From patchwork Fri Jan 30 07:06:17 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 80072
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EEA84D49C60
	for <webhook@archiver.kernel.org>; Fri, 30 Jan 2026 07:06:27 +0000 (UTC)
Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com
 [209.85.128.41])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.5560.1769756785040467839
 for <openembedded-devel@lists.openembedded.org>;
 Thu, 29 Jan 2026 23:06:25 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=RTwOJMGZ;
 spf=pass (domain: gmail.com, ip: 209.85.128.41,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f41.google.com with SMTP id
 5b1f17b1804b1-4806f3fc50bso17441575e9.0
        for <openembedded-devel@lists.openembedded.org>;
 Thu, 29 Jan 2026 23:06:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769756783; x=1770361583;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=JH1QP2kkwYwHna2dvRg5sO9PorcPAh7NavFwI4uuGQE=;
        b=RTwOJMGZ9Sl7Cn13nn2TQXcuDAHjkQ2Q1mL5RVnD6oQEnKj6fjXxEBFObt0sGdxsc1
         yTLRfO7oMaaV56SylLjB3jgCZxEW/s0PmbWYjxbTmj136KM8GmVIuWb04JG832CCYV07
         1kACiie7epVXvJfKGjJh8rjJTb95Ru+5JSgRX+WKNheVvvrW6odoL3Neli2kvEX/jHky
         BCyoaIvKMU1SycJUVdI9Fr9SOReD5Kw18UJ9j4cnD4mle6tO6d3A3r79YP27Tqy5z7jZ
         JVomldHAwfDxiEzUXmF3kjBdwEbfxBBqNsbMj7diutM/9W773pjMosYzN+mJ62v5giGb
         iphg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769756783; x=1770361583;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=JH1QP2kkwYwHna2dvRg5sO9PorcPAh7NavFwI4uuGQE=;
        b=BVZV2smySJEp0QHyY+LTdx03U0WkrX8PYByt2S7zz65KOIZKXJh8wm8m9WiDDmJNks
         TPLS4q1IGpIWc5VDZDsJ4VgvlyvIoaIJE+r2FzQ58CELj/JTOVP3FKb+0Ew0/AtfIC6t
         9IsP6NCXAOEdLttY0olxo5SkC57IAkMxD/yRZR8CSERu6Rg8n0sdZzgrUxFw+SY8kNYT
         vFIryGxgwdNJ54hA/knzQHS1o5donrPicF41S5IPmX3kc7fruc+JNkdVUdmIwhAsJJfI
         XzvrX1qrSueZE84XcLTCXjyKl+4OvFLOn473NA9PgKbGTZrMxaqec7FfOhsnvymKWvh7
         FQ1Q==
X-Gm-Message-State: AOJu0Yx5DR9BzUnl0TomZx+slTulb/F2BdN9Q0FXuV/IVXJhOuLZypD/
	Fo/8FrPh1n5NqHoOclg/f4WW/zSWPnptYFE0DuJ2AzeVDkbDVBTlaJ7gKUnTNw==
X-Gm-Gg: AZuq6aI3dhrHamOjPNXrUwLnjRp2A0KYuMIlpceyoKxnK9iiDoYIsbu9WA5cDWGA5NU
	tOeBqyiO0E7d6TketE73bxfl0qlFgcAA4U+2PSweaTAF9BpZnN1inm12URuu3/n6OIkxaTZG3U+
	ZMTLfTQG3kx4YOsaYTQ3r8TC+A8IyXUVhJUk2bjHY7KOX+kSwxUU0/DIOpR7Brc2PXusk3NPqyD
	98YCMzH4FXHqVOf5KhrMGxnQYmLlxNGhlXALnjzY6GHy5npSs9Hm3BdUPA63QFr/0kyC0MkxcIc
	E0Jj67PqJpEHoZy0VGG3omPNWVES6E08+FDZMB5WDrs0Gf76Jk88yXIu1cAUKwLo3l46FpyKVIL
	9lrmGtjNfVezNBO4NWPrlCsmYH4BggF8zWbV2BfK3z0TuWgZ1qSTjJyAliQYGLZgYzahZzYf4y+
	B6gvtchhxc
X-Received: by 2002:a05:600c:64c6:b0:477:5ad9:6df1 with SMTP id
 5b1f17b1804b1-482db4593a1mr19092295e9.3.1769756783100;
        Thu, 29 Jan 2026 23:06:23 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-48066be7404sm280057445e9.1.2026.01.29.23.06.22
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 29 Jan 2026 23:06:22 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][kirkstone][PATCH 1/5] python3-pymongo: upgrade 4.1.0 ->
 4.1.1
Date: Fri, 30 Jan 2026 08:06:17 +0100
Message-ID: <20260130070621.3171877-1-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 30 Jan 2026 07:06:27 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123997

