ++ if (rh == NULL) ++ { ++ /* FIXME: Generate an error ? */ ++ continue; ++ } ++ ++ /* Setting the index to -2 tells elf_link_output_extsym ++ that this symbol is used by a reloc. */ + BFD_ASSERT (rh->indx < 0); + rh->indx = -2; + *rel_hash = rh; +@@ -13615,25 +13620,21 @@ _bfd_elf_gc_mark_hook (asection *sec, + struct elf_link_hash_entry *h, + Elf_Internal_Sym *sym) + { +- if (h != NULL) ++ if (h == NULL) ++ return bfd_section_from_elf_index (sec->owner, sym->st_shndx); ++ ++ switch (h->root.type) + { +- switch (h->root.type) +- { +- case bfd_link_hash_defined: +- case bfd_link_hash_defweak: +- return h->root.u.def.section; ++ case bfd_link_hash_defined: ++ case bfd_link_hash_defweak: ++ return h->root.u.def.section; + +- case bfd_link_hash_common: +- return h->root.u.c.p->section; ++ case bfd_link_hash_common: ++ return h->root.u.c.p->section; + +- default: +- break; +- } ++ default: ++ return NULL; + } +- else +- return bfd_section_from_elf_index (sec->owner, sym->st_shndx); +- +- return NULL; + } + + /* Return the debug definition section. */ +@@ -13682,46 +13683,49 @@ _bfd_elf_gc_mark_rsec (struct bfd_link_i + if (r_symndx == STN_UNDEF) + return NULL; + +- h = get_ext_sym_hash (cookie, r_symndx); +- +- if (h != NULL) ++ h = get_ext_sym_hash_from_cookie (cookie, r_symndx); ++ if (h == NULL) + { +- bool was_marked; ++ /* A corrup tinput file can lead to a situation where the index ++ does not reference either a local or an external symbol. */ ++ if (r_symndx >= cookie->locsymcount) ++ return NULL; + +- was_marked = h->mark; +- h->mark = 1; +- /* Keep all aliases of the symbol too. If an object symbol +- needs to be copied into .dynbss then all of its aliases +- should be present as dynamic symbols, not just the one used +- on the copy relocation. */ +- hw = h; +- while (hw->is_weakalias) +- { +- hw = hw->u.alias; +- hw->mark = 1; +- } ++ return (*gc_mark_hook) (sec, info, cookie->rel, NULL, ++ &cookie->locsyms[r_symndx]); ++ } + +- if (!was_marked && h->start_stop && !h->root.ldscript_def) +- { +- if (info->start_stop_gc) +- return NULL; ++ bool was_marked = h->mark; + +- /* To work around a glibc bug, mark XXX input sections +- when there is a reference to __start_XXX or __stop_XXX +- symbols. */ +- else if (start_stop != NULL) +- { +- asection *s = h->u2.start_stop_section; +- *start_stop = true; +- return s; +- } +- } ++ h->mark = 1; ++ /* Keep all aliases of the symbol too. If an object symbol ++ needs to be copied into .dynbss then all of its aliases ++ should be present as dynamic symbols, not just the one used ++ on the copy relocation. */ ++ hw = h; ++ while (hw->is_weakalias) ++ { ++ hw = hw->u.alias; ++ hw->mark = 1; ++ } + +- return (*gc_mark_hook) (sec, info, cookie->rel, h, NULL); ++ if (!was_marked && h->start_stop && !h->root.ldscript_def) ++ { ++ if (info->start_stop_gc) ++ return NULL; ++ ++ /* To work around a glibc bug, mark XXX input sections ++ when there is a reference to __start_XXX or __stop_XXX ++ symbols. */ ++ else if (start_stop != NULL) ++ { ++ asection *s = h->u2.start_stop_section; ++ *start_stop = true; ++ return s; ++ } + } + +- return (*gc_mark_hook) (sec, info, cookie->rel, NULL, +- &cookie->locsyms[r_symndx]); ++ return (*gc_mark_hook) (sec, info, cookie->rel, h, NULL); + } + + /* COOKIE->rel describes a relocation against section SEC, which is +@@ -14735,7 +14739,7 @@ bfd_elf_reloc_symbol_deleted_p (bfd_vma + + struct elf_link_hash_entry *h; + +- h = get_ext_sym_hash (rcookie, r_symndx); ++ h = get_ext_sym_hash_from_cookie (rcookie, r_symndx); + + if (h != NULL) + { From patchwork Tue Jan 20 13:37:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79212 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C13E7D2ED1B for ; Tue, 20 Jan 2026 13:38:26 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6479.1768916298931767101 for ; Tue, 20 Jan 2026 05:38:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=yx+BObxt; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-47eddddcdcfso26193885e9.1 for ; Tue, 20 Jan 2026 05:38:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916297; x=1769521097; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=eyn11i7sB5tmSoFl0T6/xfqo5Na8td3Lr7A759lewmg=; b=yx+BObxtAE6ay4UGV4Gem+CV68m+7tIkF9LTdkll4IFUa+/l9pW4K3XMUb6NKSMqO/ qp3ggqH/Sp8fY+TtUrNgj1cm2hX4mNT93a3qyDpuydte/Qslihh6cIP3QMPk5riRArgN