From patchwork Thu Jan 29 06:31:25 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 79955
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 06C57D358C0
	for <webhook@archiver.kernel.org>; Thu, 29 Jan 2026 06:31:35 +0000 (UTC)
Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com
 [209.85.128.53])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.9716.1769668292733484204
 for <openembedded-devel@lists.openembedded.org>;
 Wed, 28 Jan 2026 22:31:33 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=awtFZhiL;
 spf=pass (domain: gmail.com, ip: 209.85.128.53,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f53.google.com with SMTP id
 5b1f17b1804b1-48039fdc8aeso3179565e9.3
        for <openembedded-devel@lists.openembedded.org>;
 Wed, 28 Jan 2026 22:31:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769668291; x=1770273091;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=JPb75yUWEo+TeuUUqlDh0LMpj+i7g5kp28UxzODGm/A=;
        b=awtFZhiLA6zTmvj2bdTX8dlb4h2J8lwpyDZGil6zBMYV06er/O0KSD54kH4QTef42G
         2cR7720C5mOJlgQDNWZeVpHMJ3L6MTOKMyEWqyHQwNNzgFoZDVzVGnpBKVx58DVgiSz/
         0rsSZ8HbJWurnwA7XYnpSWXDYjklt6+1gxyB4cgn9vGqR0fAqD5uUcfuBCfP/fwti4Cd
         WqoulhwBqwph5CJfuqgFRzaBmUX4nLdm1YfeSJTN5tqnRJ38mvfbEgaD63fYB4hw9/ij
         NuzG3QK7H7uTCe9HikNkJNHyTh3D+FZhXfn0f6Ij/SK97tCHN8/FeLIi28RDDi1Z4I5J
         iL1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769668291; x=1770273091;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=JPb75yUWEo+TeuUUqlDh0LMpj+i7g5kp28UxzODGm/A=;
        b=EneoEdDjg1T4nZizIBGRkzROZflZojC2uOJ4Ut/BiByAmZ1ISkksu6CoKorXUJ45i3
         gcSu3IiqnOD6s7DGMZuUv4KnGFzP20gDMakcwdqrAxskkT+BzdGjjsXIo4V8kPKkCXPO
         C6W5N909liZ6W+VS/0fsEnPbyr6cw82oMaxETKiE9FnYUi8h35g8ItEKOi/KGG8WQ9jI
         EdXzrEDm+wjxq2QYuMuJ+J79h0FtLhEqWsDFWal5GlwS3FLH5gvYgf9tCihxW4t2tfpE
         EJGmwyTiXzSbXkHY5YFXF4ztDJi55KDzpXepEXlhfizokUyuBPo9eGMrcHdipWwmpaOz
         gNyg==
X-Gm-Message-State: AOJu0YzB9zMtEwskDHyuCkEgSzH2QrbJ7+TjhJx/helUzIA64dq71Vol
	n8JcqxEw7DixGAWED7N4Ft5nvsNEgOyD7ByKUhwIGXcrOKUyO9dhkDa5BsQjAw==
X-Gm-Gg: AZuq6aKtQ82qb/Sv4gm/Thq30vDGmkPObz3SbN6DH14E3igMoxPY8g6Azatqw223JZO
	m/NGVb90N8UbOHOSROycd5uajeYABRjWbmnjNh6pqaUfgOa1WyjnHKjR1uEcZuqP70bCx0Ff0P6
	9O6N9Z5pl2X13q5Q4l+EV/XsjeMuXTQyljQITdUfQcMAnrHsZZ80N2GvvGbx1FHhXzaCFLiaDuc
	omxlUT9mh7TxBmE86oWvWbxLPjw9VUx2u8FwJ3hdSzzKTCAQUZ+8xWYHGFuI0qI8tGba50Xv6X1
	0SXhUFjzv/juI3T7Ke+Mkv16RWiq7wXMkyMW96RtclquesqnyDuYQHG2tjvOZZL5q6+ccEO5Zon
	CT8/rbF12Yge0xHNFiPchWQtf4IuTFpR3nXx82fbVALHA1ju/S1tekVVFbWSh8gQSIS0Sekk+c/
	O8BBD7nNAqEK/tecIoJSI=
X-Received: by 2002:a05:600c:1381:b0:480:1e9e:f9b with SMTP id
 5b1f17b1804b1-48069c35120mr110598945e9.16.1769668290823;
        Wed, 28 Jan 2026 22:31:30 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4806ce4c3d1sm110750835e9.9.2026.01.28.22.31.30
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 28 Jan 2026 22:31:30 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][kirkstone][PATCH 1/5] python3-twitter: mark
 CVE-2012-5825 patched
Date: Thu, 29 Jan 2026 07:31:25 +0100
Message-ID: <20260129063129.223926-1-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Thu, 29 Jan 2026 06:31:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123978

Details: https://nvd.nist.gov/vuln/detail/CVE-2012-5825

The Debian bugtracker[1] indicated that the issue is tracked by
upstream in github[2] (with a difference CVE ID, but same issue),
where the vulnerability was confirmed. Later in the same github issue
the solution is confirmed: the project switched to use the requests
library, which doesn't suffer from this vulnerability.

