From patchwork Tue Feb 3 10:16:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80328 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4BE0E6E7E2 for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13482.1770113964677189919 for ; Tue, 03 Feb 2026 02:19:24 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=FW5/IoGa; spf=pass (domain: smile.fr, ip: 209.85.128.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-47ee937ecf2so5838005e9.0 for ; Tue, 03 Feb 2026 02:19:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113963; x=1770718763; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=abGix7wqEF/44PiODwmOhMpUoWajaKppLHWRZpZavOU=; b=FW5/IoGaZzlOPTNNWU56B8YIPdRuCVr82CQXnwR/F2OGr1H5CskhH38npIePUYs7fk bCFvqmdsA4hU2aiARR/BF+uZ4opg8LI9dxGqxCGVhkZBXK/dN7ev3v+s6+5W/eHdzOSZ t9yGU5GQA2aUBSi1hAtnl52VMwOmKt5niwlAs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113963; x=1770718763; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=abGix7wqEF/44PiODwmOhMpUoWajaKppLHWRZpZavOU=; b=ErwFQjzzb5oU2IL2ybPYBEqKQQ5VAXqUOkTJxB9Oa4unS3YiV+RZNFq/J7hx7Vemwg 7rku00ctHBe2AuZBxRbl2tXO5TkkguY+u7as+iQ22kbM/mFsps5Ybv3TFbbllUemQtzC 66saCUIfxxG8y5HmLTVPuY3MnAKXO3TU9mLCpaw62ppmR4jxJIUe0XEwpAsM45vu1rQy eXOdldspz9HOvpSPFmIUOhT0oVDe+9p0GZvgMbbUO8arPXjDLaKEvP1HbIj8nlh2Otd6 83FQSNlmwrHW2/nRYi5F8z0ZwyZ0rgoNbWcDi5dbtz8JK4JGh0XQDz7R0gpPvrfAwqaX +d8Q== X-Gm-Message-State: AOJu0Yx+2gZMnIZydDU8uKWON++7A75y65y8fyQaVeMgtbjaydy3qQSQ D9y/XL8tMwzxnP/7a6tuw8BIi/vGdOWO5o73S4L8GChg3SUhyndGdfAH+lQkKiypCS31VNk3rwG ZgZmmXsc= X-Gm-Gg: AZuq6aJIkt3L1ed9G5GeSuen3idF/6tB3hwY/PGHX+Ndk720bpn4FGHUbvXr1NDq1jx o2xhpBasL1fO93yJNjvvB/GTR4Y96j5HxOgPNC/Hqyrq8I2C7MnbCx+sTzfO+i8+mUBBYuNot9d hLuQieKDrOAJx6CPQfRyH81ivkjlfziTlnKTZKQRgy+IIRCLUEXRq9/tvQWgs0vdX6GXTmbBCAr D+LsuLpIw2ZrDF5ESRJaqRaK5kL9BHgWqCKSGK/0SgShcMr9uh9CrLVI0XRqmoTb9IurmdnrGXE QHWdPMdIzHlIccpHlj9xNpt4uT+nUGJPSEIADqr9lBaMRcAquLtHTLGrrszi1Gj6Jwq6KGTz3MU RSeEcYObqGnfZwJZGu1HAEL7/JgIl55Ai5WR/Zx8faIYPwnfcJ9LM7h8SKEiKKvbhzFbVInPl/x aQBUmIAwho67wdcP/KF6bsv6VLfhrpQl3EQ6BIXZ6WPfdmkdrst1d8dETMlZksI4mtIHoClOX3j kp6Gowv4DjqBiUJGwHdtRNqhA== X-Received: by 2002:a05:600c:8718:b0:477:9e0c:f59 with SMTP id 5b1f17b1804b1-48305133282mr33271895e9.2.1770113962532; Tue, 03 Feb 2026 02:19:22 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:22 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 01/22] oeqa/gitarchive: Fix git push URL parameter Date: Tue, 3 Feb 2026 11:16:30 +0100 Message-ID: <6358b08df27aa2f8f109fc2ab9ad5026d59c7051.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230429 From: Mathieu Dubois-Briand The gitarchive() function takes a `push` parameter than can be either a boolean or a string. But this parameter is then passed to expand_tag_strings(), which clearly expect it to be a string if it is defined. Split this in two arguments: a `push` boolean value and a `push_remote` optional string. Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 024f08629feeec8198d1e489633e475959754cfe) Signed-off-by: Yoann Congal --- meta/lib/oeqa/selftest/cases/gitarchivetests.py | 4 ++-- meta/lib/oeqa/utils/gitarchive.py | 8 ++++---- scripts/lib/resulttool/store.py | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/meta/lib/oeqa/selftest/cases/gitarchivetests.py b/meta/lib/oeqa/selftest/cases/gitarchivetests.py index 71382089c12..dcf0eb3be56 100644 --- a/meta/lib/oeqa/selftest/cases/gitarchivetests.py +++ b/meta/lib/oeqa/selftest/cases/gitarchivetests.py @@ -74,7 +74,7 @@ class GitArchiveTests(OESelftestTestCase): "Results of {branch}:{commit}", "branch: {branch}\ncommit: {commit}", "{branch}", False, "{branch}/{commit_count}-g{commit}/{tag_number}", 'Test run #{tag_number} of {branch}:{commit}', '', - [], [], False, keywords, logger) + [], [], False, None, keywords, logger) self.assertTrue(tag_exists(git_obj, target_tag), msg=f"Tag {target_tag} has not been created") delete_fake_repository(path) @@ -88,7 +88,7 @@ class GitArchiveTests(OESelftestTestCase): "Results of {branch}:{commit}", "branch: {branch}\ncommit: {commit}", "{branch}", False, "{branch}/{commit_count}-g{commit}/{tag_number}", 'Test run #{tag_number} of {branch}:{commit}', '', - [], [], False, keywords, logger) + [], [], False, None, keywords, logger) self.assertTrue(tag_exists(git_obj, second_tag), msg=f"Second tag {second_tag} has not been created") delete_fake_repository(path) diff --git a/meta/lib/oeqa/utils/gitarchive.py b/meta/lib/oeqa/utils/gitarchive.py index 7e1d5057482..6ec17d36958 100644 --- a/meta/lib/oeqa/utils/gitarchive.py +++ b/meta/lib/oeqa/utils/gitarchive.py @@ -162,7 +162,7 @@ def expand_tag_strings(repo, name_pattern, msg_subj_pattern, msg_body_pattern, msg_body = format_str(msg_body_pattern, keyws) return tag_name, msg_subj + '\n\n' + msg_body -def gitarchive(data_dir, git_dir, no_create, bare, commit_msg_subject, commit_msg_body, branch_name, no_tag, tagname, tag_msg_subject, tag_msg_body, exclude, notes, push, keywords, log): +def gitarchive(data_dir, git_dir, no_create, bare, commit_msg_subject, commit_msg_body, branch_name, no_tag, tagname, tag_msg_subject, tag_msg_body, exclude, notes, push, push_remote, keywords, log): if not os.path.isdir(data_dir): raise ArchiveError("Not a directory: {}".format(data_dir)) @@ -179,7 +179,7 @@ def gitarchive(data_dir, git_dir, no_create, bare, commit_msg_subject, commit_ms tag_name, tag_msg = expand_tag_strings(data_repo, tagname, tag_msg_subject, tag_msg_body, - push, log, keywords) + push_remote, log, keywords) # Commit data commit = git_commit_data(data_repo, data_dir, branch_name, @@ -195,10 +195,10 @@ def gitarchive(data_dir, git_dir, no_create, bare, commit_msg_subject, commit_ms cmd = ['push', '--tags'] # If no remote is given we push with the default settings from # gitconfig - if push is not True: + if push_remote is not None: notes_refs = ['refs/notes/' + ref.format(branch_name=branch_name) for ref, _ in notes] - cmd.extend([push, branch_name] + notes_refs) + cmd.extend([push_remote, branch_name] + notes_refs) log.info("Pushing data to remote") data_repo.run_cmd(cmd) diff --git a/scripts/lib/resulttool/store.py b/scripts/lib/resulttool/store.py index b143334e699..f3caafaff82 100644 --- a/scripts/lib/resulttool/store.py +++ b/scripts/lib/resulttool/store.py @@ -82,7 +82,7 @@ def store(args, logger): "Results of {branch}:{commit}", "branch: {branch}\ncommit: {commit}", "{branch}", False, "{branch}/{commit_count}-g{commit}/{tag_number}", 'Test run #{tag_number} of {branch}:{commit}', '', - excludes, [], False, keywords, logger) + excludes, [], False, None, keywords, logger) if args.logfile_archive: logdir = args.logfile_archive + "/" + tagname From patchwork Tue Feb 3 10:16:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80332 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D0AE1E6E7EB for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13354.1770113965111681079 for ; Tue, 03 Feb 2026 02:19:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=ni3WKt6Z; spf=pass (domain: smile.fr, ip: 209.85.221.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-43596062728so363173f8f.1 for ; Tue, 03 Feb 2026 02:19:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113963; x=1770718763; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vH6BK87+e/mwaObVUH+CZXj4Q/sC6OfiwDoCePdFOkc=; b=ni3WKt6ZTU7pGlE4mlGqoPSOAaCpljvq9wLuMBe40qN5seRwUAu86kgKeGfuZoFG3A gIVJOsnPZhixp4IML0nCM2EZ8YceMZ/oIGBVgHpXUrUJmWRKL+HLg5swBJ8NZQ7y961W FUku2IOA4GLxZLMniulfQASd/JaIaJOqzvoU8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113963; x=1770718763; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=vH6BK87+e/mwaObVUH+CZXj4Q/sC6OfiwDoCePdFOkc=; b=cxeYGlKtQO3TXDn0WbMnuIZnCDb/RuvWtw5S9SqxiPzqPp20ystm5NFJzPUJOnfzlB fVMcrDbH/4tsNT3/+jvXNvSASoh4uJHer3F4jMe7NLN6tr561MPzN55lcDLTOqVNPbT7 8NGhYsR6olIQjLYybQZy/TLk6iI5UasE53AZIKGSRDNKZICKIueGmz8Fj0SAUh7YgBZ7 kuroJwGSyn8APJsC10YPQNIKRjIa+u0Fzt/obcFWTA/B1xXKo3ZxADQ+CIjaj4nubdGL HJuNZRJsJqyqATz+DEUMprEbXuBpdRiZErakauzRl7/ur8S9NWSylbtt+7p+hnyqN2DF EjNg== X-Gm-Message-State: AOJu0YwSI1UJZwvasn5rb0/AjYRpKt2GvIdDIr1LIb2KtRBCD1C+Rb4u gWfHHnMb3K3hfrtvN6Rs8vl8o9H2c6H8k3/+IRYOkicR/26nJX6s5qljZMrdjYpgs3wyhtOw98E lOd1UZKs= X-Gm-Gg: AZuq6aLUwXjGxufZL2205kzMvjRA241DddaE9lEf5pTCJWSV72mESjSSj1bo4Sz9WiA M7MpzhAtK8VJ9+JUeQUpyWjHVWOhRzmetVAoXdCoA2twz7p37sMFIlYc65zKvIRbckq3lshf5YR hROpB5aFo3sjnC7pkgE7I3bFCpjlYRTb1FTqrYw1lIQkmgFuyCNDxEuuNTlQO/RXyjpZC1xoGF9 dqmXXfS8CYPROJvo1W4b6OuHIkgDiX2gPQ62aTzVI15NXzyIbWcyJ2Q4EPe9o0k0rS6CshSTWeM 0REnwqo6YVXSc2jYDsQE2Nee0l4GAVSYNq/bvdDqNBPYqgr8LIgBbfGMj9vzNP5z6jYrSbscYY8 tloN0t7Lkw0RiV5hsyqMUp3bqj/QhrKCSgabghQDXTjopnJrVnPMSpRFG4/RI/dmp8objl93Re7 qnt1Odd8UWPNNRi+YH+Tnvx7/3L0dnPvoC8cT8C1JzvUQ2csKeJ2rq5TeqF7jvQ8ZltPR4ZMqNQ X0t4sE9ov0Z+eo= X-Received: by 2002:a5d:6408:0:b0:436:251:b574 with SMTP id ffacd0b85a97d-4361130b3eemr2812747f8f.5.1770113963204; Tue, 03 Feb 2026 02:19:23 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:22 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 02/22] oeqa/gitarchive: Push tag before copying log files Date: Tue, 3 Feb 2026 11:16:31 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230430 From: Mathieu Dubois-Briand Resulttool creates a git tag in the yocto-testresults git and then copies log files to a newly created folder on the NFS share, whose name is controlled by the name of this git tag. As tags are unique, the folder name is also unique, preventing any clash between different builds. Today, the tag is pushed from the calling script, so after the folder is copied. This can lead to some issues if for any reason the tag is not pushed. This might also lead to some race condition. Allow to push the tag before coying data, in order to prevent these issues, and add a warning if the calling script choose to not push the tag but still copy the log files on the NFS share. Fixes [YOCTO #15696] Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 7d869c9c5aaeeda9fa476bfe6b05ded6e225379d) Signed-off-by: Yoann Congal --- scripts/lib/resulttool/store.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/lib/resulttool/store.py b/scripts/lib/resulttool/store.py index f3caafaff82..dc2c259331b 100644 --- a/scripts/lib/resulttool/store.py +++ b/scripts/lib/resulttool/store.py @@ -82,9 +82,14 @@ def store(args, logger): "Results of {branch}:{commit}", "branch: {branch}\ncommit: {commit}", "{branch}", False, "{branch}/{commit_count}-g{commit}/{tag_number}", 'Test run #{tag_number} of {branch}:{commit}', '', - excludes, [], False, None, keywords, logger) + excludes, [], args.push_tags, None, keywords, logger) if args.logfile_archive: + if not args.push_tags: + # As no tag was pushed, we can't guarantee there "tagname" + # is uniq and so we might have several builds trying to use + # the same "logdir" target. + logger.warning("Archiving log files but the %s tag was not pushed: this may result in target folder conflicts") logdir = args.logfile_archive + "/" + tagname shutil.copytree(tempdir, logdir) os.chmod(logdir, 0o755) @@ -123,3 +128,5 @@ def register_commands(subparsers): help='only store data for the specified revision') parser_build.add_argument('-l', '--logfile-archive', default='', help='directory to separately archive log files along with a copy of the results') + parser_build.add_argument('-p', '--push-tags', action='store_true', + help='push created tags to remote git') From patchwork Tue Feb 3 10:16:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80333 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DCDE7E6E7EF for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13355.1770113966103773807 for ; Tue, 03 Feb 2026 02:19:26 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=WHO1pvaS; spf=pass (domain: smile.fr, ip: 209.85.221.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-435a11957f6so4228337f8f.0 for ; Tue, 03 Feb 2026 02:19:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113964; x=1770718764; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=d+BzhpS/sSwy4fvSNjCvJN3XhrgXofjWG4LRJNMT3B8=; b=WHO1pvaSubEZLPvD4XfDuSysg8l/CYVTvGx12ALMXAibLHcI5d7zO/a+BIzYdguWqC GsUhcGQUHlpS2k0pzpICOPETGoHqxsza+mwAfZTLIimObteRFSyYkD27Eah2Y6nC5ieh r4KG4B0rXY8cnjVzz52KopQfy0sa6xCEBu4kY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113964; x=1770718764; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=d+BzhpS/sSwy4fvSNjCvJN3XhrgXofjWG4LRJNMT3B8=; b=F+Qwmec8eOxphpSc2206qcAdUQaqhRkw0GST8cq5H/k7iLXrSEFxTVwrmN0UNpMcxR t5MVVtijgQ9ShwI36gEZdZBWf5o/P4SZoNC0z9NiThZJwtcT56WVZUEVfC+SpJPXbjTL vR2g8bO5nI+zHza2CArUy7fdrWIN8FSiNvMW88gMj32kk7F5btvmvLSJQ9b2R/Oe48T+ Ca59ZNLwAy2p4qbgpPsGZxIU4Tu5FiSNe4C6iY0NjKd2gsHLKUKpVfW+y+dsqKl9t1N6 hQbjqFH9x4izZDymjFpcBdIudnnvV5/20Lx0ocXM3rCTgASNJzeQvM0orLIpDzRESMNB m39w== X-Gm-Message-State: AOJu0YwTD3ICnbOn/ua2/09lVbibeahPuTIVA/f2DDcxVCfZg89IEB90 Vuc62I02Ype4QdSx/KyJjnnwdDPjL1WYWo/fPBk1jPxf1YjqxPvx4doayKBDbCQjREMwu7JMk+2 izUxe5XQ= X-Gm-Gg: AZuq6aIilgdKtPWoa9AdPqNlx6/AISCzRK7pTx/yY/CMfRVOPNqNVT4D9tarZh9/7dV ab70vbuJu8ZcavuovfajNcopbJn/9sxv43lNznu3V+2PR48fQwtjrEWL4MdE7X4y7bm/tVmDymg VWLhOSU3a4+ph6JvHCRDaAey+XJdTzGsI71UQns+PwPcjW1PkbpB+KhGKBNHliSMb38DGxCQLmv b9/qci7ab7GKgowFiwQD0RoRXHTc+kxg/vNSXJ1QlyjMuKMv54jX/fE4yHHRV1iiYuzNveeLsc6 2jprkuekgFTk8W7q8SQ/kWfUJXvxJO+8io0xZN+vepPLBuLfuk7k60o7i+gAxD0HscdiCXNH+T9 bw7o24wiOcUYochzf51eSU0oezGReiiHYPPXdD+lVcWl22g/v2cjcwHFIKsrLUSvpkGZR5oYGTs M/b7902mElxL1qmKj70GKkdB1yFs6olwMc8RMpI9LKb/jlCx9qI0BaxbtsbluWtZwPx7s1CHIep m6CfelFJ0SyVFzTsPc3UYdxXA== X-Received: by 2002:a05:6000:61e:b0:435:9241:37b4 with SMTP id ffacd0b85a97d-435f3aafcb4mr20615623f8f.53.1770113964178; Tue, 03 Feb 2026 02:19:24 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:23 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 03/22] scripts/oe-git-archive: Ensure new push parameter is specified Date: Tue, 3 Feb 2026 11:16:32 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230431 From: Richard Purdie Fixes a regresion in "oeqa/gitarchive: Fix git push URL parameter" due to a missing parameter. Signed-off-by: Richard Purdie (cherry picked from commit 983cb2171e53564bc9dd188136439f3e2ad9e188) Signed-off-by: Yoann Congal --- scripts/oe-git-archive | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/oe-git-archive b/scripts/oe-git-archive index 9305ed0b0f9..9484fc53c7d 100755 --- a/scripts/oe-git-archive +++ b/scripts/oe-git-archive @@ -106,7 +106,7 @@ def main(argv=None): gitarchive.gitarchive(args.data_dir, args.git_dir, args.no_create, args.bare, args.commit_msg_subject.strip(), args.commit_msg_body, args.branch_name, args.no_tag, args.tag_name, args.tag_msg_subject, args.tag_msg_body, - args.exclude, args.notes, args.push, keywords, log) + args.exclude, args.notes, bool(args.push), args.push, keywords, log) except gitarchive.ArchiveError as err: log.error(str(err)) From patchwork Tue Feb 3 10:16:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80324 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5EA00E8307C for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13483.1770113967486453151 for ; Tue, 03 Feb 2026 02:19:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=VIezTHZv; spf=pass (domain: smile.fr, ip: 209.85.221.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-432d2670932so4918604f8f.2 for ; Tue, 03 Feb 2026 02:19:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113966; x=1770718766; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CvHKZCyij9Tx1SXn/Qq8GRIIyR5t6ek3Ea/2+8Aljvo=; b=VIezTHZvDUDTkEeVazpVlha/hRvS+sz1eajgH5ATp/FM+of6DhMkIQijedioQAjLV9 yMrwHgWhGjv/Vg/J9EG01eZe0zJj/nSkpxnjOpVdcT611uCHJwenvCQ/eleIEqM1W3Mm PjQQsKWbcE1RXZ/JCuPRZKLkZL86wXu0Nf1kg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113966; x=1770718766; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=CvHKZCyij9Tx1SXn/Qq8GRIIyR5t6ek3Ea/2+8Aljvo=; b=MWOoeKjGWpuHsd6IJU2NE+edWPNFwSpuPQa8rod0a4sFLf0R7LV0hKX8yBePGhiFPL fOU/vN8CJm0ZpNVvTOS0y5L4WN4GxjtzX16TT+fzr2uCTNU3YQx3drU+v20P+8VmpNyJ eoICUy5atHOrYSfqT+VpU+yMjtkESFyiJRhaXMxl5s1+kkEt/K2gXoL0BN8IMYopVovw ZObdcFYSET1oOBn5AokrgJwM+jLw6iIXP/uHxQt2EbQToxjdYD5CGIQoysV92mcw5WGr AM9SCT6fBr7rUPqRuHR9uTIYxkx1T6EqDPWffMR4sgw37TuKOsGdZDftCaeSIfbhbGWp JHrw== X-Gm-Message-State: AOJu0Yy2RlwUlPeVbfz/QsUMAprdsm2KvgerDEta2y/M/eHcN5r1/KV1 IYJ4P9SJwqKa64RWX1kg6YapuVAA1bKMCP4lzx9MKmwgBNOKh1ZGzxcPdfcFRTm9zhrHBzIiJQc eIqsB3WU= X-Gm-Gg: AZuq6aJqEqbcbLS4FOrq1x/Maoc+pKv7MVcQ5C0t8GZuiGQ0FkQrVlHXAbunGFYNu0C WIV65Xrstz+abARXkbUhuhZkdIrgEkPKl9nUEdGbK0fRDxPgNO2uYjkfmSUJAhHx+4ZpUJh0EMb +YJv8/4DxJo6cmEY4+lFWQbm03NpaiW+wCuc85v0bLlkur8HVHx6ZSsK81boWWE21Gm+3EfeGSe ewARsw5KrRqZ/yY0N3ZvJGM3XzcN5hCe6gkel0KlQ8VKPQp7BAnW0xHWijL+6FAhoCpCZ/2HYY5 L1wWDdwuH6YXT3QwjwQ+KZMkvZrlRnwV7SuHt9Dv9xgWqtt1kwMmZ9UTFmdI443l+XtTbjZED98 hrIGhId6zQAaGbk/3bDFj/qOY1S/jijGzG/08aqbAOty55YkZtYNn4TZZ5qpdpVjOS/5fPQM1st Igsy8/mUgqNDKWCan+wHPdxuO66aBButwNzyxi2d1KKiGj1ZpMOFMUKiWM2lHxceOb3s2yeGuVU U/MWqP6mpfuuhE= X-Received: by 2002:a05:6000:144a:b0:432:84ef:7160 with SMTP id ffacd0b85a97d-435f3a6bf2fmr23589373f8f.12.1770113965262; Tue, 03 Feb 2026 02:19:25 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:24 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 04/22] grub: fix CVE-2025-54770 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664 Date: Tue, 3 Feb 2026 11:16:33 +0100 Message-ID: <497bc29a9f95ea85e996572c28bcd43cdddd500a.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230432 From: Jiaying Song References: https://nvd.nist.gov/vuln/detail/CVE-2025-54770 https://nvd.nist.gov/vuln/detail/CVE-2025-61661 https://nvd.nist.gov/vuln/detail/CVE-2025-61662 https://nvd.nist.gov/vuln/detail/CVE-2025-61663 https://nvd.nist.gov/vuln/detail/CVE-2025-61664 Signed-off-by: Jiaying Song Signed-off-by: Steve Sakoman Signed-off-by: Peter Marko Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie (cherry picked from commit e8ea34a3e891a8c9dac21ae8c5b6d2a97d9074a7) Signed-off-by: Yoann Congal --- .../grub/files/CVE-2025-54770.patch | 41 +++++++++++ .../grub/files/CVE-2025-61661.patch | 40 +++++++++++ .../grub/files/CVE-2025-61662.patch | 72 +++++++++++++++++++ .../grub/files/CVE-2025-61663_61664.patch | 64 +++++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 4 ++ 5 files changed, 221 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61661.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61662.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch diff --git a/meta/recipes-bsp/grub/files/CVE-2025-54770.patch b/meta/recipes-bsp/grub/files/CVE-2025-54770.patch new file mode 100644 index 00000000000..7df1d8534b4 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2025-54770.patch @@ -0,0 +1,41 @@ +From 80e0e9b2558c40fb108ae7a869362566eb4c1ead Mon Sep 17 00:00:00 2001 +From: Thomas Frauendorfer | Miray Software +Date: Fri, 9 May 2025 14:20:47 +0200 +Subject: [PATCH] net/net: Unregister net_set_vlan command on unload + +The commit 954c48b9c (net/net: Add net_set_vlan command) added command +net_set_vlan to the net module. Unfortunately the commit only added the +grub_register_command() call on module load but missed the +grub_unregister_command() on unload. Let's fix this. + +Fixes: CVE-2025-54770 +Fixes: 954c48b9c (net/net: Add net_set_vlan command) + +CVE: CVE-2025-54770 + +Upstream-Status: Backport +[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=10e58a14db20e17d1b6a39abe38df01fef98e29d] + +Reported-by: Thomas Frauendorfer | Miray Software +Signed-off-by: Thomas Frauendorfer | Miray Software +Reviewed-by: Daniel Kiper +Signed-off-by: Jiaying Song +--- + grub-core/net/net.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 2b45c27d1..05f11be08 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -2080,6 +2080,7 @@ GRUB_MOD_FINI(net) + grub_unregister_command (cmd_deladdr); + grub_unregister_command (cmd_addroute); + grub_unregister_command (cmd_delroute); ++ grub_unregister_command (cmd_setvlan); + grub_unregister_command (cmd_lsroutes); + grub_unregister_command (cmd_lscards); + grub_unregister_command (cmd_lsaddr); +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2025-61661.patch b/meta/recipes-bsp/grub/files/CVE-2025-61661.patch new file mode 100644 index 00000000000..9f6cf68e4bf --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2025-61661.patch @@ -0,0 +1,40 @@ +From c24e11d87f8ee8cefd615e0c30eb71ff6149ee50 Mon Sep 17 00:00:00 2001 +From: Jamie +Date: Mon, 14 Jul 2025 09:52:59 +0100 +Subject: [PATCH 2/4] commands/usbtest: Use correct string length field + +An incorrect length field is used for buffer allocation. This leads to +grub_utf16_to_utf8() receiving an incorrect/different length and possibly +causing OOB write. This makes sure to use the correct length. + +Fixes: CVE-2025-61661 + +CVE: CVE-2025-61661 + +Upstream-Status: Backport +[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=549a9cc372fd0b96a4ccdfad0e12140476cc62a3] + +Reported-by: Jamie +Signed-off-by: Jamie +Reviewed-by: Daniel Kiper +Signed-off-by: Jiaying Song +--- + grub-core/commands/usbtest.