Changelog:
- Fixed a memory leak bug when calling decode_all() without a
  codec_options argument.
- Fixed a bug where decode_all() did not accept codec_options
  as a keyword argument.
- Fixed an oversight where type markers (py.typed files) were
  not included in our release distributions.
- Fixed a bug where pymongo would raise a “NameError: name sys
  is not defined” exception when attempting to parse a
  “mongodb+srv://” URI when the dnspython dependency was not
  installed.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../{python3-pymongo_4.1.0.bb => python3-pymongo_4.1.1.bb}      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-pymongo_4.1.0.bb => python3-pymongo_4.1.1.bb} (91%)

diff --git a/meta-python/recipes-devtools/python/python3-pymongo_4.1.0.bb b/meta-python/recipes-devtools/python/python3-pymongo_4.1.1.bb
similarity index 91%
rename from meta-python/recipes-devtools/python/python3-pymongo_4.1.0.bb
rename to meta-python/recipes-devtools/python/python3-pymongo_4.1.1.bb
index d47dfec50f..7bde4ff681 100644
--- a/meta-python/recipes-devtools/python/python3-pymongo_4.1.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pymongo_4.1.1.bb
@@ -8,7 +8,7 @@ HOMEPAGE = "http://github.com/mongodb/mongo-python-driver"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 
-SRC_URI[sha256sum] = "dbba77bc0b706c7ee496fc75a6c6ed406d85f6091d5fec488a8944c3828e6462"
+SRC_URI[sha256sum] = "d7b8f25c9b0043cbaf77b8b895814e33e7a3c807a097377c07e1bd49946030d5"
 
 inherit pypi setuptools3
 

From patchwork Fri Jan 30 07:06:18 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 80073
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EDAA9E63C8C
	for <webhook@archiver.kernel.org>; Fri, 30 Jan 2026 07:06:27 +0000 (UTC)
Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com
 [209.85.128.51])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.5534.1769756785534464536
 for <openembedded-devel@lists.openembedded.org>;
 Thu, 29 Jan 2026 23:06:25 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=Du3kJqj/;
 spf=pass (domain: gmail.com, ip: 209.85.128.51,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f51.google.com with SMTP id
 5b1f17b1804b1-4806dffc64cso13240555e9.1
        for <openembedded-devel@lists.openembedded.org>;
 Thu, 29 Jan 2026 23:06:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769756784; x=1770361584;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=x3Jn/uAJlZzS8Kx0emSa1VtCqcnxBkML4HRadlwerQI=;
        b=Du3kJqj/Q+o5fw20QnMSVAm98KCxthmlLy03yBwEugEOFxQMGu5bCrTeSmX8v92sst
         pvFg4Dd1j+mOaL02vYi9XUnGVprQupDnmU42ZxrpHHhoreU7TZMIVckC6Ff/RoBK73UA
         oCrLV9sNCXZdD4m2z/KiPyBMh9kmK2INgx0cyC8HKBKZ30Qml0Q9rrJKuDC0LbBIO5GS
         8soIEIAmJl7zpJqBHpsO3jZJgyE8bg32KPInkauQEroe+7dluRqwTaBIFAREr47bkusW
         6ua4QzYuB2LSFC0PgFgER++pY0X0TMOm/PSwDNoNwp6ekT+xbFRfIsSXv0aqAbX5720F
         yBHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769756784; x=1770361584;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=x3Jn/uAJlZzS8Kx0emSa1VtCqcnxBkML4HRadlwerQI=;
        b=AsSgYBhOja0PVSkUfJlL73FyQiUhjNQEa4/iZb+CSngQOfkrHKFK9Fth13cYWWXUGe
         MM+v0Y3ix2iBrVJwTUFrh42sSJy3f5bg/hosnKVfF1/GFJMyX6M/ryAHRuyJvemHEvTl
         8u2RwWWoPvCxBcmEaHfhli0mPNl+Xt4M8wMIen8EfZKZhTT3TldmaTrFbB8MISaIl/P1
         PXGtS2APZ4yH9zHkaIAfUlCiAFI6cBPpcwMZbYLL0Lt8CLjQHTnMyMkzqrOv9G3dDRKe
         +2HS0ddRCYAY/glbhM621bUEve9LeZ20g+8wuKu30HKHhTNjw25lUPDt/aGDs4URK9lo
         FqNA==
X-Gm-Message-State: AOJu0Ywo1q1vNUS1B7cQzCasciSRir4ZbVd9P290GJs0xGeZG4DhWxpW
	cIQrtxsEXM6t9HCmNk7n/sARjnwomO5zY4LJBFdGLLMN4CoOd4iTnJoIdsachg==
X-Gm-Gg: AZuq6aLvfObTeIGXx+HBwjJDhofR2hs6aYJ6FV0/ja2YsEOnbwCtiE2BHrUZYXEeRDV
	lSC9iSEadsqxIHqEsWLWtXu3VPLQL5fzf0oZwOgSmpYjRQsmuQTTTIZ08b6xHg0lIOep8KCRq13
	6ZZ6mi3JiR1kv+7x+JZZFJFj4hBlgLKzgz+aBY74R8cbBhrHNp19w2LtamHtXjj2Wy4LK+mMeCG
	FLmJQwmz1USdooRnhkPdoOjEOsYQID3RgvYX/QzObyaB72Put/A6m2XrN4uN/szN6vo5l2OeRS+
	6qHery++eJZZwJBmcFrx34VAxRNdXZzrbmQFYAReLL4y0VbSe+dRKVJ3fkPJ1TVLlI6sbrusFu0
	dach64HTceApO5qFEh2kYTQWJ1lzlY+DZpc6jF0oCV2kR41cGBdf/EGVR2t4qLjMdEJg06dfZz7
	P8Bu6eQ3It10V+fdRrU3A=
X-Received: by 2002:a05:600c:628d:b0:480:1c75:407c with SMTP id
 5b1f17b1804b1-482db4577f3mr20264365e9.2.1769756783812;
        Thu, 29 Jan 2026 23:06:23 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-48066be7404sm280057445e9.1.2026.01.29.23.06.23
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 29 Jan 2026 23:06:23 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][kirkstone][PATCH 2/5] python3-pymongo: patch
 CVE-2024-5629
Date: Fri, 30 Jan 2026 08:06:18 +0100
Message-ID: <20260130070621.3171877-2-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260130070621.3171877-1-skandigraun@gmail.com>
References: <20260130070621.3171877-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 30 Jan 2026 07:06:27 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123998