Due to this mark the CVE as patched.

[1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692444
[2]: https://github.com/tweepy/tweepy/issues/279

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3ee544e7591b36a49550a263a0ec4d64b5e490e8)

Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-python/recipes-devtools/python/python3-twitter_4.8.0.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-python/recipes-devtools/python/python3-twitter_4.8.0.bb b/meta-python/recipes-devtools/python/python3-twitter_4.8.0.bb
index 247b4e5840..0b174684a9 100644
--- a/meta-python/recipes-devtools/python/python3-twitter_4.8.0.bb
+++ b/meta-python/recipes-devtools/python/python3-twitter_4.8.0.bb
@@ -16,3 +16,6 @@ RDEPENDS:${PN} += "\
     ${PYTHON_PN}-requests \
     ${PYTHON_PN}-six \
 "
+
+# fixed-version: The vulnerability has been fixed since v3.1.0
+CVE_CHECK_IGNORE += "CVE-2012-5825"

From patchwork Thu Jan 29 06:31:26 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 79954
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 05385D358CA
	for <webhook@archiver.kernel.org>; Thu, 29 Jan 2026 06:31:35 +0000 (UTC)
Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com
 [209.85.128.41])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.9526.1769668293308249596
 for <openembedded-devel@lists.openembedded.org>;
 Wed, 28 Jan 2026 22:31:33 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=YnEvlo7t;
 spf=pass (domain: gmail.com, ip: 209.85.128.41,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f41.google.com with SMTP id
 5b1f17b1804b1-480706554beso5896885e9.1
        for <openembedded-devel@lists.openembedded.org>;
 Wed, 28 Jan 2026 22:31:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769668292; x=1770273092;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=DVvZC7+HSyJwMp/FulJbNUeitObRYUW8f1dU/6bbh6g=;
        b=YnEvlo7tvGHZNZE1MpszQkF5e9sO7lGa0RLR4H021fwxL6Qsmch3ItXXB22CtG4bif
         7vdWhmSr31ool0TpAcI4bBvknjs5ZTLQQJ8AvmAVtlzfvH+TBKiHO6+t/Rvh4oKArR9t
         e9enu2HqJHsJAyd58xJF2vWCkrF8DqEaiCEIuq4Rv93OuiEcDG11MzRvbvddl88sicNe
         tjww8xcvP2KLsnqo2tsuRqrg9eUKdpRYWjpuIOk7l+cOXMLxem27UK630zwI4xZVq5cI
         vMa/qZdvU0vIubsIgZWNGMIeWnYgqyubPfFHPwXfYFl+qhIWuzrFKaUeFW/FyBSB//c/
         i8WA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769668292; x=1770273092;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=DVvZC7+HSyJwMp/FulJbNUeitObRYUW8f1dU/6bbh6g=;
        b=LejZGGIgRAqjEjls2Or1+CpLePk7i56hdYiQs60LBIbiRcQh8uVYzQm0g8VlDvJwXj
         agFcTGaR5Kl5LdtKXyBKEh/EgkT8DbwVtwh5hWb+dSAxVEZI7AA5fDmqx4cCSUAdQcIL
         RfjngPLHiHU3/0zjkGs8elskm1hP21tewZOhC4ewPB7sSgylTyBF+4LRUK9TiekW6DOM
         9vOikaDaRsEEbF0L6lQSBVqXABLq/DJjdRW1hepVRZkLVL1tKVvG7NQuFfZMr5rqcIQa
         Yl28FP81OShTm1v9w6Nj4IXrhZ6c9b6iAAYEPYtll3owxb76J3rJp0pJvb4w1tYDy9gH
         uSGw==
X-Gm-Message-State: AOJu0YwNWoCnp8ZC7FRnzkDfuyNQVachOXx4QFEC7bNvX7hP0iZVXIzE
	uzK3QqbyFJS8wJNO0Y/OaI8P7H47yxyx7GuKueCz7uOOqcLJ8XlPRXIVPomWTg==
X-Gm-Gg: AZuq6aLe0mRqLyISQ6Zw7EO7js9/+Q6sZnr0e8RevZx67+NvPvKGmHsiVddTpBdGodn
	LRiR+pCsgFM9Slve397hF1wTXLLGst3mHau0GKv6u1EJfXZ5r+QrLSncWP8bO/J2Llnh4i/K06x
	mPFcLo3ha0RLllA/wGnUT57d1YCXaeHm1S6XMAk0SybbXwPJlwhgVTRUX6jtVzFuwhUc5UyhQh1
	IqkdoSc+ajw8/xje64xzv/kZaY0iaZkKm31vReue8jSs1RntROf5k8IGti+YrbVmP/B1O1b4KYB
	BGgKRShONyzMi8LHzik7ZoNT9Getd+6XuVG7iKLB7htJCianyz3sGCT1q7MVKLKlicXxrr2A2Ya
	3lXcUzYD8PifrPcA3QZyVdwlT4WIq2w702HF7rAFwzU2JKVnOXHLS5Aipat/KQCHJvHr+n2itM/
	Sm6mhVHvKLeH7tk8/kri8=
X-Received: by 2002:a05:600c:3f0b:b0:47e:e20e:bbb2 with SMTP id
 5b1f17b1804b1-48069c0e198mr100870735e9.7.1769668291501;
        Wed, 28 Jan 2026 22:31:31 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4806ce4c3d1sm110750835e9.9.2026.01.28.22.31.30
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 28 Jan 2026 22:31:31 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][kirkstone][PATCH 2/5] gpsd: patch CVE-2025-67268
Date: Thu, 29 Jan 2026 07:31:26 +0100
Message-ID: <20260129063129.223926-2-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260129063129.223926-1-skandigraun@gmail.com>
References: <20260129063129.223926-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Thu, 29 Jan 2026 06:31:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123979