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/grub-core/commands/usbtest.c b/grub-core/commands/usbtest.c +index 2c6d93fe6..8ef187a9a 100644 +--- a/grub-core/commands/usbtest.c ++++ b/grub-core/commands/usbtest.c +@@ -99,7 +99,7 @@ grub_usb_get_string (grub_usb_device_t dev, grub_uint8_t index, int langid, + return GRUB_USB_ERR_NONE; + } + +- *string = grub_malloc (descstr.length * 2 + 1); ++ *string = grub_malloc (descstrp->length * 2 + 1); + if (! *string) + { + grub_free (descstrp); +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2025-61662.patch b/meta/recipes-bsp/grub/files/CVE-2025-61662.patch new file mode 100644 index 00000000000..f04a52fe76a --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2025-61662.patch @@ -0,0 +1,72 @@ +From 498dc73aa661bb1cae4b06572b5cef154dcb1fb7 Mon Sep 17 00:00:00 2001 +From: Alec Brown +Date: Thu, 21 Aug 2025 21:14:06 +0000 +Subject: [PATCH 3/4] gettext/gettext: Unregister gettext command on module + unload + +When the gettext module is loaded, the gettext command is registered but +isn't unregistered when the module is unloaded. We need to add a call to +grub_unregister_command() when unloading the module. + +Fixes: CVE-2025-61662 + +CVE: CVE-2025-61662 + +Upstream-Status: Backport +[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=8ed78fd9f0852ab218cc1f991c38e5a229e43807] + +Reported-by: Alec Brown +Signed-off-by: Alec Brown +Reviewed-by: Daniel Kiper +Signed-off-by: Jiaying Song +--- + grub-core/gettext/gettext.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/grub-core/gettext/gettext.c b/grub-core/gettext/gettext.c +index 9ffc73428..edebed998 100644 +--- a/grub-core/gettext/gettext.c ++++ b/grub-core/gettext/gettext.c +@@ -502,6 +502,8 @@ grub_cmd_translate (grub_command_t cmd __attribute__ ((unused)), + return 0; + } + ++static grub_command_t cmd; ++ + GRUB_MOD_INIT (gettext) + { + const char *lang; +@@ -521,13 +523,14 @@ GRUB_MOD_INIT (gettext) + grub_register_variable_hook ("locale_dir", NULL, read_main); + grub_register_variable_hook ("secondary_locale_dir", NULL, read_secondary); + +- grub_register_command_p1 ("gettext", grub_cmd_translate, +- N_("STRING"), +- /* TRANSLATORS: It refers to passing the string through gettext. +- So it's "translate" in the same meaning as in what you're +- doing now. +- */ +- N_("Translates the string with the current settings.")); ++ cmd = grub_register_command_p1 ("gettext", grub_cmd_translate, ++ N_("STRING"), ++ /* ++ * TRANSLATORS: It refers to passing the string through gettext. ++ * So it's "translate" in the same meaning as in what you're ++ * doing now. ++ */ ++ N_("Translates the string with the current settings.")); + + /* Reload .mo file information if lang changes. */ + grub_register_variable_hook ("lang", NULL, grub_gettext_env_write_lang); +@@ -544,6 +547,8 @@ GRUB_MOD_FINI (gettext) + grub_register_variable_hook ("secondary_locale_dir", NULL, NULL); + grub_register_variable_hook ("lang", NULL, NULL); + ++ grub_unregister_command (cmd); ++ + grub_gettext_delete_list (&main_context); + grub_gettext_delete_list (&secondary_context); + +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch b/meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch new file mode 100644 index 00000000000..bfc05008bfb --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2025-61663_61664.patch @@ -0,0 +1,64 @@ +From 8368c026562a72a005bea320cfde9fd7d62d3850 Mon Sep 17 00:00:00 2001 +From: Alec Brown +Date: Thu, 21 Aug 2025 21:14:07 +0000 +Subject: [PATCH 4/4] normal/main: Unregister commands on module unload + +When the normal module is loaded, the normal and normal_exit commands +are registered but aren't unregistered when the module is unloaded. We +need to add calls to grub_unregister_command() when unloading the module +for these commands. + +Fixes: CVE-2025-61663 +Fixes: CVE-2025-61664 + +CVE: CVE-2025-61663 CVE-2025-61664 + +Upstream-Status: Backport +[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=05d3698b8b03eccc49e53491bbd75dba15f40917] + +Reported-by: Alec Brown +Signed-off-by: Alec Brown +Reviewed-by: Daniel Kiper +Signed-off-by: Jiaying Song +--- + grub-core/normal/main.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/grub-core/normal/main.c b/grub-core/normal/main.c +index dad25e7d2..a810858c3 100644 +--- a/grub-core/normal/main.c ++++ b/grub-core/normal/main.c +@@ -500,7 +500,7 @@ grub_mini_cmd_clear (struct grub_command *cmd __attribute__ ((unused)), + return 0; + } + +-static grub_command_t cmd_clear; ++static grub_command_t cmd_clear, cmd_normal, cmd_normal_exit; + + static void (*grub_xputs_saved) (const char *str); + static const char *features[] = { +@@ -542,10 +542,10 @@ GRUB_MOD_INIT(normal) + grub_env_export ("pager"); + + /* Register a command "normal" for the rescue mode. */ +- grub_register_command ("normal", grub_cmd_normal, +- 0, N_("Enter normal mode.")); +- grub_register_command ("normal_exit", grub_cmd_normal_exit, +- 0, N_("Exit from normal mode.")); ++ cmd_normal = grub_register_command ("normal", grub_cmd_normal, ++ 0, N_("Enter normal mode.")); ++ cmd_normal_exit = grub_register_command ("normal_exit", grub_cmd_normal_exit, ++ 0, N_("Exit from normal mode.")); + + /* Reload terminal colors when these variables are written to. */ + grub_register_variable_hook ("color_normal", NULL, grub_env_write_color_normal); +@@ -587,4 +587,6 @@ GRUB_MOD_FINI(normal) + grub_register_variable_hook ("color_highlight", NULL, NULL); + grub_fs_autoload_hook = 0; + grub_unregister_command (cmd_clear); ++ grub_unregister_command (cmd_normal); ++ grub_unregister_command (cmd_normal_exit); + } +-- +2.34.1 + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 5759fa06c25..125490183b9 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -37,6 +37,10 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch \ file://CVE-2025-0678_CVE-2025-1125.patch \ file://CVE-2024-56738.patch \ + file://CVE-2025-54770.patch \ + file://CVE-2025-61661.patch \ + file://CVE-2025-61662.patch \ + file://CVE-2025-61663_61664.patch \ " # remove at next version upgrade or when output changes From patchwork Tue Feb 3 10:16:34 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80325 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8CCEEE7C712 for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13356.1770113967938080641 for ; Tue, 03 Feb 2026 02:19:28 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=n8kLLraJ; spf=pass (domain: smile.fr, ip: 209.85.128.50, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-4806cc07ce7so54593495e9.1 for ; Tue, 03 Feb 2026 02:19:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113966; x=1770718766; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=AKzSL3pDQUCWAVGN3g6daZ1PqLh0/g0DGVl298jnMGk=; b=n8kLLraJZ7mQ6M6q5VdRC7VpiG8kCBWudF3p2NGtXPALG5jh5TIufmA88LFrvYdG53 KexxPto6fjHY92DR9EP9z+UEH69WRKKTAOI8XCzy2rr6UYqeSQrte/jSj9tSjwvDMA4v yA5GHXVDr8/O/y4dc18NIHKjxnS3AFmBijpS8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113966; x=1770718766; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=AKzSL3pDQUCWAVGN3g6daZ1PqLh0/g0DGVl298jnMGk=; b=F/jbAcCNztXsgoNqqBpRKSpV0lfDTXg+yexKiMY8odi9JYNQimjVT3CJBkmRW/iaJr ka+OXscHEUQRw82a9GA26IC3PxBmNMNTsC1SwRfKfJgyoZk88LLlu3PGmq/zIJq3xJ9J wlwhplU9eUIEmvEqbeXC+P2Z51JUXfXhlxSqv7QeunYvuNGB+RByC3q0Xs6VIFjQ0kdJ atytKnGyevy/fImOpJiwSCaYicyExJxs+8Ej61HXA36VzQOm6Vz6fibAMYMbuFXIogN9 cMwGgSSVTtTNave1dFex31kNmYRa+IdxI3XmLK98RKaEJ1iiWYXKr4KXa+BWY8MtEOr8 4j5Q== X-Gm-Message-State: AOJu0YxxVRHMMFTkEZlZMnjOkEPtu4+fvANHnIIWdHwPcfFee3KELoAW gFzjFPxUg3eKr7iv5GPr6pZEg5nNuVTT2Pk6jMfKkxH51AEAGZYOlN/s74JAwiTiAcZpE5XhSfQ Qzr7I/3I= X-Gm-Gg: AZuq6aICoXyYwV+eXSODtA3DAjNMnJLCmJU1jR/JVJAm1rB8iKb9L+TNumvwSf/Uokw MgjynYWCpi8ZjAbz/BbRR/Zu/tNm+Xdn406QP1/t/i9eOcTtzyAQ27tMPW1jQRfrke5IsRuq/QK 2iBDAsR8aCxfax6e4zgC0DNxZsmHFium00fbHq1OVndVoCn3hP8bclq/zwDHcFxIpwRd1mNzLGK mulrT/qFWcggCv7flkPUyLEL9/F0ZfECDQEJtBO7LHWSVA1pCrXaHQkulsk8oEZK2uHSguQOiLE kMBLWOaG+NsLQlwdyimsHDRkUDsir3HcGN0G5kZ0arpXvySkCjgq1+PAUpqr/LZL+ZtR7l+4j63 fyxy4o47xuyQWy5HVcB2GrK40NGXztlQAYYoVMUDxzgcJVf+7gklBk6lpOT/mjyuKwQDhpyVu0Z n9XABeIJu5ltE/42DUZeyLi0vbYbNyvvz2ozHLoV5v9wJpq6yox2nkO48qZMBrvipDlhGuUhgLe nMoYM04PyRxB7s= X-Received: by 2002:a05:600c:5297:b0:483:887:59b0 with SMTP id 5b1f17b1804b1-483088759f8mr20475405e9.35.1770113965869; Tue, 03 Feb 2026 02:19:25 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:25 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 05/22] go: upgrade 1.25.5 -> 1.25.6 Date: Tue, 3 Feb 2026 11:16:34 +0100 Message-ID: <879500d40991777692f6569c4ef3232a4d48f6f2.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230433 From: Peter Marko Upgrade to latest 1.25.x release [1]: $ git --no-pager log --oneline go1.25.5..go1.25.6 69801b25b9 (tag: go1.25.6) [release-branch.go1.25] go1.25.6 9d497df196 [release-branch.go1.25] archive/zip: reduce CPU usage in index construction afa9b66ac0 [release-branch.go1.25] net/url: add urlmaxqueryparams GODEBUG to limit the number of query parameters 2526187481 [release-branch.go1.25] cmd/go/internal/work: sanitize flags before invoking 'pkg-config' 082365aa55 [release-branch.go1.25] cmd/go: update VCS commands to use safer flag/argument syntax 4be38528a6 [release-branch.go1.25] crypto/tls: don't copy auto-rotated session ticket keys in Config.Clone 525dd85363 [release-branch.go1.25] crypto/tls: reject trailing messages after client/server hello ddcf27fc8c [release-branch.go1.25] Revert "errors: optimize errors.Join for single unwrappable errors" 14f50f6e3e [release-branch.go1.25] cmd/compile: handle propagating an out-of-range jump table index 4e531b2f14 [release-branch.go1.25] runtime: mark getfp as nosplit 6f07a57145 [release-branch.go1.25] runtime/race: set missing argument frame for ppc64x atomic And/Or wrappers ea603eea37 [release-branch.go1.25] os: allow direntries to have zero inodes on Linux 93f5d1c27e [release-branch.go1.25] os,internal/poll: don't call IsNonblock for consoles and Stdin d5bfdcbc47 [release-branch.go1.25] crypto/tls: use inner hello for earlyData when using QUIC and ECH Fixes CVE-2025-61728, CVE-2025-61726, CVE-2025-68121, CVE-2025-61731, CVE-2025-68119 and CVE-2025-61730. Release information: [2] [1] https://github.com/golang/go/compare/go1.25.5...go1.25.6 [2] https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc Signed-off-by: Peter Marko Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie (cherry picked from commit d3e4f89552a90897691bdd00ffd0413e65023a2c) Signed-off-by: Yoann Congal --- meta/recipes-devtools/go/{go-1.25.5.inc => go-1.25.6.inc} | 2 +- ...binary-native_1.25.5.bb => go-binary-native_1.25.6.bb} | 6 +++--- ...oss-canadian_1.25.5.bb => go-cross-canadian_1.25.6.bb} | 0 .../go/{go-cross_1.25.5.bb => go-cross_1.25.6.bb} | 0 .../go/{go-crosssdk_1.25.5.bb => go-crosssdk_1.25.6.bb} | 0 .../go/{go-runtime_1.25.5.bb => go-runtime_1.25.6.bb} | 0 ...go-make-content-based-hash-generation-less-pedan.patch | 8 ++++---- ...ime-when-using-cgo-on-386-call-C-sigaction-funct.patch | 4 ++-- .../go/0006-cmd-go-make-GOROOT-precious-by-default.patch | 2 +- meta/recipes-devtools/go/{go_1.25.5.bb => go_1.25.6.bb} | 0 10 files changed, 11 insertions(+), 11 deletions(-) rename meta/recipes-devtools/go/{go-1.25.5.inc => go-1.25.6.inc} (91%) rename meta/recipes-devtools/go/{go-binary-native_1.25.5.bb => go-binary-native_1.25.6.bb} (79%) rename meta/recipes-devtools/go/{go-cross-canadian_1.25.5.bb => go-cross-canadian_1.25.6.bb} (100%) rename meta/recipes-devtools/go/{go-cross_1.25.5.bb => go-cross_1.25.6.bb} (100%) rename meta/recipes-devtools/go/{go-crosssdk_1.25.5.bb => go-crosssdk_1.25.6.bb} (100%) rename meta/recipes-devtools/go/{go-runtime_1.25.5.bb => go-runtime_1.25.6.bb} (100%) rename meta/recipes-devtools/go/{go_1.25.5.bb => go_1.25.6.bb} (100%) diff --git a/meta/recipes-devtools/go/go-1.25.5.inc b/meta/recipes-devtools/go/go-1.25.6.inc similarity index 91% rename from meta/recipes-devtools/go/go-1.25.5.inc rename to meta/recipes-devtools/go/go-1.25.6.inc index 47d5c3912c0..2c31c4a235d 100644 --- a/meta/recipes-devtools/go/go-1.25.5.inc +++ b/meta/recipes-devtools/go/go-1.25.6.inc @@ -18,4 +18,4 @@ SRC_URI += "\ file://0011-cmd-link-stop-forcing-binutils-gold-dependency-on-aa.patch \ file://0001-runtime-when-using-cgo-on-386-call-C-sigaction-funct.patch \ " -SRC_URI[main.sha256sum] = "22a5fd0a91efcd28a1b0537106b9959b2804b61f59c3758b51e8e5429c1a954f" +SRC_URI[main.sha256sum] = "58cbf771e44d76de6f56d19e33b77d745a1e489340922875e46585b975c2b059" diff --git a/meta/recipes-devtools/go/go-binary-native_1.25.5.bb b/meta/recipes-devtools/go/go-binary-native_1.25.6.bb similarity index 79% rename from meta/recipes-devtools/go/go-binary-native_1.25.5.bb rename to meta/recipes-devtools/go/go-binary-native_1.25.6.bb index 5ecbca6d17d..6429bb385b5 100644 --- a/meta/recipes-devtools/go/go-binary-native_1.25.5.bb +++ b/meta/recipes-devtools/go/go-binary-native_1.25.6.bb @@ -9,9 +9,9 @@ PROVIDES = "go-native" # Checksums available at https://go.dev/dl/ SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}" -SRC_URI[go_linux_amd64.sha256sum] = "9e9b755d63b36acf30c12a9a3fc379243714c1c6d3dd72861da637f336ebb35b" -SRC_URI[go_linux_arm64.sha256sum] = "b00b694903d126c588c378e72d3545549935d3982635ba3f7a964c9fa23fe3b9" -SRC_URI[go_linux_ppc64le.sha256sum] = "f0904b647b5b8561efc5d48bb59a34f2b7996afab83ccd41c93b1aeb2c0067e4" +SRC_URI[go_linux_amd64.sha256sum] = "f022b6aad78e362bcba9b0b94d09ad58c5a70c6ba3b7582905fababf5fe0181a" +SRC_URI[go_linux_arm64.sha256sum] = "738ef87d79c34272424ccdf83302b7b0300b8b096ed443896089306117943dd5" +SRC_URI[go_linux_ppc64le.sha256sum] = "bee02dbe034b12b839ae7807a85a61c13bee09ee38f2eeba2074bd26c0c0ab73" UPSTREAM_CHECK_URI = "https://golang.org/dl/" UPSTREAM_CHECK_REGEX = "go(?P\d+(\.\d+)+)\.linux" diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.25.5.bb b/meta/recipes-devtools/go/go-cross-canadian_1.25.6.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross-canadian_1.25.5.bb rename to meta/recipes-devtools/go/go-cross-canadian_1.25.6.bb diff --git a/meta/recipes-devtools/go/go-cross_1.25.5.bb b/meta/recipes-devtools/go/go-cross_1.25.6.bb similarity index 100% rename from meta/recipes-devtools/go/go-cross_1.25.5.bb rename to meta/recipes-devtools/go/go-cross_1.25.6.bb diff --git a/meta/recipes-devtools/go/go-crosssdk_1.25.5.bb b/meta/recipes-devtools/go/go-crosssdk_1.25.6.bb similarity index 100% rename from meta/recipes-devtools/go/go-crosssdk_1.25.5.bb rename to meta/recipes-devtools/go/go-crosssdk_1.25.6.bb diff --git a/meta/recipes-devtools/go/go-runtime_1.25.5.bb b/meta/recipes-devtools/go/go-runtime_1.25.6.bb similarity index 100% rename from meta/recipes-devtools/go/go-runtime_1.25.5.bb rename to meta/recipes-devtools/go/go-runtime_1.25.6.bb diff --git a/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch b/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch index b55ad1e7873..6d75266cbe6 100644 --- a/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch +++ b/meta/recipes-devtools/go/go/0001-cmd-go-make-content-based-hash-generation-less-pedan.patch @@ -109,7 +109,7 @@ index 7b073165d5..1f618be0bb 100644 } // Configuration specific to compiler toolchain. -@@ -2631,8 +2633,25 @@ func envList(key, def string) []string { +@@ -2639,8 +2641,25 @@ func envList(key, def string) []string { return args } @@ -136,7 +136,7 @@ index 7b073165d5..1f618be0bb 100644 if cppflags, err = buildFlags("CPPFLAGS", "", p.CgoCPPFLAGS, checkCompilerFlags); err != nil { return } -@@ -2648,6 +2667,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l +@@ -2656,6 +2675,13 @@ func (b *Builder) CFlags(p *load.Package) (cppflags, cflags, cxxflags, fflags, l if ldflags, err = buildFlags("LDFLAGS", DefaultCFlags, p.CgoLDFLAGS, checkLinkerFlags); err != nil { return } @@ -150,7 +150,7 @@ index 7b073165d5..1f618be0bb 100644 return } -@@ -2665,7 +2691,7 @@ func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgo +@@ -2673,7 +2699,7 @@ func (b *Builder) cgo(a *Action, cgoExe, objdir string, pcCFLAGS, pcLDFLAGS, cgo p := a.Package sh := b.Shell(a) @@ -159,7 +159,7 @@ index 7b073165d5..1f618be0bb 100644 if err != nil { return nil, nil, err } -@@ -3229,7 +3255,7 @@ func (b *Builder) swigOne(a *Action, file, objdir string, pcCFLAGS []string, cxx +@@ -3237,7 +3263,7 @@ func (b *Builder) swigOne(a *Action, file, objdir string, pcCFLAGS []string, cxx p := a.Package sh := b.Shell(a) diff --git a/meta/recipes-devtools/go/go/0001-runtime-when-using-cgo-on-386-call-C-sigaction-funct.patch b/meta/recipes-devtools/go/go/0001-runtime-when-using-cgo-on-386-call-C-sigaction-funct.patch index 33e3b033a14..d27809a7f49 100644 --- a/meta/recipes-devtools/go/go/0001-runtime-when-using-cgo-on-386-call-C-sigaction-funct.patch +++ b/meta/recipes-devtools/go/go/0001-runtime-when-using-cgo-on-386-call-C-sigaction-funct.patch @@ -168,7 +168,7 @@ diff --git a/src/runtime/os_linux.go b/src/runtime/os_linux.go index c9d25a5be8..f9fe1b5f33 100644 --- a/src/runtime/os_linux.go +++ b/src/runtime/os_linux.go -@@ -486,7 +486,8 @@ func setsig(i uint32, fn uintptr) { +@@ -487,7 +487,8 @@ func setsig(i uint32, fn uintptr) { sigfillset(&sa.sa_mask) // Although Linux manpage says "sa_restorer element is obsolete and // should not be used". x86_64 kernel requires it. Only use it on @@ -178,7 +178,7 @@ index c9d25a5be8..f9fe1b5f33 100644 if GOARCH == "386" || GOARCH == "amd64" { sa.sa_restorer = abi.FuncPCABI0(sigreturn__sigaction) } -@@ -562,6 +563,21 @@ func sysSigaction(sig uint32, new, old *sigactiont) { +@@ -563,6 +564,21 @@ func sysSigaction(sig uint32, new, old *sigactiont) { //go:noescape func rt_sigaction(sig uintptr, new, old *sigactiont, size uintptr) int32 diff --git a/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch b/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch index 51173794442..15ffdb3cf38 100644 --- a/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch +++ b/meta/recipes-devtools/go/go/0006-cmd-go-make-GOROOT-precious-by-default.patch @@ -94,7 +94,7 @@ index 1f618be0bb..651fa64582 100644 if err := sh.Mkdir(a.Objdir); err != nil { return err } -@@ -1731,6 +1748,14 @@ func (b *Builder) linkShared(ctx context.Context, a *Action) (err error) { +@@ -1739,6 +1756,14 @@ func (b *Builder) linkShared(ctx context.Context, a *Action) (err error) { return err } diff --git a/meta/recipes-devtools/go/go_1.25.5.bb b/meta/recipes-devtools/go/go_1.25.6.bb similarity index 100% rename from meta/recipes-devtools/go/go_1.25.5.bb rename to meta/recipes-devtools/go/go_1.25.6.bb From patchwork Tue Feb 3 10:16:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80334 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id ABE30E6E7E3 for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wm1-f49.google.com (mail-wm1-f49.google.com [209.85.128.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13484.1770113968498402465 for ; Tue, 03 Feb 2026 02:19:28 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=YwTTDEO7; spf=pass (domain: smile.fr, ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f49.google.com with SMTP id 5b1f17b1804b1-482f2599980so26236935e9.0 for ; Tue, 03 Feb 2026 02:19:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113966; x=1770718766; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=SRbpdnfCPzXYtV9l9RU5VAF3MvD/TbwGpKBzzr/lkfs=; b=YwTTDEO7wiHjs7TWK8PN/D8zE+OIVewfMODH6KOM2SEnyBc+JRj7RmtiYWekH4bmG3 c9Tum62LYEhL5YvuQzIiHoxY6ttj0U7rHSh3yxoXR8pH/5MQo02zbHpuTXK3z8bKkOUy dbgmNmQ902roWIR3C/FC9+eSGFn/VwnvFIvVU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113966; x=1770718766; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=SRbpdnfCPzXYtV9l9RU5VAF3MvD/TbwGpKBzzr/lkfs=; b=BnEeHb6GaWvExTNcf4s9dVAMR93hBQqxDI+IdKD15d76tRszSqseN49UBlDDKCYEWa eSILho6KNqdGIAa6e1yGQIuIZb1G2gIhq3tk/VpjC3QRj/1BQUR5c0fune38xx7sW/K9 7h2rHwX/oBYRnS1IR2JdYhoBiAiIfurynV/dd/dFZ9wAgzDc1lJ88M6HqOpPWD4Oary5 pqfzoT8BaMnca6/N9J6s/wEApbq/gVKghJlUnaZmzSRO+e8u+7qqZg9SNmRuuZKfooX/ 0dMb5DLnXzz6HidDsLyHmhJZnM2nsjDZvytUmAwIjOxCJK9NL6NESG7nhX1JnAI9bBa2 EmIQ== X-Gm-Message-State: AOJu0YzAAKVcEG4FT/FB8wnod4cgJqzFkXgqpOY13bk0Wk3/WHt4sbrI HX0Uh17oSsk3x4X5vLg9nwoC39uKfUDh8W23v6/ZVrC9sHBo5w8XD6i7/M9cQLytk+l3uzBZO/d OL+fEigM= X-Gm-Gg: AZuq6aKC76RWX5dY7W0URAP/mHp9xlcIrfsQVEZOlgLsTFqsfv4K+WfgsfSQvq9qWQN fTQdkcMUfwN8TnRX7oo1bKMomUmOK7jTyku21YO0ILqHkBB3txGih3qC6vk23GYIrA+uHF66gay 1DpCQrGVCmFZWeTzkd7aICiCaYJc7beDV3IjO4x1SVp9CKJZUAl1znlfDrC6Cr5SngZrQkaC/Vv HGzgWcOxNxD2AvFUQILt/VpV1/dxmYBMo0vj1rJQuqAFX2FSZGIb22oWydbkGHIhv3gbjjIwCY1 lW/gEyfewGYjCoqo/loix1H4MQxNRbCp13ayUgVsQKym+NndN6WBZ3FV0omgoJQYz1kJxq7AyzP 5Dj526/vroukKzkZCfkNe5l5jqaX5/HXnCffvkME1PB7/6pzFwhcWYhJ79bs+X4UwY2gYDVSbm9 S4aV3O3K+BEM4K/FED/yn49oGrwkEPMvHcN0S6sPQUEY68L0JkoiLYz2wlj83qKmgVszWEi1zac rjICoXKtW3xdQeQY2zENqOtjA== X-Received: by 2002:a05:600c:8716:b0:47a:80f8:82ab with SMTP id 5b1f17b1804b1-482db48d4c0mr206900375e9.24.1770113966490; Tue, 03 Feb 2026 02:19:26 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:26 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 06/22] zlib: ignore CVE-2026-22184 Date: Tue, 3 Feb 2026 11:16:35 +0100 Message-ID: <583076ca73722543c358f97a7e476ab3e8a15437.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230434 From: Peter Marko This is CVE for example tool contrib/untgz. This is not compiled in Yocto zlib recipe. This CVE has controversial CVSS3 score of 9.8. Signed-off-by: Peter Marko Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie (cherry picked from commit b0592c51b6ad038d737d2f6b30977bd0c5c50058) Signed-off-by: Yoann Congal --- meta/recipes-core/zlib/zlib_1.3.