o4SpSAnQscfoht7ZrW+4HVQbmfAez9SCuD3LM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916297; x=1769521097; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=eyn11i7sB5tmSoFl0T6/xfqo5Na8td3Lr7A759lewmg=; b=QnPRyqcMbArCh170XAbelTmKCsx7JqfHDl1lxt38wwg8GB5wr90PT4VPFuhzxKC0a+ zKtF0H95SkLjxECgUXaJQ8YQfBUai4xhvhueATYJQJkpeLYrhwUfpsgaY5EDhknYMaea BQuO4o6fw8/Q0t9NbrkHBn430ME3MwRjH7YFhI0gc4sGRVd3DTzvFgljbIaihjw4Shc3 6QK7MXJFHUZ/yncOfsHarp9YNCrq3nzIap6Wd+odANnmBtecOH+uvs2jdCbkpSD9sHIy f7KxQeNy8DBTaX/6xa8DAK1aknF/WT5jODTtdjcHx+42L1ZuEzIrA5AxoNLA/EKiFtkc oLkA== X-Gm-Message-State: AOJu0Yz8R5wBMQ59SmJr055zMj4gkJN6cYyJ8T2atlmxcTi0xuyJW0qV UObXUntskLHGJe4V5fQHUlROQUhUDW4bxims1Utj1w5RfexeXoZru5AW6U9webUdhJ6ooo6+BBj /DGkA X-Gm-Gg: AY/fxX6zmjOQtN3gPT/MhCdHr+tWgkkNl1+hhQ9yjap4cFSo0LbzZtj2d496Ta3hOAe jL7rodNyv5dbEP2GGQrPPV0hKNXZOKS37pay9SId7yJKNYKvQ15unB3KJtEte04qev8MUJePm3Q Mml8nAWnwma1TBS5115v8p4iox8MKS4DHtr3wtrIIzmv/zNatS6p3BBBgwGj1ixtnnTMElKhzla 3DJYP8g7ZgDkwR4naPEVoVowN7yeLY49njLtx3J0MC5oRtiwZIhLPz1NA0lFKgWAzhUst8bwz9g dhZb9uzZbzHZGXmNdVCIqnxkWgLYH/rnW2u54Gqn89WOxVz6ODpvqLjrN2Yzobtytp6o0ukFF2i Xiw0DO1/L43Iph7EVQY8+eMx7PAdW/vFZ6R0ysOpT3tZY1lncehXNgZEIcmLG/gU05GJLh8SF7S LczVtKSLmcEZDFzZ5P5wTx8MsqjnNuSbK1xvVQ1wOokwbI0K5UbQznfPVu0LW83091NlhlQ+Bf4 FPILS+kh7mEtvi8F8ol9Mrwe+VGw2sy X-Received: by 2002:a05:600c:1552:b0:47e:e946:3a72 with SMTP id 5b1f17b1804b1-4801eb0e021mr184937405e9.27.1768916296932; Tue, 20 Jan 2026 05:38:16 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:16 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 20/26] pseudo: Upgrade to version 1.9.1 Date: Tue, 20 Jan 2026 14:37:42 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229726 From: Richard Purdie This brings in: * nftw, nftw64: add wrapper * ftw, nftw, ftw64, nftw64: add tests * Move ftw and ftw64 to calling ntfw and nftw64 * makewrappers: Introduce 'array' support * pseudo_util.c: Avoid warning when we intentionally discard const * pseudo_client.c: Fix warning * yocto-older-glibc-symbols.path: Add as a reference patch * pseudo/pseudo_client: Add wrapper functions to operate correctly with glibc 2.38 onwards * configure: Prune PIE flags * test/test-parallel-rename.sh: Add parallel rename test * test/test-parallel-symlinks.sh: Add parallel symlink test * ports/linux/guts: Add .gitignore to ignore generated files Signed-off-by: Richard Purdie (cherry picked from commit 994e508b2a0ede8b5cc4fe39444cf25dc9a53faf) Signed-off-by: Yoann Congal --- .../0001-configure-Prune-PIE-flags.patch | 44 ------------- .../pseudo/files/glibc238.patch | 65 ------------------- .../pseudo/files/older-glibc-symbols.patch | 4 +- meta/recipes-devtools/pseudo/pseudo_git.bb | 4 +- 4 files changed, 3 insertions(+), 114 deletions(-) delete mode 100644 meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch delete mode 100644 meta/recipes-devtools/pseudo/files/glibc238.patch diff --git a/meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch b/meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch deleted file mode 100644 index 43504eaab9..0000000000 --- a/meta/recipes-devtools/pseudo/files/0001-configure-Prune-PIE-flags.patch +++ /dev/null @@ -1,44 +0,0 @@ -From b5545c08e6c674c49aef14b47a56a3e92df4d2a7 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Wed, 17 Feb 2016 07:36:34 +0000 -Subject: [pseudo][PATCH] configure: Prune PIE flags - -LDFLAGS are not taken from environment and CFLAGS is used for LDFLAGS -however when using security options -fpie and -pie options are coming -as part of ARCH_FLAGS and they get into LDFLAGS of shared objects as -well so we end up with conflicting options -shared -pie, which gold -rejects outright and bfd linker lets the one appearning last in cmdline -take effect. This create quite a unpleasant situation in OE when -security flags are enabled and gold or not-gold options are used -it errors out but errors are not same. - -Anyway, with this patch we filter pie options from ARCH_FLAGS -ouright and take control of generating PIC objects - -Helps with errors like - -| /mnt/oe/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/5.3.0/ld: pseudo_client.o: relocation R_X86_64_PC32 against symbol `pseudo_util_debug_flags' can not be used when making a shared object; recompile with -fPIC -| /mnt/oe/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/x86_64-oe-linux/gcc/x86_64-oe-linux/5.3.0/ld: final link failed: Bad value -| collect2: error: ld returned 1 exit status -| make: *** [lib/pseudo/lib64/libpseudo.so] Error 1 - -Signed-off-by: Khem Raj ---- -Upstream-Status: Submitted - - configure | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/configure b/configure -index e5ef9ce..83b0890 100755 ---- a/configure -+++ b/configure -@@ -339,3 +339,5 @@ sed -e ' - s,@ARCH@,'"$opt_arch"',g - s,@BITS@,'"$opt_bits"',g - ' < Makefile.in > Makefile -+ -+sed -i -e 's/\-[f]*pie//g' Makefile --- -1.8.3.1 - diff --git a/meta/recipes-devtools/pseudo/files/glibc238.patch b/meta/recipes-devtools/pseudo/files/glibc238.patch deleted file mode 100644 index dfb5c283f6..0000000000 --- a/meta/recipes-devtools/pseudo/files/glibc238.patch +++ /dev/null @@ -1,65 +0,0 @@ -glibc 2.38 would include __isoc23_strtol and similar symbols. This is trggerd by -_GNU_SOURCE but we have to set that for other definitions. Therefore play with defines -to turn this off within pseudo_wrappers.c. Elsewhere we can switch to _DEFAULT_SOURCE -rather than _GNU_SOURCE. - -Upstream-Status: Pending - -Index: git/pseudo_wrappers.c -=================================================================== ---- git.orig/pseudo_wrappers.c -+++ git/pseudo_wrappers.c -@@ -6,6 +6,18 @@ - * SPDX-License-Identifier: LGPL-2.1-only - * - */ -+/* glibc 2.38 would include __isoc23_strtol and similar symbols. This is trggerd by -+ * _GNU_SOURCE but we have to set that for other definitions. Therefore play with defines -+ * to turn this off. -+ */ -+#include -+#undef __GLIBC_USE_ISOC2X -+#undef __GLIBC_USE_C2X_STRTOL -+#define __GLIBC_USE_C2X_STRTOL 0 -+#undef __GLIBC_USE_ISOC23 -+#undef __GLIBC_USE_C23_STRTOL -+#define __GLIBC_USE_C23_STRTOL 0 -+ - #include - #include - #include -Index: git/pseudo_util.c -=================================================================== ---- git.orig/pseudo_util.c -+++ git/pseudo_util.c -@@ -8,6 +8,17 @@ - */ - /* we need access to RTLD_NEXT for a horrible workaround */ - #define _GNU_SOURCE -+/* glibc 2.38 would include __isoc23_strtol and similar symbols. This is trggerd by -+ * _GNU_SOURCE but we have to set that for other definitions. Therefore play with defines -+ * to turn this off. -+ */ -+#include -+#undef __GLIBC_USE_ISOC2X -+#undef __GLIBC_USE_C2X_STRTOL -+#define __GLIBC_USE_C2X_STRTOL 0 -+#undef __GLIBC_USE_ISOC23 -+#undef __GLIBC_USE_C23_STRTOL -+#define __GLIBC_USE_C23_STRTOL 0 - - #include - #include -Index: git/pseudo_client.c -=================================================================== ---- git.orig/pseudo_client.c -+++ git/pseudo_client.c -@@ -6,7 +6,7 @@ - * SPDX-License-Identifier: LGPL-2.1-only - * - */ --#define _GNU_SOURCE -+#define _DEFAULT_SOURCE - - #include - #include diff --git a/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch b/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch index c453b5f735..f42b32b8d9 100644 --- a/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch +++ b/meta/recipes-devtools/pseudo/files/older-glibc-symbols.patch @@ -28,10 +28,10 @@ diff --git a/Makefile.in b/Makefile.in @@ -120,7 +120,7 @@ $(PSEUDODB): pseudodb.o $(SHOBJS) $(DBOBJS) pseudo_ipc.o | $(BIN) libpseudo: $(LIBPSEUDO) - $(LIBPSEUDO): $(WRAPOBJS) pseudo_client.o pseudo_ipc.o $(SHOBJS) | $(LIB) + $(LIBPSEUDO): $(WRAPOBJS) pseudo_client.o pseudo_client_scanf.o pseudo_ipc.o $(SHOBJS) | $(LIB) - $(CC) $(CFLAGS) $(CFLAGS_PSEUDO) -shared -o $(LIBPSEUDO) \ + $(CC) $(CFLAGS) -Lprebuilt/$(shell uname -m)-linux/lib/ $(CFLAGS_PSEUDO) -shared -o $(LIBPSEUDO) \ - pseudo_client.o pseudo_ipc.o \ + pseudo_client.o pseudo_client_scanf.o pseudo_ipc.o \ $(WRAPOBJS) $(SHOBJS) $(LDFLAGS) $(CLIENT_LDFLAGS) diff --git a/pseudo_wrappers.c b/pseudo_wrappers.c diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 405d2340ae..a4ce08378b 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -1,8 +1,6 @@ require pseudo.inc SRC_URI = "git://git.yoctoproject.org/pseudo;branch=master \ - file://0001-configure-Prune-PIE-flags.patch \ - file://glibc238.patch \ file://fallback-passwd \ file://fallback-group \ " @@ -14,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "28dcefb809ce95db997811b5662f0b893b9923e0" +SRCREV = "3fac97341f0f8270ca28a91098d0a58ca306a6bd" S = "${WORKDIR}/git" PV = "1.9.0+git${SRCPV}" From patchwork Tue Jan 20 13:37:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79211 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A667CD2ED19 for ; Tue, 20 Jan 2026 13:38:26 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6480.1768916299385035380 for ; Tue, 20 Jan 2026 05:38:19 