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-67268

Pick the patch that is referenced by the NVD advisory.

The original commit also contains a lot of commenting style
changes (// vs /* */) and whitespace changes which were removed from
the backport.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../gpsd/gpsd/CVE-2025-67268.patch            | 97 +++++++++++++++++++
 .../recipes-navigation/gpsd/gpsd_3.23.1.bb    |  1 +
 2 files changed, 98 insertions(+)
 create mode 100644 meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67268.patch

diff --git a/meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67268.patch b/meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67268.patch
new file mode 100644
index 0000000000..50dabf89d3
--- /dev/null
+++ b/meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67268.patch
@@ -0,0 +1,97 @@
+From b3abe9d49d8fcc3f824d74a5c2cdcc30838f5904 Mon Sep 17 00:00:00 2001
+From: "Gary E. Miller" <gem@rellim.com>
+Date: Tue, 2 Dec 2025 19:36:04 -0800
+Subject: [PATCH] drivers/driver_nmea2000.c: Fix issue 356, skyview buffer
+ overrun.
+
+CVE: CVE-2025-67268
+Upstream-Status: Backport [https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ drivers/driver_nmea2000.c | 123 ++++++++++++++++++++++----------------
+ 1 file changed, 71 insertions(+), 52 deletions(-)
+
+diff --git a/drivers/driver_nmea2000.c b/drivers/driver_nmea2000.c
+index 66959f0..70462b3 100644
+--- a/drivers/driver_nmea2000.c
++++ b/drivers/driver_nmea2000.c
+@@ -89,14 +89,14 @@ static int scale_int(int32_t var, const int64_t factor)
+ static void print_data(struct gps_context_t *context,
+                        unsigned char *buffer, int len, PGN *pgn)
+ {
+-    if ((libgps_debuglevel >= LOG_IO) != 0) {
+-        int   l1, l2, ptr;
++    if (LOG_IO <= libgps_debuglevel) {
++        int   l1;
+         char  bu[128];
+ 
+-        ptr = 0;
+-        l2 = sprintf(&bu[ptr], "got data:%6u:%3d: ", pgn->pgn, len);
++        int ptr = 0;
++        int l2 = sprintf(&bu[ptr], "got data:%6u:%3d: ", pgn->pgn, len);
+         ptr += l2;
+-        for (l1=0;l1<len;l1++) {
++        for (l1 = 0; l1 < len; l1++) {
+             if (((l1 % 20) == 0) && (l1 != 0)) {
+                 GPSD_LOG(LOG_IO, &context->errout, "%s\n", bu);
+                 ptr = 0;
+@@ -434,6 +434,7 @@ static gps_mask_t hnd_129540(unsigned char *bu, int len, PGN *pgn,
+                              struct gps_device_t *session)
+ {
+     int         l1;
++    int         expected_len;
+ 
+     print_data(session->context, bu, len, pgn);
+     GPSD_LOG(LOG_DATA, &session->context->errout,
+@@ -441,24 +442,39 @@ static gps_mask_t hnd_129540(unsigned char *bu, int len, PGN *pgn,
