From patchwork Fri Feb 6 08:20:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80544 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8AA90EB28D6 for ; Fri, 6 Feb 2026 08:21:00 +0000 (UTC) Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6907.1770366050904333960 for ; Fri, 06 Feb 2026 00:20:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=crgK3Efs; spf=pass (domain: gmail.com, ip: 209.85.221.41, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f41.google.com with SMTP id ffacd0b85a97d-432d2c7dd52so1910820f8f.2 for ; Fri, 06 Feb 2026 00:20:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770366049; x=1770970849; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=Fc9Z3WDxjdhXtlJr4ImBI1LWDtmRXZ4R4RjvmbNHdXQ=; b=crgK3Efs9ITW3RcJwD57g/yOc5/T7Y7TaaIN0vspgmMwaTes2bbcqiZfi4dkSoEcr2 fL8kCPyDOSEmandMjYV2z1w+sQDu8sMkVDF7lzasBlNJgEFj7Rst00xevbRuAezRXzmO 8K8UzSTgxHBRCo1FF8DOPJDdKgQnZwqafUGEBsGtZSmVxtzTlp5zhG68pPmsDK84ux2e o/NktrZa8kpLo0o82IULWmZGL5XcKvEqqXP93yiXYfrPSDvFC/spoZLTtj7DBx4NPclV U+U7Ho85ZV6zZsp+CjKD8dRigssU9oD5cQQ6sKPqaW4oS61QliiyOac9edvm2NJnLD6A ALDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770366049; x=1770970849; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Fc9Z3WDxjdhXtlJr4ImBI1LWDtmRXZ4R4RjvmbNHdXQ=; b=oIg2uzg4z3+S2n/ZTUoGCnJhVZBHyn/5OcBWiop0gNgNtRx5zVu090cLNnlA/+gQZT quC02kJt5lTvkGNXgyVMM/CwHyHc+Ec72qXNFNUYWaJSop4Wrdg+UATchQF5k4g3VzLV k2SnaTMagnrSQXGXb7vcR/agxl0ln125vXnS0TOcLgD3XJF7pP54acqUt9I3Pp4S3Hq+ de22P6/FsrakDaYuOzrxNDjzkY7MLI88B+0Xr0bjbdBGd5viwAx0NqcWQpo49WSvDVdN e1n78le5bOUjqHL9707l3ZhqMMZaonPyyYuuIDXFeqWGf2uosDCSJpNqpqNpE7JG/dID 3zzg== X-Gm-Message-State: AOJu0Yx6qLnndOPIhkjM+F6d/YrinPLddesaumIXTKxlOkAc2ySN8+EK R5ikKON+l8N0ix/cAJw/sON5sX4TZaR8Uqf6Ak7Vu3MUkus+JcZtcBMLDP++5g== X-Gm-Gg: AZuq6aIUzDJ2kVlDX1szvDe3pHQlK0JNX8jC+tuOZlFwgbwVonH0RrNFP/y+g9ywUtd XVAHyfW6W/IS3sLh0OA+oLEa8huGIOUqUzXW9cMMC0Uc//sDLouU0Kd2PGVnR5KnPQ14ddBTmUG eO1siXJYmT38P/WdobTSECa2g7RTJj55iu/qc1UfrmOIEf3Ql/BR8xJ2VUJnneHWDecHoajo8PR ejNvbeuB8e9Mjd0+Whzo1Vhm6cbMThMDVhJ1g5UkKBuFDB+kPFH3s9rZyypnfXl091ZDair/JPL sKoDbaw5FT2lVy71Y6QfEU13IksdVCejmJGHA55zlroecHP0zVwsRPfKcmHPyRYIucevVo+xOJ1 /y47r/ZUPiZWCXy5GwWi8jGBX+IpllL5vvxTh+yRs892QfBdzmFbrq7XEuUmj5QkNRRhjpjnjGH x4FpBpEoiq X-Received: by 2002:a05:6000:1acf:b0:42f:b9c6:c89a with SMTP id ffacd0b85a97d-4362938b3b0mr2571849f8f.49.1770366049164; Fri, 06 Feb 2026 00:20:49 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4362975ac28sm4332200f8f.42.2026.02.06.00.20.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Feb 2026 00:20:48 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 1/8] fontforge: patch CVE-2025-15279 Date: Fri, 6 Feb 2026 09:20:41 +0100 Message-ID: <20260206082048.1442403-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Feb 2026 08:21:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124230 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15279 Pick the patch that mentions this vulnerability ID explicitly. Also, this patch has caused some regression - pick the patch also that fixed that regression. Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal (cherry picked from commit 21418bce907ee06695d29f8ad759f2d9dfeed5b9) Signed-off-by: Gyorgy Sarvari --- .../fontforge/CVE-2025-15279-1.patch | 41 +++++++++++++++++++ .../fontforge/CVE-2025-15279-2.patch | 34 +++++++++++++++ .../fontforge/fontforge_20230101.bb | 5 ++- 3 files changed, 79 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch new file mode 100644 index 0000000000..91306c57c6 --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-1.patch @@ -0,0 +1,41 @@ +From 545b5eedf2a6866aecc04102f2e0853089cb760e Mon Sep 17 00:00:00 2001 +From: Ahmet Furkan Kavraz + <55850855+ahmetfurkankavraz@users.noreply.github.com> +Date: Thu, 8 Jan 2026 15:47:43 +0100 +Subject: [PATCH] Fix CVE-2025-15279: Heap buffer overflow in BMP RLE + decompression (#5720) + +CVSS: 7.8 (High) +ZDI-CAN-27517 +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15279 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/7d67700cf8888e0bb37b453ad54ed932c8587073] +Signed-off-by: Gyorgy Sarvari +--- + gutils/gimagereadbmp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/gutils/gimagereadbmp.c b/gutils/gimagereadbmp.c +index 5a137e28a..133336787 100644 +--- a/gutils/gimagereadbmp.c ++++ b/gutils/gimagereadbmp.c +@@ -181,12 +181,18 @@ static int readpixels(FILE *file,struct bmpheader *head) { + int ii = 0; + while ( iiheight*head->width ) { + int cnt = getc(file); ++ if (cnt < 0 || ii + cnt > head->height * head->width) { ++ return 0; ++ } + if ( cnt!=0 ) { + int ch = getc(file); + while ( --cnt>=0 ) + head->byte_pixels[ii++] = ch; + } else { + cnt = getc(file); ++ if (cnt < 0 || ii + cnt > head->height * head->width) { ++ return 0; ++ } + if ( cnt>= 3 ) { + int odd = cnt&1; + while ( --cnt>=0 ) diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch new file mode 100644 index 0000000000..8ef833ff63 --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15279-2.patch @@ -0,0 +1,34 @@ +From 3bbdf6c7c161ff45d793e3bf5047720156e466ae Mon Sep 17 00:00:00 2001 +From: Ahmet Furkan Kavraz + <55850855+ahmetfurkankavraz@users.noreply.github.com> +Date: Mon, 12 Jan 2026 22:45:16 +0100 +Subject: [PATCH] Fix CVE-2025-15279: Move bounds check inside cnt >= 3 block + (#5723) + +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15279 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/720ea95020c964202928afd2e93b0f5fac11027e] +Signed-off-by: Gyorgy Sarvari +--- + gutils/gimagereadbmp.