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-core/zlib/zlib_1.3.1.bb b/meta/recipes-core/zlib/zlib_1.3.1.bb index 592b7f14229..ef831421216 100644 --- a/meta/recipes-core/zlib/zlib_1.3.1.bb +++ b/meta/recipes-core/zlib/zlib_1.3.1.bb @@ -51,3 +51,5 @@ BBCLASSEXTEND = "native nativesdk" # Adding 'CVE_PRODUCT' to avoid false detection of CVEs CVE_PRODUCT = "zlib:zlib gnu:zlib" + +CVE_STATUS[CVE-2026-22184] = "not-applicable-config: vulnerable file is not compiled" From patchwork Tue Feb 3 10:16:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80330 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96DF6E7FDD6 for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13485.1770113969161220376 for ; Tue, 03 Feb 2026 02:19:29 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=oUfcFSoM; spf=pass (domain: smile.fr, ip: 209.85.221.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-43590777e22so3379222f8f.3 for ; Tue, 03 Feb 2026 02:19:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113967; x=1770718767; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=42ylXkdUGfq8kHAqdH2LLApxmlGycZrLoYuwTTyDTYM=; b=oUfcFSoMLYR0k8kdVQLvjbttVc9Rj/DvH+BdGNV9m+buldQo6sFNgtC3x82W5QMVpZ BeVlpjkIORwVnED7iYJ0QwVItNqDVgLrFZiuuBKi4GEcPE+Er4KaG55yM0RqroFXd97y m9b9hFBHIhPMdciKpx5nM/cju0Am9zw+zv7+E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113967; x=1770718767; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=42ylXkdUGfq8kHAqdH2LLApxmlGycZrLoYuwTTyDTYM=; b=d2KnsDCrQt9yhvEHCnQ8uUnSdmfkLZiBic6mdMo1c428dEVGmSe9XP8HY1TnBjcHqK X5p/1Zwt1YKqjswYwo2JGYwtiF2pFPTYBni+VJ+iFlMQ0iL8v88au4qIw3AFX/02sUPe 5B3aGWkAl1dCITbyH2tjul+8v5eBOSuaq84QaPIoApD6ThZSuee3HVC3Ls7pIYkIrrXU 9KburvD3EINHU94k2GxezNoYMyTBFsuMC9s0qtx1wgY14KwohqjY6GrWRIl6SVzuzW1c 9kXjBUzudyFd4IzAvGDuwjdaHyHZL2Uo8cTWOaxjWP6lQRannVVoCuKtS7a8FdeSeqeB ww9Q== X-Gm-Message-State: AOJu0YwaJJjtf72R4NEbLKpLdQ6OyOi9u8KjSvKWuixrs4RbqGtVoQm1 W5M40CoIdOTZ9EcWfwdqQKrZHpvyyYxehImip40Ar17dddQ70wvjNgQbpZn4m/p9rsmZOMkRcpZ 6LDs47nY= X-Gm-Gg: AZuq6aLZqp++FRnkwtR/teaVFBYHo4kNrmtQdq5eSstl5IosOWA5vX5abtTdqKJtpqa Nc15ksnv5mVgbep5W02n7kCOoL4Xvy90cVHcSUcX9q5sCcf1+JGq94JX/+GSmc+Ap+p9lNox91s 5w1wpQr/MaRlNDBy/arl5mgSY+Y/iLcwqY3uGCcaTtqvfHBRL7QAcMZ/V9v+qjI2FnAJ5sA2Oww lpXkWkh0as3hU5A3mMxJFCA6LFw+mUMr7Q0IoIVbIipcappC7xVVE6f6CJBQimI0i3Z9ENzX68P G+6JHmKQSaCAPSrF/zzjOo7UaaO/1IUhwEwtRynOEGkh4SBw+zennayk5qec6EH7WqSohxJWD5G UlLUy9rMZEJ+AN1izNdKE+fRiA8zgToiReSe6uoYNGGw2yft13kCHPMdDsOe3vzLD3J2y5PAqm4 xQrFx9qcVkwEeS0docnW1vdQU/W/PdM/HK48H4DOhOPtW7jybylDbFCSfTo64yV4cR/UPyJhCpv pc0lVQ2G+9oe00= X-Received: by 2002:a5d:5848:0:b0:435:bdc0:48e9 with SMTP id ffacd0b85a97d-435f3ab4bdcmr20203901f8f.55.1770113967129; Tue, 03 Feb 2026 02:19:27 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:26 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 07/22] python3-urllib3: patch CVE-2026-21441 Date: Tue, 3 Feb 2026 11:16:36 +0100 Message-ID: <2e0f5c85a1c4b75358fd697db7c2829d87bbba15.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230435 From: Peter Marko Pick patch mentioned in NVD report. Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../python3-urllib3/CVE-2026-21441.patch | 111 ++++++++++++++++++ .../python/python3-urllib3_2.5.0.bb | 1 + 2 files changed, 112 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2026-21441.patch diff --git a/meta/recipes-devtools/python/python3-urllib3/CVE-2026-21441.patch b/meta/recipes-devtools/python/python3-urllib3/CVE-2026-21441.patch new file mode 100644 index 00000000000..f3a60138177 --- /dev/null +++ b/meta/recipes-devtools/python/python3-urllib3/CVE-2026-21441.patch @@ -0,0 +1,111 @@ +From 8864ac407bba8607950025e0979c4c69bc7abc7b Mon Sep 17 00:00:00 2001 +From: Illia Volochii +Date: Wed, 7 Jan 2026 18:07:30 +0200 +Subject: [PATCH] Merge commit from fork + +* Stop decoding response content during redirects needlessly + +* Rename the new query parameter + +* Add a changelog entry + +CVE: CVE-2026-21441 +Upstream-Status: Backport [https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b] +Signed-off-by: Peter Marko +--- + CHANGES.rst | 13 +++++++++++++ + dummyserver/app.py | 8 +++++++- + src/urllib3/response.py | 6 +++++- + test/with_dummyserver/test_connectionpool.py | 19 +++++++++++++++++++ + 4 files changed, 44 insertions(+), 2 deletions(-) + +diff --git a/CHANGES.rst b/CHANGES.rst +index 2de9f016..4c0b9cea 100644 +--- a/CHANGES.rst ++++ b/CHANGES.rst +@@ -1,3 +1,16 @@ ++(TBD) ++================== ++ ++Bugfixes ++-------- ++ ++- Fixed a high-severity security issue where decompression-bomb safeguards of ++ the streaming API were bypassed when HTTP redirects were followed. ++ (`GHSA-38jv-5279-wg99 `__) ++ ++TODO: add other entries. ++ ++ + 2.5.0 (2025-06-18) + ================== + +diff --git a/dummyserver/app.py b/dummyserver/app.py +index 0eeb93f7..5b82e932 100644 +--- a/dummyserver/app.py ++++ b/dummyserver/app.py +@@ -233,10 +233,16 @@ async def redirect() -> ResponseReturnValue: + values = await request.values + target = values.get("target", "/") + status = values.get("status", "303 See Other") ++ compressed = values.get("compressed") == "true" + status_code = status.split(" ")[0] + + headers = [("Location", target)] +- return await make_response("", status_code, headers) ++ if compressed: ++ headers.append(("Content-Encoding", "gzip")) ++ data = gzip.compress(b"foo") ++ else: ++ data = b"" ++ return await make_response(data, status_code, headers) + + + @hypercorn_app.route("/redirect_after") +diff --git a/src/urllib3/response.py b/src/urllib3/response.py +index f6266f1a..ff6d1f49 100644 +--- a/src/urllib3/response.py ++++ b/src/urllib3/response.py +@@ -687,7 +687,11 @@ class HTTPResponse(BaseHTTPResponse): + Unread data in the HTTPResponse connection blocks the connection from being released back to the pool. + """ + try: +- self.read() ++ self.read( ++ # Do not spend resources decoding the content unless ++ # decoding has already been initiated. ++ decode_content=self._has_decoded_content, ++ ) + except (HTTPError, OSError, BaseSSLError, HTTPException): + pass + +diff --git a/test/with_dummyserver/test_connectionpool.py b/test/with_dummyserver/test_connectionpool.py +index ce165e24..8d6107ae 100644 +--- a/test/with_dummyserver/test_connectionpool.py ++++ b/test/with_dummyserver/test_connectionpool.py +@@ -508,6 +508,25 @@ class TestConnectionPool(HypercornDummyServerTestCase): + assert r.status == 200 + assert r.data == b"Dummy server!" + ++ @mock.patch("urllib3.response.GzipDecoder.decompress") ++ def test_no_decoding_with_redirect_when_preload_disabled( ++ self, gzip_decompress: mock.MagicMock ++ ) -> None: ++ """ ++ Test that urllib3 does not attempt to decode a gzipped redirect ++ response when `preload_content` is set to `False`. ++ """ ++ with HTTPConnectionPool(self.host, self.port) as pool: ++ # Three requests are expected: two redirects and one final / 200 OK. ++ response = pool.request( ++ "GET", ++ "/redirect", ++ fields={"target": "/redirect?compressed=true", "compressed": "true"}, ++ preload_content=False, ++ ) ++ assert response.status == 200 ++ gzip_decompress.assert_not_called() ++ + def test_303_redirect_makes_request_lose_body(self) -> None: + with HTTPConnectionPool(self.host, self.port) as pool: + response = pool.request( diff --git a/meta/recipes-devtools/python/python3-urllib3_2.5.0.bb b/meta/recipes-devtools/python/python3-urllib3_2.5.0.bb index c39e9676e89..7892fc0874e 100644 --- a/meta/recipes-devtools/python/python3-urllib3_2.5.0.bb +++ b/meta/recipes-devtools/python/python3-urllib3_2.5.0.bb @@ -9,6 +9,7 @@ inherit pypi python_hatchling SRC_URI += "\ file://CVE-2025-66418.patch \ + file://CVE-2026-21441.patch \ " DEPENDS += "python3-hatch-vcs-native" From patchwork Tue Feb 3 10:16:37 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80336 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CAD61E6E7E9 for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13357.1770113969948277337 for ; Tue, 03 Feb 2026 02:19:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=t5fKdf3X; spf=pass (domain: smile.fr, ip: 209.85.221.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-43615d9c507so167411f8f.1 for ; Tue, 03 Feb 2026 02:19:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113968; x=1770718768; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Cci+XdPd5TXzBJ7WTfZGi6s8ulHOjrzOjlw31HCfIJo=; b=t5fKdf3Xftdo+iCCBpLdJbsrj0x2drJMqajsiG3yGGLVZgzFdNUtPQmCIpjxl5z25I GAGIVKvzF28Ji+m8Zlg5MwdCtY1ooCo93RxI4TsBGr56vPUr0XbCrGy04pq3jASqgZPA /hb3Z4uSNVH4eRrmm5eJZI3YiDyAezDrh8cec= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113968; x=1770718768; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Cci+XdPd5TXzBJ7WTfZGi6s8ulHOjrzOjlw31HCfIJo=; b=LFrKARzEWSNiWJ6JDfugO7fk6zQHcaW0/m78MBNkQr/3wRIlYfJxgktPgaewsKUHhW OjNIjXUZIhjo6fl35r3qRxVbgYEzEkVcqM3X0sfxkilR4kQc2PqIE1KzdmgeAHOyoddR eoA9zNTZDTj8JfG2tW+SasufdtTP4kt5+t09FooLaUipkrsa1YGS668C/6QIkqsXPiSr nqCXGjlDKs7EJsnPHo4YWItpyWJk3tdedcq1D7PysipNLKjc7GZMZ2oJe80FH7AOrkWt xF9Nahydl0ujsDUHezwT2/141tCKPE8StgBiczhFiSTR3L58tohTK+xoadjthlpwRPnl 8/SQ== X-Gm-Message-State: AOJu0Yw32M3SvrDHdUgmhc1sNcOnUKh2Z/fewHF88kuOuZN5c/6dM/vb MN9u1QjSJr0dBv/GZOheXcboPnn8leA3acc6yDlyJkYqgUvaD9KtuEevk36TuWHG41B6oKPHH+w P2xyf/k4= X-Gm-Gg: AZuq6aJFoPm6EIL+maGS2f+Lv5cgo+PCDMO3l42rePOC4ou1jTOl7AaEVWqaSYw9Wlg TGvsJpzAan4uNtu4Hs274e3GjHFemYLXxLpO8EH8Z4JNCuz4wPCzP1wdVPOfbU0LVsP/DkFY40/ 8JRYwmweTR9RggsqwxjxgdMJDC0oFml7+PI/zk7MFlER+uplaGX6bkd/wodBmhlxL96NcrQPDJH fce9NCmo0JLO0xYXzoY36MQAvk6c4I3SHyrOEzsdwYRPN8VoyHrnDNUhozWfaH4elv7ivS+8v+G +jroOO9twXuuqSmYwDsrRuBFE+BZc/5jE/wtBcrxqtCinrbeLYW5NDvomYFkmsGA0RZB5jDzOru 6G8FiHMSOSTHZd/BLsJYHQjDHzN0xEDv2TIFTCvZzVKWgCQ6JphtL2RS0D8sb8aoRiZNHZ3Xbr8 fkbYTon6hvMxUlt+eJO/kbbe1gahApEwv6BjFpjC3TL7lHnF6ZDkmOsdFwTJ53dZ4HxijqQOtCC yT13easUVld2iE= X-Received: by 2002:a05:600c:4e56:b0:480:1b1a:551d with SMTP id 5b1f17b1804b1-482db47cf43mr183433795e9.18.1770113967781; Tue, 03 Feb 2026 02:19:27 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:27 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 08/22] libtasn1: Fix CVE-2025-13151 Date: Tue, 3 Feb 2026 11:16:37 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230436 From: Hugo SIMELIERE Upstream-Status: Backport from https://gitlab.com/gnutls/libtasn1/-/commit/d276cc495a2a32b182c3c39851f1ba58f2d9f9b8 Signed-off-by: Bruno VERNAY Signed-off-by: Hugo SIMELIERE Signed-off-by: Yoann Congal --- .../gnutls/libtasn1/CVE-2025-13151.patch | 30 +++++++++++++++++++ .../recipes-support/gnutls/libtasn1_4.20.0.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch diff --git a/meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch b/meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch new file mode 100644 index 00000000000..5047d679840 --- /dev/null +++ b/meta/recipes-support/gnutls/libtasn1/CVE-2025-13151.patch @@ -0,0 +1,30 @@ +From ff7aa7ef2b9ba41df8f2d1e71b05bf2c2ad868dd Mon Sep 17 00:00:00 2001 +From: Vijay Sarvepalli +Date: Mon, 22 Dec 2025 12:24:27 -0500 +Subject: [PATCH] Fix for CVE-2025-13151 Buffer overflow + +Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/d276cc495a2a32b182c3c39851f1ba58f2d9f9b8] +CVE: CVE-2025-13151 + +Signed-off-by: Simon Josefsson +Signed-off-by: Hugo SIMELIERE +--- + lib/decoding.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/decoding.c b/lib/decoding.c +index 1e0fcb3..abcb49f 100644 +--- a/lib/decoding.c ++++ b/lib/decoding.c +@@ -1983,7 +1983,7 @@ int + asn1_expand_octet_string (asn1_node_const definitions, asn1_node *element, + const char *octetName, const char *objectName) + { +- char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE]; ++ char name[2 * ASN1_MAX_NAME_SIZE + 2], value[ASN1_MAX_NAME_SIZE]; + int retCode = ASN1_SUCCESS, result; + int len, len2, len3; + asn1_node_const p2; +-- +2.47.1 + diff --git a/meta/recipes-support/gnutls/libtasn1_4.20.0.bb b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb index 8127ba5b1db..bfc011a2f17 100644 --- a/meta/recipes-support/gnutls/libtasn1_4.20.0.bb +++ b/meta/recipes-support/gnutls/libtasn1_4.20.0.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=1ebbd3e34237af26da5dc08a4e440464 \ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ file://dont-depend-on-help2man.patch \ + file://CVE-2025-13151.patch \ " DEPENDS = "bison-native" From patchwork Tue Feb 3 10:16:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80329 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C107FE6E7E6 for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13486.1770113970654341009 for ; Tue, 03 Feb 2026 02:19:30 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=alm+U5C1; spf=pass (domain: smile.fr, ip: 209.85.221.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f48.google.com with SMTP id ffacd0b85a97d-435a11957f6so4228410f8f.0 for ; Tue, 03 Feb 2026 02:19:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113969; x=1770718769; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=y6Spzk7r+/ZPe8BJaSqxqZ+Z5LTsQ7ZNbAfkct6fYBs=; b=alm+U5C17YNZuI4ueQ7ZQHUNwMpHbasPf4/3BZmZKjuypBi5q7tyMJ7OGVEAE8BBQy suc7R4Zyx65FWTMP3o2SVKLDQm/W3Z/v17Mr1fRjIbtakBHhL6gQhGcbIPbkCqOfMXWz SkRFarcXCGBkQBBUtuVNxbCCuMNhfc+3AUcqI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113969; x=1770718769; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=y6Spzk7r+/ZPe8BJaSqxqZ+Z5LTsQ7ZNbAfkct6fYBs=; b=Vqpdv7PhmRQQQzmhYRV8UEo20+qMJoW/UUkCruJOc7hDtSV7gbfk8kBHuycDwSTYpo i/GuyX/TCX4SbBZpaIV4vmPud/GL4jJFWlI6MDmcda3EnbH1zPQbd9heQHH8eknNq+Gl P3SakdsbBt5se+a00k1WdHopw+lZ/fEt0wRCybLITq9nUHPlZ+qPFhZb2QwpFptTFQAb m7JvGDUtlgn8prmO7Uq8HvnnD2N7hxwNqAyjy20CcSvO4g0uT6CWXXIiN0zGyQicT7F1 PYEuPBriac884HrrLCo1bT1E9+1MYFp9uvQCv5f+XitoRG+brhlp3KyBgXDfNyyx3/Dd 38Dw== X-Gm-Message-State: AOJu0YyWPsSidINH4iY/hpZRBsJbwI45kXzd8oGFo3FYr+TZgFqMHt8d vdVBCTFrcCQYEDmpBeCnnIsvGCDlcoXSJ4uI27+Bec6Tl2RvwBEhAPYYuFfdD4TCmoIkc4DkzcM lo9USUsc= X-Gm-Gg: AZuq6aLzMj2oW/10Hf6qxDXMTb4sPlqUjRucSaSwqCXWOqDpebmwnoXxCjs/h4lrLX3 1NvpScNJsgNy1D/GPqA4lywyJTHWSAvmhq6yqi3zHwvBzrRNuB1+TSEwt6E1Ab92CamQfyAZzed 4ReWofiXTAs7u8TASLR56TVNrU+rA6oRSAOib1gtcqK3pCjZ94nAk0n9dJOYWcZNJyGXANKA8ZH 7VIu1YBFJqt8lmIPrLCpiw5fs9sX5TsVqfLN04Yo56tDmLuoISOAnePoDoKU+gUT7FZoeCsuQTR +Zf5Lf/FQ9IJzy3MaaUvCl0vPyglLsQw7fhOT/5oIB4XPzVe/pJ9YwAT3RWofdRydvelff0SRuX tbO9xaalTHl58eVt6dZpSOnZEMx16dSg+U78t66mIXnXuGNNb/e2USg1iUB9QCksCRPdhkIjQSx NKAo5SiNgl2mCmSlt88CGAnQyo7U51kXJIyhlS4uxErwqUlL/qFkXo8GZcdDo61lY1b9+++syop mIvMMuCyP9KVYw= X-Received: by 2002:adf:ef09:0:b0:436:145a:e55b with SMTP id ffacd0b85a97d-436145ae73cmr1195696f8f.19.1770113968667; Tue, 03 Feb 2026 02:19:28 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:28 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 09/22] glibc: stable 2.42 branch updates Date: Tue, 3 Feb 2026 11:16:38 +0100 Message-ID: <0c942cc1ddf64bf796c7e8a36be98c3d0f224bc0.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230437 From: Peter Marko git log --oneline e34453cd6a8c592c325756ff3c7ac0afd3975cb4..912d89a766847649a3857985a3b5e6065c51bfd4 912d89a766 (HEAD -> release/2.42/master, origin/release/2.42/master) Switch currency symbol for the bg_BG locale to euro cbf39c26b2 posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281 / BZ 33814) 453e6b8dba resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915) b0ec8fb689 memalign: reinstate alignment overflow check (CVE-2026-0861) f122d0b4d1 nptl: Optimize trylock for high cache contention workloads (BZ #33704) a1d3294a5b support: Exit on consistency check failure in resolv_response_add_name 8dfb84ad4e support: Fix FILE * leak in check_for_unshare_hints in test-container 2a0873aa81 sprof: fix -Wformat warnings on 32-bit hosts efdf4c0c87 sprof: check pread size and offset for overflow b11411fe2e posix: Fix invalid flags test for p{write,read}v2 8aaf4b732d ppc64le: Power 10 rawmemchr clobbers v20 (bug #33091) 2dbf973fe0 ppc64le: Restore optimized strncmp for power10 6b2957cfe8 ppc64le: Restore optimized strcmp for power10 828b8d23f3 AArch64: Fix and improve SVE pow(f) special cases 710d7a2e83 AArch64: fix SVE tanpi(f) [BZ #33642] 0c9430ed97 AArch64: Fix instability in AdvSIMD sinh ec041b1f53 AArch64: Fix instability in AdvSIMD tan 97297120ce AArch64: Optimise SVE scalar callbacks 17c3eab387 aarch64: fix includes in SME tests de1fe81f47 aarch64: fix cfi directives around __libc_arm_za_disable bf499c2a49 x86: fix wmemset ifunc stray '!' (bug 33542) 71874f167a aarch64: tests for SME 256030b984 aarch64: clear ZA state of SME before clone and clone3 syscalls 6de12fc9ad aarch64: define macro for calling __libc_arm_za_disable ab8c1b5d62 x86: Detect Intel Nova Lake Processor bf48b17a28 x86: Detect Intel Wildcat Lake Processor 18fd689cdc nptl: Fix MADV_GUARD_INSTALL logic for thread without guard page (BZ 33356) 46b4e37c9e nss: Group merge does not react to ERANGE during merge (bug 33361) 1166170d95 libio: Define AT_RENAME_* with the same tokens as Linux Testing Results: Before After Diff PASS 6809 6815 +6 XPASS 4 4 0 FAIL 180 173 -7 XFAIL 16 16 0 UNSUPPORTED 129 129 0 Changes in failed testcases: testcase-name before after malloc/tst-malloc_info FAIL PASS malloc/tst-malloc-too-large FAIL PASS malloc/tst-malloc-too-large-malloc-check FAIL PASS malloc/tst-malloc-too-large-malloc-hugetlb1 FAIL PASS malloc/tst-malloc-too-large-malloc-largetcache FAIL PASS malloc/tst-malloc-too-large-mcheck FAIL PASS nptl/tst-robustpi7 FAIL PASS posix/tst-wait3 FAIL PASS stdio-common/tst-read-offset PASS FAIL Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-core/glibc/glibc-version.inc | 2 +- meta/recipes-core/glibc/glibc_2.42.bb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index a3ce970c29c..9991c024953 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.42/master" PV = "2.42+git" -SRCREV_glibc ?= "e34453cd6a8c592c325756ff3c7ac0afd3975cb4" +SRCREV_glibc ?= "912d89a766847649a3857985a3b5e6065c51bfd4" SRCREV_localedef ?= "cba02c503d7c853a38ccfb83c57e343ca5ecd7e5" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" diff --git a/meta/recipes-core/glibc/glibc_2.42.bb b/meta/recipes-core/glibc/glibc_2.42.bb index f9c1cdc2f14..a8717c0eae2 100644 --- a/meta/recipes-core/glibc/glibc_2.42.bb +++ b/meta/recipes-core/glibc/glibc_2.42.bb @@ -17,7 +17,7 @@ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, m easier access for another. 'ASLR bypass itself is not a vulnerability.'" CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS" -CVE_STATUS_STABLE_BACKPORTS = "" +CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-15281 CVE-2026-0861 CVE-2026-0915" CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash" DEPENDS += "gperf-native bison-native" From patchwork Tue Feb 3 10:16:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80331 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C1111E6E7E7 for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13359.1770113971164283507 for ; Tue, 03 Feb 2026 02:19:31 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=aX8MkHoS; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-48068127f00so46401385e9.3 for ; Tue, 03 Feb 2026 02:19:30 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113969; x=1770718769; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=016UgcrQEnkfxPTSBwfKcMxCE2gb98knx2wPC15YzEg=; b=aX8MkHoStbi9ZuIofZE+josq+JX7bk1h5V3wUYPIRwXHDG8urO3ilPWCTeKEBO8Xrc 4NQq1T0OIF6164JBByIynPCaGYuyxNzNtfo98kcXz8pCH9tJESiURmaRJL9hvl7F24Fu Ck6CELrbBrvoEjGoKw5D2yefSglHdFMtk6tbw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113969; x=1770718769; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=016UgcrQEnkfxPTSBwfKcMxCE2gb98knx2wPC15YzEg=; b=rvv9vbjXB5Lme0oHV5nI2yKwetWClxm25Fe0gBWFmF+79lvgdUFhLHK3LPdOuRH0iq 7kEtzbwJwjQO5CB0nLi76qv+1mjhBvREiW3ywd4Gg7ktVa2QK1IqVZx7OKmD9su1+7hg E+7Fq/dU9NZDdlCCrtsmvXFydpaVniiqlEOA4j5eS3O1C43Wo/21N6mYZU+rPZkC+xLm VanNundBWJekSVc4jyPgjNJoBD/dQJL45COK4Y7gO1up0NylWBfMY/DmbNA0dJiVjZzf LI1A2P6xpkBwxpXCxV79AzAmyvRonU7O8h8KLtp1V9amo7MMt+J09CMzSyOLznlrx09D OBhw== X-Gm-Message-State: AOJu0Ywwn0Pvnvtt/QT0W+xA9KS3V11RY6Q882yD7Tku+bB+8YXiYL80 LAUQsnT8SLNq0mBqsdmWE/kSDKoSknd5/fkjzSnM5pOfGP+v4YBdqo+PZg+Tgm0c8jzMiPRmqu6 OoCU04+w= X-Gm-Gg: AZuq6aLlfXq7GlN2Mad/c8Y42DiceaUJrma3ghOzhXC+yaGrCPalXDrefJTqhRp2pIb AHDd1BgD66UTnNyIFOUtTCoRRIiqUr0mkDDwKiZrde2WzAPk1EH9kSp9Nmv8MzKXe5ZhX3HQbO9 i0ZvXJ3WYOA0Wn3BPamHMt+z6slfpfVOKNfrFDXsL0+70YoMA8Nm9m1Cx1/CDeZymbxpr810pFe pRx83KFYh9T4c8NS3KJtBWNdXlRfBaobNLoWMHT8o6FgoaOir1Wg5o2wWr4WkH+HW5SxJRTv04E GbFIY9afBrg8Ks45eez8Nt2NuIlDHwe2JCQ94Vxw0jQ8e0RQoaZ6TuE1fmznYPOQtIB7Bf4Hrlc 3fcUAoTLzPjiyIWBMSKUm4d5oWhW639ZMPGtswkmI+aBCEmer1uN1uCc1e+/bMhuX+1iapIKuSt MMcY/qZf8CW0Li6Fk/LP89NUqtVOkfCGiy561gfzaDL+fAys504oL1YBz7szIVkw9/VOshRoaKA lShDGlYlIfSZzQ= X-Received: by 2002:a05:600c:628d:b0:480:6b76:dfb4 with SMTP id 5b1f17b1804b1-482db45698amr166746505e9.8.1770113969234; Tue, 03 Feb 2026 02:19:29 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:28 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 10/22] pseudo: Update to 1.9.3 release Date: Tue, 3 Feb 2026 11:16:39 +0100 Message-ID: <52fd83a9899d8f6222ab2447d214051d0e98482a.