+ 
+     session->driver.nmea2000.sid[2]           = bu[0];
+     session->gpsdata.satellites_visible       = (int)bu[2];
++    if (MAXCHANNELS <= session->gpsdata.satellites_visible) {
++        // Handle a CVE for overrunning skyview[]
++        GPSD_LOG(LOG_WARN, &session->context->errout,
++                 "pgn %6d(%3d): Too many sats %d\n",
++                 pgn->pgn, session->driver.nmea2000.unit,
++                 session->gpsdata.satellites_visible);
++        session->gpsdata.satellites_visible = MAXCHANNELS;
++    }
++    expected_len = 3 + (12 * session->gpsdata.satellites_visible);
++    if (len != expected_len) {
++        GPSD_LOG(LOG_WARN, &session->context->errout,
++                 "pgn %6d(%3d): wrong  length %d s/b %d\n",
++                 pgn->pgn, session->driver.nmea2000.unit,
++                 len, expected_len);
++        return 0;
++    }
+ 
+     memset(session->gpsdata.skyview, '\0', sizeof(session->gpsdata.skyview));
+-    for (l1=0;l1<session->gpsdata.satellites_visible;l1++) {
+-        int    svt;
+-        double azi, elev, snr;
+-
+-        elev  = getles16(bu, 3+12*l1+1) * 1e-4 * RAD_2_DEG;
+-        azi   = getleu16(bu, 3+12*l1+3) * 1e-4 * RAD_2_DEG;
+-        snr   = getles16(bu, 3+12*l1+5) * 1e-2;
++    for (l1 = 0; l1 < session->gpsdata.satellites_visible; l1++) {
++        int offset = 3 + (12 * l1);
++        double elev  = getles16(bu, offset + 1) * 1e-4 * RAD_2_DEG;
++        double azi   = getleu16(bu, offset + 3) * 1e-4 * RAD_2_DEG;
++        double snr   = getles16(bu, offset + 5) * 1e-2;
+ 
+-        svt   = (int)(bu[3+12*l1+11] & 0x0f);
++        int svt   = (int)(bu[offset + 11] & 0x0f);
+ 
+-        session->gpsdata.skyview[l1].elevation  = (short) (round(elev));
+-        session->gpsdata.skyview[l1].azimuth    = (short) (round(azi));
++        session->gpsdata.skyview[l1].elevation  = elev;
++        session->gpsdata.skyview[l1].azimuth    = azi;
+         session->gpsdata.skyview[l1].ss         = snr;
+-        session->gpsdata.skyview[l1].PRN        = (short)bu[3+12*l1+0];
++        session->gpsdata.skyview[l1].PRN        = (int16_t)bu[offset];
+         session->gpsdata.skyview[l1].used = false;
+-        if ((svt == 2) || (svt == 5)) {
++        if ((2 == svt) ||
++            (5 == svt)) {
+             session->gpsdata.skyview[l1].used = true;
+         }
+     }
diff --git a/meta-oe/recipes-navigation/gpsd/gpsd_3.23.1.bb b/meta-oe/recipes-navigation/gpsd/gpsd_3.23.1.bb
index 410db92bd0..87c70d3683 100644
--- a/meta-oe/recipes-navigation/gpsd/gpsd_3.23.1.bb
+++ b/meta-oe/recipes-navigation/gpsd/gpsd_3.23.1.bb
@@ -7,6 +7,7 @@ PROVIDES = "virtual/gpsd"
 
 SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.gz \
            file://gpsd.init \
+           file://CVE-2025-67268.patch \
            "
 SRC_URI[sha256sum] = "0b991ce9a46538c4ea450f7a8ee428ff44fb4f8d665fddf2ffe40fe0ae9a6c09"
 

From patchwork Thu Jan 29 06:31:27 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 79953
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 06108D358CB
	for <webhook@archiver.kernel.org>; Thu, 29 Jan 2026 06:31:35 +0000 (UTC)
Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com
 [209.85.128.48])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.9717.1769668293856137345
 for <openembedded-devel@lists.openembedded.org>;
 Wed, 28 Jan 2026 22:31:34 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=NHyEpXl8;
 spf=pass (domain: gmail.com, ip: 209.85.128.48,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f48.google.com with SMTP id
 5b1f17b1804b1-4805ef35864so4365695e9.0
        for <openembedded-devel@lists.openembedded.org>;
 Wed, 28 Jan 2026 22:31:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769668292; x=1770273092;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=q8L+UUeE08Tqrfmd30T8g0e1PtfTUYey/nC+f41WlVE=;
        b=NHyEpXl89lEHT6QHiA+GWUcZpCItiOHgF1j0JquOQINg1GxC5biKUpRonfXqdLvTnt
         cQ6Gtx0XT/gYKERECbfGFp3CVUmyYAwHxJ9m6e5+fDHNZRcDbrydeH9HsOIMwAxUCdFl
         30ga2rn3/x01UzDCYAQAzUoTmNC0qTiIdGONDvC2+XRW5CvznhdE8UjjeaBUeXkqK0LS
         aiw6BBKGMWj8iTs8oH37GUjo9RPtQEYeO+BIuIY2Mf8DK04xKIWRBt/SjeG36hv93zLd
         zLf5ggIN+7VoCbDkeyK7/210RDKGowYjB3mZv0y3GhOtVO/D8xtRu/X8qdqQ29ZuVNEK
         1Rvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769668292; x=1770273092;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=q8L+UUeE08Tqrfmd30T8g0e1PtfTUYey/nC+f41WlVE=;
        b=lKvoT9o7bq65hc0avnLBYpewKGSmT/u8Pz4wL+YVBI7Ha5UZC7RDU2+vFPZur/O3aQ
         utxwOIBndeePh2E6tyqRfKAFiMw8HHdHNWoMs4hPSGRXs5NzZJih5rsgP5UA6l07j9qc
         kFvkaXr+ANlNq3Otxc0nUTP7xZ9jcUWCGBmUYREOM13yFurc8nyh3kPTpjvDi8zznADP
         7QJLsZdTKpH1LKBj5nkxm+cMdLK/PhV1l7dr6dC5w2IGAyESLR1w8cCFHYCMbvuQ1zPk
         nMUQxq58pVU3SpXfkeSr5UZLMwNV9OwioaDFIEjGN5mcjIlTHzK+nTrcCWizfGZLQRzZ
         5i8A==
X-Gm-Message-State: AOJu0Yy3EZV46W7lRMNq1WOeRRra3la3URC5VLZbabSl6PAXuIFmc8r6
	AXrZV+alZkqCb0hz3pyVqxWDrLNTxb8Pcza+cWQCIwo4px4Ow+kTVJw6UrcYHw==
X-Gm-Gg: AZuq6aK1PyJqiP0B+muSMTbP4GRFWPiBkE/6YVO2CSGLPmDBi2ejnqSHiVrn0s81y7N
	TzP8ObPV2bGEk8NK9lM9vW2TYom+SQ8sZP1RWnbbKZHXXE5Od8UJY+tFqzCejlnnlSCmLBhElqa
	UtUAaUS6OzYPmBFWuBUiu6ygogyE4N/D30Sqz4dc2qfdcOAr07taF3uP0NRIipfly+4HumLxA/3
	3AYJSylXy5oahXemzex/o6tKaSdHU7uovGBQC4uxjoSC3WqCIbOkt3qncSzcwaJ/uSI/W4Ci9sN
	99ndr+E3XOk0g24n1rcnxzQXwruvMNhOnABoACTvryiVHM7xToDwQ0l4CBI+xQWA8pknx1DTMBx
	6WQLaljEkqndumAyiYSs52ZkdLYtGteXBwXxDNktK1/rMDXooCmoTvNKTqwaTbUhMhjcUpvAXcA
	x1QIv2hyc6
X-Received: by 2002:a05:600c:450b:b0:477:a1a2:d829 with SMTP id
 5b1f17b1804b1-48069c0e6bcmr88790745e9.13.1769668292143;
        Wed, 28 Jan 2026 22:31:32 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4806ce4c3d1sm110750835e9.9.2026.01.28.22.31.31
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 28 Jan 2026 22:31:31 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-gnome][kirkstone][PATCH 3/5] gnome-settings-daemon: ignore
 CVE-2024-38394
Date: Thu, 29 Jan 2026 07:31:27 +0100
Message-ID: <20260129063129.223926-3-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260129063129.223926-1-skandigraun@gmail.com>
References: <20260129063129.223926-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Thu, 29 Jan 2026 06:31:34 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123980

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-38394

The CVE has the disputed flag. The project maintainers claim that the issue
is not in gnome-setttings-daemon. If the vulnerability needs to be handled
in gnome-settings-daemon, than it is a new feature rather than a vulnerability fix.

Due to this, ignore this CVE.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../gnome-settings-daemon/gnome-settings-daemon_42.2.bb        | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_42.2.bb b/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_42.2.bb
index 45622490f0..4617340b06 100644
--- a/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_42.2.bb
+++ b/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_42.2.bb
@@ -44,3 +44,6 @@ FILES:${PN} += " \
     ${systemd_user_unitdir} \
     ${libdir}/gnome-settings-daemon-42/libgsd.so \
 "
+
+# mitigation would be a new feature, not a CVE
+CVE_CHECK_IGNORE += "CVE-2024-38394"