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/gutils/gimagereadbmp.c b/gutils/gimagereadbmp.c +index 133336787..ad365158c 100644 +--- a/gutils/gimagereadbmp.c ++++ b/gutils/gimagereadbmp.c +@@ -190,10 +190,10 @@ static int readpixels(FILE *file,struct bmpheader *head) { + head->byte_pixels[ii++] = ch; + } else { + cnt = getc(file); +- if (cnt < 0 || ii + cnt > head->height * head->width) { +- return 0; +- } + if ( cnt>= 3 ) { ++ if (ii + cnt > head->height * head->width) { ++ return 0; ++ } + int odd = cnt&1; + while ( --cnt>=0 ) + head->byte_pixels[ii++] = getc(file); diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb index d470ff12d4..c625566f69 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb @@ -21,7 +21,10 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ file://0001-cmake-Use-alternate-way-to-detect-libm.patch \ file://0001-Fix-Translations-containing-invalid-directives-hs.patch \ file://CVE-2024-25081_CVE-2024-25082.patch \ -" + file://CVE-2025-15279-1.patch \ + file://CVE-2025-15279-2.patch \ + " + S = "${WORKDIR}/git" EXTRA_OECMAKE = "-DENABLE_DOCS=OFF" From patchwork Fri Feb 6 08:20:42 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80548 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C10BEB28E9 for ; Fri, 6 Feb 2026 08:21:00 +0000 (UTC) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.7169.1770366051449445518 for ; Fri, 06 Feb 2026 00:20:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Bpj5LxTJ; spf=pass (domain: gmail.com, ip: 209.85.221.42, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-4362d4050c1so106336f8f.2 for ; Fri, 06 Feb 2026 00:20:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770366050; x=1770970850; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uJ1521A1+82BUNlbkKdMAhlPLcZ54yhzqANuzblx0Do=; b=Bpj5LxTJTXKiOyLqhB7NpqljsnBBHDl9Ux5XmaL4YE6eYrNRk0TnEftVl/mCdUeYAF TsJ+FwfLoly1AfJsqRuI2XhHmj8zUmEB55BHbZm9H3hUU0gipPSM4bGvTaC0eawmxkVE T5lg9pAU68szfUFAWS4mGVWqGtOTR7CerKybcgnsm42+2iOZEp94CnZq+7CSSEYWnAUm Vdzl42462LhsTT0804hCeDndshZ9GH7YBJ1hEFffeoNljag+pAkLdpxa7Nz8VZfUoQWY cml+95df0ggEzjE2BbrQnTzlGFigF1ckc0P4BKx/NhMPHojie1pc6oazBQCe0GkUfCO0 ++QQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770366050; x=1770970850; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=uJ1521A1+82BUNlbkKdMAhlPLcZ54yhzqANuzblx0Do=; b=RdmKmp+GY37gNPkXkVpp8bzIwqLO1yV7szxGBW2XmUcwNe/ES9BdkPuxRxNZQS1VrP o9IFAuJMw9kP1d3+EarhMvM9jUrnsBcotTd42dpuOaRDNv4hC9C8WfiDcoPl10W4AJSo 1Q6afOkIknnyKAPdiQGGl2p00q1I8dYW4BGzvhcOYgcc1Dj62oNCQIE6SdJN3UMyUFyK OYHY9BsKMySExCYIe0+EPcKcapVciIe0DcIPdfHodU7PzX1Cj+Z8pYrgO/hX975cLy79 Ch4TFLdg5Cucm/AShrEl4gV5V57+zARH3dDZCGzhNyU9hV6JXUIJ0o3JD1WjIDEiW9p0 1eRQ== X-Gm-Message-State: AOJu0YzRQfcyzjvOVfcfwtbugpLeg5CAMn4PKFmg8J3d4zrPP+8k5Yc0 9bw45tKSCYEbxGOlmV+mt8n7B4AbexiveoV607uakI5dYkh6y7iKYw+LL8nAOg== X-Gm-Gg: AZuq6aIyNe1HmTy6GjEzUTVtHGZ0VxoE7N+apB6LvgGY+O0mtfR+Kd83RXN7V0v/oKa 74N45q2sjKZjOaLJMAxCwD7k3q2JElri2Abzre7GA9p0JGa/3xwYHjV+8rcA9JINuuGn3wp+DOY 4/xBEFAEVPJoLlSsGEv3+BpLj4sqmFoPKIOwsoijfDafYcvuwVt8L96THY5fGPKRXFyPTlURBLW WN/1xX2NU13gJkF2XMkYZRcTy1J1wgihRVpTVFLYB7aHmQY2pHDEOeB80elcupJNsvRXtjEFRu1 OuWOZ/DCQWLfl5nrhMT7J8Bu1Nuv4xp9JEh39XVsRaxiBnsf+t9K1SJSZROdN9jqEUpxlMOCavL 59nzl+pr4okfFTfqjggOCpCwP/jjyU2ME/omII9WnfX5oNmFf5AmKG9te9oxso8LaJarDThGPeg W1ggFkcaUD X-Received: by 2002:a05:6000:144c:b0:436:1893:f74b with SMTP id ffacd0b85a97d-4362933bd18mr2234423f8f.6.1770366049787; Fri, 06 Feb 2026 00:20:49 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4362975ac28sm4332200f8f.42.2026.02.06.00.20.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Feb 2026 00:20:49 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 2/8] fontforge: patch CVE-2025-15275 Date: Fri, 6 Feb 2026 09:20:42 +0100 Message-ID: <20260206082048.1442403-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260206082048.1442403-1-skandigraun@gmail.com> References: <20260206082048.1442403-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Feb 2026 08:21:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124231 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15275 Pick the patch that mentions this vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal (cherry picked from commit edc3b69cefe42c80e0cf8c5b64acc03a15da5ef7) Signed-off-by: Gyorgy Sarvari --- .../fontforge/fontforge/CVE-2025-15275.patch | 33 +++++++++++++++++++ .../fontforge/fontforge_20230101.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch new file mode 100644 index 0000000000..3574b8ee19 --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15275.patch @@ -0,0 +1,33 @@ +From 4c0658f56faf6d64382721a230ee57038035110a Mon Sep 17 00:00:00 2001 +From: Ahmet Furkan Kavraz + <55850855+ahmetfurkankavraz@users.noreply.github.com> +Date: Fri, 9 Jan 2026 16:58:23 +0100 +Subject: [PATCH] Fix CVE-2025-15275: Heap buffer overflow in SFD image parsing + (#5721) + +Fixes: CVE-2025-15275 | ZDI-25-1189 | ZDI-CAN-28543 + +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15275 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/7195402701ace7783753ef9424153eff48c9af44] +Signed-off-by: Gyorgy Sarvari +--- + fontforge/sfd.