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230438 From: Richard Purdie Pulls in the following changes: Makefile.in: Bump version to 1.9.3 configure: Minor code quality changes pseudo: code quality scan - resolved various potential issues makewrappers: improve error handling and robustness Update COPYRIGHT files ports/linux/pseudo_wrappers.c: Call the wrappers where possible ports/linux/pseudo_wrappers.c: Workaround compile error on Debian 11 ports/linux/pseudo_wrappers.c: Reorder the syscall operations ports/unix/guts/realpath.c: Fix indents pseudo_util.c: Skip realpath like expansion for /proc on Linux test/test-proc-pipe.sh: Add test case for proc pipes ports/unix/guts/realpath.c: realpath fails if the resolved path doesn't exist Signed-off-by: Richard Purdie Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie (cherry picked from commit 524f4bbb11f9c7e0126e8bd46af217b452d48f5e) Signed-off-by: Yoann Congal --- meta/recipes-devtools/pseudo/pseudo_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb index 19b0d29b718..ed1e8fb3e01 100644 --- a/meta/recipes-devtools/pseudo/pseudo_git.bb +++ b/meta/recipes-devtools/pseudo/pseudo_git.bb @@ -12,8 +12,8 @@ SRC_URI:append:class-nativesdk = " \ file://older-glibc-symbols.patch" SRC_URI[prebuilt.sha256sum] = "ed9f456856e9d86359f169f46a70ad7be4190d6040282b84c8d97b99072485aa" -SRCREV = "125b020dd2bc46baa37a80784704e382732357b4" -PV = "1.9.2+git" +SRCREV = "750362cc7b9fa58dffccd95d919b435c6d8ac614" +PV = "1.9.3+git" # largefile and 64bit time_t support adds these macros via compiler flags globally # remove them for pseudo since pseudo intercepts some of the functions which will be From patchwork Tue Feb 3 10:16:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80326 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71690D172C2 for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13487.1770113971685483992 for ; Tue, 03 Feb 2026 02:19:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=NqlARc6n; spf=pass (domain: smile.fr, ip: 209.85.221.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-432d2670932so4918668f8f.2 for ; Tue, 03 Feb 2026 02:19:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113970; x=1770718770; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=b1570IQrm1P7aI/T6XIpQkLKtHEd8pBTaDCpGRxzrEs=; b=NqlARc6n6pZ6Wnuj/J6cqObzMbYtXNbepJCku2vHG243CVDr7mydDwcTD9hJAlbWHu WnfpnsluS7AEv33dwh4XrtOjPOqBI82oLP9emU+RoPFzP6t3issLmOqKJbAmL2gZ9HMP rOlbJKPPWJev2BGMiGlv2i8MBqNtTvWZbOTEc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113970; x=1770718770; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=b1570IQrm1P7aI/T6XIpQkLKtHEd8pBTaDCpGRxzrEs=; b=meDoHou+ibXb7lqC9Rr1x6ibBolxX7oKby09fandX+6E7/c2uAMGULhoTqwhRijPfP tuz51JADVG8IfUevp3vnM6xAmHiMMeIAvYSGZjVcWuC8Ev5LMiE0SHNT8xKvwRiCC7rf Ocs5lXgEDTX2wJSiJwM9YHcNqoMPqCvTtHEOgVYE2ZkLV/7ZVAidBwBckbdAiXNk1Rex /w4SWPQK9zj5UvARQbnesHMaKlEncz3g84afhLFdUEHPiT/nb7VZFEAXD3PnmjPB6OO5 F6NpJ8kR1exdKjzfZJMOzUczYnbiJrC1wayN+vHU7PM6l+lSXcaC0oWcO5PfUUY8HudC wXEw== X-Gm-Message-State: AOJu0YwBq4eXPoRQP3Ummfci2u2V8KaMt0EqRD0j+VUcXkgzEeNLMHTB GRQLleQe/IcNnxN+Em7SHVkXa3DK/fUmIQRUCD69MR9qtCQUYfZuGGJtOpTvE1glP2JhFQviHy5 JqG5JZOs= X-Gm-Gg: AZuq6aIYIq+31xvoEIxSLhxgufeI/uGD8teuDrG1B2anweQ/GSjHyT//M45ZZYppA1T VaFCM0zZERK23QD+laTwfkGPSSqN2+i2O/QpL8P6LqasY84qrlhoOeZEZV/Jt8H/EeTLcITCWZh zYxxQHDYjzoq0aOdoBj0SkW1I/AnmHcHD1V/SftaGnbbL2J7RrjpWJ7OrEsfe+MWlyOQv9yEMjI yY1j4GHitDzb2K5URNreecJeLrXtybI4wT4VrvYcxlbjkYwMCWmgtgVIaRbhtaHhiPF4cT9o300 ck698mY5cJ0uJVnYMUVR8wcJWH0+xIY+ipsW0cgLjdUUYG1Y/wBdO5wpJPT0/ZN6KUD96oFDR0y d9mXzQEr43HMdKnRG0ZUpDDncCIXsdBcJLoeuHX/kGRoFwnqDJ1ecFPWJs2X6Is4ugSAqnzFTy9 EL4dm09TzRm0I0n11VzB2skOvN6XXmnGc61hXchpUyyDGO5PTsYY8OU/9xjDdXLvK/3ixccpYKA +BhdXHoeKv/B7TE5S8pOjqxPA== X-Received: by 2002:a05:6000:2004:b0:42f:b690:6788 with SMTP id ffacd0b85a97d-435f3a6baa6mr19946280f8f.10.1770113969782; Tue, 03 Feb 2026 02:19:29 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:29 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 11/22] dpkg: Fix ADMINDIR Date: Tue, 3 Feb 2026 11:16:40 +0100 Message-ID: <759a12066a2c6126bc3a7fb2dccc92f3e2b4d6fe.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230439 From: Mark Hatle dpkg has a hard coded path (from build time) for the ADMINDIR, for some reason the "set_root" function was using this hard coded value instead of the value from apt.conf or the environment. Follow the example of db_dir.c and use the environment if set. Adjust the matching oe package_manager functions to set the ADMINDIR, even though the apt.conf sets --admindir. Note it's unclear if the --admindir value that is set is reasonable or not. Signed-off-by: Mark Hatle [AG: add Upstream-Status - Submitted to patch] Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie (cherry picked from commit 22c3ebacd3c21d1caf9fddb0f7f4ff06c7728d3a) Signed-off-by: Yoann Congal --- meta/lib/oe/package_manager/deb/__init__.py | 4 ++ ...-dirs.c-set_rootfs-was-not-checking-.patch | 46 +++++++++++++++++++ meta/recipes-devtools/dpkg/dpkg_1.22.21.bb | 1 + 3 files changed, 51 insertions(+) create mode 100644 meta/recipes-devtools/dpkg/dpkg/0001-lib-dpkg-options-dirs.c-set_rootfs-was-not-checking-.patch diff --git a/meta/lib/oe/package_manager/deb/__init__.py b/meta/lib/oe/package_manager/deb/__init__.py index eb48f3f9822..cdb58bee101 100644 --- a/meta/lib/oe/package_manager/deb/__init__.py +++ b/meta/lib/oe/package_manager/deb/__init__.py @@ -213,6 +213,7 @@ class DpkgPM(OpkgDpkgPM): def update(self): os.environ['APT_CONFIG'] = self.apt_conf_file + os.environ['DPKG_ADMINDIR'] = '/var/lib/dpkg' self.deploy_dir_lock() @@ -231,6 +232,7 @@ class DpkgPM(OpkgDpkgPM): return os.environ['APT_CONFIG'] = self.apt_conf_file + os.environ['DPKG_ADMINDIR'] = '/var/lib/dpkg' extra_args = "" if hard_depends_only: @@ -282,6 +284,7 @@ class DpkgPM(OpkgDpkgPM): os.environ['IPKG_OFFLINE_ROOT'] = self.target_rootfs os.environ['OPKG_OFFLINE_ROOT'] = self.target_rootfs os.environ['INTERCEPT_DIR'] = self.intercepts_dir + os.environ['DPKG_ADMINDIR'] = '/var/lib/dpkg' if with_dependencies: os.environ['APT_CONFIG'] = self.apt_conf_file @@ -424,6 +427,7 @@ class DpkgPM(OpkgDpkgPM): def fix_broken_dependencies(self): os.environ['APT_CONFIG'] = self.apt_conf_file + os.environ['DPKG_ADMINDIR'] = '/var/lib/dpkg' cmd = "%s %s --allow-unauthenticated -f install" % (self.apt_get_cmd, self.apt_args) diff --git a/meta/recipes-devtools/dpkg/dpkg/0001-lib-dpkg-options-dirs.c-set_rootfs-was-not-checking-.patch b/meta/recipes-devtools/dpkg/dpkg/0001-lib-dpkg-options-dirs.c-set_rootfs-was-not-checking-.patch new file mode 100644 index 00000000000..34060c74634 --- /dev/null +++ b/meta/recipes-devtools/dpkg/dpkg/0001-lib-dpkg-options-dirs.c-set_rootfs-was-not-checking-.patch @@ -0,0 +1,46 @@ +From c036cfa1ee53a900b4ed45bc91e45a0792547eea Mon Sep 17 00:00:00 2001 +From: Mark Hatle +Date: Sat, 17 Jan 2026 20:20:23 +0000 +Subject: [PATCH] lib/dpkg/options-dirs.c: set_rootfs was not checking + environment + +The set_rootfs function was using the hardcoded ADMINDIR (define). It +should be checking the environment, and then falling back to the define +if not set. + +This matches the behavior in db_dir.c. + +Upstream-Status: Submitted [https://lists.debian.org/debian-dpkg/2026/01/maillist.html]] + +Signed-off-by: Mark Hatle +--- + lib/dpkg/options-dirs.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/dpkg/options-dirs.c b/lib/dpkg/options-dirs.c +index 9b7a122fe..34869d792 100644 +--- a/lib/dpkg/options-dirs.c ++++ b/lib/dpkg/options-dirs.c +@@ -49,13 +49,18 @@ set_admindir(const struct cmdinfo *cip, const char *value) + void + set_root(const struct cmdinfo *cip, const char *value) + { ++ const char *env; + char *db_dir; + + /* Initialize the root directory. */ + dpkg_fsys_set_dir(value); + + /* Set the database directory based on the new root directory. */ +- db_dir = dpkg_fsys_get_path(ADMINDIR); ++ env = getenv("DPKG_ADMINDIR"); ++ if (env) ++ db_dir = dpkg_fsys_get_path(env); ++ else ++ db_dir = dpkg_fsys_get_path(ADMINDIR); + dpkg_db_set_dir(db_dir); + free(db_dir); + } +-- +2.30.2 + diff --git a/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb b/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb index d793c26d57a..20f98d5d2d3 100644 --- a/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb +++ b/meta/recipes-devtools/dpkg/dpkg_1.22.21.bb @@ -14,6 +14,7 @@ SRC_URI = "git://salsa.debian.org/dpkg-team/dpkg.git;protocol=https;branch=1.22. file://0007-dpkg-deb-build.c-Remove-usage-of-clamp-mtime-in-tar.patch \ file://0001-dpkg-Support-muslx32-build.patch \ file://0001-Add-support-for-riscv32-CPU.patch \ + file://0001-lib-dpkg-options-dirs.c-set_rootfs-was-not-checking-.patch \ " SRC_URI:append:class-native = " file://0001-build.c-ignore-return-of-1-from-tar-cf.patch" From patchwork Tue Feb 3 10:16:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80321 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E237D172BE for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13360.1770113972421728373 for ; Tue, 03 Feb 2026 02:19:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=c1tyfdI9; spf=pass (domain: smile.fr, ip: 209.85.221.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-4359a302794so3715129f8f.1 for ; Tue, 03 Feb 2026 02:19:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113970; x=1770718770; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1rvrEdw9rY3VIakIu2LZnyijy7NIiePsjtf6cb1WcQo=; b=c1tyfdI9c2s9NCwhhDu4RBOsRu2sjHpXI5wMF3VpvSkSjkAdoeEEbrhPWt1AJa6zz1 B79rhYPtisaJGmSwP7lZe/Om8nmb3BePzwNKsl+OCzBAgC0/Nshy1KzuR5CPBEU6YmS6 Gq3MLWGfTztEtGHf+QYQx/+P9UtCLT4tFhb6I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113970; x=1770718770; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=1rvrEdw9rY3VIakIu2LZnyijy7NIiePsjtf6cb1WcQo=; b=dfEoI1P4sa0/TfYCS2kNg9W8NZPienbamI2AEQp2HZPCylfZhlcytrDg8kw3euE0k8 0v89gnDlG6APRtqiBWpluRkLt9hC3OmFhHvfjkWqzg8DCxghb1eErmvTtLpwW694hx49 Cnf+HPdMdq01zKSt1XlvqfyLI0Fx9bV79TFt+Q32npmC91X2wjRGpVXjJSTtpxQjh7MW kZoWSVzNqkfRfilVQjrTH2YXF7uo4a0GG7inwn/Dy6cb9SLk55QtlBU0rHpFVqHu/Kgj 0/1z9RX/Fv5/Guhll1wFXlQjMgVI4CjD5LdAZVzcTF9krbx6yHyI2zwWCdX3er/qvi6q d76A== X-Gm-Message-State: AOJu0YyscYhMOcB/V/7HlANZnJyjr9h3tsU85coPFpc7tOSzpNWt5dMO Ed1RM17TO727neZc5iGFDRfSSxdI091AOIBT+nAu0GcuIIEJttbPN9clC+s48L/leJjavua5i+r wMSliM24= X-Gm-Gg: AZuq6aLygKzQyHTdn2Ln+aGpQoisncz/Kl6mT94DZAwEfTrGNMOOOlMVnaro6uX5N5g b6reA2DcEQUfr5W0/mSkVFdIxOk7zq+Yyt5xUbFJHs16n87Itc19E+q0Z0LQhYKkR6Gn4NHW76f Et4yunOVRqY3x81ROyNhTYuyafNgobScw4dCYIlcZ37FB/K4VdYb2ZeWc7D0RrvDlNjeaN/bhg7 1Ft/8TMe//ZIO563LW76PzpdITUX/fIY2z4z9BueEEgtPqv5xwV0APE4N2rW531XzfJ+xiRTPrF fEVv2GHMkO4seS5dDIXKk6BrezobDqxiTQz667GanNmSqaAnQo3Bcq1e4WDUeUP2yEeCDnz8tLx 9ARAVBxamNdFhwGvZcxcueqwUENroUdluz+TQRNksTMKPey+0yj3H2R/AikzQZoUVrl12Su1yZP eL9iFemWnCRc58NLZXunW+2DCVaQ1/MrfoVsH0USjutSWsVQ7unXepQvrEJB2H9DEsadgaO4QHz D42AsGYis6QD8w= X-Received: by 2002:a05:6000:1868:b0:430:fd60:93fb with SMTP id ffacd0b85a97d-435f3aae16amr20270506f8f.32.1770113970326; Tue, 03 Feb 2026 02:19:30 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:29 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 12/22] docbook-xml-dtd4: fix the fetching failure Date: Tue, 3 Feb 2026 11:16:41 +0100 Message-ID: <0bd1e63f90a3ee74f936b61acb820c9d454fca1d.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230440 From: Khai Dang Updating SRC_URI, the old archive url is deprecated. Signed-off-by: Khai Dang Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit c137d3637b6171fbd3bfd671a56096e7f2b3c318) Signed-off-by: Yoann Congal --- .../docbook-xml/docbook-xml-dtd4_4.5.bb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/meta/recipes-devtools/docbook-xml/docbook-xml-dtd4_4.5.bb b/meta/recipes-devtools/docbook-xml/docbook-xml-dtd4_4.5.bb index 1148d536944..ea0861823d3 100644 --- a/meta/recipes-devtools/docbook-xml/docbook-xml-dtd4_4.5.bb +++ b/meta/recipes-devtools/docbook-xml/docbook-xml-dtd4_4.5.bb @@ -10,11 +10,11 @@ LIC_FILES_CHKSUM = "file://docbook-4.5/docbookx.dtd;beginline=15;endline=30;md5= file://LICENSE-OASIS;md5=b9ee6208caa6e66c68dfad6f31d73f92" # Install the latest 4.5 DTDs, and the previous releases for backward compatibility. -SRC_URI = "https://docbook.org/xml/4.1.2/docbkx412.zip;name=payload412;subdir=docbook-4.1.2 \ - https://docbook.org/xml/4.2/docbook-xml-4.2.zip;name=payload42;subdir=docbook-4.2 \ - https://docbook.org/xml/4.3/docbook-xml-4.3.zip;name=payload43;subdir=docbook-4.3 \ - https://docbook.org/xml/4.4/docbook-xml-4.4.zip;name=payload44;subdir=docbook-4.4 \ - https://docbook.org/xml/${PV}/docbook-xml-${PV}.zip;name=payloadPV;subdir=docbook-${PV} \ +SRC_URI = "https://archive.docbook.org/xml/4.1.2/docbkx412.zip;name=payload412;subdir=docbook-4.1.2 \ + https://archive.docbook.org/xml/4.2/docbook-xml-4.2.zip;name=payload42;subdir=docbook-4.2 \ + https://archive.docbook.org/xml/4.3/docbook-xml-4.3.zip;name=payload43;subdir=docbook-4.3 \ + https://archive.docbook.org/xml/4.4/docbook-xml-4.4.zip;name=payload44;subdir=docbook-4.4 \ + https://archive.docbook.org/xml/${PV}/docbook-xml-${PV}.zip;name=payloadPV;subdir=docbook-${PV} \ file://docbook-xml-update-catalog.xml.patch \ file://LICENSE-OASIS" From patchwork Tue Feb 3 10:16:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80327 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F743E7C714 for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13488.1770113973378657167 for ; Tue, 03 Feb 2026 02:19:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=KfacMDlg; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-4801eb2c0a5so52105605e9.3 for ; Tue, 03 Feb 2026 02:19:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113971; x=1770718771; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=U0KODpdHhcP0Yoh9EFgBt15Uo3BuUvnUPqpD05BQusA=; b=KfacMDlgLcf4sINwECHNmdyoZZgHg4eRpOsDL7t5nq79EaTMW56pTkoXAuUb1gabhj vCy8U1V2egPeFJFlJNCRVWkG/wjcq+HbwJsRBl5D9XpS8b6v9iZssk6q6NjdfY8KsgKK zn4iOPynCWAR7PPU2HoAnNgH8lydGGOpRjBH0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113971; x=1770718771; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=U0KODpdHhcP0Yoh9EFgBt15Uo3BuUvnUPqpD05BQusA=; b=WQI2xUHD13wiLZdw74QxhmEzDrWOcXRhd7/dxTIGLaUDkcMduinQgKGxVuo6l0JGeN JqqKEQ5lSJfAf1KoYP4+x8QKdofP+zf3qphCdITuZvKwrCRZOlSoI2rw/tJyp8TCSsb7 0M9kuIYJsH9IU0bBrU7Q6YYlWzjHPrlvsarG7vQ1u2hBygchPU9Y/H5lAvu4POJoffbz z1vRiXvkoizAqMZPxshwbO7P95QG6OGlNt3R5NUVda+Eeubp/bZBRHKuagm1zwA/4wvl H4IOfZ9+u4GGFUqswGc3SM4JnO6L5sjt38a1d3P4fPu8SKQe05hBV/eZOJwASoKFjfvu /oAA== X-Gm-Message-State: AOJu0YxaSbDUA44saJ7gZIq5i3JSro0SBrOKCsMj3aR1/6wTUKIn3eXa RsmEpwPP8DPvervWEIeZoigxcIe4rYZuxlPHokuxr0PiInfr9D3EFc1jcGa7BlTGzBwad9Xst+j 7mNPEUXc= X-Gm-Gg: AZuq6aIteoTCYOwFGS6kTLXhZK8rtEewOyBMdGQIAZmcq60TVpRG+neucwVIynNS5Qh +FJywUzYRGyT+RaBWedmw2q6J5fqMwt50AM41v5K9Rgf6J1IgeJu4Ey80SK8u1ANfyCYenSicrR z4b5mscG6kQ86nQjL7WS9lBprWW0yLe/DKjFmCDXj15+p0UTAZnq83/+nRudvlRXtvXd8/jhTCr ZWkenuxf/fAGSjxQtrxVsqcmzlEwhoznn7t7lNWy0k/o1vE1RGZVsOhnYMJC+Iwujzaods+icbU UYqbTOVj7kFRBS6wkjZZ46JetA/ivdOD+9hGUUAHWjYqfEv8gHQcmhGDTCxx6vXV8ryosbIX5Er vVDT3zU01uqdhFbytMCvB/qlz1E0z428Wsz2BODmq2YqBDokt+NiHtW76tr/IVFi6mPjbzKldwv rKpYoCSXg3BKANAvtms7YjmjOfbt1extoYLj8EDjcKFHcIrhu9gQ23Sw+vW09WwZguhNkEJ/myF /RSR/CQg/mSQB0= X-Received: by 2002:a05:600c:4f8f:b0:480:4c45:aff5 with SMTP id 5b1f17b1804b1-482db4995b1mr181708545e9.34.1770113971035; Tue, 03 Feb 2026 02:19:31 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:30 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 13/22] dropbear: patch CVE-2025-14282 Date: Tue, 3 Feb 2026 11:16:42 +0100 Message-ID: <439d6a72f36022c073fce465eee4e3522d95ed6d.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230441 From: Peter Marko Pick commits from PRs per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-14282 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../dropbear/dropbear/CVE-2025-14282-01.patch | 280 +++++++++++++++++ .../dropbear/dropbear/CVE-2025-14282-02.patch | 97 ++++++ .../dropbear/dropbear/CVE-2025-14282-03.patch | 282 ++++++++++++++++++ .../dropbear/dropbear/CVE-2025-14282-04.patch | 72 +++++ .../dropbear/dropbear/CVE-2025-14282-05.patch | 46 +++ .../recipes-core/dropbear/dropbear_2025.88.bb | 5 + 6 files changed, 782 insertions(+) create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-01.patch create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-02.patch create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-03.patch create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-04.patch create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-14282-05.patch diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-01.patch b/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-01.patch new file mode 100644 index 00000000000..33b871620fe --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-01.patch @@ -0,0 +1,280 @@ +From e0251be2354e1a5c6eccfc2cf4b64243625dafcc Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Tue, 9 Dec 2025 15:08:06 +0900 +Subject: [PATCH] Drop privileges after user authentication + +Instead of switching user privileges after forking to a shell, switch +to the user immediately upon successful authentication. + +This will require further commits to fix utmp and hostkey handling. + +The DROPBEAR_SVR_DROP_PRIVS configuration option controls this +behaviour. This should generally be enabled, but can be set to 0 for +incompatible platforms. In future it may become non-optional, those +platforms should be investigated. + +Most uses of DROPBEAR_SVR_MULTIUSER have been replaced by +!DROPBEAR_SVR_DROP_PRIVS. + +CVE: CVE-2025-14282 +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/e0251be2354e1a5c6eccfc2cf4b64243625dafcc] +Signed-off-by: Peter Marko +--- + .github/workflows/build.yml | 2 ++ + src/auth.h | 1 + + src/default_options.h | 6 +++++ + src/svr-agentfwd.c | 14 ++++++++---- + src/svr-auth.c | 45 +++++++++++++++++++++++++++++++++++++ + src/svr-authpubkey.c | 6 +++-- + src/svr-chansession.c | 26 ++------------------- + src/sysoptions.h | 3 +++ + 8 files changed, 73 insertions(+), 30 deletions(-) + +diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml +index 61e64a1..5c07d28 100644 +--- a/.github/workflows/build.yml ++++ b/.github/workflows/build.yml +@@ -227,6 +227,8 @@ jobs: + echo "#define DROPBEAR_SVR_PASSWORD_AUTH 0" >> localoptions.h + # 1 second timeout is too short + sed -i "s/DEFAULT_IDLE_TIMEOUT 1/DEFAULT_IDLE_TIMEOUT 99/" localoptions.h ++ # DROPBEAR_SVR_DROP_PRIVS is on by default, turn it off ++ echo "#define DROPBEAR_SVR_DROP_PRIVS 0" >> localoptions.h + + - name: make + run: | +diff --git a/src/auth.h b/src/auth.h +index 0e854fb..096d23d 100644 +--- a/src/auth.h ++++ b/src/auth.h +@@ -40,6 +40,7 @@ void send_msg_userauth_banner(const buffer *msg); + void svr_auth_password(int valid_user); + void svr_auth_pubkey(int valid_user); + void svr_auth_pam(int valid_user); ++void svr_switch_user(void); + + #if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT + int svr_pubkey_allows_agentfwd(void); +diff --git a/src/default_options.h b/src/default_options.h +index 9a0f064..705da74 100644 +--- a/src/default_options.h ++++ b/src/default_options.h +@@ -303,6 +303,12 @@ group1 in Dropbear server too */ + /* -T server option overrides */ + #define MAX_AUTH_TRIES 10 + ++/* Change server process to user privileges after authentication. */ ++#ifndef DROPBEAR_SVR_DROP_PRIVS ++/* Default is enabled. Should only be disabled if platforms are incompatible */ ++#define DROPBEAR_SVR_DROP_PRIVS DROPBEAR_SVR_MULTIUSER ++#endif ++ + /* Delay introduced before closing an unauthenticated session (seconds). + Disabled by default, can be set to say 30 seconds to reduce the speed + of password brute forcing. Note that there is a risk of denial of +diff --git a/src/svr-agentfwd.c b/src/svr-agentfwd.c +index a8941ea..5ee8c25 100644 +--- a/src/svr-agentfwd.c ++++ b/src/svr-agentfwd.c +@@ -151,7 +151,7 @@ void svr_agentcleanup(struct ChanSess * chansess) { + + if (chansess->agentfile != NULL && chansess->agentdir != NULL) { + +-#if DROPBEAR_SVR_MULTIUSER ++#if !DROPBEAR_SVR_DROP_PRIVS + /* Remove the dir as the user. That way they can't cause problems except + * for themselves */ + uid = getuid(); +@@ -160,6 +160,9 @@ void svr_agentcleanup(struct ChanSess * chansess) { + (seteuid(ses.authstate.pw_uid)) < 0) { + dropbear_exit("Failed to set euid"); + } ++#else ++ (void)uid; ++ (void)gid; + #endif + + /* 2 for "/" and "\0" */ +@@ -172,7 +175,7 @@ void svr_agentcleanup(struct ChanSess * chansess) { + + rmdir(chansess->agentdir); + +-#if DROPBEAR_SVR_MULTIUSER ++#if !DROPBEAR_SVR_DROP_PRIVS + if ((seteuid(uid)) < 0 || + (setegid(gid)) < 0) { + dropbear_exit("Failed to revert euid"); +@@ -219,7 +222,7 @@ static int bindagent(int fd, struct ChanSess * chansess) { + gid_t gid; + int ret = DROPBEAR_FAILURE; + +-#if DROPBEAR_SVR_MULTIUSER ++#if !DROPBEAR_SVR_DROP_PRIVS + /* drop to user privs to make the dir/file */ + uid = getuid(); + gid = getgid(); +@@ -227,6 +230,9 @@ static int bindagent(int fd, struct ChanSess * chansess) { + (seteuid(ses.authstate.pw_uid)) < 0) { + dropbear_exit("Failed to set euid"); + } ++#else ++ (void)uid; ++ (void)gid; + #endif + + memset((void*)&addr, 0x0, sizeof(addr)); +@@ -267,7 +273,7 @@ bindsocket: + + + out: +-#if DROPBEAR_SVR_MULTIUSER ++#if !DROPBEAR_SVR_DROP_PRIVS + if ((seteuid(uid)) < 0 || + (setegid(gid)) < 0) { + dropbear_exit("Failed to revert euid"); +diff --git a/src/svr-auth.c b/src/svr-auth.c +index 0a6b33a..46ba012 100644 +--- a/src/svr-auth.c ++++ b/src/svr-auth.c +@@ -457,12 +457,22 @@ void send_msg_userauth_success() { + /* authdone must be set after encrypt_packet() for + * delayed-zlib