From patchwork Thu Jan 29 06:31:28 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 79956
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 12438D358CE
	for <webhook@archiver.kernel.org>; Thu, 29 Jan 2026 06:31:35 +0000 (UTC)
Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com
 [209.85.128.47])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.9718.1769668294424913246
 for <openembedded-devel@lists.openembedded.org>;
 Wed, 28 Jan 2026 22:31:34 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=F3bf6ssI;
 spf=pass (domain: gmail.com, ip: 209.85.128.47,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f47.google.com with SMTP id
 5b1f17b1804b1-47ee3a63300so6015025e9.2
        for <openembedded-devel@lists.openembedded.org>;
 Wed, 28 Jan 2026 22:31:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769668293; x=1770273093;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=g/6If6+il8ZFL9oh1Ewjp/CwzJqGaEN4xldkTs/im7Q=;
        b=F3bf6ssIStrZ/UqZVqzYprBOhqo2ZlMinRzImLp1PbPc4B9SU22flWhZDrk3OwbIEM
         l+h+yCY32fKCuB+sHync1Etv3VIEvy8niCa7Jy9ve1trrZ24P22D3NllPa1mi6zmoIsZ
         9xmmF6axtiliidU3UTnV9bGQP4wfWhrUcvWhsAfVdbYlTosLLV0/C07VPJTdgalR180q
         A2u8ax9EkCCwBCe7MmVQZSSSVqmjqUJEeB4pBO+UC3itfNgxYb9LvI2I/Br1XZacL0/s
         WKVNfnjg2rYOl0gN5Ds2Usa5KQhWvkMNjIVmfqJBBMMRjmCdsjfHvSQNe8mHxmKoRfak
         ijew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769668293; x=1770273093;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=g/6If6+il8ZFL9oh1Ewjp/CwzJqGaEN4xldkTs/im7Q=;
        b=tT5iwZzUWWj9ihopMhUpebCbQmcTJ9xEisGwCMY27+Xg5iROEvboHT1v7185uy1q7+
         rvlG2RRrZb3pjj85OeqkhkxDD0RpXwtynUb4NcFkQmxrkhyMRIjRc2WZ7fWMawPEiQg+
         fqRwqGkSRLfMCofjgLNhdm4ogtDJxIzYarYQWKTPLNWCHLbuZa59U2XlNKrczFkBgzw4
         lH5pBAyqHxbBiOLSfngwOapYcZh49tJXF32sDy0kTrChOeTMVCRfrtzpBH6Lis5ZuJnd
         kVHYsUC3dRm3ReS4ycVlainG79BO/sNrvcL6FAe/bRyYyfCdoUzPhGXXIJfjgZm3tgNY
         TW3A==
X-Gm-Message-State: AOJu0YxpGYbZxa3YtAhVaNRDt0tC35EIQwpMEMAq0KKxhShxW6izGFpw
	XJ0piTABd4P9IRU6dNnpWij9XvKpwPYAffkawMOhDlFx4FGPKKMU1CaL6E5/mw==
X-Gm-Gg: AZuq6aK+D92O0IE7TvS+vIVzuqJ0B/mWZ9AoNsaHJppHgiC8xhhjftdoy3rt9UGIqNR
	eH2R4xP2g3/PtyXngs1B9ClZRtTjKQGOc/BEQrskwPJiIt3iNSE225ze+UcCKwGoeXTj/q0igvA
	IwzCtGegZ2qZrsyzUqFlcVoxPztGOCHB36+EA4vhDL5GZoeIUrzByf74pXlbbvezPPnZ6rCkcji
	oWK7HmlkmXqRjVarahxDgZ/nu9Dwl2q0RuLMu0oyaA+zvWLG4QmAVsmsdhNbHFYxVcTGBAp6ELG
	qfUhAUHXN85PboLCXmcTnYYw3c04t0T60jCMkk0IDmp6EqbBZuquAwNTp2e6ZtAzjQm/GUZTeGC
	qIltnGtmdotVX17Wd8xEPODIgu/3alIvB3WCcnmOZmFP14OA460Ye3ygIpCTtXYX3a8lz1rJJ3S
	l9U2pXw2veG6nRqIXcgIQ=
X-Received: by 2002:a05:600c:a30c:b0:477:a36f:1a57 with SMTP id
 5b1f17b1804b1-4806beeb827mr66990035e9.3.1769668292743;
        Wed, 28 Jan 2026 22:31:32 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4806ce4c3d1sm110750835e9.9.2026.01.28.22.31.32
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 28 Jan 2026 22:31:32 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 4/5] frr: ignore CVE-2023-3748,
 CVE-2023-41359..61
Date: Thu, 29 Jan 2026 07:31:28 +0100
Message-ID: <20260129063129.223926-4-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260129063129.223926-1-skandigraun@gmail.com>
References: <20260129063129.223926-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Thu, 29 Jan 2026 06:31:35 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123981

Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3748
https://nvd.nist.gov/vuln/detail/CVE-2023-41359
https://nvd.nist.gov/vuln/detail/CVE-2023-41360
https://nvd.nist.gov/vuln/detail/CVE-2023-41361

Regarding CVE-2023-3748:
Based on Debian's investigation, the vulnerability was solved by [1].
However that vulnerable code that was fixed was introduced after the
recipe version, only in version 8.4.0[2].

Since the recipe version isn't affected by this CVE, ignore it.

Regarding CVE-2023-41359:
The pull request[3] referenced by the NVD report references another pull
request[4] which was opened to backport the fix. The conversion on this
PR confirms that the vulnerable feature was introduced in 8.5.

Due to this, ignore this CVE.

Regarding CVE-2023-41360:
The vulnerable code was introduced[5] in version 8.4.0, and the
recipe version is not vulnerable.

Due to this ignore this CVE.

Regarding CVE-2023-41361:
The vulnerable code was introduced[6] in version 9.0 and the recipe
version is not vulnerable.

Due to this ignore this CVE.

