From patchwork Mon Feb 2 21:13:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80289 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F411FE7FDE1 for ; Mon, 2 Feb 2026 21:14:09 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1609.1770066844871019426 for ; Mon, 02 Feb 2026 13:14:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=MJQOQeli; spf=pass (domain: gmail.com, ip: 209.85.128.47, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-4806b43beb6so36356185e9.3 for ; Mon, 02 Feb 2026 13:14:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066843; x=1770671643; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=GOHmlKFHAz5Q+kEAX5PV0+/YfvC0xlkw24aYluXtOTQ=; b=MJQOQeliHUFzE7QgpbQALcMLNiNnV/hQvWcHlhSoqW93CZheyOpmvpeOLBezWxUixk H2vdhyyzQ0N0VKjC+EBEKBI8E4kjcqyOHi+Ih7bC0Ap6swt1k8cHqzZqIPkWTAVgrr1j 129IzUux4R20a4smV1M4WNd0EG+axbczGw0rD2db8c9NSX9+/2wI1zOgdd3/o1fDUT0E neJSCcIAwcrX9Yy3rHfWcm2Q/Zcj+gMjC28Z8dwl8g9Yk9qpFmgxVf7k0Q9ldBsAHtc5 amyhceoMueyO+6tfUsJaUYNfcKGjXxBHeUzh0XLyKLfHYsl5RMe8gkesiiWav5YDaHcK Wz2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066843; x=1770671643; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GOHmlKFHAz5Q+kEAX5PV0+/YfvC0xlkw24aYluXtOTQ=; b=VOMOe1AqiIpgnHK2ADDXOioqinCqcCVlyz98xh4b2714U+fi1OAb4R7QOw0dj5Bcqj yK+kP9eqbeHT3pfJVrSXwiDqMt5FbC7fuL2YlVT7h4Kt3PvyZpbYV7/BA4AgY6ZAh6pf TwLewb8lACfdTpA5hfWwStrBfRPN4TaQU2uReyAqG8IgU5tMwcUvxHWUSv05+WGtsgVE XE7bn/zDJrakQDBf2vMzcfRoj2upoOkWQf0iIEhG0QIDgBUvSzbFp8isLqIEn/thIzhl 7k7Ip1mLsQ66nu5FHdtDcF2I4nw1ijVaRKXADksCyPS173OwvS8MO3+4xViyzR83sDHZ w31Q== X-Gm-Message-State: AOJu0Ywj0zxqNuISFwlg08rf4c41eu0OzSUoRUWOtV9ufp0ot88E5Jvp YDGsRloryu+kG+vFYqGMVL0ousJHvvytFBNr/wqLQm0P36UQNoPtgYEKVkXbVw== X-Gm-Gg: AZuq6aJNUWqriJlGCTz911LUXP7baVe4nvVS+72ZqDQQv4TzDgSo6+323N9teDJ7RXQ xmS7WoSah2GW2KHTXKFBIJrducyjlLa/6A26XgKmS4A60In3fzKLM7fNZkrUnItEa2p68j16pF6 qZp4IgR7cpwMcXPpVjMytIHxxPQj6pu2tNS+oZEYlHfeQ/mCwZq80fbQ8yjB39dv5AwwKaeY/4q 16l2xPMPBRusuSu6PlbfqgyX0JlCczihtLkdm9lUqXleXrHW3Pzcq5Ygy7GPADSccWRHM2Y2+j3 GKsEI5j/Xhgb9G70XKlwBHSxUYLlGFpEp82s0jQ6RnCa2e1141fbY00q0AU4/hzZODGxC7R5SLn MD46N9LWSjmJf1ovb6ohHvF8+9nRuD4UltIuSrEcunCBfRF+X9+fz1Ia8HxyICPXg4X38byyeSP g6Qgm2Z10O X-Received: by 2002:a05:6000:1ac7:b0:435:b7b9:a39a with SMTP id ffacd0b85a97d-435f3aaa47cmr20345211f8f.38.1770066843117; Mon, 02 Feb 2026 13:14:03 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:02 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 01/15] fontforge: patch CVE-2025-15279 Date: Mon, 2 Feb 2026 22:13:47 +0100 Message-ID: <20260202211401.1287664-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124074 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15279 Pick the patch that mentions this vulnerability ID explicitly. Also, this patch has caused some regression - pick the patch also that fixed that regression. Signed-off-by: Gyorgy Sarvari --- .../fontforge/CVE-2025-15279-1.patch | 41 +++++++++++++++++++ .../fontforge/CVE-2025-15279-2.patch | 34 +++++++++++++++ .../fontforge/fontforge_20230101.bb | 4 +- 3 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch new file mode 100644 index 0000000000..91306c57c6 --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch @@ -0,0 +1,41 @@ +From 545b5eedf2a6866aecc04102f2e0853089cb760e Mon Sep 17 00:00:00 2001 +From: Ahmet Furkan Kavraz + <55850855+ahmetfurkankavraz@users.noreply.github.com> +Date: Thu, 8 Jan 2026 15:47:43 +0100 +Subject: [PATCH] Fix CVE-2025-15279: Heap buffer overflow in BMP RLE + decompression (#5720) + +CVSS: 7.8 (High) +ZDI-CAN-27517 +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15279 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/7d67700cf8888e0bb37b453ad54ed932c8587073] +Signed-off-by: Gyorgy Sarvari +--- + gutils/gimagereadbmp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/gutils/gimagereadbmp.c b/gutils/gimagereadbmp.c +index 5a137e28a..133336787 100644 +--- a/gutils/gimagereadbmp.c ++++ b/gutils/gimagereadbmp.c +@@ -181,12 +181,18 @@ static int readpixels(FILE *file,struct bmpheader *head) { + int ii = 0; + while ( iiheight*head->width ) { + int cnt = getc(file); ++ if (cnt < 0 || ii + cnt > head->height * head->width) { ++ return 0; ++ } + if ( cnt!=0 ) { + int ch = getc(file); + while ( --cnt>=0 ) + head->byte_pixels[ii++] = ch; + } else { + cnt = getc(file); ++ if (cnt < 0 || ii + cnt > head->height * head->width) { ++ return 0; ++ } + if ( cnt>= 3 ) { + int odd = cnt&1; + while ( --cnt>=0 ) diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch new file mode 100644 index 0000000000..8ef833ff63 --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch @@ -0,0 +1,34 @@ +From 3bbdf6c7c161ff45d793e3bf5047720156e466ae Mon Sep 17 00:00:00 2001 +From: Ahmet Furkan Kavraz + <55850855+ahmetfurkankavraz@users.noreply.github.com> +Date: Mon, 12 Jan 2026 22:45:16 +0100 +Subject: [PATCH] Fix CVE-2025-15279: Move bounds check inside cnt >= 3 block + (#5723) + +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15279 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/720ea95020c964202928afd2e93b0f5fac11027e] +Signed-off-by: Gyorgy Sarvari +--- + gutils/gimagereadbmp.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/gutils/gimagereadbmp.c b/gutils/gimagereadbmp.c +index 133336787..ad365158c 100644 +--- a/gutils/gimagereadbmp.c ++++ b/gutils/gimagereadbmp.c +@@ -190,10 +190,10 @@ static int readpixels(FILE *file,struct bmpheader *head) { + head->byte_pixels[ii++] = ch; + } else { + cnt = getc(file); +- if (cnt < 0 || ii + cnt > head->height * head->width) { +- return 0; +- } + if ( cnt>= 3 ) { ++ if (ii + cnt > head->height * head->width) { ++ return 0; ++ } + int odd = cnt&1; + while ( --cnt>=0 ) + head->byte_pixels[ii++] = getc(file); diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb index af77ec913e..901b289f11 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb @@ -21,7 +21,9 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ file://0001-cmake-Use-alternate-way-to-detect-libm.patch \ file://0001-Fix-Translations-containing-invalid-directives-hs.patch \ file://CVE-2024-25081_CVE-2024-25082.patch \ -" + file://CVE-2025-15279-1.patch \ + file://CVE-2025-15279-2.patch \ + " EXTRA_OECMAKE = "-DENABLE_DOCS=OFF" PACKAGECONFIG = "readline" From patchwork Mon Feb 2 21:13:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80286 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3121E7FDE0 for ; Mon, 2 Feb 2026 21:14:09 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1563.1770066845523347224 for ; Mon, 02 Feb 2026 13:14:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=hUiwJ9Da; spf=pass (domain: gmail.com, ip: 209.85.128.52, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-47ee3a63300so54621615e9.2 for ; Mon, 02 Feb 2026 13:14:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066844; x=1770671644; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6va1rboWH4+X1QryBgzcABuBQQWFs8MyebgD1ky7v24=; b=hUiwJ9DaITJ2Mzw8RQ+nTNKKP/F88EPyLQxTSPV+PLxEUnbEnjcDd/h9XovnbFk4wy 3jGo3QUn9OC2eU+V92secdq/7YJZxwURVDr9phMFQV7hmHWjEeUrn8IELv/FW5S3gAE1 twVENHVmwAiEOo1EQc+fty/8FlX/AMG516PXWW5vJusH46n6nl9+AVtCAPxw2gA2eCLp D3Seig40a3nmUrEw/uhKW9wHpM0+8Oqz/LnuDp47icWRajlCbc4PjdbWLu4x+uhtFFj0 ZoAYAYan8fc6n/1qdsyqXQ+KA9bFRqAFGJ8F5ha7UbOdttjycv0hPwBCDRQtGEJ5cHMg 4xTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066844; x=1770671644; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=6va1rboWH4+X1QryBgzcABuBQQWFs8MyebgD1ky7v24=; b=TXsMiYMAS8u9eApr4Bar44J0fOVygZyRS4YdD/qa4pwtNZK4BTh20PPH33BlqO+rrC peQazJdC/ROanz8wQbFMvpaRfpdnK56UtUCQ03TJpMz5oGGjjsnl3Q2UUHVBvY3gpteI SEJ395EzhJEzbtut2gxKAm3P/bPRhbrr6kRQ326NWWaRR9VFROLQ34l9RrStQpj+p/bv WEn5drZ+zWA9NYA8/q7lu/5nBOfKG/Ru6MC3iTwpTN09+R0yGXUDZQYv1DPmrPT1H89G ggK5Fx6WokWs4aV5HZs4S9CoIH58lO0QMfJHHz4Yx4X/HwfWOf5c6reHCFIgfSad1v9M 49MA== X-Gm-Message-State: AOJu0Yxu4I2k9l9rWpoXWB3VK3AZR1gMQFClsKhjKDPQ7h5fU6TZD3Ln 5OozPEWxu0oKoBFTM3wl9SFdSTDUBH7eOohDHsLTGnVsSecMpiYk582zBj2/Og== X-Gm-Gg: AZuq6aLjubjv6RtDAJsGai6oIKJjIzE91pH9ahrb0hX471Jy5b5dTXjKEbdb0LOeofB vflwp9hCq8TzNoWeCR4KcvM5pjEoOfKDqFC8o5vpUFOznzP9HOiH4sb8euwArEJFjXfdV94Ttq7 X8Zn7FIdGbb64C7b9Pp/JA8F70wJzkMa6Q8mJ0RwVNJPS4C2HRlipYrsbo/1ivn5x0bJA2UvYoi lQJG2bWKv2/AWqIexdbYuvAwd7Eij+BgKo5gCrLCKjnbxwM8Ya/j6IFU8xHI2BgC1+XDO2UKWKv /t1g0IPetKwb/DwHdhGZ/J3HStC7zFNp6cLpj6AJHPw/cdfuPWfbV+AuRen1Hl2E8FaWGfrCJmY /JEX/bO8K1yVFtGT123JHmTQ2PykMPWvEESLBzbfpm9DheRPJRUJbFW3EU/tcGEg0mU0jjiLNwP Zuy0OQeE/P X-Received: by 2002:a05:6000:1786:b0:430:f301:3e6c with SMTP id ffacd0b85a97d-435f3aa7a0emr18607243f8f.34.1770066843750; Mon, 02 Feb 2026 13:14:03 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:03 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 02/15] fontforge: patch CVE-2025-15275 Date: Mon, 2 Feb 2026 22:13:48 +0100 Message-ID: <20260202211401.1287664-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124075 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15275 Pick the patch that mentions this vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari --- .../fontforge/fontforge/CVE-2025-15275.patch | 33 +++++++++++++++++++ .../fontforge/fontforge_20230101.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch new file mode 100644 index 0000000000..3574b8ee19 --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch @@ -0,0 +1,33 @@ +From 4c0658f56faf6d64382721a230ee57038035110a Mon Sep 17 00:00:00 2001 +From: Ahmet Furkan Kavraz + <55850855+ahmetfurkankavraz@users.noreply.github.com> +Date: Fri, 9 Jan 2026 16:58:23 +0100 +Subject: [PATCH] Fix CVE-2025-15275: Heap buffer overflow in SFD image parsing + (#5721) + +Fixes: CVE-2025-15275 | ZDI-25-1189 | ZDI-CAN-28543 + +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15275 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/7195402701ace7783753ef9424153eff48c9af44] +Signed-off-by: Gyorgy Sarvari +--- + fontforge/sfd.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index cd661584b..4db9feebb 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -3724,6 +3724,10 @@ static ImageList *SFDGetImage(FILE *sfd) { + getint(sfd,&image_type); + getint(sfd,&bpl); + getint(sfd,&clutlen); ++ if ( clutlen < 0 || clutlen > 256 ) { ++ LogError(_("Invalid clut length %d in sfd file, must be between 0 and 256"), clutlen); ++ return NULL; ++ } + gethex(sfd,&trans); + image = GImageCreate(image_type,width,height); + base = image->list_len==0?image->u.image:image->u.images[0]; diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb index 901b289f11..1680c7b2e0 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb @@ -23,6 +23,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ file://CVE-2024-25081_CVE-2024-25082.patch \ file://CVE-2025-15279-1.patch \ file://CVE-2025-15279-2.patch \ + file://CVE-2025-15275.patch \ " EXTRA_OECMAKE = "-DENABLE_DOCS=OFF" From patchwork Mon Feb 2 21:13:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80291 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34C35E7FDE9 for ; Mon, 2 Feb 2026 21:14:10 +0000 (UTC) Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1564.1770066846228822903 for ; Mon, 02 Feb 2026 13:14:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=J4HkV/rx; spf=pass (domain: gmail.com, ip: 209.85.128.51, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f51.google.com with SMTP id 5b1f17b1804b1-4801eb2c0a5so47674735e9.3 for ; Mon, 02 Feb 2026 13:14:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066844; x=1770671644; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=nzVQ8m2jfOdGzUTsk9Q9rVJDLNexz1aoHHWs+5bUZN4=; b=J4HkV/rxCAkUktHXBpomuLYx9iK1254IcQkI0+CBOn75Kj+Pv7vw1caStlzLUJ2CCF wU2C/cyj6MgDGoIG6zN98C8IH4vvD9EgyI6bSV6S+J0gekDIAdENbHdajYtD27cbGG4+ Vs/vp6hf2hQwIBfOlhckYk8rHE0O76aNBEX2UnZfSeZqNNDlna00r+7R6BPImd1YmTU/ QjI9d33aoXWkFDygRvraf7ZyJODBZkE1lvGcwUYcrPLIiQ54FwWJKcneaefdmU2vVj67 KKCa1EPfDI3QncDPr95u7vaPW24YAg6c/j3jopC+khvo4myB8Lb22nNxGYU6/9tiTp6c mU0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066844; x=1770671644; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=nzVQ8m2jfOdGzUTsk9Q9rVJDLNexz1aoHHWs+5bUZN4=; b=bhgE6uy6ZB52uyYNUNvpfWi2eOcequqqeuJUaZFmdKzIHDNjViM1y5dS9Awk9XB9oz 4aE6Lw0u0MC9dzNs+6VtPX0qqMYkhZL102E+KRH7+yK9yFkYKrIcc6Mxcaa3imx5K0qe +l0tgXGVPX4W9t5XjPgEFXV0KJAbsYV+m6IFaBPsJUWKUr6jnQsaWvRY9xBsGEVOofKn T6lHqSvcMx/uXh4ORCN2KweNo9s5raATPOcQV3BlErI8wSuQQ1bAJsr4FgnYhlrlBmSJ 6LEa+DoQ7MIaIn+25gY2F6g1cJE7kPTMdTWvDppPGgiY4FMIXljpmPFuAAbejPttuvaL ynfA== X-Gm-Message-State: AOJu0YxDDGxqG9MYabc2xFz5ESiUL0cOkbUs9li+VduDJ+vZVmONZ4lY AygkccJB+OCQedrlvMmorsIlmF4/dVA/Ds9w9ELVktn9g6y29Z0vKAEVw0FpYQ== X-Gm-Gg: AZuq6aIJlO6DMy7BLLjl2VhVuM03wY+cPUGL6swUB5aGe3bitZhQFXSHsO1Vr/fhyb9 