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-5629

Backport the patch that is indicated to solve the issue based on the
upstream project's Jira ticket[1] (which comes from the NVD report).

[1]: https://jira.mongodb.org/browse/PYTHON-4305

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../python3-pymongo/CVE-2024-5629.patch       | 49 +++++++++++++++++++
 .../python/python3-pymongo_4.1.1.bb           |  1 +
 2 files changed, 50 insertions(+)
 create mode 100644 meta-python/recipes-devtools/python/python3-pymongo/CVE-2024-5629.patch

diff --git a/meta-python/recipes-devtools/python/python3-pymongo/CVE-2024-5629.patch b/meta-python/recipes-devtools/python/python3-pymongo/CVE-2024-5629.patch
new file mode 100644
index 0000000000..0b0822a756
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pymongo/CVE-2024-5629.patch
@@ -0,0 +1,49 @@
+From a9454ae060fffa609cc02b129441679b7d248d8f Mon Sep 17 00:00:00 2001
+From: Shane Harvey <shnhrv@gmail.com>
+Date: Wed, 27 Mar 2024 16:51:23 -0700
+Subject: [PATCH] PYTHON-4305 Fix bson size check (#1564)
+
+CVE: CVE-2024-5629
+Upstream-Status: Backport [https://github.com/mongodb/mongo-python-driver/commit/372b5d68d5a57ccc43b33407cd23f0bc79d99283]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ bson/_cbsonmodule.c | 11 +++++------
+ 1 file changed, 5 insertions(+), 6 deletions(-)
+
+diff --git a/bson/_cbsonmodule.c b/bson/_cbsonmodule.c
+index 1a296db..73370e2 100644
+--- a/bson/_cbsonmodule.c
++++ b/bson/_cbsonmodule.c
+@@ -2052,6 +2052,7 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer,
+             uint32_t c_w_s_size;
+             uint32_t code_size;
+             uint32_t scope_size;
++            uint32_t len;
+             PyObject* code;
+             PyObject* scope;
+             PyObject* code_type;
+@@ -2071,7 +2072,8 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer,
+             memcpy(&code_size, buffer + *position, 4);
+             code_size = BSON_UINT32_FROM_LE(code_size);
+             /* code_w_scope length + code length + code + scope length */
+-            if (!code_size || max < code_size || max < 4 + 4 + code_size + 4) {
++            len = 4 + 4 + code_size + 4;
++            if (!code_size || max < code_size || max < len || len < code_size) {
+                 goto invalid;
+             }
+             *position += 4;
+@@ -2089,12 +2091,9 @@ static PyObject* get_value(PyObject* self, PyObject* name, const char* buffer,
+ 
+             memcpy(&scope_size, buffer + *position, 4);
+             scope_size = BSON_UINT32_FROM_LE(scope_size);
+-            if (scope_size < BSON_MIN_SIZE) {
+-                Py_DECREF(code);
+-                goto invalid;
+-            }
+             /* code length + code + scope length + scope */
+-            if ((4 + code_size + 4 + scope_size) != c_w_s_size) {
++            len = 4 + 4 + code_size + scope_size;
++            if (scope_size < BSON_MIN_SIZE || len != c_w_s_size || len < scope_size) {
+                 Py_DECREF(code);
+                 goto invalid;
+             }
diff --git a/meta-python/recipes-devtools/python/python3-pymongo_4.1.1.bb b/meta-python/recipes-devtools/python/python3-pymongo_4.1.1.bb
index 7bde4ff681..d26ea5d2e8 100644
--- a/meta-python/recipes-devtools/python/python3-pymongo_4.1.1.bb
+++ b/meta-python/recipes-devtools/python/python3-pymongo_4.1.1.bb
@@ -8,6 +8,7 @@ HOMEPAGE = "http://github.com/mongodb/mongo-python-driver"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
 