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index cd661584b..4db9feebb 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -3724,6 +3724,10 @@ static ImageList *SFDGetImage(FILE *sfd) { + getint(sfd,&image_type); + getint(sfd,&bpl); + getint(sfd,&clutlen); ++ if ( clutlen < 0 || clutlen > 256 ) { ++ LogError(_("Invalid clut length %d in sfd file, must be between 0 and 256"), clutlen); ++ return NULL; ++ } + gethex(sfd,&trans); + image = GImageCreate(image_type,width,height); + base = image->list_len==0?image->u.image:image->u.images[0]; diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb index c625566f69..70667e7f65 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb @@ -23,6 +23,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ file://CVE-2024-25081_CVE-2024-25082.patch \ file://CVE-2025-15279-1.patch \ file://CVE-2025-15279-2.patch \ + file://CVE-2025-15275.patch \ " S = "${WORKDIR}/git" From patchwork Fri Feb 6 08:20:43 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80545 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A2A5BEB28EC for ; Fri, 6 Feb 2026 08:21:00 +0000 (UTC) Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.7170.1770366052169582626 for ; Fri, 06 Feb 2026 00:20:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fGJZLAwL; spf=pass (domain: gmail.com, ip: 209.85.221.50, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-4362aadaf09so335314f8f.2 for ; Fri, 06 Feb 2026 00:20:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770366050; x=1770970850; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=7BPXMlMMJsOdEXfyUStoDZNItN5HeZaymX2C8uwH0BQ=; b=fGJZLAwLAIkljkstNJ3LA4HnlkuAlNd86nqTER8Mt8J1s/AbXT9pOCGFS3bjWnHE+p mxPjzwXuiRxv08F8KKSJ9BsAjBIjOA0FfXeFqfnR8DYrVA5d/+cSHqA7Je0uYK/bDuEw AYAZUgc1cDoICkgMVXyhlkNWY+0Rqig014oSLqZH4/wuOEsvYLVfGtMKwcnGt79Ra2Kc EMklGBvfKEpkfQ/Q7CQrz6yWuqjAo57VBDN0jEd0iUDcr7vgxkZZFUPUvVBQ7F99GmVu MlUrh+7h8R2h8UajaNGE6j4bYIpDVm1Mb3eMf2gmazj1oFqDS5ifdukqmX45TXbSvqEY 8XBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770366050; x=1770970850; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=7BPXMlMMJsOdEXfyUStoDZNItN5HeZaymX2C8uwH0BQ=; b=Ikck0++rP4arOAWXcdECpSyUreRo2Saqamq3qoSfi3ClKlt+L7oKVwyLSnbutS9kQq l2Y7BcxnwUXU2i1RGoVK5E1x7zjPzBIzgf2SndGSLu0BEBLI12HwGW7KsvpZhORY2sOD 5q8GVVmLXZ269lKqMkPhXmhs3W0W9BQqBPrd1MXhLlQoku1LMEFpmpM3p9FZ1ssHP73j ZXi+moKMo6xgybol1zAIdLc+5WNDbgv/I5XdUAb9tM9MHjuaiQHXtyE3wsipJG6SP1Co /DXrIh/brB4O6i9+NRBi3Q0ua8TMXrS3orYPan1jLOez7Cs80O2CAFhDfYu1oc9VqljJ 0kLw== X-Gm-Message-State: AOJu0YzkgbxoHun1rBRSto2qjLTJsvScHe3VmV8SyOUC499A+4NhjES+ RB23eH7Fji87h755UScQFpJX1pc+VAsUNU3q9YMq8/tun2IRMen5rAaEeKvQaA== X-Gm-Gg: AZuq6aLvEmciM/KpyYz4tGCORPTeG7mkRMnA2YRjpUO+9xr223c63/y8kZCYi4Vj3A0 tEELw/uY4Dp872mSdFKteAVPhRXB/83hOEL4uIQRI/9fZGcNyX0Gu6aJdkjr8eZAlQbyCBoUIv9 ubDElCGiZVfcptSrbyXQu4UYJzPaUNq50I6acEZHjQM2Mqd/9PjDsFLNg8xgumpyni5QaS5ACuP Q5XzKcHEy7kK6F/SMuyZmRzJwQEeN8wo11gErSc7ZMMEw2tFdlgaTAqjpTBGB/fRWTRbVetzoIZ Lil14ht4IC0s/G1HwFVYeGpn3HFI0/joR0gKCd4NFdSKCFBKKqbZxsQZHOyl8fNHQG0APWvq31a GfnLNaCvMQ/vC+UEL/21IXXneGmjMCiZJSrzbW0znB/RJbviDYNqMmc7iNLY+zGaY+MdoZM5kWE W4WqE2Q0quWSeC2nCvws8= X-Received: by 2002:a05:6000:4022:b0:430:f68f:ee7d with SMTP id ffacd0b85a97d-4362938c301mr3238294f8f.47.1770366050418; Fri, 06 Feb 2026 00:20:50 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4362975ac28sm4332200f8f.42.2026.02.06.00.20.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Feb 2026 00:20:50 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 3/8] fontforge: patch CVE-2025-15269 Date: Fri, 6 Feb 2026 09:20:43 +0100 Message-ID: <20260206082048.1442403-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260206082048.1442403-1-skandigraun@gmail.com> References: <20260206082048.1442403-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Feb 2026 08:21:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124232 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15269 Pick the patch that refers to this vulnerability ID explicitly. Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal (cherry picked from commit 449999f6767668df4378105b4c79c4a5db5125c3) Signed-off-by: Gyorgy Sarvari --- .../fontforge/fontforge/CVE-2025-15269.patch | 35 +++++++++++++++++++ .../fontforge/fontforge_20230101.bb | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch new file mode 100644 index 0000000000..af04085016 --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15269.patch @@ -0,0 +1,35 @@ +From 904971c570f0697a9052c6fa699f1a2c9b2669a2 Mon Sep 17 00:00:00 2001 +From: Ahmet Furkan Kavraz + <55850855+ahmetfurkankavraz@users.noreply.github.com> +Date: Sat, 10 Jan 2026 20:06:53 +0100 +Subject: [PATCH] Fix CVE-2025-15269: Use-after-free in SFD ligature parsing + (#5722) + +Prevent circular linked list in LigaCreateFromOldStyleMultiple by clearing +the next pointer after shallow copy. The shallow copy propagates liga's +modified next pointer from previous iterations, creating a cycle that +causes double-free when the list is traversed and freed. + +Fixes: CVE-2025-15269 | ZDI-25-1195 | ZDI-CAN-28564 + +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15269 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/6aea6db5da332d8ac94e3501bb83c1b21f52074d] +Signed-off-by: Gyorgy Sarvari +--- + fontforge/sfd.