hQQhn1+lUoRhuqhIUEs/k4KVqajAwZL1O8hYSGc6gY5HSQ4A/mheBjkxtcqJhfFfrgDkBM4o+1B CKDCLXJaksBznbpiZTvH6PkRpj56NUiUCPUedjrdEYW7eX93WNml4m0Ql5Oz7YA+rty8w+DN+zi NuXveaariuU7AlP2PfuM49eTy1clPUgj8nM7/UEpyl+eUhYLQA6nnkbv/mrIKOJAZIpppCjkAqg 0QeAnoFOvkw4dSkNK9Bl0x3BMI36tiQrhpj4amnFX19OYN/pggZO+egB5990qXY+HcF0EKQf4Pb QcrnrtVqLODePWqzD4Iva735HYB7FHtJ4OzwlbmjSgGTf+ZXz/pmMjeOo+k75chMq3NCmBHcUcK b4WnABrujF X-Received: by 2002:a05:6000:2c08:b0:431:5ac:1fc with SMTP id ffacd0b85a97d-435f3a7a4acmr20334846f8f.14.1770066844422; Mon, 02 Feb 2026 13:14:04 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:04 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 03/15] fontforge: patch CVE-2025-15269 Date: Mon, 2 Feb 2026 22:13:49 +0100 Message-ID: <20260202211401.1287664-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124076 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15269 Pick the patch that refers to this vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari --- .../fontforge/fontforge/CVE-2025-15269.patch | 35 +++++++++++++++++++ .../fontforge/fontforge_20230101.bb | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch new file mode 100644 index 0000000000..af04085016 --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch @@ -0,0 +1,35 @@ +From 904971c570f0697a9052c6fa699f1a2c9b2669a2 Mon Sep 17 00:00:00 2001 +From: Ahmet Furkan Kavraz + <55850855+ahmetfurkankavraz@users.noreply.github.com> +Date: Sat, 10 Jan 2026 20:06:53 +0100 +Subject: [PATCH] Fix CVE-2025-15269: Use-after-free in SFD ligature parsing + (#5722) + +Prevent circular linked list in LigaCreateFromOldStyleMultiple by clearing +the next pointer after shallow copy. The shallow copy propagates liga's +modified next pointer from previous iterations, creating a cycle that +causes double-free when the list is traversed and freed. + +Fixes: CVE-2025-15269 | ZDI-25-1195 | ZDI-CAN-28564 + +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15269 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/6aea6db5da332d8ac94e3501bb83c1b21f52074d] +Signed-off-by: Gyorgy Sarvari +--- + fontforge/sfd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index 4db9feebb..894176254 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -4786,6 +4786,7 @@ static PST1 *LigaCreateFromOldStyleMultiple(PST1 *liga) { + while ( (pt = strrchr(liga->pst.u.lig.components,';'))!=NULL ) { + new = chunkalloc(sizeof( PST1 )); + *new = *liga; ++ new->pst.next = NULL; + new->pst.u.lig.components = copy(pt+1); + last->pst.next = (PST *) new; + last = new; diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb index 1680c7b2e0..7db8a66654 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb @@ -24,6 +24,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ file://CVE-2025-15279-1.patch \ file://CVE-2025-15279-2.patch \ file://CVE-2025-15275.patch \ + file://CVE-2025-15269.patch \ " EXTRA_OECMAKE = "-DENABLE_DOCS=OFF" From patchwork Mon Feb 2 21:13:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80290 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36AA0E7FDE2 for ; Mon, 2 Feb 2026 21:14:10 +0000 (UTC) Received: from mail-wr1-f54.google.com (mail-wr1-f54.google.com [209.85.221.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1610.1770066846854595582 for ; Mon, 02 Feb 2026 13:14:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Fx34pKk9; spf=pass (domain: gmail.com, ip: 209.85.221.54, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f54.google.com with SMTP id ffacd0b85a97d-435a517be33so2946884f8f.0 for ; Mon, 02 Feb 2026 13:14:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066845; x=1770671645; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Isj4Dezs4JgU1kV6mcSXbCjMM4UQE6LZ/4cM5K4raAY=; b=Fx34pKk9D9Hxj/I55c0vLU2L1ZqFRjGHHwU5znCTdvwpv+lb6gvAJpaB/VFsjBuW6N EdCyhTUKcloHziXJ95BDKtAeyzHxqZNYKOvHaA1UkMSGeDULkVFMp0iGKKmetWeGh9vK yRNVEQZ1MqAHM3pJumZfiVofB4xcDmD6fykGoZQqIeK04/0U1n9tFzkErcRh23TCy5zr +IbYKNXXpVncWUSJpTEz89tuGWmctUtVUlvu8XyCScAA0gNIW4B8J745OnvltXP3oLp8 oEKq3XQV1Y8rS0yeZu0R3Zhj9jOwp1mjU3CY2LDHFuwK2W1VgSu6Pbob9jxE2ZBxYQD9 SL8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066845; x=1770671645; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Isj4Dezs4JgU1kV6mcSXbCjMM4UQE6LZ/4cM5K4raAY=; b=bx5d3UUP2KUgryGrKTeBWmt78tMi0zzwdsPXRAqJFXA3TBZpqA63SvCDfWvP0M1d2T xFEA1Y1FGcAPUy5xi5q/cR4lPwLCEYLF4HJ5kD0XXiU3q+XVll3wA+KvhXl4JbnlQfDG LpKaE6GfomjZZG25btaSK9K6jtgDE9GzxdX5ELAbMoD+7CaIXDqWP4jjgtoVFPMMf1Fw gD4yXl6o61G2A4W7YWe79uY3DjxtN3ki1tEa0HGL20NUgdiq8AiZXWTqg5YmjtQHv2ez NVnw2CHVu1IEKTXKjfKaS0DY+cmFmERCVPradUNaC+pL1O7DluHmwZkaCJCfng9woPtC 5FNw== X-Gm-Message-State: AOJu0Yy6v3hwxrxzuogRnlGOYHC09V5zH+kBRW1YERU3+L77Hh+Cvd39 62C4gsjP7CXL+AhbOBdVWvYUGHXYKkIz0W3zbKBWMKzL01dsbg9HbOMfkzjeMg== X-Gm-Gg: AZuq6aKiRIZRQx2aI3T0YHFFg0XP0Ukm0tTJds0NyV3OBr/3ecWGi3pvb8tNgB4tm0m FvwNT8BGIAJ0q3i/dO3pdjwyoYXqqlCcRvb/9WXA4A+HwAU75XprBsGPuOo7rMDWOyl4oOxzAl0 FVvSCyXU0Dgc0thYr3kPsm5aIYu5EXlo3N3rfTGoKXe4Cic0/UceccXfVJ8fbx+b/6yrQYMlyPD 8XV+Vc+ibE2N3seHRijJDITLE2RlsIOp4CztL5YcUJwd9xvI0FubS3bi9XhkJhRP83IPnwYOQec 2+E7IzERxYjvd6bPa3bsOm6z1KJHpVayfKviM514XoyZ8jOcRhVNRAtXl7TYv1bRxWEL1l5XgI9 7GZfoeoX/aiKNdJteqAXX2VefRvuSaY9KBSzdE2gfkBjO5iwRVl0LCpVsqOWgCqYIqGAtI2ss6m aGFCnGrSVq X-Received: by 2002:a5d:5d09:0:b0:430:f742:fbc7 with SMTP id ffacd0b85a97d-435f3a73d06mr20721751f8f.14.1770066845083; Mon, 02 Feb 2026 13:14:05 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:04 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 04/15] fontforge: patch CVE-2025-15270 Date: Mon, 2 Feb 2026 22:13:50 +0100 Message-ID: <20260202211401.1287664-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124077 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15270 Pick the patch that mentions this vulnerbaility explicitly in its description. Signed-off-by: Gyorgy Sarvari --- .../fontforge/fontforge/CVE-2025-15270.patch | 44 +++++++++++++++++++ .../fontforge/fontforge_20230101.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch new file mode 100644 index 0000000000..335aa3f9a2 --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch @@ -0,0 +1,44 @@ +From 647e17c1313b0be5159616e4345e6007e1f377a5 Mon Sep 17 00:00:00 2001 +From: Ahmet Furkan Kavraz + <55850855+ahmetfurkankavraz@users.noreply.github.com> +Date: Sat, 31 Jan 2026 21:23:41 +0100 +Subject: [PATCH] Fix CVE-2025-15270: Heap buffer overflow in SFD kern class + parsing (#5743) + +Fixes: CVE-2025-15270 | ZDI-25-1194 | ZDI-CAN-28563 + +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15270 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/d01333a5bfa2ac4ed698c24b323d02107deacad7] +Signed-off-by: Gyorgy Sarvari +--- + fontforge/sfd.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index 894176254..3692973fe 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -8286,6 +8286,10 @@ bool SFD_GetFontMetaData( FILE *sfd, + for ( i=classstart; ifirst_cnt; ++i ) { + if (kernclassversion < 3) { + getint(sfd,&temp); ++ if (temp < 0) { ++ LogError(_("Corrupted SFD file: Invalid kern class name length %d. Aborting load."), temp); ++ return false; ++ } + kc->firsts[i] = malloc(temp+1); kc->firsts[i][temp] = '\0'; + nlgetc(sfd); /* skip space */ + fread(kc->firsts[i],1,temp,sfd); +@@ -8303,6 +8307,10 @@ bool SFD_GetFontMetaData( FILE *sfd, + for ( i=1; isecond_cnt; ++i ) { + if (kernclassversion < 3) { + getint(sfd,&temp); ++ if (temp < 0) { ++ LogError(_("Corrupted SFD file: Invalid kern class name length %d. Aborting load."), temp); ++ return false; ++ } + kc->seconds[i] = malloc(temp+1); kc->seconds[i][temp] = '\0'; + nlgetc(sfd); /* skip space */ + fread(kc->seconds[i],1,temp,sfd); diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb index 7db8a66654..72d233fe0c 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb @@ -25,6 +25,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ file://CVE-2025-15279-2.patch \ file://CVE-2025-15275.patch \ file://CVE-2025-15269.patch \ + file://CVE-2025-15270.patch \ " EXTRA_OECMAKE = "-DENABLE_DOCS=OFF" From patchwork Mon Feb 2 21:13:51 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80292 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 221E5E7FDE6 for ; Mon, 2 Feb 2026 21:14:10 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1612.1770066847776009893 for ; Mon, 02 Feb 2026 13:14:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CIG3cT8m; spf=pass (domain: gmail.com, ip: 209.85.128.48, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-47ee07570deso40975025e9.1 for ; Mon, 02 Feb 2026 13:14:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066846; x=1770671646; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=X71LvpFHYcXoYJxaNtOKjvRQe4aekMIbqvOowMCiByk=; b=CIG3cT8m+a2BLfEhM/z58Uimc/bCrqIT1hFXJMG4kVhdi+FjTkOb1j0+XVWuZCkbPt Q9n5wuV+IDqc5VKG6S6XTGyf4T/gJno3BuAiP83/nbRyp4AdaK8T3z/olWIXEoJXJpeu IpHrsjh4R65MgNOcRVRVbnB3anhysXE4sf+PJLV/nlzxlRjN1ZcAQvdwh9XW4huqaS65 CeE392eJwMd6uIBhTQFkcKuqjAHnvducn/erAfq4Fs6XtcBoysCoWlQ/WypGAKpDjuYu 6lKavfl0Vf0nRX1Oy/qawSaO48iCQ/TZ7GJo66r5Whq/lihARVxokG1mZu0Re6nKiZMs BrZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066846; x=1770671646; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=X71LvpFHYcXoYJxaNtOKjvRQe4aekMIbqvOowMCiByk=; b=ig6EBswJ2IhCgYJ+VGSmE3oceat8sJzdGFh0UmbnSgbXjC5ztUfaN4ZiaxLNO8UAJh R0XK4qdh8zECs8wr9Ol/fV5kwWPL4+RJWPs/DUhe0KSu1jPIzFZakLDm0SSXzK75JCXz 2e72CmUp0sUaD3aiBR2UomKeZ54bOSW1/x8XhTvtwbffiAd4WFwa3KVRyD6LoON9MIQV TYDFvVLfnQ4bhpIxjjKUpCR3UPken9G3L+nUlivTiuyNeUALcYOfPiD0hJHC1CG+TG2v gVpJoG0V0MtO1hOOn2R14uNu7mznVOD/wFy4T0IJs8T/UKzEk3zo2yu14BafDSLrO7uv LScQ== X-Gm-Message-State: AOJu0YxF/1TqubZjE8ey/puXSSUoMA4vYH9pOdlVrx/5X3XQbymjyd7E SJ7ZNMxzNIQcJ0dJCrW3p0svpijFUiMFb1znAYN5vCXEceJbz2ss576JjMtdkg== X-Gm-Gg: AZuq6aLtXYs7hnD8e6jqRC2yEijDjBkLSKI7mbBJL+G2xRrW0pYPOxHbVGNtirZ2JNt minkitfgyix3bmhW0d/iksocZsdv6E6bS2IdiEeAbGHntHITvPB2HfWSGtEUV54PhZxeWYmd+9G WwN6TeTkHOzUCrScgAKyDEDjSTTaMlS3jl6ji2Px0ixf+yRM22IJ32TVSENz9TmFax2Nk12F/eu ogJ5AsEpn4U7O6ubO/V/ptvBE2UzixTL3RBtCLWTiRs88jYRBtqgstZIjuzVToGtIaM85x+D6og 4PCmxt9WGlIIc7S8l0UwG4sC6WOJk1Bzkop7D45F2f93A187DpmQgjwcsoasA+pZtRYDQzrywcY Ql2Upl89JAdiyvTV8EMlsqSr2tiObgcJpcOD9e+cLGUASs5W0NYYIpSQ2rCIQBw7GauNJkdvhE2 c4fXZPcZ86 X-Received: by 2002:a05:600c:4443:b0:475:dd8d:2f52 with SMTP id 5b1f17b1804b1-482db4a317bmr178467815e9.32.1770066845815; Mon, 02 Feb 2026 13:14:05 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:05 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-gnome][whinlatter][PATCH 05/15] gimp: update 3.0.6 -> 3.0.8 Date: Mon, 2 Feb 2026 22:13:51 +0100 Message-ID: <20260202211401.1287664-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124078 From: Markus Volk - remove cve fixes which are included in this release - remove the fix for bzip2. meson.build was improved so this is not required anymore - inherit bash-completion This releases contains a lot of bugfixes. The below list is not exhaustive. Core: - Font handling improvements: * Font loading on start massively sped up. * As an exception, Skia font family (apparently quite common on macOS) is special-cased because it behaves weirdly and was not working with current font handling. * Various other fixes related to font handling. * We now wait for fonts to be fully loaded before loading any file. - Command Line Interface: * Option -i / --no-interface is not shown anymore on `gimp-console` binary (it can still be used — it does nothing there anyway —, which allows to use the same sets of option with the GUI binary, and also so that existing shell scripts don't break). * Option --show-debug-menu is not hidden anymore for discoverability. * The `gimp-3.0` executable can now run with --no-interface even when no display is available (ex: virtual terminal with no window manager/compositor, containers, etc.). This used to only work with `gimp-console-3.0` executable. - Windows: * output CLI messages to the parent console like Linux and macOS. * Ctrl+C signals are now correctly handled in the attached console. * The attached console supports color too. * Interpreters are run conditionally if running in console. - macOS: default to "quartz" Input Method for emoji keyboard support. - Wayland: wait before we get our first surface before listing input devices to work around a Wayland limitation and GTK bug. - Default "Search" feature in GTK3 is now disabled in the component editor in the Channels dockable. - Several fixes related to Quick Mask handling. - Fixed some cases where config migration from GIMP 2 to GIMP 3 was problematic. - Several buggy undo cases were fixed. - Several