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=E9OLVIz6; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-47d6a1f08bbso19181345e9.2 for ; Tue, 20 Jan 2026 05:38:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916297; x=1769521097; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=XStaf7ehbBJIePHC346sE0YpAQ0kf8A6IPlxMKxuwyc=; b=E9OLVIz6JFsImuJpdpt4QVQpvCLnUEYr8FOPez6EnCBee+DhsW6Le0OUsNShZ35m2G wriCj1xp0N90gpq0Ge4EwKS3A8dBLew8CzQ4EsszCE6dOqaXWgngJsz5W9jM7MZI35ef Q/kccCarPDf6QJMRePVBimUK0SoawGxHDa4Kw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916297; x=1769521097; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=XStaf7ehbBJIePHC346sE0YpAQ0kf8A6IPlxMKxuwyc=; b=DfyJYsJeKy+pf08t6PBmMh2liiRjr2pVV2g2m8vppVmrdqxG9JPxsZvaX+Ld5N5+NF 8Cj6kTTy4R8QYjqVT5XVSsb0d5dift2GJQ0CVUEgMk6+sGubSEBBTKs4FwvMBGzf9TA0 /hOACqACCvzFuomILyLB9DpkXMgJdcsV9O+6uYTprVQNDLIC9n+58W1gwLQgkeoTM9lF AbU3i6Y9QriDVY783SdYze77QCGDQXDkNBxpVUu32iobNzCGbvGYLa6Lv9g3dW5zDFZ3 JfKNU/GVkSVtyvHZHmwEMPEAdVh5CspzAe1IlCfKDMr1vQRvWfvvi/uSPfBjBCdiK9Gl E6AQ== X-Gm-Message-State: AOJu0Yx59JpNlW93L04YgP09rRKwvyNKkd+MNi+nY48Rc2SDxcel2Tkl D4tOE3GQUk6rE4DJbHv70CxQi/LZANd7yunemjktRlTuu32C/5b/8miIFoSH7gz+Ao8gPQma4Ao LB9ud X-Gm-Gg: AY/fxX5C0WHK9WXcPxHvPw2udVa+6TF+VtWSCUZORcEf4NEVV8Mqwm1LXRK2SecOxc/ P7YHZ6G06OCLikektGxRrxjIuH4fcMc46ZeSSEkpy3rqw1ZJRZD15o2ED6RXZh2jS0TPaW5IMLZ 5P2KQJEQqLV+C017ZMeo8hK135x9LxFlDHAQ1tSnljW/3uydFf5LTZzkMXVhZUM9n04+di902VX XvIQ4ksWgw2UtQfxmJlCGS88vOVKKU2R87LMRnjwBStxAmH5CjezOwsPo9q60iXvLYqc51RBksF cYshgx/E5uZq+dcaxxIx0SR88b0qGc9tLj/wbImd0LV/uRaa1picIQYD0Rqkjalw/TRZgrpcLVo v+vqPNuVEYA/bzOloS8Z7sTurPqoIbkBEfMrvDpTcqMC8g1D5tYIytu45/+BRofTxfwAN9XgaWs T9FAdNOI7NM5H47D1Yt/AyonU8ykfr+dXSGyW9csOfoQwQNy04ZOpptPOda0vtPb2mTlVlZK2Tm gx6jTJmjKjLytEpgSJG2Q== X-Received: by 2002:a05:600c:8109:b0:480:1c69:9d36 with SMTP id 5b1f17b1804b1-4801eb04f54mr180878705e9.17.1768916297561; Tue, 20 Jan 2026 05:38:17 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:17 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 21/26] pseudo: 1.9.0 -> 1.9.2 Date: Tue, 20 Jan 2026 14:37:43 +0100 Message-ID: <829a0d214c3f47d37f6d8b00404243a021dfe411.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229727 From: Robert Yang Signed-off-by: Robert Yang Signed-off-by: Richard Purdie (cherry picked from commit 48a42747fd280ce68283e1491971d22273e3bdf2) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index a4ce08378b..a4053ac2b3 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,9 +12,9 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "3fac97341f0f8270ca28a91098d0a58ca306a6bd" +SRCREV = "b4645cb30573c5b3d5e94b9d50e1e2f8beefe9be" S = "${WORKDIR}/git" -PV = "1.9.0+git${SRCPV}" +PV = "1.9.2" # largefile and 64bit time_t support adds these macros via compiler flags globally # remove them for pseudo since pseudo intercepts some of the functions which will be From patchwork Tue Jan 20 13:37:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79209 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95A2CD2ED18 for ; Tue, 20 Jan 2026 13:38:26 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6488.1768916300248772889 for ; Tue, 20 Jan 2026 05:38:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=mMV/4bt+; spf=pass (domain: smile.fr, ip: 209.85.128.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-47edffe5540so46723355e9.0 for ; Tue, 20 Jan 2026 05:38:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916298; x=1769521098; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CxFzTdELuvDyhxJP5nyZKkd9y3lisDk3ncC6TvuEu2Y=; b=mMV/4bt+g2KbI1MmDP+Ji61SilZompVm4VYevenrqBV0kkenweQUGXFvynGL36PsPz ZmY408v+oQanutjiIKDcqiM0mzsApbl2qD19cp1BEH5lTXdaG8kPXj0cfJKJMpjeyRsQ 8Og5FdNr/okurrnotiawvrz4KxHA2NLsci0Ow= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916298; x=1769521098; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=CxFzTdELuvDyhxJP5nyZKkd9y3lisDk3ncC6TvuEu2Y=; b=u5mpo2OS09osHMYfIAg8MkfSapWooiWgRJ0hKLFrFayFXoU6Pc+fzvH/+4TPEABrV+ 38YCyH0PJQcxa9LoVTSGxqauTgGs+82fMnDXF3nGR7h9HpnzajyrnVwRcGFGvfVnLAA6 mNUCFK/o5G3R2RUNkIDpuGjpz4zEm2uFREe7HFmCiktU/NfQOV5HCDUqIq814n3Su4Up xGO8yFzRE18OVDkMuYwUcdbYKvNHuDR6XxNqqIs0Wi3mPFRWKFcUHjQ2wbve+VMHbYQX ULKAwU3855AlwCxCEzZ6r02crb0xWNiiUDOJPL7YEdUUzAPVUCw6FpBNoBUWu2Sl8kzf gkWQ== X-Gm-Message-State: AOJu0YzZ9fOfurqCxROdaiJKs//nOov0C+p9oRoKvvGfMqi14eBfIFyz 4VFT/1k4I/3v57LuX34HcE8LPH8ri0Z5KeRPiQ9M5NiPKA8HXFLU44Jzn2FUNPv5oHqLA95SlTo Ubmsf X-Gm-Gg: AY/fxX7vvb3SpzogS3bx+/ixGkVyVY1yVJ4EI2Idw3LqpB8wqqFmh0Neycv6emcu/Mq j34mPgJY9vLgqv0h26oh/ouhKaoGG51sBmiqFy4C8/Ay5bT5HUr2w9OEKU2YnxK/JF9QIL6VEeA P2V1F5k/t3Ny3t+kDZl3USMqJvk7rsdaNEz+ilfHbEGgju1b7YPMPj400Sk3pDsrgSjocHKmdUH k3n2GrSwf9nO0vELSS1/zKW/7+iepD9BJ+6MDNEn65wLhDI9etKJNJzzU0M/34xz9M7lCTNgCmx IdN1aIK5COE7XSV54dYZl3Z06cXcLYlB6cSk3hPv4cztSVU96C77ed+eVvTMhQJidHrKv/QgQpP HoWPcLpVyq21FHnhh7KBSvlYbtQaQdI6u763wIqRfaCm4hK0WwxvUxsHvhyhGSRz9kiP0Mltese P3hhmvJ7FG9uxRyz9j7xI1C+Z9RrRITayXL6dnwGjhaxRLsM0cr8iYNa4na0i/5zaED5ZTYofP6 gQD74jwxmJmqtSAStbzyA== X-Received: by 2002:a05:600c:8b75:b0:477:9574:d641 with SMTP id 5b1f17b1804b1-4803e7e8531mr28254215e9.22.1768916298438; Tue, 20 Jan 2026 05:38:18 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:17 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 22/26] pseudo: Update to pull in memleak fix Date: Tue, 20 Jan 2026 14:37:44 +0100 Message-ID: <57d6e1370748d227d8cb21ca1a04b470a345c383.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229728 From: Richard Purdie Signed-off-by: Richard Purdie (cherry picked from commit 42137b6f97da0672af365cd841678f39ce5907d2) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index a4053ac2b3..4e31748cc4 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,9 +12,9 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "b4645cb30573c5b3d5e94b9d50e1e2f8beefe9be" +SRCREV = "d1db9c219abf92f15303486a409292237f1fc790" S = "${WORKDIR}/git" -PV = "1.9.2" +PV = "1.9.2+git" # largefile and 64bit time_t support adds these macros via compiler flags globally # remove them for pseudo since pseudo intercepts some of the functions which will be From patchwork Tue Jan 20 13:37:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79208 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9AEEFD2ED17 for ; Tue, 20 Jan 2026 13:38:26 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6483.1768916301157770447 for ; Tue, 20 Jan 2026 05:38:21 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=NETTIVID; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-47ee07570deso37188585e9.1 for ; Tue, 20 Jan 2026 05:38:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916299; x=1769521099; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=43uA3w4veefmnXhnhAd7FGhTHNfEexB0CNExXSaybxw=; b=NETTIVIDKkE8TOdR78oIabqchvsZQJi13xNPrKHf5whaZ3XND/VWJAFeTRmVbXIL6a /3GEeZCIqXDAMvnW7bQETVAAkcxLwchxVD/aMgS4eAs323P7daJXhxmY8ZYYaDVeA9Qy xVYL16Jfx3VPXSfDLvkP8xJVo2286QuHQRy6k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916299; x=1769521099; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=43uA3w4veefmnXhnhAd7FGhTHNfEexB0CNExXSaybxw=; b=X+CkxVb8wFAlp378rdY3AnGsU5cq1upQDskLzuhqLPoxy+HDT+fWkO7fEDUtIbTruf AI0xwoS31heiyr0t3q+kg9pPswA+sJbhuJE9AXixxUu7FRFUJ4HujampO9iCdLQYY7zb HnE4xtiQQuIBqtKS1BwBoJppSShjjV/qUyUlCCG4/kuRFnFQPcppLy4v3owBQTcIGYSI in5Ca/hB85pxCQGmyTbevOu/YzyJvlAovKhISefVB8DYdn4rvIzR+rnzn5//UJdsl5BM mP27JnDZxVmLiunMmPD6XPsEqwMABYmh6j3Uc+FIfJh+R9JdhKa9pZEsYUtdLMM8Hj2Q ZXww== X-Gm-Message-State: AOJu0YxbqnbVwpSCXw2pvx1v7eu9MzQgrV3R3SORnuhn60Nw+Ovil05h mmNT7kdiLVXO9J2CKMjpDRG15KxeXcfOR5OXCOqKsuz07rAgDWaEEBRrniXXB4mBHGhPQQxZGgl G/uis X-Gm-Gg: AY/fxX64negYTJeGa2Tgpt7Q3AquK0e6HEyNhytmpXOYUD2atq6C+nKMlFI2U6LogYv 2rtUVuXkn0RhtIQfADch4iRJVVFz247febA8LJ/vfCsAEru74HADzqvi28czx8J+UvlnrVUolYy oSDZ4sUhmpx5HXWJKtb+rJcooCTqLxAdJX/oG531/7nmHSfQolMPKgI2464EYLDT4MnpphodES8 ulxnJgrjW3B/I12SLGZ55B/vWKH88fRRDYmz1HSY7S+MiM4pbNt4qN5xW7HgY4dG5YRQVEN1VkU 1uhleMwcycj5vGcJFyDt/uC9aDJw7GRhG3/oEDHp1q90JY9WGxHwaj4r+D1pwTf/5Qt9XCPYuI5 7/hSufmgpa1hfO+jfphSsw0cew2IMGRjgkkOHnCHm6oCd6tgfcRZ4PMbmAWmUpZW2W/qh9emn1O 3MWTNGPQJsscf6pTNFM2xxCD1GGK2Ou3zp7tzamJhaj6A7XKEbj2y0w6WHfibw/Mn/E8MrxbpxX l7j0DTO0YlPLWfuBZI7VA== X-Received: by 2002:a05:600c:35c2:b0:46e:4586:57e4 with SMTP id 5b1f17b1804b1-4801eb09296mr199431715e9.24.1768916299327; Tue, 20 Jan 2026 05:38:19 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:18 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 23/26] pseudo: Add hard sstate dependencies for pseudo-native Date: Tue, 20 Jan 2026 14:37:45 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229729 From: Paul Barker Where a task (such as do_package) runs under fakeroot, the corresponding setscene task (do_package_setscene) will also run under fakeroot when restoring from sstate. Assuming pseudo is used as the fakeroot implementation, we need pseudo-native and all its runtime dependencies to be available in the sysroot before running any setscene