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index 4db9feebb..894176254 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -4786,6 +4786,7 @@ static PST1 *LigaCreateFromOldStyleMultiple(PST1 *liga) { + while ( (pt = strrchr(liga->pst.u.lig.components,';'))!=NULL ) { + new = chunkalloc(sizeof( PST1 )); + *new = *liga; ++ new->pst.next = NULL; + new->pst.u.lig.components = copy(pt+1); + last->pst.next = (PST *) new; + last = new; diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb index 70667e7f65..b1e5ba0b63 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb @@ -24,6 +24,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ file://CVE-2025-15279-1.patch \ file://CVE-2025-15279-2.patch \ file://CVE-2025-15275.patch \ + file://CVE-2025-15269.patch \ " S = "${WORKDIR}/git" From patchwork Fri Feb 6 08:20:44 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80547 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A76E3EB28ED for ; Fri, 6 Feb 2026 08:21:00 +0000 (UTC) Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com [209.85.221.51]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6908.1770366052793254765 for ; Fri, 06 Feb 2026 00:20:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=K8p+Ab9Z; spf=pass (domain: gmail.com, ip: 209.85.221.51, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f51.google.com with SMTP id ffacd0b85a97d-435f177a8f7so422748f8f.1 for ; Fri, 06 Feb 2026 00:20:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770366051; x=1770970851; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MVPzcy1F7yZLy9MMl6UK5SI5n2uJHnM50Grdo/WIloM=; b=K8p+Ab9Z9otPSN+HX15pN4rjIriiqmQpEhSxGe05w0poWHb9kvxY37jTK6QL1d+EWu 21Wb0v8rxNa3cnP+GMVmY+bbt9L9s3t4ZuzGT0SEXOVT3jm1o+xmOwQVBnMSieCnfn31 ON+dhDUj2ncoPFEx3aQJaAM17UhZGR9Z4hq/QElIivYVYSx1Tr52AZ0dbPhjJ+ftk/Su yYAVdbm5mqhgRDto4PhR/KAsxhKIsHbLP2h2kOdvT3fwV0/iJp8Q59bnAOFoqQz0zIrt h4Kgtb39y5pJ4yqLmWjtYbfwrFjkMS805vkxcBNzaN/ZTXLKOiXmN/sE95sA7PVsC8o5 viNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770366051; x=1770970851; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=MVPzcy1F7yZLy9MMl6UK5SI5n2uJHnM50Grdo/WIloM=; b=SjwhVxLQcGvSIMHTDi7AeOuc5lNG+Cfmbl6HijxIkRAW+vx1/4+NpAS9Anfagq7nF1 lTgQ1Wuq/QIpnzuxO2GBjYXs6rE2MK2fy9K7ppzbYOObfcb4B/IS67Sy6YpbTb/L9TPH 3Sh+nOcX0mFGWF6E2bOgXVImMjVRqQXnuHRGkQLHaxsYa5Su8OEo5JNZ0MpSWKj3MGsn LNzcbDFIV1SvYy5BYfVcDEhMp2HUvK20+CCnVKbNVAlwV1mH1msuNow7GN6ZRKyaUR3w KCcvqzY1+PWqroY7uR1D3qu3jxjpBgWYEIxuOwTiu2s3gLkuD3hltwpKVb9fB1bneGRB gWPw== X-Gm-Message-State: AOJu0Yz9Kk9JCHqyjqpQDUqiLoih8W1ccnVjbyg7uEovG1t8/2kl4zMB wDNudLNnMNOKWXJYHqIT8ZBdSk2ZDIQ08f1lTZV6bVAPWC5DUcs4O0ZMDTbuRw== X-Gm-Gg: AZuq6aLwClTZqMLZIo+rXg8+4qK3dYeL8qmK7GBfrZimFVHQU1uncUGCp1qi3HDee59 gkSh8sKXgTxQmsJg/AruZ0FmUdPAU2f+lC86M5XP4DgtAiN3FZ1zRJqDD1b69KzJl3rbcBtw9ci SezQumP2g/7kR0Zk3dteVXH8xJbXUowNTsQpsDQcHAAqHpF8l4OVfHNtpY4zb+ZgAglAMzOO430 zPUQZvcGgmz54LpATSz0RoVeARIYXSWLvWDOhTf1s9GWYtbBKaofnzdGj8N6+8yMhGf1lootkeg cYK6Qpc1NvcN1YpQk3+5sptICW3ZmHQi83W1oOhEJwVXea0/ba6kNE0UH3LlvYF7sxDbVc7Z5Ad 7FwdsOBSpY8o2arnvQlgpt2ERZ+M0tS4etBERTQ9v1UQBoXB6J15XEZ9ZoQUyrnWzd0cAF2CwHm vK8yUNGt2z X-Received: by 2002:a5d:588b:0:b0:432:5b81:480 with SMTP id ffacd0b85a97d-43629341fdbmr3049011f8f.24.1770366051083; Fri, 06 Feb 2026 00:20:51 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4362975ac28sm4332200f8f.42.2026.02.06.00.20.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Feb 2026 00:20:50 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 4/8] fontforge: patch CVE-2025-15270 Date: Fri, 6 Feb 2026 09:20:44 +0100 Message-ID: <20260206082048.1442403-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260206082048.1442403-1-skandigraun@gmail.com> References: <20260206082048.1442403-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Feb 2026 08:21:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124233 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15270 Pick the patch that mentions this vulnerbaility explicitly in its description. Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal (cherry picked from commit 15f2f350cc3c170cb016f824fbccfe2426307abc) Signed-off-by: Gyorgy Sarvari --- .../fontforge/fontforge/CVE-2025-15270.patch | 44 +++++++++++++++++++ .../fontforge/fontforge_20230101.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch diff --git a/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch new file mode 100644 index 0000000000..335aa3f9a2 --- /dev/null +++ b/meta-oe/recipes-graphics/fontforge/fontforge/CVE-2025-15270.patch @@ -0,0 +1,44 @@ +From 647e17c1313b0be5159616e4345e6007e1f377a5 Mon Sep 17 00:00:00 2001 +From: Ahmet Furkan Kavraz + <55850855+ahmetfurkankavraz@users.noreply.github.com> +Date: Sat, 31 Jan 2026 21:23:41 +0100 +Subject: [PATCH] Fix CVE-2025-15270: Heap buffer overflow in SFD kern class + parsing (#5743) + +Fixes: CVE-2025-15270 | ZDI-25-1194 | ZDI-CAN-28563 + +Co-authored-by: Ahmet Furkan Kavraz + +CVE: CVE-2025-15270 +Upstream-Status: Backport [https://github.com/fontforge/fontforge/commit/d01333a5bfa2ac4ed698c24b323d02107deacad7] +Signed-off-by: Gyorgy Sarvari +--- + fontforge/sfd.