fixes related to pass-through group layers. - Export will now be properly triggered even if no drawables are selected (this is not a requirement anymore with GIMP 3 API). - Path import and export respectively from and to SVG improved. - Serialize colors in legacy GimpRGB format into a XCF when the XCF version is older than GIMP 3 for backward compatibility. Tools: - Symmetry: fix initial stroke symmetry when using pixmap brushes. - Move tool: fixed weird position jumps in some cases. Graphical User Interface: - Center buttons in overlay dialogs. - Headerbar's (when titlebar and menubar are merged) button colors now match our theme. - Dialogs' header icon and view will now scale based on custom icon size. - Resize dialog: Canvas Size fill combo set to insensitive if layers won't be resized. - Navigation and Selection editor will now properly match the theme (in particular, in dark mode, they won't show large bright area). - Do not show outlines when hovering the absent "Fx" icon anymore, which was confusing people into making it look like you could click and interact with this empty area. Plug-ins: - Fixes on: OpenRaster export, TIFF import, Map Object, PDF export, Gradient Flare, ANI export, Script-Fu, DDS export, Fractal Explorer, PSP import, ICO import, XWD import, PSD import, WebP export, ICNS import, Gimpressionist, JPEG 2000 import, Busy Dialog. - Scale entries have been replaced by spin scale widgets in a bunch of plug-ins. - Fixed vulnerabilities: ZDI-CAN-28376, ZDI-CAN-28311, ZDI-CAN-28273, ZDI-CAN-28158, ZDI-CAN-28232, ZDI-CAN-28265, ZDI-CAN-28530, ZDI-CAN-28248, PSP issue 15732. - Script-Fu improved to not initialize UI code unnecessarily (and therefore make it unusable on systems without a display). API: - libgimp: * Fixes where made in libgimp metadata object. * Make GExiv2Metadata as parent of GimpMetadata visible to Gobject-Introspection tools (bindings were missing this information). * Fixes made on: gimp_drawable_get_thumbnail(), gimp_drawable_get_sub_thumbnail(), gimp_drawable_filter_new(), gimp_proc_view_new(), gimp_procedure_set_sensitivity_mask(), gimp_procedure_dialog_get_spin_scale(). * Remove thumbnail metadata before writing it on export, to make sure we don't cary on metadata written by other software in thumbnails. - libgimpconfig: * Improve error messaging on config deserialization. * Fix gimp_config_serialize_value() when serializing file objects. * New functions: gimp_config_get_xcf_version() and gimp_config_set_xcf_version(). - libgimpcolor: * gimp_color_is_perceptually_identical() docs clarified. - libgimpbase: * The host config directory is now shown in MSIX. * The host config directory is now shown in flatpak. - libgimpwidgets: * Fixes made on: GimpLabelEntry, gimp_widget_free_native_handle(). - libgimpcolor: * New function: gimp_cairo_surface_get_buffer() * Deprecated function: gimp_cairo_surface_create_buffer() in favor of gimp_cairo_surface_get_buffer(). The function implementation was also changed so that it does not necessarily return a linear-memory backed buffer anymore (it might, but developers should not have any expectation about this). Build: - Third-party binary plug-in support in the Snap backported from the original third-party snap. - Snap package for release is now created and submitted on a release pipeline. - Release URLs added to AppStream metadata. - We do not build GEGL with Matting Levin for Windows builds anymore because of crashes. - Flatpak nightly builds will now show a pseudo-release visible with `flatpak list`, showing proper version information. - Windows installer now has a dark mode. - Update changelog on MS Store (MSIX) releases. - AppImage now ships with full MIDI support. - Make it clearer that GExiv2 0.15.0 and over are incompatible (because of API breakage). - Improve build to ensure that the language list (shown in Preferences) is localized during compilation. This also means that a build machine should be set up for localization at build time when optional language selection is enabled. - We now require the generic C++14 standard, and not the GNU variant anymore. - MSVC support added. - Various tweaks which used to be required to make packages work as relocatable builds were dropped since babl and GEGL now have a relocatable option working also on Linux. - The `man` page of GIMP binaries was updated. - The `gimp-console` binary is now shipped in the Flatpak. - macOS pipeline added in our Gitlab CI. - Make sure that harfbuzz is built with libgraphite2 shaper on macOS. - Generate file associations for macOS automatically. - A Bash completion file was added for `gimp` and `gimp-console` binaries. Signed-off-by: Markus Volk Signed-off-by: Khem Raj (cherry picked from commit f8fcc9ccf529455c992e79fc13e77dfc1a8dd9d9) Signed-off-by: Gyorgy Sarvari --- .../0001-gimp-cross-compile-fix-for-bz2.patch | 30 ----- .../gimp/gimp/CVE-2025-14422.patch | 66 ----------- .../gimp/gimp/CVE-2025-14423.patch | 106 ------------------ .../gimp/gimp/CVE-2025-14424.patch | 34 ------ .../gimp/gimp/CVE-2025-14425.patch | 79 ------------- .../gimp/{gimp_3.0.6.bb => gimp_3.0.8.bb} | 9 +- 6 files changed, 2 insertions(+), 322 deletions(-) delete mode 100644 meta-gnome/recipes-gimp/gimp/gimp/0001-gimp-cross-compile-fix-for-bz2.patch delete mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14422.patch delete mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14423.patch delete mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14424.patch delete mode 100644 meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14425.patch rename meta-gnome/recipes-gimp/gimp/{gimp_3.0.6.bb => gimp_3.0.8.bb} (92%) diff --git a/meta-gnome/recipes-gimp/gimp/gimp/0001-gimp-cross-compile-fix-for-bz2.patch b/meta-gnome/recipes-gimp/gimp/gimp/0001-gimp-cross-compile-fix-for-bz2.patch deleted file mode 100644 index 380e425f25..0000000000 --- a/meta-gnome/recipes-gimp/gimp/gimp/0001-gimp-cross-compile-fix-for-bz2.patch +++ /dev/null @@ -1,30 +0,0 @@ -From a7e40e19d17404cf5ec4135fc1becd5a90f5e1e1 Mon Sep 17 00:00:00 2001 -From: Markus Volk -Date: Wed, 25 Dec 2024 07:27:04 +0100 -Subject: [PATCH] gimp: cross-compile fix for bz2 - -autotools bzip2 build does not create pkgconfig files so looking for the dependency fails. - -Signed-off-by: Markus Volk - -Upstream-Status: Inappropriate [can probably be removed once bzip2 is built with meson or cmake] ---- - meson.build | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index 4e48f8c64c..d5dce47015 100644 ---- a/meson.build -+++ b/meson.build -@@ -777,7 +777,7 @@ zlib = dependency('zlib') - zlib = dependency('zlib') - - # Compiler-provided headers can't be found in crossroads environment --if not meson.is_cross_build() -+if true - bz2 = cc.find_library('bz2') - else - bz2 = dependency('bzip2') --- -2.47.1 - diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14422.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14422.patch deleted file mode 100644 index 420e013916..0000000000 --- a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14422.patch +++ /dev/null @@ -1,66 +0,0 @@ -From 0a941cab81396d65a8ab547847f8c542039e214f Mon Sep 17 00:00:00 2001 -From: Gyorgy Sarvari -Date: Sun, 23 Nov 2025 16:43:51 +0000 -Subject: [PATCH] plug-ins: Fix ZDI-CAN-28273 - -From: Alx Sa - -Resolves #15286 -Adds a check to the memory allocation -in pnm_load_raw () with g_size_checked_mul () -to see if the size would go out of bounds. -If so, we don't try to allocate and load the -image. - -CVE: CVE-2025-14422 -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/4ff2d773d58064e6130495de498e440f4a6d5edb] -Signed-off-by: Gyorgy Sarvari ---- - plug-ins/common/file-pnm.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/plug-ins/common/file-pnm.c b/plug-ins/common/file-pnm.c -index 32a33a4..9d349e9 100644 ---- a/plug-ins/common/file-pnm.c -+++ b/plug-ins/common/file-pnm.c -@@ -674,7 +674,7 @@ load_image (GFile *file, - GError **error) - { - GInputStream *input; -- GeglBuffer *buffer; -+ GeglBuffer *buffer = NULL; - GimpImage * volatile image = NULL; - GimpLayer *layer; - char buf[BUFLEN + 4]; /* buffer for random things like scanning */ -@@ -708,6 +708,9 @@ load_image (GFile *file, - g_object_unref (input); - g_free (pnminfo); - -+ if (buffer) -+ g_object_unref (buffer); -+ - if (image) - gimp_image_delete (image); - -@@ -1060,6 +1063,7 @@ pnm_load_raw (PNMScanner *scan, - const Babl *format = NULL; - gint bpc; - guchar *data, *d; -+ gsize data_size; - gushort *s; - gint x, y, i; - gint start, end, scanlines; -@@ -1070,7 +1074,12 @@ pnm_load_raw (PNMScanner *scan, - bpc = 1; - - /* No overflow as long as gimp_tile_height() < 1365 = 2^(31 - 18) / 6 */ -- data = g_new (guchar, gimp_tile_height () * info->xres * info->np * bpc); -+ if (! g_size_checked_mul (&data_size, gimp_tile_height (), info->xres) || -+ ! g_size_checked_mul (&data_size, data_size, info->np) || -+ ! g_size_checked_mul (&data_size, data_size, bpc)) -+ CHECK_FOR_ERROR (FALSE, info->jmpbuf, _("Unsupported maximum value.")); -+ -+ data = g_new (guchar, data_size); - - input = pnmscanner_input (scan); - diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14423.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14423.patch deleted file mode 100644 index 50a0adfe89..0000000000 --- a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14423.patch +++ /dev/null @@ -1,106 +0,0 @@ -From a83e8c4ad8ffbce40aa9f9a0f49880e802ef7da1 Mon Sep 17 00:00:00 2001 -From: Gyorgy Sarvari -Date: Sun, 23 Nov 2025 04:22:49 +0000 -Subject: [PATCH] plug-ins: Fix ZDI-CAN-28311 - -From: Alx Sa - -Resolves #15292 -The IFF specification states that EHB format images -have exactly 32 colors in their palette. However, it -is possible for images in the wild to place an incorrect -palette size. This patch checks for this, and either limits -the palette size or breaks accordingly. - -CVE: CVE-2025-14423 -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/481cdbbb97746be1145ec3a633c567a68633c521] -Signed-off-by: Gyorgy Sarvari ---- - plug-ins/common/file-iff.c | 32 ++++++++++++++++++++++---------- - 1 file changed, 22 insertions(+), 10 deletions(-) - -diff --git a/plug-ins/common/file-iff.c b/plug-ins/common/file-iff.c -index d144a96..f087947 100644 ---- a/plug-ins/common/file-iff.c -+++ b/plug-ins/common/file-iff.c -@@ -337,7 +337,7 @@ load_image (GFile *file, - width = bitMapHeader->w; - height = bitMapHeader->h; - nPlanes = bitMapHeader->nPlanes; -- row_length = (width + 15) / 16; -+ row_length = ((width + 15) / 16) * 2; - pixel_size = nPlanes / 8; - aspect_x = bitMapHeader->xAspect; - aspect_y = bitMapHeader->yAspect; -@@ -375,6 +375,18 @@ load_image (GFile *file, - { - /* EHB mode adds 32 more colors. Each are half the RGB values - * of the first 32 colors */ -+ if (palette_size < 32) -+ { -+ g_set_error (error, G_FILE_ERROR, -+ g_file_error_from_errno (errno), -+ _("Invalid ILBM colormap size")); -+ return NULL; -+ } -+ else if (palette_size > 32) -+ { -+ palette_size = 32; -+ } -+ - for (gint j = 0; j < palette_size * 2; j++) - { - gint offset_index = j + 32; -@@ -386,7 +398,7 @@ load_image (GFile *file, - gimp_cmap[offset_index * 3 + 2] = - colorMap->colorRegister[j].blue / 2; - } -- /* EHB mode always has 64 colors */ -+ /* EHB mode always has 64 colors in total */ - palette_size = 64; - } - } -@@ -447,7 +459,7 @@ load_image (GFile *file, - { - guchar *pixel_row; - -- pixel_row = g_malloc (width * pixel_size * sizeof (guchar)); -+ pixel_row = g_malloc0 (width * pixel_size); - - /* PBM uses one byte per pixel index */ - if (ILBM_imageIsPBM (true_image)) -@@ -459,7 +471,7 @@ load_image (GFile *file, - else - deleave_rgb_row (bitplanes, pixel_row, width, nPlanes, pixel_size); - -- bitplanes += (row_length * 2 * nPlanes); -+ bitplanes += (row_length * nPlanes); - - gegl_buffer_set (buffer, GEGL_RECTANGLE (0, y_height, width, 1), 0, - NULL, pixel_row, GEGL_AUTO_ROWSTRIDE); -@@ -528,7 +540,7 @@ deleave_ham_row (const guchar *gimp_cmap, - /* Deleave rows */ - for (gint i = 0; i < row_length; i++) - { -- for (gint j = 0; j < 8; j++) -+ for (gint j = 0; j < nPlanes; j++) - { - guint8 bitmask = (1 << (8 - j)) - (1 << (7 - j)); - guint8 control = 0; -@@ -590,11 +602,11 @@ deleave_ham_row (const guchar *gimp_cmap, - } - - static void --deleave_rgb_row (IFF_UByte *bitplanes, -- guchar *pixel_row, -- gint width, -- gint nPlanes, -- gint pixel_size) -+deleave_rgb_row (IFF_UByte *bitplanes, -+ guchar *pixel_row, -+ gint width, -+ gint nPlanes, -+ gint pixel_size) - { - gint row_length = ((width + 15) / 16) * 2; - gint current_pixel = 0; diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14424.