+SRC_URI += "file://CVE-2024-5629.patch"
 SRC_URI[sha256sum] = "d7b8f25c9b0043cbaf77b8b895814e33e7a3c807a097377c07e1bd49946030d5"
 
 inherit pypi setuptools3

From patchwork Fri Jan 30 07:06:19 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 80074
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 071C7D49C61
	for <webhook@archiver.kernel.org>; Fri, 30 Jan 2026 07:06:28 +0000 (UTC)
Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com
 [209.85.128.43])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.5535.1769756786495301682
 for <openembedded-devel@lists.openembedded.org>;
 Thu, 29 Jan 2026 23:06:26 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=eIwCQnco;
 spf=pass (domain: gmail.com, ip: 209.85.128.43,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f43.google.com with SMTP id
 5b1f17b1804b1-4806fbc6bf3so18057195e9.2
        for <openembedded-devel@lists.openembedded.org>;
 Thu, 29 Jan 2026 23:06:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769756785; x=1770361585;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=RL546c0n05lKEHKuXLr9nkWI67Kv2skZLWaqFMVQOkE=;
        b=eIwCQnco720snboyFllTLeyxfWSpvFwVmoyPOKnXtAfIL2wPJxo8u3f4dzLOltRA6c
         /EInha570h7YywmgRgmsfBC9p2+mAWeM9i1kHQFN/jTmAm9IlxcTUc9PvQPV/W48BBTj
         ticFWbL/MvmoU2bfhQwbOGVyy5pqKGRtO3mGzz5O5t4ZVFKcxTa9+Yh7CV0DydK0rTl8
         kvpnBOL6sG4ZJi2CJPVz7VtxXw7hA8UgTGQ6dZDYXo5Y8sbsFx+G50DW3iMYxr4Lyn5Q
         Z4ZXLDj/1e06dbM5h5Yjp5KwDyCykfNmo9UZ8oC5RWiGiLxUM/3M1dKIct+J7ho7wEbB
         5RjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769756785; x=1770361585;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=RL546c0n05lKEHKuXLr9nkWI67Kv2skZLWaqFMVQOkE=;
        b=SqGCjZ1xmcQr2tDIsUQ53pYWcHnXgBFDf6o5klUQwYVZZvnxwkdTimxL/5esLyYdD0
         0hAtvzo7C+vT3RFCsCekrxOSl0YX/TfZhKoW7DMsVbdz8ToIT7dOqk3CZYGnUvTl0sCi
         DVsw+ox4kB3zYJXsM8yTlJ53RAcys5fY4F9XsCMuH620ay7BksF9UAIFv6qgcCFBwJQM
         s3R61vUqpyuNeArp504hFFa+zwmIQ7Q89eV0rMkq7XMsN8mSdOL/k2lEt3iXvlu8ggpw
         taAVHC4imHoA4Xz5kujZ8HkCHhxqiZpDG7kao5ZOE3izXXGKVvGXdyLijsqErb0hyiQ0
         Tdbg==
X-Gm-Message-State: AOJu0YxulOEjwqilK62Yvnt4pLHQv4eyhkgA8rX+b1LRbSijhpyepUJr
	Qs1bRhz07FALiLQMVjnCRrYHf6Dxu5oAs9BLsI5IDu5kUhBXeGHrlCGhAjCKvw==
X-Gm-Gg: AZuq6aKxWcl5mohc6HopWOqT2r+K199RbetSq4Cugkh+ALXCZk69S/oF+tVsqoLJo7F
	W8nfXXYVVLRQGTGgKsvWeHw470kDUqttLzeLhWxHKjU52rCn29WXM3BTaph3jd5SIBWcjOu4W7F
	eXe0KMQvxGWmbvWx+qN1wp9RoLXW6wdEx1ZbifbHP42/0d9S8tEzVRMiFfIN2ODiHOhltyLwpIM
	0IH9vpoSAE0/+Ya2hKferOofsXtgHiIIsWnO1BV0GCitO0jUbJiXGUjZYgnd0dq6Zbmh7S5+UZg
	JAhlb9kudBBcZSqgI587TkxVyWmMSBXNypgE0JNAPQnkseo2565jJt9vn+Wr/9r9SvdZmbeF13d
	dEPOdlPCLkX2KCIMrEP+AqpqS6LCUTM22KT7AkBsY3JE4iL87JxR2J3MbDzEDgqICEHA/3st+5t
	iJMhtTsV7b
X-Received: by 2002:a05:600c:4ec7:b0:47d:264e:b35a with SMTP id
 5b1f17b1804b1-482db46b3eemr18444065e9.13.1769756784534;
        Thu, 29 Jan 2026 23:06:24 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-48066be7404sm280057445e9.1.2026.01.29.23.06.23
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 29 Jan 2026 23:06:24 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][kirkstone][PATCH 3/5] python3-ecdsa: ignore
 CVE-2024-23342
Date: Fri, 30 Jan 2026 08:06:19 +0100
Message-ID: <20260130070621.3171877-3-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260130070621.3171877-1-skandigraun@gmail.com>
References: <20260130070621.3171877-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 30 Jan 2026 07:06:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/123999