mode */ + ses.authstate.authdone = 1; ++ ++#if DROPBEAR_DROP_PRIVS ++ svr_switch_user(); ++#endif + ses.connect_time = 0; + + ++#if DROPBEAR_DROP_PRIVS ++ /* If running as the user, we can rely on the OS ++ * to limit allowed ports */ ++ ses.allowprivport = 1; ++#else + if (ses.authstate.pw_uid == 0) { + ses.allowprivport = 1; + } ++#endif + + /* Remove from the list of pre-auth sockets. Should be m_close(), since if + * we fail, we might end up leaking connection slots, and disallow new +@@ -472,3 +482,38 @@ void send_msg_userauth_success() { + TRACE(("leave send_msg_userauth_success")) + + } ++ ++/* Switch to the ses.authstate user. ++ * Fails if not running as root and the user differs. ++ * ++ * This may be called either after authentication, or ++ * after shell/command fork if DROPBEAR_SVR_DROP_PRIVS is unset. ++ */ ++void svr_switch_user(void) { ++ assert(ses.authstate.authdone); ++ ++ /* We can only change uid/gid as root ... */ ++ if (getuid() == 0) { ++ ++ if ((setgid(ses.authstate.pw_gid) < 0) || ++ (initgroups(ses.authstate.pw_name, ++ ses.authstate.pw_gid) < 0)) { ++ dropbear_exit("Error changing user group"); ++ } ++ if (setuid(ses.authstate.pw_uid) < 0) { ++ dropbear_exit("Error changing user"); ++ } ++ } else { ++ /* ... but if the daemon is the same uid as the requested uid, we don't ++ * need to */ ++ ++ /* XXX - there is a minor issue here, in that if there are multiple ++ * usernames with the same uid, but differing groups, then the ++ * differing groups won't be set (as with initgroups()). The solution ++ * is for the sysadmin not to give out the UID twice */ ++ if (getuid() != ses.authstate.pw_uid) { ++ dropbear_exit("Couldn't change user as non-root"); ++ } ++ } ++} ++ +diff --git a/src/svr-authpubkey.c b/src/svr-authpubkey.c +index 94ae728..e26b0ee 100644 +--- a/src/svr-authpubkey.c ++++ b/src/svr-authpubkey.c +@@ -462,12 +462,14 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen, + int ret = DROPBEAR_FAILURE; + buffer * line = NULL; + int line_num; ++#if !DROPBEAR_SVR_DROP_PRIVS + uid_t origuid; + gid_t origgid; ++#endif + + TRACE(("enter checkpubkey")) + +-#if DROPBEAR_SVR_MULTIUSER ++#if !DROPBEAR_SVR_DROP_PRIVS + /* access the file as the authenticating user. */ + origuid = getuid(); + origgid = getgid(); +@@ -488,7 +490,7 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen, + TRACE(("checkpubkey: failed opening %s: %s", filename, strerror(errno))) + } + } +-#if DROPBEAR_SVR_MULTIUSER ++#if !DROPBEAR_SVR_DROP_PRIVS + if ((seteuid(origuid)) < 0 || + (setegid(origgid)) < 0) { + dropbear_exit("Failed to revert euid"); +diff --git a/src/svr-chansession.c b/src/svr-chansession.c +index 2ca6fc1..0a37fbf 100644 +--- a/src/svr-chansession.c ++++ b/src/svr-chansession.c +@@ -980,30 +980,8 @@ static void execchild(const void *user_data) { + #endif /* DEBUG_VALGRIND */ + } + +-#if DROPBEAR_SVR_MULTIUSER +- /* We can only change uid/gid as root ... */ +- if (getuid() == 0) { +- +- if ((setgid(ses.authstate.pw_gid) < 0) || +- (initgroups(ses.authstate.pw_name, +- ses.authstate.pw_gid) < 0)) { +- dropbear_exit("Error changing user group"); +- } +- if (setuid(ses.authstate.pw_uid) < 0) { +- dropbear_exit("Error changing user"); +- } +- } else { +- /* ... but if the daemon is the same uid as the requested uid, we don't +- * need to */ +- +- /* XXX - there is a minor issue here, in that if there are multiple +- * usernames with the same uid, but differing groups, then the +- * differing groups won't be set (as with initgroups()). The solution +- * is for the sysadmin not to give out the UID twice */ +- if (getuid() != ses.authstate.pw_uid) { +- dropbear_exit("Couldn't change user as non-root"); +- } +- } ++#if !DROPBEAR_SVR_DROP_PRIVS ++ svr_switch_user(); + #endif + + /* set env vars */ +diff --git a/src/sysoptions.h b/src/sysoptions.h +index cea9688..32b0a13 100644 +--- a/src/sysoptions.h ++++ b/src/sysoptions.h +@@ -443,6 +443,9 @@ + #define DROPBEAR_MULTI 0 + #endif + ++#if !DROPBEAR_SVR_MULTIUSER && DROPBEAR_SVR_DROP_PRIVS ++#error DROPBEAR_SVR_DROP_PRIVS needs DROPBEAR_SVR_MULTIUSER ++#endif + /* Fuzzing expects all key types to be enabled */ + #if DROPBEAR_FUZZ + #if defined(DROPBEAR_DSS) diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-02.patch b/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-02.patch new file mode 100644 index 00000000000..5c5265afef7 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-02.patch @@ -0,0 +1,97 @@ +From b47fe5df58f0b459bb49accdd8cb961d969209fb Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Tue, 9 Dec 2025 09:04:04 +0900 +Subject: [PATCH] Remove return code from login_login + +Previously this was always 0, so not useful. + +CVE: CVE-2025-14282 +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/b47fe5df58f0b459bb49accdd8cb961d969209fb] +Signed-off-by: Peter Marko +--- + src/loginrec.c | 19 +++++-------------- + src/loginrec.h | 6 +++--- + 2 files changed, 8 insertions(+), 17 deletions(-) + +diff --git a/src/loginrec.c b/src/loginrec.c +index b543bcb..d4fdb62 100644 +--- a/src/loginrec.c ++++ b/src/loginrec.c +@@ -193,32 +193,24 @@ int wtmpx_get_entry(struct logininfo *li); + * + * Call with a pointer to a struct logininfo initialised with + * login_init_entry() or login_alloc_entry() +- * +- * Returns: +- * >0 if successful +- * 0 on failure (will use OpenSSH's logging facilities for diagnostics) + */ +-int ++void + login_login (struct logininfo *li) + { + li->type = LTYPE_LOGIN; +- return login_write(li); ++ login_write(li); + } + + + /* login_logout(struct logininfo *) - Record a logout + * + * Call as with login_login() +- * +- * Returns: +- * >0 if successful +- * 0 on failure (will use OpenSSH's logging facilities for diagnostics) + */ +-int ++void + login_logout(struct logininfo *li) + { + li->type = LTYPE_LOGOUT; +- return login_write(li); ++ login_write(li); + } + + +@@ -309,7 +301,7 @@ login_set_current_time(struct logininfo *li) + ** login_write: Call low-level recording functions based on autoconf + ** results + **/ +-int ++void + login_write (struct logininfo *li) + { + #ifndef HAVE_CYGWIN +@@ -340,7 +332,6 @@ login_write (struct logininfo *li) + #ifdef USE_WTMPX + wtmpx_write_entry(li); + #endif +- return 0; + } + + #ifdef LOGIN_NEEDS_UTMPX +diff --git a/src/loginrec.h b/src/loginrec.h +index 6abde48..f8c98ba 100644 +--- a/src/loginrec.h ++++ b/src/loginrec.h +@@ -161,8 +161,8 @@ int login_init_entry(struct logininfo *li, int pid, const char *username, + void login_set_current_time(struct logininfo *li); + + /* record the entry */ +-int login_login (struct logininfo *li); +-int login_logout(struct logininfo *li); ++void login_login (struct logininfo *li); ++void login_logout(struct logininfo *li); + #ifdef LOGIN_NEEDS_UTMPX + int login_utmp_only(struct logininfo *li); + #endif +@@ -170,7 +170,7 @@ int login_utmp_only(struct logininfo *li); + /** End of public functions */ + + /* record the entry */ +-int login_write (struct logininfo *li); ++void login_write (struct logininfo *li); + int login_log_entry(struct logininfo *li); + + /* produce various forms of the line filename */ diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-03.patch b/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-03.patch new file mode 100644 index 00000000000..c8996b977e4 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-03.patch @@ -0,0 +1,282 @@ +From 73e4e70ea8e6b890c3918b52bb2e647313a09faa Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Tue, 9 Dec 2025 09:05:30 +0900 +Subject: [PATCH] Retain utmp saved group when dropping privileges + +utmp is required to record logout. The saved group +is reset by the OS for the executed user shell. + +This requires setresgid() function which is not available on all +platforms. Notable platforms are netbsd and macos. Those platforms will +have to set DROPBEAR_SVR_DROP_PRIVS 0 unless an alternative approach is +found. + +CVE: CVE-2025-14282 +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/73e4e70ea8e6b890c3918b52bb2e647313a09faa] +Signed-off-by: Peter Marko +--- + .github/workflows/build.yml | 6 ++++ + configure | 7 +++++ + configure.ac | 1 + + src/auth.h | 2 ++ + src/config.h.in | 3 ++ + src/loginrec.c | 6 ---- + src/session.h | 6 ++++ + src/svr-auth.c | 61 +++++++++++++++++++++++++++++++++++-- + src/svr-chansession.c | 8 +++++ + src/sysoptions.h | 4 +++ + 10 files changed, 96 insertions(+), 8 deletions(-) + +diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml +index 5c07d28..4fe41bd 100644 +--- a/.github/workflows/build.yml ++++ b/.github/workflows/build.yml +@@ -78,6 +78,9 @@ jobs: + # fails with: + # .../ranlib: file: libtomcrypt.a(cbc_setiv.o) has no symbols + ranlib: ranlib -no_warning_for_no_symbols ++ # macos doesn't have setresgid ++ localoptions: | ++ #define DROPBEAR_SVR_DROP_PRIVS 0 + + - name: macos 15 + os: macos-15 +@@ -90,6 +93,9 @@ jobs: + # fails with: + # .../ranlib: file: libtomcrypt.a(cbc_setiv.o) has no symbols + ranlib: ranlib -no_warning_for_no_symbols ++ # macos doesn't have setresgid ++ localoptions: | ++ #define DROPBEAR_SVR_DROP_PRIVS 0 + + # Check that debug code doesn't bitrot + - name: DEBUG_TRACE +diff --git a/configure b/configure +index 13c911e..8867f8a 100755 +--- a/configure ++++ b/configure +@@ -7597,6 +7597,13 @@ then : + + fi + ++ac_fn_c_check_func "$LINENO" "setresgid" "ac_cv_func_setresgid" ++if test "x$ac_cv_func_setresgid" = xyes ++then : ++ printf "%s\n" "#define HAVE_SETRESGID 1" >>confdefs.h ++ ++fi ++ + + # Might be a macro. Might be sys/endian.h on BSDs + ac_fn_c_check_header_compile "$LINENO" "endian.h" "ac_cv_header_endian_h" "$ac_includes_default" +diff --git a/configure.ac b/configure.ac +index 674fd4d..0e7e331 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -545,6 +545,7 @@ AC_CHECK_FUNCS(utmpname) + AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) + AC_CHECK_FUNCS(setutxent utmpxname) + AC_CHECK_FUNCS(logout updwtmp logwtmp) ++AC_CHECK_FUNCS(setresgid) + + # Might be a macro. Might be sys/endian.h on BSDs + AC_CHECK_HEADERS([endian.h]) +diff --git a/src/auth.h b/src/auth.h +index 096d23d..1145ad7 100644 +--- a/src/auth.h ++++ b/src/auth.h +@@ -41,6 +41,8 @@ void svr_auth_password(int valid_user); + void svr_auth_pubkey(int valid_user); + void svr_auth_pam(int valid_user); + void svr_switch_user(void); ++void svr_raise_gid_utmp(void); ++void svr_restore_gid(void); + + #if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT + int svr_pubkey_allows_agentfwd(void); +diff --git a/src/config.h.in b/src/config.h.in +index 0590e0c..589786e 100644 +--- a/src/config.h.in ++++ b/src/config.h.in +@@ -231,6 +231,9 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_SECURITY_PAM_APPL_H + ++/* Define to 1 if you have the `setresgid' function. */ ++#undef HAVE_SETRESGID ++ + /* Define to 1 if you have the `setutent' function. */ + #undef HAVE_SETUTENT + +diff --git a/src/loginrec.c b/src/loginrec.c +index d4fdb62..3118bf6 100644 +--- a/src/loginrec.c ++++ b/src/loginrec.c +@@ -304,12 +304,6 @@ login_set_current_time(struct logininfo *li) + void + login_write (struct logininfo *li) + { +-#ifndef HAVE_CYGWIN +- if ((int)geteuid() != 0) { +- return 1; +- } +-#endif +- + /* set the timestamp */ + login_set_current_time(li); + #ifdef USE_LOGIN +diff --git a/src/session.h b/src/session.h +index f37e7ff..e1a5cfa 100644 +--- a/src/session.h ++++ b/src/session.h +@@ -276,6 +276,12 @@ struct serversession { + /* The instance created by the plugin_new function */ + struct PluginInstance *plugin_instance; + #endif ++ ++#if DROPBEAR_SVR_DROP_PRIVS ++ /* Set to 1 when utmp_gid is valid */ ++ int have_utmp_gid; ++ gid_t utmp_gid; ++#endif + }; + + typedef enum { +diff --git a/src/svr-auth.c b/src/svr-auth.c +index 46ba012..de01458 100644 +--- a/src/svr-auth.c ++++ b/src/svr-auth.c +@@ -458,13 +458,14 @@ void send_msg_userauth_success() { + * delayed-zlib mode */ + ses.authstate.authdone = 1; + +-#if DROPBEAR_DROP_PRIVS ++#if DROPBEAR_SVR_DROP_PRIVS ++ /* Drop privileges as soon as authentication has happened. */ + svr_switch_user(); + #endif + ses.connect_time = 0; + + +-#if DROPBEAR_DROP_PRIVS ++#if DROPBEAR_SVR_DROP_PRIVS + /* If running as the user, we can rely on the OS + * to limit allowed ports */ + ses.allowprivport = 1; +@@ -483,6 +484,20 @@ void send_msg_userauth_success() { + + } + ++#if DROPBEAR_SVR_DROP_PRIVS ++/* Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ ++static int utmp_gid(gid_t *ret_gid) { ++ struct group *utmp_gr = getgrnam("utmp"); ++ if (!utmp_gr) { ++ TRACE(("No utmp group")); ++ return DROPBEAR_FAILURE; ++ } ++ ++ *ret_gid = utmp_gr->gr_gid; ++ return DROPBEAR_SUCCESS; ++} ++#endif ++ + /* Switch to the ses.authstate user. + * Fails if not running as root and the user differs. + * +@@ -500,6 +515,25 @@ void svr_switch_user(void) { + ses.authstate.pw_gid) < 0)) { + dropbear_exit("Error changing user group"); + } ++ ++#if DROPBEAR_SVR_DROP_PRIVS ++ /* Retain utmp saved group so that wtmp/utmp can be written */ ++ int ret = utmp_gid(&svr_ses.utmp_gid); ++ if (ret == DROPBEAR_SUCCESS) { ++ /* Set saved gid to utmp so that it can be ++ * restored for login_logout() etc. This saved ++ * group is cleared by the OS on execve() */ ++ int rc = setresgid(-1, -1, svr_ses.utmp_gid); ++ if (rc == 0) { ++ svr_ses.have_utmp_gid = 1; ++ } else { ++ /* Will not attempt to switch to utmp gid. ++ * login() etc may fail. */ ++ TRACE(("utmp setresgid failed")); ++ } ++ } ++#endif ++ + if (setuid(ses.authstate.pw_uid) < 0) { + dropbear_exit("Error changing user"); + } +@@ -517,3 +551,26 @@ void svr_switch_user(void) { + } + } + ++void svr_raise_gid_utmp(void) { ++#if DROPBEAR_SVR_DROP_PRIVS ++ if (!svr_ses.have_utmp_gid) { ++ return; ++ } ++ ++ if (setegid(svr_ses.utmp_gid) != 0) { ++ dropbear_log(LOG_WARNING, "failed setegid"); ++ } ++#endif ++} ++ ++void svr_restore_gid(void) { ++#if DROPBEAR_SVR_DROP_PRIVS ++ if (!svr_ses.have_utmp_gid) { ++ return; ++ } ++ ++ if (setegid(getgid()) != 0) { ++ dropbear_log(LOG_WARNING, "failed setegid"); ++ } ++#endif ++} +diff --git a/src/svr-chansession.c b/src/svr-chansession.c +index 0a37fbf..11205f3 100644 +--- a/src/svr-chansession.c ++++ b/src/svr-chansession.c +@@ -326,7 +326,11 @@ static void cleanupchansess(const struct Channel *channel) { + if (chansess->tty) { + /* write the utmp/wtmp login record */ + li = chansess_login_alloc(chansess); ++ ++ svr_raise_gid_utmp(); + login_logout(li); ++ svr_restore_gid(); ++ + login_free_entry(li); + + pty_release(chansess->tty); +@@ -847,7 +851,11 @@ static int ptycommand(struct Channel *channel, struct ChanSess *chansess) { + * terminal used for stdout with the dup2 above, otherwise + * the wtmp login will not be recorded */ + li = chansess_login_alloc(chansess); ++ ++ svr_raise_gid_utmp(); + login_login(li); ++ svr_restore_gid(); ++ + login_free_entry(li); + + /* Can now dup2 stderr. Messages from login_login() have gone +diff --git a/src/sysoptions.h b/src/sysoptions.h +index 32b0a13..9bdcb0c 100644 +--- a/src/sysoptions.h ++++ b/src/sysoptions.h +@@ -358,6 +358,10 @@ + #error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended." + #endif + ++#if DROPBEAR_SVR_DROP_PRIVS && !defined(HAVE_SETRESGID) ++ #error "DROPBEAR_SVR_DROP_PRIVS requires setresgid()." ++#endif ++ + /* Source for randomness. This must be able to provide hundreds of bytes per SSH + * connection without blocking. */ + #ifndef DROPBEAR_URANDOM_DEV diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-04.patch b/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-04.patch new file mode 100644 index 00000000000..3a4a767d1bc --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-04.patch @@ -0,0 +1,72 @@ +From a4043dac4e0e0237255200603672ddb0122017a4 Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Tue, 9 Dec 2025 09:08:37 +0900 +Subject: [PATCH] Limit rekey to current hostkey type + +During rekey dropbear process may be running with user privileges, that +can't write a new hostkey when auto-generating keys. +Only offer the original hostkey when rekeying, also for non-autogenerate +case. + +CVE: CVE-2025-14282 +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/a4043dac4e0e0237255200603672ddb0122017a4] +Signed-off-by: Peter Marko +--- + src/runopts.h | 1 + + src/svr-kex.c | 8 ++++++++ + src/svr-runopts.c | 11 +++++++++++ + 3 files changed, 20 insertions(+) + +diff --git a/src/runopts.h b/src/runopts.h +index f255882..c8072b3 100644 +--- a/src/runopts.h ++++ b/src/runopts.h +@@ -61,6 +61,7 @@ extern runopts opts; + int readhostkey(const char * filename, sign_key * hostkey, + enum signkey_type *type); + void load_all_hostkeys(void); ++void disable_sig_except(enum signature_type sig_type); + + typedef struct svr_runopts { + +diff --git a/src/svr-kex.c b/src/svr-kex.c +index 14df08a..c066dd8 100644 +--- a/src/svr-kex.c ++++ b/src/svr-kex.c +@@ -99,6 +99,14 @@ void recv_msg_kexdh_init() { + } + #endif + ++ if (!ses.kexstate.donesecondkex) { ++ /* Disable other signature types. ++ * During future rekeying, privileges may have been dropped ++ * so other keys won't be loadable. ++ * This must occur after send_msg_ext_info() which uses the hostkey list */ ++ disable_sig_except(ses.newkeys->algo_signature); ++ } ++ + ses.requirenext = SSH_MSG_NEWKEYS; + TRACE(("leave recv_msg_kexdh_init")) + } +diff --git a/src/svr-runopts.c b/src/svr-runopts.c +index 709dc57..5d114f8 100644 +--- a/src/svr-runopts.c ++++ b/src/svr-runopts.c +@@ -515,6 +515,17 @@ static void disablekey(enum signature_type type) { + } + } + ++void disable_sig_except(enum signature_type allow_type) { ++ int i; ++ TRACE(("Disabling other sigs except %d", allow_type)); ++ for (i = 0; sigalgs[i].name != NULL; i++) { ++ enum signature_type sig_type = sigalgs[i].val; ++ if (sig_type != allow_type) { ++ sigalgs[i].usable = 0; ++ } ++ } ++} ++ + static void loadhostkey_helper(const char *name, void** src, void** dst, int fatal_duplicate) { + if (*dst) { + if (fatal_duplicate) { diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-05.patch b/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-05.patch new file mode 100644 index 00000000000..454c7a42a45 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2025-14282-05.patch @@ -0,0 +1,46 @@ +From d193731630a62482855b450daa1d5a5e13a90125 Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Fri, 12 Dec 2025 12:31:40 +0900 +Subject: [PATCH] Restore seteuid for authorized_keys + +Authorized_keys reading is pre-authentication so should not be +modified in the post-auth drop-privilege change. + +Fixes: e0251be2354e ("Drop privileges after user authentication") + +CVE: CVE-2025-14282 +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/d193731630a62482855b450daa1d5a5e13a90125] +Signed-off-by: Peter Marko +--- + src/svr-authpubkey.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/svr-authpubkey.c b/src/svr-authpubkey.c +index e26b0ee..94ae728 100644 +--- a/src/svr-authpubkey.c ++++ b/src/svr-authpubkey.c +@@ -462,14 +462,12 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen, + int ret = DROPBEAR_FAILURE; + buffer * line = NULL; + int line_num; +-#if !DROPBEAR_SVR_DROP_PRIVS + uid_t origuid; + gid_t origgid; +-#endif + + TRACE(("enter checkpubkey")) + +-#if !DROPBEAR_SVR_DROP_PRIVS ++#if DROPBEAR_SVR_MULTIUSER + /* access the file as the authenticating user. */ + origuid = getuid(); + origgid = getgid(); +@@ -490,7 +488,7 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen, + TRACE(("checkpubkey: failed opening %s: %s", filename, strerror(errno))) + } + } +-#if !DROPBEAR_SVR_DROP_PRIVS ++#if DROPBEAR_SVR_MULTIUSER + if ((seteuid(origuid)) < 0 || + (setegid(origgid)) < 0) { + dropbear_exit("Failed to revert euid"); diff --git a/meta/recipes-core/dropbear/dropbear_2025.88.bb b/meta/recipes-core/dropbear/dropbear_2025.88.bb index 05af557b216..6e6a22e2467 100644 --- a/meta/recipes-core/dropbear/dropbear_2025.88.bb +++ b/meta/recipes-core/dropbear/dropbear_2025.88.bb @@ -22,6 +22,11 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://0001-Fix-proxycmd-without-netcat.patch \ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \ file://CVE-2019-6111.patch \ + file://CVE-2025-14282-01.patch \ + file://CVE-2025-14282-02.patch \ + file://CVE-2025-14282-03.patch \ + file://CVE-2025-14282-04.patch \ + file://CVE-2025-14282-05.patch \ " SRC_URI[sha256sum] = "783f50ea27b17c16da89578fafdb6decfa44bb8f6590e5698a4e4d3672dc53d4" From patchwork Tue Feb 3 10:16:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80323 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96AA7E7FDCF for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13489.1770113973581797349 for ; Tue, 03 Feb 2026 02:19:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=SdB9zbkO; spf=pass (domain: smile.fr, ip: 209.85.221.