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14424.patch deleted file mode 100644 index e7821d3109..0000000000 --- a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14424.patch +++ /dev/null @@ -1,34 +0,0 @@ -From d30875b606085316b1cb7ac1da0d26e5bac0cf2c Mon Sep 17 00:00:00 2001 -From: Gyorgy Sarvari -Date: Thu, 13 Nov 2025 18:26:51 -0500 -Subject: [PATCH] app: fix #15288 crash when loading malformed xcf - -From: Jacob Boerema - -ZDI-CAN-28376 vulnerability - -Add extra tests to not crash on a NULL g_class. - -CVE: CVE-2025-14424 -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/5cc55d078b7fba995cef77d195fac325ee288ddd] -Signed-off-by: Gyorgy Sarvari ---- - app/core/gimpitemlist.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/app/core/gimpitemlist.c b/app/core/gimpitemlist.c -index 6473938..a431519 100644 ---- a/app/core/gimpitemlist.c -+++ b/app/core/gimpitemlist.c -@@ -345,7 +345,10 @@ gimp_item_list_named_new (GimpImage *image, - g_return_val_if_fail (GIMP_IS_IMAGE (image), NULL); - - for (iter = items; iter; iter = iter->next) -- g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL); -+ { -+ g_return_val_if_fail (iter->data && ((GTypeInstance*) (iter->data))->g_class, NULL); -+ g_return_val_if_fail (g_type_is_a (G_OBJECT_TYPE (iter->data), item_type), NULL); -+ } - - if (! items) - { diff --git a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14425.patch b/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14425.patch deleted file mode 100644 index 44e9587570..0000000000 --- a/meta-gnome/recipes-gimp/gimp/gimp/CVE-2025-14425.patch +++ /dev/null @@ -1,79 +0,0 @@ -From 042e27792026460badbe49664c02fe181e95cb2b Mon Sep 17 00:00:00 2001 -From: Gyorgy Sarvari -Date: Wed, 12 Nov 2025 13:25:44 +0000 -Subject: [PATCH] plug-ins: Mitigate ZDI-CAN-28248 for JP2 images - -From: Alx Sa - -Resolves #15285 -Per the report, it's possible to exceed the size of the pixel buffer -with a high precision_scaled value, as we size it to the width * bpp. -This patch includes precision_scaled in the allocation calculation. -It also adds a g_size_checked_mul () check to ensure there's no -overflow, and moves the pixel and buffer memory freeing to occur -in the out section so that it always runs even on failure. - -CVE: CVE-2025-14425 -Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gimp/-/commit/cd1c88a0364ad1444c06536731972a99bd8643fd] -Signed-off-by: Gyorgy Sarvari ---- - plug-ins/common/file-jp2-load.c | 23 ++++++++++++++++------- - 1 file changed, 16 insertions(+), 7 deletions(-) - -diff --git a/plug-ins/common/file-jp2-load.c b/plug-ins/common/file-jp2-load.c -index 064b616..604313a 100644 ---- a/plug-ins/common/file-jp2-load.c -+++ b/plug-ins/common/file-jp2-load.c -@@ -1045,14 +1045,15 @@ load_image (GimpProcedure *procedure, - GimpColorProfile *profile = NULL; - GimpImage *gimp_image = NULL; - GimpLayer *layer; -+ GeglBuffer *buffer = NULL; -+ guchar *pixels = NULL; -+ gsize pixels_size; - GimpImageType image_type; - GimpImageBaseType base_type; - gint width; - gint height; - gint num_components; -- GeglBuffer *buffer; - gint i, j, k, it; -- guchar *pixels; - const Babl *file_format; - gint bpp; - GimpPrecision image_precision; -@@ -1318,7 +1319,15 @@ load_image (GimpProcedure *procedure, - bpp = babl_format_get_bytes_per_pixel (file_format); - - buffer = gimp_drawable_get_buffer (GIMP_DRAWABLE (layer)); -- pixels = g_new0 (guchar, width * bpp); -+ -+ if (! g_size_checked_mul (&pixels_size, width, (bpp * (precision_scaled / 8)))) -+ { -+ g_set_error (error, GIMP_PLUG_IN_ERROR, 0, -+ _("Defined row size is too large in JP2 image '%s'."), -+ gimp_file_get_utf8_name (file)); -+ goto out; -+ } -+ pixels = g_new0 (guchar, pixels_size); - - for (i = 0; i < height; i++) - { -@@ -1344,13 +1353,13 @@ load_image (GimpProcedure *procedure, - gegl_buffer_set (buffer, GEGL_RECTANGLE (0, i, width, 1), 0, - file_format, pixels, GEGL_AUTO_ROWSTRIDE); - } -- -- g_free (pixels); -- -- g_object_unref (buffer); - gimp_progress_update (1.0); - - out: -+ if (pixels) -+ g_free (pixels); -+ if (buffer) -+ g_object_unref (buffer); - if (profile) - g_object_unref (profile); - if (image) diff --git a/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb b/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb similarity index 92% rename from meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb rename to meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb index fa192555bc..a5e892c508 100644 --- a/meta-gnome/recipes-gimp/gimp/gimp_3.0.6.bb +++ b/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb @@ -46,7 +46,7 @@ DEPENDS:append:libc-musl = " libexecinfo" LDFLAGS:append:libc-musl = " -lexecinfo" -inherit meson gtk-icon-cache mime-xdg pkgconfig gettext gobject-introspection vala +inherit meson gtk-icon-cache mime-xdg pkgconfig gettext gobject-introspection vala bash-completion GIR_MESON_OPTION = 'can-crosscompile-gir' VALA_MESON_OPTION = "vala" @@ -57,16 +57,11 @@ GIDOCGEN_MESON_ENABLE_FLAG = "enabled" GIDOCGEN_MESON_DISABLE_FLAG = "disabled" SRC_URI = "https://download.gimp.org/gimp/v3.0/${BP}.tar.xz \ - file://0001-gimp-cross-compile-fix-for-bz2.patch \ file://0002-meson.build-reproducibility-fix.patch \ file://0001-meson.build-dont-check-for-lgi.patch \ file://0001-meson.build-require-iso-codes-native.patch \ - file://CVE-2025-14422.patch \ - file://CVE-2025-14423.patch \ - file://CVE-2025-14424.patch \ - file://CVE-2025-14425.patch \ " -SRC_URI[sha256sum] = "246c225383c72ef9f0dc7703b7d707084bbf177bd2900e94ce466a62862e296b" +SRC_URI[sha256sum] = "feb498acc01b26827cff1ff95aa8fb82cdd6a60d7abf773cfcd19abeafca3386" PACKAGECONFIG[aa] = "-Daa=enabled,-Daa=disabled,aalib" PACKAGECONFIG[alsa] = "-Dalsa=enabled,-Dalsa=disabled,alsa-lib" From patchwork Mon Feb 2 21:13:52 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80288 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F980E7FDE4 for ; Mon, 2 Feb 2026 21:14:10 +0000 (UTC) Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1565.1770066848138946437 for ; Mon, 02 Feb 2026 13:14:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=QoDcoPh9; spf=pass (domain: gmail.com, ip: 209.85.221.50, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-4359249bbacso101172f8f.0 for ; Mon, 02 Feb 2026 13:14:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066846; x=1770671646; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WkvszOsFlcL462+M/rvk0apByoITa+uutHQrkvCykS8=; b=QoDcoPh9pW1zP83IFuWOmMT4Vwvvbjng0NFcgT4UhSkora4wyrXaTiuqttk5vKLhEc APYvsENSzYG57/zLCN1mxDxc93av5wignTZdisUlZGXWP3pWxnMfKXgNznfFQii27TJP 5Gh3Dcz2tW1zDj1gJkcyMxuuJ3zxO0/WEFzWSXBqFNhGt5q6gZpda0VQ13EJ3DtD+qXl ROa2C0xAC05EpJhYHvUTsI7jYSFLbxRJn9hrfWblc18TeE4yl25X0RuT50Knqc7sY5DE rh1H9ccG6ynra3Q4zQJ1Tk4UOsC8sihZrwck4H0sW4vxF662+pneGQzXee46bj7mKNl2 BmAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066846; x=1770671646; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=WkvszOsFlcL462+M/rvk0apByoITa+uutHQrkvCykS8=; b=KXFuIQScxzPEruDTS8DmxysFfSJ4k9GnapysFEFkTHRA24wG32QTQzMh51fH/X8Uu4 T+ztFFxk+EKSVVGdU+Tda/i33gyZAyOOoUu/wvw190zLBYooLRRK4LTpXvc3ld34DaYY CoQiVXAmDiS9MP5lFGfZcw1ZcAhbdbeVr0lpjUATrNpj4iMFsGJlMGdGJQEylAYcCgVG I80eTukbNJk1v7qq8WrcE3XxrhT2LljHCgHCMN4SNJ1BxQpXYKcNcShuVfHlJtZJ4ltT Q0VNhxLC3pjsVYhYRu4OB7yCPGmwGYHDEurVWWBrOoBiwz25V0vwrtT0u3NaM5Ij8qJ6 aAtw== X-Gm-Message-State: AOJu0YwdEefzQuxXEXF4HoKscIwnO13dEGCAUaYSig8u2jR8yvHHt4x0 UYxniJWLcz0tj9Upf9L9KdTupbX8V8sXpyq4ce5ZezGvyqco92z/uypZIpbcmA== X-Gm-Gg: AZuq6aKJ3bo1L1NrByfjohKrwNcXf1UEFOkuQ8LX2pwWUaOxA29E/wVBePKzT0rpAKg ZDIKVRJ6aqucB/4AV0EN2BU2m5wSGb1cgRsVZwMpG5cyAgD3PM0zYGRMNviCM38X71/DZU15T6a 7HeKSRia4rpH0oRdpkAHGiVLHEy9f5n0pBQRxaLu3hdatUhLYVLn/JwOQPUancT2cBRhysQo4tq iy3spxIObmmO8dKPb5jhmntju9CybEwVTKhe7B2AWvURp96pAV3ysKrOZfOFMOsCFPLKaJXAwCI vOCgDzwI+tizi58Le3/iTdLNa856O6xEVeYNQjg//SvbOnf2k3Kv91HLdD8GmPieyE2qSygemxT LCPEqwA5WDsIUN/VIELbcfW11Ye4ki1OAeoTuKHYLvB7LQe94kTTb6R2Tzu0es88CrwNhgB7xJR 5K3Nzf2TiC X-Received: by 2002:a05:6000:1886:b0:432:59d4:f54a with SMTP id ffacd0b85a97d-4361145433amr1321831f8f.30.1770066846406; Mon, 02 Feb 2026 13:14:06 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:06 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-gnome][whinlatter][PATCH 06/15] gimp: mark CVE-2025-15059 patched Date: Mon, 2 Feb 2026 22:13:52 +0100 Message-ID: <20260202211401.1287664-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124079 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15059 The patch that is referenced by the NVD report has been backported[1] to the recipe version, and is included already. [1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/c9eb407485f6c085adf70c8a334f75ea31565c60 Signed-off-by: Gyorgy Sarvari --- meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb b/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb index a5e892c508..863d9a1667 100644 --- a/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb +++ b/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb @@ -134,3 +134,4 @@ RDEPENDS:${PN} = "mypaint-brushes-1.0 glib-networking python3-pygobject" CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux" CVE_STATUS[CVE-2025-8672] = "not-applicable-config: the vulnerability only affects MacOS" +CVE_STATUS[CVE-2025-15059] = "fixed-version: The issue is fixed since v3.0.8" From patchwork Mon Feb 2 21:13:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80287 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09371E7FDD0 for ; Mon, 2 Feb 2026 21:14:10 +0000 (UTC) Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1566.1770066848821200716 for ; Mon, 02 Feb 2026 13:14:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=jpm55B9T; spf=pass (domain: gmail.com, ip: 209.85.221.47, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f47.google.com with SMTP id ffacd0b85a97d-435a11957f6so3877831f8f.0 for ; Mon, 02 Feb 2026 13:14:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066847; x=1770671647; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=stzEBFp1fg99O8uaThGeNgmM4LNtbrI2U83i23v23fs=; b=jpm55B9TypMccod12J4vYlKLzgtTQEFgGP3IiWdj9flqPBMqc6T3uDsYVFFwfPfGVP bogs17WHhLtLVfCuf27tleN5FHXb0JJnK5mIa7SFNBhJtPdxVo19V/2d8d5WfRxE2LgD dkZ6E/apl3ZStBFXNLBeVIVPYCvgwLv4OG+IHXsvNcK5LmbxcgFl7jMVJFBNYb+VGqg0 sjcY9K4/+DWjqRSjbLKXsKEJu67v7ytnG/i8wPveEBttQPZHcyBIC289Z741LjgueFOg /hDTYNIIOUhs7IwoTL6NHK1Rr1K3XMp/RFyTv5+9zSY/416EdgZDnEMmtibX5Dx6DyV8 U2WQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066847; x=1770671647; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=stzEBFp1fg99O8uaThGeNgmM4LNtbrI2U83i23v23fs=; b=O+oGuDStlCcvxOvjD1B3Bv0qV238lswXK++PC7r6xAJVYPXc6xm5a4PPKFRkAHebCD TIweyyjv73o6EAmJvimrMkD73HPiQfKQDGtPrLrRZlFC0GrXOG6y5K6pngXhvLqwdL9K ukKoUrkLDuAQmjlM5CVBuD5lokaLOl9vBEZ6BYUMorSsCvSfvDsgnGnSW98pfDt7JyEQ EW7btfVibz+8DPmjxBf8fR9Ujr9QfwgzZUB1iTRnEw3Zwpum9LOJYBoYSVdpCjona9W0 h5qR4eVhMMcSZjbZZFts5Urov/Gs0kLQ8lN1Yupe4SPCcm7nmWC+dFguCiM7G5Er/QEC 1dLw== X-Gm-Message-State: AOJu0YzLDGA9fkbXE9mnOn1qXAJR8C2EwdTysOQYlipHMmg6CNYa1eLt Lxkj33VJ13S/Lza6qAF6vJU4jVK2tKnawZb5nb40YrlXACVcPu5qQjqzvNfNsw== X-Gm-Gg: AZuq6aLbKjOlOe19EMJEC3AvuXs7SiFviHkDIFuHWtF88Oxc0/CJ4MIviUuaj9O+vSU N172UhL/Y1srrr1tnMKnfWDhDyyUCkpEiP/bSwTwz9B0P86eFUxtoLu36CH1ZhcGqj5vWhl9ZUd VEVJYBIBzmZS8FIa8/3y5lTpUV0o3AoQTlVEm7YDmY9UvVhAmqs32YCGY/H1LzSOSTZdV6rgGcK 0iWPo5/wBsP6adHxAGpfRGzN6Qvjh23zIhppjRc5RBwPYeKezZ8XFg7Sc3lpzST1bKMuJX+yUKz Ul5CF9WVw1K98dIH8xqSWaolyTY4ALWs+QtH5zpaqpiCC0hiPlp/TgjhGhUsSPH+cuF8cUSVBnK //r0j9KaVe9dIIx5nZ6AH7o+bhbKkPiucMrezbedIvxBQNclGZSU5D4i+bmlg6qTAq4UcTXA7/s op2lYvd0KPt5AkokgdhAg= X-Received: by 2002:a05:6000:184f:b0:435:ad52:31e0 with SMTP id ffacd0b85a97d-435f3a7b7e6mr18905358f8f.16.1770066847041; Mon, 02 Feb 2026 13:14:07 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:06 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 07/15] gpsd: patch CVE-2025-67268 Date: Mon, 2 Feb 2026 22:13:53 +0100 Message-ID: <20260202211401.1287664-7-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124080 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-67268 Pick the patch that is referenced by the NVD advisory. The original commit also contains a lot of commenting style changes (// vs /* */) and whitespace changes which were removed from the backport. Signed-off-by: Gyorgy Sarvari --- .../gpsd/gpsd/CVE-2025-67268.patch | 97 +++++++++++++++++++ .../recipes-navigation/gpsd/gpsd_3.26.1.bb | 1 + 2 files changed, 98 insertions(+) create mode 100644 meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67268.patch