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-23342

The issue won't be fixed, because it is not in the scope of the
project. See also the discussion in the relevant Github issue[1].

[1]: https://github.com/tlsfuzzer/python-ecdsa/issues/330

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-python/recipes-devtools/python/python3-ecdsa_0.17.0.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-python/recipes-devtools/python/python3-ecdsa_0.17.0.bb b/meta-python/recipes-devtools/python/python3-ecdsa_0.17.0.bb
index 177019ccc2..9ce63c24b4 100644
--- a/meta-python/recipes-devtools/python/python3-ecdsa_0.17.0.bb
+++ b/meta-python/recipes-devtools/python/python3-ecdsa_0.17.0.bb
@@ -13,3 +13,6 @@ inherit pypi setuptools3 python3native
 RDEPENDS:${PN} += "python3-six python3-gmpy2 python3-pbr"
 
 BBCLASSEXTEND = "native nativesdk"
+
+# won't fix: https://github.com/tlsfuzzer/python-ecdsa/issues/330
+CVE_CHECK_IGNORE = "CVE-2024-23342"

From patchwork Fri Jan 30 07:06:20 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 80075
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 072DBD49C65
	for <webhook@archiver.kernel.org>; Fri, 30 Jan 2026 07:06:28 +0000 (UTC)
Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com
 [209.85.128.51])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.5536.1769756786903525466
 for <openembedded-devel@lists.openembedded.org>;
 Thu, 29 Jan 2026 23:06:27 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=jtRjWPSb;
 spf=pass (domain: gmail.com, ip: 209.85.128.51,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f51.google.com with SMTP id
 5b1f17b1804b1-4806cc07ce7so16514915e9.1
        for <openembedded-devel@lists.openembedded.org>;
 Thu, 29 Jan 2026 23:06:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769756785; x=1770361585;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=z4fcbSXDM/gMqRmNIMjwL8SCWylaU5iwF/x3uxmBFDA=;
        b=jtRjWPSbBho7z/JJXC9LGu+Ri8ganvatJybpotQotFb5RUpM6Zp5m/ZcPzWn5OOkTc
         KA9p8xngfSWSM9LPUmJUqqZAjo0RgVTMPr/J0ciUd4WWOdcivP0CreImMcIgQPltTklf
         dvmUMCsATGnWahzOczOiReDCj0XkFoM31i2o5lpUhqfudJCdTkQyJ4ypAlYs1wL/hoUg
         EWLyk8Ty1zd3hFFyN4g4oJl7iSeJ4SZSMQkNWMqGG00QXBbVp0xMdbPNHgYwMaV4pOj8
         fIa4PNNpZrOaB0aOQ2DmK4TaApgB/JzekxIIzr0Wx+nqyB0aoJi6+ddvl0zX3pEY7eGo
         jikA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769756785; x=1770361585;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=z4fcbSXDM/gMqRmNIMjwL8SCWylaU5iwF/x3uxmBFDA=;
        b=FPtQSt+cnWO3DUAW1F1DeRtBEjkz2SnoFovZn6JR6BVRtUEDP4WFWEKFFyZSHlkxRP
         oAT2BbQVw+ozX0576NkXopJXxyYqGrmZt1Odynpw/Po0i5Qqwo52R/erqa5thXkEKHsr
         62OMMCWhp2QQekvJyav1a4xT/2mrzS7gGlugRaaDh3mwN2A1G14/GJd/n8h5vCzR+fbl
         ugYHE8uk+1IVTTlyALGXEip01l2v3ebcuR3JZV7A5TW7yIuLCL35ZGyj+fWdcN4mO5tV
         NN+XBpFFYZaHCCSyefQxKy6SKA7DzJ8f6oVSWbXXyS4yshe5k5MFMOdeNhjUpxXV6ZRX
         qYhQ==
X-Gm-Message-State: AOJu0Yy5DdgL4Q6SvJ0er3LdrQUZGfiJ6NtDKMXEh4gjsbaZ3WMOcMZ5
	M+OrDLOHymU2IGCcTvXkGR/g3PmLaDzMxl3I3FErzjWTYr3+L3AelEOW091Pww==
X-Gm-Gg: AZuq6aImAAr/rCD72toM3EupYg/b9igiWjPsBwSqaBAfs3FmfTN+4iTkWgicw1H6dXG
	J5UAzB9kqwLefYS2XxWbGbR8AENCQ9enLFYyLh6vXkXy0OVMxJqCP8caZkaLCtIbpsV2zEvlNXg
	KxAmm2PtbbXX9RK/vPycr0D1Xgj426y8ceQJpbT3RuemaTqGlPOmyGBH7IexaVj1elo6IBwmSKz
	aN7YNMY0ZAutZhkghY4NpUaZ5pjvi4QHtLh/D18eX2HqCYeQl8SzR2l4GsSocyjVpH6lZes23YR
	UVGJZJCv6rhFwC4OLEXQoP/X0oyRTpRClyrogOF7Xy66CWoVad9EIy4VMM8cGDrz3Pye51eUugO
	rYri051Y8gPt7rzoO1lPTeWiPt918ka81eZh59eXy48WUx4FjKbMiV0uc+iEHr4AJJq5mH6SZyU
	fgI0xNmPjf
X-Received: by 2002:a05:600c:6214:b0:480:4a90:1b06 with SMTP id
 5b1f17b1804b1-482db49dbd5mr14806185e9.34.1769756785205;
        Thu, 29 Jan 2026 23:06:25 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-48066be7404sm280057445e9.1.2026.01.29.23.06.24
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 29 Jan 2026 23:06:24 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 4/5] libiec61850: patch
 CVE-2024-45969
Date: Fri, 30 Jan 2026 08:06:20 +0100
Message-ID: <20260130070621.3171877-4-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260130070621.3171877-1-skandigraun@gmail.com>
References: <20260130070621.3171877-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 30 Jan 2026 07:06:28 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/124000