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/fontforge/sfd.c b/fontforge/sfd.c +index 894176254..3692973fe 100644 +--- a/fontforge/sfd.c ++++ b/fontforge/sfd.c +@@ -8286,6 +8286,10 @@ bool SFD_GetFontMetaData( FILE *sfd, + for ( i=classstart; ifirst_cnt; ++i ) { + if (kernclassversion < 3) { + getint(sfd,&temp); ++ if (temp < 0) { ++ LogError(_("Corrupted SFD file: Invalid kern class name length %d. Aborting load."), temp); ++ return false; ++ } + kc->firsts[i] = malloc(temp+1); kc->firsts[i][temp] = '\0'; + nlgetc(sfd); /* skip space */ + fread(kc->firsts[i],1,temp,sfd); +@@ -8303,6 +8307,10 @@ bool SFD_GetFontMetaData( FILE *sfd, + for ( i=1; isecond_cnt; ++i ) { + if (kernclassversion < 3) { + getint(sfd,&temp); ++ if (temp < 0) { ++ LogError(_("Corrupted SFD file: Invalid kern class name length %d. Aborting load."), temp); ++ return false; ++ } + kc->seconds[i] = malloc(temp+1); kc->seconds[i][temp] = '\0'; + nlgetc(sfd); /* skip space */ + fread(kc->seconds[i],1,temp,sfd); diff --git a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb index b1e5ba0b63..da764538c3 100644 --- a/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb +++ b/meta-oe/recipes-graphics/fontforge/fontforge_20230101.bb @@ -25,6 +25,7 @@ SRC_URI = "git://github.com/${BPN}/${BPN}.git;branch=master;protocol=https \ file://CVE-2025-15279-2.patch \ file://CVE-2025-15275.patch \ file://CVE-2025-15269.patch \ + file://CVE-2025-15270.patch \ " S = "${WORKDIR}/git" From patchwork Fri Feb 6 08:20:45 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80550 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5C62EB28F1 for ; Fri, 6 Feb 2026 08:21:00 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.7171.1770366053673533068 for ; Fri, 06 Feb 2026 00:20:54 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=acpuJU+R; spf=pass (domain: gmail.com, ip: 209.85.221.44, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-4358fb60802so1192933f8f.1 for ; Fri, 06 Feb 2026 00:20:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770366052; x=1770970852; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=P55m+3gSiDogebLbT2XGX4OuMtjTmeL2/AzaVlfQM+A=; b=acpuJU+RNdnqRCdtL1PtUlwOJvz+GxWRnZJb4Ds9KCW16b5r4sjT+Z1o+1ZrA2ZSwT NhZqvPfvdPhmAg0c8vJl7JHRXT2bt34+epuuM21Z4WuE8pzCyJ3dtdIrd4jLNWqJXrML qqp8skAi54qu0FSIr3OapPvVxk1N3XfK+p38ad38mPagsY98edpc6sUY6inKrSwSWdW5 1/+CfamQUMkWNRPoqF9LpQfWBb+fXYr1c99iauu03dJnwEEeZRqPQr4QpI/rGngD38Wm WE/WABef1Etwh0+0BLCgk8/WP+ZYYuew5oB72N502A3TlhO6w8m/R/PH1VL1uznrA2hm 1j9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770366052; x=1770970852; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=P55m+3gSiDogebLbT2XGX4OuMtjTmeL2/AzaVlfQM+A=; b=LA8TbqPBIiPVqv0wgzGVxgFyDrJuGOb9PMC8Nk2A84jLsb7POxDBVIz2CjUZMhujjT PzlEqQu+DksjdcwJO0DFb+16U/3/H7p1ctRo9DXiKe0uGPZCGaoLWDoHaqvPFQh1e40e XBp7O7mMw4FFTpuMc1CDehGs8NRjKpXhk99EejXDZKQuJHyCexbx95gTd9e7Ah3QDRfD h7KIaOMYe0djzAkn/pyvnfen6MTPNRH3WiwQ90KMxHBYttVvtkJSgy96zqV3Di0wiLKZ L0sdD0T/7UtHcDSUNYuJo/9vheHdSlGYO1Npu0EgTxBbZuEbi5bDgV0j3EwukUqIC89E Qerg== X-Gm-Message-State: AOJu0Yya+y1kXadI6R7zXtmue3HKMyo5YGfYStqZ72YCD4EfucI6UieO If86An4NtpiOnX8VIcpnOjztgIbbCdtE/ZV4dswW9EEo5b6qPPxkets89TwRWg== X-Gm-Gg: AZuq6aIS5KXjtOodvKbtCD2up+kmUcTpXzqBerxqeosToTF7R7Ix7KZtFpHUj79/jxw YonOVX2z5MizHR6tKHsVifyGI5Sl32h/eASiu5/NW+rgr5qVmEm+1OCB6xDu2raptF5ga7p04kX 14X4Q9XJ2jUdXOdKOV76vHNcP9a6eLLzjrBuGzzkDiZXyHw6Lgfa7yU+uBReRYILEBiLBJWcvfv MYU2ufMl98//FbLNLj+nTl9wNEuRBfqfdLN9BPQ4ugNTQ+3vlXDEfpuvc0JY/FYN3x+cTXJBCwb ci/71Hr6pzpOj7l15VBtBwexOGgRRclh+uVvveL7JK6/FQOcvISKtrHb2U32hhrZScFWXhboLdt m8n7lxWKnkUx23tLmHtqk4z0mhUZPvqodh4HXBMlwYE4gMxHeh9zRIybu47tWt99zzgJJHcWHgt r8bAsH9M6n X-Received: by 2002:a05:6000:240e:b0:435:a43b:2dde with SMTP id ffacd0b85a97d-4362933ecd8mr3274210f8f.15.1770366051689; Fri, 06 Feb 2026 00:20:51 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4362975ac28sm4332200f8f.42.2026.02.06.00.20.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Feb 2026 00:20:51 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-networking][scarthgap][PATCH 5/8] ez-ipupdate: patch CVE-2003-0887 Date: Fri, 6 Feb 2026 09:20:45 +0100 Message-ID: <20260206082048.1442403-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260206082048.1442403-1-skandigraun@gmail.com> References: <20260206082048.1442403-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Feb 2026 08:21:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124234 Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887 The vulnerability is about the default (example) configurations, which place cache files into the /tmp folder, that is world-writeable. The recommendation would be to place them to a more secure folder. The recipe however does not install these example configurations, and as such it is not vulnerable either. Just to make sure, patch these folders to a non-tmp folder (and also install that folder, empty). Some more discussion about the vulnerability: https://bugzilla.suse.com/show_bug.cgi?id=48161 Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal (cherry picked from commit 0080dd79731efa1cca150730c5ac39bad82f7095) Signed-off-by: Gyorgy Sarvari --- .../ez-ipupdate/ez-ipupdate_3.0.11b7.bb | 7 + .../ez-ipupdate/files/CVE-2003-0887.patch | 158 ++++++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch diff --git a/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb b/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb index 