[1]: https://github.com/FRRouting/frr/commit/0a95d121ca8e1f43d41d952d6c82d111ca850085
[2]: https://github.com/FRRouting/frr/commit/54a3e60b3ebd3621c4dd90b0b49e8e36e4e100d8
[3]: https://github.com/FRRouting/frr/pull/14232
[4]: https://github.com/FRRouting/frr/pull/15927
[5]: https://github.com/FRRouting/frr/commit/f1aa49293a4a8302b70989aaa9ceb715385c3a7e
[6]: https://github.com/FRRouting/frr/commit/234f6fd4f4804bb17bd8cbb1dd91994a914f38d2

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-networking/recipes-protocols/frr/frr_8.2.2.bb | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
index f8a3404e9b..a30c05b563 100644
--- a/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
+++ b/meta-networking/recipes-protocols/frr/frr_8.2.2.bb
@@ -42,6 +42,15 @@ SRCREV = "79188bf710e92acf42fb5b9b0a2e9593a5ee9b05"
 
 CVE_PRODUCT = "frrouting"
 
+# the vulnerability was introduced in v8.4.0
+CVE_CHECK_IGNORE += "CVE-2023-3748 CVE-2023-41360"
+
+# the vulnerability did not exist until 8.5
+CVE_CHECK_IGNORE += "CVE-2023-41359"
+
+# the vulnerability was introduced in 9.0
+CVE_CHECK_IGNORE += "CVE-2023-41361"
+
 S = "${WORKDIR}/git"
 
 # Due to libyang not supported on these arches:

From patchwork Thu Jan 29 06:31:29 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 79957
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E48FCD358CB
	for <webhook@archiver.kernel.org>; Thu, 29 Jan 2026 06:31:44 +0000 (UTC)
Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com
 [209.85.128.65])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.9719.1769668296155037209
 for <openembedded-devel@lists.openembedded.org>;
 Wed, 28 Jan 2026 22:31:36 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=GlaXXlqk;
 spf=pass (domain: gmail.com, ip: 209.85.128.65,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f65.google.com with SMTP id
 5b1f17b1804b1-4801bc32725so4124695e9.0
        for <openembedded-devel@lists.openembedded.org>;
 Wed, 28 Jan 2026 22:31:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769668294; x=1770273094;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=UZ0jR4DGin5cRKW53pEz2i/xSP5Ws+adS+nQVxBfYgs=;
        b=GlaXXlqkrjBME/gY4eFtkvTGN9USqMzNnrYHanJlvrDrcOOEaS7qea/NoayKiuqcV6
         2ZG3WBUzhrvyHrkskwfhao6cDsSGAzRzdrg2faw0eJ62BMXkL6aZqWP15gbXza9e8Kr+
         HCupkk+5Dm01Q4IaBwrF75eKVxuNu8wbhAsmydeK3QU4wbfnJ0ffBfCXDRA8rZuzdaxT
         MQ8banMaGNF9iR7qLIWzTs43Yo9kAVAji4gpxMDL/gfQ1vaM0/CEhYBOPQWybMiDjHRf
         F999YqKcy1ronAY/C7mj1/cc3Jh51sSnbvwZ7borEfuDbebGzhACYwN90FaIlth4ut1V
         vcaQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769668294; x=1770273094;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=UZ0jR4DGin5cRKW53pEz2i/xSP5Ws+adS+nQVxBfYgs=;
        b=ItzQuW88OvcL4hyzWHzNU6YXLtNcoiPJ9AwQvrVheyemFyWpA+qJjsY/cnItTj/YjX
         awU2FgKRw9xF4JKRoJaoREo0/U6KdtYM04rMjECygfZhMuH+kDieNFrrS70JcPyZtB/P
         1b+kSh+GC0brWlTXS50kbuYvAbr8B2+DGcIsyFy6cU0vjcJ5UhbYW0xrXt9nZ4Kq77py
         WGPlKdXVyESU5vDebyWKX+dFBkRXjgN0loFEGquKOA9lV24598nsOPL/rDLGGM4jpmgF
         FSBk+FYrFXGhralz0j/1nmRFIDxnoyLtfzOToWcpxyc36hVi7Mp02VXrohUaCVKp4hM4
         OWaQ==
X-Gm-Message-State: AOJu0Yw4v61YCR/9hcSUu1Q7UW6znV9hpw6ENY34/awPKzXBFkhk01Rt
	z1+45VDuJxJWNU+PeJMbXR7KLXsfcVfmm3dnigMECT19ReCg7lpra7Z9LxkUoY5Z
X-Gm-Gg: AZuq6aJjeSbWF2iIzukC5x5+k+ANccXBc/huqS1mvujYm0WQzl5KFYQTWT3gU9oJ6RY
	uvS0PN8KLDVrD8dQq2VNDoKvO3UitavAwSM1adeafnGAp6gI2rNv/YJRV2AEFlGHFLC3G3N+VZp
	AxVxRUEUCTNuuGNI1dRvEM181lnTyfvT2KIlhvcvsP45G+0oCay2XIKcVzE+wg/9oFD5FHnidvb
	Wcd6YXyyRH0kAoz92OL6RmIZsLFGQr6q+FKjNP+JdGMs7LLTauoCr5ACvETiEBHqiyinXEt6Pk4
	9LdFwTXUz5d7D5NBSwVdtQVOGOn3nkP25akWbmaHsw46uVkX8hEmZKHbEClUuKzs2+rwCAXiZbJ
	M3ywYYHj2D6PHWyUfR1QpmYV/0TYr3uyILcFtscwzluLk+MDbMTIMFfddW1oo1JKp/78nd/5ZHJ
	39peCXBfEd
X-Received: by 2002:a05:600c:524c:b0:477:b0b9:312a with SMTP id
 5b1f17b1804b1-48069c2c45amr107640925e9.7.1769668294358;
        Wed, 28 Jan 2026 22:31:34 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-4806ce4c3d1sm110750835e9.9.2026.01.28.22.31.32
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 28 Jan 2026 22:31:34 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][kirkstone][PATCH 5/5] libass: patch CVE-2020-24994
Date: Thu, 29 Jan 2026 07:31:29 +0100
Message-ID: <20260129063129.223926-5-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260129063129.223926-1-skandigraun@gmail.com>
References: <20260129063129.223926-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Thu, 29 Jan 2026 06:31:44 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123982