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-45969

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../libiec61850/files/CVE-2024-45969.patch    | 31 +++++++++++++++++++
 .../libiec61850/libiec61850_1.5.1.bb          |  3 +-
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45969.patch

diff --git a/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45969.patch b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45969.patch
new file mode 100644
index 0000000000..d1dc8f0e6e
--- /dev/null
+++ b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45969.patch
@@ -0,0 +1,31 @@
+From d1afa7d8946ff05f73440e1fb5c14adcd5058b0d Mon Sep 17 00:00:00 2001
+From: Michael Zillgith <michael.zillgith@mz-automation.de>
+Date: Wed, 27 Mar 2024 12:26:58 +0000
+Subject: [PATCH] - ACSE: added check for minimum message size (LIB61850-438)
+
+CVE: CVE-2024-45969
+Upstream-Status: Backport [https://github.com/mz-automation/libiec61850/commit/7afa40390b26ad1f4cf93deaa0052fe7e357ef33]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/mms/iso_acse/acse.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/mms/iso_acse/acse.c b/src/mms/iso_acse/acse.c
+index 60b0f534..1f4d6eb9 100644
+--- a/src/mms/iso_acse/acse.c
++++ b/src/mms/iso_acse/acse.c
+@@ -420,6 +420,14 @@ AcseConnection_parseMessage(AcseConnection* self, ByteBuffer* message)
+ {
+     AcseIndication indication = ACSE_ERROR;
+ 
++    if (message == NULL || message->size < 1)
++    {
++        if (DEBUG_ACSE)
++            printf("ACSE: invalid message - no payload\n");
++
++        return ACSE_ERROR;
++    }
++
+     uint8_t* buffer = message->buffer;
+ 
+     int messageSize = message->size;
diff --git a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb
index 3e5fc91dad..d36a3c9306 100644
--- a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb
+++ b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb
@@ -18,7 +18,8 @@ SRCREV = "210cf30897631fe2006ac50483caf8fd616622a2"
 SRC_URI = "git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https \
            file://0001-pyiec61850-don-t-break-CMAKE_INSTALL_PATH-by-trying-.patch \
            file://0001-pyiec61850-Use-CMAKE_INSTALL_LIBDIR-from-GNUInstallD.patch \
-"
+           file://CVE-2024-45969.patch \
+           "
 
 S = "${WORKDIR}/git"
 