diff --git a/meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67268.patch b/meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67268.patch new file mode 100644 index 0000000000..d32e5095e2 --- /dev/null +++ b/meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67268.patch @@ -0,0 +1,97 @@ +From 6045f465f3ab253e1075b5b3666fd95ede4fb848 Mon Sep 17 00:00:00 2001 +From: "Gary E. Miller" +Date: Tue, 2 Dec 2025 19:36:04 -0800 +Subject: [PATCH] drivers/driver_nmea2000.c: Fix issue 356, skyview buffer + overrun. + +CVE: CVE-2025-67268 +Upstream-Status: Backport [https://github.com/ntpsec/gpsd/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4] +Signed-off-by: Gyorgy Sarvari +--- + drivers/driver_nmea2000.c | 50 ++++++++++++++++++++++++++------------- + 1 file changed, 33 insertions(+), 17 deletions(-) + +diff --git a/drivers/driver_nmea2000.c b/drivers/driver_nmea2000.c +index 71e04e1..6854b2d 100644 +--- a/drivers/driver_nmea2000.c ++++ b/drivers/driver_nmea2000.c +@@ -89,14 +89,14 @@ static int scale_int(int32_t var, const int64_t factor) + static void print_data(struct gps_context_t *context, + unsigned char *buffer, int len, PGN *pgn) + { +- if ((libgps_debuglevel >= LOG_IO) != 0) { +- int l1, l2, ptr; ++ if (LOG_IO <= libgps_debuglevel) { ++ int l1; + char bu[128]; + +- ptr = 0; +- l2 = sprintf(&bu[ptr], "got data:%6u:%3d: ", pgn->pgn, len); ++ int ptr = 0; ++ int l2 = sprintf(&bu[ptr], "got data:%6u:%3d: ", pgn->pgn, len); + ptr += l2; +- for (l1=0;l1errout, "%s\n", bu); + ptr = 0; +@@ -434,6 +434,7 @@ static gps_mask_t hnd_129540(unsigned char *bu, int len, PGN *pgn, + struct gps_device_t *session) + { + int l1; ++ int expected_len; + + print_data(session->context, bu, len, pgn); + GPSD_LOG(LOG_DATA, &session->context->errout, +@@ -441,24 +442,39 @@ static gps_mask_t hnd_129540(unsigned char *bu, int len, PGN *pgn, + + session->driver.nmea2000.sid[2] = bu[0]; + session->gpsdata.satellites_visible = (int)bu[2]; ++ if (MAXCHANNELS <= session->gpsdata.satellites_visible) { ++ // Handle a CVE for overrunning skyview[] ++ GPSD_LOG(LOG_WARN, &session->context->errout, ++ "pgn %6d(%3d): Too many sats %d\n", ++ pgn->pgn, session->driver.nmea2000.unit, ++ session->gpsdata.satellites_visible); ++ session->gpsdata.satellites_visible = MAXCHANNELS; ++ } ++ expected_len = 3 + (12 * session->gpsdata.satellites_visible); ++ if (len != expected_len) { ++ GPSD_LOG(LOG_WARN, &session->context->errout, ++ "pgn %6d(%3d): wrong length %d s/b %d\n", ++ pgn->pgn, session->driver.nmea2000.unit, ++ len, expected_len); ++ return 0; ++ } + + memset(session->gpsdata.skyview, '\0', sizeof(session->gpsdata.skyview)); +- for (l1=0;l1gpsdata.satellites_visible;l1++) { +- int svt; +- double azi, elev, snr; +- +- elev = getles16(bu, 3+12*l1+1) * 1e-4 * RAD_2_DEG; +- azi = getleu16(bu, 3+12*l1+3) * 1e-4 * RAD_2_DEG; +- snr = getles16(bu, 3+12*l1+5) * 1e-2; ++ for (l1 = 0; l1 < session->gpsdata.satellites_visible; l1++) { ++ int offset = 3 + (12 * l1); ++ double elev = getles16(bu, offset + 1) * 1e-4 * RAD_2_DEG; ++ double azi = getleu16(bu, offset + 3) * 1e-4 * RAD_2_DEG; ++ double snr = getles16(bu, offset + 5) * 1e-2; + +- svt = (int)(bu[3+12*l1+11] & 0x0f); ++ int svt = (int)(bu[offset + 11] & 0x0f); + +- session->gpsdata.skyview[l1].elevation = (short) (round(elev)); +- session->gpsdata.skyview[l1].azimuth = (short) (round(azi)); ++ session->gpsdata.skyview[l1].elevation = elev; ++ session->gpsdata.skyview[l1].azimuth = azi; + session->gpsdata.skyview[l1].ss = snr; +- session->gpsdata.skyview[l1].PRN = (short)bu[3+12*l1+0]; ++ session->gpsdata.skyview[l1].PRN = (int16_t)bu[offset]; + session->gpsdata.skyview[l1].used = false; +- if ((svt == 2) || (svt == 5)) { ++ if ((2 == svt) || ++ (5 == svt)) { + session->gpsdata.skyview[l1].used = true; + } + } diff --git a/meta-oe/recipes-navigation/gpsd/gpsd_3.26.1.bb b/meta-oe/recipes-navigation/gpsd/gpsd_3.26.1.bb index e4a571daa6..6462d7b6f2 100644 --- a/meta-oe/recipes-navigation/gpsd/gpsd_3.26.1.bb +++ b/meta-oe/recipes-navigation/gpsd/gpsd_3.26.1.bb @@ -9,6 +9,7 @@ HOMEPAGE = "https://gpsd.io/" SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.gz \ file://gpsd.init \ + file://CVE-2025-67268.patch \ " SRC_URI[sha256sum] = "dc7e465968c1540e61bc57c7586d6a57a0047212a014efdad348f907bc2e0990" From patchwork Mon Feb 2 21:13:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80293 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 50C4DE7FDEA for ; Mon, 2 Feb 2026 21:14:10 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1613.1770066849449615290 for ; Mon, 02 Feb 2026 13:14:09 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=lFj/KzYD; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-4801c2fae63so37469915e9.2 for ; Mon, 02 Feb 2026 13:14:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066848; x=1770671648; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MUzv2raovme3wCTIkYEIifXF9lsdD2hGhxW58dQ1MRI=; b=lFj/KzYDWdBVZRFtAd5XRcbNRD9fTgD2cPIDWQzzd7eu8MwdM9gdBmqazBqdfsO1aB j28zFqERua3R03ATT+w2VaAs0xl8YPb5FEhQ9vxup7f3T1Svzg+8CaUB0ltSJtj30V0c ERyonnfzvWnBr3xOQx1Igqbcs4+FNtrPrXOlh3U8tjUUhVRTtTtXty9qi8XXiDA/SSoR RTpdFiUPRtVmlis6WbwtAAjnk5wTjT3GLa8sdeLS8oNmjdgyEh91qh24b3dKMhNqOq3s +zLCz+rXrFqxJmahUxYkj0SCetHDqjMw/RBCwAkCbIXKwqpqq37P6BLhTCMkYTm36ocj S36Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066848; x=1770671648; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=MUzv2raovme3wCTIkYEIifXF9lsdD2hGhxW58dQ1MRI=; b=JLREVfcNpYeCrZ023/ZrQLk97aHYsFSZh8FfktVko4prGDglXUhyWoUE24gDJ2fKdZ iZfqky3xRkiEk56kTO+wx6PQCfWOfOKlcNN9TmpIvIocCo27scx2KERNALXOalatoQwR Oxp+sAA6yw0kSxZz0XamVyspu8wGQww5UX70+5X+dOPjqFfoOf/P746g9HXs1tzEHQCr YB0MEAj2MKRetK+D+x9UYek8SVyKBwE6+taxRPh1Pk3mMXt358OBNCL4+HNMsGk3k8nW aDOcXdOTIXMlzKCHSWbbsJtbvkIoWKYZg5nBYWCEeeavIPDtMhmrBbCMx2GMjf70F01X wUoA== X-Gm-Message-State: AOJu0YwnMKRUlxwgxzXorexxI12cuy4SUGRo+3/lkhmQmzZDfuPcPKff MW+9idZPN+wzT+zwGWOK+kemZ9TQTIrwbE7FcgBNTK7HcDzY0KA18DxooggEnw== X-Gm-Gg: AZuq6aIPajTefdL43chODYAy48SS/h1NhsoofQ2RxfVTwTWm6TFdFQiGIYxWSuvnoVh NOLyLnDe4PxQMRvjrVU/Ep6MTTVJ6iwlf22/1jJnQC0Fl5PbYRzuph3feiIYGubnYxfpgIyNoRw UFprNbLJ5C9aktXCOEAmObnW8QLiRqLdN78UQXyFirWtsdvhpfvV2G4L0HPFrzyD9dncTJBScDA 1iR8q4/F2VU7r+D7uBE16Od6VFr6W+MdRAZnj0LHP5edOspxN5e046FDwct+WBdVkQleDPN8cZB 6yUs3EpObPBY0llP4VtDpvD8ipRCX5aCBaF4AnZhrWVWXwdH7vRsSPurDCkdYbXp/du9RMAnTFr LAvIY/Fc3tZakNI2H0qnnhl4yTZcPPuDaxCoRPZ8gU/JXxHoeQjWJQG+UG4Nz0qG7VuXBlltbJv 4vmrho7oZv X-Received: by 2002:a05:600c:4591:b0:477:9cdb:e337 with SMTP id 5b1f17b1804b1-482db4477a4mr166778035e9.7.1770066847670; Mon, 02 Feb 2026 13:14:07 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:07 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 08/15] gpsd: patch CVE-2025-67269 Date: Mon, 2 Feb 2026 22:13:54 +0100 Message-ID: <20260202211401.1287664-8-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:10 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124081 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-67269 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../gpsd/gpsd/CVE-2025-67269.patch | 158 ++++++++++++++++++ .../recipes-navigation/gpsd/gpsd_3.26.1.bb | 1 + 2 files changed, 159 insertions(+) create mode 100644 meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67269.patch diff --git a/meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67269.patch b/meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67269.patch new file mode 100644 index 0000000000..1c6e2b58e7 --- /dev/null +++ b/meta-oe/recipes-navigation/gpsd/gpsd/CVE-2025-67269.patch @@ -0,0 +1,158 @@ +From 5c8490b32eb8e8d78e054851300cdebefd1c2e5a Mon Sep 17 00:00:00 2001 +From: "Gary E. Miller" +Date: Wed, 3 Dec 2025 19:04:03 -0800 +Subject: [PATCH] gpsd/packet.c: Fix integer underflow is malicious Navcom + packet + +Causes DoS. Fix issue 358 + +CVE: CVE-2025-67269 +Upstream-Status: Backport [https://gitlab.com/gpsd/gpsd/-/commit/ffa1d6f40bca0b035fc7f5e563160ebb67199da7] +Signed-off-by: Gyorgy Sarvari +--- + gpsd/packet.c | 64 ++++++++++++++++++++++++++++++++++++++------------- + 1 file changed, 48 insertions(+), 16 deletions(-) + +diff --git a/gpsd/packet.c b/gpsd/packet.c +index f9a7db8..0c23500 100644 +--- a/gpsd/packet.c ++++ b/gpsd/packet.c +@@ -1141,18 +1141,22 @@ static bool nextstate(struct gps_lexer_t *lexer, unsigned char c) + #endif // SIRF_ENABLE || SKYTRAQ_ENABLE + #ifdef SIRF_ENABLE + case SIRF_LEADER_2: +- // first part of length +- lexer->length = (size_t) (c << 8); ++ // first part of length, MSB ++ lexer->length = (c & 0x7f) << 8; ++ if (lexer->length > MAX_PACKET_LENGTH) { ++ lexer->length = 0; ++ return character_pushback(lexer, GROUND_STATE); ++ } // else + lexer->state = SIRF_LENGTH_1; + break; + case SIRF_LENGTH_1: + // second part of length + lexer->length += c + 2; +- if (lexer->length <= MAX_PACKET_LENGTH) { +- lexer->state = SIRF_PAYLOAD; +- } else { ++ if (lexer->length > MAX_PACKET_LENGTH) { ++ lexer->length = 0; + return character_pushback(lexer, GROUND_STATE); +- } ++ } // else ++ lexer->state = SIRF_PAYLOAD; + break; + case SIRF_PAYLOAD: + if (0 == --lexer->length) { +@@ -1194,6 +1198,7 @@ static bool nextstate(struct gps_lexer_t *lexer, unsigned char c) + return character_pushback(lexer, GROUND_STATE); + } + if (MAX_PACKET_LENGTH < lexer->length) { ++ lexer->length = 0; + return character_pushback(lexer, GROUND_STATE); + } + lexer->state = SKY_PAYLOAD; +@@ -1376,14 +1381,29 @@ static bool nextstate(struct gps_lexer_t *lexer, unsigned char c) + } + break; + case NAVCOM_LEADER_3: ++ // command ID + lexer->state = NAVCOM_ID; + break; + case NAVCOM_ID: +- lexer->length = (size_t)c - 4; ++ /* Length LSB ++ * Navcom length includes command ID, length bytes. and checksum. ++ * So for more than just the payload length. ++ * Minimum 4 bytes */ ++ if (4 > c) { ++ return character_pushback(lexer, GROUND_STATE); ++ } ++ lexer->length = c; + lexer->state = NAVCOM_LENGTH_1; + break; + case NAVCOM_LENGTH_1: ++ // Length USB. Navcom allows payload length up to 65,531 + lexer->length += (c << 8); ++ // don't count ID, length and checksum in payload length ++ lexer->length -= 4; ++ if (MAX_PACKET_LENGTH < lexer->length) { ++ lexer->length = 0; ++ return character_pushback(lexer, GROUND_STATE); ++ } // else + lexer->state = NAVCOM_LENGTH_2; + break; + case NAVCOM_LENGTH_2: +@@ -1510,11 +1530,11 @@ static bool nextstate(struct gps_lexer_t *lexer, unsigned char c) + lexer->length += 2; // checksum + // 10 bytes is the length of the Zodiac header + // no idea what Zodiac max length really is +- if ((MAX_PACKET_LENGTH - 10) >= lexer->length) { +- lexer->state = ZODIAC_PAYLOAD; +- } else { ++ if ((MAX_PACKET_LENGTH - 10) < lexer->length) { ++ lexer->length = 0; + return character_pushback(lexer, GROUND_STATE); +- } ++ } // else ++ lexer->state = ZODIAC_PAYLOAD; + break; + case ZODIAC_PAYLOAD: + if (0 == --lexer->length) { +@@ -1549,6 +1569,7 @@ static bool nextstate(struct gps_lexer_t *lexer, unsigned char c) + lexer->state = UBX_LENGTH_2; + } else { + // bad length ++ lexer->length = 0; + return character_pushback(lexer, GROUND_STATE); + } + break; +@@ -1604,6 +1625,7 @@ static bool nextstate(struct gps_lexer_t *lexer, unsigned char c) + lexer->length += (c << 8); + if (MAX_PACKET_LENGTH <= lexer->length) { + // bad length ++ lexer->length = 0; + return character_pushback(lexer, GROUND_STATE); + } // else + +@@ -1841,16 +1863,16 @@ static bool nextstate(struct gps_lexer_t *lexer, unsigned char c) + lexer->state = GEOSTAR_MESSAGE_ID_2; + break; + case GEOSTAR_MESSAGE_ID_2: +- lexer->length = (size_t)c * 4; ++ lexer->length = c * 4; + lexer->state = GEOSTAR_LENGTH_1; + break; + case GEOSTAR_LENGTH_1: + lexer->length += (c << 8) * 4; +- if (MAX_PACKET_LENGTH >= lexer->length) { +- lexer->state = GEOSTAR_LENGTH_2; +- } else { ++ if (MAX_PACKET_LENGTH < lexer->length) { ++ lexer->length = 0; + return character_pushback(lexer, GROUND_STATE); +- } ++ } // else ++ lexer->state = GEOSTAR_LENGTH_2; + break; + case GEOSTAR_LENGTH_2: + lexer->state = GEOSTAR_PAYLOAD; +@@ -2160,6 +2182,16 @@ static bool nextstate(struct gps_lexer_t *lexer, unsigned char c) + #endif // STASH_ENABLE + } + ++ /* Catch length overflow. Should not happen. ++ * length is size_t, so underflow looks like overflow too. */ ++ if (MAX_PACKET_LENGTH <= lexer->length) { ++ GPSD_LOG(LOG_WARN, &lexer->errout, ++ "Too long: %zu state %u %s c x%x\n", ++ lexer->length, lexer->state, state_table[lexer->state], c); ++ // exit(255); ++ lexer->length = 0; ++ return character_pushback(lexer, GROUND_STATE); ++ } + return true; // no pushback + } + diff --git a/meta-oe/recipes-navigation/gpsd/gpsd_3.26.1.bb b/meta-oe/recipes-navigation/gpsd/gpsd_3.26.1.bb index 6462d7b6f2..91ae0ad20f 100644 --- a/meta-oe/recipes-navigation/gpsd/gpsd_3.26.1.bb +++ b/meta-oe/recipes-navigation/gpsd/gpsd_3.26.1.bb @@ -10,6 +10,7 @@ HOMEPAGE = "https://gpsd.io/" SRC_URI = "${SAVANNAH_GNU_MIRROR}/${BPN}/${BP}.tar.gz \ file://gpsd.init \ file://CVE-2025-67268.patch \ + file://CVE-2025-67269.patch \ " SRC_URI[sha256sum] = "dc7e465968c1540e61bc57c7586d6a57a0047212a014efdad348f907bc2e0990" From patchwork Mon Feb 2 21:13:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80297 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3AA0DE7FDE4 for ; Mon, 2 Feb 2026 21:14:20 +0000 (UTC) Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1615.1770066850121434227 for ; Mon, 02 Feb 2026 13:14:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=DDl/5WAc; spf=pass (domain: gmail.com, ip: 209.85.221.49, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-432d28870ddso3035511f8f.3 for ; Mon, 02 Feb 2026 13:14:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066848; x=1770671648; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6eaX0jysp4qXfmloCWXZmDDV2ZWVTGNDnnnDlFydAGI=; b=DDl/5WAc07Skz87NplcR2bPGe8bFja3ZItJMtTsxSvs8gqpRiHR87DgcSclG76TpTc 9edflOoQ+KxSt1PGic8YD2czeqx6d/L2/+fVaoOg/O7wTbjd3gtEGLjr5P0wKGX66J9f eHKHId9AM0g2M7DQtPBavCbmICS2WaIQWbYJwqCs0joTc0ohLtbN/wudxwck94XuexvY 1phACS141sDnYCZLMwQlweGxSIwxo0gAXDC2q/jpHyTBgDFSIihO3q7mbO0yA8eIsPYs juK5S7MNhGyqAfctWHUMEASnMS5sw3n7AL5W4MaNGK8chh5wtZWo3FFw8NHI+jhhcoBH GaEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066848; x=1770671648; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=6eaX0jysp4qXfmloCWXZmDDV2ZWVTGNDnnnDlFydAGI=; b=pPioarT9PoA+PmEZrvNkEXb/fUmnf2kfS8Uh0mWjB5kzGVx3kXtwPodMyWnLWdMOtm +Wygz9ZKbniBSTgdGRxLFm/4yM5oWGKs5YeJ4I700Ugbr6f8J1QnL3G5finDDTdKZ78Q vRYkGv14NfmdomAaw/1fU7eEs3LA0wXMsH6SctyxFRQCSb2XFG2/G5u0BczRcTp7anMs YhL+ZNWlg/q6TkaTEx/qGORYOGJF1dNJotfUGJ55jn899vgY9KeFZ04Qm4nEo91W9jUE Lcr2686uT3P3aHJVsEZuhSNT7fDC5sUOszjT9bLm+7I2FXnpcAvq9TMP6zN4OBYTqpPD M6ZA== X-Gm-Message-State: AOJu0YzTgq9L171FvbMbxcYZxJl8OTvK53AsEjuII+BGc/Z5PGKLpU4r aydXDN4Jjt/PGzs0hL5eEgrmHamqv1hoU97VVz8WHOhiZTyjQ6/SCnAg8u3heg== X-Gm-Gg: AZuq6aL78oP33kIRsGwWOpRr1tKEJTl2anfbEQjz4HvpfOQ8doW8K1+CVduERGTJ9q2 dTseiLFK0J1iyuBMKfHQRf9g/qqnH5j0eusTMhf1Ha4RLMQR+10oxQdHHxndgTfdr7XRFalZk7h YY+Z9O8ue0srRbO0l//jbWfGyIk6v6QM/3YGK8WKc6KZMou3LpnR9JzgFrYTKcJsrVh3ukZL+aW XYW78ZxnjFQSRHS5eRcJQJoxR63vuQcR3/uxNnge5lW8XBlEVE+lKR8Llgn3RUEyW7xGGAMYnT7 6W4F843DHwKjbglbqeCeLuhow0y4hjtORKoy45QMJ54wz7fyG/FHfVpW2LOHMQm/xYsXKYmOft2 i8QE9qTlXLBY5h6IdP4ixO8wWddS0KvNqsBL7DSa9cXP32Ja2JDyRDwjSMhMts1jbTeHkDc3UZE DGlzcPzHG8 X-Received: by 2002:a5d:64c7:0:b0:431:316:9212 with SMTP id ffacd0b85a97d-435f3a7c03cmr15232436f8f.6.1770066848352; Mon, 02 Feb 2026 13:14:08 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:07 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 09/15] imagemagick: upgrade 7.1.2-12 -> 7.1.2-13 Date: Mon, 2 Feb 2026 22:13:55 +0100 Message-ID: <20260202211401.1287664-9-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124082 From: Wang Mingyu License-Update: change license url to https://imagemagick.org/license/ Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj (cherry picked from commit c2b4809fe8bb2eaa3ce99807dcafae7aaa880f4b) Contains fixes for CVE-2026-22770, CVE-2026-23874, CVE-2026-23876 and CVE-2026-23952. Signed-off-by: Gyorgy Sarvari --- .../{imagemagick_7.1.2-12.bb => imagemagick_7.1.2-13.bb} | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) rename meta-oe/recipes-support/imagemagick/{imagemagick_7.1.2-12.bb => imagemagick_7.1.2-13.bb} (98%) diff --git a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-12.bb b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb similarity index 98% rename from meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-12.bb rename to meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb index b804c64cfb..e3f4a96d6f 100644 --- a/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-12.bb +++ b/meta-oe/recipes-support/imagemagick/imagemagick_7.1.2-13.bb @@ -4,8 +4,8 @@ HOMEPAGE = "https://www.imagemagick.org/" DESCRIPTION = "ImageMagick is a collection of tools for displaying, converting, and \ editing raster and vector image files. It can read and write over 200 image file formats." LICENSE = "ImageMagick" -LIC_FILES_CHKSUM = "file://LICENSE;md5=2f9de66264141265b203cde9902819ea \ - file://NOTICE;md5=bcbf1f1897b40ec8df39700cb560e9ed" +LIC_FILES_CHKSUM = "file://LICENSE;md5=1f56ade64cf079aff7232f7dbeaea992 \ + file://NOTICE;md5=3974428a57d34b981abb7acc416dde8f" # FIXME: There are many more checked libraries. All should be added or explicitly disabled to get consistent results. DEPENDS = "lcms bzip2 jpeg libpng tiff zlib fftw freetype libtool" @@ -17,7 +17,7 @@ SRC_URI = "git://github.com/ImageMagick/ImageMagick.git;branch=main;protocol=htt file://imagemagick-ptest.sh \ " -SRCREV = "bdd4fa561d7bf4c6afd40ee9c89e9f9e82b6e88b" +SRCREV = "dd991e286b96918917a3392d6dc3ffc0e6907a4e" inherit autotools pkgconfig update-alternatives ptest From patchwork Mon Feb 2 21:13:56 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80294 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 458D7E7FDE9 for ; Mon, 2 Feb 2026 21:14:20 +0000 (UTC) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1616.1770066850869837289 for ; Mon, 02 Feb 2026 13:14:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Hnp1VkEQ; spf=pass (domain: gmail.com, ip: 209.85.221.42, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-42fbc305882so3053720f8f.0 for ; Mon, 02 Feb 2026 13:14:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066849; x=1770671649; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hsZJdUI+jsoAGjUKXrSfqDtBesmONSa2h0/JcJZ6uQM=; b=Hnp1VkEQd3cKsbCQbnCwv6TKUhc9D/Hx7BLlf3rwHEnC5HXib2YQ8ysRZTKdBhVlP/ UfHHXNG62/YmU8AgQ7QktQxi9v29hBg4Rz9nUwbPJsgkUnZmTuVpcoDR6rSriZN2Alq9 SPqNpUFCIpurY5Ha2gp1YeWADgRT4alwC5CgLUud+dVwYPDAWV1vKseqTYEmiiyoDvJu LNubwbnq8GrCvK2bzmyyI18j+gcl19BhbQT9SEvvlWH/UXTUbe66YymO1aRp8WGAFyar dG5Ul8fE+XmMORSH+dH4K03jjlVEaYoL/qAu+AukXkrubooyqE1WY/EivPSj3NtFiIjp dM7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066849; x=1770671649; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hsZJdUI+jsoAGjUKXrSfqDtBesmONSa2h0/JcJZ6uQM=; b=pdMacwt+VVCrOPle9Ad5uN7tM97KmqWzFcTT2XsPsQgnjoKx4LPSsbsnBGSsgkivzq 1N8ZHXeh+7L6u3DY/gvx3Q+mBZcNnzaXDjEdWgsinNNJGrANLuS/27a8TrnbqDx259cf KWJ0YHe6MdgClzikKjAoQw59iZEkA6NUlz1XNSFcjQqm3wjXjWOemzVihbkYCUvvDTG9 mz/5VytOTjO5EqeTSTeHqBVlOXRR1iStOaf0mY8p1xMUGdv5t+71ErcWgHpx1FSC2E90 8dXu456+JFkwhs+iBsFKsXcQc4XFH1JTIEREgSDy5RqOkHB3c2VLFn/EngJmlIjPiG29 mZoA== X-Gm-Message-State: AOJu0Yy/OmzpdIcNVucSzLSORFSuJxqPIo6skVoEao6zanAncjTN1D5u tL8v7sQ2sWY9EyxIcQCowwCOiCqexzg3VfCrccBdYGGIi2kpmhpIamP7v/wYjA== X-Gm-Gg: AZuq6aLELWjXspKZsLbyAqfHUWvbRHzahwmI4txENmbleDU0xL+aaMmj/J/vua0zdyP xA2YvWkQR87oi5BBdFXSniIp/pvum/FIwlZ6cQPSLpRoPcAOLynvD7peAM4X1cpZKr1I6sobsvr tYkP51yTaEbsRWHVPBuHSATOvXt63YkOpK62pkMHZw7PtZ76FxncTXi3qQgsiQViuIwNoj17lYB FFGjCntjBD2s1oyLfqBozts0itLM5myXG/Z+EN/l9Az5rDe5Bmg9Gu6LAkaP77wMMgGJDWOK+dw ZGg3DVBnv1/jQxVkbAJPiVHzyBJ2nbdOLYAcso6TQPPCpakXK8MRhksCmKfkwC3pv5F9N2BMz0A waJPWOVfojzvXtW3S1Z4rt+tw+p/IFgDs7CjZ8LCUKq3yGnEwIxmfGTP/G78nxcGzJh+e3+35Pz EmiEKRX8M1Wo9B2HLCkm8= X-Received: by 2002:a05:6000:184f:b0:435:9d70:f299 with SMTP id ffacd0b85a97d-435f3a7e644mr19473124f8f.22.1770066849055; Mon, 02 Feb 2026 13:14:09 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:08 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 10/15] libcdio: patch CVE-2024-36600 Date: Mon, 2 Feb 2026 22:13:56 +0100 Message-ID: <20260202211401.1287664-10-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124083 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36600 Backport the patch from the PR that is referenced in the NVD advisory. Note that there are two PRs mentioned: one is the fix, and the other is just readme update with the CVE ID. The latter wasn't backported. Signed-off-by: Gyorgy Sarvari --- .../libcdio/libcdio/CVE-2024-36600.patch | 32 +++++++++++++++++++ .../libcdio/libcdio_2.2.0.bb | 4 ++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-multimedia/libcdio/libcdio/CVE-2024-36600.patch diff --git a/meta-oe/recipes-multimedia/libcdio/libcdio/CVE-2024-36600.patch b/meta-oe/recipes-multimedia/libcdio/libcdio/CVE-2024-36600.patch new file mode 100644 index 0000000000..adf58fcdc4 --- /dev/null +++ b/meta-oe/recipes-multimedia/libcdio/libcdio/CVE-2024-36600.patch @@ -0,0 +1,32 @@ +From b620a2d3d37d8068bc69941155ba85e6c740d470 Mon Sep 17 00:00:00 2001 +From: Yuxin Wang +Date: Sun, 13 Jul 2025 13:53:17 +0800 +Subject: [PATCH] Fix buffer overrun for Joliet filenames + +Joliet uses UCS-2 (2 bytes per character), and converting to UTF-8 +may require up to 3 bytes per character. This patch increases the +buffer size by i_fname/2 to prevent buffer overrun. + +CVE: CVE-2024-36600 +Upstream-Status: Backport [https://github.com/libcdio/libcdio/commit/417478a7474af41c27ab3f876f31783fa06a5dbc] +Signed-off-by: Gyorgy Sarvari +--- + lib/iso9660/iso9660_fs.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/lib/iso9660/iso9660_fs.c b/lib/iso9660/iso9660_fs.c +index 3b2f07c..9df1b94 100644 +--- a/lib/iso9660/iso9660_fs.c ++++ b/lib/iso9660/iso9660_fs.c +@@ -859,6 +859,11 @@ _iso9660_dir_to_statbuf (iso9660_dir_t *p_iso9660_dir, + + /* .. string in statbuf is one longer than in p_iso9660_dir's listing '\1' */ + stat_len = sizeof(iso9660_stat_t) + i_fname + 2; ++#ifdef HAVE_JOLIET ++ if (u_joliet_level) { ++ stat_len += i_fname / 2; ++ } ++#endif + + /* Reuse multiextent p_stat if not NULL */ + if (!p_stat) { diff --git a/meta-oe/recipes-multimedia/libcdio/libcdio_2.2.0.bb b/meta-oe/recipes-multimedia/libcdio/libcdio_2.2.0.bb index c443d9b891..ca524f7e9a 100644 --- a/meta-oe/recipes-multimedia/libcdio/libcdio_2.2.0.bb +++ b/meta-oe/recipes-multimedia/libcdio/libcdio_2.2.0.bb @@ -4,7 +4,9 @@ SECTION = "libs" LICENSE = "GPL-3.0-or-later" LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" -SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.bz2" +SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.bz2 \ + file://CVE-2024-36600.patch \ + " SRC_URI[sha256sum] = "6f8fbdf4d189cf63f2a7a1549c516cd720c7b222c7aaadbc924a26e745a48539" From patchwork Mon Feb 2 21:13:57 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80300 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6984CE7FDF0 for ; Mon, 2 Feb 2026 21:14:20 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1617.1770066851602902670 for ; Mon, 02 Feb 2026 13:14:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=BlmbKEwm; spf=pass (domain: gmail.com, ip: 209.85.128.48, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-481188b7760so32747975e9.0 for ; Mon, 02 Feb 2026 13:14:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066850; x=1770671650; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uzASdk4Kt4LZ9Z77B4fEvpaNxzaUh1PYHkafMic3wjY=; b=BlmbKEwmHE/8mPADU82rYjX6pHCqyaY1FQ/22ueDfyLls00TxFYeTJENkmIDMnxuAs GUmSQhaz3rBRejB0UDJuh9g46e8aKm9pySOWHhVPGO8iuOar+oiMpoRqNFTaj1653+AR L6UGvPblwflZpABbWzQi2WEKHXa571+XaQDSChky1cp4048ZtFRlhBjNtz+5wpvWhqBT 8UwN3IKTz4ru9PMIA+wiK7BXeBnvf7sPrw461hIk0bazG4a8S9LSs5rYNOLO281XXV2J hisyZ6Ftq7qur0XhBMba5/9MQeDnki1lk34jyvddLDQYqz9k8jvXI8S7Z8YiGW6GiDaa BlSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066850; x=1770671650; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=uzASdk4Kt4LZ9Z77B4fEvpaNxzaUh1PYHkafMic3wjY=; b=RoRWZyuMmT1cNv9Y1hV1mwhwmm7LAaAfCeYTJoxRTa7SlAYNvNq5pOhpjzq6DRlVh+ xAShPGEQIiF2H/QVBxq/G+95tIXy5j/vYaDkpN19A5Wqkvrw4UqCN0Ccy6wMm5LueD08 HyjmyG1c0QOWZ4R5mVPtEIfXYL3Ubdsi0LVI1d1AMXrk86EmT8DLx8fyZB1ssjLRberj w53DyhDttcQaWrQiaApVnSmgXKGdfyDxtCCqpt9aKkqHjyryaQGIcSq7PpKfeXL4BPhj L91rYVJz6Vn3J62eBUUCFakjY7iOxdqSAtLzWNXr7uQCpT0yqMtoy9gtSryimpQ4RsSd wJRw== X-Gm-Message-State: AOJu0YxEsmwOhRN72IEPA/yyyEXzBJdg6bvu8/eIwX+a603u5t8QdL/R Nkt1DuiD6NQ78hjiiOTf9O2u4eVbgTxaEwA9pkCa/fypYsluaoWsV/1QF8kOtw== X-Gm-Gg: AZuq6aLmI25cfgyB7o1R8EfpAR1fXsxMNnqEsLowOw/e+NlF5S5q9XsFnM5Jvs7kNkz IlDOYf8vxrTT48+1Ck2jvauIytI2Xy7FxXQbeSleK3f/0WyFVQ32ehOLxsi2dX4fZKGrB+y0bnn +SveIdg7ny4QZPMos2BXh+6LW0Xh+9vUg5D+4AGNBjAHTfFcjwgJCYUxEUj3GREeF/HWNo/Gycy EaldOOPZjc3W9M0jp1gUfDlSTnfBNQI/wYbqKdeMf8yIaoKoO97JqUa4brRPsx/pFIRwdK8fYAT z031fczrXcIDu+YX6AYgFH5tkK5tAhcmqlKUYtNYgyKHRYH4dqUCoSMuLUV7kby9xTSFnPv3QH5 CPP+EsbsZWQOvAx2igROIvnnEE9NzPenMytV3CLOgL5mrceAXk1wSMau/uJfqWoXXpP6eT/9RBL 