tasks under fakeroot. We already add a hard dependency from all do_package_setscene tasks to virtual/fakeroot-native:do_populate_sysroot in base.bbclass, but this does not cover transitive dependencies. So, extend the dependencies of pseudo-native:do_populate_sysroot_setscene to ensure that the sqlite3 library is also available in the sysroot before running fakeroot setscene tasks. [YOCTO #15963] Signed-off-by: Paul Barker Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 2c146ca657440550e00bc5e53d13502ef7aa945b) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo.inc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-devtools/pseudo/pseudo.inc b/meta/recipes-devtools/pseudo/pseudo.inc index 7e09b6d58c..9c191560fb 100644 --- a/meta/recipes-devtools/pseudo/pseudo.inc +++ b/meta/recipes-devtools/pseudo/pseudo.inc @@ -156,3 +156,10 @@ do_install:append:class-nativesdk () { } BBCLASSEXTEND = "native nativesdk" + +# Setscene tasks which run under fakeroot must not be executed before +# pseudo-native and *all* its runtime dependencies are available in the +# sysroot. +PSEUDO_SETSCENE_DEPS = "" +PSEUDO_SETSCENE_DEPS:class-native = "sqlite3-native:do_populate_sysroot" +do_populate_sysroot_setscene[depends] += "${PSEUDO_SETSCENE_DEPS}" From patchwork Tue Jan 20 13:37:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79206 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8FF00D2ED16 for ; Tue, 20 Jan 2026 13:38:26 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6484.1768916302094279641 for ; Tue, 20 Jan 2026 05:38:22 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=u3tGsnyA; spf=pass (domain: smile.fr, ip: 209.85.128.50, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4801c1ad878so42597765e9.1 for ; Tue, 20 Jan 2026 05:38:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916300; x=1769521100; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=APiuQhKOmgPihr/ovs4gB/ei0IAq9h+zfvTFvpNb6uY=; b=u3tGsnyAZgwjBaIiMPll3pJkXbphUF4qodzwlY0sFNejCJ3MyUjzLl86Yy03F1XXDB QF+Y4iF0d7lOPX3QCEwmEXslAovtxbD1HhSRV3h2tx1by43sKJLMhn111/Cfr78pt/7S MKHa6eQT6qUM2VeULkOJzasSrw+7iG2AxxDTc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916300; x=1769521100; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=APiuQhKOmgPihr/ovs4gB/ei0IAq9h+zfvTFvpNb6uY=; b=TlDT2iY8RqmDa9d8ZGklMUUStBBGmgeUFCAGO39ji4rLmXfO+NWVhYHcF4cX1+3Pk7 Waox3UD1QjUG4WnmRkkbhlAeXkNTZxaoxnZAH4KZ+iR3E8TQU0KrrYdiPUojbBWOIr97 6xVfGltdAcKtyuHhEscJ+tQ4OtmxOCoftdcUPPs1TAcxTkBUDnyIhjgRyLPpElD3vcRb 6S0gVXktXyQbs/sVNk9BZXzCsygga0QgawcS17SF8+K3dRhaawOe/SrtIO4zVVO84du3 ldMr9fbGUDuwlkYknKbZsT4W250XaZZtOkG9jqqlWvVrkkBum7Lsu3j5Kjipe+NdYK+o TDkw== X-Gm-Message-State: AOJu0Yyq+AxANIrhLGZQ5kdIHPLaklUeB43enLqkmRIrbi1O7OgaEVD1 4PakCGWbbC8ZYvJQ4S9RCAJBTysH3HdwP2YjWEz1jGthAZVcR+QIQ46DwUSFMIOmtobO06zvTcI 4HG6d X-Gm-Gg: AY/fxX4t4PIWGFkS6E5nnG9nyqqn4LWQhzb9K6uJW8e/pPafw2JLMi+5Msc91K75JtT hcxfy5uk2HVBfW8kQgSIEnyTS9kJ3izLr9OU5hm8kQOsbnTO5nP1EFJkZQV/SOFPhTx8odWK/aR brjMrsfnBnvfIxLQcCvKDGLJrLT8w7T/3VTSi/AsKWmzZV03w64QwEHWbDDDraRMh3STKsTmTEq n850pPKqKboEvxIoQXWiLxWsgmg+jRGXrXJkRCr6g2wHq6exvvC/K7SpLfc2Wi+ZZC7/FnhhPCk okfI52cMI4A0UL2PHFAo7mvQqXBPwZqtZ9WzKSvnrhTGgfr3AVBULYb07Y4Q902uzQuSmT7XG8u 6Ilh29iDBughf79uL3HoxaIJmAQmjcUwf8scguus1i8zUCKMsN4LdO/ipHfjEqVZgkxy9110WMr nOteHzLlAWyhegDIwTBYg8Ckd3KzNLxe8Vz4KDayVd4fZ6Ddyk+Zzo7EtOszT/xXlaE5vlE/Trz UuPUjeBi1RCy/XDNfYufA== X-Received: by 2002:a05:600c:3e0e:b0:47a:80f8:82ab with SMTP id 5b1f17b1804b1-4803e7e8592mr25572485e9.24.1768916300171; Tue, 20 Jan 2026 05:38:20 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:19 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 24/26] pseudo: Update to pull in openat2 and efault return code changes Date: Tue, 20 Jan 2026 14:37:46 +0100 Message-ID: <771c70fe0d68302a006ddb4be5a30771f5d0f1eb.