From patchwork Fri Jan 30 07:06:21 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 80076
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E705ED49C64
	for <webhook@archiver.kernel.org>; Fri, 30 Jan 2026 07:06:37 +0000 (UTC)
Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com
 [209.85.128.41])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.5561.1769756787577961577
 for <openembedded-devel@lists.openembedded.org>;
 Thu, 29 Jan 2026 23:06:27 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=VJXoXkwP;
 spf=pass (domain: gmail.com, ip: 209.85.128.41,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wm1-f41.google.com with SMTP id
 5b1f17b1804b1-48069a48629so17917585e9.0
        for <openembedded-devel@lists.openembedded.org>;
 Thu, 29 Jan 2026 23:06:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1769756786; x=1770361586;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=EWQnIDLe1mEqxFrMpGvwhDFwIPDqJ3imJOkpskoTWqY=;
        b=VJXoXkwP/VnqHYSj9RqWeoH+TWIy2R0MZHTeJaI5DUHH8v5Hu2NUGc8xQnrBrjY/af
         QbePVZ9PF1ca93nwi8sd+Wobt45vuP6F0YwCA8yBCI/4qZgCnSoj43YbSS2UqDkiSIre
         2G72Li94i5hhYw2/lkmPRYLfO58XqE5m1wB2j1/Rr0fP1SJPIiq7SawRUDxdhwVP7G/v
         kw9CTMBmzKL2C9Q7W2yVu1Jw12K3KKrz4yUHQgVDjS2s6/Lrg/n7kOKAasdPv2aCUvfz
         /nlpkDEybGUZcVeFwB5W1HpPxJunDb06TL7Xp4wrmpAYZOEX6BIZ/uAoVemkYJbpLOVL
         7Z5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769756786; x=1770361586;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=EWQnIDLe1mEqxFrMpGvwhDFwIPDqJ3imJOkpskoTWqY=;
        b=IBM1WUdnk4Mki3Lf3qhQB/aU97U9irQbjIgh9xjZFKJdvOGO15mMLBViQ9ACTG+H8f
         WnMfhm2nDFkRaZ/MuqqSJUJRyY+ElPM91pOO/Viwv2E3mW8K+9gj1xQU0Z+fIkh2wVwb
         kcjYI9p7svQzHq3BEXi5K+T+sZDztx0jLYlN6YfNQ10MaGsVQjM9BFqRA7pkOHaWvc74
         2oP6MDHEomasLloQUDBUBtoQSFKvqy43Sjdc9jSndkNlZnMtAt5Dk5r03eLd2DZfY2Re
         t84W++X8guQdZb+RtbwGQkeen1a49HgozprId2wn9V2aDRf60wgxoXM2HBGH6hDn/2RK
         oDgg==
X-Gm-Message-State: AOJu0YwDs7Lqt3LrtWY/mgVu37EHBaoc/D3Fsm/QRA56JGL00oJ5R+50
	7EqLlZX9JFx8bZfhiZJ3LOdTNpYeoiD6mvxIETBcFLU+Rt0wpjiPwlYzgAvNLA==
X-Gm-Gg: AZuq6aLk7fN1+sSsY2YkDK4MISvo09NwnhwfnJDT2jGaZG3Av3tsJrbbSZ96j/vl3Vf
	p2FCPR3GyoIIlHqx3XiekiKuT0g8rMn1DuVBPKki5LeV7Hf7dQ5on9OjNDCg5hSRRFFbYhPxI1p
	vazzb2FlcXwM21Yji/R+yPP+snDpMAZ92lPJ316/lqeGb5Oh7izku0JA/hEFpRW+jKL9hwsBdQN
	kYJ+QLp0ik9FKMPzIRxiQpXpoJnNu47eJjdsFeugvkxCp2eLgzBeRym/QYtSDosqBEtGbUvvNjP
	p/Y21jZCsG8GYid02WXFD/sOdu5llpCw4GnrzCpYCJ2IkiHxqDzPOxegO8zlLGeMrP4wLhKKTjD
	ilkeZg+pfkL7CvrbTQm53jOjAziMcWQHqS3rPQyv5SKKRHsrs2skRzc30g4kQ0kWEuRjuDRbdXW
	Lzb0BHVJQDDAw8mUuzWMo=
X-Received: by 2002:a05:600c:1c26:b0:47e:c562:a41f with SMTP id
 5b1f17b1804b1-482db481c92mr21690005e9.18.1769756785824;
        Thu, 29 Jan 2026 23:06:25 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-48066be7404sm280057445e9.1.2026.01.29.23.06.25
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 29 Jan 2026 23:06:25 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 5/5] libiec61850: patch
 CVE-2024-45970
Date: Fri, 30 Jan 2026 08:06:21 +0100
Message-ID: <20260130070621.3171877-5-skandigraun@gmail.com>
X-Mailer: git-send-email 2.52.0
In-Reply-To: <20260130070621.3171877-1-skandigraun@gmail.com>
References: <20260130070621.3171877-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 30 Jan 2026 07:06:37 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/124001