Details: https://nvd.nist.gov/vuln/detail/CVE-2020-24994

Backport the commit that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../libass/libass/CVE-2020-24994.patch        | 48 +++++++++++++++++++
 .../libass/libass_0.14.0.bb                   |  4 +-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-multimedia/libass/libass/CVE-2020-24994.patch

diff --git a/meta-oe/recipes-multimedia/libass/libass/CVE-2020-24994.patch b/meta-oe/recipes-multimedia/libass/libass/CVE-2020-24994.patch
new file mode 100644
index 0000000000..b0fc9297d8
--- /dev/null
+++ b/meta-oe/recipes-multimedia/libass/libass/CVE-2020-24994.patch
@@ -0,0 +1,48 @@
+From 99eaa60314c4e28c2f0c295e165daf22c5601cc3 Mon Sep 17 00:00:00 2001
+From: Oleg Oshmyan <chortos@inbox.lv>
+Date: Thu, 4 Jan 2018 02:42:09 +0200
+Subject: [PATCH] parse_tags: don't recurse for nested \t()
+
+This fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4892
+(stack overflow on deeply nested \t()).
+
+This is possible because parentheses do not nest and the first ')'
+terminates the whole tag. Thus something like \t(\t(\t(\t(\t() can be
+read in a simple loop with no recursion required. Recursion is also
+not required if the ')' is missing entirely and the outermost \t(...
+never ends.
+
+See https://github.com/libass/libass/pull/296 for more backstory.
+
+CVE: CVE-2020-24994
+Upstream-Status: Backport [https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libass/ass_parse.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/libass/ass_parse.c b/libass/ass_parse.c
+index c83634a..991d1b6 100644
+--- a/libass/ass_parse.c
++++ b/libass/ass_parse.c
+@@ -650,8 +650,18 @@ char *parse_tag(ASS_Renderer *render_priv, char *p, char *end, double pwr)
+             k = pow(((double) (t - t1)) / delta_t, accel);
+         }
+         p = args[cnt].start;
+-        while (p < args[cnt].end)
+-            p = parse_tag(render_priv, p, args[cnt].end, k);    // maybe k*pwr ? no, specs forbid nested \t's
++        if (args[cnt].end < end) {
++            while (p < args[cnt].end)
++                p = parse_tag(render_priv, p, args[cnt].end, k);    // maybe k*pwr ? no, specs forbid nested \t's
++        } else {
++            assert(q == end);
++            // No other tags can possibly follow this \t tag,
++            // so we don't need to restore pwr after parsing \t.
++            // The recursive call is now essentially a tail call,
++            // so optimize it away.
++            pwr = k;
++            q = p;
++        }
+     } else if (complex_tag("clip")) {
+         if (nargs == 4) {
+             int x0, y0, x1, y1;
diff --git a/meta-oe/recipes-multimedia/libass/libass_0.14.0.bb b/meta-oe/recipes-multimedia/libass/libass_0.14.0.bb
index 0e62307363..f0579ba25f 100644
--- a/meta-oe/recipes-multimedia/libass/libass_0.14.0.bb
+++ b/meta-oe/recipes-multimedia/libass/libass_0.14.0.bb
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a42532a0684420bdb15556c3cdd49a75"
 
 DEPENDS = "enca fontconfig freetype libpng fribidi"
 
-SRC_URI = "git://github.com/libass/libass.git;branch=master;protocol=https"
+SRC_URI = "git://github.com/libass/libass.git;branch=master;protocol=https \
+           file://CVE-2020-24994.patch \
+           "
 SRCREV = "73284b676b12b47e17af2ef1b430527299e10c17"
 S = "${WORKDIR}/git"