42ecf9bac4..7a392b2c23 100644 --- a/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb +++ b/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb @@ -10,8 +10,15 @@ SRC_URI = "http://sourceforge.net/projects/ez-ipupdate/files/${BPN}/${PV}/${BPN} file://conf_file.c.patch \ file://wformat.patch \ file://0001-ez-ipupdate-Include-time.h-for-time-API-prototype.patch \ + file://CVE-2003-0887.patch \ " SRC_URI[md5sum] = "525be4550b4461fdf105aed8e753b020" SRC_URI[sha256sum] = "a15ec0dc0b78ec7578360987c68e43a67bc8d3591cbf528a323588830ae22c20" inherit autotools pkgconfig + +do_install:append(){ + install -m 0744 -d ${D}${localstatedir}/lib/ez-ipupdate +} + +FILES:${PN} += "${localstatedir}/lib/ez-ipupdate" diff --git a/meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch b/meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch new file mode 100644 index 0000000000..53aa355008 --- /dev/null +++ b/meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch @@ -0,0 +1,158 @@ +From cd8fa738b0ed3b5fb89ac00068fdc2e20c1b6169 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Mon, 2 Feb 2026 14:03:01 +0100 +Subject: [PATCH] CVE-2003-0887 + +The vulnerability is about exmaple config files placing cache files +into a world-writable directory (/tmp) instead of something more +secure. + +This patch changes this path to /var/lib/ez-ipupdate, which is +not world-writable by default. + +CVE: CVE-2003-0887 +Upstream-Status: Inactive-Upstream [lastcommit: 2002] +Signed-off-by: Gyorgy Sarvari +--- + example-dhs.conf | 2 +- + example-dyndns.conf | 2 +- + example-dyns.conf | 2 +- + example-easydns.conf | 2 +- + example-gnudip.conf | 2 +- + example-heipv6tb.conf | 2 +- + example-justlinux.conf | 2 +- + example-ods.conf | 2 +- + example-pgpow.conf | 2 +- + example-tzo.conf | 2 +- + 10 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/example-dhs.conf b/example-dhs.conf +index 3fe9a04..f976ae5 100755 +--- a/example-dhs.conf ++++ b/example-dhs.conf +@@ -11,7 +11,7 @@ host=mydomain.whatever.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-dyndns.conf b/example-dyndns.conf +index f539dec..84b4807 100755 +--- a/example-dyndns.conf ++++ b/example-dyndns.conf +@@ -19,7 +19,7 @@ max-interval=2073600 + #cache-file=/etc/ez-ipupdate.cache.eth1 + + # for the mean time we'll just use a cache file in the temp directory +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-dyns.conf b/example-dyns.conf +index 868768d..856a4d7 100644 +--- a/example-dyns.conf ++++ b/example-dyns.conf +@@ -11,7 +11,7 @@ host=myhost + #interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-#cache-file=/tmp/ez-ipupdate.cache ++#cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-easydns.conf b/example-easydns.conf +index 0ff20da..15d9b78 100755 +--- a/example-easydns.conf ++++ b/example-easydns.conf +@@ -11,7 +11,7 @@ host=mydomain.whatever.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-gnudip.conf b/example-gnudip.conf +index 3b2fb63..d09df1f 100755 +--- a/example-gnudip.conf ++++ b/example-gnudip.conf +@@ -15,7 +15,7 @@ max-interval=2073600 + #address=0.0.0.0 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-heipv6tb.conf b/example-heipv6tb.conf +index e31aa9c..3ebc822 100644 +--- a/example-heipv6tb.conf ++++ b/example-heipv6tb.conf +@@ -18,7 +18,7 @@ max-interval=2073600 + #cache-file=/etc/ez-ipupdate.cache.eth1 + + # for the mean time we'll just use a cache file in the temp directory +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-justlinux.conf b/example-justlinux.conf +index 0afeb2c..28b3327 100755 +--- a/example-justlinux.conf ++++ b/example-justlinux.conf +@@ -11,7 +11,7 @@ host=mydomain.penguinpowered.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-ods.conf b/example-ods.conf +index d0ff889..7b16f2c 100755 +--- a/example-ods.conf ++++ b/example-ods.conf +@@ -11,7 +11,7 @@ host=mydomain.ods.org + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-pgpow.conf b/example-pgpow.conf +index 29a92d6..81e351b 100755 +--- a/example-pgpow.conf ++++ b/example-pgpow.conf +@@ -11,7 +11,7 @@ host=mydomain.penguinpowered.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-tzo.conf b/example-tzo.conf +index 2a71db3..10b8dc4 100755 +--- a/example-tzo.conf ++++ b/example-tzo.conf +@@ -15,7 +15,7 @@ max-interval=2073600 + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it From patchwork Fri Feb 6 08:20:46 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80546 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B5A36EB28F0 for ; Fri, 6 Feb 2026 08:21:00 +0000 (UTC) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.6909.1770366054081313606 for ; Fri, 06 Feb 2026 00:20:54 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=QeGGSGOB; spf=pass (domain: gmail.com, ip: 209.85.221.53, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-4359a302794so261646f8f.1 for ; Fri, 06 Feb 2026 00:20:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770366052; x=1770970852; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=QM6m2n3rwOCk2Lq3o+3cI06oukbrohDvjYpDy2EZXJ4=; b=QeGGSGOBHh9VEtBO9JjrSIN4WwPQ3LDaSfbaFFjjDsYnv0nCpcNYrX9Xel7HVr8wmq NBHicBkIYLu1EON68efMFT2sxNB7rjt8CME2qUA4MDKfW3BQ2yY7L1yS32XYI3f407Cs R1yztAoF3Y3u+RGDnTMuX5fMsjNRWTwauHA5SQZjgDVkSNfhyoXX2mkLfvLcTz0PZJvj xs13VMBMqOtPfSB/X26LfC4sC+B9n4EusprGySrDg8Jl1aYMQIcYTQfYNs6DTCkP1sXm