7QX3NTGzNn X-Received: by 2002:a05:600c:8b61:b0:46e:32dd:1b1a with SMTP id 5b1f17b1804b1-482db4567cbmr187008775e9.7.1770066849818; Mon, 02 Feb 2026 13:14:09 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:09 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 11/15] libcupsfilters: patch CVE-2025-64503 Date: Mon, 2 Feb 2026 22:13:57 +0100 Message-ID: <20260202211401.1287664-11-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124084 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64503 Pick the patch that explicitly refernces the CVE ID in its message. (The NVD advisory mentions only the cups-filters patch, but the developer indicated the CVE ID in the libcupsfilters patch also) Between this recipe version and the patch the project has decided to eliminate c++ from the project, and use c only. The patch however is straightforward enough that it could be backported with very small modifications. Signed-off-by: Gyorgy Sarvari --- .../cups/libcupsfilters/CVE-2025-64503.patch | 47 +++++++++++++++++++ .../cups/libcupsfilters_2.1.1.bb | 8 ++-- 2 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch diff --git a/meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch b/meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch new file mode 100644 index 0000000000..b70586296e --- /dev/null +++ b/meta-oe/recipes-printing/cups/libcupsfilters/CVE-2025-64503.patch @@ -0,0 +1,47 @@ +From da9a7db3b9125c87b11c43b05354ca2eb21ed684 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Mon, 10 Nov 2025 21:10:56 +0100 +Subject: [PATCH] Fix out-of-bounds write in cfFilterPDFToRaster() + +From: Till Kamppeter + +PDFs with too large page dimensions could cause an integer overflow and then a too small buffer for the pixel line to be allocated. + +Fixed this by cropping the page size to the maximum allowed by the standard, 14400x14400pt, 200x200in, 5x5m + +https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372 + +Fixes CVE-2025-64503 + +CVE: CVE-2025-64503 +Upstream-Status: Backport [https://github.com/OpenPrinting/libcupsfilters/commit/fd01543f372ca3ba1f1c27bd3427110fa0094e3f] +Signed-off-by: Gyorgy Sarvari +--- + cupsfilters/pdftoraster.cxx | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/cupsfilters/pdftoraster.cxx b/cupsfilters/pdftoraster.cxx +index 0235b54..09583df 100644 +--- a/cupsfilters/pdftoraster.cxx ++++ b/cupsfilters/pdftoraster.cxx +@@ -1606,6 +1606,20 @@ out_page(pdftoraster_doc_t *doc, + l = inputPageBox.height(); + if (l < 0) + l = -l; ++ ++ // ++ // Maximum allowed page size for PDF is 200x200 inches (~ 5x5 m), or 14400x14400 pt ++ // https://community.adobe.com/t5/indesign-discussions/maximum-width-of-a-pdf/td-p/9217372 ++ // ++ if (doc->header.cupsPageSize[0] > 14400) { ++ fprintf(stderr, "ERROR: Page width is %.2fpt, too large, cropping to 14400pt\n", doc->header.cupsPageSize[0]); ++ doc->header.cupsPageSize[0] = 14400; ++ } ++ if (doc->header.cupsPageSize[1] > 14400) { ++ fprintf(stderr, "ERROR: Page height is %.2fpt, too large, cropping to 14400pt\n", doc->header.cupsPageSize[1]); ++ doc->header.cupsPageSize[1] = 14400; ++ } ++ + if (rotate == 90 || rotate == 270) + doc->header.cupsPageSize[0] = l; + else diff --git a/meta-oe/recipes-printing/cups/libcupsfilters_2.1.1.bb b/meta-oe/recipes-printing/cups/libcupsfilters_2.1.1.bb index 51d8c4f18b..311f33e134 100644 --- a/meta-oe/recipes-printing/cups/libcupsfilters_2.1.1.bb +++ b/meta-oe/recipes-printing/cups/libcupsfilters_2.1.1.bb @@ -5,10 +5,10 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=aab2024bd2a475438a154cd1640c9684" DEPENDS = "cups fontconfig libexif dbus lcms qpdf poppler libpng jpeg tiff" -SRC_URI = " \ - https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \ - file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \ -" +SRC_URI = "https://github.com/OpenPrinting/${BPN}/releases/download/${PV}/${BP}.tar.xz \ + file://0001-use-noexcept-false-instead-of-throw-from-c-17-onward.patch \ + file://CVE-2025-64503.patch \ + " SRC_URI[sha256sum] = "6c303e36cfde05a6c88fb940c62b6a18e7cdbfb91f077733ebc98f104925ce36" inherit autotools gettext pkgconfig github-releases From patchwork Mon Feb 2 21:13:58 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80299 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 705EEE7FDF2 for ; Mon, 2 Feb 2026 21:14:20 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1568.1770066852206554754 for ; Mon, 02 Feb 2026 13:14:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=LyFxstMR; spf=pass (domain: gmail.com, ip: 209.85.221.44, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-42fb2314f52so2872139f8f.0 for ; Mon, 02 Feb 2026 13:14:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066850; x=1770671650; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TndT6eysvtRg/EF2RNhGNQC/5+ewhT0sqlCoGo7/WeY=; b=LyFxstMRsSYGVpToMIWy6veF5ZaRK+RXTHVouS+rHNF3vxiQPEYnSThgm9+hVZJSsy qgayjOnnIiIB6bmJuZPzK8zEux4N3YuhD5ScBrePtRRSCRT8xmabA57wESqoBmh07dz4 qrGHACUpfcscUSqbdp8S6jefo17Y3fvBGF4W0v0+SzrqcjwF+o2NopY5NWh8w2PI7A5C 0VieDZoN90h604A4dkBI4ROYlTRE9/xI4BSLP19z9mbDfnEhwRq07YIkbo1ZtmNzeuTh FPiwDX2eirLYTW0nRVkfo9qGqBWBXH0QSZCNgAPBEy824zE1JRNdL0WQqlRUBMuLz4l1 sopw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066850; x=1770671650; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=TndT6eysvtRg/EF2RNhGNQC/5+ewhT0sqlCoGo7/WeY=; b=lY0SO/fB+OXPoGcy1o6PNlL8dSx9lXklAn6hUVd4HlzTbbzbJpKEgKsU0ayd9/eBwk Ei+TwBPcV/ybbfYArbv4egrR3cx+iCGavVqAFVlTGvHM0VeUhxLysImM8nDYg0R9fs3B jxl41mlQMMLgIG8S4LCSjyf848ngXjGRFG6aI0ZNwP1z/nHuDMCpi2fEIIWqJn2LPkLa 8BVYPZP1tzd5rwuROUen1FlbDiyp5y5WMB/N4sKaCgMICXM5DSQaI2wMkWz770gMiJgy ALQasJdsqHPeiXl3J3bPqK5KojISin0XUO6tjAE8D24/4r1PkfFPmDFSXCbPG1ZLDwIz gFgQ== X-Gm-Message-State: AOJu0Yyq9FTqY0QwWaNK53xxEribuiuihaHft8cYP6MHr2BeC55DxgU1 +E6lP4HzhhtRmA/fW5vlJzPMZ8WjNZaXaRwgu8UzB4QAPoA2FMQsM4AHoZM1Ag== X-Gm-Gg: AZuq6aINfvZOGT8U7UcAmU3pKj14iyv7WTtF+j5HdSL29nxaZj52G2i7NsAilOrwK+b UibcwL7v74PUNAiVb+o5qZzabq+mt2Ct/OGG1c4MS8rlGMXQijCu6K0O6DU6Yd7zVhwJGGanQ38 uCxgfI0lnOqAXFyOKDM15hMEWnfEkR04NFsWrgFfkVFqKo5QvY2fZHZ9qAqlit8RpWnKRliIcnX UrbLskVJelodDboptjwyQW/e2o6jXquvsoQQ9XWT9BRXou0zczbsS6jv1INGYZVRtfAOW2ldY3X yuYFsA0rzKwfIhoPWnI/HrzeErPMUmNCLxq3xwr/7WV6Tnymv+1LzDlpp+ozsjYzgxMKqzM23tO ceEEJGMJWmK0gNcgdmLA5c0GvYio6SsEVRw4bBlVZoVNUSu4YnfWPI4DjY9F99ugzWUNCha/CR9 sLob2CSO/udUCirlhjBfw= X-Received: by 2002:a05:6000:2404:b0:430:fc63:8d3 with SMTP id ffacd0b85a97d-435f3aaa5bamr17118388f8f.30.1770066850483; Mon, 02 Feb 2026 13:14:10 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:10 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 12/15] ndpi: ignore CVE-2025-25066 Date: Mon, 2 Feb 2026 22:13:58 +0100 Message-ID: <20260202211401.1287664-12-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124085 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25066 The vulnerable code was introduced in version 4.12[1], and the recipe version is not vulnerable yet. Due to this, ignore this CVE. [1]: https://github.com/ntop/nDPI/commit/b9348e9d6e0e754c4b17661c643ca258f1540ca1 Signed-off-by: Gyorgy Sarvari --- meta-networking/recipes-support/ntopng/ndpi_4.2.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-networking/recipes-support/ntopng/ndpi_4.2.bb b/meta-networking/recipes-support/ntopng/ndpi_4.2.bb index f0175167a4..ae6efa802e 100644 --- a/meta-networking/recipes-support/ntopng/ndpi_4.2.bb +++ b/meta-networking/recipes-support/ntopng/ndpi_4.2.bb @@ -13,7 +13,6 @@ SRC_URI = "git://github.com/ntop/nDPI.git;branch=4.2-stable;protocol=https \ file://0001-autogen.sh-not-generate-configure.patch \ " - inherit autotools-brokensep pkgconfig CPPFLAGS += "${SELECTED_OPTIMIZATION}" @@ -25,3 +24,5 @@ do_configure:prepend() { EXTRA_OEMAKE = " \ libdir=${libdir} \ " + +CVE_STATUS[CVE-2025-25066] = "cpe-incorrect: Version 4.2 is not vulnerable yet" From patchwork Mon Feb 2 21:13:59 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80296 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57CB0E7FDEE for ; Mon, 2 Feb 2026 21:14:20 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1619.1770066852861676112 for ; Mon, 02 Feb 2026 13:14:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=mOycs4/D; spf=pass (domain: gmail.com, ip: 209.85.221.52, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-4359228b7c6so3455851f8f.2 for ; Mon, 02 Feb 2026 13:14:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066851; x=1770671651; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=G88OSTPm5WMvySIoPjgzRmbOKraEJ1gB4yhNgN2ZDvo=; b=mOycs4/D/6mn05TU5JZSBsWYML+FS1csdkx1S1Aa0+h9pLrIkFwS+LPN/hbR9mOWlP OyC+63337mNB31mZsY2LxTerCKtxS4ggdA46N77a4Z1o3Oamtj4+BLihGoVdvsmlRP96 FAi6lP0T7dbQfkGbSllDapmbadqruqjUjy7ZitFjTRHdEeEFzhWGbM0HSw/GWxPdj3kB olBglBVYrOUpV507NOot6AFHGnxsGRANrFwNTPZNit9DrQomzw6UXrTbjy++f+bSjibz 79m+5R70RKm3P19fuPg6UxHrHjqKBq6WAjVjjmY4m4vxybw7T83uQSimg8dZSt09QwbN Ihsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066851; x=1770671651; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=G88OSTPm5WMvySIoPjgzRmbOKraEJ1gB4yhNgN2ZDvo=; b=IOWX3M9HfvXrhmneW6xM2wUyKVXVyA6MfRUdSoChmANX3q2pFNtP1wW6csTXuV/quu nEtkeuzhcJYcB2tzEo65KLU6ghbZzscL6v1blK7HdMgAhDoQjsGW6sGRskNPCyXrSy2F nRwlUy6ElKNkDyIyMqVQx1GCPuPDOvdwRTJy6QtwcRGusz7Bpgvh6KKr2zl06DSJNxZi eyuVhl0RoYcKr3tx6RVQYlsZVvGLYVRFxfb1Gf6SxIDiTT2C9112ioTuWgx1Zpa5yqTJ 7mNIhqRAkG5ZZf+QhwPKmMlCaFosw9Wv9iRU81iwv+XKS2x44YmFk/fSN5llVLI8mxnR M3BA== X-Gm-Message-State: AOJu0YzWKoRZ8YSq08kZRAtyP2UJLIMwDn9Ww6ADNWwCv/2ZZjyTeQUh wGCS02Opn87Z6VSfIoci5jXZ/bR/UqyGRarcxvqUjwRHQA4euPdBuw0SMOrNrQ== X-Gm-Gg: AZuq6aLUSQvBOvzoPnzNPhv7Sx2TR3gXlrT7dtBX9ofqkEEOMMfZ9pM7DKkacNsyvYQ rlQ8r1iiAxLqkLYco707iG2TLBx38i+7RSjFrYcWuPtXw6doXVp991pLIJy/jGqswOlnCICHpqi Kr/sXAWChGjULMswVDBD9X7XV50VHiRFEjtNOAM2aSDS9wnnPqGMOeVwG3uaunWnLPchS28Cfsq XikMbcMM8BK4QSZBdfydsy1uW1qH2I/Msrip7iOkZ7Ome1aR84P8F6n6u3eMUXtpANsDjxioIQo lqteZcnjAFSyAStgxhZZVIvfQE7e+9XU4+mi4BTN4IqeJIwHEHlHnZa9vOU2QobBdAz3CAR7vH/ no6FMnsvv0he/FrktFZX4x+RtfmUVlzxQwf7tpuTL3dMFIKyOI8woa6fodcerfHNTI7r5P6LsY2 uCWTePOitkBIPakOf7gB8= X-Received: by 2002:a5d:5a44:0:b0:435:faa5:c154 with SMTP id ffacd0b85a97d-435faa5c1f3mr11126440f8f.37.1770066851071; Mon, 02 Feb 2026 13:14:11 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:10 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 13/15] nodejs: upgrade 22.21.1 -> 22.22.0 Date: Mon, 2 Feb 2026 22:13:59 +0100 Message-ID: <20260202211401.1287664-13-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124086 From: Jason Schonberg This is the December 2025 security release that the nodejs team released January 13, 2026. 3 high severity issues. 4 medium severity issues. 1 low severity issue. High priority fixes: CVE-2025-55131 CVE-2025-55130 CVE-2025-59465 Medium priority fixes: CVE-2025-59466 CVE-2025-59464 CVE-2026-21636 * CVE-2026-21637 Low priority fixes: CVE-2025-55132 * note that this medium priority CVE only effects Nodejs v25. https://nodejs.org/en/blog/vulnerability/december-2025-security-releases Changelog: https://github.com/nodejs/node/releases/tag/v22.22.0 Signed-off-by: Jason Schonberg Signed-off-by: Khem Raj (cherry picked from commit 0bb156371e433cf3e9fdc4291da2319d63a83575) Signed-off-by: Gyorgy Sarvari --- .../oe-npm-cache | 0 ...oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} | 0 .../nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb} | 2 +- 3 files changed, 1 insertion(+), 1 deletion(-) rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-22.21 => nodejs-oe-cache-22.22}/oe-npm-cache (100%) rename meta-oe/recipes-devtools/nodejs/{nodejs-oe-cache-native_22.21.bb => nodejs-oe-cache-native_22.22.bb} (100%) rename meta-oe/recipes-devtools/nodejs/{nodejs_22.21.1.bb => nodejs_22.22.0.bb} (98%) diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache similarity index 100% rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.21/oe-npm-cache rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-22.22/oe-npm-cache diff --git a/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb b/meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb similarity index 100% rename from meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.21.bb rename to meta-oe/recipes-devtools/nodejs/nodejs-oe-cache-native_22.22.bb diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb similarity index 98% rename from meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb rename to meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb index ccaf9f7bb2..443cdc430d 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_22.21.1.