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229730 From: Richard Purdie Pulls in the following fixes: * makewrappers: Enable a new efault option * ports/linux/openat2: Add dummy wrapper * test-syscall: Add a syscall test * ports/linux/pseudo_wrappers: Avoid openat2 usage via syscall which should fix issues with the tar CVE fix on Centos/Alma/Rocky 9 distros that uses openat2 as well as the efault issue breaking rust based uutils. Signed-off-by: Richard Purdie (cherry picked from commit 51f1388dd1679a28ec3ca468cf16aa0ea32bccf9) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 4e31748cc4..31d473cf67 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "d1db9c219abf92f15303486a409292237f1fc790" +SRCREV = "9ce8c09980af23ebd4ebf072010469882d0459a6" S = "${WORKDIR}/git" PV = "1.9.2+git" From patchwork Tue Jan 20 13:37:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79207 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 894C6D2ED12 for ; Tue, 20 Jan 2026 13:38:26 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6491.1768916302713508806 for ; Tue, 20 Jan 2026 05:38:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=errhaScN; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-47ee4539adfso44798705e9.3 for ; Tue, 20 Jan 2026 05:38:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916301; x=1769521101; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=C7R5cglNmpbUTbkBObI1Fnz3pw9dow44tsfoaZQn0vU=; b=errhaScNXYQ7Lik8rkkimxBDgMZoiGFEnXuw0aHoetsKYIn77MQxOloFjrq29g3xZZ JnzVjwbBwU1HIdEw3GoA22kaT/MmNjOHNBXZj0MQmfY5yFzbLzJEVu9qTodnyTtgr/PA kLUh4vCaiBeuxE1s5lKbA0A0SgWwVyKOEnIYI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916301; x=1769521101; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=C7R5cglNmpbUTbkBObI1Fnz3pw9dow44tsfoaZQn0vU=; b=HA0B9VTtwKoDzERP0yJfFKEGtaKIPyq7wnHN5LXR68mW+8DDZyQtAPn03/Y65kpD3u cSCmUeG5CefdgBdKpcDt0dEFTIsm57FCKx8y/W4yGg3bcStvkvGsvY3grxC1v4g/aVde ywlIYEbKCJvYLb+X5QTTXD91kLqvJTSl6hzFvdulszDeX1bjevQM5OlAILNdqCShFsBy rjHxK0C4qXJQnNy1Qn1Ueg1sS/q2aUaR4L9Y2pkv0XdVH5B6rmWzlWmmbAiK6XNv/rBg /tf8xZgXk+ARF0jWbbz/kogUGjwETz1aNX6aQSodfWXOZHo7C7ArQub0FlQb/ptloay/ iiNg== X-Gm-Message-State: AOJu0YwJka54jOHqv3JkZEGy8je72aNSgSN11AL31pEZJOxpZzlVXSA5 kYEMH+Fz57NYduyAX1oP7a/jI2ZC5KlOzD+jI10PD9ww2P6tz8ubIEUUSWVjNZdpTMjgRHtcBSp 5UNt5 X-Gm-Gg: AY/fxX5X1rhMN29zRZ6qfqMpyUYpx3o7SracqPsBBOmfnTBqc8zsIRC2wp9TD6HyAPB BxFYabFC7PRZrdJ7l2DPPstQMmO921D5VQno2rqgyQixhKiljxMYU3mxzvX05qs8FfR5yDYIKpq BMUx1vMXsKDGc/rPSQDJsvEF/0U7VMwMaPWv3k0GQpkUIYfCyOI1nxhI/K8eFxfUASq5uMetjgM 4vB+nXgBljCZdA9dVxINSyeudwWpHI0kiw1H3uuyJETpYRhbZOmK0ZZKgAaLiOr/GQ5mIS+UwYv 1eOaCEt2ba0dlFgiMJwj/9j4J2D6L8UkopeVSHglSyPNMTgHCOZNevIKQDbuRG4Ch1iXLRfCCEn cXqb2djYuFgLlwsxXgm7ASTpzhZTRDYsBoj0NfmR4AdGjCv1ffIKmcBimJC8Uc3QH0OQoatYeK4 IKRdqzv6ou7E1EG1cJHatTUq3XDsgFAvlZENbwDC9dDywP59mGI3UUd3cb65JkQXRLGAgYiuxTO LPktqQlp49byBYqLp5YKA== X-Received: by 2002:a05:600c:1d05:b0:477:fcb:2256 with SMTP id 5b1f17b1804b1-4803e7e7c62mr30439175e9.17.1768916300717; Tue, 20 Jan 2026 05:38:20 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:20 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 25/26] pseudo: Update to pull in 'makewrappers: Fix EFAULT implementation' Date: Tue, 20 Jan 2026 14:37:47 +0100 Message-ID: <092488b12817ae69204d287b1c0365710820e2ac.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229731 From: Richard Purdie The pseudo update was causing hangs in builds, pull in the fix. Signed-off-by: Richard Purdie (cherry picked from commit 8acdbefd0a148c8b7713f46066ae8489984c5d2d) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 31d473cf67..dae4f4bc84 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,7 +12,7 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "9ce8c09980af23ebd4ebf072010469882d0459a6" +SRCREV = "125b020dd2bc46baa37a80784704e382732357b4" S = "${WORKDIR}/git" PV = "1.9.2+git" From patchwork Tue Jan 20 13:37:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 79210 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C9F2D2ED0F for ; Tue, 20 Jan 2026 13:38:26 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.6485.1768916303139138935 for ; Tue, 20 Jan 2026 05:38:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=pvGA+9a2; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-4801bbbdb4aso27713035e9.1 for ; Tue, 20 Jan 2026 05:38:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1768916301; x=1769521101; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ilMKlRQY/10UAVKjx7aQWg6+R9GK+WobpA/H+LHEURE=; b=pvGA+9a20MmBTejPFT/hW8rW6Pr1IeUlik/aFxGQ1yLFZc05jvqbu1AwyFa1cjm8b0 +QxthXJiTOpevA1kAC6PO7Ryp1HHPVtrpvGGDf2oSLhirEe4luT1uTvuYQqWuxjiN75J Dsha3hyEdRfNYrTPkgituAuTV10AXLrqntgWk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768916301; x=1769521101; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ilMKlRQY/10UAVKjx7aQWg6+R9GK+WobpA/H+LHEURE=; b=V013S2eRIIN+ewBNv6ytMDu9ct77/8iTnsGUMrsHh6CAq7poYvV4xGrX+q2GTln8N5 4KG/YI3YWvXXmjsjHpoL8cggK1+L/roDqzF7Okcuyc4m9HETO/dF8IFUUaMrunqr8CW0 nkmt0VnMmMv1Xbux3WgxaquFO4FmLzNXBAGGBbWiBXKx5zAw/Pm4J0PL2+WOjUyMYMXb