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-45970

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../libiec61850/files/CVE-2024-45970.patch    | 71 +++++++++++++++++++
 .../libiec61850/libiec61850_1.5.1.bb          |  1 +
 2 files changed, 72 insertions(+)
 create mode 100644 meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45970.patch

diff --git a/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45970.patch b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45970.patch
new file mode 100644
index 0000000000..81759438e1
--- /dev/null
+++ b/meta-networking/recipes-connectivity/libiec61850/files/CVE-2024-45970.patch
@@ -0,0 +1,71 @@
+From 554e77c542f1c09b689907d5e2ea8bff4b2ad969 Mon Sep 17 00:00:00 2001
+From: Michael Zillgith <michael.zillgith@mz-automation.de>
+Date: Tue, 23 Jul 2024 18:50:15 +0100
+Subject: [PATCH] - fixed potential buffer overflows in MMS client file service
+ handling (LIB61850-449)
+
+CVE: CVE-2024-45970
+Upstream-Status: Backport [https://github.com/mz-automation/libiec61850/commit/ac925fae8e281ac6defcd630e9dd756264e9c5bc]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/mms/iso_mms/client/mms_client_files.c | 23 +++++++++++++++++++----
+ 1 file changed, 19 insertions(+), 4 deletions(-)
+
+diff --git a/src/mms/iso_mms/client/mms_client_files.c b/src/mms/iso_mms/client/mms_client_files.c
+index 307ab534..1aa8dff2 100644
+--- a/src/mms/iso_mms/client/mms_client_files.c
++++ b/src/mms/iso_mms/client/mms_client_files.c
+@@ -478,8 +478,13 @@ parseFileAttributes(uint8_t* buffer, int bufPos, int maxBufPos, uint32_t* fileSi
+             break;
+         case 0x81: /* lastModified */
+             {
+-                if (lastModified != NULL) {
++                if (lastModified != NULL)
++                {
+                     char gtString[40];
++
++                    if (length > sizeof(gtString) - 1)
++                        return false; /* lastModified string too long */
++
+                     memcpy(gtString, buffer + bufPos, length);
+                     gtString[length] = 0;
+                     *lastModified = Conversions_generalizedTimeToMsTime(gtString);
+@@ -506,12 +511,14 @@ parseDirectoryEntry(uint8_t* buffer, int bufPos, int maxBufPos, uint32_t invokeI
+     uint32_t fileSize = 0;
+     uint64_t lastModified = 0;
+ 
+-    while (bufPos < maxBufPos) {
++    while (bufPos < maxBufPos)
++    {
+         uint8_t tag = buffer[bufPos++];
+         int length;
+ 
+         bufPos = BerDecoder_decodeLength(buffer, &length, bufPos, maxBufPos);
+-        if (bufPos < 0) {
++        if (bufPos < 0)
++        {
+             if (DEBUG_MMS_CLIENT)
+                 printf("MMS_CLIENT: invalid length field\n");
+             return false;
+@@ -525,12 +532,20 @@ parseDirectoryEntry(uint8_t* buffer, int bufPos, int maxBufPos, uint32_t invokeI
+             tag = buffer[bufPos++];
+ 
+             bufPos = BerDecoder_decodeLength(buffer, &length, bufPos, maxBufPos);
+-            if (bufPos < 0) {
++            if (bufPos < 0)
++            {
+                 if (DEBUG_MMS_CLIENT)
+                     printf("MMS_CLIENT: invalid length field\n");
+                 return false;
+             }
+ 
++            if (length > (sizeof(fileNameMemory) - 1))
++            {
++                if (DEBUG_MMS_CLIENT)
++                    printf("MMS_CLIENT: filename too long\n");
++                return false;
++            }
++
+             memcpy(filename, buffer + bufPos, length);
+             filename[length] = 0;
+ 
diff --git a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb
index d36a3c9306..ce6f79e996 100644
--- a/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb
+++ b/meta-networking/recipes-connectivity/libiec61850/libiec61850_1.5.1.bb
@@ -19,6 +19,7 @@ SRC_URI = "git://github.com/mz-automation/${BPN}.git;branch=v1.5;protocol=https
            file://0001-pyiec61850-don-t-break-CMAKE_INSTALL_PATH-by-trying-.patch \
            file://0001-pyiec61850-Use-CMAKE_INSTALL_LIBDIR-from-GNUInstallD.patch \
            file://CVE-2024-45969.patch \
+           file://CVE-2024-45970.patch \
            "
 
 S = "${WORKDIR}/git"