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-43246af170aso388704f8f.0 for ; Tue, 03 Feb 2026 02:19:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113971; x=1770718771; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NF8dHALoC2vtaipqQDqq8YaFVlDF4xvBFhA3WZ1D004=; b=SdB9zbkOA4r4baKj8qZ/tSDEyvrVMrh5e/ap4R/bX/FWO6GR3LBY62Lsrmci8X4RKW VdAfJjwEPO8D1es2dZFRwoh8iuqKtizuIVdzmaLHoNB2ta/DQNPE3al8aIRZkc/l81T0 PuMToNnvvTuJz4AKsLFBJ/rF9wqrh2GVIVlxg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113971; x=1770718771; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=NF8dHALoC2vtaipqQDqq8YaFVlDF4xvBFhA3WZ1D004=; b=Q5jZIN+m4uVYRR/g8gnJm8dniKaTuhGyJMiDRFTubsBSSK+sqWWhrcXhraLc05wAnX Ft4aohOKyxgGk5M0Y7DfVdOTmRjdo6KPiC99mnD1+YSqodQthBiM5VT4fNq1hNFclnxM icx0v4sXYobvV0j4hFsAXCKuEDH0epW0cPwcBVVOLJ5URgUMzjTAoZiL4g59fFxdWQLO lj24scPAnO08ksRu9YRj3xu83J6IRYORs9PzibywfAqbswSjfLbceeT/TaafFXhBfgSD DI3xrBmcZ2qTKAJqqIwCS2GpsChXoYP2S+vmwZTmcIR42w83X+LGP9gI9MrH+0pXHbxP QUCQ== X-Gm-Message-State: AOJu0YzELvLpyi8OcWUzOK+y7ft6iT3q28Aj8L8j1e9XkQV40tZIiYYP b0MoZa1dqGt6AROq2vH7hfoN4vRTqn7+O7Av6k4uP79U72qXn7shgJb4181z5V2OwuGKpgrv1II sU1tNRTA= X-Gm-Gg: AZuq6aJ8GGu5kGGWxNmbBKrVwOuluuq2+mJjG7WbnFnwG/pUql1BcxLep3FgIOl4p8r 6v1Ggwya/cO7fJ0VknH3tulYk74/XIQuyXHh0VZyGNsHkpNBaAU1x/7OrtuU/WQ4GSqdcEyFOjW TdWXGa+G+Nkj3Io9rx6xB+Wfo7qiaWvKBR5b15Lxs/wRNrg/tNCn0koBk0Ut8JVg1108q0+jpUb j1ZEay/6xrMM2u8IWXWdNGE3eVqtARMoHsBqSsBdlV25heoAJdGci+VL6UFDPRCWfLDzbZTDz91 2wGBiLrOwVB7j3pvJmc/qf85jeTMrRaZfE+VzkbuOxf9ajNbccbI1uIioPmJecuqz8vsHswwO/m maeetXKXk76Zd0MLnAApk3uN+D5yCHLHG0HP7gx5PhPbwVT5mT4AfRpyizf0Nbpfuu9mXKvfCHb 7DQGq44aXgHMB9qk+Me7go91wgpPMMe51c+RUgCQLkoHBLJCjGrLb7t37d3GXAg3a7qltbhL6i6 o+E8JmvJSmQsScPW3uoFPTGwA== X-Received: by 2002:a05:6000:2089:b0:435:bdc2:461 with SMTP id ffacd0b85a97d-436114476b8mr3762623f8f.21.1770113971561; Tue, 03 Feb 2026 02:19:31 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:31 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 14/22] libtheora: set CVE_PRODUCT Date: Tue, 3 Feb 2026 11:16:43 +0100 Message-ID: <39b1422652ff940e3ec457d605ba83830d880793.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230442 From: Ken Kurematsu In the NVD database, the product name of libtheora is theora. This was set to ensure that cve-check works correctly. Signed-off-by: Ken Kurematsu Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit a8ddda60332e2a3219e905c1545b5da917f855c6) Signed-off-by: Yoann Congal --- meta/recipes-multimedia/libtheora/libtheora_1.2.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-multimedia/libtheora/libtheora_1.2.0.bb b/meta/recipes-multimedia/libtheora/libtheora_1.2.0.bb index 04de8507fb1..bacaf3aee66 100644 --- a/meta/recipes-multimedia/libtheora/libtheora_1.2.0.bb +++ b/meta/recipes-multimedia/libtheora/libtheora_1.2.0.bb @@ -14,6 +14,8 @@ SRC_URI[sha256sum] = "ebdf77a8f5c0a8f7a9e42323844fa09502b34eb1d1fece7b5f54da41fe UPSTREAM_CHECK_REGEX = "libtheora-(?P\d+(\.\d)+)\.(tar\.gz|tgz)" +CVE_PRODUCT = "theora" + inherit autotools pkgconfig EXTRA_OECONF = "--disable-examples --disable-doc" From patchwork Tue Feb 3 10:16:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80335 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DCDC3E6E7EE for ; Tue, 3 Feb 2026 10:19:34 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.13361.1770113973836815209 for ; Tue, 03 Feb 2026 02:19:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=BPqSexud; spf=pass (domain: smile.fr, ip: 209.85.221.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-430f2ee2f00so3456661f8f.3 for ; Tue, 03 Feb 2026 02:19:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113972; x=1770718772; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=XhJ4yY5BJPf0KFv5k+0mGLtSCNE4wpH75EyXvlNaoL8=; b=BPqSexudd/PmwaQy6fD3KVJts/vx1L0IbJcScHxOH0qGi+LFoglcMQOKZeaxTJZEsn VvhFcOmJ0h12xwUF9dzH8R5Ej3loppu/45BtdpMfUc+2IaBkBwru6Ci4zIF1eEcfElqX 7qZfQN8r+JYu8uYHqr4Mb/6bYfLZHUVNhaEaQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113972; x=1770718772; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=XhJ4yY5BJPf0KFv5k+0mGLtSCNE4wpH75EyXvlNaoL8=; b=UvQImt3RUFqn/4TpxDp8sNWPq+QA0lMWViW6d89b4L5xDw/v6tKHRTnMJbEBcehizE kb/ik7dg9uSCorg+PeJdiSmCOifbcq03KV7iq18GlfiaF/NBzk7RVu+JCrdwXeoAh2Cb 4FQrF4Sv8hZgIaoHI3vPBzs8TxvL9IqAwSLXd9Mg1xuhXPgRA7CzluxJiHvZHjKUysi1 ZbkbUw728ekwKAtPrxHbXlRevNs0nCjCcCRixymgsBJZ4Pf5avaeTgbUWKQhvpXPN74d 7kRJcNUQQUWnMToIwostfDn5QuHLaElavKdtepeQiEvopVMMCDa4IF2/f6yarFueH94S rREA== X-Gm-Message-State: AOJu0YwbtxaC+RJaYBrjD2C0nmJnlgL3NJAsC0kPFCGmyn+2SxtCSbSx SbvN/xyxL7rkRm5sqKcgIFbAIZI8jIfEDV7NkaXJweDqWz8eY+G447LpqAgkHO4beipd61by+pz tZcCX1ks= X-Gm-Gg: AZuq6aIhgO82j/2s+mdggLe/VsdehBfWaEXsUKKz+dclKfsnHKHmB9g6QDk84CiIaO2 WB7BB/7GzsVcKAqH7N50LXfUTGKsAzydQs/9XYTpnnHvAmgPfDwVSdjBI7E7Ju7O0b6g7j6VHug VzEqS2BBTZKt0dhYn+uI02z3/wKIIvWrIi2O8cLVOxOsPFOqPL+KS/+amCyKKGEUuTUOjAM9meG IDkXeQjKftpNULRuhrhto+94HmhxEfurbQi2YyNSFO+weC0/0kBtrre63GqyKWA6R8kF96W40Lh aKrOriaD4bO1syzG5/LNBdc5S4HqS8h0AG44S37jB+u7dAHCkkL31CWq6aT7Zx8pcGnSpDjYC0H skDer4KQ5yrl+4nc1zEEG0Ee3jTseD4+6a/xasSaAjeUmD9S4v0/tcLdSAnsDoW2T77quhrwWt9 G8MpVUGahOHOYVQjDyF4qTx8Gzc+xzUkP9FDW53CkhtcTrFijuZ9/rtIbNMbeHcPtB7SbfdSinv ykLiL2yvqI4dv07wcQuAk8OUg== X-Received: by 2002:a5d:5d13:0:b0:42f:b707:56e6 with SMTP id ffacd0b85a97d-435f3aaa6a0mr21027011f8f.34.1770113971974; Tue, 03 Feb 2026 02:19:31 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:31 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 15/22] libpng: upgrade 1.6.53 -> 1.6.54 Date: Tue, 3 Feb 2026 11:16:44 +0100 Message-ID: <0d7e8b4fdc95ddd9a32603f2f692e0a1e7f510d5.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230443 From: Peter Marko Handles CVE-2026-22695 and CVE-2026-22801. License-Update: copyright years refreshed Changelog: Version 1.6.54 [January 12, 2026] Fixed CVE-2026-22695 (medium severity): Heap buffer over-read in `png_image_read_direct_scaled. (Reported and fixed by Petr Simecek.) Fixed CVE-2026-22801 (medium severity): Integer truncation causing heap buffer over-read in `png_image_write_*`. Implemented various improvements in oss-fuzz. (Contributed by Philippe Antoine.) Signed-off-by: Peter Marko Signed-off-by: Antonin Godard Signed-off-by: Richard Purdie (cherry picked from commit 9c18cb1d4dd0edf2e9c638c3c576cb803e1ff4c6) [YC: Added changelog] Signed-off-by: Yoann Congal --- .../libpng/{libpng_1.6.53.bb => libpng_1.6.54.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-multimedia/libpng/{libpng_1.6.53.bb => libpng_1.6.54.bb} (94%) diff --git a/meta/recipes-multimedia/libpng/libpng_1.6.53.bb b/meta/recipes-multimedia/libpng/libpng_1.6.54.bb similarity index 94% rename from meta/recipes-multimedia/libpng/libpng_1.6.53.bb rename to meta/recipes-multimedia/libpng/libpng_1.6.54.bb index 956cd243b19..3f2b80a060f 100644 --- a/meta/recipes-multimedia/libpng/libpng_1.6.53.bb +++ b/meta/recipes-multimedia/libpng/libpng_1.6.54.bb @@ -5,7 +5,7 @@ library for use in applications that read, create, and manipulate PNG \ HOMEPAGE = "http://www.libpng.org/" SECTION = "libs" LICENSE = "Libpng" -LIC_FILES_CHKSUM = "file://LICENSE;md5=5516d77a3cf75f55a0d37254e3e65a20" +LIC_FILES_CHKSUM = "file://LICENSE;md5=9dc350edbbbee660c7d9af79487168f2" DEPENDS = "zlib" LIBV = "16" @@ -14,7 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}${LIBV}/${BP}.tar.xz \ file://run-ptest \ " -SRC_URI[sha256sum] = "1d3fb8ccc2932d04aa3663e22ef5ef490244370f4e568d7850165068778d98d4" +SRC_URI[sha256sum] = "01c9d8a303c941ec2c511c14312a3b1d36cedb41e2f5168ccdaa85d53b887805" MIRRORS += "${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/ ${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}${LIBV}/older-releases/" From patchwork Tue Feb 3 10:16:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80337 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7BA3E6E7E6 for ; Tue, 3 Feb 2026 10:19:44 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13490.1770113974827839431 for ; Tue, 03 Feb 2026 02:19:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=0PIfroOY; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-4806e0f6b69so39725655e9.3 for ; Tue, 03 Feb 2026 02:19:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113973; x=1770718773; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=PneNM+LL4PY1N7lo+BrLmYDP0Iy/01guJ5KbRiE5Zbk=; b=0PIfroOYhoiXLgnbLhUrqRh4gztMxZb/3KutFc9jCKJsyD4VtcW5DN1aBEwqNAmBbV xIiOXnYdbZ3+NAWAPAIYPEn3qMtZws5x309ojWFQSeN+hOP/h5QP5WYH8Z5DsvdeHxZu 5BaXXWwKDGDxuSU5enGwKmTX6J3XBiSF/UEY4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113973; x=1770718773; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=PneNM+LL4PY1N7lo+BrLmYDP0Iy/01guJ5KbRiE5Zbk=; b=EA8YGadx2OsYh27R1p5JRyhC1Ud+LtoYLUcb4+VC/hqNdE7OvYLAm1OjkBptVfNj/x J/gMoWQq4nODoMwx5YwwqdXQ5RjkCqGYDY4nMZwhtBYrKBQWFufm2e3N9AmxBw308tFk reEz8NaoyQ9gEGf7nLO72bFgJxAfGDyje9Bu5rBLwNWdXI6X38YLY9xp1cjDd+bILtWZ Lqd52jFdBNhpAwLb0v5V0yHaB7MX1+qplfU7ywoAV/NovP7lKnE+JVaUT/FhqnEoB6Ms +2XRG8xNafjEqD49fG2S77AISTrW1JPt8kslZ3XbLduJLND9jaIViPsrixOCRLSt9Slk 3sJA== X-Gm-Message-State: AOJu0Yw//Zw9kFGfBIOferWDL5iwjyIITJZdOzNd/VuhhkZVVdixKjXS 1eWCxTpq4iZxZBjUWnJeLQkzbEtIPpjbO/YGdiWd6oBorclNEqi40gRXnSDuXb/qFbrj8yXXTvX /Rke/Oc8= X-Gm-Gg: AZuq6aKJWMqhQ/LCXDPujxdQgt+K+pASFvhh6l7wd9PjJbqJfFEWUuu1R4tIt5euiDm taMWN0nnVL50+1Oxc1rWLiwVGZC2lSwnGXuPtRvMvZQK3GfaY+SsZpsOSJInWJ15KDrTSjvOSae Nu0LkB4XyNg4ig3bTmt4J/7l2l62qH0qkq+54I00n6U8YytY21TtKB7Wy/jnHJhiwMJGEddC/kC U4+d2R1nxmls2d/dfa7ZRiSSPjevpC2WcBaQWxahILLE370mtyWKY24P3QI12XyF/Da7QG0h4mo PYDNhuxC0jKYTC4VBEQ7FgcBPT9o9CuIrhqqqRVGHmsAuPtnCbEFzuTrtNOC4JvtX8hpxpA7FEX qgemy+wM1iALIs0DTPl18oxtvVYnOaBso5nYpyFlO7e8u4EnZHZuuPDaKNhXogH9D48zZDMCnGI k6Pfshf2opVwGDtQUkhL1KJzi/+8k2wCUkau8/zBUpjXl3bjnFvNwFzeUII37g+rj+75UpfVQ/1 gJxmQ6jJQo9/Sw= X-Received: by 2002:adf:fdcc:0:b0:435:faa5:c15e with SMTP id ffacd0b85a97d-435faa5c20fmr12416438f8f.30.1770113972930; Tue, 03 Feb 2026 02:19:32 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:32 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 16/22] glib-2.0: patch CVE-2026-0988 Date: Tue, 3 Feb 2026 11:16:45 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230444 From: Peter Marko Pick relevant commit from [2] linked from [1]. [1] https://gitlab.gnome.org/GNOME/glib/-/issues/3851 [2] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4944 Signed-off-by: Peter Marko Signed-off-by: Mathieu Dubois-Briand (cherry picked from commit 0316decd300839be34b384381a6de7fa3e68f8e0) Signed-off-by: Yoann Congal --- .../glib-2.0/files/CVE-2026-0988.patch | 58 +++++++++++++++++++ meta/recipes-core/glib-2.0/glib.inc | 1 + 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/files/CVE-2026-0988.patch diff --git a/meta/recipes-core/glib-2.0/files/CVE-2026-0988.patch b/meta/recipes-core/glib-2.0/files/CVE-2026-0988.patch new file mode 100644 index 00000000000..daf86224d5d --- /dev/null +++ b/meta/recipes-core/glib-2.0/files/CVE-2026-0988.patch @@ -0,0 +1,58 @@ +From c5766cff61ffce0b8e787eae09908ac348338e5f Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Thu, 18 Dec 2025 23:12:18 +0000 +Subject: [PATCH] gbufferedinputstream: Fix a potential integer overflow in + peek() + +If the caller provides `offset` and `count` arguments which overflow, +their sum will overflow and could lead to `memcpy()` reading out more +memory than expected. + +Spotted by Codean Labs. + +Signed-off-by: Philip Withnall + +Fixes: #3851 + +CVE: CVE-2026-0988 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/glib/-/commit/c5766cff61ffce0b8e787eae09908ac348338e5f] +Signed-off-by: Peter Marko +--- + gio/gbufferedinputstream.c | 2 +- + gio/tests/buffered-input-stream.c | 10 ++++++++++ + 2 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/gio/gbufferedinputstream.c b/gio/gbufferedinputstream.c +index 9e6bacc62..56d656be0 100644 +--- a/gio/gbufferedinputstream.c ++++ b/gio/gbufferedinputstream.c +@@ -590,7 +590,7 @@ g_buffered_input_stream_peek (GBufferedInputStream *stream, + + available = g_buffered_input_stream_get_available (stream); + +- if (offset > available) ++ if (offset > available || offset > G_MAXSIZE - count) + return 0; + + end = MIN (offset + count, available); +diff --git a/gio/tests/buffered-input-stream.c b/gio/tests/buffered-input-stream.c +index a1af4eeff..2b2a0d9aa 100644 +--- a/gio/tests/buffered-input-stream.c ++++ b/gio/tests/buffered-input-stream.c +@@ -60,6 +60,16 @@ test_peek (void) + g_assert_cmpint (npeek, ==, 0); + g_free (buffer); + ++ buffer = g_new0 (char, 64); ++ npeek = g_buffered_input_stream_peek (G_BUFFERED_INPUT_STREAM (in), buffer, 8, 0); ++ g_assert_cmpint (npeek, ==, 0); ++ g_free (buffer); ++ ++ buffer = g_new0 (char, 64); ++ npeek = g_buffered_input_stream_peek (G_BUFFERED_INPUT_STREAM (in), buffer, 5, G_MAXSIZE); ++ g_assert_cmpint (npeek, ==, 0); ++ g_free (buffer); ++ + g_object_unref (in); + g_object_unref (base); + } diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc index bd87d9c601b..2e15cc7675b 100644 --- a/meta/recipes-core/glib-2.0/glib.inc +++ b/meta/recipes-core/glib-2.0/glib.inc @@ -231,6 +231,7 @@ SRC_URI += "\ file://0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch \ file://0010-Do-not-hardcode-python-path-into-various-tools.patch \ file://skip-timeout.patch \ + file://CVE-2026-0988.patch \ " SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ From patchwork Tue Feb 3 10:16:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80342 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F1163E6E7F1 for ; Tue, 3 Feb 2026 10:19:44 +0000 (UTC) Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13491.1770113975586095394 for ; Tue, 03 Feb 2026 02:19:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=LgCQj7uU; spf=pass (domain: smile.fr, ip: 209.85.221.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-43601e96f72so1538657f8f.2 for ; Tue, 03 Feb 2026 02:19:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113974; x=1770718774; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=pTVkd4KTBvQc/6KVUqUEFryBrJnLPCIPb4f9Mf7fC7Y=; b=LgCQj7uUYAspxX/S7DZl52s2NRqGA9m06T/5TahqYfH0FYFuqGwWapNUDyGPcBKL5v OGZ/YmSbb8fTiwWyCFZrjUHh6fFlkLKt+cOwAITIzg5gZvWRIyl7ShhUYFEBBaG9awUE /oe7V0VuQ+t7rpnEaU5O44vO22Igjb3auW0X4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113974; x=1770718774; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=pTVkd4KTBvQc/6KVUqUEFryBrJnLPCIPb4f9Mf7fC7Y=; b=gjacql7FXzmFBTyWJrLwMctV1+bWqJwHiP5EbSbkx+wmWqT5EnLD+Rczjqir1+o7aB OvHkE2wYQHLe4e58Ibk3Q/cyER3U7s9r2+CeMi9UNXdlXC31zBdEZq0Nx/OQ+DQ/7Dua vnBCfQoCQ+gMBBhVmbu0KjgjDTUmaupm4pQjzyEGUQLJ1n0l3ADYFx6fjOSLVgPPItqB LHeglTA+QygDpa+ZsuJkLRB3aH0yUCBFe+4Aq3wshVbUaZtLeS7EWnu4/UdKlDyB6RQU XsHRp/BMog0+N0/pBjEr9ftPZc9+Hlgayp+Jr7QGHpFIPJt3l2zIyePH3XpAStFUnV/N 8Xgw== X-Gm-Message-State: AOJu0YwGOMWUZw5zTGm/ilJM0j2mcRX0rzKE84cac+InuFBOICG/7iu9 MVfVo5lYdlVTUYDTSFLquPn97Ehj+P2YioAniVkFtGmh3CQHZFmI4FBSrNI/0j0//SdAEVvv5Lu IfKlVi/8= X-Gm-Gg: AZuq6aK4Hjx3cjeH3qde29RMdqy6uXv3CiLsYNywQoDRDXIlCP37qrxWX5a2bxUlm48 XIg44kVtsMHUtQKYETH63b4PufUrKgxZkK3gnttuWXkZrowaKtFCbCD36BPSK/l02Iqh+8LxkgR A/N7IIpWbNHwqaN0j23Zm5zJulL7Z1tDU5FvBkRYn7BMnS+tqywW+OtmMK+se+RVMhvyYSlgIiy iZ7kaXT/soNI5N3RM0QtM0Nk/saHSHZ0FS0/71kZrkZSH/xSH75ZM4uscfsu+wWOPRA6pcyKKYQ cbVwJM0A1bP9Ya6uTWTzeQsOePPnS1blI8Hd8Gh/PZz5MaG7IpvMuSEtA+YMTHQRyZXR/Ep/YrM IjypwdLvalaIbAN0m7024qSB8rZtLiw6q7S6zyMw4alHx+4MFpiZnYrVF+2iNQwQo381io5C2KL 1YFtVvlRn95Qk2H1a7NvlUqQe4uVXzBNZO3jQBKAfcuCzd+MyWTiWPSQ7RnaJlOC3/fiVe3pU/5 cGnq+zYZMdDqBM= X-Received: by 2002:a05:6000:2dc7:b0:430:f58d:40da with SMTP id ffacd0b85a97d-435f3a691fcmr21219920f8f.10.1770113973468; Tue, 03 Feb 2026 02:19:33 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:33 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 17/22] libxml2: patch CVE-2026-0989 Date: Tue, 3 Feb 2026 11:16:46 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230445 From: Peter Marko Pick patch from [1] linked from [2]. [1] https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374 [2] https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../libxml/libxml2/CVE-2026-0989.patch | 309 ++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.14.6.bb | 1 + 2 files changed, 310 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0989.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0989.patch b/meta/recipes-core/libxml/libxml2/CVE-2026-0989.patch new file mode 100644 index 00000000000..5fcfd2280ad --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2026-0989.patch @@ -0,0 +1,309 @@ +From 19549c61590c1873468c53e0026a2fbffae428ef Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Fri, 10 Oct 2025 09:38:31 +0200 +Subject: [PATCH] Add RelaxNG include limit + +This patch adds a default xmlRelaxNGIncludeLimit of 1.000, and that +limit can be modified at runtime with the env variable +RNG_INCLUDE_LIMIT. + +Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/998 + +CVE: CVE-2026-0989 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/19549c61590c1873468c53e0026a2fbffae428ef] +Signed-off-by: Peter Marko +--- + include/libxml/relaxng.h | 4 ++ + relaxng.c | 63 ++++++++++++++++++++-- + runtest.c | 67 ++++++++++++++++++++++++ + test/relaxng/include/include-limit.rng | 4 ++ + test/relaxng/include/include-limit_1.rng | 4 ++ + test/relaxng/include/include-limit_2.rng | 4 ++ + test/relaxng/include/include-limit_3.rng | 8 +++ + 7 files changed, 150 insertions(+), 4 deletions(-) + create mode 100644 test/relaxng/include/include-limit.rng + create mode 100644 test/relaxng/include/include-limit_1.rng + create mode 100644 test/relaxng/include/include-limit_2.rng + create mode 100644 test/relaxng/include/include-limit_3.rng + +diff --git a/include/libxml/relaxng.h b/include/libxml/relaxng.h +index eafc6604..099dacd8 100644 +--- a/include/libxml/relaxng.h ++++ b/include/libxml/relaxng.h +@@ -139,6 +139,10 @@ XMLPUBFUN int + xmlRelaxParserSetFlag (xmlRelaxNGParserCtxtPtr ctxt, + int flag); + ++XMLPUBFUN int ++ xmlRelaxParserSetIncLImit (xmlRelaxNGParserCtxt *ctxt, ++ int limit); ++ + XMLPUBFUN void + xmlRelaxNGFreeParserCtxt (xmlRelaxNGParserCtxtPtr ctxt); + XMLPUBFUN void +diff --git a/relaxng.c b/relaxng.c +index 1d74ba9f..c0e94a3c 100644 +--- a/relaxng.c ++++ b/relaxng.c +@@ -18,6 +18,8 @@ + + #ifdef LIBXML_RELAXNG_ENABLED + ++#include ++#include + #include + #include + #include +@@ -43,6 +45,12 @@ + static const xmlChar *xmlRelaxNGNs = (const xmlChar *) + "http://relaxng.org/ns/structure/1.0"; + ++/* ++ * Default include limit, this can be override with RNG_INCLUDE_LIMIT ++ * env variable ++ */ ++static const int _xmlRelaxNGIncludeLimit = 1000; ++ + #define IS_RELAXNG(node, typ) \ + ((node != NULL) && (node->ns != NULL) && \ + (node->type == XML_ELEMENT_NODE) && \ +@@ -219,6 +227,7 @@ struct _xmlRelaxNGParserCtxt { + int incNr; /* Depth of the include parsing stack */ + int incMax; /* Max depth of the parsing stack */ + xmlRelaxNGIncludePtr *incTab; /* array of incs */ ++ int incLimit; /* Include limit, to avoid stack-overflow on parse */ + + int idref; /* requires idref checking */ + +@@ -1405,6 +1414,23 @@ xmlRelaxParserSetFlag(xmlRelaxNGParserCtxtPtr ctxt, int flags) + return(0); + } + ++/** ++ * Semi private function used to set the include recursion limit to a ++ * parser context. Set to 0 to use the default value. ++ * ++ * @param ctxt a RelaxNG parser context ++ * @param limit the new include depth limit ++ * @returns 0 if success and -1 in case of error ++ */ ++int ++xmlRelaxParserSetIncLImit(xmlRelaxNGParserCtxt *ctxt, int limit) ++{ ++ if (ctxt == NULL) return(-1); ++ if (limit < 0) return(-1); ++ ctxt->incLimit = limit; ++ return(0); ++} ++ + /************************************************************************ + * * + * Document functions * +@@ -1462,7 +1488,7 @@ xmlRelaxReadMemory(xmlRelaxNGParserCtxtPtr ctxt, const char *buf, int size) { + * + * Pushes a new include on top of the include stack + * +- * Returns 0 in case of error, the index in the stack otherwise ++ * Returns -1 in case of error, the index in the stack otherwise + */ + static int + xmlRelaxNGIncludePush(xmlRelaxNGParserCtxtPtr ctxt, +@@ -1476,9 +1502,15 @@ xmlRelaxNGIncludePush(xmlRelaxNGParserCtxtPtr ctxt, + sizeof(ctxt->incTab[0])); + if (ctxt->incTab == NULL) { + xmlRngPErrMemory(ctxt); +- return (0); ++ return (-1); + } + } ++ if (ctxt->incNr >= ctxt->incLimit) { ++ xmlRngPErr(ctxt, (xmlNodePtr)value->doc, XML_RNGP_PARSE_ERROR, ++ "xmlRelaxNG: inclusion recursion limit reached\n", NULL, NULL); ++ return(-1); ++ } ++ + if (ctxt->incNr >= ctxt->incMax) { + ctxt->incMax *= 2; + ctxt->incTab = +@@ -1487,7 +1519,7 @@ xmlRelaxNGIncludePush(xmlRelaxNGParserCtxtPtr ctxt, + sizeof(ctxt->incTab[0])); + if (ctxt->incTab == NULL) { + xmlRngPErrMemory(ctxt); +- return (0); ++ return (-1); + } + } + ctxt->incTab[ctxt->incNr] = value; +@@ -1657,7 +1689,9 @@ xmlRelaxNGLoadInclude(xmlRelaxNGParserCtxtPtr ctxt, const xmlChar * URL, + /* + * push it on the stack + */ +- xmlRelaxNGIncludePush(ctxt, ret); ++ if (xmlRelaxNGIncludePush(ctxt, ret) < 0) { ++ return (NULL); ++ } + + /* + * Some preprocessing of the document content, this include recursing +@@ -7381,11 +7415,32 @@ xmlRelaxNGParse(xmlRelaxNGParserCtxtPtr ctxt) + xmlDocPtr doc; + xmlNodePtr root; + ++ const char *include_limit_env = getenv("RNG_INCLUDE_LIMIT"); ++ + xmlRelaxNGInitTypes(); + + if (ctxt == NULL) + return (NULL); + ++ if (ctxt->incLimit == 0) { ++ ctxt->incLimit = _xmlRelaxNGIncludeLimit; ++ if (include_limit_env != NULL) { ++ char *strEnd; ++ unsigned long val = 0; ++ errno = 0; ++ val = strtoul(include_limit_env, &strEnd, 10); ++ if (errno != 0 || *strEnd != 0 || val > INT_MAX) { ++ xmlRngPErr(ctxt, NULL, XML_RNGP_PARSE_ERROR, ++ "xmlRelaxNGParse: invalid RNG_INCLUDE_LIMIT %s\n", ++ (const xmlChar*)include_limit_env, ++ NULL); ++ return(NULL); ++ } ++ if (val) ++ ctxt->incLimit = val; ++ } ++ } ++ + /* + * First step