PFDXIfpgiXpij2XZgcVmykD3kGoy9xtoOn1OBqQOHouP5C+89FbfmVX2IvDc86RVTQNw zFJC8FSJ0UwGRUCiK9XFouogqDyV+DequxvddRGv/LiWe32/d+szQXmNVGAHzuJNOL26 f5gg== X-Gm-Message-State: AOJu0YzdgWIhLZnYqVnkdz9y7GJYbbmFX/1YA3ADKeml23C9d70VF6eG buoZkCwWA97rucmlI1oPZkYimwpFiqjRu3IQUgnYekLu1WFSinnf7vUKYpVNckwwyoI3MnvwaxC 80zJD X-Gm-Gg: AY/fxX5UJJT59nXjVd6muqF8coHkJfB0tTohck/n1/PD3nf2plS4NxaZklBvAy+jgim TO8sAIHQOlqMuV78fz4DHJ8isokl6LYt5WOXEu2nD+/4+GysbNcsNg+WetjGlOqgaqi9tGMl8qm lFbfLcqOhrAHH9KBXox4mRZb00hDi/S3jXzKfAV++Pp80CSzKmBH6bnRW5S1YLcBDWFerN6CBit cp4XkY1Vb1SvNBJMttbWqZP3tTQ3AY5pN02XDRytrBqzlHvhvVofSegIjhdD7+hTYVnahgheUNF Qim0GJScUPPe+D1AllpHp6HkqIp5swCp34WUDkU2OVdk535y/VUPU/AhjBVDuvOQ9pXmnyfdXtl jpqAiM/gNbG62YKJwCfprNT5G8GNhnjU79N5v2OeuuZjtuTch04ZTh0+S8+a4qxY8PyfEj+dhWQ XjY7CG/DmRMfRAaoi7AJ3u2WMVp2QjHjfqKnJWlQND3gQlfg7ThVwKy9yjZNHjtA+z+dcrp9z4H YeuREBK4iRRg0hDhxlYNw== X-Received: by 2002:a05:600c:8184:b0:475:d9de:952e with SMTP id 5b1f17b1804b1-4801e530d08mr183396255e9.1.1768916301288; Tue, 20 Jan 2026 05:38:21 -0800 (PST) Received: from FRSMI25-LASER.idf.intranet (static-css-ccs-204145.business.bouyguestelecom.com. [176.157.204.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47f4b26764fsm303400035e9.12.2026.01.20.05.38.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 20 Jan 2026 05:38:20 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 26/26] oeqa: Use 2.14 release of cpio instead of 2.13 Date: Tue, 20 Jan 2026 14:37:48 +0100 Message-ID: <20ff1a4ac744855b54952d7fad7424696500a230.1768914702.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 20 Jan 2026 13:38:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/229732 From: Khem Raj 2.13 may not be buildable with latest compilers without patching Signed-off-by: Khem Raj Signed-off-by: Richard Purdie (cherry picked from commit 406a33f896accc35a9cb6ab156f1e0f42dda67d8) Backport: Fix [YOCTO #16137] by using the same archive as the cpio recipe, ensuring the archive is in DL_DIR and so, avoiding reaching unreliable upstream server. This upgrade is safe to do because this archive is only use to test that it compiles. Signed-off-by: Yoann Congal --- meta/lib/oeqa/runtime/cases/buildcpio.py | 2 +- meta/lib/oeqa/sdk/cases/buildcpio.py | 4 ++-- meta/lib/oeqa/selftest/cases/meta_ide.py | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/meta/lib/oeqa/runtime/cases/buildcpio.py b/meta/lib/oeqa/runtime/cases/buildcpio.py index e29bf16ccb..90abd98c40 100644 --- a/meta/lib/oeqa/runtime/cases/buildcpio.py +++ b/meta/lib/oeqa/runtime/cases/buildcpio.py @@ -12,7 +12,7 @@ class BuildCpioTest(OERuntimeTestCase): @classmethod def setUpClass(cls): - uri = 'https://downloads.yoctoproject.org/mirror/sources/cpio-2.13.tar.gz' + uri = 'https://downloads.yoctoproject.org/mirror/sources/cpio-2.14.tar.gz' cls.project = TargetBuildProject(cls.tc.target, uri, dl_dir = cls.tc.td['DL_DIR']) diff --git a/meta/lib/oeqa/sdk/cases/buildcpio.py b/meta/lib/oeqa/sdk/cases/buildcpio.py index 00088d0ea0..2e9d4f5f18 100644 --- a/meta/lib/oeqa/sdk/cases/buildcpio.py +++ b/meta/lib/oeqa/sdk/cases/buildcpio.py @@ -17,10 +17,10 @@ class BuildCpioTest(OESDKTestCase): """ def test_cpio(self): with tempfile.TemporaryDirectory(prefix="cpio-", dir=self.tc.sdk_dir) as testdir: - tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.13.tar.gz") + tarball = self.fetch(testdir, self.td["DL_DIR"], "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.14.tar.gz") dirs = {} - dirs["source"] = os.path.join(testdir, "cpio-2.13") + dirs["source"] = os.path.join(testdir, "cpio-2.14") dirs["build"] = os.path.join(testdir, "build") dirs["install"] = os.path.join(testdir, "install") diff --git a/meta/lib/oeqa/selftest/cases/meta_ide.py b/meta/lib/oeqa/selftest/cases/meta_ide.py index 3dc81b20a7..1432736b7e 100644 --- a/meta/lib/oeqa/selftest/cases/meta_ide.py +++ b/meta/lib/oeqa/selftest/cases/meta_ide.py @@ -40,7 +40,7 @@ class MetaIDE(OESelftestTestCase): def test_meta_ide_can_build_cpio_project(self): dl_dir = self.td.get('DL_DIR', None) self.project = SDKBuildProject(self.tmpdir_metaideQA + "/cpio/", self.environment_script_path, - "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.13.tar.gz", + "https://ftpmirror.gnu.org/gnu/cpio/cpio-2.14.tar.gz", self.tmpdir_metaideQA, self.td['DATETIME'], dl_dir=dl_dir) self.project.download_archive() self.assertEqual(self.project.run_configure('$CONFIGURE_FLAGS --disable-maintainer-mode','sed -i -e "/char \*program_name/d" src/global.c;'), 0,