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.0.bb @@ -39,7 +39,7 @@ SRC_URI:append:class-target = " \ SRC_URI:append:toolchain-clang:powerpc64le = " \ file://0001-ppc64-Do-not-use-mminimal-toc-with-clang.patch \ " -SRC_URI[sha256sum] = "487d73fd4db00dc2420d659a8221b181a7937fbc5bc73f31c30b1680ad6ded6a" +SRC_URI[sha256sum] = "4c138012bb5352f49822a8f3e6d1db71e00639d0c36d5b6756f91e4c6f30b683" S = "${UNPACKDIR}/node-v${PV}" From patchwork Mon Feb 2 21:14:00 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80295 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C695E7FDE2 for ; Mon, 2 Feb 2026 21:14:20 +0000 (UTC) Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.1620.1770066853642726136 for ; Mon, 02 Feb 2026 13:14:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=YF11Fu4x; spf=pass (domain: gmail.com, ip: 209.85.221.41, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-4359228b7c6so3455861f8f.2 for ; Mon, 02 Feb 2026 13:14:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066852; x=1770671652; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=i8TQCHtpp/lJy4VIY+X3m8ncuplulYBk6oLEKGjpM/M=; b=YF11Fu4xVYWTfdGiQxkFGIZqhsWqo27VLfqiq+ayPIkAVF/5ZwTDWCiC3J7HkJoxp0 L803qVDnBPTtzw8l1cQxDFPou/oHBKHb85pqg6ctKNaHR3LXVaV2Y35NWwRGS5IABRaE uMjmvb6jv/2yEsuiVPqlUDyvVJicmtNLEWCxm0dBxLpms0UN4SBeytQHG/NtiqZWAmPg NbDX8nYQx1OT9bejLgsdmtGaPNV557g+3wtDeOdio6J8LPLflZ9RMUBWSgMxqjD6jntd 2J8HMSZ5KkdfnMxg0KD5h7YqZHl5WTy2f3MO0qB+/nrLAA8ovA/mmpYiL0vTPHIgDiSY 7AFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066852; x=1770671652; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=i8TQCHtpp/lJy4VIY+X3m8ncuplulYBk6oLEKGjpM/M=; b=k4iKzLsUA9MiH6gI2aPdkj0KcYBUw8IIVKos+dKXJshWIpLskO3mchDjnkiWq6P6V2 YwaYRNhMvJ+zqgk6SQpVUxBDy+mFl7hIcapi+J79WSgZU3hUNBwXfB2r2eRObQXanjTh KjCym2b1MLk251sIH5RPnP6vHIQclUlOlo47HnHvWeStjiPariPV+s3O/yLQrtXIhyQ9 2bg0ybz+Y97Alqc5xkBlffOV1wNGOK1eoXLJwfIzuauhZENwTuKGmYjy8215vlzEEUMU oRjvGxOKxfJOt1n9G1SMWYdbeQZKq1qtgld7thkEOSWy0QFXDhqhxezLfqfQzGm9rzGF q+qQ== X-Gm-Message-State: AOJu0YzkdAKYJA7/xUq3P8shag+4EuII9+Zp7ZGvc5abl0NgQtXQ/Noy YAsX2bI632k6DUv+4JQepRRX8SqJy//zJdbr78uyJgpwygEDLCx6biK8ZlMImQ== X-Gm-Gg: AZuq6aJBmPfGkG1sI3shNcStU3lpzXvLLbJm/ZSglGYBo84N2g13QNgphe0iAOybyFk 8zRqKnFD93dTNbgLQPq8WMH7etcBEZreaAW5XHrl3aGHj82FTHG0XIoUX6HUOYjgcRRMT9DIHwG IypXx+Mdn3pkkPjweOck8DaGsfc4dhZGhcFBc2LpH2HILcnkLjt05kmQKqu/hPKYVgScBbLQjlC Hsuf6/PR8y7RK5uvJ956DkSR1VXIAAbLeizgzIrkGAYk2V4wdb4KIo8ePdyuDnpfde6Sg+G2mX3 FV9vGay4pLRuUPpE0lMxxhw32Erm4o3pxTdBbN6kf13CH3lZ2oL7jDYNttdl5Uj8RCQxVlXqnw4 yBjDIImy8w1ec6cv8KeIULF5NcO+peYyPnrR3OKDPN9JyZ3EB9Rj5z+us4Z1rijFmAbXVlr6TmE x0eOxayp1E X-Received: by 2002:a05:6000:1a8f:b0:435:a52a:6351 with SMTP id ffacd0b85a97d-435f3a95478mr18762333f8f.28.1770066851760; Mon, 02 Feb 2026 13:14:11 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:11 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-networking][whinlatter][PATCH 14/15] ez-ipupdate: patch CVE-2003-0887 Date: Mon, 2 Feb 2026 22:14:00 +0100 Message-ID: <20260202211401.1287664-14-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124087 Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887 The vulnerability is about the default (example) configurations, which place cache files into the /tmp folder, that is world-writeable. The recommendation would be to place them to a more secure folder. The recipe however does not install these example configurations, and as such it is not vulnerable either. Just to make sure, patch these folders to a non-tmp folder (and also install that folder, empty). Some more discussion about the vulnerability: https://bugzilla.suse.com/show_bug.cgi?id=48161 Signed-off-by: Gyorgy Sarvari --- .../ez-ipupdate/ez-ipupdate_3.0.11b7.bb | 7 + .../ez-ipupdate/files/CVE-2003-0887.patch | 158 ++++++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch diff --git a/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb b/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb index 42ecf9bac4..7a392b2c23 100644 --- a/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb +++ b/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb @@ -10,8 +10,15 @@ SRC_URI = "http://sourceforge.net/projects/ez-ipupdate/files/${BPN}/${PV}/${BPN} file://conf_file.c.patch \ file://wformat.patch \ file://0001-ez-ipupdate-Include-time.h-for-time-API-prototype.patch \ + file://CVE-2003-0887.patch \ " SRC_URI[md5sum] = "525be4550b4461fdf105aed8e753b020" SRC_URI[sha256sum] = "a15ec0dc0b78ec7578360987c68e43a67bc8d3591cbf528a323588830ae22c20" inherit autotools pkgconfig + +do_install:append(){ + install -m 0744 -d ${D}${localstatedir}/lib/ez-ipupdate +} + +FILES:${PN} += "${localstatedir}/lib/ez-ipupdate" diff --git a/meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch b/meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch new file mode 100644 index 0000000000..53aa355008 --- /dev/null +++ b/meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch @@ -0,0 +1,158 @@ +From cd8fa738b0ed3b5fb89ac00068fdc2e20c1b6169 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Mon, 2 Feb 2026 14:03:01 +0100 +Subject: [PATCH] CVE-2003-0887 + +The vulnerability is about exmaple config files placing cache files +into a world-writable directory (/tmp) instead of something more +secure. + +This patch changes this path to /var/lib/ez-ipupdate, which is +not world-writable by default. + +CVE: CVE-2003-0887 +Upstream-Status: Inactive-Upstream [lastcommit: 2002] +Signed-off-by: Gyorgy Sarvari +--- + example-dhs.conf | 2 +- + example-dyndns.conf | 2 +- + example-dyns.conf | 2 +- + example-easydns.conf | 2 +- + example-gnudip.conf | 2 +- + example-heipv6tb.conf | 2 +- + example-justlinux.conf | 2 +- + example-ods.conf | 2 +- + example-pgpow.conf | 2 +- + example-tzo.conf | 2 +- + 10 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/example-dhs.conf b/example-dhs.conf +index 3fe9a04..f976ae5 100755 +--- a/example-dhs.conf ++++ b/example-dhs.conf +@@ -11,7 +11,7 @@ host=mydomain.whatever.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-dyndns.conf b/example-dyndns.conf +index f539dec..84b4807 100755 +--- a/example-dyndns.conf ++++ b/example-dyndns.conf +@@ -19,7 +19,7 @@ max-interval=2073600 + #cache-file=/etc/ez-ipupdate.cache.eth1 + + # for the mean time we'll just use a cache file in the temp directory +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-dyns.conf b/example-dyns.conf +index 868768d..856a4d7 100644 +--- a/example-dyns.conf ++++ b/example-dyns.conf +@@ -11,7 +11,7 @@ host=myhost + #interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-#cache-file=/tmp/ez-ipupdate.cache ++#cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-easydns.conf b/example-easydns.conf +index 0ff20da..15d9b78 100755 +--- a/example-easydns.conf ++++ b/example-easydns.conf +@@ -11,7 +11,7 @@ host=mydomain.whatever.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-gnudip.conf b/example-gnudip.conf +index 3b2fb63..d09df1f 100755 +--- a/example-gnudip.conf ++++ b/example-gnudip.conf +@@ -15,7 +15,7 @@ max-interval=2073600 + #address=0.0.0.0 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-heipv6tb.conf b/example-heipv6tb.conf +index e31aa9c..3ebc822 100644 +--- a/example-heipv6tb.conf ++++ b/example-heipv6tb.conf +@@ -18,7 +18,7 @@ max-interval=2073600 + #cache-file=/etc/ez-ipupdate.cache.eth1 + + # for the mean time we'll just use a cache file in the temp directory +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-justlinux.conf b/example-justlinux.conf +index 0afeb2c..28b3327 100755 +--- a/example-justlinux.conf ++++ b/example-justlinux.conf +@@ -11,7 +11,7 @@ host=mydomain.penguinpowered.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-ods.conf b/example-ods.conf +index d0ff889..7b16f2c 100755 +--- a/example-ods.conf ++++ b/example-ods.conf +@@ -11,7 +11,7 @@ host=mydomain.ods.org + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-pgpow.conf b/example-pgpow.conf +index 29a92d6..81e351b 100755 +--- a/example-pgpow.conf ++++ b/example-pgpow.conf +@@ -11,7 +11,7 @@ host=mydomain.penguinpowered.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-tzo.conf b/example-tzo.conf +index 2a71db3..10b8dc4 100755 +--- a/example-tzo.conf ++++ b/example-tzo.conf +@@ -15,7 +15,7 @@ max-interval=2073600 + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it From patchwork Mon Feb 2 21:14:01 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80298 X-Patchwork-Delegate: anuj.mittal@oss.qualcomm.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A9CEE7FDE0 for ; Mon, 2 Feb 2026 21:14:20 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.1569.1770066854164958095 for ; Mon, 02 Feb 2026 13:14:14 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kwgweG1N; spf=pass (domain: gmail.com, ip: 209.85.128.45, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-4801eb2c0a5so47675705e9.3 for ; Mon, 02 Feb 2026 13:14:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770066852; x=1770671652; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=gSBhBTi690esTVECfHEuHn1K7Q4BdKWr4bAGqiwq5ns=; b=kwgweG1NfEFOTlMlER2pxMAEjk6I/7wrdLFZZ3xMRhxfNV8ZnE+8/6pNeFeLmKBbSJ 8A3AzHo0DIjfdRxqJDScoJxjMJO7jrypSmAEh+omL51NjNTrkucOugVM0NGfABCG0LF+ kSOuxTBG8e93tXY8kB2chnfsIke4H4TgW4OR3gdVgJf9BKt201um6d7BHmnBMA96t0gW IDvoKfU55V9fqXnr2OeX0PrOm0fynocA9DjxjEcoGQ+CMrPwVhMlAnT1s/Be97wyGwbE Hvs+mqBhJ3eo37s1+/ijJZKRR1fth5Tn5tpMK6fhEej9Co9OKZzy0z5Tmfd3vXE6djKh 9a3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770066852; x=1770671652; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=gSBhBTi690esTVECfHEuHn1K7Q4BdKWr4bAGqiwq5ns=; b=ih4m8wDPoVuhfxWd8IyjmLhpYdzBPjuxA6enwMulNIu1Vdvr421jIQikWyPBfxdeTB cWIhqoQzXN9M+bKLfiMaDsCASkN2TmHa9B2HfTNVBaETmTTOJZwn2buNhJxDvskAffET bSXYkoY3wuFJUb2ZfwsZi2+kIrzEhMK1mK1tjAojdrC8GUhrLjt2i9MoGZY8aiee/myy /h1ERZFhsNv9OrBOCbsrM2gqQCMzVpLwcRi+NUspKvP3o/2aBjcyoJHMvaybNaTr+KxU q1240SqGaG2zh0Si3hwwzVVCaDp3IXO5fcOfLLCi5enQ1BGLK6UP+m5u2a6UBip/Tqa2 2aDg== X-Gm-Message-State: AOJu0Yyv17bR811WiZ2AvVhsRD/lgkO9uaV16MQqf8rhR9Z3/LlLbz8M xnz6k9voiFhYgTz1mYzmqUAKc8tH1bKOnm3pjjnQ6CkUmg3M7mThhgSvuoXxGA== X-Gm-Gg: AZuq6aI7bouluO1+WhaiYZDlfaSSq6fn/f9LDoxnHgNSF0Wwwn+bZZcKEezq+LYedal 50M0SratqikjgowzJ8Bar0iWbvDVZQ1zR7c4NQWOKxrLu7+vITlLyi6D0NmtnpQyC1dZzRmY0vw lLrxa4U3FvvLwU7D4eBA9v+eBlXBE1l9VDoA6hvmIrR0a4aXJJ9/MeVIniEJ5fkhbQfqh/SPrNe SExc9poHXdFnu4e4cGfnba1pYFS8yvvg0/Kp8rTSSD2G2AXFbHw3yfZGU9KnhFIhboWP6f/bt90 bmDHEN2eCbECCC9uVTF6F91bg4mGyUj+o1cUI8yhnzXjCY6gHNWrD9vCoL0aQrMyfdwCnMaoHny iQizI9JxJPzwcpyfUbUpeCIlFPlu4wvFxk/0uTLKnmyW8tXd4c7m7wJlDoZ+7uMl0+D8H880BAE QMd9o2Ibeb X-Received: by 2002:a05:600c:1f14:b0:47d:4047:f377 with SMTP id 5b1f17b1804b1-482db4a1006mr185201005e9.36.1770066852425; Mon, 02 Feb 2026 13:14:12 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce64sm48756747f8f.26.2026.02.02.13.14.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 02 Feb 2026 13:14:12 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-networking][whinlatter][PATCH 15/15] proftpd: ignore CVE-2021-47865 Date: Mon, 2 Feb 2026 22:14:01 +0100 Message-ID: <20260202211401.1287664-15-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260202211401.1287664-1-skandigraun@gmail.com> References: <20260202211401.1287664-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 02 Feb 2026 21:14:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124088 Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865 This CVE was opened based on a 5 years old Github issue[1], and has been made public recently. The CVE wasn't officially disputed (yet?), but based on the description and the given PoC the application is working as expected. The vulnerability description and the PoC basically configures proftpd to accept maximum x connections, and then when the user tries to open x + 1 concurrent connections, it refuses new connections over the configured limit. See also discussion in the Github issue. It seems that it won't be fixed, because there is nothing to fix. [1]: https://github.com/proftpd/proftpd/issues/1298 Signed-off-by: Gyorgy Sarvari --- meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb index 65dd2f9561..d64e0a0495 100644 --- a/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb +++ b/meta-networking/recipes-daemons/proftpd/proftpd_1.3.9.bb @@ -25,6 +25,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P(\d+(\.\d+)+\w?))" CVE_VERSION_SUFFIX = "alphabetical" CVE_STATUS[CVE-2001-0027] = "fixed-version: version 1.2.0rc3 removed affected module" +CVE_STATUS[CVE-2021-47865] = "upstream-wontfix: it is not a vulnerability but inproper configuration" EXTRA_OECONF += "--enable-largefile INSTALL=install"