zUiUXkzeuDOGcrbHErQqEdnPFML81n7hSbYB0eL83M2QSJKGBdTDxSn9AOcx5/G2jkyr 2LMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770366052; x=1770970852; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=QM6m2n3rwOCk2Lq3o+3cI06oukbrohDvjYpDy2EZXJ4=; b=mti5dWkkGWP3c6Q7IFybVCFr08k8mq94VvNfvVflAeiEs6yzeX6wNDW+X2oKe7xcKX EELO7pzCFR3Wfg1eN1WxN4C3cV/AOR1ql//rHTdYKShSRWCv4Hmuh9m+02GcbeMCOrQe o6cAK0S5vM8pTzapb0VNElOIp2Z6AUrQ/AqbHI8KrWJbnY8DpqttjPpg13L04srUABO7 m2sMFzgZ+tk4gnSJ9+MZAE+4pDtLLzJWhaxcAMNJjthJ6fDR9K1iXolxcuqbSTuzmoUf IloB5de0A9wowkMu6dI2Ze78NAdvWgmLIWg7d5mLAPC/p6n1W5mV5pH981hgrVbImF+g STSg== X-Gm-Message-State: AOJu0YzYxB8JW7MG1r7bQ1qpOYPNRrHvcZN0NKpFjcrZup6OiGOSXq84 SwkEFevBRw/g/lMrlrKPs5tw5DQYplefDsauZ/4pL+jsdvvW/71mzwvLx/OHSQ== X-Gm-Gg: AZuq6aIGCvf+yfkMK6/+m5NS2SYF9mLtDGFqHFSvHstnF7AaDwF8lQAj4fB23Uvr26o 6kCUe+0sEwzUXj7ACnIS+MsJx0u2uSS+LxaE0FVJe2Dgn686F7gI9nEwWkNT7lWJgIynFcv05N8 YMV+E3gNtsY2p7LETqkkn3boodhCbns5TG+lFdekEjwfXJRaojk3OPfnENMmxqY1wEMEZu6+9Dr k/YCJyXcnNGLGna0OUX/9rUdre2iazBCIu/+ncUamuaPWHzsDqVjtIIXU42xx0yd8WOQv6i0i28 levP+1Q9jRahPisyaXWaFDTNu1Fw/0P9DPVSWELZm8PZ7thPsgbyZ+74sxXXxiF1xsK2laUj2qn Y9G2YD3c/NeIzDnFk2uX3cCJLoY+D6BGjNkv6PPbDtg60Xgbn1eyBQvEkTawkLP4xQO6pQmxqWy lH3SXW7wAi X-Received: by 2002:a05:6000:2384:b0:435:bbde:dd43 with SMTP id ffacd0b85a97d-4362938efb9mr3008528f8f.61.1770366052331; Fri, 06 Feb 2026 00:20:52 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4362975ac28sm4332200f8f.42.2026.02.06.00.20.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Feb 2026 00:20:52 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 6/8] freerdp: ignore CVE-2025-68118 Date: Fri, 6 Feb 2026 09:20:46 +0100 Message-ID: <20260206082048.1442403-6-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260206082048.1442403-1-skandigraun@gmail.com> References: <20260206082048.1442403-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Feb 2026 08:21:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124235 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68118 The vulnerability is specific to the usage of Microsoft specific sprintf implementation. Because of this, ignore this vulnerability. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit 1b4b952b5127ed9c35cae0c6cfd6e1133c79a946) Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb index d0d7d28b55..d51700c81b 100644 --- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb +++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb @@ -94,3 +94,4 @@ python populate_packages:prepend () { } CVE_STATUS[CVE-2024-32662] = "fixed-version: 2.x is not affected, bug was introduced in 3.0.0" +CVE_STATUS[CVE-2025-68118] = "not-applicable-platform: Windows-only vulnerability" From patchwork Fri Feb 6 08:20:47 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80551 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2A58EB28F5 for ; Fri, 6 Feb 2026 08:21:00 +0000 (UTC) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.7172.1770366054700061849 for ; Fri, 06 Feb 2026 00:20:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=NZqf4BMl; spf=pass (domain: gmail.com, ip: 209.85.221.53, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-435f177a8f7so422794f8f.1 for ; Fri, 06 Feb 2026 00:20:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770366053; x=1770970853; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=paKCNaaCo/8EvZk3KCyvxh1zHh7SIcG/6dB8TaNopzM=; b=NZqf4BMlrTeI3fqHWScaKo7lI4NC6qHM0GBZYNlRELERpONXnjZq2C8qSrtgAlKqJD D6okPNOon7LDiUj2nHS4iZI3ILsLTXPQP3Ib1v6eRpfMsbJF7+DjAEvJKK18ag56AL0d HF09oe5moRMbgKdol01BEfg6A4es3CNE4VhKunvUdYupnc2P25vLwe+sgZC4hhcO7XNP A7ao+y+LPgUp4WBhqqElW79ZceMtiQaRhkzyCJd9tly1uTCh2ip3dVsDjak3/0H9Jtd2 lAuBes8gU80IJGebHSbB4iGsDPiDq88bqSf6kY4i+MF1C2bMRDKWb//xdQRtvKeA5ryV YZ0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770366053; x=1770970853; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=paKCNaaCo/8EvZk3KCyvxh1zHh7SIcG/6dB8TaNopzM=; b=RKwWtDlxQncb6/PDPgTPrkzdgmw9K5fVuc8OSitVuWlBQBeW0iqV5U2b8ojtp2ceWC P4T/zVm+EIUMwyo5VgzxzT3SOhm5GhVMdmySmV4dYFa6NQAsXOe/6dr1o9TLSjacTj6d MZLO9OasLbRnkZ0c8LRMnsh2KckJKQ2Qf/kQ173uoAavDFMWFW2fdrz/RiCNw9uzDw/y 7CaytU1VNgP0STrmjBxFpx+ayWCB2eyA6ZopDbR2Pke+7TYfzmvo1tHnAMRH/sKvQeTf pghw2BH5p0qr+Vja9ySnK0KoiPTyAU1vkmo0Cu9Ogz0gpAdTc4H73m6La1hAbz+V8jJl x17Q== X-Gm-Message-State: AOJu0YzJDM+U+iiR+6nFmx2/ktpfos7I8W3tH6Q0GUd+Q9nCTjUn08RE IFzorOtxb5Upj1yMOwKVTj2CqFNhcSp5N83wsB0Ws6XTwogFjPGQo47DfIW4Zw== X-Gm-Gg: AZuq6aIjsGy1n6hvDurfebnhl17m/Xf41tOmsK/URysB3mTW3LNi9sBsyiozepoevAV mr5KEEjJQ5H1lonymdiOXlNdlzcjf6m/Z3kZhK3wH/C0MAdcu7eY13nxx1yxiI9bre0jmlpxkWw i5E+dk5VzGDUDkbVodD4XfvXZ0MQxSp+2r8dKE5IOuvYWXM0YphojC1ARzPO/R+S/mgMXa9TyOU dXEcnd2fG+0lg/Eq9pLcmm8gy9lyOmdAzwGYZzVHIeF+QxNnak/AL1/f3UbRNsJhB64YRNL54tS f/dEYBIHxsygkjAwEUQ4WRUy2PvZV1fyaRNZD5IsqB8Fv4VXjp0Z37dWXHRac4KSui3kPXxGFtk FCIl1+fdIrdcuFkCBn17/4DtFEv7ORSUmYB7lLYTA9R2KL+CBvdkxGFexLCOAA7/w+aqGHn3llT 4cCtmsG7GD X-Received: by 2002:a5d:64c7:0:b0:435:db95:c2d3 with SMTP id ffacd0b85a97d-43629386506mr2884429f8f.36.1770366052999; Fri, 06 Feb 2026 00:20:52 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4362975ac28sm4332200f8f.42.2026.02.06.00.20.