is to parse the input document into an DOM/Infoset + */ +diff --git a/runtest.c b/runtest.c +index 49519aef..45109f0a 100644 +--- a/runtest.c ++++ b/runtest.c +@@ -3832,6 +3832,70 @@ rngTest(const char *filename, + return(ret); + } + ++/** ++ * Parse an RNG schemas with a custom RNG_INCLUDE_LIMIT ++ * ++ * @param filename the schemas file ++ * @param result the file with expected result ++ * @param err the file with error messages ++ * @returns 0 in case of success, an error code otherwise ++ */ ++static int ++rngIncludeTest(const char *filename, ++ const char *resul ATTRIBUTE_UNUSED, ++ const char *errr ATTRIBUTE_UNUSED, ++ int options ATTRIBUTE_UNUSED) { ++ xmlRelaxNGParserCtxtPtr ctxt; ++ xmlRelaxNGPtr schemas; ++ int ret = 0; ++ ++ /* first compile the schemas if possible */ ++ ctxt = xmlRelaxNGNewParserCtxt(filename); ++ xmlRelaxNGSetParserStructuredErrors(ctxt, testStructuredErrorHandler, ++ NULL); ++ ++ /* Should work */ ++ schemas = xmlRelaxNGParse(ctxt); ++ if (schemas == NULL) { ++ testErrorHandler(NULL, "Relax-NG schema %s failed to compile\n", ++ filename); ++ ret = -1; ++ goto done; ++ } ++ xmlRelaxNGFree(schemas); ++ xmlRelaxNGFreeParserCtxt(ctxt); ++ ++ ctxt = xmlRelaxNGNewParserCtxt(filename); ++ /* Should fail */ ++ xmlRelaxParserSetIncLImit(ctxt, 2); ++ xmlRelaxNGSetParserStructuredErrors(ctxt, testStructuredErrorHandler, ++ NULL); ++ schemas = xmlRelaxNGParse(ctxt); ++ if (schemas != NULL) { ++ ret = -1; ++ xmlRelaxNGFree(schemas); ++ } ++ xmlRelaxNGFreeParserCtxt(ctxt); ++ ++ ctxt = xmlRelaxNGNewParserCtxt(filename); ++ /* Should work */ ++ xmlRelaxParserSetIncLImit(ctxt, 3); ++ xmlRelaxNGSetParserStructuredErrors(ctxt, testStructuredErrorHandler, ++ NULL); ++ schemas = xmlRelaxNGParse(ctxt); ++ if (schemas == NULL) { ++ testErrorHandler(NULL, "Relax-NG schema %s failed to compile\n", ++ filename); ++ ret = -1; ++ goto done; ++ } ++ xmlRelaxNGFree(schemas); ++ ++done: ++ xmlRelaxNGFreeParserCtxt(ctxt); ++ return(ret); ++} ++ + #ifdef LIBXML_READER_ENABLED + /** + * rngStreamTest: +@@ -5299,6 +5363,9 @@ testDesc testDescriptions[] = { + { "Relax-NG regression tests" , + rngTest, "./test/relaxng/*.rng", NULL, NULL, NULL, + XML_PARSE_DTDATTR | XML_PARSE_NOENT }, ++ { "Relax-NG include limit tests" , ++ rngIncludeTest, "./test/relaxng/include/include-limit.rng", NULL, NULL, NULL, ++ 0 }, + #ifdef LIBXML_READER_ENABLED + { "Relax-NG streaming regression tests" , + rngStreamTest, "./test/relaxng/*.rng", NULL, NULL, NULL, +diff --git a/test/relaxng/include/include-limit.rng b/test/relaxng/include/include-limit.rng +new file mode 100644 +index 00000000..51f03942 +--- /dev/null ++++ b/test/relaxng/include/include-limit.rng +@@ -0,0 +1,4 @@ ++ ++ ++ ++ +diff --git a/test/relaxng/include/include-limit_1.rng b/test/relaxng/include/include-limit_1.rng +new file mode 100644 +index 00000000..4672da38 +--- /dev/null ++++ b/test/relaxng/include/include-limit_1.rng +@@ -0,0 +1,4 @@ ++ ++ ++ ++ +diff --git a/test/relaxng/include/include-limit_2.rng b/test/relaxng/include/include-limit_2.rng +new file mode 100644 +index 00000000..b35ecaa8 +--- /dev/null ++++ b/test/relaxng/include/include-limit_2.rng +@@ -0,0 +1,4 @@ ++ ++ ++ ++ +diff --git a/test/relaxng/include/include-limit_3.rng b/test/relaxng/include/include-limit_3.rng +new file mode 100644 +index 00000000..86213c62 +--- /dev/null ++++ b/test/relaxng/include/include-limit_3.rng +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ diff --git a/meta/recipes-core/libxml/libxml2_2.14.6.bb b/meta/recipes-core/libxml/libxml2_2.14.6.bb index 6ed8760f4cd..f214fcd88f6 100644 --- a/meta/recipes-core/libxml/libxml2_2.14.6.bb +++ b/meta/recipes-core/libxml/libxml2_2.14.6.bb @@ -19,6 +19,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://install-tests.patch \ file://0001-Revert-cmake-Fix-installation-directories-in-libxml2.patch \ file://CVE-2025-6021.patch \ + file://CVE-2026-0989.patch \ " SRC_URI[archive.sha256sum] = "7ce458a0affeb83f0b55f1f4f9e0e55735dbfc1a9de124ee86fb4a66b597203a" From patchwork Tue Feb 3 10:16:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80340 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0EFB3E6E7F4 for ; Tue, 3 Feb 2026 10:19:45 +0000 (UTC) Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13492.1770113975965282852 for ; Tue, 03 Feb 2026 02:19:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=BKVDZ+QF; spf=pass (domain: smile.fr, ip: 209.85.221.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-432d2c7dd52so5724183f8f.2 for ; Tue, 03 Feb 2026 02:19:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113974; x=1770718774; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hVnYBIZkPJEM46n6wdRq2rGL8cCprUD2lhx4NFA8VaQ=; b=BKVDZ+QFUWHOJCXf0PzyubQKXnJ3+PzGT91tH9eQknBbdA89j5kdfRiLaPzf3vmhRO xc8EgpFQJ4YqtuT033RSB/SW877jddsjkVkcQ9fOhbJYpVLKWG8tb9O1u0oFL3JtosvS fGmWpnM2JQppu5mwh60tzn/nC9nauObC5Jx8c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113974; x=1770718774; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hVnYBIZkPJEM46n6wdRq2rGL8cCprUD2lhx4NFA8VaQ=; b=Sqbhc83Im74jtWCo8K/3FNiwokuo+pxK67dhopMWb+ii14LMAN2FKSvvyr+/qycMDa plJk7qfot+fjHP5I5Evz/SuXaWWtp3+u5a2MHBepSOC0LxxHGtXWT6DP7NBA1A7rk5GC upNP0PH5t0fj1lru3BzhkiSzw6WvARVYe9I9b8iCAd2f4LtcEruXJlYZEWLrLvpS0Bun yuANOCXpMW6rL6WhhKnDf6sUcKWyNZAhQncBFAEWiITXPPF4zRaY/SY4C8BTvgtmgPzs pkQI5UX8tmTnxxdC11sAlb/hmepDTu3ZyQTWenq8DUKzFdgSmqQOuMpsiLlRVyKkbvJi OCow== X-Gm-Message-State: AOJu0Yz+bAALufDLPNfbvjvVWwYUJF7q6+/XKd4Gl2QCfP8MlCq7bgD0 bt2Zal8riHNXJQ7a+Ip5WXCSkAVF5hZVKBeZer//9xkgc8NdqzfMsXpABmwKsl1NQCsCXnSraop 8lTLDVvs= X-Gm-Gg: AZuq6aKD+gkJ/pqeWdEG3aFpYctFVcPauWGR6rgtztwhze93aDCqqSmIOiaC+56xdG4 s6PE0nwHfnWHmt/Ik4mcdlhvXMuSevdgpTZoDp/jhJ+Ce4rVmenk7SGQ+DQ5kqDj/Gb8AP9JZ5c 5RqjKAB0vXWl7xod4Hma1QuWwfy47KABZhOStUyXFvWbgWCuHZPFC5l8VXIAr0pqD0Q2vikMIQa wCjyLGzHJBPCOrNXOiKlHV1C+EbCx3+bKr0/biEglWnqjFIJLeBw5waUceDG5Tg2lxEnb3kbK+w LH1mFP/HzHZZajrPo8Qmr2QHVbL2A42mRxdDQfK9qYDzPCRMwg4nrdDduXqZXmeRUX5C6t83WjA Qyq2VXmCKpHA3UW2Haa8WGJbUVof1viV/xK17Xs31FqZUziNUHNssGaW+v4dnh4Ot6x7y1k7Tyb 0k1ixKIsiBkgFr68T2NdvUAov/AJ5v9U7jFNUM19oWfg4myKJ4O2moJRjmSuqh+J9l5EFeVp/Pj ElmAaQSyQj3MxM= X-Received: by 2002:a05:6000:400e:b0:435:94f8:e7c6 with SMTP id ffacd0b85a97d-435f3a81d0emr20799180f8f.9.1770113973962; Tue, 03 Feb 2026 02:19:33 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:33 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 18/22] libxml2: patch CVE-2026-0990 Date: Tue, 3 Feb 2026 11:16:47 +0100 Message-ID: <3487e56e1817e49217a3deccfd79893bee7852a1.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230446 From: Peter Marko Pick patch which closed [1]. [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../libxml/libxml2/CVE-2026-0990.patch | 76 +++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.14.6.bb | 1 + 2 files changed, 77 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch b/meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch new file mode 100644 index 00000000000..62cb8c27541 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2026-0990.patch @@ -0,0 +1,76 @@ +From 1961208e958ca22f80a0b4e4c9d71cfa050aa982 Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Wed, 17 Dec 2025 15:24:08 +0100 +Subject: [PATCH] catalog: prevent inf recursion in xmlCatalogXMLResolveURI + +Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 + +CVE: CVE-2026-0990 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1961208e958ca22f80a0b4e4c9d71cfa050aa982] +Signed-off-by: Peter Marko +--- + catalog.c | 31 +++++++++++++++++++++++-------- + 1 file changed, 23 insertions(+), 8 deletions(-) + +diff --git a/catalog.c b/catalog.c +index 76c063a8..46b877e6 100644 +--- a/catalog.c ++++ b/catalog.c +@@ -2047,12 +2047,21 @@ static xmlChar * + xmlCatalogListXMLResolveURI(xmlCatalogEntryPtr catal, const xmlChar *URI) { + xmlChar *ret = NULL; + xmlChar *urnID = NULL; ++ xmlCatalogEntryPtr cur = NULL; + + if (catal == NULL) + return(NULL); + if (URI == NULL) + return(NULL); + ++ if (catal->depth > MAX_CATAL_DEPTH) { ++ xmlCatalogErr(catal, NULL, XML_CATALOG_RECURSION, ++ "Detected recursion in catalog %s\n", ++ catal->name, NULL, NULL); ++ return(NULL); ++ } ++ catal->depth++; ++ + if (!xmlStrncmp(URI, BAD_CAST XML_URN_PUBID, sizeof(XML_URN_PUBID) - 1)) { + urnID = xmlCatalogUnWrapURN(URI); + if (xmlDebugCatalogs) { +@@ -2066,21 +2075,27 @@ xmlCatalogListXMLResolveURI(xmlCatalogEntryPtr catal, const xmlChar *URI) { + ret = xmlCatalogListXMLResolve(catal, urnID, NULL); + if (urnID != NULL) + xmlFree(urnID); ++ catal->depth--; + return(ret); + } +- while (catal != NULL) { +- if (catal->type == XML_CATA_CATALOG) { +- if (catal->children == NULL) { +- xmlFetchXMLCatalogFile(catal); ++ cur = catal; ++ while (cur != NULL) { ++ if (cur->type == XML_CATA_CATALOG) { ++ if (cur->children == NULL) { ++ xmlFetchXMLCatalogFile(cur); + } +- if (catal->children != NULL) { +- ret = xmlCatalogXMLResolveURI(catal->children, URI); +- if (ret != NULL) ++ if (cur->children != NULL) { ++ ret = xmlCatalogXMLResolveURI(cur->children, URI); ++ if (ret != NULL) { ++ catal->depth--; + return(ret); ++ } + } + } +- catal = catal->next; ++ cur = cur->next; + } ++ ++ catal->depth--; + return(ret); + } + diff --git a/meta/recipes-core/libxml/libxml2_2.14.6.bb b/meta/recipes-core/libxml/libxml2_2.14.6.bb index f214fcd88f6..7b47f823f92 100644 --- a/meta/recipes-core/libxml/libxml2_2.14.6.bb +++ b/meta/recipes-core/libxml/libxml2_2.14.6.bb @@ -20,6 +20,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://0001-Revert-cmake-Fix-installation-directories-in-libxml2.patch \ file://CVE-2025-6021.patch \ file://CVE-2026-0989.patch \ + file://CVE-2026-0990.patch \ " SRC_URI[archive.sha256sum] = "7ce458a0affeb83f0b55f1f4f9e0e55735dbfc1a9de124ee86fb4a66b597203a" From patchwork Tue Feb 3 10:16:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80339 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 15DC3E6E7F6 for ; Tue, 3 Feb 2026 10:19:45 +0000 (UTC) Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13493.1770113976652581541 for ; Tue, 03 Feb 2026 02:19:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=oLz68MyO; spf=pass (domain: smile.fr, ip: 209.85.221.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-42fed090e5fso4273345f8f.1 for ; Tue, 03 Feb 2026 02:19:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113975; x=1770718775; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ERCEMi7jVEXM8otKid1rPym/74NUc/w8YNyPC5Xp4tM=; b=oLz68MyOqIe9uZDIw9vq7p06mfJs1tqDsjOEoR73U8qLYW1z6cgW5gfH2SfiogW81s gnP6KnXXcxZoJut/mAgL/A8ym+XbXtZS4cmnsnWEYzGiow4NiNCTGU64YbvpmV7eKyJA 1XjbnbUxMZSZGFHtk05rp4Ttf3eY8npnv3Z6I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113975; x=1770718775; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ERCEMi7jVEXM8otKid1rPym/74NUc/w8YNyPC5Xp4tM=; b=s4LO+G/U8K7XAldZo1xlxB31kw+CQHALMFLklP5G+0bJ1NIVjF1rwMOqjMhsmbZ6Hp bpeaQ4jkdnrI7Xd6MJ+hasOPEdsd5VJaZ3wsi0vf8S7rgofadSrioDsHjKW99aAHmbh5 /43+2RiBARMzssVj2cYQveT9nwKU9polKarhmCgYY8UMLLYAS7ACcDvGsSVF5VN1yS0/ KgCAg+xRQ86bioItmF7pt74GU94pJLT/ZSecXKbEwWbVEPZtwOJgQyPd1htBHxSUOyxE oAr06zLECzBU6hVuUKPELE2mmg10CJVUeTwKUOpH9vHtdAjEeNC1wqeAoABGnWeKcow/ 0H1g== X-Gm-Message-State: AOJu0YxONyNJsCD82tv3DDw6rjVR1uqEampkR/mVRA3QCYKbc5mT9AAc kymiscAedXqdoKWiEpct/kNPJkzx/auoxlhz+su1bZBF1lVR6axnZIAuiLpdWvN7IZsSfb0oxO6 +2ZgJpFc= X-Gm-Gg: AZuq6aLuH7wGlWBU/+RHz/E3Xx8plO7OUHfPnLgIJapTRYxNj8xRaeExtUrVDcEUmA5 QglczRZVXgNywVRB4CRfu8No+tTiMMaFe+g0xTa9CsEQXcxqr04JeKh5/Kp2S3zhcBw9WNO2hWq QEpy4tRnd2FnumiHEkGf9h/hdMelkToWXZqERIDcRCOOJ7VXn0ZGB1rxv7yphvbP5icXOITdlKP UKH2WtT/hPPjyUYONyZo84kg2I8jVYBRW7sGBgXsfntsMcfOgOOXojMambaS4tqBOfxwdqxLDKl 11WxBbeHYsYk3itfgFad8TiLNnWfWhRmjTNBL4ShLULOwdz5kxO/hKaFtKxUAUFWrzWwZh0201L YEPOtp3uGvnGEXHQnCGrUOIgLDt9vmqWNFTm2jq9M95R3fG4rZUQxq5I25N+DJ24AzhWwC6iAR2 HPwvaPtQYyAED/nMtVMhFFGmtXBQTgLXZxTTUfIzWlyRJzAI5a2+bl0Ndo4DdDcCc3QyFEc61Mw pHqoRenSqXBmu4= X-Received: by 2002:a5d:5f88:0:b0:431:266:d13a with SMTP id ffacd0b85a97d-435f3abb4f1mr20857382f8f.48.1770113974597; Tue, 03 Feb 2026 02:19:34 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:34 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 19/22] libxml2: patch CVE-2026-0992 Date: Tue, 3 Feb 2026 11:16:48 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230447 From: Peter Marko Pick patch which closed [1]. [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../libxml/libxml2/CVE-2026-0992.patch | 49 +++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.14.6.bb | 1 + 2 files changed, 50 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch b/meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch new file mode 100644 index 00000000000..ad23498a4c0 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch @@ -0,0 +1,49 @@ +From f75abfcaa419a740a3191e56c60400f3ff18988d Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Fri, 19 Dec 2025 11:02:18 +0100 +Subject: [PATCH] catalog: Ignore repeated nextCatalog entries + +This patch makes the catalog parsing to ignore repeated entries of +nextCatalog with the same value. + +Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 + +CVE: CVE-2026-0992 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d] +Signed-off-by: Peter Marko +--- + catalog.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/catalog.c b/catalog.c +index 46b877e6..fa6d77ca 100644 +--- a/catalog.c ++++ b/catalog.c +@@ -1227,9 +1227,27 @@ xmlParseXMLCatalogNode(xmlNodePtr cur, xmlCatalogPrefer prefer, + BAD_CAST "delegateURI", BAD_CAST "uriStartString", + BAD_CAST "catalog", prefer, cgroup); + } else if (xmlStrEqual(cur->name, BAD_CAST "nextCatalog")) { ++ xmlCatalogEntryPtr prev = parent->children; ++ + entry = xmlParseXMLCatalogOneNode(cur, XML_CATA_NEXT_CATALOG, + BAD_CAST "nextCatalog", NULL, + BAD_CAST "catalog", prefer, cgroup); ++ /* Avoid duplication of nextCatalog */ ++ while (prev != NULL) { ++ if ((prev->type == XML_CATA_NEXT_CATALOG) && ++ (xmlStrEqual (prev->URL, entry->URL)) && ++ (xmlStrEqual (prev->value, entry->value)) && ++ (prev->prefer == entry->prefer) && ++ (prev->group == entry->group)) { ++ if (xmlDebugCatalogs) ++ xmlCatalogPrintDebug( ++ "Ignoring repeated nextCatalog %s\n", entry->URL); ++ xmlFreeCatalogEntry(entry, NULL); ++ entry = NULL; ++ break; ++ } ++ prev = prev->next; ++ } + } + if (entry != NULL) { + if (parent != NULL) { diff --git a/meta/recipes-core/libxml/libxml2_2.14.6.bb b/meta/recipes-core/libxml/libxml2_2.14.6.bb index 7b47f823f92..b881a89a5ff 100644 --- a/meta/recipes-core/libxml/libxml2_2.14.6.bb +++ b/meta/recipes-core/libxml/libxml2_2.14.6.bb @@ -21,6 +21,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://CVE-2025-6021.patch \ file://CVE-2026-0989.patch \ file://CVE-2026-0990.patch \ + file://CVE-2026-0992.patch \ " SRC_URI[archive.sha256sum] = "7ce458a0affeb83f0b55f1f4f9e0e55735dbfc1a9de124ee86fb4a66b597203a" From patchwork Tue Feb 3 10:16:49 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80338 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB45CE6E7E2 for ; Tue, 3 Feb 2026 10:19:44 +0000 (UTC) Received: from mail-wm1-f47.google.com (mail-wm1-f47.google.com [209.85.128.47]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13494.1770113977379381668 for ; Tue, 03 Feb 2026 02:19:37 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=WwSGB7xt; spf=pass (domain: smile.fr, ip: 209.85.128.47, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f47.google.com with SMTP id 5b1f17b1804b1-4801c2fae63so41589125e9.2 for ; Tue, 03 Feb 2026 02:19:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113975; x=1770718775; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=qt/xWQEPCRyA94a24bttu0Nm5B5NfBWWrmTqC5tcYfM=; b=WwSGB7xtNAn0W3Zfm3fyPsS0kVR9ODOwvvXtlCZidiV6motblotbtIZ/PnTSmvXjDz BVYanCNnpdROH9SA2/ejSSmaM8R3RvTGuWoufmgZeQt+G0OBi85n++SjDS27W0SjQ7KD Nj7Aau+y++rpsQGIvcytOgygf5pLtnDlD4Ovw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113975; x=1770718775; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=qt/xWQEPCRyA94a24bttu0Nm5B5NfBWWrmTqC5tcYfM=; b=W1/vDtUEPXzLHng9Y5U3JUsa7jL9/LhrX0JR4+grmnE1g6UnM4q870O3IxxckYlNRu okgYm/4bseqI2oip6HI6CkDL95BDA4oRYsxaJVT2/+4jC6DcmL0yTMmKntnw9irXEF7l aE0V1sYvsSyk2uHiCioIgOq3VVnX431/G67TIFel+bnHVDjWc7sa/umdah0KHxliUQVl LtOicp5qgGU+YUPoKlspcfr7Tnme4CGQb/ruAyOF/7K8ECXml9NbKJ5n1+8IEJxp8CLS nVrLi0UpLe4/B+0dwRJ/ZRGCOK9tbCr+X7aK6QVyb41i87hApbDO8dFoazGYih7m6iT4 zaUQ== X-Gm-Message-State: AOJu0YzDxcNFugU9e6IgVRVUMnIYtkLQI7ZGleXSrDBuu2+JAH+SMCJz 8ebA23lCy6CmQ8UeEN6CO0KnVtNGI6JKpyjHBhFnTh1qHPnbfqCMBDTOE1zqGXLvGBCMpMD3JZX gEj/CNNc= X-Gm-Gg: AZuq6aKFyQESy7wU/X3J0etiJdGSmVr7jWQZr8OyLZSwgxp10cB/OrVQJu2tvjj49V8 5uFJY74XUNm4wt3EkngbauHeMdnJadCU+jfGrtysy0b6U4t40yb9Cs9O92AyifVaUxe/9ClINQw y6tLO+vP51ujRTK6ZPqrWIjGu0lsr4LGcQzKHnJhbYDuX/NCvI03sW3y20Sc+iQjZja2rl5MrNw pMC0HsTR+7RP4uK5yU6GCM6qEgzJzQ7fO07tu4z69r813ieha1DgU7ZPKKaq/XUqjqusbGiU3sQ 29mxvejSmO48ut7ZFrhVRXHuR0FYsvSarLL6NXcADH3WoaIhVVQhTe4E/8OJitiQ5jkMlt612yE e05cEypNt/8KHC9run1YJrmxIsf9HNXUyyP2QMblDqnfP31V5/4wP93TxeUL3s7gLzmtS+OHR8W Breig12odgOfjDd/C2MViTCpOiDPQhwcxkeFc5p0erJOlyPidnwFioeFmbu5a2ZcUtedg8xvByw 6IrMpY9naUAa9U= X-Received: by 2002:a05:600c:a30c:b0:480:4a8f:2d5c with SMTP id 5b1f17b1804b1-482db62305emr138237065e9.29.1770113975261; Tue, 03 Feb 2026 02:19:35 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:34 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 20/22] libxml2: add follow-up patch for CVE-2026-0992 Date: Tue, 3 Feb 2026 11:16:49 +0100 Message-ID: <00d502decaf6f6b966196dda5747d4627c0e7ec6.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230448 From: Peter Marko References: * https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 * https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/377 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- ...2026-0992.patch => CVE-2026-0992-01.patch} | 0 .../libxml/libxml2/CVE-2026-0992-02.patch | 336 ++++++++++++++++++ .../libxml/libxml2/CVE-2026-0992-03.patch | 33 ++ meta/recipes-core/libxml/libxml2_2.14.6.bb | 4 +- 4 files changed, 372 insertions(+), 1 deletion(-) rename meta/recipes-core/libxml/libxml2/{CVE-2026-0992.patch => CVE-2026-0992-01.patch} (100%) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch b/meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch similarity index 100% rename from meta/recipes-core/libxml/libxml2/CVE-2026-0992.patch rename to meta/recipes-core/libxml/libxml2/CVE-2026-0992-01.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch b/meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch new file mode 100644 index 00000000000..ed11e85061c --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2026-0992-02.patch @@ -0,0 +1,336 @@ +From f8399e62a31095bf1ced01827c33f9b29494046f Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Fri, 19 Dec 2025 12:27:54 +0100 +Subject: [PATCH] testcatalog: Add new tests for catalog.c + +Adds a new test program to run specific tests related to catalog +parsing. + +This initial version includes a couple of tests, the first one to check +the infinite recursion detection related to: +https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018. + +The second one tests the nextCatalog element repeated parsing, related +to: +https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 +https://gitlab.gnome.org/GNOME/libxml2/-/issues/1040 + +CVE: CVE-2026-0992 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/f8399e62a31095bf1ced01827c33f9b29494046f] +Signed-off-by: Peter Marko +--- + CMakeLists.txt | 2 + + Makefile.am | 6 ++ + catalog.c | 63 +++++++++++----- + include/libxml/catalog.h | 2 + + meson.build | 1 + + test/catalogs/catalog-recursive.xml | 3 + + test/catalogs/repeated-next-catalog.xml | 10 +++ + testcatalog.c | 96 +++++++++++++++++++++++++ + 8 files changed, 164 insertions(+), 19 deletions(-) + create mode 100644 test/catalogs/catalog-recursive.xml + create mode 100644 test/catalogs/repeated-next-catalog.xml + create mode 100644 testcatalog.c + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 163661f8..7d5702df 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -488,6 +488,7 @@ if(LIBXML2_WITH_TESTS) + runxmlconf + runsuite + testapi ++ testcatalog + testchar + testdict + testModule +@@ -512,6 +513,7 @@ if(LIBXML2_WITH_TESTS) + if(NOT WIN32) + add_test(NAME testapi COMMAND testapi) + endif() ++ add_test(NAME testcatalog COMMAND testcatalog) + add_test(NAME testchar COMMAND testchar) + add_test(NAME testdict COMMAND testdict) + add_test(NAME testparser COMMAND testparser WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}) +diff --git a/Makefile.am b/Makefile.am +index c51dfd8e..c794eac8 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -20,6 +20,7 @@ check_PROGRAMS = \ + runxmlconf \ + testModule \ + testapi \ ++ testcatalog \ + testchar \ + testdict \ + testlimits \ +@@ -130,6 +131,10 @@ testlimits_SOURCES=testlimits.c + testlimits_DEPENDENCIES = $(DEPS) + testlimits_LDADD= $(LDADDS) + ++testcatalog_SOURCES=testcatalog.c ++testcatalog_DEPENDENCIES = $(DEPS) ++testcatalog_LDADD= $(LDADDS) ++ + testchar_SOURCES=testchar.c + testchar_DEPENDENCIES = $(DEPS) + testchar_LDADD= $(LDADDS) +@@ -179,6 +184,7 @@ check-local: + $(CHECKER) ./runtest$(EXEEXT) + $(CHECKER) ./testrecurse$(EXEEXT) + $(CHECKER) ./testapi$(EXEEXT) ++ $(CHECKER) ./testcatalog$(EXEEXT) + $(CHECKER) ./testchar$(EXEEXT) + $(CHECKER) ./testdict$(EXEEXT) + $(CHECKER) ./testparser$(EXEEXT) +diff --git a/catalog.c b/catalog.c +index 401dbc14..eb889162 100644 +--- a/catalog.c ++++ b/catalog.c +@@ -637,43 +637,54 @@ static void xmlDumpXMLCatalogNode(xmlCatalogEntryPtr catal, xmlNodePtr catalog, + } + } + +-static int +-xmlDumpXMLCatalog(FILE *out, xmlCatalogEntryPtr catal) { +- int ret; +- xmlDocPtr doc; ++static xmlDocPtr ++xmlDumpXMLCatalogToDoc(xmlCatalogEntryPtr catal) { + xmlNsPtr ns; + xmlDtdPtr dtd; + xmlNodePtr catalog; +- xmlOutputBufferPtr buf; ++ xmlDocPtr doc = xmlNewDoc(NULL); ++ if (doc == NULL) { ++ return(NULL); ++ } + +- /* +- * Rebuild a catalog +- */ +- doc = xmlNewDoc(NULL); +- if (doc == NULL) +- return(-1); + dtd = xmlNewDtd(doc, BAD_CAST "catalog", +- BAD_CAST "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN", +-BAD_CAST "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd"); ++ BAD_CAST "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN", ++ BAD_CAST "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd"); + + xmlAddChild((xmlNodePtr) doc, (xmlNodePtr) dtd); + + ns = xmlNewNs(NULL, XML_CATALOGS_NAMESPACE, NULL); + if (ns == NULL) { +- xmlFreeDoc(doc); +- return(-1); ++ xmlFreeDoc(doc); ++ return(NULL); + } + catalog = xmlNewDocNode(doc, ns, BAD_CAST "catalog", NULL); + if (catalog == NULL) { +- xmlFreeNs(ns); +- xmlFreeDoc(doc); +- return(-1); ++ xmlFreeDoc(doc); ++ xmlFreeNs(ns); ++ return(NULL); + } + catalog->nsDef = ns; + xmlAddChild((xmlNodePtr) doc, catalog); +- + xmlDumpXMLCatalogNode(catal, catalog, doc, ns, NULL); + ++ return(doc); ++} ++ ++static int ++xmlDumpXMLCatalog(FILE *out, xmlCatalogEntryPtr catal) { ++ int ret; ++ xmlDocPtr doc; ++ xmlOutputBufferPtr buf; ++ ++ /* ++ * Rebuild a catalog ++ */ ++ doc = xmlDumpXMLCatalogToDoc(catal); ++ if (doc == NULL) { ++ return(-1); ++ } ++ + /* + * reserialize it + */ +@@ -3357,6 +3368,20 @@ xmlCatalogDump(FILE *out) { + + xmlACatalogDump(xmlDefaultCatalog, out); + } ++ ++/** ++ * Dump all the global catalog content as a xmlDoc ++ * This function is just for testing/debugging purposes ++ * ++ * @returns The catalog as xmlDoc or NULL if failed, it must be freed by the caller. ++ */ ++xmlDocPtr ++xmlCatalogDumpDoc(void) { ++ if (!xmlCatalogInitialized) ++ xmlInitializeCatalog(); ++ ++ return xmlDumpXMLCatalogToDoc(xmlDefaultCatalog->xml); ++} + #endif /* LIBXML_OUTPUT_ENABLED */ + + /** +diff --git a/include/libxml/catalog.h b/include/libxml/catalog.h +index 88a7483c..e1bc5feb 100644 +--- a/include/libxml/catalog.h ++++ b/include/libxml/catalog.h +@@ -119,6 +119,8 @@ XMLPUBFUN void + #ifdef LIBXML_OUTPUT_ENABLED + XMLPUBFUN void + xmlCatalogDump (FILE *out); ++XMLPUBFUN xmlDocPtr ++ xmlCatalogDumpDoc (void); + #endif /* LIBXML_OUTPUT_ENABLED */ + XMLPUBFUN xmlChar * + xmlCatalogResolve (const xmlChar *pubID, +diff --git a/meson.build b/meson.build +index 1cd89f09..4bf17f6c 100644 +--- a/meson.build ++++ b/meson.build +@@ -539,6 +539,7 @@ checks = { + # Disabled for now, see #694 + # 'testModule': [], + 'testapi': [], ++ 'testcatalog': [], + 'testchar': [], + 'testdict': [], + 'testlimits': [], +diff --git a/test/catalogs/catalog-recursive.xml b/test/catalogs/catalog-recursive.xml +new file mode 100644 +index 00000000..3b3d03f9 +--- /dev/null ++++ b/test/catalogs/catalog-recursive.xml +@@ -0,0 +1,3 @@ ++ ++ ++ +diff --git a/test/catalogs/repeated-next-catalog.xml b/test/catalogs/repeated-next-catalog.xml +new file mode 100644 +index 00000000..76d34c3c +--- /dev/null ++++ b/test/catalogs/repeated-next-catalog.xml +@@ -0,0 +1,10 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/testcatalog.c b/testcatalog.c +new file mode 100644 +index 00000000..86d33bd0 +--- /dev/null ++++ b/testcatalog.c +@@ -0,0 +1,96 @@ ++/* ++ * testcatalog.c: C program to run libxml2 catalog.c unit tests ++ * ++ * To compile on Unixes: ++ * cc -o testcatalog `xml2-config --cflags` testcatalog.c `xml2-config --libs` -lpthread ++ * ++ * See Copyright for the status of this software. ++ * ++ * Author: Daniel Garcia ++ */ ++ ++ ++#include "libxml.h" ++#include ++ ++#ifdef LIBXML_CATALOG_ENABLED ++#include ++ ++/* Test catalog resolve uri with recursive catalog */ ++static int ++testRecursiveDelegateUri(void) { ++ int ret = 0; ++ const char *cat = "test/catalogs/catalog-recursive.xml"; ++ const char *entity = "/foo.ent"; ++ xmlChar *resolved = NULL; ++ ++ xmlInitParser(); ++ xmlLoadCatalog(cat); ++ ++ /* This should trigger recursive error */ ++ resolved = xmlCatalogResolveURI(BAD_CAST entity); ++ if (resolved != NULL) { ++ fprintf(stderr, "CATALOG-FAILURE: Catalog %s entity should fail to resolve\n", entity); ++ ret = 1; ++ } ++ xmlCatalogCleanup(); ++ ++ return ret; ++} ++ ++/* Test parsing repeated NextCatalog */ ++static int ++testRepeatedNextCatalog(void) { ++ int ret = 0; ++ int i = 0; ++ const char *cat = "test/catalogs/repeated-next-catalog.xml"; ++ const char *entity = "/foo.ent"; ++ xmlDocPtr doc = NULL; ++ xmlNodePtr node = NULL; ++ ++ xmlInitParser(); ++ ++ xmlLoadCatalog(cat); ++ /* To force the complete recursive load */ ++ xmlCatalogResolveURI(BAD_CAST entity); ++ /** ++ * Ensure that the doc doesn't contain the same nextCatalog ++ */ ++ doc = xmlCatalogDumpDoc(); ++ xmlCatalogCleanup(); ++ ++ if (doc == NULL) { ++ fprintf(stderr, "CATALOG-FAILURE: Failed to dump the catalog\n"); ++ return 1; ++ } ++ ++ /* Just the root "catalog" node with a series of nextCatalog */ ++ node = xmlDocGetRootElement(doc); ++ node = node->children; ++ for (i=0; node != NULL; node=node->next, i++) {} ++ if (i > 1) { ++ fprintf(stderr, "CATALOG-FAILURE: Found %d nextCatalog entries and should be 1\n", i); ++ ret = 1; ++ } ++ ++ xmlFreeDoc(doc); ++ ++ return ret; ++} ++ ++int ++main(void) { ++ int err = 0; ++ ++ err |= testRecursiveDelegateUri(); ++ err |= testRepeatedNextCatalog(); ++ ++ return err; ++} ++#else ++/* No catalog, so everything okay */ ++int ++main(void) { ++ return 0; ++} ++#endif diff --git a/meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch b/meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch new file mode 100644 index 00000000000..be9759feb43 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2026-0992-03.patch @@ -0,0 +1,33 @@ +From deed3b7873dff30b7f87f7f33154c9932a772522 Mon Sep 17 00:00:00 2001 +From: Daniel Garcia Moreno +Date: Sun, 18 Jan 2026 19:47:11 +0100 +Subject: [PATCH] catalog: Do not check value for duplication nextCatalog + +The value field stores the path as it appears in the catalog definition, +the URL is built using xmlBuildURI that changes the relative paths to +absolute. + +This change fixes the issue of using relative path to the same catalog +in the same file. + +Fix https://gitlab.gnome.org/GNOME/libxml2/-/issues/1040 + +CVE: CVE-2026-0992 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/deed3b7873dff30b7f87f7f33154c9932a772522] +Signed-off-by: Peter Marko +--- + catalog.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/catalog.c b/catalog.c +index eb889162..ba9ee7ae 100644 +--- a/catalog.c ++++ b/catalog.c +@@ -1247,7 +1247,6 @@ xmlParseXMLCatalogNode(xmlNodePtr cur, xmlCatalogPrefer prefer, + while (prev != NULL) { + if ((prev->type == XML_CATA_NEXT_CATALOG) && + (xmlStrEqual (prev->URL, entry->URL)) && +- (xmlStrEqual (prev->value, entry->value)) && + (prev->prefer == entry->prefer) && + (prev->group == entry->group)) { + if (xmlDebugCatalogs) diff --git a/meta/recipes-core/libxml/libxml2_2.14.6.bb b/meta/recipes-core/libxml/libxml2_2.14.6.bb index b881a89a5ff..78ecece6662 100644 --- a/meta/recipes-core/libxml/libxml2_2.14.6.bb +++ b/meta/recipes-core/libxml/libxml2_2.14.6.bb @@ -21,7 +21,9 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://CVE-2025-6021.patch \ file://CVE-2026-0989.patch \ file://CVE-2026-0990.patch \ - file://CVE-2026-0992.patch \ + file://CVE-2026-0992-01.patch \ + file://CVE-2026-0992-02.patch \ + file://CVE-2026-0992-03.patch \ " SRC_URI[archive.sha256sum] = "7ce458a0affeb83f0b55f1f4f9e0e55735dbfc1a9de124ee86fb4a66b597203a" From patchwork Tue Feb 3 10:16:50 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80341 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E7D0FE6E7EE for ; Tue, 3 Feb 2026 10:19:44 +0000 (UTC) Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13495.1770113977942620414 for ; Tue, 03 Feb 2026 02:19:38 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=liP2Esfn; spf=pass (domain: smile.fr, ip: 209.85.221.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-435903c4040so3622225f8f.3 for ; Tue, 03 Feb 2026 02:19:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113976; x=1770718776; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=SHCdsru3/MN+Tcw2tlTxxKHtVmAQ7+P24Td+PVWVqWs=; b=liP2EsfnCedVYFRuJfGWwrs9bhGACPZngPZCjG9r4nJUGJnRohMI5VgK6sna+irkr1 3bgpeQUZlxh5DL/wigCgY38wZYD/VHppRrUCqOfTaQJSLYgdfiU3XG6xkZKDKKR7anGs tPVfa1X1BulgSDrCtpDcqaeEQMNxy6YtTBRkg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113976; x=1770718776; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=SHCdsru3/MN+Tcw2tlTxxKHtVmAQ7+P24Td+PVWVqWs=; b=wXL8RCXL0Zu1xBqk56JdPvvU2fRXTkeLNeRtVj6xnuvXlA71VaOsaVVaqEbVYOmHTK yqfhzFUNd+JpIk5cPE6cYjTAct6K4qweA0adzQJpQj2Vm8/2C2Bv8ZqlQDMppUzTtIba I5xAMSzLzBH99qn50CYpEBea9rdtR5VYCwFZ2g/9yIFrtdXQSIdGWj94FTcO5gpDeQwY 7nWtFdg+dE51O8qh2jhO15hHZMXB8qiWqrenWhDU88pPF3fCJqWCVdX0BcXSQ4XmOU4X 3MF9l8GMHkAiE02H3bn9yca9SNpBsaa6g1OwLxT8w1ZyDQfcJZwwyIrZGYq5fGsUSH0Q HvJA== X-Gm-Message-State: AOJu0YwT3IejSl/L7U2maAQf8fHOGSQb8/D5BSzKQoe1FcW8n8l7+Ozj 3Z+a4U24OUcP+t1jQq7C8Mx4k4fOMPxcWntglt/3yICospC0D/Nbbf80maAPCMH95qs+FAMg7/i qrycD2uc= X-Gm-Gg: AZuq6aIDTcqxS0qb0nEqwSmy9nT3hGO3rLnFGY5swGJ/9rOhaceB6YpW7nNcMCJSpFj vGJ7AOClIy2873yMrGkh5YO1rq9V9fdSyb2bUCmvLWt2ehREwXsKUtTr8ZS+jfBEXZz0UDbW/8e 6+twDVBN76EOsoogYkvTmIzk86RuVjkU+89nL1BBrh1HOMjOnGJurpUM2AJ58yEK5wcwHbVndns JI8SqAgmyCpL3pqhbd//qy1Fjor2m/lvGF33caVwM1aOkqhJNKWaaYx/NxLTcgwoV281YeBenA6 xlcDlepcOIM2CIzNZGWFZEkIFBFChN018TDidT7HaGEA8SSaBGDdTqAacvSrXhyQ1sseOaPY3Re +kUb99hMZwNU5DmNRja1HDaTWO/WWDtx26BH3y2V9EACY63IDfWYx4m2+8m13dX4LURFIsRNLLR xRTwfMQPkQ0n9b/ehUx/tdBgEE3jaHP1MFQR3z/UBnxG/xq1yReAw0Y5lzdyv42BW5WbP3Bw0pG RvUbLE2l6UlEZc= X-Received: by 2002:a05:6000:61e:b0:430:f985:a7b2 with SMTP id ffacd0b85a97d-435f3ab59bemr21277596f8f.51.1770113975891; Tue, 03 Feb 2026 02:19:35 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:35 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 21/22] expat: upgrade 2.7.3 -> 2.7.4 Date: Tue, 3 Feb 2026 11:16:50 +0100 Message-ID: <161a9eac37a60d5ce36b1c0e5727f8fbe2249e06.1770109549.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230449 From: Peter Marko Changelog [1]: Security fixes: #1131 CVE-2026-24515 -- Function XML_ExternalEntityParserCreate failed to copy the encoding handler data passed to XML_SetUnknownEncodingHandler from the parent to the new subparser. This can cause a NULL dereference (CWE-476) from external entities that declare use of an unknown encoding. The expected impact is denial of service. It takes use of both functions XML_ExternalEntityParserCreate and XML_SetUnknownEncodingHandler for an application to be vulnerable. #1075 CVE-2026-25210 -- Add missing check for integer overflow related to buffer size determination in function doContent Bug fixes: #1073 lib: Fix missing undoing of group size expansion in doProlog failure cases #1107 xmlwf: Fix a memory leak #1104 WASI: Fix format specifiers for 32bit WASI SDK Other changes: #1105 lib: Fix strict aliasing #1106 lib: Leverage feature "flexible array member" of C99 #1051 lib: Swap (size_t)(-1) for C99 equivalent SIZE_MAX #1109 lib|xmlwf: Return NULL instead of 0 for pointers #1068 lib|Windows: Clean up use of macro _MSC_EXTENSIONS with MSVC #1112 lib: Remove unused import #1110 xmlwf: Warn about XXE in --help output (and man page) #1102 #1103 WASI: Stop using getpid ... and additional docs/autotools/cmake/infrastructure changes [1] https://github.com/libexpat/libexpat/blob/R_2_7_4/expat/Changes Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- meta/recipes-core/expat/{expat_2.7.3.bb => expat_2.7.4.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-core/expat/{expat_2.7.3.bb => expat_2.7.4.bb} (92%) diff --git a/meta/recipes-core/expat/expat_2.7.3.bb b/meta/recipes-core/expat/expat_2.7.4.bb similarity index 92% rename from meta/recipes-core/expat/expat_2.7.3.bb rename to meta/recipes-core/expat/expat_2.7.4.bb index 069254e13c3..95a1ed52c41 100644 --- a/meta/recipes-core/expat/expat_2.7.3.bb +++ b/meta/recipes-core/expat/expat_2.7.4.bb @@ -15,7 +15,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/R_${VERSION_TAG}/expat-${PV}.tar.bz2 \ GITHUB_BASE_URI = "https://github.com/libexpat/libexpat/releases/" UPSTREAM_CHECK_REGEX = "releases/tag/R_(?P.+)" -SRC_URI[sha256sum] = "59c31441fec9a66205307749eccfee551055f2d792f329f18d97099e919a3b2f" +SRC_URI[sha256sum] = "e6af11b01e32e5ef64906a5cca8809eabc4beb7ff2f9a0e6aabbd42e825135d0" EXTRA_OECMAKE:class-native += "-DEXPAT_BUILD_DOCS=OFF" From patchwork Tue Feb 3 10:16:51 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 80343 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 02547E6E7EC for ; Tue, 3 Feb 2026 10:19:45 +0000 (UTC) Received: from mail-wr1-f49.google.com (mail-wr1-f49.google.com [209.85.221.49]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.13496.1770113978512983091 for ; Tue, 03 Feb 2026 02:19:38 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Wgdq0MKE; spf=pass (domain: smile.fr, ip: 209.85.221.49, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f49.google.com with SMTP id ffacd0b85a97d-42fbc544b09so5015751f8f.1 for ; Tue, 03 Feb 2026 02:19:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1770113977; x=1770718777; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=043g8tVyPluDOMQRX2rLEAAAMB3QM5vHiwDR8dAWvGw=; b=Wgdq0MKEh9zmlFkyKAkpNsu1qIiWb7YiQKJODEPJvceodbGcy4+4Vi6vgSL0MW/Re+ yaluRKUT/ccFm5GjXBM6GtODkDChW28/rwP84yCWtqv9vAt5qV6MmJCIS5DmiwzMgKdl WxuAiyEKP11FAxCnO2qEMp0Ft9U6+IhDjQ5nc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770113977; x=1770718777; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=043g8tVyPluDOMQRX2rLEAAAMB3QM5vHiwDR8dAWvGw=; b=PJn/80pdtoJF1NtC/h+ESya4RsPNjPpyuK7aDgAbYXDUbHjzsr9AbmSmehcLnQTbhv J97zQaB3mKXob90lgEREkt/cjY5YEuIRHTDgX3yLhKotM9OBub/F39N9o4E66nt4RFjT zgRza7kDMZnVfB3eakN/WTjafk0h7tdfIWG7Y6phCZqVNmbuI9GkTVwrauP5ciGCUeMc gQaxDRySLvO527SWii176fg72c++vK7SHq/JtDy8xZPCfCEvKTUU6cpr+bJAKRgRLsZo Be9UC2FH2/1CkPPEWZo2k6sb7dqv8LNV41UoZVIKVKtj0oLWopFbZifrxv+0CGVesMbv glkg== X-Gm-Message-State: AOJu0Yx7vYEk+DbQevVVN45KYZn+RfWP9Vh9SUbkTTrR2vBaR6iF0lQS idHSpzrrtCvzIaLkR3G/b0V/bTlHPZCIvRVB4McEiIBY+rbWbSI/ahWaAcGYw3J+NJ4CJ2c8tkL 7VWEXJgk= X-Gm-Gg: AZuq6aLkVi0iLD2x7l7R9n3rnkoODYu4W0/JLCu9IsKp3P1z6b55qXljrs6PmtkzHg0 KvwcRv+FrKWR4xaftQN9dJMKJUOv1h8kzasA4a32fFxe6apDImS+IFIKnbty6eCJoqGPBNCmkZh waaziGBcjvP/VHzPv80BgJQO8lRizEMbPJI6/zCc1WwSt1yI6r0zFoSN8lmkyknTDzEVmEC2nUM z6iK6NcbuUUsWeDrxxkLzRlt9OSzfNwMPuWvAUSKz4cvO7EPojponfKn7TILIkG15IVliTkUnRh uAMWcQ2Hei0eU+NBn3Ae2xAePuBAxkaJoph2LspKKCrt3gMDTQgTBfFFOvfTEwm8vdzLAvrWbDq UbBFmKoeGe1at0ohOi63a+O6LhZXrqw7mSUFLkXDXWhAoy39wy6+FoFo64uRdMmZLq6LCjhcy+g z9wYrlnRZ4p/nqq4pFP5WjfFDgx5ET4utL2e40FmbGdoqGKYug3YW/Lh3r0DVptd5WgTHlyfF1I 5HhGW+bRK25ros= X-Received: by 2002:a05:6000:604:b0:42f:ba58:6599 with SMTP id ffacd0b85a97d-435f3aa7b4amr21999287f8f.35.1770113976570; Tue, 03 Feb 2026 02:19:36 -0800 (PST) Received: from FRSMI25-LASER.home (2a01cb001331aa00a2e4fb7b0d887544.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:a2e4:fb7b:d88:7544]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-435e131ce70sm52293041f8f.27.2026.02.03.02.19.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Feb 2026 02:19:36 -0800 (PST) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter v2 22/22] inetutils: patch CVE-2026-24061 Date: Tue, 3 Feb 2026 11:16:51 +0100 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 03 Feb 2026 10:19:45 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/230450 From: Peter Marko Pick patches per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2026-24061 Signed-off-by: Peter Marko Signed-off-by: Yoann Congal --- .../inetutils/CVE-2026-24061-01.patch | 38 +++++++++ .../inetutils/CVE-2026-24061-02.patch | 82 +++++++++++++++++++ .../inetutils/inetutils_2.6.bb | 2 + 3 files changed, 122 insertions(+) create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch create mode 100644 meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch diff --git a/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch b/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch new file mode 100644 index 00000000000..9c05df22c7c --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-01.patch @@ -0,0 +1,38 @@ +From fd702c02497b2f398e739e3119bed0b23dd7aa7b Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Tue, 20 Jan 2026 01:10:36 -0800 +Subject: [PATCH] Fix injection bug with bogus user names + +Problem reported by Kyu Neushwaistein. +* telnetd/utility.c (_var_short_name): +Ignore user names that start with '-' or contain shell metacharacters. + +Signed-off-by: Simon Josefsson + +CVE: CVE-2026-24061 +Upstream-Status: Backport [https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b] +Signed-off-by: Peter Marko +--- + telnetd/utility.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/telnetd/utility.c b/telnetd/utility.c +index b486226e..c02cd0e6 100644 +--- a/telnetd/utility.c ++++ b/telnetd/utility.c +@@ -1733,7 +1733,14 @@ _var_short_name (struct line_expander *exp) + return user_name ? xstrdup (user_name) : NULL; + + case 'U': +- return getenv ("USER") ? xstrdup (getenv ("USER")) : xstrdup (""); ++ { ++ /* Ignore user names starting with '-' or containing shell ++ metachars, as they can cause trouble. */ ++ char const *u = getenv ("USER"); ++ return xstrdup ((u && *u != '-' ++ && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")]) ++ ? u : ""); ++ } + + default: + exp->state = EXP_STATE_ERROR; diff --git a/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch b/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch new file mode 100644 index 00000000000..62df504e60d --- /dev/null +++ b/meta/recipes-connectivity/inetutils/inetutils/CVE-2026-24061-02.patch @@ -0,0 +1,82 @@ +From ccba9f748aa8d50a38d7748e2e60362edd6a32cc Mon Sep 17 00:00:00 2001 +From: Simon Josefsson +Date: Tue, 20 Jan 2026 14:02:39 +0100 +Subject: [PATCH] telnetd: Sanitize all variable expansions + +* telnetd/utility.c (sanitize): New function. +(_var_short_name): Use it for all variables. + +CVE: CVE-2026-24061 +Upstream-Status: Backport [https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc] +Signed-off-by: Peter Marko +--- + telnetd/utility.c | 32 ++++++++++++++++++-------------- + 1 file changed, 18 insertions(+), 14 deletions(-) + +diff --git a/telnetd/utility.c b/telnetd/utility.c +index c02cd0e6..b21ad961 100644 +--- a/telnetd/utility.c ++++ b/telnetd/utility.c +@@ -1684,6 +1684,17 @@ static void _expand_cond (struct line_expander *exp); + static void _skip_block (struct line_expander *exp); + static void _expand_block (struct line_expander *exp); + ++static char * ++sanitize (const char *u) ++{ ++ /* Ignore values starting with '-' or containing shell metachars, as ++ they can cause trouble. */ ++ if (u && *u != '-' && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")]) ++ return u; ++ else ++ return ""; ++} ++ + /* Expand a variable referenced by its short one-symbol name. + Input: exp->cp points to the variable name. + FIXME: not implemented */ +@@ -1710,13 +1721,13 @@ _var_short_name (struct line_expander *exp) + return xstrdup (timebuf); + + case 'h': +- return xstrdup (remote_hostname); ++ return xstrdup (sanitize (remote_hostname)); + + case 'l': +- return xstrdup (local_hostname); ++ return xstrdup (sanitize (local_hostname)); + + case 'L': +- return xstrdup (line); ++ return xstrdup (sanitize (line)); + + case 't': + q = strchr (line + 1, '/'); +@@ -1724,23 +1735,16 @@ _var_short_name (struct line_expander *exp) + q++; + else + q = line; +- return xstrdup (q); ++ return xstrdup (sanitize (q)); + + case 'T': +- return terminaltype ? xstrdup (terminaltype) : NULL; ++ return terminaltype ? xstrdup (sanitize (terminaltype)) : NULL; + + case 'u': +- return user_name ? xstrdup (user_name) : NULL; ++ return user_name ? xstrdup (sanitize (user_name)) : NULL; + + case 'U': +- { +- /* Ignore user names starting with '-' or containing shell +- metachars, as they can cause trouble. */ +- char const *u = getenv ("USER"); +- return xstrdup ((u && *u != '-' +- && !u[strcspn (u, "\t\n !\"#$&'()*;<=>?[\\^`{|}~")]) +- ? u : ""); +- } ++ return xstrdup (sanitize (getenv ("USER"))); + + default: + exp->state = EXP_STATE_ERROR; diff --git a/meta/recipes-connectivity/inetutils/inetutils_2.6.bb b/meta/recipes-connectivity/inetutils/inetutils_2.6.bb index 9dcd4946943..967ecdd4426 100644 --- a/meta/recipes-connectivity/inetutils/inetutils_2.6.bb +++ b/meta/recipes-connectivity/inetutils/inetutils_2.6.bb @@ -18,6 +18,8 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \ file://rsh.xinetd.inetutils \ file://telnet.xinetd.inetutils \ file://tftpd.xinetd.inetutils \ + file://CVE-2026-24061-01.patch \ + file://CVE-2026-24061-02.patch \ " inherit autotools gettext update-alternatives texinfo