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Feb 2026 00:20:52 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 7/8] gimp: ignore CVE-2025-14423 Date: Fri, 6 Feb 2026 09:20:47 +0100 Message-ID: <20260206082048.1442403-7-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260206082048.1442403-1-skandigraun@gmail.com> References: <20260206082048.1442403-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Feb 2026 08:21:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124236 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14423 The vulnerability is about parsing LBM files, however this feature was introduced in verison 3.0[1], and the current recipe version is not vulnerable. [1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/222bef78c71ed8562a610f6863d56c0b3e2bef68 Signed-off-by: Gyorgy Sarvari --- meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb index 36b0712976..8aa5ee09cb 100644 --- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb +++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb @@ -76,4 +76,5 @@ FILES:${PN} += "${datadir}/metainfo" RDEPENDS:${PN} += "mypaint-brushes-1.0" CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux" -CVE_STATUS[CVE-2025-48796] = "cpe-incorrect: The current version (2.10.38) is not affected." \ No newline at end of file +CVE_STATUS[CVE-2025-48796] = "cpe-incorrect: The current version (2.10.38) is not affected." +CVE_STATUS[CVE-2025-14423] = "cpe-incorrect: The vulnerability was introduced in v3.0" From patchwork Fri Feb 6 08:20:48 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 80549 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C218DEB28F4 for ; Fri, 6 Feb 2026 08:21:00 +0000 (UTC) Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.7173.1770366055336037536 for ; Fri, 06 Feb 2026 00:20:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=GaqedhHT; spf=pass (domain: gmail.com, ip: 209.85.221.45, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-4362507f0bcso920965f8f.0 for ; Fri, 06 Feb 2026 00:20:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770366054; x=1770970854; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fDtmuDg2pD5nDYocxUiZmrWfXJis8AsBIXN9/70VxHk=; b=GaqedhHT93JbacXGO5OsrOSYkZF+BE+Hc5O5g7TUP0Y8HYTJxQBOX1qnTqqOnvZ/XP vWbyFTii9kM/BigjaSm5E99+JeMWHr1Jp/zJ3xqXypUGWQ28vObNx/gN0Dhr/ePQ74X4 qFMFNfZa/uETfTwenjhMCxVmA2hgnDL4fgbHmB/LoxT029RQXjnj1Q4SppAplQ/ChCTF AMjxpC9zEtFjQHFNlJcvak1xFKAy0ZECTbF9f9wTRjI46ueMTwEqUz+4x0s+eK3ShPEx JFICUhJEiH4FfFWsDl55D/0c70an0R+XL9Ldql8G4b43BewmVP+OADNwwgWtw87rDb36 vYJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770366054; x=1770970854; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=fDtmuDg2pD5nDYocxUiZmrWfXJis8AsBIXN9/70VxHk=; b=nxzPpSaYr4PmW+T9SwvV2H0YgNtaO/2jXrNTR2SEucN7kVxH6beeKg3iwFF2zbUASN s9QVGOTDo9pD+dyF6TqMNTe4FAKTlN355K/FdPsm74iFpSu814eGFzFy6OgY7QAxArNw Xd5O875oCfkkmRoPM5yrt9oxPWktqVXExSxilltjT4c9/GrpHvmPnFbONKlhe3mDBEFw Or090K6A0AhDx0ApDzXw5aNCjUaB0ajBYdSzRTnxngHxNQgWOmbBEEeFjCEeTfsw2KgR jsMazAsxbZYlv1KmxLrs/GlQFSdd7D/YRDBopfUTb2n0LPM3lPprN/ipyEcEPAYOBIJm Sc5A== X-Gm-Message-State: AOJu0YyBdN7quRuT4eZiovryL3dZv8b8/3FAlmFLPoTWNAKvPxAb0whi KHGoGXod5Rg6F/YM2X65svitFcBVOHj4swyLVDAVcz6k1N+eqIB7+VUuxzDhGg== X-Gm-Gg: AZuq6aKQ7teuZImPXq+tj9+mYmONYoTrF1FjvxxfBidXB6xEQ0WkNG8vq2wHdp+s91P Rz1fEbXAauyGydvZ35SKPdWkBFCIvQAtLQZWzTi8pXI2JxK8MUS/W4ur+8tCUqXOxx3x6LZKDhM iwoAa0COSTPui8Jyi6bwLAViPGR/Ny2PRaL8YGj4dcnylsHd0nkKtZFTXGYs+7BX2pAPckan5m0 QgY22J9F3sHa9p5eeWAZ2wQR1mqc9z8jKn5HBpHHDtIM2D2qXDVkwK91US2LilmwtDxFQdx1g1l H7BJPhwwMIp97IhmdqhbHs1xeRaSEHxBKb8B/SJVop/mQBTOOWEKPXQWzqTwlX99R3J6B7sBD8t kbEdfoHM82dsPK3DkeixJ9tNt93DvymboiQDxlJx7USoFl+oKox68hGb5NXR6BhpVvSwBHVYA3m +T/1v8ewuPME1jw5qbi0Q= X-Received: by 2002:a05:6000:1787:b0:432:b953:b02b with SMTP id ffacd0b85a97d-436209bfd5amr10379788f8f.16.1770366053635; Fri, 06 Feb 2026 00:20:53 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-4362975ac28sm4332200f8f.42.2026.02.06.00.20.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Feb 2026 00:20:53 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][scarthgap][PATCH 8/8] gnome-settings-daemon: ignore CVE-2024-38394 Date: Fri, 6 Feb 2026 09:20:48 +0100 Message-ID: <20260206082048.1442403-8-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260206082048.1442403-1-skandigraun@gmail.com> References: <20260206082048.1442403-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 06 Feb 2026 08:21:00 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124237 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-38394 The CVE has the disputed flag. The project maintainers claim that the issue is not in gnome-setttings-daemon. If the vulnerability needs to be handled in gnome-settings-daemon, than it is a new feature rather than a vulnerability fix. Due to this, ignore this CVE. Signed-off-by: Gyorgy Sarvari --- .../gnome-settings-daemon/gnome-settings-daemon_46.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_46.0.bb b/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_46.0.bb index d409e77eae..7e3afa7998 100644 --- a/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_46.0.bb +++ b/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_46.0.bb @@ -48,3 +48,5 @@ FILES:${PN} += " \ ${systemd_user_unitdir} \ ${libdir}/gnome-settings-daemon-${@gnome_verdir("${PV}")}/libgsd.so \ " + +CVE_STATUS[CVE-2024-38394] = "disputed: mitigation would be a new feature, not a CVE"